[PATCH v3 0/5] add the support of sha256_hmac and sha256_hkdf
This serie adds the support of sha256_hmac and sha256_hkdf. A first version was sent several months ago just before the integration of mbedtls. This new version is based on mbedtls.
The first patch of this serie add the support of hkdf using mbedtls.
v3: - also define sha256_hmac for legacy sha256 - add some #if to define function only when needed
Philippe Reynes (5): mbedtls: enable support of hkdf lib: sha256: add feature sha256_hmac test: lib: add test for sha256_hmac lib: mbedtls: sha256: add support of key derivation test: lib: add test for key derivation
include/u-boot/sha256.h | 11 ++++ lib/mbedtls/Kconfig | 14 ++++ lib/mbedtls/Makefile | 2 + lib/mbedtls/mbedtls_def_config.h | 4 ++ lib/mbedtls/sha256.c | 60 +++++++++++++++++ lib/sha256.c | 37 +++++++++++ test/lib/Makefile | 2 + test/lib/test_sha256_hkdf.c | 104 +++++++++++++++++++++++++++++ test/lib/test_sha256_hmac.c | 108 +++++++++++++++++++++++++++++++ 9 files changed, 342 insertions(+) create mode 100644 test/lib/test_sha256_hkdf.c create mode 100644 test/lib/test_sha256_hmac.c
Adds the support of key derivation using the scheme hkdf.
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com --- lib/mbedtls/Kconfig | 14 ++++++++++++++ lib/mbedtls/Makefile | 2 ++ lib/mbedtls/mbedtls_def_config.h | 4 ++++ 3 files changed, 20 insertions(+)
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 78167ffa252..aa82336ef14 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -297,6 +297,13 @@ config MD5_MBEDTLS This option enables support of hashing using MD5 algorithm with MbedTLS crypto library.
+config HKDF_MBEDTLS + bool "Enable HKDF support with MbedTLS crypto library" + depends on MBEDTLS_LIB_CRYPTO + help + This option enables support of key derivation using HKDF algorithm + with MbedTLS crypto library. + if SPL
config SPL_SHA1_MBEDTLS @@ -335,6 +342,13 @@ config SPL_MD5_MBEDTLS This option enables support of hashing using MD5 algorithm with MbedTLS crypto library.
+config SPL_HKDF_MBEDTLS + bool "Enable HKDF support in SPL with MbedTLS crypto library" + depends on MBEDTLS_LIB_CRYPTO + help + This option enables support of key derivation using HKDF algorithm + with MbedTLS crypto library. + endif # SPL
endif # MBEDTLS_LIB_CRYPTO diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index ce0a61e4054..e66c2018d97 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -33,6 +33,8 @@ mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/sha256.o mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/sha512.o +mbedtls_lib_crypto-$(CONFIG_$(SPL_)HKDF_MBEDTLS) += \ + $(MBEDTLS_LIB_DIR)/hkdf.o
# MbedTLS X509 library obj-$(CONFIG_MBEDTLS_LIB_X509) += mbedtls_lib_x509.o diff --git a/lib/mbedtls/mbedtls_def_config.h b/lib/mbedtls/mbedtls_def_config.h index 1d2314e90e4..fd440c392f9 100644 --- a/lib/mbedtls/mbedtls_def_config.h +++ b/lib/mbedtls/mbedtls_def_config.h @@ -56,6 +56,10 @@ #endif #endif
+#if CONFIG_IS_ENABLED(HKDF_MBEDTLS) +#define MBEDTLS_HKDF_C +#endif + #if defined CONFIG_MBEDTLS_LIB_X509
#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER)
Adds the support of the hmac based on sha256. This implementation is based on rfc2104.
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com --- include/u-boot/sha256.h | 4 ++++ lib/mbedtls/sha256.c | 38 ++++++++++++++++++++++++++++++++++++++ lib/sha256.c | 37 +++++++++++++++++++++++++++++++++++++ 3 files changed, 79 insertions(+)
diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h index 44a9b528b48..2f12275b703 100644 --- a/include/u-boot/sha256.h +++ b/include/u-boot/sha256.h @@ -45,4 +45,8 @@ void sha256_finish(sha256_context * ctx, uint8_t digest[SHA256_SUM_LEN]); void sha256_csum_wd(const unsigned char *input, unsigned int ilen, unsigned char *output, unsigned int chunk_sz);
+void sha256_hmac(const unsigned char *key, int keylen, + const unsigned char *input, unsigned int ilen, + unsigned char *output); + #endif /* _SHA256_H */ diff --git a/lib/mbedtls/sha256.c b/lib/mbedtls/sha256.c index 24aa58fa674..1b9fc1a8503 100644 --- a/lib/mbedtls/sha256.c +++ b/lib/mbedtls/sha256.c @@ -8,6 +8,7 @@ #ifndef USE_HOSTCC #include <cyclic.h> #endif /* USE_HOSTCC */ +#include <string.h> #include <u-boot/sha256.h>
const u8 sha256_der_prefix[SHA256_DER_LEN] = { @@ -60,3 +61,40 @@ void sha256_csum_wd(const unsigned char *input, unsigned int ilen,
sha256_finish(&ctx, output); } + +void sha256_hmac(const unsigned char *key, int keylen, + const unsigned char *input, unsigned int ilen, + unsigned char *output) +{ + int i; + sha256_context ctx; + unsigned char k_ipad[64]; + unsigned char k_opad[64]; + unsigned char tmpbuf[32]; + + memset(k_ipad, 0x36, 64); + memset(k_opad, 0x5C, 64); + + for (i = 0; i < keylen; i++) { + if (i >= 64) + break; + + k_ipad[i] ^= key[i]; + k_opad[i] ^= key[i]; + } + + sha256_starts(&ctx); + sha256_update(&ctx, k_ipad, sizeof(k_ipad)); + sha256_update(&ctx, input, ilen); + sha256_finish(&ctx, tmpbuf); + + sha256_starts(&ctx); + sha256_update(&ctx, k_opad, sizeof(k_opad)); + sha256_update(&ctx, tmpbuf, sizeof(tmpbuf)); + sha256_finish(&ctx, output); + + memset(k_ipad, 0, sizeof(k_ipad)); + memset(k_opad, 0, sizeof(k_opad)); + memset(tmpbuf, 0, sizeof(tmpbuf)); + memset(&ctx, 0, sizeof(sha256_context)); +} diff --git a/lib/sha256.c b/lib/sha256.c index fb195d988f1..66224c92dd9 100644 --- a/lib/sha256.c +++ b/lib/sha256.c @@ -300,3 +300,40 @@ void sha256_csum_wd(const unsigned char *input, unsigned int ilen,
