meta/meta-mediatek-gpl/recipes-bsp/u-boot/u-boot-mkimage-2016.11/0001-rsa-add-sha-256-384-512-rsa-2048-3072-4096-algorithm.patch

From 37c917d965c6dcbc3509b8776d79ad75a9102678 Mon Sep 17 00:00:00 2001
From: HC Yen <hc.yen@mediatek.com>
Date: Tue, 6 Dec 2016 16:38:46 +0800
Subject: [PATCH 1/3] rsa: add sha{256,384,512},rsa{2048,3072,4096} algorithms

Add support for "sha256,rsa3072", "sha384,rsa2048", "sha384,rsa3072",
"sha384,rsa4096", "sha512,rsa2048", "sha512,rsa3072", and
"sha512,rsa4096" signatures in u-boot.
---
 common/hash.c                 |  71 +++++++
 common/image-fit.c            |   9 +
 common/image-sig.c            | 121 +++++++++++-
 include/hash.h                |   2 +-
 include/image.h               |  18 ++
 include/u-boot/rsa-checksum.h |  12 +-
 include/u-boot/rsa.h          |   1 +
 include/u-boot/sha4.h         | 159 +++++++++++++++
 lib/Kconfig                   |  16 ++
 lib/Makefile                  |   2 +
 lib/rsa/rsa-checksum.c        | 312 +++++++++++++++++++++++++++++
 lib/sha4.c                    | 447 ++++++++++++++++++++++++++++++++++++++++++
 tools/Makefile                |   1 +
 13 files changed, 1167 insertions(+), 4 deletions(-)
 create mode 100644 include/u-boot/sha4.h
 create mode 100644 lib/sha4.c

diff --git a/common/hash.c b/common/hash.c
index b645298..d563292 100644
--- a/common/hash.c
+++ b/common/hash.c
@@ -28,6 +28,7 @@
 #include <u-boot/crc.h>
 #include <u-boot/sha1.h>
 #include <u-boot/sha256.h>
+#include <u-boot/sha4.h>
 #include <u-boot/md5.h>
 
 #ifdef CONFIG_SHA1
@@ -84,6 +85,58 @@ static int hash_finish_sha256(struct hash_algo *algo, void *ctx, void
 	free(ctx);
 	return 0;
 }
+
+static int hash_init_sha384(struct hash_algo *algo, void **ctxp)
+{
+	sha4_context *ctx = malloc(sizeof(sha4_context));
+	sha4_starts(ctx, 1);
+	*ctxp = ctx;
+	return 0;
+}
+
+static int hash_update_sha384(struct hash_algo *algo, void *ctx,
+			      const void *buf, unsigned int size, int is_last)
+{
+	sha4_update((sha4_context *)ctx, (unsigned char *)buf, size);
+	return 0;
+}
+
+static int hash_finish_sha384(struct hash_algo *algo, void *ctx, void
+			      *dest_buf, int size)
+{
+	if (size < algo->digest_size)
+		return -1;
+
+	sha4_finish((sha4_context *)ctx, dest_buf);
+	free(ctx);
+	return 0;
+}
+
+static int hash_init_sha512(struct hash_algo *algo, void **ctxp)
+{
+	sha4_context *ctx = malloc(sizeof(sha4_context));
+	sha4_starts(ctx, 0);
+	*ctxp = ctx;
+	return 0;
+}
+
+static int hash_update_sha512(struct hash_algo *algo, void *ctx,
+			      const void *buf, unsigned int size, int is_last)
+{
+	sha4_update((sha4_context *)ctx, (unsigned char *)buf, size);
+	return 0;
+}
+
+static int hash_finish_sha512(struct hash_algo *algo, void *ctx, void
+			      *dest_buf, int size)
+{
+	if (size < algo->digest_size)
+		return -1;
+
+	sha4_finish((sha4_context *)ctx, dest_buf);
+	free(ctx);
+	return 0;
+}
 #endif
 
 static int hash_init_crc32(struct hash_algo *algo, void **ctxp)
@@ -166,6 +219,24 @@ static struct hash_algo hash_algo[] = {
 		hash_update_sha256,
 		hash_finish_sha256,
 	},
+	{
+		"sha384",
+		SHA384_SUM_LEN,
+		sha384_csum_wd,
+		CHUNKSZ_SHA384,
+		hash_init_sha384,
+		hash_update_sha384,
+		hash_finish_sha384,
+	},
+	{
+		"sha512",
+		SHA512_SUM_LEN,
+		sha512_csum_wd,
+		CHUNKSZ_SHA512,
+		hash_init_sha512,
+		hash_update_sha512,
+		hash_finish_sha512,
+	},
 #endif
 	{
 		"crc32",
diff --git a/common/image-fit.c b/common/image-fit.c
index 77dc011..2d19e75 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -27,6 +27,7 @@ DECLARE_GLOBAL_DATA_PTR;
 #include <u-boot/md5.h>
 #include <u-boot/sha1.h>
 #include <u-boot/sha256.h>
+#include <u-boot/sha4.h>
 
