1 /**
2  * MD API multi-part HMAC demonstration.
3  *
4  * This programs computes the HMAC of two messages using the multi-part API.
5  *
6  * This is a companion to psa/hmac_demo.c, doing the same operations with the
7  * legacy MD API. The goal is that comparing the two programs will help people
8  * migrating to the PSA Crypto API.
9  *
10  * When it comes to multi-part HMAC operations, the `mbedtls_md_context`
11  * serves a dual purpose (1) hold the key, and (2) save progress information
12  * for the current operation. With PSA those roles are held by two disinct
13  * objects: (1) a psa_key_id_t to hold the key, and (2) a psa_operation_t for
14  * multi-part progress.
15  *
16  * This program and its companion psa/hmac_demo.c illustrate this by doing the
17  * same sequence of multi-part HMAC computation with both APIs; looking at the
18  * two side by side should make the differences and similarities clear.
19  */
20 
21 /*
22  *  Copyright The Mbed TLS Contributors
23  *  SPDX-License-Identifier: Apache-2.0
24  *
25  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
26  *  not use this file except in compliance with the License.
27  *  You may obtain a copy of the License at
28  *
29  *  http://www.apache.org/licenses/LICENSE-2.0
30  *
31  *  Unless required by applicable law or agreed to in writing, software
32  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
33  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
34  *  See the License for the specific language governing permissions and
35  *  limitations under the License.
36  */
37 
38 /* First include Mbed TLS headers to get the Mbed TLS configuration and
39  * platform definitions that we'll use in this program. Also include
40  * standard C headers for functions we'll use here. */
41 #include "mbedtls/build_info.h"
42 
43 #include "mbedtls/md.h"
44 
45 #include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize
46 
47 #include <stdlib.h>
48 #include <stdio.h>
49 
50 /* If the build options we need are not enabled, compile a placeholder. */
51 #if !defined(MBEDTLS_MD_C)
main(void)52 int main(void)
53 {
54     printf("MBEDTLS_MD_C not defined\r\n");
55     return 0;
56 }
57 #else
58 
59 /* The real program starts here. */
60 
61 /* Dummy inputs for HMAC */
62 const unsigned char msg1_part1[] = { 0x01, 0x02 };
63 const unsigned char msg1_part2[] = { 0x03, 0x04 };
64 const unsigned char msg2_part1[] = { 0x05, 0x05 };
65 const unsigned char msg2_part2[] = { 0x06, 0x06 };
66 
67 /* Dummy key material - never do this in production!
68  * This example program uses SHA-256, so a 32-byte key makes sense. */
69 const unsigned char key_bytes[32] = { 0 };
70 
71 /* Print the contents of a buffer in hex */
print_buf(const char * title,unsigned char * buf,size_t len)72 void print_buf(const char *title, unsigned char *buf, size_t len)
73 {
74     printf("%s:", title);
75     for (size_t i = 0; i < len; i++) {
76         printf(" %02x", buf[i]);
77     }
78     printf("\n");
79 }
80 
81 /* Run an Mbed TLS function and bail out if it fails.
82  * A string description of the error code can be recovered with:
83  * programs/util/strerror <value> */
84 #define CHK(expr)                                             \
85     do                                                          \
86     {                                                           \
87         ret = (expr);                                         \
88         if (ret != 0)                                          \
89         {                                                       \
90             printf("Error %d at line %d: %s\n",                \
91                    ret,                                        \
92                    __LINE__,                                   \
93                    #expr);                                    \
94             goto exit;                                          \
95         }                                                       \
96     } while (0)
97 
98 /*
99  * This function demonstrates computation of the HMAC of two messages using
100  * the multipart API.
101  */
hmac_demo(void)102 int hmac_demo(void)
103 {
104     int ret;
105     const mbedtls_md_type_t alg = MBEDTLS_MD_SHA256;
106     unsigned char out[MBEDTLS_MD_MAX_SIZE]; // safe but not optimal
107 
108     mbedtls_md_context_t ctx;
109 
110     mbedtls_md_init(&ctx);
111 
112     /* prepare context and load key */
113     // the last argument to setup is 1 to enable HMAC (not just hashing)
114     const mbedtls_md_info_t *info = mbedtls_md_info_from_type(alg);
115     CHK(mbedtls_md_setup(&ctx, info, 1));
116     CHK(mbedtls_md_hmac_starts(&ctx, key_bytes, sizeof(key_bytes)));
117 
118     /* compute HMAC(key, msg1_part1 | msg1_part2) */
119     CHK(mbedtls_md_hmac_update(&ctx, msg1_part1, sizeof(msg1_part1)));
120     CHK(mbedtls_md_hmac_update(&ctx, msg1_part2, sizeof(msg1_part2)));
121     CHK(mbedtls_md_hmac_finish(&ctx, out));
122     print_buf("msg1", out, mbedtls_md_get_size(info));
123 
124     /* compute HMAC(key, msg2_part1 | msg2_part2) */
125     CHK(mbedtls_md_hmac_reset(&ctx));     // prepare for new operation
126     CHK(mbedtls_md_hmac_update(&ctx, msg2_part1, sizeof(msg2_part1)));
127     CHK(mbedtls_md_hmac_update(&ctx, msg2_part2, sizeof(msg2_part2)));
128     CHK(mbedtls_md_hmac_finish(&ctx, out));
129     print_buf("msg2", out, mbedtls_md_get_size(info));
130 
131 exit:
132     mbedtls_md_free(&ctx);
133     mbedtls_platform_zeroize(out, sizeof(out));
134 
135     return ret;
136 }
137 
main(void)138 int main(void)
139 {
140     int ret;
141 
142     CHK(hmac_demo());
143 
144 exit:
145     return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
146 }
147 
148 #endif
149