- markus@cvs.openbsd.org 2012/12/11 22:31:18

[PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h] [packet.c ssh_config.5 sshd_config.5] add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
author: Damien Miller <djm@mindrot.org> 2012-12-12 10:46:31 +1100
committer: Damien Miller <djm@mindrot.org> 2012-12-12 10:46:31 +1100
commit: af43a7ac2d77c57112b48f34c7a72be2adb761bc (patch)
tree: 4381616492fbbca62d39c042f16221f681c1d37f /mac.c
parent: 6a1937eac5da5bdcf33aaa922ce5de0c764e37ed (diff)
1 files changed, 28 insertions, 12 deletions
diff --git a/mac.c b/mac.c
index 47db127f5..0ece2e55d 100644
--- a/mac.c
+++ b/mac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mac.c,v 1.19 2012/10/04 13:21:50 markus Exp $ */
+/* $OpenBSD: mac.c,v 1.20 2012/12/11 22:31:18 markus Exp $ */
 /*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 *
@@ -58,19 +58,34 @@ struct {
        int             key_len;        /* just for UMAC */
        int             len;            /* just for UMAC */
 } macs[] = {
-        { "hmac-sha1",                  SSH_EVP, EVP_sha1, 0, -1, -1 },
+        /* Encrypt-and-MAC (encrypt-and-authenticate) variants */
-        { "hmac-sha1-96",               SSH_EVP, EVP_sha1, 96, -1, -1 },
+        { "hmac-sha1",                          SSH_EVP, EVP_sha1, 0, 0, 0, 0 },
+        { "hmac-sha1-96",                       SSH_EVP, EVP_sha1, 96, 0, 0, 0 },
 #ifdef HAVE_EVP_SHA256
-        { "hmac-sha2-256",              SSH_EVP, EVP_sha256, 0, -1, -1 },
+        { "hmac-sha2-256",                      SSH_EVP, EVP_sha256, 0, 0, 0, 0 },
-        { "hmac-sha2-512",              SSH_EVP, EVP_sha512, 0, -1, -1 },
+        { "hmac-sha2-512",                      SSH_EVP, EVP_sha512, 0, 0, 0, 0 },
 #endif
-        { "hmac-md5",                   SSH_EVP, EVP_md5, 0, -1, -1 },
+        { "hmac-md5",                           SSH_EVP, EVP_md5, 0, 0, 0, 0 },
-        { "hmac-md5-96",                SSH_EVP, EVP_md5, 96, -1, -1 },
+        { "hmac-md5-96",                        SSH_EVP, EVP_md5, 96, 0, 0, 0 },
-        { "hmac-ripemd160",             SSH_EVP, EVP_ripemd160, 0, -1, -1 },
+        { "hmac-ripemd160",                     SSH_EVP, EVP_ripemd160, 0, 0, 0, 0 },
-        { "hmac-ripemd160@openssh.com", SSH_EVP, EVP_ripemd160, 0, -1, -1 },
+        { "hmac-ripemd160@openssh.com",         SSH_EVP, EVP_ripemd160, 0, 0, 0, 0 },
-        { "umac-64@openssh.com",        SSH_UMAC, NULL, 0, 128, 64 },
+        { "umac-64@openssh.com",                SSH_UMAC, NULL, 0, 128, 64, 0 },
-        { "umac-128@openssh.com",       SSH_UMAC128, NULL, 0, 128, 128 },
+        { "umac-128@openssh.com",               SSH_UMAC128, NULL, 0, 128, 128, 0 },
-        { NULL,                         0, NULL, 0, -1, -1 }
+        /* Encrypt-then-MAC variants */
+        { "hmac-sha1-etm@openssh.com",          SSH_EVP, EVP_sha1, 0, 0, 0, 1 },
+        { "hmac-sha1-96-etm@openssh.com",       SSH_EVP, EVP_sha1, 96, 0, 0, 1 },
+#ifdef HAVE_EVP_SHA256
+        { "hmac-sha2-256-etm@openssh.com",      SSH_EVP, EVP_sha256, 0, 0, 0, 1 },
+        { "hmac-sha2-512-etm@openssh.com",      SSH_EVP, EVP_sha512, 0, 0, 0, 1 },
+#endif
+        { "hmac-md5-etm@openssh.com",           SSH_EVP, EVP_md5, 0, 0, 0, 1 },
+        { "hmac-md5-96-etm@openssh.com",        SSH_EVP, EVP_md5, 96, 0, 0, 1 },
+        { "hmac-ripemd160-tem@openssh.com",     SSH_EVP, EVP_ripemd160, 0, 0, 0, 1 },
+        { "umac-64-etm@openssh.com",            SSH_UMAC, NULL, 0, 128, 64, 1 },
+        { "umac-128-etm@openssh.com",           SSH_UMAC128, NULL, 0, 128, 128, 1 },
+        { NULL,                                 0, NULL, 0, 0, 0, 0 }
 };
 static void
@@ -90,6 +105,7 @@ mac_setup_by_id(Mac *mac, int which)
        }
        if (macs[which].truncatebits != 0)
                mac->mac_len = macs[which].truncatebits / 8;
+        mac->etm = macs[which].etm;
 }
 int
author	Damien Miller <djm@mindrot.org>	2012-12-12 10:46:31 +1100
committer	Damien Miller <djm@mindrot.org>	2012-12-12 10:46:31 +1100
commit	af43a7ac2d77c57112b48f34c7a72be2adb761bc (patch)
tree	4381616492fbbca62d39c042f16221f681c1d37f /mac.c
parent	6a1937eac5da5bdcf33aaa922ce5de0c764e37ed (diff)

diff --git a/mac.c b/mac.c index 47db127f5..0ece2e55d 100644 --- a/mac.c +++ b/mac.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: mac.c,v 1.19 2012/10/04 13:21:50 markus Exp $ */	1	/* $OpenBSD: mac.c,v 1.20 2012/12/11 22:31:18 markus Exp $ */
2	/*	2	/*
3	* Copyright (c) 2001 Markus Friedl. All rights reserved.	3	* Copyright (c) 2001 Markus Friedl. All rights reserved.
