modules: mbedtls: remove the default enabling of features

In an effort to shave off code size, remove out-of-the-box enabling of crypto features (except SHA-256). Configurations are adjusted to enable what they need. Bonuses: - When enabled, AES now defaults to using a smaller version (`CONFIG_MBEDTLS_AES_ROM_TABLES` isn't default enabled anymore, and if enabled, `CONFIG_MBEDTLS_AES_FEWER_TABLES` defaults to y). - Conditions around Mbed TLS Kconfig options have been improved to reflect the reality of the dependencies. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
2024-05-08 16:34:31 +03:00 · 2024-05-08 16:34:31 +03:00 · c1342b3aa9
commit c1342b3aa9
parent 598ba32856
17 changed files with 70 additions and 34 deletions
--- a/doc/releases/migration-guide-3.7.rst
+++ b/doc/releases/migration-guide-3.7.rst
@ -79,10 +79,11 @@ Boards
 Modules
 *******

-MbedTLS
-=======
+Mbed TLS
+========

-* The hash algorithms SHA-384, SHA-512, MD5 and SHA-1 are not enabled by default anymore.
+* TLS 1.2, RSA, AES, DES, and all the hash algorithms except SHA-256
+  (SHA-224, SHA-384, SHA-512, MD5 and SHA-1) are not enabled by default anymore.
  Their respective Kconfig options now need to be explicitly enabled to be able to use them.
 * The Kconfig options previously named `CONFIG_MBEDTLS_MAC_*_ENABLED` have been renamed.
  The `_MAC` and `_ENABLED` parts have been removed from their names.
@ -560,10 +561,10 @@ MCUmgr
 ======

 * The support for SHA-256 (when using checksum/hash functions), previously provided
-  by either TinyCrypt or MbedTLS, is now provided by either PSA or MbedTLS.
+  by either TinyCrypt or Mbed TLS, is now provided by either PSA or Mbed TLS.
  PSA is the recommended API going forward, however, if it is not already enabled
  (:kconfig:option:`CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT`) and you have tight code size
-  constraints, you may be able to save 1.3 KB by using MbedTLS instead.
+  constraints, you may be able to save 1.3 KB by using Mbed TLS instead.

 Modem
 =====
--- a/drivers/crypto/Kconfig
+++ b/drivers/crypto/Kconfig
@ -53,6 +53,7 @@ config CRYPTO_MBEDTLS_SHIM
 	select MBEDTLS
 	select MBEDTLS_ENABLE_HEAP
 	select MBEDTLS_SHA512
+	select MBEDTLS_CIPHER_AES_ENABLED
 	select EXPERIMENTAL
 	help
 	  Enable mbedTLS shim layer compliant with crypto APIs. You will need
--- a/modules/mbedtls/CMakeLists.txt
+++ b/modules/mbedtls/CMakeLists.txt
@ -44,6 +44,7 @@ zephyr_interface_library_named(mbedTLS)
      ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum_mod_raw.c
      ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum_mod.c
      ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum.c
+      ${ZEPHYR_CURRENT_MODULE_DIR}/library/block_cipher.c
      ${ZEPHYR_CURRENT_MODULE_DIR}/library/camellia.c
      ${ZEPHYR_CURRENT_MODULE_DIR}/library/ccm.c
      ${ZEPHYR_CURRENT_MODULE_DIR}/library/chacha20.c
--- a/modules/mbedtls/Kconfig.tls-generic
+++ b/modules/mbedtls/Kconfig.tls-generic
@ -25,7 +25,6 @@ config MBEDTLS_TLS_VERSION_1_1

 config MBEDTLS_TLS_VERSION_1_2
 	bool "Support for TLS 1.2 (DTLS 1.2)"
-	default y if !NET_L2_OPENTHREAD
 	select MBEDTLS_CIPHER
 	select MBEDTLS_MD

@ -76,7 +75,9 @@ config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED

 config MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
 	bool
-	default y if MBEDTLS_KEY_EXCHANGE_PSK_ENABLED || \
+	default y
+	depends on \
+		MBEDTLS_KEY_EXCHANGE_PSK_ENABLED || \
 		MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED || \
 		MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || \
 		MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
@ -90,7 +91,8 @@ config MBEDTLS_PSK_MAX_LEN

 config MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
 	bool "RSA-only based ciphersuite modes"
-	default y if !NET_L2_OPENTHREAD
+	default y if UOSCORE || UEDHOC
+	select MBEDTLS_MD

 config MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
 	bool "DHE-RSA based ciphersuite modes"
@ -209,7 +211,7 @@ endif
 comment "Supported ciphers and cipher modes"

