Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
adam.huang
Arm Trusted Firmware
Commits
a84deb9c
Commit
a84deb9c
authored
Dec 10, 2015
by
danh-arm
Browse files
Merge pull request #465 from jcastillo-arm/jc/tbb_mbedtls_2_x
Move up to mbed TLS 2.x
parents
9692ee13
649dbf6f
Changes
8
Show whitespace changes
Inline
Side-by-side
docs/auth-framework.md
View file @
a84deb9c
...
...
@@ -381,7 +381,7 @@ platform.
PKI certificates (authentication images). It is expected that open source
libraries will be available which can be used to parse an image represented
by this method. Such libraries can be used to write the corresponding IPL
e.g. the X.509 parsing library code in
PolarSSL
.
e.g. the X.509 parsing library code in
mbed TLS
.
3.
Platform defined method: This method caters for platform specific
proprietary standards to represent authentication or data images. For
...
...
@@ -867,7 +867,7 @@ extract the authentication parameters. The number and type of parser libraries
depend on the images used in the CoT. Raw images do not need a library, so
only an x509v3 library is required for the TBBR CoT.
ARM platforms will use an x509v3 library based on mbedTLS. This library may be
ARM platforms will use an x509v3 library based on mbed
TLS. This library may be
found in
`drivers/auth/mbedtls/mbedtls_x509_parser.c`
. It exports three
functions:
...
...
@@ -885,15 +885,17 @@ an image of type `IMG_CERT`, it will call the corresponding function exported
in this file.
The build system must be updated to include the corresponding library and
mbedTLS sources. ARM platforms use the
`arm_common.mk`
file to pull the sources.
mbed TLS sources. ARM platforms use the
`arm_common.mk`
file to pull the
sources.
### 4.3 The cryptographic library
The cryptographic module relies on a library to perform the required operations,
i.e. verify a hash or a digital signature. ARM platforms will use a library
based on mbedTLS, which can be found in
`drivers/auth/mbedtls/mbedtls_crypto.c`
.
This library is registered in the authentication framework using the macro
`REGISTER_CRYPTO_LIB()`
and exports three functions:
based on mbed TLS, which can be found in
`drivers/auth/mbedtls/mbedtls_crypto.c`
. This library is registered in the
authentication framework using the macro
`REGISTER_CRYPTO_LIB()`
and exports
three functions:
```
void init(void);
...
...
docs/user-guide.md
View file @
a84deb9c
...
...
@@ -607,22 +607,24 @@ following steps should be followed to build a FIP image with support for this
feature.
1.
Fulfill the dependencies of the
`mbedtls`
cryptographic and image parser
modules by checking out the tag
`mbedtls-1.3.11`
from the
[mbedTLS Repository].
modules by checking out a recent version of the [mbed TLS Repository]. It
is important to use a version that is compatible with TF and fixes any
known security vulnerabilities. See [mbed TLS Security Center] for more
information. This version of TF is tested with tag
`mbedtls-2.2.0`
.
The `drivers/auth/mbedtls/mbedtls_*.mk` files contain the list of mbedTLS
The `drivers/auth/mbedtls/mbedtls_*.mk` files contain the list of mbed
TLS
source files the modules depend upon.
`include/drivers/auth/mbedtls/mbedtls_config.h` contains the configuration
options required to build the mbedTLS sources.
options required to build the mbed
TLS sources.
Note that the mbedTLS library is licensed under the
GNU GPL
version 2
or later
license. Using mbedTLS source code will affect the licensing of
Note that the mbed
TLS library is licensed under the
Apache
version 2
.0
license. Using mbed
TLS source code will affect the licensing of
Trusted Firmware binaries that are built using this library.
2.
Ensure that the following command line variables are set while invoking
`make`
to build Trusted Firmware:
* `MBEDTLS_DIR=<path of the directory containing mbedTLS sources>`
* `MBEDTLS_DIR=<path of the directory containing mbed
TLS sources>`
* `TRUSTED_BOARD_BOOT=1`
* `GENERATE_COT=1`
...
...
@@ -647,7 +649,7 @@ feature.
CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-linux-gnu- \
BL33=<path-to>/<bl33_image> \
MBEDTLS_DIR=<path of the directory containing mbedTLS sources>
\
MBEDTLS_DIR=<path of the directory containing mbed
TLS sources> \
make PLAT=<platform> TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 \
ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \
...
...
