michaelh/zephyr
1
0
Fork 0
Code Releases Activity

bt-mesh: deprecate BT_MESH_USES_TINYCRYPT

Browse source 
Since the TinyCrypt library is being deprecated in Zephyr, this
commit set TinyCrypt usage in BT mesh as deprecated and it sets
Mbed TLS PSA Crypto API as the default option (when TF-M is not
available).
Tests are also updated in this commit.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
Valerio Setti 2024-10-18 06:03:54 +02:00 committed by Anas Nashif
commit 0f4875b7d0
6 changed files with 18 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

5
doc/releases/migration-guide-4.1.rst
View file

@ -141,6 +141,11 @@ Bluetooth HCI
Bluetooth Mesh Bluetooth Mesh
============== ==============
* Following the beginnig of the deprecation process for the TinyCrypt crypto
library, Kconfig symbol :kconfig:option:`CONFIG_BT_MESH_USES_TINYCRYPT` was
set as deprecated. Default option for platforms that do not support TF-M
is :kconfig:option:`CONFIG_BT_MESH_USES_MBEDTLS_PSA`.
Bluetooth Audio Bluetooth Audio
=============== ===============

22
subsys/bluetooth/mesh/Kconfig
View file

@ -1455,12 +1455,13 @@ endmenu # Proxy
choice BT_MESH_CRYPTO_LIB choice BT_MESH_CRYPTO_LIB
prompt "Crypto library:" prompt "Crypto library:"
default BT_MESH_USES_TFM_PSA if BUILD_WITH_TFM default BT_MESH_USES_TFM_PSA if BUILD_WITH_TFM
default BT_MESH_USES_TINYCRYPT default BT_MESH_USES_MBEDTLS_PSA
help help
Crypto library selection for mesh security. Crypto library selection for mesh security.
config BT_MESH_USES_TINYCRYPT config BT_MESH_USES_TINYCRYPT
bool "TinyCrypt" bool "TinyCrypt [DEPRECATED]"
select DEPRECATED
select TINYCRYPT select TINYCRYPT
select TINYCRYPT_AES select TINYCRYPT_AES
select TINYCRYPT_AES_CMAC select TINYCRYPT_AES_CMAC
@ -1475,9 +1476,8 @@ config BT_MESH_USES_MBEDTLS_PSA
bool "mbed TLS PSA [EXPERIMENTAL]" bool "mbed TLS PSA [EXPERIMENTAL]"
select EXPERIMENTAL select EXPERIMENTAL
select MBEDTLS select MBEDTLS
select MBEDTLS_ENTROPY_C
select MBEDTLS_PSA_CRYPTO_C select MBEDTLS_PSA_CRYPTO_C
select MBEDTLS_USE_PSA_CRYPTO select MBEDTLS_ENTROPY_C
select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT
select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE
@ -1497,20 +1497,18 @@ config BT_MESH_USES_MBEDTLS_PSA
select PSA_WANT_ECC_SECP_R1_256 select PSA_WANT_ECC_SECP_R1_256
select MBEDTLS_PK_WRITE_C select MBEDTLS_PK_WRITE_C
help help
Use mbed TLS library to perform crypto operations. Support of Use Mbed TLS as PSA Crypto API provider. This is useful on platforms
mbed TLS and PSA is experimental and only BabbleSim tests were run. that do not support TF-M.
Mbed TLS still does not support ITS (internal trust storage) based This feature is experimental and only BabbleSim tests were run.
on Zephyr's settings subsystem.
Not possible to use for embedded devices yet.
config BT_MESH_USES_TFM_PSA config BT_MESH_USES_TFM_PSA
bool "Use TF-M PSA [EXPERIMENTAL]" bool "Use TF-M PSA [EXPERIMENTAL]"
select EXPERIMENTAL select EXPERIMENTAL
depends on BUILD_WITH_TFM depends on BUILD_WITH_TFM
help help
Use TF-M that implements PSA security framework. Support of TF-M is Use TF-M as PSA Crypto API provider. This is only possible on platforms
experimental. It is only possible to use with platforms that TF-M supports. that support TF-M.
For more platform details see TF-M documentation. This feature is experimental.
endchoice endchoice

