[PATCH v4 3/8] mbedtls: enable support of hkdf

Raymond Mao raymond.mao at linaro.org
Fri Dec 13 17:41:24 CET 2024 

Hi Philippe,

On Thu, 12 Dec 2024 at 08:37, Philippe Reynes <
philippe.reynes at softathome.com> wrote:

> Adds the support of key derivation using
> the scheme hkdf.
>
> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
> ---
>  lib/mbedtls/Kconfig              | 14 ++++++++++++++
>  lib/mbedtls/Makefile             |  2 ++
>  lib/mbedtls/mbedtls_def_config.h |  4 ++++
>  3 files changed, 20 insertions(+)
>
> diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig
> index 78167ffa252..aa82336ef14 100644
> --- a/lib/mbedtls/Kconfig
> +++ b/lib/mbedtls/Kconfig
> @@ -297,6 +297,13 @@ config MD5_MBEDTLS
>           This option enables support of hashing using MD5 algorithm
>           with MbedTLS crypto library.
>
> +config HKDF_MBEDTLS
> +       bool "Enable HKDF support with MbedTLS crypto library"
> +       depends on MBEDTLS_LIB_CRYPTO
> +       help
> +         This option enables support of key derivation using HKDF
> algorithm
> +         with MbedTLS crypto library.
> +
>  if SPL
>
>  config SPL_SHA1_MBEDTLS
> @@ -335,6 +342,13 @@ config SPL_MD5_MBEDTLS
>           This option enables support of hashing using MD5 algorithm
>           with MbedTLS crypto library.
>
> +config SPL_HKDF_MBEDTLS
> +       bool "Enable HKDF support in SPL with MbedTLS crypto library"
> +       depends on MBEDTLS_LIB_CRYPTO
> +       help
> +         This option enables support of key derivation using HKDF
> algorithm
> +         with MbedTLS crypto library.
> +
>  endif # SPL
>
>  endif # MBEDTLS_LIB_CRYPTO
> diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile
> index ce0a61e4054..e66c2018d97 100644
> --- a/lib/mbedtls/Makefile
> +++ b/lib/mbedtls/Makefile
> @@ -33,6 +33,8 @@ mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += \
>         $(MBEDTLS_LIB_DIR)/sha256.o
>  mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += \
>         $(MBEDTLS_LIB_DIR)/sha512.o
> +mbedtls_lib_crypto-$(CONFIG_$(SPL_)HKDF_MBEDTLS) += \
> +       $(MBEDTLS_LIB_DIR)/hkdf.o
>
>  # MbedTLS X509 library
>  obj-$(CONFIG_MBEDTLS_LIB_X509) += mbedtls_lib_x509.o
> diff --git a/lib/mbedtls/mbedtls_def_config.h
> b/lib/mbedtls/mbedtls_def_config.h
> index 1d2314e90e4..fd440c392f9 100644
> --- a/lib/mbedtls/mbedtls_def_config.h
> +++ b/lib/mbedtls/mbedtls_def_config.h
> @@ -56,6 +56,10 @@
>  #endif
>  #endif
>
> +#if CONFIG_IS_ENABLED(HKDF_MBEDTLS)
> +#define MBEDTLS_HKDF_C
> +#endif
> +
>  #if defined CONFIG_MBEDTLS_LIB_X509
>
>  #if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER)
> --
> 2.25.1
>
>
Sounds good to me.
Reviewed-by: Raymond Mao <raymond.mao at linaro.org>

Regards,
Raymond

More information about the U-Boot mailing list