TinyCrypt deprecation - library's usage removal part 2 (bluetooth) #79931
Conversation
valeriosetti
force-pushed
the
deprecate-tinycrypt-part2
branch
5 times, most recently
from
9f3f671
to
98b97ea
Compare
valeriosetti
force-pushed
the
deprecate-tinycrypt-part2
branch
5 times, most recently
from
946f924
to
c9cf39d
Compare
|
Any chance this will be ready for Zephyr 4.0? |
As far as I know codefreeze is today for 4.0 and I still need to resolve some failures in this PR + it also depends on 2 other PRs which should be merged before this one. I'm sorry but I think the answer is "no" |
valeriosetti
force-pushed
the
deprecate-tinycrypt-part2
branch
6 times, most recently
from
cf8d840
to
91c5e79
Compare
|
@valeriosetti , do we need both Part 1 and Part 2 to be merged into 4.0. |
The challenge as I see it is this part from https://docs.zephyrproject.org/latest/develop/api/api_lifecycle.html#deprecated
Which means that we can't make a release and still have code in the upstream tree using a deprecated API. |
While part 1 is ready to be merged, part 2 absolutely not:
That's what I thought at the beginning of this activity as well, but then I've been asked to keep the following support for TinyCrypt in the codebase for at least the next 2 releases:
I'm not an expert of BT, but based on the number of changes I've done so far in this PR to make the CI happy, it seems that BT is way more affected by TinyCrypt removal than other subsystems. So I agree with @alxelax that giving the user some time to deal with TinyCrypt deprecation wouldn't be that bad. But this is my feeling, of course, so I'll be glad to hear what's reviewers opinion about this :) |
This reverts commit 5e225e0. Based on zephyrproject-rtos#79931 and TSC discussions, it was decided that TinyCrypt will be deprecated *AFTER* 4.0. Signed-off-by: Flavio Ceolin <[email protected]>
This reverts commit 5e225e0. Based on #79931 and TSC discussions, it was decided that TinyCrypt will be deprecated *AFTER* 4.0. Signed-off-by: Flavio Ceolin <[email protected]>
valeriosetti
force-pushed
the
deprecate-tinycrypt-part2
branch
from
35b67a7
to
fd833a9
Compare
| /* Do not wait for BT to be ready (i.e. bt_is_ready()) before issueing | ||
| * the command. The reason is that when crypto is enabled and the PSA | ||
| * Crypto API support is provided through Mbed TLS, random number generator | ||
| * needs to be available since the very first call to psa_crypto_init() | ||
| * which is usually done before BT is completely initialized. | ||
| * On the other hand, in devices like the nrf5340, the crytographically | ||
| * secure RNG is owned by the cpu_net, so the cpu_app needs to poll it | ||
| * to get random data. Again, there is no need to wait for BT to be | ||
| * completely initialized for this kind of support. Just try to send the | ||
| * request through HCI. If the command fails for any reason, then | ||
| * we return failure anyway. | ||
| */ |
There was a problem hiding this comment.
As the return value could be different, we need API documentation change?
There was a problem hiding this comment.
Right! I didn't thought about this because I was using this through the random_entropy_device.c (which always returns -EIO in case of failures), but there might be users directly calling this driver, so a documentation update would be really nice indeed. Thanks
There was a problem hiding this comment.
I added the documentation to the migration-guide-4.0 document. I know it's not the right place because this won't be part of 4.0, but in the current status of the PR there's no 4.1 version of that document yet and rebasing the PR is a bit too much IMO just for this change. I will move the documentation to the proper document once
I can finalize the PR (i.e. solving all the issues with the CI).
