1 /*
2  * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #ifndef COT_DEF_H
8 #define COT_DEF_H
9 
10 /*
11  * Guard here with availability of mbedtls config since PLAT=lx2162aqds
12  * uses custom tbbr from 'drivers/nxp/auth/tbbr/tbbr_cot.c'  and also may
13  * build without mbedtls folder only with TRUSTED_BOOT enabled.
14  */
15 #ifdef MBEDTLS_CONFIG_FILE
16 #include <mbedtls/version.h>
17 #endif
18 
19 /* TBBR CoT definitions */
20 #if defined(SPD_spmd)
21 #define COT_MAX_VERIFIED_PARAMS		8
22 #elif defined(ARM_COT_cca)
23 #define COT_MAX_VERIFIED_PARAMS		8
24 #else
25 #define COT_MAX_VERIFIED_PARAMS		4
26 #endif
27 
28 /*
29  * Maximum key and hash sizes (in DER format).
30  *
31  * Both RSA and ECDSA keys may be used at the same time. In this case, the key
32  * buffers must be big enough to hold either. As RSA keys are bigger than ECDSA
33  * ones for all key sizes we support, they impose the minimum size of these
34  * buffers.
35  *
36  * If the platform employs its own mbedTLS configuration, it is the platform's
37  * responsibility to define TF_MBEDTLS_USE_RSA or TF_MBEDTLS_USE_ECDSA to
38  * establish the appropriate PK_DER_LEN size.
39  */
40 #ifdef MBEDTLS_CONFIG_FILE
41 #if TF_MBEDTLS_USE_RSA
42 #if TF_MBEDTLS_KEY_SIZE == 1024
43 #define PK_DER_LEN                      162
44 #elif TF_MBEDTLS_KEY_SIZE == 2048
45 #define PK_DER_LEN                      294
46 #elif TF_MBEDTLS_KEY_SIZE == 3072
47 #define PK_DER_LEN                      422
48 #elif TF_MBEDTLS_KEY_SIZE == 4096
49 #define PK_DER_LEN                      550
50 #else
51 #error "Invalid value for TF_MBEDTLS_KEY_SIZE"
52 #endif
53 #elif TF_MBEDTLS_USE_ECDSA
54 #if TF_MBEDTLS_KEY_SIZE == 384
55 #define PK_DER_LEN                      120
56 #elif TF_MBEDTLS_KEY_SIZE == 256
57 #define PK_DER_LEN                      92
58 #else
59 #error "Invalid value for TF_MBEDTLS_KEY_SIZE"
60 #endif
61 #else
62 #error "Invalid value of algorithm"
63 #endif /* TF_MBEDTLS_USE_RSA */
64 
65 #if TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA256
66 #define HASH_DER_LEN                    51
67 #elif TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA384
68 #define HASH_DER_LEN                    67
69 #elif TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA512
70 #define HASH_DER_LEN                    83
71 #else
72 #error "Invalid value for TF_MBEDTLS_HASH_ALG_ID"
73 #endif
74 #endif /* MBEDTLS_CONFIG_FILE */
75 
76 #endif /* COT_DEF_H */
77