modules: mbedtls: remove the default enabling of features

In an effort to shave off code size, remove out-of-the-box
enabling of crypto features (except SHA-256).

Configurations are adjusted to enable what they need.

Bonuses:

- When enabled, AES now defaults to using a smaller version
(`CONFIG_MBEDTLS_AES_ROM_TABLES` isn't default enabled anymore,
and if enabled, `CONFIG_MBEDTLS_AES_FEWER_TABLES` defaults to y).

- Conditions around Mbed TLS Kconfig options have been improved
to reflect the reality of the dependencies.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>

doc/releases/migration-guide-3.7.rst

@@ -80,9 +80,10 @@ Modules
 *******
 
 Mbed TLS
-=======
+========
 
-* The hash algorithms SHA-384, SHA-512, MD5 and SHA-1 are not enabled by default anymore.
+* TLS 1.2, RSA, AES, DES, and all the hash algorithms except SHA-256
+  (SHA-224, SHA-384, SHA-512, MD5 and SHA-1) are not enabled by default anymore.
   Their respective Kconfig options now need to be explicitly enabled to be able to use them.
 * The Kconfig options previously named `CONFIG_MBEDTLS_MAC_*_ENABLED` have been renamed.
   The `_MAC` and `_ENABLED` parts have been removed from their names.

drivers/crypto/Kconfig

@@ -53,6 +53,7 @@ config CRYPTO_MBEDTLS_SHIM
 	select MBEDTLS
 	select MBEDTLS_ENABLE_HEAP
 	select MBEDTLS_SHA512
+	select MBEDTLS_CIPHER_AES_ENABLED
 	select EXPERIMENTAL
 	help
 	  Enable mbedTLS shim layer compliant with crypto APIs. You will need

modules/mbedtls/CMakeLists.txt

@@ -44,6 +44,7 @@ zephyr_interface_library_named(mbedTLS)
       ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum_mod_raw.c
       ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum_mod.c
       ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum.c
+      ${ZEPHYR_CURRENT_MODULE_DIR}/library/block_cipher.c
       ${ZEPHYR_CURRENT_MODULE_DIR}/library/camellia.c
       ${ZEPHYR_CURRENT_MODULE_DIR}/library/ccm.c
       ${ZEPHYR_CURRENT_MODULE_DIR}/library/chacha20.c

modules/mbedtls/Kconfig.tls-generic

@@ -25,7 +25,6 @@ config MBEDTLS_TLS_VERSION_1_1
 
 config MBEDTLS_TLS_VERSION_1_2
 	bool "Support for TLS 1.2 (DTLS 1.2)"
-	default y if !NET_L2_OPENTHREAD
 	select MBEDTLS_CIPHER
 	select MBEDTLS_MD
 
@@ -76,7 +75,9 @@ config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
 
 config MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
 	bool
-	default y if MBEDTLS_KEY_EXCHANGE_PSK_ENABLED || \
+	default y
+	depends on \
+		MBEDTLS_KEY_EXCHANGE_PSK_ENABLED || \
 		MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED || \
 		MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || \
 		MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
@@ -90,7 +91,8 @@ config MBEDTLS_PSK_MAX_LEN
 
 config MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
 	bool "RSA-only based ciphersuite modes"
-	default y if !NET_L2_OPENTHREAD
+	default y if UOSCORE || UEDHOC
+	select MBEDTLS_MD
 
 config MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
 	bool "DHE-RSA based ciphersuite modes"
@@ -209,7 +211,7 @@ endif
 comment "Supported ciphers and cipher modes"
 
 config MBEDTLS_CIPHER_ALL_ENABLED
-	bool "All available ciphers"
+	bool "All available ciphers and modes"
 	select MBEDTLS_CIPHER_AES_ENABLED
 	select MBEDTLS_CIPHER_CAMELLIA_ENABLED
 	select MBEDTLS_CIPHER_DES_ENABLED
@@ -223,30 +225,49 @@ config MBEDTLS_CIPHER_ALL_ENABLED
 	select MBEDTLS_CIPHER_MODE_CTR_ENABLED
 	select MBEDTLS_CHACHAPOLY_AEAD_ENABLED
 
