diff --git a/doc/releases/migration-guide-3.7.rst b/doc/releases/migration-guide-3.7.rst index c2053fdfa6085..1223fcbc2b71c 100644 --- a/doc/releases/migration-guide-3.7.rst +++ b/doc/releases/migration-guide-3.7.rst @@ -657,6 +657,14 @@ Bluetooth Host longer used in Zephyr 3.4.0 and later. Any references to this field should be removed. No further action is needed. +Bluetooth Crypto +================ + +* :kconfig:option:`CONFIG_BT_USE_PSA_API` was added to explicitly request use + of PSA APIs instead of TinyCrypt for crypto operations. Of course, this is + possible only a PSA crypto provider available in the system, i.e. + :kconfig:option:`CONFIG_PSA_CRYPTO_CLIENT` is set. (:github:`73378`) + Networking ********** diff --git a/modules/trusted-firmware-m/Kconfig.tfm b/modules/trusted-firmware-m/Kconfig.tfm index b90390f3d043e..8834256ccbb56 100644 --- a/modules/trusted-firmware-m/Kconfig.tfm +++ b/modules/trusted-firmware-m/Kconfig.tfm @@ -30,6 +30,7 @@ menuconfig BUILD_WITH_TFM depends on TFM_BOARD != "" depends on ARM_TRUSTZONE_M select BUILD_OUTPUT_HEX + select PSA_CRYPTO_CLIENT imply INIT_ARCH_HW_AT_BOOT imply ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS imply MBEDTLS diff --git a/subsys/bluetooth/Kconfig b/subsys/bluetooth/Kconfig index 5e1de57db0802..0b993db935940 100644 --- a/subsys/bluetooth/Kconfig +++ b/subsys/bluetooth/Kconfig @@ -192,6 +192,13 @@ rsource "crypto/Kconfig" rsource "lib/Kconfig" rsource "Kconfig.logging" +config BT_USE_PSA_API + bool "Use PSA APIs instead of TinyCrypt for crypto operations" + depends on BT_CRYPTO || BT_HOST_CRYPTO || BT_ECC + depends on PSA_CRYPTO_CLIENT + help + Use PSA APIs instead of TinyCrypt for crypto operations + endif # BT_HCI config BT_COMPANY_ID diff --git a/subsys/bluetooth/crypto/CMakeLists.txt b/subsys/bluetooth/crypto/CMakeLists.txt index 9228fc9fd0b85..dc0f83b32c271 100644 --- a/subsys/bluetooth/crypto/CMakeLists.txt +++ b/subsys/bluetooth/crypto/CMakeLists.txt @@ -4,6 +4,16 @@ zephyr_library() zephyr_library_sources(bt_crypto.c) +if(CONFIG_BT_USE_PSA_API) + zephyr_library_sources(bt_crypto_psa.c) + zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS) + zephyr_library_include_directories_ifdef(CONFIG_BUILD_WITH_TFM + $/api_ns/interface/include + ) +else() + zephyr_library_sources(bt_crypto_tc.c) +endif() + if(CONFIG_BT_CRYPTO_LOG_LEVEL_DBG) message(WARNING "CONFIG_BT_CRYPTO_LOG_LEVEL_DBG is enabled. Private security keys such as the Long Term Key will be printed out. diff --git a/subsys/bluetooth/crypto/Kconfig b/subsys/bluetooth/crypto/Kconfig index ccf5a8b641b4b..a59979730f0d5 100644 --- a/subsys/bluetooth/crypto/Kconfig +++ b/subsys/bluetooth/crypto/Kconfig @@ -3,8 +3,10 @@ config BT_CRYPTO bool - select TINYCRYPT - select TINYCRYPT_AES - select TINYCRYPT_AES_CMAC + select TINYCRYPT if !BT_USE_PSA_API + select TINYCRYPT_AES if !BT_USE_PSA_API + select TINYCRYPT_AES_CMAC if !BT_USE_PSA_API + select PSA_WANT_KEY_TYPE_AES if BT_USE_PSA_API + select PSA_WANT_ALG_CMAC if BT_USE_PSA_API help This option enables the Bluetooth Cryptographic Toolbox. diff --git a/subsys/bluetooth/crypto/bt_crypto.c b/subsys/bluetooth/crypto/bt_crypto.c index 8b098d7cc2838..62a475a57d751 100644 --- a/subsys/bluetooth/crypto/bt_crypto.c +++ b/subsys/bluetooth/crypto/bt_crypto.c @@ -7,8 +7,12 @@ #include +#if defined(CONFIG_BT_USE_PSA_API) +#include "psa/crypto.h" +#else #include #include +#endif #include "common/bt_str.h" #include "bt_crypto.h" @@ -17,27 +21,6 @@ #include LOG_MODULE_REGISTER(bt_crypto); - -int bt_crypto_aes_cmac(const uint8_t *key, const uint8_t *in, size_t len, uint8_t *out) -{ - struct tc_aes_key_sched_struct sched; - struct tc_cmac_struct state; - - if (tc_cmac_setup(&state, key, &sched) == TC_CRYPTO_FAIL) { - return -EIO; - } - - if (tc_cmac_update(&state, in, len) == TC_CRYPTO_FAIL) { - return -EIO; - } - - if (tc_cmac_final(out, &state) == TC_CRYPTO_FAIL) { - return -EIO; - } - - return 0; -} - int bt_crypto_f4(const uint8_t *u, const uint8_t *v, const uint8_t *x, uint8_t z, uint8_t res[16]) { uint8_t xs[16]; diff --git a/subsys/bluetooth/crypto/bt_crypto_psa.c b/subsys/bluetooth/crypto/bt_crypto_psa.c new file mode 100644 index 0000000000000..8e92bc9ec6918 --- /dev/null +++ b/subsys/bluetooth/crypto/bt_crypto_psa.c @@ -0,0 +1,46 @@ +/* Copyright (c) 2022 Nordic Semiconductor ASA + * SPDX-License-Identifier: Apache-2.0 + */ + +#include +#include + +#include + +#include "psa/crypto.h" + +#include "common/bt_str.h" +#include "bt_crypto.h" + +#define LOG_LEVEL CONFIG_BT_CRYPTO_LOG_LEVEL +#include +LOG_MODULE_DECLARE(bt_crypto); + +int