You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
154 lines
4.5 KiB
154 lines
4.5 KiB
#
|
|
# Copyright (c) 2015-2024, Arm Limited. All rights reserved.
|
|
#
|
|
# SPDX-License-Identifier: BSD-3-Clause
|
|
#
|
|
|
|
ifneq (${MBEDTLS_COMMON_MK},1)
|
|
MBEDTLS_COMMON_MK := 1
|
|
|
|
# MBEDTLS_DIR must be set to the mbed TLS main directory (it must contain
|
|
# the 'include' and 'library' subdirectories).
|
|
ifeq (${MBEDTLS_DIR},)
|
|
$(error Error: MBEDTLS_DIR not set)
|
|
endif
|
|
|
|
MBEDTLS_INC = -I${MBEDTLS_DIR}/include
|
|
|
|
MBEDTLS_MAJOR=$(shell grep -hP "define MBEDTLS_VERSION_MAJOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
|
|
MBEDTLS_MINOR=$(shell grep -hP "define MBEDTLS_VERSION_MINOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
|
|
$(info MBEDTLS_VERSION_MAJOR is [${MBEDTLS_MAJOR}] MBEDTLS_VERSION_MINOR is [${MBEDTLS_MINOR}])
|
|
|
|
ifneq (${MBEDTLS_MAJOR}, 3)
|
|
$(error Error: TF-A only supports MbedTLS versions > 3.x)
|
|
endif
|
|
|
|
# Specify mbed TLS configuration file
|
|
ifeq (${PSA_CRYPTO},1)
|
|
MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/psa_mbedtls_config.h>"
|
|
else
|
|
MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-3.h>"
|
|
endif
|
|
|
|
$(eval $(call add_define,MBEDTLS_CONFIG_FILE))
|
|
|
|
MBEDTLS_SOURCES += drivers/auth/mbedtls/mbedtls_common.c
|
|
|
|
LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \
|
|
aes.c \
|
|
asn1parse.c \
|
|
asn1write.c \
|
|
cipher.c \
|
|
cipher_wrap.c \
|
|
constant_time.c \
|
|
hash_info.c \
|
|
memory_buffer_alloc.c \
|
|
oid.c \
|
|
platform.c \
|
|
platform_util.c \
|
|
bignum.c \
|
|
bignum_core.c \
|
|
gcm.c \
|
|
md.c \
|
|
pk.c \
|
|
pk_wrap.c \
|
|
pkparse.c \
|
|
pkwrite.c \
|
|
sha256.c \
|
|
sha512.c \
|
|
ecdsa.c \
|
|
ecp_curves.c \
|
|
ecp.c \
|
|
rsa.c \
|
|
rsa_alt_helpers.c \
|
|
x509.c \
|
|
x509_crt.c \
|
|
)
|
|
|
|
# Currently on Mbedtls-3 there is outstanding bug due to usage
|
|
# of redundant declaration[1], So disable redundant-decls
|
|
# compilation flag to avoid compilation error when compiling with
|
|
# Mbedtls-3.
|
|
# [1]: https://github.com/Mbed-TLS/mbedtls/issues/6910
|
|
LIBMBEDTLS_CFLAGS += -Wno-error=redundant-decls
|
|
|
|
ifeq (${PSA_CRYPTO},1)
|
|
LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \
|
|
psa_crypto.c \
|
|
psa_crypto_client.c \
|
|
psa_crypto_driver_wrappers.c \
|
|
psa_crypto_hash.c \
|
|
psa_crypto_rsa.c \
|
|
psa_crypto_ecp.c \
|
|
psa_crypto_slot_management.c \
|
|
)
|
|
endif
|
|
|
|
# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
|
|
# algorithm to use. If the variable is not defined, select it based on
|
|
# algorithm used for key generation `KEY_ALG`. If `KEY_ALG` is not defined,
|
|
# then it is set to `rsa`.
|
|
ifeq (${TF_MBEDTLS_KEY_ALG},)
|
|
ifeq (${KEY_ALG}, ecdsa)
|
|
TF_MBEDTLS_KEY_ALG := ecdsa
|
|
else
|
|
TF_MBEDTLS_KEY_ALG := rsa
|
|
endif
|
|
endif
|
|
|
|
ifeq (${TF_MBEDTLS_KEY_SIZE},)
|
|
ifneq ($(findstring rsa,${TF_MBEDTLS_KEY_ALG}),)
|
|
ifeq (${KEY_SIZE},)
|
|
TF_MBEDTLS_KEY_SIZE := 2048
|
|
else ifneq ($(filter $(KEY_SIZE), 1024 2048 3072 4096),)
|
|
TF_MBEDTLS_KEY_SIZE := ${KEY_SIZE}
|
|
else
|
|
$(error "Invalid value for KEY_SIZE: ${KEY_SIZE}")
|
|
endif
|
|
else ifneq ($(findstring ecdsa,${TF_MBEDTLS_KEY_ALG}),)
|
|
ifeq (${KEY_SIZE},)
|
|
TF_MBEDTLS_KEY_SIZE := 256
|
|
else ifneq ($(filter $(KEY_SIZE), 256 384),)
|
|
TF_MBEDTLS_KEY_SIZE := ${KEY_SIZE}
|
|
else
|
|
$(error "Invalid value for KEY_SIZE: ${KEY_SIZE}")
|
|
endif
|
|
endif
|
|
endif
|
|
|
|
ifeq (${HASH_ALG}, sha384)
|
|
TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA384
|
|
else ifeq (${HASH_ALG}, sha512)
|
|
TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA512
|
|
else
|
|
TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA256
|
|
endif
|
|
|
|
ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa)
|
|
TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_ECDSA
|
|
else ifeq (${TF_MBEDTLS_KEY_ALG},rsa)
|
|
TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA
|
|
else ifeq (${TF_MBEDTLS_KEY_ALG},rsa+ecdsa)
|
|
TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA_AND_ECDSA
|
|
else
|
|
$(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS")
|
|
endif
|
|
|
|
ifeq (${DECRYPTION_SUPPORT}, aes_gcm)
|
|
TF_MBEDTLS_USE_AES_GCM := 1
|
|
else
|
|
TF_MBEDTLS_USE_AES_GCM := 0
|
|
endif
|
|
|
|
# Needs to be set to drive mbed TLS configuration correctly
|
|
$(eval $(call add_defines,\
|
|
$(sort \
|
|
TF_MBEDTLS_KEY_ALG_ID \
|
|
TF_MBEDTLS_KEY_SIZE \
|
|
TF_MBEDTLS_HASH_ALG_ID \
|
|
TF_MBEDTLS_USE_AES_GCM \
|
|
)))
|
|
|
|
$(eval $(call MAKE_LIB,mbedtls))
|
|
|
|
endif
|
|
|