diff --git a/crypto/mbedtls/.gitignore b/crypto/mbedtls/.gitignore new file mode 100644 index 000000000..d96514d8d --- /dev/null +++ b/crypto/mbedtls/.gitignore @@ -0,0 +1,2 @@ +/mbedtls +/*.zip diff --git a/crypto/mbedtls/Kconfig b/crypto/mbedtls/Kconfig new file mode 100644 index 000000000..2822986e5 --- /dev/null +++ b/crypto/mbedtls/Kconfig @@ -0,0 +1,80 @@ +# +# For a description of the syntax of this configuration file, +# see the file kconfig-language.txt in the NuttX tools repository. +# + +menuconfig CRYPTO_MBEDTLS + bool "Mbed TLS Cryptography Library" + default n + ---help--- + Enable support for Mbed TLS. + +if CRYPTO_MBEDTLS + +config MBEDTLS_VERSION + string "MBEDTLS Version" + default "2.25.0" + +menuconfig MBEDTLS_APPS + tristate "Mbed TLS Applications" + default n + ---help--- + Enable Mbed TLS Applications + +if MBEDTLS_APPS + +config MBEDTLS_DEFAULT_TASK_STACKSIZE + int "Mbed TLS app default stack size" + default 8192 + +config MBEDTLS_APP_BENCHMARK + bool "Mbed TLS benchmark" + default n + ---help--- + Enable the Mbed TLS self test + +if MBEDTLS_APP_BENCHMARK + +config MBEDTLS_APP_BENCHMARK_PROGNAME + string "Program name" + default "mbedbenchmark" + ---help--- + This is the name of the program that will be used when the NSH ELF + program is installed. + +config MBEDTLS_APP_BENCHMARK_PRIORITY + int "Benchmark task priority" + default 100 + +config MBEDTLS_APP_BENCHMARK_STACKSIZE + int "Benchmark stack size" + default MBEDTLS_DEFAULT_TASK_STACKSIZE +endif + +config MBEDTLS_APP_SELFTEST + bool "Mbed TLS Self Test" + default n + ---help--- + Enable the Mbed TLS self test + +if MBEDTLS_APP_SELFTEST + +config MBEDTLS_APP_SELFTEST_PROGNAME + string "Program name" + default "mbedselftest" + ---help--- + This is the name of the program that will be used when the NSH ELF + program is installed. + +config MBEDTLS_APP_SELFTEST_PRIORITY + int "Self test task priority" + default 100 + +config MBEDTLS_APP_SELFTEST_STACKSIZE + int "Self test stack size" + default MBEDTLS_DEFAULT_TASK_STACKSIZE +endif + +endif + +endif # CRYPTO_MBEDTLS diff --git a/crypto/mbedtls/Make.defs b/crypto/mbedtls/Make.defs new file mode 100644 index 000000000..92cb2ac60 --- /dev/null +++ b/crypto/mbedtls/Make.defs @@ -0,0 +1,36 @@ +############################################################################ +# apps/crypto/mbedtls/Make.defs +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. The +# ASF licenses this file to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance with the +# License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +############################################################################ + +ifeq ($(CONFIG_CRYPTO_MBEDTLS),y) +CONFIGURED_APPS += $(APPDIR)/crypto/mbedtls + +# Allows `.h>` import. + +CFLAGS += ${shell $(INCDIR) $(INCDIROPT) "$(CC)" $(APPDIR)/crypto/mbedtls/mbedtls/include} +CXXFLAGS += ${shell $(INCDIR) $(INCDIROPT) "$(CC)" $(APPDIR)/crypto/mbedtls/mbedtls/include} + +CFLAGS += ${shell $(DEFINE) "$(CC)" MBEDTLS_CONFIG_FILE='""'} +CXXFLAGS += ${shell $(DEFINE) "$(CC)" MBEDTLS_CONFIG_FILE='""'} + +ifneq ($(CONFIG_MBEDTLS_APPS),) +CONFIGURED_APPS += $(APPDIR)/crypto/mbedtls/ +endif + +endif diff --git a/crypto/mbedtls/Makefile b/crypto/mbedtls/Makefile new file mode 100644 index 000000000..b2640fb76 --- /dev/null +++ b/crypto/mbedtls/Makefile @@ -0,0 +1,85 @@ +############################################################################ +# apps/crypto/mbedtls/Makefile +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. The +# ASF licenses this file to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance with the +# License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +############################################################################ + +include $(APPDIR)/Make.defs + +# Mbed TLS crypto library + +# Set up build configuration and environment + +MBEDTLS_URL ?