izackp/mosh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Kill the session after encrypting 2^47 blocks

Browse Source 
"Both the privacy and the authenticity properties of OCB degrade as
 per s^2 / 2^128, where s is the total number of blocks that the
 adversary acquires.... In order to ensure that s^2 / 2^128 remains
 small, a given key should be used to encrypt at most 2^48 blocks (2^55
 bits or 4 petabytes)"

-- http://tools.ietf.org/html/draft-krovetz-ocb-03

We deem it unlikely that a legitimate user will send 4 PB through a Mosh
session.  If it happens, we simply kill the session.  The server and
client use the same key, so we actually need to die after 2^47 blocks.

Closes #77.
This commit is contained in:
Keegan McAllister
2012-03-24 20:42:53 -04:00
parent ba6387f36c
commit b4ef664bc0
2 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/crypto/crypto.cc
+25 -1
View File
@@ -131,7 +131,7 @@ string Base64Key::printable_key( void ) const
} }
Session::Session( Base64Key s_key ) Session::Session( Base64Key s_key )
: key( s_key ), ctx( NULL ) : key( s_key ), ctx( NULL ), blocks_encrypted( 0 )
{ {
ctx = ae_allocate( NULL ); ctx = ae_allocate( NULL );
if ( ctx == NULL ) { if ( ctx == NULL ) {
@@ -216,6 +216,30 @@ string Session::encrypt( Message plaintext )
throw CryptoException( "ae_encrypt() returned error." ); throw CryptoException( "ae_encrypt() returned error." );
} }
blocks_encrypted += pt_len >> 4;
if ( pt_len & 0xF ) {
/* partial block */
blocks_encrypted++;
}
/* "Both the privacy and the authenticity properties of OCB degrade as
per s^2 / 2^128, where s is the total number of blocks that the
adversary acquires.... In order to ensure that s^2 / 2^128 remains
small, a given key should be used to encrypt at most 2^48 blocks (2^55
bits or 4 petabytes)"
-- http://tools.ietf.org/html/draft-krovetz-ocb-03
We deem it unlikely that a legitimate user will send 4 PB through a Mosh
session. If it happens, we simply kill the session. The server and
client use the same key, so we actually need to die after 2^47 blocks.
*/
if ( blocks_encrypted >> 47 ) {
free( pt );
free( ciphertext );
throw CryptoException( "Encrypted 2^47 blocks.", true );
}
string text( (char *)ciphertext, ciphertext_len ); string text( (char *)ciphertext, ciphertext_len );
free( pt ); free( pt );
free( ciphertext ); free( ciphertext );
src/crypto/crypto.h
+1
View File
@@ -75,6 +75,7 @@ namespace Crypto {
private: private:
Base64Key key; Base64Key key;
ae_ctx *ctx; ae_ctx *ctx;
uint64_t blocks_encrypted;
public: public:
Session( Base64Key s_key ); Session( Base64Key s_key );