diff --git a/components/bt/CMakeLists.txt b/components/bt/CMakeLists.txt index 2b8a96363d..d9cae26f12 100644 --- a/components/bt/CMakeLists.txt +++ b/components/bt/CMakeLists.txt @@ -377,9 +377,13 @@ if(CONFIG_BT_ENABLED) host/nimble/nimble/nimble/host/store/ram/include host/nimble/nimble/nimble/host/store/config/include host/nimble/nimble/porting/npl/freertos/include - host/nimble/nimble/ext/tinycrypt/include host/nimble/esp-hci/include) + if(NOT CONFIG_BT_NIMBLE_CRYPTO_STACK_MBEDTLS) + + list(APPEND include_dirs + host/nimble/nimble/ext/tinycrypt/include) + list(APPEND srcs "host/nimble/nimble/ext/tinycrypt/src/utils.c" "host/nimble/nimble/ext/tinycrypt/src/sha256.c" "host/nimble/nimble/ext/tinycrypt/src/ecc.c" @@ -394,8 +398,10 @@ if(CONFIG_BT_ENABLED) "host/nimble/nimble/ext/tinycrypt/src/hmac_prng.c" "host/nimble/nimble/ext/tinycrypt/src/ecc_platform_specific.c" "host/nimble/nimble/ext/tinycrypt/src/hmac.c" - "host/nimble/nimble/ext/tinycrypt/src/cbc_mode.c" - "host/nimble/nimble/nimble/host/util/src/addr.c" + "host/nimble/nimble/ext/tinycrypt/src/cbc_mode.c") + endif() + + list(APPEND srcs "host/nimble/nimble/nimble/host/util/src/addr.c" "host/nimble/nimble/nimble/host/services/gatt/src/ble_svc_gatt.c" "host/nimble/nimble/nimble/host/services/tps/src/ble_svc_tps.c" "host/nimble/nimble/nimble/host/services/ias/src/ble_svc_ias.c" diff --git a/components/bt/component.mk b/components/bt/component.mk index 7fa74dcf03..da70ea45a1 100644 --- a/components/bt/component.mk +++ b/components/bt/component.mk @@ -148,11 +148,12 @@ ifdef CONFIG_BLE_MESH esp_ble_mesh/mesh_models/common \ esp_ble_mesh/mesh_models/client \ esp_ble_mesh/api/core \ - esp_ble_mesh/api/models + esp_ble_mesh/api/models endif ifdef CONFIG_BT_NIMBLE_ENABLED + COMPONENT_ADD_INCLUDEDIRS += host/nimble/nimble/nimble/include \ host/nimble/nimble/nimble/host/include \ host/nimble/nimble/porting/nimble/include \ @@ -167,14 +168,16 @@ COMPONENT_ADD_INCLUDEDIRS += host/nimble/nimble/nimble/include host/nimble/nimble/nimble/host/util/include \ host/nimble/nimble/nimble/host/store/ram/include \ host/nimble/nimble/nimble/host/store/config/include \ - host/nimble/nimble/ext/tinycrypt/include \ host/nimble/esp-hci/include \ host/nimble/port/include +ifndef CONFIG_BT_NIMBLE_CRYPTO_STACK_MBEDTLS +COMPONENT_ADD_INCLUDEDIRS += host/nimble/nimble/ext/tinycrypt/include +endif + COMPONENT_SRCDIRS += host/nimble/nimble/nimble/host/src \ host/nimble/nimble/porting/nimble/src \ host/nimble/nimble/porting/npl/freertos/src \ - host/nimble/nimble/ext/tinycrypt/src \ host/nimble/nimble/nimble/host/services/ans/src \ host/nimble/nimble/nimble/host/services/bas/src \ host/nimble/nimble/nimble/host/services/gap/src \ @@ -187,6 +190,10 @@ COMPONENT_SRCDIRS += host/nimble/nimble/nimble/host/src host/nimble/nimble/nimble/host/store/config/src \ host/nimble/esp-hci/src +ifndef CONFIG_BT_NIMBLE_CRYPTO_STACK_MBEDTLS +COMPONENT_SRCDIRS += host/nimble/nimble/ext/tinycrypt/src +endif + COMPONENT_OBJEXCLUDE += host/nimble/nimble/nimble/host/store/config/src/ble_store_config_conf.o ifdef CONFIG_BT_NIMBLE_MESH diff --git a/components/bt/host/nimble/Kconfig.in b/components/bt/host/nimble/Kconfig.in index acf34a73f2..edc77f7e8a 100644 --- a/components/bt/host/nimble/Kconfig.in +++ b/components/bt/host/nimble/Kconfig.in @@ -99,11 +99,11 @@ config BT_NIMBLE_SM_SC Enable security manager secure connections config BT_NIMBLE_DEBUG - bool "Enable host debugging" + bool "Enable extra runtime asserts and host debugging" default n depends on BT_NIMBLE_ENABLED help - This enables extra runtime assertions + This enables extra runtime asserts and host debugging config BT_NIMBLE_SVC_GAP_DEVICE_NAME string "BLE GAP default device name" @@ -257,3 +257,12 @@ config BT_NIMBLE_MESH_DEVICE_NAME help This value defines Bluetooth Mesh device/node name +config BT_NIMBLE_CRYPTO_STACK_MBEDTLS + bool "Override TinyCrypt with mbedTLS for crypto computations" + default y + depends on BT_NIMBLE_ENABLED + select MBEDTLS_ECP_RESTARTABLE + select MBEDTLS_CMAC_C + help + Enable this option to choose mbedTLS instead of TinyCrypt for crypto + computations. diff --git a/components/bt/host/nimble/nimble b/components/bt/host/nimble/nimble index adcd940869..6c91a9a153 160000 --- a/components/bt/host/nimble/nimble +++ b/components/bt/host/nimble/nimble @@ -1 +1 @@ -Subproject commit