+config MBEDTLS_SOME_AEAD_CIPHER_ENABLED
+	bool
+	default y
+	depends on \
+		MBEDTLS_CIPHER_AES_ENABLED || \
+		MBEDTLS_CIPHER_CAMELLIA_ENABLED
+
+config MBEDTLS_SOME_CIPHER_ENABLED
+	bool
+	default y
+	depends on \
+		MBEDTLS_SOME_AEAD_CIPHER_ENABLED || \
+		MBEDTLS_CIPHER_DES_ENABLED || \
+		MBEDTLS_CIPHER_CHACHA20_ENABLED
+
 config MBEDTLS_CIPHER_AES_ENABLED
 	bool "AES block cipher"
-	default y
+
+if MBEDTLS_CIPHER_AES_ENABLED
 
 config MBEDTLS_AES_ROM_TABLES
-	depends on MBEDTLS_CIPHER_AES_ENABLED
 	bool "Use precomputed AES tables stored in ROM."
-	default y
 
 config MBEDTLS_AES_FEWER_TABLES
-	depends on MBEDTLS_CIPHER_AES_ENABLED
 	bool "Reduce the size of precomputed AES tables by ~6kB"
+	default y
+	depends on MBEDTLS_AES_ROM_TABLES
 	help
 	  Reduce the size of the AES tables at a tradeoff of more
 	  arithmetic operations at runtime. Specifically 4 table
 	  lookups are converted to 1 table lookup, 3 additions
 	  and 6 bit shifts.
 
+config MBEDTLS_CIPHER_MODE_XTS_ENABLED
+	bool "Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES"
+
+endif # MBEDTLS_CIPHER_AES_ENABLED
+
 config MBEDTLS_CIPHER_CAMELLIA_ENABLED
 	bool "Camellia block cipher"
 
 config MBEDTLS_CIPHER_DES_ENABLED
 	bool "DES block cipher"
-	default y if !NET_L2_OPENTHREAD
 
 config MBEDTLS_CIPHER_ARC4_ENABLED
 	bool "ARC4 stream cipher"
@@ -257,25 +278,27 @@ config MBEDTLS_CIPHER_CHACHA20_ENABLED
 config MBEDTLS_CIPHER_BLOWFISH_ENABLED
 	bool "Blowfish block cipher"
 
+if MBEDTLS_SOME_AEAD_CIPHER_ENABLED
+
 config MBEDTLS_CIPHER_CCM_ENABLED
 	bool "Counter with CBC-MAC (CCM) mode for 128-bit block cipher"
-	depends on MBEDTLS_CIPHER_AES_ENABLED || MBEDTLS_CIPHER_CAMELLIA_ENABLED
 	default y if UOSCORE || UEDHOC
 
 config MBEDTLS_CIPHER_GCM_ENABLED
-	bool "Galois/Counter Mode (GCM) for AES"
+	bool "Galois/Counter Mode (GCM) for symmetric ciphers"
-	depends on MBEDTLS_CIPHER_AES_ENABLED || MBEDTLS_CIPHER_CAMELLIA_ENABLED
 
-config MBEDTLS_CIPHER_MODE_XTS_ENABLED
+endif # MBEDTLS_SOME_AEAD_CIPHER_ENABLED
-	bool "Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES"
+
-	depends on MBEDTLS_CIPHER_AES_ENABLED || MBEDTLS_CIPHER_CAMELLIA_ENABLED
+if MBEDTLS_SOME_CIPHER_ENABLED
 
 config MBEDTLS_CIPHER_MODE_CBC_ENABLED
 	bool "Cipher Block Chaining mode (CBC) for symmetric ciphers"
 	default y if !NET_L2_OPENTHREAD
 
 config MBEDTLS_CIPHER_MODE_CTR_ENABLED
-	bool "Counter Block Cipher mode (CTR) for symmetric ciphers."
+	bool "Counter Block Cipher mode (CTR) for symmetric ciphers"
+
+endif # MBEDTLS_SOME_CIPHER_ENABLED
 
