From aa40fdcc649d2e4ff783e716f41504bf32684271 Mon Sep 17 00:00:00 2001 From: ShenWeilong Date: Fri, 30 Jan 2026 17:03:29 +0800 Subject: [PATCH] change(bt): use BT_SMP_CRYPTO_STACK_MBEDTLS to select bt cryption lib --- components/bt/CMakeLists.txt | 3 +-- components/bt/controller/esp32c2/Kconfig.in | 9 ------- components/bt/controller/esp32c2/bt.c | 28 ++++++++++----------- components/bt/controller/esp32c5/Kconfig.in | 9 ------- components/bt/controller/esp32c5/bt.c | 28 ++++++++++----------- components/bt/controller/esp32c6/Kconfig.in | 9 ------- components/bt/controller/esp32c6/bt.c | 28 ++++++++++----------- components/bt/controller/esp32h2/Kconfig.in | 9 ------- components/bt/controller/esp32h2/bt.c | 28 ++++++++++----------- components/bt/esp_ble_mesh/Kconfig.in | 2 +- 10 files changed, 58 insertions(+), 95 deletions(-) diff --git a/components/bt/CMakeLists.txt b/components/bt/CMakeLists.txt index a2ff85a25f..b6228696a7 100644 --- a/components/bt/CMakeLists.txt +++ b/components/bt/CMakeLists.txt @@ -746,8 +746,7 @@ if(CONFIG_BT_ENABLED) # 1. Controller uses TinyCrypt (not mbedTLS), OR # 2. NimBLE uses TinyCrypt (not mbedTLS), OR # 3. Bluedroid Host SMP uses TinyCrypt - if(CONFIG_BT_SMP_CRYPTO_STACK_TINYCRYPT OR - (NOT CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS AND NOT CONFIG_BT_NIMBLE_CRYPTO_STACK_MBEDTLS)) + if(CONFIG_BT_SMP_CRYPTO_STACK_TINYCRYPT OR NOT CONFIG_BT_NIMBLE_CRYPTO_STACK_MBEDTLS) list(APPEND include_dirs common/tinycrypt/include common/tinycrypt/port diff --git a/components/bt/controller/esp32c2/Kconfig.in b/components/bt/controller/esp32c2/Kconfig.in index 36db52c46c..a6b86e07a0 100644 --- a/components/bt/controller/esp32c2/Kconfig.in +++ b/components/bt/controller/esp32c2/Kconfig.in @@ -431,15 +431,6 @@ config BT_LE_LL_CFG_FEAT_LE_ENCRYPTION help Enable encryption connection -config BT_LE_CRYPTO_STACK_MBEDTLS - bool "Override TinyCrypt with mbedTLS for crypto computations" - default y - depends on !BT_NIMBLE_ENABLED - select MBEDTLS_CMAC_C - help - Enable this option to choose mbedTLS instead of TinyCrypt for crypto - computations. - config BT_LE_WHITELIST_SIZE int "BLE white list size" range 1 31 diff --git a/components/bt/controller/esp32c2/bt.c b/components/bt/controller/esp32c2/bt.c index 2b71956a66..b13c953081 100644 --- a/components/bt/controller/esp32c2/bt.c +++ b/components/bt/controller/esp32c2/bt.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2015-2026 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -232,10 +232,10 @@ static void esp_bt_ctrl_log_partition_get_and_erase_first_block(void); #if CONFIG_FREERTOS_USE_TICKLESS_IDLE static bool esp_bt_check_wakeup_by_bt(void); #endif // CONFIG_FREERTOS_USE_TICKLESS_IDLE -#if (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS) +#if (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS) #include "tinycrypt/ecc.h" static int ecc_rand_func(uint8_t *dst, unsigned int len); -#endif // (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS) +#endif // (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS) /* Local variable definition *************************************************************************** */ @@ -1028,9 +1028,9 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg) ESP_LOGW(NIMBLE_PORT_LOG_TAG, "hci transport init failed %d", ret); goto free_controller; } -#if (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS) +#if (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS) uECC_set_rng(ecc_rand_func); -#endif // (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS) +#endif // (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS) return ESP_OK; free_controller: hci_transport_deinit(); @@ -1444,7 +1444,7 @@ uint8_t esp_ble_get_chip_rev_version(void) #if CONFIG_BT_LE_SM_LEGACY || CONFIG_BT_LE_SM_SC #define BLE_SM_KEY_ERR 0x17 #define BLE_PUB_KEY_LEN 65 -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS #if CONFIG_BT_LE_SM_SC #include "psa/crypto.h" static const char *TAG_SM_ALG = "ble_sm_alg"; @@ -1481,7 +1481,7 @@ static int ecc_rand_func(uint8_t *dst, unsigned int len) #endif // CONFIG_BT_CONTROLLER_ONLY #endif // CONFIG_BT_LE_SM_SC -#endif // CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#endif // CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS /* Based on Core Specification 4.2 Vol 3. Part H 2.3.5.6.1 */ static const uint8_t ble_sm_alg_dbg_priv_key[32] = { @@ -1500,7 +1500,7 @@ int ble_sm_alg_gen_dhkey(const uint8_t *peer_pub_key_x, const uint8_t *peer_pub_ swap_buf(priv, our_priv_key, 32); -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS // PSA expects 65 bytes: 0x04 prefix + X (32 bytes) + Y (32 bytes) pk[0] = 0x04; // Uncompressed format for public key swap_buf(&pk[1], peer_pub_key_x, 32); @@ -1551,13 +1551,13 @@ exit: if (rc == TC_CRYPTO_FAIL) { return BLE_SM_KEY_ERR; } -#endif // CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#endif // CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS swap_buf(out_dhkey, dh, 32); return 0; } -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS static int mbedtls_gen_keypair(uint8_t *public_key, uint8_t *private_key) { int rc = BLE_SM_KEY_ERR; @@ -1598,7 +1598,7 @@ exit: return 0; } -#endif // CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#endif // CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS /** * pub: BLE_PUB_KEY_LEN bytes @@ -1614,7 +1614,7 @@ int ble_sm_alg_gen_key_pair(uint8_t *pub, uint8_t *priv) uint8_t pk[BLE_PUB_KEY_LEN]; do { -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS if (mbedtls_gen_keypair(pk, priv) != 0) { return BLE_SM_KEY_ERR; } @@ -1622,11 +1622,11 @@ int ble_sm_alg_gen_key_pair(uint8_t *pub, uint8_t *priv) if (uECC_make_key(pk, priv, uECC_secp256r1()) != TC_CRYPTO_SUCCESS) { return BLE_SM_KEY_ERR; } -#endif // CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#endif // CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS /* Make sure generated key isn't debug key. */ } while (memcmp(priv, ble_sm_alg_dbg_priv_key, 32) == 0); -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS // PSA returns 65 bytes: 0x04 prefix + X (32 bytes) + Y (32 bytes) // Skip the 0x04 prefix when copying to pub swap_buf(pub, &pk[1], 32); diff --git a/components/bt/controller/esp32c5/Kconfig.in b/components/bt/controller/esp32c5/Kconfig.in index 8e57445217..b0f4a2c06e 100644 --- a/components/bt/controller/esp32c5/Kconfig.in +++ b/components/bt/controller/esp32c5/Kconfig.in @@ -504,15 +504,6 @@ config BT_LE_LL_CFG_FEAT_LE_ENCRYPTION help Enable encryption connection -config BT_LE_CRYPTO_STACK_MBEDTLS - bool "Override TinyCrypt with mbedTLS for crypto computations" - default y - depends on !BT_NIMBLE_ENABLED - select MBEDTLS_CMAC_C - help - Enable this option to choose mbedTLS instead of TinyCrypt for crypto - computations. - config BT_LE_WHITELIST_SIZE int "BLE white list size" range 1 31 diff --git a/components/bt/controller/esp32c5/bt.c b/components/bt/controller/esp32c5/bt.c index 0f1f31aae9..d431d92d2d 100644 --- a/components/bt/controller/esp32c5/bt.c +++ b/components/bt/controller/esp32c5/bt.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2015-2026 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -219,10 +219,10 @@ static void esp_bt_ctrl_log_partition_get_and_erase_first_block(void); #if CONFIG_FREERTOS_USE_TICKLESS_IDLE static bool esp_bt_check_wakeup_by_bt(void); #endif // CONFIG_FREERTOS_USE_TICKLESS_IDLE -#if (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS) +#if (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS) #include "tinycrypt/ecc.h" static int ecc_rand_func(uint8_t *dst, unsigned int len); -#endif // (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS) +#endif // (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS) /* Local variable definition *************************************************************************** */ @@ -1130,9 +1130,9 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg) ESP_LOGW(NIMBLE_PORT_LOG_TAG, "Controller lib version mismatch!"); } -#if (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS) +#if (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS) uECC_set_rng(ecc_rand_func); -#endif // (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS) +#endif // (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS) return