mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 04:43:53 +00:00
38a52bd3b5
Release notes are available at https://www.openssh.com/txt/release-9.1 9.1 contains fixes for three minor memory safety problems; these have lready been merged to the copy of OpenSSH 9.0 that is in the FreeBSD base system. Some highlights copied from the release notes: Potentially-incompatible changes -------------------------------- * ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config are now first-match-wins to match other directives. Previously if an environment variable was multiply specified the last set value would have been used. bz3438 * ssh-keygen(8): ssh-keygen -A (generate all default host key types) will no longer generate DSA keys, as these are insecure and have not been used by default for some years. New features ------------ * ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum RSA key length. Keys below this length will be ignored for user authentication and for host authentication in sshd(8). * sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. * sftp(1): use "users-groups-by-id@openssh.com" sftp-server extension (when available) to fill in user/group names for directory listings. * sftp-server(8): support the "home-directory" extension request defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the existing "expand-path@openssh.com", but some other clients support it. * ssh-keygen(1), sshd(8): allow certificate validity intervals, sshsig verification times and authorized_keys expiry-time options to accept dates in the UTC time zone in addition to the default of interpreting them in the system time zone. YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed with a 'Z' character. Also allow certificate validity intervals to be specified in raw seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This is intended for use by regress tests and other tools that call ssh-keygen as part of a CA workflow. bz3468 * sftp(1): allow arguments to the sftp -D option, e.g. sftp -D "/usr/libexec/sftp-server -el debug3" * ssh-keygen(1): allow the existing -U (use agent) flag to work with "-Y sign" operations, where it will be interpreted to require that the private keys is hosted in an agent; bz3429 MFC after: 2 weeks Relnotes: Yes Sponsored by: The FreeBSD Foundation
138 lines
3.3 KiB
C
138 lines
3.3 KiB
C
/* $OpenBSD: xmss_hash.c,v 1.3 2022/04/20 16:00:25 millert Exp $ */
|
|
/*
|
|
hash.c version 20160722
|
|
Andreas Hülsing
|
|
Joost Rijneveld
|
|
Public domain.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
#ifdef WITH_XMSS
|
|
|
|
#include "xmss_hash_address.h"
|
|
#include "xmss_commons.h"
|
|
#include "xmss_hash.h"
|
|
|
|
#include <stddef.h>
|
|
#ifdef HAVE_STDINT_H
|
|
# include <stdint.h>
|
|
#endif
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
|
|
int core_hash_SHA2(unsigned char *, const unsigned int, const unsigned char *,
|
|
unsigned int, const unsigned char *, unsigned long long, unsigned int);
|
|
|
|
unsigned char* addr_to_byte(unsigned char *bytes, const uint32_t addr[8]){
|
|
#if IS_LITTLE_ENDIAN==1
|
|
int i = 0;
|
|
for(i=0;i<8;i++)
|
|
to_byte(bytes+i*4, addr[i],4);
|
|
return bytes;
|
|
#else
|
|
memcpy(bytes, addr, 32);
|
|
return bytes;
|
|
#endif
|
|
}
|
|
|
|
int core_hash_SHA2(unsigned char *out, const unsigned int type, const unsigned char *key, unsigned int keylen, const unsigned char *in, unsigned long long inlen, unsigned int n){
|
|
unsigned long long i = 0;
|
|
unsigned char buf[inlen + n + keylen];
|
|
|
|
// Input is (toByte(X, 32) || KEY || M)
|
|
|
|
// set toByte
|
|
to_byte(buf, type, n);
|
|
|
|
for (i=0; i < keylen; i++) {
|
|
buf[i+n] = key[i];
|
|
}
|
|
|
|
for (i=0; i < inlen; i++) {
|
|
buf[keylen + n + i] = in[i];
|
|
}
|
|
|
|
if (n == 32) {
|
|
SHA256(buf, inlen + keylen + n, out);
|
|
return 0;
|
|
}
|
|
else {
|
|
if (n == 64) {
|
|
SHA512(buf, inlen + keylen + n, out);
|
|
return 0;
|
|
}
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
/**
|
|
* Implements PRF
|
|
*/
|
|
int prf(unsigned char *out, const unsigned char *in, const unsigned char *key, unsigned int keylen)
|
|
{
|
|
return core_hash_SHA2(out, 3, key, keylen, in, 32, keylen);
|
|
}
|
|
|
|
/*
|
|
* Implemts H_msg
|
|
*/
|
|
int h_msg(unsigned char *out, const unsigned char *in, unsigned long long inlen, const unsigned char *key, const unsigned int keylen, const unsigned int n)
|
|
{
|
|
if (keylen != 3*n){
|
|
// H_msg takes 3n-bit keys, but n does not match the keylength of keylen
|
|
return -1;
|
|
}
|
|
return core_hash_SHA2(out, 2, key, keylen, in, inlen, n);
|
|
}
|
|
|
|
/**
|
|
* We assume the left half is in in[0]...in[n-1]
|
|
*/
|
|
int hash_h(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n)
|
|
{
|
|
|
|
unsigned char buf[2*n];
|
|
unsigned char key[n];
|
|
unsigned char bitmask[2*n];
|
|
unsigned char byte_addr[32];
|
|
unsigned int i;
|
|
|
|
setKeyAndMask(addr, 0);
|
|
addr_to_byte(byte_addr, addr);
|
|
prf(key, byte_addr, pub_seed, n);
|
|
// Use MSB order
|
|
setKeyAndMask(addr, 1);
|
|
addr_to_byte(byte_addr, addr);
|
|
prf(bitmask, byte_addr, pub_seed, n);
|
|
setKeyAndMask(addr, 2);
|
|
addr_to_byte(byte_addr, addr);
|
|
prf(bitmask+n, byte_addr, pub_seed, n);
|
|
for (i = 0; i < 2*n; i++) {
|
|
buf[i] = in[i] ^ bitmask[i];
|
|
}
|
|
return core_hash_SHA2(out, 1, key, n, buf, 2*n, n);
|
|
}
|
|
|
|
int hash_f(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n)
|
|
{
|
|
unsigned char buf[n];
|
|
unsigned char key[n];
|
|
unsigned char bitmask[n];
|
|
unsigned char byte_addr[32];
|
|
unsigned int i;
|
|
|
|
setKeyAndMask(addr, 0);
|
|
addr_to_byte(byte_addr, addr);
|
|
prf(key, byte_addr, pub_seed, n);
|
|
|
|
setKeyAndMask(addr, 1);
|
|
addr_to_byte(byte_addr, addr);
|
|
prf(bitmask, byte_addr, pub_seed, n);
|
|
|
|
for (i = 0; i < n; i++) {
|
|
buf[i] = in[i] ^ bitmask[i];
|
|
}
|
|
return core_hash_SHA2(out, 0, key, n, buf, n, n);
|
|
}
|
|
#endif /* WITH_XMSS */
|