diff options
author | laurenw-arm <lauren.wehrmeister@arm.com> | 2023-08-15 14:56:46 -0500 |
---|---|---|
committer | laurenw-arm <lauren.wehrmeister@arm.com> | 2023-10-13 09:59:25 -0500 |
commit | 557f7d806a62a460404f8d1bec84c9400585930b (patch) | |
tree | 86c322de8b60c748ab1d3cf755da2c5e1f8bbf56 | |
parent | c512c89cde91f10e1b283522ac956fa4da85a797 (diff) |
feat(auth): ecdsa p384 key support
Use KEY_SIZE 384 to enable ECDSA P384 key support by
setting MBEDTLS_ECP_DP_SECP384R1_ENABLED.
Selected by setting KEY_ALG=ecdsa and KEY_SIZE=384.
Change-Id: I382f34fc4da98f166a2aada5d16fdf44632b47f5
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
-rw-r--r-- | drivers/auth/mbedtls/mbedtls_common.mk | 16 | ||||
-rw-r--r-- | include/drivers/auth/mbedtls/mbedtls_config-3.h | 4 |
2 files changed, 17 insertions, 3 deletions
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk index 376b6b7ca..e380c86de 100644 --- a/drivers/auth/mbedtls/mbedtls_common.mk +++ b/drivers/auth/mbedtls/mbedtls_common.mk @@ -107,11 +107,21 @@ endif ifeq (${TF_MBEDTLS_KEY_SIZE},) ifneq ($(findstring rsa,${TF_MBEDTLS_KEY_ALG}),) - ifeq (${KEY_SIZE},) + ifeq (${KEY_SIZE},) TF_MBEDTLS_KEY_SIZE := 2048 - else + else ifneq ($(filter $(KEY_SIZE), 1024 2048 3072 4096),) TF_MBEDTLS_KEY_SIZE := ${KEY_SIZE} - endif + else + $(error "Invalid value for KEY_SIZE: ${KEY_SIZE}") + endif + else ifneq ($(findstring ecdsa,${TF_MBEDTLS_KEY_ALG}),) + ifeq (${KEY_SIZE},) + TF_MBEDTLS_KEY_SIZE := 256 + else ifneq ($(filter $(KEY_SIZE), 256 384),) + TF_MBEDTLS_KEY_SIZE := ${KEY_SIZE} + else + $(error "Invalid value for KEY_SIZE: ${KEY_SIZE}") + endif endif endif diff --git a/include/drivers/auth/mbedtls/mbedtls_config-3.h b/include/drivers/auth/mbedtls/mbedtls_config-3.h index ba936a3c8..923fc5467 100644 --- a/include/drivers/auth/mbedtls/mbedtls_config-3.h +++ b/include/drivers/auth/mbedtls/mbedtls_config-3.h @@ -62,8 +62,12 @@ #if TF_MBEDTLS_USE_ECDSA #define MBEDTLS_ECDSA_C #define MBEDTLS_ECP_C +#if TF_MBEDTLS_KEY_SIZE == 384 +#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +#else #define MBEDTLS_ECP_DP_SECP256R1_ENABLED #endif +#endif #if TF_MBEDTLS_USE_RSA #define MBEDTLS_RSA_C #define MBEDTLS_X509_RSASSA_PSS_SUPPORT |