From d466b521fbbdf602a32d92c8ff9f9371e624fa51 Mon Sep 17 00:00:00 2001 From: Aleksandr Khromykh Date: Wed, 1 Nov 2023 15:44:23 +0100 Subject: [PATCH] [nrf fromlist] Bluetooth: Mesh: no more tinycrypt in ble mesh tfm image PR allows to get rid of tinycrypt objects from the final binary of the ble mesh apps based on PSA TFM crypto. Upstream PR: https://github.com/zephyrproject-rtos/zephyr/pull/64696 Signed-off-by: Aleksandr Khromykh (cherry picked from commit c5ee143d773e713901896319a4d116082ca0771d) --- .../boards/nrf5340dk_nrf5340_cpuapp_ns.conf | 5 +++ .../boards/nrf5340dk_nrf5340_cpuapp_ns.conf | 5 +++ .../boards/nrf5340dk_nrf5340_cpuapp_ns.conf | 3 ++ subsys/bluetooth/host/Kconfig | 7 ++-- subsys/bluetooth/mesh/crypto_psa.c | 10 ++++++ tests/bsim/bluetooth/mesh/overlay_psa.conf | 5 +++ tests/bsim/bluetooth/mesh/src/test_dfu.c | 35 ++++++++++--------- .../bluetooth/mesh/src/test_persistence.c | 2 +- .../bluetooth/mesh/src/test_replay_cache.c | 8 +++++ 9 files changed, 59 insertions(+), 21 deletions(-) diff --git a/samples/bluetooth/mesh/boards/nrf5340dk_nrf5340_cpuapp_ns.conf b/samples/bluetooth/mesh/boards/nrf5340dk_nrf5340_cpuapp_ns.conf index c638a292c91..4693e4d1f78 100644 --- a/samples/bluetooth/mesh/boards/nrf5340dk_nrf5340_cpuapp_ns.conf +++ b/samples/bluetooth/mesh/boards/nrf5340dk_nrf5340_cpuapp_ns.conf @@ -1,3 +1,8 @@ +# The option adds TinyCrypt based bt_rand. +CONFIG_BT_HOST_CRYPTO=n +# The option adds GATT caching feature that is based on TinyCrypt. +CONFIG_BT_GATT_CACHING=n + # Known issue: non secure platforms do not work with settings subsystem. CONFIG_SETTINGS=n CONFIG_BT_SETTINGS=n diff --git a/samples/bluetooth/mesh_demo/boards/nrf5340dk_nrf5340_cpuapp_ns.conf b/samples/bluetooth/mesh_demo/boards/nrf5340dk_nrf5340_cpuapp_ns.conf index c638a292c91..4693e4d1f78 100644 --- a/samples/bluetooth/mesh_demo/boards/nrf5340dk_nrf5340_cpuapp_ns.conf +++ b/samples/bluetooth/mesh_demo/boards/nrf5340dk_nrf5340_cpuapp_ns.conf @@ -1,3 +1,8 @@ +# The option adds TinyCrypt based bt_rand. +CONFIG_BT_HOST_CRYPTO=n +# The option adds GATT caching feature that is based on TinyCrypt. +CONFIG_BT_GATT_CACHING=n + # Known issue: non secure platforms do not work with settings subsystem. CONFIG_SETTINGS=n CONFIG_BT_SETTINGS=n diff --git a/samples/bluetooth/mesh_provisioner/boards/nrf5340dk_nrf5340_cpuapp_ns.conf b/samples/bluetooth/mesh_provisioner/boards/nrf5340dk_nrf5340_cpuapp_ns.conf index c638a292c91..c3d134592fc 100644 --- a/samples/bluetooth/mesh_provisioner/boards/nrf5340dk_nrf5340_cpuapp_ns.conf +++ b/samples/bluetooth/mesh_provisioner/boards/nrf5340dk_nrf5340_cpuapp_ns.conf @@ -1,3 +1,6 @@ +# The option adds TinyCrypt based bt_rand. +CONFIG_BT_HOST_CRYPTO=n + # Known issue: non secure platforms do not work with settings subsystem. CONFIG_SETTINGS=n CONFIG_BT_SETTINGS=n diff --git a/subsys/bluetooth/host/Kconfig b/subsys/bluetooth/host/Kconfig index a4cf2e0959b..2e740686b69 100644 --- a/subsys/bluetooth/host/Kconfig +++ b/subsys/bluetooth/host/Kconfig @@ -163,12 +163,13 @@ rsource "../mesh/Kconfig" rsource "../audio/Kconfig" config BT_HOST_CRYPTO - # Hidden option that compiles in AES encryption support using TinyCrypt - # library if this is not provided by the controller implementation. - bool + bool "Use crypto functionality implemented in the Bluetooth host" default y if !BT_CTLR_CRYPTO select TINYCRYPT select TINYCRYPT_AES + help + The option adds the AES encryption support using TinyCrypt + library if this is not provided by the controller implementation. config BT_HOST_CRYPTO_PRNG bool "Use Tinycrypt library for random number generation" diff --git a/subsys/bluetooth/mesh/crypto_psa.c b/subsys/bluetooth/mesh/crypto_psa.c index 450cde679a8..587c367a6bd 100644 --- a/subsys/bluetooth/mesh/crypto_psa.c +++ b/subsys/bluetooth/mesh/crypto_psa.c @@ -7,6 +7,7 @@ #include #include +#include #define LOG_LEVEL CONFIG_BT_MESH_CRYPTO_LOG_LEVEL #include @@ -510,3 +511,12 @@ int bt_mesh_key_compare(const uint8_t raw_key[16], const struct bt_mesh_key *key return memcmp(out, raw_key, 16); } + +__weak int bt_rand(void *buf, size_t len) +{ + CHECKIF(buf == NULL || len == 0) { + return -EINVAL; + } + + return psa_generate_random(buf, len) == PSA_SUCCESS ? 0 : -EIO; +} diff --git a/tests/bsim/bluetooth/mesh/overlay_psa.conf b/tests/bsim/bluetooth/mesh/overlay_psa.conf index ba81c1e0213..1957085b7e4 100644 --- a/tests/bsim/bluetooth/mesh/overlay_psa.conf +++ b/tests/bsim/bluetooth/mesh/overlay_psa.conf @@ -1,2 +1,7 @@ +# The option adds TinyCrypt based bt_rand. +CONFIG_BT_HOST_CRYPTO=n +# The option adds GATT caching feature that is based on TinyCrypt. +CONFIG_BT_GATT_CACHING=n + # Enable mbedTLS PSA as a crypto backend CONFIG_BT_MESH_USES_MBEDTLS_PSA=y diff --git a/tests/bsim/bluetooth/mesh/src/test_dfu.c b/tests/bsim/bluetooth/mesh/src/test_dfu.c index a235e86eeec..46ad4cecb41 100644 --- a/tests/bsim/bluetooth/mesh/src/test_dfu.c +++ b/tests/bsim/bluetooth/mesh/src/test_dfu.c @@ -23,6 +23,7 @@ LOG_MODULE_REGISTER(LOG_MODULE_NAME, LOG_LEVEL_INF); #define TARGET_ADDR 0x0100 #define IMPOSTER_MODEL_ID 0xe000 #define TEST_BLOB_ID 0xaabbccdd +#define SEMAPHORE_TIMEOUT 250 /* seconds */ struct bind_params { uint16_t model_id; @@ -1016,7 +1017,7 @@ static void test_cli_fail_on_persistency(void) FAIL("DFU Client send failed (err: %d)", err); } - if (k_sem_take(&dfu_ended, K_SECONDS(200))) { + if (k_sem_take(&dfu_ended, K_SECONDS(SEMAPHORE_TIMEOUT))) { FAIL("Firmware transfer failed"); } @@ -1050,7 +1051,7 @@ static void test_cli_fail_on_persistency(void) FAIL("DFU Client apply failed (err: %d)", err); } - if (k_sem_take(&dfu_cli_applied_sem, K_SECONDS(200))) { + if (k_sem_take(&dfu_cli_applied_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) { FAIL("Failed to apply firmware"); } @@ -1063,7 +1064,7 @@ static void test_cli_fail_on_persistency(void) FAIL("DFU Client confirm failed (err: %d)", err); } - if (k_sem_take(&dfu_cli_confirmed_sem, K_SECONDS(200))) { + if (k_sem_take(&dfu_cli_confirmed_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) { FAIL("Failed