osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
wireshark/epan/dissectors/packet-ssh.c

4825 lines
206 KiB
C
Raw Blame History

/* packet-ssh.c
* Routines for ssh packet dissection
*
* Huagang XIE <huagang@intruvert.com>
* Kees Cook <kees@outflux.net>
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* Copied from packet-mysql.c
*
* SPDX-License-Identifier: GPL-2.0-or-later
*
*
* Note: support SSH v1 and v2 now.
*
*/
/* SSH version 2 is defined in:
*
* RFC 4250: The Secure Shell (SSH) Protocol Assigned Numbers
* RFC 4251: The Secure Shell (SSH) Protocol Architecture
* RFC 4252: The Secure Shell (SSH) Authentication Protocol
* RFC 4253: The Secure Shell (SSH) Transport Layer Protocol
* RFC 4254: The Secure Shell (SSH) Connection Protocol
*
* SSH versions under 2 were never officially standardized.
*
* Diffie-Hellman Group Exchange is defined in:
*
* RFC 4419: Diffie-Hellman Group Exchange for
* the Secure Shell (SSH) Transport Layer Protocol
*/
/* "SSH" prefixes are for version 2, whereas "SSH1" is for version 1 */
#include "config.h"
/* Start with WIRESHARK_LOG_DOMAINS=packet-ssh and WIRESHARK_LOG_LEVEL=debug to see messages. */
#define WS_LOG_DOMAIN "packet-ssh"
// Define this to get hex dumps more similar to what you get in openssh. If not defined, dumps look more like what you get with other dissectors.
#define OPENSSH_STYLE
#include <errno.h>
#include <epan/packet.h>
#include <epan/exceptions.h>
#include <epan/sctpppids.h>
#include <epan/prefs.h>
#include <epan/expert.h>
#include <epan/proto_data.h>
#include <wsutil/strtoi.h>
#include <wsutil/to_str.h>
#include <wsutil/file_util.h>
#include <wsutil/filesystem.h>
#include <wsutil/wsgcrypt.h>
#include <wsutil/curve25519.h>
#include <wsutil/pint.h>
#include <wsutil/wslog.h>
#include <epan/secrets.h>
#include <wiretap/secrets-types.h>
#if defined(HAVE_LIBGNUTLS)
#include <gnutls/abstract.h>
#endif
#include "packet-tcp.h"
void proto_register_ssh(void);
void proto_reg_handoff_ssh(void);
/* SSH Version 1 definition , from openssh ssh1.h */
#define SSH1_MSG_NONE 0 /* no message */
#define SSH1_MSG_DISCONNECT 1 /* cause (string) */
#define SSH1_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */
#define SSH1_CMSG_SESSION_KEY 3 /* key (BIGNUM) */
#define SSH1_CMSG_USER 4 /* user (string) */
#define SSH_VERSION_UNKNOWN 0
#define SSH_VERSION_1 1
#define SSH_VERSION_2 2
/* proto data */
typedef struct {
guint8 *data;
guint length;
} ssh_bignum;
#define SSH_KEX_CURVE25519 0x00010000
#define SSH_KEX_DH_GEX 0x00020000
#define SSH_KEX_DH_GROUP1 0x00030001
#define SSH_KEX_DH_GROUP14 0x00030014
#define SSH_KEX_DH_GROUP16 0x00030016
#define SSH_KEX_DH_GROUP18 0x00030018
#define SSH_KEX_HASH_SHA1 1
#define SSH_KEX_HASH_SHA256 2
#define SSH_KEX_HASH_SHA512 4
#define DIGEST_MAX_SIZE 48
typedef struct _ssh_message_info_t {
guint32 sequence_number;
guint32 offset;
guchar *plain_data; /**< Decrypted data. */
guint data_len; /**< Length of decrypted data. */
gint id; /**< Identifies the exact message within a frame
(there can be multiple records in a frame). */
struct _ssh_message_info_t* next;
guint8 calc_mac[DIGEST_MAX_SIZE];
} ssh_message_info_t;
typedef struct {
gboolean from_server;
ssh_message_info_t * messages;
} ssh_packet_info_t;
typedef struct _ssh_channel_info_t {
guint client_channel_number;
guint server_channel_number;
dissector_handle_t subdissector_handle;
struct _ssh_channel_info_t* next;
} ssh_channel_info_t;
struct ssh_peer_data {
guint counter;
guint32 frame_version_start;
guint32 frame_version_end;
guint32 frame_key_start;
guint32 frame_key_end;
int frame_key_end_offset;
gchar* kex_proposal;
/* For all subsequent proposals,
[0] is client-to-server and [1] is server-to-client. */
#define CLIENT_TO_SERVER_PROPOSAL 0
#define SERVER_TO_CLIENT_PROPOSAL 1
gchar* mac_proposals[2];
gchar* mac;
gint mac_length;
gchar* enc_proposals[2];
gchar* enc;
gchar* comp_proposals[2];
gchar* comp;
gint length_is_plaintext;
// see libgcrypt source, gcrypt.h:gcry_cipher_algos
guint cipher_id;
guint mac_id;
// chacha20 needs two cipher handles
gcry_cipher_hd_t cipher, cipher_2;
guint sequence_number;
guint32 seq_num_kex_init;
// union ??? -- begin
guint32 seq_num_gex_req;
guint32 seq_num_gex_grp;
guint32 seq_num_gex_ini;
guint32 seq_num_gex_rep;
// --
guint32 seq_num_ecdh_ini;
guint32 seq_num_ecdh_rep;
// --
guint32 seq_num_dh_ini;
guint32 seq_num_dh_rep;
// union ??? -- end
guint32 seq_num_new_key;
ssh_bignum *bn_cookie;
guint8 iv[12];
guint8 hmac_iv[DIGEST_MAX_SIZE];
guint hmac_iv_len;
struct ssh_flow_data * global_data;
};
struct ssh_flow_data {
guint version;
gchar* kex;
int (*kex_specific_dissector)(guint8 msg_code, tvbuff_t *tvb,
packet_info *pinfo, int offset, proto_tree *tree,
struct ssh_flow_data *global_data, guint *seq_num);
/* [0] is client's, [1] is server's */
#define CLIENT_PEER_DATA 0
#define SERVER_PEER_DATA 1
struct ssh_peer_data peer_data[2];
gchar *session_id;
guint session_id_length;
ssh_bignum *kex_e;
ssh_bignum *kex_f;
ssh_bignum *kex_gex_p; // Group modulo
ssh_bignum *kex_gex_g; // Group generator
ssh_bignum *secret;
wmem_array_t *kex_client_version;
wmem_array_t *kex_server_version;
wmem_array_t *kex_client_key_exchange_init;
wmem_array_t *kex_server_key_exchange_init;
wmem_array_t *kex_server_host_key_blob;
wmem_array_t *kex_gex_bits_min;
wmem_array_t *kex_gex_bits_req;
wmem_array_t *kex_gex_bits_max;
wmem_array_t *kex_shared_secret;
gboolean do_decrypt;
ssh_bignum new_keys[6];
ssh_channel_info_t *channel_info;
};
static GHashTable * ssh_master_key_map = NULL;
static int proto_ssh = -1;
/* Version exchange */
static int hf_ssh_protocol = -1;
/* Framing */
static int hf_ssh_packet_length = -1;
static int hf_ssh_packet_length_encrypted = -1;
static int hf_ssh_padding_length = -1;
static int hf_ssh_payload = -1;
static int hf_ssh_encrypted_packet = -1;
static int hf_ssh_padding_string = -1;
static int hf_ssh_mac_string = -1;
static int hf_ssh_mac_status = -1;
static int hf_ssh_seq_num = -1;
static int hf_ssh_direction = -1;
/* Message codes */
static int hf_ssh_msg_code = -1;
static int hf_ssh2_msg_code = -1;
static int hf_ssh2_kex_dh_msg_code = -1;
static int hf_ssh2_kex_dh_gex_msg_code = -1;
static int hf_ssh2_kex_ecdh_msg_code = -1;
/* Algorithm negotiation */
static int hf_ssh_cookie = -1;
static int hf_ssh_kex_algorithms = -1;
static int hf_ssh_server_host_key_algorithms = -1;
static int hf_ssh_encryption_algorithms_client_to_server = -1;
static int hf_ssh_encryption_algorithms_server_to_client = -1;
static int hf_ssh_mac_algorithms_client_to_server = -1;
static int hf_ssh_mac_algorithms_server_to_client = -1;
static int hf_ssh_compression_algorithms_client_to_server = -1;
static int hf_ssh_compression_algorithms_server_to_client = -1;
static int hf_ssh_languages_client_to_server = -1;
static int hf_ssh_languages_server_to_client = -1;
static int hf_ssh_kex_algorithms_length = -1;
static int hf_ssh_server_host_key_algorithms_length = -1;
static int hf_ssh_encryption_algorithms_client_to_server_length = -1;
static int hf_ssh_encryption_algorithms_server_to_client_length = -1;
static int hf_ssh_mac_algorithms_client_to_server_length = -1;
static int hf_ssh_mac_algorithms_server_to_client_length = -1;
static int hf_ssh_compression_algorithms_client_to_server_length = -1;
static int hf_ssh_compression_algorithms_server_to_client_length = -1;
static int hf_ssh_languages_client_to_server_length = -1;
static int hf_ssh_languages_server_to_client_length = -1;
static int hf_ssh_first_kex_packet_follows = -1;
static int hf_ssh_kex_reserved = -1;
static int hf_ssh_kex_hassh_algo = -1;
static int hf_ssh_kex_hassh = -1;
static int hf_ssh_kex_hasshserver_algo = -1;
static int hf_ssh_kex_hasshserver = -1;
/* Key exchange common elements */
static int hf_ssh_hostkey_length = -1;
static int hf_ssh_hostkey_type_length = -1;
static int hf_ssh_hostkey_type = -1;
static int hf_ssh_hostkey_data = -1;
static int hf_ssh_hostkey_rsa_n = -1;
static int hf_ssh_hostkey_rsa_e = -1;
static int hf_ssh_hostkey_dsa_p = -1;
static int hf_ssh_hostkey_dsa_q = -1;
static int hf_ssh_hostkey_dsa_g = -1;
static int hf_ssh_hostkey_dsa_y = -1;
static int hf_ssh_hostkey_ecdsa_curve_id = -1;
static int hf_ssh_hostkey_ecdsa_curve_id_length = -1;
static int hf_ssh_hostkey_ecdsa_q = -1;
static int hf_ssh_hostkey_ecdsa_q_length = -1;
static int hf_ssh_hostkey_eddsa_key = -1;
static int hf_ssh_hostkey_eddsa_key_length = -1;
static int hf_ssh_hostsig_length = -1;
static int hf_ssh_hostsig_type_length = -1;
static int hf_ssh_hostsig_type = -1;
static int hf_ssh_hostsig_rsa = -1;
static int hf_ssh_hostsig_dsa = -1;
static int hf_ssh_hostsig_data = -1;
/* Key exchange: Diffie-Hellman */
static int hf_ssh_dh_e = -1;
static int hf_ssh_dh_f = -1;
/* Key exchange: Diffie-Hellman Group Exchange */
static int hf_ssh_dh_gex_min = -1;
static int hf_ssh_dh_gex_nbits = -1;
static int hf_ssh_dh_gex_max = -1;
static int hf_ssh_dh_gex_p = -1;
static int hf_ssh_dh_gex_g = -1;
/* Key exchange: Elliptic Curve Diffie-Hellman */
static int hf_ssh_ecdh_q_c = -1;
static int hf_ssh_ecdh_q_c_length = -1;
static int hf_ssh_ecdh_q_s = -1;
static int hf_ssh_ecdh_q_s_length = -1;
/* Miscellaneous */
static int hf_ssh_mpint_length = -1;
static int hf_ssh_ignore_data_length = -1;
static int hf_ssh_ignore_data = -1;
static int hf_ssh_debug_always_display = -1;
static int hf_ssh_debug_message_length = -1;
static int hf_ssh_debug_message = -1;
static int hf_ssh_service_name_length = -1;
static int hf_ssh_service_name = -1;
static int hf_ssh_userauth_user_name_length = -1;
static int hf_ssh_userauth_user_name = -1;
static int hf_ssh_userauth_change_password = -1;
static int hf_ssh_userauth_service_name_length = -1;
static int hf_ssh_userauth_service_name = -1;
static int hf_ssh_userauth_method_name_length = -1;
static int hf_ssh_userauth_method_name = -1;
static int hf_ssh_userauth_have_signature = -1;
static int hf_ssh_userauth_password_length = -1;
static int hf_ssh_userauth_password = -1;
static int hf_ssh_userauth_new_password_length = -1;
static int hf_ssh_userauth_new_password = -1;
static int hf_ssh_auth_failure_list_length = -1;
static int hf_ssh_auth_failure_list = -1;
static int hf_ssh_userauth_partial_success = -1;
static int hf_ssh_userauth_pka_name_len = -1;
static int hf_ssh_userauth_pka_name = -1;
static int hf_ssh_pk_blob_name_length = -1;
static int hf_ssh_pk_blob_name = -1;
static int hf_ssh_blob_length = -1;
static int hf_ssh_signature_length = -1;
static int hf_ssh_pk_sig_blob_name_length = -1;
static int hf_ssh_pk_sig_blob_name = -1;
static int hf_ssh_connection_type_name_len = -1;
static int hf_ssh_connection_type_name = -1;
static int hf_ssh_connection_sender_channel = -1;
static int hf_ssh_connection_recipient_channel = -1;
static int hf_ssh_connection_initial_window = -1;
static int hf_ssh_connection_maximum_packet_size = -1;
static int hf_ssh_global_request_name_len = -1;
static int hf_ssh_global_request_name = -1;
static int hf_ssh_global_request_want_reply = -1;
static int hf_ssh_global_request_hostkeys_array_len = -1;
static int hf_ssh_channel_request_name_len = -1;
static int hf_ssh_channel_request_name = -1;
static int hf_ssh_channel_request_want_reply = -1;
static int hf_ssh_subsystem_name_len = -1;
static int hf_ssh_subsystem_name = -1;
static int hf_ssh_channel_window_adjust = -1;
static int hf_ssh_channel_data_len = -1;
static int hf_ssh_exit_status = -1;
static int hf_ssh_disconnect_reason = -1;
static int hf_ssh_disconnect_description_length = -1;
static int hf_ssh_disconnect_description = -1;
static int hf_ssh_lang_tag_length = -1;
static int hf_ssh_lang_tag = -1;
static int hf_ssh_blob_p = -1;
static int hf_ssh_blob_e = -1;
static int hf_ssh_pk_sig_s_length = -1;
static int hf_ssh_pk_sig_s = -1;
static gint ett_ssh = -1;
static gint ett_key_exchange = -1;
static gint ett_key_exchange_host_key = -1;
static gint ett_key_exchange_host_sig = -1;
static gint ett_userauth_pk_blob = -1;
static gint ett_userauth_pk_signautre = -1;
static gint ett_key_init = -1;
static gint ett_ssh1 = -1;
static gint ett_ssh2 = -1;
static expert_field ei_ssh_packet_length = EI_INIT;
static expert_field ei_ssh_packet_decode = EI_INIT;
static expert_field ei_ssh_invalid_keylen = EI_INIT;
static expert_field ei_ssh_mac_bad = EI_INIT;
static gboolean ssh_desegment = TRUE;
static dissector_handle_t ssh_handle;
static dissector_handle_t sftp_handle=NULL;
static const char *pref_keylog_file;
static FILE *ssh_keylog_file;
#define SSH_DECRYPT_DEBUG
#ifdef SSH_DECRYPT_DEBUG
static const gchar *ssh_debug_file_name = NULL;
#endif
// 29418/tcp: Gerrit Code Review
#define TCP_RANGE_SSH "22,29418"
#define SCTP_PORT_SSH 22
/* Message Numbers (from RFC 4250) (1-255) */
/* Transport layer protocol: generic (1-19) */
#define SSH_MSG_DISCONNECT 1
#define SSH_MSG_IGNORE 2
#define SSH_MSG_UNIMPLEMENTED 3
#define SSH_MSG_DEBUG 4
#define SSH_MSG_SERVICE_REQUEST 5
#define SSH_MSG_SERVICE_ACCEPT 6
/* Transport layer protocol: Algorithm negotiation (20-29) */
#define SSH_MSG_KEXINIT 20
#define SSH_MSG_NEWKEYS 21
/* Transport layer: Key exchange method specific (reusable) (30-49) */
#define SSH_MSG_KEXDH_INIT 30
#define SSH_MSG_KEXDH_REPLY 31
#define SSH_MSG_KEX_DH_GEX_REQUEST_OLD 30
#define SSH_MSG_KEX_DH_GEX_GROUP 31
#define SSH_MSG_KEX_DH_GEX_INIT 32
#define SSH_MSG_KEX_DH_GEX_REPLY 33
#define SSH_MSG_KEX_DH_GEX_REQUEST 34
#define SSH_MSG_KEX_ECDH_INIT 30
#define SSH_MSG_KEX_ECDH_REPLY 31
/* User authentication protocol: generic (50-59) */
#define SSH_MSG_USERAUTH_REQUEST 50
#define SSH_MSG_USERAUTH_FAILURE 51
#define SSH_MSG_USERAUTH_SUCCESS 52
#define SSH_MSG_USERAUTH_BANNER 53
/* User authentication protocol: method specific (reusable) (50-79) */
#define SSH_MSG_USERAUTH_PK_OK 60
/* Connection protocol: generic (80-89) */
#define SSH_MSG_GLOBAL_REQUEST 80
#define SSH_MSG_REQUEST_SUCCESS 81
#define SSH_MSG_REQUEST_FAILURE 82
/* Connection protocol: channel related messages (90-127) */
#define SSH_MSG_CHANNEL_OPEN 90
#define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 91
#define SSH_MSG_CHANNEL_OPEN_FAILURE 92
#define SSH_MSG_CHANNEL_WINDOW_ADJUST 93
#define SSH_MSG_CHANNEL_DATA 94
#define SSH_MSG_CHANNEL_EXTENDED_DATA 95
#define SSH_MSG_CHANNEL_EOF 96
#define SSH_MSG_CHANNEL_CLOSE 97
#define SSH_MSG_CHANNEL_REQUEST 98
#define SSH_MSG_CHANNEL_SUCCESS 99
#define SSH_MSG_CHANNEL_FAILURE 100
/* 128-191 reserved for client protocols */
/* 192-255 local extensions */
#define CIPHER_AES128_CTR 0x00010001
#define CIPHER_AES192_CTR 0x00010003
#define CIPHER_AES256_CTR 0x00010004
#define CIPHER_AES128_CBC 0x00020001
#define CIPHER_AES192_CBC 0x00020002
#define CIPHER_AES256_CBC 0x00020004
#define CIPHER_AES128_GCM 0x00040001
//#define CIPHER_AES192_GCM 0x00040002 -- does not exist
#define CIPHER_AES256_GCM 0x00040004
#define CIPHER_MAC_SHA2_256 0x00020001
static const value_string ssh_direction_vals[] = {
{ CLIENT_TO_SERVER_PROPOSAL, "client-to-server" },
{ SERVER_TO_CLIENT_PROPOSAL, "server-to-client" },
{ 0, NULL }
};
static const value_string ssh2_msg_vals[] = {
{ SSH_MSG_DISCONNECT, "Disconnect" },
{ SSH_MSG_IGNORE, "Ignore" },
{ SSH_MSG_UNIMPLEMENTED, "Unimplemented" },
{ SSH_MSG_DEBUG, "Debug" },
{ SSH_MSG_SERVICE_REQUEST, "Service Request" },
{ SSH_MSG_SERVICE_ACCEPT, "Service Accept" },
{ SSH_MSG_KEXINIT, "Key Exchange Init" },
{ SSH_MSG_NEWKEYS, "New Keys" },
{ SSH_MSG_USERAUTH_REQUEST, "User Authentication Request" },
{ SSH_MSG_USERAUTH_FAILURE, "User Authentication Failure" },
{ SSH_MSG_USERAUTH_SUCCESS, "User Authentication Success" },
{ SSH_MSG_USERAUTH_BANNER, "User Authentication Banner" },
{ SSH_MSG_GLOBAL_REQUEST, "Global Request" },
{ SSH_MSG_REQUEST_SUCCESS, "Request Success" },
{ SSH_MSG_REQUEST_FAILURE, "Request Failure" },
{ SSH_MSG_CHANNEL_OPEN, "Channel Open" },
{ SSH_MSG_CHANNEL_OPEN_CONFIRMATION, "Channel Open Confirmation" },
{ SSH_MSG_CHANNEL_OPEN_FAILURE, "Channel Open Failure" },
{ SSH_MSG_CHANNEL_WINDOW_ADJUST, "Window Adjust" },
{ SSH_MSG_CHANNEL_DATA, "Channel Data" },
{ SSH_MSG_CHANNEL_EXTENDED_DATA, "Channel Extended Data" },
{ SSH_MSG_CHANNEL_EOF, "Channel EOF" },
{ SSH_MSG_CHANNEL_CLOSE, "Channel Close" },
{ SSH_MSG_CHANNEL_REQUEST, "Channel Request" },
{ SSH_MSG_CHANNEL_SUCCESS, "Channel Success" },
{ SSH_MSG_CHANNEL_FAILURE, "Channel Failure" },
{ SSH_MSG_USERAUTH_PK_OK, "Public Key algorithm accepted" },
{ 0, NULL }
};
static const value_string ssh2_kex_dh_msg_vals[] = {
{ SSH_MSG_KEXDH_INIT, "Diffie-Hellman Key Exchange Init" },
{ SSH_MSG_KEXDH_REPLY, "Diffie-Hellman Key Exchange Reply" },
{ 0, NULL }
};
static const value_string ssh2_kex_dh_gex_msg_vals[] = {
{ SSH_MSG_KEX_DH_GEX_REQUEST_OLD, "Diffie-Hellman Group Exchange Request (Old)" },
{ SSH_MSG_KEX_DH_GEX_GROUP, "Diffie-Hellman Group Exchange Group" },
{ SSH_MSG_KEX_DH_GEX_INIT, "Diffie-Hellman Group Exchange Init" },
{ SSH_MSG_KEX_DH_GEX_REPLY, "Diffie-Hellman Group Exchange Reply" },
{ SSH_MSG_KEX_DH_GEX_REQUEST, "Diffie-Hellman Group Exchange Request" },
{ 0, NULL }
};
static const value_string ssh2_kex_ecdh_msg_vals[] = {
{ SSH_MSG_KEX_ECDH_INIT, "Elliptic Curve Diffie-Hellman Key Exchange Init" },
{ SSH_MSG_KEX_ECDH_REPLY, "Elliptic Curve Diffie-Hellman Key Exchange Reply" },
{ 0, NULL }
};
static const value_string ssh1_msg_vals[] = {
{SSH1_MSG_NONE, "No Message"},
{SSH1_MSG_DISCONNECT, "Disconnect"},
{SSH1_SMSG_PUBLIC_KEY, "Public Key"},
{SSH1_CMSG_SESSION_KEY, "Session Key"},
{SSH1_CMSG_USER, "User"},
{0, NULL}
};
static int ssh_dissect_key_init(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *tree,
int is_response,
struct ssh_flow_data *global_data);
static int ssh_dissect_proposal(tvbuff_t *tvb, int offset, proto_tree *tree,
int hf_index_length, int hf_index_value, char **store);
static int ssh_dissect_ssh1(tvbuff_t *tvb, packet_info *pinfo,
struct ssh_flow_data *global_data,
int offset, proto_tree *tree, int is_response,
gboolean *need_desegmentation);
static int ssh_dissect_ssh2(tvbuff_t *tvb, packet_info *pinfo,
struct ssh_flow_data *global_data,
int offset, proto_tree *tree, int is_response,
gboolean *need_desegmentation);
static int ssh_dissect_key_exchange(tvbuff_t *tvb, packet_info *pinfo,
struct ssh_flow_data *global_data,
int offset, proto_tree *tree, int is_response,
gboolean *need_desegmentation);
static int ssh_dissect_kex_dh(guint8 msg_code, tvbuff_t *tvb,
packet_info *pinfo, int offset, proto_tree *tree,
struct ssh_flow_data *global_data, guint *seq_num);
static int ssh_dissect_kex_dh_gex(guint8 msg_code, tvbuff_t *tvb,
packet_info *pinfo, int offset, proto_tree *tree,
struct ssh_flow_data *global_data, guint *seq_num);
static int ssh_dissect_kex_ecdh(guint8 msg_code, tvbuff_t *tvb,
packet_info *pinfo, int offset, proto_tree *tree,
struct ssh_flow_data *global_data, guint *seq_num);
static int ssh_dissect_protocol(tvbuff_t *tvb, packet_info *pinfo,
struct ssh_flow_data *global_data,
int offset, proto_tree *tree, int is_response, guint *version,
gboolean *need_desegmentation);
static int ssh_try_dissect_encrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
struct ssh_peer_data *peer_data, int offset, proto_tree *tree);
static int ssh_dissect_encrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
struct ssh_peer_data *peer_data,
int offset, proto_tree *tree);
static void ssh_choose_algo(gchar *client, gchar *server, gchar **result);
static void ssh_set_mac_length(struct ssh_peer_data *peer_data);
static void ssh_set_kex_specific_dissector(struct ssh_flow_data *global_data);
static void ssh_keylog_read_file(void);
static void ssh_keylog_process_line(const char *line);
static void ssh_keylog_process_lines(const guint8 *data, guint datalen);
static void ssh_keylog_reset(void);
static ssh_bignum *ssh_kex_make_bignum(const guint8 *data, guint length);
static gboolean ssh_read_e(tvbuff_t *tvb, int offset,
struct ssh_flow_data *global_data);
static gboolean ssh_read_f(tvbuff_t *tvb, int offset,
struct ssh_flow_data *global_data);
#ifdef SSH_DECRYPTION_SUPPORTED
static ssh_bignum * ssh_read_mpint(tvbuff_t *tvb, int offset);
#endif
