- markus@cvs.openbsd.org 2001/02/28 09:57:07

[packet.c packet.h sshconnect2.c] in ssh protocol v2 use ignore messages for padding (instead of trailing \0).
author: Ben Lindstrom <mouring@eviladmin.org> 2001-03-05 06:17:49 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2001-03-05 06:17:49 +0000
commit: 5699c5f9acb09d8e210856c3dd3cdeb4078d41a4 (patch)
tree: d865640d602faefb7f1b8e26648d1938c2caa224
parent: 7fbd455c780e96065dc2bd8d96d21f0c017c0f99 (diff)
4 files changed, 69 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog
index a30623c4a..b91677386 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -72,6 +72,10 @@
     [channels.c nchan.c nchan.h]
     make sure remote stderr does not get truncated.
     remove closed fd's from the select mask.
+   - markus@cvs.openbsd.org 2001/02/28 09:57:07
+     [packet.c packet.h sshconnect2.c]
+     in ssh protocol v2 use ignore messages for padding (instead of
+     trailing \0).
 20010304
 - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
@@ -4264,4 +4268,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.872 2001/03/05 06:16:11 mouring Exp $
+$Id: ChangeLog,v 1.873 2001/03/05 06:17:49 mouring Exp $
diff --git a/packet.c b/packet.c
index 02f8ab1bb..26abf0e1a 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.52 2001/02/27 10:35:27 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.53 2001/02/28 09:57:06 markus Exp $");
 #include "xmalloc.h"
 #include "buffer.h"
@@ -1305,3 +1305,57 @@ packet_set_maxsize(int s)
        max_packet_size = s;
        return s;
 }
+/*
+ * 9.2.  Ignored Data Message
+ * 
+ *   byte      SSH_MSG_IGNORE
+ *   string    data
+ * 
+ * All implementations MUST understand (and ignore) this message at any
+ * time (after receiving the protocol version). No implementation is
+ * required to send them. This message can be used as an additional
+ * protection measure against advanced traffic analysis techniques.
+ */
+/* size of current + ignore message should be n*sumlen bytes (w/o mac) */
+void
+packet_inject_ignore(int sumlen)
+{
+        u_int32_t rand = 0;
+        int i, blocksize, padlen, have, need, nb, mini, nbytes;
+        Enc *enc = NULL;
+        if (use_ssh2_packet_format == 0)
+                return;
+        have = buffer_len(&outgoing_packet);
+        debug2("packet_inject_ignore: current %d", have);
+        if (kex != NULL)
+        enc  = &kex->enc[MODE_OUT];
+        blocksize = enc ? enc->cipher->block_size : 8;
+        padlen = blocksize - (have % blocksize);
+        if (padlen < 4)
+                padlen += blocksize;
+        have += padlen;
+        have /= blocksize;      /* # of blocks for current message */
+        nb   = roundup(sumlen,  blocksize) / blocksize; /* blocks for both */
+        mini = roundup(5+1+4+4, blocksize) / blocksize; /* minsize ignore msg */
+        need = nb - (have % nb);                        /* blocks for ignore */
+        if (need <= mini)
+                need += nb;
+        nbytes = (need - mini) * blocksize;     /* size of ignore payload */
+        debug2("packet_inject_ignore: block %d have %d nb %d mini %d need %d",
+            blocksize, have, nb, mini, need);
+        /* enqueue current message and append a ignore message */
+        packet_send();
+        packet_start(SSH2_MSG_IGNORE);
+        packet_put_int(nbytes);
+        for(i = 0; i < nbytes; i++) {
+                if (i % 4 == 0)
+                        rand = arc4random();
+                packet_put_char(rand & 0xff);
+                rand >>= 8;
+        }
+}
diff --git a/packet.h b/packet.h
index 00f0c3778..059bb27a0 100644
--- a/packet.h
+++ b/packet.h
@@ -11,7 +11,7 @@
 * called by a name other than "ssh" or "Secure Shell".
 */
-/* RCSID("$OpenBSD: packet.h,v 1.19 2001/01/13 18:32:50 markus Exp $"); */
+/* RCSID("$OpenBSD: packet.h,v 1.20 2001/02/28 09:57:07 markus Exp $"); */
 #ifndef PACKET_H
 #define PACKET_H
@@ -214,4 +214,7 @@ void	packet_set_ssh2_format(void);
 /* returns remaining payload bytes */
 int     packet_remaining(void);
+/* append an ignore message */
+void    packet_inject_ignore(int sumlen);
 #endif                          /* PACKET_H */
diff --git a/sshconnect2.c b/sshconnect2.c
index 12335e80e..8b523232f 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.48 2001/02/15 23:19:59 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.49 2001/02/28 09:57:07 markus Exp $");
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -658,9 +658,10 @@ userauth_passwd(Authctxt *authctxt)
        packet_put_cstring(authctxt->service);
        packet_put_cstring(authctxt->method->name);
        packet_put_char(0);
-        ssh_put_password(password);
+        packet_put_cstring(password);
        memset(password, 0, strlen(password));
        xfree(password);
+        packet_inject_ignore(64);
        packet_send();
        packet_write_wait();
        return 1;
@@ -928,13 +929,14 @@ input_userauth_info_req(int type, int plen, void *ctxt)
                response = cli_prompt(prompt, echo);
-                ssh_put_password(response);
+                packet_put_cstring(response);
                memset(response, 0, strlen(response));
                xfree(response);
                xfree(prompt);
        }
        packet_done(); /* done with parsing incoming message. */
+        packet_inject_ignore(64);
        packet_send();
        packet_write_wait();
 }
author	Ben Lindstrom <mouring@eviladmin.org>	2001-03-05 06:17:49 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2001-03-05 06:17:49 +0000
commit	5699c5f9acb09d8e210856c3dd3cdeb4078d41a4 (patch)
tree	d865640d602faefb7f1b8e26648d1938c2caa224
parent	7fbd455c780e96065dc2bd8d96d21f0c017c0f99 (diff)

