1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * SPDX-License-Identifier: curl
22 *
23 * RFC2104 Keyed-Hashing for Message Authentication
24 *
25 ***************************************************************************/
26
27 #include "curl_setup.h"
28
29 #if (defined(USE_CURL_NTLM_CORE) && !defined(USE_WINDOWS_SSPI)) || \
30 !defined(CURL_DISABLE_AWS) || !defined(CURL_DISABLE_DIGEST_AUTH) || \
31 defined(USE_SSL)
32
33 #include <curl/curl.h>
34
35 #include "curl_hmac.h"
36 #include "curl_memory.h"
37 #include "warnless.h"
38
39 /* The last #include file should be: */
40 #include "memdebug.h"
41
42 /*
43 * Generic HMAC algorithm.
44 *
45 * This module computes HMAC digests based on any hash function. Parameters
46 * and computing procedures are setup dynamically at HMAC computation context
47 * initialization.
48 */
49
50 static const unsigned char hmac_ipad = 0x36;
51 static const unsigned char hmac_opad = 0x5C;
52
53 struct HMAC_context *
Curl_HMAC_init(const struct HMAC_params * hashparams,const unsigned char * key,unsigned int keylen)54 Curl_HMAC_init(const struct HMAC_params *hashparams,
55 const unsigned char *key,
56 unsigned int keylen)
57 {
58 size_t i;
59 struct HMAC_context *ctxt;
60 unsigned char *hkey;
61 unsigned char b;
62
63 /* Create HMAC context. */
64 i = sizeof(*ctxt) + 2 * hashparams->ctxtsize + hashparams->resultlen;
65 ctxt = malloc(i);
66
67 if(!ctxt)
68 return ctxt;
69
70 ctxt->hash = hashparams;
71 ctxt->hashctxt1 = (void *) (ctxt + 1);
72 ctxt->hashctxt2 = (void *) ((char *) ctxt->hashctxt1 + hashparams->ctxtsize);
73
74 /* If the key is too long, replace it by its hash digest. */
75 if(keylen > hashparams->maxkeylen) {
76 hashparams->hinit(ctxt->hashctxt1);
77 hashparams->hupdate(ctxt->hashctxt1, key, keylen);
78 hkey = (unsigned char *) ctxt->hashctxt2 + hashparams->ctxtsize;
79 hashparams->hfinal(hkey, ctxt->hashctxt1);
80 key = hkey;
81 keylen = hashparams->resultlen;
82 }
83
84 /* Prime the two hash contexts with the modified key. */
85 hashparams->hinit(ctxt->hashctxt1);
86 hashparams->hinit(ctxt->hashctxt2);
87
88 for(i = 0; i < keylen; i++) {
89 b = (unsigned char)(*key ^ hmac_ipad);
90 hashparams->hupdate(ctxt->hashctxt1, &b, 1);
91 b = (unsigned char)(*key++ ^ hmac_opad);
92 hashparams->hupdate(ctxt->hashctxt2, &b, 1);
93 }
94
95 for(; i < hashparams->maxkeylen; i++) {
96 hashparams->hupdate(ctxt->hashctxt1, &hmac_ipad, 1);
97 hashparams->hupdate(ctxt->hashctxt2, &hmac_opad, 1);
98 }
99
100 /* Done, return pointer to HMAC context. */
101 return ctxt;
102 }
103
Curl_HMAC_update(struct HMAC_context * ctxt,const unsigned char * ptr,unsigned int len)104 int Curl_HMAC_update(struct HMAC_context *ctxt,
105 const unsigned char *ptr,
106 unsigned int len)
107 {
108 /* Update first hash calculation. */
109 ctxt->hash->hupdate(ctxt->hashctxt1, ptr, len);
110 return 0;
111 }
112
113
Curl_HMAC_final(struct HMAC_context * ctxt,unsigned char * output)114 int Curl_HMAC_final(struct HMAC_context *ctxt, unsigned char *output)
115 {
116 const struct HMAC_params *hashparams = ctxt->hash;
117
118 /* Do not get output if called with a null parameter: only release
119 storage. */
120
121 if(!output)
122 output = (unsigned char *) ctxt->hashctxt2 + ctxt->hash->ctxtsize;
123
124 hashparams->hfinal(output, ctxt->hashctxt1);
125 hashparams->hupdate(ctxt->hashctxt2, output, hashparams->resultlen);
126 hashparams->hfinal(output, ctxt->hashctxt2);
127 free(ctxt);
128 return 0;
129 }
130
131 /*
132 * Curl_hmacit()
133 *
134 * This is used to generate a HMAC hash, for the specified input data, given
135 * the specified hash function and key.
136 *
137 * Parameters:
138 *
139 * hashparams [in] - The hash function (Curl_HMAC_MD5).
140 * key [in] - The key to use.
141 * keylen [in] - The length of the key.
142 * buf [in] - The data to encrypt.
143 * buflen [in] - The length of the data.
144 * output [in/out] - The output buffer.
145 *
146 * Returns CURLE_OK on success.
147 */
Curl_hmacit(const struct HMAC_params * hashparams,const unsigned char * key,const size_t keylen,const unsigned char * buf,const size_t buflen,unsigned char * output)148 CURLcode Curl_hmacit(const struct HMAC_params *hashparams,
149 const unsigned char *key, const size_t keylen,
150 const unsigned char *buf, const size_t buflen,
151 unsigned char *output)
152 {
153 struct HMAC_context *ctxt =
154 Curl_HMAC_init(hashparams, key, curlx_uztoui(keylen));
155
156 if(!ctxt)
157 return CURLE_OUT_OF_MEMORY;
158
159 /* Update the digest with the given challenge */
160 Curl_HMAC_update(ctxt, buf, curlx_uztoui(buflen));
161
162 /* Finalise the digest */
163 Curl_HMAC_final(ctxt, output);
164
165 return CURLE_OK;
166 }
167
168 #endif /* Using NTLM (without SSPI) or AWS */
169