[PATCH 1/4] lib: sha256: add feature sha256_hmac
Adds the support of the hmac based on sha256. This implementation is based on rfc2104.
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com --- include/u-boot/sha256.h | 4 ++++ lib/sha256.c | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+)
diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h index a4fe176c0b4..7aa4c54d0d4 100644 --- a/include/u-boot/sha256.h +++ b/include/u-boot/sha256.h @@ -24,4 +24,8 @@ void sha256_finish(sha256_context * ctx, uint8_t digest[SHA256_SUM_LEN]); void sha256_csum_wd(const unsigned char *input, unsigned int ilen, unsigned char *output, unsigned int chunk_sz);
+void sha256_hmac(const unsigned char *key, int keylen, + const unsigned char *input, unsigned int ilen, + unsigned char *output); + #endif /* _SHA256_H */ diff --git a/lib/sha256.c b/lib/sha256.c index 665ba6f152e..64f6b48974b 100644 --- a/lib/sha256.c +++ b/lib/sha256.c @@ -298,3 +298,43 @@ void sha256_csum_wd(const unsigned char *input, unsigned int ilen,
sha256_finish(&ctx, output); } + +/* + * Output = HMAC-SHA-256( input buffer, hmac key ) + */ +void sha256_hmac(const unsigned char *key, int keylen, + const unsigned char *input, unsigned int ilen, + unsigned char *output) +{ + int i; + sha256_context ctx; + unsigned char k_ipad[64]; + unsigned char k_opad[64]; + unsigned char tmpbuf[32]; + + memset(k_ipad, 0x36, 64); + memset(k_opad, 0x5C, 64); + + for (i = 0; i < keylen; i++) { + if (i >= 64) + break; + + k_ipad[i] ^= key[i]; + k_opad[i] ^= key[i]; + } + + sha256_starts(&ctx); + sha256_update(&ctx, k_ipad, 64); + sha256_update(&ctx, input, ilen); + sha256_finish(&ctx, tmpbuf); + + sha256_starts(&ctx); + sha256_update(&ctx, k_opad, 64); + sha256_update(&ctx, tmpbuf, 32); + sha256_finish(&ctx, output); + + memset(k_ipad, 0, 64); + memset(k_opad, 0, 64); + memset(tmpbuf, 0, 32); + memset(&ctx, 0, sizeof(sha256_context)); +}
Adds a test for the function sha256_hmac
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com --- test/lib/Makefile | 1 + test/lib/test_sha256_hmac.c | 108 ++++++++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+) create mode 100644 test/lib/test_sha256_hmac.c
diff --git a/test/lib/Makefile b/test/lib/Makefile index e75a263e6a4..170c5a539ca 100644 --- a/test/lib/Makefile +++ b/test/lib/Makefile @@ -19,6 +19,7 @@ obj-$(CONFIG_ERRNO_STR) += test_errno_str.o obj-$(CONFIG_UT_LIB_ASN1) += asn1.o obj-$(CONFIG_UT_LIB_RSA) += rsa.o obj-$(CONFIG_AES) += test_aes.o +obj-$(CONFIG_SHA256) += test_sha256_hmac.o obj-$(CONFIG_GETOPT) += getopt.o obj-$(CONFIG_CRC8) += test_crc8.o obj-$(CONFIG_UT_LIB_CRYPT) += test_crypt.o diff --git a/test/lib/test_sha256_hmac.c b/test/lib/test_sha256_hmac.c new file mode 100644 index 00000000000..473922bd9b0 --- /dev/null +++ b/test/lib/test_sha256_hmac.c @@ -0,0 +1,108 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2024 Philippe Reynes philippe.reynes@softathome.com + * + * Unit tests for sha256_hmac functions + */ + +#include <command.h> +#include <test/lib.h> +#include <test/test.h> +#include <test/ut.h> +#include <u-boot/sha256.h> + +struct test_sha256_hmac_s { + unsigned char *key; + int keylen; + unsigned char *input; + int ilen; + unsigned char *expected; +}; + +/* + * data comes from: + * https://datatracker.ietf.org/doc/html/rfc4231 + */ +static unsigned char key_test1[] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; + +static unsigned char input_test1[] = { + 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 }; + +static unsigned char expected_test1[] = { + 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, + 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, + 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, + 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 }; + +static unsigned char key_test2[] = { 0x4a, 0x65, 0x66, 0x65 }; + +static unsigned char input_test2[] = { + 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20, + 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20, + 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68, + 0x69, 0x6e, 0x67, 0x3f }; + +static unsigned char expected_test2[] = { + 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, + 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, + 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, + 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 }; + +static struct test_sha256_hmac_s test_sha256_hmac[] = { + { + .key = key_test1, + .keylen = sizeof(key_test1), + .input = input_test1, + .ilen = sizeof(input_test1), + .expected = expected_test1, + }, + { + .key = key_test2, + .keylen = sizeof(key_test2), + .input = input_test2, + .ilen = sizeof(input_test2), + .expected = expected_test2, + }, +}; + +static int _lib_test_sha256_hmac_run(struct unit_test_state *uts, + unsigned char *key, int keylen, + unsigned char *input, int ilen, + unsigned char *expected) +{ + unsigned char output[32]; + + sha256_hmac(key, keylen, input, ilen, output); + ut_asserteq_mem(expected, output, 32); + + return 0; +} + +static int lib_test_sha256_hmac_run(struct unit_test_state *uts, + struct test_sha256_hmac_s *test) +{ + unsigned char *key = test->key; + int keylen = test->keylen; + unsigned char *input = test->input; + int ilen = test->ilen; + unsigned char *expected = test->expected; + + return _lib_test_sha256_hmac_run(uts, key, keylen, input, ilen, expected); +} + +static int lib_test_sha256_hmac(struct unit_test_state *uts) +{ + int i, ret = 0; + + for (i = 0; i < ARRAY_SIZE(test_sha256_hmac); i++) { + ret = lib_test_sha256_hmac_run(uts, &test_sha256_hmac[i]); + if (ret) + break; + } + + return ret; +} + +LIB_TEST(lib_test_sha256_hmac, 0);
On Tue, 16 Jul 2024 at 17:06, Philippe Reynes philippe.reynes@softathome.com wrote:
Adds a test for the function sha256_hmac
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com
test/lib/Makefile | 1 + test/lib/test_sha256_hmac.c | 108 ++++++++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+) create mode 100644 test/lib/test_sha256_hmac.c
Reviewed-by: Simon Glass sjg@chromium.org
Adds the support of key derivation using the scheme hkdf. This scheme is defined in rfc5869.
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com --- include/u-boot/sha256.h | 8 ++++++++ lib/sha256.c | 42 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+)
diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h index 7aa4c54d0d4..46d20bf9b79 100644 --- a/include/u-boot/sha256.h +++ b/include/u-boot/sha256.h @@ -6,6 +6,9 @@ #define SHA256_SUM_LEN 32 #define SHA256_DER_LEN 19
+#define SHA256_HKDF_MAX_INFO_LEN 256 +#define SHA256_HKDF_MAX_DATA_LEN (SHA256_HKDF_MAX_INFO_LEN + SHA256_SUM_LEN + 1) + extern const uint8_t sha256_der_prefix[];
/* Reset watchdog each time we process this many bytes */ @@ -28,4 +31,9 @@ void sha256_hmac(const unsigned char *key, int keylen, const unsigned char *input, unsigned int ilen, unsigned char *output);
