xref: /rk3399_ARM-atf/drivers/auth/mbedtls/mbedtls_common.mk (revision 0379b0b945870561ed69e2e6fdf84901ca694615) 
1#
2# Copyright (c) 2015-2024, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6
7ifneq (${MBEDTLS_COMMON_MK},1)
8MBEDTLS_COMMON_MK	:=	1
9
10# MBEDTLS_DIR must be set to the mbed TLS main directory (it must contain
11# the 'include' and 'library' subdirectories).
12ifeq (${MBEDTLS_DIR},)
13  $(error Error: MBEDTLS_DIR not set)
14endif
15
16MBEDTLS_INC		=	-I${MBEDTLS_DIR}/include
17
18MBEDTLS_MAJOR=$(shell grep -hP "define MBEDTLS_VERSION_MAJOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
19MBEDTLS_MINOR=$(shell grep -hP "define MBEDTLS_VERSION_MINOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
20$(info MBEDTLS_VERSION_MAJOR is [${MBEDTLS_MAJOR}] MBEDTLS_VERSION_MINOR is [${MBEDTLS_MINOR}])
21
22ifneq (${MBEDTLS_MAJOR}, 3)
23  $(error Error: TF-A only supports MbedTLS versions > 3.x)
24endif
25
26# Specify mbed TLS configuration file
27ifeq (${PSA_CRYPTO},1)
28  MBEDTLS_CONFIG_FILE    ?=    "<drivers/auth/mbedtls/default_psa_mbedtls_config.h>"
29else
30  MBEDTLS_CONFIG_FILE    ?=    "<drivers/auth/mbedtls/default_mbedtls_config.h>"
31endif
32
33$(eval $(call add_define,MBEDTLS_CONFIG_FILE))
34
35MBEDTLS_SOURCES	+=		drivers/auth/mbedtls/mbedtls_common.c
36
37LIBMBEDTLS_SRCS		+= $(addprefix ${MBEDTLS_DIR}/library/,		\
38					aes.c 				\
39					asn1parse.c 			\
40					asn1write.c 			\
41					cipher.c 			\
42					cipher_wrap.c 			\
43					constant_time.c			\
44					memory_buffer_alloc.c		\
45					oid.c 				\
46					platform.c 			\
47					platform_util.c			\
48					bignum.c			\
49					bignum_core.c			\
50					gcm.c 				\
51					md.c				\
52					pk.c 				\
53					pk_ecc.c 			\
54					pk_wrap.c 			\
55					pkparse.c 			\
56					pkwrite.c 			\
57					sha256.c            		\
58					sha512.c            		\
59					ecdsa.c				\
60					ecp_curves.c			\
61					ecp.c				\
62					rsa.c				\
63					rsa_alt_helpers.c		\
64					x509.c 				\
65					x509_crt.c 			\
66					)
67
68ifeq (${PSA_CRYPTO},1)
69LIBMBEDTLS_SRCS         += $(addprefix ${MBEDTLS_DIR}/library/,    	\
70					psa_crypto.c                   	\
71					psa_crypto_client.c            	\
72					psa_crypto_hash.c              	\
73					psa_crypto_rsa.c               	\
74					psa_crypto_ecp.c               	\
75					psa_crypto_slot_management.c   	\
76					psa_crypto_aead.c               \
77					psa_crypto_cipher.c             \
78					psa_util.c			\
79					)
80endif
81
82# This is a temporary workaround due to changes in the locations of helper
83# function declarations in Mbed-TLS version 3.6.4
84# TODO: remove this once the related Mbedt-TLS issue is resolved
85LIBMBEDTLS_CFLAGS	+=	-Wno-error=redundant-decls
86
87# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
88# algorithm to use. If the variable is not defined, select it based on
89# algorithm used for key generation `KEY_ALG`. If `KEY_ALG` is not defined,
90# then it is set to `rsa`.
91ifeq (${TF_MBEDTLS_KEY_ALG},)
92    ifeq (${KEY_ALG}, ecdsa)
93        TF_MBEDTLS_KEY_ALG		:=	ecdsa
94    else
95        TF_MBEDTLS_KEY_ALG		:=	rsa
96    endif
97endif
98
99ifeq (${TF_MBEDTLS_KEY_SIZE},)
100    ifneq ($(findstring rsa,${TF_MBEDTLS_KEY_ALG}),)
101        ifeq (${KEY_SIZE},)
102            TF_MBEDTLS_KEY_SIZE		:=	2048
103        else ifneq ($(filter $(KEY_SIZE), 1024 2048 3072 4096),)
104            TF_MBEDTLS_KEY_SIZE		:=	${KEY_SIZE}
105        else
106            $(error "Invalid value for KEY_SIZE: ${KEY_SIZE}")
107        endif
108    else ifneq ($(findstring ecdsa,${TF_MBEDTLS_KEY_ALG}),)
109        ifeq (${KEY_SIZE},)
110            TF_MBEDTLS_KEY_SIZE		:=	256
111        else ifneq ($(filter $(KEY_SIZE), 256 384),)
112            TF_MBEDTLS_KEY_SIZE		:=	${KEY_SIZE}
113        else
114            $(error "Invalid value for KEY_SIZE: ${KEY_SIZE}")
115        endif
116    endif
117endif
118
119ifeq (${HASH_ALG}, sha384)
120    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA384
121else ifeq (${HASH_ALG}, sha512)
122    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA512
123else
124    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA256
125endif
126
127ifeq (${MBOOT_EL_HASH_ALG}, sha256)
128    $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA256))
129else ifeq (${MBOOT_EL_HASH_ALG}, sha384)
130    $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA384))
131else ifeq (${MBOOT_EL_HASH_ALG}, sha512)
132    $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512))
133endif
134
135ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa)
136    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_ECDSA
137else ifeq (${TF_MBEDTLS_KEY_ALG},rsa)
138    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_RSA
139else ifeq (${TF_MBEDTLS_KEY_ALG},rsa+ecdsa)
140    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_RSA_AND_ECDSA
141else
142    $(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS")
143endif
144
145ifeq (${DECRYPTION_SUPPORT}, aes_gcm)
146    TF_MBEDTLS_USE_AES_GCM	:=	1
147else
148    TF_MBEDTLS_USE_AES_GCM	:=	0
149endif
150
151# Needs to be set to drive mbed TLS configuration correctly
152$(eval $(call add_defines,\
153    $(sort \
154        TF_MBEDTLS_KEY_ALG_ID \
155        TF_MBEDTLS_KEY_SIZE \
156        TF_MBEDTLS_HASH_ALG_ID \
157        TF_MBEDTLS_USE_AES_GCM \
158)))
159
160$(eval $(call MAKE_LIB,mbedtls))
161
162endif
163