[ipxe-devel] [ipxe/ipxe] Updated digest commands to include SHA-2 support, hash strings, perfo… (#94)

Ben Galliart notifications at github.com
Fri Aug 23 02:38:26 UTC 2019

This PR adds the following:

- SHA-2 family of digests (sha224sum, sha256sum, sha384sum and sha512sum)
- Multi-round rehashing support
- Hashing of strings (instead of only images)
- Apply result of the data last hashed to the configuration settings as hash:string
- Apply the length of the data last hashed to the configuration settings as hashlen:int32

It is also backward compatible with hashing one or more images as have been available in md5sum and sha1sum previous to the PR.  The major difference is it will write or overwrite hash and hashlen with the last of the multiple images successfully hashed.

Without this PR, the hash functions seem to only provide a way to manually verify the digest results.  With this the resulting digest string and the length of the image can both automatically be confirmed by the ipxe script.

Also consider the following situation, a company creates an ipxe efi module were they want it to go to an ipxe shell when DHCP fails.  However, the company policy requires a password be verified to provide the shell access and also requires the password not be easy to extract even if the efi module is examined with a debugger.

This PR would allow a script such as this to be used:

dhcp || goto dhcpfail
# continue normal tasks
prompt DHCP has failed, press a key to login for shell access
iseq ${username:string} ipxeadmin || goto loginshell
set salt:string 3cbc63d0c64482c666d4dfb0516eed35
md5sum --rounds 1000000 --str ${salt:string}${password:string}
iseq ${hash:string} 1577df1969a3b8f0188496804645c406 || goto loginshell

Please feel free to let me know if there is problem with my code or even if there is problems with the concept I am trying to achieve with the code.

You can view, comment on, or merge this pull request online at:


-- Commit Summary --

  * Updated digest commands to include SHA-2 support, hash strings, perform multi-round hashing and apply the result in the configuration settings

-- File Changes --

    M src/hci/commands/digest_cmd.c (133)

-- Patch Links --


You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20190822/d9ed4243/attachment.htm>

More information about the ipxe-devel mailing list