esp-idf/components/mbedtls/CMakeLists.txt

321 lines
12 KiB
CMake
Raw Normal View History

idf_build_get_property(idf_target IDF_TARGET)
idf_build_get_property(python PYTHON)
if(NOT ${IDF_TARGET} STREQUAL "linux")
2021-03-19 08:03:13 -04:00
set(priv_requires soc esp_hw_support)
if(NOT BOOTLOADER_BUILD)
list(APPEND priv_requires esp_pm)
endif()
endif()
2021-03-19 08:03:13 -04:00
set(mbedtls_srcs "")
set(mbedtls_include_dirs "port/include" "mbedtls/include" "mbedtls/library")
if(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE)
list(APPEND mbedtls_srcs "esp_crt_bundle/esp_crt_bundle.c")
list(APPEND mbedtls_include_dirs "esp_crt_bundle/include")
endif()
idf_component_register(SRCS "${mbedtls_srcs}"
INCLUDE_DIRS "${mbedtls_include_dirs}"
2021-03-19 08:03:13 -04:00
PRIV_REQUIRES "${priv_requires}"
)
build system: remove lwip from common requirements lwip was added to common requirements list to provide "sys/socket.h" header to all components without additional requirements specified. However, lwip pulls in a lot of dependencies on other components. This commit removes lwip from common requirements to reduce the number of components in G1-only apps. To compensate for this removal, the following changes are made: - newlib (which is a common requirement) has a public dependency on lwip if lwip is present in the build. This ensures that sys/socket.h is available as long as lwip component is included into the build. - lwip is now a public requirement of esp-tls since esp_tls.h includes sys/socket.h header. - lwip is now a public requirement o esp_http_client because sys/socket.h is included from esp_http_client.h - lwip is now a private requirement of esp_wifi for "smartconfig_ack" - lwip is now a private requirement of mqtt for socket functions - lwip is now a public requirement of tcp_transport because esp_transport_tcp.h includes sys/socket.h header. - mbedtls checks if lwip component is present in the build. If yes, net_sockets.c is added to the build, along with the dependency on lwip. Previously lwip was a public requirement of mbedtls unconditionally. system/g1_components test app is updated to reflect the changes Default public dependencies of a component before and after this change, except common requirements: - esp_timer (public dependency of freertos) - bootloader_support (public dependency of esp_hw_support) - vfs (public dependency of lwip) - esp_wifi (public dependency of lwip) - esp_event (public dependency of esp_wifi) - esp_netif (public dependency of esp_event) - esp_eth (public dependency of esp_netif) - esp_phy (public dependency of esp_wifi) After: - esp_timer (public dependency of freertos) - bootloader_support (public dependency of esp_hw_support) Altogether, the following components have been always added as public requirements to all other components, and are not added now ([breaking-change]): - lwip - vfs - esp_wifi - esp_event - esp_netif - esp_eth - esp_phy Application components now need to explicitly declare dependencies on these components.
2022-04-14 14:03:56 -04:00
# Determine the type of mbedtls component library
if(mbedtls_srcs STREQUAL "")
# For no sources in component library we must use "INTERFACE"
set(linkage_type INTERFACE)
else()
set(linkage_type PUBLIC)
endif()
if(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE)
set(bundle_name "x509_crt_bundle")
set(DEFAULT_CRT_DIR ${COMPONENT_DIR}/esp_crt_bundle)
# Generate custom certificate bundle using the generate_cert_bundle utility
set(GENERATE_CERT_BUNDLEPY ${python} ${COMPONENT_DIR}/esp_crt_bundle/gen_crt_bundle.py)
if(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL)
list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
elseif(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN)
list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
endif()
# Add deprecated root certs if enabled. This config is not visible if the default cert
# bundle is not selected
if(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
endif()
if(CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE)
get_filename_component(custom_bundle_path
${CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
list(APPEND crt_paths ${custom_bundle_path})
endif()
list(APPEND args --input ${crt_paths} -q)
get_filename_component(crt_bundle
${bundle_name}
ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
# Generate bundle according to config
add_custom_command(OUTPUT ${crt_bundle}
COMMAND ${GENERATE_CERT_BUNDLEPY} ${args}
DEPENDS ${custom_bundle_path}
VERBATIM)
add_custom_target(custom_bundle DEPENDS ${cert_bundle})
add_dependencies(${COMPONENT_LIB} custom_bundle)
