endif
endif
-ifneq ($(filter 1,${MEASURED_BOOT} ${TRUSTED_BOARD_BOOT} ${DRTM_SUPPORT}),)
+ifeq ($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT),1-1)
+# Support authentication verification and hash calculation
+ CRYPTO_SUPPORT := 3
+else ifeq ($(DRTM_SUPPORT)-$(TRUSTED_BOARD_BOOT),1-1)
+# Support authentication verification and hash calculation
+ CRYPTO_SUPPORT := 3
+else ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),)
+# Support hash calculation only
+ CRYPTO_SUPPORT := 2
+else ifeq (${TRUSTED_BOARD_BOOT},1)
+# Support authentication verification only
CRYPTO_SUPPORT := 1
else
CRYPTO_SUPPORT := 0
SPMC_AT_EL3 \
SPMD_SPM_AT_SEL2 \
TRUSTED_BOARD_BOOT \
- CRYPTO_SUPPORT \
USE_COHERENT_MEM \
USE_DEBUGFS \
ARM_IO_IN_DTB \
CTX_INCLUDE_PAUTH_REGS \
CTX_INCLUDE_MTE_REGS \
CTX_INCLUDE_NEVE_REGS \
+ CRYPTO_SUPPORT \
ENABLE_BRBE_FOR_NS \
ENABLE_TRBE_FOR_NS \
ENABLE_BTI \
{
assert(crypto_lib_desc.name != NULL);
assert(crypto_lib_desc.init != NULL);
-#if TRUSTED_BOARD_BOOT
+#if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \
+CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
assert(crypto_lib_desc.verify_signature != NULL);
assert(crypto_lib_desc.verify_hash != NULL);
-#endif /* TRUSTED_BOARD_BOOT */
-#if MEASURED_BOOT || DRTM_SUPPORT
+#endif /* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \
+ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
+
+#if CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \
+CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
assert(crypto_lib_desc.calc_hash != NULL);
-#endif /* MEASURED_BOOT || DRTM_SUPPORT */
+#endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \
+ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
/* Initialize the cryptographic library */
crypto_lib_desc.init();
INFO("Using crypto library '%s'\n", crypto_lib_desc.name);
}
+#if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \
+CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
/*
* Function to verify a digital signature
*
return crypto_lib_desc.verify_hash(data_ptr, data_len,
digest_info_ptr, digest_info_len);
}
+#endif /* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \
+ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
-#if MEASURED_BOOT || DRTM_SUPPORT
+#if CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \
+CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
/*
* Calculate a hash
*
return crypto_lib_desc.calc_hash(alg, data_ptr, data_len, output);
}
-#endif /* MEASURED_BOOT || DRTM_SUPPORT */
+#endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \
+ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
/*
* Authenticated decryption of data
#define LIB_NAME "mbed TLS"
-#if MEASURED_BOOT || DRTM_SUPPORT
+#if CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \
+CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
/*
* CRYPTO_MD_MAX_SIZE value is as per current stronger algorithm available
* so make sure that mbed TLS MD maximum size must be lesser than this.
CASSERT(CRYPTO_MD_MAX_SIZE >= MBEDTLS_MD_MAX_SIZE,
assert_mbedtls_md_size_overflow);
-#endif /* MEASURED_BOOT || DRTM_SUPPORT */
+#endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \
+ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
/*
* AlgorithmIdentifier ::= SEQUENCE {
mbedtls_init();
}
-#if TRUSTED_BOARD_BOOT
+#if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \
+CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
/*
* Verify a signature.
*
return CRYPTO_SUCCESS;
}
-#endif /* TRUSTED_BOARD_BOOT */
+#endif /* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \
+ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
-#if MEASURED_BOOT || DRTM_SUPPORT
+#if CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \
+CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
/*
* Map a generic crypto message digest algorithm to the corresponding macro used
* by Mbed TLS.
