1*91f16700Schasinglulu /* 2*91f16700Schasinglulu * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. 3*91f16700Schasinglulu * 4*91f16700Schasinglulu * SPDX-License-Identifier: BSD-3-Clause 5*91f16700Schasinglulu */ 6*91f16700Schasinglulu 7*91f16700Schasinglulu #ifndef COT_DEF_H 8*91f16700Schasinglulu #define COT_DEF_H 9*91f16700Schasinglulu 10*91f16700Schasinglulu /* 11*91f16700Schasinglulu * Guard here with availability of mbedtls config since PLAT=lx2162aqds 12*91f16700Schasinglulu * uses custom tbbr from 'drivers/nxp/auth/tbbr/tbbr_cot.c' and also may 13*91f16700Schasinglulu * build without mbedtls folder only with TRUSTED_BOOT enabled. 14*91f16700Schasinglulu */ 15*91f16700Schasinglulu #ifdef MBEDTLS_CONFIG_FILE 16*91f16700Schasinglulu #include <mbedtls/version.h> 17*91f16700Schasinglulu #endif 18*91f16700Schasinglulu 19*91f16700Schasinglulu /* TBBR CoT definitions */ 20*91f16700Schasinglulu #if defined(SPD_spmd) 21*91f16700Schasinglulu #define COT_MAX_VERIFIED_PARAMS 8 22*91f16700Schasinglulu #elif defined(ARM_COT_cca) 23*91f16700Schasinglulu #define COT_MAX_VERIFIED_PARAMS 8 24*91f16700Schasinglulu #else 25*91f16700Schasinglulu #define COT_MAX_VERIFIED_PARAMS 4 26*91f16700Schasinglulu #endif 27*91f16700Schasinglulu 28*91f16700Schasinglulu /* 29*91f16700Schasinglulu * Maximum key and hash sizes (in DER format). 30*91f16700Schasinglulu * 31*91f16700Schasinglulu * Both RSA and ECDSA keys may be used at the same time. In this case, the key 32*91f16700Schasinglulu * buffers must be big enough to hold either. As RSA keys are bigger than ECDSA 33*91f16700Schasinglulu * ones for all key sizes we support, they impose the minimum size of these 34*91f16700Schasinglulu * buffers. 35*91f16700Schasinglulu * 36*91f16700Schasinglulu * If the platform employs its own mbedTLS configuration, it is the platform's 37*91f16700Schasinglulu * responsibility to define TF_MBEDTLS_USE_RSA or TF_MBEDTLS_USE_ECDSA to 38*91f16700Schasinglulu * establish the appropriate PK_DER_LEN size. 39*91f16700Schasinglulu */ 40*91f16700Schasinglulu #ifdef MBEDTLS_CONFIG_FILE 41*91f16700Schasinglulu #if TF_MBEDTLS_USE_RSA 42*91f16700Schasinglulu #if TF_MBEDTLS_KEY_SIZE == 1024 43*91f16700Schasinglulu #define PK_DER_LEN 162 44*91f16700Schasinglulu #elif TF_MBEDTLS_KEY_SIZE == 2048 45*91f16700Schasinglulu #define PK_DER_LEN 294 46*91f16700Schasinglulu #elif TF_MBEDTLS_KEY_SIZE == 3072 47*91f16700Schasinglulu #define PK_DER_LEN 422 48*91f16700Schasinglulu #elif TF_MBEDTLS_KEY_SIZE == 4096 49*91f16700Schasinglulu #define PK_DER_LEN 550 50*91f16700Schasinglulu #else 51*91f16700Schasinglulu #error "Invalid value for TF_MBEDTLS_KEY_SIZE" 52*91f16700Schasinglulu #endif 53*91f16700Schasinglulu #elif TF_MBEDTLS_USE_ECDSA 54*91f16700Schasinglulu #if TF_MBEDTLS_KEY_SIZE == 384 55*91f16700Schasinglulu #define PK_DER_LEN 120 56*91f16700Schasinglulu #elif TF_MBEDTLS_KEY_SIZE == 256 57*91f16700Schasinglulu #define PK_DER_LEN 92 58*91f16700Schasinglulu #else 59*91f16700Schasinglulu #error "Invalid value for TF_MBEDTLS_KEY_SIZE" 60*91f16700Schasinglulu #endif 61*91f16700Schasinglulu #else 62*91f16700Schasinglulu #error "Invalid value of algorithm" 63*91f16700Schasinglulu #endif /* TF_MBEDTLS_USE_RSA */ 64*91f16700Schasinglulu 65*91f16700Schasinglulu #if TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA256 66*91f16700Schasinglulu #define HASH_DER_LEN 51 67*91f16700Schasinglulu #elif TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA384 68*91f16700Schasinglulu #define HASH_DER_LEN 67 69*91f16700Schasinglulu #elif TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA512 70*91f16700Schasinglulu #define HASH_DER_LEN 83 71*91f16700Schasinglulu #else 72*91f16700Schasinglulu #error "Invalid value for TF_MBEDTLS_HASH_ALG_ID" 73*91f16700Schasinglulu #endif 74*91f16700Schasinglulu #endif /* MBEDTLS_CONFIG_FILE */ 75*91f16700Schasinglulu 76*91f16700Schasinglulu #endif /* COT_DEF_H */ 77