[nrf fromlist] Bluetooth: Mesh: no more tinycrypt in ble mesh tfm image

PR allows to get rid of tinycrypt objects from
the final binary of the ble mesh apps based on
PSA TFM crypto.

Upstream PR: zephyrproject-rtos/zephyr#64696
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
(cherry picked from commit c5ee143)

samples/bluetooth/mesh/boards/nrf5340dk_nrf5340_cpuapp_ns.conf

@@ -1,3 +1,8 @@
+# The option adds TinyCrypt based bt_rand.
+CONFIG_BT_HOST_CRYPTO=n
+# The option adds GATT caching feature that is based on TinyCrypt.
+CONFIG_BT_GATT_CACHING=n
+
 # Known issue: non secure platforms do not work with settings subsystem.
 CONFIG_SETTINGS=n
 CONFIG_BT_SETTINGS=n

samples/bluetooth/mesh_demo/boards/nrf5340dk_nrf5340_cpuapp_ns.conf

@@ -1,3 +1,8 @@
+# The option adds TinyCrypt based bt_rand.
+CONFIG_BT_HOST_CRYPTO=n
+# The option adds GATT caching feature that is based on TinyCrypt.
+CONFIG_BT_GATT_CACHING=n
+
 # Known issue: non secure platforms do not work with settings subsystem.
 CONFIG_SETTINGS=n
 CONFIG_BT_SETTINGS=n

samples/bluetooth/mesh_provisioner/boards/nrf5340dk_nrf5340_cpuapp_ns.conf

@@ -1,3 +1,6 @@
+# The option adds TinyCrypt based bt_rand.
+CONFIG_BT_HOST_CRYPTO=n
+
 # Known issue: non secure platforms do not work with settings subsystem.
 CONFIG_SETTINGS=n
 CONFIG_BT_SETTINGS=n

subsys/bluetooth/host/Kconfig

@@ -163,12 +163,13 @@ rsource "../mesh/Kconfig"
 rsource "../audio/Kconfig"
 
 config BT_HOST_CRYPTO
-	# Hidden option that compiles in AES encryption support using TinyCrypt
-	# library if this is not provided by the controller implementation.
-	bool
+	bool "Use crypto functionality implemented in the Bluetooth host"
 	default y if !BT_CTLR_CRYPTO
 	select TINYCRYPT
 	select TINYCRYPT_AES
+	help
+	  The option adds the AES encryption support using TinyCrypt
+	  library if this is not provided by the controller implementation.
 
 config BT_HOST_CRYPTO_PRNG
 	bool "Use Tinycrypt library for random number generation"

subsys/bluetooth/mesh/crypto_psa.c

@@ -7,6 +7,7 @@
 #include <errno.h>
 
 #include <zephyr/bluetooth/mesh.h>
+#include <zephyr/sys/check.h>
 
 #define LOG_LEVEL CONFIG_BT_MESH_CRYPTO_LOG_LEVEL
 #include <zephyr/logging/log.h>
@@ -510,3 +511,12 @@ int bt_mesh_key_compare(const uint8_t raw_key[16], const struct bt_mesh_key *key
 
 	return memcmp(out, raw_key, 16);
 }
+
+__weak int bt_rand(void *buf, size_t len)
+{
+	CHECKIF(buf == NULL || len == 0) {
+		return -EINVAL;
+	}
+
+	return psa_generate_random(buf, len) == PSA_SUCCESS ? 0 : -EIO;
+}

tests/bsim/bluetooth/mesh/overlay_psa.conf

@@ -1,2 +1,7 @@
+# The option adds TinyCrypt based bt_rand.
+CONFIG_BT_HOST_CRYPTO=n
+# The option adds GATT caching feature that is based on TinyCrypt.
+CONFIG_BT_GATT_CACHING=n
+
 # Enable mbedTLS PSA as a crypto backend
 CONFIG_BT_MESH_USES_MBEDTLS_PSA=y

tests/bsim/bluetooth/mesh/src/test_dfu.c

@@ -23,6 +23,7 @@ LOG_MODULE_REGISTER(LOG_MODULE_NAME, LOG_LEVEL_INF);
 #define TARGET_ADDR 0x0100
 #define IMPOSTER_MODEL_ID 0xe000
 #define TEST_BLOB_ID 0xaabbccdd
+#define SEMAPHORE_TIMEOUT 250 /* seconds */
 
 struct bind_params {
 	uint16_t model_id;
@@ -1016,7 +1017,7 @@ static void test_cli_fail_on_persistency(void)
 		FAIL("DFU Client send failed (err: %d)", err);
 	}
 
