bluetooth: mesh: remove tinycrypt support

Tinycrypt support deprecated in Zephyr 4.0 release.
Time to remove it.

Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>

include/zephyr/bluetooth/mesh/keys.h

@@ -12,34 +12,18 @@
 #define ZEPHYR_INCLUDE_BLUETOOTH_MESH_KEYS_H_
 
 #include <stdint.h>
-#if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA || defined CONFIG_BT_MESH_USES_TFM_PSA
 #include <psa/crypto.h>
-#endif
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-#if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA || defined CONFIG_BT_MESH_USES_TFM_PSA
-
 /** The structure that keeps representation of key. */
 struct bt_mesh_key {
 	/** PSA key representation is the PSA key identifier. */
 	psa_key_id_t key;
 };
 
-#elif defined CONFIG_BT_MESH_USES_TINYCRYPT
-
-/** The structure that keeps representation of key. */
-struct bt_mesh_key {
-	/** tinycrypt key representation is the pure key value. */
-	uint8_t key[16];
-};
-
-#else
-#error "Crypto library has not been chosen"
-#endif
-
 #ifdef __cplusplus
 }
 #endif

subsys/bluetooth/mesh/CMakeLists.txt

@@ -13,6 +13,7 @@ zephyr_library_sources_ifdef(CONFIG_BT_MESH
     app_keys.c
     heartbeat.c
     crypto.c
+    crypto_psa.c
     access.c
     msg.c
     cfg_srv.c
@@ -123,12 +124,6 @@ zephyr_library_sources_ifdef(CONFIG_BT_MESH_STATISTIC statistic.c)
 
 zephyr_library_sources_ifdef(CONFIG_BT_MESH_ACCESS_DELAYABLE_MSG delayable_msg.c)
 
-if (CONFIG_BT_MESH_USES_TINYCRYPT)
-    zephyr_library_sources(crypto_tc.c)
-else()
-    zephyr_library_sources(crypto_psa.c)
-endif()
-
 zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS)
 
 zephyr_library_include_directories_ifdef(CONFIG_BUILD_WITH_TFM

subsys/bluetooth/mesh/Kconfig

@@ -1494,19 +1494,6 @@ choice BT_MESH_CRYPTO_LIB
 	help
 	  Crypto library selection for mesh security.
 
-config BT_MESH_USES_TINYCRYPT
-	bool "TinyCrypt [DEPRECATED]"
-	select DEPRECATED
-	select TINYCRYPT
-	select TINYCRYPT_AES
-	select TINYCRYPT_AES_CMAC
-	select TINYCRYPT_ECC_DH
-	select TINYCRYPT_SHA256
-	select TINYCRYPT_SHA256_HMAC
-	select BT_HOST_CCM
-	help
-	  Use TinyCrypt library to perform crypto operations.
-
 config BT_MESH_USES_MBEDTLS_PSA
 	bool "mbed TLS PSA"
 	select MBEDTLS

