From: naddy Date: Wed, 30 Apr 2014 19:07:48 +0000 (+0000) Subject: UMAC can use our local fallback implementation of AES when OpenSSL isn't X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=aa15afb08520fafc1f58daaa7d9e2cf00896c2e7;p=openbsd UMAC can use our local fallback implementation of AES when OpenSSL isn't available. Glue code straight from Ted Krovetz's original umac.c. ok markus@ --- diff --git a/usr.bin/ssh/lib/Makefile b/usr.bin/ssh/lib/Makefile index 8df065e204f..8f1e7344cd9 100644 --- a/usr.bin/ssh/lib/Makefile +++ b/usr.bin/ssh/lib/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.77 2014/04/30 05:29:56 djm Exp $ +# $OpenBSD: Makefile,v 1.78 2014/04/30 19:07:48 naddy Exp $ .PATH: ${.CURDIR}/.. .include "${.CURDIR}/../Makefile.inc" @@ -26,12 +26,12 @@ SRCS= ${LIB_SRCS} \ msg.c progressmeter.c dns.c \ monitor_fdpass.c addrmatch.c \ smult_curve25519_ref.c kexc25519.c kexc25519c.c \ - chacha.c poly1305.c cipher-chachapoly.c ssh-ed25519.c hmac.c + chacha.c poly1305.c cipher-chachapoly.c ssh-ed25519.c hmac.c umac.c .if (${OPENSSL:L} == "yes") SRCS+= bufec.c bufbn.c cipher-3des1.c cipher-bf1.c rsa.c \ ssh-dss.c ssh-rsa.c ssh-ecdsa.c dh.c kexdh.c kexgex.c kexecdh.c \ - kexdhc.c kexgexc.c kexecdhc.c umac.c ssh-pkcs11.c \ + kexdhc.c kexgexc.c kexecdhc.c ssh-pkcs11.c \ krl.c digest-openssl.c .else SRCS+= digest-libc.c rijndael.c cipher-aesctr.c diff --git a/usr.bin/ssh/mac.c b/usr.bin/ssh/mac.c index fa18e577ca7..0842f989424 100644 --- a/usr.bin/ssh/mac.c +++ b/usr.bin/ssh/mac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.c,v 1.29 2014/04/29 18:01:49 markus Exp $ */ +/* $OpenBSD: mac.c,v 1.30 2014/04/30 19:07:48 naddy Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -67,10 +67,8 @@ static const struct macalg macs[] = { { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 }, { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, { "hmac-ripemd160@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, -#ifdef WITH_OPENSSL { "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 }, { "umac-128@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 }, -#endif /* Encrypt-then-MAC variants */ { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 }, @@ -80,10 +78,8 @@ static const struct macalg macs[] = { { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 }, { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 }, { "hmac-ripemd160-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 }, -#ifdef WITH_OPENSSL { "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 }, { "umac-128-etm@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 }, -#endif { NULL, 0, 0, 0, 0, 0, 0 } }; @@ -116,11 +112,9 @@ mac_setup_by_alg(Mac *mac, const struct macalg *macalg) fatal("ssh_hmac_start(alg=%d) failed", macalg->alg); mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg); } else { -#ifdef WITH_OPENSSL mac->mac_len = macalg->len / 8; mac->key_len = macalg->key_len / 8; mac->umac_ctx = NULL; -#endif } if (macalg->truncatebits != 0) mac->mac_len = macalg->truncatebits / 8; @@ -156,14 +150,12 @@ mac_init(Mac *mac) ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0) return -1; return 0; -#ifdef WITH_OPENSSL case SSH_UMAC: mac->umac_ctx = umac_new(mac->key); return 0; case