diff options
author | Damien Miller <djm@mindrot.org> | 2014-05-15 14:35:03 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-05-15 14:35:03 +1000 |
commit | 294c58a007cfb2f3bddc4fc3217e255857ffb9bf (patch) | |
tree | e767521e04240fa051486e4d7521bb13363d2c0c | |
parent | 05e82c3b963c33048128baf72a6f6b3a1c10b4c1 (diff) |
- naddy@cvs.openbsd.org 2014/04/30 19:07:48
[mac.c myproposal.h umac.c]
UMAC can use our local fallback implementation of AES when OpenSSL isn't
available. Glue code straight from Ted Krovetz's original umac.c.
ok markus@
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | mac.c | 16 | ||||
-rw-r--r-- | myproposal.h | 6 | ||||
-rw-r--r-- | umac.c | 13 |
4 files changed, 23 insertions, 17 deletions
@@ -66,6 +66,11 @@ | |||
66 | 66 | ||
67 | Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew | 67 | Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew |
68 | Dempsky and Ron Bowes for a detailed review. | 68 | Dempsky and Ron Bowes for a detailed review. |
69 | - naddy@cvs.openbsd.org 2014/04/30 19:07:48 | ||
70 | [mac.c myproposal.h umac.c] | ||
71 | UMAC can use our local fallback implementation of AES when OpenSSL isn't | ||
72 | available. Glue code straight from Ted Krovetz's original umac.c. | ||
73 | ok markus@ | ||
69 | 74 | ||
70 | 20140430 | 75 | 20140430 |
71 | - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already | 76 | - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: mac.c,v 1.29 2014/04/29 18:01:49 markus Exp $ */ | 1 | /* $OpenBSD: mac.c,v 1.30 2014/04/30 19:07:48 naddy Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -72,10 +72,8 @@ static const struct macalg macs[] = { | |||
72 | { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 }, | 72 | { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 }, |
73 | { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, | 73 | { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, |
74 | { "hmac-ripemd160@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, | 74 | { "hmac-ripemd160@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, |
75 | #ifdef WITH_OPENSSL | ||
76 | { "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 }, | 75 | { "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 }, |
77 | { "umac-128@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 }, | 76 | { "umac-128@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 }, |
78 | #endif | ||
79 | 77 | ||
80 | /* Encrypt-then-MAC variants */ | 78 | /* Encrypt-then-MAC variants */ |
81 | { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 }, | 79 | { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 }, |
@@ -87,10 +85,8 @@ static const struct macalg macs[] = { | |||
87 | { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 }, | 85 | { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 }, |
88 | { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 }, | 86 | { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 }, |
89 | { "hmac-ripemd160-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 }, | 87 | { "hmac-ripemd160-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 }, |
90 | #ifdef WITH_OPENSSL | ||
91 | { "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 }, | 88 | { "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 }, |
92 | { "umac-128-etm@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 }, | 89 | { "umac-128-etm@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 }, |
93 | #endif | ||
94 | 90 | ||
95 | { NULL, 0, 0, 0, 0, 0, 0 } | 91 | { NULL, 0, 0, 0, 0, 0, 0 } |
96 | }; | 92 | }; |
@@ -123,11 +119,9 @@ mac_setup_by_alg(Mac *mac, const struct macalg *macalg) | |||
