crypto/mbedtls: Add support for mbedtls 3.x

 - mbedtls 2.8.x is getting out of support: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.10
 - Clone mbedtls 3.6.x instead of 2.8.x via CMake dependencies
 - Add related code to mbedtls usage keeping the 2.8.x support intact under mbedtsl version macros

Author: vikramdattu

CMake/Dependencies/libmbedtls-CMakeLists.txt

@@ -21,7 +21,7 @@ message(STATUS "C flags here are ${CMAKE_C_FLAGS}")
 ExternalProject_Add(
   project_libmbedtls
   GIT_REPOSITORY  https://github.com/ARMmbed/mbedtls.git
-  GIT_TAG         v2.28.8
+  GIT_TAG         v3.6.0
   GIT_PROGRESS    TRUE
   GIT_SHALLOW     TRUE
   PREFIX          ${CMAKE_CURRENT_BINARY_DIR}/build

src/source/Crypto/Crypto.h

@@ -32,10 +32,14 @@ typedef enum {
     KVS_SRTP_PROFILE_AES128_CM_HMAC_SHA1_32 = SRTP_AES128_CM_SHA1_32,
 } KVS_SRTP_PROFILE;
 #elif KVS_USE_MBEDTLS
-#define KVS_RSA_F4                  0x10001L
-#define KVS_MD5_DIGEST_LENGTH       16
-#define KVS_SHA1_DIGEST_LENGTH      20
+#define KVS_RSA_F4             0x10001L
+#define KVS_MD5_DIGEST_LENGTH  16
+#define KVS_SHA1_DIGEST_LENGTH 20
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+#define KVS_MD5_DIGEST(m, mlen, ob) mbedtls_md5((m), (mlen), (ob));
+#else
 #define KVS_MD5_DIGEST(m, mlen, ob) mbedtls_md5_ret((m), (mlen), (ob));
+#endif
 #define KVS_SHA1_HMAC(k, klen, m, mlen, ob, plen)                                                                                                    \
     CHK(0 == mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1), (k), (klen), (m), (mlen), (ob)), STATUS_HMAC_GENERATION_ERROR);             \
     *(plen) = mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1));

src/source/Crypto/Dtls.h

@@ -208,9 +208,17 @@ INT32 dtlsSessionSendCallback(PVOID, const unsigned char*, ULONG);
 INT32 dtlsSessionReceiveCallback(PVOID, unsigned char*, ULONG);
 VOID dtlsSessionSetTimerCallback(PVOID, UINT32, UINT32);
 INT32 dtlsSessionGetTimerCallback(PVOID);
+
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+VOID dtlsSessionKeyDerivationCallback(PVOID customData, mbedtls_ssl_key_export_type secret_type, const unsigned char* pMasterSecret,
+                                      SIZE_T pMasterSecretLen, const unsigned char clientRandom[MAX_DTLS_RANDOM_BYTES_LEN],
+                                      const unsigned char serverRandom[MAX_DTLS_RANDOM_BYTES_LEN], mbedtls_tls_prf_types tlsProfile);
+#else
 INT32 dtlsSessionKeyDerivationCallback(PVOID, const unsigned char*, const unsigned char*, ULONG, ULONG, ULONG,
                                        const unsigned char[MAX_DTLS_RANDOM_BYTES_LEN], const unsigned char[MAX_DTLS_RANDOM_BYTES_LEN],
                                        mbedtls_tls_prf_types);
+#endif
+
 #else
 #error "A Crypto implementation is required."
 #endif

src/source/Crypto/Dtls_mbedtls.c

@@ -8,6 +8,11 @@ mbedtls_ssl_srtp_profile DTLS_SRTP_SUPPORTED_PROFILES[] = {
     MBEDTLS_TLS_SRTP_UNSET,
 };
 
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+static mbedtls_ctr_drbg_context ctr_drbg;
+static mbedtls_entropy_context entropy;
+#endif
+
 STATUS createDtlsSession(PDtlsSessionCallbacks pDtlsSessionCallbacks, TIMER_QUEUE_HANDLE timerQueueHandle, INT32 certificateBits,
                          BOOL generateRSACertificate, PRtcCertificate pRtcCertificates, PDtlsSession* ppDtlsSession)
 {
@@ -229,6 +234,32 @@ STATUS dtlsTransmissionTimerCallback(UINT32 timerID, UINT64 currentTime, UINT64
     return retStatus;
 }
 
