PSA Crypto backend support

.github/workflows/build.yml

@@ -188,7 +188,7 @@ jobs:
       run: |
         script/check-scan-build
 
-  mbedtls2-build:
+  mbedtls3-build:
     runs-on: ubuntu-24.04
     steps:
     - name: Harden Runner
@@ -202,15 +202,9 @@ jobs:
     - name: Bootstrap
       run: |
         sudo apt-get --no-install-recommends install -y ninja-build libreadline-dev libncurses-dev
-        rm -rf third_party/mbedtls/repo
-    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      with:
-        repository: ARMmbed/mbedtls
-        ref: v2.28.8
-        path: third_party/mbedtls/repo
     - name: Build
       run: |
-        ./script/test build
+        OT_OPTIONS="-DOT_CRYPTO_LIB=MBEDTLS -DOT_PLATFORM_KEY_REF=OFF" ./script/test build
 
   arm-gcc:
     name: arm-gcc-${{ matrix.gcc_ver }}

.github/workflows/toranj.yml

@@ -165,8 +165,6 @@ jobs:
         ./tests/toranj/build.sh posix-15.4+trel
         git clean -dfx
         ./tests/toranj/build.sh posix-trel
-        git clean -dfx
-        ./tests/toranj/build.sh --enable-plat-key-ref all
 
   toranj-macos:
     name: toranj-macos

etc/cmake/options.cmake

@@ -288,6 +288,11 @@ if(ot_index EQUAL -1)
     message(FATAL_ERROR "Invalid value for OT_PLATFORM - valid values are:" "${OT_PLATFORM_VALUES}")
 endif()
 
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+set(OT_CRYPTO_LIB_VALUES "MBEDTLS" "PSA" "PLATFORM")
+ot_multi_option(OT_CRYPTO_LIB OT_CRYPTO_LIB_VALUES OPENTHREAD_CONFIG_CRYPTO_LIB OPENTHREAD_CONFIG_CRYPTO_LIB_ "set Crypto backend library")
+
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 set(OT_THREAD_VERSION_VALUES "1.1" "1.2" "1.3" "1.3.1" "1.4")
 set(OT_THREAD_VERSION "1.4" CACHE STRING "set Thread version")
@@ -342,7 +347,7 @@ ot_int_option(OT_RCP_TX_WAIT_TIME_SECS OPENTHREAD_SPINEL_CONFIG_RCP_TX_WAIT_TIME
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 if(NOT OT_EXTERNAL_MBEDTLS)
-    set(OT_MBEDTLS mbedtls)
+    set(OT_MBEDTLS mbedtls mbedcrypto)
     target_compile_definitions(ot-config INTERFACE "OPENTHREAD_CONFIG_ENABLE_BUILTIN_MBEDTLS=1")
 else()
     set(OT_MBEDTLS ${OT_EXTERNAL_MBEDTLS})

examples/apps/cli/ftd.cmake

@@ -41,9 +41,9 @@ target_link_libraries(ot-cli-ftd PRIVATE
     openthread-cli-ftd
     ${OT_PLATFORM_LIB_FTD}
     openthread-ftd
-    ${OT_PLATFORM_LIB_FTD}
     openthread-cli-ftd
     ${OT_MBEDTLS}
+    ${OT_PLATFORM_LIB_FTD}
     ot-config-ftd
     ot-config
 )

examples/apps/cli/mtd.cmake

@@ -41,9 +41,9 @@ target_link_libraries(ot-cli-mtd PRIVATE
     openthread-cli-mtd
     ${OT_PLATFORM_LIB_MTD}
     openthread-mtd
-    ${OT_PLATFORM_LIB_MTD}
     openthread-cli-mtd
     ${OT_MBEDTLS}
+    ${OT_PLATFORM_LIB_MTD}
     ot-config-mtd
     ot-config
 )

examples/apps/ncp/ftd.cmake

@@ -41,9 +41,9 @@ target_link_libraries(ot-ncp-ftd PRIVATE
     openthread-ncp-ftd
     ${OT_PLATFORM_LIB_FTD}
     openthread-ftd
-    ${OT_PLATFORM_LIB_FTD}
     openthread-ncp-ftd
     ${OT_MBEDTLS}
+    ${OT_PLATFORM_LIB_FTD}
     ot-config-ftd
     ot-config
 )

