Rework mbedTLS build system (#2248)

***NO_CI***

Author: josesimoes

CMake/Modules/FindNF_Network.cmake

@@ -3,14 +3,19 @@
 # See LICENSE file in the project root for full license information.
 #
 
+include(FetchContent)
+FetchContent_GetProperties(mbedtls)
+
 # set include directories for nanoFramework network
 list(APPEND NF_Network_INCLUDE_DIRS ${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets)
 list(APPEND NF_Network_INCLUDE_DIRS ${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl)
 list(APPEND NF_Network_INCLUDE_DIRS ${CMAKE_SOURCE_DIR}/src/PAL/Lwip)
+list(APPEND NF_Network_INCLUDE_DIRS ${CMAKE_SOURCE_DIR}/src/PAL)
 list(APPEND NF_Network_INCLUDE_DIRS ${CMAKE_SOURCE_DIR}/src/DeviceInterfaces/Networking.Sntp)
 
 if(USE_SECURITY_MBEDTLS_OPTION)
     list(APPEND NF_Network_INCLUDE_DIRS ${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/mbedTLS)
+    list(APPEND NF_Network_INCLUDE_DIRS ${mbedtls_SOURCE_DIR}/include)
 endif()
 
 if(USE_ENC28J60_DRIVER_OPTION)
@@ -181,15 +186,13 @@ macro(nf_add_lib_network)
     add_library(
         ${LIB_NAME} STATIC 
             ${NF_Network_SOURCES}
-            ${mbedTLS_SOURCES}
             ${NFALN_EXTRA_SOURCES})
 
     target_include_directories(
         ${LIB_NAME} 
         PUBLIC 
             ${NF_Network_INCLUDE_DIRS}
             ${NF_CoreCLR_INCLUDE_DIRS}
-            ${mbedTLS_INCLUDE_DIRS}
             ${NFALN_EXTRA_INCLUDES})
 
     # TODO can be removed later

CMake/binutils.ChibiOS.cmake

@@ -103,11 +103,6 @@ macro(nf_add_platform_packages)
             find_package(NF_Network REQUIRED QUIET)
             find_package(CHIBIOS_LWIP REQUIRED QUIET)
 
-            # security provider is mbedTLS
-            if(USE_SECURITY_MBEDTLS_OPTION)
-                find_package(mbedTLS REQUIRED QUIET)
-            endif()
-
         endif()
 
     endif()
@@ -199,7 +194,12 @@ macro(nf_add_platform_dependencies target)
                     ${${TARGET_STM32_CUBE_PACKAGE}_CubePackage_INCLUDE_DIRS}
                 EXTRA_COMPILE_DEFINITIONS -DHAL_USE_MAC=TRUE)
 
-        add_dependencies(${target}.elf nano::NF_Network)
+            add_dependencies(${target}.elf nano::NF_Network)
+
+            # security provider is mbedTLS
+            if(USE_SECURITY_MBEDTLS_OPTION)
+                add_dependencies(NF_Network nano::NF_Network)
+            endif()
 
         endif()
 
@@ -244,6 +244,23 @@ macro(nf_add_platform_include_directories target)
             ${CHIBIOS_FATFS_INCLUDE_DIRS}
         )
 
+                
+        if(USE_SECURITY_MBEDTLS_OPTION)
+
+            # need to add extra include directories for mbedTLS
+            target_include_directories(
+                mbedcrypto PUBLIC
+                ${CHIBIOS_HAL_INCLUDE_DIRS}
+                ${CHIBIOS_INCLUDE_DIRS}
+                ${ChibiOSnfOverlay_INCLUDE_DIRS}
+                ${CHIBIOS_CONTRIB_INCLUDE_DIRS}
+                ${${TARGET_STM32_CUBE_PACKAGE}_CubePackage_INCLUDE_DIRS}
+                ${TARGET_CHIBIOS_COMMON_INCLUDE_DIRS}
+                ${CHIBIOS_LWIP_INCLUDE_DIRS}
+            )
+
+        endif()
+
     endif()
 
 endmacro()
@@ -299,15 +316,17 @@ macro(nf_add_platform_sources target)
             target_link_libraries(${target}.elf
                 nano::NF_Network
             )
-        endif()
 