@@ -1265,6 +1267,7 @@ _Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved._
[
Juno Instructions
]:
https://community.arm.com/docs/DOC-10804
[
Juno Getting Started Guide
]:
http://infocenter.arm.com/help/topic/com.arm.doc.dui0928e/DUI0928E_juno_arm_development_platform_gsg.pdf
[
DS-5
]:
http://www.arm.com/products/tools/software-tools/ds-5/index.php
[
mbedTLS Repository
]:
https://github.com/ARMmbed/mbedtls.git
[
mbed TLS Repository
]:
https://github.com/ARMmbed/mbedtls.git
[
mbed TLS Security Center
]:
https://tls.mbed.org/security
[
PSCI
]:
http://infocenter.arm.com/help/topic/com.arm.doc.den0022c/DEN0022C_Power_State_Coordination_Interface.pdf
"Power State Coordination Interface PDD (ARM DEN 0022C)"
[
Trusted Board Boot
]:
trusted-board-boot.md
drivers/auth/mbedtls/mbedtls_common.c
View file @
a84deb9c
...
...
@@ -30,11 +30,11 @@
#include <assert.h>
/* mbedTLS headers */
#include <
polarssl
/memory_buffer_alloc.h>
/* mbed
TLS headers */
#include <
mbedtls
/memory_buffer_alloc.h>
/*
* mbedTLS heap
* mbed
TLS heap
*/
#if (MBEDTLS_KEY_ALG_ID == MBEDTLS_ECDSA)
#define MBEDTLS_HEAP_SIZE (14*1024)
...
...
@@ -44,22 +44,15 @@
static
unsigned
char
heap
[
MBEDTLS_HEAP_SIZE
];
/*
* mbedTLS initialization function
*
* Return: 0 = success, Otherwise = error
* mbed TLS initialization function
*/
void
mbedtls_init
(
void
)
{
static
int
ready
;
int
rc
;
if
(
!
ready
)
{
/* Initialize the mbedTLS heap */
rc
=
memory_buffer_alloc_init
(
heap
,
MBEDTLS_HEAP_SIZE
);
if
(
rc
==
0
)
{
/* Initialize the mbed TLS heap */
mbedtls_memory_buffer_alloc_init
(
heap
,
MBEDTLS_HEAP_SIZE
);
ready
=
1
;
}
else
{
assert
(
0
);
}
}
}
drivers/auth/mbedtls/mbedtls_common.mk
View file @
a84deb9c
...
...
@@ -31,7 +31,7 @@
ifneq
(${MBEDTLS_COMMON_MK},1)
MBEDTLS_COMMON_MK
:=
1
# MBEDTLS_DIR must be set to the mbedTLS main directory (it must contain
# MBEDTLS_DIR must be set to the mbed
TLS main directory (it must contain
# the 'include' and 'library' subdirectories).
ifeq
(${MBEDTLS_DIR},)
$(error Error
:
MBEDTLS_DIR not set)
...
...
@@ -40,9 +40,9 @@ endif
INCLUDES
+=
-I
${MBEDTLS_DIR}
/include
\
-Iinclude
/drivers/auth/mbedtls
# Specify mbedTLS configuration file
POLARSSL
_CONFIG_FILE
:=
"<mbedtls_config.h>"
$(eval
$(call
add_define,
POLARSSL
_CONFIG_FILE))
# Specify mbed
TLS configuration file
MBEDTLS
_CONFIG_FILE
:=
"<mbedtls_config.h>"
$(eval
$(call
add_define,
MBEDTLS
_CONFIG_FILE))
MBEDTLS_COMMON_SOURCES
:=
drivers/auth/mbedtls/mbedtls_common.c
\
$(
addprefix
${MBEDTLS_DIR}
/library/,
\
...
...
drivers/auth/mbedtls/mbedtls_crypto.c
View file @
a84deb9c
...
...
@@ -35,13 +35,13 @@
#include <stddef.h>
#include <string.h>
/* mbedTLS headers */
#include <
polarssl/md_wrap
.h>
#include <
polarssl
/memory_buffer_alloc.h>
#include <
polarssl
/oid.h>
#include <
polarssl
/platform.h>
/* mbed
TLS headers */
#include <
mbedtls/md
.h>
#include <
mbedtls
/memory_buffer_alloc.h>
#include <
mbedtls
/oid.h>
#include <
mbedtls
/platform.h>
#define LIB_NAME "mbedTLS"
#define LIB_NAME "mbed
TLS"
/*
* AlgorithmIdentifier ::= SEQUENCE {
...
...
@@ -65,7 +65,7 @@
*/
static
void
init
(
void
)
{
/* Initialize mbedTLS */
/* Initialize mbed
TLS */
mbedtls_init
();
}
...
...
