Add common crypto interface to support mbedtls.

.github/workflows/ci.yml

@@ -65,6 +65,13 @@ jobs:
         path: entity/c
         ref: ${{ github.ref }}
       if: ${{ github.ref}}
+
+    - name: Init and update submodules for sst-c-api (pico-sdk, mbedtls)
+      working-directory: entity/c
+      run: |
+        git submodule sync --recursive
+        git submodule update --init --recursive
+
     - name: Install openssl
       run: sudo apt-get update && sudo apt-get install -y openssl
     - name: Set up JDK 17
@@ -87,15 +94,15 @@ jobs:
         nohup java -jar target/auth-server-jar-with-dependencies.jar -p ../properties/exampleAuth101.properties --password=asdf &
         echo $! > auth.pid  # Save the PID
 
-    - name: Run the file_block_encrypt_example examples.
+    - name: Run the file_block_encrypt_example examples using openssl.
       working-directory: entity/c/examples/file_block_encrypt_example
       run: |
         mkdir build && cd build && cmake ../ && make
         ./block_writer ../block_writer.config
         ./block_reader ../block_reader.config
         ./block_reader_load_s_key_list
 
-    - name: Run the server_client_example examples.
+    - name: Run the server_client_example examples using openssl.
       working-directory: entity/c/examples/server_client_example
       run: |
         mkdir build && cd build && cmake ../ && make
@@ -104,14 +111,39 @@ jobs:
         ./threaded_get_target_id_client ../c_client.config
         ./threaded_get_target_id_server ../c_server.config
 
-    - name: Run the tests examples.
+    - name: Run the tests examples using openssl.
       working-directory: entity/c/tests
       run: |
         mkdir build && cd build && cmake ../ && make
         ./save_load_session_key_list_with_password_test ../test_configs/client.config
         # ./encrypt_buf_with_session_key_without_malloc_execution_time_test ../test_configs/client.config
         ./multi_thread_get_session_key_test ../test_configs/client.config
 
+    # - name: Run the file_block_encrypt_example examples using mbedtls.
+    #   working-directory: entity/c/examples/file_block_encrypt_example
+    #   run: |
+    #     rm -rf build && mkdir build && cd build && cmake -DUSE_MBEDTLS=ON ../ && make
+    #     ./block_writer ../block_writer.config
+    #     ./block_reader ../block_reader.config
+    #     ./block_reader_load_s_key_list
+
+    # - name: Run the server_client_example examples using mbedtls.
+    #   working-directory: entity/c/examples/server_client_example
+    #   run: |
+    #     rm -rf build && mkdir build && cd build && cmake -DUSE_MBEDTLS=ON ../ && make
+    #     ./entity_server ../c_server.config &
+    #     ./entity_client ../c_client.config
+    #     ./threaded_get_target_id_client ../c_client.config
+    #     ./threaded_get_target_id_server ../c_server.config
+
+    # - name: Run the tests examples using mbedtls.
+    #   working-directory: entity/c/tests
+    #   run: |
+    #     rm -rf build && mkdir build && cd build && cmake -DUSE_MBEDTLS=ON ../ && make
+    #     ./save_load_session_key_list_with_password_test ../test_configs/client.config
+    #     # ./encrypt_buf_with_session_key_without_malloc_execution_time_test ../test_configs/client.config
+    #     ./multi_thread_get_session_key_test ../test_configs/client.config
+
     - name: Stop auth server
       working-directory: auth/auth-server
       run: |

.gitmodules

@@ -1,3 +1,6 @@
-[submodule "embedded/lib/mbedtls"]
-	path = embedded/lib/mbedtls
-	url = https://github.com/Mbed-TLS/mbedtls.git
+[submodule "embedded/lib/pico-sdk"]
+	path = embedded/lib/pico-sdk
+	url = https://github.com/raspberrypi/pico-sdk.git
+[submodule "embedded/lib/FreeRTOS-Kernel"]
+	path = embedded/lib/FreeRTOS-Kernel
+	url = https://github.com/FreeRTOS/FreeRTOS-Kernel.git

CMakeLists.txt

@@ -2,23 +2,53 @@
 # $ cmake -DCMAKE_BUILD_TYPE=Debug ../
 
 cmake_minimum_required(VERSION 3.19)
-project(sst-lib VERSION 1.0.0 LANGUAGES C)
 
-find_package(OpenSSL REQUIRED)
-find_package(Threads REQUIRED)
+project(sst-lib VERSION 1.0.0 LANGUAGES C CXX ASM)
 
