aboutsummaryrefslogtreecommitdiff
path: root/include/drivers/auth
diff options
context:
space:
mode:
authorSoby Mathew <soby.mathew@arm.com>2019-09-13 12:00:59 +0000
committerTrustedFirmware Code Review <review@review.trustedfirmware.org>2019-09-13 12:00:59 +0000
commitc428fbaeab3191a5b7fda38fc2aa8da3d716ab97 (patch)
treed45974a3798396c1e0c56ccc9287ed0c3b625cab /include/drivers/auth
parent76eac18647f3bb81e029309ea61f8c4c5336ca27 (diff)
parent6a415a508ea6acec321e4609d3f8e5c03ba67664 (diff)
downloadtrusted-firmware-a-c428fbaeab3191a5b7fda38fc2aa8da3d716ab97.tar.gz
Merge changes from topic "jc/rsa-pkcs" into integration
* changes: Remove RSA PKCS#1 v1.5 support from cert_tool Add documentation for new KEY_SIZE option Add cert_create tool support for RSA key sizes Support larger RSA key sizes when using MBEDTLS
Diffstat (limited to 'include/drivers/auth')
-rw-r--r--include/drivers/auth/mbedtls/mbedtls_config.h45
1 files changed, 29 insertions, 16 deletions
diff --git a/include/drivers/auth/mbedtls/mbedtls_config.h b/include/drivers/auth/mbedtls/mbedtls_config.h
index f7248f984d..6e179bbd1e 100644
--- a/include/drivers/auth/mbedtls/mbedtls_config.h
+++ b/include/drivers/auth/mbedtls/mbedtls_config.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,6 +13,11 @@
#define TF_MBEDTLS_ECDSA 2
#define TF_MBEDTLS_RSA_AND_ECDSA 3
+#define TF_MBEDTLS_USE_RSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA \
+ || TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
+#define TF_MBEDTLS_USE_ECDSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA \
+ || TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
+
/*
* Hash algorithms currently supported on mbed TLS libraries
*/
@@ -54,19 +59,14 @@
#define MBEDTLS_PLATFORM_C
-#if (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA)
+#if TF_MBEDTLS_USE_ECDSA
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#elif (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA)
-#define MBEDTLS_RSA_C
-#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
-#elif (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
+#endif
+#if TF_MBEDTLS_USE_RSA
#define MBEDTLS_RSA_C
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#endif
#define MBEDTLS_SHA256_C
@@ -80,11 +80,20 @@
#define MBEDTLS_X509_CRT_PARSE_C
/* MPI / BIGNUM options */
-#define MBEDTLS_MPI_WINDOW_SIZE 2
-#define MBEDTLS_MPI_MAX_SIZE 256
+#define MBEDTLS_MPI_WINDOW_SIZE 2
+
+#if TF_MBEDTLS_USE_RSA
+#if TF_MBEDTLS_KEY_SIZE <= 2048
+#define MBEDTLS_MPI_MAX_SIZE 256
+#else
+#define MBEDTLS_MPI_MAX_SIZE 512
+#endif
+#else
+#define MBEDTLS_MPI_MAX_SIZE 256
+#endif
/* Memory buffer allocator options */
-#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 8
+#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 8
#ifndef __ASSEMBLER__
/* System headers required to build mbed TLS with the current configuration */
@@ -95,13 +104,17 @@
/*
* Determine Mbed TLS heap size
* 13312 = 13*1024
- * 7168 = 7*1024
+ * 11264 = 11*1024
+ * 7168 = 7*1024
*/
-#if (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA) \
- || (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
+#if TF_MBEDTLS_USE_ECDSA
#define TF_MBEDTLS_HEAP_SIZE U(13312)
-#elif (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA)
+#elif TF_MBEDTLS_USE_RSA
+#if TF_MBEDTLS_KEY_SIZE <= 2048
#define TF_MBEDTLS_HEAP_SIZE U(7168)
+#else
+#define TF_MBEDTLS_HEAP_SIZE U(11264)
+#endif
#endif
#endif /* MBEDTLS_CONFIG_H */