2
tests/bluetooth/mesh/brg/CMakeLists.txt
View file

@ -19,4 +19,4 @@ target_compile_options(app
-DCONFIG_BT_SETTINGS -DCONFIG_BT_SETTINGS
-DCONFIG_BT_MESH_BRG_CFG_SRV -DCONFIG_BT_MESH_BRG_CFG_SRV
-DCONFIG_BT_MESH_BRG_TABLE_ITEMS_MAX=16 -DCONFIG_BT_MESH_BRG_TABLE_ITEMS_MAX=16
-DCONFIG_BT_MESH_USES_TINYCRYPT) -DCONFIG_BT_MESH_USES_MBEDTLS_PSA)

2
tests/bluetooth/mesh/delayable_msg/CMakeLists.txt
View file

@ -20,4 +20,4 @@ target_compile_options(app
-DCONFIG_BT_MESH_ACCESS_DELAYABLE_MSG_COUNT=4 -DCONFIG_BT_MESH_ACCESS_DELAYABLE_MSG_COUNT=4
-DCONFIG_BT_MESH_ACCESS_DELAYABLE_MSG_CHUNK_SIZE=20 -DCONFIG_BT_MESH_ACCESS_DELAYABLE_MSG_CHUNK_SIZE=20
-DCONFIG_BT_MESH_ACCESS_DELAYABLE_MSG_CHUNK_COUNT=20 -DCONFIG_BT_MESH_ACCESS_DELAYABLE_MSG_CHUNK_COUNT=20
-DCONFIG_BT_MESH_USES_TINYCRYPT) -DCONFIG_BT_MESH_USES_MBEDTLS_PSA)

2
tests/bluetooth/mesh/rpl/CMakeLists.txt
View file

@ -19,4 +19,4 @@ target_compile_options(app
-DCONFIG_BT_MESH_CRPL=10 -DCONFIG_BT_MESH_CRPL=10
-DCONFIG_BT_MESH_RPL_STORE_TIMEOUT=1 -DCONFIG_BT_MESH_RPL_STORE_TIMEOUT=1
-DCONFIG_BT_SETTINGS -DCONFIG_BT_SETTINGS
-DCONFIG_BT_MESH_USES_TINYCRYPT) -DCONFIG_BT_MESH_USES_MBEDTLS_PSA)

11
tests/bsim/bluetooth/mesh/src/test_provision.c
View file

@ -15,10 +15,6 @@
#if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA #if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA
#include <psa/crypto.h> #include <psa/crypto.h>
#elif defined CONFIG_BT_MESH_USES_TINYCRYPT
#include <tinycrypt/constants.h>
#include <tinycrypt/ecc.h>
#include <tinycrypt/ecc_dh.h>
#else #else
#error "Unknown crypto library has been chosen" #error "Unknown crypto library has been chosen"
#endif #endif
@ -435,7 +431,6 @@ static void oob_auth_set(int test_step)
prov.input_actions = oob_auth_test_vector[test_step].input_actions; prov.input_actions = oob_auth_test_vector[test_step].input_actions;
} }
#if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA
static void generate_oob_key_pair(void) static void generate_oob_key_pair(void)
{ {
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -470,12 +465,6 @@ static void generate_oob_key_pair(void)
memcpy(public_key_be, public_key_repr + 1, 64); memcpy(public_key_be, public_key_repr + 1, 64);
} }
#elif defined CONFIG_BT_MESH_USES_TINYCRYPT
static void generate_oob_key_pair(void)
{
ASSERT_TRUE(uECC_make_key(public_key_be, private_key_be, uECC_secp256r1()));
}
#endif
static void oob_device(bool use_oob_pk) static void oob_device(bool use_oob_pk)
{ {