From cce3976ae09de2f4898831b391571b71702a4998 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 22 Apr 2024 16:51:01 +0200 Subject: [PATCH 1/7] net: tcp: use CS random generators to generate ISN Use only cryptographically secure random number generators for ISN. Signed-off-by: Valerio Setti --- subsys/net/ip/tcp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/subsys/net/ip/tcp.c b/subsys/net/ip/tcp.c index 8e5f7abf652223..3fedc2563504fa 100644 --- a/subsys/net/ip/tcp.c +++ b/subsys/net/ip/tcp.c @@ -2291,7 +2291,7 @@ static uint32_t tcpv6_init_isn(struct in6_addr *saddr, static bool once; if (!once) { - sys_rand_get(unique_key, sizeof(unique_key)); + sys_csrand_get(unique_key, sizeof(unique_key)); once = true; } @@ -2326,7 +2326,7 @@ static uint32_t tcpv4_init_isn(struct in_addr *saddr, static bool once; if (!once) { - sys_rand_get(unique_key, sizeof(unique_key)); + sys_csrand_get(unique_key, sizeof(unique_key)); once = true; } From e6b68b15751933bb4997afd515f9f8acad3f2f58 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 24 Apr 2024 16:22:31 +0200 Subject: [PATCH 2/7] mbedtls: add option to use CSPRNG as random source for PSA_CRYPTO_C Add a choice to select between legacy modules (i.e. ENTROPY + CTR_DRBG/HMAC_DRBG) and CSPRNG as random generators for PSA_CRYPTO_C. Signed-off-by: Valerio Setti --- modules/mbedtls/Kconfig.tls-generic | 24 ++++++++++++++++++-- modules/mbedtls/configs/config-tls-generic.h | 4 ++++ modules/mbedtls/zephyr_init.c | 23 +++++++++++++++++++ 3 files changed, 49 insertions(+), 2 deletions(-) diff --git a/modules/mbedtls/Kconfig.tls-generic b/modules/mbedtls/Kconfig.tls-generic index d75abd64be2f00..b55111a5599c73 100644 --- a/modules/mbedtls/Kconfig.tls-generic +++ b/modules/mbedtls/Kconfig.tls-generic @@ -460,10 +460,30 @@ config MBEDTLS_SSL_EXTENDED_MASTER_SECRET which ensures that master secrets are different for every connection and every session. +choice MBEDTLS_PSA_CRYPTO_RND_SOURCE + prompt "Select random source for built-in PSA crypto" + default MBEDTLS_PSA_CRYPTO_LEGACY_RNG + +config MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG + bool "Use a cryptographically secure driver as random source" + depends on CSPRNG_ENABLED + help + Use cryptographically secure random generator to provide random data + instead of legacy MbedTLS modules (ENTROPY + CTR_DRBG/HMAC_DRBG). + +config MBEDTLS_PSA_CRYPTO_LEGACY_RNG + bool "Use legacy modules to generate random data" + select MBEDTLS_ENTROPY_ENABLED + select MBEDTLS_CTR_DRBG_ENABLED if !MBEDTLS_HMAC_DRBG_ENABLED + help + Use legacy MbedTLS modules (ENTROPY + CTR_DRBG/HMAC_DRBG) as random + source generators. + +endchoice + config MBEDTLS_PSA_CRYPTO_C bool "Platform Security Architecture cryptography API" - depends on MBEDTLS_ENTROPY_ENABLED - depends on MBEDTLS_CTR_DRBG_ENABLED || MBEDTLS_HMAC_DRBG_ENABLED + depends on MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG || MBEDTLS_PSA_CRYPTO_LEGACY_RNG default y if UOSCORE || UEDHOC config MBEDTLS_LMS diff --git a/modules/mbedtls/configs/config-tls-generic.h b/modules/mbedtls/configs/config-tls-generic.h index 18be5b4119ebb1..c6582068dc6e4c 100644 --- a/modules/mbedtls/configs/config-tls-generic.h +++ b/modules/mbedtls/configs/config-tls-generic.h @@ -468,6 +468,10 @@ #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET #endif +#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) +#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG +#endif + #if defined(CONFIG_MBEDTLS_PSA_CRYPTO_C) #define MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_USE_PSA_CRYPTO diff --git a/modules/mbedtls/zephyr_init.c