bt_crypto_aes_cmac(const uint8_t *key, const uint8_t *in, size_t len, uint8_t *out) +{ + psa_key_id_t key_id; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + size_t out_size; + psa_status_t status, destroy_status; + + psa_set_key_type(&key_attr, PSA_KEY_TYPE_AES); + psa_set_key_bits(&key_attr, 128); + psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_SIGN_MESSAGE | + PSA_KEY_USAGE_VERIFY_MESSAGE); + psa_set_key_algorithm(&key_attr, PSA_ALG_CMAC); + + status = psa_import_key(&key_attr, key, 16, &key_id); + if (status != PSA_SUCCESS) { + LOG_ERR("Failed to import AES key %d", status); + return -EIO; + } + + status = psa_mac_compute(key_id, PSA_ALG_CMAC, in, len, out, 16, &out_size); + destroy_status = psa_destroy_key(key_id); + if ((status != PSA_SUCCESS) || (destroy_status != PSA_SUCCESS)) { + LOG_ERR("Failed to compute MAC %d", status); + return -EIO; + } + + return 0; +} diff --git a/subsys/bluetooth/crypto/bt_crypto_tc.c b/subsys/bluetooth/crypto/bt_crypto_tc.c new file mode 100644 index 0000000000000..95160d55dfd9e --- /dev/null +++ b/subsys/bluetooth/crypto/bt_crypto_tc.c @@ -0,0 +1,34 @@ +/* Copyright (c) 2022 Nordic Semiconductor ASA + * SPDX-License-Identifier: Apache-2.0 + */ + +#include +#include + +#include + +#include +#include + +#include "common/bt_str.h" +#include "bt_crypto.h" + +int bt_crypto_aes_cmac(const uint8_t *key, const uint8_t *in, size_t len, uint8_t *out) +{ + struct tc_aes_key_sched_struct sched; + struct tc_cmac_struct state; + + if (tc_cmac_setup(&state, key, &sched) == TC_CRYPTO_FAIL) { + return -EIO; + } + + if (tc_cmac_update(&state, in, len) == TC_CRYPTO_FAIL) { + return -EIO; + } + + if (tc_cmac_final(out, &state) == TC_CRYPTO_FAIL) { + return -EIO; + } + + return 0; +} diff --git a/subsys/bluetooth/host/CMakeLists.txt b/subsys/bluetooth/host/CMakeLists.txt index 56cdfb045750f..ae574e2b5bfa6 100644 --- a/subsys/bluetooth/host/CMakeLists.txt +++ b/subsys/bluetooth/host/CMakeLists.txt @@ -31,10 +31,13 @@ if(CONFIG_BT_HCI_HOST) CONFIG_BT_OBSERVER scan.c ) - zephyr_library_sources_ifdef( - CONFIG_BT_HOST_CRYPTO - crypto.c - ) + + if(CONFIG_BT_USE_PSA_API) + zephyr_library_sources_ifdef(CONFIG_BT_HOST_CRYPTO crypto_psa.c) + else() + zephyr_library_sources_ifdef(CONFIG_BT_HOST_CRYPTO crypto_tc.c) + endif() + zephyr_library_sources_ifdef( CONFIG_BT_ECC ecc.c @@ -108,6 +111,13 @@ if(CONFIG_BT_CONN_DISABLE_SECURITY) ) endif() +if(CONFIG_BT_USE_PSA_API) + zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS) + zephyr_library_include_directories_ifdef(CONFIG_BUILD_WITH_TFM + $/api_ns/interface/include + ) +endif() + # Bluetooth Mesh has test dependencies in the host. # In order to compile Bsim tests with these test features # and PSA enabled, the libraries must be linked. diff --git a/subsys/bluetooth/host/Kconfig b/subsys/bluetooth/host/Kconfig index f9bbac130ccc8..49277097da966 100644 --- a/subsys/bluetooth/host/Kconfig +++ b/subsys/bluetooth/host/Kconfig @@ -139,8 +139,9 @@ rsource "../audio/Kconfig" config BT_HOST_CRYPTO bool "Use crypto functionality implemented in the Bluetooth host" default y if !BT_CTLR_CRYPTO - select TINYCRYPT - select TINYCRYPT_AES + select TINYCRYPT if !BT_USE_PSA_API + select TINYCRYPT_AES if !BT_USE_PSA_API + select PSA_WANT_KEY_TYPE_AES if BT_USE_PSA_API help The option adds the AES encryption support using TinyCrypt library if this is not provided by the controller implementation. @@ -148,9 +149,9 @@ config BT_HOST_CRYPTO config BT_HOST_CRYPTO_PRNG bool "Use Tinycrypt library for random number generation" default y - select TINYCRYPT_SHA256 - select TINYCRYPT_SHA256_HMAC - select TINYCRYPT_SHA256_HMAC_PRNG + select TINYCRYPT_SHA256 if !BT_USE_PSA_API + select TINYCRYPT_SHA256_HMAC if !BT_USE_PSA_API + select TINYCRYPT_SHA256_HMAC_PRNG if !BT_USE_PSA_API depends on BT_HOST_CRYPTO help When selected, will use tinycrypt library for random number generation. diff --git a/subsys/bluetooth/host/Kconfig.gatt b/subsys/bluetooth/host/Kconfig.gatt index 310442423b9cc..45e3fa8e4fca0 100644 --- a/subsys/bluetooth/host/Kconfig.gatt +++ b/subsys/bluetooth/host/Kconfig.gatt @@ -107,9 +107,11 @@ config BT_GATT_CACHING bool "GATT Caching support" default y depends on BT_GATT_SERVICE_CHANGED - select TINYCRYPT - select TINYCRYPT_AES - select TINYCRYPT_AES_CMAC + select TINYCRYPT if !BT_USE_PSA_API + select TINYCRYPT_AES if !BT_USE_PSA_API + select TINYCRYPT_AES_CMAC if !BT_USE_PSA_API + select PSA_WANT_KEY_TYPE_AES if BT_USE_PSA_API + select PSA_WANT_ALG_CMAC if BT_USE_PSA_API help This option enables support for GATT Caching. When enabled