crypto/mbedtls: Upgrade to v3.6.2

This upgrades mbedtls version to v3.6.2:
1. mbedtls repository changed to version v3.6.2
2. Removed tests that are no longer supported
3. Updated/modified gcm_mynewt API:
   a) Function mbedtls_gcm_update_add is removed, because now
      function mbedtls_gcm_update_ad from mbedtls upstream
      provides the same functionality.
   b) Due to internal mbedtls API changes mbedtls_gcm_setkey_noalloc
      function now needs one argument more, which is keybits.
      This argument specifies length of key in bits and should
      be set to 128, 192 or 256. Other values won't be accepted.
      In earlier version this could be extracted from
      mbedtls_cipher_info_t key_bitlen field, which is no longer
      the case - now it's 4 bit bitfield later processed by
      internal mbedtls macros.
   It probably would be possible to not break this APIs, but
   since a lot of mbedtls APIs where changed in new version
   it was assumed that migration changes in projects using mbedtls
   would be necessary anyway.

Author: m-gorecki

crypto/mbedtls/include/mbedtls/config_mynewt.h

@@ -501,6 +501,7 @@ extern "C" {
 #undef MBEDTLS_PSA_CRYPTO_SE_C
 #undef MBEDTLS_PSA_CRYPTO_STORAGE_C
 #undef MBEDTLS_PSA_ITS_FILE_C
+#undef MBEDTLS_LMS_C
 
 #ifdef __cplusplus
 }

crypto/mbedtls/include/mbedtls/gcm_mynewt.h

@@ -20,38 +20,16 @@
 #ifndef _GCM_MYNEWT_H_
 #define _GCM_MYNEWT_H_
 
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
 #include <mbedtls/gcm.h>
 
-/**
- * \brief           This function feeds an input buffer into an ongoing GCM
- *                  encryption or decryption operation as additional data.
- *                  This needs to be called before starting enc/dec
- *                  operations.
- *
- *    `             The function expects input to be a multiple of 16
- *                  Bytes. Only the last call before mbedtls_gcm_update() or
- *                  mbedtls_gcm_finish() can be less than 16 Bytes.
- *
- *
- * \param ctx       The GCM context.
- * \param length    The length of the input data. This must be a multiple of
- *                  16 except in the last call before mbedtls_gcm_finish().
- * \param input     The buffer holding the input ADD.
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
- */
-int mbedtls_gcm_update_add( mbedtls_gcm_context *ctx,
-                            size_t length,
-                            const unsigned char *input );
-
-
 /**
  * Same as mbedtls_gcm_setkey, but with preallocated memory for cipher algorithm context
  */
 int mbedtls_gcm_setkey_noalloc( mbedtls_gcm_context *ctx,
                                 const mbedtls_cipher_info_t *cipher_info,
                                 const unsigned char *key,
+                                unsigned int keybits,
                                 void *cipher_ctx);
 
 

crypto/mbedtls/pkg.yml

@@ -47,7 +47,7 @@ pkg.src_dirs:
 
 repository.mbedtls:
     type: github
-    vers: v2.28.9-commit
+    vers: v3.6.2-commit
     branch: master
     user: Mbed-TLS
     repo: mbedtls

crypto/mbedtls/selftest/src/mbedtls_test.c

@@ -27,7 +27,6 @@
 #include "mbedtls/sha256.h"
 #include "mbedtls/sha512.h"
 #include "mbedtls/aes.h"
-#include "mbedtls/arc4.h"
 #include "mbedtls/bignum.h"
 #include "mbedtls/ccm.h"
 #include "mbedtls/dhm.h"
@@ -41,7 +40,6 @@
 #include "mbedtls/ripemd160.h"
 #include "mbedtls/rsa.h"
 #include "mbedtls/x509.h"
-#include "mbedtls/xtea.h"
 #include "mbedtls/poly1305.h"
 #include "mbedtls/chacha20.h"
 #include "mbedtls/chachapoly.h"
@@ -53,7 +51,6 @@
 #include "mbedtls/timing.h"
 
