]>
Commit | Line | Data |
---|---|---|
51e7a012 | 1 | /* $OpenBSD: deattack.c,v 1.27 2006/03/30 09:58:15 djm Exp $ */ |
8efc0c15 | 2 | /* |
8efc0c15 | 3 | * Cryptographic attack detector for ssh - source code |
4 | * | |
5 | * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina. | |
6 | * | |
7 | * All rights reserved. Redistribution and use in source and binary | |
8 | * forms, with or without modification, are permitted provided that | |
9 | * this copyright notice is retained. | |
10 | * | |
11 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED | |
12 | * WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI S.A. BE | |
13 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR | |
14 | * CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF THIS | |
15 | * SOFTWARE. | |
16 | * | |
17 | * Ariel Futoransky <futo@core-sdi.com> | |
5260325f | 18 | * <http://www.core-sdi.com> |
19 | */ | |
8efc0c15 | 20 | |
21 | #include "includes.h" | |
93c3b6de | 22 | |
8efc0c15 | 23 | #include "deattack.h" |
42f11eb2 | 24 | #include "log.h" |
8efc0c15 | 25 | #include "crc32.h" |
8efc0c15 | 26 | #include "xmalloc.h" |
51e7a012 | 27 | #include "misc.h" |
8efc0c15 | 28 | |
29 | /* SSH Constants */ | |
5260325f | 30 | #define SSH_MAXBLOCKS (32 * 1024) |
31 | #define SSH_BLOCKSIZE (8) | |
8efc0c15 | 32 | |
33 | /* Hashing constants */ | |
5260325f | 34 | #define HASH_MINSIZE (8 * 1024) |
35 | #define HASH_ENTRYSIZE (2) | |
36 | #define HASH_FACTOR(x) ((x)*3/2) | |
37 | #define HASH_UNUSEDCHAR (0xff) | |
38 | #define HASH_UNUSED (0xffff) | |
184eed6a | 39 | #define HASH_IV (0xfffe) |
8efc0c15 | 40 | |
5260325f | 41 | #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE) |
8efc0c15 | 42 | |
43 | ||
44 | /* Hash function (Input keys are cipher results) */ | |
51e7a012 | 45 | #define HASH(x) get_u32(x) |
8efc0c15 | 46 | |
12bf85ed | 47 | #define CMP(a, b) (memcmp(a, b, SSH_BLOCKSIZE)) |
8efc0c15 | 48 | |
396c147e | 49 | static void |
5260325f | 50 | crc_update(u_int32_t *a, u_int32_t b) |
8efc0c15 | 51 | { |
5260325f | 52 | b ^= *a; |
69753336 | 53 | *a = ssh_crc32((u_char *)&b, sizeof(b)); |
8efc0c15 | 54 | } |
55 | ||
5260325f | 56 | /* detect if a block is used in a particular pattern */ |
396c147e | 57 | static int |
69753336 | 58 | check_crc(u_char *S, u_char *buf, u_int32_t len) |
8efc0c15 | 59 | { |
5260325f | 60 | u_int32_t crc; |
1e3b8b07 | 61 | u_char *c; |
5260325f | 62 | |
63 | crc = 0; | |
5260325f | 64 | for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) { |
65 | if (!CMP(S, c)) { | |
66 | crc_update(&crc, 1); | |
67 | crc_update(&crc, 0); | |
68 | } else { | |
69 | crc_update(&crc, 0); | |
70 | crc_update(&crc, 0); | |
71 | } | |
72 | } | |
73 | return (crc == 0); | |
8efc0c15 | 74 | } |
75 | ||
76 | ||
5260325f | 77 | /* Detect a crc32 compensation attack on a packet */ |
8efc0c15 | 78 | int |
69753336 | 79 | detect_attack(u_char *buf, u_int32_t len) |
8efc0c15 | 80 | { |
5260325f | 81 | static u_int16_t *h = (u_int16_t *) NULL; |
b850ecd9 | 82 | static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE; |
44c2ab73 | 83 | u_int32_t i, j; |
5260325f | 84 | u_int32_t l; |
44c2ab73 | 85 | u_char *c; |
1e3b8b07 | 86 | u_char *d; |
5260325f | 87 | |
88 | if (len > (SSH_MAXBLOCKS * SSH_BLOCKSIZE) || | |
89 | len % SSH_BLOCKSIZE != 0) { | |
90 | fatal("detect_attack: bad length %d", len); | |
91 | } | |
92 | for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) | |
93 | ; | |
94 | ||
95 | if (h == NULL) { | |
96 | debug("Installing crc compensation attack detector."); | |
52e3daed | 97 | h = (u_int16_t *) xcalloc(l, HASH_ENTRYSIZE); |
5260325f | 98 | n = l; |
5260325f | 99 | } else { |
100 | if (l > n) { | |
c5d10563 | 101 | h = (u_int16_t *)xrealloc(h, l, HASH_ENTRYSIZE); |
5260325f | 102 | n = l; |
5260325f | 103 | } |
104 | } | |
105 | ||
106 | if (len <= HASH_MINBLOCKS) { | |
107 | for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) { | |
5260325f | 108 | for (d = buf; d < c; d += SSH_BLOCKSIZE) { |
109 | if (!CMP(c, d)) { | |
69753336 | 110 | if ((check_crc(c, buf, len))) |
5260325f | 111 | return (DEATTACK_DETECTED); |
112 | else | |
113 | break; | |
114 | } | |
115 | } | |
116 | } | |
117 | return (DEATTACK_OK); | |
8efc0c15 | 118 | } |
5260325f | 119 | memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE); |
120 | ||
5260325f | 121 | for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) { |
122 | for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; | |
184eed6a | 123 | i = (i + 1) & (n - 1)) { |
69753336 | 124 | if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) { |
125 | if (check_crc(c, buf, len)) | |
5260325f | 126 | return (DEATTACK_DETECTED); |
127 | else | |
128 | break; | |
129 | } | |
130 | } | |
131 | h[i] = j; | |
8efc0c15 | 132 | } |
5260325f | 133 | return (DEATTACK_OK); |
8efc0c15 | 134 | } |