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+VOID dtlsSessionKeyDerivationCallback(PVOID customData, mbedtls_ssl_key_export_type secret_type, const unsigned char* pMasterSecret,
+                                      SIZE_T pMasterSecretLen, const unsigned char clientRandom[MAX_DTLS_RANDOM_BYTES_LEN],
+                                      const unsigned char serverRandom[MAX_DTLS_RANDOM_BYTES_LEN], mbedtls_tls_prf_types tlsProfile)
+{
+    ENTERS();
+
+    /* We're only interested in the TLS 1.2 master secret */
+    if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) {
+        DLOGE("Secret type is not matching...");
+    }
+
+    PDtlsSession pDtlsSession = (PDtlsSession) customData;
+    PTlsKeys pKeys = &pDtlsSession->tlsKeys;
+
+    if (pMasterSecretLen != sizeof(pKeys->masterSecret)) {
+        DLOGE("Length check failed, pMasterSecretLen = %d, sizeof(pKeys->masterSecret) = %d\n", pMasterSecretLen, sizeof(pKeys->masterSecret));
+    }
+
+    MEMCPY(pKeys->masterSecret, pMasterSecret, pMasterSecretLen);
+    MEMCPY(pKeys->randBytes, clientRandom, MAX_DTLS_RANDOM_BYTES_LEN);
+    MEMCPY(pKeys->randBytes + MAX_DTLS_RANDOM_BYTES_LEN, serverRandom, MAX_DTLS_RANDOM_BYTES_LEN);
+    pKeys->tlsProfile = tlsProfile;
+    LEAVES();
+}
+#else
 INT32 dtlsSessionKeyDerivationCallback(PVOID customData, const unsigned char* pMasterSecret, const unsigned char* pKeyBlock, ULONG maclen,
                                        ULONG keylen, ULONG ivlen, const unsigned char clientRandom[MAX_DTLS_RANDOM_BYTES_LEN],
                                        const unsigned char serverRandom[MAX_DTLS_RANDOM_BYTES_LEN], mbedtls_tls_prf_types tlsProfile)
@@ -247,6 +278,7 @@ INT32 dtlsSessionKeyDerivationCallback(PVOID customData, const unsigned char* pM
     LEAVES();
     return 0;
 }
+#endif
 
 STATUS dtlsSessionHandshakeInThread(PDtlsSession pDtlsSession, BOOL isServer)
 {
@@ -287,11 +319,18 @@ STATUS dtlsSessionStart(PDtlsSession pDtlsSession, BOOL isServer)
     }
     mbedtls_ssl_conf_dtls_cookies(&pDtlsSession->sslCtxConfig, NULL, NULL, NULL);
     CHK(mbedtls_ssl_conf_dtls_srtp_protection_profiles(&pDtlsSession->sslCtxConfig, DTLS_SRTP_SUPPORTED_PROFILES) == 0, STATUS_CREATE_SSL_FAILED);
+
+#if MBEDTLS_VERSION_NUMBER < 0x03000000
     mbedtls_ssl_conf_export_keys_ext_cb(&pDtlsSession->sslCtxConfig, dtlsSessionKeyDerivationCallback, pDtlsSession);
+#endif
 
     CHK(mbedtls_ssl_setup(&pDtlsSession->sslCtx, &pDtlsSession->sslCtxConfig) == 0, STATUS_SSL_CTX_CREATION_FAILED);
     mbedtls_ssl_set_mtu(&pDtlsSession->sslCtx, DEFAULT_MTU_SIZE_BYTES);
     mbedtls_ssl_set_bio(&pDtlsSession->sslCtx, pDtlsSession, dtlsSessionSendCallback, dtlsSessionReceiveCallback, NULL);
+
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+    mbedtls_ssl_set_export_keys_cb(&pDtlsSession->sslCtx, dtlsSessionKeyDerivationCallback, pDtlsSession);
+#endif
     mbedtls_ssl_set_timer_cb(&pDtlsSession->sslCtx, &pDtlsSession->transmissionTimer, dtlsSessionSetTimerCallback, dtlsSessionGetTimerCallback);
 