target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
APPEND PROPERTY ADDITIONAL_CLEAN_FILES
"${crt_bundle}")
endif()
# Only build mbedtls libraries
set(ENABLE_TESTING CACHE BOOL OFF)
set(ENABLE_PROGRAMS CACHE BOOL OFF)
# Use pre-generated source files in mbedtls repository
set(GEN_FILES CACHE BOOL OFF)
# Make sure mbedtls finds the same Python interpreter as IDF uses
idf_build_get_property(python PYTHON)
set(Python3_EXECUTABLE ${python})
# Needed to for include_next includes to work from within mbedtls
include_directories("${COMPONENT_DIR}/port/include")
# Import mbedtls library targets
add_subdirectory(mbedtls)
# Use port specific implementation of net_socket.c instead of one from mbedtls
get_target_property(src_tls mbedtls SOURCES)
list(REMOVE_ITEM src_tls net_sockets.c)
set_property(TARGET mbedtls PROPERTY SOURCES ${src_tls})
if(CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1)
get_target_property(src_tls mbedtls SOURCES)
list(REMOVE_ITEM src_tls ssl_ciphersuites.c ssl_cli.c ssl_tls.c)
set_property(TARGET mbedtls PROPERTY SOURCES ${src_tls})
get_target_property(src_crypto mbedcrypto SOURCES)
list(REMOVE_ITEM src_crypto cipher_wrap.c ecdsa.c ecp.c ecp_curves.c oid.c pk_wrap.c)
set_property(TARGET mbedcrypto PROPERTY SOURCES ${src_crypto})
get_target_property(src_x509 mbedx509 SOURCES)
list(REMOVE_ITEM src_x509 x509_crt.c)
set_property(TARGET mbedx509 PROPERTY SOURCES ${src_x509})
endif()
# Core libraries from the mbedTLS project
set(mbedtls_targets mbedtls mbedcrypto mbedx509)
# 3rd party libraries from the mbedTLS project
list(APPEND mbedtls_targets everest p256m)
set(mbedtls_target_sources "${COMPONENT_DIR}/port/mbedtls_debug.c"
"${COMPONENT_DIR}/port/esp_platform_time.c")
if(CONFIG_MBEDTLS_DYNAMIC_BUFFER)
set(mbedtls_target_sources ${mbedtls_target_sources}
"${COMPONENT_DIR}/port/dynamic/esp_mbedtls_dynamic_impl.c"
"${COMPONENT_DIR}/port/dynamic/esp_ssl_cli.c"
"${COMPONENT_DIR}/port/dynamic/esp_ssl_srv.c"
"${COMPONENT_DIR}/port/dynamic/esp_ssl_tls.c")
endif()
if(${IDF_TARGET} STREQUAL "linux")
set(mbedtls_target_sources ${mbedtls_target_sources} "${COMPONENT_DIR}/port/net_sockets.c")
endif()
# While updating to MbedTLS release/v3.4.0, building mbedtls/library/psa_crypto.c
# clang produces an unreachable-code warning.
if(CMAKE_C_COMPILER_ID MATCHES "Clang")
target_compile_options(mbedcrypto PRIVATE "-Wno-unreachable-code")
endif()
build system: remove lwip from common requirements lwip was added to common requirements list to provide "sys/socket.h" header to all components without additional requirements specified. However, lwip pulls in a lot of dependencies on other components. This commit removes lwip from common requirements to reduce the number of components in G1-only apps. To compensate for this removal, the following changes are made: - newlib (which is a common requirement) has a public dependency on lwip if lwip is present in the build. This ensures that sys/socket.h is available as long as lwip component is included into the build. - lwip is now a public requirement of esp-tls since esp_tls.h includes sys/socket.h header. - lwip is now a public requirement o esp_http_client because sys/socket.h is included from esp_http_client.h - lwip is now a private requirement of esp_wifi for "smartconfig_ack" - lwip is now a private requirement of mqtt for socket functions - lwip is now a public requirement of tcp_transport because esp_transport_tcp.h includes sys/socket.h header. - mbedtls checks if lwip component is present in the build. If yes, net_sockets.c is added to the build, along with the dependency on lwip. Previously lwip was a public requirement of mbedtls unconditionally. system/g1_components test app is updated to reflect the changes Default public dependencies of a component before and after this change, except common requirements: - esp_timer (public dependency of freertos) - bootloader_support (public dependency of esp_hw_support) - vfs (public dependency of lwip) - esp_wifi (public dependency of lwip) - esp_event (public dependency of esp_wifi) - esp_netif (public dependency of esp_event) - esp_eth (public dependency of esp_netif) - esp_phy (public dependency of esp_wifi) After: - esp_timer (public dependency of freertos) - bootloader_support (public dependency of esp_hw_support) Altogether, the following components have been always added as public requirements to all other components, and are not added now ([breaking-change]): - lwip - vfs - esp_wifi - esp_event - esp_netif - esp_eth - esp_phy Application components now need to explicitly declare dependencies on these components.
