Hi Philippe,
On Thu, 19 Dec 2024 at 08:06, Philippe Reynes < philippe.reynes@softathome.com> wrote:
Adds the support of the hmac based on sha256. This implementation is based on rfc2104.
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com
include/u-boot/sha256.h | 4 ++++ lib/mbedtls/sha256.c | 15 ++++++++++++ lib/sha256.c | 51 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+)
diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h index 44a9b528b48..99cf78e204c 100644 --- a/include/u-boot/sha256.h +++ b/include/u-boot/sha256.h @@ -45,4 +45,8 @@ void sha256_finish(sha256_context * ctx, uint8_t digest[SHA256_SUM_LEN]); void sha256_csum_wd(const unsigned char *input, unsigned int ilen, unsigned char *output, unsigned int chunk_sz);
+int sha256_hmac(const unsigned char *key, int keylen,
const unsigned char *input, unsigned int ilen,unsigned char *output);#endif /* _SHA256_H */ diff --git a/lib/mbedtls/sha256.c b/lib/mbedtls/sha256.c index 2128e598834..7d456a82017 100644 --- a/lib/mbedtls/sha256.c +++ b/lib/mbedtls/sha256.c @@ -10,6 +10,8 @@ #endif /* USE_HOSTCC */ #include <u-boot/sha256.h>
+#include <mbedtls/md.h>
const u8 sha256_der_prefix[SHA256_DER_LEN] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, @@ -33,3 +35,16 @@ void sha256_finish(sha256_context *ctx, uint8_t digest[SHA256_SUM_LEN]) mbedtls_sha256_finish(ctx, digest); mbedtls_sha256_free(ctx); }
+int sha256_hmac(const unsigned char *key, int keylen,
const unsigned char *input, unsigned int ilen,unsigned char *output)+{
const mbedtls_md_info_t *md;md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);if (!md)return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;return mbedtls_md_hmac(md, key, keylen, input, ilen, output);+} diff --git a/lib/sha256.c b/lib/sha256.c index 827bd9a872b..c2e77c854b9 100644 --- a/lib/sha256.c +++ b/lib/sha256.c @@ -264,3 +264,54 @@ void sha256_finish(sha256_context * ctx, uint8_t digest[32]) PUT_UINT32_BE(ctx->state[6], digest, 24); PUT_UINT32_BE(ctx->state[7], digest, 28); }
+int sha256_hmac(const unsigned char *key, int keylen,
const unsigned char *input, unsigned int ilen,unsigned char *output)+{
int i;sha256_context ctx;unsigned char keybuf[64];unsigned char k_ipad[64];unsigned char k_opad[64];unsigned char tmpbuf[32];int keybuf_len;if (keylen > 64) {sha256_starts(&ctx);sha256_update(&ctx, key, keylen);sha256_finish(&ctx, keybuf);keybuf_len = 32;} else {memset(keybuf, 0, sizeof(keybuf));memcpy(keybuf, key, keylen);keybuf_len = keylen;}memset(k_ipad, 0x36, 64);memset(k_opad, 0x5C, 64);for (i = 0; i < keybuf_len; i++) {k_ipad[i] ^= keybuf[i];k_opad[i] ^= keybuf[i];}sha256_starts(&ctx);sha256_update(&ctx, k_ipad, sizeof(k_ipad));sha256_update(&ctx, input, ilen);sha256_finish(&ctx, tmpbuf);sha256_starts(&ctx);sha256_update(&ctx, k_opad, sizeof(k_opad));sha256_update(&ctx, tmpbuf, sizeof(tmpbuf));sha256_finish(&ctx, output);memset(k_ipad, 0, sizeof(k_ipad));memset(k_opad, 0, sizeof(k_opad));memset(tmpbuf, 0, sizeof(tmpbuf));memset(keybuf, 0, sizeof(keybuf));memset(&ctx, 0, sizeof(sha256_context));return 0;+}
2.25.1
Sounds good to me. Reviewed-by: Raymond Mao raymond.mao@linaro.org
Regards, Raymond