examples/apps/ncp/mtd.cmake

@@ -41,9 +41,9 @@ target_link_libraries(ot-ncp-mtd PRIVATE
     openthread-ncp-mtd
     ${OT_PLATFORM_LIB_MTD}
     openthread-mtd
-    ${OT_PLATFORM_LIB_MTD}
     openthread-ncp-mtd
     ${OT_MBEDTLS}
+    ${OT_PLATFORM_LIB_MTD}
     ot-config-mtd
     ot-config
 )

examples/platforms/simulation/CMakeLists.txt

@@ -74,7 +74,6 @@ set(OT_PLATFORM_DEFINES ${OT_PLATFORM_DEFINES} PARENT_SCOPE)
 add_library(openthread-simulation
     alarm.c
     ble.c
-    crypto.c
     diag.c
     dns.c
     dnssd.c
@@ -104,6 +103,8 @@ endif()
 
 target_link_libraries(openthread-simulation PRIVATE
     openthread-platform
+    mbedtls
+    openthread-native-its-file
     ot-simulation-config
     ot-config
 )

examples/platforms/simulation/entropy.c

@@ -38,6 +38,10 @@
 
 #include <openthread/platform/entropy.h>
 
+#if (OPENTHREAD_CONFIG_CRYPTO_LIB == OPENTHREAD_CONFIG_CRYPTO_LIB_PSA)
+#include <psa/crypto.h>
+#endif
+
 #include "utils/code_utils.h"
 
 #ifndef __SANITIZE_ADDRESS__
@@ -133,3 +137,33 @@ otError otPlatEntropyGet(uint8_t *aOutput, uint16_t aOutputLength)
 
     return error;
 }
+
+#if (OPENTHREAD_CONFIG_CRYPTO_LIB == OPENTHREAD_CONFIG_CRYPTO_LIB_PSA) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+/**
+ * When OpenThread is compiled with the PSA Crypto backend using Mbed TLS 3.x, there is no
+ * API to configure a dedicated non-default entropy source. It is documented that a future version of
+ * Mbed TLS (likely 4.x) will include a PSA interface for configuring entropy sources.
+ *
+ * For now, we need to define the external RNG. Since the implementation of `otPlatEntropyGet` already
+ * uses CSPRNG, we will call it here as well.
+ */
+psa_status_t mbedtls_psa_external_get_random(mbedtls_psa_external_random_context_t *context,
+                                             uint8_t                               *output,
+                                             size_t                                 output_size,
+                                             size_t                                *output_length)
+{
+    OT_UNUSED_VARIABLE(context);
+
+    otError      error;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+
+    error = otPlatEntropyGet(output, (uint16_t)output_size);
+    if (error == OT_ERROR_NONE)
+    {
+        *output_length = output_size;
+        status         = PSA_SUCCESS;
+    }
+
+    return status;
+}
+#endif

examples/platforms/simulation/openthread-core-simulation-config.h

@@ -39,6 +39,18 @@
 #define OPENTHREAD_RADIO 0
 #endif
 
+#ifndef OPENTHREAD_CONFIG_CRYPTO_LIB
+#define OPENTHREAD_CONFIG_CRYPTO_LIB OPENTHREAD_CONFIG_CRYPTO_LIB_PSA
+#endif
+
+#ifndef OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE
+#define OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE 1
+#endif
+
+#if OPENTHREAD_CONFIG_MULTIPLE_INSTANCE_ENABLE && OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE
+#define OPENTHREAD_CONFIG_MULTIPLE_STATIC_INSTANCE_ENABLE 1
+#endif
+
 #ifndef OPENTHREAD_CONFIG_PLATFORM_INFO
 #define OPENTHREAD_CONFIG_PLATFORM_INFO "SIMULATION"
 #endif

examples/platforms/simulation/system.c

@@ -61,6 +61,11 @@ extern otRadioCaps gRadioCaps;
 
 static volatile bool gTerminate = false;
 
+#if OPENTHREAD_PSA_CRYPTO_NATIVE_ITS_FILE && (OPENTHREAD_CONFIG_CRYPTO_LIB == OPENTHREAD_CONFIG_CRYPTO_LIB_PSA)
+static char        sNativeItsFileNamePrefix[256];
+extern const char *gItsFileNamePrefix;
+#endif
+
 static void handleSignal(int aSignal)
 {
     OT_UNUSED_VARIABLE(aSignal);
@@ -193,6 +198,12 @@ void otSysInit(int aArgCount, char *aArgVector[])
     signal(SIGTERM, &handleSignal);
     signal(SIGHUP, &handleSignal);
 