SSH_UMAC128: mac->umac_ctx = umac128_new(mac->key); return 0; -#endif default: return -1; } @@ -177,9 +169,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) u_int64_t for_align; } u; u_char b[4]; -#ifdef WITH_OPENSSL u_char nonce[8]; -#endif if (mac->mac_len > sizeof(u)) fatal("mac_compute: mac too long %u %zu", @@ -195,7 +185,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0) fatal("ssh_hmac failed"); break; -#ifdef WITH_OPENSSL case SSH_UMAC: put_u64(nonce, seqno); umac_update(mac->umac_ctx, data, datalen); @@ -206,7 +195,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) umac128_update(mac->umac_ctx, data, datalen); umac128_final(mac->umac_ctx, u.m, nonce); break; -#endif default: fatal("mac_compute: unknown MAC type"); } @@ -216,7 +204,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) void mac_clear(Mac *mac) { -#ifdef WITH_OPENSSL if (mac->type == SSH_UMAC) { if (mac->umac_ctx != NULL) umac_delete(mac->umac_ctx); @@ -224,7 +211,6 @@ mac_clear(Mac *mac) if (mac->umac_ctx != NULL) umac128_delete(mac->umac_ctx); } else if (mac->hmac_ctx != NULL) -#endif ssh_hmac_free(mac->hmac_ctx); mac->hmac_ctx = NULL; mac->umac_ctx = NULL; diff --git a/usr.bin/ssh/myproposal.h b/usr.bin/ssh/myproposal.h index 9e079625806..711588af423 100644 --- a/usr.bin/ssh/myproposal.h +++ b/usr.bin/ssh/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.39 2014/04/29 18:01:49 markus Exp $ */ +/* $OpenBSD: myproposal.h,v 1.40 2014/04/30 19:07:48 naddy Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -98,8 +98,12 @@ "aes128-ctr,aes192-ctr,aes256-ctr," \ "chacha20-poly1305@openssh.com" #define KEX_SERVER_MAC \ + "umac-64-etm@openssh.com," \ + "umac-128-etm@openssh.com," \ "hmac-sha2-256-etm@openssh.com," \ "hmac-sha2-512-etm@openssh.com," \ + "umac-64@openssh.com," \ + "umac-128@openssh.com," \ "hmac-sha2-256," \ "hmac-sha2-512" diff --git a/usr.bin/ssh/umac.c b/usr.bin/ssh/umac.c index 783614f84df..2aaf378fbc5 100644 --- a/usr.bin/ssh/umac.c +++ b/usr.bin/ssh/umac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: umac.c,v 1.9 2014/04/20 02:30:25 djm Exp $ */ +/* $OpenBSD: umac.c,v 1.10 2014/04/30 19:07:48 naddy Exp $ */ /* ----------------------------------------------------------------------- * * umac.c -- C Implementation UMAC Message Authentication @@ -151,13 +151,23 @@ typedef unsigned int UWORD; /* Register */ /* UMAC uses AES with 16 byte block and key lengths */ #define AES_BLOCK_LEN 16 -/* OpenSSL's AES */ +#ifdef WITH_OPENSSL #include typedef AES_KEY aes_int_key[1]; #define aes_encryption(in,out,int_key) \ AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key) #define aes_key_setup(key,int_key) \ AES_set_encrypt_key((const u_char *)(key),UMAC_KEY_LEN*8,int_key) +#else +#include "rijndael.h" +#define AES_ROUNDS ((UMAC_KEY_LEN / 4) + 6) +typedef UINT8 aes_int_key[AES_ROUNDS+1][4][4]; /* AES internal */ +#define aes_encryption(in,out,int_key) \ + rijndaelEncrypt((u32 *)(int_key), AES_ROUNDS, (u8 *)(in), (u8 *)(out)) +#define aes_key_setup(key,int_key) \ + rijndaelKeySetupEnc((u32 *)(int_key), (const unsigned char *)(key), \ + UMAC_KEY_LEN*8) +#endif /* The user-supplied UMAC key is stretched using AES in a counter * mode to supply all random bits needed by UMAC. The kdf function takes