tools: add an option -hash-alg for cert_create
This option enables the user to select the secure hash algorithm
to be used for generating the hash. It supports the following
options:
- sha256 (default)
- sha384
- sha512
Change-Id: Icb093cec1b5715e248c3d1c3749a2479a7ab4b89
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
diff --git a/tools/cert_create/src/sha.c b/tools/cert_create/src/sha.c
index 2971593..3d977fb 100644
--- a/tools/cert_create/src/sha.c
+++ b/tools/cert_create/src/sha.c
@@ -1,20 +1,21 @@
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <openssl/sha.h>
#include <stdio.h>
-
#include "debug.h"
+#include "key.h"
#define BUFFER_SIZE 256
-int sha_file(const char *filename, unsigned char *md)
+int sha_file(int md_alg, const char *filename, unsigned char *md)
{
FILE *inFile;
SHA256_CTX shaContext;
+ SHA512_CTX sha512Context;
int bytes;
unsigned char data[BUFFER_SIZE];
@@ -29,11 +30,25 @@
return 0;
}
- SHA256_Init(&shaContext);
- while ((bytes = fread(data, 1, BUFFER_SIZE, inFile)) != 0) {
- SHA256_Update(&shaContext, data, bytes);
+ if (md_alg == HASH_ALG_SHA384) {
+ SHA384_Init(&sha512Context);
+ while ((bytes = fread(data, 1, BUFFER_SIZE, inFile)) != 0) {
+ SHA384_Update(&sha512Context, data, bytes);
+ }
+ SHA384_Final(md, &sha512Context);
+ } else if (md_alg == HASH_ALG_SHA512) {
+ SHA512_Init(&sha512Context);
+ while ((bytes = fread(data, 1, BUFFER_SIZE, inFile)) != 0) {
+ SHA512_Update(&sha512Context, data, bytes);
+ }
+ SHA512_Final(md, &sha512Context);
+ } else {
+ SHA256_Init(&shaContext);
+ while ((bytes = fread(data, 1, BUFFER_SIZE, inFile)) != 0) {
+ SHA256_Update(&shaContext, data, bytes);
+ }
+ SHA256_Final(md, &shaContext);
}
- SHA256_Final(md, &shaContext);
fclose(inFile);
return 1;