 config MBEDTLS_CIPHER_ALL_ENABLED
-	bool "All available ciphers"
+	bool "All available ciphers and modes"
 	select MBEDTLS_CIPHER_AES_ENABLED
 	select MBEDTLS_CIPHER_CAMELLIA_ENABLED
 	select MBEDTLS_CIPHER_DES_ENABLED
@ -223,30 +225,49 @@ config MBEDTLS_CIPHER_ALL_ENABLED
 	select MBEDTLS_CIPHER_MODE_CTR_ENABLED
 	select MBEDTLS_CHACHAPOLY_AEAD_ENABLED

+config MBEDTLS_SOME_AEAD_CIPHER_ENABLED
+	bool
+	default y
+	depends on \
+		MBEDTLS_CIPHER_AES_ENABLED || \
+		MBEDTLS_CIPHER_CAMELLIA_ENABLED
+
+config MBEDTLS_SOME_CIPHER_ENABLED
+	bool
+	default y
+	depends on \
+		MBEDTLS_SOME_AEAD_CIPHER_ENABLED || \
+		MBEDTLS_CIPHER_DES_ENABLED || \
+		MBEDTLS_CIPHER_CHACHA20_ENABLED
+
 config MBEDTLS_CIPHER_AES_ENABLED
 	bool "AES block cipher"
-	default y
+
+if MBEDTLS_CIPHER_AES_ENABLED

 config MBEDTLS_AES_ROM_TABLES
-	depends on MBEDTLS_CIPHER_AES_ENABLED
 	bool "Use precomputed AES tables stored in ROM."
-	default y

 config MBEDTLS_AES_FEWER_TABLES
-	depends on MBEDTLS_CIPHER_AES_ENABLED
 	bool "Reduce the size of precomputed AES tables by ~6kB"
+	default y
+	depends on MBEDTLS_AES_ROM_TABLES
 	help
 	  Reduce the size of the AES tables at a tradeoff of more
 	  arithmetic operations at runtime. Specifically 4 table
 	  lookups are converted to 1 table lookup, 3 additions
 	  and 6 bit shifts.

+config MBEDTLS_CIPHER_MODE_XTS_ENABLED
+	bool "Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES"
+
+endif # MBEDTLS_CIPHER_AES_ENABLED
+
 config MBEDTLS_CIPHER_CAMELLIA_ENABLED
 	bool "Camellia block cipher"

 config MBEDTLS_CIPHER_DES_ENABLED
 	bool "DES block cipher"
-	default y if !NET_L2_OPENTHREAD

 config MBEDTLS_CIPHER_ARC4_ENABLED
 	bool "ARC4 stream cipher"
@ -257,25 +278,27 @@ config MBEDTLS_CIPHER_CHACHA20_ENABLED
 config MBEDTLS_CIPHER_BLOWFISH_ENABLED
 	bool "Blowfish block cipher"

+if MBEDTLS_SOME_AEAD_CIPHER_ENABLED
+
 config MBEDTLS_CIPHER_CCM_ENABLED
 	bool "Counter with CBC-MAC (CCM) mode for 128-bit block cipher"
-	depends on MBEDTLS_CIPHER_AES_ENABLED || MBEDTLS_CIPHER_CAMELLIA_ENABLED
 	default y if UOSCORE || UEDHOC

 config MBEDTLS_CIPHER_GCM_ENABLED
-	bool "Galois/Counter Mode (GCM) for AES"
-	depends on MBEDTLS_CIPHER_AES_ENABLED || MBEDTLS_CIPHER_CAMELLIA_ENABLED
+	bool "Galois/Counter Mode (GCM) for symmetric ciphers"

-config MBEDTLS_CIPHER_MODE_XTS_ENABLED
-	bool "Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES"
-	depends on MBEDTLS_CIPHER_AES_ENABLED || MBEDTLS_CIPHER_CAMELLIA_ENABLED
+endif # MBEDTLS_SOME_AEAD_CIPHER_ENABLED
+
+if MBEDTLS_SOME_CIPHER_ENABLED

 config MBEDTLS_CIPHER_MODE_CBC_ENABLED
 	bool "Cipher Block Chaining mode (CBC) for symmetric ciphers"
 	default y if !NET_L2_OPENTHREAD

 config MBEDTLS_CIPHER_MODE_CTR_ENABLED
-	bool "Counter Block Cipher mode (CTR) for symmetric ciphers."
+	bool "Counter Block Cipher mode (CTR) for symmetric ciphers"
+
+endif # MBEDTLS_SOME_CIPHER_ENABLED

