From 0f4875b7d027d3fc7aae9dfefdeef1213d35a14f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 18 Oct 2024 06:03:54 +0200 Subject: [PATCH] bt-mesh: deprecate BT_MESH_USES_TINYCRYPT Since the TinyCrypt library is being deprecated in Zephyr, this commit set TinyCrypt usage in BT mesh as deprecated and it sets Mbed TLS PSA Crypto API as the default option (when TF-M is not available). Tests are also updated in this commit. Signed-off-by: Valerio Setti --- doc/releases/migration-guide-4.1.rst | 5 +++++ subsys/bluetooth/mesh/Kconfig | 22 +++++++++---------- tests/bluetooth/mesh/brg/CMakeLists.txt | 2 +- .../mesh/delayable_msg/CMakeLists.txt | 2 +- tests/bluetooth/mesh/rpl/CMakeLists.txt | 2 +- .../bsim/bluetooth/mesh/src/test_provision.c | 11 ---------- 6 files changed, 18 insertions(+), 26 deletions(-) diff --git a/doc/releases/migration-guide-4.1.rst b/doc/releases/migration-guide-4.1.rst index c2928e77aef..9f4688c94f4 100644 --- a/doc/releases/migration-guide-4.1.rst +++ b/doc/releases/migration-guide-4.1.rst @@ -141,6 +141,11 @@ Bluetooth HCI Bluetooth Mesh ============== +* Following the beginnig of the deprecation process for the TinyCrypt crypto + library, Kconfig symbol :kconfig:option:`CONFIG_BT_MESH_USES_TINYCRYPT` was + set as deprecated. Default option for platforms that do not support TF-M + is :kconfig:option:`CONFIG_BT_MESH_USES_MBEDTLS_PSA`. + Bluetooth Audio =============== diff --git a/subsys/bluetooth/mesh/Kconfig b/subsys/bluetooth/mesh/Kconfig index 4731d1c4179..4bcd270367d 100644 --- a/subsys/bluetooth/mesh/Kconfig +++ b/subsys/bluetooth/mesh/Kconfig @@ -1455,12 +1455,13 @@ endmenu # Proxy choice BT_MESH_CRYPTO_LIB prompt "Crypto library:" default BT_MESH_USES_TFM_PSA if BUILD_WITH_TFM - default BT_MESH_USES_TINYCRYPT + default BT_MESH_USES_MBEDTLS_PSA help Crypto library selection for mesh security. config BT_MESH_USES_TINYCRYPT - bool "TinyCrypt" + bool "TinyCrypt [DEPRECATED]" + select DEPRECATED select TINYCRYPT select TINYCRYPT_AES select TINYCRYPT_AES_CMAC @@ -1475,9 +1476,8 @@ config BT_MESH_USES_MBEDTLS_PSA bool "mbed TLS PSA [EXPERIMENTAL]" select EXPERIMENTAL select MBEDTLS - select MBEDTLS_ENTROPY_C select MBEDTLS_PSA_CRYPTO_C - select MBEDTLS_USE_PSA_CRYPTO + select MBEDTLS_ENTROPY_C select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE @@ -1497,20 +1497,18 @@ config BT_MESH_USES_MBEDTLS_PSA select PSA_WANT_ECC_SECP_R1_256 select MBEDTLS_PK_WRITE_C help - Use mbed TLS library to perform crypto operations. Support of - mbed TLS and PSA is experimental and only BabbleSim tests were run. - Mbed TLS still does not support ITS (internal trust storage) based - on Zephyr's settings subsystem. - Not possible to use for embedded devices yet. + Use Mbed TLS as PSA Crypto API provider. This is useful on platforms + that do not support TF-M. + This feature is experimental and only BabbleSim tests were run. config BT_MESH_USES_TFM_PSA