-    endif()
+            if(USE_SECURITY_MBEDTLS_OPTION)
+                target_link_libraries(${target}.elf
+                mbedtls
+                )
+
+                add_dependencies(NF_Network mbedtls)
+            endif()
+
+        endif()
 
-    # mbed TLS requires a config file
-    if(USE_SECURITY_MBEDTLS_OPTION)
-        # this seems to be only option to properly set a compiler define through the command line that needs to be a string literal
-        SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DMBEDTLS_CONFIG_FILE=\"<${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/mbedTLS/nf_mbedtls_config.h>\"")
-        SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DMBEDTLS_CONFIG_FILE=\"<${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/mbedTLS/nf_mbedtls_config.h>\"")
     endif()
 
 endmacro()

CMake/binutils.ESP32.cmake

@@ -102,11 +102,6 @@ macro(nf_add_platform_packages)
 
             find_package(NF_Network REQUIRED QUIET)
 
-            # security provider is mbedTLS
-            if(USE_SECURITY_MBEDTLS_OPTION)
-                find_package(mbedTLS REQUIRED QUIET)
-            endif()
-
         endif()
 
     endif()
@@ -248,13 +243,6 @@ macro(nf_add_platform_sources target)
 
     endif()
 
-    # mbed TLS requires a config file
-    if(USE_SECURITY_MBEDTLS_OPTION)
-        # this seems to be only option to properly set a compiler define through the command line that needs to be a string literal
-        SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DMBEDTLS_CONFIG_FILE=\"<${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/mbedTLS/nf_mbedtls_config.h>\"")
-        SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DMBEDTLS_CONFIG_FILE=\"<${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/mbedTLS/nf_mbedtls_config.h>\"")
-    endif()
-
 endmacro()
 
 # macro to setup the build for a target

CMake/binutils.FreeRTOS.cmake

@@ -70,11 +70,6 @@ macro(nf_add_platform_packages)
             find_package(NF_Network REQUIRED QUIET)
             find_package(LWIP REQUIRED QUIET)
 
-            # security provider is mbedTLS
-            if(USE_SECURITY_MBEDTLS_OPTION)
-                find_package(mbedTLS REQUIRED QUIET)
-            endif()
-
         endif()
 
     endif()

CMake/binutils.common.cmake

@@ -550,6 +550,45 @@ macro(nf_setup_target_build_common)
     # set compile options
     nf_set_compile_options(TARGET ${NANOCLR_PROJECT_NAME}.elf EXTRA_COMPILE_OPTIONS ${NFSTBC_CLR_EXTRA_COMPILE_OPTIONS})
 
+    if(USE_SECURITY_MBEDTLS_OPTION)
+
+        # mbedTLS requires setting a compiler definition in order to pass a config file
+        target_compile_definitions(mbedcrypto PUBLIC "-DMBEDTLS_CONFIG_FILE=\"${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/mbedTLS/nf_mbedtls_config.h\"")
+        
+        # need to add extra include directories for mbedTLS
+        target_include_directories(
+            mbedcrypto PUBLIC
+            ${CMAKE_SOURCE_DIR}/src/CLR/Include
+            ${CMAKE_SOURCE_DIR}/src/HAL/Include
+            ${CMAKE_SOURCE_DIR}/src/PAL
+            ${CMAKE_SOURCE_DIR}/src/PAL/Include
+            ${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets
+            ${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/mbedTLS
+            ${CMAKE_SOURCE_DIR}/src/DeviceInterfaces/Networking.Sntp
+            ${CMAKE_SOURCE_DIR}/targets/${RTOS}/_include
+            ${CMAKE_SOURCE_DIR}/targets/${RTOS}/${TARGET_BOARD}/nanoCLR
+            ${CMAKE_BINARY_DIR}/targets/${RTOS}/${TARGET_BOARD}
+            ${CMAKE_BINARY_DIR}/targets/${RTOS}/${TARGET_BOARD}/nanoCLR
+            ${TARGET_BASE_LOCATION}
+        )
+
+        # target_sources(mbedcrypto PUBLIC ${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/mbedTLS/ssl_generic.cpp)
+        # target_sources(mbedcrypto PRIVATE  ${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/mbedTLS/mbed_network.c)
+       
+        if(NOT RTOS_ESP32_CHECK)
+            # platform implementation of hardware random provider
+            target_sources(mbedcrypto PRIVATE ${BASE_PATH_FOR_CLASS_LIBRARIES_MODULES}/mbedtls_entropy_hardware_pool.c)
+        endif()
+
+        nf_set_compile_options(TARGET mbedcrypto BUILD_TARGET ${NANOCLR_PROJECT_NAME})
+        nf_set_compile_options(TARGET mbedx509 BUILD_TARGET ${NANOCLR_PROJECT_NAME})
+        nf_set_compile_options(TARGET mbedtls BUILD_TARGET ${NANOCLR_PROJECT_NAME})
+        nf_set_compile_definitions(TARGET mbedcrypto BUILD_TARGET ${NANOCLR_PROJECT_NAME})
+        nf_set_compile_definitions(TARGET mbedx509 BUILD_TARGET ${NANOCLR_PROJECT_NAME})
+        nf_set_compile_definitions(TARGET mbedtls BUILD_TARGET ${NANOCLR_PROJECT_NAME})
+
+    endif()
+
     # set compile definitions
     nf_set_compile_definitions(TARGET ${NANOCLR_PROJECT_NAME}.elf EXTRA_COMPILE_DEFINITIONS ${NFSTBC_CLR_EXTRA_COMPILE_DEFINITIONS} BUILD_TARGET ${NANOCLR_PROJECT_NAME} )
 

src/PAL/COM/sockets/ssl/mbedTLS/mbedtls.h

@@ -7,13 +7,19 @@
 #define MBEDTLS_H
 
 #include <nanoHAL.h>
+#include "nf_mbedtls_config.h"
 
 #ifdef PLATFORM_ESP32
 #include <esp32_idf.h>
 #endif
 
 #include <sockets_lwip.h>
 
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
 #include "mbedtls/platform.h"
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/ssl.h"
@@ -22,32 +28,28 @@
 #include "mbedtls/error.h"
 #include "mbedtls/certs.h"
 
-typedef struct mbedTLS_NFContext
-{
-    mbedtls_entropy_context* entropy;
-    mbedtls_ctr_drbg_context* ctr_drbg;
-    mbedtls_ssl_config* conf;
-    mbedtls_ssl_context* ssl;
-    mbedtls_net_context* server_fd;
-    mbedtls_x509_crt* x509_crt;
-    mbedtls_pk_context* pk;
-}mbedTLS_NFContext;
-
-int net_would_block( const mbedtls_net_context *ctx );
-int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
-int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
-int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, uint32_t timeout );
-void mbedtls_net_free( mbedtls_net_context *ctx );
-
-// debug output declaration 
-void nf_debug( void *ctx, int level, const char *file, int line, const char *str );
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-// function returning the system date and time in Unix Epoch 
-time_t nf_get_unix_epoch();
+    typedef struct mbedTLS_NFContext
+    {
+        mbedtls_entropy_context *entropy;
+        mbedtls_ctr_drbg_context *ctr_drbg;
+        mbedtls_ssl_config *conf;
+        mbedtls_ssl_context *ssl;
+        mbedtls_net_context *server_fd;
+        mbedtls_x509_crt *x509_crt;
+        mbedtls_pk_context *pk;
+    } mbedTLS_NFContext;
+
+    int net_would_block(const mbedtls_net_context *ctx);
+    int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len);
+    int mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len);
+    int mbedtls_net_recv_timeout(void *ctx, unsigned char *buf, size_t len, uint32_t timeout);
+    void mbedtls_net_free(mbedtls_net_context *ctx);
+
+    // debug output declaration
+    void nf_debug(void *ctx, int level, const char *file, int line, const char *str);
+
+    // function returning the system date and time in Unix Epoch
+    time_t nf_get_unix_epoch();
 