 /*****************************************************************************/
 /* New uImage format routines */
@@ -931,6 +932,14 @@ int calculate_hash(const void *data, int data_len, const char *algo,
 		sha256_csum_wd((unsigned char *)data, data_len,
 			       (unsigned char *)value, CHUNKSZ_SHA256);
 		*value_len = SHA256_SUM_LEN;
+	} else if (IMAGE_ENABLE_SHA384 && strcmp(algo, "sha384") == 0) {
+		sha384_csum_wd((unsigned char *)data, data_len,
+			       (unsigned char *)value, CHUNKSZ_SHA384);
+		*value_len = SHA384_SUM_LEN;
+	} else if (IMAGE_ENABLE_SHA512 && strcmp(algo, "sha512") == 0) {
+		sha512_csum_wd((unsigned char *)data, data_len,
+			       (unsigned char *)value, CHUNKSZ_SHA512);
+		*value_len = SHA512_SUM_LEN;
 	} else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) {
 		md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5);
 		*value_len = 16;
diff --git a/common/image-sig.c b/common/image-sig.c
index 28f7a20..57eab9f 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -54,12 +54,82 @@ struct checksum_algo checksum_algos[] = {
 	{
 		"sha256",
 		SHA256_SUM_LEN,
+		RSA3072_BYTES,
+#if IMAGE_ENABLE_SIGN
+		EVP_sha256,
+#endif
+		hash_calculate,
+		padding_sha256_rsa3072,
+	},
+	{
+		"sha256",
+		SHA256_SUM_LEN,
 		RSA4096_BYTES,
 #if IMAGE_ENABLE_SIGN
 		EVP_sha256,
 #endif
 		hash_calculate,
 		padding_sha256_rsa4096,
+	},
+	{
+		"sha384",
+		SHA384_SUM_LEN,
+		RSA2048_BYTES,
+#if IMAGE_ENABLE_SIGN
+		EVP_sha384,
+#endif
+		hash_calculate,
+		padding_sha384_rsa2048,
+	},
+	{
+		"sha384",
+		SHA384_SUM_LEN,
+		RSA3072_BYTES,
+#if IMAGE_ENABLE_SIGN
+		EVP_sha384,
+#endif
+		hash_calculate,
+		padding_sha384_rsa3072,
+	},
+	{
+		"sha384",
+		SHA384_SUM_LEN,
+		RSA4096_BYTES,
+#if IMAGE_ENABLE_SIGN
+		EVP_sha384,
+#endif
+		hash_calculate,
+		padding_sha384_rsa4096,
+	},
+	{
+		"sha512",
+		SHA512_SUM_LEN,
+		RSA2048_BYTES,
+#if IMAGE_ENABLE_SIGN
+		EVP_sha512,
+#endif
+		hash_calculate,
+		padding_sha512_rsa2048,
+	},
+	{
+		"sha512",
+		SHA512_SUM_LEN,
+		RSA3072_BYTES,
+#if IMAGE_ENABLE_SIGN
+		EVP_sha512,
+#endif
+		hash_calculate,
+		padding_sha512_rsa3072,
+	},
+	{
+		"sha512",
+		SHA512_SUM_LEN,
+		RSA4096_BYTES,
+#if IMAGE_ENABLE_SIGN
+		EVP_sha512,
+#endif
+		hash_calculate,
+		padding_sha512_rsa4096,
 	}
 
 };
@@ -80,11 +150,60 @@ struct image_sig_algo image_sig_algos[] = {
 		&checksum_algos[1],
 	},
 	{
-		"sha256,rsa4096",
+		"sha256,rsa3072",
 		rsa_sign,
 		rsa_add_verify_data,
 		rsa_verify,
 		&checksum_algos[2],
+	},
+	{
+		"sha256,rsa4096",
+		rsa_sign,
+		rsa_add_verify_data,
+		rsa_verify,
+		&checksum_algos[3],
+	},
+	{
+		"sha384,rsa2048",
+		rsa_sign,
+		rsa_add_verify_data,
+		rsa_verify,
+		&checksum_algos[4],
+	},
+	{
+		"sha384,rsa3072",
+		rsa_sign,
+		rsa_add_verify_data,
+		rsa_verify,
+		&checksum_algos[5],
+	},
+	{
+		"sha384,rsa4096",
+		rsa_sign,
+		rsa_add_verify_data,
+		rsa_verify,
+		&checksum_algos[6],
+	},
+	{
+		"sha512,rsa2048",
+		rsa_sign,
+		rsa_add_verify_data,
+		rsa_verify,
+		&checksum_algos[7],
+	},
+	{
+		"sha512,rsa3072",
+		rsa_sign,
+		rsa_add_verify_data,
+		rsa_verify,
+		&checksum_algos[8],
+	},
+	{
+		"sha512,rsa4096",
+		rsa_sign,
+		rsa_add_verify_data,
+		rsa_verify,
+		&checksum_algos[9],
 	}
 
