diff options
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | lib/mbedtls/Kconfig | 785 | ||||
| -rw-r--r-- | lib/mbedtls/Makefile | 44 | ||||
| -rw-r--r-- | lib/mbedtls/mbedtls_def_config.h | 37 |
4 files changed, 612 insertions, 256 deletions
@@ -829,7 +829,7 @@ KBUILD_HOSTCFLAGS += $(if $(CONFIG_TOOLS_DEBUG),-g) UBOOTINCLUDE := \ -Iinclude \ $(if $(KBUILD_SRC), -I$(srctree)/include) \ - $(if $(CONFIG_MBEDTLS_LIB), \ + $(if $(CONFIG_$(XPL_)MBEDTLS_LIB), \ "-DMBEDTLS_CONFIG_FILE=\"mbedtls_def_config.h\"" \ -I$(srctree)/lib/mbedtls \ -I$(srctree)/lib/mbedtls/port \ diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index bb8ac5f862b..789721ee6cd 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -1,57 +1,54 @@ +# For U-Boot Proper + choice - prompt "Select crypto libraries" - default LEGACY_CRYPTO + prompt "Crypto libraries (U-Boot Proper)" + default LEGACY_HASHING_AND_CRYPTO help Select crypto libraries. - LEGACY_CRYPTO for legacy crypto libraries, + LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries, MBEDTLS_LIB for MbedTLS libraries. -config LEGACY_CRYPTO +config LEGACY_HASHING_AND_CRYPTO bool "legacy crypto libraries" - select LEGACY_CRYPTO_BASIC - select LEGACY_CRYPTO_CERT + select LEGACY_HASHING + select LEGACY_CRYPTO config MBEDTLS_LIB bool "MbedTLS libraries" select MBEDTLS_LIB_X509 endchoice -if LEGACY_CRYPTO || MBEDTLS_LIB_CRYPTO_ALT +if LEGACY_HASHING_AND_CRYPTO || MBEDTLS_LIB_HASHING_ALT -config LEGACY_CRYPTO_BASIC - bool "legacy basic crypto libraries" +config LEGACY_HASHING + bool "Use U-Boot legacy hashing libraries" select MD5_LEGACY if MD5 select SHA1_LEGACY if SHA1 select SHA256_LEGACY if SHA256 select SHA512_LEGACY if SHA512 select SHA384_LEGACY if SHA384 - select SPL_MD5_LEGACY if SPL_MD5 - select SPL_SHA1_LEGACY if SPL_SHA1 - select SPL_SHA256_LEGACY if SPL_SHA256 - select SPL_SHA512_LEGACY if SPL_SHA512 - select SPL_SHA384_LEGACY if SPL_SHA384 help - Enable legacy basic crypto libraries. + Enable U-Boot legacy hashing libraries. -if LEGACY_CRYPTO_BASIC +if LEGACY_HASHING config SHA1_LEGACY bool "Enable SHA1 support with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SHA1 + depends on LEGACY_HASHING && SHA1 help This option enables support of hashing using SHA1 algorithm with legacy crypto library. config SHA256_LEGACY bool "Enable SHA256 support with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SHA256 + depends on LEGACY_HASHING && SHA256 help This option enables support of hashing using SHA256 algorithm with legacy crypto library. config SHA512_LEGACY bool "Enable SHA512 support with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SHA512 + depends on LEGACY_HASHING && SHA512 default y if TI_SECURE_DEVICE && FIT_SIGNATURE help This option enables support of hashing using SHA512 algorithm @@ -59,7 +56,7 @@ config SHA512_LEGACY config SHA384_LEGACY bool "Enable SHA384 support with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SHA384 + depends on LEGACY_HASHING && SHA384 select SHA512_LEGACY help This option enables support of hashing using SHA384 algorithm @@ -67,96 +64,16 @@ config SHA384_LEGACY config MD5_LEGACY bool "Enable MD5 support with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && MD5 - help - This option enables support of hashing using MD5 algorithm - with legacy crypto library. - -if SPL - -config SPL_SHA1_LEGACY - bool "Enable SHA1 support in SPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SPL_SHA1 - help - This option enables support of hashing using SHA1 algorithm - with legacy crypto library. - -config SPL_SHA256_LEGACY - bool "Enable SHA256 support in SPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SPL_SHA256 - help - This option enables support of hashing using SHA256 algorithm - with legacy crypto library. - -config SPL_SHA512_LEGACY - bool "Enable SHA512 support in SPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SPL_SHA512 - help - This option enables support of hashing using SHA512 algorithm - with legacy crypto library. - -config SPL_SHA384_LEGACY - bool "Enable SHA384 support in SPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SPL_SHA384 - select SPL_SHA512_LEGACY - help - This option enables support of hashing using SHA384 algorithm - with legacy crypto library. - -config SPL_MD5_LEGACY - bool "Enable MD5 support in SPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SPL_MD5 - help - This option enables support of hashing using MD5 algorithm - with legacy crypto library. - -endif # SPL - -if VPL - -config VPL_SHA1_LEGACY - bool "Enable SHA1 support in VPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && VPL_SHA1 - help - This option enables support of hashing using SHA1 