Add proper PSA_WANT kconfigs for TLS sockets and RSA key exchanges
when CONFIG_PSA_CRYPTO_CLIENT is set.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
For sake of memory footprint it might be required to shrink
down the memory footprint as much as possible. Unfortunately Mbed TLS
PSA interface brings in some extra code for key management which makes
it larger than the TinyCrypt counterpart when it comes to p256-m
interfacing. For this reason it might be useful to directly access
the p256-m driver directly.
This commit adds this support and it also updates the corresponding
test in order to make use of this condition.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Ensure psa_crypto_init() is called during initialization when
Mbed TLS acts as a PSA crypto client. This will setup the PSA
crypto server for further calls.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add support for the CortexM optimized implementation of secp256r1
code. It supports:
- import & export
- key agreement
- sign & verify
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
As of Mbed TLS 3.6 (which is the currently used version in Zephyr)
Blowfish, ARC4 and MD4 are no more supported so existing kconfigs
have no effect at all. Moreover they are not even used anywhere
in Zephyr.
This commit just removes them all and it also updates the migration
guide document.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
In an effort to shave off code size, remove out-of-the-box
enabling of crypto features (except SHA-256).
Configurations are adjusted to enable what they need.
Bonuses:
- When enabled, AES now defaults to using a smaller version
(`CONFIG_MBEDTLS_AES_ROM_TABLES` isn't default enabled anymore,
and if enabled, `CONFIG_MBEDTLS_AES_FEWER_TABLES` defaults to y).
- Conditions around Mbed TLS Kconfig options have been improved
to reflect the reality of the dependencies.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Remove the `_MAC` part because those Kconfig options enable only hash
algorithms, nothing MAC-related, and the `_ENABLED` part to align the
naming to the Mbed TLS defines (plus we don't need such a part).
As a bonus, enabling SHA-256 does not automatically enable SHA-224
anymore.
See the migration guide entries for more details on the practical
changes.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
By default PSA crypto library copies all the buffers that are passed
in into the heap before further processing them. This is required
when the PSA crypto library is on the secure side and it accepts
buffers from a non-secure code. However this case in Zephyr
is already handled by TF-M, so when the PSA crypto library is
built (CONFIG_MBEDTLS_PSA_CRYPTO_C) then it will be on the
non-secure side. Therefore this malloc copy is useless and
it consumes heap memory. Setting MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
at Mbed TLS build time helps in removing this mechanism and
it saves heap memory.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Instead of selecting legacy MBEDTLS symbols, use corresponding
PSA_WANT ones when possible (note: some legacy symbols do not
have a PSA correspondance).
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add "sha3.c" source file that was previously missing from
CMakeLists.txt and that has been added in MbedTLS 3.6 release.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Using MBEDTLS_PSA_CRYPTO_CLIENT to guard all PSA_WANT symbols is
not completely correct because:
1. the prefix MBEDTLS suggests that it's something related to
MbedTLS, while actually PSA APIs can be provided also
by other implementations (ex: TFM)
2. there might applications which are willing to use PSA APIs
without using MbedTLS at all. For example computing an hash
can be as simple as writing psa_hash_compute() and, if the
PSA function is provided thorugh TFM, then MbedTLS is not
required at all
Therefore this commit:
- moves MBEDTLS_PSA_CRYPTO_CLIENT to Kconfig.tls-generic since
that symbol belongs to MbedTLS
- adds a new symbol named PSA_CRYPTO_CLIENT as a generic way
to state that there is "some" PSA crypto API provider
- let MBEDTLS_PSA_CRYPTO_CLIENT automatically select
PSA_CRYPTO_CLIENT, since the former is an implementation of
the latter.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Now that support for all PSA_WANT symbols is in place, we can
enable MBEDTLS_USE_PSA_CRYPTO when MBEDTLS_PSA_CRYPTO_C is
enabled as well.
Note: this commit also moves USE_PSA_CRYPTO out of CRYPTO_C
dependency in config-tls-generic.h because TLS/DTLS/X509 modules
of MbedTLS can rely on *any* implementation of PSA crypto APIs
not only the MbedTLS one. TFM is for example an alternative
to this.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Since PSA has several different symbols defined and since it's
better to keep them aligned with the current MbedTLS release,
a python script is used to generate both:
- Kconfig.psa
- config-psa-generic.h
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Adding a Kconfig and a header file to control which PSA features
are to be used from MbedTLS:
- new kconfig symbols are placed in a separate header file
(Kconfig.psa) and are guarded by MBEDTLS_PSA_CRYPTO_CLIENT. The
reason for this is that TLS/X509 can either rely on PSA functions
provided by MbedTLS (when MBEDTLS_PSA_CRYPTO_C is defined) or
TFM (when BUILD_WITH_TFM is selected). Therefore we could
not make these new Kconfigs depending on MBEDTLS_PSA_CRYPTO_C.