+void sha256_hkdf(const unsigned char *salt, int saltlen, + const unsigned char *ikm, int ikmlen, + const unsigned char *info, int infolen, + unsigned char *output, int outputlen); + #endif /* _SHA256_H */ diff --git a/lib/sha256.c b/lib/sha256.c index 64f6b48974b..9a4fd452cd8 100644 --- a/lib/sha256.c +++ b/lib/sha256.c @@ -338,3 +338,45 @@ void sha256_hmac(const unsigned char *key, int keylen, memset(tmpbuf, 0, 32); memset(&ctx, 0, sizeof(sha256_context)); } + +static void sha256_hkdf_expand(const unsigned char *prk, int prklen, + const unsigned char *info, int infolen, + unsigned char *okm, int okmlen) +{ + unsigned char t[SHA256_SUM_LEN]; + unsigned char data[SHA256_HKDF_MAX_DATA_LEN]; + int i, l = (okmlen + SHA256_SUM_LEN - 1) / SHA256_SUM_LEN; + int tlen, datalen, len, offset = 0; + + for (i = 1; i <= l; i++) { + tlen = (i == 1) ? 0 : SHA256_SUM_LEN; + memcpy(&data[0], &t[0], tlen); + datalen = tlen; + memcpy(&data[datalen], info, infolen); + datalen += infolen; + data[datalen] = i; + datalen++; + + sha256_hmac(prk, prklen, data, datalen, t); + + len = (okmlen > SHA256_SUM_LEN) ? SHA256_SUM_LEN : okmlen; + memcpy(&okm[offset], t, len); + offset += len; + okmlen -= len; + } +} + +void sha256_hkdf(const unsigned char *salt, int saltlen, + const unsigned char *ikm, int ikmlen, + const unsigned char *info, int infolen, + unsigned char *output, int outputlen) +{ + unsigned char prk[SHA256_SUM_LEN]; + + /* Step 1: Extract */ + sha256_hmac(salt, saltlen, ikm, ikmlen, prk); + + /* Step 2: Expand */ + sha256_hkdf_expand(prk, SHA256_SUM_LEN, info, infolen, + output, outputlen); +}
On Tue, 16 Jul 2024 at 17:06, Philippe Reynes philippe.reynes@softathome.com wrote:
Adds the support of key derivation using the scheme hkdf. This scheme is defined in rfc5869.
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com
include/u-boot/sha256.h | 8 ++++++++ lib/sha256.c | 42 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+)
Reviewed-by: Simon Glass sjg@chromium.org
diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h index 7aa4c54d0d4..46d20bf9b79 100644 --- a/include/u-boot/sha256.h +++ b/include/u-boot/sha256.h @@ -6,6 +6,9 @@ #define SHA256_SUM_LEN 32 #define SHA256_DER_LEN 19
+#define SHA256_HKDF_MAX_INFO_LEN 256 +#define SHA256_HKDF_MAX_DATA_LEN (SHA256_HKDF_MAX_INFO_LEN + SHA256_SUM_LEN + 1)
long line? [..]
Adds a test for the function sha256_hkdf.
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com --- test/lib/Makefile | 2 +- test/lib/test_sha256_hkdf.c | 104 ++++++++++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+), 1 deletion(-) create mode 100644 test/lib/test_sha256_hkdf.c
diff --git a/test/lib/Makefile b/test/lib/Makefile index 170c5a539ca..1b7baa696db 100644 --- a/test/lib/Makefile +++ b/test/lib/Makefile @@ -19,7 +19,7 @@ obj-$(CONFIG_ERRNO_STR) += test_errno_str.o obj-$(CONFIG_UT_LIB_ASN1) += asn1.o obj-$(CONFIG_UT_LIB_RSA) += rsa.o obj-$(CONFIG_AES) += test_aes.o -obj-$(CONFIG_SHA256) += test_sha256_hmac.o +obj-$(CONFIG_SHA256) += test_sha256_hmac.o test_sha256_hkdf.o obj-$(CONFIG_GETOPT) += getopt.o obj-$(CONFIG_CRC8) += test_crc8.o obj-$(CONFIG_UT_LIB_CRYPT) += test_crypt.o diff --git a/test/lib/test_sha256_hkdf.c b/test/lib/test_sha256_hkdf.c new file mode 100644 index 00000000000..ca173a13afc --- /dev/null +++ b/test/lib/test_sha256_hkdf.c @@ -0,0 +1,104 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2024 Philippe Reynes philippe.reynes@softathome.com + * + * Unit tests for sha256_hkdf functions + */ + +#include <command.h> +#include <test/lib.h> +#include <test/test.h> +#include <test/ut.h> +#include <u-boot/sha256.h> + +struct test_sha256_hkdf_s { + unsigned char *salt; + int saltlen; + unsigned char *ikm; + int ikmlen; + unsigned char *info; + int infolen; + unsigned char *expected; + int expectedlen; +}; + +/* + * data comes from: + * https://www.rfc-editor.org/rfc/rfc5869 + */ +static unsigned char salt_test1[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, + 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c }; + +static unsigned char ikm_test1[] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; + +static unsigned char info_test1[] = { + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 }; + +static unsigned char expected_test1[] = { + 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, + 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, + 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, + 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, + 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, + 0x58, 0x65 }; + +static struct test_sha256_hkdf_s test_sha256_hkdf[] = { + { + .salt = salt_test1, + .saltlen = sizeof(salt_test1), + .ikm = ikm_test1, + .ikmlen = sizeof(ikm_test1), + .info = info_test1, + .infolen = sizeof(info_test1), + .expected = expected_test1, + .expectedlen = sizeof(expected_test1), + }, +}; + +static int _lib_test_sha256_hkdf_run(struct unit_test_state *uts, + unsigned char *salt, int saltlen, + unsigned char *ikm, int ikmlen, + unsigned char *info, int infolen, + unsigned char *expected, int expectedlen) +{ + unsigned char output[64]; + + sha256_hkdf(salt, saltlen, ikm, ikmlen, info, infolen, output, expectedlen); + ut_asserteq_mem(expected, output, expectedlen); + + return 0; +} + +static int lib_test_sha256_hkdf_run(struct unit_test_state *uts, + struct test_sha256_hkdf_s *test) +{ + unsigned char *salt = test->salt; + int saltlen = test->saltlen; + unsigned char *ikm = test->ikm; + int ikmlen = test->ikmlen; + unsigned char *info = test->info; + int infolen = test->infolen; + unsigned char *expected = test->expected; + int expectedlen = test->expectedlen; + + return _lib_test_sha256_hkdf_run(uts, salt, saltlen, ikm, ikmlen, + info, infolen, expected, expectedlen); +} + +static int lib_test_sha256_hkdf(struct unit_test_state *uts) +{ + int i, ret = 0; + + for (i = 0; i < ARRAY_SIZE(test_sha256_hkdf); i++) { + ret = lib_test_sha256_hkdf_run(uts, &test_sha256_hkdf[i]); + if (ret) + break; + } + + return ret; +} + +LIB_TEST(lib_test_sha256_hkdf, 0);
Hi Philippe,
On Tue, 16 Jul 2024 at 17:06, Philippe Reynes philippe.reynes@softathome.com wrote:
Adds a test for the function sha256_hkdf.
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com
test/lib/Makefile | 2 +- test/lib/test_sha256_hkdf.c | 104 ++++++++++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+), 1 deletion(-) create mode 100644 test/lib/test_sha256_hkdf.c
Reviewed-by: Simon Glass sjg@chromium.org
Possible nit below
diff --git a/test/lib/Makefile b/test/lib/Makefile index 170c5a539ca..1b7baa696db 100644 --- a/test/lib/Makefile +++ b/test/lib/Makefile @@ -19,7 +19,7 @@ obj-$(CONFIG_ERRNO_STR) += test_errno_str.o obj-$(CONFIG_UT_LIB_ASN1) += asn1.o obj-$(CONFIG_UT_LIB_RSA) += rsa.o obj-$(CONFIG_AES) += test_aes.o -obj-$(CONFIG_SHA256) += test_sha256_hmac.o +obj-$(CONFIG_SHA256) += test_sha256_hmac.o test_sha256_hkdf.o obj-$(CONFIG_GETOPT) += getopt.o obj-$(CONFIG_CRC8) += test_crc8.o obj-$(CONFIG_UT_LIB_CRYPT) += test_crypt.o diff --git a/test/lib/test_sha256_hkdf.c b/test/lib/test_sha256_hkdf.c new file mode 100644 index 00000000000..ca173a13afc --- /dev/null +++ b/test/lib/test_sha256_hkdf.c @@ -0,0 +1,104 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*
