Bug Summary

File:builds/wireshark/wireshark/epan/dissectors/packet-ssh.c
Warning:line 2711, column 17
Value of 'errno' was not checked and may be overwritten by function 'ferror'

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name packet-ssh.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -fno-delete-null-pointer-checks -mframe-pointer=all -relaxed-aliasing -fmath-errno -ffp-contract=on -fno-rounding-math -ffloat16-excess-precision=fast -fbfloat16-excess-precision=fast -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/builds/wireshark/wireshark/build -fcoverage-compilation-dir=/builds/wireshark/wireshark/build -resource-dir /usr/lib/llvm-22/lib/clang/22 -isystem /usr/include/glib-2.0 -isystem /usr/lib/x86_64-linux-gnu/glib-2.0/include -isystem /builds/wireshark/wireshark/epan/dissectors -isystem /builds/wireshark/wireshark/build/epan/dissectors -isystem /usr/include/mit-krb5 -isystem /usr/include/libxml2 -isystem /builds/wireshark/wireshark/epan -D CARES_NO_DEPRECATED -D G_DISABLE_DEPRECATED -D G_DISABLE_SINGLE_INCLUDES -D WS_BUILD_DLL -D WS_DEBUG -D WS_DEBUG_UTF_8 -I /builds/wireshark/wireshark/build -I /builds/wireshark/wireshark -I /builds/wireshark/wireshark/include -D _GLIBCXX_ASSERTIONS -internal-isystem /usr/lib/llvm-22/lib/clang/22/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/16/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -fmacro-prefix-map=/builds/wireshark/wireshark/= -fmacro-prefix-map=/builds/wireshark/wireshark/build/= -fmacro-prefix-map=../= -Wno-format-nonliteral -std=gnu17 -ferror-limit 19 -fvisibility=hidden -fwrapv -fwrapv-pointer -fstrict-flex-arrays=3 -stack-protector 2 -fstack-clash-protection -fcf-protection=full -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fexceptions -fcolor-diagnostics -analyzer-output=html -faddrsig -fdwarf2-cfi-asm -o /builds/wireshark/wireshark/sbout/2026-06-26-100351-3595-1 -x c /builds/wireshark/wireshark/epan/dissectors/packet-ssh.c
1/* packet-ssh.c
2 * Routines for ssh packet dissection
3 *
4 * Huagang XIE <[email protected]>
5 * Kees Cook <[email protected]>
6 *
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <[email protected]>
9 * Copyright 1998 Gerald Combs
10 *
11 * Copied from packet-mysql.c
12 *
13 * SPDX-License-Identifier: GPL-2.0-or-later
14 *
15 *
16 * Note: support SSH v1 and v2 now.
17 *
18 */
19
20/* SSH version 2 is defined in:
21 *
22 * RFC 4250: The Secure Shell (SSH) Protocol Assigned Numbers
23 * RFC 4251: The Secure Shell (SSH) Protocol Architecture
24 * RFC 4252: The Secure Shell (SSH) Authentication Protocol
25 * RFC 4253: The Secure Shell (SSH) Transport Layer Protocol
26 * RFC 4254: The Secure Shell (SSH) Connection Protocol
27 *
28 * SSH versions under 2 were never officially standardized.
29 *
30 * Diffie-Hellman Group Exchange is defined in:
31 *
32 * RFC 4419: Diffie-Hellman Group Exchange for
33 * the Secure Shell (SSH) Transport Layer Protocol
34 */
35
36/* "SSH" prefixes are for version 2, whereas "SSH1" is for version 1 */
37
38#include "config.h"
39#define WS_LOG_DOMAIN"packet-ssh" "packet-ssh"
40/* Start with WIRESHARK_LOG_DOMAINS=packet-ssh and WIRESHARK_LOG_LEVEL=debug to see messages. */
41
42// Define this to get hex dumps more similar to what you get in openssh. If not defined, dumps look more like what you get with other dissectors.
43#define OPENSSH_STYLE
44
45#include <errno(*__errno_location ()).h>
46
47#include <epan/packet.h>
48#include <epan/exceptions.h>
49#include <epan/prefs.h>
50#include <epan/expert.h>
51#include <epan/proto_data.h>
52#include <epan/tfs.h>
53#include <epan/unit_strings.h>
54#include <wsutil/strtoi.h>
55#include <wsutil/to_str.h>
56#include <wsutil/file_util.h>
57#include <wsutil/filesystem.h>
58#include <wsutil/wsgcrypt.h>
59#include <wsutil/curve25519.h>
60#include <wsutil/pint.h>
61#include <wsutil/str_util.h>
62#include <wsutil/wslog.h>
63#include <epan/secrets.h>
64#include <wiretap/secrets-types.h>
65
66#if defined(HAVE_LIBGNUTLS1)
67#include <gnutls/abstract.h>
68#endif
69
70#include "packet-tcp.h"
71#include "packet-sctp.h"
72
73void proto_register_ssh(void);
74void proto_reg_handoff_ssh(void);
75
76/* SSH Version 1 definition , from openssh ssh1.h */
77#define SSH1_MSG_NONE0 0 /* no message */
78#define SSH1_MSG_DISCONNECT1 1 /* cause (string) */
79#define SSH1_SMSG_PUBLIC_KEY2 2 /* ck,msk,srvk,hostk */
80#define SSH1_CMSG_SESSION_KEY3 3 /* key (BIGNUM) */
81#define SSH1_CMSG_USER4 4 /* user (string) */
82
83
84#define SSH_VERSION_UNKNOWN0 0
85#define SSH_VERSION_11 1
86#define SSH_VERSION_22 2
87
88/* proto data */
89
90typedef struct {
91 uint8_t *data;
92 unsigned length;
93} ssh_bignum;
94
95#define SSH_KEX_CURVE255190x00010000 0x00010000
96#define SSH_KEX_DH_GEX0x00020000 0x00020000
97#define SSH_KEX_DH_GROUP10x00030001 0x00030001
98#define SSH_KEX_DH_GROUP140x00030014 0x00030014
99#define SSH_KEX_DH_GROUP160x00030016 0x00030016
100#define SSH_KEX_DH_GROUP180x00030018 0x00030018
101#define SSH_KEX_SNTRUP761X255190x00040000 0x00040000
102#define SSH_KEX_MLKEM768X255190x00050000 0x00050000
103
104#define SSH_KEX_HASH_SHA11 1
105#define SSH_KEX_HASH_SHA2562 2
106#define SSH_KEX_HASH_SHA5124 4
107
108#define DIGEST_MAX_SIZE48 48
109
110/* The maximum SSH packet_length accepted. If the packet_length field after
111 * attempted decryption is larger than this, the packet will be assumed to
112 * have failed decryption (possibly due to being continuation data).
113 * (This could be made a preference.)
114 */
115#define SSH_MAX_PACKET_LEN32768 32768
116
117typedef struct _ssh_message_info_t {
118 uint32_t sequence_number;
119 unsigned char *plain_data; /**< Decrypted data. */
120 unsigned data_len; /**< Length of decrypted data. */
121 int id; /**< Identifies the exact message within a frame
122 (there can be multiple records in a frame). */
123 uint32_t byte_seq;
124 uint32_t next_byte_seq;
125 struct _ssh_message_info_t* next;
126 uint8_t calc_mac[DIGEST_MAX_SIZE48];
127} ssh_message_info_t;
128
129typedef struct {
130 bool_Bool from_server;
131 ssh_message_info_t * messages;
132} ssh_packet_info_t;
133
134typedef struct _ssh_channel_info_t {
135 uint32_t byte_seq;
136 uint16_t flags;
137 wmem_tree_t *multisegment_pdus;
138 dissector_handle_t handle;
139} ssh_channel_info_t;
140
141struct ssh_peer_data {
142 unsigned counter;
143
144 uint32_t frame_version_start;
145 uint32_t frame_version_end;
146
147 uint32_t frame_key_start;
148 uint32_t frame_key_end;
149 int frame_key_end_offset;
150
151 char* kex_proposal;
152
153 /* For all subsequent proposals,
154 [0] is client-to-server and [1] is server-to-client. */
155#define CLIENT_TO_SERVER_PROPOSAL0 0
156#define SERVER_TO_CLIENT_PROPOSAL1 1
157
158 char* mac_proposals[2];
159 char* mac;
160 int mac_length;
161
162 char* enc_proposals[2];
163 char* enc;
164
165 char* comp_proposals[2];
166 char* comp;
167
168 int length_is_plaintext;
169
170 // see libgcrypt source, gcrypt.h:gcry_cipher_algos
171 unsigned cipher_id;
172 unsigned mac_id;
173 // chacha20 needs two cipher handles
174 gcry_cipher_hd_t cipher, cipher_2;
175 unsigned sequence_number;
176 ssh_bignum *bn_cookie;
177 uint8_t iv[12];
178 uint8_t hmac_iv[DIGEST_MAX_SIZE48];
179 unsigned hmac_iv_len;
180
181 unsigned int rekey_trigger_frame; // for storing new KEXINIT frame value when REKEY
182 bool_Bool rekey_pending; // trace REKEY
183 uint8_t plain0[16];
184 bool_Bool plain0_valid;
185
186 wmem_map_t *channel_info; /**< Map of sender channel numbers to recipient numbers. */
187 wmem_map_t *channel_handles; /**< Map of recipient channel numbers to subdissector handles. */
188 struct ssh_flow_data * global_data;
189};
190
191struct ssh_flow_data {
192 unsigned version;
193
194 /* The address/port of the server */
195 address srv_addr;
196 unsigned srv_port;
197
198 char* kex;
199 int (*kex_specific_dissector)(uint8_t msg_code, tvbuff_t *tvb,
200 packet_info *pinfo, int offset, proto_tree *tree,
201 struct ssh_flow_data *global_data);
202
203 /* [0] is client's, [1] is server's */
204#define CLIENT_PEER_DATA0 0
205#define SERVER_PEER_DATA1 1
206 struct ssh_peer_data peer_data[2];
207
208 const uint8_t *session_id;
209 unsigned session_id_length;
210 ssh_bignum *kex_e;
211 ssh_bignum *kex_f;
212 ssh_bignum *kex_gex_p; // Group modulo
213 ssh_bignum *kex_gex_g; // Group generator
214 ssh_bignum *secret;
215 wmem_array_t *kex_client_version;
216 wmem_array_t *kex_server_version;
217 wmem_array_t *kex_client_key_exchange_init;
218 wmem_array_t *kex_server_key_exchange_init;
219 wmem_array_t *kex_server_host_key_blob;
220 wmem_array_t *kex_gex_bits_min;
221 wmem_array_t *kex_gex_bits_req;
222 wmem_array_t *kex_gex_bits_max;
223 wmem_array_t *kex_shared_secret;
224 bool_Bool do_decrypt;
225 bool_Bool ext_ping_openssh_offered;
226 bool_Bool ext_kex_strict;
227 ssh_bignum new_keys[6];
228 uint8_t *pqkem_ciphertext;
229 uint32_t pqkem_ciphertext_len;
230 uint8_t *curve25519_pub;
231 uint32_t curve25519_pub_len;
232 // storing PQ dissected keys
233 uint8_t *kex_e_pq; // binary material => no bignum (not traditional DH integer / not math ready)
234 uint8_t *kex_f_pq; // binary material => no bignum (not traditional DH integer / not math ready)
235 uint32_t kex_e_pq_len;
236 uint32_t kex_f_pq_len;
237};
238
239typedef struct {
240 char *type; // "PRIVATE_KEY" or "SHARED_SECRET"
241 ssh_bignum *key_material; // Either private key or shared secret
242} ssh_key_map_entry_t;
243
244static GHashTable * ssh_master_key_map;
245
246static int proto_ssh;
247
248/* Version exchange */
249static int hf_ssh_protocol;
250
251/* Framing */
252static int hf_ssh_packet_length;
253static int hf_ssh_packet_length_encrypted;
254static int hf_ssh_padding_length;
255static int hf_ssh_payload;
256static int hf_ssh_encrypted_packet;
257static int hf_ssh_padding_string;
258static int hf_ssh_mac_string;
259static int hf_ssh_mac_status;
260static int hf_ssh_seq_num;
261static int hf_ssh_direction;
262
263/* Message codes */
264static int hf_ssh_msg_code;
265static int hf_ssh2_msg_code;
266static int hf_ssh2_kex_dh_msg_code;
267static int hf_ssh2_kex_dh_gex_msg_code;
268static int hf_ssh2_kex_ecdh_msg_code;
269static int hf_ssh2_kex_hybrid_msg_code;
270static int hf_ssh2_ext_ping_msg_code;
271
272/* Algorithm negotiation */
273static int hf_ssh_cookie;
274static int hf_ssh_kex_algorithms;
275static int hf_ssh_server_host_key_algorithms;
276static int hf_ssh_encryption_algorithms_client_to_server;
277static int hf_ssh_encryption_algorithms_server_to_client;
278static int hf_ssh_mac_algorithms_client_to_server;
279static int hf_ssh_mac_algorithms_server_to_client;
280static int hf_ssh_compression_algorithms_client_to_server;
281static int hf_ssh_compression_algorithms_server_to_client;
282static int hf_ssh_languages_client_to_server;
283static int hf_ssh_languages_server_to_client;
284static int hf_ssh_kex_algorithms_length;
285static int hf_ssh_server_host_key_algorithms_length;
286static int hf_ssh_encryption_algorithms_client_to_server_length;
287static int hf_ssh_encryption_algorithms_server_to_client_length;
288static int hf_ssh_mac_algorithms_client_to_server_length;
289static int hf_ssh_mac_algorithms_server_to_client_length;
290static int hf_ssh_compression_algorithms_client_to_server_length;
291static int hf_ssh_compression_algorithms_server_to_client_length;
292static int hf_ssh_languages_client_to_server_length;
293static int hf_ssh_languages_server_to_client_length;
294static int hf_ssh_first_kex_packet_follows;
295static int hf_ssh_kex_reserved;
296static int hf_ssh_kex_hassh_algo;
297static int hf_ssh_kex_hassh;
298static int hf_ssh_kex_hasshserver_algo;
299static int hf_ssh_kex_hasshserver;
300
301/* Key exchange common elements */
302static int hf_ssh_hostkey_length;
303static int hf_ssh_hostkey_type_length;
304static int hf_ssh_hostkey_type;
305static int hf_ssh_hostkey_data;
306static int hf_ssh_hostkey_rsa_n;
307static int hf_ssh_hostkey_rsa_e;
308static int hf_ssh_hostkey_dsa_p;
309static int hf_ssh_hostkey_dsa_q;
310static int hf_ssh_hostkey_dsa_g;
311static int hf_ssh_hostkey_dsa_y;
312static int hf_ssh_hostkey_ecdsa_curve_id;
313static int hf_ssh_hostkey_ecdsa_curve_id_length;
314static int hf_ssh_hostkey_ecdsa_q;
315static int hf_ssh_hostkey_ecdsa_q_length;
316static int hf_ssh_hostkey_eddsa_key;
317static int hf_ssh_hostkey_eddsa_key_length;
318static int hf_ssh_hostsig_length;
319static int hf_ssh_hostsig_type_length;
320static int hf_ssh_hostsig_type;
321static int hf_ssh_hostsig_rsa;
322static int hf_ssh_hostsig_dsa;
323static int hf_ssh_hostsig_data_length;
324static int hf_ssh_hostsig_data;
325
326/* Key exchange: Diffie-Hellman */
327static int hf_ssh_dh_e;
328static int hf_ssh_dh_f;
329
330/* Key exchange: Diffie-Hellman Group Exchange */
331static int hf_ssh_dh_gex_min;
332static int hf_ssh_dh_gex_nbits;
333static int hf_ssh_dh_gex_max;
334static int hf_ssh_dh_gex_p;
335static int hf_ssh_dh_gex_g;
336
337/* Key exchange: Elliptic Curve Diffie-Hellman */
338static int hf_ssh_ecdh_q_c;
339static int hf_ssh_ecdh_q_c_length;
340static int hf_ssh_ecdh_q_s;
341static int hf_ssh_ecdh_q_s_length;
342
343/* Key exchange: Post-Quantum Hybrid KEM */
344static int hf_ssh_hybrid_blob_client; // client's full PQ blob
345static int hf_ssh_hybrid_blob_client_len;
346static int hf_ssh_hybrid_blob_server; // server's full PQ blob
347static int hf_ssh_hybrid_blob_server_len;
348static int hf_ssh_pq_kem_client; // client's PQ public key
349static int hf_ssh_pq_kem_server; // server's PQ response
350
351/* Extension negotiation */
352static int hf_ssh_ext_count;
353static int hf_ssh_ext_name_length;
354static int hf_ssh_ext_name;
355static int hf_ssh_ext_value_length;
356static int hf_ssh_ext_value;
357static int hf_ssh_ext_server_sig_algs_algorithms;
358static int hf_ssh_ext_delay_compression_algorithms_client_to_server_length;
359static int hf_ssh_ext_delay_compression_algorithms_client_to_server;
360static int hf_ssh_ext_delay_compression_algorithms_server_to_client_length;
361static int hf_ssh_ext_delay_compression_algorithms_server_to_client;
362static int hf_ssh_ext_no_flow_control_value;
363static int hf_ssh_ext_elevation_value;
364static int hf_ssh_ext_prop_publickey_algorithms_algorithms;
365
366/* Miscellaneous */
367static int hf_ssh_mpint_length;
368
369static int hf_ssh_ignore_data_length;
370static int hf_ssh_ignore_data;
371static int hf_ssh_debug_always_display;
372static int hf_ssh_debug_message_length;
373static int hf_ssh_debug_message;
374static int hf_ssh_service_name_length;
375static int hf_ssh_service_name;
376static int hf_ssh_userauth_user_name_length;
377static int hf_ssh_userauth_user_name;
378static int hf_ssh_userauth_change_password;
379static int hf_ssh_userauth_service_name_length;
380static int hf_ssh_userauth_service_name;
381static int hf_ssh_userauth_method_name_length;
382static int hf_ssh_userauth_method_name;
383static int hf_ssh_userauth_have_signature;
384static int hf_ssh_userauth_password_length;
385static int hf_ssh_userauth_password;
386static int hf_ssh_userauth_new_password_length;
387static int hf_ssh_userauth_new_password;
388static int hf_ssh_auth_failure_list_length;
389static int hf_ssh_auth_failure_list;
390static int hf_ssh_userauth_partial_success;
391static int hf_ssh_userauth_pka_name_len;
392static int hf_ssh_userauth_pka_name;
393static int hf_ssh_pk_blob_name_length;
394static int hf_ssh_pk_blob_name;
395static int hf_ssh_blob_length;
396static int hf_ssh_signature_length;
397static int hf_ssh_pk_sig_blob_name_length;
398static int hf_ssh_pk_sig_blob_name;
399static int hf_ssh_connection_type_name_len;
400static int hf_ssh_connection_type_name;
401static int hf_ssh_connection_sender_channel;
402static int hf_ssh_connection_recipient_channel;
403static int hf_ssh_connection_initial_window;
404static int hf_ssh_connection_maximum_packet_size;
405static int hf_ssh_global_request_name_len;
406static int hf_ssh_global_request_name;
407static int hf_ssh_global_request_want_reply;
408static int hf_ssh_global_request_hostkeys_array_len;
409static int hf_ssh_channel_request_name_len;
410static int hf_ssh_channel_request_name;
411static int hf_ssh_channel_request_want_reply;
412static int hf_ssh_subsystem_name_len;
413static int hf_ssh_subsystem_name;
414static int hf_ssh_exec_cmd;
415static int hf_ssh_env_name;
416static int hf_ssh_env_value;
417static int hf_ssh_pty_term;
418static int hf_ssh_pty_term_width_char;
419static int hf_ssh_pty_term_height_row;
420static int hf_ssh_pty_term_width_pixel;
421static int hf_ssh_pty_term_height_pixel;
422static int hf_ssh_pty_term_modes_len;
423static int hf_ssh_pty_term_modes;
424static int hf_ssh_pty_term_mode;
425static int hf_ssh_pty_term_mode_opcode;
426static int hf_ssh_pty_term_mode_vintr;
427static int hf_ssh_pty_term_mode_vquit;
428static int hf_ssh_pty_term_mode_verase;
429static int hf_ssh_pty_term_mode_vkill;
430static int hf_ssh_pty_term_mode_veof;
431static int hf_ssh_pty_term_mode_veol;
432static int hf_ssh_pty_term_mode_veol2;
433static int hf_ssh_pty_term_mode_vstart;
434static int hf_ssh_pty_term_mode_vstop;
435static int hf_ssh_pty_term_mode_vsusp;
436static int hf_ssh_pty_term_mode_vdsusp;
437static int hf_ssh_pty_term_mode_vreprint;
438static int hf_ssh_pty_term_mode_vwerase;
439static int hf_ssh_pty_term_mode_vlnext;
440static int hf_ssh_pty_term_mode_vflush;
441static int hf_ssh_pty_term_mode_vswtch;
442static int hf_ssh_pty_term_mode_vstatus;
443static int hf_ssh_pty_term_mode_vdiscard;
444static int hf_ssh_pty_term_mode_ignpar;
445static int hf_ssh_pty_term_mode_parmrk;
446static int hf_ssh_pty_term_mode_inpck;
447static int hf_ssh_pty_term_mode_istrip;
448static int hf_ssh_pty_term_mode_inlcr;
449static int hf_ssh_pty_term_mode_igncr;
450static int hf_ssh_pty_term_mode_icrnl;
451static int hf_ssh_pty_term_mode_iuclc;
452static int hf_ssh_pty_term_mode_ixon;
453static int hf_ssh_pty_term_mode_ixany;
454static int hf_ssh_pty_term_mode_ixoff;
455static int hf_ssh_pty_term_mode_imaxbel;
456static int hf_ssh_pty_term_mode_iutf8;
457static int hf_ssh_pty_term_mode_isig;
458static int hf_ssh_pty_term_mode_icanon;
459static int hf_ssh_pty_term_mode_xcase;
460static int hf_ssh_pty_term_mode_echo;
461static int hf_ssh_pty_term_mode_echoe;
462static int hf_ssh_pty_term_mode_echok;
463static int hf_ssh_pty_term_mode_echonl;
464static int hf_ssh_pty_term_mode_noflsh;
465static int hf_ssh_pty_term_mode_tostop;
466static int hf_ssh_pty_term_mode_iexten;
467static int hf_ssh_pty_term_mode_echoctl;
468static int hf_ssh_pty_term_mode_echoke;
469static int hf_ssh_pty_term_mode_pendin;
470static int hf_ssh_pty_term_mode_opost;
471static int hf_ssh_pty_term_mode_olcuc;
472static int hf_ssh_pty_term_mode_onlcr;
473static int hf_ssh_pty_term_mode_ocrnl;
474static int hf_ssh_pty_term_mode_onocr;
475static int hf_ssh_pty_term_mode_onlret;
476static int hf_ssh_pty_term_mode_cs7;
477static int hf_ssh_pty_term_mode_cs8;
478static int hf_ssh_pty_term_mode_parenb;
479static int hf_ssh_pty_term_mode_parodd;
480static int hf_ssh_pty_term_mode_ispeed;
481static int hf_ssh_pty_term_mode_ospeed;
482static int hf_ssh_pty_term_mode_value;
483static int hf_ssh_channel_window_adjust;
484static int hf_ssh_channel_data_len;
485static int hf_ssh_channel_data_type_code;
486static int hf_ssh_exit_status;
487static int hf_ssh_disconnect_reason;
488static int hf_ssh_disconnect_description_length;
489static int hf_ssh_disconnect_description;
490static int hf_ssh_lang_tag_length;
491static int hf_ssh_lang_tag;
492static int hf_ssh_ping_data_length;
493static int hf_ssh_ping_data;
494static int hf_ssh_pong_data_length;
495static int hf_ssh_pong_data;
496
497static int hf_ssh_blob;
498static int hf_ssh_blob_e;
499static int hf_ssh_blob_n;
500static int hf_ssh_blob_dsa_p;
501static int hf_ssh_blob_dsa_q;
502static int hf_ssh_blob_dsa_g;
503static int hf_ssh_blob_dsa_y;
504static int hf_ssh_blob_ecdsa_curve_id;
505static int hf_ssh_blob_ecdsa_curve_id_length;
506static int hf_ssh_blob_ecdsa_q;
507static int hf_ssh_blob_ecdsa_q_length;
508static int hf_ssh_blob_eddsa_key;
509static int hf_ssh_blob_eddsa_key_length;
510static int hf_ssh_blob_data;
511
512static int hf_ssh_pk_sig_s_length;
513static int hf_ssh_pk_sig_s;
514
515static int hf_ssh_reassembled_in;
516static int hf_ssh_reassembled_length;
517static int hf_ssh_reassembled_data;
518static int hf_ssh_segments;
519static int hf_ssh_segment;
520static int hf_ssh_segment_overlap;
521static int hf_ssh_segment_overlap_conflict;
522static int hf_ssh_segment_multiple_tails;
523static int hf_ssh_segment_too_long_fragment;
524static int hf_ssh_segment_error;
525static int hf_ssh_segment_count;
526static int hf_ssh_segment_data;
527
528static int ett_ssh;
529static int ett_key_exchange;
530static int ett_key_exchange_host_key;
531static int ett_key_exchange_host_sig;
532static int ett_extension;
533static int ett_userauth_pk_blob;
534static int ett_userauth_pk_signature;
535static int ett_term_modes;
536static int ett_term_mode;
537static int ett_key_init;
538static int ett_ssh1;
539static int ett_ssh2;
540static int ett_ssh_segments;
541static int ett_ssh_segment;
542static int ett_ssh_pqhybrid_client;
543static int ett_ssh_pqhybrid_server;
544
545static expert_field ei_ssh_packet_length;
546static expert_field ei_ssh_padding_length;
547static expert_field ei_ssh_packet_decode;
548static expert_field ei_ssh_channel_number;
549static expert_field ei_ssh_invalid_keylen;
550static expert_field ei_ssh_mac_bad;
551static expert_field ei_ssh2_kex_hybrid_msg_code;
552static expert_field ei_ssh2_kex_hybrid_msg_code_unknown;
553
554static bool_Bool ssh_desegment = true1;
555static bool_Bool ssh_ignore_mac_failed;
556
557static dissector_handle_t ssh_handle;
558static dissector_handle_t sftp_handle;
559static dissector_handle_t data_text_lines_handle;
560
561static const char *pref_keylog_file;
562static FILE *ssh_keylog_file;
563
564static reassembly_table ssh_reassembly_table;
565
566static const fragment_items ssh_segment_items = {
567 &ett_ssh_segment,
568 &ett_ssh_segments,
569 &hf_ssh_segments,
570 &hf_ssh_segment,
571 &hf_ssh_segment_overlap,
572 &hf_ssh_segment_overlap_conflict,
573 &hf_ssh_segment_multiple_tails,
574 &hf_ssh_segment_too_long_fragment,
575 &hf_ssh_segment_error,
576 &hf_ssh_segment_count,
577 &hf_ssh_reassembled_in,
578 &hf_ssh_reassembled_length,
579 &hf_ssh_reassembled_data,
580 "Segments"
581};
582
583#define SSH_DECRYPT_DEBUG
584
585#ifdef SSH_DECRYPT_DEBUG
586static const char *ssh_debug_file_name;
587#endif
588
589#define TCP_RANGE_SSH"22" "22"
590#define SCTP_PORT_SSH22 22
591
592/* Message Numbers (from RFC 4250) (1-255) */
593
594/* Transport layer protocol: generic (1-19) */
595#define SSH_MSG_DISCONNECT1 1
596#define SSH_MSG_IGNORE2 2
597#define SSH_MSG_UNIMPLEMENTED3 3
598#define SSH_MSG_DEBUG4 4
599#define SSH_MSG_SERVICE_REQUEST5 5
600#define SSH_MSG_SERVICE_ACCEPT6 6
601#define SSH_MSG_EXT_INFO7 7
602#define SSH_MSG_NEWCOMPRESS8 8
603
604/* Transport layer protocol: Algorithm negotiation (20-29) */
605#define SSH_MSG_KEXINIT20 20
606#define SSH_MSG_NEWKEYS21 21
607
608/* Transport layer: Key exchange method specific (reusable) (30-49) */
609#define SSH_MSG_KEXDH_INIT30 30
610#define SSH_MSG_KEXDH_REPLY31 31
611
612#define SSH_MSG_KEX_DH_GEX_REQUEST_OLD30 30
613#define SSH_MSG_KEX_DH_GEX_GROUP31 31
614#define SSH_MSG_KEX_DH_GEX_INIT32 32
615#define SSH_MSG_KEX_DH_GEX_REPLY33 33
616#define SSH_MSG_KEX_DH_GEX_REQUEST34 34
617
618#define SSH_MSG_KEX_ECDH_INIT30 30
619#define SSH_MSG_KEX_ECDH_REPLY31 31
620
621#define SSH_MSG_KEX_HYBRID_INIT30 30
622#define SSH_MSG_KEX_HYBRID_REPLY31 31
623
624/* User authentication protocol: generic (50-59) */
625#define SSH_MSG_USERAUTH_REQUEST50 50
626#define SSH_MSG_USERAUTH_FAILURE51 51
627#define SSH_MSG_USERAUTH_SUCCESS52 52
628#define SSH_MSG_USERAUTH_BANNER53 53
629
630/* User authentication protocol: method specific (reusable) (50-79) */
631#define SSH_MSG_USERAUTH_PK_OK60 60
632
633/* Connection protocol: generic (80-89) */
634#define SSH_MSG_GLOBAL_REQUEST80 80
635#define SSH_MSG_REQUEST_SUCCESS81 81
636#define SSH_MSG_REQUEST_FAILURE82 82
637
638/* Connection protocol: channel related messages (90-127) */
639#define SSH_MSG_CHANNEL_OPEN90 90
640#define SSH_MSG_CHANNEL_OPEN_CONFIRMATION91 91
641#define SSH_MSG_CHANNEL_OPEN_FAILURE92 92
642#define SSH_MSG_CHANNEL_WINDOW_ADJUST93 93
643#define SSH_MSG_CHANNEL_DATA94 94
644#define SSH_MSG_CHANNEL_EXTENDED_DATA95 95
645#define SSH_MSG_CHANNEL_EOF96 96
646#define SSH_MSG_CHANNEL_CLOSE97 97
647#define SSH_MSG_CHANNEL_REQUEST98 98
648#define SSH_MSG_CHANNEL_SUCCESS99 99
649#define SSH_MSG_CHANNEL_FAILURE100 100
650
651/* 128-191 reserved for client protocols */
652/* 192-255 local extensions */
653#define SSH_MSG_PING192 192
654#define SSH_MSG_PONG193 193
655
656#define CIPHER_AES128_CTR0x00010001 0x00010001
657#define CIPHER_AES192_CTR0x00010003 0x00010003
658#define CIPHER_AES256_CTR0x00010004 0x00010004
659#define CIPHER_AES128_CBC0x00020001 0x00020001
660#define CIPHER_AES192_CBC0x00020002 0x00020002
661#define CIPHER_AES256_CBC0x00020004 0x00020004
662#define CIPHER_AES128_GCM0x00040001 0x00040001
663//#define CIPHER_AES192_GCM 0x00040002 -- does not exist
664#define CIPHER_AES256_GCM0x00040004 0x00040004
665// DO NOT USE 0x00040000 (used by SSH_KEX_SNTRUP761X25519)
666#define CIPHER_NULL0x00080000 0x00080000
667
668#define CIPHER_MAC_SHA2_2560x00020001 0x00020001
669
670#define SSH_EXTENDED_DATA_STDERR1 1
671
672#define SSH_TTY_OP_END0 0
673#define SSH_TTY_OP_VINTR1 1
674#define SSH_TTY_OP_VQUIT2 2
675#define SSH_TTY_OP_VERASE3 3
676#define SSH_TTY_OP_VKILL4 4
677#define SSH_TTY_OP_VEOF5 5
678#define SSH_TTY_OP_VEOL6 6
679#define SSH_TTY_OP_VEOL27 7
680#define SSH_TTY_OP_VSTART8 8
681#define SSH_TTY_OP_VSTOP9 9
682#define SSH_TTY_OP_VSUSP10 10
683#define SSH_TTY_OP_VDSUSP11 11
684#define SSH_TTY_OP_VREPRINT12 12
685#define SSH_TTY_OP_VWERASE13 13
686#define SSH_TTY_OP_VLNEXT14 14
687#define SSH_TTY_OP_VFLUSH15 15
688#define SSH_TTY_OP_VSWTCH16 16
689#define SSH_TTY_OP_VSTATUS17 17
690#define SSH_TTY_OP_VDISCARD18 18
691#define SSH_TTY_OP_IGNPAR30 30
692#define SSH_TTY_OP_PARMRK31 31
693#define SSH_TTY_OP_INPCK32 32
694#define SSH_TTY_OP_ISTRIP33 33
695#define SSH_TTY_OP_INLCR34 34
696#define SSH_TTY_OP_IGNCR35 35
697#define SSH_TTY_OP_ICRNL36 36
698#define SSH_TTY_OP_IUCLC37 37
699#define SSH_TTY_OP_IXON38 38
700#define SSH_TTY_OP_IXANY39 39
701#define SSH_TTY_OP_IXOFF40 40
702#define SSH_TTY_OP_IMAXBEL41 41
703#define SSH_TTY_OP_IUTF842 42
704#define SSH_TTY_OP_ISIG50 50
705#define SSH_TTY_OP_ICANON51 51
706#define SSH_TTY_OP_XCASE52 52
707#define SSH_TTY_OP_ECHO53 53
708#define SSH_TTY_OP_ECHOE54 54
709#define SSH_TTY_OP_ECHOK55 55
710#define SSH_TTY_OP_ECHONL56 56
711#define SSH_TTY_OP_NOFLSH57 57
712#define SSH_TTY_OP_TOSTOP58 58
713#define SSH_TTY_OP_IEXTEN59 59
714#define SSH_TTY_OP_ECHOCTL60 60
715#define SSH_TTY_OP_ECHOKE61 61
716#define SSH_TTY_OP_PENDIN62 62
717#define SSH_TTY_OP_OPOST70 70
718#define SSH_TTY_OP_OLCUC71 71
719#define SSH_TTY_OP_ONLCR72 72
720#define SSH_TTY_OP_OCRNL73 73
721#define SSH_TTY_OP_ONOCR74 74
722#define SSH_TTY_OP_ONLRET75 75
723#define SSH_TTY_OP_CS790 90
724#define SSH_TTY_OP_CS891 91
725#define SSH_TTY_OP_PARENB92 92
726#define SSH_TTY_OP_PARODD93 93
727#define SSH_TTY_OP_ISPEED128 128
728#define SSH_TTY_OP_OSPEED129 129
729
730static const value_string ssh2_msg_vals[] = {
731 { SSH_MSG_DISCONNECT1, "Disconnect" },
732 { SSH_MSG_IGNORE2, "Ignore" },
733 { SSH_MSG_UNIMPLEMENTED3, "Unimplemented" },
734 { SSH_MSG_DEBUG4, "Debug" },
735 { SSH_MSG_SERVICE_REQUEST5, "Service Request" },
736 { SSH_MSG_SERVICE_ACCEPT6, "Service Accept" },
737 { SSH_MSG_EXT_INFO7, "Extension Information" },
738 { SSH_MSG_NEWCOMPRESS8, "New Compression" },
739 { SSH_MSG_KEXINIT20, "Key Exchange Init" },
740 { SSH_MSG_NEWKEYS21, "New Keys" },
741 { SSH_MSG_USERAUTH_REQUEST50, "User Authentication Request" },
742 { SSH_MSG_USERAUTH_FAILURE51, "User Authentication Failure" },
743 { SSH_MSG_USERAUTH_SUCCESS52, "User Authentication Success" },
744 { SSH_MSG_USERAUTH_BANNER53, "User Authentication Banner" },
745 { SSH_MSG_GLOBAL_REQUEST80, "Global Request" },
746 { SSH_MSG_REQUEST_SUCCESS81, "Request Success" },
747 { SSH_MSG_REQUEST_FAILURE82, "Request Failure" },
748 { SSH_MSG_CHANNEL_OPEN90, "Channel Open" },
749 { SSH_MSG_CHANNEL_OPEN_CONFIRMATION91, "Channel Open Confirmation" },
750 { SSH_MSG_CHANNEL_OPEN_FAILURE92, "Channel Open Failure" },
751 { SSH_MSG_CHANNEL_WINDOW_ADJUST93, "Window Adjust" },
752 { SSH_MSG_CHANNEL_DATA94, "Channel Data" },
753 { SSH_MSG_CHANNEL_EXTENDED_DATA95, "Channel Extended Data" },
754 { SSH_MSG_CHANNEL_EOF96, "Channel EOF" },
755 { SSH_MSG_CHANNEL_CLOSE97, "Channel Close" },
756 { SSH_MSG_CHANNEL_REQUEST98, "Channel Request" },
757 { SSH_MSG_CHANNEL_SUCCESS99, "Channel Success" },
758 { SSH_MSG_CHANNEL_FAILURE100, "Channel Failure" },
759 { SSH_MSG_USERAUTH_PK_OK60, "Public Key algorithm accepted" },
760 { 0, NULL((void*)0) }
761};
762
763static const value_string ssh2_kex_dh_msg_vals[] = {
764 { SSH_MSG_KEXDH_INIT30, "Diffie-Hellman Key Exchange Init" },
765 { SSH_MSG_KEXDH_REPLY31, "Diffie-Hellman Key Exchange Reply" },
766 { 0, NULL((void*)0) }
767};
768
769static const value_string ssh2_kex_dh_gex_msg_vals[] = {
770 { SSH_MSG_KEX_DH_GEX_REQUEST_OLD30, "Diffie-Hellman Group Exchange Request (Old)" },
771 { SSH_MSG_KEX_DH_GEX_GROUP31, "Diffie-Hellman Group Exchange Group" },
772 { SSH_MSG_KEX_DH_GEX_INIT32, "Diffie-Hellman Group Exchange Init" },
773 { SSH_MSG_KEX_DH_GEX_REPLY33, "Diffie-Hellman Group Exchange Reply" },
774 { SSH_MSG_KEX_DH_GEX_REQUEST34, "Diffie-Hellman Group Exchange Request" },
775 { 0, NULL((void*)0) }
776};
777
778static const value_string ssh2_kex_ecdh_msg_vals[] = {
779 { SSH_MSG_KEX_ECDH_INIT30, "Elliptic Curve Diffie-Hellman Key Exchange Init" },
780 { SSH_MSG_KEX_ECDH_REPLY31, "Elliptic Curve Diffie-Hellman Key Exchange Reply" },
781 { 0, NULL((void*)0) }
782};
783
784static const value_string ssh2_kex_hybrid_msg_vals[] = {
785 { SSH_MSG_KEX_HYBRID_INIT30, "PQ/T Hybrid Key Exchange Init" },
786 { SSH_MSG_KEX_HYBRID_REPLY31, "PQ/T Hybrid Key Exchange Reply" },
787 { 0, NULL((void*)0) }
788};
789
790static const value_string ssh2_ext_ping_msg_vals[] = {
791 { SSH_MSG_PING192, "Ping" },
792 { SSH_MSG_PONG193, "Pong" },
793 { 0, NULL((void*)0) }
794};
795
796static const value_string ssh1_msg_vals[] = {
797 {SSH1_MSG_NONE0, "No Message"},
798 {SSH1_MSG_DISCONNECT1, "Disconnect"},
799 {SSH1_SMSG_PUBLIC_KEY2, "Public Key"},
800 {SSH1_CMSG_SESSION_KEY3, "Session Key"},
801 {SSH1_CMSG_USER4, "User"},
802 {0, NULL((void*)0)}
803};
804
805static const value_string ssh_channel_data_type_code_vals[] = {
806 { SSH_EXTENDED_DATA_STDERR1, "Standard Error" },
807 { 0, NULL((void*)0) }
808};
809
810static const value_string ssh_tty_op_vals[] = {
811 { SSH_TTY_OP_END0, "TTY_OP_END" }, // [RFC4250]
812 { SSH_TTY_OP_VINTR1, "VINTR" }, // [RFC4254],Section 8
813 { SSH_TTY_OP_VQUIT2, "VQUIT" }, // [RFC4254],Section 8
814 { SSH_TTY_OP_VERASE3, "VERASE" }, // [RFC4254],Section 8
815 { SSH_TTY_OP_VKILL4, "VKILL" }, // [RFC4254], Section 8
816 { SSH_TTY_OP_VEOF5, "VEOF" }, // [RFC4254],Section 8
817 { SSH_TTY_OP_VEOL6, "VEOL" }, // [RFC4254],Section 8
818 { SSH_TTY_OP_VEOL27, "VEOL2" }, // [RFC4254], Section 8
819 { SSH_TTY_OP_VSTART8, "VSTART" }, // [RFC4254],Section 8
820 { SSH_TTY_OP_VSTOP9, "VSTOP" }, // [RFC4254], Section 8
821 { SSH_TTY_OP_VSUSP10, "VSUSP" }, // [RFC4254], Section 8
822 { SSH_TTY_OP_VDSUSP11, "VDSUSP" }, // [RFC4254], Section 8
823 { SSH_TTY_OP_VREPRINT12, "VREPRINT" }, // [RFC4254], Section 8
824 { SSH_TTY_OP_VWERASE13, "VWERASE" }, // [RFC4254], Section 8
825 { SSH_TTY_OP_VLNEXT14, "VLNEXT" }, // [RFC4254],Section 8
826 { SSH_TTY_OP_VFLUSH15, "VFLUSH" }, // [RFC4254], Section 8
827 { SSH_TTY_OP_VSWTCH16, "VSWTCH" }, // [RFC4254], Section 8
828 { SSH_TTY_OP_VSTATUS17, "VSTATUS" }, // [RFC4254],Section 8
829 { SSH_TTY_OP_VDISCARD18, "VDISCARD" }, // [RFC4254], Section 8
830 { SSH_TTY_OP_IGNPAR30, "IGNPAR" }, // [RFC4254],Section 8
831 { SSH_TTY_OP_PARMRK31, "PARMRK" }, // [RFC4254], Section 8
832 { SSH_TTY_OP_INPCK32, "INPCK" }, // [RFC4254], Section 8
833 { SSH_TTY_OP_ISTRIP33, "ISTRIP" }, // [RFC4254], Section 8
834 { SSH_TTY_OP_INLCR34, "INLCR" }, // [RFC4254], Section 8
835 { SSH_TTY_OP_IGNCR35, "IGNCR" }, // [RFC4254], Section 8
836 { SSH_TTY_OP_ICRNL36, "ICRNL" }, // [RFC4254], Section 8
837 { SSH_TTY_OP_IUCLC37, "IUCLC" }, // [RFC4254],Section 8
838 { SSH_TTY_OP_IXON38, "IXON" }, // [RFC4254], Section 8
839 { SSH_TTY_OP_IXANY39, "IXANY" }, // [RFC4254], Section 8
840 { SSH_TTY_OP_IXOFF40, "IXOFF" }, // [RFC4254], Section 8
841 { SSH_TTY_OP_IMAXBEL41, "IMAXBEL" }, // [RFC4254], Section 8
842 { SSH_TTY_OP_IUTF842, "IUTF8" }, // [RFC8160],
843 { SSH_TTY_OP_ISIG50, "ISIG" }, // [RFC4254], Section 8
844 { SSH_TTY_OP_ICANON51, "ICANON" }, // [RFC4254], Section 8
845 { SSH_TTY_OP_XCASE52, "XCASE" }, // [RFC4254],Section 8
846 { SSH_TTY_OP_ECHO53, "ECHO" }, // [RFC4254], Section 8
847 { SSH_TTY_OP_ECHOE54, "ECHOE" }, // [RFC4254], Section 8
848 { SSH_TTY_OP_ECHOK55, "ECHOK" }, // [RFC4254], Section 8
849 { SSH_TTY_OP_ECHONL56, "ECHONL" }, // [RFC4254], Section 8
850 { SSH_TTY_OP_NOFLSH57, "NOFLSH" }, // [RFC4254],Section 8
851 { SSH_TTY_OP_TOSTOP58, "TOSTOP" }, // [RFC4254], Section 8
852 { SSH_TTY_OP_IEXTEN59, "IEXTEN" }, // [RFC4254], Section 8
853 { SSH_TTY_OP_ECHOCTL60, "ECHOCTL" }, // [RFC4254], Section 8
854 { SSH_TTY_OP_ECHOKE61, "ECHOKE" }, // [RFC4254], Section 8
855 { SSH_TTY_OP_PENDIN62, "PENDIN" }, // [RFC4254], Section 8
856 { SSH_TTY_OP_OPOST70, "OPOST" }, // [RFC4254], Section 8
857 { SSH_TTY_OP_OLCUC71, "OLCUC" }, // [RFC4254], Section 8
858 { SSH_TTY_OP_ONLCR72, "ONLCR" }, // [RFC4254], Section 8
859 { SSH_TTY_OP_OCRNL73, "OCRNL" }, // [RFC4254],Section 8
860 { SSH_TTY_OP_ONOCR74, "ONOCR" }, // [RFC4254],Section 8
861 { SSH_TTY_OP_ONLRET75, "ONLRET" }, // [RFC4254],Section 8
862 { SSH_TTY_OP_CS790, "CS7" }, // [RFC4254], Section 8
863 { SSH_TTY_OP_CS891, "CS8" }, // [RFC4254], Section 8
864 { SSH_TTY_OP_PARENB92, "PARENB" }, // [RFC4254], Section 8
865 { SSH_TTY_OP_PARODD93, "PARODD" }, // [RFC4254], Section 8
866 { SSH_TTY_OP_ISPEED128, "TTY_OP_ISPEED" }, // [RFC4254],Section 8
867 { SSH_TTY_OP_OSPEED129, "TTY_OP_OSPEED" }, // [RFC4254],Section 8
868 { 0, NULL((void*)0) }
869};
870
871static int ssh_dissect_key_init(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *tree,
872 int is_response,
873 struct ssh_flow_data *global_data);
874static int ssh_dissect_proposal(tvbuff_t *tvb, int offset, proto_tree *tree,
875 int hf_index_length, int hf_index_value, char **store);
876static int ssh_dissect_ssh1(tvbuff_t *tvb, packet_info *pinfo,
877 struct ssh_flow_data *global_data,
878 int offset, proto_tree *tree, int is_response,
879 bool_Bool *need_desegmentation);
880static int ssh_dissect_ssh2(tvbuff_t *tvb, packet_info *pinfo,
881 struct ssh_flow_data *global_data,
882 int offset, proto_tree *tree, int is_response,
883 bool_Bool *need_desegmentation);
884static int ssh_dissect_key_exchange(tvbuff_t *tvb, packet_info *pinfo,
885 struct ssh_flow_data *global_data,
886 int offset, proto_tree *tree, int is_response,
887 bool_Bool *need_desegmentation);
888static int ssh_dissect_kex_dh(uint8_t msg_code, tvbuff_t *tvb,
889 packet_info *pinfo, int offset, proto_tree *tree,
890 struct ssh_flow_data *global_data);
891static int ssh_dissect_kex_dh_gex(uint8_t msg_code, tvbuff_t *tvb,
892 packet_info *pinfo, int offset, proto_tree *tree,
893 struct ssh_flow_data *global_data);
894static int ssh_dissect_kex_ecdh(uint8_t msg_code, tvbuff_t *tvb,
895 packet_info *pinfo, int offset, proto_tree *tree,
896 struct ssh_flow_data *global_data);
897static int ssh_dissect_kex_pq_hybrid(uint8_t msg_code, tvbuff_t *tvb,
898 packet_info *pinfo, int offset, proto_tree *tree,
899 struct ssh_flow_data *global_data);
900static int // add support of client PQ hybrid key (e)
901ssh_read_e_pq(tvbuff_t *tvb, int offset, struct ssh_flow_data *global_data);
902static int // add support of server PQ hybrid key (f)
903ssh_read_f_pq(tvbuff_t *tvb, int offset, struct ssh_flow_data *global_data);
904static int ssh_dissect_protocol(tvbuff_t *tvb, packet_info *pinfo,
905 struct ssh_flow_data *global_data,
906 unsigned offset, proto_tree *tree, int is_response, unsigned *version,
907 bool_Bool *need_desegmentation);
908static int ssh_try_dissect_encrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
909 struct ssh_peer_data *peer_data, int offset, proto_tree *tree);
910static int ssh_dissect_encrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
911 struct ssh_peer_data *peer_data,
912 int offset, proto_tree *tree);
913static bool_Bool ssh_choose_algo(char *client, char *server, char **result);
914static void ssh_set_mac_length(struct ssh_peer_data *peer_data);
915static void ssh_set_kex_specific_dissector(struct ssh_flow_data *global_data);
916
917static void ssh_keylog_read_file(void);
918static void ssh_keylog_process_line(const char *line);
919static void ssh_keylog_process_lines(const uint8_t *data, unsigned datalen);
920static void ssh_keylog_reset(void);
921static ssh_bignum *ssh_kex_make_bignum(const uint8_t *data, unsigned length);
922static bool_Bool ssh_read_e(tvbuff_t *tvb, int offset,
923 struct ssh_flow_data *global_data);
924static bool_Bool ssh_read_f(tvbuff_t *tvb, int offset,
925 struct ssh_flow_data *global_data);
926static ssh_bignum * ssh_read_mpint(tvbuff_t *tvb, int offset);
927static void ssh_keylog_hash_write_secret(struct ssh_flow_data *global_data, wmem_allocator_t* tmp_allocator);
928static ssh_bignum *ssh_kex_shared_secret(int kex_type, ssh_bignum *pub, ssh_bignum *priv, ssh_bignum *modulo);
929static void ssh_hash_buffer_put_string(wmem_array_t *buffer, const uint8_t *string,
930 unsigned len);
931static void ssh_hash_buffer_put_uint32(wmem_array_t *buffer, unsigned val);
932static char *ssh_string(wmem_allocator_t* allocator, const uint8_t *string, unsigned len);
933static void ssh_derive_symmetric_keys(ssh_bignum *shared_secret,
934 uint8_t *exchange_hash, unsigned hash_length,
935 struct ssh_flow_data *global_data);
936static void ssh_derive_symmetric_key(ssh_bignum *shared_secret,
937 const uint8_t *exchange_hash, unsigned hash_length, char id,
938 ssh_bignum *result_key, struct ssh_flow_data *global_data, unsigned we_need);
939
940static void ssh_choose_enc_mac(struct ssh_flow_data *global_data);
941static void ssh_decryption_set_cipher_id(struct ssh_peer_data *peer);
942static void ssh_decryption_setup_cipher(struct ssh_peer_data *peer,
943 ssh_bignum *iv, ssh_bignum *key);
944static void ssh_decryption_set_mac_id(struct ssh_peer_data *peer);
945static void ssh_decryption_setup_mac(struct ssh_peer_data *peer,
946 ssh_bignum *iv);
947static ssh_packet_info_t* ssh_get_packet_info(packet_info *pinfo, bool_Bool is_response);
948static ssh_message_info_t* ssh_get_message(packet_info *pinfo, int record_id);
949static unsigned ssh_decrypt_packet(tvbuff_t *tvb, packet_info *pinfo,
950 struct ssh_peer_data *peer_data, int offset);
951static bool_Bool ssh_decrypt_chacha20(gcry_cipher_hd_t hd, uint32_t seqnr,
952 uint32_t counter, const unsigned char *ctext, unsigned ctext_len,
953 unsigned char *plain, unsigned plain_len);
954static int ssh_dissect_decrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
955 struct ssh_peer_data *peer_data, proto_tree *tree,
956 ssh_message_info_t *message);
957static int ssh_dissect_transport_generic(tvbuff_t *packet_tvb, packet_info *pinfo,
958 int offset, struct ssh_peer_data *peer_data, proto_item *msg_type_tree, unsigned msg_code);
959static int ssh_dissect_rfc8308_extension(tvbuff_t *packet_tvb, packet_info *pinfo,
960 int offset, struct ssh_peer_data *peer_data, proto_item *msg_type_tree);
961static int ssh_dissect_userauth_generic(tvbuff_t *packet_tvb, packet_info *pinfo,
962 int offset, proto_item *msg_type_tree, unsigned msg_code);
963static int ssh_dissect_userauth_specific(tvbuff_t *packet_tvb, packet_info *pinfo,
964 int offset, proto_item *msg_type_tree, unsigned msg_code);
965static int ssh_dissect_connection_specific(tvbuff_t *packet_tvb, packet_info *pinfo,
966 struct ssh_peer_data *peer_data, int offset, proto_item *msg_type_tree,
967 unsigned msg_code, ssh_message_info_t *message);
968static int ssh_dissect_connection_generic(tvbuff_t *packet_tvb, packet_info *pinfo,
969 int offset, proto_item *msg_type_tree, unsigned msg_code);
970static int ssh_dissect_local_extension(tvbuff_t *packet_tvb, packet_info *pinfo,
971 int offset, struct ssh_peer_data *peer_data, proto_item *msg_type_tree, unsigned msg_code);
972static int ssh_dissect_public_key_blob(tvbuff_t *tvb, packet_info *pinfo,
973 proto_item *msg_type_tree);
974static int ssh_dissect_public_key_signature(tvbuff_t *packet_tvb, packet_info *pinfo,
975 int offset, proto_item *msg_type_tree);
976
977static void create_channel(struct ssh_peer_data *peer_data, uint32_t recipient_channel, uint32_t sender_channel);
978static ssh_channel_info_t* get_channel_info_for_channel(struct ssh_peer_data *peer_data, uint32_t recipient_channel);
979static void set_subdissector_for_channel(struct ssh_peer_data *peer_data, uint32_t recipient_channel, const char* subsystem_name);
980
981#define SSH_DEBUG_USE_STDERR"-" "-"
982
983#ifdef SSH_DECRYPT_DEBUG
984static void
985ssh_debug_printf(const char* fmt,...) G_GNUC_PRINTF(1,2)__attribute__((__format__ (__printf__, 1, 2)));
986static void
987ssh_print_data(const char* name, const unsigned char* data, size_t len);
988static void
989ssh_set_debug(const char* name);
990static void
991ssh_debug_flush(void);
992#else
993
994/* No debug: nullify debug operation*/
995static inline void G_GNUC_PRINTF(1,2)__attribute__((__format__ (__printf__, 1, 2)))
996ssh_debug_printf(const char* fmt _U___attribute__((unused)),...)
997{
998}
999#define ssh_print_data(a, b, c)
1000#define ssh_print_string(a, b)
1001#define ssh_set_debug(name)
1002#define ssh_debug_flush()
1003
1004#endif /* SSH_DECRYPT_DEBUG */
1005
1006static void
1007ssh_set_server(struct ssh_flow_data *global_data, address *addr, uint32_t port)
1008{
1009 copy_address_wmem(wmem_file_scope(), &global_data->srv_addr, addr);
1010 global_data->srv_port = port;
1011}
1012
1013static bool_Bool
1014ssh_packet_from_server(struct ssh_flow_data *session, const packet_info *pinfo)
1015{
1016 bool_Bool ret;
1017 if (session && session->srv_addr.type != AT_NONE) {
1018 ret = (session->srv_port == pinfo->srcport) &&
1019 addresses_equal(&session->srv_addr, &pinfo->src);
1020 } else {
1021 ret = (pinfo->match_uint == pinfo->srcport);
1022 }
1023
1024 ssh_debug_printf("packet_from_server: is from server - %s\n", (ret)?"TRUE":"FALSE");
1025 return ret;
1026}
1027
1028static bool_Bool
1029ssh_peer_data_from_server(struct ssh_peer_data* peer_data) {
1030 return &peer_data->global_data->peer_data[SERVER_PEER_DATA1] == peer_data;
1031}
1032
1033static int
1034dissect_ssh(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U___attribute__((unused)))
1035{
1036 proto_tree *ssh_tree;
1037 proto_item *ti;
1038 conversation_t *conversation;
1039 int last_offset, offset = 0;
1040
1041 bool_Bool is_response,
1042 need_desegmentation;
1043 unsigned version;
1044
1045 struct ssh_flow_data *global_data = NULL((void*)0);
1046 struct ssh_peer_data *peer_data;
1047
1048 ssh_debug_printf("\ndissect_ssh enter frame #%u (%s)\n", pinfo->num, (pinfo->fd->visited)?"already visited":"first time");
1049
1050 conversation = find_or_create_conversation(pinfo);
1051
1052 global_data = (struct ssh_flow_data *)conversation_get_proto_data(conversation, proto_ssh);
1053 if (!global_data) {
1054 global_data = wmem_new0(wmem_file_scope(), struct ssh_flow_data)((struct ssh_flow_data*)wmem_alloc0((wmem_file_scope()), sizeof
(struct ssh_flow_data)));
1055 global_data->version = SSH_VERSION_UNKNOWN0;
1056 global_data->kex_specific_dissector = ssh_dissect_kex_dh;
1057 global_data->peer_data[CLIENT_PEER_DATA0].mac_length = -1;
1058 global_data->peer_data[SERVER_PEER_DATA1].mac_length = -1;
1059 global_data->peer_data[CLIENT_PEER_DATA0].sequence_number = 0;
1060 global_data->peer_data[SERVER_PEER_DATA1].sequence_number = 0;
1061 global_data->peer_data[CLIENT_PEER_DATA0].bn_cookie = NULL((void*)0);
1062 global_data->peer_data[SERVER_PEER_DATA1].bn_cookie = NULL((void*)0);
1063 global_data->peer_data[CLIENT_PEER_DATA0].global_data = global_data;
1064 global_data->peer_data[SERVER_PEER_DATA1].global_data = global_data;
1065 global_data->kex_client_version = wmem_array_new(wmem_file_scope(), 1);
1066 global_data->kex_server_version = wmem_array_new(wmem_file_scope(), 1);
1067 global_data->kex_client_key_exchange_init = wmem_array_new(wmem_file_scope(), 1);
1068 global_data->kex_server_key_exchange_init = wmem_array_new(wmem_file_scope(), 1);
1069 global_data->kex_server_host_key_blob = wmem_array_new(wmem_file_scope(), 1);
1070 global_data->kex_gex_bits_min = wmem_array_new(wmem_file_scope(), 1);
1071 global_data->kex_gex_bits_req = wmem_array_new(wmem_file_scope(), 1);
1072 global_data->kex_gex_bits_max = wmem_array_new(wmem_file_scope(), 1);
1073 global_data->kex_shared_secret = wmem_array_new(wmem_file_scope(), 1);
1074 global_data->do_decrypt = true1;
1075 global_data->ext_ping_openssh_offered = false0;
1076
1077 /* We expect to get the client message first. If this is from an
1078 * an assigned server port, call it the server, otherwise call it
1079 * the client.
1080 * XXX - We don't unambiguously know which side is the server and
1081 * which the client until the KEX specific _INIT and _REPLY messages;
1082 * we ought to be able to handle the cases where the version string or
1083 * KEXINIT messages are out of order or where the client version string
1084 * is missing. */
1085 if (pinfo->match_uint == pinfo->srcport) {
1086 ssh_set_server(global_data, &pinfo->src, pinfo->srcport);
1087 } else {
1088 ssh_set_server(global_data, &pinfo->dst, pinfo->destport);
1089 }
1090
1091 conversation_add_proto_data(conversation, proto_ssh, global_data);
1092 }
1093
1094 is_response = ssh_packet_from_server(global_data, pinfo);
1095 peer_data = &global_data->peer_data[is_response];
1096
1097 ti = proto_tree_add_item(tree, proto_ssh, tvb, offset, -1, ENC_NA0x00000000);
1098 ssh_tree = proto_item_add_subtree(ti, ett_ssh);
1099
1100 version = global_data->version;
1101
1102 switch(version) {
1103 case SSH_VERSION_UNKNOWN0:
1104 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSH");
1105 break;
1106 case SSH_VERSION_11:
1107 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSHv1");
1108 break;
1109 case SSH_VERSION_22:
1110 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSHv2");
1111 break;
1112
1113 }
1114
1115 col_clear(pinfo->cinfo, COL_INFO);
1116
1117 while(tvb_reported_length_remaining(tvb, offset)> 0) {
1118 bool_Bool after_version_start = (peer_data->frame_version_start == 0 ||
1119 pinfo->num >= peer_data->frame_version_start);
1120 bool_Bool before_version_end = (peer_data->frame_version_end == 0 ||
1121 pinfo->num <= peer_data->frame_version_end);
1122
1123 need_desegmentation = false0;
1124 last_offset = offset;
1125
1126 peer_data->counter++;
1127
1128 if (after_version_start && before_version_end &&
1129 (tvb_strncaseeql(tvb, offset, "SSH-", 4) == 0)) {
1130 if (peer_data->frame_version_start == 0)
1131 peer_data->frame_version_start = pinfo->num;
1132
1133 offset = ssh_dissect_protocol(tvb, pinfo,
1134 global_data,
1135 offset, ssh_tree, is_response,
1136 &version, &need_desegmentation);
1137
1138 if (!need_desegmentation) {
1139 peer_data->frame_version_end = pinfo->num;
1140 global_data->version = version;
1141 }
1142 } else {
1143 switch(version) {
1144
1145 case SSH_VERSION_UNKNOWN0:
1146 offset = ssh_try_dissect_encrypted_packet(tvb, pinfo,
1147 &global_data->peer_data[is_response], offset, ssh_tree);
1148 break;
1149
1150 case SSH_VERSION_11:
1151 offset = ssh_dissect_ssh1(tvb, pinfo, global_data,
1152 offset, ssh_tree, is_response,
1153 &need_desegmentation);
1154 break;
1155
1156 case SSH_VERSION_22:
1157 offset = ssh_dissect_ssh2(tvb, pinfo, global_data,
1158 offset, ssh_tree, is_response,
1159 &need_desegmentation);
1160 break;
1161 }
1162 }
1163
1164 if (need_desegmentation)
1165 return tvb_captured_length(tvb);
1166 if (offset <= last_offset) {
1167 /* XXX - add an expert info in the function
1168 that decrements offset */
1169 break;
1170 }
1171 }
1172
1173 col_prepend_fstr(pinfo->cinfo, COL_INFO, "%s: ", is_response ? "Server" : "Client");
1174 ti = proto_tree_add_boolean(ssh_tree, hf_ssh_direction, tvb, 0, 0, is_response);
1175 proto_item_set_generated(ti);
1176
1177 ssh_debug_flush();
1178
1179 return tvb_captured_length(tvb);
1180}
1181
1182static bool_Bool
1183dissect_ssh_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
1184{
1185 conversation_t *conversation;
1186
1187 if (tvb_strneql(tvb, 0, "SSH-", 4) != 0) {
1188 return false0;
1189 }
1190
1191 conversation = find_or_create_conversation(pinfo);
1192 conversation_set_dissector(conversation, ssh_handle);
1193
1194 dissect_ssh(tvb, pinfo, tree, data);
1195
1196 return true1;
1197}
1198
1199static int
1200ssh_dissect_ssh2(tvbuff_t *tvb, packet_info *pinfo,
1201 struct ssh_flow_data *global_data,
1202 int offset, proto_tree *tree, int is_response,
1203 bool_Bool *need_desegmentation)
1204{
1205 proto_item *ssh2_tree = NULL((void*)0);
1206 int remain_length;
1207
1208 struct ssh_peer_data *peer_data = &global_data->peer_data[is_response];
1209
1210 remain_length = tvb_captured_length_remaining(tvb, offset);
1211
1212 if (PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
1213 ws_debug("SSH: SECOND PASS frame %u", pinfo->num)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 1213, __func__, "SSH: SECOND PASS frame %u", pinfo->num)
; } } while (0);
1214 }else{
1215 ws_debug("SSH: FIRST PASS frame %u", pinfo->num)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 1215, __func__, "SSH: FIRST PASS frame %u", pinfo->num);
} } while (0);
1216 }
1217
1218 while(remain_length>0){
1219 int last_offset = offset;
1220 if (tree) {
1221 wmem_strbuf_t *title = wmem_strbuf_new(pinfo->pool, "SSH Version 2");
1222
1223 if (peer_data->enc || peer_data->mac || peer_data->comp) {
1224 wmem_strbuf_append_printf(title, " (");
1225 if (peer_data->enc)
1226 wmem_strbuf_append_printf(title, "encryption:%s%s",
1227 peer_data->enc,
1228 peer_data->mac || peer_data->comp
1229 ? " " : "");
1230 if (peer_data->mac)
1231 wmem_strbuf_append_printf(title, "mac:%s%s",
1232 peer_data->mac,
1233 peer_data->comp ? " " : "");
1234 if (peer_data->comp)
1235 wmem_strbuf_append_printf(title, "compression:%s",
1236 peer_data->comp);
1237 wmem_strbuf_append_printf(title, ")");
1238 }
1239
1240 ssh2_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_ssh2, NULL((void*)0), wmem_strbuf_get_str(title));
1241 }
1242 ws_noisy("....ssh_dissect_ssh2[%c]: frame_key_start=%d, pinfo->num=%d, frame_key_end=%d, offset=%d, frame_key_end_offset=%d ", is_response==SERVER_PEER_DATA?'S':'C', peer_data->frame_key_start, pinfo->num, peer_data->frame_key_end, offset, peer_data->frame_key_end_offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 1242, __func__, "....ssh_dissect_ssh2[%c]: frame_key_start=%d, pinfo->num=%d, frame_key_end=%d, offset=%d, frame_key_end_offset=%d "
, is_response==1?'S':'C', peer_data->frame_key_start, pinfo
->num, peer_data->frame_key_end, offset, peer_data->
frame_key_end_offset); } } while (0);
1243 if ((peer_data->frame_key_start == 0) ||
1244 ((peer_data->frame_key_start <= pinfo->num) &&
1245 ((peer_data->frame_key_end == 0) || (pinfo->num < peer_data->frame_key_end) ||
1246 ((pinfo->num == peer_data->frame_key_end) && (offset < peer_data->frame_key_end_offset))))) {
1247 offset = ssh_dissect_key_exchange(tvb, pinfo, global_data,
1248 offset, ssh2_tree, is_response,
1249 need_desegmentation);
1250
1251 if (!*need_desegmentation) {
1252 ssh_get_packet_info(pinfo, is_response);
1253 }else{
1254 break;
1255 }
1256 } else {
1257 if(!*need_desegmentation){
1258 offset = ssh_try_dissect_encrypted_packet(tvb, pinfo,
1259 &global_data->peer_data[is_response], offset, ssh2_tree);
1260 if (pinfo->desegment_len) {
1261 break;
1262 }
1263 }else{
1264 break;
1265 }
1266 }
1267
1268 if (ssh2_tree) {
1269 proto_item_set_len(ssh2_tree, offset - last_offset);
1270 }
1271
1272 remain_length = tvb_captured_length_remaining(tvb, offset);
1273 }
1274
1275 return offset;
1276}
1277static int
1278ssh_dissect_ssh1(tvbuff_t *tvb, packet_info *pinfo,
1279 struct ssh_flow_data *global_data,
1280 int offset, proto_tree *tree, int is_response,
1281 bool_Bool *need_desegmentation)
1282{
1283 unsigned plen, padding_length, len;
1284 uint8_t msg_code;
1285 unsigned remain_length;
1286
1287 proto_item *ssh1_tree;
1288
1289 struct ssh_peer_data *peer_data = &global_data->peer_data[is_response];
1290
1291 ssh1_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_ssh1, NULL((void*)0), "SSH Version 1");
1292
1293 /*
1294 * We use "tvb_ensure_captured_length_remaining()" to make sure there
1295 * actually *is* data remaining.
1296 *
1297 * This means we're guaranteed that "remain_length" is positive.
1298 */
1299 remain_length = tvb_ensure_captured_length_remaining(tvb, offset);
1300 /*
1301 * Can we do reassembly?
1302 */
1303 if (ssh_desegment && pinfo->can_desegment) {
1304 /*
1305 * Yes - would an SSH header starting at this offset be split
1306 * across segment boundaries?
1307 */
1308 if (remain_length < 4) {
1309 /*
1310 * Yes. Tell the TCP dissector where the data for
1311 * this message starts in the data it handed us and
1312 * that we need "some more data." Don't tell it
1313 * exactly how many bytes we need because if/when we
1314 * ask for even more (after the header) that will
1315 * break reassembly.
1316 */
1317 pinfo->desegment_offset = offset;
1318 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT0x0fffffff;
1319 *need_desegmentation = true1;
1320 return offset;
1321 }
1322 }
1323 plen = tvb_get_ntohl(tvb, offset) ;
1324
1325 /*
1326 * Amount of random padding.
1327 *
1328 * This is between 1 and 8; if the length is a multiple of 8,
1329 * there are 8 bytes of padding, not 1 byte.
1330 *
1331 * That means this calculation is correct; do not use either
1332 * WS_ROUNDUP_8() or WS_PADDING_TO_8() here.
1333 */
1334 padding_length = 8 - plen%8;
1335
1336
1337 if (ssh_desegment && pinfo->can_desegment) {
1338 if (plen+4+padding_length > remain_length) {
1339 pinfo->desegment_offset = offset;
1340 pinfo->desegment_len = plen+padding_length - remain_length;
1341 *need_desegmentation = true1;
1342 return offset;
1343 }
1344 }
1345
1346 if (plen >= SSH_MAX_PACKET_LEN32768) {
1347 if (ssh1_tree) {
1348 proto_tree_add_uint_format(ssh1_tree, hf_ssh_packet_length, tvb,
1349 offset, 4, plen, "Overly large length %x", plen);
1350 }
1351 plen = remain_length-4-padding_length;
1352 } else {
1353 if (ssh1_tree && plen > 0) {
1354 proto_tree_add_uint(ssh1_tree, hf_ssh_packet_length, tvb,
1355 offset, 4, plen);
1356 }
1357 }
1358 offset+=4;
1359 /* padding length */
1360
1361 proto_tree_add_uint(ssh1_tree, hf_ssh_padding_length, tvb,
1362 offset, padding_length, padding_length);
1363 offset += padding_length;
1364
1365 /* msg_code */
1366 if ((peer_data->frame_key_start == 0) ||
1367 ((peer_data->frame_key_start >= pinfo->num) && (pinfo->num <= peer_data->frame_key_end))) {
1368
1369 proto_tree_add_item_ret_uint8(ssh1_tree, hf_ssh_msg_code, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &msg_code);
1370 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0),
1371 val_to_str(pinfo->pool, msg_code, ssh1_msg_vals, "Unknown (%u)"));
1372 offset += 1;
1373 len = plen -1;
1374 if (!pinfo->fd->visited) {
1375 if (peer_data->frame_key_start == 0)
1376 peer_data->frame_key_start = pinfo->num;
1377 peer_data->frame_key_end = pinfo->num;
1378 }
1379 } else {
1380 len = plen;
1381 col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL((void*)0), "Encrypted packet (len=%d)", len);
1382 }
1383 /* payload */
1384 if (ssh1_tree) {
1385 proto_tree_add_item(ssh1_tree, hf_ssh_payload,
1386 tvb, offset, len, ENC_NA0x00000000);
1387 }
1388 offset += len;
1389
1390 return offset;
1391}
1392
1393static int
1394ssh_tree_add_mpint(tvbuff_t *tvb, int offset, proto_tree *tree,
1395 int hf_ssh_mpint_selection)
1396{
1397 unsigned len = tvb_get_ntohl(tvb, offset);
1398 proto_tree_add_uint(tree, hf_ssh_mpint_length, tvb,
1399 offset, 4, len);
1400 offset+=4;
1401 proto_tree_add_item(tree, hf_ssh_mpint_selection,
1402 tvb, offset, len, ENC_NA0x00000000);
1403 return 4+len;
1404}
1405
1406static int
1407ssh_tree_add_string(tvbuff_t *tvb, int offset, proto_tree *tree,
1408 int hf_ssh_string, int hf_ssh_string_length)
1409{
1410 unsigned len = tvb_get_ntohl(tvb, offset);
1411 proto_tree_add_uint(tree, hf_ssh_string_length, tvb,
1412 offset, 4, len);
1413 offset+=4;
1414 proto_tree_add_item(tree, hf_ssh_string,
1415 tvb, offset, len, ENC_NA0x00000000);
1416 return 4+len;
1417}
1418
1419static unsigned
1420ssh_tree_add_hostkey(tvbuff_t *tvb, packet_info* pinfo, int offset, proto_tree *parent_tree,
1421 const char *tree_name, int ett_idx,
1422 struct ssh_flow_data *global_data)
1423{
1424 proto_tree *tree = NULL((void*)0);
1425 proto_item *ti;
1426 int last_offset;
1427 int remaining_len;
1428 unsigned key_len, type_len;
1429 char* key_type;
1430 char *tree_title;
1431
1432 last_offset = offset;
1433
1434 key_len = tvb_get_ntohl(tvb, offset);
1435 offset += 4;
1436
1437 /* Read the key type before creating the tree so we can append it as info. */
1438 type_len = tvb_get_ntohl(tvb, offset);
1439 offset += 4;
1440 key_type = (char *) tvb_get_string_enc(pinfo->pool, tvb, offset, type_len, ENC_ASCII0x00000000|ENC_NA0x00000000);
1441
1442 tree_title = wmem_strdup_printf(pinfo->pool, "%s (type: %s)", tree_name, key_type);
1443 tree = proto_tree_add_subtree(parent_tree, tvb, last_offset, key_len + 4, ett_idx, NULL((void*)0),
1444 tree_title);
1445
1446 ti = proto_tree_add_uint(tree, hf_ssh_hostkey_length, tvb, last_offset, 4, key_len);
1447
1448 // server host key (K_S / Q)
1449 uint8_t *data = (uint8_t *)tvb_memdup(pinfo->pool, tvb, last_offset + 4, key_len);
1450 if (global_data) {
1451 // Reset array while REKEY: sanitize server host key blob
1452 global_data->kex_server_host_key_blob = wmem_array_new(wmem_file_scope(), 1);
1453 ssh_hash_buffer_put_string(global_data->kex_server_host_key_blob, data, key_len);
1454 }
1455
1456 last_offset += 4;
1457 proto_tree_add_uint(tree, hf_ssh_hostkey_type_length, tvb, last_offset, 4, type_len);
1458 proto_tree_add_string(tree, hf_ssh_hostkey_type, tvb, offset, type_len, key_type);
1459 offset += type_len;
1460
1461 if (0 == strcmp(key_type, "ssh-rsa")) {
1462 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostkey_rsa_e);
1463 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostkey_rsa_n);
1464 } else if (0 == strcmp(key_type, "ssh-dss")) {
1465 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostkey_dsa_p);
1466 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostkey_dsa_q);
1467 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostkey_dsa_g);
1468 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostkey_dsa_y);
1469 } else if (g_str_has_prefix(key_type, "ecdsa-sha2-")(__builtin_constant_p ("ecdsa-sha2-")? __extension__ ({ const
char * const __str = (key_type); const char * const __prefix
= ("ecdsa-sha2-"); gboolean __result = (0); if (__str == ((void
*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix)
(__str, __prefix); else { const size_t __str_len = strlen ((
(__str) + !(__str))); const size_t __prefix_len = strlen (((__prefix
) + !(__prefix))); if (__str_len >= __prefix_len) __result
= memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len
) == 0; } __result; }) : (g_str_has_prefix) (key_type, "ecdsa-sha2-"
) )) {
1470 offset += ssh_tree_add_string(tvb, offset, tree,
1471 hf_ssh_hostkey_ecdsa_curve_id, hf_ssh_hostkey_ecdsa_curve_id_length);
1472 offset += ssh_tree_add_string(tvb, offset, tree,
1473 hf_ssh_hostkey_ecdsa_q, hf_ssh_hostkey_ecdsa_q_length);
1474 } else if (g_str_has_prefix(key_type, "ssh-ed")(__builtin_constant_p ("ssh-ed")? __extension__ ({ const char
* const __str = (key_type); const char * const __prefix = ("ssh-ed"
); gboolean __result = (0); if (__str == ((void*)0) || __prefix
== ((void*)0)) __result = (g_str_has_prefix) (__str, __prefix
); else { const size_t __str_len = strlen (((__str) + !(__str
))); const size_t __prefix_len = strlen (((__prefix) + !(__prefix
))); if (__str_len >= __prefix_len) __result = memcmp (((__str
) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len) == 0
; } __result; }) : (g_str_has_prefix) (key_type, "ssh-ed") )) {
1475 offset += ssh_tree_add_string(tvb, offset, tree,
1476 hf_ssh_hostkey_eddsa_key, hf_ssh_hostkey_eddsa_key_length);
1477 } else {
1478 remaining_len = key_len - (type_len + 4);
1479 proto_tree_add_item(tree, hf_ssh_hostkey_data, tvb, offset, remaining_len, ENC_NA0x00000000);
1480 offset += remaining_len;
1481 }
1482
1483 if (last_offset + (int)key_len != offset) {
1484 expert_add_info_format(pinfo, ti, &ei_ssh_packet_decode, "Decoded %d bytes, but hostkey length is %d bytes", offset - last_offset, key_len);
1485 }
1486 return 4+key_len;
1487}
1488
1489static unsigned
1490ssh_tree_add_hostsignature(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree,
1491 const char *tree_name, int ett_idx,
1492 struct ssh_flow_data *global_data)
1493{
1494 (void)global_data;
1495 proto_tree *tree = NULL((void*)0);
1496 proto_item* ti = NULL((void*)0);
1497 int last_offset;
1498 int offset0 = offset;
1499 unsigned sig_len, type_len, data_len;
1500 const char* sig_type;
1501 char *tree_title;
1502
1503 last_offset = offset;
1504
1505 sig_len = tvb_get_ntohl(tvb, offset);
1506 offset += 4;
1507
1508 /* Read the signature type before creating the tree so we can append it as info. */
1509 type_len = tvb_get_ntohl(tvb, offset);
1510 offset += 4;
1511 sig_type = (char*)tvb_get_string_enc(pinfo->pool, tvb, offset, type_len, ENC_ASCII0x00000000|ENC_NA0x00000000);
1512
1513 tree_title = wmem_strdup_printf(pinfo->pool, "%s (type: %s)", tree_name, sig_type);
1514 tree = proto_tree_add_subtree(parent_tree, tvb, last_offset, sig_len + 4, ett_idx, NULL((void*)0),
1515 tree_title);
1516
1517 ti = proto_tree_add_uint(tree, hf_ssh_hostsig_length, tvb, last_offset, 4, sig_len);
1518
1519 last_offset += 4;
1520 proto_tree_add_uint(tree, hf_ssh_hostsig_type_length, tvb, last_offset, 4, type_len);
1521 proto_tree_add_string(tree, hf_ssh_hostsig_type, tvb, offset, type_len, sig_type);
1522 offset += type_len;
1523
1524 if (0 == strcmp(sig_type, "ssh-rsa")) {
1525 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostsig_rsa);
1526 } else if (0 == strcmp(sig_type, "ssh-dss")) {
1527 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_hostsig_dsa);
1528// } else if (g_str_has_prefix(sig_type, "ecdsa-sha2-")) {
1529// offset += ssh_tree_add_string(tvb, offset, tree,
1530// hf_ssh_hostkey_ecdsa_curve_id, hf_ssh_hostkey_ecdsa_curve_id_length);
1531// ssh_tree_add_string(tvb, offset, tree,
1532// hf_ssh_hostkey_ecdsa_q, hf_ssh_hostkey_ecdsa_q_length);
1533// } else if (g_str_has_prefix(sig_type, "ssh-ed")) {
1534// ssh_tree_add_string(tvb, offset, tree,
1535// hf_ssh_hostkey_eddsa_key, hf_ssh_hostkey_eddsa_key_length);
1536 } else {
1537 proto_tree_add_item_ret_uint(tree, hf_ssh_hostsig_data_length, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &data_len);
1538 offset += 4;
1539 proto_tree_add_item(tree, hf_ssh_hostsig_data, tvb, offset, data_len, ENC_NA0x00000000);
1540 offset += data_len;
1541 }
1542
1543 if(offset-offset0!=(int)(4+sig_len)){
1544 expert_add_info_format(pinfo, ti, &ei_ssh_packet_decode, "Decoded %d bytes, but packet length is %d bytes", offset-offset0, sig_len);
1545 }
1546
1547 return 4+sig_len;
1548}
1549
1550static int
1551ssh_dissect_key_exchange(tvbuff_t *tvb, packet_info *pinfo,
1552 struct ssh_flow_data *global_data,
1553 int offset, proto_tree *tree, int is_response,
1554 bool_Bool *need_desegmentation)
1555{
1556 unsigned plen, len;
1557 uint8_t padding_length;
1558 unsigned remain_length;
1559 int last_offset = offset;
1560 unsigned msg_code;
1561
1562 proto_item *ti;
1563 proto_item *key_ex_tree = NULL((void*)0);
1564 const char *key_ex_title = "Key Exchange";
1565
1566 struct ssh_peer_data *peer_data = &global_data->peer_data[is_response];
1567
1568 if (PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
1569 ws_debug("SSH: SECOND PASS dissecting keys -for Wireshark UI- frame %u", pinfo->num)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 1569, __func__, "SSH: SECOND PASS dissecting keys -for Wireshark UI- frame %u"
, pinfo->num); } } while (0);
1570 }
1571 /* This is after the identification string (Protocol Version Exchange)
1572 * but before the first key exchange has completed, so we expect the SSH
1573 * packets to be unencrypted, and to contain KEX related messages.
1574 *
1575 * XXX - Without the "strict kex" extension, other messages are allowed;
1576 * most don't make sense (SSH_MSG_IGNORE and SSH_MSG_DEBUG might), but we
1577 * could dissect them and add them to the tree.
1578 *
1579 * XXX - Could we combine this with ssh_dissect_decrypted_packet, with a
1580 * flag to indicate whether we're before the initial key exchange?
1581 */
1582
1583 /*
1584 * We use "tvb_ensure_captured_length_remaining()" to make sure there
1585 * actually *is* data remaining.
1586 *
1587 * This means we're guaranteed that "remain_length" is positive.
1588 */
1589 remain_length = tvb_ensure_captured_length_remaining(tvb, offset);
1590 /*
1591 * Can we do reassembly?
1592 */
1593 if (ssh_desegment && pinfo->can_desegment) {
1594 /*
1595 * Yes - would an SSH header starting at this offset
1596 * be split across segment boundaries?
1597 */
1598 if (remain_length < 4) {
1599 /*
1600 * Yes. Tell the TCP dissector where the data for
1601 * this message starts in the data it handed us and
1602 * that we need "some more data." Don't tell it
1603 * exactly how many bytes we need because if/when we
1604 * ask for even more (after the header) that will
1605 * break reassembly.
1606 */
1607 pinfo->desegment_offset = offset;
1608 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT0x0fffffff;
1609 *need_desegmentation = true1;
1610 return offset;
1611 }
1612 }
1613 plen = tvb_get_ntohl(tvb, offset) ;
1614
1615 if (ssh_desegment && pinfo->can_desegment) {
1616 if (plen +4 > remain_length) {
1617 pinfo->desegment_offset = offset;
1618 pinfo->desegment_len = plen+4 - remain_length;
1619 *need_desegmentation = true1;
1620 return offset;
1621 }
1622 }
1623 /*
1624 * Need to check plen > 0x80000000 here
1625 */
1626
1627 ti = proto_tree_add_uint(tree, hf_ssh_packet_length, tvb,
1628 offset, 4, plen);
1629 if (plen >= SSH_MAX_PACKET_LEN32768) {
1630 expert_add_info_format(pinfo, ti, &ei_ssh_packet_length, "Overly large number %d", plen);
1631 plen = remain_length-4;
1632
1633 /* XXX - Mark as Continuation Data and return without incrementing?
1634 * Or do so *before* using this length to desegment? */
1635 }
1636 offset+=4;
1637
1638 ssh_packet_info_t *packet = ssh_get_packet_info(pinfo, is_response);
1639
1640 int record_id = tvb_raw_offset(tvb)+offset;
1641 ssh_message_info_t *message;
1642 message = ssh_get_message(pinfo, record_id);
1643 if (!message) {
1644 message = wmem_new0(wmem_file_scope(), ssh_message_info_t)((ssh_message_info_t*)wmem_alloc0((wmem_file_scope()), sizeof
(ssh_message_info_t)));
1645 message->sequence_number = peer_data->sequence_number++;
1646 message->id = record_id;
1647 /* No data, and no MAC, as is this is before encryption starts. */
1648 message->next = NULL((void*)0);
1649 ssh_debug_printf("%s->sequence_number++ > %d\n", is_response?"server":"client", peer_data->sequence_number);
1650
1651 ssh_message_info_t **pmessage = &packet->messages;
1652 while(*pmessage){
1653 pmessage = &(*pmessage)->next;
1654 }
1655 *pmessage = message;
1656 }
1657
1658 /* padding length */
1659 padding_length = tvb_get_uint8(tvb, offset);
1660 proto_tree_add_uint(tree, hf_ssh_padding_length, tvb, offset, 1, padding_length);
1661 offset += 1;
1662
1663 if (global_data->kex)
1664 key_ex_title = wmem_strdup_printf(pinfo->pool, "%s (method:%s)", key_ex_title, global_data->kex);
1665 key_ex_tree = proto_tree_add_subtree(tree, tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), key_ex_title);
1666
1667 /* msg_code */
1668 msg_code = tvb_get_uint8(tvb, offset);
1669
1670 if (msg_code >= 30 && msg_code < 40) {
1671 offset = global_data->kex_specific_dissector(msg_code, tvb, pinfo,
1672 offset, key_ex_tree, global_data);
1673 } else {
1674 proto_tree_add_item(key_ex_tree, hf_ssh2_msg_code, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
1675 offset += 1;
1676
1677 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0),
1678 val_to_str(pinfo->pool, msg_code, ssh2_msg_vals, "Unknown (%u)"));
1679
1680 /* 16 bytes cookie */
1681 switch(msg_code)
1682 {
1683 case SSH_MSG_KEXINIT20:
1684 offset = ssh_dissect_key_init(tvb, pinfo, offset, key_ex_tree, is_response, global_data);
1685 if ((peer_data->frame_key_start == 0) && (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited))) {
1686 peer_data->frame_key_start = pinfo->num;
1687 }
1688 break;
1689 case SSH_MSG_NEWKEYS21:
1690 if (peer_data->frame_key_end == 0) {
1691 peer_data->frame_key_end = pinfo->num;
1692 peer_data->frame_key_end_offset = offset;
1693
1694 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
1695 /* "After sending or receiving a SSH2_MSG_NEWKEYS message,
1696 * reset the packet sequence number to zero. This behaviour
1697 * persists for the duration of the connection (i.e. not
1698 * just the first SSH2_MSG_NEWKEYS) */
1699 if (global_data->ext_kex_strict) {
1700 peer_data->sequence_number = 0;
1701 ssh_debug_printf("%s->sequence_number reset to 0 (Strict KEX)\n", is_response?"server":"client");
1702 }
1703 }
1704
1705 // the client sent SSH_MSG_NEWKEYS
1706 if (!is_response) {
1707 ssh_debug_printf("Activating new keys for CLIENT => SERVER\n");
1708 ssh_decryption_setup_cipher(&global_data->peer_data[CLIENT_PEER_DATA0], &global_data->new_keys[0], &global_data->new_keys[2]);
1709 ssh_decryption_setup_mac(&global_data->peer_data[CLIENT_PEER_DATA0], &global_data->new_keys[4]);
1710 }else{
1711 ssh_debug_printf("Activating new keys for SERVER => CLIENT\n");
1712 ssh_decryption_setup_cipher(&global_data->peer_data[SERVER_PEER_DATA1], &global_data->new_keys[1], &global_data->new_keys[3]);
1713 ssh_decryption_setup_mac(&global_data->peer_data[SERVER_PEER_DATA1], &global_data->new_keys[5]);
1714 }
1715 }
1716 break;
1717 }
1718 }
1719
1720 len = plen+4-padding_length-(offset-last_offset);
1721 if (len > 0) {
1722 proto_tree_add_item(key_ex_tree, hf_ssh_payload, tvb, offset, len, ENC_NA0x00000000);
1723 }
1724 offset += len;
1725
1726 /* padding */
1727 proto_tree_add_item(tree, hf_ssh_padding_string, tvb, offset, padding_length, ENC_NA0x00000000);
1728 offset+= padding_length;
1729 ti = proto_tree_add_uint(tree, hf_ssh_seq_num, tvb, offset, 0, message->sequence_number);
1730 proto_item_set_generated(ti);
1731
1732 return offset;
1733}
1734
1735static int ssh_dissect_kex_dh(uint8_t msg_code, tvbuff_t *tvb,
1736 packet_info *pinfo, int offset, proto_tree *tree,
1737 struct ssh_flow_data *global_data)
1738{
1739 proto_tree_add_item(tree, hf_ssh2_kex_dh_msg_code, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
1740 offset += 1;
1741
1742 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0),
1743 val_to_str(pinfo->pool, msg_code, ssh2_kex_dh_msg_vals, "Unknown (%u)"));
1744
1745 switch (msg_code) {
1746 case SSH_MSG_KEXDH_INIT30:
1747 // e (client ephemeral key public part)
1748 if (!ssh_read_e(tvb, offset, global_data)) {
1749 proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
1750 "Invalid key length: %u", tvb_get_ntohl(tvb, offset));
1751 }
1752
1753 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_e);
1754 break;
1755
1756 case SSH_MSG_KEXDH_REPLY31:
1757 offset += ssh_tree_add_hostkey(tvb, pinfo, offset, tree, "KEX host key",
1758 ett_key_exchange_host_key, global_data);
1759
1760 // f (server ephemeral key public part), K_S (host key)
1761 if (!ssh_read_f(tvb, offset, global_data)) {
1762 proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
1763 "Invalid key length: %u", tvb_get_ntohl(tvb, offset));
1764 }
1765 ssh_choose_enc_mac(global_data);
1766 ssh_keylog_hash_write_secret(global_data, pinfo->pool);
1767
1768 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_f);
1769 offset += ssh_tree_add_hostsignature(tvb, pinfo, offset, tree, "KEX host signature",
1770 ett_key_exchange_host_sig, global_data);
1771 break;
1772 }
1773
1774 return offset;
1775}
1776
1777static int ssh_dissect_kex_dh_gex(uint8_t msg_code, tvbuff_t *tvb,
1778 packet_info *pinfo, int offset, proto_tree *tree,
1779 struct ssh_flow_data *global_data)
1780{
1781 proto_tree_add_item(tree, hf_ssh2_kex_dh_gex_msg_code, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
1782 offset += 1;
1783
1784 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0),
1785 val_to_str(pinfo->pool, msg_code, ssh2_kex_dh_gex_msg_vals, "Unknown (%u)"));
1786
1787 switch (msg_code) {
1788 case SSH_MSG_KEX_DH_GEX_REQUEST_OLD30:
1789 proto_tree_add_item(tree, hf_ssh_dh_gex_nbits, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
1790 offset += 4;
1791 break;
1792
1793 case SSH_MSG_KEX_DH_GEX_GROUP31:
1794 // p (Group modulo)
1795 global_data->kex_gex_p = ssh_read_mpint(tvb, offset);
1796 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_gex_p);
1797 // g (Group generator)
1798 global_data->kex_gex_g = ssh_read_mpint(tvb, offset);
1799 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_gex_g);
1800 break;
1801
1802 case SSH_MSG_KEX_DH_GEX_INIT32:
1803 // e (Client public key)
1804 if (!ssh_read_e(tvb, offset, global_data)) {
1805 proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
1806 "Invalid key length: %u", tvb_get_ntohl(tvb, offset));
1807 }
1808 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_e);
1809 break;
1810
1811 case SSH_MSG_KEX_DH_GEX_REPLY33:
1812 offset += ssh_tree_add_hostkey(tvb, pinfo, offset, tree, "KEX host key",
1813 ett_key_exchange_host_key, global_data);
1814 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
1815 ssh_read_f(tvb, offset, global_data);
1816 // f (server ephemeral key public part), K_S (host key)
1817 ssh_choose_enc_mac(global_data);
1818 ssh_keylog_hash_write_secret(global_data, pinfo->pool);
1819 }
1820 offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_f);
1821 offset += ssh_tree_add_hostsignature(tvb, pinfo, offset, tree, "KEX host signature",
1822 ett_key_exchange_host_sig, global_data);
1823 break;
1824
1825 case SSH_MSG_KEX_DH_GEX_REQUEST34:{
1826
1827 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
1828 ssh_hash_buffer_put_uint32(global_data->kex_gex_bits_min, tvb_get_ntohl(tvb, offset));
1829 }
1830 proto_tree_add_item(tree, hf_ssh_dh_gex_min, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
1831 offset += 4;
1832 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
1833 ssh_hash_buffer_put_uint32(global_data->kex_gex_bits_req, tvb_get_ntohl(tvb, offset));
1834 }
1835 proto_tree_add_item(tree, hf_ssh_dh_gex_nbits, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
1836 offset += 4;
1837 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
1838 ssh_hash_buffer_put_uint32(global_data->kex_gex_bits_max, tvb_get_ntohl(tvb, offset));
1839 }
1840 proto_tree_add_item(tree, hf_ssh_dh_gex_max, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
1841 offset += 4;
1842 break;
1843 }
1844 }
1845
1846 return offset;
1847}
1848
1849static int
1850ssh_dissect_kex_ecdh(uint8_t msg_code, tvbuff_t *tvb,
1851 packet_info *pinfo, int offset, proto_tree *tree,
1852 struct ssh_flow_data *global_data)
1853{
1854 proto_tree_add_item(tree, hf_ssh2_kex_ecdh_msg_code, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
1855 offset += 1;
1856
1857 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0),
1858 val_to_str(pinfo->pool, msg_code, ssh2_kex_ecdh_msg_vals, "Unknown (%u)"));
1859
1860 switch (msg_code) {
1861 case SSH_MSG_KEX_ECDH_INIT30:
1862 if (!ssh_read_e(tvb, offset, global_data)) {
1863 proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
1864 "Invalid key length: %u", tvb_get_ntohl(tvb, offset));
1865 }
1866
1867 offset += ssh_tree_add_string(tvb, offset, tree, hf_ssh_ecdh_q_c, hf_ssh_ecdh_q_c_length);
1868 break;
1869
1870 case SSH_MSG_KEX_ECDH_REPLY31:
1871 offset += ssh_tree_add_hostkey(tvb, pinfo, offset, tree, "KEX host key",
1872 ett_key_exchange_host_key, global_data);
1873
1874 if (!ssh_read_f(tvb, offset, global_data)){
1875 proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
1876 "Invalid key length: %u", tvb_get_ntohl(tvb, offset));
1877 }
1878
1879 ssh_choose_enc_mac(global_data);
1880 ssh_keylog_hash_write_secret(global_data, pinfo->pool);
1881
1882 offset += ssh_tree_add_string(tvb, offset, tree, hf_ssh_ecdh_q_s, hf_ssh_ecdh_q_s_length);
1883 offset += ssh_tree_add_hostsignature(tvb, pinfo, offset, tree, "KEX host signature",
1884 ett_key_exchange_host_sig, global_data);
1885 break;
1886 }
1887
1888 return offset;
1889}
1890
1891 /*
1892 * === Hybrid KEX Dissection Strategy for Post-Quantum algorithms ===
1893 *
1894 * This 3 functions:
1895 *
1896 * - ssh_dissect_kex_pq_hybrid()
1897 * - ssh_read_e_pq()
1898 * - ssh_read_f_pq()
1899 *
1900 * handles the dissection of server key exchange payloads for the
1901 * post-quantum hybrid key exchange method:
1902 * - sntrup761x25519-sha512
1903 * - mlkem768x25519-sha256
1904 * - mlkem768nistp256-sha256
1905 * - mlkem1024nistp384-sha384
1906 *
1907 * /!\ Rationale for implementation approach:
1908 *
1909 * SSH encodes the server's ephemeral key (`Q_S`) as a single SSH `string`
1910 * which contains both the post-quantum KEM ciphertext (from sntrup761 / mlkem768
1911 * / mlkem1024) and the traditional (Curve25519 / nistp256 / nistp384) public key.
1912 * Therefore, we parse one string
1913 *
1914 * sntrup761x25519:
1915 * - PQ client keyshare: 1158 bytes
1916 * - PQ server ciphertext: 1039 bytes
1917 * - Curve25519 pubkey: 32 bytes
1918 *
1919 * mlkem768x25519:
1920 * - PQ client keyshare: 1184 bytes
1921 * - PQ server ciphertext: 1088 bytes
1922 * - Curve25519 pubkey: 32 bytes
1923 *
1924 * mlkem768nistp256:
1925 * - PQ client keyshare: 1184 bytes
1926 * - PQ server ciphertext: 1088 bytes
1927 * - nistp256 pubkey: 65 bytes
1928 *
1929 * mlkem1024nistp384:
1930 * - PQ client keyshare: 1568 bytes
1931 * - PQ server ciphertext: 1568 bytes
1932 * - nistp384 pubkey: 97 bytes
1933 *
1934 * OpenSSH uses `[email protected]` as an (old) alias for `sntrup761x25519-sha512`
1935 *
1936 * This matches how OpenSSH serializes the hybrid key material, and allows Wireshark
1937 * to compute the correct key exchange hash and derive session keys accurately.
1938 *
1939 * /!\ This design is necessary for live decryption support in Wireshark and TShark.
1940 *
1941 * References:
1942 * - RFC 4253: The SSH Transport Layer Protocol
1943 * - Section 6: string encoding format
1944 * - Section 7.2: Key derivation
1945 * - RFC 8731: Secure Shell (SSH) Key Exchange Method using Curve25519
1946 * - Internet-Draft on sntrup761x25519-sha512
1947 * - https://datatracker.ietf.org/doc/draft-ietf-sshm-ntruprime-ssh/
1948 * - Internet-Draft on mlkem768x25519-sha256
1949 * - https://datatracker.ietf.org/doc/draft-ietf-sshm-mlkem-hybrid-kex/
1950 * - OpenSSH Hybrid KEM Implementation (sntrup761x25519-sha512 / mlkem768x25519-sha256)
1951 * - https://github.com/openssh/openssh-portable/blob/master/kexc25519.c
1952 * - https://github.com/openssh/openssh-portable/blob/master/kexsntrup761x25519.c
1953 * - https://github.com/openssh/openssh-portable/blob/master/kexmlkem768x25519.c
1954 * - AsyncSSH Hybrid KEM Implementation (sntrup761x25519-sha512 / mlkem768x25519-sha256 / mlkem768nistp256-sha256 / mlkem1024nistp384-sha384)
1955 * - https://github.com/ronf/asyncssh/blob/develop/asyncssh/kex_dh.py
1956 *
1957 */
1958
1959static int
1960ssh_dissect_kex_pq_hybrid(uint8_t msg_code, tvbuff_t *tvb,
1961 packet_info *pinfo, int offset, proto_tree *tree,
1962 struct ssh_flow_data *global_data)
1963{
1964 // SSH PACKET STRUCTURE RFC4253 (e.g. packet of 1228 bytes payload)
1965 // [00 00 04 cc] → ssh payload blob length field in tcp packet (e.g. 1228=0x04cc): 4 bytes
1966 // [1228 bytes of SSH PAYLOAD BLOB] → ssh payload blob field: 1228 bytes
1967
1968 // Add the message code byte (first field in packet) to the GUI tree.
1969 proto_tree_add_item(tree, hf_ssh2_kex_hybrid_msg_code, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
1970 offset += 1; // Move offset past the msg_code byte.
1971
1972 // Add a descriptive string to Wireshark's "Info" column.
1973 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0),
1974 val_to_str(pinfo->pool, msg_code, ssh2_kex_hybrid_msg_vals, "Unknown (%u)"));
1975
1976 const char *kex_name = global_data->kex;
1977
1978 if (msg_code == SSH_MSG_KEX_HYBRID_INIT30) {
1
Assuming 'msg_code' is not equal to SSH_MSG_KEX_HYBRID_INIT
2
Taking false branch
1979 // Print warning when PQ hybrid KEM is detected in KEX
1980 // This implementation currently rely on SHARED_SECRET only and do not work with PRIVATE_KEY
1981 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
1982 ws_warning("POST-QUANTUM KEX_HYBRID detected: KEX = %s", kex_name)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_WARNING, "epan/dissectors/packet-ssh.c"
, 1982, __func__, "POST-QUANTUM KEX_HYBRID detected: KEX = %s"
, kex_name); } } while (0);
1983 ws_warning("SHARED_SECRET decryption is supported - PRIVATE_KEY decryption is not supported")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_WARNING, "epan/dissectors/packet-ssh.c"
, 1983, __func__, "SHARED_SECRET decryption is supported - PRIVATE_KEY decryption is not supported"
); } } while (0);
1984 }
1985 // Print noisy debug info
1986 ws_noisy(">>> HYBRID KEM: msg_code = %u, offset = %d, kex = %s", msg_code, offset, kex_name)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 1986, __func__, ">>> HYBRID KEM: msg_code = %u, offset = %d, kex = %s"
, msg_code, offset, kex_name); } } while (0);
1987 }
1988
1989 switch (msg_code) {
3
Control jumps to 'case 31:' at line 2076
1990
1991 // Client Key Exchange INIT
1992 case SSH_MSG_KEX_HYBRID_INIT30: {
1993
1994 // SNTRUP761X25519: RFC4253 SSH "string" (binary-encoded structure)
1995 // [00 00 04 a6] → length = 1190 (0x04a6)
1996 // [1158 bytes PQ blob] → sntrup761 encapsulated client key
1997 // [32 bytes of X25519 pubkey] → ephemeral X25519 public key
1998
1999 // MLKEM768X25519: RFC4253 SSH "string" (binary-encoded structure)
2000 // [00 00 04 c0] → length = 1216 (0x04c0)
2001 // [1184 bytes PQ blob] → mlkem768 encapsulated client key
2002 // [32 bytes of X25519 pubkey] → ephemeral X25519 public key
2003
2004 // MLKEM768NISTP256: RFC4253 SSH "string" (binary-encoded structure)
2005 // [00 00 04 e1] → length = 1249 (0x04e1)
2006 // [1184 bytes PQ blob] → mlkem768 encapsulated client key
2007 // [65 bytes of nistp256 pubkey] → ephemeral nistp256 public key
2008
2009 // MLKEM1024NISTP384: RFC4253 SSH "string" (binary-encoded structure)
2010 // [00 00 06 81] → length = 1665 (0x0681)
2011 // [1568 bytes PQ blob] → mlkem1024 encapsulated client key
2012 // [97 bytes of nistp384 pubkey] → ephemeral nistp384 public key
2013
2014 ws_debug("CLIENT INIT follow offset pointer - absolute offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2014, __func__, "CLIENT INIT follow offset pointer - absolute offset: %d"
, offset); } } while (0); // debug trace offset
2015 int new_offset_client = ssh_read_e_pq(tvb, offset, global_data);
2016 if (new_offset_client < 0) {
2017 uint32_t bad_len = tvb_get_ntohl(tvb, offset);
2018 proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 4,
2019 "Invalid PQ client key length: %u", bad_len);
2020 ws_debug("ExpertInfo: Invalid PQ client key length at offset %d: %u", offset, bad_len)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2020, __func__, "ExpertInfo: Invalid PQ client key length at offset %d: %u"
, offset, bad_len); } } while (0);
2021
2022 return offset + 4;
2023 }
2024
2025 // PQ-hybrid KEMs cannot use ssh_add_tree_string => manual dissection
2026 // Get PQ blob size
2027 proto_tree *pq_tree = NULL((void*)0);
2028 uint32_t hybrid_len;
2029
2030 // Add a subtree for dissecting PQ blob
2031 proto_tree_add_item_ret_uint(tree, hf_ssh_hybrid_blob_client_len, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &hybrid_len); // add blob length
2032 ws_debug("CLIENT INIT PQ blob length - pq_len: %d", hybrid_len)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2032, __func__, "CLIENT INIT PQ blob length - pq_len: %d", hybrid_len
); } } while (0); // debug trace pq_len
2033 offset += 4; // shift length field
2034 pq_tree = proto_tree_add_subtree(tree, tvb, offset, hybrid_len, ett_ssh_pqhybrid_client, NULL((void*)0), "Hybrid Key Exchange Blob Client");
2035 ws_debug("CLIENT INIT add PQ Hybrid subtree - offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2035, __func__, "CLIENT INIT add PQ Hybrid subtree - offset: %d"
, offset); } } while (0); // debug trace offset
2036
2037 // Make a new tvb for just the PQ hybrid blob string contents
2038 tvbuff_t *string_tvb = tvb_new_subset_length(tvb, offset, hybrid_len);
2039
2040 uint32_t pq_len;
2041 uint32_t t_len;
2042 if (g_str_has_prefix(kex_name, "sntrup761x25519-sha512")(__builtin_constant_p ("sntrup761x25519-sha512")? __extension__
({ const char * const __str = (kex_name); const char * const
__prefix = ("sntrup761x25519-sha512"); gboolean __result = (
0); if (__str == ((void*)0) || __prefix == ((void*)0)) __result
= (g_str_has_prefix) (__str, __prefix); else { const size_t __str_len
= strlen (((__str) + !(__str))); const size_t __prefix_len =
strlen (((__prefix) + !(__prefix))); if (__str_len >= __prefix_len
) __result = memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix
)), __prefix_len) == 0; } __result; }) : (g_str_has_prefix) (
kex_name, "sntrup761x25519-sha512") )) {
2043 pq_len = 1158;
2044 t_len = 32;
2045 } else if (strcmp(kex_name, "mlkem768x25519-sha256") == 0) {
2046 pq_len = 1184;
2047 t_len = 32;
2048 } else if (strcmp(kex_name, "mlkem768nistp256-sha256") == 0) {
2049 pq_len = 1184;
2050 t_len = 65;
2051 } else if (strcmp(kex_name, "mlkem1024nistp384-sha384") == 0) {
2052 pq_len = 1568;
2053 t_len = 97;
2054 } else {
2055 DISSECTOR_ASSERT_NOT_REACHED()(proto_report_dissector_bug("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\""
, "epan/dissectors/packet-ssh.c", 2055));
2056 break;
2057 }
2058
2059 if (pq_len + t_len != hybrid_len) {
2060 proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 4,
2061 "Invalid PQ hybrid client key length for %s: %u does not match %u + %u",
2062 kex_name, hybrid_len, pq_len, t_len);
2063 } else {
2064 // Now dissect string inside the blob and add PQ server response and ECDH Q_S to GUI subtree
2065 proto_tree_add_item(pq_tree, hf_ssh_pq_kem_client, string_tvb, 0, pq_len, ENC_NA0x00000000);
2066 proto_tree_add_item(pq_tree, hf_ssh_ecdh_q_c, string_tvb, pq_len, t_len, ENC_NA0x00000000);
2067 }
2068
2069 // retrieve offset from read_f_pq() to shift blob length and consume packet
2070 offset = new_offset_client;
2071 ws_debug("CLIENT INIT shift PQ blob - offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2071, __func__, "CLIENT INIT shift PQ blob - offset: %d", offset
); } } while (0); // debug trace offset
2072 break;
2073 }
2074
2075 // Server Reply Message
2076 case SSH_MSG_KEX_HYBRID_REPLY31: {
2077
2078 // SNTRUP761X25519: RFC4253 SSH "string" (binary-encoded structure)
2079 // [00 00 00 33] → host key structure length = 51
2080 // [00 00 00 0b] → host key alg length = 11
2081 // [73 73 68 2d 65 64 32 35 35 31 39] → "ssh-ed25519"
2082 // [00 00 00 20] → host key length = 32
2083 // [32 bytes of public key] → public key
2084 // [00 00 04 2f] → PQ blob length = 1071 (0x042f)
2085 // [1071 bytes PQ blob] → PQ blob (1039 sntrup761 + 32 x25519)
2086 // [00 00 00 53] → signature structure length = 83
2087 // [00 00 00 0b] → signature alg length
2088 // [73 73 68 2d 65 64 32 35 35 31 39] → "ssh-ed25519"
2089 // [00 00 00 40] → signature length
2090 // [40 bytes signature] → server signature
2091
2092 // MLKEM768X25519: RFC4253 SSH "string" (binary-encoded structure)
2093 // [00 00 00 33] → host key structure length = 51
2094 // [00 00 00 0b] → host key alg length = 11
2095 // [73 73 68 2d 65 64 32 35 35 31 39] → "ssh-ed25519"
2096 // [00 00 00 20] → host key length = 32
2097 // [32 bytes of public key] → public key
2098 // [00 00 04 60] → PQ blob length = 1120 (0x0460)
2099 // [1120 bytes PQ blob] → PQ blob (1088 mlkem768 + 32 x25519)
2100 // [00 00 00 53] → signature structure length = 83
2101 // [00 00 00 0b] → signature alg length
2102 // [73 73 68 2d 65 64 32 35 35 31 39] → "ssh-ed25519"
2103 // [00 00 00 40] → signature length
2104 // [40 bytes signature] → server signature
2105
2106 // MLKEM768NISTP256: RFC4253 SSH "string" (binary-encoded structure)
2107 // [00 00 00 33] → host key structure length = 51
2108 // [00 00 00 0b] → host key alg length = 11
2109 // [73 73 68 2d 65 64 32 35 35 31 39] → "ssh-ed25519"
2110 // [00 00 00 20] → host key length = 32
2111 // [32 bytes of public key] → public key
2112 // [00 00 04 81] → PQ blob length = 1153 (0x0481)
2113 // [1153 bytes PQ blob] → PQ blob (1088 mlkem768 + 65 nistp256)
2114 // [00 00 00 53] → signature structure length = 83
2115 // [00 00 00 0b] → signature alg length
2116 // [73 73 68 2d 65 64 32 35 35 31 39] → "ssh-ed25519"
2117 // [00 00 00 40] → signature length
2118 // [40 bytes signature] → server signature
2119
2120 // MLKEM1024NISTP384: RFC4253 SSH "string" (binary-encoded structure)
2121 // [00 00 00 33] → host key structure length = 51
2122 // [00 00 00 0b] → host key alg length = 11
2123 // [73 73 68 2d 65 64 32 35 35 31 39] → "ssh-ed25519"
2124 // [00 00 00 20] → host key length = 32
2125 // [32 bytes of public key] → public key
2126 // [00 00 06 81] → PQ blob length = 1665 (0x0681)
2127 // [1665 bytes PQ blob] → PQ blob (1568 mlkem1024 + 97 nistp384)
2128 // [00 00 00 53] → signature structure length = 83
2129 // [00 00 00 0b] → signature alg length
2130 // [73 73 68 2d 65 64 32 35 35 31 39] → "ssh-ed25519"
2131 // [00 00 00 40] → signature length
2132 // [40 bytes signature] → server signature
2133
2134 ws_debug("SERVER REPLY follow offset pointer - absolute offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2134, __func__, "SERVER REPLY follow offset pointer - absolute offset: %d"
, offset); } } while (0); // debug trace offset
4
Taking true branch
5
Loop condition is false. Exiting loop
2135
2136 // Add the host key used to sign the key exchange to the GUI tree.
2137 offset += ssh_tree_add_hostkey(tvb, pinfo, offset, tree, "KEX host key", ett_key_exchange_host_key, global_data);
2138
2139 ws_debug("SERVER REPLY add hostkey tree - offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2139, __func__, "SERVER REPLY add hostkey tree - offset: %d"
, offset); } } while (0); // debug trace offset
6
Taking true branch
7
Loop condition is false. Exiting loop
2140
2141 int new_offset_server = ssh_read_f_pq(tvb, offset, global_data);
2142 if (new_offset_server
7.1
'new_offset_server' is >= 0
 < 0) {
8
Taking false branch
2143 uint32_t bad_len = tvb_get_ntohl(tvb, offset);
2144 proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 4,
2145 "Invalid PQ server key length: %u", bad_len);
2146 ws_debug("ExpertInfo: Invalid PQ server key length at offset %d: %u", offset, bad_len)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2146, __func__, "ExpertInfo: Invalid PQ server key length at offset %d: %u"
, offset, bad_len); } } while (0);
2147
2148 return offset + 4;
2149 }
2150
2151 // Select encryption and MAC based on negotiated algorithms.
2152 ssh_choose_enc_mac(global_data);
2153
2154 // Write session secrets to keylog file (if enabled).
2155 ssh_keylog_hash_write_secret(global_data, pinfo->pool);
9
Calling 'ssh_keylog_hash_write_secret'
2156
2157 // PQ-hybrid KEMs cannot use ssh_add_tree_string => manual dissection
2158 // Get PQ blob size
2159 proto_tree *pq_tree = NULL((void*)0);
2160 uint32_t hybrid_len = tvb_get_ntohl(tvb, offset);
2161 ws_debug("SERVER REPLY PQ blob length - hybrid_len: %d", hybrid_len)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2161, __func__, "SERVER REPLY PQ blob length - hybrid_len: %d"
, hybrid_len); } } while (0); // debug trace hybrid_len
2162
2163 // Add a subtree for dissecting PQ blob
2164 proto_tree_add_item(tree, hf_ssh_hybrid_blob_server_len, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); // add blob length
2165 offset += 4; // shift length field
2166 pq_tree = proto_tree_add_subtree(tree, tvb, offset, hybrid_len, ett_ssh_pqhybrid_server, NULL((void*)0), "Hybrid Key Exchange Blob Server");
2167 ws_debug("SERVER REPLY add PQ Hybrid subtree - offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2167, __func__, "SERVER REPLY add PQ Hybrid subtree - offset: %d"
, offset); } } while (0); // debug trace offset
2168
2169 // Make a new tvb for just the PQ hybrid blob string contents
2170 tvbuff_t *string_tvb = tvb_new_subset_length(tvb, offset, hybrid_len);
2171
2172 uint32_t pq_len;
2173 uint32_t t_len;
2174 if (g_str_has_prefix(kex_name, "sntrup761x25519-sha512")(__builtin_constant_p ("sntrup761x25519-sha512")? __extension__
({ const char * const __str = (kex_name); const char * const
__prefix = ("sntrup761x25519-sha512"); gboolean __result = (
0); if (__str == ((void*)0) || __prefix == ((void*)0)) __result
= (g_str_has_prefix) (__str, __prefix); else { const size_t __str_len
= strlen (((__str) + !(__str))); const size_t __prefix_len =
strlen (((__prefix) + !(__prefix))); if (__str_len >= __prefix_len
) __result = memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix
)), __prefix_len) == 0; } __result; }) : (g_str_has_prefix) (
kex_name, "sntrup761x25519-sha512") )) {
2175 pq_len = 1039;
2176 t_len = 32;
2177 } else if (strcmp(kex_name, "mlkem768x25519-sha256") == 0) {
2178 pq_len = 1088;
2179 t_len = 32;
2180 } else if (strcmp(kex_name, "mlkem768nistp256-sha256") == 0) {
2181 pq_len = 1088;
2182 t_len = 65;
2183 } else if (strcmp(kex_name, "mlkem1024nistp384-sha384") == 0) {
2184 pq_len = 1568;
2185 t_len = 97;
2186 } else {
2187 DISSECTOR_ASSERT_NOT_REACHED()(proto_report_dissector_bug("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\""
, "epan/dissectors/packet-ssh.c", 2187));
2188 break;
2189 }
2190
2191 if (pq_len + t_len != hybrid_len) {
2192 proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 4,
2193 "Invalid PQ hybrid server key length for %s: %u does not match %u + %u",
2194 kex_name, hybrid_len, pq_len, t_len);
2195 } else {
2196 // Now dissect string inside the blob and add PQ server response and ECDH Q_S to GUI subtree
2197 proto_tree_add_item(pq_tree, hf_ssh_pq_kem_server, string_tvb, 0, pq_len, ENC_NA0x00000000);
2198 proto_tree_add_item(pq_tree, hf_ssh_ecdh_q_s, string_tvb, pq_len, t_len, ENC_NA0x00000000);
2199 }
2200
2201 // retrieve offset from read_f_pq() to shift blob length
2202 offset = new_offset_server;
2203 ws_debug("SERVER REPLY shift PQ blob - offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2203, __func__, "SERVER REPLY shift PQ blob - offset: %d", offset
); } } while (0); // debug trace offset
2204
2205 // Add the host's digital signature to the GUI tree
2206 offset += ssh_tree_add_hostsignature(tvb, pinfo, offset, tree, "KEX host signature",
2207 ett_key_exchange_host_sig, global_data);
2208 ws_debug("SERVER REPLY add signature tree - offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2208, __func__, "SERVER REPLY add signature tree - offset: %d"
, offset); } } while (0); // debug trace offset
2209 break;
2210 }
2211 }
2212
2213 if (msg_code == SSH_MSG_KEX_HYBRID_INIT30) {
2214 ws_debug("OUT PQ HYBRID KEX - CLIENT INIT track offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2214, __func__, "OUT PQ HYBRID KEX - CLIENT INIT track offset: %d"
, offset); } } while (0); // debug trace offset
2215 } else if (msg_code == SSH_MSG_KEX_HYBRID_REPLY31) {
2216 ws_debug("OUT PQ HYBRID KEX - SERVER REPLY track offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2216, __func__, "OUT PQ HYBRID KEX - SERVER REPLY track offset: %d"
, offset); } } while (0); // debug trace offset
2217 } else {
2218 ws_debug("OUT PQ HYBRID KEX - track offset: %d", offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2218, __func__, "OUT PQ HYBRID KEX - track offset: %d", offset
); } } while (0); // debug trace offset
2219 }
2220
2221 return offset; // Final offset after packet is processed by ssh_dissect_kex_pq_hybrid()
2222}
2223
2224static ssh_message_info_t*
2225ssh_get_message(packet_info *pinfo, int record_id)
2226{
2227 ssh_packet_info_t *packet = (ssh_packet_info_t *)p_get_proto_data(
2228 wmem_file_scope(), pinfo, proto_ssh, 0);
2229
2230 if (!packet) {
2231 return NULL((void*)0);
2232 }
2233
2234 ssh_message_info_t *message = NULL((void*)0);
2235 for (message = packet->messages; message; message = message->next) {
2236 ws_noisy("%u:looking for message %d now %d", pinfo->num, record_id, message->id)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 2236, __func__, "%u:looking for message %d now %d", pinfo->
num, record_id, message->id); } } while (0);
2237 if (message->id == record_id) {
2238 return message;
2239 }
2240 }
2241
2242 return NULL((void*)0);
2243}
2244
2245static int
2246ssh_try_dissect_encrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
2247 struct ssh_peer_data *peer_data, int offset, proto_tree *tree)
2248{
2249 bool_Bool can_decrypt = peer_data->cipher != NULL((void*)0) || peer_data->cipher_id == CIPHER_NULL0x00080000;
2250 ssh_message_info_t *message = NULL((void*)0);
2251
2252 if (can_decrypt) {
2253 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
2254 ssh_decrypt_packet(tvb, pinfo, peer_data, offset);
2255 if (pinfo->desegment_len) {
2256 return offset;
2257 }
2258 }
2259
2260 int record_id = tvb_raw_offset(tvb) + offset;
2261 message = ssh_get_message(pinfo, record_id);
2262
2263 if (message) {
2264 offset += ssh_dissect_decrypted_packet(tvb_new_subset_remaining(tvb, offset), pinfo, peer_data, tree, message);
2265 return offset;
2266 }
2267 }
2268
2269 return ssh_dissect_encrypted_packet(tvb, pinfo, peer_data, offset, tree);
2270}
2271
2272static int
2273ssh_dissect_encrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
2274 struct ssh_peer_data *peer_data,
2275 int offset, proto_tree *tree)
2276{
2277 int len;
2278 unsigned plen;
2279
2280 len = tvb_reported_length_remaining(tvb, offset);
2281 col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL((void*)0), "Encrypted packet (len=%d)", len);
2282
2283 if (tree) {
2284 int encrypted_len = len;
2285
2286 if (len > 4 && peer_data->length_is_plaintext) {
2287 plen = tvb_get_ntohl(tvb, offset) ;
2288 proto_tree_add_uint(tree, hf_ssh_packet_length, tvb, offset, 4, plen);
2289 encrypted_len -= 4;
2290 }
2291 else if (len > 4) {
2292 proto_tree_add_item(tree, hf_ssh_packet_length_encrypted, tvb, offset, 4, ENC_NA0x00000000);
2293 encrypted_len -= 4;
2294 }
2295
2296 if (peer_data->mac_length>0)
2297 encrypted_len -= peer_data->mac_length;
2298
2299 proto_tree_add_item(tree, hf_ssh_encrypted_packet,
2300 tvb, offset+4, encrypted_len, ENC_NA0x00000000);
2301
2302 if (peer_data->mac_length>0)
2303 proto_tree_add_item(tree, hf_ssh_mac_string,
2304 tvb, offset+4+encrypted_len,
2305 peer_data->mac_length, ENC_NA0x00000000);
2306 }
2307 offset += len;
2308 return offset;
2309}
2310
2311static int
2312ssh_dissect_protocol(tvbuff_t *tvb, packet_info *pinfo,
2313 struct ssh_flow_data *global_data,
2314 unsigned offset, proto_tree *tree, int is_response, unsigned * version,
2315 bool_Bool *need_desegmentation)
2316{
2317 unsigned protolen, next_offset;
2318
2319 /*
2320 * If the first packet do not contain the banner,
2321 * it is dump in the middle of a flow or not a ssh at all
2322 */
2323 if (tvb_strncaseeql(tvb, offset, "SSH-", 4) != 0) {
2324 offset = ssh_dissect_encrypted_packet(tvb, pinfo,
2325 &global_data->peer_data[is_response], offset, tree);
2326 return offset;
2327 }
2328
2329 if (!is_response) {
2330 if (tvb_strncaseeql(tvb, offset, "SSH-2.", 6) == 0) {
2331 *(version) = SSH_VERSION_22;
2332 } else if (tvb_strncaseeql(tvb, offset, "SSH-1.99-", 9) == 0) {
2333 *(version) = SSH_VERSION_22;
2334 } else if (tvb_strncaseeql(tvb, offset, "SSH-1.", 6) == 0) {
2335 *(version) = SSH_VERSION_11;
2336 }
2337 }
2338
2339 if (!tvb_find_line_end_remaining(tvb, offset, &protolen, &next_offset)) {
2340 if (ssh_desegment && pinfo->can_desegment) {
2341 pinfo->desegment_offset = offset;
2342 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT0x0fffffff;
2343 *need_desegmentation = true1;
2344 return offset;
2345 }
2346 }
2347 /* Either we found it, or we're not reassembling and take everything. */
2348
2349 col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL((void*)0), "Protocol (%s)",
2350 tvb_format_text(pinfo->pool, tvb, offset, protolen));
2351
2352 // V_C / V_S (client and server identification strings) RFC4253 4.2
2353 // format: SSH-protoversion-softwareversion SP comments [CR LF not incl.]
