blob: 6b15e717db59e41b8e38f65c202a4aece73aa3df [file] [log] [blame]
#
# Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
include drivers/auth/mbedtls/mbedtls_common.mk
# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
# algorithm to use. If the variable is not defined, select it based on algorithm
# used for key generation `KEY_ALG`. If `KEY_ALG` is not defined or is
# defined to `rsa`/`rsa_1_5`, then set the variable to `rsa`.
ifeq (${TF_MBEDTLS_KEY_ALG},)
ifeq (${KEY_ALG}, ecdsa)
TF_MBEDTLS_KEY_ALG := ecdsa
else
TF_MBEDTLS_KEY_ALG := rsa
endif
endif
# If MBEDTLS_KEY_ALG build flag is defined use it to set TF_MBEDTLS_KEY_ALG for
# backward compatibility
ifdef MBEDTLS_KEY_ALG
ifeq (${ERROR_DEPRECATED},1)
$(error "MBEDTLS_KEY_ALG is deprecated. Please use the new build flag TF_MBEDTLS_KEY_ALG")
endif
$(warning "MBEDTLS_KEY_ALG is deprecated. Please use the new build flag TF_MBEDTLS_KEY_ALG")
TF_MBEDTLS_KEY_ALG := ${MBEDTLS_KEY_ALG}
endif
MBEDTLS_CRYPTO_SOURCES := drivers/auth/mbedtls/mbedtls_crypto.c \
$(addprefix ${MBEDTLS_DIR}/library/, \
bignum.c \
md.c \
md_wrap.c \
pk.c \
pk_wrap.c \
pkparse.c \
pkwrite.c \
)
ifeq (${HASH_ALG}, sha384)
MBEDTLS_CRYPTO_SOURCES += \
$(addprefix ${MBEDTLS_DIR}/library/, \
sha256.c \
sha512.c \
)
TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA384
else ifeq (${HASH_ALG}, sha512)
MBEDTLS_CRYPTO_SOURCES += \
$(addprefix ${MBEDTLS_DIR}/library/, \
sha256.c \
sha512.c \
)
TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA512
else
MBEDTLS_CRYPTO_SOURCES += \
$(addprefix ${MBEDTLS_DIR}/library/, \
sha256.c \
)
TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA256
endif
# Key algorithm specific files
MBEDTLS_ECDSA_CRYPTO_SOURCES += $(addprefix ${MBEDTLS_DIR}/library/, \
ecdsa.c \
ecp_curves.c \
ecp.c \
)
MBEDTLS_RSA_CRYPTO_SOURCES += $(addprefix ${MBEDTLS_DIR}/library/, \
rsa.c \
)
ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa)
MBEDTLS_CRYPTO_SOURCES += $(MBEDTLS_ECDSA_CRYPTO_SOURCES)
TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_ECDSA
else ifeq (${TF_MBEDTLS_KEY_ALG},rsa)
MBEDTLS_CRYPTO_SOURCES += $(MBEDTLS_RSA_CRYPTO_SOURCES)
TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA
else ifeq (${TF_MBEDTLS_KEY_ALG},rsa+ecdsa)
MBEDTLS_CRYPTO_SOURCES += $(MBEDTLS_ECDSA_CRYPTO_SOURCES)
MBEDTLS_CRYPTO_SOURCES += $(MBEDTLS_RSA_CRYPTO_SOURCES)
TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA_AND_ECDSA
else
$(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS")
endif
# Needs to be set to drive mbed TLS configuration correctly
$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID))
$(eval $(call add_define,TF_MBEDTLS_HASH_ALG_ID))