bt: crypto/host: remove CONFIG_BT_USE_PSA_API symbol

As part of the deprecation process of TinyCrypt in Zephyr codebase (zephyrproject-rtos#79566) this commit removes CONFIG_BT_USE_PSA_API symbol. This was used in BT crypto/host modules to select PSA crypto API over TinyCrypt (which was the default until now). Since TinyCrypt is removed and PSA crypto API is the new standard library for crypto operations, CONFIG_BT_USE_PSA_API is no more needed. Signed-off-by: Valerio Setti <[email protected]>
valeriosetti · Nov 6, 2024 · 02b0bb0 · 02b0bb0
1 parent 4ab21b2
commit 02b0bb0
Show file tree

Hide file tree

Showing 19 changed files with 34 additions and 365 deletions.
diff --git a/samples/bluetooth/mesh/boards/nrf5340dk_nrf5340_cpuapp_ns.conf b/samples/bluetooth/mesh/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
diff --git a/samples/bluetooth/mesh_demo/boards/nrf5340dk_nrf5340_cpuapp_ns.conf b/samples/bluetooth/mesh_demo/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
diff --git a/samples/bluetooth/mesh_provisioner/boards/nrf5340dk_nrf5340_cpuapp_ns.conf b/samples/bluetooth/mesh_provisioner/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
diff --git a/subsys/bluetooth/Kconfig b/subsys/bluetooth/Kconfig
@@ -241,13 +241,6 @@ config BT_SHELL
 	  Activate shell module that provides Bluetooth commands to the
 	  console.
 
-config BT_USE_PSA_API
-	bool "Use PSA APIs instead of TinyCrypt for crypto operations"
-	depends on BT_CRYPTO || BT_HOST_CRYPTO || BT_ECC
-	depends on PSA_CRYPTO_CLIENT
-	help
-	  Use PSA APIs instead of TinyCrypt for crypto operations
-
 endif # BT_HCI
 
 config BT_COMPANY_ID

diff --git a/subsys/bluetooth/crypto/CMakeLists.txt b/subsys/bluetooth/crypto/CMakeLists.txt
@@ -4,15 +4,11 @@ zephyr_library()
 
 zephyr_library_sources(bt_crypto.c)
 
-if(CONFIG_BT_USE_PSA_API)
-    zephyr_library_sources(bt_crypto_psa.c)
-    zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS)
-    zephyr_library_include_directories_ifdef(CONFIG_BUILD_WITH_TFM
-        $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/api_ns/interface/include
-    )
-else()
-    zephyr_library_sources(bt_crypto_tc.c)
-endif()
+zephyr_library_sources(bt_crypto_psa.c)
+zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS)
+zephyr_library_include_directories_ifdef(CONFIG_BUILD_WITH_TFM
+    $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/api_ns/interface/include
+)
 
 if(CONFIG_BT_CRYPTO_LOG_LEVEL_DBG)
     message(WARNING "CONFIG_BT_CRYPTO_LOG_LEVEL_DBG is enabled.

diff --git a/subsys/bluetooth/crypto/Kconfig b/subsys/bluetooth/crypto/Kconfig
@@ -3,10 +3,10 @@
 
 config BT_CRYPTO
 	bool
-	select TINYCRYPT if !BT_USE_PSA_API
-	select TINYCRYPT_AES if !BT_USE_PSA_API
-	select TINYCRYPT_AES_CMAC if !BT_USE_PSA_API
-	select PSA_WANT_KEY_TYPE_AES if BT_USE_PSA_API
-	select PSA_WANT_ALG_CMAC if BT_USE_PSA_API
+	select MBEDTLS if !BUILD_WITH_TFM
+	select MBEDTLS_PSA_CRYPTO_C if !BUILD_WITH_TFM
+	select PSA_WANT_KEY_TYPE_AES
+	select PSA_WANT_ALG_CMAC
+	select MBEDTLS_AES_ROM_TABLES if MBEDTLS_PSA_CRYPTO_C
 	help
 	  This option enables the Bluetooth Cryptographic Toolbox.
diff --git a/subsys/bluetooth/crypto/bt_crypto.c b/subsys/bluetooth/crypto/bt_crypto.c
@@ -7,12 +7,7 @@
 
 #include <zephyr/sys/byteorder.h>
 
-#if defined(CONFIG_BT_USE_PSA_API)
 #include "psa/crypto.h"
-#else
-#include <tinycrypt/cmac_mode.h>
-#include <tinycrypt/constants.h>
-#endif
 
 #include "common/bt_str.h"
 #include "bt_crypto.h"

diff --git a/subsys/bluetooth/crypto/bt_crypto_tc.c b/subsys/bluetooth/crypto/bt_crypto_tc.c
diff --git a/subsys/bluetooth/host/CMakeLists.txt b/subsys/bluetooth/host/CMakeLists.txt
@@ -32,11 +32,10 @@ if(CONFIG_BT_HCI_HOST)
     scan.c
     )
 
