Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 5699c5f9acb09d8e210856c3dd3cdeb4078d41a4^! / . / packet.c
commit5699c5f9acb09d8e210856c3dd3cdeb4078d41a4[log] [tgz]
authorBen Lindstrom <mouring@eviladmin.org>Mon Mar 05 06:17:49 2001 +0000
committerBen Lindstrom <mouring@eviladmin.org>Mon Mar 05 06:17:49 2001 +0000
treed865640d602faefb7f1b8e26648d1938c2caa224
parent7fbd455c780e96065dc2bd8d96d21f0c017c0f99 [diff] [blame]
   - markus@cvs.openbsd.org 2001/02/28 09:57:07
     [packet.c packet.h sshconnect2.c]
     in ssh protocol v2 use ignore messages for padding (instead of
     trailing \0).

diff --git a/packet.c b/packet.c
index 02f8ab1..26abf0e 100644
--- a/packet.c
+++ b/packet.c

@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.52 2001/02/27 10:35:27 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.53 2001/02/28 09:57:06 markus Exp $");
 
 #include "xmalloc.h"
 #include "buffer.h"
@@ -1305,3 +1305,57 @@
 	max_packet_size = s;
 	return s;
 }
+
+/*
+ * 9.2.  Ignored Data Message
+ * 
+ *   byte      SSH_MSG_IGNORE
+ *   string    data
+ * 
+ * All implementations MUST understand (and ignore) this message at any
+ * time (after receiving the protocol version). No implementation is
+ * required to send them. This message can be used as an additional
+ * protection measure against advanced traffic analysis techniques.
+ */
+/* size of current + ignore message should be n*sumlen bytes (w/o mac) */
+void
+packet_inject_ignore(int sumlen)
+{
+	u_int32_t rand = 0;
+	int i, blocksize, padlen, have, need, nb, mini, nbytes;
+	Enc *enc = NULL;
+
+	if (use_ssh2_packet_format == 0)
+		return;
+
+	have = buffer_len(&outgoing_packet);
+	debug2("packet_inject_ignore: current %d", have);
+	if (kex != NULL)
+	enc  = &kex->enc[MODE_OUT];
+	blocksize = enc ? enc->cipher->block_size : 8;
+	padlen = blocksize - (have % blocksize);
+	if (padlen < 4)
+		padlen += blocksize;
+	have += padlen;
+	have /= blocksize;	/* # of blocks for current message */
+
+	nb   = roundup(sumlen,  blocksize) / blocksize;	/* blocks for both */
+	mini = roundup(5+1+4+4, blocksize) / blocksize; /* minsize ignore msg */
+	need = nb - (have % nb);			/* blocks for ignore */
+	if (need <= mini)
+		need += nb;
+	nbytes = (need - mini) * blocksize;	/* size of ignore payload */
+	debug2("packet_inject_ignore: block %d have %d nb %d mini %d need %d",
+	    blocksize, have, nb, mini, need);
+
+	/* enqueue current message and append a ignore message */
+	packet_send();
+	packet_start(SSH2_MSG_IGNORE);
+	packet_put_int(nbytes);
+	for(i = 0; i < nbytes; i++) {
+		if (i % 4 == 0)
+			rand = arc4random();
+		packet_put_char(rand & 0xff);
+		rand >>= 8;
+	}
+}