diff options
| author | Tom Rini <trini@konsulko.com> | 2025-01-18 17:13:01 -0600 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2025-01-18 17:13:01 -0600 |
| commit | 639cd409987acf173eaffebe7876968b42fd7c32 (patch) | |
| tree | 749d7fdb6e091998fd39621c918e90a128c22e83 /lib/mbedtls/sha256.c | |
| parent | a1e7dd7e1426b263cb832952eda4a0971e4803d0 (diff) | |
| parent | 3f9d18254bff2ba869a65f9e1e03277705338f9e (diff) | |
Merge patch series "add the support of sha256_hmac and sha256_hkdf"
Philippe Reynes <philippe.reynes@softathome.com> says:
This serie adds the support of sha256_hmac and sha256_hkdf.
A first version was sent several months ago just before the
integration of mbedtls. This new version is based on mbedtls.
The first patch of this serie add the support of hkdf
using mbedtls.
Link: https://lore.kernel.org/r/20241219130554.49825-1-philippe.reynes@softathome.com
Diffstat (limited to 'lib/mbedtls/sha256.c')
| -rw-r--r-- | lib/mbedtls/sha256.c | 59 |
1 files changed, 35 insertions, 24 deletions
diff --git a/lib/mbedtls/sha256.c b/lib/mbedtls/sha256.c index 24aa58fa674..59edcb517df 100644 --- a/lib/mbedtls/sha256.c +++ b/lib/mbedtls/sha256.c @@ -10,6 +10,12 @@ #endif /* USE_HOSTCC */ #include <u-boot/sha256.h> +#include <mbedtls/md.h> + +#if CONFIG_IS_ENABLED(HKDF_MBEDTLS) +#include <mbedtls/hkdf.h> +#endif + const u8 sha256_der_prefix[SHA256_DER_LEN] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, @@ -34,29 +40,34 @@ void sha256_finish(sha256_context *ctx, uint8_t digest[SHA256_SUM_LEN]) mbedtls_sha256_free(ctx); } -void sha256_csum_wd(const unsigned char *input, unsigned int ilen, - unsigned char *output, unsigned int chunk_sz) +int sha256_hmac(const unsigned char *key, int keylen, + const unsigned char *input, unsigned int ilen, + unsigned char *output) { - sha256_context ctx; - - sha256_starts(&ctx); - - if (IS_ENABLED(CONFIG_HW_WATCHDOG) || IS_ENABLED(CONFIG_WATCHDOG)) { - const unsigned char *curr = input; - const unsigned char *end = input + ilen; - int chunk; - - while (curr < end) { - chunk = end - curr; - if (chunk > chunk_sz) - chunk = chunk_sz; - sha256_update(&ctx, curr, chunk); - curr += chunk; - schedule(); - } - } else { - sha256_update(&ctx, input, ilen); - } - - sha256_finish(&ctx, output); + const mbedtls_md_info_t *md; + + md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); + if (!md) + return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; + + return mbedtls_md_hmac(md, key, keylen, input, ilen, output); +} + +#if CONFIG_IS_ENABLED(HKDF_MBEDTLS) +int sha256_hkdf(const unsigned char *salt, int saltlen, + const unsigned char *ikm, int ikmlen, + const unsigned char *info, int infolen, + unsigned char *output, int outputlen) +{ + const mbedtls_md_info_t *md; + + md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); + if (!md) + return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; + + return mbedtls_hkdf(md, salt, saltlen, + ikm, ikmlen, + info, infolen, + output, outputlen); } +#endif |