commit 359167d3a2fe109adb9fae3a086864489fdc1005
author Summer Qin <summer.qin@arm.com> Mon Jul 05 18:11:50 2021 +0800
committer Ken Liu <ken.liu@arm.com> Wed Jul 21 09:22:38 2021 +0200
tree 5771dce1c2764d8b54848c04edca93d0bf92972b
parent ed503e125fd3f6fcb7b7d2f820b7b6b064f61ebe

Crypto: Upgrade mbedtls to v3.0.0

- Remove deprecated macros and functions
- Enable SHA-224 cryptographic hash algorithm by 'define
MBEDTLS_SHA224_C'
- Enable SHA-384 cryptographic hash algorithm by 'define
MBEDTLS_SHA384_C'
- 'psa_cipher_encrypt' and 'psa_cipher_decrypt' is supported by
mbedtls-3.0.0
- 'psa_mac_compute' and 'psa_mac_verify' is supported by mbedtls-3.0.0
- mbedtls-3.0.0 changes some internal mbedtls apis' name, mcuboot needs
to align.

Change-Id: Ia868c93deceee6c8042607acf35ce2f4c9c15e35
Signed-off-by: Summer Qin <summer.qin@arm.com>

secure_fw/partitions/crypto/crypto_key.c

diff --git a/secure_fw/partitions/crypto/crypto_key.c b/secure_fw/partitions/crypto/crypto_key.c
index 6f0aea2..ec9bf0f 100644
--- a/secure_fw/partitions/crypto/crypto_key.c
+++ b/secure_fw/partitions/crypto/crypto_key.c
@@ -147,25 +147,30 @@
                     int32_t client_id,
                     psa_key_attributes_t *key_attributes)
 {
+    psa_core_key_attributes_t *core;
+
     if (client_key_attr == NULL || key_attributes == NULL) {
         return PSA_ERROR_PROGRAMMER_ERROR;
     }
 
     *key_attributes = psa_key_attributes_init();
+    core = &(key_attributes->MBEDTLS_PRIVATE(core));
 
     /* Copy core key attributes from the client core key attributes */
-    key_attributes->core.type = client_key_attr->type;
-    key_attributes->core.lifetime = client_key_attr->lifetime;
-    key_attributes->core.policy.usage = client_key_attr->usage;
-    key_attributes->core.policy.alg = client_key_attr->alg;
-    key_attributes->core.bits = client_key_attr->bits;
+    core->MBEDTLS_PRIVATE(type) = client_key_attr->type;
+    core->MBEDTLS_PRIVATE(lifetime) = client_key_attr->lifetime;
+    core->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) =
+                                                     client_key_attr->usage;
+    core->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) =
+                                                     client_key_attr->alg;
+    core->MBEDTLS_PRIVATE(bits) = client_key_attr->bits;
 
     /* Use the client key id as the key_id and its partition id as the owner */
 #ifdef CRYPTO_KEY_ID_ENCODES_OWNER
-    key_attributes->core.id.key_id = client_key_attr->id;
-    key_attributes->core.id.owner = client_id;
+    core->MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id) = client_key_attr->id;
+    core->MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = client_id;
 #else
-    key_attributes->core.id = client_key_attr->id;
+    core->MBEDTLS_PRIVATE(id) = client_key_attr->id;
 #endif
 
     return PSA_SUCCESS;
@@ -181,19 +186,20 @@
 
     struct psa_client_key_attributes_s v = PSA_CLIENT_KEY_ATTRIBUTES_INIT;
     *client_key_attr = v;
+    psa_core_key_attributes_t core = key_attributes->MBEDTLS_PRIVATE(core);
 
     /* Copy core key attributes from the client core key attributes */
-    client_key_attr->type = key_attributes->core.type;
-    client_key_attr->lifetime = key_attributes->core.lifetime;
-    client_key_attr->usage = key_attributes->core.policy.usage;
-    client_key_attr->alg = key_attributes->core.policy.alg;
-    client_key_attr->bits = key_attributes->core.bits;
+    client_key_attr->type = core.MBEDTLS_PRIVATE(type);
+    client_key_attr->lifetime = core.MBEDTLS_PRIVATE(lifetime);
+    client_key_attr->usage = core.MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage);
+    client_key_attr->alg = core.MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg);
+    client_key_attr->bits = core.MBEDTLS_PRIVATE(bits);
 
     /* Return the key_id as the client key id, do not return the owner */
 #ifdef CRYPTO_KEY_ID_ENCODES_OWNER
-    client_key_attr->id = key_attributes->core.id.key_id;
+    client_key_attr->id = core.MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id);
 #else
-    client_key_attr->id = key_attributes->core.id;
+    client_key_attr->id = core.MBEDTLS_PRIVATE(id);
 #endif
 
     return PSA_SUCCESS;
@@ -331,7 +337,7 @@
     status = psa_import_key(&key_attributes, data, data_length, &encoded_key);
     /* Update the imported key id */
 #ifdef CRYPTO_KEY_ID_ENCODES_OWNER
-    *psa_key = encoded_key.key_id;
+    *psa_key = encoded_key.MBEDTLS_PRIVATE(key_id);
 #else
     *psa_key = (psa_key_id_t)encoded_key;
 #endif
@@ -383,7 +389,7 @@
 
     status = psa_open_key(encoded_key, &encoded_key);
 #ifdef CRYPTO_KEY_ID_ENCODES_OWNER
-    *key = encoded_key.key_id;
+    *key = encoded_key.MBEDTLS_PRIVATE(key_id);
 #else
     *key = (psa_key_id_t)encoded_key;
 #endif
@@ -712,7 +718,7 @@
 
     status = psa_copy_key(encoded_key, &key_attributes, &target_key);
 #ifdef CRYPTO_KEY_ID_ENCODES_OWNER
-    *target_key_id = target_key.key_id;
+    *target_key_id = target_key.MBEDTLS_PRIVATE(key_id);
 #else
     *target_key_id = (psa_key_id_t)target_key;
 #endif
@@ -767,7 +773,7 @@
 
     status = psa_generate_key(&key_attributes, &encoded_key);
 #ifdef CRYPTO_KEY_ID_ENCODES_OWNER
-    *key_handle = encoded_key.key_id;
+    *key_handle = encoded_key.MBEDTLS_PRIVATE(key_id);
 #else
     *key_handle = (psa_key_id_t)encoded_key;
 #endif