net: tcp: use PSA functions for ISN generation instead of legacy MbedTLS ones

modules/mbedtls/Kconfig

@@ -13,6 +13,7 @@ config MBEDTLS_PROMPTLESS
 	  mbed TLS menu prompt and instead handle the selection of MBEDTLS from
 	  dependent sub-configurations and thus prevent stuck symbol behavior.
 
+rsource "Kconfig.psa"
 
 menuconfig MBEDTLS
 	bool "mbed TLS Support" if !MBEDTLS_PROMPTLESS

modules/mbedtls/Kconfig.psa

@@ -0,0 +1,14 @@
+# Copyright (c) 2024 Nordic Semiconductor ASA
+# SPDX-License-Identifier: Apache-2.0
+
+config MBEDTLS_PSA_CRYPTO_CLIENT
+	bool
+	default y
+	depends on BUILD_WITH_TFM || MBEDTLS_PSA_CRYPTO_C
+
+if MBEDTLS_PSA_CRYPTO_CLIENT
+
+config PSA_WANT_ALG_SHA_256
+	bool "SHA-256 hash algorithm through PSA"
+
+endif # MBEDTLS_PSA_CRYPTO_CLIENT

modules/mbedtls/Kconfig.tls-generic

@@ -460,12 +460,38 @@ config MBEDTLS_SSL_EXTENDED_MASTER_SECRET
 	  which ensures that master secrets are different for every
 	  connection and every session.
 
+choice MBEDTLS_PSA_CRYPTO_RND_SOURCE
+	prompt "Select random source for built-in PSA crypto"
+	default MBEDTLS_PSA_CRYPTO_LEGACY_RNG
+
+config MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
+	bool "Use a cryptographically secure driver as random source"
+	depends on CSPRNG_ENABLED
+	help
+	  Use cryptographically secure random generator to provide random data
+	  instead of legacy MbedTLS modules (ENTROPY + CTR_DRBG/HMAC_DRBG).
+
+config MBEDTLS_PSA_CRYPTO_LEGACY_RNG
+	bool "Use legacy modules to generate random data"
+	select MBEDTLS_ENTROPY_ENABLED
+	select MBEDTLS_CTR_DRBG_ENABLED if !MBEDTLS_HMAC_DRBG_ENABLED
+	help
+	  Use legacy MbedTLS modules (ENTROPY + CTR_DRBG/HMAC_DRBG) as random
+	  source generators.
+
+endchoice
+
 config MBEDTLS_PSA_CRYPTO_C
 	bool "Platform Security Architecture cryptography API"
-	depends on MBEDTLS_ENTROPY_ENABLED
-	depends on MBEDTLS_CTR_DRBG_ENABLED || MBEDTLS_HMAC_DRBG_ENABLED
+	depends on MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG || MBEDTLS_PSA_CRYPTO_LEGACY_RNG
 	default y if UOSCORE || UEDHOC
 
+config MBEDTLS_USE_PSA_CRYPTO
+	bool "Use PSA APIs instead of legacy MbedTLS when possible"
+	help
+	  Use PSA APIs instead of legacy MbedTLS functions in TLS/DTLS and other
+	  "intermediate" modules such as PK, MD and Cipher.
+
 config MBEDTLS_LMS
 	bool "Support LMS signature schemes"
 	depends on MBEDTLS_PSA_CRYPTO_C

modules/mbedtls/configs/config-tls-generic.h

@@ -468,11 +468,18 @@
 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
 #endif
 
+#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
+#endif
+
 #if defined(CONFIG_MBEDTLS_PSA_CRYPTO_C)
 #define MBEDTLS_PSA_CRYPTO_C
+
+#if defined(CONFIG_MBEDTLS_USE_PSA_CRYPTO)
 #define MBEDTLS_USE_PSA_CRYPTO
+#endif
 
-#if defined(CONFIG_ARCH_POSIX)
+#if defined(CONFIG_ARCH_POSIX) && !defined(CONFIG_PICOLIBC)
 #define MBEDTLS_PSA_KEY_SLOT_COUNT     64
 #define MBEDTLS_PSA_CRYPTO_STORAGE_C
 #define MBEDTLS_PSA_ITS_FILE_C
@@ -496,8 +503,15 @@
 #endif
 
 #if defined(CONFIG_BUILD_WITH_TFM)
-#define MBEDTLS_PSA_CRYPTO_CLIENT
 #undef MBEDTLS_PSA_CRYPTO_C
 #endif /* CONFIG_BUILD_WITH_TFM */
 