-add_library(sst-c-api STATIC
+# Crypto backend selection
+option(USE_OPENSSL "Use OpenSSL (default)" ON)
+
+# Pico build off as default
+option(SST_PLATFORM_PICO "Build SST library for Raspberry Pi Pico targets" OFF)
+
+set(SST_CORE_SOURCES
   ${CMAKE_CURRENT_LIST_DIR}/c_api.c
   ${CMAKE_CURRENT_LIST_DIR}/c_common.c
   ${CMAKE_CURRENT_LIST_DIR}/c_crypto.c
   ${CMAKE_CURRENT_LIST_DIR}/c_secure_comm.c
   ${CMAKE_CURRENT_LIST_DIR}/load_config.c
-  ${CMAKE_CURRENT_LIST_DIR}/ipfs.c)
-
-set_target_properties(sst-c-api PROPERTIES POSITION_INDEPENDENT_CODE ON)
+)
 
-# Statically link OpenSSL into sst-c-api
-target_link_libraries(sst-c-api PUBLIC OpenSSL::Crypto OpenSSL::SSL Threads::Threads)
+add_library(sst-c-api STATIC ${SST_CORE_SOURCES})
+
+# Add crypto backend source files
+if(USE_OPENSSL)
+  target_sources(sst-c-api PRIVATE 
+    ${CMAKE_CURRENT_LIST_DIR}/crypto_openssl.c
+    ${CMAKE_CURRENT_LIST_DIR}/ipfs.c)
+  target_compile_definitions(sst-c-api PUBLIC USE_OPENSSL)
+  find_package(OpenSSL REQUIRED)
+  target_link_libraries(sst-c-api PUBLIC OpenSSL::Crypto OpenSSL::SSL)
+  # list(APPEND SST_CORE_SOURCES ${CMAKE_CURRENT_LIST_DIR}/ipfs.c)
+elseif(SST_PLATFORM_PICO)
+  set(FREERTOS_KERNEL_PATH "${CMAKE_CURRENT_LIST_DIR}/embedded/lib/FreeRTOS-Kernel" CACHE PATH "Path to FreeRTOS Kernel" FORCE)
+  include(${FREERTOS_KERNEL_PATH}/portable/ThirdParty/GCC/RP2040/FreeRTOS_Kernel_import.cmake)
+  pico_sdk_init()
+  target_link_libraries(sst-c-api PRIVATE 
+    pico_cyw43_arch_lwip_sys_freertos
+    pico_stdlib
+    pico_mbedtls
+    FreeRTOS-Kernel-Heap4
+  )
+  target_sources(sst-c-api PRIVATE ${CMAKE_CURRENT_LIST_DIR}/crypto_mbedtls.c)
+  target_compile_definitions(sst-c-api PUBLIC USE_MBEDTLS)
+  target_compile_definitions(sst-c-api PUBLIC SST_PLATFORM_PICO)
+  # Include lwipopts.h & mbedtls_sst_config.h & FreeRTOSConfig.h
+  target_include_directories(sst-c-api PRIVATE
+    # ${CMAKE_CURRENT_LIST_DIR}
+    ${CMAKE_CURRENT_LIST_DIR}/embedded/include
+  )
+endif()
 
 target_include_directories(sst-c-api PUBLIC
   $<INSTALL_INTERFACE:include>
@@ -28,8 +58,11 @@ target_include_directories(sst-c-api PUBLIC
 # Compiler flags
 if(MSVC)
   target_compile_options(sst-c-api PRIVATE /W4 /WX)
+elseif(SST_PLATFORM_PICO)
+  target_compile_options(sst-c-api PRIVATE -Wall -Wextra)
 elseif(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
 # Exclude errors, because some can use GNU-specific variadic arguments. This is done for only compiling the SST library.
+  target_compile_options(sst-c-api PRIVATE -Wall -Wextra)
 else()
   target_compile_options(sst-c-api PRIVATE -Wall -Wextra -Wpedantic -Werror)
 endif()
@@ -40,49 +73,43 @@ if(CMAKE_BUILD_TYPE STREQUAL "Debug" OR CMAKE_BUILD_TYPE STREQUAL "DEBUG")
   target_compile_definitions(sst-c-api PRIVATE DEBUG=1)
 endif()
 