ESP_OK; free_controller: hci_transport_deinit(); @@ -1586,7 +1586,7 @@ void esp_ble_controller_log_dump_all(bool output) #if CONFIG_BT_LE_SM_LEGACY || CONFIG_BT_LE_SM_SC #define BLE_SM_KEY_ERR 0x17 #define BLE_PUB_KEY_LEN 65 -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS #if CONFIG_BT_LE_SM_SC #include "psa/crypto.h" static const char *TAG_SM_ALG = "ble_sm_alg"; @@ -1620,7 +1620,7 @@ static int ecc_rand_func(uint8_t *dst, unsigned int len) } #endif // CONFIG_BT_CONTROLLER_ONLY #endif // CONFIG_BT_LE_SM_SC -#endif // CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#endif // CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS /* Based on Core Specification 4.2 Vol 3. Part H 2.3.5.6.1 */ static const uint8_t ble_sm_alg_dbg_priv_key[32] = { @@ -1639,7 +1639,7 @@ int ble_sm_alg_gen_dhkey(const uint8_t *peer_pub_key_x, const uint8_t *peer_pub_ swap_buf(priv, our_priv_key, 32); -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS // PSA/mbedTLS expects 65 bytes: 0x04 prefix + X (32 bytes) + Y (32 bytes) pk[0] = 0x04; // Uncompressed format for public key swap_buf(&pk[1], peer_pub_key_x, 32); @@ -1692,13 +1692,13 @@ exit: if (rc == TC_CRYPTO_FAIL) { return BLE_SM_KEY_ERR; } -#endif // CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#endif // CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS swap_buf(out_dhkey, dh, 32); return 0; } -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS static int mbedtls_gen_keypair(uint8_t *public_key, uint8_t *private_key) { int rc = BLE_SM_KEY_ERR; @@ -1739,7 +1739,7 @@ exit: return 0; } -#endif // CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#endif // CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS /** * pub: 64 bytes @@ -1755,7 +1755,7 @@ int ble_sm_alg_gen_key_pair(uint8_t *pub, uint8_t *priv) uint8_t pk[BLE_PUB_KEY_LEN]; do { -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS if (mbedtls_gen_keypair(pk, priv) != 0) { return BLE_SM_KEY_ERR; } @@ -1763,11 +1763,11 @@ int ble_sm_alg_gen_key_pair(uint8_t *pub, uint8_t *priv) if (uECC_make_key(pk, priv, uECC_secp256r1()) != TC_CRYPTO_SUCCESS) { return BLE_SM_KEY_ERR; } -#endif // CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#endif // CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS /* Make sure generated key isn't debug key. */ } while (memcmp(priv, ble_sm_alg_dbg_priv_key, 32) == 0); -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS // PSA returns 65 bytes: 0x04 prefix + X (32 bytes) + Y (32 bytes) // Skip the 0x04 prefix when copying to pub swap_buf(pub, &pk[1], 32); diff --git a/components/bt/controller/esp32c6/Kconfig.in b/components/bt/controller/esp32c6/Kconfig.in index a2fb88293e..d1e06c3088 100644 --- a/components/bt/controller/esp32c6/Kconfig.in +++ b/components/bt/controller/esp32c6/Kconfig.in @@ -532,15 +532,6 @@ config BT_LE_LL_CFG_FEAT_LE_ENCRYPTION help Enable encryption connection -config BT_LE_CRYPTO_STACK_MBEDTLS - bool "Override TinyCrypt with mbedTLS for crypto computations" - default y - depends on !BT_NIMBLE_ENABLED - select MBEDTLS_CMAC_C - help - Enable this option to choose mbedTLS instead of TinyCrypt for crypto - computations. - config BT_LE_WHITELIST_SIZE int "BLE white list size" range 1 31 diff --git a/components/bt/controller/esp32c6/bt.c b/components/bt/controller/esp32c6/bt.c index 01f27451b6..2d4109e055 100644 --- a/components/bt/controller/esp32c6/bt.c +++ b/components/bt/controller/esp32c6/bt.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2015-2026 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -234,10 +234,10 @@ static void esp_bt_ctrl_log_partition_get_and_erase_first_block(void); static bool esp_bt_check_wakeup_by_bt(void); #endif // CONFIG_FREERTOS_USE_TICKLESS_IDLE -#if (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS) +#if (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS) #include "tinycrypt/ecc.h" static int ecc_rand_func(uint8_t *dst, unsigned int len); -#endif // (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS) +#endif // (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS) /* Local variable definition *************************************************************************** */ @@ -1201,9 +1201,9 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg) ESP_LOGW(NIMBLE_PORT_LOG_TAG, "Controller lib version mismatch!"); } -#if (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS) +#if (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS) uECC_set_rng(ecc_rand_func); -#endif // (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS) +#endif // (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS) return ESP_OK; free_controller: hci_transport_deinit(); @@ -1656,7 +1656,7 @@ void esp_ble_controller_log_dump_all(bool output) #if CONFIG_BT_LE_SM_LEGACY || CONFIG_BT_LE_SM_SC #define BLE_SM_KEY_ERR 0x17 #define BLE_PUB_KEY_LEN 65 -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS #if CONFIG_BT_LE_SM_SC #include "psa/crypto.h" static const char *TAG_SM_ALG = "ble_sm_alg"; @@ -1690,7 +1690,7 @@ static int ecc_rand_func(uint8_t *dst, unsigned int len) } #endif // CONFIG_BT_CONTROLLER_ONLY #endif // CONFIG_BT_LE_SM_SC -#endif // CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#endif // CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS /* Based on Core Specification 4.2 Vol 3. Part H 2.3.5.6.1 */ static const uint8_t ble_sm_alg_dbg_priv_key[32] = { @@ -1709,7 +1709,7 @@ int ble_sm_alg_gen_dhkey(const uint8_t *peer_pub_key_x, const uint8_t *peer_pub_ swap_buf(priv, our_priv_key, 32); -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS // PSA/mbedTLS expects 65 bytes: 0x04 prefix + X (32 bytes) + Y (32 bytes) pk[0] = 0x04; // Uncompressed format for public key swap_buf(&pk[1], peer_pub_key_x, 32); @@ -1762,13 +1762,13 @@ exit: if (rc == TC_CRYPTO_FAIL) { return BLE_SM_KEY_ERR; } -#endif // CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#endif // CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS swap_buf(out_dhkey, dh, 32); return 0; } -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS static int mbedtls_gen_keypair(uint8_t *public_key, uint8_t *private_key) { int rc = BLE_SM_KEY_ERR; @@ -1809,7 +1809,7 @@ exit: return 0; } -#endif // CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#endif // CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS /** * pub: 64 bytes @@ -1825,7 +1825,7 @@ int ble_sm_alg_gen_key_pair(uint8_t *pub, uint8_t *priv) uint8_t pk[BLE_PUB_KEY_LEN]; do { -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS if (mbedtls_gen_keypair(pk, priv) != 0) { return BLE_SM_KEY_ERR; } @@ -1833,11 +1833,11 @@ int ble_sm_alg_gen_key_pair(uint8_t *pub, uint8_t *priv) if (uECC_make_key(pk, priv, uECC_secp256r1()) != TC_CRYPTO_SUCCESS) { return BLE_SM_KEY_ERR; } -#endif // CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#endif // CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS /* Make sure generated key isn't debug key. */ } while (memcmp(priv, ble_sm_alg_dbg_priv_key, 32) == 0); -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS // PSA returns 65 bytes: 0x04 prefix + X (32 bytes) + Y (32 bytes) // Skip the 0x04 prefix when copying to pub swap_buf(pub, &pk[1], 32); diff --git a/components/bt/controller/esp32h2/Kconfig.in b/components/bt/controller/esp32h2/Kconfig.in index b613c6f27d..639ba1dbfb 100644 --- a/components/bt/controller/esp32h2/Kconfig.in +++ b/components/bt/controller/esp32h2/Kconfig.in @@ -526,15 +526,6 @@ config BT_LE_LL_CFG_FEAT_LE_ENCRYPTION help Enable encryption connection -config BT_LE_CRYPTO_STACK_MBEDTLS - bool "Override TinyCrypt with mbedTLS for crypto computations" - default y - depends on !BT_NIMBLE_ENABLED - select MBEDTLS_CMAC_C - help - Enable this option to choose mbedTLS instead of TinyCrypt for crypto - computations. - config BT_LE_WHITELIST_SIZE int "BLE white list size" range 1 31 diff --git a/components/bt/controller/esp32h2/bt.c b/components/bt/controller/esp32h2/bt.c index 44d1ed4123..51e26e4786 100644 --- a/components/bt/controller/esp32h2/bt.c +++ b/components/bt/controller/esp32h2/bt.