2022-04-14 14:03:56 -04:00
# net_sockets.c should only be compiled if BSD socket functions are available.
# Do this by checking if lwip component is included into the build.
if(CONFIG_LWIP_ENABLE)
build system: remove lwip from common requirements lwip was added to common requirements list to provide "sys/socket.h" header to all components without additional requirements specified. However, lwip pulls in a lot of dependencies on other components. This commit removes lwip from common requirements to reduce the number of components in G1-only apps. To compensate for this removal, the following changes are made: - newlib (which is a common requirement) has a public dependency on lwip if lwip is present in the build. This ensures that sys/socket.h is available as long as lwip component is included into the build. - lwip is now a public requirement of esp-tls since esp_tls.h includes sys/socket.h header. - lwip is now a public requirement o esp_http_client because sys/socket.h is included from esp_http_client.h - lwip is now a private requirement of esp_wifi for "smartconfig_ack" - lwip is now a private requirement of mqtt for socket functions - lwip is now a public requirement of tcp_transport because esp_transport_tcp.h includes sys/socket.h header. - mbedtls checks if lwip component is present in the build. If yes, net_sockets.c is added to the build, along with the dependency on lwip. Previously lwip was a public requirement of mbedtls unconditionally. system/g1_components test app is updated to reflect the changes Default public dependencies of a component before and after this change, except common requirements: - esp_timer (public dependency of freertos) - bootloader_support (public dependency of esp_hw_support) - vfs (public dependency of lwip) - esp_wifi (public dependency of lwip) - esp_event (public dependency of esp_wifi) - esp_netif (public dependency of esp_event) - esp_eth (public dependency of esp_netif) - esp_phy (public dependency of esp_wifi) After: - esp_timer (public dependency of freertos) - bootloader_support (public dependency of esp_hw_support) Altogether, the following components have been always added as public requirements to all other components, and are not added now ([breaking-change]): - lwip - vfs - esp_wifi - esp_event - esp_netif - esp_eth - esp_phy Application components now need to explicitly declare dependencies on these components.
2022-04-14 14:03:56 -04:00
list(APPEND mbedtls_target_sources "${COMPONENT_DIR}/port/net_sockets.c")
idf_component_get_property(lwip_lib lwip COMPONENT_LIB)
target_link_libraries(${COMPONENT_LIB} ${linkage_type} ${lwip_lib})
endif()
# Add port files to mbedtls targets
target_sources(mbedtls PRIVATE ${mbedtls_target_sources})
# Choose perihperal type
if(CONFIG_SOC_SHA_SUPPORTED)
if(CONFIG_SOC_SHA_SUPPORT_DMA)
set(SHA_PERIPHERAL_TYPE "dma")
elseif(CONFIG_SOC_SHA_SUPPORT_PARALLEL_ENG)
set(SHA_PERIPHERAL_TYPE "parallel_engine")
else()
set(SHA_PERIPHERAL_TYPE "block")
endif()
endif()
if(CONFIG_SOC_AES_SUPPORTED)
if(CONFIG_SOC_AES_SUPPORT_DMA)
set(AES_PERIPHERAL_TYPE "dma")
else()
set(AES_PERIPHERAL_TYPE "block")
endif()
endif()
2021-01-14 02:25:06 -05:00
if(SHA_PERIPHERAL_TYPE STREQUAL "dma")
target_include_directories(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/dma/include")
if(NOT CONFIG_SOC_SHA_GDMA)
2021-01-14 02:25:06 -05:00
set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_crypto_dma_impl.c")
else()
set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_gdma_impl.c")
2021-01-14 02:25:06 -05:00
endif()
target_sources(mbedcrypto PRIVATE "${SHA_DMA_SRCS}")
2021-01-14 02:25:06 -05:00
endif()
if(AES_PERIPHERAL_TYPE STREQUAL "dma")
if(NOT CONFIG_SOC_AES_GDMA)
2021-01-14 02:25:06 -05:00
set(AES_DMA_SRCS "${COMPONENT_DIR}/port/aes/dma/esp_aes_crypto_dma_impl.c")
else()
set(AES_DMA_SRCS "${COMPONENT_DIR}/port/aes/dma/esp_aes_gdma_impl.c"
"${COMPONENT_DIR}/port/crypto_shared_gdma/esp_crypto_shared_gdma.c")
2021-01-14 02:25:06 -05:00
endif()
target_include_directories(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/dma/include")
target_sources(mbedcrypto PRIVATE "${AES_DMA_SRCS}")
2021-01-14 02:25:06 -05:00
endif()
if(NOT ${IDF_TARGET} STREQUAL "linux")
target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_hardware.c")
endif()
target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_mem.c"
"${COMPONENT_DIR}/port/esp_timing.c"
)
if(CONFIG_SOC_AES_SUPPORTED)
target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/esp_aes_xts.c"
"${COMPONENT_DIR}/port/aes/esp_aes_common.c"
"${COMPONENT_DIR}/port/aes/${AES_PERIPHERAL_TYPE}/esp_aes.c"
)
endif()
if(CONFIG_SOC_SHA_SUPPORTED)
target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/esp_sha.c"
"${COMPONENT_DIR}/port/sha/${SHA_PERIPHERAL_TYPE}/sha.c"
)
endif()
