8 files changed, 38 insertions, 15 deletions
diff --git a/ChangeLog b/ChangeLog
index e4899f36e..cb28e777d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,9 @@
   - djm@cvs.openbsd.org 2012/10/02 07:07:45
     [ssh-keygen.c]
     fix -z option, broken in revision 1.215
+   - markus@cvs.openbsd.org 2012/10/04 13:21:50
+     [myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c]
+     add umac128 variant; ok djm@ at n2k12
 20120917
 - (dtucker) OpenBSD CVS Sync
diff --git a/mac.c b/mac.c
index 9b450e4e2..47db127f5 100644
--- a/mac.c
+++ b/mac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mac.c,v 1.18 2012/06/28 05:07:45 dtucker Exp $ */
+/* $OpenBSD: mac.c,v 1.19 2012/10/04 13:21:50 markus Exp $ */
 /*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 *
@@ -48,6 +48,7 @@
 #define SSH_EVP         1       /* OpenSSL EVP-based MAC */
 #define SSH_UMAC        2       /* UMAC (not integrated with OpenSSL) */
+#define SSH_UMAC128     3
 struct {
        char            *name;
@@ -68,6 +69,7 @@ struct {
        { "hmac-ripemd160",             SSH_EVP, EVP_ripemd160, 0, -1, -1 },
        { "hmac-ripemd160@openssh.com", SSH_EVP, EVP_ripemd160, 0, -1, -1 },
        { "umac-64@openssh.com",        SSH_UMAC, NULL, 0, 128, 64 },
+        { "umac-128@openssh.com",       SSH_UMAC128, NULL, 0, 128, 128 },
        { NULL,                         0, NULL, 0, -1, -1 }
 };
@@ -122,6 +124,9 @@ mac_init(Mac *mac)
        case SSH_UMAC:
                mac->umac_ctx = umac_new(mac->key);
                return 0;
+        case SSH_UMAC128:
+                mac->umac_ctx = umac128_new(mac->key);
+                return 0;
        default:
                return -1;
        }
@@ -151,6 +156,11 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
                umac_update(mac->umac_ctx, data, datalen);
                umac_final(mac->umac_ctx, m, nonce);
                break;
+        case SSH_UMAC128:
+                put_u64(nonce, seqno);
+                umac128_update(mac->umac_ctx, data, datalen);
+                umac128_final(mac->umac_ctx, m, nonce);
+                break;
        default:
                fatal("mac_compute: unknown MAC type");
        }
@@ -163,6 +173,9 @@ mac_clear(Mac *mac)
        if (mac->type == SSH_UMAC) {
                if (mac->umac_ctx != NULL)
                        umac_delete(mac->umac_ctx);
+        } else if (mac->type == SSH_UMAC128) {
+                if (mac->umac_ctx != NULL)
+                        umac128_delete(mac->umac_ctx);
        } else if (mac->evp_md != NULL)
                HMAC_cleanup(&mac->evp_ctx);
        mac->evp_md = NULL;
diff --git a/myproposal.h b/myproposal.h
index b9b819c0a..996c40765 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.29 2012/06/28 05:07:45 dtucker Exp $ */
+/* $OpenBSD: myproposal.h,v 1.30 2012/10/04 13:21:50 markus Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -86,6 +86,7 @@
        "hmac-md5," \
        "hmac-sha1," \
        "umac-64@openssh.com," \
+       "umac-128@openssh.com," \
        SHA2_HMAC_MODES \
        "hmac-ripemd160," \
        "hmac-ripemd160@openssh.com," \
diff --git a/ssh.1 b/ssh.1
index e9bf3eaca..a5576edb6 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.329 2012/09/26 16:12:13 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.330 2012/10/04 13:21:50 markus Exp $
-.Dd $Mdocdate: September 26 2012 $
+.Dd $Mdocdate: October 4 2012 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -674,7 +674,7 @@ it provides additional mechanisms for confidentiality
 (the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
 and integrity (hmac-md5, hmac-sha1,
 hmac-sha2-256, hmac-sha2-512,
-umac-64, hmac-ripemd160).
+umac-64, umac-128, hmac-ripemd160).
 Protocol 1 lacks a strong mechanism for ensuring the
 integrity of the connection.
 .Pp
diff --git a/ssh_config.5 b/ssh_config.5
index 36b1af195..d3e801df0 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.157 2012/06/29 13:57:25 naddy Exp $
+.\" $OpenBSD: ssh_config.5,v 1.158 2012/10/04 13:21:50 markus Exp $
-.Dd $Mdocdate: June 29 2012 $
+.Dd $Mdocdate: October 4 2012 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -792,7 +792,7 @@ for data integrity protection.
 Multiple algorithms must be comma-separated.
 The default is:
 .Bd -literal -offset indent
-hmac-md5,hmac-sha1,umac-64@openssh.com,
+hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
 hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
 hmac-sha1-96,hmac-md5-96
 .Ed
diff --git a/sshd.8 b/sshd.8
index a1a74d86a..132397839 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.266 2012/06/18 12:07:07 dtucker Exp $
+.\" $OpenBSD: sshd.8,v 1.267 2012/10/04 13:21:50 markus Exp $
-.Dd $Mdocdate: June 18 2012 $
+.Dd $Mdocdate: October 4 2012 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -316,7 +316,7 @@ The client selects the encryption algorithm
 to use from those offered by the server.
 Additionally, session integrity is provided
 through a cryptographic message authentication code
-(hmac-md5, hmac-sha1, umac-64, hmac-ripemd160,
+(hmac-md5, hmac-sha1, umac-64, umac-128, hmac-ripemd160,
 hmac-sha2-256 or hmac-sha2-512).
 .Pp
 Finally, the server and the client enter an authentication dialog.
diff --git a/sshd_config.5 b/sshd_config.5
index 314ecfb0e..987558ae8 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.144 2012/06/29 13:57:25 naddy Exp $
+.\" $OpenBSD: sshd_config.5,v 1.145 2012/10/04 13:21:50 markus Exp $
-.Dd $Mdocdate: June 29 2012 $
+.Dd $Mdocdate: October 4 2012 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -656,7 +656,7 @@ for data integrity protection.
 Multiple algorithms must be comma-separated.
 The default is:
 .Bd -literal -offset indent
-hmac-md5,hmac-sha1,umac-64@openssh.com,
+hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
 hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
 hmac-sha1-96,hmac-md5-96
 .Ed
diff --git a/umac.h b/umac.h
index 055c705f8..6795112a3 100644
--- a/umac.h
+++ b/umac.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: umac.h,v 1.1 2007/06/07 19:37:34 pvalchev Exp $ */
+/* $OpenBSD: umac.h,v 1.2 2012/10/04 13:21:50 markus Exp $ */
 /* -----------------------------------------------------------------------
 * 
 * umac.h -- C Implementation UMAC Message Authentication
@@ -116,6 +116,12 @@ int uhash(uhash_ctx_t ctx,
 #endif
+/* matching umac-128 API, we reuse umac_ctx, since it's opaque */
+struct umac_ctx *umac128_new(u_char key[]);
+int umac128_update(struct umac_ctx *ctx, u_char *input, long len);
+int umac128_final(struct umac_ctx *ctx, u_char tag[], u_char nonce[8]);
+int umac128_delete(struct umac_ctx *ctx);
 #ifdef __cplusplus
    }
 #endif