2354 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
2355 uint8_t *data = (uint8_t *)tvb_memdup(pinfo->pool, tvb, offset, protolen);
2356 if(!is_response){
2357 ssh_hash_buffer_put_string(global_data->kex_client_version, data, protolen);
2358 }else{
2359 ssh_hash_buffer_put_string(global_data->kex_server_version, data, protolen);
2360 }
2361 }
2362
2363 proto_tree_add_item(tree, hf_ssh_protocol,
2364 tvb, offset, protolen, ENC_ASCII0x00000000);
2365 offset += next_offset;
2366 return offset;
2367}
2368
2369static void
2370ssh_set_mac_length(struct ssh_peer_data *peer_data)
2371{
2372 char *size_str;
2373 uint32_t size = 0;
2374 char *mac_name = peer_data->mac;
2375 char *strip;
2376
2377 if (!mac_name)
2378 return;
2379
2380 /* wmem_strdup() never returns NULL */
2381 mac_name = wmem_strdup(NULL((void*)0), (const char *)mac_name);
2382
2383 /* strip trailing "[email protected]" or "@openssh.com" */
2384 strip = strstr(mac_name, "[email protected]");
2385 if (strip) {
2386 peer_data->length_is_plaintext = 1;
2387 *strip = '\0';
2388 }
2389 else {
2390 strip = strstr(mac_name, "@openssh.com");
2391 if (strip) *strip = '\0';
2392 }
2393
2394 size_str = g_strrstr(mac_name, "-");
2395 if (size_str && ws_strtou32(size_str + 1, NULL((void*)0), &size) && size > 0 && size % 8 == 0) {
2396 peer_data->mac_length = size / 8;
2397 }
2398 else if (strcmp(mac_name, "hmac-sha1") == 0) {
2399 peer_data->mac_length = 20;
2400 }
2401 else if (strcmp(mac_name, "hmac-md5") == 0) {
2402 peer_data->mac_length = 16;
2403 }
2404 else if (strcmp(mac_name, "hmac-ripemd160") == 0) {
2405 peer_data->mac_length = 20;
2406 }
2407 else if (strcmp(mac_name, "none") == 0) {
2408 peer_data->mac_length = 0;
2409 }
2410
2411 wmem_free(NULL((void*)0), mac_name);
2412}
2413
2414static void ssh_set_kex_specific_dissector(struct ssh_flow_data *global_data)
2415{
2416 const char *kex_name = global_data->kex;
2417
2418 if (!kex_name) return;
2419
2420 if (strcmp(kex_name, "diffie-hellman-group-exchange-sha1") == 0 ||
2421 strcmp(kex_name, "diffie-hellman-group-exchange-sha256") == 0)
2422 {
2423 global_data->kex_specific_dissector = ssh_dissect_kex_dh_gex;
2424 }
2425 else if (g_str_has_prefix(kex_name, "ecdh-sha2-")(__builtin_constant_p ("ecdh-sha2-")? __extension__ ({ const char
* const __str = (kex_name); const char * const __prefix = ("ecdh-sha2-"
); gboolean __result = (0); if (__str == ((void*)0) || __prefix
== ((void*)0)) __result = (g_str_has_prefix) (__str, __prefix
); else { const size_t __str_len = strlen (((__str) + !(__str
))); const size_t __prefix_len = strlen (((__prefix) + !(__prefix
))); if (__str_len >= __prefix_len) __result = memcmp (((__str
) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len) == 0
; } __result; }) : (g_str_has_prefix) (kex_name, "ecdh-sha2-"
) ) ||
2426 strcmp(kex_name, "[email protected]") == 0 ||
2427 strcmp(kex_name, "curve25519-sha256") == 0 ||
2428 strcmp(kex_name, "curve448-sha512") == 0)
2429 {
2430 global_data->kex_specific_dissector = ssh_dissect_kex_ecdh;
2431 }
2432 else if (strcmp(kex_name, "diffie-hellman-group14-sha256") == 0 ||
2433 strcmp(kex_name, "diffie-hellman-group16-sha512") == 0 ||
2434 strcmp(kex_name, "diffie-hellman-group18-sha512") == 0 ||
2435 strcmp(kex_name, "diffie-hellman-group1-sha1") == 0 ||
2436 strcmp(kex_name, "diffie-hellman-group14-sha1") == 0)
2437 {
2438 global_data->kex_specific_dissector = ssh_dissect_kex_dh;
2439 }
2440 else if (g_str_has_prefix(kex_name, "sntrup761x25519-sha512")(__builtin_constant_p ("sntrup761x25519-sha512")? __extension__
({ const char * const __str = (kex_name); const char * const
__prefix = ("sntrup761x25519-sha512"); gboolean __result = (
0); if (__str == ((void*)0) || __prefix == ((void*)0)) __result
= (g_str_has_prefix) (__str, __prefix); else { const size_t __str_len
= strlen (((__str) + !(__str))); const size_t __prefix_len =
strlen (((__prefix) + !(__prefix))); if (__str_len >= __prefix_len
) __result = memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix
)), __prefix_len) == 0; } __result; }) : (g_str_has_prefix) (
kex_name, "sntrup761x25519-sha512") ) ||
2441 strcmp(kex_name, "mlkem768x25519-sha256") == 0 ||
2442 strcmp(kex_name, "mlkem768nistp256-sha256") == 0 ||
2443 strcmp(kex_name, "mlkem1024nistp384-sha384") == 0)
2444 {
2445 global_data->kex_specific_dissector = ssh_dissect_kex_pq_hybrid;
2446 }
2447 else
2448 {
2449 ws_warning("NOT SUPPORTED OR UNKNOWN KEX DETECTED: ALGORITHM = %s", kex_name)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_WARNING, "epan/dissectors/packet-ssh.c"
, 2449, __func__, "NOT SUPPORTED OR UNKNOWN KEX DETECTED: ALGORITHM = %s"
, kex_name); } } while (0);
2450 }
2451}
2452
2453static int
2454ssh_gslist_compare_strings(const void *a, const void *b)
2455{
2456 if (a == NULL((void*)0) && b == NULL((void*)0))
2457 return 0;
2458 if (a == NULL((void*)0))
2459 return -1;
2460 if (b == NULL((void*)0))
2461 return 1;
2462 return strcmp((const char*)a, (const char*)b);
2463}
2464
2465/* expects that *result is NULL */
2466static bool_Bool
2467ssh_choose_algo(char *client, char *server, char **result)
2468{
2469 char **server_strings = NULL((void*)0);
2470 char **client_strings = NULL((void*)0);
2471 char **step;
2472 GSList *server_list = NULL((void*)0);
2473
2474 static const char* client_strict = "[email protected]";
2475 static const char* server_strict = "[email protected]";
2476 bool_Bool kex_strict = false0;
2477
2478 if (!client || !server || !result || *result)
2479 return false0;
2480
2481 server_strings = g_strsplit(server, ",", 0);
2482 for (step = server_strings; *step; step++) {
2483 server_list = g_slist_append(server_list, *step);
2484 }
2485
2486 client_strings = g_strsplit(client, ",", 0);
2487 for (step = client_strings; *step; step++) {
2488 GSList *agreed;
2489 if ((agreed = g_slist_find_custom(server_list, *step, ssh_gslist_compare_strings))) {
2490 *result = wmem_strdup(wmem_file_scope(), (const char *)agreed->data);
2491 break;
2492 }
2493 }
2494
2495 /* Check for the OpenSSH strict key exchange extension designed to
2496 * mitigate the Terrapin attack by resetting the packet sequence
2497 * number to zero after a SSH2_MSG_NEWKEYS message.
2498 * https://www.openssh.com/txt/release-9.6
2499 * Also see PROTOCOL in the OpenSSH source distribution.
2500 *
2501 * OpenSSH says this is activated "when an endpoint that supports this
2502 * extension observes this algorithm name in a peer's KEXINIT packet".
2503 * We'll have to assume that any endpoint that supports this also
2504 * indicates support for it in its own first SSH2_MSG_KEXINIT.
2505 */
2506 if (g_strv_contains((const char* const*)client_strings, client_strict) &&
2507 g_strv_contains((const char* const*)server_strings, server_strict)) {
2508
2509 kex_strict = true1;
2510 }
2511
2512 g_strfreev(client_strings);
2513 g_slist_free(server_list);
2514 g_strfreev(server_strings);
2515
2516 return kex_strict;
2517}
2518
2519static int
2520ssh_dissect_key_init(tvbuff_t *tvb, packet_info *pinfo, int offset,
2521 proto_tree *tree, int is_response, struct ssh_flow_data *global_data)
2522{
2523 int start_offset = offset;
2524 int payload_length;
2525 wmem_strbuf_t *hassh_algo;
2526 char *hassh;
2527
2528 proto_item *tf, *ti;
2529 proto_tree *key_init_tree;
2530
2531 struct ssh_peer_data *peer_data = &global_data->peer_data[is_response];
2532
2533 key_init_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_key_init, &tf, "Algorithms");
2534 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
2535 peer_data->bn_cookie = ssh_kex_make_bignum(tvb_get_ptr(tvb, offset, 16), 16);
2536 }
2537 proto_tree_add_item(key_init_tree, hf_ssh_cookie,
2538 tvb, offset, 16, ENC_NA0x00000000);
2539 offset += 16;
2540
2541 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2542 hf_ssh_kex_algorithms_length, hf_ssh_kex_algorithms,
2543 &peer_data->kex_proposal);
2544 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2545 hf_ssh_server_host_key_algorithms_length,
2546 hf_ssh_server_host_key_algorithms, NULL((void*)0));
2547 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2548 hf_ssh_encryption_algorithms_client_to_server_length,
2549 hf_ssh_encryption_algorithms_client_to_server,
2550 &peer_data->enc_proposals[CLIENT_TO_SERVER_PROPOSAL0]);
2551 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2552 hf_ssh_encryption_algorithms_server_to_client_length,
2553 hf_ssh_encryption_algorithms_server_to_client,
2554 &peer_data->enc_proposals[SERVER_TO_CLIENT_PROPOSAL1]);
2555 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2556 hf_ssh_mac_algorithms_client_to_server_length,
2557 hf_ssh_mac_algorithms_client_to_server,
2558 &peer_data->mac_proposals[CLIENT_TO_SERVER_PROPOSAL0]);
2559 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2560 hf_ssh_mac_algorithms_server_to_client_length,
2561 hf_ssh_mac_algorithms_server_to_client,
2562 &peer_data->mac_proposals[SERVER_TO_CLIENT_PROPOSAL1]);
2563 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2564 hf_ssh_compression_algorithms_client_to_server_length,
2565 hf_ssh_compression_algorithms_client_to_server,
2566 &peer_data->comp_proposals[CLIENT_TO_SERVER_PROPOSAL0]);
2567 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2568 hf_ssh_compression_algorithms_server_to_client_length,
2569 hf_ssh_compression_algorithms_server_to_client,
2570 &peer_data->comp_proposals[SERVER_TO_CLIENT_PROPOSAL1]);
2571 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2572 hf_ssh_languages_client_to_server_length,
2573 hf_ssh_languages_client_to_server, NULL((void*)0));
2574 offset = ssh_dissect_proposal(tvb, offset, key_init_tree,
2575 hf_ssh_languages_server_to_client_length,
2576 hf_ssh_languages_server_to_client, NULL((void*)0));
2577
2578 proto_tree_add_item(key_init_tree, hf_ssh_first_kex_packet_follows,
2579 tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
2580 offset+=1;
2581
2582 proto_tree_add_item(key_init_tree, hf_ssh_kex_reserved,
2583 tvb, offset, 4, ENC_NA0x00000000);
2584 offset+=4;
2585
2586 hassh_algo = wmem_strbuf_new(pinfo->pool, "");
2587 if(!is_response) {
2588 wmem_strbuf_append_printf(hassh_algo, "%s;%s;%s;%s", peer_data->kex_proposal, peer_data->enc_proposals[CLIENT_TO_SERVER_PROPOSAL0],
2589 peer_data->mac_proposals[CLIENT_TO_SERVER_PROPOSAL0], peer_data->comp_proposals[CLIENT_TO_SERVER_PROPOSAL0]);
2590 hassh = g_compute_checksum_for_string(G_CHECKSUM_MD5, wmem_strbuf_get_str(hassh_algo), wmem_strbuf_get_len(hassh_algo));
2591 ti = proto_tree_add_string(key_init_tree, hf_ssh_kex_hassh_algo, tvb, offset, 0, wmem_strbuf_get_str(hassh_algo));
2592 proto_item_set_generated(ti);
2593 ti = proto_tree_add_string(key_init_tree, hf_ssh_kex_hassh, tvb, offset, 0, hassh);
2594 proto_item_set_generated(ti);
2595 g_free(hassh)(__builtin_object_size ((hassh), 0) != ((size_t) - 1)) ? g_free_sized
(hassh, __builtin_object_size ((hassh), 0)) : (g_free) (hassh
);
2596 } else {
2597 wmem_strbuf_append_printf(hassh_algo, "%s;%s;%s;%s", peer_data->kex_proposal, peer_data->enc_proposals[SERVER_TO_CLIENT_PROPOSAL1],
2598 peer_data->mac_proposals[SERVER_TO_CLIENT_PROPOSAL1], peer_data->comp_proposals[SERVER_TO_CLIENT_PROPOSAL1]);
2599 hassh = g_compute_checksum_for_string(G_CHECKSUM_MD5, wmem_strbuf_get_str(hassh_algo), wmem_strbuf_get_len(hassh_algo));
2600 ti = proto_tree_add_string(key_init_tree, hf_ssh_kex_hasshserver_algo, tvb, offset, 0, wmem_strbuf_get_str(hassh_algo));
2601 proto_item_set_generated(ti);
2602 ti = proto_tree_add_string(key_init_tree, hf_ssh_kex_hasshserver, tvb, offset, 0, hassh);
2603 proto_item_set_generated(ti);
2604 g_free(hassh)(__builtin_object_size ((hassh), 0) != ((size_t) - 1)) ? g_free_sized
(hassh, __builtin_object_size ((hassh), 0)) : (g_free) (hassh
);
2605 }
2606
2607 if (global_data->peer_data[CLIENT_PEER_DATA0].kex_proposal &&
2608 global_data->peer_data[SERVER_PEER_DATA1].kex_proposal &&
2609 !global_data->kex)
2610 {
2611 /* Note: we're ignoring first_kex_packet_follows. */
2612 global_data->ext_kex_strict = ssh_choose_algo(
2613 global_data->peer_data[CLIENT_PEER_DATA0].kex_proposal,
2614 global_data->peer_data[SERVER_PEER_DATA1].kex_proposal,
2615 &global_data->kex);
2616 ssh_set_kex_specific_dissector(global_data);
2617 }
2618
2619 payload_length = offset - start_offset;
2620
2621 if (tf != NULL((void*)0)) {
2622 proto_item_set_len(tf, payload_length);
2623 }
2624
2625 // I_C / I_S (client and server SSH_MSG_KEXINIT payload) RFC4253 4.2
2626 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
2627 uint8_t *data = (uint8_t *)wmem_alloc(pinfo->pool, payload_length + 1);
2628 tvb_memcpy(tvb, data + 1, start_offset, payload_length);
2629 data[0] = SSH_MSG_KEXINIT20;
2630 if(is_response){
2631 ssh_hash_buffer_put_string(global_data->kex_server_key_exchange_init, data, payload_length + 1);
2632 }else{
2633 // Reset array while REKEY: sanitize client key
2634 global_data->kex_client_key_exchange_init = wmem_array_new(wmem_file_scope(), 1);
2635 ssh_hash_buffer_put_string(global_data->kex_client_key_exchange_init, data, payload_length + 1);
2636 }
2637 }
2638
2639 return offset;
2640}
2641
2642static int
2643ssh_dissect_proposal(tvbuff_t *tvb, int offset, proto_tree *tree,
2644 int hf_index_length, int hf_index_value, char **store)
2645{
2646 uint32_t len = tvb_get_ntohl(tvb, offset);
2647 proto_tree_add_uint(tree, hf_index_length, tvb, offset, 4, len);
2648 offset += 4;
2649
2650 proto_tree_add_item(tree, hf_index_value, tvb, offset, len,
2651 ENC_ASCII0x00000000);
2652 if (store)
2653 *store = (char *) tvb_get_string_enc(wmem_file_scope(), tvb, offset, len, ENC_ASCII0x00000000);
2654 offset += len;
2655
2656 return offset;
2657}
2658
2659static void
2660ssh_keylog_read_file(void)
2661{
2662 if (!pref_keylog_file || !*pref_keylog_file) {
11
Assuming 'pref_keylog_file' is non-null
12
Assuming the condition is false
2663 ws_debug("no keylog file preference set")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2663, __func__, "no keylog file preference set"); } } while
(0);
2664 return;
2665 }
2666
2667 if (ssh_keylog_file && file_needs_reopen(ws_filenofileno(ssh_keylog_file),
13
Assuming 'ssh_keylog_file' is non-null
14
Assuming the condition is false
15
Taking false branch
2668 pref_keylog_file)) {
2669 ssh_keylog_reset();
2670 g_hash_table_remove_all(ssh_master_key_map);
2671 }
2672
2673 if (!ssh_keylog_file) {
16
Assuming 'ssh_keylog_file' is non-null
17
Taking false branch
2674 ssh_keylog_file = ws_fopenfopen(pref_keylog_file, "r");
2675 if (!ssh_keylog_file) {
2676 ws_debug("ssh: failed to open key log file %s: %s",do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2677, __func__, "ssh: failed to open key log file %s: %s", pref_keylog_file
, g_strerror((*__errno_location ()))); } } while (0)
2677 pref_keylog_file, g_strerror(errno))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2677, __func__, "ssh: failed to open key log file %s: %s", pref_keylog_file
, g_strerror((*__errno_location ()))); } } while (0);
2678 return;
2679 }
2680 }
2681
2682 /* File format: each line follows the format "<cookie> <type> <key>".
2683 * <cookie> is the hex-encoded (client or server) 16 bytes cookie
2684 * (32 characters) found in the SSH_MSG_KEXINIT of the endpoint whose
2685 * private random is disclosed.
2686 * <type> is either SHARED_SECRET or PRIVATE_KEY depending on the
2687 * type of key provided. PRIVAT_KEY is only supported for DH,
2688 * DH group exchange, and ECDH (including Curve25519) key exchanges.
2689 * <key> is the private random number that is used to generate the DH
2690 * negotiation (length depends on algorithm). In RFC4253 it is called
2691 * x for the client and y for the server.
2692 * For openssh and DH group exchange, it can be retrieved using
2693 * DH_get0_key(kex->dh, NULL, &server_random)
2694 * for groupN in file kexdh.c function kex_dh_compute_key
2695 * for custom group in file kexgexs.c function input_kex_dh_gex_init
2696 * For openssh and curve25519, it can be found in function kex_c25519_enc
2697 * in variable server_key. One may also provide the shared secret
2698 * directly if <type> is set to SHARED_SECRET.
2699 *
2700 * Example:
2701 * 90d886612f9c35903db5bb30d11f23c2 PRIVATE_KEY DEF830C22F6C927E31972FFB20B46C96D0A5F2D5E7BE5A3A8804D6BFC431619ED10AF589EEDFF4750DEA00EFD7AFDB814B6F3528729692B1F2482041521AE9DC
2702 */
2703 for (;;) {
18
Loop condition is true. Entering loop body
2704 // XXX - What is a reasonable max line length here? Note at a certain
2705 // point we have to increase the maximum ssh_kex_make_bignum supports (not needed for post quantum material (pure binary)).
2706 char buf[4096];// 4096 is needed for mlkem1024 private_key binary meterial: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf
2707 buf[0] = 0;
2708
2709 if (!fgets(buf, sizeof(buf), ssh_keylog_file)) {
19
Taking true branch
2710 rewind(ssh_keylog_file); // Resets to start of file (to handle parallel multi sessions decryption)
20
After calling 'rewind' reading 'errno' is required to find out if the call has failed
2711 if (ferror(ssh_keylog_file)) {
21
Value of 'errno' was not checked and may be overwritten by function 'ferror'
2712 ws_debug("Error while reading %s, closing it.", pref_keylog_file)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2712, __func__, "Error while reading %s, closing it.", pref_keylog_file
); } } while (0);
2713 ssh_keylog_reset();
2714 g_hash_table_remove_all(ssh_master_key_map);
2715 }
2716 break;
2717 }
2718
2719 size_t len = strlen(buf);
2720 while(len>0 && (buf[len-1]=='\r' || buf[len-1]=='\n')){len-=1;buf[len]=0;}
2721 ws_noisy("ssh: raw keylog line read: %s", buf)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 2721, __func__, "ssh: raw keylog line read: %s", buf); } } while
(0);
2722
2723 ssh_keylog_process_line(buf);
2724 }
2725}
2726
2727static void
2728ssh_keylog_process_lines(const uint8_t *data, unsigned datalen)
2729{
2730 const char *next_line = (const char *)data;
2731 const char *line_end = next_line + datalen;
2732 while (next_line && next_line < line_end) {
2733 const char *line = next_line;
2734 next_line = (const char *)memchr(line, '\n', line_end - line);
2735 ssize_t linelen;
2736
2737 if (next_line) {
2738 linelen = next_line - line;
2739 next_line++; /* drop LF */
2740 } else {
2741 linelen = (ssize_t)(line_end - line);
2742 }
2743 if (linelen > 0 && line[linelen - 1] == '\r') {
2744 linelen--; /* drop CR */
2745 }
2746
2747 ssh_debug_printf(" checking keylog line: %.*s\n", (int)linelen, line);
2748 ws_noisy("ssh: about to process line: %.*s", (int)linelen, line)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 2748, __func__, "ssh: about to process line: %.*s", (int)linelen
, line); } } while (0);
2749
2750 char * strippedline = g_strndup(line, linelen);
2751 ssh_keylog_process_line(strippedline);
2752 g_free(strippedline)(__builtin_object_size ((strippedline), 0) != ((size_t) - 1))
? g_free_sized (strippedline, __builtin_object_size ((strippedline
), 0)) : (g_free) (strippedline);
2753 }
2754}
2755
2756static void
2757ssh_keylog_process_line(const char *line)
2758{
2759 ws_noisy("ssh: process line: %s", line)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 2759, __func__, "ssh: process line: %s", line); } } while (
0);
2760
2761 char **split = g_strsplit(line, " ", 3);
2762 char *cookie, *type, *key;
2763 size_t cookie_len, key_len;
2764
2765 if (g_strv_length(split) == 3) {
2766 // New format: [hex-encoded cookie] [key type] [hex-encoded key material]
2767 cookie = split[0];
2768 type = split[1];
2769 key = split[2];
2770 } else if (g_strv_length(split) == 2) {
2771 // Old format: [hex-encoded cookie] [hex-encoded private key]
2772 ws_debug("ssh keylog: detected old keylog format without explicit key type")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2772, __func__, "ssh keylog: detected old keylog format without explicit key type"
); } } while (0);
2773 type = "PRIVATE_KEY";
2774 cookie = split[0];
2775 key = split[1];
2776 } else {
2777 ws_debug("ssh keylog: invalid format")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2777, __func__, "ssh keylog: invalid format"); } } while (0
);
2778 g_strfreev(split);
2779 return;
2780 }
2781
2782 key_len = strlen(key);
2783 cookie_len = strlen(cookie);
2784 if(key_len & 1){
2785 ws_debug("ssh keylog: invalid format (key should at least be even!)")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2785, __func__, "ssh keylog: invalid format (key should at least be even!)"
); } } while (0);
2786 g_strfreev(split);
2787 return;
2788 }
2789 if(cookie_len & 1){
2790 ws_debug("ssh keylog: invalid format (cookie should at least be even!)")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2790, __func__, "ssh keylog: invalid format (cookie should at least be even!)"
); } } while (0);
2791 g_strfreev(split);
2792 return;
2793 }
2794 ssh_bignum * bn_cookie = ssh_kex_make_bignum(NULL((void*)0), (unsigned)(cookie_len/2));
2795 ssh_bignum * bn_priv = ssh_kex_make_bignum(NULL((void*)0), (unsigned)(key_len/2));
2796 uint8_t c;
2797 for (size_t i = 0; i < key_len/2; i ++) {
2798 char v0 = key[i * 2];
2799 int8_t h0 = ws_xton(v0);
2800 char v1 = key[i * 2 + 1];
2801 int8_t h1 = ws_xton(v1);
2802
2803 if (h0==-1 || h1==-1) {
2804 ws_debug("ssh: can't process key, invalid hex number: %c%c", v0, v1)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2804, __func__, "ssh: can't process key, invalid hex number: %c%c"
, v0, v1); } } while (0);
2805 g_strfreev(split);
2806 return;
2807 }
2808
2809 c = (h0 << 4) | h1;
2810
2811 bn_priv->data[i] = c;
2812 }
2813 for (size_t i = 0; i < cookie_len/2; i ++) {
2814 char v0 = cookie[i * 2];
2815 int8_t h0 = ws_xton(v0);
2816 char v1 = cookie[i * 2 + 1];
2817 int8_t h1 = ws_xton(v1);
2818
2819 if (h0==-1 || h1==-1) {
2820 ws_debug("ssh: can't process cookie, invalid hex number: %c%c", v0, v1)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2820, __func__, "ssh: can't process cookie, invalid hex number: %c%c"
, v0, v1); } } while (0);
2821 g_strfreev(split);
2822 return;
2823 }
2824
2825 c = (h0 << 4) | h1;
2826
2827 bn_cookie->data[i] = c;
2828 }
2829 ssh_bignum * bn_priv_ht = g_new(ssh_bignum, 1)((ssh_bignum *) g_malloc_n ((1), sizeof (ssh_bignum)));
2830 bn_priv_ht->length = bn_priv->length;
2831 bn_priv_ht->data = (uint8_t *) g_memdup2(bn_priv->data, bn_priv->length);
2832 ssh_bignum * bn_cookie_ht = g_new(ssh_bignum, 1)((ssh_bignum *) g_malloc_n ((1), sizeof (ssh_bignum)));
2833 bn_cookie_ht->length = bn_cookie->length;
2834 bn_cookie_ht->data = (uint8_t *) g_memdup2(bn_cookie->data, bn_cookie->length);
2835
2836 char * type_ht = (char *) g_memdup2(type, strlen(type) + 1);
2837 ssh_key_map_entry_t * entry_ht = g_new(ssh_key_map_entry_t, 1)((ssh_key_map_entry_t *) g_malloc_n ((1), sizeof (ssh_key_map_entry_t
)));
2838 entry_ht->type = type_ht;
2839 entry_ht->key_material = bn_priv_ht;
2840 g_hash_table_insert(ssh_master_key_map, bn_cookie_ht, entry_ht);
2841 g_strfreev(split);
2842}
2843
2844static void
2845ssh_keylog_reset(void)
2846{
2847 if (ssh_keylog_file) {
2848 fclose(ssh_keylog_file);
2849 ssh_keylog_file = NULL((void*)0);
2850 }
2851}
2852
2853static unsigned
2854ssh_kex_type(char *type)
2855{
2856 if (type) {
2857 if (g_str_has_prefix(type, "curve25519")(__builtin_constant_p ("curve25519")? __extension__ ({ const char
* const __str = (type); const char * const __prefix = ("curve25519"
); gboolean __result = (0); if (__str == ((void*)0) || __prefix
== ((void*)0)) __result = (g_str_has_prefix) (__str, __prefix
); else { const size_t __str_len = strlen (((__str) + !(__str
))); const size_t __prefix_len = strlen (((__prefix) + !(__prefix
))); if (__str_len >= __prefix_len) __result = memcmp (((__str
) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len) == 0
; } __result; }) : (g_str_has_prefix) (type, "curve25519") )) {
2858 return SSH_KEX_CURVE255190x00010000;
2859 }else if (g_str_has_prefix(type, "sntrup761x25519")(__builtin_constant_p ("sntrup761x25519")? __extension__ ({ const
char * const __str = (type); const char * const __prefix = (
"sntrup761x25519"); gboolean __result = (0); if (__str == ((void
*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix)
(__str, __prefix); else { const size_t __str_len = strlen ((
(__str) + !(__str))); const size_t __prefix_len = strlen (((__prefix
) + !(__prefix))); if (__str_len >= __prefix_len) __result
= memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len
) == 0; } __result; }) : (g_str_has_prefix) (type, "sntrup761x25519"
) )) {
2860 return SSH_KEX_SNTRUP761X255190x00040000;
2861 }else if (g_str_has_prefix(type, "mlkem768x25519")(__builtin_constant_p ("mlkem768x25519")? __extension__ ({ const
char * const __str = (type); const char * const __prefix = (
"mlkem768x25519"); gboolean __result = (0); if (__str == ((void
*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix)
(__str, __prefix); else { const size_t __str_len = strlen ((
(__str) + !(__str))); const size_t __prefix_len = strlen (((__prefix
) + !(__prefix))); if (__str_len >= __prefix_len) __result
= memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len
) == 0; } __result; }) : (g_str_has_prefix) (type, "mlkem768x25519"
) )) {
2862 return SSH_KEX_MLKEM768X255190x00050000;
2863 }else if (g_str_has_prefix(type, "diffie-hellman-group-exchange")(__builtin_constant_p ("diffie-hellman-group-exchange")? __extension__
({ const char * const __str = (type); const char * const __prefix
= ("diffie-hellman-group-exchange"); gboolean __result = (0)
; if (__str == ((void*)0) || __prefix == ((void*)0)) __result
= (g_str_has_prefix) (__str, __prefix); else { const size_t __str_len
= strlen (((__str) + !(__str))); const size_t __prefix_len =
strlen (((__prefix) + !(__prefix))); if (__str_len >= __prefix_len
) __result = memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix
)), __prefix_len) == 0; } __result; }) : (g_str_has_prefix) (
type, "diffie-hellman-group-exchange") )) {
2864 return SSH_KEX_DH_GEX0x00020000;
2865 }else if (g_str_has_prefix(type, "diffie-hellman-group14")(__builtin_constant_p ("diffie-hellman-group14")? __extension__
({ const char * const __str = (type); const char * const __prefix
= ("diffie-hellman-group14"); gboolean __result = (0); if (__str
== ((void*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix
) (__str, __prefix); else { const size_t __str_len = strlen (
((__str) + !(__str))); const size_t __prefix_len = strlen (((
__prefix) + !(__prefix))); if (__str_len >= __prefix_len) __result
= memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len
) == 0; } __result; }) : (g_str_has_prefix) (type, "diffie-hellman-group14"
) )) {
2866 return SSH_KEX_DH_GROUP140x00030014;
2867 }else if (g_str_has_prefix(type, "diffie-hellman-group16")(__builtin_constant_p ("diffie-hellman-group16")? __extension__
({ const char * const __str = (type); const char * const __prefix
= ("diffie-hellman-group16"); gboolean __result = (0); if (__str
== ((void*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix
) (__str, __prefix); else { const size_t __str_len = strlen (
((__str) + !(__str))); const size_t __prefix_len = strlen (((
__prefix) + !(__prefix))); if (__str_len >= __prefix_len) __result
= memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len
) == 0; } __result; }) : (g_str_has_prefix) (type, "diffie-hellman-group16"
) )) {
2868 return SSH_KEX_DH_GROUP160x00030016;
2869 }else if (g_str_has_prefix(type, "diffie-hellman-group18")(__builtin_constant_p ("diffie-hellman-group18")? __extension__
({ const char * const __str = (type); const char * const __prefix
= ("diffie-hellman-group18"); gboolean __result = (0); if (__str
== ((void*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix
) (__str, __prefix); else { const size_t __str_len = strlen (
((__str) + !(__str))); const size_t __prefix_len = strlen (((
__prefix) + !(__prefix))); if (__str_len >= __prefix_len) __result
= memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len
) == 0; } __result; }) : (g_str_has_prefix) (type, "diffie-hellman-group18"
) )) {
2870 return SSH_KEX_DH_GROUP180x00030018;
2871 }else if (g_str_has_prefix(type, "diffie-hellman-group1")(__builtin_constant_p ("diffie-hellman-group1")? __extension__
({ const char * const __str = (type); const char * const __prefix
= ("diffie-hellman-group1"); gboolean __result = (0); if (__str
== ((void*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix
) (__str, __prefix); else { const size_t __str_len = strlen (
((__str) + !(__str))); const size_t __prefix_len = strlen (((
__prefix) + !(__prefix))); if (__str_len >= __prefix_len) __result
= memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len
) == 0; } __result; }) : (g_str_has_prefix) (type, "diffie-hellman-group1"
) )) {
2872 return SSH_KEX_DH_GROUP10x00030001;
2873 }
2874 }
2875
2876 return 0;
2877}
2878
2879static unsigned
2880ssh_kex_hash_type(char *type_string)
2881{
2882 if (type_string && g_str_has_suffix(type_string, "sha1")(__builtin_constant_p ("sha1")? __extension__ ({ const char *
const __str = (type_string); const char * const __suffix = (
"sha1"); gboolean __result = (0); if (__str == ((void*)0) || __suffix
== ((void*)0)) __result = (g_str_has_suffix) (__str, __suffix
); else { const size_t __str_len = strlen (((__str) + !(__str
))); const size_t __suffix_len = strlen (((__suffix) + !(__suffix
))); if (__str_len >= __suffix_len) __result = memcmp (__str
+ __str_len - __suffix_len, ((__suffix) + !(__suffix)), __suffix_len
) == 0; } __result; }) : (g_str_has_suffix) (type_string, "sha1"
) )) {
2883 return SSH_KEX_HASH_SHA11;
2884 }else if (type_string && g_str_has_suffix(type_string, "sha256")(__builtin_constant_p ("sha256")? __extension__ ({ const char
* const __str = (type_string); const char * const __suffix =
("sha256"); gboolean __result = (0); if (__str == ((void*)0)
|| __suffix == ((void*)0)) __result = (g_str_has_suffix) (__str
, __suffix); else { const size_t __str_len = strlen (((__str)
+ !(__str))); const size_t __suffix_len = strlen (((__suffix
) + !(__suffix))); if (__str_len >= __suffix_len) __result
= memcmp (__str + __str_len - __suffix_len, ((__suffix) + !(
__suffix)), __suffix_len) == 0; } __result; }) : (g_str_has_suffix
) (type_string, "sha256") )) {
2885 return SSH_KEX_HASH_SHA2562;
2886 }else if (type_string && g_str_has_suffix(type_string, "[email protected]")(__builtin_constant_p ("[email protected]")? __extension__ ({
const char * const __str = (type_string); const char * const
__suffix = ("[email protected]"); gboolean __result = (0); if
(__str == ((void*)0) || __suffix == ((void*)0)) __result = (
g_str_has_suffix) (__str, __suffix); else { const size_t __str_len
= strlen (((__str) + !(__str))); const size_t __suffix_len =
strlen (((__suffix) + !(__suffix))); if (__str_len >= __suffix_len
) __result = memcmp (__str + __str_len - __suffix_len, ((__suffix
) + !(__suffix)), __suffix_len) == 0; } __result; }) : (g_str_has_suffix
) (type_string, "[email protected]") )) {
2887 return SSH_KEX_HASH_SHA2562;
2888 }else if (type_string && g_str_has_suffix(type_string, "sha512")(__builtin_constant_p ("sha512")? __extension__ ({ const char
* const __str = (type_string); const char * const __suffix =
("sha512"); gboolean __result = (0); if (__str == ((void*)0)
|| __suffix == ((void*)0)) __result = (g_str_has_suffix) (__str
, __suffix); else { const size_t __str_len = strlen (((__str)
+ !(__str))); const size_t __suffix_len = strlen (((__suffix
) + !(__suffix))); if (__str_len >= __suffix_len) __result
= memcmp (__str + __str_len - __suffix_len, ((__suffix) + !(
__suffix)), __suffix_len) == 0; } __result; }) : (g_str_has_suffix
) (type_string, "sha512") )) {
2889 return SSH_KEX_HASH_SHA5124;
2890 } else {
2891 ws_debug("hash type %s not supported", type_string)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2891, __func__, "hash type %s not supported", type_string);
} } while (0);
2892 return 0;
2893 }
2894}
2895
2896static ssh_bignum *
2897ssh_kex_make_bignum(const uint8_t *data, unsigned length)
2898{
2899 // 512 bytes (4096 bits) is the maximum bignum size we're supporting
2900 // Actually we need 513 bytes, to make provision for signed values
2901 // Diffie-Hellman group 18 has 8192 bits
2902 if (length == 0 || length > 1025) {
2903 return NULL((void*)0);
2904 }
2905
2906 ssh_bignum *bn = wmem_new0(wmem_file_scope(), ssh_bignum)((ssh_bignum*)wmem_alloc0((wmem_file_scope()), sizeof(ssh_bignum
)));
2907 bn->data = (uint8_t *)wmem_alloc0(wmem_file_scope(), length);
2908
2909 if (data) {
2910 memcpy(bn->data, data, length);
2911 }
2912
2913 bn->length = length;
2914 return bn;
2915}
2916
2917static bool_Bool
2918ssh_read_e(tvbuff_t *tvb, int offset, struct ssh_flow_data *global_data)
2919{
2920 // store the client's public part (e) for later usage
2921 uint32_t length = tvb_get_ntohl(tvb, offset);
2922 global_data->kex_e = ssh_kex_make_bignum(NULL((void*)0), length);
2923 if (!global_data->kex_e) {
2924 return false0;
2925 }
2926 tvb_memcpy(tvb, global_data->kex_e->data, offset + 4, length);
2927 return true1;
2928}
2929
2930static bool_Bool
2931ssh_read_f(tvbuff_t *tvb, int offset, struct ssh_flow_data *global_data)
2932{
2933 // store the server's public part (f) for later usage
2934 uint32_t length = tvb_get_ntohl(tvb, offset);
2935 global_data->kex_f = ssh_kex_make_bignum(NULL((void*)0), length);
2936 if (!global_data->kex_f) {
2937 return false0;
2938 }
2939 tvb_memcpy(tvb, global_data->kex_f->data, offset + 4, length);
2940 return true1;
2941}
2942
2943static int // add support of client PQ hybrid key (e)
2944ssh_read_e_pq(tvbuff_t *tvb, int offset, struct ssh_flow_data *global_data)
2945{
2946 // Read length of PQ client key
2947 uint32_t length = tvb_get_ntohl(tvb, offset);
2948
2949 // Sanity check
2950 if (length == 0 || length > 65535) {
2951 ws_debug("ssh_read_e_pq: Invalid PQ key length: %u", length)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2951, __func__, "ssh_read_e_pq: Invalid PQ key length: %u",
length); } } while (0);
2952 return false0;
2953 }
2954
2955 // Free any existing data (if dissecting multiple sessions)
2956 wmem_free(wmem_file_scope(), global_data->kex_e_pq);
2957
2958 // Allocate and store the PQ client key
2959 global_data->kex_e_pq = (unsigned char *)wmem_alloc(wmem_file_scope(), length);
2960 global_data->kex_e_pq_len = length;
2961
2962 tvb_memcpy(tvb, global_data->kex_e_pq, offset + 4, length);
2963
2964 ws_debug("Stored %u bytes of client PQ key - stored new_offset_client: %d - offset: %d", length, offset + 4 + length, offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2964, __func__, "Stored %u bytes of client PQ key - stored new_offset_client: %d - offset: %d"
, length, offset + 4 + length, offset); } } while (0);
2965 return offset + 4 + length; // consuming packet (advancing offset)
2966}
2967
2968static int // add support of server PQ hybrid key (f)
2969ssh_read_f_pq(tvbuff_t *tvb, int offset, struct ssh_flow_data *global_data)
2970{
2971 // Read length of PQ server key
2972 uint32_t length = tvb_get_ntohl(tvb, offset);
2973
2974 // Sanity check
2975 if (length == 0 || length > 65535) {
2976 ws_debug("ssh_read_f_pq: Invalid PQ key length: %u", length)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2976, __func__, "ssh_read_f_pq: Invalid PQ key length: %u",
length); } } while (0);
2977 return false0;
2978 }
2979
2980 // Free any existing data
2981 wmem_free(wmem_file_scope(), global_data->kex_f_pq);
2982
2983 // Allocate and store the PQ server key
2984 global_data->kex_f_pq = (unsigned char *)wmem_alloc(wmem_file_scope(), length);
2985 global_data->kex_f_pq_len = length;
2986
2987 tvb_memcpy(tvb, global_data->kex_f_pq, offset + 4, length);
2988
2989 ws_debug("Stored %u bytes of server PQ key - stored new_offset_server: %d - offset: %d", length, offset + 4 + length, offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 2989, __func__, "Stored %u bytes of server PQ key - stored new_offset_server: %d - offset: %d"
, length, offset + 4 + length, offset); } } while (0);
2990 return offset + 4 + length; // consuming packet (advancing offset)
2991}
2992
2993
2994static ssh_bignum *
2995ssh_read_mpint(tvbuff_t *tvb, int offset)
2996{
2997 // store the DH group modulo (p) for later usage
2998 int length = tvb_get_ntohl(tvb, offset);
2999 ssh_bignum * bn = ssh_kex_make_bignum(NULL((void*)0), length);
3000 if (!bn) {
3001 ws_debug("invalid bignum length %u", length)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3001, __func__, "invalid bignum length %u", length); } } while
(0);
3002 return NULL((void*)0);
3003 }
3004 tvb_memcpy(tvb, bn->data, offset + 4, length);
3005 return bn;
3006}
3007
3008static void
3009ssh_keylog_hash_write_secret(struct ssh_flow_data *global_data, wmem_allocator_t* tmp_allocator)
3010{
3011 /*
3012 * This computation is defined differently for each key exchange method:
3013 * https://tools.ietf.org/html/rfc4253#page-23
3014 * https://tools.ietf.org/html/rfc5656#page-8
3015 * https://tools.ietf.org/html/rfc4419#page-4
3016 * All key exchange methods:
3017 * https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16
3018 */
3019
3020 gcry_md_hd_t hd;
3021 ssh_key_map_entry_t *entry;
3022 ssh_bignum *secret = NULL((void*)0);
3023 int length;
3024 bool_Bool client_cookie = false0;
3025
3026 ssh_keylog_read_file();
10
Calling 'ssh_keylog_read_file'
3027
3028 unsigned kex_type = ssh_kex_type(global_data->kex);
3029 unsigned kex_hash_type = ssh_kex_hash_type(global_data->kex);
3030
3031 entry = (ssh_key_map_entry_t *)g_hash_table_lookup(ssh_master_key_map, global_data->peer_data[SERVER_PEER_DATA1].bn_cookie);
3032 if (!entry) {
3033 entry = (ssh_key_map_entry_t *)g_hash_table_lookup(ssh_master_key_map, global_data->peer_data[CLIENT_PEER_DATA0].bn_cookie);
3034 client_cookie = true1;
3035 }
3036 if (!entry) {
3037 ws_debug("ssh decryption: no entry in keylog file for this session")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3037, __func__, "ssh decryption: no entry in keylog file for this session"
); } } while (0);
3038 global_data->do_decrypt = false0;
3039 return;
3040 }
3041
3042 if (!strcmp(entry->type, "PRIVATE_KEY")) {
3043 if (client_cookie) {
3044 secret = ssh_kex_shared_secret(kex_type, global_data->kex_f, entry->key_material, global_data->kex_gex_p);
3045 } else {
3046 secret = ssh_kex_shared_secret(kex_type, global_data->kex_e, entry->key_material, global_data->kex_gex_p);
3047 }
3048 } else if (!strcmp(entry->type, "SHARED_SECRET")) {
3049 secret = ssh_kex_make_bignum(entry->key_material->data, entry->key_material->length);
3050 } else {
3051 ws_debug("ssh decryption: unknown key type in keylog file")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3051, __func__, "ssh decryption: unknown key type in keylog file"
); } } while (0);
3052 global_data->do_decrypt = false0;
3053 return;
3054 }
3055
3056 if (!secret) {
3057 ws_debug("ssh decryption: no key material for this session")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3057, __func__, "ssh decryption: no key material for this session"
); } } while (0);
3058 global_data->do_decrypt = false0;
3059 return;
3060 }
3061
3062 // shared secret data needs to be written as an mpint, and we need it later
3063 if (kex_type == SSH_KEX_SNTRUP761X255190x00040000 || kex_type == SSH_KEX_MLKEM768X255190x00050000) {
3064 // Reset array while REKEY: sanitize shared_secret:
3065 global_data->kex_shared_secret = wmem_array_new(wmem_file_scope(), 1);
3066 // For PQ KEMs: use shared_secret as-is, whether SHARED_SECRET or PRIVATE_KEY
3067 // Do NOT prepend 0x00 (OpenSSH already encodes correctly for PQ KEM)
3068 ssh_hash_buffer_put_string(global_data->kex_shared_secret, secret->data, secret->length);
3069 } else {
3070 // For all other KEX types (e.g., curve25519, ecdh-sha2, etc.)
