summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--mac.c16
-rw-r--r--myproposal.h6
-rw-r--r--umac.c13
4 files changed, 23 insertions, 17 deletions
diff --git a/ChangeLog b/ChangeLog
index 5ffe464e3..eb4fac66d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -66,6 +66,11 @@
66 66
67 Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew 67 Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
68 Dempsky and Ron Bowes for a detailed review. 68 Dempsky and Ron Bowes for a detailed review.
69 - naddy@cvs.openbsd.org 2014/04/30 19:07:48
70 [mac.c myproposal.h umac.c]
71 UMAC can use our local fallback implementation of AES when OpenSSL isn't
72 available. Glue code straight from Ted Krovetz's original umac.c.
73 ok markus@
69 74
7020140430 7520140430
71 - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already 76 - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already
diff --git a/mac.c b/mac.c
index fc2bd4276..402dc984c 100644
--- a/mac.c
+++ b/mac.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mac.c,v 1.29 2014/04/29 18:01:49 markus Exp $ */ 1/* $OpenBSD: mac.c,v 1.30 2014/04/30 19:07:48 naddy Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -72,10 +72,8 @@ static const struct macalg macs[] = {
72 { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 }, 72 { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 },
73 { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, 73 { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
74 { "hmac-ripemd160@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, 74 { "hmac-ripemd160@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
75#ifdef WITH_OPENSSL
76 { "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 }, 75 { "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 },
77 { "umac-128@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 }, 76 { "umac-128@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 },
78#endif
79 77
80 /* Encrypt-then-MAC variants */ 78 /* Encrypt-then-MAC variants */
81 { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 }, 79 { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 },
@@ -87,10 +85,8 @@ static const struct macalg macs[] = {
87 { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 }, 85 { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 },
88 { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 }, 86 { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 },
89 { "hmac-ripemd160-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 }, 87 { "hmac-ripemd160-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 },
90#ifdef WITH_OPENSSL
91 { "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 }, 88 { "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 },
92 { "umac-128-etm@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 }, 89 { "umac-128-etm@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 },
93#endif
94 90
95 { NULL, 0, 0, 0, 0, 0, 0 } 91 { NULL, 0, 0, 0, 0, 0, 0 }
96}; 92};
@@ -123,11 +119,9 @@ mac_setup_by_alg(Mac *mac, const struct macalg *macalg)
123 fatal("ssh_hmac_start(alg=%d) failed", macalg->alg); 119 fatal("ssh_hmac_start(alg=%d) failed", macalg->alg);
124 mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg); 120 mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg);
125 } else { 121 } else {
126#ifdef WITH_OPENSSL
127 mac->mac_len = macalg->len / 8; 122 mac->mac_len = macalg->len / 8;
128 mac->key_len = macalg->key_len / 8; 123 mac->key_len = macalg->key_len / 8;
129 mac->umac_ctx = NULL; 124 mac->umac_ctx = NULL;
130#endif
131 } 125 }
132 if (macalg->truncatebits != 0) 126 if (macalg->truncatebits != 0)
133 mac->mac_len = macalg->truncatebits / 8; 127 mac->mac_len = macalg->truncatebits / 8;
@@ -163,14 +157,12 @@ mac_init(Mac *mac)
163 ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0) 157 ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0)
164 return -1; 158 return -1;
165 return 0; 159 return 0;
166#ifdef WITH_OPENSSL
167 case SSH_UMAC: 160 case SSH_UMAC:
168 mac->umac_ctx = umac_new(mac->key); 161 mac->umac_ctx = umac_new(mac->key);
169 return 0; 162 return 0;
170 case SSH_UMAC128: 163 case SSH_UMAC128:
171 mac->umac_ctx = umac128_new(mac->key); 164 mac->umac_ctx = umac128_new(mac->key);
172 return 0; 165 return 0;
173#endif
174 default: 166 default:
175 return -1; 167 return -1;
176 } 168 }
@@ -184,9 +176,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
184 u_int64_t for_align; 176 u_int64_t for_align;
185 } u; 177 } u;
186 u_char b[4]; 178 u_char b[4];
187#ifdef WITH_OPENSSL
188 u_char nonce[8]; 179 u_char nonce[8];
189#endif
190 180
191 if (mac->mac_len > sizeof(u)) 181 if (mac->mac_len > sizeof(u))
192 fatal("mac_compute: mac too long %u %zu", 182 fatal("mac_compute: mac too long %u %zu",
