storage: flash_map: replace TinyCrypt by PSA

As part of ongoing work to move away from TinyCrypt and towards PSA
(#43712), introduce a PSA option and remove the TinyCrypt one for the
SHA-256 implementation.

The Mbed TLS implementation is modified to use `mbedtls_sha256`
directly for smaller code size.

As of now the implementation defaults to PSA only if TF-M is enabled
because a dependency loop happens if using `PSA_CRYPTO_CLIENT` as a
condition in `FLASH_AREA_CHECK_INTEGRITY_BACKEND`.

A test case is added for the PSA implementation, and an NS platform is
added to the base test case to verify the compilation on a TF-M-enabled
platform.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>

doc/releases/migration-guide-3.7.rst

@@ -781,6 +781,17 @@ Networking
 Other Subsystems
 ****************
 
+Flash map
+=========
+
+* The crypto backend for the flash check functions (:kconfig:option:`CONFIG_FLASH_AREA_CHECK_INTEGRITY_BACKEND`),
+  previously provided through either TinyCrypt or Mbed TLS, is now provided through either PSA or Mbed TLS.
+  The updated Mbed TLS implementation has a slightly smaller footprint than the previous TinyCrypt one,
+  and the PSA implementation offers an even greater footprint reduction for devices built with TF-M.
+  PSA is the supported way forward, however as of now you may still use Mbed TLS if you cannot afford the
+  one-time cost of enabling the PSA API (:kconfig:option:`CONFIG_MBEDTLS_PSA_CRYPTO_C` for devices without TF-M).
+  :github:`73511`
+
 hawkBit
 =======
 

subsys/storage/flash_map/CMakeLists.txt

@@ -6,6 +6,4 @@ zephyr_sources_ifdef(CONFIG_FLASH_MAP_SHELL flash_map_shell.c)
 zephyr_sources_ifdef(CONFIG_FLASH_PAGE_LAYOUT flash_map_layout.c)
 zephyr_sources_ifdef(CONFIG_FLASH_AREA_CHECK_INTEGRITY flash_map_integrity.c)
 
-if(CONFIG_FLASH_AREA_CHECK_INTEGRITY_MBEDTLS)
-  zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS)
-endif()
+zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS)

subsys/storage/flash_map/Kconfig

@@ -43,27 +43,27 @@ config FLASH_MAP_LABELS
 	  flash_map list shell command.
 
 if FLASH_AREA_CHECK_INTEGRITY
+
 choice FLASH_AREA_CHECK_INTEGRITY_BACKEND
 	prompt "Crypto backend for the flash check functions"
-	default FLASH_AREA_CHECK_INTEGRITY_TC
+	default FLASH_AREA_CHECK_INTEGRITY_PSA if BUILD_WITH_TFM
+	default FLASH_AREA_CHECK_INTEGRITY_MBEDTLS if !BUILD_WITH_TFM
 
-config FLASH_AREA_CHECK_INTEGRITY_TC
-	bool "Use TinyCrypt"
-	select TINYCRYPT
-	select TINYCRYPT_SHA256
+config FLASH_AREA_CHECK_INTEGRITY_PSA
+	bool "Use PSA"
+	select PSA_WANT_ALG_SHA_256
 	help
-	  Use TinyCrypt library to perform the integrity check.
+	  Use the PSA API to perform the integrity check.
 
 config FLASH_AREA_CHECK_INTEGRITY_MBEDTLS
-	bool "Use MBEDTLS"
+	bool "Use Mbed TLS"
 	select MBEDTLS
-	select MBEDTLS_MD
 	select MBEDTLS_SHA256
-	select MBEDTLS_ENABLE_HEAP
 	help
-	  Use MBEDTLS library to perform the integrity check.
+	  Use the Mbed TLS library to perform the integrity check.
 
