sdk 2.2.0 fixes (#1587)

* sdk 2.2.0 fixes

Update mbedtls functions and defines from v2 to v3 for pico sdk 2.2.0 support

* update github workflow

* update cmakelists version

* bump cmake version

incompatible cmake version - https://forums.raspberrypi.com/viewtopic.php?t=391251#p2334074

Author: NickGuyver

.github/workflows/cmake.yml

@@ -88,7 +88,7 @@ jobs:
       - name: Setup cmake
         uses: jwlawson/actions-setup-cmake@v2
         with:
-          cmake-version: "3.17.x"
+          cmake-version: "3.31.x"
       - name: Verify cmake
         run: cmake --version
 
@@ -102,11 +102,11 @@ jobs:
       - name: arm-none-eabi-gcc GNU Arm Embedded Toolchain
         uses: carlosperate/arm-none-eabi-gcc-action@v1.11.1
 
-      - name: Checkout pico-sdk/2.1.1
+      - name: Checkout pico-sdk/2.2.0
         uses: actions/checkout@v6.0.1
         with:
           repository: raspberrypi/pico-sdk
-          ref: 2.1.1
+          ref: 2.2.0
           path: pico-sdk
 
       - name: Checkout pico-sdk submodules

CMakeLists.txt

@@ -4,9 +4,9 @@ if(WIN32)
 else()
     set(USERHOME $ENV{HOME})
 endif()
-set(sdkVersion 2.1.1)
+set(sdkVersion 2.2.0)
 set(toolchainVersion 14_2_Rel1)
-set(picotoolVersion 2.1.1)
+set(picotoolVersion 2.2.0-a4)
 set(picoVscode ${USERHOME}/.pico-sdk/cmake/pico-vscode.cmake)
 if (EXISTS ${picoVscode})
     include(${picoVscode})
@@ -59,8 +59,8 @@ set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
 # note: this must happen before project()
 include(pico_sdk_import.cmake)
 
-if (PICO_SDK_VERSION_STRING VERSION_LESS "2.1.1")
-  message(FATAL_ERROR "Raspberry Pi Pico SDK version 2.1.1 (or later) required. Your version is ${PICO_SDK_VERSION_STRING}")
+if (PICO_SDK_VERSION_STRING VERSION_LESS "2.2.0")
+  message(FATAL_ERROR "Raspberry Pi Pico SDK version 2.2.0 (or later) required. Your version is ${PICO_SDK_VERSION_STRING}")
 endif()
 
 # set the version for webconfig, etc. based on git

headers/mbedtls_config.h

@@ -1,7 +1,6 @@
 /* This can be enabled lated when we use SNTP */
 #undef MBEDTLS_HAVE_TIME_DATE
 
-#define MBEDTLS_CHECK_PARAMS
 #define MBEDTLS_CHECK_PARAMS_ASSERT
 #define MBEDTLS_ENTROPY_HARDWARE_ALT
 #define MBEDTLS_AES_ROM_TABLES
@@ -21,6 +20,14 @@
 #define MBEDTLS_SSL_ASYNC_PRIVATE
 #define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
 #define MBEDTLS_USE_PSA_CRYPTO
+#define MBEDTLS_OID_C
+#define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+#define MBEDTLS_X509_USE_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PRIVATE
 #undef MBEDTLS_NET_C
 #undef MBEDTLS_PSA_CRYPTO_STORAGE_C
 #undef MBEDTLS_PSA_ITS_FILE_C

src/drivers/ps4/PS4Auth.cpp

@@ -16,7 +16,7 @@
 
 #define NEW_CONFIG_MPI(name, buf, size) \
     mbedtls_mpi_uint *bytes ## name = new mbedtls_mpi_uint[size / sizeof(mbedtls_mpi_uint)]; \
-    mbedtls_mpi name = { .s=1, .n=size / sizeof(mbedtls_mpi_uint), .p=bytes ## name }; \
+    mbedtls_mpi name = { .p=bytes ## name, .s=1, .n=size / sizeof(mbedtls_mpi_uint) }; \
     memcpy(bytes ## name, buf, size);
 
 #define DELETE_CONFIG_MPI(name) delete bytes ## name;
@@ -78,7 +78,8 @@ void PS4Auth::keyModeInitialize() {
     NEW_CONFIG_MPI(E, options.rsaE.bytes, options.rsaE.size)
     NEW_CONFIG_MPI(P, options.rsaP.bytes, options.rsaP.size)
     NEW_CONFIG_MPI(Q, options.rsaQ.bytes, options.rsaQ.size)
-    mbedtls_rsa_init(&ps4AuthData.rsa_context, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
+    mbedtls_rsa_init(&ps4AuthData.rsa_context);
+    mbedtls_rsa_set_padding(&ps4AuthData.rsa_context, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
     if (mbedtls_rsa_import(&ps4AuthData.rsa_context, &N, &P, &Q, nullptr, &E) == 0 &&
             mbedtls_rsa_complete(&ps4AuthData.rsa_context) == 0) {
         ps4AuthData.valid_rsa = true;
@@ -105,11 +106,11 @@ void PS4Auth::keyModeProcess() {
         int rss_error = 0;
         uint8_t hashed_nonce[32];
         // Sign our nonce into hashed_nonce
-        if ( mbedtls_sha256_ret(ps4AuthData.ps4_auth_buffer, 256, hashed_nonce, 0) < 0 ) {
+        if ( mbedtls_sha256(ps4AuthData.ps4_auth_buffer, 256, hashed_nonce, 0) < 0 ) {
             return;
         }
         rss_error = mbedtls_rsa_rsassa_pss_sign(&ps4AuthData.rsa_context, rng, nullptr,
-                MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,
+                MBEDTLS_MD_SHA256,
                 32, hashed_nonce,
                 ps4AuthData.ps4_auth_buffer);
         if ( rss_error < 0 ) {