sha256_finish(&ctx, output); } + +void sha256_hmac(const unsigned char *key, int keylen, + const unsigned char *input, unsigned int ilen, + unsigned char *output) +{ + int i; + sha256_context ctx; + unsigned char k_ipad[64]; + unsigned char k_opad[64]; + unsigned char tmpbuf[32]; + + memset(k_ipad, 0x36, 64); + memset(k_opad, 0x5C, 64); + + for (i = 0; i < keylen; i++) { + if (i >= 64) + break; + + k_ipad[i] ^= key[i]; + k_opad[i] ^= key[i]; + } + + sha256_starts(&ctx); + sha256_update(&ctx, k_ipad, sizeof(k_ipad)); + sha256_update(&ctx, input, ilen); + sha256_finish(&ctx, tmpbuf); + + sha256_starts(&ctx); + sha256_update(&ctx, k_opad, sizeof(k_opad)); + sha256_update(&ctx, tmpbuf, sizeof(tmpbuf)); + sha256_finish(&ctx, output); + + memset(k_ipad, 0, sizeof(k_ipad)); + memset(k_opad, 0, sizeof(k_opad)); + memset(tmpbuf, 0, sizeof(tmpbuf)); + memset(&ctx, 0, sizeof(sha256_context)); +}
Hi Philippe,
On Mon, 9 Dec 2024 at 04:42, Philippe Reynes philippe.reynes@softathome.com wrote:
Adds the support of the hmac based on sha256. This implementation is based on rfc2104.
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com
include/u-boot/sha256.h | 4 ++++ lib/mbedtls/sha256.c | 38 ++++++++++++++++++++++++++++++++++++++ lib/sha256.c | 37 +++++++++++++++++++++++++++++++++++++ 3 files changed, 79 insertions(+)
diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h index 44a9b528b48..2f12275b703 100644 --- a/include/u-boot/sha256.h +++ b/include/u-boot/sha256.h @@ -45,4 +45,8 @@ void sha256_finish(sha256_context * ctx, uint8_t digest[SHA256_SUM_LEN]); void sha256_csum_wd(const unsigned char *input, unsigned int ilen, unsigned char *output, unsigned int chunk_sz);
+void sha256_hmac(const unsigned char *key, int keylen,
const unsigned char *input, unsigned int ilen,unsigned char *output);#endif /* _SHA256_H */ diff --git a/lib/mbedtls/sha256.c b/lib/mbedtls/sha256.c index 24aa58fa674..1b9fc1a8503 100644 --- a/lib/mbedtls/sha256.c +++ b/lib/mbedtls/sha256.c @@ -8,6 +8,7 @@ #ifndef USE_HOSTCC #include <cyclic.h> #endif /* USE_HOSTCC */ +#include <string.h> #include <u-boot/sha256.h>
const u8 sha256_der_prefix[SHA256_DER_LEN] = { @@ -60,3 +61,40 @@ void sha256_csum_wd(const unsigned char *input, unsigned int ilen,
sha256_finish(&ctx, output);}
+void sha256_hmac(const unsigned char *key, int keylen,
const unsigned char *input, unsigned int ilen,unsigned char *output)+{
int i;sha256_context ctx;unsigned char k_ipad[64];unsigned char k_opad[64];unsigned char tmpbuf[32];memset(k_ipad, 0x36, 64);memset(k_opad, 0x5C, 64);for (i = 0; i < keylen; i++) {if (i >= 64)break;k_ipad[i] ^= key[i];k_opad[i] ^= key[i];}
You are assuming that the key length is at most 64 bytes. But according to the HMAC specification: If the key is longer than the hash block size (64 bytes for SHA256), it should be hashed first to produce a shorter key. If the key is shorter than 64 bytes, it should be zero-padded to 64 bytes.
sha256_starts(&ctx);sha256_update(&ctx, k_ipad, sizeof(k_ipad));sha256_update(&ctx, input, ilen);sha256_finish(&ctx, tmpbuf);sha256_starts(&ctx);sha256_update(&ctx, k_opad, sizeof(k_opad));sha256_update(&ctx, tmpbuf, sizeof(tmpbuf));sha256_finish(&ctx, output);memset(k_ipad, 0, sizeof(k_ipad));memset(k_opad, 0, sizeof(k_opad));memset(tmpbuf, 0, sizeof(tmpbuf));memset(&ctx, 0, sizeof(sha256_context));+} diff --git a/lib/sha256.c b/lib/sha256.c index fb195d988f1..66224c92dd9 100644 --- a/lib/sha256.c +++ b/lib/sha256.c @@ -300,3 +300,40 @@ void sha256_csum_wd(const unsigned char *input, unsigned int ilen,
sha256_finish(&ctx, output);}
+void sha256_hmac(const unsigned char *key, int keylen,
const unsigned char *input, unsigned int ilen,unsigned char *output)+{
int i;sha256_context ctx;unsigned char k_ipad[64];unsigned char k_opad[64];unsigned char tmpbuf[32];memset(k_ipad, 0x36, 64);memset(k_opad, 0x5C, 64);for (i = 0; i < keylen; i++) {if (i >= 64)break;k_ipad[i] ^= key[i];k_opad[i] ^= key[i];}sha256_starts(&ctx);sha256_update(&ctx, k_ipad, sizeof(k_ipad));sha256_update(&ctx, input, ilen);sha256_finish(&ctx, tmpbuf);sha256_starts(&ctx);sha256_update(&ctx, k_opad, sizeof(k_opad));sha256_update(&ctx, tmpbuf, sizeof(tmpbuf));sha256_finish(&ctx, output);memset(k_ipad, 0, sizeof(k_ipad));memset(k_opad, 0, sizeof(k_opad));memset(tmpbuf, 0, sizeof(tmpbuf));memset(&ctx, 0, sizeof(sha256_context));+}
I understand now we have duplicated 'shaX_csum_wd()' under lib and lib/mbedtls. That is because at the time when MbedTLS was added in, _csum_wd() is the only duplicated function and it is a trade-off comparing with creating a new common file for each algorithm. But it is not the case if the number of these duplicated functions is increasing. Do you mind moving them into a common file with the one you created? At least for sha256 with this patch I think.
