From 3054626a9eddc34ca96f3c32ff0573e5027a58e5 Mon Sep 17 00:00:00 2001 From: William Vinnicombe Date: Fri, 11 Apr 2025 13:25:43 +0100 Subject: [PATCH 1/6] Switch to pico-sdk style mbedtls library --- CMakeLists.txt | 5 - lib/CMakeLists.txt | 116 +++++++++++++++++- ...mbedtls_config.h => pico_mbedtls_config.h} | 15 +-- 3 files changed, 114 insertions(+), 22 deletions(-) rename lib/include/{mbedtls_config.h => pico_mbedtls_config.h} (99%) diff --git a/CMakeLists.txt b/CMakeLists.txt index 14e0dcdf..94d674b5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -203,11 +203,6 @@ add_subdirectory(picoboot_connection) add_subdirectory(elf) add_subdirectory(elf2uf2) -# To configure mbedtls -# todo make the configuration better -set(MBEDTLS_CONFIG_FILE "mbedtls_config.h") -add_compile_options(-I${CMAKE_SOURCE_DIR}/lib/include) - add_subdirectory(lib) add_subdirectory(bintool) diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt index b30fcb62..3eb6e911 100644 --- a/lib/CMakeLists.txt +++ b/lib/CMakeLists.txt @@ -21,7 +21,117 @@ add_subdirectory(nlohmann_json EXCLUDE_FROM_ALL) add_subdirectory(whereami EXCLUDE_FROM_ALL) if(EXISTS "${PICO_SDK_PATH}/lib/mbedtls/CMakeLists.txt") - option(ENABLE_PROGRAMS "Build Mbed TLS programs." OFF) - option(ENABLE_TESTING "Build Mbed TLS tests." OFF) - add_subdirectory(${PICO_SDK_PATH}/lib/mbedtls mbedtls EXCLUDE_FROM_ALL) + set(PICO_MBEDTLS_PATH ${PICO_SDK_PATH}/lib/mbedtls) + + # Taken from pico-sdk/src/rp2_common/pico_mbedtls/CMakeLists.txt + # Support version 2.28.8 or 3.6.2 + if (EXISTS ${PICO_MBEDTLS_PATH}/library/ssl_cli.c) + set(MBEDTLS_VERSION_MAJOR 2) + elseif (EXISTS ${PICO_MBEDTLS_PATH}/library/ssl_client.c) + set(MBEDTLS_VERSION_MAJOR 3) + else() + message(WARNING "Cannot determine the version of mbedtls") + endif() + + function(src_crypto_list) + set(src_crypto + aes.c + aesni.c + aria.c + asn1parse.c + asn1write.c + base64.c + bignum.c + camellia.c + ccm.c + chacha20.c + chachapoly.c + cipher.c + cipher_wrap.c + constant_time.c + cmac.c + ctr_drbg.c + des.c + dhm.c + ecdh.c + ecdsa.c + ecjpake.c + ecp.c + ecp_curves.c + entropy.c + entropy_poll.c + error.c + gcm.c + hkdf.c + hmac_drbg.c + md.c + md5.c + memory_buffer_alloc.c + mps_reader.c + mps_trace.c + nist_kw.c + oid.c + padlock.c + pem.c + pk.c + pk_wrap.c + pkcs12.c + pkcs5.c + pkparse.c + pkwrite.c + platform.c + platform_util.c + poly1305.c + psa_crypto.c + psa_crypto_aead.c + psa_crypto_cipher.c + psa_crypto_client.c + psa_crypto_ecp.c + psa_crypto_hash.c + psa_crypto_mac.c + psa_crypto_rsa.c + psa_crypto_se.c + psa_crypto_slot_management.c + psa_crypto_storage.c + psa_its_file.c + ripemd160.c + rsa.c + sha1.c + sha256.c + sha512.c + threading.c + timing.c + version.c + version_features.c + ) + if (MBEDTLS_VERSION_MAJOR EQUAL 2) + list(APPEND src_crypto + arc4.c + blowfish.c + havege.c + md2.c + md4.c + psa_crypto_driver_wrappers.c + rsa_internal.c xtea.c + ) + elseif (MBEDTLS_VERSION_MAJOR EQUAL 3) + list(APPEND src_crypto + bignum_core.c + rsa_alt_helpers.c + pk_ecc.c + ) + endif() + list(TRANSFORM src_crypto PREPEND ${PICO_MBEDTLS_PATH}/library/) + set(src_crypto ${src_crypto} PARENT_SCOPE) + endfunction() + + src_crypto_list() + + + # Create