 TEST_CASE_DECL(aes_test)
-TEST_CASE_DECL(arc4_test)
 TEST_CASE_DECL(aria_test)
 TEST_CASE_DECL(base64_test)
 TEST_CASE_DECL(bignum_test)
@@ -70,8 +67,6 @@ TEST_CASE_DECL(ecp_test)
 TEST_CASE_DECL(entropy_test)
 TEST_CASE_DECL(gcm_test)
 TEST_CASE_DECL(hmac_drbg_test)
-TEST_CASE_DECL(md2_test)
-TEST_CASE_DECL(md4_test)
 TEST_CASE_DECL(md5_test)
 TEST_CASE_DECL(memory_buffer_alloc_test)
 TEST_CASE_DECL(nist_kw_test)
@@ -82,15 +77,11 @@ TEST_CASE_DECL(rsa_test)
 TEST_CASE_DECL(sha1_test)
 TEST_CASE_DECL(sha256_test)
 TEST_CASE_DECL(sha512_test)
-TEST_CASE_DECL(timing_test)
-TEST_CASE_DECL(x509_test)
-TEST_CASE_DECL(xtea_test)
 TEST_CASE_DECL(gcm_mynewt_test)
 
 TEST_SUITE(mbedtls_test_all)
 {
     aes_test();
-    arc4_test();
     aria_test();
     base64_test();
     bignum_test();
@@ -107,8 +98,6 @@ TEST_SUITE(mbedtls_test_all)
     entropy_test();
     gcm_test();
     hmac_drbg_test();
-    md2_test();
-    md4_test();
     md5_test();
     nist_kw_test();
     pkcs5_test();
@@ -118,9 +107,6 @@ TEST_SUITE(mbedtls_test_all)
     sha1_test();
     sha256_test();
     sha512_test();
-    timing_test();
-    x509_test();
-    xtea_test();
     gcm_mynewt_test();
 }
 

crypto/mbedtls/selftest/src/mbedtls_test.h

@@ -25,7 +25,6 @@
 #include "testutil/testutil.h"
 
 #include "mbedtls/aes.h"
-#include "mbedtls/arc4.h"
 #include "mbedtls/aria.h"
 #include "mbedtls/base64.h"
 #include "mbedtls/bignum.h"
@@ -42,8 +41,6 @@
 #include "mbedtls/entropy.h"
 #include "mbedtls/gcm.h"
 #include "mbedtls/hmac_drbg.h"
-#include "mbedtls/md2.h"
-#include "mbedtls/md4.h"
 #include "mbedtls/md5.h"
 #include "mbedtls/nist_kw.h"
 #include "mbedtls/pkcs5.h"
@@ -53,9 +50,6 @@
 #include "mbedtls/sha1.h"
 #include "mbedtls/sha256.h"
 #include "mbedtls/sha512.h"
-#include "mbedtls/timing.h"
-#include "mbedtls/x509.h"
-#include "mbedtls/xtea.h"
 #include "gcm_mynewt.h"
 
 #ifdef __cplusplus

crypto/mbedtls/selftest/src/testcases/arc4_test.c

@@ -24,36 +24,32 @@ static const mbedtls_cipher_info_t *rsm_ucast_cipher;
 
 /* This contains both ADD and plaintext for encryption */
 static const uint8_t initial_data[110] = {
-    0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x11,
-    0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x21, 0x22,
-    0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x31, 0x32, 0x33,
-    0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x41, 0x42, 0x43, 0x44,
-    0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x51, 0x52, 0x53, 0x54, 0x55,
-    0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-    0x67, 0x68, 0x69, 0x6A, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
-    0x78, 0x79, 0x7A, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88,
-    0x89, 0x8A, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99,
-    0x9A, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9, 0xAA
+        0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A,
+        0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A,
+        0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A,
+        0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A,
+        0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A,
+        0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A,
+        0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
+        0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A,
+        0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8A,
+        0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9A,
+        0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9, 0xAA
 };
-
-static const uint8_t key[32] = { 0xC0, 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, 0xC0,
-                                 0x1A, 0xC0, 0xCA, 0xC0, 0x1A, 0xC0, 0xCA,
-                                 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, 0x1A, 0xC0,
-                                 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, 0x1A,
-                                 0xC0, 0xCA, 0xC0, 0x1A };
-
-static const uint8_t iv[12] = { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5,
-                                0x6, 0x7, 0x8, 0x9, 0xA, 0xB };
-
-static const uint8_t expected_tag[16] = { 0x05, 0x5D, 0x8E, 0xD4, 0xF9, 0x2A,
-                                          0x87, 0x87, 0x6F, 0x23, 0xF2, 0xE6,
-                                          0xF0, 0x1D, 0x6D, 0x5C };
+static const uint8_t key[32] = {
+        0xC0, 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, 0x1A,
+        0xC0, 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, 0x1A,
+        0xC0, 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, 0x1A,
+        0xC0, 0xCA, 0xC0, 0x1A, 0xC0, 0xCA, 0xC0, 0x1A
+};
+static const uint8_t iv[12] = { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xA, 0xB };
+static const uint8_t expected_tag[16] = { 0x05, 0x5D, 0x8E, 0xD4, 0xF9, 0x2A, 0x87, 0x87,
+                                          0x6F, 0x23, 0xF2, 0xE6, 0xF0, 0x1D, 0x6D, 0x5C };
 