     // Start non-blocking handshaking
@@ -363,7 +402,11 @@ STATUS dtlsSessionProcessPacket(PDtlsSession pDtlsSession, PBYTE pData, PINT32 p
         }
     }
 
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+    if (pDtlsSession->sslCtx.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_HANDSHAKE_OVER) {
+#else
     if (pDtlsSession->sslCtx.state == MBEDTLS_SSL_HANDSHAKE_OVER) {
+#endif
         CHK_STATUS(dtlsSessionChangeState(pDtlsSession, RTC_DTLS_TRANSPORT_STATE_CONNECTED));
     }
 
@@ -505,7 +548,11 @@ STATUS dtlsSessionPopulateKeyingMaterial(PDtlsSession pDtlsSession, PDtlsKeyingM
     MEMCPY(pDtlsKeyingMaterial->serverWriteKey + MAX_SRTP_MASTER_KEY_LEN, &keyingMaterialBuffer[offset], MAX_SRTP_SALT_KEY_LEN);
 
     mbedtls_ssl_get_dtls_srtp_negotiation_result(&pDtlsSession->sslCtx, &negotiatedSRTPProfile);
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+    switch (negotiatedSRTPProfile.MBEDTLS_PRIVATE(chosen_dtls_srtp_profile)) {
+#else
     switch (negotiatedSRTPProfile.chosen_dtls_srtp_profile) {
+#endif
         case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
             pDtlsKeyingMaterial->srtpProfile = KVS_SRTP_PROFILE_AES128_CM_HMAC_SHA1_80;
             break;
@@ -517,9 +564,11 @@ STATUS dtlsSessionPopulateKeyingMaterial(PDtlsSession pDtlsSession, PDtlsKeyingM
     }
 
 CleanUp:
+
     if (locked) {
         MUTEX_UNLOCK(pDtlsSession->sslLock);
     }
+    CHK_LOG_ERR(retStatus);
 
     LEAVES();
     return retStatus;
@@ -561,15 +610,33 @@ STATUS copyCertificateAndKey(mbedtls_x509_crt* pCert, mbedtls_pk_context* pKey,
     BOOL initialized = FALSE;
     mbedtls_ecp_keypair *pSrcECP, *pDstECP;
 
+#if (MBEDTLS_VERSION_NUMBER >= 0x03000000)
+    mbedtls_entropy_init(&entropy);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+    int mbedtls_ctr_ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0);
+    if (mbedtls_ctr_ret != 0) {
+        DLOGE("mbedtls_ctr_drbg_seed failed");
+        CHK(mbedtls_ctr_ret == 0, STATUS_CERTIFICATE_GENERATION_FAILED);
+    }
+#endif
+
     CHK(pCert != NULL && pKey != NULL && pDst != NULL, STATUS_NULL_ARG);
+#if MBEDTLS_VERSION_NUMBER < 0x03000000
     CHK(mbedtls_pk_check_pair(&pCert->pk, pKey) == 0, STATUS_CERTIFICATE_GENERATION_FAILED);
+#else
+    CHK(mbedtls_pk_check_pair(&pCert->pk, pKey, mbedtls_ctr_drbg_random, &ctr_drbg) == 0, STATUS_CERTIFICATE_GENERATION_FAILED);
+#endif
 
     mbedtls_x509_crt_init(&pDst->cert);
     mbedtls_pk_init(&pDst->privateKey);
     initialized = TRUE;
 
     CHK(mbedtls_x509_crt_parse_der(&pDst->cert, pCert->raw.p, pCert->raw.len) == 0, STATUS_CERTIFICATE_GENERATION_FAILED);
+#if MBEDTLS_VERSION_NUMBER < 0x03000000
     CHK(mbedtls_pk_setup(&pDst->privateKey, pKey->pk_info) == 0, STATUS_CERTIFICATE_GENERATION_FAILED);
+#else
+    CHK(mbedtls_pk_setup(&pDst->privateKey, pKey->MBEDTLS_PRIVATE(pk_info)) == 0, STATUS_CERTIFICATE_GENERATION_FAILED);
+#endif
 