 #ifdef __cplusplus
 }

src/PAL/COM/sockets/ssl/mbedTLS/nf_mbedtls_config.h

@@ -105,17 +105,13 @@ extern "C"
 /* mbed TLS modules */
 #define MBEDTLS_AESNI_C
 #define MBEDTLS_AES_C
-#define MBEDTLS_ARC4_C
 #define MBEDTLS_ASN1_PARSE_C
 #define MBEDTLS_ASN1_WRITE_C
 
 #define MBEDTLS_BASE64_C
 
 #define MBEDTLS_BIGNUM_C
 
-#define MBEDTLS_BLOWFISH_C
-
-#define MBEDTLS_CAMELLIA_C
 #define MBEDTLS_CCM_C
 
 #define MBEDTLS_CIPHER_C
@@ -135,8 +131,6 @@ extern "C"
 
 #define MBEDTLS_GCM_C
 
-#define MBEDTLS_HKDF_C
-
 #define MBEDTLS_HMAC_DRBG_C
 
 #define MBEDTLS_MD_C
@@ -156,8 +150,6 @@ extern "C"
 
 #define MBEDTLS_PLATFORM_C
 
-#define MBEDTLS_POLY1305_C
-
 #define MBEDTLS_RIPEMD160_C
 
 #define MBEDTLS_RSA_C

src/PAL/Include/CPU_GPIO_decl.h

@@ -7,6 +7,8 @@
 #ifndef DRIVERS_GPIO_DECL_H
 #define DRIVERS_GPIO_DECL_H
 
+#include <nanoPackStruct.h>
+
 #define GPIO_PIN_NONE 0xFFFFFFFF
 
 #define GPIO_ATTRIBUTE_NONE        0x00

targets/ChibiOS/CMakeLists.txt

@@ -256,8 +256,12 @@ if(NF_SECURITY_MBEDTLS)
         FetchContent_Populate(mbedtls)
     endif()
 
-    set(mbedTLS_INCLUDE_DIRS ${CMAKE_SOURCE_DIR}/3rdparty/humblelogging/include)
-    set(mbedTLS_LIBRARIES ${CMAKE_SHARED_LIBRARY_PREFIX}mbedTLS${CMAKE_SHARED_LIBRARY_SUFFIX})
+    # don't include tests or programs, only build libraries
+    set(ENABLE_TESTING CACHE BOOL OFF)
+    set(ENABLE_PROGRAMS CACHE BOOL OFF)
+
+    cmake_policy(SET CMP0048 NEW)
+    add_subdirectory(${mbedtls_SOURCE_DIR} mbedtls_build)
 
 endif()
 

targets/ChibiOS/_nanoCLR/mbedtls_entropy_hardware_pool.c

@@ -6,15 +6,17 @@
 #include <hal.h>
 #include <hal_nf_community.h>
 
+int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t *olen);
+
 // Get len bytes of entropy from the hardware RNG.
-int mbedtls_hardware_poll( void *data, unsigned char *output, size_t len, size_t *olen )
+int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t *olen)
 {
     (void)data;
 
     // start random generator
     rngStart();
 
-    for(size_t i = 0; i < len; i++)
+    for (size_t i = 0; i < len; i++)
     {
         // our generator returns 32bits numbers
         *output = rngGenerateRandomNumber();