Improve pkcs11 build configuration by enabling options in cmake

bryan-hunt · bryan-hunt · commit 8321f8118fb8 · 2022-04-14T12:07:15.000-07:00
diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
@@ -84,15 +84,13 @@ file(GLOB HOST_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "host/*.c")
 file(GLOB HOST_INC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "host/*.h")
 file(GLOB JWT_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "jwt/*.c")
 file(GLOB JWT_INC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "jwt/*.h")
-file(GLOB PKCS11_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "pkcs11/*.c")
-file(GLOB PKCS11_INC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "pkcs11/*.h")
 file(GLOB TNG_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "../app/tng/*.c")
 file(GLOB TNG_INC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "../app/tng/*.h")
 file(GLOB SHA206_API_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "../app/api_206a/*.c")
 file(GLOB SHA206_API_INC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "../app/api_206a/*.h")
 
-if(ATCA_PKCS11 AND (ATCA_TNGTLS_SUPPORT OR ATCA_TNGLORA_SUPPORT OR ATCA_TFLEX_SUPPORT))
-SET(TNG_SRC ${TNG_SRC} ../app/pkcs11/trust_pkcs11_config.c)
+if(ATCA_PKCS11)
+include(cmake/pkcs11.cmake)
 endif()
 
 if(${CMAKE_VERSION} VERSION_GREATER "3.8.0")
@@ -102,7 +100,6 @@ source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${TALIB_SRC})
 source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${CRYPTO_SRC})
 source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${HOST_SRC})
 source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${JWT_SRC})
-source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${PKCS11_SRC})
 source_group("App/Tng" FILES ${TNG_SRC})
 endif()
 
@@ -216,6 +213,7 @@ set(CRYPTOAUTH_SRC ${LIB_SRC}
                    ${CRYPTO_SRC}
                    ${JWT_SRC}
                    ${TNG_SRC}
+                   ${PKCS11_SRC}
                    ${MBEDTLS_SRC}
                    ${WOLFSSL_SRC}
                    ${OPENSSL_SRC}
@@ -317,14 +315,6 @@ if(ATCA_MBEDTLS)
 set(CRYPTOAUTH_SRC ${CRYPTOAUTH_SRC} ${MBEDTLS_SRC})
 endif()
 
-if(ATCA_PKCS11)
-set(CRYPTOAUTH_SRC ${CRYPTOAUTH_SRC} ${PKCS11_SRC})
-set(ATCA_LIBRARY_CONF ${DEFAULT_CONF_PATH}/${DEFAULT_CONF_FILE_NAME} CACHE STRING "" FORCE)
-if(PKCS11_DEBUG_ENABLE)
-add_definitions(-DPKCS11_DEBUG_ENABLE)
-endif(PKCS11_DEBUG_ENABLE)
-endif()
-
 if(ATCA_BUILD_SHARED_LIBS)
 add_definitions(-DATCA_BUILD_SHARED_LIBS)
 set(CRYPTOAUTH_SRC ${CRYPTOAUTH_SRC} atca_utils_sizes.c)
@@ -346,14 +336,11 @@ if(BUILD_TESTS)
 set(ATCA_TESTS_ENABLED ON CACHE INTERNAL "")
 endif(BUILD_TESTS)
 
+set(ATCA_LIBRARY_CONF ${DEFAULT_CONF_PATH}/${DEFAULT_CONF_FILE_NAME} CACHE STRING "" FORCE)
+
 configure_file(atca_config.h.in atca_config.h @ONLY)
 set(LIB_INC ${LIB_INC} ${CMAKE_CURRENT_BINARY_DIR}/atca_config.h)
 
-if(ATCA_PKCS11)
-configure_file(pkcs11/pkcs11_config.h.in pkcs11_config.h @ONLY)
-set(PKCS11_INC ${PKCS11_INC} ${CMAKE_CURRENT_BINARY_DIR}/pkcs11_config.h)
-endif()
-
 include_directories(cryptoauth PUBLIC ${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_SOURCE_DIR} ../app/tng ../third_party ../third_party/hidapi/hidapi ${USB_INCLUDE_DIR})
 