@@ -80,36 +80,36 @@ static int verify_signature(void *data_ptr, unsigned int data_len,
void
*
sig_alg
,
unsigned
int
sig_alg_len
,
void
*
pk_ptr
,
unsigned
int
pk_len
)
{
asn1_buf
sig_oid
,
sig_params
;
asn1_buf
signature
;
md_type_t
md_alg
;
pk_type_t
pk_alg
;
pk_context
pk
;
mbedtls_
asn1_buf
sig_oid
,
sig_params
;
mbedtls_
asn1_buf
signature
;
mbedtls_
md_type_t
md_alg
;
mbedtls_
pk_type_t
pk_alg
;
mbedtls_
pk_context
pk
;
int
rc
;
void
*
sig_opts
=
NULL
;
const
md_info_t
*
md_info
;
const
mbedtls_
md_info_t
*
md_info
;
unsigned
char
*
p
,
*
end
;
unsigned
char
hash
[
POLARSSL
_MD_MAX_SIZE
];
unsigned
char
hash
[
MBEDTLS
_MD_MAX_SIZE
];
/* Get pointers to signature OID and parameters */
p
=
(
unsigned
char
*
)
sig_alg
;
end
=
(
unsigned
char
*
)(
p
+
sig_alg_len
);
rc
=
asn1_get_alg
(
&
p
,
end
,
&
sig_oid
,
&
sig_params
);
rc
=
mbedtls_
asn1_get_alg
(
&
p
,
end
,
&
sig_oid
,
&
sig_params
);
if
(
rc
!=
0
)
{
return
CRYPTO_ERR_SIGNATURE
;
}
/* Get the actual signature algorithm (MD + PK) */
rc
=
oid_get_sig_alg
(
&
sig_oid
,
&
md_alg
,
&
pk_alg
);
rc
=
mbedtls_
oid_get_sig_alg
(
&
sig_oid
,
&
md_alg
,
&
pk_alg
);
if
(
rc
!=
0
)
{
return
CRYPTO_ERR_SIGNATURE
;
}
/* Parse the public key */
pk_init
(
&
pk
);
mbedtls_
pk_init
(
&
pk
);
p
=
(
unsigned
char
*
)
pk_ptr
;
end
=
(
unsigned
char
*
)(
p
+
pk_len
);
rc
=
pk_parse_subpubkey
(
&
p
,
end
,
&
pk
);
rc
=
mbedtls_
pk_parse_subpubkey
(
&
p
,
end
,
&
pk
);
if
(
rc
!=
0
)
{
return
CRYPTO_ERR_SIGNATURE
;
}
...
...
@@ -118,7 +118,7 @@ static int verify_signature(void *data_ptr, unsigned int data_len,
p
=
(
unsigned
char
*
)
sig_ptr
;
end
=
(
unsigned
char
*
)(
p
+
sig_len
);
signature
.
tag
=
*
p
;
rc
=
asn1_get_bitstring_null
(
&
p
,
end
,
&
signature
.
len
);
rc
=
mbedtls_
asn1_get_bitstring_null
(
&
p
,
end
,
&
signature
.
len
);
if
(
rc
!=
0
)
{
rc
=
CRYPTO_ERR_SIGNATURE
;
goto
end
;
...
...
@@ -126,21 +126,22 @@ static int verify_signature(void *data_ptr, unsigned int data_len,
signature
.
p
=
p
;
/* Calculate the hash of the data */
md_info
=
md_info_from_type
(
md_alg
);
md_info
=
mbedtls_
md_info_from_type
(
md_alg
);
if
(
md_info
==
NULL
)
{
rc
=
CRYPTO_ERR_SIGNATURE
;
goto
end
;
}
p
=
(
unsigned
char
*
)
data_ptr
;
rc
=
md
(
md_info
,
p
,
data_len
,
hash
);
rc
=
mbedtls_
md
(
md_info
,
p
,
data_len
,
hash
);
if
(
rc
!=
0
)
{
rc
=
CRYPTO_ERR_SIGNATURE
;
goto
end
;
}
/* Verify the signature */
rc
=
pk_verify_ext
(
pk_alg
,
sig_opts
,
&
pk
,
md_alg
,
hash
,
md_info
->
size
,
signature
.
p
,
signature
.
len
);
rc
=
mbedtls_pk_verify_ext
(
pk_alg
,
sig_opts
,
&
pk
,
md_alg
,
hash
,
mbedtls_md_get_size
(
md_info
),
signature
.
p
,
signature
.
len
);
if
(
rc
!=
0
)
{
rc
=
CRYPTO_ERR_SIGNATURE
;
goto
end
;
...
...
@@ -150,7 +151,7 @@ static int verify_signature(void *data_ptr, unsigned int data_len,
rc
=
CRYPTO_SUCCESS
;
end:
pk_free
(
&
pk
);
mbedtls_
pk_free
(
&
pk
);
return
rc
;
}
...
...