bool "Use TF-M PSA [EXPERIMENTAL]" select EXPERIMENTAL depends on BUILD_WITH_TFM help - Use TF-M that implements PSA security framework. Support of TF-M is - experimental. It is only possible to use with platforms that TF-M supports. - For more platform details see TF-M documentation. + Use TF-M as PSA Crypto API provider. This is only possible on platforms + that support TF-M. + This feature is experimental. endchoice diff --git a/tests/bluetooth/mesh/brg/CMakeLists.txt b/tests/bluetooth/mesh/brg/CMakeLists.txt index d878ad04d50..aa140c39c22 100644 --- a/tests/bluetooth/mesh/brg/CMakeLists.txt +++ b/tests/bluetooth/mesh/brg/CMakeLists.txt @@ -19,4 +19,4 @@ target_compile_options(app -DCONFIG_BT_SETTINGS -DCONFIG_BT_MESH_BRG_CFG_SRV -DCONFIG_BT_MESH_BRG_TABLE_ITEMS_MAX=16 - -DCONFIG_BT_MESH_USES_TINYCRYPT) + -DCONFIG_BT_MESH_USES_MBEDTLS_PSA) diff --git a/tests/bluetooth/mesh/delayable_msg/CMakeLists.txt b/tests/bluetooth/mesh/delayable_msg/CMakeLists.txt index 51bf28d8320..9c10285f055 100644 --- a/tests/bluetooth/mesh/delayable_msg/CMakeLists.txt +++ b/tests/bluetooth/mesh/delayable_msg/CMakeLists.txt @@ -20,4 +20,4 @@ target_compile_options(app -DCONFIG_BT_MESH_ACCESS_DELAYABLE_MSG_COUNT=4 -DCONFIG_BT_MESH_ACCESS_DELAYABLE_MSG_CHUNK_SIZE=20 -DCONFIG_BT_MESH_ACCESS_DELAYABLE_MSG_CHUNK_COUNT=20 - -DCONFIG_BT_MESH_USES_TINYCRYPT) + -DCONFIG_BT_MESH_USES_MBEDTLS_PSA) diff --git a/tests/bluetooth/mesh/rpl/CMakeLists.txt b/tests/bluetooth/mesh/rpl/CMakeLists.txt index b22dcae3e7c..17545736a44 100644 --- a/tests/bluetooth/mesh/rpl/CMakeLists.txt +++ b/tests/bluetooth/mesh/rpl/CMakeLists.txt @@ -19,4 +19,4 @@ target_compile_options(app -DCONFIG_BT_MESH_CRPL=10 -DCONFIG_BT_MESH_RPL_STORE_TIMEOUT=1 -DCONFIG_BT_SETTINGS - -DCONFIG_BT_MESH_USES_TINYCRYPT) + -DCONFIG_BT_MESH_USES_MBEDTLS_PSA) diff --git a/tests/bsim/bluetooth/mesh/src/test_provision.c b/tests/bsim/bluetooth/mesh/src/test_provision.c index c7fed00485a..f4057ebc7b7 100644 --- a/tests/bsim/bluetooth/mesh/src/test_provision.c +++ b/tests/bsim/bluetooth/mesh/src/test_provision.c @@ -15,10 +15,6 @@ #if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA #include -#elif defined CONFIG_BT_MESH_USES_TINYCRYPT -#include -#include -#include #else #error "Unknown crypto library has been chosen" #endif @@ -435,7 +431,6 @@ static void oob_auth_set(int test_step) prov.input_actions = oob_auth_test_vector[test_step].input_actions; } -#if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA static void generate_oob_key_pair(void) { psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -470,12 +465,6 @@ static void generate_oob_key_pair(void) memcpy(public_key_be, public_key_repr + 1, 64); } -#elif defined CONFIG_BT_MESH_USES_TINYCRYPT -static void generate_oob_key_pair(void) -{ - ASSERT_TRUE(uECC_make_key(public_key_be, private_key_be, uECC_secp256r1())); -} -#endif static void oob_device(bool use_oob_pk) {