[PATCH 7/7] command: add hmac sum supportfor md5, sha1, sha224, sha256, sha384, sha512
Sascha Hauer
s.hauer at pengutronix.de
Wed Mar 11 04:41:20 PDT 2015
On Wed, Mar 11, 2015 at 12:00:29PM +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> On 11:52 Wed 11 Mar , Jean-Christophe PLAGNIOL-VILLARD wrote:
> > On 06:43 Wed 11 Mar , Sascha Hauer wrote:
> > > On Tue, Mar 10, 2015 at 03:28:17PM +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > > > pass the key via -k param
> > > >
> > > > Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj at jcrosoft.com>
> > > > ---
> > > > commands/digest.c | 26 ++++++++++++++++++++++----
> > > > common/digest.c | 22 +++++++++++++++++-----
> > > > include/digest.h | 3 +++
> > > > 3 files changed, 42 insertions(+), 9 deletions(-)
> > > >
> > > > diff --git a/commands/digest.c b/commands/digest.c
> > > > index 20fa13f..713f5c6 100644
> > > > --- a/commands/digest.c
> > > > +++ b/commands/digest.c
> > > > @@ -25,6 +25,7 @@
> > > > #include <xfuncs.h>
> > > > #include <malloc.h>
> > > > #include <digest.h>
> > > > +#include <getopt.h>
> > > >
> > > > static int do_digest(char *algorithm, int argc, char *argv[])
> > > > {
> > > > @@ -32,11 +33,26 @@ static int do_digest(char *algorithm, int argc, char *argv[])
> > > > int ret = 0;
> > > > int i;
> > > > unsigned char *hash;
> > > > + unsigned char *key = NULL;
> > > > + size_t keylen = 0;
> > > > + int opt;
> > > > +
> > > > + while((opt = getopt(argc, argv, "k:")) > 0) {
> > > > + switch(opt) {
> > > > + case 'k':
> > > > + key = optarg;
> > > > + keylen = strlen(key);
> > > > + break;
> > > > + }
> > >
> > > This passes the key directly as string to the digest operations. This
> > > means we are limited to ASCII printable strings here. I'm not very
> > > familiar with ways for passing keys, but shouldn't we allow to pass the
> > > key as hex numbers or similar?
> > for hmac yes
>
> to use it in openssl
>
> echo -n "value" | openssl dgst -sha1 -hmac "key"
>
> hmac does not care about the key itself just it length
> but for the command I prefer to key something similar to openssl
>
> we could LATER
>
> put a file as -K <file> use full for rsa as we will need to load the key from
> file anyway
>
> so I do prefer to keep it as this
Ok.
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list