1idf_build_get_property(idf_target IDF_TARGET) 2idf_build_get_property(python PYTHON) 3 4idf_component_register(SRCS "esp_crt_bundle/esp_crt_bundle.c" 5 INCLUDE_DIRS "port/include" "mbedtls/include" "esp_crt_bundle/include" 6 REQUIRES lwip 7 PRIV_REQUIRES esp_pm soc 8 ) 9 10if(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE) 11 set(bundle_name "x509_crt_bundle") 12 set(DEFAULT_CRT_DIR ${COMPONENT_DIR}/esp_crt_bundle) 13 14 # Generate custom certificate bundle using the generate_cert_bundle utility 15 set(GENERATE_CERT_BUNDLEPY ${python} ${COMPONENT_DIR}/esp_crt_bundle/gen_crt_bundle.py) 16 17 if(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL) 18 list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem) 19 elseif(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN) 20 list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem) 21 list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv) 22 endif() 23 24 if(CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE) 25 get_filename_component(custom_bundle_path 26 ${CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}") 27 list(APPEND crt_paths ${custom_bundle_path}) 28 29 endif() 30 list(APPEND args --input ${crt_paths} -q) 31 32 get_filename_component(crt_bundle 33 ${bundle_name} 34 ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}") 35 36 # Generate bundle according to config 37 add_custom_command(OUTPUT ${crt_bundle} 38 COMMAND ${GENERATE_CERT_BUNDLEPY} ${args} 39 DEPENDS ${custom_bundle_path} 40 VERBATIM) 41 42 add_custom_target(custom_bundle DEPENDS ${cert_bundle}) 43 add_dependencies(${COMPONENT_LIB} custom_bundle) 44 45 46 target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY) 47 set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" 48 APPEND PROPERTY ADDITIONAL_MAKE_CLEAN_FILES 49 "${crt_bundle}") 50endif() 51 52 53# Only build mbedtls libraries 54set(ENABLE_TESTING CACHE BOOL OFF) 55set(ENABLE_PROGRAMS CACHE BOOL OFF) 56 57# Needed to for include_next includes to work from within mbedtls 58include_directories("${COMPONENT_DIR}/port/include") 59 60# Import mbedtls library targets 61add_subdirectory(mbedtls) 62 63# Use port specific implementation of net_socket.c instead of one from mbedtls 64get_target_property(src_tls mbedtls SOURCES) 65list(REMOVE_ITEM src_tls net_sockets.c) 66set_property(TARGET mbedtls PROPERTY SOURCES ${src_tls}) 67 68set(mbedtls_targets mbedtls mbedcrypto mbedx509) 69 70set(mbedtls_target_sources "${COMPONENT_DIR}/port/mbedtls_debug.c" 71 "${COMPONENT_DIR}/port/net_sockets.c") 72 73if(CONFIG_MBEDTLS_DYNAMIC_BUFFER) 74set(mbedtls_target_sources ${mbedtls_target_sources} 75 "${COMPONENT_DIR}/port/dynamic/esp_mbedtls_dynamic_impl.c" 76 "${COMPONENT_DIR}/port/dynamic/esp_ssl_cli.c" 77 "${COMPONENT_DIR}/port/dynamic/esp_ssl_srv.c" 78 "${COMPONENT_DIR}/port/dynamic/esp_ssl_tls.c") 79endif() 80 81# Add port files to mbedtls targets 82target_sources(mbedtls PRIVATE ${mbedtls_target_sources}) 83 84# Choose perihperal type 85if(CONFIG_IDF_TARGET_ESP32) 86 set(SHA_PERIPHERAL_TYPE "parallel_engine") 87 set(AES_PERIPHERAL_TYPE "block") 88else() 89 set(SHA_PERIPHERAL_TYPE "dma") 90 set(AES_PERIPHERAL_TYPE "dma") 91endif() 92 93if(SHA_PERIPHERAL_TYPE STREQUAL "dma") 94 target_include_directories(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/dma/include") 95 96 if(CONFIG_IDF_TARGET_ESP32S2) 97 set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_crypto_dma_impl.c") 98 else() 99 set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_gdma_impl.c" 100 "${COMPONENT_DIR}/port/crypto_shared_gdma/esp_crypto_shared_gdma.c") 101 endif() 102endif() 103 104if(AES_PERIPHERAL_TYPE STREQUAL "dma") 105 target_include_directories(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/dma/include") 106 