mbedtls: Add third_party/mbedtls build support
Add third_party/mbedtls and scripts for building mbedtls library.
The build script will also provide a number of ready-made
configurations for build. They can be specified via gn variable
pw_third_party_mbedtls_CONFIG. Currently, there is only a default
configurations. More will be added later.
Change-Id: I687bca967b2c30d62297b65520f538ef15f69ef6
Reviewed-on: https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/44962
Reviewed-by: Varun Sharma <vars@google.com>
Reviewed-by: Ali Zhang <alizhang@google.com>
Commit-Queue: Yecheng Zhao <zyecheng@google.com>
diff --git a/third_party/mbedtls/BUILD b/third_party/mbedtls/BUILD
new file mode 100644
index 0000000..89694f2
--- /dev/null
+++ b/third_party/mbedtls/BUILD
@@ -0,0 +1,40 @@
+# Copyright 2020 The Pigweed Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+load(
+ "//pw_build:pigweed.bzl",
+ "pw_cc_library",
+)
+
+# Ready-made configurations
+mbedtls_configs = [
+ ("default", "configs/config_default.h"),
+]
+
+# Config targets.
+[
+pw_cc_library(
+ name = "%s_config" % config_name,
+ copts = ["-DMBEDTLS_CONFIG_FILE=\"%s\"" % config_header],
+ hdrs = [
+ config_header,
+ "configs/config_pigweed_common.h",
+ ],
+ includes = [ "." ],
+)
+for config_name, config_header in mbedtls_configs
+]
+
+# TODO(zyecheng): Add build recipe for the library.
+
diff --git a/third_party/mbedtls/BUILD.gn b/third_party/mbedtls/BUILD.gn
new file mode 100644
index 0000000..150fe39
--- /dev/null
+++ b/third_party/mbedtls/BUILD.gn
@@ -0,0 +1,167 @@
+# Copyright 2021 The Pigweed Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+import("//build_overrides/pigweed.gni")
+import("$dir_pw_build/target_types.gni")
+
+declare_args() {
+ # If compiling backends with mbedtls, this variable is set to the path to the
+ # mbedtls source code. When set, a pw_source_set for the mbedtls library is
+ # created at "$dir_pw_third_party/mbedtls".
+ dir_pw_third_party_mbedtls = ""
+
+ # configuration for mbedtls. Can be one of |mbedtls_configs|
+ pw_third_party_mbedtls_CONFIG = "default"
+}
+
+# The list currently includes all source files for build.
+mbedtls_sources = [
+ "library/aes.c",
+ "library/aesni.c",
+ "library/arc4.c",
+ "library/aria.c",
+ "library/asn1parse.c",
+ "library/asn1write.c",
+ "library/base64.c",
+ "library/bignum.c",
+ "library/blowfish.c",
+ "library/camellia.c",
+ "library/ccm.c",
+ "library/certs.c",
+ "library/chacha20.c",
+ "library/chachapoly.c",
+ "library/cipher.c",
+ "library/cipher_wrap.c",
+ "library/cmac.c",
+ "library/ctr_drbg.c",
+ "library/debug.c",
+ "library/des.c",
+ "library/dhm.c",
+ "library/ecdh.c",
+ "library/ecdsa.c",
+ "library/ecjpake.c",
+ "library/ecp.c",
+ "library/ecp_curves.c",
+ "library/entropy.c",
+ "library/entropy_poll.c",
+ "library/error.c",
+ "library/gcm.c",
+ "library/havege.c",
+ "library/hkdf.c",
+ "library/hmac_drbg.c",
+ "library/md.c",
+ "library/md2.c",
+ "library/md4.c",
+ "library/md5.c",
+ "library/memory_buffer_alloc.c",
+ "library/net_sockets.c",
+ "library/nist_kw.c",
+ "library/oid.c",
+ "library/padlock.c",
+ "library/pem.c",
+ "library/pk.c",
+ "library/pk_wrap.c",
+ "library/pkcs11.c",
+ "library/pkcs12.c",
+ "library/pkcs5.c",
+ "library/pkparse.c",
+ "library/pkwrite.c",
+ "library/platform.c",
+ "library/platform_util.c",
+ "library/poly1305.c",
+ "library/psa_crypto.c",
+ "library/psa_crypto_driver_wrappers.c",
+ "library/psa_crypto_se.c",
+ "library/psa_crypto_slot_management.c",
+ "library/psa_crypto_storage.c",
+ "library/psa_its_file.c",
+ "library/ripemd160.c",
+ "library/rsa.c",
+ "library/rsa_internal.c",
+ "library/sha1.c",
+ "library/sha256.c",
+ "library/sha512.c",
+ "library/ssl_cache.c",
+ "library/ssl_ciphersuites.c",
+ "library/ssl_cli.c",
+ "library/ssl_cookie.c",
+ "library/ssl_msg.c",
+ "library/ssl_srv.c",
+ "library/ssl_ticket.c",
+ "library/ssl_tls.c",
+ "library/ssl_tls13_keys.c",
+ "library/threading.c",
+ "library/timing.c",
+ "library/version.c",
+ "library/version_features.c",
+ "library/x509.c",
+ "library/x509_create.c",
+ "library/x509_crl.c",
+ "library/x509_crt.c",
+ "library/x509_csr.c",
+ "library/x509write_crt.c",
+ "library/x509write_csr.c",
+ "library/xtea.c",
+]
+
+if (dir_pw_third_party_mbedtls != "") {
+ mbedtls_configs = [
+ {
+ name = "default"
+ config_header = "configs/config_default.h"
+ },
+ # TODO(zyecheng): Add more working configs for code-size optimization.
