1 /*
2  * ProFTPD - mod_sftp traffic analysis protection
3  * Copyright (c) 2008-2016 TJ Saunders
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 2 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA.
18  *
19  * As a special exemption, TJ Saunders and other respective copyright holders
20  * give permission to link this program with OpenSSL, and distribute the
21  * resulting executable, without including the source code for OpenSSL in the
22  * source distribution.
23  */
24 
25 #ifndef MOD_SFTP_TAP_H
26 #define MOD_SFTP_TAP_H
27 
28 #include "mod_sftp.h"
29 
30 int sftp_tap_have_policy(const char *);
31 
32 /* May send an SSH2_MSG_IGNORE packet of random length, filled with random
33  * data to the client, depending on the selected policy.  These messages can
34  * be injected into the SSH session in order to make traffic analysis harder.
35  * Returns -1 if there was an error while sending the packet, zero otherwise.
36  */
37 int sftp_tap_send_packet(void);
38 
39 /* Sets the traffic analysis protection (TAP) policy.  Returns 0 if the given
40  * policy is acceptable, -1 otherwise.
41  *
42  * The list of policies is:
43  *
44  *  "none" - send no SSH2_MSG_IGNORE packets
45  *
46  *  "low" - 1 in 1000 chance of sending SSH2_MSG_IGNORE, with lengths of
47  *          64 to 256 bytes of random data.
48  *
49  *  "medium" - 1 in 100 chance of sending SSH2_MSG_IGNORE, with lengths of
50  *             32 to 768 bytes of random data.
51  *
52  *  "high" - 1 in 10 chance of sending SSH2_MSG_IGNORE, with lengths of
53  *           16 to 2048 bytes of random data.
54  *
55  *  "paranoid" - always send SSH2_MSG_IGNORE packets, of lengths up to 8KB.
56  *
57  * Note that there is an additional TAP policy called 'rogaway'.  This
58  * policy is automatically used if the negotiated server-to-client cipher
59  * is any of the CBC ciphers.  The purpose of the 'rogaway' TAP policy is
60  * to implement the mitigation of the Rogaway CBC mode attack (see RFC4251,
61  * Section 9.3.1) via the use of IGNORE packets.  The use of the 'rogaway'
62  * policy is hardcoded, and will override any configured TAP policy.
63  */
64 int sftp_tap_set_policy(const char *);
65 
66 #endif /* MOD_SFTP_TAP_H */
67