From 5dfc7d51d25567e0fa01ebf89a32683eafa5813d Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 11 Jun 2026 22:07:37 +0200 Subject: [PATCH] Fix mbedtls link runtime resolution. Signed-off-by: Pol Henarejos --- cmake/trusted.cmake | 211 +++++++++--------------- picokeys_sdk_import.cmake | 94 ++++++----- src/{ => trusted}/trusted.c | 0 src/{ => trusted}/trusted.h | 0 src/{ => trusted}/trusted_mem.c | 21 ++- src/{ => trusted}/trusted_pico_sha256.c | 17 ++ 6 files changed, 173 insertions(+), 170 deletions(-) rename src/{ => trusted}/trusted.c (100%) rename src/{ => trusted}/trusted.h (100%) rename src/{ => trusted}/trusted_mem.c (83%) rename src/{ => trusted}/trusted_pico_sha256.c (87%) diff --git a/cmake/trusted.cmake b/cmake/trusted.cmake index d6f45c0..0465557 100644 --- a/cmake/trusted.cmake +++ b/cmake/trusted.cmake @@ -1,7 +1,7 @@ include_guard(GLOBAL) function(picokeys_trusted_region_enabled out_var) - if(PICO_RP2350 OR ENABLE_EMULATION OR ESP_PLATFORM) + if(PICO_RP2350) set(${out_var} TRUE PARENT_SCOPE) else() set(${out_var} FALSE PARENT_SCOPE) @@ -12,26 +12,26 @@ macro(picokeys_init_trusted_config) set(PICOKEYS_TRUSTED_REGION_FLASH_BASE "0x100B0000" CACHE STRING "Fixed flash base for the trusted measurement region on Pico firmware builds") set(PICOKEYS_TRUSTED_STATE_RAM_BASE "0x20070000" CACHE STRING "Fixed RAM base for trusted writable state on Pico firmware builds") - if(CMAKE_C_COMPILER) + set(TRUSTED_MBEDTLS_HELPER_SOURCES + ${CMAKE_CURRENT_LIST_DIR}/src/trusted/trusted_mem.c + ) +endmacro() + +macro(picokeys_resolve_trusted_toolchain) + if(CMAKE_C_COMPILER AND PICO_RP2350) set(PICOKEYS_LIBGCC_QUERY_ARGS -print-libgcc-file-name) - if(PICO_RP2350) - set(PICOKEYS_LIBGCC_QUERY_ARGS - -mthumb - -march=armv8-m.main+fp - -mfloat-abi=softfp - -print-libgcc-file-name - ) - endif() + set(PICOKEYS_LIBGCC_QUERY_ARGS + -mthumb + -march=armv8-m.main+fp + -mfloat-abi=softfp + -print-libgcc-file-name + ) execute_process( COMMAND ${CMAKE_C_COMPILER} ${PICOKEYS_LIBGCC_QUERY_ARGS} OUTPUT_VARIABLE PICOKEYS_LIBGCC OUTPUT_STRIP_TRAILING_WHITESPACE ) endif() - - set(TRUSTED_MBEDTLS_HELPER_SOURCES - ${CMAKE_CURRENT_LIST_DIR}/src/trusted_mem.c - ) endmacro() function(configure_picokeys_mbedtls_target target_name) @@ -86,117 +86,68 @@ function(configure_picokeys_trusted_mbedtls_target target_name) endfunction() macro(picokeys_setup_trusted_mbedtls) - if(NOT SKIP_MBEDTLS_FOR_OPENSSL_EMULATION) - if(NOT ESP_PLATFORM) - if(PICO_PLATFORM AND PICO_RP2350 AND NOT ENABLE_EMULATION) - add_library(trusted_mbedtls_build STATIC ${MBEDTLS_SOURCES}) - target_include_directories(trusted_mbedtls_build SYSTEM PUBLIC - ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/include - ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library - ) - configure_picokeys_trusted_mbedtls_target(trusted_mbedtls_build) - set(TRUSTED_MBEDTLS_ARCHIVE ${CMAKE_CURRENT_BINARY_DIR}/libtrusted_mbedtls.a) - set(TRUSTED_LIBGCC_DIR ${CMAKE_CURRENT_BINARY_DIR}/trusted_libgcc) - add_custom_command( - OUTPUT ${TRUSTED_MBEDTLS_ARCHIVE} - COMMAND ${CMAKE_COMMAND} -E rm -f ${TRUSTED_MBEDTLS_ARCHIVE} - COMMAND ${CMAKE_COMMAND} -E rm -rf ${TRUSTED_LIBGCC_DIR} - COMMAND ${CMAKE_COMMAND} -E make_directory ${TRUSTED_LIBGCC_DIR} - COMMAND ${CMAKE_OBJCOPY} - --prefix-alloc-sections=.trusted - --redefine-sym memset=picokeys_trusted_memset - --redefine-sym mbedtls_sha256_init=picokeys_trusted_sha256_init - --redefine-sym mbedtls_sha256_free=picokeys_trusted_sha256_free - --redefine-sym mbedtls_sha256_starts=picokeys_trusted_sha256_starts - --redefine-sym mbedtls_sha256_update=picokeys_trusted_sha256_update - --redefine-sym mbedtls_sha256_finish=picokeys_trusted_sha256_finish - --redefine-sym mbedtls_sha256_clone=picokeys_trusted_sha256_clone - --redefine-sym __aeabi_uldivmod=picokeys_trusted___aeabi_uldivmod - $ - ${TRUSTED_MBEDTLS_ARCHIVE} - COMMAND ${CMAKE_COMMAND} -E chdir ${TRUSTED_LIBGCC_DIR} - ${CMAKE_AR} x ${PICOKEYS_LIBGCC} - _aeabi_uldivmod.o - _udivmoddi4.o - _dvmd_tls.o - COMMAND ${CMAKE_OBJCOPY} - --prefix-alloc-sections=.trusted - --redefine-sym __aeabi_uldivmod=picokeys_trusted___aeabi_uldivmod - --redefine-sym __udivmoddi4=picokeys_trusted___udivmoddi4 - --redefine-sym __aeabi_idiv0=picokeys_trusted___aeabi_idiv0 - ${TRUSTED_LIBGCC_DIR}/_aeabi_uldivmod.o - ${TRUSTED_LIBGCC_DIR}/_aeabi_uldivmod.trusted.o - COMMAND ${CMAKE_OBJCOPY} - --prefix-alloc-sections=.trusted - --redefine-sym __udivmoddi4=picokeys_trusted___udivmoddi4 - ${TRUSTED_LIBGCC_DIR}/_udivmoddi4.o - ${TRUSTED_LIBGCC_DIR}/_udivmoddi4.trusted.o - COMMAND ${CMAKE_OBJCOPY} - --prefix-alloc-sections=.trusted - --redefine-sym __aeabi_idiv0=picokeys_trusted___aeabi_idiv0 - ${TRUSTED_LIBGCC_DIR}/_dvmd_tls.o - ${TRUSTED_LIBGCC_DIR}/_dvmd_tls.trusted.o - COMMAND ${CMAKE_AR} q ${TRUSTED_MBEDTLS_ARCHIVE} - ${TRUSTED_LIBGCC_DIR}/_aeabi_uldivmod.trusted.o - ${TRUSTED_LIBGCC_DIR}/_udivmoddi4.trusted.o - ${TRUSTED_LIBGCC_DIR}/_dvmd_tls.trusted.o - COMMAND ${CMAKE_RANLIB} ${TRUSTED_MBEDTLS_ARCHIVE} - DEPENDS trusted_mbedtls_build - VERBATIM - ) - add_custom_target(trusted_mbedtls_archive DEPENDS ${TRUSTED_MBEDTLS_ARCHIVE}) - add_library(trusted_mbedtls STATIC IMPORTED GLOBAL) - add_dependencies(trusted_mbedtls trusted_mbedtls_archive) - set_target_properties(trusted_mbedtls PROPERTIES - IMPORTED_LOCATION ${TRUSTED_MBEDTLS_ARCHIVE} - ) - elseif(ENABLE_EMULATION AND NOT MSVC) - set(TRUSTED_REGION_EMBED_INPUT - ${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_STATIC_LIBRARY_PREFIX}mbedtls${CMAKE_STATIC_LIBRARY_SUFFIX} - ) - if(APPLE) - set(PICOKEYS_TRUSTED_SECTION_DIRECTIVE ".section __DATA,__trusted_region,regular,no_dead_strip") - set(PICOKEYS_TRUSTED_START_SYM "___trusted_start") - set(PICOKEYS_TRUSTED_END_SYM "___trusted_end") - set(PICOKEYS_TRUSTED_LOAD_START_SYM "___trusted_load_start") - set(PICOKEYS_TRUSTED_LOAD_END_SYM "___trusted_load_end") - else() - set(PICOKEYS_TRUSTED_SECTION_DIRECTIVE ".section .trusted_region,\"a\",@progbits") - set(PICOKEYS_TRUSTED_START_SYM "__trusted_start") - set(PICOKEYS_TRUSTED_END_SYM "__trusted_end") - set(PICOKEYS_TRUSTED_LOAD_START_SYM "__trusted_load_start") - set(PICOKEYS_TRUSTED_LOAD_END_SYM "__trusted_load_end") - endif() - set(TRUSTED_REGION_EMBED_SOURCE ${CMAKE_CURRENT_BINARY_DIR}/trusted_region_embed.S) - configure_file( - ${CMAKE_CURRENT_LIST_DIR}/src/trusted_region_embed.in.S - ${TRUSTED_REGION_EMBED_SOURCE} - @ONLY - ) - endif() - elseif(ESP_PLATFORM) - add_library(trusted_mbedtls_payload STATIC ${MBEDTLS_SOURCES}) - target_include_directories(trusted_mbedtls_payload - SYSTEM PRIVATE - ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/include - ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library - ) - configure_picokeys_mbedtls_target(trusted_mbedtls_payload) - set(TRUSTED_REGION_EMBED_INPUT - ${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_STATIC_LIBRARY_PREFIX}trusted_mbedtls_payload${CMAKE_STATIC_LIBRARY_SUFFIX} - ) - set(PICOKEYS_TRUSTED_SECTION_DIRECTIVE ".section .rodata.trusted_region,\"a\",@progbits") - set(PICOKEYS_TRUSTED_START_SYM "__trusted_start") - set(PICOKEYS_TRUSTED_END_SYM "__trusted_end") - set(PICOKEYS_TRUSTED_LOAD_START_SYM "__trusted_load_start") - set(PICOKEYS_TRUSTED_LOAD_END_SYM "__trusted_load_end") - set(TRUSTED_REGION_EMBED_SOURCE ${CMAKE_CURRENT_BINARY_DIR}/trusted_region_embed.S) - configure_file( - ${CMAKE_CURRENT_LIST_DIR}/src/trusted_region_embed.in.S - ${TRUSTED_REGION_EMBED_SOURCE} - @ONLY - ) - endif() + if(NOT SKIP_MBEDTLS_FOR_OPENSSL_EMULATION AND PICO_PLATFORM AND PICO_RP2350 AND NOT ENABLE_EMULATION) + add_library(trusted_mbedtls_build STATIC ${MBEDTLS_SOURCES}) + target_include_directories(trusted_mbedtls_build SYSTEM PUBLIC + ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/include + ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library + ) + configure_picokeys_trusted_mbedtls_target(trusted_mbedtls_build) + set(TRUSTED_MBEDTLS_ARCHIVE ${CMAKE_CURRENT_BINARY_DIR}/libtrusted_mbedtls.a) + set(TRUSTED_LIBGCC_DIR ${CMAKE_CURRENT_BINARY_DIR}/trusted_libgcc) + add_custom_command( + OUTPUT ${TRUSTED_MBEDTLS_ARCHIVE} + COMMAND ${CMAKE_COMMAND} -E rm -f ${TRUSTED_MBEDTLS_ARCHIVE} + COMMAND ${CMAKE_COMMAND} -E rm -rf ${TRUSTED_LIBGCC_DIR} + COMMAND ${CMAKE_COMMAND} -E make_directory ${TRUSTED_LIBGCC_DIR} + COMMAND ${CMAKE_OBJCOPY} + --prefix-alloc-sections=.trusted + --redefine-sym memset=picokeys_trusted_memset + --redefine-sym mbedtls_sha256_init=picokeys_trusted_sha256_init + --redefine-sym mbedtls_sha256_free=picokeys_trusted_sha256_free + --redefine-sym mbedtls_sha256_starts=picokeys_trusted_sha256_starts + --redefine-sym mbedtls_sha256_update=picokeys_trusted_sha256_update + --redefine-sym mbedtls_sha256_finish=picokeys_trusted_sha256_finish + --redefine-sym mbedtls_sha256_clone=picokeys_trusted_sha256_clone + --redefine-sym __aeabi_uldivmod=picokeys_trusted___aeabi_uldivmod + $ + ${TRUSTED_MBEDTLS_ARCHIVE} + COMMAND ${CMAKE_COMMAND} -E chdir ${TRUSTED_LIBGCC_DIR} + ${CMAKE_AR} x ${PICOKEYS_LIBGCC} + _aeabi_uldivmod.o + _udivmoddi4.o + _dvmd_tls.o + COMMAND ${CMAKE_OBJCOPY} + --prefix-alloc-sections=.trusted + --redefine-sym __aeabi_uldivmod=picokeys_trusted___aeabi_uldivmod + --redefine-sym __udivmoddi4=picokeys_trusted___udivmoddi4 + --redefine-sym __aeabi_idiv0=picokeys_trusted___aeabi_idiv0 + ${TRUSTED_LIBGCC_DIR}/_aeabi_uldivmod.o + ${TRUSTED_LIBGCC_DIR}/_aeabi_uldivmod.trusted.o + COMMAND ${CMAKE_OBJCOPY} + --prefix-alloc-sections=.trusted + --redefine-sym __udivmoddi4=picokeys_trusted___udivmoddi4 + ${TRUSTED_LIBGCC_DIR}/_udivmoddi4.o + ${TRUSTED_LIBGCC_DIR}/_udivmoddi4.trusted.o + COMMAND ${CMAKE_OBJCOPY} + --prefix-alloc-sections=.trusted + --redefine-sym __aeabi_idiv0=picokeys_trusted___aeabi_idiv0 + ${TRUSTED_LIBGCC_DIR}/_dvmd_tls.o + ${TRUSTED_LIBGCC_DIR}/_dvmd_tls.trusted.o + COMMAND ${CMAKE_AR} q ${TRUSTED_MBEDTLS_ARCHIVE} + ${TRUSTED_LIBGCC_DIR}/_aeabi_uldivmod.trusted.o + ${TRUSTED_LIBGCC_DIR}/_udivmoddi4.trusted.o + ${TRUSTED_LIBGCC_DIR}/_dvmd_tls.trusted.o + COMMAND ${CMAKE_RANLIB} ${TRUSTED_MBEDTLS_ARCHIVE} + DEPENDS trusted_mbedtls_build + VERBATIM + ) + add_custom_target(trusted_mbedtls_archive DEPENDS ${TRUSTED_MBEDTLS_ARCHIVE}) + add_library(trusted_mbedtls STATIC IMPORTED GLOBAL) + add_dependencies(trusted_mbedtls trusted_mbedtls_archive) + set_target_properties(trusted_mbedtls PROPERTIES + IMPORTED_LOCATION ${TRUSTED_MBEDTLS_ARCHIVE} + ) endif() endmacro() @@ -204,11 +155,11 @@ macro(picokeys_configure_trusted_support_sources) picokeys_trusted_region_enabled(enable_trusted_region) if(enable_trusted_region) if(CMAKE_C_COMPILER_ID STREQUAL "GNU") - set_source_files_properties(${CMAKE_CURRENT_LIST_DIR}/src/trusted_mem.c PROPERTIES + set_source_files_properties(${CMAKE_CURRENT_LIST_DIR}/src/trusted/trusted_mem.c PROPERTIES COMPILE_OPTIONS "-fno-builtin;-fno-tree-loop-distribute-patterns" ) else() - set_source_files_properties(${CMAKE_CURRENT_LIST_DIR}/src/trusted_mem.c PROPERTIES + set_source_files_properties(${CMAKE_CURRENT_LIST_DIR}/src/trusted/trusted_mem.c PROPERTIES COMPILE_OPTIONS "-fno-builtin" ) endif() @@ -228,9 +179,12 @@ macro(picokeys_configure_rp2350_trusted) target_include_directories(trusted_mbedtls_build PRIVATE ${CMAKE_CURRENT_LIST_DIR}/config/rp2350/alt ) + target_include_directories(${CMAKE_PROJECT_NAME} PUBLIC + ${CMAKE_CURRENT_LIST_DIR}/src/trusted + ) target_sources(trusted_mbedtls_build PRIVATE ${CMAKE_CURRENT_LIST_DIR}/config/rp2350/alt/sha256_alt.c - ${CMAKE_CURRENT_LIST_DIR}/src/trusted_pico_sha256.c + ${CMAKE_CURRENT_LIST_DIR}/src/trusted/trusted_pico_sha256.c ) target_link_libraries(trusted_mbedtls_build PRIVATE pico_sha256_headers @@ -242,7 +196,6 @@ endmacro() macro(picokeys_link_trusted_region target_name) if(TARGET trusted_mbedtls) - target_link_libraries(${target_name} PRIVATE trusted_mbedtls) target_link_options(${target_name} PRIVATE "LINKER:--defsym=__trusted_region_fixed_base=${PICOKEYS_TRUSTED_REGION_FLASH_BASE}" "LINKER:-T,${CMAKE_CURRENT_LIST_DIR}/config/rp2350/ld/trusted_region.ld" diff --git a/picokeys_sdk_import.cmake b/picokeys_sdk_import.cmake index 6c1c25b..0803697 100644 --- a/picokeys_sdk_import.cmake +++ b/picokeys_sdk_import.cmake @@ -335,13 +335,6 @@ list(APPEND PICOKEYS_SOURCES ${CMAKE_CURRENT_LIST_DIR}/src/signal.c ) -if(PICO_RP2350 OR ENABLE_EMULATION OR ESP_PLATFORM) - add_compile_definitions(PICOKEYS_HAS_TRUSTED_REGION=1) - list(APPEND