valeriosetti
force-pushed
the
deprecate-tinycrypt-part2
branch
5 times, most recently
from
f4fa771
to
caf9d9e
Compare
Comment out some AC failing test cases". The reason seems to be related to some timing issue, but it has not be correctly identified yet. We comment them out for the sake of not delaying upcoming PRs. They will be re-enabled once the proper solution is found. Signed-off-by: Valerio Setti <[email protected]>
Include Mbed TLS headers to the build system. This is required because these tests do not follow the "standard build pattern" of Mbed TLS in Zephyr, otherwise include files would be already available after the library has been linked. In these examples some BT source files and Kconfigs are manually added to the CmakeLists.txt file bypassing the standard library build pattern, so Mbed TLS headers must also be added manually. Signed-off-by: Valerio Setti <[email protected]>
Increase the number of key slots in the PSA Crypto core for some tests using more keys than the default (16). Signed-off-by: Valerio Setti <[email protected]>
valeriosetti
force-pushed
the
deprecate-tinycrypt-part2
branch
4 times, most recently
from
df27a53
to
858b206
Compare
Moving from TinyCrypt to PSA Crypto API caused an entropy source to be always required, so this commit adds it in tests where necessary. Signed-off-by: Valerio Setti <[email protected]>
BT uses PSA Crypto API to perform crypto operations and, on this platform, these APIs are implemented through Mbed TLS. In order to properly initialize this library, a random number generator is required. Since this platform does not have a true random number generator, we enable the test one. This holds only when BT is enabled, of course. Signed-off-by: Valerio Setti <[email protected]>
The tests were using the default of 1 which is very low, especially when we might have multiple RX streams. Signed-off-by: Emil Gydesen <[email protected]>
On platforms like nrf5340 there are 2 CPUs: - one is the cpu_net which takes care of the radio stuff and owns the HW random generator - one is the cpu_app which holds application data and polls cpu_net through HCI commands when it needs some random data. The PSA core implemented in Mbed TLS needs random data at initialization time, which happens early in the boot process. If we wait for BT to be ready before issuing the HCI command, then PSA core intialization will fail. In facts there is no need for the BT to be completely initialized just to ask for some random data from the cpu_app to the cpu_net since the HW random generator will likely be already functional in the cpu_net. So let's just try the HCI command and, if something is not right, it will fail anyway. There's no need to anticipate the failure. Signed-off-by: Valerio Setti <[email protected]>
This fixes ISO failures in babble sim. This commit will be removed once PR 80788 is merged and this PR will be rebased on main. Signed-off-by: Valerio Setti <[email protected]>
On the native_sim platform, BT relies on Mbed TLS to implement PSA Crypto API. This library requires a valid entropy source to initialize properly. Therefore we enable ENTROPY_GENERATOR at board level instead of editing _all_ the samples/tests configuration files to make a more compact change. Signed-off-by: Valerio Setti <[email protected]>
Increase test and main stack sizes for the qemu_cortex_m3 platform in order to be able to successfully run the test. Signed-off-by: Valerio Setti <[email protected]>
Moving from TinyCrypt to PSA Crypto API caused failures in the cpu_net build due to RAM being overflowed. It turned out that 8192 bytes were allocated for system heap memory, but Mbed TLS is the only user of that memory (I found this though puncover) for AES purposes. We reduce that to 1024 bytes because this should be enough for this purpose. Note: albeit this is also a standalone example, it's used extensively in other samples/tests and babblesim, so a failure in building it propagates in a lot of other failures. Signed-off-by: Valerio Setti <[email protected]>
valeriosetti
force-pushed
the
deprecate-tinycrypt-part2
branch
from
858b206
to
d1a2b82
Compare
This is the second step toward the removal of TinyCrypt library usage from the Zephyr's codebase. This is the continuation of #79566 and #79653.
In particular this PR takes care of removing TinyCrypt usage from the bluetooth subsystem.
Important note
Some commits are taken from the following PRs (i.e. this PR depends on):
CONFIG_MBEDTLS_PSA_KEY_SLOT_COUNTto limit the number of key slots in PSA core and therefore reduce RAM footprintnrf5340bsimabout missing ISO buffers to manage incoming data. That's not really mandatory for this PR, but it's still useful when trying to solve problems related to BT by looking at the logsTo be done
tests/bsim/bluetooth/audio/test_scripts/cap_broadcast_ac_14.sh