static void ssh_keylog_hash_write_secret(struct ssh_flow_data *global_data);
static ssh_bignum *ssh_kex_shared_secret(gint kex_type, ssh_bignum *pub, ssh_bignum *priv, ssh_bignum *modulo);
static void ssh_hash_buffer_put_string(wmem_array_t *buffer, const gchar *string,
guint len);
static void ssh_hash_buffer_put_uint32(wmem_array_t *buffer, guint val);
static gchar *ssh_string(const gchar *string, guint len);
static void ssh_derive_symmetric_keys(ssh_bignum *shared_secret,
gchar *exchange_hash, guint hash_length,
struct ssh_flow_data *global_data);
static void ssh_derive_symmetric_key(ssh_bignum *shared_secret,
gchar *exchange_hash, guint hash_length, gchar id,
ssh_bignum *result_key, struct ssh_flow_data *global_data, guint we_need);
static void ssh_choose_enc_mac(struct ssh_flow_data *global_data);
static void ssh_decryption_set_cipher_id(struct ssh_peer_data *peer);
static void ssh_decryption_setup_cipher(struct ssh_peer_data *peer,
ssh_bignum *iv, ssh_bignum *key);
static void ssh_decryption_set_mac_id(struct ssh_peer_data *peer);
static void ssh_decryption_setup_mac(struct ssh_peer_data *peer,
ssh_bignum *iv);
static void ssh_increment_message_number(packet_info *pinfo,
struct ssh_flow_data *global_data, gboolean is_response);
static guint ssh_decrypt_packet(tvbuff_t *tvb, packet_info *pinfo,
struct ssh_peer_data *peer_data, int offset, proto_tree *tree);
static gboolean ssh_decrypt_chacha20(gcry_cipher_hd_t hd, guint32 seqnr,
guint32 counter, const guchar *ctext, guint ctext_len,
guchar *plain, guint plain_len);
static proto_item * ssh_tree_add_mac(proto_tree *tree, tvbuff_t *tvb, const guint offset, const guint mac_len,
const int hf_mac, const int hf_mac_status, struct expert_field* bad_checksum_expert,
packet_info *pinfo, const guint8 * calc_mac, const guint flags);
static int ssh_dissect_decrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
struct ssh_peer_data *peer_data, proto_tree *tree,
gchar *plaintext, guint plaintext_len);
static int ssh_dissect_transport_generic(tvbuff_t *packet_tvb, packet_info *pinfo,
int offset, proto_item *msg_type_tree, guint msg_code);
static int ssh_dissect_userauth_generic(tvbuff_t *packet_tvb, packet_info *pinfo,
int offset, proto_item *msg_type_tree, guint msg_code);
static int ssh_dissect_userauth_specific(tvbuff_t *packet_tvb, packet_info *pinfo,
int offset, proto_item *msg_type_tree, guint msg_code);
static int ssh_dissect_connection_specific(tvbuff_t *packet_tvb, packet_info *pinfo,
struct ssh_peer_data *peer_data, int offset, proto_item *msg_type_tree,
guint msg_code);
static int ssh_dissect_connection_generic(tvbuff_t *packet_tvb, packet_info *pinfo,
int offset, proto_item *msg_type_tree, guint msg_code);
static int ssh_dissect_public_key_blob(tvbuff_t *packet_tvb, packet_info *pinfo,
int offset, proto_item *msg_type_tree);
static int ssh_dissect_public_key_signature(tvbuff_t *packet_tvb, packet_info *pinfo,
int offset, proto_item *msg_type_tree);
static dissector_handle_t get_subdissector_for_channel(struct ssh_peer_data *peer_data, guint uiNumChannel);
static void set_subdissector_for_channel(struct ssh_peer_data *peer_data, guint uiNumChannel, guint8* subsystem_name);
#define SSH_DEBUG_USE_STDERR "-"
#ifdef SSH_DECRYPT_DEBUG
static void
ssh_debug_printf(const gchar* fmt,...) G_GNUC_PRINTF(1,2);
static void
ssh_print_data(const gchar* name, const guchar* data, size_t len);
static void
ssh_set_debug(const gchar* name);
static void
ssh_debug_flush(void);
#else
/* No debug: nullify debug operation*/
static inline void G_GNUC_PRINTF(1,2)
ssh_debug_printf(const gchar* fmt _U_,...)
{
}
#define ssh_print_data(a, b, c)
#define ssh_print_string(a, b)
#define ssh_set_debug(name)
#define ssh_debug_flush()
#endif /* SSH_DECRYPT_DEBUG */
static int
dissect_ssh(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
{
proto_tree *ssh_tree;
proto_item *ti;
conversation_t *conversation;
int last_offset, offset = 0;
gboolean is_response = (pinfo->destport != pinfo->match_uint),
need_desegmentation;
guint version;
struct ssh_flow_data *global_data = NULL;
struct ssh_peer_data *peer_data;
ssh_debug_printf("\ndissect_ssh enter frame #%u (%s)\n", pinfo->num, (pinfo->fd->visited)?"already visited":"first time");
conversation = find_or_create_conversation(pinfo);
global_data = (struct ssh_flow_data *)conversation_get_proto_data(conversation, proto_ssh);
if (!global_data) {
global_data = wmem_new0(wmem_file_scope(), struct ssh_flow_data);
global_data->version = SSH_VERSION_UNKNOWN;
global_data->kex_specific_dissector = ssh_dissect_kex_dh;
global_data->peer_data[CLIENT_PEER_DATA].mac_length = -1;
global_data->peer_data[SERVER_PEER_DATA].mac_length = -1;
global_data->peer_data[CLIENT_PEER_DATA].sequence_number = 0;
global_data->peer_data[SERVER_PEER_DATA].sequence_number = 0;
global_data->peer_data[CLIENT_PEER_DATA].seq_num_kex_init = 0;
global_data->peer_data[SERVER_PEER_DATA].seq_num_kex_init = 0;
global_data->peer_data[CLIENT_PEER_DATA].seq_num_gex_req = 0;
global_data->peer_data[SERVER_PEER_DATA].seq_num_gex_req = 0;
global_data->peer_data[CLIENT_PEER_DATA].seq_num_gex_grp = 0;
global_data->peer_data[SERVER_PEER_DATA].seq_num_gex_grp = 0;
global_data->peer_data[CLIENT_PEER_DATA].seq_num_gex_ini = 0;
global_data->peer_data[SERVER_PEER_DATA].seq_num_gex_ini = 0;
global_data->peer_data[CLIENT_PEER_DATA].seq_num_gex_rep = 0;
global_data->peer_data[SERVER_PEER_DATA].seq_num_gex_rep = 0;
global_data->peer_data[CLIENT_PEER_DATA].seq_num_ecdh_ini = 0;
global_data->peer_data[SERVER_PEER_DATA].seq_num_ecdh_ini = 0;
global_data->peer_data[CLIENT_PEER_DATA].seq_num_ecdh_rep = 0;
global_data->peer_data[SERVER_PEER_DATA].seq_num_ecdh_rep = 0;
global_data->peer_data[CLIENT_PEER_DATA].seq_num_dh_ini = 0;
global_data->peer_data[SERVER_PEER_DATA].seq_num_dh_ini = 0;
global_data->peer_data[CLIENT_PEER_DATA].seq_num_dh_rep = 0;
global_data->peer_data[SERVER_PEER_DATA].seq_num_dh_rep = 0;
global_data->peer_data[CLIENT_PEER_DATA].seq_num_new_key = 0;
global_data->peer_data[SERVER_PEER_DATA].seq_num_new_key = 0;
global_data->peer_data[CLIENT_PEER_DATA].bn_cookie = NULL;
global_data->peer_data[SERVER_PEER_DATA].bn_cookie = NULL;
global_data->peer_data[CLIENT_PEER_DATA].global_data = global_data;
global_data->peer_data[SERVER_PEER_DATA].global_data = global_data;
global_data->channel_info = NULL;
global_data->kex_client_version = wmem_array_new(wmem_file_scope(), 1);
global_data->kex_server_version = wmem_array_new(wmem_file_scope(), 1);
global_data->kex_client_key_exchange_init = wmem_array_new(wmem_file_scope(), 1);
global_data->kex_server_key_exchange_init = wmem_array_new(wmem_file_scope(), 1);
global_data->kex_server_host_key_blob = wmem_array_new(wmem_file_scope(), 1);
global_data->kex_gex_bits_min = wmem_array_new(wmem_file_scope(), 1);
global_data->kex_gex_bits_req = wmem_array_new(wmem_file_scope(), 1);
global_data->kex_gex_bits_max = wmem_array_new(wmem_file_scope(), 1);
global_data->kex_shared_secret = wmem_array_new(wmem_file_scope(), 1);
global_data->do_decrypt = TRUE;
conversation_add_proto_data(conversation, proto_ssh, global_data);
}
peer_data = &global_data->peer_data[is_response];
ti = proto_tree_add_item(tree, proto_ssh, tvb, offset, -1, ENC_NA);
ssh_tree = proto_item_add_subtree(ti, ett_ssh);
version = global_data->version;
switch(version) {
case SSH_VERSION_UNKNOWN:
col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSH");
break;
case SSH_VERSION_1:
col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSHv1");
break;
case SSH_VERSION_2:
col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSHv2");
break;
}
col_clear(pinfo->cinfo, COL_INFO);
while(tvb_reported_length_remaining(tvb, offset)> 0) {
gboolean after_version_start = (peer_data->frame_version_start == 0 ||
pinfo->num >= peer_data->frame_version_start);
gboolean before_version_end = (peer_data->frame_version_end == 0 ||
pinfo->num <= peer_data->frame_version_end);
need_desegmentation = FALSE;
last_offset = offset;
peer_data->counter++;
if (after_version_start && before_version_end &&
(tvb_strncaseeql(tvb, offset, "SSH-", 4) == 0)) {
if (peer_data->frame_version_start == 0)
peer_data->frame_version_start = pinfo->num;
offset = ssh_dissect_protocol(tvb, pinfo,
global_data,
offset, ssh_tree, is_response,
&version, &need_desegmentation);
if (!need_desegmentation) {
peer_data->frame_version_end = pinfo->num;
global_data->version = version;
}
} else {
switch(version) {
case SSH_VERSION_UNKNOWN:
offset = ssh_try_dissect_encrypted_packet(tvb, pinfo,
&global_data->peer_data[is_response], offset, ssh_tree);
break;
case SSH_VERSION_1:
offset = ssh_dissect_ssh1(tvb, pinfo, global_data,
offset, ssh_tree, is_response,
&need_desegmentation);
break;
case SSH_VERSION_2:
offset = ssh_dissect_ssh2(tvb, pinfo, global_data,
offset, ssh_tree, is_response,
&need_desegmentation);
break;
}
}
if (need_desegmentation)
return tvb_captured_length(tvb);
if (offset <= last_offset) {
/* XXX - add an expert info in the function
that decrements offset */
break;
}
}
col_prepend_fstr(pinfo->cinfo, COL_INFO, "%s: ", is_response ? "Server" : "Client");
ti = proto_tree_add_boolean_format_value(ssh_tree, hf_ssh_direction, tvb, 0, 0, is_response, "%s",
try_val_to_str(is_response, ssh_direction_vals));
proto_item_set_generated(ti);
ssh_debug_flush();
return tvb_captured_length(tvb);
}
static int
ssh_dissect_ssh2(tvbuff_t *tvb, packet_info *pinfo,
struct ssh_flow_data *global_data,
int offset, proto_tree *tree, int is_response,
gboolean *need_desegmentation)
{
proto_item *ssh2_tree = NULL;
gint remain_length;
struct ssh_peer_data *peer_data = &global_data->peer_data[is_response];
remain_length = tvb_captured_length_remaining(tvb, offset);
while(remain_length>0){
int last_offset = offset;
if (tree) {
wmem_strbuf_t *title = wmem_strbuf_new(wmem_packet_scope(), "SSH Version 2");
if (peer_data->enc || peer_data->mac || peer_data->comp) {
wmem_strbuf_append_printf(title, " (");
if (peer_data->enc)
wmem_strbuf_append_printf(title, "encryption:%s%s",
peer_data->enc,
peer_data->mac || peer_data->comp
? " " : "");
if (peer_data->mac)
wmem_strbuf_append_printf(title, "mac:%s%s",
peer_data->mac,
peer_data->comp ? " " : "");
if (peer_data->comp)
wmem_strbuf_append_printf(title, "compression:%s",
peer_data->comp);
wmem_strbuf_append_printf(title, ")");
}
ssh2_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_ssh2, NULL, wmem_strbuf_get_str(title));
}
ws_noisy("....ssh_dissect_ssh2[%c]: frame_key_start=%d, pinfo->num=%d, frame_key_end=%d, offset=%d, frame_key_end_offset=%d ", is_response==SERVER_PEER_DATA?'S':'C', peer_data->frame_key_start, pinfo->num, peer_data->frame_key_end, offset, peer_data->frame_key_end_offset);
if ((peer_data->frame_key_start == 0) ||
((peer_data->frame_key_start <= pinfo->num) &&
((peer_data->frame_key_end == 0) || (pinfo->num < peer_data->frame_key_end) ||
((pinfo->num == peer_data->frame_key_end) && (offset < peer_data->frame_key_end_offset))))) {
offset = ssh_dissect_key_exchange(tvb, pinfo, global_data,
offset, ssh2_tree, is_response,
need_desegmentation);
if (!*need_desegmentation) {
ssh_increment_message_number(pinfo, global_data, is_response);
}else{
break;
}
} else {
if(!*need_desegmentation){
offset = ssh_try_dissect_encrypted_packet(tvb, pinfo,
&global_data->peer_data[is_response], offset, ssh2_tree);
}else{
break;
}
}
if (ssh2_tree) {
proto_item_set_len(ssh2_tree, offset - last_offset);
}
remain_length = tvb_captured_length_remaining(tvb, offset);
}
return offset;
}
static int
ssh_dissect_ssh1(tvbuff_t *tvb, packet_info *pinfo,
struct ssh_flow_data *global_data,
int offset, proto_tree *tree, int is_response,
gboolean *need_desegmentation)
{
guint plen, padding_length, len;
guint8 msg_code;
guint remain_length;
proto_item *ssh1_tree;
struct ssh_peer_data *peer_data = &global_data->peer_data[is_response];
ssh1_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_ssh1, NULL, "SSH Version 1");
/*
* We use "tvb_ensure_captured_length_remaining()" to make sure there
* actually *is* data remaining.
*
* This means we're guaranteed that "remain_length" is positive.
*/
remain_length = tvb_ensure_captured_length_remaining(tvb, offset);
/*
* Can we do reassembly?
*/
if (ssh_desegment && pinfo->can_desegment) {
/*
* Yes - would an SSH header starting at this offset be split
* across segment boundaries?
*/
if (remain_length < 4) {
/*
* Yes. Tell the TCP dissector where the data for
* this message starts in the data it handed us and
* that we need "some more data." Don't tell it
* exactly how many bytes we need because if/when we
* ask for even more (after the header) that will
* break reassembly.
*/
pinfo->desegment_offset = offset;
pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
*need_desegmentation = TRUE;
return offset;
}
}
plen = tvb_get_ntohl(tvb, offset) ;
padding_length = 8 - plen%8;
if (ssh_desegment && pinfo->can_desegment) {
if (plen+4+padding_length > remain_length) {
pinfo->desegment_offset = offset;
pinfo->desegment_len = plen+padding_length - remain_length;
*need_desegmentation = TRUE;
return offset;
}
}
if (plen >= 0xffff) {
if (ssh1_tree && plen > 0) {
proto_tree_add_uint_format(ssh1_tree, hf_ssh_packet_length, tvb,
offset, 4, plen, "Overly large length %x", plen);
}
plen = remain_length-4-padding_length;
} else {
if (ssh1_tree && plen > 0) {
proto_tree_add_uint(ssh1_tree, hf_ssh_packet_length, tvb,
offset, 4, plen);
}
}
offset+=4;
/* padding length */
proto_tree_add_uint(ssh1_tree, hf_ssh_padding_length, tvb,
offset, padding_length, padding_length);
offset += padding_length;
/* msg_code */
if ((peer_data->frame_key_start == 0) ||
((peer_data->frame_key_start >= pinfo->num) && (pinfo->num <= peer_data->frame_key_end))) {
msg_code = tvb_get_guint8(tvb, offset);
proto_tree_add_item(ssh1_tree, hf_ssh_msg_code, tvb, offset, 1, ENC_BIG_ENDIAN);
col_append_sep_str(pinfo->cinfo, COL_INFO, NULL,
val_to_str(msg_code, ssh1_msg_vals, "Unknown (%u)"));
offset += 1;
len = plen -1;
if (!pinfo->fd->visited) {
if (peer_data->frame_key_start == 0)
peer_data->frame_key_start = pinfo->num;
peer_data->frame_key_end = pinfo->num;
}
} else {
len = plen;
col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL, "Encrypted packet (len=%d)", len);
}
/* payload */
if (ssh1_tree) {
proto_tree_add_item(ssh1_tree, hf_ssh_payload,
tvb, offset, len, ENC_NA);
}
offset += len;
return offset;
}
static int
ssh_tree_add_mpint(tvbuff_t *tvb, int offset, proto_tree *tree,
int hf_ssh_mpint_selection)
{
guint len = tvb_get_ntohl(tvb, offset);
proto_tree_add_uint(tree, hf_ssh_mpint_length, tvb,
offset, 4, len);
offset+=4;
proto_tree_add_item(tree, hf_ssh_mpint_selection,
tvb, offset, len, ENC_NA);
return 4+len;
}
static int
ssh_tree_add_string(tvbuff_t *tvb, int offset, proto_tree *tree,
int hf_ssh_string, int hf_ssh_string_length)
{
guint len = tvb_get_ntohl(tvb, offset);
proto_tree_add_uint(tree, hf_ssh_string_length, tvb,
offset, 4, len);
offset+=4;
proto_tree_add_item(tree, hf_ssh_string,
tvb, offset, len, ENC_NA);
return 4+len;
}
static guint
ssh_tree_add_hostkey(tvbuff_t *tvb, int offset, proto_tree *parent_tree,
const char *tree_name, int ett_idx,
struct ssh_flow_data *global_data)
{
proto_tree *tree = NULL;
int last_offset;
int remaining_len;
guint key_len, type_len;
char* key_type;
gchar *tree_title;
last_offset = offset;
key_len = tvb_get_ntohl(tvb, offset);
offset += 4;
/* Read the key type before creating the tree so we can append it as info. */
type_len = tvb_get_ntohl(tvb, offset);
offset += 4;
key_type = (char *) tvb_get_string_enc(wmem_packet_scope(), tvb, offset, type_len, ENC_ASCII|ENC_NA);
tree_title = wmem_strdup_printf(wmem_packet_scope(), "%s (type: %s)", tree_name, key_type);
tree = proto_tree_add_subtree(parent_tree, tvb, last_offset, key_len + 4, ett_idx, NULL,
tree_title);
proto_tree_add_uint(tree, hf_ssh_hostkey_length, tvb, last_offset, 4, key_len);
// server host key (K_S / Q)
gchar *data = (gchar *)tvb_memdup(wmem_packet_scope(), tvb, last_offset + 4, key_len);
ssh_hash_buffer_put_string(global_data->kex_server_host_key_blob, data, key_len);
last_offset += 4;
proto_tree_add_uint(tree, hf_ssh_hostkey_type_length, tvb, last_offset, 4, type_len);
proto_tree_add_string(tree, hf_ssh_hostkey_type, tvb, offset, type_len, key_type);
offset += type_len;
if (0 == strcmp(key_type, "ssh-rsa")) {
offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostkey_rsa_e);
ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostkey_rsa_n);
} else if (0 == strcmp(key_type, "ssh-dss")) {
offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostkey_dsa_p);
offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostkey_dsa_q);
offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostkey_dsa_g);
ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostkey_dsa_y);
} else if (g_str_has_prefix(key_type, "ecdsa-sha2-")) {
offset += ssh_tree_add_string(tvb, offset, tree,
hf_ssh_hostkey_ecdsa_curve_id, hf_ssh_hostkey_ecdsa_curve_id_length);
ssh_tree_add_string(tvb, offset, tree,
hf_ssh_hostkey_ecdsa_q, hf_ssh_hostkey_ecdsa_q_length);
} else if (g_str_has_prefix(key_type, "ssh-ed")) {
ssh_tree_add_string(tvb, offset, tree,
hf_ssh_hostkey_eddsa_key, hf_ssh_hostkey_eddsa_key_length);
} else {
remaining_len = key_len - (type_len + 4);
proto_tree_add_item(tree, hf_ssh_hostkey_data, tvb, offset, remaining_len, ENC_NA);
}
return 4+key_len;
}
static guint
ssh_tree_add_hostsignature(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree,
const char *tree_name, int ett_idx,
struct ssh_flow_data *global_data)
{
(void)global_data;
proto_tree *tree = NULL;
proto_item* ti = NULL;
int last_offset;
int offset0 = offset;
int remaining_len;
guint sig_len, type_len;
guint8* sig_type;
gchar *tree_title;
last_offset = offset;
sig_len = tvb_get_ntohl(tvb, offset);
offset += 4;
/* Read the signature type before creating the tree so we can append it as info. */
type_len = tvb_get_ntohl(tvb, offset);
offset += 4;
sig_type = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, type_len, ENC_ASCII|ENC_NA);
tree_title = wmem_strdup_printf(wmem_packet_scope(), "%s (type: %s)", tree_name, sig_type);
tree = proto_tree_add_subtree(parent_tree, tvb, last_offset, sig_len + 4, ett_idx, NULL,
tree_title);
ti = proto_tree_add_uint(tree, hf_ssh_hostsig_length, tvb, last_offset, 4, sig_len);
last_offset += 4;
proto_tree_add_uint(tree, hf_ssh_hostsig_type_length, tvb, last_offset, 4, type_len);
proto_tree_add_string(tree, hf_ssh_hostsig_type, tvb, offset, type_len, sig_type);
offset += type_len;
if (0 == strcmp(sig_type, "ssh-rsa")) {
offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostsig_rsa);
} else if (0 == strcmp(sig_type, "ssh-dss")) {
offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostsig_dsa);
} else if (g_str_has_prefix(sig_type, "ecdsa-sha2-")) {
// offset += ssh_tree_add_string(tvb, offset, tree,
// hf_ssh_hostkey_ecdsa_curve_id, hf_ssh_hostkey_ecdsa_curve_id_length);
// ssh_tree_add_string(tvb, offset, tree,
// hf_ssh_hostkey_ecdsa_q, hf_ssh_hostkey_ecdsa_q_length);
} else if (g_str_has_prefix(sig_type, "ssh-ed")) {
// ssh_tree_add_string(tvb, offset, tree,
// hf_ssh_hostkey_eddsa_key, hf_ssh_hostkey_eddsa_key_length);
} else {
remaining_len = sig_len - (type_len + 4);
proto_tree_add_item(tree, hf_ssh_hostsig_data, tvb, offset, remaining_len, ENC_NA);
}
if(offset-offset0!=(int)(4+sig_len)){
expert_add_info_format(pinfo, ti, &ei_ssh_packet_decode, "Decoded %d bytes, but packet legnth is %d bytes", offset-offset0, sig_len);
}
return 4+sig_len;
}
static int
ssh_dissect_key_exchange(tvbuff_t *tvb, packet_info *pinfo,
struct ssh_flow_data *global_data,
int offset, proto_tree *tree, int is_response,
gboolean *need_desegmentation)
{
guint plen, len;
guint8 padding_length;
guint remain_length;
int last_offset = offset;
guint msg_code;
guint seq_num = 0;
proto_item *ti;
proto_item *key_ex_tree = NULL;
const gchar *key_ex_title = "Key Exchange";
struct ssh_peer_data *peer_data = &global_data->peer_data[is_response];
/*
* We use "tvb_ensure_captured_length_remaining()" to make sure there
* actually *is* data remaining.
