Merge branch 'openemv-crypto'

* openemv-crypto: Update to latest OpenEMV common crypto submodule Update build for OpenEMV common crypto submodule Use new TDES KCV and AES KCV abstractions Use new AES CMAC abstraction Use new TDES CMAC abstraction Use new TDES CBC-MAC abstraction Update to latest OpenEMV common crypto submodule Use new crypto_rand() helper function Use new crypto_cleanse() and crypto_memcmp_s() helper functions Use new AES crypto abstraction Use new DES/TDES crypto abstraction Add OpenEMV common crypto abstraction as a submodule
openemv · Apr 18, 2022 · 3a84ed6 · 3a84ed6
2 parents 8998672 + cd0fa57
commit 3a84ed6
Show file tree

Hide file tree

Showing 10 changed files with 185 additions and 1,399 deletions.
diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "crypto"]
+	path = crypto
+	url = https://github.com/openemv/crypto.git
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -14,6 +14,17 @@ project(tr31
 	LANGUAGES C
 )
 
+# Determine whether this project is the top-level project
+if(${CMAKE_VERSION} VERSION_LESS "3.21")
+	get_directory_property(TR31_HAS_PARENT PARENT_DIRECTORY)
+	if(NOT TR31_HAS_PARENT)
+		set(TR31_IS_TOP_LEVEL True)
+	endif()
+else()
+	# CMake >=3.21 provides <PROJECT-NAME>_IS_TOP_LEVEL
+	set(TR31_IS_TOP_LEVEL ${tr31_IS_TOP_LEVEL})
+endif()
+
 set(CMAKE_C_STANDARD 11)
 set(CMAKE_C_EXTENSIONS OFF)
 if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX)
@@ -26,6 +37,17 @@ set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_CURRENT_SOURCE_DIR}/cmake/Mo
 
 include(CTest)
 
+# Allow parent scope to provide crypto targets when not building shared libs
+if(TR31_IS_TOP_LEVEL OR BUILD_SHARED_LIBS)
+	add_subdirectory(crypto EXCLUDE_FROM_ALL)
+	add_subdirectory(crypto/test)
+elseif (NOT TARGET crypto_tdes OR
+	NOT TARGET crypto_aes OR
+	NOT TARGET crypto_mem OR
+	NOT TARGET crypto_rand)
+	message(FATAL_ERROR "Parent project must provide crypto libraries for static builds")
+endif()
+
 add_subdirectory(src)
 add_subdirectory(test)
 
@@ -41,7 +63,8 @@ install(FILES
 
 # generate and install basic CMake config files
 include(CMakePackageConfigHelpers) # provides CMake config generator macros
-foreach(pkg IN LISTS TR31_PACKAGE_DEPENDENCIES)
+# NOTE: crypto subdirectory provides CRYPTO_PACKAGE_DEPENDENCIES
+foreach(pkg IN LISTS CRYPTO_PACKAGE_DEPENDENCIES)
 	# build dependency string for use in CMake config file
 	string(APPEND TR31_CONFIG_PACKAGE_DEPENDENCIES "find_dependency(${pkg})\n")
 endforeach()
@@ -76,7 +99,9 @@ export(EXPORT tr31Targets
 set(TR31_INSTALL_PKGCONFIG_DIR ${CMAKE_INSTALL_LIBDIR}/pkgconfig CACHE STRING "Installation location for tr31 pkgconfig files")
 message(STATUS "Using pkgconfig install location \"${TR31_INSTALL_PKGCONFIG_DIR}\"")
 set(TR31_PKGCONFIG_LIB_NAME ${CMAKE_PROJECT_NAME})
-# NOTE: subdirectories will provide TR31_PKGCONFIG_REQ_PRIV and TR31_PKGCONFIG_LIBS_PRIV
+# NOTE: crypto subdirectory provides CRYPTO_PKGCONFIG_REQ_PRIV and CRYPTO_PKGCONFIG_LIBS_PRIV
+set(TR31_PKGCONFIG_REQ_PRIV ${CRYPTO_PKGCONFIG_REQ_PRIV})
+set(TR31_PKGCONFIG_LIBS_PRIV ${CRYPTO_PKGCONFIG_LIBS_PRIV})
 configure_file(pkgconfig/libtr31.pc.in
 	"${CMAKE_CURRENT_BINARY_DIR}/pkgconfig/libtr31.pc"
 	@ONLY