algorithm - with legacy crypto library. - -config VPL_SHA256_LEGACY - bool "Enable SHA256 support in VPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && VPL_SHA256 - help - This option enables support of hashing using SHA256 algorithm - with legacy crypto library. - -config VPL_SHA512_LEGACY - bool "Enable SHA512 support in VPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && VPL_SHA512 - help - This option enables support of hashing using SHA512 algorithm - with legacy crypto library. - -config VPL_SHA384_LEGACY - bool "Enable SHA384 support in VPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && VPL_SHA384 - select VPL_SHA512_LEGACY - help - This option enables support of hashing using SHA384 algorithm - with legacy crypto library. - -config VPL_MD5_LEGACY - bool "Enable MD5 support in VPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && VPL_MD5 + depends on LEGACY_HASHING && MD5 help This option enables support of hashing using MD5 algorithm with legacy crypto library. -endif # VPL - -endif # LEGACY_CRYPTO_BASIC +endif # LEGACY_HASHING -config LEGACY_CRYPTO_CERT +config LEGACY_CRYPTO bool "legacy certificate libraries" - depends on LEGACY_CRYPTO + depends on LEGACY_HASHING_AND_CRYPTO select ASN1_DECODER_LEGACY if ASN1_DECODER select ASYMMETRIC_PUBLIC_KEY_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE @@ -164,24 +81,20 @@ config LEGACY_CRYPTO_CERT select X509_CERTIFICATE_PARSER_LEGACY if X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER_LEGACY if PKCS7_MESSAGE_PARSER select MSCODE_PARSER_LEGACY if MSCODE_PARSER - select SPL_ASN1_DECODER_LEGACY if SPL_ASN1_DECODER - select SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY if \ - SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE - select SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if SPL_RSA_PUBLIC_KEY_PARSER help Enable legacy certificate libraries. -if LEGACY_CRYPTO_CERT +if LEGACY_CRYPTO config ASN1_DECODER_LEGACY bool "ASN1 decoder with legacy certificate library" - depends on LEGACY_CRYPTO_CERT && ASN1_DECODER + depends on LEGACY_CRYPTO && ASN1_DECODER help This option chooses legacy certificate library for ASN1 decoder. config ASYMMETRIC_PUBLIC_KEY_LEGACY bool "Asymmetric public key crypto with legacy certificate library" - depends on LEGACY_CRYPTO_CERT && ASYMMETRIC_PUBLIC_KEY_SUBTYPE + depends on LEGACY_CRYPTO && ASYMMETRIC_PUBLIC_KEY_SUBTYPE help This option chooses legacy certificate library for asymmetric public key crypto algorithm. @@ -212,68 +125,41 @@ config PKCS7_MESSAGE_PARSER_LEGACY config MSCODE_PARSER_LEGACY bool "MS authenticode parser with legacy certificate library" - depends on LEGACY_CRYPTO_CERT && MSCODE_PARSER + depends on LEGACY_CRYPTO && MSCODE_PARSER select ASN1_DECODER_LEGACY help This option chooses legacy certificate library for MS authenticode parser. -if SPL - -config SPL_ASN1_DECODER_LEGACY - bool "ASN1 decoder with legacy certificate library in SPL" - depends on LEGACY_CRYPTO_CERT && SPL_ASN1_DECODER - help - This option chooses legacy certificate library for ASN1 decoder in - SPL. - -config SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY - bool "Asymmetric public key crypto with legacy certificate library in SPL" - depends on LEGACY_CRYPTO_CERT && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE - help - This option chooses legacy certificate library for asymmetric public - key crypto algorithm in SPL. - -config SPL_RSA_PUBLIC_KEY_PARSER_LEGACY - bool "RSA public key parser with legacy certificate library in SPL" - depends on SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY - select SPL_ASN1_DECODER_LEGACY - help - This option chooses legacy certificate library for RSA public key - parser in SPL. - -endif # SPL - -endif # LEGACY_CRYPTO_CERT - endif # LEGACY_CRYPTO +endif # LEGACY_HASHING_AND_CRYPTO || MBEDTLS_LIB_HASHING_ALT + if MBEDTLS_LIB -config MBEDTLS_LIB_CRYPTO_ALT - bool "MbedTLS crypto alternatives" +config MBEDTLS_LIB_HASHING_ALT + bool "Replace MbedTLS native hashing with U-Boot legacy libraries" depends on MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO - select LEGACY_CRYPTO_BASIC + select LEGACY_HASHING default y if MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO help - Enable MbedTLS crypto alternatives. + Enable MbedTLS hashing alternatives and replace them with legacy hashing + libraries. + This allows user to use U-Boot legacy hashing algorithms together with + other MbedTLS modules. Mutually incompatible with MBEDTLS_LIB_CRYPTO. config MBEDTLS_LIB_CRYPTO - bool "MbedTLS crypto libraries" + bool "Use MbedTLS native crypto libraries for hashing" + default y if MBEDTLS_LIB select MD5_MBEDTLS if MD5 select