1# 2# Copyright (c) 2023 Linaro Limited 3# 4# SPDX-License-Identifier: Apache-2.0 5# 6if(CONFIG_MBEDTLS) 7zephyr_interface_library_named(mbedTLS) 8 9 if(CONFIG_MBEDTLS_BUILTIN) 10 if(CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR AND NOT CONFIG_ENTROPY_HAS_DRIVER) 11 message(WARNING "No entropy device on the system, using fake entropy source!") 12 endif() 13 14 if(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) 15 if(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG OR 16 CONFIG_TEST_CSPRNG_GENERATOR) 17 message(WARNING " 18 Non cryptographycally secure sources are enabled for psa_generate_random(). 19 This is meant to be used only for tests, not in production!") 20 else() 21 if(NOT CONFIG_CSPRNG_ENABLED) 22 message(FATAL_ERROR " 23 MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is set but there is 24 no CSPRNG enabled.") 25 endif() 26 endif() 27 endif() 28 29 # Add the config-file entry point 30 target_compile_definitions(mbedTLS INTERFACE 31 MBEDTLS_CONFIG_FILE="${CONFIG_MBEDTLS_CFG_FILE}" 32 ) 33 34 if (CONFIG_BUILD_WITH_TFM) 35 target_include_directories(mbedTLS INTERFACE 36 $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/api_ns/interface/include 37 ) 38 endif() 39 40 # Add regular includes 41 target_include_directories(mbedTLS INTERFACE 42 ${ZEPHYR_CURRENT_MODULE_DIR}/include 43 configs 44 include 45 ) 46 47 if (CONFIG_MBEDTLS_PSA_P256M_DRIVER_RAW) 48 target_include_directories(mbedTLS INTERFACE 49 ${ZEPHYR_CURRENT_MODULE_DIR}/3rdparty/p256-m/p256-m 50 ) 51 endif() 52 53 # Add base library with files required by all drivers/backends. 54 zephyr_library_named(mbedTLSBase) 55 56 # Base mbed TLS files 57 list(APPEND mbedtls_base_src 58 ${ZEPHYR_CURRENT_MODULE_DIR}/library/aes.c 59 ${ZEPHYR_CURRENT_MODULE_DIR}/library/aesni.c 60 ${ZEPHYR_CURRENT_MODULE_DIR}/library/aria.c 61 ${ZEPHYR_CURRENT_MODULE_DIR}/library/asn1parse.c 62 ${ZEPHYR_CURRENT_MODULE_DIR}/library/asn1write.c 63 ${ZEPHYR_CURRENT_MODULE_DIR}/library/base64.c 64 ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum_core.c 65 ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum_mod_raw.c 66 ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum_mod.c 67 ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum.c 68 ${ZEPHYR_CURRENT_MODULE_DIR}/library/block_cipher.c 69 ${ZEPHYR_CURRENT_MODULE_DIR}/library/camellia.c 70 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ccm.c 71 ${ZEPHYR_CURRENT_MODULE_DIR}/library/chacha20.c 72 ${ZEPHYR_CURRENT_MODULE_DIR}/library/chachapoly.c 73 ${ZEPHYR_CURRENT_MODULE_DIR}/library/cipher_wrap.c 74 ${ZEPHYR_CURRENT_MODULE_DIR}/library/cipher.c 75 ${ZEPHYR_CURRENT_MODULE_DIR}/library/cmac.c 76 ${ZEPHYR_CURRENT_MODULE_DIR}/library/constant_time.c 77 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ctr_drbg.c 78 ${ZEPHYR_CURRENT_MODULE_DIR}/library/debug.c 79 ${ZEPHYR_CURRENT_MODULE_DIR}/library/des.c 80 ${ZEPHYR_CURRENT_MODULE_DIR}/library/dhm.c 81 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ecdh.c 82 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ecdsa.c 83 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ecjpake.c 84 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ecp_curves_new.c 85 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ecp_curves.c 86 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ecp.c 87 ${ZEPHYR_CURRENT_MODULE_DIR}/library/entropy_poll.c 88 ${ZEPHYR_CURRENT_MODULE_DIR}/library/entropy.c 89 ${ZEPHYR_CURRENT_MODULE_DIR}/library/error.c 90 ${ZEPHYR_CURRENT_MODULE_DIR}/library/gcm.c 91 ${ZEPHYR_CURRENT_MODULE_DIR}/library/hkdf.c 