Adding secret management in DSB.

editcap.c

@@ -165,6 +165,7 @@ static const struct {
     guint32     id;
 } secrets_types[] = {
     { "tls",    SECRETS_TYPE_TLS },
+    { "ssh",    SECRETS_TYPE_SSH },
     { "wg",     SECRETS_TYPE_WIREGUARD },
 };
 

epan/dissectors/packet-ssh.c

@@ -56,6 +56,8 @@
 #include <wsutil/curve25519.h>
 #include <wsutil/wslog.h>
 #include <ui/version_info.h>
+#include <epan/secrets.h>
+#include <wiretap/secrets-types.h>
 
 #if defined(HAVE_LIBGNUTLS)
 #include <gnutls/abstract.h>
@@ -445,6 +447,7 @@ static void ssh_set_kex_specific_dissector(struct ssh_flow_data *global_data);
 #ifdef SSH_DECRYPTION_SUPPORTED
 static void ssh_keylog_read_file(void);
 static void ssh_keylog_process_line(const char *line);
+static void ssh_keylog_process_lines(const guint8 *data, guint datalen);
 static void ssh_keylog_reset(void);
 static ssh_bignum *ssh_kex_make_bignum(const guint8 *data, guint length);
 static void ssh_read_e(tvbuff_t *tvb, int offset,
@@ -1563,6 +1566,34 @@ ssh_keylog_read_file(void)
     }
 }
 
+static void
+ssh_keylog_process_lines(const guint8 *data, guint datalen)
+{
+    const char *next_line = (const char *)data;
+    const char *line_end = next_line + datalen;
+    while (next_line && next_line < line_end) {
+        const char *line = next_line;
+        next_line = (const char *)memchr(line, '\n', line_end - line);
+        gssize linelen;
+
+        if (next_line) {
+            linelen = next_line - line;
+            next_line++;    /* drop LF */
+        } else {
+            linelen = (gssize)(line_end - line);
+        }
+        if (linelen > 0 && line[linelen - 1] == '\r') {
+            linelen--;      /* drop CR */
+        }
+
+        ssh_debug_printf("  checking keylog line: %.*s\n", (int)linelen, line);
+
+        gchar * strippedline = g_strndup(line, linelen);
+        ssh_keylog_process_line(strippedline);
+        g_free(strippedline);
+    }
+}
+
 static void
 ssh_keylog_process_line(const char *line)
 {
@@ -1645,10 +1676,12 @@ ssh_keylog_reset(void)
 }
 
 static guint
-ssh_kex_type(char *type)
+ssh_kex_type(gchar *type)
 {
-    if (type && g_str_has_prefix(type, "curve25519")) {
-        return SSH_KEX_CURVE25519;
+    if (type) {
+        if (g_str_has_prefix(type, "curve25519")) {
+            return SSH_KEX_CURVE25519;
+        }
     }
 
     return 0;
@@ -1999,6 +2032,12 @@ ssh_print_data(const gchar* name, const guchar* data, size_t len)
 
 #endif /* SSH_DECRYPT_DEBUG }}} */
 
+static void
+ssh_secrets_block_callback(const void *secrets, guint size)
+{
+    ssh_keylog_process_lines((const guint8 *)secrets, size);
+}
+
 /* Functions for SSH random hashtables. {{{ */
 static gint
 ssh_equal (gconstpointer v, gconstpointer v2)
@@ -2442,6 +2481,7 @@ proto_register_ssh(void)
         "or use \"" SSH_DEBUG_USE_STDERR "\" to redirect output to stderr.",
         &ssh_debug_file_name, TRUE);
 
+    secrets_register_type(SECRETS_TYPE_SSH, ssh_secrets_block_callback);
 #endif
 
     ssh_handle = register_dissector("ssh", dissect_ssh, proto_ssh);

wiretap/secrets-types.h

@@ -16,6 +16,7 @@
  * Type describing the format of the opaque secrets value in a pcapng DSB.
  */
 #define SECRETS_TYPE_TLS            0x544c534b /* TLS Key Log */
+#define SECRETS_TYPE_SSH            0x5353484b /* SSH Key Log */
 #define SECRETS_TYPE_WIREGUARD      0x57474b4c /* WireGuard Key Log */
 #define SECRETS_TYPE_ZIGBEE_NWK_KEY 0x5a4e574b /* Zigbee NWK Key */
 #define SECRETS_TYPE_ZIGBEE_APS_KEY 0x5a415053 /* Zigbee APS Key */