Bluetooth: Host: Remove HCI ECC emulation

doc/releases/migration-guide-4.1.rst

@@ -408,6 +408,9 @@ Bluetooth Host
   makes a device vulnerable for downgrade attacks. If an application still needs to use LE legacy
   pairing, it should disable :kconfig:option:`CONFIG_BT_SMP_SC_PAIR_ONLY` manually.
 
+* The prompt for :kconfig:option:`CONFIG_BT_ECC` has been removed, since it only offers an internal
+  API, meaning internal users should explicitly select it in their respective Kconfig options.
+
 Bluetooth Crypto
 ================
 

doc/releases/release-notes-4.1.rst

@@ -96,6 +96,9 @@ Bluetooth
   * :kconfig:option:`CONFIG_BT_BUF_ACL_RX_COUNT` has been deprecated and
     :kconfig:option:`CONFIG_BT_BUF_ACL_RX_COUNT_EXTRA` has been added.
 
+  * The ECDH HCI command/event emulation layer has been removed, meaning the host will now always
+    do direct calls to PSA to perform these operations.
+
 * HCI Drivers
 
 * Mesh

samples/bluetooth/bap_broadcast_assistant/prj.conf

@@ -10,8 +10,6 @@ CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_CTLR_SCAN_DATA_LEN_MAX=191
 
-CONFIG_BT_SEND_ECC_EMULATION=y
-
 CONFIG_BT_EXT_ADV=y
 CONFIG_BT_PER_ADV_SYNC=y
 CONFIG_BT_BAP_BASS_MAX_SUBGROUPS=2

samples/bluetooth/bap_broadcast_sink/prj.conf

@@ -25,5 +25,3 @@ CONFIG_BT_AUDIO_CODEC_CAP_MAX_METADATA_SIZE=64
 CONFIG_BT_AUDIO_CODEC_CAP_MAX_DATA_SIZE=64
 
 CONFIG_BT_DEVICE_NAME="Broadcast Audio Sink"
-
-CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/bap_unicast_client/boards/native_sim.conf

@@ -1,5 +1,4 @@
 CONFIG_LOG_MODE_IMMEDIATE=y
-CONFIG_BT_SEND_ECC_EMULATION=y
 
 CONFIG_LIBLC3=y
 CONFIG_FPU=y

samples/bluetooth/bap_unicast_client/boards/nrf5340_audio_dk_nrf5340_cpuapp.conf

@@ -9,5 +9,3 @@ CONFIG_BT_BUF_EVT_RX_SIZE=255
 CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
-
-CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/bap_unicast_client/boards/nrf5340bsim_nrf5340_cpuapp.conf

@@ -6,5 +6,3 @@ CONFIG_BT_BUF_EVT_RX_SIZE=255
 CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
-
-CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/bap_unicast_client/boards/nrf5340dk_nrf5340_cpuapp.conf

@@ -9,5 +9,3 @@ CONFIG_BT_BUF_EVT_RX_SIZE=255
 CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
-
-CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/bap_unicast_server/boards/native_sim.conf

@@ -1,5 +1,4 @@
 CONFIG_LOG_MODE_IMMEDIATE=y
-CONFIG_BT_SEND_ECC_EMULATION=y
 
 CONFIG_LIBLC3=y
 CONFIG_FPU=y

samples/bluetooth/bap_unicast_server/boards/nrf5340_audio_dk_nrf5340_cpuapp.conf

@@ -6,5 +6,3 @@ CONFIG_BT_BUF_EVT_RX_SIZE=255
 CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
-
-CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/bap_unicast_server/boards/nrf5340bsim_nrf5340_cpuapp.conf

@@ -6,5 +6,3 @@ CONFIG_BT_BUF_EVT_RX_SIZE=255
 CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
-
-CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/bap_unicast_server/boards/nrf5340dk_nrf5340_cpuapp.conf

@@ -9,5 +9,3 @@ CONFIG_BT_BUF_EVT_RX_SIZE=255
 CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
-
-CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/cap_acceptor/boards/nrf5340_audio_dk_nrf5340_cpuapp.conf

