feat(lib): add mbedtls support
Add support for compiling Mbed TLS from external source.
The Mbed TLS library is compiled from source pointed by MBEDTLS_DIR
environment variable. Any TFTF test that includes mbedtls.mk will have
support for mbedtls library. Note that by default the MBEDTLS_DIR will
point to the default submodule directory (ext/mbedtls).
This support is added for testing RMM capabilities related to
Device Assignment in RMM.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I0e386334078812e5ff5bdcffd4143732e0478b64
diff --git a/include/configs/tftf_mbedtls_config.h b/include/configs/tftf_mbedtls_config.h
new file mode 100644
index 0000000..ece8282
--- /dev/null
+++ b/include/configs/tftf_mbedtls_config.h
@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/*
+ * Based on migration guide[1]:
+ *
+ * config.h was split into build_info.h and mbedtls_config.h. In code, use
+ * #include <mbedtls/build_info.h>. Don't include mbedtls/config.h and don't
+ * refer to MBEDTLS_CONFIG_FILE. And also the guide recommends, if you have a
+ * custom configuration file don't define MBEDTLS_CONFIG_H anymore.
+ *
+ * [1] https://github.com/Mbed-TLS/mbedtls/blob/v3.6.0/docs/3.0-migration-guide.md
+ */
+
+#include <limits.h>
+/* This is needed for size_t */
+#include <stddef.h>
+/* For snprintf function declaration */
+#include <stdio.h>
+
+/* This file is compatible with release 3.6.0 */
+#define MBEDTLS_CONFIG_VERSION 0x03060000
+
+/* Configuration file to build mbed TLS with the required features for TFTF */
+#define MBEDTLS_PLATFORM_MEMORY
+
+#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+
+#define MBEDTLS_CIPHER_C
+
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_RESTARTABLE
+#define MBEDTLS_ECDSA_C
+#define MBEDTLS_ECDSA_DETERMINISTIC
+#define MBEDTLS_ECP_WINDOW_SIZE (2U) /* Valid range = [2,7] */
+
+/*
+ * This is enabled in TFTF as PSA calls are made within the trust boundary.
+ * Disabling this option causes mbedtls to create a local copy of input buffer
+ * using buffer_alloc_calloc().
+ */
+#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
+
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+
+#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf
+
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_BIGNUM_C
+
+#define MBEDTLS_ERROR_C
+
+#define MBEDTLS_HKDF_C
+#define MBEDTLS_HMAC_DRBG_C
+
+#define MBEDTLS_MD_C
+
+#define MBEDTLS_PLATFORM_C
+
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SHA224_C
+#define MBEDTLS_SHA384_C
+#define MBEDTLS_SHA512_C
+
+#define MBEDTLS_VERSION_C
+
+/*
+ * Prevent the use of 128-bit division which
+ * creates dependency on external libraries.
+ */
+#define MBEDTLS_NO_UDBL_DIVISION
+
+/* Memory buffer allocator option */
+#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 8
+
+#define MBEDTLS_GENPRIME
+
+#define MBEDTLS_X509_CRL_PARSE_C
+#define MBEDTLS_X509_CSR_PARSE_C
+#define MBEDTLS_X509_CREATE_C
+#define MBEDTLS_X509_CSR_WRITE_C
+
+#define MBEDTLS_AES_C
+#define MBEDTLS_GCM_C
+
+#define MBEDTLS_CHACHA20_C
+#define MBEDTLS_POLY1305_C
+#define MBEDTLS_CHACHAPOLY_C
+
+#define MBEDTLS_ECDH_C
+#define MBEDTLS_DHM_C
+
+#define MBEDTLS_PK_WRITE_C
+
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+
+#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
+
+#define MBEDTLS_OID_C
+#define MBEDTLS_RSA_C
+#define MBEDTLS_PKCS1_V21
+
+#define MBEDTLS_X509_USE_C
+#define MBEDTLS_X509_CRT_PARSE_C
+
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
diff --git a/lib/ext_mbedtls/mbedtls.mk b/lib/ext_mbedtls/mbedtls.mk
new file mode 100644
index 0000000..1845bf9
--- /dev/null
+++ b/lib/ext_mbedtls/mbedtls.mk
@@ -0,0 +1,55 @@
+#
+# Copyright (c) 2024, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+MBEDTLS_DIR ?= ext/mbedtls
+ifeq (${MBEDTLS_DIR},)
+$(error Error: MBEDTLS_DIR not set)
+endif
+
+MBEDTLS_CHECK := $(shell find ${MBEDTLS_DIR}/include -name mbedtls)
+
+ifneq (${MBEDTLS_CHECK},)
+$(info Found mbedTLS at ${MBEDTLS_DIR})
+
+TFTF_INCLUDES += -I${MBEDTLS_DIR}/include
+MBEDTLS_CONFIG_FILE ?= "<configs/tftf_mbedtls_config.h>"
+$(eval $(call add_define,TFTF_DEFINES,MBEDTLS_CONFIG_FILE))
+
+#
+# Include mbedtls source required to parse x509 certificate and its helper
+# routines. This can be later extended to include other crypto/PSA crypto
+# library sources.
+#
+TESTS_SOURCES += \
+ $(addprefix ${MBEDTLS_DIR}/library/, \
+ asn1parse.c \
+ asn1write.c \
+ constant_time.c \
+ bignum.c \
+ oid.c \
+ hmac_drbg.c \
+ memory_buffer_alloc.c \
+ platform.c \
+ platform_util.c \
+ bignum_core.c \
+ md.c \
+ pk.c \
+ pk_ecc.c \
+ pk_wrap.c \
+ pkparse.c \
+ sha256.c \
+ sha512.c \
+ ecdsa.c \
+ ecp_curves.c \
+ ecp.c \
+ rsa.c \
+ rsa_alt_helpers.c \
+ x509.c \
+ x509_crt.c \
+ )
+else
+$(info MbedTLS not found, some dependent tests will be skipped or failed.)
+endif
\ No newline at end of file