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2015-2026 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -227,10 +227,10 @@ static void esp_bt_ctrl_log_partition_get_and_erase_first_block(void); #if CONFIG_FREERTOS_USE_TICKLESS_IDLE static bool esp_bt_check_wakeup_by_bt(void); #endif // CONFIG_FREERTOS_USE_TICKLESS_IDLE -#if (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS) +#if (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS) #include "tinycrypt/ecc.h" static int ecc_rand_func(uint8_t *dst, unsigned int len); -#endif // (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS) +#endif // (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS) /* Local variable definition *************************************************************************** */ @@ -1153,9 +1153,9 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg) ESP_LOGW(NIMBLE_PORT_LOG_TAG, "Controller lib version mismatch!"); } -#if (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS) +#if (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS) uECC_set_rng(ecc_rand_func); -#endif // (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS) +#endif // (CONFIG_BT_CONTROLLER_ONLY) && (CONFIG_BT_LE_SM_SC) && (!CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS) return ESP_OK; free_controller: hci_transport_deinit(); @@ -1606,7 +1606,7 @@ void esp_ble_controller_log_dump_all(bool output) #if CONFIG_BT_LE_SM_LEGACY || CONFIG_BT_LE_SM_SC #define BLE_SM_KEY_ERR 0x17 #define BLE_PUB_KEY_LEN 65 -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS #if CONFIG_BT_LE_SM_SC #include "psa/crypto.h" #endif // CONFIG_BT_LE_SM_SC @@ -1640,7 +1640,7 @@ static int ecc_rand_func(uint8_t *dst, unsigned int len) } #endif // CONFIG_BT_CONTROLLER_ONLY #endif // CONFIG_BT_LE_SM_SC -#endif // CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#endif // CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS /* Based on Core Specification 4.2 Vol 3. Part H 2.3.5.6.1 */ static const uint8_t ble_sm_alg_dbg_priv_key[32] = { @@ -1659,7 +1659,7 @@ int ble_sm_alg_gen_dhkey(const uint8_t *peer_pub_key_x, const uint8_t *peer_pub_ swap_buf(priv, our_priv_key, 32); -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS // PSA/mbedTLS expects 65 bytes: 0x04 prefix + X (32 bytes) + Y (32 bytes) pk[0] = 0x04; // Uncompressed format for public key swap_buf(&pk[1], peer_pub_key_x, 32); @@ -1706,13 +1706,13 @@ exit: if (rc == TC_CRYPTO_FAIL) { return BLE_SM_KEY_ERR; } -#endif // CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#endif // CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS swap_buf(out_dhkey, dh, 32); return 0; } -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS static int mbedtls_gen_keypair(uint8_t *public_key, uint8_t *private_key) { int rc = BLE_SM_KEY_ERR; @@ -1754,7 +1754,7 @@ exit: return 0; } -#endif // CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#endif // CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS /** * pub: 64 bytes @@ -1770,7 +1770,7 @@ int ble_sm_alg_gen_key_pair(uint8_t *pub, uint8_t *priv) uint8_t pk[BLE_PUB_KEY_LEN]; do { -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS if (mbedtls_gen_keypair(pk, priv) != 0) { return BLE_SM_KEY_ERR; } @@ -1778,11 +1778,11 @@ int ble_sm_alg_gen_key_pair(uint8_t *pub, uint8_t *priv) if (uECC_make_key(pk, priv, uECC_secp256r1()) != TC_CRYPTO_SUCCESS) { return BLE_SM_KEY_ERR; } -#endif // CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#endif // CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS /* Make sure generated key isn't debug key. */ } while (memcmp(priv, ble_sm_alg_dbg_priv_key, 32) == 0); -#if CONFIG_BT_LE_CRYPTO_STACK_MBEDTLS +#if CONFIG_BT_SMP_CRYPTO_STACK_MBEDTLS // PSA returns 65 bytes: 0x04 prefix + X (32 bytes) + Y (32 bytes) // Skip the 0x04 prefix when copying to pub swap_buf(pub, &pk[1], 32); diff --git a/components/bt/esp_ble_mesh/Kconfig.in b/components/bt/esp_ble_mesh/Kconfig.in index 896b3541c5..6538c478f6 100644 --- a/components/bt/esp_ble_mesh/Kconfig.in +++ b/components/bt/esp_ble_mesh/Kconfig.in @@ -24,7 +24,7 @@ if BLE_MESH config BLE_MESH_USE_UNIFIED_CRYPTO bool "Use the unified BLE tinycrypt implementation" - depends on !BT_LE_CRYPTO_STACK_MBEDTLS && !BT_NIMBLE_CRYPTO_STACK_MBEDTLS + depends on !BT_NIMBLE_CRYPTO_STACK_MBEDTLS default y if BT_SMP_CRYPTO_STACK_TINYCRYPT default n help