Bug Summary

File:epan/dissectors/packet-ssh.c
Warning:line 2656, column 17
Value of 'errno' was not checked and may be overwritten by function 'ferror'

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name packet-ssh.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -fno-delete-null-pointer-checks -mframe-pointer=all -relaxed-aliasing -fmath-errno -ffp-contract=on -fno-rounding-math -ffloat16-excess-precision=fast -fbfloat16-excess-precision=fast -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/builds/wireshark/wireshark/build -fcoverage-compilation-dir=/builds/wireshark/wireshark/build -resource-dir /usr/lib/llvm-20/lib/clang/20 -isystem /usr/include/glib-2.0 -isystem /usr/lib/x86_64-linux-gnu/glib-2.0/include -isystem /builds/wireshark/wireshark/epan/dissectors -isystem /builds/wireshark/wireshark/build/epan/dissectors -isystem /usr/include/mit-krb5 -isystem /usr/include/libxml2 -isystem /builds/wireshark/wireshark/epan -D G_DISABLE_DEPRECATED -D G_DISABLE_SINGLE_INCLUDES -D WS_BUILD_DLL -D WS_DEBUG -D WS_DEBUG_UTF_8 -I /builds/wireshark/wireshark/build -I /builds/wireshark/wireshark -I /builds/wireshark/wireshark/include -D _GLIBCXX_ASSERTIONS -internal-isystem /usr/lib/llvm-20/lib/clang/20/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -fmacro-prefix-map=/builds/wireshark/wireshark/= -fmacro-prefix-map=/builds/wireshark/wireshark/build/= -fmacro-prefix-map=../= -Wno-format-truncation -Wno-format-nonliteral -Wno-pointer-sign -std=gnu11 -ferror-limit 19 -fvisibility=hidden -fwrapv -fwrapv-pointer -fstrict-flex-arrays=3 -stack-protector 2 -fstack-clash-protection -fcf-protection=full -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fexceptions -fcolor-diagnostics -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /builds/wireshark/wireshark/sbout/2025-09-10-100354-3933-1 -x c /builds/wireshark/wireshark/epan/dissectors/packet-ssh.c
1/* packet-ssh.c
2 * Routines for ssh packet dissection
3 *
4 * Huagang XIE <[email protected]>
5 * Kees Cook <[email protected]>
6 *
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <[email protected]>
9 * Copyright 1998 Gerald Combs
10 *
11 * Copied from packet-mysql.c
12 *
13 * SPDX-License-Identifier: GPL-2.0-or-later
14 *
15 *
16 * Note: support SSH v1 and v2 now.
17 *
18 */
19
20/* SSH version 2 is defined in:
21 *
22 * RFC 4250: The Secure Shell (SSH) Protocol Assigned Numbers
23 * RFC 4251: The Secure Shell (SSH) Protocol Architecture
24 * RFC 4252: The Secure Shell (SSH) Authentication Protocol
25 * RFC 4253: The Secure Shell (SSH) Transport Layer Protocol
26 * RFC 4254: The Secure Shell (SSH) Connection Protocol
27 *
28 * SSH versions under 2 were never officially standardized.
29 *
30 * Diffie-Hellman Group Exchange is defined in:
31 *
32 * RFC 4419: Diffie-Hellman Group Exchange for
33 * the Secure Shell (SSH) Transport Layer Protocol
34 */
35
36/* "SSH" prefixes are for version 2, whereas "SSH1" is for version 1 */
37
38#include "config.h"
39/* Start with WIRESHARK_LOG_DOMAINS=packet-ssh and WIRESHARK_LOG_LEVEL=debug to see messages. */
40#define WS_LOG_DOMAIN"packet-ssh" "packet-ssh"
41
42// Define this to get hex dumps more similar to what you get in openssh. If not defined, dumps look more like what you get with other dissectors.
43#define OPENSSH_STYLE
44
45#include <jtckdint.h>
46#include <errno(*__errno_location ()).h>
47
48#include <epan/packet.h>
49#include <epan/exceptions.h>
50#include <epan/sctpppids.h>
51#include <epan/prefs.h>
52#include <epan/expert.h>
53#include <epan/proto_data.h>
54#include <epan/tfs.h>
55#include <epan/unit_strings.h>
56#include <wsutil/strtoi.h>
57#include <wsutil/to_str.h>
58#include <wsutil/file_util.h>
59#include <wsutil/filesystem.h>
60#include <wsutil/wsgcrypt.h>
61#include <wsutil/curve25519.h>
62#include <wsutil/pint.h>
63#include <wsutil/str_util.h>
64#include <wsutil/wslog.h>
65#include <epan/secrets.h>
66#include <wiretap/secrets-types.h>
67
68#if defined(HAVE_LIBGNUTLS1)
69#include <gnutls/abstract.h>
70#endif
71
72#include "packet-tcp.h"
73
74void proto_register_ssh(void);
75void proto_reg_handoff_ssh(void);
76
77/* SSH Version 1 definition , from openssh ssh1.h */
78#define SSH1_MSG_NONE0 0 /* no message */
79#define SSH1_MSG_DISCONNECT1 1 /* cause (string) */
80#define SSH1_SMSG_PUBLIC_KEY2 2 /* ck,msk,srvk,hostk */
81#define SSH1_CMSG_SESSION_KEY3 3 /* key (BIGNUM) */
82#define SSH1_CMSG_USER4 4 /* user (string) */
83
84
85#define SSH_VERSION_UNKNOWN0 0
86#define SSH_VERSION_11 1
87#define SSH_VERSION_22 2
88
89/* proto data */
90
91typedef struct {
92 uint8_t *data;
93 unsigned length;
94} ssh_bignum;
95
96#define SSH_KEX_CURVE255190x00010000 0x00010000
97#define SSH_KEX_DH_GEX0x00020000 0x00020000
98#define SSH_KEX_DH_GROUP10x00030001 0x00030001
99#define SSH_KEX_DH_GROUP140x00030014 0x00030014
100#define SSH_KEX_DH_GROUP160x00030016 0x00030016
101#define SSH_KEX_DH_GROUP180x00030018 0x00030018
102#define SSH_KEX_SNTRUP761X255190x00040000 0x00040000
103#define SSH_KEX_MLKEM768X255190x00050000 0x00050000
104
105#define SSH_KEX_HASH_SHA11 1
106#define SSH_KEX_HASH_SHA2562 2
107#define SSH_KEX_HASH_SHA5124 4
108
109#define DIGEST_MAX_SIZE48 48
110
111/* The maximum SSH packet_length accepted. If the packet_length field after
112 * attempted decryption is larger than this, the packet will be assumed to
113 * have failed decryption (possibly due to being continuation data).
114 * (This could be made a preference.)
115 */
116#define SSH_MAX_PACKET_LEN32768 32768
117
118typedef struct _ssh_message_info_t {
119 uint32_t sequence_number;
120 unsigned char *plain_data; /**< Decrypted data. */
121 unsigned data_len; /**< Length of decrypted data. */
122 int id; /**< Identifies the exact message within a frame
123 (there can be multiple records in a frame). */
124 uint32_t byte_seq;
125 uint32_t next_byte_seq;
126 struct _ssh_message_info_t* next;
127 uint8_t calc_mac[DIGEST_MAX_SIZE48];
128} ssh_message_info_t;
129
130typedef struct {
131 bool_Bool from_server;
132 ssh_message_info_t * messages;
133} ssh_packet_info_t;
134
135typedef struct _ssh_channel_info_t {
136 uint32_t byte_seq;
137 uint16_t flags;
138 wmem_tree_t *multisegment_pdus;
139 dissector_handle_t handle;
140} ssh_channel_info_t;
141
142struct ssh_peer_data {
143 unsigned counter;
144
145 uint32_t frame_version_start;
146 uint32_t frame_version_end;
147
148 uint32_t frame_key_start;
149 uint32_t frame_key_end;
150 int frame_key_end_offset;
151
152 char* kex_proposal;
153
154 /* For all subsequent proposals,
155 [0] is client-to-server and [1] is server-to-client. */
156#define CLIENT_TO_SERVER_PROPOSAL0 0
157#define SERVER_TO_CLIENT_PROPOSAL1 1
158
159 char* mac_proposals[2];
160 char* mac;
161 int mac_length;
162
163 char* enc_proposals[2];
164 char* enc;
165
166 char* comp_proposals[2];
167 char* comp;
168
169 int length_is_plaintext;
170
171 // see libgcrypt source, gcrypt.h:gcry_cipher_algos
172 unsigned cipher_id;
173 unsigned mac_id;
174 // chacha20 needs two cipher handles
175 gcry_cipher_hd_t cipher, cipher_2;
176 unsigned sequence_number;
177 ssh_bignum *bn_cookie;
178 uint8_t iv[12];
179 uint8_t hmac_iv[DIGEST_MAX_SIZE48];
180 unsigned hmac_iv_len;
181
182 unsigned int rekey_trigger_frame; // for storing new KEXINIT frame value when REKEY
183 bool_Bool rekey_pending; // trace REKEY
184 uint8_t plain0[16];
185 bool_Bool plain0_valid;
186
187 wmem_map_t *channel_info; /**< Map of sender channel numbers to recipient numbers. */
188 wmem_map_t *channel_handles; /**< Map of recipient channel numbers to subdissector handles. */
189 struct ssh_flow_data * global_data;
190};
191
192struct ssh_flow_data {
193 unsigned version;
194
195 /* The address/port of the server */
196 address srv_addr;
197 unsigned srv_port;
198
199 char* kex;
200 int (*kex_specific_dissector)(uint8_t msg_code, tvbuff_t *tvb,
201 packet_info *pinfo, int offset, proto_tree *tree,
202 struct ssh_flow_data *global_data);
203
204 /* [0] is client's, [1] is server's */
205#define CLIENT_PEER_DATA0 0
206#define SERVER_PEER_DATA1 1
207 struct ssh_peer_data peer_data[2];
208
209 char *session_id;
210 unsigned session_id_length;
211 ssh_bignum *kex_e;
212 ssh_bignum *kex_f;
213 ssh_bignum *kex_gex_p; // Group modulo
214 ssh_bignum *kex_gex_g; // Group generator
215 ssh_bignum *secret;
216 wmem_array_t *kex_client_version;
217 wmem_array_t *kex_server_version;
218 wmem_array_t *kex_client_key_exchange_init;
219 wmem_array_t *kex_server_key_exchange_init;
220 wmem_array_t *kex_server_host_key_blob;
221 wmem_array_t *kex_gex_bits_min;
222 wmem_array_t *kex_gex_bits_req;
223 wmem_array_t *kex_gex_bits_max;
224 wmem_array_t *kex_shared_secret;
225 bool_Bool do_decrypt;
226 bool_Bool ext_ping_openssh_offered;
227 bool_Bool ext_kex_strict;
228 ssh_bignum new_keys[6];
229 uint8_t *pqkem_ciphertext;
230 uint32_t pqkem_ciphertext_len;
231 uint8_t *curve25519_pub;
232 uint32_t curve25519_pub_len;
233 // storing PQ dissected keys
234 uint8_t *kex_e_pq; // binary material => no bignum (not traditional DH integer / not math ready)
235 uint8_t *kex_f_pq; // binary material => no bignum (not traditional DH integer / not math ready)
236 uint32_t kex_e_pq_len;
237 uint32_t kex_f_pq_len;
238};
239
240typedef struct {
241 char *type; // "PRIVATE_KEY" or "SHARED_SECRET"
242 ssh_bignum *key_material; // Either private key or shared secret
243} ssh_key_map_entry_t;
244
245static GHashTable * ssh_master_key_map;
246
247static int proto_ssh;
248
249/* Version exchange */
250static int hf_ssh_protocol;
251
252/* Framing */
253static int hf_ssh_packet_length;
254static int hf_ssh_packet_length_encrypted;
255static int hf_ssh_padding_length;
256static int hf_ssh_payload;
257static int hf_ssh_encrypted_packet;
258static int hf_ssh_padding_string;
259static int hf_ssh_mac_string;
260static int hf_ssh_mac_status;
261static int hf_ssh_seq_num;
262static int hf_ssh_direction;
263
264/* Message codes */
265static int hf_ssh_msg_code;
266static int hf_ssh2_msg_code;
267static int hf_ssh2_kex_dh_msg_code;
268static int hf_ssh2_kex_dh_gex_msg_code;
269static int hf_ssh2_kex_ecdh_msg_code;
270static int hf_ssh2_kex_hybrid_msg_code;
271static int hf_ssh2_ext_ping_msg_code;
272
273/* Algorithm negotiation */
274static int hf_ssh_cookie;
275static int hf_ssh_kex_algorithms;
276static int hf_ssh_server_host_key_algorithms;
277static int hf_ssh_encryption_algorithms_client_to_server;
278static int hf_ssh_encryption_algorithms_server_to_client;
279static int hf_ssh_mac_algorithms_client_to_server;
280static int hf_ssh_mac_algorithms_server_to_client;
281static int hf_ssh_compression_algorithms_client_to_server;
282static int hf_ssh_compression_algorithms_server_to_client;
283static int hf_ssh_languages_client_to_server;
284static int hf_ssh_languages_server_to_client;
285static int hf_ssh_kex_algorithms_length;
286static int hf_ssh_server_host_key_algorithms_length;
287static int hf_ssh_encryption_algorithms_client_to_server_length;
288static int hf_ssh_encryption_algorithms_server_to_client_length;
289static int hf_ssh_mac_algorithms_client_to_server_length;
290static int hf_ssh_mac_algorithms_server_to_client_length;
291static int hf_ssh_compression_algorithms_client_to_server_length;
292static int hf_ssh_compression_algorithms_server_to_client_length;
293static int hf_ssh_languages_client_to_server_length;
294static int hf_ssh_languages_server_to_client_length;
295static int hf_ssh_first_kex_packet_follows;
296static int hf_ssh_kex_reserved;
297static int hf_ssh_kex_hassh_algo;
298static int hf_ssh_kex_hassh;
299static int hf_ssh_kex_hasshserver_algo;
300static int hf_ssh_kex_hasshserver;
301
302/* Key exchange common elements */
303static int hf_ssh_hostkey_length;
304static int hf_ssh_hostkey_type_length;
305static int hf_ssh_hostkey_type;
306static int hf_ssh_hostkey_data;
307static int hf_ssh_hostkey_rsa_n;
308static int hf_ssh_hostkey_rsa_e;
309static int hf_ssh_hostkey_dsa_p;
310static int hf_ssh_hostkey_dsa_q;
311static int hf_ssh_hostkey_dsa_g;
312static int hf_ssh_hostkey_dsa_y;
313static int hf_ssh_hostkey_ecdsa_curve_id;
314static int hf_ssh_hostkey_ecdsa_curve_id_length;
315static int hf_ssh_hostkey_ecdsa_q;
316static int hf_ssh_hostkey_ecdsa_q_length;
317static int hf_ssh_hostkey_eddsa_key;
318static int hf_ssh_hostkey_eddsa_key_length;
319static int hf_ssh_hostsig_length;
320static int hf_ssh_hostsig_type_length;
321static int hf_ssh_hostsig_type;
322static int hf_ssh_hostsig_rsa;
323static int hf_ssh_hostsig_dsa;
324static int hf_ssh_hostsig_data;
325
326/* Key exchange: Diffie-Hellman */
327static int hf_ssh_dh_e;
328static int hf_ssh_dh_f;
329
330/* Key exchange: Diffie-Hellman Group Exchange */
331static int hf_ssh_dh_gex_min;
332static int hf_ssh_dh_gex_nbits;
333static int hf_ssh_dh_gex_max;
334static int hf_ssh_dh_gex_p;
335static int hf_ssh_dh_gex_g;
336
337/* Key exchange: Elliptic Curve Diffie-Hellman */
338static int hf_ssh_ecdh_q_c;
339static int hf_ssh_ecdh_q_c_length;
340static int hf_ssh_ecdh_q_s;
341static int hf_ssh_ecdh_q_s_length;
342
343/* Key exchange: Post-Quantum Hybrid KEM */
344static int hf_ssh_hybrid_blob_client; // client's full PQ blob
345static int hf_ssh_hybrid_blob_client_len;
346static int hf_ssh_hybrid_blob_server; // server's full PQ blob
347static int hf_ssh_hybrid_blob_server_len;
348static int hf_ssh_pq_kem_client; // client's PQ public key
349static int hf_ssh_pq_kem_server; // server's PQ response
350
351/* Extension negotiation */
352static int hf_ssh_ext_count;
353static int hf_ssh_ext_name_length;
354static int hf_ssh_ext_name;
355static int hf_ssh_ext_value_length;
356static int hf_ssh_ext_value;
357static int hf_ssh_ext_server_sig_algs_algorithms;
358static int hf_ssh_ext_delay_compression_algorithms_client_to_server_length;
359static int hf_ssh_ext_delay_compression_algorithms_client_to_server;
360static int hf_ssh_ext_delay_compression_algorithms_server_to_client_length;
361static int hf_ssh_ext_delay_compression_algorithms_server_to_client;
362static int hf_ssh_ext_no_flow_control_value;
363static int hf_ssh_ext_elevation_value;
364static int hf_ssh_ext_prop_publickey_algorithms_algorithms;
365
366/* Miscellaneous */
367static int hf_ssh_mpint_length;
368
369static int hf_ssh_ignore_data_length;
370static int hf_ssh_ignore_data;
371static int hf_ssh_debug_always_display;
372static int hf_ssh_debug_message_length;
373static int hf_ssh_debug_message;
374static int hf_ssh_service_name_length;
375static int hf_ssh_service_name;
376static int hf_ssh_userauth_user_name_length;
377static int hf_ssh_userauth_user_name;
378static int hf_ssh_userauth_change_password;
379static int hf_ssh_userauth_service_name_length;
380static int hf_ssh_userauth_service_name;
381static int hf_ssh_userauth_method_name_length;
382static int hf_ssh_userauth_method_name;
383static int hf_ssh_userauth_have_signature;
384static int hf_ssh_userauth_password_length;
385static int hf_ssh_userauth_password;
386static int hf_ssh_userauth_new_password_length;
387static int hf_ssh_userauth_new_password;
388static int hf_ssh_auth_failure_list_length;
389static int hf_ssh_auth_failure_list;
390static int hf_ssh_userauth_partial_success;
391static int hf_ssh_userauth_pka_name_len;
392static int hf_ssh_userauth_pka_name;
393static int hf_ssh_pk_blob_name_length;
394static int hf_ssh_pk_blob_name;
395static int hf_ssh_blob_length;
396static int hf_ssh_signature_length;
397static int hf_ssh_pk_sig_blob_name_length;
398static int hf_ssh_pk_sig_blob_name;
399static int hf_ssh_connection_type_name_len;
400static int hf_ssh_connection_type_name;
401static int hf_ssh_connection_sender_channel;
402static int hf_ssh_connection_recipient_channel;
403static int hf_ssh_connection_initial_window;
404static int hf_ssh_connection_maximum_packet_size;
405static int hf_ssh_global_request_name_len;
406static int hf_ssh_global_request_name;
407static int hf_ssh_global_request_want_reply;
408static int hf_ssh_global_request_hostkeys_array_len;
409static int hf_ssh_channel_request_name_len;
410static int hf_ssh_channel_request_name;
411static int hf_ssh_channel_request_want_reply;
412static int hf_ssh_subsystem_name_len;
413static int hf_ssh_subsystem_name;
414static int hf_ssh_exec_cmd;
415static int hf_ssh_env_name;
416static int hf_ssh_env_value;
417static int hf_ssh_pty_term;
418static int hf_ssh_pty_term_width_char;
419static int hf_ssh_pty_term_height_row;
420static int hf_ssh_pty_term_width_pixel;
421static int hf_ssh_pty_term_height_pixel;
422static int hf_ssh_pty_term_modes_len;
423static int hf_ssh_pty_term_modes;
424static int hf_ssh_pty_term_mode;
425static int hf_ssh_pty_term_mode_opcode;
426static int hf_ssh_pty_term_mode_vintr;
427static int hf_ssh_pty_term_mode_vquit;
428static int hf_ssh_pty_term_mode_verase;
429static int hf_ssh_pty_term_mode_vkill;
430static int hf_ssh_pty_term_mode_veof;
431static int hf_ssh_pty_term_mode_veol;
432static int hf_ssh_pty_term_mode_veol2;
433static int hf_ssh_pty_term_mode_vstart;
434static int hf_ssh_pty_term_mode_vstop;
435static int hf_ssh_pty_term_mode_vsusp;
436static int hf_ssh_pty_term_mode_vdsusp;
437static int hf_ssh_pty_term_mode_vreprint;
438static int hf_ssh_pty_term_mode_vwerase;
439static int hf_ssh_pty_term_mode_vlnext;
440static int hf_ssh_pty_term_mode_vflush;
441static int hf_ssh_pty_term_mode_vswtch;
442static int hf_ssh_pty_term_mode_vstatus;
443static int hf_ssh_pty_term_mode_vdiscard;
444static int hf_ssh_pty_term_mode_ignpar;
445static int hf_ssh_pty_term_mode_parmrk;
446static int hf_ssh_pty_term_mode_inpck;
447static int hf_ssh_pty_term_mode_istrip;
448static int hf_ssh_pty_term_mode_inlcr;
449static int hf_ssh_pty_term_mode_igncr;
450static int hf_ssh_pty_term_mode_icrnl;
451static int hf_ssh_pty_term_mode_iuclc;
452static int hf_ssh_pty_term_mode_ixon;
453static int hf_ssh_pty_term_mode_ixany;
454static int hf_ssh_pty_term_mode_ixoff;
455static int hf_ssh_pty_term_mode_imaxbel;
456static int hf_ssh_pty_term_mode_iutf8;
457static int hf_ssh_pty_term_mode_isig;
458static int hf_ssh_pty_term_mode_icanon;
459static int hf_ssh_pty_term_mode_xcase;
460static int hf_ssh_pty_term_mode_echo;
461static int hf_ssh_pty_term_mode_echoe;
462static int hf_ssh_pty_term_mode_echok;
463static int hf_ssh_pty_term_mode_echonl;
464static int hf_ssh_pty_term_mode_noflsh;
465static int hf_ssh_pty_term_mode_tostop;
466static int hf_ssh_pty_term_mode_iexten;
467static int hf_ssh_pty_term_mode_echoctl;
468static int hf_ssh_pty_term_mode_echoke;
469static int hf_ssh_pty_term_mode_pendin;
470static int hf_ssh_pty_term_mode_opost;
471static int hf_ssh_pty_term_mode_olcuc;
472static int hf_ssh_pty_term_mode_onlcr;
473static int hf_ssh_pty_term_mode_ocrnl;
474static int hf_ssh_pty_term_mode_onocr;
475static int hf_ssh_pty_term_mode_onlret;
476static int hf_ssh_pty_term_mode_cs7;
477static int hf_ssh_pty_term_mode_cs8;
478static int hf_ssh_pty_term_mode_parenb;
479static int hf_ssh_pty_term_mode_parodd;
480static int hf_ssh_pty_term_mode_ispeed;
481static int hf_ssh_pty_term_mode_ospeed;
482static int hf_ssh_pty_term_mode_value;
483static int hf_ssh_channel_window_adjust;
484static int hf_ssh_channel_data_len;
485static int hf_ssh_channel_data_type_code;
486static int hf_ssh_exit_status;
487static int hf_ssh_disconnect_reason;
488static int hf_ssh_disconnect_description_length;
489static int hf_ssh_disconnect_description;
490static int hf_ssh_lang_tag_length;
491static int hf_ssh_lang_tag;
492static int hf_ssh_ping_data_length;
493static int hf_ssh_ping_data;
494static int hf_ssh_pong_data_length;
495static int hf_ssh_pong_data;
496
497static int hf_ssh_blob;
498static int hf_ssh_blob_e;
499static int hf_ssh_blob_n;
500static int hf_ssh_blob_dsa_p;
501static int hf_ssh_blob_dsa_q;
502static int hf_ssh_blob_dsa_g;
503static int hf_ssh_blob_dsa_y;
504static int hf_ssh_blob_ecdsa_curve_id;
505static int hf_ssh_blob_ecdsa_curve_id_length;
506static int hf_ssh_blob_ecdsa_q;
507static int hf_ssh_blob_ecdsa_q_length;
508static int hf_ssh_blob_eddsa_key;
509static int hf_ssh_blob_eddsa_key_length;
510static int hf_ssh_blob_data;
511
512static int hf_ssh_pk_sig_s_length;
513static int hf_ssh_pk_sig_s;
514
515static int hf_ssh_reassembled_in;
516static int hf_ssh_reassembled_length;
517static int hf_ssh_reassembled_data;
518static int hf_ssh_segments;
519static int hf_ssh_segment;
520static int hf_ssh_segment_overlap;
521static int hf_ssh_segment_overlap_conflict;
522static int hf_ssh_segment_multiple_tails;
523static int hf_ssh_segment_too_long_fragment;
524static int hf_ssh_segment_error;
525static int hf_ssh_segment_count;
526static int hf_ssh_segment_data;
527
528static int ett_ssh;
529static int ett_key_exchange;
530static int ett_key_exchange_host_key;
531static int ett_key_exchange_host_sig;
532static int ett_extension;
533static int ett_userauth_pk_blob;
534static int ett_userauth_pk_signature;
535static int ett_term_modes;
536static int ett_term_mode;
537static int ett_key_init;
538static int ett_ssh1;
539static int ett_ssh2;
540static int ett_ssh_segments;
541static int ett_ssh_segment;
542static int ett_ssh_pqhybrid_client;
543static int ett_ssh_pqhybrid_server;
544
545static expert_field ei_ssh_packet_length;
546static expert_field ei_ssh_padding_length;
547static expert_field ei_ssh_packet_decode;
548static expert_field ei_ssh_channel_number;
549static expert_field ei_ssh_invalid_keylen;
550static expert_field ei_ssh_mac_bad;
551static expert_field ei_ssh2_kex_hybrid_msg_code;
552static expert_field ei_ssh2_kex_hybrid_msg_code_unknown;
553
554static bool_Bool ssh_desegment = true1;
555static bool_Bool ssh_ignore_mac_failed;
556
557static dissector_handle_t ssh_handle;
558static dissector_handle_t sftp_handle;
559static dissector_handle_t data_text_lines_handle;
560
561static const char *pref_keylog_file;
562static FILE *ssh_keylog_file;
563
564static reassembly_table ssh_reassembly_table;
565
566static const fragment_items ssh_segment_items = {
567 &ett_ssh_segment,
568 &ett_ssh_segments,
569 &hf_ssh_segments,
570 &hf_ssh_segment,
571 &hf_ssh_segment_overlap,
572 &hf_ssh_segment_overlap_conflict,
573 &hf_ssh_segment_multiple_tails,
574 &hf_ssh_segment_too_long_fragment,
575 &hf_ssh_segment_error,
576 &hf_ssh_segment_count,
577 &hf_ssh_reassembled_in,
578 &hf_ssh_reassembled_length,
579 &hf_ssh_reassembled_data,
580 "Segments"
581};
582
583#define SSH_DECRYPT_DEBUG
584
585#ifdef SSH_DECRYPT_DEBUG
586static const char *ssh_debug_file_name;
587#endif
588
589#define TCP_RANGE_SSH"22" "22"
590#define SCTP_PORT_SSH22 22
591
592/* Message Numbers (from RFC 4250) (1-255) */
593
594/* Transport layer protocol: generic (1-19) */
595#define SSH_MSG_DISCONNECT1 1
596#define SSH_MSG_IGNORE2 2
597#define SSH_MSG_UNIMPLEMENTED3 3
598#define SSH_MSG_DEBUG4 4
599#define SSH_MSG_SERVICE_REQUEST5 5
600#define SSH_MSG_SERVICE_ACCEPT6 6
601#define SSH_MSG_EXT_INFO7 7
602#define SSH_MSG_NEWCOMPRESS8 8
603
604/* Transport layer protocol: Algorithm negotiation (20-29) */
605#define SSH_MSG_KEXINIT20 20
606#define SSH_MSG_NEWKEYS21 21
607
608/* Transport layer: Key exchange method specific (reusable) (30-49) */
609#define SSH_MSG_KEXDH_INIT30 30
610#define SSH_MSG_KEXDH_REPLY31 31
611
612#define SSH_MSG_KEX_DH_GEX_REQUEST_OLD30 30
613#define SSH_MSG_KEX_DH_GEX_GROUP31 31
614#define SSH_MSG_KEX_DH_GEX_INIT32 32
615#define SSH_MSG_KEX_DH_GEX_REPLY33 33
616#define SSH_MSG_KEX_DH_GEX_REQUEST34 34
617
618#define SSH_MSG_KEX_ECDH_INIT30 30
619#define SSH_MSG_KEX_ECDH_REPLY31 31
620
621#define SSH_MSG_KEX_HYBRID_INIT30 30
622#define SSH_MSG_KEX_HYBRID_REPLY31 31
623
624/* User authentication protocol: generic (50-59) */
625#define SSH_MSG_USERAUTH_REQUEST50 50
626#define SSH_MSG_USERAUTH_FAILURE51 51
627#define SSH_MSG_USERAUTH_SUCCESS52 52
628#define SSH_MSG_USERAUTH_BANNER53 53
629
630/* User authentication protocol: method specific (reusable) (50-79) */
631#define SSH_MSG_USERAUTH_PK_OK60 60
632
633/* Connection protocol: generic (80-89) */
634#define SSH_MSG_GLOBAL_REQUEST80 80
635#define SSH_MSG_REQUEST_SUCCESS81 81
636#define SSH_MSG_REQUEST_FAILURE82 82
637
638/* Connection protocol: channel related messages (90-127) */
639#define SSH_MSG_CHANNEL_OPEN90 90
640#define SSH_MSG_CHANNEL_OPEN_CONFIRMATION91 91
641#define SSH_MSG_CHANNEL_OPEN_FAILURE92 92
642#define SSH_MSG_CHANNEL_WINDOW_ADJUST93 93
643#define SSH_MSG_CHANNEL_DATA94 94
644#define SSH_MSG_CHANNEL_EXTENDED_DATA95 95
645#define SSH_MSG_CHANNEL_EOF96 96
646#define SSH_MSG_CHANNEL_CLOSE97 97
647#define SSH_MSG_CHANNEL_REQUEST98 98
648#define SSH_MSG_CHANNEL_SUCCESS99 99
649#define SSH_MSG_CHANNEL_FAILURE100 100
650
651/* 128-191 reserved for client protocols */
652/* 192-255 local extensions */
653#define SSH_MSG_PING192 192
654#define SSH_MSG_PONG193 193
655
656#define CIPHER_AES128_CTR0x00010001 0x00010001
657#define CIPHER_AES192_CTR0x00010003 0x00010003
658#define CIPHER_AES256_CTR0x00010004 0x00010004
659#define CIPHER_AES128_CBC0x00020001 0x00020001
660#define CIPHER_AES192_CBC0x00020002 0x00020002
661#define CIPHER_AES256_CBC0x00020004 0x00020004
662#define CIPHER_AES128_GCM0x00040001 0x00040001
663//#define CIPHER_AES192_GCM 0x00040002 -- does not exist
664#define CIPHER_AES256_GCM0x00040004 0x00040004
665// DO NOT USE 0x00040000 (used by SSH_KEX_SNTRUP761X25519)
666#define CIPHER_NULL0x00080000 0x00080000
667
668#define CIPHER_MAC_SHA2_2560x00020001 0x00020001
669
670#define SSH_EXTENDED_DATA_STDERR1 1
671
672#define SSH_TTY_OP_END0 0
673#define SSH_TTY_OP_VINTR1 1
674#define SSH_TTY_OP_VQUIT2 2
675#define SSH_TTY_OP_VERASE3 3
676#define SSH_TTY_OP_VKILL4 4
677#define SSH_TTY_OP_VEOF5 5
678#define SSH_TTY_OP_VEOL6 6
679#define SSH_TTY_OP_VEOL27 7
680#define SSH_TTY_OP_VSTART8 8
681#define SSH_TTY_OP_VSTOP9 9
682#define SSH_TTY_OP_VSUSP10 10
683#define SSH_TTY_OP_VDSUSP11 11
684#define SSH_TTY_OP_VREPRINT12 12
685#define SSH_TTY_OP_VWERASE13 13
686#define SSH_TTY_OP_VLNEXT14 14
687#define SSH_TTY_OP_VFLUSH15 15
688#define SSH_TTY_OP_VSWTCH16 16
689#define SSH_TTY_OP_VSTATUS17 17
690#define SSH_TTY_OP_VDISCARD18 18
691#define SSH_TTY_OP_IGNPAR30 30
692#define SSH_TTY_OP_PARMRK31 31
693#define SSH_TTY_OP_INPCK32 32
694#define SSH_TTY_OP_ISTRIP33 33
695#define SSH_TTY_OP_INLCR34 34
696#define SSH_TTY_OP_IGNCR35 35
697#define SSH_TTY_OP_ICRNL36 36
698#define SSH_TTY_OP_IUCLC37 37
699#define SSH_TTY_OP_IXON38 38
700#define SSH_TTY_OP_IXANY39 39
701#define SSH_TTY_OP_IXOFF40 40
702#define SSH_TTY_OP_IMAXBEL41 41
703#define SSH_TTY_OP_IUTF842 42
704#define SSH_TTY_OP_ISIG50 50
705#define SSH_TTY_OP_ICANON51 51
706#define SSH_TTY_OP_XCASE52 52
707#define SSH_TTY_OP_ECHO53 53
708#define SSH_TTY_OP_ECHOE54 54
709#define SSH_TTY_OP_ECHOK55 55
710#define SSH_TTY_OP_ECHONL56 56
711#define SSH_TTY_OP_NOFLSH57 57
712#define SSH_TTY_OP_TOSTOP58 58
713#define SSH_TTY_OP_IEXTEN59 59
714#define SSH_TTY_OP_ECHOCTL60 60
715#define SSH_TTY_OP_ECHOKE61 61
716#define SSH_TTY_OP_PENDIN62 62
717#define SSH_TTY_OP_OPOST70 70
718#define SSH_TTY_OP_OLCUC71 71
719#define SSH_TTY_OP_ONLCR72 72
720#define SSH_TTY_OP_OCRNL73 73
721#define SSH_TTY_OP_ONOCR74 74
722#define SSH_TTY_OP_ONLRET75 75
723#define SSH_TTY_OP_CS790 90
724#define SSH_TTY_OP_CS891 91
725#define SSH_TTY_OP_PARENB92 92
726#define SSH_TTY_OP_PARODD93 93
727#define SSH_TTY_OP_ISPEED128 128
728#define SSH_TTY_OP_OSPEED129 129
729
730static const value_string ssh2_msg_vals[] = {
731 { SSH_MSG_DISCONNECT1, "Disconnect" },
732 { SSH_MSG_IGNORE2, "Ignore" },
733 { SSH_MSG_UNIMPLEMENTED3, "Unimplemented" },
734 { SSH_MSG_DEBUG4, "Debug" },
735 { SSH_MSG_SERVICE_REQUEST5, "Service Request" },
736 { SSH_MSG_SERVICE_ACCEPT6, "Service Accept" },
737 { SSH_MSG_EXT_INFO7, "Extension Information" },
738 { SSH_MSG_NEWCOMPRESS8, "New Compression" },
739 { SSH_MSG_KEXINIT20, "Key Exchange Init" },
740 { SSH_MSG_NEWKEYS21, "New Keys" },
741 { SSH_MSG_USERAUTH_REQUEST50, "User Authentication Request" },
742 { SSH_MSG_USERAUTH_FAILURE51, "User Authentication Failure" },
743 { SSH_MSG_USERAUTH_SUCCESS52, "User Authentication Success" },
744 { SSH_MSG_USERAUTH_BANNER53, "User Authentication Banner" },
745 { SSH_MSG_GLOBAL_REQUEST80, "Global Request" },
746 { SSH_MSG_REQUEST_SUCCESS81, "Request Success" },
747 { SSH_MSG_REQUEST_FAILURE82, "Request Failure" },
748 { SSH_MSG_CHANNEL_OPEN90, "Channel Open" },
749 { SSH_MSG_CHANNEL_OPEN_CONFIRMATION91, "Channel Open Confirmation" },
750 { SSH_MSG_CHANNEL_OPEN_FAILURE92, "Channel Open Failure" },
751 { SSH_MSG_CHANNEL_WINDOW_ADJUST93, "Window Adjust" },
752 { SSH_MSG_CHANNEL_DATA94, "Channel Data" },
753 { SSH_MSG_CHANNEL_EXTENDED_DATA95, "Channel Extended Data" },
754 { SSH_MSG_CHANNEL_EOF96, "Channel EOF" },
755 { SSH_MSG_CHANNEL_CLOSE97, "Channel Close" },
756 { SSH_MSG_CHANNEL_REQUEST98, "Channel Request" },
757 { SSH_MSG_CHANNEL_SUCCESS99, "Channel Success" },
758 { SSH_MSG_CHANNEL_FAILURE100, "Channel Failure" },
759 { SSH_MSG_USERAUTH_PK_OK60, "Public Key algorithm accepted" },
760 { 0, NULL((void*)0) }
761};
762
763static const value_string ssh2_kex_dh_msg_vals[] = {
764 { SSH_MSG_KEXDH_INIT30, "Diffie-Hellman Key Exchange Init" },
765 { SSH_MSG_KEXDH_REPLY31, "Diffie-Hellman Key Exchange Reply" },
766 { 0, NULL((void*)0) }
767};
768
769static const value_string ssh2_kex_dh_gex_msg_vals[] = {
770 { SSH_MSG_KEX_DH_GEX_REQUEST_OLD30, "Diffie-Hellman Group Exchange Request (Old)" },
771 { SSH_MSG_KEX_DH_GEX_GROUP31, "Diffie-Hellman Group Exchange Group" },
772 { SSH_MSG_KEX_DH_GEX_INIT32, "Diffie-Hellman Group Exchange Init" },
773 { SSH_MSG_KEX_DH_GEX_REPLY33, "Diffie-Hellman Group Exchange Reply" },
774 { SSH_MSG_KEX_DH_GEX_REQUEST34, "Diffie-Hellman Group Exchange Request" },
775 { 0, NULL((void*)0) }
776};
777
778static const value_string ssh2_kex_ecdh_msg_vals[] = {
779 { SSH_MSG_KEX_ECDH_INIT30, "Elliptic Curve Diffie-Hellman Key Exchange Init" },
780 { SSH_MSG_KEX_ECDH_REPLY31, "Elliptic Curve Diffie-Hellman Key Exchange Reply" },
781 { 0, NULL((void*)0) }
782};
783
784static const value_string ssh2_kex_hybrid_msg_vals[] = {
785 { SSH_MSG_KEX_HYBRID_INIT30, "PQ/T Hybrid Key Exchange Init" },
786 { SSH_MSG_KEX_HYBRID_REPLY31, "PQ/T Hybrid Key Exchange Reply" },
787 { 0, NULL((void*)0) }
788};
789
790static const value_string ssh2_ext_ping_msg_vals[] = {
791 { SSH_MSG_PING192, "Ping" },
792 { SSH_MSG_PONG193, "Pong" },
793 { 0, NULL((void*)0) }
794};
795
796static const value_string ssh1_msg_vals[] = {
797 {SSH1_MSG_NONE0, "No Message"},
798 {SSH1_MSG_DISCONNECT1, "Disconnect"},
799 {SSH1_SMSG_PUBLIC_KEY2, "Public Key"},
800 {SSH1_CMSG_SESSION_KEY3, "Session Key"},
801 {SSH1_CMSG_USER4, "User"},
802 {0, NULL((void*)0)}
803};
804
805static const value_string ssh_channel_data_type_code_vals[] = {
806 { SSH_EXTENDED_DATA_STDERR1, "Standard Error" },
807 { 0, NULL((void*)0) }
808};
809
810static const value_string ssh_tty_op_vals[] = {
811 { SSH_TTY_OP_END0, "TTY_OP_END" }, // [RFC4250]
812 { SSH_TTY_OP_VINTR1, "VINTR" }, // [RFC4254],Section 8
813 { SSH_TTY_OP_VQUIT2, "VQUIT" }, // [RFC4254],Section 8
814 { SSH_TTY_OP_VERASE3, "VERASE" }, // [RFC4254],Section 8
815 { SSH_TTY_OP_VKILL4, "VKILL" }, // [RFC4254], Section 8
816 { SSH_TTY_OP_VEOF5, "VEOF" }, // [RFC4254],Section 8
817 { SSH_TTY_OP_VEOL6, "VEOL" }, // [RFC4254],Section 8
818 { SSH_TTY_OP_VEOL27, "VEOL2" }, // [RFC4254], Section 8
819 { SSH_TTY_OP_VSTART8, "VSTART" }, // [RFC4254],Section 8
820 { SSH_TTY_OP_VSTOP9, "VSTOP" }, // [RFC4254], Section 8
821 { SSH_TTY_OP_VSUSP10, "VSUSP" }, // [RFC4254], Section 8
822 { SSH_TTY_OP_VDSUSP11, "VDSUSP" }, // [RFC4254], Section 8
823 { SSH_TTY_OP_VREPRINT12, "VREPRINT" }, // [RFC4254], Section 8
824 { SSH_TTY_OP_VWERASE13, "VWERASE" }, // [RFC4254], Section 8
825 { SSH_TTY_OP_VLNEXT14, "VLNEXT" }, // [RFC4254],Section 8
826 { SSH_TTY_OP_VFLUSH15, "VFLUSH" }, // [RFC4254], Section 8
827 { SSH_TTY_OP_VSWTCH16, "VSWTCH" }, // [RFC4254], Section 8
828 { SSH_TTY_OP_VSTATUS17, "VSTATUS" }, // [RFC4254],Section 8
829 { SSH_TTY_OP_VDISCARD18, "VDISCARD" }, // [RFC4254], Section 8
830 { SSH_TTY_OP_IGNPAR30, "IGNPAR" }, // [RFC4254],Section 8
831 { SSH_TTY_OP_PARMRK31, "PARMRK" }, // [RFC4254], Section 8
832 { SSH_TTY_OP_INPCK32, "INPCK" }, // [RFC4254], Section 8
833 { SSH_TTY_OP_ISTRIP33, "ISTRIP" }, // [RFC4254], Section 8
834 { SSH_TTY_OP_INLCR34, "INLCR" }, // [RFC4254], Section 8
835 { SSH_TTY_OP_IGNCR35, "IGNCR" }, // [RFC4254], Section 8
836 { SSH_TTY_OP_ICRNL36, "ICRNL" }, // [RFC4254], Section 8
837 { SSH_TTY_OP_IUCLC37, "IUCLC" }, // [RFC4254],Section 8
838 { SSH_TTY_OP_IXON38, "IXON" }, // [RFC4254], Section 8
839 { SSH_TTY_OP_IXANY39, "IXANY" }, // [RFC4254], Section 8
840 { SSH_TTY_OP_IXOFF40, "IXOFF" }, // [RFC4254], Section 8
841 { SSH_TTY_OP_IMAXBEL41, "IMAXBEL" }, // [RFC4254], Section 8
842 { SSH_TTY_OP_IUTF842, "IUTF8" }, // [RFC8160],
843 { SSH_TTY_OP_ISIG50, "ISIG" }, // [RFC4254], Section 8
844 { SSH_TTY_OP_ICANON51, "ICANON" }, // [RFC4254], Section 8
845 { SSH_TTY_OP_XCASE52, "XCASE" }, // [RFC4254],Section 8
846 { SSH_TTY_OP_ECHO53, "ECHO" }, // [RFC4254], Section 8
847 { SSH_TTY_OP_ECHOE54, "ECHOE" }, // [RFC4254], Section 8
848 { SSH_TTY_OP_ECHOK55, "ECHOK" }, // [RFC4254], Section 8
849 { SSH_TTY_OP_ECHONL56, "ECHONL" }, // [RFC4254], Section 8
850 { SSH_TTY_OP_NOFLSH57, "NOFLSH" }, // [RFC4254],Section 8
851 { SSH_TTY_OP_TOSTOP58, "TOSTOP" }, // [RFC4254], Section 8
852 { SSH_TTY_OP_IEXTEN59, "IEXTEN" }, // [RFC4254], Section 8
853 { SSH_TTY_OP_ECHOCTL60, "ECHOCTL" }, // [RFC4254], Section 8
854 { SSH_TTY_OP_ECHOKE61, "ECHOKE" }, // [RFC4254], Section 8
855 { SSH_TTY_OP_PENDIN62, "PENDIN" }, // [RFC4254], Section 8
856 { SSH_TTY_OP_OPOST70, "OPOST" }, // [RFC4254], Section 8
857 { SSH_TTY_OP_OLCUC71, "OLCUC" }, // [RFC4254], Section 8
858 { SSH_TTY_OP_ONLCR72, "ONLCR" }, // [RFC4254], Section 8
859 { SSH_TTY_OP_OCRNL73, "OCRNL" }, // [RFC4254],Section 8
860 { SSH_TTY_OP_ONOCR74, "ONOCR" }, // [RFC4254],Section 8
861 { SSH_TTY_OP_ONLRET75, "ONLRET" }, // [RFC4254],Section 8
862 { SSH_TTY_OP_CS790, "CS7" }, // [RFC4254], Section 8
863 { SSH_TTY_OP_CS891, "CS8" }, // [RFC4254], Section 8
864 { SSH_TTY_OP_PARENB92, "PARENB" }, // [RFC4254], Section 8
865 { SSH_TTY_OP_PARODD93, "PARODD" }, // [RFC4254], Section 8
866 { SSH_TTY_OP_ISPEED128, "TTY_OP_ISPEED" }, // [RFC4254],Section 8
867 { SSH_TTY_OP_OSPEED129, "TTY_OP_OSPEED" }, // [RFC4254],Section 8
868 { 0, NULL((void*)0) }
869};
870
871static int ssh_dissect_key_init(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *tree,
872 int is_response,
873 struct ssh_flow_data *global_data);
874static int ssh_dissect_proposal(tvbuff_t *tvb, int offset, proto_tree *tree,
875 int hf_index_length, int hf_index_value, char **store);
876static int ssh_dissect_ssh1(tvbuff_t *tvb, packet_info *pinfo,
877 struct ssh_flow_data *global_data,
878 int offset, proto_tree *tree, int is_response,
879 bool_Bool *need_desegmentation);
880static int ssh_dissect_ssh2(tvbuff_t *tvb, packet_info *pinfo,
881 struct ssh_flow_data *global_data,
882 int offset, proto_tree *tree, int is_response,
883 bool_Bool *need_desegmentation);
884static int ssh_dissect_key_exchange(tvbuff_t *tvb, packet_info *pinfo,
885 struct ssh_flow_data *global_data,
886 int offset, proto_tree *tree, int is_response,
887 bool_Bool *need_desegmentation);
888static int ssh_dissect_kex_dh(uint8_t msg_code, tvbuff_t *tvb,
889 packet_info *pinfo, int offset, proto_tree *tree,
890 struct ssh_flow_data *global_data);
891static int ssh_dissect_kex_dh_gex(uint8_t msg_code, tvbuff_t *tvb,
892 packet_info *pinfo, int offset, proto_tree *tree,
893 struct ssh_flow_data *global_data);
894static int ssh_dissect_kex_ecdh(uint8_t msg_code, tvbuff_t *tvb,
895 packet_info *pinfo, int offset, proto_tree *tree,
896 struct ssh_flow_data *global_data);
897static int ssh_dissect_kex_hybrid(uint8_t msg_code, tvbuff_t *tvb,
898 packet_info *pinfo, int offset, proto_tree *tree,
899 struct ssh_flow_data *global_data);
900static int ssh_dissect_kex_pq_hybrid(uint8_t msg_code, tvbuff_t *tvb,
901 packet_info *pinfo, int offset, proto_tree *tree,
902 struct ssh_flow_data *global_data);
903static int // add support of client PQ hybrid key (e)
904ssh_read_e_pq(tvbuff_t *tvb, int offset, struct ssh_flow_data *global_data);
905static int // add support of server PQ hybrid key (f)
906ssh_read_f_pq(tvbuff_t *tvb, int offset, struct ssh_flow_data *global_data);
907static int ssh_dissect_protocol(tvbuff_t *tvb, packet_info *pinfo,
908 struct ssh_flow_data *global_data,
909 int offset, proto_tree *tree, int is_response, unsigned *version,
910 bool_Bool *need_desegmentation);
911static int ssh_try_dissect_encrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
912 struct ssh_peer_data *peer_data, int offset, proto_tree *tree);
913static int ssh_dissect_encrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
914 struct ssh_peer_data *peer_data,
915 int offset, proto_tree *tree);
916static bool_Bool ssh_choose_algo(char *client, char *server, char **result);
917static void ssh_set_mac_length(struct ssh_peer_data *peer_data);
918static void ssh_set_kex_specific_dissector(struct ssh_flow_data *global_data);
919
920static void ssh_keylog_read_file(void);
921static void ssh_keylog_process_line(const char *line);
922static void ssh_keylog_process_lines(const uint8_t *data, unsigned datalen);
923static void ssh_keylog_reset(void);
924static ssh_bignum *ssh_kex_make_bignum(const uint8_t *data, unsigned length);
925static bool_Bool ssh_read_e(tvbuff_t *tvb, int offset,
926 struct ssh_flow_data *global_data);
927static bool_Bool ssh_read_f(tvbuff_t *tvb, int offset,
928 struct ssh_flow_data *global_data);
929static ssh_bignum * ssh_read_mpint(tvbuff_t *tvb, int offset);
930static void ssh_keylog_hash_write_secret(struct ssh_flow_data *global_data, wmem_allocator_t* tmp_allocator);
931static ssh_bignum *ssh_kex_shared_secret(int kex_type, ssh_bignum *pub, ssh_bignum *priv, ssh_bignum *modulo);
932static void ssh_hash_buffer_put_string(wmem_array_t *buffer, const char *string,
933 unsigned len);
934static void ssh_hash_buffer_put_uint32(wmem_array_t *buffer, unsigned val);
935static char *ssh_string(wmem_allocator_t* allocator, const char *string, unsigned len);
936static void ssh_derive_symmetric_keys(ssh_bignum *shared_secret,
937 char *exchange_hash, unsigned hash_length,
938 struct ssh_flow_data *global_data);
939static void ssh_derive_symmetric_key(ssh_bignum *shared_secret,
940 char *exchange_hash, unsigned hash_length, char id,
941 ssh_bignum *result_key, struct ssh_flow_data *global_data, unsigned we_need);
942
943static void ssh_choose_enc_mac(struct ssh_flow_data *global_data);
944static void ssh_decryption_set_cipher_id(struct ssh_peer_data *peer);
945static void ssh_decryption_setup_cipher(struct ssh_peer_data *peer,
946 ssh_bignum *iv, ssh_bignum *key);
947static void ssh_decryption_set_mac_id(struct ssh_peer_data *peer);
948static void ssh_decryption_setup_mac(struct ssh_peer_data *peer,
949 ssh_bignum *iv);
950static ssh_packet_info_t* ssh_get_packet_info(packet_info *pinfo, bool_Bool is_response);
951static ssh_message_info_t* ssh_get_message(packet_info *pinfo, int record_id);
952static unsigned ssh_decrypt_packet(tvbuff_t *tvb, packet_info *pinfo,
953 struct ssh_peer_data *peer_data, int offset);
954static bool_Bool ssh_decrypt_chacha20(gcry_cipher_hd_t hd, uint32_t seqnr,
955 uint32_t counter, const unsigned char *ctext, unsigned ctext_len,
956 unsigned char *plain, unsigned plain_len);
957static int ssh_dissect_decrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
958 struct ssh_peer_data *peer_data, proto_tree *tree,
959 ssh_message_info_t *message);
960static int ssh_dissect_transport_generic(tvbuff_t *packet_tvb, packet_info *pinfo,
961 int offset, struct ssh_peer_data *peer_data, proto_item *msg_type_tree, unsigned msg_code);
962static int ssh_dissect_rfc8308_extension(tvbuff_t *packet_tvb, packet_info *pinfo,
963 int offset, struct ssh_peer_data *peer_data, proto_item *msg_type_tree);
964static int ssh_dissect_userauth_generic(tvbuff_t *packet_tvb, packet_info *pinfo,
965 int offset, proto_item *msg_type_tree, unsigned msg_code);
966static int ssh_dissect_userauth_specific(tvbuff_t *packet_tvb, packet_info *pinfo,
967 int offset, proto_item *msg_type_tree, unsigned msg_code);
968static int ssh_dissect_connection_specific(tvbuff_t *packet_tvb, packet_info *pinfo,
969 struct ssh_peer_data *peer_data, int offset, proto_item *msg_type_tree,
970 unsigned msg_code, ssh_message_info_t *message);
971static int ssh_dissect_connection_generic(tvbuff_t *packet_tvb, packet_info *pinfo,
972 int offset, proto_item *msg_type_tree, unsigned msg_code);
973static int ssh_dissect_local_extension(tvbuff_t *packet_tvb, packet_info *pinfo,
974 int offset, struct ssh_peer_data *peer_data, proto_item *msg_type_tree, unsigned msg_code);
975static int ssh_dissect_public_key_blob(tvbuff_t *tvb, packet_info *pinfo,
976 proto_item *msg_type_tree);
977static int ssh_dissect_public_key_signature(tvbuff_t *packet_tvb, packet_info *pinfo,
978 int offset, proto_item *msg_type_tree);
979
980static void create_channel(struct ssh_peer_data *peer_data, uint32_t recipient_channel, uint32_t sender_channel);
981static ssh_channel_info_t* get_channel_info_for_channel(struct ssh_peer_data *peer_data, uint32_t recipient_channel);
982static void set_subdissector_for_channel(struct ssh_peer_data *peer_data, uint32_t recipient_channel, const uint8_t* subsystem_name);
983
984#define SSH_DEBUG_USE_STDERR"-" "-"
985
986#ifdef SSH_DECRYPT_DEBUG
987static void
988ssh_debug_printf(const char* fmt,...) G_GNUC_PRINTF(1,2)__attribute__((__format__ (__printf__, 1, 2)));
989static void
990ssh_print_data(const char* name, const unsigned char* data, size_t len);
991static void
992ssh_set_debug(const char* name);
993static void
994ssh_debug_flush(void);
995#else
996
997/* No debug: nullify debug operation*/
998static inline void G_GNUC_PRINTF(1,2)__attribute__((__format__ (__printf__, 1, 2)))
999ssh_debug_printf(const char* fmt _U___attribute__((unused)),...)
