1/*************************************************************************** 2 * _ _ ____ _ 3 * Project ___| | | | _ \| | 4 * / __| | | | |_) | | 5 * | (__| |_| | _ <| |___ 6 * \___|\___/|_| \_\_____| 7 * 8 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. 9 * 10 * This software is licensed as described in the file COPYING, which 11 * you should have received as part of this distribution. The terms 12 * are also available at http://curl.haxx.se/docs/copyright.html. 13 * 14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 15 * copies of the Software, and permit persons to whom the Software is 16 * furnished to do so, under the terms of the COPYING file. 17 * 18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 19 * KIND, either express or implied. 20 * 21 * RFC2104 Keyed-Hashing for Message Authentication 22 * 23 ***************************************************************************/ 24 25#include "setup.h" 26 27#ifndef CURL_DISABLE_CRYPTO_AUTH 28 29#include "curl_hmac.h" 30 31#define _MPRINTF_REPLACE /* use our functions only */ 32#include <curl/mprintf.h> 33 34#include "curl_memory.h" 35/* The last #include file should be: */ 36#include "memdebug.h" 37 38/* 39 * Generic HMAC algorithm. 40 * 41 * This module computes HMAC digests based on any hash function. Parameters 42 * and computing procedures are set-up dynamically at HMAC computation 43 * context initialisation. 44 */ 45 46static const unsigned char hmac_ipad = 0x36; 47static const unsigned char hmac_opad = 0x5C; 48 49 50 51HMAC_context * 52Curl_HMAC_init(const HMAC_params * hashparams, 53 const unsigned char * key, 54 unsigned int keylen) 55{ 56 size_t i; 57 HMAC_context * ctxt; 58 unsigned char * hkey; 59 unsigned char b; 60 61 /* Create HMAC context. */ 62 i = sizeof *ctxt + 2 * hashparams->hmac_ctxtsize + 63 hashparams->hmac_resultlen; 64 ctxt = malloc(i); 65 66 if(!ctxt) 67 return ctxt; 68 69 ctxt->hmac_hash = hashparams; 70 ctxt->hmac_hashctxt1 = (void *) (ctxt + 1); 71 ctxt->hmac_hashctxt2 = (void *) ((char *) ctxt->hmac_hashctxt1 + 72 hashparams->hmac_ctxtsize); 73 74 /* If the key is too long, replace it by its hash digest. */ 75 if(keylen > hashparams->hmac_maxkeylen) { 76 (*hashparams->hmac_hinit)(ctxt->hmac_hashctxt1); 77 (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt1, key, keylen); 78 hkey = (unsigned char *) ctxt->hmac_hashctxt2 + hashparams->hmac_ctxtsize; 79 (*hashparams->hmac_hfinal)(hkey, ctxt->hmac_hashctxt1); 80 key = hkey; 81 keylen = hashparams->hmac_resultlen; 82 } 83 84 /* Prime the two hash contexts with the modified key. */ 85 (*hashparams->hmac_hinit)(ctxt->hmac_hashctxt1); 86 (*hashparams->hmac_hinit)(ctxt->hmac_hashctxt2); 87 88 for(i = 0; i < keylen; i++) { 89 b = (unsigned char)(*key ^ hmac_ipad); 90 (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt1, &b, 1); 91 b = (unsigned char)(*key++ ^ hmac_opad); 92 (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt2, &b, 1); 93 } 94 95 for(; i < hashparams->hmac_maxkeylen; i++) { 96 (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt1, &hmac_ipad, 1); 97 (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt2, &hmac_opad, 1); 98 } 99 100 /* Done, return pointer to HMAC context. */ 101 return ctxt; 102} 103 104int Curl_HMAC_update(HMAC_context * ctxt, 105 const unsigned char * data, 106 unsigned int len) 107{ 108 /* Update first hash calculation. */ 109 (*ctxt->hmac_hash->hmac_hupdate)(ctxt->hmac_hashctxt1, data, len); 110 return 0; 111} 112 113 114int Curl_HMAC_final(HMAC_context * ctxt, unsigned char * result) 115{ 116 const HMAC_params * hashparams = ctxt->hmac_hash; 117 118 /* Do not get result if called with a null parameter: only release 119 storage. */ 120 121 if(!result) 122 result = (unsigned char *) ctxt->hmac_hashctxt2 + 123 ctxt->hmac_hash->hmac_ctxtsize; 124 125 (*hashparams->hmac_hfinal)(result, ctxt->hmac_hashctxt1); 126 (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt2, 127 result, hashparams->hmac_resultlen); 128 (*hashparams->hmac_hfinal)(result, ctxt->hmac_hashctxt2); 129 free((char *) ctxt); 130 return 0; 131} 132 133#endif /* CURL_DISABLE_CRYPTO_AUTH */ 134