92 ${ZEPHYR_CURRENT_MODULE_DIR}/library/hmac_drbg.c 93 ${ZEPHYR_CURRENT_MODULE_DIR}/library/lmots.c 94 ${ZEPHYR_CURRENT_MODULE_DIR}/library/lms.c 95 ${ZEPHYR_CURRENT_MODULE_DIR}/library/md.c 96 ${ZEPHYR_CURRENT_MODULE_DIR}/library/md5.c 97 ${ZEPHYR_CURRENT_MODULE_DIR}/library/memory_buffer_alloc.c 98 ${ZEPHYR_CURRENT_MODULE_DIR}/library/mps_reader.c 99 ${ZEPHYR_CURRENT_MODULE_DIR}/library/mps_trace.c 100 ${ZEPHYR_CURRENT_MODULE_DIR}/library/nist_kw.c 101 ${ZEPHYR_CURRENT_MODULE_DIR}/library/oid.c 102 ${ZEPHYR_CURRENT_MODULE_DIR}/library/padlock.c 103 ${ZEPHYR_CURRENT_MODULE_DIR}/library/platform_util.c 104 ${ZEPHYR_CURRENT_MODULE_DIR}/library/platform.c 105 ${ZEPHYR_CURRENT_MODULE_DIR}/library/poly1305.c 106 ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_util.c 107 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ripemd160.c 108 ${ZEPHYR_CURRENT_MODULE_DIR}/library/rsa_alt_helpers.c 109 ${ZEPHYR_CURRENT_MODULE_DIR}/library/rsa.c 110 ${ZEPHYR_CURRENT_MODULE_DIR}/library/sha1.c 111 ${ZEPHYR_CURRENT_MODULE_DIR}/library/sha256.c 112 ${ZEPHYR_CURRENT_MODULE_DIR}/library/sha512.c 113 ${ZEPHYR_CURRENT_MODULE_DIR}/library/sha3.c 114 ${ZEPHYR_CURRENT_MODULE_DIR}/library/threading.c 115 ${ZEPHYR_CURRENT_MODULE_DIR}/library/timing.c 116 ${ZEPHYR_CURRENT_MODULE_DIR}/library/version_features.c 117 ${ZEPHYR_CURRENT_MODULE_DIR}/library/version.c 118 zephyr_init.c 119 zephyr_entropy.c 120 ) 121 122 zephyr_library_sources(${mbedtls_base_src}) 123 124 zephyr_library_sources_ifdef(CONFIG_MBEDTLS_DEBUG debug.c) 125 zephyr_library_sources_ifdef(CONFIG_MBEDTLS_SHELL shell.c) 126 127 zephyr_library_app_memory(k_mbedtls_partition) 128 if(CONFIG_ARCH_POSIX AND CONFIG_ASAN AND NOT CONFIG_64BIT) 129 # i386 assembly code used in MBEDTLS does not compile with size optimization 130 # if address sanitizer is enabled, as such switch default optimization level 131 # to speed 132 set_property(SOURCE ${ZEPHYR_CURRENT_MODULE_DIR}/mbedtls/library/bignum.c APPEND PROPERTY COMPILE_OPTIONS 133 "${OPTIMIZE_FOR_SPEED_FLAG}") 134 endif () 135 136 zephyr_library_link_libraries(mbedTLS) 137 138 zephyr_library_named(mbedTLSCrypto) 139 140 if (CONFIG_MBEDTLS_PSA_CRYPTO_C) 141 list(APPEND crypto_source 142 ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_aead.c 143 ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_cipher.c 144 ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_driver_wrappers_no_static.c 145 ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_ecp.c 146 ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_ffdh.c 147 ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_hash.c 148 ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_mac.c 149 ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_pake.c 150 ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_rsa.c 151 ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_se.c 152 ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_storage.c 153 ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_its_file.c 154 ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto.c 155 ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_client.c 156 ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_slot_management.c 157 ) 158 endif() 159 160 if(CONFIG_MBEDTLS_PSA_P256M_DRIVER_ENABLED) 161 list(APPEND crypto_source 162 ${ZEPHYR_CURRENT_MODULE_DIR}/3rdparty/p256-m/p256-m_driver_entrypoints.c 163 ${ZEPHYR_CURRENT_MODULE_DIR}/3rdparty/p256-m/p256-m/p256-m.c 164 ) 165 zephyr_library_include_directories(${ZEPHYR_CURRENT_MODULE_DIR}/library) 166 endif() 167 168 