Hi Philippe, It might be useful to have a cover letter explaining what the plans for this code are, great that there are tests but adding code in without it being used isn't always a feature so a cover letter with some details often helps with the context.
Also if you're not aware there's work to integrate MBedTLS [1] and I'm not sure if that also may provide the functionality. Peter [1] https://lists.denx.de/pipermail/u-boot/2024-July/557832.html On Tue, 16 Jul 2024 at 16:16, Philippe Reynes <philippe.rey...@softathome.com> wrote: > > Adds the support of the hmac based on sha256. > This implementation is based on rfc2104. > > Signed-off-by: Philippe Reynes <philippe.rey...@softathome.com> > --- > include/u-boot/sha256.h | 4 ++++ > lib/sha256.c | 40 ++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 44 insertions(+) > > diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h > index a4fe176c0b4..7aa4c54d0d4 100644 > --- a/include/u-boot/sha256.h > +++ b/include/u-boot/sha256.h > @@ -24,4 +24,8 @@ void sha256_finish(sha256_context * ctx, uint8_t > digest[SHA256_SUM_LEN]); > void sha256_csum_wd(const unsigned char *input, unsigned int ilen, > unsigned char *output, unsigned int chunk_sz); > > +void sha256_hmac(const unsigned char *key, int keylen, > + const unsigned char *input, unsigned int ilen, > + unsigned char *output); > + > #endif /* _SHA256_H */ > diff --git a/lib/sha256.c b/lib/sha256.c > index 665ba6f152e..64f6b48974b 100644 > --- a/lib/sha256.c > +++ b/lib/sha256.c > @@ -298,3 +298,43 @@ void sha256_csum_wd(const unsigned char *input, unsigned > int ilen, > > sha256_finish(&ctx, output); > } > + > +/* > + * Output = HMAC-SHA-256( input buffer, hmac key ) > + */ > +void sha256_hmac(const unsigned char *key, int keylen, > + const unsigned char *input, unsigned int ilen, > + unsigned char *output) > +{ > + int i; > + sha256_context ctx; > + unsigned char k_ipad[64]; > + unsigned char k_opad[64]; > + unsigned char tmpbuf[32]; > + > + memset(k_ipad, 0x36, 64); > + memset(k_opad, 0x5C, 64); > + > + for (i = 0; i < keylen; i++) { > + if (i >= 64) > + break; > + > + k_ipad[i] ^= key[i]; > + k_opad[i] ^= key[i]; > + } > + > + sha256_starts(&ctx); > + sha256_update(&ctx, k_ipad, 64); > + sha256_update(&ctx, input, ilen); > + sha256_finish(&ctx, tmpbuf); > + > + sha256_starts(&ctx); > + sha256_update(&ctx, k_opad, 64); > + sha256_update(&ctx, tmpbuf, 32); > + sha256_finish(&ctx, output); > + > + memset(k_ipad, 0, 64); > + memset(k_opad, 0, 64); > + memset(tmpbuf, 0, 32); > + memset(&ctx, 0, sizeof(sha256_context)); > +} > -- > 2.25.1 >