-	if (k_sem_take(&dfu_ended, K_SECONDS(200))) {
+	if (k_sem_take(&dfu_ended, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Firmware transfer failed");
 	}
 
@@ -1050,7 +1051,7 @@ static void test_cli_fail_on_persistency(void)
 		FAIL("DFU Client apply failed (err: %d)", err);
 	}
 
-	if (k_sem_take(&dfu_cli_applied_sem, K_SECONDS(200))) {
+	if (k_sem_take(&dfu_cli_applied_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Failed to apply firmware");
 	}
 
@@ -1063,7 +1064,7 @@ static void test_cli_fail_on_persistency(void)
 		FAIL("DFU Client confirm failed (err: %d)", err);
 	}
 
-	if (k_sem_take(&dfu_cli_confirmed_sem, K_SECONDS(200))) {
+	if (k_sem_take(&dfu_cli_confirmed_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Failed to confirm firmware");
 	}
 
@@ -1096,7 +1097,7 @@ static void test_cli_all_targets_lost_common(void)
 		FAIL("DFU Client send failed (err: %d)", err);
 	}
 
-	if (k_sem_take(&dfu_ended, K_SECONDS(200))) {
+	if (k_sem_take(&dfu_ended, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Firmware transfer failed");
 	}
 }
@@ -1187,7 +1188,7 @@ static void test_cli_all_targets_lost_on_apply(void)
 		FAIL("DFU Client apply failed (err: %d)", err);
 	}
 
-	if (!k_sem_take(&dfu_cli_applied_sem, K_SECONDS(200))) {
+	if (!k_sem_take(&dfu_cli_applied_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Apply should not be successful on any target");
 	}
 
@@ -1218,7 +1219,7 @@ static void test_cli_stop(void)
 			FAIL("DFU Client send failed (err: %d)", err);
 		}
 
-		if (k_sem_take(&dfu_started, K_SECONDS(200))) {
+		if (k_sem_take(&dfu_started, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 			FAIL("Firmware transfer failed");
 		}
 
@@ -1234,7 +1235,7 @@ static void test_cli_stop(void)
 			FAIL("DFU Client resume failed (err: %d)", err);
 		}
 
-		if (k_sem_take(&dfu_verifying, K_SECONDS(200))) {
+		if (k_sem_take(&dfu_verifying, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 			FAIL("Firmware transfer failed");
 		}
 		ASSERT_EQUAL(BT_MESH_DFU_ERR_INTERNAL, dfu_cli_xfer.targets[0].status);
@@ -1253,7 +1254,7 @@ static void test_cli_stop(void)
 			FAIL("DFU Client send failed (err: %d)", err);
 		}
 
-		if (k_sem_take(&dfu_verify_failed, K_SECONDS(200))) {
+		if (k_sem_take(&dfu_verify_failed, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 			FAIL("Firmware transfer failed");
 		}
 
@@ -1269,12 +1270,12 @@ static void test_cli_stop(void)
 		if (err) {
 			FAIL("DFU Client send failed (err: %d)", err);
 		}
-		if (k_sem_take(&dfu_ended, K_SECONDS(200))) {
+		if (k_sem_take(&dfu_ended, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 			FAIL("Firmware transfer failed");
 		}
 
 		bt_mesh_dfu_cli_apply(&dfu_cli);
-		if (k_sem_take(&dfu_cli_applied_sem, K_SECONDS(200))) {
+		if (k_sem_take(&dfu_cli_applied_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 			/* This will time out as target will reboot before applying */
 		}
 		ASSERT_EQUAL(BT_MESH_DFU_ERR_INTERNAL, dfu_cli_xfer.targets[0].status);
@@ -1464,7 +1465,7 @@ static void test_target_fail_on_metadata(void)
 	common_fail_on_target_init(&target_comp);
 	target_prov_and_conf_default();
 
-	if (k_sem_take(&dfu_metadata_check_sem, K_SECONDS(200))) {
+	if (k_sem_take(&dfu_metadata_check_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Metadata check CB wasn't called");
 	}
 