*
* This means we're guaranteed that "remain_length" is positive.
*/
remain_length = tvb_ensure_captured_length_remaining(tvb, offset);
/*
* Can we do reassembly?
*/
if (ssh_desegment && pinfo->can_desegment) {
/*
* Yes - would an SSH header starting at this offset
* be split across segment boundaries?
*/
if (remain_length < 4) {
/*
* Yes. Tell the TCP dissector where the data for
* this message starts in the data it handed us and
* that we need "some more data." Don't tell it
* exactly how many bytes we need because if/when we
* ask for even more (after the header) that will
* break reassembly.
*/
pinfo->desegment_offset = offset;
pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
*need_desegmentation = TRUE;
return offset;
}
}
plen = tvb_get_ntohl(tvb, offset) ;
if (ssh_desegment && pinfo->can_desegment) {
if (plen +4 > remain_length) {
pinfo->desegment_offset = offset;
pinfo->desegment_len = plen+4 - remain_length;
*need_desegmentation = TRUE;
return offset;
}
}
/*
* Need to check plen > 0x80000000 here
*/
ti = proto_tree_add_uint(tree, hf_ssh_packet_length, tvb,
offset, 4, plen);
if (plen >= 0xffff) {
expert_add_info_format(pinfo, ti, &ei_ssh_packet_length, "Overly large number %d", plen);
plen = remain_length-4;
}
offset+=4;
/* padding length */
padding_length = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(tree, hf_ssh_padding_length, tvb, offset, 1, padding_length);
offset += 1;
if (global_data->kex)
key_ex_title = wmem_strdup_printf(wmem_packet_scope(), "%s (method:%s)", key_ex_title, global_data->kex);
key_ex_tree = proto_tree_add_subtree(tree, tvb, offset, plen-1, ett_key_exchange, NULL, key_ex_title);
/* msg_code */
msg_code = tvb_get_guint8(tvb, offset);
if (msg_code >= 30 && msg_code < 40) {
offset = global_data->kex_specific_dissector(msg_code, tvb, pinfo,
offset, key_ex_tree, global_data, &seq_num);
} else {
proto_tree_add_item(key_ex_tree, hf_ssh2_msg_code, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
col_append_sep_str(pinfo->cinfo, COL_INFO, NULL,
val_to_str(msg_code, ssh2_msg_vals, "Unknown (%u)"));
/* 16 bytes cookie */
switch(msg_code)
{
case SSH_MSG_KEXINIT:
offset = ssh_dissect_key_init(tvb, pinfo, offset, key_ex_tree, is_response, global_data);
if ((peer_data->frame_key_start == 0) || (peer_data->frame_key_start == pinfo->num)) {
if (!PINFO_FD_VISITED(pinfo)) {
peer_data->frame_key_start = pinfo->num;
if(global_data->peer_data[is_response].seq_num_kex_init == 0){
global_data->peer_data[is_response].seq_num_kex_init = global_data->peer_data[is_response].sequence_number;
global_data->peer_data[is_response].sequence_number++;
ssh_debug_printf("%s->sequence_number{SSH_MSG_KEXINIT=%d}++ > %d\n", is_response?"server":"client", global_data->peer_data[is_response].seq_num_kex_init, global_data->peer_data[is_response].sequence_number);
}
}
}
seq_num = global_data->peer_data[is_response].seq_num_kex_init;
break;
case SSH_MSG_NEWKEYS:
if (peer_data->frame_key_end == 0) {
peer_data->frame_key_end = pinfo->num;
peer_data->frame_key_end_offset = offset;
if(global_data->peer_data[is_response].seq_num_new_key == 0){
global_data->peer_data[is_response].seq_num_new_key = global_data->peer_data[is_response].sequence_number;
global_data->peer_data[is_response].sequence_number++;
ssh_debug_printf("%s->sequence_number{SSH_MSG_NEWKEYS=%d}++ > %d\n", is_response?"server":"client", global_data->peer_data[is_response].seq_num_new_key, global_data->peer_data[is_response].sequence_number);
}
// the client sent SSH_MSG_NEWKEYS
if (!is_response) {
ssh_debug_printf("Activating new keys for CLIENT => SERVER\n");
ssh_decryption_setup_cipher(&global_data->peer_data[CLIENT_PEER_DATA], &global_data->new_keys[0], &global_data->new_keys[2]);
ssh_decryption_setup_mac(&global_data->peer_data[CLIENT_PEER_DATA], &global_data->new_keys[4]);
}else{
ssh_debug_printf("Activating new keys for SERVER => CLIENT\n");
ssh_decryption_setup_cipher(&global_data->peer_data[SERVER_PEER_DATA], &global_data->new_keys[1], &global_data->new_keys[3]);
ssh_decryption_setup_mac(&global_data->peer_data[SERVER_PEER_DATA], &global_data->new_keys[5]);
}
}
seq_num = global_data->peer_data[is_response].seq_num_new_key;
break;
}
}
len = plen+4-padding_length-(offset-last_offset);
if (len > 0) {
proto_tree_add_item(key_ex_tree, hf_ssh_payload, tvb, offset, len, ENC_NA);
}
offset += len;
/* padding */
proto_tree_add_item(tree, hf_ssh_padding_string, tvb, offset, padding_length, ENC_NA);
offset+= padding_length;
proto_tree_add_uint(tree, hf_ssh_seq_num, tvb, offset, 0, seq_num);
return offset;
}
static int ssh_dissect_kex_dh(guint8 msg_code, tvbuff_t *tvb,
packet_info *pinfo, int offset, proto_tree *tree,
struct ssh_flow_data *global_data, guint *seq_num)
{
*seq_num = 0;
proto_tree_add_item(tree, hf_ssh2_kex_dh_msg_code, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
col_append_sep_str(pinfo->cinfo, COL_INFO, NULL,
val_to_str(msg_code, ssh2_kex_dh_msg_vals, "Unknown (%u)"));
switch (msg_code) {
case SSH_MSG_KEXDH_INIT:
// e (client ephemeral key public part)
if (!ssh_read_e(tvb, offset, global_data)) {
proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
"Invalid key length: %u", tvb_get_ntohl(tvb, offset));
}
offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_e);
if(global_data->peer_data[CLIENT_PEER_DATA].seq_num_dh_ini == 0){
global_data->peer_data[CLIENT_PEER_DATA].sequence_number++;
global_data->peer_data[CLIENT_PEER_DATA].seq_num_dh_ini = global_data->peer_data[CLIENT_PEER_DATA].sequence_number;
ssh_debug_printf("%s->sequence_number{SSH_MSG_KEXDH_INIT}++ > %d\n", CLIENT_PEER_DATA?"serveur":"client", global_data->peer_data[CLIENT_PEER_DATA].sequence_number);
}
*seq_num = global_data->peer_data[CLIENT_PEER_DATA].seq_num_dh_ini;
break;
case SSH_MSG_KEXDH_REPLY:
offset += ssh_tree_add_hostkey(tvb, offset, tree, "KEX host key",
ett_key_exchange_host_key, global_data);
// f (server ephemeral key public part), K_S (host key)
if (!ssh_read_f(tvb, offset, global_data)) {
proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
"Invalid key length: %u", tvb_get_ntohl(tvb, offset));
}
ssh_choose_enc_mac(global_data);
ssh_keylog_hash_write_secret(global_data);
offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_f);
offset += ssh_tree_add_hostsignature(tvb, pinfo, offset, tree, "KEX host signature",
ett_key_exchange_host_sig, global_data);
if(global_data->peer_data[SERVER_PEER_DATA].seq_num_dh_rep == 0){
global_data->peer_data[SERVER_PEER_DATA].sequence_number++;
global_data->peer_data[SERVER_PEER_DATA].seq_num_dh_rep = global_data->peer_data[SERVER_PEER_DATA].sequence_number;
ssh_debug_printf("%s->sequence_number{SSH_MSG_KEXDH_REPLY}++ > %d\n", SERVER_PEER_DATA?"serveur":"client", global_data->peer_data[SERVER_PEER_DATA].sequence_number);
}
*seq_num = global_data->peer_data[SERVER_PEER_DATA].seq_num_dh_rep;
break;
}
return offset;
}
static int ssh_dissect_kex_dh_gex(guint8 msg_code, tvbuff_t *tvb,
packet_info *pinfo, int offset, proto_tree *tree,
struct ssh_flow_data *global_data, guint *seq_num)
{
*seq_num = 0;
proto_tree_add_item(tree, hf_ssh2_kex_dh_gex_msg_code, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
col_append_sep_str(pinfo->cinfo, COL_INFO, NULL,
val_to_str(msg_code, ssh2_kex_dh_gex_msg_vals, "Unknown (%u)"));
switch (msg_code) {
case SSH_MSG_KEX_DH_GEX_REQUEST_OLD:
proto_tree_add_item(tree, hf_ssh_dh_gex_nbits, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
break;
case SSH_MSG_KEX_DH_GEX_GROUP:
#ifdef SSH_DECRYPTION_SUPPORTED
// p (Group modulo)
global_data->kex_gex_p = ssh_read_mpint(tvb, offset);
#endif
offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_gex_p);
#ifdef SSH_DECRYPTION_SUPPORTED
// g (Group generator)
global_data->kex_gex_g = ssh_read_mpint(tvb, offset);
#endif
offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_gex_g);
if(global_data->peer_data[SERVER_PEER_DATA].seq_num_gex_grp == 0){
global_data->peer_data[SERVER_PEER_DATA].sequence_number++;
global_data->peer_data[SERVER_PEER_DATA].seq_num_gex_grp = global_data->peer_data[SERVER_PEER_DATA].sequence_number;
ssh_debug_printf("%s->sequence_number{SSH_MSG_KEX_DH_GEX_GROUP}++ > %d\n", SERVER_PEER_DATA?"serveur":"client", global_data->peer_data[SERVER_PEER_DATA].sequence_number);
}
*seq_num = global_data->peer_data[SERVER_PEER_DATA].seq_num_gex_grp;
break;
case SSH_MSG_KEX_DH_GEX_INIT:
#ifdef SSH_DECRYPTION_SUPPORTED
// e (Client public key)
if (!ssh_read_e(tvb, offset, global_data)) {
proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
"Invalid key length: %u", tvb_get_ntohl(tvb, offset));
}
#endif
offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_e);
if(global_data->peer_data[CLIENT_PEER_DATA].seq_num_gex_ini == 0){
global_data->peer_data[CLIENT_PEER_DATA].sequence_number++;
global_data->peer_data[CLIENT_PEER_DATA].seq_num_gex_ini = global_data->peer_data[CLIENT_PEER_DATA].sequence_number;
ssh_debug_printf("%s->sequence_number{SSH_MSG_KEX_DH_GEX_INIT}++ > %d\n", CLIENT_PEER_DATA?"serveur":"client", global_data->peer_data[CLIENT_PEER_DATA].sequence_number);
}
*seq_num = global_data->peer_data[CLIENT_PEER_DATA].seq_num_gex_ini;
break;
case SSH_MSG_KEX_DH_GEX_REPLY:
offset += ssh_tree_add_hostkey(tvb, offset, tree, "KEX host key",
ett_key_exchange_host_key, global_data);
#ifdef SSH_DECRYPTION_SUPPORTED
if (!PINFO_FD_VISITED(pinfo)) {
ssh_read_f(tvb, offset, global_data);
// f (server ephemeral key public part), K_S (host key)
ssh_keylog_hash_write_secret(global_data);
}
ssh_choose_enc_mac(global_data);
ssh_keylog_hash_write_secret(global_data);
#endif
offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_f);
offset += ssh_tree_add_hostsignature(tvb, pinfo, offset, tree, "KEX host signature",
ett_key_exchange_host_sig, global_data);
if(global_data->peer_data[SERVER_PEER_DATA].seq_num_gex_rep == 0){
global_data->peer_data[SERVER_PEER_DATA].sequence_number++;
global_data->peer_data[SERVER_PEER_DATA].seq_num_gex_rep = global_data->peer_data[SERVER_PEER_DATA].sequence_number;
ssh_debug_printf("%s->sequence_number{SSH_MSG_KEX_DH_GEX_REPLY}++ > %d\n", SERVER_PEER_DATA?"serveur":"client", global_data->peer_data[SERVER_PEER_DATA].sequence_number);
}
*seq_num = global_data->peer_data[SERVER_PEER_DATA].seq_num_gex_rep;
break;
case SSH_MSG_KEX_DH_GEX_REQUEST:{
if (!PINFO_FD_VISITED(pinfo)) {
ssh_hash_buffer_put_uint32(global_data->kex_gex_bits_min, tvb_get_ntohl(tvb, offset));
}
proto_tree_add_item(tree, hf_ssh_dh_gex_min, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
if (!PINFO_FD_VISITED(pinfo)) {
ssh_hash_buffer_put_uint32(global_data->kex_gex_bits_req, tvb_get_ntohl(tvb, offset));
}
proto_tree_add_item(tree, hf_ssh_dh_gex_nbits, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
if (!PINFO_FD_VISITED(pinfo)) {
ssh_hash_buffer_put_uint32(global_data->kex_gex_bits_max, tvb_get_ntohl(tvb, offset));
}
proto_tree_add_item(tree, hf_ssh_dh_gex_max, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
if(global_data->peer_data[CLIENT_PEER_DATA].seq_num_gex_req == 0){
global_data->peer_data[CLIENT_PEER_DATA].sequence_number++;
global_data->peer_data[CLIENT_PEER_DATA].seq_num_gex_req = global_data->peer_data[CLIENT_PEER_DATA].sequence_number;
ssh_debug_printf("%s->sequence_number{SSH_MSG_KEX_DH_GEX_REQUEST}++ > %d\n", CLIENT_PEER_DATA?"serveur":"client", global_data->peer_data[CLIENT_PEER_DATA].sequence_number);
}
*seq_num = global_data->peer_data[CLIENT_PEER_DATA].seq_num_gex_req;
break;
}
}
return offset;
}
static int
ssh_dissect_kex_ecdh(guint8 msg_code, tvbuff_t *tvb,
packet_info *pinfo, int offset, proto_tree *tree,
struct ssh_flow_data *global_data, guint *seq_num)
{
proto_tree_add_item(tree, hf_ssh2_kex_ecdh_msg_code, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
col_append_sep_str(pinfo->cinfo, COL_INFO, NULL,
val_to_str(msg_code, ssh2_kex_ecdh_msg_vals, "Unknown (%u)"));
switch (msg_code) {
case SSH_MSG_KEX_ECDH_INIT:
if (!ssh_read_e(tvb, offset, global_data)) {
proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
"Invalid key length: %u", tvb_get_ntohl(tvb, offset));
}
if (!PINFO_FD_VISITED(pinfo)) {
if(global_data->peer_data[CLIENT_PEER_DATA].seq_num_ecdh_ini == 0){
global_data->peer_data[CLIENT_PEER_DATA].seq_num_ecdh_ini = global_data->peer_data[CLIENT_PEER_DATA].sequence_number;
global_data->peer_data[CLIENT_PEER_DATA].sequence_number++;
ssh_debug_printf("%s->sequence_number{SSH_MSG_KEX_ECDH_INIT=%d}++ > %d\n", CLIENT_PEER_DATA?"server":"client", global_data->peer_data[CLIENT_PEER_DATA].seq_num_ecdh_ini, global_data->peer_data[CLIENT_PEER_DATA].sequence_number);
}
}
*seq_num = global_data->peer_data[CLIENT_PEER_DATA].seq_num_ecdh_ini;
offset += ssh_tree_add_string(tvb, offset, tree, hf_ssh_ecdh_q_c, hf_ssh_ecdh_q_c_length);
break;
case SSH_MSG_KEX_ECDH_REPLY:
offset += ssh_tree_add_hostkey(tvb, offset, tree, "KEX host key",
ett_key_exchange_host_key, global_data);
if (!ssh_read_f(tvb, offset, global_data)){
proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
"Invalid key length: %u", tvb_get_ntohl(tvb, offset));
}
ssh_choose_enc_mac(global_data);
ssh_keylog_hash_write_secret(global_data);
if(global_data->peer_data[SERVER_PEER_DATA].seq_num_ecdh_rep == 0){
global_data->peer_data[SERVER_PEER_DATA].seq_num_ecdh_rep = global_data->peer_data[SERVER_PEER_DATA].sequence_number;
global_data->peer_data[SERVER_PEER_DATA].sequence_number++;
ssh_debug_printf("%s->sequence_number{SSH_MSG_KEX_ECDH_REPLY=%d}++ > %d\n", SERVER_PEER_DATA?"server":"client", global_data->peer_data[SERVER_PEER_DATA].seq_num_ecdh_rep, global_data->peer_data[SERVER_PEER_DATA].sequence_number);
}
*seq_num = global_data->peer_data[SERVER_PEER_DATA].seq_num_ecdh_rep;
offset += ssh_tree_add_string(tvb, offset, tree, hf_ssh_ecdh_q_s, hf_ssh_ecdh_q_s_length);
offset += ssh_tree_add_hostsignature(tvb, pinfo, offset, tree, "KEX host signature",
ett_key_exchange_host_sig, global_data);
break;
}
return offset;
}
static int
ssh_try_dissect_encrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
struct ssh_peer_data *peer_data, int offset, proto_tree *tree)
{
gboolean can_decrypt = peer_data->cipher != NULL;
if (can_decrypt) {
return ssh_decrypt_packet(tvb, pinfo, peer_data, offset, tree);
}
return ssh_dissect_encrypted_packet(tvb, pinfo, peer_data, offset, tree);
}
static int
ssh_dissect_encrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
struct ssh_peer_data *peer_data,
int offset, proto_tree *tree)
{
gint len;
guint plen;
len = tvb_reported_length_remaining(tvb, offset);
col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL, "Encrypted packet (len=%d)", len);
if (tree) {
gint encrypted_len = len;
if (len > 4 && peer_data->length_is_plaintext) {
plen = tvb_get_ntohl(tvb, offset) ;
proto_tree_add_uint(tree, hf_ssh_packet_length, tvb, offset, 4, plen);
encrypted_len -= 4;
}
else if (len > 4) {
proto_tree_add_item(tree, hf_ssh_packet_length_encrypted, tvb, offset, 4, ENC_NA);
encrypted_len -= 4;
}
if (peer_data->mac_length>0)
encrypted_len -= peer_data->mac_length;
proto_tree_add_item(tree, hf_ssh_encrypted_packet,
tvb, offset+4, encrypted_len, ENC_NA);
if (peer_data->mac_length>0)
proto_tree_add_item(tree, hf_ssh_mac_string,
tvb, offset+4+encrypted_len,
peer_data->mac_length, ENC_NA);
}
offset += len;
return offset;
}
static int
ssh_dissect_protocol(tvbuff_t *tvb, packet_info *pinfo,
struct ssh_flow_data *global_data,
int offset, proto_tree *tree, int is_response, guint * version,
gboolean *need_desegmentation)
{
guint remain_length;
gint linelen, protolen;
/*
* If the first packet do not contain the banner,
* it is dump in the middle of a flow or not a ssh at all
*/
if (tvb_strncaseeql(tvb, offset, "SSH-", 4) != 0) {
offset = ssh_dissect_encrypted_packet(tvb, pinfo,
&global_data->peer_data[is_response], offset, tree);
return offset;
}
if (!is_response) {
if (tvb_strncaseeql(tvb, offset, "SSH-2.", 6) == 0) {
*(version) = SSH_VERSION_2;
} else if (tvb_strncaseeql(tvb, offset, "SSH-1.99-", 9) == 0) {
*(version) = SSH_VERSION_2;
} else if (tvb_strncaseeql(tvb, offset, "SSH-1.", 6) == 0) {
*(version) = SSH_VERSION_1;
}
}
/*
* We use "tvb_ensure_captured_length_remaining()" to make sure there
* actually *is* data remaining.
