diff options
Diffstat (limited to 'programs/hash')
| -rw-r--r-- | programs/hash/CMakeLists.txt | 15 | ||||
| -rw-r--r-- | programs/hash/generic_sum.c | 209 | ||||
| -rw-r--r-- | programs/hash/hello.c | 45 | ||||
| -rw-r--r-- | programs/hash/md_hmac_demo.c | 136 |
4 files changed, 405 insertions, 0 deletions
diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt new file mode 100644 index 00000000000..fcacf3ba4f3 --- /dev/null +++ b/programs/hash/CMakeLists.txt @@ -0,0 +1,15 @@ +set(executables + generic_sum + hello + md_hmac_demo +) + +foreach(exe IN LISTS executables) + add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) + target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) +endforeach() + +install(TARGETS ${executables} + DESTINATION "bin" + PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c new file mode 100644 index 00000000000..3fd2b00891b --- /dev/null +++ b/programs/hash/generic_sum.c @@ -0,0 +1,209 @@ +/* + * generic message digest layer demonstration program + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "mbedtls/build_info.h" + +#include "mbedtls/platform.h" + +#if defined(MBEDTLS_MD_C) && defined(MBEDTLS_FS_IO) +#include "mbedtls/md.h" + +#include <stdio.h> +#include <string.h> +#endif + +#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_FS_IO) +int main(void) +{ + mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n"); + mbedtls_exit(0); +} +#else + + +static int generic_wrapper(const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum) +{ + int ret = mbedtls_md_file(md_info, filename, sum); + + if (ret == 1) { + mbedtls_fprintf(stderr, "failed to open: %s\n", filename); + } + + if (ret == 2) { + mbedtls_fprintf(stderr, "failed to read: %s\n", filename); + } + + return ret; +} + +static int generic_print(const mbedtls_md_info_t *md_info, char *filename) +{ + int i; + unsigned char sum[MBEDTLS_MD_MAX_SIZE]; + + if (generic_wrapper(md_info, filename, sum) != 0) { + return 1; + } + + for (i = 0; i < mbedtls_md_get_size(md_info); i++) { + mbedtls_printf("%02x", sum[i]); + } + + mbedtls_printf(" %s\n", filename); + return 0; +} + +static int generic_check(const mbedtls_md_info_t *md_info, char *filename) +{ + int i; + size_t n; + FILE *f; + int nb_err1, nb_err2; + int nb_tot1, nb_tot2; + unsigned char sum[MBEDTLS_MD_MAX_SIZE]; + char line[1024]; + char diff; +#if defined(__clang_analyzer__) + char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { }; +#else + char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1]; +#endif + + if ((f = fopen(filename, "rb")) == NULL) { + mbedtls_printf("failed to open: %s\n", filename); + return 1; + } + + nb_err1 = nb_err2 = 0; + nb_tot1 = nb_tot2 = 0; + + memset(line, 0, sizeof(line)); + + n = sizeof(line); + + while (fgets(line, (int) n - 1, f) != NULL) { + n = strlen(line); + + if (n < (size_t) 2 * mbedtls_md_get_size(md_info) + 4) { + mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info)); + continue; + } + + if (line[2 * mbedtls_md_get_size(md_info)] != ' ' || + line[2 * mbedtls_md_get_size(md_info) + 1] != ' ') { + mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info)); + continue; + } + + if (line[n - 1] == '\n') { + n--; line[n] = '\0'; + } + if (line[n - 1] == '\r') { + n--; line[n] = '\0'; + } + + nb_tot1++; + + if (generic_wrapper(md_info, line + 2 + 2 * mbedtls_md_get_size(md_info), sum) != 0) { + nb_err1++; + continue; + } + + nb_tot2++; + + for (i = 0; i < mbedtls_md_get_size(md_info); i++) { + sprintf(buf + i * 2, "%02x", sum[i]); + } + + /* Use constant-time buffer