Extend crypto SP to support signature verification
The UEFI service of SMM gateway needs pkcs7 signature verification
to authorize variable accesses. Instead of duplicating the mbedtls
entities, crypto SP will provide an interface to do the signature
verification.
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Change-Id: I7b0472435ac1620c4fe42d0592e1c64faaf10df7
diff --git a/deployments/component-test/component-test.cmake b/deployments/component-test/component-test.cmake
index 1f5c38a..a8718f0 100644
--- a/deployments/component-test/component-test.cmake
+++ b/deployments/component-test/component-test.cmake
@@ -145,6 +145,7 @@
"components/service/crypto/provider/extension/aead/serializer/packed-c"
"components/service/crypto/provider/test"
"components/service/crypto/backend/mbedcrypto"
+ "components/service/crypto/backend/mbedcrypto/mbedtls_fake_x509"
"components/service/crypto/factory/full"
"components/service/crypto/test/unit"
"components/service/crypto/test/service"
@@ -225,6 +226,11 @@
target_link_libraries(component-test PRIVATE MbedTLS::mbedcrypto)
target_link_libraries(component-test PRIVATE MbedTLS::mbedx509)
+# Pass the location of the mbedtls config file to C preprocessor.
+target_compile_definitions(component-test PRIVATE
+ MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}"
+)
+
# Qcbor
include(${TS_ROOT}/external/qcbor/qcbor.cmake)
target_link_libraries(component-test PRIVATE qcbor)
diff --git a/deployments/crypto/crypto.cmake b/deployments/crypto/crypto.cmake
index f6c75bf..155099c 100644
--- a/deployments/crypto/crypto.cmake
+++ b/deployments/crypto/crypto.cmake
@@ -29,6 +29,7 @@
"components/service/crypto/provider/extension/aead/serializer/packed-c"
"components/service/crypto/factory/full"
"components/service/crypto/backend/mbedcrypto"
+ "components/service/crypto/backend/mbedcrypto/mbedtls_fake_x509"
"protocols/rpc/common/packed-c"
"protocols/service/crypto/protobuf"
)
@@ -44,10 +45,17 @@
protobuf_generate_all(TGT "crypto" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols")
# Mbed TLS provides libmbedcrypto
-set(MBEDTLS_USER_CONFIG_FILE "${TS_ROOT}/external/MbedTLS/config/crypto_isolated.h"
+set(MBEDTLS_USER_CONFIG_FILE "${TS_ROOT}/external/MbedTLS/config/libmbedx509.h"
CACHE STRING "Configuration file for Mbed TLS" FORCE)
include(${TS_ROOT}/external/MbedTLS/MbedTLS.cmake)
target_link_libraries(crypto PRIVATE MbedTLS::mbedcrypto)
+target_link_libraries(crypto PRIVATE MbedTLS::mbedx509)
+
+# Provide the config path to mbedtls
+target_compile_definitions(crypto
+ PRIVATE
+ MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}"
+)
#################################################################
diff --git a/deployments/libts/linux-pc/CMakeLists.txt b/deployments/libts/linux-pc/CMakeLists.txt
index d3e2912..38dd75a 100644
--- a/deployments/libts/linux-pc/CMakeLists.txt
+++ b/deployments/libts/linux-pc/CMakeLists.txt
@@ -170,6 +170,11 @@
target_link_libraries(ts PRIVATE MbedTLS::mbedcrypto)
target_link_libraries(ts PRIVATE MbedTLS::mbedx509)
+# Pass the location of the mbedtls config file to C preprocessor.
+target_compile_definitions(ts PRIVATE
+ MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}"
+)
+
# Qcbor
include(${TS_ROOT}/external/qcbor/qcbor.cmake)
target_link_libraries(ts PRIVATE qcbor)