Regards, Raymond
-- 2.25.1
Hi Raymond,
Le 09/12/2024 à 17:06, Raymond Mao a écrit :
*This Mail comes from Outside of SoftAtHome: *Do not answer, click links or open attachments unless you recognize the sender and know the content is safe.**
Hi Philippe,
On Mon, 9 Dec 2024 at 04:42, Philippe Reynes philippe.reynes@softathome.com wrote:
Adds the support of the hmac based on sha256. This implementation is based on rfc2104. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> --- include/u-boot/sha256.h | 4 ++++ lib/mbedtls/sha256.c | 38 ++++++++++++++++++++++++++++++++++++++ lib/sha256.c | 37 +++++++++++++++++++++++++++++++++++++ 3 files changed, 79 insertions(+) diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h index 44a9b528b48..2f12275b703 100644 --- a/include/u-boot/sha256.h +++ b/include/u-boot/sha256.h @@ -45,4 +45,8 @@ void sha256_finish(sha256_context * ctx, uint8_t digest[SHA256_SUM_LEN]); void sha256_csum_wd(const unsigned char *input, unsigned int ilen, unsigned char *output, unsigned int chunk_sz); +void sha256_hmac(const unsigned char *key, int keylen, + const unsigned char *input, unsigned int ilen, + unsigned char *output); + #endif /* _SHA256_H */ diff --git a/lib/mbedtls/sha256.c b/lib/mbedtls/sha256.c index 24aa58fa674..1b9fc1a8503 100644 --- a/lib/mbedtls/sha256.c +++ b/lib/mbedtls/sha256.c @@ -8,6 +8,7 @@ #ifndef USE_HOSTCC #include <cyclic.h> #endif /* USE_HOSTCC */ +#include <string.h> #include <u-boot/sha256.h> const u8 sha256_der_prefix[SHA256_DER_LEN] = { @@ -60,3 +61,40 @@ void sha256_csum_wd(const unsigned char *input, unsigned int ilen, sha256_finish(&ctx, output); } + +void sha256_hmac(const unsigned char *key, int keylen, + const unsigned char *input, unsigned int ilen, + unsigned char *output) +{ + int i; + sha256_context ctx; + unsigned char k_ipad[64]; + unsigned char k_opad[64]; + unsigned char tmpbuf[32]; + + memset(k_ipad, 0x36, 64); + memset(k_opad, 0x5C, 64); + + for (i = 0; i < keylen; i++) { + if (i >= 64) + break; + + k_ipad[i] ^= key[i]; + k_opad[i] ^= key[i]; + } +You are assuming that the key length is at most 64 bytes. But according to the HMAC specification: If the key is longer than the hash block size (64 bytes for SHA256), it should be hashed first to produce a shorter key. If the key is shorter than 64 bytes, it should be zero-padded to 64 bytes.
good catch, you're right, I've missed this part. I fix it in v4, and I also have added more test unit. btw: the sha1_hmac has the same issue.
+ sha256_starts(&ctx); + sha256_update(&ctx, k_ipad, sizeof(k_ipad)); + sha256_update(&ctx, input, ilen); + sha256_finish(&ctx, tmpbuf); + + sha256_starts(&ctx); + sha256_update(&ctx, k_opad, sizeof(k_opad)); + sha256_update(&ctx, tmpbuf, sizeof(tmpbuf)); + sha256_finish(&ctx, output); + + memset(k_ipad, 0, sizeof(k_ipad)); + memset(k_opad, 0, sizeof(k_opad)); + memset(tmpbuf, 0, sizeof(tmpbuf)); + memset(&ctx, 0, sizeof(sha256_context)); +} diff --git a/lib/sha256.c b/lib/sha256.c index fb195d988f1..66224c92dd9 100644 --- a/lib/sha256.c +++ b/lib/sha256.c @@ -300,3 +300,40 @@ void sha256_csum_wd(const unsigned char *input, unsigned int ilen, sha256_finish(&ctx, output); } + +void sha256_hmac(const unsigned char *key, int keylen, + const unsigned char *input, unsigned int ilen, + unsigned char *output) +{ + int i; + sha256_context ctx; + unsigned char k_ipad[64]; + unsigned char k_opad[64]; + unsigned char tmpbuf[32]; + + memset(k_ipad, 0x36, 64); + memset(k_opad, 0x5C, 64); + + for (i = 0; i < keylen; i++) { + if (i >= 64) + break; + + k_ipad[i] ^= key[i]; + k_opad[i] ^= key[i]; + } + + sha256_starts(&ctx); + sha256_update(&ctx, k_ipad, sizeof(k_ipad)); + sha256_update(&ctx, input, ilen); + sha256_finish(&ctx, tmpbuf); + + sha256_starts(&ctx); + sha256_update(&ctx, k_opad, sizeof(k_opad)); + sha256_update(&ctx, tmpbuf, sizeof(tmpbuf)); + sha256_finish(&ctx, output); + + memset(k_ipad, 0, sizeof(k_ipad)); + memset(k_opad, 0, sizeof(k_opad)); + memset(tmpbuf, 0, sizeof(tmpbuf)); + memset(&ctx, 0, sizeof(sha256_context)); +}I understand now we have duplicated 'shaX_csum_wd()' under lib and lib/mbedtls. That is because at the time when MbedTLS was added in, _csum_wd() is the only duplicated function and it is a trade-off comparing with creating a new common file for each algorithm. But it is not the case if the number of these duplicated functions is increasing. Do you mind moving them into a common file with the one you created? At least for sha256 with this patch I think.
In the v4, I have moved the function sha256_csum_wd() to the file sha256_common.c
I plan to do another serie for sha1 and sha512.
