Home Explore Help
Sign In
OWEALs
/
arm-trusted-firmware
mirror of https://github.com/ARM-software/arm-trusted-firmware
2
0
Fork 0
Files Issues 1 Wiki
Tree: 4ec2948fe3
Branches Tags
arm-trusted-fir...
/
drivers
/
auth
/
mbedtls
/
mbedtls_common.mk

mbedtls_common.mk 4.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157 
  1. #
    2. 

  2. # Copyright (c) 2015-2024, Arm Limited. All rights reserved.
    3. 

  3. #
    4. 

  4. # SPDX-License-Identifier: BSD-3-Clause
    5. 

  5. #
    6. 

  6. 

  7. ifneq (${MBEDTLS_COMMON_MK},1)
    8. 

  8. MBEDTLS_COMMON_MK	:=	1
    9. 

  9. 

  10. # MBEDTLS_DIR must be set to the mbed TLS main directory (it must contain
    11. 

  11. # the 'include' and 'library' subdirectories).
    12. 

  12. ifeq (${MBEDTLS_DIR},)
    13. 

  13.   $(error Error: MBEDTLS_DIR not set)
    14. 

  14. endif
    15. 

  15. 

  16. MBEDTLS_INC		=	-I${MBEDTLS_DIR}/include
    17. 

  17. 

  18. MBEDTLS_MAJOR=$(shell grep -hP "define MBEDTLS_VERSION_MAJOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
    19. 

  19. MBEDTLS_MINOR=$(shell grep -hP "define MBEDTLS_VERSION_MINOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
    20. 

  20. $(info MBEDTLS_VERSION_MAJOR is [${MBEDTLS_MAJOR}] MBEDTLS_VERSION_MINOR is [${MBEDTLS_MINOR}])
    21. 

  21. 

  22. ifneq (${MBEDTLS_MAJOR}, 3)
    23. 

  23.   $(error Error: TF-A only supports MbedTLS versions > 3.x)
    24. 

  24. endif
    25. 

  25. 

  26. # Specify mbed TLS configuration file
    27. 

  27. ifeq (${PSA_CRYPTO},1)
    28. 

  28.   MBEDTLS_CONFIG_FILE    ?=    "<drivers/auth/mbedtls/psa_mbedtls_config.h>"
    29. 

  29. else
    30. 

  30.   MBEDTLS_CONFIG_FILE    ?=    "<drivers/auth/mbedtls/mbedtls_config-3.h>"
    31. 

  31. endif
    32. 

  32. 

  33. $(eval $(call add_define,MBEDTLS_CONFIG_FILE))
    34. 

  34. 

  35. MBEDTLS_SOURCES	+=		drivers/auth/mbedtls/mbedtls_common.c
    36. 

  36. 

  37. LIBMBEDTLS_SRCS		+= $(addprefix ${MBEDTLS_DIR}/library/,		\
    38. 

  38. 					aes.c 				\
    39. 

  39. 					asn1parse.c 			\
    40. 

  40. 					asn1write.c 			\
    41. 

  41. 					cipher.c 			\
    42. 

  42. 					cipher_wrap.c 			\
    43. 

  43. 					constant_time.c			\
    44. 

  44. 					memory_buffer_alloc.c		\
    45. 

  45. 					oid.c 				\
    46. 

  46. 					platform.c 			\
    47. 

  47. 					platform_util.c			\
    48. 

  48. 					bignum.c			\
    49. 

  49. 					bignum_core.c			\
    50. 

  50. 					gcm.c 				\
    51. 

  51. 					md.c				\
    52. 

  52. 					pk.c 				\
    53. 

  53. 					pk_ecc.c 			\
    54. 

  54. 					pk_wrap.c 			\
    55. 

  55. 					pkparse.c 			\
    56. 

  56. 					pkwrite.c 			\
    57. 

  57. 					sha256.c            		\
    58. 

  58. 					sha512.c            		\
    59. 

  59. 					ecdsa.c				\
    60. 

  60. 					ecp_curves.c			\
    61. 

  61. 					ecp.c				\
    62. 

  62. 					rsa.c				\
    63. 

  63. 					rsa_alt_helpers.c		\
    64. 

  64. 					x509.c 				\
    65. 

  65. 					x509_crt.c 			\
    66. 

  66. 					)
    67. 

  67. 

  68. ifeq (${PSA_CRYPTO},1)
    69. 

  69. LIBMBEDTLS_SRCS         += $(addprefix ${MBEDTLS_DIR}/library/,    	\
    70. 

  70. 					psa_crypto.c                   	\
    71. 

  71. 					psa_crypto_client.c            	\
    72. 

  72. 					psa_crypto_hash.c              	\
    73. 

  73. 					psa_crypto_rsa.c               	\
    74. 