@@ -163,59 +164,60 @@ end:
static
int
verify_hash
(
void
*
data_ptr
,
unsigned
int
data_len
,
void
*
digest_info_ptr
,
unsigned
int
digest_info_len
)
{
asn1_buf
hash_oid
,
params
;
md_type_t
md_alg
;
const
md_info_t
*
md_info
;
mbedtls_
asn1_buf
hash_oid
,
params
;
mbedtls_
md_type_t
md_alg
;
const
mbedtls_
md_info_t
*
md_info
;
unsigned
char
*
p
,
*
end
,
*
hash
;
unsigned
char
data_hash
[
POLARSSL
_MD_MAX_SIZE
];
unsigned
char
data_hash
[
MBEDTLS
_MD_MAX_SIZE
];
size_t
len
;
int
rc
;
/* Digest info should be an ASN1_SEQUENCE */
/* Digest info should be an
MBEDTLS_
ASN1_SEQUENCE */
p
=
(
unsigned
char
*
)
digest_info_ptr
;
end
=
(
unsigned
char
*
)(
digest_info_ptr
+
digest_info_len
);
rc
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_CONSTRUCTED
|
ASN1_SEQUENCE
);
rc
=
mbedtls_asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_ASN1_CONSTRUCTED
|
MBEDTLS_ASN1_SEQUENCE
);
if
(
rc
!=
0
)
{
return
CRYPTO_ERR_HASH
;
}
/* Get the hash algorithm */
rc
=
asn1_get_alg
(
&
p
,
end
,
&
hash_oid
,
&
params
);
rc
=
mbedtls_
asn1_get_alg
(
&
p
,
end
,
&
hash_oid
,
&
params
);
if
(
rc
!=
0
)
{
return
CRYPTO_ERR_HASH
;
}
rc
=
oid_get_md_alg
(
&
hash_oid
,
&
md_alg
);
rc
=
mbedtls_
oid_get_md_alg
(
&
hash_oid
,
&
md_alg
);
if
(
rc
!=
0
)
{
return
CRYPTO_ERR_HASH
;
}
md_info
=
md_info_from_type
(
md_alg
);
md_info
=
mbedtls_
md_info_from_type
(
md_alg
);
if
(
md_info
==
NULL
)
{
return
CRYPTO_ERR_HASH
;
}
/* Hash should be octet string type */
rc
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_OCTET_STRING
);
rc
=
mbedtls_
asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_
ASN1_OCTET_STRING
);
if
(
rc
!=
0
)
{
return
CRYPTO_ERR_HASH
;
}
/* Length of hash must match the algorithm's size */
if
(
len
!=
m
d_info
->
size
)
{
if
(
len
!=
m
bedtls_md_get_size
(
md_info
)
)
{
return
CRYPTO_ERR_HASH
;
}
hash
=
p
;
/* Calculate the hash of the data */
p
=
(
unsigned
char
*
)
data_ptr
;
rc
=
md
(
md_info
,
p
,
data_len
,
data_hash
);
rc
=
mbedtls_
md
(
md_info
,
p
,
data_len
,
data_hash
);
if
(
rc
!=
0
)
{
return
CRYPTO_ERR_HASH
;
}
/* Compare values */
rc
=
memcmp
(
data_hash
,
hash
,
m
d_info
->
size
);
rc
=
memcmp
(
data_hash
,
hash
,
m
bedtls_md_get_size
(
md_info
)
);
if
(
rc
!=
0
)
{
return
CRYPTO_ERR_HASH
;
}
...
...
drivers/auth/mbedtls/mbedtls_crypto.mk
View file @
a84deb9c
...
...
@@ -62,10 +62,10 @@ else ifeq (${MBEDTLS_KEY_ALG},rsa)
)
MBEDTLS_KEY_ALG_ID
:=
MBEDTLS_RSA
else
$(error
"MBEDTLS_KEY_ALG=${MBEDTLS_KEY_ALG} not supported on mbedTLS"
)
$(error
"MBEDTLS_KEY_ALG=${MBEDTLS_KEY_ALG} not supported on mbed
TLS"
)
endif
# mbedTLS libraries rely on this define to build correctly
# mbed
TLS libraries rely on this define to build correctly
$(eval
$(call
add_define,MBEDTLS_KEY_ALG_ID))
BL1_SOURCES
+=
${MBEDTLS_CRYPTO_SOURCES}
...
...
drivers/auth/mbedtls/mbedtls_x509_parser.c
View file @
a84deb9c
...
...
@@ -29,7 +29,7 @@
*/
/*
* X509 parser based on
PolarSSL
* X509 parser based on
mbed TLS
*
* This module implements functions to check the integrity of a X509v3
* certificate ASN.1 structure and extract authentication parameters from the
...
