diff --git a/components/bt/common/api/include/api/esp_blufi_api.h b/components/bt/common/api/include/api/esp_blufi_api.h index 8e1807f57d..bcec29381b 100644 --- a/components/bt/common/api/include/api/esp_blufi_api.h +++ b/components/bt/common/api/include/api/esp_blufi_api.h @@ -76,9 +76,11 @@ typedef enum { ESP_BLUFI_READ_PARAM_ERROR, ESP_BLUFI_MAKE_PUBLIC_ERROR, ESP_BLUFI_DATA_FORMAT_ERROR, + // BLUFI_CALC_MD5 entry kept for backward compatibility ESP_BLUFI_CALC_MD5_ERROR, ESP_BLUFI_WIFI_SCAN_FAIL, ESP_BLUFI_MSG_STATE_ERROR, + ESP_BLUFI_CALC_SHA_256_ERROR, } esp_blufi_error_state_t; /** diff --git a/examples/bluetooth/blufi/main/blufi_security.c b/examples/bluetooth/blufi/main/blufi_security.c index 065be15352..8c44daa190 100644 --- a/examples/bluetooth/blufi/main/blufi_security.c +++ b/examples/bluetooth/blufi/main/blufi_security.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2026 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Unlicense OR CC0-1.0 */ @@ -36,25 +36,79 @@ #define SEC_TYPE_DH_G 0x03 #define SEC_TYPE_DH_PUBLIC 0x04 +#define BLUFI_IV_PREFIX_LEN 9 +#define BLUFI_IV_SIZE 16 +#define BLUFI_HASH_SIZE 32 /* SHA-256 output size */ +#define BLUFI_KEY_SIZE 32 +#define BLUFI_ENC_DOMAIN_STR "blufi_enc" +#define BLUFI_DEC_DOMAIN_STR "blufi_dec" struct blufi_security { #define DH_PARAM_LEN_MAX 1024 -#define DH_SELF_PUB_KEY_LEN 256 +#define DH_SELF_PUB_KEY_LEN 384 /* Support 3072-bit DH key (3072/8 = 384 bytes) */ uint8_t self_public_key[DH_SELF_PUB_KEY_LEN]; -#define SHARE_KEY_LEN 256 +#define SHARE_KEY_LEN 384 /* Support 3072-bit DH key (3072/8 = 384 bytes) */ uint8_t share_key[SHARE_KEY_LEN]; size_t share_len; -#define PSK_LEN 16 +#define PSK_LEN 32 uint8_t psk[PSK_LEN]; uint8_t *dh_param; int dh_param_len; - uint8_t iv[16]; psa_key_id_t aes_key; + psa_cipher_operation_t enc_operation; /* Persistent cipher operation for encryption */ + psa_cipher_operation_t dec_operation; /* Persistent cipher operation for decryption */ }; static struct blufi_security *blufi_sec; extern void btc_blufi_report_error(esp_blufi_error_state_t state); +/** + * @brief Clean up DH parameter memory + */ +static void blufi_cleanup_dh_param(void) +{ + if (blufi_sec && blufi_sec->dh_param) { + free(blufi_sec->dh_param); + blufi_sec->dh_param = NULL; + } +} + +/** + * @brief Clean up AES key and cipher operations + * + * @param abort_enc Whether to abort encryption operation + * @param abort_dec Whether to abort decryption operation + */ +static void blufi_cleanup_aes_session(bool abort_enc, bool abort_dec) +{ + if (!blufi_sec) { + return; + } + + if (abort_enc) { + psa_cipher_abort(&blufi_sec->enc_operation); + } + if (abort_dec) { + psa_cipher_abort(&blufi_sec->dec_operation); + } + if (blufi_sec->aes_key != 0) { + psa_destroy_key(blufi_sec->aes_key); + blufi_sec->aes_key = 0; + } +} + +/** + * @brief Clean up entire DH negotiation session (AES key, cipher ops, and DH params) + * + * @param abort_enc Whether to abort encryption operation + * @param abort_dec Whether to abort decryption operation + */ +static void blufi_cleanup_negotiation(bool abort_enc, bool abort_dec) +{ + blufi_cleanup_aes_session(abort_enc, abort_dec); + blufi_cleanup_dh_param(); +} + void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_data, int *output_len, bool *need_free) { if (data == NULL || len < 3) { @@ -63,6 +117,13 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da return; } + /* Validate output parameters */ + if (output_data == NULL || output_len == NULL || need_free == NULL) { + BLUFI_ERROR("BLUFI Invalid output parameters"); + btc_blufi_report_error(ESP_BLUFI_DATA_FORMAT_ERROR); + return; + } + uint8_t type = data[0]; if (blufi_sec == NULL) { @@ -81,10 +142,11 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR); return; } - if (blufi_sec->dh_param) { - free(blufi_sec->dh_param); - blufi_sec->dh_param = NULL; - } + + /* Allow renegotiation - clean up previous state */ + blufi_cleanup_dh_param(); + blufi_cleanup_aes_session(true, true); + blufi_sec->dh_param = (uint8_t *)malloc(blufi_sec->dh_param_len); if (blufi_sec->dh_param == NULL) { blufi_sec->dh_param_len = 0; /* Reset length to avoid using unallocated memory */ @@ -106,35 +168,89 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da return; } - uint8_t *param = blufi_sec->dh_param; memcpy(blufi_sec->dh_param, &data[1], blufi_sec->dh_param_len); - size_t p_len = (param[0] << 8) | param[1]; - param += 2 + p_len; + /* Parse P length */ + if (blufi_sec->dh_param_len < 2) { + BLUFI_ERROR("DH param too short for P length"); + btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR); + return; + } + size_t p_len = (param[0] << 8) | param[1]; + size_t p_offset = 2 + p_len; + if (p_offset > (size_t)blufi_sec->dh_param_len) { + BLUFI_ERROR("P length %d exceeds dh_param bounds", p_len); + btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR); + return; + } + param += p_offset; + + /* Parse G length */ + if ((param - blufi_sec->dh_param) + 2 > (size_t)blufi_sec->dh_param_len) { + BLUFI_ERROR("DH param too short for G length"); + btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR); + return; + } size_t g_len = (param[0] << 8) | param[1]; + size_t g_offset = (param - blufi_sec->dh_param) + 2 + g_len; + if (g_offset > (size_t)blufi_sec->dh_param_len) { + BLUFI_ERROR("G length %d exceeds dh_param bounds", g_len); + btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR); + return; + } param += 2 + g_len; + /* Parse public key length */ + if ((param - blufi_sec->dh_param) + 2 > (size_t)blufi_sec->dh_param_len) { + BLUFI_ERROR("DH param too short for public key length"); + btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR); + return; + } size_t pub_len = (param[0] << 8) | param[1]; param += 2; - ESP_LOGD("blfi", "P len %d, G len %d, pub len %d", p_len, g_len, pub_len); + + size_t pub_offset = (param - blufi_sec->dh_param) + pub_len; + if (pub_offset > (size_t)blufi_sec->dh_param_len) { + BLUFI_ERROR("Public key length %d exceeds dh_param bounds", pub_len); + btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR); + return; + } + + /* Determine key bits based on public key length (RFC7919 key sizes) + * Note: Only 3072 bit keys are supported due to buffer size constraints + * (DH_SELF_PUB_KEY_LEN = 384 bytes = 3072 bits) */ + size_t key_bits = pub_len * 8; + if (key_bits != 3072) { + BLUFI_ERROR("Unsupported DH key length: %d bytes (only 3072 bit keys supported)", pub_len); + btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR); + return; + } + + /* Validate public key length fits in output buffer */ + if (pub_len > DH_SELF_PUB_KEY_LEN) { + BLUFI_ERROR("Public key length %d exceeds output buffer size %d", pub_len, DH_SELF_PUB_KEY_LEN); + btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR); + return; + } psa_key_type_t key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); - size_t key_bits = 3072; - ESP_LOGI("blfi", "DH param len %d, bits %d", blufi_sec->dh_param_len, key_bits); psa_algorithm_t alg = PSA_ALG_FFDH; psa_key_attributes_t attributes = psa_key_attributes_init(); psa_set_key_type(&attributes, key_type); psa_set_key_bits(&attributes, key_bits); psa_set_key_algorithm(&attributes, alg); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); + psa_key_id_t private_key = 0; psa_status_t status = psa_generate_key(&attributes, &private_key); if (status != PSA_SUCCESS) { BLUFI_ERROR("%s psa_generate_key failed %d\n", __func__, status); btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR); + blufi_cleanup_dh_param(); return; } + psa_reset_key_attributes(&attributes); size_t public_key_len = 0; status = psa_export_public_key(private_key, blufi_sec->self_public_key, DH_SELF_PUB_KEY_LEN, &public_key_len); @@ -142,6 +258,7 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da BLUFI_ERROR("%s psa_export_public_key failed %d\n", __func__, status); psa_destroy_key(private_key); btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR); + blufi_cleanup_dh_param(); return; } @@ -149,31 +266,121 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da psa_destroy_key(private_key); if (status != PSA_SUCCESS) { BLUFI_ERROR("%s psa_raw_key_agreement failed %d\n", __func__, status); - free(blufi_sec->dh_param); - blufi_sec->dh_param = NULL; + blufi_cleanup_dh_param(); + btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR); + return; + } + + /* Validate share key length fits in buffer */ + if (blufi_sec->share_len > SHARE_KEY_LEN) { + BLUFI_ERROR("Share key length %d exceeds buffer size %d", blufi_sec->share_len, SHARE_KEY_LEN); + blufi_cleanup_dh_param(); btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR); return; } size_t hash_length = 0; - status = psa_hash_compute(PSA_ALG_MD5, blufi_sec->share_key, blufi_sec->share_len, blufi_sec->psk, PSK_LEN, &hash_length); + status = psa_hash_compute(PSA_ALG_SHA_256, blufi_sec->share_key, blufi_sec->share_len, blufi_sec->psk, PSK_LEN, &hash_length); if (status != PSA_SUCCESS) { BLUFI_ERROR("%s psa_hash_compute failed %d\n", __func__, status); - btc_blufi_report_error(ESP_BLUFI_CALC_MD5_ERROR); + btc_blufi_report_error(ESP_BLUFI_CALC_SHA_256_ERROR); + blufi_cleanup_dh_param(); return; } - // mbedtls_aes_setkey_enc(&blufi_sec->aes, blufi_sec->psk, PSK_LEN * 8); + /* Destroy previous AES key and cipher operations if they exist */ + blufi_cleanup_aes_session(true, true); + + /* Import AES key for CTR mode */ attributes = psa_key_attributes_init(); psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); psa_set_key_bits(&attributes, PSK_LEN * 8); + psa_set_key_algorithm(&attributes, PSA_ALG_CTR); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); status = psa_import_key(&attributes, blufi_sec->psk, PSK_LEN, &blufi_sec->aes_key); if (status != PSA_SUCCESS) { BLUFI_ERROR("%s psa_import_key failed %d\n", __func__, status); btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR); + blufi_cleanup_dh_param(); return; } + psa_reset_key_attributes(&attributes); + + /* Derive domain-separated IVs for encryption and decryption */ + uint8_t enc_material[BLUFI_IV_PREFIX_LEN + SHARE_KEY_LEN]; + memcpy(enc_material, BLUFI_ENC_DOMAIN_STR, BLUFI_IV_PREFIX_LEN); + memcpy(enc_material + BLUFI_IV_PREFIX_LEN, blufi_sec->share_key, blufi_sec->share_len); + + uint8_t enc_hash[BLUFI_HASH_SIZE]; + status = psa_hash_compute(PSA_ALG_SHA_256, enc_material, BLUFI_IV_PREFIX_LEN + blufi_sec->share_len, + enc_hash, BLUFI_HASH_SIZE, &hash_length); + if (status != PSA_SUCCESS) { + BLUFI_ERROR("%s encryption IV derivation failed %d\n", __func__, status); + btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR); + blufi_cleanup_negotiation(false, false); + return; + } + mbedtls_platform_zeroize(enc_material, sizeof(enc_material)); + + uint8_t dec_material[BLUFI_IV_PREFIX_LEN + SHARE_KEY_LEN]; + memcpy(dec_material, BLUFI_DEC_DOMAIN_STR, BLUFI_IV_PREFIX_LEN); + memcpy(dec_material + BLUFI_IV_PREFIX_LEN, blufi_sec->share_key, blufi_sec->share_len); + + uint8_t dec_hash[BLUFI_HASH_SIZE]; + status = psa_hash_compute(PSA_ALG_SHA_256, dec_material, BLUFI_IV_PREFIX_LEN + blufi_sec->share_len, + dec_hash, BLUFI_HASH_SIZE, &hash_length); + if (status != PSA_SUCCESS) { + BLUFI_ERROR("%s decryption IV derivation failed %d\n", __func__, status); + btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR); + blufi_cleanup_negotiation(false, false); + return; + } + mbedtls_platform_zeroize(dec_material, sizeof(dec_material)); + + /* Use first 16 bytes (128 bits) as IV for CTR mode */ + uint8_t