the stack will register Client Supported Features and Database Hash diff --git a/subsys/bluetooth/host/crypto_psa.c b/subsys/bluetooth/host/crypto_psa.c new file mode 100644 index 0000000000000..041a2f9cd047e --- /dev/null +++ b/subsys/bluetooth/host/crypto_psa.c @@ -0,0 +1,151 @@ +/* + * Copyright (c) 2017 Nordic Semiconductor ASA + * Copyright (c) 2015-2016 Intel Corporation + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#include +#include + +#include +#include +#include + +#include +#include +#include +#include + +#include "psa/crypto.h" + +#include "common/bt_str.h" + +#include "hci_core.h" + +#define LOG_LEVEL CONFIG_BT_HCI_CORE_LOG_LEVEL +#include +LOG_MODULE_REGISTER(bt_host_crypto); + +int prng_init(void) +{ + if (psa_crypto_init() != PSA_SUCCESS) { + return -EIO; + } + return 0; +} + +#if defined(CONFIG_BT_HOST_CRYPTO_PRNG) +int bt_rand(void *buf, size_t len) +{ + if (psa_generate_random(buf, len) == PSA_SUCCESS) { + return 0; + } + + return -EIO; +} +#else /* !CONFIG_BT_HOST_CRYPTO_PRNG */ +int bt_rand(void *buf, size_t len) +{ + CHECKIF(buf == NULL || len == 0) { + return -EINVAL; + } + + return bt_hci_le_rand(buf, len); +} +#endif /* CONFIG_BT_HOST_CRYPTO_PRNG */ + +int bt_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16], + uint8_t enc_data[16]) +{ + psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT; + psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_status_t status, destroy_status; + size_t out_len; + uint8_t tmp[16]; + + CHECKIF(key == NULL || plaintext == NULL || enc_data == NULL) { + return -EINVAL; + } + + LOG_DBG("key %s", bt_hex(key, 16)); + LOG_DBG("plaintext %s", bt_hex(plaintext, 16)); + + sys_memcpy_swap(tmp, key, 16); + + psa_set_key_type(&attr, PSA_KEY_TYPE_AES); + psa_set_key_bits(&attr, 128); + psa_set_key_usage_flags(&attr, PSA_KEY_USAGE_ENCRYPT); + psa_set_key_algorithm(&attr, PSA_ALG_ECB_NO_PADDING); + if (psa_import_key(&attr, tmp, 16, &key_id) != PSA_SUCCESS) { + LOG_ERR("Failed to import AES key"); + return -EINVAL; + } + + sys_memcpy_swap(tmp, plaintext, 16); + + status = psa_cipher_encrypt(key_id, PSA_ALG_ECB_NO_PADDING, tmp, 16, + enc_data, 16, &out_len); + if (status != PSA_SUCCESS) { + LOG_ERR("AES encryption failed"); + } + + destroy_status = psa_destroy_key(key_id); + if (destroy_status != PSA_SUCCESS) { + LOG_ERR("Failed to destroy AES key"); + } + + if ((status != PSA_SUCCESS) || (destroy_status != PSA_SUCCESS)) { + return -EIO; + } + + sys_mem_swap(enc_data, 16); + + LOG_DBG("enc_data %s", bt_hex(enc_data, 16)); + + return 0; +} + +int bt_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16], + uint8_t enc_data[16]) +{ + psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT; + psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_status_t status, destroy_status; + size_t out_len; + + CHECKIF(key == NULL || plaintext == NULL || enc_data == NULL) { + return -EINVAL; + } + + LOG_DBG("key %s", bt_hex(key, 16)); + LOG_DBG("plaintext %s", bt_hex(plaintext, 16)); + + psa_set_key_type(&attr, PSA_KEY_TYPE_AES); + psa_set_key_bits(&attr, 128); + psa_set_key_usage_flags(&attr, PSA_KEY_USAGE_ENCRYPT); + psa_set_key_algorithm(&attr, PSA_ALG_ECB_NO_PADDING); + if (psa_import_key(&attr, key, 16, &key_id) != PSA_SUCCESS) { + LOG_ERR("Failed to import AES key"); + return -EINVAL; + } + + status = psa_cipher_encrypt(key_id, PSA_ALG_ECB_NO_PADDING, + plaintext, 16, enc_data, 16, &out_len); + if (status != PSA_SUCCESS) { + LOG_ERR("AES encryption failed"); + } + + destroy_status = psa_destroy_key(key_id); + if (destroy_status != PSA_SUCCESS) { + LOG_ERR("Failed to destroy AES key"); + } + + if ((status != PSA_SUCCESS) || (destroy_status != PSA_SUCCESS)) { + return -EIO; + } + + LOG_DBG("enc_data %s", bt_hex(enc_data, 16)); + + return 0; +} diff --git a/subsys/bluetooth/host/crypto.c b/subsys/bluetooth/host/crypto_tc.c similarity index 100% rename from subsys/bluetooth/host/crypto.c rename to subsys/bluetooth/host/crypto_tc.c diff --git a/subsys/bluetooth/host/gatt.c b/subsys/bluetooth/host/gatt.c index 6a967f9672a07..19c71087b42c5 100644 --- a/subsys/bluetooth/host/gatt.c +++ b/subsys/bluetooth/host/gatt.c @@ -21,11 +21,15 @@ #include #if defined(CONFIG_BT_GATT_CACHING) +#if defined(CONFIG_BT_USE_PSA_API) +#include "psa/crypto.h" +#else /* CONFIG_BT_USE_PSA_API */ #include #include #include #include #include +#endif /* CONFIG_BT_USE_PSA_API */ #endif /* CONFIG_BT_GATT_CACHING */ #include @@ -693,11 +697,93 @@ static ssize_t cf_write(struct bt_conn *conn, const struct bt_gatt_attr *attr, return len; } +#if defined(CONFIG_BT_USE_PSA_API) +struct