 };
diff --git a/include/hash.h b/include/hash.h
index d814337..59ba707 100644
--- a/include/hash.h
+++ b/include/hash.h
@@ -10,7 +10,7 @@
  * Maximum digest size for all algorithms we support. Having this value
  * avoids a malloc() or C99 local declaration in common/cmd_hash.c.
  */
-#define HASH_MAX_DIGEST_SIZE	32
+#define HASH_MAX_DIGEST_SIZE	64
 
 enum {
 	HASH_FLAG_VERIFY	= 1 << 0,	/* Enable verify mode */
diff --git a/include/image.h b/include/image.h
index 2b1296c..81735e8 100644
--- a/include/image.h
+++ b/include/image.h
@@ -65,15 +65,25 @@ struct lmb;
 #  ifdef CONFIG_SPL_SHA256_SUPPORT
 #   define IMAGE_ENABLE_SHA256	1
 #  endif
+#  ifdef CONFIG_SPL_SHA384_SUPPORT
+#   define IMAGE_ENABLE_SHA384	1
+#  endif
+#  ifdef CONFIG_SPL_SHA512_SUPPORT
+#   define IMAGE_ENABLE_SHA512	1
+#  endif
 # else
 #  define CONFIG_CRC32		/* FIT images need CRC32 support */
 #  define CONFIG_MD5		/* and MD5 */
 #  define CONFIG_SHA1		/* and SHA1 */
 #  define CONFIG_SHA256		/* and SHA256 */
+#  define CONFIG_SHA384		/* and SHA384 */
+#  define CONFIG_SHA512		/* and SHA512 */
 #  define IMAGE_ENABLE_CRC32	1
 #  define IMAGE_ENABLE_MD5	1
 #  define IMAGE_ENABLE_SHA1	1
 #  define IMAGE_ENABLE_SHA256	1
+#  define IMAGE_ENABLE_SHA384	1
+#  define IMAGE_ENABLE_SHA512	1
 # endif
 
 #ifdef CONFIG_FIT_DISABLE_SHA256
@@ -97,6 +107,14 @@ struct lmb;
 #define IMAGE_ENABLE_SHA256	0
 #endif
 
+#ifndef IMAGE_ENABLE_SHA384
+#define IMAGE_ENABLE_SHA384	0
+#endif
+
+#ifndef IMAGE_ENABLE_SHA512
+#define IMAGE_ENABLE_SHA512	0
+#endif
+
 #endif /* IMAGE_ENABLE_FIT */
 
 #ifdef CONFIG_SYS_BOOT_RAMDISK_HIGH
diff --git a/include/u-boot/rsa-checksum.h b/include/u-boot/rsa-checksum.h
index 3c69d85..d8c584a 100644
--- a/include/u-boot/rsa-checksum.h
+++ b/include/u-boot/rsa-checksum.h
@@ -11,10 +11,18 @@
 #include <image.h>
 #include <u-boot/sha1.h>
 #include <u-boot/sha256.h>
+#include <u-boot/sha4.h>
 
-extern const uint8_t padding_sha256_rsa4096[];
-extern const uint8_t padding_sha256_rsa2048[];
 extern const uint8_t padding_sha1_rsa2048[];
+extern const uint8_t padding_sha256_rsa2048[];
+extern const uint8_t padding_sha256_rsa3072[];
+extern const uint8_t padding_sha256_rsa4096[];
+extern const uint8_t padding_sha384_rsa2048[];
+extern const uint8_t padding_sha384_rsa3072[];
+extern const uint8_t padding_sha384_rsa4096[];
+extern const uint8_t padding_sha512_rsa2048[];
+extern const uint8_t padding_sha512_rsa3072[];
+extern const uint8_t padding_sha512_rsa4096[];
 
 /**
  * hash_calculate() - Calculate hash over the data
diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
index 0e96c38..3921250 100644
--- a/include/u-boot/rsa.h
+++ b/include/u-boot/rsa.h
@@ -108,6 +108,7 @@ static inline int rsa_verify(struct image_sign_info *info,
 #endif
 
 #define RSA2048_BYTES	(2048 / 8)
+#define RSA3072_BYTES	(3072 / 8)
 #define RSA4096_BYTES	(4096 / 8)
 
