6 files changed, 171 insertions, 0 deletions

diff --git a/lib/libmbedtls/include/mbedtls_config_kernel.h b/lib/libmbedtls/include/mbedtls_config_kernel.h
new file mode 100644
index 00000000..771795ce
--- /dev/null
+++ b/lib/libmbedtls/include/mbedtls_config_kernel.h
@@ -0,0 +1,3 @@
+/* SPDX-License-Identifier: BSD-2-Clause */
+/* Copyright (c) 2018, Linaro Limited */
+#error "mbedTLS is not yet supported in kernel mode"
diff --git a/lib/libmbedtls/include/mbedtls_config_uta.h b/lib/libmbedtls/include/mbedtls_config_uta.h
new file mode 100644
index 00000000..a43afd7b
--- /dev/null
+++ b/lib/libmbedtls/include/mbedtls_config_uta.h
@@ -0,0 +1,57 @@
+/* SPDX-License-Identifier: BSD-2-Clause */
+/* Copyright (c) 2018, Linaro Limited */
+#ifndef __MBEDTLS_CONFIG_UTA_H
+#define __MBEDTLS_CONFIG_UTA_H
+
+#define MBEDTLS_CIPHER_MODE_CBC
+#define MBEDTLS_PKCS1_V15
+
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_DES_C
+#define MBEDTLS_AES_C
+
+#define MBEDTLS_SHA1_C
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_MD5_C
+
+#define MBEDTLS_CTR_DRBG_C
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_NO_PLATFORM_ENTROPY
+
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_RSA_C
+#define MBEDTLS_ECDH_C
+#define MBEDTLS_ECDSA_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_WRITE_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_X509_CSR_PARSE_C
+#define MBEDTLS_X509_CRT_WRITE_C
+#define MBEDTLS_X509_CREATE_C
+#define MBEDTLS_X509_USE_C
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_CERTS_C
+#define MBEDTLS_PEM_PARSE_C
+#define MBEDTLS_PEM_WRITE_C
+
+#include <mbedtls/check_config.h>
+
+#endif /* __MBEDTLS_CONFIG_UTA_H */
diff --git a/lib/libmbedtls/sub.mk b/lib/libmbedtls/sub.mk
new file mode 100644
index 00000000..6f1fcfbc
--- /dev/null
+++ b/lib/libmbedtls/sub.mk
@@ -0,0 +1,87 @@
+global-incdirs-y += include
+global-incdirs-y += mbedtls/include
+
+SRCS :=
+
+# OBJS_CRYPTO from make file
+SRCS += aes.c
+SRCS += aesni.c
+SRCS += arc4.c
+SRCS += asn1parse.c
+SRCS += asn1write.c
+SRCS += base64.c
+SRCS += bignum.c
+SRCS += blowfish.c
+SRCS += camellia.c
+SRCS += ccm.c
+SRCS += cipher.c
+SRCS += cipher_wrap.c
+SRCS += cmac.c
+SRCS += ctr_drbg.c
+SRCS += des.c
+SRCS += dhm.c
+SRCS += ecdh.c
+SRCS += ecdsa.c
+SRCS += ecjpake.c
+SRCS += ecp.c
+SRCS += ecp_curves.c
+SRCS += entropy.c
+SRCS += entropy_poll.c
+SRCS += error.c
+SRCS += gcm.c
+SRCS += havege.c
+SRCS += hmac_drbg.c
+SRCS += md.c
+SRCS += md2.c
+SRCS += md4.c
+SRCS += md5.c
+SRCS += md_wrap.c
+SRCS += memory_buffer_alloc.c
+SRCS += oid.c
+SRCS += padlock.c
+SRCS += pem.c
+SRCS += pk.c
+SRCS += pk_wrap.c
+SRCS += pkcs12.c
+SRCS += pkcs5.c
+SRCS += pkparse.c
+SRCS += pkwrite.c
+SRCS += platform.c
+SRCS += ripemd160.c
+SRCS += rsa.c
+SRCS += sha1.c
+SRCS += sha256.c
+SRCS += sha512.c
+SRCS += threading.c
+SRCS += timing.c
+SRCS += version.c
+SRCS += version_features.c
+SRCS += xtea.c
+
+# OBJS_X509
+SRCS += certs.c
+SRCS += pkcs11.c
+SRCS += x509.c
+SRCS += x509_create.c
+SRCS += x509_crl.c
+SRCS += x509_crt.c
+SRCS += x509_csr.c
+SRCS += x509write_crt.c
+SRCS += x509write_csr.c
+
+# OBJS_TLS
+SRCS += debug.c
+SRCS += net_sockets.c
+SRCS += ssl_cache.c
+SRCS += ssl_ciphersuites.c
+SRCS += ssl_cli.c
+SRCS += ssl_cookie.c
+SRCS += ssl_srv.c
+SRCS += ssl_ticket.c
+SRCS += ssl_tls.c
+
+srcs-y += $(addprefix mbedtls/library/, $(SRCS))
+
+cflags-lib-y += -Wno-redundant-decls
+cflags-lib-y += -Wno-switch-default
+cflags-lib-$(CFG_ULIBS_GPROF) += -pg
diff --git a/mk/config.mk b/mk/config.mk
index 1bc12086..b3d95432 100644
--- a/mk/config.mk
+++ b/mk/config.mk
@@ -315,3 +315,10 @@ CFG_TA_BIGNUM_MAX_BITS ?= 2048
 # implemented by the TEE core.
 # Set this to a lower value to reduce the memory footprint.
 CFG_CORE_BIGNUM_MAX_BITS ?= 4096
+
+# Compiles mbedTLS for TA usage
+CFG_TA_MBEDTLS ?= y
+
+# Compile the TA library mbedTLS with self test functions, the functions
+# need to be called to test anything
+CFG_TA_MBEDTLS_SELF_TEST ?= y
diff --git a/ta/mk/ta_dev_kit.mk b/ta/mk/ta_dev_kit.mk
index f9832e34..fa0bddfe 100644
--- a/ta/mk/ta_dev_kit.mk
+++ b/ta/mk/ta_dev_kit.mk
@@ -56,6 +56,10 @@ libnames += utils utee mpa
 libdeps += $(ta-dev-kit-dir)/lib/libutils.a
 libdeps += $(ta-dev-kit-dir)/lib/libmpa.a
 libdeps += $(ta-dev-kit-dir)/lib/libutee.a
+ifeq ($(CFG_TA_MBEDTLS),y)
+libnames += mbedtls
+libdeps += $(ta-dev-kit-dir)/lib/libmbedtls.a
+endif
 