gen_hash_state { + psa_mac_operation_t operation; + psa_key_id_t key; + int err; +}; + +static int db_hash_setup(struct gen_hash_state *state, uint8_t *key) +{ + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + + psa_set_key_type(&key_attr, PSA_KEY_TYPE_AES); + psa_set_key_bits(&key_attr, 128); + psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_SIGN_MESSAGE); + psa_set_key_algorithm(&key_attr, PSA_ALG_CMAC); + + if (psa_import_key(&key_attr, key, 16, &(state->key)) != PSA_SUCCESS) { + LOG_ERR("Unable to import the key for AES CMAC"); + return -EIO; + } + state->operation = psa_mac_operation_init(); + if (psa_mac_sign_setup(&(state->operation), state->key, + PSA_ALG_CMAC) != PSA_SUCCESS) { + LOG_ERR("CMAC operation init failed"); + return -EIO; + } + return 0; +} + +static int db_hash_update(struct gen_hash_state *state, uint8_t *data, size_t len) +{ + if (psa_mac_update(&(state->operation), data, len) != PSA_SUCCESS) { + LOG_ERR("CMAC update failed"); + return -EIO; + } + return 0; +} + +static int db_hash_finish(struct gen_hash_state *state) +{ + size_t mac_length; + + if (psa_mac_sign_finish(&(state->operation), db_hash.hash, 16, + &mac_length) != PSA_SUCCESS) { + LOG_ERR("CMAC finish failed"); + return -EIO; + } + return 0; +} + +#else /* CONFIG_BT_USE_PSA_API */ struct gen_hash_state { struct tc_cmac_struct state; + struct tc_aes_key_sched_struct sched; int err; }; +static int db_hash_setup(struct gen_hash_state *state, uint8_t *key) +{ + if (tc_cmac_setup(&(state->state), key, &(state->sched)) == TC_CRYPTO_FAIL) { + LOG_ERR("CMAC setup failed"); + return -EIO; + } + return 0; +} + +static int db_hash_update(struct gen_hash_state *state, uint8_t *data, size_t len) +{ + if (tc_cmac_update(&state->state, data, len) == TC_CRYPTO_FAIL) { + LOG_ERR("CMAC update failed"); + return -EIO; + } + return 0; +} + +static int db_hash_finish(struct gen_hash_state *state) +{ + if (tc_cmac_final(db_hash.hash, &(state->state)) == TC_CRYPTO_FAIL) { + LOG_ERR("CMAC finish failed"); + return -EIO; + } + return 0; +} + + +#endif /* CONFIG_BT_USE_PSA_API */ + union hash_attr_value { /* Bluetooth Core Specification Version 5.3 | Vol 3, Part G * Table 3.1: Service declaration @@ -755,15 +841,15 @@ static uint8_t gen_hash_m(const struct bt_gatt_attr *attr, uint16_t handle, case BT_UUID_GATT_CHRC_VAL: case BT_UUID_GATT_CEP_VAL: value = sys_cpu_to_le16(handle); - if (tc_cmac_update(&state->state, (uint8_t *)&value, - sizeof(handle)) == TC_CRYPTO_FAIL) { + if (db_hash_update(state, (uint8_t *)&value, + sizeof(handle)) != 0) { state->err = -EINVAL; return BT_GATT_ITER_STOP; } value = sys_cpu_to_le16(u16->val); - if (tc_cmac_update(&state->state, (uint8_t *)&value, - sizeof(u16->val)) == TC_CRYPTO_FAIL) { + if (db_hash_update(state, (uint8_t *)&value, + sizeof(u16->val)) != 0) { state->err = -EINVAL; return BT_GATT_ITER_STOP; } @@ -774,8 +860,7 @@ static uint8_t gen_hash_m(const struct bt_gatt_attr *attr, uint16_t handle, return BT_GATT_ITER_STOP; } - if (tc_cmac_update(&state->state, data, len) == - TC_CRYPTO_FAIL) { + if (db_hash_update(state, data, len) != 0) { state->err = -EINVAL; return BT_GATT_ITER_STOP; } @@ -788,18 +873,19 @@ static uint8_t gen_hash_m(const struct bt_gatt_attr *attr, uint16_t handle, case BT_UUID_GATT_CPF_VAL: case BT_UUID_GATT_CAF_VAL: value = sys_cpu_to_le16(handle); - if (tc_cmac_update(&state->state, (uint8_t *)&value, - sizeof(handle)) == TC_CRYPTO_FAIL) { + if (db_hash_update(state, (uint8_t *)&value, + sizeof(handle)) != 0) { state->err = -EINVAL; return BT_GATT_ITER_STOP; } value = sys_cpu_to_le16(u16->val); - if (tc_cmac_update(&state->state, (uint8_t *)&value, - sizeof(u16->val)) == TC_CRYPTO_FAIL) { + if (db_hash_update(state, (uint8_t *)&value, + sizeof(u16->val)) != 0) { state->err = -EINVAL; return BT_GATT_ITER_STOP; } + break; default: return BT_GATT_ITER_CONTINUE; @@ -825,18 +911,15 @@ static void db_hash_store(void) static void db_hash_gen(void) { uint8_t key[16] = {}; - struct tc_aes_key_sched_struct sched; struct gen_hash_state state; - if (tc_cmac_setup(&state.state, key, &sched) == TC_CRYPTO_FAIL) { - LOG_ERR("Unable to setup AES CMAC"); + if (db_hash_setup(&state, key) != 0) { return; } bt_gatt_foreach_attr(0x0001, 0xffff, gen_hash_m, &state); - if (tc_cmac_final(db_hash.hash, &state.state) == TC_CRYPTO_FAIL) { - LOG_ERR("Unable to calculate hash"); + if (db_hash_finish(&state) != 0) { return; } diff --git a/subsys/bluetooth/host/hci_ecc.c b/subsys/bluetooth/host/hci_ecc.c index 718d90176fa7d..7e8e66a90fe6f 100644 --- a/subsys/bluetooth/host/hci_ecc.c +++ b/subsys/bluetooth/host/hci_ecc.c @@ -13,10 +13,15 @@ #include #include #include + +#if defined(CONFIG_BT_USE_PSA_API) +#include +#else /* !CONFIG_BT_USE_PSA_API */ #include #include #include #include +#endif /* CONFIG_BT_USE_PSA_API*/ #include #include @@ -104,6 +109,54 @@ static void send_cmd_status(uint16_t opcode, uint8_t status) #endif } +#if defined(CONFIG_BT_USE_PSA_API) +static void set_key_attributes(psa_key_attributes_t *attr) +{ + psa_set_key_type(attr, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); + psa_set_key_bits(attr, 256); + psa_set_key_usage_flags(attr, PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(attr, PSA_ALG_ECDH); +} + +static uint8_t generate_keys(void) +{ + psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT; + psa_key_id_t key_id; + uint8_t tmp_pub_key_buf[BT_PUB_KEY_LEN + 1]; + size_t tmp_len; + + set_key_attributes(&attr); + + if (psa_generate_key(&attr, &key_id) != PSA_SUCCESS) { + LOG_ERR("Failed to generate ECC key"); + return BT_HCI_ERR_UNSPECIFIED; + } + + if (psa_export_public_key(key_id, tmp_pub_key_buf, sizeof(tmp_pub_key_buf), + &tmp_len) != PSA_SUCCESS) { + LOG_ERR("Failed to export ECC public key"); + return BT_HCI_ERR_UNSPECIFIED; + } + /* secp256r1 PSA exported public key has an extra 0x04 predefined byte at + * the beginning of the buffer which is not part of the coordinate so + * we remove that. + */ + memcpy(ecc.public_key_be, &tmp_pub_key_buf[1], BT_PUB_KEY_LEN); + + if (psa_export_key(key_id, ecc.private_key_be, BT_PRIV_KEY_LEN, + &tmp_len) != PSA_SUCCESS) { + LOG_ERR("Failed to export ECC private key"); + return BT_HCI_ERR_UNSPECIFIED; + } + + if (psa_destroy_key(key_id) != PSA_SUCCESS) { + LOG_ERR("Failed to destroy ECC key ID"); + return BT_HCI_ERR_UNSPECIFIED; + } + + return 0; +} +#else static uint8_t generate_keys(void) { do { @@ -125,6 +178,7 @@ static uint8_t generate_keys(void) return 0; } +#endif /* CONFIG_BT_USE_PSA_API */ static void emulate_le_p256_public_key_cmd(void) { @@ -176,21 +230,55 @@ static void emulate_le_generate_dhkey(void) struct bt_hci_evt_le_meta_event *meta; struct bt_hci_evt_hdr *hdr; struct net_buf *buf; - int ret; + int ret = 0; + bool use_debug = atomic_test_bit(flags, USE_DEBUG_KEY); + +#if defined(CONFIG_BT_USE_PSA_API) + psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT; + psa_key_id_t key_id; + /* PSA expects secp256r1 public key to start with a predefined 0x04 byte + * at the beginning the buffer. + */ + uint8_t tmp_pub_key_buf[BT_PUB_KEY_LEN + 1] = { 0x04 }; + size_t tmp_len; + set_key_attributes(&attr); + + if (psa_import_key(&attr, use_debug ? debug_private_key_be : ecc.private_key_be, + BT_PRIV_KEY_LEN, &key_id) != PSA_SUCCESS) { + ret = -EIO; + LOG_ERR("Failed to import the private key for key agreement"); + goto exit; + } + + memcpy(&tmp_pub_key_buf[1], ecc.public_key_be, BT_PUB_KEY_LEN); + if (psa_raw_key_agreement(PSA_ALG_ECDH, key_id, tmp_pub_key_buf, + sizeof(tmp_pub_key_buf), ecc.dhkey_be, BT_DH_KEY_LEN, + &tmp_len) != PSA_SUCCESS) { + ret = -EIO; + LOG_ERR("Raw key agreement failed"); + goto exit; + } + + if (psa_destroy_key(key_id) != PSA_SUCCESS) { + LOG_ERR("Failed to destroy the key"); + ret = -EIO; + } + +#else /* !CONFIG_BT_USE_PSA_API */ ret = uECC_valid_public_key(ecc.public_key_be, &curve_secp256r1); if (ret < 0) { LOG_ERR("public key is not valid (ret %d)", ret); - ret = TC_CRYPTO_FAIL; - } else { - bool use_debug = atomic_test_bit(flags, USE_DEBUG_KEY); - - ret = uECC_shared_secret(ecc.public_key_be, - use_debug ? debug_private_key_be : - ecc.private_key_be, - ecc.dhkey_be, &curve_secp256r1); + ret = -EIO; + goto exit; } + ret = uECC_shared_secret(ecc.public_key_be, + use_debug ? debug_private_key_be : ecc.private_key_be, + ecc.dhkey_be, &curve_secp256r1); + ret = (ret == TC_CRYPTO_FAIL) ? -EIO : 0; +#endif /* CONFIG_BT_USE_PSA_API */ +exit: buf = bt_buf_get_rx(BT_BUF_EVT, K_FOREVER); hdr = net_buf_add(buf, sizeof(*hdr)); @@ -202,7 +290,7 @@ static void emulate_le_generate_dhkey(void) evt = net_buf_add(buf, sizeof(*evt)); - if (ret == TC_CRYPTO_FAIL) { + if (ret != 0) { evt->status = BT_HCI_ERR_UNSPECIFIED; (void)memset(evt->dhkey, 0xff, sizeof(evt->dhkey)); } else { diff --git a/tests/bluetooth/bt_crypto/testcase.yaml b/tests/bluetooth/bt_crypto/testcase.yaml index 430d763d0cb23..ba93346259062 100644 --- a/tests/bluetooth/bt_crypto/testcase.yaml +++ b/tests/bluetooth/bt_crypto/testcase.yaml @@ -12,3 +12,19 @@ tests: integration_platforms: - native_sim tags: bluetooth + bluetooth.bt_crypto.psa: + filter: CONFIG_PSA_CRYPTO_CLIENT + extra_args: + - EXTRA_DTC_OVERLAY_FILE="test.overlay" + platform_allow: + - native_posix + - native_posix/native/64 + - native_sim + - native_sim/native/64 + - qemu_x86 + - qemu_cortex_m3 + - nrf5340dk/nrf5340/cpuapp/ns + - nrf52840dk/nrf52840 + integration_platforms: + - native_sim + tags: bluetooth diff --git a/tests/bluetooth/gatt/testcase.yaml b/tests/bluetooth/gatt/testcase.yaml index 135f6d823ede4..fd349d00f52c9 100644 --- a/tests/bluetooth/gatt/testcase.yaml +++ b/tests/bluetooth/gatt/testcase.yaml @@ -14,3 +14,21 @@ tests: tags: - bluetooth - gatt + bluetooth.gatt.psa: + filter: CONFIG_PSA_CRYPTO_CLIENT + extra_args: + - EXTRA_DTC_OVERLAY_FILE="test.overlay" + platform_allow: + - native_posix + - native_posix/native/64 + - native_sim + - native_sim/native/64 + - qemu_x86 + - qemu_cortex_m3 + - nrf5340dk/nrf5340/cpuapp/ns + - nrf52840dk/nrf52840 + integration_platforms: + - native_sim + tags: + - bluetooth + - gatt diff --git a/tests/bluetooth/host/crypto/CMakeLists.txt b/tests/bluetooth/host/crypto/CMakeLists.txt index 1a8ae2f5a5004..856b27562822a 100644 --- a/tests/bluetooth/host/crypto/CMakeLists.txt +++ b/tests/bluetooth/host/crypto/CMakeLists.txt @@ -12,7 +12,7 @@ add_library(mocks STATIC mocks/hmac_prng_expects.c mocks/crypto_help_utils.c - ${ZEPHYR_BASE}/subsys/bluetooth/host/crypto.c + ${ZEPHYR_BASE}/subsys/bluetooth/host/crypto_tc.c ${ZEPHYR_BASE}/subsys/logging/log_minimal.c ${ZEPHYR_BASE}/subsys/bluetooth/common/bt_str.c ${ZEPHYR_BASE}/subsys/bluetooth/host/uuid.c diff --git a/tests/bluetooth/mesh/basic/dbg.conf b/tests/bluetooth/mesh/basic/dbg.conf index 73cd1b361b6d1..6933c402ac6c2 100644 --- a/tests/bluetooth/mesh/basic/dbg.conf +++ b/tests/bluetooth/mesh/basic/dbg.conf @@ -17,7 +17,6 @@ CONFIG_BT_CTLR_PRIVACY=n CONFIG_BT_PERIPHERAL=y CONFIG_BT=y -CONFIG_BT_TINYCRYPT_ECC=y CONFIG_BT_MESH=y CONFIG_BT_MESH_RELAY=y diff --git a/tests/bluetooth/mesh/basic/friend.conf b/tests/bluetooth/mesh/basic/friend.conf index 136bced37db2a..b669d9729125d 100644 --- a/tests/bluetooth/mesh/basic/friend.conf +++ b/tests/bluetooth/mesh/basic/friend.conf @@ -15,7 +15,6 @@ CONFIG_BT_CTLR_MIN_USED_CHAN=n CONFIG_BT_CTLR_PRIVACY=n CONFIG_BT=y -CONFIG_BT_TINYCRYPT_ECC=y CONFIG_BT_MESH=y CONFIG_BT_MESH_RELAY=y diff --git a/tests/bluetooth/mesh/basic/gatt.conf b/tests/bluetooth/mesh/basic/gatt.conf index 75b6a424a4aa5..57caf1ec8436c 100644 --- a/tests/bluetooth/mesh/basic/gatt.conf +++ b/tests/bluetooth/mesh/basic/gatt.conf @@ -17,7 +17,6 @@ CONFIG_BT_CTLR_PRIVACY=n CONFIG_BT_PERIPHERAL=y CONFIG_BT=y -CONFIG_BT_TINYCRYPT_ECC=y CONFIG_BT_MESH=y CONFIG_BT_MESH_RELAY=y diff --git a/tests/bluetooth/mesh/basic/lpn.conf b/tests/bluetooth/mesh/basic/lpn.conf index 441516fbe6efd..6edaa9af8a940 100644 --- a/tests/bluetooth/mesh/basic/lpn.conf +++ b/tests/bluetooth/mesh/basic/lpn.conf @@ -17,7 +17,6 @@ CONFIG_BT_CTLR_PRIVACY=n CONFIG_BT_PERIPHERAL=y CONFIG_BT=y -CONFIG_BT_TINYCRYPT_ECC=y CONFIG_BT_MESH=y CONFIG_BT_MESH_RELAY=n diff --git a/tests/bluetooth/mesh/basic/multi_ext_adv.conf b/tests/bluetooth/mesh/basic/multi_ext_adv.conf index aa93628401b7a..634973154c348 100644 --- a/tests/bluetooth/mesh/basic/multi_ext_adv.conf +++ b/tests/bluetooth/mesh/basic/multi_ext_adv.conf @@ -16,7 +16,6 @@ CONFIG_BT_CTLR_PRIVACY=n CONFIG_BT_PERIPHERAL=y CONFIG_BT=y -CONFIG_BT_TINYCRYPT_ECC=y CONFIG_BT_MESH=y CONFIG_BT_MESH_RELAY=y diff --git a/tests/bluetooth/mesh/basic/pb_gatt.conf b/tests/bluetooth/mesh/basic/pb_gatt.conf index 28ade412c0833..3deb6aebc0713 100644 --- a/tests/bluetooth/mesh/basic/pb_gatt.conf +++ b/tests/bluetooth/mesh/basic/pb_gatt.conf @@ -17,7 +17,6 @@ CONFIG_BT_CTLR_PRIVACY=n CONFIG_BT_PERIPHERAL=y CONFIG_BT=y -CONFIG_BT_TINYCRYPT_ECC=y CONFIG_BT_MESH=y CONFIG_BT_MESH_RELAY=y diff --git a/tests/bluetooth/mesh/basic/prj.conf b/tests/bluetooth/mesh/basic/prj.conf index 126907a8837ef..825d1be6e9ab8 100644 --- a/tests/bluetooth/mesh/basic/prj.conf +++ b/tests/bluetooth/mesh/basic/prj.conf @@ -17,7 +17,6 @@ CONFIG_BT_CTLR_PRIVACY=n CONFIG_BT_PERIPHERAL=y CONFIG_BT=y -CONFIG_BT_TINYCRYPT_ECC=y CONFIG_BT_MESH=y CONFIG_BT_MESH_RELAY=y diff --git a/tests/bluetooth/mesh/basic/proxy.conf b/tests/bluetooth/mesh/basic/proxy.conf index 18d22ae8b9782..068be4973aade 100644 --- a/tests/bluetooth/mesh/basic/proxy.conf +++ b/tests/bluetooth/mesh/basic/proxy.conf @@ -17,7 +17,6 @@ CONFIG_BT_CTLR_PRIVACY=n CONFIG_BT_PERIPHERAL=y CONFIG_BT=y -CONFIG_BT_TINYCRYPT_ECC=y CONFIG_BT_MESH=y CONFIG_BT_MESH_RELAY=n diff --git a/tests/bluetooth/mesh/basic/testcase.yaml b/tests/bluetooth/mesh/basic/testcase.yaml index 24486e4d75fa4..1eced45437fcd 100644 --- a/tests/bluetooth/mesh/basic/testcase.yaml +++ b/tests/bluetooth/mesh/basic/testcase.yaml @@ -37,6 +37,20 @@ tests: platform_allow: - qemu_x86 - nrf52840dk/nrf52840 + - nrf5340dk/nrf5340/cpuapp/ns + integration_platforms: + - qemu_x86 + tags: + - bluetooth + - mesh + bluetooth.mesh.gatt.psa: + build_only: true + extra_args: CONF_FILE=gatt.conf + extra_configs: + - CONFIG_BT_USE_PSA_API=y + platform_allow: + - qemu_x86 + - nrf5340dk/nrf5340/cpuapp/ns integration_platforms: - qemu_x86 tags: diff --git a/tests/bluetooth/mesh_shell/prj.conf b/tests/bluetooth/mesh_shell/prj.conf index 9ed15616cab52..bb4c878bdfdfb 100644 --- a/tests/bluetooth/mesh_shell/prj.conf +++ b/tests/bluetooth/mesh_shell/prj.conf @@ -18,7 +18,6 @@ CONFIG_SETTINGS=y CONFIG_BT=y CONFIG_BT_OBSERVER=y CONFIG_BT_PERIPHERAL=y -CONFIG_BT_TINYCRYPT_ECC=y CONFIG_BT_DEVICE_NAME="Zephyr Mesh" CONFIG_BT_GATT_CACHING=n diff --git a/tests/bluetooth/shell/log.conf b/tests/bluetooth/shell/log.conf index 69a1d5d5533f7..7a9aa9b8680ff 100644 --- a/tests/bluetooth/shell/log.conf +++ b/tests/bluetooth/shell/log.conf @@ -13,7 +13,6 @@ CONFIG_BT_FIXED_PASSKEY=y CONFIG_BT_ATT_PREPARE_COUNT=2 CONFIG_BT_GATT_CLIENT=y CONFIG_BT_L2CAP_DYNAMIC_CHANNEL=y -CONFIG_BT_TINYCRYPT_ECC=y CONFIG_BT_SHELL=y CONFIG_BT_DEVICE_NAME="log test shell" CONFIG_BT_DEVICE_NAME_DYNAMIC=y diff --git a/tests/bluetooth/shell/mesh.conf b/tests/bluetooth/shell/mesh.conf index a8079eb7b28b8..0336d417fb51d 100644 --- a/tests/bluetooth/shell/mesh.conf +++ b/tests/bluetooth/shell/mesh.conf @@ -13,7 +13,6 @@ CONFIG_BT_SIGNING=y CONFIG_BT_ATT_PREPARE_COUNT=2 CONFIG_BT_GATT_CLIENT=y CONFIG_BT_L2CAP_DYNAMIC_CHANNEL=y -CONFIG_BT_TINYCRYPT_ECC=y CONFIG_SHELL=y CONFIG_BT_SHELL=y CONFIG_BT_DEVICE_NAME="test shell" diff --git a/tests/bluetooth/shell/prj.conf b/tests/bluetooth/shell/prj.conf index 605cbc61c1948..510d0988262c1 100644 --- a/tests/bluetooth/shell/prj.conf +++ b/tests/bluetooth/shell/prj.conf @@ -15,7 +15,6 @@ CONFIG_BT_FIXED_PASSKEY=y CONFIG_BT_ATT_PREPARE_COUNT=2 CONFIG_BT_GATT_CLIENT=y CONFIG_BT_L2CAP_DYNAMIC_CHANNEL=y -CONFIG_BT_TINYCRYPT_ECC=y CONFIG_BT_SHELL=y CONFIG_BT_DEVICE_NAME="test shell" CONFIG_BT_DEVICE_NAME_DYNAMIC=y diff --git a/tests/bluetooth/shell/prj_br.conf b/tests/bluetooth/shell/prj_br.conf index d41ec3053087f..45d3806473fff 100644 --- a/tests/bluetooth/shell/prj_br.conf +++ b/tests/bluetooth/shell/prj_br.conf @@ -16,5 +16,4 @@ CONFIG_BT_ATT_PREPARE_COUNT=2 CONFIG_BT_GATT_CLIENT=y CONFIG_BT_HRS=y CONFIG_BT_L2CAP_DYNAMIC_CHANNEL=y -CONFIG_BT_TINYCRYPT_ECC=y CONFIG_BT_DEVICE_NAME="test shell" diff --git a/tests/bluetooth/tester/prj.conf b/tests/bluetooth/tester/prj.conf index 84ba74652ddc1..3e7f52d4d8375 100644 --- a/tests/bluetooth/tester/prj.conf +++ b/tests/bluetooth/tester/prj.conf @@ -36,7 +36,6 @@ CONFIG_BT_PER_ADV_SYNC=y CONFIG_BT_BUF_ACL_RX_SIZE=100 CONFIG_BT_RX_STACK_SIZE=4096 -CONFIG_BT_TINYCRYPT_ECC=y CONFIG_BT_TESTING=y CONFIG_UTF8=y diff --git a/tests/bsim/bluetooth/hci_uart/compile.sh b/tests/bsim/bluetooth/hci_uart/compile.sh index ed177513a055e..3546c8c37987d 100755 --- a/tests/bsim/bluetooth/hci_uart/compile.sh +++ b/tests/bsim/bluetooth/hci_uart/compile.sh @@ -12,6 +12,8 @@ source ${ZEPHYR_BASE}/tests/bsim/compile.source app=tests/bsim/bluetooth/ll/conn conf_file=prj_split_hci_uart.conf \ cmake_extra_args=-DEXTRA_DTC_OVERLAY_FILE=hci-uart.overlay compile +app=tests/bsim/bluetooth/ll/conn conf_file=prj_split_hci_uart.conf conf_overlay=psa_overlay.conf \ + cmake_extra_args=-DEXTRA_DTC_OVERLAY_FILE=hci-uart.overlay compile app=samples/bluetooth/hci_uart compile app=samples/bluetooth/hci_uart_async compile diff --git a/tests/bsim/bluetooth/hci_uart/tests_scripts/basic_conn_split_hci_uart_psa.sh b/tests/bsim/bluetooth/hci_uart/tests_scripts/basic_conn_split_hci_uart_psa.sh new file mode 100755 index 0000000000000..6859ad8cbdfb6 --- /dev/null +++ b/tests/bsim/bluetooth/hci_uart/tests_scripts/basic_conn_split_hci_uart_psa.sh @@ -0,0 +1,45 @@ +#!