Regards, Raymond
-- 2.25.1
Regards, Philippe
Adds a test for the function sha256_hmac
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com --- test/lib/Makefile | 1 + test/lib/test_sha256_hmac.c | 108 ++++++++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+) create mode 100644 test/lib/test_sha256_hmac.c
diff --git a/test/lib/Makefile b/test/lib/Makefile index f516d001747..4c0abcba81a 100644 --- a/test/lib/Makefile +++ b/test/lib/Makefile @@ -24,6 +24,7 @@ obj-$(CONFIG_ERRNO_STR) += test_errno_str.o obj-$(CONFIG_UT_LIB_ASN1) += asn1.o obj-$(CONFIG_UT_LIB_RSA) += rsa.o obj-$(CONFIG_AES) += test_aes.o +obj-$(CONFIG_SHA256) += test_sha256_hmac.o obj-$(CONFIG_GETOPT) += getopt.o obj-$(CONFIG_CRC8) += test_crc8.o obj-$(CONFIG_UT_LIB_CRYPT) += test_crypt.o diff --git a/test/lib/test_sha256_hmac.c b/test/lib/test_sha256_hmac.c new file mode 100644 index 00000000000..473922bd9b0 --- /dev/null +++ b/test/lib/test_sha256_hmac.c @@ -0,0 +1,108 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2024 Philippe Reynes philippe.reynes@softathome.com + * + * Unit tests for sha256_hmac functions + */ + +#include <command.h> +#include <test/lib.h> +#include <test/test.h> +#include <test/ut.h> +#include <u-boot/sha256.h> + +struct test_sha256_hmac_s { + unsigned char *key; + int keylen; + unsigned char *input; + int ilen; + unsigned char *expected; +}; + +/* + * data comes from: + * https://datatracker.ietf.org/doc/html/rfc4231 + */ +static unsigned char key_test1[] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; + +static unsigned char input_test1[] = { + 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 }; + +static unsigned char expected_test1[] = { + 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, + 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, + 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, + 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 }; + +static unsigned char key_test2[] = { 0x4a, 0x65, 0x66, 0x65 }; + +static unsigned char input_test2[] = { + 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20, + 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20, + 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68, + 0x69, 0x6e, 0x67, 0x3f }; + +static unsigned char expected_test2[] = { + 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, + 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, + 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, + 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 }; + +static struct test_sha256_hmac_s test_sha256_hmac[] = { + { + .key = key_test1, + .keylen = sizeof(key_test1), + .input = input_test1, + .ilen = sizeof(input_test1), + .expected = expected_test1, + }, + { + .key = key_test2, + .keylen = sizeof(key_test2), + .input = input_test2, + .ilen = sizeof(input_test2), + .expected = expected_test2, + }, +}; + +static int _lib_test_sha256_hmac_run(struct unit_test_state *uts, + unsigned char *key, int keylen, + unsigned char *input, int ilen, + unsigned char *expected) +{ + unsigned char output[32]; + + sha256_hmac(key, keylen, input, ilen, output); + ut_asserteq_mem(expected, output, 32); + + return 0; +} + +static int lib_test_sha256_hmac_run(struct unit_test_state *uts, + struct test_sha256_hmac_s *test) +{ + unsigned char *key = test->key; + int keylen = test->keylen; + unsigned char *input = test->input; + int ilen = test->ilen; + unsigned char *expected = test->expected; + + return _lib_test_sha256_hmac_run(uts, key, keylen, input, ilen, expected); +} + +static int lib_test_sha256_hmac(struct unit_test_state *uts) +{ + int i, ret = 0; + + for (i = 0; i < ARRAY_SIZE(test_sha256_hmac); i++) { + ret = lib_test_sha256_hmac_run(uts, &test_sha256_hmac[i]); + if (ret) + break; + } + + return ret; +} + +LIB_TEST(lib_test_sha256_hmac, 0);
Hi Philippe,
On Mon, 9 Dec 2024 at 04:42, Philippe Reynes philippe.reynes@softathome.com wrote:
Adds a test for the function sha256_hmac
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com
test/lib/Makefile | 1 + test/lib/test_sha256_hmac.c | 108 ++++++++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+) create mode 100644 test/lib/test_sha256_hmac.c
diff --git a/test/lib/Makefile b/test/lib/Makefile index f516d001747..4c0abcba81a 100644 --- a/test/lib/Makefile +++ b/test/lib/Makefile @@ -24,6 +24,7 @@ obj-$(CONFIG_ERRNO_STR) += test_errno_str.o obj-$(CONFIG_UT_LIB_ASN1) += asn1.o obj-$(CONFIG_UT_LIB_RSA) += rsa.o obj-$(CONFIG_AES) += test_aes.o +obj-$(CONFIG_SHA256) += test_sha256_hmac.o obj-$(CONFIG_GETOPT) += getopt.o obj-$(CONFIG_CRC8) += test_crc8.o obj-$(CONFIG_UT_LIB_CRYPT) += test_crypt.o diff --git a/test/lib/test_sha256_hmac.c b/test/lib/test_sha256_hmac.c new file mode 100644 index 00000000000..473922bd9b0 --- /dev/null +++ b/test/lib/test_sha256_hmac.c @@ -0,0 +1,108 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*
- Copyright (c) 2024 Philippe Reynes philippe.reynes@softathome.com
- Unit tests for sha256_hmac functions
- */
+#include <command.h> +#include <test/lib.h> +#include <test/test.h> +#include <test/ut.h> +#include <u-boot/sha256.h>
+struct test_sha256_hmac_s {
unsigned char *key;int keylen;unsigned char *input;int ilen;unsigned char *expected;+};
+/*
- data comes from:
- */
+static unsigned char key_test1[] = {
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };+static unsigned char input_test1[] = {
0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 };+static unsigned char expected_test1[] = {
0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 };+static unsigned char key_test2[] = { 0x4a, 0x65, 0x66, 0x65 };
+static unsigned char input_test2[] = {
0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20,0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20,0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68,0x69, 0x6e, 0x67, 0x3f };+static unsigned char expected_test2[] = {
0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e,0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7,0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 };+static struct test_sha256_hmac_s test_sha256_hmac[] = {
{.key = key_test1,.keylen = sizeof(key_test1),.input = input_test1,.ilen = sizeof(input_test1),.expected = expected_test1,},{.key = key_test2,.keylen = sizeof(key_test2),.input = input_test2,.ilen = sizeof(input_test2),.expected = expected_test2,},+};
+static int _lib_test_sha256_hmac_run(struct unit_test_state *uts,
unsigned char *key, int keylen,unsigned char *input, int ilen,unsigned char *expected)+{
unsigned char output[32];sha256_hmac(key, keylen, input, ilen, output);ut_asserteq_mem(expected, output, 32);return 0;+}
+static int lib_test_sha256_hmac_run(struct unit_test_state *uts,
struct test_sha256_hmac_s *test)+{
unsigned char *key = test->key;int keylen = test->keylen;unsigned char *input = test->input;int ilen = test->ilen;unsigned char *expected = test->expected;return _lib_test_sha256_hmac_run(uts, key, keylen, input, ilen,expected); +}
+static int lib_test_sha256_hmac(struct unit_test_state *uts) +{
int i, ret = 0;for (i = 0; i < ARRAY_SIZE(test_sha256_hmac); i++) {ret = lib_test_sha256_hmac_run(uts, &test_sha256_hmac[i]);if (ret)break;}return ret;+}
+LIB_TEST(lib_test_sha256_hmac, 0);
Can we extend the test cases with: keys longer than 64 bytes to verify proper key hashing.
Regards, Raymond
Hi Raymond,
Le 09/12/2024 à 17:13, Raymond Mao a écrit :
*This Mail comes from Outside of SoftAtHome: *Do not answer, click links or open attachments unless you recognize the sender and know the content is safe.**
Hi Philippe,
On Mon, 9 Dec 2024 at 04:42, Philippe Reynes philippe.reynes@softathome.com wrote:
Adds a test for the function sha256_hmac Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> --- test/lib/Makefile | 1 + test/lib/test_sha256_hmac.c | 108 ++++++++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+) create mode 100644 test/lib/test_sha256_hmac.c diff --git a/test/lib/Makefile b/test/lib/Makefile index f516d001747..4c0abcba81a 100644 --- a/test/lib/Makefile +++ b/test/lib/Makefile @@ -24,6 +24,7 @@ obj-$(CONFIG_ERRNO_STR) += test_errno_str.o obj-$(CONFIG_UT_LIB_ASN1) += asn1.o obj-$(CONFIG_UT_LIB_RSA) += rsa.o obj-$(CONFIG_AES) += test_aes.o +obj-$(CONFIG_SHA256) += test_sha256_hmac.o obj-$(CONFIG_GETOPT) += getopt.o obj-$(CONFIG_CRC8) += test_crc8.o obj-$(CONFIG_UT_LIB_CRYPT) += test_crypt.o diff --git a/test/lib/test_sha256_hmac.c b/test/lib/test_sha256_hmac.c new file mode 100644 index 00000000000..473922bd9b0 --- /dev/null +++ b/test/lib/test_sha256_hmac.c @@ -0,0 +1,108 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2024 Philippe Reynes <philippe.reynes@softathome.com> + * + * Unit tests for sha256_hmac functions + */ + +#include <command.h> +#include <test/lib.h> +#include <test/test.h> +#include <test/ut.h> +#include <u-boot/sha256.h> + +struct test_sha256_hmac_s { + unsigned char *key; + int keylen; + unsigned char *input; + int ilen; + unsigned char *expected; +}; + +/* + * data comes from: + * https://datatracker.ietf.org/doc/html/rfc4231 <https://datatracker.ietf.org/doc/html/rfc4231> + */ +static unsigned char key_test1[] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; + +static unsigned char input_test1[] = { + 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 }; + +static unsigned char expected_test1[] = { + 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, + 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, + 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, + 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 }; + +static unsigned char key_test2[] = { 0x4a, 0x65, 0x66, 0x65 }; + +static unsigned char input_test2[] = { + 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20, + 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20, + 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68, + 0x69, 0x6e, 0x67, 0x3f }; + +static unsigned char expected_test2[] = { + 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, + 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, + 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, + 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 }; + +static struct test_sha256_hmac_s test_sha256_hmac[] = { + { + .key = key_test1, + .keylen = sizeof(key_test1), + .input = input_test1, + .ilen = sizeof(input_test1), + .expected = expected_test1, + }, + { + .key = key_test2, + .keylen = sizeof(key_test2), + .input = input_test2, + .ilen = sizeof(input_test2), + .expected = expected_test2, + }, +}; + +static int _lib_test_sha256_hmac_run(struct unit_test_state *uts, + unsigned char *key, int keylen, + unsigned char *input, int ilen, + unsigned char *expected) +{ + unsigned char output[32]; + + sha256_hmac(key, keylen, input, ilen, output); + ut_asserteq_mem(expected, output, 32); + + return 0; +} + +static int lib_test_sha256_hmac_run(struct unit_test_state *uts, + struct test_sha256_hmac_s *test) +{ + unsigned char *key = test->key; + int keylen = test->keylen; + unsigned char *input = test->input; + int ilen = test->ilen; + unsigned char *expected = test->expected; + + return _lib_test_sha256_hmac_run(uts, key, keylen, input, ilen, expected); +} + +static int lib_test_sha256_hmac(struct unit_test_state *uts) +{ + int i, ret = 0; + + for (i = 0; i < ARRAY_SIZE(test_sha256_hmac); i++) { + ret = lib_test_sha256_hmac_run(uts, &test_sha256_hmac[i]); + if (ret) + break; + } + + return ret; +} + +LIB_TEST(lib_test_sha256_hmac, 0);Can we extend the test cases with: keys longer than 64 bytes to verify proper key hashing.
Yes, I have added a test for each test vector provided in https://datatracker.ietf.org/doc/html/rfc4231
And one of them has a key longer than 64.
Regards, Raymond
Regards, Philippe
Adds the support of key derivation using the scheme hkdf. This scheme is defined in rfc5869.
