alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-01-19 11:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(ble/bluedroid): Move the TinyCrypt and mbedTLS configuration items to the bt common path

Browse Source
This commit is contained in:
zhiweijian
2025-12-23 11:30:36 +08:00
parent 2f524b936a
commit 763cd641dc
4 changed files with 45 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
components/bt/common/Kconfig.in
View File

@@ -6,6 +6,43 @@ config BT_ALARM_MAX_NUM
This option decides the maximum number of alarms which
could be used by Bluetooth host.
choice BT_SMP_CRYPTO_STACK
prompt "SMP cryptographic stack"
depends on (BT_BLE_SMP_ENABLE || BT_SMP_ENABLE || BT_NIMBLE_SECURITY_ENABLE)
default BT_SMP_CRYPTO_STACK_NATIVE
help
Select the cryptographic library to use for SMP operations (AES, AES-CMAC, ECDH P-256).
config BT_SMP_CRYPTO_STACK_NATIVE
bool "Native Bluedroid implementation"
depends on (BT_BLE_SMP_ENABLE || BT_SMP_ENABLE)
help
Use the built-in Bluedroid cryptographic implementation.
This provides compatibility with all features.
This option is only available for Bluedroid host.
config BT_SMP_CRYPTO_STACK_TINYCRYPT
bool "TinyCrypt"
help
Use TinyCrypt library for cryptographic operations.
TinyCrypt is a lightweight cryptographic library designed for constrained devices.
This can reduce code size compared to the native implementation.
This is the default option.
config BT_SMP_CRYPTO_STACK_MBEDTLS
bool "mbedTLS"
select MBEDTLS_AES_C
select MBEDTLS_CMAC_C
select MBEDTLS_ECDH_C
select MBEDTLS_ECP_C
select MBEDTLS_ECP_DP_SECP256R1_ENABLED
help
Use mbedTLS library for cryptographic operations.
This can provide hardware acceleration on supported platforms and reduce code size
by sharing crypto implementations with other components.
endchoice
menu "BLE Log"
source "$IDF_PATH/components/bt/common/ble_log/Kconfig.in"
endmenu

37
components/bt/host/bluedroid/Kconfig.in
View File

@@ -406,43 +406,6 @@ config BT_BLE_SMP_BOND_NVS_FLASH
help
This select can save SMP bonding keys to nvs flash
choice BT_SMP_CRYPTO_STACK
prompt "SMP cryptographic stack"
depends on BT_BLE_SMP_ENABLE
default BT_SMP_CRYPTO_STACK_NATIVE
help
Select the cryptographic library to use for SMP operations (AES, AES-CMAC, ECDH P-256).
Note: This option is not compatible with BLE Mesh, as BLE Mesh
uses the native Bluedroid ECC implementation directly.
config BT_SMP_CRYPTO_STACK_NATIVE
bool "Native Bluedroid implementation"
help
Use the built-in Bluedroid cryptographic implementation.
This is the default option and provides compatibility with all features.
config BT_SMP_CRYPTO_STACK_TINYCRYPT
bool "TinyCrypt"
help
Use TinyCrypt library for cryptographic operations.
TinyCrypt is a lightweight cryptographic library designed for constrained devices.
This can reduce code size compared to the native implementation.
config BT_SMP_CRYPTO_STACK_MBEDTLS
bool "mbedTLS"
select MBEDTLS_AES_C
select MBEDTLS_CMAC_C
select MBEDTLS_ECDH_C
select MBEDTLS_ECP_C
select MBEDTLS_ECP_DP_SECP256R1_ENABLED
help
Use mbedTLS library for cryptographic operations.
This can provide hardware acceleration on supported platforms and reduce code size
by sharing crypto implementations with other components.
endchoice
config BT_BLE_RPA_SUPPORTED
bool "Update RPA to Controller"
depends on (BT_BLE_SMP_ENABLE && ((BT_CONTROLLER_ENABLED && !SOC_BLE_DEVICE_PRIVACY_SUPPORTED) || BT_CONTROLLER_DISABLED)) # NOERROR

3
components/bt/host/bluedroid/stack/smp/smp_cmac.c
View File

@@ -346,12 +346,13 @@ BOOLEAN aes_cipher_msg_auth_code(BT_OCTET16 key, UINT8 *input, UINT16 length,
psa_set_key_bits(&key_attributes, 128);
status = psa_import_key(&key_attributes, key_be, BT_OCTET16_LEN, &key_id);
psa_reset_key_attributes(&key_attributes);
if (status != PSA_SUCCESS) {
SMP_TRACE_ERROR("psa_import_key failed: %d", status);
if (input_be) osi_free(input_be);
return FALSE;
}
psa_reset_key_attributes(&key_attributes);
/* Setup MAC operation */
status = psa_mac_sign_setup(&operation, key_id, PSA_ALG_CMAC);

9
components/bt/host/bluedroid/stack/smp/smp_keys.c
View File

@@ -217,12 +217,13 @@ BOOLEAN smp_encrypt_data (UINT8 *key, UINT8 key_len,
psa_set_key_bits(&key_attributes, 128);
status = psa_import_key(&key_attributes, p_rev_key, SMP_ENCRYT_KEY_SIZE, &key_id);
psa_reset_key_attributes(&key_attributes);
if (status != PSA_SUCCESS) {
SMP_TRACE_ERROR("%s psa_import_key failed: %d\n", __func__, status);
osi_free(p_start);
return FALSE;
}
psa_reset_key_attributes(&key_attributes);
status = psa_cipher_encrypt(key_id, PSA_ALG_ECB_NO_PADDING, p_rev_data,
SMP_ENCRYT_DATA_SIZE, p_rev_output, SMP_ENCRYT_DATA_SIZE, &output_len);
@@ -1218,11 +1219,12 @@ void smp_process_private_key(tSMP_CB *p_cb)
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT);
status = psa_import_key(&key_attributes, priv_be, BT_OCTET32_LEN, &key_id);
psa_reset_key_attributes(&key_attributes);
if (status != PSA_SUCCESS) {
SMP_TRACE_ERROR("%s psa_import_key failed: %d\n", __FUNCTION__, status);
goto psa_pubkey_cleanup;
}
psa_reset_key_attributes(&key_attributes);
/* Export public key */
status = psa_export_public_key(key_id, pub_be, sizeof(pub_be), &pub_len);
@@ -1330,11 +1332,12 @@ void smp_compute_dhkey (tSMP_CB *p_cb)
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
status = psa_import_key(&key_attributes, priv_be, BT_OCTET32_LEN, &key_id);
psa_reset_key_attributes(&key_attributes);
if (status != PSA_SUCCESS) {
SMP_TRACE_ERROR("%s psa_import_key failed: %d\n", __FUNCTION__, status);
goto psa_dhkey_cleanup;
}
psa_reset_key_attributes(&key_attributes);
/* Construct peer public key in uncompressed format: 0x04 || X || Y */
peer_pub_be[0] = 0x04;