smaeul-u-boot/include/u-boot/sha256.h

#ifndef _SHA256_H
#define _SHA256_H

#include <linux/compiler_attributes.h>
#include <linux/errno.h>
#include <linux/kconfig.h>
#include <linux/types.h>

#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
/*
 * FIXME:
 * MbedTLS define the members of "mbedtls_sha256_context" as private,
 * but "state" needs to be access by arch/arm/cpu/armv8/sha256_ce_glue.
 * MBEDTLS_ALLOW_PRIVATE_ACCESS needs to be enabled to allow the external
 * access.
 * Directly including <external/mbedtls/library/common.h> is not allowed,
 * since this will include <malloc.h> and break the sandbox test.
 */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS

#include <mbedtls/sha256.h>
#endif

#define SHA224_SUM_LEN	28
#define SHA256_SUM_LEN	32
#define SHA256_DER_LEN	19

extern const uint8_t sha256_der_prefix[];

/* Reset watchdog each time we process this many bytes */
#define CHUNKSZ_SHA256	(64 * 1024)

#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
typedef mbedtls_sha256_context sha256_context;
#else
typedef struct {
	uint32_t total[2];
	uint32_t state[8];
	uint8_t buffer[64];
} sha256_context;
#endif

void sha256_starts(sha256_context * ctx);
void sha256_update(sha256_context *ctx, const uint8_t *input, uint32_t length);
void sha256_finish(sha256_context * ctx, uint8_t digest[SHA256_SUM_LEN]);

void sha256_csum_wd(const unsigned char *input, unsigned int ilen,
		unsigned char *output, unsigned int chunk_sz);

int sha256_hmac(const unsigned char *key, int keylen,
		const unsigned char *input, unsigned int ilen,
		unsigned char *output);

#if CONFIG_IS_ENABLED(HKDF_MBEDTLS)
int sha256_hkdf(const unsigned char *salt, int saltlen,
		const unsigned char *ikm, int ikmlen,
		const unsigned char *info, int infolen,
		unsigned char *output, int outputlen);
#else
static inline int sha256_hkdf(const unsigned char __always_unused *salt,
			      int __always_unused saltlen,
			      const unsigned char __always_unused *ikm,
			      int __always_unused ikmlen,
			      const unsigned char __always_unused *info,
			      int __always_unused infolen,
			      unsigned char __always_unused *output,
			      int __always_unused outputlen) {
	return -EOPNOTSUPP;
}
#endif

#endif /* _SHA256_H */