diff options
Diffstat (limited to 'lib/mbedtls/sha256.c')
| -rw-r--r-- | lib/mbedtls/sha256.c | 59 |
1 files changed, 35 insertions, 24 deletions
diff --git a/lib/mbedtls/sha256.c b/lib/mbedtls/sha256.c index 24aa58fa674..59edcb517df 100644 --- a/lib/mbedtls/sha256.c +++ b/lib/mbedtls/sha256.c @@ -10,6 +10,12 @@ #endif /* USE_HOSTCC */ #include <u-boot/sha256.h> +#include <mbedtls/md.h> + +#if CONFIG_IS_ENABLED(HKDF_MBEDTLS) +#include <mbedtls/hkdf.h> +#endif + const u8 sha256_der_prefix[SHA256_DER_LEN] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, @@ -34,29 +40,34 @@ void sha256_finish(sha256_context *ctx, uint8_t digest[SHA256_SUM_LEN]) mbedtls_sha256_free(ctx); } -void sha256_csum_wd(const unsigned char *input, unsigned int ilen, - unsigned char *output, unsigned int chunk_sz) +int sha256_hmac(const unsigned char *key, int keylen, + const unsigned char *input, unsigned int ilen, + unsigned char *output) { - sha256_context ctx; - - sha256_starts(&ctx); - - if (IS_ENABLED(CONFIG_HW_WATCHDOG) || IS_ENABLED(CONFIG_WATCHDOG)) { - const unsigned char *curr = input; - const unsigned char *end = input + ilen; - int chunk; - - while (curr < end) { - chunk = end - curr; - if (chunk > chunk_sz) - chunk = chunk_sz; - sha256_update(&ctx, curr, chunk); - curr += chunk; - schedule(); - } - } else { - sha256_update(&ctx, input, ilen); - } - - sha256_finish(&ctx, output); + const mbedtls_md_info_t *md; + + md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); + if (!md) + return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; + + return mbedtls_md_hmac(md, key, keylen, input, ilen, output); +} + +#if CONFIG_IS_ENABLED(HKDF_MBEDTLS) +int sha256_hkdf(const unsigned char *salt, int saltlen, + const unsigned char *ikm, int ikmlen, + const unsigned char *info, int infolen, + unsigned char *output, int outputlen) +{ + const mbedtls_md_info_t *md; + + md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); + if (!md) + return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; + + return mbedtls_hkdf(md, salt, saltlen, + ikm, ikmlen, + info, infolen, + output, outputlen); } +#endif |