diff --git a/cmake/Modules/FetchMbedTLS.cmake b/cmake/Modules/FetchMbedTLS.cmake
diff --git a/cmake/Modules/FindMbedTLS.cmake b/cmake/Modules/FindMbedTLS.cmake
diff --git a/crypto b/crypto
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -7,35 +7,6 @@
 
 cmake_minimum_required(VERSION 3.16)
 
-find_package(MbedTLS 2.16) # Latest version available on Ubuntu 20.04 and Fedora 34
-option(FETCH_MBEDTLS "Download and build MbedTLS")
-if(NOT MbedTLS_FOUND AND FETCH_MBEDTLS)
-	include(FetchMbedTLS)
-endif()
-
-find_package(OpenSSL 1.1 COMPONENTS Crypto)
-
-# choose crypto implementation and inform parent scope
-if(NOT MbedTLS_FOUND AND NOT OpenSSL_FOUND)
-	message(FATAL_ERROR "Either MbedTLS or OpenSSL is required")
-endif()
-if(MbedTLS_FOUND)
-	# prefer MbedTLS
-	message(STATUS "Using MbedTLS")
-	set(USE_MBEDTLS TRUE)
-	list(APPEND TR31_PACKAGE_DEPENDENCIES "MbedTLS 2.16")
-	set(TR31_PACKAGE_DEPENDENCIES ${TR31_PACKAGE_DEPENDENCIES} PARENT_SCOPE)
-	# NOTE: MbedTLS has no pkgconfig file so TR31_PKGCONFIG_REQ_PRIV cannot be set
-	set(TR31_PKGCONFIG_LIBS_PRIV "-lmbedcrypto" PARENT_SCOPE)
-else()
-	message(STATUS "Using OpenSSL")
-	set(USE_OPENSSL TRUE)
-	list(APPEND TR31_PACKAGE_DEPENDENCIES "OpenSSL 1.1 COMPONENTS Crypto")
-	set(TR31_PACKAGE_DEPENDENCIES ${TR31_PACKAGE_DEPENDENCIES} PARENT_SCOPE)
-	set(TR31_PKGCONFIG_REQ_PRIV "libcrypto" PARENT_SCOPE)
-	set(TR31_PKGCONFIG_LIBS_PRIV "-lcrypto" PARENT_SCOPE)
-endif()
-
 include(CheckFunctionExists)
 check_function_exists("argp_parse" argp_FOUND)
 option(FETCH_ARGP "Download and build argp-standalone")
@@ -70,11 +41,7 @@ target_include_directories(tr31 INTERFACE
 	$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>
 	$<INSTALL_INTERFACE:include/${PROJECT_NAME}>
 )
-if(MbedTLS_FOUND)
-	target_link_libraries(tr31 PRIVATE MbedTLS::mbedcrypto)
-elseif(OpenSSL_FOUND)
-	target_link_libraries(tr31 PRIVATE OpenSSL::Crypto)
-endif()
+target_link_libraries(tr31 PRIVATE crypto_tdes crypto_aes crypto_mem crypto_rand)
 
 # TR-31 command line tool
 add_executable(tr31-tool tr31-tool.c)
@@ -85,6 +52,10 @@ endif()
 
 install(
 	TARGETS
+		crypto_tdes
+		crypto_aes
+		crypto_mem
+		crypto_rand
 		tr31
 		tr31-tool
 	EXPORT tr31Targets # for use by install(EXPORT) command