PSA crypto features not enabled when CONFIG_MBEDTLS_LEGACY_CRYPTO_C is enabled

When utilizing PSA crypto, enabling CONFIG_MBEDTLS_LEGACY_CRYPTO_C (such as by turning on OpenThread), the PSA crypto features such as native ITS storage are not functional.

Example prj.conf with working PSA:

CONFIG_NRF_SECURITY=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y

# Enable persistent storage APIs
CONFIG_MBEDTLS_PSA_CRYPTO_STORAGE_C=y
CONFIG_PSA_NATIVE_ITS=y

CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=8192
CONFIG_PSA_CRYPTO_DRIVER_OBERON=y
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=n
CONFIG_OBERON_BACKEND=y
CONFIG_CC3XX_BACKEND=n

CONFIG_PSA_WANT_ALG_CCM=n
CONFIG_PSA_WANT_ALG_GCM=y
CONFIG_PSA_WANT_ALG_CHACHA20_POLY1305=n
CONFIG_PSA_WANT_ALG_CMAC=n
CONFIG_PSA_WANT_ALG_RIPEMD160=n
CONFIG_PSA_WANT_ALG_MD5=n
CONFIG_PSA_WANT_ALG_ECB_NO_PADDING=n
CONFIG_PSA_WANT_ALG_CBC_NO_PADDING=y
CONFIG_PSA_WANT_ALG_CBC_PKCS7=y
CONFIG_PSA_WANT_ALG_CFB=n
CONFIG_PSA_WANT_ALG_CTR=n
CONFIG_PSA_WANT_ALG_OFB=n
CONFIG_PSA_WANT_ECC_SECP_K1_192=n
CONFIG_PSA_WANT_ECC_SECP_K1_256=y
CONFIG_PSA_WANT_ECC_SECP_R1_192=n
CONFIG_PSA_WANT_ECC_SECP_R1_224=n
CONFIG_PSA_WANT_ECC_SECP_R1_256=n
CONFIG_PSA_WANT_ECC_SECP_R1_384=n
CONFIG_PSA_WANT_ECC_SECP_R1_521=n
CONFIG_PSA_WANT_ALG_STREAM_CIPHER=n

# Force CBC to Oberon
CONFIG_PSA_CRYPTO_DRIVER_ALG_CBC_NO_PADDING_CC3XX=n
CONFIG_MBEDTLS_PSA_BUILTIN_ALG_ECDH=y

CONFIG_MBEDTLS_LEGACY_CRYPTO_C=n

This config generates build/modules/nrfxlib/nrfxlib/nrf_security/src/include/generated/nrf-config.h and build/modules/nrfxlib/nrfxlib/nrf_security/src/include/generated/nrf-config-user.h which have the PSA crypto features enabled.

Changing CONFIG_MBEDTLS_LEGACY_CRYPTO_C to y generates a build/modules/nrfxlib/nrfxlib/nrf_security/src/include/generated/nrf-config-user.h that is empty: 

/*
* Copyright (c) 2021 Nordic Semiconductor
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*
*/

/* This file is intentionally empty.*/

This prevents the PSA crypto features from functioning. 

  • Hi,

    I will look into this and return with more information tomorrow.

    Regards,
    Sigurd Hellesvik

  • If you enable CONFIG_MBEDTLS_LEGACY_CRYPTO_C, this will force a legacy configuration scheme.

    Therefore, it is expected that you may lose functionality in the PSA APIs.

    If you want to use the PSA APIs with OpenTread, see how this can be configured in our OpenThread CLI sample.

    Regards,
    Sigurd Hellesvik

  • Unfortunately, it appears the option to use OPENTHREAD_CRYPTO_PSA does not function with the Nordic pre-compiled Openthread libraries. I'll experiment with this with source-compiling OpenThread

  • After some experimentation, I was wable to get CONFIG_OPENTHREAD_CRYPTO_PSA working without CONFIG_MBEDTLS_LEGACY_CRYPTO_C, but it required patching nrfxlib, as several features are only enabled in the legacy config file template, and not when using just PSA.

