Re: [PATCH v4 5/8] lib: sha256: add feature sha256_hmac

Hi Philippe,

On Thu, 12 Dec 2024 at 08:37, Philippe Reynes < philippe.reynes@softathome.com> wrote:

Adds the support of the hmac based on sha256. This implementation is based on rfc2104.

Signed-off-by: Philippe Reynes philippe.reynes@softathome.com

include/u-boot/sha256.h | 4 ++++ lib/sha256_common.c | 48 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+)

diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h index 44a9b528b48..2f12275b703 100644 --- a/include/u-boot/sha256.h +++ b/include/u-boot/sha256.h @@ -45,4 +45,8 @@ void sha256_finish(sha256_context * ctx, uint8_t digest[SHA256_SUM_LEN]); void sha256_csum_wd(const unsigned char *input, unsigned int ilen, unsigned char *output, unsigned int chunk_sz);

+void sha256_hmac(const unsigned char *key, int keylen,

•            const unsigned char *input, unsigned int ilen,
  

•            unsigned char *output);
  

#endif /* _SHA256_H */ diff --git a/lib/sha256_common.c b/lib/sha256_common.c index 7041abd26d9..46262ea99a2 100644 --- a/lib/sha256_common.c +++ b/lib/sha256_common.c @@ -48,3 +48,51 @@ void sha256_csum_wd(const unsigned char *input, unsigned int ilen,

    sha256_finish(&ctx, output);

}

+void sha256_hmac(const unsigned char *key, int keylen,

•            const unsigned char *input, unsigned int ilen,
  

•            unsigned char *output)
  

+{

•   int i;
  

•   sha256_context ctx;
  

•   unsigned char keybuf[64];
  

•   unsigned char k_ipad[64];
  

•   unsigned char k_opad[64];
  

•   unsigned char tmpbuf[32];
  

•   int keybuf_len;
  

•   if (keylen > 64) {
  

•           sha256_starts(&ctx);
  

•           sha256_update(&ctx, key, keylen);
  

•           sha256_finish(&ctx, keybuf);
  

•           keybuf_len = 32;
  

•   } else {
  

•           memcpy(keybuf, key, keylen);
  

•           keybuf_len = keylen;
  

•   }
  

•   memset(k_ipad, 0x36, 64);
  

•   memset(k_opad, 0x5C, 64);
  

•   for (i = 0; i < keybuf_len; i++) {
  

•           k_ipad[i] ^= keybuf[i];
  

•           k_opad[i] ^= keybuf[i];
  

•   }
  

•   sha256_starts(&ctx);
  

•   sha256_update(&ctx, k_ipad, sizeof(k_ipad));
  

•   sha256_update(&ctx, input, ilen);
  

•   sha256_finish(&ctx, tmpbuf);
  

•   sha256_starts(&ctx);
  

•   sha256_update(&ctx, k_opad, sizeof(k_opad));
  

•   sha256_update(&ctx, tmpbuf, sizeof(tmpbuf));
  

•   sha256_finish(&ctx, output);
  

•   memset(k_ipad, 0, sizeof(k_ipad));
  

•   memset(k_opad, 0, sizeof(k_opad));
  

•   memset(tmpbuf, 0, sizeof(tmpbuf));
  

•   memset(keybuf, 0, sizeof(keybuf));
  

•   memset(&ctx, 0, sizeof(sha256_context));
  

+}

2.25.1

The sha256 hmac common implementation now sounds good.

Do you have a comparison of performance with the MbedTLS high-level API mbedtls_md_hmac()? I am wondering if it is worth using this API specially when MbedTLS is enabled, since it significantly simplifies the implementation.

Regards, Raymond