@@ -202,7 +192,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
202 ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0) 192 ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0)
203 fatal("ssh_hmac failed"); 193 fatal("ssh_hmac failed");
204 break; 194 break;
205#ifdef WITH_OPENSSL
206 case SSH_UMAC: 195 case SSH_UMAC:
207 put_u64(nonce, seqno); 196 put_u64(nonce, seqno);
208 umac_update(mac->umac_ctx, data, datalen); 197 umac_update(mac->umac_ctx, data, datalen);
@@ -213,7 +202,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
213 umac128_update(mac->umac_ctx, data, datalen); 202 umac128_update(mac->umac_ctx, data, datalen);
214 umac128_final(mac->umac_ctx, u.m, nonce); 203 umac128_final(mac->umac_ctx, u.m, nonce);
215 break; 204 break;
216#endif
217 default: 205 default:
218 fatal("mac_compute: unknown MAC type"); 206 fatal("mac_compute: unknown MAC type");
219 } 207 }
@@ -223,7 +211,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
223void 211void
224mac_clear(Mac *mac) 212mac_clear(Mac *mac)
225{ 213{
226#ifdef WITH_OPENSSL
227 if (mac->type == SSH_UMAC) { 214 if (mac->type == SSH_UMAC) {
228 if (mac->umac_ctx != NULL) 215 if (mac->umac_ctx != NULL)
229 umac_delete(mac->umac_ctx); 216 umac_delete(mac->umac_ctx);
@@ -231,7 +218,6 @@ mac_clear(Mac *mac)
231 if (mac->umac_ctx != NULL) 218 if (mac->umac_ctx != NULL)
232 umac128_delete(mac->umac_ctx); 219 umac128_delete(mac->umac_ctx);
233 } else if (mac->hmac_ctx != NULL) 220 } else if (mac->hmac_ctx != NULL)
234#endif
235 ssh_hmac_free(mac->hmac_ctx); 221 ssh_hmac_free(mac->hmac_ctx);
236 mac->hmac_ctx = NULL; 222 mac->hmac_ctx = NULL;
237 mac->umac_ctx = NULL; 223 mac->umac_ctx = NULL;
diff --git a/myproposal.h b/myproposal.h
index 020f35c77..30cb20b44 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: myproposal.h,v 1.39 2014/04/29 18:01:49 markus Exp $ */ 1/* $OpenBSD: myproposal.h,v 1.40 2014/04/30 19:07:48 naddy Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -146,8 +146,12 @@
146 "aes128-ctr,aes192-ctr,aes256-ctr," \ 146 "aes128-ctr,aes192-ctr,aes256-ctr," \
147 "chacha20-poly1305@openssh.com" 147 "chacha20-poly1305@openssh.com"
148#define KEX_SERVER_MAC \ 148#define KEX_SERVER_MAC \
149 "umac-64-etm@openssh.com," \
150 "umac-128-etm@openssh.com," \
149 "hmac-sha2-256-etm@openssh.com," \ 151 "hmac-sha2-256-etm@openssh.com," \
150 "hmac-sha2-512-etm@openssh.com," \ 152 "hmac-sha2-512-etm@openssh.com," \
153 "umac-64@openssh.com," \
154 "umac-128@openssh.com," \
151 "hmac-sha2-256," \ 155 "hmac-sha2-256," \
152 "hmac-sha2-512" 156 "hmac-sha2-512"
153 157
diff --git a/umac.c b/umac.c
index 0cb64321b..670d173e7 100644
--- a/umac.c
+++ b/umac.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: umac.c,v 1.9 2014/04/20 02:30:25 djm Exp $ */ 1/* $OpenBSD: umac.c,v 1.10 2014/04/30 19:07:48 naddy Exp $ */
2/* ----------------------------------------------------------------------- 2/* -----------------------------------------------------------------------
3 * 3 *
4 * umac.c -- C Implementation UMAC Message Authentication 4 * umac.c -- C Implementation UMAC Message Authentication
@@ -154,6 +154,7 @@ typedef unsigned int UWORD; /* Register */
154#define AES_BLOCK_LEN 16 154#define AES_BLOCK_LEN 16
155 155
156/* OpenSSL's AES */ 156/* OpenSSL's AES */
157#ifdef WITH_OPENSSL
157#include "openbsd-compat/openssl-compat.h" 158#include "openbsd-compat/openssl-compat.h"
158#ifndef USE_BUILTIN_RIJNDAEL 159#ifndef USE_BUILTIN_RIJNDAEL
159# include <openssl/aes.h> 160# include <openssl/aes.h>
@@ -163,6 +164,16 @@ typedef AES_KEY aes_int_key[1];
163 AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key) 164 AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key)
164#define aes_key_setup(key,int_key) \ 165#define aes_key_setup(key,int_key) \
165 AES_set_encrypt_key((const u_char *)(key),UMAC_KEY_LEN*8,int_key) 166 AES_set_encrypt_key((const u_char *)(key),UMAC_KEY_LEN*8,int_key)
167#else
168#include "rijndael.h"
169#define AES_ROUNDS ((UMAC_KEY_LEN / 4) + 6)
170typedef UINT8 aes_int_key[AES_ROUNDS+1][4][4]; /* AES internal */
171#define aes_encryption(in,out,int_key) \
172 rijndaelEncrypt((u32 *)(int_key), AES_ROUNDS, (u8 *)(in), (u8 *)(out))
173#define aes_key_setup(key,int_key) \
174 rijndaelKeySetupEnc((u32 *)(int_key), (const unsigned char *)(key), \
175 UMAC_KEY_LEN*8)
176#endif
166 177
167/* The user-supplied UMAC key is stretched using AES in a counter 178/* The user-supplied UMAC key is stretched using AES in a counter
168 * mode to supply all random bits needed by UMAC. The kdf function takes 179 * mode to supply all random bits needed by UMAC. The kdf function takes
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-23 01:45:00 +0000