From 74ac6a949f1fd2357c99537e6f326f11377d7a38 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 18 Oct 2024 06:03:54 +0200 Subject: [PATCH] bt-mesh: remove BT_MESH_USES_TINYCRYPT As part of the deprecation process of TinyCrypt in Zephyr codebase (#79566) this commit removes TinyCrypt usage from BT mesh and also the related CONFIG_BT_MESH_USES_TINYCRYPT symbol and it sets PSA Crypto APIs as the default library for crypto operations. Tests are also updated in this commit. Signed-off-by: Valerio Setti --- include/zephyr/bluetooth/mesh/keys.h | 8 - subsys/bluetooth/mesh/CMakeLists.txt | 6 +- subsys/bluetooth/mesh/Kconfig | 17 +- subsys/bluetooth/mesh/crypto_tc.c | 156 ------------------ subsys/bluetooth/mesh/keys.h | 34 ---- tests/bluetooth/mesh/brg/CMakeLists.txt | 2 +- .../mesh/delayable_msg/CMakeLists.txt | 2 +- tests/bluetooth/mesh/rpl/CMakeLists.txt | 2 +- .../bsim/bluetooth/mesh/src/test_provision.c | 11 -- 9 files changed, 6 insertions(+), 232 deletions(-) delete mode 100644 subsys/bluetooth/mesh/crypto_tc.c diff --git a/include/zephyr/bluetooth/mesh/keys.h b/include/zephyr/bluetooth/mesh/keys.h index 73e0a8a2a93838..9c47c47cfd57b2 100644 --- a/include/zephyr/bluetooth/mesh/keys.h +++ b/include/zephyr/bluetooth/mesh/keys.h @@ -28,14 +28,6 @@ struct bt_mesh_key { psa_key_id_t key; }; -#elif defined CONFIG_BT_MESH_USES_TINYCRYPT - -/** The structure that keeps representation of key. */ -struct bt_mesh_key { - /** tinycrypt key representation is the pure key value. */ - uint8_t key[16]; -}; - #else #error "Crypto library has not been chosen" #endif diff --git a/subsys/bluetooth/mesh/CMakeLists.txt b/subsys/bluetooth/mesh/CMakeLists.txt index 3d5deadc6d92dc..6b76809cb1d2cb 100644 --- a/subsys/bluetooth/mesh/CMakeLists.txt +++ b/subsys/bluetooth/mesh/CMakeLists.txt @@ -123,11 +123,7 @@ zephyr_library_sources_ifdef(CONFIG_BT_MESH_STATISTIC statistic.c) zephyr_library_sources_ifdef(CONFIG_BT_MESH_ACCESS_DELAYABLE_MSG delayable_msg.c) -if (CONFIG_BT_MESH_USES_TINYCRYPT) - zephyr_library_sources(crypto_tc.c) -else() - zephyr_library_sources(crypto_psa.c) -endif() +zephyr_library_sources(crypto_psa.c) zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS) diff --git a/subsys/bluetooth/mesh/Kconfig b/subsys/bluetooth/mesh/Kconfig index 384033f79083e8..e844fc365a8afa 100644 --- a/subsys/bluetooth/mesh/Kconfig +++ b/subsys/bluetooth/mesh/Kconfig @@ -1399,30 +1399,17 @@ endmenu # Proxy choice BT_MESH_CRYPTO_LIB prompt "Crypto library:" default BT_MESH_USES_TFM_PSA if BUILD_WITH_TFM - default BT_MESH_USES_TINYCRYPT + default BT_MESH_USES_MBEDTLS_PSA help Crypto library selection for mesh security. -config BT_MESH_USES_TINYCRYPT - bool "TinyCrypt" - select TINYCRYPT - select TINYCRYPT_AES - select TINYCRYPT_AES_CMAC - select TINYCRYPT_ECC_DH - select TINYCRYPT_SHA256 - select TINYCRYPT_SHA256_HMAC - select BT_HOST_CCM - help - Use TinyCrypt library to perform crypto operations. - config BT_MESH_USES_MBEDTLS_PSA bool "mbed TLS PSA [EXPERIMENTAL]" select EXPERIMENTAL select MBEDTLS + select MBEDTLS_PSA_CRYPTO_C select MBEDTLS_ENTROPY_C select MBEDTLS_ENTROPY_POLL_ZEPHYR - select MBEDTLS_PSA_CRYPTO_C - select MBEDTLS_USE_PSA_CRYPTO select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE diff --git a/subsys/bluetooth/mesh/crypto_tc.c b/subsys/bluetooth/mesh/crypto_tc.c deleted file mode 100644 index 68cc9d14ed03c3..00000000000000 --- a/subsys/bluetooth/mesh/crypto_tc.c +++ /dev/null @@ -1,156 +0,0 @@ -/* - * Copyright (c) 2017 Intel Corporation - * Copyright (c) 2023 Nordic Semiconductor ASA - * - * SPDX-License-Identifier: Apache-2.0 - */ - -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#define LOG_LEVEL CONFIG_BT_MESH_CRYPTO_LOG_LEVEL -#include -LOG_MODULE_REGISTER(bt_mesh_crypto_tc); - -#include "mesh.h" -#include "crypto.h" -#include "prov.h" - -static struct { - bool is_ready; - uint8_t private_key_be[PRIV_KEY_SIZE]; - uint8_t public_key_be[PUB_KEY_SIZE]; -} dh_pair; - -int bt_mesh_encrypt(const struct bt_mesh_key *key, const uint8_t plaintext[16], - uint8_t enc_data[16]) -{ - return bt_encrypt_be(key->key, plaintext, enc_data); -} - -int bt_mesh_ccm_encrypt(const struct bt_mesh_key *key, uint8_t nonce[13], const uint8_t *plaintext, - size_t len, const uint8_t *aad, size_t aad_len, uint8_t *enc_data, - size_t mic_size) -{ - return bt_ccm_encrypt(key->key, nonce, plaintext, len, aad, aad_len, enc_data, mic_size); -} - -int bt_mesh_ccm_decrypt(const struct bt_mesh_key *key, uint8_t nonce[13], const uint8_t *enc_data, - size_t len, const uint8_t *aad, size_t aad_len, uint8_t *plaintext, - size_t mic_size) -{ - return bt_ccm_decrypt(key->key, nonce, enc_data, len, aad, aad_len, plaintext, mic_size); -} - -int bt_mesh_aes_cmac_raw_key(const uint8_t key[16], struct bt_mesh_sg *sg, size_t sg_len, - uint8_t mac[16]) -{ - struct tc_aes_key_sched_struct sched; - struct tc_cmac_struct state; - - if (tc_cmac_setup(&state, key, &sched) == TC_CRYPTO_FAIL) { - return -EIO; - } - - for (; sg_len; sg_len--, sg++) { - if (tc_cmac_update(&state, sg->data, sg->len) == TC_CRYPTO_FAIL) { - return -EIO; - } - } - - if (tc_cmac_final(mac, &state) == TC_CRYPTO_FAIL) { - return -EIO; - } - - return 0; -} - -int bt_mesh_aes_cmac_mesh_key(const struct bt_mesh_key *key, struct bt_mesh_sg *sg, - size_t sg_len, uint8_t mac[16]) -{ - return bt_mesh_aes_cmac_raw_key(key->key, sg, sg_len, mac); -} - -int bt_mesh_sha256_hmac_raw_key(const uint8_t key[32], struct bt_mesh_sg *sg, size_t sg_len, - uint8_t mac[32]) -{ - struct tc_hmac_state_struct h; - - if (tc_hmac_set_key(&h, key, 32) == TC_CRYPTO_FAIL) { - return -EIO; - } - - if (tc_hmac_init(&h) == TC_CRYPTO_FAIL) { - return -EIO; - } - - for (; sg_len; sg_len--, sg++) { - if (tc_hmac_update(&h, sg->data, sg->len) == TC_CRYPTO_FAIL) { - return -EIO; - } - } - - if (tc_hmac_final(mac, 32, &h) == TC_CRYPTO_FAIL) { - return -EIO; - } - - return 0; -} - -int bt_mesh_pub_key_gen(void) -{ - int rc = uECC_make_key(dh_pair.public_key_be, - dh_pair.private_key_be, - &curve_secp256r1); - - if (rc == TC_CRYPTO_FAIL) { - dh_pair.is_ready = false; - LOG_ERR("Failed to create public/private pair"); - return -EIO; - } - - dh_pair.is_ready = true; - - return 0; -} - -const uint8_t *bt_mesh_pub_key_get(void) -{ - return dh_pair.is_ready ? dh_pair.public_key_be : NULL; -} - -int bt_mesh_dhkey_gen(const uint8_t *pub_key, const uint8_t *priv_key, uint8_t *dhkey) -{ - if (uECC_valid_public_key(pub_key, &curve_secp256r1)) { - LOG_ERR("Public key is not valid"); - return -EIO; - } else if (uECC_shared_secret(pub_key, priv_key ? priv_key : - dh_pair.private_key_be, - dhkey, &curve_secp256r1) != TC_CRYPTO_SUCCESS) { - LOG_ERR("DHKey generation failed"); - return -EIO; - } - - return 0; -} - -__weak int default_CSPRNG(uint8_t *dst, unsigned int len) -{ - return !bt_rand(dst, len); -} - -int bt_mesh_crypto_init(void) -{ - return 0; -} diff --git a/subsys/bluetooth/mesh/keys.h b/subsys/bluetooth/mesh/keys.h index a72236e4678312..b04e4f11bcbe33 100644 --- a/subsys/bluetooth/mesh/keys.h +++ b/subsys/bluetooth/mesh/keys.h @@ -13,42 +13,8 @@ enum bt_mesh_key_type { BT_MESH_KEY_TYPE_DEV }; -#if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA || defined CONFIG_BT_MESH_USES_TFM_PSA - int bt_mesh_key_import(enum