1000{
1001}
1002#define ssh_print_data(a, b, c)
1003#define ssh_print_string(a, b)
1004#define ssh_set_debug(name)
1005#define ssh_debug_flush()
1006
1007#endif /* SSH_DECRYPT_DEBUG */
1008
1009static void
1010ssh_set_server(struct ssh_flow_data *global_data, address *addr, uint32_t port)
1011{
1012 copy_address_wmem(wmem_file_scope(), &global_data->srv_addr, addr);
1013 global_data->srv_port = port;
1014}
1015
1016static bool_Bool
1017ssh_packet_from_server(struct ssh_flow_data *session, const packet_info *pinfo)
1018{
1019 bool_Bool ret;
1020 if (session && session->srv_addr.type != AT_NONE) {
1021 ret = (session->srv_port == pinfo->srcport) &&
1022 addresses_equal(&session->srv_addr, &pinfo->src);
1023 } else {
1024 ret = (pinfo->match_uint == pinfo->srcport);
1025 }
1026
1027 ssh_debug_printf("packet_from_server: is from server - %s\n", (ret)?"TRUE":"FALSE");
1028 return ret;
1029}
1030
1031static bool_Bool
1032ssh_peer_data_from_server(struct ssh_peer_data* peer_data) {
1033 return &peer_data->global_data->peer_data[SERVER_PEER_DATA1] == peer_data;
1034}
1035
1036static int
1037dissect_ssh(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U___attribute__((unused)))
1038{
1039 proto_tree *ssh_tree;
1040 proto_item *ti;
1041 conversation_t *conversation;
1042 int last_offset, offset = 0;
1043
1044 bool_Bool is_response,
1045 need_desegmentation;
1046 unsigned version;
1047
1048 struct ssh_flow_data *global_data = NULL((void*)0);
1049 struct ssh_peer_data *peer_data;
1050
1051 ssh_debug_printf("\ndissect_ssh enter frame #%u (%s)\n", pinfo->num, (pinfo->fd->visited)?"already visited":"first time");
1052
1053 conversation = find_or_create_conversation(pinfo);
1054
1055 global_data = (struct ssh_flow_data *)conversation_get_proto_data(conversation, proto_ssh);
1056 if (!global_data) {
1057 global_data = wmem_new0(wmem_file_scope(), struct ssh_flow_data)((struct ssh_flow_data*)wmem_alloc0((wmem_file_scope()), sizeof
(struct ssh_flow_data)));
1058 global_data->version = SSH_VERSION_UNKNOWN0;
1059 global_data->kex_specific_dissector = ssh_dissect_kex_dh;
1060 global_data->peer_data[CLIENT_PEER_DATA0].mac_length = -1;
1061 global_data->peer_data[SERVER_PEER_DATA1].mac_length = -1;
1062 global_data->peer_data[CLIENT_PEER_DATA0].sequence_number = 0;
1063 global_data->peer_data[SERVER_PEER_DATA1].sequence_number = 0;
1064 global_data->peer_data[CLIENT_PEER_DATA0].bn_cookie = NULL((void*)0);
1065 global_data->peer_data[SERVER_PEER_DATA1].bn_cookie = NULL((void*)0);
1066 global_data->peer_data[CLIENT_PEER_DATA0].global_data = global_data;
1067 global_data->peer_data[SERVER_PEER_DATA1].global_data = global_data;
1068 global_data->kex_client_version = wmem_array_new(wmem_file_scope(), 1);
1069 global_data->kex_server_version = wmem_array_new(wmem_file_scope(), 1);
1070 global_data->kex_client_key_exchange_init = wmem_array_new(wmem_file_scope(), 1);
1071 global_data->kex_server_key_exchange_init = wmem_array_new(wmem_file_scope(), 1);
1072 global_data->kex_server_host_key_blob = wmem_array_new(wmem_file_scope(), 1);
1073 global_data->kex_gex_bits_min = wmem_array_new(wmem_file_scope(), 1);
1074 global_data->kex_gex_bits_req = wmem_array_new(wmem_file_scope(), 1);
1075 global_data->kex_gex_bits_max = wmem_array_new(wmem_file_scope(), 1);
1076 global_data->kex_shared_secret = wmem_array_new(wmem_file_scope(), 1);
1077 global_data->do_decrypt = true1;
1078 global_data->ext_ping_openssh_offered = false0;
1079
1080 /* We expect to get the client message first. If this is from an
1081 * an assigned server port, call it the server, otherwise call it
1082 * the client.
1083 * XXX - We don't unambigously know which side is the server and
1084 * which the client until the KEX specific _INIT and _REPLY messages;
1085 * we ought to be able to handle the cases where the version string or
1086 * KEXINIT messages are out of order or where the client version string
1087 * is missing. */
1088 if (pinfo->match_uint == pinfo->srcport) {
1089 ssh_set_server(global_data, &pinfo->src, pinfo->srcport);
1090 } else {
1091 ssh_set_server(global_data, &pinfo->dst, pinfo->destport);
1092 }
1093
1094 conversation_add_proto_data(conversation, proto_ssh, global_data);
1095 }
1096
1097 is_response = ssh_packet_from_server(global_data, pinfo);
1098 peer_data = &global_data->peer_data[is_response];
1099
1100 ti = proto_tree_add_item(tree, proto_ssh, tvb, offset, -1, ENC_NA0x00000000);
1101 ssh_tree = proto_item_add_subtree(ti, ett_ssh);
1102
1103 version = global_data->version;
1104
1105 switch(version) {
1106 case SSH_VERSION_UNKNOWN0:
1107 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSH");
1108 break;
1109 case SSH_VERSION_11:
1110 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSHv1");
1111 break;
1112 case SSH_VERSION_22:
1113 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSHv2");
1114 break;
1115
1116 }
1117
1118 col_clear(pinfo->cinfo, COL_INFO);
1119
1120 while(tvb_reported_length_remaining(tvb, offset)> 0) {
1121 bool_Bool after_version_start = (peer_data->frame_version_start == 0 ||
1122 pinfo->num >= peer_data->frame_version_start);
1123 bool_Bool before_version_end = (peer_data->frame_version_end == 0 ||
1124 pinfo->num <= peer_data->frame_version_end);
1125
1126 need_desegmentation = false0;
1127 last_offset = offset;
1128
1129 peer_data->counter++;
1130
1131 if (after_version_start && before_version_end &&
1132 (tvb_strncaseeql(tvb, offset, "SSH-", 4) == 0)) {
1133 if (peer_data->frame_version_start == 0)
1134 peer_data->frame_version_start = pinfo->num;
1135
1136 offset = ssh_dissect_protocol(tvb, pinfo,
1137 global_data,
1138 offset, ssh_tree, is_response,
1139 &version, &need_desegmentation);
1140
1141 if (!need_desegmentation) {
1142 peer_data->frame_version_end = pinfo->num;
1143 global_data->version = version;
1144 }
1145 } else {
1146 switch(version) {
1147
1148 case SSH_VERSION_UNKNOWN0:
1149 offset = ssh_try_dissect_encrypted_packet(tvb, pinfo,
1150 &global_data->peer_data[is_response], offset, ssh_tree);
1151 break;
1152
1153 case SSH_VERSION_11:
1154 offset = ssh_dissect_ssh1(tvb, pinfo, global_data,
1155 offset, ssh_tree, is_response,
1156 &need_desegmentation);
1157 break;
1158
1159 case SSH_VERSION_22:
1160 offset = ssh_dissect_ssh2(tvb, pinfo, global_data,
1161 offset, ssh_tree, is_response,
1162 &need_desegmentation);
1163 break;
1164 }
1165 }
1166
1167 if (need_desegmentation)
1168 return tvb_captured_length(tvb);
1169 if (offset <= last_offset) {
1170 /* XXX - add an expert info in the function
1171 that decrements offset */
1172 break;
1173 }
1174 }
1175
1176 col_prepend_fstr(pinfo->cinfo, COL_INFO, "%s: ", is_response ? "Server" : "Client");
1177 ti = proto_tree_add_boolean(ssh_tree, hf_ssh_direction, tvb, 0, 0, is_response);
1178 proto_item_set_generated(ti);
1179
1180 ssh_debug_flush();
1181
1182 return tvb_captured_length(tvb);
1183}
1184
1185static bool_Bool
1186dissect_ssh_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
1187{
1188 conversation_t *conversation;
1189
1190 if (tvb_strneql(tvb, 0, "SSH-", 4) != 0) {
1191 return false0;
1192 }
1193
1194 conversation = find_or_create_conversation(pinfo);
1195 conversation_set_dissector(conversation, ssh_handle);
1196
1197 dissect_ssh(tvb, pinfo, tree, data);
1198
1199 return true1;
1200}
1201
1202static int
1203ssh_dissect_ssh2(tvbuff_t *tvb, packet_info *pinfo,
1204 struct ssh_flow_data *global_data,
1205 int offset, proto_tree *tree, int is_response,
1206 bool_Bool *need_desegmentation)
1207{
1208 proto_item *ssh2_tree = NULL((void*)0);
1209 int remain_length;
1210
1211 struct ssh_peer_data *peer_data = &global_data->peer_data[is_response];
1212
1213 remain_length = tvb_captured_length_remaining(tvb, offset);
1214
1215 if (PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
1216 ws_debug("SSH: SECOND PASS frame %u", pinfo->num)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 1216, __func__, "SSH: SECOND PASS frame %u", pinfo->num)
; } } while (0);
1217 }else{
1218 ws_debug("SSH: FIRST PASS frame %u", pinfo->num)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 1218, __func__, "SSH: FIRST PASS frame %u", pinfo->num);
} } while (0);
1219 }
1220
1221 while(remain_length>0){
1222 int last_offset = offset;
1223 if (tree) {
1224 wmem_strbuf_t *title = wmem_strbuf_new(pinfo->pool, "SSH Version 2");
1225
1226 if (peer_data->enc || peer_data->mac || peer_data->comp) {
1227 wmem_strbuf_append_printf(title, " (");
1228 if (peer_data->enc)
1229 wmem_strbuf_append_printf(title, "encryption:%s%s",
1230 peer_data->enc,
1231 peer_data->mac || peer_data->comp
1232 ? " " : "");
1233 if (peer_data->mac)
1234 wmem_strbuf_append_printf(title, "mac:%s%s",
1235 peer_data->mac,
1236 peer_data->comp ? " " : "");
1237 if (peer_data->comp)
1238 wmem_strbuf_append_printf(title, "compression:%s",
1239 peer_data->comp);
1240 wmem_strbuf_append_printf(title, ")");
1241 }
1242
1243 ssh2_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_ssh2, NULL((void*)0), wmem_strbuf_get_str(title));
1244 }
1245 ws_noisy("....ssh_dissect_ssh2[%c]: frame_key_start=%d, pinfo->num=%d, frame_key_end=%d, offset=%d, frame_key_end_offset=%d ", is_response==SERVER_PEER_DATA?'S':'C', peer_data->frame_key_start, pinfo->num, peer_data->frame_key_end, offset, peer_data->frame_key_end_offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 1245, __func__, "....ssh_dissect_ssh2[%c]: frame_key_start=%d, pinfo->num=%d, frame_key_end=%d, offset=%d, frame_key_end_offset=%d "
, is_response==1?'S':'C', peer_data->frame_key_start, pinfo
->num, peer_data->frame_key_end, offset, peer_data->
frame_key_end_offset); } } while (0);
1246 if ((peer_data->frame_key_start == 0) ||
1247 ((peer_data->frame_key_start <= pinfo->num) &&
1248 ((peer_data->frame_key_end == 0) || (pinfo->num < peer_data->frame_key_end) ||
1249 ((pinfo->num == peer_data->frame_key_end) && (offset < peer_data->frame_key_end_offset))))) {
1250 offset = ssh_dissect_key_exchange(tvb, pinfo, global_data,
1251 offset, ssh2_tree, is_response,
1252 need_desegmentation);
1253
1254 if (!*need_desegmentation) {
1255 ssh_get_packet_info(pinfo, is_response);
1256 }else{
1257 break;
1258 }
1259 } else {
1260 if(!*need_desegmentation){
1261 offset = ssh_try_dissect_encrypted_packet(tvb, pinfo,
1262 &global_data->peer_data[is_response], offset, ssh2_tree);
1263 if (pinfo->desegment_len) {
1264 break;
1265 }
1266 }else{
1267 break;
1268 }
1269 }
1270
1271 if (ssh2_tree) {
1272 proto_item_set_len(ssh2_tree, offset - last_offset);
1273 }
1274
1275 remain_length = tvb_captured_length_remaining(tvb, offset);
1276 }
1277
1278 return offset;
1279}
1280static int
1281ssh_dissect_ssh1(tvbuff_t *tvb, packet_info *pinfo,
1282 struct ssh_flow_data *global_data,
1283 int offset, proto_tree *tree, int is_response,
1284 bool_Bool *need_desegmentation)
1285{
1286 unsigned plen, padding_length, len;
1287 uint8_t msg_code;
1288 unsigned remain_length;
1289
1290 proto_item *ssh1_tree;
1291
1292 struct ssh_peer_data *peer_data = &global_data->peer_data[is_response];
1293
1294 ssh1_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_ssh1, NULL((void*)0), "SSH Version 1");
1295
1296 /*
1297 * We use "tvb_ensure_captured_length_remaining()" to make sure there
1298 * actually *is* data remaining.
1299 *
1300 * This means we're guaranteed that "remain_length" is positive.
1301 */
1302 remain_length = tvb_ensure_captured_length_remaining(tvb, offset);
1303 /*
1304 * Can we do reassembly?
1305 */
1306 if (ssh_desegment && pinfo->can_desegment) {
1307 /*
1308 * Yes - would an SSH header starting at this offset be split
1309 * across segment boundaries?
1310 */
1311 if (remain_length < 4) {
1312 /*
1313 * Yes. Tell the TCP dissector where the data for
1314 * this message starts in the data it handed us and
1315 * that we need "some more data." Don't tell it
1316 * exactly how many bytes we need because if/when we
1317 * ask for even more (after the header) that will
1318 * break reassembly.
1319 */
1320 pinfo->desegment_offset = offset;
1321 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT0x0fffffff;
1322 *need_desegmentation = true1;
1323 return offset;
1324 }
1325 }
1326 plen = tvb_get_ntohl(tvb, offset) ;
1327
1328 /*
1329 * Amount of random padding.
1330 *
1331 * This is between 1 and 8; if the length is a multiple of 8,
1332 * there are 8 bytes of padding, not 1 byte.
1333 *
1334 * That means this calculation is correct; do not use either
1335 * WS_ROUNDUP_8() or WS_PADDING_TO_8() here.
1336 */
1337 padding_length = 8 - plen%8;
1338
1339
1340 if (ssh_desegment && pinfo->can_desegment) {
1341 if (plen+4+padding_length > remain_length) {
1342 pinfo->desegment_offset = offset;
1343 pinfo->desegment_len = plen+padding_length - remain_length;
1344 *need_desegmentation = true1;
1345 return offset;
1346 }
1347 }
1348
1349 if (plen >= SSH_MAX_PACKET_LEN32768) {
1350 if (ssh1_tree && plen > 0) {
1351 proto_tree_add_uint_format(ssh1_tree, hf_ssh_packet_length, tvb,
1352 offset, 4, plen, "Overly large length %x", plen);
1353 }
1354 plen = remain_length-4-padding_length;
1355 } else {
1356 if (ssh1_tree && plen > 0) {
1357 proto_tree_add_uint(ssh1_tree, hf_ssh_packet_length, tvb,
1358 offset, 4, plen);
1359 }
1360 }
1361 offset+=4;
1362 /* padding length */
1363
1364 proto_tree_add_uint(ssh1_tree, hf_ssh_padding_length, tvb,
1365 offset, padding_length, padding_length);
1366 offset += padding_length;
1367
1368 /* msg_code */
1369 if ((peer_data->frame_key_start == 0) ||
1370 ((peer_data->frame_key_start >= pinfo->num) && (pinfo->num <= peer_data->frame_key_end))) {
1371 msg_code = tvb_get_uint8(tvb, offset);
1372
1373 proto_tree_add_item(ssh1_tree, hf_ssh_msg_code, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
1374 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0),
1375 val_to_str(pinfo->pool, msg_code, ssh1_msg_vals, "Unknown (%u)"));
1376 offset += 1;
1377 len = plen -1;
1378 if (!pinfo->fd->visited) {
1379 if (peer_data->frame_key_start == 0)
1380 peer_data->frame_key_start = pinfo->num;
1381 peer_data->frame_key_end = pinfo->num;
1382 }
1383 } else {
1384 len = plen;
1385 col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL((void*)0), "Encrypted packet (len=%d)", len);
1386 }
1387 /* payload */
1388 if (ssh1_tree) {
1389 proto_tree_add_item(ssh1_tree, hf_ssh_payload,
1390 tvb, offset, len, ENC_NA0x00000000);
1391 }
1392 offset += len;
1393
1394 return offset;
1395}
1396
1397static int
1398ssh_tree_add_mpint(tvbuff_t *tvb, int offset, proto_tree *tree,
1399 int hf_ssh_mpint_selection)
1400{
1401 unsigned len = tvb_get_ntohl(tvb, offset);
1402 proto_tree_add_uint(tree, hf_ssh_mpint_length, tvb,
1403 offset, 4, len);
1404 offset+=4;
1405 proto_tree_add_item(tree, hf_ssh_mpint_selection,
1406 tvb, offset, len, ENC_NA0x00000000);
1407 return 4+len;
1408}
1409
1410static int
1411ssh_tree_add_string(tvbuff_t *tvb, int offset, proto_tree *tree,
1412 int hf_ssh_string, int hf_ssh_string_length)
1413{
1414 unsigned len = tvb_get_ntohl(tvb, offset);
1415 proto_tree_add_uint(tree, hf_ssh_string_length, tvb,
1416 offset, 4, len);
1417 offset+=4;
1418 proto_tree_add_item(tree, hf_ssh_string,
1419 tvb, offset, len, ENC_NA0x00000000);
1420 return 4+len;
1421}
1422
1423static unsigned
1424ssh_tree_add_hostkey(tvbuff_t *tvb, packet_info* pinfo, int offset, proto_tree *parent_tree,
1425 const char *tree_name, int ett_idx,
1426 struct ssh_flow_data *global_data)
1427{
1428 proto_tree *tree = NULL((void*)0);
1429 proto_item *ti;
1430 int last_offset;
1431 int remaining_len;
1432 unsigned key_len, type_len;
1433 char* key_type;
1434 char *tree_title;
1435
1436 last_offset = offset;
1437
1438 key_len = tvb_get_ntohl(tvb, offset);
1439 offset += 4;
1440
1441 /* Read the key type before creating the tree so we can append it as info. */
1442 type_len = tvb_get_ntohl(tvb, offset);
1443 offset += 4;
1444 key_type = (char *) tvb_get_string_enc(pinfo->pool, tvb, offset, type_len, ENC_ASCII0x00000000|ENC_NA0x00000000);
1445
1446 tree_title = wmem_strdup_printf(pinfo->pool, "%s (type: %s)", tree_name, key_type);
1447 tree = proto_tree_add_subtree(parent_tree, tvb, last_offset, key_len + 4, ett_idx, NULL((void*)0),
1448 tree_title);
1449
1450 ti = proto_tree_add_uint(tree, hf_ssh_hostkey_length, tvb, last_offset, 4, key_len);
1451
1452 // server host key (K_S / Q)
1453 char *data = (char *)tvb_memdup(pinfo->pool, tvb, last_offset + 4, key_len);
1454 if (global_data) {
1455 // Reset array while REKEY: sanitize server host key blob
1456 global_data->kex_server_host_key_blob = wmem_array_new(wmem_file_scope(), 1);
1457 ssh_hash_buffer_put_string(global_data->kex_server_host_key_blob, data, key_len);
1458 }
1459
1460 last_offset += 4;
1461 proto_tree_add_uint(tree, hf_ssh_hostkey_type_length, tvb, last_offset, 4, type_len);
1462 proto_tree_add_string(tree, hf_ssh_hostkey_type, tvb, offset, type_len, key_type);
1463 offset += type_len;
1464
1465 if (0 == strcmp(key_type, "ssh-rsa")) {
1466 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostkey_rsa_e);
1467 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostkey_rsa_n);
1468 } else if (0 == strcmp(key_type, "ssh-dss")) {
1469 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostkey_dsa_p);
1470 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostkey_dsa_q);
1471 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostkey_dsa_g);
1472 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostkey_dsa_y);
1473 } else if (g_str_has_prefix(key_type, "ecdsa-sha2-")(__builtin_constant_p ("ecdsa-sha2-")? __extension__ ({ const
char * const __str = (key_type); const char * const __prefix
= ("ecdsa-sha2-"); gboolean __result = (0); if (__str == ((void
*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix)
(__str, __prefix); else { const size_t __str_len = strlen ((
(__str) + !(__str))); const size_t __prefix_len = strlen (((__prefix
) + !(__prefix))); if (__str_len >= __prefix_len) __result
= memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len
) == 0; } __result; }) : (g_str_has_prefix) (key_type, "ecdsa-sha2-"
) )) {
1474 offset += ssh_tree_add_string(tvb, offset, tree,
1475 hf_ssh_hostkey_ecdsa_curve_id, hf_ssh_hostkey_ecdsa_curve_id_length);
1476 offset += ssh_tree_add_string(tvb, offset, tree,
1477 hf_ssh_hostkey_ecdsa_q, hf_ssh_hostkey_ecdsa_q_length);
1478 } else if (g_str_has_prefix(key_type, "ssh-ed")(__builtin_constant_p ("ssh-ed")? __extension__ ({ const char
* const __str = (key_type); const char * const __prefix = ("ssh-ed"
); gboolean __result = (0); if (__str == ((void*)0) || __prefix
== ((void*)0)) __result = (g_str_has_prefix) (__str, __prefix
); else { const size_t __str_len = strlen (((__str) + !(__str
))); const size_t __prefix_len = strlen (((__prefix) + !(__prefix
))); if (__str_len >= __prefix_len) __result = memcmp (((__str
) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len) == 0
; } __result; }) : (g_str_has_prefix) (key_type, "ssh-ed") )) {
1479 offset += ssh_tree_add_string(tvb, offset, tree,
1480 hf_ssh_hostkey_eddsa_key, hf_ssh_hostkey_eddsa_key_length);
1481 } else {
1482 remaining_len = key_len - (type_len + 4);
1483 proto_tree_add_item(tree, hf_ssh_hostkey_data, tvb, offset, remaining_len, ENC_NA0x00000000);
1484 offset += remaining_len;
1485 }
1486
1487 if (last_offset + (int)key_len != offset) {
1488 expert_add_info_format(pinfo, ti, &ei_ssh_packet_decode, "Decoded %d bytes, but hostkey length is %d bytes", offset - last_offset, key_len);
1489 }
1490 return 4+key_len;
1491}
1492
1493static unsigned
1494ssh_tree_add_hostsignature(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree,
1495 const char *tree_name, int ett_idx,
1496 struct ssh_flow_data *global_data)
1497{
1498 (void)global_data;
1499 proto_tree *tree = NULL((void*)0);
1500 proto_item* ti = NULL((void*)0);
1501 int last_offset;
1502 int offset0 = offset;
1503 int remaining_len;
1504 unsigned sig_len, type_len;
1505 uint8_t* sig_type;
1506 char *tree_title;
1507
1508 last_offset = offset;
1509
1510 sig_len = tvb_get_ntohl(tvb, offset);
1511 offset += 4;
1512
1513 /* Read the signature type before creating the tree so we can append it as info. */
1514 type_len = tvb_get_ntohl(tvb, offset);
1515 offset += 4;
1516 sig_type = tvb_get_string_enc(pinfo->pool, tvb, offset, type_len, ENC_ASCII0x00000000|ENC_NA0x00000000);
1517
1518 tree_title = wmem_strdup_printf(pinfo->pool, "%s (type: %s)", tree_name, sig_type);
1519 tree = proto_tree_add_subtree(parent_tree, tvb, last_offset, sig_len + 4, ett_idx, NULL((void*)0),
1520 tree_title);
1521
1522 ti = proto_tree_add_uint(tree, hf_ssh_hostsig_length, tvb, last_offset, 4, sig_len);
1523
1524 last_offset += 4;
1525 proto_tree_add_uint(tree, hf_ssh_hostsig_type_length, tvb, last_offset, 4, type_len);
1526 proto_tree_add_string(tree, hf_ssh_hostsig_type, tvb, offset, type_len, sig_type);
1527 offset += type_len;
1528
1529 if (0 == strcmp(sig_type, "ssh-rsa")) {
1530 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostsig_rsa);
1531 } else if (0 == strcmp(sig_type, "ssh-dss")) {
1532 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostsig_dsa);
1533// } else if (g_str_has_prefix(sig_type, "ecdsa-sha2-")) {
1534// offset += ssh_tree_add_string(tvb, offset, tree,
1535// hf_ssh_hostkey_ecdsa_curve_id, hf_ssh_hostkey_ecdsa_curve_id_length);
1536// ssh_tree_add_string(tvb, offset, tree,
1537// hf_ssh_hostkey_ecdsa_q, hf_ssh_hostkey_ecdsa_q_length);
1538// } else if (g_str_has_prefix(sig_type, "ssh-ed")) {
1539// ssh_tree_add_string(tvb, offset, tree,
1540// hf_ssh_hostkey_eddsa_key, hf_ssh_hostkey_eddsa_key_length);
1541 } else {
1542 remaining_len = sig_len - (type_len + 4);
1543 proto_tree_add_item(tree, hf_ssh_hostsig_data, tvb, offset, remaining_len, ENC_NA0x00000000);
1544 offset += remaining_len;
1545 }
1546
1547 if(offset-offset0!=(int)(4+sig_len)){
1548 expert_add_info_format(pinfo, ti, &ei_ssh_packet_decode, "Decoded %d bytes, but packet length is %d bytes", offset-offset0, sig_len);
1549 }
1550
1551 return 4+sig_len;
1552}
1553
1554static int
1555ssh_dissect_key_exchange(tvbuff_t *tvb, packet_info *pinfo,
1556 struct ssh_flow_data *global_data,
1557 int offset, proto_tree *tree, int is_response,
1558 bool_Bool *need_desegmentation)
1559{
1560 unsigned plen, len;
1561 uint8_t padding_length;
1562 unsigned remain_length;
1563 int last_offset = offset;
1564 unsigned msg_code;
1565
1566 proto_item *ti;
1567 proto_item *key_ex_tree = NULL((void*)0);
1568 const char *key_ex_title = "Key Exchange";
1569
1570 struct ssh_peer_data *peer_data = &global_data->peer_data[is_response];
1571
1572 if (PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
1573 ws_debug("SSH: SECOND PASS dissecting keys -for Wireshark UI- frame %u", pinfo->num)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 1573, __func__, "SSH: SECOND PASS dissecting keys -for Wireshark UI- frame %u"
, pinfo->num); } } while (0);
1574 }
1575 /* This is after the identification string (Protocol Version Exchange)
1576 * but before the first key exchange has completed, so we expect the SSH
1577 * packets to be unencrypted, and to contain KEX related messages.
1578 *
1579 * XXX - Without the "strict kex" extension, other messages are allowed;
1580 * most don't make sense (SSH_MSG_IGNORE and SSH_MSG_DEBUG might), but we
1581 * could dissect them and add them to the tree.
1582 *
1583 * XXX - Could we combine this with ssh_dissect_decrypted_packet, with a
1584 * flag to indicate whether we're before the initial key exchange?
1585 */
1586
1587 /*
1588 * We use "tvb_ensure_captured_length_remaining()" to make sure there
1589 * actually *is* data remaining.
1590 *
1591 * This means we're guaranteed that "remain_length" is positive.
1592 */
1593 remain_length = tvb_ensure_captured_length_remaining(tvb, offset);
1594 /*
1595 * Can we do reassembly?
1596 */
1597 if (ssh_desegment && pinfo->can_desegment) {
1598 /*
1599 * Yes - would an SSH header starting at this offset
1600 * be split across segment boundaries?
1601 */
1602 if (remain_length < 4) {
1603 /*
1604 * Yes. Tell the TCP dissector where the data for
1605 * this message starts in the data it handed us and
1606 * that we need "some more data." Don't tell it
1607 * exactly how many bytes we need because if/when we
1608 * ask for even more (after the header) that will
1609 * break reassembly.
1610 */
1611 pinfo->desegment_offset = offset;
1612 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT0x0fffffff;
1613 *need_desegmentation = true1;
1614 return offset;
1615 }
1616 }
1617 plen = tvb_get_ntohl(tvb, offset) ;
1618
1619 if (ssh_desegment && pinfo->can_desegment) {
1620 if (plen +4 > remain_length) {
1621 pinfo->desegment_offset = offset;
1622 pinfo->desegment_len = plen+4 - remain_length;
1623 *need_desegmentation = true1;
1624 return offset;
1625 }
1626 }
1627 /*
1628 * Need to check plen > 0x80000000 here
1629 */
1630
1631 ti = proto_tree_add_uint(tree, hf_ssh_packet_length, tvb,
1632 offset, 4, plen);
1633 if (plen >= SSH_MAX_PACKET_LEN32768) {
1634 expert_add_info_format(pinfo, ti, &ei_ssh_packet_length, "Overly large number %d", plen);
1635 plen = remain_length-4;
1636
1637 /* XXX - Mark as Continuation Data and return without incrementing?
1638 * Or do so *before* using this length to desegment? */
1639 }
1640 offset+=4;
1641
1642 ssh_packet_info_t *packet = ssh_get_packet_info(pinfo, is_response);
1643
1644 int record_id = tvb_raw_offset(tvb)+offset;
1645 ssh_message_info_t *message;
1646 message = ssh_get_message(pinfo, record_id);
1647 if (!message) {
1648 message = wmem_new0(wmem_file_scope(), ssh_message_info_t)((ssh_message_info_t*)wmem_alloc0((wmem_file_scope()), sizeof
(ssh_message_info_t)));
1649 message->sequence_number = peer_data->sequence_number++;
1650 message->id = record_id;
1651 /* No data, and no MAC, as is this is before encryption starts. */
1652 message->next = NULL((void*)0);
1653 ssh_debug_printf("%s->sequence_number++ > %d\n", is_response?"server":"client", peer_data->sequence_number);
1654
1655 ssh_message_info_t **pmessage = &packet->messages;
1656 while(*pmessage){
1657 pmessage = &(*pmessage)->next;
1658 }
1659 *pmessage = message;
1660 }
1661
1662 /* padding length */
1663 padding_length = tvb_get_uint8(tvb, offset);
1664 proto_tree_add_uint(tree, hf_ssh_padding_length, tvb, offset, 1, padding_length);
1665 offset += 1;
1666
1667 if (global_data->kex)
1668 key_ex_title = wmem_strdup_printf(pinfo->pool, "%s (method:%s)", key_ex_title, global_data->kex);
1669 key_ex_tree = proto_tree_add_subtree(tree, tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), key_ex_title);
1670
1671 /* msg_code */
1672 msg_code = tvb_get_uint8(tvb, offset);
1673
1674 if (msg_code >= 30 && msg_code < 40) {
1675 offset = global_data->kex_specific_dissector(msg_code, tvb, pinfo,
1676 offset, key_ex_tree, global_data);
1677 } else {
1678 proto_tree_add_item(key_ex_tree, hf_ssh2_msg_code, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
1679 offset += 1;
1680
1681 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0),
1682 val_to_str(pinfo->pool, msg_code, ssh2_msg_vals, "Unknown (%u)"));
1683
1684 /* 16 bytes cookie */
1685 switch(msg_code)
1686 {
1687 case SSH_MSG_KEXINIT20:
1688 offset = ssh_dissect_key_init(tvb, pinfo, offset, key_ex_tree, is_response, global_data);
1689 if ((peer_data->frame_key_start == 0) && (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited))) {
1690 peer_data->frame_key_start = pinfo->num;
1691 }
1692 break;
1693 case SSH_MSG_NEWKEYS21:
1694 if (peer_data->frame_key_end == 0) {
1695 peer_data->frame_key_end = pinfo->num;
1696 peer_data->frame_key_end_offset = offset;
1697
1698 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
1699 /* "After sending or receiving a SSH2_MSG_NEWKEYS message,
1700 * reset the packet sequence number to zero. This behaviour
1701 * persists for the duration of the connection (i.e. not
1702 * just the first SSH2_MSG_NEWKEYS) */
1703 if (global_data->ext_kex_strict) {
1704 peer_data->sequence_number = 0;
1705 ssh_debug_printf("%s->sequence_number reset to 0 (Strict KEX)\n", is_response?"server":"client");
1706 }
1707 }
1708
1709 // the client sent SSH_MSG_NEWKEYS
1710 if (!is_response) {
1711 ssh_debug_printf("Activating new keys for CLIENT => SERVER\n");
1712 ssh_decryption_setup_cipher(&global_data->peer_data[CLIENT_PEER_DATA0], &global_data->new_keys[0], &global_data->new_keys[2]);
1713 ssh_decryption_setup_mac(&global_data->peer_data[CLIENT_PEER_DATA0], &global_data->new_keys[4]);
1714 }else{
1715 ssh_debug_printf("Activating new keys for SERVER => CLIENT\n");
1716 ssh_decryption_setup_cipher(&global_data->peer_data[SERVER_PEER_DATA1], &global_data->new_keys[1], &global_data->new_keys[3]);
1717 ssh_decryption_setup_mac(&global_data->peer_data[SERVER_PEER_DATA1], &global_data->new_keys[5]);
1718 }
1719 }
1720 break;
1721 }
1722 }
1723
1724 len = plen+4-padding_length-(offset-last_offset);
1725 if (len > 0) {
1726 proto_tree_add_item(key_ex_tree, hf_ssh_payload, tvb, offset, len, ENC_NA0x00000000);
1727 }
1728 offset += len;
1729
1730 /* padding */
1731 proto_tree_add_item(tree, hf_ssh_padding_string, tvb, offset, padding_length, ENC_NA0x00000000);
1732 offset+= padding_length;
1733 ti = proto_tree_add_uint(tree, hf_ssh_seq_num, tvb, offset, 0, message->sequence_number);
1734 proto_item_set_generated(ti);
1735
1736 return offset;
1737}
1738
1739static int ssh_dissect_kex_dh(uint8_t msg_code, tvbuff_t *tvb,
1740 packet_info *pinfo, int offset, proto_tree *tree,
1741 struct ssh_flow_data *global_data)
1742{
1743 proto_tree_add_item(tree, hf_ssh2_kex_dh_msg_code, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
1744 offset += 1;
1745
1746 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0),
1747 val_to_str(pinfo->pool, msg_code, ssh2_kex_dh_msg_vals, "Unknown (%u)"));
1748
1749 switch (msg_code) {
1750 case SSH_MSG_KEXDH_INIT30:
1751 // e (client ephemeral key public part)
1752 if (!ssh_read_e(tvb, offset, global_data)) {
1753 proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
1754 "Invalid key length: %u", tvb_get_ntohl(tvb, offset));
1755 }
1756
1757 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_e);
1758 break;
1759
1760 case SSH_MSG_KEXDH_REPLY31:
1761 offset += ssh_tree_add_hostkey(tvb, pinfo, offset, tree, "KEX host key",
1762 ett_key_exchange_host_key, global_data);
1763
1764 // f (server ephemeral key public part), K_S (host key)
1765 if (!ssh_read_f(tvb, offset, global_data)) {
1766 proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
1767 "Invalid key length: %u", tvb_get_ntohl(tvb, offset));
1768 }
1769 ssh_choose_enc_mac(global_data);
1770 ssh_keylog_hash_write_secret(global_data, pinfo->pool);
1771
1772 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_f);
1773 offset += ssh_tree_add_hostsignature(tvb, pinfo, offset, tree, "KEX host signature",
1774 ett_key_exchange_host_sig, global_data);
1775 break;
1776 }
1777
1778 return offset;
1779}
1780
1781static int ssh_dissect_kex_dh_gex(uint8_t msg_code, tvbuff_t *tvb,
1782 packet_info *pinfo, int offset, proto_tree *tree,
1783 struct ssh_flow_data *global_data)
1784{
1785 proto_tree_add_item(tree, hf_ssh2_kex_dh_gex_msg_code, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
1786 offset += 1;
1787
1788 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0),
1789 val_to_str(pinfo->pool, msg_code, ssh2_kex_dh_gex_msg_vals, "Unknown (%u)"));
1790
1791 switch (msg_code) {
1792 case SSH_MSG_KEX_DH_GEX_REQUEST_OLD30:
1793 proto_tree_add_item(tree, hf_ssh_dh_gex_nbits, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
1794 offset += 4;
1795 break;
1796
1797 case SSH_MSG_KEX_DH_GEX_GROUP31:
1798 // p (Group modulo)
1799 global_data->kex_gex_p = ssh_read_mpint(tvb, offset);
1800 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_gex_p);
1801 // g (Group generator)
1802 global_data->kex_gex_g = ssh_read_mpint(tvb, offset);
1803 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_gex_g);
1804 break;
1805
1806 case SSH_MSG_KEX_DH_GEX_INIT32:
1807 // e (Client public key)
1808 if (!ssh_read_e(tvb, offset, global_data)) {
1809 proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
1810 "Invalid key length: %u", tvb_get_ntohl(tvb, offset));
1811 }
1812 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_e);
1813 break;
1814
1815 case SSH_MSG_KEX_DH_GEX_REPLY33:
1816 offset += ssh_tree_add_hostkey(tvb, pinfo, offset, tree, "KEX host key",
1817 ett_key_exchange_host_key, global_data);
1818 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
1819 ssh_read_f(tvb, offset, global_data);
1820 // f (server ephemeral key public part), K_S (host key)
1821 ssh_choose_enc_mac(global_data);
1822 ssh_keylog_hash_write_secret(global_data, pinfo->pool);
1823 }
1824 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_f);
1825 offset += ssh_tree_add_hostsignature(tvb, pinfo, offset, tree, "KEX host signature",
1826 ett_key_exchange_host_sig, global_data);
1827 break;
1828
1829 case SSH_MSG_KEX_DH_GEX_REQUEST34:{
1830
1831 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
1832 ssh_hash_buffer_put_uint32(global_data->kex_gex_bits_min, tvb_get_ntohl(tvb, offset));
1833 }
1834 proto_tree_add_item(tree, hf_ssh_dh_gex_min, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
1835 offset += 4;
1836 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
1837 ssh_hash_buffer_put_uint32(global_data->kex_gex_bits_req, tvb_get_ntohl(tvb, offset));
1838 }
1839 proto_tree_add_item(tree, hf_ssh_dh_gex_nbits, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
1840 offset += 4;
1841 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
1842 ssh_hash_buffer_put_uint32(global_data->kex_gex_bits_max, tvb_get_ntohl(tvb, offset));
1843 }
1844 proto_tree_add_item(tree, hf_ssh_dh_gex_max, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
1845 offset += 4;
1846 break;
1847 }
1848 }
1849
1850 return offset;
1851}
1852
1853static int
1854ssh_dissect_kex_ecdh(uint8_t msg_code, tvbuff_t *tvb,
1855 packet_info *pinfo, int offset, proto_tree *tree,
1856 struct ssh_flow_data *global_data)
1857{
1858 proto_tree_add_item(tree, hf_ssh2_kex_ecdh_msg_code, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
1859 offset += 1;
1860
1861 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0),
1862 val_to_str(pinfo->pool, msg_code, ssh2_kex_ecdh_msg_vals, "Unknown (%u)"));
1863
1864 switch (msg_code) {
1
Control jumps to 'case 31:' at line 1874
1865 case SSH_MSG_KEX_ECDH_INIT30:
1866 if (!ssh_read_e(tvb, offset, global_data)) {
1867 proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
1868 "Invalid key length: %u", tvb_get_ntohl(tvb, offset));
1869 }
1870
1871 offset += ssh_tree_add_string(tvb, offset, tree, hf_ssh_ecdh_q_c, hf_ssh_ecdh_q_c_length);
1872 break;
1873
1874 case SSH_MSG_KEX_ECDH_REPLY31:
1875 offset += ssh_tree_add_hostkey(tvb, pinfo, offset, tree, "KEX host key",
1876 ett_key_exchange_host_key, global_data);
1877
1878 if (!ssh_read_f(tvb, offset, global_data)){
2
Taking true branch
1879 proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
1880 "Invalid key length: %u", tvb_get_ntohl(tvb, offset));
1881 }
1882
1883 ssh_choose_enc_mac(global_data);
1884 ssh_keylog_hash_write_secret(global_data, pinfo->pool);
3
Calling 'ssh_keylog_hash_write_secret'
1885
1886 offset += ssh_tree_add_string(tvb, offset, tree, hf_ssh_ecdh_q_s, hf_ssh_ecdh_q_s_length);
1887 offset += ssh_tree_add_hostsignature(tvb, pinfo, offset, tree, "KEX host signature",
1888 ett_key_exchange_host_sig, global_data);
1889 break;
1890 }
1891
1892 return offset;
1893}
1894
1895static int ssh_dissect_kex_hybrid(uint8_t msg_code, tvbuff_t *tvb,
1896 packet_info *pinfo, int offset, proto_tree *tree,
1897 struct ssh_flow_data *global_data _U___attribute__((unused)))
1898{
1899 proto_tree_add_item(tree, hf_ssh2_kex_hybrid_msg_code, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
1900 offset += 1;
1901
1902 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0),
1903 val_to_str(pinfo->pool, msg_code, ssh2_kex_hybrid_msg_vals, "Unknown (%u)"));
1904
1905 const char *kex_name = global_data->kex;
1906 switch (msg_code) {
1907 case SSH_MSG_KEX_HYBRID_INIT30:
1908 expert_add_info(pinfo, NULL((void*)0), &ei_ssh2_kex_hybrid_msg_code_unknown);
1909 expert_add_info(pinfo, NULL((void*)0), &ei_ssh2_kex_hybrid_msg_code);
1910 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
1911 ws_warning("KEX_HYBRID detected: KEX ALGORITHM = %s", kex_name)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_WARNING, "epan/dissectors/packet-ssh.c"
, 1911, __func__, "KEX_HYBRID detected: KEX ALGORITHM = %s", kex_name
); } } while (0);
1912 ws_warning("KEX_HYBRID KEM support in Wireshark / TShark SSH dissector may be missing, partial or experimental")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_WARNING, "epan/dissectors/packet-ssh.c"
, 1912, __func__, "KEX_HYBRID KEM support in Wireshark / TShark SSH dissector may be missing, partial or experimental"
); } } while (0);
1913 }
1914 ws_noisy(">>> KEX_HYBRID KEM detected: msg_code = %u, offset = %d, kex = %s", msg_code, offset, kex_name)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 1914, __func__, ">>> KEX_HYBRID KEM detected: msg_code = %u, offset = %d, kex = %s"
, msg_code, offset, kex_name); } } while (0);
1915 break;
1916 case SSH_MSG_KEX_HYBRID_REPLY31:
1917 ws_noisy(">>> KEX_HYBRID KEM detected: msg_code = %u, offset = %d, kex = %s", msg_code, offset, kex_name)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 1917, __func__, ">>> KEX_HYBRID KEM detected: msg_code = %u, offset = %d, kex = %s"
, msg_code, offset, kex_name); } } while (0);
1918 break;
1919 }
1920
1921 return offset;
1922}
1923
1924 /*
1925 * === Hybrid KEX Dissection Strategy for Post-Quantum algorithms ===
1926 *
1927 * This 3 functions:
1928 *
1929 * - ssh_dissect_kex_pq_hybrid()
1930 * - ssh_read_e_pq()
1931 * - ssh_read_f_pq()
1932 *
1933 * handles the dissection of server key exchange payloads for the
1934 * post-quantum hybrid key exchange method:
1935 * - sntrup761x25519-sha512
1936 * - mlkem768x25519-sha256
1937 *
1938 * /!\ Rationale for implementation approach:
1939 *
1940 * OpenSSH encodes the server's ephemeral key (`Q_S`) as a single SSH `string`
1941 * which contains both the post-quantum KEM ciphertext (from sntrup761 / mlkem768)
1942 * and the traditional Curve25519 public key. Therefore, we parse one string
1943 *
1944 * sntrup761x25519:
1945 * - PQ ciphertext: 1039 bytes (sntrup761)
1946 * - Curve25519 pubkey: 32 bytes
1947 *
1948 * mlkem768x25519:
1949 * - PQ ciphertext: 1152 bytes (mlkem768)
1950 * - Curve25519 pubkey: 32 bytes
1951 *
1952 * This matches how OpenSSH serializes the hybrid key material, and allows Wireshark
1953 * to compute the correct key exchange hash and derive session keys accurately.