*
* This means we're guaranteed that "remain_length" is positive.
*/
remain_length = tvb_ensure_captured_length_remaining(tvb, offset);
/*linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
*/
linelen = tvb_find_guint8(tvb, offset, -1, '\n');
if (ssh_desegment && pinfo->can_desegment) {
if (linelen == -1 || remain_length < (guint)linelen-offset) {
pinfo->desegment_offset = offset;
pinfo->desegment_len = linelen-remain_length;
*need_desegmentation = TRUE;
return offset;
}
}
if (linelen == -1) {
/* XXX - reassemble across segment boundaries? */
linelen = remain_length;
protolen = linelen;
} else {
linelen = linelen - offset + 1;
if (linelen > 1 && tvb_get_guint8(tvb, offset + linelen - 2) == '\r')
protolen = linelen - 2;
else
protolen = linelen - 1;
}
col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL, "Protocol (%s)",
tvb_format_text(pinfo->pool, tvb, offset, protolen));
// V_C / V_S (client and server identification strings) RFC4253 4.2
// format: SSH-protoversion-softwareversion SP comments [CR LF not incl.]
if (!PINFO_FD_VISITED(pinfo)) {
gchar *data = (gchar *)tvb_memdup(wmem_packet_scope(), tvb, offset, protolen);
if(!is_response){
ssh_hash_buffer_put_string(global_data->kex_client_version, data, protolen);
}else{
ssh_hash_buffer_put_string(global_data->kex_server_version, data, protolen);
}
}
proto_tree_add_item(tree, hf_ssh_protocol,
tvb, offset, protolen, ENC_ASCII);
offset += linelen;
return offset;
}
static void
ssh_set_mac_length(struct ssh_peer_data *peer_data)
{
char *size_str;
guint32 size = 0;
char *mac_name = peer_data->mac;
char *strip;
if (!mac_name)
return;
/* wmem_strdup() never returns NULL */
mac_name = wmem_strdup(NULL, (const gchar *)mac_name);
/* strip trailing "-etm@openssh.com" or "@openssh.com" */
strip = strstr(mac_name, "-etm@openssh.com");
if (strip) {
peer_data->length_is_plaintext = 1;
*strip = '\0';
}
else {
strip = strstr(mac_name, "@openssh.com");
if (strip) *strip = '\0';
}
size_str = g_strrstr(mac_name, "-");
if (size_str && ws_strtou32(size_str + 1, NULL, &size) && size > 0 && size % 8 == 0) {
peer_data->mac_length = size / 8;
}
else if (strcmp(mac_name, "hmac-sha1") == 0) {
peer_data->mac_length = 20;
}
else if (strcmp(mac_name, "hmac-md5") == 0) {
peer_data->mac_length = 16;
}
else if (strcmp(mac_name, "hmac-ripemd160") == 0) {
peer_data->mac_length = 20;
}
else if (strcmp(mac_name, "none") == 0) {
peer_data->mac_length = 0;
}
wmem_free(NULL, mac_name);
}
static void ssh_set_kex_specific_dissector(struct ssh_flow_data *global_data)
{
const char *kex_name = global_data->kex;
if (!kex_name) return;
if (strcmp(kex_name, "diffie-hellman-group-exchange-sha1") == 0 ||
strcmp(kex_name, "diffie-hellman-group-exchange-sha256") == 0)
{
global_data->kex_specific_dissector = ssh_dissect_kex_dh_gex;
}
else if (g_str_has_prefix(kex_name, "ecdh-sha2-") ||
strcmp(kex_name, "curve25519-sha256@libssh.org") == 0 ||
strcmp(kex_name, "curve25519-sha256") == 0 ||
strcmp(kex_name, "curve448-sha512") == 0)
{
global_data->kex_specific_dissector = ssh_dissect_kex_ecdh;
}
else if (strcmp(kex_name, "diffie-hellman-group14-sha256") == 0 ||
strcmp(kex_name, "diffie-hellman-group16-sha512") == 0 ||
strcmp(kex_name, "diffie-hellman-group18-sha512") == 0 ||
strcmp(kex_name, "diffie-hellman-group1-sha1") == 0 ||
strcmp(kex_name, "diffie-hellman-group14-sha1") == 0)
{
global_data->kex_specific_dissector = ssh_dissect_kex_dh;
}
}
static gint
ssh_gslist_compare_strings(gconstpointer a, gconstpointer b)
{
if (a == NULL && b == NULL)
return 0;
if (a == NULL)
return -1;
if (b == NULL)
return 1;
return strcmp((const char*)a, (const char*)b);
}
/* expects that *result is NULL */
static void
ssh_choose_algo(gchar *client, gchar *server, gchar **result)
{
gchar **server_strings = NULL;
gchar **client_strings = NULL;
gchar **step;
GSList *server_list = NULL;
if (!client || !server || !result || *result)
return;
server_strings = g_strsplit(server, ",", 0);
for (step = server_strings; *step; step++) {
server_list = g_slist_append(server_list, *step);
}
client_strings = g_strsplit(client, ",", 0);
for (step = client_strings; *step; step++) {
GSList *agreed;
if ((agreed = g_slist_find_custom(server_list, *step, ssh_gslist_compare_strings))) {
*result = wmem_strdup(wmem_file_scope(), (const gchar *)agreed->data);
break;
}
}
g_strfreev(client_strings);
g_slist_free(server_list);
g_strfreev(server_strings);
}
static int
ssh_dissect_key_init(tvbuff_t *tvb, packet_info *pinfo, int offset,
proto_tree *tree, int is_response, struct ssh_flow_data *global_data)
{
int start_offset = offset;
int payload_length;
wmem_strbuf_t *hassh_algo;
gchar *hassh;
proto_item *tf, *ti;
proto_tree *key_init_tree;
struct ssh_peer_data *peer_data = &global_data->peer_data[is_response];
key_init_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_key_init, &tf, "Algorithms");
if (!PINFO_FD_VISITED(pinfo)) {
peer_data->bn_cookie = ssh_kex_make_bignum(tvb_get_ptr(tvb, offset, 16), 16);
}
proto_tree_add_item(key_init_tree, hf_ssh_cookie,
tvb, offset, 16, ENC_NA);
offset += 16;
offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
hf_ssh_kex_algorithms_length, hf_ssh_kex_algorithms,
&peer_data->kex_proposal);
offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
hf_ssh_server_host_key_algorithms_length,
hf_ssh_server_host_key_algorithms, NULL);
offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
hf_ssh_encryption_algorithms_client_to_server_length,
hf_ssh_encryption_algorithms_client_to_server,
&peer_data->enc_proposals[CLIENT_TO_SERVER_PROPOSAL]);
offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
hf_ssh_encryption_algorithms_server_to_client_length,
hf_ssh_encryption_algorithms_server_to_client,
&peer_data->enc_proposals[SERVER_TO_CLIENT_PROPOSAL]);
offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
hf_ssh_mac_algorithms_client_to_server_length,
hf_ssh_mac_algorithms_client_to_server,
&peer_data->mac_proposals[CLIENT_TO_SERVER_PROPOSAL]);
offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
hf_ssh_mac_algorithms_server_to_client_length,
hf_ssh_mac_algorithms_server_to_client,
&peer_data->mac_proposals[SERVER_TO_CLIENT_PROPOSAL]);
offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
hf_ssh_compression_algorithms_client_to_server_length,
hf_ssh_compression_algorithms_client_to_server,
&peer_data->comp_proposals[CLIENT_TO_SERVER_PROPOSAL]);
offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
hf_ssh_compression_algorithms_server_to_client_length,
hf_ssh_compression_algorithms_server_to_client,
&peer_data->comp_proposals[SERVER_TO_CLIENT_PROPOSAL]);
offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
hf_ssh_languages_client_to_server_length,
hf_ssh_languages_client_to_server, NULL);
offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
hf_ssh_languages_server_to_client_length,
hf_ssh_languages_server_to_client, NULL);
proto_tree_add_item(key_init_tree, hf_ssh_first_kex_packet_follows,
tvb, offset, 1, ENC_BIG_ENDIAN);
offset+=1;
proto_tree_add_item(key_init_tree, hf_ssh_kex_reserved,
tvb, offset, 4, ENC_NA);
offset+=4;
hassh_algo = wmem_strbuf_new(wmem_packet_scope(), "");
if(!is_response) {
wmem_strbuf_append_printf(hassh_algo, "%s;%s;%s;%s", peer_data->kex_proposal, peer_data->enc_proposals[CLIENT_TO_SERVER_PROPOSAL],
peer_data->mac_proposals[CLIENT_TO_SERVER_PROPOSAL], peer_data->comp_proposals[CLIENT_TO_SERVER_PROPOSAL]);
hassh = g_compute_checksum_for_string(G_CHECKSUM_MD5, wmem_strbuf_get_str(hassh_algo), wmem_strbuf_get_len(hassh_algo));
ti = proto_tree_add_string(key_init_tree, hf_ssh_kex_hassh_algo, tvb, offset, 0, wmem_strbuf_get_str(hassh_algo));
proto_item_set_generated(ti);
ti = proto_tree_add_string(key_init_tree, hf_ssh_kex_hassh, tvb, offset, 0, hassh);
proto_item_set_generated(ti);
g_free(hassh);
} else {
wmem_strbuf_append_printf(hassh_algo, "%s;%s;%s;%s", peer_data->kex_proposal, peer_data->enc_proposals[SERVER_TO_CLIENT_PROPOSAL],
peer_data->mac_proposals[SERVER_TO_CLIENT_PROPOSAL], peer_data->comp_proposals[SERVER_TO_CLIENT_PROPOSAL]);
hassh = g_compute_checksum_for_string(G_CHECKSUM_MD5, wmem_strbuf_get_str(hassh_algo), wmem_strbuf_get_len(hassh_algo));
ti = proto_tree_add_string(key_init_tree, hf_ssh_kex_hasshserver_algo, tvb, offset, 0, wmem_strbuf_get_str(hassh_algo));
proto_item_set_generated(ti);
ti = proto_tree_add_string(key_init_tree, hf_ssh_kex_hasshserver, tvb, offset, 0, hassh);
proto_item_set_generated(ti);
g_free(hassh);
}
if (global_data->peer_data[CLIENT_PEER_DATA].kex_proposal &&
global_data->peer_data[SERVER_PEER_DATA].kex_proposal &&
!global_data->kex)
{
/* Note: we're ignoring first_kex_packet_follows. */
ssh_choose_algo(
global_data->peer_data[CLIENT_PEER_DATA].kex_proposal,
global_data->peer_data[SERVER_PEER_DATA].kex_proposal,
&global_data->kex);
ssh_set_kex_specific_dissector(global_data);
}
payload_length = offset - start_offset;
if (tf != NULL) {
proto_item_set_len(tf, payload_length);
}
// I_C / I_S (client and server SSH_MSG_KEXINIT payload) RFC4253 4.2
if (!PINFO_FD_VISITED(pinfo)) {
gchar *data = (gchar *)wmem_alloc(wmem_packet_scope(), payload_length + 1);
tvb_memcpy(tvb, data + 1, start_offset, payload_length);
data[0] = SSH_MSG_KEXINIT;
if(is_response){
ssh_hash_buffer_put_string(global_data->kex_server_key_exchange_init, data, payload_length + 1);
}else{
ssh_hash_buffer_put_string(global_data->kex_client_key_exchange_init, data, payload_length + 1);
}
}
return offset;
}
static int
ssh_dissect_proposal(tvbuff_t *tvb, int offset, proto_tree *tree,
int hf_index_length, int hf_index_value, char **store)
{
guint32 len = tvb_get_ntohl(tvb, offset);
proto_tree_add_uint(tree, hf_index_length, tvb, offset, 4, len);
offset += 4;
proto_tree_add_item(tree, hf_index_value, tvb, offset, len,
ENC_ASCII);
if (store)
*store = (char *) tvb_get_string_enc(wmem_file_scope(), tvb, offset, len, ENC_ASCII);
offset += len;
return offset;
}
static void
ssh_keylog_read_file(void)
{
if (!pref_keylog_file || !*pref_keylog_file) {
ws_debug("no keylog file preference set");
return;
}
if (ssh_keylog_file && file_needs_reopen(ws_fileno(ssh_keylog_file),
pref_keylog_file)) {
ssh_keylog_reset();
}
if (!ssh_keylog_file) {
ssh_keylog_file = ws_fopen(pref_keylog_file, "r");
if (!ssh_keylog_file) {
ws_debug("ssh: failed to open key log file %s: %s",
pref_keylog_file, g_strerror(errno));
return;
}
}
/* File format: each line follows the format "<cookie> <key>".
* <cookie> is the hex-encoded (client or server) 16 bytes cookie
* (32 characters) found in the SSH_MSG_KEXINIT of the endpoint whose
* private random is disclosed.
* <key> is the private random number that is used to generate the DH
* negotiation (length depends on algorithm). In RFC4253 it is called
* x for the client and y for the server.
* For openssh and DH group exchange, it can be retrieved using
* DH_get0_key(kex->dh, NULL, &server_random)
* for groupN in file kexdh.c function kex_dh_compute_key
* for custom group in file kexgexs.c function input_kex_dh_gex_init
* For openssh and curve25519, it can be found in function kex_c25519_enc
* in variable server_key.
*
* Example:
* 90d886612f9c35903db5bb30d11f23c2 DEF830C22F6C927E31972FFB20B46C96D0A5F2D5E7BE5A3A8804D6BFC431619ED10AF589EEDFF4750DEA00EFD7AFDB814B6F3528729692B1F2482041521AE9DC
*/
for (;;) {
char buf[512];
buf[0] = 0;
if (!fgets(buf, sizeof(buf), ssh_keylog_file)) {
if (ferror(ssh_keylog_file)) {
ws_debug("Error while reading %s, closing it.", pref_keylog_file);
ssh_keylog_reset();
}
break;
}
size_t len = strlen(buf);
while(len>0 && (buf[len-1]=='\r' || buf[len-1]=='\n')){len-=1;buf[len]=0;}
ssh_keylog_process_line(buf);
}
}
static void
ssh_keylog_process_lines(const guint8 *data, guint datalen)
{
const char *next_line = (const char *)data;
const char *line_end = next_line + datalen;
while (next_line && next_line < line_end) {
const char *line = next_line;
next_line = (const char *)memchr(line, '\n', line_end - line);
gssize linelen;
if (next_line) {
linelen = next_line - line;
next_line++; /* drop LF */
} else {
linelen = (gssize)(line_end - line);
}
if (linelen > 0 && line[linelen - 1] == '\r') {
linelen--; /* drop CR */
}
ssh_debug_printf(" checking keylog line: %.*s\n", (int)linelen, line);
gchar * strippedline = g_strndup(line, linelen);
ssh_keylog_process_line(strippedline);
g_free(strippedline);
}
}
static void
ssh_keylog_process_line(const char *line)
{
ws_noisy("ssh: process line: %s", line);
gchar **split = g_strsplit(line, " ", 2);
gchar *cookie, *key;
size_t cookie_len, key_len;
if (g_strv_length(split) != 2) {
ws_debug("ssh keylog: invalid format");
g_strfreev(split);
return;
}
// [cookie of corresponding key] [key]
cookie = split[0];
key = split[1];
key_len = strlen(key);
cookie_len = strlen(cookie);
if(key_len & 1){
ws_debug("ssh keylog: invalid format (key could at least be even!)");
g_strfreev(split);
return;
}
if(cookie_len & 1){
ws_debug("ssh keylog: invalid format (cookie could at least be even!)");
g_strfreev(split);
return;
}
ssh_bignum * bn_cookie = ssh_kex_make_bignum(NULL, (guint)(cookie_len/2));
ssh_bignum * bn_priv = ssh_kex_make_bignum(NULL, (guint)(key_len/2));
guint8 c;
for (size_t i = 0; i < key_len/2; i ++) {
gchar v0 = key[i * 2];
gint8 h0 = (v0>='0' && v0<='9')?v0-'0':(v0>='a' && v0<='f')?v0-'a'+10:(v0>='A' && v0<='F')?v0-'A'+10:-1;
gchar v1 = key[i * 2 + 1];
gint8 h1 = (v1>='0' && v1<='9')?v1-'0':(v1>='a' && v1<='f')?v1-'a'+10:(v1>='A' && v1<='F')?v1-'A'+10:-1;
if (h0==-1 || h1==-1) {
ws_debug("ssh: can't process key, invalid hex number: %c%c", v0, v1);
g_strfreev(split);
return;
}
c = (h0 << 4) | h1;
bn_priv->data[i] = c;
}
for (size_t i = 0; i < cookie_len/2; i ++) {
gchar v0 = cookie[i * 2];
gint8 h0 = (v0>='0' && v0<='9')?v0-'0':(v0>='a' && v0<='f')?v0-'a'+10:(v0>='A' && v0<='F')?v0-'A'+10:-1;
gchar v1 = cookie[i * 2 + 1];
gint8 h1 = (v1>='0' && v1<='9')?v1-'0':(v1>='a' && v1<='f')?v1-'a'+10:(v1>='A' && v1<='F')?v1-'A'+10:-1;
if (h0==-1 || h1==-1) {
ws_debug("ssh: can't process cookie, invalid hex number: %c%c", v0, v1);
g_strfreev(split);
return;
}
c = (h0 << 4) | h1;
bn_cookie->data[i] = c;
}
g_hash_table_insert(ssh_master_key_map, bn_cookie, bn_priv);
g_strfreev(split);
}
static void
ssh_keylog_reset(void)
{
if (ssh_keylog_file) {
fclose(ssh_keylog_file);
ssh_keylog_file = NULL;
}
}
static guint
ssh_kex_type(gchar *type)
{
if (type) {
if (g_str_has_prefix(type, "curve25519")) {
return SSH_KEX_CURVE25519;
}else if (g_str_has_prefix(type, "diffie-hellman-group-exchange")) {
return SSH_KEX_DH_GEX;
}else if (g_str_has_prefix(type, "diffie-hellman-group14")) {
return SSH_KEX_DH_GROUP14;
}else if (g_str_has_prefix(type, "diffie-hellman-group16")) {
return SSH_KEX_DH_GROUP16;
}else if (g_str_has_prefix(type, "diffie-hellman-group18")) {
return SSH_KEX_DH_GROUP18;
}else if (g_str_has_prefix(type, "diffie-hellman-group1")) {
return SSH_KEX_DH_GROUP1;
}
}
return 0;
}
static guint
ssh_kex_hash_type(gchar *type_string)
{
if (type_string && g_str_has_suffix(type_string, "sha1")) {
return SSH_KEX_HASH_SHA1;
}else if (type_string && g_str_has_suffix(type_string, "sha256")) {
return SSH_KEX_HASH_SHA256;
}else if (type_string && g_str_has_suffix(type_string, "sha512")) {
return SSH_KEX_HASH_SHA512;
} else {
ws_debug("hash type %s not supported", type_string);
return 0;
}
}
static ssh_bignum *
ssh_kex_make_bignum(const guint8 *data, guint length)
{
// 512 bytes (4096 bits) is the maximum bignum size we're supporting
// Actually we need 513 bytes, to make provision for signed values
// Diffie-Hellman group 18 has 8192 bits
if (length == 0 || length > 1025) {
return NULL;
}
ssh_bignum *bn = wmem_new0(wmem_file_scope(), ssh_bignum);
bn->data = (guint8 *)wmem_alloc0(wmem_file_scope(), length);
if (data) {
memcpy(bn->data, data, length);
}
bn->length = length;
return bn;
}
static gboolean
ssh_read_e(tvbuff_t *tvb, int offset, struct ssh_flow_data *global_data)
{
// store the client's public part (e) for later usage
guint32 length = tvb_get_ntohl(tvb, offset);
global_data->kex_e = ssh_kex_make_bignum(NULL, length);
if (!global_data->kex_e) {
return false;
}
tvb_memcpy(tvb, global_data->kex_e->data, offset + 4, length);
return true;
}
static gboolean
ssh_read_f(tvbuff_t *tvb, int offset, struct ssh_flow_data *global_data)
{
// store the server's public part (f) for later usage
guint32 length = tvb_get_ntohl(tvb, offset);
global_data->kex_f = ssh_kex_make_bignum(NULL, length);
if (!global_data->kex_f) {
return false;
}
tvb_memcpy(tvb, global_data->kex_f->data, offset + 4, length);
return true;
}
#ifdef SSH_DECRYPTION_SUPPORTED
static ssh_bignum *
ssh_read_mpint(tvbuff_t *tvb, int offset)
{
// store the DH group modulo (p) for later usage
int length = tvb_get_ntohl(tvb, offset);
ssh_bignum * bn = ssh_kex_make_bignum(NULL, length);
if (!bn) {
ws_debug("invalid bignum length %u", length);
return NULL;
}
tvb_memcpy(tvb, bn->data, offset + 4, length);
return bn;
}
#endif //def SSH_DECRYPTION_SUPPORTED
static void
ssh_keylog_hash_write_secret(struct ssh_flow_data *global_data)
{
/*
* This computation is defined differently for each key exchange method:
* https://tools.ietf.org/html/rfc4253#page-23
* https://tools.ietf.org/html/rfc5656#page-8
* https://tools.ietf.org/html/rfc4419#page-4
* All key exchange methods:
* https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16
*/
gcry_md_hd_t hd;
ssh_bignum *secret = NULL, *priv;
int length;
ssh_keylog_read_file();
guint kex_type = ssh_kex_type(global_data->kex);
guint kex_hash_type = ssh_kex_hash_type(global_data->kex);
priv = (ssh_bignum *)g_hash_table_lookup(ssh_master_key_map, global_data->peer_data[SERVER_PEER_DATA].bn_cookie);
if(priv){
secret = ssh_kex_shared_secret(kex_type, global_data->kex_e, priv, global_data->kex_gex_p);
}else{
priv = (ssh_bignum *)g_hash_table_lookup(ssh_master_key_map, global_data->peer_data[CLIENT_PEER_DATA].bn_cookie);
if(priv){
secret = ssh_kex_shared_secret(kex_type, global_data->kex_f, priv, global_data->kex_gex_p);
}
}
if (!secret) {
ws_debug("ssh decryption: no private key for this session");
global_data->do_decrypt = FALSE;
return;
}
// shared secret data needs to be written as an mpint, and we need it later
if (secret->data[0] & 0x80) { // Stored in Big endian
length = secret->length + 1;
gchar *tmp = (gchar *)wmem_alloc0(wmem_packet_scope(), length);
memcpy(tmp + 1, secret->data, secret->length);
tmp[0] = 0;
secret->data = tmp;
secret->length = length;
}
ssh_hash_buffer_put_string(global_data->kex_shared_secret, secret->data, secret->length);
wmem_array_t * kex_gex_p = wmem_array_new(wmem_packet_scope(), 1);
if(global_data->kex_gex_p){ssh_hash_buffer_put_string(kex_gex_p, global_data->kex_gex_p->data, global_data->kex_gex_p->length);}
wmem_array_t * kex_gex_g = wmem_array_new(wmem_packet_scope(), 1);
if(global_data->kex_gex_g){ssh_hash_buffer_put_string(kex_gex_g, global_data->kex_gex_g->data, global_data->kex_gex_g->length);}
wmem_array_t * kex_e = wmem_array_new(wmem_packet_scope(), 1);
if(global_data->kex_e){ssh_hash_buffer_put_string(kex_e, global_data->kex_e->data, global_data->kex_e->length);}
wmem_array_t * kex_f = wmem_array_new(wmem_packet_scope(), 1);
if(global_data->kex_f){ssh_hash_buffer_put_string(kex_f, global_data->kex_f->data, global_data->kex_f->length);}
wmem_array_t * kex_hash_buffer = wmem_array_new(wmem_packet_scope(), 1);
ssh_print_data("client_version", (const guchar *)wmem_array_get_raw(global_data->kex_client_version), wmem_array_get_count(global_data->kex_client_version));
wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_client_version), wmem_array_get_count(global_data->kex_client_version));