@@ -2,5 +2,3 @@ CONFIG_BT_BUF_EVT_RX_SIZE=255
 CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
-
-CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/cap_acceptor/boards/nrf5340dk_nrf5340_cpuapp.conf

@@ -2,5 +2,3 @@ CONFIG_BT_BUF_EVT_RX_SIZE=255
 CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
-
-CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/cap_initiator/boards/nrf5340_audio_dk_nrf5340_cpuapp.conf

@@ -2,5 +2,3 @@ CONFIG_BT_BUF_EVT_RX_SIZE=255
 CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
-
-CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/cap_initiator/boards/nrf5340dk_nrf5340_cpuapp.conf

@@ -2,5 +2,3 @@ CONFIG_BT_BUF_EVT_RX_SIZE=255
 CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
-
-CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/ccp_call_control_server/boards/nrf5340_audio_dk_nrf5340_cpuapp.conf

@@ -2,5 +2,3 @@ CONFIG_BT_BUF_EVT_RX_SIZE=255
 CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
-
-CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/ccp_call_control_server/boards/nrf5340dk_nrf5340_cpuapp.conf

@@ -2,5 +2,3 @@ CONFIG_BT_BUF_EVT_RX_SIZE=255
 CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_CMD_TX_SIZE=255
-
-CONFIG_BT_SEND_ECC_EMULATION=y

samples/bluetooth/hap_ha/boards/native_sim.conf

@@ -1,5 +1,4 @@
 CONFIG_LOG_MODE_IMMEDIATE=y
-CONFIG_BT_SEND_ECC_EMULATION=y
 
 # For LE-audio at 10ms intervals we need the tick counter to occur more frequently
 # than every 10 ms as each PDU for some reason takes 2 ticks to process.

samples/bluetooth/hci_spi/prj.conf

@@ -5,7 +5,6 @@ CONFIG_MAIN_STACK_SIZE=512
 CONFIG_BT=y
 CONFIG_BT_HCI_RAW=y
 CONFIG_BT_MAX_CONN=16
-CONFIG_BT_SEND_ECC_EMULATION=n
 
 # Workaround: Unable to allocate command buffer when using K_NO_WAIT since
 # Host number of completed commands does not follow normal flow control.

samples/bluetooth/hci_uart/prj.conf

@@ -13,7 +13,6 @@ CONFIG_BT_BUF_CMD_TX_SIZE=255
 CONFIG_BT_BUF_EVT_DISCARDABLE_SIZE=255
 CONFIG_BT_CTLR_ASSERT_HANDLER=y
 CONFIG_BT_MAX_CONN=16
-CONFIG_BT_SEND_ECC_EMULATION=n
 CONFIG_BT_CTLR_DTM_HCI=y
 
 CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=512

samples/bluetooth/hci_uart_3wire/prj.conf

@@ -12,7 +12,6 @@ CONFIG_BT_BUF_ACL_RX_SIZE=255
 CONFIG_BT_BUF_CMD_TX_SIZE=255
 CONFIG_BT_BUF_EVT_DISCARDABLE_SIZE=255
 CONFIG_BT_MAX_CONN=16
-CONFIG_BT_SEND_ECC_EMULATION=n
 CONFIG_BT_CTLR_DTM_HCI=y
 
 CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=512

samples/bluetooth/peripheral_sc_only/prj.conf

@@ -7,6 +7,5 @@ CONFIG_LOG=y
 CONFIG_BT_PERIPHERAL=y
 CONFIG_BT_SMP=y
 CONFIG_BT_SMP_SC_ONLY=y
-CONFIG_BT_SEND_ECC_EMULATION=y
 CONFIG_BT_MAX_PAIRED=2
 CONFIG_BT_DEVICE_NAME="SC only peripheral"

