Add support for SHA384 and SHA512

The current recommendation for best security practice from the US government is to use SHA384 for TOP SECRET [1]. This patch adds support for SHA384 and SHA512 in the hash command, and also allows FIT images to be hashed with these algorithms, and signed with sha384,rsaXXXX and sha512,rsaXXXX The SHA implementation is adapted from the linux kernel implementation. [1] Commercial National Security Algorithm Suite http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
author: Reuben Dowle <reubendowle0@gmail.com> 2020-04-16 17:36:52 +1200
committer: Tom Rini <trini@konsulko.com> 2020-06-12 13:14:07 -0400
commit: d16b38f42704fe3cc94fbee1601be96045013151 (patch)
tree: abd95e88387701d92c5319565ed4a6aaf9c02a1b /include/hash.h
parent: f191f3a1027ede56e2501920e3e8a8acd7033e77 (diff)
download: u-boot-d16b38f42704fe3cc94fbee1601be96045013151.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/include/hash.h b/include/hash.h
index 835962e7f6..97bb3ed5d9 100644
--- a/include/hash.h
+++ b/include/hash.h
@@ -12,7 +12,11 @@ struct cmd_tbl;
  * Maximum digest size for all algorithms we support. Having this value
  * avoids a malloc() or C99 local declaration in common/cmd_hash.c.
  */
+#if defined(CONFIG_SHA384) || defined(CONFIG_SHA512)
+#define HASH_MAX_DIGEST_SIZE	64
+#else
 #define HASH_MAX_DIGEST_SIZE	32
+#endif
 
 enum {
 	HASH_FLAG_VERIFY	= 1 << 0,	/* Enable verify mode */
author	Reuben Dowle <reubendowle0@gmail.com>	2020-04-16 17:36:52 +1200
committer	Tom Rini <trini@konsulko.com>	2020-06-12 13:14:07 -0400
commit	d16b38f42704fe3cc94fbee1601be96045013151 (patch)
tree	abd95e88387701d92c5319565ed4a6aaf9c02a1b /include/hash.h
parent	f191f3a1027ede56e2501920e3e8a8acd7033e77 (diff)
download	u-boot-d16b38f42704fe3cc94fbee1601be96045013151.tar.gz