ssh_print_data("server_version", (const guchar *)wmem_array_get_raw(global_data->kex_server_version), wmem_array_get_count(global_data->kex_server_version));
wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_server_version), wmem_array_get_count(global_data->kex_server_version));
ssh_print_data("client_key_exchange_init", (const guchar *)wmem_array_get_raw(global_data->kex_client_key_exchange_init), wmem_array_get_count(global_data->kex_client_key_exchange_init));
wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_client_key_exchange_init), wmem_array_get_count(global_data->kex_client_key_exchange_init));
ssh_print_data("server_key_exchange_init", (const guchar *)wmem_array_get_raw(global_data->kex_server_key_exchange_init), wmem_array_get_count(global_data->kex_server_key_exchange_init));
wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_server_key_exchange_init), wmem_array_get_count(global_data->kex_server_key_exchange_init));
ssh_print_data("kex_server_host_key_blob", (const guchar *)wmem_array_get_raw(global_data->kex_server_host_key_blob), wmem_array_get_count(global_data->kex_server_host_key_blob));
wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_server_host_key_blob), wmem_array_get_count(global_data->kex_server_host_key_blob));
if(kex_type==SSH_KEX_DH_GEX){
ssh_print_data("kex_gex_bits_min", (const guchar *)wmem_array_get_raw(global_data->kex_gex_bits_min), wmem_array_get_count(global_data->kex_gex_bits_min));
wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_gex_bits_min), wmem_array_get_count(global_data->kex_gex_bits_min));
ssh_print_data("kex_gex_bits_req", (const guchar *)wmem_array_get_raw(global_data->kex_gex_bits_req), wmem_array_get_count(global_data->kex_gex_bits_req));
wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_gex_bits_req), wmem_array_get_count(global_data->kex_gex_bits_req));
ssh_print_data("kex_gex_bits_max", (const guchar *)wmem_array_get_raw(global_data->kex_gex_bits_max), wmem_array_get_count(global_data->kex_gex_bits_max));
wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_gex_bits_max), wmem_array_get_count(global_data->kex_gex_bits_max));
ssh_print_data("key modulo (p)", (const guchar *)wmem_array_get_raw(kex_gex_p), wmem_array_get_count(kex_gex_p));
wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_gex_p), wmem_array_get_count(kex_gex_p));
ssh_print_data("key base (g)", (const guchar *)wmem_array_get_raw(kex_gex_g), wmem_array_get_count(kex_gex_g));
wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_gex_g), wmem_array_get_count(kex_gex_g));
ssh_print_data("key client (e)", (const guchar *)wmem_array_get_raw(kex_e), wmem_array_get_count(kex_e));
wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_e), wmem_array_get_count(kex_e));
ssh_print_data("key server (f)", (const guchar *)wmem_array_get_raw(kex_f), wmem_array_get_count(kex_f));
wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_f), wmem_array_get_count(kex_f));
}
if(kex_type==SSH_KEX_DH_GROUP1 || kex_type==SSH_KEX_DH_GROUP14 || kex_type==SSH_KEX_DH_GROUP16 || kex_type==SSH_KEX_DH_GROUP18){
ssh_print_data("key client (e)", (const guchar *)wmem_array_get_raw(kex_e), wmem_array_get_count(kex_e));
wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_e), wmem_array_get_count(kex_e));
ssh_print_data("key server (f)", (const guchar *)wmem_array_get_raw(kex_f), wmem_array_get_count(kex_f));
wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_f), wmem_array_get_count(kex_f));
}
if(kex_type==SSH_KEX_CURVE25519){
ssh_print_data("key client (Q_C)", (const guchar *)wmem_array_get_raw(kex_e), wmem_array_get_count(kex_e));
wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_e), wmem_array_get_count(kex_e));
ssh_print_data("key server (Q_S)", (const guchar *)wmem_array_get_raw(kex_f), wmem_array_get_count(kex_f));
wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_f), wmem_array_get_count(kex_f));
}
ssh_print_data("shared secret", (const guchar *)wmem_array_get_raw(global_data->kex_shared_secret), wmem_array_get_count(global_data->kex_shared_secret));
wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_shared_secret), wmem_array_get_count(global_data->kex_shared_secret));
ssh_print_data("exchange", (const guchar *)wmem_array_get_raw(kex_hash_buffer), wmem_array_get_count(kex_hash_buffer));
guint hash_len = 32;
if(kex_hash_type==SSH_KEX_HASH_SHA1) {
gcry_md_open(&hd, GCRY_MD_SHA1, 0);
hash_len = 20;
} else if(kex_hash_type==SSH_KEX_HASH_SHA256) {
gcry_md_open(&hd, GCRY_MD_SHA256, 0);
hash_len = 32;
} else if(kex_hash_type==SSH_KEX_HASH_SHA512) {
gcry_md_open(&hd, GCRY_MD_SHA512, 0);
hash_len = 64;
} else {
ws_debug("kex_hash_type type %d not supported", kex_hash_type);
return;
}
gchar *exchange_hash = (gchar *)wmem_alloc0(wmem_file_scope(), hash_len);
gcry_md_write(hd, wmem_array_get_raw(kex_hash_buffer), wmem_array_get_count(kex_hash_buffer));
memcpy(exchange_hash, gcry_md_read(hd, 0), hash_len);
gcry_md_close(hd);
ssh_print_data("hash", exchange_hash, hash_len);
global_data->secret = secret;
ssh_derive_symmetric_keys(secret, exchange_hash, hash_len, global_data);
}
// the purpose of this function is to deal with all different kex methods
static ssh_bignum *
ssh_kex_shared_secret(gint kex_type, ssh_bignum *pub, ssh_bignum *priv, ssh_bignum *modulo)
{
DISSECTOR_ASSERT(pub != NULL);
DISSECTOR_ASSERT(priv != NULL);
ssh_bignum *secret = ssh_kex_make_bignum(NULL, pub->length);
if (!secret) {
ws_debug("invalid key length %u", pub->length);
return NULL;
}
if(kex_type==SSH_KEX_DH_GEX){
gcry_mpi_t b = NULL;
gcry_mpi_scan(&b, GCRYMPI_FMT_USG, pub->data, pub->length, NULL);
gcry_mpi_t d = NULL, e = NULL, m = NULL;
size_t result_len = 0;
d = gcry_mpi_new(pub->length*8);
gcry_mpi_scan(&e, GCRYMPI_FMT_USG, priv->data, priv->length, NULL);
gcry_mpi_scan(&m, GCRYMPI_FMT_USG, modulo->data, modulo->length, NULL);
gcry_mpi_powm(d, b, e, m); // gcry_mpi_powm(d, b, e, m) => d = b^e % m
gcry_mpi_print(GCRYMPI_FMT_USG, secret->data, secret->length, &result_len, d);
secret->length = (guint)result_len; // Should not be larger than what fits in a 32-bit unsigned integer...
gcry_mpi_release(d);
gcry_mpi_release(b);
gcry_mpi_release(e);
gcry_mpi_release(m);
}else if(kex_type==SSH_KEX_DH_GROUP1 || kex_type==SSH_KEX_DH_GROUP14 || kex_type==SSH_KEX_DH_GROUP16 || kex_type==SSH_KEX_DH_GROUP18){
gcry_mpi_t m = NULL;
if(kex_type==SSH_KEX_DH_GROUP1){
static const guint8 p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,};
gcry_mpi_scan(&m, GCRYMPI_FMT_USG, p, sizeof(p), NULL);
}else if(kex_type==SSH_KEX_DH_GROUP14){
//p:FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF
static const guint8 p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
gcry_mpi_scan(&m, GCRYMPI_FMT_USG, p, sizeof(p), NULL);
}else if(kex_type==SSH_KEX_DH_GROUP16){
//p:FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF
static const guint8 p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,};
gcry_mpi_scan(&m, GCRYMPI_FMT_USG, p, sizeof(p), NULL);
}else if(kex_type==SSH_KEX_DH_GROUP18){
//p:FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF
static const guint8 p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26,
0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE,
0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18,
0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42,
0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC,
0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E,
0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE,
0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0,
0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76,
0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68,
0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6,
0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4,
0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA,
0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00, 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED,
0x25, 0x76, 0xF6, 0x93, 0x6B, 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68,
0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D,
0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9, 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07,
0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B,
0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, 0x7F, 0xA2, 0xC0, 0x87, 0xE8,
0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A, 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6,
0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36,
0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5, 0x08, 0x46, 0x85, 0x1D,
0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1, 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73,
0xFA, 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68, 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92,
0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E, 0xD5, 0xEE, 0x38, 0x2B,
0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47, 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA,
0x9E, 0x30, 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF, 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71,
0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,};
gcry_mpi_scan(&m, GCRYMPI_FMT_USG, p, sizeof(p), NULL);
}
gcry_mpi_t b = NULL;
gcry_mpi_scan(&b, GCRYMPI_FMT_USG, pub->data, pub->length, NULL);
gcry_mpi_t d = NULL, e = NULL;
size_t result_len = 0;
d = gcry_mpi_new(pub->length*8);
gcry_mpi_scan(&e, GCRYMPI_FMT_USG, priv->data, priv->length, NULL);
gcry_mpi_powm(d, b, e, m); // gcry_mpi_powm(d, b, e, m) => d = b^e % m
gcry_mpi_print(GCRYMPI_FMT_USG, secret->data, secret->length, &result_len, d);
secret->length = (guint)result_len; // Should not be larger than what fits in a 32-bit unsigned integer...
gcry_mpi_release(d);
gcry_mpi_release(b);
gcry_mpi_release(e);
gcry_mpi_release(m);
}else if(kex_type==SSH_KEX_CURVE25519){
if (crypto_scalarmult_curve25519(secret->data, priv->data, pub->data)) {
ws_debug("curve25519: can't compute shared secret");
return NULL;
}
} else {
ws_debug("kex_type type %d not supported", kex_type);
return 0;
}
return secret;
}
static gchar *
ssh_string(const gchar *string, guint length)
{
gchar *ssh_string = (gchar *)wmem_alloc(wmem_packet_scope(), length + 4);
ssh_string[0] = (length >> 24) & 0xff;
ssh_string[1] = (length >> 16) & 0xff;
ssh_string[2] = (length >> 8) & 0xff;
ssh_string[3] = length & 0xff;
memcpy(ssh_string + 4, string, length);
return ssh_string;
}
static void
ssh_hash_buffer_put_string(wmem_array_t *buffer, const gchar *string,
guint length)
{
if (!buffer) {
return;
}
gchar *string_with_length = ssh_string(string, length);
wmem_array_append(buffer, string_with_length, length + 4);
}
static void
ssh_hash_buffer_put_uint32(wmem_array_t *buffer, guint val)
{
if (!buffer) {
return;
}
gchar buf[4];
buf[0] = (val >> 24); buf[1] = (val >> 16); buf[2] = (val >> 8); buf[3] = (val >> 0);
wmem_array_append(buffer, buf, 4);
}
static void ssh_derive_symmetric_keys(ssh_bignum *secret, gchar *exchange_hash,
guint hash_length, struct ssh_flow_data *global_data)
{
if (!global_data->session_id) {
global_data->session_id = exchange_hash;
global_data->session_id_length = hash_length;
}
unsigned int we_need = 0;
for(int peer_cnt=0;peer_cnt<2;peer_cnt++){
struct ssh_peer_data * peer_data = &global_data->peer_data[peer_cnt];
// required size of key depends on cipher used. chacha20 wants 64 bytes
guint need = 0;
if (GCRY_CIPHER_CHACHA20 == peer_data->cipher_id) {
need = 64;
} else if (CIPHER_AES128_CBC == peer_data->cipher_id || CIPHER_AES128_CTR == peer_data->cipher_id || CIPHER_AES128_GCM == peer_data->cipher_id) {
need = 16;
} else if (CIPHER_AES192_CBC == peer_data->cipher_id || CIPHER_AES192_CTR == peer_data->cipher_id) {
need = 24;
} else if (CIPHER_AES256_CBC == peer_data->cipher_id || CIPHER_AES256_CTR == peer_data->cipher_id || CIPHER_AES256_GCM == peer_data->cipher_id) {
need = 32;
} else {
ssh_debug_printf("ssh: cipher (%d) is unknown or not set\n", peer_data->cipher_id);
ssh_debug_flush();
}
if(peer_data->mac_id == CIPHER_MAC_SHA2_256){
need = 32;
}else{
ssh_debug_printf("ssh: MAC (%d) is unknown or not set\n", peer_data->mac_id);
ssh_debug_flush();
}
if (we_need<need) {
we_need = need;
}
}
for (int i = 0; i < 6; i ++) {
ssh_derive_symmetric_key(secret, exchange_hash, hash_length,
'A' + i, &global_data->new_keys[i], global_data, we_need);
if(i==0){ ssh_print_data("Initial IV client to server", global_data->new_keys[i].data, global_data->new_keys[i].length);
}else if(i==1){ ssh_print_data("Initial IV server to client", global_data->new_keys[i].data, global_data->new_keys[i].length);
}else if(i==2){ ssh_print_data("Encryption key client to server", global_data->new_keys[i].data, global_data->new_keys[i].length);
}else if(i==3){ ssh_print_data("Encryption key server to client", global_data->new_keys[i].data, global_data->new_keys[i].length);
}else if(i==4){ ssh_print_data("Integrity key client to server", global_data->new_keys[i].data, global_data->new_keys[i].length);
}else if(i==5){ ssh_print_data("Integrity key server to client", global_data->new_keys[i].data, global_data->new_keys[i].length);
}
}
}
static void ssh_derive_symmetric_key(ssh_bignum *secret, gchar *exchange_hash,
guint hash_length, gchar id, ssh_bignum *result_key,
struct ssh_flow_data *global_data, guint we_need)
{
gcry_md_hd_t hd;
guint kex_hash_type = ssh_kex_hash_type(global_data->kex);
int algo = GCRY_MD_SHA256;
if(kex_hash_type==SSH_KEX_HASH_SHA1){
algo = GCRY_MD_SHA1;
}else if(kex_hash_type==SSH_KEX_HASH_SHA256){
algo = GCRY_MD_SHA256;
}else if(kex_hash_type==SSH_KEX_HASH_SHA512){
algo = GCRY_MD_SHA512;
}
guint len = gcry_md_get_algo_dlen(algo);
result_key->data = (guchar *)wmem_alloc(wmem_file_scope(), we_need);
gchar *secret_with_length = ssh_string(secret->data, secret->length);
if (gcry_md_open(&hd, algo, 0) == 0) {
gcry_md_write(hd, secret_with_length, secret->length + 4);
gcry_md_write(hd, exchange_hash, hash_length);
gcry_md_putc(hd, id);
gcry_md_write(hd, global_data->session_id, hash_length);
guint add_length = MIN(len, we_need);
memcpy(result_key->data, gcry_md_read(hd, 0), add_length);
gcry_md_close(hd);
}
// expand key
for (guint have = len; have < we_need; have += len) {
if (gcry_md_open(&hd, algo, 0) == 0) {
gcry_md_write(hd, secret_with_length, secret->length + 4);
gcry_md_write(hd, exchange_hash, hash_length);
gcry_md_write(hd, result_key->data+have-len, len);
guint add_length = MIN(len, we_need - have);
memcpy(result_key->data+have, gcry_md_read(hd, 0), add_length);
gcry_md_close(hd);
}
}
result_key->length = we_need;
}
static void
ssh_choose_enc_mac(struct ssh_flow_data *global_data)
{
for(int peer_cnt=0;peer_cnt<2;peer_cnt++){
struct ssh_peer_data * peer_data = &global_data->peer_data[peer_cnt];
ssh_choose_algo(global_data->peer_data[CLIENT_PEER_DATA].enc_proposals[peer_cnt],
global_data->peer_data[SERVER_PEER_DATA].enc_proposals[peer_cnt],
&peer_data->enc);
/* some ciphers have their own MAC so the "negotiated" one is meaningless */
if(peer_data->enc && (0 == strcmp(peer_data->enc, "aes128-gcm@openssh.com") ||
0 == strcmp(peer_data->enc, "aes256-gcm@openssh.com"))) {
peer_data->mac = wmem_strdup(wmem_file_scope(), (const gchar *)"<implicit>");
peer_data->mac_length = 16;
peer_data->length_is_plaintext = 1;
}
else if(peer_data->enc && 0 == strcmp(peer_data->enc, "chacha20-poly1305@openssh.com")) {
peer_data->mac = wmem_strdup(wmem_file_scope(), (const gchar *)"<implicit>");
peer_data->mac_length = 16;
}
else {
ssh_choose_algo(global_data->peer_data[CLIENT_PEER_DATA].mac_proposals[peer_cnt],
global_data->peer_data[SERVER_PEER_DATA].mac_proposals[peer_cnt],
&peer_data->mac);
ssh_set_mac_length(peer_data);
}
ssh_choose_algo(global_data->peer_data[CLIENT_PEER_DATA].comp_proposals[peer_cnt],
global_data->peer_data[SERVER_PEER_DATA].comp_proposals[peer_cnt],
&peer_data->comp);
}
ssh_decryption_set_cipher_id(&global_data->peer_data[CLIENT_PEER_DATA]);
ssh_decryption_set_mac_id(&global_data->peer_data[CLIENT_PEER_DATA]);
ssh_decryption_set_cipher_id(&global_data->peer_data[SERVER_PEER_DATA]);
ssh_decryption_set_mac_id(&global_data->peer_data[SERVER_PEER_DATA]);
}
static void
ssh_decryption_set_cipher_id(struct ssh_peer_data *peer)
{
gchar *cipher_name = peer->enc;
if (!cipher_name) {
peer->cipher = NULL;
ws_debug("ERROR: cipher_name is NULL");
} else if (0 == strcmp(cipher_name, "chacha20-poly1305@openssh.com")) {
peer->cipher_id = GCRY_CIPHER_CHACHA20;
} else if (0 == strcmp(cipher_name, "aes128-gcm@openssh.com")) {
peer->cipher_id = CIPHER_AES128_GCM;
} else if (0 == strcmp(cipher_name, "aes128-gcm")) {
peer->cipher_id = CIPHER_AES128_GCM;
} else if (0 == strcmp(cipher_name, "aes256-gcm@openssh.com")) {
peer->cipher_id = CIPHER_AES256_GCM;
} else if (0 == strcmp(cipher_name, "aes256-gcm")) {
peer->cipher_id = CIPHER_AES256_GCM;
} else if (0 == strcmp(cipher_name, "aes128-cbc")) {
peer->cipher_id = CIPHER_AES128_CBC;
} else if (0 == strcmp(cipher_name, "aes192-cbc")) {
peer->cipher_id = CIPHER_AES192_CBC;
} else if (0 == strcmp(cipher_name, "aes256-cbc")) {
peer->cipher_id = CIPHER_AES256_CBC;
} else if (0 == strcmp(cipher_name, "aes128-ctr")) {
peer->cipher_id = CIPHER_AES128_CTR;
} else if (0 == strcmp(cipher_name, "aes192-ctr")) {
peer->cipher_id = CIPHER_AES192_CTR;
} else if (0 == strcmp(cipher_name, "aes256-ctr")) {
peer->cipher_id = CIPHER_AES256_CTR;
} else {
peer->cipher = NULL;
ws_debug("decryption not supported: %s", cipher_name);
}
}
static void
ssh_decryption_set_mac_id(struct ssh_peer_data *peer)
{
gchar *mac_name = peer->mac;
if (!mac_name) {
peer->mac = NULL;
ws_debug("ERROR: mac_name is NULL");
} else if (0 == strcmp(mac_name, "hmac-sha2-256")) {
peer->mac_id = CIPHER_MAC_SHA2_256;
} else {
peer->mac = NULL;
ws_debug("decryption MAC not supported: %s", mac_name);
}
}
static void
ssh_decryption_setup_cipher(struct ssh_peer_data *peer_data,
ssh_bignum *iv, ssh_bignum *key)
{
gcry_error_t err;
gcry_cipher_hd_t *hd1, *hd2;
hd1 = &peer_data->cipher;
hd2 = &peer_data->cipher_2;
if (GCRY_CIPHER_CHACHA20 == peer_data->cipher_id) {
if (gcry_cipher_open(hd1, GCRY_CIPHER_CHACHA20, GCRY_CIPHER_MODE_STREAM, 0) ||
gcry_cipher_open(hd2, GCRY_CIPHER_CHACHA20, GCRY_CIPHER_MODE_STREAM, 0)) {
gcry_cipher_close(*hd1);
gcry_cipher_close(*hd2);
ws_debug("ssh: can't open chacha20 cipher handles");
return;
}
gchar k1[32];
gchar k2[32];
if(key->data){
memcpy(k1, key->data, 32);
memcpy(k2, key->data + 32, 32);
}else{
memset(k1, 0, 32);
memset(k2, 0, 32);
}
ssh_debug_printf("ssh: cipher is chacha20\n");
ssh_print_data("key 1", k1, 32);
ssh_print_data("key 2", k2, 32);
if ((err = gcry_cipher_setkey(*hd1, k1, 32))) {
gcry_cipher_close(*hd1);
ws_debug("ssh: can't set chacha20 cipher key %s", gcry_strerror(err));
return;
}
if ((err = gcry_cipher_setkey(*hd2, k2, 32))) {
gcry_cipher_close(*hd1);
gcry_cipher_close(*hd2);
ws_debug("ssh: can't set chacha20 cipher key %s", gcry_strerror(err));
return;
}
} else if (CIPHER_AES128_CBC == peer_data->cipher_id || CIPHER_AES192_CBC == peer_data->cipher_id || CIPHER_AES256_CBC == peer_data->cipher_id) {
gint iKeyLen = CIPHER_AES128_CBC == peer_data->cipher_id?16:CIPHER_AES192_CBC == peer_data->cipher_id?24:32;
if (gcry_cipher_open(hd1, CIPHER_AES128_CBC == peer_data->cipher_id?GCRY_CIPHER_AES128:CIPHER_AES192_CBC == peer_data->cipher_id?GCRY_CIPHER_AES192:GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_CBC_CTS)) {
gcry_cipher_close(*hd1);
