1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 09:58:01 +00:00

SSH-1 BPP: pass the IV to detect_attack.

In the course of writing the tests for detect_attack, I noticed that
it had a parameter where you can pass in the last cipher block of the
previous packet (or the CBC IV, of course, if there was no previous
packet), so that it can detect a pattern of repeated cipher blocks
even if one of them is just outside the current packet.

But the actual use of the attack detector in ssh1bpp wasn't using that
parameter. Now it is!
This commit is contained in:
Simon Tatham 2019-01-16 06:35:31 +00:00
parent 8611e2f035
commit 8d88cd21ef

View File

@ -20,6 +20,7 @@ struct ssh1_bpp_state {
ssh1_cipher *cipher; ssh1_cipher *cipher;
struct crcda_ctx *crcda_ctx; struct crcda_ctx *crcda_ctx;
uint8_t iv[8]; /* for crcda */
bool pending_compression_request; bool pending_compression_request;
ssh_compressor *compctx; ssh_compressor *compctx;
@ -86,6 +87,8 @@ void ssh1_bpp_new_cipher(BinaryPacketProtocol *bpp,
s->crcda_ctx = crcda_make_context(); s->crcda_ctx = crcda_make_context();
bpp_logevent("Initialised %s encryption", cipher->text_name); bpp_logevent("Initialised %s encryption", cipher->text_name);
memset(s->iv, 0, sizeof(s->iv));
} }
} }
@ -155,11 +158,15 @@ static void ssh1_bpp_handle_input(BinaryPacketProtocol *bpp)
BPP_READ(s->data, s->biglen); BPP_READ(s->data, s->biglen);
if (s->cipher && detect_attack(s->crcda_ctx, if (s->cipher && detect_attack(s->crcda_ctx,
s->data, s->biglen, NULL)) { s->data, s->biglen, s->iv)) {
ssh_sw_abort(s->bpp.ssh, ssh_sw_abort(s->bpp.ssh,
"Network attack (CRC compensation) detected!"); "Network attack (CRC compensation) detected!");
crStopV; crStopV;
} }
/* Save the last cipher block, to be passed to the next call
* to detect_attack */
assert(s->biglen >= 8);
memcpy(s->iv, s->data + s->biglen - 8, sizeof(s->iv));
if (s->cipher) if (s->cipher)
ssh1_cipher_decrypt(s->cipher, s->data, s->biglen); ssh1_cipher_decrypt(s->cipher, s->data, s->biglen);