list(APPEND crypto_source 169 ${ZEPHYR_CURRENT_MODULE_DIR}/library/pem.c 170 ${ZEPHYR_CURRENT_MODULE_DIR}/library/pkcs12.c 171 ${ZEPHYR_CURRENT_MODULE_DIR}/library/pkcs5.c 172 ${ZEPHYR_CURRENT_MODULE_DIR}/library/pkparse.c 173 ${ZEPHYR_CURRENT_MODULE_DIR}/library/pkwrite.c 174 ${ZEPHYR_CURRENT_MODULE_DIR}/library/pk.c 175 ${ZEPHYR_CURRENT_MODULE_DIR}/library/pk_ecc.c 176 ${ZEPHYR_CURRENT_MODULE_DIR}/library/pk_wrap.c 177 ) 178 179 zephyr_library_sources(${crypto_source}) 180 181 # Custom macro to tell that an mbedTLSCrypto source file is being compiled. 182 zephyr_library_compile_definitions(BUILDING_MBEDTLS_CRYPTO) 183 184 zephyr_library_link_libraries(mbedTLS) 185 186 zephyr_library_link_libraries_ifdef(CONFIG_BUILD_WITH_TFM tfm_api) 187 188 zephyr_library_named(mbedTLSX509) 189 190 list(APPEND x509_source 191 ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509.c 192 ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509_create.c 193 ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509_crl.c 194 ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509_crt.c 195 ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509_csr.c 196 ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509write_crt.c 197 ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509write_csr.c 198 ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509write.c 199 ) 200 201 zephyr_library_sources(${x509_source}) 202 203 zephyr_library_link_libraries(mbedTLS) 204 205 zephyr_library() 206 207 list(APPEND mbedtls_source 208 ${ZEPHYR_CURRENT_MODULE_DIR}/library/net_sockets.c 209 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_cache.c 210 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_ciphersuites.c 211 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_client.c 212 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_cookie.c 213 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_debug_helpers_generated.c 214 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_msg.c 215 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_ticket.c 216 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls12_client.c 217 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls12_server.c 218 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls13_client.c 219 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls13_generic.c 220 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls13_keys.c 221 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls13_server.c 222 ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls.c 223 ) 224 225 zephyr_library_sources(${mbedtls_source}) 226 227 zephyr_library_link_libraries( 228 mbedTLSX509 229 mbedTLSCrypto 230 mbedTLSBase 231 mbedTLS 232 ) 233 234elseif (CONFIG_MBEDTLS_LIBRARY) 235 236 # NB: CONFIG_MBEDTLS_LIBRARY is not regression tested and is 237 # therefore susceptible to bit rot 238 target_include_directories(mbedTLS INTERFACE 239 ${CONFIG_MBEDTLS_INSTALL_PATH} 240 ) 241 zephyr_link_libraries( 242 mbedtls_external 243 -L${CONFIG_MBEDTLS_INSTALL_PATH} 244 gcc 245 ) 246 # Lib mbedtls_external depends on libgcc (I assume?) so to allow 247 # mbedtls_external to link with gcc we need to ensure it is placed 248 # after mbedtls_external on the linkers command line. 249else() 250 # If none of either CONFIG_MBEDTLS_BUILTIN or CONFIG_MBEDTLS_LIBRARY 251 # are defined the users need add a custom Kconfig choice to the 252 # MBEDTLS_IMPLEMENTATION and manually add the mbedtls library and 253 # included the required directories for mbedtls in their projects. 254endif() 255 256endif() 257
