Message authentication code (MAC)

Updated: April 19, 2023

The qcrypto library API includes cryptographic MAC functions.

See the library reference for detailed descriptions of the following functions:

HMAC

While HMAC key size has no length restrictions, the algorithm key size value is the minimum recommended length for security.

MAC examples

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <qcrypto/qcrypto.h>
#include <qcrypto/qcrypto_error.h>
#include <qcrypto/qcrypto_keys.h>
#include <private/qcrypto/qcrypto_internal.h>

int main(void)
{
    int ret;
    int result;
    qcrypto_ctx_t *qctx = NULL;
    qcrypto_key_t *qkey = NULL;
    qcrypto_ctx_t *qkeyctx = NULL;

    const char input_hex[] = "53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e";
    const size_t inputsize = (sizeof(input_hex)-1)/2;
    uint8_t inputbuf[inputsize];
    uint8_t *input_bin = inputbuf;

    const char key_hex[] = "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f";
    const size_t keysize = (sizeof(key_hex)-1)/2;
    uint8_t keybuf[keysize];
    uint8_t *key_bin = keybuf;

    const char mac_hex[] = "a28cf43130ee696a98f14a37678b56bcfcbdd9e5cf69717fecf5480f0ebdf790";
    uint8_t mac_cmpbuf[512];
    uint8_t *mac_cmp = mac_cmpbuf;
    size_t mac_cmp_size = 0;
    char mac_cmp_hexbuf[512];
    char *mac_cmp_hex = mac_cmp_hexbuf;

    /* Initialize the Qcrypto Library */
    ret = qcrypto_init(QCRYPTO_INIT_LAZY, NULL);
    if (ret != QCRYPTO_R_EOK) {
        fprintf(stderr, "qcryto_init() failed (%d:%s)\n", ret, qcrypto_strerror(ret));
        goto done;
    }

     /* Request symmetric keygen */
    ret = qcrypto_keygen_request("symmetric", NULL, 0, &qkeyctx);
    if (ret != QCRYPTO_R_EOK) {
        fprintf(stderr, "qcrypto_keygen_request() failed (%d:%s)\n", ret, qcrypto_strerror(ret));
        goto done;
    }

    /* Request hmac-sha256 */
    ret = qcrypto_mac_request("hmac-sha256", NULL, 0, &qctx);
    if (ret != QCRYPTO_R_EOK) {
        fprintf(stderr, "qcrypto_mac_request() failed (%d:%s)\n", ret, qcrypto_strerror(ret));
        goto done;
    }

    /* Convert key */
    ret = qcrypto_hex2bin(key_bin, key_hex, keysize);
    if (ret != QCRYPTO_R_EOK) {
        fprintf(stderr, "qcrypto_hex2bin() failed (%d:%s)\n", ret, qcrypto_strerror(ret));
        goto done;
    }

    /* Convert input */
    ret = qcrypto_hex2bin(input_bin, input_hex, inputsize);
    if (ret != QCRYPTO_R_EOK) {
        fprintf(stderr, "qcrypto_hex2bin() failed (%d:%s)\n", ret, qcrypto_strerror(ret));
        goto done;
    }

    /* Load key */
    ret = qcrypto_key_from_mem(qkeyctx, &qkey, key_bin, keysize);
    if (ret != QCRYPTO_R_EOK) {
        fprintf(stderr, "qcrypto_key_from_mem() failed (%d:%s)\n", ret, qcrypto_strerror(ret));
        goto done;
    }

    /* Initialize MAC */
    ret = qcrypto_mac_init(qctx, qkey);
    if (ret != QCRYPTO_R_EOK) {
        fprintf(stderr, "qcrypto_mac_init() failed (%d:%s)\n", ret, qcrypto_strerror(ret));
        goto done;
    }

    /* Update MAC */
    ret = qcrypto_mac_update(qctx, input_bin, inputsize);
    if (ret != QCRYPTO_R_EOK) {
        fprintf(stderr, "qcrypto_mac_update() failed (%d:%s)\n", ret, qcrypto_strerror(ret));
        goto done;
    }

    /* Finalize MAC */
    ret = qcrypto_mac_final(qctx, mac_cmp, &mac_cmp_size);
    if (ret != QCRYPTO_R_EOK) {
        fprintf(stderr, "qcrypto_mac_final() failed (%d:%s)\n", ret, qcrypto_strerror(ret));
        goto done;
    }

    /* Convert the MAC */
    qcrypto_bin2hex(mac_cmp_hex, mac_cmp, mac_cmp_size);

    /* Compare the results */
    result = memcmp(mac_cmp_hex, mac_hex, mac_cmp_size);
    if(result == 0) {
         printf("Computed mac matches with expected mac\n");
    } else {
         fprintf(stderr, "Computed mac failed to match with expected mac\n");
    }
    goto done;

done:
    /* Release all context handles */
    qcrypto_release_ctx(qctx);
    qcrypto_release_ctx(qkeyctx);

    /* Release the key handle */
    qcrypto_release_key(qkey);

    /* Uninitialize the Qcrypto Library */
    qcrypto_uninit();

    return ret;
}

#if defined(__QNXNTO__) && defined(__USESRCVERSION)
#include <sys/srcversion.h>
__SRCVERSION("$URL$ $Rev$")
#endif