1#
2# Copyright (c) 2015-2023, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6
7ifneq (${MBEDTLS_COMMON_MK},1)
8MBEDTLS_COMMON_MK	:=	1
9
10# MBEDTLS_DIR must be set to the mbed TLS main directory (it must contain
11# the 'include' and 'library' subdirectories).
12ifeq (${MBEDTLS_DIR},)
13  $(error Error: MBEDTLS_DIR not set)
14endif
15
16MBEDTLS_INC		=	-I${MBEDTLS_DIR}/include
17
18MBEDTLS_MAJOR=$(shell grep -hP "define MBEDTLS_VERSION_MAJOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
19MBEDTLS_MINOR=$(shell grep -hP "define MBEDTLS_VERSION_MINOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
20$(info MBEDTLS_VERSION_MAJOR is [${MBEDTLS_MAJOR}] MBEDTLS_VERSION_MINOR is [${MBEDTLS_MINOR}])
21
22# Specify mbed TLS configuration file
23ifeq (${MBEDTLS_MAJOR}, 2)
24        $(info Deprecation Notice: Please migrate to Mbedtls version 3.x (refer to TF-A documentation for the exact version number))
25	MBEDTLS_CONFIG_FILE             ?=	"<drivers/auth/mbedtls/mbedtls_config-2.h>"
26else ifeq (${MBEDTLS_MAJOR}, 3)
27	ifeq (${PSA_CRYPTO},1)
28		MBEDTLS_CONFIG_FILE     ?=      "<drivers/auth/mbedtls/psa_mbedtls_config.h>"
29	else
30		MBEDTLS_CONFIG_FILE	?=	"<drivers/auth/mbedtls/mbedtls_config-3.h>"
31	endif
32endif
33
34$(eval $(call add_define,MBEDTLS_CONFIG_FILE))
35
36MBEDTLS_SOURCES	+=		drivers/auth/mbedtls/mbedtls_common.c
37
38LIBMBEDTLS_SRCS		+= $(addprefix ${MBEDTLS_DIR}/library/,		\
39					aes.c 				\
40					asn1parse.c 			\
41					asn1write.c 			\
42					cipher.c 			\
43					cipher_wrap.c 			\
44					constant_time.c			\
45					memory_buffer_alloc.c		\
46					oid.c 				\
47					platform.c 			\
48					platform_util.c			\
49					bignum.c			\
50					gcm.c 				\
51					md.c				\
52					pk.c 				\
53					pk_wrap.c 			\
54					pkparse.c 			\
55					pkwrite.c 			\
56					sha256.c            		\
57					sha512.c            		\
58					ecdsa.c				\
59					ecp_curves.c			\
60					ecp.c				\
61					rsa.c				\
62					x509.c 				\
63					x509_crt.c 			\
64					)
65
66ifeq (${MBEDTLS_MAJOR}, 2)
67	LIBMBEDTLS_SRCS +=  $(addprefix ${MBEDTLS_DIR}/library/,	\
68						rsa_internal.c		\
69						)
70else ifeq (${MBEDTLS_MAJOR}, 3)
71	LIBMBEDTLS_SRCS +=  $(addprefix ${MBEDTLS_DIR}/library/,	\
72						bignum_core.c		\
73						rsa_alt_helpers.c	\
74						hash_info.c		\
75						)
76
77	# Currently on Mbedtls-3 there is outstanding bug due to usage
78	# of redundant declaration[1], So disable redundant-decls
79	# compilation flag to avoid compilation error when compiling with
80	# Mbedtls-3.
81	# [1]: https://github.com/Mbed-TLS/mbedtls/issues/6910
82	LIBMBEDTLS_CFLAGS += -Wno-error=redundant-decls
83endif
84
85ifeq (${PSA_CRYPTO},1)
86LIBMBEDTLS_SRCS         += $(addprefix ${MBEDTLS_DIR}/library/,    	\
87					psa_crypto.c                   	\
88					psa_crypto_client.c            	\
89					psa_crypto_driver_wrappers.c   	\
90					psa_crypto_hash.c              	\
91					psa_crypto_rsa.c               	\
92					psa_crypto_ecp.c               	\
93					psa_crypto_slot_management.c   	\
94					)
95endif
96
97# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
98# algorithm to use. If the variable is not defined, select it based on
99# algorithm used for key generation `KEY_ALG`. If `KEY_ALG` is not defined,
100# then it is set to `rsa`.
101ifeq (${TF_MBEDTLS_KEY_ALG},)
102    ifeq (${KEY_ALG}, ecdsa)
103        TF_MBEDTLS_KEY_ALG		:=	ecdsa
104    else
105        TF_MBEDTLS_KEY_ALG		:=	rsa
106    endif
107endif
108
109ifeq (${TF_MBEDTLS_KEY_SIZE},)
110    ifneq ($(findstring rsa,${TF_MBEDTLS_KEY_ALG}),)
111        ifeq (${KEY_SIZE},)
112            TF_MBEDTLS_KEY_SIZE		:=	2048
113        else ifneq ($(filter $(KEY_SIZE), 1024 2048 3072 4096),)
114            TF_MBEDTLS_KEY_SIZE		:=	${KEY_SIZE}
115        else
116            $(error "Invalid value for KEY_SIZE: ${KEY_SIZE}")
117        endif
118    else ifneq ($(findstring ecdsa,${TF_MBEDTLS_KEY_ALG}),)
119        ifeq (${KEY_SIZE},)
120            TF_MBEDTLS_KEY_SIZE		:=	256
121        else ifneq ($(filter $(KEY_SIZE), 256 384),)
122            TF_MBEDTLS_KEY_SIZE		:=	${KEY_SIZE}
123        else
124            $(error "Invalid value for KEY_SIZE: ${KEY_SIZE}")
125        endif
126    endif
127endif
128
129ifeq (${HASH_ALG}, sha384)
130    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA384
131else ifeq (${HASH_ALG}, sha512)
132    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA512
133else
134    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA256
135endif
136
137ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa)
138    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_ECDSA
139else ifeq (${TF_MBEDTLS_KEY_ALG},rsa)
140    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_RSA
141else ifeq (${TF_MBEDTLS_KEY_ALG},rsa+ecdsa)
142    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_RSA_AND_ECDSA
143else
144    $(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS")
145endif
146
147ifeq (${DECRYPTION_SUPPORT}, aes_gcm)
148    TF_MBEDTLS_USE_AES_GCM	:=	1
149else
150    TF_MBEDTLS_USE_AES_GCM	:=	0
151endif
152
153# Needs to be set to drive mbed TLS configuration correctly
154$(eval $(call add_defines,\
155    $(sort \
156        TF_MBEDTLS_KEY_ALG_ID \
157        TF_MBEDTLS_KEY_SIZE \
158        TF_MBEDTLS_HASH_ALG_ID \
159        TF_MBEDTLS_USE_AES_GCM \
160)))
161
162$(eval $(call MAKE_LIB,mbedtls))
163
164endif
165