[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 150/282: ntlm: Moved the HMAC MD5 function into the HMAC module
|
From: |
gnunet |
|
Subject: |
[gnurl] 150/282: ntlm: Moved the HMAC MD5 function into the HMAC module as a generic function |
|
Date: |
Wed, 01 Apr 2020 14:30:15 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 7def168a4f6423686e8df5a4f02bce2806b763bf
Author: Steve Holme <address@hidden>
AuthorDate: Sun Feb 23 22:37:43 2020 +0000
ntlm: Moved the HMAC MD5 function into the HMAC module as a generic function
---
lib/curl_hmac.h | 9 ++++++++-
lib/curl_ntlm_core.c | 39 ++++++++++-----------------------------
lib/hmac.c | 39 ++++++++++++++++++++++++++++++++++++++-
3 files changed, 56 insertions(+), 31 deletions(-)
diff --git a/lib/curl_hmac.h b/lib/curl_hmac.h
index 756dc9e4c..3ff799bbd 100644
--- a/lib/curl_hmac.h
+++ b/lib/curl_hmac.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2020, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -24,6 +24,8 @@
#ifndef CURL_DISABLE_CRYPTO_AUTH
+#define HMAC_MD5_LENGTH 16
+
typedef void (* HMAC_hinit_func)(void *context);
typedef void (* HMAC_hupdate_func)(void *context,
const unsigned char *data,
@@ -62,6 +64,11 @@ int Curl_HMAC_update(HMAC_context *context,
unsigned int len);
int Curl_HMAC_final(HMAC_context *context, unsigned char *result);
+CURLcode Curl_hmacit(const HMAC_params *hashparams,
+ const unsigned char *key, const size_t keylen,
+ const unsigned char *data, const size_t datalen,
+ unsigned char *output);
+
#endif
#endif /* HEADER_CURL_HMAC_H */
diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
index 19f9b61d8..f9b823b4f 100644
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2019, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2020, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -120,7 +120,6 @@
#include "curl_memory.h"
#include "memdebug.h"
-#define NTLM_HMAC_MD5_LEN (16)
#define NTLMv2_BLOB_SIGNATURE "\x01\x01\x00\x00"
#define NTLMv2_BLOB_LEN (44 -16 + ntlm->target_info_len + 4)
@@ -567,25 +566,6 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data,
#if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI)
-/* This returns the HMAC MD5 digest */
-static CURLcode hmac_md5(const unsigned char *key, unsigned int keylen,
- const unsigned char *data, unsigned int datalen,
- unsigned char *output)
-{
- HMAC_context *ctxt = Curl_HMAC_init(Curl_HMAC_MD5, key, keylen);
-
- if(!ctxt)
- return CURLE_OUT_OF_MEMORY;
-
- /* Update the digest with the given challenge */
- Curl_HMAC_update(ctxt, data, datalen);
-
- /* Finalise the digest */
- Curl_HMAC_final(ctxt, output);
-
- return CURLE_OK;
-}
-
/* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode
* (uppercase UserName + Domain) as the data
*/
@@ -615,8 +595,8 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user,
size_t userlen,
ascii_uppercase_to_unicode_le(identity, user, userlen);
ascii_to_unicode_le(identity + (userlen << 1), domain, domlen);
- result = hmac_md5(ntlmhash, 16, identity, curlx_uztoui(identity_len),
- ntlmv2hash);
+ result = Curl_hmacit(Curl_HMAC_MD5, ntlmhash, 16, identity, identity_len,
+ ntlmv2hash);
free(identity);
return result;
@@ -662,7 +642,7 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char
*ntlmv2hash,
unsigned int len = 0;
unsigned char *ptr = NULL;
- unsigned char hmac_output[NTLM_HMAC_MD5_LEN];
+ unsigned char hmac_output[HMAC_MD5_LENGTH];
curl_off_t tw;
CURLcode result = CURLE_OK;
@@ -681,7 +661,7 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char
*ntlmv2hash,
tw = ((curl_off_t)time(NULL) + CURL_OFF_T_C(11644473600)) * 10000000;
/* Calculate the response len */
- len = NTLM_HMAC_MD5_LEN + NTLMv2_BLOB_LEN;
+ len = HMAC_MD5_LENGTH + NTLMv2_BLOB_LEN;
/* Allocate the response */
ptr = calloc(1, len);
@@ -689,7 +669,7 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char
*ntlmv2hash,
return CURLE_OUT_OF_MEMORY;
/* Create the BLOB structure */
- msnprintf((char *)ptr + NTLM_HMAC_MD5_LEN, NTLMv2_BLOB_LEN,
+ msnprintf((char *)ptr + HMAC_MD5_LENGTH, NTLMv2_BLOB_LEN,
"%c%c%c%c" /* NTLMv2_BLOB_SIGNATURE */
"%c%c%c%c", /* Reserved = 0 */
NTLMv2_BLOB_SIGNATURE[0], NTLMv2_BLOB_SIGNATURE[1],
@@ -702,7 +682,7 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char
*ntlmv2hash,
/* Concatenate the Type 2 challenge with the BLOB and do HMAC MD5 */