b/modules/mbedtls/zephyr_init.c index 28a6a40fdc5451..78602e497e3899 100644 --- a/modules/mbedtls/zephyr_init.c +++ b/modules/mbedtls/zephyr_init.c @@ -115,3 +115,26 @@ mbedtls_ms_time_t mbedtls_ms_time(void) { return (mbedtls_ms_time_t)k_uptime_get(); } + +#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) +/* MBEDTLS_PSA_CRYPTO_C requires a random generator to work and this can + * be achieved through either legacy MbedTLS modules + * (ENTROPY + CTR_DRBG/HMAC_DRBG) or provided externally by enabling the + * CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. In the latter case the following + * callback functions needs to be defined. + */ +psa_status_t mbedtls_psa_external_get_random( + mbedtls_psa_external_random_context_t *context, + uint8_t *output, size_t output_size, size_t *output_length) +{ + (void) context; + + if (sys_csrand_get(output, output_size) != 0) { + return PSA_ERROR_GENERIC_ERROR; + } + + *output_length = output_size; + + return PSA_SUCCESS; +} +#endif From ccfb4358ae8c1fe68311085c91b227d984b88f3d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 22 Apr 2024 11:57:08 +0200 Subject: [PATCH 3/7] mbedtls: add Kconfig option for PSA_WANT_ALG_SHA_256 Create a new Kconfig named CONFIG_PSA_WANT_ALG_SHA_256 which allows to enable PSA_WANT_ALG_SHA_256. This allows to use PSA functions to compute SHA256 hashes. When PSA is provided by TFM this allows also to remove legacy mbedtls_sha256() support and therefore reduce footprint for the NS side. Signed-off-by: Valerio Setti --- modules/mbedtls/Kconfig | 1 + modules/mbedtls/Kconfig.psa | 14 ++++++++++++++ modules/mbedtls/configs/config-tls-generic.h | 9 ++++++++- 3 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 modules/mbedtls/Kconfig.psa diff --git a/modules/mbedtls/Kconfig b/modules/mbedtls/Kconfig index daaee438a38c77..dab5ef4215d995 100644 --- a/modules/mbedtls/Kconfig +++ b/modules/mbedtls/Kconfig @@ -13,6 +13,7 @@ config MBEDTLS_PROMPTLESS mbed TLS menu prompt and instead handle the selection of MBEDTLS from dependent sub-configurations and thus prevent stuck symbol behavior. +rsource "Kconfig.psa" menuconfig MBEDTLS bool "mbed TLS Support" if !MBEDTLS_PROMPTLESS diff --git a/modules/mbedtls/Kconfig.psa b/modules/mbedtls/Kconfig.psa new file mode 100644 index 00000000000000..35200a9d2f4f2a --- /dev/null +++ b/modules/mbedtls/Kconfig.psa @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Nordic Semiconductor ASA +# SPDX-License-Identifier: Apache-2.0 + +config MBEDTLS_PSA_CRYPTO_CLIENT + bool + default y + depends on BUILD_WITH_TFM || MBEDTLS_PSA_CRYPTO_C + +if MBEDTLS_PSA_CRYPTO_CLIENT + +config PSA_WANT_ALG_SHA_256 + bool "SHA-256 hash algorithm through PSA" + +endif # MBEDTLS_PSA_CRYPTO_CLIENT diff --git a/modules/mbedtls/configs/config-tls-generic.h b/modules/mbedtls/configs/config-tls-generic.h index c6582068dc6e4c..6febce2c60db01 100644 --- a/modules/mbedtls/configs/config-tls-generic.h +++ b/modules/mbedtls/configs/config-tls-generic.h @@ -500,8 +500,15 @@ #endif #if defined(CONFIG_BUILD_WITH_TFM) -#define MBEDTLS_PSA_CRYPTO_CLIENT #undef MBEDTLS_PSA_CRYPTO_C #endif /* CONFIG_BUILD_WITH_TFM */ +#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT) +#define MBEDTLS_PSA_CRYPTO_CLIENT +#endif + +#if defined(CONFIG_PSA_WANT_ALG_SHA_256) +#define PSA_WANT_ALG_SHA_256 1 +#endif + #endif /* MBEDTLS_CONFIG_H */ From b7b92ff265fd66323e341268435d4b2df18668d3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 22 Apr 2024 11:57:48 +0200 Subject: [PATCH 4/7] net: tcp: use PSA for SHA256 when BUILD_WITH_TFM When BUILD_WITH_TFM is enabled we can dispatch