add umac128 variant; ok djm@ at n2k12

8 files changed, 47 insertions, 16 deletions

diff --git a/usr.bin/ssh/lib/Makefile b/usr.bin/ssh/lib/Makefile
index c2fd064ddd9..35c1edc6f48 100644
--- a/usr.bin/ssh/lib/Makefile
+++ b/usr.bin/ssh/lib/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.64 2012/08/02 13:38:39 okan Exp $
+#	$OpenBSD: Makefile,v 1.65 2012/10/04 13:21:50 markus Exp $
 
 .PATH:		${.CURDIR}/..
 .include "${.CURDIR}/../Makefile.inc"
@@ -14,6 +14,17 @@ SRCS=	authfd.c authfile.c bufaux.c bufec.c bufbn.c buffer.c canohost.c \
 	kexdhc.c kexgexc.c kexecdhc.c msg.c progressmeter.c dns.c \
 	monitor_fdpass.c umac.c addrmatch.c schnorr.c jpake.c ssh-pkcs11.c
 
+SRCS+=	umac128.c
+CLEANFILES+=   umac128.c
+umac128.c: umac.c Makefile
+	sed \
+	    -e "s/^#define UMAC_OUTPUT_LEN     8/#define UMAC_OUTPUT_LEN 16/" \
+	    -e s/umac_new/umac128_new/g \
+	    -e s/umac_update/umac128_update/g \
+	    -e s/umac_final/umac128_final/g \
+	    -e s/umac_delete/umac128_delete/g \
+	    < ${.CURDIR}/../umac.c > ${.TARGET}
+
 DEBUGLIBS= no
 NOPROFILE= yes
 NOPIC=	yes
diff --git a/usr.bin/ssh/mac.c b/usr.bin/ssh/mac.c
index da4fdbf6318..80b01d8a9bc 100644
--- a/usr.bin/ssh/mac.c
+++ b/usr.bin/ssh/mac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mac.c,v 1.18 2012/06/28 05:07:45 dtucker Exp $ */
+/* $OpenBSD: mac.c,v 1.19 2012/10/04 13:21:50 markus Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -43,6 +43,7 @@
 
 #define SSH_EVP		1	/* OpenSSL EVP-based MAC */
 #define SSH_UMAC	2	/* UMAC (not integrated with OpenSSL) */
+#define SSH_UMAC128	3
 
 struct {
 	char		*name;
@@ -61,6 +62,7 @@ struct {
 	{ "hmac-ripemd160",		SSH_EVP, EVP_ripemd160, 0, -1, -1 },
 	{ "hmac-ripemd160@openssh.com",	SSH_EVP, EVP_ripemd160, 0, -1, -1 },
 	{ "umac-64@openssh.com",	SSH_UMAC, NULL, 0, 128, 64 },
+	{ "umac-128@openssh.com",	SSH_UMAC128, NULL, 0, 128, 128 },
 	{ NULL,				0, NULL, 0, -1, -1 }
 };
 