diff --git a/ChangeLog b/ChangeLog index a30623c4a..b91677386 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -72,6 +72,10 @@
72	[channels.c nchan.c nchan.h]	72	[channels.c nchan.c nchan.h]
73	make sure remote stderr does not get truncated.	73	make sure remote stderr does not get truncated.
74	remove closed fd's from the select mask.	74	remove closed fd's from the select mask.
		75	- markus@cvs.openbsd.org 2001/02/28 09:57:07
		76	[packet.c packet.h sshconnect2.c]
		77	in ssh protocol v2 use ignore messages for padding (instead of
		78	trailing \0).
75		79
76	20010304	80	20010304
77	- (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.	81	- (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
@@ -4264,4 +4268,4 @@
4264	- Wrote replacements for strlcpy and mkdtemp	4268	- Wrote replacements for strlcpy and mkdtemp
4265	- Released 1.0pre1	4269	- Released 1.0pre1
4266		4270
4267	$Id: ChangeLog,v 1.872 2001/03/05 06:16:11 mouring Exp $	4271	$Id: ChangeLog,v 1.873 2001/03/05 06:17:49 mouring Exp $


diff --git a/packet.c b/packet.c index 02f8ab1bb..26abf0e1a 100644 --- a/packet.c +++ b/packet.c
@@ -37,7 +37,7 @@
37	*/	37	*/
38		38
39	#include "includes.h"	39	#include "includes.h"
40	RCSID("$OpenBSD: packet.c,v 1.52 2001/02/27 10:35:27 markus Exp $");	40	RCSID("$OpenBSD: packet.c,v 1.53 2001/02/28 09:57:06 markus Exp $");
41		41
42	#include "xmalloc.h"	42	#include "xmalloc.h"
43	#include "buffer.h"	43	#include "buffer.h"
@@ -1305,3 +1305,57 @@ packet_set_maxsize(int s)
1305	max_packet_size = s;	1305	max_packet_size = s;
1306	return s;	1306	return s;
1307	}	1307	}
		1308
		1309	/*
		1310	* 9.2. Ignored Data Message
		1311	*
		1312	* byte SSH_MSG_IGNORE
		1313	* string data
		1314	*
		1315	* All implementations MUST understand (and ignore) this message at any
		1316	* time (after receiving the protocol version). No implementation is
		1317	* required to send them. This message can be used as an additional
		1318	* protection measure against advanced traffic analysis techniques.
		1319	*/
		1320	/* size of current + ignore message should be nsumlen bytes (w/o mac) /
		1321	void
		1322	packet_inject_ignore(int sumlen)
		1323	{
		1324	u_int32_t rand = 0;
		1325	int i, blocksize, padlen, have, need, nb, mini, nbytes;
		1326	Enc *enc = NULL;
		1327
		1328	if (use_ssh2_packet_format == 0)
		1329	return;
		1330
		1331	have = buffer_len(&outgoing_packet);
		1332	debug2("packet_inject_ignore: current %d", have);
		1333	if (kex != NULL)
		1334	enc = &kex->enc[MODE_OUT];
		1335	blocksize = enc ? enc->cipher->block_size : 8;
		1336	padlen = blocksize - (have % blocksize);
		1337	if (padlen < 4)
		1338	padlen += blocksize;
		1339	have += padlen;
		1340	have /= blocksize; /* # of blocks for current message */
		1341
		1342	nb = roundup(sumlen, blocksize) / blocksize; /* blocks for both */
		1343	mini = roundup(5+1+4+4, blocksize) / blocksize; /* minsize ignore msg */
		1344	need = nb - (have % nb); /* blocks for ignore */
		1345	if (need <= mini)
		1346	need += nb;
		1347	nbytes = (need - mini) * blocksize; /* size of ignore payload */
		1348	debug2("packet_inject_ignore: block %d have %d nb %d mini %d need %d",
		1349	blocksize, have, nb, mini, need);
		1350
		1351	/* enqueue current message and append a ignore message */
		1352	packet_send();
		1353	packet_start(SSH2_MSG_IGNORE);
		1354	packet_put_int(nbytes);
		1355	for(i = 0; i < nbytes; i++) {
		1356	if (i % 4 == 0)
		1357	rand = arc4random();
		1358	packet_put_char(rand & 0xff);
		1359	rand >>= 8;
		1360	}
		1361	}