 endchoice
-endif
+
+endif # FLASH_AREA_CHECK_INTEGRITY
 
 endif

subsys/storage/flash_map/flash_map_integrity.c

@@ -11,33 +11,31 @@
 
 #include <zephyr/types.h>
 #include <stddef.h>
+#include <string.h>
 #include <sys/types.h>
 #include <zephyr/device.h>
 #include <zephyr/storage/flash_map.h>
 #include "flash_map_priv.h"
 #include <zephyr/drivers/flash.h>
 #include <zephyr/init.h>
 
-#if defined(CONFIG_FLASH_AREA_CHECK_INTEGRITY)
 #define SHA256_DIGEST_SIZE 32
-#if defined(CONFIG_FLASH_AREA_CHECK_INTEGRITY_TC)
-#include <tinycrypt/constants.h>
-#include <tinycrypt/sha256.h>
+#if defined(CONFIG_FLASH_AREA_CHECK_INTEGRITY_PSA)
+#include <psa/crypto.h>
+#define SUCCESS_VALUE PSA_SUCCESS
 #else
-#include <mbedtls/md.h>
+#include <mbedtls/sha256.h>
+#define SUCCESS_VALUE 0
 #endif
-#include <string.h>
-#endif /* CONFIG_FLASH_AREA_CHECK_INTEGRITY */
 
 int flash_area_check_int_sha256(const struct flash_area *fa,
 				const struct flash_area_check *fac)
 {
 	unsigned char hash[SHA256_DIGEST_SIZE];
-#if defined(CONFIG_FLASH_AREA_CHECK_INTEGRITY_TC)
-	struct tc_sha256_state_struct sha;
+#if defined(CONFIG_FLASH_AREA_CHECK_INTEGRITY_PSA)
+	psa_hash_operation_t hash_ctx;
 #else /* CONFIG_FLASH_AREA_CHECK_INTEGRITY_MBEDTLS */
-	mbedtls_md_context_t mbed_hash_ctx;
-	const mbedtls_md_info_t *mbed_hash_info;
+	mbedtls_sha256_context hash_ctx;
 #endif
 	int to_read;
 	int pos;
@@ -52,25 +50,17 @@ int flash_area_check_int_sha256(const struct flash_area *fa,
 		return -EINVAL;
 	}
 
-#if defined(CONFIG_FLASH_AREA_CHECK_INTEGRITY_TC)
-	if (tc_sha256_init(&sha) != TC_CRYPTO_SUCCESS) {
-		return -ESRCH;
-	}
+#if defined(CONFIG_FLASH_AREA_CHECK_INTEGRITY_PSA)
+	hash_ctx = psa_hash_operation_init();
+	rc = psa_hash_setup(&hash_ctx, PSA_ALG_SHA_256);
 #else /* CONFIG_FLASH_AREA_CHECK_INTEGRITY_MBEDTLS */
-	mbed_hash_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
-
-	mbedtls_md_init(&mbed_hash_ctx);
-
-	if (mbedtls_md_setup(&mbed_hash_ctx, mbed_hash_info, 0) != 0) {
+	mbedtls_sha256_init(&hash_ctx);
+	rc = mbedtls_sha256_starts(&hash_ctx, false);
+#endif
+	if (rc != SUCCESS_VALUE) {
 		return -ESRCH;
 	}
 
-	if (mbedtls_md_starts(&mbed_hash_ctx)) {
-		rc = -ESRCH;
-		goto error;
-	}
-#endif
-
 	to_read = fac->rblen;
 
 	for (pos = 0; pos < fac->clen; pos += to_read) {
@@ -81,50 +71,47 @@ int flash_area_check_int_sha256(const struct flash_area *fa,
 		rc = flash_read(fa->fa_dev, (fa->fa_off + fac->off + pos),
 				fac->rbuf, to_read);
 		if (rc != 0) {
-#if defined(CONFIG_FLASH_AREA_CHECK_INTEGRITY_TC)
-			return rc;
-#else /* CONFIG_FLASH_AREA_CHECK_INTEGRITY_MBEDTLS */
 			goto error;
-#endif
 		}
 
