Use upstream ArduinoBearSSL

manchoz · pennam · commit 3327700eb39c · 2024-01-04T14:47:54.000+01:00
diff --git a/examples/utility/SelfProvisioning/ECCX08Cert.cpp b/examples/utility/SelfProvisioning/ECCX08Cert.cpp
@@ -22,7 +22,7 @@
 #include <ArduinoIoTCloud.h>
 #include <ArduinoECCX08.h>
 #include "ECCX08Cert.h"
-#include "tls/utility/SHA256.h"
+#include <SHA256.h>
 
 /******************************************************************************
  * DEFINE
@@ -188,13 +188,14 @@ String ECCX08CertClass::endCSR() {
   *out++ = 0xa0;
   *out++ = 0x00;
 
-  SHA256 sha256;
-  byte csrInfoSha256[64];
+  SHA256Class sha256;
+  byte csrInfoSha256[SHA256_DIGEST_SIZE];
   byte signature[64];
 
-  sha256.begin();
-  sha256.update(csrInfo, csrInfoHeaderLen + csrInfoLen);
-  sha256.finalize(csrInfoSha256);
+  sha256.beginHash();
+  sha256.write(csrInfo, csrInfoHeaderLen + csrInfoLen);
+  sha256.endHash();
+  sha256.readBytes(csrInfoSha256, SHA256_DIGEST_SIZE);
 
   if (!ECCX08.ecSign(_keySlot, csrInfoSha256, signature)) {
     return "";
diff --git a/src/ArduinoIoTCloudTCP.cpp b/src/ArduinoIoTCloudTCP.cpp
@@ -88,7 +88,7 @@ ArduinoIoTCloudTCP::ArduinoIoTCloudTCP()
 , _mqtt_data_len{0}
 , _mqtt_data_request_retransmit{false}
 #ifdef BOARD_HAS_ECCX08
-, _sslClient(nullptr, ArduinoIoTCloudTrustAnchor, ArduinoIoTCloudTrustAnchor_NUM, getTime)
+, _sslClient(nullptr, ArduinoIoTCloudTrustAnchor, ArduinoIoTCloudTrustAnchor_NUM)
 #endif
   #ifdef BOARD_HAS_SECRET_KEY
 , _password("")
@@ -160,6 +160,7 @@ int ArduinoIoTCloudTCP::begin(bool const enable_watchdog, String brokerAddress,
 #endif
 
 #if defined(BOARD_HAS_ECCX08)
+  ArduinoBearSSL.onGetTime(getTime);
   _sslClient.setClient(_connection->getClient());
 #elif defined(ARDUINO_PORTENTA_C33)
   _sslClient.setClient(_connection->getClient());
diff --git a/src/ArduinoIoTCloudTCP.h b/src/ArduinoIoTCloudTCP.h
@@ -27,7 +27,7 @@
 #include <ArduinoIoTCloud.h>
 
 #ifdef BOARD_HAS_ECCX08
-  #include "tls/BearSSLClient.h"
+  #include <ArduinoBearSSL.h>
   #include "tls/utility/CryptoUtil.h"
 #elif defined(BOARD_ESP)
   #include <WiFiClientSecure.h>
diff --git a/src/tls/utility/CryptoUtil.cpp b/src/tls/utility/CryptoUtil.cpp
@@ -75,11 +75,12 @@ int CryptoUtil::buildCSR(ArduinoIoTCloudCertClass & cert, const CryptoSlot keySl
   }
 
   /* compute CSR SHA256 */
-  SHA256 sha256;
+  SHA256Class sha256;
   byte sha256buf[CRYPTO_SHA256_BUFFER_LENGTH];
-  sha256.begin();
-  sha256.update(cert.bytes(), cert.length());
-  sha256.finalize(sha256buf);
+  sha256.beginHash();
+  sha256.write(cert.bytes(), cert.length());
+  sha256.endHash();
+  sha256.readBytes(sha256buf, CRYPTO_SHA256_BUFFER_LENGTH);
 
   if (!_crypto.ecSign(static_cast<int>(keySlot), sha256buf, signature)) {
     return 0;
diff --git a/src/utility/ota/FlashSHA256.cpp b/src/utility/ota/FlashSHA256.cpp
@@ -24,7 +24,7 @@
 
 #include "FlashSHA256.h"
 
-#include "../../tls/utility/SHA256.h"
+#include <SHA256.h>
 
 #include <Arduino_DebugUtils.h>
 
@@ -38,11 +38,11 @@
 
 String FlashSHA256::calc(uint32_t const start_addr, uint32_t const max_flash_size)
 {
-  SHA256  sha256;
+  SHA256Class  sha256;
   uint8_t chunk     [FLASH_READ_CHUNK_SIZE],
           next_chunk[FLASH_READ_CHUNK_SIZE];
 
-  sha256.begin();
+  sha256.beginHash();
 
