Add optional parameter for setting hash algorithm

Add a new optional parameter (e.g., 'sha1', 'sha256') to set the hash algorithm for option '-a', '-e', '-r', and '-s'. If the parameter is not present, default value is SHA-1.

README.md

@@ -56,34 +56,37 @@ Some options require the TPM to be in a specific state. This state is shown in b
 
 To get the TPM into the required state, call ELTT2 with the corresponding commands ("x" for a state means that whether this state is required or not depends on the actual command or the command parameters sent eventually to the TPM).
 
- Command line option             | Explanation                    | Precondition
+ Command line option                                 | Explanation                                       | Precondition
- ---                             | ---                            | ---
+ ---                                                 | ---                                               | ---
- -a \<data bytes\>               | Hash Sequence SHA-1            | \[u\] 
+ -a \[hash algorithm\] \<data bytes\>                | Hash Sequence SHA-1/SHA-256 \[default: SHA-1\]    | \[u\]
- -A \<data bytes\>               | Hash Sequence SHA-256          | \[u\] 
+ -A \<data bytes\>                                   | Hash Sequence SHA-256                             | \[u\]
- -b \<command bytes\>            | Enter your own TPM command     | \[u\] 
+ -b \<command bytes\>                                | Enter your own TPM command                        | \[u\]
- -c                              | Read Clock                     | \[u\] 
+ -c                                                  | Read Clock                                        | \[u\]
- -d \<shutdown type\>            | Shutdown                       | \[u\]
+ -d \<shutdown type\>                                | Shutdown                                          | \[u\]
- -e \<PCR index\> \<PCR digest\> | PCR Extend SHA-1               | \[u\]
+ -e \[hash algorithm\] \<PCR index\> \<PCR digest\>  | PCR Extend SHA-1/SHA-256 \[default: SHA-1\]       | \[u\]
- -E \<PCR index\> \<PCR digest\> | PCR Extend SHA-256             | \[u\]
+ -E \<PCR index\> \<PCR digest\>                     | PCR Extend SHA-256                                | \[u\]
- -g                              | Get fixed capability values    | \[u\]
+ -g                                                  | Get fixed capability values                       | \[u\]
- -v                              | Get variable capability values | \[u\]
+ -v                                                  | Get variable capability values                    | \[u\]
- -G \<data length\>              | Get Random                     | \[u\]
+ -G \<data length\>                                  | Get Random                                        | \[u\]
- -h                              | Help                           | \[-\]
+ -h                                                  | Help                                              | \[-\]
- -r \<PCR index\>                | PCR Read SHA-1                 | \[u\]
+ -r \[hash algorithm\] \<PCR index\>                 | PCR Read SHA-1/SHA-256 \[default: SHA-1\]         | \[u\]
- -R \<PCR index\>                | PCR Read SHA-256               | \[u\]
+ -R \<PCR index\>                                    | PCR Read SHA-256                                  | \[u\]
- -s \<data bytes\>               | Hash SHA-1                     | \[u\]
+ -s \[hash algorithm\] \<data bytes\>                | Hash SHA-1/SHA-256 \[default: SHA-1\]             | \[u\]
- -S \<data bytes\>               | Hash SHA-256                   | \[u\]
+ -S \<data bytes\>                                   | Hash SHA-256                                      | \[u\]
- -t \<test type\>                | Self Test                      | \[u\]
+ -t \<test type\>                                    | Self Test                                         | \[u\]
- -T                              | Get Test Result                | \[u\]
+ -T                                                  | Get Test Result                                   | \[u\]
- -u \<startup type\>             | Startup                        | \[-\]
+ -u \<startup type\>                                 | Startup                                           | \[-\]
- -z \<PCR index\>                | PCR Reset                      | \[u\]
+ -z \<PCR index\>                                    | PCR Reset                                         | \[u\]
 
 
  Additional information:
 
 -a: <br>
-With the "-a" command you can hash given data with the SHA-1 hash algorithm. This hash sequence sends 3 commands [start, update, complete] to the TPM and allows to hash an arbitrary amount of data. For example, use the following command to hash the byte sequence {0x41, 0x62, 0x43, 0x64}: <br>
+With the "-a" command you can hash given data with the SHA-1/SHA-256 hash algorithm. This hash sequence sends 3 commands [start, update, complete] to the TPM and allows to hash an arbitrary amount of data. For example, use the following command to hash the byte sequence {0x41, 0x62, 0x43, 0x64}: <br>
- ./eltt2 -a 41624364
+./eltt2 -a 41624364 Hash given data with SHA-1 hash algorithm. <br>
+or <br>
+./eltt2 -a sha1 41624364 Hash given data with SHA-1 hash algorithm. <br>
+./eltt2 -a sha256 41624364 Hash given data with SHA-256 hash algorithm. <br>
 