iv_enc[BLUFI_IV_SIZE], iv_dec[BLUFI_IV_SIZE]; + memcpy(iv_enc, enc_hash, BLUFI_IV_SIZE); + memcpy(iv_dec, dec_hash, BLUFI_IV_SIZE); + mbedtls_platform_zeroize(enc_hash, sizeof(enc_hash)); + mbedtls_platform_zeroize(dec_hash, sizeof(dec_hash)); + + /* Setup persistent cipher operations */ + blufi_sec->enc_operation = psa_cipher_operation_init(); + status = psa_cipher_encrypt_setup(&blufi_sec->enc_operation, blufi_sec->aes_key, PSA_ALG_CTR); + if (status != PSA_SUCCESS) { + BLUFI_ERROR("%s encryption setup failed %d\n", __func__, status); + btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR); + blufi_cleanup_negotiation(false, false); + return; + } + + status = psa_cipher_set_iv(&blufi_sec->enc_operation, iv_enc, BLUFI_IV_SIZE); + if (status != PSA_SUCCESS) { + BLUFI_ERROR("%s encryption IV setup failed %d\n", __func__, status); + btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR); + blufi_cleanup_negotiation(true, false); + return; + } + mbedtls_platform_zeroize(iv_enc, sizeof(iv_enc)); + + blufi_sec->dec_operation = psa_cipher_operation_init(); + /* Note: CTR mode uses encrypt_setup for both encryption and decryption */ + status = psa_cipher_encrypt_setup(&blufi_sec->dec_operation, blufi_sec->aes_key, PSA_ALG_CTR); + if (status != PSA_SUCCESS) { + BLUFI_ERROR("%s decryption setup failed %d\n", __func__, status); + btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR); + blufi_cleanup_negotiation(true, false); + return; + } + + status = psa_cipher_set_iv(&blufi_sec->dec_operation, iv_dec, BLUFI_IV_SIZE); + if (status != PSA_SUCCESS) { + BLUFI_ERROR("%s decryption IV setup failed %d\n", __func__, status); + btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR); + blufi_cleanup_negotiation(true, true); + return; + } + mbedtls_platform_zeroize(iv_dec, sizeof(iv_dec)); /* alloc output data */ *output_data = &blufi_sec->self_public_key[0]; @@ -188,85 +395,104 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da break; case SEC_TYPE_DH_PUBLIC: break; + default: + /* Reject unknown packet types */ + BLUFI_ERROR("Unknown packet type: 0x%02x", type); + btc_blufi_report_error(ESP_BLUFI_DATA_FORMAT_ERROR); + break; } } int blufi_aes_encrypt(uint8_t iv8, uint8_t *crypt_data, int crypt_len) { - uint8_t iv0[16]; + (void)iv8; /* iv8 parameter is no longer used with persistent CTR operation */ - if (!blufi_sec) { + if (!blufi_sec || !crypt_data || crypt_len < 0) { return -1; } - psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; - psa_status_t status = psa_cipher_encrypt_setup(&operation, blufi_sec->aes_key, PSA_ALG_CFB); + if (crypt_len == 0) { + return 0; + } + + if (blufi_sec->aes_key == 0) { + BLUFI_ERROR("AES key is not initialized"); + return -1; + } + + /* Use persistent cipher operation - CTR counter is automatically managed */ + size_t output_len = 0; + size_t output_buf_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(PSA_KEY_TYPE_AES, PSA_ALG_CTR, crypt_len); + uint8_t *output_buf = (uint8_t *)malloc(output_buf_size); + if (output_buf == NULL) { + BLUFI_ERROR("Failed to allocate output buffer"); + return -1; + } + + psa_status_t status = psa_cipher_update(&blufi_sec->enc_operation, crypt_data, crypt_len, + output_buf, output_buf_size, &output_len); if (status != PSA_SUCCESS) { + BLUFI_ERROR("Encryption failed with status=%d", status); + free(output_buf); return -1; } - memcpy(iv0, blufi_sec->iv, sizeof(blufi_sec->iv)); - iv0[0] = iv8; - - status = psa_cipher_set_iv(&operation, iv0, sizeof(iv0)); - if (status != PSA_SUCCESS) { - psa_cipher_abort(&operation); + if (output_len > (size_t)crypt_len) { + BLUFI_ERROR("Output length %d exceeds input buffer size %d", output_len, crypt_len); + free(output_buf); return -1; } - size_t encrypt_out_len = 0; - status = psa_cipher_update(&operation, crypt_data, crypt_len, crypt_data, crypt_len, &encrypt_out_len); - if (status != PSA_SUCCESS) { - psa_cipher_abort(&operation); - return -1; - } + memcpy(crypt_data, output_buf, output_len); + free(output_buf); - status = psa_cipher_finish(&operation, crypt_data, crypt_len, &encrypt_out_len); - if (status != PSA_SUCCESS) { - psa_cipher_abort(&operation); - return -1; - } - - return encrypt_out_len; + return output_len; } int blufi_aes_decrypt(uint8_t iv8, uint8_t *crypt_data, int crypt_len) { - uint8_t iv0[16]; + (void)iv8; /* iv8 parameter is no longer used with persistent CTR operation */ - if (!blufi_sec) { + if (!blufi_sec || !crypt_data || crypt_len < 0) { return -1; } - psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; - psa_status_t status = psa_cipher_decrypt_setup(&operation, blufi_sec->aes_key, PSA_ALG_CFB); + if (crypt_len == 0) { + return 0; + } + + if (blufi_sec->aes_key == 0) { + BLUFI_ERROR("AES key is not initialized"); + return -1; + } + + /* Use persistent cipher operation - CTR counter is automatically managed */ + size_t output_len = 0; + size_t output_buf_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(PSA_KEY_TYPE_AES, PSA_ALG_CTR, crypt_len); + uint8_t *output_buf = (uint8_t *)malloc(output_buf_size); + if (output_buf == NULL) { + BLUFI_ERROR("Failed to allocate output buffer"); + return -1; + } + + psa_status_t status = psa_cipher_update(&blufi_sec->dec_operation, crypt_data, crypt_len, + output_buf, output_buf_size, &output_len); if (status != PSA_SUCCESS) { + BLUFI_ERROR("Decryption failed with status=%d", status); + free(output_buf); return -1; } - memcpy(iv0, blufi_sec->iv, sizeof(blufi_sec->iv)); - iv0[0] = iv8; - - status = psa_cipher_set_iv(&operation, iv0, sizeof(iv0)); - if (status != PSA_SUCCESS) { - psa_cipher_abort(&operation); + if (output_len > (size_t)crypt_len) { + BLUFI_ERROR("Output length %d exceeds input buffer size %d", output_len, crypt_len); + free(output_buf); return -1; } - size_t encrypt_out_len = 0; - status = psa_cipher_update(&operation, crypt_data, crypt_len, crypt_data, crypt_len, &encrypt_out_len); - if (status != PSA_SUCCESS) { - psa_cipher_abort(&operation); - return -1; - } + memcpy(crypt_data, output_buf, output_len); + free(output_buf); - status = psa_cipher_finish(&operation, crypt_data, crypt_len, &encrypt_out_len); - if (status != PSA_SUCCESS) { - psa_cipher_abort(&operation); - return -1; - } - - return crypt_len; + return output_len; } uint16_t blufi_crc_checksum(uint8_t iv8, uint8_t *data, int len) @@ -283,8 +509,9 @@ esp_err_t blufi_security_init(void) } memset(blufi_sec, 0x0, sizeof(struct blufi_security)); + blufi_sec->enc_operation = psa_cipher_operation_init(); + blufi_sec->dec_operation = psa_cipher_operation_init(); - memset(blufi_sec->iv, 0x0, sizeof(blufi_sec->iv)); return 0; } @@ -293,11 +520,9 @@ void blufi_security_deinit(void) if (blufi_sec == NULL) { return; } - if (blufi_sec->dh_param){ - free(blufi_sec->dh_param); - blufi_sec->dh_param = NULL; - } - psa_destroy_key(blufi_sec->aes_key); + + /* Clean up all resources */ + blufi_cleanup_negotiation(true, true); memset(blufi_sec, 0x0, sizeof(struct blufi_security)); diff --git a/examples/bluetooth/blufi/sdkconfig.defaults b/examples/bluetooth/blufi/sdkconfig.defaults index 797047814d..31d7023d8b 100644 --- a/examples/bluetooth/blufi/sdkconfig.defaults +++ b/examples/bluetooth/blufi/sdkconfig.defaults @@ -14,4 +14,4 @@ CONFIG_BT_ENABLED=y CONFIG_BT_GATTC_ENABLE=n CONFIG_BT_BLE_SMP_ENABLE=n CONFIG_BT_BLE_BLUFI_ENABLE=y -CONFIG_MBEDTLS_HARDWARE_MPI=n +CONFIG_MBEDTLS_HARDWARE_MPI=y diff --git a/examples/bluetooth/blufi/sdkconfig.defaults.mini b/examples/bluetooth/blufi/sdkconfig.defaults.mini index 2f81ae696a..d55e51b9b4 100644 --- a/examples/bluetooth/blufi/sdkconfig.defaults.mini +++ b/examples/bluetooth/blufi/sdkconfig.defaults.mini @@ -46,8 +46,6 @@ CONFIG_BT_NIMBLE_DIS_SERVICE=n CONFIG_BT_ALARM_MAX_NUM=15 -CONFIG_MBEDTLS_HARDWARE_MPI=n - CONFIG_BT_NIMBLE_BLUFI_ENABLE=y CONFIG_BT_NIMBLE_ATT_PREFERRED_MTU=23