UMAC can use our local fallback implementation of AES when OpenSSL isn't

available.  Glue code straight from Ted Krovetz's original umac.c.
ok markus@

diff --git a/usr.bin/ssh/lib/Makefile b/usr.bin/ssh/lib/Makefile
index 8df065e..8f1e734 100644 (file)
--- a/usr.bin/ssh/lib/Makefile
+++ b/usr.bin/ssh/lib/Makefile
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.77 2014/04/30 05:29:56 djm Exp $
+#      $OpenBSD: Makefile,v 1.78 2014/04/30 19:07:48 naddy Exp $
 
 .PATH:         ${.CURDIR}/..
 .include "${.CURDIR}/../Makefile.inc"
@@ -26,12 +26,12 @@ SRCS=       ${LIB_SRCS} \
        msg.c progressmeter.c dns.c \
        monitor_fdpass.c addrmatch.c \
        smult_curve25519_ref.c kexc25519.c kexc25519c.c \
-       chacha.c poly1305.c cipher-chachapoly.c ssh-ed25519.c hmac.c
+       chacha.c poly1305.c cipher-chachapoly.c ssh-ed25519.c hmac.c umac.c
 
 .if (${OPENSSL:L} == "yes")
 SRCS+= bufec.c bufbn.c cipher-3des1.c cipher-bf1.c rsa.c \
        ssh-dss.c ssh-rsa.c ssh-ecdsa.c dh.c kexdh.c kexgex.c kexecdh.c \
-       kexdhc.c kexgexc.c kexecdhc.c umac.c ssh-pkcs11.c \
+       kexdhc.c kexgexc.c kexecdhc.c ssh-pkcs11.c \
        krl.c digest-openssl.c
 .else
 SRCS+= digest-libc.c rijndael.c cipher-aesctr.c

diff --git a/usr.bin/ssh/mac.c b/usr.bin/ssh/mac.c
index fa18e57..0842f98 100644 (file)
--- a/usr.bin/ssh/mac.c
+++ b/usr.bin/ssh/mac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mac.c,v 1.29 2014/04/29 18:01:49 markus Exp $ */
+/* $OpenBSD: mac.c,v 1.30 2014/04/30 19:07:48 naddy Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -67,10 +67,8 @@ static const struct macalg macs[] = {
        { "hmac-md5-96",                        SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 },
        { "hmac-ripemd160",                     SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
        { "hmac-ripemd160@openssh.com",         SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
-#ifdef WITH_OPENSSL
        { "umac-64@openssh.com",                SSH_UMAC, 0, 0, 128, 64, 0 },
        { "umac-128@openssh.com",               SSH_UMAC128, 0, 0, 128, 128, 0 },
-#endif
 
        /* Encrypt-then-MAC variants */
        { "hmac-sha1-etm@openssh.com",          SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 },
@@ -80,10 +78,8 @@ static const struct macalg macs[] = {
        { "hmac-md5-etm@openssh.com",           SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 },
        { "hmac-md5-96-etm@openssh.com",        SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 },
        { "hmac-ripemd160-etm@openssh.com",     SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 },
-#ifdef WITH_OPENSSL
        { "umac-64-etm@openssh.com",            SSH_UMAC, 0, 0, 128, 64, 1 },
        { "umac-128-etm@openssh.com",           SSH_UMAC128, 0, 0, 128, 128, 1 },
-#endif
 
        { NULL,                                 0, 0, 0, 0, 0, 0 }
 };
@@ -116,11 +112,9 @@ mac_setup_by_alg(Mac *mac, const struct macalg *macalg)
                        fatal("ssh_hmac_start(alg=%d) failed", macalg->alg);
                mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg);
        } else {
-#ifdef WITH_OPENSSL
                mac->mac_len = macalg->len / 8;
                mac->key_len = macalg->key_len / 8;
                mac->umac_ctx = NULL;
-#endif
        }
        if (macalg->truncatebits != 0)
                mac->mac_len = macalg->truncatebits / 8;
@@ -156,14 +150,12 @@ mac_init(Mac *mac)
                    ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0)
                        return -1;
                return 0;
-#ifdef WITH_OPENSSL
        case SSH_UMAC:
                mac->umac_ctx = umac_new(mac->key);
                return 0;
        case SSH_UMAC128:
                mac->umac_ctx = umac128_new(mac->key);
                return 0;
-#endif
        default:
                return -1;
        }
@@ -177,9 +169,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
                u_int64_t for_align;
        } u;
        u_char b[4];
-#ifdef WITH_OPENSSL
        u_char nonce[8];
-#endif
 