ws_debug("ssh: can't open aes%d cipher handle", iKeyLen*8);
return;
}
gchar k1[32], iv1[16];
if(key->data){
memcpy(k1, key->data, iKeyLen);
}else{
memset(k1, 0, iKeyLen);
}
if(iv->data){
memcpy(iv1, iv->data, 16);
}else{
memset(iv1, 0, 16);
}
ssh_debug_printf("ssh: cipher is aes%d-cbc\n", iKeyLen*8);
ssh_print_data("key", k1, iKeyLen);
ssh_print_data("iv", iv1, 16);
if ((err = gcry_cipher_setkey(*hd1, k1, iKeyLen))) {
gcry_cipher_close(*hd1);
ws_debug("ssh: can't set aes%d cipher key", iKeyLen*8);
ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err));
return;
}
if ((err = gcry_cipher_setiv(*hd1, iv1, 16))) {
gcry_cipher_close(*hd1);
ws_debug("ssh: can't set aes%d cipher iv", iKeyLen*8);
ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err));
return;
}
} else if (CIPHER_AES128_CTR == peer_data->cipher_id || CIPHER_AES192_CTR == peer_data->cipher_id || CIPHER_AES256_CTR == peer_data->cipher_id) {
gint iKeyLen = CIPHER_AES128_CTR == peer_data->cipher_id?16:CIPHER_AES192_CTR == peer_data->cipher_id?24:32;
if (gcry_cipher_open(hd1, CIPHER_AES128_CTR == peer_data->cipher_id?GCRY_CIPHER_AES128:CIPHER_AES192_CTR == peer_data->cipher_id?GCRY_CIPHER_AES192:GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 0)) {
gcry_cipher_close(*hd1);
ws_debug("ssh: can't open aes%d cipher handle", iKeyLen*8);
return;
}
gchar k1[32], iv1[16];
if(key->data){
memcpy(k1, key->data, iKeyLen);
}else{
memset(k1, 0, iKeyLen);
}
if(iv->data){
memcpy(iv1, iv->data, 16);
}else{
memset(iv1, 0, 16);
}
ssh_debug_printf("ssh: cipher is aes%d-ctr\n", iKeyLen*8);
ssh_print_data("key", k1, iKeyLen);
ssh_print_data("iv", iv1, 16);
if ((err = gcry_cipher_setkey(*hd1, k1, iKeyLen))) {
gcry_cipher_close(*hd1);
ws_debug("ssh: can't set aes%d cipher key", iKeyLen*8);
ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err));
return;
}
if ((err = gcry_cipher_setctr(*hd1, iv1, 16))) {
gcry_cipher_close(*hd1);
ws_debug("ssh: can't set aes%d cipher iv", iKeyLen*8);
ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err));
return;
}
} else if (CIPHER_AES128_GCM == peer_data->cipher_id || CIPHER_AES256_GCM == peer_data->cipher_id) {
gint iKeyLen = CIPHER_AES128_GCM == peer_data->cipher_id?16:32;
if (gcry_cipher_open(hd1, CIPHER_AES128_GCM == peer_data->cipher_id?GCRY_CIPHER_AES128:GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, 0)) {
gcry_cipher_close(*hd1);
ws_debug("ssh: can't open aes%d cipher handle", iKeyLen*8);
return;
}
gchar k1[32], iv2[12];
if(key->data){
memcpy(k1, key->data, iKeyLen);
}else{
memset(k1, 0, iKeyLen);
}
if(iv->data){
memcpy(peer_data->iv, iv->data, 12);
}else{
memset(iv2, 0, 12);
}
ssh_debug_printf("ssh: cipher is aes%d-gcm\n", iKeyLen*8);
ssh_print_data("key", k1, iKeyLen);
ssh_print_data("iv", peer_data->iv, 12);
if ((err = gcry_cipher_setkey(*hd1, k1, iKeyLen))) {
gcry_cipher_close(*hd1);
ws_debug("ssh: can't set aes%d cipher key", iKeyLen*8);
ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err));
return;
}
} else {
ssh_debug_printf("ssh: cipher (%d) is unknown or not set\n", peer_data->cipher_id);
}
}
static void
ssh_decryption_setup_mac(struct ssh_peer_data *peer_data,
ssh_bignum *iv)
{
if(peer_data->mac_id == CIPHER_MAC_SHA2_256){
if(iv->data){
memcpy(peer_data->hmac_iv, iv->data, 32);
}else{
memset(peer_data->hmac_iv, 0, 32);
}
peer_data->hmac_iv_len = 32;
ssh_debug_printf("ssh: mac is hmac-sha2-256\n");
ssh_print_data("iv", peer_data->hmac_iv, peer_data->hmac_iv_len);
}else{
ws_debug("ssh: unsupported MAC");
}
}
/* libgcrypt wrappers for HMAC/message digest operations {{{ */
/* hmac abstraction layer */
#define SSH_HMAC gcry_md_hd_t
static inline gint
ssh_hmac_init(SSH_HMAC* md, const void * key, gint len, gint algo)
{
gcry_error_t err;
const char *err_str, *err_src;
err = gcry_md_open(md,algo, GCRY_MD_FLAG_HMAC);
if (err != 0) {
err_str = gcry_strerror(err);
err_src = gcry_strsource(err);
ssh_debug_printf("ssh_hmac_init(): gcry_md_open failed %s/%s", err_str, err_src);
return -1;
}
gcry_md_setkey (*(md), key, len);
return 0;
}
static inline void
ssh_hmac_update(SSH_HMAC* md, const void* data, gint len)
{
gcry_md_write(*(md), data, len);
}
static inline void
ssh_hmac_final(SSH_HMAC* md, guchar* data, guint* datalen)
{
gint algo;
guint len;
algo = gcry_md_get_algo (*(md));
len = gcry_md_get_algo_dlen(algo);
DISSECTOR_ASSERT(len <= *datalen);
memcpy(data, gcry_md_read(*(md), algo), len);
*datalen = len;
}
static inline void
ssh_hmac_cleanup(SSH_HMAC* md)
{
gcry_md_close(*(md));
}
/* libgcrypt wrappers for HMAC/message digest operations }}} */
/* Decryption integrity check {{{ */
static gint
ssh_get_digest_by_id(guint mac_id)
{
if(mac_id==CIPHER_MAC_SHA2_256){
return GCRY_MD_SHA256;
}
return -1;
}
static void
ssh_calc_mac(struct ssh_peer_data *peer_data, guint32 seqnr, guint8* data, guint32 datalen, guint8* calc_mac)
{
SSH_HMAC hm;
gint md;
guint32 len;
guint8 buf[DIGEST_MAX_SIZE];
md=ssh_get_digest_by_id(peer_data->mac_id);
// ssl_debug_printf("ssh_check_mac mac type:%s md %d\n",
// ssl_cipher_suite_dig(decoder->cipher_suite)->name, md);
memset(calc_mac, 0, DIGEST_MAX_SIZE);
if (ssh_hmac_init(&hm, peer_data->hmac_iv, peer_data->hmac_iv_len,md) != 0)
return;
/* hash sequence number */
phton32(buf, seqnr);
ssh_print_data("Mac IV", peer_data->hmac_iv, peer_data->hmac_iv_len);
ssh_print_data("Mac seq", buf, 4);
ssh_print_data("Mac data", data, datalen);
ssh_hmac_update(&hm,buf,4);
ssh_hmac_update(&hm,data,datalen);
/* get digest and digest len*/
len = sizeof(buf);
ssh_hmac_final(&hm,buf,&len);
ssh_hmac_cleanup(&hm);
ssh_print_data("Mac", buf, len);
memcpy(calc_mac, buf, len);
return;
}
/* Decryption integrity check }}} */
static void
ssh_increment_message_number(packet_info *pinfo, struct ssh_flow_data *global_data,
gboolean is_response)
{
if (!PINFO_FD_VISITED(pinfo)) {
ssh_packet_info_t * packet = (ssh_packet_info_t *)p_get_proto_data(wmem_file_scope(), pinfo, proto_ssh, 0);
if(!packet){
packet = wmem_new0(wmem_file_scope(), ssh_packet_info_t);
packet->from_server = is_response;
packet->messages = NULL;
p_add_proto_data(wmem_file_scope(), pinfo, proto_ssh, 0, packet);
}
(void)global_data;
}
}
static guint
ssh_decrypt_packet(tvbuff_t *tvb, packet_info *pinfo,
struct ssh_peer_data *peer_data, int offset, proto_tree *tree)
{
gboolean is_response = (pinfo->destport != pinfo->match_uint);
ssh_packet_info_t *packet = (ssh_packet_info_t *)p_get_proto_data(
wmem_file_scope(), pinfo, proto_ssh, 0);
if(!packet){
packet = wmem_new0(wmem_file_scope(), ssh_packet_info_t);
packet->from_server = is_response;
packet->messages = NULL;
p_add_proto_data(wmem_file_scope(), pinfo, proto_ssh, 0, packet);
}
gint record_id = tvb_raw_offset(tvb)+offset;
ssh_message_info_t *message = NULL;
ssh_message_info_t **pmessage = &packet->messages;
while(*pmessage){
// ws_debug("looking for message %d now %d", record_id, (*pmessage)->id);
if ((*pmessage)->id == record_id) {
message = *pmessage;
break;
}
pmessage = &(*pmessage)->next;
}
if(!message){
message = wmem_new(wmem_file_scope(), ssh_message_info_t);
message->plain_data = NULL;
message->data_len = 0;
message->id = record_id;
message->next = NULL;
message->sequence_number = peer_data->sequence_number;
peer_data->sequence_number++;
ssh_debug_printf("%s->sequence_number++ > %d\n", is_response?"server":"client", peer_data->sequence_number);
*pmessage = message;
}
guint message_length = 0, seqnr;
gchar *plain = NULL, *mac;
guint mac_len;
seqnr = message->sequence_number;
if (GCRY_CIPHER_CHACHA20 == peer_data->cipher_id) {
const gchar *ctext = (const gchar *)tvb_get_ptr(tvb, offset, 4);
guint8 plain_length_buf[4];
if (!ssh_decrypt_chacha20(peer_data->cipher_2, seqnr, 0, ctext, 4,
plain_length_buf, 4)) {
ws_debug("ERROR: could not decrypt packet len");
return tvb_captured_length(tvb);
}
message_length = pntoh32(plain_length_buf);
ssh_debug_printf("chachapoly_crypt seqnr=%d [%u]\n", seqnr, message_length);
ssh_debug_printf("%s plain for seq = %d len = %u\n", is_response?"s2c":"c2s", seqnr, message_length);
if(message_length>32768){
ws_debug("ssh: unreasonable message length %u", message_length);
return tvb_captured_length(tvb);
}
plain = (gchar *)wmem_alloc0(pinfo->pool, message_length+4);
plain[0] = plain_length_buf[0]; plain[1] = plain_length_buf[1]; plain[2] = plain_length_buf[2]; plain[3] = plain_length_buf[3];
const gchar *ctext2 = (const gchar *)tvb_get_ptr(tvb, offset+4,
message_length);
if (!ssh_decrypt_chacha20(peer_data->cipher, seqnr, 1, ctext2,
message_length, plain+4, message_length)) {
ws_debug("ERROR: could not decrypt packet payload");
return tvb_captured_length(tvb);
}
mac_len = 16;
mac = (gchar *)tvb_get_ptr(tvb, offset + 4 + message_length, mac_len);
gchar poly_key[32], iv[16];
memset(poly_key, 0, 32);
memset(iv, 0, 8);
phton64(iv+8, (guint64)seqnr);
gcry_cipher_setiv(peer_data->cipher, iv, mac_len);
gcry_cipher_encrypt(peer_data->cipher, poly_key, 32, poly_key, 32);
gcry_mac_hd_t mac_hd;
gcry_mac_open(&mac_hd, GCRY_MAC_POLY1305, 0, NULL);
gcry_mac_setkey(mac_hd, poly_key, 32);
gcry_mac_write(mac_hd, ctext, 4);
gcry_mac_write(mac_hd, ctext2, message_length);
if (gcry_mac_verify(mac_hd, mac, mac_len)) {
ws_debug("ssh: MAC does not match");
}
size_t buflen = DIGEST_MAX_SIZE;
gcry_mac_read(mac_hd, message->calc_mac, &buflen);
message->plain_data = plain;
message->data_len = message_length + 4;
// ssh_print_data(is_response?"s2c encrypted":"c2s encrypted", ctext2, message_length+4+mac_len);
ssh_debug_printf("%s plain text seq=%d", is_response?"s2c":"c2s",seqnr);
ssh_print_data("", plain, message_length+4);
} else if (CIPHER_AES128_GCM == peer_data->cipher_id || CIPHER_AES256_GCM == peer_data->cipher_id) {
mac_len = peer_data->mac_length;
const gchar *plain_buf = (const gchar *)tvb_get_ptr(tvb, offset, 4);
message_length = pntoh32(plain_buf);
guint remaining = tvb_reported_length_remaining(tvb, offset);
ssh_debug_printf("length: %d, remaining: %d\n", message_length, remaining);
if(message->plain_data && message->data_len){
}else{
const gchar *ctl = (const gchar *)tvb_get_ptr(tvb, offset,
message_length+4);
const gchar *ctext = ctl + 4;
plain = (gchar *)wmem_alloc(wmem_file_scope(), message_length+4);
plain[0] = message_length >> 24; plain[1] = message_length >> 16; plain[2] = message_length >> 8; plain[3] = message_length >> 0;
gcry_error_t err;
/* gcry_cipher_setiv(peer_data->cipher, iv, 12); */
if ((err = gcry_cipher_setiv(peer_data->cipher, peer_data->iv, 12))) {
gcry_cipher_close(peer_data->cipher);
// TODO: temporary work-around as long as a Windows python bug is triggered by automated tests
#ifndef _WIN32
ws_debug("ssh: can't set aes128 cipher iv");
ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err));
#endif //ndef _WIN32
return offset;
}
int idx = 12;
do{
idx -= 1;
peer_data->iv[idx] += 1;
}while(idx>4 && peer_data->iv[idx]==0);
if ((err = gcry_cipher_authenticate(peer_data->cipher, plain, 4))) {
// TODO: temporary work-around as long as a Windows python bug is triggered by automated tests
#ifndef _WIN32
ws_debug("can't authenticate using aes128-gcm: %s\n", gpg_strerror(err));
#endif //ndef _WIN32
return offset;
}
guint offs = 0;
if(remaining>message_length+4){remaining=message_length;}
while(offs<remaining){
if (gcry_cipher_decrypt(peer_data->cipher, plain+4+offs, 16,
ctext+offs, 16))
{
// TODO: temporary work-around as long as a Windows python bug is triggered by automated tests
#ifndef _WIN32
ws_debug("can\'t decrypt aes128");
#endif //ndef _WIN32
return offset;
}
offs += 16;
}
if (gcry_cipher_gettag (peer_data->cipher, message->calc_mac, 16)) {
// TODO: temporary work-around as long as a Windows python bug is triggered by automated tests
#ifndef _WIN32
ws_debug ("aes128-gcm, gcry_cipher_gettag() failed\n");
#endif //ndef _WIN32
return offset;
}
if ((err = gcry_cipher_reset(peer_data->cipher))) {
// TODO: temporary work-around as long as a Windows python bug is triggered by automated tests
#ifndef _WIN32
ws_debug("aes-gcm, gcry_cipher_reset failed: %s\n", gpg_strerror (err));
#endif //ndef _WIN32
return offset;
}
message->plain_data = plain;
message->data_len = message_length + 4;
// ssh_print_data(is_response?"s2c encrypted":"c2s encrypted", ctl, message_length+4+mac_len);
ssh_debug_printf("%s plain text seq=%d", is_response?"s2c":"c2s",seqnr);
ssh_print_data("", plain, message_length+4);
}
plain = message->plain_data;
message_length = message->data_len - 4;
} else if (CIPHER_AES128_CBC == peer_data->cipher_id || CIPHER_AES128_CTR == peer_data->cipher_id ||
CIPHER_AES192_CBC == peer_data->cipher_id || CIPHER_AES192_CTR == peer_data->cipher_id ||
CIPHER_AES256_CBC == peer_data->cipher_id || CIPHER_AES256_CTR == peer_data->cipher_id) {
mac_len = peer_data->mac_length;
message_length = tvb_reported_length_remaining(tvb, offset) - 4 - mac_len;
if(message->plain_data && message->data_len){
}else{
// TODO: see how to handle fragmentation...
// const gchar *ctext = NULL;
ws_noisy("Getting raw bytes of length %d", tvb_reported_length_remaining(tvb, offset));
const gchar *cypher_buf0 = (const gchar *)tvb_get_ptr(tvb, offset, tvb_reported_length_remaining(tvb, offset));
gchar plain0[16];
if (gcry_cipher_decrypt(peer_data->cipher, plain0, 16, cypher_buf0, 16))
{
ws_debug("can\'t decrypt aes128");
return offset;
}
// ctext = cypher_buf0;
guint message_length_decrypted = pntoh32(plain0);
guint remaining = tvb_reported_length_remaining(tvb, offset);
if(message_length_decrypted>32768){
ws_debug("ssh: unreasonable message length %u/%u", message_length_decrypted, message_length);
return tvb_captured_length(tvb);
}else{
message_length = message_length_decrypted;
message->plain_data = (gchar *)wmem_alloc(wmem_file_scope(), message_length+4);
memcpy(message->plain_data, plain0, 16);
plain = message->plain_data;
guint offs = 16;
if(remaining>message_length+4){remaining=message_length+4;}
while(offs<remaining){
gchar *ct = (gchar *)tvb_get_ptr(tvb, offset+offs, 16);
if (gcry_cipher_decrypt(peer_data->cipher, plain+offs, 16, ct, 16))
{
ws_debug("can\'t decrypt aes128");
return offset;
}
offs += 16;
}
if(message_length_decrypted>remaining){
// Need desegmentation
ws_noisy(" need_desegmentation: offset = %d, reported_length_remaining = %d\n",
offset, tvb_reported_length_remaining(tvb, offset));
/* Make data available to ssh_follow_tap_listener */
return tvb_captured_length(tvb);
}
// ssh_print_data(is_response?"s2c encrypted":"c2s encrypted", ctext, message_length+4+mac_len);
ssh_debug_printf("%s plain text seq=%d", is_response?"s2c":"c2s",seqnr);
ssh_print_data("", plain, message_length+4);
// TODO: process fragments
message->plain_data = plain;
message->data_len = message_length + 4;
ssh_calc_mac(peer_data, message->sequence_number, message->plain_data, message->data_len, message->calc_mac);
}
}
plain = message->plain_data;
message_length = message->data_len - 4;
mac = (gchar *)tvb_get_ptr(tvb, offset + 4 + message_length, mac_len);
if(!memcmp(mac, message->calc_mac, mac_len)){ws_noisy("MAC OK");}else{ws_debug("MAC ERR");}
}
if(plain){
ssh_dissect_decrypted_packet(tvb, pinfo, peer_data, tree, plain, message_length+4);
ssh_tree_add_mac(tree, tvb, offset + 4 + message_length, mac_len, hf_ssh_mac_string, hf_ssh_mac_status, &ei_ssh_mac_bad, pinfo, message->calc_mac,
PROTO_CHECKSUM_VERIFY|PROTO_CHECKSUM_IN_CKSUM);
proto_tree_add_uint(tree, hf_ssh_seq_num, tvb, offset + 4 + message_length, mac_len, message->sequence_number);
}
offset += message_length + peer_data->mac_length + 4;
return offset;
}
proto_item *
ssh_tree_add_mac(proto_tree *tree, tvbuff_t *tvb, const guint offset, const guint mac_len,
const int hf_mac, const int hf_mac_status, struct expert_field* bad_checksum_expert,
packet_info *pinfo, const guint8 * calc_mac, const guint flags)
{
// header_field_info *hfinfo = proto_registrar_get_nth(hf_checksum);
proto_item* ti = NULL;
proto_item* ti2;
gboolean incorrect_mac = TRUE;
gchar *mac;
// DISSECTOR_ASSERT_HINT(hfinfo != NULL, "Not passed hfi!");
/*
if (flags & PROTO_CHECKSUM_NOT_PRESENT) {
ti = proto_tree_add_uint_format_value(tree, hf_checksum, tvb, offset, len, 0, "[missing]");
proto_item_set_generated(ti);
if (hf_checksum_status != -1) {
ti2 = proto_tree_add_uint(tree, hf_checksum_status, tvb, offset, len, PROTO_CHECKSUM_E_NOT_PRESENT);
proto_item_set_generated(ti2);
}
return ti;
}
*/
mac = (gchar *)tvb_get_ptr(tvb, offset, mac_len);
if (flags & PROTO_CHECKSUM_GENERATED) {
// ti = proto_tree_add_uint(tree, hf_checksum, tvb, offset, len, computed_checksum);
// proto_item_set_generated(ti);
} else {
ti = proto_tree_add_item(tree, hf_mac, tvb, offset, mac_len, ENC_NA);
if (flags & PROTO_CHECKSUM_VERIFY) {
if (flags & (PROTO_CHECKSUM_IN_CKSUM|PROTO_CHECKSUM_ZERO)) {
if (!memcmp(mac, calc_mac, mac_len)) {
proto_item_append_text(ti, " [correct]");
if (hf_mac_status != -1) {
ti2 = proto_tree_add_uint(tree, hf_mac_status, tvb, offset, 0, PROTO_CHECKSUM_E_GOOD);
proto_item_set_generated(ti2);
}
incorrect_mac = FALSE;
} else if (flags & PROTO_CHECKSUM_IN_CKSUM) {
// computed_checksum = in_cksum_shouldbe(checksum, computed_checksum);
}
} else {
if (!memcmp(mac, calc_mac, mac_len)) {
proto_item_append_text(ti, " [correct]");
if (hf_mac_status != -1) {
ti2 = proto_tree_add_uint(tree, hf_mac_status, tvb, offset, 0, PROTO_CHECKSUM_E_GOOD);
proto_item_set_generated(ti2);
}
incorrect_mac = FALSE;
}
}
if (incorrect_mac) {
if (hf_mac_status != -1) {
ti2 = proto_tree_add_uint(tree, hf_mac_status, tvb, offset, 0, PROTO_CHECKSUM_E_BAD);
proto_item_set_generated(ti2);
}
if (flags & PROTO_CHECKSUM_ZERO) {
proto_item_append_text(ti, " [incorrect]");
if (bad_checksum_expert != NULL)
expert_add_info_format(pinfo, ti, bad_checksum_expert, "%s", expert_get_summary(bad_checksum_expert));
} else {
gchar *data = (gchar *)wmem_alloc(wmem_packet_scope(), mac_len*2 + 1);
*bytes_to_hexstr(data, calc_mac, mac_len) = 0;
proto_item_append_text(ti, " incorrect, computed %s", data);
if (bad_checksum_expert != NULL)
expert_add_info_format(pinfo, ti, bad_checksum_expert, "%s", expert_get_summary(bad_checksum_expert));
}
}
} else {
if (hf_mac_status != -1) {
proto_item_append_text(ti, " [unverified]");
ti2 = proto_tree_add_uint(tree, hf_mac_status, tvb, offset, 0, PROTO_CHECKSUM_E_UNVERIFIED);
proto_item_set_generated(ti2);
}
}
}
return ti;
}
static gboolean
ssh_decrypt_chacha20(gcry_cipher_hd_t hd,
guint32 seqnr, guint32 counter, const guchar *ctext, guint ctext_len,
guchar *plain, guint plain_len)
{
guchar seq[8];
guchar iv[16];
phton64(seq, (guint64)seqnr);
// chacha20 uses a different cipher handle for the packet payload & length
// the payload uses a block counter
if (counter) {
guchar ctr[8] = {1,0,0,0,0,0,0,0};
memcpy(iv, ctr, 8);
memcpy(iv+8, seq, 8);
}
return ((!counter && gcry_cipher_setiv(hd, seq, 8) == 0) ||
(counter && gcry_cipher_setiv(hd, iv, 16) == 0)) &&
gcry_cipher_decrypt(hd, plain, plain_len, ctext, ctext_len) == 0;
}
static int
ssh_dissect_decrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
struct ssh_peer_data *peer_data, proto_tree *tree,
gchar *plaintext, guint plaintext_len)
{
int offset = 0; // TODO:
int dissected_len = 0;
col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL, "Encrypted packet (plaintext_len=%d)", plaintext_len);
tvbuff_t *packet_tvb = tvb_new_child_real_data(tvb, plaintext, plaintext_len, plaintext_len);
add_new_data_source(pinfo, packet_tvb, "Decrypted Packet");
guint plen, len;
guint8 padding_length;
guint remain_length;
int last_offset=offset;
guint msg_code;
proto_item *ti;
proto_item *msg_type_tree = NULL;
/*
* We use "tvb_ensure_captured_length_remaining()" to make sure there
* actually *is* data remaining.
