xref: /rk3399_ARM-atf/drivers/auth/mbedtls/mbedtls_common.mk (revision 3d6edc325c52082ab63ffd003c55a4ed875a52c5) 
1#
2# Copyright (c) 2015-2023, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6
7ifneq (${MBEDTLS_COMMON_MK},1)
8MBEDTLS_COMMON_MK	:=	1
9
10# MBEDTLS_DIR must be set to the mbed TLS main directory (it must contain
11# the 'include' and 'library' subdirectories).
12ifeq (${MBEDTLS_DIR},)
13  $(error Error: MBEDTLS_DIR not set)
14endif
15
16MBEDTLS_INC		=	-I${MBEDTLS_DIR}/include
17
18MBEDTLS_MAJOR=$(shell grep -hP "define MBEDTLS_VERSION_MAJOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
19MBEDTLS_MINOR=$(shell grep -hP "define MBEDTLS_VERSION_MINOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
20$(info MBEDTLS_VERSION_MAJOR is [${MBEDTLS_MAJOR}] MBEDTLS_VERSION_MINOR is [${MBEDTLS_MINOR}])
21
22# Specify mbed TLS configuration file
23ifeq (${MBEDTLS_MAJOR}, 2)
24	MBEDTLS_CONFIG_FILE	?=	"<drivers/auth/mbedtls/mbedtls_config-2.h>"
25else ifeq (${MBEDTLS_MAJOR}, 3)
26	ifeq (${PSA_CRYPTO},1)
27		MBEDTLS_CONFIG_FILE     ?=      "<drivers/auth/mbedtls/psa_mbedtls_config.h>"
28	else
29		MBEDTLS_CONFIG_FILE	?=	"<drivers/auth/mbedtls/mbedtls_config-3.h>"
30	endif
31endif
32
33$(eval $(call add_define,MBEDTLS_CONFIG_FILE))
34
35MBEDTLS_SOURCES	+=		drivers/auth/mbedtls/mbedtls_common.c
36
37LIBMBEDTLS_SRCS		+= $(addprefix ${MBEDTLS_DIR}/library/,		\
38					aes.c 				\
39					asn1parse.c 			\
40					asn1write.c 			\
41					cipher.c 			\
42					cipher_wrap.c 			\
43					constant_time.c			\
44					memory_buffer_alloc.c		\
45					oid.c 				\
46					platform.c 			\
47					platform_util.c			\
48					bignum.c			\
49					gcm.c 				\
50					md.c				\
51					pk.c 				\
52					pk_wrap.c 			\
53					pkparse.c 			\
54					pkwrite.c 			\
55					sha256.c            		\
56					sha512.c            		\
57					ecdsa.c				\
58					ecp_curves.c			\
59					ecp.c				\
60					rsa.c				\
61					x509.c 				\
62					x509_crt.c 			\
63					)
64
65ifeq (${MBEDTLS_MAJOR}, 2)
66	LIBMBEDTLS_SRCS +=  $(addprefix ${MBEDTLS_DIR}/library/,	\
67						rsa_internal.c		\
68						)
69else ifeq (${MBEDTLS_MAJOR}, 3)
70	LIBMBEDTLS_SRCS +=  $(addprefix ${MBEDTLS_DIR}/library/,	\
71						bignum_core.c		\
72						rsa_alt_helpers.c	\
73						hash_info.c		\
74						)
75
76	# Currently on Mbedtls-3 there is outstanding bug due to usage
77	# of redundant declaration[1], So disable redundant-decls
78	# compilation flag to avoid compilation error when compiling with
79	# Mbedtls-3.
80	# [1]: https://github.com/Mbed-TLS/mbedtls/issues/6910
81	LIBMBEDTLS_CFLAGS += -Wno-error=redundant-decls
82endif
83
84ifeq (${PSA_CRYPTO},1)
85LIBMBEDTLS_SRCS         += $(addprefix ${MBEDTLS_DIR}/library/,    	\
86					psa_crypto.c                   	\
87					psa_crypto_client.c            	\
88					psa_crypto_driver_wrappers.c   	\
89					psa_crypto_hash.c              	\
90					psa_crypto_rsa.c               	\
91					psa_crypto_ecp.c               	\
92					psa_crypto_slot_management.c   	\
93					)
94endif
95
96# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
97# algorithm to use. If the variable is not defined, select it based on
98# algorithm used for key generation `KEY_ALG`. If `KEY_ALG` is not defined,
99# then it is set to `rsa`.
100ifeq (${TF_MBEDTLS_KEY_ALG},)
101    ifeq (${KEY_ALG}, ecdsa)
102        TF_MBEDTLS_KEY_ALG		:=	ecdsa
103    else
104        TF_MBEDTLS_KEY_ALG		:=	rsa
105    endif
106endif
107
108ifeq (${TF_MBEDTLS_KEY_SIZE},)
109    ifneq ($(findstring rsa,${TF_MBEDTLS_KEY_ALG}),)
110        ifeq (${KEY_SIZE},)
111            TF_MBEDTLS_KEY_SIZE		:=	2048
112        else ifneq ($(filter $(KEY_SIZE), 1024 2048 3072 4096),)
113            TF_MBEDTLS_KEY_SIZE		:=	${KEY_SIZE}
114        else
115            $(error "Invalid value for KEY_SIZE: ${KEY_SIZE}")
116        endif
117    else ifneq ($(findstring ecdsa,${TF_MBEDTLS_KEY_ALG}),)
118        ifeq (${KEY_SIZE},)
119            TF_MBEDTLS_KEY_SIZE		:=	256
120        else ifneq ($(filter $(KEY_SIZE), 256 384),)
121            TF_MBEDTLS_KEY_SIZE		:=	${KEY_SIZE}
122        else
123            $(error "Invalid value for KEY_SIZE: ${KEY_SIZE}")
124        endif
125    endif
126endif
127
128ifeq (${HASH_ALG}, sha384)
129    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA384
130else ifeq (${HASH_ALG}, sha512)
131    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA512
132else
133    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA256
134endif
135
136ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa)
137    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_ECDSA
138else ifeq (${TF_MBEDTLS_KEY_ALG},rsa)
139    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_RSA
140else ifeq (${TF_MBEDTLS_KEY_ALG},rsa+ecdsa)
141    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_RSA_AND_ECDSA
142else
143    $(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS")
144endif
145
146ifeq (${DECRYPTION_SUPPORT}, aes_gcm)
147    TF_MBEDTLS_USE_AES_GCM	:=	1
148else
149    TF_MBEDTLS_USE_AES_GCM	:=	0
150endif
151
152# Needs to be set to drive mbed TLS configuration correctly
153$(eval $(call add_defines,\
154    $(sort \
155        TF_MBEDTLS_KEY_ALG_ID \
156        TF_MBEDTLS_KEY_SIZE \
157        TF_MBEDTLS_HASH_ALG_ID \
158        TF_MBEDTLS_USE_AES_GCM \
159)))
160
161$(eval $(call MAKE_LIB,mbedtls))
162
163endif
164