 config MBEDTLS_CHACHAPOLY_AEAD_ENABLED
 	bool "ChaCha20-Poly1305 AEAD algorithm"
@@ -348,6 +371,7 @@ comment "Other configurations"
 
 config MBEDTLS_CIPHER
 	bool "generic cipher layer."
+	default y if PSA_WANT_ALG_CMAC
 
 config MBEDTLS_MD
 	bool "generic message digest layer."
@@ -404,7 +428,6 @@ config MBEDTLS_SERVER_NAME_INDICATION
 
 config MBEDTLS_PK_WRITE_C
 	bool "The generic public (asymmetric) key writer"
-	default y if MBEDTLS_PSA_CRYPTO_C
 	help
 	  Enable generic public key write functions.
 
@@ -426,16 +449,18 @@ config MBEDTLS_SSL_CACHE_C
 	help
 	  "This option enables simple SSL cache implementation (server side)."
 
+if MBEDTLS_SSL_CACHE_C
+
 config MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT
 	int "Default timeout for SSL cache entires"
-	depends on MBEDTLS_SSL_CACHE_C
 	default 86400
 
 config MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES
 	int "Maximum number of SSL cache entires"
-	depends on MBEDTLS_SSL_CACHE_C
 	default 5
 
+endif # MBEDTLS_SSL_CACHE_C
+
 config MBEDTLS_SSL_EXTENDED_MASTER_SECRET
 	bool "(D)TLS Extended Master Secret extension"
 	depends on MBEDTLS_TLS_VERSION_1_2
@@ -459,7 +484,7 @@ config MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
 config MBEDTLS_PSA_CRYPTO_LEGACY_RNG
 	bool "Use legacy modules to generate random data"
 	select MBEDTLS_ENTROPY_ENABLED
-	select MBEDTLS_CTR_DRBG_ENABLED if !MBEDTLS_HMAC_DRBG_ENABLED
+	select MBEDTLS_HMAC_DRBG_ENABLED if !MBEDTLS_CTR_DRBG_ENABLED
 	help
 	  Use legacy MbedTLS modules (ENTROPY + CTR_DRBG/HMAC_DRBG) as random
 	  source generators.

modules/mbedtls/configs/config-tls-generic.h

@@ -373,12 +373,6 @@
     defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
 #define MBEDTLS_RSA_C
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
 #define MBEDTLS_PKCS1_V15
 #define MBEDTLS_PKCS1_V21
 #endif
@@ -428,7 +422,7 @@
 #define MBEDTLS_PK_C
 #endif
 
-#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_RSA_C) || defined(MBEDTLS_X509_USE_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_X509_USE_C)
 #define MBEDTLS_ASN1_PARSE_C
 #endif
 

samples/drivers/crypto/prj_mtls_shim.conf

@@ -1,6 +1,7 @@
 CONFIG_MBEDTLS=y
 CONFIG_MBEDTLS_BUILTIN=y
 CONFIG_MBEDTLS_HEAP_SIZE=512
+CONFIG_MBEDTLS_CIPHER_AES_ENABLED=y
 CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
 CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y
 

samples/net/lwm2m_client/overlay-dtls-cert.conf

@@ -12,7 +12,9 @@ CONFIG_MBEDTLS_TLS_VERSION_1_2=y
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=32768
 CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=1500
+CONFIG_MBEDTLS_CIPHER_AES_ENABLED=y
 CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
+CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y
 
 # Disable RSA, use only ECC certificates
 CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=n
@@ -24,8 +26,6 @@ CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y
 CONFIG_MBEDTLS_ECDH_C=y
 CONFIG_MBEDTLS_ECDSA_C=y
 CONFIG_MBEDTLS_ECP_C=y
-CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
-CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y
 # Optional: we could use just binary DER certificates
 CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT=y
 

samples/net/lwm2m_client/overlay-dtls.conf

@@ -12,6 +12,7 @@ CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID=y
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=8192
 CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=1500
+CONFIG_MBEDTLS_CIPHER_AES_ENABLED=y
 CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
 
