mgmt: updatehub: remove legacy Mbed TLS crypto support

The long-term Zephyr's goal is rely only on PSA Crypto API for crypto
support in Zephyr and at the same time Mbed TLS will remove this support
from the next release.

Therefore this commit removes usage of legacy crypto hash support from
updatehub.

Signed-off-by: Valerio Setti <[email protected]>

Author: valeriosetti

subsys/mgmt/updatehub/Kconfig

@@ -18,7 +18,8 @@ menuconfig UPDATEHUB
 	select IMG_ENABLE_IMAGE_CHECK
 	select MPU_ALLOW_FLASH_WRITE
 	select MBEDTLS if !BUILD_WITH_TFM
-	select MBEDTLS_SHA256 if !PSA_CRYPTO_CLIENT
+	select MBEDTLS_PSA_CRYPTO_C if !BUILD_WITH_TFM
+	select PSA_WANT_ALG_SHA_256
 	help
 	  UpdateHub is an enterprise-grade solution which makes simple to
 	  remotely update all your embedded devices in the field. It

subsys/mgmt/updatehub/updatehub_integrity.c

@@ -9,11 +9,7 @@ LOG_MODULE_DECLARE(updatehub, CONFIG_UPDATEHUB_LOG_LEVEL);
 
 #include "updatehub_integrity.h"
 
-#if defined(CONFIG_PSA_CRYPTO_CLIENT)
 #define SUCCESS_VALUE PSA_SUCCESS
-#else
-#define SUCCESS_VALUE 0
-#endif
 
 int updatehub_integrity_init(updatehub_crypto_context_t *ctx)
 {
@@ -24,13 +20,8 @@ int updatehub_integrity_init(updatehub_crypto_context_t *ctx)
 		return -EINVAL;
 	}
 
-#if defined(CONFIG_PSA_CRYPTO_CLIENT)
 	*ctx = psa_hash_operation_init();
 	ret = psa_hash_setup(ctx, PSA_ALG_SHA_256);
-#else
-	mbedtls_sha256_init(ctx);
-	ret = mbedtls_sha256_starts(ctx, false);
-#endif
 	if (ret != SUCCESS_VALUE) {
 		LOG_DBG("Failed to %s SHA-256 operation. (%d)", "set up", ret);
 		return -EFAULT;
@@ -53,19 +44,9 @@ int updatehub_integrity_update(updatehub_crypto_context_t *ctx,
 		return 0;
 	}
 
-#if defined(CONFIG_PSA_CRYPTO_CLIENT)
 	ret = psa_hash_update(ctx, buffer, len);
-	if (ret != PSA_SUCCESS) {
-		psa_hash_abort(ctx);
-	}
-#else
-	ret = mbedtls_sha256_update(ctx, buffer, len);
-	if (ret != 0) {
-		mbedtls_sha256_free(ctx);
-	}
-#endif
-
 	if (ret != SUCCESS_VALUE) {
+		psa_hash_abort(ctx);
 		LOG_DBG("Failed to %s SHA-256 operation. (%d)", "update", ret);
 		return -EFAULT;
 	}
@@ -77,6 +58,7 @@ int updatehub_integrity_finish(updatehub_crypto_context_t *ctx,
 			       uint8_t *hash, const uint32_t size)
 {
 	int ret;
+	size_t hash_len;
 
 	if (ctx == NULL || hash == NULL) {
 		return -EINVAL;
@@ -87,18 +69,9 @@ int updatehub_integrity_finish(updatehub_crypto_context_t *ctx,
 		return -EINVAL;
 	}
 
-#if defined(CONFIG_PSA_CRYPTO_CLIENT)
-	size_t hash_len;
-
 	ret = psa_hash_finish(ctx, hash, size, &hash_len);
-	if (ret != PSA_SUCCESS) {
-		psa_hash_abort(ctx);
-	}
-#else
-	ret = mbedtls_sha256_finish(ctx, hash);
-	mbedtls_sha256_free(ctx);
-#endif
 	if (ret != SUCCESS_VALUE) {
+		psa_hash_abort(ctx);
 		LOG_DBG("Failed to %s SHA-256 operation. (%d)", "finish", ret);
 		return -EFAULT;
 	}

subsys/mgmt/updatehub/updatehub_integrity.h

@@ -7,11 +7,7 @@
 #ifndef __UPDATEHUB_INTEGRITY_H__
 #define __UPDATEHUB_INTEGRITY_H__
 
-#if defined(CONFIG_PSA_CRYPTO_CLIENT)
 #include <psa/crypto.h>
-#else
-#include <mbedtls/sha256.h>
-#endif
 
 #ifdef __cplusplus
 extern "C" {
@@ -20,11 +16,7 @@ extern "C" {
 #define SHA256_BIN_DIGEST_SIZE	(32)
 #define SHA256_HEX_DIGEST_SIZE	((SHA256_BIN_DIGEST_SIZE * 2) + 1)
 
-#if defined(CONFIG_PSA_CRYPTO_CLIENT)
 typedef psa_hash_operation_t updatehub_crypto_context_t;
-#else
-typedef mbedtls_sha256_context updatehub_crypto_context_t;
-#endif
 
 int updatehub_integrity_init(updatehub_crypto_context_t *ctx);
 int updatehub_integrity_update(updatehub_crypto_context_t *ctx,