 /* This is the minimum/maximum key size we support, in bits */
diff --git a/include/u-boot/sha4.h b/include/u-boot/sha4.h
new file mode 100644
index 0000000..e9e5865
--- /dev/null
+++ b/include/u-boot/sha4.h
@@ -0,0 +1,159 @@
+/**
+ * \file sha4.h
+ *
+ *  Based on XySSL: Copyright (C) 2006-2008  Christophe Devine
+ *
+ *  Copyright (C) 2009  Paul Bakker <polarssl_maintainer at polarssl dot org>
+ *
+ *  All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions
+ *  are met:
+ *
+ *    * Redistributions of source code must retain the above copyright
+ *      notice, this list of conditions and the following disclaimer.
+ *    * Redistributions in binary form must reproduce the above copyright
+ *      notice, this list of conditions and the following disclaimer in the
+ *      documentation and/or other materials provided with the distribution.
+ *    * Neither the names of PolarSSL or XySSL nor the names of its contributors
+ *      may be used to endorse or promote products derived from this software
+ *      without specific prior written permission.
+ *
+ *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ *  FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ *  TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _SHA4_H
+#define _SHA4_H
+
+#define SHA384_SUM_LEN  48
+#define SHA512_SUM_LEN  64
+
+/* Reset watchdog each time we process this many bytes */
+#define CHUNKSZ_SHA384  (64 * 1024)
+#define CHUNKSZ_SHA512  (64 * 1024)
+
+#define UL64(x) x##ULL
+#define int64 long long
+
+/**
+ * \brief          SHA-512 context structure
+ */
+typedef struct {
+	unsigned int64 total[2];	/*!< number of bytes processed  */
+	unsigned int64 state[8];	/*!< intermediate digest state  */
+	unsigned char buffer[128];	/*!< data block being processed */
+
+	unsigned char ipad[128];	/*!< HMAC: inner padding        */
+	unsigned char opad[128];	/*!< HMAC: outer padding        */
+	int is384;		/*!< 0 => SHA-512, else SHA-384 */
+} sha4_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+	/**
+	 * \brief          SHA-512 context setup
+	 *
+	 * \param ctx      context to be initialized
+	 * \param is384    0 = use SHA512, 1 = use SHA384
+	 */
+	void sha4_starts(sha4_context * ctx, int is384);
+
+	/**
+	 * \brief          SHA-512 process buffer
+	 *
+	 * \param ctx      SHA-512 context
+	 * \param input    buffer holding the  data
+	 * \param ilen     length of the input data
+	 */
+	void sha4_update(sha4_context * ctx, unsigned char *input, int ilen);
+
+	/**
+	 * \brief          SHA-512 final digest
+	 *
+	 * \param ctx      SHA-512 context
+	 * \param output   SHA-384/512 checksum result
+	 */
+	void sha4_finish(sha4_context * ctx, unsigned char output[64]);
+
+	/**
+	 * \brief          Output = SHA-512( input buffer )
+	 *
+	 * \param input    buffer holding the  data
+	 * \param ilen     length of the input data
+	 * \param output   SHA-384/512 checksum result
+	 * \param is384    0 = use SHA512, 1 = use SHA384
+	 */
+	void sha4(unsigned char *input, int ilen,
+		  unsigned char output[64], int is384);
+
+void sha384_csum_wd(const unsigned char *input, unsigned int ilen,
+		unsigned char *output, unsigned int chunk_sz);
+void sha512_csum_wd(const unsigned char *input, unsigned int ilen,
+		unsigned char *output, unsigned int chunk_sz);
+
+	/**
+	 * \brief          SHA-512 HMAC context setup
+	 *
+	 * \param ctx      HMAC context to be initialized
+	 * \param is384    0 = use SHA512, 1 = use SHA384
+	 * \param key      HMAC secret key
+	 * \param keylen   length of the HMAC key
+	 */
+	void sha4_hmac_starts(sha4_context * ctx, unsigned char *key,
+			      int keylen, int is384);
+
+	/**
+	 * \brief          SHA-512 HMAC process buffer
+	 *
+	 * \param ctx      HMAC context
+	 * \param input    buffer holding the  data
+	 * \param ilen     length of the input data
+	 */
+	void sha4_hmac_update(sha4_context * ctx, unsigned char *input,
+			      int ilen);
+
+	/**
+	 * \brief          SHA-512 HMAC final digest
+	 *
+	 * \param ctx      HMAC context
+	 * \param output   SHA-384/512 HMAC checksum result
+	 */
+	void sha4_hmac_finish(sha4_context * ctx, unsigned char output[64]);
+
+	/**
+	 * \brief          Output = HMAC-SHA-512( hmac key, input buffer )
+	 *
+	 * \param key      HMAC secret key
+	 * \param keylen   length of the HMAC key
+	 * \param input    buffer holding the  data
+	 * \param ilen     length of the input data
+	 * \param output   HMAC-SHA-384/512 result
+	 * \param is384    0 = use SHA512, 1 = use SHA384
+	 */
+	void sha4_hmac(unsigned char *key, int keylen,
+		       unsigned char *input, int ilen,
+		       unsigned char output[64], int is384);
+
+	/**
+	 * \brief          Checkup routine
+	 *
+	 * \return         0 if successful, or 1 if the test failed
+	 */
+	int sha4_self_test(int verbose);
+
+#ifdef __cplusplus
+}
+#endif
+#endif				/* sha4.h */
diff --git a/lib/Kconfig b/lib/Kconfig
index b16062f..1cba1b5 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -85,6 +85,22 @@ config SHA256
 	  The SHA256 algorithm produces a 256-bit (32-byte) hash value
 	  (digest).
 
