Using mbed TLS in a Bluetooth Low-Energy Application
Some applications require security features beyond those provided by the Bluetooth specification. This article describes the steps necessary for building a BLE project with mbed TLS.
mbed TLS is a library of cryptographic functions, defined here https://tls.mbed.org/api/, which are used by the Silicon Laboratories Bluetooth Low Energy stack. Silicon Labs provides low-level drivers for the cryptographic engines in it SoCs to allow mbed TLS to run efficiently.
Any application that needs to use mbed TLS must remove the prebuilt mbed TLS library and build the mbed TLS library from source to avoid conflicts. mbed TLS is a highly-configurable library with features that can be enabled by defining preprocessor symbols to a configuration file. The basic setup is described below.
Remove the prebuilt mbedtls.a library from your project as shown. prebuilt_mbedtls_lib
At a minimum, the following files must be added to the project. These are found in the SDK folder under util\third_party\mbedtls.
These files are sufficient for working with any EFR32xG1x device. For the EFR32xG21add the following in addition to the files mentioned above:
from util\third_party\mbedtls\sl_crypto\src, se_aes.c, se_ccm.c, se_cmac.c, se_ecp.c, se_management.c, se_tring.c and shax.c
from util\third_party\mbedtls\sl_crypto\include\, se_managment.h
For EFR32xG22 add the following
util\third_party\mbedtls\sl_crypto\src : cryptoacc_aes.c, cryptoacc_ccm.c, cryptoacc_cmac.c, cryptoacc_ecp.c, cryptoacc_management.c and cryptoacc_tring.c as well the entire contents of the crytpoacc folder
from util\third_party\mbedtls\sl_crypto\include : mbedtls_ecode.h, cryptoacc_management.h
Add the following to your project's include paths.
Add the following definition to the preprocessor symbols.
Copy protocol\bluetooth\ble_stack\inc\soc\mbedtls_config.h from the SDK to the project's protocol\bluetooth\ble_stack\inc\soc folder. This ensures that the project enables all of the mbed TLS features that the Bluetooth stack requires. Additional features can be enabled in this file but none of the existing features can be disabled.
Add the following to your application code.
#if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else #include MBEDTLS_CONFIG_FILE #endif
Now you can begin using mbed TLS in your application code.