1#
2# Copyright (c) 2015-2022, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6
7ifneq (${MBEDTLS_COMMON_MK},1)
8MBEDTLS_COMMON_MK	:=	1
9
10# MBEDTLS_DIR must be set to the mbed TLS main directory (it must contain
11# the 'include' and 'library' subdirectories).
12ifeq (${MBEDTLS_DIR},)
13  $(error Error: MBEDTLS_DIR not set)
14endif
15
16MBEDTLS_INC		=	-I${MBEDTLS_DIR}/include
17
18# Specify mbed TLS configuration file
19MBEDTLS_CONFIG_FILE	?=	"<drivers/auth/mbedtls/mbedtls_config.h>"
20$(eval $(call add_define,MBEDTLS_CONFIG_FILE))
21
22MBEDTLS_SOURCES	+=		drivers/auth/mbedtls/mbedtls_common.c
23
24
25LIBMBEDTLS_SRCS		:= $(addprefix ${MBEDTLS_DIR}/library/,	\
26					aes.c 					\
27					asn1parse.c 				\
28					asn1write.c 				\
29					cipher.c 				\
30					cipher_wrap.c 				\
31					memory_buffer_alloc.c			\
32					oid.c 					\
33					platform.c 				\
34					platform_util.c				\
35					bignum.c				\
36					gcm.c 					\
37					md.c					\
38					pk.c 					\
39					pk_wrap.c 				\
40					pkparse.c 				\
41					pkwrite.c 				\
42					sha256.c            			\
43					sha512.c            			\
44					ecdsa.c					\
45					ecp_curves.c				\
46					ecp.c					\
47					rsa.c					\
48					rsa_internal.c				\
49					x509.c 					\
50					x509_crt.c 				\
51					constant_time.c 			\
52					)
53
54# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
55# algorithm to use. If the variable is not defined, select it based on
56# algorithm used for key generation `KEY_ALG`. If `KEY_ALG` is not defined,
57# then it is set to `rsa`.
58ifeq (${TF_MBEDTLS_KEY_ALG},)
59    ifeq (${KEY_ALG}, ecdsa)
60        TF_MBEDTLS_KEY_ALG		:=	ecdsa
61    else
62        TF_MBEDTLS_KEY_ALG		:=	rsa
63    endif
64endif
65
66ifeq (${TF_MBEDTLS_KEY_SIZE},)
67    ifneq ($(findstring rsa,${TF_MBEDTLS_KEY_ALG}),)
68	ifeq (${KEY_SIZE},)
69            TF_MBEDTLS_KEY_SIZE		:=	2048
70	else
71            TF_MBEDTLS_KEY_SIZE		:=	${KEY_SIZE}
72	endif
73    endif
74endif
75
76ifeq (${HASH_ALG}, sha384)
77    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA384
78else ifeq (${HASH_ALG}, sha512)
79    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA512
80else
81    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA256
82endif
83
84ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa)
85    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_ECDSA
86else ifeq (${TF_MBEDTLS_KEY_ALG},rsa)
87    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_RSA
88else ifeq (${TF_MBEDTLS_KEY_ALG},rsa+ecdsa)
89    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_RSA_AND_ECDSA
90else
91    $(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS")
92endif
93
94ifeq (${DECRYPTION_SUPPORT}, aes_gcm)
95    TF_MBEDTLS_USE_AES_GCM	:=	1
96else
97    TF_MBEDTLS_USE_AES_GCM	:=	0
98endif
99
100# Needs to be set to drive mbed TLS configuration correctly
101$(eval $(call add_defines,\
102    $(sort \
103        TF_MBEDTLS_KEY_ALG_ID \
104        TF_MBEDTLS_KEY_SIZE \
105        TF_MBEDTLS_HASH_ALG_ID \
106        TF_MBEDTLS_USE_AES_GCM \
107)))
108
109$(eval $(call MAKE_LIB,mbedtls))
110
111endif
112