PSA crypto features not enabled when CONFIG_MBEDTLS_LEGACY_CRYPTO_C is enabled

When utilizing PSA crypto, enabling CONFIG_MBEDTLS_LEGACY_CRYPTO_C (such as by turning on OpenThread), the PSA crypto features such as native ITS storage are not functional.

Example prj.conf with working PSA:

CONFIG_NRF_SECURITY=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y

# Enable persistent storage APIs
CONFIG_MBEDTLS_PSA_CRYPTO_STORAGE_C=y
CONFIG_PSA_NATIVE_ITS=y

CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=8192
CONFIG_PSA_CRYPTO_DRIVER_OBERON=y
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=n
CONFIG_OBERON_BACKEND=y
CONFIG_CC3XX_BACKEND=n

CONFIG_PSA_WANT_ALG_CCM=n
CONFIG_PSA_WANT_ALG_GCM=y
CONFIG_PSA_WANT_ALG_CHACHA20_POLY1305=n
CONFIG_PSA_WANT_ALG_CMAC=n
CONFIG_PSA_WANT_ALG_RIPEMD160=n
CONFIG_PSA_WANT_ALG_MD5=n
CONFIG_PSA_WANT_ALG_ECB_NO_PADDING=n
CONFIG_PSA_WANT_ALG_CBC_NO_PADDING=y
CONFIG_PSA_WANT_ALG_CBC_PKCS7=y
CONFIG_PSA_WANT_ALG_CFB=n
CONFIG_PSA_WANT_ALG_CTR=n
CONFIG_PSA_WANT_ALG_OFB=n
CONFIG_PSA_WANT_ECC_SECP_K1_192=n
CONFIG_PSA_WANT_ECC_SECP_K1_256=y
CONFIG_PSA_WANT_ECC_SECP_R1_192=n
CONFIG_PSA_WANT_ECC_SECP_R1_224=n
CONFIG_PSA_WANT_ECC_SECP_R1_256=n
CONFIG_PSA_WANT_ECC_SECP_R1_384=n
CONFIG_PSA_WANT_ECC_SECP_R1_521=n
CONFIG_PSA_WANT_ALG_STREAM_CIPHER=n

# Force CBC to Oberon
CONFIG_PSA_CRYPTO_DRIVER_ALG_CBC_NO_PADDING_CC3XX=n
CONFIG_MBEDTLS_PSA_BUILTIN_ALG_ECDH=y

CONFIG_MBEDTLS_LEGACY_CRYPTO_C=n

This config generates build/modules/nrfxlib/nrfxlib/nrf_security/src/include/generated/nrf-config.h and build/modules/nrfxlib/nrfxlib/nrf_security/src/include/generated/nrf-config-user.h which have the PSA crypto features enabled.

Changing CONFIG_MBEDTLS_LEGACY_CRYPTO_C to y generates a build/modules/nrfxlib/nrfxlib/nrf_security/src/include/generated/nrf-config-user.h that is empty: 

/*
* Copyright (c) 2021 Nordic Semiconductor
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*
*/

/* This file is intentionally empty.*/

This prevents the PSA crypto features from functioning. 

Parents
  • Hi,

    I will look into this and return with more information tomorrow.

    Regards,
    Sigurd Hellesvik

  • If you enable CONFIG_MBEDTLS_LEGACY_CRYPTO_C, this will force a legacy configuration scheme.

    Therefore, it is expected that you may lose functionality in the PSA APIs.

    If you want to use the PSA APIs with OpenTread, see how this can be configured in our OpenThread CLI sample.

    Regards,
    Sigurd Hellesvik

  • Unfortunately, it appears the option to use OPENTHREAD_CRYPTO_PSA does not function with the Nordic pre-compiled Openthread libraries. I'll experiment with this with source-compiling OpenThread

  • After some experimentation, I was wable to get CONFIG_OPENTHREAD_CRYPTO_PSA working without CONFIG_MBEDTLS_LEGACY_CRYPTO_C, but it required patching nrfxlib, as several features are only enabled in the legacy config file template, and not when using just PSA.