hash computation to TFM. This allows to remove the built-in support of SHA256 from the non-secure side (if it's not used for any other purpose, of course). Signed-off-by: Valerio Setti --- subsys/net/ip/Kconfig.tcp | 4 +--- subsys/net/ip/tcp.c | 12 +++++++++--- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/subsys/net/ip/Kconfig.tcp b/subsys/net/ip/Kconfig.tcp index e7d45f46c7a6c0..9df87e31b60997 100644 --- a/subsys/net/ip/Kconfig.tcp +++ b/subsys/net/ip/Kconfig.tcp @@ -229,9 +229,7 @@ config NET_TCP_ISN_RFC6528 bool "Use ISN algorithm from RFC 6528" default y depends on NET_TCP - select MBEDTLS - select MBEDTLS_MD - select MBEDTLS_MAC_MD5_ENABLED + depends on PSA_WANT_ALG_SHA_256 help Implement Initial Sequence Number calculation as described in RFC 6528 chapter 3. https://tools.ietf.org/html/rfc6528 diff --git a/subsys/net/ip/tcp.c b/subsys/net/ip/tcp.c index 3fedc2563504fa..0c747449f85ec7 100644 --- a/subsys/net/ip/tcp.c +++ b/subsys/net/ip/tcp.c @@ -14,7 +14,7 @@ LOG_MODULE_REGISTER(net_tcp, CONFIG_NET_TCP_LOG_LEVEL); #include #if defined(CONFIG_NET_TCP_ISN_RFC6528) -#include +#include #endif #include #include @@ -2298,7 +2298,10 @@ static uint32_t tcpv6_init_isn(struct in6_addr *saddr, memcpy(buf.key, unique_key, sizeof(buf.key)); #if defined(CONFIG_NET_TCP_ISN_RFC6528) - mbedtls_md5((const unsigned char *)&buf, sizeof(buf), hash); + size_t hash_len; + + psa_hash_compute(PSA_ALG_SHA_256, (const unsigned char *)&buf, sizeof(buf), + hash, sizeof(hash), &hash_len); #endif return seq_scale(UNALIGNED_GET((uint32_t *)&hash[0])); @@ -2333,7 +2336,10 @@ static uint32_t tcpv4_init_isn(struct in_addr *saddr, memcpy(buf.key, unique_key, sizeof(unique_key)); #if defined(CONFIG_NET_TCP_ISN_RFC6528) - mbedtls_md5((const unsigned char *)&buf, sizeof(buf), hash); + size_t hash_len; + + psa_hash_compute(PSA_ALG_SHA_256, (const unsigned char *)&buf, sizeof(buf), + hash, sizeof(hash), &hash_len); #endif return seq_scale(UNALIGNED_GET((uint32_t *)&hash[0])); From 57a1ec31d3b63d1f3285b4893133112c7d0c9d28 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 30 Apr 2024 16:14:23 +0200 Subject: [PATCH 5/7] tests: mbedtls: add missing CONFIGS CONFIG_MINIMAL_LIBC was required for: - CONFIG_MINIMAL_LIBC_NON_REENTRANT_FUNCTIONS - CONFIG_MINIMAL_LIBC_RAND while CONFIG_ENTROPY_GENERATOR and CONFIG_MBEDTLS_ZEPHYR_ENTROPY are required for CRYPTO_C. Signed-off-by: Valerio Setti --- tests/crypto/mbedtls/prj.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/crypto/mbedtls/prj.conf b/tests/crypto/mbedtls/prj.conf index 9b6af503e038e9..dd5e629e16a400 100644 --- a/tests/crypto/mbedtls/prj.conf +++ b/tests/crypto/mbedtls/prj.conf @@ -4,5 +4,9 @@ CONFIG_MBEDTLS_BUILTIN=y CONFIG_MBEDTLS_TEST=y CONFIG_ZTEST=y CONFIG_TEST_USERSPACE=y +CONFIG_MINIMAL_LIBC=y CONFIG_MINIMAL_LIBC_NON_REENTRANT_FUNCTIONS=y CONFIG_MINIMAL_LIBC_RAND=y +CONFIG_ENTROPY_GENERATOR=y +CONFIG_MBEDTLS_ZEPHYR_ENTROPY=y +CONFIG_TEST_RANDOM_GENERATOR=y From 6addad982f55cbaf90572edc98254d06caa48225 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 2 May 2024 12:56:12 +0200 Subject: [PATCH 6/7] mbedtls: do not include PSA ITS when using PICOLIBC PICOLIBC misses the dirent.h header which is required to emulate ITS (internal trusted storage) in PSA APIs. Signed-off-by: Valerio Setti --- modules/mbedtls/configs/config-tls-generic.