[PATCH v4 7/8] lib: mbedtls: sha256: add support of key derivation
Philippe REYNES
philippe.reynes at softathome.com
Mon Dec 16 16:27:15 CET 2024
Hi Raymond,
Le 13/12/2024 à 17:58, Raymond Mao a écrit :
>
> *This Mail comes from Outside of SoftAtHome: *Do not answer, click
> links or open attachments unless you recognize the sender and know the
> content is safe.**
>
> Hi Philippe,
>
> On Thu, 12 Dec 2024 at 08:37, Philippe Reynes
> <philippe.reynes at softathome.com> wrote:
>
> Adds the support of key derivation using the scheme hkdf.
> This scheme is defined in rfc5869.
>
> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
> ---
> include/u-boot/sha256.h | 20 ++++++++++++++++++++
> lib/mbedtls/sha256.c | 22 ++++++++++++++++++++++
> 2 files changed, 42 insertions(+)
>
> diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h
> index 2f12275b703..f21173305a6 100644
> --- a/include/u-boot/sha256.h
> +++ b/include/u-boot/sha256.h
> @@ -1,6 +1,8 @@
> #ifndef _SHA256_H
> #define _SHA256_H
>
> +#include <linux/compiler_attributes.h>
> +#include <linux/errno.h>
> #include <linux/kconfig.h>
> #include <linux/types.h>
>
> @@ -49,4 +51,22 @@ void sha256_hmac(const unsigned char *key, int
> keylen,
> const unsigned char *input, unsigned int ilen,
> unsigned char *output);
>
> +#if CONFIG_IS_ENABLED(HKDF_MBEDTLS)
> +int sha256_hkdf(const unsigned char *salt, int saltlen,
> + const unsigned char *ikm, int ikmlen,
> + const unsigned char *info, int infolen,
> + unsigned char *output, int outputlen);
> +#else
> +static inline int sha256_hkdf(const unsigned char __always_unused
> *salt,
> + int __always_unused saltlen,
> + const unsigned char __always_unused
> *ikm,
> + int __always_unused ikmlen,
> + const unsigned char __always_unused
> *info,
> + int __always_unused infolen,
> + unsigned char __always_unused *output,
> + int __always_unused outputlen) {
> + return -EOPNOTSUPP;
> +}
> +#endif
> +
> #endif /* _SHA256_H */
> diff --git a/lib/mbedtls/sha256.c b/lib/mbedtls/sha256.c
> index 2128e598834..b8bc43b612e 100644
> --- a/lib/mbedtls/sha256.c
> +++ b/lib/mbedtls/sha256.c
> @@ -10,6 +10,11 @@
> #endif /* USE_HOSTCC */
> #include <u-boot/sha256.h>
>
> +#if CONFIG_IS_ENABLED(HKDF_MBEDTLS)
> +#include <mbedtls/md.h>
> +#include <mbedtls/hkdf.h>
> +#endif
> +
> const u8 sha256_der_prefix[SHA256_DER_LEN] = {
> 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
> 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
> @@ -33,3 +38,20 @@ void sha256_finish(sha256_context *ctx, uint8_t
> digest[SHA256_SUM_LEN])
> mbedtls_sha256_finish(ctx, digest);
> mbedtls_sha256_free(ctx);
> }
> +
> +#if CONFIG_IS_ENABLED(HKDF_MBEDTLS)
> +int sha256_hkdf(const unsigned char *salt, int saltlen,
> + const unsigned char *ikm, int ikmlen,
> + const unsigned char *info, int infolen,
> + unsigned char *output, int outputlen)
> +{
> + const mbedtls_md_info_t *md;
> +
> + md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
>
>
> Please check if the return is not NULL.
I have added check in v5
>
> +
> + return mbedtls_hkdf(md, salt, saltlen,
> + ikm, ikmlen,
> + info, infolen,
> + output, outputlen);
> +}
> +#endif
> --
> 2.25.1
>
>
> Regards,
> Raymond
Regards,
Philippe
More information about the U-Boot
mailing list