Hi Philippe,
On Tue, 17 Dec 2024 at 03:32, Philippe Reynes <
philippe.rey...@softathome.com> wrote:
> Adds the support of the hmac based on sha256.
> This implementation is based on rfc2104.
>
> Signed-off-by: Philippe Reynes <philippe.rey...@softathome.com>
> ---
> include/u-boot/sha256.h | 4 ++++
> lib/mbedtls/sha256.c | 15 +++++++++++++
> lib/sha256.c | 50 +++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 69 insertions(+)
>
> diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h
> index 44a9b528b48..99cf78e204c 100644
> --- a/include/u-boot/sha256.h
> +++ b/include/u-boot/sha256.h
> @@ -45,4 +45,8 @@ void sha256_finish(sha256_context * ctx, uint8_t
> digest[SHA256_SUM_LEN]);
> void sha256_csum_wd(const unsigned char *input, unsigned int ilen,
> unsigned char *output, unsigned int chunk_sz);
>
> +int sha256_hmac(const unsigned char *key, int keylen,
> + const unsigned char *input, unsigned int ilen,
> + unsigned char *output);
> +
> #endif /* _SHA256_H */
> diff --git a/lib/mbedtls/sha256.c b/lib/mbedtls/sha256.c
> index 2128e598834..7d456a82017 100644
> --- a/lib/mbedtls/sha256.c
> +++ b/lib/mbedtls/sha256.c
> @@ -10,6 +10,8 @@
> #endif /* USE_HOSTCC */
> #include <u-boot/sha256.h>
>
> +#include <mbedtls/md.h>
> +
> const u8 sha256_der_prefix[SHA256_DER_LEN] = {
> 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
> 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
> @@ -33,3 +35,16 @@ void sha256_finish(sha256_context *ctx, uint8_t
> digest[SHA256_SUM_LEN])
> mbedtls_sha256_finish(ctx, digest);
> mbedtls_sha256_free(ctx);
> }
> +
> +int sha256_hmac(const unsigned char *key, int keylen,
> + const unsigned char *input, unsigned int ilen,
> + unsigned char *output)
> +{
> + const mbedtls_md_info_t *md;
> +
> + md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
> + if (!md)
> + return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
> +
> + return mbedtls_md_hmac(md, key, keylen, input, ilen, output);
> +}
> diff --git a/lib/sha256.c b/lib/sha256.c
> index 827bd9a872b..a18aec3928b 100644
> --- a/lib/sha256.c
> +++ b/lib/sha256.c
> @@ -264,3 +264,53 @@ void sha256_finish(sha256_context * ctx, uint8_t
> digest[32])
> PUT_UINT32_BE(ctx->state[6], digest, 24);
> PUT_UINT32_BE(ctx->state[7], digest, 28);
> }
> +
> +int sha256_hmac(const unsigned char *key, int keylen,
> + const unsigned char *input, unsigned int ilen,
> + unsigned char *output)
> +{
> + int i;
> + sha256_context ctx;
> + unsigned char keybuf[64];
> + unsigned char k_ipad[64];
> + unsigned char k_opad[64];
> + unsigned char tmpbuf[32];
> + int keybuf_len;
> +
> + if (keylen > 64) {
> + sha256_starts(&ctx);
> + sha256_update(&ctx, key, keylen);
> + sha256_finish(&ctx, keybuf);
> +
> + keybuf_len = 32;
> + } else {
> + memcpy(keybuf, key, keylen);
> + keybuf_len = keylen;
>
All looks fine but keys shorter than 64 bytes are copied as is, without
explicit zero-padding, this might be an issue.
+ }
> +
> + memset(k_ipad, 0x36, 64);
> + memset(k_opad, 0x5C, 64);
> +
> + for (i = 0; i < keybuf_len; i++) {
> + k_ipad[i] ^= keybuf[i];
> + k_opad[i] ^= keybuf[i];
> + }
> +
> + sha256_starts(&ctx);
> + sha256_update(&ctx, k_ipad, sizeof(k_ipad));
> + sha256_update(&ctx, input, ilen);
> + sha256_finish(&ctx, tmpbuf);
> +
> + sha256_starts(&ctx);
> + sha256_update(&ctx, k_opad, sizeof(k_opad));
> + sha256_update(&ctx, tmpbuf, sizeof(tmpbuf));
> + sha256_finish(&ctx, output);
> +
> + memset(k_ipad, 0, sizeof(k_ipad));
> + memset(k_opad, 0, sizeof(k_opad));
> + memset(tmpbuf, 0, sizeof(tmpbuf));
> + memset(keybuf, 0, sizeof(keybuf));
> + memset(&ctx, 0, sizeof(sha256_context));
> +
> + return 0;
> +}
> --
> 2.25.1
>
>
Regards,
Raymond
