u-boot/include/u-boot/sha512.h
Reuben Dowle d16b38f427 Add support for SHA384 and SHA512
The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX

The SHA implementation is adapted from the linux kernel implementation.

[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm

Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
2020-06-12 13:14:07 -04:00

38 lines
1.1 KiB
C

#ifndef _SHA512_H
#define _SHA512_H
#define SHA384_SUM_LEN 48
#define SHA384_DER_LEN 19
#define SHA512_SUM_LEN 64
#define SHA512_DER_LEN 19
#define SHA512_BLOCK_SIZE 128
#define CHUNKSZ_SHA384 (16 * 1024)
#define CHUNKSZ_SHA512 (16 * 1024)
typedef struct {
uint64_t state[SHA512_SUM_LEN / 8];
uint64_t count[2];
uint8_t buf[SHA512_BLOCK_SIZE];
} sha512_context;
extern const uint8_t sha512_der_prefix[];
void sha512_starts(sha512_context * ctx);
void sha512_update(sha512_context *ctx, const uint8_t *input, uint32_t length);
void sha512_finish(sha512_context * ctx, uint8_t digest[SHA512_SUM_LEN]);
void sha512_csum_wd(const unsigned char *input, unsigned int ilen,
unsigned char *output, unsigned int chunk_sz);
extern const uint8_t sha384_der_prefix[];
void sha384_starts(sha512_context * ctx);
void sha384_update(sha512_context *ctx, const uint8_t *input, uint32_t length);
void sha384_finish(sha512_context * ctx, uint8_t digest[SHA384_SUM_LEN]);
void sha384_csum_wd(const unsigned char *input, unsigned int ilen,
unsigned char *output, unsigned int chunk_sz);
#endif /* _SHA512_H */