-  if(CONFIG_BT_USE_PSA_API)
-    zephyr_library_sources_ifdef(CONFIG_BT_HOST_CRYPTO    crypto_psa.c)
-  else()
-    zephyr_library_sources_ifdef(CONFIG_BT_HOST_CRYPTO    crypto_tc.c)
-  endif()
+  zephyr_library_sources_ifdef(
+    CONFIG_BT_HOST_CRYPTO
+    crypto_psa.c
+    )
 
   zephyr_library_sources_ifdef(
     CONFIG_BT_ECC
@@ -116,12 +115,10 @@ if(CONFIG_BT_CONN_DISABLE_SECURITY)
     )
 endif()
 
-if(CONFIG_BT_USE_PSA_API)
-    zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS)
-    zephyr_library_include_directories_ifdef(CONFIG_BUILD_WITH_TFM
-      $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/api_ns/interface/include
-    )
-endif()
+zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS)
+zephyr_library_include_directories_ifdef(CONFIG_BUILD_WITH_TFM
+  $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/api_ns/interface/include
+)
 
 # Bluetooth Mesh has test dependencies in the host.
 # In order to compile Bsim tests with these test features

diff --git a/subsys/bluetooth/host/Kconfig b/subsys/bluetooth/host/Kconfig
@@ -168,22 +168,23 @@ rsource "../audio/Kconfig"
 config BT_HOST_CRYPTO
 	bool "Use crypto functionality implemented in the Bluetooth host"
 	default y if !BT_CTLR_CRYPTO
-	select TINYCRYPT if !BT_USE_PSA_API
-	select TINYCRYPT_AES if !BT_USE_PSA_API
-	select PSA_WANT_KEY_TYPE_AES if BT_USE_PSA_API
+	select MBEDTLS if !BUILD_WITH_TFM
+	select MBEDTLS_PSA_CRYPTO_C if !BUILD_WITH_TFM
+	select PSA_WANT_KEY_TYPE_AES
+	select PSA_WANT_ALG_ECB_NO_PADDING
 	help
-	  The option adds the AES encryption support using TinyCrypt
+	  The option adds the AES encryption support using PSA Crypto API
 	  library if this is not provided by the controller implementation.
 
 config BT_HOST_CRYPTO_PRNG
-	bool "Use Tinycrypt library for random number generation"
+	bool "Use PSA crypto API library for random number generation"
 	default y
-	select TINYCRYPT_SHA256 if !BT_USE_PSA_API
-	select TINYCRYPT_SHA256_HMAC if !BT_USE_PSA_API
-	select TINYCRYPT_SHA256_HMAC_PRNG if !BT_USE_PSA_API
+	select PSA_WANT_ALG_SHA_256
+	select PSA_WANT_KEY_TYPE_HMAC
+	select PSA_WANT_ALG_HMAC
 	depends on BT_HOST_CRYPTO
 	help
-	  When selected, will use tinycrypt library for random number generation.
+	  When selected, will use PSA Crypto API library for random number generation.
 	  This will consume additional ram, but may speed up the generation of random
 	  numbers.
 

diff --git a/subsys/bluetooth/host/Kconfig.gatt b/subsys/bluetooth/host/Kconfig.gatt
@@ -115,11 +115,10 @@ config BT_GATT_CACHING
 	bool "GATT Caching support"
 	default y
 	depends on BT_GATT_SERVICE_CHANGED
-	select TINYCRYPT if !BT_USE_PSA_API
-	select TINYCRYPT_AES if !BT_USE_PSA_API
-	select TINYCRYPT_AES_CMAC if !BT_USE_PSA_API
-	select PSA_WANT_KEY_TYPE_AES if BT_USE_PSA_API
-	select PSA_WANT_ALG_CMAC if BT_USE_PSA_API
+	depends on PSA_CRYPTO_CLIENT
+	select PSA_WANT_KEY_TYPE_AES
+	select PSA_WANT_ALG_CMAC
+	select MBEDTLS_AES_ROM_TABLES if MBEDTLS_PSA_CRYPTO_C
 	help
 	  This option enables support for GATT Caching. When enabled the stack
 	  will register Client Supported Features and Database Hash

diff --git a/subsys/bluetooth/host/crypto_psa.c b/subsys/bluetooth/host/crypto_psa.c
@@ -30,6 +30,7 @@ LOG_MODULE_REGISTER(bt_host_crypto);
 int prng_init(void)
 {
 	if (psa_crypto_init() != PSA_SUCCESS) {
+		LOG_ERR("psa_crypto_init() failed");
 		return -EIO;
 	}
 	return 0;
@@ -42,6 +43,7 @@ int bt_rand(void *buf, size_t len)
 		return 0;
 	}
 
+	LOG_ERR("psa_generate_random() failed");
 	return -EIO;
 }
 #else /* !CONFIG_BT_HOST_CRYPTO_PRNG */

diff --git a/subsys/bluetooth/host/crypto_tc.c b/subsys/bluetooth/host/crypto_tc.c