+#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT)
+#define MBEDTLS_PSA_CRYPTO_CLIENT
+#endif
+
+#if defined(CONFIG_PSA_WANT_ALG_SHA_256)
+#define PSA_WANT_ALG_SHA_256 1
+#endif
+
 #endif /* MBEDTLS_CONFIG_H */

modules/mbedtls/zephyr_init.c

@@ -115,3 +115,26 @@ mbedtls_ms_time_t mbedtls_ms_time(void)
 {
 	return (mbedtls_ms_time_t)k_uptime_get();
 }
+
+#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+/* MBEDTLS_PSA_CRYPTO_C requires a random generator to work and this can
+ * be achieved through either legacy MbedTLS modules
+ * (ENTROPY + CTR_DRBG/HMAC_DRBG) or provided externally by enabling the
+ * CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. In the latter case the following
+ * callback functions needs to be defined.
+ */
+psa_status_t mbedtls_psa_external_get_random(
+	mbedtls_psa_external_random_context_t *context,
+	uint8_t *output, size_t output_size, size_t *output_length)
+{
+	(void) context;
+
+	if (sys_csrand_get(output, output_size) != 0) {
+		return PSA_ERROR_GENERIC_ERROR;
+	}
+
+	*output_length = output_size;
+
+	return PSA_SUCCESS;
+}
+#endif

samples/tfm_integration/psa_crypto/prj.conf

@@ -29,6 +29,7 @@ CONFIG_MBEDTLS_USER_CONFIG_ENABLE=y
 CONFIG_MBEDTLS_USER_CONFIG_FILE="user-tls-conf.h"
 
 CONFIG_MBEDTLS_PSA_CRYPTO_C=y
+CONFIG_MBEDTLS_USE_PSA_CRYPTO=y
 CONFIG_MBEDTLS_ENTROPY_ENABLED=y
 CONFIG_MBEDTLS_ECP_C=y
 CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y

subsys/bluetooth/mesh/Kconfig

@@ -1349,6 +1349,7 @@ config BT_MESH_USES_MBEDTLS_PSA
 	select MBEDTLS
 	select MBEDTLS_ZEPHYR_ENTROPY
 	select MBEDTLS_PSA_CRYPTO_C
+	select MBEDTLS_USE_PSA_CRYPTO
 	select MBEDTLS_MAC_CMAC_ENABLED
 	select MBEDTLS_CIPHER_AES_ENABLED
 	select MBEDTLS_AES_ROM_TABLES

subsys/net/ip/Kconfig.tcp

@@ -229,9 +229,7 @@ config NET_TCP_ISN_RFC6528
 	bool "Use ISN algorithm from RFC 6528"
 	default y
 	depends on NET_TCP
-	select MBEDTLS
-	select MBEDTLS_MD
-	select MBEDTLS_MAC_MD5_ENABLED
+	depends on PSA_WANT_ALG_SHA_256
 	help
 	  Implement Initial Sequence Number calculation as described in
 	  RFC 6528 chapter 3. https://tools.ietf.org/html/rfc6528

subsys/net/ip/tcp.c

@@ -14,7 +14,7 @@ LOG_MODULE_REGISTER(net_tcp, CONFIG_NET_TCP_LOG_LEVEL);
 #include <zephyr/random/random.h>
 
 #if defined(CONFIG_NET_TCP_ISN_RFC6528)
-#include <mbedtls/md5.h>
+#include <psa/crypto.h>
 #endif
 #include <zephyr/net/net_pkt.h>
 #include <zephyr/net/net_context.h>
@@ -2291,14 +2291,17 @@ static uint32_t tcpv6_init_isn(struct in6_addr *saddr,
 	static bool once;
 
 	if (!once) {
-		sys_rand_get(unique_key, sizeof(unique_key));
+		sys_csrand_get(unique_key, sizeof(unique_key));
 		once = true;
 	}
 
 	memcpy(buf.key, unique_key, sizeof(buf.key));
 
 #if defined(CONFIG_NET_TCP_ISN_RFC6528)
-	mbedtls_md5((const unsigned char *)&buf, sizeof(buf), hash);
+	size_t hash_len;
+
+	psa_hash_compute(PSA_ALG_SHA_256, (const unsigned char *)&buf, sizeof(buf),
+			 hash, sizeof(hash), &hash_len);
 #endif
 
 	return seq_scale(UNALIGNED_GET((uint32_t *)&hash[0]));
@@ -2326,14 +2329,17 @@ static uint32_t tcpv4_init_isn(struct in_addr *saddr,
 	static bool once;
 
 	if (!once) {
-		sys_rand_get(unique_key, sizeof(unique_key));
+		sys_csrand_get(unique_key, sizeof(unique_key));
 		once = true;
 	}
 
 	memcpy(buf.key, unique_key, sizeof(unique_key));
 
 #if defined(CONFIG_NET_TCP_ISN_RFC6528)
-	mbedtls_md5((const unsigned char *)&buf, sizeof(buf), hash);
+	size_t hash_len;
+
+	psa_hash_compute(PSA_ALG_SHA_256, (const unsigned char *)&buf, sizeof(buf),
+			 hash, sizeof(hash), &hash_len);
 #endif
 
 	return seq_scale(UNALIGNED_GET((uint32_t *)&hash[0]));

tests/crypto/mbedtls/prj.conf

@@ -4,5 +4,9 @@ CONFIG_MBEDTLS_BUILTIN=y
 CONFIG_MBEDTLS_TEST=y
 CONFIG_ZTEST=y
 CONFIG_TEST_USERSPACE=y
+CONFIG_MINIMAL_LIBC=y
 CONFIG_MINIMAL_LIBC_NON_REENTRANT_FUNCTIONS=y
 CONFIG_MINIMAL_LIBC_RAND=y
+CONFIG_ENTROPY_GENERATOR=y
+CONFIG_MBEDTLS_ZEPHYR_ENTROPY=y
+CONFIG_TEST_RANDOM_GENERATOR=y