@@ -115,6 +117,9 @@ mac_init(Mac *mac)
 	case SSH_UMAC:
 		mac->umac_ctx = umac_new(mac->key);
 		return 0;
+	case SSH_UMAC128:
+		mac->umac_ctx = umac128_new(mac->key);
+		return 0;
 	default:
 		return -1;
 	}
@@ -144,6 +149,11 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
 		umac_update(mac->umac_ctx, data, datalen);
 		umac_final(mac->umac_ctx, m, nonce);
 		break;
+	case SSH_UMAC128:
+		put_u64(nonce, seqno);
+		umac128_update(mac->umac_ctx, data, datalen);
+		umac128_final(mac->umac_ctx, m, nonce);
+		break;
 	default:
 		fatal("mac_compute: unknown MAC type");
 	}
@@ -156,6 +166,9 @@ mac_clear(Mac *mac)
 	if (mac->type == SSH_UMAC) {
 		if (mac->umac_ctx != NULL)
 			umac_delete(mac->umac_ctx);
+	} else if (mac->type == SSH_UMAC128) {
+		if (mac->umac_ctx != NULL)
+			umac128_delete(mac->umac_ctx);
 	} else if (mac->evp_md != NULL)
 		HMAC_cleanup(&mac->evp_ctx);
 	mac->evp_md = NULL;
diff --git a/usr.bin/ssh/myproposal.h b/usr.bin/ssh/myproposal.h
index a714358ca45..39df7a19c62 100644
--- a/usr.bin/ssh/myproposal.h
+++ b/usr.bin/ssh/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.29 2012/06/28 05:07:45 dtucker Exp $ */
+/* $OpenBSD: myproposal.h,v 1.30 2012/10/04 13:21:50 markus Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -56,6 +56,7 @@
 	"hmac-md5," \
 	"hmac-sha1," \
 	"umac-64@openssh.com," \
+	"umac-128@openssh.com," \
 	"hmac-sha2-256," \
 	"hmac-sha2-512," \
 	"hmac-ripemd160," \
diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1
index e9bf3eaca66..a5576edb6a6 100644
--- a/usr.bin/ssh/ssh.1
+++ b/usr.bin/ssh/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.329 2012/09/26 16:12:13 jmc Exp $
-.Dd $Mdocdate: September 26 2012 $
+.\" $OpenBSD: ssh.1,v 1.330 2012/10/04 13:21:50 markus Exp $
+.Dd $Mdocdate: October 4 2012 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -674,7 +674,7 @@ it provides additional mechanisms for confidentiality
 (the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
 and integrity (hmac-md5, hmac-sha1,
 hmac-sha2-256, hmac-sha2-512,
-umac-64, hmac-ripemd160).
+umac-64, umac-128, hmac-ripemd160).
 Protocol 1 lacks a strong mechanism for ensuring the
 integrity of the connection.
 .Pp
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5
index 36b1af195d6..d3e801df0da 100644
--- a/usr.bin/ssh/ssh_config.5
+++ b/usr.bin/ssh/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.157 2012/06/29 13:57:25 naddy Exp $
-.Dd $Mdocdate: June 29 2012 $
+.\" $OpenBSD: ssh_config.5,v 1.158 2012/10/04 13:21:50 markus Exp $
+.Dd $Mdocdate: October 4 2012 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -792,7 +792,7 @@ for data integrity protection.
 Multiple algorithms must be comma-separated.
 The default is:
 .Bd -literal -offset indent
-hmac-md5,hmac-sha1,umac-64@openssh.com,
+hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
 hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
 hmac-sha1-96,hmac-md5-96
 .Ed
diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8
index 34123cec00f..984f74ea634 100644
--- a/usr.bin/ssh/sshd.8
+++ b/usr.bin/ssh/sshd.8
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.266 2012/06/18 12:07:07 dtucker Exp $
-.Dd $Mdocdate: June 18 2012 $
+.\" $OpenBSD: sshd.8,v 1.267 2012/10/04 13:21:50 markus Exp $
+.Dd $Mdocdate: October 4 2012 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -316,7 +316,7 @@ The client selects the encryption algorithm
 to use from those offered by the server.
 Additionally, session integrity is provided
 through a cryptographic message authentication code
-(hmac-md5, hmac-sha1, umac-64, hmac-ripemd160,
+(hmac-md5, hmac-sha1, umac-64, umac-128, hmac-ripemd160,
 hmac-sha2-256 or hmac-sha2-512).
 .Pp
 Finally, the server and the client enter an authentication dialog.
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5
index d1431e61290..18f6a2f218a 100644
--- a/usr.bin/ssh/sshd_config.5
+++ b/usr.bin/ssh/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.144 2012/06/29 13:57:25 naddy Exp $
-.Dd $Mdocdate: June 29 2012 $
+.\" $OpenBSD: sshd_config.5,v 1.145 2012/10/04 13:21:50 markus Exp $
+.Dd $Mdocdate: October 4 2012 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -657,7 +657,7 @@ for data integrity protection.
 Multiple algorithms must be comma-separated.
 The default is:
 .Bd -literal -offset indent
-hmac-md5,hmac-sha1,umac-64@openssh.com,
+hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
 hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
 hmac-sha1-96,hmac-md5-96
 .Ed
diff --git a/usr.bin/ssh/umac.h b/usr.bin/ssh/umac.h
index 055c705f895..6795112a390 100644
--- a/usr.bin/ssh/umac.h
+++ b/usr.bin/ssh/umac.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: umac.h,v 1.1 2007/06/07 19:37:34 pvalchev Exp $ */
+/* $OpenBSD: umac.h,v 1.2 2012/10/04 13:21:50 markus Exp $ */
 /* -----------------------------------------------------------------------
  * 
  * umac.h -- C Implementation UMAC Message Authentication
@@ -116,6 +116,12 @@ int uhash(uhash_ctx_t ctx,
 
 #endif
 
+/* matching umac-128 API, we reuse umac_ctx, since it's opaque */
+struct umac_ctx *umac128_new(u_char key[]);
+int umac128_update(struct umac_ctx *ctx, u_char *input, long len);
+int umac128_final(struct umac_ctx *ctx, u_char tag[], u_char nonce[8]);
+int umac128_delete(struct umac_ctx *ctx);
+
 #ifdef __cplusplus
     }
 #endif