@@ -1478,7 +1479,7 @@ static void test_target_fail_on_caps_get(void)
 	common_fail_on_target_init(&srv_caps_broken_comp);
 	target_prov_and_conf_with_imposer();
 
-	if (k_sem_take(&caps_get_sem, K_SECONDS(200))) {
+	if (k_sem_take(&caps_get_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("BLOB Info Get msg handler wasn't called");
 	}
 
@@ -1492,11 +1493,11 @@ static void test_target_fail_on_update_get(void)
 	common_fail_on_target_init(&srv_update_get_broken_comp);
 	target_prov_and_conf_with_imposer();
 
-	if (k_sem_take(&dfu_verify_sem, K_SECONDS(200))) {
+	if (k_sem_take(&dfu_verify_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Transfer end CB wasn't triggered");
 	}
 
-	if (k_sem_take(&update_get_sem, K_SECONDS(200))) {
+	if (k_sem_take(&update_get_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Firmware Update Get msg handler wasn't called");
 	}
 
@@ -1511,7 +1512,7 @@ static void test_target_fail_on_verify(void)
 	common_fail_on_target_init(&target_comp);
 	target_prov_and_conf_default();
 
-	if (k_sem_take(&dfu_verify_sem, K_SECONDS(200))) {
+	if (k_sem_take(&dfu_verify_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Transfer end CB wasn't triggered");
 	}
 
@@ -1525,7 +1526,7 @@ static void test_target_fail_on_apply(void)
 	common_fail_on_target_init(&srv_update_apply_broken_comp);
 	target_prov_and_conf_with_imposer();
 
-	if (k_sem_take(&update_apply_sem, K_SECONDS(200))) {
+	if (k_sem_take(&update_apply_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("Firmware Update Apply msg handler wasn't called");
 	}
 
@@ -1537,7 +1538,7 @@ static void test_target_fail_on_nothing(void)
 	common_fail_on_target_init(&target_comp);
 	target_prov_and_conf_default();
 
-	if (k_sem_take(&dfu_ended, K_SECONDS(200))) {
+	if (k_sem_take(&dfu_ended, K_SECONDS(SEMAPHORE_TIMEOUT))) {
 		FAIL("DFU failed");
 	}
 

tests/bsim/bluetooth/mesh/src/test_persistence.c

@@ -525,7 +525,7 @@ static void node_configure(void)
 	 */
 	uint8_t net_transmit;
 
-	net_transmit = BT_MESH_TRANSMIT(3, 20);
+	net_transmit = BT_MESH_TRANSMIT(3, 50);
 	err = bt_mesh_cfg_cli_net_transmit_set(test_netkey_idx, TEST_ADDR, net_transmit, &status);
 	if (err || status != net_transmit) {
 		FAIL("Net transmit set failed (err %d, transmit %x)", err, status);

tests/bsim/bluetooth/mesh/src/test_replay_cache.c

@@ -149,6 +149,8 @@ static void test_tx_immediate_replay_attack(void)
 		}
 
 		ASSERT_TRUE(is_tx_succeeded);
+		/* Let complete advertising of the previous transaction to prevent collisions. */
+		k_sleep(K_SECONDS(1));
 	}
 
 	bt_mesh.seq = seq;
@@ -165,6 +167,8 @@ static void test_tx_immediate_replay_attack(void)
 		}
 
 		ASSERT_TRUE(!is_tx_succeeded);
+		/* Let complete advertising of the previous transaction to prevent collisions. */
+		k_sleep(K_SECONDS(1));
 	}
 
 	PASS();
@@ -208,6 +212,8 @@ static void test_tx_power_replay_attack(void)
 		}
 
 		ASSERT_TRUE(!is_tx_succeeded);
+		/* Let complete advertising of the previous transaction to prevent collisions. */
+		k_sleep(K_SECONDS(1));
 	}
 
 	for (int i = 0; i < 3; i++) {
@@ -222,6 +228,8 @@ static void test_tx_power_replay_attack(void)
 		}
 
 		ASSERT_TRUE(is_tx_succeeded);
+		/* Let complete advertising of the previous transaction to prevent collisions. */
+		k_sleep(K_SECONDS(1));
 	}
 
 	PASS();