Bluetooth: Mesh: no more tinycrypt in ble mesh tfm image

PR allows to get rid of tinycrypt objects from
the final binary of the ble mesh apps based on
PSA TFM crypto.

Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>

samples/bluetooth/mesh/boards/nrf5340dk_nrf5340_cpuapp_ns.conf

@@ -1,3 +1,8 @@
+# The option adds TinyCrypt based bt_rand.
+CONFIG_BT_HOST_CRYPTO=n
+# The option adds GATT caching feature that is based on TinyCrypt.
+CONFIG_BT_GATT_CACHING=n
+
 # Known issue: non secure platforms do not work with settings subsystem.
 CONFIG_SETTINGS=n
 CONFIG_BT_SETTINGS=n

samples/bluetooth/mesh_demo/boards/nrf5340dk_nrf5340_cpuapp_ns.conf

@@ -1,3 +1,8 @@
+# The option adds TinyCrypt based bt_rand.
+CONFIG_BT_HOST_CRYPTO=n
+# The option adds GATT caching feature that is based on TinyCrypt.
+CONFIG_BT_GATT_CACHING=n
+
 # Known issue: non secure platforms do not work with settings subsystem.
 CONFIG_SETTINGS=n
 CONFIG_BT_SETTINGS=n

samples/bluetooth/mesh_provisioner/boards/nrf5340dk_nrf5340_cpuapp_ns.conf

@@ -1,3 +1,6 @@
+# The option adds TinyCrypt based bt_rand.
+CONFIG_BT_HOST_CRYPTO=n
+
 # Known issue: non secure platforms do not work with settings subsystem.
 CONFIG_SETTINGS=n
 CONFIG_BT_SETTINGS=n

subsys/bluetooth/host/Kconfig

@@ -163,12 +163,13 @@ rsource "../mesh/Kconfig"
 rsource "../audio/Kconfig"
 
 config BT_HOST_CRYPTO
-	# Hidden option that compiles in AES encryption support using TinyCrypt
-	# library if this is not provided by the controller implementation.
-	bool
+	bool "Use crypto functionality implemented in the Bluetooth host"
 	default y if !BT_CTLR_CRYPTO
 	select TINYCRYPT
 	select TINYCRYPT_AES
+	help
+	  The option adds the AES encryption support using TinyCrypt
+	  library if this is not provided by the controller implementation.
 
 config BT_HOST_CRYPTO_PRNG
 	bool "Use Tinycrypt library for random number generation"

subsys/bluetooth/mesh/crypto_psa.c

@@ -7,6 +7,7 @@
 #include <errno.h>
 
 #include <zephyr/bluetooth/mesh.h>
+#include <zephyr/sys/check.h>
 
 #define LOG_LEVEL CONFIG_BT_MESH_CRYPTO_LOG_LEVEL
 #include <zephyr/logging/log.h>
@@ -510,3 +511,12 @@ int bt_mesh_key_compare(const uint8_t raw_key[16], const struct bt_mesh_key *key
 
 	return memcmp(out, raw_key, 16);
 }
+
+__weak int bt_rand(void *buf, size_t len)
+{
+	CHECKIF(buf == NULL || len == 0) {
+		return -EINVAL;
+	}
+
+	return psa_generate_random(buf, len) == PSA_SUCCESS ? 0 : -EIO;
+}

tests/bsim/bluetooth/mesh/overlay_psa.conf

@@ -1,2 +1,7 @@
+# The option adds TinyCrypt based bt_rand.
+CONFIG_BT_HOST_CRYPTO=n
+# The option adds GATT caching feature that is based on TinyCrypt.
+CONFIG_BT_GATT_CACHING=n
+
 # Enable mbedTLS PSA as a crypto backend
 CONFIG_BT_MESH_USES_MBEDTLS_PSA=y

tests/bsim/bluetooth/mesh/src/test_dfu.c

@@ -23,6 +23,7 @@ LOG_MODULE_REGISTER(LOG_MODULE_NAME, LOG_LEVEL_INF);
 #define TARGET_ADDR 0x0100
 #define IMPOSTER_MODEL_ID 0xe000
 #define TEST_BLOB_ID 0xaabbccdd
+#define SEMAPHORE_TIMEOUT 250 /* seconds */
 
 struct bind_params {
 	uint16_t model_id;
@@ -1016,7 +1017,7 @@ static void test_cli_fail_on_persistency(void)
 		FAIL("DFU Client send failed (err: %d)", err);
 	}
 
