Add support for SHA384 and SHA512 The current recommendation for best security practice from the US government is to use SHA384 for TOP SECRET [1]. This patch adds support for SHA384 and SHA512 in the hash command, and also allows FIT images to be hashed with these algorithms, and signed with sha384,rsaXXXX and sha512,rsaXXXX The SHA implementation is adapted from the linux kernel implementation. [1] Commercial National Security Algorithm Suite http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>

commit: d16b38f42704fe3cc94fbee1601be96045013151 [log] [tgz]
author: Reuben Dowle <reubendowle0@gmail.com> Thu Apr 16 17:36:52 2020 +1200
committer: Tom Rini <trini@konsulko.com> Fri Jun 12 13:14:07 2020 -0400
tree: abd95e88387701d92c5319565ed4a6aaf9c02a1b
parent: f191f3a1027ede56e2501920e3e8a8acd7033e77 [diff] [blame]
diff --git a/include/hash.h b/include/hash.h
index 835962e..97bb3ed 100644
--- a/include/hash.h
+++ b/include/hash.h

@@ -12,7 +12,11 @@
  * Maximum digest size for all algorithms we support. Having this value
  * avoids a malloc() or C99 local declaration in common/cmd_hash.c.
  */
+#if defined(CONFIG_SHA384) || defined(CONFIG_SHA512)
+#define HASH_MAX_DIGEST_SIZE	64
+#else
 #define HASH_MAX_DIGEST_SIZE	32
+#endif
 
 enum {
 	HASH_FLAG_VERIFY	= 1 << 0,	/* Enable verify mode */
commit	d16b38f42704fe3cc94fbee1601be96045013151	[log] [tgz]
author	Reuben Dowle <reubendowle0@gmail.com>	Thu Apr 16 17:36:52 2020 +1200
committer	Tom Rini <trini@konsulko.com>	Fri Jun 12 13:14:07 2020 -0400
tree	abd95e88387701d92c5319565ed4a6aaf9c02a1b
parent	f191f3a1027ede56e2501920e3e8a8acd7033e77 [diff] [blame]