From 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 15 May 2014 14:24:09 +1000 Subject: - markus@cvs.openbsd.org 2014/04/29 18:01:49 [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm --- mac.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'mac.c') diff --git a/mac.c b/mac.c index 097757213..fc2bd4276 100644 --- a/mac.c +++ b/mac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.c,v 1.28 2014/02/07 06:55:54 djm Exp $ */ +/* $OpenBSD: mac.c,v 1.29 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -72,8 +72,10 @@ static const struct macalg macs[] = { { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 }, { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, { "hmac-ripemd160@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, +#ifdef WITH_OPENSSL { "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 }, { "umac-128@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 }, +#endif /* Encrypt-then-MAC variants */ { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 }, @@ -85,8 +87,10 @@ static const struct macalg macs[] = { { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 }, { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 }, { "hmac-ripemd160-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 }, +#ifdef WITH_OPENSSL { "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 }, { "umac-128-etm@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 }, +#endif { NULL, 0, 0, 0, 0, 0, 0 } }; @@ -119,9 +123,11 @@ mac_setup_by_alg(Mac *mac, const struct macalg *macalg) fatal("ssh_hmac_start(alg=%d) failed", macalg->alg); mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg); } else { +#ifdef WITH_OPENSSL mac->mac_len = macalg->len / 8; mac->key_len = macalg->key_len / 8; mac->umac_ctx = NULL; +#endif } if (macalg->truncatebits != 0) mac->mac_len = macalg->truncatebits / 8; @@ -157,12 +163,14 @@ mac_init(Mac *mac) ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0) return -1; return 0; +#ifdef WITH_OPENSSL case SSH_UMAC: mac->umac_ctx = umac_new(mac->key); return 0; case SSH_UMAC128: mac->umac_ctx = umac128_new(mac->key); return 0; +#endif default: return -1; } @@ -175,7 +183,10 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) u_char m[EVP_MAX_MD_SIZE]; u_int64_t for_align; } u; - u_char b[4], nonce[8]; + u_char b[4]; +#ifdef WITH_OPENSSL + u_char nonce[8]; +#endif if (mac->mac_len > sizeof(u)) fatal("mac_compute: mac too long %u %zu", @@ -191,6 +202,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0) fatal("ssh_hmac failed"); break; +#ifdef WITH_OPENSSL case SSH_UMAC: put_u64(nonce, seqno); umac_update(mac->umac_ctx, data, datalen); @@ -201,6 +213,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) umac128_update(mac->umac_ctx, data, datalen); umac128_final(mac->umac_ctx, u.m, nonce); break; +#endif default: fatal("mac_compute: unknown MAC type"); } @@ -210,6 +223,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) void mac_clear(Mac *mac) { +#ifdef WITH_OPENSSL if (mac->type == SSH_UMAC) { if (mac->umac_ctx != NULL) umac_delete(mac->umac_ctx); @@ -217,6 +231,7 @@ mac_clear(Mac *mac) if (mac->umac_ctx != NULL) umac128_delete(mac->umac_ctx); } else if (mac->hmac_ctx != NULL) +#endif ssh_hmac_free(mac->hmac_ctx); mac->hmac_ctx = NULL; mac->umac_ctx = NULL; -- cgit v1.2.3 From 294c58a007cfb2f3bddc4fc3217e255857ffb9bf Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 15 May 2014 14:35:03 +1000 Subject: - naddy@cvs.openbsd.org 2014/04/30 19:07:48 [mac.c myproposal.h umac.c] UMAC can use our local fallback implementation of AES when OpenSSL isn't available. Glue code straight from Ted Krovetz's original umac.c. ok markus@ --- ChangeLog | 5 +++++ mac.c | 16 +--------------- myproposal.h | 6 +++++- umac.c | 13 ++++++++++++- 4 files changed, 23 insertions(+), 17 deletions(-) (limited to 'mac.c') diff --git a/ChangeLog b/ChangeLog index 5ffe464e3..eb4fac66d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -66,6 +66,11 @@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review. + - naddy@cvs.openbsd.org 2014/04/30 19:07:48 + [mac.c myproposal.h umac.c] + UMAC can use our local fallback implementation of AES when OpenSSL isn't + available. Glue code straight from Ted Krovetz's original umac.c. + ok markus@ 20140430 - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already diff --git a/mac.c b/mac.c index fc2bd4276..402dc984c 100644 --- a/mac.c +++ b/mac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.c,v 1.29 2014/04/29 18:01:49 markus Exp $ */ +/* $OpenBSD: mac.c,v 1.30 2014/04/30 19:07:48 naddy Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -72,10 +72,8 @@ static const struct macalg