3071 // Pad with 0x00 if MSB is set, to comply with mpint format (RFC 4251)
3072 if (secret->data[0] & 0x80) { // Stored in Big endian
3073 length = secret->length + 1;
3074 uint8_t *tmp = (uint8_t *)wmem_alloc0(tmp_allocator, length);
3075 memcpy(tmp + 1, secret->data, secret->length);
3076 tmp[0] = 0;
3077 secret->data = tmp;
3078 secret->length = length;
3079 }
3080 // Reset array while REKEY: sanitize shared_secret:
3081 global_data->kex_shared_secret = wmem_array_new(wmem_file_scope(), 1);
3082 ssh_hash_buffer_put_string(global_data->kex_shared_secret, secret->data, secret->length);
3083 }
3084
3085 wmem_array_t * kex_gex_p = wmem_array_new(tmp_allocator, 1);
3086 if(global_data->kex_gex_p){ssh_hash_buffer_put_string(kex_gex_p, global_data->kex_gex_p->data, global_data->kex_gex_p->length);}
3087 wmem_array_t * kex_gex_g = wmem_array_new(tmp_allocator, 1);
3088 if(global_data->kex_gex_g){ssh_hash_buffer_put_string(kex_gex_g, global_data->kex_gex_g->data, global_data->kex_gex_g->length);}
3089 wmem_array_t * kex_e = wmem_array_new(tmp_allocator, 1);
3090 if(global_data->kex_e){ssh_hash_buffer_put_string(kex_e, global_data->kex_e->data, global_data->kex_e->length);}
3091 wmem_array_t * kex_f = wmem_array_new(tmp_allocator, 1);
3092 if(global_data->kex_f){ssh_hash_buffer_put_string(kex_f, global_data->kex_f->data, global_data->kex_f->length);}
3093 wmem_array_t * kex_e_pq = wmem_array_new(tmp_allocator, 1);
3094 if(global_data->kex_e_pq){ssh_hash_buffer_put_string(kex_e_pq, global_data->kex_e_pq, global_data->kex_e_pq_len);}
3095 wmem_array_t * kex_f_pq = wmem_array_new(tmp_allocator, 1);
3096 if(global_data->kex_f_pq){ssh_hash_buffer_put_string(kex_f_pq, global_data->kex_f_pq, global_data->kex_f_pq_len);}
3097
3098 wmem_array_t * kex_hash_buffer = wmem_array_new(tmp_allocator, 1);
3099 ssh_print_data("client_version", (const unsigned char *)wmem_array_get_raw(global_data->kex_client_version), wmem_array_get_count(global_data->kex_client_version));
3100 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_client_version), wmem_array_get_count(global_data->kex_client_version));
3101 ssh_print_data("server_version", (const unsigned char *)wmem_array_get_raw(global_data->kex_server_version), wmem_array_get_count(global_data->kex_server_version));
3102 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_server_version), wmem_array_get_count(global_data->kex_server_version));
3103 ssh_print_data("client_key_exchange_init", (const unsigned char *)wmem_array_get_raw(global_data->kex_client_key_exchange_init), wmem_array_get_count(global_data->kex_client_key_exchange_init));
3104 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_client_key_exchange_init), wmem_array_get_count(global_data->kex_client_key_exchange_init));
3105 ssh_print_data("server_key_exchange_init", (const unsigned char *)wmem_array_get_raw(global_data->kex_server_key_exchange_init), wmem_array_get_count(global_data->kex_server_key_exchange_init));
3106 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_server_key_exchange_init), wmem_array_get_count(global_data->kex_server_key_exchange_init));
3107 ssh_print_data("kex_server_host_key_blob", (const unsigned char *)wmem_array_get_raw(global_data->kex_server_host_key_blob), wmem_array_get_count(global_data->kex_server_host_key_blob));
3108 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_server_host_key_blob), wmem_array_get_count(global_data->kex_server_host_key_blob));
3109 if(kex_type==SSH_KEX_DH_GEX0x00020000){
3110 ssh_print_data("kex_gex_bits_min", (const unsigned char *)wmem_array_get_raw(global_data->kex_gex_bits_min), wmem_array_get_count(global_data->kex_gex_bits_min));
3111 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_gex_bits_min), wmem_array_get_count(global_data->kex_gex_bits_min));
3112 ssh_print_data("kex_gex_bits_req", (const unsigned char *)wmem_array_get_raw(global_data->kex_gex_bits_req), wmem_array_get_count(global_data->kex_gex_bits_req));
3113 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_gex_bits_req), wmem_array_get_count(global_data->kex_gex_bits_req));
3114 ssh_print_data("kex_gex_bits_max", (const unsigned char *)wmem_array_get_raw(global_data->kex_gex_bits_max), wmem_array_get_count(global_data->kex_gex_bits_max));
3115 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_gex_bits_max), wmem_array_get_count(global_data->kex_gex_bits_max));
3116 ssh_print_data("key modulo (p)", (const unsigned char *)wmem_array_get_raw(kex_gex_p), wmem_array_get_count(kex_gex_p));
3117 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_gex_p), wmem_array_get_count(kex_gex_p));
3118 ssh_print_data("key base (g)", (const unsigned char *)wmem_array_get_raw(kex_gex_g), wmem_array_get_count(kex_gex_g));
3119 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_gex_g), wmem_array_get_count(kex_gex_g));
3120 ssh_print_data("key client (e)", (const unsigned char *)wmem_array_get_raw(kex_e), wmem_array_get_count(kex_e));
3121 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_e), wmem_array_get_count(kex_e));
3122 ssh_print_data("key server (f)", (const unsigned char *)wmem_array_get_raw(kex_f), wmem_array_get_count(kex_f));
3123 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_f), wmem_array_get_count(kex_f));
3124 }
3125 if(kex_type==SSH_KEX_DH_GROUP10x00030001 || kex_type==SSH_KEX_DH_GROUP140x00030014 || kex_type==SSH_KEX_DH_GROUP160x00030016 || kex_type==SSH_KEX_DH_GROUP180x00030018){
3126 ssh_print_data("key client (e)", (const unsigned char *)wmem_array_get_raw(kex_e), wmem_array_get_count(kex_e));
3127 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_e), wmem_array_get_count(kex_e));
3128 ssh_print_data("key server (f)", (const unsigned char *)wmem_array_get_raw(kex_f), wmem_array_get_count(kex_f));
3129 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_f), wmem_array_get_count(kex_f));
3130 }
3131 if(kex_type==SSH_KEX_CURVE255190x00010000){
3132 ssh_print_data("key client (Q_C)", (const unsigned char *)wmem_array_get_raw(kex_e), wmem_array_get_count(kex_e));
3133 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_e), wmem_array_get_count(kex_e));
3134 ssh_print_data("key server (Q_S)", (const unsigned char *)wmem_array_get_raw(kex_f), wmem_array_get_count(kex_f));
3135 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_f), wmem_array_get_count(kex_f));
3136 }
3137 if (kex_type==SSH_KEX_SNTRUP761X255190x00040000){ // Add support of sntrup761x25519
3138 ssh_print_data("key client (Q_C)", (const unsigned char *)wmem_array_get_raw(kex_e_pq), wmem_array_get_count(kex_e_pq));
3139 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_e_pq), wmem_array_get_count(kex_e_pq));
3140 ssh_print_data("key server (Q_S)", (const unsigned char *)wmem_array_get_raw(kex_f_pq), wmem_array_get_count(kex_f_pq));
3141 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_f_pq), wmem_array_get_count(kex_f_pq));
3142 ws_noisy("Switch to SSH_KEX_SNTRUP761X25519")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 3142, __func__, "Switch to SSH_KEX_SNTRUP761X25519"); } } while
(0);
3143 }
3144 if (kex_type==SSH_KEX_MLKEM768X255190x00050000){ // Add support of mlkem768x25519
3145 ssh_print_data("key client (Q_C)", (const unsigned char *)wmem_array_get_raw(kex_e_pq), wmem_array_get_count(kex_e_pq));
3146 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_e_pq), wmem_array_get_count(kex_e_pq));
3147 ssh_print_data("key server (Q_S)", (const unsigned char *)wmem_array_get_raw(kex_f_pq), wmem_array_get_count(kex_f_pq));
3148 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(kex_f_pq), wmem_array_get_count(kex_f_pq));
3149 ws_noisy("Switch to SSH_KEX_MLKEM768X25519")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 3149, __func__, "Switch to SSH_KEX_MLKEM768X25519"); } } while
(0);
3150 }
3151 ssh_print_data("shared secret", (const unsigned char *)wmem_array_get_raw(global_data->kex_shared_secret), wmem_array_get_count(global_data->kex_shared_secret));
3152 wmem_array_append(kex_hash_buffer, wmem_array_get_raw(global_data->kex_shared_secret), wmem_array_get_count(global_data->kex_shared_secret));
3153
3154 ssh_print_data("exchange", (const unsigned char *)wmem_array_get_raw(kex_hash_buffer), wmem_array_get_count(kex_hash_buffer));
3155
3156 unsigned hash_len = 32;
3157 if(kex_hash_type==SSH_KEX_HASH_SHA11) {
3158 gcry_md_open(&hd, GCRY_MD_SHA1, 0);
3159 hash_len = 20;
3160 } else if(kex_hash_type==SSH_KEX_HASH_SHA2562) {
3161 gcry_md_open(&hd, GCRY_MD_SHA256, 0);
3162 hash_len = 32;
3163 } else if(kex_hash_type==SSH_KEX_HASH_SHA5124) {
3164 gcry_md_open(&hd, GCRY_MD_SHA512, 0);
3165 hash_len = 64;
3166 } else {
3167 ws_debug("kex_hash_type type %d not supported", kex_hash_type)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3167, __func__, "kex_hash_type type %d not supported", kex_hash_type
); } } while (0);
3168 return;
3169 }
3170 uint8_t *exchange_hash = (uint8_t *)wmem_alloc0(wmem_file_scope(), hash_len);
3171 gcry_md_write(hd, wmem_array_get_raw(kex_hash_buffer), wmem_array_get_count(kex_hash_buffer));
3172 memcpy(exchange_hash, gcry_md_read(hd, 0), hash_len);
3173 gcry_md_close(hd);
3174 ssh_print_data("hash", exchange_hash, hash_len);
3175 global_data->secret = secret;
3176 ssh_derive_symmetric_keys(secret, exchange_hash, hash_len, global_data);
3177}
3178
3179// the purpose of this function is to deal with all different kex methods
3180static ssh_bignum *
3181ssh_kex_shared_secret(int kex_type, ssh_bignum *pub, ssh_bignum *priv, ssh_bignum *modulo)
3182{
3183 DISSECTOR_ASSERT(pub != NULL)((void) ((pub != ((void*)0)) ? (void)0 : (proto_report_dissector_bug
("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-ssh.c"
, 3183, "pub != ((void*)0)"))));
3184 DISSECTOR_ASSERT(priv != NULL)((void) ((priv != ((void*)0)) ? (void)0 : (proto_report_dissector_bug
("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-ssh.c"
, 3184, "priv != ((void*)0)"))));
3185
3186 ssh_bignum *secret = ssh_kex_make_bignum(NULL((void*)0), pub->length);
3187 if (!secret) {
3188 ws_debug("invalid key length %u", pub->length)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3188, __func__, "invalid key length %u", pub->length); }
} while (0);
3189 return NULL((void*)0);
3190 }
3191
3192 if(kex_type==SSH_KEX_DH_GEX0x00020000){
3193 if (modulo == NULL((void*)0)) {
3194 ws_debug("Missing group modulo")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3194, __func__, "Missing group modulo"); } } while (0);
3195 return NULL((void*)0);
3196 }
3197 gcry_mpi_t b = NULL((void*)0);
3198 gcry_mpi_scan(&b, GCRYMPI_FMT_USG, pub->data, pub->length, NULL((void*)0));
3199 gcry_mpi_t d = NULL((void*)0), e = NULL((void*)0), m = NULL((void*)0);
3200 size_t result_len = 0;
3201 d = gcry_mpi_new(pub->length*8);
3202 gcry_mpi_scan(&e, GCRYMPI_FMT_USG, priv->data, priv->length, NULL((void*)0));
3203 gcry_mpi_scan(&m, GCRYMPI_FMT_USG, modulo->data, modulo->length, NULL((void*)0));
3204 gcry_mpi_powm(d, b, e, m); // gcry_mpi_powm(d, b, e, m) => d = b^e % m
3205 gcry_mpi_print(GCRYMPI_FMT_USG, secret->data, secret->length, &result_len, d);
3206 secret->length = (unsigned)result_len; // Should not be larger than what fits in a 32-bit unsigned integer...
3207 gcry_mpi_release(d);
3208 gcry_mpi_release(b);
3209 gcry_mpi_release(e);
3210 gcry_mpi_release(m);
3211
3212 }else if(kex_type==SSH_KEX_DH_GROUP10x00030001 || kex_type==SSH_KEX_DH_GROUP140x00030014 || kex_type==SSH_KEX_DH_GROUP160x00030016 || kex_type==SSH_KEX_DH_GROUP180x00030018){
3213 gcry_mpi_t m = NULL((void*)0);
3214 if(kex_type==SSH_KEX_DH_GROUP10x00030001){
3215 static const uint8_t p[] = {
3216 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
3217 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
3218 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
3219 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
3220 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
3221 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
3222 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
3223 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,};
3224 gcry_mpi_scan(&m, GCRYMPI_FMT_USG, p, sizeof(p), NULL((void*)0));
3225 }else if(kex_type==SSH_KEX_DH_GROUP140x00030014){
3226//p:FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF
3227 static const uint8_t p[] = {
3228 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
3229 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
3230 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
3231 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
3232 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
3233 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
3234 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
3235 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
3236 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
3237 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
3238 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
3239 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
3240 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
3241 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
3242 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
3243 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
3244 gcry_mpi_scan(&m, GCRYMPI_FMT_USG, p, sizeof(p), NULL((void*)0));
3245 }else if(kex_type==SSH_KEX_DH_GROUP160x00030016){
3246//p:FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF
3247 static const uint8_t p[] = {
3248 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
3249 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
3250 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
3251 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
3252 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
3253 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
3254 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
3255 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
3256 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
3257 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
3258 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
3259 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
3260 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
3261 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
3262 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
3263 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
3264 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
3265 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
3266 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
3267 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
3268 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
3269 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
3270 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
3271 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
3272 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
3273 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
3274 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
3275 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
3276 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
3277 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
3278 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
3279 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,};
3280 gcry_mpi_scan(&m, GCRYMPI_FMT_USG, p, sizeof(p), NULL((void*)0));
3281 }else if(kex_type==SSH_KEX_DH_GROUP180x00030018){
3282//p:FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF
3283 static const uint8_t p[] = {
3284 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
3285 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
3286 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
3287 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
3288 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
3289 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
3290 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
3291 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
3292 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
3293 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
3294 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
3295 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
3296 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
3297 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
3298 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
3299 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
3300 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
3301 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
3302 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
3303 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
3304 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
3305 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
3306 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
3307 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
3308 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
3309 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
3310 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
3311 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
3312 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
3313 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
3314 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
3315 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26,
3316 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
3317 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE,
3318 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18,
3319 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
3320 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42,
3321 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC,
3322 0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
3323 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E,
3324 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE,
3325 0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
3326 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0,
3327 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76,
3328 0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
3329 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68,
3330 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6,
3331 0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4,
3332 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA,
3333 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00, 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED,
3334 0x25, 0x76, 0xF6, 0x93, 0x6B, 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68,
3335 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D,
3336 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9, 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07,
3337 0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B,
3338 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, 0x7F, 0xA2, 0xC0, 0x87, 0xE8,
3339 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A, 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6,
3340 0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36,
3341 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5, 0x08, 0x46, 0x85, 0x1D,
3342 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1, 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73,
3343 0xFA, 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68, 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92,
3344 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E, 0xD5, 0xEE, 0x38, 0x2B,
3345 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47, 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA,
3346 0x9E, 0x30, 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF, 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71,
3347 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,};
3348 gcry_mpi_scan(&m, GCRYMPI_FMT_USG, p, sizeof(p), NULL((void*)0));
3349 }
3350
3351 gcry_mpi_t b = NULL((void*)0);
3352 gcry_mpi_scan(&b, GCRYMPI_FMT_USG, pub->data, pub->length, NULL((void*)0));
3353 gcry_mpi_t d = NULL((void*)0), e = NULL((void*)0);
3354 size_t result_len = 0;
3355 d = gcry_mpi_new(pub->length*8);
3356 gcry_mpi_scan(&e, GCRYMPI_FMT_USG, priv->data, priv->length, NULL((void*)0));
3357 gcry_mpi_powm(d, b, e, m); // gcry_mpi_powm(d, b, e, m) => d = b^e % m
3358 gcry_mpi_print(GCRYMPI_FMT_USG, secret->data, secret->length, &result_len, d);
3359 secret->length = (unsigned)result_len; // Should not be larger than what fits in a 32-bit unsigned integer...
3360 gcry_mpi_release(d);
3361 gcry_mpi_release(b);
3362 gcry_mpi_release(e);
3363 gcry_mpi_release(m);
3364 }else if(kex_type==SSH_KEX_CURVE255190x00010000){
3365 if (crypto_scalarmult_curve25519(secret->data, priv->data, pub->data)) {
3366 ws_debug("curve25519: can't compute shared secret")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3366, __func__, "curve25519: can't compute shared secret");
} } while (0);
3367 return NULL((void*)0);
3368 }
3369 } else {
3370 ws_debug("kex_type type %d not supported", kex_type)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3370, __func__, "kex_type type %d not supported", kex_type)
; } } while (0);
3371 return 0;
3372 }
3373
3374 return secret;
3375}
3376
3377static char *
3378ssh_string(wmem_allocator_t* allocator, const uint8_t *string, unsigned length)
3379{
3380 char *ssh_string = (char *)wmem_alloc(allocator, length + 4);
3381 ssh_string[0] = (length >> 24) & 0xff;
3382 ssh_string[1] = (length >> 16) & 0xff;
3383 ssh_string[2] = (length >> 8) & 0xff;
3384 ssh_string[3] = length & 0xff;
3385 memcpy(ssh_string + 4, string, length);
3386 return ssh_string;
3387}
3388
3389static void
3390ssh_hash_buffer_put_string(wmem_array_t *buffer, const uint8_t *string,
3391 unsigned length)
3392{
3393 if (!buffer) {
3394 return;
3395 }
3396
3397 char *string_with_length = ssh_string(wmem_array_get_allocator(buffer), string, length);
3398 wmem_array_append(buffer, string_with_length, length + 4);
3399}
3400
3401static void
3402ssh_hash_buffer_put_uint32(wmem_array_t *buffer, unsigned val)
3403{
3404 if (!buffer) {
3405 return;
3406 }
3407
3408 char buf[4];
3409 buf[0] = (val >> 24); buf[1] = (val >> 16); buf[2] = (val >> 8); buf[3] = (val >> 0);
3410 wmem_array_append(buffer, buf, 4);
3411}
3412
3413static void ssh_derive_symmetric_keys(ssh_bignum *secret, uint8_t *exchange_hash,
3414 unsigned hash_length, struct ssh_flow_data *global_data)
3415{
3416 if (!global_data->session_id) {
3417 global_data->session_id = exchange_hash;
3418 global_data->session_id_length = hash_length;
3419 }
3420
3421 unsigned int we_need = 0;
3422 for(int peer_cnt=0;peer_cnt<2;peer_cnt++){
3423 struct ssh_peer_data * peer_data = &global_data->peer_data[peer_cnt];
3424 // required size of key depends on cipher used. chacha20 wants 64 bytes
3425 unsigned need = 0;
3426 if (GCRY_CIPHER_CHACHA20 == peer_data->cipher_id) {
3427 need = 64;
3428 } else if (CIPHER_AES128_CBC0x00020001 == peer_data->cipher_id || CIPHER_AES128_CTR0x00010001 == peer_data->cipher_id || CIPHER_AES128_GCM0x00040001 == peer_data->cipher_id) {
3429 need = 16;
3430 } else if (CIPHER_AES192_CBC0x00020002 == peer_data->cipher_id || CIPHER_AES192_CTR0x00010003 == peer_data->cipher_id) {
3431 need = 24;
3432 } else if (CIPHER_AES256_CBC0x00020004 == peer_data->cipher_id || CIPHER_AES256_CTR0x00010004 == peer_data->cipher_id || CIPHER_AES256_GCM0x00040004 == peer_data->cipher_id) {
3433 need = 32;
3434 } else {
3435 ssh_debug_printf("ssh: cipher (%d) is unknown or not set\n", peer_data->cipher_id);
3436 ssh_debug_flush();
3437 }
3438 if(peer_data->mac_id == CIPHER_MAC_SHA2_2560x00020001){
3439 need = 32;
3440 }else{
3441 ssh_debug_printf("ssh: MAC (%d) is unknown or not set\n", peer_data->mac_id);
3442 ssh_debug_flush();
3443 }
3444 if (we_need<need) {
3445 we_need = need;
3446 }
3447 }
3448
3449 for (int i = 0; i < 6; i ++) {
3450 ssh_derive_symmetric_key(secret, exchange_hash, hash_length,
3451 'A' + i, &global_data->new_keys[i], global_data, we_need);
3452 if(i==0){ ssh_print_data("Initial IV client to server", global_data->new_keys[i].data, global_data->new_keys[i].length);
3453 }else if(i==1){ ssh_print_data("Initial IV server to client", global_data->new_keys[i].data, global_data->new_keys[i].length);
3454 }else if(i==2){ ssh_print_data("Encryption key client to server", global_data->new_keys[i].data, global_data->new_keys[i].length);
3455 }else if(i==3){ ssh_print_data("Encryption key server to client", global_data->new_keys[i].data, global_data->new_keys[i].length);
3456 }else if(i==4){ ssh_print_data("Integrity key client to server", global_data->new_keys[i].data, global_data->new_keys[i].length);
3457 }else if(i==5){ ssh_print_data("Integrity key server to client", global_data->new_keys[i].data, global_data->new_keys[i].length);
3458 }
3459 }
3460}
3461
3462static void ssh_derive_symmetric_key(ssh_bignum *secret, const uint8_t *exchange_hash,
3463 unsigned hash_length, char id, ssh_bignum *result_key,
3464 struct ssh_flow_data *global_data, unsigned we_need)
3465{
3466 gcry_md_hd_t hd;
3467
3468 unsigned kex_hash_type = ssh_kex_hash_type(global_data->kex);
3469 int algo = GCRY_MD_SHA256;
3470 if(kex_hash_type==SSH_KEX_HASH_SHA11){
3471 algo = GCRY_MD_SHA1;
3472 }else if(kex_hash_type==SSH_KEX_HASH_SHA2562){
3473 algo = GCRY_MD_SHA256;
3474 }else if(kex_hash_type==SSH_KEX_HASH_SHA5124){
3475 algo = GCRY_MD_SHA512;
3476 }
3477 unsigned len = gcry_md_get_algo_dlen(algo);
3478
3479 result_key->data = (unsigned char *)wmem_alloc(wmem_file_scope(), we_need);
3480
3481 char *secret_with_length = ssh_string(NULL((void*)0), secret->data, secret->length);
3482
3483 if (gcry_md_open(&hd, algo, 0) == 0) {
3484 gcry_md_write(hd, secret_with_length, secret->length + 4);
3485 gcry_md_write(hd, exchange_hash, hash_length);
3486 gcry_md_putc(hd, id)do { gcry_md_hd_t h__ = (hd); if( (h__)->bufpos == (h__)->
bufsize ) gcry_md_write( (h__), ((void*)0), 0 ); (h__)->buf
[(h__)->bufpos++] = (id) & 0xff; } while(0);
3487 gcry_md_write(hd, global_data->session_id, hash_length);
3488 unsigned add_length = MIN(len, we_need)(((len) < (we_need)) ? (len) : (we_need));
3489 memcpy(result_key->data, gcry_md_read(hd, 0), add_length);
3490 gcry_md_close(hd);
3491 }
3492
3493 // expand key
3494 for (unsigned have = len; have < we_need; have += len) {
3495 if (gcry_md_open(&hd, algo, 0) == 0) {
3496 gcry_md_write(hd, secret_with_length, secret->length + 4);
3497 gcry_md_write(hd, exchange_hash, hash_length);
3498 gcry_md_write(hd, result_key->data+have-len, len);
3499 unsigned add_length = MIN(len, we_need - have)(((len) < (we_need - have)) ? (len) : (we_need - have));
3500 memcpy(result_key->data+have, gcry_md_read(hd, 0), add_length);
3501 gcry_md_close(hd);
3502 }
3503 }
3504 wmem_free(NULL((void*)0), secret_with_length);
3505
3506 result_key->length = we_need;
3507}
3508
3509static void
3510ssh_choose_enc_mac(struct ssh_flow_data *global_data)
3511{
3512 for(int peer_cnt=0;peer_cnt<2;peer_cnt++){
3513 struct ssh_peer_data * peer_data = &global_data->peer_data[peer_cnt];
3514 ssh_choose_algo(global_data->peer_data[CLIENT_PEER_DATA0].enc_proposals[peer_cnt],
3515 global_data->peer_data[SERVER_PEER_DATA1].enc_proposals[peer_cnt],
3516 &peer_data->enc);
3517 /* some ciphers have their own MAC so the "negotiated" one is meaningless */
3518 if(peer_data->enc && (0 == strcmp(peer_data->enc, "[email protected]") ||
3519 0 == strcmp(peer_data->enc, "[email protected]"))) {
3520 peer_data->mac = wmem_strdup(wmem_file_scope(), (const char *)"<implicit>");
3521 peer_data->mac_length = 16;
3522 peer_data->length_is_plaintext = 1;
3523 }
3524 else if(peer_data->enc && 0 == strcmp(peer_data->enc, "[email protected]")) {
3525 peer_data->mac = wmem_strdup(wmem_file_scope(), (const char *)"<implicit>");
3526 peer_data->mac_length = 16;
3527 }
3528 else {
3529 ssh_choose_algo(global_data->peer_data[CLIENT_PEER_DATA0].mac_proposals[peer_cnt],
3530 global_data->peer_data[SERVER_PEER_DATA1].mac_proposals[peer_cnt],
3531 &peer_data->mac);
3532 ssh_set_mac_length(peer_data);
3533 }
3534 ssh_choose_algo(global_data->peer_data[CLIENT_PEER_DATA0].comp_proposals[peer_cnt],
3535 global_data->peer_data[SERVER_PEER_DATA1].comp_proposals[peer_cnt],
3536 &peer_data->comp);
3537 }
3538
3539 ssh_decryption_set_cipher_id(&global_data->peer_data[CLIENT_PEER_DATA0]);
3540 ssh_decryption_set_mac_id(&global_data->peer_data[CLIENT_PEER_DATA0]);
3541 ssh_decryption_set_cipher_id(&global_data->peer_data[SERVER_PEER_DATA1]);
3542 ssh_decryption_set_mac_id(&global_data->peer_data[SERVER_PEER_DATA1]);
3543}
3544
3545static void
3546ssh_decryption_set_cipher_id(struct ssh_peer_data *peer)
3547{
3548 char *cipher_name = peer->enc;
3549
3550 if (!cipher_name) {
3551 peer->cipher = NULL((void*)0);
3552 ws_debug("ERROR: cipher_name is NULL")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3552, __func__, "ERROR: cipher_name is NULL"); } } while (0
);
3553 } else if (0 == strcmp(cipher_name, "[email protected]")) { // add [email protected]
3554 peer->cipher_id = GCRY_CIPHER_CHACHA20;
3555 } else if (0 == strcmp(cipher_name, "chacha20-poly1305")) { // add chacha20-poly1305
3556 peer->cipher_id = GCRY_CIPHER_CHACHA20;
3557 } else if (0 == strcmp(cipher_name, "[email protected]")) {
3558 peer->cipher_id = CIPHER_AES128_GCM0x00040001;
3559 } else if (0 == strcmp(cipher_name, "aes128-gcm")) {
3560 peer->cipher_id = CIPHER_AES128_GCM0x00040001;
3561 } else if (0 == strcmp(cipher_name, "[email protected]")) {
3562 peer->cipher_id = CIPHER_AES256_GCM0x00040004;
3563 } else if (0 == strcmp(cipher_name, "aes256-gcm")) {
3564 peer->cipher_id = CIPHER_AES256_GCM0x00040004;
3565 } else if (0 == strcmp(cipher_name, "aes128-cbc")) {
3566 peer->cipher_id = CIPHER_AES128_CBC0x00020001;
3567 } else if (0 == strcmp(cipher_name, "aes192-cbc")) {
3568 peer->cipher_id = CIPHER_AES192_CBC0x00020002;
3569 } else if (0 == strcmp(cipher_name, "aes256-cbc")) {
3570 peer->cipher_id = CIPHER_AES256_CBC0x00020004;
3571 } else if (0 == strcmp(cipher_name, "aes128-ctr")) {
3572 peer->cipher_id = CIPHER_AES128_CTR0x00010001;
3573 } else if (0 == strcmp(cipher_name, "aes192-ctr")) {
3574 peer->cipher_id = CIPHER_AES192_CTR0x00010003;
3575 } else if (0 == strcmp(cipher_name, "aes256-ctr")) {
3576 peer->cipher_id = CIPHER_AES256_CTR0x00010004;
3577 } else if (0 == strcmp(cipher_name, "none")) {
3578 peer->cipher_id = CIPHER_NULL0x00080000;
3579 peer->length_is_plaintext = 1;
3580 } else {
3581 peer->cipher = NULL((void*)0);
3582 ws_debug("decryption not supported: %s", cipher_name)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3582, __func__, "decryption not supported: %s", cipher_name
); } } while (0);
3583 }
3584}
3585
3586static void
3587ssh_decryption_set_mac_id(struct ssh_peer_data *peer)
3588{
3589 char *mac_name = peer->mac;
3590
3591 if (!mac_name) {
3592 peer->mac = NULL((void*)0);
3593 ws_debug("ERROR: mac_name is NULL")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3593, __func__, "ERROR: mac_name is NULL"); } } while (0);
3594 } else if (0 == strcmp(mac_name, "hmac-sha2-256")) {
3595 peer->mac_id = CIPHER_MAC_SHA2_2560x00020001;
3596 } else {
3597 ws_debug("decryption MAC not supported: %s", mac_name)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3597, __func__, "decryption MAC not supported: %s", mac_name
); } } while (0);
3598 }
3599}
3600
3601static bool_Bool
3602gcry_cipher_destroy_cb(wmem_allocator_t *allocator _U___attribute__((unused)), wmem_cb_event_t event _U___attribute__((unused)), void *user_data)
3603{
3604 gcry_cipher_hd_t hd = (gcry_cipher_hd_t)user_data;
3605
3606 gcry_cipher_close(hd);
3607
3608 return false0;
3609}
3610
3611static void
3612ssh_decryption_setup_cipher(struct ssh_peer_data *peer_data,
3613 ssh_bignum *iv, ssh_bignum *key)
3614{
3615 gcry_error_t err;
3616 gcry_cipher_hd_t *hd1, *hd2;
3617
3618 hd1 = &peer_data->cipher;
3619 hd2 = &peer_data->cipher_2;
3620
3621 if (GCRY_CIPHER_CHACHA20 == peer_data->cipher_id) {
3622 if (gcry_cipher_open(hd1, GCRY_CIPHER_CHACHA20, GCRY_CIPHER_MODE_STREAM, 0) ||
3623 gcry_cipher_open(hd2, GCRY_CIPHER_CHACHA20, GCRY_CIPHER_MODE_STREAM, 0)) {
3624 gcry_cipher_close(*hd1);
3625 gcry_cipher_close(*hd2);
3626 ws_debug("ssh: can't open chacha20 cipher handles")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3626, __func__, "ssh: can't open chacha20 cipher handles");
} } while (0);
3627 return;
3628 }
3629
3630 uint8_t k1[32];
3631 uint8_t k2[32];
3632 if(key->data){
3633 memcpy(k1, key->data, 32);
3634 memcpy(k2, key->data + 32, 32);
3635 }else{
3636 memset(k1, 0, 32);
3637 memset(k2, 0, 32);
3638 }
3639
3640 ssh_debug_printf("ssh: cipher is chacha20\n");
3641 ssh_print_data("key 1", k1, 32);
3642 ssh_print_data("key 2", k2, 32);
3643
3644 if ((err = gcry_cipher_setkey(*hd1, k1, 32))) {
3645 gcry_cipher_close(*hd1);
3646 ws_debug("ssh: can't set chacha20 cipher key %s", gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3646, __func__, "ssh: can't set chacha20 cipher key %s", gcry_strerror
(err)); } } while (0);
3647 return;
3648 }
3649
3650 if ((err = gcry_cipher_setkey(*hd2, k2, 32))) {
3651 gcry_cipher_close(*hd1);
3652 gcry_cipher_close(*hd2);
3653 ws_debug("ssh: can't set chacha20 cipher key %s", gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3653, __func__, "ssh: can't set chacha20 cipher key %s", gcry_strerror
(err)); } } while (0);
3654 return;
3655 }
3656
3657 wmem_register_callback(wmem_file_scope(), gcry_cipher_destroy_cb, *hd1);
3658 wmem_register_callback(wmem_file_scope(), gcry_cipher_destroy_cb, *hd2);
3659
3660 } else if (CIPHER_AES128_CBC0x00020001 == peer_data->cipher_id || CIPHER_AES192_CBC0x00020002 == peer_data->cipher_id || CIPHER_AES256_CBC0x00020004 == peer_data->cipher_id) {
3661 int iKeyLen = CIPHER_AES128_CBC0x00020001 == peer_data->cipher_id?16:CIPHER_AES192_CBC0x00020002 == peer_data->cipher_id?24:32;
3662 if (gcry_cipher_open(hd1, CIPHER_AES128_CBC0x00020001 == peer_data->cipher_id?GCRY_CIPHER_AES128GCRY_CIPHER_AES:CIPHER_AES192_CBC0x00020002 == peer_data->cipher_id?GCRY_CIPHER_AES192:GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 0)) {
3663 gcry_cipher_close(*hd1);
3664 ws_debug("ssh: can't open aes%d cipher handle", iKeyLen*8)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3664, __func__, "ssh: can't open aes%d cipher handle", iKeyLen
*8); } } while (0);
3665 return;
3666 }
3667 uint8_t k1[32], iv1[16];
3668 if(key->data){
3669 memcpy(k1, key->data, iKeyLen);
3670 }else{
3671 memset(k1, 0, iKeyLen);
3672 }
3673 if(iv->data){
3674 memcpy(iv1, iv->data, 16);
3675 }else{
3676 memset(iv1, 0, 16);
3677 }
3678
3679 ssh_debug_printf("ssh: cipher is aes%d-cbc\n", iKeyLen*8);
3680 ssh_print_data("key", k1, iKeyLen);
3681 ssh_print_data("iv", iv1, 16);
3682
3683 if ((err = gcry_cipher_setkey(*hd1, k1, iKeyLen))) {
3684 gcry_cipher_close(*hd1);
3685 ws_debug("ssh: can't set aes%d cipher key", iKeyLen*8)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3685, __func__, "ssh: can't set aes%d cipher key", iKeyLen*
8); } } while (0);
3686 ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3686, __func__, "libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource
(err), gcry_strerror(err)); } } while (0);
3687 return;
3688 }
3689
3690 if ((err = gcry_cipher_setiv(*hd1, iv1, 16))) {
3691 gcry_cipher_close(*hd1);
3692 ws_debug("ssh: can't set aes%d cipher iv", iKeyLen*8)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3692, __func__, "ssh: can't set aes%d cipher iv", iKeyLen*8
); } } while (0);
3693 ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3693, __func__, "libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource
(err), gcry_strerror(err)); } } while (0);
3694 return;
3695 }
3696
3697 wmem_register_callback(wmem_file_scope(), gcry_cipher_destroy_cb, *hd1);
3698
3699 } else if (CIPHER_AES128_CTR0x00010001 == peer_data->cipher_id || CIPHER_AES192_CTR0x00010003 == peer_data->cipher_id || CIPHER_AES256_CTR0x00010004 == peer_data->cipher_id) {
3700 int iKeyLen = CIPHER_AES128_CTR0x00010001 == peer_data->cipher_id?16:CIPHER_AES192_CTR0x00010003 == peer_data->cipher_id?24:32;
3701 if (gcry_cipher_open(hd1, CIPHER_AES128_CTR0x00010001 == peer_data->cipher_id?GCRY_CIPHER_AES128GCRY_CIPHER_AES:CIPHER_AES192_CTR0x00010003 == peer_data->cipher_id?GCRY_CIPHER_AES192:GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 0)) {
3702 gcry_cipher_close(*hd1);
3703 ws_debug("ssh: can't open aes%d cipher handle", iKeyLen*8)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3703, __func__, "ssh: can't open aes%d cipher handle", iKeyLen
*8); } } while (0);
3704 return;
3705 }
3706 uint8_t k1[32], iv1[16];
3707 if(key->data){
3708 memcpy(k1, key->data, iKeyLen);
3709 }else{
3710 memset(k1, 0, iKeyLen);
3711 }
3712 if(iv->data){
3713 memcpy(iv1, iv->data, 16);
3714 }else{
3715 memset(iv1, 0, 16);
3716 }
3717
3718 ssh_debug_printf("ssh: cipher is aes%d-ctr\n", iKeyLen*8);
3719 ssh_print_data("key", k1, iKeyLen);
3720 ssh_print_data("iv", iv1, 16);
3721
3722 if ((err = gcry_cipher_setkey(*hd1, k1, iKeyLen))) {
3723 gcry_cipher_close(*hd1);
3724 ws_debug("ssh: can't set aes%d cipher key", iKeyLen*8)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3724, __func__, "ssh: can't set aes%d cipher key", iKeyLen*
8); } } while (0);
3725 ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3725, __func__, "libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource
(err), gcry_strerror(err)); } } while (0);
3726 return;
3727 }
3728
3729 if ((err = gcry_cipher_setctr(*hd1, iv1, 16))) {
3730 gcry_cipher_close(*hd1);
3731 ws_debug("ssh: can't set aes%d cipher iv", iKeyLen*8)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3731, __func__, "ssh: can't set aes%d cipher iv", iKeyLen*8
); } } while (0);
3732 ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3732, __func__, "libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource
(err), gcry_strerror(err)); } } while (0);
3733 return;
3734 }
3735
3736 wmem_register_callback(wmem_file_scope(), gcry_cipher_destroy_cb, *hd1);
3737
3738 } else if (CIPHER_AES128_GCM0x00040001 == peer_data->cipher_id || CIPHER_AES256_GCM0x00040004 == peer_data->cipher_id) {
3739 int iKeyLen = CIPHER_AES128_GCM0x00040001 == peer_data->cipher_id?16:32;
3740 if (gcry_cipher_open(hd1, CIPHER_AES128_GCM0x00040001 == peer_data->cipher_id?GCRY_CIPHER_AES128GCRY_CIPHER_AES:GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, 0)) {
3741 gcry_cipher_close(*hd1);
3742 ws_debug("ssh: can't open aes%d cipher handle", iKeyLen*8)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3742, __func__, "ssh: can't open aes%d cipher handle", iKeyLen
*8); } } while (0);
3743 return;
3744 }
3745
3746 uint8_t k1[32], iv2[12];
3747 if(key->data){
3748 memcpy(k1, key->data, iKeyLen);
3749 }else{
3750 memset(k1, 0, iKeyLen);
3751 }
3752 if(iv->data){
3753 memcpy(peer_data->iv, iv->data, 12);
3754 }else{
3755 memset(iv2, 0, 12);
3756 }
3757
3758 ssh_debug_printf("ssh: cipher is aes%d-gcm\n", iKeyLen*8);
3759 ssh_print_data("key", k1, iKeyLen);
3760 ssh_print_data("iv", peer_data->iv, 12);
3761
3762 if ((err = gcry_cipher_setkey(*hd1, k1, iKeyLen))) {
3763 gcry_cipher_close(*hd1);
3764 ws_debug("ssh: can't set aes%d cipher key", iKeyLen*8)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3764, __func__, "ssh: can't set aes%d cipher key", iKeyLen*
8); } } while (0);
3765 ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3765, __func__, "libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource
(err), gcry_strerror(err)); } } while (0);
3766 return;
3767 }
3768
3769 wmem_register_callback(wmem_file_scope(), gcry_cipher_destroy_cb, *hd1);
3770
3771 } else {
3772 ssh_debug_printf("ssh: cipher (%d) is unknown or not set\n", peer_data->cipher_id);
3773 }
3774}
3775
3776static void
3777ssh_decryption_setup_mac(struct ssh_peer_data *peer_data,
3778 ssh_bignum *iv)
3779{
3780 if(peer_data->mac_id == CIPHER_MAC_SHA2_2560x00020001){
3781 if(iv->data){
3782 memcpy(peer_data->hmac_iv, iv->data, 32);
3783 }else{
3784 memset(peer_data->hmac_iv, 0, 32);
3785 }
3786 peer_data->hmac_iv_len = 32;
3787 ssh_debug_printf("ssh: mac is hmac-sha2-256\n");
3788 ssh_print_data("iv", peer_data->hmac_iv, peer_data->hmac_iv_len);
3789 }else{
3790 ws_debug("ssh: unsupported MAC")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3790, __func__, "ssh: unsupported MAC"); } } while (0);
3791 }
3792}
3793
3794/* libgcrypt wrappers for HMAC/message digest operations {{{ */
3795/* hmac abstraction layer */
3796#define SSH_HMACgcry_md_hd_t gcry_md_hd_t
3797
3798static inline int
3799ssh_hmac_init(SSH_HMACgcry_md_hd_t* md, const void * key, int len, int algo)
3800{
3801 gcry_error_t err;
3802 const char *err_str, *err_src;
3803
3804 err = gcry_md_open(md,algo, GCRY_MD_FLAG_HMAC);
3805 if (err != 0) {
3806 err_str = gcry_strerror(err);
3807 err_src = gcry_strsource(err);
3808 ssh_debug_printf("ssh_hmac_init(): gcry_md_open failed %s/%s", err_str, err_src);
3809 return -1;
3810 }
3811 err = gcry_md_setkey(*(md), key, len);
3812 if (err != 0) {
3813 err_str = gcry_strerror(err);
3814 err_src = gcry_strsource(err);
3815 ssh_debug_printf("ssh_hmac_init(): gcry_md_setkey(..., ..., %d) failed %s/%s", len, err_str, err_src);
3816 return -1;
3817 }
3818 return 0;
3819}
3820
3821static inline void
3822ssh_hmac_update(SSH_HMACgcry_md_hd_t* md, const void* data, int len)
3823{
3824 gcry_md_write(*(md), data, len);
3825}
3826
3827static inline void
3828ssh_hmac_final(SSH_HMACgcry_md_hd_t* md, unsigned char* data, unsigned* datalen)
3829{
3830 int algo;
3831 unsigned len;
3832
3833 algo = gcry_md_get_algo (*(md));
3834 len = gcry_md_get_algo_dlen(algo);
3835 DISSECTOR_ASSERT(len <= *datalen)((void) ((len <= *datalen) ? (void)0 : (proto_report_dissector_bug
("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-ssh.c"
, 3835, "len <= *datalen"))));
3836 memcpy(data, gcry_md_read(*(md), algo), len);
3837 *datalen = len;
3838}
3839
3840static inline void
3841ssh_hmac_cleanup(SSH_HMACgcry_md_hd_t* md)
3842{
3843 gcry_md_close(*(md));
3844}
3845/* libgcrypt wrappers for HMAC/message digest operations }}} */
3846
3847/* Decryption integrity check {{{ */
3848
3849static int
3850ssh_get_digest_by_id(unsigned mac_id)
3851{
3852 if(mac_id==CIPHER_MAC_SHA2_2560x00020001){
3853 return GCRY_MD_SHA256;
3854 }
3855 return -1;
3856}
3857
3858static void
3859ssh_calc_mac(struct ssh_peer_data *peer_data, uint32_t seqnr, uint8_t* data, uint32_t datalen, uint8_t* calc_mac)
3860{
3861 SSH_HMACgcry_md_hd_t hm;
3862 int md;
3863 uint32_t len;
3864 uint8_t buf[DIGEST_MAX_SIZE48];
3865
3866 md=ssh_get_digest_by_id(peer_data->mac_id);
3867// ssl_debug_printf("ssh_check_mac mac type:%s md %d\n",
3868// ssl_cipher_suite_dig(decoder->cipher_suite)->name, md);
3869
3870 memset(calc_mac, 0, DIGEST_MAX_SIZE48);
3871
3872 if (md == -1) {
3873 return;
3874 }
3875 if (ssh_hmac_init(&hm, peer_data->hmac_iv, peer_data->hmac_iv_len, md) != 0)
3876 return;
3877
3878 /* hash sequence number */
3879 phtonu32(buf, seqnr);
3880
3881 ssh_print_data("Mac IV", peer_data->hmac_iv, peer_data->hmac_iv_len);
3882 ssh_print_data("Mac seq", buf, 4);
3883 ssh_print_data("Mac data", data, datalen);
3884
3885 ssh_hmac_update(&hm,buf,4);
3886
3887 ssh_hmac_update(&hm,data,datalen);
3888
3889 /* get digest and digest len*/
3890 len = sizeof(buf);
3891 ssh_hmac_final(&hm,buf,&len);
3892 ssh_hmac_cleanup(&hm);
3893 ssh_print_data("Mac", buf, len);
3894 memcpy(calc_mac, buf, len);
3895
3896 return;
3897}
3898/* Decryption integrity check }}} */
3899
3900static ssh_packet_info_t *
3901ssh_get_packet_info(packet_info *pinfo, bool_Bool is_response)
3902{
3903 ssh_packet_info_t *packet = (ssh_packet_info_t *)p_get_proto_data(wmem_file_scope(), pinfo, proto_ssh, 0);
3904 if(!packet){
3905 packet = wmem_new0(wmem_file_scope(), ssh_packet_info_t)((ssh_packet_info_t*)wmem_alloc0((wmem_file_scope()), sizeof(
ssh_packet_info_t)));
3906 packet->from_server = is_response;
3907 packet->messages = NULL((void*)0);
3908 p_add_proto_data(wmem_file_scope(), pinfo, proto_ssh, 0, packet);
3909 }
3910 return packet;
3911}
3912
3913static unsigned
3914ssh_decrypt_packet(tvbuff_t *tvb, packet_info *pinfo,
3915 struct ssh_peer_data *peer_data, int offset)
3916{
3917 bool_Bool is_response = ssh_peer_data_from_server(peer_data);
3918
3919 gcry_error_t err;
3920 unsigned message_length = 0, seqnr;
3921 uint8_t *plain = NULL((void*)0);
3922 const uint8_t *mac;
3923 unsigned mac_len, data_len = 0;
3924 uint8_t calc_mac[DIGEST_MAX_SIZE48];
3925 memset(calc_mac, 0, DIGEST_MAX_SIZE48);
3926 unsigned remaining = tvb_captured_length_remaining(tvb, offset);
3927
3928 mac_len = peer_data->mac_length > 0 ? peer_data->mac_length : 0;
3929 seqnr = peer_data->sequence_number;
3930
3931 /* General algorithm:
3932 * 1. If there are not enough bytes for the packet_length, and we can
3933 * do reassembly, ask for one more segment.
