From b77e98551336b8025b75a13354348d29a740a2b9 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Fri, 21 Apr 2023 20:17:43 +0100 Subject: [PATCH] Add support for HMAC-SHA512. I saw a post on comp.security.ssh just now where someone had encountered an SSH server that would _only_ speak that, which makes it worth bothering to implement. The totally obvious implementation works, and passes the test cases from RFC 6234. --- crypto/hmac.c | 16 ++++++++++++++++ ssh.h | 1 + ssh/transport2.c | 3 ++- test/cryptsuite.py | 30 +++++++++++++++++++++++------- test/testcrypt-enum.h | 1 + test/testsc.c | 1 + 6 files changed, 44 insertions(+), 8 deletions(-) diff --git a/crypto/hmac.c b/crypto/hmac.c index adeccd29..cc255829 100644 --- a/crypto/hmac.c +++ b/crypto/hmac.c @@ -160,6 +160,22 @@ static const char *hmac_text_name(ssh2_mac *mac) return ctx->text_name->s; } +static const struct hmac_extra ssh_hmac_sha512_extra = { &ssh_sha512, "" }; +const ssh2_macalg ssh_hmac_sha512 = { + .new = hmac_new, + .free = hmac_free, + .setkey = hmac_key, + .start = hmac_start, + .genresult = hmac_genresult, + .next_message = nullmac_next_message, + .text_name = hmac_text_name, + .name = "hmac-sha2-512", + .etm_name = "hmac-sha2-512-etm@openssh.com", + .len = 64, + .keylen = 64, + .extra = &ssh_hmac_sha512_extra, +}; + static const struct hmac_extra ssh_hmac_sha256_extra = { &ssh_sha256, "" }; const ssh2_macalg ssh_hmac_sha256 = { .new = hmac_new, diff --git a/ssh.h b/ssh.h index 5ecef0cb..deaa3a7c 100644 --- a/ssh.h +++ b/ssh.h @@ -1205,6 +1205,7 @@ extern const ssh2_macalg ssh_hmac_sha1_buggy; extern const ssh2_macalg ssh_hmac_sha1_96; extern const ssh2_macalg ssh_hmac_sha1_96_buggy; extern const ssh2_macalg ssh_hmac_sha256; +extern const ssh2_macalg ssh_hmac_sha512; extern const ssh2_macalg ssh2_poly1305; extern const ssh2_macalg ssh2_aesgcm_mac; extern const ssh2_macalg ssh2_aesgcm_mac_sw; diff --git a/ssh/transport2.c b/ssh/transport2.c index ce6318aa..e5c5b0f5 100644 --- a/ssh/transport2.c +++ b/ssh/transport2.c @@ -20,7 +20,8 @@ const struct ssh_signkey_with_user_pref_id ssh2_hostkey_algs[] = { }; const static ssh2_macalg *const macs[] = { - &ssh_hmac_sha256, &ssh_hmac_sha1, &ssh_hmac_sha1_96, &ssh_hmac_md5 + &ssh_hmac_sha512, &ssh_hmac_sha256, + &ssh_hmac_sha1, &ssh_hmac_sha1_96, &ssh_hmac_md5 }; const static ssh2_macalg *const buggymacs[] = { &ssh_hmac_sha1_buggy, &ssh_hmac_sha1_96_buggy, &ssh_hmac_md5 diff --git a/test/cryptsuite.py b/test/cryptsuite.py index 69b492e8..9d2c215c 100755 --- a/test/cryptsuite.py +++ b/test/cryptsuite.py @@ -3579,30 +3579,41 @@ class standard_test_vectors(MyTestBase): def testHmacSHA(self): # Test cases from RFC 6234 section 8.5. - def vector(key, message, s1=None, s256=None): + def vector(key, message, s1=None, s256=None, s512=None): if s1 is not None: self.assertEqualBin( mac_str('hmac_sha1', key, message), unhex(s1)) if s256 is not None: self.assertEqualBin( mac_str('hmac_sha256', key, message), unhex(s256)) + if s512 is not None: + self.assertEqualBin( + mac_str('hmac_sha512', key, message), unhex(s512)) vector( unhex("0b"*20), "Hi There", "b617318655057264e28bc0b6fb378c8ef146be00", - "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7") + "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7", + "87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cde" + "daa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854") vector( "Jefe", "what do ya want for nothing?", "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79", - "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843") + "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843", + "164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea250554" + "9758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737") vector( unhex("aa"*20), unhex('dd'*50), "125d7342b9ac11cd91a39af48aa17b4f63f175d3", - "773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565FE") + "773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565FE", + "fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39" + "bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb") vector( unhex("0102030405060708090a0b0c0d0e0f10111213141516171819"), unhex("cd"*50), "4c9007f4026250c6bc8414f9bf50c86c2d7235da", - "82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b") + "82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b", + "b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3db" + "a91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd") vector( unhex("aa"*80), "Test Using Larger Than Block-Size Key - Hash Key First", @@ -3611,7 +3622,9 @@ class standard_test_vectors(MyTestBase): unhex("aa"*131), "Test Using Larger Than Block-Size Key - Hash Key First", s256="60e431591ee0b67f0d8a26aacbf5b77f" - "8e0bc6213728c5140546040f0ee37f54") + "8e0bc6213728c5140546040f0ee37f54", s512= + "80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f352" + "6b56d037e05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598") vector( unhex("aa"*80), "Test Using Larger Than Block-Size Key and " @@ -3622,7 +3635,10 @@ class standard_test_vectors(MyTestBase): "This is a test using a larger than block-size key and a " "larger than block-size data. The key needs to be hashed " "before being used by the HMAC algorithm.", - s256="9B09FFA71B942FCB27635FBCD5B0E944BFDC63644F0713938A7F51535C3A35E2") + s256="9b09ffa71b942fcb27635fbcd5b0e944" + "bfdc63644f0713938a7f51535c3a35e2", s512= + "e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944" + "b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58") def testEd25519(self): def vector(privkey, pubkey, message, signature): diff --git a/test/testcrypt-enum.h b/test/testcrypt-enum.h index d81f46c7..4e93c786 100644 --- a/test/testcrypt-enum.h +++ b/test/testcrypt-enum.h @@ -35,6 +35,7 @@ BEGIN_ENUM_TYPE(macalg) ENUM_VALUE("hmac_sha1_96", &ssh_hmac_sha1_96) ENUM_VALUE("hmac_sha1_96_buggy", &ssh_hmac_sha1_96_buggy) ENUM_VALUE("hmac_sha256", &ssh_hmac_sha256) + ENUM_VALUE("hmac_sha512", &ssh_hmac_sha512) ENUM_VALUE("poly1305", &ssh2_poly1305) ENUM_VALUE("aesgcm", &ssh2_aesgcm_mac) ENUM_VALUE("aesgcm", &ssh2_aesgcm_mac) diff --git a/test/testsc.c b/test/testsc.c index 0a643e97..d6807c41 100644 --- a/test/testsc.c +++ b/test/testsc.c @@ -339,6 +339,7 @@ VOLATILE_WRAPPED_DEFN(static, size_t, looplimit, (size_t x)) X(Y, ssh_hmac_sha1_96) \ X(Y, ssh_hmac_sha1_96_buggy) \ X(Y, ssh_hmac_sha256) \ + X(Y, ssh_hmac_sha512) \ /* end of list */ #define ALL_MACS(X, Y) \