 config MBEDTLS_CHACHAPOLY_AEAD_ENABLED
 	bool "ChaCha20-Poly1305 AEAD algorithm"
@ -348,6 +371,7 @@ comment "Other configurations"

 config MBEDTLS_CIPHER
 	bool "generic cipher layer."
+	default y if PSA_WANT_ALG_CMAC

 config MBEDTLS_MD
 	bool "generic message digest layer."
@ -404,7 +428,6 @@ config MBEDTLS_SERVER_NAME_INDICATION

 config MBEDTLS_PK_WRITE_C
 	bool "The generic public (asymmetric) key writer"
-	default y if MBEDTLS_PSA_CRYPTO_C
 	help
 	  Enable generic public key write functions.

@ -426,16 +449,18 @@ config MBEDTLS_SSL_CACHE_C
 	help
 	  "This option enables simple SSL cache implementation (server side)."

+if MBEDTLS_SSL_CACHE_C
+
 config MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT
 	int "Default timeout for SSL cache entires"
-	depends on MBEDTLS_SSL_CACHE_C
 	default 86400

 config MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES
 	int "Maximum number of SSL cache entires"
-	depends on MBEDTLS_SSL_CACHE_C
 	default 5

+endif # MBEDTLS_SSL_CACHE_C
+
 config MBEDTLS_SSL_EXTENDED_MASTER_SECRET
 	bool "(D)TLS Extended Master Secret extension"
 	depends on MBEDTLS_TLS_VERSION_1_2
@ -459,7 +484,7 @@ config MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
 config MBEDTLS_PSA_CRYPTO_LEGACY_RNG
 	bool "Use legacy modules to generate random data"
 	select MBEDTLS_ENTROPY_ENABLED
-	select MBEDTLS_CTR_DRBG_ENABLED if !MBEDTLS_HMAC_DRBG_ENABLED
+	select MBEDTLS_HMAC_DRBG_ENABLED if !MBEDTLS_CTR_DRBG_ENABLED
 	help
 	  Use legacy MbedTLS modules (ENTROPY + CTR_DRBG/HMAC_DRBG) as random
 	  source generators.
--- a/modules/mbedtls/configs/config-tls-generic.h
+++ b/modules/mbedtls/configs/config-tls-generic.h
@ -373,12 +373,6 @@
    defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
 #define MBEDTLS_RSA_C
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
 #define MBEDTLS_PKCS1_V15
 #define MBEDTLS_PKCS1_V21
 #endif
@ -428,7 +422,7 @@
 #define MBEDTLS_PK_C
 #endif

-#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_RSA_C) || defined(MBEDTLS_X509_USE_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_X509_USE_C)
 #define MBEDTLS_ASN1_PARSE_C
 #endif

--- a/samples/drivers/crypto/prj_mtls_shim.conf
+++ b/samples/drivers/crypto/prj_mtls_shim.conf
@ -1,6 +1,7 @@
 CONFIG_MBEDTLS=y
 CONFIG_MBEDTLS_BUILTIN=y
 CONFIG_MBEDTLS_HEAP_SIZE=512
+CONFIG_MBEDTLS_CIPHER_AES_ENABLED=y
 CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
 CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y

--- a/samples/net/lwm2m_client/overlay-dtls-cert.conf
+++ b/samples/net/lwm2m_client/overlay-dtls-cert.conf
@ -12,7 +12,9 @@ CONFIG_MBEDTLS_TLS_VERSION_1_2=y
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=32768
 CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=1500
+CONFIG_MBEDTLS_CIPHER_AES_ENABLED=y
 CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
+CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y

 # Disable RSA, use only ECC certificates
 CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=n
@ -24,8 +26,6 @@ CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y
 CONFIG_MBEDTLS_ECDH_C=y
 CONFIG_MBEDTLS_ECDSA_C=y
 CONFIG_MBEDTLS_ECP_C=y
-CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
-CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y
 # Optional: we could use just binary DER certificates
 CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT=y

--- a/samples/net/lwm2m_client/overlay-dtls.conf
+++ b/samples/net/lwm2m_client/overlay-dtls.conf
@ -12,6 +12,7 @@ CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID=y
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=8192
 CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=1500
+CONFIG_MBEDTLS_CIPHER_AES_ENABLED=y
 CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y