- Copyright (c) 2024 Philippe Reynes philippe.reynes@softathome.com
- Unit tests for sha256_hkdf functions
- */
+#include <command.h> +#include <test/lib.h> +#include <test/test.h> +#include <test/ut.h> +#include <u-boot/sha256.h>
+struct test_sha256_hkdf_s {
unsigned char *salt;int saltlen;unsigned char *ikm;int ikmlen;unsigned char *info;int infolen;unsigned char *expected;int expectedlen;+};
+/*
- data comes from:
- */
+static unsigned char salt_test1[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c };+static unsigned char ikm_test1[] = {
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };+static unsigned char info_test1[] = {
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 };+static unsigned char expected_test1[] = {
0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,0x58, 0x65 };+static struct test_sha256_hkdf_s test_sha256_hkdf[] = {
{.salt = salt_test1,.saltlen = sizeof(salt_test1),.ikm = ikm_test1,.ikmlen = sizeof(ikm_test1),.info = info_test1,.infolen = sizeof(info_test1),.expected = expected_test1,.expectedlen = sizeof(expected_test1),},+};
+static int _lib_test_sha256_hkdf_run(struct unit_test_state *uts,
unsigned char *salt, int saltlen,unsigned char *ikm, int ikmlen,unsigned char *info, int infolen,unsigned char *expected, int expectedlen)+{
unsigned char output[64];sha256_hkdf(salt, saltlen, ikm, ikmlen, info, infolen, output, expectedlen);ut_asserteq_mem(expected, output, expectedlen);return 0;+}
+static int lib_test_sha256_hkdf_run(struct unit_test_state *uts,
struct test_sha256_hkdf_s *test)+{
unsigned char *salt = test->salt;int saltlen = test->saltlen;unsigned char *ikm = test->ikm;int ikmlen = test->ikmlen;unsigned char *info = test->info;int infolen = test->infolen;unsigned char *expected = test->expected;int expectedlen = test->expectedlen;return _lib_test_sha256_hkdf_run(uts, salt, saltlen, ikm, ikmlen,info, infolen, expected, expectedlen);
It is common to use ut_assertok() on functions called from tests, so that any error report shows the full call trace back from the failure.
+}
+static int lib_test_sha256_hkdf(struct unit_test_state *uts) +{
int i, ret = 0;for (i = 0; i < ARRAY_SIZE(test_sha256_hkdf); i++) {ret = lib_test_sha256_hkdf_run(uts, &test_sha256_hkdf[i]);if (ret)break;}return ret;+}
+LIB_TEST(lib_test_sha256_hkdf, 0);
2.25.1
-- This message and any attachments herein are confidential, intended solely for the addressees and are SoftAtHome’s ownership. Any unauthorized use or dissemination is prohibited. If you are not the intended addressee of this message, please cancel it immediately and inform the sender.
This seems to be incorrect.
Regards, Simon
Hi Philippe,
It might be useful to have a cover letter explaining what the plans for this code are, great that there are tests but adding code in without it being used isn't always a feature so a cover letter with some details often helps with the context.
Also if you're not aware there's work to integrate MBedTLS [1] and I'm not sure if that also may provide the functionality.
Peter
[1] https://lists.denx.de/pipermail/u-boot/2024-July/557832.html
On Tue, 16 Jul 2024 at 16:16, Philippe Reynes philippe.reynes@softathome.com wrote:
Adds the support of the hmac based on sha256. This implementation is based on rfc2104.
