TinyCrypt deprecation - library's usage removal part 2 (bluetooth)

boards/native/native_sim/Kconfig.defconfig

@@ -32,5 +32,14 @@ config UART_CONSOLE
 
 endif # CONSOLE
 
+# BT relies on PSA Crypto API to perform crypto operations. On this platform
+# this is implemented by Mbed TLS which requires a (possibly true) random
+# number generator to initialize properly. We enable ENTROPY_GENERATOR here
+# instead of manually adding it to all samples/tests configuration files because
+# it looks more compact and easier to maintain.
+config ENTROPY_GENERATOR
+	bool
+	default y if BT
+
 
 endif # BOARD_NATIVE_SIM

boards/native/nrf_bsim/Kconfig.defconfig

@@ -58,6 +58,19 @@ config BT_HCI_IPC
 
 endif # BOARD_NRF5340BSIM_NRF5340_CPUAPP
 
+if BOARD_NRF5340BSIM_NRF5340_CPUAPP || BOARD_NRF52_BSIM
+
+# BT relies on PSA Crypto API to perform crypto operations. On this platform
+# this is implemented by Mbed TLS which requires a (possibly true) random
+# number generator to initialize properly. We enable ENTROPY_GENERATOR here
+# instead of manually adding it to all samples/tests configuration files because
+# it looks more compact and easier to maintain.
+config ENTROPY_GENERATOR
+	bool
+	default y if BT
+
+endif # BOARD_NRF5340BSIM_NRF5340_CPUAPP || BOARD_NRF52_BSIM
+
 # The 15.4 driver Tx encryption is currently not functional with this
 # simulated board => we disable it by default. With this Openthread will normally
 # default to encrypt packets on its own.

boards/nordic/nrf5340_audio_dk/Kconfig.defconfig

@@ -53,6 +53,19 @@ config FLASH_LOAD_SIZE
 
 endif # BOARD_NRF5340_AUDIO_DK_NRF5340_CPUAPP_NS
 
+if BOARD_NRF5340_AUDIO_DK_NRF5340_CPUAPP
+
+# BT relies on PSA Crypto API to perform crypto operations. On this platform
+# this is implemented by Mbed TLS which requires a (possibly true) random
+# number generator to initialize properly. We enable ENTROPY_GENERATOR here
+# instead of manually adding it to all samples/tests configuration files because
+# it looks more compact and easier to maintain.
+config ENTROPY_GENERATOR
+	bool
+	default y if BT
+
+endif # BOARD_NRF5340_AUDIO_DK_NRF5340_CPUAPP
+
 config BT_HCI_IPC
 	default y if BT
 

boards/nordic/nrf5340dk/Kconfig.defconfig

@@ -43,6 +43,19 @@ config SRAM_SIZE
 
 endif # BOARD_NRF5340DK_NRF5340_CPUAPP && TRUSTED_EXECUTION_SECURE
 
+if BOARD_NRF5340DK_NRF5340_CPUAPP
+
+# BT relies on PSA Crypto API to perform crypto operations. On this platform
+# this is implemented by Mbed TLS which requires a (possibly true) random
+# number generator to initialize properly. We enable ENTROPY_GENERATOR here
+# instead of manually adding it to all samples/tests configuration files because
+# it looks more compact and easier to maintain.
+config ENTROPY_GENERATOR
+	bool
+	default y if BT
+
+endif # BOARD_NRF5340DK_NRF5340_CPUAPP
+
 if BOARD_NRF5340DK_NRF5340_CPUAPP_NS
 
 config FLASH_LOAD_OFFSET

boards/qemu/cortex_m3/Kconfig.defconfig

@@ -12,4 +12,12 @@ choice NULL_POINTER_EXCEPTION_DETECTION
 	default NULL_POINTER_EXCEPTION_DETECTION_NONE
 endchoice
 
