| version 1.28, 2014/02/07 06:55:54 |
version 1.29, 2014/04/29 18:01:49 |
|
|
| { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 }, |
{ "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 }, |
| { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, |
{ "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, |
| { "hmac-ripemd160@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, |
{ "hmac-ripemd160@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, |
| |
#ifdef WITH_OPENSSL |
| { "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 }, |
{ "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 }, |
| { "umac-128@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 }, |
{ "umac-128@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 }, |
| |
#endif |
| |
|
| /* Encrypt-then-MAC variants */ |
/* Encrypt-then-MAC variants */ |
| { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 }, |
{ "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 }, |
|
|
| { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 }, |
{ "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 }, |
| { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 }, |
{ "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 }, |
| { "hmac-ripemd160-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 }, |
{ "hmac-ripemd160-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 }, |
| |
#ifdef WITH_OPENSSL |
| { "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 }, |
{ "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 }, |
| { "umac-128-etm@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 }, |
{ "umac-128-etm@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 }, |
| |
#endif |
| |
|
| { NULL, 0, 0, 0, 0, 0, 0 } |
{ NULL, 0, 0, 0, 0, 0, 0 } |
| }; |
}; |
|
|
| fatal("ssh_hmac_start(alg=%d) failed", macalg->alg); |
fatal("ssh_hmac_start(alg=%d) failed", macalg->alg); |
| mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg); |
mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg); |
| } else { |
} else { |
| |
#ifdef WITH_OPENSSL |
| mac->mac_len = macalg->len / 8; |
mac->mac_len = macalg->len / 8; |
| mac->key_len = macalg->key_len / 8; |
mac->key_len = macalg->key_len / 8; |
| mac->umac_ctx = NULL; |
mac->umac_ctx = NULL; |
| |
#endif |
| } |
} |
| if (macalg->truncatebits != 0) |
if (macalg->truncatebits != 0) |
| mac->mac_len = macalg->truncatebits / 8; |
mac->mac_len = macalg->truncatebits / 8; |
|
|
| ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0) |
ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0) |
| return -1; |
return -1; |
| return 0; |
return 0; |
| |
#ifdef WITH_OPENSSL |
| case SSH_UMAC: |
case SSH_UMAC: |
| mac->umac_ctx = umac_new(mac->key); |
mac->umac_ctx = umac_new(mac->key); |
| return 0; |
return 0; |
| case SSH_UMAC128: |
case SSH_UMAC128: |
| mac->umac_ctx = umac128_new(mac->key); |
mac->umac_ctx = umac128_new(mac->key); |
| return 0; |
return 0; |
| |
#endif |
| default: |
default: |
| return -1; |
return -1; |
| } |
} |
|
|
| u_char m[EVP_MAX_MD_SIZE]; |
u_char m[EVP_MAX_MD_SIZE]; |
| u_int64_t for_align; |
u_int64_t for_align; |
| } u; |
} u; |
| u_char b[4], nonce[8]; |
u_char b[4]; |
| |
#ifdef WITH_OPENSSL |
| |
u_char nonce[8]; |
| |
#endif |
| |
|
| if (mac->mac_len > sizeof(u)) |
if (mac->mac_len > sizeof(u)) |
| fatal("mac_compute: mac too long %u %zu", |
fatal("mac_compute: mac too long %u %zu", |
|
|
| ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0) |
ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0) |
| fatal("ssh_hmac failed"); |
fatal("ssh_hmac failed"); |
| break; |
break; |
| |
#ifdef WITH_OPENSSL |
| case SSH_UMAC: |
case SSH_UMAC: |
| put_u64(nonce, seqno); |
put_u64(nonce, seqno); |
| umac_update(mac->umac_ctx, data, datalen); |
umac_update(mac->umac_ctx, data, datalen); |
|
|
| umac128_update(mac->umac_ctx, data, datalen); |
umac128_update(mac->umac_ctx, data, datalen); |
| umac128_final(mac->umac_ctx, u.m, nonce); |
umac128_final(mac->umac_ctx, u.m, nonce); |
| break; |
break; |
| |
#endif |
| default: |
default: |
| fatal("mac_compute: unknown MAC type"); |
fatal("mac_compute: unknown MAC type"); |
| } |
} |
|
|
| void |
void |
| mac_clear(Mac *mac) |
mac_clear(Mac *mac) |
| { |
{ |
| |
#ifdef WITH_OPENSSL |
| if (mac->type == SSH_UMAC) { |
if (mac->type == SSH_UMAC) { |
| if (mac->umac_ctx != NULL) |
if (mac->umac_ctx != NULL) |
| umac_delete(mac->umac_ctx); |
umac_delete(mac->umac_ctx); |
|
|
| if (mac->umac_ctx != NULL) |
if (mac->umac_ctx != NULL) |
| umac128_delete(mac->umac_ctx); |
umac128_delete(mac->umac_ctx); |
| } else if (mac->hmac_ctx != NULL) |
} else if (mac->hmac_ctx != NULL) |
| |
#endif |
| ssh_hmac_free(mac->hmac_ctx); |
ssh_hmac_free(mac->hmac_ctx); |
| mac->hmac_ctx = NULL; |
mac->hmac_ctx = NULL; |
| mac->umac_ctx = NULL; |
mac->umac_ctx = NULL; |
![[BACK]](/icons/back.gif){kind=icon}
Return to mac.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh