| # |
| # Copyright (c) 2023 Linaro Limited |
| # |
| # SPDX-License-Identifier: Apache-2.0 |
| # |
| if(CONFIG_MBEDTLS) |
| zephyr_interface_library_named(mbedTLS) |
| |
| if(CONFIG_MBEDTLS_BUILTIN) |
| if(CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR AND NOT CONFIG_ENTROPY_HAS_DRIVER) |
| message(WARNING "No entropy device on the system, using fake entropy source!") |
| endif() |
| |
| if(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) |
| if(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG) |
| message(WARNING " |
| Non cryptographycally secure sources are enabled for psa_generate_random(). |
| This is meant to be used only for tests, not in production!") |
| else() |
| if(NOT CONFIG_CSPRNG_ENABLED) |
| message(FATAL_ERROR " |
| MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is set but there is |
| no CSPRNG enabled.") |
| endif() |
| endif() |
| endif() |
| |
| # Add the config-file entry point |
| target_compile_definitions(mbedTLS INTERFACE |
| MBEDTLS_CONFIG_FILE="${CONFIG_MBEDTLS_CFG_FILE}" |
| ) |
| |
| if (CONFIG_BUILD_WITH_TFM) |
| target_include_directories(mbedTLS INTERFACE |
| $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/api_ns/interface/include |
| ) |
| endif() |
| |
| # Add regular includes |
| target_include_directories(mbedTLS INTERFACE |
| ${ZEPHYR_CURRENT_MODULE_DIR}/include |
| configs |
| include |
| ) |
| |
| if (CONFIG_MBEDTLS_PSA_P256M_DRIVER_RAW) |
| target_include_directories(mbedTLS INTERFACE |
| ${ZEPHYR_CURRENT_MODULE_DIR}/3rdparty/p256-m/p256-m |
| ) |
| endif() |
| |
| # Add base library with files required by all drivers/backends. |
| zephyr_library_named(mbedTLSBase) |
| |
| # Base mbed TLS files |
| list(APPEND mbedtls_base_src |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/aes.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/aesni.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/aria.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/asn1parse.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/asn1write.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/base64.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum_core.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum_mod_raw.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum_mod.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/block_cipher.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/camellia.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ccm.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/chacha20.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/chachapoly.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/cipher_wrap.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/cipher.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/cmac.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/constant_time.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ctr_drbg.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/debug.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/des.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/dhm.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ecdh.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ecdsa.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ecjpake.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ecp_curves_new.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ecp_curves.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ecp.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/entropy_poll.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/entropy.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/error.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/gcm.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/hkdf.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/hmac_drbg.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/lmots.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/lms.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/md.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/md5.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/memory_buffer_alloc.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/mps_reader.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/mps_trace.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/nist_kw.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/oid.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/padlock.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/platform_util.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/platform.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/poly1305.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_util.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ripemd160.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/rsa_alt_helpers.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/rsa.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/sha1.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/sha256.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/sha512.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/sha3.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/threading.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/timing.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/version_features.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/version.c |
| zephyr_init.c |
| zephyr_entropy.c |
| ) |
| |
| zephyr_library_sources(${mbedtls_base_src}) |
| |
| zephyr_library_sources_ifdef(CONFIG_MBEDTLS_DEBUG debug.c) |
| zephyr_library_sources_ifdef(CONFIG_MBEDTLS_SHELL shell.c) |
| |
| zephyr_library_app_memory(k_mbedtls_partition) |
| if(CONFIG_ARCH_POSIX AND CONFIG_ASAN AND NOT CONFIG_64BIT) |
| # i386 assembly code used in MBEDTLS does not compile with size optimization |
| # if address sanitizer is enabled, as such switch default optimization level |
| # to speed |
| set_property(SOURCE ${ZEPHYR_CURRENT_MODULE_DIR}/mbedtls/library/bignum.c APPEND PROPERTY COMPILE_OPTIONS |
| "${OPTIMIZE_FOR_SPEED_FLAG}") |
| endif () |
| |
| zephyr_library_link_libraries(mbedTLS) |
| |
| zephyr_library_named(mbedTLSCrypto) |
| |
| if (CONFIG_MBEDTLS_PSA_CRYPTO_C) |
| list(APPEND crypto_source |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_aead.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_cipher.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_driver_wrappers_no_static.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_ecp.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_ffdh.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_hash.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_mac.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_pake.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_rsa.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_se.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_storage.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_its_file.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_client.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_slot_management.c |
| ) |
| endif() |
| |
| if(CONFIG_MBEDTLS_PSA_P256M_DRIVER_ENABLED) |
| list(APPEND crypto_source |
| ${ZEPHYR_CURRENT_MODULE_DIR}/3rdparty/p256-m/p256-m_driver_entrypoints.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/3rdparty/p256-m/p256-m/p256-m.c |
| ) |
| zephyr_library_include_directories(${ZEPHYR_CURRENT_MODULE_DIR}/library) |
| endif() |
| |
| list(APPEND crypto_source |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/pem.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/pkcs12.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/pkcs5.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/pkparse.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/pkwrite.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/pk.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/pk_ecc.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/pk_wrap.c |
| ) |
| |
| zephyr_library_sources(${crypto_source}) |
| |
| # Custom macro to tell that an mbedTLSCrypto source file is being compiled. |
| zephyr_library_compile_definitions(BUILDING_MBEDTLS_CRYPTO) |
| |
| zephyr_library_link_libraries(mbedTLS) |
| |
| zephyr_library_link_libraries_ifdef(CONFIG_BUILD_WITH_TFM tfm_api) |
| |
| zephyr_library_named(mbedTLSX509) |
| |
| list(APPEND x509_source |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509_create.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509_crl.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509_crt.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509_csr.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509write_crt.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509write_csr.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509write.c |
| ) |
| |
| zephyr_library_sources(${x509_source}) |
| |
| zephyr_library_link_libraries(mbedTLS) |
| |
| zephyr_library() |
| |
| list(APPEND mbedtls_source |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/net_sockets.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_cache.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_ciphersuites.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_client.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_cookie.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_debug_helpers_generated.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_msg.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_ticket.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls12_client.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls12_server.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls13_client.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls13_generic.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls13_keys.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls13_server.c |
| ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls.c |
| ) |
| |
| zephyr_library_sources(${mbedtls_source}) |
| |
| zephyr_library_link_libraries( |
| mbedTLSX509 |
| mbedTLSCrypto |
| mbedTLSBase |
| mbedTLS |
| ) |
| |
| elseif (CONFIG_MBEDTLS_LIBRARY) |
| |
| # NB: CONFIG_MBEDTLS_LIBRARY is not regression tested and is |
| # therefore susceptible to bit rot |
| target_include_directories(mbedTLS INTERFACE |
| ${CONFIG_MBEDTLS_INSTALL_PATH} |
| ) |
| zephyr_link_libraries( |
| mbedtls_external |
| -L${CONFIG_MBEDTLS_INSTALL_PATH} |
| gcc |
| ) |
| # Lib mbedtls_external depends on libgcc (I assume?) so to allow |
| # mbedtls_external to link with gcc we need to ensure it is placed |
| # after mbedtls_external on the linkers command line. |
| else() |
| # If none of either CONFIG_MBEDTLS_BUILTIN or CONFIG_MBEDTLS_LIBRARY |
| # are defined the users need add a custom Kconfig choice to the |
| # MBEDTLS_IMPLEMENTATION and manually add the mbedtls library and |
| # included the required directories for mbedtls in their projects. |
| endif() |
| |
| endif() |