    Additionally, one file (crypto/nrf_cc310_mbedcrypto/include/mbedtls/chachapoly_alt.h) is just broken, and has 2 extern "C" definitions (which break any other file that includes it)

    Can we get these changes put into a future version of NCS

    cat nrf_security_psa_storage_legacy.patch 
    diff --git a/crypto/nrf_cc310_mbedcrypto/include/mbedtls/chachapoly_alt.h b/crypto/nrf_cc310_mbedcrypto/include/mbedtls/chachapoly_alt.h
    index 8c288eb8..6046f17e 100644
    --- a/crypto/nrf_cc310_mbedcrypto/include/mbedtls/chachapoly_alt.h
    +++ b/crypto/nrf_cc310_mbedcrypto/include/mbedtls/chachapoly_alt.h
    @@ -31,10 +31,6 @@ typedef struct
     
     #endif
     
    -#ifdef __cplusplus
    -extern "C" {
    -#endif
    -
     #ifdef __cplusplus
     }
     #endif
    diff --git a/nrf_security/cmake/legacy_crypto_config.cmake b/nrf_security/cmake/legacy_crypto_config.cmake
    index d0d80644..2476a25c 100644
    --- a/nrf_security/cmake/legacy_crypto_config.cmake
    +++ b/nrf_security/cmake/legacy_crypto_config.cmake
    @@ -98,6 +98,7 @@ kconfig_check_and_set_base(MBEDTLS_PK_WRITE_C)
     kconfig_check_and_set_base(MBEDTLS_DEBUG_C)
     
     kconfig_check_and_set_base(MBEDTLS_PSA_CRYPTO_SPM)
    +kconfig_check_and_set_base(MBEDTLS_PSA_CRYPTO_STORAGE_C)
     
     # PSA is not to be enabled for SPM builds
     if (NOT CONFIG_SPM)
    diff --git a/nrf_security/cmake/psa_crypto_config.cmake b/nrf_security/cmake/psa_crypto_config.cmake
    index 3e0bb4e0..68831aa0 100644
    --- a/nrf_security/cmake/psa_crypto_config.cmake
    +++ b/nrf_security/cmake/psa_crypto_config.cmake
    @@ -278,6 +278,17 @@ kconfig_check_and_set_base_to_one(MBEDTLS_MD_C)
     kconfig_check_and_set_base_to_one(MBEDTLS_THREADING_C)
     kconfig_check_and_set_base_to_one(MBEDTLS_THREADING_ALT)
     
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECJPAKE_C)
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECJPAKE_ALT)
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
    +kconfig_check_and_set_base_to_one(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
    +
     # Set the max curve bits for the PSA APIs without using MBEDTLS defines
     if (CONFIG_PSA_CRYPTO_DRIVER_ECC_SECP_R1_521_CC3XX)
       set(PSA_VENDOR_ECC_MAX_CURVE_BITS 521)
    diff --git a/nrf_security/configs/psa_crypto_config.h.template b/nrf_security/configs/psa_crypto_config.h.template
    index ad1b9a13..e3479715 100644
    --- a/nrf_security/configs/psa_crypto_config.h.template
    +++ b/nrf_security/configs/psa_crypto_config.h.template
    @@ -385,4 +385,28 @@
     #cmakedefine MBEDTLS_MPI_WINDOW_SIZE       @MBEDTLS_MPI_WINDOW_SIZE@ /**< Maximum window size used. */
     #cmakedefine MBEDTLS_MPI_MAX_SIZE          @MBEDTLS_MPI_MAX_SIZE@ /**< Maximum number of bytes for usable MPIs. */
     
    +/**
    + * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
    + *
    + * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
    + * module.  By default all supported curves are enabled.
    + *
    + * Comment macros to disable the curve and functions for it
    + */
    +/* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */
    +#cmakedefine MBEDTLS_ECP_DP_SECP192R1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_SECP224R1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_SECP256R1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_SECP384R1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_SECP521R1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_SECP192K1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_SECP224K1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_SECP256K1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_BP256R1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_BP384R1_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_BP512R1_ENABLED
    +/* Montgomery curves (supporting ECP) */
    +#cmakedefine MBEDTLS_ECP_DP_CURVE25519_ENABLED
    +#cmakedefine MBEDTLS_ECP_DP_CURVE448_ENABLED
    +
     #endif /* PSA_CRYPTO_CONFIG_H */
    

  • Additionally, CONFIG_OPENTHREAD_CRYPTO_PSA now depends on BUILD_WITH_TFM, which is not possible with the nrf52840, as it doesn't have a secure / non-secure mode.

Related