 # Disable RSA, we don't parse certs: saves flash/memory
--- a/samples/net/sockets/big_http_download/prj.conf
+++ b/samples/net/sockets/big_http_download/prj.conf
@ -2,6 +2,7 @@
 CONFIG_REQUIRES_FULL_LIBC=y
 CONFIG_MBEDTLS=y
 CONFIG_MBEDTLS_ENABLE_HEAP=y
+CONFIG_MBEDTLS_MD=y
 CONFIG_MAIN_STACK_SIZE=2536

 # Networking config
--- a/samples/tfm_integration/psa_crypto/prj.conf
+++ b/samples/tfm_integration/psa_crypto/prj.conf
@ -33,6 +33,8 @@ CONFIG_MBEDTLS_ENTROPY_ENABLED=y
 CONFIG_MBEDTLS_ECP_C=y
 CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y
 CONFIG_MBEDTLS_ECDSA_C=y
+CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=y
+CONFIG_MBEDTLS_PK_WRITE_C=y

 # JSON
 CONFIG_JSON_LIBRARY=y
--- a/subsys/jwt/Kconfig
+++ b/subsys/jwt/Kconfig
@ -18,6 +18,7 @@ config JWT_SIGN_RSA
 	bool "Use RSA signature (RS-256)"
 	depends on CSPRNG_ENABLED
 	select MBEDTLS
+	select MBEDTLS_KEY_EXCHANGE_RSA_ENABLED

 config JWT_SIGN_ECDSA
 	bool "Use ECDSA signature (ES-256)"
--- a/subsys/mgmt/osdp/Kconfig
+++ b/subsys/mgmt/osdp/Kconfig
@ -76,6 +76,7 @@ config OSDP_SC_ENABLED
 	select CRYPTO
 	select CRYPTO_MBEDTLS_SHIM
 	select MBEDTLS
+	select MBEDTLS_CIPHER_AES_ENABLED
 	select MBEDTLS_CIPHER_CCM_ENABLED
 	help
 	  Secure the OSDP communication channel with encryption and mutual
--- a/subsys/net/ip/Kconfig.ipv6
+++ b/subsys/net/ip/Kconfig.ipv6
@ -168,6 +168,7 @@ config NET_IPV6_RA_RDNSS
 config NET_IPV6_PE
 	bool "Privacy extension (RFC 8981) support [EXPERIMENTAL]"
 	select MBEDTLS
+	select MBEDTLS_MD
 	select EXPERIMENTAL
 	select NET_MGMT
 	select NET_MGMT_EVENT
--- a/subsys/net/lib/sockets/Kconfig
+++ b/subsys/net/lib/sockets/Kconfig
@ -152,6 +152,9 @@ config NET_SOCKETS_SOCKOPT_TLS
 	bool "TCP TLS socket option support"
 	imply TLS_CREDENTIALS
 	select MBEDTLS if NET_NATIVE
+	imply MBEDTLS_TLS_VERSION_1_2 if !NET_L2_OPENTHREAD
+	imply MBEDTLS_KEY_EXCHANGE_RSA_ENABLED if !NET_L2_OPENTHREAD
+	imply MBEDTLS_CIPHER_AES_ENABLED if !NET_L2_OPENTHREAD
 	help
 	  Enable TLS socket option support which automatically establishes
 	  a TLS connection to the remote host.
--- a/tests/crypto/crypto_hash/prj_mtls_shim.conf
+++ b/tests/crypto/crypto_hash/prj_mtls_shim.conf
@ -4,6 +4,7 @@ CONFIG_MBEDTLS_TEST=y

 CONFIG_MBEDTLS_HEAP_SIZE=512

+CONFIG_MBEDTLS_CIPHER_AES_ENABLED=y
 CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
 CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y

--- a/tests/net/ieee802154/l2/prj.conf
+++ b/tests/net/ieee802154/l2/prj.conf
@ -19,6 +19,7 @@ CONFIG_NET_CONTEXT_RCVTIMEO=y

 CONFIG_MBEDTLS=y
 CONFIG_MBEDTLS_BUILTIN=y
+CONFIG_MBEDTLS_CIPHER_AES_ENABLED=y
 CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=30000
--- a/tests/net/lib/lwm2m/interop/prj.conf
+++ b/tests/net/lib/lwm2m/interop/prj.conf
@ -78,6 +78,7 @@ CONFIG_MBEDTLS_ENABLE_HEAP=y
 # 1280 - 40 - 8 - 21
 CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=1211
 CONFIG_MBEDTLS_HEAP_SIZE=7168
+CONFIG_MBEDTLS_CIPHER_AES_ENABLED=y
 CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
 # Disable RSA, we don't parse certs: saves flash/memory
 CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=n