 -A: <br>
 With the "-A" command you can hash given data with the SHA-256 hash algorithm. This hash sequence sends 3 commands [start, update, complete] to the TPM and allows to hash an arbitrary amount of data. For example, use the following command to hash the byte sequence {0x41, 0x62, 0x43, 0x64}: <br>
@@ -104,8 +107,11 @@ or <br>
 ./eltt2 -d state    send a TPM2_Shutdown command with shutdown type STATE to the TPM. <br>
 
  -e: <br>
- With the "-e" command you can extend bytes in the selected PCR with SHA-1. To do so, you have to enter the index of PCR in hexadecimal that you like to extend and the digest you want to extend the selected PCR with. Note that you can only extend PCRs with index 0 to 16 and PCR 23 and that the digest must have a length of 20 bytes (will be padded with 0 if necessary). The TPM then builds an SHA-1 hash over the PCR data in the selected PCR and the digest you provided and writes the result back to the selected PCR. For example, use the following command to extend PCR 23 (0x17) with the byte sequence {0x41, 0x62, 0x43, 0x64, 0x00, ... (will be filled with 0x00)}: <br>
+ With the "-e" command you can extend bytes in the selected PCR with SHA-1/SHA-256. To do so, you have to enter the index of PCR in hexadecimal that you like to extend and the digest you want to extend the selected PCR with. Note that you can only extend PCRs with index 0 to 16 and PCR 23 and that the digest must have a length of 20/32 bytes (will be padded with 0 if necessary). The TPM then builds an SHA-1/SHA-256 hash over the PCR data in the selected PCR and the digest you provided and writes the result back to the selected PCR. For example, use the following command to extend PCR 23 (0x17) with the byte sequence {0x41, 0x62, 0x43, 0x64, 0x00, ... (will be filled with 0x00)}: <br>
- ./eltt2 -e 17 41624364
+./eltt2 -e 17 41624364 Extend bytes in PCR 23 with SHA-1. <br>
+or <br>
+./eltt2 -e sha1 17 41624364 Extend bytes in PCR 23 with SHA-1. <br>
+./eltt2 -e sha256 17 41624364 Extend bytes in PCR 23 with SHA-256. <br>
 
 -E: <br>
 With the "-E" command you can extend bytes in the selected PCR with SHA-256. To do so, you have to enter the index of PCR in hexadecimal that you like to extend and the digest you want to extend the selected PCR with. Note that you can only extend PCRs with index 0 to 16 and PCR 23 and that the digest must have a length of 32 bytes (will be padded with 0 if necessary). The TPM then builds an SHA-256 hash over the PCR data in the selected PCR and the digest you provided and writes the result back to the selected PCR. For example, use the following command to extend PCR 23 (0x17) with the byte sequence {0x41, 0x62, 0x43, 0x64, 0x00, ... (will be filled with 0x00)}: <br>
@@ -122,16 +128,22 @@ With the "-G" command you can get a given amount of random bytes. Note that you
  ./eltt2 -G 14
 
 -r: <br>
-With the "-r" command you can read data from a selected SHA-1 PCR. For example, use the following command to read data from PCR 23 (0x17): <br>
+With the "-r" command you can read data from a selected SHA-1/SHA-256 PCR. For example, use the following command to read data from PCR 23 (0x17): <br>
-./eltt2 -r 17
+./eltt2 -r 17 Read data from SHA-1 PCR 23. <br>
+or <br>
+./eltt2 -r sha1 17 Read data from SHA-1 PCR 23. <br>
+./eltt2 -r sha256 17 Read data from SHA-256 PCR 23. <br>
 
 -R: <br>
 With the "-R" command you can read data from a selected SHA-256 PCR. For example, use the following command to read data from PCR 23 (0x17): <br>
  ./eltt2 -R 17
 
 -s: <br>
-With the "-s" command you can hash given data with the SHA-1 hash algorithm. This command only allows a limited amount of data to be hashed (depending on the TPM's maximum input buffer size). For example, use the following command to hash the byte sequence {0x41, 0x62, 0x43, 0x64}: <br>
+With the "-s" command you can hash given data with the SHA-1/SHA-256 hash algorithm. This command only allows a limited amount of data to be hashed (depending on the TPM's maximum input buffer size). For example, use the following command to hash the byte sequence {0x41, 0x62, 0x43, 0x64}: <br>
- ./eltt2 -s 41624364
+./eltt2 -s 41624364 Hash given data with SHA-1 hash algorithm. <br>
+or <br>
+./eltt2 -s sha1 41624364 Hash given data with SHA-1 hash algorithm. <br>
+./eltt2 -s sha256 41624364 Hash given data with SHA-256 hash algorithm. <br>
 
 -S: <br>
 With the "-S" command you can hash given data with the SHA-256 hash algorithm. This command only allows a limited amount of data to be hashed (depending on the TPM input buffer size). For example, use the following command to hash the byte sequence {0x41, 0x62, 0x43, 0x64}: <br>

README.txt

@@ -106,56 +106,59 @@ Contents:
     the TPM).
 