SHA1_MBEDTLS if SHA1 select SHA256_MBEDTLS if SHA256 select SHA512_MBEDTLS if SHA512 select SHA384_MBEDTLS if SHA384 - select SPL_MD5_MBEDTLS if SPL_MD5 - select SPL_SHA1_MBEDTLS if SPL_SHA1 - select SPL_SHA256_MBEDTLS if SPL_SHA256 - select SPL_SHA512_MBEDTLS if SPL_SHA512 - select SPL_SHA384_MBEDTLS if SPL_SHA384 help - Enable MbedTLS crypto libraries. - Mutually incompatible with MBEDTLS_LIB_CRYPTO_ALT. + Enable MbedTLS native crypto libraries. + Mutually incompatible with MBEDTLS_LIB_HASHING_ALT. if MBEDTLS_LIB_CRYPTO @@ -345,53 +231,6 @@ config HKDF_MBEDTLS This option enables support of key derivation using HKDF algorithm with MbedTLS crypto library. -if SPL - -config SPL_SHA1_MBEDTLS - bool "Enable SHA1 support in SPL with MbedTLS crypto library" - depends on MBEDTLS_LIB_CRYPTO && SPL_SHA1 - help - This option enables support of hashing using SHA1 algorithm - with MbedTLS crypto library. - -config SPL_SHA256_MBEDTLS - bool "Enable SHA256 support in SPL with MbedTLS crypto library" - depends on MBEDTLS_LIB_CRYPTO && SPL_SHA256 - help - This option enables support of hashing using SHA256 algorithm - with MbedTLS crypto library. - -config SPL_SHA512_MBEDTLS - bool "Enable SHA512 support in SPL with MbedTLS crypto library" - depends on MBEDTLS_LIB_CRYPTO && SPL_SHA512 - help - This option enables support of hashing using SHA512 algorithm - with MbedTLS crypto library. - -config SPL_SHA384_MBEDTLS - bool "Enable SHA384 support in SPL with MbedTLS crypto library" - depends on MBEDTLS_LIB_CRYPTO && SPL_SHA384 - select SPL_SHA512 - help - This option enables support of hashing using SHA384 algorithm - with MbedTLS crypto library. - -config SPL_MD5_MBEDTLS - bool "Enable MD5 support in SPL with MbedTLS crypto library" - depends on MBEDTLS_LIB_CRYPTO && SPL_MD5 - help - This option enables support of hashing using MD5 algorithm - with MbedTLS crypto library. - -config SPL_HKDF_MBEDTLS - bool "Enable HKDF support in SPL with MbedTLS crypto library" - depends on MBEDTLS_LIB_CRYPTO - help - This option enables support of key derivation using HKDF algorithm - with MbedTLS crypto library. - -endif # SPL - endif # MBEDTLS_LIB_CRYPTO config MBEDTLS_LIB_X509 @@ -403,10 +242,6 @@ config MBEDTLS_LIB_X509 select X509_CERTIFICATE_PARSER_MBEDTLS if X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER_MBEDTLS if PKCS7_MESSAGE_PARSER select MSCODE_PARSER_MBEDTLS if MSCODE_PARSER - select SPL_ASN1_DECODER_MBEDTLS if SPL_ASN1_DECODER - select SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS if \ - SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE - select SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS if SPL_RSA_PUBLIC_KEY_PARSER help Enable MbedTLS certificate libraries. @@ -457,44 +292,554 @@ config MSCODE_PARSER_MBEDTLS This option chooses MbedTLS certificate library for MS authenticode parser. +endif # MBEDTLS_LIB_X509 + +config MBEDTLS_LIB_TLS + bool "MbedTLS TLS library" + depends on RSA_PUBLIC_KEY_PARSER_MBEDTLS + depends on X509_CERTIFICATE_PARSER_MBEDTLS + depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS + depends on ASN1_DECODER_MBEDTLS + depends on MBEDTLS_LIB + help + Enable MbedTLS TLS library. Required for HTTPs support + in wget + +endif # MBEDTLS_LIB + +# For SPL + if SPL +choice + prompt "Crypto libraries (SPL)" + default SPL_LEGACY_HASHING_AND_CRYPTO + help + Select crypto libraries in SPL. + SPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries, + SPL_MBEDTLS_LIB for MbedTLS libraries. + +config SPL_LEGACY_HASHING_AND_CRYPTO + bool "legacy crypto libraries" + select SPL_LEGACY_HASHING + select SPL_LEGACY_CRYPTO + +config SPL_MBEDTLS_LIB + bool "MbedTLS libraries" + select SPL_MBEDTLS_LIB_X509 +endchoice + +if SPL_LEGACY_HASHING_AND_CRYPTO || SPL_MBEDTLS_LIB_HASHING_ALT + +config SPL_LEGACY_HASHING + bool "Use U-Boot legacy hashing libraries (SPL)" + select SPL_MD5_LEGACY if SPL_MD5 + select SPL_SHA1_LEGACY if SPL_SHA1 + select SPL_SHA256_LEGACY if SPL_SHA256 + select SPL_SHA512_LEGACY if SPL_SHA512 + select SPL_SHA384_LEGACY if SPL_SHA384 + help + Enable U-Boot legacy hashing libraries in SPL. + +if SPL_LEGACY_HASHING + +config SPL_SHA1_LEGACY + bool "Enable SHA1 support with legacy crypto library (SPL)" + depends on SPL_LEGACY_HASHING && SPL_SHA1 + help + This option enables support of hashing using SHA1 algorithm + with legacy crypto library in SPL. + +config SPL_SHA256_LEGACY + bool "Enable SHA256 support with legacy crypto library (SPL)" + depends on SPL_LEGACY_HASHING && SPL_SHA256 + help + This option enables support of hashing using SHA256 algorithm + with legacy crypto library in SPL. + +config SPL_SHA512_LEGACY + bool "Enable SHA512 support with legacy