+config SHA384
+	bool "Enable SHA384 support"
+	help
+	  This option enables support of hashing using SHA384 algorithm.
+	  The hash is calculated in software.
+	  The SHA384 algorithm produces a 384-bit (48-byte) hash value
+	  (digest).
+
+config SHA512
+	bool "Enable SHA512 support"
+	help
+	  This option enables support of hashing using SHA512 algorithm.
+	  The hash is calculated in software.
+	  The SHA512 algorithm produces a 512-bit (64-byte) hash value
+	  (digest).
+
 config SHA_HW_ACCEL
 	bool "Enable hashing using hardware"
 	help
diff --git a/lib/Makefile b/lib/Makefile
index 23e9f1e..ba5ba04 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -47,6 +47,8 @@ endif
 obj-$(CONFIG_$(SPL_)RSA) += rsa/
 obj-$(CONFIG_$(SPL_)SHA1) += sha1.o
 obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
+obj-$(CONFIG_$(SPL_)SHA384) += sha4.o
+obj-$(CONFIG_$(SPL_)SHA512) += sha4.o
 
 obj-$(CONFIG_SPL_SAVEENV) += qsort.o
 obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/
diff --git a/lib/rsa/rsa-checksum.c b/lib/rsa/rsa-checksum.c
index db183ff..74e289c 100644
--- a/lib/rsa/rsa-checksum.c
+++ b/lib/rsa/rsa-checksum.c
@@ -15,6 +15,7 @@
 #include "fdt_host.h"
 #include <u-boot/sha1.h>
 #include <u-boot/sha256.h>
+#include <u-boot/sha4.h>
 #endif
 #include <u-boot/rsa.h>
 
@@ -74,6 +75,53 @@ const uint8_t padding_sha1_rsa2048[RSA2048_BYTES - SHA1_SUM_LEN] = {
 	0x05, 0x00, 0x04, 0x14
 };
 
+const uint8_t padding_sha256_rsa3072[RSA3072_BYTES - SHA256_SUM_LEN] = {
+	0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x31, 0x30,
+	0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
+	0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
+};
+
 const uint8_t padding_sha256_rsa4096[RSA4096_BYTES - SHA256_SUM_LEN] = {
 	0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
@@ -137,6 +185,270 @@ const uint8_t padding_sha256_rsa4096[RSA4096_BYTES - SHA256_SUM_LEN] = {
 	0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
 };
 
