1 files changed, 40 insertions, 36 deletions
diff --git a/deattack.c b/deattack.c
index 8b55d6686..1b37e4dab 100644
--- a/deattack.c
+++ b/deattack.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: deattack.c,v 1.30 2006/09/16 19:53:37 djm Exp $ */
 /*
 * Cryptographic attack detector for ssh - source code
 *
@@ -18,14 +19,36 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: deattack.c,v 1.19 2003/09/18 08:49:45 markus Exp $");
+#include <sys/types.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include "xmalloc.h"
 #include "deattack.h"
 #include "log.h"
 #include "crc32.h"
-#include "getput.h"
+#include "misc.h"
-#include "xmalloc.h"
-#include "deattack.h"
+/*
+ * CRC attack detection has a worst-case behaviour that is O(N^3) over
+ * the number of identical blocks in a packet. This behaviour can be 
+ * exploited to create a limited denial of service attack. 
+ * 
+ * However, because we are dealing with encrypted data, identical
+ * blocks should only occur every 2^35 maximally-sized packets or so. 
+ * Consequently, we can detect this DoS by looking for identical blocks
+ * in a packet.
+ *
+ * The parameter below determines how many identical blocks we will
+ * accept in a single packet, trading off between attack detection and
+ * likelihood of terminating a legitimate connection. A value of 32 
+ * corresponds to an average of 2^40 messages before an attack is
+ * misdetected
+ */
+#define MAX_IDENTICAL   32
 /* SSH Constants */
 #define SSH_MAXBLOCKS   (32 * 1024)
@@ -43,7 +66,7 @@ RCSID("$OpenBSD: deattack.c,v 1.19 2003/09/18 08:49:45 markus Exp $");
 /* Hash function (Input keys are cipher results) */
-#define HASH(x)         GET_32BIT(x)
+#define HASH(x)         get_u32(x)
 #define CMP(a, b)       (memcmp(a, b, SSH_BLOCKSIZE))
@@ -51,22 +74,17 @@ static void
 crc_update(u_int32_t *a, u_int32_t b)
 {
        b ^= *a;
-        *a = ssh_crc32((u_char *) &b, sizeof(b));
+        *a = ssh_crc32((u_char *)&b, sizeof(b));
 }
 /* detect if a block is used in a particular pattern */
 static int
-check_crc(u_char *S, u_char *buf, u_int32_t len,
+check_crc(u_char *S, u_char *buf, u_int32_t len)
-          u_char *IV)
 {
        u_int32_t crc;
        u_char *c;
        crc = 0;
-        if (IV && !CMP(S, IV)) {
-                crc_update(&crc, 1);
-                crc_update(&crc, 0);
-        }
        for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
                if (!CMP(S, c)) {
                        crc_update(&crc, 1);
@@ -82,12 +100,12 @@ check_crc(u_char *S, u_char *buf, u_int32_t len,
 /* Detect a crc32 compensation attack on a packet */
 int
-detect_attack(u_char *buf, u_int32_t len, u_char *IV)
+detect_attack(u_char *buf, u_int32_t len)
 {
        static u_int16_t *h = (u_int16_t *) NULL;
        static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
        u_int32_t i, j;
-        u_int32_t l;
+        u_int32_t l, same;
        u_char *c;
        u_char *d;
@@ -100,26 +118,20 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV)
        if (h == NULL) {
                debug("Installing crc compensation attack detector.");
-                h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE);
+                h = (u_int16_t *) xcalloc(l, HASH_ENTRYSIZE);
                n = l;
        } else {
                if (l > n) {
-                        h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE);
+                        h = (u_int16_t *)xrealloc(h, l, HASH_ENTRYSIZE);
                        n = l;
                }
        }
        if (len <= HASH_MINBLOCKS) {
                for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
-                        if (IV && (!CMP(c, IV))) {
-                                if ((check_crc(c, buf, len, IV)))
-                                        return (DEATTACK_DETECTED);
-                                else
-                                        break;
-                        }
                        for (d = buf; d < c; d += SSH_BLOCKSIZE) {
                                if (!CMP(c, d)) {
-                                        if ((check_crc(c, buf, len, IV)))
+                                        if ((check_crc(c, buf, len)))
                                                return (DEATTACK_DETECTED);
                                        else
                                                break;
@@ -130,21 +142,13 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV)
        }
        memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
-        if (IV)
+        for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
-                h[HASH(IV) & (n - 1)] = HASH_IV;
-        for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
                for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
                    i = (i + 1) & (n - 1)) {
-                        if (h[i] == HASH_IV) {
+                        if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
-                                if (!CMP(c, IV)) {
+                                if (++same > MAX_IDENTICAL)
-                                        if (check_crc(c, buf, len, IV))
+                                        return (DEATTACK_DOS_DETECTED);
-                                                return (DEATTACK_DETECTED);
+                                if (check_crc(c, buf, len))
-                                        else
-                                                break;
-                                }
-                        } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
-                                if (check_crc(c, buf, len, IV))
                                        return (DEATTACK_DETECTED);
                                else
                                        break;

diff --git a/deattack.c b/deattack.c index 8b55d6686..1b37e4dab 100644 --- a/deattack.c +++ b/deattack.c
@@ -1,3 +1,4 @@
		1	/* $OpenBSD: deattack.c,v 1.30 2006/09/16 19:53:37 djm Exp $ */
1	/*	2	/*
2	* Cryptographic attack detector for ssh - source code	3	* Cryptographic attack detector for ssh - source code
3	*	4	*
@@ -18,14 +19,36 @@
18	*/	19	*/
19		20
20	#include "includes.h"	21	#include "includes.h"
21	RCSID("$OpenBSD: deattack.c,v 1.19 2003/09/18 08:49:45 markus Exp $");
22		22
		23	#include <sys/types.h>
		24
		25	#include <string.h>
		26	#include <stdio.h>
		27	#include <stdarg.h>
		28
		29	#include "xmalloc.h"
23	#include "deattack.h"	30	#include "deattack.h"
24	#include "log.h"	31	#include "log.h"
25	#include "crc32.h"	32	#include "crc32.h"
26	#include "getput.h"	33	#include "misc.h"
27	#include "xmalloc.h"	34
28	#include "deattack.h"	35	/*
		36	* CRC attack detection has a worst-case behaviour that is O(N^3) over
		37	* the number of identical blocks in a packet. This behaviour can be
		38	* exploited to create a limited denial of service attack.
		39	*
		40	* However, because we are dealing with encrypted data, identical
		41	* blocks should only occur every 2^35 maximally-sized packets or so.
		42	* Consequently, we can detect this DoS by looking for identical blocks
		43	* in a packet.
		44	*
		45	* The parameter below determines how many identical blocks we will
		46	* accept in a single packet, trading off between attack detection and
		47	* likelihood of terminating a legitimate connection. A value of 32
		48	* corresponds to an average of 2^40 messages before an attack is
		49	* misdetected
		50	*/
		51	#define MAX_IDENTICAL 32
29		52
30	/* SSH Constants */	53	/* SSH Constants */
31	#define SSH_MAXBLOCKS (32 * 1024)	54	#define SSH_MAXBLOCKS (32 * 1024)
@@ -43,7 +66,7 @@ RCSID("$OpenBSD: deattack.c,v 1.19 2003/09/18 08:49:45 markus Exp $");
43		66
44		67
45	/* Hash function (Input keys are cipher results) */	68	/* Hash function (Input keys are cipher results) */
46	#define HASH(x) GET_32BIT(x)	69	#define HASH(x) get_u32(x)
47		70
48	#define CMP(a, b) (memcmp(a, b, SSH_BLOCKSIZE))	71	#define CMP(a, b) (memcmp(a, b, SSH_BLOCKSIZE))
49		72
@@ -51,22 +74,17 @@ static void
51	crc_update(u_int32_t *a, u_int32_t b)	74	crc_update(u_int32_t *a, u_int32_t b)
52	{	75	{
53	b ^= *a;	76	b ^= *a;
54	a = ssh_crc32((u_char ) &b, sizeof(b));	77	a = ssh_crc32((u_char )&b, sizeof(b));
55	}	78	}
56		79
57	/* detect if a block is used in a particular pattern */	80	/* detect if a block is used in a particular pattern */
58	static int	81	static int
59	check_crc(u_char S, u_char buf, u_int32_t len,	82	check_crc(u_char S, u_char buf, u_int32_t len)
60	u_char *IV)
61	{	83	{
62	u_int32_t crc;	84	u_int32_t crc;
63	u_char *c;	85	u_char *c;
64		86
65	crc = 0;	87	crc = 0;
66	if (IV && !CMP(S, IV)) {
67	crc_update(&crc, 1);
68	crc_update(&crc, 0);
69	}
70	for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {	88	for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
71	if (!CMP(S, c)) {	89	if (!CMP(S, c)) {
72	crc_update(&crc, 1);	90	crc_update(&crc, 1);
@@ -82,12 +100,12 @@ check_crc(u_char S, u_char buf, u_int32_t len,
82		100
83	/* Detect a crc32 compensation attack on a packet */	101	/* Detect a crc32 compensation attack on a packet */
84	int	102	int
85	detect_attack(u_char buf, u_int32_t len, u_char IV)	103	detect_attack(u_char *buf, u_int32_t len)
86	{	104	{
87	static u_int16_t h = (u_int16_t ) NULL;	105	static u_int16_t h = (u_int16_t ) NULL;
88	static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;	106	static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
89	u_int32_t i, j;	107	u_int32_t i, j;
90	u_int32_t l;	108	u_int32_t l, same;
91	u_char *c;	109	u_char *c;
92	u_char *d;	110	u_char *d;
93		111
@@ -100,26 +118,20 @@ detect_attack(u_char buf, u_int32_t len, u_char IV)
100		118
101	if (h == NULL) {	119	if (h == NULL) {
102	debug("Installing crc compensation attack detector.");	120	debug("Installing crc compensation attack detector.");
103	h = (u_int16_t ) xmalloc(l HASH_ENTRYSIZE);	121	h = (u_int16_t *) xcalloc(l, HASH_ENTRYSIZE);
104	n = l;	122	n = l;
105	} else {	123	} else {
106	if (l > n) {	124	if (l > n) {
107	h = (u_int16_t ) xrealloc(h, l HASH_ENTRYSIZE);	125	h = (u_int16_t *)xrealloc(h, l, HASH_ENTRYSIZE);
108	n = l;	126	n = l;
109	}	127	}
110	}	128	}
111		129
112	if (len <= HASH_MINBLOCKS) {	130	if (len <= HASH_MINBLOCKS) {
113	for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {	131	for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
114	if (IV && (!CMP(c, IV))) {
115	if ((check_crc(c, buf, len, IV)))
116	return (DEATTACK_DETECTED);
117	else
118	break;
119	}
120	for (d = buf; d < c; d += SSH_BLOCKSIZE) {	132	for (d = buf; d < c; d += SSH_BLOCKSIZE) {
121	if (!CMP(c, d)) {	133	if (!CMP(c, d)) {
122	if ((check_crc(c, buf, len, IV)))	134	if ((check_crc(c, buf, len)))
123	return (DEATTACK_DETECTED);	135	return (DEATTACK_DETECTED);
124	else	136	else
125	break;	137	break;
@@ -130,21 +142,13 @@ detect_attack(u_char buf, u_int32_t len, u_char IV)
130	}	142	}
131	memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);	143	memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
132		144
133	if (IV)	145	for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
134	h[HASH(IV) & (n - 1)] = HASH_IV;
135
136	for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
137	for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;	146	for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
138	i = (i + 1) & (n - 1)) {	147	i = (i + 1) & (n - 1)) {
139	if (h[i] == HASH_IV) {	148	if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
140	if (!CMP(c, IV)) {	149	if (++same > MAX_IDENTICAL)
141	if (check_crc(c, buf, len, IV))	150	return (DEATTACK_DOS_DETECTED);
142	return (DEATTACK_DETECTED);	151	if (check_crc(c, buf, len))
143	else
144	break;
145	}
146	} else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
147	if (check_crc(c, buf, len, IV))
148	return (DEATTACK_DETECTED);	152	return (DEATTACK_DETECTED);
149	else	153	else
150	break;	154	break;