47
#define SSH_EVP 1 /* OpenSSL EVP-based MAC */
48
#define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */
47
53
const EVP_MD * (*mdfunc)(void);
48
54
int truncatebits; /* truncate digest if != 0 */
55
int key_len; /* just for UMAC */
56
int len; /* just for UMAC */
50
{ "hmac-sha1", EVP_sha1, 0, },
51
{ "hmac-sha1-96", EVP_sha1, 96 },
52
{ "hmac-md5", EVP_md5, 0 },
53
{ "hmac-md5-96", EVP_md5, 96 },
54
{ "hmac-ripemd160", EVP_ripemd160, 0 },
55
{ "hmac-ripemd160@openssh.com", EVP_ripemd160, 0 },
58
{ "hmac-sha1", SSH_EVP, EVP_sha1, 0, -1, -1 },
59
{ "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, -1, -1 },
60
{ "hmac-md5", SSH_EVP, EVP_md5, 0, -1, -1 },
61
{ "hmac-md5-96", SSH_EVP, EVP_md5, 96, -1, -1 },
62
{ "hmac-ripemd160", SSH_EVP, EVP_ripemd160, 0, -1, -1 },
63
{ "hmac-ripemd160@openssh.com", SSH_EVP, EVP_ripemd160, 0, -1, -1 },
64
{ "umac-64@openssh.com", SSH_UMAC, NULL, 0, 128, 64 },
65
{ NULL, 0, NULL, 0, -1, -1 }
69
mac_setup_by_id(Mac *mac, int which)
72
mac->type = macs[which].type;
73
if (mac->type == SSH_EVP) {
74
mac->evp_md = (*macs[which].mdfunc)();
75
if ((evp_len = EVP_MD_size(mac->evp_md)) <= 0)
76
fatal("mac %s len %d", mac->name, evp_len);
77
mac->key_len = mac->mac_len = (u_int)evp_len;
79
mac->mac_len = macs[which].len / 8;
80
mac->key_len = macs[which].key_len / 8;
83
if (macs[which].truncatebits != 0)
84
mac->mac_len = macs[which].truncatebits / 8;
60
mac_init(Mac *mac, char *name)
88
mac_setup(Mac *mac, char *name)
64
92
for (i = 0; macs[i].name; i++) {
65
93
if (strcmp(name, macs[i].name) == 0) {
67
mac->md = (*macs[i].mdfunc)();
68
if ((evp_len = EVP_MD_size(mac->md)) <= 0)
69
fatal("mac %s len %d", name, evp_len);
70
mac->key_len = mac->mac_len = (u_int)evp_len;
71
if (macs[i].truncatebits != 0)
72
mac->mac_len = macs[i].truncatebits/8;
74
debug2("mac_init: found %s", name);
95
mac_setup_by_id(mac, i);
96
debug2("mac_setup: found %s", name);
78
debug2("mac_init: unknown %s", name);
100
debug2("mac_setup: unknown %s", name);
107
if (mac->key == NULL)
108
fatal("mac_init: no key");
111
if (mac->evp_md == NULL)
113
HMAC_Init(&mac->evp_ctx, mac->key, mac->key_len, mac->evp_md);
116
mac->umac_ctx = umac_new(mac->key);
83
124
mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
86
126
static u_char m[EVP_MAX_MD_SIZE];
127
u_char b[4], nonce[8];
90
fatal("mac_compute: no key");
91
129
if (mac->mac_len > sizeof(m))
92
fatal("mac_compute: mac too long");
93
HMAC_Init(&c, mac->key, mac->key_len, mac->md);
95
HMAC_Update(&c, b, sizeof(b));
96
HMAC_Update(&c, data, datalen);
97
HMAC_Final(&c, m, NULL);
130
fatal("mac_compute: mac too long %u %lu",
131
mac->mac_len, (u_long)sizeof(m));
136
/* reset HMAC context */
137
HMAC_Init(&mac->evp_ctx, NULL, 0, NULL);
138
HMAC_Update(&mac->evp_ctx, b, sizeof(b));
139
HMAC_Update(&mac->evp_ctx, data, datalen);
140
HMAC_Final(&mac->evp_ctx, m, NULL);
143
put_u64(nonce, seqno);
144
umac_update(mac->umac_ctx, data, datalen);
145
umac_final(mac->umac_ctx, m, nonce);
148
fatal("mac_compute: unknown MAC type");
156
if (mac->type == SSH_UMAC) {
157
if (mac->umac_ctx != NULL)
158
umac_delete(mac->umac_ctx);
159
} else if (mac->evp_md != NULL)
160
HMAC_cleanup(&mac->evp_ctx);
162
mac->umac_ctx = NULL;
102
165
/* XXX copied from ciphers_valid */
103
166
#define MAC_SEP ","