bt_crypto: provide a PSA APIs implementation alternative to TinyCrypt

doc/releases/migration-guide-3.7.rst

@@ -657,6 +657,14 @@ Bluetooth Host
   longer used in Zephyr 3.4.0 and later. Any references to this field should be removed. No further
   action is needed.
 
+Bluetooth Crypto
+================
+
+* :kconfig:option:`CONFIG_BT_USE_PSA_API` was added to explicitly request use
+  of PSA APIs instead of TinyCrypt for crypto operations. Of course, this is
+  possible only a PSA crypto provider available in the system, i.e.
+  :kconfig:option:`CONFIG_PSA_CRYPTO_CLIENT` is set. (:github:`73378`)
+
 Networking
 **********
 

modules/trusted-firmware-m/Kconfig.tfm

@@ -30,6 +30,7 @@ menuconfig BUILD_WITH_TFM
 	depends on TFM_BOARD != ""
 	depends on ARM_TRUSTZONE_M
 	select BUILD_OUTPUT_HEX
+	select PSA_CRYPTO_CLIENT
 	imply INIT_ARCH_HW_AT_BOOT
 	imply ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS
 	imply MBEDTLS

subsys/bluetooth/Kconfig

@@ -192,6 +192,13 @@ rsource "crypto/Kconfig"
 rsource "lib/Kconfig"
 rsource "Kconfig.logging"
 
+config BT_USE_PSA_API
+	bool "Use PSA APIs instead of TinyCrypt for crypto operations"
+	depends on BT_CRYPTO || BT_HOST_CRYPTO || BT_ECC
+	depends on PSA_CRYPTO_CLIENT
+	help
+	  Use PSA APIs instead of TinyCrypt for crypto operations
+
 endif # BT_HCI
 
 config BT_COMPANY_ID

subsys/bluetooth/crypto/CMakeLists.txt

@@ -4,6 +4,16 @@ zephyr_library()
 
 zephyr_library_sources(bt_crypto.c)
 
+if(CONFIG_BT_USE_PSA_API)
+    zephyr_library_sources(bt_crypto_psa.c)
+    zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS)
+    zephyr_library_include_directories_ifdef(CONFIG_BUILD_WITH_TFM
+        $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/api_ns/interface/include
+    )
+else()
+    zephyr_library_sources(bt_crypto_tc.c)
+endif()
+
 if(CONFIG_BT_CRYPTO_LOG_LEVEL_DBG)
     message(WARNING "CONFIG_BT_CRYPTO_LOG_LEVEL_DBG is enabled.
     Private security keys such as the Long Term Key will be printed out.

subsys/bluetooth/crypto/Kconfig

@@ -3,8 +3,10 @@
 
 config BT_CRYPTO
 	bool
-	select TINYCRYPT
-	select TINYCRYPT_AES
-	select TINYCRYPT_AES_CMAC
+	select TINYCRYPT if !BT_USE_PSA_API
+	select TINYCRYPT_AES if !BT_USE_PSA_API
+	select TINYCRYPT_AES_CMAC if !BT_USE_PSA_API
+	select PSA_WANT_KEY_TYPE_AES if BT_USE_PSA_API
+	select PSA_WANT_ALG_CMAC if BT_USE_PSA_API
 	help
 	  This option enables the Bluetooth Cryptographic Toolbox.

subsys/bluetooth/crypto/bt_crypto.c

@@ -7,8 +7,12 @@
 
 #include <zephyr/sys/byteorder.h>
 
+#if defined(CONFIG_BT_USE_PSA_API)
+#include "psa/crypto.h"
+#else
 #include <tinycrypt/cmac_mode.h>
 #include <tinycrypt/constants.h>
+#endif
 
 #include "common/bt_str.h"
 #include "bt_crypto.h"
@@ -17,27 +21,6 @@
 #include <zephyr/logging/log.h>
 LOG_MODULE_REGISTER(bt_crypto);
 
-
-int bt_crypto_aes_cmac(const uint8_t *key, const uint8_t *in, size_t len, uint8_t *out)
-{
-	struct tc_aes_key_sched_struct sched;
-	struct tc_cmac_struct state;
-
-	if (tc_cmac_setup(&state, key, &sched) == TC_CRYPTO_FAIL) {
-		return -EIO;
-	}
-
-	if (tc_cmac_update(&state, in, len) == TC_CRYPTO_FAIL) {
-		return -EIO;
-	}
-
-	if (tc_cmac_final(out, &state) == TC_CRYPTO_FAIL) {
-		return -EIO;
-	}
-
-	return 0;
-}
-
 int bt_crypto_f4(const uint8_t *u, const uint8_t *v, const uint8_t *x, uint8_t z, uint8_t res[16])
 {
 	uint8_t xs[16];

subsys/bluetooth/crypto/bt_crypto_psa.c

@@ -0,0 +1,46 @@
+/* Copyright (c) 2022 Nordic Semiconductor ASA
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include <errno.h>
+#include <string.h>
+
+#include <zephyr/sys/byteorder.h>
+
+#include "psa/crypto.h"
+
+#include "common/bt_str.h"
+#include "bt_crypto.h"
+
+#define LOG_LEVEL CONFIG_BT_CRYPTO_LOG_LEVEL
+#include <zephyr/logging/log.h>
+LOG_MODULE_DECLARE(bt_crypto);
+
+int bt_crypto_aes_cmac(const uint8_t *key, const uint8_t *in, size_t len, uint8_t *out)
+{
+	psa_key_id_t key_id;
+	psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
+	size_t out_size;
+	psa_status_t status, destroy_status;
+
+	psa_set_key_type(&key_attr, PSA_KEY_TYPE_AES);
+	psa_set_key_bits(&key_attr, 128);
+	psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_SIGN_MESSAGE |
+					   PSA_KEY_USAGE_VERIFY_MESSAGE);
+	psa_set_key_algorithm(&key_attr, PSA_ALG_CMAC);
+
+	status = psa_import_key(&key_attr, key, 16, &key_id);
+	if (status != PSA_SUCCESS) {
+		LOG_ERR("Failed to import AES key %d", status);
+		return -EIO;
+	}
+
+	status = psa_mac_compute(key_id, PSA_ALG_CMAC, in, len, out, 16, &out_size);
+	destroy_status = psa_destroy_key(key_id);
+	if ((status != PSA_SUCCESS) || (destroy_status != PSA_SUCCESS)) {
+		LOG_ERR("Failed to compute MAC %d", status);
+		return -EIO;
+	}
+
+	return 0;
+}

subsys/bluetooth/crypto/bt_crypto_tc.c

@@ -0,0 +1,34 @@
+/* Copyright (c) 2022 Nordic Semiconductor ASA
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include <errno.h>
+#include <string.h>
+
+#include <zephyr/sys/byteorder.h>
+
+#include <tinycrypt/cmac_mode.h>
+#include <tinycrypt/constants.h>
+
+#include "common/bt_str.h"
+#include "bt_crypto.h"
+
+int bt_crypto_aes_cmac(const uint8_t *key, const uint8_t *in, size_t len, uint8_t *out)
+{
+	struct tc_aes_key_sched_struct sched;
+	struct tc_cmac_struct state;
+
+	if (tc_cmac_setup(&state, key, &sched) == TC_CRYPTO_FAIL) {
+		return -EIO;
+	}
+
+	if (tc_cmac_update(&state, in, len) == TC_CRYPTO_FAIL) {
+		return -EIO;
+	}
+
+	if (tc_cmac_final(out, &state) == TC_CRYPTO_FAIL) {
+		return -EIO;
+	}
+
+	return 0;
+}

subsys/bluetooth/host/CMakeLists.txt

@@ -31,10 +31,13 @@ if(CONFIG_BT_HCI_HOST)
     CONFIG_BT_OBSERVER
     scan.c
     )
-  zephyr_library_sources_ifdef(
-    CONFIG_BT_HOST_CRYPTO
-    crypto.c
-    )
+
+  if(CONFIG_BT_USE_PSA_API)
+    zephyr_library_sources_ifdef(CONFIG_BT_HOST_CRYPTO    crypto_psa.c)
+  else()
+    zephyr_library_sources_ifdef(CONFIG_BT_HOST_CRYPTO    crypto_tc.c)
+  endif()
+
   zephyr_library_sources_ifdef(
     CONFIG_BT_ECC
     ecc.c
@@ -108,6 +111,13 @@ if(CONFIG_BT_CONN_DISABLE_SECURITY)
     )
 endif()
 
+if(CONFIG_BT_USE_PSA_API)
+    zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS)
+    zephyr_library_include_directories_ifdef(CONFIG_BUILD_WITH_TFM
+      $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/api_ns/interface/include
+    )
+endif()
+
 # Bluetooth Mesh has test dependencies in the host.
 # In order to compile Bsim tests with these test features
 # and PSA enabled, the libraries must be linked.

subsys/bluetooth/host/Kconfig

@@ -139,18 +139,19 @@ rsource "../audio/Kconfig"
 config BT_HOST_CRYPTO
 	bool "Use crypto functionality implemented in the Bluetooth host"
 	default y if !BT_CTLR_CRYPTO
-	select TINYCRYPT
-	select TINYCRYPT_AES
+	select TINYCRYPT if !BT_USE_PSA_API
+	select TINYCRYPT_AES if !BT_USE_PSA_API
+	select PSA_WANT_KEY_TYPE_AES if BT_USE_PSA_API
 	help
 	  The option adds the AES encryption support using TinyCrypt
 	  library if this is not provided by the controller implementation.
 
 config BT_HOST_CRYPTO_PRNG
 	bool "Use Tinycrypt library for random number generation"
 	default y
-	select TINYCRYPT_SHA256
-	select TINYCRYPT_SHA256_HMAC
-	select TINYCRYPT_SHA256_HMAC_PRNG
+	select TINYCRYPT_SHA256 if !BT_USE_PSA_API
+	select TINYCRYPT_SHA256_HMAC if !BT_USE_PSA_API
+	select TINYCRYPT_SHA256_HMAC_PRNG if !BT_USE_PSA_API
 	depends on BT_HOST_CRYPTO
 	help
 	  When selected, will use tinycrypt library for random number generation.

subsys/bluetooth/host/Kconfig.gatt

@@ -107,9 +107,11 @@ config BT_GATT_CACHING
 	bool "GATT Caching support"
 	default y
 	depends on BT_GATT_SERVICE_CHANGED
-	select TINYCRYPT
-	select TINYCRYPT_AES
-	select TINYCRYPT_AES_CMAC
+	select TINYCRYPT if !BT_USE_PSA_API
+	select TINYCRYPT_AES if !BT_USE_PSA_API
+	select TINYCRYPT_AES_CMAC if !BT_USE_PSA_API
+	select PSA_WANT_KEY_TYPE_AES if BT_USE_PSA_API
+	select PSA_WANT_ALG_CMAC if BT_USE_PSA_API
 	help
 	  This option enables support for GATT Caching. When enabled the stack
 	  will register Client Supported Features and Database Hash