-#if defined(CONFIG_FLASH_AREA_CHECK_INTEGRITY_TC)
-		if (tc_sha256_update(&sha,
-				     fac->rbuf,
-				     to_read) != TC_CRYPTO_SUCCESS) {
-			return -ESRCH;
-		}
+#if defined(CONFIG_FLASH_AREA_CHECK_INTEGRITY_PSA)
+		rc = psa_hash_update(&hash_ctx, fac->rbuf, to_read);
 #else /* CONFIG_FLASH_AREA_CHECK_INTEGRITY_MBEDTLS */
-		if (mbedtls_md_update(&mbed_hash_ctx, fac->rbuf, to_read) != 0) {
+		rc = mbedtls_sha256_update(&hash_ctx, fac->rbuf, to_read);
+#endif
+		if (rc != SUCCESS_VALUE) {
 			rc = -ESRCH;
 			goto error;
 		}
-#endif
 	}
 
-#if defined(CONFIG_FLASH_AREA_CHECK_INTEGRITY_TC)
-	if (tc_sha256_final(hash, &sha) != TC_CRYPTO_SUCCESS) {
-		return -ESRCH;
-	}
+#if defined(CONFIG_FLASH_AREA_CHECK_INTEGRITY_PSA)
+	size_t hash_len;
+
+	rc = psa_hash_finish(&hash_ctx, hash, sizeof(hash), &hash_len);
 #else /* CONFIG_FLASH_AREA_CHECK_INTEGRITY_MBEDTLS */
-	if (mbedtls_md_finish(&mbed_hash_ctx, hash) != 0) {
+	rc = mbedtls_sha256_finish(&hash_ctx, hash);
+#endif
+	if (rc != SUCCESS_VALUE) {
 		rc = -ESRCH;
 		goto error;
 	}
-#endif
 
 	if (memcmp(hash, fac->match, SHA256_DIGEST_SIZE)) {
-#if defined(CONFIG_FLASH_AREA_CHECK_INTEGRITY_TC)
+#if defined(CONFIG_FLASH_AREA_CHECK_INTEGRITY_PSA)
+		/* The operation has already been terminated. */
 		return -EILSEQ;
 #else /* CONFIG_FLASH_AREA_CHECK_INTEGRITY_MBEDTLS */
 		rc = -EILSEQ;
 		goto error;
 #endif
 	}
 
-#if defined(CONFIG_FLASH_AREA_CHECK_INTEGRITY_MBEDTLS)
 error:
-	mbedtls_md_free(&mbed_hash_ctx);
+#if defined(CONFIG_FLASH_AREA_CHECK_INTEGRITY_PSA)
+	psa_hash_abort(&hash_ctx);
+#else /* CONFIG_FLASH_AREA_CHECK_INTEGRITY_MBEDTLS */
+	mbedtls_sha256_free(&hash_ctx);
 #endif
 	return rc;
 }

tests/subsys/storage/flash_map/overlay-psa.conf

@@ -0,0 +1,3 @@
+CONFIG_FLASH_AREA_CHECK_INTEGRITY_PSA=y
+CONFIG_MBEDTLS=y
+CONFIG_MBEDTLS_PSA_CRYPTO_C=y

tests/subsys/storage/flash_map/testcase.yaml

@@ -2,6 +2,7 @@ tests:
   storage.flash_map:
     platform_allow:
       - nrf51dk/nrf51822
+      - nrf9160dk/nrf9160/ns
       - qemu_x86
       - native_posix
       - native_posix/native/64
@@ -35,3 +36,15 @@ tests:
     tags: flash_map
     integration_platforms:
       - native_sim
+  storage.flash_map.psa:
+    extra_args: OVERLAY_CONFIG=overlay-psa.conf
+    platform_allow:
+      - nrf51dk/nrf51822
+      - native_posix
+      - native_posix/native/64
+      - native_sim
+      - native_sim/native/64
+      - mr_canhubk3
+    tags: flash_map
+    integration_platforms:
+      - native_sim