From 0b4e59211bf78db96b9f6a87869f623ea2810ebc Mon Sep 17 00:00:00 2001 From: Sandrine Bailleux Date: Mon, 17 Feb 2020 16:26:05 +0100 Subject: [PATCH] TBBR: Reduce size of hash buffers when possible The TBBR implementation extracts hashes from certificates and stores them in static buffers. TF-A supports 3 variants of SHA right now: SHA-256, SHA-384 and SHA-512. When support for SHA-512 was added in commit 9a3088a5f509084e60d9c55bf53985c5ec4ca821 ("tbbr: Add build flag HASH_ALG to let the user to select the SHA"), the hash buffers got unconditionally increased from 51 to 83 bytes each. We can reduce that space if we're using SHA-256 or SHA-384. This saves some BSS space in both BL1 and BL2: - BL1 with SHA-256: saving 168 bytes. - BL1 with SHA-384: saving 80 bytes. - BL2 with SHA-256: saving 384 bytes. - BL2 with SHA-384: saving 192 bytes. Change-Id: I0d02e5dc5f0162e82339c768609c9766cfe7e2bd Signed-off-by: Sandrine Bailleux --- drivers/auth/tbbr/tbbr_cot.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/auth/tbbr/tbbr_cot.c b/drivers/auth/tbbr/tbbr_cot.c index 2f1f451b1..6f00b180c 100644 --- a/drivers/auth/tbbr/tbbr_cot.c +++ b/drivers/auth/tbbr/tbbr_cot.c @@ -41,7 +41,15 @@ #define PK_DER_LEN 91 #endif +#if TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA256 +#define HASH_DER_LEN 51 +#elif TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA384 +#define HASH_DER_LEN 67 +#elif TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA512 #define HASH_DER_LEN 83 +#else +#error "Invalid value for TF_MBEDTLS_HASH_ALG_ID" +#endif /* * The platform must allocate buffers to store the authentication parameters