...
@@ -43,25 +43,25 @@
#include <stdint.h>
#include <string.h>
/* mbedTLS headers */
#include <
polarssl
/asn1.h>
#include <
polarssl
/oid.h>
#include <
polarssl
/platform.h>
/* mbed
TLS headers */
#include <
mbedtls
/asn1.h>
#include <
mbedtls
/oid.h>
#include <
mbedtls
/platform.h>
/* Maximum OID string length ("a.b.c.d.e.f ...") */
#define MAX_OID_STR_LEN 64
#define LIB_NAME "mbedTLS X509v3"
#define LIB_NAME "mbed
TLS X509v3"
/* Temporary variables to speed up the authentication parameters search. These
* variables are assigned once during the integrity check and used any time an
* authentication parameter is requested, so we do not have to parse the image
* again */
static
asn1_buf
tbs
;
static
asn1_buf
v3_ext
;
static
asn1_buf
pk
;
static
asn1_buf
sig_alg
;
static
asn1_buf
signature
;
static
mbedtls_
asn1_buf
tbs
;
static
mbedtls_
asn1_buf
v3_ext
;
static
mbedtls_
asn1_buf
pk
;
static
mbedtls_
asn1_buf
sig_alg
;
static
mbedtls_
asn1_buf
signature
;
/*
* Get X509v3 extension
...
...
@@ -78,7 +78,7 @@ static int get_ext(const char *oid, void **ext, unsigned int *ext_len)
unsigned
char
*
p
;
const
unsigned
char
*
end
;
char
oid_str
[
MAX_OID_STR_LEN
];
asn1_buf
extn_oid
;
mbedtls_
asn1_buf
extn_oid
;
int
is_critical
;
assert
(
oid
!=
NULL
);
...
...
@@ -86,32 +86,36 @@ static int get_ext(const char *oid, void **ext, unsigned int *ext_len)
p
=
v3_ext
.
p
;
end
=
v3_ext
.
p
+
v3_ext
.
len
;
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_CONSTRUCTED
|
ASN1_SEQUENCE
);
mbedtls_asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_ASN1_CONSTRUCTED
|
MBEDTLS_ASN1_SEQUENCE
);
while
(
p
<
end
)
{
memset
(
&
extn_oid
,
0x0
,
sizeof
(
extn_oid
));
is_critical
=
0
;
/* DEFAULT FALSE */
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_CONSTRUCTED
|
ASN1_SEQUENCE
);
mbedtls_asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_ASN1_CONSTRUCTED
|
MBEDTLS_ASN1_SEQUENCE
);
end_ext_data
=
p
+
len
;
/* Get extension ID */
extn_oid
.
tag
=
*
p
;
asn1_get_tag
(
&
p
,
end
,
&
extn_oid
.
len
,
ASN1_OID
);
mbedtls_
asn1_get_tag
(
&
p
,
end
,
&
extn_oid
.
len
,
MBEDTLS_
ASN1_OID
);
extn_oid
.
p
=
p
;
p
+=
extn_oid
.
len
;
/* Get optional critical */
asn1_get_bool
(
&
p
,
end_ext_data
,
&
is_critical
);
mbedtls_
asn1_get_bool
(
&
p
,
end_ext_data
,
&
is_critical
);
/* Extension data */
asn1_get_tag
(
&
p
,
end_ext_data
,
&
len
,
ASN1_OCTET_STRING
);
mbedtls_asn1_get_tag
(
&
p
,
end_ext_data
,
&
len
,
MBEDTLS_ASN1_OCTET_STRING
);
end_ext_octet
=
p
+
len
;
/* Detect requested extension */
oid_len
=
oid_get_numeric_string
(
oid_str
,
MAX_OID_STR_LEN
,
&
extn_oid
);
if
(
oid_len
==
POLARSSL_ERR_OID_BUF_TOO_SMALL
)
{
oid_len
=
mbedtls_oid_get_numeric_string
(
oid_str
,
MAX_OID_STR_LEN
,
&
extn_oid
);
if
(
oid_len
==
MBEDTLS_ERR_OID_BUF_TOO_SMALL
)
{
return
IMG_PARSER_ERR
;
}
if
((
oid_len
==
strlen
(
oid_str
))
&&
!
strcmp
(
oid
,
oid_str
))
{
...
...
@@ -137,7 +141,7 @@ static int cert_parse(void *img, unsigned int img_len)
int
ret
,
is_critical
;
size_t
len
;
unsigned
char
*
p
,
*
end
,
*
crt_end
;
asn1_buf
sig_alg1
,
sig_alg2
;
mbedtls_
asn1_buf
sig_alg1
,
sig_alg2
;
p
=
(
unsigned
char
*
)
img
;
len
=
img_len
;
...
...
@@ -149,7 +153,8 @@ static int cert_parse(void *img, unsigned int img_len)
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING }
*/
ret
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_CONSTRUCTED
|
ASN1_SEQUENCE
);
ret
=
mbedtls_asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_ASN1_CONSTRUCTED
|
MBEDTLS_ASN1_SEQUENCE
);
if
(
ret
!=
0
)
{
return
IMG_PARSER_ERR_FORMAT
;
}
...
...
@@ -163,7 +168,8 @@ static int cert_parse(void *img, unsigned int img_len)
* TBSCertificate ::= SEQUENCE {
*/
tbs
.
p
=
p
;
ret
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_CONSTRUCTED
|
ASN1_SEQUENCE
);
ret
=
mbedtls_asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_ASN1_CONSTRUCTED
|
MBEDTLS_ASN1_SEQUENCE
);
if
(
ret
!=
0
)
{
return
IMG_PARSER_ERR_FORMAT
;
}
...
...
@@ -173,8 +179,9 @@ static int cert_parse(void *img, unsigned int img_len)
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*/
ret
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_CONTEXT_SPECIFIC
|
ASN1_CONSTRUCTED
|
0
);
ret
=
mbedtls_asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_ASN1_CONTEXT_SPECIFIC
|
MBEDTLS_ASN1_CONSTRUCTED
|
0
);
if
(
ret
!=
0
)
{
return
IMG_PARSER_ERR_FORMAT
;
}
...
...
@@ -183,7 +190,7 @@ static int cert_parse(void *img, unsigned int img_len)
/*
* CertificateSerialNumber ::= INTEGER
*/
ret
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_INTEGER
);
ret
=
mbedtls_
asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_
ASN1_INTEGER
);
if
(
ret
!=
0
)
{
return
IMG_PARSER_ERR_FORMAT
;
}
...
...
@@ -193,7 +200,8 @@ static int cert_parse(void *img, unsigned int img_len)
* signature AlgorithmIdentifier
*/
sig_alg1
.
p
=
p
;
ret
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_CONSTRUCTED
|
ASN1_SEQUENCE
);
ret
=
mbedtls_asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_ASN1_CONSTRUCTED
|
MBEDTLS_ASN1_SEQUENCE
);
if
(
ret
!=
0
)
{
return
IMG_PARSER_ERR_FORMAT
;
}
...
...
@@ -206,7 +214,8 @@ static int cert_parse(void *img, unsigned int img_len)
/*
* issuer Name
*/
ret
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_CONSTRUCTED
|
ASN1_SEQUENCE
);
ret
=
mbedtls_asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_ASN1_CONSTRUCTED
|
MBEDTLS_ASN1_SEQUENCE
);
if
(
ret
!=
0
)
{
return
IMG_PARSER_ERR_FORMAT
;
}
...
...
@@ -218,7 +227,8 @@ static int cert_parse(void *img, unsigned int img_len)
* notAfter Time }
*
*/
ret
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_CONSTRUCTED
|
ASN1_SEQUENCE
);
ret
=
mbedtls_asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_ASN1_CONSTRUCTED
|
MBEDTLS_ASN1_SEQUENCE
);
if
(
ret
!=
0
)
{
return
IMG_PARSER_ERR_FORMAT
;
}
...
...
@@ -227,7 +237,8 @@ static int cert_parse(void *img, unsigned int img_len)
/*
* subject Name
*/
ret
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_CONSTRUCTED
|
ASN1_SEQUENCE
);
ret
=
mbedtls_asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_ASN1_CONSTRUCTED
|
MBEDTLS_ASN1_SEQUENCE
);
if
(
ret
!=
0
)
{
return
IMG_PARSER_ERR_FORMAT
;
}
...
...
@@ -237,7 +248,8 @@ static int cert_parse(void *img, unsigned int img_len)
* SubjectPublicKeyInfo
*/
pk
.
p
=
p
;
ret
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_CONSTRUCTED
|
ASN1_SEQUENCE
);
ret
=
mbedtls_asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_ASN1_CONSTRUCTED
|
MBEDTLS_ASN1_SEQUENCE
);
if
(
ret
!=
0
)
{
return
IMG_PARSER_ERR_FORMAT
;
}
...
...