     switch (mbedtls_pk_get_type(pKey)) {
         case MBEDTLS_PK_RSA:
@@ -579,9 +646,16 @@ STATUS copyCertificateAndKey(mbedtls_x509_crt* pCert, mbedtls_pk_context* pKey,
         case MBEDTLS_PK_ECDSA:
             pSrcECP = mbedtls_pk_ec(*pKey);
             pDstECP = mbedtls_pk_ec(pDst->privateKey);
+#if MBEDTLS_VERSION_NUMBER < 0x03000000
             CHK(mbedtls_ecp_group_copy(&pDstECP->grp, &pSrcECP->grp) == 0 && mbedtls_ecp_copy(&pDstECP->Q, &pSrcECP->Q) == 0 &&
                     mbedtls_mpi_copy(&pDstECP->d, &pSrcECP->d) == 0,
                 STATUS_CERTIFICATE_GENERATION_FAILED);
+#else
+            CHK(mbedtls_ecp_group_copy(&pDstECP->MBEDTLS_PRIVATE(grp), &pSrcECP->MBEDTLS_PRIVATE(grp)) == 0 &&
+                    mbedtls_ecp_copy(&pDstECP->MBEDTLS_PRIVATE(Q), &pSrcECP->MBEDTLS_PRIVATE(Q)) == 0 &&
+                    mbedtls_mpi_copy(&pDstECP->MBEDTLS_PRIVATE(d), &pSrcECP->MBEDTLS_PRIVATE(d)) == 0,
+                STATUS_CERTIFICATE_GENERATION_FAILED);
+#endif
             break;
         default:
             CHK(FALSE, STATUS_CERTIFICATE_GENERATION_FAILED);
@@ -598,6 +672,29 @@ STATUS copyCertificateAndKey(mbedtls_x509_crt* pCert, mbedtls_pk_context* pKey,
     return retStatus;
 }
 
+#if !(defined(MBEDTLS_BIGNUM_C) && !defined(MBEDTLS_DEPRECATED_REMOVED))
+int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert* ctx, const mbedtls_mpi* serial)
+{
+    int ret;
+    size_t tmp_len;
+
+    /* Ensure that the MPI value fits into the buffer */
+    tmp_len = mbedtls_mpi_size(serial);
+    if (tmp_len > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
+
+    ctx->MBEDTLS_PRIVATE(serial_len) = tmp_len;
+
+    ret = mbedtls_mpi_write_binary(serial, ctx->MBEDTLS_PRIVATE(serial), tmp_len);
+    if (ret < 0) {
+        return ret;
+    }
+
+    return 0;
+}
+#endif // MBEDTLS_BIGNUM_C && !MBEDTLS_DEPRECATED_REMOVED
+
 /**
  * createCertificateAndKey generates a new certificate and a key
  * If generateRSACertificate is true, RSA is going to be used for the key generation. Otherwise, ECDSA is going to be used.
@@ -732,7 +829,11 @@ STATUS dtlsCertificateFingerprint(mbedtls_x509_crt* pCert, PCHAR pBuff)
     pMdInfo = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
     CHK(pMdInfo != NULL, STATUS_INTERNAL_ERROR);
 
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+    sslRet = mbedtls_sha256(pCert->raw.p, pCert->raw.len, fingerprint, 0);
+#else
     sslRet = mbedtls_sha256_ret(pCert->raw.p, pCert->raw.len, fingerprint, 0);
+#endif
     CHK(sslRet == 0, STATUS_INTERNAL_ERROR);
 
     size = mbedtls_md_get_size(pMdInfo);

src/source/Crypto/Tls_mbedtls.c

@@ -171,8 +171,11 @@ STATUS tlsSessionProcessPacket(PTlsSession pTlsSession, PBYTE pData, UINT32 buff
             iterate = FALSE;
         }
     }
-
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+    if (pTlsSession->sslCtx.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_HANDSHAKE_OVER) {
+#else
     if (pTlsSession->sslCtx.state == MBEDTLS_SSL_HANDSHAKE_OVER) {
+#endif
         tlsSessionChangeState(pTlsSession, TLS_SESSION_STATE_CONNECTED);
     }
 

src/source/Include_i.h

@@ -39,7 +39,9 @@ extern "C" {
 #include <mbedtls/entropy.h>
 #include <mbedtls/ctr_drbg.h>
 #include <mbedtls/error.h>
+#if MBEDTLS_VERSION_NUMBER < 0x03000000
 #include <mbedtls/certs.h>
+#endif
 #include <mbedtls/sha256.h>
 #include <mbedtls/md5.h>
 #endif