    Additionally, one file (crypto/nrf_cc310_mbedcrypto/include/mbedtls/chachapoly_alt.h) is just broken, and has 2 extern "C" definitions (which break any other file that includes it)

    Can we get these changes put into a future version of NCS

    cat nrf_security_psa_storage_legacy.patch 
    diff --git a/crypto/nrf_cc310_mbedcrypto/include/mbedtls/chachapoly_alt.h b/crypto/nrf_cc310_mbedcrypto/include/mbedtls/chachapoly_alt.h
    index 8c288eb8..6046f17e 100644
    --- a/crypto/nrf_cc310_mbedcrypto/include/mbedtls/chachapoly_alt.h
    +++ b/crypto/nrf_cc310_mbedcrypto/include/mbedtls/chachapoly_alt.h
    @@ -31,10 +31,6 @@ typedef struct
     
     #endif
     
    -#ifdef __cplusplus
    -extern "C" {
    -#endif
    -
     #ifdef __cplusplus
     }
     #endif
    diff --git a/nrf_security/cmake/legacy_crypto_config.cmake b/nrf_security/cmake/legacy_crypto_config.cmake
    index d0d80644..2476a25c 100644
    --- a/nrf_security/cmake/legacy_crypto_config.cmake
    +++ b/nrf_security/cmake/legacy_crypto_config.cmake
    @@ -98,6 +98,7 @@ kconfig_check_and_set_base(MBEDTLS_PK_WRITE_C)
     kconfig_check_and_set_base(MBEDTLS_DEBUG_C)
     
     kconfig_check_and_set_base(MBEDTLS_PSA_CRYPTO_SPM)
    +kconfig_check_and_set_base(MBEDTLS_PSA_CRYPTO_STORAGE_C)
     
     # PSA is not to be enabled for SPM builds
     if (NOT CONFIG_SPM)
    diff --git a/nrf_security/cmake/psa_crypto_config.cmake b/nrf_security/cmake/psa_crypto_config.cmake
    index 3e0bb4e0..68831aa0 100644
    --- a/nrf_security/cmake/psa_crypto_config.cmake
    +++ b/nrf_security/cmake/psa_crypto_config.cmake
    @@ -278,6 +278,17 @@ kconfig_check_and_set_base_to_one(MBEDTLS_MD_C)
     kconfig_check_and_set_base_to_one(MBEDTLS_THREADING_C)
     kconfig_check_and_set_base_to_one(MBEDTLS_THREADING_ALT)
     
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECJPAKE_C)
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECJPAKE_ALT)
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
    +
     # Set the max curve bits for the PSA APIs without using MBEDTLS defines
     if (CONFIG_PSA_CRYPTO_DRIVER_ECC_SECP_R1_521_CC3XX)
       set(PSA_VENDOR_ECC_MAX_CURVE_BITS 521)
    diff --git a/nrf_security/configs/psa_crypto_config.h.template b/nrf_security/configs/psa_crypto_config.h.template
    index ad1b9a13..e3479715 100644
    --- a/nrf_security/configs/psa_crypto_config.h.template
    +++ b/nrf_security/configs/psa_crypto_config.h.template
    @@ -385,4 +385,28 @@
     #cmakedefine MBEDTLS_MPI_WINDOW_SIZE       @MBEDTLS_MPI_WINDOW_SIZE@ /**< Maximum window size used. */
     #cmakedefine MBEDTLS_MPI_MAX_SIZE          @MBEDTLS_MPI_MAX_SIZE@ /**< Maximum number of bytes for usable MPIs. */
     
    +/**
    + * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
    + *
    + * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
    + * module.  By default all supported curves are enabled.
    + *
    + * Comment macros to disable the curve and functions for it
    + */
    +/* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */
    +#cmakedefine MBEDTLS_ECP_DP_SECP192R1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_SECP224R1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_SECP256R1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_SECP384R1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_SECP521R1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_SECP192K1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_SECP224K1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_SECP256K1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_BP256R1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_BP384R1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_BP512R1_ENABLED
    +/* Montgomery curves (supporting ECP) */
    +#cmakedefine MBEDTLS_ECP_DP_CURVE25519_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_CURVE448_ENABLED
    +
     #endif /* PSA_CRYPTO_CONFIG_H */
    

  • Additionally, CONFIG_OPENTHREAD_CRYPTO_PSA now depends on BUILD_WITH_TFM, which is not possible with the nrf52840, as it doesn't have a secure / non-secure mode.

