git.openpandora.org / pandora-u-boot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f88ccd3)
mbedtls: enable support of hkdf
authorPhilippe Reynes <philippe.reynes@softathome.com>
Thu, 19 Dec 2024 13:05:48 +0000 (14:05 +0100)
committerTom Rini <trini@konsulko.com>
Sat, 18 Jan 2025 23:12:47 +0000 (17:12 -0600)
Adds the support of key derivation using
the scheme hkdf.

Reviewed-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
lib/mbedtls/Kconfig patch | blob | history
lib/mbedtls/Makefile patch | blob | history
lib/mbedtls/mbedtls_def_config.h patch | blob | history

diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig
index 78167ff..aa82336 100644 (file)
--- a/lib/mbedtls/Kconfig
+++ b/lib/mbedtls/Kconfig
@@ -297,6 +297,13 @@ config MD5_MBEDTLS
          This option enables support of hashing using MD5 algorithm
          with MbedTLS crypto library.
 
+config HKDF_MBEDTLS
+       bool "Enable HKDF support with MbedTLS crypto library"
+       depends on MBEDTLS_LIB_CRYPTO
+       help
+         This option enables support of key derivation using HKDF algorithm
+         with MbedTLS crypto library.
+
 if SPL
 
 config SPL_SHA1_MBEDTLS
@@ -335,6 +342,13 @@ config SPL_MD5_MBEDTLS
          This option enables support of hashing using MD5 algorithm
          with MbedTLS crypto library.
 
+config SPL_HKDF_MBEDTLS
+       bool "Enable HKDF support in SPL with MbedTLS crypto library"
+       depends on MBEDTLS_LIB_CRYPTO
+       help
+         This option enables support of key derivation using HKDF algorithm
+         with MbedTLS crypto library.
+
 endif # SPL
 
 endif # MBEDTLS_LIB_CRYPTO
diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile
index ce0a61e..e66c201 100644 (file)
--- a/lib/mbedtls/Makefile
+++ b/lib/mbedtls/Makefile
@@ -33,6 +33,8 @@ mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += \
        $(MBEDTLS_LIB_DIR)/sha256.o
 mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += \
        $(MBEDTLS_LIB_DIR)/sha512.o
+mbedtls_lib_crypto-$(CONFIG_$(SPL_)HKDF_MBEDTLS) += \
+       $(MBEDTLS_LIB_DIR)/hkdf.o
 
 # MbedTLS X509 library
 obj-$(CONFIG_MBEDTLS_LIB_X509) += mbedtls_lib_x509.o
diff --git a/lib/mbedtls/mbedtls_def_config.h b/lib/mbedtls/mbedtls_def_config.h
index 1d2314e..fd440c3 100644 (file)
--- a/lib/mbedtls/mbedtls_def_config.h
+++ b/lib/mbedtls/mbedtls_def_config.h
@@ -56,6 +56,10 @@
 #endif
 #endif
 
+#if CONFIG_IS_ENABLED(HKDF_MBEDTLS)
+#define MBEDTLS_HKDF_C
+#endif
+
 #if defined CONFIG_MBEDTLS_LIB_X509
 
 #if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER)
Pandora U-Boot Repository