bt_mesh_key_type type, const uint8_t in[16], struct bt_mesh_key *out); int bt_mesh_key_export(uint8_t out[16], const struct bt_mesh_key *in); void bt_mesh_key_assign(struct bt_mesh_key *dst, const struct bt_mesh_key *src); int bt_mesh_key_destroy(const struct bt_mesh_key *key); int bt_mesh_key_compare(const uint8_t raw_key[16], const struct bt_mesh_key *mesh_key); - -#elif defined CONFIG_BT_MESH_USES_TINYCRYPT - -static inline int bt_mesh_key_import(enum bt_mesh_key_type type, const uint8_t in[16], - struct bt_mesh_key *out) -{ - memcpy(out, in, 16); - return 0; -} - -static inline int bt_mesh_key_export(uint8_t out[16], const struct bt_mesh_key *in) -{ - memcpy(out, in, 16); - return 0; -} - -static inline void bt_mesh_key_assign(struct bt_mesh_key *dst, const struct bt_mesh_key *src) -{ - memcpy(dst, src, sizeof(struct bt_mesh_key)); -} - -static inline int bt_mesh_key_destroy(const struct bt_mesh_key *key) -{ - return 0; -} - -static inline int bt_mesh_key_compare(const uint8_t raw_key[16], const struct bt_mesh_key *mesh_key) -{ - return memcmp(mesh_key, raw_key, 16); -} - -#endif diff --git a/tests/bluetooth/mesh/brg/CMakeLists.txt b/tests/bluetooth/mesh/brg/CMakeLists.txt index d878ad04d50fd6..aa140c39c222fd 100644 --- a/tests/bluetooth/mesh/brg/CMakeLists.txt +++ b/tests/bluetooth/mesh/brg/CMakeLists.txt @@ -19,4 +19,4 @@ target_compile_options(app -DCONFIG_BT_SETTINGS -DCONFIG_BT_MESH_BRG_CFG_SRV -DCONFIG_BT_MESH_BRG_TABLE_ITEMS_MAX=16 - -DCONFIG_BT_MESH_USES_TINYCRYPT) + -DCONFIG_BT_MESH_USES_MBEDTLS_PSA) diff --git a/tests/bluetooth/mesh/delayable_msg/CMakeLists.txt b/tests/bluetooth/mesh/delayable_msg/CMakeLists.txt index 51bf28d832003f..9c10285f0555fc 100644 --- a/tests/bluetooth/mesh/delayable_msg/CMakeLists.txt +++ b/tests/bluetooth/mesh/delayable_msg/CMakeLists.txt @@ -20,4 +20,4 @@ target_compile_options(app -DCONFIG_BT_MESH_ACCESS_DELAYABLE_MSG_COUNT=4 -DCONFIG_BT_MESH_ACCESS_DELAYABLE_MSG_CHUNK_SIZE=20 -DCONFIG_BT_MESH_ACCESS_DELAYABLE_MSG_CHUNK_COUNT=20 - -DCONFIG_BT_MESH_USES_TINYCRYPT) + -DCONFIG_BT_MESH_USES_MBEDTLS_PSA) diff --git a/tests/bluetooth/mesh/rpl/CMakeLists.txt b/tests/bluetooth/mesh/rpl/CMakeLists.txt index b22dcae3e7c835..17545736a4425b 100644 --- a/tests/bluetooth/mesh/rpl/CMakeLists.txt +++ b/tests/bluetooth/mesh/rpl/CMakeLists.txt @@ -19,4 +19,4 @@ target_compile_options(app -DCONFIG_BT_MESH_CRPL=10 -DCONFIG_BT_MESH_RPL_STORE_TIMEOUT=1 -DCONFIG_BT_SETTINGS - -DCONFIG_BT_MESH_USES_TINYCRYPT) + -DCONFIG_BT_MESH_USES_MBEDTLS_PSA) diff --git a/tests/bsim/bluetooth/mesh/src/test_provision.c b/tests/bsim/bluetooth/mesh/src/test_provision.c index c7fed00485a17b..f4057ebc7b74e5 100644 --- a/tests/bsim/bluetooth/mesh/src/test_provision.c +++ b/tests/bsim/bluetooth/mesh/src/test_provision.c @@ -15,10 +15,6 @@ #if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA #include -#elif defined CONFIG_BT_MESH_USES_TINYCRYPT -#include -#include -#include #else #error "Unknown crypto library has been chosen" #endif @@ -435,7 +431,6 @@ static void oob_auth_set(int test_step) prov.input_actions = oob_auth_test_vector[test_step].input_actions; } -#if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA static void generate_oob_key_pair(void) { psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -470,12 +465,6 @@ static void generate_oob_key_pair(void) memcpy(public_key_be, public_key_repr + 1, 64); } -#elif defined CONFIG_BT_MESH_USES_TINYCRYPT -static void generate_oob_key_pair(void) -{ - ASSERT_TRUE(uECC_make_key(public_key_be, private_key_be, uECC_secp256r1())); -} -#endif static void oob_device(bool use_oob_pk) {