[PATCH 1/4] lib: sha256: add feature sha256_hmac
Peter Robinson
pbrobinson at gmail.com
Tue Jul 16 18:56:12 CEST 2024
Hi Philippe,
It might be useful to have a cover letter explaining what the plans
for this code are, great that there are tests but adding code in
without it being used isn't always a feature so a cover letter with
some details often helps with the context.
Also if you're not aware there's work to integrate MBedTLS [1] and I'm
not sure if that also may provide the functionality.
Peter
[1] https://lists.denx.de/pipermail/u-boot/2024-July/557832.html
On Tue, 16 Jul 2024 at 16:16, Philippe Reynes
<philippe.reynes at softathome.com> wrote:
>
> Adds the support of the hmac based on sha256.
> This implementation is based on rfc2104.
>
> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
> ---
> include/u-boot/sha256.h | 4 ++++
> lib/sha256.c | 40 ++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 44 insertions(+)
>
> diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h
> index a4fe176c0b4..7aa4c54d0d4 100644
> --- a/include/u-boot/sha256.h
> +++ b/include/u-boot/sha256.h
> @@ -24,4 +24,8 @@ void sha256_finish(sha256_context * ctx, uint8_t digest[SHA256_SUM_LEN]);
> void sha256_csum_wd(const unsigned char *input, unsigned int ilen,
> unsigned char *output, unsigned int chunk_sz);
>
> +void sha256_hmac(const unsigned char *key, int keylen,
> + const unsigned char *input, unsigned int ilen,
> + unsigned char *output);
> +
> #endif /* _SHA256_H */
> diff --git a/lib/sha256.c b/lib/sha256.c
> index 665ba6f152e..64f6b48974b 100644
> --- a/lib/sha256.c
> +++ b/lib/sha256.c
> @@ -298,3 +298,43 @@ void sha256_csum_wd(const unsigned char *input, unsigned int ilen,
>
> sha256_finish(&ctx, output);
> }
> +
> +/*
> + * Output = HMAC-SHA-256( input buffer, hmac key )
> + */
> +void sha256_hmac(const unsigned char *key, int keylen,
> + const unsigned char *input, unsigned int ilen,
> + unsigned char *output)
> +{
> + int i;
> + sha256_context ctx;
> + unsigned char k_ipad[64];
> + unsigned char k_opad[64];
> + unsigned char tmpbuf[32];
> +
> + memset(k_ipad, 0x36, 64);
> + memset(k_opad, 0x5C, 64);
> +
> + for (i = 0; i < keylen; i++) {
> + if (i >= 64)
> + break;
> +
> + k_ipad[i] ^= key[i];
> + k_opad[i] ^= key[i];
> + }
> +
> + sha256_starts(&ctx);
> + sha256_update(&ctx, k_ipad, 64);
> + sha256_update(&ctx, input, ilen);
> + sha256_finish(&ctx, tmpbuf);
> +
> + sha256_starts(&ctx);
> + sha256_update(&ctx, k_opad, 64);
> + sha256_update(&ctx, tmpbuf, 32);
> + sha256_finish(&ctx, output);
> +
> + memset(k_ipad, 0, 64);
> + memset(k_opad, 0, 64);
> + memset(tmpbuf, 0, 32);
> + memset(&ctx, 0, sizeof(sha256_context));
> +}
> --
> 2.25.1
>
More information about the U-Boot
mailing list