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com
include/u-boot/sha256.h | 4 ++++ lib/sha256.c | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+)
diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h index a4fe176c0b4..7aa4c54d0d4 100644 --- a/include/u-boot/sha256.h +++ b/include/u-boot/sha256.h @@ -24,4 +24,8 @@ void sha256_finish(sha256_context * ctx, uint8_t digest[SHA256_SUM_LEN]); void sha256_csum_wd(const unsigned char *input, unsigned int ilen, unsigned char *output, unsigned int chunk_sz);
+void sha256_hmac(const unsigned char *key, int keylen,
const unsigned char *input, unsigned int ilen,unsigned char *output);#endif /* _SHA256_H */ diff --git a/lib/sha256.c b/lib/sha256.c index 665ba6f152e..64f6b48974b 100644 --- a/lib/sha256.c +++ b/lib/sha256.c @@ -298,3 +298,43 @@ void sha256_csum_wd(const unsigned char *input, unsigned int ilen,
sha256_finish(&ctx, output);}
+/*
- Output = HMAC-SHA-256( input buffer, hmac key )
- */
+void sha256_hmac(const unsigned char *key, int keylen,
const unsigned char *input, unsigned int ilen,unsigned char *output)+{
int i;sha256_context ctx;unsigned char k_ipad[64];unsigned char k_opad[64];unsigned char tmpbuf[32];memset(k_ipad, 0x36, 64);memset(k_opad, 0x5C, 64);for (i = 0; i < keylen; i++) {if (i >= 64)break;k_ipad[i] ^= key[i];k_opad[i] ^= key[i];}sha256_starts(&ctx);sha256_update(&ctx, k_ipad, 64);sha256_update(&ctx, input, ilen);sha256_finish(&ctx, tmpbuf);sha256_starts(&ctx);sha256_update(&ctx, k_opad, 64);sha256_update(&ctx, tmpbuf, 32);sha256_finish(&ctx, output);memset(k_ipad, 0, 64);memset(k_opad, 0, 64);memset(tmpbuf, 0, 32);memset(&ctx, 0, sizeof(sha256_context));+}
2.25.1
Hi Peter,
Le 16/07/2024 à 18:56, Peter Robinson a écrit :
This Mail comes from Outside of SoftAtHome: Do not answer, click links or open attachments unless you recognize the sender and know the content is safe.
Hi Philippe,
It might be useful to have a cover letter explaining what the plans for this code are, great that there are tests but adding code in without it being used isn't always a feature so a cover letter with some details often helps with the context.
You right, I should have added a cover letter. My goal was to add key derivation and use this feature to fill a key manager, and then provide those keys (or some of them) to the kernel. So the kernel may (for example) add them in the KRS.
Do you know if there are some work or interest in a key manager for u-boot please ?
Also if you're not aware there's work to integrate MBedTLS [1] and I'm not sure if that also may provide the functionality.
Good point, I miss it. MBedTLS has the feature of key derivation. https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/#deriving-a-ne... So unless someone wants to use key derivation without all MBedTLS, this serie is not very useful.
Peter
Regards, Philippe
[1] https://lists.denx.de/pipermail/u-boot/2024-July/557832.html
On Tue, 16 Jul 2024 at 16:16, Philippe Reynes philippe.reynes@softathome.com wrote:
Adds the support of the hmac based on sha256. This implementation is based on rfc2104.
