nrfconnect · edmont · Jan 3, 2025 · Jan 2, 2025 · Jan 2, 2025
diff --git a/subsys/CMakeLists.txt b/subsys/CMakeLists.txt
@@ -14,7 +14,6 @@ zephyr_library()
 
 zephyr_library_link_libraries(zigbee)
 
-zephyr_link_libraries_ifdef(CONFIG_ZIGBEE_USE_SOFTWARE_AES nrfxlib_crypto)
 
 # Source files
 zephyr_library_sources(osif/zb_nrf_platform.c)

diff --git a/subsys/Kconfig b/subsys/Kconfig
@@ -15,15 +15,19 @@ menuconfig ZIGBEE_ADD_ON
 	select NET_PKT_TXTIME
 	select REBOOT
 	select PSA_WANT_ALG_ECB_NO_PADDING if NRF_SECURITY
+	select PSA_WANT_ALG_ECDH if NRF_SECURITY
 	select PSA_WANT_KEY_TYPE_AES if NRF_SECURITY
+	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT if NRF_SECURITY
+	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE if NRF_SECURITY
+	select PSA_WANT_ECC_MONTGOMERY_255 if NRF_SECURITY
 	select MBEDTLS_ENABLE_HEAP if NRF_SECURITY
 	imply ENTROPY_GENERATOR
 	imply POLL
 	imply FLASH
 	imply FLASH_PAGE_LAYOUT
 	imply FLASH_MAP
 	imply MPU_ALLOW_FLASH_WRITE
-	depends on (SOC_NRF52840 || SOC_NRF54L15)
+	depends on SOC_NRF54L15
 
 if ZIGBEE_ADD_ON
 
@@ -336,20 +340,12 @@ config ZIGBEE_UART_TX_BUF_LEN
 
 endif #ZIGBEE_HAVE_ASYNC_SERIAL
 
-config ZIGBEE_USE_SOFTWARE_AES
-	bool "Use software based AES"
-	select NRF_OBERON
-	default n
-
 config NRF_SECURITY
 	default y
 
 if NRF_SECURITY
 
-config MBEDTLS_HEAP_SIZE
-	default 2048
-
-config PSA_CRYPTO_DRIVER_OBERON
+config PSA_CRYPTO_DRIVER_CRACEN
 	default y
 
 endif

diff --git a/subsys/osif/zb_nrf_crypto.c b/subsys/osif/zb_nrf_crypto.c
@@ -9,7 +9,6 @@
 #include <zboss_api.h>
 #if CONFIG_NRF_SECURITY
 #include <psa/crypto.h>
-#include <ocrypto_curve25519.h>
 #else
 #error No crypto suite for Zigbee stack has been selected
 #endif
@@ -87,6 +86,30 @@ zb_int_t zb_osif_scalarmult(zb_uint8_t *result_point,
                             const zb_uint8_t *scalar,
                             const zb_uint8_t *point)
 {
-	ocrypto_curve25519_scalarmult(result_point, scalar, point);
+	psa_status_t status;
+	mbedtls_svc_key_id_t key_id;
+	size_t output_length;
+
+	ZVUNUSED(status);
+
+	psa_init();
+
+	psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+	psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
+	psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_VOLATILE);
+	psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
+	psa_set_key_type(&key_attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY));
+
+	status = psa_import_key(&key_attributes, scalar, ZB_ECC_CURVE25519_BASE_POINT_LEN, &key_id);
+	__ASSERT(status == PSA_SUCCESS, "psa_import failed! (Error: %d)", status);
+
+	psa_reset_key_attributes(&key_attributes);
+
+	status = psa_raw_key_agreement(PSA_ALG_ECDH, key_id, point, ZB_ECC_CURVE25519_BASE_POINT_LEN,
+			 result_point, ZB_ECC_SECRET_MAX_LEN, &output_length);
+	__ASSERT(status == PSA_SUCCESS, "psa_raw_key_agreement failed! (Error: %d)", status);
+
+	psa_destroy_key(key_id);
+
 	return 0;
 }