tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2012/10/04 13:21:50 

[myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c]
     add umac128 variant; ok djm@ at n2k12
     (note: further Makefile work is required)
This commit is contained in:
Darren Tucker 2012-10-05 11:02:39 +10:00
parent 0dc283b13a
commit 427e409e99
8 changed files with 38 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -28,6 +28,9 @@
- djm@cvs.openbsd.org 2012/10/02 07:07:45 - djm@cvs.openbsd.org 2012/10/02 07:07:45
[ssh-keygen.c] [ssh-keygen.c]
fix -z option, broken in revision 1.215 fix -z option, broken in revision 1.215
- markus@cvs.openbsd.org 2012/10/04 13:21:50
[myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c]
add umac128 variant; ok djm@ at n2k12
20120917 20120917
- (dtucker) OpenBSD CVS Sync - (dtucker) OpenBSD CVS Sync

15
mac.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: mac.c,v 1.18 2012/06/28 05:07:45 dtucker Exp $ */ /* $OpenBSD: mac.c,v 1.19 2012/10/04 13:21:50 markus Exp $ */
/* /*
* Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved.
* *
@ -48,6 +48,7 @@
#define SSH_EVP 1 /* OpenSSL EVP-based MAC */ #define SSH_EVP 1 /* OpenSSL EVP-based MAC */
#define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */ #define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */
#define SSH_UMAC128 3
struct { struct {
char *name; char *name;
@ -68,6 +69,7 @@ struct {
{ "hmac-ripemd160", SSH_EVP, EVP_ripemd160, 0, -1, -1 }, { "hmac-ripemd160", SSH_EVP, EVP_ripemd160, 0, -1, -1 },
{ "hmac-ripemd160@openssh.com", SSH_EVP, EVP_ripemd160, 0, -1, -1 }, { "hmac-ripemd160@openssh.com", SSH_EVP, EVP_ripemd160, 0, -1, -1 },
{ "umac-64@openssh.com", SSH_UMAC, NULL, 0, 128, 64 }, { "umac-64@openssh.com", SSH_UMAC, NULL, 0, 128, 64 },
{ "umac-128@openssh.com", SSH_UMAC128, NULL, 0, 128, 128 },
{ NULL, 0, NULL, 0, -1, -1 } { NULL, 0, NULL, 0, -1, -1 }
}; };
@ -122,6 +124,9 @@ mac_init(Mac *mac)
case SSH_UMAC: case SSH_UMAC:
mac->umac_ctx = umac_new(mac->key); mac->umac_ctx = umac_new(mac->key);
return 0; return 0;
case SSH_UMAC128:
mac->umac_ctx = umac128_new(mac->key);
return 0;
default: default:
return -1; return -1;
} }
@ -151,6 +156,11 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
umac_update(mac->umac_ctx, data, datalen); umac_update(mac->umac_ctx, data, datalen);
umac_final(mac->umac_ctx, m, nonce); umac_final(mac->umac_ctx, m, nonce);
break; break;
case SSH_UMAC128:
put_u64(nonce, seqno);
umac128_update(mac->umac_ctx, data, datalen);
umac128_final(mac->umac_ctx, m, nonce);
break;
default: default:
fatal("mac_compute: unknown MAC type"); fatal("mac_compute: unknown MAC type");
} }
@ -163,6 +173,9 @@ mac_clear(Mac *mac)
if (mac->type == SSH_UMAC) { if (mac->type == SSH_UMAC) {
if (mac->umac_ctx != NULL) if (mac->umac_ctx != NULL)
umac_delete(mac->umac_ctx); umac_delete(mac->umac_ctx);
} else if (mac->type == SSH_UMAC128) {
if (mac->umac_ctx != NULL)
umac128_delete(mac->umac_ctx);
} else if (mac->evp_md != NULL) } else if (mac->evp_md != NULL)
HMAC_cleanup(&mac->evp_ctx); HMAC_cleanup(&mac->evp_ctx);
mac->evp_md = NULL; mac->evp_md = NULL;

3
myproposal.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: myproposal.h,v 1.29 2012/06/28 05:07:45 dtucker Exp $ */ /* $OpenBSD: myproposal.h,v 1.30 2012/10/04 13:21:50 markus Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -86,6 +86,7 @@
"hmac-md5," \ "hmac-md5," \
"hmac-sha1," \ "hmac-sha1," \
"umac-64@openssh.com," \ "umac-64@openssh.com," \
+ "umac-128@openssh.com," \
SHA2_HMAC_MODES \ SHA2_HMAC_MODES \
"hmac-ripemd160," \ "hmac-ripemd160," \
"hmac-ripemd160@openssh.com," \ "hmac-ripemd160@openssh.com," \