comparison */ + diff = 0; + for (i = 0; i < 2 * mbedtls_md_get_size(md_info); i++) { + diff |= line[i] ^ buf[i]; + } + + if (diff != 0) { + nb_err2++; + mbedtls_fprintf(stderr, "wrong checksum: %s\n", line + 66); + } + + n = sizeof(line); + } + + if (nb_err1 != 0) { + mbedtls_printf("WARNING: %d (out of %d) input files could " + "not be read\n", nb_err1, nb_tot1); + } + + if (nb_err2 != 0) { + mbedtls_printf("WARNING: %d (out of %d) computed checksums did " + "not match\n", nb_err2, nb_tot2); + } + + fclose(f); + + return nb_err1 != 0 || nb_err2 != 0; +} + +int main(int argc, char *argv[]) +{ + int ret = 1, i; + int exit_code = MBEDTLS_EXIT_FAILURE; + const mbedtls_md_info_t *md_info; + mbedtls_md_context_t md_ctx; + + mbedtls_md_init(&md_ctx); + + if (argc < 2) { + const int *list; + + mbedtls_printf("print mode: generic_sum <mbedtls_md> <file> <file> ...\n"); + mbedtls_printf("check mode: generic_sum <mbedtls_md> -c <checksum file>\n"); + + mbedtls_printf("\nAvailable message digests:\n"); + list = mbedtls_md_list(); + while (*list) { + md_info = mbedtls_md_info_from_type(*list); + mbedtls_printf(" %s\n", mbedtls_md_get_name(md_info)); + list++; + } + + mbedtls_exit(exit_code); + } + + /* + * Read the MD from the command line + */ + md_info = mbedtls_md_info_from_string(argv[1]); + if (md_info == NULL) { + mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[1]); + mbedtls_exit(exit_code); + } + if (mbedtls_md_setup(&md_ctx, md_info, 0)) { + mbedtls_fprintf(stderr, "Failed to initialize context.\n"); + mbedtls_exit(exit_code); + } + + ret = 0; + if (argc == 4 && strcmp("-c", argv[2]) == 0) { + ret |= generic_check(md_info, argv[3]); + goto exit; + } + + for (i = 2; i < argc; i++) { + ret |= generic_print(md_info, argv[i]); + } + + if (ret == 0) { + exit_code = MBEDTLS_EXIT_SUCCESS; + } + +exit: + mbedtls_md_free(&md_ctx); + + mbedtls_exit(exit_code); +} +#endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */ diff --git a/programs/hash/hello.c b/programs/hash/hello.c new file mode 100644 index 00000000000..8caae885180 --- /dev/null +++ b/programs/hash/hello.c @@ -0,0 +1,45 @@ +/* + * Classic "Hello, world" demonstration program + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "mbedtls/build_info.h" + +#include "mbedtls/platform.h" + +#if defined(MBEDTLS_MD5_C) +#include "mbedtls/md5.h" +#endif + +#if !defined(MBEDTLS_MD5_C) +int main(void) +{ + mbedtls_printf("MBEDTLS_MD5_C not defined.\n"); + mbedtls_exit(0); +} +#else + + +int main(void) +{ + int i, ret; + unsigned char digest[16]; + char str[] = "Hello, world!"; + + mbedtls_printf("\n MD5('%s') = ", str); + + if ((ret = mbedtls_md5((unsigned char *) str, 13, digest)) != 0) { + mbedtls_exit(MBEDTLS_EXIT_FAILURE); + } + + for (i = 0; i < 16; i++) { + mbedtls_printf("%02x", digest[i]); + } + + mbedtls_printf("\n\n"); + + mbedtls_exit(MBEDTLS_EXIT_SUCCESS); +} +#endif /* MBEDTLS_MD5_C */ diff --git a/programs/hash/md_hmac_demo.c b/programs/hash/md_hmac_demo.c new file mode 100644 index 00000000000..581816a1d92 --- /dev/null +++ b/programs/hash/md_hmac_demo.c @@ -0,0 +1,136 @@ +/** + * MD API multi-part HMAC demonstration. + * + * This programs computes the HMAC of two messages using the multi-part API. + * + * This is a companion to psa/hmac_demo.c, doing the same operations with the + * legacy MD API. The goal is that comparing the two programs will help people + * migrating to the PSA Crypto API. + * + * When it comes to multi-part HMAC operations, the `mbedtls_md_context` + * serves a dual purpose (1) hold the key, and (2) save progress information + * for the current operation. With PSA those roles are held by two disinct + * objects: (1) a psa_key_id_t to hold the key, and (2) a psa_operation_t for + * multi-part progress. + * + * This program and its companion psa/hmac_demo.c illustrate this by doing the + * same sequence of multi-part HMAC computation with both APIs; looking at the + * two side by side should make the differences and similarities clear. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +/* First include Mbed TLS headers to get the Mbed TLS configuration and + * platform definitions that we'll use in this program. Also include + * standard C headers for functions we'll use here. */ +#include "mbedtls/build_info.h" + +#include "mbedtls/md.h" + +#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize + +#include <stdlib.h> +#include <stdio.h> + +/* If the build options we need are not enabled, compile a placeholder. */ +#if !defined(MBEDTLS_MD_C) +int main(void) +{ + printf("MBEDTLS_MD_C not defined\r\n"); + return 0; +} +#else + +/* The real program starts here. */ + +/* Dummy inputs for HMAC */ +const unsigned char msg1_part1[] = { 0x01, 0x02 }; +const unsigned char msg1_part2[] = { 0x03, 0x04 }; +const unsigned char msg2_part1[] = { 0x05, 0x05 }; +const unsigned char msg2_part2[] = { 0x06, 0x06 }; + +/* Dummy key material - never do this in production! + * This example program uses SHA-256, so a 32-byte key makes sense. */ +const unsigned char key_bytes[32] = { 0 }; + +/* Print the contents of a buffer in hex */ +void print_buf(const char *title, unsigned char *buf, size_t len) +{ + printf("%s:", title); + for (size_t i = 0; i < len; i++) { + printf(" %02x", buf[i]); + } + printf("\n"); +} + +/* Run an Mbed TLS function and bail out if it fails. + * A string description of the error code can be recovered with: + * programs/util/strerror <value> */ +#define CHK(expr) \ + do \ + { \ + ret = (expr); \ + if (ret != 0) \ + { \ + printf("Error %d at line %d: %s\n", \ + ret, \ + __LINE__, \ + #expr); \ + goto exit; \ + } \ + } while (0) + +/* + * This function demonstrates computation of the HMAC of two messages using + * the multipart API. + */ +int hmac_demo(void) +{ + int ret; + const mbedtls_md_type_t alg = MBEDTLS_MD_SHA256; + unsigned char out[MBEDTLS_MD_MAX_SIZE]; // safe but not optimal + + mbedtls_md_context_t ctx; + + mbedtls_md_init(&ctx); + + /* prepare context and load key */ + // the last argument to setup is 1 to enable HMAC (not just hashing) + const mbedtls_md_info_t *info = mbedtls_md_info_from_type(alg); + CHK(mbedtls_md_setup(&ctx, info, 1)); + CHK(mbedtls_md_hmac_starts(&ctx, key_bytes, sizeof(key_bytes))); + + /* compute HMAC(key, msg1_part1 | msg1_part2) */ + CHK(mbedtls_md_hmac_update(&ctx, msg1_part1, sizeof(msg1_part1))); + CHK(mbedtls_md_hmac_update(&ctx, msg1_part2, sizeof(msg1_part2))); + CHK(mbedtls_md_hmac_finish(&ctx, out)); + print_buf("msg1", out, mbedtls_md_get_size(info)); + + /* compute HMAC(key, msg2_part1 | msg2_part2) */ + CHK(mbedtls_md_hmac_reset(&ctx)); // prepare for new operation + CHK(mbedtls_md_hmac_update(&ctx, msg2_part1, sizeof(msg2_part1))); + CHK(mbedtls_md_hmac_update(&ctx, msg2_part2, sizeof(msg2_part2))); + CHK(mbedtls_md_hmac_finish(&ctx, out)); + print_buf("msg2", out, mbedtls_md_get_size(info)); + +exit: + mbedtls_md_free(&ctx); + mbedtls_platform_zeroize(out, sizeof(out)); + + return ret; +} + +int main(void) +{ + int ret; + + CHK(hmac_demo()); + +exit: + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +#endif |