+#if OPENTHREAD_PSA_CRYPTO_NATIVE_ITS_FILE && (OPENTHREAD_CONFIG_CRYPTO_LIB == OPENTHREAD_CONFIG_CRYPTO_LIB_PSA)
+    snprintf(sNativeItsFileNamePrefix, sizeof(sNativeItsFileNamePrefix), "%s/%s_%d_",
+             OPENTHREAD_CONFIG_POSIX_SETTINGS_PATH, getenv("PORT_OFFSET") ? getenv("PORT_OFFSET") : "0", gNodeId);
+    gItsFileNamePrefix = sNativeItsFileNamePrefix;
+#endif
+
     platformLoggingInit(basename(aArgVector[0]));
     platformAlarmInit(speedUpFactor);
     platformRadioInit();

examples/platforms/simulation/virtual_time/platform-sim.c

@@ -60,6 +60,11 @@ static volatile bool gTerminate = false;
 int    gArgumentsCount = 0;
 char **gArguments      = NULL;
 
+#if OPENTHREAD_PSA_CRYPTO_NATIVE_ITS_FILE && (OPENTHREAD_CONFIG_CRYPTO_LIB == OPENTHREAD_CONFIG_CRYPTO_LIB_PSA)
+static char        sNativeItsFileNamePrefix[256];
+extern const char *gItsFileNamePrefix;
+#endif
+
 uint64_t sNow = 0; // microseconds
 int      sSockFd;
 uint16_t sPortBase = 9000;
@@ -222,6 +227,12 @@ void otSysInit(int argc, char *argv[])
         DieNow(OT_EXIT_FAILURE);
     }
 
+#if OPENTHREAD_PSA_CRYPTO_NATIVE_ITS_FILE && (OPENTHREAD_CONFIG_CRYPTO_LIB == OPENTHREAD_CONFIG_CRYPTO_LIB_PSA)
+    snprintf(sNativeItsFileNamePrefix, sizeof(sNativeItsFileNamePrefix), "%s/%s_%d_",
+             OPENTHREAD_CONFIG_POSIX_SETTINGS_PATH, getenv("PORT_OFFSET") ? getenv("PORT_OFFSET") : "0", gNodeId);
+    gItsFileNamePrefix = sNativeItsFileNamePrefix;
+#endif
+
     socket_init();
 
     platformAlarmInit(1);

include/openthread/platform/crypto.h

@@ -58,10 +58,11 @@ extern "C" {
  */
 typedef enum
 {
-    OT_CRYPTO_KEY_TYPE_RAW,   ///< Key Type: Raw Data.
-    OT_CRYPTO_KEY_TYPE_AES,   ///< Key Type: AES.
-    OT_CRYPTO_KEY_TYPE_HMAC,  ///< Key Type: HMAC.
-    OT_CRYPTO_KEY_TYPE_ECDSA, ///< Key Type: ECDSA.
+    OT_CRYPTO_KEY_TYPE_RAW,    ///< Key Type: Raw Data.
+    OT_CRYPTO_KEY_TYPE_AES,    ///< Key Type: AES.
+    OT_CRYPTO_KEY_TYPE_HMAC,   ///< Key Type: HMAC.
+    OT_CRYPTO_KEY_TYPE_ECDSA,  ///< Key Type: ECDSA.
+    OT_CRYPTO_KEY_TYPE_DERIVE, ///< Key Type: Derive.
 } otCryptoKeyType;
 
 /**
@@ -73,6 +74,7 @@ typedef enum
     OT_CRYPTO_KEY_ALG_AES_ECB,      ///< Key Algorithm: AES ECB.
     OT_CRYPTO_KEY_ALG_HMAC_SHA_256, ///< Key Algorithm: HMAC SHA-256.
     OT_CRYPTO_KEY_ALG_ECDSA,        ///< Key Algorithm: ECDSA.
+    OT_CRYPTO_KEY_ALG_HKDF_SHA256,  ///< Key Algorithm: HKDF SHA-256.
 } otCryptoKeyAlgorithm;
 
 /**
@@ -86,6 +88,8 @@ enum
     OT_CRYPTO_KEY_USAGE_DECRYPT     = 1 << 2, ///< Key Usage: AES ECB.
     OT_CRYPTO_KEY_USAGE_SIGN_HASH   = 1 << 3, ///< Key Usage: Sign Hash.
     OT_CRYPTO_KEY_USAGE_VERIFY_HASH = 1 << 4, ///< Key Usage: Verify Hash.
+    OT_CRYPTO_KEY_USAGE_DERIVE      = 1 << 5, ///< Key Usage: Derive.
+
 };
 
 /**