+const uint8_t padding_sha384_rsa2048[RSA2048_BYTES - SHA384_SUM_LEN] = {
+	0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x41, 0x30,
+	0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
+	0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30
+};
+
+const uint8_t padding_sha384_rsa3072[RSA3072_BYTES - SHA384_SUM_LEN] = {
+	0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x41, 0x30,
+	0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
+	0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30
+};
+
+const uint8_t padding_sha384_rsa4096[RSA4096_BYTES - SHA384_SUM_LEN] = {
+	0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x41, 0x30,
+	0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
+	0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30
+};
+
+const uint8_t padding_sha512_rsa2048[RSA2048_BYTES - SHA512_SUM_LEN] = {
+	0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x51, 0x30,
+	0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
+	0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40
+};
+
+const uint8_t padding_sha512_rsa3072[RSA3072_BYTES - SHA512_SUM_LEN] = {
+	0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x51, 0x30,
+	0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
+	0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40
+};
+
+const uint8_t padding_sha512_rsa4096[RSA4096_BYTES - SHA512_SUM_LEN] = {
+	0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x51, 0x30,
+	0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
+	0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40
+};
+
 int hash_calculate(const char *name,
 		    const struct image_region region[],
 		    int region_count, uint8_t *checksum)
diff --git a/lib/sha4.c b/lib/sha4.c
new file mode 100644
index 0000000..929d267
--- /dev/null
+++ b/lib/sha4.c
@@ -0,0 +1,447 @@
+/*
+ *	FIPS-180-2 compliant SHA-384/512 implementation
+ *
+ *	Based on XySSL: Copyright (C) 2006-2008	 Christophe Devine
+ *
+ *	Copyright (C) 2009	Paul Bakker <polarssl_maintainer at polarssl dot org>
+ *
+ *	All rights reserved.
+ *
+ *	Redistribution and use in source and binary forms, with or without
+ *	modification, are permitted provided that the following conditions
+ *	are met:
+ *
+ *	  * Redistributions of source code must retain the above copyright
+ *		notice, this list of conditions and the following disclaimer.
+ *	  * Redistributions in binary form must reproduce the above copyright
+ *		notice, this list of conditions and the following disclaimer in the
+ *		documentation and/or other materials provided with the distribution.
+ *	  * Neither the names of PolarSSL or XySSL nor the names of its contributors
+ *		may be used to endorse or promote products derived from this software
+ *		without specific prior written permission.
+ *
+ *	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ *	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ *	LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ *	FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ *	OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ *	SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ *	TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ *	PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ *	LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ *	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ *	SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ *	The SHA-512 Secure Hash Standard was published by NIST in 2002.
+ *
+ *	http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
+ */
+
+#ifndef USE_HOSTCC
+#include <common.h>
+#include <linux/string.h>
+#else
+#include <string.h>
+#endif /* USE_HOSTCC */
+#include <watchdog.h>
+#include <u-boot/sha4.h>
+
+/*
+ * 64-bit integer manipulation macros (big endian)
+ */
+#ifndef GET_UINT64_BE
+#define GET_UINT64_BE(n,b,i)							\
+	{													\
+		(n) = ( (unsigned int64) (b)[(i)	] << 56 )	\
+			| ( (unsigned int64) (b)[(i) + 1] << 48 )	\
+			| ( (unsigned int64) (b)[(i) + 2] << 40 )	\
+			| ( (unsigned int64) (b)[(i) + 3] << 32 )	\
+			| ( (unsigned int64) (b)[(i) + 4] << 24 )	\
+			| ( (unsigned int64) (b)[(i) + 5] << 16 )	\
+			| ( (unsigned int64) (b)[(i) + 6] <<  8 )	\
+			| ( (unsigned int64) (b)[(i) + 7]		);	\
+	}
+#endif
+
+#ifndef PUT_UINT64_BE
+#define PUT_UINT64_BE(n,b,i)							\
+	{													\
+		(b)[(i)	   ] = (unsigned char) ( (n) >> 56 );	\
+		(b)[(i) + 1] = (unsigned char) ( (n) >> 48 );	\
+		(b)[(i) + 2] = (unsigned char) ( (n) >> 40 );	\
+		(b)[(i) + 3] = (unsigned char) ( (n) >> 32 );	\
+		(b)[(i) + 4] = (unsigned char) ( (n) >> 24 );	\
+		(b)[(i) + 5] = (unsigned char) ( (n) >> 16 );	\
+		(b)[(i) + 6] = (unsigned char) ( (n) >>	 8 );	\
+		(b)[(i) + 7] = (unsigned char) ( (n)	   );	\
+	}
+#endif
+
+/*
+ * Round constants
+ */
+static const unsigned int64 K[80] = {
+	UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
+	UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