4	*	4	*
@@ -58,19 +58,34 @@ struct {
58	int key_len; /* just for UMAC */	58	int key_len; /* just for UMAC */
59	int len; /* just for UMAC */	59	int len; /* just for UMAC */
60	} macs[] = {	60	} macs[] = {
61	{ "hmac-sha1", SSH_EVP, EVP_sha1, 0, -1, -1 },	61	/* Encrypt-and-MAC (encrypt-and-authenticate) variants */
62	{ "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, -1, -1 },	62	{ "hmac-sha1", SSH_EVP, EVP_sha1, 0, 0, 0, 0 },
		63	{ "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, 0, 0, 0 },
63	#ifdef HAVE_EVP_SHA256	64	#ifdef HAVE_EVP_SHA256
64	{ "hmac-sha2-256", SSH_EVP, EVP_sha256, 0, -1, -1 },	65	{ "hmac-sha2-256", SSH_EVP, EVP_sha256, 0, 0, 0, 0 },
65	{ "hmac-sha2-512", SSH_EVP, EVP_sha512, 0, -1, -1 },	66	{ "hmac-sha2-512", SSH_EVP, EVP_sha512, 0, 0, 0, 0 },
66	#endif	67	#endif
67	{ "hmac-md5", SSH_EVP, EVP_md5, 0, -1, -1 },	68	{ "hmac-md5", SSH_EVP, EVP_md5, 0, 0, 0, 0 },
68	{ "hmac-md5-96", SSH_EVP, EVP_md5, 96, -1, -1 },	69	{ "hmac-md5-96", SSH_EVP, EVP_md5, 96, 0, 0, 0 },
69	{ "hmac-ripemd160", SSH_EVP, EVP_ripemd160, 0, -1, -1 },	70	{ "hmac-ripemd160", SSH_EVP, EVP_ripemd160, 0, 0, 0, 0 },
70	{ "hmac-ripemd160@openssh.com", SSH_EVP, EVP_ripemd160, 0, -1, -1 },	71	{ "hmac-ripemd160@openssh.com", SSH_EVP, EVP_ripemd160, 0, 0, 0, 0 },
71	{ "umac-64@openssh.com", SSH_UMAC, NULL, 0, 128, 64 },	72	{ "umac-64@openssh.com", SSH_UMAC, NULL, 0, 128, 64, 0 },
72	{ "umac-128@openssh.com", SSH_UMAC128, NULL, 0, 128, 128 },	73	{ "umac-128@openssh.com", SSH_UMAC128, NULL, 0, 128, 128, 0 },
73	{ NULL, 0, NULL, 0, -1, -1 }	74
		75	/* Encrypt-then-MAC variants */
		76	{ "hmac-sha1-etm@openssh.com", SSH_EVP, EVP_sha1, 0, 0, 0, 1 },
		77	{ "hmac-sha1-96-etm@openssh.com", SSH_EVP, EVP_sha1, 96, 0, 0, 1 },
		78	#ifdef HAVE_EVP_SHA256
		79	{ "hmac-sha2-256-etm@openssh.com", SSH_EVP, EVP_sha256, 0, 0, 0, 1 },
		80	{ "hmac-sha2-512-etm@openssh.com", SSH_EVP, EVP_sha512, 0, 0, 0, 1 },
		81	#endif
		82	{ "hmac-md5-etm@openssh.com", SSH_EVP, EVP_md5, 0, 0, 0, 1 },
		83	{ "hmac-md5-96-etm@openssh.com", SSH_EVP, EVP_md5, 96, 0, 0, 1 },
		84	{ "hmac-ripemd160-tem@openssh.com", SSH_EVP, EVP_ripemd160, 0, 0, 0, 1 },
		85	{ "umac-64-etm@openssh.com", SSH_UMAC, NULL, 0, 128, 64, 1 },
		86	{ "umac-128-etm@openssh.com", SSH_UMAC128, NULL, 0, 128, 128, 1 },
		87
		88	{ NULL, 0, NULL, 0, 0, 0, 0 }
74	};	89	};
75		90
76	static void	91	static void
@@ -90,6 +105,7 @@ mac_setup_by_id(Mac *mac, int which)
90	}	105	}
91	if (macs[which].truncatebits != 0)	106	if (macs[which].truncatebits != 0)
92	mac->mac_len = macs[which].truncatebits / 8;	107	mac->mac_len = macs[which].truncatebits / 8;
		108	mac->etm = macs[which].etm;
93	}	109	}
94		110
95	int	111	int