/usr/bin/env bash +# Copyright 2024 Nordic Semiconductor ASA +# SPDX-License-Identifier: Apache-2.0 + +source ${ZEPHYR_BASE}/tests/bsim/sh_common.source + +# Basic connection test: a central connects to a peripheral and expects a +# notification, using the split controller (ULL LLL) +# Both central and peripheral hosts have their controllers in a separate device +# connected over UART. The controller is the HCI UART sample. +simulation_id="basic_conn_split_hci_uart_psa" +verbosity_level=2 + +cd ${BSIM_OUT_PATH}/bin + +UART_DIR=/tmp/bs_${USER}/${simulation_id}/ +UART_PER=${UART_DIR}/peripheral +UART_CEN=${UART_DIR}/central + +# Note the host+app devices are NOT connected to the phy, only the controllers are. + +# Peripheral app + host : +Execute ./bs_${BOARD_TS}_tests_bsim_bluetooth_ll_conn_prj_split_hci_uart_conf_psa_overlay_conf \ + -v=${verbosity_level} -s=${simulation_id} -d=10 -nosim -RealEncryption=0 \ + -testid=peripheral -rs=23 -uart1_fifob_rxfile=${UART_PER}.rx -uart1_fifob_txfile=${UART_PER}.tx + +# Peripheral controller: +Execute ./bs_${BOARD_TS}_samples_bluetooth_hci_uart_prj_conf \ + -v=${verbosity_level} -s=${simulation_id} -d=0 -RealEncryption=0 \ + -rs=23 -uart1_fifob_rxfile=${UART_PER}.tx -uart1_fifob_txfile=${UART_PER}.rx \ + +# Central app + host +Execute ./bs_${BOARD_TS}_tests_bsim_bluetooth_ll_conn_prj_split_hci_uart_conf_psa_overlay_conf \ + -v=${verbosity_level} -s=${simulation_id} -d=11 -nosim -RealEncryption=0 \ + -testid=central -rs=6 -uart1_fifob_rxfile=${UART_CEN}.rx -uart1_fifob_txfile=${UART_CEN}.tx + +# Central controller: +Execute ./bs_${BOARD_TS}_samples_bluetooth_hci_uart_prj_conf \ + -v=${verbosity_level} -s=${simulation_id} -d=1 -RealEncryption=0 \ + -rs=23 -uart1_fifob_rxfile=${UART_CEN}.tx -uart1_fifob_txfile=${UART_CEN}.rx + +Execute ./bs_2G4_phy_v1 -v=${verbosity_level} -s=${simulation_id} \ + -D=2 -sim_length=20e6 $@ + +wait_for_background_jobs diff --git a/tests/bsim/bluetooth/host/gatt/caching/psa_overlay.conf b/tests/bsim/bluetooth/host/gatt/caching/psa_overlay.conf new file mode 100644 index 0000000000000..7086f66d96d52 --- /dev/null +++ b/tests/bsim/bluetooth/host/gatt/caching/psa_overlay.conf @@ -0,0 +1,7 @@ +CONFIG_BT_USE_PSA_API=y +CONFIG_MBEDTLS=y +CONFIG_MBEDTLS_PSA_CRYPTO_C=y +CONFIG_PSA_CRYPTO_ENABLE_ALL=y + +CONFIG_ENTROPY_GENERATOR=y +CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG=y diff --git a/tests/bsim/bluetooth/host/gatt/caching/test_scripts/_run_test.sh b/tests/bsim/bluetooth/host/gatt/caching/test_scripts/_run_test.sh index a8399b79eb9b9..ed7876abe8b54 100755 --- a/tests/bsim/bluetooth/host/gatt/caching/test_scripts/_run_test.sh +++ b/tests/bsim/bluetooth/host/gatt/caching/test_scripts/_run_test.sh @@ -6,13 +6,14 @@ source ${ZEPHYR_BASE}/tests/bsim/sh_common.source verbosity_level=2 EXECUTE_TIMEOUT=120 +BIN_SUFFIX=${bin_suffix:-} cd ${BSIM_OUT_PATH}/bin -Execute ./bs_${BOARD_TS}_tests_bsim_bluetooth_host_gatt_caching_prj_conf \ +Execute ./bs_${BOARD_TS}_tests_bsim_bluetooth_host_gatt_caching_prj_conf${BIN_SUFFIX} \ -v=${verbosity_level} -s=${simulation_id} -d=0 -testid=${client_id} -Execute ./bs_${BOARD_TS}_tests_bsim_bluetooth_host_gatt_caching_prj_conf \ +Execute ./bs_${BOARD_TS}_tests_bsim_bluetooth_host_gatt_caching_prj_conf${BIN_SUFFIX} \ -v=${verbosity_level} -s=${simulation_id} -d=1 -testid=${server_id} Execute ./bs_2G4_phy_v1 -v=${verbosity_level} -s=${simulation_id} \ diff --git a/tests/bsim/bluetooth/host/gatt/caching/test_scripts/gatt_caching_psa_db_hash_read_eatt.sh b/tests/bsim/bluetooth/host/gatt/caching/test_scripts/gatt_caching_psa_db_hash_read_eatt.sh new file mode 100755 index 0000000000000..281ff23a055db --- /dev/null +++ b/tests/bsim/bluetooth/host/gatt/caching/test_scripts/gatt_caching_psa_db_hash_read_eatt.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash +# Copyright 2024 Nordic Semiconductor ASA +# SPDX-License-Identifier: Apache-2.0 + +simulation_id="gatt_caching_psa_db_hash_read_eatt_psa" \ + client_id="gatt_client_db_hash_read_eatt" \ + server_id="gatt_server_eatt" \ + bin_suffix="_psa_overlay_conf" \ + $(dirname "${BASH_SOURCE[0]}")/_run_test.sh diff --git a/tests/bsim/bluetooth/host/gatt/compile.sh b/tests/bsim/bluetooth/host/gatt/compile.sh index 3fc026e67ccbb..67ebb09be9ecf 100755 --- a/tests/bsim/bluetooth/host/gatt/compile.sh +++ b/tests/bsim/bluetooth/host/gatt/compile.sh @@ -12,6 +12,7 @@ source ${ZEPHYR_BASE}/tests/bsim/compile.source app=tests/bsim/bluetooth/host/gatt/authorization compile app=tests/bsim/bluetooth/host/gatt/caching compile +app=tests/bsim/bluetooth/host/gatt/caching conf_overlay=psa_overlay.conf compile app=tests/bsim/bluetooth/host/gatt/general compile app=tests/bsim/bluetooth/host/gatt/notify compile app=tests/bsim/bluetooth/host/gatt/notify_multiple compile diff --git a/tests/bsim/bluetooth/ll/conn/psa_overlay.conf b/tests/bsim/bluetooth/ll/conn/psa_overlay.conf new file mode 100644 index 0000000000000..7086f66d96d52 --- /dev/null +++ b/tests/bsim/bluetooth/ll/conn/psa_overlay.conf @@ -0,0 +1,7 @@ +CONFIG_BT_USE_PSA_API=y +CONFIG_MBEDTLS=y +CONFIG_MBEDTLS_PSA_CRYPTO_C=y +CONFIG_PSA_CRYPTO_ENABLE_ALL=y + +CONFIG_ENTROPY_GENERATOR=y +CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG=y