1954 *
1955 * /!\ This design is necessary for live decryption support in Wireshark and TShark.
1956 *
1957 * References:
1958 * - RFC 4253: The SSH Transport Layer Protocol
1959 * - Section 6: string encoding format
1960 * - Section 7.2: Key derivation
1961 * - RFC 8731: Secure Shell (SSH) Key Exchange Method using Curve25519
1962 * - Internet-Draft on sntrup761x25519-sha512
1963 * - https://www.ietf.org/archive/id/draft-josefsson-ntruprime-ssh-02.html
1964 * - Internet-Draft on mlkem768x25519-sha256
1965 * - https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-kem
1966 * - OpenSSH Hybrid KEM Implementation (sntrup761x25519-sha512 / mlkem768x25519-sha256)
1967 * - https://github.com/openssh/openssh-portable/blob/master/kexc25519.c
1968 * - https://github.com/openssh/openssh-portable/blob/master/kexsntrup761x25519.c
1969 * - https://github.com/openssh/openssh-portable/blob/master/kexmlkem768x25519.c
1970 *
1971 * These hybrid KEX format are experimental and not yet standardized via the IETF.
1972 * The parsing logic here is tailored to match OpenSSH's real-world behavior to
1973 * ensure accurate decryption support in Wireshark.
1974 */
1975
1976static int
1977ssh_dissect_kex_pq_hybrid(uint8_t msg_code, tvbuff_t *tvb,
1978 packet_info *pinfo, int offset, proto_tree *tree,
1979 struct ssh_flow_data *global_data)
1980{
1981 // SSH PACKET STRUCTURE RFC4253 (e.g. packet of 1228 bytes payload)
1982 // [00 00 04 cc] → ssh payload blob length field in tcp packet (e.g. 1228=0x04cc): 4 bytes
1983 // [1228 bytes of SSH PAYLOAD BLOB] → ssh payload blob field: 1228 bytes
1984
1985 // Add the message code byte (first field in packet) to the GUI tree.
1986 proto_tree_add_item(tree, hf_ssh2_kex_hybrid_msg_code, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
1987 offset += 1; // Move offset past the msg_code byte.
1988
1989 // Add a descriptive string to Wireshark's "Info" column.
1990 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0),
1991 val_to_str(pinfo->pool, msg_code, ssh2_kex_hybrid_msg_vals, "Unknown (%u)"));
1992
1993 if (msg_code == SSH_MSG_KEX_HYBRID_INIT30) {
1994 // Print warning when sntrup761x25519-sha512 or mlkem768x25519-sha256 is detected in KEX
1995 // This implementation currently rely on SHARED_SECRET only and do not work with PRIVATE_KEY
1996 const char *kex_name = global_data->kex;
1997 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
1998 ws_warning("POST-QUANTUM KEX_HYBRID detected: KEX = %s", kex_name)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_WARNING, "epan/dissectors/packet-ssh.c"
, 1998, __func__, "POST-QUANTUM KEX_HYBRID detected: KEX = %s"
, kex_name); } } while (0);
1999 ws_warning("SHARED_SECRET decryption is supported - PRIVATE_KEY decryption is not supported")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_WARNING, "epan/dissectors/packet-ssh.c"
, 1999, __func__, "SHARED_SECRET decryption is supported - PRIVATE_KEY decryption is not supported"
); } } while (0);
2000 }
2001 // Print noisy debug info
2002 ws_noisy(">>> HYBRID KEM: msg_code = %u, offset = %d, kex = %s", msg_code, offset, kex_name)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 2002, __func__, ">>> HYBRID KEM: msg_code = %u, offset = %d, kex = %s"
, msg_code, offset, kex_name); } } while (0);
2003 }
2004
2005 switch (msg_code) {
2006
2007 // Client Key Exchange INIT
2008 case SSH_MSG_KEX_HYBRID_INIT30: {
2009
2010 // SNTRUP761X25519: RFC4253 SSH "string" (binary-encoded structure)
2011 // [00 00 04 a6] → length = 1190 (0x04a6)
2012 // [32 bytes of X25519 pubkey] → ephemeral X25519 public key
2013 // [1158 bytes PQ blob] → sntrup761 encapsulated client key
2014
2015 // MLKEM768X25519: RFC4253 SSH "string" (binary-encoded structure)
2016 // [00 00 04 c0] → length = 1216 (0x04c0)
2017 // [32 bytes of X25519 pubkey] → ephemeral X25519 public key
2018 // [1184 bytes PQ blob] → mlkem768 encapsulated client key
2019
2020 ws_debug("CLIENT INIT follow offset pointer - absolute offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2020, __func__, "CLIENT INIT follow offset pointer - absolute offset: %d"
, offset); } } while (0); // debug trace offset
2021 int new_offset_client = ssh_read_e_pq(tvb, offset, global_data);
2022 if (new_offset_client < 0) {
2023 uint32_t bad_len = tvb_get_ntohl(tvb, offset);
2024 proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 4,
2025 "Invalid PQ client key length: %u", bad_len);
2026 ws_debug("ExpertInfo: Invalid PQ client key length at offset %d: %u", offset, bad_len)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2026, __func__, "ExpertInfo: Invalid PQ client key length at offset %d: %u"
, offset, bad_len); } } while (0);
2027
2028 return offset + 4;
2029 ws_debug("CLIENT INIT validate PQ client key length - offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2029, __func__, "CLIENT INIT validate PQ client key length - offset: %d"
, offset); } } while (0); // debug trace offset
2030 }
2031
2032 // PQ-hybrid KEMs cannot use ssh_add_tree_string => manual dissection
2033 // Get PQ blob size
2034 proto_tree *pq_tree = NULL((void*)0);
2035 uint32_t pq_len = tvb_get_ntohl(tvb, offset);
2036 ws_debug("CLIENT INIT PQ blob length - pq_len: %d", pq_len)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2036, __func__, "CLIENT INIT PQ blob length - pq_len: %d", pq_len
); } } while (0); // debug trace pq_len
2037
2038 // Add a subtree for dissecting PQ blob
2039 proto_tree_add_item(tree, hf_ssh_hybrid_blob_client_len, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); // add blob length
2040 offset += 4; // shift length field
2041 pq_tree = proto_tree_add_subtree(tree, tvb, offset, pq_len, ett_ssh_pqhybrid_client, NULL((void*)0), "Hybrid Key Exchange Blob Client");
2042 ws_debug("CLIENT INIT add PQ Hybrid subtree - offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2042, __func__, "CLIENT INIT add PQ Hybrid subtree - offset: %d"
, offset); } } while (0); // debug trace offset
2043
2044 // Make a new tvb for just the PQ blob string contents
2045 tvbuff_t *string_tvb = tvb_new_subset_length(tvb, offset, pq_len);
2046
2047 // Now dissect string inside the blob and add PQ server response and ECDH Q_S to GUI subtree
2048 proto_tree_add_item(pq_tree, hf_ssh_ecdh_q_c, string_tvb, 0, 32, ENC_NA0x00000000);
2049 proto_tree_add_item(pq_tree, hf_ssh_pq_kem_client, string_tvb, 32, pq_len - 32, ENC_NA0x00000000);
2050
2051 // retrieve offset from read_f_pq() to shift blob length and consume packet
2052 offset = new_offset_client;
2053 ws_debug("CLIENT INIT shift PQ blob - offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2053, __func__, "CLIENT INIT shift PQ blob - offset: %d", offset
); } } while (0); // debug trace offset
2054 break;
2055 }
2056
2057 // Server Reply Message
2058 case SSH_MSG_KEX_HYBRID_REPLY31: {
2059
2060 // SNTRUP761X25519: RFC4253 SSH "string" (binary-encoded structure)
2061 // [00 00 00 0b] → length = 11 // blob offset:0 absolute offset:6
2062 // [73 73 68 2d 65 64 32 35 35 31 39] → "ssh-ed25519"
2063 // [00 00 00 20] → length = 32
2064 // [32 bytes of public key] → public key
2065 // [00 00 04 2f] → length = 1071
2066 // [1071 bytes PQ blob] → PQ blob (32 x25519 + 1039 sntrup761)
2067
2068 // MLKEM768X25519: RFC4253 SSH "string" (binary-encoded structure)
2069 // [00 00 00 0b] → length = 11 // blob offset:0 absolute offset:6
2070 // [73 73 68 2d 65 64 32 35 35 31 39] → "ssh-ed25519"
2071 // [00 00 00 20] → length = 32
2072 // [32 bytes of X25519 pubkey] → ephemeral server X25519 public key
2073 // [00 00 04 a0] → length = 1184 (0x04a0)
2074 // [1184 bytes PQ blob] → PQ blob (32 x25519 + 1152 kyber768)
2075
2076 ws_debug("SERVER REPLY follow offset pointer - absolute offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2076, __func__, "SERVER REPLY follow offset pointer - absolute offset: %d"
, offset); } } while (0); // debug trace offset
2077
2078 // Add the host key used to sign the key exchange to the GUI tree.
2079 offset += ssh_tree_add_hostkey(tvb, pinfo, offset, tree, "KEX host key", ett_key_exchange_host_key, global_data);
2080
2081 ws_debug("SERVER REPLY add hostkey tree - offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2081, __func__, "SERVER REPLY add hostkey tree - offset: %d"
, offset); } } while (0); // debug trace offset
2082
2083 int new_offset_server = ssh_read_f_pq(tvb, offset, global_data);
2084 if (new_offset_server < 0) {
2085 uint32_t bad_len = tvb_get_ntohl(tvb, offset);
2086 proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 4,
2087 "Invalid PQ server key length: %u", bad_len);
2088 ws_debug("ExpertInfo: Invalid PQ server key length at offset %d: %u", offset, bad_len)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2088, __func__, "ExpertInfo: Invalid PQ server key length at offset %d: %u"
, offset, bad_len); } } while (0);
2089
2090 return offset + 4;
2091 ws_debug("SERVER REPLY validate PQ server key length - offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2091, __func__, "SERVER REPLY validate PQ server key length - offset: %d"
, offset); } } while (0); // debug trace offset
2092 }
2093
2094 // Select encryption and MAC based on negotiated algorithms.
2095 ssh_choose_enc_mac(global_data);
2096
2097 // Write session secrets to keylog file (if enabled).
2098 ssh_keylog_hash_write_secret(global_data, pinfo->pool);
2099
2100 // PQ-hybrid KEMs cannot use ssh_add_tree_string => manual dissection
2101 // Get PQ blob size
2102 proto_tree *pq_tree = NULL((void*)0);
2103 uint32_t pq_len = tvb_get_ntohl(tvb, offset);
2104 ws_debug("SERVER REPLY PQ blob length - pq_len: %d", pq_len)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2104, __func__, "SERVER REPLY PQ blob length - pq_len: %d",
pq_len); } } while (0); // debug trace pq_len
2105
2106 // Add a subtree for dissecting PQ blob
2107 proto_tree_add_item(tree, hf_ssh_hybrid_blob_server_len, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); // add blob length
2108 offset += 4; // shift length field
2109 pq_tree = proto_tree_add_subtree(tree, tvb, offset, pq_len, ett_ssh_pqhybrid_server, NULL((void*)0), "Hybrid Key Exchange Blob Server");
2110 ws_debug("SERVER REPLY add PQ Hybrid subtree - offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2110, __func__, "SERVER REPLY add PQ Hybrid subtree - offset: %d"
, offset); } } while (0); // debug trace offset
2111
2112 // Make a new tvb for just the PQ blob string contents
2113 tvbuff_t *string_tvb = tvb_new_subset_length(tvb, offset, pq_len);
2114
2115 // Now dissect string inside the blob and add PQ server response and ECDH Q_S to GUI subtree
2116 proto_tree_add_item(pq_tree, hf_ssh_ecdh_q_s, string_tvb, 0, 32, ENC_NA0x00000000);
2117 proto_tree_add_item(pq_tree, hf_ssh_pq_kem_server, string_tvb, 32, pq_len - 32, ENC_NA0x00000000);
2118
2119 // retrieve offset from read_f_pq() to shift blob length
2120 offset = new_offset_server;
2121 ws_debug("SERVER REPLY shift PQ blob - offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2121, __func__, "SERVER REPLY shift PQ blob - offset: %d", offset
); } } while (0); // debug trace offset
2122
2123 // Add the host's digital signature to the GUI tree
2124 offset += ssh_tree_add_hostsignature(tvb, pinfo, offset, tree, "KEX host signature",
2125 ett_key_exchange_host_sig, global_data);
2126 ws_debug("SERVER REPLY add signature tree - offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2126, __func__, "SERVER REPLY add signature tree - offset: %d"
, offset); } } while (0); // debug trace offset
2127 break;
2128 }
2129 }
2130
2131 if (msg_code == SSH_MSG_KEX_HYBRID_INIT30) {
2132 ws_debug("OUT PQ HYBRID KEX - CLIENT INIT track offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2132, __func__, "OUT PQ HYBRID KEX - CLIENT INIT track offset: %d"
, offset); } } while (0); // debug trace offset
2133 } else if (msg_code == SSH_MSG_KEX_HYBRID_REPLY31) {
2134 ws_debug("OUT PQ HYBRID KEX - SERVER REPLY track offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2134, __func__, "OUT PQ HYBRID KEX - SERVER REPLY track offset: %d"
, offset); } } while (0); // debug trace offset
2135 } else {
2136 ws_debug("OUT PQ HYBRID KEX - track offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2136, __func__, "OUT PQ HYBRID KEX - track offset: %d", offset
); } } while (0); // debug trace offset
2137 }
2138
2139 return offset; // Final offset after packet is processed by ssh_dissect_kex_pq_hybrid()
2140}
2141
2142static ssh_message_info_t*
2143ssh_get_message(packet_info *pinfo, int record_id)
2144{
2145 ssh_packet_info_t *packet = (ssh_packet_info_t *)p_get_proto_data(
2146 wmem_file_scope(), pinfo, proto_ssh, 0);
2147
2148 if (!packet) {
2149 return NULL((void*)0);
2150 }
2151
2152 ssh_message_info_t *message = NULL((void*)0);
2153 for (message = packet->messages; message; message = message->next) {
2154 ws_noisy("%u:looking for message %d now %d", pinfo->num, record_id, message->id)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 2154, __func__, "%u:looking for message %d now %d", pinfo->
num, record_id, message->id); } } while (0);
2155 if (message->id == record_id) {
2156 return message;
2157 }
2158 }
2159
2160 return NULL((void*)0);
2161}
2162
2163static int
2164ssh_try_dissect_encrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
2165 struct ssh_peer_data *peer_data, int offset, proto_tree *tree)
2166{
2167 bool_Bool can_decrypt = peer_data->cipher != NULL((void*)0) || peer_data->cipher_id == CIPHER_NULL0x00080000;
2168 ssh_message_info_t *message = NULL((void*)0);
2169
2170 if (can_decrypt) {
2171 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
2172 ssh_decrypt_packet(tvb, pinfo, peer_data, offset);
2173 if (pinfo->desegment_len) {
2174 return offset;
2175 }
2176 }
2177
2178 int record_id = tvb_raw_offset(tvb) + offset;
2179 message = ssh_get_message(pinfo, record_id);
2180
2181 if (message) {
2182 offset += ssh_dissect_decrypted_packet(tvb_new_subset_remaining(tvb, offset), pinfo, peer_data, tree, message);
2183 return offset;
2184 }
2185 }
2186
2187 return ssh_dissect_encrypted_packet(tvb, pinfo, peer_data, offset, tree);
2188}
2189
2190static int
2191ssh_dissect_encrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
2192 struct ssh_peer_data *peer_data,
2193 int offset, proto_tree *tree)
2194{
2195 int len;
2196 unsigned plen;
2197
2198 len = tvb_reported_length_remaining(tvb, offset);
2199 col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL((void*)0), "Encrypted packet (len=%d)", len);
2200
2201 if (tree) {
2202 int encrypted_len = len;
2203
2204 if (len > 4 && peer_data->length_is_plaintext) {
2205 plen = tvb_get_ntohl(tvb, offset) ;
2206 proto_tree_add_uint(tree, hf_ssh_packet_length, tvb, offset, 4, plen);
2207 encrypted_len -= 4;
2208 }
2209 else if (len > 4) {
2210 proto_tree_add_item(tree, hf_ssh_packet_length_encrypted, tvb, offset, 4, ENC_NA0x00000000);
2211 encrypted_len -= 4;
2212 }
2213
2214 if (peer_data->mac_length>0)
2215 encrypted_len -= peer_data->mac_length;
2216
2217 proto_tree_add_item(tree, hf_ssh_encrypted_packet,
2218 tvb, offset+4, encrypted_len, ENC_NA0x00000000);
2219
2220 if (peer_data->mac_length>0)
2221 proto_tree_add_item(tree, hf_ssh_mac_string,
2222 tvb, offset+4+encrypted_len,
2223 peer_data->mac_length, ENC_NA0x00000000);
2224 }
2225 offset += len;
2226 return offset;
2227}
2228
2229static int
2230ssh_dissect_protocol(tvbuff_t *tvb, packet_info *pinfo,
2231 struct ssh_flow_data *global_data,
2232 int offset, proto_tree *tree, int is_response, unsigned * version,
2233 bool_Bool *need_desegmentation)
2234{
2235 unsigned remain_length;
2236 int linelen, protolen;
2237
2238 /*
2239 * If the first packet do not contain the banner,
2240 * it is dump in the middle of a flow or not a ssh at all
2241 */
2242 if (tvb_strncaseeql(tvb, offset, "SSH-", 4) != 0) {
2243 offset = ssh_dissect_encrypted_packet(tvb, pinfo,
2244 &global_data->peer_data[is_response], offset, tree);
2245 return offset;
2246 }
2247
2248 if (!is_response) {
2249 if (tvb_strncaseeql(tvb, offset, "SSH-2.", 6) == 0) {
2250 *(version) = SSH_VERSION_22;
2251 } else if (tvb_strncaseeql(tvb, offset, "SSH-1.99-", 9) == 0) {
2252 *(version) = SSH_VERSION_22;
2253 } else if (tvb_strncaseeql(tvb, offset, "SSH-1.", 6) == 0) {
2254 *(version) = SSH_VERSION_11;
2255 }
2256 }
2257
2258 /*
2259 * We use "tvb_ensure_captured_length_remaining()" to make sure there
2260 * actually *is* data remaining.
2261 *
2262 * This means we're guaranteed that "remain_length" is positive.
2263 */
2264 remain_length = tvb_ensure_captured_length_remaining(tvb, offset);
2265 /*linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, false);
2266 */
2267 linelen = tvb_find_uint8(tvb, offset, -1, '\n');
2268
2269 if (ssh_desegment && pinfo->can_desegment) {
2270 if (linelen == -1 || remain_length < (unsigned)linelen-offset) {
2271 pinfo->desegment_offset = offset;
2272 pinfo->desegment_len = linelen-remain_length;
2273 *need_desegmentation = true1;
2274 return offset;
2275 }
2276 }
2277 if (linelen == -1) {
2278 /* XXX - reassemble across segment boundaries? */
2279 linelen = remain_length;
2280 protolen = linelen;
2281 } else {
2282 linelen = linelen - offset + 1;
2283
2284 if (linelen > 1 && tvb_get_uint8(tvb, offset + linelen - 2) == '\r')
2285 protolen = linelen - 2;
2286 else
2287 protolen = linelen - 1;
2288 }
2289
2290 col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL((void*)0), "Protocol (%s)",
2291 tvb_format_text(pinfo->pool, tvb, offset, protolen));
2292
2293 // V_C / V_S (client and server identification strings) RFC4253 4.2
2294 // format: SSH-protoversion-softwareversion SP comments [CR LF not incl.]
2295 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
2296 char *data = (char *)tvb_memdup(pinfo->pool, tvb, offset, protolen);
2297 if(!is_response){
2298 ssh_hash_buffer_put_string(global_data->kex_client_version, data, protolen);
2299 }else{
2300 ssh_hash_buffer_put_string(global_data->kex_server_version, data, protolen);
2301 }
2302 }
2303
2304 proto_tree_add_item(tree, hf_ssh_protocol,
2305 tvb, offset, protolen, ENC_ASCII0x00000000);
2306 offset += linelen;
2307 return offset;
2308}
2309
2310static void
2311ssh_set_mac_length(struct ssh_peer_data *peer_data)
2312{
2313 char *size_str;
2314 uint32_t size = 0;
2315 char *mac_name = peer_data->mac;
2316 char *strip;
2317
2318 if (!mac_name)
2319 return;
2320
2321 /* wmem_strdup() never returns NULL */
2322 mac_name = wmem_strdup(NULL((void*)0), (const char *)mac_name);
2323
2324 /* strip trailing "[email protected]" or "@openssh.com" */
2325 strip = strstr(mac_name, "[email protected]");
2326 if (strip) {
2327 peer_data->length_is_plaintext = 1;
2328 *strip = '\0';
2329 }
2330 else {
2331 strip = strstr(mac_name, "@openssh.com");
2332 if (strip) *strip = '\0';
2333 }
2334
2335 size_str = g_strrstr(mac_name, "-");
2336 if (size_str && ws_strtou32(size_str + 1, NULL((void*)0), &size) && size > 0 && size % 8 == 0) {
2337 peer_data->mac_length = size / 8;
2338 }
2339 else if (strcmp(mac_name, "hmac-sha1") == 0) {
2340 peer_data->mac_length = 20;
2341 }
2342 else if (strcmp(mac_name, "hmac-md5") == 0) {
2343 peer_data->mac_length = 16;
2344 }
2345 else if (strcmp(mac_name, "hmac-ripemd160") == 0) {
2346 peer_data->mac_length = 20;
2347 }
2348 else if (strcmp(mac_name, "none") == 0) {
2349 peer_data->mac_length = 0;
2350 }
2351
2352 wmem_free(NULL((void*)0), mac_name);
2353}
2354
2355static void ssh_set_kex_specific_dissector(struct ssh_flow_data *global_data)
2356{
2357 const char *kex_name = global_data->kex;
2358
2359 if (!kex_name) return;
2360
2361 if (strcmp(kex_name, "diffie-hellman-group-exchange-sha1") == 0 ||
2362 strcmp(kex_name, "diffie-hellman-group-exchange-sha256") == 0)
2363 {
2364 global_data->kex_specific_dissector = ssh_dissect_kex_dh_gex;
2365 }
2366 else if (g_str_has_prefix(kex_name, "ecdh-sha2-")(__builtin_constant_p ("ecdh-sha2-")? __extension__ ({ const char
* const __str = (kex_name); const char * const __prefix = ("ecdh-sha2-"
); gboolean __result = (0); if (__str == ((void*)0) || __prefix
== ((void*)0)) __result = (g_str_has_prefix) (__str, __prefix
); else { const size_t __str_len = strlen (((__str) + !(__str
))); const size_t __prefix_len = strlen (((__prefix) + !(__prefix
))); if (__str_len >= __prefix_len) __result = memcmp (((__str
) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len) == 0
; } __result; }) : (g_str_has_prefix) (kex_name, "ecdh-sha2-"
) ) ||
2367 strcmp(kex_name, "[email protected]") == 0 ||
2368 strcmp(kex_name, "curve25519-sha256") == 0 ||
2369 strcmp(kex_name, "curve448-sha512") == 0)
2370 {
2371 global_data->kex_specific_dissector = ssh_dissect_kex_ecdh;
2372 }
2373 else if (strcmp(kex_name, "diffie-hellman-group14-sha256") == 0 ||
2374 strcmp(kex_name, "diffie-hellman-group16-sha512") == 0 ||
2375 strcmp(kex_name, "diffie-hellman-group18-sha512") == 0 ||
2376 strcmp(kex_name, "diffie-hellman-group1-sha1") == 0 ||
2377 strcmp(kex_name, "diffie-hellman-group14-sha1") == 0)
2378 {
2379 global_data->kex_specific_dissector = ssh_dissect_kex_dh;
2380 }
2381 else if (strcmp(kex_name, "mlkem768nistp256-sha256") == 0 ||
2382 strcmp(kex_name, "mlkem1024nistp384-sha384") == 0)
2383 {
2384 global_data->kex_specific_dissector = ssh_dissect_kex_hybrid;
2385 }
2386 else if (strcmp(kex_name, "sntrup761x25519-sha512") == 0 ||
2387 strcmp(kex_name, "mlkem768x25519-sha256") == 0)
2388 /* ___add support for post-quantum hybrid KEM */
2389 {
2390 global_data->kex_specific_dissector = ssh_dissect_kex_pq_hybrid;
2391 }
2392 else
2393 {
2394 ws_warning("NOT SUPPORTED OR UNKNOWN KEX DETECTED: ALGORITHM = %s", kex_name)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_WARNING, "epan/dissectors/packet-ssh.c"
, 2394, __func__, "NOT SUPPORTED OR UNKNOWN KEX DETECTED: ALGORITHM = %s"
, kex_name); } } while (0);
2395 }
2396}
2397
2398static int
2399ssh_gslist_compare_strings(const void *a, const void *b)
2400{
2401 if (a == NULL((void*)0) && b == NULL((void*)0))
2402 return 0;
2403 if (a == NULL((void*)0))
2404 return -1;
2405 if (b == NULL((void*)0))
2406 return 1;
2407 return strcmp((const char*)a, (const char*)b);
2408}
2409
2410/* expects that *result is NULL */
2411static bool_Bool
2412ssh_choose_algo(char *client, char *server, char **result)
2413{
2414 char **server_strings = NULL((void*)0);
2415 char **client_strings = NULL((void*)0);
2416 char **step;
2417 GSList *server_list = NULL((void*)0);
2418
2419 static const char* client_strict = "[email protected]";
2420 static const char* server_strict = "[email protected]";
2421 bool_Bool kex_strict = false0;
2422
2423 if (!client || !server || !result || *result)
2424 return false0;
2425
2426 server_strings = g_strsplit(server, ",", 0);
2427 for (step = server_strings; *step; step++) {
2428 server_list = g_slist_append(server_list, *step);
2429 }
2430
2431 client_strings = g_strsplit(client, ",", 0);
2432 for (step = client_strings; *step; step++) {
2433 GSList *agreed;
2434 if ((agreed = g_slist_find_custom(server_list, *step, ssh_gslist_compare_strings))) {
2435 *result = wmem_strdup(wmem_file_scope(), (const char *)agreed->data);
2436 break;
2437 }
2438 }
2439
2440 /* Check for the OpenSSH strict key exchange extension designed to
2441 * mitigate the Terrapin attack by resetting the packet sequence
2442 * number to zero after a SSH2_MSG_NEWKEYS message.
2443 * https://www.openssh.com/txt/release-9.6
2444 * Also see PROTOCOL in the OpenSSH source distribution.
2445 *
2446 * OpenSSH says this is activated "when an endpoint that supports this
2447 * extension observes this algorithm name in a peer's KEXINIT packet".
2448 * We'll have to assume that any endpoint that supports this also
2449 * indicates support for it in its own first SSH2_MSG_KEXINIT.
2450 */
2451 if (g_strv_contains((const char* const*)client_strings, client_strict) &&
2452 g_strv_contains((const char* const*)server_strings, server_strict)) {
2453
2454 kex_strict = true1;
2455 }
2456
2457 g_strfreev(client_strings);
2458 g_slist_free(server_list);
2459 g_strfreev(server_strings);
2460
2461 return kex_strict;
2462}
2463
2464static int
2465ssh_dissect_key_init(tvbuff_t *tvb, packet_info *pinfo, int offset,
2466 proto_tree *tree, int is_response, struct ssh_flow_data *global_data)
2467{
2468 int start_offset = offset;
2469 int payload_length;
2470 wmem_strbuf_t *hassh_algo;
2471 char *hassh;
2472
2473 proto_item *tf, *ti;
2474 proto_tree *key_init_tree;
2475
2476 struct ssh_peer_data *peer_data = &global_data->peer_data[is_response];
2477
2478 key_init_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_key_init, &tf, "Algorithms");
2479 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
2480 peer_data->bn_cookie = ssh_kex_make_bignum(tvb_get_ptr(tvb, offset, 16), 16);
2481 }
2482 proto_tree_add_item(key_init_tree, hf_ssh_cookie,
2483 tvb, offset, 16, ENC_NA0x00000000);
2484 offset += 16;
2485
2486 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2487 hf_ssh_kex_algorithms_length, hf_ssh_kex_algorithms,
2488 &peer_data->kex_proposal);
2489 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2490 hf_ssh_server_host_key_algorithms_length,
2491 hf_ssh_server_host_key_algorithms, NULL((void*)0));
2492 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2493 hf_ssh_encryption_algorithms_client_to_server_length,
2494 hf_ssh_encryption_algorithms_client_to_server,
2495 &peer_data->enc_proposals[CLIENT_TO_SERVER_PROPOSAL0]);
2496 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2497 hf_ssh_encryption_algorithms_server_to_client_length,
2498 hf_ssh_encryption_algorithms_server_to_client,
2499 &peer_data->enc_proposals[SERVER_TO_CLIENT_PROPOSAL1]);
2500 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2501 hf_ssh_mac_algorithms_client_to_server_length,
2502 hf_ssh_mac_algorithms_client_to_server,
2503 &peer_data->mac_proposals[CLIENT_TO_SERVER_PROPOSAL0]);
2504 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2505 hf_ssh_mac_algorithms_server_to_client_length,
2506 hf_ssh_mac_algorithms_server_to_client,
2507 &peer_data->mac_proposals[SERVER_TO_CLIENT_PROPOSAL1]);
2508 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2509 hf_ssh_compression_algorithms_client_to_server_length,
2510 hf_ssh_compression_algorithms_client_to_server,
2511 &peer_data->comp_proposals[CLIENT_TO_SERVER_PROPOSAL0]);
2512 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2513 hf_ssh_compression_algorithms_server_to_client_length,
2514 hf_ssh_compression_algorithms_server_to_client,
2515 &peer_data->comp_proposals[SERVER_TO_CLIENT_PROPOSAL1]);
2516 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2517 hf_ssh_languages_client_to_server_length,
2518 hf_ssh_languages_client_to_server, NULL((void*)0));
2519 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2520 hf_ssh_languages_server_to_client_length,
2521 hf_ssh_languages_server_to_client, NULL((void*)0));
2522
2523 proto_tree_add_item(key_init_tree, hf_ssh_first_kex_packet_follows,
2524 tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
2525 offset+=1;
2526
2527 proto_tree_add_item(key_init_tree, hf_ssh_kex_reserved,
2528 tvb, offset, 4, ENC_NA0x00000000);
2529 offset+=4;
2530
2531 hassh_algo = wmem_strbuf_new(pinfo->pool, "");
2532 if(!is_response) {
2533 wmem_strbuf_append_printf(hassh_algo, "%s;%s;%s;%s", peer_data->kex_proposal, peer_data->enc_proposals[CLIENT_TO_SERVER_PROPOSAL0],
2534 peer_data->mac_proposals[CLIENT_TO_SERVER_PROPOSAL0], peer_data->comp_proposals[CLIENT_TO_SERVER_PROPOSAL0]);
2535 hassh = g_compute_checksum_for_string(G_CHECKSUM_MD5, wmem_strbuf_get_str(hassh_algo), wmem_strbuf_get_len(hassh_algo));
2536 ti = proto_tree_add_string(key_init_tree, hf_ssh_kex_hassh_algo, tvb, offset, 0, wmem_strbuf_get_str(hassh_algo));
2537 proto_item_set_generated(ti);
2538 ti = proto_tree_add_string(key_init_tree, hf_ssh_kex_hassh, tvb, offset, 0, hassh);
2539 proto_item_set_generated(ti);
2540 g_free(hassh);
2541 } else {
2542 wmem_strbuf_append_printf(hassh_algo, "%s;%s;%s;%s", peer_data->kex_proposal, peer_data->enc_proposals[SERVER_TO_CLIENT_PROPOSAL1],
2543 peer_data->mac_proposals[SERVER_TO_CLIENT_PROPOSAL1], peer_data->comp_proposals[SERVER_TO_CLIENT_PROPOSAL1]);
2544 hassh = g_compute_checksum_for_string(G_CHECKSUM_MD5, wmem_strbuf_get_str(hassh_algo), wmem_strbuf_get_len(hassh_algo));
2545 ti = proto_tree_add_string(key_init_tree, hf_ssh_kex_hasshserver_algo, tvb, offset, 0, wmem_strbuf_get_str(hassh_algo));
2546 proto_item_set_generated(ti);
2547 ti = proto_tree_add_string(key_init_tree, hf_ssh_kex_hasshserver, tvb, offset, 0, hassh);
2548 proto_item_set_generated(ti);
2549 g_free(hassh);
2550 }
2551
2552 if (global_data->peer_data[CLIENT_PEER_DATA0].kex_proposal &&
2553 global_data->peer_data[SERVER_PEER_DATA1].kex_proposal &&
2554 !global_data->kex)
2555 {
2556 /* Note: we're ignoring first_kex_packet_follows. */
2557 global_data->ext_kex_strict = ssh_choose_algo(
2558 global_data->peer_data[CLIENT_PEER_DATA0].kex_proposal,
2559 global_data->peer_data[SERVER_PEER_DATA1].kex_proposal,
2560 &global_data->kex);
2561 ssh_set_kex_specific_dissector(global_data);
2562 }
2563
2564 payload_length = offset - start_offset;
2565
2566 if (tf != NULL((void*)0)) {
2567 proto_item_set_len(tf, payload_length);
2568 }
2569
2570 // I_C / I_S (client and server SSH_MSG_KEXINIT payload) RFC4253 4.2
2571 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
2572 char *data = (char *)wmem_alloc(pinfo->pool, payload_length + 1);
2573 tvb_memcpy(tvb, data + 1, start_offset, payload_length);
2574 data[0] = SSH_MSG_KEXINIT20;
2575 if(is_response){
2576 ssh_hash_buffer_put_string(global_data->kex_server_key_exchange_init, data, payload_length + 1);
2577 }else{
2578 // Reset array while REKEY: sanitize client key
2579 global_data->kex_client_key_exchange_init = wmem_array_new(wmem_file_scope(), 1);
2580 ssh_hash_buffer_put_string(global_data->kex_client_key_exchange_init, data, payload_length + 1);
2581 }
2582 }
2583
2584 return offset;
2585}
2586
2587static int
2588ssh_dissect_proposal(tvbuff_t *tvb, int offset, proto_tree *tree,
2589 int hf_index_length, int hf_index_value, char **store)
2590{
2591 uint32_t len = tvb_get_ntohl(tvb, offset);
2592 proto_tree_add_uint(tree, hf_index_length, tvb, offset, 4, len);
2593 offset += 4;
2594
2595 proto_tree_add_item(tree, hf_index_value, tvb, offset, len,
2596 ENC_ASCII0x00000000);
2597 if (store)
2598 *store = (char *) tvb_get_string_enc(wmem_file_scope(), tvb, offset, len, ENC_ASCII0x00000000);
2599 offset += len;
2600
2601 return offset;
2602}
2603
2604static void
2605ssh_keylog_read_file(void)
2606{
2607 if (!pref_keylog_file || !*pref_keylog_file) {
5
Assuming 'pref_keylog_file' is non-null
6
Assuming the condition is false
2608 ws_debug("no keylog file preference set")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2608, __func__, "no keylog file preference set"); } } while
(0);
2609 return;
2610 }
2611
2612 if (ssh_keylog_file && file_needs_reopen(ws_filenofileno(ssh_keylog_file),
7
Assuming 'ssh_keylog_file' is non-null
8
Assuming the condition is false
9
Taking false branch
2613 pref_keylog_file)) {
2614 ssh_keylog_reset();
2615 g_hash_table_remove_all(ssh_master_key_map);
2616 }
2617
2618 if (!ssh_keylog_file) {
10
Assuming 'ssh_keylog_file' is non-null
11
Taking false branch
2619 ssh_keylog_file = ws_fopenfopen(pref_keylog_file, "r");
2620 if (!ssh_keylog_file) {
2621 ws_debug("ssh: failed to open key log file %s: %s",do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2622, __func__, "ssh: failed to open key log file %s: %s", pref_keylog_file
, g_strerror((*__errno_location ()))); } } while (0)
2622 pref_keylog_file, g_strerror(errno))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2622, __func__, "ssh: failed to open key log file %s: %s", pref_keylog_file
, g_strerror((*__errno_location ()))); } } while (0);
2623 return;
2624 }
2625 }
2626
2627 /* File format: each line follows the format "<cookie> <type> <key>".
2628 * <cookie> is the hex-encoded (client or server) 16 bytes cookie
2629 * (32 characters) found in the SSH_MSG_KEXINIT of the endpoint whose
2630 * private random is disclosed.
2631 * <type> is either SHARED_SECRET or PRIVATE_KEY depending on the
2632 * type of key provided. PRIVAT_KEY is only supported for DH,
2633 * DH group exchange, and ECDH (including Curve25519) key exchanges.
2634 * <key> is the private random number that is used to generate the DH
2635 * negotiation (length depends on algorithm). In RFC4253 it is called
2636 * x for the client and y for the server.
2637 * For openssh and DH group exchange, it can be retrieved using
2638 * DH_get0_key(kex->dh, NULL, &server_random)
2639 * for groupN in file kexdh.c function kex_dh_compute_key
2640 * for custom group in file kexgexs.c function input_kex_dh_gex_init
2641 * For openssh and curve25519, it can be found in function kex_c25519_enc
2642 * in variable server_key. One may also provide the shared secret
2643 * directly if <type> is set to SHARED_SECRET.
2644 *
2645 * Example:
2646 * 90d886612f9c35903db5bb30d11f23c2 PRIVATE_KEY DEF830C22F6C927E31972FFB20B46C96D0A5F2D5E7BE5A3A8804D6BFC431619ED10AF589EEDFF4750DEA00EFD7AFDB814B6F3528729692B1F2482041521AE9DC
2647 */
2648 for (;;) {
12
Loop condition is true. Entering loop body
2649 // XXX - What is a reasonable max line length here? Note at a certain
2650 // point we have to increase the maximum ssh_kex_make_bignum supports (not needed for post quantum material (pure binary)).
2651 char buf[4096];// 4096 is needed for mlkem1024 private_key binary meterial: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf
2652 buf[0] = 0;
2653
2654 if (!fgets(buf, sizeof(buf), ssh_keylog_file)) {
13
Taking true branch
2655 rewind(ssh_keylog_file); // Resets to start of file (to handle parallel multi sessions decryption)
14
After calling 'rewind' reading 'errno' is required to find out if the call has failed
2656 if (ferror(ssh_keylog_file)) {
15
Value of 'errno' was not checked and may be overwritten by function 'ferror'
2657 ws_debug("Error while reading %s, closing it.", pref_keylog_file)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2657, __func__, "Error while reading %s, closing it.", pref_keylog_file
); } } while (0);
2658 ssh_keylog_reset();
2659 g_hash_table_remove_all(ssh_master_key_map);
2660 }
2661 break;
2662 }
2663
2664 size_t len = strlen(buf);
2665 while(len>0 && (buf[len-1]=='\r' || buf[len-1]=='\n')){len-=1;buf[len]=0;}
2666 ws_noisy("ssh: raw keylog line read: %s", buf)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 2666, __func__, "ssh: raw keylog line read: %s", buf); } } while
(0);
2667
2668 ssh_keylog_process_line(buf);
2669 }
2670}
2671
2672static void
2673ssh_keylog_process_lines(const uint8_t *data, unsigned datalen)
2674{
2675 const char *next_line = (const char *)data;
2676 const char *line_end = next_line + datalen;
2677 while (next_line && next_line < line_end) {
2678 const char *line = next_line;
2679 next_line = (const char *)memchr(line, '\n', line_end - line);
2680 ssize_t linelen;
2681
2682 if (next_line) {
2683 linelen = next_line - line;
2684 next_line++; /* drop LF */
2685 } else {
2686 linelen = (ssize_t)(line_end - line);
2687 }
2688 if (linelen > 0 && line[linelen - 1] == '\r') {
2689 linelen--; /* drop CR */
2690 }
2691
2692 ssh_debug_printf(" checking keylog line: %.*s\n", (int)linelen, line);
2693 ws_noisy("ssh: about to process line: %.*s", (int)linelen, line)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 2693, __func__, "ssh: about to process line: %.*s", (int)linelen
, line); } } while (0);
2694
2695 char * strippedline = g_strndup(line, linelen);
2696 ssh_keylog_process_line(strippedline);
2697 g_free(strippedline);
2698 }
2699}
2700
2701static void
2702ssh_keylog_process_line(const char *line)
2703{
2704 ws_noisy("ssh: process line: %s", line)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 2704, __func__, "ssh: process line: %s", line); } } while (
0);
2705
2706 char **split = g_strsplit(line, " ", 3);
2707 char *cookie, *type, *key;
2708 size_t cookie_len, key_len;
2709
2710 if (g_strv_length(split) == 3) {
2711 // New format: [hex-encoded cookie] [key type] [hex-encoded key material]
2712 cookie = split[0];
2713 type = split[1];
2714 key = split[2];
2715 } else if (g_strv_length(split) == 2) {
2716 // Old format: [hex-encoded cookie] [hex-encoded private key]
2717 ws_debug("ssh keylog: detected old keylog format without explicit key type")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2717, __func__, "ssh keylog: detected old keylog format without explicit key type"
); } } while (0);
2718 type = "PRIVATE_KEY";
2719 cookie = split[0];
2720 key = split[1];
2721 } else {
2722 ws_debug("ssh keylog: invalid format")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2722, __func__, "ssh keylog: invalid format"); } } while (0
);
2723 g_strfreev(split);
2724 return;
2725 }
2726
2727 key_len = strlen(key);
2728 cookie_len = strlen(cookie);
2729 if(key_len & 1){
2730 ws_debug("ssh keylog: invalid format (key should at least be even!)")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2730, __func__, "ssh keylog: invalid format (key should at least be even!)"
