curl/lib/hmac.c

174 lines
5.2 KiB
C
Raw Normal View History

2010-04-19 17:16:30 +08:00
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
2010-04-19 17:16:30 +08:00
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
2020-11-04 21:02:01 +08:00
* are also available at https://curl.se/docs/copyright.html.
2010-04-19 17:16:30 +08:00
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
* SPDX-License-Identifier: curl
*
2010-04-19 17:16:30 +08:00
* RFC2104 Keyed-Hashing for Message Authentication
*
***************************************************************************/
build: fix circular header inclusion with other packages This commit renames lib/setup.h to lib/curl_setup.h and renames lib/setup_once.h to lib/curl_setup_once.h. Removes the need and usage of a header inclusion guard foreign to libcurl. [1] Removes the need and presence of an alarming notice we carried in old setup_once.h [2] ---------------------------------------- 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H, this single inclusion guard is enough to ensure that inclusion of lib/setup_once.h done from lib/setup.h is only done once. Additionally lib/setup.h has always used __SETUP_ONCE_H macro to protect inclusion of setup_once.h even after commit ec691ca3, this was to avoid a circular header inclusion triggered when building a c-ares enabled version with c-ares sources available which also has a setup_once.h header. Commit ec691ca3 exposes the real nature of __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard foreign to libcurl belonging to c-ares's setup_once.h The renaming this commit does, fixes the circular header inclusion, and as such removes the need and usage of a header inclusion guard foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl. 2 - Due to the circular interdependency of old lib/setup_once.h and the c-ares setup_once.h header, old file lib/setup_once.h has carried back from 2006 up to now days an alarming and prominent notice about the need of keeping libcurl's and c-ares's setup_once.h in sync. Given that this commit fixes the circular interdependency, the need and presence of mentioned notice is removed. All mentioned interdependencies come back from now old days when the c-ares project lived inside a curl subdirectory. This commit removes last traces of such fact.
2013-01-07 02:06:49 +08:00
#include "curl_setup.h"
2010-04-21 03:35:31 +08:00
#if (defined(USE_CURL_NTLM_CORE) && !defined(USE_WINDOWS_SSPI)) \
|| !defined(CURL_DISABLE_AWS) || !defined(CURL_DISABLE_DIGEST_AUTH)
2010-04-19 17:16:30 +08:00
#include <curl/curl.h>
2010-04-19 17:16:30 +08:00
#include "curl_hmac.h"
#include "curl_memory.h"
#include "warnless.h"
/* The last #include file should be: */
#include "memdebug.h"
2010-04-19 17:16:30 +08:00
/*
* Generic HMAC algorithm.
*
* This module computes HMAC digests based on any hash function. Parameters
* and computing procedures are set-up dynamically at HMAC computation context
* initialization.
2010-04-19 17:16:30 +08:00
*/
static const unsigned char hmac_ipad = 0x36;
static const unsigned char hmac_opad = 0x5C;
struct HMAC_context *
Curl_HMAC_init(const struct HMAC_params *hashparams,
const unsigned char *key,
2010-04-19 17:16:30 +08:00
unsigned int keylen)
{
size_t i;
struct HMAC_context *ctxt;
unsigned char *hkey;
2010-04-19 17:16:30 +08:00
unsigned char b;
/* Create HMAC context. */
i = sizeof(*ctxt) + 2 * hashparams->hmac_ctxtsize +
hashparams->hmac_resultlen;
2010-11-08 11:03:11 +08:00
ctxt = malloc(i);
2010-04-19 17:16:30 +08:00
if(!ctxt)
return ctxt;
ctxt->hmac_hash = hashparams;
ctxt->hmac_hashctxt1 = (void *) (ctxt + 1);
ctxt->hmac_hashctxt2 = (void *) ((char *) ctxt->hmac_hashctxt1 +
hashparams->hmac_ctxtsize);
/* If the key is too long, replace it by its hash digest. */
if(keylen > hashparams->hmac_maxkeylen) {
(*hashparams->hmac_hinit)(ctxt->hmac_hashctxt1);
(*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt1, key, keylen);
hkey = (unsigned char *) ctxt->hmac_hashctxt2 + hashparams->hmac_ctxtsize;
(*hashparams->hmac_hfinal)(hkey, ctxt->hmac_hashctxt1);
key = hkey;
keylen = hashparams->hmac_resultlen;
}
/* Prime the two hash contexts with the modified key. */
(*hashparams->hmac_hinit)(ctxt->hmac_hashctxt1);
(*hashparams->hmac_hinit)(ctxt->hmac_hashctxt2);
for(i = 0; i < keylen; i++) {
2010-11-08 11:03:11 +08:00
b = (unsigned char)(*key ^ hmac_ipad);
2010-04-19 17:16:30 +08:00
(*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt1, &b, 1);
2010-11-08 11:03:11 +08:00
b = (unsigned char)(*key++ ^ hmac_opad);
2010-04-19 17:16:30 +08:00
(*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt2, &b, 1);
}
for(; i < hashparams->hmac_maxkeylen; i++) {
2010-04-19 17:16:30 +08:00
(*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt1, &hmac_ipad, 1);
(*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt2, &hmac_opad, 1);
}
/* Done, return pointer to HMAC context. */
return ctxt;
}
int Curl_HMAC_update(struct HMAC_context *ctxt,
const unsigned char *data,
2010-04-19 17:16:30 +08:00
unsigned int len)
{
/* Update first hash calculation. */
(*ctxt->hmac_hash->hmac_hupdate)(ctxt->hmac_hashctxt1, data, len);
return 0;
}
int Curl_HMAC_final(struct HMAC_context *ctxt, unsigned char *result)
2010-04-19 17:16:30 +08:00
{
const struct HMAC_params *hashparams = ctxt->hmac_hash;
2010-04-19 17:16:30 +08:00
/* Do not get result if called with a null parameter: only release
storage. */
2010-04-19 17:16:30 +08:00
if(!result)
result = (unsigned char *) ctxt->hmac_hashctxt2 +
ctxt->hmac_hash->hmac_ctxtsize;
(*hashparams->hmac_hfinal)(result, ctxt->hmac_hashctxt1);
(*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt2,
result, hashparams->hmac_resultlen);
(*hashparams->hmac_hfinal)(result, ctxt->hmac_hashctxt2);
free((char *) ctxt);
return 0;
}
/*
* Curl_hmacit()
*
* This is used to generate a HMAC hash, for the specified input data, given
* the specified hash function and key.
*
* Parameters:
*
* hashparams [in] - The hash function (Curl_HMAC_MD5).
* key [in] - The key to use.
* keylen [in] - The length of the key.
* data [in] - The data to encrypt.
* datalen [in] - The length of the data.
* output [in/out] - The output buffer.
*
* Returns CURLE_OK on success.
*/
CURLcode Curl_hmacit(const struct HMAC_params *hashparams,
const unsigned char *key, const size_t keylen,
const unsigned char *data, const size_t datalen,
unsigned char *output)
{
struct HMAC_context *ctxt =
Curl_HMAC_init(hashparams, key, curlx_uztoui(keylen));
if(!ctxt)
return CURLE_OUT_OF_MEMORY;
/* Update the digest with the given challenge */
Curl_HMAC_update(ctxt, data, curlx_uztoui(datalen));
/* Finalise the digest */
Curl_HMAC_final(ctxt, output);
return CURLE_OK;
}
#endif /* Using NTLM (without SSPI) or AWS */