crypto library (SPL)" + depends on SPL_LEGACY_HASHING && SPL_SHA512 + help + This option enables support of hashing using SHA512 algorithm + with legacy crypto library in SPL. + +config SPL_SHA384_LEGACY + bool "Enable SHA384 support with legacy crypto library (SPL)" + depends on SPL_LEGACY_HASHING && SPL_SHA384 + select SPL_SHA512_LEGACY + help + This option enables support of hashing using SHA384 algorithm + with legacy crypto library in SPL. + +config SPL_MD5_LEGACY + bool "Enable MD5 support with legacy crypto library (SPL)" + depends on SPL_LEGACY_HASHING && SPL_MD5 + help + This option enables support of hashing using MD5 algorithm + with legacy crypto library in SPL. + +endif # SPL_LEGACY_HASHING + +config SPL_LEGACY_CRYPTO + bool "legacy certificate libraries (SPL)" + depends on SPL_LEGACY_HASHING_AND_CRYPTO + select SPL_ASN1_DECODER_LEGACY if SPL_ASN1_DECODER + select SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY if \ + SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if SPL_RSA_PUBLIC_KEY_PARSER + help + Enable legacy certificate libraries in SPL. + +if SPL_LEGACY_CRYPTO + +config SPL_ASN1_DECODER_LEGACY + bool "ASN1 decoder with legacy certificate library (SPL)" + depends on SPL_LEGACY_CRYPTO && SPL_ASN1_DECODER + help + This option chooses legacy certificate library for ASN1 decoder in + SPL. + +config SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY + bool "Asymmetric public key crypto with legacy certificate library (SPL)" + depends on SPL_LEGACY_CRYPTO && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + help + This option chooses legacy certificate library for asymmetric public + key crypto algorithm in SPL. + +config SPL_RSA_PUBLIC_KEY_PARSER_LEGACY + bool "RSA public key parser with legacy certificate library (SPL)" + depends on SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY + select SPL_ASN1_DECODER_LEGACY + help + This option chooses legacy certificate library for RSA public key + parser in SPL. + +endif # SPL_LEGACY_CRYPTO + +endif # SPL_LEGACY_HASHING_AND_CRYPTO || SPL_MBEDTLS_LIB_HASHING_ALT + +if SPL_MBEDTLS_LIB + +config SPL_MBEDTLS_LIB_HASHING_ALT + bool "Replace MbedTLS native hashing with U-Boot legacy libraries (SPL)" + depends on SPL_MBEDTLS_LIB && !SPL_MBEDTLS_LIB_CRYPTO + select SPL_LEGACY_HASHING + default y if SPL_MBEDTLS_LIB && !SPL_MBEDTLS_LIB_CRYPTO + help + Enable MbedTLS hashing alternatives and replace them with legacy hashing + libraries in SPL. + This allows user to use U-Boot legacy hashing algorithms together with + other MbedTLS modules. + Mutually incompatible with SPL_MBEDTLS_LIB_CRYPTO. + +config SPL_MBEDTLS_LIB_CRYPTO + bool "Use MbedTLS native crypto libraries for hashing (SPL)" + default y if SPL_MBEDTLS_LIB + select SPL_MD5_MBEDTLS if SPL_MD5 + select SPL_SHA1_MBEDTLS if SPL_SHA1 + select SPL_SHA256_MBEDTLS if SPL_SHA256 + select SPL_SHA512_MBEDTLS if SPL_SHA512 + select SPL_SHA384_MBEDTLS if SPL_SHA384 + help + Enable MbedTLS native crypto libraries in SPL. + +if SPL_MBEDTLS_LIB_CRYPTO + +config SPL_SHA1_MBEDTLS + bool "Enable SHA1 support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA1 + help + This option enables support of hashing using SHA1 algorithm + with MbedTLS crypto library in SPL. + +config SPL_SHA256_MBEDTLS + bool "Enable SHA256 support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA256 + help + This option enables support of hashing using SHA256 algorithm + with MbedTLS crypto library in SPL. + +config SPL_SHA512_MBEDTLS + bool "Enable SHA512 support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA512 + help + This option enables support of hashing using SHA512 algorithm + with MbedTLS crypto library in SPL. + +config SPL_SHA384_MBEDTLS + bool "Enable SHA384 support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA384 + select SPL_SHA512 + help + This option enables support of hashing using SHA384 algorithm + with MbedTLS crypto library in SPL. + +config SPL_MD5_MBEDTLS + bool "Enable MD5 support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_MD5 + help + This option enables support of hashing using MD5 algorithm + with MbedTLS crypto library in SPL. + +config SPL_HKDF_MBEDTLS + bool "Enable HKDF support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO + help + This option enables support of key derivation using HKDF algorithm + with MbedTLS crypto library in SPL. + +endif # SPL_MBEDTLS_LIB_CRYPTO + +config SPL_MBEDTLS_LIB_X509 + bool "MbedTLS certificate libraries (SPL)" + select SPL_ASN1_DECODER_MBEDTLS if SPL_ASN1_DECODER + select SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS if \ + SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS if SPL_RSA_PUBLIC_KEY_PARSER + help + Enable MbedTLS certificate libraries in SPL. + +if SPL_MBEDTLS_LIB_X509 + config SPL_ASN1_DECODER_MBEDTLS - bool "ASN1 decoder with MbedTLS certificate library in SPL" - depends on MBEDTLS_LIB_X509 && SPL_ASN1_DECODER + bool "ASN1 decoder with MbedTLS certificate library (SPL)" + depends on SPL_MBEDTLS_LIB_X509 && SPL_ASN1_DECODER help This option chooses MbedTLS certificate library for ASN1 decoder in SPL. config SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS - bool "Asymmetric public key crypto with MbedTLS certificate library in SPL" - depends on MBEDTLS_LIB_X509 && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + bool "Asymmetric public key crypto with MbedTLS certificate library (SPL)" + depends on SPL_MBEDTLS_LIB_X509 && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE help This option chooses MbedTLS certificate library for asymmetric public key crypto algorithm in SPL. config SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS - bool "RSA public key parser with MbedTLS certificate library in SPL" + bool "RSA public key parser with MbedTLS certificate library (SPL)" depends on SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS select SPL_ASN1_DECODER_MBEDTLS help This option chooses MbedTLS certificate library for RSA public key parser in SPL. +endif # SPL_MBEDTLS_LIB_X509 + +config SPL_MBEDTLS_LIB_TLS + bool "MbedTLS TLS library (SPL)" + depends on SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS + depends on SPL_X509_CERTIFICATE_PARSER_MBEDTLS + depends on SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS + depends on SPL_ASN1_DECODER_MBEDTLS + depends on SPL_MBEDTLS_LIB + help + Enable MbedTLS TLS library in SPL. Required for HTTPs support + in wget + +endif # SPL_MBEDTLS_LIB + endif # SPL -endif # MBEDTLS_LIB_X509 +# For TPL -config MBEDTLS_LIB_TLS - bool "MbedTLS TLS library" - depends on RSA_PUBLIC_KEY_PARSER_MBEDTLS - depends on X509_CERTIFICATE_PARSER_MBEDTLS - depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS - depends on ASN1_DECODER_MBEDTLS - depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS - depends on MBEDTLS_LIB +if TPL + +choice + prompt "Crypto libraries (TPL)" + default TPL_LEGACY_HASHING_AND_CRYPTO help - Enable MbedTLS TLS library. Required for HTTPs support - in wget + Select crypto libraries in TPL. + TPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries, + TPL_MBEDTLS_LIB for MbedTLS libraries. -endif # MBEDTLS_LIB +config TPL_LEGACY_HASHING_AND_CRYPTO + bool "legacy crypto libraries" + select TPL_LEGACY_HASHING + select TPL_LEGACY_CRYPTO + +config TPL_MBEDTLS_LIB + bool "MbedTLS libraries" + +endchoice + +if TPL_LEGACY_HASHING_AND_CRYPTO || TPL_MBEDTLS_LIB_HASHING_ALT + +config TPL_LEGACY_HASHING + bool "Use U-Boot legacy hashing libraries (TPL)" + select TPL_MD5_LEGACY if TPL_MD5 + select TPL_SHA1_LEGACY if TPL_SHA1 + select TPL_SHA256_LEGACY if TPL_SHA256 + select TPL_SHA512_LEGACY if TPL_SHA512 + select TPL_SHA384_LEGACY if TPL_SHA384 + help + Enable U-Boot legacy hashing libraries in TPL. + +if TPL_LEGACY_HASHING + +config TPL_SHA1_LEGACY + bool "Enable SHA1 support with legacy crypto library (TPL)" + depends on TPL_LEGACY_HASHING && TPL_SHA1 + help + This option enables support of hashing using SHA1 algorithm + with legacy crypto library in TPL. + +config TPL_SHA256_LEGACY + bool "Enable SHA256 support with legacy crypto library (TPL)" + depends on TPL_LEGACY_HASHING && TPL_SHA256 + help + This option enables support of hashing using SHA256 algorithm + with legacy crypto library in TPL. + +config TPL_SHA512_LEGACY + bool "Enable SHA512 support with legacy crypto library (TPL)" + depends on TPL_LEGACY_HASHING && TPL_SHA512 + help + This option enables support of hashing using SHA512 algorithm + with legacy crypto library in TPL. + +config TPL_SHA384_LEGACY + bool "Enable SHA384 support with legacy crypto library (TPL)" + depends on TPL_LEGACY_HASHING && TPL_SHA384 + select TPL_SHA512_LEGACY + help + This option enables support of hashing using SHA384 algorithm + with legacy crypto library in TPL. + +config TPL_MD5_LEGACY + bool "Enable MD5 support with legacy crypto library (TPL)" + depends on TPL_LEGACY_HASHING && TPL_MD5 + help + This option enables support of hashing using MD5 algorithm + with legacy crypto library in TPL. + +endif # TPL_LEGACY_HASHING + +endif # TPL_LEGACY_HASHING_AND_CRYPTO || TPL_MBEDTLS_LIB_HASHING_ALT + +if TPL_MBEDTLS_LIB + +config TPL_MBEDTLS_LIB_HASHING_ALT + bool "Replace MbedTLS native hashing with U-Boot legacy libraries (TPL)" + depends on TPL_MBEDTLS_LIB && !TPL_MBEDTLS_LIB_CRYPTO + select TPL_LEGACY_HASHING + default y if TPL_MBEDTLS_LIB && !TPL_MBEDTLS_LIB_CRYPTO + help + Enable MbedTLS hashing alternatives and replace them with legacy hashing + libraries in TPL. + This allows user to use U-Boot legacy hashing algorithms together with + other MbedTLS modules. + Mutually incompatible with TPL_MBEDTLS_LIB_CRYPTO. + +config TPL_MBEDTLS_LIB_CRYPTO + bool "Use MbedTLS native crypto libraries for hashing (TPL)" + default y if TPL_MBEDTLS_LIB + select TPL_MD5_MBEDTLS if TPL_MD5 + select TPL_SHA1_MBEDTLS if TPL_SHA1 + select TPL_SHA256_MBEDTLS if TPL_SHA256 + select TPL_SHA512_MBEDTLS if TPL_SHA512 + select TPL_SHA384_MBEDTLS if TPL_SHA384 + help + Enable MbedTLS native crypto libraries in TPL. + +if TPL_MBEDTLS_LIB_CRYPTO + +config TPL_SHA1_MBEDTLS + bool "Enable SHA1 support with MbedTLS crypto library (TPL)" + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA1 + help + This option enables support of hashing using SHA1 algorithm + with MbedTLS crypto library in TPL. + +config TPL_SHA256_MBEDTLS + bool "Enable SHA256 support with MbedTLS crypto library (TPL)" + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA256 + help + This option enables support of hashing using SHA256 algorithm + with MbedTLS crypto library in TPL. + +config TPL_SHA512_MBEDTLS + bool "Enable SHA512 support with MbedTLS crypto library (TPL)" + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA512 + help + This option enables support of hashing using SHA512 algorithm + with MbedTLS crypto library in TPL. + +config TPL_SHA384_MBEDTLS + bool "Enable SHA384 support with MbedTLS crypto library (TPL)" + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA384 + select TPL_SHA512 + help + This option enables support of hashing using SHA384 algorithm + with MbedTLS crypto library in TPL. + +config TPL_MD5_MBEDTLS + bool "Enable MD5 support with MbedTLS crypto library (TPL)" + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_MD5 + help + This option enables support of hashing using MD5 algorithm + with MbedTLS crypto library in TPL. + +config TPL_HKDF_MBEDTLS + bool "Enable HKDF support with MbedTLS crypto library (TPL)" + depends on TPL_MBEDTLS_LIB_CRYPTO + help + This option enables support of key derivation using HKDF algorithm + with MbedTLS crypto library in TPL. + +endif # TPL_MBEDTLS_LIB_CRYPTO + +endif # TPL_MBEDTLS_LIB + +endif # TPL + +# For VPL + +if VPL + +choice + prompt "Crypto libraries (VPL)" + default VPL_LEGACY_HASHING_AND_CRYPTO + help + Select crypto libraries in VPL. + VPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries, + VPL_MBEDTLS_LIB for MbedTLS libraries. + +config VPL_LEGACY_HASHING_AND_CRYPTO + bool "legacy crypto libraries" + select VPL_LEGACY_HASHING + +config VPL_MBEDTLS_LIB + bool "MbedTLS libraries" + +endchoice + +if VPL_LEGACY_HASHING_AND_CRYPTO || VPL_MBEDTLS_LIB_HASHING_ALT + +config VPL_LEGACY_HASHING + bool "Use U-Boot legacy hashing libraries (VPL)" + select VPL_MD5_LEGACY if VPL_MD5 + select VPL_SHA1_LEGACY if VPL_SHA1 + select VPL_SHA256_LEGACY if VPL_SHA256 + select VPL_SHA512_LEGACY if VPL_SHA512 + select VPL_SHA384_LEGACY if VPL_SHA384 + help + Enable U-Boot legacy hashing libraries in VPL. + +if VPL_LEGACY_HASHING + +config VPL_SHA1_LEGACY + bool "Enable SHA1 support with legacy crypto library (VPL)" + depends on VPL_LEGACY_HASHING && VPL_SHA1 + help + This option enables support of hashing using SHA1 algorithm + with legacy crypto library in VPL. + +config VPL_SHA256_LEGACY + bool "Enable SHA256 support with legacy crypto library (VPL)" + depends on VPL_LEGACY_HASHING && VPL_SHA256 + help + This option enables support of hashing using SHA256 algorithm + with legacy crypto library in VPL. + +config VPL_SHA512_LEGACY + bool "Enable SHA512 support with legacy crypto library (VPL)" + depends on VPL_LEGACY_HASHING && VPL_SHA512 + help + This option enables support of hashing using SHA512 algorithm + with legacy crypto library in VPL. + +config VPL_SHA384_LEGACY + bool "Enable SHA384 support with legacy crypto library (VPL)" + depends on VPL_LEGACY_HASHING && VPL_SHA384 + select VPL_SHA512_LEGACY + help + This option enables support of hashing using SHA384 algorithm + with legacy crypto library in VPL. + +config VPL_MD5_LEGACY + bool "Enable MD5 support with legacy crypto library (VPL)" + depends on VPL_LEGACY_HASHING && VPL_MD5 + help + This option enables support of hashing using MD5 algorithm + with legacy crypto library in VPL. + +endif # VPL_LEGACY_HASHING + +endif # VPL_LEGACY_HASHING_AND_CRYPTO || VPL_MBEDTLS_LIB_HASHING_ALT + +if VPL_MBEDTLS_LIB + +config VPL_MBEDTLS_LIB_HASHING_ALT + bool "Replace MbedTLS native hashing with U-Boot legacy libraries (VPL)" + depends on VPL_MBEDTLS_LIB && !VPL_MBEDTLS_LIB_CRYPTO + select