 
-    Command line options:                           Preconditions:
+    Command line options:                                                                          Preconditions:
 
-    -a <data bytes>: Hash Sequence SHA-1            [u]
+    -a [hash algorithm] <data bytes>: Hash Sequence SHA-1/SHA-256 [default: SHA-1]                 [u]
 
-    -A <data bytes>: Hash Sequence SHA-256          [u]
+    -A <data bytes>: Hash Sequence SHA-256                                                         [u]
 
-    -b <command bytes>: Enter your own TPM command  [u]
+    -b <command bytes>: Enter your own TPM command                                                 [u]
 
-    -c: Read Clock                                  [u]
+    -c: Read Clock                                                                                 [u]
 
-    -d <shutdown type>: Shutdown                    [u]
+    -d <shutdown type>: Shutdown                                                                   [u]
 
-    -e: PCR Extend SHA-1 <PCR index> <PCR digest>   [u]
+    -e [hash algorithm] <PCR index> <PCR digest>: PCR Extend SHA-1/SHA-256 [default: SHA-1]        [u]
 
-    -E: PCR Extend SHA-256 <PCR index> <PCR digest> [u]
+    -E <PCR index> <PCR digest>: PCR Extend SHA-256                                                [u]
 
-    -g: Get fixed capability values                 [u]
+    -g: Get fixed capability values                                                                [u]
 
-    -v: Get variable capability values              [u]
+    -v: Get variable capability values                                                             [u]
 
-    -G <data length>: Get Random                    [u]
+    -G <data length>: Get Random                                                                   [u]
 
-    -h: Help                                        [-]
+    -h: Help                                                                                       [-]
 
-    -r <PCR index>: PCR Read SHA-1                  [u]
+    -r [hash algorithm] <PCR index>: PCR Read SHA-1/SHA-256 [default: SHA-1]                       [u]
 
-    -R <PCR index>: PCR Read SHA-256                [u]
+    -R <PCR index>: PCR Read SHA-256                                                               [u]
 
-    -s <data bytes>: Hash SHA-1                     [u]
+    -s [hash algorithm] <data bytes>: Hash SHA-1/SHA256 [default: SHA-1]                           [u]
 
-    -S <data bytes>: Hash SHA-256                   [u]
+    -S <data bytes>: Hash SHA-256                                                                  [u]
 
-    -t <test type>: Self Test                       [u]
+    -t <test type>: Self Test                                                                      [u]
 
-    -T: Get Test Result                             [u]
+    -T: Get Test Result                                                                            [u]
 
-    -u <startup type>: Startup                      [-]
+    -u <startup type>: Startup                                                                     [-]
 
-    -z <PCR index>: PCR Reset                       [u]
+    -z <PCR index>: PCR Reset                                                                      [u]
 
 
     Additional information:
 
     -a:
-    With the "-a" command you can hash given data with the SHA-1 hash algorithm.
+    With the "-a" command you can hash given data with the SHA-1/SHA-256 hash
-    This hash sequence sends 3 commands [start, update, complete] to the TPM and
+    algorithm. This hash sequence sends 3 commands [start, update, complete]
-    allows to hash an arbitrary amount of data.
+    to the TPM and allows to hash an arbitrary amount of data.
     For example, use the following command to hash the byte sequence {0x41,
     0x62, 0x43, 0x64}:
-    ./eltt2 -a 41624364
+    ./eltt2 -a 41624364           Hash given data with SHA-1 hash algorithm.
+    or
+    ./eltt2 -a sha1 41624364      Hash given data with SHA-1 hash algorithm.
+    ./eltt2 -a sha256 41624364    Hash given data with SHA-256 hash algorithm.
 
     -A:
     With the "-A" command you can hash given data with the SHA-256 hash
@@ -185,16 +188,19 @@ Contents:
                         the TPM.
 
     -e:
-    With the "-e" command you can extend bytes in the selected PCR with SHA-1.
+    With the "-e" command you can extend bytes in the selected PCR with SHA-1/SHA-256.
     To do so, you have to enter the index of PCR in hexadecimal that you like to
     extend and the digest you want to extend the selected PCR with. Note that
     you can only extend PCRs with index 0 to 16 and PCR 23 and that the digest
-    must have a length of 20 bytes (will be padded with 0 if necessary).
+    must have a length of 20/32 bytes (will be padded with 0 if necessary).
-    The TPM then builds an SHA-1 hash over the PCR data in the selected PCR and
+    The TPM then builds an SHA-1/SHA-256 hash over the PCR data in the selected PCR
-    the digest you provided and writes the result back to the selected PCR.
+    and the digest you provided and writes the result back to the selected PCR.
     For example, use the following command to extend PCR 23 (0x17) with the byte
     sequence {0x41, 0x62, 0x43, 0x64, 0x00, ... (will be filled with 0x00)}:
-    ./eltt2 -e 17 41624364
+    ./eltt2 -e 17 41624364           Extend bytes in PCR 23 with SHA-1.
+    or
+    ./eltt2 -e sha1 17 41624364      Extend bytes in PCR 23 with SHA-1.
+    ./eltt2 -e sha256 17 41624364    Extend bytes in PCR 23 with SHA-256.
 
     -E:
     With the "-E" command you can extend bytes in the selected PCR with SHA-256.
@@ -221,9 +227,12 @@ Contents:
     ./eltt2 -G 14
 
     -r:
-    With the "-r" command you can read data from a selected SHA-1 PCR.
+    With the "-r" command you can read data from a selected SHA-1/SHA-256 PCR.
     For example, use the following command to read data from PCR 23 (0x17):
-    ./eltt2 -r 17
+    ./eltt2 -r 17           Read data from SHA-1 PCR 23.
+    or
+    ./eltt2 -r sha1 17      Read data from SHA-1 PCR 23.
+    ./eltt2 -r sha256 17    Read data from SHA-256 PCR 23.
 
     -R:
     With the "-R" command you can read data from a selected SHA-256 PCR.
@@ -231,12 +240,15 @@ Contents:
     ./eltt2 -R 17
 
     -s:
-    With the "-s" command you can hash given data with the SHA-1 hash algorithm.
+    With the "-s" command you can hash given data with the SHA-1/SHA-256 hash
-    This command only allows a limited amount of data to be hashed (depending on
+    algorithm. This command only allows a limited amount of data to be hashed
-    the TPM's maximum input buffer size).
+    (depending on the TPM's maximum input buffer size).
     For example, use the following command to hash the byte sequence {0x41,
     0x62, 0x43, 0x64}:
-    ./eltt2 -s 41624364
+    ./eltt2 -s 41624364         Hash given data with SHA-1 hash algorithm.
+    or
+    ./eltt2 -s sha1 41624364    Hash given data with SHA-1 hash algorithm.
+    ./eltt2 -s sha256 41624364  Hash given data with SHA-256 hash algorithm.
 
     -S:
     With the "-S" command you can hash given data with the SHA-256 hash

eltt2.c

@@ -58,6 +58,7 @@ int main(int argc, char **argv)
 	size_t input_bytes_size = 0;		// Size of input_bytes.
 	int no_transmission = 0;		// Flag to skip the transmission call, e.g. in case of command line option -h.
 	int tpm_error = 0;			// Flag to indicate whether a TPM response has returned a TPM error code or not.
+	hash_algo_enum hash_algo = ALG_NULL;	// Variable to indicate the selected hash algorithm.
 
 	// ---------- Program flow ----------
 	printf("\n");
@@ -87,7 +88,9 @@ int main(int argc, char **argv)
 			{
 				case 'a': // TPM2_HashSequenceStart SHA-1
 				case 'A': // TPM2_HashSequenceStart SHA-256
-					ret_val = create_hash_sequence(optarg, option, tpm_response_buf, &tpm_response_buf_size);
+					HASH_ALG_PARSER('a', 3);
+
+					ret_val = create_hash_sequence(optarg, hash_algo, tpm_response_buf, &tpm_response_buf_size);
 					break;
 
 				case 'b': // Enter your own command bytes
@@ -130,15 +133,17 @@ int main(int argc, char **argv)
 					if (4 > argc)
 					{
 						ret_val = ERR_BAD_CMD;
-						fprintf(stderr, "The command '-%c' needs two arguments. Use '-h' for more information.\n", option);
+						fprintf(stderr, "The command '-%c' needs minimum two arguments. Use '-h' for more information.\n", option);
 
 						// Set the argument count to the next option for error handling.
 						optind += 2;
 						break;
 					}
 
+					HASH_ALG_PARSER('e', 4);
+
 					// Allocate the input buffer for pcr_extend and tpmtool_transmit.
-					if ('e' == option)
+					if (ALG_SHA1 == hash_algo)
 					{
 						input_bytes_size = sizeof(tpm2_pcr_extend) + TPM_SHA1_DIGEST_SIZE;
 					}
@@ -151,7 +156,7 @@ int main(int argc, char **argv)
 					memset(input_bytes, 0, input_bytes_size);
 
 					// Create PCR_Extend TPM request.
-					ret_val = pcr_extend(optarg, argv[optind], input_bytes, input_bytes_size, option);
+					ret_val = pcr_extend(optarg, argv[optind], input_bytes, input_bytes_size, hash_algo);
 
 					// Set the argument count to the next option for error handling.
 					optind++;
@@ -193,6 +198,8 @@ int main(int argc, char **argv)
 
 				case 'r': // PCR_Read SHA-1
 				case 'R': // PCR_Read SHA-256
+					HASH_ALG_PARSER('r', 3);
+
 					// Allocate the input buffer for pcr_read and tpmtool_transmit.
 					input_bytes_size = sizeof(tpm2_pcr_read);
 					input_bytes = malloc(input_bytes_size);
@@ -200,7 +207,7 @@ int main(int argc, char **argv)
 					memset(input_bytes, 0, input_bytes_size);
 
 					// Create PCR_Read TPM request.
-					ret_val = pcr_read(optarg, input_bytes, option);
+					ret_val = pcr_read(optarg, input_bytes, hash_algo);
 					RET_VAL_CHECK(ret_val);
 
 					// Send bytes to TPM.
@@ -209,6 +216,8 @@ int main(int argc, char **argv)
 
 				case 's': // Hash SHA-1
 				case 'S': // Hash SHA-256
+					HASH_ALG_PARSER('s', 3);
+
 					// Allocate the input buffer for create_hash and tpmtool_transmit.
 					input_bytes_size = strlen(optarg) / HEX_BYTE_STRING_LENGTH + strlen(optarg) % HEX_BYTE_STRING_LENGTH + sizeof(tpm2_hash);
 					input_bytes = malloc(input_bytes_size);
@@ -216,7 +225,7 @@ int main(int argc, char **argv)
 					memset(input_bytes, 0, input_bytes_size);
 
 					// Create Hash TPM request.
-					ret_val = create_hash(optarg, option, input_bytes, input_bytes_size);
+					ret_val = create_hash(optarg, hash_algo, input_bytes, input_bytes_size);
 					RET_VAL_CHECK(ret_val);
 
 					// Send bytes to TPM.
@@ -715,8 +724,9 @@ static int print_response_buf(uint8_t *response_buf, size_t resp_size, uint32_t
 
 static void print_help()
 {
-	printf("'-a <data bytes>': Hash Sequence SHA-1\n");
+	printf("'-a [hash algorithm] <data bytes>': Hash Sequence SHA-1/SHA-256 [default: SHA-1]\n");
-	printf("        -> Data bytes: Enter a byte sequence like '0F56...' for {0x0f, 0x56, ...}\n");
+	printf("        -> Hash algorithm: Enter hash algorithm like 'sha1', 'sha256'\n");
+	printf("           Data bytes: Enter a byte sequence like '0F56...' for {0x0f, 0x56, ...}\n");
 	printf("'-A <data bytes>': Hash Sequence SHA-256\n");
 	printf("        -> Data bytes: Enter a byte sequence like '0F56...' for {0x0f, 0x56, ...}\n");
 	printf("'-b <command bytes>': Enter your own TPM command\n");
@@ -724,8 +734,9 @@ static void print_help()
 	printf("'-c': Read Clock\n");
 	printf("'-d <shutdown type>': Shutdown\n");
 	printf("        -> Shutdown types: clear [default], state\n");
-	printf("'-e <PCR index> <PCR digest>': PCR Extend SHA-1\n");
+	printf("'-e [hash algorithm] <PCR index> <PCR digest>': PCR Extend SHA-1/SHA-256 [default: SHA-1]\n");
-	printf("        -> PCR index:  Enter the PCR index in hex like '17' for 0x17\n");
+	printf("        -> Hash algorithm: Enter hash algorithm like 'sha1', 'sha256'\n");
+	printf("           PCR index:  Enter the PCR index in hex like '17' for 0x17\n");
 	printf("           PCR digest: Enter the value to extend the PCR with in hex like '0f56...' for {0x0f, 0x56, ...}\n");
 	printf("'-E <PCR index> <PCR digest>': PCR Extend SHA-256\n");
 	printf("        -> PCR index:  Enter the PCR index in hex like '17' for 0x17\n");
@@ -735,12 +746,14 @@ static void print_help()
 	printf("'-G <byte count>': Get Random\n");
 	printf("        -> Enter desired number of random bytes in hex like '20' for 0x20 (=32 bytes, maximum)\n");
 	printf("'-h': Help\n");
-	printf("'-r <PCR index>': PCR Read SHA-1\n");
+	printf("'-r [hash algorithm] <PCR index>': PCR Read SHA-1/SHA-256 [default: SHA-1]\n");
-	printf("        -> PCR index: Enter PCR number in hex like '17' for 0x17\n");
+	printf("        -> Hash algorithm: Enter hash algorithm like 'sha1', 'sha256'\n");
+	printf("           PCR index: Enter PCR number in hex like '17' for 0x17\n");
 	printf("'-R <PCR index>': PCR Read SHA-256\n");
 	printf("        -> PCR index: Enter PCR number in hex like '17' for 0x17\n");
-	printf("'-s <data bytes>': Hash SHA-1\n");
+	printf("'-s [hash algorithm] <data bytes>': Hash SHA-1/SHA-256 [default: SHA-1]\n");
-	printf("        -> Data bytes: Enter a byte sequence like '0F56...' for {0x0f, 0x56, ...}\n");
+	printf("        -> Hash algorithm: Enter hash algorithm like 'sha1', 'sha256'\n");
+	printf("           Data bytes: Enter a byte sequence like '0F56...' for {0x0f, 0x56, ...}\n");
 	printf("'-S <data bytes>': Hash SHA-256\n");
 	printf("        -> Data bytes: Enter a byte sequence like '0F56...' for {0x0f, 0x56, ...}\n");
 	printf("'-t <selftest type>': SelfTest\n");
@@ -1208,7 +1221,7 @@ static int get_random(char *data_length_string, uint8_t *response_buf)
 	return ret_val;
 }
 
-static int create_hash(char *data_string, char option, uint8_t *hash_cmd_buf, uint32_t hash_cmd_buf_size)
+static int create_hash(char *data_string, hash_algo_enum hash_algo, uint8_t *hash_cmd_buf, uint32_t hash_cmd_buf_size)
 {
 	int ret_val = EXIT_SUCCESS;		// Return value.
 	uint32_t offset = 0;			// Helper offset for generating command request.
@@ -1220,13 +1233,6 @@ static int create_hash(char *data_string, char option, uint8_t *hash_cmd_buf, ui
 		NULL_POINTER_CHECK(data_string);
 		NULL_POINTER_CHECK(hash_cmd_buf);
 
-		if ('s' != option && 'S' != option)
-		{
-			ret_val = EINVAL;
-			fprintf(stderr, "Bad parameter. Option argument must be 's' or 'S'.\n");
-			break;
-		}
-
 		if (TPM_REQ_MAX_SIZE < hash_cmd_buf_size)
 		{
 			ret_val = EINVAL;
@@ -1259,7 +1265,7 @@ static int create_hash(char *data_string, char option, uint8_t *hash_cmd_buf, ui
 		memcpy(hash_cmd_buf, tpm2_hash, sizeof(tpm2_hash));
 
 		// Set hash algorithm, command and data sizes depending on user input option at the correct byte index in the command byte stream.
-		if ('s' == option)
+		if (ALG_SHA1 == hash_algo)
 		{
 			tpm_hash_alg = sha1_alg;
 			printf("\nTPM2_Hash of '%s' with SHA-1:\n", data_string);
@@ -1292,7 +1298,7 @@ static int create_hash(char *data_string, char option, uint8_t *hash_cmd_buf, ui
 	return ret_val;
 }
 
-static int create_hash_sequence(char *data_string, char option, uint8_t *tpm_response_buf, ssize_t *tpm_response_buf_size)
+static int create_hash_sequence(char *data_string, hash_algo_enum hash_algo, uint8_t *tpm_response_buf, ssize_t *tpm_response_buf_size)
 {
 	int ret_val = EXIT_SUCCESS;		// Return value.
 	uint16_t data_string_bytes_size = 0;	// Size of user input data string in bytes.
@@ -1330,16 +1336,10 @@ static int create_hash_sequence(char *data_string, char option, uint8_t *tpm_res
 			break;
 		}
 
-		if ('a' != option && 'A' != option)
-		{
-			ret_val = EINVAL;
-			fprintf(stderr, "Bad parameter. Option argument must be 'a' or 'A'.\n");
-			break;
-		}
 		original_response_buf_size = *tpm_response_buf_size;
 
 		// Set hash algorithm depending on user input option at the correct byte index in the command byte stream.
-		if ('a' == option)
+		if (ALG_SHA1 == hash_algo)
 		{
 			printf("\nTPM2_HashSequenceStart of '%s' with SHA-1:\n", data_string);
 			memcpy(tpm2_hash_sequence_start + 12, sha1_alg, sizeof(sha1_alg));
@@ -1463,7 +1463,7 @@ static int create_hash_sequence(char *data_string, char option, uint8_t *tpm_res
 	return ret_val;
 }
 
-static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cmd_buf, size_t pcr_cmd_buf_size, char option)
+static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cmd_buf, size_t pcr_cmd_buf_size, hash_algo_enum hash_algo)
 {
 	int ret_val = EXIT_SUCCESS;	// Return value.
 	uint8_t pcr_index = 0;		// PCR index user input byte.
@@ -1490,7 +1490,7 @@ static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cm
 
 		memset(pcr_cmd_buf, 0, pcr_cmd_buf_size);
 
-		if ('e' != option && 'E' != option)
+		if (ALG_SHA1 != hash_algo && ALG_SHA256 != hash_algo)
 		{
 			ret_val = EINVAL;
 			fprintf(stderr, "Bad parameter. Option argument must be 'e' or 'E'.\n");
@@ -1515,13 +1515,13 @@ static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cm
 
 		// Check the command line input (PCR digest).
 		pcr_digest_size = strlen(pcr_digest_str) / HEX_BYTE_STRING_LENGTH + strlen(pcr_digest_str) % HEX_BYTE_STRING_LENGTH;
-		if ('e' == option && TPM_SHA1_DIGEST_SIZE < pcr_digest_size)
+		if (ALG_SHA1 == hash_algo && TPM_SHA1_DIGEST_SIZE < pcr_digest_size)
 		{
 			ret_val = ERR_BAD_CMD;
 			fprintf(stderr, "Bad option. Maximum SHA-1 PCR digest size is 20 byte (40 characters), but you entered %u byte.\n", pcr_digest_size);
 			break;
 		}
-		if ('E' == option && TPM_SHA256_DIGEST_SIZE < pcr_digest_size)
+		if (ALG_SHA256 == hash_algo && TPM_SHA256_DIGEST_SIZE < pcr_digest_size)
 		{
 			ret_val = ERR_BAD_CMD;
 			fprintf(stderr, "Bad option. Maximum SHA-256 PCR digest size is 32 byte (64 characters), but you entered %u byte.\n", pcr_digest_size);
@@ -1539,13 +1539,13 @@ static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cm
 		RET_VAL_CHECK(ret_val);
 
 		// Set hash algorithm and command length depending on user input option at the correct byte index in the command byte stream.
-		if ('e' == option)
+		if (ALG_SHA1 == hash_algo)
 		{
 			pcr_cmd_buf[5] = sizeof(tpm2_pcr_extend) + TPM_SHA1_DIGEST_SIZE;
 			memcpy(pcr_cmd_buf + 31, sha1_alg, sizeof(sha1_alg));
 			printf("Extend PCR %i (SHA-1) with digest { ", pcr_index);
 		}
-		else if ('E' == option)
+		else if (ALG_SHA256 == hash_algo)
 		{
 			pcr_cmd_buf[5] = sizeof(tpm2_pcr_extend) + TPM_SHA256_DIGEST_SIZE;
 			memcpy(pcr_cmd_buf + 31, sha256_alg, sizeof(sha256_alg));
@@ -1558,7 +1558,7 @@ static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cm
 	return ret_val;
 }
 
-static int pcr_read(char *pcr_index_str, uint8_t *pcr_cmd_buf, char option)
+static int pcr_read(char *pcr_index_str, uint8_t *pcr_cmd_buf, hash_algo_enum hash_algo)
 {
 	int ret_val = EXIT_SUCCESS;	// Return value.
 	int pcr_byte_index = 0;		// The location for pcr_select on pcr_cmd_buf.
@@ -1572,13 +1572,6 @@ static int pcr_read(char *pcr_index_str, uint8_t *pcr_cmd_buf, char option)
 
 		memset(pcr_cmd_buf, 0, 20);
 
-		if ('r' != option && 'R' != option)
-		{
-			ret_val = EINVAL;
-			fprintf(stderr, "Bad parameter. Option argument must be 'r' or 'R'.\n");
-			break;
-		}
-
 		// Convert the command line input to bytes.
 		if (1 != strlen(pcr_index_str) / HEX_BYTE_STRING_LENGTH + strlen(pcr_index_str) % HEX_BYTE_STRING_LENGTH)
 		{
@@ -1610,12 +1603,12 @@ static int pcr_read(char *pcr_index_str, uint8_t *pcr_cmd_buf, char option)
 		pcr_cmd_buf[17 + pcr_byte_index] = pcr_select;
 
 		// Set hash algorithm depending on user input option at the correct byte index in the command byte stream.
-		if ('r' == option)
+		if (ALG_SHA1 == hash_algo)
 		{
 			memcpy(pcr_cmd_buf + 14, sha1_alg, sizeof(sha1_alg));
 			printf("Read PCR %i (SHA-1):\n", pcr_index);
 		}
-		else if ('R' == option)
+		else if (ALG_SHA256 == hash_algo)
 		{
 			memcpy(pcr_cmd_buf + 14, sha256_alg, sizeof(sha256_alg));
 			printf("Read PCR %i (SHA-256):\n", pcr_index);

eltt2.h

@@ -123,6 +123,48 @@
 #define MEMSET_FREE(x, y) if (NULL != x) { memset(x, 0, y); free(x); x = NULL; } ///< Sets memory to 0, frees memory and sets pointer to NULL.
 // Return value check
 #define RET_VAL_CHECK(x) if (EXIT_SUCCESS != x) { break; } ///< Return value check
+// Command line option parser for hash algorithm
+#define HASH_ALG_PARSER(o, c) \
+	do { \
+		if (o == option) \
+		{ \
+			if (c == argc) \
+			{ \
+				hash_algo = ALG_SHA1; \
+			} \
+			else \
+			{ \
+				if (0 == strcasecmp(optarg, "sha1")) \
+				{ \
+					hash_algo = ALG_SHA1; \
+				} \
+				else if (0 == strcasecmp(optarg, "sha256")) \
+				{ \
+					hash_algo = ALG_SHA256; \
+				} \
+				else \
+				{ \
+					ret_val = ERR_BAD_CMD; \
+					fprintf(stderr, "Unknown option. Use '-h' for more information.\n"); \
+					break; \
+				} \
+				optarg = argv[optind++]; \
+			} \
+		} \
+		else \
+		{ \
+			hash_algo = ALG_SHA256; \
+		} \
+	} while (0)
+
+//--------------"Enums"--------------
+// Hash algorithms
+typedef enum hash_algo_enum
+{
+	ALG_NULL,
+	ALG_SHA1,
+	ALG_SHA256,
+} hash_algo_enum;
 
 //-------------"Methods"-------------
 /**
@@ -173,7 +215,7 @@ static int int_to_bytearray(uint64_t input, uint32_t input_size, uint8_t *output
   * @param	[in]	*pcr_digest_str		User input string of value to extend the selected PCR with.
   * @param	[out]	*pcr_cmd_buf		Return buffer for the complete command. Must be allocated by caller.
   * @param	[in]	*pcr_cmd_buf_size	Size of memory allocated at pcr_cmd_buf in bytes.
-  * @param	[in]	*option			Set to 'e' for extending with SHA-1 and to 'E' for SHA-256.
+  * @param	[in]	hash_algo		Set to ALG_SHA1 for extending with SHA-1 and to ALG_SHA256 for SHA-256.
   * @return	One of the listed return codes.
   * @retval	EINVAL				In case of a NULL pointer or an invalid option.
   * @retval	EXIT_SUCCESS			In case of success.
@@ -181,13 +223,13 @@ static int int_to_bytearray(uint64_t input, uint32_t input_size, uint8_t *output
   * @retval	hexstr_to_bytearray		All error codes from hexstr_to_bytearray.
   * @date	2014/06/26
   */
-static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cmd_buf, size_t pcr_cmd_buf_size, char option);
+static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cmd_buf, size_t pcr_cmd_buf_size, hash_algo_enum hash_algo);
 
 /**
   * @brief	Create the PCR_Read command.
   * @param	[in]	*pcr_index_str		User input string for PCR index.
   * @param	[out]	*pcr_cmd_buf		Return buffer for the complete command.
-  * @param	[in]	*option			Set to 'r' for reading with SHA-1 and to 'R' for SHA-256.
+  * @param	[in]	hash_algo		Set to ALG_SHA1 for reading with SHA-1 and to ALG_SHA256 for SHA-256.
   * @return	One of the listed return codes.
   * @retval	EINVAL				In case of a NULL pointer or an invalid option.
   * @retval	EXIT_SUCCESS			In case of success.
@@ -195,7 +237,7 @@ static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cm
   * @retval	hexstr_to_bytearray		All error codes from hexstr_to_bytearray.
   * @date	2014/06/26
   */
-static int pcr_read(char *pcr_index_str, uint8_t *pcr_cmd_buf, char option);
+static int pcr_read(char *pcr_index_str, uint8_t *pcr_cmd_buf, hash_algo_enum hash_algo);
 
 /**
   * @brief	Create the PCR_Reset command.
@@ -313,7 +355,7 @@ static int get_random(char *data_length_string, uint8_t *response_buf);
 /**
   * @brief	Create the simple hash command.
   * @param	[in]	*data_string		User input string of data to be hashed.
-  * @param	[in]	option			Set to 's' for hashing with SHA-1 and to 'S' for SHA-256.
+  * @param	[in]	hash_algo		Set to ALG_SHA1 for hashing with SHA-1 and to ALG_SHA256 for SHA-256.
   * @param	[out]	*hash_cmd_buf		Return buffer for the complete command.
   * @param	[in]	hash_cmd_buf_size	Return buffer size.
   * @return	One of the listed return codes.
@@ -323,12 +365,12 @@ static int get_random(char *data_length_string, uint8_t *response_buf);
   * @retval	int_to_bytearray		All error codes from int_to_bytearray.
   * @date	2014/06/26
   */
-static int create_hash(char *data_string, char option, uint8_t *hash_cmd_buf, uint32_t hash_cmd_buf_size);
+static int create_hash(char *data_string, hash_algo_enum hash_algo, uint8_t *hash_cmd_buf, uint32_t hash_cmd_buf_size);
 
 /**
   * @brief	Create and transmit a sequence of TPM commands for hashing larger amounts of data.
   * @param	[in]	*data_string		User input string of data to be hashed.
-  * @param	[in]	option			Set to 'a' for hashing with SHA-1 and to 'A' for SHA-256.
+  * @param	[in]	hash_algo		Set to ALG_SHA1 for hashing with SHA-1 and to ALG_SHA256 for SHA-256.
   * @param	[out]	*tpm_response_buf	TPM response.
   * @param	[out]	*tpm_response_buf_size	Size of tpm_response_buf.
   * @return	One of the listed return codes or the error code stored in the global errno system variable.
@@ -342,7 +384,7 @@ static int create_hash(char *data_string, char option, uint8_t *hash_cmd_buf, ui
   * @retval	print_response_buf		All error codes from print_response_buf
   * @date	2014/06/26
   */
-static int create_hash_sequence(char *data_string, char option, uint8_t *tpm_response_buf, ssize_t *tpm_response_buf_size);
+static int create_hash_sequence(char *data_string, hash_algo_enum hash_algo, uint8_t *tpm_response_buf, ssize_t *tpm_response_buf_size);
 
 //-------------"command bytes"-------------
 static const uint8_t tpm2_startup_clear[] = {