version 1.61.2.2, 2001/11/15 00:15:19 |
version 1.61.2.3, 2001/11/15 22:51:15 |
|
|
/* Session key information for Encryption and MAC */ |
/* Session key information for Encryption and MAC */ |
Newkeys *newkeys[MODE_MAX]; |
Newkeys *newkeys[MODE_MAX]; |
|
|
|
/* roundup current message to extra_pad bytes */ |
|
static u_char extra_pad = 0; |
|
|
/* |
/* |
* Sets the descriptors used for communication. Disables encryption until |
* Sets the descriptors used for communication. Disables encryption until |
* packet_set_encryption_key is called. |
* packet_set_encryption_key is called. |
|
|
{ |
{ |
static u_int32_t seqnr = 0; |
static u_int32_t seqnr = 0; |
u_char type, *ucp, *macbuf = NULL; |
u_char type, *ucp, *macbuf = NULL; |
|
u_char padlen, pad; |
char *cp; |
char *cp; |
u_int packet_length = 0; |
u_int packet_length = 0; |
u_int i, padlen, len; |
u_int i, len; |
u_int32_t rand = 0; |
u_int32_t rand = 0; |
Enc *enc = NULL; |
Enc *enc = NULL; |
Mac *mac = NULL; |
Mac *mac = NULL; |
|
|
padlen = block_size - (len % block_size); |
padlen = block_size - (len % block_size); |
if (padlen < 4) |
if (padlen < 4) |
padlen += block_size; |
padlen += block_size; |
|
if (extra_pad) { |
|
/* will wrap if extra_pad+padlen > 255 */ |
|
extra_pad = roundup(extra_pad, block_size); |
|
pad = extra_pad - ((len + padlen) % extra_pad); |
|
debug("packet_send2: adding %d (len %d padlen %d extra_pad %d)", |
|
pad, len, padlen, extra_pad); |
|
padlen += pad; |
|
extra_pad = 0; |
|
} |
buffer_append_space(&outgoing_packet, &cp, padlen); |
buffer_append_space(&outgoing_packet, &cp, padlen); |
if (enc && enc->cipher->number != SSH_CIPHER_NONE) { |
if (enc && enc->cipher->number != SSH_CIPHER_NONE) { |
/* random padding */ |
/* random padding */ |
|
|
return s; |
return s; |
} |
} |
|
|
|
/* roundup current message to pad bytes */ |
|
void |
|
packet_add_padding(u_char pad) |
|
{ |
|
extra_pad = pad; |
|
} |
|
|
/* |
/* |
* 9.2. Ignored Data Message |
* 9.2. Ignored Data Message |
* |
* |
|
|
* required to send them. This message can be used as an additional |
* required to send them. This message can be used as an additional |
* protection measure against advanced traffic analysis techniques. |
* protection measure against advanced traffic analysis techniques. |
*/ |
*/ |
/* size of current + ignore message should be n*sumlen bytes (w/o mac) */ |
|
void |
|
packet_inject_ignore(int sumlen) |
|
{ |
|
int blocksize, padlen, have, need, nb, mini, nbytes; |
|
Enc *enc = NULL; |
|
|
|
if (compat20 == 0) |
|
return; |
|
|
|
have = buffer_len(&outgoing_packet); |
|
debug2("packet_inject_ignore: current %d", have); |
|
if (newkeys[MODE_OUT] != NULL) |
|
enc = &newkeys[MODE_OUT]->enc; |
|
blocksize = enc ? enc->cipher->block_size : 8; |
|
padlen = blocksize - (have % blocksize); |
|
if (padlen < 4) |
|
padlen += blocksize; |
|
have += padlen; |
|
have /= blocksize; /* # of blocks for current message */ |
|
|
|
nb = roundup(sumlen, blocksize) / blocksize; /* blocks for both */ |
|
mini = roundup(5+1+4+4, blocksize) / blocksize; /* minsize ignore msg */ |
|
need = nb - (have % nb); /* blocks for ignore */ |
|
if (need <= mini) |
|
need += nb; |
|
nbytes = (need - mini) * blocksize; /* size of ignore payload */ |
|
debug2("packet_inject_ignore: block %d have %d nb %d mini %d need %d", |
|
blocksize, have, nb, mini, need); |
|
|
|
/* enqueue current message and append a ignore message */ |
|
packet_send(); |
|
packet_send_ignore(nbytes); |
|
} |
|
|
|
void |
void |
packet_send_ignore(int nbytes) |
packet_send_ignore(int nbytes) |
{ |
{ |