library + add_library(mbedtls STATIC ${src_crypto}) + + target_compile_definitions(mbedtls PUBLIC MBEDTLS_CONFIG_FILE="pico_mbedtls_config.h") + target_include_directories(mbedtls SYSTEM PUBLIC ${PICO_MBEDTLS_PATH}/include) + target_include_directories(mbedtls PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include) endif() diff --git a/lib/include/mbedtls_config.h b/lib/include/pico_mbedtls_config.h similarity index 99% rename from lib/include/mbedtls_config.h rename to lib/include/pico_mbedtls_config.h index 5bdd142c..1a04ca02 100644 --- a/lib/include/mbedtls_config.h +++ b/lib/include/pico_mbedtls_config.h @@ -4199,19 +4199,6 @@ /** \} name SECTION: Module configuration options */ -/* Target and application specific configurations - * - * Allow user to override any previous default. - * - */ -#if defined(MBEDTLS_USER_CONFIG_FILE) -#include MBEDTLS_USER_CONFIG_FILE -#endif - -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -#include "mbedtls/config_psa.h" -#endif - -#include "mbedtls/check_config.h" +#include #endif /* MBEDTLS_CONFIG_H */ From 122b271d9d005955a56112f97991a8a1af24bdc9 Mon Sep 17 00:00:00 2001 From: William Vinnicombe Date: Fri, 11 Apr 2025 13:28:58 +0100 Subject: [PATCH 2/6] Test with updated mbedtls --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 85decb55..308222da 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -48,8 +48,8 @@ jobs: - name: Checkout Pico SDK uses: actions/checkout@v4 with: - repository: raspberrypi/pico-sdk - ref: develop + repository: peterharperuk/pico-sdk + ref: update_stuff path: pico-sdk submodules: ${{ !(!matrix.mbedtls) }} From 8c9e7be4baaecd373dc25dad207fcf87d98b5349 Mon Sep 17 00:00:00 2001 From: William Vinnicombe Date: Fri, 11 Apr 2025 13:33:14 +0100 Subject: [PATCH 3/6] Fix bazel build? --- lib/BUILD.bazel | 2 +- lib/CMakeLists.txt | 2 +- lib/include/mbedtls_config.h | 1 + .../{pico_mbedtls_config.h => picotool_mbedtls_config.h} | 0 4 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 lib/include/mbedtls_config.h rename lib/include/{pico_mbedtls_config.h => picotool_mbedtls_config.h} (100%) diff --git a/lib/BUILD.bazel b/lib/BUILD.bazel index d52679a5..0d9fcde1 100644 --- a/lib/BUILD.bazel +++ b/lib/BUILD.bazel @@ -1,6 +1,6 @@ cc_library( name = "mbedtls_config", - hdrs = ["include/mbedtls_config.h"], + hdrs = ["include/mbedtls_config.h", "include/picotool_mbedtls_config.h"], includes = ["include"], visibility = ["@mbedtls//:__subpackages__"], ) diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt index 3eb6e911..f00defb4 100644 --- a/lib/CMakeLists.txt +++ b/lib/CMakeLists.txt @@ -131,7 +131,7 @@ if(EXISTS "${PICO_SDK_PATH}/lib/mbedtls/CMakeLists.txt") # Create library add_library(mbedtls STATIC ${src_crypto}) - target_compile_definitions(mbedtls PUBLIC MBEDTLS_CONFIG_FILE="pico_mbedtls_config.h") + target_compile_definitions(mbedtls PUBLIC MBEDTLS_CONFIG_FILE="picotool_mbedtls_config.h") target_include_directories(mbedtls SYSTEM PUBLIC ${PICO_MBEDTLS_PATH}/include) target_include_directories(mbedtls PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include) endif() diff --git a/lib/include/mbedtls_config.h b/lib/include/mbedtls_config.h new file mode 100644 index 00000000..0410687b --- /dev/null +++ b/lib/include/mbedtls_config.h @@ -0,0 +1 @@ +#include "picotool_mbedtls_config.h" \ No newline at end of file diff --git a/lib/include/pico_mbedtls_config.h b/lib/include/picotool_mbedtls_config.h similarity index 100% rename from lib/include/pico_mbedtls_config.h rename to lib/include/picotool_mbedtls_config.h From 9c68d239449874a02ccb6b20113ac319a36dcaa3 Mon Sep 17 00:00:00 2001 From: William Vinnicombe Date: Fri, 11 Apr 2025 13:40:13 +0100 Subject: [PATCH 4/6] Fix Windows build? --- lib/CMakeLists.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt index f00defb4..d1190c36 100644 --- a/lib/CMakeLists.txt +++ b/lib/CMakeLists.txt @@ -131,6 +131,10 @@ if(EXISTS "${PICO_SDK_PATH}/lib/mbedtls/CMakeLists.txt") # Create library add_library(mbedtls STATIC ${src_crypto}) + if(WIN32) + target_link_libraries(mbedtls ws2_32 bcrypt) + endif(WIN32) + target_compile_definitions(mbedtls PUBLIC MBEDTLS_CONFIG_FILE="picotool_mbedtls_config.h") target_include_directories(mbedtls SYSTEM PUBLIC ${PICO_MBEDTLS_PATH}/include) target_include_directories(mbedtls PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include) From dced5768f32a0e28faa083ddfe5f5ffea9702196 Mon Sep 17 00:00:00 2001 From: William Vinnicombe Date: Fri, 11 Apr 2025 13:40:50 +0100 Subject: [PATCH 5/6] Revert "Test with updated mbedtls" This reverts commit 122b271d9d005955a56112f97991a8a1af24bdc9. --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 308222da..85decb55 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -48,8 +48,8 @@ jobs: - name: Checkout Pico SDK uses: actions/checkout@v4 with: - repository: peterharperuk/pico-sdk - ref: update_stuff + repository: raspberrypi/pico-sdk + ref: develop path: pico-sdk submodules: ${{ !(!matrix.mbedtls) }} From f351c6ce2affa2dee1e1ae1275f0bb09fb610564 Mon Sep 17 00:00:00 2001 From: William Vinnicombe Date: Tue, 22 Apr 2025 17:49:47 +0100 Subject: [PATCH 6/6] Initialize PICO_MBEDTLS_PATH in same way as SDK Priority to CMake var, then env var, then default to SDK submodule --- lib/CMakeLists.txt | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt index d1190c36..6f6a4711 100644 --- a/lib/CMakeLists.txt +++ b/lib/CMakeLists.txt @@ -20,10 +20,20 @@ add_subdirectory(nlohmann_json EXCLUDE_FROM_ALL) add_subdirectory(whereami EXCLUDE_FROM_ALL) -if(EXISTS "${PICO_SDK_PATH}/lib/mbedtls/CMakeLists.txt") +# Taken from pico-sdk/src/rp2_common/pico_mbedtls/CMakeLists.txt +if (DEFINED ENV{PICO_MBEDTLS_PATH} AND (NOT PICO_MBEDTLS_PATH)) + set(PICO_MBEDTLS_PATH $ENV{PICO_MBEDTLS_PATH}) + message("Using PICO_MBEDTLS_PATH from environment ('${PICO_MBEDTLS_PATH}')") +endif() + +set(MBEDTLS_TEST_PATH "library/aes.c") +if (NOT PICO_MBEDTLS_PATH) set(PICO_MBEDTLS_PATH ${PICO_SDK_PATH}/lib/mbedtls) +elseif (NOT EXISTS "${PICO_MBEDTLS_PATH}/${MBEDTLS_TEST_PATH}") + message(WARNING "PICO_MBEDTLS_PATH specified but content not present.") +endif() - # Taken from pico-sdk/src/rp2_common/pico_mbedtls/CMakeLists.txt +if(EXISTS "${PICO_MBEDTLS_PATH}/${MBEDTLS_TEST_PATH}") # Support version 2.28.8 or 3.6.2 if (EXISTS ${PICO_MBEDTLS_PATH}/library/ssl_cli.c) set(MBEDTLS_VERSION_MAJOR 2)