 # Pass config variable (CFG_) from conf.mk on the command line
 cppflags$(sm) += $(strip \
diff --git a/ta/ta.mk b/ta/ta.mk
index 13e086cc..7135db5a 100644
--- a/ta/ta.mk
+++ b/ta/ta.mk
@@ -12,6 +12,10 @@ include mk/$(COMPILER_$(sm)).mk
 # Config flags from mk/config.mk
 #
 
+ifeq ($(CFG_TA_MBEDTLS_SELF_TEST),y)
+$(sm)-platform-cppflags += -DMBEDTLS_SELF_TEST
+endif
+
 ifeq ($(CFG_TEE_TA_MALLOC_DEBUG),y)
 # Build malloc debug code into libutils: (mdbg_malloc(), mdbg_free(),
 # mdbg_check(), etc.).
@@ -22,6 +26,8 @@ endif
 ta-mk-file-export-vars-$(sm) += CFG_TA_FLOAT_SUPPORT
 ta-mk-file-export-vars-$(sm) += CFG_CACHE_API
 ta-mk-file-export-vars-$(sm) += CFG_SECURE_DATA_PATH
+ta-mk-file-export-vars-$(sm) += CFG_TA_MBEDTLS_SELF_TEST
+ta-mk-file-export-vars-$(sm) += CFG_TA_MBEDTLS
 
 # Expand platform flags here as $(sm) will change if we have several TA
 # targets. Platform flags should not change after inclusion of ta/ta.mk.
@@ -48,6 +54,13 @@ libname = utee
 libdir = lib/libutee
 include mk/lib.mk
 
+ifeq ($(CFG_TA_MBEDTLS),y)
+libname = mbedtls
+libdir = lib/libmbedtls
+include mk/lib.mk
+ta-mk-file-export-vars-$(sm) += CFG_TA_MBEDTLS
+endif
+
 base-prefix :=
 
 incdirs-host := $(filter-out lib/libutils%, $(incdirs$(sm)))