); } } while (0);
2731 g_strfreev(split);
2732 return;
2733 }
2734 if(cookie_len & 1){
2735 ws_debug("ssh keylog: invalid format (cookie should at least be even!)")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2735, __func__, "ssh keylog: invalid format (cookie should at least be even!)"
); } } while (0);
2736 g_strfreev(split);
2737 return;
2738 }
2739 ssh_bignum * bn_cookie = ssh_kex_make_bignum(NULL((void*)0), (unsigned)(cookie_len/2));
2740 ssh_bignum * bn_priv = ssh_kex_make_bignum(NULL((void*)0), (unsigned)(key_len/2));
2741 uint8_t c;
2742 for (size_t i = 0; i < key_len/2; i ++) {
2743 char v0 = key[i * 2];
2744 int8_t h0 = ws_xton(v0);
2745 char v1 = key[i * 2 + 1];
2746 int8_t h1 = ws_xton(v1);
2747
2748 if (h0==-1 || h1==-1) {
2749 ws_debug("ssh: can't process key, invalid hex number: %c%c", v0, v1)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2749, __func__, "ssh: can't process key, invalid hex number: %c%c"
, v0, v1); } } while (0);
2750 g_strfreev(split);
2751 return;
2752 }
2753
2754 c = (h0 << 4) | h1;
2755
2756 bn_priv->data[i] = c;
2757 }
2758 for (size_t i = 0; i < cookie_len/2; i ++) {
2759 char v0 = cookie[i * 2];
2760 int8_t h0 = ws_xton(v0);
2761 char v1 = cookie[i * 2 + 1];
2762 int8_t h1 = ws_xton(v1);
2763
2764 if (h0==-1 || h1==-1) {
2765 ws_debug("ssh: can't process cookie, invalid hex number: %c%c", v0, v1)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2765, __func__, "ssh: can't process cookie, invalid hex number: %c%c"
, v0, v1); } } while (0);
2766 g_strfreev(split);
2767 return;
2768 }
2769
2770 c = (h0 << 4) | h1;
2771
2772 bn_cookie->data[i] = c;
2773 }
2774 ssh_bignum * bn_priv_ht = g_new(ssh_bignum, 1)((ssh_bignum *) g_malloc_n ((1), sizeof (ssh_bignum)));
2775 bn_priv_ht->length = bn_priv->length;
2776 bn_priv_ht->data = (uint8_t *) g_memdup2(bn_priv->data, bn_priv->length);
2777 ssh_bignum * bn_cookie_ht = g_new(ssh_bignum, 1)((ssh_bignum *) g_malloc_n ((1), sizeof (ssh_bignum)));
2778 bn_cookie_ht->length = bn_cookie->length;
2779 bn_cookie_ht->data = (uint8_t *) g_memdup2(bn_cookie->data, bn_cookie->length);
2780
2781 char * type_ht = (char *) g_memdup2(type, strlen(type) + 1);
2782 ssh_key_map_entry_t * entry_ht = g_new(ssh_key_map_entry_t, 1)((ssh_key_map_entry_t *) g_malloc_n ((1), sizeof (ssh_key_map_entry_t
)));
2783 entry_ht->type = type_ht;
2784 entry_ht->key_material = bn_priv_ht;
2785 g_hash_table_insert(ssh_master_key_map, bn_cookie_ht, entry_ht);
2786 g_strfreev(split);
2787}
2788
2789static void
2790ssh_keylog_reset(void)
2791{
2792 if (ssh_keylog_file) {
2793 fclose(ssh_keylog_file);
2794 ssh_keylog_file = NULL((void*)0);
2795 }
2796}
2797
2798static unsigned
2799ssh_kex_type(char *type)
2800{
2801 if (type) {
2802 if (g_str_has_prefix(type, "curve25519")(__builtin_constant_p ("curve25519")? __extension__ ({ const char
* const __str = (type); const char * const __prefix = ("curve25519"
); gboolean __result = (0); if (__str == ((void*)0) || __prefix
== ((void*)0)) __result = (g_str_has_prefix) (__str, __prefix
); else { const size_t __str_len = strlen (((__str) + !(__str
))); const size_t __prefix_len = strlen (((__prefix) + !(__prefix
))); if (__str_len >= __prefix_len) __result = memcmp (((__str
) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len) == 0
; } __result; }) : (g_str_has_prefix) (type, "curve25519") )) {
2803 return SSH_KEX_CURVE255190x00010000;
2804 }else if (g_str_has_prefix(type, "sntrup761x25519")(__builtin_constant_p ("sntrup761x25519")? __extension__ ({ const
char * const __str = (type); const char * const __prefix = (
"sntrup761x25519"); gboolean __result = (0); if (__str == ((void
*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix)
(__str, __prefix); else { const size_t __str_len = strlen ((
(__str) + !(__str))); const size_t __prefix_len = strlen (((__prefix
) + !(__prefix))); if (__str_len >= __prefix_len) __result
= memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len
) == 0; } __result; }) : (g_str_has_prefix) (type, "sntrup761x25519"
) )) {
2805 return SSH_KEX_SNTRUP761X255190x00040000;
2806 }else if (g_str_has_prefix(type, "mlkem768x25519")(__builtin_constant_p ("mlkem768x25519")? __extension__ ({ const
char * const __str = (type); const char * const __prefix = (
"mlkem768x25519"); gboolean __result = (0); if (__str == ((void
*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix)
(__str, __prefix); else { const size_t __str_len = strlen ((
(__str) + !(__str))); const size_t __prefix_len = strlen (((__prefix
) + !(__prefix))); if (__str_len >= __prefix_len) __result
= memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len
) == 0; } __result; }) : (g_str_has_prefix) (type, "mlkem768x25519"
) )) {
2807 return SSH_KEX_MLKEM768X255190x00050000;
2808 }else if (g_str_has_prefix(type, "diffie-hellman-group-exchange")(__builtin_constant_p ("diffie-hellman-group-exchange")? __extension__
({ const char * const __str = (type); const char * const __prefix
= ("diffie-hellman-group-exchange"); gboolean __result = (0)
; if (__str == ((void*)0) || __prefix == ((void*)0)) __result
= (g_str_has_prefix) (__str, __prefix); else { const size_t __str_len
= strlen (((__str) + !(__str))); const size_t __prefix_len =
strlen (((__prefix) + !(__prefix))); if (__str_len >= __prefix_len
) __result = memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix
)), __prefix_len) == 0; } __result; }) : (g_str_has_prefix) (
type, "diffie-hellman-group-exchange") )) {
2809 return SSH_KEX_DH_GEX0x00020000;
2810 }else if (g_str_has_prefix(type, "diffie-hellman-group14")(__builtin_constant_p ("diffie-hellman-group14")? __extension__
({ const char * const __str = (type); const char * const __prefix
= ("diffie-hellman-group14"); gboolean __result = (0); if (__str
== ((void*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix
) (__str, __prefix); else { const size_t __str_len = strlen (
((__str) + !(__str))); const size_t __prefix_len = strlen (((
__prefix) + !(__prefix))); if (__str_len >= __prefix_len) __result
= memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len
) == 0; } __result; }) : (g_str_has_prefix) (type, "diffie-hellman-group14"
) )) {
2811 return SSH_KEX_DH_GROUP140x00030014;
2812 }else if (g_str_has_prefix(type, "diffie-hellman-group16")(__builtin_constant_p ("diffie-hellman-group16")? __extension__
({ const char * const __str = (type); const char * const __prefix
= ("diffie-hellman-group16"); gboolean __result = (0); if (__str
== ((void*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix
) (__str, __prefix); else { const size_t __str_len = strlen (
((__str) + !(__str))); const size_t __prefix_len = strlen (((
__prefix) + !(__prefix))); if (__str_len >= __prefix_len) __result
= memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len
) == 0; } __result; }) : (g_str_has_prefix) (type, "diffie-hellman-group16"
) )) {
2813 return SSH_KEX_DH_GROUP160x00030016;
2814 }else if (g_str_has_prefix(type, "diffie-hellman-group18")(__builtin_constant_p ("diffie-hellman-group18")? __extension__
({ const char * const __str = (type); const char * const __prefix
= ("diffie-hellman-group18"); gboolean __result = (0); if (__str
== ((void*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix
) (__str, __prefix); else { const size_t __str_len = strlen (
((__str) + !(__str))); const size_t __prefix_len = strlen (((
__prefix) + !(__prefix))); if (__str_len >= __prefix_len) __result
= memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len
) == 0; } __result; }) : (g_str_has_prefix) (type, "diffie-hellman-group18"
) )) {
2815 return SSH_KEX_DH_GROUP180x00030018;
2816 }else if (g_str_has_prefix(type, "diffie-hellman-group1")(__builtin_constant_p ("diffie-hellman-group1")? __extension__
({ const char * const __str = (type); const char * const __prefix
= ("diffie-hellman-group1"); gboolean __result = (0); if (__str
== ((void*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix
) (__str, __prefix); else { const size_t __str_len = strlen (
((__str) + !(__str))); const size_t __prefix_len = strlen (((
__prefix) + !(__prefix))); if (__str_len >= __prefix_len) __result
= memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len
) == 0; } __result; }) : (g_str_has_prefix) (type, "diffie-hellman-group1"
) )) {
2817 return SSH_KEX_DH_GROUP10x00030001;
2818 }
2819 }
2820
2821 return 0;
2822}
2823
2824static unsigned
2825ssh_kex_hash_type(char *type_string)
2826{
2827 if (type_string && g_str_has_suffix(type_string, "sha1")(__builtin_constant_p ("sha1")? __extension__ ({ const char *
const __str = (type_string); const char * const __suffix = (
"sha1"); gboolean __result = (0); if (__str == ((void*)0) || __suffix
== ((void*)0)) __result = (g_str_has_suffix) (__str, __suffix
); else { const size_t __str_len = strlen (((__str) + !(__str
))); const size_t __suffix_len = strlen (((__suffix) + !(__suffix
))); if (__str_len >= __suffix_len) __result = memcmp (__str
+ __str_len - __suffix_len, ((__suffix) + !(__suffix)), __suffix_len
) == 0; } __result; }) : (g_str_has_suffix) (type_string, "sha1"
) )) {
2828 return SSH_KEX_HASH_SHA11;
2829 }else if (type_string && g_str_has_suffix(type_string, "sha256")(__builtin_constant_p ("sha256")? __extension__ ({ const char
* const __str = (type_string); const char * const __suffix =
("sha256"); gboolean __result = (0); if (__str == ((void*)0)
|| __suffix == ((void*)0)) __result = (g_str_has_suffix) (__str
, __suffix); else { const size_t __str_len = strlen (((__str)
+ !(__str))); const size_t __suffix_len = strlen (((__suffix
) + !(__suffix))); if (__str_len >= __suffix_len) __result
= memcmp (__str + __str_len - __suffix_len, ((__suffix) + !(
__suffix)), __suffix_len) == 0; } __result; }) : (g_str_has_suffix
) (type_string, "sha256") )) {
2830 return SSH_KEX_HASH_SHA2562;
2831 }else if (type_string && g_str_has_suffix(type_string, "[email protected]")(__builtin_constant_p ("[email protected]")? __extension__ ({
const char * const __str = (type_string); const char * const
__suffix = ("[email protected]"); gboolean __result = (0); if
(__str == ((void*)0) || __suffix == ((void*)0)) __result = (
g_str_has_suffix) (__str, __suffix); else { const size_t __str_len
= strlen (((__str) + !(__str))); const size_t __suffix_len =
strlen (((__suffix) + !(__suffix))); if (__str_len >= __suffix_len
) __result = memcmp (__str + __str_len - __suffix_len, ((__suffix
) + !(__suffix)), __suffix_len) == 0; } __result; }) : (g_str_has_suffix
) (type_string, "[email protected]") )) {
2832 return SSH_KEX_HASH_SHA2562;
2833 }else if (type_string && g_str_has_suffix(type_string, "sha512")(__builtin_constant_p ("sha512")? __extension__ ({ const char
* const __str = (type_string); const char * const __suffix =
("sha512"); gboolean __result = (0); if (__str == ((void*)0)
|| __suffix == ((void*)0)) __result = (g_str_has_suffix) (__str
, __suffix); else { const size_t __str_len = strlen (((__str)
+ !(__str))); const size_t __suffix_len = strlen (((__suffix
) + !(__suffix))); if (__str_len >= __suffix_len) __result
= memcmp (__str + __str_len - __suffix_len, ((__suffix) + !(
__suffix)), __suffix_len) == 0; } __result; }) : (g_str_has_suffix
) (type_string, "sha512") )) {
2834 return SSH_KEX_HASH_SHA5124;
2835 } else {
2836 ws_debug("hash type %s not supported", type_string)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2836, __func__, "hash type %s not supported", type_string);
} } while (0);
2837 return 0;
2838 }
2839}
2840
2841static ssh_bignum *
2842ssh_kex_make_bignum(const uint8_t *data, unsigned length)
2843{
2844 // 512 bytes (4096 bits) is the maximum bignum size we're supporting
2845 // Actually we need 513 bytes, to make provision for signed values
2846 // Diffie-Hellman group 18 has 8192 bits
2847 if (length == 0 || length > 1025) {
2848 return NULL((void*)0);
2849 }
2850
2851 ssh_bignum *bn = wmem_new0(wmem_file_scope(), ssh_bignum)((ssh_bignum*)wmem_alloc0((wmem_file_scope()), sizeof(ssh_bignum
)));
2852 bn->data = (uint8_t *)wmem_alloc0(wmem_file_scope(), length);
2853
2854 if (data) {
2855 memcpy(bn->data, data, length);
2856 }
2857
2858 bn->length = length;
2859 return bn;
2860}
2861
2862static bool_Bool
2863ssh_read_e(tvbuff_t *tvb, int offset, struct ssh_flow_data *global_data)
2864{
2865 // store the client's public part (e) for later usage
2866 uint32_t length = tvb_get_ntohl(tvb, offset);
2867 global_data->kex_e = ssh_kex_make_bignum(NULL((void*)0), length);
2868 if (!global_data->kex_e) {
2869 return false0;
2870 }
2871 tvb_memcpy(tvb, global_data->kex_e->data, offset + 4, length);
2872 return true1;
2873}
2874
2875static bool_Bool
2876ssh_read_f(tvbuff_t *tvb, int offset, struct ssh_flow_data *global_data)
2877{
2878 // store the server's public part (f) for later usage
2879 uint32_t length = tvb_get_ntohl(tvb, offset);
2880 global_data->kex_f = ssh_kex_make_bignum(NULL((void*)0), length);
2881 if (!global_data->kex_f) {
2882 return false0;
2883 }
2884 tvb_memcpy(tvb, global_data->kex_f->data, offset + 4, length);
2885 return true1;
2886}
2887
2888static int // add support of client PQ hybrid key (e)
2889ssh_read_e_pq(tvbuff_t *tvb, int offset, struct ssh_flow_data *global_data)
2890{
2891 // Read length of PQ client key
2892 uint32_t length = tvb_get_ntohl(tvb, offset);
2893
2894 // Sanity check
2895 if (length == 0 || length > 65535) {
2896 ws_debug("ssh_read_e_pq: Invalid PQ key length: %u", length)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2896, __func__, "ssh_read_e_pq: Invalid PQ key length: %u",
length); } } while (0);
2897 return false0;
2898 }
2899
2900 // Free any existing data (if dissecting multiple sessions)
2901 wmem_free(wmem_file_scope(), global_data->kex_e_pq);
2902
2903 // Allocate and store the PQ client key
2904 global_data->kex_e_pq = (unsigned char *)wmem_alloc(wmem_file_scope(), length);
2905 global_data->kex_e_pq_len = length;
2906
2907 tvb_memcpy(tvb, global_data->kex_e_pq, offset + 4, length);
2908
2909 ws_debug("Stored %u bytes of client PQ key - stored new_offset_client: %d - offset: %d", length, offset + 4 + length, offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2909, __func__, "Stored %u bytes of client PQ key - stored new_offset_client: %d - offset: %d"
, length, offset + 4 + length, offset); } } while (0);
2910 return offset + 4 + length; // consuming packet (advancing offset)
2911}
2912
2913static int // add support of server PQ hybrid key (f)
2914ssh_read_f_pq(tvbuff_t *tvb, int offset, struct ssh_flow_data *global_data)
2915{
2916 // Read length of PQ server key
2917 uint32_t length = tvb_get_ntohl(tvb, offset);
2918
2919 // Sanity check
2920 if (length == 0 || length > 65535) {
2921 ws_debug("ssh_read_f_pq: Invalid PQ key length: %u", length)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2921, __func__, "ssh_read_f_pq: Invalid PQ key length: %u",
length); } } while (0);
2922 return false0;
2923 }
2924
2925 // Free any existing data
2926 wmem_free(wmem_file_scope(), global_data->kex_f_pq);
2927
2928 // Allocate and store the PQ server key
2929 global_data->kex_f_pq = (unsigned char *)wmem_alloc(wmem_file_scope(), length);
2930 global_data->kex_f_pq_len = length;
2931
2932 tvb_memcpy(tvb, global_data->kex_f_pq, offset + 4, length);
2933
2934 ws_debug("Stored %u bytes of server PQ key - stored new_offset_server: %d - offset: %d", length, offset + 4 + length, offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2934, __func__, "Stored %u bytes of server PQ key - stored new_offset_server: %d - offset: %d"
, length, offset + 4 + length, offset); } } while (0);
2935 return offset + 4 + length; // consuming packet (advancing offset)
2936}
2937
2938
2939static ssh_bignum *
2940ssh_read_mpint(tvbuff_t *tvb, int offset)
2941{
2942 // store the DH group modulo (p) for later usage
2943 int length = tvb_get_ntohl(tvb, offset);
2944 ssh_bignum * bn = ssh_kex_make_bignum(NULL((void*)0), length);
2945 if (!bn) {
2946 ws_debug("invalid bignum length %u", length)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2946, __func__, "invalid bignum length %u", length); } } while
(0);
2947 return NULL((void*)0);
2948 }
2949 tvb_memcpy(tvb, bn->data, offset + 4, length);
2950 return bn;
2951}
2952
2953static void
2954ssh_keylog_hash_write_secret(struct ssh_flow_data *global_data, wmem_allocator_t* tmp_allocator)
2955{
2956 /*
2957 * This computation is defined differently for each key exchange method:
2958 * https://tools.ietf.org/html/rfc4253#page-23
2959 * https://tools.ietf.org/html/rfc5656#page-8
2960 * https://tools.ietf.org/html/rfc4419#page-4
2961 * All key exchange methods:
2962 * https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16
2963 */
2964
2965 gcry_md_hd_t hd;
2966 ssh_key_map_entry_t *entry;
2967 ssh_bignum *secret = NULL((void*)0);
2968 int length;
2969 bool_Bool client_cookie = false0;
2970
2971 ssh_keylog_read_file();
4
Calling 'ssh_keylog_read_file'
2972
2973 unsigned kex_type = ssh_kex_type(global_data->kex);
2974 unsigned kex_hash_type = ssh_kex_hash_type(global_data->kex);
2975
2976 entry = (ssh_key_map_entry_t *)g_hash_table_lookup(ssh_master_key_map, global_data->peer_data[SERVER_PEER_DATA1].bn_cookie);
2977 if (!entry) {
2978 entry = (ssh_key_map_entry_t *)g_hash_table_lookup(ssh_master_key_map, global_data->peer_data[CLIENT_PEER_DATA0].bn_cookie);
2979 client_cookie = true1;
2980 }
2981 if (!entry) {
2982 ws_debug("ssh decryption: no entry in keylog file for this session")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2982, __func__, "ssh decryption: no entry in keylog file for this session"
); } } while (0);
2983 global_data->do_decrypt = false0;
2984 return;
2985 }
2986
2987 if (!strcmp(entry->type, "PRIVATE_KEY")) {
2988 if (client_cookie) {
2989 secret = ssh_kex_shared_secret(kex_type, global_data->kex_f, entry->key_material, global_data->kex_gex_p);
2990 } else {
2991 secret = ssh_kex_shared_secret(kex_type, global_data->kex_e, entry->key_material, global_data->kex_gex_p);
2992 }
2993 } else if (!strcmp(entry->type, "SHARED_SECRET")) {
2994 secret = ssh_kex_make_bignum(entry->key_material->data, entry->key_material->length);
2995 } else {
2996 ws_debug("ssh decryption: unknown key type in keylog file")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2996, __func__, "ssh decryption: unknown key type in keylog file"
); } } while (0);
2997 global_data->do_decrypt = false0;
2998 return;
2999 }
3000
3001 if (!secret) {
3002 ws_debug("ssh decryption: no key material for this session")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3002, __func__, "ssh decryption: no key material for this session"
); } } while (0);
3003 global_data->do_decrypt = false0;
3004 return;
3005 }
3006
3007 // shared secret data needs to be written as an mpint, and we need it later
3008 if (kex_type == SSH_KEX_SNTRUP761X255190x00040000 || kex_type == SSH_KEX_MLKEM768X255190x00050000) {
3009 // Reset array while REKEY: sanitize shared_secret:
3010 global_data->kex_shared_secret = wmem_array_new(wmem_file_scope(), 1);
3011 // For PQ KEMs: use shared_secret as-is, whether SHARED_SECRET or PRIVATE_KEY
3012 // Do NOT prepend 0x00 (OpenSSH already encodes correctly for PQ KEM)
3013 ssh_hash_buffer_put_string(global_data->kex_shared_secret, secret->data, secret->length);
3014 } else {
3015 // For all other KEX types (e.g., curve25519, ecdh-sha2, etc.)
3016 // Pad with 0x00 if MSB is set, to comply with mpint format (RFC 4251)
3017 if (secret->data[0] & 0x80) { // Stored in Big endian
3018 length = secret->length + 1;
3019 char *tmp = (char *)wmem_alloc0(tmp_allocator, length);
3020 memcpy(tmp + 1, secret->data, secret->length);
3021 tmp[0] = 0;
3022 secret->data = tmp;
3023 secret->length = length;
3024 }
3025 // Reset array while REKEY: sanitize shared_secret:
3026 global_data->kex_shared_secret = wmem_array_new(wmem_file_scope(), 1);
3027 ssh_hash_buffer_put_string(global_data->kex_shared_secret, secret->data, secret->length);
3028 }
3029
3030 wmem_array_t * kex_gex_p = wmem_array_new(tmp_allocator, 1);
3031 if(global_data->kex_gex_p){ssh_hash_buffer_put_string(kex_gex_p, global_data->kex_gex_p->data, global_data->kex_gex_p->length);}
3032 wmem_array_t * kex_gex_g = wmem_array_new(tmp_allocator, 1);
3033 if(global_data->kex_gex_g){ssh_hash_buffer_put_string(kex_gex_g, global_data->kex_gex_g->data, global_data->kex_gex_g->length);}
3034 wmem_array_t * kex_e = wmem_array_new(tmp_allocator, 1);
3035 if(global_data->kex_e){ssh_hash_buffer_put_string(kex_e, global_data->kex_e->data, global_data->kex_e->length);}
3036 wmem_array_t * kex_f = wmem_array_new(tmp_allocator, 1);
3037 if(global_data->kex_f){ssh_hash_buffer_put_string(kex_f, global_data->kex_f->data, global_data->kex_f->length);}
3038 wmem_array_t * kex_e_pq = wmem_array_new(tmp_allocator, 1);
3039 if(global_data->kex_e_pq){ssh_hash_buffer_put_string(kex_e_pq, global_data->kex_e_pq, global_data->kex_e_pq_len);}
3040 wmem_array_t * kex_f_pq = wmem_array_new(tmp_allocator, 1);
3041 if(global_data->kex_f_pq){ssh_hash_buffer_put_string(kex_f_pq, global_data->kex_f_pq, global_data->kex_f_pq_len);}
3042
3043 wmem_array_t * kex_hash_buffer = wmem_array_new(tmp_allocator, 1);
3044 ssh_print_data("client_version", (const unsigned char *)wmem_array_get_raw(global_data->kex_client_version), wmem_array_get_count(global_data->kex_client_version));
3045 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_client_version), wmem_array_get_count(global_data->kex_client_version));
3046 ssh_print_data("server_version", (const unsigned char *)wmem_array_get_raw(global_data->kex_server_version), wmem_array_get_count(global_data->kex_server_version));
3047 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_server_version), wmem_array_get_count(global_data->kex_server_version));
3048 ssh_print_data("client_key_exchange_init", (const unsigned char *)wmem_array_get_raw(global_data->kex_client_key_exchange_init), wmem_array_get_count(global_data->kex_client_key_exchange_init));
3049 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_client_key_exchange_init), wmem_array_get_count(global_data->kex_client_key_exchange_init));
3050 ssh_print_data("server_key_exchange_init", (const unsigned char *)wmem_array_get_raw(global_data->kex_server_key_exchange_init), wmem_array_get_count(global_data->kex_server_key_exchange_init));
3051 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_server_key_exchange_init), wmem_array_get_count(global_data->kex_server_key_exchange_init));
3052 ssh_print_data("kex_server_host_key_blob", (const unsigned char *)wmem_array_get_raw(global_data->kex_server_host_key_blob), wmem_array_get_count(global_data->kex_server_host_key_blob));
3053 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_server_host_key_blob), wmem_array_get_count(global_data->kex_server_host_key_blob));
3054 if(kex_type==SSH_KEX_DH_GEX0x00020000){
3055 ssh_print_data("kex_gex_bits_min", (const unsigned char *)wmem_array_get_raw(global_data->kex_gex_bits_min), wmem_array_get_count(global_data->kex_gex_bits_min));
3056 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_gex_bits_min), wmem_array_get_count(global_data->kex_gex_bits_min));
3057 ssh_print_data("kex_gex_bits_req", (const unsigned char *)wmem_array_get_raw(global_data->kex_gex_bits_req), wmem_array_get_count(global_data->kex_gex_bits_req));
3058 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_gex_bits_req), wmem_array_get_count(global_data->kex_gex_bits_req));
3059 ssh_print_data("kex_gex_bits_max", (const unsigned char *)wmem_array_get_raw(global_data->kex_gex_bits_max), wmem_array_get_count(global_data->kex_gex_bits_max));
3060 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_gex_bits_max), wmem_array_get_count(global_data->kex_gex_bits_max));
3061 ssh_print_data("key modulo (p)", (const unsigned char *)wmem_array_get_raw(kex_gex_p), wmem_array_get_count(kex_gex_p));
3062 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_gex_p), wmem_array_get_count(kex_gex_p));
3063 ssh_print_data("key base (g)", (const unsigned char *)wmem_array_get_raw(kex_gex_g), wmem_array_get_count(kex_gex_g));
3064 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_gex_g), wmem_array_get_count(kex_gex_g));
3065 ssh_print_data("key client (e)", (const unsigned char *)wmem_array_get_raw(kex_e), wmem_array_get_count(kex_e));
3066 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_e), wmem_array_get_count(kex_e));
3067 ssh_print_data("key server (f)", (const unsigned char *)wmem_array_get_raw(kex_f), wmem_array_get_count(kex_f));
3068 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_f), wmem_array_get_count(kex_f));
3069 }
3070 if(kex_type==SSH_KEX_DH_GROUP10x00030001 || kex_type==SSH_KEX_DH_GROUP140x00030014 || kex_type==SSH_KEX_DH_GROUP160x00030016 || kex_type==SSH_KEX_DH_GROUP180x00030018){
3071 ssh_print_data("key client (e)", (const unsigned char *)wmem_array_get_raw(kex_e), wmem_array_get_count(kex_e));
3072 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_e), wmem_array_get_count(kex_e));
3073 ssh_print_data("key server (f)", (const unsigned char *)wmem_array_get_raw(kex_f), wmem_array_get_count(kex_f));
3074 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_f), wmem_array_get_count(kex_f));
3075 }
3076 if(kex_type==SSH_KEX_CURVE255190x00010000){
3077 ssh_print_data("key client (Q_C)", (const unsigned char *)wmem_array_get_raw(kex_e), wmem_array_get_count(kex_e));
3078 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_e), wmem_array_get_count(kex_e));
3079 ssh_print_data("key server (Q_S)", (const unsigned char *)wmem_array_get_raw(kex_f), wmem_array_get_count(kex_f));
3080 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_f), wmem_array_get_count(kex_f));
3081 }
3082 if (kex_type==SSH_KEX_SNTRUP761X255190x00040000){ // Add support of sntrup761x25519
3083 ssh_print_data("key client (Q_C)", (const unsigned char *)wmem_array_get_raw(kex_e_pq), wmem_array_get_count(kex_e_pq));
3084 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_e_pq), wmem_array_get_count(kex_e_pq));
3085 ssh_print_data("key server (Q_S)", (const unsigned char *)wmem_array_get_raw(kex_f_pq), wmem_array_get_count(kex_f_pq));
3086 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_f_pq), wmem_array_get_count(kex_f_pq));
3087 ws_noisy("Switch to SSH_KEX_SNTRUP761X25519")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 3087, __func__, "Switch to SSH_KEX_SNTRUP761X25519"); } } while
(0);
3088 }
3089 if (kex_type==SSH_KEX_MLKEM768X255190x00050000){ // Add support of mlkem768x25519
3090 ssh_print_data("key client (Q_C)", (const unsigned char *)wmem_array_get_raw(kex_e_pq), wmem_array_get_count(kex_e_pq));
3091 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_e_pq), wmem_array_get_count(kex_e_pq));
3092 ssh_print_data("key server (Q_S)", (const unsigned char *)wmem_array_get_raw(kex_f_pq), wmem_array_get_count(kex_f_pq));
3093 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_f_pq), wmem_array_get_count(kex_f_pq));
3094 ws_noisy("Switch to SSH_KEX_MLKEM768X25519")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 3094, __func__, "Switch to SSH_KEX_MLKEM768X25519"); } } while
(0);
3095 }
3096 ssh_print_data("shared secret", (const unsigned char *)wmem_array_get_raw(global_data->kex_shared_secret), wmem_array_get_count(global_data->kex_shared_secret));
3097 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_shared_secret), wmem_array_get_count(global_data->kex_shared_secret));
3098
3099 ssh_print_data("exchange", (const unsigned char *)wmem_array_get_raw(kex_hash_buffer), wmem_array_get_count(kex_hash_buffer));
3100
3101 unsigned hash_len = 32;
3102 if(kex_hash_type==SSH_KEX_HASH_SHA11) {
3103 gcry_md_open(&hd, GCRY_MD_SHA1, 0);
3104 hash_len = 20;
3105 } else if(kex_hash_type==SSH_KEX_HASH_SHA2562) {
3106 gcry_md_open(&hd, GCRY_MD_SHA256, 0);
3107 hash_len = 32;
3108 } else if(kex_hash_type==SSH_KEX_HASH_SHA5124) {
3109 gcry_md_open(&hd, GCRY_MD_SHA512, 0);
3110 hash_len = 64;
3111 } else {
3112 ws_debug("kex_hash_type type %d not supported", kex_hash_type)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3112, __func__, "kex_hash_type type %d not supported", kex_hash_type
); } } while (0);
3113 return;
3114 }
3115 char *exchange_hash = (char *)wmem_alloc0(wmem_file_scope(), hash_len);
3116 gcry_md_write(hd, wmem_array_get_raw(kex_hash_buffer), wmem_array_get_count(kex_hash_buffer));
3117 memcpy(exchange_hash, gcry_md_read(hd, 0), hash_len);
3118 gcry_md_close(hd);
3119 ssh_print_data("hash", exchange_hash, hash_len);
3120 global_data->secret = secret;
3121 ssh_derive_symmetric_keys(secret, exchange_hash, hash_len, global_data);
3122}
3123
3124// the purpose of this function is to deal with all different kex methods
3125static ssh_bignum *
3126ssh_kex_shared_secret(int kex_type, ssh_bignum *pub, ssh_bignum *priv, ssh_bignum *modulo)
3127{
3128 DISSECTOR_ASSERT(pub != NULL)((void) ((pub != ((void*)0)) ? (void)0 : (proto_report_dissector_bug
("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-ssh.c"
, 3128, "pub != ((void*)0)"))));
3129 DISSECTOR_ASSERT(priv != NULL)((void) ((priv != ((void*)0)) ? (void)0 : (proto_report_dissector_bug
("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-ssh.c"
, 3129, "priv != ((void*)0)"))));
3130
3131 ssh_bignum *secret = ssh_kex_make_bignum(NULL((void*)0), pub->length);
3132 if (!secret) {
3133 ws_debug("invalid key length %u", pub->length)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3133, __func__, "invalid key length %u", pub->length); }
} while (0);
3134 return NULL((void*)0);
3135 }
3136
3137 if(kex_type==SSH_KEX_DH_GEX0x00020000){
3138 if (modulo == NULL((void*)0)) {
3139 ws_debug("Missing group modulo")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3139, __func__, "Missing group modulo"); } } while (0);
3140 return NULL((void*)0);
3141 }
3142 gcry_mpi_t b = NULL((void*)0);
3143 gcry_mpi_scan(&b, GCRYMPI_FMT_USG, pub->data, pub->length, NULL((void*)0));
3144 gcry_mpi_t d = NULL((void*)0), e = NULL((void*)0), m = NULL((void*)0);
3145 size_t result_len = 0;
3146 d = gcry_mpi_new(pub->length*8);
3147 gcry_mpi_scan(&e, GCRYMPI_FMT_USG, priv->data, priv->length, NULL((void*)0));
3148 gcry_mpi_scan(&m, GCRYMPI_FMT_USG, modulo->data, modulo->length, NULL((void*)0));
3149 gcry_mpi_powm(d, b, e, m); // gcry_mpi_powm(d, b, e, m) => d = b^e % m
3150 gcry_mpi_print(GCRYMPI_FMT_USG, secret->data, secret->length, &result_len, d);
3151 secret->length = (unsigned)result_len; // Should not be larger than what fits in a 32-bit unsigned integer...
3152 gcry_mpi_release(d);
3153 gcry_mpi_release(b);
3154 gcry_mpi_release(e);
3155 gcry_mpi_release(m);
3156
3157 }else if(kex_type==SSH_KEX_DH_GROUP10x00030001 || kex_type==SSH_KEX_DH_GROUP140x00030014 || kex_type==SSH_KEX_DH_GROUP160x00030016 || kex_type==SSH_KEX_DH_GROUP180x00030018){
3158 gcry_mpi_t m = NULL((void*)0);
3159 if(kex_type==SSH_KEX_DH_GROUP10x00030001){
3160 static const uint8_t p[] = {
3161 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
3162 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
3163 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
3164 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
3165 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
3166 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
3167 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
3168 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,};
3169 gcry_mpi_scan(&m, GCRYMPI_FMT_USG, p, sizeof(p), NULL((void*)0));
3170 }else if(kex_type==SSH_KEX_DH_GROUP140x00030014){
3171//p:FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF
3172 static const uint8_t p[] = {
3173 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
3174 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
3175 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
3176 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
3177 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
3178 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
3179 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
3180 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
3181 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
3182 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
3183 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
3184 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
3185 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
3186 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
3187 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
3188 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
3189 gcry_mpi_scan(&m, GCRYMPI_FMT_USG, p, sizeof(p), NULL((void*)0));
3190 }else if(kex_type==SSH_KEX_DH_GROUP160x00030016){
3191//p:FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF
3192 static const uint8_t p[] = {
3193 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
3194 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
3195 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
3196 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
3197 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
3198 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
3199 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
3200 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
3201 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
3202 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
3203 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
3204 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
3205 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
3206 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
3207 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
3208 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
3209 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
3210 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
3211 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
3212 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
3213 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
3214 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
3215 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
3216 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
3217 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
3218 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
3219 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
3220 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
3221 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
3222 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
3223 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
3224 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,};
3225 gcry_mpi_scan(&m, GCRYMPI_FMT_USG, p, sizeof(p), NULL((void*)0));
3226 }else if(kex_type==SSH_KEX_DH_GROUP180x00030018){
3227//p:FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF
3228 static const uint8_t p[] = {
3229 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
3230 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
3231 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
3232 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
3233 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
3234 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
3235 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
3236 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
3237 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
3238 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
3239 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
3240 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
3241 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
3242 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
3243 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
3244 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
3245 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
3246 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
3247 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
3248 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
3249 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
3250 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
3251 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
3252 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
3253 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
3254 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
3255 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
3256 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
3257 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
3258 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
3259 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
3260 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26,
3261 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
3262 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE,
3263 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18,
3264 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
3265 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42,
3266 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC,
3267 0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
3268 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E,
3269 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE,
3270 0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
3271 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0,
3272 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76,
3273 0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
3274 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68,
3275 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6,
3276 0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4,
3277 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA,
3278 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00, 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED,
3279 0x25, 0x76, 0xF6, 0x93, 0x6B, 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68,
3280 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D,
3281 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9, 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07,
3282 0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B,
3283 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, 0x7F, 0xA2, 0xC0, 0x87, 0xE8,
3284 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A, 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6,
3285 0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36,
3286 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5, 0x08, 0x46, 0x85, 0x1D,
3287 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1, 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73,
3288 0xFA, 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68, 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92,
3289 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E, 0xD5, 0xEE, 0x38, 0x2B,
3290 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47, 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA,
3291 0x9E, 0x30, 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF, 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71,
3292 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,};
3293 gcry_mpi_scan(&m, GCRYMPI_FMT_USG, p, sizeof(p), NULL((void*)0));
3294 }
3295
3296 gcry_mpi_t b = NULL((void*)0);
3297 gcry_mpi_scan(&b, GCRYMPI_FMT_USG, pub->data, pub->length, NULL((void*)0));
3298 gcry_mpi_t d = NULL((void*)0), e = NULL((void*)0);
3299 size_t result_len = 0;
3300 d = gcry_mpi_new(pub->length*8);
3301 gcry_mpi_scan(&e, GCRYMPI_FMT_USG, priv->data, priv->length, NULL((void*)0));
3302 gcry_mpi_powm(d, b, e, m); // gcry_mpi_powm(d, b, e, m) => d = b^e % m
3303 gcry_mpi_print(GCRYMPI_FMT_USG, secret->data, secret->length, &result_len, d);
3304 secret->length = (unsigned)result_len; // Should not be larger than what fits in a 32-bit unsigned integer...
