[PATCH 3/4] lib: sha256: add support of key derivation

Tue, 16 Jul 2024 08:06:47 -0700 

Adds the support of key derivation using the scheme hkdf.
This scheme is defined in rfc5869.

Signed-off-by: Philippe Reynes <philippe.rey...@softathome.com>
---
 include/u-boot/sha256.h |  8 ++++++++
 lib/sha256.c            | 42 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+)

diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h
index 7aa4c54d0d4..46d20bf9b79 100644
--- a/include/u-boot/sha256.h
+++ b/include/u-boot/sha256.h
@@ -6,6 +6,9 @@
 #define SHA256_SUM_LEN 32
 #define SHA256_DER_LEN 19
 
+#define SHA256_HKDF_MAX_INFO_LEN 256
+#define SHA256_HKDF_MAX_DATA_LEN (SHA256_HKDF_MAX_INFO_LEN + SHA256_SUM_LEN + 
1)
+
 extern const uint8_t sha256_der_prefix[];
 
 /* Reset watchdog each time we process this many bytes */
@@ -28,4 +31,9 @@ void sha256_hmac(const unsigned char *key, int keylen,
                 const unsigned char *input, unsigned int ilen,
                 unsigned char *output);
 
+void sha256_hkdf(const unsigned char *salt, int saltlen,
+                const unsigned char *ikm, int ikmlen,
+                const unsigned char *info, int infolen,
+                unsigned char *output, int outputlen);
+
 #endif /* _SHA256_H */
diff --git a/lib/sha256.c b/lib/sha256.c
index 64f6b48974b..9a4fd452cd8 100644
--- a/lib/sha256.c
+++ b/lib/sha256.c
@@ -338,3 +338,45 @@ void sha256_hmac(const unsigned char *key, int keylen,
        memset(tmpbuf, 0, 32);
        memset(&ctx, 0, sizeof(sha256_context));
 }
+
+static void sha256_hkdf_expand(const unsigned char *prk, int prklen,
+                              const unsigned char *info, int infolen,
+                              unsigned char *okm, int okmlen)
+{
+       unsigned char t[SHA256_SUM_LEN];
+       unsigned char data[SHA256_HKDF_MAX_DATA_LEN];
+       int i, l = (okmlen + SHA256_SUM_LEN - 1) / SHA256_SUM_LEN;
+       int tlen, datalen, len, offset = 0;
+
+       for (i = 1; i <= l; i++) {
+               tlen = (i == 1) ? 0 : SHA256_SUM_LEN;
+               memcpy(&data[0], &t[0], tlen);
+               datalen = tlen;
+               memcpy(&data[datalen], info, infolen);
+               datalen += infolen;
+               data[datalen] = i;
+               datalen++;
+
+               sha256_hmac(prk, prklen, data, datalen, t);
+
+               len = (okmlen > SHA256_SUM_LEN) ? SHA256_SUM_LEN : okmlen;
+               memcpy(&okm[offset], t, len);
+               offset += len;
+               okmlen -= len;
+       }
+}
+
+void sha256_hkdf(const unsigned char *salt, int saltlen,
+                const unsigned char *ikm, int ikmlen,
+                const unsigned char *info, int infolen,
+                unsigned char *output, int outputlen)
+{
+       unsigned char prk[SHA256_SUM_LEN];
+
+       /* Step 1: Extract */
+       sha256_hmac(salt, saltlen, ikm, ikmlen, prk);
+
+       /* Step 2: Expand */
+       sha256_hkdf_expand(prk, SHA256_SUM_LEN, info, infolen,
+                          output, outputlen);
+}
-- 
2.25.1

Reply via email to