[PATCH v2 1/5] mbedtls: enable support of hkdf

Philippe REYNES philippe.reynes at softathome.com
Fri Dec 6 11:10:00 CET 2024


Hi Raymond,


Le 05/12/2024 à 18:08, Raymond Mao a écrit :
>
> *This Mail comes from Outside of SoftAtHome: *Do not answer, click 
> links or open attachments unless you recognize the sender and know the 
> content is safe.**
>
> Hi Philippe,
>
> On Wed, 4 Dec 2024 at 12:54, Philippe Reynes 
> <philippe.reynes at softathome.com> wrote:
>
>     Adds the support of key derivation using
>     the scheme hkdf.
>
>     Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
>     ---
>      lib/mbedtls/Kconfig              | 14 ++++++++++++++
>      lib/mbedtls/Makefile             |  2 ++
>      lib/mbedtls/mbedtls_def_config.h |  4 ++++
>      3 files changed, 20 insertions(+)
>
>     diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig
>     index 78167ffa252..aa82336ef14 100644
>     --- a/lib/mbedtls/Kconfig
>     +++ b/lib/mbedtls/Kconfig
>     @@ -297,6 +297,13 @@ config MD5_MBEDTLS
>               This option enables support of hashing using MD5 algorithm
>               with MbedTLS crypto library.
>
>     +config HKDF_MBEDTLS
>     +       bool "Enable HKDF support with MbedTLS crypto library"
>     +       depends on MBEDTLS_LIB_CRYPTO
>     +       help
>     +         This option enables support of key derivation using HKDF
>     algorithm
>     +         with MbedTLS crypto library.
>     +
>      if SPL
>
>      config SPL_SHA1_MBEDTLS
>     @@ -335,6 +342,13 @@ config SPL_MD5_MBEDTLS
>               This option enables support of hashing using MD5 algorithm
>               with MbedTLS crypto library.
>
>     +config SPL_HKDF_MBEDTLS
>     +       bool "Enable HKDF support in SPL with MbedTLS crypto library"
>     +       depends on MBEDTLS_LIB_CRYPTO
>     +       help
>     +         This option enables support of key derivation using HKDF
>     algorithm
>     +         with MbedTLS crypto library.
>     +
>      endif # SPL
>
>      endif # MBEDTLS_LIB_CRYPTO
>     diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile
>     index ce0a61e4054..e66c2018d97 100644
>     --- a/lib/mbedtls/Makefile
>     +++ b/lib/mbedtls/Makefile
>     @@ -33,6 +33,8 @@
>     mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += \
>             $(MBEDTLS_LIB_DIR)/sha256.o
>      mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += \
>             $(MBEDTLS_LIB_DIR)/sha512.o
>     +mbedtls_lib_crypto-$(CONFIG_$(SPL_)HKDF_MBEDTLS) += \
>     +       $(MBEDTLS_LIB_DIR)/hkdf.o
>
> lib/mbedtls/hkdf.c does not exist in your patch series.


I think I have to keep to line because

The definition of MBEDTLS_LIB_DIR is:

MBEDTLS_LIB_DIR = external/mbedtls/library

So $(MBEDTLS_LIB_DIR)/hkdf.o reference the file:

lib/mbedtls/external/mbedtls/library/hkdf.c

and not the file lib/mbedtls//hkdf.c (that don't exist).


>      # MbedTLS X509 library
>      obj-$(CONFIG_MBEDTLS_LIB_X509) += mbedtls_lib_x509.o
>     diff --git a/lib/mbedtls/mbedtls_def_config.h
>     b/lib/mbedtls/mbedtls_def_config.h
>     index d27f017d084..cce0134d527 100644
>     --- a/lib/mbedtls/mbedtls_def_config.h
>     +++ b/lib/mbedtls/mbedtls_def_config.h
>     @@ -56,6 +56,10 @@
>      #endif
>      #endif
>
>     +#if CONFIG_IS_ENABLED(HKDF_MBEDTLS)
>     +#define MBEDTLS_HKDF_C
>     +#endif
>     +
>      #if defined CONFIG_MBEDTLS_LIB_X509
>
>      #if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER)
>     -- 
>     2.25.1
>
>
> Regards,
> Raymond

Regards,

Philippe



More information about the U-Boot mailing list