subsys/bluetooth/mesh/crypto_tc.c

@@ -1,156 +0,0 @@
-/*
- * Copyright (c) 2017 Intel Corporation
- * Copyright (c) 2023 Nordic Semiconductor ASA
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-#include <errno.h>
-
-#include <tinycrypt/constants.h>
-#include <tinycrypt/utils.h>
-#include <tinycrypt/aes.h>
-#include <tinycrypt/cmac_mode.h>
-#include <tinycrypt/ccm_mode.h>
-#include <tinycrypt/ecc.h>
-#include <tinycrypt/ecc_dh.h>
-#include <tinycrypt/hmac.h>
-
-#include <zephyr/bluetooth/mesh.h>
-#include <zephyr/bluetooth/crypto.h>
-
-#define LOG_LEVEL CONFIG_BT_MESH_CRYPTO_LOG_LEVEL
-#include <zephyr/logging/log.h>
-LOG_MODULE_REGISTER(bt_mesh_crypto_tc);
-
-#include "mesh.h"
-#include "crypto.h"
-#include "prov.h"
-
-static struct {
-	bool is_ready;
-	uint8_t private_key_be[PRIV_KEY_SIZE];
-	uint8_t public_key_be[PUB_KEY_SIZE];
-} dh_pair;
-
-int bt_mesh_encrypt(const struct bt_mesh_key *key, const uint8_t plaintext[16],
-		    uint8_t enc_data[16])
-{
-	return bt_encrypt_be(key->key, plaintext, enc_data);
-}
-
-int bt_mesh_ccm_encrypt(const struct bt_mesh_key *key, uint8_t nonce[13], const uint8_t *plaintext,
-			size_t len, const uint8_t *aad, size_t aad_len, uint8_t *enc_data,
-			size_t mic_size)
-{
-	return bt_ccm_encrypt(key->key, nonce, plaintext, len, aad, aad_len, enc_data, mic_size);
-}
-
-int bt_mesh_ccm_decrypt(const struct bt_mesh_key *key, uint8_t nonce[13], const uint8_t *enc_data,
-			size_t len, const uint8_t *aad, size_t aad_len, uint8_t *plaintext,
-			size_t mic_size)
-{
-	return bt_ccm_decrypt(key->key, nonce, enc_data, len, aad, aad_len, plaintext, mic_size);
-}
-
-int bt_mesh_aes_cmac_raw_key(const uint8_t key[16], struct bt_mesh_sg *sg, size_t sg_len,
-			     uint8_t mac[16])
-{
-	struct tc_aes_key_sched_struct sched;
-	struct tc_cmac_struct state;
-
-	if (tc_cmac_setup(&state, key, &sched) == TC_CRYPTO_FAIL) {
-		return -EIO;
-	}
-
-	for (; sg_len; sg_len--, sg++) {
-		if (tc_cmac_update(&state, sg->data, sg->len) == TC_CRYPTO_FAIL) {
-			return -EIO;
-		}
-	}
-
-	if (tc_cmac_final(mac, &state) == TC_CRYPTO_FAIL) {
-		return -EIO;
-	}
-
-	return 0;
-}
-
-int bt_mesh_aes_cmac_mesh_key(const struct bt_mesh_key *key, struct bt_mesh_sg *sg,
-			size_t sg_len, uint8_t mac[16])
-{
-	return bt_mesh_aes_cmac_raw_key(key->key, sg, sg_len, mac);
-}
-
-int bt_mesh_sha256_hmac_raw_key(const uint8_t key[32], struct bt_mesh_sg *sg, size_t sg_len,
-				uint8_t mac[32])
-{
-	struct tc_hmac_state_struct h;
-
-	if (tc_hmac_set_key(&h, key, 32) == TC_CRYPTO_FAIL) {
-		return -EIO;
-	}
-
-	if (tc_hmac_init(&h) == TC_CRYPTO_FAIL) {
-		return -EIO;
-	}
-
-	for (; sg_len; sg_len--, sg++) {
-		if (tc_hmac_update(&h, sg->data, sg->len) == TC_CRYPTO_FAIL) {
-			return -EIO;
-		}
-	}
-
-	if (tc_hmac_final(mac, 32, &h) == TC_CRYPTO_FAIL) {
-		return -EIO;
-	}
-
-	return 0;
-}
-
-int bt_mesh_pub_key_gen(void)
-{
-	int rc = uECC_make_key(dh_pair.public_key_be,
-			       dh_pair.private_key_be,
-			       &curve_secp256r1);
-
-	if (rc == TC_CRYPTO_FAIL) {
-		dh_pair.is_ready = false;
-		LOG_ERR("Failed to create public/private pair");
-		return -EIO;
-	}
-
-	dh_pair.is_ready = true;
-
-	return 0;
-}
-
-const uint8_t *bt_mesh_pub_key_get(void)
-{
-	return dh_pair.is_ready ? dh_pair.public_key_be : NULL;
-}
-
-int bt_mesh_dhkey_gen(const uint8_t *pub_key, const uint8_t *priv_key, uint8_t *dhkey)
-{
-	if (uECC_valid_public_key(pub_key, &curve_secp256r1)) {
-		LOG_ERR("Public key is not valid");
-		return -EIO;
-	} else if (uECC_shared_secret(pub_key, priv_key ? priv_key :
-							  dh_pair.private_key_be,
-				      dhkey, &curve_secp256r1) != TC_CRYPTO_SUCCESS) {
-		LOG_ERR("DHKey generation failed");
-		return -EIO;
-	}
-
-	return 0;
-}
-
-__weak int default_CSPRNG(uint8_t *dst, unsigned int len)
-{
-	return !bt_rand(dst, len);
-}
-
-int bt_mesh_crypto_init(void)
-{
-	return 0;
-}

subsys/bluetooth/mesh/keys.h

@@ -13,42 +13,8 @@ enum bt_mesh_key_type {
 	BT_MESH_KEY_TYPE_DEV
 };
 
-#if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA || defined CONFIG_BT_MESH_USES_TFM_PSA
-
 int bt_mesh_key_import(enum bt_mesh_key_type type, const uint8_t in[16], struct bt_mesh_key *out);
 int bt_mesh_key_export(uint8_t out[16], const struct bt_mesh_key *in);
 void bt_mesh_key_assign(struct bt_mesh_key *dst, const struct bt_mesh_key *src);
 int bt_mesh_key_destroy(const struct bt_mesh_key *key);
 int bt_mesh_key_compare(const uint8_t raw_key[16], const struct bt_mesh_key *mesh_key);
-
-#elif defined CONFIG_BT_MESH_USES_TINYCRYPT
-
-static inline int bt_mesh_key_import(enum bt_mesh_key_type type, const uint8_t in[16],
-				     struct bt_mesh_key *out)
-{
-	memcpy(out, in, 16);
-	return 0;
-}
-
-static inline int bt_mesh_key_export(uint8_t out[16], const struct bt_mesh_key *in)
-{
-	memcpy(out, in, 16);
-	return 0;
-}
-
-static inline void bt_mesh_key_assign(struct bt_mesh_key *dst, const struct bt_mesh_key *src)
-{
-	memcpy(dst, src, sizeof(struct bt_mesh_key));
-}
-
-static inline int bt_mesh_key_destroy(const struct bt_mesh_key *key)
-{
-	return 0;
-}
-
-static inline int bt_mesh_key_compare(const uint8_t raw_key[16], const struct bt_mesh_key *mesh_key)
-{
-	return memcmp(mesh_key, raw_key, 16);
-}
-
-#endif