samples/bluetooth/tmap_bmr/boards/native_posix.conf

@@ -1,5 +1,4 @@
 CONFIG_LOG_MODE_IMMEDIATE=y
-CONFIG_BT_SEND_ECC_EMULATION=y
 
 CONFIG_LIBLC3=y
 CONFIG_FPU=y

samples/bluetooth/tmap_bmr/boards/native_sim.conf

@@ -1,5 +1,4 @@
 CONFIG_LOG_MODE_IMMEDIATE=y
-CONFIG_BT_SEND_ECC_EMULATION=y
 
 CONFIG_LIBLC3=y
 CONFIG_FPU=y

samples/bluetooth/tmap_bms/boards/native_posix.conf

@@ -1,5 +1,4 @@
 CONFIG_LOG_MODE_IMMEDIATE=y
-CONFIG_BT_SEND_ECC_EMULATION=y
 
 CONFIG_LIBLC3=y
 CONFIG_FPU=y

samples/bluetooth/tmap_bms/boards/native_sim.conf

@@ -1,5 +1,4 @@
 CONFIG_LOG_MODE_IMMEDIATE=y
-CONFIG_BT_SEND_ECC_EMULATION=y
 
 CONFIG_LIBLC3=y
 CONFIG_FPU=y

samples/bluetooth/tmap_central/boards/native_posix.conf

@@ -1,5 +1,4 @@
 CONFIG_LOG_MODE_IMMEDIATE=y
-CONFIG_BT_SEND_ECC_EMULATION=y
 
 CONFIG_LIBLC3=y
 CONFIG_FPU=y

samples/bluetooth/tmap_central/boards/native_sim.conf

@@ -1,5 +1,4 @@
 CONFIG_LOG_MODE_IMMEDIATE=y
-CONFIG_BT_SEND_ECC_EMULATION=y
 
 CONFIG_LIBLC3=y
 CONFIG_FPU=y

samples/bluetooth/tmap_peripheral/boards/native_posix.conf

@@ -1,5 +1,4 @@
 CONFIG_LOG_MODE_IMMEDIATE=y
-CONFIG_BT_SEND_ECC_EMULATION=y
 
 CONFIG_LIBLC3=y
 CONFIG_FPU=y

samples/bluetooth/tmap_peripheral/boards/native_sim.conf

@@ -1,5 +1,4 @@
 CONFIG_LOG_MODE_IMMEDIATE=y
-CONFIG_BT_SEND_ECC_EMULATION=y
 
 CONFIG_LIBLC3=y
 CONFIG_FPU=y

samples/boards/nordic/mesh/onoff-app/prj.conf

@@ -29,7 +29,6 @@ CONFIG_BT_CTLR_PRIVACY=n
 CONFIG_BT_PERIPHERAL=y
 
 CONFIG_BT=y
-CONFIG_BT_SEND_ECC_EMULATION=y
 CONFIG_BT_L2CAP_TX_BUF_COUNT=8
 
 CONFIG_BT_MESH=y

samples/boards/nordic/mesh/onoff_level_lighting_vnd_app/prj.conf

@@ -23,7 +23,6 @@ CONFIG_BT_CTLR_TX_PWR_PLUS_8=y
 
 CONFIG_BT_PERIPHERAL=y
 CONFIG_BT=y
-CONFIG_BT_SEND_ECC_EMULATION=y
 CONFIG_BT_RX_STACK_SIZE=4096
 CONFIG_BT_L2CAP_TX_BUF_COUNT=8
 

subsys/bluetooth/controller/hci/hci.c

@@ -21,8 +21,6 @@
 #include <zephyr/bluetooth/hci_vs.h>
 #include <zephyr/bluetooth/buf.h>
 
-#include "../host/hci_ecc.h"
-
 #include "util/util.h"
 #include "util/memq.h"
 #include "util/mem.h"
@@ -1049,10 +1047,6 @@ static void read_supported_commands(struct net_buf *buf, struct net_buf **evt)
 	rp->commands[41] |= BIT(1);
 #endif /* CONFIG_BT_CTLR_SYNC_TRANSFER_RECEIVER */
 
