Add support for crypto backend selection

Fixes: #295
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>

Author: sidcha

CMakeLists.txt

@@ -37,6 +37,10 @@ option(OPT_OSDP_STATIC "Build without dynamic memory allocation" OFF)
 option(OPT_OSDP_LIB_ONLY "Only build the library" OFF)
 option(OPT_BUILD_BARE_METAL "Build library for bare metal targets" OFF)
 option(OPT_USE_32BIT_TICK_T "Use uint32_t tick_t on bare-metal targets" OFF)
+set(OPT_OSDP_CRYPTO_BACKEND "auto" CACHE STRING
+	"Crypto backend selection: auto, openssl, mbedtls, or tinyaes")
+set_property(CACHE OPT_OSDP_CRYPTO_BACKEND PROPERTY STRINGS
+	auto openssl mbedtls tinyaes)
 
 ## Includes
 list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")

configure.sh

@@ -19,7 +19,7 @@ usage() {
 	  --skip-mark                  Don't send the leading mark byte (0xFF)
 	  --zero-copy                  Enable zero-copy RX buffers (requires recv_pkt/release_pkt)
 	  --log-minimal                Minimize logger RAM/stack usage
-	  --crypto LIB                 Use methods from LIB (openssl/mbedtls/*tinyaes)
+	  --crypto LIB                 Crypto backend: auto|openssl|mbedtls|tinyaes (default: auto)
 	  --crypto-include-dir DIR     Include directory for crypto LIB if not in system path
 	  --crypto-ld-flags            Args to pass to linker for the crypto LIB
 	  --no-colours                 Don't colourize log ouputs
@@ -149,15 +149,43 @@ if [[ -d .git ]]; then
 	GIT_DIFF=$(git diff --quiet --exit-code || echo +)
 fi
 
-if [[ "${CRYPTO}" == "openssl" ]]; then
+## Crypto backend selection: auto probes openssl → mbedtls → tinyaes by
+## looking for the backend's public header through the compiler's default
+## include path. Explicit names skip the probe and are used as-is.
+probe_header() {
+	echo "#include <$1>" | ${CC} -xc -E - > /dev/null 2>&1
+}
+
+CRYPTO=${CRYPTO:-auto}
+if [[ "${CRYPTO}" == "auto" ]]; then
+	if probe_header openssl/evp.h; then
+		CRYPTO=openssl
+	elif probe_header mbedtls/aes.h; then
+		CRYPTO=mbedtls
+	else
+		CRYPTO=tinyaes
+	fi
+fi
+
+case "${CRYPTO}" in
+openssl)
+	echo "Crypto backend: OpenSSL"
 	LIBOSDP_SOURCES+=" src/crypto/openssl.c"
-elif [[ "${CRYPTO}" == "mbedtls" ]]; then
+	;;
+mbedtls)
+	echo "Crypto backend: MbedTLS"
 	LIBOSDP_SOURCES+=" src/crypto/mbedtls.c"
 	LDFLAGS+=" -lmbedcrypto -lmbedtls"
-else
-	echo "Using in-tree AES methods. Consider using openssl/mbedtls (see --crypto)"
+	;;
+tinyaes)
+	echo "Crypto backend: TinyAES (bundled)"
 	LIBOSDP_SOURCES+=" src/crypto/tinyaes_src.c src/crypto/tinyaes.c"
-fi
+	;;
+*)
+	echo "--crypto must be one of: auto, openssl, mbedtls, tinyaes (got '${CRYPTO}')"
+	exit 1
+	;;
+esac
 
 if [[ ! -z "${CRYPTO_INCLUDE_DIR}" ]]; then
 	CCFLAGS+=" -I${CRYPTO_INCLUDE_DIR}"

src/CMakeLists.txt

@@ -36,13 +36,35 @@ if (OPT_OSDP_STATIC)
 	list(APPEND LIB_OSDP_DEFINITIONS "-DOPT_OSDP_STATIC=1")
 endif()
 
