samples: net: download: migrate to PSA Crypto

Replace usage of legacy `mbedtls_sha256` by the PSA Crypto equivalent.

The explicit setting of `CONFIG_TFM_PROFILE_TYPE_MINIMAL=y` is removed
from the 91 devices so that the `NOT_SET` profile is used instead
because the `MINIMAL` profile does not support SHA-256.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>

Author: tomi-font

samples/net/download/Kconfig

@@ -47,7 +47,8 @@ config SAMPLE_FILE_URL
 
 config SAMPLE_COMPUTE_HASH
 	bool "Compute sha256 hash"
-	select MBEDTLS
+	select PSA_CRYPTO
+	select PSA_WANT_ALG_SHA_256
 
 config SAMPLE_COMPARE_HASH
 	bool "Compare hash"

samples/net/download/boards/nrf9151dk_nrf9151_ns.conf

@@ -8,8 +8,6 @@
 # This file is merged with prj.conf in the application folder, and options
 # set here will take precedence if they are present in both files.
 
-# TF-M
-CONFIG_TFM_PROFILE_TYPE_MINIMAL=y
 
 # Disable Duplicate Address Detection (DAD)
 # due to not being properly implemented for offloaded interfaces.

samples/net/download/boards/nrf9160dk_nrf9160_ns.conf

@@ -4,9 +4,6 @@
 # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
 #
 
-# TF-M
-CONFIG_TFM_PROFILE_TYPE_MINIMAL=y
-
 # Configuration file for nRF9160 DK
 # This file is merged with prj.conf in the application folder, and options
 # set here will take precedence if they are present in both files.

samples/net/download/boards/nrf9161dk_nrf9161_ns.conf

@@ -4,9 +4,6 @@
 # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
 #
 
-# TF-M
-CONFIG_TFM_PROFILE_TYPE_MINIMAL=y
-
 # Configuration file for nRF9160 DK
 # This file is merged with prj.conf in the application folder, and options
 # set here will take precedence if they are present in both files.

samples/net/download/src/main.c

@@ -74,8 +74,8 @@ static struct downloader_host_cfg host_dl_cfg = {
 };
 
 #if CONFIG_SAMPLE_COMPUTE_HASH
-#include <mbedtls/sha256.h>
-static mbedtls_sha256_context sha256_ctx;
+#include <psa/crypto.h>
+static psa_hash_operation_t hash_ctx;
 #endif
 
 static int64_t ref_time;
@@ -215,7 +215,9 @@ static int callback(const struct downloader_evt *event)
 	static size_t file_size;
 	uint32_t speed;
 	int64_t ms_elapsed;
-
+#if CONFIG_SAMPLE_COMPUTE_HASH
+	psa_status_t status;
+#endif
 	if (downloaded == 0) {
 		downloader_file_size_get(&downloader, &file_size);
 		downloaded += STARTING_OFFSET;
@@ -231,8 +233,11 @@ static int callback(const struct downloader_evt *event)
 		}
 
 #if CONFIG_SAMPLE_COMPUTE_HASH
-		mbedtls_sha256_update(&sha256_ctx,
-			event->fragment.buf, event->fragment.len);
+		status = psa_hash_update(&hash_ctx, event->fragment.buf, event->fragment.len);
+		if (status != PSA_SUCCESS) {
+			printk("Error during hash update: %d\n", status);
+			return status;
+		}
 #endif
 		return 0;
 
@@ -245,9 +250,13 @@ static int callback(const struct downloader_evt *event)
 #if CONFIG_SAMPLE_COMPUTE_HASH
 		uint8_t hash[32];
 		uint8_t hash_str[64 + 1];
+		size_t hash_length;
 
-		mbedtls_sha256_finish(&sha256_ctx, hash);
-		mbedtls_sha256_free(&sha256_ctx);
+		status = psa_hash_finish(&hash_ctx, hash, sizeof(hash), &hash_length);
+		if (status != PSA_SUCCESS) {
+			printk("Error during hash finish: %d\n", status);
+			return status;
+		}
 
 		bin2hex(hash, sizeof(hash), hash_str, sizeof(hash_str));
 
@@ -313,7 +322,14 @@ int main(void)
 		return 0;
 	}
 #endif
+#if CONFIG_SAMPLE_COMPUTE_HASH
+	psa_status_t status = psa_hash_setup(&hash_ctx, PSA_ALG_SHA_256);
 
+	if (status != PSA_SUCCESS) {
+		printk("psa_hash_setup, error: %d\n", status);
+		return status;
+	}
+#endif
 	printk("Connecting to network\n");
 
 	err = conn_mgr_all_if_connect(true);
@@ -342,10 +358,6 @@ int main(void)
 		return 0;
 	}
 
-#if CONFIG_SAMPLE_COMPUTE_HASH
-	mbedtls_sha256_init(&sha256_ctx);
-	mbedtls_sha256_starts(&sha256_ctx, false);
-#endif
 
 	ref_time = k_uptime_get();