- by default all PSA symbols are enabled, but they can be
disabled by respective Kconfigs in order to reduce the image
size.
- the new header file (config-psa-generic.h) mimics what
config-tls-generic.h does for MbedTLS builtin symbols: it
enables a build symbol for every Kconfig one. The name is
kept identical in the 2 cases (a part from the initial CONFIG_
in order to simplify the mechanism).
- MBEDTLS_PSA_CRYPTO_CONFIG is finally enabled whenever there
is any PSA crypto provider (either MBEDTLS_PSA_CRYPTO_C or
TFM)
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Fix undefined reference to mbedtls_pk_ecc_xxx functions following update
to latest mbedtls version.
Signed-off-by: Joel Guittet <joelguittet@gmail.com>
- Do not set CONFIG_MBEDTLS_ZEPHYR_ENTROPY in
tests/crypto/mbedtls because this can cause test failure on
real devices in which test thread do not have access to
drivers.
- make MBEDTLS_PSA_CRYPTO_RND_SOURCE depending on
MBEDTLS_PSA_CRYPTO_C because it only makes sense when the
latter is defined
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
It is meant specifically for configuration of the PSA crypto library.
The underlying PSA configuration items are guarded by the condition
that a PSA crypto provider must be present, which is the case when
either TF-M is in use or MbedTLS's PSA core is built as part of
the application image.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
MBEDTLS_PSA_CRYPTO_C and MBEDTLS_USE_PSA_CRYPTO are 2 different
things and the former should not automatically enable the
latter. The reson is that the user might want the MbedTLS
PSA crypto toolbox to be built, but at the same time he/she
does not want TLS/DTLS (and other intermediate modules such
as PK, MD and Cipher) to use PSA APIs.
For this reason this commit introduces a new Kconfig option
named CONFIG_MBEDTLS_USE_PSA_CRYPTO to enable the corresponding
build symbol. By default USE_PSA_CRYPTO is disabled. It is
only explicilty enabled in tests/samples that were previously
setting CRYPTO_C (since in those cases USE_PSA was set).
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
PICOLIBC misses the dirent.h header which is required
to emulate ITS (internal trusted storage) in PSA APIs.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add a choice to select between legacy modules
(i.e. ENTROPY + CTR_DRBG/HMAC_DRBG) and CSPRNG as random generators
for PSA_CRYPTO_C.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Create a new Kconfig named CONFIG_PSA_WANT_ALG_SHA_256 which allows to
enable PSA_WANT_ALG_SHA_256. This allows to use PSA functions to
compute SHA256 hashes. When PSA is provided by TFM this allows also
to remove legacy mbedtls_sha256() support and therefore reduce
footprint for the NS side.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Include `psa_crypto_ffdh.c` when compiling MbedTLS with PSA support, as
`MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY` references the included
functions.
Signed-off-by: Jordan Yates <jordan@embeint.com>
Do not enable hash algorithms except SHA-256 by default.
This unnecessarily inflates the final code size even if not all the
enabled hash algorithms are actually used.
SHA-256 is (for now) kept enabled by default because many configurations
across the code base assume that there is some hash algorithm
available without needing to enable it.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
When building with TF-M (CONFIG_BUILD_WITH_TFM),
force MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C
so that no NS code tries to act like the MbedTLS core
is built on this side.
This fixes compilation errors in (at least)
interface/src/tfm_crypto_api.c after the
update of MbedTLS to 3.6.0.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
With MbedTLS updated to 3.6.0 the RSA module does not
depend on PK anymore. However, it is now dependent on ASN1.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Add a Kconfig option for enabling `MBEDTLS_PLATFORM_ZEROIZE_ALT`, which
is required if the mbed backend already provides an implementation.
For example, the Nordic cryptocell precompiled backends.
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
Use TF-M PSA API headers when compiling with TF-M enabled.
Fixes: #43249
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
MbedTLS 3.5.0 requires a implementation of mbedtls_ms_time giving a
time in ms for TLS 1.3
Therefor adding an alternative implementation using zephyrs
k_uptime_get
Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
build_info.h of mbedtls includes the config file for mbedtls but
also includes check_config.h so its not needed to have it in the
config file
Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
rand32.h does not make much sense, since the random subsystem
provides more APIs than just getting a random 32 bits value.
Rename it to random.h and get consistently with other
subsystems.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Instead of detecting that we are in a native/POSIX arch based
board by checking for each board specifically,
let checks for the architecture.
