1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00

Add support for HMAC-SHA512.

I saw a post on comp.security.ssh just now where someone had
encountered an SSH server that would _only_ speak that, which makes it
worth bothering to implement.

The totally obvious implementation works, and passes the test cases
from RFC 6234.

(cherry picked from commit b77e985513)
This commit is contained in:
Simon Tatham 2023-04-21 20:17:43 +01:00
parent c545c04102
commit f6f9848465
6 changed files with 44 additions and 8 deletions

View File

@ -160,6 +160,22 @@ static const char *hmac_text_name(ssh2_mac *mac)
return ctx->text_name->s; return ctx->text_name->s;
} }
static const struct hmac_extra ssh_hmac_sha512_extra = { &ssh_sha512, "" };
const ssh2_macalg ssh_hmac_sha512 = {
.new = hmac_new,
.free = hmac_free,
.setkey = hmac_key,
.start = hmac_start,
.genresult = hmac_genresult,
.next_message = nullmac_next_message,
.text_name = hmac_text_name,
.name = "hmac-sha2-512",
.etm_name = "hmac-sha2-512-etm@openssh.com",
.len = 64,
.keylen = 64,
.extra = &ssh_hmac_sha512_extra,
};
static const struct hmac_extra ssh_hmac_sha256_extra = { &ssh_sha256, "" }; static const struct hmac_extra ssh_hmac_sha256_extra = { &ssh_sha256, "" };
const ssh2_macalg ssh_hmac_sha256 = { const ssh2_macalg ssh_hmac_sha256 = {
.new = hmac_new, .new = hmac_new,

1
ssh.h
View File

@ -1205,6 +1205,7 @@ extern const ssh2_macalg ssh_hmac_sha1_buggy;
extern const ssh2_macalg ssh_hmac_sha1_96; extern const ssh2_macalg ssh_hmac_sha1_96;
extern const ssh2_macalg ssh_hmac_sha1_96_buggy; extern const ssh2_macalg ssh_hmac_sha1_96_buggy;
extern const ssh2_macalg ssh_hmac_sha256; extern const ssh2_macalg ssh_hmac_sha256;
extern const ssh2_macalg ssh_hmac_sha512;
extern const ssh2_macalg ssh2_poly1305; extern const ssh2_macalg ssh2_poly1305;
extern const ssh2_macalg ssh2_aesgcm_mac; extern const ssh2_macalg ssh2_aesgcm_mac;
extern const ssh2_macalg ssh2_aesgcm_mac_sw; extern const ssh2_macalg ssh2_aesgcm_mac_sw;

View File

@ -20,7 +20,8 @@ const struct ssh_signkey_with_user_pref_id ssh2_hostkey_algs[] = {
}; };
const static ssh2_macalg *const macs[] = { const static ssh2_macalg *const macs[] = {
&ssh_hmac_sha256, &ssh_hmac_sha1, &ssh_hmac_sha1_96, &ssh_hmac_md5 &ssh_hmac_sha512, &ssh_hmac_sha256,
&ssh_hmac_sha1, &ssh_hmac_sha1_96, &ssh_hmac_md5
}; };
const static ssh2_macalg *const buggymacs[] = { const static ssh2_macalg *const buggymacs[] = {
&ssh_hmac_sha1_buggy, &ssh_hmac_sha1_96_buggy, &ssh_hmac_md5 &ssh_hmac_sha1_buggy, &ssh_hmac_sha1_96_buggy, &ssh_hmac_md5

