Re: [PATCH v5 5/9] lib: sha256: add feature sha256_hmac

Tue, 17 Dec 2024 13:37:55 -0800 

Hi Raymond,


Le 17/12/2024 à 15:54, Raymond Mao a écrit :
*This Mail comes from Outside of SoftAtHome: *Do not answer, click links or open attachments unless you recognize the sender and know the content is safe.** 

Hi Philippe,
On Tue, 17 Dec 2024 at 03:32, Philippe Reynes <philippe.rey...@softathome.com> wrote: 

    Adds the support of the hmac based on sha256.
    This implementation is based on rfc2104.

    Signed-off-by: Philippe Reynes <philippe.rey...@softathome.com>
    ---
     include/u-boot/sha256.h |  4 ++++
     lib/mbedtls/sha256.c    | 15 +++++++++++++
     lib/sha256.c            | 50
    +++++++++++++++++++++++++++++++++++++++++
     3 files changed, 69 insertions(+)

    diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h
    index 44a9b528b48..99cf78e204c 100644
    --- a/include/u-boot/sha256.h
    +++ b/include/u-boot/sha256.h
    @@ -45,4 +45,8 @@ void sha256_finish(sha256_context * ctx, uint8_t
    digest[SHA256_SUM_LEN]);
     void sha256_csum_wd(const unsigned char *input, unsigned int ilen,
                    unsigned char *output, unsigned int chunk_sz);

    +int sha256_hmac(const unsigned char *key, int keylen,
    +               const unsigned char *input, unsigned int ilen,
    +               unsigned char *output);
    +
     #endif /* _SHA256_H */
    diff --git a/lib/mbedtls/sha256.c b/lib/mbedtls/sha256.c
    index 2128e598834..7d456a82017 100644
    --- a/lib/mbedtls/sha256.c
    +++ b/lib/mbedtls/sha256.c
    @@ -10,6 +10,8 @@
     #endif /* USE_HOSTCC */
     #include <u-boot/sha256.h>

    +#include <mbedtls/md.h>
    +
     const u8 sha256_der_prefix[SHA256_DER_LEN] = {
            0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
            0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
    @@ -33,3 +35,16 @@ void sha256_finish(sha256_context *ctx, uint8_t
    digest[SHA256_SUM_LEN])
            mbedtls_sha256_finish(ctx, digest);
            mbedtls_sha256_free(ctx);
     }
    +
    +int sha256_hmac(const unsigned char *key, int keylen,
    +               const unsigned char *input, unsigned int ilen,
    +               unsigned char *output)
    +{
    +       const mbedtls_md_info_t *md;
    +
    +       md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
    +       if (!md)
    +               return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
    +
    +       return mbedtls_md_hmac(md, key, keylen, input, ilen, output);
    +}
    diff --git a/lib/sha256.c b/lib/sha256.c
    index 827bd9a872b..a18aec3928b 100644
    --- a/lib/sha256.c
    +++ b/lib/sha256.c
    @@ -264,3 +264,53 @@ void sha256_finish(sha256_context * ctx,
    uint8_t digest[32])
            PUT_UINT32_BE(ctx->state[6], digest, 24);
            PUT_UINT32_BE(ctx->state[7], digest, 28);
     }
    +
    +int sha256_hmac(const unsigned char *key, int keylen,
    +               const unsigned char *input, unsigned int ilen,
    +               unsigned char *output)
    +{
    +       int i;
    +       sha256_context ctx;
    +       unsigned char keybuf[64];
    +       unsigned char k_ipad[64];
    +       unsigned char k_opad[64];
    +       unsigned char tmpbuf[32];
    +       int keybuf_len;
    +
    +       if (keylen > 64) {
    +               sha256_starts(&ctx);
    +               sha256_update(&ctx, key, keylen);
    +               sha256_finish(&ctx, keybuf);
    +
    +               keybuf_len = 32;
    +       } else {
    +               memcpy(keybuf, key, keylen);
    +               keybuf_len = keylen;
All looks fine but keys shorter than 64 bytes are copied as is, without explicit zero-padding, this might be an issue. 


You're right, I have fixed that in v6.




    +       }
    +
    +       memset(k_ipad, 0x36, 64);
    +       memset(k_opad, 0x5C, 64);
    +
    +       for (i = 0; i < keybuf_len; i++) {
    +               k_ipad[i] ^= keybuf[i];
    +               k_opad[i] ^= keybuf[i];
    +       }
    +
    +       sha256_starts(&ctx);
    +       sha256_update(&ctx, k_ipad, sizeof(k_ipad));
    +       sha256_update(&ctx, input, ilen);
    +       sha256_finish(&ctx, tmpbuf);
    +
    +       sha256_starts(&ctx);
    +       sha256_update(&ctx, k_opad, sizeof(k_opad));
    +       sha256_update(&ctx, tmpbuf, sizeof(tmpbuf));
    +       sha256_finish(&ctx, output);
    +
    +       memset(k_ipad, 0, sizeof(k_ipad));
    +       memset(k_opad, 0, sizeof(k_opad));
    +       memset(tmpbuf, 0, sizeof(tmpbuf));
    +       memset(keybuf, 0, sizeof(keybuf));
    +       memset(&ctx, 0, sizeof(sha256_context));
    +
    +       return 0;
    +}
-- 2.25.1 


Regards,
Raymond



Regards,

Philippe

Reply via email to