diff --git a/packet.h b/packet.h index 00f0c3778..059bb27a0 100644 --- a/packet.h +++ b/packet.h
@@ -11,7 +11,7 @@
11	* called by a name other than "ssh" or "Secure Shell".	11	* called by a name other than "ssh" or "Secure Shell".
12	*/	12	*/
13		13
14	/* RCSID("$OpenBSD: packet.h,v 1.19 2001/01/13 18:32:50 markus Exp $"); */	14	/* RCSID("$OpenBSD: packet.h,v 1.20 2001/02/28 09:57:07 markus Exp $"); */
15		15
16	#ifndef PACKET_H	16	#ifndef PACKET_H
17	#define PACKET_H	17	#define PACKET_H
@@ -214,4 +214,7 @@ void packet_set_ssh2_format(void);
214	/* returns remaining payload bytes */	214	/* returns remaining payload bytes */
215	int packet_remaining(void);	215	int packet_remaining(void);
216		216
		217	/* append an ignore message */
		218	void packet_inject_ignore(int sumlen);
		219
217	#endif /* PACKET_H */	220	#endif /* PACKET_H */


diff --git a/sshconnect2.c b/sshconnect2.c index 12335e80e..8b523232f 100644 --- a/sshconnect2.c +++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23	*/	23	*/
24		24
25	#include "includes.h"	25	#include "includes.h"
26	RCSID("$OpenBSD: sshconnect2.c,v 1.48 2001/02/15 23:19:59 markus Exp $");	26	RCSID("$OpenBSD: sshconnect2.c,v 1.49 2001/02/28 09:57:07 markus Exp $");
27		27
28	#include <openssl/bn.h>	28	#include <openssl/bn.h>
29	#include <openssl/md5.h>	29	#include <openssl/md5.h>
@@ -658,9 +658,10 @@ userauth_passwd(Authctxt *authctxt)
658	packet_put_cstring(authctxt->service);	658	packet_put_cstring(authctxt->service);
659	packet_put_cstring(authctxt->method->name);	659	packet_put_cstring(authctxt->method->name);
660	packet_put_char(0);	660	packet_put_char(0);
661	ssh_put_password(password);	661	packet_put_cstring(password);
662	memset(password, 0, strlen(password));	662	memset(password, 0, strlen(password));
663	xfree(password);	663	xfree(password);
		664	packet_inject_ignore(64);
664	packet_send();	665	packet_send();
665	packet_write_wait();	666	packet_write_wait();
666	return 1;	667	return 1;
@@ -928,13 +929,14 @@ input_userauth_info_req(int type, int plen, void *ctxt)
928		929
929	response = cli_prompt(prompt, echo);	930	response = cli_prompt(prompt, echo);
930		931
931	ssh_put_password(response);	932	packet_put_cstring(response);
932	memset(response, 0, strlen(response));	933	memset(response, 0, strlen(response));
933	xfree(response);	934	xfree(response);
934	xfree(prompt);	935	xfree(prompt);
935	}	936	}
936	packet_done(); /* done with parsing incoming message. */	937	packet_done(); /* done with parsing incoming message. */
937		938
		939	packet_inject_ignore(64);
938	packet_send();	940	packet_send();
939	packet_write_wait();	941	packet_write_wait();
940	}	942	}