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/mbedtls/configs/config-tls-generic.h b/modules/mbedtls/configs/config-tls-generic.h index 6febce2c60db01..383ab44f18b040 100644 --- a/modules/mbedtls/configs/config-tls-generic.h +++ b/modules/mbedtls/configs/config-tls-generic.h @@ -476,7 +476,7 @@ #define MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_USE_PSA_CRYPTO -#if defined(CONFIG_ARCH_POSIX) +#if defined(CONFIG_ARCH_POSIX) && !defined(CONFIG_PICOLIBC) #define MBEDTLS_PSA_KEY_SLOT_COUNT 64 #define MBEDTLS_PSA_CRYPTO_STORAGE_C #define MBEDTLS_PSA_ITS_FILE_C From 1608b897d4e0158f3c984b0425a2cd1dd74cdd58 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 2 May 2024 15:54:56 +0200 Subject: [PATCH 7/7] mbedtls: add specific Kconfig option for MBEDTLS_USE_PSA_CRYPTO MBEDTLS_PSA_CRYPTO_C and MBEDTLS_USE_PSA_CRYPTO are 2 different things and the former should not automatically enable the latter. The reson is that the user might want the MbedTLS PSA crypto toolbox to be built, but at the same time he/she does not want TLS/DTLS (and other intermediate modules such as PK, MD and Cipher) to use PSA APIs. For this reason this commit introduces a new Kconfig option named CONFIG_MBEDTLS_USE_PSA_CRYPTO to enable the corresponding build symbol. By default USE_PSA_CRYPTO is disabled. It is only explicilty enabled in tests/samples that were previously setting CRYPTO_C (since in those cases USE_PSA was set). Signed-off-by: Valerio Setti --- modules/mbedtls/Kconfig.tls-generic | 6 ++++++ modules/mbedtls/configs/config-tls-generic.h | 3 +++ samples/tfm_integration/psa_crypto/prj.conf | 1 + subsys/bluetooth/mesh/Kconfig | 1 + 4 files changed, 11 insertions(+) diff --git a/modules/mbedtls/Kconfig.tls-generic b/modules/mbedtls/Kconfig.tls-generic index b55111a5599c73..5087213bb27ecf 100644 --- a/modules/mbedtls/Kconfig.tls-generic +++ b/modules/mbedtls/Kconfig.tls-generic @@ -486,6 +486,12 @@ config MBEDTLS_PSA_CRYPTO_C depends on MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG || MBEDTLS_PSA_CRYPTO_LEGACY_RNG default y if UOSCORE || UEDHOC +config MBEDTLS_USE_PSA_CRYPTO + bool "Use PSA APIs instead of legacy MbedTLS when possible" + help + Use PSA APIs instead of legacy MbedTLS functions in TLS/DTLS and other + "intermediate" modules such as PK, MD and Cipher. + config MBEDTLS_LMS bool "Support LMS signature schemes" depends on MBEDTLS_PSA_CRYPTO_C diff --git a/modules/mbedtls/configs/config-tls-generic.h b/modules/mbedtls/configs/config-tls-generic.h index 383ab44f18b040..92ab1f66edb76c 100644 --- a/modules/mbedtls/configs/config-tls-generic.h +++ b/modules/mbedtls/configs/config-tls-generic.h @@ -474,7 +474,10 @@ #if defined(CONFIG_MBEDTLS_PSA_CRYPTO_C) #define MBEDTLS_PSA_CRYPTO_C + +#if defined(CONFIG_MBEDTLS_USE_PSA_CRYPTO) #define MBEDTLS_USE_PSA_CRYPTO +#endif #if defined(CONFIG_ARCH_POSIX) && !defined(CONFIG_PICOLIBC) #define MBEDTLS_PSA_KEY_SLOT_COUNT 64 diff --git a/samples/tfm_integration/psa_crypto/prj.conf b/samples/tfm_integration/psa_crypto/prj.conf index a7ac8db8f2e149..f308a5aefaf5b7 100644 --- a/samples/tfm_integration/psa_crypto/prj.conf +++ b/samples/tfm_integration/psa_crypto/prj.conf @@ -29,6 +29,7 @@ CONFIG_MBEDTLS_USER_CONFIG_ENABLE=y CONFIG_MBEDTLS_USER_CONFIG_FILE="user-tls-conf.h" CONFIG_MBEDTLS_PSA_CRYPTO_C=y +CONFIG_MBEDTLS_USE_PSA_CRYPTO=y CONFIG_MBEDTLS_ENTROPY_ENABLED=y CONFIG_MBEDTLS_ECP_C=y CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y diff --git a/subsys/bluetooth/mesh/Kconfig b/subsys/bluetooth/mesh/Kconfig index 88fccf0961cf55..74e377569b3386 100644 --- a/subsys/bluetooth/mesh/Kconfig +++ b/subsys/bluetooth/mesh/Kconfig @@ -1349,6 +1349,7 @@ config BT_MESH_USES_MBEDTLS_PSA select MBEDTLS select MBEDTLS_ZEPHYR_ENTROPY select MBEDTLS_PSA_CRYPTO_C + select MBEDTLS_USE_PSA_CRYPTO select MBEDTLS_MAC_CMAC_ENABLED select MBEDTLS_CIPHER_AES_ENABLED select MBEDTLS_AES_ROM_TABLES