  74. 					psa_crypto_ecp.c               	\
    75. 

  75. 					psa_crypto_slot_management.c   	\
    76. 

  76. 					psa_crypto_aead.c               \
    77. 

  77. 					psa_crypto_cipher.c             \
    78. 

  78. 					psa_util.c			\
    79. 

  79. 					)
    80. 

  80. endif
    81. 

  81. 

  82. # The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
    83. 

  83. # algorithm to use. If the variable is not defined, select it based on
    84. 

  84. # algorithm used for key generation `KEY_ALG`. If `KEY_ALG` is not defined,
    85. 

  85. # then it is set to `rsa`.
    86. 

  86. ifeq (${TF_MBEDTLS_KEY_ALG},)
    87. 

  87.     ifeq (${KEY_ALG}, ecdsa)
    88. 

  88.         TF_MBEDTLS_KEY_ALG		:=	ecdsa
    89. 

  89.     else
    90. 

  90.         TF_MBEDTLS_KEY_ALG		:=	rsa
    91. 

  91.     endif
    92. 

  92. endif
    93. 

  93. 

  94. ifeq (${TF_MBEDTLS_KEY_SIZE},)
    95. 

  95.     ifneq ($(findstring rsa,${TF_MBEDTLS_KEY_ALG}),)
    96. 

  96.         ifeq (${KEY_SIZE},)
    97. 

  97.             TF_MBEDTLS_KEY_SIZE		:=	2048
    98. 

  98.         else ifneq ($(filter $(KEY_SIZE), 1024 2048 3072 4096),)
    99. 

  99.             TF_MBEDTLS_KEY_SIZE		:=	${KEY_SIZE}
    100. 

  100.         else
    101. 

  101.             $(error "Invalid value for KEY_SIZE: ${KEY_SIZE}")
    102. 

  102.         endif
    103. 

  103.     else ifneq ($(findstring ecdsa,${TF_MBEDTLS_KEY_ALG}),)
    104. 

  104.         ifeq (${KEY_SIZE},)
    105. 

  105.             TF_MBEDTLS_KEY_SIZE		:=	256
    106. 

  106.         else ifneq ($(filter $(KEY_SIZE), 256 384),)
    107. 

  107.             TF_MBEDTLS_KEY_SIZE		:=	${KEY_SIZE}
    108. 

  108.         else
    109. 

  109.             $(error "Invalid value for KEY_SIZE: ${KEY_SIZE}")
    110. 

  110.         endif
    111. 

  111.     endif
    112. 

  112. endif
    113. 

  113. 

  114. ifeq (${HASH_ALG}, sha384)
    115. 

  115.     TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA384
    116. 

  116. else ifeq (${HASH_ALG}, sha512)
    117. 

  117.     TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA512
    118. 

  118. else
    119. 

  119.     TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA256
    120. 

  120. endif
    121. 

  121. 

  122. ifeq (${MBOOT_EL_HASH_ALG}, sha256)
    123. 

  123.     $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA256))
    124. 

  124. else ifeq (${MBOOT_EL_HASH_ALG}, sha384)
    125. 

  125.     $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA384))
    126. 

  126. else ifeq (${MBOOT_EL_HASH_ALG}, sha512)
    127. 

  127.     $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512))
    128. 

  128. endif
    129. 

  129. 

  130. ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa)
    131. 

  131.     TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_ECDSA
    132. 

  132. else ifeq (${TF_MBEDTLS_KEY_ALG},rsa)
    133. 

  133.     TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_RSA
    134. 

  134. else ifeq (${TF_MBEDTLS_KEY_ALG},rsa+ecdsa)
    135. 

  135.     TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_RSA_AND_ECDSA
    136. 

  136. else
    137. 

  137.     $(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS")
    138. 

  138. endif
    139. 

  139. 

  140. ifeq (${DECRYPTION_SUPPORT}, aes_gcm)
    141. 

  141.     TF_MBEDTLS_USE_AES_GCM	:=	1
    142. 

  142. else
    143. 

  143.     TF_MBEDTLS_USE_AES_GCM	:=	0
    144. 

  144. endif
    145. 

  145. 

  146. # Needs to be set to drive mbed TLS configuration correctly
    147. 

  147. $(eval $(call add_defines,\
    148. 

  148.     $(sort \
    149. 

  149.         TF_MBEDTLS_KEY_ALG_ID \
    150. 

  150.         TF_MBEDTLS_KEY_SIZE \
    151. 

  151.         TF_MBEDTLS_HASH_ALG_ID \
    152. 

  152.         TF_MBEDTLS_USE_AES_GCM \
    153. 

  153. )))
    154. 

  154. 

  155. $(eval $(call MAKE_LIB,mbedtls))
    156. 

  156. 

  157. endif
    158.