Add support for TLS.

Cert is self-signed and auto-generated on first boot. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2026-05-29 17:41:24 +02:00 · 2026-04-19 03:16:54 +02:00
parent f8cbb145f4
commit febae0e664
8 changed files with 1034 additions and 259 deletions
--- a/pico_keys_sdk_import.cmake
+++ b/pico_keys_sdk_import.cmake
@@ -400,6 +400,25 @@ set(SYSTEM_INCLUDES
    ${CMAKE_CURRENT_LIST_DIR}/third-party/cjson
 )

+if(USB_ITF_LWIP)
+    add_compile_definitions(
+        MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+        MBEDTLS_SSL_PROTO_TLS1_2
+        MBEDTLS_SSL_SRV_C
+        MBEDTLS_SSL_TLS_C
+    )
+    list(APPEND MBEDTLS_SOURCES
+        ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library/pkparse.c
+        ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library/pk_ecc.c
+        ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library/pkcs12.c
+        ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library/ssl_ciphersuites.c
+        ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library/ssl_msg.c
+        ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library/ssl_tls.c
+        ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library/ssl_tls12_server.c
+        ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library/x509.c
+        ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library/x509_crt.c
+    )
+endif()
 if(USB_ITF_HID)
    list(APPEND MBEDTLS_SOURCES
        ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library/x509write_crt.c
@@ -623,7 +642,9 @@ endif()

 if(USB_ITF_LWIP)
    list(APPEND PICO_KEYS_SOURCES
+        ${CMAKE_CURRENT_LIST_DIR}/src/usb/lwip/rest.c
        ${CMAKE_CURRENT_LIST_DIR}/src/usb/lwip/rest_server.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/usb/lwip/rest_server_tls.c
    )
    list(APPEND INCLUDES
        ${CMAKE_CURRENT_LIST_DIR}/src/usb/lwip