1# 2# Copyright (c) 2015-2023, Arm Limited. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7ifneq (${MBEDTLS_COMMON_MK},1) 8MBEDTLS_COMMON_MK := 1 9 10# MBEDTLS_DIR must be set to the mbed TLS main directory (it must contain 11# the 'include' and 'library' subdirectories). 12ifeq (${MBEDTLS_DIR},) 13 $(error Error: MBEDTLS_DIR not set) 14endif 15 16MBEDTLS_INC = -I${MBEDTLS_DIR}/include 17 18MBEDTLS_MAJOR=$(shell grep -hP "define MBEDTLS_VERSION_MAJOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)') 19MBEDTLS_MINOR=$(shell grep -hP "define MBEDTLS_VERSION_MINOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)') 20$(info MBEDTLS_VERSION_MAJOR is [${MBEDTLS_MAJOR}] MBEDTLS_VERSION_MINOR is [${MBEDTLS_MINOR}]) 21 22# Specify mbed TLS configuration file 23ifeq (${MBEDTLS_MAJOR}, 2) 24 MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-2.h>" 25else ifeq (${MBEDTLS_MAJOR}, 3) 26 MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-3.h>" 27endif 28 29$(eval $(call add_define,MBEDTLS_CONFIG_FILE)) 30 31MBEDTLS_SOURCES += drivers/auth/mbedtls/mbedtls_common.c 32 33LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \ 34 aes.c \ 35 asn1parse.c \ 36 asn1write.c \ 37 cipher.c \ 38 cipher_wrap.c \ 39 constant_time.c \ 40 memory_buffer_alloc.c \ 41 oid.c \ 42 platform.c \ 43 platform_util.c \ 44 bignum.c \ 45 gcm.c \ 46 md.c \ 47 pk.c \ 48 pk_wrap.c \ 49 pkparse.c \ 50 pkwrite.c \ 51 sha256.c \ 52 sha512.c \ 53 ecdsa.c \ 54 ecp_curves.c \ 55 ecp.c \ 56 rsa.c \ 57 x509.c \ 58 x509_crt.c \ 59 ) 60 61ifeq (${MBEDTLS_MAJOR}, 2) 62 LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \ 63 rsa_internal.c \ 64 ) 65else ifeq (${MBEDTLS_MAJOR}, 3) 66 LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \ 67 bignum_core.c \ 68 rsa_alt_helpers.c \ 69 hash_info.c \ 70 ) 71 72 # Currently on Mbedtls-3 there is outstanding bug due to usage 73 # of redundant declaration[1], So disable redundant-decls 74 # compilation flag to avoid compilation error when compiling with 75 # Mbedtls-3. 76 # [1]: https://github.com/Mbed-TLS/mbedtls/issues/6910 77 LIBMBEDTLS_CFLAGS += -Wno-error=redundant-decls 78endif 79 80# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key 81# algorithm to use. If the variable is not defined, select it based on 82# algorithm used for key generation `KEY_ALG`. If `KEY_ALG` is not defined, 83# then it is set to `rsa`. 84ifeq (${TF_MBEDTLS_KEY_ALG},) 85 ifeq (${KEY_ALG}, ecdsa) 86 TF_MBEDTLS_KEY_ALG := ecdsa 87 else 88 TF_MBEDTLS_KEY_ALG := rsa 89 endif 90endif 91 92ifeq (${TF_MBEDTLS_KEY_SIZE},) 93 ifneq ($(findstring rsa,${TF_MBEDTLS_KEY_ALG}),) 94 ifeq (${KEY_SIZE},) 95 TF_MBEDTLS_KEY_SIZE := 2048 96 else 97 TF_MBEDTLS_KEY_SIZE := ${KEY_SIZE} 98 endif 99 endif 100endif 101 102ifeq (${HASH_ALG}, sha384) 103 TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA384 104else ifeq (${HASH_ALG}, sha512) 105 TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA512 106else 107 TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA256 108endif 109 110ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa) 111 TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_ECDSA 112else ifeq (${TF_MBEDTLS_KEY_ALG},rsa) 113 TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA 114else ifeq (${TF_MBEDTLS_KEY_ALG},rsa+ecdsa) 115 TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA_AND_ECDSA 116else 117 $(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS") 118endif 119 120ifeq (${DECRYPTION_SUPPORT}, aes_gcm) 121 TF_MBEDTLS_USE_AES_GCM := 1 122else 123 TF_MBEDTLS_USE_AES_GCM := 0 124endif 125 126# Needs to be set to drive mbed TLS configuration correctly 127$(eval $(call add_defines,\ 128 $(sort \ 129 TF_MBEDTLS_KEY_ALG_ID \ 130 TF_MBEDTLS_KEY_SIZE \ 131 TF_MBEDTLS_HASH_ALG_ID \ 132 TF_MBEDTLS_USE_AES_GCM \ 133))) 134 135$(eval $(call MAKE_LIB,mbedtls)) 136 137endif 138