diff options
author | Soby Mathew <soby.mathew@arm.com> | 2019-09-13 12:00:59 +0000 |
---|---|---|
committer | TrustedFirmware Code Review <review@review.trustedfirmware.org> | 2019-09-13 12:00:59 +0000 |
commit | c428fbaeab3191a5b7fda38fc2aa8da3d716ab97 (patch) | |
tree | d45974a3798396c1e0c56ccc9287ed0c3b625cab /drivers/auth | |
parent | 76eac18647f3bb81e029309ea61f8c4c5336ca27 (diff) | |
parent | 6a415a508ea6acec321e4609d3f8e5c03ba67664 (diff) | |
download | trusted-firmware-a-c428fbaeab3191a5b7fda38fc2aa8da3d716ab97.tar.gz |
Merge changes from topic "jc/rsa-pkcs" into integration
* changes:
Remove RSA PKCS#1 v1.5 support from cert_tool
Add documentation for new KEY_SIZE option
Add cert_create tool support for RSA key sizes
Support larger RSA key sizes when using MBEDTLS
Diffstat (limited to 'drivers/auth')
-rw-r--r-- | drivers/auth/mbedtls/mbedtls_common.mk | 19 | ||||
-rw-r--r-- | drivers/auth/tbbr/tbbr_cot.c | 16 |
2 files changed, 31 insertions, 4 deletions
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk index 63e65bd47c..4b83015417 100644 --- a/drivers/auth/mbedtls/mbedtls_common.mk +++ b/drivers/auth/mbedtls/mbedtls_common.mk @@ -1,5 +1,5 @@ # -# Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -48,9 +48,9 @@ LIBMBEDTLS_SRCS := $(addprefix ${MBEDTLS_DIR}/library/, \ ) # The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key -# algorithm to use. If the variable is not defined, select it based on algorithm -# used for key generation `KEY_ALG`. If `KEY_ALG` is not defined or is -# defined to `rsa`/`rsa_1_5`, then set the variable to `rsa`. +# algorithm to use. If the variable is not defined, select it based on +# algorithm used for key generation `KEY_ALG`. If `KEY_ALG` is not defined, +# then it is set to `rsa`. ifeq (${TF_MBEDTLS_KEY_ALG},) ifeq (${KEY_ALG}, ecdsa) TF_MBEDTLS_KEY_ALG := ecdsa @@ -59,6 +59,16 @@ ifeq (${TF_MBEDTLS_KEY_ALG},) endif endif +ifeq (${TF_MBEDTLS_KEY_SIZE},) + ifneq ($(findstring rsa,${TF_MBEDTLS_KEY_ALG}),) + ifeq (${KEY_SIZE},) + TF_MBEDTLS_KEY_SIZE := 2048 + else + TF_MBEDTLS_KEY_SIZE := ${KEY_SIZE} + endif + endif +endif + ifeq (${HASH_ALG}, sha384) TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA384 else ifeq (${HASH_ALG}, sha512) @@ -79,6 +89,7 @@ endif # Needs to be set to drive mbed TLS configuration correctly $(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID)) +$(eval $(call add_define,TF_MBEDTLS_KEY_SIZE)) $(eval $(call add_define,TF_MBEDTLS_HASH_ALG_ID)) diff --git a/drivers/auth/tbbr/tbbr_cot.c b/drivers/auth/tbbr/tbbr_cot.c index da3631bbf9..6dd4ae252d 100644 --- a/drivers/auth/tbbr/tbbr_cot.c +++ b/drivers/auth/tbbr/tbbr_cot.c @@ -7,6 +7,7 @@ #include <stddef.h> #include <platform_def.h> +#include <drivers/auth/mbedtls/mbedtls_config.h> #include <drivers/auth/auth_mod.h> #if USE_TBBR_DEFS @@ -19,7 +20,22 @@ /* * Maximum key and hash sizes (in DER format) */ +#if TF_MBEDTLS_USE_RSA +#if TF_MBEDTLS_KEY_SIZE == 1024 +#define PK_DER_LEN 162 +#elif TF_MBEDTLS_KEY_SIZE == 2048 #define PK_DER_LEN 294 +#elif TF_MBEDTLS_KEY_SIZE == 3072 +#define PK_DER_LEN 422 +#elif TF_MBEDTLS_KEY_SIZE == 4096 +#define PK_DER_LEN 550 +#else +#error "Invalid value for TF_MBEDTLS_KEY_SIZE" +#endif +#else +#define PK_DER_LEN 294 +#endif + #define HASH_DER_LEN 83 /* |