-# Install the library
-# Installs in /usr/local/lib/cmake/sst-lib/sst-libTargets.cmake & sst-libTargets-noconfig.cmake
-# Contains target definitions for sst-c-api
-# Helps CMake know how to link against sst-c-api
-
-# sst-libTargets-noconfig.cmake Acts as the entry point for find_package(sst-lib)
-# Defines where to look for sst-libTargets.cmake
-install(TARGETS sst-c-api
-  EXPORT sst-libTargets
-  LIBRARY DESTINATION lib
-  ARCHIVE DESTINATION lib
-  RUNTIME DESTINATION bin
-)
-
-# Export targets for find_package()
-include(CMakePackageConfigHelpers)
-
-install(
-  EXPORT sst-libTargets
-  FILE sst-libTargets.cmake
-  NAMESPACE sst-lib::
-  DESTINATION lib/cmake/sst-lib
-)
-
-# Creates in /usr/local/lib/cmake/sst-lib/sst-libConfig.cmake
-# Acts as the entry point for find_package(sst-lib)
-# Defines where to look for sst-libTargets.cmake
-configure_package_config_file(
-  ${CMAKE_CURRENT_SOURCE_DIR}/cmake/sst-libConfig.cmake.in
-  ${CMAKE_CURRENT_BINARY_DIR}/sst-libConfig.cmake
-  INSTALL_DESTINATION lib/cmake/sst-lib
-)
-install(
-  FILES ${CMAKE_CURRENT_BINARY_DIR}/sst-libConfig.cmake
-  DESTINATION lib/cmake/sst-lib
-)
+# Install/export only when not vendoring mbedTLS
+if(USE_OPENSSL)
+  # Install the library and export target
+  install(TARGETS sst-c-api
+    EXPORT sst-libTargets
+    LIBRARY DESTINATION lib
+    ARCHIVE DESTINATION lib
+    RUNTIME DESTINATION bin
+  )
+
+  include(CMakePackageConfigHelpers)
+
+  install(
+    EXPORT sst-libTargets
+    FILE sst-libTargets.cmake
+    NAMESPACE sst-lib::
+    DESTINATION lib/cmake/sst-lib
+  )
+
+  configure_package_config_file(
+    ${CMAKE_CURRENT_SOURCE_DIR}/cmake/sst-libConfig.cmake.in
+    ${CMAKE_CURRENT_BINARY_DIR}/sst-libConfig.cmake
+    INSTALL_DESTINATION lib/cmake/sst-lib
+  )
+  install(
+    FILES ${CMAKE_CURRENT_BINARY_DIR}/sst-libConfig.cmake
+    DESTINATION lib/cmake/sst-lib
+  )
+endif()
 
 # Install headers
 install(FILES c_api.h DESTINATION include/sst-c-api)
 
-# Build unit tests
-enable_testing()
-
-add_executable(crypto_test ${CMAKE_CURRENT_SOURCE_DIR}/tests/c_crypto_test.c)
-target_link_libraries(crypto_test PRIVATE sst-c-api)
-add_test(NAME crypto_test COMMAND crypto_test)
+# Build unit tests only for host builds (not Pico SDK)
+if(USE_OPENSSL)
+  enable_testing()
+  add_executable(crypto_test ${CMAKE_CURRENT_SOURCE_DIR}/tests/c_crypto_test.c)
+  target_link_libraries(crypto_test PRIVATE sst-c-api)
+  add_test(NAME crypto_test COMMAND crypto_test)
+endif()

README.md

@@ -136,23 +136,7 @@ $sudo make install
 
 # Example
 
--   Turn on two different terminals at `$SST_ROOT/entity/c/examples/server_client_example/build`, and turn on Auth on the third terminal.
-
-Execute
-
-`$./entity_client ../c_client.config`
-
-`$./entity_server ../c_server.config`
-
-on each terminal
-
-To test AES_128_CTR mode, with noHMAC when exchanging messages, execute
-
-`$./entity_client ../c_computenode_CTR_noHMAC.config`
-
-`$./entity_server ../c_compactionnode_CTR_noHMAC.config`
-
-This will get all keys encrypted in AES_128_CTR mode, and send all messages in CTR mode, with no HMAC.
+To run examples, please checkout the [`examples/`](./examples/README.md) directory.
 
 # For Developers
 
@@ -168,4 +152,4 @@ This will get all keys encrypted in AES_128_CTR mode, and send all messages in C
 
 -   Implement an additional API function for extracting session key from cached session keys.
 
-*Last updated on February 2, 2024*
+*Last updated on December 5, 2025*