aboutsummaryrefslogtreecommitdiff
path: root/drivers/auth
diff options
context:
space:
mode:
authorSoby Mathew <soby.mathew@arm.com>2019-09-13 12:00:59 +0000
committerTrustedFirmware Code Review <review@review.trustedfirmware.org>2019-09-13 12:00:59 +0000
commitc428fbaeab3191a5b7fda38fc2aa8da3d716ab97 (patch)
treed45974a3798396c1e0c56ccc9287ed0c3b625cab /drivers/auth
parent76eac18647f3bb81e029309ea61f8c4c5336ca27 (diff)
parent6a415a508ea6acec321e4609d3f8e5c03ba67664 (diff)
downloadtrusted-firmware-a-c428fbaeab3191a5b7fda38fc2aa8da3d716ab97.tar.gz
Merge changes from topic "jc/rsa-pkcs" into integration
* changes: Remove RSA PKCS#1 v1.5 support from cert_tool Add documentation for new KEY_SIZE option Add cert_create tool support for RSA key sizes Support larger RSA key sizes when using MBEDTLS
Diffstat (limited to 'drivers/auth')
-rw-r--r--drivers/auth/mbedtls/mbedtls_common.mk19
-rw-r--r--drivers/auth/tbbr/tbbr_cot.c16
2 files changed, 31 insertions, 4 deletions
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index 63e65bd47c..4b83015417 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -48,9 +48,9 @@ LIBMBEDTLS_SRCS := $(addprefix ${MBEDTLS_DIR}/library/, \
)
# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
-# algorithm to use. If the variable is not defined, select it based on algorithm
-# used for key generation `KEY_ALG`. If `KEY_ALG` is not defined or is
-# defined to `rsa`/`rsa_1_5`, then set the variable to `rsa`.
+# algorithm to use. If the variable is not defined, select it based on
+# algorithm used for key generation `KEY_ALG`. If `KEY_ALG` is not defined,
+# then it is set to `rsa`.
ifeq (${TF_MBEDTLS_KEY_ALG},)
ifeq (${KEY_ALG}, ecdsa)
TF_MBEDTLS_KEY_ALG := ecdsa
@@ -59,6 +59,16 @@ ifeq (${TF_MBEDTLS_KEY_ALG},)
endif
endif
+ifeq (${TF_MBEDTLS_KEY_SIZE},)
+ ifneq ($(findstring rsa,${TF_MBEDTLS_KEY_ALG}),)
+ ifeq (${KEY_SIZE},)
+ TF_MBEDTLS_KEY_SIZE := 2048
+ else
+ TF_MBEDTLS_KEY_SIZE := ${KEY_SIZE}
+ endif
+ endif
+endif
+
ifeq (${HASH_ALG}, sha384)
TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA384
else ifeq (${HASH_ALG}, sha512)
@@ -79,6 +89,7 @@ endif
# Needs to be set to drive mbed TLS configuration correctly
$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID))
+$(eval $(call add_define,TF_MBEDTLS_KEY_SIZE))
$(eval $(call add_define,TF_MBEDTLS_HASH_ALG_ID))
diff --git a/drivers/auth/tbbr/tbbr_cot.c b/drivers/auth/tbbr/tbbr_cot.c
index da3631bbf9..6dd4ae252d 100644
--- a/drivers/auth/tbbr/tbbr_cot.c
+++ b/drivers/auth/tbbr/tbbr_cot.c
@@ -7,6 +7,7 @@
#include <stddef.h>
#include <platform_def.h>
+#include <drivers/auth/mbedtls/mbedtls_config.h>
#include <drivers/auth/auth_mod.h>
#if USE_TBBR_DEFS
@@ -19,7 +20,22 @@
/*
* Maximum key and hash sizes (in DER format)
*/
+#if TF_MBEDTLS_USE_RSA
+#if TF_MBEDTLS_KEY_SIZE == 1024
+#define PK_DER_LEN 162
+#elif TF_MBEDTLS_KEY_SIZE == 2048
#define PK_DER_LEN 294
+#elif TF_MBEDTLS_KEY_SIZE == 3072
+#define PK_DER_LEN 422
+#elif TF_MBEDTLS_KEY_SIZE == 4096
+#define PK_DER_LEN 550
+#else
+#error "Invalid value for TF_MBEDTLS_KEY_SIZE"
+#endif
+#else
+#define PK_DER_LEN 294
+#endif
+
#define HASH_DER_LEN 83
/*