to confirm firmware"); } @@ -1096,7 +1097,7 @@ static void test_cli_all_targets_lost_common(void) FAIL("DFU Client send failed (err: %d)", err); } - if (k_sem_take(&dfu_ended, K_SECONDS(200))) { + if (k_sem_take(&dfu_ended, K_SECONDS(SEMAPHORE_TIMEOUT))) { FAIL("Firmware transfer failed"); } } @@ -1187,7 +1188,7 @@ static void test_cli_all_targets_lost_on_apply(void) FAIL("DFU Client apply failed (err: %d)", err); } - if (!k_sem_take(&dfu_cli_applied_sem, K_SECONDS(200))) { + if (!k_sem_take(&dfu_cli_applied_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) { FAIL("Apply should not be successful on any target"); } @@ -1218,7 +1219,7 @@ static void test_cli_stop(void) FAIL("DFU Client send failed (err: %d)", err); } - if (k_sem_take(&dfu_started, K_SECONDS(200))) { + if (k_sem_take(&dfu_started, K_SECONDS(SEMAPHORE_TIMEOUT))) { FAIL("Firmware transfer failed"); } @@ -1234,7 +1235,7 @@ static void test_cli_stop(void) FAIL("DFU Client resume failed (err: %d)", err); } - if (k_sem_take(&dfu_verifying, K_SECONDS(200))) { + if (k_sem_take(&dfu_verifying, K_SECONDS(SEMAPHORE_TIMEOUT))) { FAIL("Firmware transfer failed"); } ASSERT_EQUAL(BT_MESH_DFU_ERR_INTERNAL, dfu_cli_xfer.targets[0].status); @@ -1253,7 +1254,7 @@ static void test_cli_stop(void) FAIL("DFU Client send failed (err: %d)", err); } - if (k_sem_take(&dfu_verify_failed, K_SECONDS(200))) { + if (k_sem_take(&dfu_verify_failed, K_SECONDS(SEMAPHORE_TIMEOUT))) { FAIL("Firmware transfer failed"); } @@ -1269,12 +1270,12 @@ static void test_cli_stop(void) if (err) { FAIL("DFU Client send failed (err: %d)", err); } - if (k_sem_take(&dfu_ended, K_SECONDS(200))) { + if (k_sem_take(&dfu_ended, K_SECONDS(SEMAPHORE_TIMEOUT))) { FAIL("Firmware transfer failed"); } bt_mesh_dfu_cli_apply(&dfu_cli); - if (k_sem_take(&dfu_cli_applied_sem, K_SECONDS(200))) { + if (k_sem_take(&dfu_cli_applied_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) { /* This will time out as target will reboot before applying */ } ASSERT_EQUAL(BT_MESH_DFU_ERR_INTERNAL, dfu_cli_xfer.targets[0].status); @@ -1464,7 +1465,7 @@ static void test_target_fail_on_metadata(void) common_fail_on_target_init(&target_comp); target_prov_and_conf_default(); - if (k_sem_take(&dfu_metadata_check_sem, K_SECONDS(200))) { + if (k_sem_take(&dfu_metadata_check_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) { FAIL("Metadata check CB wasn't called"); } @@ -1478,7 +1479,7 @@ static void test_target_fail_on_caps_get(void) common_fail_on_target_init(&srv_caps_broken_comp); target_prov_and_conf_with_imposer(); - if (k_sem_take(&caps_get_sem, K_SECONDS(200))) { + if (k_sem_take(&caps_get_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) { FAIL("BLOB Info Get msg handler wasn't called"); } @@ -1492,11 +1493,11 @@ static void test_target_fail_on_update_get(void) common_fail_on_target_init(&srv_update_get_broken_comp); target_prov_and_conf_with_imposer(); - if (k_sem_take(&dfu_verify_sem, K_SECONDS(200))) { + if (k_sem_take(&dfu_verify_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) { FAIL("Transfer end CB wasn't triggered"); } - if (k_sem_take(&update_get_sem, K_SECONDS(200))) { + if (k_sem_take(&update_get_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) { FAIL("Firmware Update Get msg handler wasn't called"); } @@ -1511,7 +1512,7 @@ static void test_target_fail_on_verify(void) common_fail_on_target_init(&target_comp); target_prov_and_conf_default(); - if (k_sem_take(&dfu_verify_sem, K_SECONDS(200))) { + if (k_sem_take(&dfu_verify_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) { FAIL("Transfer end CB wasn't triggered"); } @@ -1525,7 +1526,7 @@ static void test_target_fail_on_apply(void) common_fail_on_target_init(&srv_update_apply_broken_comp); target_prov_and_conf_with_imposer(); - if (k_sem_take(&update_apply_sem, K_SECONDS(200))) { + if (k_sem_take(&update_apply_sem, K_SECONDS(SEMAPHORE_TIMEOUT))) { FAIL("Firmware Update Apply msg handler wasn't called"); } @@ -1537,7 +1538,7 @@ static void test_target_fail_on_nothing(void) common_fail_on_target_init(&target_comp); target_prov_and_conf_default(); - if (k_sem_take(&dfu_ended, K_SECONDS(200))) { + if (k_sem_take(&dfu_ended, K_SECONDS(SEMAPHORE_TIMEOUT))) { FAIL("DFU failed"); } diff --git a/tests/bsim/bluetooth/mesh/src/test_persistence.c b/tests/bsim/bluetooth/mesh/src/test_persistence.c index 90bf41f73a6..aab9c6dd185 100644 --- a/tests/bsim/bluetooth/mesh/src/test_persistence.c +++ b/tests/bsim/bluetooth/mesh/src/test_persistence.c @@ -525,7 +525,7 @@ static void node_configure(void) */ uint8_t net_transmit; - net_transmit = BT_MESH_TRANSMIT(3, 20); + net_transmit = BT_MESH_TRANSMIT(3, 50); err = bt_mesh_cfg_cli_net_transmit_set(test_netkey_idx, TEST_ADDR, net_transmit, &status); if (err || status != net_transmit) { FAIL("Net transmit set failed (err %d, transmit %x)", err, status); diff --git a/tests/bsim/bluetooth/mesh/src/test_replay_cache.c b/tests/bsim/bluetooth/mesh/src/test_replay_cache.c index dbab05661cb..d7c140ab3ed 100644 --- a/tests/bsim/bluetooth/mesh/src/test_replay_cache.c +++ b/tests/bsim/bluetooth/mesh/src/test_replay_cache.c @@ -149,6 +149,8 @@ static void test_tx_immediate_replay_attack(void) } ASSERT_TRUE(is_tx_succeeded); + /* Let complete advertising of the previous transaction to prevent collisions. */ + k_sleep(K_SECONDS(1)); } bt_mesh.seq = seq; @@ -165,6 +167,8 @@ static void test_tx_immediate_replay_attack(void) } ASSERT_TRUE(!is_tx_succeeded); + /* Let complete advertising of the previous transaction to prevent collisions. */ + k_sleep(K_SECONDS(1)); } PASS(); @@ -208,6 +212,8 @@ static void test_tx_power_replay_attack(void) } ASSERT_TRUE(!is_tx_succeeded); + /* Let complete advertising of the previous transaction to prevent collisions. */ + k_sleep(K_SECONDS(1)); } for (int i = 0; i < 3; i++) { @@ -222,6 +228,8 @@ static void test_tx_power_replay_attack(void) } ASSERT_TRUE(is_tx_succeeded); + /* Let complete advertising of the previous transaction to prevent collisions. */ + k_sleep(K_SECONDS(1)); } PASS();