*/
return mbedtls_md(md_info, data_ptr, data_len, output);
}
-#endif /* MEASURED_BOOT || DRTM_SUPPORT */
+#endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \
+ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
#if TF_MBEDTLS_USE_AES_GCM
/*
/*
* Register crypto library descriptor
*/
-#if (MEASURED_BOOT || DRTM_SUPPORT) && TRUSTED_BOARD_BOOT
+#if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
#if TF_MBEDTLS_USE_AES_GCM
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash,
auth_decrypt);
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash,
NULL);
#endif
-#elif TRUSTED_BOARD_BOOT
+#elif CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY
#if TF_MBEDTLS_USE_AES_GCM
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash,
auth_decrypt);
#else
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL);
#endif
-#elif MEASURED_BOOT || DRTM_SUPPORT
+#elif CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY
REGISTER_CRYPTO_LIB(LIB_NAME, init, calc_hash);
-#endif /* (MEASURED_BOOT || DRTM_SUPPORT) && TRUSTED_BOARD_BOOT */
+#endif /* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
#ifndef CRYPTO_MOD_H
#define CRYPTO_MOD_H
+#define CRYPTO_AUTH_VERIFY_ONLY 1
+#define CRYPTO_HASH_CALC_ONLY 2
+#define CRYPTO_AUTH_VERIFY_AND_HASH_CALC 3
+
/* Return values */
enum crypto_ret_value {
CRYPTO_SUCCESS = 0,
/* Verify a digital signature. Return one of the
* 'enum crypto_ret_value' options */
+#if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \
+CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
int (*verify_signature)(void *data_ptr, unsigned int data_len,
void *sig_ptr, unsigned int sig_len,
void *sig_alg, unsigned int sig_alg_len,
/* Verify a hash. Return one of the 'enum crypto_ret_value' options */
int (*verify_hash)(void *data_ptr, unsigned int data_len,
void *digest_info_ptr, unsigned int digest_info_len);
+#endif /* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \
+ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
-#if MEASURED_BOOT || DRTM_SUPPORT
+#if CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \
+CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
/* Calculate a hash. Return hash value */
int (*calc_hash)(enum crypto_md_algo md_alg, void *data_ptr,
unsigned int data_len,
unsigned char output[CRYPTO_MD_MAX_SIZE]);
-#endif /* MEASURED_BOOT || DRTM_SUPPORT */
+#endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \
+ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
/*
* Authenticated decryption. Return one of the
}
#endif /* CRYPTO_SUPPORT */
+#if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \
+CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len,
void *sig_ptr, unsigned int sig_len,
void *sig_alg_ptr, unsigned int sig_alg_len,
void *pk_ptr, unsigned int pk_len);
int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len,
void *digest_info_ptr, unsigned int digest_info_len);
+#endif /* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \
+ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
+
int crypto_mod_auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr,
size_t len, const void *key, unsigned int key_len,
unsigned int key_flags, const void *iv,
unsigned int iv_len, const void *tag,
unsigned int tag_len);
-#if MEASURED_BOOT || DRTM_SUPPORT
+#if CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \
+CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr,
unsigned int data_len,
unsigned char output[CRYPTO_MD_MAX_SIZE]);
-#endif /* MEASURED_BOOT || DRTM_SUPPORT */
+#endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \
+ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
-#if (MEASURED_BOOT || DRTM_SUPPORT) && TRUSTED_BOARD_BOOT
+#if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
/* Macro to register a cryptographic library */
#define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \
_calc_hash, _auth_decrypt) \
.calc_hash = _calc_hash, \
.auth_decrypt = _auth_decrypt \
}
-#elif TRUSTED_BOARD_BOOT
+#elif CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY
#define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \
_auth_decrypt) \
const crypto_lib_desc_t crypto_lib_desc = { \
.verify_hash = _verify_hash, \
.auth_decrypt = _auth_decrypt \
}
-#elif MEASURED_BOOT || DRTM_SUPPORT
+#elif CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY
#define REGISTER_CRYPTO_LIB(_name, _init, _calc_hash) \
const crypto_lib_desc_t crypto_lib_desc = { \
.name = _name, \
.init = _init, \
.calc_hash = _calc_hash, \
}
-#endif /* (MEASURED_BOOT || DRTM_SUPPORT) && TRUSTED_BOARD_BOOT */
+#endif /* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
extern const crypto_lib_desc_t crypto_lib_desc;
projects / arm-tf.git / commitdiff