]>
Commit | Line | Data |
---|---|---|
1 | /* $OpenBSD: mac.c,v 1.15 2008/06/13 00:51:47 dtucker Exp $ */ | |
2 | /* | |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | |
4 | * | |
5 | * Redistribution and use in source and binary forms, with or without | |
6 | * modification, are permitted provided that the following conditions | |
7 | * are met: | |
8 | * 1. Redistributions of source code must retain the above copyright | |
9 | * notice, this list of conditions and the following disclaimer. | |
10 | * 2. Redistributions in binary form must reproduce the above copyright | |
11 | * notice, this list of conditions and the following disclaimer in the | |
12 | * documentation and/or other materials provided with the distribution. | |
13 | * | |
14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
24 | */ | |
25 | ||
26 | #include "includes.h" | |
27 | ||
28 | #include <sys/types.h> | |
29 | ||
30 | #include <openssl/hmac.h> | |
31 | ||
32 | #include <stdarg.h> | |
33 | #include <string.h> | |
34 | #include <signal.h> | |
35 | ||
36 | #include "xmalloc.h" | |
37 | #include "log.h" | |
38 | #include "cipher.h" | |
39 | #include "buffer.h" | |
40 | #include "key.h" | |
41 | #include "kex.h" | |
42 | #include "mac.h" | |
43 | #include "misc.h" | |
44 | ||
45 | #include "umac.h" | |
46 | ||
47 | #define SSH_EVP 1 /* OpenSSL EVP-based MAC */ | |
48 | #define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */ | |
49 | ||
50 | struct { | |
51 | char *name; | |
52 | int type; | |
53 | const EVP_MD * (*mdfunc)(void); | |
54 | int truncatebits; /* truncate digest if != 0 */ | |
55 | int key_len; /* just for UMAC */ | |
56 | int len; /* just for UMAC */ | |
57 | } macs[] = { | |
58 | { "hmac-sha1", SSH_EVP, EVP_sha1, 0, -1, -1 }, | |
59 | { "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, -1, -1 }, | |
60 | { "hmac-md5", SSH_EVP, EVP_md5, 0, -1, -1 }, | |
61 | { "hmac-md5-96", SSH_EVP, EVP_md5, 96, -1, -1 }, | |
62 | { "hmac-ripemd160", SSH_EVP, EVP_ripemd160, 0, -1, -1 }, | |
63 | { "hmac-ripemd160@openssh.com", SSH_EVP, EVP_ripemd160, 0, -1, -1 }, | |
64 | { "umac-64@openssh.com", SSH_UMAC, NULL, 0, 128, 64 }, | |
65 | { NULL, 0, NULL, 0, -1, -1 } | |
66 | }; | |
67 | ||
68 | static void | |
69 | mac_setup_by_id(Mac *mac, int which) | |
70 | { | |
71 | int evp_len; | |
72 | mac->type = macs[which].type; | |
73 | if (mac->type == SSH_EVP) { | |
74 | mac->evp_md = (*macs[which].mdfunc)(); | |
75 | if ((evp_len = EVP_MD_size(mac->evp_md)) <= 0) | |
76 | fatal("mac %s len %d", mac->name, evp_len); | |
77 | mac->key_len = mac->mac_len = (u_int)evp_len; | |
78 | } else { | |
79 | mac->mac_len = macs[which].len / 8; | |
80 | mac->key_len = macs[which].key_len / 8; | |
81 | mac->umac_ctx = NULL; | |
82 | } | |
83 | if (macs[which].truncatebits != 0) | |
84 | mac->mac_len = macs[which].truncatebits / 8; | |
85 | } | |
86 | ||
87 | int | |
88 | mac_setup(Mac *mac, char *name) | |
89 | { | |
90 | int i; | |
91 | ||
92 | for (i = 0; macs[i].name; i++) { | |
93 | if (strcmp(name, macs[i].name) == 0) { | |
94 | if (mac != NULL) | |
95 | mac_setup_by_id(mac, i); | |
96 | debug2("mac_setup: found %s", name); | |
97 | return (0); | |
98 | } | |
99 | } | |
100 | debug2("mac_setup: unknown %s", name); | |
101 | return (-1); | |
102 | } | |
103 | ||
104 | int | |
105 | mac_init(Mac *mac) | |
106 | { | |
107 | if (mac->key == NULL) | |
108 | fatal("mac_init: no key"); | |
109 | switch (mac->type) { | |
110 | case SSH_EVP: | |
111 | if (mac->evp_md == NULL) | |
112 | return -1; | |
113 | HMAC_Init(&mac->evp_ctx, mac->key, mac->key_len, mac->evp_md); | |
114 | return 0; | |
115 | case SSH_UMAC: | |
116 | mac->umac_ctx = umac_new(mac->key); | |
117 | return 0; | |
118 | default: | |
119 | return -1; | |
120 | } | |
121 | } | |
122 | ||
123 | u_char * | |
124 | mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) | |
125 | { | |
126 | static u_char m[EVP_MAX_MD_SIZE]; | |
127 | u_char b[4], nonce[8]; | |
128 | ||
129 | if (mac->mac_len > sizeof(m)) | |
130 | fatal("mac_compute: mac too long %u %lu", | |
131 | mac->mac_len, (u_long)sizeof(m)); | |
132 | ||
133 | switch (mac->type) { | |
134 | case SSH_EVP: | |
135 | put_u32(b, seqno); | |
136 | /* reset HMAC context */ | |
137 | HMAC_Init(&mac->evp_ctx, NULL, 0, NULL); | |
138 | HMAC_Update(&mac->evp_ctx, b, sizeof(b)); | |
139 | HMAC_Update(&mac->evp_ctx, data, datalen); | |
140 | HMAC_Final(&mac->evp_ctx, m, NULL); | |
141 | break; | |
142 | case SSH_UMAC: | |
143 | put_u64(nonce, seqno); | |
144 | umac_update(mac->umac_ctx, data, datalen); | |
145 | umac_final(mac->umac_ctx, m, nonce); | |
146 | break; | |
147 | default: | |
148 | fatal("mac_compute: unknown MAC type"); | |
149 | } | |
150 | return (m); | |
151 | } | |
152 | ||
153 | void | |
154 | mac_clear(Mac *mac) | |
155 | { | |
156 | if (mac->type == SSH_UMAC) { | |
157 | if (mac->umac_ctx != NULL) | |
158 | umac_delete(mac->umac_ctx); | |
159 | } else if (mac->evp_md != NULL) | |
160 | HMAC_cleanup(&mac->evp_ctx); | |
161 | mac->evp_md = NULL; | |
162 | mac->umac_ctx = NULL; | |
163 | } | |
164 | ||
165 | /* XXX copied from ciphers_valid */ | |
166 | #define MAC_SEP "," | |
167 | int | |
168 | mac_valid(const char *names) | |
169 | { | |
170 | char *maclist, *cp, *p; | |
171 | ||
172 | if (names == NULL || strcmp(names, "") == 0) | |
173 | return (0); | |
174 | maclist = cp = xstrdup(names); | |
175 | for ((p = strsep(&cp, MAC_SEP)); p && *p != '\0'; | |
176 | (p = strsep(&cp, MAC_SEP))) { | |
177 | if (mac_setup(NULL, p) < 0) { | |
178 | debug("bad mac %s [%s]", p, names); | |
179 | xfree(maclist); | |
180 | return (0); | |
181 | } else { | |
182 | debug3("mac ok: %s [%s]", p, names); | |
183 | } | |
184 | } | |
185 | debug3("macs ok: [%s]", names); | |
186 | xfree(maclist); | |
187 | return (1); | |
188 | } |