VPL_LEGACY_HASHING + default y if VPL_MBEDTLS_LIB && !VPL_MBEDTLS_LIB_CRYPTO + help + Enable MbedTLS hashing alternatives and replace them with legacy hashing + libraries in VPL. + This allows user to use U-Boot legacy hashing algorithms together with + other MbedTLS modules. + Mutually incompatible with VPL_MBEDTLS_LIB_CRYPTO. + +config VPL_MBEDTLS_LIB_CRYPTO + bool "Use MbedTLS native crypto libraries for hashing (VPL)" + default y if VPL_MBEDTLS_LIB + select VPL_MD5_MBEDTLS if VPL_MD5 + select VPL_SHA1_MBEDTLS if VPL_SHA1 + select VPL_SHA256_MBEDTLS if VPL_SHA256 + select VPL_SHA512_MBEDTLS if VPL_SHA512 + select VPL_SHA384_MBEDTLS if VPL_SHA384 + help + Enable MbedTLS native crypto libraries in VPL. + +if VPL_MBEDTLS_LIB_CRYPTO + +config VPL_SHA1_MBEDTLS + bool "Enable SHA1 support with MbedTLS crypto library (VPL)" + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA1 + help + This option enables support of hashing using SHA1 algorithm + with MbedTLS crypto library in VPL. + +config VPL_SHA256_MBEDTLS + bool "Enable SHA256 support with MbedTLS crypto library (VPL)" + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA256 + help + This option enables support of hashing using SHA256 algorithm + with MbedTLS crypto library in VPL. + +config VPL_SHA512_MBEDTLS + bool "Enable SHA512 support with MbedTLS crypto library (VPL)" + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA512 + help + This option enables support of hashing using SHA512 algorithm + with MbedTLS crypto library in VPL. + +config VPL_SHA384_MBEDTLS + bool "Enable SHA384 support with MbedTLS crypto library (VPL)" + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA384 + select VPL_SHA512 + help + This option enables support of hashing using SHA384 algorithm + with MbedTLS crypto library in VPL. + +config VPL_MD5_MBEDTLS + bool "Enable MD5 support with MbedTLS crypto library (VPL)" + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_MD5 + help + This option enables support of hashing using MD5 algorithm + with MbedTLS crypto library in VPL. + +config VPL_HKDF_MBEDTLS + bool "Enable HKDF support with MbedTLS crypto library (VPL)" + depends on VPL_MBEDTLS_LIB_CRYPTO + help + This option enables support of key derivation using HKDF algorithm + with MbedTLS crypto library in VPL. + +endif # VPL_MBEDTLS_LIB_CRYPTO + +endif # VPL_MBEDTLS_LIB + +endif # VPL diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index e66c2018d97..4bbe7ceec45 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -6,60 +6,60 @@ MBEDTLS_LIB_DIR = external/mbedtls/library # shim layer for hash -obj-$(CONFIG_$(SPL_)MD5_MBEDTLS) += md5.o -obj-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += sha1.o -obj-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += sha256.o -obj-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += sha512.o +obj-$(CONFIG_$(XPL_)MD5_MBEDTLS) += md5.o +obj-$(CONFIG_$(XPL_)SHA1_MBEDTLS) += sha1.o +obj-$(CONFIG_$(XPL_)SHA256_MBEDTLS) += sha256.o +obj-$(CONFIG_$(XPL_)SHA512_MBEDTLS) += sha512.o # x509 libraries -obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \ +obj-$(CONFIG_$(XPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \ public_key.o -obj-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ +obj-$(CONFIG_$(XPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ x509_cert_parser.o -obj-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += pkcs7_parser.o -obj-$(CONFIG_$(SPL_)MSCODE_PARSER_MBEDTLS) += mscode_parser.o -obj-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += rsa_helper.o +obj-$(CONFIG_$(XPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += pkcs7_parser.o +obj-$(CONFIG_$(XPL_)MSCODE_PARSER_MBEDTLS) += mscode_parser.o +obj-$(CONFIG_$(XPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += rsa_helper.o # MbedTLS crypto library -obj-$(CONFIG_MBEDTLS_LIB) += mbedtls_lib_crypto.o +obj-$(CONFIG_$(XPL_)MBEDTLS_LIB) += mbedtls_lib_crypto.o mbedtls_lib_crypto-y := \ $(MBEDTLS_LIB_DIR)/platform_util.o \ $(MBEDTLS_LIB_DIR)/constant_time.o \ $(MBEDTLS_LIB_DIR)/md.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)MD5_MBEDTLS) += $(MBEDTLS_LIB_DIR)/md5.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += $(MBEDTLS_LIB_DIR)/sha1.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += \ +mbedtls_lib_crypto-$(CONFIG_$(XPL_)MD5_MBEDTLS) += $(MBEDTLS_LIB_DIR)/md5.o +mbedtls_lib_crypto-$(CONFIG_$(XPL_)SHA1_MBEDTLS) += $(MBEDTLS_LIB_DIR)/sha1.o +mbedtls_lib_crypto-$(CONFIG_$(XPL_)SHA256_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/sha256.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += \ +mbedtls_lib_crypto-$(CONFIG_$(XPL_)SHA512_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/sha512.