Hi Philippe,
On Wed, 4 Dec 2024 at 12:54, Philippe Reynes philippe.reynes@softathome.com wrote:
Adds the support of key derivation using the scheme hkdf. This scheme is defined in rfc5869.
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com
include/u-boot/sha256.h | 5 +++++ lib/mbedtls/sha256.c | 18 ++++++++++++++++++ 2 files changed, 23 insertions(+)
diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h index 77dbcd4553a..0a6e309e3ab 100644 --- a/include/u-boot/sha256.h +++ b/include/u-boot/sha256.h @@ -48,4 +48,9 @@ void sha256_hmac(const unsigned char *key, int keylen, const unsigned char *input, unsigned int ilen, unsigned char *output);
+int sha256_hkdf(const unsigned char *salt, int saltlen,
const unsigned char *ikm, int ikmlen,const unsigned char *info, int infolen,unsigned char *output, int outputlen);
An inline function is needed when the build options are not fulfilled.
#endif /* _SHA256_H */ diff --git a/lib/mbedtls/sha256.c b/lib/mbedtls/sha256.c index 1b9fc1a8503..c38e3e5818c 100644 --- a/lib/mbedtls/sha256.c +++ b/lib/mbedtls/sha256.c @@ -11,6 +11,9 @@ #include <string.h> #include <u-boot/sha256.h>
+#include <mbedtls/md.h> +#include <mbedtls/hkdf.h>
const u8 sha256_der_prefix[SHA256_DER_LEN] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, @@ -98,3 +101,18 @@ void sha256_hmac(const unsigned char *key, int keylen, memset(tmpbuf, 0, sizeof(tmpbuf)); memset(&ctx, 0, sizeof(sha256_context)); }
+int sha256_hkdf(const unsigned char *salt, int saltlen,
const unsigned char *ikm, int ikmlen,const unsigned char *info, int infolen,unsigned char *output, int outputlen)+{
const mbedtls_md_info_t *md;md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);return mbedtls_hkdf(md, salt, saltlen,ikm, ikmlen,info, infolen,output, outputlen);+}
Missing `#if CONFIG_IS_ENABLED(HKDF_MBEDTLS)`.
Regards, Raymond