summaryrefslogtreecommitdiff
path: root/mac.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-05-15 14:24:09 +1000
committerDamien Miller <djm@mindrot.org>2014-05-15 14:24:09 +1000
commit1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 (patch)
treeae708c2a25f84a04bcb04f2dbf3e8039e0f692bc /mac.c
parentc5893785564498cea73cb60d2cf199490483e080 (diff)
- markus@cvs.openbsd.org 2014/04/29 18:01:49
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
Diffstat (limited to 'mac.c')
-rw-r--r--mac.c19
1 files changed, 17 insertions, 2 deletions
diff --git a/mac.c b/mac.c
index 097757213..fc2bd4276 100644
--- a/mac.c
+++ b/mac.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mac.c,v 1.28 2014/02/07 06:55:54 djm Exp $ */ 1/* $OpenBSD: mac.c,v 1.29 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -72,8 +72,10 @@ static const struct macalg macs[] = {
72 { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 }, 72 { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 },
73 { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, 73 { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
74 { "hmac-ripemd160@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, 74 { "hmac-ripemd160@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
75#ifdef WITH_OPENSSL
75 { "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 }, 76 { "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 },
76 { "umac-128@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 }, 77 { "umac-128@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 },
78#endif
77 79
78 /* Encrypt-then-MAC variants */ 80 /* Encrypt-then-MAC variants */
79 { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 }, 81 { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 },
@@ -85,8 +87,10 @@ static const struct macalg macs[] = {
85 { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 }, 87 { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 },
86 { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 }, 88 { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 },
87 { "hmac-ripemd160-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 }, 89 { "hmac-ripemd160-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 },
90#ifdef WITH_OPENSSL
88 { "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 }, 91 { "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 },
89 { "umac-128-etm@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 }, 92 { "umac-128-etm@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 },
93#endif
90 94
91 { NULL, 0, 0, 0, 0, 0, 0 } 95 { NULL, 0, 0, 0, 0, 0, 0 }
92}; 96};
@@ -119,9 +123,11 @@ mac_setup_by_alg(Mac *mac, const struct macalg *macalg)
119 fatal("ssh_hmac_start(alg=%d) failed", macalg->alg); 123 fatal("ssh_hmac_start(alg=%d) failed", macalg->alg);
120 mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg); 124 mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg);
121 } else { 125 } else {
126#ifdef WITH_OPENSSL
122 mac->mac_len = macalg->len / 8; 127 mac->mac_len = macalg->len / 8;
123 mac->key_len = macalg->key_len / 8; 128 mac->key_len = macalg->key_len / 8;
124 mac->umac_ctx = NULL; 129 mac->umac_ctx = NULL;
130#endif
125 } 131 }
126 if (macalg->truncatebits != 0) 132 if (macalg->truncatebits != 0)
127 mac->mac_len = macalg->truncatebits / 8; 133 mac->mac_len = macalg->truncatebits / 8;
@@ -157,12 +163,14 @@ mac_init(Mac *mac)
157 ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0) 163 ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0)
158 return -1; 164 return -1;
159 return 0; 165 return 0;
166#ifdef WITH_OPENSSL
160 case SSH_UMAC: 167 case SSH_UMAC:
161 mac->umac_ctx = umac_new(mac->key); 168 mac->umac_ctx = umac_new(mac->key);
162 return 0; 169 return 0;
163 case SSH_UMAC128: 170 case SSH_UMAC128:
164 mac->umac_ctx = umac128_new(mac->key); 171 mac->umac_ctx = umac128_new(mac->key);
165 return 0; 172 return 0;
173#endif
166 default: 174 default:
167 return -1; 175 return -1;
168 } 176 }
@@ -175,7 +183,10 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
175 u_char m[EVP_MAX_MD_SIZE]; 183 u_char m[EVP_MAX_MD_SIZE];
176 u_int64_t for_align; 184 u_int64_t for_align;
177 } u; 185 } u;
178 u_char b[4], nonce[8]; 186 u_char b[4];
187#ifdef WITH_OPENSSL
188 u_char nonce[8];
189#endif
179 190
180 if (mac->mac_len > sizeof(u)) 191 if (mac->mac_len > sizeof(u))
181 fatal("mac_compute: mac too long %u %zu", 192 fatal("mac_compute: mac too long %u %zu",
@@ -191,6 +202,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
191 ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0) 202 ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0)
192 fatal("ssh_hmac failed"); 203 fatal("ssh_hmac failed");
193 break; 204 break;
205#ifdef WITH_OPENSSL
194 case SSH_UMAC: 206 case SSH_UMAC:
195 put_u64(nonce, seqno); 207 put_u64(nonce, seqno);
196 umac_update(mac->umac_ctx, data, datalen); 208 umac_update(mac->umac_ctx, data, datalen);
@@ -201,6 +213,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
201 umac128_update(mac->umac_ctx, data, datalen); 213 umac128_update(mac->umac_ctx, data, datalen);
202 umac128_final(mac->umac_ctx, u.m, nonce); 214 umac128_final(mac->umac_ctx, u.m, nonce);
203 break; 215 break;
216#endif
204 default: 217 default:
205 fatal("mac_compute: unknown MAC type"); 218 fatal("mac_compute: unknown MAC type");
206 } 219 }
@@ -210,6 +223,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
210void 223void
211mac_clear(Mac *mac) 224mac_clear(Mac *mac)
212{ 225{
226#ifdef WITH_OPENSSL
213 if (mac->type == SSH_UMAC) { 227 if (mac->type == SSH_UMAC) {
214 if (mac->umac_ctx != NULL) 228 if (mac->umac_ctx != NULL)
215 umac_delete(mac->umac_ctx); 229 umac_delete(mac->umac_ctx);
@@ -217,6 +231,7 @@ mac_clear(Mac *mac)
217 if (mac->umac_ctx != NULL) 231 if (mac->umac_ctx != NULL)
218 umac128_delete(mac->umac_ctx); 232 umac128_delete(mac->umac_ctx);
219 } else if (mac->hmac_ctx != NULL) 233 } else if (mac->hmac_ctx != NULL)
234#endif
220 ssh_hmac_free(mac->hmac_ctx); 235 ssh_hmac_free(mac->hmac_ctx);
221 mac->hmac_ctx = NULL; 236 mac->hmac_ctx = NULL;
222 mac->umac_ctx = NULL; 237 mac->umac_ctx = NULL;