+# BT relies on PSA Crypto API to perform crypto operations and, on this platform,
+# these APIs are provided thougth Mbed TLS. Unfortunately this platform is not
+# provided with a true random number generator which is required to properly
+# initialize the PSA Crypto core, so we need to enable the fake TEST_RANDOM_GENERATOR.
+config TEST_RANDOM_GENERATOR
+	bool
+	default y if BT
+
 endif # BOARD_QEMU_CORTEX_M3

doc/releases/migration-guide-4.1.rst

@@ -89,6 +89,15 @@ Display
 Enhanced Serial Peripheral Interface (eSPI)
 ===========================================
 
+Entropy
+=======
+
+* BT HCI based entropy driver now directly sends the HCI command to parse random
+  data instead of waiting for BT connection to be ready. This is helpful on
+  platforms where the BT controller owns the HW random generator and the application
+  processor needs to get random data before BT is fully enabled.
+  (:github:`79931`)
+
 GNSS
 ====
 
@@ -141,6 +150,11 @@ Bluetooth HCI
 Bluetooth Mesh
 ==============
 
+* Following the beginnig of the deprecation process for the TinyCrypt crypto
+  library, Kconfig symbol :kconfig:option:`CONFIG_BT_MESH_USES_TINYCRYPT` was
+  set as deprecated. Default option for platforms that do not support TF-M
+  is :kconfig:option:`CONFIG_BT_MESH_USES_MBEDTLS_PSA`.
+
 Bluetooth Audio
 ===============
 

drivers/entropy/entropy_bt_hci.c

@@ -20,9 +20,18 @@ static int entropy_bt_init(const struct device *dev)
 static int entropy_bt_get_entropy(const struct device *dev,
 				  uint8_t *buffer, uint16_t length)
 {
-	if (!bt_is_ready()) {
-		return -EAGAIN;
-	}
+	/* Do not wait for BT to be ready (i.e. bt_is_ready()) before issueing
+	 * the command. The reason is that when crypto is enabled and the PSA
+	 * Crypto API support is provided through Mbed TLS, random number generator
+	 * needs to be available since the very first call to psa_crypto_init()
+	 * which is usually done before BT is completely initialized.
+	 * On the other hand, in devices like the nrf5340, the crytographically
+	 * secure RNG is owned by the cpu_net, so the cpu_app needs to poll it
+	 * to get random data. Again, there is no need to wait for BT to be
+	 * completely initialized for this kind of support. Just try to send the
+	 * request through HCI. If the command fails for any reason, then
+	 * we return failure anyway.
+	 */
 
 	return bt_hci_le_rand(buffer, length);
 }

samples/bluetooth/bap_broadcast_assistant/prj.conf

@@ -10,7 +10,7 @@ CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_CTLR_SCAN_DATA_LEN_MAX=191
 
-CONFIG_BT_TINYCRYPT_ECC=y
+CONFIG_BT_SEND_ECC_EMULATION=y
 
 CONFIG_BT_EXT_ADV=y
 CONFIG_BT_PER_ADV_SYNC=y

samples/bluetooth/bap_broadcast_sink/prj.conf

@@ -26,4 +26,4 @@ CONFIG_BT_AUDIO_CODEC_CAP_MAX_DATA_SIZE=64
 
 CONFIG_BT_DEVICE_NAME="Broadcast Audio Sink"
 
-CONFIG_BT_TINYCRYPT_ECC=y
+CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/bap_unicast_client/boards/native_sim.conf

@@ -1,5 +1,5 @@
 CONFIG_LOG_MODE_IMMEDIATE=y
-CONFIG_BT_TINYCRYPT_ECC=y
+CONFIG_BT_SEND_ECC_EMULATION=y
 
 CONFIG_LIBLC3=y
 CONFIG_FPU=y

samples/bluetooth/bap_unicast_client/boards/nrf5340_audio_dk_nrf5340_cpuapp.conf

@@ -10,4 +10,4 @@ CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
 
-CONFIG_BT_TINYCRYPT_ECC=y
+CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/bap_unicast_client/boards/nrf5340bsim_nrf5340_cpuapp.conf

