From 9db9c65a112e6e3a0bb9588b8e30a22265cbfbaf Mon Sep 17 00:00:00 2001 From: Qixiang Xu Date: Thu, 24 Aug 2017 15:12:20 +0800 Subject: Add support for TBBR using ECDSA keys in ARM platforms - fixed compile error when KEY_ALG=ecdsa - add new option ecdsa for TF_MBEDTLS_KEY_ALG - add new option devel_ecdsa for ARM_ROTPK_LOCATION - add ecdsa key at plat/arm/board/common/rotpk/ - reduce the mbedtls heap memory size to 13k Change-Id: I3f7a6170af93fdbaaa7bf2fffb4680a9f6113c13 Signed-off-by: Qixiang Xu --- drivers/auth/mbedtls/mbedtls_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers') diff --git a/drivers/auth/mbedtls/mbedtls_common.c b/drivers/auth/mbedtls/mbedtls_common.c index e9aa409b5..cc57af39d 100644 --- a/drivers/auth/mbedtls/mbedtls_common.c +++ b/drivers/auth/mbedtls/mbedtls_common.c @@ -15,7 +15,7 @@ * mbed TLS heap */ #if (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA) -#define MBEDTLS_HEAP_SIZE (14*1024) +#define MBEDTLS_HEAP_SIZE (13*1024) #elif (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA) #define MBEDTLS_HEAP_SIZE (7*1024) #endif -- cgit v1.2.3 From dcbf3932fd58537695dfcd8ccacb1a76fd193b48 Mon Sep 17 00:00:00 2001 From: Qixiang Xu Date: Thu, 24 Aug 2017 15:26:39 +0800 Subject: Dynamic selection of ECDSA or RSA Add new option rsa+ecdsa for TF_MBEDTLS_KEY_ALG, which selects rsa or ecdsa depending on the certificate used. Change-Id: I08d9e99bdbba361ed2ec5624248dc382c750ad47 Signed-off-by: Qixiang Xu --- drivers/auth/mbedtls/mbedtls_common.c | 3 ++- drivers/auth/mbedtls/mbedtls_crypto.mk | 24 ++++++++++++++++-------- 2 files changed, 18 insertions(+), 9 deletions(-) (limited to 'drivers') diff --git a/drivers/auth/mbedtls/mbedtls_common.c b/drivers/auth/mbedtls/mbedtls_common.c index cc57af39d..205c2432a 100644 --- a/drivers/auth/mbedtls/mbedtls_common.c +++ b/drivers/auth/mbedtls/mbedtls_common.c @@ -14,7 +14,8 @@ /* * mbed TLS heap */ -#if (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA) +#if (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA) \ + || (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA) #define MBEDTLS_HEAP_SIZE (13*1024) #elif (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA) #define MBEDTLS_HEAP_SIZE (7*1024) diff --git a/drivers/auth/mbedtls/mbedtls_crypto.mk b/drivers/auth/mbedtls/mbedtls_crypto.mk index 21b857bff..d6fc7eb53 100644 --- a/drivers/auth/mbedtls/mbedtls_crypto.mk +++ b/drivers/auth/mbedtls/mbedtls_crypto.mk @@ -41,18 +41,26 @@ MBEDTLS_CRYPTO_SOURCES := drivers/auth/mbedtls/mbedtls_crypto.c \ ) # Key algorithm specific files +MBEDTLS_ECDSA_CRYPTO_SOURCES += $(addprefix ${MBEDTLS_DIR}/library/, \ + ecdsa.c \ + ecp_curves.c \ + ecp.c \ + ) + +MBEDTLS_RSA_CRYPTO_SOURCES += $(addprefix ${MBEDTLS_DIR}/library/, \ + rsa.c \ + ) + ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa) - MBEDTLS_CRYPTO_SOURCES += $(addprefix ${MBEDTLS_DIR}/library/, \ - ecdsa.c \ - ecp_curves.c \ - ecp.c \ - ) + MBEDTLS_CRYPTO_SOURCES += $(MBEDTLS_ECDSA_CRYPTO_SOURCES) TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_ECDSA else ifeq (${TF_MBEDTLS_KEY_ALG},rsa) - MBEDTLS_CRYPTO_SOURCES += $(addprefix ${MBEDTLS_DIR}/library/, \ - rsa.c \ - ) + MBEDTLS_CRYPTO_SOURCES += $(MBEDTLS_RSA_CRYPTO_SOURCES) TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA +else ifeq (${TF_MBEDTLS_KEY_ALG},rsa+ecdsa) + MBEDTLS_CRYPTO_SOURCES += $(MBEDTLS_ECDSA_CRYPTO_SOURCES) + MBEDTLS_CRYPTO_SOURCES += $(MBEDTLS_RSA_CRYPTO_SOURCES) + TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA_AND_ECDSA else $(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS") endif -- cgit v1.2.3