107 if(CONFIG_IDF_TARGET_ESP32S2) 108 set(AES_DMA_SRCS "${COMPONENT_DIR}/port/aes/dma/esp_aes_crypto_dma_impl.c") 109 else() 110 set(AES_DMA_SRCS "${COMPONENT_DIR}/port/aes/dma/esp_aes_gdma_impl.c") 111 endif() 112endif() 113 114target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_hardware.c" 115 "${COMPONENT_DIR}/port/esp_mem.c" 116 "${COMPONENT_DIR}/port/esp_timing.c" 117 "${COMPONENT_DIR}/port/sha/esp_sha.c" 118 "${COMPONENT_DIR}/port/aes/esp_aes_xts.c" 119 "${COMPONENT_DIR}/port/aes/esp_aes_common.c" 120 "${COMPONENT_DIR}/port/aes/${AES_PERIPHERAL_TYPE}/esp_aes.c" 121 "${COMPONENT_DIR}/port/sha/${SHA_PERIPHERAL_TYPE}/sha.c" 122 "${SHA_DMA_SRCS}" 123 "${AES_DMA_SRCS}" 124) 125 126# CONFIG_ESP_TLS_USE_DS_PERIPHERAL can be enabled only for the supported targets. 127if(CONFIG_ESP_TLS_USE_DS_PERIPHERAL) 128 target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_ds/esp_rsa_sign_alt.c") 129endif() 130 131# Note: some mbedTLS hardware acceleration can be enabled/disabled by config. 132# 133# We don't need to filter aes.c as this uses a different prefix (esp_aes_x) and the 134# config option only changes the prefixes in the header so mbedtls_aes_x compiles to esp_aes_x 135# 136# The other port-specific files don't override internal mbedTLS functions, they just add new functions. 137 138if(CONFIG_MBEDTLS_HARDWARE_MPI) 139 target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_bignum.c" 140 "${COMPONENT_DIR}/port/${idf_target}/bignum.c" 141 ) 142endif() 143 144if(CONFIG_MBEDTLS_HARDWARE_SHA) 145 target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/${SHA_PERIPHERAL_TYPE}/esp_sha1.c" 146 "${COMPONENT_DIR}/port/sha/${SHA_PERIPHERAL_TYPE}/esp_sha256.c" 147 "${COMPONENT_DIR}/port/sha/${SHA_PERIPHERAL_TYPE}/esp_sha512.c" 148 ) 149endif() 150 151if(CONFIG_MBEDTLS_HARDWARE_GCM) 152 target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/esp_aes_gcm.c") 153endif() 154 155if(CONFIG_MBEDTLS_ROM_MD5) 156 target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/md/esp_md.c") 157endif() 158 159foreach(target ${mbedtls_targets}) 160 target_compile_definitions(${target} PUBLIC -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h") 161endforeach() 162 163if(CONFIG_MBEDTLS_DYNAMIC_BUFFER) 164 set(WRAP_FUNCTIONS 165 mbedtls_ssl_handshake_client_step 166 mbedtls_ssl_handshake_server_step 167 mbedtls_ssl_read 168 mbedtls_ssl_write 169 mbedtls_ssl_session_reset 170 mbedtls_ssl_free 171 mbedtls_ssl_setup 172 mbedtls_ssl_send_alert_message 173 mbedtls_ssl_close_notify) 174 175 foreach(wrap ${WRAP_FUNCTIONS}) 176 target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=${wrap}") 177 endforeach() 178endif() 179 180if(CONFIG_MBEDTLS_HARDWARE_MPI) 181 target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=mbedtls_mpi_exp_mod") 182endif() 183 184set_property(TARGET mbedcrypto APPEND PROPERTY LINK_INTERFACE_LIBRARIES mbedtls) 185 186# Link mbedtls libraries to component library 187target_link_libraries(${COMPONENT_LIB} PUBLIC ${mbedtls_targets}) 188 189if(CONFIG_ESP_TLS_USE_DS_PERIPHERAL) 190 # Link target (e.g. esp32s2) library to component library 191 idf_component_get_property(target_lib ${target} COMPONENT_LIB) 192 set_property(TARGET mbedcrypto APPEND PROPERTY INTERFACE_LINK_LIBRARIES $<LINK_ONLY:${target_lib}>) 193 # The linker seems to be unable to resolve all the dependencies without increasing this 194 set_property(TARGET mbedcrypto APPEND PROPERTY LINK_INTERFACE_MULTIPLICITY 6) 195 target_link_libraries(${COMPONENT_LIB} PUBLIC ${target_lib}) 196endif() 197 198# Link esp-cryptoauthlib to mbedtls 199if(CONFIG_ATCA_MBEDTLS_ECDSA) 200 idf_component_get_property(cryptoauthlib esp-cryptoauthlib COMPONENT_LIB) 201 target_link_libraries(${COMPONENT_LIB} PUBLIC ${cryptoauthlib}) 202endif() 203