adcd9408695cb4f873f117eb8c92007455b2c066 +Subproject commit 6c91a9a153c421231b686d30c822e53fea7510c0 diff --git a/components/bt/host/nimble/port/include/esp_nimble_cfg.h b/components/bt/host/nimble/port/include/esp_nimble_cfg.h index 7b9da75217..c0b329c465 100644 --- a/components/bt/host/nimble/port/include/esp_nimble_cfg.h +++ b/components/bt/host/nimble/port/include/esp_nimble_cfg.h @@ -567,6 +567,10 @@ #define MYNEWT_VAL_BLE_SM_THEIR_KEY_DIST (0) #endif +#ifndef MYNEWT_VAL_BLE_CRYPTO_STACK_MBEDTLS +#define MYNEWT_VAL_BLE_CRYPTO_STACK_MBEDTLS (CONFIG_BT_NIMBLE_CRYPTO_STACK_MBEDTLS) +#endif + #ifndef MYNEWT_VAL_BLE_STORE_MAX_BONDS #define MYNEWT_VAL_BLE_STORE_MAX_BONDS CONFIG_BT_NIMBLE_MAX_BONDS #endif diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index a9e7983bd2..89bfa9abe5 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -116,6 +116,19 @@ menu "mbedTLS" default 3 if MBEDTLS_DEBUG_LEVEL_DEBUG default 4 if MBEDTLS_DEBUG_LEVEL_VERBOSE + config MBEDTLS_ECP_RESTARTABLE + bool "Enable mbedTLS ecp restartable" + default n + help + Enable "non-blocking" ECC operations that can return early and be resumed. + + config MBEDTLS_CMAC_C + bool "Enable CMAC mode for block ciphers" + default n + help + Enable the CMAC (Cipher-based Message Authentication Code) mode for + block ciphers. + config MBEDTLS_HARDWARE_AES bool "Enable hardware AES acceleration" default y diff --git a/components/mbedtls/mbedtls b/components/mbedtls/mbedtls index 97959e7791..f5f2e5926c 160000 --- a/components/mbedtls/mbedtls +++ b/components/mbedtls/mbedtls @@ -1 +1 @@ -Subproject commit 97959e77912524bd8db7cbb2e00fc9f6189f7a82 +Subproject commit f5f2e5926cd294ae7cb579ff6a12ad9303caeb6e diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index bdb9bf61a7..d971ab8db4 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -218,7 +218,7 @@ /** * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES & MBEDTLS_ARC4_C - * + * * MBEDTLS_ARC4_C * Enable the ARCFOUR stream cipher. * @@ -253,6 +253,47 @@ #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES #endif +/** + * \def MBEDTLS_ECP_RESTARTABLE + * + * Enable "non-blocking" ECC operations that can return early and be resumed. + * + * This allows various functions to pause by returning + * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module, + * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in + * order to further progress and eventually complete their operation. This is + * controlled through mbedtls_ecp_set_max_ops() which limits the maximum + * number of ECC operations a function may perform before pausing; see + * mbedtls_ecp_set_max_ops() for more information. + * + * This is useful in non-threaded environments if you want to avoid blocking + * for too long on ECC (and, hence, X.509 or SSL/TLS) operations. + * + * Uncomment this macro to enable restartable ECC computations. + * + * \note This option only works with the default software implementation of + * elliptic curve functionality. It is incompatible with + * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT and MBEDTLS_ECDSA_XXX_ALT. + */ +#ifdef CONFIG_MBEDTLS_ECP_RESTARTABLE +#define MBEDTLS_ECP_RESTARTABLE +#endif + +/** + * \def MBEDTLS_CMAC_C + * + * Enable the CMAC (Cipher-based Message Authentication Code) mode for block + * ciphers. + * + * Module: library/cmac.c + * + * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C + * + */ +#ifdef CONFIG_MBEDTLS_CMAC_C +#define MBEDTLS_CMAC_C +#endif + /** * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED * diff --git a/examples/bluetooth/nimble/blemesh/main/app_mesh.c b/examples/bluetooth/nimble/blemesh/main/app_mesh.c index 82dde7ec29..e70f11ff5a 100644 --- a/examples/bluetooth/nimble/blemesh/main/app_mesh.c +++ b/examples/bluetooth/nimble/blemesh/main/app_mesh.c @@ -32,7 +32,7 @@ #include "mesh/mesh.h" static const char *tag = "NimBLE_MESH"; -void ble_store_ram_init(void); +void ble_store_config_init(void); #define BT_DBG_ENABLED (MYNEWT_VAL(BLE_MESH_DEBUG)) @@ -418,6 +418,7 @@ void blemesh_host_task(void *param) health_pub_init(); nimble_port_run(); + nimble_port_freertos_deinit(); } void app_main(void) @@ -438,7 +439,7 @@ void app_main(void) bt_mesh_register_gatt(); /* XXX Need to have template for store */ - ble_store_ram_init(); + ble_store_config_init(); nimble_port_freertos_init(blemesh_host_task); }