*
* This means we're guaranteed that "remain_length" is positive.
*/
remain_length = tvb_ensure_captured_length_remaining(packet_tvb, offset);
/*
* Can we do reassembly?
*/
if (ssh_desegment && pinfo->can_desegment) {
/*
* Yes - would an SSH header starting at this offset
* be split across segment boundaries?
*/
if (remain_length < 4) {
/*
* Yes. Tell the TCP dissector where the data for
* this message starts in the data it handed us and
* that we need "some more data." Don't tell it
* exactly how many bytes we need because if/when we
* ask for even more (after the header) that will
* break reassembly.
*/
pinfo->desegment_offset = offset;
pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
return offset;
}
}
plen = tvb_get_ntohl(packet_tvb, offset) ;
if (ssh_desegment && pinfo->can_desegment) {
if (plen +4 > remain_length) {
pinfo->desegment_offset = offset;
pinfo->desegment_len = plen+4 - remain_length;
return offset;
}
}
/*
* Need to check plen > 0x80000000 here
*/
ti = proto_tree_add_uint(tree, hf_ssh_packet_length, packet_tvb,
offset, 4, plen);
if (plen >= 0xffff) {
expert_add_info_format(pinfo, ti, &ei_ssh_packet_length, "Overly large number %d", plen);
plen = remain_length-4;
}
offset+=4;
/* padding length */
padding_length = tvb_get_guint8(packet_tvb, offset);
proto_tree_add_uint(tree, hf_ssh_padding_length, packet_tvb, offset, 1, padding_length);
offset += 1;
/* msg_code */
msg_code = tvb_get_guint8(packet_tvb, offset);
/* Transport layer protocol */
/* Generic (1-19) */
if(msg_code >= 1 && msg_code <= 19) {
col_append_sep_str(pinfo->cinfo, COL_INFO, NULL, val_to_str(msg_code, ssh2_msg_vals, "Unknown (%u)"));
msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL, "Message: Transport (generic)");
proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN);
offset+=1;
dissected_len = ssh_dissect_transport_generic(packet_tvb, pinfo, offset, msg_type_tree, msg_code) - offset;
// offset = ssh_dissect_transport_generic(packet_tvb, pinfo, global_data, offset, msg_type_tree, is_response, msg_code);
}
/* Algorithm negotiation (20-29) */
else if(msg_code >=20 && msg_code <= 29) {
msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL, "Message: Transport (algorithm negotiation)");
//TODO: See if the complete dissector should be refactored to always got through here first offset = ssh_dissect_transport_algorithm_negotiation(packet_tvb, pinfo, global_data, offset, msg_type_tree, is_response, msg_code);
}
/* Key exchange method specific (reusable) (30-49) */
else if (msg_code >=30 && msg_code <= 49) {
msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL, "Message: Transport (key exchange method specific)");
//TODO: See if the complete dissector should be refactored to always got through here first offset = global_data->kex_specific_dissector(msg_code, packet_tvb, pinfo, offset, msg_type_tree);
}
/* User authentication protocol */
/* Generic (50-59) */
else if (msg_code >= 50 && msg_code <= 59) {
col_append_sep_str(pinfo->cinfo, COL_INFO, NULL, val_to_str(msg_code, ssh2_msg_vals, "Unknown (%u)"));
msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL, "Message: User Authentication (generic)");
proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN);
dissected_len = ssh_dissect_userauth_generic(packet_tvb, pinfo, offset+1, msg_type_tree, msg_code) - offset;
// TODO: offset = ssh_dissect_userauth_generic(packet_tvb, pinfo, global_data, offset, msg_type_tree, is_response, msg_code);
}
/* User authentication method specific (reusable) (60-79) */
else if (msg_code >= 60 && msg_code <= 79) {
col_append_sep_str(pinfo->cinfo, COL_INFO, NULL, val_to_str(msg_code, ssh2_msg_vals, "Unknown (%u)"));
msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL, "Message: User Authentication: (method specific)");
proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN);
// TODO: offset = ssh_dissect_userauth_specific(packet_tvb, pinfo, global_data, offset, msg_type_tree, is_response, msg_code);
dissected_len = ssh_dissect_userauth_specific(packet_tvb, pinfo, offset+1, msg_type_tree, msg_code) - offset;
}
/* Connection protocol */
/* Generic (80-89) */
else if (msg_code >= 80 && msg_code <= 89) {
col_append_sep_str(pinfo->cinfo, COL_INFO, NULL, val_to_str(msg_code, ssh2_msg_vals, "Unknown (%u)"));
msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL, "Message: Connection (generic)");
proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN);
// TODO: offset = ssh_dissect_connection_generic(packet_tvb, pinfo, global_data, offset, msg_type_tree, is_response, msg_code);
dissected_len = ssh_dissect_connection_generic(packet_tvb, pinfo, offset+1, msg_type_tree, msg_code) - offset;
}
/* Channel related messages (90-127) */
else if (msg_code >= 90 && msg_code <= 127) {
col_append_sep_str(pinfo->cinfo, COL_INFO, NULL, val_to_str(msg_code, ssh2_msg_vals, "Unknown (%u)"));
msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL, "Message: Connection: (channel related message)");
proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN);
// TODO: offset = ssh_dissect_connection_channel(packet_tvb, pinfo, global_data, offset, msg_type_tree, is_response, msg_code);
dissected_len = ssh_dissect_connection_specific(packet_tvb, pinfo, peer_data, offset+1, msg_type_tree, msg_code) - offset;
}
/* Reserved for client protocols (128-191) */
else if (msg_code >= 128 && msg_code <= 191) {
col_append_sep_str(pinfo->cinfo, COL_INFO, NULL, val_to_str(msg_code, ssh2_msg_vals, "Unknown (%u)"));
msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL, "Message: Client protocol");
proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN);
offset+=1;
// TODO: offset = ssh_dissect_client(packet_tvb, pinfo, global_data, offset, msg_type_tree, is_response, msg_code);
}
/* Local extensions (192-255) */
else if (msg_code >= 192 && msg_code <= 255) {
col_append_sep_str(pinfo->cinfo, COL_INFO, NULL, val_to_str(msg_code, ssh2_msg_vals, "Unknown (%u)"));
msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL, "Message: Local extension");
proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN);
offset+=1;
// TODO: offset = ssh_dissect_local_extention(packet_tvb, pinfo, global_data, offset, msg_type_tree, is_response, msg_code);
}
len = plen+4-padding_length-(offset-last_offset);
if (len > 0) {
proto_tree_add_item(msg_type_tree, hf_ssh_payload, packet_tvb, offset, len, ENC_NA);
}
if(dissected_len!=(int)len){
// expert_add_info_format(pinfo, ti, &ei_ssh_packet_decode, "Decoded %d bytes, but packet legnth is %d bytes", dissected_len, len);
expert_add_info_format(pinfo, ti, &ei_ssh_packet_decode, "Decoded %d bytes, but packet legnth is %d bytes [%d]", dissected_len, len, msg_code);
}
offset +=len;
/* padding */
proto_tree_add_item(tree, hf_ssh_padding_string, packet_tvb, offset, padding_length, ENC_NA);
offset+= padding_length;
return offset;
}
static int
ssh_dissect_transport_generic(tvbuff_t *packet_tvb, packet_info *pinfo,
int offset, proto_item *msg_type_tree, guint msg_code)
{
(void)pinfo;
if(msg_code==SSH_MSG_DISCONNECT){
proto_tree_add_item(msg_type_tree, hf_ssh_disconnect_reason, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
guint nlen;
nlen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_disconnect_description_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_disconnect_description, packet_tvb, offset, nlen, ENC_ASCII);
offset += nlen;
nlen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_lang_tag_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_lang_tag, packet_tvb, offset, nlen, ENC_ASCII);
offset += nlen;
}else if(msg_code==SSH_MSG_IGNORE){
offset += ssh_tree_add_string(packet_tvb, offset, msg_type_tree, hf_ssh_ignore_data, hf_ssh_ignore_data_length);
}else if(msg_code==SSH_MSG_DEBUG){
guint slen;
proto_tree_add_item(msg_type_tree, hf_ssh_debug_always_display, packet_tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_debug_message_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_debug_message, packet_tvb, offset, slen, ENC_UTF_8);
offset += slen;
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_lang_tag_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_lang_tag, packet_tvb, offset, slen, ENC_ASCII);
offset += slen;
}else if(msg_code==SSH_MSG_SERVICE_REQUEST){
guint nlen;
nlen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_service_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_service_name, packet_tvb, offset, nlen, ENC_ASCII);
offset += nlen;
}else if(msg_code==SSH_MSG_SERVICE_ACCEPT){
guint nlen;
nlen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_service_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_service_name, packet_tvb, offset, nlen, ENC_ASCII);
offset += nlen;
}
return offset;
}
static int
ssh_dissect_userauth_generic(tvbuff_t *packet_tvb, packet_info *pinfo,
int offset, proto_item *msg_type_tree, guint msg_code)
{
if(msg_code==SSH_MSG_USERAUTH_REQUEST){
guint slen;
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_userauth_user_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_userauth_user_name, packet_tvb, offset, slen, ENC_ASCII);
offset += slen;
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_userauth_service_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_userauth_service_name, packet_tvb, offset, slen, ENC_ASCII);
offset += slen;
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_userauth_method_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_userauth_method_name, packet_tvb, offset, slen, ENC_ASCII);
guint8* key_type;
key_type = tvb_get_string_enc(wmem_packet_scope(), packet_tvb, offset, slen, ENC_ASCII|ENC_NA);
offset += slen;
if (0 == strcmp(key_type, "none")) {
}else if (0 == strcmp(key_type, "publickey")) {
guint8 bHaveSignature = tvb_get_guint8(packet_tvb, offset);
int dissected_len = 0;
proto_tree_add_item(msg_type_tree, hf_ssh_userauth_have_signature, packet_tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_userauth_pka_name_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_userauth_pka_name, packet_tvb, offset, slen, ENC_ASCII);
offset += slen;
proto_item *blob_tree = NULL;
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_blob_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
blob_tree = proto_tree_add_subtree(msg_type_tree, packet_tvb, offset, slen, ett_userauth_pk_blob, NULL, "Public key blob");
// proto_tree_add_item(blob_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN);
dissected_len = ssh_dissect_public_key_blob(packet_tvb, pinfo, offset, blob_tree) - offset;
if(dissected_len!=(int)slen){
expert_add_info_format(pinfo, blob_tree, &ei_ssh_packet_decode, "Decoded %d bytes, but packet legnth is %d bytes", dissected_len, slen);
}
offset += slen;
if(bHaveSignature){
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_signature_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_item *signature_tree = NULL;
signature_tree = proto_tree_add_subtree(msg_type_tree, packet_tvb, offset, slen, ett_userauth_pk_signautre, NULL, "Public key signature");
dissected_len = ssh_dissect_public_key_signature(packet_tvb, pinfo, offset, signature_tree) - offset;
if(dissected_len!=(int)slen){
expert_add_info_format(pinfo, signature_tree, &ei_ssh_packet_decode, "Decoded %d bytes, but packet legnth is %d bytes", dissected_len, slen);
}
offset += slen;
}
}else if (0 == strcmp(key_type, "password")) {
guint8 bChangePassword = tvb_get_guint8(packet_tvb, offset);
proto_tree_add_item(msg_type_tree, hf_ssh_userauth_change_password, packet_tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_userauth_password_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_userauth_password, packet_tvb, offset, slen, ENC_ASCII);
offset += slen;
if(bChangePassword){
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_userauth_new_password_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_userauth_new_password, packet_tvb, offset, slen, ENC_ASCII);
offset += slen;
}
}else{
}
}else if(msg_code==SSH_MSG_USERAUTH_FAILURE){
guint slen;
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_auth_failure_list_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_auth_failure_list, packet_tvb, offset, slen, ENC_ASCII);
offset += slen;
proto_tree_add_item(msg_type_tree, hf_ssh_userauth_partial_success, packet_tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
}
return offset;
}
static int
ssh_dissect_userauth_specific(tvbuff_t *packet_tvb, packet_info *pinfo,
int offset, proto_item *msg_type_tree, guint msg_code)
{
if(msg_code==SSH_MSG_USERAUTH_PK_OK){
proto_item *ti;
int dissected_len = 0;
guint slen;
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_userauth_pka_name_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_userauth_pka_name, packet_tvb, offset, slen, ENC_ASCII);
offset += slen;
proto_item *blob_tree = NULL;
slen = tvb_get_ntohl(packet_tvb, offset) ;
ti = proto_tree_add_item(msg_type_tree, hf_ssh_blob_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
blob_tree = proto_tree_add_subtree(msg_type_tree, packet_tvb, offset, slen, ett_userauth_pk_blob, NULL, "Public key blob");
dissected_len = ssh_dissect_public_key_blob(packet_tvb, pinfo, offset, blob_tree) - offset;
if(dissected_len!=(int)slen){
expert_add_info_format(pinfo, ti, &ei_ssh_packet_decode, "Decoded %d bytes, but packet legnth is %d bytes", dissected_len, slen);
}
offset += slen;
}
return offset;
}
static int
ssh_dissect_connection_specific(tvbuff_t *packet_tvb, packet_info *pinfo,
struct ssh_peer_data *peer_data, int offset, proto_item *msg_type_tree,
guint msg_code)
{
if(msg_code==SSH_MSG_CHANNEL_OPEN){
guint slen;
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_connection_type_name_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_connection_type_name, packet_tvb, offset, slen, ENC_UTF_8);
offset += slen;
proto_tree_add_item(msg_type_tree, hf_ssh_connection_sender_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_connection_initial_window, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_connection_maximum_packet_size, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
}else if(msg_code==SSH_MSG_CHANNEL_OPEN_CONFIRMATION){
proto_tree_add_item(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_connection_sender_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_connection_initial_window, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_connection_maximum_packet_size, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
}else if(msg_code==SSH_MSG_CHANNEL_WINDOW_ADJUST){
proto_tree_add_item(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_channel_window_adjust, packet_tvb, offset, 4, ENC_BIG_ENDIAN); // TODO: maintain count of transfered bytes and window size
offset += 4;
}else if(msg_code==SSH_MSG_CHANNEL_DATA){
guint uiNumChannel;
uiNumChannel = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
// TODO: process according to the type of channel
guint slen;
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_channel_data_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
tvbuff_t *next_tvb = tvb_new_subset_remaining(packet_tvb, offset);
dissector_handle_t subdissector_handle = get_subdissector_for_channel(peer_data, uiNumChannel);
if(subdissector_handle){
call_dissector(subdissector_handle, next_tvb, pinfo, msg_type_tree);
}
offset += slen;
}else if(msg_code==SSH_MSG_CHANNEL_EOF){
proto_tree_add_item(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
}else if(msg_code==SSH_MSG_CHANNEL_CLOSE){
proto_tree_add_item(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
}else if(msg_code==SSH_MSG_CHANNEL_REQUEST){
guint uiNumChannel;
uiNumChannel = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
guint8* request_name;
guint slen;
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_channel_request_name_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
request_name = tvb_get_string_enc(wmem_packet_scope(), packet_tvb, offset, slen, ENC_ASCII|ENC_NA);
proto_tree_add_item(msg_type_tree, hf_ssh_channel_request_name, packet_tvb, offset, slen, ENC_UTF_8);
offset += slen;
proto_tree_add_item(msg_type_tree, hf_ssh_channel_request_want_reply, packet_tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
if (0 == strcmp(request_name, "subsystem")) {
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_subsystem_name_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
guint8* subsystem_name = tvb_get_string_enc(wmem_packet_scope(), packet_tvb, offset, slen, ENC_ASCII|ENC_NA);
set_subdissector_for_channel(peer_data, uiNumChannel, subsystem_name);
proto_tree_add_item(msg_type_tree, hf_ssh_subsystem_name, packet_tvb, offset, slen, ENC_UTF_8);
offset += slen;
}else if (0 == strcmp(request_name, "exit-status")) {
proto_tree_add_item(msg_type_tree, hf_ssh_exit_status, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
}
}else if(msg_code==SSH_MSG_CHANNEL_SUCCESS){
proto_tree_add_item(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
}
return offset;
}
static dissector_handle_t
get_subdissector_for_channel(struct ssh_peer_data *peer_data, guint uiNumChannel)
{
ssh_channel_info_t *ci = peer_data->global_data->channel_info;
while(ci){
guint channel_number = &peer_data->global_data->peer_data[SERVER_PEER_DATA]==peer_data?ci->client_channel_number:ci->server_channel_number;
if(channel_number==uiNumChannel){return ci->subdissector_handle;}
ci = ci->next;
}
ws_debug("Error lookin up channel %d", uiNumChannel);
return NULL;
}
static void
set_subdissector_for_channel(struct ssh_peer_data *peer_data, guint uiNumChannel, guint8* subsystem_name)
{
ssh_channel_info_t *ci = NULL;
ssh_channel_info_t **pci = &peer_data->global_data->channel_info;
int is_server = &peer_data->global_data->peer_data[SERVER_PEER_DATA]==peer_data;
while(*pci){
guint channel_number = is_server?(*pci)->client_channel_number:(*pci)->server_channel_number;
if (channel_number == uiNumChannel) {
ci = *pci;
break;
}
pci = &(*pci)->next;
}
if(!ci){
ci = wmem_new(wmem_file_scope(), ssh_channel_info_t);
*pci = ci;
}
if(0 == strcmp(subsystem_name, "sftp")) {
ci->subdissector_handle = sftp_handle;
} else {
ci->subdissector_handle = NULL;
}
}
static int
ssh_dissect_connection_generic(tvbuff_t *packet_tvb, packet_info *pinfo,
int offset, proto_item *msg_type_tree, guint msg_code)
{
(void)pinfo;
if(msg_code==SSH_MSG_GLOBAL_REQUEST){
guint8* request_name;
guint slen;
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_global_request_name_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
request_name = tvb_get_string_enc(wmem_packet_scope(), packet_tvb, offset, slen, ENC_ASCII|ENC_NA);
proto_tree_add_item(msg_type_tree, hf_ssh_global_request_name, packet_tvb, offset, slen, ENC_ASCII);
offset += slen;
proto_tree_add_item(msg_type_tree, hf_ssh_global_request_want_reply, packet_tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
if (0 == strcmp(request_name, "hostkeys-00@openssh.com")) {
guint alen;
proto_item *ti;
int dissected_len = 0;
alen = tvb_get_ntohl(packet_tvb, offset) ;
ti = proto_tree_add_item(msg_type_tree, hf_ssh_global_request_hostkeys_array_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_item *blob_tree = NULL;
blob_tree = proto_tree_add_subtree(msg_type_tree, packet_tvb, offset, alen, ett_userauth_pk_blob, NULL, "Public key blob");
dissected_len = ssh_dissect_public_key_blob(packet_tvb, pinfo, offset, blob_tree) - offset;
if(dissected_len!=(int)alen){
expert_add_info_format(pinfo, ti, &ei_ssh_packet_decode, "Decoded %d bytes, but packet legnth is %d bytes", dissected_len, alen);
}
offset += alen;
}
}
return offset;
}
static int
ssh_dissect_public_key_blob(tvbuff_t *packet_tvb, packet_info *pinfo,
int offset, proto_item *msg_type_tree)
{
(void)pinfo;
guint slen;
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_pk_blob_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_pk_blob_name, packet_tvb, offset, slen, ENC_ASCII);
offset += slen;
offset += ssh_tree_add_mpint(packet_tvb, offset, msg_type_tree, hf_ssh_blob_e);
offset += ssh_tree_add_mpint(packet_tvb, offset, msg_type_tree, hf_ssh_blob_p);
return offset;
}
static int
ssh_dissect_public_key_signature(tvbuff_t *packet_tvb, packet_info *pinfo,
int offset, proto_item *msg_type_tree)
{
(void)pinfo;
guint slen;
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_pk_sig_blob_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_pk_sig_blob_name, packet_tvb, offset, slen, ENC_ASCII);
offset += slen;
slen = tvb_get_ntohl(packet_tvb, offset) ;
proto_tree_add_item(msg_type_tree, hf_ssh_pk_sig_s_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(msg_type_tree, hf_ssh_pk_sig_s, packet_tvb, offset, slen, ENC_NA);
offset += slen;
return offset;
}
#ifdef SSH_DECRYPT_DEBUG /* {{{ */
static FILE* ssh_debug_file=NULL;
static void
ssh_prefs_apply_cb(void)
{
ssh_set_debug(ssh_debug_file_name);
}
static void
ssh_set_debug(const gchar* name)
{
static gint debug_file_must_be_closed;
gint use_stderr;
use_stderr = name?(strcmp(name, SSH_DEBUG_USE_STDERR) == 0):0;
if (debug_file_must_be_closed)
fclose(ssh_debug_file);
if (use_stderr)
ssh_debug_file = stderr;
else if (!name || (strcmp(name, "") ==0))
ssh_debug_file = NULL;
else
ssh_debug_file = ws_fopen(name, "w");
if (!use_stderr && ssh_debug_file)
debug_file_must_be_closed = 1;
else
debug_file_must_be_closed = 0;
ssh_debug_printf("Wireshark SSH debug log \n\n");
#ifdef HAVE_LIBGNUTLS
ssh_debug_printf("GnuTLS version: %s\n", gnutls_check_version(NULL));
#endif
ssh_debug_printf("Libgcrypt version: %s\n", gcry_check_version(NULL));
ssh_debug_printf("\n");
}
static void
ssh_debug_flush(void)
{
if (ssh_debug_file)
fflush(ssh_debug_file);
}
static void
ssh_debug_printf(const gchar* fmt, ...)