  • zcornelius said:
    After some experimentation, I was wable to get CONFIG_OPENTHREAD_CRYPTO_PSA working without CONFIG_MBEDTLS_LEGACY_CRYPTO_C, but it required patching nrfxlib, as several features are only enabled in the legacy config file template, and not when using just PSA.

    Sweet, good job!

    Thanks for all the bug reports! I will address them below:

    zcornelius said:
    After some experimentation, I was wable to get CONFIG_OPENTHREAD_CRYPTO_PSA working without CONFIG_MBEDTLS_LEGACY_CRYPTO_C, but it required patching nrfxlib, as several features are only enabled in the legacy config file template, and not when using just PSA.

    This one we already have tracked internally, but it is not fixed yet,

    zcornelius said:
    Additionally, CONFIG_OPENTHREAD_CRYPTO_PSA now depends on BUILD_WITH_TFM, which is not possible with the nrf52840, as it doesn't have a secure / non-secure mode.

    Sounds like a bug to me, so I have reported it.

    zcornelius said:
    After some experimentation, I was wable to get CONFIG_OPENTHREAD_CRYPTO_PSA working without CONFIG_MBEDTLS_LEGACY_CRYPTO_C, but it required patching nrfxlib, as several features are only enabled in the legacy config file template, and not when using just PSA.

    I have not reported this as a bug yet, but I have asked our developers about it, to see if there is a reason for these not to be included.

    Regards,
    Sigurd Hellesvik

  • Sigurd Hellesvik said:
    I have not reported this as a bug yet, but I have asked our developers about it, to see if there is a reason for these not to be included.

    Our developers have got this message, and they are looking into it.

    Thanks again for the detailed explanation of your fix, and good luck onwards.

    Regards,
    Sigurd Hellesvik

Reply Children
  • Hi Sigurd, I am trying to do AES GCM encryption on a nrf52840+7002 board. I am able to get wifi connected and send a HTTP request and get response, also encryption to work by itself, however, when I add the encryption to the wifi code, I would be getting psa_aead_encrypt failed with error code of -134. From what I've read here, it looks like an expected problem?
    I've attached my prj.conf here. Could you take a look at it and let me know if there's anyway I can make the PSA encryption work with wifi? I can also implement a GCM encryption myself, but it would be best if I can use nordic library here.

    #
    # Copyright (c) 2023 Craig Peacock.
    #
    # SPDX-License-Identifier: Apache-2.0
    #
    
    CONFIG_WIFI=y
    CONFIG_INIT_STACKS=y
    CONFIG_NET_L2_WIFI_MGMT=y
    
    CONFIG_NETWORKING=y
    CONFIG_NET_IPV4=y
    CONFIG_NET_IPV6=y
    CONFIG_NET_UDP=y
    CONFIG_NET_TCP=y
    CONFIG_DNS_RESOLVER=y
    CONFIG_DNS_RESOLVER_AI_MAX_ENTRIES=10
    
    CONFIG_NET_SOCKETS=y
    CONFIG_HTTP_CLIENT=y
    
    # Use DHCP for IPv4
    CONFIG_NET_DHCPV4=y
    
    # Or assign a static IP address (useful for testing)
    # Following line must be enabled, otherwise WiFi connection fails with -1.
    CONFIG_NET_CONFIG_SETTINGS=y
    #CONFIG_NET_CONFIG_NEED_IPV4=y
    #CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.168.0.12"
    #CONFIG_NET_CONFIG_MY_IPV4_GW="192.168.0.254"
    #CONFIG_NET_CONFIG_NEED_IPV6=y
    #CONFIG_NET_CONFIG_MY_IPV6_ADDR="fe80::100"
    
