bt-mesh: deprecate BT_MESH_USES_TINYCRYPT

Since the TinyCrypt library is being deprecated in Zephyr, this
commit set TinyCrypt usage in BT mesh as deprecated and it sets
Mbed TLS PSA Crypto API as the default option (when TF-M is not
available).
Tests are also updated in this commit.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
Valerio Setti 2024-10-18 06:03:54 +02:00 committed by Anas Nashif
commit 0f4875b7d0
6 changed files with 18 additions and 26 deletions

View file

@ -141,6 +141,11 @@ Bluetooth HCI
Bluetooth Mesh
==============
* Following the beginnig of the deprecation process for the TinyCrypt crypto
library, Kconfig symbol :kconfig:option:`CONFIG_BT_MESH_USES_TINYCRYPT` was
set as deprecated. Default option for platforms that do not support TF-M
is :kconfig:option:`CONFIG_BT_MESH_USES_MBEDTLS_PSA`.
Bluetooth Audio
===============

View file

@ -1455,12 +1455,13 @@ endmenu # Proxy
choice BT_MESH_CRYPTO_LIB
prompt "Crypto library:"
default BT_MESH_USES_TFM_PSA if BUILD_WITH_TFM
default BT_MESH_USES_TINYCRYPT
default BT_MESH_USES_MBEDTLS_PSA
help
Crypto library selection for mesh security.
config BT_MESH_USES_TINYCRYPT
bool "TinyCrypt"
bool "TinyCrypt [DEPRECATED]"
select DEPRECATED
select TINYCRYPT
select TINYCRYPT_AES
select TINYCRYPT_AES_CMAC
@ -1475,9 +1476,8 @@ config BT_MESH_USES_MBEDTLS_PSA
bool "mbed TLS PSA [EXPERIMENTAL]"
select EXPERIMENTAL
select MBEDTLS
select MBEDTLS_ENTROPY_C
select MBEDTLS_PSA_CRYPTO_C
select MBEDTLS_USE_PSA_CRYPTO
select MBEDTLS_ENTROPY_C
select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT
select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE
@ -1497,20 +1497,18 @@ config BT_MESH_USES_MBEDTLS_PSA
select PSA_WANT_ECC_SECP_R1_256
select MBEDTLS_PK_WRITE_C
help
Use mbed TLS library to perform crypto operations. Support of
mbed TLS and PSA is experimental and only BabbleSim tests were run.
Mbed TLS still does not support ITS (internal trust storage) based
on Zephyr's settings subsystem.
Not possible to use for embedded devices yet.
Use Mbed TLS as PSA Crypto API provider. This is useful on platforms
that do not support TF-M.
This feature is experimental and only BabbleSim tests were run.
config BT_MESH_USES_TFM_PSA
bool "Use TF-M PSA [EXPERIMENTAL]"
select EXPERIMENTAL
depends on BUILD_WITH_TFM
help
Use TF-M that implements PSA security framework. Support of TF-M is
experimental. It is only possible to use with platforms that TF-M supports.
For more platform details see TF-M documentation.
Use TF-M as PSA Crypto API provider. This is only possible on platforms
that support TF-M.
This feature is experimental.
endchoice

View file

@ -19,4 +19,4 @@ target_compile_options(app
-DCONFIG_BT_SETTINGS
-DCONFIG_BT_MESH_BRG_CFG_SRV
-DCONFIG_BT_MESH_BRG_TABLE_ITEMS_MAX=16
-DCONFIG_BT_MESH_USES_TINYCRYPT)
-DCONFIG_BT_MESH_USES_MBEDTLS_PSA)

View file

@ -20,4 +20,4 @@ target_compile_options(app
-DCONFIG_BT_MESH_ACCESS_DELAYABLE_MSG_COUNT=4
-DCONFIG_BT_MESH_ACCESS_DELAYABLE_MSG_CHUNK_SIZE=20
-DCONFIG_BT_MESH_ACCESS_DELAYABLE_MSG_CHUNK_COUNT=20
-DCONFIG_BT_MESH_USES_TINYCRYPT)
-DCONFIG_BT_MESH_USES_MBEDTLS_PSA)

View file

@ -19,4 +19,4 @@ target_compile_options(app
-DCONFIG_BT_MESH_CRPL=10
-DCONFIG_BT_MESH_RPL_STORE_TIMEOUT=1
-DCONFIG_BT_SETTINGS
-DCONFIG_BT_MESH_USES_TINYCRYPT)
-DCONFIG_BT_MESH_USES_MBEDTLS_PSA)

View file

@ -15,10 +15,6 @@
#if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA
#include <psa/crypto.h>
#elif defined CONFIG_BT_MESH_USES_TINYCRYPT
#include <tinycrypt/constants.h>
#include <tinycrypt/ecc.h>
#include <tinycrypt/ecc_dh.h>
#else
#error "Unknown crypto library has been chosen"
#endif
@ -435,7 +431,6 @@ static void oob_auth_set(int test_step)
prov.input_actions = oob_auth_test_vector[test_step].input_actions;
}
#if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA
static void generate_oob_key_pair(void)
{
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -470,12 +465,6 @@ static void generate_oob_key_pair(void)
memcpy(public_key_be, public_key_repr + 1, 64);
}
#elif defined CONFIG_BT_MESH_USES_TINYCRYPT
static void generate_oob_key_pair(void)
{
ASSERT_TRUE(uECC_make_key(public_key_be, private_key_be, uECC_secp256r1()));
}
#endif
static void oob_device(bool use_oob_pk)
{