Coverage Report

Created: 2025-10-30 06:17

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/PROJ/curl/lib/hmac.c
Line
Count
Source
1
/***************************************************************************
2
 *                                  _   _ ____  _
3
 *  Project                     ___| | | |  _ \| |
4
 *                             / __| | | | |_) | |
5
 *                            | (__| |_| |  _ <| |___
6
 *                             \___|\___/|_| \_\_____|
7
 *
8
 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9
 *
10
 * This software is licensed as described in the file COPYING, which
11
 * you should have received as part of this distribution. The terms
12
 * are also available at https://curl.se/docs/copyright.html.
13
 *
14
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15
 * copies of the Software, and permit persons to whom the Software is
16
 * furnished to do so, under the terms of the COPYING file.
17
 *
18
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19
 * KIND, either express or implied.
20
 *
21
 * SPDX-License-Identifier: curl
22
 *
23
 * RFC2104 Keyed-Hashing for Message Authentication
24
 *
25
 ***************************************************************************/
26
27
#include "curl_setup.h"
28
29
#if (defined(USE_CURL_NTLM_CORE) && !defined(USE_WINDOWS_SSPI)) ||      \
30
  !defined(CURL_DISABLE_AWS) || !defined(CURL_DISABLE_DIGEST_AUTH) ||   \
31
  defined(USE_SSL)
32
33
#include <curl/curl.h>
34
35
#include "curl_hmac.h"
36
#include "curl_memory.h"
37
#include "curlx/warnless.h"
38
39
/* The last #include file should be: */
40
#include "memdebug.h"
41
42
/*
43
 * Generic HMAC algorithm.
44
 *
45
 *   This module computes HMAC digests based on any hash function. Parameters
46
 * and computing procedures are setup dynamically at HMAC computation context
47
 * initialization.
48
 */
49
50
static const unsigned char hmac_ipad = 0x36;
51
static const unsigned char hmac_opad = 0x5C;
52
53
struct HMAC_context *
54
Curl_HMAC_init(const struct HMAC_params *hashparams,
55
               const unsigned char *key,
56
               unsigned int keylen)
57
0
{
58
0
  size_t i;
59
0
  struct HMAC_context *ctxt;
60
0
  unsigned char *hkey;
61
0
  unsigned char b;
62
63
  /* Create HMAC context. */
64
0
  i = sizeof(*ctxt) + 2 * hashparams->ctxtsize + hashparams->resultlen;
65
0
  ctxt = malloc(i);
66
67
0
  if(!ctxt)
68
0
    return ctxt;
69
70
0
  ctxt->hash = hashparams;
71
0
  ctxt->hashctxt1 = (void *) (ctxt + 1);
72
0
  ctxt->hashctxt2 = (void *) ((char *) ctxt->hashctxt1 + hashparams->ctxtsize);
73
74
  /* If the key is too long, replace it by its hash digest. */
75
0
  if(keylen > hashparams->maxkeylen) {
76
0
    if(hashparams->hinit(ctxt->hashctxt1))
77
0
      goto fail;
78
0
    hashparams->hupdate(ctxt->hashctxt1, key, keylen);
79
0
    hkey = (unsigned char *) ctxt->hashctxt2 + hashparams->ctxtsize;
80
0
    hashparams->hfinal(hkey, ctxt->hashctxt1);
81
0
    key = hkey;
82
0
    keylen = hashparams->resultlen;
83
0
  }
84
85
  /* Prime the two hash contexts with the modified key. */
86
0
  if(hashparams->hinit(ctxt->hashctxt1) ||
87
0
     hashparams->hinit(ctxt->hashctxt2))
88
0
    goto fail;
89
90
0
  for(i = 0; i < keylen; i++) {
91
0
    b = (unsigned char)(*key ^ hmac_ipad);
92
0
    hashparams->hupdate(ctxt->hashctxt1, &b, 1);
93
0
    b = (unsigned char)(*key++ ^ hmac_opad);
94
0
    hashparams->hupdate(ctxt->hashctxt2, &b, 1);
95
0
  }
96
97
0
  for(; i < hashparams->maxkeylen; i++) {
98
0
    hashparams->hupdate(ctxt->hashctxt1, &hmac_ipad, 1);
99
0
    hashparams->hupdate(ctxt->hashctxt2, &hmac_opad, 1);
100
0
  }
101
102
  /* Done, return pointer to HMAC context. */
103
0
  return ctxt;
104
105
0
fail:
106
0
  free(ctxt);
107
0
  return NULL;
108
0
}
109
110
int Curl_HMAC_update(struct HMAC_context *ctxt,
111
                     const unsigned char *ptr,
112
                     unsigned int len)
113
0
{
114
  /* Update first hash calculation. */
115
0
  ctxt->hash->hupdate(ctxt->hashctxt1, ptr, len);
116
0
  return 0;
117
0
}
118
119
120
int Curl_HMAC_final(struct HMAC_context *ctxt, unsigned char *output)
121
0
{
122
0
  const struct HMAC_params *hashparams = ctxt->hash;
123
124
  /* Do not get output if called with a null parameter: only release
125
     storage. */
126
127
0
  if(!output)
128
0
    output = (unsigned char *) ctxt->hashctxt2 + ctxt->hash->ctxtsize;
129
130
0
  hashparams->hfinal(output, ctxt->hashctxt1);
131
0
  hashparams->hupdate(ctxt->hashctxt2, output, hashparams->resultlen);
132
0
  hashparams->hfinal(output, ctxt->hashctxt2);
133
0
  free(ctxt);
134
0
  return 0;
135
0
}
136
137
/*
138
 * Curl_hmacit()
139
 *
140
 * This is used to generate a HMAC hash, for the specified input data, given
141
 * the specified hash function and key.
142
 *
143
 * Parameters:
144
 *
145
 * hashparams [in]     - The hash function (Curl_HMAC_MD5).
146
 * key        [in]     - The key to use.
147
 * keylen     [in]     - The length of the key.
148
 * buf        [in]     - The data to encrypt.
149
 * buflen     [in]     - The length of the data.
150
 * output     [in/out] - The output buffer.
151
 *
152
 * Returns CURLE_OK on success.
153
 */
154
CURLcode Curl_hmacit(const struct HMAC_params *hashparams,
155
                     const unsigned char *key, const size_t keylen,
156
                     const unsigned char *buf, const size_t buflen,
157
                     unsigned char *output)
158
0
{
159
0
  struct HMAC_context *ctxt =
160
0
    Curl_HMAC_init(hashparams, key, curlx_uztoui(keylen));
161
162
0
  if(!ctxt)
163
0
    return CURLE_OUT_OF_MEMORY;
164
165
  /* Update the digest with the given challenge */
166
0
  Curl_HMAC_update(ctxt, buf, curlx_uztoui(buflen));
167
168
  /* Finalise the digest */
169
0
  Curl_HMAC_final(ctxt, output);
170
171
0
  return CURLE_OK;
172
0
}
173
174
#endif /* Using NTLM (without SSPI) or AWS */