PICOKEYS_SOURCES - ${CMAKE_CURRENT_LIST_DIR}/src/trusted.c - ) -endif() - if(ESP_PLATFORM) list(APPEND PICOKEYS_SOURCES ${CMAKE_CURRENT_LIST_DIR}/src/led/led_neopixel.c @@ -460,35 +453,6 @@ if(UNIX AND NOT APPLE AND ENABLE_EMULATION) endif() endif() -if(NOT ESP_PLATFORM) - if(NOT SKIP_MBEDTLS_FOR_OPENSSL_EMULATION) - add_library(mbedtls STATIC ${MBEDTLS_SOURCES}) - target_include_directories(mbedtls SYSTEM PUBLIC - ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/include - ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library - ) - configure_picokeys_mbedtls_target(mbedtls) - endif() - if(ENABLE_LIBCVC) - add_library(libcvc STATIC ${LIBCVC_SOURCES}) - target_include_directories(libcvc SYSTEM PUBLIC ${CMAKE_CURRENT_LIST_DIR}/third-party/libcvc/src ${CMAKE_CURRENT_LIST_DIR}/third-party/libcvc/include) - target_link_libraries(libcvc PRIVATE mbedtls) - list(APPEND LIBRARIES libcvc) - endif() - if(USB_ITF_HID) - add_library(tinycbor STATIC ${CBOR_SOURCES}) - target_include_directories(tinycbor SYSTEM PUBLIC ${CMAKE_CURRENT_LIST_DIR}/third-party/tinycbor/src) - list(APPEND LIBRARIES tinycbor) - endif() - if(USB_ITF_LWIP) - add_library(cjson STATIC ${CJSON_SOURCES}) - target_include_directories(cjson SYSTEM PUBLIC ${CMAKE_CURRENT_LIST_DIR}/third-party/cjson) - list(APPEND LIBRARIES cjson) - endif() -endif() - -picokeys_setup_trusted_mbedtls() - if(PICO_PLATFORM) list(APPEND LIBRARIES pico_stdlib @@ -562,7 +526,6 @@ else() ${CMAKE_CURRENT_LIST_DIR}/src/fs/mman.c ) endif() -picokeys_configure_trusted_support_sources() if(ENABLE_EMULATION) if(APPLE) @@ -616,6 +579,48 @@ endif() if(PICO_PLATFORM) pico_sdk_init() + picokeys_resolve_trusted_toolchain() + picokeys_setup_trusted_mbedtls() +else() + picokeys_resolve_trusted_toolchain() + picokeys_setup_trusted_mbedtls() +endif() +picokeys_configure_trusted_support_sources() + +if(NOT ESP_PLATFORM) + if(NOT SKIP_MBEDTLS_FOR_OPENSSL_EMULATION) + if(PICO_RP2350) + add_library(mbedtls INTERFACE) + target_include_directories(mbedtls INTERFACE + ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/include + ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library + ) + target_link_libraries(mbedtls INTERFACE trusted_mbedtls) + else() + add_library(mbedtls STATIC ${MBEDTLS_SOURCES}) + target_include_directories(mbedtls SYSTEM PUBLIC + ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/include + ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library + ) + configure_picokeys_mbedtls_target(mbedtls) + endif() + endif() + if(ENABLE_LIBCVC) + add_library(libcvc STATIC ${LIBCVC_SOURCES}) + target_include_directories(libcvc SYSTEM PUBLIC ${CMAKE_CURRENT_LIST_DIR}/third-party/libcvc/src ${CMAKE_CURRENT_LIST_DIR}/third-party/libcvc/include) + target_link_libraries(libcvc PRIVATE mbedtls) + list(APPEND LIBRARIES libcvc) + endif() + if(USB_ITF_HID) + add_library(tinycbor STATIC ${CBOR_SOURCES}) + target_include_directories(tinycbor SYSTEM PUBLIC ${CMAKE_CURRENT_LIST_DIR}/third-party/tinycbor/src) + list(APPEND LIBRARIES tinycbor) + endif() + if(USB_ITF_LWIP) + add_library(cjson STATIC ${CJSON_SOURCES}) + target_include_directories(cjson SYSTEM PUBLIC ${CMAKE_CURRENT_LIST_DIR}/third-party/cjson) + list(APPEND LIBRARIES cjson) + endif() endif() if(ESP_PLATFORM) @@ -680,6 +685,10 @@ if(USB_ITF_LWIP) endif() if(PICO_RP2350) + add_compile_definitions(PICOKEYS_HAS_TRUSTED_REGION=1) + list(APPEND PICOKEYS_SOURCES + ${CMAKE_CURRENT_LIST_DIR}/src/trusted/trusted.c + ) pico_set_uf2_family(${CMAKE_PROJECT_NAME} "rp2350-arm-s") pico_embed_pt_in_binary(${CMAKE_PROJECT_NAME} "${CMAKE_CURRENT_LIST_DIR}/config/rp2350/pt.json") if(NOT IS_CYW43) @@ -696,17 +705,24 @@ if(PICO_RP2350) ${CMAKE_CURRENT_LIST_DIR}/config/rp2350/alt ) if(TARGET mbedtls) - target_include_directories(mbedtls PRIVATE + target_include_directories(mbedtls INTERFACE ${CMAKE_CURRENT_LIST_DIR}/config/rp2350/alt ) - target_link_libraries(mbedtls PRIVATE pico_sha256_headers) + target_link_libraries(mbedtls INTERFACE pico_sha256_headers) endif() picokeys_configure_rp2350_trusted() list(APPEND PICOKEYS_SOURCES ${CMAKE_CURRENT_LIST_DIR}/config/rp2350/alt/sha256_alt.c ) add_compile_definitions(MBEDTLS_SHA256_ALT=1) + if(NOT SKIP_MBEDTLS_FOR_OPENSSL_EMULATION) + list(APPEND LIBRARIES mbedtls) + endif() list(APPEND LIBRARIES pico_sha256) +elseif(PICO_RP2040) + if(NOT SKIP_MBEDTLS_FOR_OPENSSL_EMULATION) + list(APPEND LIBRARIES mbedtls) + endif() endif() set(INTERNAL_SOURCES ${PICOKEYS_SOURCES}) diff --git a/src/trusted.c b/src/trusted/trusted.c similarity index 100% rename from src/trusted.c rename to src/trusted/trusted.c diff --git a/src/trusted.h b/src/trusted/trusted.h similarity index 100% rename from src/trusted.h rename to src/trusted/trusted.h diff --git a/src/trusted_mem.c b/src/trusted/trusted_mem.c similarity index 83% rename from src/trusted_mem.c rename to src/trusted/trusted_mem.c index 7988290..2f3753e 100644 --- a/src/trusted_mem.c +++ b/src/trusted/trusted_mem.c @@ -1,3 +1,20 @@ +/* + * This file is part of the Pico Keys SDK distribution (https://github.com/polhenarejos/pico-keys-sdk). + * Copyright (c) 2022 Pol Henarejos. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, version 3. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + #include "mbedtls/platform_util.h" #include "trusted.h" @@ -123,8 +140,8 @@ void picokeys_trusted_free(void *ptr) void mbedtls_platform_zeroize(void *buf, size_t len) { - if (len > 0) { + if (buf != NULL && len != 0) { picokeys_trusted_memset(buf, 0, len); - asm volatile ("" : : "m" (*(char (*)[len]) buf) :); + __asm__ volatile ("" ::: "memory"); } } diff --git a/src/trusted_pico_sha256.c b/src/trusted/trusted_pico_sha256.c similarity index 87% rename from src/trusted_pico_sha256.c rename to src/trusted/trusted_pico_sha256.c index 7c3193f..1fbc9c5 100644 --- a/src/trusted_pico_sha256.c +++ b/src/trusted/trusted_pico_sha256.c @@ -1,3 +1,20 @@ +/* + * This file is part of the Pico Keys SDK distribution (https://github.com/polhenarejos/pico-keys-sdk). + * Copyright (c) 2022 Pol Henarejos. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, version 3. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + #include #include #include