Re: [PATCH v2 1/5] mbedtls: enable support of hkdf

Hi Raymond,

Le 05/12/2024 à 18:08, Raymond Mao a écrit :

*This Mail comes from Outside of SoftAtHome: *Do not answer, click links or open attachments unless you recognize the sender and know the content is safe.**

Hi Philippe,

On Wed, 4 Dec 2024 at 12:54, Philippe Reynes philippe.reynes@softathome.com wrote:

Adds the support of key derivation using
the scheme hkdf.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 lib/mbedtls/Kconfig              | 14 ++++++++++++++
 lib/mbedtls/Makefile             |  2 ++
 lib/mbedtls/mbedtls_def_config.h |  4 ++++
 3 files changed, 20 insertions(+)

diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig
index 78167ffa252..aa82336ef14 100644
--- a/lib/mbedtls/Kconfig
+++ b/lib/mbedtls/Kconfig
@@ -297,6 +297,13 @@ config MD5_MBEDTLS
          This option enables support of hashing using MD5 algorithm
          with MbedTLS crypto library.

+config HKDF_MBEDTLS
+       bool "Enable HKDF support with MbedTLS crypto library"
+       depends on MBEDTLS_LIB_CRYPTO
+       help
+         This option enables support of key derivation using HKDF
algorithm
+         with MbedTLS crypto library.
+
 if SPL

 config SPL_SHA1_MBEDTLS
@@ -335,6 +342,13 @@ config SPL_MD5_MBEDTLS
          This option enables support of hashing using MD5 algorithm
          with MbedTLS crypto library.

+config SPL_HKDF_MBEDTLS
+       bool "Enable HKDF support in SPL with MbedTLS crypto library"
+       depends on MBEDTLS_LIB_CRYPTO
+       help
+         This option enables support of key derivation using HKDF
algorithm
+         with MbedTLS crypto library.
+
 endif # SPL

 endif # MBEDTLS_LIB_CRYPTO
diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile
index ce0a61e4054..e66c2018d97 100644
--- a/lib/mbedtls/Makefile
+++ b/lib/mbedtls/Makefile
@@ -33,6 +33,8 @@
mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += \
        $(MBEDTLS_LIB_DIR)/sha256.o
 mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += \
        $(MBEDTLS_LIB_DIR)/sha512.o
+mbedtls_lib_crypto-$(CONFIG_$(SPL_)HKDF_MBEDTLS) += \
+       $(MBEDTLS_LIB_DIR)/hkdf.o

lib/mbedtls/hkdf.c does not exist in your patch series.

I think I have to keep to line because

The definition of MBEDTLS_LIB_DIR is:

MBEDTLS_LIB_DIR = external/mbedtls/library

So $(MBEDTLS_LIB_DIR)/hkdf.o reference the file:

lib/mbedtls/external/mbedtls/library/hkdf.c

and not the file lib/mbedtls//hkdf.c (that don't exist).

 # MbedTLS X509 library
 obj-$(CONFIG_MBEDTLS_LIB_X509) += mbedtls_lib_x509.o
diff --git a/lib/mbedtls/mbedtls_def_config.h
b/lib/mbedtls/mbedtls_def_config.h
index d27f017d084..cce0134d527 100644
--- a/lib/mbedtls/mbedtls_def_config.h
+++ b/lib/mbedtls/mbedtls_def_config.h
@@ -56,6 +56,10 @@
 #endif
 #endif

+#if CONFIG_IS_ENABLED(HKDF_MBEDTLS)
+#define MBEDTLS_HKDF_C
+#endif
+
 #if defined CONFIG_MBEDTLS_LIB_X509

 #if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER)
-- 
2.25.1

Regards, Raymond

Regards,

Philippe