[tls] Add a build script for mbedtls library
Add a build target for third_party/mbedtls library for baremetal use.
Change-Id: I0fad79e4e212f01bedf509ba0201f905ac3930f2
Reviewed-on: https://pigweed-review.googlesource.com/c/pigweed/experimental/+/38380
Reviewed-by: Ali Zhang <alizhang@google.com>
Commit-Queue: Yecheng Zhao <zyecheng@google.com>
diff --git a/third_party/mbedtls/BUILD.gn b/third_party/mbedtls/BUILD.gn
new file mode 100644
index 0000000..043101c
--- /dev/null
+++ b/third_party/mbedtls/BUILD.gn
@@ -0,0 +1,29 @@
+# Copyright 2021 The Pigweed Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+import("//build_overrides/pigweed.gni")
+import("$dir_pw_build/target_types.gni")
+import("sources.gni")
+
+pw_source_set("mbedtls_lib_baremetal") {
+ sources = mbedtls_sources
+ config_file = rebase_path("./config_baremetal_exp.h")
+ defines = [ "MBEDTLS_USER_CONFIG_FILE=\"$config_file\"" ]
+ public_configs = [ ":mbedtls_config" ]
+}
+
+config("mbedtls_config") {
+ include_dirs = [ "src/include" ]
+ cflags = [ "-Wno-error=cast-qual" ]
+}
diff --git a/third_party/mbedtls/README.md b/third_party/mbedtls/README.md
new file mode 100644
index 0000000..52e1d63
--- /dev/null
+++ b/third_party/mbedtls/README.md
@@ -0,0 +1,13 @@
+# Mbedtls Library
+
+The folder hosts mbedtls third party library. The source code is in `src`
+folder. A build script `BUILD.gn` is provided and defines a library target for
+baremtal use. A number of features are disabled. See `config_baremetal_exp.h`
+for more detail. To use the target, add
+`//third_party/mbedtls:mbedtls_lib_baremetal` to the dependency list.
+
+`sources.gni` contains the list of source files for building. It is generated
+by `generate_sources_gni.py` based on current version of the source code. If
+source version bumps up, it may be necessary to re-run the script to keep the
+file in sync. The longer term plan is to set up auto-roll and update the file
+as part of the rolling process.
diff --git a/third_party/mbedtls/config_baremetal_exp.h b/third_party/mbedtls/config_baremetal_exp.h
new file mode 100644
index 0000000..7ea59c3
--- /dev/null
+++ b/third_party/mbedtls/config_baremetal_exp.h
@@ -0,0 +1,30 @@
+// Copyright 2021 The Pigweed Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not
+// use this file except in compliance with the License. You may obtain a copy of
+// the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations under
+// the License.
+
+// See third_party/mbedtls/src/configs/config-psa-crypto.h for a detail
+// explanation of these configurations.
+
+// No file system support.
+#undef MBEDTLS_FS_IO
+// No posix socket support
+#undef MBEDTLS_NET_C
+// This feature requires file system support.