View File

@ -3579,30 +3579,41 @@ class standard_test_vectors(MyTestBase):
def testHmacSHA(self): def testHmacSHA(self):
# Test cases from RFC 6234 section 8.5. # Test cases from RFC 6234 section 8.5.
def vector(key, message, s1=None, s256=None): def vector(key, message, s1=None, s256=None, s512=None):
if s1 is not None: if s1 is not None:
self.assertEqualBin( self.assertEqualBin(
mac_str('hmac_sha1', key, message), unhex(s1)) mac_str('hmac_sha1', key, message), unhex(s1))
if s256 is not None: if s256 is not None:
self.assertEqualBin( self.assertEqualBin(
mac_str('hmac_sha256', key, message), unhex(s256)) mac_str('hmac_sha256', key, message), unhex(s256))
if s512 is not None:
self.assertEqualBin(
mac_str('hmac_sha512', key, message), unhex(s512))
vector( vector(
unhex("0b"*20), "Hi There", unhex("0b"*20), "Hi There",
"b617318655057264e28bc0b6fb378c8ef146be00", "b617318655057264e28bc0b6fb378c8ef146be00",
"b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7") "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7",
"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cde"
"daa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854")
vector( vector(
"Jefe", "what do ya want for nothing?", "Jefe", "what do ya want for nothing?",
"effcdf6ae5eb2fa2d27416d5f184df9c259a7c79", "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79",
"5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843") "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843",
"164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea250554"
"9758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737")
vector( vector(
unhex("aa"*20), unhex('dd'*50), unhex("aa"*20), unhex('dd'*50),
"125d7342b9ac11cd91a39af48aa17b4f63f175d3", "125d7342b9ac11cd91a39af48aa17b4f63f175d3",
"773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565FE") "773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565FE",
"fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39"
"bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb")
vector( vector(
unhex("0102030405060708090a0b0c0d0e0f10111213141516171819"), unhex("0102030405060708090a0b0c0d0e0f10111213141516171819"),
unhex("cd"*50), unhex("cd"*50),
"4c9007f4026250c6bc8414f9bf50c86c2d7235da", "4c9007f4026250c6bc8414f9bf50c86c2d7235da",
"82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b") "82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b",
"b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3db"
"a91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd")
vector( vector(
unhex("aa"*80), unhex("aa"*80),
"Test Using Larger Than Block-Size Key - Hash Key First", "Test Using Larger Than Block-Size Key - Hash Key First",
@ -3611,7 +3622,9 @@ class standard_test_vectors(MyTestBase):
unhex("aa"*131), unhex("aa"*131),
"Test Using Larger Than Block-Size Key - Hash Key First", "Test Using Larger Than Block-Size Key - Hash Key First",
s256="60e431591ee0b67f0d8a26aacbf5b77f" s256="60e431591ee0b67f0d8a26aacbf5b77f"
"8e0bc6213728c5140546040f0ee37f54") "8e0bc6213728c5140546040f0ee37f54", s512=
"80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f352"
"6b56d037e05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598")
vector( vector(
unhex("aa"*80), unhex("aa"*80),
"Test Using Larger Than Block-Size Key and " "Test Using Larger Than Block-Size Key and "
@ -3622,7 +3635,10 @@ class standard_test_vectors(MyTestBase):
"This is a test using a larger than block-size key and a " "This is a test using a larger than block-size key and a "
"larger than block-size data. The key needs to be hashed " "larger than block-size data. The key needs to be hashed "
"before being used by the HMAC algorithm.", "before being used by the HMAC algorithm.",
s256="9B09FFA71B942FCB27635FBCD5B0E944BFDC63644F0713938A7F51535C3A35E2") s256="9b09ffa71b942fcb27635fbcd5b0e944"
"bfdc63644f0713938a7f51535c3a35e2", s512=
"e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944"
"b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58")
def testEd25519(self): def testEd25519(self):
def vector(privkey, pubkey, message, signature): def vector(privkey, pubkey, message, signature):

View File

@ -35,6 +35,7 @@ BEGIN_ENUM_TYPE(macalg)
ENUM_VALUE("hmac_sha1_96", &ssh_hmac_sha1_96) ENUM_VALUE("hmac_sha1_96", &ssh_hmac_sha1_96)
ENUM_VALUE("hmac_sha1_96_buggy", &ssh_hmac_sha1_96_buggy) ENUM_VALUE("hmac_sha1_96_buggy", &ssh_hmac_sha1_96_buggy)
ENUM_VALUE("hmac_sha256", &ssh_hmac_sha256) ENUM_VALUE("hmac_sha256", &ssh_hmac_sha256)
ENUM_VALUE("hmac_sha512", &ssh_hmac_sha512)
ENUM_VALUE("poly1305", &ssh2_poly1305) ENUM_VALUE("poly1305", &ssh2_poly1305)
ENUM_VALUE("aesgcm", &ssh2_aesgcm_mac) ENUM_VALUE("aesgcm", &ssh2_aesgcm_mac)
ENUM_VALUE("aesgcm", &ssh2_aesgcm_mac) ENUM_VALUE("aesgcm", &ssh2_aesgcm_mac)

View File

@ -339,6 +339,7 @@ VOLATILE_WRAPPED_DEFN(static, size_t, looplimit, (size_t x))
X(Y, ssh_hmac_sha1_96) \ X(Y, ssh_hmac_sha1_96) \
X(Y, ssh_hmac_sha1_96_buggy) \ X(Y, ssh_hmac_sha1_96_buggy) \
X(Y, ssh_hmac_sha256) \ X(Y, ssh_hmac_sha256) \
X(Y, ssh_hmac_sha512) \
/* end of list */ /* end of list */
#define ALL_MACS(X, Y) \ #define ALL_MACS(X, Y) \