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com --- include/u-boot/sha256.h | 7 +++++++ lib/mbedtls/sha256.c | 22 ++++++++++++++++++++++ 2 files changed, 29 insertions(+)
diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h index 2f12275b703..5643efcb85c 100644 --- a/include/u-boot/sha256.h +++ b/include/u-boot/sha256.h @@ -49,4 +49,11 @@ void sha256_hmac(const unsigned char *key, int keylen, const unsigned char *input, unsigned int ilen, unsigned char *output);
+#if defined(CONFIG_HKDF_MBEDTLS) +int sha256_hkdf(const unsigned char *salt, int saltlen, + const unsigned char *ikm, int ikmlen, + const unsigned char *info, int infolen, + unsigned char *output, int outputlen); +#endif + #endif /* _SHA256_H */ diff --git a/lib/mbedtls/sha256.c b/lib/mbedtls/sha256.c index 1b9fc1a8503..6e9659d31bb 100644 --- a/lib/mbedtls/sha256.c +++ b/lib/mbedtls/sha256.c @@ -11,6 +11,11 @@ #include <string.h> #include <u-boot/sha256.h>
+#if CONFIG_IS_ENABLED(HKDF_MBEDTLS) +#include <mbedtls/md.h> +#include <mbedtls/hkdf.h> +#endif + const u8 sha256_der_prefix[SHA256_DER_LEN] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, @@ -98,3 +103,20 @@ void sha256_hmac(const unsigned char *key, int keylen, memset(tmpbuf, 0, sizeof(tmpbuf)); memset(&ctx, 0, sizeof(sha256_context)); } + +#if CONFIG_IS_ENABLED(HKDF_MBEDTLS) +int sha256_hkdf(const unsigned char *salt, int saltlen, + const unsigned char *ikm, int ikmlen, + const unsigned char *info, int infolen, + unsigned char *output, int outputlen) +{ + const mbedtls_md_info_t *md; + + md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); + + return mbedtls_hkdf(md, salt, saltlen, + ikm, ikmlen, + info, infolen, + output, outputlen); +} +#endif
Hi Philippe,
On Mon, 9 Dec 2024 at 04:42, Philippe Reynes philippe.reynes@softathome.com wrote:
Adds the support of key derivation using the scheme hkdf. This scheme is defined in rfc5869.
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com
include/u-boot/sha256.h | 7 +++++++ lib/mbedtls/sha256.c | 22 ++++++++++++++++++++++ 2 files changed, 29 insertions(+)
diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h index 2f12275b703..5643efcb85c 100644 --- a/include/u-boot/sha256.h +++ b/include/u-boot/sha256.h @@ -49,4 +49,11 @@ void sha256_hmac(const unsigned char *key, int keylen, const unsigned char *input, unsigned int ilen, unsigned char *output);
+#if defined(CONFIG_HKDF_MBEDTLS) +int sha256_hkdf(const unsigned char *salt, int saltlen,
const unsigned char *ikm, int ikmlen,const unsigned char *info, int infolen,unsigned char *output, int outputlen);+#endif
I think this will be better: #if CONFIG_IS_ENABLED(HKDF_MBEDTLS) int sha256_hkdf(const unsigned char *salt, int saltlen, const unsigned char *ikm, int ikmlen, const unsigned char *info, int infolen, unsigned char *output, int outputlen); #else static inline int sha256_hkdf(const unsigned char __always_unused *salt, int __always_unused saltlen, const unsigned char __always_unused *ikm, int __always_unused ikmlen, const unsigned char __always_unused *info, int __always_unused infolen, unsigned char __always_unused *output, int __always_unused outputlen) { return -EOPNOTSUPP; } #endif
#endif /* _SHA256_H */ diff --git a/lib/mbedtls/sha256.c b/lib/mbedtls/sha256.c index 1b9fc1a8503..6e9659d31bb 100644 --- a/lib/mbedtls/sha256.c +++ b/lib/mbedtls/sha256.c @@ -11,6 +11,11 @@ #include <string.h> #include <u-boot/sha256.h>
+#if CONFIG_IS_ENABLED(HKDF_MBEDTLS) +#include <mbedtls/md.h> +#include <mbedtls/hkdf.h> +#endif
const u8 sha256_der_prefix[SHA256_DER_LEN] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, @@ -98,3 +103,20 @@ void sha256_hmac(const unsigned char *key, int keylen, memset(tmpbuf, 0, sizeof(tmpbuf)); memset(&ctx, 0, sizeof(sha256_context)); }
+#if CONFIG_IS_ENABLED(HKDF_MBEDTLS) +int sha256_hkdf(const unsigned char *salt, int saltlen,
const unsigned char *ikm, int ikmlen,const unsigned char *info, int infolen,unsigned char *output, int outputlen)+{
const mbedtls_md_info_t *md;md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);return mbedtls_hkdf(md, salt, saltlen,ikm, ikmlen,info, infolen,output, outputlen);+}
+#endif
2.25.1
Hi Raymond,
Le 09/12/2024 à 17:28, Raymond Mao a écrit :
*This Mail comes from Outside of SoftAtHome: *Do not answer, click links or open attachments unless you recognize the sender and know the content is safe.**
Hi Philippe,
On Mon, 9 Dec 2024 at 04:42, Philippe Reynes philippe.reynes@softathome.com wrote:
Adds the support of key derivation using the scheme hkdf. This scheme is defined in rfc5869. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> --- include/u-boot/sha256.h | 7 +++++++ lib/mbedtls/sha256.c | 22 ++++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h index 2f12275b703..5643efcb85c 100644 --- a/include/u-boot/sha256.h +++ b/include/u-boot/sha256.h @@ -49,4 +49,11 @@ void sha256_hmac(const unsigned char *key, int keylen, const unsigned char *input, unsigned int ilen, unsigned char *output); +#if defined(CONFIG_HKDF_MBEDTLS) +int sha256_hkdf(const unsigned char *salt, int saltlen, + const unsigned char *ikm, int ikmlen, + const unsigned char *info, int infolen, + unsigned char *output, int outputlen); +#endif +I think this will be better: #if CONFIG_IS_ENABLED(HKDF_MBEDTLS) int sha256_hkdf(const unsigned char *salt, int saltlen, const unsigned char *ikm, int ikmlen, const unsigned char *info, int infolen, unsigned char *output, int outputlen); #else static inline int sha256_hkdf(const unsigned char __always_unused *salt, int __always_unused saltlen, const unsigned char __always_unused *ikm, int __always_unused ikmlen, const unsigned char __always_unused *info, int __always_unused infolen, unsigned char __always_unused *output, int __always_unused outputlen) { return -EOPNOTSUPP; } #endif
I have done this change in the v4
#endif /* _SHA256_H */ diff --git a/lib/mbedtls/sha256.c b/lib/mbedtls/sha256.c index 1b9fc1a8503..6e9659d31bb 100644 --- a/lib/mbedtls/sha256.c +++ b/lib/mbedtls/sha256.c @@ -11,6 +11,11 @@ #include <string.h> #include <u-boot/sha256.h> +#if CONFIG_IS_ENABLED(HKDF_MBEDTLS) +#include <mbedtls/md.h> +#include <mbedtls/hkdf.h> +#endif + const u8 sha256_der_prefix[SHA256_DER_LEN] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, @@ -98,3 +103,20 @@ void sha256_hmac(const unsigned char *key, int keylen, memset(tmpbuf, 0, sizeof(tmpbuf)); memset(&ctx, 0, sizeof(sha256_context)); } + +#if CONFIG_IS_ENABLED(HKDF_MBEDTLS) +int sha256_hkdf(const unsigned char *salt, int saltlen, + const unsigned char *ikm, int ikmlen, + const unsigned char *info, int infolen, + unsigned char *output, int outputlen) +{ + const mbedtls_md_info_t *md; + + md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); + + return mbedtls_hkdf(md, salt, saltlen, + ikm, ikmlen, + info, infolen, + output, outputlen); +} +#endif -- 2.25.1
Regards, Philippe
Adds a test for the function sha256_hkdf.