3305 gcry_mpi_release(d);
3306 gcry_mpi_release(b);
3307 gcry_mpi_release(e);
3308 gcry_mpi_release(m);
3309 }else if(kex_type==SSH_KEX_CURVE255190x00010000){
3310 if (crypto_scalarmult_curve25519(secret->data, priv->data, pub->data)) {
3311 ws_debug("curve25519: can't compute shared secret")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3311, __func__, "curve25519: can't compute shared secret");
} } while (0);
3312 return NULL((void*)0);
3313 }
3314 } else {
3315 ws_debug("kex_type type %d not supported", kex_type)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3315, __func__, "kex_type type %d not supported", kex_type)
; } } while (0);
3316 return 0;
3317 }
3318
3319 return secret;
3320}
3321
3322static char *
3323ssh_string(wmem_allocator_t* allocator, const char *string, unsigned length)
3324{
3325 char *ssh_string = (char *)wmem_alloc(allocator, length + 4);
3326 ssh_string[0] = (length >> 24) & 0xff;
3327 ssh_string[1] = (length >> 16) & 0xff;
3328 ssh_string[2] = (length >> 8) & 0xff;
3329 ssh_string[3] = length & 0xff;
3330 memcpy(ssh_string + 4, string, length);
3331 return ssh_string;
3332}
3333
3334static void
3335ssh_hash_buffer_put_string(wmem_array_t *buffer, const char *string,
3336 unsigned length)
3337{
3338 if (!buffer) {
3339 return;
3340 }
3341
3342 char *string_with_length = ssh_string(wmem_array_get_allocator(buffer), string, length);
3343 wmem_array_append(buffer, string_with_length, length + 4);
3344}
3345
3346static void
3347ssh_hash_buffer_put_uint32(wmem_array_t *buffer, unsigned val)
3348{
3349 if (!buffer) {
3350 return;
3351 }
3352
3353 char buf[4];
3354 buf[0] = (val >> 24); buf[1] = (val >> 16); buf[2] = (val >> 8); buf[3] = (val >> 0);
3355 wmem_array_append(buffer, buf, 4);
3356}
3357
3358static void ssh_derive_symmetric_keys(ssh_bignum *secret, char *exchange_hash,
3359 unsigned hash_length, struct ssh_flow_data *global_data)
3360{
3361 if (!global_data->session_id) {
3362 global_data->session_id = exchange_hash;
3363 global_data->session_id_length = hash_length;
3364 }
3365
3366 unsigned int we_need = 0;
3367 for(int peer_cnt=0;peer_cnt<2;peer_cnt++){
3368 struct ssh_peer_data * peer_data = &global_data->peer_data[peer_cnt];
3369 // required size of key depends on cipher used. chacha20 wants 64 bytes
3370 unsigned need = 0;
3371 if (GCRY_CIPHER_CHACHA20 == peer_data->cipher_id) {
3372 need = 64;
3373 } else if (CIPHER_AES128_CBC0x00020001 == peer_data->cipher_id || CIPHER_AES128_CTR0x00010001 == peer_data->cipher_id || CIPHER_AES128_GCM0x00040001 == peer_data->cipher_id) {
3374 need = 16;
3375 } else if (CIPHER_AES192_CBC0x00020002 == peer_data->cipher_id || CIPHER_AES192_CTR0x00010003 == peer_data->cipher_id) {
3376 need = 24;
3377 } else if (CIPHER_AES256_CBC0x00020004 == peer_data->cipher_id || CIPHER_AES256_CTR0x00010004 == peer_data->cipher_id || CIPHER_AES256_GCM0x00040004 == peer_data->cipher_id) {
3378 need = 32;
3379 } else {
3380 ssh_debug_printf("ssh: cipher (%d) is unknown or not set\n", peer_data->cipher_id);
3381 ssh_debug_flush();
3382 }
3383 if(peer_data->mac_id == CIPHER_MAC_SHA2_2560x00020001){
3384 need = 32;
3385 }else{
3386 ssh_debug_printf("ssh: MAC (%d) is unknown or not set\n", peer_data->mac_id);
3387 ssh_debug_flush();
3388 }
3389 if (we_need<need) {
3390 we_need = need;
3391 }
3392 }
3393
3394 for (int i = 0; i < 6; i ++) {
3395 ssh_derive_symmetric_key(secret, exchange_hash, hash_length,
3396 'A' + i, &global_data->new_keys[i], global_data, we_need);
3397 if(i==0){ ssh_print_data("Initial IV client to server", global_data->new_keys[i].data, global_data->new_keys[i].length);
3398 }else if(i==1){ ssh_print_data("Initial IV server to client", global_data->new_keys[i].data, global_data->new_keys[i].length);
3399 }else if(i==2){ ssh_print_data("Encryption key client to server", global_data->new_keys[i].data, global_data->new_keys[i].length);
3400 }else if(i==3){ ssh_print_data("Encryption key server to client", global_data->new_keys[i].data, global_data->new_keys[i].length);
3401 }else if(i==4){ ssh_print_data("Integrity key client to server", global_data->new_keys[i].data, global_data->new_keys[i].length);
3402 }else if(i==5){ ssh_print_data("Integrity key server to client", global_data->new_keys[i].data, global_data->new_keys[i].length);
3403 }
3404 }
3405}
3406
3407static void ssh_derive_symmetric_key(ssh_bignum *secret, char *exchange_hash,
3408 unsigned hash_length, char id, ssh_bignum *result_key,
3409 struct ssh_flow_data *global_data, unsigned we_need)
3410{
3411 gcry_md_hd_t hd;
3412
3413 unsigned kex_hash_type = ssh_kex_hash_type(global_data->kex);
3414 int algo = GCRY_MD_SHA256;
3415 if(kex_hash_type==SSH_KEX_HASH_SHA11){
3416 algo = GCRY_MD_SHA1;
3417 }else if(kex_hash_type==SSH_KEX_HASH_SHA2562){
3418 algo = GCRY_MD_SHA256;
3419 }else if(kex_hash_type==SSH_KEX_HASH_SHA5124){
3420 algo = GCRY_MD_SHA512;
3421 }
3422 unsigned len = gcry_md_get_algo_dlen(algo);
3423
3424 result_key->data = (unsigned char *)wmem_alloc(wmem_file_scope(), we_need);
3425
3426 char *secret_with_length = ssh_string(NULL((void*)0), secret->data, secret->length);
3427
3428 if (gcry_md_open(&hd, algo, 0) == 0) {
3429 gcry_md_write(hd, secret_with_length, secret->length + 4);
3430 gcry_md_write(hd, exchange_hash, hash_length);
3431 gcry_md_putc(hd, id)do { gcry_md_hd_t h__ = (hd); if( (h__)->bufpos == (h__)->
bufsize ) gcry_md_write( (h__), ((void*)0), 0 ); (h__)->buf
[(h__)->bufpos++] = (id) & 0xff; } while(0);
3432 gcry_md_write(hd, global_data->session_id, hash_length);
3433 unsigned add_length = MIN(len, we_need)(((len) < (we_need)) ? (len) : (we_need));
3434 memcpy(result_key->data, gcry_md_read(hd, 0), add_length);
3435 gcry_md_close(hd);
3436 }
3437
3438 // expand key
3439 for (unsigned have = len; have < we_need; have += len) {
3440 if (gcry_md_open(&hd, algo, 0) == 0) {
3441 gcry_md_write(hd, secret_with_length, secret->length + 4);
3442 gcry_md_write(hd, exchange_hash, hash_length);
3443 gcry_md_write(hd, result_key->data+have-len, len);
3444 unsigned add_length = MIN(len, we_need - have)(((len) < (we_need - have)) ? (len) : (we_need - have));
3445 memcpy(result_key->data+have, gcry_md_read(hd, 0), add_length);
3446 gcry_md_close(hd);
3447 }
3448 }
3449 wmem_free(NULL((void*)0), secret_with_length);
3450
3451 result_key->length = we_need;
3452}
3453
3454static void
3455ssh_choose_enc_mac(struct ssh_flow_data *global_data)
3456{
3457 for(int peer_cnt=0;peer_cnt<2;peer_cnt++){
3458 struct ssh_peer_data * peer_data = &global_data->peer_data[peer_cnt];
3459 ssh_choose_algo(global_data->peer_data[CLIENT_PEER_DATA0].enc_proposals[peer_cnt],
3460 global_data->peer_data[SERVER_PEER_DATA1].enc_proposals[peer_cnt],
3461 &peer_data->enc);
3462 /* some ciphers have their own MAC so the "negotiated" one is meaningless */
3463 if(peer_data->enc && (0 == strcmp(peer_data->enc, "[email protected]") ||
3464 0 == strcmp(peer_data->enc, "[email protected]"))) {
3465 peer_data->mac = wmem_strdup(wmem_file_scope(), (const char *)"<implicit>");
3466 peer_data->mac_length = 16;
3467 peer_data->length_is_plaintext = 1;
3468 }
3469 else if(peer_data->enc && 0 == strcmp(peer_data->enc, "[email protected]")) {
3470 peer_data->mac = wmem_strdup(wmem_file_scope(), (const char *)"<implicit>");
3471 peer_data->mac_length = 16;
3472 }
3473 else {
3474 ssh_choose_algo(global_data->peer_data[CLIENT_PEER_DATA0].mac_proposals[peer_cnt],
3475 global_data->peer_data[SERVER_PEER_DATA1].mac_proposals[peer_cnt],
3476 &peer_data->mac);
3477 ssh_set_mac_length(peer_data);
3478 }
3479 ssh_choose_algo(global_data->peer_data[CLIENT_PEER_DATA0].comp_proposals[peer_cnt],
3480 global_data->peer_data[SERVER_PEER_DATA1].comp_proposals[peer_cnt],
3481 &peer_data->comp);
3482 }
3483
3484 ssh_decryption_set_cipher_id(&global_data->peer_data[CLIENT_PEER_DATA0]);
3485 ssh_decryption_set_mac_id(&global_data->peer_data[CLIENT_PEER_DATA0]);
3486 ssh_decryption_set_cipher_id(&global_data->peer_data[SERVER_PEER_DATA1]);
3487 ssh_decryption_set_mac_id(&global_data->peer_data[SERVER_PEER_DATA1]);
3488}
3489
3490static void
3491ssh_decryption_set_cipher_id(struct ssh_peer_data *peer)
3492{
3493 char *cipher_name = peer->enc;
3494
3495 if (!cipher_name) {
3496 peer->cipher = NULL((void*)0);
3497 ws_debug("ERROR: cipher_name is NULL")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3497, __func__, "ERROR: cipher_name is NULL"); } } while (0
);
3498 } else if (0 == strcmp(cipher_name, "[email protected]")) { // add [email protected]
3499 peer->cipher_id = GCRY_CIPHER_CHACHA20;
3500 } else if (0 == strcmp(cipher_name, "chacha20-poly1305")) { // add chacha20-poly1305
3501 peer->cipher_id = GCRY_CIPHER_CHACHA20;
3502 } else if (0 == strcmp(cipher_name, "[email protected]")) {
3503 peer->cipher_id = CIPHER_AES128_GCM0x00040001;
3504 } else if (0 == strcmp(cipher_name, "aes128-gcm")) {
3505 peer->cipher_id = CIPHER_AES128_GCM0x00040001;
3506 } else if (0 == strcmp(cipher_name, "[email protected]")) {
3507 peer->cipher_id = CIPHER_AES256_GCM0x00040004;
3508 } else if (0 == strcmp(cipher_name, "aes256-gcm")) {
3509 peer->cipher_id = CIPHER_AES256_GCM0x00040004;
3510 } else if (0 == strcmp(cipher_name, "aes128-cbc")) {
3511 peer->cipher_id = CIPHER_AES128_CBC0x00020001;
3512 } else if (0 == strcmp(cipher_name, "aes192-cbc")) {
3513 peer->cipher_id = CIPHER_AES192_CBC0x00020002;
3514 } else if (0 == strcmp(cipher_name, "aes256-cbc")) {
3515 peer->cipher_id = CIPHER_AES256_CBC0x00020004;
3516 } else if (0 == strcmp(cipher_name, "aes128-ctr")) {
3517 peer->cipher_id = CIPHER_AES128_CTR0x00010001;
3518 } else if (0 == strcmp(cipher_name, "aes192-ctr")) {
3519 peer->cipher_id = CIPHER_AES192_CTR0x00010003;
3520 } else if (0 == strcmp(cipher_name, "aes256-ctr")) {
3521 peer->cipher_id = CIPHER_AES256_CTR0x00010004;
3522 } else if (0 == strcmp(cipher_name, "none")) {
3523 peer->cipher_id = CIPHER_NULL0x00080000;
3524 peer->length_is_plaintext = 1;
3525 } else {
3526 peer->cipher = NULL((void*)0);
3527 ws_debug("decryption not supported: %s", cipher_name)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3527, __func__, "decryption not supported: %s", cipher_name
); } } while (0);
3528 }
3529}
3530
3531static void
3532ssh_decryption_set_mac_id(struct ssh_peer_data *peer)
3533{
3534 char *mac_name = peer->mac;
3535
3536 if (!mac_name) {
3537 peer->mac = NULL((void*)0);
3538 ws_debug("ERROR: mac_name is NULL")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3538, __func__, "ERROR: mac_name is NULL"); } } while (0);
3539 } else if (0 == strcmp(mac_name, "hmac-sha2-256")) {
3540 peer->mac_id = CIPHER_MAC_SHA2_2560x00020001;
3541 } else {
3542 ws_debug("decryption MAC not supported: %s", mac_name)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3542, __func__, "decryption MAC not supported: %s", mac_name
); } } while (0);
3543 }
3544}
3545
3546static bool_Bool
3547gcry_cipher_destroy_cb(wmem_allocator_t *allocator _U___attribute__((unused)), wmem_cb_event_t event _U___attribute__((unused)), void *user_data)
3548{
3549 gcry_cipher_hd_t hd = (gcry_cipher_hd_t)user_data;
3550
3551 gcry_cipher_close(hd);
3552
3553 return false0;
3554}
3555
3556static void
3557ssh_decryption_setup_cipher(struct ssh_peer_data *peer_data,
3558 ssh_bignum *iv, ssh_bignum *key)
3559{
3560 gcry_error_t err;
3561 gcry_cipher_hd_t *hd1, *hd2;
3562
3563 hd1 = &peer_data->cipher;
3564 hd2 = &peer_data->cipher_2;
3565
3566 if (GCRY_CIPHER_CHACHA20 == peer_data->cipher_id) {
3567 if (gcry_cipher_open(hd1, GCRY_CIPHER_CHACHA20, GCRY_CIPHER_MODE_STREAM, 0) ||
3568 gcry_cipher_open(hd2, GCRY_CIPHER_CHACHA20, GCRY_CIPHER_MODE_STREAM, 0)) {
3569 gcry_cipher_close(*hd1);
3570 gcry_cipher_close(*hd2);
3571 ws_debug("ssh: can't open chacha20 cipher handles")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3571, __func__, "ssh: can't open chacha20 cipher handles");
} } while (0);
3572 return;
3573 }
3574
3575 char k1[32];
3576 char k2[32];
3577 if(key->data){
3578 memcpy(k1, key->data, 32);
3579 memcpy(k2, key->data + 32, 32);
3580 }else{
3581 memset(k1, 0, 32);
3582 memset(k2, 0, 32);
3583 }
3584
3585 ssh_debug_printf("ssh: cipher is chacha20\n");
3586 ssh_print_data("key 1", k1, 32);
3587 ssh_print_data("key 2", k2, 32);
3588
3589 if ((err = gcry_cipher_setkey(*hd1, k1, 32))) {
3590 gcry_cipher_close(*hd1);
3591 ws_debug("ssh: can't set chacha20 cipher key %s", gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3591, __func__, "ssh: can't set chacha20 cipher key %s", gcry_strerror
(err)); } } while (0);
3592 return;
3593 }
3594
3595 if ((err = gcry_cipher_setkey(*hd2, k2, 32))) {
3596 gcry_cipher_close(*hd1);
3597 gcry_cipher_close(*hd2);
3598 ws_debug("ssh: can't set chacha20 cipher key %s", gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3598, __func__, "ssh: can't set chacha20 cipher key %s", gcry_strerror
(err)); } } while (0);
3599 return;
3600 }
3601
3602 wmem_register_callback(wmem_file_scope(), gcry_cipher_destroy_cb, *hd1);
3603 wmem_register_callback(wmem_file_scope(), gcry_cipher_destroy_cb, *hd2);
3604
3605 } else if (CIPHER_AES128_CBC0x00020001 == peer_data->cipher_id || CIPHER_AES192_CBC0x00020002 == peer_data->cipher_id || CIPHER_AES256_CBC0x00020004 == peer_data->cipher_id) {
3606 int iKeyLen = CIPHER_AES128_CBC0x00020001 == peer_data->cipher_id?16:CIPHER_AES192_CBC0x00020002 == peer_data->cipher_id?24:32;
3607 if (gcry_cipher_open(hd1, CIPHER_AES128_CBC0x00020001 == peer_data->cipher_id?GCRY_CIPHER_AES128GCRY_CIPHER_AES:CIPHER_AES192_CBC0x00020002 == peer_data->cipher_id?GCRY_CIPHER_AES192:GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 0)) {
3608 gcry_cipher_close(*hd1);
3609 ws_debug("ssh: can't open aes%d cipher handle", iKeyLen*8)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3609, __func__, "ssh: can't open aes%d cipher handle", iKeyLen
*8); } } while (0);
3610 return;
3611 }
3612 char k1[32], iv1[16];
3613 if(key->data){
3614 memcpy(k1, key->data, iKeyLen);
3615 }else{
3616 memset(k1, 0, iKeyLen);
3617 }
3618 if(iv->data){
3619 memcpy(iv1, iv->data, 16);
3620 }else{
3621 memset(iv1, 0, 16);
3622 }
3623
3624 ssh_debug_printf("ssh: cipher is aes%d-cbc\n", iKeyLen*8);
3625 ssh_print_data("key", k1, iKeyLen);
3626 ssh_print_data("iv", iv1, 16);
3627
3628 if ((err = gcry_cipher_setkey(*hd1, k1, iKeyLen))) {
3629 gcry_cipher_close(*hd1);
3630 ws_debug("ssh: can't set aes%d cipher key", iKeyLen*8)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3630, __func__, "ssh: can't set aes%d cipher key", iKeyLen*
8); } } while (0);
3631 ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3631, __func__, "libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource
(err), gcry_strerror(err)); } } while (0);
3632 return;
3633 }
3634
3635 if ((err = gcry_cipher_setiv(*hd1, iv1, 16))) {
3636 gcry_cipher_close(*hd1);
3637 ws_debug("ssh: can't set aes%d cipher iv", iKeyLen*8)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3637, __func__, "ssh: can't set aes%d cipher iv", iKeyLen*8
); } } while (0);
3638 ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3638, __func__, "libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource
(err), gcry_strerror(err)); } } while (0);
3639 return;
3640 }
3641
3642 wmem_register_callback(wmem_file_scope(), gcry_cipher_destroy_cb, *hd1);
3643
3644 } else if (CIPHER_AES128_CTR0x00010001 == peer_data->cipher_id || CIPHER_AES192_CTR0x00010003 == peer_data->cipher_id || CIPHER_AES256_CTR0x00010004 == peer_data->cipher_id) {
3645 int iKeyLen = CIPHER_AES128_CTR0x00010001 == peer_data->cipher_id?16:CIPHER_AES192_CTR0x00010003 == peer_data->cipher_id?24:32;
3646 if (gcry_cipher_open(hd1, CIPHER_AES128_CTR0x00010001 == peer_data->cipher_id?GCRY_CIPHER_AES128GCRY_CIPHER_AES:CIPHER_AES192_CTR0x00010003 == peer_data->cipher_id?GCRY_CIPHER_AES192:GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 0)) {
3647 gcry_cipher_close(*hd1);
3648 ws_debug("ssh: can't open aes%d cipher handle", iKeyLen*8)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3648, __func__, "ssh: can't open aes%d cipher handle", iKeyLen
*8); } } while (0);
3649 return;
3650 }
3651 char k1[32], iv1[16];
3652 if(key->data){
3653 memcpy(k1, key->data, iKeyLen);
3654 }else{
3655 memset(k1, 0, iKeyLen);
3656 }
3657 if(iv->data){
3658 memcpy(iv1, iv->data, 16);
3659 }else{
3660 memset(iv1, 0, 16);
3661 }
3662
3663 ssh_debug_printf("ssh: cipher is aes%d-ctr\n", iKeyLen*8);
3664 ssh_print_data("key", k1, iKeyLen);
3665 ssh_print_data("iv", iv1, 16);
3666
3667 if ((err = gcry_cipher_setkey(*hd1, k1, iKeyLen))) {
3668 gcry_cipher_close(*hd1);
3669 ws_debug("ssh: can't set aes%d cipher key", iKeyLen*8)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3669, __func__, "ssh: can't set aes%d cipher key", iKeyLen*
8); } } while (0);
3670 ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3670, __func__, "libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource
(err), gcry_strerror(err)); } } while (0);
3671 return;
3672 }
3673
3674 if ((err = gcry_cipher_setctr(*hd1, iv1, 16))) {
3675 gcry_cipher_close(*hd1);
3676 ws_debug("ssh: can't set aes%d cipher iv", iKeyLen*8)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3676, __func__, "ssh: can't set aes%d cipher iv", iKeyLen*8
); } } while (0);
3677 ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3677, __func__, "libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource
(err), gcry_strerror(err)); } } while (0);
3678 return;
3679 }
3680
3681 wmem_register_callback(wmem_file_scope(), gcry_cipher_destroy_cb, *hd1);
3682
3683 } else if (CIPHER_AES128_GCM0x00040001 == peer_data->cipher_id || CIPHER_AES256_GCM0x00040004 == peer_data->cipher_id) {
3684 int iKeyLen = CIPHER_AES128_GCM0x00040001 == peer_data->cipher_id?16:32;
3685 if (gcry_cipher_open(hd1, CIPHER_AES128_GCM0x00040001 == peer_data->cipher_id?GCRY_CIPHER_AES128GCRY_CIPHER_AES:GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, 0)) {
3686 gcry_cipher_close(*hd1);
3687 ws_debug("ssh: can't open aes%d cipher handle", iKeyLen*8)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3687, __func__, "ssh: can't open aes%d cipher handle", iKeyLen
*8); } } while (0);
3688 return;
3689 }
3690
3691 char k1[32], iv2[12];
3692 if(key->data){
3693 memcpy(k1, key->data, iKeyLen);
3694 }else{
3695 memset(k1, 0, iKeyLen);
3696 }
3697 if(iv->data){
3698 memcpy(peer_data->iv, iv->data, 12);
3699 }else{
3700 memset(iv2, 0, 12);
3701 }
3702
3703 ssh_debug_printf("ssh: cipher is aes%d-gcm\n", iKeyLen*8);
3704 ssh_print_data("key", k1, iKeyLen);
3705 ssh_print_data("iv", peer_data->iv, 12);
3706
3707 if ((err = gcry_cipher_setkey(*hd1, k1, iKeyLen))) {
3708 gcry_cipher_close(*hd1);
3709 ws_debug("ssh: can't set aes%d cipher key", iKeyLen*8)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3709, __func__, "ssh: can't set aes%d cipher key", iKeyLen*
8); } } while (0);
3710 ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3710, __func__, "libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource
(err), gcry_strerror(err)); } } while (0);
3711 return;
3712 }
3713
3714 wmem_register_callback(wmem_file_scope(), gcry_cipher_destroy_cb, *hd1);
3715
3716 } else {
3717 ssh_debug_printf("ssh: cipher (%d) is unknown or not set\n", peer_data->cipher_id);
3718 }
3719}
3720
3721static void
3722ssh_decryption_setup_mac(struct ssh_peer_data *peer_data,
3723 ssh_bignum *iv)
3724{
3725 if(peer_data->mac_id == CIPHER_MAC_SHA2_2560x00020001){
3726 if(iv->data){
3727 memcpy(peer_data->hmac_iv, iv->data, 32);
3728 }else{
3729 memset(peer_data->hmac_iv, 0, 32);
3730 }
3731 peer_data->hmac_iv_len = 32;
3732 ssh_debug_printf("ssh: mac is hmac-sha2-256\n");
3733 ssh_print_data("iv", peer_data->hmac_iv, peer_data->hmac_iv_len);
3734 }else{
3735 ws_debug("ssh: unsupported MAC")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3735, __func__, "ssh: unsupported MAC"); } } while (0);
3736 }
3737}
3738
3739/* libgcrypt wrappers for HMAC/message digest operations {{{ */
3740/* hmac abstraction layer */
3741#define SSH_HMACgcry_md_hd_t gcry_md_hd_t
3742
3743static inline int
3744ssh_hmac_init(SSH_HMACgcry_md_hd_t* md, const void * key, int len, int algo)
3745{
3746 gcry_error_t err;
3747 const char *err_str, *err_src;
3748
3749 err = gcry_md_open(md,algo, GCRY_MD_FLAG_HMAC);
3750 if (err != 0) {
3751 err_str = gcry_strerror(err);
3752 err_src = gcry_strsource(err);
3753 ssh_debug_printf("ssh_hmac_init(): gcry_md_open failed %s/%s", err_str, err_src);
3754 return -1;
3755 }
3756 err = gcry_md_setkey(*(md), key, len);
3757 if (err != 0) {
3758 err_str = gcry_strerror(err);
3759 err_src = gcry_strsource(err);
3760 ssh_debug_printf("ssh_hmac_init(): gcry_md_setkey(..., ..., %d) failed %s/%s", len, err_str, err_src);
3761 return -1;
3762 }
3763 return 0;
3764}
3765
3766static inline void
3767ssh_hmac_update(SSH_HMACgcry_md_hd_t* md, const void* data, int len)
3768{
3769 gcry_md_write(*(md), data, len);
3770}
3771
3772static inline void
3773ssh_hmac_final(SSH_HMACgcry_md_hd_t* md, unsigned char* data, unsigned* datalen)
3774{
3775 int algo;
3776 unsigned len;
3777
3778 algo = gcry_md_get_algo (*(md));
3779 len = gcry_md_get_algo_dlen(algo);
3780 DISSECTOR_ASSERT(len <= *datalen)((void) ((len <= *datalen) ? (void)0 : (proto_report_dissector_bug
("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-ssh.c"
, 3780, "len <= *datalen"))));
3781 memcpy(data, gcry_md_read(*(md), algo), len);
3782 *datalen = len;
3783}
3784
3785static inline void
3786ssh_hmac_cleanup(SSH_HMACgcry_md_hd_t* md)
3787{
3788 gcry_md_close(*(md));
3789}
3790/* libgcrypt wrappers for HMAC/message digest operations }}} */
3791
3792/* Decryption integrity check {{{ */
3793
3794static int
3795ssh_get_digest_by_id(unsigned mac_id)
3796{
3797 if(mac_id==CIPHER_MAC_SHA2_2560x00020001){
3798 return GCRY_MD_SHA256;
3799 }
3800 return -1;
3801}
3802
3803static void
3804ssh_calc_mac(struct ssh_peer_data *peer_data, uint32_t seqnr, uint8_t* data, uint32_t datalen, uint8_t* calc_mac)
3805{
3806 SSH_HMACgcry_md_hd_t hm;
3807 int md;
3808 uint32_t len;
3809 uint8_t buf[DIGEST_MAX_SIZE48];
3810
3811 md=ssh_get_digest_by_id(peer_data->mac_id);
3812// ssl_debug_printf("ssh_check_mac mac type:%s md %d\n",
3813// ssl_cipher_suite_dig(decoder->cipher_suite)->name, md);
3814
3815 memset(calc_mac, 0, DIGEST_MAX_SIZE48);
3816
3817 if (md == -1) {
3818 return;
3819 }
3820 if (ssh_hmac_init(&hm, peer_data->hmac_iv, peer_data->hmac_iv_len, md) != 0)
3821 return;
3822
3823 /* hash sequence number */
3824 phtonu32(buf, seqnr);
3825
3826 ssh_print_data("Mac IV", peer_data->hmac_iv, peer_data->hmac_iv_len);
3827 ssh_print_data("Mac seq", buf, 4);
3828 ssh_print_data("Mac data", data, datalen);
3829
3830 ssh_hmac_update(&hm,buf,4);
3831
3832 ssh_hmac_update(&hm,data,datalen);
3833
3834 /* get digest and digest len*/
3835 len = sizeof(buf);
3836 ssh_hmac_final(&hm,buf,&len);
3837 ssh_hmac_cleanup(&hm);
3838 ssh_print_data("Mac", buf, len);
3839 memcpy(calc_mac, buf, len);
3840
3841 return;
3842}
3843/* Decryption integrity check }}} */
3844
3845static ssh_packet_info_t *
3846ssh_get_packet_info(packet_info *pinfo, bool_Bool is_response)
3847{
3848 ssh_packet_info_t *packet = (ssh_packet_info_t *)p_get_proto_data(wmem_file_scope(), pinfo, proto_ssh, 0);
3849 if(!packet){
3850 packet = wmem_new0(wmem_file_scope(), ssh_packet_info_t)((ssh_packet_info_t*)wmem_alloc0((wmem_file_scope()), sizeof(
ssh_packet_info_t)));
3851 packet->from_server = is_response;
3852 packet->messages = NULL((void*)0);
3853 p_add_proto_data(wmem_file_scope(), pinfo, proto_ssh, 0, packet);
3854 }
3855 return packet;
3856}
3857
3858static unsigned
3859ssh_decrypt_packet(tvbuff_t *tvb, packet_info *pinfo,
3860 struct ssh_peer_data *peer_data, int offset)
3861{
3862 bool_Bool is_response = ssh_peer_data_from_server(peer_data);
3863
3864 gcry_error_t err;
3865 unsigned message_length = 0, seqnr;
3866 char *plain = NULL((void*)0), *mac;
3867 unsigned mac_len, data_len = 0;
3868 uint8_t calc_mac[DIGEST_MAX_SIZE48];
3869 memset(calc_mac, 0, DIGEST_MAX_SIZE48);
3870 unsigned remaining = tvb_captured_length_remaining(tvb, offset);
3871
3872 mac_len = peer_data->mac_length;
3873 seqnr = peer_data->sequence_number;
3874
3875 /* General algorithm:
3876 * 1. If there are not enough bytes for the packet_length, and we can
3877 * do reassembly, ask for one more segment.
3878 * 2. Retrieve packet_length (encrypted in some modes).
3879 * 3. Sanity check packet_length (the field is 4 bytes, but packet_length
3880 * is unlikely to be much larger than 32768, which provides good indication
3881 * a packet is continuation data or, in some modes, failed decryption.
3882 * https://www.rfc-editor.org/rfc/rfc4253.html#section-6.1 )
3883 * 4. If there are not enough bytes for packet_length, and we can do
3884 * reassembly, tell the TCP dissector how many more bytes we need.
3885 * 5. If the packet is truncated and we cannot reassemble, at this
3886 * point we conclude that it is the next SSH packet, and advance the
3887 * sequence number, invocation_counter, etc. before throwing an exception.
3888 * 6. If we do have all the data, we decrypt and check the MAC before
3889 * doing all that. (XXX - Advancing seqnr regardless could make sense
3890 * in some ciphers.)
3891 * 7. Possibly the MAC should be checked before decryption in some ciphers
3892 * if we have all the data; possibly there should be a "do not check the
3893 * MAC" preference a la TLS.
3894 */
3895
3896 if (GCRY_CIPHER_CHACHA20 == peer_data->cipher_id) {
3897 if (ssh_desegment && pinfo->can_desegment && remaining < 4) {
3898 /* Can do reassembly, and the packet length is split across
3899 * segment boundaries. */
3900 pinfo->desegment_offset = offset;
3901 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT0x0fffffff;
3902 return tvb_captured_length(tvb);
3903 }
3904
3905 const char *ctext = (const char *)tvb_get_ptr(tvb, offset, 4);
3906 uint8_t plain_length_buf[4];
3907
3908 if (!ssh_decrypt_chacha20(peer_data->cipher_2, seqnr, 0, ctext, 4,
3909 plain_length_buf, 4)) {
3910 ws_debug("ERROR: could not decrypt packet len")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3910, __func__, "ERROR: could not decrypt packet len"); } }
while (0);
3911 return tvb_captured_length(tvb);
3912 }
3913
3914 message_length = pntohu32(plain_length_buf);
3915
3916 ssh_debug_printf("chachapoly_crypt seqnr=%d [%u]\n", seqnr, message_length);
3917
3918 ssh_debug_printf("%s plain for seq = %d len = %u\n", is_response?"s2c":"c2s", seqnr, message_length);
3919 if (message_length > SSH_MAX_PACKET_LEN32768) {
3920 ws_debug("ssh: unreasonable message length %u", message_length)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3920, __func__, "ssh: unreasonable message length %u", message_length
); } } while (0);
3921 return tvb_captured_length(tvb);
3922 }
3923 if (remaining < message_length + 4 + mac_len) {
3924 // Need desegmentation; as "the [email protected] AEAD
3925 // uses the sequence number as an initialisation vector (IV) to
3926 // generate its per-packet MAC key and is otherwise stateless
3927 // between packets," we need no special handling here.
3928 // https://www.ietf.org/id/draft-miller-sshm-strict-kex-01.html
3929 //
3930 if (ssh_desegment && pinfo->can_desegment) {
3931 pinfo->desegment_offset = offset;
3932 pinfo->desegment_len = message_length + 4 + mac_len - remaining;
3933 return tvb_captured_length(tvb);
3934 }
3935 // If we can't desegment, we will have an exception below in
3936 // the tvb_get_ptr. Advance the sequence number so that the
3937 // next SSH packet start will decrypt correctly.
3938 peer_data->sequence_number++;
3939 }
3940
3941 plain = (char *)wmem_alloc0(pinfo->pool, message_length+4);
3942 memcpy(plain, plain_length_buf, 4);
3943 const char *ctext2 = (const char *)tvb_get_ptr(tvb, offset+4,
3944 message_length);
3945
3946 /* XXX - "Once the entire packet has been received, the MAC MUST be
3947 * checked before decryption," but we decrypt first.
3948 * https://datatracker.ietf.org/doc/html/draft-ietf-sshm-chacha20-poly1305-01
3949 */
3950 if (!ssh_decrypt_chacha20(peer_data->cipher, seqnr, 1, ctext2,
3951 message_length, plain+4, message_length)) {
3952 ws_debug("ERROR: could not decrypt packet payload")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3952, __func__, "ERROR: could not decrypt packet payload");
} } while (0);
3953 return tvb_captured_length(tvb);
3954 }
3955
3956 mac = (char *)tvb_get_ptr(tvb, offset + 4 + message_length, mac_len);
3957 char poly_key[32], iv[16];
3958
3959 memset(poly_key, 0, 32);
3960 memset(iv, 0, 8);
3961 phtonu64(iv+8, (uint64_t)seqnr);
3962 gcry_cipher_setiv(peer_data->cipher, iv, mac_len);
3963 gcry_cipher_encrypt(peer_data->cipher, poly_key, 32, poly_key, 32);
3964
3965 gcry_mac_hd_t mac_hd;
3966 gcry_mac_open(&mac_hd, GCRY_MAC_POLY1305, 0, NULL((void*)0));
3967 gcry_mac_setkey(mac_hd, poly_key, 32);
3968 gcry_mac_write(mac_hd, ctext, 4);
3969 gcry_mac_write(mac_hd, ctext2, message_length);
3970 if (gcry_mac_verify(mac_hd, mac, mac_len)) {
3971 ws_debug("ssh: MAC does not match")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3971, __func__, "ssh: MAC does not match"); } } while (0);
3972 }
3973 size_t buflen = DIGEST_MAX_SIZE48;
3974 gcry_mac_read(mac_hd, calc_mac, &buflen);
3975 gcry_mac_close(mac_hd);
3976
3977 data_len = message_length + 4;
3978
3979 ssh_debug_printf("%s plain text seq=%d", is_response?"s2c":"c2s",seqnr);
3980 ssh_print_data("", plain, message_length+4);
3981 } else if (CIPHER_AES128_GCM0x00040001 == peer_data->cipher_id || CIPHER_AES256_GCM0x00040004 == peer_data->cipher_id) {
3982
3983 /* AES GCM for Secure Shell [RFC 5647] */
3984 /* The message length is Additional Authenticated Data */
3985 if (ssh_desegment && pinfo->can_desegment && remaining < 4) {
3986 /* Can do reassembly, and the packet length is split across
3987 * segment boundaries. */
3988 pinfo->desegment_offset = offset;
3989 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT0x0fffffff;
3990 return tvb_captured_length(tvb);
3991 }
3992 message_length = tvb_get_uint32(tvb, offset, ENC_BIG_ENDIAN0x00000000);
3993 ssh_debug_printf("length: %d, remaining: %d\n", message_length, remaining);
3994 /* The minimum size of a packet (not counting mac) is 16. */
3995 if (message_length > SSH_MAX_PACKET_LEN32768 || message_length < 16) {
3996 ws_debug("ssh: unreasonable message length %u", message_length)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3996, __func__, "ssh: unreasonable message length %u", message_length
); } } while (0);
3997 return tvb_captured_length(tvb);
3998 }
3999
4000 /* SSH requires that the data to be encrypted (not including the AAD,
4001 * so message_length) be a multiple of the block size, 16 octets */
4002 if (message_length % 16 != 0) {
4003 ssh_debug_printf("length not a multiple of block length (16)!\n");
4004 }
4005
4006 if (message_length + 4 + mac_len > remaining) {
4007 // Need desegmentation; as the message length was unencrypted
4008 // AAD, we need no special handling here.
4009 if (pinfo->can_desegment) {
4010 pinfo->desegment_offset = offset;
4011 pinfo->desegment_len = message_length + 4 + mac_len - remaining;
4012 return tvb_captured_length(tvb);
4013 }
4014 // If we can't desegment, we will have an exception below in
4015 // the tvb_get_ptr. Advance the sequence number (less crucial
4016 // than with ChaCha20, as it's not an input.)
4017 peer_data->sequence_number++;
4018 }
4019
4020 /* Set the IV and increment the invocation_counter for the next
4021 * packet. Do this before retrieving the ciphertext with tvb_get_ptr
4022 * in case this packet is truncated.
4023 */
4024 if ((err = gcry_cipher_setiv(peer_data->cipher, peer_data->iv, 12))) {
4025 //gcry_cipher_close(peer_data->cipher);
4026 //Don't close this unless we also remove the wmem callback
4027// TODO: temporary work-around as long as a Windows python bug is triggered by automated tests
4028#ifndef _WIN32
4029 ws_debug("ssh: can't set aes128 cipher iv")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4029, __func__, "ssh: can't set aes128 cipher iv"); } } while
(0);
4030 ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4030, __func__, "libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource
(err), gcry_strerror(err)); } } while (0);
4031#endif //ndef _WIN32
4032 return tvb_captured_length(tvb);
4033 }
4034 // Increment invocation_counter for next packet
4035 int idx = 12;
4036 do{
4037 idx -= 1;
4038 peer_data->iv[idx] += 1;
4039 }while(idx>4 && peer_data->iv[idx]==0);
4040
4041 const char *ctext = (const char *)tvb_get_ptr(tvb, offset + 4,
4042 message_length);
4043 plain = (char *)wmem_alloc(pinfo->pool, message_length+4);
4044 phtonu32(plain, message_length);
4045
4046 if ((err = gcry_cipher_authenticate(peer_data->cipher, plain, 4))) {
4047// TODO: temporary work-around as long as a Windows python bug is triggered by automated tests
4048#ifndef _WIN32
4049 ws_debug("can't authenticate using aes128-gcm: %s\n", gpg_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4049, __func__, "can't authenticate using aes128-gcm: %s\n"
, gpg_strerror(err)); } } while (0);
4050#endif //ndef _WIN32
4051 return tvb_captured_length(tvb);
4052 }
4053
4054 if ((err = gcry_cipher_decrypt(peer_data->cipher, plain+4, message_length,
4055 ctext, message_length))) {
4056// TODO: temporary work-around as long as a Windows python bug is triggered by automated tests
4057#ifndef _WIN32
4058 ws_debug("can't decrypt aes-gcm %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4058, __func__, "can't decrypt aes-gcm %d %s %s", gcry_err_code
(err), gcry_strsource(err), gcry_strerror(err)); } } while (0
);
4059
4060#endif //ndef _WIN32
4061 return tvb_captured_length(tvb);
4062 }
4063
4064 if (gcry_cipher_gettag (peer_data->cipher, calc_mac, 16)) {
4065// TODO: temporary work-around as long as a Windows python bug is triggered by automated tests
4066#ifndef _WIN32
4067 ws_debug ("aes128-gcm, gcry_cipher_gettag() failed\n")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4067, __func__, "aes128-gcm, gcry_cipher_gettag() failed\n"
); } } while (0);
4068#endif //ndef _WIN32
4069 return tvb_captured_length(tvb);
4070 }
4071
4072 if ((err = gcry_cipher_reset(peer_data->cipher)gcry_cipher_ctl ((peer_data->cipher), GCRYCTL_RESET, ((void
*)0), 0))) {
4073// TODO: temporary work-around as long as a Windows python bug is triggered by automated tests
4074#ifndef _WIN32
4075 ws_debug("aes-gcm, gcry_cipher_reset failed: %s\n", gpg_strerror (err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4075, __func__, "aes-gcm, gcry_cipher_reset failed: %s\n", gpg_strerror
(err)); } } while (0);
4076#endif //ndef _WIN32
4077 return tvb_captured_length(tvb);
4078 }
4079
4080 data_len = message_length + 4;
4081
4082 ssh_debug_printf("%s plain text seq=%d", is_response?"s2c":"c2s",seqnr);
4083 ssh_print_data("", plain, message_length+4);
4084
4085 } else if (CIPHER_AES128_CBC0x00020001 == peer_data->cipher_id || CIPHER_AES128_CTR0x00010001 == peer_data->cipher_id ||
4086 CIPHER_AES192_CBC0x00020002 == peer_data->cipher_id || CIPHER_AES192_CTR0x00010003 == peer_data->cipher_id ||
4087 CIPHER_AES256_CBC0x00020004 == peer_data->cipher_id || CIPHER_AES256_CTR0x00010004 == peer_data->cipher_id) {
4088
4089 ws_noisy("Getting raw bytes of length %d", tvb_reported_length_remaining(tvb, offset))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 4089, __func__, "Getting raw bytes of length %d", tvb_reported_length_remaining
(tvb, offset)); } } while (0);
4090 /* In CBC and CTR mode, the message length is encrypted as well.
4091 * We need to decrypt one block, 16 octets, to get the length.
4092 */
4093 if (ssh_desegment && pinfo->can_desegment && remaining < 16) {
4094 /* Can do reassembly, and the packet length is split across
4095 * segment boundaries. */
4096 pinfo->desegment_offset = offset;
4097 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT0x0fffffff;
4098 return tvb_captured_length(tvb);
4099 }
4100 /* Do we already have the first block decrypted from when the packet
4101 * was too large and segmented?
4102 */
4103 if (!peer_data->plain0_valid) {
4104 const char *cypher_buf0 = (const char *)tvb_get_ptr(tvb, offset, 16);
4105
4106 if (gcry_cipher_decrypt(peer_data->cipher, peer_data->plain0, 16, cypher_buf0, 16))
4107 {
4108 ws_debug("can\'t decrypt aes128")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4108, __func__, "can\'t decrypt aes128"); } } while (0);
4109 return tvb_captured_length(tvb);
4110 }
4111 }
4112
4113 message_length = pntohu32(peer_data->plain0);
4114
4115 /* The message_length value doesn't include the length of the
4116 * message_length field itself, so it must be at least 12 bytes.
4117 */
4118 if (message_length > SSH_MAX_PACKET_LEN32768 || message_length < 12){
4119 ws_debug("ssh: unreasonable message length %u", message_length)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4119, __func__, "ssh: unreasonable message length %u", message_length
); } } while (0);
4120 return tvb_captured_length(tvb);
4121 }
4122
4123 /* SSH requires that the data to be encrypted (message_length+4)
4124 * be a multiple of the block size, 16 octets. */
4125 if (message_length % 16 != 12) {
4126 ssh_debug_printf("total length not a multiple of block length (16)!\n");
4127 }
4128 if (remaining < message_length + 4 + mac_len) {
4129 /* Need desegmentation
4130 *
4131 * We will be handed the full encrypted packet again. We can either
4132 * store the decrypted first block, or will need to reset the CTR
4133 * or IV appropriately before decrypting the first block again.
4134 * libgcrypt does not provide an easy way to get the current value
4135 * of the CTR or (or IV/last block for CBC), so we just store the
4136 * decrypted first block.
4137 */
4138 if (ssh_desegment && pinfo->can_desegment) {
4139 ws_noisy(" need_desegmentation: offset = %d, reported_length_remaining = %d\n",do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 4140, __func__, " need_desegmentation: offset = %d, reported_length_remaining = %d\n"
, offset, tvb_reported_length_remaining(tvb, offset)); } } while
(0)
4140 offset, tvb_reported_length_remaining(tvb, offset))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 4140, __func__, " need_desegmentation: offset = %d, reported_length_remaining = %d\n"
, offset, tvb_reported_length_remaining(tvb, offset)); } } while
(0);
4141 peer_data->plain0_valid = true1;
4142 pinfo->desegment_offset = offset;
4143 pinfo->desegment_len = message_length + 4 + mac_len - remaining;
4144 return tvb_captured_length(tvb);
4145 } else {
4146 // If we can't desegment, we will have an exception below in
4147 // the tvb_get_ptr. Advance the sequence number so that the
4148 // the hash will work for the next packet.
4149 //
4150 // XXX - In CTR mode, we should advance the CTR based on the
4151 // known length so we can dissect the next block. We would
4152 // also need to reset the CTR after failing to dissect a
4153 // packet_length on the continuation data that comes next.
4154 peer_data->sequence_number++;
4155 }
4156 }
4157 peer_data->plain0_valid = false0;
4158 plain = (char *)wmem_alloc(pinfo->pool, message_length+4);
4159 memcpy(plain, peer_data->plain0, 16);
4160
4161 if (message_length - 12 > 0) {
4162 /* All of these functions actually do handle the case where
4163 * there is no data left, so the check is unnecessary.
4164 */
4165 char *ct = (char *)tvb_get_ptr(tvb, offset + 16, message_length - 12);
4166 if ((err = gcry_cipher_decrypt(peer_data->cipher, plain + 16, message_length - 12, ct, message_length - 12)))
4167 {
4168 ws_debug("can't decrypt aes-cbc/ctr %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4168, __func__, "can't decrypt aes-cbc/ctr %d %s %s", gcry_err_code
(err), gcry_strsource(err), gcry_strerror(err)); } } while (0
);
4169 return tvb_captured_length(tvb);
4170 }
4171 }
4172
4173 ssh_debug_printf("%s plain text seq=%d", is_response?"s2c":"c2s",seqnr);
4174 ssh_print_data("", plain, message_length+4);
4175
4176 data_len = message_length + 4;
4177
4178 // XXX - In -etm modes, should calculate MAC based on ciphertext.
4179 ssh_calc_mac(peer_data, seqnr, plain, data_len, calc_mac);
4180 } else if (CIPHER_NULL0x00080000 == peer_data->cipher_id) {
4181 if (ssh_desegment && pinfo->can_desegment && remaining < 4) {
4182 /* Can do reassembly, and the packet length is split across
4183 * segment boundaries. */
4184 pinfo->desegment_offset = offset;
4185 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT0x0fffffff;
4186 return tvb_captured_length(tvb);
4187 }
4188 message_length = tvb_get_uint32(tvb, offset, ENC_BIG_ENDIAN0x00000000);
4189 ssh_debug_printf("length: %d, remaining: %d\n", message_length, remaining);
4190 if (message_length > SSH_MAX_PACKET_LEN32768 || message_length < 8) {
4191 ws_debug("ssh: unreasonable message length %u", message_length)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4191, __func__, "ssh: unreasonable message length %u", message_length
); } } while (0);
4192 return tvb_captured_length(tvb);
4193 }
4194
4195 if (message_length + 4 + mac_len > remaining) {
4196 // Need desegmentation; as the message length was unencrypted
4197 // AAD, we need no special handling here.
4198 if (pinfo->can_desegment) {
4199 pinfo->desegment_offset = offset;
4200 pinfo->desegment_len = message_length + 4 + mac_len - remaining;
4201 return tvb_captured_length(tvb);
4202 }
4203 // If we can't desegment, we will have an exception below in
4204 // the tvb_memdup. Advance the sequence number (not crucial).
4205 peer_data->sequence_number++;
4206 }
4207 data_len = message_length + 4;
4208 plain = tvb_memdup(pinfo->pool, tvb, offset, data_len);
4209
4210 // XXX - In -etm modes, should calculate MAC based on ciphertext.
4211 ssh_calc_mac(peer_data, seqnr, plain, data_len, calc_mac);
4212 }
4213
4214 if (mac_len && data_len) {
4215 mac = (char *)tvb_get_ptr(tvb, offset + data_len, mac_len);
4216 if (!memcmp(mac, calc_mac, mac_len)){
4217 ws_noisy("MAC OK")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 4217, __func__, "MAC OK"); } } while (0);
4218 }else{
4219 ws_debug("MAC ERR")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4219, __func__, "MAC ERR"); } } while (0);
4220 /* Bad MAC, just show the packet as encrypted. We can get
4221 * this for a known encryption type with no keys currently. */
4222 if (!ssh_ignore_mac_failed) {
4223 return tvb_captured_length(tvb);
4224 }
4225 }
4226 }
4227
4228 if(plain){
4229 // Save message
4230
4231 ssh_packet_info_t *packet = ssh_get_packet_info(pinfo, is_response);
4232
4233 int record_id = tvb_raw_offset(tvb)+offset;
4234 ssh_message_info_t *message;
4235
4236 message = wmem_new(wmem_file_scope(), ssh_message_info_t)((ssh_message_info_t*)wmem_alloc((wmem_file_scope()), sizeof(
ssh_message_info_t)));
4237 message->sequence_number = peer_data->sequence_number++;
4238 message->plain_data = wmem_memdup(wmem_file_scope(), plain, data_len);
4239 message->data_len = data_len;
4240 message->id = record_id;
4241 message->next = NULL((void*)0);
4242 memcpy(message->calc_mac, calc_mac, DIGEST_MAX_SIZE48);
4243 ssh_debug_printf("%s->sequence_number++ > %d\n", is_response?"server":"client", peer_data->sequence_number);
4244
4245 ssh_message_info_t **pmessage = &packet->messages;
4246 while(*pmessage){
4247 pmessage = &(*pmessage)->next;
4248 }
4249 *pmessage = message;
4250 }
4251
4252 offset += message_length + mac_len + 4;
4253 return offset;
4254}
4255
4256static bool_Bool
4257ssh_decrypt_chacha20(gcry_cipher_hd_t hd,
4258 uint32_t seqnr, uint32_t counter, const unsigned char *ctext, unsigned ctext_len,
4259 unsigned char *plain, unsigned plain_len)
4260{
4261 unsigned char seq[8];
4262 unsigned char iv[16];
4263
4264 phtonu64(seq, (uint64_t)seqnr);
4265
4266 // chacha20 uses a different cipher handle for the packet payload & length
4267 // the payload uses a block counter
4268 if (counter) {
4269 unsigned char ctr[8] = {1,0,0,0,0,0,0,0};
4270 memcpy(iv, ctr, 8);
4271 memcpy(iv+8, seq, 8);
4272 }
4273
4274 return ((!counter && gcry_cipher_setiv(hd, seq, 8) == 0) ||
4275 (counter && gcry_cipher_setiv(hd, iv, 16) == 0)) &&
4276 gcry_cipher_decrypt(hd, plain, plain_len, ctext, ctext_len) == 0;
4277}
4278
4279static int
4280ssh_dissect_decrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
4281 struct ssh_peer_data *peer_data, proto_tree *tree,
4282 ssh_message_info_t *message)
4283{
4284 int offset = 0; // TODO:
4285 int dissected_len = 0;
4286 tvbuff_t* payload_tvb;
4287
4288 char* plaintext = message->plain_data;
4289 unsigned plaintext_len = message->data_len;
4290
4291 col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL((void*)0), "Encrypted packet (plaintext_len=%d)", plaintext_len);
4292
4293 tvbuff_t *packet_tvb = tvb_new_child_real_data(tvb, plaintext, plaintext_len, plaintext_len);
4294 add_new_data_source(pinfo, packet_tvb, "Decrypted Packet");
4295
4296 unsigned plen;
4297 uint32_t padding_length;
4298 unsigned remain_length;
4299 unsigned msg_code;
4300
4301 proto_item *ti, *padding_ti;
4302 proto_item *msg_type_tree = NULL((void*)0);
4303
4304 /*
4305 * We use "tvb_ensure_captured_length_remaining()" to make sure there
4306 * actually *is* data remaining.
4307 *
4308 * This means we're guaranteed that "remain_length" is positive.
4309 */
4310 remain_length = tvb_ensure_captured_length_remaining(packet_tvb, offset);
4311 /*
4312 * Can we do reassembly?
4313 */
4314 if (ssh_desegment && pinfo->can_desegment) {
4315 /*
4316 * Yes - would an SSH header starting at this offset
4317 * be split across segment boundaries?
4318 */
4319 if (remain_length < 4) {
4320 /*
4321 * Yes. Tell the TCP dissector where the data for
4322 * this message starts in the data it handed us and
4323 * that we need "some more data." Don't tell it
4324 * exactly how many bytes we need because if/when we
4325 * ask for even more (after the header) that will
4326 * break reassembly.
4327 */
4328 pinfo->desegment_offset = offset;
4329 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT0x0fffffff;
4330 return offset;
4331 }
4332 }
4333 /* XXX - Defragmentation needs to be done in ssh_decrypt_packet, and the
4334 * checks there should mean that the above never has an effect. (It's
4335 * copied from ssh_dissect_key_exchange.)
4336 */
4337 plen = tvb_get_ntohl(packet_tvb, offset);
4338
4339 if (ssh_desegment && pinfo->can_desegment) {
4340 if (plen + 4 > remain_length) {
4341 pinfo->desegment_offset = offset;
4342 pinfo->desegment_len = plen+4 - remain_length;
4343 return offset;
4344 }
4345 }
4346 /*
4347 * Need to check plen > 0x80000000 here
4348 */
4349
4350 ti = proto_tree_add_uint(tree, hf_ssh_packet_length, packet_tvb,
4351 offset, 4, plen);
4352 if (plen < 8) {
4353 /* RFC 4253 6: "[T]he length of the concatenation of 'packet_length',
4354 * 'padding_length', 'payload', and 'random padding' MUST be a multiple
4355 * of the cipher block size or 8, whichever is larger,... even when
4356 * using stream ciphers."
4357 *
4358 * Modes that do not encrypt plen with the same key as the other three
4359 * cannot follow this as written and delete 'packet_length' from the
4360 * above sentence. As padding_length is one byte and random_padding at
4361 * least four, packet_length must be at least 8 in all modes.