-	if (k_sem_take(&dfu_ended, K_SECONDS(200))) {
+	if (k_sem_take(&dfu_ended, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Firmware transfer failed");
 	}
 
@@ -1050,7 +1051,7 @@ static void test_cli_fail_on_persistency(void)
 		FAIL("DFU Client apply failed (err: %d)", err);
 	}
 
-	if (k_sem_take(&dfu_cli_applied_sem, K_SECONDS(200))) {
+	if (k_sem_take(&dfu_cli_applied_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Failed to apply firmware");
 	}
 
@@ -1063,7 +1064,7 @@ static void test_cli_fail_on_persistency(void)
 		FAIL("DFU Client confirm failed (err: %d)", err);
 	}
 
-	if (k_sem_take(&dfu_cli_confirmed_sem, K_SECONDS(200))) {
+	if (k_sem_take(&dfu_cli_confirmed_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Failed to confirm firmware");
 	}
 
@@ -1096,7 +1097,7 @@ static void test_cli_all_targets_lost_common(void)
 		FAIL("DFU Client send failed (err: %d)", err);
 	}
 
-	if (k_sem_take(&dfu_ended, K_SECONDS(200))) {
+	if (k_sem_take(&dfu_ended, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Firmware transfer failed");
 	}
 }
@@ -1187,7 +1188,7 @@ static void test_cli_all_targets_lost_on_apply(void)
 		FAIL("DFU Client apply failed (err: %d)", err);
 	}
 
-	if (!k_sem_take(&dfu_cli_applied_sem, K_SECONDS(200))) {
+	if (!k_sem_take(&dfu_cli_applied_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Apply should not be successful on any target");
 	}
 
@@ -1218,7 +1219,7 @@ static void test_cli_stop(void)
 			FAIL("DFU Client send failed (err: %d)", err);
 		}
 
-		if (k_sem_take(&dfu_started, K_SECONDS(200))) {
+		if (k_sem_take(&dfu_started, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 			FAIL("Firmware transfer failed");
 		}
 
@@ -1234,7 +1235,7 @@ static void test_cli_stop(void)
 			FAIL("DFU Client resume failed (err: %d)", err);
 		}
 
-		if (k_sem_take(&dfu_verifying, K_SECONDS(200))) {
+		if (k_sem_take(&dfu_verifying, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 			FAIL("Firmware transfer failed");
 		}
 		ASSERT_EQUAL(BT_MESH_DFU_ERR_INTERNAL, dfu_cli_xfer.targets[0].status);
@@ -1253,7 +1254,7 @@ static void test_cli_stop(void)
 			FAIL("DFU Client send failed (err: %d)", err);
 		}
 
-		if (k_sem_take(&dfu_verify_failed, K_SECONDS(200))) {
+		if (k_sem_take(&dfu_verify_failed, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 			FAIL("Firmware transfer failed");
 		}
 
@@ -1269,12 +1270,12 @@ static void test_cli_stop(void)
 		if (err) {
 			FAIL("DFU Client send failed (err: %d)", err);
 		}
-		if (k_sem_take(&dfu_ended, K_SECONDS(200))) {
+		if (k_sem_take(&dfu_ended, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 			FAIL("Firmware transfer failed");
 		}
 
 		bt_mesh_dfu_cli_apply(&dfu_cli);
-		if (k_sem_take(&dfu_cli_applied_sem, K_SECONDS(200))) {
+		if (k_sem_take(&dfu_cli_applied_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 			/* This will time out as target will reboot before applying */
 		}
 		ASSERT_EQUAL(BT_MESH_DFU_ERR_INTERNAL, dfu_cli_xfer.targets[0].status);
@@ -1464,7 +1465,7 @@ static void test_target_fail_on_metadata(void)
 	common_fail_on_target_init(&target_comp);
 	target_prov_and_conf_default();
 
-	if (k_sem_take(&dfu_metadata_check_sem, K_SECONDS(200))) {
+	if (k_sem_take(&dfu_metadata_check_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Metadata check CB wasn't called");
 	}
 
