diff options
Diffstat (limited to 'packet.c')
-rw-r--r-- | packet.c | 56 |
1 files changed, 55 insertions, 1 deletions
@@ -37,7 +37,7 @@ | |||
37 | */ | 37 | */ |
38 | 38 | ||
39 | #include "includes.h" | 39 | #include "includes.h" |
40 | RCSID("$OpenBSD: packet.c,v 1.52 2001/02/27 10:35:27 markus Exp $"); | 40 | RCSID("$OpenBSD: packet.c,v 1.53 2001/02/28 09:57:06 markus Exp $"); |
41 | 41 | ||
42 | #include "xmalloc.h" | 42 | #include "xmalloc.h" |
43 | #include "buffer.h" | 43 | #include "buffer.h" |
@@ -1305,3 +1305,57 @@ packet_set_maxsize(int s) | |||
1305 | max_packet_size = s; | 1305 | max_packet_size = s; |
1306 | return s; | 1306 | return s; |
1307 | } | 1307 | } |
1308 | |||
1309 | /* | ||
1310 | * 9.2. Ignored Data Message | ||
1311 | * | ||
1312 | * byte SSH_MSG_IGNORE | ||
1313 | * string data | ||
1314 | * | ||
1315 | * All implementations MUST understand (and ignore) this message at any | ||
1316 | * time (after receiving the protocol version). No implementation is | ||
1317 | * required to send them. This message can be used as an additional | ||
1318 | * protection measure against advanced traffic analysis techniques. | ||
1319 | */ | ||
1320 | /* size of current + ignore message should be n*sumlen bytes (w/o mac) */ | ||
1321 | void | ||
1322 | packet_inject_ignore(int sumlen) | ||
1323 | { | ||
1324 | u_int32_t rand = 0; | ||
1325 | int i, blocksize, padlen, have, need, nb, mini, nbytes; | ||
1326 | Enc *enc = NULL; | ||
1327 | |||
1328 | if (use_ssh2_packet_format == 0) | ||
1329 | return; | ||
1330 | |||
1331 | have = buffer_len(&outgoing_packet); | ||
1332 | debug2("packet_inject_ignore: current %d", have); | ||
1333 | if (kex != NULL) | ||
1334 | enc = &kex->enc[MODE_OUT]; | ||
1335 | blocksize = enc ? enc->cipher->block_size : 8; | ||
1336 | padlen = blocksize - (have % blocksize); | ||
1337 | if (padlen < 4) | ||
1338 | padlen += blocksize; | ||
1339 | have += padlen; | ||
1340 | have /= blocksize; /* # of blocks for current message */ | ||
1341 | |||
1342 | nb = roundup(sumlen, blocksize) / blocksize; /* blocks for both */ | ||
1343 | mini = roundup(5+1+4+4, blocksize) / blocksize; /* minsize ignore msg */ | ||
1344 | need = nb - (have % nb); /* blocks for ignore */ | ||
1345 | if (need <= mini) | ||
1346 | need += nb; | ||
1347 | nbytes = (need - mini) * blocksize; /* size of ignore payload */ | ||
1348 | debug2("packet_inject_ignore: block %d have %d nb %d mini %d need %d", | ||
1349 | blocksize, have, nb, mini, need); | ||
1350 | |||
1351 | /* enqueue current message and append a ignore message */ | ||
1352 | packet_send(); | ||
1353 | packet_start(SSH2_MSG_IGNORE); | ||
1354 | packet_put_int(nbytes); | ||
1355 | for(i = 0; i < nbytes; i++) { | ||
1356 | if (i % 4 == 0) | ||
1357 | rand = arc4random(); | ||
1358 | packet_put_char(rand & 0xff); | ||
1359 | rand >>= 8; | ||
1360 | } | ||
1361 | } | ||