1 /* 2 * ProFTPD - mod_sftp traffic analysis protection 3 * Copyright (c) 2008-2016 TJ Saunders 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, write to the Free Software 17 * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA. 18 * 19 * As a special exemption, TJ Saunders and other respective copyright holders 20 * give permission to link this program with OpenSSL, and distribute the 21 * resulting executable, without including the source code for OpenSSL in the 22 * source distribution. 23 */ 24 25 #ifndef MOD_SFTP_TAP_H 26 #define MOD_SFTP_TAP_H 27 28 #include "mod_sftp.h" 29 30 int sftp_tap_have_policy(const char *); 31 32 /* May send an SSH2_MSG_IGNORE packet of random length, filled with random 33 * data to the client, depending on the selected policy. These messages can 34 * be injected into the SSH session in order to make traffic analysis harder. 35 * Returns -1 if there was an error while sending the packet, zero otherwise. 36 */ 37 int sftp_tap_send_packet(void); 38 39 /* Sets the traffic analysis protection (TAP) policy. Returns 0 if the given 40 * policy is acceptable, -1 otherwise. 41 * 42 * The list of policies is: 43 * 44 * "none" - send no SSH2_MSG_IGNORE packets 45 * 46 * "low" - 1 in 1000 chance of sending SSH2_MSG_IGNORE, with lengths of 47 * 64 to 256 bytes of random data. 48 * 49 * "medium" - 1 in 100 chance of sending SSH2_MSG_IGNORE, with lengths of 50 * 32 to 768 bytes of random data. 51 * 52 * "high" - 1 in 10 chance of sending SSH2_MSG_IGNORE, with lengths of 53 * 16 to 2048 bytes of random data. 54 * 55 * "paranoid" - always send SSH2_MSG_IGNORE packets, of lengths up to 8KB. 56 * 57 * Note that there is an additional TAP policy called 'rogaway'. This 58 * policy is automatically used if the negotiated server-to-client cipher 59 * is any of the CBC ciphers. The purpose of the 'rogaway' TAP policy is 60 * to implement the mitigation of the Rogaway CBC mode attack (see RFC4251, 61 * Section 9.3.1) via the use of IGNORE packets. The use of the 'rogaway' 62 * policy is hardcoded, and will override any configured TAP policy. 63 */ 64 int sftp_tap_set_policy(const char *); 65 66 #endif /* MOD_SFTP_TAP_H */ 67