 if(ATCA_MBEDTLS)
@@ -415,7 +402,9 @@ install(FILES ${CRYPTO_INC} DESTINATION ${DEFAULT_INC_PATH}/crypto COMPONENT Dev
 install(FILES ${CRYPTO_HASHES_INC} DESTINATION ${DEFAULT_INC_PATH}/crypto/hashes COMPONENT Development)
 install(FILES ${HOST_INC} DESTINATION ${DEFAULT_INC_PATH}/host COMPONENT Development)
 install(FILES ${JWT_INC} DESTINATION ${DEFAULT_INC_PATH}/jwt COMPONENT Development)
+if (ATCA_PKCS11)
 install(FILES ${PKCS11_INC} DESTINATION ${DEFAULT_INC_PATH}/pkcs11 COMPONENT Development)
+endif()
 install(FILES ${TNG_INC} DESTINATION ${DEFAULT_INC_PATH}/app/tng COMPONENT Development)
 install(FILES ${SHA206_API_INC} DESTINATION ${DEFAULT_INC_PATH}/app/api_206a COMPONENT Development)
-endif(DEFAULT_INC_PATH)
+endif(DEFAULT_INC_PATH)
diff --git a/lib/cmake/pkcs11.cmake b/lib/cmake/pkcs11.cmake
@@ -0,0 +1,31 @@
+# Helper CMake file for PKCS11 extension to the library
+
+# PKCS11 Configuration Options - See pkcs11_config.h.in
+set(PKCS11_DEBUG_ENABLE         OFF CACHE BOOL   "Enable PKCS#11 Debugging Messages")
+set(PKCS11_USE_STATIC_MEMORY    ${ATCA_NO_HEAP}  CACHE BOOL   "Use Static Memory Allocation")
+set(PKCS11_USE_STATIC_CONFIG    OFF CACHE BOOL   "Use a compiled configuration rather than loading from a filestore")
+set(PKCS11_MAX_SLOTS_ALLOWED    1   CACHE STRING "Maximum number of slots allowed in the system")
+set(PKCS11_MAX_SESSIONS_ALLOWED 10  CACHE STRING "Maximum number of total sessions allowed in the system")
+set(PKCS11_MAX_OBJECTS_ALLOWED  16  CACHE STRING "Maximum number of cryptographic objects allowed to be cached")
+set(PKCS11_MAX_LABEL_SIZE       30  CACHE STRING "Maximum label size in characters")
+set(PKCS11_LOCK_PIN_SLOT        OFF CACHE BOOL   "Define to lock the PIN slot after writing")
+set(PKCS11_PIN_KDF_ALWAYS       OFF CACHE BOOL   "Define to always convert PIN using KDF")
+set(PKCS11_PIN_PBKDF2_EN        OFF CACHE BOOL   "Define to use PBKDF2 for PIN KDF")
+set(PKCS11_PIN_PBKDF2_ITERATIONS  2 CACHE STRING "Define how many iterations PBKDF2 will use for PIN KDF")
+set(PKCS11_SEARCH_CACHE_SIZE    250 CACHE STRING "Static Search Attribute Cache in bytes")
+set(PKCS11_TOKEN_INIT_SUPPORT   OFF CACHE BOOL   "Support for configuring a blank or new device")
+set(PKCS11_MONOTONIC_ENABLE     OFF CACHE BOOL   "Include the monotonic hardware feature as an object")
+
+file(GLOB PKCS11_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "pkcs11/*.c")
+file(GLOB PKCS11_INC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "pkcs11/*.h")
+
+configure_file(pkcs11/pkcs11_config.h.in ${CMAKE_CURRENT_BINARY_DIR}/pkcs11_config.h @ONLY)
+set(PKCS11_INC ${PKCS11_INC} ${CMAKE_CURRENT_BINARY_DIR}/pkcs11_config.h)
+
+if(ATCA_TNGTLS_SUPPORT OR ATCA_TNGLORA_SUPPORT OR ATCA_TFLEX_SUPPORT)
+SET(TNG_SRC ${TNG_SRC} ../app/pkcs11/trust_pkcs11_config.c)
+endif()
+
+if(${CMAKE_VERSION} VERSION_GREATER "3.8.0")
+source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${PKCS11_SRC})
+endif()
diff --git a/lib/pkcs11/pkcs11_config.h.in b/lib/pkcs11/pkcs11_config.h.in
@@ -35,44 +35,44 @@
 
 /** Define to lock the PIN slot after writing */
 #ifndef PKCS11_LOCK_PIN_SLOT
-#define PKCS11_LOCK_PIN_SLOT            0
+#cmakedefine01 PKCS11_LOCK_PIN_SLOT
 #endif
 