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com --- test/lib/Makefile | 1 + test/lib/test_sha256_hkdf.c | 104 ++++++++++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 test/lib/test_sha256_hkdf.c
diff --git a/test/lib/Makefile b/test/lib/Makefile index 4c0abcba81a..24ce6ed8f00 100644 --- a/test/lib/Makefile +++ b/test/lib/Makefile @@ -25,6 +25,7 @@ obj-$(CONFIG_UT_LIB_ASN1) += asn1.o obj-$(CONFIG_UT_LIB_RSA) += rsa.o obj-$(CONFIG_AES) += test_aes.o obj-$(CONFIG_SHA256) += test_sha256_hmac.o +obj-$(CONFIG_HKDF_MBEDTLS) += test_sha256_hkdf.o obj-$(CONFIG_GETOPT) += getopt.o obj-$(CONFIG_CRC8) += test_crc8.o obj-$(CONFIG_UT_LIB_CRYPT) += test_crypt.o diff --git a/test/lib/test_sha256_hkdf.c b/test/lib/test_sha256_hkdf.c new file mode 100644 index 00000000000..ca173a13afc --- /dev/null +++ b/test/lib/test_sha256_hkdf.c @@ -0,0 +1,104 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2024 Philippe Reynes philippe.reynes@softathome.com + * + * Unit tests for sha256_hkdf functions + */ + +#include <command.h> +#include <test/lib.h> +#include <test/test.h> +#include <test/ut.h> +#include <u-boot/sha256.h> + +struct test_sha256_hkdf_s { + unsigned char *salt; + int saltlen; + unsigned char *ikm; + int ikmlen; + unsigned char *info; + int infolen; + unsigned char *expected; + int expectedlen; +}; + +/* + * data comes from: + * https://www.rfc-editor.org/rfc/rfc5869 + */ +static unsigned char salt_test1[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, + 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c }; + +static unsigned char ikm_test1[] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; + +static unsigned char info_test1[] = { + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 }; + +static unsigned char expected_test1[] = { + 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, + 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, + 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, + 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, + 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, + 0x58, 0x65 }; + +static struct test_sha256_hkdf_s test_sha256_hkdf[] = { + { + .salt = salt_test1, + .saltlen = sizeof(salt_test1), + .ikm = ikm_test1, + .ikmlen = sizeof(ikm_test1), + .info = info_test1, + .infolen = sizeof(info_test1), + .expected = expected_test1, + .expectedlen = sizeof(expected_test1), + }, +}; + +static int _lib_test_sha256_hkdf_run(struct unit_test_state *uts, + unsigned char *salt, int saltlen, + unsigned char *ikm, int ikmlen, + unsigned char *info, int infolen, + unsigned char *expected, int expectedlen) +{ + unsigned char output[64]; + + sha256_hkdf(salt, saltlen, ikm, ikmlen, info, infolen, output, expectedlen); + ut_asserteq_mem(expected, output, expectedlen); + + return 0; +} + +static int lib_test_sha256_hkdf_run(struct unit_test_state *uts, + struct test_sha256_hkdf_s *test) +{ + unsigned char *salt = test->salt; + int saltlen = test->saltlen; + unsigned char *ikm = test->ikm; + int ikmlen = test->ikmlen; + unsigned char *info = test->info; + int infolen = test->infolen; + unsigned char *expected = test->expected; + int expectedlen = test->expectedlen; + + return _lib_test_sha256_hkdf_run(uts, salt, saltlen, ikm, ikmlen, + info, infolen, expected, expectedlen); +} + +static int lib_test_sha256_hkdf(struct unit_test_state *uts) +{ + int i, ret = 0; + + for (i = 0; i < ARRAY_SIZE(test_sha256_hkdf); i++) { + ret = lib_test_sha256_hkdf_run(uts, &test_sha256_hkdf[i]); + if (ret) + break; + } + + return ret; +} + +LIB_TEST(lib_test_sha256_hkdf, 0);
Hi Philippe,
On Mon, 9 Dec 2024 at 04:42, Philippe Reynes philippe.reynes@softathome.com wrote:
Adds a test for the function sha256_hkdf.