3934 * 2. Retrieve packet_length (encrypted in some modes).
3935 * 3. Sanity check packet_length (the field is 4 bytes, but packet_length
3936 * is unlikely to be much larger than 32768, which provides good indication
3937 * a packet is continuation data or, in some modes, failed decryption.
3938 * https://www.rfc-editor.org/rfc/rfc4253.html#section-6.1 )
3939 * 4. If there are not enough bytes for packet_length, and we can do
3940 * reassembly, tell the TCP dissector how many more bytes we need.
3941 * 5. If the packet is truncated and we cannot reassemble, at this
3942 * point we conclude that it is the next SSH packet, and advance the
3943 * sequence number, invocation_counter, etc. before throwing an exception.
3944 * 6. If we do have all the data, we decrypt and check the MAC before
3945 * doing all that. (XXX - Advancing seqnr regardless could make sense
3946 * in some ciphers.)
3947 * 7. Possibly the MAC should be checked before decryption in some ciphers
3948 * if we have all the data; possibly there should be a "do not check the
3949 * MAC" preference a la TLS.
3950 */
3951
3952 if (GCRY_CIPHER_CHACHA20 == peer_data->cipher_id) {
3953 if (ssh_desegment && pinfo->can_desegment && remaining < 4) {
3954 /* Can do reassembly, and the packet length is split across
3955 * segment boundaries. */
3956 pinfo->desegment_offset = offset;
3957 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT0x0fffffff;
3958 return tvb_captured_length(tvb);
3959 }
3960
3961 const uint8_t *ctext = tvb_get_ptr(tvb, offset, 4);
3962 uint8_t plain_length_buf[4];
3963
3964 if (!ssh_decrypt_chacha20(peer_data->cipher_2, seqnr, 0, ctext, 4,
3965 plain_length_buf, 4)) {
3966 ws_debug("ERROR: could not decrypt packet len")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3966, __func__, "ERROR: could not decrypt packet len"); } }
while (0);
3967 return tvb_captured_length(tvb);
3968 }
3969
3970 message_length = pntohu32(plain_length_buf);
3971
3972 ssh_debug_printf("chachapoly_crypt seqnr=%d [%u]\n", seqnr, message_length);
3973
3974 ssh_debug_printf("%s plain for seq = %d len = %u\n", is_response?"s2c":"c2s", seqnr, message_length);
3975 if (message_length > SSH_MAX_PACKET_LEN32768) {
3976 ws_debug("ssh: unreasonable message length %u", message_length)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 3976, __func__, "ssh: unreasonable message length %u", message_length
); } } while (0);
3977 return tvb_captured_length(tvb);
3978 }
3979 if (remaining < message_length + 4 + mac_len) {
3980 // Need desegmentation; as "the [email protected] AEAD
3981 // uses the sequence number as an initialisation vector (IV) to
3982 // generate its per-packet MAC key and is otherwise stateless
3983 // between packets," we need no special handling here.
3984 // https://datatracker.ietf.org/doc/draft-miller-sshm-strict-kex/
3985 //
3986 if (ssh_desegment && pinfo->can_desegment) {
3987 pinfo->desegment_offset = offset;
3988 pinfo->desegment_len = message_length + 4 + mac_len - remaining;
3989 return tvb_captured_length(tvb);
3990 }
3991 // If we can't desegment, we will have an exception below in
3992 // the tvb_get_ptr. Advance the sequence number so that the
3993 // next SSH packet start will decrypt correctly.
3994 peer_data->sequence_number++;
3995 }
3996
3997 plain = (uint8_t *)wmem_alloc0(pinfo->pool, message_length+4);
3998 memcpy(plain, plain_length_buf, 4);
3999 const uint8_t *ctext2 = tvb_get_ptr(tvb, offset+4, message_length);
4000
4001 /* XXX - "Once the entire packet has been received, the MAC MUST be
4002 * checked before decryption," but we decrypt first.
4003 * https://datatracker.ietf.org/doc/html/draft-ietf-sshm-chacha20-poly1305-01
4004 */
4005 if (!ssh_decrypt_chacha20(peer_data->cipher, seqnr, 1, ctext2,
4006 message_length, plain+4, message_length)) {
4007 ws_debug("ERROR: could not decrypt packet payload")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4007, __func__, "ERROR: could not decrypt packet payload");
} } while (0);
4008 return tvb_captured_length(tvb);
4009 }
4010
4011 mac = tvb_get_ptr(tvb, offset + 4 + message_length, mac_len);
4012 uint8_t poly_key[32], iv[16];
4013
4014 memset(poly_key, 0, 32);
4015 memset(iv, 0, 8);
4016 phtonu64(iv+8, (uint64_t)seqnr);
4017 gcry_cipher_setiv(peer_data->cipher, iv, mac_len);
4018 gcry_cipher_encrypt(peer_data->cipher, poly_key, 32, poly_key, 32);
4019
4020 gcry_mac_hd_t mac_hd;
4021 gcry_mac_open(&mac_hd, GCRY_MAC_POLY1305, 0, NULL((void*)0));
4022 gcry_mac_setkey(mac_hd, poly_key, 32);
4023 gcry_mac_write(mac_hd, ctext, 4);
4024 gcry_mac_write(mac_hd, ctext2, message_length);
4025 if (gcry_mac_verify(mac_hd, mac, mac_len)) {
4026 ws_debug("ssh: MAC does not match")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4026, __func__, "ssh: MAC does not match"); } } while (0);
4027 }
4028 size_t buflen = DIGEST_MAX_SIZE48;
4029 gcry_mac_read(mac_hd, calc_mac, &buflen);
4030 gcry_mac_close(mac_hd);
4031
4032 data_len = message_length + 4;
4033
4034 ssh_debug_printf("%s plain text seq=%d", is_response?"s2c":"c2s",seqnr);
4035 ssh_print_data("", plain, message_length+4);
4036 } else if (CIPHER_AES128_GCM0x00040001 == peer_data->cipher_id || CIPHER_AES256_GCM0x00040004 == peer_data->cipher_id) {
4037
4038 /* AES GCM for Secure Shell [RFC 5647] */
4039 /* The message length is Additional Authenticated Data */
4040 if (ssh_desegment && pinfo->can_desegment && remaining < 4) {
4041 /* Can do reassembly, and the packet length is split across
4042 * segment boundaries. */
4043 pinfo->desegment_offset = offset;
4044 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT0x0fffffff;
4045 return tvb_captured_length(tvb);
4046 }
4047 message_length = tvb_get_uint32(tvb, offset, ENC_BIG_ENDIAN0x00000000);
4048 ssh_debug_printf("length: %d, remaining: %d\n", message_length, remaining);
4049 /* The minimum size of a packet (not counting mac) is 16. */
4050 if (message_length > SSH_MAX_PACKET_LEN32768 || message_length < 16) {
4051 ws_debug("ssh: unreasonable message length %u", message_length)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4051, __func__, "ssh: unreasonable message length %u", message_length
); } } while (0);
4052 return tvb_captured_length(tvb);
4053 }
4054
4055 /* SSH requires that the data to be encrypted (not including the AAD,
4056 * so message_length) be a multiple of the block size, 16 octets */
4057 if (message_length % 16 != 0) {
4058 ssh_debug_printf("length not a multiple of block length (16)!\n");
4059 }
4060
4061 if (message_length + 4 + mac_len > remaining) {
4062 // Need desegmentation; as the message length was unencrypted
4063 // AAD, we need no special handling here.
4064 if (pinfo->can_desegment) {
4065 pinfo->desegment_offset = offset;
4066 pinfo->desegment_len = message_length + 4 + mac_len - remaining;
4067 return tvb_captured_length(tvb);
4068 }
4069 // If we can't desegment, we will have an exception below in
4070 // the tvb_get_ptr. Advance the sequence number (less crucial
4071 // than with ChaCha20, as it's not an input.)
4072 peer_data->sequence_number++;
4073 }
4074
4075 /* Set the IV and increment the invocation_counter for the next
4076 * packet. Do this before retrieving the ciphertext with tvb_get_ptr
4077 * in case this packet is truncated.
4078 */
4079 if ((err = gcry_cipher_setiv(peer_data->cipher, peer_data->iv, 12))) {
4080 //gcry_cipher_close(peer_data->cipher);
4081 //Don't close this unless we also remove the wmem callback
4082// TODO: temporary work-around as long as a Windows python bug is triggered by automated tests
4083#ifndef _WIN32
4084 ws_debug("ssh: can't set aes128 cipher iv")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4084, __func__, "ssh: can't set aes128 cipher iv"); } } while
(0);
4085 ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4085, __func__, "libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource
(err), gcry_strerror(err)); } } while (0);
4086#endif //ndef _WIN32
4087 return tvb_captured_length(tvb);
4088 }
4089 // Increment invocation_counter for next packet
4090 int idx = 12;
4091 do{
4092 idx -= 1;
4093 peer_data->iv[idx] += 1;
4094 }while(idx>4 && peer_data->iv[idx]==0);
4095
4096 const char *ctext = (const char *)tvb_get_ptr(tvb, offset + 4,
4097 message_length);
4098 plain = (uint8_t *)wmem_alloc(pinfo->pool, message_length+4);
4099 phtonu32(plain, message_length);
4100
4101 if ((err = gcry_cipher_authenticate(peer_data->cipher, plain, 4))) {
4102// TODO: temporary work-around as long as a Windows python bug is triggered by automated tests
4103#ifndef _WIN32
4104 ws_debug("can't authenticate using aes128-gcm: %s\n", gpg_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4104, __func__, "can't authenticate using aes128-gcm: %s\n"
, gpg_strerror(err)); } } while (0);
4105#endif //ndef _WIN32
4106 return tvb_captured_length(tvb);
4107 }
4108
4109 if ((err = gcry_cipher_decrypt(peer_data->cipher, plain+4, message_length,
4110 ctext, message_length))) {
4111// TODO: temporary work-around as long as a Windows python bug is triggered by automated tests
4112#ifndef _WIN32
4113 ws_debug("can't decrypt aes-gcm %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4113, __func__, "can't decrypt aes-gcm %d %s %s", gcry_err_code
(err), gcry_strsource(err), gcry_strerror(err)); } } while (0
);
4114
4115#endif //ndef _WIN32
4116 return tvb_captured_length(tvb);
4117 }
4118
4119 if (gcry_cipher_gettag (peer_data->cipher, calc_mac, 16)) {
4120// TODO: temporary work-around as long as a Windows python bug is triggered by automated tests
4121#ifndef _WIN32
4122 ws_debug ("aes128-gcm, gcry_cipher_gettag() failed\n")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4122, __func__, "aes128-gcm, gcry_cipher_gettag() failed\n"
); } } while (0);
4123#endif //ndef _WIN32
4124 return tvb_captured_length(tvb);
4125 }
4126
4127 if ((err = gcry_cipher_reset(peer_data->cipher)gcry_cipher_ctl ((peer_data->cipher), GCRYCTL_RESET, ((void
*)0), 0))) {
4128// TODO: temporary work-around as long as a Windows python bug is triggered by automated tests
4129#ifndef _WIN32
4130 ws_debug("aes-gcm, gcry_cipher_reset failed: %s\n", gpg_strerror (err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4130, __func__, "aes-gcm, gcry_cipher_reset failed: %s\n", gpg_strerror
(err)); } } while (0);
4131#endif //ndef _WIN32
4132 return tvb_captured_length(tvb);
4133 }
4134
4135 data_len = message_length + 4;
4136
4137 ssh_debug_printf("%s plain text seq=%d", is_response?"s2c":"c2s",seqnr);
4138 ssh_print_data("", plain, message_length+4);
4139
4140 } else if (CIPHER_AES128_CBC0x00020001 == peer_data->cipher_id || CIPHER_AES128_CTR0x00010001 == peer_data->cipher_id ||
4141 CIPHER_AES192_CBC0x00020002 == peer_data->cipher_id || CIPHER_AES192_CTR0x00010003 == peer_data->cipher_id ||
4142 CIPHER_AES256_CBC0x00020004 == peer_data->cipher_id || CIPHER_AES256_CTR0x00010004 == peer_data->cipher_id) {
4143
4144 ws_noisy("Getting raw bytes of length %d", tvb_reported_length_remaining(tvb, offset))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 4144, __func__, "Getting raw bytes of length %d", tvb_reported_length_remaining
(tvb, offset)); } } while (0);
4145 /* In CBC and CTR mode, the message length is encrypted as well.
4146 * We need to decrypt one block, 16 octets, to get the length.
4147 */
4148 if (ssh_desegment && pinfo->can_desegment && remaining < 16) {
4149 /* Can do reassembly, and the packet length is split across
4150 * segment boundaries. */
4151 pinfo->desegment_offset = offset;
4152 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT0x0fffffff;
4153 return tvb_captured_length(tvb);
4154 }
4155 /* Do we already have the first block decrypted from when the packet
4156 * was too large and segmented?
4157 */
4158 if (!peer_data->plain0_valid) {
4159 const char *cypher_buf0 = (const char *)tvb_get_ptr(tvb, offset, 16);
4160
4161 if (gcry_cipher_decrypt(peer_data->cipher, peer_data->plain0, 16, cypher_buf0, 16))
4162 {
4163 ws_debug("can\'t decrypt aes128")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4163, __func__, "can\'t decrypt aes128"); } } while (0);
4164 return tvb_captured_length(tvb);
4165 }
4166 }
4167
4168 message_length = pntohu32(peer_data->plain0);
4169
4170 /* The message_length value doesn't include the length of the
4171 * message_length field itself, so it must be at least 12 bytes.
4172 */
4173 if (message_length > SSH_MAX_PACKET_LEN32768 || message_length < 12){
4174 ws_debug("ssh: unreasonable message length %u", message_length)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4174, __func__, "ssh: unreasonable message length %u", message_length
); } } while (0);
4175 return tvb_captured_length(tvb);
4176 }
4177
4178 /* SSH requires that the data to be encrypted (message_length+4)
4179 * be a multiple of the block size, 16 octets. */
4180 if (message_length % 16 != 12) {
4181 ssh_debug_printf("total length not a multiple of block length (16)!\n");
4182 }
4183 if (remaining < message_length + 4 + mac_len) {
4184 /* Need desegmentation
4185 *
4186 * We will be handed the full encrypted packet again. We can either
4187 * store the decrypted first block, or will need to reset the CTR
4188 * or IV appropriately before decrypting the first block again.
4189 * libgcrypt does not provide an easy way to get the current value
4190 * of the CTR or (or IV/last block for CBC), so we just store the
4191 * decrypted first block.
4192 */
4193 if (ssh_desegment && pinfo->can_desegment) {
4194 ws_noisy(" need_desegmentation: offset = %d, reported_length_remaining = %d\n",do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 4195, __func__, " need_desegmentation: offset = %d, reported_length_remaining = %d\n"
, offset, tvb_reported_length_remaining(tvb, offset)); } } while
(0)
4195 offset, tvb_reported_length_remaining(tvb, offset))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 4195, __func__, " need_desegmentation: offset = %d, reported_length_remaining = %d\n"
, offset, tvb_reported_length_remaining(tvb, offset)); } } while
(0);
4196 peer_data->plain0_valid = true1;
4197 pinfo->desegment_offset = offset;
4198 pinfo->desegment_len = message_length + 4 + mac_len - remaining;
4199 return tvb_captured_length(tvb);
4200 } else {
4201 // If we can't desegment, we will have an exception below in
4202 // the tvb_get_ptr. Advance the sequence number so that the
4203 // the hash will work for the next packet.
4204 //
4205 // XXX - In CTR mode, we should advance the CTR based on the
4206 // known length so we can dissect the next block. We would
4207 // also need to reset the CTR after failing to dissect a
4208 // packet_length on the continuation data that comes next.
4209 peer_data->sequence_number++;
4210 }
4211 }
4212 peer_data->plain0_valid = false0;
4213 plain = (uint8_t *)wmem_alloc(pinfo->pool, message_length+4);
4214 memcpy(plain, peer_data->plain0, 16);
4215
4216 if (message_length > 12) {
4217 /* All of these functions actually do handle the case where
4218 * there is no data left, so the check is unnecessary.
4219 */
4220 char *ct = (char *)tvb_get_ptr(tvb, offset + 16, message_length - 12);
4221 if ((err = gcry_cipher_decrypt(peer_data->cipher, plain + 16, message_length - 12, ct, message_length - 12)))
4222 {
4223 ws_debug("can't decrypt aes-cbc/ctr %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err))do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4223, __func__, "can't decrypt aes-cbc/ctr %d %s %s", gcry_err_code
(err), gcry_strsource(err), gcry_strerror(err)); } } while (0
);
4224 return tvb_captured_length(tvb);
4225 }
4226 }
4227
4228 ssh_debug_printf("%s plain text seq=%d", is_response?"s2c":"c2s",seqnr);
4229 ssh_print_data("", plain, message_length+4);
4230
4231 data_len = message_length + 4;
4232
4233 // XXX - In -etm modes, should calculate MAC based on ciphertext.
4234 ssh_calc_mac(peer_data, seqnr, plain, data_len, calc_mac);
4235 } else if (CIPHER_NULL0x00080000 == peer_data->cipher_id) {
4236 if (ssh_desegment && pinfo->can_desegment && remaining < 4) {
4237 /* Can do reassembly, and the packet length is split across
4238 * segment boundaries. */
4239 pinfo->desegment_offset = offset;
4240 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT0x0fffffff;
4241 return tvb_captured_length(tvb);
4242 }
4243 message_length = tvb_get_uint32(tvb, offset, ENC_BIG_ENDIAN0x00000000);
4244 ssh_debug_printf("length: %d, remaining: %d\n", message_length, remaining);
4245 if (message_length > SSH_MAX_PACKET_LEN32768 || message_length < 8) {
4246 ws_debug("ssh: unreasonable message length %u", message_length)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4246, __func__, "ssh: unreasonable message length %u", message_length
); } } while (0);
4247 return tvb_captured_length(tvb);
4248 }
4249
4250 if (message_length + 4 + mac_len > remaining) {
4251 // Need desegmentation; as the message length was unencrypted
4252 // AAD, we need no special handling here.
4253 if (pinfo->can_desegment) {
4254 pinfo->desegment_offset = offset;
4255 pinfo->desegment_len = message_length + 4 + mac_len - remaining;
4256 return tvb_captured_length(tvb);
4257 }
4258 // If we can't desegment, we will have an exception below in
4259 // the tvb_memdup. Advance the sequence number (not crucial).
4260 peer_data->sequence_number++;
4261 }
4262 data_len = message_length + 4;
4263 plain = tvb_memdup(pinfo->pool, tvb, offset, data_len);
4264
4265 // XXX - In -etm modes, should calculate MAC based on ciphertext.
4266 ssh_calc_mac(peer_data, seqnr, plain, data_len, calc_mac);
4267 }
4268
4269 if (mac_len && data_len) {
4270 if (mac_len <= DIGEST_MAX_SIZE48 && !memcmp(tvb_get_ptr(tvb, offset + data_len, mac_len), calc_mac, mac_len)){
4271 ws_noisy("MAC OK")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_NOISY, "epan/dissectors/packet-ssh.c"
, 4271, __func__, "MAC OK"); } } while (0);
4272 }else{
4273 ws_debug("MAC ERR")do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4273, __func__, "MAC ERR"); } } while (0);
4274 /* Bad MAC, just show the packet as encrypted. We can get
4275 * this for a known encryption type with no keys currently. */
4276 if (!ssh_ignore_mac_failed) {
4277 return tvb_captured_length(tvb);
4278 }
4279 }
4280 }
4281
4282 if(plain){
4283 // Save message
4284
4285 ssh_packet_info_t *packet = ssh_get_packet_info(pinfo, is_response);
4286
4287 int record_id = tvb_raw_offset(tvb)+offset;
4288 ssh_message_info_t *message;
4289
4290 message = wmem_new(wmem_file_scope(), ssh_message_info_t)((ssh_message_info_t*)wmem_alloc((wmem_file_scope()), sizeof(
ssh_message_info_t)));
4291 message->sequence_number = peer_data->sequence_number++;
4292 message->plain_data = wmem_memdup(wmem_file_scope(), plain, data_len);
4293 message->data_len = data_len;
4294 message->id = record_id;
4295 message->next = NULL((void*)0);
4296 memcpy(message->calc_mac, calc_mac, DIGEST_MAX_SIZE48);
4297 ssh_debug_printf("%s->sequence_number++ > %d\n", is_response?"server":"client", peer_data->sequence_number);
4298
4299 ssh_message_info_t **pmessage = &packet->messages;
4300 while(*pmessage){
4301 pmessage = &(*pmessage)->next;
4302 }
4303 *pmessage = message;
4304 }
4305
4306 offset += message_length + mac_len + 4;
4307 return offset;
4308}
4309
4310static bool_Bool
4311ssh_decrypt_chacha20(gcry_cipher_hd_t hd,
4312 uint32_t seqnr, uint32_t counter, const unsigned char *ctext, unsigned ctext_len,
4313 unsigned char *plain, unsigned plain_len)
4314{
4315 unsigned char seq[8];
4316 unsigned char iv[16];
4317
4318 phtonu64(seq, (uint64_t)seqnr);
4319
4320 // chacha20 uses a different cipher handle for the packet payload & length
4321 // the payload uses a block counter
4322 if (counter) {
4323 const unsigned char ctr[8] = {1,0,0,0,0,0,0,0};
4324 memcpy(iv, ctr, 8);
4325 memcpy(iv+8, seq, 8);
4326 }
4327
4328 return ((!counter && gcry_cipher_setiv(hd, seq, 8) == 0) ||
4329 (counter && gcry_cipher_setiv(hd, iv, 16) == 0)) &&
4330 gcry_cipher_decrypt(hd, plain, plain_len, ctext, ctext_len) == 0;
4331}
4332
4333static int
4334ssh_dissect_decrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
4335 struct ssh_peer_data *peer_data, proto_tree *tree,
4336 ssh_message_info_t *message)
4337{
4338 unsigned offset = 0; // TODO:
4339 int dissected_len = 0;
4340 tvbuff_t* payload_tvb;
4341
4342 const uint8_t* plaintext = message->plain_data;
4343 unsigned plaintext_len = message->data_len;
4344
4345 col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL((void*)0), "Encrypted packet (plaintext_len=%d)", plaintext_len);
4346
4347 tvbuff_t *packet_tvb = tvb_new_child_real_data(tvb, plaintext, plaintext_len, plaintext_len);
4348 add_new_data_source(pinfo, packet_tvb, "Decrypted Packet");
4349
4350 unsigned plen;
4351 uint32_t padding_length;
4352 unsigned remain_length;
4353 unsigned msg_code;
4354
4355 proto_item *ti, *padding_ti;
4356 proto_item *msg_type_tree = NULL((void*)0);
4357
4358 /*
4359 * We use "tvb_ensure_captured_length_remaining()" to make sure there
4360 * actually *is* data remaining.
4361 *
4362 * This means we're guaranteed that "remain_length" is positive.
4363 */
4364 remain_length = tvb_ensure_captured_length_remaining(packet_tvb, offset);
4365 /*
4366 * Can we do reassembly?
4367 */
4368 if (ssh_desegment && pinfo->can_desegment) {
4369 /*
4370 * Yes - would an SSH header starting at this offset
4371 * be split across segment boundaries?
4372 */
4373 if (remain_length < 4) {
4374 /*
4375 * Yes. Tell the TCP dissector where the data for
4376 * this message starts in the data it handed us and
4377 * that we need "some more data." Don't tell it
4378 * exactly how many bytes we need because if/when we
4379 * ask for even more (after the header) that will
4380 * break reassembly.
4381 */
4382 pinfo->desegment_offset = offset;
4383 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT0x0fffffff;
4384 return offset;
4385 }
4386 }
4387 /* XXX - Defragmentation needs to be done in ssh_decrypt_packet, and the
4388 * checks there should mean that the above never has an effect. (It's
4389 * copied from ssh_dissect_key_exchange.)
4390 */
4391 plen = tvb_get_ntohl(packet_tvb, offset);
4392
4393 if (ssh_desegment && pinfo->can_desegment) {
4394 if (plen + 4 > remain_length) {
4395 pinfo->desegment_offset = offset;
4396 pinfo->desegment_len = plen+4 - remain_length;
4397 return offset;
4398 }
4399 }
4400 /*
4401 * Need to check plen > 0x80000000 here
4402 */
4403
4404 ti = proto_tree_add_uint(tree, hf_ssh_packet_length, packet_tvb,
4405 offset, 4, plen);
4406 if (plen < 8) {
4407 /* RFC 4253 6: "[T]he length of the concatenation of 'packet_length',
4408 * 'padding_length', 'payload', and 'random padding' MUST be a multiple
4409 * of the cipher block size or 8, whichever is larger,... even when
4410 * using stream ciphers."
4411 *
4412 * Modes that do not encrypt plen with the same key as the other three
4413 * cannot follow this as written and delete 'packet_length' from the
4414 * above sentence. As padding_length is one byte and random_padding at
4415 * least four, packet_length must be at least 8 in all modes.
