Add ability to include multiple AES ciphers

[kevlut]

I use backend mbedtls w/ nRF5 SDK. I want to include files so both AES256CCM as well as AES256ECB gets compiled. AES 256 CCM cipher is in mbedtls_backend_aes_aead.c and AES 256 ECB cipher is in mbedtls_backend_aes.c. My suspicion is that they the if-statement used here is broken up because of the additional "_" in case of the aead.

Would the best way be to change:

macro(nRF5_addCryptoBackend TYPE BACKEND)

to something like:

macro(nRF5_addCryptoBackend TYPE BACKEND USE_AEAD)

Is there any harm in calling setup macro twice?

nRF5_addCryptoBackend("aes" "mbedtls")
nRF5_addCryptoBackend("aead" "mbedtls")

If not, no change may be needed. If there is an issue, I can create a PR with the change when I finished setting up my project because I'll have to get it working anyways.

[nrbrook]

No there should be no harm calling twice. The if statement is there because aead file name pattern is different from other filenames.

[kevlut]

@nrbrook somewhat off-topic, I'm using nRF5 SDK v16

nRF5_addCryptoBackend(aes mbedtls)
nRF5_addCryptoBackend(aead mbedtls)

and I'm getting this as an error output:

arm-none-eabi-gcc.exe: error: unrecognized command line option '-ffunction-sectio'; did you mean '-ffunction-sections'?
arm-none-eabi-gcc.exe: fatal error: no input files
compilation terminated.
make[3]: *** [MyProject/CMakeFiles/MyTarget.dir/build.make:76: MyProject/CMakeFiles/MyTarget.dir/__/toolchains/nRF5/nRF5_SDK_16.0.0_98a08e2/components/libraries/scheduler/app_scheduler.c.obj] Error 1
make[2]: *** [CMakeFiles/Makefile2:268: MyProject/CMakeFiles/MyTarget.dir/all] Error 2
make[1]: *** [CMakeFiles/Makefile2:275: MyProject/CMakeFiles/MyTarget.dir/rule] Error 2
make: *** [Makefile:202: MyTarget] Error 2

Trying one or the other produces the same results. Commenting them both out, the build succeeds.

Any idea what might be happening?

[kevlut]

It works without any changes to the original repo, however in my working project it doesn't--at this point I'm assuming its due to length of the directory?

[nrbrook]

It could be yes - have a look at the makefiles that are created to see the raw commands produced

[kevlut]

@nrbrook I can confirm its related to string length limitations. I was able to run without issues when moving my repository to root of "C:/". Do you have any thoughts on how to "fix" this without moving my project's location?

Lastly, how do I properly add mbedTLS backend?

All I have in my CMakeLists.txt is nRF5_addCryptoBackend(aes mbedtls) right now, and when building I get:

C:/MyProject/toolchains/nRF5/nRF5_SDK_16.0.0_98a08e2/components/libraries/crypto/backend/mbedtls/mbedtls_backend_init.c:51:10: fatal error: mbedtls/platform.h: No such file or directory
 #include "mbedtls/platform.h"
          ^~~~~~~~~~~~~~~~~~~~
compilation terminated.

Do I have to call nRF5_includeMBEDTLS or nRF5_addMBED and if so, how, i.e. what are the parameters I have to pass to the macro, or what would an example look like?

[nrbrook]

Yes you should call both:

nRF5_includeMBEDTLS("${CMAKE_CURRENT_SOURCE_DIR}") # path to `sdk_config.h`
nRF5_addMBED(${target} crypto) # crypto is the most minimal library option

See the macro definitions for more info, I've added better comments.

[kevlut]

@nrbrook I made a repo here to reproduce my issues. You should be able to do the following (note the submodule is set to use archive/sdk-16):

• git clone --recurse-submodules https://github.com/kevlut/nRF5-cmake-test.git
• cd nRF5-cmake-test
• cmake -Bcmake-build-download -G "Unix Makefiles"
• cmake --build cmake-build-download/ --target download
• cmake -Bcmake-build-debug -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Debug
• cmake --build cmake-build-debug --target mbedTLSExample

At this point, everything should build successfully.

Next step would be to uncomment lines 41-44 to include mbedTLS info. Two things to note:

1. find_package(Perl) in toolchains\nRF5\nRF5_SDK_16.0.0_98a08e2\external\mbedtls\CMakeLists.txt finds my Perl install. The execute_process on line 34 in that file references ${CMAKE_SOURCE_DIR} when running the perl script, which fails because the CMake source directory is set to my projects directory instead of the mbedTLS directory :

     execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY
                         RESULT_VARIABLE result)

2. If I comment out the Perl stuff from # 1, above, and run cmake --build cmake-build-debug --target mbedTLSExample, I get the following error:

CMake Error at nRF5-cmake-scripts/includes/libraries.cmake:155 (target_link_libraries):
  Cannot specify link libraries for target "mbedTLSExample" which is not
  built by this project.
Call Stack (most recent call first):
  src/CMakeLists.txt:42 (nRF5_addMBED)

[kevlut]

Also it is worth mentioning--I think a nrf_crypto_mbedtls_config.h file needs to be used for the configuration (hence adding it to config directory), but I'm not sure how that would be passed--maybe -DMBEDTLS_CONFIG_FILE=nrf_crypto_mbedtls_config.h when calling CMake; or should it be somewhere within the the CMakeLists.txt.

Another point worth mentioning is I noticed in the example projects, when opening the SEGGER Embedded Studio project file, the projects are set up to compile the mbedTLS source as part of the project rather than compiling mbedTLS into a static .a library and linking against it.