In that way other boards (like the upcoming nrf53_bsim ones)
will also work.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
This commit instructs mbedtls to use 64-bit alignment in its internal
memory allocation routines when targeting 64-bit platforms. By default
mbedtls uses 32-bit alignment regardless the platform, what may result
in misaligned memory accesses, possibly inducing access time overhead or
exceptions
Signed-off-by: Vladimir Graudt <vladimir.graudt@syntacore.com>
Commit adds configuration for mesh with mbedtls PSA
to CI BabbleSim tests as well as emulation of
the Internal Trustable Storage(ITS) based on Zephyr's
settings to run in parallel environment.
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
Update trusted-firmware-m to 1.8.0, mbedtls to 3.4.0, and tf-m-tests to
1.8.0. Includes minor cmake changes due to file renames and such, as well
as adjusting the return type of a callback function that has changed since
the previous version of trusted-firmware-m.
Signed-off-by: David Brown <david.brown@linaro.org>
TFM redefines functions from mbed TLS's psa_crypto_slot_management.c,
therefore that file should not be included in build when TFM is enabled.
Otherwise, the linker reports an error about redefined functions like
psa_open_key() etc.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
After an update to mbed TLS 3.3.0, dependencies with
CONFIG_MBEDTLS_PSA_CRYPTO_C enabled got affected.
mbed TLS in its build_info.h file, enables MBEDTLS_PK_WRITE_C config
under the hood. MBEDTLS_PK_WRITE_C has a dependency to
MBEDTLS_ASN1_WRITE_C which wasn't reflected anywhere.
Therefore, update Kconfig.tls-generic to enable
CONFIG_MBEDTLS_PK_WRITE_C automatically, when PSA crypto is enabled, to
reflect mbed TLS configuration pattern. Additionally, enable
MBEDTLS_ASN1_WRITE_C automatically, when PK write is enabled.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add a kconfig symbol to control the mbedtls option
`MBEDTLS_AES_FEWER_TABLES`. 6KiB is a not insignificant ROM/RAM savings,
and the extra arthmetic is quite reasonable.
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
Update trusted-firmware-m to 1.8.0, mbedtls to 3.4.0, and tf-m-tests to
1.8.0. Includes minor cmake changes due to file renames and such, as well
as adjusting the return type of a callback function that has changed since
the previous version of trusted-firmware-m.
Signed-off-by: David Brown <david.brown@linaro.org>
SYS_INIT() requires pointer to function that takes `void` now, instead of
pointer to device structure. Since the commit was developed before that
switch, it still invoked it with NULL. Fix that now.
Fixes:
zephyr/modules/mbedtls/zephyr_init.c: In function 'mbedtls_init':
zephyr/modules/mbedtls/zephyr_init.c:108:16: error: too many arguments \
to function '_mbedtls_init'
108 | return _mbedtls_init(NULL);
| ^~~~~~~~~~~~~
zephyr/modules/mbedtls/zephyr_init.c:86:12: note: declared here
86 | static int _mbedtls_init(void)
|
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
Add a config flag to enable conditional mbebtls
initialization at startup, defaulting to enabled.
Also add a function, mbedtls_init(), that should be
called by platforms that wish to initialise mbedtls
at a time of their choosing.
Signed-off-by: Eugene Cohen <quic_egmc@quicinc.com>
Signed-off-by: Dave Aldridge <quic_daldridg@quicinc.com>
A mesh key type has been added to be able to choose the different
key representation for different security libraries.
The type as well as some functionality related to Mesh key
management has been added as a public API.
If tynicrypt is chosen then keys have representation
as 16 bytes array. If mbedTLS with PSA is used then keys are
the PSA key id. Raw value is not kept within BLE Mesh stack
for mbedTLS. Keys are imported into the security library
and key ids are gotten back. This refactoring has been done
for the network(including all derivated keys), application,
device, and session keys.
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
Previously, Zephyr's mbedtls module's cmake build created a single static
library, rather than the collection of libraries (mbedtls, mbedcrypto,
and mbedx509) that upstream mbedTLS cmake provides.
To give better control at link time to choose the required libraries to
link, this commit updates the Zephyr MbedTLS module to also define a
collection of libraries rather than a single static MbedTLS library.
One benefit of the three library approach is that if mbedTLS is used in
Zephyr in the the non-secure application in addition to TFM's PSA Crypto
API on the secure side with TF-M, PSA API calls on the non-secure side
will be redirected to the TFM PSA implementation, and the mbedcrypto
library will only be linked to the secure (TF-M) binary, with the mbedtls
and mbedx509 libraries linked against the non-secure (Zephyr) binary,
enabling TLS calls to PSA crypto to be redirected to mbedcrypto in the
secure partition and avoiding function duplication in the non-secure
binary.
Signed-off-by: Rajkumar Kanagaraj <rajkumar.kanagaraj@linaro.org>
Commit adds experimental support mbedtls psa as crypto
backend for ble mesh. It were run only on bsim tests.
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