+ ]
+
+ foreach(ele, mbedtls_configs) {
+ config_name = ele.name + "_config"
+ config(config_name) {
+ # Custom config file is specified by macro MBEDTLS_CONFIG_FILE
+ # for MbedTLS
+ defines = [ "MBEDTLS_CONFIG_FILE=\"${ele.config_header}\"" ]
+ include_dirs = [ "." ]
+ }
+
+ pw_source_set(ele.name) {
+ public = [
+ "configs/config_pigweed_common.h",
+ ele.config_header,
+ ]
+ public_configs = [ ":${config_name}" ]
+ }
+ }
+
+ config("mbedtls_common_config") {
+ include_dirs = [
+ "$dir_pw_third_party_mbedtls",
+ "$dir_pw_third_party_mbedtls/include",
+ ]
+ cflags = [
+ "-Wno-error=cast-qual",
+ "-Wno-error=redundant-decls",
+ ]
+ }
+
+ pw_source_set("mbedtls") {
+ sources = []
+ foreach(source, mbedtls_sources) {
+ sources += [ "$dir_pw_third_party_mbedtls/" + source ]
+ }
+ public_configs = [ ":mbedtls_common_config" ]
+ public_deps = [ ":$pw_third_party_mbedtls_CONFIG" ]
+ }
+} else {
+ group("mbedtls") {
+ }
+}
diff --git a/third_party/mbedtls/README.md b/third_party/mbedtls/README.md
new file mode 100644
index 0000000..7a32a53
--- /dev/null
+++ b/third_party/mbedtls/README.md
@@ -0,0 +1,8 @@
+# MbedTLS Library
+
+The folder provides build scripts and configuration recipes for building
+the MbedTLS library. The source code needs to be downloaded by the user, or
+via the support in pw_package "pw package install mbedtls". For gn build,
+set `dir_pw_third_party_mbedtls` to point to the path of the source code.
+For applications using MbedTLS, add `$dir_pw_third_party/mbedtls` to the
+dependency list.
diff --git a/third_party/mbedtls/configs/config_default.h b/third_party/mbedtls/configs/config_default.h
new file mode 100644
index 0000000..a6f1689
--- /dev/null
+++ b/third_party/mbedtls/configs/config_default.h
@@ -0,0 +1,19 @@
+// Copyright 2021 The Pigweed Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not
+// use this file except in compliance with the License. You may obtain a copy of
+// the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations under
+// the License.
+
+#pragma once
+
+#include <mbedtls/config.h>
+
+#include "configs/config_pigweed_common.h"
diff --git a/third_party/mbedtls/configs/config_pigweed_common.h b/third_party/mbedtls/configs/config_pigweed_common.h
new file mode 100644
index 0000000..ac74288
--- /dev/null
+++ b/third_party/mbedtls/configs/config_pigweed_common.h
@@ -0,0 +1,38 @@
+// Copyright 2021 The Pigweed Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not
+// use this file except in compliance with the License. You may obtain a copy of
+// the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations under
+// the License.
+
+// Some common configs for using mbedtls in Pigweed. These include disabling of
+// file system, socket and linux/windows specific features.
+// See include/mbedtls/config.h for a detail explanation of these
+// configurations.
+
+#pragma once
+
+// No file system support.
+#undef MBEDTLS_FS_IO
+// No posix socket support
+#undef MBEDTLS_NET_C
+// This feature requires file system support.
+#undef MBEDTLS_PSA_ITS_FILE_C
+// The following two require MBEDTLS_PSA_ITS_FILE_C
+#undef MBEDTLS_PSA_CRYPTO_C
+#undef MBEDTLS_PSA_CRYPTO_STORAGE_C
+// This feature only works on Unix/Windows
+#undef MBEDTLS_TIMING_C
+// Use a custom entropy generator
+#define MBEDTLS_NO_PLATFORM_ENTROPY
+// Error string support for debugging
+#define MBEDTLS_ERROR_C
+
+#include "mbedtls/check_config.h"