123 | fatal("ssh_hmac_start(alg=%d) failed", macalg->alg); | 119 | fatal("ssh_hmac_start(alg=%d) failed", macalg->alg); |
124 | mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg); | 120 | mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg); |
125 | } else { | 121 | } else { |
126 | #ifdef WITH_OPENSSL | ||
127 | mac->mac_len = macalg->len / 8; | 122 | mac->mac_len = macalg->len / 8; |
128 | mac->key_len = macalg->key_len / 8; | 123 | mac->key_len = macalg->key_len / 8; |
129 | mac->umac_ctx = NULL; | 124 | mac->umac_ctx = NULL; |
130 | #endif | ||
131 | } | 125 | } |
132 | if (macalg->truncatebits != 0) | 126 | if (macalg->truncatebits != 0) |
133 | mac->mac_len = macalg->truncatebits / 8; | 127 | mac->mac_len = macalg->truncatebits / 8; |
@@ -163,14 +157,12 @@ mac_init(Mac *mac) | |||
163 | ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0) | 157 | ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0) |
164 | return -1; | 158 | return -1; |
165 | return 0; | 159 | return 0; |
166 | #ifdef WITH_OPENSSL | ||
167 | case SSH_UMAC: | 160 | case SSH_UMAC: |
168 | mac->umac_ctx = umac_new(mac->key); | 161 | mac->umac_ctx = umac_new(mac->key); |
169 | return 0; | 162 | return 0; |
170 | case SSH_UMAC128: | 163 | case SSH_UMAC128: |
171 | mac->umac_ctx = umac128_new(mac->key); | 164 | mac->umac_ctx = umac128_new(mac->key); |
172 | return 0; | 165 | return 0; |
173 | #endif | ||
174 | default: | 166 | default: |
175 | return -1; | 167 | return -1; |
176 | } | 168 | } |
@@ -184,9 +176,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) | |||
184 | u_int64_t for_align; | 176 | u_int64_t for_align; |
185 | } u; | 177 | } u; |
186 | u_char b[4]; | 178 | u_char b[4]; |
187 | #ifdef WITH_OPENSSL | ||
188 | u_char nonce[8]; | 179 | u_char nonce[8]; |
189 | #endif | ||
190 | 180 | ||
191 | if (mac->mac_len > sizeof(u)) | 181 | if (mac->mac_len > sizeof(u)) |
192 | fatal("mac_compute: mac too long %u %zu", | 182 | fatal("mac_compute: mac too long %u %zu", |
@@ -202,7 +192,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) | |||
202 | ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0) | 192 | ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0) |
203 | fatal("ssh_hmac failed"); | 193 | fatal("ssh_hmac failed"); |
204 | break; | 194 | break; |
205 | #ifdef WITH_OPENSSL | ||
206 | case SSH_UMAC: | 195 | case SSH_UMAC: |
207 | put_u64(nonce, seqno); | 196 | put_u64(nonce, seqno); |
208 | umac_update(mac->umac_ctx, data, datalen); | 197 | umac_update(mac->umac_ctx, data, datalen); |
@@ -213,7 +202,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) | |||
213 | umac128_update(mac->umac_ctx, data, datalen); | 202 | umac128_update(mac->umac_ctx, data, datalen); |
214 | umac128_final(mac->umac_ctx, u.m, nonce); | 203 | umac128_final(mac->umac_ctx, u.m, nonce); |
215 | break; | 204 | break; |
216 | #endif | ||
217 | default: | 205 | default: |
218 | fatal("mac_compute: unknown MAC type"); | 206 | fatal("mac_compute: unknown MAC type"); |
219 | } | 207 | } |
@@ -223,7 +211,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) | |||
223 | void | 211 | void |
224 | mac_clear(Mac *mac) | 212 | mac_clear(Mac *mac) |
225 | { | 213 | { |
226 | #ifdef WITH_OPENSSL | ||
227 | if (mac->type == SSH_UMAC) { | 214 | if (mac->type == SSH_UMAC) { |
228 | if (mac->umac_ctx != NULL) | 215 | if (mac->umac_ctx != NULL) |
229 | umac_delete(mac->umac_ctx); | 216 | umac_delete(mac->umac_ctx); |
@@ -231,7 +218,6 @@ mac_clear(Mac *mac) | |||
231 | if (mac->umac_ctx != NULL) | 218 | if (mac->umac_ctx != NULL) |