@@ -7,4 +7,4 @@ CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
 
-CONFIG_BT_TINYCRYPT_ECC=y
+CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/bap_unicast_client/boards/nrf5340dk_nrf5340_cpuapp.conf

@@ -10,4 +10,4 @@ CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
 
-CONFIG_BT_TINYCRYPT_ECC=y
+CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/bap_unicast_server/boards/native_sim.conf

@@ -1,5 +1,5 @@
 CONFIG_LOG_MODE_IMMEDIATE=y
-CONFIG_BT_TINYCRYPT_ECC=y
+CONFIG_BT_SEND_ECC_EMULATION=y
 
 CONFIG_LIBLC3=y
 CONFIG_FPU=y

samples/bluetooth/bap_unicast_server/boards/nrf5340_audio_dk_nrf5340_cpuapp.conf

@@ -7,4 +7,4 @@ CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
 
-CONFIG_BT_TINYCRYPT_ECC=y
+CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/bap_unicast_server/boards/nrf5340bsim_nrf5340_cpuapp.conf

@@ -7,4 +7,4 @@ CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
 
-CONFIG_BT_TINYCRYPT_ECC=y
+CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/bap_unicast_server/boards/nrf5340dk_nrf5340_cpuapp.conf

@@ -10,4 +10,4 @@ CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
 
-CONFIG_BT_TINYCRYPT_ECC=y
+CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/beacon/boards/nrf54l15dk_nrf54l15_cpuapp.conf

@@ -0,0 +1,13 @@
+# We need a random number generator to properly initialize the PSA Crypto core
+# implemented by Mbed TLS. The proper thing to do in this platform would be
+# to enable ENTROPY_GENERATOR, but this is not supported right now for the
+# following reasons:
+# - at device-tree level (nrf54l15_cpuapp.dtsi) the only RNG source available
+#   is "zephyr,psa-crypto-rng" which means that TF-M is required in order for
+#   this to work. Unfortunately TF-M is still not supported for this platform, yet.
+# - cpuapp does not have a direct access to the RNG without TF-M, so there's
+#   no other way it can make use of it as of now.
+#
+# Since both options are not viable, we fall back to the test random generator
+# until further support is added to the platform.
+CONFIG_TEST_RANDOM_GENERATOR=y

samples/bluetooth/cap_acceptor/boards/nrf5340_audio_dk_nrf5340_cpuapp.conf

@@ -3,4 +3,4 @@ CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
 
-CONFIG_BT_TINYCRYPT_ECC=y
+CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/cap_acceptor/boards/nrf5340dk_nrf5340_cpuapp.conf

@@ -3,4 +3,4 @@ CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
 
-CONFIG_BT_TINYCRYPT_ECC=y
+CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/cap_initiator/boards/nrf5340_audio_dk_nrf5340_cpuapp.conf

@@ -3,4 +3,4 @@ CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
 
-CONFIG_BT_TINYCRYPT_ECC=y
+CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/cap_initiator/boards/nrf5340dk_nrf5340_cpuapp.conf

@@ -3,4 +3,4 @@ CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
 
-CONFIG_BT_TINYCRYPT_ECC=y
+CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/central_hr/prj_minimal.conf

@@ -100,3 +100,14 @@ CONFIG_BT_L2CAP_TX_BUF_COUNT=2
 CONFIG_BT_CTLR_RX_BUFFERS=1
 CONFIG_BT_BUF_ACL_TX_COUNT=3
 CONFIG_BT_BUF_ACL_TX_SIZE=27
+
+# Limit the number of key slots in PSA Crypto core to reduce
+# RAM footprint
+CONFIG_MBEDTLS_PSA_KEY_SLOT_COUNT=5
+
+# This is required because otherwise there won't be
+# __heap_start/__heap_end symbols defined in the build. This
+# is due to Mbed TLS which at boot uses standard calloc/free
+# functions and only after the initialization done from Zephyr
+# it switches to its internal memory management functions.
+CONFIG_COMMON_LIBC_MALLOC=y

