in ssh protocol v2 use ignore messages for padding (instead of trailing \0).

3 files changed, 64 insertions, 5 deletions

diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c
index f74b79e4774..c47f950a3be 100644
--- a/usr.bin/ssh/packet.c
+++ b/usr.bin/ssh/packet.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.52 2001/02/27 10:35:27 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.53 2001/02/28 09:57:06 markus Exp $");
 
 #include "xmalloc.h"
 #include "buffer.h"
@@ -1299,3 +1299,57 @@ packet_set_maxsize(int s)
 	max_packet_size = s;
 	return s;
 }
+
+/*
+ * 9.2.  Ignored Data Message
+ * 
+ *   byte      SSH_MSG_IGNORE
+ *   string    data
+ * 
+ * All implementations MUST understand (and ignore) this message at any
+ * time (after receiving the protocol version). No implementation is
+ * required to send them. This message can be used as an additional
+ * protection measure against advanced traffic analysis techniques.
+ */
+/* size of current + ignore message should be n*sumlen bytes (w/o mac) */
+void
+packet_inject_ignore(int sumlen)
+{
+	u_int32_t rand = 0;
+	int i, blocksize, padlen, have, need, nb, mini, nbytes;
+	Enc *enc = NULL;
+
+	if (use_ssh2_packet_format == 0)
+		return;
+
+	have = buffer_len(&outgoing_packet);
+	debug2("packet_inject_ignore: current %d", have);
+	if (kex != NULL)
+	enc  = &kex->enc[MODE_OUT];
+	blocksize = enc ? enc->cipher->block_size : 8;
+	padlen = blocksize - (have % blocksize);
+	if (padlen < 4)
+		padlen += blocksize;
+	have += padlen;
+	have /= blocksize;	/* # of blocks for current message */
+
+	nb   = roundup(sumlen,  blocksize) / blocksize;	/* blocks for both */
+	mini = roundup(5+1+4+4, blocksize) / blocksize; /* minsize ignore msg */
+	need = nb - (have % nb);			/* blocks for ignore */
+	if (need <= mini)
+		need += nb;
+	nbytes = (need - mini) * blocksize;	/* size of ignore payload */
+	debug2("packet_inject_ignore: block %d have %d nb %d mini %d need %d",
+	    blocksize, have, nb, mini, need);
+
+	/* enqueue current message and append a ignore message */
+	packet_send();
+	packet_start(SSH2_MSG_IGNORE);
+	packet_put_int(nbytes);
+	for(i = 0; i < nbytes; i++) {
+		if (i % 4 == 0)
+			rand = arc4random();
+		packet_put_char(rand & 0xff);
+		rand >>= 8;
+	}
+}
diff --git a/usr.bin/ssh/packet.h b/usr.bin/ssh/packet.h
index 00f0c377822..059bb27a0fb 100644
--- a/usr.bin/ssh/packet.h
+++ b/usr.bin/ssh/packet.h
@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/* RCSID("$OpenBSD: packet.h,v 1.19 2001/01/13 18:32:50 markus Exp $"); */
+/* RCSID("$OpenBSD: packet.h,v 1.20 2001/02/28 09:57:07 markus Exp $"); */
 
 #ifndef PACKET_H
 #define PACKET_H
@@ -214,4 +214,7 @@ void	packet_set_ssh2_format(void);
 /* returns remaining payload bytes */
 int	packet_remaining(void);
 
+/* append an ignore message */
+void	packet_inject_ignore(int sumlen);
+
 #endif				/* PACKET_H */
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index 12335e80eef..8b523232f0c 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.48 2001/02/15 23:19:59 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.49 2001/02/28 09:57:07 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -658,9 +658,10 @@ userauth_passwd(Authctxt *authctxt)
 	packet_put_cstring(authctxt->service);
 	packet_put_cstring(authctxt->method->name);
 	packet_put_char(0);
-	ssh_put_password(password);
+	packet_put_cstring(password);
 	memset(password, 0, strlen(password));
 	xfree(password);
+	packet_inject_ignore(64);
 	packet_send();
 	packet_write_wait();
 	return 1;
@@ -928,13 +929,14 @@ input_userauth_info_req(int type, int plen, void *ctxt)
 
 		response = cli_prompt(prompt, echo);
 
-		ssh_put_password(response);
+		packet_put_cstring(response);
 		memset(response, 0, strlen(response));
 		xfree(response);
 		xfree(prompt);
 	}
 	packet_done(); /* done with parsing incoming message. */
 
+	packet_inject_ignore(64);
 	packet_send();
 	packet_write_wait();
 }