1/***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2022, Daniel Stenberg, <[email protected]>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * SPDX-License-Identifier: curl
22 *
23 * RFC2104 Keyed-Hashing for Message Authentication
24 *
25 ***************************************************************************/
26
27#include "curl_setup.h"
28
29#ifndef CURL_DISABLE_CRYPTO_AUTH
30
31#include <curl/curl.h>
32
33#include "curl_hmac.h"
34#include "curl_memory.h"
35#include "warnless.h"
36
37/* The last #include file should be: */
38#include "memdebug.h"
39
40/*
41 * Generic HMAC algorithm.
42 *
43 * This module computes HMAC digests based on any hash function. Parameters
44 * and computing procedures are set-up dynamically at HMAC computation context
45 * initialization.
46 */
47
48static const unsigned char hmac_ipad = 0x36;
49static const unsigned char hmac_opad = 0x5C;
50
51
52
53struct HMAC_context *
54Curl_HMAC_init(const struct HMAC_params *hashparams,
55 const unsigned char *key,
56 unsigned int keylen)
57{
58 size_t i;
59 struct HMAC_context *ctxt;
60 unsigned char *hkey;
61 unsigned char b;
62
63 /* Create HMAC context. */
64 i = sizeof(*ctxt) + 2 * hashparams->hmac_ctxtsize +
65 hashparams->hmac_resultlen;
66 ctxt = malloc(i);
67
68 if(!ctxt)
69 return ctxt;
70
71 ctxt->hmac_hash = hashparams;
72 ctxt->hmac_hashctxt1 = (void *) (ctxt + 1);
73 ctxt->hmac_hashctxt2 = (void *) ((char *) ctxt->hmac_hashctxt1 +
74 hashparams->hmac_ctxtsize);
75
76 /* If the key is too long, replace it by its hash digest. */
77 if(keylen > hashparams->hmac_maxkeylen) {
78 (*hashparams->hmac_hinit)(ctxt->hmac_hashctxt1);
79 (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt1, key, keylen);
80 hkey = (unsigned char *) ctxt->hmac_hashctxt2 + hashparams->hmac_ctxtsize;
81 (*hashparams->hmac_hfinal)(hkey, ctxt->hmac_hashctxt1);
82 key = hkey;
83 keylen = hashparams->hmac_resultlen;
84 }
85
86 /* Prime the two hash contexts with the modified key. */
87 (*hashparams->hmac_hinit)(ctxt->hmac_hashctxt1);
88 (*hashparams->hmac_hinit)(ctxt->hmac_hashctxt2);
89
90 for(i = 0; i < keylen; i++) {
91 b = (unsigned char)(*key ^ hmac_ipad);
92 (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt1, &b, 1);
93 b = (unsigned char)(*key++ ^ hmac_opad);
94 (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt2, &b, 1);
95 }
96
97 for(; i < hashparams->hmac_maxkeylen; i++) {
98 (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt1, &hmac_ipad, 1);
99 (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt2, &hmac_opad, 1);
100 }
101
102 /* Done, return pointer to HMAC context. */
103 return ctxt;
104}
105
106int Curl_HMAC_update(struct HMAC_context *ctxt,
107 const unsigned char *data,
108 unsigned int len)
109{
110 /* Update first hash calculation. */
111 (*ctxt->hmac_hash->hmac_hupdate)(ctxt->hmac_hashctxt1, data, len);
112 return 0;
113}
114
115
116int Curl_HMAC_final(struct HMAC_context *ctxt, unsigned char *result)
117{
118 const struct HMAC_params *hashparams = ctxt->hmac_hash;
119
120 /* Do not get result if called with a null parameter: only release
121 storage. */
122
123 if(!result)
124 result = (unsigned char *) ctxt->hmac_hashctxt2 +
125 ctxt->hmac_hash->hmac_ctxtsize;
126
127 (*hashparams->hmac_hfinal)(result, ctxt->hmac_hashctxt1);
128 (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt2,
129 result, hashparams->hmac_resultlen);
130 (*hashparams->hmac_hfinal)(result, ctxt->hmac_hashctxt2);
131 free((char *) ctxt);
132 return 0;
133}
134
135/*
136 * Curl_hmacit()
137 *
138 * This is used to generate a HMAC hash, for the specified input data, given
139 * the specified hash function and key.
140 *
141 * Parameters:
142 *
143 * hashparams [in] - The hash function (Curl_HMAC_MD5).
144 * key [in] - The key to use.
145 * keylen [in] - The length of the key.
146 * data [in] - The data to encrypt.
147 * datalen [in] - The length of the data.
148 * output [in/out] - The output buffer.
149 *
150 * Returns CURLE_OK on success.
151 */
152CURLcode Curl_hmacit(const struct HMAC_params *hashparams,
153 const unsigned char *key, const size_t keylen,
154 const unsigned char *data, const size_t datalen,
155 unsigned char *output)
156{
157 struct HMAC_context *ctxt =
158 Curl_HMAC_init(hashparams, key, curlx_uztoui(keylen));
159
160 if(!ctxt)
161 return CURLE_OUT_OF_MEMORY;
162
163 /* Update the digest with the given challenge */
164 Curl_HMAC_update(ctxt, data, curlx_uztoui(datalen));
165
166 /* Finalise the digest */
167 Curl_HMAC_final(ctxt, output);
168
169 return CURLE_OK;
170}
171
172#endif /* CURL_DISABLE_CRYPTO_AUTH */
173