macs[] = { { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 }, { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, { "hmac-ripemd160@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, -#ifdef WITH_OPENSSL { "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 }, { "umac-128@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 }, -#endif /* Encrypt-then-MAC variants */ { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 }, @@ -87,10 +85,8 @@ static const struct macalg macs[] = { { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 }, { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 }, { "hmac-ripemd160-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 }, -#ifdef WITH_OPENSSL { "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 }, { "umac-128-etm@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 }, -#endif { NULL, 0, 0, 0, 0, 0, 0 } }; @@ -123,11 +119,9 @@ mac_setup_by_alg(Mac *mac, const struct macalg *macalg) fatal("ssh_hmac_start(alg=%d) failed", macalg->alg); mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg); } else { -#ifdef WITH_OPENSSL mac->mac_len = macalg->len / 8; mac->key_len = macalg->key_len / 8; mac->umac_ctx = NULL; -#endif } if (macalg->truncatebits != 0) mac->mac_len = macalg->truncatebits / 8; @@ -163,14 +157,12 @@ mac_init(Mac *mac) ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0) return -1; return 0; -#ifdef WITH_OPENSSL case SSH_UMAC: mac->umac_ctx = umac_new(mac->key); return 0; case SSH_UMAC128: mac->umac_ctx = umac128_new(mac->key); return 0; -#endif default: return -1; } @@ -184,9 +176,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) u_int64_t for_align; } u; u_char b[4]; -#ifdef WITH_OPENSSL u_char nonce[8]; -#endif if (mac->mac_len > sizeof(u)) fatal("mac_compute: mac too long %u %zu", @@ -202,7 +192,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0) fatal("ssh_hmac failed"); break; -#ifdef WITH_OPENSSL case SSH_UMAC: put_u64(nonce, seqno); umac_update(mac->umac_ctx, data, datalen); @@ -213,7 +202,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) umac128_update(mac->umac_ctx, data, datalen); umac128_final(mac->umac_ctx, u.m, nonce); break; -#endif default: fatal("mac_compute: unknown MAC type"); } @@ -223,7 +211,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) void mac_clear(Mac *mac) { -#ifdef WITH_OPENSSL if (mac->type == SSH_UMAC) { if (mac->umac_ctx != NULL) umac_delete(mac->umac_ctx); @@ -231,7 +218,6 @@ mac_clear(Mac *mac) if (mac->umac_ctx != NULL) umac128_delete(mac->umac_ctx); } else if (mac->hmac_ctx != NULL) -#endif ssh_hmac_free(mac->hmac_ctx); mac->hmac_ctx = NULL; mac->umac_ctx = NULL; diff --git a/myproposal.h b/myproposal.h index 020f35c77..30cb20b44 100644 --- a/myproposal.h +++ b/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.39 2014/04/29 18:01:49 markus Exp $ */ +/* $OpenBSD: myproposal.h,v 1.40 2014/04/30 19:07:48 naddy Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -146,8 +146,12 @@ "aes128-ctr,aes192-ctr,aes256-ctr," \ "chacha20-poly1305@openssh.com" #define KEX_SERVER_MAC \ + "umac-64-etm@openssh.com," \ + "umac-128-etm@openssh.com," \ "hmac-sha2-256-etm@openssh.com," \ "hmac-sha2-512-etm@openssh.com," \ + "umac-64@openssh.com," \ + "umac-128@openssh.com," \ "hmac-sha2-256," \ "hmac-sha2-512" diff --git a/umac.c b/umac.c index 0cb64321b..670d173e7 100644 --- a/umac.c +++ b/umac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: umac.c,v 1.9 2014/04/20 02:30:25 djm Exp $ */ +/* $OpenBSD: umac.c,v 1.10 2014/04/30 19:07:48 naddy Exp $ */ /* ----------------------------------------------------------------------- * * umac.c -- C Implementation UMAC Message Authentication @@ -154,6 +154,7 @@ typedef unsigned int UWORD; /* Register */ #define AES_BLOCK_LEN 16 /* OpenSSL's AES */ +#ifdef WITH_OPENSSL #include "openbsd-compat/openssl-compat.h" #ifndef USE_BUILTIN_RIJNDAEL # include @@ -163,6 +164,16 @@ typedef AES_KEY aes_int_key[1]; AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key) #define aes_key_setup(key,int_key) \ AES_set_encrypt_key((const u_char *)(key),UMAC_KEY_LEN*8,int_key) +#else +#include "rijndael.h" +#define AES_ROUNDS ((UMAC_KEY_LEN / 4) + 6) +typedef UINT8 aes_int_key[AES_ROUNDS+1][4][4]; /* AES internal */ +#define aes_encryption(in,out,int_key) \ + rijndaelEncrypt((u32 *)(int_key), AES_ROUNDS, (u8 *)(in), (u8 *)(out)) +#define aes_key_setup(key,int_key) \ + rijndaelKeySetupEnc((u32 *)(int_key), (const unsigned char *)(key), \ + UMAC_KEY_LEN*8) +#endif /* The user-supplied UMAC key is stretched using AES in a counter * mode to supply all random bits needed by UMAC. The kdf function takes -- cgit v1.2.3