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)HKDF_MBEDTLS) += \ +mbedtls_lib_crypto-$(CONFIG_$(XPL_)HKDF_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/hkdf.o # MbedTLS X509 library -obj-$(CONFIG_MBEDTLS_LIB_X509) += mbedtls_lib_x509.o +obj-$(CONFIG_$(XPL_)MBEDTLS_LIB_X509) += mbedtls_lib_x509.o mbedtls_lib_x509-y := $(MBEDTLS_LIB_DIR)/x509.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)ASN1_DECODER_MBEDTLS) += \ +mbedtls_lib_x509-$(CONFIG_$(XPL_)ASN1_DECODER_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/asn1parse.o \ $(MBEDTLS_LIB_DIR)/asn1write.o \ $(MBEDTLS_LIB_DIR)/oid.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += \ +mbedtls_lib_x509-$(CONFIG_$(XPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/bignum.o \ $(MBEDTLS_LIB_DIR)/bignum_core.o \ $(MBEDTLS_LIB_DIR)/rsa.o \ $(MBEDTLS_LIB_DIR)/rsa_alt_helpers.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \ +mbedtls_lib_x509-$(CONFIG_$(XPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/pk.o \ $(MBEDTLS_LIB_DIR)/pk_wrap.o \ $(MBEDTLS_LIB_DIR)/pkparse.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ +mbedtls_lib_x509-$(CONFIG_$(XPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/x509_crl.o \ $(MBEDTLS_LIB_DIR)/x509_crt.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += \ +mbedtls_lib_x509-$(CONFIG_$(XPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/pkcs7.o #mbedTLS TLS support -obj-$(CONFIG_MBEDTLS_LIB_TLS) += mbedtls_lib_tls.o +obj-$(CONFIG_$(XPL_)MBEDTLS_LIB_TLS) += mbedtls_lib_tls.o mbedtls_lib_tls-y := \ $(MBEDTLS_LIB_DIR)/mps_reader.o \ $(MBEDTLS_LIB_DIR)/mps_trace.o \ diff --git a/lib/mbedtls/mbedtls_def_config.h b/lib/mbedtls/mbedtls_def_config.h index fd440c392f9..dda3f4dd6e4 100644 --- a/lib/mbedtls/mbedtls_def_config.h +++ b/lib/mbedtls/mbedtls_def_config.h @@ -11,12 +11,12 @@ * Author: Raymond Mao <raymond.mao@linaro.org> */ -#if defined CONFIG_MBEDTLS_LIB +#if CONFIG_IS_ENABLED(MBEDTLS_LIB) #if CONFIG_IS_ENABLED(MD5) #define MBEDTLS_MD_C #define MBEDTLS_MD5_C -#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT) #define MBEDTLS_MD5_ALT #endif #endif @@ -24,7 +24,7 @@ #if CONFIG_IS_ENABLED(SHA1) #define MBEDTLS_MD_C #define MBEDTLS_SHA1_C -#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT) #define MBEDTLS_SHA1_ALT #endif #endif @@ -32,7 +32,7 @@ #if CONFIG_IS_ENABLED(SHA256) #define MBEDTLS_MD_C #define MBEDTLS_SHA256_C -#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT) #define MBEDTLS_SHA256_ALT #endif #if CONFIG_IS_ENABLED(SHA256_SMALLER) @@ -48,7 +48,7 @@ #if CONFIG_IS_ENABLED(SHA512) #define MBEDTLS_MD_C #define MBEDTLS_SHA512_C -#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT) #define MBEDTLS_SHA512_ALT #endif #if CONFIG_IS_ENABLED(SHA512_SMALLER) @@ -60,7 +60,7 @@ #define MBEDTLS_HKDF_C #endif -#if defined CONFIG_MBEDTLS_LIB_X509 +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) #if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) #define MBEDTLS_X509_USE_C @@ -89,9 +89,9 @@ #define MBEDTLS_ASN1_WRITE_C #endif -#endif /* #if defined CONFIG_MBEDTLS_LIB_X509 */ +#endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) */ -#if IS_ENABLED(CONFIG_MBEDTLS_LIB_TLS) +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_TLS) #include "rtc.h" /* Generic options */ @@ -106,25 +106,36 @@ #define MBEDTLS_ENTROPY_C #define MBEDTLS_NO_PLATFORM_ENTROPY #define MBEDTLS_SSL_PROTO_TLS1_2 +#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) #define MBEDTLS_SSL_SERVER_NAME_INDICATION +#endif #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED /* RSA */ +#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) && \ + CONFIG_IS_ENABLED(RSA_PUBLIC_KEY_PARSER) #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED +#endif #define MBEDTLS_GCM_C /* ECDSA */ +#if CONFIG_IS_ENABLED(ASN1_DECODER) #define MBEDTLS_ECDSA_C +#define MBEDTLS_ECP_C #define MBEDTLS_ECDH_C +#endif #define MBEDTLS_ECDSA_DETERMINISTIC #define MBEDTLS_HMAC_DRBG_C -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + #define MBEDTLS_CAN_ECDH #define MBEDTLS_PK_CAN_ECDSA_SIGN -#define MBEDTLS_ECP_C +#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) +#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +#endif + #define MBEDTLS_ECP_DP_SECP256K1_ENABLED #define MBEDTLS_ECP_DP_SECP192R1_ENABLED #define MBEDTLS_ECP_DP_SECP224R1_ENABLED @@ -138,6 +149,6 @@ #define MBEDTLS_ECP_DP_BP384R1_ENABLED #define MBEDTLS_ECP_DP_BP512R1_ENABLED -#endif /* #if defined CONFIG_MBEDTLS_LIB_TLS */ +#endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB_TLS) */ -#endif /* #if defined CONFIG_MBEDTLS_LIB */ +#endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB) */ |