diff options
Diffstat (limited to 'packet.c')
-rw-r--r-- | packet.c | 60 |
1 files changed, 23 insertions, 37 deletions
@@ -37,7 +37,7 @@ | |||
37 | */ | 37 | */ |
38 | 38 | ||
39 | #include "includes.h" | 39 | #include "includes.h" |
40 | RCSID("$OpenBSD: packet.c,v 1.70 2001/09/27 11:59:37 markus Exp $"); | 40 | RCSID("$OpenBSD: packet.c,v 1.71 2001/11/07 16:03:17 markus Exp $"); |
41 | 41 | ||
42 | #include "xmalloc.h" | 42 | #include "xmalloc.h" |
43 | #include "buffer.h" | 43 | #include "buffer.h" |
@@ -115,6 +115,9 @@ static int interactive_mode = 0; | |||
115 | /* Session key information for Encryption and MAC */ | 115 | /* Session key information for Encryption and MAC */ |
116 | Newkeys *newkeys[MODE_MAX]; | 116 | Newkeys *newkeys[MODE_MAX]; |
117 | 117 | ||
118 | /* roundup current message to extra_pad bytes */ | ||
119 | static u_char extra_pad = 0; | ||
120 | |||
118 | /* | 121 | /* |
119 | * Sets the descriptors used for communication. Disables encryption until | 122 | * Sets the descriptors used for communication. Disables encryption until |
120 | * packet_set_encryption_key is called. | 123 | * packet_set_encryption_key is called. |
@@ -485,9 +488,10 @@ packet_send2(void) | |||
485 | { | 488 | { |
486 | static u_int32_t seqnr = 0; | 489 | static u_int32_t seqnr = 0; |
487 | u_char type, *ucp, *macbuf = NULL; | 490 | u_char type, *ucp, *macbuf = NULL; |
491 | u_char padlen, pad; | ||
488 | char *cp; | 492 | char *cp; |
489 | u_int packet_length = 0; | 493 | u_int packet_length = 0; |
490 | u_int i, padlen, len; | 494 | u_int i, len; |
491 | u_int32_t rand = 0; | 495 | u_int32_t rand = 0; |
492 | Enc *enc = NULL; | 496 | Enc *enc = NULL; |
493 | Mac *mac = NULL; | 497 | Mac *mac = NULL; |
@@ -533,6 +537,15 @@ packet_send2(void) | |||
533 | padlen = block_size - (len % block_size); | 537 | padlen = block_size - (len % block_size); |
534 | if (padlen < 4) | 538 | if (padlen < 4) |
535 | padlen += block_size; | 539 | padlen += block_size; |
540 | if (extra_pad) { | ||
541 | /* will wrap if extra_pad+padlen > 255 */ | ||
542 | extra_pad = roundup(extra_pad, block_size); | ||
543 | pad = extra_pad - ((len + padlen) % extra_pad); | ||
544 | debug("packet_send2: adding %d (len %d padlen %d extra_pad %d)", | ||
545 | pad, len, padlen, extra_pad); | ||
546 | padlen += pad; | ||
547 | extra_pad = 0; | ||
548 | } | ||
536 | buffer_append_space(&outgoing_packet, &cp, padlen); | 549 | buffer_append_space(&outgoing_packet, &cp, padlen); |
537 | if (enc && enc->cipher->number != SSH_CIPHER_NONE) { | 550 | if (enc && enc->cipher->number != SSH_CIPHER_NONE) { |
538 | /* random padding */ | 551 | /* random padding */ |
@@ -1109,6 +1122,7 @@ packet_write_poll() | |||
1109 | else | 1122 | else |
1110 | fatal("Write failed: %.100s", strerror(errno)); | 1123 | fatal("Write failed: %.100s", strerror(errno)); |
1111 | } | 1124 | } |
1125 | debug("packet_write_poll: sent %d bytes", len); | ||
1112 | buffer_consume(&output, len); | 1126 | buffer_consume(&output, len); |
1113 | } | 1127 | } |
1114 | } | 1128 | } |
@@ -1238,6 +1252,13 @@ packet_set_maxsize(int s) | |||
1238 | return s; | 1252 | return s; |
1239 | } | 1253 | } |
1240 | 1254 | ||
1255 | /* roundup current message to pad bytes */ | ||
1256 | void | ||
1257 | packet_add_padding(u_char pad) | ||
1258 | { | ||
1259 | extra_pad = pad; | ||
1260 | } | ||
1261 | |||
1241 | /* | 1262 | /* |
1242 | * 9.2. Ignored Data Message | 1263 | * 9.2. Ignored Data Message |
1243 | * | 1264 | * |
@@ -1249,41 +1270,6 @@ packet_set_maxsize(int s) | |||
1249 | * required to send them. This message can be used as an additional | 1270 | * required to send them. This message can be used as an additional |
1250 | * protection measure against advanced traffic analysis techniques. | 1271 | * protection measure against advanced traffic analysis techniques. |
1251 | */ | 1272 | */ |
1252 | /* size of current + ignore message should be n*sumlen bytes (w/o mac) */ | ||
1253 | void | ||
1254 | packet_inject_ignore(int sumlen) | ||
1255 | { | ||
1256 | int blocksize, padlen, have, need, nb, mini, nbytes; | ||
1257 | Enc *enc = NULL; | ||
1258 | |||
1259 | if (compat20 == 0) | ||
1260 | return; | ||
1261 | |||
1262 | have = buffer_len(&outgoing_packet); | ||
1263 | debug2("packet_inject_ignore: current %d", have); | ||
1264 | if (newkeys[MODE_OUT] != NULL) | ||
1265 | enc = &newkeys[MODE_OUT]->enc; | ||
1266 | blocksize = enc ? enc->cipher->block_size : 8; | ||
1267 | padlen = blocksize - (have % blocksize); | ||
1268 | if (padlen < 4) | ||
1269 | padlen += blocksize; | ||
1270 | have += padlen; | ||
1271 | have /= blocksize; /* # of blocks for current message */ | ||
1272 | |||
1273 | nb = roundup(sumlen, blocksize) / blocksize; /* blocks for both */ | ||
1274 | mini = roundup(5+1+4+4, blocksize) / blocksize; /* minsize ignore msg */ | ||
1275 | need = nb - (have % nb); /* blocks for ignore */ | ||
1276 | if (need <= mini) | ||
1277 | need += nb; | ||
1278 | nbytes = (need - mini) * blocksize; /* size of ignore payload */ | ||
1279 | debug2("packet_inject_ignore: block %d have %d nb %d mini %d need %d", | ||
1280 | blocksize, have, nb, mini, need); | ||
1281 | |||
1282 | /* enqueue current message and append a ignore message */ | ||
1283 | packet_send(); | ||
1284 | packet_send_ignore(nbytes); | ||
1285 | } | ||
1286 | |||
1287 | void | 1273 | void |
1288 | packet_send_ignore(int nbytes) | 1274 | packet_send_ignore(int nbytes) |
1289 | { | 1275 | { |