4362 */
4363 expert_add_info_format(pinfo, ti, &ei_ssh_packet_length, "Packet length is %d, MUST be at least 8", plen);
4364 } else if (plen >= SSH_MAX_PACKET_LEN32768) {
4365 expert_add_info_format(pinfo, ti, &ei_ssh_packet_length, "Overly large number %d", plen);
4366 plen = remain_length-4;
4367 }
4368 offset+=4;
4369
4370 /* padding length */
4371 padding_ti = proto_tree_add_item_ret_uint(tree, hf_ssh_padding_length, packet_tvb, offset, 1, ENC_NA0x00000000, &padding_length);
4372 /* RFC 4253 6: "There MUST be at least four bytes of padding." */
4373 if (padding_length < 4) {
4374 expert_add_info_format(pinfo, padding_ti, &ei_ssh_padding_length, "Padding length is %d, MUST be at least 4", padding_length);
4375 }
4376 unsigned payload_length;
4377 if (ckd_sub(&payload_length, plen, padding_length + 1)__builtin_sub_overflow((plen), (padding_length + 1), (&payload_length
))) {
4378 expert_add_info_format(pinfo, padding_ti, &ei_ssh_padding_length, "Padding length is too large [%d], implies a negative payload length", padding_length);
4379 payload_length = 0;
4380 }
4381 offset += 1;
4382
4383 /* msg_code */
4384 msg_code = tvb_get_uint8(packet_tvb, offset);
4385 /* XXX - Payload compression could have been negotiated */
4386 payload_tvb = tvb_new_subset_length(packet_tvb, offset, (int)payload_length);
4387 bool_Bool is_response = ssh_peer_data_from_server(peer_data);
4388
4389 /* Transport layer protocol */
4390 /* Generic (1-19) */
4391 if(msg_code >= 1 && msg_code <= 19) {
4392 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0), val_to_str(pinfo->pool, msg_code, ssh2_msg_vals, "Unknown (%u)"));
4393 msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), "Message: Transport (generic)");
4394 proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4395 dissected_len = ssh_dissect_transport_generic(payload_tvb, pinfo, 1, peer_data, msg_type_tree, msg_code);
4396 }
4397 /* Algorithm negotiation (20-29) */
4398 /* Normally these messages are all dissected in ssh_dissect_key_exchange */
4399 else if(msg_code >=20 && msg_code <= 29) {
4400//TODO: See if the complete dissector should be refactored to always go through here first offset = ssh_dissect_transport_algorithm_negotiation(packet_tvb, pinfo, global_data, offset, msg_type_tree, is_response, msg_code);
4401
4402 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0), val_to_str(pinfo->pool, msg_code, ssh2_msg_vals, "Unknown (%u)"));
4403 msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), "Message: Transport (algorithm negotiation)");
4404 proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4405 dissected_len = 1;
4406
4407 ws_debug("SSH dissect: pass %u, frame %u, msg_code %u, do_decrypt=%d", pinfo->fd->visited, pinfo->fd->num, msg_code, peer_data->global_data->do_decrypt)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4407, __func__, "SSH dissect: pass %u, frame %u, msg_code %u, do_decrypt=%d"
, pinfo->fd->visited, pinfo->fd->num, msg_code, peer_data
->global_data->do_decrypt); } } while (0);
4408 switch(msg_code)
4409 {
4410 case SSH_MSG_KEXINIT20:
4411 {
4412 ws_debug("ssh: REKEY msg_code 20: storing frame %u number, offset %d" , pinfo->num, offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4412, __func__, "ssh: REKEY msg_code 20: storing frame %u number, offset %d"
, pinfo->num, offset); } } while (0);
4413 peer_data->rekey_trigger_frame = pinfo->num;
4414 // Reset array while REKEY: sanitize server_key_exchange_init and force do_decrypt :
4415 peer_data->global_data->kex_server_key_exchange_init = wmem_array_new(wmem_file_scope(), 1);
4416 peer_data->global_data->do_decrypt = true1;
4417 dissected_len = ssh_dissect_key_init(payload_tvb, pinfo, offset - 4, msg_type_tree, is_response, peer_data->global_data);
4418 break;
4419 }
4420 case SSH_MSG_NEWKEYS21:
4421 {
4422 if (peer_data->rekey_pending) {
4423 ws_debug("ssh: REKEY pending... NEWKEYS frame %u", pinfo->num)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4423, __func__, "ssh: REKEY pending... NEWKEYS frame %u", pinfo
->num); } } while (0);
4424 ws_debug("ssh: decrypting frame %u with key ID %u, seq=%u", pinfo->num, peer_data->cipher_id, peer_data->sequence_number)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4424, __func__, "ssh: decrypting frame %u with key ID %u, seq=%u"
, pinfo->num, peer_data->cipher_id, peer_data->sequence_number
); } } while (0);
4425 if (peer_data->global_data->ext_kex_strict) {
4426 peer_data->sequence_number = 0;
4427 ssh_debug_printf("%s->sequence_number reset to 0 (Strict KEX)\n", is_response ? "server" : "client");
4428 ws_debug("ssh: REKEY reset %s sequence number to 0 at frame %u (Strict KEX)", is_response ? "server" : "client", pinfo->num)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4428, __func__, "ssh: REKEY reset %s sequence number to 0 at frame %u (Strict KEX)"
, is_response ? "server" : "client", pinfo->num); } } while
(0);
4429 }
4430 // finalize the rekey (activate the new keys)
4431 if (!is_response) { // Only process client-sent NEWKEYS
4432 // Activate new key material into peer_data->cipher
4433 ssh_debug_printf("Activating new keys for CLIENT => SERVER\n");
4434 ssh_decryption_setup_cipher(peer_data, &peer_data->global_data->new_keys[0], &peer_data->global_data->new_keys[2]);
4435 ssh_decryption_setup_mac(peer_data, &peer_data->global_data->new_keys[4]);
4436 } else { // Only process server-sent NEWKEYS
4437 // Activate new key material into peer_data->cipher
4438 ssh_debug_printf("Activating new keys for SERVER => CLIENT\n");
4439 ssh_decryption_setup_cipher(peer_data, &peer_data->global_data->new_keys[1], &peer_data->global_data->new_keys[3]);
4440 ssh_decryption_setup_mac(peer_data, &peer_data->global_data->new_keys[5]);
4441 }
4442 // Finishing REKEY
4443 peer_data->rekey_pending = false0;
4444 ws_debug("ssh: REKEY done... switched to NEWKEYS at frame %u", pinfo->num)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4444, __func__, "ssh: REKEY done... switched to NEWKEYS at frame %u"
, pinfo->num); } } while (0);
4445 }
4446 break;
4447 }
4448 }
4449 }
4450 /* Key exchange method specific (reusable) (30-49) */
4451 /* Normally these messages are all dissected in ssh_dissect_key_exchange */
4452 else if (msg_code >=30 && msg_code <= 49) {
4453//TODO: See if the complete dissector should be refactored to always go through here first offset = global_data->kex_specific_dissector(msg_code, packet_tvb, pinfo, offset, msg_type_tree);
4454
4455 msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), "Message: Transport (key exchange method specific)");
4456 ws_debug("ssh: rekey KEX_xxx_INIT/KEX_xxx_REPLY detected in frame %u", pinfo->num)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4456, __func__, "ssh: rekey KEX_xxx_INIT/KEX_xxx_REPLY detected in frame %u"
, pinfo->num); } } while (0);
4457 peer_data->rekey_pending = true1;
4458 dissected_len = peer_data->global_data->kex_specific_dissector(msg_code, payload_tvb, pinfo, offset -5, msg_type_tree, peer_data->global_data);
4459 }
4460
4461 /* User authentication protocol */
4462 /* Generic (50-59) */
4463 else if (msg_code >= 50 && msg_code <= 59) {
4464 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0), val_to_str(pinfo->pool, msg_code, ssh2_msg_vals, "Unknown (%u)"));
4465 msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), "Message: User Authentication (generic)");
4466 proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4467 dissected_len = ssh_dissect_userauth_generic(payload_tvb, pinfo, 1, msg_type_tree, msg_code);
4468 }
4469 /* User authentication method specific (reusable) (60-79) */
4470 else if (msg_code >= 60 && msg_code <= 79) {
4471 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0), val_to_str(pinfo->pool, msg_code, ssh2_msg_vals, "Unknown (%u)"));
4472 msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), "Message: User Authentication: (method specific)");
4473 proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4474 dissected_len = ssh_dissect_userauth_specific(payload_tvb, pinfo, 1, msg_type_tree, msg_code);
4475 }
4476
4477 /* Connection protocol */
4478 /* Generic (80-89) */
4479 else if (msg_code >= 80 && msg_code <= 89) {
4480 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0), val_to_str(pinfo->pool, msg_code, ssh2_msg_vals, "Unknown (%u)"));
4481 msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), "Message: Connection (generic)");
4482 proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4483 dissected_len = ssh_dissect_connection_generic(payload_tvb, pinfo, 1, msg_type_tree, msg_code);
4484 }
4485 /* Channel related messages (90-127) */
4486 else if (msg_code >= 90 && msg_code <= 127) {
4487 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0), val_to_str(pinfo->pool, msg_code, ssh2_msg_vals, "Unknown (%u)"));
4488 msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), "Message: Connection: (channel related message)");
4489 proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4490 dissected_len = ssh_dissect_connection_specific(payload_tvb, pinfo, peer_data, 1, msg_type_tree, msg_code, message);
4491 }
4492
4493 /* Reserved for client protocols (128-191) */
4494 else if (msg_code >= 128 && msg_code <= 191) {
4495 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0), val_to_str(pinfo->pool, msg_code, ssh2_msg_vals, "Unknown (%u)"));
4496 msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), "Message: Client protocol");
4497 proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4498 offset+=1;
4499 // TODO: dissected_len = ssh_dissect_client(payload_tvb, pinfo, global_data, 1, msg_type_tree, is_response, msg_code);
4500 }
4501
4502 /* Local extensions (192-255) */
4503 else if (msg_code >= 192 && msg_code <= 255) {
4504 msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), "Message: Local extension");
4505 dissected_len = ssh_dissect_local_extension(payload_tvb, pinfo, 0, peer_data, msg_type_tree, msg_code);
4506 }
4507
4508 /* XXX - ssh_dissect_key_exchange only adds undecoded payload here,
4509 * i.e., tvb_reported_length_remaining(payload_tvb, dissected_len)
4510 */
4511 if (payload_length > 0) {
4512 proto_tree_add_item(msg_type_tree, hf_ssh_payload, packet_tvb, offset, payload_length, ENC_NA0x00000000);
4513 }
4514 if(dissected_len!=(int)payload_length){
4515 expert_add_info_format(pinfo, ti, &ei_ssh_packet_decode, "Decoded %d bytes, but payload length is %d bytes [%d]", dissected_len, payload_length, msg_code);
4516 }
4517 offset += payload_length;
4518
4519 /* padding */
4520 proto_tree_add_item(tree, hf_ssh_padding_string, packet_tvb, offset, padding_length, ENC_NA0x00000000);
4521 offset += padding_length;
4522
4523 if (peer_data->mac_length) {
4524 proto_tree_add_checksum_bytes(tree, tvb, offset, hf_ssh_mac_string, hf_ssh_mac_status, &ei_ssh_mac_bad, pinfo, message->calc_mac, peer_data->mac_length, PROTO_CHECKSUM_VERIFY0x01);
4525 offset += peer_data->mac_length;
4526 }
4527 ti = proto_tree_add_uint(tree, hf_ssh_seq_num, tvb, offset, 0, message->sequence_number);
4528 proto_item_set_generated(ti);
4529 return offset;
4530}
4531
4532static int
4533ssh_dissect_transport_generic(tvbuff_t *packet_tvb, packet_info *pinfo,
4534 int offset, struct ssh_peer_data *peer_data, proto_item *msg_type_tree, unsigned msg_code)
4535{
4536 (void)pinfo;
4537 if(msg_code==SSH_MSG_DISCONNECT1){
4538 proto_tree_add_item(msg_type_tree, hf_ssh_disconnect_reason, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4539 offset += 4;
4540 unsigned nlen;
4541 nlen = tvb_get_ntohl(packet_tvb, offset) ;
4542 proto_tree_add_item(msg_type_tree, hf_ssh_disconnect_description_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4543 offset += 4;
4544 proto_tree_add_item(msg_type_tree, hf_ssh_disconnect_description, packet_tvb, offset, nlen, ENC_ASCII0x00000000);
4545 offset += nlen;
4546 nlen = tvb_get_ntohl(packet_tvb, offset) ;
4547 proto_tree_add_item(msg_type_tree, hf_ssh_lang_tag_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4548 offset += 4;
4549 proto_tree_add_item(msg_type_tree, hf_ssh_lang_tag, packet_tvb, offset, nlen, ENC_ASCII0x00000000);
4550 offset += nlen;
4551 }else if(msg_code==SSH_MSG_IGNORE2){
4552 offset += ssh_tree_add_string(packet_tvb, offset, msg_type_tree, hf_ssh_ignore_data, hf_ssh_ignore_data_length);
4553 }else if(msg_code==SSH_MSG_DEBUG4){
4554 unsigned slen;
4555 proto_tree_add_item(msg_type_tree, hf_ssh_debug_always_display, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4556 offset += 1;
4557 slen = tvb_get_ntohl(packet_tvb, offset) ;
4558 proto_tree_add_item(msg_type_tree, hf_ssh_debug_message_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4559 offset += 4;
4560 proto_tree_add_item(msg_type_tree, hf_ssh_debug_message, packet_tvb, offset, slen, ENC_UTF_80x00000002);
4561 offset += slen;
4562 slen = tvb_get_ntohl(packet_tvb, offset) ;
4563 proto_tree_add_item(msg_type_tree, hf_ssh_lang_tag_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4564 offset += 4;
4565 proto_tree_add_item(msg_type_tree, hf_ssh_lang_tag, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4566 offset += slen;
4567 }else if(msg_code==SSH_MSG_SERVICE_REQUEST5){
4568 unsigned nlen;
4569 nlen = tvb_get_ntohl(packet_tvb, offset) ;
4570 proto_tree_add_item(msg_type_tree, hf_ssh_service_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4571 offset += 4;
4572 proto_tree_add_item(msg_type_tree, hf_ssh_service_name, packet_tvb, offset, nlen, ENC_ASCII0x00000000);
4573 offset += nlen;
4574 }else if(msg_code==SSH_MSG_SERVICE_ACCEPT6){
4575 unsigned nlen;
4576 nlen = tvb_get_ntohl(packet_tvb, offset) ;
4577 proto_tree_add_item(msg_type_tree, hf_ssh_service_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4578 offset += 4;
4579 proto_tree_add_item(msg_type_tree, hf_ssh_service_name, packet_tvb, offset, nlen, ENC_ASCII0x00000000);
4580 offset += nlen;
4581 }else if(msg_code==SSH_MSG_EXT_INFO7){
4582 unsigned ext_cnt;
4583 ext_cnt = tvb_get_ntohl(packet_tvb, offset);
4584 proto_tree_add_item(msg_type_tree, hf_ssh_ext_count, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4585 offset += 4;
4586 for(unsigned ext_index = 0; ext_index < ext_cnt; ext_index++) {
4587 offset = ssh_dissect_rfc8308_extension(packet_tvb, pinfo, offset, peer_data, msg_type_tree);
4588 }
4589 }
4590 return offset;
4591}
4592
4593static int
4594ssh_dissect_rfc8308_extension(tvbuff_t *packet_tvb, packet_info *pinfo,
4595 int offset, struct ssh_peer_data *peer_data, proto_item *msg_type_tree)
4596{
4597 (void)pinfo;
4598 unsigned ext_name_slen = tvb_get_ntohl(packet_tvb, offset);
4599 uint8_t *ext_name = tvb_get_string_enc(pinfo->pool, packet_tvb, offset + 4, ext_name_slen, ENC_ASCII0x00000000);
4600 unsigned ext_value_slen = tvb_get_ntohl(packet_tvb, offset + 4 + ext_name_slen);
4601 unsigned ext_len = 8 + ext_name_slen + ext_value_slen;
4602 proto_item *ext_tree = proto_tree_add_subtree_format(msg_type_tree, packet_tvb, offset, ext_len, ett_extension, NULL((void*)0), "Extension: %s", ext_name);
4603
4604 proto_tree_add_item(ext_tree, hf_ssh_ext_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4605 offset += 4;
4606 proto_tree_add_item(ext_tree, hf_ssh_ext_name, packet_tvb, offset, ext_name_slen, ENC_ASCII0x00000000);
4607 offset += ext_name_slen;
4608 proto_tree_add_item(ext_tree, hf_ssh_ext_value_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4609 offset += 4;
4610 proto_tree_add_item(ext_tree, hf_ssh_ext_value, packet_tvb, offset, ext_value_slen, ENC_NA0x00000000);
4611
4612 if (g_str_equal(ext_name, "server-sig-algs")(strcmp ((const char *) (ext_name), (const char *) ("server-sig-algs"
)) == 0)) {
4613 // server-sig-algs (RFC8308 Sec. 3.1)
4614 proto_tree_add_item(ext_tree, hf_ssh_ext_server_sig_algs_algorithms, packet_tvb, offset, ext_value_slen, ENC_ASCII0x00000000);
4615 offset += ext_value_slen;
4616 } else if (g_str_equal(ext_name, "delay-compression")(strcmp ((const char *) (ext_name), (const char *) ("delay-compression"
)) == 0)) {
4617 // delay-compression (RFC8308 Sec 3.2)
4618 unsigned slen;
4619 slen = tvb_get_ntohl(packet_tvb, offset);
4620 proto_tree_add_item(ext_tree, hf_ssh_ext_delay_compression_algorithms_client_to_server_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4621 offset += 4;
4622 proto_tree_add_item(ext_tree, hf_ssh_ext_delay_compression_algorithms_client_to_server, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4623 offset += slen;
4624 slen = tvb_get_ntohl(packet_tvb, offset);
4625 proto_tree_add_item(ext_tree, hf_ssh_ext_delay_compression_algorithms_server_to_client_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4626 offset += 4;
4627 proto_tree_add_item(ext_tree, hf_ssh_ext_delay_compression_algorithms_server_to_client, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4628 offset += slen;
4629 } else if (g_str_equal(ext_name, "no-flow-control")(strcmp ((const char *) (ext_name), (const char *) ("no-flow-control"
)) == 0)) {
4630 // no-flow-control (RFC 8308 Sec 3.3)
4631 proto_tree_add_item(ext_tree, hf_ssh_ext_no_flow_control_value, packet_tvb, offset, ext_value_slen, ENC_ASCII0x00000000);
4632 offset += ext_value_slen;
4633 } else if (g_str_equal(ext_name, "elevation")(strcmp ((const char *) (ext_name), (const char *) ("elevation"
)) == 0)) {
4634 // elevation (RFC 8308 Sec 3.4)
4635 proto_tree_add_item(ext_tree, hf_ssh_ext_elevation_value, packet_tvb, offset, ext_value_slen, ENC_ASCII0x00000000);
4636 offset += ext_value_slen;
4637 } else if (g_str_equal(ext_name, "[email protected]")(strcmp ((const char *) (ext_name), (const char *) ("[email protected]"
)) == 0)) {
4638 // [email protected] (proprietary)
4639 proto_tree_add_item(ext_tree, hf_ssh_ext_prop_publickey_algorithms_algorithms, packet_tvb, offset, ext_value_slen, ENC_ASCII0x00000000);
4640 offset += ext_value_slen;
4641 } else if (g_str_equal(ext_name, "[email protected]")(strcmp ((const char *) (ext_name), (const char *) ("[email protected]"
)) == 0)) {
4642 // [email protected] (proprietary w/ primitive extension value)
4643 peer_data->global_data->ext_ping_openssh_offered = true1;
4644 offset += ext_value_slen;
4645 } else {
4646 offset += ext_value_slen;
4647 }
4648
4649 // The following extensions do not require advanced dissection:
4650 // - global-requests-ok
4651 // - ext-auth-info
4652 // - [email protected]
4653 // - [email protected]
4654
4655 return offset;
4656}
4657
4658static int
4659ssh_dissect_userauth_generic(tvbuff_t *packet_tvb, packet_info *pinfo,
4660 int offset, proto_item *msg_type_tree, unsigned msg_code)
4661{
4662 if(msg_code==SSH_MSG_USERAUTH_REQUEST50){
4663 uint32_t slen;
4664 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_userauth_user_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4665 offset += 4;
4666 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_user_name, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4667 offset += slen;
4668 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_userauth_service_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4669 offset += 4;
4670 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_service_name, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4671 offset += slen;
4672 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_userauth_method_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4673 offset += 4;
4674 const uint8_t* key_type;
4675 proto_tree_add_item_ret_string(msg_type_tree, hf_ssh_userauth_method_name, packet_tvb, offset, slen, ENC_ASCII0x00000000, pinfo->pool, &key_type);
4676 offset += slen;
4677 if (0 == strcmp(key_type, "none")) {
4678 }else if (0 == strcmp(key_type, "publickey") || 0 == strcmp(key_type, "[email protected]")) {
4679 uint8_t bHaveSignature = tvb_get_uint8(packet_tvb, offset);
4680 int dissected_len = 0;
4681 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_have_signature, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4682 offset += 1;
4683 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_userauth_pka_name_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4684 offset += 4;
4685 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_pka_name, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4686 offset += slen;
4687 proto_item *ti;
4688 ti = proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_blob_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4689 offset += 4;
4690 dissected_len = ssh_dissect_public_key_blob(tvb_new_subset_length(packet_tvb, offset, slen), pinfo, msg_type_tree);
4691 if(dissected_len!=(int)slen){
4692 expert_add_info_format(pinfo, ti, &ei_ssh_packet_decode, "Decoded %d bytes, but packet length is %d bytes", dissected_len, slen);
4693 }
4694 offset += slen;
4695 if (0 == strcmp(key_type, "[email protected]")) {
4696 // Host key - but should we add it to global data or not?
4697 offset += ssh_tree_add_hostkey(packet_tvb, pinfo, offset, msg_type_tree, "Server host key",
4698 ett_key_exchange_host_key, NULL((void*)0));
4699 }
4700 if(bHaveSignature){
4701 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_signature_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4702 offset += 4;
4703 proto_item *signature_tree = NULL((void*)0);
4704 signature_tree = proto_tree_add_subtree(msg_type_tree, packet_tvb, offset, slen, ett_userauth_pk_signature, NULL((void*)0), "Public key signature");
4705 dissected_len = ssh_dissect_public_key_signature(packet_tvb, pinfo, offset, signature_tree) - offset;
4706 if(dissected_len!=(int)slen){
4707 expert_add_info_format(pinfo, signature_tree, &ei_ssh_packet_decode, "Decoded %d bytes, but packet length is %d bytes", dissected_len, slen);
4708 }
4709 offset += slen;
4710 }
4711 }else if (0 == strcmp(key_type, "password")) {
4712 uint8_t bChangePassword = tvb_get_uint8(packet_tvb, offset);
4713 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_change_password, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4714 offset += 1;
4715 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_userauth_password_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4716 offset += 4;
4717 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_password, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4718 offset += slen;
4719 if(bChangePassword){
4720 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_userauth_new_password_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4721 offset += 4;
4722 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_new_password, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4723 offset += slen;
4724 }
4725 }else{
4726 }
4727
4728 }else if(msg_code==SSH_MSG_USERAUTH_FAILURE51){
4729 unsigned slen;
4730 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_auth_failure_list_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4731 offset += 4;
4732 proto_tree_add_item(msg_type_tree, hf_ssh_auth_failure_list, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4733 offset += slen;
4734 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_partial_success, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4735 offset += 1;
4736 }
4737 return offset;
4738}
4739
4740static int
4741ssh_dissect_userauth_specific(tvbuff_t *packet_tvb, packet_info *pinfo,
4742 int offset, proto_item *msg_type_tree, unsigned msg_code)
4743{
4744 if(msg_code==SSH_MSG_USERAUTH_PK_OK60){
4745 proto_item *ti;
4746 int dissected_len = 0;
4747 unsigned slen;
4748 slen = tvb_get_ntohl(packet_tvb, offset) ;
4749 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_pka_name_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4750 offset += 4;
4751 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_pka_name, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4752 offset += slen;
4753 ti = proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_blob_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4754 offset += 4;
4755 dissected_len = ssh_dissect_public_key_blob(tvb_new_subset_length(packet_tvb, offset, slen), pinfo, msg_type_tree);
4756 if(dissected_len!=(int)slen){
4757 expert_add_info_format(pinfo, ti, &ei_ssh_packet_decode, "Decoded %d bytes, but packet length is %d bytes", dissected_len, slen);
4758 }
4759 offset += slen;
4760 }
4761 return offset;
4762}
4763
4764static void
4765ssh_process_payload(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, ssh_channel_info_t *channel)
4766{
4767 tvbuff_t *next_tvb = tvb_new_subset_remaining(tvb, offset);
4768 if (channel->handle) {
4769 call_dissector(channel->handle, next_tvb, pinfo, proto_tree_get_root(tree));
4770 } else {
4771 call_data_dissector(next_tvb, pinfo, proto_tree_get_root(tree));
4772 }
4773}
4774
4775static void
4776print_ssh_fragment_tree(fragment_head *ipfd_head, proto_tree *tree, proto_tree *ssh_tree, packet_info *pinfo, tvbuff_t *next_tvb)
4777{
4778 proto_item *ssh_tree_item, *frag_tree_item;
4779
4780 /*
4781 * The subdissector thought it was completely
4782 * desegmented (although the stuff at the
4783 * end may, in turn, require desegmentation),
4784 * so we show a tree with all segments.
4785 */
4786 show_fragment_tree(ipfd_head, &ssh_segment_items,
4787 tree, pinfo, next_tvb, &frag_tree_item);
4788 /*
4789 * The toplevel fragment subtree is now
4790 * behind all desegmented data; move it
4791 * right behind the SSH tree.
4792 */
4793 ssh_tree_item = proto_tree_get_parent(ssh_tree);
4794 /* The SSH protocol item is up a few levels from the message tree */
4795 ssh_tree_item = proto_item_get_parent_nth(ssh_tree_item, 2);
4796 if (frag_tree_item && ssh_tree_item) {
4797 proto_tree_move_item(tree, ssh_tree_item, frag_tree_item);
4798 }
4799}
4800
4801static uint32_t
4802ssh_msp_fragment_id(struct tcp_multisegment_pdu *msp)
4803{
4804 /*
4805 * If a frame contains multiple PDUs, then "first_frame" is not
4806 * sufficient to uniquely identify groups of fragments. Therefore we use
4807 * the tcp reassembly functions that also test msp->seq (the position of
4808 * the initial fragment in the SSH channel).
4809 */
4810 return msp->first_frame;
4811}
4812
4813static void
4814ssh_proto_tree_add_segment_data(
4815 proto_tree *tree,
4816 tvbuff_t *tvb,
4817 int offset,
4818 int length,
4819 const char *prefix)
4820{
4821 proto_tree_add_bytes_format(
4822 tree,
4823 hf_ssh_segment_data,
4824 tvb,
4825 offset,
4826 length,
4827 NULL((void*)0),
4828 "%sSSH segment data (%u %s)",
4829 prefix != NULL((void*)0) ? prefix : "",
4830 length == -1 ? tvb_reported_length_remaining(tvb, offset) : length,
4831 plurality(length, "byte", "bytes")((length) == 1 ? ("byte") : ("bytes")));
4832}
4833
4834static void
4835desegment_ssh(tvbuff_t *tvb, packet_info *pinfo, uint32_t seq,
4836 uint32_t nxtseq, proto_tree *tree, ssh_channel_info_t *channel)
4837{
4838 fragment_head *ipfd_head;
4839 bool_Bool must_desegment;
4840 bool_Bool called_dissector;
4841 int another_pdu_follows;
4842 bool_Bool another_segment_in_frame = false0;
4843 int deseg_offset, offset = 0;
4844 uint32_t deseg_seq;
4845 int nbytes;
4846 proto_item *item;
4847 struct tcp_multisegment_pdu *msp;
4848 bool_Bool first_pdu = true1;
4849
4850again:
4851 ipfd_head = NULL((void*)0);
4852 must_desegment = false0;
4853 called_dissector = false0;
4854 another_pdu_follows = 0;
4855 msp = NULL((void*)0);
4856
4857 /*
4858 * Initialize these to assume no desegmentation.
4859 * If that's not the case, these will be set appropriately
4860 * by the subdissector.
4861 */
4862 pinfo->desegment_offset = 0;
4863 pinfo->desegment_len = 0;
4864
4865 /*
4866 * Initialize this to assume that this segment will just be
4867 * added to the middle of a desegmented chunk of data, so
4868 * that we should show it all as data.
4869 * If that's not the case, it will be set appropriately.
4870 */
4871 deseg_offset = offset;
4872
4873 /* If we've seen this segment before (e.g., it's a retransmission),
4874 * there's nothing for us to do. Certainly, don't add it to the list
4875 * of multisegment_pdus (that would cause subsequent lookups to find
4876 * the retransmission instead of the original transmission, breaking
4877 * dissection of the desegmented pdu if we'd already seen the end of
4878 * the pdu).
4879 */
4880 if ((msp = (struct tcp_multisegment_pdu *)wmem_tree_lookup32(channel->multisegment_pdus, seq))) {
4881 const char *prefix;
4882 bool_Bool is_retransmission = false0;
4883
4884 if (msp->first_frame == pinfo->num) {
4885 /* This must be after the first pass. */
4886 prefix = "";
4887 if (msp->last_frame == pinfo->num) {
4888 col_clear(pinfo->cinfo, COL_INFO);
4889 } else {
4890 if (first_pdu) {
4891 col_append_sep_str(pinfo->cinfo, COL_INFO, " ", "[SSH segment of a reassembled PDU]");
4892 }
4893 }
4894 } else {
4895 prefix = "Retransmitted ";
4896 is_retransmission = true1;
4897 }
4898
4899 if (!is_retransmission) {
4900 ipfd_head = fragment_get(&ssh_reassembly_table, pinfo, msp->first_frame, msp);
4901 if (ipfd_head != NULL((void*)0) && ipfd_head->reassembled_in !=0 &&
4902 ipfd_head->reassembled_in != pinfo->num) {
4903 /* Show what frame this was reassembled in if not this one. */
4904 item=proto_tree_add_uint(tree, *ssh_segment_items.hf_reassembled_in,
4905 tvb, 0, 0, ipfd_head->reassembled_in);
4906 proto_item_set_generated(item);
4907 }
4908 }
4909 nbytes = tvb_reported_length_remaining(tvb, offset);
4910 ssh_proto_tree_add_segment_data(tree, tvb, offset, nbytes, prefix);
4911 return;
4912 }
4913
4914 /* Else, find the most previous PDU starting before this sequence number */
4915 msp = (struct tcp_multisegment_pdu *)wmem_tree_lookup32_le(channel->multisegment_pdus, seq-1);
4916 if (msp && msp->seq <= seq && msp->nxtpdu > seq) {
4917 int len;
4918
4919 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
4920 msp->last_frame = pinfo->num;
4921 msp->last_frame_time = pinfo->abs_ts;
4922 }
4923
4924 /* OK, this PDU was found, which means the segment continues
4925 * a higher-level PDU and that we must desegment it.
4926 */
4927 if (msp->flags & MSP_FLAGS_REASSEMBLE_ENTIRE_SEGMENT0x00000001) {
4928 /* The dissector asked for the entire segment */
4929 len = MAX(0, tvb_reported_length_remaining(tvb, offset))(((0) > (tvb_reported_length_remaining(tvb, offset))) ? (0
) : (tvb_reported_length_remaining(tvb, offset)));
4930 } else {
4931 len = MIN(nxtseq, msp->nxtpdu)(((nxtseq) < (msp->nxtpdu)) ? (nxtseq) : (msp->nxtpdu
)) - seq;
4932 }
4933
4934 ipfd_head = fragment_add(&ssh_reassembly_table, tvb, offset,
4935 pinfo, ssh_msp_fragment_id(msp), msp,
4936 seq - msp->seq,
4937 len, (LT_SEQ (nxtseq,msp->nxtpdu)((int32_t)((nxtseq) - (msp->nxtpdu)) < 0)));
4938
4939 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)
4940 && msp->flags & MSP_FLAGS_REASSEMBLE_ENTIRE_SEGMENT0x00000001) {
4941 msp->flags &= (~MSP_FLAGS_REASSEMBLE_ENTIRE_SEGMENT0x00000001);
4942
4943 /* If we consumed the entire segment there is no
4944 * other pdu starting anywhere inside this segment.
4945 * So update nxtpdu to point at least to the start
4946 * of the next segment.
4947 * (If the subdissector asks for even more data we
4948 * will advance nxtpdu even further later down in
4949 * the code.)
4950 */
4951 msp->nxtpdu = nxtseq;
4952 }
4953
4954 if ( (msp->nxtpdu < nxtseq)
4955 && (msp->nxtpdu >= seq)
4956 && (len > 0)) {
4957 another_pdu_follows = msp->nxtpdu - seq;
4958 }
4959 } else {
4960 /* This segment was not found in our table, so it doesn't
4961 * contain a continuation of a higher-level PDU.
4962 * Call the normal subdissector.
4963 */
4964 ssh_process_payload(tvb, offset, pinfo, tree, channel);
4965 called_dissector = true1;
4966
4967 /* Did the subdissector ask us to desegment some more data
4968 * before it could handle the packet?
4969 * If so we have to create some structures in our table but
4970 * this is something we only do the first time we see this
4971 * packet.
4972 */
4973 if (pinfo->desegment_len) {
4974 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited))
4975 must_desegment = true1;
4976
4977 /*
4978 * Set "deseg_offset" to the offset in "tvb"
4979 * of the first byte of data that the
4980 * subdissector didn't process.
4981 */
4982 deseg_offset = offset + pinfo->desegment_offset;
4983 }
4984
4985 /* Either no desegmentation is necessary, or this is
4986 * segment contains the beginning but not the end of
4987 * a higher-level PDU and thus isn't completely
4988 * desegmented.
4989 */
4990 ipfd_head = NULL((void*)0);
4991 }
4992
4993 /* is it completely desegmented? */
4994 if (ipfd_head && ipfd_head->reassembled_in == pinfo->num) {
4995 /*
4996 * Yes, we think it is.
4997 * We only call subdissector for the last segment.
4998 * Note that the last segment may include more than what
4999 * we needed.
5000 */
5001 if (nxtseq < msp->nxtpdu) {
5002 /*
5003 * This is *not* the last segment. It is part of a PDU in the same
5004 * frame, so no another PDU can follow this one.
5005 * Do not reassemble SSH yet, it will be done in the final segment.
5006 * (If we are reassembling at FIN, we will do that in dissect_ssl()
5007 * after iterating through all the records.)
5008 * Clear the Info column and avoid displaying [SSH segment of a
5009 * reassembled PDU], the payload dissector will typically set it.
5010 * (This is needed here for the second pass.)
5011 */
5012 another_pdu_follows = 0;
5013 col_clear(pinfo->cinfo, COL_INFO);
5014 another_segment_in_frame = true1;
5015 } else {
5016 /*
5017 * OK, this is the last segment of the PDU and also the
5018 * last segment in this frame.
5019 * Let's call the subdissector with the desegmented
5020 * data.
5021 */
5022 tvbuff_t *next_tvb;
5023 int old_len;
5024
5025 /*
5026 * Reset column in case multiple SSH segments form the PDU
5027 * and this last SSH segment is not in the first TCP segment of
5028 * this frame.
5029 * XXX prevent clearing the column if the last layer is not SSH?
5030 */
5031 /* Clear column during the first pass. */
5032 col_clear(pinfo->cinfo, COL_INFO);
5033
5034 /* create a new TVB structure for desegmented data */
5035 next_tvb = tvb_new_chain(tvb, ipfd_head->tvb_data);
5036
5037 /* add desegmented data to the data source list */
5038 add_new_data_source(pinfo, next_tvb, "Reassembled SSH");
5039
5040 /* call subdissector */
5041 ssh_process_payload(next_tvb, 0, pinfo, tree, channel);
5042 called_dissector = true1;
5043
5044 /*
5045 * OK, did the subdissector think it was completely
5046 * desegmented, or does it think we need even more
5047 * data?
5048 */
5049 old_len = (int)(tvb_reported_length(next_tvb) - tvb_reported_length_remaining(tvb, offset));
5050 if (pinfo->desegment_len && pinfo->desegment_offset <= old_len) {
5051 /*
5052 * "desegment_len" isn't 0, so it needs more
5053 * data for something - and "desegment_offset"
5054 * is before "old_len", so it needs more data
5055 * to dissect the stuff we thought was
5056 * completely desegmented (as opposed to the
5057 * stuff at the beginning being completely
5058 * desegmented, but the stuff at the end
5059 * being a new higher-level PDU that also
5060 * needs desegmentation).
5061 */
5062 fragment_set_partial_reassembly(&ssh_reassembly_table,
5063 pinfo, ssh_msp_fragment_id(msp), msp);
5064 /* Update msp->nxtpdu to point to the new next
5065 * pdu boundary.
5066 */
5067 if (pinfo->desegment_len == DESEGMENT_ONE_MORE_SEGMENT0x0fffffff) {
5068 /* We want reassembly of at least one
5069 * more segment so set the nxtpdu
5070 * boundary to one byte into the next
5071 * segment.
5072 * This means that the next segment
5073 * will complete reassembly even if it
5074 * is only one single byte in length.
5075 */
5076 msp->nxtpdu = seq + tvb_reported_length_remaining(tvb, offset) + 1;
5077 msp->flags |= MSP_FLAGS_REASSEMBLE_ENTIRE_SEGMENT0x00000001;
5078 } else if (pinfo->desegment_len == DESEGMENT_UNTIL_FIN0x0ffffffe) {
5079 /* This is not the first segment, and we thought reassembly
5080 * would be done now, but now we know we desegment at FIN.
5081 * E.g., a HTTP response where the headers were split
5082 * across segments (so previous ONE_MORE_SEGMENT) and
5083 * also no Content-Length (so now DESEGMENT_UNTIL_FIN).
5084 */
5085 channel->flags |= TCP_FLOW_REASSEMBLE_UNTIL_FIN0x0001;
5086 msp->nxtpdu = nxtseq + 0x40000000;
5087 } else {
5088 msp->nxtpdu = seq + tvb_reported_length_remaining(tvb, offset) + pinfo->desegment_len;
5089 }
5090 /* Since we need at least some more data
5091 * there can be no pdu following in the
5092 * tail of this segment.
5093 */
5094 another_pdu_follows = 0;
5095 } else {
5096 /*
5097 * Show the stuff in this TCP segment as
5098 * just raw TCP segment data.
5099 */
5100 nbytes = another_pdu_follows > 0
5101 ? another_pdu_follows
5102 : tvb_reported_length_remaining(tvb, offset);
5103 ssh_proto_tree_add_segment_data(tree, tvb, offset, nbytes, NULL((void*)0));
5104
5105 /* Show details of the reassembly */
5106 print_ssh_fragment_tree(ipfd_head, proto_tree_get_root(tree), tree, pinfo, next_tvb);
5107
5108 /* Did the subdissector ask us to desegment
5109 * some more data? This means that the data
5110 * at the beginning of this segment completed
5111 * a higher-level PDU, but the data at the
5112 * end of this segment started a higher-level
5113 * PDU but didn't complete it.
5114 *
5115 * If so, we have to create some structures
5116 * in our table, but this is something we
5117 * only do the first time we see this packet.
5118 */
5119 if (pinfo->desegment_len) {
5120 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited))
5121 must_desegment = true1;
5122
5123 /* The stuff we couldn't dissect
5124 * must have come from this segment,
5125 * so it's all in "tvb".
5126 *
5127 * "pinfo->desegment_offset" is
5128 * relative to the beginning of
5129 * "next_tvb"; we want an offset
5130 * relative to the beginning of "tvb".
5131 *
5132 * First, compute the offset relative
5133 * to the *end* of "next_tvb" - i.e.,
5134 * the number of bytes before the end
5135 * of "next_tvb" at which the
5136 * subdissector stopped. That's the
5137 * length of "next_tvb" minus the
5138 * offset, relative to the beginning
5139 * of "next_tvb, at which the
5140 * subdissector stopped.
5141 */
5142 deseg_offset = ipfd_head->datalen - pinfo->desegment_offset;
5143
5144 /* "tvb" and "next_tvb" end at the
5145 * same byte of data, so the offset
5146 * relative to the end of "next_tvb"
5147 * of the byte at which we stopped
5148 * is also the offset relative to
5149 * the end of "tvb" of the byte at
5150 * which we stopped.
5151 *
5152 * Convert that back into an offset
5153 * relative to the beginning of
5154 * "tvb", by taking the length of
5155 * "tvb" and subtracting the offset
5156 * relative to the end.
5157 */
5158 deseg_offset = tvb_reported_length(tvb) - deseg_offset;
5159 }
5160 }
5161 }
5162 }
5163
5164 if (must_desegment) {
5165 /* If the dissector requested "reassemble until FIN"
5166 * just set this flag for the flow and let reassembly
5167 * proceed at normal. We will check/pick up these
5168 * reassembled PDUs later down in dissect_tcp() when checking
5169 * for the FIN flag.
5170 */
5171 if (pinfo->desegment_len == DESEGMENT_UNTIL_FIN0x0ffffffe) {
5172 channel->flags |= TCP_FLOW_REASSEMBLE_UNTIL_FIN0x0001;
5173 }
5174 /*
5175 * The sequence number at which the stuff to be desegmented
5176 * starts is the sequence number of the byte at an offset
5177 * of "deseg_offset" into "tvb".
5178 *
5179 * The sequence number of the byte at an offset of "offset"
5180 * is "seq", i.e. the starting sequence number of this
5181 * segment, so the sequence number of the byte at
5182 * "deseg_offset" is "seq + (deseg_offset - offset)".
5183 */
5184 deseg_seq = seq + (deseg_offset - offset);
5185
5186 if (((nxtseq - deseg_seq) <= 1024*1024)
5187 && (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited))) {
5188 if (pinfo->desegment_len == DESEGMENT_ONE_MORE_SEGMENT0x0fffffff) {
5189 /* The subdissector asked to reassemble using the
5190 * entire next segment.
5191 * Just ask reassembly for one more byte
5192 * but set this msp flag so we can pick it up
5193 * above.
5194 */
5195 msp = pdu_store_sequencenumber_of_next_pdu(pinfo,
5196 deseg_seq, nxtseq+1, channel->multisegment_pdus);
5197 msp->flags |= MSP_FLAGS_REASSEMBLE_ENTIRE_SEGMENT0x00000001;
5198 } else if (pinfo->desegment_len == DESEGMENT_UNTIL_FIN0x0ffffffe) {
5199 /* Set nxtseq very large so that reassembly won't happen
5200 * until we force it at the end of the stream in dissect_ssl()
5201 * outside this function.
5202 */
5203 msp = pdu_store_sequencenumber_of_next_pdu(pinfo,
5204 deseg_seq, nxtseq+0x40000000, channel->multisegment_pdus);
5205 } else {
5206 msp = pdu_store_sequencenumber_of_next_pdu(pinfo,
5207 deseg_seq, nxtseq+pinfo->desegment_len, channel->multisegment_pdus);
5208 }
5209
5210 /* add this segment as the first one for this new pdu */
5211 fragment_add(&ssh_reassembly_table, tvb, deseg_offset,
5212 pinfo, ssh_msp_fragment_id(msp), msp,
5213 0, nxtseq - deseg_seq,
5214 LT_SEQ(nxtseq, msp->nxtpdu)((int32_t)((nxtseq) - (msp->nxtpdu)) < 0));
5215 }
5216 }
5217
5218 if (!called_dissector || pinfo->desegment_len != 0) {
5219 if (ipfd_head != NULL((void*)0) && ipfd_head->reassembled_in != 0 &&
5220 ipfd_head->reassembled_in != pinfo->num &&
5221 !(ipfd_head->flags & FD_PARTIAL_REASSEMBLY0x0040)) {
5222 /*
5223 * We know what other frame this PDU is reassembled in;
5224 * let the user know.
5225 */
5226 item=proto_tree_add_uint(tree, *ssh_segment_items.hf_reassembled_in,
5227 tvb, 0, 0, ipfd_head->reassembled_in);
5228 proto_item_set_generated(item);
5229 }
5230
5231 /*
5232 * Either we didn't call the subdissector at all (i.e.,
5233 * this is a segment that contains the middle of a
5234 * higher-level PDU, but contains neither the beginning
5235 * nor the end), or the subdissector couldn't dissect it
5236 * all, as some data was missing (i.e., it set
5237 * "pinfo->desegment_len" to the amount of additional
5238 * data it needs).
5239 */
5240 if (!another_segment_in_frame && pinfo->desegment_offset == 0) {
5241 /*
5242 * It couldn't, in fact, dissect any of it (the
5243 * first byte it couldn't dissect is at an offset
5244 * of "pinfo->desegment_offset" from the beginning
5245 * of the payload, and that's 0).
5246 * Just mark this as SSH.
5247 */
5248
5249 /* SFTP checks the length before setting the protocol column.
5250 * If other subdissectors don't do this, we'd want to set the
5251 * protocol column back - but we want to get the SSH version
5252 */
5253 //col_set_str(pinfo->cinfo, COL_PROTOCOL,
5254 // val_to_str_const(session->version, ssl_version_short_names, "SSH"));
5255 if (first_pdu) {
5256 col_append_sep_str(pinfo->cinfo, COL_INFO, " ", "[SSH segment of a reassembled PDU]");
5257 }
5258 }
5259
5260 /*
5261 * Show what's left in the packet as just raw SSH segment data.
5262 * XXX - remember what protocol the last subdissector
5263 * was, and report it as a continuation of that, instead?