    # Enabling logging can be helpful for debugging
    #CONFIG_NET_LOG=y
    #CONFIG_WIFI_LOG_LEVEL_ERR=y
    #CONFIG_NET_IPV6_LOG_LEVEL_DBG=y
    
    CONFIG_NET_TX_STACK_SIZE=2048
    CONFIG_NET_RX_STACK_SIZE=2048
    
    CONFIG_NET_PKT_RX_COUNT=10
    CONFIG_NET_PKT_TX_COUNT=10
    
    CONFIG_NET_BUF_RX_COUNT=20
    CONFIG_NET_BUF_TX_COUNT=20
    
    CONFIG_NET_MAX_CONTEXTS=10
    
    # Added to prevent error with missing #include <ethernet/eth_stats.h> for esp_wifi_drv.c
    # Adding this line will cause CMAKE Warning: No SOURCES given to Zephyr library: drivers__ethernet
    # Just ignore.
    CONFIG_NET_L2_ETHERNET=y
    
    # Enable logging
    CONFIG_CONSOLE=y
    CONFIG_LOG=y
    CONFIG_USE_SEGGER_RTT=y
    CONFIG_RTT_CONSOLE=y
    
    # Fuck, I forgot to add 7002DK's code
    CONFIG_WIFI_NRF700X=y
    
    # Include WPA Supplement. Requires POSIX_API & NET_SOCKETS.
    CONFIG_WPA_SUPP=y
    CONFIG_POSIX_API=y
    CONFIG_NET_SOCKETS=y
    
    # Required to prevent error in \wifi\nrf700x\zephyr\src\shim.c:14:10: fatal error: sys/time.h: No such file or directory
    CONFIG_NEWLIB_LIBC=y
    CONFIG_NEWLIB_LIBC_NANO=n
    
    # Required to prevent undefined reference to `z_impl_sys_rand32_get'
    CONFIG_ENTROPY_GENERATOR=y
    CONFIG_TEST_RANDOM_GENERATOR=y
    
    CONFIG_HEAP_MEM_POOL_SIZE=153600
    CONFIG_MAIN_STACK_SIZE=4096
    CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=2048
    CONFIG_NET_TX_STACK_SIZE=4096
    CONFIG_NET_RX_STACK_SIZE=4096
    
    # AES not working...
    CONFIG_NRF_SECURITY=y
    CONFIG_MBEDTLS_PSA_CRYPTO_C=y
    # CONFIG_MBEDTLS_LEGACY_CRYPTO_C=y
    # CONFIG_BUILD_WITH_TFM=y
    # CONFIG_OPENTHREAD_CRYPTO_PSA=y
    
    CONFIG_MBEDTLS_ENABLE_HEAP=y
    CONFIG_MBEDTLS_HEAP_SIZE=8192
    
    CONFIG_SYS_CLOCK_TICKS_PER_SEC=1000

  • Hi Eric,

    Can you create a new ticket for your issue?

    And refer to this one in the new ticket

  • Hi Sigurd, thanks for getting back! I forgot where but in another post I noticed PSA's encryption library will not work with WPA_SUPP, which is crucial for our purposes, so I've decided to use the legacy MBEDTLS library to do the AES encryptions, so probably no need to creating a new ticket... thank you for the valuable information in this post though!
    -Eric

  • Hi Eric, 

    You might have seen the issue created by me here: https://devzone.nordicsemi.com/f/nordic-q-a/98977/psa_generate_key-failed-with-error--134

    I heard from Nordic team that they are working on resolving the PSA's encryption library work with WPA_SUPP, but not sure about a timeline. But my usecase also needed that but I had to use legacy MBEDTLS. Good decision. May be you can subscribe to my ticket so that you will have some news later. 

    Thanks 

    Vipin Das

Related