diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | packet.c | 56 | ||||
| -rw-r--r-- | packet.h | 5 | ||||
| -rw-r--r-- | sshconnect2.c | 8 |
4 files changed, 69 insertions, 6 deletions
@@ -72,6 +72,10 @@ [channels.c nchan.c nchan.h] make sure remote stderr does not get truncated. remove closed fd's from the select mask. + - markus@cvs.openbsd.org 2001/02/28 09:57:07 + [packet.c packet.h sshconnect2.c] + in ssh protocol v2 use ignore messages for padding (instead of + trailing \0). 20010304 - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid. @@ -4264,4 +4268,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.872 2001/03/05 06:16:11 mouring Exp $ +$Id: ChangeLog,v 1.873 2001/03/05 06:17:49 mouring Exp $ @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.52 2001/02/27 10:35:27 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.53 2001/02/28 09:57:06 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -1305,3 +1305,57 @@ packet_set_maxsize(int s) max_packet_size = s; return s; } + +/* + * 9.2. Ignored Data Message + * + * byte SSH_MSG_IGNORE + * string data + * + * All implementations MUST understand (and ignore) this message at any + * time (after receiving the protocol version). No implementation is + * required to send them. This message can be used as an additional + * protection measure against advanced traffic analysis techniques. + */ +/* size of current + ignore message should be n*sumlen bytes (w/o mac) */ +void +packet_inject_ignore(int sumlen) +{ + u_int32_t rand = 0; + int i, blocksize, padlen, have, need, nb, mini, nbytes; + Enc *enc = NULL; + + if (use_ssh2_packet_format == 0) + return; + + have = buffer_len(&outgoing_packet); + debug2("packet_inject_ignore: current %d", have); + if (kex != NULL) + enc = &kex->enc[MODE_OUT]; + blocksize = enc ? enc->cipher->block_size : 8; + padlen = blocksize - (have % blocksize); + if (padlen < 4) + padlen += blocksize; + have += padlen; + have /= blocksize; /* # of blocks for current message */ + + nb = roundup(sumlen, blocksize) / blocksize; /* blocks for both */ + mini = roundup(5+1+4+4, blocksize) / blocksize; /* minsize ignore msg */ + need = nb - (have % nb); /* blocks for ignore */ + if (need <= mini) + need += nb; + nbytes = (need - mini) * blocksize; /* size of ignore payload */ + debug2("packet_inject_ignore: block %d have %d nb %d mini %d need %d", + blocksize, have, nb, mini, need); + + /* enqueue current message and append a ignore message */ + packet_send(); + packet_start(SSH2_MSG_IGNORE); + packet_put_int(nbytes); + for(i = 0; i < nbytes; i++) { + if (i % 4 == 0) + rand = arc4random(); + packet_put_char(rand & 0xff); + rand >>= 8; + } +} @@ -11,7 +11,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: packet.h,v 1.19 2001/01/13 18:32:50 markus Exp $"); */ +/* RCSID("$OpenBSD: packet.h,v 1.20 2001/02/28 09:57:07 markus Exp $"); */ #ifndef PACKET_H #define PACKET_H @@ -214,4 +214,7 @@ void packet_set_ssh2_format(void); /* returns remaining payload bytes */ int packet_remaining(void); +/* append an ignore message */ +void packet_inject_ignore(int sumlen); + #endif /* PACKET_H */ diff --git a/sshconnect2.c b/sshconnect2.c index 12335e80..8b523232 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.48 2001/02/15 23:19:59 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.49 2001/02/28 09:57:07 markus Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -658,9 +658,10 @@ userauth_passwd(Authctxt *authctxt) packet_put_cstring(authctxt->service); packet_put_cstring(authctxt->method->name); packet_put_char(0); - ssh_put_password(password); + packet_put_cstring(password); memset(password, 0, strlen(password)); xfree(password); + packet_inject_ignore(64); packet_send(); packet_write_wait(); return 1; @@ -928,13 +929,14 @@ input_userauth_info_req(int type, int plen, void *ctxt) response = cli_prompt(prompt, echo); - ssh_put_password(response); + packet_put_cstring(response); memset(response, 0, strlen(response)); xfree(response); xfree(prompt); } packet_done(); /* done with parsing incoming message. */ + packet_inject_ignore(64); packet_send(); packet_write_wait(); } |