[1/2] Add HMAC-SHA-256

Message ID	1603813411162-0.post@n7.nabble.com
State	Rejected
Delegated to:	Wolfgang Denk
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> Date: Tue, 27 Oct 2020 08:43:31 -0700 (MST) From: GlovePuppet <touched.by.his.noodley.appendage@gmail.com> To: u-boot@lists.denx.de Message-ID: <1603813411162-0.post@n7.nabble.com> Subject: [PATCH 1/2] Add HMAC-SHA-256 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	[1/2] Add HMAC-SHA-256 \| expand [1/2] Add HMAC-SHA-256 [2/2] Add TPM2 Unseal command and supporting functions

Message ID

1603813411162-0.post@n7.nabble.com

State

Rejected

Delegated to:

Wolfgang Denk

Headers

Date: Tue, 27 Oct 2020 08:43:31 -0700 (MST)
From: GlovePuppet <touched.by.his.noodley.appendage@gmail.com>
To: u-boot@lists.denx.de
Message-ID: <1603813411162-0.post@n7.nabble.com>
Subject: [PATCH 1/2] Add HMAC-SHA-256
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Precedence: list
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Series

[1/2] Add HMAC-SHA-256 | expand

Commit Message

GlovePuppet Oct. 27, 2020, 3:43 p.m. UTC

Required by TPM2 Extended Auth, cloned from sha1.c

Signed-off-by: GlovePuppet <touched.by.his.noodley.appendage@gmail.com>
---

 include/u-boot/sha256.h | 13 +++++++++++++
 lib/sha256.c            | 40 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+)

+}

Comments

Wolfgang Denk Oct. 28, 2020, 7:28 a.m. UTC | #1

Dear GlovePuppet,

In message <1603813411162-0.post@n7.nabble.com> you wrote:
> Required by TPM2 Extended Auth, cloned from sha1.c
>
> Signed-off-by: GlovePuppet <touched.by.his.noodley.appendage@gmail.com>

NAK.

The Submitting Patches rules require using your real name (sorry, no
pseudonyms or anonymous contributions.)

See [1] for reference.

[1] https://github.com/torvalds/linux/blob/master/Documentation/process/submitting-patches.rst

Best regards,

Wolfgang Denk

diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h
index 9aa1251789..aa0e7f4418 100644
--- a/include/u-boot/sha256.h
+++ b/include/u-boot/sha256.h
@@ -22,4 +22,17 @@  void sha256_finish(sha256_context * ctx, uint8_t
digest[SHA256_SUM_LEN]);
 void sha256_csum_wd(const unsigned char *input, unsigned int ilen,
 		unsigned char *output, unsigned int chunk_sz);
 
+/**
+ * \brief	   Output = HMAC-SHA-256( input buffer, hmac key )
+ *
+ * \param key	   HMAC secret key
+ * \param keylen   length of the HMAC key
+ * \param input    buffer holding the  data
+ * \param ilen	   length of the input data
+ * \param output   HMAC-SHA-256 result
+ */
+void sha256_hmac(const unsigned char *key, int keylen,
+		const unsigned char *input, unsigned int ilen,
+		unsigned char *output);
+
 #endif /* _SHA256_H */
diff --git a/lib/sha256.c b/lib/sha256.c
index c1fe93de01..70123c1060 100644
--- a/lib/sha256.c
+++ b/lib/sha256.c
@@ -289,3 +289,43 @@  void sha256_csum_wd(const unsigned char *input,
unsigned int ilen,
 
 	sha256_finish(&ctx, output);
 }
+
+/*
+ * Output = HMAC-SHA-256( input buffer, hmac key )
+ */
+void sha256_hmac(const unsigned char *key, int keylen,
+	       const unsigned char *input, unsigned int ilen,
+	       unsigned char *output)
+{
+	int i;
+	sha256_context ctx;
+	unsigned char k_ipad[64];
+	unsigned char k_opad[64];
+	unsigned char tmpbuf[32];
+
+	memset (k_ipad, 0x36, 64);
+	memset (k_opad, 0x5C, 64);
+
+	for (i = 0; i < keylen; i++) {
+		if (i >= 64)
+			break;
+
+		k_ipad[i] ^= key[i];
+		k_opad[i] ^= key[i];
+	}
+
+	sha256_starts (&ctx);
+	sha256_update (&ctx, k_ipad, 64);
+	sha256_update (&ctx, input, ilen);
+	sha256_finish (&ctx, tmpbuf);
+
+	sha256_starts (&ctx);
+	sha256_update (&ctx, k_opad, 64);
+	sha256_update (&ctx, tmpbuf, 32);
+	sha256_finish (&ctx, output);
+
+	memset (k_ipad, 0, 64);
+	memset (k_opad, 0, 64);
+	memset (tmpbuf, 0, 32);
+	memset (&ctx, 0, sizeof (sha256_context));