+#undef MBEDTLS_PSA_ITS_FILE_C
+// The following two require MBEDTLS_PSA_ITS_FILE_C
+#undef MBEDTLS_PSA_CRYPTO_C
+#undef MBEDTLS_PSA_CRYPTO_STORAGE_C
+// This feature only works on Unix/Windows
+#undef MBEDTLS_TIMING_C
+// Use a custom entropy generator
+#define MBEDTLS_NO_PLATFORM_ENTROPY
diff --git a/third_party/mbedtls/generate_sources_gni.py b/third_party/mbedtls/generate_sources_gni.py
new file mode 100644
index 0000000..7519b48
--- /dev/null
+++ b/third_party/mbedtls/generate_sources_gni.py
@@ -0,0 +1,50 @@
+# Copyright 2021 The Pigweed Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+import os
+
+"""Generate sources.gni for the list of mbedtls source files"""
+
+LICENSE_HEADER = """# Copyright 2021 The Pigweed Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+"""
+
+if __name__ == "__main__":
+
+ cfiles = []
+ for (path, dirnames, filenames) in os.walk("src/library"):
+ for filename in filenames:
+ if not filename.endswith('.c'):
+ continue
+ cfiles.append(os.path.join(path, filename))
+ cfiles.sort()
+
+ with open("sources.gni", 'w') as f:
+ f.write(LICENSE_HEADER)
+ f.write("mbedtls_sources = [\n")
+ for source in cfiles:
+ f.write(f' \"{source}\",\n')
+ f.write("]\n")
diff --git a/third_party/mbedtls/sources.gni b/third_party/mbedtls/sources.gni
new file mode 100644
index 0000000..88264bf
--- /dev/null
+++ b/third_party/mbedtls/sources.gni
@@ -0,0 +1,102 @@
+# Copyright 2021 The Pigweed Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+mbedtls_sources = [
+ "src/library/aes.c",
+ "src/library/aesni.c",
+ "src/library/arc4.c",
+ "src/library/aria.c",
+ "src/library/asn1parse.c",
+ "src/library/asn1write.c",
+ "src/library/base64.c",
+ "src/library/bignum.c",
+ "src/library/blowfish.c",
+ "src/library/camellia.c",
+ "src/library/ccm.c",
+ "src/library/certs.c",
+ "src/library/chacha20.c",
+ "src/library/chachapoly.c",
+ "src/library/cipher.c",
+ "src/library/cipher_wrap.c",
+ "src/library/cmac.c",
+ "src/library/ctr_drbg.c",
+ "src/library/debug.c",
+ "src/library/des.c",
+ "src/library/dhm.c",
+ "src/library/ecdh.c",
+ "src/library/ecdsa.c",
+ "src/library/ecjpake.c",
+ "src/library/ecp.c",
+ "src/library/ecp_curves.c",
+ "src/library/entropy.c",
+ "src/library/entropy_poll.c",
+ "src/library/error.c",
+ "src/library/gcm.c",
+ "src/library/havege.c",
+ "src/library/hkdf.c",
+ "src/library/hmac_drbg.c",
+ "src/library/md.c",
+ "src/library/md2.c",
+ "src/library/md4.c",
+ "src/library/md5.c",
+ "src/library/memory_buffer_alloc.c",
+ "src/library/net_sockets.c",
+ "src/library/nist_kw.c",
+ "src/library/oid.c",
+ "src/library/padlock.c",
+ "src/library/pem.c",
+ "src/library/pk.c",
+ "src/library/pk_wrap.c",
+ "src/library/pkcs11.c",
+ "src/library/pkcs12.c",
+ "src/library/pkcs5.c",
+ "src/library/pkparse.c",
+ "src/library/pkwrite.c",
+ "src/library/platform.c",
+ "src/library/platform_util.c",
+ "src/library/poly1305.c",
+ "src/library/psa_crypto.c",
+ "src/library/psa_crypto_driver_wrappers.c",
+ "src/library/psa_crypto_se.c",
+ "src/library/psa_crypto_slot_management.c",
+ "src/library/psa_crypto_storage.c",
+ "src/library/psa_its_file.c",
+ "src/library/ripemd160.c",
+ "src/library/rsa.c",
+ "src/library/rsa_internal.c",
+ "src/library/sha1.c",
+ "src/library/sha256.c",
+ "src/library/sha512.c",
+ "src/library/ssl_cache.c",
+ "src/library/ssl_ciphersuites.c",
+ "src/library/ssl_cli.c",
+ "src/library/ssl_cookie.c",
+ "src/library/ssl_msg.c",
+ "src/library/ssl_srv.c",
+ "src/library/ssl_ticket.c",
+ "src/library/ssl_tls.c",
+ "src/library/ssl_tls13_keys.c",
+ "src/library/threading.c",
+ "src/library/timing.c",
+ "src/library/version.c",
+ "src/library/version_features.c",
+ "src/library/x509.c",
+ "src/library/x509_create.c",
+ "src/library/x509_crl.c",
+ "src/library/x509_crt.c",
+ "src/library/x509_csr.c",
+ "src/library/x509write_crt.c",
+ "src/library/x509write_csr.c",
+ "src/library/xtea.c",
+]
