summaryrefslogtreecommitdiff
path: root/drivers/auth/mbedtls/mbedtls_common.mk
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/auth/mbedtls/mbedtls_common.mk')
-rw-r--r--drivers/auth/mbedtls/mbedtls_common.mk88
1 files changed, 76 insertions, 12 deletions
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index a5d19e6a..71c496ed 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -13,22 +13,86 @@ ifeq (${MBEDTLS_DIR},)
$(error Error: MBEDTLS_DIR not set)
endif
-INCLUDES += -I${MBEDTLS_DIR}/include \
- -Iinclude/drivers/auth/mbedtls
+MBEDTLS_INC = -I${MBEDTLS_DIR}/include
+INCLUDES += -Iinclude/drivers/auth/mbedtls
# Specify mbed TLS configuration file
MBEDTLS_CONFIG_FILE := "<mbedtls_config.h>"
$(eval $(call add_define,MBEDTLS_CONFIG_FILE))
-MBEDTLS_COMMON_SOURCES := drivers/auth/mbedtls/mbedtls_common.c \
- $(addprefix ${MBEDTLS_DIR}/library/, \
- asn1parse.c \
- asn1write.c \
- memory_buffer_alloc.c \
- oid.c \
- platform.c \
- platform_util.c \
- rsa_internal.c \
- )
+MBEDTLS_SOURCES += drivers/auth/mbedtls/mbedtls_common.c
+
+
+LIBMBEDTLS_SRCS := $(addprefix ${MBEDTLS_DIR}/library/, \
+ asn1parse.c \
+ asn1write.c \
+ memory_buffer_alloc.c \
+ oid.c \
+ platform.c \
+ platform_util.c \
+ bignum.c \
+ md.c \
+ md_wrap.c \
+ pk.c \
+ pk_wrap.c \
+ pkparse.c \
+ pkwrite.c \
+ sha256.c \
+ sha512.c \
+ ecdsa.c \
+ ecp_curves.c \
+ ecp.c \
+ rsa.c \
+ rsa_internal.c \
+ x509.c \
+ x509_crt.c \
+ )
+
+# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
+# algorithm to use. If the variable is not defined, select it based on algorithm
+# used for key generation `KEY_ALG`. If `KEY_ALG` is not defined or is
+# defined to `rsa`/`rsa_1_5`, then set the variable to `rsa`.
+ifeq (${TF_MBEDTLS_KEY_ALG},)
+ ifeq (${KEY_ALG}, ecdsa)
+ TF_MBEDTLS_KEY_ALG := ecdsa
+ else
+ TF_MBEDTLS_KEY_ALG := rsa
+ endif
+endif
+
+# If MBEDTLS_KEY_ALG build flag is defined use it to set TF_MBEDTLS_KEY_ALG for
+# backward compatibility
+ifdef MBEDTLS_KEY_ALG
+ ifeq (${ERROR_DEPRECATED},1)
+ $(error "MBEDTLS_KEY_ALG is deprecated. Please use the new build flag TF_MBEDTLS_KEY_ALG")
+ endif
+ $(warning "MBEDTLS_KEY_ALG is deprecated. Please use the new build flag TF_MBEDTLS_KEY_ALG")
+ TF_MBEDTLS_KEY_ALG := ${MBEDTLS_KEY_ALG}
+endif
+
+ifeq (${HASH_ALG}, sha384)
+ TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA384
+else ifeq (${HASH_ALG}, sha512)
+ TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA512
+else
+ TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA256
+endif
+
+ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa)
+ TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_ECDSA
+else ifeq (${TF_MBEDTLS_KEY_ALG},rsa)
+ TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA
+else ifeq (${TF_MBEDTLS_KEY_ALG},rsa+ecdsa)
+ TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA_AND_ECDSA
+else
+ $(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS")
+endif
+
+# Needs to be set to drive mbed TLS configuration correctly
+$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID))
+$(eval $(call add_define,TF_MBEDTLS_HASH_ALG_ID))
+
+
+$(eval $(call MAKE_LIB,mbedtls))
endif
generated by cgit v1.2.3 (git 2.0.4) at 2024-06-19 00:29:51 +0000