6
ssh.1
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: ssh.1,v 1.329 2012/09/26 16:12:13 jmc Exp $ .\" $OpenBSD: ssh.1,v 1.330 2012/10/04 13:21:50 markus Exp $
.Dd $Mdocdate: September 26 2012 $ .Dd $Mdocdate: October 4 2012 $
.Dt SSH 1 .Dt SSH 1
.Os .Os
.Sh NAME .Sh NAME
@ -674,7 +674,7 @@ it provides additional mechanisms for confidentiality
(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) (the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
and integrity (hmac-md5, hmac-sha1, and integrity (hmac-md5, hmac-sha1,
hmac-sha2-256, hmac-sha2-512, hmac-sha2-256, hmac-sha2-512,
umac-64, hmac-ripemd160). umac-64, umac-128, hmac-ripemd160).
Protocol 1 lacks a strong mechanism for ensuring the Protocol 1 lacks a strong mechanism for ensuring the
integrity of the connection. integrity of the connection.
.Pp .Pp

6
ssh_config.5
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: ssh_config.5,v 1.157 2012/06/29 13:57:25 naddy Exp $ .\" $OpenBSD: ssh_config.5,v 1.158 2012/10/04 13:21:50 markus Exp $
.Dd $Mdocdate: June 29 2012 $ .Dd $Mdocdate: October 4 2012 $
.Dt SSH_CONFIG 5 .Dt SSH_CONFIG 5
.Os .Os
.Sh NAME .Sh NAME
@ -792,7 +792,7 @@ for data integrity protection.
Multiple algorithms must be comma-separated. Multiple algorithms must be comma-separated.
The default is: The default is:
.Bd -literal -offset indent .Bd -literal -offset indent
hmac-md5,hmac-sha1,umac-64@openssh.com, hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-sha1-96,hmac-md5-96 hmac-sha1-96,hmac-md5-96
.Ed .Ed

6
sshd.8
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd.8,v 1.266 2012/06/18 12:07:07 dtucker Exp $ .\" $OpenBSD: sshd.8,v 1.267 2012/10/04 13:21:50 markus Exp $
.Dd $Mdocdate: June 18 2012 $ .Dd $Mdocdate: October 4 2012 $
.Dt SSHD 8 .Dt SSHD 8
.Os .Os
.Sh NAME .Sh NAME
@ -316,7 +316,7 @@ The client selects the encryption algorithm
to use from those offered by the server. to use from those offered by the server.
Additionally, session integrity is provided Additionally, session integrity is provided
through a cryptographic message authentication code through a cryptographic message authentication code
(hmac-md5, hmac-sha1, umac-64, hmac-ripemd160, (hmac-md5, hmac-sha1, umac-64, umac-128, hmac-ripemd160,
hmac-sha2-256 or hmac-sha2-512). hmac-sha2-256 or hmac-sha2-512).
.Pp .Pp
Finally, the server and the client enter an authentication dialog. Finally, the server and the client enter an authentication dialog.

6
sshd_config.5
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd_config.5,v 1.144 2012/06/29 13:57:25 naddy Exp $ .\" $OpenBSD: sshd_config.5,v 1.145 2012/10/04 13:21:50 markus Exp $
.Dd $Mdocdate: June 29 2012 $ .Dd $Mdocdate: October 4 2012 $
.Dt SSHD_CONFIG 5 .Dt SSHD_CONFIG 5
.Os .Os
.Sh NAME .Sh NAME
@ -656,7 +656,7 @@ for data integrity protection.
Multiple algorithms must be comma-separated. Multiple algorithms must be comma-separated.
The default is: The default is:
.Bd -literal -offset indent .Bd -literal -offset indent
hmac-md5,hmac-sha1,umac-64@openssh.com, hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-sha1-96,hmac-md5-96 hmac-sha1-96,hmac-md5-96
.Ed .Ed

8
umac.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: umac.h,v 1.1 2007/06/07 19:37:34 pvalchev Exp $ */ /* $OpenBSD: umac.h,v 1.2 2012/10/04 13:21:50 markus Exp $ */
/* ----------------------------------------------------------------------- /* -----------------------------------------------------------------------
* *
* umac.h -- C Implementation UMAC Message Authentication * umac.h -- C Implementation UMAC Message Authentication
@ -116,6 +116,12 @@ int uhash(uhash_ctx_t ctx,
#endif #endif
/* matching umac-128 API, we reuse umac_ctx, since it's opaque */
struct umac_ctx *umac128_new(u_char key[]);
int umac128_update(struct umac_ctx *ctx, u_char *input, long len);
int umac128_final(struct umac_ctx *ctx, u_char tag[], u_char nonce[8]);
int umac128_delete(struct umac_ctx *ctx);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif