diff --git a/bl1/bl1.mk b/bl1/bl1.mk index 41ee1a7..9a46a34 100644 --- a/bl1/bl1.mk +++ b/bl1/bl1.mk @@ -14,9 +14,7 @@ lib/el3_runtime/${ARCH}/context_mgmt.c \ plat/common/plat_bl1_common.c \ plat/common/${ARCH}/platform_up_stack.S \ - ${MBEDTLS_COMMON_SOURCES} \ - ${MBEDTLS_CRYPTO_SOURCES} \ - ${MBEDTLS_X509_SOURCES} + ${MBEDTLS_SOURCES} ifeq (${ARCH},aarch64) BL1_SOURCES += lib/el3_runtime/aarch64/context.S diff --git a/bl2/bl2.mk b/bl2/bl2.mk index a856fb7..7e33703 100644 --- a/bl2/bl2.mk +++ b/bl2/bl2.mk @@ -8,9 +8,7 @@ bl2/${ARCH}/bl2_arch_setup.c \ lib/locks/exclusive/${ARCH}/spinlock.S \ plat/common/${ARCH}/platform_up_stack.S \ - ${MBEDTLS_COMMON_SOURCES} \ - ${MBEDTLS_CRYPTO_SOURCES} \ - ${MBEDTLS_X509_SOURCES} + ${MBEDTLS_SOURCES} ifeq (${ARCH},aarch64) BL2_SOURCES += common/aarch64/early_exceptions.S diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk index a5d19e6..67a5da2 100644 --- a/drivers/auth/mbedtls/mbedtls_common.mk +++ b/drivers/auth/mbedtls/mbedtls_common.mk @@ -20,15 +20,79 @@ MBEDTLS_CONFIG_FILE := "" $(eval $(call add_define,MBEDTLS_CONFIG_FILE)) -MBEDTLS_COMMON_SOURCES := drivers/auth/mbedtls/mbedtls_common.c \ - $(addprefix ${MBEDTLS_DIR}/library/, \ - asn1parse.c \ - asn1write.c \ - memory_buffer_alloc.c \ - oid.c \ - platform.c \ - platform_util.c \ - rsa_internal.c \ - ) +MBEDTLS_SOURCES += drivers/auth/mbedtls/mbedtls_common.c + + +LIBMBEDTLS_SRCS := $(addprefix ${MBEDTLS_DIR}/library/, \ + asn1parse.c \ + asn1write.c \ + memory_buffer_alloc.c \ + oid.c \ + platform.c \ + platform_util.c \ + bignum.c \ + md.c \ + md_wrap.c \ + pk.c \ + pk_wrap.c \ + pkparse.c \ + pkwrite.c \ + sha256.c \ + sha512.c \ + ecdsa.c \ + ecp_curves.c \ + ecp.c \ + rsa.c \ + rsa_internal.c \ + x509.c \ + x509_crt.c \ + ) + +# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key +# algorithm to use. If the variable is not defined, select it based on algorithm +# used for key generation `KEY_ALG`. If `KEY_ALG` is not defined or is +# defined to `rsa`/`rsa_1_5`, then set the variable to `rsa`. +ifeq (${TF_MBEDTLS_KEY_ALG},) + ifeq (${KEY_ALG}, ecdsa) + TF_MBEDTLS_KEY_ALG := ecdsa + else + TF_MBEDTLS_KEY_ALG := rsa + endif +endif + +# If MBEDTLS_KEY_ALG build flag is defined use it to set TF_MBEDTLS_KEY_ALG for +# backward compatibility +ifdef MBEDTLS_KEY_ALG + ifeq (${ERROR_DEPRECATED},1) + $(error "MBEDTLS_KEY_ALG is deprecated. Please use the new build flag TF_MBEDTLS_KEY_ALG") + endif + $(warning "MBEDTLS_KEY_ALG is deprecated. Please use the new build flag TF_MBEDTLS_KEY_ALG") + TF_MBEDTLS_KEY_ALG := ${MBEDTLS_KEY_ALG} +endif + +ifeq (${HASH_ALG}, sha384) + TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA384 +else ifeq (${HASH_ALG}, sha512) + TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA512 +else + TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA256 +endif + +ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa) + TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_ECDSA +else ifeq (${TF_MBEDTLS_KEY_ALG},rsa) + TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA +else ifeq (${TF_MBEDTLS_KEY_ALG},rsa+ecdsa) + TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA_AND_ECDSA +else + $(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS") +endif + +# Needs to be set to drive mbed TLS configuration correctly +$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID)) +$(eval $(call add_define,TF_MBEDTLS_HASH_ALG_ID)) + + +$(eval $(call