memcpy(ptr + 8, &ntlm->nonce[0], 8);
- result = hmac_md5(ntlmv2hash, NTLM_HMAC_MD5_LEN, ptr + 8,
+ result = Curl_hmacit(Curl_HMAC_MD5, ntlmv2hash, HMAC_MD5_LENGTH, ptr + 8,
NTLMv2_BLOB_LEN + 8, hmac_output);
if(result) {
free(ptr);
@@ -710,7 +690,7 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char
*ntlmv2hash,
}
/* Concatenate the HMAC MD5 output with the BLOB */
- memcpy(ptr, hmac_output, NTLM_HMAC_MD5_LEN);
+ memcpy(ptr, hmac_output, HMAC_MD5_LENGTH);
/* Return the response */
*ntresp = ptr;
@@ -745,7 +725,8 @@ CURLcode Curl_ntlm_core_mk_lmv2_resp(unsigned char
*ntlmv2hash,
memcpy(&data[0], challenge_server, 8);
memcpy(&data[8], challenge_client, 8);
- result = hmac_md5(ntlmv2hash, 16, &data[0], 16, hmac_output);
+ result = Curl_hmacit(Curl_HMAC_MD5, ntlmv2hash, 16, &data[0], 16,
+ hmac_output);
if(result)
return result;
diff --git a/lib/hmac.c b/lib/hmac.c
index bf49ebec5..ae68827be 100644
--- a/lib/hmac.c
+++ b/lib/hmac.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2020, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -30,6 +30,7 @@
#include "curl_hmac.h"
#include "curl_memory.h"
+#include "warnless.h"
/* The last #include file should be: */
#include "memdebug.h"
@@ -129,4 +130,40 @@ int Curl_HMAC_final(HMAC_context *ctxt, unsigned char
*result)
return 0;
}
+/*
+ * Curl_hmacit()
+ *
+ * This is used to generate a HMAC hash, for the specified input data, given
+ * the specified hash function and key.
+ *
+ * Parameters:
+ *
+ * hashparams [in] - The hash function (Curl_HMAC_MD5).
+ * key [in] - The key to use.
+ * keylen [in] - The length of the key.
+ * data [in] - The data to encrypt.
+ * datalen [in] - The length of the data.
+ * output [in/out] - The output buffer.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_hmacit(const HMAC_params *hashparams,
+ const unsigned char *key, const size_t keylen,
+ const unsigned char *data, const size_t datalen,
+ unsigned char *output)
+{
+ HMAC_context *ctxt = Curl_HMAC_init(hashparams, key, curlx_uztoui(keylen));
+
+ if(!ctxt)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* Update the digest with the given challenge */
+ Curl_HMAC_update(ctxt, data, curlx_uztoui(datalen));
+
+ /* Finalise the digest */
+ Curl_HMAC_final(ctxt, output);
+
+ return CURLE_OK;
+}
+
#endif /* CURL_DISABLE_CRYPTO_AUTH */
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [gnurl] 134/282: connect: remove some spurious infof() calls, (continued)
- [gnurl] 134/282: connect: remove some spurious infof() calls, gnunet, 2020/04/01
- [gnurl] 136/282: cleanup: comment typos, gnunet, 2020/04/01
- [gnurl] 139/282: gtls: fix the copyright year, gnunet, 2020/04/01
- [gnurl] 132/282: nit: Copyright year out of date, gnunet, 2020/04/01
- [gnurl] 137/282: github action: add CIFuzz, gnunet, 2020/04/01
- [gnurl] 141/282: RELEASE-NOTES: synced, gnunet, 2020/04/01
- [gnurl] 143/282: tests: Added a unit test for SHA256 digest generation, gnunet, 2020/04/01
- [gnurl] 144/282: digest: Corrected the name of the local HTTP digest function, gnunet, 2020/04/01
- [gnurl] 146/282: ntlm: Removed the dependency on the TLS libaries when using MD5, gnunet, 2020/04/01
- [gnurl] 147/282: test1610: Fixed the link to the unit test, gnunet, 2020/04/01
- [gnurl] 150/282: ntlm: Moved the HMAC MD5 function into the HMAC module as a generic function,
gnunet <=
- [gnurl] 140/282: http2: now require nghttp2 >= 1.12.0, gnunet, 2020/04/01
- [gnurl] 123/282: socks: make the connect phase non-blocking, gnunet, 2020/04/01
- [gnurl] 145/282: md5/sha256: Updated the functions to allow non-string data to be hashed, gnunet, 2020/04/01
- [gnurl] 153/282: ftpserver: Updated VRFY_smtp() so the response isn't necessary in the test case, gnunet, 2020/04/01
- [gnurl] 148/282: md4: Use const for the length input parameter, gnunet, 2020/04/01
- [gnurl] 152/282: ftpserver: Corrected the e-mail address regex in MAIL_smtp() and RCTP_smtp(), gnunet, 2020/04/01
- [gnurl] 155/282: url: Make the IDN conversion functions available to others, gnunet, 2020/04/01
- [gnurl] 159/282: smtp: Detect server support for the UTF-8 extension as defined in RFC-6531, gnunet, 2020/04/01
- [gnurl] 158/282: smtp: Support UTF-8 based host names in the VRFY command, gnunet, 2020/04/01
- [gnurl] 151/282: hmac: Added a unit test for the HMAC hash generation, gnunet, 2020/04/01