Replace mbedcrypto dependency with Mbed TLS
Mbedcrypto as a separate project is deprecated, it was merged back to
Mbed TLS. This commit updates the external dependency to use Mbed TLS.
Since the current version of Mbed TLS uses the PSA Crypto API v1.0.0,
the commit also makes the necessary changes to get in sync with this.
Mbed TLS is capable of building three different libraries, but we only
need libmbedcrypto.a out of these. An extra step is added to configure
Mbed TLS to only produce this one, to shorten the build time.
Mbed TLS provides a method to override the necessary options of its
built-in default config, instead of providing a complete customized
config file. This makes the config easier to read, since only those
options are captured where we want to differ from the default. The
current full config file is removed and replaced using this format.
The changes introduced to get compatible with PSA Crypto API v1.0.0:
* The psa_open_key() and psa_close_key() functions were removed from the
API specification, remove all references from the code.
* The key identifier and key handle concepts were merged in the API,
replace all uses of psa_key_handle_t with psa_key_id_t.
* Several internal implementation macros were removed from the API.
Remove these from the code and replace with API macros where
necessary.
* The PSA_ALG_xxx and PSA_KEY_USAGE_xxx macros have new values in the
API, update the code to reflect these changes.
* The PSA_ECC_xxx and PSA_DH_xxx macros were renamed in the API. Update
the code to reflect these changes.
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: I4d721717d9ff33b6bac85cfcb482ea719bec1b31
diff --git a/external/MbedTLS/MbedTLS.cmake b/external/MbedTLS/MbedTLS.cmake
new file mode 100644
index 0000000..369b2d1
--- /dev/null
+++ b/external/MbedTLS/MbedTLS.cmake
@@ -0,0 +1,102 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+set(MBEDTLS_URL "https://github.com/ARMmbed/mbedtls.git" CACHE STRING "Mbed TLS repository URL")
+set(MBEDTLS_REFSPEC "mbedtls-2.26.0" CACHE STRING "Mbed TLS git refspec")
+set(MBEDTLS_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/mbedtls_install" CACHE PATH "Mbed TLS installation directory")
+set(MBEDTLS_PACKAGE_PATH "${MBEDTLS_INSTALL_PATH}/lib/mbedtls/cmake" CACHE PATH "Mbed TLS CMake package directory")
+
+include(FetchContent)
+
+# Checking git
+find_program(GIT_COMMAND "git")
+if (NOT GIT_COMMAND)
+ message(FATAL_ERROR "Please install git")
+endif()
+
+# Fetching Mbed TLS
+FetchContent_Declare(
+ mbedtls
+ GIT_REPOSITORY ${MBEDTLS_URL}
+ GIT_TAG ${MBEDTLS_REFSPEC}
+ GIT_SHALLOW TRUE
+)
+
+# FetchContent_GetProperties exports mbedtls_SOURCE_DIR and mbedtls_BINARY_DIR variables
+FetchContent_GetProperties(mbedtls)
+if(NOT mbedtls_POPULATED)
+ message(STATUS "Fetching Mbed TLS")
+ FetchContent_Populate(mbedtls)
+endif()
+
+# Convert the include path list to a string. Needed to make parameter passing to
+# Mbed TLS build work fine.
+string(REPLACE ";" "\\;" MBEDTLS_EXTRA_INCLUDES "${MBEDTLS_EXTRA_INCLUDES}")
+
+find_package(Python3 COMPONENTS Interpreter)
+if (NOT Python3_Interpreter_FOUND)
+ message(FATAL_ERROR "Python 3 interpreter not found.")
+endif()
+
+#Configure Mbed TLS to build only mbedcrypto lib
+execute_process(COMMAND ${Python3_EXECUTABLE} scripts/config.py crypto WORKING_DIRECTORY ${mbedtls_SOURCE_DIR})
+
+#Configure the library
+if(NOT CMAKE_CROSSCOMPILING)
+ execute_process(COMMAND
+ ${CMAKE_COMMAND}
+ -DENABLE_PROGRAMS=OFF
+ -DENABLE_TESTING=OFF
+ -DUNSAFE_BUILD=ON
+ -DCMAKE_INSTALL_PREFIX=${MBEDTLS_INSTALL_PATH}
+ -DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE}
+ -Dthirdparty_def=-DMBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}"
+ -Dthirdparty_inc=${MBEDTLS_EXTRA_INCLUDES}
+ -GUnix\ Makefiles
+ ${mbedtls_SOURCE_DIR}
+ WORKING_DIRECTORY
+ ${mbedtls_BINARY_DIR}
+ )
+else()
+ execute_process(COMMAND
+ ${CMAKE_COMMAND}
+ -DENABLE_PROGRAMS=OFF
+ -DENABLE_TESTING=OFF
+ -DUNSAFE_BUILD=ON
+ -DCMAKE_INSTALL_PREFIX=${MBEDTLS_INSTALL_PATH}
+ -DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE}
+ -DCMAKE_TRY_COMPILE_TARGET_TYPE=STATIC_LIBRARY
+ -Dthirdparty_def=-DMBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}"
+ -Dthirdparty_inc=${MBEDTLS_EXTRA_INCLUDES}
+ -GUnix\ Makefiles
+ ${mbedtls_SOURCE_DIR}
+ WORKING_DIRECTORY
+ ${mbedtls_BINARY_DIR}
+ RESULT_VARIABLE _exec_error
+ )
+
+ if (_exec_error)
+ message(FATAL_ERROR "Configuration step of Mbed TLS failed with ${_exec_error}.")
+ endif()
+endif()
+
+#TODO: add dependnecy to generated project on this file!
+#TODO: add custom target to rebuild Mbed TLS
+
+#Build the library
+execute_process(COMMAND
+ ${CMAKE_COMMAND} --build ${mbedtls_BINARY_DIR} -- install -j8
+ RESULT_VARIABLE _exec_error
+ )
+if (_exec_error)
+ message(FATAL_ERROR "Build step of Mbed TLS failed with ${_exec_error}.")
+endif()
+
+#Create an imported target to have clean abstraction in the build-system.
+add_library(mbedcrypto STATIC IMPORTED)
+set_property(TARGET mbedcrypto PROPERTY IMPORTED_LOCATION "${MBEDTLS_INSTALL_PATH}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}mbedcrypto${CMAKE_STATIC_LIBRARY_SUFFIX}")
+set_property(TARGET mbedcrypto PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INSTALL_PATH}/include")