MAKE_LIB,mbedtls)) endif diff --git a/drivers/auth/mbedtls/mbedtls_crypto.mk b/drivers/auth/mbedtls/mbedtls_crypto.mk index 6b15e71..2a9fbbf 100644 --- a/drivers/auth/mbedtls/mbedtls_crypto.mk +++ b/drivers/auth/mbedtls/mbedtls_crypto.mk @@ -6,86 +6,6 @@ include drivers/auth/mbedtls/mbedtls_common.mk -# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key -# algorithm to use. If the variable is not defined, select it based on algorithm -# used for key generation `KEY_ALG`. If `KEY_ALG` is not defined or is -# defined to `rsa`/`rsa_1_5`, then set the variable to `rsa`. -ifeq (${TF_MBEDTLS_KEY_ALG},) - ifeq (${KEY_ALG}, ecdsa) - TF_MBEDTLS_KEY_ALG := ecdsa - else - TF_MBEDTLS_KEY_ALG := rsa - endif -endif +MBEDTLS_SOURCES += drivers/auth/mbedtls/mbedtls_crypto.c -# If MBEDTLS_KEY_ALG build flag is defined use it to set TF_MBEDTLS_KEY_ALG for -# backward compatibility -ifdef MBEDTLS_KEY_ALG - ifeq (${ERROR_DEPRECATED},1) - $(error "MBEDTLS_KEY_ALG is deprecated. Please use the new build flag TF_MBEDTLS_KEY_ALG") - endif - $(warning "MBEDTLS_KEY_ALG is deprecated. Please use the new build flag TF_MBEDTLS_KEY_ALG") - TF_MBEDTLS_KEY_ALG := ${MBEDTLS_KEY_ALG} -endif -MBEDTLS_CRYPTO_SOURCES := drivers/auth/mbedtls/mbedtls_crypto.c \ - $(addprefix ${MBEDTLS_DIR}/library/, \ - bignum.c \ - md.c \ - md_wrap.c \ - pk.c \ - pk_wrap.c \ - pkparse.c \ - pkwrite.c \ - ) - -ifeq (${HASH_ALG}, sha384) - MBEDTLS_CRYPTO_SOURCES += \ - $(addprefix ${MBEDTLS_DIR}/library/, \ - sha256.c \ - sha512.c \ - ) - TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA384 -else ifeq (${HASH_ALG}, sha512) - MBEDTLS_CRYPTO_SOURCES += \ - $(addprefix ${MBEDTLS_DIR}/library/, \ - sha256.c \ - sha512.c \ - ) - TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA512 -else - MBEDTLS_CRYPTO_SOURCES += \ - $(addprefix ${MBEDTLS_DIR}/library/, \ - sha256.c \ - ) - TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA256 -endif - -# Key algorithm specific files -MBEDTLS_ECDSA_CRYPTO_SOURCES += $(addprefix ${MBEDTLS_DIR}/library/, \ - ecdsa.c \ - ecp_curves.c \ - ecp.c \ - ) - -MBEDTLS_RSA_CRYPTO_SOURCES += $(addprefix ${MBEDTLS_DIR}/library/, \ - rsa.c \ - ) - -ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa) - MBEDTLS_CRYPTO_SOURCES += $(MBEDTLS_ECDSA_CRYPTO_SOURCES) - TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_ECDSA -else ifeq (${TF_MBEDTLS_KEY_ALG},rsa) - MBEDTLS_CRYPTO_SOURCES += $(MBEDTLS_RSA_CRYPTO_SOURCES) - TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA -else ifeq (${TF_MBEDTLS_KEY_ALG},rsa+ecdsa) - MBEDTLS_CRYPTO_SOURCES += $(MBEDTLS_ECDSA_CRYPTO_SOURCES) - MBEDTLS_CRYPTO_SOURCES += $(MBEDTLS_RSA_CRYPTO_SOURCES) - TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA_AND_ECDSA -else - $(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS") -endif - -# Needs to be set to drive mbed TLS configuration correctly -$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID)) -$(eval $(call add_define,TF_MBEDTLS_HASH_ALG_ID)) diff --git a/drivers/auth/mbedtls/mbedtls_x509.mk b/drivers/auth/mbedtls/mbedtls_x509.mk index a6f72e6..a0557e2 100644 --- a/drivers/auth/mbedtls/mbedtls_x509.mk +++ b/drivers/auth/mbedtls/mbedtls_x509.mk @@ -6,8 +6,4 @@ include drivers/auth/mbedtls/mbedtls_common.mk -MBEDTLS_X509_SOURCES := drivers/auth/mbedtls/mbedtls_x509_parser.c \ - $(addprefix ${MBEDTLS_DIR}/library/, \ - x509.c \ - x509_crt.c \ - ) +MBEDTLS_SOURCES += drivers/auth/mbedtls/mbedtls_x509_parser.c