 /** Enable PKCS#11 Debugging Messages */
 #ifndef PKCS11_DEBUG_ENABLE
-#define PKCS11_DEBUG_ENABLE             0
+#cmakedefine01 PKCS11_DEBUG_ENABLE
 #endif
 
 /** Use Static or Dynamic Allocation */
 #ifndef PKCS11_USE_STATIC_MEMORY
-#define PKCS11_USE_STATIC_MEMORY        1
+#cmakedefine01 PKCS11_USE_STATIC_MEMORY
 #endif
 
 /** Use a compiled configuration rather than loading from a filestore */
 #ifndef PKCS11_USE_STATIC_CONFIG
-#define PKCS11_USE_STATIC_CONFIG        0
+#cmakedefine01 PKCS11_USE_STATIC_CONFIG
 #endif
 
 /** Maximum number of slots allowed in the system - if static memory this will
    always be the number of slots */
 #ifndef PKCS11_MAX_SLOTS_ALLOWED
-#define PKCS11_MAX_SLOTS_ALLOWED        1
+#define PKCS11_MAX_SLOTS_ALLOWED        @PKCS11_MAX_SLOTS_ALLOWED@
 #endif
 
 /** Maximum number of total sessions allowed in the system - if using static
    memory then this many session contexts will be allocated */
 #ifndef PKCS11_MAX_SESSIONS_ALLOWED
-#define PKCS11_MAX_SESSIONS_ALLOWED     10
+#define PKCS11_MAX_SESSIONS_ALLOWED     @PKCS11_MAX_SESSIONS_ALLOWED@
 #endif
 
 /** Maximum number of cryptographic objects allowed to be cached */
 #ifndef PKCS11_MAX_OBJECTS_ALLOWED
-#define PKCS11_MAX_OBJECTS_ALLOWED      16
+#define PKCS11_MAX_OBJECTS_ALLOWED      @PKCS11_MAX_OBJECTS_ALLOWED@
 #endif
 
 /** Maximum label size in characters */
 #ifndef PKCS11_MAX_LABEL_SIZE
-#define PKCS11_MAX_LABEL_SIZE           30
+#define PKCS11_MAX_LABEL_SIZE           @PKCS11_MAX_LABEL_SIZE@
 #endif
 
 /** Define to always convert PIN using KDF */
@@ -83,8 +83,8 @@
 
 /** Define how many iterations PBKDF2 will use for PIN KDF */
 #if defined(PKCS11_PIN_PBKDF2_EN) && !defined(PKCS11_PIN_PBKDF2_ITERATIONS)
-#define PKCS11_PIN_PBKDF2_ITERATIONS    2
-#endif    
+#define PKCS11_PIN_PBKDF2_ITERATIONS    @PKCS11_PIN_PBKDF2_ITERATIONS@
+#endif
 
 /****************************************************************************/
 /* The following configuration options are for fine tuning of the library   */
@@ -96,23 +96,23 @@
    intends to use. Otherwise compilers will not be able to optimize out the unusued
    functions */
 #ifndef PKCS11_EXTERNAL_FUNCTION_LIST
-#define PKCS11_EXTERNAL_FUNCTION_LIST    0
+#cmakedefine01 PKCS11_EXTERNAL_FUNCTION_LIST
 #endif
 
 /** Static Search Attribute Cache in bytes (variable number of attributes based
    on size and memory requirements) */
 #ifndef PKCS11_SEARCH_CACHE_SIZE
-#define PKCS11_SEARCH_CACHE_SIZE        250
+#define PKCS11_SEARCH_CACHE_SIZE        @PKCS11_SEARCH_CACHE_SIZE@
 #endif
 
 /** Support for configuring a "blank" or new device */
 #ifndef PKCS11_TOKEN_INIT_SUPPORT
-#define PKCS11_TOKEN_INIT_SUPPORT       1
+#cmakedefine01 PKCS11_TOKEN_INIT_SUPPORT
 #endif
 
 /** Include the monotonic hardware feature as an object */
 #ifndef PKCS11_MONOTONIC_ENABLE
-#define PKCS11_MONOTONIC_ENABLE         0
+#cmakedefine01 PKCS11_MONOTONIC_ENABLE
 #endif
 
 