-#if defined(CONFIG_BT_HCI_RAW) && defined(CONFIG_BT_SEND_ECC_EMULATION)
-	bt_hci_ecc_supported_commands(rp->commands);
-#endif /* CONFIG_BT_HCI_RAW && CONFIG_BT_SEND_ECC_EMULATION */
-
 	/* LE Read TX Power. */
 	rp->commands[38] |= BIT(7);
 

subsys/bluetooth/host/CMakeLists.txt

@@ -8,7 +8,6 @@ add_subdirectory_ifdef(CONFIG_BT_SHELL shell)
 
 zephyr_library_sources_ifdef(CONFIG_BT_HCI_RAW          hci_raw.c hci_common.c)
 zephyr_library_sources_ifdef(CONFIG_BT_MONITOR          monitor.c)
-zephyr_library_sources_ifdef(CONFIG_BT_SEND_ECC_EMULATION          hci_ecc.c)
 zephyr_library_sources_ifdef(CONFIG_BT_SETTINGS         settings.c)
 zephyr_library_sources_ifdef(CONFIG_BT_HOST_CCM         aes_ccm.c)
 zephyr_library_sources_ifdef(CONFIG_BT_LONG_WQ          long_wq.c)

subsys/bluetooth/host/Kconfig

@@ -15,7 +15,7 @@ config BT_LONG_WQ_STACK_SIZE
 	# Hidden: Long workqueue stack size. Should be derived from system
 	# requirements.
 	int
-	default 1400 if BT_SEND_ECC_EMULATION
+	default 1400 if BT_ECC
 	default 1300 if BT_GATT_CACHING
 	default 1024
 
@@ -407,7 +407,7 @@ config BT_SMP
 	bool "Security Manager Protocol support"
 	select BT_CRYPTO
 	select BT_RPA
-	select BT_ECC
+	select BT_ECC if !BT_SMP_OOB_LEGACY_PAIR_ONLY
 	help
 	  This option enables support for the Security Manager Protocol
 	  (SMP), making it possible to pair devices over LE.
@@ -991,36 +991,21 @@ config BT_DF_VS_CONN_IQ_REPORT_16_BITS_IQ_SAMPLES
 	  format.
 
 endif # BT_DF
-endif # BT_HCI_HOST
 
 config BT_ECC
-	bool "ECDH key generation support"
-	default y if BT_SMP && !BT_SMP_OOB_LEGACY_PAIR_ONLY
-	help
-	  This option adds support for ECDH HCI commands.
-
-config BT_SEND_ECC_EMULATION
-	bool "Emulate ECDH in the Host using PSA Crypto API library"
+	bool
 	select MBEDTLS if !BUILD_WITH_TFM
 	select MBEDTLS_PSA_CRYPTO_C if !BUILD_WITH_TFM
 	select PSA_WANT_ALG_ECDH
 	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE
 	select PSA_WANT_ECC_SECP_R1_256
 	imply MBEDTLS_PSA_P256M_DRIVER_ENABLED if MBEDTLS_PSA_CRYPTO_C
 	select BT_LONG_WQ
-	depends on BT_ECC && (BT_HCI_RAW || BT_HCI_HOST)
-	default y if HAS_BT_CTLR && !BT_CTLR_ECDH
-	help
-	  If this option is set PSA Crypto API library is used for emulating the
-	  ECDH HCI commands and events needed by e.g. LE Secure Connections.
-	  In builds including the BLE Host, if not set the controller crypto is
-	  used for ECDH and if the controller doesn't support the required HCI
-	  commands the LE Secure Connections support will be disabled.
-	  In builds including the HCI Raw interface and the BLE Controller, this
-	  option injects support for the 2 HCI commands required for LE Secure
-	  Connections so that Hosts can make use of those. The option defaults
-	  to enabled for a combined build with Zephyr's own controller, since it
-	  does not have any special ECC support itself (at least not currently).
+	help
+	  If this option is set, internal APIs will be available to perform ECDH operations
+	  through the long work queue. operations needed e.g. by LE Secure Connections.
+
+endif # BT_HCI_HOST
 
 config BT_HOST_CCM
 	bool "Host side AES-CCM module"