mgmt: updatehub: remove legacy Mbed TLS crypto support
The long-term Zephyr's goal is rely only on PSA Crypto API for crypto
support in Zephyr and at the same time Mbed TLS will remove this support
from the next release.
Therefore this commit removes usage of legacy crypto hash support from
updatehub.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
diff --git a/subsys/mgmt/updatehub/Kconfig b/subsys/mgmt/updatehub/Kconfig
index eb19b64..dca7aa4 100644
--- a/subsys/mgmt/updatehub/Kconfig
+++ b/subsys/mgmt/updatehub/Kconfig
@@ -17,8 +17,8 @@
select REQUIRES_FULL_LIBC
select IMG_ENABLE_IMAGE_CHECK
select MPU_ALLOW_FLASH_WRITE
- select MBEDTLS if !BUILD_WITH_TFM
- select MBEDTLS_SHA256 if !PSA_CRYPTO_CLIENT
+ select PSA_CRYPTO
+ select PSA_WANT_ALG_SHA_256
help
UpdateHub is an enterprise-grade solution which makes simple to
remotely update all your embedded devices in the field. It
diff --git a/subsys/mgmt/updatehub/updatehub_integrity.c b/subsys/mgmt/updatehub/updatehub_integrity.c
index dcebcf6..afeeaa8 100644
--- a/subsys/mgmt/updatehub/updatehub_integrity.c
+++ b/subsys/mgmt/updatehub/updatehub_integrity.c
@@ -9,11 +9,7 @@
#include "updatehub_integrity.h"
-#if defined(CONFIG_PSA_CRYPTO_CLIENT)
#define SUCCESS_VALUE PSA_SUCCESS
-#else
-#define SUCCESS_VALUE 0
-#endif
int updatehub_integrity_init(updatehub_crypto_context_t *ctx)
{
@@ -24,13 +20,8 @@
return -EINVAL;
}
-#if defined(CONFIG_PSA_CRYPTO_CLIENT)
*ctx = psa_hash_operation_init();
ret = psa_hash_setup(ctx, PSA_ALG_SHA_256);
-#else
- mbedtls_sha256_init(ctx);
- ret = mbedtls_sha256_starts(ctx, false);
-#endif
if (ret != SUCCESS_VALUE) {
LOG_DBG("Failed to %s SHA-256 operation. (%d)", "set up", ret);
return -EFAULT;
@@ -53,19 +44,9 @@
return 0;
}
-#if defined(CONFIG_PSA_CRYPTO_CLIENT)
ret = psa_hash_update(ctx, buffer, len);
- if (ret != PSA_SUCCESS) {
- psa_hash_abort(ctx);
- }
-#else
- ret = mbedtls_sha256_update(ctx, buffer, len);
- if (ret != 0) {
- mbedtls_sha256_free(ctx);
- }
-#endif
-
if (ret != SUCCESS_VALUE) {
+ psa_hash_abort(ctx);
LOG_DBG("Failed to %s SHA-256 operation. (%d)", "update", ret);
return -EFAULT;
}
@@ -77,6 +58,7 @@
uint8_t *hash, const uint32_t size)
{
int ret;
+ size_t hash_len;
if (ctx == NULL || hash == NULL) {
return -EINVAL;
@@ -87,18 +69,9 @@
return -EINVAL;
}
-#if defined(CONFIG_PSA_CRYPTO_CLIENT)
- size_t hash_len;
-
ret = psa_hash_finish(ctx, hash, size, &hash_len);
- if (ret != PSA_SUCCESS) {
- psa_hash_abort(ctx);
- }
-#else
- ret = mbedtls_sha256_finish(ctx, hash);
- mbedtls_sha256_free(ctx);
-#endif
if (ret != SUCCESS_VALUE) {
+ psa_hash_abort(ctx);
LOG_DBG("Failed to %s SHA-256 operation. (%d)", "finish", ret);
return -EFAULT;
}
diff --git a/subsys/mgmt/updatehub/updatehub_integrity.h b/subsys/mgmt/updatehub/updatehub_integrity.h
index dcec7ec..44436fa 100644
--- a/subsys/mgmt/updatehub/updatehub_integrity.h
+++ b/subsys/mgmt/updatehub/updatehub_integrity.h
@@ -7,11 +7,7 @@
#ifndef __UPDATEHUB_INTEGRITY_H__
#define __UPDATEHUB_INTEGRITY_H__
-#if defined(CONFIG_PSA_CRYPTO_CLIENT)
#include <psa/crypto.h>
-#else
-#include <mbedtls/sha256.h>
-#endif
#ifdef __cplusplus
extern "C" {
@@ -20,11 +16,7 @@
#define SHA256_BIN_DIGEST_SIZE (32)
#define SHA256_HEX_DIGEST_SIZE ((SHA256_BIN_DIGEST_SIZE * 2) + 1)
-#if defined(CONFIG_PSA_CRYPTO_CLIENT)
typedef psa_hash_operation_t updatehub_crypto_context_t;
-#else
-typedef mbedtls_sha256_context updatehub_crypto_context_t;
-#endif
int updatehub_integrity_init(updatehub_crypto_context_t *ctx);
int updatehub_integrity_update(updatehub_crypto_context_t *ctx,
