Hi Raymond,
Le 09/12/2024 à 17:28, Raymond Mao a écrit :
*This Mail comes from Outside of SoftAtHome: *Do not answer, click
links or open attachments unless you recognize the sender and know the
content is safe.**
Hi Philippe,
On Mon, 9 Dec 2024 at 04:42, Philippe Reynes
<philippe.rey...@softathome.com> wrote:
Adds the support of key derivation using the scheme hkdf.
This scheme is defined in rfc5869.
Signed-off-by: Philippe Reynes <philippe.rey...@softathome.com>
---
include/u-boot/sha256.h | 7 +++++++
lib/mbedtls/sha256.c | 22 ++++++++++++++++++++++
2 files changed, 29 insertions(+)
diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h
index 2f12275b703..5643efcb85c 100644
--- a/include/u-boot/sha256.h
+++ b/include/u-boot/sha256.h
@@ -49,4 +49,11 @@ void sha256_hmac(const unsigned char *key, int
keylen,
const unsigned char *input, unsigned int ilen,
unsigned char *output);
+#if defined(CONFIG_HKDF_MBEDTLS)
+int sha256_hkdf(const unsigned char *salt, int saltlen,
+ const unsigned char *ikm, int ikmlen,
+ const unsigned char *info, int infolen,
+ unsigned char *output, int outputlen);
+#endif
+
I think this will be better:
#if CONFIG_IS_ENABLED(HKDF_MBEDTLS)
int sha256_hkdf(const unsigned char *salt, int saltlen,
const unsigned char *ikm, int ikmlen,
const unsigned char *info, int infolen,
unsigned char *output, int outputlen);
#else
static inline int sha256_hkdf(const unsigned char __always_unused *salt,
int __always_unused saltlen,
const unsigned char __always_unused *ikm,
int __always_unused ikmlen,
const unsigned char __always_unused *info,
int __always_unused infolen,
unsigned char __always_unused *output,
int __always_unused outputlen) {
return -EOPNOTSUPP;
}
#endif
I have done this change in the v4
#endif /* _SHA256_H */
diff --git a/lib/mbedtls/sha256.c b/lib/mbedtls/sha256.c
index 1b9fc1a8503..6e9659d31bb 100644
--- a/lib/mbedtls/sha256.c
+++ b/lib/mbedtls/sha256.c
@@ -11,6 +11,11 @@
#include <string.h>
#include <u-boot/sha256.h>
+#if CONFIG_IS_ENABLED(HKDF_MBEDTLS)
+#include <mbedtls/md.h>
+#include <mbedtls/hkdf.h>
+#endif
+
const u8 sha256_der_prefix[SHA256_DER_LEN] = {
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
@@ -98,3 +103,20 @@ void sha256_hmac(const unsigned char *key, int
keylen,
memset(tmpbuf, 0, sizeof(tmpbuf));
memset(&ctx, 0, sizeof(sha256_context));
}
+
+#if CONFIG_IS_ENABLED(HKDF_MBEDTLS)
+int sha256_hkdf(const unsigned char *salt, int saltlen,
+ const unsigned char *ikm, int ikmlen,
+ const unsigned char *info, int infolen,
+ unsigned char *output, int outputlen)
+{
+ const mbedtls_md_info_t *md;
+
+ md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
+
+ return mbedtls_hkdf(md, salt, saltlen,
+ ikm, ikmlen,
+ info, infolen,
+ output, outputlen);
+}
+#endif
--
2.25.1
Regards,
Philippe