113498266Sopenharmony_ci/***************************************************************************
213498266Sopenharmony_ci *                                  _   _ ____  _
313498266Sopenharmony_ci *  Project                     ___| | | |  _ \| |
413498266Sopenharmony_ci *                             / __| | | | |_) | |
513498266Sopenharmony_ci *                            | (__| |_| |  _ <| |___
613498266Sopenharmony_ci *                             \___|\___/|_| \_\_____|
713498266Sopenharmony_ci *
813498266Sopenharmony_ci * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
913498266Sopenharmony_ci *
1013498266Sopenharmony_ci * This software is licensed as described in the file COPYING, which
1113498266Sopenharmony_ci * you should have received as part of this distribution. The terms
1213498266Sopenharmony_ci * are also available at https://curl.se/docs/copyright.html.
1313498266Sopenharmony_ci *
1413498266Sopenharmony_ci * You may opt to use, copy, modify, merge, publish, distribute and/or sell
1513498266Sopenharmony_ci * copies of the Software, and permit persons to whom the Software is
1613498266Sopenharmony_ci * furnished to do so, under the terms of the COPYING file.
1713498266Sopenharmony_ci *
1813498266Sopenharmony_ci * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
1913498266Sopenharmony_ci * KIND, either express or implied.
2013498266Sopenharmony_ci *
2113498266Sopenharmony_ci * SPDX-License-Identifier: curl
2213498266Sopenharmony_ci *
2313498266Sopenharmony_ci * RFC2104 Keyed-Hashing for Message Authentication
2413498266Sopenharmony_ci *
2513498266Sopenharmony_ci ***************************************************************************/
2613498266Sopenharmony_ci
2713498266Sopenharmony_ci#include "curl_setup.h"
2813498266Sopenharmony_ci
2913498266Sopenharmony_ci#if (defined(USE_CURL_NTLM_CORE) && !defined(USE_WINDOWS_SSPI))         \
3013498266Sopenharmony_ci  || !defined(CURL_DISABLE_AWS) || !defined(CURL_DISABLE_DIGEST_AUTH)
3113498266Sopenharmony_ci
3213498266Sopenharmony_ci#include <curl/curl.h>
3313498266Sopenharmony_ci
3413498266Sopenharmony_ci#include "curl_hmac.h"
3513498266Sopenharmony_ci#include "curl_memory.h"
3613498266Sopenharmony_ci#include "warnless.h"
3713498266Sopenharmony_ci
3813498266Sopenharmony_ci/* The last #include file should be: */
3913498266Sopenharmony_ci#include "memdebug.h"
4013498266Sopenharmony_ci
4113498266Sopenharmony_ci/*
4213498266Sopenharmony_ci * Generic HMAC algorithm.
4313498266Sopenharmony_ci *
4413498266Sopenharmony_ci *   This module computes HMAC digests based on any hash function. Parameters
4513498266Sopenharmony_ci * and computing procedures are set-up dynamically at HMAC computation context
4613498266Sopenharmony_ci * initialization.