 static uint8_t test_tag[16];
 static uint8_t test_buf[110];
 
-static int
-mbedtls_gcm_mynewt_test_crypt(uint8_t enc)
+static int mbedtls_gcm_mynewt_test_crypt(uint8_t enc)
 {
     int add_len = 40;
     mbedtls_gcm_context ctx;
@@ -63,22 +59,25 @@ mbedtls_gcm_mynewt_test_crypt(uint8_t enc)
     uint16_t off;
     uint16_t blklen;
     uint16_t totlen;
+    size_t len_check;
     int rc;
 
     if (rsm_ucast_cipher == NULL) {
-        rsm_ucast_cipher = mbedtls_cipher_info_from_values(MBEDTLS_CIPHER_ID_AES,
-                                                           256, MBEDTLS_MODE_ECB);
+        rsm_ucast_cipher =
+                mbedtls_cipher_info_from_values(MBEDTLS_CIPHER_ID_AES, 256,
+                                                MBEDTLS_MODE_ECB);
     }
 
     memset(&ctx, 0, sizeof(ctx));
     mbedtls_aes_init(&aes_ctx);
-    rc = mbedtls_gcm_setkey_noalloc(&ctx, rsm_ucast_cipher, key, &aes_ctx);
+    rc = mbedtls_gcm_setkey_noalloc(&ctx, rsm_ucast_cipher, key, 256, &aes_ctx);
     if (rc) {
         goto out;
     }
 
-    rc = mbedtls_gcm_starts(&ctx, enc == 1 ? MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT,
-                            iv, sizeof(iv), NULL, 0);
+    rc = mbedtls_gcm_starts(&ctx,
+                            enc == 1 ? MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT,
+                            iv, sizeof(iv));
     if (rc) {
         goto out;
     }
@@ -105,18 +104,26 @@ mbedtls_gcm_mynewt_test_crypt(uint8_t enc)
         }
 
         if (off < add_len) {
-            mbedtls_gcm_update_add(&ctx, blklen, ptr);
+            mbedtls_gcm_update_ad(&ctx, ptr, blklen);
         } else {
-            rc = mbedtls_gcm_update(&ctx, blklen, ptr, ptr);
+            rc = mbedtls_gcm_update(&ctx, ptr, blklen, ptr, blklen, &len_check);
             if (rc) {
                 goto out;
             }
+            if (len_check != blklen) {
+                rc = 1;
+                goto out;
+            }
         }
 
         off += blklen;
     }
 
-    rc = mbedtls_gcm_finish(&ctx, test_tag, sizeof(test_tag));
+    rc = mbedtls_gcm_finish(&ctx, NULL, 0, &len_check, test_tag, sizeof(test_tag));
+    if (len_check != 0) {
+        rc = 1;
+        goto out;
+    }
 out:
     memset(&ctx, 0, sizeof(ctx));
     mbedtls_aes_free(&aes_ctx);
@@ -138,5 +145,5 @@ TEST_CASE_SELF(gcm_mynewt_test)
     rc = mbedtls_gcm_mynewt_test_crypt(0);
     TEST_ASSERT(rc == 0);
     TEST_ASSERT(memcmp(test_tag, expected_tag, sizeof(test_tag)) == 0);
-    TEST_ASSERT(memcmp(test_buf, initial_data, sizeof(test_buf)) == 0);
+    TEST_ASSERT(memcmp(test_buf, initial_data, sizeof(initial_data)) == 0);
 }