= "https://github.com/ARMmbed/mbedtls/archive" + +MBEDTLS_VERSION = $(patsubst "%",%,$(strip $(CONFIG_MBEDTLS_VERSION))) +MBEDTLS_ZIP = v$(MBEDTLS_VERSION).zip + +MBEDTLS_UNPACKNAME = mbedtls +UNPACK ?= unzip -q -o + +MBEDTLS_UNPACKLIBDIR = $(MBEDTLS_UNPACKNAME)$(DELIM)library +MBEDTLS_UNPACKPROGDIR = $(MBEDTLS_UNPACKNAME)$(DELIM)programs + +# This lets Mbed TLS better use some of the POSIX features we have +CFLAGS += ${shell $(DEFINE) "$(CC)" __unix__} + +CSRCS = $(wildcard $(MBEDTLS_UNPACKLIBDIR)$(DELIM)*.c) + +$(MBEDTLS_ZIP): + @echo "Downloading: $(MBEDTLS_URL)/$(MBEDTLS_ZIP)" + $(Q) curl -O -L $(MBEDTLS_URL)/$(MBEDTLS_ZIP) + +$(MBEDTLS_UNPACKNAME): $(MBEDTLS_ZIP) + @echo "Unpacking: $(MBEDTLS_ZIP) -> $(MBEDTLS_UNPACKNAME)" + $(Q) $(UNPACK) $(MBEDTLS_ZIP) + $(Q) mv mbedtls-$(MBEDTLS_VERSION) $(MBEDTLS_UNPACKNAME) + $(Q) touch $(MBEDTLS_UNPACKNAME) + +context:: $(MBEDTLS_UNPACKNAME) + +distclean:: + $(call DELDIR, $(MBEDTLS_UNPACKNAME)) + $(call DELFILE, $(MBEDTLS_ZIP)) + +# Configuration Applications + +ifneq ($(CONFIG_MBEDTLS_APPS),) + +MODULE = $(CONFIG_MBEDTLS_APPS) + +ifeq ($(CONFIG_MBEDTLS_APP_BENCHMARK),y) + +PROGNAME += $(CONFIG_MBEDTLS_APP_BENCHMARK_PROGNAME) +PRIORITY += $(CONFIG_MBEDTLS_APP_BENCHMARK_PRIORITY) +STACKSIZE += $(CONFIG_MBEDTLS_APP_BENCHMARK_STACKSIZE) + +MAINSRC += $(MBEDTLS_UNPACKPROGDIR)/test/benchmark.c +endif + +ifeq ($(CONFIG_MBEDTLS_APP_SELFTEST),y) + +PROGNAME += $(CONFIG_MBEDTLS_APP_SELFTEST_PROGNAME) +PRIORITY += $(CONFIG_MBEDTLS_APP_SELFTEST_PRIORITY) +STACKSIZE += $(CONFIG_MBEDTLS_APP_SELFTEST_STACKSIZE) + +MAINSRC += $(MBEDTLS_UNPACKPROGDIR)/test/selftest.c +endif + +endif + +include $(APPDIR)/Application.mk diff --git a/include/crypto/mbedtls_config.h b/include/crypto/mbedtls_config.h new file mode 100644 index 000000000..328967427 --- /dev/null +++ b/include/crypto/mbedtls_config.h @@ -0,0 +1,87 @@ +/**************************************************************************** + * apps/include/crypto/mbedtls_config.h + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. The + * ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the + * License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + ****************************************************************************/ + +#ifndef __APPS_INCLUDE_CRYPTO_MBEDTLS_CONFIG_H +#define __APPS_INCLUDE_CRYPTO_MBEDTLS_CONFIG_H + +/**************************************************************************** + * Included Files + ****************************************************************************/ + +#include + +/**************************************************************************** + * Pre-processor Definitions + ****************************************************************************/ + +/* System support */ +#define MBEDTLS_HAVE_TIME + +/* Debug */ +#define MBEDTLS_SELF_TEST +#define MBEDTLS_TIMING_C + +/* Feature support */ +#define MBEDTLS_CIPHER_MODE_CBC +#define MBEDTLS_PKCS1_V15 +#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +#define MBEDTLS_SSL_PROTO_TLS1_1 + +/* Modules */ +#define MBEDTLS_AES_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_DES_C +#define MBEDTLS_ENTROPY_C +#define MBEDTLS_MD_C +#define MBEDTLS_MD5_C + +#ifdef CONFIG_NET +#define MBEDTLS_NET_C +#endif + +#define MBEDTLS_OID_C +#define MBEDTLS_PK_C +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_RSA_C +#define MBEDTLS_SHA1_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_SSL_CLI_C +#define MBEDTLS_SSL_SRV_C +#define MBEDTLS_SSL_TLS_C +#define MBEDTLS_X509_CRT_PARSE_C +#define MBEDTLS_X509_USE_C + +#define MBEDTLS_BASE64_C +#define MBEDTLS_CERTS_C +#define MBEDTLS_PEM_PARSE_C + +#define MBEDTLS_FS_IO + +/**************************************************************************** + * Included Files + ****************************************************************************/ + +#include "mbedtls/check_config.h" + +#endif /* __APPS_INCLUDE_CRYPTO_MBEDTLS_CONFIG_H */