Using mbed TLS in a Bluetooth Low-Energy Application

Some applications require security features beyond those provided by the Bluetooth specification. This article describes the steps necessary for building a BLE project with mbed TLS.

mbed TLS is a library of cryptographic functions, defined here https://tls.mbed.org/api/, which are used by the Silicon Laboratories Bluetooth Low Energy stack. Silicon Labs provides low-level drivers for the cryptographic engines in it SoCs to allow mbed TLS to run efficiently.

Any application that needs to use mbed TLS must remove the prebuilt mbed TLS library and build the mbed TLS library from source to avoid conflicts. mbed TLS is a highly-configurable library with features that can be enabled by defining preprocessor symbols to a configuration file. The basic setup is described below.

  1. Remove the prebuilt mbedtls.a library from your project as shown. prebuilt_mbedtls_lib

  2. At a minimum, the following files must be added to the project. These are found in the SDK folder under util\third_party\mbedtls.

    mbedtls_files

  3. Add the following to your project's include paths.

    • include
    • include/mbedtls
    • sl_crypto/include
    • silicon_labs/memory_manager
  4. Add the following definition to the preprocessor symbols.

    MBEDTLS_CONFIG_FILE="mbedtls_config.h"
  5. Copy protocol\bluetooth\ble_stack\inc\soc\mbedtls_config.h from the SDK to the project's protocol\bluetooth\ble_stack\inc\soc folder. This ensures that the project enables all of the mbed TLS features that the Bluetooth stack requires. Additional features can be enabled in this file but none of the existing features can be disabled.

  6. Add the following to your application code.

    #if !defined(MBEDTLS_CONFIG_FILE)
    #include "mbedtls/config.h"
    #else
    #include MBEDTLS_CONFIG_FILE
    #endif
  7. Now you can begin using mbed TLS in your application code.