Add support for SHA384 and SHA512
The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].
This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX
The SHA implementation is adapted from the linux kernel implementation.
[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm
Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
diff --git a/lib/Kconfig b/lib/Kconfig
index af5c38a..fc7d684 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -345,6 +345,29 @@
The SHA256 algorithm produces a 256-bit (32-byte) hash value
(digest).
+config SHA512_ALGO
+ bool "Enable SHA512 algorithm"
+ help
+ This option enables support of internal SHA512 algorithm.
+
+config SHA512
+ bool "Enable SHA512 support"
+ depends on SHA512_ALGO
+ help
+ This option enables support of hashing using SHA512 algorithm.
+ The hash is calculated in software.
+ The SHA512 algorithm produces a 512-bit (64-byte) hash value
+ (digest).
+
+config SHA384
+ bool "Enable SHA384 support"
+ depends on SHA512_ALGO
+ help
+ This option enables support of hashing using SHA384 algorithm.
+ The hash is calculated in software.
+ The SHA384 algorithm produces a 384-bit (48-byte) hash value
+ (digest).
+
config SHA_HW_ACCEL
bool "Enable hashing using hardware"
help