5264 */
5265 nbytes = tvb_reported_length_remaining(tvb, deseg_offset);
5266 ssh_proto_tree_add_segment_data(tree, tvb, deseg_offset, nbytes, NULL((void*)0));
5267 }
5268 pinfo->can_desegment = 0;
5269 pinfo->desegment_offset = 0;
5270 pinfo->desegment_len = 0;
5271
5272 if (another_pdu_follows) {
5273 /* there was another pdu following this one. */
5274 pinfo->can_desegment=2;
5275 /* we also have to prevent the dissector from changing the
5276 * PROTOCOL and INFO colums since what follows may be an
5277 * incomplete PDU and we don't want it be changed back from
5278 * <Protocol> to <SSH>
5279 */
5280 col_set_fence(pinfo->cinfo, COL_INFO);
5281 col_set_writable(pinfo->cinfo, COL_PROTOCOL, false0);
5282 first_pdu = false0;
5283 offset += another_pdu_follows;
5284 seq += another_pdu_follows;
5285 goto again;
5286 }
5287}
5288
5289static void
5290ssh_dissect_channel_data(tvbuff_t *tvb, packet_info *pinfo,
5291 struct ssh_peer_data *peer_data _U___attribute__((unused)), proto_tree *tree,
5292 ssh_message_info_t *message _U___attribute__((unused)), ssh_channel_info_t *channel)
5293{
5294
5295 uint16_t save_can_desegment = pinfo->can_desegment;
5296
5297 if (ssh_desegment) {
5298 pinfo->can_desegment = 2;
5299 desegment_ssh(tvb, pinfo, message->byte_seq, message->next_byte_seq, tree, channel);
5300 } else {
5301 pinfo->can_desegment = 0;
5302 bool_Bool save_fragmented = pinfo->fragmented;
5303 pinfo->fragmented = true1;
5304
5305 ssh_process_payload(tvb, 0, pinfo, tree, channel);
5306 pinfo->fragmented = save_fragmented;
5307 }
5308
5309 pinfo->can_desegment = save_can_desegment;
5310}
5311
5312static int
5313ssh_dissect_term_modes(tvbuff_t *tvb, packet_info *pinfo _U___attribute__((unused)), proto_tree *tree)
5314{
5315 proto_item *ti;
5316 proto_tree *term_mode_tree, *subtree;
5317 int offset = 0;
5318 uint32_t opcode, value, idx;
5319 bool_Bool boolval;
5320
5321 struct tty_opt_info {
5322 unsigned id;
5323 int *hfindex;
5324 };
5325 static const struct tty_opt_info tty_opts[] = {
5326 { SSH_TTY_OP_END0, NULL((void*)0)},
5327 { SSH_TTY_OP_VINTR1, &hf_ssh_pty_term_mode_vintr },
5328 { SSH_TTY_OP_VQUIT2, &hf_ssh_pty_term_mode_vquit },
5329 { SSH_TTY_OP_VERASE3, &hf_ssh_pty_term_mode_verase },
5330 { SSH_TTY_OP_VKILL4, &hf_ssh_pty_term_mode_vkill },
5331 { SSH_TTY_OP_VEOF5, &hf_ssh_pty_term_mode_veof },
5332 { SSH_TTY_OP_VEOL6, &hf_ssh_pty_term_mode_veol },
5333 { SSH_TTY_OP_VEOL27, &hf_ssh_pty_term_mode_veol2 },
5334 { SSH_TTY_OP_VSTART8, &hf_ssh_pty_term_mode_vstart },
5335 { SSH_TTY_OP_VSTOP9, &hf_ssh_pty_term_mode_vstop },
5336 { SSH_TTY_OP_VSUSP10, &hf_ssh_pty_term_mode_vsusp },
5337 { SSH_TTY_OP_VDSUSP11, &hf_ssh_pty_term_mode_vdsusp },
5338 { SSH_TTY_OP_VREPRINT12, &hf_ssh_pty_term_mode_vreprint },
5339 { SSH_TTY_OP_VWERASE13, &hf_ssh_pty_term_mode_vwerase },
5340 { SSH_TTY_OP_VLNEXT14, &hf_ssh_pty_term_mode_vlnext },
5341 { SSH_TTY_OP_VFLUSH15, &hf_ssh_pty_term_mode_vflush },
5342 { SSH_TTY_OP_VSWTCH16, &hf_ssh_pty_term_mode_vswtch },
5343 { SSH_TTY_OP_VSTATUS17, &hf_ssh_pty_term_mode_vstatus },
5344 { SSH_TTY_OP_VDISCARD18, &hf_ssh_pty_term_mode_vdiscard },
5345 { SSH_TTY_OP_IGNPAR30, &hf_ssh_pty_term_mode_ignpar },
5346 { SSH_TTY_OP_PARMRK31, &hf_ssh_pty_term_mode_parmrk },
5347 { SSH_TTY_OP_INPCK32, &hf_ssh_pty_term_mode_inpck },
5348 { SSH_TTY_OP_ISTRIP33, &hf_ssh_pty_term_mode_istrip },
5349 { SSH_TTY_OP_INLCR34, &hf_ssh_pty_term_mode_inlcr },
5350 { SSH_TTY_OP_IGNCR35, &hf_ssh_pty_term_mode_igncr },
5351 { SSH_TTY_OP_ICRNL36, &hf_ssh_pty_term_mode_icrnl },
5352 { SSH_TTY_OP_IUCLC37, &hf_ssh_pty_term_mode_iuclc },
5353 { SSH_TTY_OP_IXON38, &hf_ssh_pty_term_mode_ixon },
5354 { SSH_TTY_OP_IXANY39, &hf_ssh_pty_term_mode_ixany },
5355 { SSH_TTY_OP_IXOFF40, &hf_ssh_pty_term_mode_ixoff },
5356 { SSH_TTY_OP_IMAXBEL41, &hf_ssh_pty_term_mode_imaxbel },
5357 { SSH_TTY_OP_IUTF842, &hf_ssh_pty_term_mode_iutf8 },
5358 { SSH_TTY_OP_ISIG50, &hf_ssh_pty_term_mode_isig },
5359 { SSH_TTY_OP_ICANON51, &hf_ssh_pty_term_mode_icanon },
5360 { SSH_TTY_OP_XCASE52, &hf_ssh_pty_term_mode_xcase },
5361 { SSH_TTY_OP_ECHO53, &hf_ssh_pty_term_mode_echo },
5362 { SSH_TTY_OP_ECHOE54, &hf_ssh_pty_term_mode_echoe },
5363 { SSH_TTY_OP_ECHOK55, &hf_ssh_pty_term_mode_echok },
5364 { SSH_TTY_OP_ECHONL56, &hf_ssh_pty_term_mode_echonl },
5365 { SSH_TTY_OP_NOFLSH57, &hf_ssh_pty_term_mode_noflsh },
5366 { SSH_TTY_OP_TOSTOP58, &hf_ssh_pty_term_mode_tostop },
5367 { SSH_TTY_OP_IEXTEN59, &hf_ssh_pty_term_mode_iexten },
5368 { SSH_TTY_OP_ECHOCTL60, &hf_ssh_pty_term_mode_echoctl },
5369 { SSH_TTY_OP_ECHOKE61, &hf_ssh_pty_term_mode_echoke },
5370 { SSH_TTY_OP_PENDIN62, &hf_ssh_pty_term_mode_pendin },
5371 { SSH_TTY_OP_OPOST70, &hf_ssh_pty_term_mode_opost },
5372 { SSH_TTY_OP_OLCUC71, &hf_ssh_pty_term_mode_olcuc },
5373 { SSH_TTY_OP_ONLCR72, &hf_ssh_pty_term_mode_onlcr },
5374 { SSH_TTY_OP_OCRNL73, &hf_ssh_pty_term_mode_ocrnl },
5375 { SSH_TTY_OP_ONOCR74, &hf_ssh_pty_term_mode_onocr },
5376 { SSH_TTY_OP_ONLRET75, &hf_ssh_pty_term_mode_onlret },
5377 { SSH_TTY_OP_CS790, &hf_ssh_pty_term_mode_cs7 },
5378 { SSH_TTY_OP_CS891, &hf_ssh_pty_term_mode_cs8 },
5379 { SSH_TTY_OP_PARENB92, &hf_ssh_pty_term_mode_parenb },
5380 { SSH_TTY_OP_PARODD93, &hf_ssh_pty_term_mode_parodd },
5381 { SSH_TTY_OP_ISPEED128, &hf_ssh_pty_term_mode_ispeed },
5382 { SSH_TTY_OP_OSPEED129, &hf_ssh_pty_term_mode_ospeed }
5383 };
5384
5385 ti = proto_tree_add_item(tree, hf_ssh_pty_term_modes, tvb, offset, tvb_reported_length(tvb), ENC_NA0x00000000);
5386 term_mode_tree = proto_item_add_subtree(ti, ett_term_modes);
5387 while (tvb_reported_length_remaining(tvb, offset)) {
5388 ti = proto_tree_add_item(term_mode_tree, hf_ssh_pty_term_mode, tvb, offset, 5, ENC_NA0x00000000);
5389 subtree = proto_item_add_subtree(ti, ett_term_mode);
5390 proto_tree_add_item_ret_uint(subtree, hf_ssh_pty_term_mode_opcode, tvb, offset, 1, ENC_NA0x00000000, &opcode);
5391 proto_item_append_text(ti, ": %s", val_to_str_const(opcode, ssh_tty_op_vals, "Unknown"));
5392 offset += 1;
5393 if (opcode == SSH_TTY_OP_END0) {
5394 break;
5395 }
5396 for (idx = 0; idx < array_length(tty_opts)(sizeof (tty_opts) / sizeof (tty_opts)[0]); idx++) {
5397 if (tty_opts[idx].id == opcode) break;
5398 }
5399 if (idx >= array_length(tty_opts)(sizeof (tty_opts) / sizeof (tty_opts)[0])) {
5400 proto_tree_add_item_ret_uint(subtree, hf_ssh_pty_term_mode_value, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &value);
5401 proto_item_append_text(ti, "=%d", value);
5402 } else {
5403 DISSECTOR_ASSERT(tty_opts[idx].hfindex)((void) ((tty_opts[idx].hfindex) ? (void)0 : (proto_report_dissector_bug
("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-ssh.c"
, 5403, "tty_opts[idx].hfindex"))));
5404 int hfindex = *tty_opts[idx].hfindex;
5405 switch (proto_registrar_get_ftype(hfindex)) {
5406 case FT_BOOLEAN:
5407 proto_tree_add_item_ret_boolean(subtree, hfindex, tvb, offset + 3, 1, ENC_NA0x00000000, &boolval);
5408 proto_item_append_text(ti, "=%s", boolval ? "True" : "False");
5409 break;
5410 case FT_CHAR:
5411 proto_tree_add_item_ret_uint(subtree, hfindex, tvb, offset + 3, 1, ENC_NA0x00000000, &value);
5412 proto_item_append_text(ti, "='%s'", format_char(pinfo->pool, (char)value));
5413 break;
5414 case FT_UINT32:
5415 proto_tree_add_item_ret_uint(subtree, hfindex, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &value);
5416 proto_item_append_text(ti, "=%d", value);
5417 break;
5418 default:
5419 DISSECTOR_ASSERT_NOT_REACHED()(proto_report_dissector_bug("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\""
, "epan/dissectors/packet-ssh.c", 5419));
5420 }
5421 }
5422 offset += 4;
5423 }
5424 return offset;
5425}
5426
5427static int
5428ssh_dissect_connection_specific(tvbuff_t *packet_tvb, packet_info *pinfo,
5429 struct ssh_peer_data *peer_data, int offset, proto_tree *msg_type_tree,
5430 unsigned msg_code, ssh_message_info_t *message)
5431{
5432 uint32_t recipient_channel, sender_channel;
5433
5434 if (msg_code == SSH_MSG_CHANNEL_OPEN90) {
5435 uint32_t slen;
5436 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_connection_type_name_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
5437 offset += 4;
5438 proto_tree_add_item(msg_type_tree, hf_ssh_connection_type_name, packet_tvb, offset, slen, ENC_UTF_80x00000002);
5439 offset += slen;
5440 proto_tree_add_item(msg_type_tree, hf_ssh_connection_sender_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5441 offset += 4;
5442 proto_tree_add_item(msg_type_tree, hf_ssh_connection_initial_window, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5443 offset += 4;
5444 proto_tree_add_item(msg_type_tree, hf_ssh_connection_maximum_packet_size, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5445 offset += 4;
5446 } else if (msg_code == SSH_MSG_CHANNEL_OPEN_CONFIRMATION91) {
5447 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &recipient_channel);
5448 offset += 4;
5449 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_connection_sender_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &sender_channel);
5450 offset += 4;
5451 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
5452 create_channel(peer_data, recipient_channel, sender_channel);
5453 }
5454 proto_tree_add_item(msg_type_tree, hf_ssh_connection_initial_window, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5455 offset += 4;
5456 proto_tree_add_item(msg_type_tree, hf_ssh_connection_maximum_packet_size, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5457 offset += 4;
5458 } else if (msg_code == SSH_MSG_CHANNEL_WINDOW_ADJUST93) {
5459 proto_tree_add_item(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5460 offset += 4;
5461 proto_tree_add_item(msg_type_tree, hf_ssh_channel_window_adjust, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); // TODO: maintain count of transferred bytes and window size
5462 offset += 4;
5463 } else if (msg_code == SSH_MSG_CHANNEL_DATA94) {
5464 proto_item* ti = proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &recipient_channel);
5465 offset += 4;
5466 // TODO: process according to the type of channel
5467 uint32_t slen;
5468 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_channel_data_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
5469 offset += 4;
5470 tvbuff_t* next_tvb = tvb_new_subset_length(packet_tvb, offset, slen);
5471
5472 ssh_channel_info_t* channel = get_channel_info_for_channel(peer_data, recipient_channel);
5473 if (channel) {
5474 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
5475 message->byte_seq = channel->byte_seq;
5476 channel->byte_seq += slen;
5477 message->next_byte_seq = channel->byte_seq;
5478 }
5479 ssh_dissect_channel_data(next_tvb, pinfo, peer_data, msg_type_tree, message, channel);
5480 } else {
5481 expert_add_info_format(pinfo, ti, &ei_ssh_channel_number, "Could not find configuration for channel %d", recipient_channel);
5482 }
5483 offset += slen;
5484 } else if (msg_code == SSH_MSG_CHANNEL_EXTENDED_DATA95) {
5485 proto_item* ti = proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &recipient_channel);
5486 offset += 4;
5487 // TODO: process according to the type of channel
5488 proto_tree_add_item(msg_type_tree, hf_ssh_channel_data_type_code, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5489 offset += 4;
5490 uint32_t slen;
5491 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_channel_data_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
5492 offset += 4;
5493 tvbuff_t* next_tvb = tvb_new_subset_length(packet_tvb, offset, slen);
5494
5495 ssh_channel_info_t* channel = get_channel_info_for_channel(peer_data, recipient_channel);
5496 if (channel) {
5497 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
5498 message->byte_seq = channel->byte_seq;
5499 channel->byte_seq += slen;
5500 message->next_byte_seq = channel->byte_seq;
5501 }
5502 ssh_dissect_channel_data(next_tvb, pinfo, peer_data, msg_type_tree, message, channel);
5503 } else {
5504 expert_add_info_format(pinfo, ti, &ei_ssh_channel_number, "Could not find configuration for channel %d", recipient_channel);
5505 }
5506 offset += slen;
5507 } else if (msg_code == SSH_MSG_CHANNEL_EOF96) {
5508 proto_tree_add_item(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5509 offset += 4;
5510 } else if (msg_code == SSH_MSG_CHANNEL_CLOSE97) {
5511 proto_tree_add_item(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5512 offset += 4;
5513 } else if (msg_code == SSH_MSG_CHANNEL_REQUEST98) {
5514 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &recipient_channel);
5515 offset += 4;
5516 const uint8_t* request_name;
5517 uint32_t slen;
5518 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_channel_request_name_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
5519 offset += 4;
5520 proto_tree_add_item_ret_string(msg_type_tree, hf_ssh_channel_request_name, packet_tvb, offset, slen, ENC_UTF_80x00000002, pinfo->pool, &request_name);
5521 offset += slen;
5522 proto_tree_add_item(msg_type_tree, hf_ssh_channel_request_want_reply, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
5523 offset += 1;
5524 /* RFC 4254 6.5: "Only one of these requests ["shell", "exec",
5525 * or "subsystem"] can succeed per channel." Set up the
5526 * appropriate handler for future CHANNEL_DATA and
5527 * CHANNEL_EXTENDED_DATA messages on the channel.
5528 *
5529 * XXX - For "shell" and "exec", it might make more sense to send
5530 * CHANNEL_DATA to the "data-text-lines" dissector rather than "data".
5531 * Ideally if a pty has been setup there would be a way to interpret
5532 * the escape codes.
5533 */
5534 if (0 == strcmp(request_name, "subsystem")) {
5535 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_subsystem_name_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
5536 offset += 4;
5537 const uint8_t* subsystem_name;
5538 proto_tree_add_item_ret_string(msg_type_tree, hf_ssh_subsystem_name, packet_tvb, offset, slen, ENC_UTF_80x00000002, pinfo->pool, &subsystem_name);
5539 set_subdissector_for_channel(peer_data, recipient_channel, subsystem_name);
5540 offset += slen;
5541 } else if (0 == strcmp(request_name, "env")) {
5542 /* The encoding for "env" variables and "exec" commands is not
5543 * specified in the SSH protocol, and must match whatever the
5544 * server expects. (Unlike CHANNEL_DATA, it is not affected by
5545 * whatever is in "env" or anything else in the protocol, and the
5546 * strings are passed to execve directly.) In practice the strings
5547 * must not have internal NULs (no UTF-16), and OpenSSH for Windows
5548 * and IBM z/OS force the use of UTF-8 and ISO-8859-1, respectively.
5549 *
5550 * These will probably be ASCII-compatible.
5551 */
5552 proto_tree_add_item_ret_length(msg_type_tree, hf_ssh_env_name, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000 | ENC_UTF_80x00000002, &slen);
5553 offset += slen;
5554 proto_tree_add_item_ret_length(msg_type_tree, hf_ssh_env_value, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000 | ENC_UTF_80x00000002, &slen);
5555 offset += slen;
5556 } else if (0 == strcmp(request_name, "exec")) {
5557 proto_tree_add_item_ret_length(msg_type_tree, hf_ssh_exec_cmd, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000 | ENC_UTF_80x00000002, &slen);
5558 offset += slen;
5559 set_subdissector_for_channel(peer_data, recipient_channel, "exec");
5560 } else if (0 == strcmp(request_name, "exit-status")) {
5561 proto_tree_add_item(msg_type_tree, hf_ssh_exit_status, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5562 offset += 4;
5563 } else if (0 == strcmp(request_name, "shell")) {
5564 set_subdissector_for_channel(peer_data, recipient_channel, "shell");
5565 } else if (0 == strcmp(request_name, "pty-req")) {
5566 proto_tree_add_item_ret_length(msg_type_tree, hf_ssh_pty_term, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000 | ENC_UTF_80x00000002, &slen);
5567 offset += slen;
5568 proto_tree_add_item(msg_type_tree, hf_ssh_pty_term_width_char, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5569 offset += 4;
5570 proto_tree_add_item(msg_type_tree, hf_ssh_pty_term_height_row, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5571 offset += 4;
5572 proto_tree_add_item(msg_type_tree, hf_ssh_pty_term_width_pixel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5573 offset += 4;
5574 proto_tree_add_item(msg_type_tree, hf_ssh_pty_term_height_pixel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5575 offset += 4;
5576 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_pty_term_modes_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
5577 offset += 4;
5578 offset += ssh_dissect_term_modes(tvb_new_subset_length(packet_tvb, offset, slen), pinfo, msg_type_tree);
5579 }
5580 } else if (msg_code == SSH_MSG_CHANNEL_SUCCESS99) {
5581 proto_tree_add_item(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5582 offset += 4;
5583 }
5584 return offset;
5585}
5586
5587/* Channel mapping {{{ */
5588
5589/* The usual flow:
5590 * 1. client sends SSH_MSG_CHANNEL_OPEN with its (sender) channel number
5591 * 2. server responds with SSH_MSG_CHANNEL_OPEN_CONFIRMATION with
5592 * its channel number and echoing the client's number, creating
5593 * a bijective map
5594 * 3. client sends SSH_MSG_CHANNEL_REQUEST which has the name of
5595 * the shell, command, or subsystem to start. This has the recipient's
5596 * channel number (i.e. the server's)
5597 * 4. server may send back a SSG_MSG_CHANNEL_SUCCESS (or _FAILURE) with
5598 * the the recipient (i.e., client) channel number, but this does not
5599 * contain the subsystem name or anything identifying the request to
5600 * which it responds. It MUST be sent in the same order as the
5601 * corresponding request message (RFC 4254 4 Global Requests), so we
5602 * could track it that way, but for our purposes we just treat all
5603 * requests as successes. (If not, either there won't be data or another
5604 * request will supercede it later.)
5605 *
5606 * Either side can open a channel (RFC 4254 5 Channel Mechanism). The
5607 * typical flow is the client opening a channel, but in the case of
5608 * remote port forwarding (7 TCP/IP Port Forwarding) the directions are
5609 * swapped. For port forwarding, all the information is contained in the
5610 * SSH_MSG_CHANNEL_OPEN, there is no SSH_MSG_CHANNEL_REQUEST.
5611*
5612 * XXX: Channel numbers can be re-used after being closed (5.3 Closing a
5613 * Channel), but not necessarily mapped to the same channel number on the
5614 * other side. If that actually happens, the right way to handle this is
5615 * to track the state changes over time for random packet access (e.g.,
5616 * using a multimap with the packet number instead of maps.)
5617 */
5618
5619static struct ssh_peer_data*
5620get_other_peer_data(struct ssh_peer_data *peer_data)
5621{
5622 bool_Bool is_server = &peer_data->global_data->peer_data[SERVER_PEER_DATA1]==peer_data;
5623 if (is_server) {
5624 return &peer_data->global_data->peer_data[CLIENT_PEER_DATA0];
5625 } else {
5626 return &peer_data->global_data->peer_data[SERVER_PEER_DATA1];
5627 }
5628}
5629
5630/* Create pairings between a recipient channel and the sender's channel,
5631 * from a SSH_MSG_CHANNEL_OPEN_CONFIRMATION. */
5632static void
5633create_channel(struct ssh_peer_data *peer_data, uint32_t recipient_channel, uint32_t sender_channel)
5634{
5635 if (peer_data->channel_info == NULL((void*)0)) {
5636 peer_data->channel_info = wmem_map_new(wmem_file_scope(), g_direct_hash, g_direct_equal);
5637 }
5638 wmem_map_insert(peer_data->channel_info, GUINT_TO_POINTER(sender_channel)((gpointer) (gulong) (sender_channel)), GUINT_TO_POINTER(recipient_channel)((gpointer) (gulong) (recipient_channel)));
5639
5640 if (peer_data->channel_handles == NULL((void*)0)) {
5641 peer_data->channel_handles = wmem_map_new(wmem_file_scope(), g_direct_hash, g_direct_equal);
5642 }
5643
5644 ssh_channel_info_t *new_channel = wmem_new0(wmem_file_scope(), ssh_channel_info_t)((ssh_channel_info_t*)wmem_alloc0((wmem_file_scope()), sizeof
(ssh_channel_info_t)));
5645 new_channel->multisegment_pdus = wmem_tree_new(wmem_file_scope());
5646 wmem_map_insert(peer_data->channel_handles, GUINT_TO_POINTER(recipient_channel)((gpointer) (gulong) (recipient_channel)), new_channel);
5647
5648 /* If the recipient channel is already configured in the other direction,
5649 * set the handle. We need this if we eventually handle port forwarding,
5650 * where all the information to handle the traffic is sent in the
5651 * SSH_MSG_CHANNEL_OPEN message before the CONFIRMATION. It might also
5652 * help if the packets are out of order (i.e. we get the client
5653 * CHANNEL_REQUEST before the CHANNEL_OPEN_CONFIRMATION.)
5654 */
5655 struct ssh_peer_data *other_peer_data = get_other_peer_data(peer_data);
5656 if (other_peer_data->channel_handles) {
5657 ssh_channel_info_t *peer_channel = wmem_map_lookup(other_peer_data->channel_handles, GUINT_TO_POINTER(sender_channel)((gpointer) (gulong) (sender_channel)));
5658 if (peer_channel) {
5659 new_channel->handle = peer_channel->handle;
5660 }
5661 }
5662}
5663
5664static ssh_channel_info_t*
5665get_channel_info_for_channel(struct ssh_peer_data *peer_data, uint32_t recipient_channel)
5666{
5667 if (peer_data->channel_handles == NULL((void*)0)) {
5668 return NULL((void*)0);
5669 }
5670 ssh_channel_info_t *channel = wmem_map_lookup(peer_data->channel_handles, GUINT_TO_POINTER(recipient_channel)((gpointer) (gulong) (recipient_channel)));
5671
5672 return channel;
5673}
5674
5675static void
5676set_subdissector_for_channel(struct ssh_peer_data *peer_data, uint32_t recipient_channel, const uint8_t* subsystem_name)
5677{
5678 dissector_handle_t handle = NULL((void*)0);
5679 if (0 == strcmp(subsystem_name, "sftp")) {
5680 handle = sftp_handle;
5681 } else if (0 == strcmp(subsystem_name, "shell") ||
5682 0 == strcmp(subsystem_name, "exec")) {
5683 handle = data_text_lines_handle;
5684 }
5685
5686 if (handle) {
5687 /* Map this handle to the recipient channel */
5688 ssh_channel_info_t *channel = NULL((void*)0);
5689 if (peer_data->channel_handles == NULL((void*)0)) {
5690 peer_data->channel_handles = wmem_map_new(wmem_file_scope(), g_direct_hash, g_direct_equal);
5691 } else {
5692 channel = wmem_map_lookup(peer_data->channel_handles, GUINT_TO_POINTER(recipient_channel)((gpointer) (gulong) (recipient_channel)));
5693 }
5694 if (channel == NULL((void*)0)) {
5695 channel = wmem_new0(wmem_file_scope(), ssh_channel_info_t)((ssh_channel_info_t*)wmem_alloc0((wmem_file_scope()), sizeof
(ssh_channel_info_t)));
5696 channel->multisegment_pdus = wmem_tree_new(wmem_file_scope());
5697 wmem_map_insert(peer_data->channel_handles, GUINT_TO_POINTER(recipient_channel)((gpointer) (gulong) (recipient_channel)), channel);
5698 }
5699 channel->handle = handle;
5700
5701 /* This recipient channel is the sender channel for the other side.
5702 * Do we know what the recipient channel on the other side is? */
5703 struct ssh_peer_data *other_peer_data = get_other_peer_data(peer_data);
5704
5705 wmem_map_t *channel_info = other_peer_data->channel_info;
5706 if (channel_info) {
5707 void *sender_channel_p;
5708 if (wmem_map_lookup_extended(channel_info, GUINT_TO_POINTER(recipient_channel)((gpointer) (gulong) (recipient_channel)), NULL((void*)0), &sender_channel_p)) {
5709 uint32_t sender_channel = GPOINTER_TO_UINT(sender_channel_p)((guint) (gulong) (sender_channel_p));
5710 /* Yes. See the handle for the other side too. */
5711 if (other_peer_data->channel_handles == NULL((void*)0)) {
5712 other_peer_data->channel_handles = wmem_map_new(wmem_file_scope(), g_direct_hash, g_direct_equal);
5713 channel = NULL((void*)0);
5714 } else {
5715 channel = wmem_map_lookup(other_peer_data->channel_handles, GUINT_TO_POINTER(sender_channel)((gpointer) (gulong) (sender_channel)));
5716 }
5717 if (channel == NULL((void*)0)) {
5718 channel = wmem_new0(wmem_file_scope(), ssh_channel_info_t)((ssh_channel_info_t*)wmem_alloc0((wmem_file_scope()), sizeof
(ssh_channel_info_t)));
5719 channel->multisegment_pdus = wmem_tree_new(wmem_file_scope());
5720 wmem_map_insert(other_peer_data->channel_handles, GUINT_TO_POINTER(sender_channel)((gpointer) (gulong) (sender_channel)), channel);
5721 }
5722 channel->handle = handle;
5723 }
5724 }
5725 }
5726}
5727
5728/* Channel mapping. }}} */
5729
5730static int
5731ssh_dissect_connection_generic(tvbuff_t *packet_tvb, packet_info *pinfo,
5732 int offset, proto_item *msg_type_tree, unsigned msg_code)
5733{
5734 (void)pinfo;
5735 if(msg_code==SSH_MSG_GLOBAL_REQUEST80){
5736 uint8_t* request_name;
5737 unsigned slen;
5738 slen = tvb_get_ntohl(packet_tvb, offset) ;
5739 proto_tree_add_item(msg_type_tree, hf_ssh_global_request_name_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5740 offset += 4;
5741 request_name = tvb_get_string_enc(pinfo->pool, packet_tvb, offset, slen, ENC_ASCII0x00000000|ENC_NA0x00000000);
5742 proto_tree_add_item(msg_type_tree, hf_ssh_global_request_name, packet_tvb, offset, slen, ENC_ASCII0x00000000);
5743 offset += slen;
5744 proto_tree_add_item(msg_type_tree, hf_ssh_global_request_want_reply, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
5745 offset += 1;
5746 if (0 == strcmp(request_name, "[email protected]") ||
5747 0 == strcmp(request_name, "[email protected]")) {
5748 while (tvb_reported_length_remaining(packet_tvb, offset)) {
5749 offset += ssh_tree_add_hostkey(packet_tvb, pinfo, offset, msg_type_tree,
5750 "Server host key", ett_key_exchange_host_key, NULL((void*)0));
5751 }
5752 }
5753 }
5754 return offset;
5755}
5756
5757static int
5758ssh_dissect_local_extension(tvbuff_t *packet_tvb, packet_info *pinfo,
5759 int offset, struct ssh_peer_data *peer_data, proto_item *msg_type_tree, unsigned msg_code) {
5760 unsigned slen;
5761 if (peer_data->global_data->ext_ping_openssh_offered && msg_code >= SSH_MSG_PING192 && msg_code <= SSH_MSG_PONG193) {
5762 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0), val_to_str(pinfo->pool, msg_code, ssh2_ext_ping_msg_vals, "Unknown (%u)"));
5763 proto_tree_add_item(msg_type_tree, hf_ssh2_ext_ping_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
5764 offset += 1;
5765 if (msg_code == SSH_MSG_PING192) {
5766 slen = tvb_get_ntohl(packet_tvb, offset) ;
5767 proto_tree_add_item(msg_type_tree, hf_ssh_ping_data_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5768 offset += 4;
5769 proto_tree_add_item(msg_type_tree, hf_ssh_ping_data, packet_tvb, offset, slen, ENC_NA0x00000000);
5770 offset += slen;
5771 } else if (msg_code == SSH_MSG_PONG193) {
5772 slen = tvb_get_ntohl(packet_tvb, offset) ;
5773 proto_tree_add_item(msg_type_tree, hf_ssh_pong_data_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5774 offset += 4;
5775 proto_tree_add_item(msg_type_tree, hf_ssh_pong_data, packet_tvb, offset, slen, ENC_NA0x00000000);
5776 offset += slen;
5777 }
5778 } else {
5779 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0), val_to_str(pinfo->pool, msg_code, ssh2_msg_vals, "Unknown (%u)"));
5780 proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
5781 offset += 1;
5782 }
5783 return offset;
5784}
5785
5786static int
5787ssh_dissect_public_key_blob(tvbuff_t *tvb, packet_info *pinfo, proto_item *tree)
5788{
5789 uint32_t slen;
5790 const uint8_t* key_type;
5791
5792 int offset = 0;
5793 proto_tree *blob_tree = NULL((void*)0);
5794 proto_item *blob_item = NULL((void*)0);
5795
5796 blob_item = proto_tree_add_item(tree, hf_ssh_blob, tvb, offset, tvb_reported_length(tvb), ENC_NA0x00000000);
5797 blob_tree = proto_item_add_subtree(blob_item, ett_userauth_pk_blob);
5798 proto_tree_add_item_ret_uint(blob_tree, hf_ssh_pk_blob_name_length, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
5799 offset += 4;
5800 proto_tree_add_item_ret_string(blob_tree, hf_ssh_pk_blob_name, tvb, offset, slen, ENC_ASCII0x00000000, pinfo->pool, &key_type);
5801 proto_item_append_text(blob_item, " (type: %s)", key_type);
5802 offset += slen;
5803
5804 if (0 == strcmp(key_type, "ssh-rsa")) {
5805 offset += ssh_tree_add_mpint(tvb, offset, blob_tree, hf_ssh_blob_e);
5806 offset += ssh_tree_add_mpint(tvb, offset, blob_tree, hf_ssh_blob_n);
5807 } else if (0 == strcmp(key_type, "ssh-dss")) {
5808 offset += ssh_tree_add_mpint(tvb, offset, blob_tree, hf_ssh_blob_dsa_p);
5809 offset += ssh_tree_add_mpint(tvb, offset, blob_tree, hf_ssh_blob_dsa_q);
5810 offset += ssh_tree_add_mpint(tvb, offset, blob_tree, hf_ssh_blob_dsa_g);
5811 offset += ssh_tree_add_mpint(tvb, offset, blob_tree, hf_ssh_blob_dsa_y);
5812 } else if (g_str_has_prefix(key_type, "ecdsa-sha2-")(__builtin_constant_p ("ecdsa-sha2-")? __extension__ ({ const
char * const __str = (key_type); const char * const __prefix
= ("ecdsa-sha2-"); gboolean __result = (0); if (__str == ((void
*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix)
(__str, __prefix); else { const size_t __str_len = strlen ((
(__str) + !(__str))); const size_t __prefix_len = strlen (((__prefix
) + !(__prefix))); if (__str_len >= __prefix_len) __result
= memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len
) == 0; } __result; }) : (g_str_has_prefix) (key_type, "ecdsa-sha2-"
) )) {
5813 offset += ssh_tree_add_string(tvb, offset, blob_tree,
5814 hf_ssh_blob_ecdsa_curve_id, hf_ssh_blob_ecdsa_curve_id_length);
5815 offset += ssh_tree_add_string(tvb, offset, blob_tree,
5816 hf_ssh_blob_ecdsa_q, hf_ssh_blob_ecdsa_q_length);
5817 } else if (g_str_has_prefix(key_type, "ssh-ed")(__builtin_constant_p ("ssh-ed")? __extension__ ({ const char
* const __str = (key_type); const char * const __prefix = ("ssh-ed"
); gboolean __result = (0); if (__str == ((void*)0) || __prefix
== ((void*)0)) __result = (g_str_has_prefix) (__str, __prefix
); else { const size_t __str_len = strlen (((__str) + !(__str
))); const size_t __prefix_len = strlen (((__prefix) + !(__prefix
))); if (__str_len >= __prefix_len) __result = memcmp (((__str
) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len) == 0
; } __result; }) : (g_str_has_prefix) (key_type, "ssh-ed") )) {
5818 offset += ssh_tree_add_string(tvb, offset, blob_tree,
5819 hf_ssh_blob_eddsa_key, hf_ssh_blob_eddsa_key_length);
5820 } else {
5821 proto_tree_add_item(blob_tree, hf_ssh_blob_data, tvb, offset, tvb_reported_length_remaining(tvb, offset), ENC_NA0x00000000);
5822 offset += tvb_reported_length_remaining(tvb, offset);
5823 }
5824
5825 return offset;
5826}
5827
5828static int
5829ssh_dissect_public_key_signature(tvbuff_t *packet_tvb, packet_info *pinfo,
5830 int offset, proto_item *msg_type_tree)
5831{
5832 (void)pinfo;
5833 unsigned slen;
5834 slen = tvb_get_ntohl(packet_tvb, offset) ;
5835 proto_tree_add_item(msg_type_tree, hf_ssh_pk_sig_blob_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5836 offset += 4;
5837 proto_tree_add_item(msg_type_tree, hf_ssh_pk_sig_blob_name, packet_tvb, offset, slen, ENC_ASCII0x00000000);
5838 offset += slen;
5839 slen = tvb_get_ntohl(packet_tvb, offset) ;
5840 proto_tree_add_item(msg_type_tree, hf_ssh_pk_sig_s_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5841 offset += 4;
5842 proto_tree_add_item(msg_type_tree, hf_ssh_pk_sig_s, packet_tvb, offset, slen, ENC_NA0x00000000);
5843 offset += slen;
5844 return offset;
5845}
5846
5847#ifdef SSH_DECRYPT_DEBUG /* {{{ */
5848
5849static FILE* ssh_debug_file;
5850
5851static void
5852ssh_prefs_apply_cb(void)
5853{
5854 ssh_set_debug(ssh_debug_file_name);
5855}
5856
5857static void
5858ssh_set_debug(const char* name)
5859{
5860 static int debug_file_must_be_closed;
5861 int use_stderr;
5862
5863 use_stderr = name?(strcmp(name, SSH_DEBUG_USE_STDERR"-") == 0):0;
5864
5865 if (debug_file_must_be_closed)
5866 fclose(ssh_debug_file);
5867
5868 if (use_stderr)
5869 ssh_debug_file = stderrstderr;
5870 else if (!name || (strcmp(name, "") ==0))
5871 ssh_debug_file = NULL((void*)0);
5872 else
5873 ssh_debug_file = ws_fopenfopen(name, "w");
5874
5875 if (!use_stderr && ssh_debug_file)
5876 debug_file_must_be_closed = 1;
5877 else
5878 debug_file_must_be_closed = 0;
5879
5880 ssh_debug_printf("Wireshark SSH debug log \n\n");
5881#ifdef HAVE_LIBGNUTLS1
5882 ssh_debug_printf("GnuTLS version: %s\n", gnutls_check_version(NULL((void*)0)));
5883#endif
5884 ssh_debug_printf("Libgcrypt version: %s\n", gcry_check_version(NULL((void*)0)));
5885 ssh_debug_printf("\n");
5886}
5887
5888static void
5889ssh_debug_flush(void)
5890{
5891 if (ssh_debug_file)
5892 fflush(ssh_debug_file);
5893}
5894
5895static void
5896ssh_debug_printf(const char* fmt, ...)
5897{
5898 va_list ap;
5899
5900 if (!ssh_debug_file)
5901 return;
5902
5903 va_start(ap, fmt)__builtin_va_start(ap, fmt);
5904 vfprintf(ssh_debug_file, fmt, ap);
5905 va_end(ap)__builtin_va_end(ap);
5906}
5907
5908static void
5909ssh_print_data(const char* name, const unsigned char* data, size_t len)
5910{
5911 size_t i, j, k;
5912 if (!ssh_debug_file)
5913 return;
5914#ifdef OPENSSH_STYLE
5915 fprintf(ssh_debug_file,"%s[%d]\n",name, (int) len);
5916#else
5917 fprintf(ssh_debug_file,"%s[%d]:\n",name, (int) len);
5918#endif
5919 for (i=0; i<len; i+=16) {
5920#ifdef OPENSSH_STYLE
5921 fprintf(ssh_debug_file,"%04u: ", (unsigned int)i);
5922#else
5923 fprintf(ssh_debug_file,"| ");
5924#endif
5925 for (j=i, k=0; k<16 && j<len; ++j, ++k)
5926 fprintf(ssh_debug_file,"%.2x ",data[j]);
5927 for (; k<16; ++k)
5928 fprintf(ssh_debug_file," ");
5929#ifdef OPENSSH_STYLE
5930 fputc(' ', ssh_debug_file);
5931#else
5932 fputc('|', ssh_debug_file);
5933#endif
5934 for (j=i, k=0; k<16 && j<len; ++j, ++k) {
5935 unsigned char c = data[j];
5936 if (!g_ascii_isprint(c)((g_ascii_table[(guchar) (c)] & G_ASCII_PRINT) != 0) || (c=='\t')) c = '.';
5937 fputc(c, ssh_debug_file);
5938 }
5939#ifdef OPENSSH_STYLE
5940 fprintf(ssh_debug_file,"\n");
5941#else
5942 for (; k<16; ++k)
5943 fputc(' ', ssh_debug_file);
5944 fprintf(ssh_debug_file,"|\n");
5945#endif
5946 }
5947}
5948
5949#endif /* SSH_DECRYPT_DEBUG }}} */
5950
5951static void
5952ssh_secrets_block_callback(const void *secrets, unsigned size)
5953{
5954 ssh_keylog_process_lines((const uint8_t *)secrets, size);
5955}
5956
5957/* Functions for SSH random hashtables. {{{ */
5958static int
5959ssh_equal (const void *v, const void *v2)
5960{
5961 if (v == NULL((void*)0) || v2 == NULL((void*)0)) {
5962 return 0;
5963 }
5964
5965 const ssh_bignum *val1;
5966 const ssh_bignum *val2;
5967 val1 = (const ssh_bignum *)v;
5968 val2 = (const ssh_bignum *)v2;
5969
5970 if (val1->length == val2->length &&
5971 !memcmp(val1->data, val2->data, val2->length)) {
5972 return 1;
5973 }
5974 return 0;
5975}
5976
5977static unsigned
5978ssh_hash (const void *v)
5979{
5980 unsigned l,hash;
5981 const ssh_bignum* id;
5982 const unsigned* cur;
5983
5984 if (v == NULL((void*)0)) {
5985 return 0;
5986 }
5987
5988 hash = 0;
5989 id = (const ssh_bignum*) v;
5990
5991 /* id and id->data are mallocated in ssh_save_master_key(). As such 'data'
5992 * should be aligned for any kind of access (for example as a unsigned as
5993 * is done below). The intermediate void* cast is to prevent "cast
5994 * increases required alignment of target type" warnings on CPUs (such
5995 * as SPARCs) that do not allow misaligned memory accesses.
