net: openthread: Use Zephyr's mbedTLS instead of compiling own

So far OpenThread compiled it's own, internal copy of mbedTLS library. This commit changes this behavior by using Zephyr's mbedTLS instance appropriately configured for OpenThread needs. Generic mbedTLS config file was used in this case, so that application can still configure remaining parts of mbedTLS for it's own needs. Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2019-01-28 14:15:26 +01:00 · 2019-01-28 14:15:26 +01:00 · 063fefd15d
commit 063fefd15d
parent 1c8c775502
5 changed files with 55 additions and 20 deletions
--- a/modules/Kconfig.tls-generic
+++ b/modules/Kconfig.tls-generic
@ -64,7 +64,7 @@ config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED

 config MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
 	bool "Enable the RSA-only based ciphersuite modes"
-	default y
+	default y if !NET_L2_OPENTHREAD

 config MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
 	bool "Enable the DHE-RSA based ciphersuite modes"
@ -188,7 +188,7 @@ config MBEDTLS_CIPHER_CAMELLIA_ENABLED

 config MBEDTLS_CIPHER_DES_ENABLED
 	bool "Enable the DES block cipher"
-	default y
+	default y if !NET_L2_OPENTHREAD

 config MBEDTLS_CIPHER_ARC4_ENABLED
 	bool "Enable the ARC4 stream cipher"
@ -213,7 +213,7 @@ config MBEDTLS_CIPHER_MODE_GCM_ENABLED

 config MBEDTLS_CIPHER_CBC_ENABLED
 	bool "Enable Cipher Block Chaining mode (CBC) for symmetric ciphers"
-	default y
+	default y if !NET_L2_OPENTHREAD

 config MBEDTLS_CHACHAPOLY_AEAD_ENABLED
 	bool "Enable the ChaCha20-Poly1305 AEAD algorithm"
@ -236,11 +236,11 @@ config MBEDTLS_MAC_MD4_ENABLED

 config MBEDTLS_MAC_MD5_ENABLED
 	bool "Enable the MD5 hash algorithm"
-	default y
+	default y if !NET_L2_OPENTHREAD

 config MBEDTLS_MAC_SHA1_ENABLED
 	bool "Enable the SHA1 hash algorithm"
-	default y
+	default y if !NET_L2_OPENTHREAD

 config MBEDTLS_MAC_SHA256_ENABLED
 	bool "Enable the SHA-224 and SHA-256 hash algorithms"
--- a/subsys/net/l2/openthread/Kconfig
+++ b/subsys/net/l2/openthread/Kconfig
@ -16,9 +16,28 @@ menuconfig NET_L2_OPENTHREAD
 	depends on CPLUSPLUS
 	depends on REBOOT
 	select OPENTHREAD_PLAT
+	select MBEDTLS
+	select MBEDTLS_ENABLE_HEAP
+	select MBEDTLS_CIPHER_AES_ENABLED
+	select MBEDTLS_CIPHER_CCM_ENABLED
+	select MBEDTLS_MAC_SHA256_ENABLED

 if NET_L2_OPENTHREAD

+config OPENTHREAD_DTLS
+	# Hidden option to enable DTLS support in OpenThread
+	bool
+	select MBEDTLS_TLS_VERSION_1_2
+	select MBEDTLS_DTLS
+	select MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+	select MBEDTLS_ECP_DP_SECP256R1_ENABLED
+	select MBEDTLS_ECP_NIST_OPTIM
+	select MBEDTLS_MAC_CMAC_ENABLED
+	select MBEDTLS_SSL_EXPORT_KEYS
+	select MBEDTLS_CTR_DRBG_ENABLED
+	select MBEDTLS_HMAC_DRBG_ENABLED
+	select MBEDTLS_ENTROPY_ENABLED
+
 config OPENTHREAD_PLAT
 	bool
 	help
@ -141,13 +160,21 @@ config OPENTHREAD_DIAG

 config OPENTHREAD_COMMISSIONER
 	bool "Commissioner functions support"
+	select OPENTHREAD_DTLS
 	help
-	  Enable commissioner capability in OpenThread stack
+	  Enable commissioner capability in OpenThread stack. Note, that DTLS
+	  handshake used in the commissioning procedure requires a larger
+	  mbedTLS heap than the default value. A minimum recommended value of
+	  CONFIG_MBEDTLS_HEAP_SIZE for the commissioning is 8KB.

 config OPENTHREAD_JOINER
 	bool "Joiner functions support"
+	select OPENTHREAD_DTLS
 	help
-	  Enable joiner capability in OpenThread stack
+	  Enable joiner capability in OpenThread stack. Note, that DTLS
+	  handshake used in the commissioning procedure requires a larger
+	  mbedTLS heap than the default value. A minimum recommended value of
+	  CONFIG_MBEDTLS_HEAP_SIZE for the commissioning is 8KB.

 config OPENTHREAD_JOINER_AUTOSTART
 	bool "Support for automatic joiner start"
--- a/subsys/net/lib/openthread/platform/openthread-core-zephyr-config.h
+++ b/subsys/net/lib/openthread/platform/openthread-core-zephyr-config.h
@ -98,4 +98,24 @@
 */
 #define OPENTHREAD_CONFIG_ENABLE_PLATFORM_USEC_TIMER            0

+/* Zephyr does not use OpenThreads heap. mbedTLS will use heap memory allocated
+ * by Zephyr. Here, we use some dummy values to prevent OpenThread warnings.
+ */
+
+/**
+ * @def OPENTHREAD_CONFIG_HEAP_SIZE
+ *
+ * The size of heap buffer when DTLS is enabled.
+ *
+ */
+#define OPENTHREAD_CONFIG_HEAP_SIZE (4 * sizeof(void *))
+
+/**
+ * @def OPENTHREAD_CONFIG_HEAP_SIZE_NO_DTLS
+ *
+ * The size of heap buffer when DTLS is disabled.
+ *
+ */
+#define OPENTHREAD_CONFIG_HEAP_SIZE_NO_DTLS (4 * sizeof(void *))
+
 #endif  /* OPENTHREAD_CORE_NRF52840_CONFIG_H_ */
--- a/subsys/net/lib/openthread/zephyr-mbedtls-config.h
+++ b/subsys/net/lib/openthread/zephyr-mbedtls-config.h
@ -1,12 +0,0 @@
-/*
- * Copyright (c) 2018 Nordic Semiconductor ASA
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-#ifndef ZEPHYR_MBEDTLS_CONFIG_H_
-#define ZEPHYR_MBEDTLS_CONFIG_H_
-
-#define MBEDTLS_PLATFORM_EXIT_ALT
-
-#endif /* ZEPHYR_MBEDTLS_CONFIG_H_ */
--- a/west.yml
+++ b/west.yml
@ -92,7 +92,7 @@ manifest:
      revision: 9b591b289e1f37339bd038b5a1f0e6c8ad39c63a
      path: modules/lib/open-amp
    - name: openthread
-      revision: 0dbecf508e7a79aae8ed9631f1a63fc65478b213
+      revision: 3c32244f098f8daf8741efe0a2ad839b67f8567f
      path: modules/lib/openthread
    - name: segger
      revision: 6fcf61606d6012d2c44129edc033f59331e268bc