232 | umac128_delete(mac->umac_ctx); | 219 | umac128_delete(mac->umac_ctx); |
233 | } else if (mac->hmac_ctx != NULL) | 220 | } else if (mac->hmac_ctx != NULL) |
234 | #endif | ||
235 | ssh_hmac_free(mac->hmac_ctx); | 221 | ssh_hmac_free(mac->hmac_ctx); |
236 | mac->hmac_ctx = NULL; | 222 | mac->hmac_ctx = NULL; |
237 | mac->umac_ctx = NULL; | 223 | mac->umac_ctx = NULL; |
diff --git a/myproposal.h b/myproposal.h index 020f35c77..30cb20b44 100644 --- a/myproposal.h +++ b/myproposal.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: myproposal.h,v 1.39 2014/04/29 18:01:49 markus Exp $ */ | 1 | /* $OpenBSD: myproposal.h,v 1.40 2014/04/30 19:07:48 naddy Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -146,8 +146,12 @@ | |||
146 | "aes128-ctr,aes192-ctr,aes256-ctr," \ | 146 | "aes128-ctr,aes192-ctr,aes256-ctr," \ |
147 | "chacha20-poly1305@openssh.com" | 147 | "chacha20-poly1305@openssh.com" |
148 | #define KEX_SERVER_MAC \ | 148 | #define KEX_SERVER_MAC \ |
149 | "umac-64-etm@openssh.com," \ | ||
150 | "umac-128-etm@openssh.com," \ | ||
149 | "hmac-sha2-256-etm@openssh.com," \ | 151 | "hmac-sha2-256-etm@openssh.com," \ |
150 | "hmac-sha2-512-etm@openssh.com," \ | 152 | "hmac-sha2-512-etm@openssh.com," \ |
153 | "umac-64@openssh.com," \ | ||
154 | "umac-128@openssh.com," \ | ||
151 | "hmac-sha2-256," \ | 155 | "hmac-sha2-256," \ |
152 | "hmac-sha2-512" | 156 | "hmac-sha2-512" |
153 | 157 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: umac.c,v 1.9 2014/04/20 02:30:25 djm Exp $ */ | 1 | /* $OpenBSD: umac.c,v 1.10 2014/04/30 19:07:48 naddy Exp $ */ |
2 | /* ----------------------------------------------------------------------- | 2 | /* ----------------------------------------------------------------------- |
3 | * | 3 | * |
4 | * umac.c -- C Implementation UMAC Message Authentication | 4 | * umac.c -- C Implementation UMAC Message Authentication |
@@ -154,6 +154,7 @@ typedef unsigned int UWORD; /* Register */ | |||
154 | #define AES_BLOCK_LEN 16 | 154 | #define AES_BLOCK_LEN 16 |
155 | 155 | ||
156 | /* OpenSSL's AES */ | 156 | /* OpenSSL's AES */ |
157 | #ifdef WITH_OPENSSL | ||
157 | #include "openbsd-compat/openssl-compat.h" | 158 | #include "openbsd-compat/openssl-compat.h" |
158 | #ifndef USE_BUILTIN_RIJNDAEL | 159 | #ifndef USE_BUILTIN_RIJNDAEL |
159 | # include <openssl/aes.h> | 160 | # include <openssl/aes.h> |
@@ -163,6 +164,16 @@ typedef AES_KEY aes_int_key[1]; | |||
163 | AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key) | 164 | AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key) |
164 | #define aes_key_setup(key,int_key) \ | 165 | #define aes_key_setup(key,int_key) \ |
165 | AES_set_encrypt_key((const u_char *)(key),UMAC_KEY_LEN*8,int_key) | 166 | AES_set_encrypt_key((const u_char *)(key),UMAC_KEY_LEN*8,int_key) |
167 | #else | ||
168 | #include "rijndael.h" | ||
169 | #define AES_ROUNDS ((UMAC_KEY_LEN / 4) + 6) | ||
170 | typedef UINT8 aes_int_key[AES_ROUNDS+1][4][4]; /* AES internal */ | ||
171 | #define aes_encryption(in,out,int_key) \ | ||
172 | rijndaelEncrypt((u32 *)(int_key), AES_ROUNDS, (u8 *)(in), (u8 *)(out)) | ||
173 | #define aes_key_setup(key,int_key) \ | ||
174 | rijndaelKeySetupEnc((u32 *)(int_key), (const unsigned char *)(key), \ | ||
175 | UMAC_KEY_LEN*8) | ||
176 | #endif | ||
166 | 177 | ||
167 | /* The user-supplied UMAC key is stretched using AES in a counter | 178 | /* The user-supplied UMAC key is stretched using AES in a counter |
168 | * mode to supply all random bits needed by UMAC. The kdf function takes | 179 | * mode to supply all random bits needed by UMAC. The kdf function takes |