@@ -1478,7 +1479,7 @@ static void test_target_fail_on_caps_get(void)
 	common_fail_on_target_init(&srv_caps_broken_comp);
 	target_prov_and_conf_with_imposer();
 
-	if (k_sem_take(&caps_get_sem, K_SECONDS(200))) {
+	if (k_sem_take(&caps_get_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("BLOB Info Get msg handler wasn't called");
 	}
 
@@ -1492,11 +1493,11 @@ static void test_target_fail_on_update_get(void)
 	common_fail_on_target_init(&srv_update_get_broken_comp);
 	target_prov_and_conf_with_imposer();
 
-	if (k_sem_take(&dfu_verify_sem, K_SECONDS(200))) {
+	if (k_sem_take(&dfu_verify_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Transfer end CB wasn't triggered");
 	}
 
-	if (k_sem_take(&update_get_sem, K_SECONDS(200))) {
+	if (k_sem_take(&update_get_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Firmware Update Get msg handler wasn't called");
 	}
 
@@ -1511,7 +1512,7 @@ static void test_target_fail_on_verify(void)
 	common_fail_on_target_init(&target_comp);
 	target_prov_and_conf_default();
 
-	if (k_sem_take(&dfu_verify_sem, K_SECONDS(200))) {
+	if (k_sem_take(&dfu_verify_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Transfer end CB wasn't triggered");
 	}
 
@@ -1525,7 +1526,7 @@ static void test_target_fail_on_apply(void)
 	common_fail_on_target_init(&srv_update_apply_broken_comp);
 	target_prov_and_conf_with_imposer();
 
-	if (k_sem_take(&update_apply_sem, K_SECONDS(200))) {
+	if (k_sem_take(&update_apply_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Firmware Update Apply msg handler wasn't called");
 	}
 
@@ -1537,7 +1538,7 @@ static void test_target_fail_on_nothing(void)
 	common_fail_on_target_init(&target_comp);
 	target_prov_and_conf_default();
 
-	if (k_sem_take(&dfu_ended, K_SECONDS(200))) {
+	if (k_sem_take(&dfu_ended, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("DFU failed");
 	}
 

tests/bsim/bluetooth/mesh/src/test_persistence.c

@@ -549,7 +549,7 @@ static void node_configure(void)
 	 */
 	uint8_t net_transmit;
 
-	net_transmit = BT_MESH_TRANSMIT(3, 20);
+	net_transmit = BT_MESH_TRANSMIT(3, 50);
 	err = bt_mesh_cfg_cli_net_transmit_set(test_netkey_idx, TEST_ADDR, net_transmit, &status);
 	if (err || status != net_transmit) {
 		FAIL("Net transmit set failed (err %d, transmit %x)", err, status);

tests/bsim/bluetooth/mesh/src/test_replay_cache.c

@@ -149,6 +149,8 @@ static void test_tx_immediate_replay_attack(void)
 		}
 
 		ASSERT_TRUE(is_tx_succeeded);
+		/* Let complete advertising of the previous transaction to prevent collisions. */
+		k_sleep(K_SECONDS(1));
 	}
 
 	bt_mesh.seq = seq;
@@ -165,6 +167,8 @@ static void test_tx_immediate_replay_attack(void)
 		}
 
 		ASSERT_TRUE(!is_tx_succeeded);
+		/* Let complete advertising of the previous transaction to prevent collisions. */
+		k_sleep(K_SECONDS(1));
 	}
 
 	PASS();
@@ -208,6 +212,8 @@ static void test_tx_power_replay_attack(void)
 		}
 
 		ASSERT_TRUE(!is_tx_succeeded);
+		/* Let complete advertising of the previous transaction to prevent collisions. */
+		k_sleep(K_SECONDS(1));
 	}
 
 	for (int i = 0; i < 3; i++) {
@@ -222,6 +228,8 @@ static void test_tx_power_replay_attack(void)
 		}
 
 		ASSERT_TRUE(is_tx_succeeded);
+		/* Let complete advertising of the previous transaction to prevent collisions. */
+		k_sleep(K_SECONDS(1));
 	}
 
 	PASS();