samples/bluetooth/central_ht/boards/frdm_rw612.conf

@@ -1 +1,2 @@
 CONFIG_PM=y
+CONFIG_ENTROPY_GENERATOR=y

samples/bluetooth/central_ht/boards/rd_rw612_bga.conf

@@ -1 +1,2 @@
 CONFIG_PM=y
+CONFIG_ENTROPY_GENERATOR=y

samples/bluetooth/hap_ha/boards/native_sim.conf

@@ -1,5 +1,5 @@
 CONFIG_LOG_MODE_IMMEDIATE=y
-CONFIG_BT_TINYCRYPT_ECC=y
+CONFIG_BT_SEND_ECC_EMULATION=y
 
 # For LE-audio at 10ms intervals we need the tick counter to occur more frequently
 # than every 10 ms as each PDU for some reason takes 2 ticks to process.

samples/bluetooth/hci_ipc/nrf5340_cpunet_iso-bt_ll_sw_split.conf

@@ -5,7 +5,7 @@ CONFIG_ISR_STACK_SIZE=1024
 CONFIG_IDLE_STACK_SIZE=256
 CONFIG_MAIN_STACK_SIZE=512
 CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=512
-CONFIG_HEAP_MEM_POOL_SIZE=4096
+CONFIG_HEAP_MEM_POOL_SIZE=1024
 CONFIG_CBPRINTF_REDUCED_INTEGRAL=y
 
 CONFIG_ISR_TABLES_LOCAL_DECLARATION=y
@@ -143,3 +143,19 @@ CONFIG_BT_CTLR_TX_PWR_DYNAMIC_CONTROL=y
 
 # Ignore HCI ISO data Tx sequence numbers
 # CONFIG_BT_CTLR_ISOAL_PSN_IGNORE=y
+
+# The hci_ipc image has a quite high RAM usage so we need to carefully
+# tweak Mbed TLS parameters in order to build successfully:
+# - use CSPRNG source as random source for PSA. This removes
+#   requiement for legacy Mbed TLS entropy+ctr-drbg modules, which
+#   saves RAM and ROM;
+# - use ROM pre-computed tables for AES;
+# - reduce the number of key slots to 3 in the PSA core. This is not a
+#   huge limitation since PSA crypto is only used for AES-CMAC in hci_ipc.
+CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG=y
+CONFIG_MBEDTLS_AES_ROM_TABLES=y
+CONFIG_MBEDTLS_PSA_KEY_SLOT_COUNT=3
+
+# Reduce RAM footprint further otherwise the image won't fit in cpu_net.
+CONFIG_BT_CTLR_ADV_ISO_SET=1
+CONFIG_BT_CTLR_ADV_ISO_STREAM_COUNT=2

samples/bluetooth/hci_spi/prj.conf

@@ -5,7 +5,7 @@ CONFIG_MAIN_STACK_SIZE=512
 CONFIG_BT=y
 CONFIG_BT_HCI_RAW=y
 CONFIG_BT_MAX_CONN=16
-CONFIG_BT_TINYCRYPT_ECC=n
+CONFIG_BT_SEND_ECC_EMULATION=n
 
 # Workaround: Unable to allocate command buffer when using K_NO_WAIT since
 # Host number of completed commands does not follow normal flow control.

samples/bluetooth/hci_uart/prj.conf

@@ -13,7 +13,7 @@ CONFIG_BT_BUF_CMD_TX_SIZE=255
 CONFIG_BT_BUF_EVT_DISCARDABLE_SIZE=255
 CONFIG_BT_CTLR_ASSERT_HANDLER=y
 CONFIG_BT_MAX_CONN=16
-CONFIG_BT_TINYCRYPT_ECC=n
+CONFIG_BT_SEND_ECC_EMULATION=n
 CONFIG_BT_CTLR_DTM_HCI=y
 
 CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=512

samples/bluetooth/hci_uart_3wire/prj.conf

@@ -12,7 +12,7 @@ CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_CMD_TX_SIZE=255
 CONFIG_BT_BUF_EVT_DISCARDABLE_SIZE=255
 CONFIG_BT_MAX_CONN=16
-CONFIG_BT_TINYCRYPT_ECC=n
+CONFIG_BT_SEND_ECC_EMULATION=n
 CONFIG_BT_CTLR_DTM_HCI=y
 
 CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=512

samples/bluetooth/iso_connected_benchmark/prj.conf

@@ -15,3 +15,5 @@ CONFIG_MAIN_STACK_SIZE=2048
 CONFIG_LOG=y
 CONFIG_CBPRINTF_FP_SUPPORT=y
 CONFIG_LOG_BUFFER_SIZE=2048
+
+CONFIG_ENTROPY_GENERATOR=y

samples/bluetooth/mesh_demo/prj.conf

@@ -31,3 +31,14 @@ CONFIG_FLASH_MAP=y
 CONFIG_NVS=y
 CONFIG_SETTINGS=y
 CONFIG_BT_MESH_RPL_STORE_TIMEOUT=600
+
+# Limit the number of key slots in PSA Crypto core to reduce
+# RAM footprint
+CONFIG_MBEDTLS_PSA_KEY_SLOT_COUNT=5
+
+# This is required because otherwise there won't be
+# __heap_start/__heap_end symbols defined in the build. This
+# is due to Mbed TLS which at boot uses standard calloc/free
+# functions and only after the initialization done from Zephyr
+# it switches to its internal memory management functions.
+CONFIG_COMMON_LIBC_MALLOC=y

samples/bluetooth/peripheral/boards/nucleo_l4r5zi_stm32l4r5xx.conf

@@ -0,0 +1 @@
+CONFIG_ENTROPY_GENERATOR=y

samples/bluetooth/peripheral/boards/nucleo_l4r5zi_stm32l4r5xx.overlay

@@ -0,0 +1,3 @@
+&rng {
+	status = "okay";
+};

samples/bluetooth/peripheral_esp/prj.conf

@@ -1,7 +1,6 @@
 CONFIG_BT=y
 CONFIG_BT_PERIPHERAL=y
 CONFIG_BT_SMP=y
-CONFIG_TINYCRYPT=y
 CONFIG_BT_DEVICE_NAME="ESP peripheral"
 CONFIG_BT_DIS=y
 CONFIG_BT_DIS_PNP=n

samples/bluetooth/peripheral_hr/boards/nrf54l15dk_nrf54l15_cpuapp.conf

@@ -0,0 +1,13 @@
+# We need a random number generator to properly initialize the PSA Crypto core
+# implemented by Mbed TLS. The proper thing to do in this platform would be
+# to enable ENTROPY_GENERATOR, but this is not supported right now for the
+# following reasons:
+# - at device-tree level (nrf54l15_cpuapp.dtsi) the only RNG source available
+#   is "zephyr,psa-crypto-rng" which means that TF-M is required in order for
+#   this to work. Unfortunately TF-M is still not supported for this platform, yet.
+# - cpuapp does not have a direct access to the RNG without TF-M, so there's
+#   no other way it can make use of it as of now.
+#
+# Since both options are not viable, we fall back to the test random generator
+# until further support is added to the platform.
+CONFIG_TEST_RANDOM_GENERATOR=y

samples/bluetooth/peripheral_hr/prj_minimal.conf

@@ -106,3 +106,14 @@ CONFIG_BT_L2CAP_TX_BUF_COUNT=2
 CONFIG_BT_CTLR_RX_BUFFERS=1
 CONFIG_BT_BUF_ACL_TX_COUNT=3
 CONFIG_BT_BUF_ACL_TX_SIZE=27
+
+# Limit the number of key slots in PSA Crypto core to reduce
+# RAM footprint
+CONFIG_MBEDTLS_PSA_KEY_SLOT_COUNT=5
+
+# This is required because otherwise there won't be
+# __heap_start/__heap_end symbols defined in the build. This
+# is due to Mbed TLS which at boot uses standard calloc/free
+# functions and only after the initialization done from Zephyr
+# it switches to its internal memory management functions.
+CONFIG_COMMON_LIBC_MALLOC=y