Re: [PATCH v2 1/5] mbedtls: enable support of hkdf

Philippe REYNES Fri, 06 Dec 2024 02:10:21 -0800

Hi Raymond,


Le 05/12/2024 à 18:08, Raymond Mao a écrit :

*This Mail comes from Outside of SoftAtHome: *Do not answer, clicklinks or open attachments unless you recognize the sender and know thecontent is safe.**


Hi Philippe,

On Wed, 4 Dec 2024 at 12:54, Philippe Reynes<philippe.rey...@softathome.com> wrote:


    Adds the support of key derivation using
    the scheme hkdf.

    Signed-off-by: Philippe Reynes <philippe.rey...@softathome.com>
    ---
     lib/mbedtls/Kconfig              | 14 ++++++++++++++
     lib/mbedtls/Makefile             |  2 ++
     lib/mbedtls/mbedtls_def_config.h |  4 ++++
     3 files changed, 20 insertions(+)

    diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig
    index 78167ffa252..aa82336ef14 100644
    --- a/lib/mbedtls/Kconfig
    +++ b/lib/mbedtls/Kconfig
    @@ -297,6 +297,13 @@ config MD5_MBEDTLS
              This option enables support of hashing using MD5 algorithm
              with MbedTLS crypto library.

    +config HKDF_MBEDTLS
    +       bool "Enable HKDF support with MbedTLS crypto library"
    +       depends on MBEDTLS_LIB_CRYPTO
    +       help
    +         This option enables support of key derivation using HKDF
    algorithm
    +         with MbedTLS crypto library.
    +
     if SPL

     config SPL_SHA1_MBEDTLS
    @@ -335,6 +342,13 @@ config SPL_MD5_MBEDTLS
              This option enables support of hashing using MD5 algorithm
              with MbedTLS crypto library.

    +config SPL_HKDF_MBEDTLS
    +       bool "Enable HKDF support in SPL with MbedTLS crypto library"
    +       depends on MBEDTLS_LIB_CRYPTO
    +       help
    +         This option enables support of key derivation using HKDF
    algorithm
    +         with MbedTLS crypto library.
    +
     endif # SPL

     endif # MBEDTLS_LIB_CRYPTO
    diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile
    index ce0a61e4054..e66c2018d97 100644
    --- a/lib/mbedtls/Makefile
    +++ b/lib/mbedtls/Makefile
    @@ -33,6 +33,8 @@
    mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += \
            $(MBEDTLS_LIB_DIR)/sha256.o
     mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += \
            $(MBEDTLS_LIB_DIR)/sha512.o
    +mbedtls_lib_crypto-$(CONFIG_$(SPL_)HKDF_MBEDTLS) += \
    +       $(MBEDTLS_LIB_DIR)/hkdf.o

lib/mbedtls/hkdf.c does not exist in your patch series.



I think I have to keep to line because

The definition of MBEDTLS_LIB_DIR is:

MBEDTLS_LIB_DIR = external/mbedtls/library

So $(MBEDTLS_LIB_DIR)/hkdf.o reference the file:

lib/mbedtls/external/mbedtls/library/hkdf.c

and not the file lib/mbedtls//hkdf.c (that don't exist).

     # MbedTLS X509 library
     obj-$(CONFIG_MBEDTLS_LIB_X509) += mbedtls_lib_x509.o
    diff --git a/lib/mbedtls/mbedtls_def_config.h
    b/lib/mbedtls/mbedtls_def_config.h
    index d27f017d084..cce0134d527 100644
    --- a/lib/mbedtls/mbedtls_def_config.h
    +++ b/lib/mbedtls/mbedtls_def_config.h
    @@ -56,6 +56,10 @@
     #endif
     #endif

    +#if CONFIG_IS_ENABLED(HKDF_MBEDTLS)
    +#define MBEDTLS_HKDF_C
    +#endif
    +
     #if defined CONFIG_MBEDTLS_LIB_X509

     #if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER)

--2.25.1



Regards,
Raymond


Regards,

Philippe

Re: [PATCH v2 1/5] mbedtls: enable support of hkdf

Reply via email to