+	UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
+	UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
+	UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
+	UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
+	UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
+	UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
+	UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
+	UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
+	UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
+	UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
+	UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
+	UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
+	UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
+	UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
+	UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
+	UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
+	UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
+	UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
+	UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
+	UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
+	UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
+	UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
+	UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
+	UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
+	UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
+	UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
+	UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
+	UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
+	UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
+	UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
+	UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
+	UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
+	UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
+	UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
+	UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
+	UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
+	UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
+	UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
+};
+
+/*
+ * SHA-512 context setup
+ */
+void sha4_starts(sha4_context * ctx, int is384)
+{
+	ctx->total[0] = 0;
+	ctx->total[1] = 0;
+
+	if (is384 == 0) {
+		/* SHA-512 */
+		ctx->state[0] = UL64(0x6A09E667F3BCC908);
+		ctx->state[1] = UL64(0xBB67AE8584CAA73B);
+		ctx->state[2] = UL64(0x3C6EF372FE94F82B);
+		ctx->state[3] = UL64(0xA54FF53A5F1D36F1);
+		ctx->state[4] = UL64(0x510E527FADE682D1);
+		ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
+		ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
+		ctx->state[7] = UL64(0x5BE0CD19137E2179);
+	} else {
+		/* SHA-384 */
+		ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
+		ctx->state[1] = UL64(0x629A292A367CD507);
+		ctx->state[2] = UL64(0x9159015A3070DD17);
+		ctx->state[3] = UL64(0x152FECD8F70E5939);
+		ctx->state[4] = UL64(0x67332667FFC00B31);
+		ctx->state[5] = UL64(0x8EB44A8768581511);
+		ctx->state[6] = UL64(0xDB0C2E0D64F98FA7);
+		ctx->state[7] = UL64(0x47B5481DBEFA4FA4);
+	}
+
+	ctx->is384 = is384;
+}
+
+static void sha4_process(sha4_context * ctx, unsigned char data[128])
+{
+	int i;
+	unsigned int64 temp1, temp2, W[80];
+	unsigned int64 A, B, C, D, E, F, G, H;
+
+#define	 SHR(x,n) (x >> n)
+#define ROTR(x,n) (SHR(x,n) | (x << (64 - n)))
+
+#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^  SHR(x, 7))
+#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^  SHR(x, 6))
+
+#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
+#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
+
+#define F0(x,y,z) ((x & y) | (z & (x | y)))
+#define F1(x,y,z) (z ^ (x & (y ^ z)))
+
+#define P(a,b,c,d,e,f,g,h,x,K)					\
+	{											\
+		temp1 = h + S3(e) + F1(e,f,g) + K + x;	\
+		temp2 = S2(a) + F0(a,b,c);				\
+		d += temp1; h = temp1 + temp2;			\
+	}
+
+	for (i = 0; i < 16; i++) {
+		GET_UINT64_BE(W[i], data, i << 3);
+	}
+
+	for (; i < 80; i++) {
+		W[i] = S1(W[i - 2]) + W[i - 7] + S0(W[i - 15]) + W[i - 16];
+	}
+
+	A = ctx->state[0];
+	B = ctx->state[1];
+	C = ctx->state[2];
+	D = ctx->state[3];
+	E = ctx->state[4];
+	F = ctx->state[5];
+	G = ctx->state[6];
+	H = ctx->state[7];
+	i = 0;
+
+	do {
+		P(A, B, C, D, E, F, G, H, W[i], K[i]);
+		i++;
+		P(H, A, B, C, D, E, F, G, W[i], K[i]);
+		i++;
+		P(G, H, A, B, C, D, E, F, W[i], K[i]);
+		i++;
+		P(F, G, H, A, B, C, D, E, W[i], K[i]);
+		i++;
+		P(E, F, G, H, A, B, C, D, W[i], K[i]);
+		i++;
+		P(D, E, F, G, H, A, B, C, W[i], K[i]);
+		i++;
+		P(C, D, E, F, G, H, A, B, W[i], K[i]);
+		i++;
+		P(B, C, D, E, F, G, H, A, W[i], K[i]);
+		i++;
+	} while (i < 80);
+
+	ctx->state[0] += A;
+	ctx->state[1] += B;
+	ctx->state[2] += C;
+	ctx->state[3] += D;
+	ctx->state[4] += E;
+	ctx->state[5] += F;
+	ctx->state[6] += G;
+	ctx->state[7] += H;
+}
+
+/*
+ * SHA-512 process buffer
+ */
+void sha4_update(sha4_context * ctx, unsigned char *input, int ilen)