4416 */
4417 expert_add_info_format(pinfo, ti, &ei_ssh_packet_length, "Packet length is %d, MUST be at least 8", plen);
4418 } else if (plen >= SSH_MAX_PACKET_LEN32768) {
4419 expert_add_info_format(pinfo, ti, &ei_ssh_packet_length, "Overly large number %d", plen);
4420 plen = remain_length-4;
4421 }
4422 offset+=4;
4423
4424 /* padding length */
4425 padding_ti = proto_tree_add_item_ret_uint(tree, hf_ssh_padding_length, packet_tvb, offset, 1, ENC_NA0x00000000, &padding_length);
4426 /* RFC 4253 6: "There MUST be at least four bytes of padding." */
4427 if (padding_length < 4) {
4428 expert_add_info_format(pinfo, padding_ti, &ei_ssh_padding_length, "Padding length is %d, MUST be at least 4", padding_length);
4429 }
4430 unsigned payload_length;
4431 if (ckd_sub(&payload_length, plen, padding_length + 1)__builtin_sub_overflow((plen), (padding_length + 1), (&payload_length
))) {
4432 expert_add_info_format(pinfo, padding_ti, &ei_ssh_padding_length, "Padding length is too large [%d], implies a negative payload length", padding_length);
4433 payload_length = 0;
4434 }
4435 offset += 1;
4436
4437 /* msg_code */
4438 msg_code = tvb_get_uint8(packet_tvb, offset);
4439 /* XXX - Payload compression could have been negotiated */
4440 payload_tvb = tvb_new_subset_length(packet_tvb, offset, (int)payload_length);
4441 bool_Bool is_response = ssh_peer_data_from_server(peer_data);
4442
4443 /* Transport layer protocol */
4444 /* Generic (1-19) */
4445 if(msg_code >= 1 && msg_code <= 19) {
4446 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0), val_to_str(pinfo->pool, msg_code, ssh2_msg_vals, "Unknown (%u)"));
4447 msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), "Message: Transport (generic)");
4448 proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4449 dissected_len = ssh_dissect_transport_generic(payload_tvb, pinfo, 1, peer_data, msg_type_tree, msg_code);
4450 }
4451 /* Algorithm negotiation (20-29) */
4452 /* Normally these messages are all dissected in ssh_dissect_key_exchange */
4453 else if(msg_code >=20 && msg_code <= 29) {
4454//TODO: See if the complete dissector should be refactored to always go through here first offset = ssh_dissect_transport_algorithm_negotiation(packet_tvb, pinfo, global_data, offset, msg_type_tree, is_response, msg_code);
4455
4456 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0), val_to_str(pinfo->pool, msg_code, ssh2_msg_vals, "Unknown (%u)"));
4457 msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), "Message: Transport (algorithm negotiation)");
4458 proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4459 dissected_len = 1;
4460
4461 ws_debug("SSH dissect: pass %u, frame %u, msg_code %u, do_decrypt=%d", pinfo->fd->visited, pinfo->fd->num, msg_code, peer_data->global_data->do_decrypt)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4461, __func__, "SSH dissect: pass %u, frame %u, msg_code %u, do_decrypt=%d"
, pinfo->fd->visited, pinfo->fd->num, msg_code, peer_data
->global_data->do_decrypt); } } while (0);
4462 switch(msg_code)
4463 {
4464 case SSH_MSG_KEXINIT20:
4465 {
4466 ws_debug("ssh: REKEY msg_code 20: storing frame %u number, offset %d" , pinfo->num, offset)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4466, __func__, "ssh: REKEY msg_code 20: storing frame %u number, offset %d"
, pinfo->num, offset); } } while (0);
4467 peer_data->rekey_trigger_frame = pinfo->num;
4468 // Reset array while REKEY: sanitize server_key_exchange_init and force do_decrypt :
4469 peer_data->global_data->kex_server_key_exchange_init = wmem_array_new(wmem_file_scope(), 1);
4470 peer_data->global_data->do_decrypt = true1;
4471 dissected_len = ssh_dissect_key_init(payload_tvb, pinfo, offset - 4, msg_type_tree, is_response, peer_data->global_data);
4472 break;
4473 }
4474 case SSH_MSG_NEWKEYS21:
4475 {
4476 if (peer_data->rekey_pending) {
4477 ws_debug("ssh: REKEY pending... NEWKEYS frame %u", pinfo->num)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4477, __func__, "ssh: REKEY pending... NEWKEYS frame %u", pinfo
->num); } } while (0);
4478 ws_debug("ssh: decrypting frame %u with key ID %u, seq=%u", pinfo->num, peer_data->cipher_id, peer_data->sequence_number)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4478, __func__, "ssh: decrypting frame %u with key ID %u, seq=%u"
, pinfo->num, peer_data->cipher_id, peer_data->sequence_number
); } } while (0);
4479 if (peer_data->global_data->ext_kex_strict) {
4480 peer_data->sequence_number = 0;
4481 ssh_debug_printf("%s->sequence_number reset to 0 (Strict KEX)\n", is_response ? "server" : "client");
4482 ws_debug("ssh: REKEY reset %s sequence number to 0 at frame %u (Strict KEX)", is_response ? "server" : "client", pinfo->num)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4482, __func__, "ssh: REKEY reset %s sequence number to 0 at frame %u (Strict KEX)"
, is_response ? "server" : "client", pinfo->num); } } while
(0);
4483 }
4484 // finalize the rekey (activate the new keys)
4485 if (!is_response) { // Only process client-sent NEWKEYS
4486 // Activate new key material into peer_data->cipher
4487 ssh_debug_printf("Activating new keys for CLIENT => SERVER\n");
4488 ssh_decryption_setup_cipher(peer_data, &peer_data->global_data->new_keys[0], &peer_data->global_data->new_keys[2]);
4489 ssh_decryption_setup_mac(peer_data, &peer_data->global_data->new_keys[4]);
4490 } else { // Only process server-sent NEWKEYS
4491 // Activate new key material into peer_data->cipher
4492 ssh_debug_printf("Activating new keys for SERVER => CLIENT\n");
4493 ssh_decryption_setup_cipher(peer_data, &peer_data->global_data->new_keys[1], &peer_data->global_data->new_keys[3]);
4494 ssh_decryption_setup_mac(peer_data, &peer_data->global_data->new_keys[5]);
4495 }
4496 // Finishing REKEY
4497 peer_data->rekey_pending = false0;
4498 ws_debug("ssh: REKEY done... switched to NEWKEYS at frame %u", pinfo->num)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4498, __func__, "ssh: REKEY done... switched to NEWKEYS at frame %u"
, pinfo->num); } } while (0);
4499 }
4500 break;
4501 }
4502 }
4503 }
4504 /* Key exchange method specific (reusable) (30-49) */
4505 /* Normally these messages are all dissected in ssh_dissect_key_exchange */
4506 else if (msg_code >=30 && msg_code <= 49) {
4507//TODO: See if the complete dissector should be refactored to always go through here first offset = global_data->kex_specific_dissector(msg_code, packet_tvb, pinfo, offset, msg_type_tree);
4508
4509 msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), "Message: Transport (key exchange method specific)");
4510 ws_debug("ssh: rekey KEX_xxx_INIT/KEX_xxx_REPLY detected in frame %u", pinfo->num)do { if (1) { ws_log_full("packet-ssh", LOG_LEVEL_DEBUG, "epan/dissectors/packet-ssh.c"
, 4510, __func__, "ssh: rekey KEX_xxx_INIT/KEX_xxx_REPLY detected in frame %u"
, pinfo->num); } } while (0);
4511 peer_data->rekey_pending = true1;
4512 dissected_len = peer_data->global_data->kex_specific_dissector(msg_code, payload_tvb, pinfo, offset -5, msg_type_tree, peer_data->global_data);
4513 }
4514
4515 /* User authentication protocol */
4516 /* Generic (50-59) */
4517 else if (msg_code >= 50 && msg_code <= 59) {
4518 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0), val_to_str(pinfo->pool, msg_code, ssh2_msg_vals, "Unknown (%u)"));
4519 msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), "Message: User Authentication (generic)");
4520 proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4521 dissected_len = ssh_dissect_userauth_generic(payload_tvb, pinfo, 1, msg_type_tree, msg_code);
4522 }
4523 /* User authentication method specific (reusable) (60-79) */
4524 else if (msg_code >= 60 && msg_code <= 79) {
4525 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0), val_to_str(pinfo->pool, msg_code, ssh2_msg_vals, "Unknown (%u)"));
4526 msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), "Message: User Authentication: (method specific)");
4527 proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4528 dissected_len = ssh_dissect_userauth_specific(payload_tvb, pinfo, 1, msg_type_tree, msg_code);
4529 }
4530
4531 /* Connection protocol */
4532 /* Generic (80-89) */
4533 else if (msg_code >= 80 && msg_code <= 89) {
4534 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0), val_to_str(pinfo->pool, msg_code, ssh2_msg_vals, "Unknown (%u)"));
4535 msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), "Message: Connection (generic)");
4536 proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4537 dissected_len = ssh_dissect_connection_generic(payload_tvb, pinfo, 1, msg_type_tree, msg_code);
4538 }
4539 /* Channel related messages (90-127) */
4540 else if (msg_code >= 90 && msg_code <= 127) {
4541 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0), val_to_str(pinfo->pool, msg_code, ssh2_msg_vals, "Unknown (%u)"));
4542 msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), "Message: Connection: (channel related message)");
4543 proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4544 dissected_len = ssh_dissect_connection_specific(payload_tvb, pinfo, peer_data, 1, msg_type_tree, msg_code, message);
4545 }
4546
4547 /* Reserved for client protocols (128-191) */
4548 else if (msg_code >= 128 && msg_code <= 191) {
4549 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0), val_to_str(pinfo->pool, msg_code, ssh2_msg_vals, "Unknown (%u)"));
4550 msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), "Message: Client protocol");
4551 proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4552 offset+=1;
4553 // TODO: dissected_len = ssh_dissect_client(payload_tvb, pinfo, global_data, 1, msg_type_tree, is_response, msg_code);
4554 }
4555
4556 /* Local extensions (192-255) */
4557 else if (msg_code >= 192 && msg_code <= 255) {
4558 msg_type_tree = proto_tree_add_subtree(tree, packet_tvb, offset, plen-1, ett_key_exchange, NULL((void*)0), "Message: Local extension");
4559 dissected_len = ssh_dissect_local_extension(payload_tvb, pinfo, 0, peer_data, msg_type_tree, msg_code);
4560 }
4561
4562 /* XXX - ssh_dissect_key_exchange only adds undecoded payload here,
4563 * i.e., tvb_reported_length_remaining(payload_tvb, dissected_len)
4564 */
4565 if (payload_length > 0) {
4566 proto_tree_add_item(msg_type_tree, hf_ssh_payload, packet_tvb, offset, payload_length, ENC_NA0x00000000);
4567 }
4568 if(dissected_len!=(int)payload_length){
4569 expert_add_info_format(pinfo, ti, &ei_ssh_packet_decode, "Decoded %d bytes, but payload length is %d bytes [%d]", dissected_len, payload_length, msg_code);
4570 }
4571 offset += payload_length;
4572
4573 /* padding */
4574 proto_tree_add_item(tree, hf_ssh_padding_string, packet_tvb, offset, padding_length, ENC_NA0x00000000);
4575 offset += padding_length;
4576
4577 if (peer_data->mac_length > 0) {
4578 proto_tree_add_checksum_bytes(tree, tvb, offset, hf_ssh_mac_string, hf_ssh_mac_status, &ei_ssh_mac_bad, pinfo, message->calc_mac, peer_data->mac_length, PROTO_CHECKSUM_VERIFY0x01);
4579 offset += peer_data->mac_length;
4580 }
4581 ti = proto_tree_add_uint(tree, hf_ssh_seq_num, tvb, offset, 0, message->sequence_number);
4582 proto_item_set_generated(ti);
4583 return offset;
4584}
4585
4586static int
4587ssh_dissect_transport_generic(tvbuff_t *packet_tvb, packet_info *pinfo,
4588 int offset, struct ssh_peer_data *peer_data, proto_item *msg_type_tree, unsigned msg_code)
4589{
4590 (void)pinfo;
4591 if(msg_code==SSH_MSG_DISCONNECT1){
4592 proto_tree_add_item(msg_type_tree, hf_ssh_disconnect_reason, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4593 offset += 4;
4594 unsigned nlen;
4595 nlen = tvb_get_ntohl(packet_tvb, offset) ;
4596 proto_tree_add_item(msg_type_tree, hf_ssh_disconnect_description_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4597 offset += 4;
4598 proto_tree_add_item(msg_type_tree, hf_ssh_disconnect_description, packet_tvb, offset, nlen, ENC_ASCII0x00000000);
4599 offset += nlen;
4600 nlen = tvb_get_ntohl(packet_tvb, offset) ;
4601 proto_tree_add_item(msg_type_tree, hf_ssh_lang_tag_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4602 offset += 4;
4603 proto_tree_add_item(msg_type_tree, hf_ssh_lang_tag, packet_tvb, offset, nlen, ENC_ASCII0x00000000);
4604 offset += nlen;
4605 }else if(msg_code==SSH_MSG_IGNORE2){
4606 offset += ssh_tree_add_string(packet_tvb, offset, msg_type_tree, hf_ssh_ignore_data, hf_ssh_ignore_data_length);
4607 }else if(msg_code==SSH_MSG_DEBUG4){
4608 unsigned slen;
4609 proto_tree_add_item(msg_type_tree, hf_ssh_debug_always_display, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4610 offset += 1;
4611 slen = tvb_get_ntohl(packet_tvb, offset) ;
4612 proto_tree_add_item(msg_type_tree, hf_ssh_debug_message_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4613 offset += 4;
4614 proto_tree_add_item(msg_type_tree, hf_ssh_debug_message, packet_tvb, offset, slen, ENC_UTF_80x00000002);
4615 offset += slen;
4616 slen = tvb_get_ntohl(packet_tvb, offset) ;
4617 proto_tree_add_item(msg_type_tree, hf_ssh_lang_tag_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4618 offset += 4;
4619 proto_tree_add_item(msg_type_tree, hf_ssh_lang_tag, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4620 offset += slen;
4621 }else if(msg_code==SSH_MSG_SERVICE_REQUEST5){
4622 unsigned nlen;
4623 nlen = tvb_get_ntohl(packet_tvb, offset) ;
4624 proto_tree_add_item(msg_type_tree, hf_ssh_service_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4625 offset += 4;
4626 proto_tree_add_item(msg_type_tree, hf_ssh_service_name, packet_tvb, offset, nlen, ENC_ASCII0x00000000);
4627 offset += nlen;
4628 }else if(msg_code==SSH_MSG_SERVICE_ACCEPT6){
4629 unsigned nlen;
4630 nlen = tvb_get_ntohl(packet_tvb, offset) ;
4631 proto_tree_add_item(msg_type_tree, hf_ssh_service_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4632 offset += 4;
4633 proto_tree_add_item(msg_type_tree, hf_ssh_service_name, packet_tvb, offset, nlen, ENC_ASCII0x00000000);
4634 offset += nlen;
4635 }else if(msg_code==SSH_MSG_EXT_INFO7){
4636 unsigned ext_cnt;
4637 ext_cnt = tvb_get_ntohl(packet_tvb, offset);
4638 proto_tree_add_item(msg_type_tree, hf_ssh_ext_count, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4639 offset += 4;
4640 for(unsigned ext_index = 0; ext_index < ext_cnt; ext_index++) {
4641 offset = ssh_dissect_rfc8308_extension(packet_tvb, pinfo, offset, peer_data, msg_type_tree);
4642 }
4643 }
4644 return offset;
4645}
4646
4647static int
4648ssh_dissect_rfc8308_extension(tvbuff_t *packet_tvb, packet_info *pinfo,
4649 int offset, struct ssh_peer_data *peer_data, proto_item *msg_type_tree)
4650{
4651 (void)pinfo;
4652 unsigned ext_name_slen = tvb_get_ntohl(packet_tvb, offset);
4653 uint8_t *ext_name = tvb_get_string_enc(pinfo->pool, packet_tvb, offset + 4, ext_name_slen, ENC_ASCII0x00000000);
4654 unsigned ext_value_slen = tvb_get_ntohl(packet_tvb, offset + 4 + ext_name_slen);
4655 unsigned ext_len = 8 + ext_name_slen + ext_value_slen;
4656 proto_item *ext_tree = proto_tree_add_subtree_format(msg_type_tree, packet_tvb, offset, ext_len, ett_extension, NULL((void*)0), "Extension: %s", ext_name);
4657
4658 proto_tree_add_item(ext_tree, hf_ssh_ext_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4659 offset += 4;
4660 proto_tree_add_item(ext_tree, hf_ssh_ext_name, packet_tvb, offset, ext_name_slen, ENC_ASCII0x00000000);
4661 offset += ext_name_slen;
4662 proto_tree_add_item(ext_tree, hf_ssh_ext_value_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4663 offset += 4;
4664 proto_tree_add_item(ext_tree, hf_ssh_ext_value, packet_tvb, offset, ext_value_slen, ENC_NA0x00000000);
4665
4666 if (g_str_equal(ext_name, "server-sig-algs")(strcmp ((const char *) (ext_name), (const char *) ("server-sig-algs"
)) == 0)) {
4667 // server-sig-algs (RFC8308 Sec. 3.1)
4668 proto_tree_add_item(ext_tree, hf_ssh_ext_server_sig_algs_algorithms, packet_tvb, offset, ext_value_slen, ENC_ASCII0x00000000);
4669 offset += ext_value_slen;
4670 } else if (g_str_equal(ext_name, "delay-compression")(strcmp ((const char *) (ext_name), (const char *) ("delay-compression"
)) == 0)) {
4671 // delay-compression (RFC8308 Sec 3.2)
4672 unsigned slen;
4673 slen = tvb_get_ntohl(packet_tvb, offset);
4674 proto_tree_add_item(ext_tree, hf_ssh_ext_delay_compression_algorithms_client_to_server_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4675 offset += 4;
4676 proto_tree_add_item(ext_tree, hf_ssh_ext_delay_compression_algorithms_client_to_server, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4677 offset += slen;
4678 slen = tvb_get_ntohl(packet_tvb, offset);
4679 proto_tree_add_item(ext_tree, hf_ssh_ext_delay_compression_algorithms_server_to_client_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4680 offset += 4;
4681 proto_tree_add_item(ext_tree, hf_ssh_ext_delay_compression_algorithms_server_to_client, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4682 offset += slen;
4683 } else if (g_str_equal(ext_name, "no-flow-control")(strcmp ((const char *) (ext_name), (const char *) ("no-flow-control"
)) == 0)) {
4684 // no-flow-control (RFC 8308 Sec 3.3)
4685 proto_tree_add_item(ext_tree, hf_ssh_ext_no_flow_control_value, packet_tvb, offset, ext_value_slen, ENC_ASCII0x00000000);
4686 offset += ext_value_slen;
4687 } else if (g_str_equal(ext_name, "elevation")(strcmp ((const char *) (ext_name), (const char *) ("elevation"
)) == 0)) {
4688 // elevation (RFC 8308 Sec 3.4)
4689 proto_tree_add_item(ext_tree, hf_ssh_ext_elevation_value, packet_tvb, offset, ext_value_slen, ENC_ASCII0x00000000);
4690 offset += ext_value_slen;
4691 } else if (g_str_equal(ext_name, "[email protected]")(strcmp ((const char *) (ext_name), (const char *) ("[email protected]"
)) == 0)) {
4692 // [email protected] (proprietary)
4693 proto_tree_add_item(ext_tree, hf_ssh_ext_prop_publickey_algorithms_algorithms, packet_tvb, offset, ext_value_slen, ENC_ASCII0x00000000);
4694 offset += ext_value_slen;
4695 } else if (g_str_equal(ext_name, "[email protected]")(strcmp ((const char *) (ext_name), (const char *) ("[email protected]"
)) == 0)) {
4696 // [email protected] (proprietary w/ primitive extension value)
4697 peer_data->global_data->ext_ping_openssh_offered = true1;
4698 offset += ext_value_slen;
4699 } else {
4700 offset += ext_value_slen;
4701 }
4702
4703 // The following extensions do not require advanced dissection:
4704 // - global-requests-ok
4705 // - ext-auth-info
4706 // - [email protected]
4707 // - [email protected]
4708
4709 return offset;
4710}
4711
4712static int
4713ssh_dissect_userauth_generic(tvbuff_t *packet_tvb, packet_info *pinfo,
4714 int offset, proto_item *msg_type_tree, unsigned msg_code)
4715{
4716 if(msg_code==SSH_MSG_USERAUTH_REQUEST50){
4717 uint32_t slen;
4718 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_userauth_user_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4719 offset += 4;
4720 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_user_name, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4721 offset += slen;
4722 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_userauth_service_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4723 offset += 4;
4724 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_service_name, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4725 offset += slen;
4726 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_userauth_method_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4727 offset += 4;
4728 const char* key_type;
4729 proto_tree_add_item_ret_string(msg_type_tree, hf_ssh_userauth_method_name, packet_tvb, offset, slen, ENC_ASCII0x00000000, pinfo->pool, (const uint8_t**)&key_type);
4730 offset += slen;
4731 if (0 == strcmp(key_type, "none")) {
4732 }else if (0 == strcmp(key_type, "publickey") || 0 == strcmp(key_type, "[email protected]")) {
4733 uint8_t bHaveSignature = tvb_get_uint8(packet_tvb, offset);
4734 int dissected_len = 0;
4735 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_have_signature, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4736 offset += 1;
4737 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_userauth_pka_name_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4738 offset += 4;
4739 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_pka_name, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4740 offset += slen;
4741 proto_item *ti;
4742 ti = proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_blob_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4743 offset += 4;
4744 dissected_len = ssh_dissect_public_key_blob(tvb_new_subset_length(packet_tvb, offset, slen), pinfo, msg_type_tree);
4745 if(dissected_len!=(int)slen){
4746 expert_add_info_format(pinfo, ti, &ei_ssh_packet_decode, "Decoded %d bytes, but packet length is %d bytes", dissected_len, slen);
4747 }
4748 offset += slen;
4749 if (0 == strcmp(key_type, "[email protected]")) {
4750 // Host key - but should we add it to global data or not?
4751 offset += ssh_tree_add_hostkey(packet_tvb, pinfo, offset, msg_type_tree, "Server host key",
4752 ett_key_exchange_host_key, NULL((void*)0));
4753 }
4754 if(bHaveSignature){
4755 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_signature_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4756 offset += 4;
4757 proto_item *signature_tree = NULL((void*)0);
4758 signature_tree = proto_tree_add_subtree(msg_type_tree, packet_tvb, offset, slen, ett_userauth_pk_signature, NULL((void*)0), "Public key signature");
4759 dissected_len = ssh_dissect_public_key_signature(packet_tvb, pinfo, offset, signature_tree) - offset;
4760 if(dissected_len!=(int)slen){
4761 expert_add_info_format(pinfo, signature_tree, &ei_ssh_packet_decode, "Decoded %d bytes, but packet length is %d bytes", dissected_len, slen);
4762 }
4763 offset += slen;
4764 }
4765 }else if (0 == strcmp(key_type, "password")) {
4766 uint8_t bChangePassword = tvb_get_uint8(packet_tvb, offset);
4767 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_change_password, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4768 offset += 1;
4769 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_userauth_password_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4770 offset += 4;
4771 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_password, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4772 offset += slen;
4773 if(bChangePassword){
4774 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_userauth_new_password_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4775 offset += 4;
4776 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_new_password, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4777 offset += slen;
4778 }
4779 }else{
4780 }
4781
4782 }else if(msg_code==SSH_MSG_USERAUTH_FAILURE51){
4783 unsigned slen;
4784 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_auth_failure_list_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4785 offset += 4;
4786 proto_tree_add_item(msg_type_tree, hf_ssh_auth_failure_list, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4787 offset += slen;
4788 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_partial_success, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
4789 offset += 1;
4790 }
4791 return offset;
4792}
4793
4794static int
4795ssh_dissect_userauth_specific(tvbuff_t *packet_tvb, packet_info *pinfo,
4796 int offset, proto_item *msg_type_tree, unsigned msg_code)
4797{
4798 if(msg_code==SSH_MSG_USERAUTH_PK_OK60){
4799 proto_item *ti;
4800 int dissected_len = 0;
4801 unsigned slen;
4802 slen = tvb_get_ntohl(packet_tvb, offset) ;
4803 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_pka_name_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
4804 offset += 4;
4805 proto_tree_add_item(msg_type_tree, hf_ssh_userauth_pka_name, packet_tvb, offset, slen, ENC_ASCII0x00000000);
4806 offset += slen;
4807 ti = proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_blob_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
4808 offset += 4;
4809 dissected_len = ssh_dissect_public_key_blob(tvb_new_subset_length(packet_tvb, offset, slen), pinfo, msg_type_tree);
4810 if(dissected_len!=(int)slen){
4811 expert_add_info_format(pinfo, ti, &ei_ssh_packet_decode, "Decoded %d bytes, but packet length is %d bytes", dissected_len, slen);
4812 }
4813 offset += slen;
4814 }
4815 return offset;
4816}
4817
4818static void
4819ssh_process_payload(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, ssh_channel_info_t *channel)
4820{
4821 tvbuff_t *next_tvb = tvb_new_subset_remaining(tvb, offset);
4822 if (channel->handle) {
4823 call_dissector(channel->handle, next_tvb, pinfo, proto_tree_get_root(tree));
4824 } else {
4825 call_data_dissector(next_tvb, pinfo, proto_tree_get_root(tree));
4826 }
4827}
4828
4829static void
4830print_ssh_fragment_tree(fragment_head *ipfd_head, proto_tree *tree, proto_tree *ssh_tree, packet_info *pinfo, tvbuff_t *next_tvb)
4831{
4832 proto_item *ssh_tree_item, *frag_tree_item;
4833
4834 /*
4835 * The subdissector thought it was completely
4836 * desegmented (although the stuff at the
4837 * end may, in turn, require desegmentation),
4838 * so we show a tree with all segments.
4839 */
4840 show_fragment_tree(ipfd_head, &ssh_segment_items,
4841 tree, pinfo, next_tvb, &frag_tree_item);
4842 /*
4843 * The toplevel fragment subtree is now
4844 * behind all desegmented data; move it
4845 * right behind the SSH tree.
4846 */
4847 ssh_tree_item = proto_tree_get_parent(ssh_tree);
4848 /* The SSH protocol item is up a few levels from the message tree */
4849 ssh_tree_item = proto_item_get_parent_nth(ssh_tree_item, 2);
4850 if (frag_tree_item && ssh_tree_item) {
4851 proto_tree_move_item(tree, ssh_tree_item, frag_tree_item);
4852 }
4853}
4854
4855static uint32_t
4856ssh_msp_fragment_id(struct tcp_multisegment_pdu *msp)
4857{
4858 /*
4859 * If a frame contains multiple PDUs, then "first_frame" is not
4860 * sufficient to uniquely identify groups of fragments. Therefore we use
4861 * the tcp reassembly functions that also test msp->seq (the position of
4862 * the initial fragment in the SSH channel).
4863 */
4864 return msp->first_frame;
4865}
4866
4867static void
4868ssh_proto_tree_add_segment_data(
4869 proto_tree *tree,
4870 tvbuff_t *tvb,
4871 int offset,
4872 int length,
4873 const char *prefix)
4874{
4875 proto_tree_add_bytes_format(
4876 tree,
4877 hf_ssh_segment_data,
4878 tvb,
4879 offset,
4880 length,
4881 NULL((void*)0),
4882 "%sSSH segment data (%u %s)",
4883 prefix != NULL((void*)0) ? prefix : "",
4884 length,
4885 plurality(length, "byte", "bytes")((length) == 1 ? ("byte") : ("bytes")));
4886}
4887
4888static void
4889desegment_ssh(tvbuff_t *tvb, packet_info *pinfo, uint32_t seq,
4890 uint32_t nxtseq, proto_tree *tree, ssh_channel_info_t *channel)
4891{
4892 fragment_head *ipfd_head;
4893 bool_Bool must_desegment;
4894 bool_Bool called_dissector;
4895 unsigned another_pdu_follows;
4896 bool_Bool another_segment_in_frame = false0;
4897 int deseg_offset, offset = 0;
4898 uint32_t deseg_seq;
4899 int nbytes;
4900 proto_item *item;
4901 struct tcp_multisegment_pdu *msp;
4902 bool_Bool first_pdu = true1;
4903
4904again:
4905 ipfd_head = NULL((void*)0);
4906 must_desegment = false0;
4907 called_dissector = false0;
4908 another_pdu_follows = 0;
4909 msp = NULL((void*)0);
4910
4911 /*
4912 * Initialize these to assume no desegmentation.
4913 * If that's not the case, these will be set appropriately
4914 * by the subdissector.
4915 */
4916 pinfo->desegment_offset = 0;
4917 pinfo->desegment_len = 0;
4918
4919 /*
4920 * Initialize this to assume that this segment will just be
4921 * added to the middle of a desegmented chunk of data, so
4922 * that we should show it all as data.
4923 * If that's not the case, it will be set appropriately.
4924 */
4925 deseg_offset = offset;
4926
4927 /* If we've seen this segment before (e.g., it's a retransmission),
4928 * there's nothing for us to do. Certainly, don't add it to the list
4929 * of multisegment_pdus (that would cause subsequent lookups to find
4930 * the retransmission instead of the original transmission, breaking
4931 * dissection of the desegmented pdu if we'd already seen the end of
4932 * the pdu).
4933 */
4934 if ((msp = (struct tcp_multisegment_pdu *)wmem_tree_lookup32(channel->multisegment_pdus, seq))) {
4935 const char *prefix;
4936 bool_Bool is_retransmission = false0;
4937
4938 if (msp->first_frame == pinfo->num) {
4939 /* This must be after the first pass. */
4940 prefix = "";
4941 if (msp->last_frame == pinfo->num) {
4942 col_clear(pinfo->cinfo, COL_INFO);
4943 } else {
4944 if (first_pdu) {
4945 col_append_sep_str(pinfo->cinfo, COL_INFO, " ", "[SSH segment of a reassembled PDU]");
4946 }
4947 }
4948 } else {
4949 prefix = "Retransmitted ";
4950 is_retransmission = true1;
4951 }
4952
4953 if (!is_retransmission) {
4954 ipfd_head = fragment_get(&ssh_reassembly_table, pinfo, msp->first_frame, msp);
4955 if (ipfd_head != NULL((void*)0) && ipfd_head->reassembled_in !=0 &&
4956 ipfd_head->reassembled_in != pinfo->num) {
4957 /* Show what frame this was reassembled in if not this one. */
4958 item=proto_tree_add_uint(tree, *ssh_segment_items.hf_reassembled_in,
4959 tvb, 0, 0, ipfd_head->reassembled_in);
4960 proto_item_set_generated(item);
4961 }
4962 }
4963 nbytes = tvb_reported_length_remaining(tvb, offset);
4964 ssh_proto_tree_add_segment_data(tree, tvb, offset, nbytes, prefix);
4965 return;
4966 }
4967
4968 /* Else, find the most previous PDU starting before this sequence number */
4969 msp = (struct tcp_multisegment_pdu *)wmem_tree_lookup32_le(channel->multisegment_pdus, seq-1);
4970 if (msp && msp->seq <= seq && msp->nxtpdu > seq) {
4971 unsigned len;
4972
4973 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
4974 msp->last_frame = pinfo->num;
4975 msp->last_frame_time = pinfo->abs_ts;
4976 }
4977
4978 /* OK, this PDU was found, which means the segment continues
4979 * a higher-level PDU and that we must desegment it.
4980 */
4981 if (msp->flags & MSP_FLAGS_REASSEMBLE_ENTIRE_SEGMENT0x00000001) {
4982 /* The dissector asked for the entire segment */
4983 len = tvb_reported_length_remaining(tvb, offset);
4984 } else {
4985 len = MIN(nxtseq, msp->nxtpdu)(((nxtseq) < (msp->nxtpdu)) ? (nxtseq) : (msp->nxtpdu
)) - seq;
4986 }
4987
4988 ipfd_head = fragment_add(&ssh_reassembly_table, tvb, offset,
4989 pinfo, ssh_msp_fragment_id(msp), msp,
4990 seq - msp->seq,
4991 len, (LT_SEQ (nxtseq,msp->nxtpdu)((int32_t)((nxtseq) - (msp->nxtpdu)) < 0)));
4992
4993 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)
4994 && msp->flags & MSP_FLAGS_REASSEMBLE_ENTIRE_SEGMENT0x00000001) {
4995 msp->flags &= (~MSP_FLAGS_REASSEMBLE_ENTIRE_SEGMENT0x00000001);
4996
4997 /* If we consumed the entire segment there is no
4998 * other pdu starting anywhere inside this segment.
4999 * So update nxtpdu to point at least to the start
5000 * of the next segment.
5001 * (If the subdissector asks for even more data we
5002 * will advance nxtpdu even further later down in
5003 * the code.)
5004 */
5005 msp->nxtpdu = nxtseq;
5006 }
5007
5008 if ( (msp->nxtpdu < nxtseq)
5009 && (msp->nxtpdu >= seq)
5010 && (len > 0)) {
5011 another_pdu_follows = msp->nxtpdu - seq;
5012 }
5013 } else {
5014 /* This segment was not found in our table, so it doesn't
5015 * contain a continuation of a higher-level PDU.
5016 * Call the normal subdissector.
5017 */
5018 ssh_process_payload(tvb, offset, pinfo, tree, channel);
5019 called_dissector = true1;
5020
5021 /* Did the subdissector ask us to desegment some more data
5022 * before it could handle the packet?
5023 * If so we have to create some structures in our table but
5024 * this is something we only do the first time we see this
5025 * packet.
5026 */
5027 if (pinfo->desegment_len) {
5028 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited))
5029 must_desegment = true1;
5030
5031 /*
5032 * Set "deseg_offset" to the offset in "tvb"
5033 * of the first byte of data that the
5034 * subdissector didn't process.
5035 */
5036 deseg_offset = offset + pinfo->desegment_offset;
5037 }
5038
5039 /* Either no desegmentation is necessary, or this is
5040 * segment contains the beginning but not the end of
5041 * a higher-level PDU and thus isn't completely
5042 * desegmented.
5043 */
5044 ipfd_head = NULL((void*)0);
5045 }
5046
5047 /* is it completely desegmented? */
5048 if (ipfd_head && ipfd_head->reassembled_in == pinfo->num) {
5049 /*
5050 * Yes, we think it is.
5051 * We only call subdissector for the last segment.
5052 * Note that the last segment may include more than what
5053 * we needed.
5054 */
5055 if (nxtseq < msp->nxtpdu) {
5056 /*
5057 * This is *not* the last segment. It is part of a PDU in the same
5058 * frame, so no another PDU can follow this one.
5059 * Do not reassemble SSH yet, it will be done in the final segment.
5060 * (If we are reassembling at FIN, we will do that in dissect_ssl()
5061 * after iterating through all the records.)
5062 * Clear the Info column and avoid displaying [SSH segment of a
5063 * reassembled PDU], the payload dissector will typically set it.
5064 * (This is needed here for the second pass.)
5065 */
5066 another_pdu_follows = 0;
5067 col_clear(pinfo->cinfo, COL_INFO);
5068 another_segment_in_frame = true1;
5069 } else {
5070 /*
5071 * OK, this is the last segment of the PDU and also the
5072 * last segment in this frame.
5073 * Let's call the subdissector with the desegmented
5074 * data.
5075 */
5076 tvbuff_t *next_tvb;
5077 int old_len;
5078
5079 /*
5080 * Reset column in case multiple SSH segments form the PDU
5081 * and this last SSH segment is not in the first TCP segment of
5082 * this frame.
5083 * XXX prevent clearing the column if the last layer is not SSH?
5084 */
5085 /* Clear column during the first pass. */
5086 col_clear(pinfo->cinfo, COL_INFO);
5087
5088 /* create a new TVB structure for desegmented data */
5089 next_tvb = tvb_new_chain(tvb, ipfd_head->tvb_data);
5090
5091 /* add desegmented data to the data source list */
5092 add_new_data_source(pinfo, next_tvb, "Reassembled SSH");
5093
5094 /* call subdissector */
5095 ssh_process_payload(next_tvb, 0, pinfo, tree, channel);
5096 called_dissector = true1;
5097
5098 /*
5099 * OK, did the subdissector think it was completely
5100 * desegmented, or does it think we need even more
5101 * data?
5102 */
5103 old_len = (int)(tvb_reported_length(next_tvb) - tvb_reported_length_remaining(tvb, offset));
5104 if (pinfo->desegment_len && pinfo->desegment_offset <= old_len) {
5105 /*
5106 * "desegment_len" isn't 0, so it needs more
5107 * data for something - and "desegment_offset"
5108 * is before "old_len", so it needs more data
5109 * to dissect the stuff we thought was
5110 * completely desegmented (as opposed to the
5111 * stuff at the beginning being completely
5112 * desegmented, but the stuff at the end
5113 * being a new higher-level PDU that also
5114 * needs desegmentation).
5115 */
5116 fragment_set_partial_reassembly(&ssh_reassembly_table,
5117 pinfo, ssh_msp_fragment_id(msp), msp);
5118 /* Update msp->nxtpdu to point to the new next
5119 * pdu boundary.
5120 */
5121 if (pinfo->desegment_len == DESEGMENT_ONE_MORE_SEGMENT0x0fffffff) {
5122 /* We want reassembly of at least one
5123 * more segment so set the nxtpdu
5124 * boundary to one byte into the next
5125 * segment.
5126 * This means that the next segment
5127 * will complete reassembly even if it
5128 * is only one single byte in length.
5129 */
5130 msp->nxtpdu = seq + tvb_reported_length_remaining(tvb, offset) + 1;
5131 msp->flags |= MSP_FLAGS_REASSEMBLE_ENTIRE_SEGMENT0x00000001;
5132 } else if (pinfo->desegment_len == DESEGMENT_UNTIL_FIN0x0ffffffe) {
5133 /* This is not the first segment, and we thought reassembly
5134 * would be done now, but now we know we desegment at FIN.
5135 * E.g., a HTTP response where the headers were split
5136 * across segments (so previous ONE_MORE_SEGMENT) and
5137 * also no Content-Length (so now DESEGMENT_UNTIL_FIN).
5138 */
5139 channel->flags |= TCP_FLOW_REASSEMBLE_UNTIL_FIN0x0001;
5140 msp->nxtpdu = nxtseq + 0x40000000;
5141 } else {
5142 msp->nxtpdu = seq + tvb_reported_length_remaining(tvb, offset) + pinfo->desegment_len;
5143 }
5144 /* Since we need at least some more data
5145 * there can be no pdu following in the
5146 * tail of this segment.
5147 */
5148 another_pdu_follows = 0;
5149 } else {
5150 /*
5151 * Show the stuff in this TCP segment as
5152 * just raw TCP segment data.
5153 */
5154 nbytes = another_pdu_follows > 0
5155 ? another_pdu_follows
5156 : tvb_reported_length_remaining(tvb, offset);
5157 ssh_proto_tree_add_segment_data(tree, tvb, offset, nbytes, NULL((void*)0));
5158
5159 /* Show details of the reassembly */
5160 print_ssh_fragment_tree(ipfd_head, proto_tree_get_root(tree), tree, pinfo, next_tvb);
5161
5162 /* Did the subdissector ask us to desegment
5163 * some more data? This means that the data
5164 * at the beginning of this segment completed
5165 * a higher-level PDU, but the data at the
5166 * end of this segment started a higher-level
5167 * PDU but didn't complete it.
5168 *
5169 * If so, we have to create some structures
5170 * in our table, but this is something we
5171 * only do the first time we see this packet.
5172 */
5173 if (pinfo->desegment_len) {
5174 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited))
5175 must_desegment = true1;
5176
5177 /* The stuff we couldn't dissect
5178 * must have come from this segment,
5179 * so it's all in "tvb".
5180 *
5181 * "pinfo->desegment_offset" is
5182 * relative to the beginning of
5183 * "next_tvb"; we want an offset
5184 * relative to the beginning of "tvb".
5185 *
5186 * First, compute the offset relative
5187 * to the *end* of "next_tvb" - i.e.,
5188 * the number of bytes before the end
5189 * of "next_tvb" at which the
5190 * subdissector stopped. That's the
5191 * length of "next_tvb" minus the
5192 * offset, relative to the beginning
5193 * of "next_tvb, at which the
5194 * subdissector stopped.
5195 */
5196 deseg_offset = ipfd_head->datalen - pinfo->desegment_offset;
5197
5198 /* "tvb" and "next_tvb" end at the
5199 * same byte of data, so the offset
5200 * relative to the end of "next_tvb"
5201 * of the byte at which we stopped
5202 * is also the offset relative to
5203 * the end of "tvb" of the byte at
5204 * which we stopped.
5205 *
5206 * Convert that back into an offset
5207 * relative to the beginning of
5208 * "tvb", by taking the length of
5209 * "tvb" and subtracting the offset
5210 * relative to the end.
5211 */
5212 deseg_offset = tvb_reported_length(tvb) - deseg_offset;
5213 }
5214 }
5215 }
5216 }
5217
5218 if (must_desegment) {
5219 /* If the dissector requested "reassemble until FIN"
5220 * just set this flag for the flow and let reassembly
5221 * proceed at normal. We will check/pick up these
5222 * reassembled PDUs later down in dissect_tcp() when checking
5223 * for the FIN flag.
5224 */
5225 if (pinfo->desegment_len == DESEGMENT_UNTIL_FIN0x0ffffffe) {
5226 channel->flags |= TCP_FLOW_REASSEMBLE_UNTIL_FIN0x0001;
5227 }
5228 /*
5229 * The sequence number at which the stuff to be desegmented
5230 * starts is the sequence number of the byte at an offset
5231 * of "deseg_offset" into "tvb".
5232 *
5233 * The sequence number of the byte at an offset of "offset"
5234 * is "seq", i.e. the starting sequence number of this
5235 * segment, so the sequence number of the byte at
5236 * "deseg_offset" is "seq + (deseg_offset - offset)".
5237 */
5238 deseg_seq = seq + (deseg_offset - offset);
5239
5240 if (((nxtseq - deseg_seq) <= 1024*1024)
5241 && (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited))) {
5242 if (pinfo->desegment_len == DESEGMENT_ONE_MORE_SEGMENT0x0fffffff) {
5243 /* The subdissector asked to reassemble using the
5244 * entire next segment.
5245 * Just ask reassembly for one more byte
5246 * but set this msp flag so we can pick it up
5247 * above.
5248 */
5249 msp = pdu_store_sequencenumber_of_next_pdu(pinfo,
5250 deseg_seq, nxtseq+1, channel->multisegment_pdus);
5251 msp->flags |= MSP_FLAGS_REASSEMBLE_ENTIRE_SEGMENT0x00000001;
5252 } else if (pinfo->desegment_len == DESEGMENT_UNTIL_FIN0x0ffffffe) {
5253 /* Set nxtseq very large so that reassembly won't happen
5254 * until we force it at the end of the stream in dissect_ssl()
5255 * outside this function.
5256 */
5257 msp = pdu_store_sequencenumber_of_next_pdu(pinfo,
5258 deseg_seq, nxtseq+0x40000000, channel->multisegment_pdus);
5259 } else {
5260 msp = pdu_store_sequencenumber_of_next_pdu(pinfo,
5261 deseg_seq, nxtseq+pinfo->desegment_len, channel->multisegment_pdus);
5262 }
5263
5264 /* add this segment as the first one for this new pdu */
5265 fragment_add(&ssh_reassembly_table, tvb, deseg_offset,
5266 pinfo, ssh_msp_fragment_id(msp), msp,
5267 0, nxtseq - deseg_seq,
5268 LT_SEQ(nxtseq, msp->nxtpdu)((int32_t)((nxtseq) - (msp->nxtpdu)) < 0));
5269 }
5270 }
5271
5272 if (!called_dissector || pinfo->desegment_len != 0) {
5273 if (ipfd_head != NULL((void*)0) && ipfd_head->reassembled_in != 0 &&
5274 ipfd_head->reassembled_in != pinfo->num &&
5275 !(ipfd_head->flags & FD_PARTIAL_REASSEMBLY0x0040)) {
5276 /*
5277 * We know what other frame this PDU is reassembled in;
5278 * let the user know.
