Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / f9b32c18ab11da2f1fbbe677bea391523f079ad1^! / . / drivers / auth
commitf9b32c18ab11da2f1fbbe677bea391523f079ad1[log] [tgz]
authorJustin Chadwell <justin.chadwell@arm.com>Mon Jul 29 17:13:10 2019 +0100
committerJustin Chadwell <justin.chadwell@arm.com>Thu Sep 12 15:27:39 2019 +0100
tree01615f4f69293ad2d89108796fc9c8d3f4b2e302
parent9180af2a1b568ecc907ced9d25af48074d13ad9b [diff]
Support larger RSA key sizes when using MBEDTLS

Previously, TF-A could not support large RSA key sizes as the
configuration options passed to MBEDTLS prevented storing and performing
calculations with the larger, higher-precision numbers required. With
these changes to the arguments passed to MBEDTLS, TF-A now supports
using 3072 (3K) and 4096 (4K) keys in certificates.

Change-Id: Ib73a6773145d2faa25c28d04f9a42e86f2fd555f
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>

diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index 63e65bd..f34d3d0 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -59,6 +59,16 @@
     endif
 endif
 
+ifeq (${TF_MBEDTLS_KEY_SIZE},)
+    ifneq ($(findstring rsa,${TF_MBEDTLS_KEY_ALG}),)
+	ifeq (${KEY_SIZE},)
+            TF_MBEDTLS_KEY_SIZE		:=	2048
+	else
+            TF_MBEDTLS_KEY_SIZE		:=	${KEY_SIZE}
+	endif
+    endif
+endif
+
 ifeq (${HASH_ALG}, sha384)
     TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA384
 else ifeq (${HASH_ALG}, sha512)
@@ -79,6 +89,7 @@
 
 # Needs to be set to drive mbed TLS configuration correctly
 $(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID))
+$(eval $(call add_define,TF_MBEDTLS_KEY_SIZE))
 $(eval $(call add_define,TF_MBEDTLS_HASH_ALG_ID))
 
 

diff --git a/drivers/auth/tbbr/tbbr_cot.c b/drivers/auth/tbbr/tbbr_cot.c
index da3631b..6dd4ae2 100644
--- a/drivers/auth/tbbr/tbbr_cot.c
+++ b/drivers/auth/tbbr/tbbr_cot.c

@@ -7,6 +7,7 @@
 #include <stddef.h>
 
 #include <platform_def.h>
+#include <drivers/auth/mbedtls/mbedtls_config.h>
 
 #include <drivers/auth/auth_mod.h>
 #if USE_TBBR_DEFS
@@ -19,7 +20,22 @@
 /*
  * Maximum key and hash sizes (in DER format)
  */
+#if TF_MBEDTLS_USE_RSA
+#if TF_MBEDTLS_KEY_SIZE == 1024
+#define PK_DER_LEN			162
+#elif TF_MBEDTLS_KEY_SIZE == 2048
 #define PK_DER_LEN			294
+#elif TF_MBEDTLS_KEY_SIZE == 3072
+#define PK_DER_LEN			422
+#elif TF_MBEDTLS_KEY_SIZE == 4096
+#define PK_DER_LEN			550
+#else
+#error "Invalid value for TF_MBEDTLS_KEY_SIZE"
+#endif
+#else
+#define PK_DER_LEN			294
+#endif
+
 #define HASH_DER_LEN			83
 
 /*