4713498266Sopenharmony_ci */
4813498266Sopenharmony_ci
4913498266Sopenharmony_cistatic const unsigned char hmac_ipad = 0x36;
5013498266Sopenharmony_cistatic const unsigned char hmac_opad = 0x5C;
5113498266Sopenharmony_ci
5213498266Sopenharmony_ci
5313498266Sopenharmony_ci
5413498266Sopenharmony_cistruct HMAC_context *
5513498266Sopenharmony_ciCurl_HMAC_init(const struct HMAC_params *hashparams,
5613498266Sopenharmony_ci               const unsigned char *key,
5713498266Sopenharmony_ci               unsigned int keylen)
5813498266Sopenharmony_ci{
5913498266Sopenharmony_ci  size_t i;
6013498266Sopenharmony_ci  struct HMAC_context *ctxt;
6113498266Sopenharmony_ci  unsigned char *hkey;
6213498266Sopenharmony_ci  unsigned char b;
6313498266Sopenharmony_ci
6413498266Sopenharmony_ci  /* Create HMAC context. */
6513498266Sopenharmony_ci  i = sizeof(*ctxt) + 2 * hashparams->hmac_ctxtsize +
6613498266Sopenharmony_ci    hashparams->hmac_resultlen;
6713498266Sopenharmony_ci  ctxt = malloc(i);
6813498266Sopenharmony_ci
6913498266Sopenharmony_ci  if(!ctxt)
7013498266Sopenharmony_ci    return ctxt;
7113498266Sopenharmony_ci
7213498266Sopenharmony_ci  ctxt->hmac_hash = hashparams;
7313498266Sopenharmony_ci  ctxt->hmac_hashctxt1 = (void *) (ctxt + 1);
7413498266Sopenharmony_ci  ctxt->hmac_hashctxt2 = (void *) ((char *) ctxt->hmac_hashctxt1 +
7513498266Sopenharmony_ci      hashparams->hmac_ctxtsize);
7613498266Sopenharmony_ci
7713498266Sopenharmony_ci  /* If the key is too long, replace it by its hash digest. */
7813498266Sopenharmony_ci  if(keylen > hashparams->hmac_maxkeylen) {
7913498266Sopenharmony_ci    (*hashparams->hmac_hinit)(ctxt->hmac_hashctxt1);
8013498266Sopenharmony_ci    (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt1, key, keylen);
8113498266Sopenharmony_ci    hkey = (unsigned char *) ctxt->hmac_hashctxt2 + hashparams->hmac_ctxtsize;
8213498266Sopenharmony_ci    (*hashparams->hmac_hfinal)(hkey, ctxt->hmac_hashctxt1);
8313498266Sopenharmony_ci    key = hkey;
8413498266Sopenharmony_ci    keylen = hashparams->hmac_resultlen;
8513498266Sopenharmony_ci  }
8613498266Sopenharmony_ci
8713498266Sopenharmony_ci  /* Prime the two hash contexts with the modified key. */
8813498266Sopenharmony_ci  (*hashparams->hmac_hinit)(ctxt->hmac_hashctxt1);
8913498266Sopenharmony_ci  (*hashparams->hmac_hinit)(ctxt->hmac_hashctxt2);
9013498266Sopenharmony_ci
9113498266Sopenharmony_ci  for(i = 0; i < keylen; i++) {
9213498266Sopenharmony_ci    b = (unsigned char)(*key ^ hmac_ipad);
9313498266Sopenharmony_ci    (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt1, &b, 1);
9413498266Sopenharmony_ci    b = (unsigned char)(*key++ ^ hmac_opad);
9513498266Sopenharmony_ci    (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt2, &b, 1);
9613498266Sopenharmony_ci  }
9713498266Sopenharmony_ci
9813498266Sopenharmony_ci  for(; i < hashparams->hmac_maxkeylen; i++) {
9913498266Sopenharmony_ci    (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt1, &hmac_ipad, 1);
10013498266Sopenharmony_ci    (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt2, &hmac_opad, 1);
10113498266Sopenharmony_ci  }
10213498266Sopenharmony_ci
10313498266Sopenharmony_ci  /* Done, return pointer to HMAC context. */
10413498266Sopenharmony_ci  return ctxt;
10513498266Sopenharmony_ci}
10613498266Sopenharmony_ci
10713498266Sopenharmony_ciint Curl_HMAC_update(struct HMAC_context *ctxt,
10813498266Sopenharmony_ci                     const unsigned char *data,
10913498266Sopenharmony_ci                     unsigned int len)
