[PATCH v1 2/5] lib: implement SM3 secure hash

Raymond Mao raymondmaoca at gmail.com
Tue Nov 4 03:30:45 CET 2025 

Hi Heiko,

On Mon, Nov 3, 2025 at 3:55 AM Heiko Schocher <hs at nabladev.com> wrote:

> Hello Raymond,
>
> On 01.11.25 18:11, Raymond Mao wrote:
> > Hi Heiko,
> >
> > On Sat, Nov 1, 2025 at 2:49 AM Heiko Schocher <hs at nabladev.com <mailto:
> hs at nabladev.com>> wrote:
> >
> >     Implement SM3 secure hash algorithm, as specified by
> >     OSCCA GM/T 0004-2012 SM3 and described
> >     at https://datatracker.ietf.org/doc/html/draft-sca-cfrg-sm3-02
> >     <https://datatracker.ietf.org/doc/html/draft-sca-cfrg-sm3-02>
> >
> >     code is based on linux commit
> >     f83a4f2a4d8c: ("Merge tag 'erofs-for-6.17-rc6-fixes' of
> >     git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs
> >     <http://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs>")
> >
> >     Signed-off-by: Heiko Schocher <hs at nabladev.com <mailto:
> hs at nabladev.com>>
> >     ---
> >     This patch drops a lot of checkpatch warnings, ignored them
> >     as tried to stay as close as possible with linux code.
> >
> > MbedTLS also supports SMx, can you turn on the SM3 option in MbedTLS and
> make it selectable between
> > lib/sm3 and MbedTLS via Kconfig? Just like what we have for other
> algorithms.
>
> I must admit, I have never used MbedTLS ...
>
> [u-boot]$ find lib/mbedtls/ -name '*sm3'
> [u-boot]$
>
> So there is no sm3 header or c file...
>
> [u-boot]$ find lib/mbedtls/ -name 'sha*'
> lib/mbedtls/sha256.c
> lib/mbedtls/sha512.c
> lib/mbedtls/sha1.c
> lib/mbedtls/port/sha512_alt.h
> lib/mbedtls/port/sha1_alt.h
> lib/mbedtls/port/sha256_alt.h
> lib/mbedtls/external/mbedtls/library/sha256.c
> lib/mbedtls/external/mbedtls/library/sha3.c
> lib/mbedtls/external/mbedtls/library/sha512.c
> lib/mbedtls/external/mbedtls/library/sha1.c
> [...]
>
> But I find for sha* ... so I am unsure what you mean now, what I
> should do/change?
>
> My bad... The supports are still in PRs, not part of the main branch.
So I am fine with this, we can integrate the MbedTLS missing part in the
future.

Regards,
Raymond


> May this can be added in a follow up patch?
> Maybe you can add this part?
>
> Thanks!
>
> bye,
> Heiko
> --
> Nabla Software Engineering
> HRB 40522 Augsburg
> Phone: +49 821 45592596
> E-Mail: office at nabladev.com
> Geschäftsführer : Stefano Babic
>

More information about the U-Boot mailing list