        if (mac->mac_len > sizeof(u))
                fatal("mac_compute: mac too long %u %zu",
@@ -195,7 +185,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
                    ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0)
                        fatal("ssh_hmac failed");
                break;
-#ifdef WITH_OPENSSL
        case SSH_UMAC:
                put_u64(nonce, seqno);
                umac_update(mac->umac_ctx, data, datalen);
@@ -206,7 +195,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
                umac128_update(mac->umac_ctx, data, datalen);
                umac128_final(mac->umac_ctx, u.m, nonce);
                break;
-#endif
        default:
                fatal("mac_compute: unknown MAC type");
        }
@@ -216,7 +204,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
 void
 mac_clear(Mac *mac)
 {
-#ifdef WITH_OPENSSL
        if (mac->type == SSH_UMAC) {
                if (mac->umac_ctx != NULL)
                        umac_delete(mac->umac_ctx);
@@ -224,7 +211,6 @@ mac_clear(Mac *mac)
                if (mac->umac_ctx != NULL)
                        umac128_delete(mac->umac_ctx);
        } else if (mac->hmac_ctx != NULL)
-#endif
                ssh_hmac_free(mac->hmac_ctx);
        mac->hmac_ctx = NULL;
        mac->umac_ctx = NULL;

diff --git a/usr.bin/ssh/myproposal.h b/usr.bin/ssh/myproposal.h
index 9e07962..711588a 100644 (file)
--- a/usr.bin/ssh/myproposal.h
+++ b/usr.bin/ssh/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.39 2014/04/29 18:01:49 markus Exp $ */
+/* $OpenBSD: myproposal.h,v 1.40 2014/04/30 19:07:48 naddy Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -98,8 +98,12 @@
        "aes128-ctr,aes192-ctr,aes256-ctr," \
        "chacha20-poly1305@openssh.com"
 #define        KEX_SERVER_MAC \
+       "umac-64-etm@openssh.com," \
+       "umac-128-etm@openssh.com," \
        "hmac-sha2-256-etm@openssh.com," \
        "hmac-sha2-512-etm@openssh.com," \
+       "umac-64@openssh.com," \
+       "umac-128@openssh.com," \
        "hmac-sha2-256," \
        "hmac-sha2-512"
 

diff --git a/usr.bin/ssh/umac.c b/usr.bin/ssh/umac.c
index 783614f..2aaf378 100644 (file)
--- a/usr.bin/ssh/umac.c
+++ b/usr.bin/ssh/umac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: umac.c,v 1.9 2014/04/20 02:30:25 djm Exp $ */
+/* $OpenBSD: umac.c,v 1.10 2014/04/30 19:07:48 naddy Exp $ */
 /* -----------------------------------------------------------------------
  * 
  * umac.c -- C Implementation UMAC Message Authentication
@@ -151,13 +151,23 @@ typedef unsigned int      UWORD;  /* Register */
 /* UMAC uses AES with 16 byte block and key lengths */
 #define AES_BLOCK_LEN  16
 
-/* OpenSSL's AES */
+#ifdef WITH_OPENSSL
 #include <openssl/aes.h>
 typedef AES_KEY aes_int_key[1];
 #define aes_encryption(in,out,int_key)                  \
   AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key)
 #define aes_key_setup(key,int_key)                      \
   AES_set_encrypt_key((const u_char *)(key),UMAC_KEY_LEN*8,int_key)
+#else
+#include "rijndael.h"
+#define AES_ROUNDS ((UMAC_KEY_LEN / 4) + 6)
+typedef UINT8 aes_int_key[AES_ROUNDS+1][4][4]; /* AES internal */
+#define aes_encryption(in,out,int_key) \
+  rijndaelEncrypt((u32 *)(int_key), AES_ROUNDS, (u8 *)(in), (u8 *)(out))
+#define aes_key_setup(key,int_key) \
+  rijndaelKeySetupEnc((u32 *)(int_key), (const unsigned char *)(key), \
+  UMAC_KEY_LEN*8)
+#endif
 
 /* The user-supplied UMAC key is stretched using AES in a counter
  * mode to supply all random bits needed by UMAC. The kdf function takes