11013498266Sopenharmony_ci{
11113498266Sopenharmony_ci  /* Update first hash calculation. */
11213498266Sopenharmony_ci  (*ctxt->hmac_hash->hmac_hupdate)(ctxt->hmac_hashctxt1, data, len);
11313498266Sopenharmony_ci  return 0;
11413498266Sopenharmony_ci}
11513498266Sopenharmony_ci
11613498266Sopenharmony_ci
11713498266Sopenharmony_ciint Curl_HMAC_final(struct HMAC_context *ctxt, unsigned char *result)
11813498266Sopenharmony_ci{
11913498266Sopenharmony_ci  const struct HMAC_params *hashparams = ctxt->hmac_hash;
12013498266Sopenharmony_ci
12113498266Sopenharmony_ci  /* Do not get result if called with a null parameter: only release
12213498266Sopenharmony_ci     storage. */
12313498266Sopenharmony_ci
12413498266Sopenharmony_ci  if(!result)
12513498266Sopenharmony_ci    result = (unsigned char *) ctxt->hmac_hashctxt2 +
12613498266Sopenharmony_ci     ctxt->hmac_hash->hmac_ctxtsize;
12713498266Sopenharmony_ci
12813498266Sopenharmony_ci  (*hashparams->hmac_hfinal)(result, ctxt->hmac_hashctxt1);
12913498266Sopenharmony_ci  (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt2,
13013498266Sopenharmony_ci   result, hashparams->hmac_resultlen);
13113498266Sopenharmony_ci  (*hashparams->hmac_hfinal)(result, ctxt->hmac_hashctxt2);
13213498266Sopenharmony_ci  free((char *) ctxt);
13313498266Sopenharmony_ci  return 0;
13413498266Sopenharmony_ci}
13513498266Sopenharmony_ci
13613498266Sopenharmony_ci/*
13713498266Sopenharmony_ci * Curl_hmacit()
13813498266Sopenharmony_ci *
13913498266Sopenharmony_ci * This is used to generate a HMAC hash, for the specified input data, given
14013498266Sopenharmony_ci * the specified hash function and key.
14113498266Sopenharmony_ci *
14213498266Sopenharmony_ci * Parameters:
14313498266Sopenharmony_ci *
14413498266Sopenharmony_ci * hashparams [in]     - The hash function (Curl_HMAC_MD5).
14513498266Sopenharmony_ci * key        [in]     - The key to use.
14613498266Sopenharmony_ci * keylen     [in]     - The length of the key.
14713498266Sopenharmony_ci * data       [in]     - The data to encrypt.
14813498266Sopenharmony_ci * datalen    [in]     - The length of the data.
14913498266Sopenharmony_ci * output     [in/out] - The output buffer.
15013498266Sopenharmony_ci *
15113498266Sopenharmony_ci * Returns CURLE_OK on success.
15213498266Sopenharmony_ci */
15313498266Sopenharmony_ciCURLcode Curl_hmacit(const struct HMAC_params *hashparams,
15413498266Sopenharmony_ci                     const unsigned char *key, const size_t keylen,
15513498266Sopenharmony_ci                     const unsigned char *data, const size_t datalen,
15613498266Sopenharmony_ci                     unsigned char *output)
15713498266Sopenharmony_ci{
15813498266Sopenharmony_ci  struct HMAC_context *ctxt =
15913498266Sopenharmony_ci    Curl_HMAC_init(hashparams, key, curlx_uztoui(keylen));
16013498266Sopenharmony_ci
16113498266Sopenharmony_ci  if(!ctxt)
16213498266Sopenharmony_ci    return CURLE_OUT_OF_MEMORY;
16313498266Sopenharmony_ci
16413498266Sopenharmony_ci  /* Update the digest with the given challenge */
16513498266Sopenharmony_ci  Curl_HMAC_update(ctxt, data, curlx_uztoui(datalen));
16613498266Sopenharmony_ci
16713498266Sopenharmony_ci  /* Finalise the digest */
16813498266Sopenharmony_ci  Curl_HMAC_final(ctxt, output);
16913498266Sopenharmony_ci
17013498266Sopenharmony_ci  return CURLE_OK;
17113498266Sopenharmony_ci}
17213498266Sopenharmony_ci
17313498266Sopenharmony_ci#endif /* Using NTLM (without SSPI) or AWS */
174