5996 */
5997 cur = (const unsigned*)(void*) id->data;
5998
5999 for (l=4; (l < id->length); l+=4, cur++)
6000 hash = hash ^ (*cur);
6001
6002 return hash;
6003}
6004
6005static void
6006ssh_free_glib_allocated_bignum(void *data)
6007{
6008 ssh_bignum * bignum;
6009 if (data == NULL((void*)0)) {
6010 return;
6011 }
6012
6013 bignum = (ssh_bignum *) data;
6014 g_free(bignum->data);
6015 g_free(bignum);
6016}
6017
6018static void
6019ssh_free_glib_allocated_entry(void *data)
6020{
6021 ssh_key_map_entry_t * entry;
6022 if (data == NULL((void*)0)) {
6023 return;
6024 }
6025
6026 entry = (ssh_key_map_entry_t *) data;
6027 g_free(entry->type);
6028 ssh_free_glib_allocated_bignum(entry->key_material);
6029 g_free(entry);
6030}
6031/* Functions for SSH random hashtables. }}} */
6032
6033static void
6034ssh_shutdown(void) {
6035 g_hash_table_destroy(ssh_master_key_map);
6036}
6037
6038void
6039proto_register_ssh(void)
6040{
6041 static hf_register_info hf[] = {
6042 { &hf_ssh_protocol,
6043 { "Protocol", "ssh.protocol",
6044 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6045 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6046
6047 { &hf_ssh_packet_length,
6048 { "Packet Length", "ssh.packet_length",
6049 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6050 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6051
6052 { &hf_ssh_packet_length_encrypted,
6053 { "Packet Length (encrypted)", "ssh.packet_length_encrypted",
6054 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6055 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6056
6057 { &hf_ssh_padding_length,
6058 { "Padding Length", "ssh.padding_length",
6059 FT_UINT8, BASE_DEC, NULL((void*)0), 0x0,
6060 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6061
6062 { &hf_ssh_payload,
6063 { "Payload", "ssh.payload",
6064 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6065 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6066
6067 { &hf_ssh_encrypted_packet,
6068 { "Encrypted Packet", "ssh.encrypted_packet",
6069 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6070 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6071
6072 { &hf_ssh_padding_string,
6073 { "Padding String", "ssh.padding_string",
6074 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6075 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6076
6077 { &hf_ssh_seq_num,
6078 { "Sequence number", "ssh.seq_num",
6079 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6080 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6081
6082 { &hf_ssh_mac_string,
6083 { "MAC", "ssh.mac",
6084 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6085 "Message authentication code", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6086
6087 { &hf_ssh_mac_status,
6088 { "MAC Status", "ssh.mac.status", FT_UINT8, BASE_NONE, VALS(proto_checksum_vals)((0 ? (const struct _value_string*)0 : ((proto_checksum_vals)
))), 0x0,
6089 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6090
6091 { &hf_ssh_direction,
6092 { "Direction", "ssh.direction",
6093 FT_BOOLEAN, BASE_NONE, TFS(&tfs_s2c_c2s)((0 ? (const struct true_false_string*)0 : ((&tfs_s2c_c2s
)))), 0x0,
6094 "Message direction", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6095
6096 { &hf_ssh_msg_code,
6097 { "Message Code", "ssh.message_code",
6098 FT_UINT8, BASE_DEC, VALS(ssh1_msg_vals)((0 ? (const struct _value_string*)0 : ((ssh1_msg_vals)))), 0x0,
6099 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6100
6101 { &hf_ssh2_msg_code,
6102 { "Message Code", "ssh.message_code",
6103 FT_UINT8, BASE_DEC, VALS(ssh2_msg_vals)((0 ? (const struct _value_string*)0 : ((ssh2_msg_vals)))), 0x0,
6104 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6105
6106 { &hf_ssh2_kex_dh_msg_code,
6107 { "Message Code", "ssh.message_code",
6108 FT_UINT8, BASE_DEC, VALS(ssh2_kex_dh_msg_vals)((0 ? (const struct _value_string*)0 : ((ssh2_kex_dh_msg_vals
)))), 0x0,
6109 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6110
6111 { &hf_ssh2_kex_dh_gex_msg_code,
6112 { "Message Code", "ssh.message_code",
6113 FT_UINT8, BASE_DEC, VALS(ssh2_kex_dh_gex_msg_vals)((0 ? (const struct _value_string*)0 : ((ssh2_kex_dh_gex_msg_vals
)))), 0x0,
6114 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6115
6116 { &hf_ssh2_kex_ecdh_msg_code,
6117 { "Message Code", "ssh.message_code",
6118 FT_UINT8, BASE_DEC, VALS(ssh2_kex_ecdh_msg_vals)((0 ? (const struct _value_string*)0 : ((ssh2_kex_ecdh_msg_vals
)))), 0x0,
6119 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6120
6121 { &hf_ssh2_kex_hybrid_msg_code,
6122 { "Message Code", "ssh.message_code",
6123 FT_UINT8, BASE_DEC, VALS(ssh2_kex_hybrid_msg_vals)((0 ? (const struct _value_string*)0 : ((ssh2_kex_hybrid_msg_vals
)))), 0x0,
6124 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6125
6126 { &hf_ssh2_ext_ping_msg_code,
6127 { "Message Code", "ssh.message_code",
6128 FT_UINT8, BASE_DEC, VALS(ssh2_ext_ping_msg_vals)((0 ? (const struct _value_string*)0 : ((ssh2_ext_ping_msg_vals
)))), 0x0,
6129 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6130
6131 { &hf_ssh_cookie,
6132 { "Cookie", "ssh.cookie",
6133 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6134 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6135
6136 { &hf_ssh_kex_algorithms,
6137 { "kex_algorithms string", "ssh.kex_algorithms",
6138 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6139 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6140
6141 { &hf_ssh_server_host_key_algorithms,
6142 { "server_host_key_algorithms string", "ssh.server_host_key_algorithms",
6143 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6144 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6145
6146 { &hf_ssh_encryption_algorithms_client_to_server,
6147 { "encryption_algorithms_client_to_server string", "ssh.encryption_algorithms_client_to_server",
6148 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6149 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6150
6151 { &hf_ssh_encryption_algorithms_server_to_client,
6152 { "encryption_algorithms_server_to_client string", "ssh.encryption_algorithms_server_to_client",
6153 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6154 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6155
6156 { &hf_ssh_mac_algorithms_client_to_server,
6157 { "mac_algorithms_client_to_server string", "ssh.mac_algorithms_client_to_server",
6158 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6159 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6160
6161 { &hf_ssh_mac_algorithms_server_to_client,
6162 { "mac_algorithms_server_to_client string", "ssh.mac_algorithms_server_to_client",
6163 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6164 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6165
6166 { &hf_ssh_compression_algorithms_client_to_server,
6167 { "compression_algorithms_client_to_server string", "ssh.compression_algorithms_client_to_server",
6168 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6169 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6170
6171 { &hf_ssh_compression_algorithms_server_to_client,
6172 { "compression_algorithms_server_to_client string", "ssh.compression_algorithms_server_to_client",
6173 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6174 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6175
6176 { &hf_ssh_languages_client_to_server,
6177 { "languages_client_to_server string", "ssh.languages_client_to_server",
6178 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6179 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6180
6181 { &hf_ssh_languages_server_to_client,
6182 { "languages_server_to_client string", "ssh.languages_server_to_client",
6183 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6184 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6185
6186 { &hf_ssh_kex_algorithms_length,
6187 { "kex_algorithms length", "ssh.kex_algorithms_length",
6188 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6189 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6190
6191 { &hf_ssh_server_host_key_algorithms_length,
6192 { "server_host_key_algorithms length", "ssh.server_host_key_algorithms_length",
6193 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6194 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6195
6196 { &hf_ssh_encryption_algorithms_client_to_server_length,
6197 { "encryption_algorithms_client_to_server length", "ssh.encryption_algorithms_client_to_server_length",
6198 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6199 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6200
6201 { &hf_ssh_encryption_algorithms_server_to_client_length,
6202 { "encryption_algorithms_server_to_client length", "ssh.encryption_algorithms_server_to_client_length",
6203 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6204 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6205
6206 { &hf_ssh_mac_algorithms_client_to_server_length,
6207 { "mac_algorithms_client_to_server length", "ssh.mac_algorithms_client_to_server_length",
6208 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6209 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6210
6211 { &hf_ssh_mac_algorithms_server_to_client_length,
6212 { "mac_algorithms_server_to_client length", "ssh.mac_algorithms_server_to_client_length",
6213 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6214 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6215
6216 { &hf_ssh_compression_algorithms_client_to_server_length,
6217 { "compression_algorithms_client_to_server length", "ssh.compression_algorithms_client_to_server_length",
6218 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6219 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6220
6221 { &hf_ssh_compression_algorithms_server_to_client_length,
6222 { "compression_algorithms_server_to_client length", "ssh.compression_algorithms_server_to_client_length",
6223 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6224 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6225
6226 { &hf_ssh_languages_client_to_server_length,
6227 { "languages_client_to_server length", "ssh.languages_client_to_server_length",
6228 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6229 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6230
6231 { &hf_ssh_languages_server_to_client_length,
6232 { "languages_server_to_client length", "ssh.languages_server_to_client_length",
6233 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6234 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6235
6236 { &hf_ssh_first_kex_packet_follows,
6237 { "First KEX Packet Follows", "ssh.first_kex_packet_follows",
6238 FT_UINT8, BASE_DEC, NULL((void*)0), 0x0,
6239 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6240
6241 { &hf_ssh_kex_reserved,
6242 { "Reserved", "ssh.kex.reserved",
6243 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6244 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6245
6246 { &hf_ssh_kex_hassh_algo,
6247 { "hasshAlgorithms", "ssh.kex.hassh_algorithms",
6248 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6249 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6250
6251 { &hf_ssh_kex_hassh,
6252 { "hassh", "ssh.kex.hassh",
6253 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6254 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6255
6256 { &hf_ssh_kex_hasshserver_algo,
6257 { "hasshServerAlgorithms", "ssh.kex.hasshserver_algorithms",
6258 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6259 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6260
6261 { &hf_ssh_kex_hasshserver,
6262 { "hasshServer", "ssh.kex.hasshserver",
6263 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6264 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6265
6266 { &hf_ssh_hostkey_length,
6267 { "Host key length", "ssh.host_key.length",
6268 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6269 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6270
6271 { &hf_ssh_hostkey_type_length,
6272 { "Host key type length", "ssh.host_key.type_length",
6273 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6274 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6275
6276 { &hf_ssh_hostkey_type,
6277 { "Host key type", "ssh.host_key.type",
6278 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6279 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6280
6281 { &hf_ssh_hostkey_data,
6282 { "Host key data", "ssh.host_key.data",
6283 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6284 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6285
6286 { &hf_ssh_hostkey_rsa_n,
6287 { "RSA modulus (N)", "ssh.host_key.rsa.n",
6288 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6289 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6290
6291 { &hf_ssh_hostkey_rsa_e,
6292 { "RSA public exponent (e)", "ssh.host_key.rsa.e",
6293 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6294 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6295
6296 { &hf_ssh_hostkey_dsa_p,
6297 { "DSA prime modulus (p)", "ssh.host_key.dsa.p",
6298 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6299 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6300
6301 { &hf_ssh_hostkey_dsa_q,
6302 { "DSA prime divisor (q)", "ssh.host_key.dsa.q",
6303 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6304 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6305
6306 { &hf_ssh_hostkey_dsa_g,
6307 { "DSA subgroup generator (g)", "ssh.host_key.dsa.g",
6308 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6309 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6310
6311 { &hf_ssh_hostkey_dsa_y,
6312 { "DSA public key (y)", "ssh.host_key.dsa.y",
6313 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6314 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6315
6316 { &hf_ssh_hostkey_ecdsa_curve_id,
6317 { "ECDSA elliptic curve identifier", "ssh.host_key.ecdsa.id",
6318 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6319 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6320
6321 { &hf_ssh_hostkey_ecdsa_curve_id_length,
6322 { "ECDSA elliptic curve identifier length", "ssh.host_key.ecdsa.id_length",
6323 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6324 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6325
6326 { &hf_ssh_hostkey_ecdsa_q,
6327 { "ECDSA public key (Q)", "ssh.host_key.ecdsa.q",
6328 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6329 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6330
6331 { &hf_ssh_hostkey_ecdsa_q_length,
6332 { "ECDSA public key length", "ssh.host_key.ecdsa.q_length",
6333 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6334 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6335
6336 { &hf_ssh_hostkey_eddsa_key,
6337 { "EdDSA public key", "ssh.host_key.eddsa.key",
6338 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6339 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6340
6341 { &hf_ssh_hostkey_eddsa_key_length,
6342 { "EdDSA public key length", "ssh.host_key.eddsa.key_length",
6343 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6344 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6345
6346 { &hf_ssh_hostsig_length,
6347 { "Host signature length", "ssh.host_sig.length",
6348 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6349 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6350
6351 { &hf_ssh_hostsig_type_length,
6352 { "Host signature type length", "ssh.host_sig.type_length",
6353 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6354 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6355
6356 { &hf_ssh_hostsig_type,
6357 { "Host signature type", "ssh.host_sig.type",
6358 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6359 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6360
6361 { &hf_ssh_hostsig_data,
6362 { "Host signature data", "ssh.host_sig.data",
6363 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6364 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6365
6366 { &hf_ssh_hostsig_rsa,
6367 { "RSA signature", "ssh.host_sig.rsa",
6368 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6369 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6370
6371 { &hf_ssh_hostsig_dsa,
6372 { "DSA signature", "ssh.host_sig.dsa",
6373 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6374 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6375
6376 { &hf_ssh_dh_e,
6377 { "DH client e", "ssh.dh.e",
6378 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6379 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6380
6381 { &hf_ssh_dh_f,
6382 { "DH server f", "ssh.dh.f",
6383 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6384 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6385
6386 { &hf_ssh_dh_gex_min,
6387 { "DH GEX Min", "ssh.dh_gex.min",
6388 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6389 "Minimal acceptable group size", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6390
6391 { &hf_ssh_dh_gex_nbits,
6392 { "DH GEX Number of Bits", "ssh.dh_gex.nbits",
6393 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6394 "Preferred group size", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6395
6396 { &hf_ssh_dh_gex_max,
6397 { "DH GEX Max", "ssh.dh_gex.max",
6398 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6399 "Maximal acceptable group size", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6400
6401 { &hf_ssh_dh_gex_p,
6402 { "DH GEX modulus (P)", "ssh.dh_gex.p",
6403 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6404 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6405
6406 { &hf_ssh_dh_gex_g,
6407 { "DH GEX base (G)", "ssh.dh_gex.g",
6408 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6409 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6410
6411 { &hf_ssh_ecdh_q_c,
6412 { "ECDH client's ephemeral public key (Q_C)", "ssh.ecdh.q_c",
6413 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6414 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6415
6416 { &hf_ssh_ecdh_q_c_length,
6417 { "ECDH client's ephemeral public key length", "ssh.ecdh.q_c_length",
6418 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6419 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6420
6421 { &hf_ssh_ecdh_q_s,
6422 { "ECDH server's ephemeral public key (Q_S)", "ssh.ecdh.q_s",
6423 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6424 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6425
6426 { &hf_ssh_ecdh_q_s_length,
6427 { "ECDH server's ephemeral public key length", "ssh.ecdh.q_s_length",
6428 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6429 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6430
6431 { &hf_ssh_mpint_length,
6432 { "Multi Precision Integer Length", "ssh.mpint_length",
6433 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6434 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6435
6436 { &hf_ssh_ignore_data_length,
6437 { "Debug message length", "ssh.ignore_data_length",
6438 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6439 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6440
6441 { &hf_ssh_ignore_data,
6442 { "Ignore data", "ssh.ignore_data",
6443 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6444 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6445
6446 { &hf_ssh_debug_always_display,
6447 { "Always Display", "ssh.debug_always_display",
6448 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
6449 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6450
6451 { &hf_ssh_debug_message_length,
6452 { "Debug message length", "ssh.debug_name_length",
6453 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6454 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6455
6456 { &hf_ssh_debug_message,
6457 { "Debug message", "ssh.debug_name",
6458 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6459 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6460
6461 { &hf_ssh_service_name_length,
6462 { "Service Name length", "ssh.service_name_length",
6463 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6464 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6465
6466 { &hf_ssh_service_name,
6467 { "Service Name", "ssh.service_name",
6468 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6469 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6470
6471 { &hf_ssh_disconnect_reason,
6472 { "Disconnect reason", "ssh.disconnect_reason",
6473 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
6474 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6475
6476 { &hf_ssh_disconnect_description_length,
6477 { "Disconnect description length", "ssh.disconnect_description_length",
6478 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6479 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6480
6481 { &hf_ssh_disconnect_description,
6482 { "Disconnect description", "ssh.disconnect_description",
6483 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6484 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6485
6486 { &hf_ssh_ext_count,
6487 { "Extension count", "ssh.extension.count",
6488 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6489 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6490
6491 { &hf_ssh_ext_name_length,
6492 { "Extension name length", "ssh.extension.name_length",
6493 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6494 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6495
6496 { &hf_ssh_ext_name,
6497 { "Extension name", "ssh.extension.name",
6498 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6499 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6500
6501 { &hf_ssh_ext_value_length,
6502 { "Extension value length", "ssh.extension.value_length",
6503 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6504 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6505
6506 { &hf_ssh_ext_value,
6507 { "Extension value", "ssh.extension.value",
6508 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6509 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6510
6511 { &hf_ssh_ext_server_sig_algs_algorithms,
6512 { "Accepted signature algorithms", "ssh.extension.server_sig_algs.algorithms",
6513 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6514 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6515
6516 { &hf_ssh_ext_delay_compression_algorithms_client_to_server_length,
6517 { "Compression algorithms (client to server) length", "ssh.extension.delay_compression.compression_algorithms_client_to_server_length",
6518 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6519 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6520
6521 { &hf_ssh_ext_delay_compression_algorithms_client_to_server,
6522 { "Compression algorithms (client to server)", "ssh.extension.delay_compression.compression_algorithms_client_to_server",
6523 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6524 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6525
6526 { &hf_ssh_ext_delay_compression_algorithms_server_to_client_length,
6527 { "Compression algorithms (server to client) length", "ssh.extension.delay_compression.compression_algorithms_server_to_client_length",
6528 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6529 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6530
6531 { &hf_ssh_ext_delay_compression_algorithms_server_to_client,
6532 { "Compression algorithms (server to client)", "ssh.extension.delay_compression.compression_algorithms_server_to_client",
6533 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6534 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6535
6536 { &hf_ssh_ext_no_flow_control_value,
6537 { "No flow control flag", "ssh.extension.no_flow_control.value",
6538 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6539 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6540
6541 { &hf_ssh_ext_elevation_value,
6542 { "Elevation flag", "ssh.extension.elevation.value",
6543 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6544 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6545
6546 { &hf_ssh_ext_prop_publickey_algorithms_algorithms,
6547 { "Public key algorithms", "ssh.extension.prop_publickey_algorithms.algorithms",
6548 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6549 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6550
6551 { &hf_ssh_lang_tag_length,
6552 { "Language tag length", "ssh.lang_tag_length",
6553 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6554 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6555
6556 { &hf_ssh_lang_tag,
6557 { "Language tag", "ssh.lang_tag",
6558 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6559 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6560
6561 { &hf_ssh_ping_data_length,
6562 { "Data length", "ssh.ping_data_length",
6563 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6564 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6565
6566 { &hf_ssh_ping_data,
6567 { "Data", "ssh.ping_data",
6568 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6569 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6570
6571 { &hf_ssh_pong_data_length,
6572 { "Data length", "ssh.pong_data_length",
6573 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6574 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6575
6576 { &hf_ssh_pong_data,
6577 { "Data", "ssh.pong_data",
6578 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6579 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6580
6581
6582 { &hf_ssh_userauth_user_name_length,
6583 { "User Name length", "ssh.userauth_user_name_length",
6584 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6585 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6586
6587 { &hf_ssh_userauth_user_name,
6588 { "User Name", "ssh.userauth_user_name",
6589 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6590 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6591
6592 { &hf_ssh_userauth_change_password,
6593 { "Change password", "ssh.userauth.change_password",
6594 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
6595 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6596
6597 { &hf_ssh_userauth_service_name_length,
6598 { "Service Name length", "ssh.userauth_service_name_length",
6599 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6600 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6601
6602 { &hf_ssh_userauth_service_name,
6603 { "Service Name", "ssh.userauth_service_name",
6604 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6605 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6606
6607 { &hf_ssh_userauth_method_name_length,
6608 { "Method Name length", "ssh.userauth_method_name_length",
6609 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6610 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6611
6612 { &hf_ssh_userauth_method_name,
6613 { "Method Name", "ssh.userauth_method_name",
6614 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6615 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6616
6617 { &hf_ssh_userauth_have_signature,
6618 { "Have signature", "ssh.userauth.have_signature",
6619 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
6620 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6621
6622 { &hf_ssh_userauth_password_length,
6623 { "Password length", "ssh.userauth_password_length",
6624 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6625 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6626
6627 { &hf_ssh_userauth_password,
6628 { "Password", "ssh.userauth_password",
6629 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6630 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6631
6632 { &hf_ssh_userauth_new_password_length,
6633 { "New password length", "ssh.userauth_new_password_length",
6634 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6635 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6636
6637 { &hf_ssh_userauth_new_password,
6638 { "New password", "ssh.userauth_new_password",
6639 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6640 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6641
6642 { &hf_ssh_auth_failure_list_length,
6643 { "Authentications that can continue list len", "ssh.auth_failure_cont_list_length",
6644 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6645 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6646
6647 { &hf_ssh_auth_failure_list,
6648 { "Authentications that can continue list", "ssh.auth_failure_cont_list",
6649 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6650 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6651
6652 { &hf_ssh_userauth_partial_success,
6653 { "Partial success", "ssh.userauth.partial_success",
6654 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
6655 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6656
6657 { &hf_ssh_userauth_pka_name_len,
6658 { "Public key algorithm name length", "ssh.userauth_pka_name_length",
6659 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6660 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6661
6662 { &hf_ssh_userauth_pka_name,
6663 { "Public key algorithm name", "ssh.userauth_pka_name",
6664 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6665 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6666
6667 { &hf_ssh_pk_blob_name_length,
6668 { "Public key blob algorithm name length", "ssh.pk_blob_name_length",
6669 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6670 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6671
6672 { &hf_ssh_pk_blob_name,
6673 { "Public key blob algorithm name", "ssh.pk_blob_name",
6674 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6675 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6676
6677 { &hf_ssh_blob_length,
6678 { "Public key blob length", "ssh.pk_blob_length",
6679 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6680 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6681
6682 { &hf_ssh_blob,
6683 { "Public key blob", "ssh.pk_blob",
6684 FT_NONE, BASE_NONE, NULL((void*)0), 0x0,
6685 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6686
6687 { &hf_ssh_blob_e,
6688 { "ssh-rsa public exponent (e)", "ssh.pk_blob.ssh-rsa.e",
6689 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6690 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6691
6692 { &hf_ssh_blob_n,
6693 { "ssh-rsa modulus (n)", "ssh.pk_blob.ssh-rsa.n",
6694 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6695 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6696
6697 { &hf_ssh_blob_dsa_p,
6698 { "DSA prime modulus (p)", "ssh.pk_blob.dsa.p",
6699 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6700 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6701
6702 { &hf_ssh_blob_dsa_q,
6703 { "DSA prime divisor (q)", "ssh.pk_blob.dsa.q",
6704 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6705 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6706
6707 { &hf_ssh_blob_dsa_g,
6708 { "DSA subgroup generator (g)", "ssh.pk_blob.dsa.g",
6709 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6710 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6711
6712 { &hf_ssh_blob_dsa_y,
6713 { "DSA public key (y)", "ssh.pk_blob.dsa.y",
6714 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6715 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6716
6717 { &hf_ssh_blob_ecdsa_curve_id,
6718 { "ECDSA elliptic curve identifier", "ssh.pk_blob.ecdsa.id",
6719 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6720 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6721
6722 { &hf_ssh_blob_ecdsa_curve_id_length,
6723 { "ECDSA elliptic curve identifier length", "ssh.pk_blob.ecdsa.id_length",
6724 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6725 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6726
6727 { &hf_ssh_blob_ecdsa_q,
6728 { "ECDSA public key (Q)", "ssh.pk_blob.ecdsa.q",
6729 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6730 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6731
6732 { &hf_ssh_blob_ecdsa_q_length,
6733 { "ECDSA public key length", "ssh.pk_blob.ecdsa.q_length",
6734 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6735 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6736
6737 { &hf_ssh_blob_eddsa_key,
6738 { "EdDSA public key", "ssh.pk_blob.eddsa.key",
6739 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6740 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6741
6742 { &hf_ssh_blob_eddsa_key_length,
6743 { "EdDSA public key length", "ssh.pk_blob.eddsa.key_length",
6744 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6745 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6746
6747 { &hf_ssh_blob_data,
6748 { "Public key blob data", "ssh.pk_blob.data",
6749 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6750 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6751
6752 { &hf_ssh_signature_length,
6753 { "Public key signature blob length", "ssh.pk_sig_blob_length",
6754 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6755 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6756
6757 { &hf_ssh_pk_sig_blob_name_length,
6758 { "Public key signature blob algorithm name length", "ssh.pk_sig_blob_name_length",
6759 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6760 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6761
6762 { &hf_ssh_pk_sig_blob_name,
6763 { "Public key signature blob algorithm name", "ssh.pk_sig_blob_name",
6764 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6765 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6766
6767 { &hf_ssh_pk_sig_s_length,
6768 { "ssh-rsa signature length", "ssh.sig.ssh-rsa.length",
6769 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6770 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6771
6772 { &hf_ssh_pk_sig_s,
6773 { "ssh-rsa signature (s)", "ssh.sig.ssh-rsa.s",
6774 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6775 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6776
6777 { &hf_ssh_connection_type_name_len,
6778 { "Channel type name length", "ssh.connection_type_name_length",
6779 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6780 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6781
6782 { &hf_ssh_connection_type_name,
6783 { "Channel type name", "ssh.connection_type_name",
6784 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6785 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6786
6787 { &hf_ssh_connection_sender_channel,
6788 { "Sender channel", "ssh.connection_sender_channel",
6789 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6790 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6791
6792 { &hf_ssh_connection_recipient_channel,
6793 { "Recipient channel", "ssh.connection_recipient_channel",
6794 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6795 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6796
6797 { &hf_ssh_connection_initial_window,
6798 { "Initial window size", "ssh.connection_initial_window_size",
6799 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6800 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6801
6802 { &hf_ssh_connection_maximum_packet_size,
6803 { "Maximum packet size", "ssh.userauth_maximum_packet_size",
6804 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6805 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6806
6807 { &hf_ssh_global_request_name_len,
6808 { "Global request name length", "ssh.global_request_name_length",
6809 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6810 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6811
6812 { &hf_ssh_global_request_name,
6813 { "Global request name", "ssh.global_request_name",
6814 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6815 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6816
6817 { &hf_ssh_global_request_want_reply,
6818 { "Global request want reply", "ssh.global_request_want_reply",
6819 FT_UINT8, BASE_DEC, NULL((void*)0), 0x0,
6820 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6821
6822 { &hf_ssh_global_request_hostkeys_array_len,
6823 { "Host keys array length", "ssh.global_request_hostkeys",
6824 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6825 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6826
6827 { &hf_ssh_channel_request_name_len,
6828 { "Channel request name length", "ssh.channel_request_name_length",
6829 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6830 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6831
6832 { &hf_ssh_channel_request_name,
6833 { "Channel request name", "ssh.channel_request_name",
6834 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6835 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6836
6837 { &hf_ssh_channel_request_want_reply,
6838 { "Channel request want reply", "ssh.channel_request_want_reply",
6839 FT_UINT8, BASE_DEC, NULL((void*)0), 0x0,
6840 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6841
6842 { &hf_ssh_subsystem_name_len,
6843 { "Subsystem name length", "ssh.subsystem_name_length",
6844 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6845 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6846
6847 { &hf_ssh_subsystem_name,
6848 { "Subsystem name", "ssh.subsystem_name",
6849 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6850 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6851
6852 { &hf_ssh_exec_cmd,
6853 { "Command", "ssh.exec_command",
6854 FT_UINT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6855 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6856
6857 { &hf_ssh_env_name,
6858 { "Variable name", "ssh.env_name",
6859 FT_UINT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6860 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6861
6862 { &hf_ssh_env_value,
6863 { "Variable value", "ssh.env_value",
6864 FT_UINT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6865 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6866
6867 { &hf_ssh_pty_term,
6868 { "TERM environment variable", "ssh.pty_term",
6869 FT_UINT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6870 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6871
6872 { &hf_ssh_pty_term_width_char,
6873 { "Terminal width, characters", "ssh.pty_term_width_char",
6874 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6875 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6876
6877 { &hf_ssh_pty_term_height_row,
6878 { "Terminal height, rows", "ssh.pty_term_height_row",
6879 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6880 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6881
6882 { &hf_ssh_pty_term_width_pixel,
6883 { "Terminal width, pixels", "ssh.pty_term_width_pixel",
6884 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6885 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6886
6887 { &hf_ssh_pty_term_height_pixel,
6888 { "Terminal height, pixels", "ssh.pty_term_height_pixel",
6889 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6890 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6891
6892 { &hf_ssh_pty_term_modes_len,
6893 { "Encoded Terminal Modes Length", "ssh.pty_term_modes_length",
6894 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6895 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6896
6897 { &hf_ssh_pty_term_modes,
6898 { "Encoded Terminal Modes", "ssh.pty_term_modes",
6899 FT_NONE, BASE_NONE, NULL((void*)0), 0x0,
6900 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6901
6902 { &hf_ssh_pty_term_mode,
6903 { "Mode", "ssh.pty_term_mode",
6904 FT_NONE, BASE_NONE, NULL((void*)0), 0x0,
6905 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6906
6907 { &hf_ssh_pty_term_mode_opcode,
6908 { "Opcode", "ssh.pty_term_mode.opcode",
6909 FT_UINT8, BASE_DEC, VALS(ssh_tty_op_vals)((0 ? (const struct _value_string*)0 : ((ssh_tty_op_vals)))), 0x0,
6910 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6911
6912 { &hf_ssh_pty_term_mode_vintr,
6913 { "Interrupt character", "ssh.pty_term_mode.vintr",
6914 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6915 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6916
6917 { &hf_ssh_pty_term_mode_vquit,
6918 { "Quit character", "ssh.pty_term_mode.vquit",
6919 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6920 "Sends SIGQUIT on POSIX systems", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)}},
6921
6922 { &hf_ssh_pty_term_mode_verase,
6923 { "Erase the character to the left of the cursor", "ssh.pty_term_mode.verase",
6924 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6925 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
6926
6927 { &hf_ssh_pty_term_mode_vkill,
6928 { "Kill the current input line", "ssh.pty_term_mode.vkill",
6929 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6930 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
6931
6932 { &hf_ssh_pty_term_mode_veof,
6933 { "End-of-file character", "ssh.pty_term_mode.veof",
6934 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6935 "Sends EOF from the terminal", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)}},
6936
6937 { &hf_ssh_pty_term_mode_veol,
6938 { "End-of-line character", "ssh.pty_term_mode.veol",
6939 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6940 "In additional to carriage return and/or line feed", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
6941
6942 { &hf_ssh_pty_term_mode_veol2,
6943 { "Additional end-of-line character", "ssh.pty_term_mode.veol2",
6944 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6945 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
6946
6947 { &hf_ssh_pty_term_mode_vstart,
6948 { "Continues paused output", "ssh.pty_term_mode.vstart",
6949 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6950 "Normally Control-Q", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)}},
6951
6952 { &hf_ssh_pty_term_mode_vstop,
6953 { "Pauses output", "ssh.pty_term_mode.vstop",
6954 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6955 "Normally Control-S", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
6956
6957 { &hf_ssh_pty_term_mode_vsusp,
6958 { "Suspends the current program", "ssh.pty_term_mode.vsusp",
6959 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6960 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
6961
6962 { &hf_ssh_pty_term_mode_vdsusp,
6963 { "Another suspend character", "ssh.pty_term_mode.vdsusp",
6964 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6965 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
6966
6967 { &hf_ssh_pty_term_mode_vreprint,
6968 { "Reprints the current input line", "ssh.pty_term_mode.vreprint",
6969 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6970 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
6971
6972 { &hf_ssh_pty_term_mode_vwerase,
6973 { "Erase a word to the left of the cursor", "ssh.pty_term_mode.vwerase",
6974 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6975 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
6976
6977 { &hf_ssh_pty_term_mode_vlnext,
6978 { "Enter the next character typed literally", "ssh.pty_term_mode.vlnext",
6979 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6980 "Even if a special character", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
6981
6982 { &hf_ssh_pty_term_mode_vflush,
6983 { "Character to flush output", "ssh.pty_term_mode.vflush",
6984 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6985 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
6986
6987 { &hf_ssh_pty_term_mode_vswtch,
6988 { "Switch to a different shell layer", "ssh.pty_term_mode.vswtch",
6989 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6990 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
6991
6992 { &hf_ssh_pty_term_mode_vstatus,
6993 { "Print system status line", "ssh.pty_term_mode.vstatus",
6994 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6995 "Load, command, pid, etc.", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)}},
6996
6997 { &hf_ssh_pty_term_mode_vdiscard,
6998 { "Toggles the flushing of terminal output", "ssh.pty_term_mode.vdiscard",
6999 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
7000 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
7001
7002 { &hf_ssh_pty_term_mode_ignpar,
7003 { "Ignore parity flag", "ssh.pty_term_mode.ignpar",
7004 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7005 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7006
7007 { &hf_ssh_pty_term_mode_parmrk,
7008 { "Mark parity and framing errors", "ssh.pty_term_mode.parmrk",
7009 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7010 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7011
7012 { &hf_ssh_pty_term_mode_inpck,
7013 { "Enable checking of parity errors", "ssh.pty_term_mode.inpck",
7014 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7015 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7016
7017 { &hf_ssh_pty_term_mode_istrip,
7018 { "Strip 8th bit off characters", "ssh.pty_term_mode.istrip",
7019 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7020 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7021
7022 { &hf_ssh_pty_term_mode_inlcr,
7023 { "Map NL into CR on input", "ssh.pty_term_mode.inlcr",
7024 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7025 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7026
7027 { &hf_ssh_pty_term_mode_igncr,
7028 { "Ignore CR on input", "ssh.pty_term_mode.igncr",
7029 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7030 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7031
7032 { &hf_ssh_pty_term_mode_icrnl,
7033 { "Map CR to NL on input", "ssh.pty_term_mode.icrnl",
7034 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7035 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7036
7037 { &hf_ssh_pty_term_mode_iuclc,
7038 { "Translate uppercase characters to lowercase", "ssh.pty_term_mode.iuclc",
7039 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7040 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7041
7042 { &hf_ssh_pty_term_mode_ixon,
7043 { "Enable output flow control", "ssh.pty_term_mode.ixon",
7044 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7045 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7046
7047 { &hf_ssh_pty_term_mode_ixany,
7048 { "Any char will restart after stop", "ssh.pty_term_mode.ixany",
7049 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7050 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7051
7052 { &hf_ssh_pty_term_mode_ixoff,
7053 { "Enable input flow control", "ssh.pty_term_mode.ixoff",
7054 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7055 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7056
7057 { &hf_ssh_pty_term_mode_imaxbel,
7058 { "Ring bell on input queue full", "ssh.pty_term_mode.imaxbel",
7059 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7060 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7061
7062 { &hf_ssh_pty_term_mode_iutf8,
7063 { "Terminal input and output is assumed to be encoded in UTF-8", "ssh.pty_term_mode.iutf8",
7064 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7065 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7066
7067 { &hf_ssh_pty_term_mode_isig,
7068 { "Enable signals INTR, QUIT, [D]SUSP", "ssh.pty_term_mode.isig",
7069 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7070 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7071
7072 { &hf_ssh_pty_term_mode_icanon,
7073 { "Canonicalize input lines", "ssh.pty_term_mode.icanon",
7074 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7075 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7076
7077 { &hf_ssh_pty_term_mode_xcase,
7078 { "Enable input and output of uppercase characters by preceding their lowercase equivalents with '\'", "ssh.pty_term_mode.xcase",
7079 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7080 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7081
7082 { &hf_ssh_pty_term_mode_echo,
7083 { "Enable echoing", "ssh.pty_term_mode.echo",
7084 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7085 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7086
7087 { &hf_ssh_pty_term_mode_echoe,
7088 { "Visually erase chars", "ssh.pty_term_mode.echoe",
7089 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7090 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7091
7092 { &hf_ssh_pty_term_mode_echok,
7093 { "Kill character discards current line", "ssh.pty_term_mode.echok",
7094 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7095 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7096
7097 { &hf_ssh_pty_term_mode_echonl,
7098 { "Echo NL even if ECHO is off", "ssh.pty_term_mode.echonl",
7099 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7100 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7101
7102 { &hf_ssh_pty_term_mode_noflsh,
7103 { "No flush after interrupt", "ssh.pty_term_mode.noflsh",
7104 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7105 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7106
7107 { &hf_ssh_pty_term_mode_tostop,
7108 { "Stop background jobs from output", "ssh.pty_term_mode.tostop",
7109 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7110 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7111
7112 { &hf_ssh_pty_term_mode_iexten,
7113 { "Enable extensions", "ssh.pty_term_mode.iexten",
7114 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7115 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7116
7117 { &hf_ssh_pty_term_mode_echoctl,
7118 { "Echo control characters as ^(Char)", "ssh.pty_term_mode.echoctl",
7119 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7120 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7121
7122 { &hf_ssh_pty_term_mode_echoke,
7123 { "Visual erase for line kill", "ssh.pty_term_mode.echoke",
7124 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7125 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7126
7127 { &hf_ssh_pty_term_mode_pendin,
7128 { "Retype pending input", "ssh.pty_term_mode.pendin",
7129 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7130 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7131
7132 { &hf_ssh_pty_term_mode_opost,
7133 { "Enable output processing", "ssh.pty_term_mode.opost",
7134 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7135 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7136
7137 { &hf_ssh_pty_term_mode_olcuc,
7138 { "Convert lowercase to uppercase", "ssh.pty_term_mode.olcuc",
7139 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7140 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7141
7142 { &hf_ssh_pty_term_mode_onlcr,
7143 { "Map NL to CR-NL", "ssh.pty_term_mode.onlcr",
7144 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7145 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7146
7147 { &hf_ssh_pty_term_mode_ocrnl,
7148 { "Translate carriage return to newline (output)", "ssh.pty_term_mode.ocrnl",
7149 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7150 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7151
7152 { &hf_ssh_pty_term_mode_onocr,
7153 { "Translate newline to carriage-return newline (output)", "ssh.pty_term_mode.onocr",
7154 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7155 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7156
7157 { &hf_ssh_pty_term_mode_onlret,
7158 { "Newline performs a carriage return (output)", "ssh.pty_term_mode.onlret",
7159 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7160 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7161
7162 { &hf_ssh_pty_term_mode_cs7,
7163 { "7 bit mode", "ssh.pty_term_mode.cs7",
7164 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7165 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7166
7167 { &hf_ssh_pty_term_mode_cs8,
7168 { "8 bit mode", "ssh.pty_term_mode.cs8",
7169 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7170 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7171
7172 { &hf_ssh_pty_term_mode_parenb,
7173 { "Parity enable", "ssh.pty_term_mode.parenb",
7174 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7175 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7176
7177 { &hf_ssh_pty_term_mode_parodd,
7178 { "Odd parity", "ssh.pty_term_mode.parodd",
7179 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7180 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7181
7182 { &hf_ssh_pty_term_mode_ispeed,
7183 { "Input baud rate", "ssh.pty_term_mode.ispeed",
7184 FT_UINT32, BASE_DEC|BASE_UNIT_STRING0x00001000, UNS(&units_bit_sec)((0 ? (const struct unit_name_string*)0 : ((&units_bit_sec
)))), 0x0,
7185 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7186
7187 { &hf_ssh_pty_term_mode_ospeed,
7188 { "Output baud rate", "ssh.pty_term_mode.ospeed",
7189 FT_UINT32, BASE_DEC|BASE_UNIT_STRING0x00001000, UNS(&units_bit_sec)((0 ? (const struct unit_name_string*)0 : ((&units_bit_sec
)))), 0x0,
7190 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7191
7192 { &hf_ssh_pty_term_mode_value,
7193 { "Value", "ssh.pty_term_mode.value",
7194 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
7195 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7196
7197 { &hf_ssh_exit_status,
7198 { "Exit status", "ssh.exit_status",
7199 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
7200 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7201
7202 { &hf_ssh_channel_window_adjust,
7203 { "Bytes to add", "ssh.channel_window_adjust",
7204 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
7205 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7206
7207 { &hf_ssh_channel_data_len,
7208 { "Data length", "ssh.channel_data_length",
7209 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
7210 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7211
7212 { &hf_ssh_channel_data_type_code,
7213 { "Data Type Code", "ssh.channel_data_type_code",
7214 FT_UINT32, BASE_DEC, VALS(ssh_channel_data_type_code_vals)((0 ? (const struct _value_string*)0 : ((ssh_channel_data_type_code_vals
)))), 0x0,
7215 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7216
7217 { &hf_ssh_reassembled_in,
7218 { "Reassembled PDU in frame", "ssh.reassembled_in",
7219 FT_FRAMENUM, BASE_NONE, NULL((void*)0), 0x0,
7220 "The PDU that doesn't end in this segment is reassembled in this frame", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7221
7222 { &hf_ssh_reassembled_length,
7223 { "Reassembled PDU length", "ssh.reassembled.length",
7224 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
7225 "The total length of the reassembled payload", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7226
7227 { &hf_ssh_reassembled_data,
7228 { "Reassembled PDU data", "ssh.reassembled.data",
7229 FT_BYTES, BASE_NONE, NULL((void*)0), 0x00,
7230 "The payload of multiple reassembled SSH segments", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7231
7232 { &hf_ssh_segments,
7233 { "Reassembled SSH segments", "ssh.segments",
7234 FT_NONE, BASE_NONE, NULL((void*)0), 0x0,
7235 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7236
7237 { &hf_ssh_segment,
7238 { "SSH segment", "ssh.segment",
7239 FT_FRAMENUM, BASE_NONE, NULL((void*)0), 0x0,
7240 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7241
7242 { &hf_ssh_segment_overlap,
7243 { "Segment overlap", "ssh.segment.overlap",
7244 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7245 "Segment overlaps with other segments", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7246
7247 { &hf_ssh_segment_overlap_conflict,
7248 { "Conflicting data in segment overlap", "ssh.segment.overlap.conflict",
7249 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7250 "Overlapping segments contained conflicting data", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7251
7252 { &hf_ssh_segment_multiple_tails,
7253 { "Multiple tail segments found", "ssh.segment.multipletails",
7254 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7255 "Several tails were found when reassembling the pdu", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7256
7257 { &hf_ssh_segment_too_long_fragment,
7258 { "Segment too long", "ssh.segment.toolongfragment",
7259 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7260 "Segment contained data past end of the pdu", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7261
7262 { &hf_ssh_segment_error,
7263 { "Reassembling error", "ssh.segment.error",
7264 FT_FRAMENUM, BASE_NONE, NULL((void*)0), 0x0,
7265 "Reassembling error due to illegal segments", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7266
7267 { &hf_ssh_segment_count,
7268 { "Segment count", "ssh.segment.count",
7269 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
7270 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7271
7272 { &hf_ssh_segment_data,
7273 { "SSH segment data", "ssh.segment.data",
7274 FT_BYTES, BASE_NONE, NULL((void*)0), 0x00,
7275 "The payload of a single SSH segment", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7276
7277 { &hf_ssh_hybrid_blob_client,
7278 { "Hybrid Key Exchange Blob Client", "ssh.kex_hybrid_blob_client",
7279 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, "Client post-quantum hybrid blob", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
7280 },
7281
7282 { &hf_ssh_hybrid_blob_client_len,
7283 { "Hybrid Key Exchange Blob Client Length", "ssh.kex_hybrid_blob_client_len",
7284 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0, "Length of client post-quantum hybrid blob", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
7285 },
7286
7287 { &hf_ssh_hybrid_blob_server,
7288 { "Hybrid Key Exchange Blob Server", "ssh.kex_hybrid_blob_server",
7289 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, "Server post-quantum hybrid blob", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
7290 },
7291
7292 { &hf_ssh_hybrid_blob_server_len,
7293 { "Hybrid Key Exchange Blob Server Length", "ssh.kex_hybrid_blob_server_len",
7294 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0, "Length of server post-quantum hybrid blob", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
7295 },
7296
7297 { &hf_ssh_pq_kem_client,
7298 { "Client PQ KEM Public Key", "ssh.kex.pq_kem_client",
7299 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
7300 "Post-quantum key (client)", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
7301 },
7302
7303 { &hf_ssh_pq_kem_server,
7304 { "Server PQ KEM Response", "ssh.kex.pq_kem_server",
7305 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
7306 "Post-quantum ciphertext (server response)", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
7307 },
7308
7309 };
7310
7311 static int *ett[] = {
7312 &ett_ssh,
7313 &ett_key_exchange,
7314 &ett_key_exchange_host_key,
7315 &ett_key_exchange_host_sig,
7316 &ett_extension,
7317 &ett_userauth_pk_blob,
7318 &ett_userauth_pk_signature,
7319 &ett_term_modes,
7320 &ett_term_mode,
7321 &ett_ssh1,
7322 &ett_ssh2,
7323 &ett_key_init,
7324 &ett_ssh_segments,
7325 &ett_ssh_pqhybrid_client, // added for PQ hybrid CLIENT dissection
7326 &ett_ssh_pqhybrid_server, // added for PQ hybrid SERVER dissection
7327 &ett_ssh_segment
7328 };
7329
7330 static ei_register_info ei[] = {
7331 { &ei_ssh_packet_length, { "ssh.packet_length.error", PI_PROTOCOL0x09000000, PI_WARN0x00600000, "Invalid packet length", EXPFILL0, ((void*)0), 0, {0, {((void*)0), ((void*)0), FT_NONE, BASE_NONE
, ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE, -1, ((void
*)0)}} }},
7332 { &ei_ssh_padding_length, { "ssh.padding_length.error", PI_PROTOCOL0x09000000, PI_WARN0x00600000, "Invalid padding length", EXPFILL0, ((void*)0), 0, {0, {((void*)0), ((void*)0), FT_NONE, BASE_NONE
, ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE, -1, ((void
*)0)}} }},
7333 { &ei_ssh_packet_decode, { "ssh.packet_decode.error", PI_UNDECODED0x05000000, PI_WARN0x00600000, "Packet decoded length not equal to packet length", EXPFILL0, ((void*)0), 0, {0, {((void*)0), ((void*)0), FT_NONE, BASE_NONE
, ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE, -1, ((void
*)0)}} }},
7334 { &ei_ssh_channel_number, { "ssh.channel_number.error", PI_PROTOCOL0x09000000, PI_WARN0x00600000, "Could not find channel", EXPFILL0, ((void*)0), 0, {0, {((void*)0), ((void*)0), FT_NONE, BASE_NONE
, ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE, -1, ((void
*)0)}} }},
7335 { &ei_ssh_invalid_keylen, { "ssh.key_length.error", PI_PROTOCOL0x09000000, PI_ERROR0x00800000, "Invalid key length", EXPFILL0, ((void*)0), 0, {0, {((void*)0), ((void*)0), FT_NONE, BASE_NONE
, ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE, -1, ((void
*)0)}} }},
7336 { &ei_ssh_mac_bad, { "ssh.mac_bad.expert", PI_CHECKSUM0x01000000, PI_ERROR0x00800000, "Bad MAC", EXPFILL0, ((void*)0), 0, {0, {((void*)0), ((void*)0), FT_NONE, BASE_NONE
, ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE, -1, ((void
*)0)}} }},
7337 { &ei_ssh2_kex_hybrid_msg_code, { "ssh.kex_hybrid_msg_code", PI_SECURITY0x0a000000, PI_NOTE0x00400000, "Hybrid KEX encountered", EXPFILL0, ((void*)0), 0, {0, {((void*)0), ((void*)0), FT_NONE, BASE_NONE
, ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE, -1, ((void
*)0)}} }},
7338 { &ei_ssh2_kex_hybrid_msg_code_unknown, { "ssh.kex_hybrid_msg_code.unknown", PI_UNDECODED0x05000000, PI_NOTE0x00400000, "Unknown KEX_HYBRID message code", EXPFILL0, ((void*)0), 0, {0, {((void*)0), ((void*)0), FT_NONE, BASE_NONE
, ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE, -1, ((void
*)0)}} }},
7339
7340 };
7341 module_t *ssh_module;
7342 expert_module_t *expert_ssh;
7343
7344 proto_ssh = proto_register_protocol("SSH Protocol", "SSH", "ssh");
7345 proto_register_field_array(proto_ssh, hf, array_length(hf)(sizeof (hf) / sizeof (hf)[0]));
7346 proto_register_subtree_array(ett, array_length(ett)(sizeof (ett) / sizeof (ett)[0]));
7347 expert_ssh = expert_register_protocol(proto_ssh);
7348 expert_register_field_array(expert_ssh, ei, array_length(ei)(sizeof (ei) / sizeof (ei)[0]));
7349
7350#ifdef SSH_DECRYPT_DEBUG
7351 ssh_module = prefs_register_protocol(proto_ssh, ssh_prefs_apply_cb);
7352#else
7353 ssh_module = prefs_register_protocol(proto_ssh, NULL((void*)0));
7354#endif
7355 prefs_register_bool_preference(ssh_module, "desegment_buffers",
7356 "Reassemble SSH buffers spanning multiple TCP segments",
7357 "Whether the SSH dissector should reassemble SSH buffers spanning multiple TCP segments. "
7358 "To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
7359 &ssh_desegment);
7360 prefs_register_bool_preference(ssh_module, "ignore_ssh_mac_failed",
7361 "Ignore Message Authentication Code (MAC) failure",
7362 "For troubleshooting purposes, decrypt even if the "
7363 "Message Authentication Code (MAC) check fails.",
7364 &ssh_ignore_mac_failed);
7365
7366 ssh_master_key_map = g_hash_table_new_full(ssh_hash, ssh_equal, ssh_free_glib_allocated_bignum, ssh_free_glib_allocated_entry);
7367 prefs_register_filename_preference(ssh_module, "keylog_file", "Key log filename",
7368 "The path to the file which contains a list of key exchange secrets in the following format:\n"
7369 "\"<hex-encoded-cookie> <PRIVATE_KEY|SHARED_SECRET> <hex-encoded-key>\" (without quotes or leading spaces).\n",
7370 &pref_keylog_file, false0);
7371
7372 prefs_register_filename_preference(ssh_module, "debug_file", "SSH debug file",
7373 "Redirect SSH debug to the file specified. Leave empty to disable debugging "
7374 "or use \"" SSH_DEBUG_USE_STDERR"-" "\" to redirect output to stderr.",
7375 &ssh_debug_file_name, true1);
7376
7377 secrets_register_type(SECRETS_TYPE_SSH0x5353484b, ssh_secrets_block_callback);
7378
7379 ssh_handle = register_dissector("ssh", dissect_ssh, proto_ssh);
7380 reassembly_table_register(&ssh_reassembly_table, &tcp_reassembly_table_functions);
7381 register_shutdown_routine(ssh_shutdown);
7382}
7383
7384void
7385proto_reg_handoff_ssh(void)
7386{
7387#ifdef SSH_DECRYPT_DEBUG
7388 ssh_set_debug(ssh_debug_file_name);
7389#endif
7390 dissector_add_uint_range_with_preference("tcp.port", TCP_RANGE_SSH"22", ssh_handle);
7391 dissector_add_uint("sctp.port", SCTP_PORT_SSH22, ssh_handle);
7392 dissector_add_uint("sctp.ppi", SSH_PAYLOAD_PROTOCOL_ID45, ssh_handle);
7393 sftp_handle = find_dissector_add_dependency("sftp", proto_ssh);
7394 data_text_lines_handle = find_dissector_add_dependency("data-text-lines", proto_ssh);
7395
7396 heur_dissector_add("tcp", dissect_ssh_heur, "SSH over TCP", "ssh_tcp", proto_ssh, HEURISTIC_ENABLE);
7397}
7398
7399/*
7400 * Editor modelines - https://www.wireshark.org/tools/modelines.html
7401 *
7402 * Local variables:
7403 * c-basic-offset: 4
7404 * tab-width: 8
7405 * indent-tabs-mode: nil
7406 * End:
7407 *
7408 * vi: set shiftwidth=4 tabstop=8 expandtab:
7409 * :indentSize=4:tabSize=8:noTabs=true:
7410 */