[PATCH 7/7] command: add hmac sum supportfor md5, sha1, sha224, sha256, sha384, sha512

Sascha Hauer s.hauer at pengutronix.de
Wed Mar 11 04:41:20 PDT 2015


On Wed, Mar 11, 2015 at 12:00:29PM +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> On 11:52 Wed 11 Mar     , Jean-Christophe PLAGNIOL-VILLARD wrote:
> > On 06:43 Wed 11 Mar     , Sascha Hauer wrote:
> > > On Tue, Mar 10, 2015 at 03:28:17PM +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > > > pass the key via -k param
> > > > 
> > > > Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj at jcrosoft.com>
> > > > ---
> > > >  commands/digest.c | 26 ++++++++++++++++++++++----
> > > >  common/digest.c   | 22 +++++++++++++++++-----
> > > >  include/digest.h  |  3 +++
> > > >  3 files changed, 42 insertions(+), 9 deletions(-)
> > > > 
> > > > diff --git a/commands/digest.c b/commands/digest.c
> > > > index 20fa13f..713f5c6 100644
> > > > --- a/commands/digest.c
> > > > +++ b/commands/digest.c
> > > > @@ -25,6 +25,7 @@
> > > >  #include <xfuncs.h>
> > > >  #include <malloc.h>
> > > >  #include <digest.h>
> > > > +#include <getopt.h>
> > > >  
> > > >  static int do_digest(char *algorithm, int argc, char *argv[])
> > > >  {
> > > > @@ -32,11 +33,26 @@ static int do_digest(char *algorithm, int argc, char *argv[])
> > > >  	int ret = 0;
> > > >  	int i;
> > > >  	unsigned char *hash;
> > > > +	unsigned char *key = NULL;
> > > > +	size_t keylen = 0;
> > > > +	int opt;
> > > > +
> > > > +	while((opt = getopt(argc, argv, "k:")) > 0) {
> > > > +		switch(opt) {
> > > > +		case 'k':
> > > > +			key = optarg;
> > > > +			keylen = strlen(key);
> > > > +			break;
> > > > +		}
> > > 
> > > This passes the key directly as string to the digest operations. This
> > > means we are limited to ASCII printable strings here. I'm not very
> > > familiar with ways for passing keys, but shouldn't we allow to pass the
> > > key as hex numbers or similar?
> > for hmac yes
> 
> to use it in openssl
> 
> echo -n "value" | openssl dgst -sha1 -hmac "key"
> 
> hmac does not care about the key itself just it length
> but for the command I prefer to key something similar to openssl
> 
> we could LATER
> 
> put a file as -K <file> use full for rsa as we will need to load the key from
> file anyway
> 
> so I do prefer to keep it as this

Ok.

Sascha

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



More information about the barebox mailing list