   /* Read the first two chunks of flash. */
   uint32_t flash_addr = start_addr;
@@ -75,27 +75,28 @@ String FlashSHA256::calc(uint32_t const start_addr, uint32_t const max_flash_siz
           break;
       }
       /* Update with the remaining bytes. */
-      sha256.update(chunk, valid_bytes_in_chunk);
+      sha256.write(chunk, valid_bytes_in_chunk);
       bytes_read += valid_bytes_in_chunk;
       break;
     }
 
     /* We've read a normal segment with the next segment not containing
      * any erased elements, just update the SHA256 hash calculation.
      */
-    sha256.update(chunk, FLASH_READ_CHUNK_SIZE);
+    sha256.write(chunk, FLASH_READ_CHUNK_SIZE);
     bytes_read += FLASH_READ_CHUNK_SIZE;
 
     /* Copy next_chunk to chunk. */
     memcpy(chunk, next_chunk, FLASH_READ_CHUNK_SIZE);
   }
 
   /* Retrieve the final hash string. */
-  uint8_t sha256_hash[SHA256::HASH_SIZE] = {0};
-  sha256.finalize(sha256_hash);
+  uint8_t sha256_hash[SHA256_DIGEST_SIZE] = {0};
+  sha256.endHash();
+  sha256.readBytes(sha256_hash, SHA256_DIGEST_SIZE);
   String sha256_str;
   std::for_each(sha256_hash,
-                sha256_hash + SHA256::HASH_SIZE,
+                sha256_hash + SHA256_DIGEST_SIZE,
                 [&sha256_str](uint8_t const elem)
                 {
                   char buf[4];
diff --git a/src/utility/ota/OTA-esp32.cpp b/src/utility/ota/OTA-esp32.cpp
@@ -26,7 +26,7 @@
 #include "OTA.h"
 #include <Arduino_DebugUtils.h>
 #include <Arduino_ESP32_OTA.h>
-#include "tls/utility/SHA256.h"
+#include <SHA256.h>
 
 #include <esp_ota_ops.h>
 
@@ -105,11 +105,11 @@ String esp32_getOTAImageSHA256()
   free(b);
 
   /* Retrieve the final hash string. */
-  uint8_t sha256_hash[SHA256::HASH_SIZE] = {0};
+  uint8_t sha256_hash[SHA256_DIGEST_SIZE] = {0};
   sha256.finalize(sha256_hash);
   String sha256_str;
   std::for_each(sha256_hash,
-                sha256_hash + SHA256::HASH_SIZE,
+                sha256_hash + SHA256_DIGEST_SIZE,
                 [&sha256_str](uint8_t const elem)
                 {
                   char buf[4];
diff --git a/src/utility/ota/OTA-portenta-h7.cpp b/src/utility/ota/OTA-portenta-h7.cpp
@@ -31,7 +31,7 @@
 
 #include <stm32h7xx_hal_rtc_ex.h>
 
-#include "tls/utility/SHA256.h"
+#include <SHA256.h>
 
 #include "../watchdog/Watchdog.h"
 
@@ -128,11 +128,11 @@ String portenta_h7_getOTAImageSHA256()
     sha256.update(reinterpret_cast<uint8_t *>(&b), sizeof(b));
   }
   /* Retrieve the final hash string. */
-  uint8_t sha256_hash[SHA256::HASH_SIZE] = {0};
+  uint8_t sha256_hash[SHA256_DIGEST_SIZE] = {0};
   sha256.finalize(sha256_hash);
   String sha256_str;
   std::for_each(sha256_hash,
-                sha256_hash + SHA256::HASH_SIZE,
+                sha256_hash + SHA256_DIGEST_SIZE,
                 [&sha256_str](uint8_t const elem)
                 {
                   char buf[4];
diff --git a/src/utility/ota/OTA-unor4.cpp b/src/utility/ota/OTA-unor4.cpp
@@ -25,7 +25,7 @@
 
 #include "OTAUpdate.h"
 #include <Arduino_DebugUtils.h>
-#include "tls/utility/SHA256.h"
+#include <SHA256.h>
 #include "fsp_common_api.h"
 #include "r_flash_lp.h"
 #include "WiFiS3.h"
@@ -159,11 +159,11 @@ String unor4_getOTAImageSHA256()
   unor4_codeFlashClose(&ctrl);
 
   /* Retrieve the final hash string. */
-  uint8_t sha256_hash[SHA256::HASH_SIZE] = {0};
+  uint8_t sha256_hash[SHA256_DIGEST_SIZE] = {0};
   sha256.finalize(sha256_hash);
   String sha256_str;
   std::for_each(sha256_hash,
-                sha256_hash + SHA256::HASH_SIZE,
+                sha256_hash + SHA256_DIGEST_SIZE,
                 [&sha256_str](uint8_t const elem)
                 {
                   char buf[4];