@@ -247,10 +259,11 @@ static int cert_parse(void *img, unsigned int img_len)
/*
* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
*/
ret
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_CONTEXT_SPECIFIC
|
ASN1_CONSTRUCTED
|
1
);
ret
=
mbedtls_asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_ASN1_CONTEXT_SPECIFIC
|
MBEDTLS_ASN1_CONSTRUCTED
|
1
);
if
(
ret
!=
0
)
{
if
(
ret
!=
POLARSSL
_ERR_ASN1_UNEXPECTED_TAG
)
{
if
(
ret
!=
MBEDTLS
_ERR_ASN1_UNEXPECTED_TAG
)
{
return
IMG_PARSER_ERR_FORMAT
;
}
}
else
{
...
...
@@ -260,10 +273,11 @@ static int cert_parse(void *img, unsigned int img_len)
/*
* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
*/
ret
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_CONTEXT_SPECIFIC
|
ASN1_CONSTRUCTED
|
2
);
ret
=
mbedtls_asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_ASN1_CONTEXT_SPECIFIC
|
MBEDTLS_ASN1_CONSTRUCTED
|
2
);
if
(
ret
!=
0
)
{
if
(
ret
!=
POLARSSL
_ERR_ASN1_UNEXPECTED_TAG
)
{
if
(
ret
!=
MBEDTLS
_ERR_ASN1_UNEXPECTED_TAG
)
{
return
IMG_PARSER_ERR_FORMAT
;
}
}
else
{
...
...
@@ -273,8 +287,9 @@ static int cert_parse(void *img, unsigned int img_len)
/*
* extensions [3] EXPLICIT Extensions OPTIONAL
*/
ret
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_CONTEXT_SPECIFIC
|
ASN1_CONSTRUCTED
|
3
);
ret
=
mbedtls_asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_ASN1_CONTEXT_SPECIFIC
|
MBEDTLS_ASN1_CONSTRUCTED
|
3
);
if
(
ret
!=
0
)
{
return
IMG_PARSER_ERR_FORMAT
;
}
...
...
@@ -283,7 +298,8 @@ static int cert_parse(void *img, unsigned int img_len)
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
*/
v3_ext
.
p
=
p
;
ret
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_CONSTRUCTED
|
ASN1_SEQUENCE
);
ret
=
mbedtls_asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_ASN1_CONSTRUCTED
|
MBEDTLS_ASN1_SEQUENCE
);
if
(
ret
!=
0
)
{
return
IMG_PARSER_ERR_FORMAT
;
}
...
...
@@ -293,27 +309,29 @@ static int cert_parse(void *img, unsigned int img_len)
* Check extensions integrity
*/
while
(
p
<
end
)
{
ret
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_CONSTRUCTED
|
ASN1_SEQUENCE
);
ret
=
mbedtls_asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_ASN1_CONSTRUCTED
|
MBEDTLS_ASN1_SEQUENCE
);
if
(
ret
!=
0
)
{
return
IMG_PARSER_ERR_FORMAT
;
}
/* Get extension ID */
ret
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_OID
);
ret
=
mbedtls_
asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_
ASN1_OID
);
if
(
ret
!=
0
)
{
return
IMG_PARSER_ERR_FORMAT
;
}
p
+=
len
;
/* Get optional critical */
ret
=
asn1_get_bool
(
&
p
,
end
,
&
is_critical
);
if
((
ret
!=
0
)
&&
(
ret
!=
POLARSSL
_ERR_ASN1_UNEXPECTED_TAG
))
{
ret
=
mbedtls_
asn1_get_bool
(
&
p
,
end
,
&
is_critical
);
if
((
ret
!=
0
)
&&
(
ret
!=
MBEDTLS
_ERR_ASN1_UNEXPECTED_TAG
))
{
return
IMG_PARSER_ERR_FORMAT
;
}
/* Data should be octet string type */
ret
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_OCTET_STRING
);
ret
=
mbedtls_asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_ASN1_OCTET_STRING
);
if
(
ret
!=
0
)
{
return
IMG_PARSER_ERR_FORMAT
;
}
...
...
@@ -333,7 +351,8 @@ static int cert_parse(void *img, unsigned int img_len)
* signatureAlgorithm AlgorithmIdentifier
*/
sig_alg2
.
p
=
p
;
ret
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_CONSTRUCTED
|
ASN1_SEQUENCE
);
ret
=
mbedtls_asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_ASN1_CONSTRUCTED
|
MBEDTLS_ASN1_SEQUENCE
);
if
(
ret
!=
0
)
{
return
IMG_PARSER_ERR_FORMAT
;
}
...
...
@@ -356,7 +375,7 @@ static int cert_parse(void *img, unsigned int img_len)
* signatureValue BIT STRING
*/
signature
.
p
=
p
;
ret
=
asn1_get_tag
(
&
p
,
end
,
&
len
,
ASN1_BIT_STRING
);
ret
=
mbedtls_
asn1_get_tag
(
&
p
,
end
,
&
len
,
MBEDTLS_
ASN1_BIT_STRING
);
if
(
ret
!=
0
)
{
return
IMG_PARSER_ERR_FORMAT
;
}
...