{
va_list ap;
if (!ssh_debug_file)
return;
va_start(ap, fmt);
vfprintf(ssh_debug_file, fmt, ap);
va_end(ap);
}
static void
ssh_print_data(const gchar* name, const guchar* data, size_t len)
{
size_t i, j, k;
if (!ssh_debug_file)
return;
#ifdef OPENSSH_STYLE
fprintf(ssh_debug_file,"%s[%d]\n",name, (int) len);
#else
fprintf(ssh_debug_file,"%s[%d]:\n",name, (int) len);
#endif
for (i=0; i<len; i+=16) {
#ifdef OPENSSH_STYLE
fprintf(ssh_debug_file,"%04u: ", (unsigned int)i);
#else
fprintf(ssh_debug_file,"| ");
#endif
for (j=i, k=0; k<16 && j<len; ++j, ++k)
fprintf(ssh_debug_file,"%.2x ",data[j]);
for (; k<16; ++k)
fprintf(ssh_debug_file," ");
#ifdef OPENSSH_STYLE
fputc(' ', ssh_debug_file);
#else
fputc('|', ssh_debug_file);
#endif
for (j=i, k=0; k<16 && j<len; ++j, ++k) {
guchar c = data[j];
if (!g_ascii_isprint(c) || (c=='\t')) c = '.';
fputc(c, ssh_debug_file);
}
#ifdef OPENSSH_STYLE
fprintf(ssh_debug_file,"\n");
#else
for (; k<16; ++k)
fputc(' ', ssh_debug_file);
fprintf(ssh_debug_file,"|\n");
#endif
}
}
#endif /* SSH_DECRYPT_DEBUG }}} */
static void
ssh_secrets_block_callback(const void *secrets, guint size)
{
ssh_keylog_process_lines((const guint8 *)secrets, size);
}
/* Functions for SSH random hashtables. {{{ */
static gint
ssh_equal (gconstpointer v, gconstpointer v2)
{
if (v == NULL || v2 == NULL) {
return 0;
}
const ssh_bignum *val1;
const ssh_bignum *val2;
val1 = (const ssh_bignum *)v;
val2 = (const ssh_bignum *)v2;
if (val1->length == val2->length &&
!memcmp(val1->data, val2->data, val2->length)) {
return 1;
}
return 0;
}
static guint
ssh_hash (gconstpointer v)
{
guint l,hash;
const ssh_bignum* id;
const guint* cur;
if (v == NULL) {
return 0;
}
hash = 0;
id = (const ssh_bignum*) v;
/* id and id->data are mallocated in ssh_save_master_key(). As such 'data'
* should be aligned for any kind of access (for example as a guint as
* is done below). The intermediate void* cast is to prevent "cast
* increases required alignment of target type" warnings on CPUs (such
* as SPARCs) that do not allow misaligned memory accesses.
*/
cur = (const guint*)(void*) id->data;
for (l=4; (l < id->length); l+=4, cur++)
hash = hash ^ (*cur);
return hash;
}
/* Functions for SSH random hashtables. }}} */
void
proto_register_ssh(void)
{
static hf_register_info hf[] = {
{ &hf_ssh_protocol,
{ "Protocol", "ssh.protocol",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_packet_length,
{ "Packet Length", "ssh.packet_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_packet_length_encrypted,
{ "Packet Length (encrypted)", "ssh.packet_length_encrypted",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_padding_length,
{ "Padding Length", "ssh.padding_length",
FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_payload,
{ "Payload", "ssh.payload",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_encrypted_packet,
{ "Encrypted Packet", "ssh.encrypted_packet",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_padding_string,
{ "Padding String", "ssh.padding_string",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_seq_num,
{ "Sequence number", "ssh.seq_num",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_mac_string,
{ "MAC", "ssh.mac",
FT_BYTES, BASE_NONE, NULL, 0x0,
"Message authentication code", HFILL }},
{ &hf_ssh_mac_status,
{ "MAC Status", "ssh.mac.status", FT_UINT8, BASE_NONE, VALS(proto_checksum_vals), 0x0,
NULL, HFILL }},
{ &hf_ssh_direction,
{ "Direction", "ssh.direction",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"Message direction", HFILL }},
{ &hf_ssh_msg_code,
{ "Message Code", "ssh.message_code",
FT_UINT8, BASE_DEC, VALS(ssh1_msg_vals), 0x0,
NULL, HFILL }},
{ &hf_ssh2_msg_code,
{ "Message Code", "ssh.message_code",
FT_UINT8, BASE_DEC, VALS(ssh2_msg_vals), 0x0,
NULL, HFILL }},
{ &hf_ssh2_kex_dh_msg_code,
{ "Message Code", "ssh.message_code",
FT_UINT8, BASE_DEC, VALS(ssh2_kex_dh_msg_vals), 0x0,
NULL, HFILL }},
{ &hf_ssh2_kex_dh_gex_msg_code,
{ "Message Code", "ssh.message_code",
FT_UINT8, BASE_DEC, VALS(ssh2_kex_dh_gex_msg_vals), 0x0,
NULL, HFILL }},
{ &hf_ssh2_kex_ecdh_msg_code,
{ "Message Code", "ssh.message_code",
FT_UINT8, BASE_DEC, VALS(ssh2_kex_ecdh_msg_vals), 0x0,
NULL, HFILL }},
{ &hf_ssh_cookie,
{ "Cookie", "ssh.cookie",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_kex_algorithms,
{ "kex_algorithms string", "ssh.kex_algorithms",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_server_host_key_algorithms,
{ "server_host_key_algorithms string", "ssh.server_host_key_algorithms",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_encryption_algorithms_client_to_server,
{ "encryption_algorithms_client_to_server string", "ssh.encryption_algorithms_client_to_server",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_encryption_algorithms_server_to_client,
{ "encryption_algorithms_server_to_client string", "ssh.encryption_algorithms_server_to_client",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_mac_algorithms_client_to_server,
{ "mac_algorithms_client_to_server string", "ssh.mac_algorithms_client_to_server",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_mac_algorithms_server_to_client,
{ "mac_algorithms_server_to_client string", "ssh.mac_algorithms_server_to_client",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_compression_algorithms_client_to_server,
{ "compression_algorithms_client_to_server string", "ssh.compression_algorithms_client_to_server",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_compression_algorithms_server_to_client,
{ "compression_algorithms_server_to_client string", "ssh.compression_algorithms_server_to_client",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_languages_client_to_server,
{ "languages_client_to_server string", "ssh.languages_client_to_server",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_languages_server_to_client,
{ "languages_server_to_client string", "ssh.languages_server_to_client",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_kex_algorithms_length,
{ "kex_algorithms length", "ssh.kex_algorithms_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_server_host_key_algorithms_length,
{ "server_host_key_algorithms length", "ssh.server_host_key_algorithms_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_encryption_algorithms_client_to_server_length,
{ "encryption_algorithms_client_to_server length", "ssh.encryption_algorithms_client_to_server_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_encryption_algorithms_server_to_client_length,
{ "encryption_algorithms_server_to_client length", "ssh.encryption_algorithms_server_to_client_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_mac_algorithms_client_to_server_length,
{ "mac_algorithms_client_to_server length", "ssh.mac_algorithms_client_to_server_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_mac_algorithms_server_to_client_length,
{ "mac_algorithms_server_to_client length", "ssh.mac_algorithms_server_to_client_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_compression_algorithms_client_to_server_length,
{ "compression_algorithms_client_to_server length", "ssh.compression_algorithms_client_to_server_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_compression_algorithms_server_to_client_length,
{ "compression_algorithms_server_to_client length", "ssh.compression_algorithms_server_to_client_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_languages_client_to_server_length,
{ "languages_client_to_server length", "ssh.languages_client_to_server_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_languages_server_to_client_length,
{ "languages_server_to_client length", "ssh.languages_server_to_client_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_first_kex_packet_follows,
{ "First KEX Packet Follows", "ssh.first_kex_packet_follows",
FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_kex_reserved,
{ "Reserved", "ssh.kex.reserved",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_kex_hassh_algo,
{ "hasshAlgorithms", "ssh.kex.hassh_algorithms",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_kex_hassh,
{ "hassh", "ssh.kex.hassh",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_kex_hasshserver_algo,
{ "hasshServerAlgorithms", "ssh.kex.hasshserver_algorithms",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_kex_hasshserver,
{ "hasshServer", "ssh.kex.hasshserver",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostkey_length,
{ "Host key length", "ssh.host_key.length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostkey_type_length,
{ "Host key type length", "ssh.host_key.type_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostkey_type,
{ "Host key type", "ssh.host_key.type",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostkey_data,
{ "Host key data", "ssh.host_key.data",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostkey_rsa_n,
{ "RSA modulus (N)", "ssh.host_key.rsa.n",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostkey_rsa_e,
{ "RSA public exponent (e)", "ssh.host_key.rsa.e",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostkey_dsa_p,
{ "DSA prime modulus (p)", "ssh.host_key.dsa.p",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostkey_dsa_q,
{ "DSA prime divisor (q)", "ssh.host_key.dsa.q",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostkey_dsa_g,
{ "DSA subgroup generator (g)", "ssh.host_key.dsa.g",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostkey_dsa_y,
{ "DSA public key (y)", "ssh.host_key.dsa.y",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostkey_ecdsa_curve_id,
{ "ECDSA elliptic curve identifier", "ssh.host_key.ecdsa.id",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostkey_ecdsa_curve_id_length,
{ "ECDSA elliptic curve identifier length", "ssh.host_key.ecdsa.id_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostkey_ecdsa_q,
{ "ECDSA public key (Q)", "ssh.host_key.ecdsa.q",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostkey_ecdsa_q_length,
{ "ECDSA public key length", "ssh.host_key.ecdsa.q_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostkey_eddsa_key,
{ "EdDSA public key", "ssh.host_key.eddsa.key",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostkey_eddsa_key_length,
{ "EdDSA public key length", "ssh.host_key.eddsa.key_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostsig_length,
{ "Host signature length", "ssh.host_sig.length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostsig_type_length,
{ "Host signature type length", "ssh.host_sig.type_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostsig_type,
{ "Host signature type", "ssh.host_sig.type",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostsig_data,
{ "Host signature data", "ssh.host_sig.data",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostsig_rsa,
{ "RSA signature", "ssh.host_sig.rsa",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_hostsig_dsa,
{ "DSA signature", "ssh.host_sig.dsa",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_dh_e,
{ "DH client e", "ssh.dh.e",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_dh_f,
{ "DH server f", "ssh.dh.f",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_dh_gex_min,
{ "DH GEX Min", "ssh.dh_gex.min",
FT_UINT32, BASE_DEC, NULL, 0x0,
"Minimal acceptable group size", HFILL }},
{ &hf_ssh_dh_gex_nbits,
{ "DH GEX Number of Bits", "ssh.dh_gex.nbits",
FT_UINT32, BASE_DEC, NULL, 0x0,
"Preferred group size", HFILL }},
{ &hf_ssh_dh_gex_max,
{ "DH GEX Max", "ssh.dh_gex.max",
FT_UINT32, BASE_DEC, NULL, 0x0,
"Maximal acceptable group size", HFILL }},
{ &hf_ssh_dh_gex_p,
{ "DH GEX modulus (P)", "ssh.dh_gex.p",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_dh_gex_g,
{ "DH GEX base (G)", "ssh.dh_gex.g",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_ecdh_q_c,
{ "ECDH client's ephemeral public key (Q_C)", "ssh.ecdh.q_c",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_ecdh_q_c_length,
{ "ECDH client's ephemeral public key length", "ssh.ecdh.q_c_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_ecdh_q_s,
{ "ECDH server's ephemeral public key (Q_S)", "ssh.ecdh.q_s",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_ecdh_q_s_length,
{ "ECDH server's ephemeral public key length", "ssh.ecdh.q_s_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_mpint_length,
{ "Multi Precision Integer Length", "ssh.mpint_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_ignore_data_length,
{ "Debug message length", "ssh.ignore_data_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_ignore_data,
{ "Ignore data", "ssh.ignore_data",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_debug_always_display,
{ "Always Display", "ssh.debug_always_display",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_debug_message_length,
{ "Debug message length", "ssh.debug_name_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_debug_message,
{ "Debug message", "ssh.debug_name",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_service_name_length,
{ "Service Name length", "ssh.service_name_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_service_name,
{ "Service Name", "ssh.service_name",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_disconnect_reason,
{ "Disconnect reason", "ssh.disconnect_reason",
FT_UINT32, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_disconnect_description_length,
{ "Disconnect description length", "ssh.disconnect_description_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_disconnect_description,
{ "Disconnect description", "ssh.disconnect_description",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_lang_tag_length,
{ "Language tag length", "ssh.lang_tag_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_lang_tag,
{ "Language tag", "ssh.lang_tag",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_userauth_user_name_length,
{ "User Name length", "ssh.userauth_user_name_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_userauth_user_name,
{ "User Name", "ssh.userauth_user_name",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_userauth_change_password,
{ "Change password", "ssh.userauth.change_password",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_userauth_service_name_length,
{ "Service Name length", "ssh.userauth_service_name_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_userauth_service_name,
{ "Service Name", "ssh.userauth_service_name",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_userauth_method_name_length,
{ "Method Name length", "ssh.userauth_method_name_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_userauth_method_name,
{ "Method Name", "ssh.userauth_method_name",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_userauth_have_signature,
{ "Have signature", "ssh.userauth.have_signature",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_userauth_password_length,
{ "Password length", "ssh.userauth_password_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_userauth_password,
{ "Password", "ssh.userauth_password",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_userauth_new_password_length,
{ "New password length", "ssh.userauth_new_password_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_userauth_new_password,
{ "New password", "ssh.userauth_new_password",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_auth_failure_list_length,
{ "Authentications that can continue list len", "ssh.auth_failure_cont_list_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_auth_failure_list,
{ "Authentications that can continue list", "ssh.auth_failure_cont_list",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_userauth_partial_success,
{ "Partial success", "ssh.userauth.partial_success",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_userauth_pka_name_len,
{ "Public key algorithm name length", "ssh.userauth_pka_name_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_userauth_pka_name,
{ "Public key algorithm name", "ssh.userauth_pka_name",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_pk_blob_name_length,
{ "Public key blob algorithm name length", "ssh.pk_blob_name_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_pk_blob_name,
{ "Public key blob algorithm name", "ssh.pk_blob_name",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_blob_length,
{ "Public key blob length", "ssh.pk_blob_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_blob_p,
{ "ssh-rsa modulus (n)", "ssh.blob.ssh-rsa.n",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_blob_e,
{ "ssh-rsa public exponent (e)", "ssh.blob.ssh-rsa.e",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_signature_length,
{ "Public key signature blob length", "ssh.pk_sig_blob_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_pk_sig_blob_name_length,
{ "Public key signature blob algorithm name length", "ssh.pk_sig_blob_name_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_pk_sig_blob_name,
{ "Public key signature blob algorithm name", "ssh.pk_sig_blob_name",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_pk_sig_s_length,
{ "ssh-rsa signature length", "ssh.sig.ssh-rsa.length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_pk_sig_s,
{ "ssh-rsa signature (s)", "ssh.sig.ssh-rsa.s",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_connection_type_name_len,
{ "Channel type name length", "ssh.connection_type_name_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_connection_type_name,
{ "Channel type name", "ssh.connection_type_name",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_connection_sender_channel,
{ "Sender channel", "ssh.connection_sender_channel",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_connection_recipient_channel,
{ "Recipient channel", "ssh.connection_recipient_channel",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_connection_initial_window,
{ "Initial window size", "ssh.connection_initial_window_size",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_connection_maximum_packet_size,
{ "Maximum packet size", "ssh.userauth_maximum_packet_size",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_global_request_name_len,
{ "Global request name length", "ssh.global_request_name_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_global_request_name,
{ "Global request name", "ssh.global_request_name",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_global_request_want_reply,
{ "Global request want reply", "ssh.global_request_want_reply",
FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_global_request_hostkeys_array_len,
{ "Host keys array length", "ssh.global_request_hostkeys",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_channel_request_name_len,
{ "Channel request name length", "ssh.global_request_name_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_channel_request_name,
{ "Channel request name", "ssh.global_request_name",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_channel_request_want_reply,
{ "Channel request want reply", "ssh.channel_request_want_reply",
FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_subsystem_name_len,
{ "Subsystem name length", "ssh.subsystem_name_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_subsystem_name,
{ "Subsystem name", "ssh.subsystem_name",
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_exit_status,
{ "Exit status", "ssh.exit_status",
FT_UINT32, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_channel_window_adjust,
{ "Bytes to add", "ssh.channel_window_adjust",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_ssh_channel_data_len,
{ "Data length", "ssh.channel_data_length",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
};
static gint *ett[] = {
&ett_ssh,
&ett_key_exchange,
&ett_key_exchange_host_key,
&ett_key_exchange_host_sig,
&ett_userauth_pk_blob,
&ett_userauth_pk_signautre,
&ett_ssh1,
&ett_ssh2,
&ett_key_init
};
static ei_register_info ei[] = {
{ &ei_ssh_packet_length, { "ssh.packet_length.error", PI_PROTOCOL, PI_WARN, "Overly large number", EXPFILL }},
{ &ei_ssh_packet_decode, { "ssh.packet_decode.error", PI_PROTOCOL, PI_WARN, "Packet decoded length not equal to packet length", EXPFILL }},
{ &ei_ssh_invalid_keylen, { "ssh.key_length.error", PI_PROTOCOL, PI_ERROR, "Invalid key length", EXPFILL }},
{ &ei_ssh_mac_bad, { "ssh.mac_bad.expert", PI_CHECKSUM, PI_ERROR, "Bad MAC", EXPFILL }},
};
module_t *ssh_module;
expert_module_t *expert_ssh;
proto_ssh = proto_register_protocol("SSH Protocol", "SSH", "ssh");
proto_register_field_array(proto_ssh, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
expert_ssh = expert_register_protocol(proto_ssh);
expert_register_field_array(expert_ssh, ei, array_length(ei));
#ifdef SSH_DECRYPT_DEBUG
ssh_module = prefs_register_protocol(proto_ssh, ssh_prefs_apply_cb);
#else
ssh_module = prefs_register_protocol(proto_ssh, NULL);
#endif
prefs_register_bool_preference(ssh_module, "desegment_buffers",
"Reassemble SSH buffers spanning multiple TCP segments",
"Whether the SSH dissector should reassemble SSH buffers spanning multiple TCP segments. "
"To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
&ssh_desegment);
ssh_master_key_map = g_hash_table_new(ssh_hash, ssh_equal);
prefs_register_filename_preference(ssh_module, "keylog_file", "Key log filename",
"The path to the file which contains a list of key exchange secrets in the following format:\n"
"\"<hex-encoded-cookie> <hex-encoded-key>\" (without quotes or leading spaces).\n",
&pref_keylog_file, FALSE);
prefs_register_filename_preference(ssh_module, "debug_file", "SSH debug file",
"Redirect SSH debug to the file specified. Leave empty to disable debugging "
"or use \"" SSH_DEBUG_USE_STDERR "\" to redirect output to stderr.",
&ssh_debug_file_name, TRUE);
secrets_register_type(SECRETS_TYPE_SSH, ssh_secrets_block_callback);
ssh_handle = register_dissector("ssh", dissect_ssh, proto_ssh);
}
void
proto_reg_handoff_ssh(void)
{
#ifdef SSH_DECRYPT_DEBUG
ssh_set_debug(ssh_debug_file_name);
#endif
dissector_add_uint_range_with_preference("tcp.port", TCP_RANGE_SSH, ssh_handle);
dissector_add_uint("sctp.port", SCTP_PORT_SSH, ssh_handle);
dissector_add_uint("sctp.ppi", SSH_PAYLOAD_PROTOCOL_ID, ssh_handle);
sftp_handle = find_dissector("sftp");
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*
* Local variables:
* c-basic-offset: 4
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* vi: set shiftwidth=4 tabstop=8 expandtab:
* :indentSize=4:tabSize=8:noTabs=true:
*/
Reference in New Issue View Git Blame Copy Permalink