 # Disable RSA, we don't parse certs: saves flash/memory

samples/net/sockets/big_http_download/prj.conf

@@ -2,6 +2,7 @@
 CONFIG_REQUIRES_FULL_LIBC=y
 CONFIG_MBEDTLS=y
 CONFIG_MBEDTLS_ENABLE_HEAP=y
+CONFIG_MBEDTLS_MD=y
 CONFIG_MAIN_STACK_SIZE=2536
 
 # Networking config

samples/tfm_integration/psa_crypto/prj.conf

@@ -33,6 +33,8 @@ CONFIG_MBEDTLS_ENTROPY_ENABLED=y
 CONFIG_MBEDTLS_ECP_C=y
 CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y
 CONFIG_MBEDTLS_ECDSA_C=y
+CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=y
+CONFIG_MBEDTLS_PK_WRITE_C=y
 
 # JSON
 CONFIG_JSON_LIBRARY=y

subsys/jwt/Kconfig

@@ -18,6 +18,7 @@ config JWT_SIGN_RSA
 	bool "Use RSA signature (RS-256)"
 	depends on CSPRNG_ENABLED
 	select MBEDTLS
+	select MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
 
 config JWT_SIGN_ECDSA
 	bool "Use ECDSA signature (ES-256)"

subsys/mgmt/osdp/Kconfig

@@ -76,6 +76,7 @@ config OSDP_SC_ENABLED
 	select CRYPTO
 	select CRYPTO_MBEDTLS_SHIM
 	select MBEDTLS
+	select MBEDTLS_CIPHER_AES_ENABLED
 	select MBEDTLS_CIPHER_CCM_ENABLED
 	help
 	  Secure the OSDP communication channel with encryption and mutual

subsys/net/ip/Kconfig.ipv6

@@ -168,6 +168,7 @@ config NET_IPV6_RA_RDNSS
 config NET_IPV6_PE
 	bool "Privacy extension (RFC 8981) support [EXPERIMENTAL]"
 	select MBEDTLS
+	select MBEDTLS_MD
 	select EXPERIMENTAL
 	select NET_MGMT
 	select NET_MGMT_EVENT

subsys/net/lib/sockets/Kconfig

@@ -152,6 +152,9 @@ config NET_SOCKETS_SOCKOPT_TLS
 	bool "TCP TLS socket option support"
 	imply TLS_CREDENTIALS
 	select MBEDTLS if NET_NATIVE
+	imply MBEDTLS_TLS_VERSION_1_2 if !NET_L2_OPENTHREAD
+	imply MBEDTLS_KEY_EXCHANGE_RSA_ENABLED if !NET_L2_OPENTHREAD
+	imply MBEDTLS_CIPHER_AES_ENABLED if !NET_L2_OPENTHREAD
 	help
 	  Enable TLS socket option support which automatically establishes
 	  a TLS connection to the remote host.

tests/crypto/crypto_hash/prj_mtls_shim.conf

@@ -4,6 +4,7 @@ CONFIG_MBEDTLS_TEST=y
 
 CONFIG_MBEDTLS_HEAP_SIZE=512
 
+CONFIG_MBEDTLS_CIPHER_AES_ENABLED=y
 CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
 CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y
 

tests/net/ieee802154/l2/prj.conf

@@ -19,6 +19,7 @@ CONFIG_NET_CONTEXT_RCVTIMEO=y
 
 CONFIG_MBEDTLS=y
 CONFIG_MBEDTLS_BUILTIN=y
+CONFIG_MBEDTLS_CIPHER_AES_ENABLED=y
 CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=30000

tests/net/lib/lwm2m/interop/prj.conf

@@ -78,6 +78,7 @@ CONFIG_MBEDTLS_ENABLE_HEAP=y
 # 1280 - 40 - 8 - 21
 CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=1211
 CONFIG_MBEDTLS_HEAP_SIZE=7168
+CONFIG_MBEDTLS_CIPHER_AES_ENABLED=y
 CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
 # Disable RSA, we don't parse certs: saves flash/memory
 CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=n