mbedtls: add a kconfig to use the p256-m directly (without PSA interface)

For sake of memory footprint it might be required to shrink
down the memory footprint as much as possible. Unfortunately Mbed TLS
PSA interface brings in some extra code for key management which makes
it larger than the TinyCrypt counterpart when it comes to p256-m
interfacing. For this reason it might be useful to directly access
the p256-m driver directly.

This commit adds this support and it also updates the corresponding
test in order to make use of this condition.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>

tests/crypto/secp256r1/p256-m_raw.conf

@@ -0,0 +1,6 @@
+CONFIG_MBEDTLS=y
+CONFIG_MBEDTLS_PSA_CRYPTO_C=y
+CONFIG_MBEDTLS_PSA_P256M_DRIVER_RAW=y
+
+CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG=y
+CONFIG_ENTROPY_GENERATOR=y

tests/crypto/secp256r1/src/main.c

@@ -16,15 +16,37 @@
 #include <zephyr/ztest.h>
 
 #if defined(CONFIG_MBEDTLS)
+#if defined(CONFIG_MBEDTLS_PSA_P256M_DRIVER_RAW)
+#include "p256-m.h"
+#else /* CONFIG_MBEDTLS_PSA_P256M_DRIVER_RAW */
 #include "psa/crypto.h"
-#else
+#endif /* CONFIG_MBEDTLS_PSA_P256M_DRIVER_RAW */
+#else /* CONFIG_MBEDTLS */
 #include "zephyr/random/random.h"
 #include "tinycrypt/constants.h"
 #include "tinycrypt/ecc.h"
 #include "tinycrypt/ecc_dh.h"
-#endif
+#endif /* CONFIG_MBEDTLS */
 
 #if defined(CONFIG_MBEDTLS)
+#if defined(CONFIG_MBEDTLS_PSA_P256M_DRIVER_RAW)
+ZTEST_USER(test_fn, test_mbedtls)
+{
+	int ret;
+	uint8_t public_key_1[64], public_key_2[64];
+	uint8_t private_key_1[32], private_key_2[32];
+	uint8_t secret[32];
+
+	ret = p256_gen_keypair(private_key_1, public_key_1);
+	zassert_equal(ret, P256_SUCCESS, "Unable to generate 1st EC key (%d)", ret);
+
+	ret = p256_gen_keypair(private_key_2, public_key_2);
+	zassert_equal(ret, P256_SUCCESS, "Unable to generate 2nd EC key (%d)", ret);
+
+	ret = p256_ecdh_shared_secret(secret, private_key_1, public_key_2);
+	zassert_equal(ret, P256_SUCCESS, "Unable to compute the shared secret (%d)", ret);
+}
+#else /* CONFIG_MBEDTLS_PSA_P256M_DRIVER_RAW */
 ZTEST_USER(test_fn, test_mbedtls)
 {
 	psa_status_t status;
@@ -55,7 +77,8 @@ ZTEST_USER(test_fn, test_mbedtls)
 					secret, sizeof(secret), &secret_len);
 	zassert_equal(status, PSA_SUCCESS, "Unable to compute shared secret (%d)", status);
 }
-#else /* CONFIG_TINYCRYPT */
+#endif /* CONFIG_MBEDTLS_PSA_P256M_DRIVER_RAW */
+#else /* CONFIG_MBEDTLS */
 ZTEST_USER(test_fn, test_tinycrypt)
 {
 	uint8_t public_key_1[64], public_key_2[64];
@@ -80,6 +103,6 @@ int default_CSPRNG(uint8_t *dst, unsigned int len)
 {
 	return (sys_csrand_get(dst, len) == 0);
 }
-#endif /* CONFIG_TINYCRYPT */
+#endif /* CONFIG_MBEDTLS */
 
 ZTEST_SUITE(test_fn, NULL, NULL, NULL, NULL, NULL);

tests/crypto/secp256r1/testcase.yaml

@@ -11,5 +11,7 @@ common:
 tests:
   crypto.secp256r1.mbedtls:
     extra_args: OVERLAY_CONFIG=mbedtls.conf
+  crypto.secp256r1.p256-m_raw:
+    extra_args: OVERLAY_CONFIG=p256-m_raw.conf
   crypto.secp256r1.tinycrypt:
     extra_args: OVERLAY_CONFIG=tinycrypt.conf