mbedtls: use static key slot buffers in the PSA Crypto core

[valeriosetti]

What is done in this PR

• update Mbed TLS repo reference in order to include that patch that implement static key slot buffers
• add MBEDTLS_PSA_STATIC_KEY_SLOTS build symbol to the Mbed TLS build in order to enable the feature

Goal

As anticipated in a previous PR, removing heap usage from the Mbed TLS PSA Core for key management can be helpful for both RAM and ROM footprints reduction. RAM is pretty obvious, while for ROM footprint reduction happens if no other component makes use of heap memory so that the heap management code can be completely removed.

Example

Let's take tests/crypto/secp256r1/crypto.secp256r1.mbedtls on the nrf52840dk/nrf52840 as example for the improvements. Prior to this PR (a):

west build -p always -b nrf52840dk/nrf52840 -T tests/crypto/secp256r1/crypto.secp256r1.mbedtls
[...]
Memory region         Used Size  Region Size  %age Used
           FLASH:       44443 B         1 MB      4.24%
             RAM:       15680 B       256 KB      5.98%
        IDT_LIST:          0 GB        32 KB      0.00%

while after this PR (b):

west build -p always -b nrf52840dk/nrf52840 -T tests/crypto/secp256r1/crypto.secp256r1.mbedtls
[...]
Memory region         Used Size  Region Size  %age Used
           FLASH:       41875 B         1 MB      3.99%
             RAM:       17728 B       256 KB      6.76%
        IDT_LIST:          0 GB        32 KB      0.00%

which is a -2568 bytes less than before and it's also only 1260 bytes more than the very same example that uses TinyCrypt instead of Mbed TLS:

west build -p always -b nrf52840dk/nrf52840 -T tests/crypto/secp256r1/crypto.secp256r1.tinycrypt
[...]
Memory region         Used Size  Region Size  %age Used
           FLASH:       40615 B         1 MB      3.87%
             RAM:         14 KB       256 KB      5.47%
        IDT_LIST:          0 GB        32 KB      0.00%

Why does the PSA Crypto core still has larger ROM footprint than TinyCrypt even after this PR?

Because the PSA Core implemented in Mbed TLS includes:

• wrappers, i.e. a call to any PSA Crypto API is dispatched to some built-in implementation;
• it includes key material management which is totally absent in TinyCrypt.

Further RAM optimizations

Albeit there's a clear ROM reduction from case (a) to (b), it's also clear that RAM usage is heavily increased (+2048 bytes). This is due to the fact with statically defined key slots in the PSA Core, all the slots are pre-allocated at build time and all of them are large enough to contain and symmetric/asymmetric PSA key type enabled in the build.
It should then be noticed that at current state Zephyr builds Mbed TLS assuming always 32 key slots for the PSA core (i.e. MBEDTLS_PSA_KEY_SLOT_COUNT not set in config-tls-generic.h which means that Mbed TLS uses its default value which is 32).
If the user knows a priori how many keys their application is going to use, they can reduce this value. This is why I cherry-picked commit from #80136 to allow the user to select the number of key slots using the new Kconfig symbol CONFIG_MBEDTLS_PSA_KEY_SLOT_COUNT.
Going back to the previous example (a), setting CONFIG_MBEDTLS_PSA_KEY_SLOT_COUNT=2 (required for that test case), we have:

west build -p always -b nrf52840dk/nrf52840 -T tests/crypto/secp256r1/crypto.secp256r1.mbedtls
[...]
Memory region         Used Size  Region Size  %age Used
           FLASH:       41891 B         1 MB      4.00%
             RAM:       14592 B       256 KB      5.57%
        IDT_LIST:          0 GB        32 KB      0.00%

which is definitely closer to TinyCrypt counterpart for both RAM and ROM point of view.

[zephyrbot]

The following west manifest projects have changed revision in this Pull Request:

Name	Old Revision	New Revision	Diff
mbedtls	zephyrproject-rtos/mbedtls@a78176c	zephyrproject-rtos/mbedtls@4952e13 (zephyr)	zephyrproject-rtos/[email protected]

✅ All manifest checks OK

Note: This message is automatically posted and updated by the Manifest GitHub Action.

[tomi-font]

Suggested change

	* The newly added Kconfig option :kconfig:option:`CONFIG_MBEDTLS_PSA_KEY_SLOT_COUNT`
	* The newly-added Kconfig option :kconfig:option:`CONFIG_MBEDTLS_PSA_KEY_SLOT_COUNT`

[tomi-font]

Suggested change

	Previously this value was not explicitly set, so Mbed TLS default value of
	32 was assumed. The new Kconfig option defaults to 16 intead in order to find
	Previously this value was not explicitly set, so Mbed TLS's default value of
	32 was used. The new Kconfig option defaults to 16 instead in order to find

[tomi-font]

Suggested change

	MBEDTLS_PSA_STATIC_KEY_SLOTS is not set
	MBEDTLS_PSA_STATIC_KEY_SLOTS is not set.

[tomi-font]

Suggested change

	by ~40 bytes of overhead for each slot plus:
	by ~40 bytes plus:

[tomi-font]

Suggested change

	is set (all of this defined statically at build time).
	is set. (This is all defined statically at build time).

[tomi-font]

please review @ceolin @d3zd3z

[valeriosetti]

I apologize for the double rebase, but since release 4.0 was done, I needed to update the PR and move documentation changes from 4.0 to 4.1. The rebase pattern is as follows:

• from f89ccee to 0efedf1 --> simply rebase the PR on top of main. Here I had to solve some conflicts on the documentation, but no code was affected by this.
• from 0efedf1 to 8b1a8c1 --> to move documentation changes from 4.0 to 4.1.
• [EDIT] from 8b1a8c1 to 461304f --> to address latest comments from @tomi-font.

I hope this helps with the review process.

[valeriosetti]

I update the PR as follows:

• from 7577149 to 2495f3b --> rebase on main to solve a conflict on migration-guide-4.1.
• from 2495f3b to 74840b4 --> I just updated the first commit about the Mbed TLS repo revision since the dependence PR was merged.
• from 74840b4 to 7dc3c18 --> to address the last comment by @tomi-font.

Nothing else was change code wise, so there should be no CI failure and the PR should be ready for final review