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com
test/lib/Makefile | 1 + test/lib/test_sha256_hkdf.c | 104 ++++++++++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 test/lib/test_sha256_hkdf.c
diff --git a/test/lib/Makefile b/test/lib/Makefile index 4c0abcba81a..24ce6ed8f00 100644 --- a/test/lib/Makefile +++ b/test/lib/Makefile @@ -25,6 +25,7 @@ obj-$(CONFIG_UT_LIB_ASN1) += asn1.o obj-$(CONFIG_UT_LIB_RSA) += rsa.o obj-$(CONFIG_AES) += test_aes.o obj-$(CONFIG_SHA256) += test_sha256_hmac.o +obj-$(CONFIG_HKDF_MBEDTLS) += test_sha256_hkdf.o obj-$(CONFIG_GETOPT) += getopt.o obj-$(CONFIG_CRC8) += test_crc8.o obj-$(CONFIG_UT_LIB_CRYPT) += test_crypt.o diff --git a/test/lib/test_sha256_hkdf.c b/test/lib/test_sha256_hkdf.c new file mode 100644 index 00000000000..ca173a13afc --- /dev/null +++ b/test/lib/test_sha256_hkdf.c @@ -0,0 +1,104 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*
- Copyright (c) 2024 Philippe Reynes philippe.reynes@softathome.com
- Unit tests for sha256_hkdf functions
- */
+#include <command.h> +#include <test/lib.h> +#include <test/test.h> +#include <test/ut.h> +#include <u-boot/sha256.h>
+struct test_sha256_hkdf_s {
unsigned char *salt;int saltlen;unsigned char *ikm;int ikmlen;unsigned char *info;int infolen;unsigned char *expected;int expectedlen;+};
+/*
- data comes from:
- */
+static unsigned char salt_test1[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c };+static unsigned char ikm_test1[] = {
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };+static unsigned char info_test1[] = {
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 };+static unsigned char expected_test1[] = {
0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,0x58, 0x65 };+static struct test_sha256_hkdf_s test_sha256_hkdf[] = {
{.salt = salt_test1,.saltlen = sizeof(salt_test1),.ikm = ikm_test1,.ikmlen = sizeof(ikm_test1),.info = info_test1,.infolen = sizeof(info_test1),.expected = expected_test1,.expectedlen = sizeof(expected_test1),},+};
+static int _lib_test_sha256_hkdf_run(struct unit_test_state *uts,
unsigned char *salt, int saltlen,unsigned char *ikm, int ikmlen,unsigned char *info, int infolen,unsigned char *expected, intexpectedlen) +{
unsigned char output[64];sha256_hkdf(salt, saltlen, ikm, ikmlen, info, infolen, output,expectedlen);
I think we can add a few checkers here:
ut_assert(expectedlen <= sizeof(output)); int ret = sha256_hkdf(salt, saltlen, ikm, ikmlen, info, infolen, output, expectedlen); ut_assert(!ret);
[snip]
Regards, Raymond
Hi Raymond,
Le 09/12/2024 à 17:36, Raymond Mao a écrit :
*This Mail comes from Outside of SoftAtHome: *Do not answer, click links or open attachments unless you recognize the sender and know the content is safe.**
Hi Philippe,
On Mon, 9 Dec 2024 at 04:42, Philippe Reynes philippe.reynes@softathome.com wrote:
Adds a test for the function sha256_hkdf. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> --- test/lib/Makefile | 1 + test/lib/test_sha256_hkdf.c | 104 ++++++++++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 test/lib/test_sha256_hkdf.c diff --git a/test/lib/Makefile b/test/lib/Makefile index 4c0abcba81a..24ce6ed8f00 100644 --- a/test/lib/Makefile +++ b/test/lib/Makefile @@ -25,6 +25,7 @@ obj-$(CONFIG_UT_LIB_ASN1) += asn1.o obj-$(CONFIG_UT_LIB_RSA) += rsa.o obj-$(CONFIG_AES) += test_aes.o obj-$(CONFIG_SHA256) += test_sha256_hmac.o +obj-$(CONFIG_HKDF_MBEDTLS) += test_sha256_hkdf.o obj-$(CONFIG_GETOPT) += getopt.o obj-$(CONFIG_CRC8) += test_crc8.o obj-$(CONFIG_UT_LIB_CRYPT) += test_crypt.o diff --git a/test/lib/test_sha256_hkdf.c b/test/lib/test_sha256_hkdf.c new file mode 100644 index 00000000000..ca173a13afc --- /dev/null +++ b/test/lib/test_sha256_hkdf.c @@ -0,0 +1,104 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2024 Philippe Reynes <philippe.reynes@softathome.com> + * + * Unit tests for sha256_hkdf functions + */ + +#include <command.h> +#include <test/lib.h> +#include <test/test.h> +#include <test/ut.h> +#include <u-boot/sha256.h> + +struct test_sha256_hkdf_s { + unsigned char *salt; + int saltlen; + unsigned char *ikm; + int ikmlen; + unsigned char *info; + int infolen; + unsigned char *expected; + int expectedlen; +}; + +/* + * data comes from: + * https://www.rfc-editor.org/rfc/rfc5869 <https://www.rfc-editor.org/rfc/rfc5869> + */ +static unsigned char salt_test1[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, + 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c }; + +static unsigned char ikm_test1[] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; + +static unsigned char info_test1[] = { + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 }; + +static unsigned char expected_test1[] = { + 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, + 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, + 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, + 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, + 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, + 0x58, 0x65 }; + +static struct test_sha256_hkdf_s test_sha256_hkdf[] = { + { + .salt = salt_test1, + .saltlen = sizeof(salt_test1), + .ikm = ikm_test1, + .ikmlen = sizeof(ikm_test1), + .info = info_test1, + .infolen = sizeof(info_test1), + .expected = expected_test1, + .expectedlen = sizeof(expected_test1), + }, +}; + +static int _lib_test_sha256_hkdf_run(struct unit_test_state *uts, + unsigned char *salt, int saltlen, + unsigned char *ikm, int ikmlen, + unsigned char *info, int infolen, + unsigned char *expected, int expectedlen) +{ + unsigned char output[64]; + + sha256_hkdf(salt, saltlen, ikm, ikmlen, info, infolen, output, expectedlen);I think we can add a few checkers here:
ut_assert(expectedlen <= sizeof(output)); int ret = sha256_hkdf(salt, saltlen, ikm, ikmlen, info, infolen, output, expectedlen); ut_assert(!ret);
[snip]
I have added this checkers in the v4.
Regards, Raymond
Regards, Philippe
participants (3)
-
Philippe REYNES -
Philippe Reynes
-
Raymond Mao