-# optionally, find and use OpenSSL or MbedTLS
-find_package(OpenSSL)
+# Crypto backend selection driven by OPT_OSDP_CRYPTO_BACKEND:
+#   auto    - probe openssl, then mbedtls, else fall back to bundled tinyaes
+#   openssl - require OpenSSL (hard-fail if missing)
+#   mbedtls - require MbedTLS (hard-fail if missing)
+#   tinyaes - force bundled implementation; skip find_package entirely
+set(OpenSSL_FOUND FALSE)
+set(MbedTLS_FOUND FALSE)
+
+if (OPT_OSDP_CRYPTO_BACKEND STREQUAL "auto")
+	find_package(OpenSSL)
+	if (NOT OpenSSL_FOUND)
+		find_package(MbedTLS)
+	endif()
+elseif (OPT_OSDP_CRYPTO_BACKEND STREQUAL "openssl")
+	find_package(OpenSSL REQUIRED)
+elseif (OPT_OSDP_CRYPTO_BACKEND STREQUAL "mbedtls")
+	find_package(MbedTLS REQUIRED)
+elseif (NOT OPT_OSDP_CRYPTO_BACKEND STREQUAL "tinyaes")
+	message(FATAL_ERROR
+		"OPT_OSDP_CRYPTO_BACKEND must be one of: auto, openssl, mbedtls, tinyaes "
+		"(got '${OPT_OSDP_CRYPTO_BACKEND}')")
+endif()
 
-if (NOT OpenSSL_FOUND)
-	find_package(MbedTLS)
+if (OpenSSL_FOUND)
+	message(STATUS "libosdp crypto backend: OpenSSL")
+elseif (MbedTLS_FOUND)
+	message(STATUS "libosdp crypto backend: MbedTLS")
 else()
-	set(MbedTLS_FOUND FALSE)
+	message(STATUS "libosdp crypto backend: TinyAES (bundled)")
 endif()
 
 # Generate osdp_config.h in build dir.

zephyr/CMakeLists.txt

@@ -112,16 +112,22 @@ if (CONFIG_LIBOSDP)
 		)
 	endif()
 
-	# Crypto backend
+	# Crypto backend (driven by the LIBOSDP_CRYPTO_BACKEND Kconfig choice)
 	if (CONFIG_LIBOSDP_CRYPTO_MBEDTLS)
+		message(STATUS "libosdp crypto backend: MbedTLS")
 		zephyr_library_compile_definitions(OPT_OSDP_USE_MBEDTLS)
 		zephyr_library_sources(${OSDP_ROOT}/src/crypto/mbedtls.c)
 		target_include_directories(modules_osdp PRIVATE ${ZEPHYR_MBEDTLS_MODULE_DIR}/include)
 		zephyr_link_libraries(mbedTLS)
 	elseif(CONFIG_LIBOSDP_CRYPTO_TINYAES)
+		message(STATUS "libosdp crypto backend: TinyAES (bundled)")
 		zephyr_library_sources(
 			${OSDP_ROOT}/src/crypto/tinyaes.c
 			${OSDP_ROOT}/src/crypto/tinyaes_src.c
 		)
+	else()
+		message(FATAL_ERROR
+			"No LibOSDP crypto backend selected. "
+			"Enable CONFIG_LIBOSDP_CRYPTO_MBEDTLS or CONFIG_LIBOSDP_CRYPTO_TINYAES.")
 	endif()
 endif()

zephyr/Kconfig

@@ -13,16 +13,26 @@ if LIBOSDP
 choice LIBOSDP_CRYPTO_BACKEND
 	prompt "LibOSDP crypto backend"
 	default LIBOSDP_CRYPTO_MBEDTLS
+	help
+		Select which AES implementation LibOSDP uses for secure
+		channel crypto. Pick MbedTLS if the application already
+		pulls it in; TinyAES otherwise for smallest footprint.
 
 config LIBOSDP_CRYPTO_MBEDTLS
 	bool "MbedTLS"
 	select CRYPTO_MBEDTLS_SHIM
 	select MBEDTLS
 	select MBEDTLS_CIPHER_AES_ENABLED
 	select MBEDTLS_CIPHER_CCM_ENABLED
+	help
+		Use Zephyr's MbedTLS module for AES. Shares code with
+		the rest of the system if MbedTLS is already linked.
 
 config LIBOSDP_CRYPTO_TINYAES
 	bool "TinyAES (in-tree)"
+	help
+		Use the bundled TinyAES implementation. No external
+		crypto dependency; smallest code size.
 
 endchoice