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com
include/u-boot/sha256.h | 4 ++++ lib/sha256.c | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+)
diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h index a4fe176c0b4..7aa4c54d0d4 100644 --- a/include/u-boot/sha256.h +++ b/include/u-boot/sha256.h @@ -24,4 +24,8 @@ void sha256_finish(sha256_context * ctx, uint8_t digest[SHA256_SUM_LEN]); void sha256_csum_wd(const unsigned char *input, unsigned int ilen, unsigned char *output, unsigned int chunk_sz);
+void sha256_hmac(const unsigned char *key, int keylen,
const unsigned char *input, unsigned int ilen,unsigned char *output);- #endif /* _SHA256_H */
diff --git a/lib/sha256.c b/lib/sha256.c index 665ba6f152e..64f6b48974b 100644 --- a/lib/sha256.c +++ b/lib/sha256.c @@ -298,3 +298,43 @@ void sha256_csum_wd(const unsigned char *input, unsigned int ilen,
sha256_finish(&ctx, output);}
+/*
- Output = HMAC-SHA-256( input buffer, hmac key )
- */
+void sha256_hmac(const unsigned char *key, int keylen,
const unsigned char *input, unsigned int ilen,unsigned char *output)+{
int i;sha256_context ctx;unsigned char k_ipad[64];unsigned char k_opad[64];unsigned char tmpbuf[32];memset(k_ipad, 0x36, 64);memset(k_opad, 0x5C, 64);for (i = 0; i < keylen; i++) {if (i >= 64)break;k_ipad[i] ^= key[i];k_opad[i] ^= key[i];}sha256_starts(&ctx);sha256_update(&ctx, k_ipad, 64);sha256_update(&ctx, input, ilen);sha256_finish(&ctx, tmpbuf);sha256_starts(&ctx);sha256_update(&ctx, k_opad, 64);sha256_update(&ctx, tmpbuf, 32);sha256_finish(&ctx, output);memset(k_ipad, 0, 64);memset(k_opad, 0, 64);memset(tmpbuf, 0, 32);memset(&ctx, 0, sizeof(sha256_context));+}
2.25.1
On Wed, Jul 17, 2024 at 07:08:27PM +0200, Philippe REYNES wrote:
Hi Peter,
Le 16/07/2024 à 18:56, Peter Robinson a écrit :
This Mail comes from Outside of SoftAtHome: Do not answer, click links or open attachments unless you recognize the sender and know the content is safe.
Hi Philippe,
It might be useful to have a cover letter explaining what the plans for this code are, great that there are tests but adding code in without it being used isn't always a feature so a cover letter with some details often helps with the context.
You right, I should have added a cover letter. My goal was to add key derivation and use this feature to fill a key manager, and then provide those keys (or some of them) to the kernel. So the kernel may (for example) add them in the KRS.
Do you know if there are some work or interest in a key manager for u-boot please ?
Also if you're not aware there's work to integrate MBedTLS [1] and I'm not sure if that also may provide the functionality.
Good point, I miss it. MBedTLS has the feature of key derivation. https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/#deriving-a-ne... So unless someone wants to use key derivation without all MBedTLS, this serie is not very useful.
Unless you object, I would really prefer to have this been a feature U-Boot only has with MBedTLS enabled as one of the goals with that integration is to have U-Boot leverage existing and well audited/monitored codebases for security sensitive code paths when possible.
Hi Tom,
Le 17/07/2024 à 19:58, Tom Rini a écrit :
On Wed, Jul 17, 2024 at 07:08:27PM +0200, Philippe REYNES wrote:
Hi Peter,
Le 16/07/2024 à 18:56, Peter Robinson a écrit :
This Mail comes from Outside of SoftAtHome: Do not answer, click links or open attachments unless you recognize the sender and know the content is safe.
Hi Philippe,
It might be useful to have a cover letter explaining what the plans for this code are, great that there are tests but adding code in without it being used isn't always a feature so a cover letter with some details often helps with the context.
You right, I should have added a cover letter. My goal was to add key derivation and use this feature to fill a key manager, and then provide those keys (or some of them) to the kernel. So the kernel may (for example) add them in the KRS.
Do you know if there are some work or interest in a key manager for u-boot please ?
Also if you're not aware there's work to integrate MBedTLS [1] and I'm not sure if that also may provide the functionality.
Good point, I miss it. MBedTLS has the feature of key derivation. https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/#deriving-a-ne... So unless someone wants to use key derivation without all MBedTLS, this serie is not very useful.
Unless you object, I would really prefer to have this been a feature U-Boot only has with MBedTLS enabled as one of the goals with that integration is to have U-Boot leverage existing and well audited/monitored codebases for security sensitive code paths when possible.
I don't object, I also think that a feature should be only implemented once. I just have a question on this topic, I am planning to use a key manager in u-boot. Do you think a key manager would be nice in u-boot, and if someone has already planned to work on this topic please ?
Regards, Philippe
participants (5)
-
Peter Robinson -
Philippe REYNES -
Philippe Reynes
-
Simon Glass -
Tom Rini