+{
+	int fill;
+	unsigned int64 left;
+
+	if (ilen <= 0)
+		return;
+
+	left = ctx->total[0] & 0x7F;
+	fill = (int)(128 - left);
+
+	ctx->total[0] += ilen;
+
+	if (ctx->total[0] < (unsigned int64)ilen)
+		ctx->total[1]++;
+
+	if (left && ilen >= fill) {
+		memcpy((void *)(ctx->buffer + left), (void *)input, fill);
+		sha4_process(ctx, ctx->buffer);
+		input += fill;
+		ilen -= fill;
+		left = 0;
+	}
+
+	while (ilen >= 128) {
+		sha4_process(ctx, input);
+		input += 128;
+		ilen -= 128;
+	}
+
+	if (ilen > 0) {
+		memcpy((void *)(ctx->buffer + left), (void *)input, ilen);
+	}
+}
+
+static const unsigned char sha4_padding[128] = {
+	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/*
+ * SHA-512 final digest
+ */
+void sha4_finish(sha4_context * ctx, unsigned char output[64])
+{
+	int last, padn;
+	unsigned int64 high, low;
+	unsigned char msglen[16];
+
+	high = (ctx->total[0] >> 61)
+	    | (ctx->total[1] << 3);
+	low = (ctx->total[0] << 3);
+
+	PUT_UINT64_BE(high, msglen, 0);
+	PUT_UINT64_BE(low, msglen, 8);
+
+	last = (int)(ctx->total[0] & 0x7F);
+	padn = (last < 112) ? (112 - last) : (240 - last);
+
+	sha4_update(ctx, (unsigned char *)sha4_padding, padn);
+	sha4_update(ctx, msglen, 16);
+
+	PUT_UINT64_BE(ctx->state[0], output, 0);
+	PUT_UINT64_BE(ctx->state[1], output, 8);
+	PUT_UINT64_BE(ctx->state[2], output, 16);
+	PUT_UINT64_BE(ctx->state[3], output, 24);
+	PUT_UINT64_BE(ctx->state[4], output, 32);
+	PUT_UINT64_BE(ctx->state[5], output, 40);
+
+	if (ctx->is384 == 0) {
+		PUT_UINT64_BE(ctx->state[6], output, 48);
+		PUT_UINT64_BE(ctx->state[7], output, 56);
+	}
+}
+
+/*
+ * output = SHA-512( input buffer )
+ */
+void sha4(unsigned char *input, int ilen, unsigned char output[64], int is384)
+{
+	sha4_context ctx;
+
+	sha4_starts(&ctx, is384);
+	sha4_update(&ctx, input, ilen);
+	sha4_finish(&ctx, output);
+
+	memset(&ctx, 0, sizeof(sha4_context));
+}
+
+/*
+ * Output = SHA-4( input buffer ). Trigger the watchdog every 'chunk_sz'
+ * bytes of input processed.
+ */
+static void sha4_csum_wd(const unsigned char *input, unsigned int ilen,
+		unsigned char *output, unsigned int chunk_sz, int is384)
+{
+	sha4_context ctx;
+#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
+	const unsigned char *end;
+	unsigned char *curr;
+	int chunk;
+#endif
+
+	sha4_starts(&ctx, is384);
+
+#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
+	curr = (unsigned char *)input;
+	end = input + ilen;
+	while (curr < end) {
+		chunk = end - curr;
+		if (chunk > chunk_sz)
+			chunk = chunk_sz;
+		sha4_update(&ctx, curr, chunk);
+		curr += chunk;
+		WATCHDOG_RESET();
+	}
+#else
+	sha4_update(&ctx, input, ilen);
+#endif
+
+	sha4_finish(&ctx, output);
+}
+
+void sha384_csum_wd(const unsigned char *input, unsigned int ilen,
+                unsigned char *output, unsigned int chunk_sz)
+{
+	sha4_csum_wd(input, ilen, output, chunk_sz, 1);
+}
+
+void sha512_csum_wd(const unsigned char *input, unsigned int ilen,
+                unsigned char *output, unsigned int chunk_sz)
+{
+	sha4_csum_wd(input, ilen, output, chunk_sz, 0);
+}
+
+/*
+ * SHA-512 HMAC context setup
+ */
+void sha4_hmac_starts(sha4_context * ctx, unsigned char *key, int keylen,
+		      int is384)
+{
+	int i;
+	unsigned char sum[64];
+
+	if (keylen > 128) {
+		sha4(key, keylen, sum, is384);
+		keylen = (is384) ? 48 : 64;
+		key = sum;
+	}
+
+	memset(ctx->ipad, 0x36, 128);
+	memset(ctx->opad, 0x5C, 128);
+
+	for (i = 0; i < keylen; i++) {
+		ctx->ipad[i] = (unsigned char)(ctx->ipad[i] ^ key[i]);
+		ctx->opad[i] = (unsigned char)(ctx->opad[i] ^ key[i]);
+	}
+
+	sha4_starts(ctx, is384);
+	sha4_update(ctx, ctx->ipad, 128);
+
+	memset(sum, 0, sizeof(sum));
+}
+
+/*
+ * SHA-512 HMAC process buffer
+ */
+void sha4_hmac_update(sha4_context * ctx, unsigned char *input, int ilen)
+{
+	sha4_update(ctx, input, ilen);
+}
+
+/*
+ * SHA-512 HMAC final digest
+ */
+void sha4_hmac_finish(sha4_context * ctx, unsigned char output[64])
+{
+	int is384, hlen;
+	unsigned char tmpbuf[64];
+
+	is384 = ctx->is384;
+	hlen = (is384 == 0) ? 64 : 48;
+
+	sha4_finish(ctx, tmpbuf);
+	sha4_starts(ctx, is384);
+	sha4_update(ctx, ctx->opad, 128);
+	sha4_update(ctx, tmpbuf, hlen);
+	sha4_finish(ctx, output);
+
+	memset(tmpbuf, 0, sizeof(tmpbuf));
+}
+
+/*
+ * output = HMAC-SHA-512( hmac key, input buffer )
+ */
+void sha4_hmac(unsigned char *key, int keylen,
+	       unsigned char *input, int ilen,
+	       unsigned char output[64], int is384)
+{
+	sha4_context ctx;
+
+	sha4_hmac_starts(&ctx, key, keylen, is384);
+	sha4_hmac_update(&ctx, input, ilen);
+	sha4_hmac_finish(&ctx, output);
+
+	memset(&ctx, 0, sizeof(sha4_context));
+}
diff --git a/tools/Makefile b/tools/Makefile
index 9edb504..59f4911 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -95,6 +95,7 @@ dumpimage-mkimage-objs := aisimage.o \
 			socfpgaimage.o \
 			lib/sha1.o \
 			lib/sha256.o \
+			lib/sha4.o \
 			common/hash.o \
 			ublimage.o \
 			zynqimage.o \
-- 
1.9.1