bt-mesh: deprecate BT_MESH_USES_TINYCRYPT

Since the TinyCrypt library is being deprecated in Zephyr, this commit set TinyCrypt usage in BT mesh as deprecated and it sets Mbed TLS PSA Crypto API as the default option (when TF-M is not available). Tests are also updated in this commit. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2024-10-18 06:03:54 +02:00 · 2024-10-18 06:03:54 +02:00 · 0f4875b7d0
commit 0f4875b7d0
parent f4592382bb
6 changed files with 18 additions and 26 deletions
--- a/doc/releases/migration-guide-4.1.rst
+++ b/doc/releases/migration-guide-4.1.rst
@ -141,6 +141,11 @@ Bluetooth HCI
 Bluetooth Mesh
 ==============

+* Following the beginnig of the deprecation process for the TinyCrypt crypto
+  library, Kconfig symbol :kconfig:option:`CONFIG_BT_MESH_USES_TINYCRYPT` was
+  set as deprecated. Default option for platforms that do not support TF-M
+  is :kconfig:option:`CONFIG_BT_MESH_USES_MBEDTLS_PSA`.
+
 Bluetooth Audio
 ===============

--- a/subsys/bluetooth/mesh/Kconfig
+++ b/subsys/bluetooth/mesh/Kconfig
@ -1455,12 +1455,13 @@ endmenu # Proxy
 choice BT_MESH_CRYPTO_LIB
 	prompt "Crypto library:"
 	default BT_MESH_USES_TFM_PSA if BUILD_WITH_TFM
-	default BT_MESH_USES_TINYCRYPT
+	default BT_MESH_USES_MBEDTLS_PSA
 	help
 	  Crypto library selection for mesh security.

 config BT_MESH_USES_TINYCRYPT
-	bool "TinyCrypt"
+	bool "TinyCrypt [DEPRECATED]"
+	select DEPRECATED
 	select TINYCRYPT
 	select TINYCRYPT_AES
 	select TINYCRYPT_AES_CMAC
@ -1475,9 +1476,8 @@ config BT_MESH_USES_MBEDTLS_PSA
 	bool "mbed TLS PSA [EXPERIMENTAL]"
 	select EXPERIMENTAL
 	select MBEDTLS
-	select MBEDTLS_ENTROPY_C
 	select MBEDTLS_PSA_CRYPTO_C
-	select MBEDTLS_USE_PSA_CRYPTO
+	select MBEDTLS_ENTROPY_C
 	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
 	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT
 	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE
@ -1497,20 +1497,18 @@ config BT_MESH_USES_MBEDTLS_PSA
 	select PSA_WANT_ECC_SECP_R1_256
 	select MBEDTLS_PK_WRITE_C
 	help
-	  Use mbed TLS library to perform crypto operations. Support of
-	  mbed TLS and PSA is experimental and only BabbleSim tests were run.
-	  Mbed TLS still does not support ITS (internal trust storage) based
-	  on Zephyr's settings subsystem.
-	  Not possible to use for embedded devices yet.
+	  Use Mbed TLS as PSA Crypto API provider. This is useful on platforms
+	  that do not support TF-M.
+	  This feature is experimental and only BabbleSim tests were run.

 config BT_MESH_USES_TFM_PSA
 	bool "Use TF-M PSA [EXPERIMENTAL]"
 	select EXPERIMENTAL
 	depends on BUILD_WITH_TFM
 	help
-	  Use TF-M that implements PSA security framework. Support of TF-M is
-	  experimental. It is only possible to use with platforms that TF-M supports.
-	  For more platform details see TF-M documentation.
+	  Use TF-M as PSA Crypto API provider. This is only possible on platforms
+	  that support TF-M.
+	  This feature is experimental.

 endchoice

--- a/tests/bluetooth/mesh/brg/CMakeLists.txt
+++ b/tests/bluetooth/mesh/brg/CMakeLists.txt
@ -19,4 +19,4 @@ target_compile_options(app
 	-DCONFIG_BT_SETTINGS
 	-DCONFIG_BT_MESH_BRG_CFG_SRV
 	-DCONFIG_BT_MESH_BRG_TABLE_ITEMS_MAX=16
-	-DCONFIG_BT_MESH_USES_TINYCRYPT)
+	-DCONFIG_BT_MESH_USES_MBEDTLS_PSA)
--- a/tests/bluetooth/mesh/delayable_msg/CMakeLists.txt
+++ b/tests/bluetooth/mesh/delayable_msg/CMakeLists.txt
@ -20,4 +20,4 @@ target_compile_options(app
 	-DCONFIG_BT_MESH_ACCESS_DELAYABLE_MSG_COUNT=4
 	-DCONFIG_BT_MESH_ACCESS_DELAYABLE_MSG_CHUNK_SIZE=20
 	-DCONFIG_BT_MESH_ACCESS_DELAYABLE_MSG_CHUNK_COUNT=20
-	-DCONFIG_BT_MESH_USES_TINYCRYPT)
+	-DCONFIG_BT_MESH_USES_MBEDTLS_PSA)
--- a/tests/bluetooth/mesh/rpl/CMakeLists.txt
+++ b/tests/bluetooth/mesh/rpl/CMakeLists.txt
@ -19,4 +19,4 @@ target_compile_options(app
 	-DCONFIG_BT_MESH_CRPL=10
 	-DCONFIG_BT_MESH_RPL_STORE_TIMEOUT=1
 	-DCONFIG_BT_SETTINGS
-	-DCONFIG_BT_MESH_USES_TINYCRYPT)
+	-DCONFIG_BT_MESH_USES_MBEDTLS_PSA)
--- a/tests/bsim/bluetooth/mesh/src/test_provision.c
+++ b/tests/bsim/bluetooth/mesh/src/test_provision.c
@ -15,10 +15,6 @@

 #if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA
 #include <psa/crypto.h>
-#elif defined CONFIG_BT_MESH_USES_TINYCRYPT
-#include <tinycrypt/constants.h>
-#include <tinycrypt/ecc.h>
-#include <tinycrypt/ecc_dh.h>
 #else
 #error "Unknown crypto library has been chosen"
 #endif
@ -435,7 +431,6 @@ static void oob_auth_set(int test_step)
 	prov.input_actions = oob_auth_test_vector[test_step].input_actions;
 }

-#if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA
 static void generate_oob_key_pair(void)
 {
 	psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -470,12 +465,6 @@ static void generate_oob_key_pair(void)

 	memcpy(public_key_be, public_key_repr + 1, 64);
 }
-#elif defined CONFIG_BT_MESH_USES_TINYCRYPT
-static void generate_oob_key_pair(void)
-{
-	ASSERT_TRUE(uECC_make_key(public_key_be, private_key_be, uECC_secp256r1()));
-}
-#endif

 static void oob_device(bool use_oob_pk)
 {