aboutsummaryrefslogtreecommitdiff
path: root/drivers/auth/mbedtls/mbedtls_common.mk
blob: 2bb23f961e5d9e08ed86a7077ca01ea389440eb5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
#
# Copyright (c) 2015-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#

ifneq (${MBEDTLS_COMMON_MK},1)
MBEDTLS_COMMON_MK	:=	1

# MBEDTLS_DIR must be set to the mbed TLS main directory (it must contain
# the 'include' and 'library' subdirectories).
ifeq (${MBEDTLS_DIR},)
  $(error Error: MBEDTLS_DIR not set)
endif

MBEDTLS_INC		=	-I${MBEDTLS_DIR}/include

MBEDTLS_MAJOR=$(shell grep -hP "define MBEDTLS_VERSION_MAJOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
MBEDTLS_MINOR=$(shell grep -hP "define MBEDTLS_VERSION_MINOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
$(info MBEDTLS_VERSION_MAJOR is [${MBEDTLS_MAJOR}] MBEDTLS_VERSION_MINOR is [${MBEDTLS_MINOR}])

ifneq (${MBEDTLS_MAJOR}, 3)
  $(error Error: TF-A only supports MbedTLS versions > 3.x)
endif

# Specify mbed TLS configuration file
ifeq (${PSA_CRYPTO},1)
  MBEDTLS_CONFIG_FILE    ?=    "<drivers/auth/mbedtls/psa_mbedtls_config.h>"
else
  MBEDTLS_CONFIG_FILE    ?=    "<drivers/auth/mbedtls/mbedtls_config-3.h>"
endif

$(eval $(call add_define,MBEDTLS_CONFIG_FILE))

MBEDTLS_SOURCES	+=		drivers/auth/mbedtls/mbedtls_common.c

LIBMBEDTLS_SRCS		+= $(addprefix ${MBEDTLS_DIR}/library/,		\
					aes.c 				\
					asn1parse.c 			\
					asn1write.c 			\
					cipher.c 			\
					cipher_wrap.c 			\
					constant_time.c			\
					hash_info.c			\
					memory_buffer_alloc.c		\
					oid.c 				\
					platform.c 			\
					platform_util.c			\
					bignum.c			\
					bignum_core.c			\
					gcm.c 				\
					md.c				\
					pk.c 				\
					pk_wrap.c 			\
					pkparse.c 			\
					pkwrite.c 			\
					sha256.c            		\
					sha512.c            		\
					ecdsa.c				\
					ecp_curves.c			\
					ecp.c				\
					rsa.c				\
					rsa_alt_helpers.c		\
					x509.c 				\
					x509_crt.c 			\
					)

# Currently on Mbedtls-3 there is outstanding bug due to usage
# of redundant declaration[1], So disable redundant-decls
# compilation flag to avoid compilation error when compiling with
# Mbedtls-3.
# [1]: https://github.com/Mbed-TLS/mbedtls/issues/6910
LIBMBEDTLS_CFLAGS += -Wno-error=redundant-decls

ifeq (${PSA_CRYPTO},1)
LIBMBEDTLS_SRCS         += $(addprefix ${MBEDTLS_DIR}/library/,    	\
					psa_crypto.c                   	\
					psa_crypto_client.c            	\
					psa_crypto_driver_wrappers.c   	\
					psa_crypto_hash.c              	\
					psa_crypto_rsa.c               	\
					psa_crypto_ecp.c               	\
					psa_crypto_slot_management.c   	\
					)
endif

# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
# algorithm to use. If the variable is not defined, select it based on
# algorithm used for key generation `KEY_ALG`. If `KEY_ALG` is not defined,
# then it is set to `rsa`.
ifeq (${TF_MBEDTLS_KEY_ALG},)
    ifeq (${KEY_ALG}, ecdsa)
        TF_MBEDTLS_KEY_ALG		:=	ecdsa
    else
        TF_MBEDTLS_KEY_ALG		:=	rsa
    endif
endif

ifeq (${TF_MBEDTLS_KEY_SIZE},)
    ifneq ($(findstring rsa,${TF_MBEDTLS_KEY_ALG}),)
        ifeq (${KEY_SIZE},)
            TF_MBEDTLS_KEY_SIZE		:=	2048
        else ifneq ($(filter $(KEY_SIZE), 1024 2048 3072 4096),)
            TF_MBEDTLS_KEY_SIZE		:=	${KEY_SIZE}
        else
            $(error "Invalid value for KEY_SIZE: ${KEY_SIZE}")
        endif
    else ifneq ($(findstring ecdsa,${TF_MBEDTLS_KEY_ALG}),)
        ifeq (${KEY_SIZE},)
            TF_MBEDTLS_KEY_SIZE		:=	256
        else ifneq ($(filter $(KEY_SIZE), 256 384),)
            TF_MBEDTLS_KEY_SIZE		:=	${KEY_SIZE}
        else
            $(error "Invalid value for KEY_SIZE: ${KEY_SIZE}")
        endif
    endif
endif

ifeq (${HASH_ALG}, sha384)
    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA384
else ifeq (${HASH_ALG}, sha512)
    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA512
else
    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA256
endif

ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa)
    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_ECDSA
else ifeq (${TF_MBEDTLS_KEY_ALG},rsa)
    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_RSA
else ifeq (${TF_MBEDTLS_KEY_ALG},rsa+ecdsa)
    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_RSA_AND_ECDSA
else
    $(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS")
endif

ifeq (${DECRYPTION_SUPPORT}, aes_gcm)
    TF_MBEDTLS_USE_AES_GCM	:=	1
else
    TF_MBEDTLS_USE_AES_GCM	:=	0
endif

# Needs to be set to drive mbed TLS configuration correctly
$(eval $(call add_defines,\
    $(sort \
        TF_MBEDTLS_KEY_ALG_ID \
        TF_MBEDTLS_KEY_SIZE \
        TF_MBEDTLS_HASH_ALG_ID \
        TF_MBEDTLS_USE_AES_GCM \
)))

$(eval $(call MAKE_LIB,mbedtls))

endif