...
include/drivers/auth/mbedtls/mbedtls_config.h
View file @
a84deb9c
...
...
@@ -31,69 +31,69 @@
#define __MBEDTLS_CONFIG_H__
/*
* Key algorithms currently supported on mbedTLS libraries
* Key algorithms currently supported on mbed
TLS libraries
*/
#define MBEDTLS_RSA 1
#define MBEDTLS_ECDSA 2
/*
* Configuration file to build
PolarSSL
with the required features for
* Configuration file to build
mbed TLS
with the required features for
* Trusted Boot
*/
#define
POLARSSL
_PLATFORM_MEMORY
#define
POLARSSL
_PLATFORM_NO_STD_FUNCTIONS
#define
MBEDTLS
_PLATFORM_MEMORY
#define
MBEDTLS
_PLATFORM_NO_STD_FUNCTIONS
#define
POLARSSL
_PKCS1_V15
#define
POLARSSL
_PKCS1_V21
#define
MBEDTLS
_PKCS1_V15
#define
MBEDTLS
_PKCS1_V21
#define
POLARSSL
_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
#define
POLARSSL
_X509_CHECK_KEY_USAGE
#define
POLARSSL
_X509_CHECK_EXTENDED_KEY_USAGE
#define
MBEDTLS
_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
#define
MBEDTLS
_X509_CHECK_KEY_USAGE
#define
MBEDTLS
_X509_CHECK_EXTENDED_KEY_USAGE
#define
POLARSSL
_ASN1_PARSE_C
#define
POLARSSL
_ASN1_WRITE_C
#define
MBEDTLS
_ASN1_PARSE_C
#define
MBEDTLS
_ASN1_WRITE_C
#define
POLARSSL
_BASE64_C
#define
POLARSSL
_BIGNUM_C
#define
MBEDTLS
_BASE64_C
#define
MBEDTLS
_BIGNUM_C
#define
POLARSSL
_ERROR_C
#define
POLARSSL
_MD_C
#define
MBEDTLS
_ERROR_C
#define
MBEDTLS
_MD_C
#define
POLARSSL
_MEMORY_BUFFER_ALLOC_C
#define
POLARSSL
_OID_C
#define
MBEDTLS
_MEMORY_BUFFER_ALLOC_C
#define
MBEDTLS
_OID_C
#define
POLARSSL
_PK_C
#define
POLARSSL
_PK_PARSE_C
#define
POLARSSL
_PK_WRITE_C
#define
MBEDTLS
_PK_C
#define
MBEDTLS
_PK_PARSE_C
#define
MBEDTLS
_PK_WRITE_C
#define
POLARSSL
_PLATFORM_C
#define
MBEDTLS
_PLATFORM_C
#if (MBEDTLS_KEY_ALG_ID == MBEDTLS_ECDSA)
#define
POLARSSL
_ECDSA_C
#define
POLARSSL
_ECP_C
#define
POLARSSL
_ECP_DP_SECP256R1_ENABLED
#define
MBEDTLS
_ECDSA_C
#define
MBEDTLS
_ECP_C
#define
MBEDTLS
_ECP_DP_SECP256R1_ENABLED
#elif (MBEDTLS_KEY_ALG_ID == MBEDTLS_RSA)
#define
POLARSSL
_RSA_C
#define
MBEDTLS
_RSA_C
#endif
#define
POLARSSL
_SHA256_C
#define
MBEDTLS
_SHA256_C
#define
POLARSSL
_VERSION_C
#define
MBEDTLS
_VERSION_C
#define
POLARSSL
_X509_USE_C
#define
POLARSSL
_X509_CRT_PARSE_C
#define
MBEDTLS
_X509_USE_C
#define
MBEDTLS
_X509_CRT_PARSE_C
/* MPI / BIGNUM options */
#define
POLARSSL
_MPI_WINDOW_SIZE 2
#define
POLARSSL
_MPI_MAX_SIZE 256
#define
MBEDTLS
_MPI_WINDOW_SIZE 2
#define
MBEDTLS
_MPI_MAX_SIZE 256
/* Memory buffer allocator options */
#define
POLARSSL
_MEMORY_ALIGN_MULTIPLE 8
#define
MBEDTLS
_MEMORY_ALIGN_MULTIPLE 8
#include "
polarssl
/check_config.h"
#include "
mbedtls
/check_config.h"
/* System headers required to build mbedTLS with the current configuration */
/* System headers required to build mbed
TLS with the current configuration */
#include <stdlib.h>
#endif
/* __MBEDTLS_CONFIG_H__ */
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment