mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-26 21:39:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Demonstrate better practices in HMAC examples

Browse Source 
- avoid hardcoded sizes when there's a macro for that
- avoid mutable global variables
- zeroize potentially-sensitive local buffer on exit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2022-01-31 12:23:37 +01:00
parent f392a02c50
commit 6349794648
2 changed files with 29 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
programs/psa/hmac_non_psa.c
View File

@ -42,6 +42,8 @@
#include "mbedtls/md.h" #include "mbedtls/md.h"
#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
@ -66,15 +68,12 @@ const unsigned char msg2_part2[] = { 0x06, 0x06 };
* This example program uses SHA-256, so a 32-byte key makes sense. */ * This example program uses SHA-256, so a 32-byte key makes sense. */
const unsigned char key_bytes[32] = { 0 }; const unsigned char key_bytes[32] = { 0 };
/* Buffer for the output - using SHA-256, so 32-byte output */ /* Print the contents of a buffer in hex */
unsigned char out[32]; void print_buf( const char *title, unsigned char *buf, size_t len )
/* Print the contents of the output buffer in hex */
void print_out( const char *title )
{ {
printf( "%s:", title ); printf( "%s:", title );
for( size_t i = 0; i < sizeof( out ); i++ ) for( size_t i = 0; i < len; i++ )
printf( " %02x", out[i] ); printf( " %02x", buf[i] );
printf( "\n" ); printf( "\n" );
} }
@ -100,29 +99,34 @@ void print_out( const char *title )
int hmac_demo(void) int hmac_demo(void)
{ {
int ret; int ret;
const mbedtls_md_type_t alg = MBEDTLS_MD_SHA256;
unsigned char out[MBEDTLS_MD_MAX_SIZE]; // safe but not optimal
mbedtls_md_context_t ctx; mbedtls_md_context_t ctx;
mbedtls_md_init( &ctx ); mbedtls_md_init( &ctx );
/* prepare context and load key */ /* prepare context and load key */
CHK( mbedtls_md_setup( &ctx, mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), 1 ) ); // the last argument to setup is 1 to enable HMAC (not just hashing)
CHK( mbedtls_md_setup( &ctx, mbedtls_md_info_from_type( alg ), 1 ) );
CHK( mbedtls_md_hmac_starts( &ctx, key_bytes, sizeof( key_bytes ) ) ); CHK( mbedtls_md_hmac_starts( &ctx, key_bytes, sizeof( key_bytes ) ) );
/* compute HMAC(key, msg1_part1 | msg1_part2) */ /* compute HMAC(key, msg1_part1 | msg1_part2) */
CHK( mbedtls_md_hmac_update( &ctx, msg1_part1, sizeof( msg1_part1 ) ) ); CHK( mbedtls_md_hmac_update( &ctx, msg1_part1, sizeof( msg1_part1 ) ) );
CHK( mbedtls_md_hmac_update( &ctx, msg1_part2, sizeof( msg1_part2 ) ) ); CHK( mbedtls_md_hmac_update( &ctx, msg1_part2, sizeof( msg1_part2 ) ) );
CHK( mbedtls_md_hmac_finish( &ctx, out ) ); CHK( mbedtls_md_hmac_finish( &ctx, out ) );
print_out( "msg1" ); print_buf( "msg1", out, sizeof( out ) );
/* compute HMAC(key, msg2_part1 | msg2_part2) */ /* compute HMAC(key, msg2_part1 | msg2_part2) */
CHK( mbedtls_md_hmac_reset( &ctx ) ); // prepare for new operation CHK( mbedtls_md_hmac_reset( &ctx ) ); // prepare for new operation
CHK( mbedtls_md_hmac_update( &ctx, msg2_part1, sizeof( msg2_part1 ) ) ); CHK( mbedtls_md_hmac_update( &ctx, msg2_part1, sizeof( msg2_part1 ) ) );
CHK( mbedtls_md_hmac_update( &ctx, msg2_part2, sizeof( msg2_part2 ) ) ); CHK( mbedtls_md_hmac_update( &ctx, msg2_part2, sizeof( msg2_part2 ) ) );
CHK( mbedtls_md_hmac_finish( &ctx, out ) ); CHK( mbedtls_md_hmac_finish( &ctx, out ) );
print_out( "msg2" ); print_buf( "msg2", out, sizeof( out ) );
exit: exit:
mbedtls_md_free( &ctx ); mbedtls_md_free( &ctx );
mbedtls_platform_zeroize( out, sizeof( out ) );
return( ret ); return( ret );
} }

25
programs/psa/hmac_psa.c
View File

@ -42,6 +42,8 @@
#include "psa/crypto.h" #include "psa/crypto.h"
#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
@ -68,15 +70,12 @@ const unsigned char msg2_part2[] = { 0x06, 0x06 };
* This example program uses SHA-256, so a 32-byte key makes sense. */ * This example program uses SHA-256, so a 32-byte key makes sense. */
const unsigned char key_bytes[32] = { 0 }; const unsigned char key_bytes[32] = { 0 };
/* Buffer for the output - using SHA-256, so 32-byte output */ /* Print the contents of a buffer in hex */
unsigned char out[32]; void print_buf( const char *title, uint8_t *buf, size_t len )
/* Print the contents of the output buffer in hex */
void print_out( const char *title )
{ {
printf( "%s:", title ); printf( "%s:", title );
for( size_t i = 0; i < sizeof( out ); i++ ) for( size_t i = 0; i < len; i++ )
printf( " %02x", out[i] ); printf( " %02x", buf[i] );
printf( "\n" ); printf( "\n" );
} }
@ -103,9 +102,14 @@ void print_out( const char *title )
psa_status_t hmac_demo(void) psa_status_t hmac_demo(void)
{ {
psa_status_t status; psa_status_t status;
#define ALG PSA_ALG_HMAC(PSA_ALG_SHA_256)
const psa_algorithm_t alg = ALG;
// compilers with insufficient C99 support don't accept the const variable
// 'alg' here, so use a macro instead in order to pacify them
uint8_t out[PSA_MAC_LENGTH(PSA_KEY_TYPE_HMAC, 8 * sizeof( key_bytes ), ALG)];
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t key = 0; psa_key_id_t key = 0;
psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256);
/* prepare key */ /* prepare key */
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
@ -126,18 +130,19 @@ psa_status_t hmac_demo(void)
PSA_CHECK( psa_mac_update( &op, msg1_part1, sizeof( msg1_part1 ) ) ); PSA_CHECK( psa_mac_update( &op, msg1_part1, sizeof( msg1_part1 ) ) );
PSA_CHECK( psa_mac_update( &op, msg1_part2, sizeof( msg1_part2 ) ) ); PSA_CHECK( psa_mac_update( &op, msg1_part2, sizeof( msg1_part2 ) ) );
PSA_CHECK( psa_mac_sign_finish( &op, out, sizeof( out ), &out_len ) ); PSA_CHECK( psa_mac_sign_finish( &op, out, sizeof( out ), &out_len ) );
print_out( "msg1" ); print_buf( "msg1", out, sizeof( out ) );
/* compute HMAC(key, msg2_part1 | msg2_part2) */ /* compute HMAC(key, msg2_part1 | msg2_part2) */
PSA_CHECK( psa_mac_sign_setup( &op, key, alg ) ); PSA_CHECK( psa_mac_sign_setup( &op, key, alg ) );
PSA_CHECK( psa_mac_update( &op, msg2_part1, sizeof( msg2_part1 ) ) ); PSA_CHECK( psa_mac_update( &op, msg2_part1, sizeof( msg2_part1 ) ) );
PSA_CHECK( psa_mac_update( &op, msg2_part2, sizeof( msg2_part2 ) ) ); PSA_CHECK( psa_mac_update( &op, msg2_part2, sizeof( msg2_part2 ) ) );
PSA_CHECK( psa_mac_sign_finish( &op, out, sizeof( out ), &out_len ) ); PSA_CHECK( psa_mac_sign_finish( &op, out, sizeof( out ), &out_len ) );
print_out( "msg2" ); print_buf( "msg2", out, sizeof( out ) );
exit: exit:
psa_mac_abort( &op ); // needed on error, harmless on success psa_mac_abort( &op ); // needed on error, harmless on success
psa_destroy_key( key ); psa_destroy_key( key );
mbedtls_platform_zeroize( out, sizeof( out ) );
return( status ); return( status );
} }