# CONFIG_ESP_TLS_USE_DS_PERIPHERAL can be enabled only for the supported targets.
if(CONFIG_ESP_TLS_USE_DS_PERIPHERAL)
target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_ds/esp_rsa_sign_alt.c")
endif()
# Note: some mbedTLS hardware acceleration can be enabled/disabled by config.
#
# We don't need to filter aes.c as this uses a different prefix (esp_aes_x) and the
# config option only changes the prefixes in the header so mbedtls_aes_x compiles to esp_aes_x
#
# The other port-specific files don't override internal mbedTLS functions, they just add new functions.
if(CONFIG_MBEDTLS_HARDWARE_MPI)
target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/bignum/esp_bignum.c"
"${COMPONENT_DIR}/port/bignum/bignum_alt.c")
endif()
if(CONFIG_MBEDTLS_HARDWARE_SHA)
target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/${SHA_PERIPHERAL_TYPE}/esp_sha1.c"
"${COMPONENT_DIR}/port/sha/${SHA_PERIPHERAL_TYPE}/esp_sha256.c"
"${COMPONENT_DIR}/port/sha/${SHA_PERIPHERAL_TYPE}/esp_sha512.c"
)
endif()
if(CONFIG_MBEDTLS_HARDWARE_GCM OR (NOT CONFIG_SOC_AES_SUPPORT_GCM AND CONFIG_MBEDTLS_HARDWARE_AES))
target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/esp_aes_gcm.c")
endif()
if(CONFIG_MBEDTLS_HARDWARE_ECC)
target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/ecc/esp_ecc.c"
"${COMPONENT_DIR}/port/ecc/ecc_alt.c")
endif()
if(CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN OR CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY)
target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/ecdsa/ecdsa_alt.c")
if(CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN)
target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=mbedtls_ecdsa_sign")
target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=mbedtls_ecdsa_sign_restartable")
target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=mbedtls_ecdsa_write_signature")
target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=mbedtls_ecdsa_write_signature_restartable")
endif()
if(CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY)
target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=mbedtls_ecdsa_verify")
endif()
endif()
if(CONFIG_MBEDTLS_ROM_MD5)
target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/md/esp_md.c")
endif()
if(CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL)
target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/mbedtls_rom/mbedtls_rom_osi.c")
target_link_libraries(${COMPONENT_LIB} PRIVATE "-u mbedtls_rom_osi_functions_init")
endif()
foreach(target ${mbedtls_targets})
target_compile_definitions(${target} PUBLIC -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h")
endforeach()
if(CONFIG_MBEDTLS_DYNAMIC_BUFFER)
set(WRAP_FUNCTIONS
mbedtls_ssl_write_client_hello
mbedtls_ssl_handshake_client_step
mbedtls_ssl_handshake_server_step
mbedtls_ssl_read
mbedtls_ssl_write
mbedtls_ssl_session_reset
mbedtls_ssl_free
mbedtls_ssl_setup
mbedtls_ssl_send_alert_message
mbedtls_ssl_close_notify)
foreach(wrap ${WRAP_FUNCTIONS})
target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=${wrap}")
endforeach()
endif()
2019-08-18 01:28:52 -04:00
set_property(TARGET mbedcrypto APPEND PROPERTY LINK_INTERFACE_LIBRARIES mbedtls)
if(CONFIG_PM_ENABLE)
target_link_libraries(mbedcrypto PRIVATE idf::esp_pm)
endif()
2019-08-18 01:28:52 -04:00
if(CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN OR CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY)
target_link_libraries(mbedcrypto PRIVATE idf::efuse)
endif()
target_link_libraries(${COMPONENT_LIB} ${linkage_type} ${mbedtls_targets})
if(CONFIG_ESP_TLS_USE_DS_PERIPHERAL)
# The linker seems to be unable to resolve all the dependencies without increasing this
set_property(TARGET mbedcrypto APPEND PROPERTY LINK_INTERFACE_MULTIPLICITY 6)
endif()
# Link esp-cryptoauthlib to mbedtls
if(CONFIG_ATCA_MBEDTLS_ECDSA)
idf_component_optional_requires(PRIVATE espressif__esp-cryptoauthlib esp-cryptoauthlib)
endif()