5279 */
5280 item=proto_tree_add_uint(tree, *ssh_segment_items.hf_reassembled_in,
5281 tvb, 0, 0, ipfd_head->reassembled_in);
5282 proto_item_set_generated(item);
5283 }
5284
5285 /*
5286 * Either we didn't call the subdissector at all (i.e.,
5287 * this is a segment that contains the middle of a
5288 * higher-level PDU, but contains neither the beginning
5289 * nor the end), or the subdissector couldn't dissect it
5290 * all, as some data was missing (i.e., it set
5291 * "pinfo->desegment_len" to the amount of additional
5292 * data it needs).
5293 */
5294 if (!another_segment_in_frame && pinfo->desegment_offset == 0) {
5295 /*
5296 * It couldn't, in fact, dissect any of it (the
5297 * first byte it couldn't dissect is at an offset
5298 * of "pinfo->desegment_offset" from the beginning
5299 * of the payload, and that's 0).
5300 * Just mark this as SSH.
5301 */
5302
5303 /* SFTP checks the length before setting the protocol column.
5304 * If other subdissectors don't do this, we'd want to set the
5305 * protocol column back - but we want to get the SSH version
5306 */
5307 //col_set_str(pinfo->cinfo, COL_PROTOCOL,
5308 // val_to_str_const(session->version, ssl_version_short_names, "SSH"));
5309 if (first_pdu) {
5310 col_append_sep_str(pinfo->cinfo, COL_INFO, " ", "[SSH segment of a reassembled PDU]");
5311 }
5312 }
5313
5314 /*
5315 * Show what's left in the packet as just raw SSH segment data.
5316 * XXX - remember what protocol the last subdissector
5317 * was, and report it as a continuation of that, instead?
5318 */
5319 nbytes = tvb_reported_length_remaining(tvb, deseg_offset);
5320 ssh_proto_tree_add_segment_data(tree, tvb, deseg_offset, nbytes, NULL((void*)0));
5321 }
5322 pinfo->can_desegment = 0;
5323 pinfo->desegment_offset = 0;
5324 pinfo->desegment_len = 0;
5325
5326 if (another_pdu_follows) {
5327 /* there was another pdu following this one. */
5328 pinfo->can_desegment=2;
5329 /* we also have to prevent the dissector from changing the
5330 * PROTOCOL and INFO colums since what follows may be an
5331 * incomplete PDU and we don't want it be changed back from
5332 * <Protocol> to <SSH>
5333 */
5334 col_set_fence(pinfo->cinfo, COL_INFO);
5335 col_set_writable(pinfo->cinfo, COL_PROTOCOL, false0);
5336 first_pdu = false0;
5337 offset += another_pdu_follows;
5338 seq += another_pdu_follows;
5339 goto again;
5340 }
5341}
5342
5343static void
5344ssh_dissect_channel_data(tvbuff_t *tvb, packet_info *pinfo,
5345 struct ssh_peer_data *peer_data _U___attribute__((unused)), proto_tree *tree,
5346 ssh_message_info_t *message _U___attribute__((unused)), ssh_channel_info_t *channel)
5347{
5348
5349 uint16_t save_can_desegment = pinfo->can_desegment;
5350
5351 if (ssh_desegment) {
5352 pinfo->can_desegment = 2;
5353 desegment_ssh(tvb, pinfo, message->byte_seq, message->next_byte_seq, tree, channel);
5354 } else {
5355 pinfo->can_desegment = 0;
5356 bool_Bool save_fragmented = pinfo->fragmented;
5357 pinfo->fragmented = true1;
5358
5359 ssh_process_payload(tvb, 0, pinfo, tree, channel);
5360 pinfo->fragmented = save_fragmented;
5361 }
5362
5363 pinfo->can_desegment = save_can_desegment;
5364}
5365
5366static int
5367ssh_dissect_term_modes(tvbuff_t *tvb, packet_info *pinfo _U___attribute__((unused)), proto_tree *tree)
5368{
5369 proto_item *ti;
5370 proto_tree *term_mode_tree, *subtree;
5371 unsigned offset = 0;
5372 uint32_t opcode, value, idx;
5373 bool_Bool boolval;
5374
5375 struct tty_opt_info {
5376 unsigned id;
5377 int *hfindex;
5378 };
5379 static const struct tty_opt_info tty_opts[] = {
5380 { SSH_TTY_OP_END0, NULL((void*)0)},
5381 { SSH_TTY_OP_VINTR1, &hf_ssh_pty_term_mode_vintr },
5382 { SSH_TTY_OP_VQUIT2, &hf_ssh_pty_term_mode_vquit },
5383 { SSH_TTY_OP_VERASE3, &hf_ssh_pty_term_mode_verase },
5384 { SSH_TTY_OP_VKILL4, &hf_ssh_pty_term_mode_vkill },
5385 { SSH_TTY_OP_VEOF5, &hf_ssh_pty_term_mode_veof },
5386 { SSH_TTY_OP_VEOL6, &hf_ssh_pty_term_mode_veol },
5387 { SSH_TTY_OP_VEOL27, &hf_ssh_pty_term_mode_veol2 },
5388 { SSH_TTY_OP_VSTART8, &hf_ssh_pty_term_mode_vstart },
5389 { SSH_TTY_OP_VSTOP9, &hf_ssh_pty_term_mode_vstop },
5390 { SSH_TTY_OP_VSUSP10, &hf_ssh_pty_term_mode_vsusp },
5391 { SSH_TTY_OP_VDSUSP11, &hf_ssh_pty_term_mode_vdsusp },
5392 { SSH_TTY_OP_VREPRINT12, &hf_ssh_pty_term_mode_vreprint },
5393 { SSH_TTY_OP_VWERASE13, &hf_ssh_pty_term_mode_vwerase },
5394 { SSH_TTY_OP_VLNEXT14, &hf_ssh_pty_term_mode_vlnext },
5395 { SSH_TTY_OP_VFLUSH15, &hf_ssh_pty_term_mode_vflush },
5396 { SSH_TTY_OP_VSWTCH16, &hf_ssh_pty_term_mode_vswtch },
5397 { SSH_TTY_OP_VSTATUS17, &hf_ssh_pty_term_mode_vstatus },
5398 { SSH_TTY_OP_VDISCARD18, &hf_ssh_pty_term_mode_vdiscard },
5399 { SSH_TTY_OP_IGNPAR30, &hf_ssh_pty_term_mode_ignpar },
5400 { SSH_TTY_OP_PARMRK31, &hf_ssh_pty_term_mode_parmrk },
5401 { SSH_TTY_OP_INPCK32, &hf_ssh_pty_term_mode_inpck },
5402 { SSH_TTY_OP_ISTRIP33, &hf_ssh_pty_term_mode_istrip },
5403 { SSH_TTY_OP_INLCR34, &hf_ssh_pty_term_mode_inlcr },
5404 { SSH_TTY_OP_IGNCR35, &hf_ssh_pty_term_mode_igncr },
5405 { SSH_TTY_OP_ICRNL36, &hf_ssh_pty_term_mode_icrnl },
5406 { SSH_TTY_OP_IUCLC37, &hf_ssh_pty_term_mode_iuclc },
5407 { SSH_TTY_OP_IXON38, &hf_ssh_pty_term_mode_ixon },
5408 { SSH_TTY_OP_IXANY39, &hf_ssh_pty_term_mode_ixany },
5409 { SSH_TTY_OP_IXOFF40, &hf_ssh_pty_term_mode_ixoff },
5410 { SSH_TTY_OP_IMAXBEL41, &hf_ssh_pty_term_mode_imaxbel },
5411 { SSH_TTY_OP_IUTF842, &hf_ssh_pty_term_mode_iutf8 },
5412 { SSH_TTY_OP_ISIG50, &hf_ssh_pty_term_mode_isig },
5413 { SSH_TTY_OP_ICANON51, &hf_ssh_pty_term_mode_icanon },
5414 { SSH_TTY_OP_XCASE52, &hf_ssh_pty_term_mode_xcase },
5415 { SSH_TTY_OP_ECHO53, &hf_ssh_pty_term_mode_echo },
5416 { SSH_TTY_OP_ECHOE54, &hf_ssh_pty_term_mode_echoe },
5417 { SSH_TTY_OP_ECHOK55, &hf_ssh_pty_term_mode_echok },
5418 { SSH_TTY_OP_ECHONL56, &hf_ssh_pty_term_mode_echonl },
5419 { SSH_TTY_OP_NOFLSH57, &hf_ssh_pty_term_mode_noflsh },
5420 { SSH_TTY_OP_TOSTOP58, &hf_ssh_pty_term_mode_tostop },
5421 { SSH_TTY_OP_IEXTEN59, &hf_ssh_pty_term_mode_iexten },
5422 { SSH_TTY_OP_ECHOCTL60, &hf_ssh_pty_term_mode_echoctl },
5423 { SSH_TTY_OP_ECHOKE61, &hf_ssh_pty_term_mode_echoke },
5424 { SSH_TTY_OP_PENDIN62, &hf_ssh_pty_term_mode_pendin },
5425 { SSH_TTY_OP_OPOST70, &hf_ssh_pty_term_mode_opost },
5426 { SSH_TTY_OP_OLCUC71, &hf_ssh_pty_term_mode_olcuc },
5427 { SSH_TTY_OP_ONLCR72, &hf_ssh_pty_term_mode_onlcr },
5428 { SSH_TTY_OP_OCRNL73, &hf_ssh_pty_term_mode_ocrnl },
5429 { SSH_TTY_OP_ONOCR74, &hf_ssh_pty_term_mode_onocr },
5430 { SSH_TTY_OP_ONLRET75, &hf_ssh_pty_term_mode_onlret },
5431 { SSH_TTY_OP_CS790, &hf_ssh_pty_term_mode_cs7 },
5432 { SSH_TTY_OP_CS891, &hf_ssh_pty_term_mode_cs8 },
5433 { SSH_TTY_OP_PARENB92, &hf_ssh_pty_term_mode_parenb },
5434 { SSH_TTY_OP_PARODD93, &hf_ssh_pty_term_mode_parodd },
5435 { SSH_TTY_OP_ISPEED128, &hf_ssh_pty_term_mode_ispeed },
5436 { SSH_TTY_OP_OSPEED129, &hf_ssh_pty_term_mode_ospeed }
5437 };
5438
5439 ti = proto_tree_add_item(tree, hf_ssh_pty_term_modes, tvb, offset, tvb_reported_length(tvb), ENC_NA0x00000000);
5440 term_mode_tree = proto_item_add_subtree(ti, ett_term_modes);
5441 while (tvb_reported_length_remaining(tvb, offset)) {
5442 ti = proto_tree_add_item(term_mode_tree, hf_ssh_pty_term_mode, tvb, offset, 5, ENC_NA0x00000000);
5443 subtree = proto_item_add_subtree(ti, ett_term_mode);
5444 proto_tree_add_item_ret_uint(subtree, hf_ssh_pty_term_mode_opcode, tvb, offset, 1, ENC_NA0x00000000, &opcode);
5445 proto_item_append_text(ti, ": %s", val_to_str_const(opcode, ssh_tty_op_vals, "Unknown"));
5446 offset += 1;
5447 if (opcode == SSH_TTY_OP_END0) {
5448 break;
5449 }
5450 for (idx = 0; idx < array_length(tty_opts)(sizeof (tty_opts) / sizeof (tty_opts)[0]); idx++) {
5451 if (tty_opts[idx].id == opcode) break;
5452 }
5453 if (idx >= array_length(tty_opts)(sizeof (tty_opts) / sizeof (tty_opts)[0])) {
5454 proto_tree_add_item_ret_uint(subtree, hf_ssh_pty_term_mode_value, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &value);
5455 proto_item_append_text(ti, "=%d", value);
5456 } else {
5457 DISSECTOR_ASSERT(tty_opts[idx].hfindex)((void) ((tty_opts[idx].hfindex) ? (void)0 : (proto_report_dissector_bug
("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-ssh.c"
, 5457, "tty_opts[idx].hfindex"))));
5458 int hfindex = *tty_opts[idx].hfindex;
5459 switch (proto_registrar_get_ftype(hfindex)) {
5460 case FT_BOOLEAN:
5461 proto_tree_add_item_ret_boolean(subtree, hfindex, tvb, offset + 3, 1, ENC_NA0x00000000, &boolval);
5462 proto_item_append_text(ti, "=%s", boolval ? "True" : "False");
5463 break;
5464 case FT_CHAR:
5465 proto_tree_add_item_ret_uint(subtree, hfindex, tvb, offset + 3, 1, ENC_NA0x00000000, &value);
5466 proto_item_append_text(ti, "='%s'", format_char(pinfo->pool, (char)value));
5467 break;
5468 case FT_UINT32:
5469 proto_tree_add_item_ret_uint(subtree, hfindex, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &value);
5470 proto_item_append_text(ti, "=%d", value);
5471 break;
5472 default:
5473 DISSECTOR_ASSERT_NOT_REACHED()(proto_report_dissector_bug("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\""
, "epan/dissectors/packet-ssh.c", 5473));
5474 }
5475 }
5476 offset += 4;
5477 }
5478 return offset;
5479}
5480
5481static int
5482ssh_dissect_connection_specific(tvbuff_t *packet_tvb, packet_info *pinfo,
5483 struct ssh_peer_data *peer_data, int offset, proto_tree *msg_type_tree,
5484 unsigned msg_code, ssh_message_info_t *message)
5485{
5486 uint32_t recipient_channel, sender_channel;
5487
5488 if (msg_code == SSH_MSG_CHANNEL_OPEN90) {
5489 uint32_t slen;
5490 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_connection_type_name_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
5491 offset += 4;
5492 proto_tree_add_item(msg_type_tree, hf_ssh_connection_type_name, packet_tvb, offset, slen, ENC_UTF_80x00000002);
5493 offset += slen;
5494 proto_tree_add_item(msg_type_tree, hf_ssh_connection_sender_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5495 offset += 4;
5496 proto_tree_add_item(msg_type_tree, hf_ssh_connection_initial_window, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5497 offset += 4;
5498 proto_tree_add_item(msg_type_tree, hf_ssh_connection_maximum_packet_size, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5499 offset += 4;
5500 } else if (msg_code == SSH_MSG_CHANNEL_OPEN_CONFIRMATION91) {
5501 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &recipient_channel);
5502 offset += 4;
5503 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_connection_sender_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &sender_channel);
5504 offset += 4;
5505 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
5506 create_channel(peer_data, recipient_channel, sender_channel);
5507 }
5508 proto_tree_add_item(msg_type_tree, hf_ssh_connection_initial_window, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5509 offset += 4;
5510 proto_tree_add_item(msg_type_tree, hf_ssh_connection_maximum_packet_size, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5511 offset += 4;
5512 } else if (msg_code == SSH_MSG_CHANNEL_WINDOW_ADJUST93) {
5513 proto_tree_add_item(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5514 offset += 4;
5515 proto_tree_add_item(msg_type_tree, hf_ssh_channel_window_adjust, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); // TODO: maintain count of transferred bytes and window size
5516 offset += 4;
5517 } else if (msg_code == SSH_MSG_CHANNEL_DATA94) {
5518 proto_item* ti = proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &recipient_channel);
5519 offset += 4;
5520 // TODO: process according to the type of channel
5521 uint32_t slen;
5522 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_channel_data_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
5523 offset += 4;
5524 tvbuff_t* next_tvb = tvb_new_subset_length(packet_tvb, offset, slen);
5525
5526 ssh_channel_info_t* channel = get_channel_info_for_channel(peer_data, recipient_channel);
5527 if (channel) {
5528 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
5529 message->byte_seq = channel->byte_seq;
5530 channel->byte_seq += slen;
5531 message->next_byte_seq = channel->byte_seq;
5532 }
5533 ssh_dissect_channel_data(next_tvb, pinfo, peer_data, msg_type_tree, message, channel);
5534 } else {
5535 expert_add_info_format(pinfo, ti, &ei_ssh_channel_number, "Could not find configuration for channel %d", recipient_channel);
5536 }
5537 offset += slen;
5538 } else if (msg_code == SSH_MSG_CHANNEL_EXTENDED_DATA95) {
5539 proto_item* ti = proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &recipient_channel);
5540 offset += 4;
5541 // TODO: process according to the type of channel
5542 proto_tree_add_item(msg_type_tree, hf_ssh_channel_data_type_code, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5543 offset += 4;
5544 uint32_t slen;
5545 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_channel_data_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
5546 offset += 4;
5547 tvbuff_t* next_tvb = tvb_new_subset_length(packet_tvb, offset, slen);
5548
5549 ssh_channel_info_t* channel = get_channel_info_for_channel(peer_data, recipient_channel);
5550 if (channel) {
5551 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
5552 message->byte_seq = channel->byte_seq;
5553 channel->byte_seq += slen;
5554 message->next_byte_seq = channel->byte_seq;
5555 }
5556 ssh_dissect_channel_data(next_tvb, pinfo, peer_data, msg_type_tree, message, channel);
5557 } else {
5558 expert_add_info_format(pinfo, ti, &ei_ssh_channel_number, "Could not find configuration for channel %d", recipient_channel);
5559 }
5560 offset += slen;
5561 } else if (msg_code == SSH_MSG_CHANNEL_EOF96) {
5562 proto_tree_add_item(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5563 offset += 4;
5564 } else if (msg_code == SSH_MSG_CHANNEL_CLOSE97) {
5565 proto_tree_add_item(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5566 offset += 4;
5567 } else if (msg_code == SSH_MSG_CHANNEL_REQUEST98) {
5568 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &recipient_channel);
5569 offset += 4;
5570 const char* request_name;
5571 uint32_t slen;
5572 int item_len;
5573 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_channel_request_name_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
5574 offset += 4;
5575 proto_tree_add_item_ret_string(msg_type_tree, hf_ssh_channel_request_name, packet_tvb, offset, slen, ENC_UTF_80x00000002, pinfo->pool, (const uint8_t**)&request_name);
5576 offset += slen;
5577 proto_tree_add_item(msg_type_tree, hf_ssh_channel_request_want_reply, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
5578 offset += 1;
5579 /* RFC 4254 6.5: "Only one of these requests ["shell", "exec",
5580 * or "subsystem"] can succeed per channel." Set up the
5581 * appropriate handler for future CHANNEL_DATA and
5582 * CHANNEL_EXTENDED_DATA messages on the channel.
5583 *
5584 * XXX - For "shell" and "exec", it might make more sense to send
5585 * CHANNEL_DATA to the "data-text-lines" dissector rather than "data".
5586 * Ideally if a pty has been setup there would be a way to interpret
5587 * the escape codes.
5588 */
5589 if (0 == strcmp(request_name, "subsystem")) {
5590 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_subsystem_name_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
5591 offset += 4;
5592 const char* subsystem_name;
5593 proto_tree_add_item_ret_string(msg_type_tree, hf_ssh_subsystem_name, packet_tvb, offset, slen, ENC_UTF_80x00000002, pinfo->pool, (const uint8_t**)&subsystem_name);
5594 set_subdissector_for_channel(peer_data, recipient_channel, subsystem_name);
5595 offset += slen;
5596 } else if (0 == strcmp(request_name, "env")) {
5597 /* The encoding for "env" variables and "exec" commands is not
5598 * specified in the SSH protocol, and must match whatever the
5599 * server expects. (Unlike CHANNEL_DATA, it is not affected by
5600 * whatever is in "env" or anything else in the protocol, and the
5601 * strings are passed to execve directly.) In practice the strings
5602 * must not have internal NULs (no UTF-16), and OpenSSH for Windows
5603 * and IBM z/OS force the use of UTF-8 and ISO-8859-1, respectively.
5604 *
5605 * These will probably be ASCII-compatible.
5606 */
5607 proto_tree_add_item_ret_length(msg_type_tree, hf_ssh_env_name, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000 | ENC_UTF_80x00000002, &item_len);
5608 offset += item_len;
5609 proto_tree_add_item_ret_length(msg_type_tree, hf_ssh_env_value, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000 | ENC_UTF_80x00000002, &item_len);
5610 offset += item_len;
5611 } else if (0 == strcmp(request_name, "exec")) {
5612 proto_tree_add_item_ret_length(msg_type_tree, hf_ssh_exec_cmd, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000 | ENC_UTF_80x00000002, &item_len);
5613 offset += item_len;
5614 set_subdissector_for_channel(peer_data, recipient_channel, "exec");
5615 } else if (0 == strcmp(request_name, "exit-status")) {
5616 proto_tree_add_item(msg_type_tree, hf_ssh_exit_status, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5617 offset += 4;
5618 } else if (0 == strcmp(request_name, "shell")) {
5619 set_subdissector_for_channel(peer_data, recipient_channel, "shell");
5620 } else if (0 == strcmp(request_name, "pty-req")) {
5621 proto_tree_add_item_ret_length(msg_type_tree, hf_ssh_pty_term, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000 | ENC_UTF_80x00000002, &item_len);
5622 offset += item_len;
5623 proto_tree_add_item(msg_type_tree, hf_ssh_pty_term_width_char, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5624 offset += 4;
5625 proto_tree_add_item(msg_type_tree, hf_ssh_pty_term_height_row, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5626 offset += 4;
5627 proto_tree_add_item(msg_type_tree, hf_ssh_pty_term_width_pixel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5628 offset += 4;
5629 proto_tree_add_item(msg_type_tree, hf_ssh_pty_term_height_pixel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5630 offset += 4;
5631 proto_tree_add_item_ret_uint(msg_type_tree, hf_ssh_pty_term_modes_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
5632 offset += 4;
5633 offset += ssh_dissect_term_modes(tvb_new_subset_length(packet_tvb, offset, slen), pinfo, msg_type_tree);
5634 }
5635 } else if (msg_code == SSH_MSG_CHANNEL_SUCCESS99) {
5636 proto_tree_add_item(msg_type_tree, hf_ssh_connection_recipient_channel, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5637 offset += 4;
5638 }
5639 return offset;
5640}
5641
5642/* Channel mapping {{{ */
5643
5644/* The usual flow:
5645 * 1. client sends SSH_MSG_CHANNEL_OPEN with its (sender) channel number
5646 * 2. server responds with SSH_MSG_CHANNEL_OPEN_CONFIRMATION with
5647 * its channel number and echoing the client's number, creating
5648 * a bijective map
5649 * 3. client sends SSH_MSG_CHANNEL_REQUEST which has the name of
5650 * the shell, command, or subsystem to start. This has the recipient's
5651 * channel number (i.e. the server's)
5652 * 4. server may send back a SSG_MSG_CHANNEL_SUCCESS (or _FAILURE) with
5653 * the the recipient (i.e., client) channel number, but this does not
5654 * contain the subsystem name or anything identifying the request to
5655 * which it responds. It MUST be sent in the same order as the
5656 * corresponding request message (RFC 4254 4 Global Requests), so we
5657 * could track it that way, but for our purposes we just treat all
5658 * requests as successes. (If not, either there won't be data or another
5659 * request will supercede it later.)
5660 *
5661 * Either side can open a channel (RFC 4254 5 Channel Mechanism). The
5662 * typical flow is the client opening a channel, but in the case of
5663 * remote port forwarding (7 TCP/IP Port Forwarding) the directions are
5664 * swapped. For port forwarding, all the information is contained in the
5665 * SSH_MSG_CHANNEL_OPEN, there is no SSH_MSG_CHANNEL_REQUEST.
5666*
5667 * XXX: Channel numbers can be re-used after being closed (5.3 Closing a
5668 * Channel), but not necessarily mapped to the same channel number on the
5669 * other side. If that actually happens, the right way to handle this is
5670 * to track the state changes over time for random packet access (e.g.,
5671 * using a multimap with the packet number instead of maps.)
5672 */
5673
5674static struct ssh_peer_data*
5675get_other_peer_data(struct ssh_peer_data *peer_data)
5676{
5677 bool_Bool is_server = &peer_data->global_data->peer_data[SERVER_PEER_DATA1]==peer_data;
5678 if (is_server) {
5679 return &peer_data->global_data->peer_data[CLIENT_PEER_DATA0];
5680 } else {
5681 return &peer_data->global_data->peer_data[SERVER_PEER_DATA1];
5682 }
5683}
5684
5685/* Create pairings between a recipient channel and the sender's channel,
5686 * from a SSH_MSG_CHANNEL_OPEN_CONFIRMATION. */
5687static void
5688create_channel(struct ssh_peer_data *peer_data, uint32_t recipient_channel, uint32_t sender_channel)
5689{
5690 if (peer_data->channel_info == NULL((void*)0)) {
5691 peer_data->channel_info = wmem_map_new(wmem_file_scope(), g_direct_hash, g_direct_equal);
5692 }
5693 wmem_map_insert(peer_data->channel_info, GUINT_TO_POINTER(sender_channel)((gpointer) (gulong) (sender_channel)), GUINT_TO_POINTER(recipient_channel)((gpointer) (gulong) (recipient_channel)));
5694
5695 if (peer_data->channel_handles == NULL((void*)0)) {
5696 peer_data->channel_handles = wmem_map_new(wmem_file_scope(), g_direct_hash, g_direct_equal);
5697 }
5698
5699 ssh_channel_info_t *new_channel = wmem_new0(wmem_file_scope(), ssh_channel_info_t)((ssh_channel_info_t*)wmem_alloc0((wmem_file_scope()), sizeof
(ssh_channel_info_t)));
5700 new_channel->multisegment_pdus = wmem_tree_new(wmem_file_scope());
5701 wmem_map_insert(peer_data->channel_handles, GUINT_TO_POINTER(recipient_channel)((gpointer) (gulong) (recipient_channel)), new_channel);
5702
5703 /* If the recipient channel is already configured in the other direction,
5704 * set the handle. We need this if we eventually handle port forwarding,
5705 * where all the information to handle the traffic is sent in the
5706 * SSH_MSG_CHANNEL_OPEN message before the CONFIRMATION. It might also
5707 * help if the packets are out of order (i.e. we get the client
5708 * CHANNEL_REQUEST before the CHANNEL_OPEN_CONFIRMATION.)
5709 */
5710 struct ssh_peer_data *other_peer_data = get_other_peer_data(peer_data);
5711 if (other_peer_data->channel_handles) {
5712 ssh_channel_info_t *peer_channel = wmem_map_lookup(other_peer_data->channel_handles, GUINT_TO_POINTER(sender_channel)((gpointer) (gulong) (sender_channel)));
5713 if (peer_channel) {
5714 new_channel->handle = peer_channel->handle;
5715 }
5716 }
5717}
5718
5719static ssh_channel_info_t*
5720get_channel_info_for_channel(struct ssh_peer_data *peer_data, uint32_t recipient_channel)
5721{
5722 if (peer_data->channel_handles == NULL((void*)0)) {
5723 return NULL((void*)0);
5724 }
5725 ssh_channel_info_t *channel = wmem_map_lookup(peer_data->channel_handles, GUINT_TO_POINTER(recipient_channel)((gpointer) (gulong) (recipient_channel)));
5726
5727 return channel;
5728}
5729
5730static void
5731set_subdissector_for_channel(struct ssh_peer_data *peer_data, uint32_t recipient_channel, const char* subsystem_name)
5732{
5733 dissector_handle_t handle = NULL((void*)0);
5734 if (0 == strcmp(subsystem_name, "sftp")) {
5735 handle = sftp_handle;
5736 } else if (0 == strcmp(subsystem_name, "shell") ||
5737 0 == strcmp(subsystem_name, "exec")) {
5738 handle = data_text_lines_handle;
5739 }
5740
5741 if (handle) {
5742 /* Map this handle to the recipient channel */
5743 ssh_channel_info_t *channel = NULL((void*)0);
5744 if (peer_data->channel_handles == NULL((void*)0)) {
5745 peer_data->channel_handles = wmem_map_new(wmem_file_scope(), g_direct_hash, g_direct_equal);
5746 } else {
5747 channel = wmem_map_lookup(peer_data->channel_handles, GUINT_TO_POINTER(recipient_channel)((gpointer) (gulong) (recipient_channel)));
5748 }
5749 if (channel == NULL((void*)0)) {
5750 channel = wmem_new0(wmem_file_scope(), ssh_channel_info_t)((ssh_channel_info_t*)wmem_alloc0((wmem_file_scope()), sizeof
(ssh_channel_info_t)));
5751 channel->multisegment_pdus = wmem_tree_new(wmem_file_scope());
5752 wmem_map_insert(peer_data->channel_handles, GUINT_TO_POINTER(recipient_channel)((gpointer) (gulong) (recipient_channel)), channel);
5753 }
5754 channel->handle = handle;
5755
5756 /* This recipient channel is the sender channel for the other side.
5757 * Do we know what the recipient channel on the other side is? */
5758 struct ssh_peer_data *other_peer_data = get_other_peer_data(peer_data);
5759
5760 wmem_map_t *channel_info = other_peer_data->channel_info;
5761 if (channel_info) {
5762 void *sender_channel_p;
5763 if (wmem_map_lookup_extended(channel_info, GUINT_TO_POINTER(recipient_channel)((gpointer) (gulong) (recipient_channel)), NULL((void*)0), &sender_channel_p)) {
5764 uint32_t sender_channel = GPOINTER_TO_UINT(sender_channel_p)((guint) (gulong) (sender_channel_p));
5765 /* Yes. See the handle for the other side too. */
5766 if (other_peer_data->channel_handles == NULL((void*)0)) {
5767 other_peer_data->channel_handles = wmem_map_new(wmem_file_scope(), g_direct_hash, g_direct_equal);
5768 channel = NULL((void*)0);
5769 } else {
5770 channel = wmem_map_lookup(other_peer_data->channel_handles, GUINT_TO_POINTER(sender_channel)((gpointer) (gulong) (sender_channel)));
5771 }
5772 if (channel == NULL((void*)0)) {
5773 channel = wmem_new0(wmem_file_scope(), ssh_channel_info_t)((ssh_channel_info_t*)wmem_alloc0((wmem_file_scope()), sizeof
(ssh_channel_info_t)));
5774 channel->multisegment_pdus = wmem_tree_new(wmem_file_scope());
5775 wmem_map_insert(other_peer_data->channel_handles, GUINT_TO_POINTER(sender_channel)((gpointer) (gulong) (sender_channel)), channel);
5776 }
5777 channel->handle = handle;
5778 }
5779 }
5780 }
5781}
5782
5783/* Channel mapping. }}} */
5784
5785static int
5786ssh_dissect_connection_generic(tvbuff_t *packet_tvb, packet_info *pinfo,
5787 int offset, proto_item *msg_type_tree, unsigned msg_code)
5788{
5789 (void)pinfo;
5790 if(msg_code==SSH_MSG_GLOBAL_REQUEST80){
5791 const char* request_name;
5792 unsigned slen;
5793 slen = tvb_get_ntohl(packet_tvb, offset) ;
5794 proto_tree_add_item(msg_type_tree, hf_ssh_global_request_name_len, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5795 offset += 4;
5796 request_name = (char*)tvb_get_string_enc(pinfo->pool, packet_tvb, offset, slen, ENC_ASCII0x00000000|ENC_NA0x00000000);
5797 proto_tree_add_item(msg_type_tree, hf_ssh_global_request_name, packet_tvb, offset, slen, ENC_ASCII0x00000000);
5798 offset += slen;
5799 proto_tree_add_item(msg_type_tree, hf_ssh_global_request_want_reply, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
5800 offset += 1;
5801 if (0 == strcmp(request_name, "[email protected]") ||
5802 0 == strcmp(request_name, "[email protected]")) {
5803 while (tvb_reported_length_remaining(packet_tvb, offset)) {
5804 offset += ssh_tree_add_hostkey(packet_tvb, pinfo, offset, msg_type_tree,
5805 "Server host key", ett_key_exchange_host_key, NULL((void*)0));
5806 }
5807 }
5808 }
5809 return offset;
5810}
5811
5812static int
5813ssh_dissect_local_extension(tvbuff_t *packet_tvb, packet_info *pinfo,
5814 int offset, struct ssh_peer_data *peer_data, proto_item *msg_type_tree, unsigned msg_code) {
5815 unsigned slen;
5816 if (peer_data->global_data->ext_ping_openssh_offered && msg_code >= SSH_MSG_PING192 && msg_code <= SSH_MSG_PONG193) {
5817 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0), val_to_str(pinfo->pool, msg_code, ssh2_ext_ping_msg_vals, "Unknown (%u)"));
5818 proto_tree_add_item(msg_type_tree, hf_ssh2_ext_ping_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
5819 offset += 1;
5820 if (msg_code == SSH_MSG_PING192) {
5821 slen = tvb_get_ntohl(packet_tvb, offset) ;
5822 proto_tree_add_item(msg_type_tree, hf_ssh_ping_data_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5823 offset += 4;
5824 proto_tree_add_item(msg_type_tree, hf_ssh_ping_data, packet_tvb, offset, slen, ENC_NA0x00000000);
5825 offset += slen;
5826 } else if (msg_code == SSH_MSG_PONG193) {
5827 slen = tvb_get_ntohl(packet_tvb, offset) ;
5828 proto_tree_add_item(msg_type_tree, hf_ssh_pong_data_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5829 offset += 4;
5830 proto_tree_add_item(msg_type_tree, hf_ssh_pong_data, packet_tvb, offset, slen, ENC_NA0x00000000);
5831 offset += slen;
5832 }
5833 } else {
5834 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL((void*)0), val_to_str(pinfo->pool, msg_code, ssh2_msg_vals, "Unknown (%u)"));
5835 proto_tree_add_item(msg_type_tree, hf_ssh2_msg_code, packet_tvb, offset, 1, ENC_BIG_ENDIAN0x00000000);
5836 offset += 1;
5837 }
5838 return offset;
5839}
5840
5841static int
5842ssh_dissect_public_key_blob(tvbuff_t *tvb, packet_info *pinfo, proto_item *tree)
5843{
5844 uint32_t slen;
5845 const char* key_type;
5846
5847 unsigned offset = 0;
5848 proto_tree *blob_tree = NULL((void*)0);
5849 proto_item *blob_item = NULL((void*)0);
5850
5851 blob_item = proto_tree_add_item(tree, hf_ssh_blob, tvb, offset, tvb_reported_length(tvb), ENC_NA0x00000000);
5852 blob_tree = proto_item_add_subtree(blob_item, ett_userauth_pk_blob);
5853 proto_tree_add_item_ret_uint(blob_tree, hf_ssh_pk_blob_name_length, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &slen);
5854 offset += 4;
5855 proto_tree_add_item_ret_string(blob_tree, hf_ssh_pk_blob_name, tvb, offset, slen, ENC_ASCII0x00000000, pinfo->pool, (const uint8_t**)&key_type);
5856 proto_item_append_text(blob_item, " (type: %s)", key_type);
5857 offset += slen;
5858
5859 if (0 == strcmp(key_type, "ssh-rsa")) {
5860 offset += ssh_tree_add_mpint(tvb, offset, blob_tree, hf_ssh_blob_e);
5861 offset += ssh_tree_add_mpint(tvb, offset, blob_tree, hf_ssh_blob_n);
5862 } else if (0 == strcmp(key_type, "ssh-dss")) {
5863 offset += ssh_tree_add_mpint(tvb, offset, blob_tree, hf_ssh_blob_dsa_p);
5864 offset += ssh_tree_add_mpint(tvb, offset, blob_tree, hf_ssh_blob_dsa_q);
5865 offset += ssh_tree_add_mpint(tvb, offset, blob_tree, hf_ssh_blob_dsa_g);
5866 offset += ssh_tree_add_mpint(tvb, offset, blob_tree, hf_ssh_blob_dsa_y);
5867 } else if (g_str_has_prefix(key_type, "ecdsa-sha2-")(__builtin_constant_p ("ecdsa-sha2-")? __extension__ ({ const
char * const __str = (key_type); const char * const __prefix
= ("ecdsa-sha2-"); gboolean __result = (0); if (__str == ((void
*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix)
(__str, __prefix); else { const size_t __str_len = strlen ((
(__str) + !(__str))); const size_t __prefix_len = strlen (((__prefix
) + !(__prefix))); if (__str_len >= __prefix_len) __result
= memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len
) == 0; } __result; }) : (g_str_has_prefix) (key_type, "ecdsa-sha2-"
) )) {
5868 offset += ssh_tree_add_string(tvb, offset, blob_tree,
5869 hf_ssh_blob_ecdsa_curve_id, hf_ssh_blob_ecdsa_curve_id_length);
5870 offset += ssh_tree_add_string(tvb, offset, blob_tree,
5871 hf_ssh_blob_ecdsa_q, hf_ssh_blob_ecdsa_q_length);
5872 } else if (g_str_has_prefix(key_type, "ssh-ed")(__builtin_constant_p ("ssh-ed")? __extension__ ({ const char
* const __str = (key_type); const char * const __prefix = ("ssh-ed"
); gboolean __result = (0); if (__str == ((void*)0) || __prefix
== ((void*)0)) __result = (g_str_has_prefix) (__str, __prefix
); else { const size_t __str_len = strlen (((__str) + !(__str
))); const size_t __prefix_len = strlen (((__prefix) + !(__prefix
))); if (__str_len >= __prefix_len) __result = memcmp (((__str
) + !(__str)), ((__prefix) + !(__prefix)), __prefix_len) == 0
; } __result; }) : (g_str_has_prefix) (key_type, "ssh-ed") )) {
5873 offset += ssh_tree_add_string(tvb, offset, blob_tree,
5874 hf_ssh_blob_eddsa_key, hf_ssh_blob_eddsa_key_length);
5875 } else {
5876 proto_tree_add_item(blob_tree, hf_ssh_blob_data, tvb, offset, tvb_reported_length_remaining(tvb, offset), ENC_NA0x00000000);
5877 offset += tvb_reported_length_remaining(tvb, offset);
5878 }
5879
5880 return offset;
5881}
5882
5883static int
5884ssh_dissect_public_key_signature(tvbuff_t *packet_tvb, packet_info *pinfo,
5885 int offset, proto_item *msg_type_tree)
5886{
5887 (void)pinfo;
5888 unsigned slen;
5889 slen = tvb_get_ntohl(packet_tvb, offset) ;
5890 proto_tree_add_item(msg_type_tree, hf_ssh_pk_sig_blob_name_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5891 offset += 4;
5892 proto_tree_add_item(msg_type_tree, hf_ssh_pk_sig_blob_name, packet_tvb, offset, slen, ENC_ASCII0x00000000);
5893 offset += slen;
5894 slen = tvb_get_ntohl(packet_tvb, offset) ;
5895 proto_tree_add_item(msg_type_tree, hf_ssh_pk_sig_s_length, packet_tvb, offset, 4, ENC_BIG_ENDIAN0x00000000);
5896 offset += 4;
5897 proto_tree_add_item(msg_type_tree, hf_ssh_pk_sig_s, packet_tvb, offset, slen, ENC_NA0x00000000);
5898 offset += slen;
5899 return offset;
5900}
5901
5902#ifdef SSH_DECRYPT_DEBUG /* {{{ */
5903
5904static FILE* ssh_debug_file;
5905
5906static void
5907ssh_prefs_apply_cb(void)
5908{
5909 ssh_set_debug(ssh_debug_file_name);
5910}
5911
5912static void
5913ssh_set_debug(const char* name)
5914{
5915 static int debug_file_must_be_closed;
5916 int use_stderr;
5917
5918 use_stderr = name?(strcmp(name, SSH_DEBUG_USE_STDERR"-") == 0):0;
5919
5920 if (debug_file_must_be_closed)
5921 fclose(ssh_debug_file);
5922
5923 if (use_stderr)
5924 ssh_debug_file = stderrstderr;
5925 else if (!name || (strcmp(name, "") ==0))
5926 ssh_debug_file = NULL((void*)0);
5927 else
5928 ssh_debug_file = ws_fopenfopen(name, "w");
5929
5930 if (!use_stderr && ssh_debug_file)
5931 debug_file_must_be_closed = 1;
5932 else
5933 debug_file_must_be_closed = 0;
5934
5935 ssh_debug_printf("Wireshark SSH debug log \n\n");
5936#ifdef HAVE_LIBGNUTLS1
5937 ssh_debug_printf("GnuTLS version: %s\n", gnutls_check_version(NULL((void*)0)));
5938#endif
5939 ssh_debug_printf("Libgcrypt version: %s\n", gcry_check_version(NULL((void*)0)));
5940 ssh_debug_printf("\n");
5941}
5942
5943static void
5944ssh_debug_flush(void)
5945{
5946 if (ssh_debug_file)
5947 fflush(ssh_debug_file);
5948}
5949
5950static void
5951ssh_debug_printf(const char* fmt, ...)
5952{
5953 va_list ap;
5954
5955 if (!ssh_debug_file)
5956 return;
5957
5958 va_start(ap, fmt)__builtin_va_start(ap, fmt);
5959 vfprintf(ssh_debug_file, fmt, ap);
5960 va_end(ap)__builtin_va_end(ap);
5961}
5962
5963static void
5964ssh_print_data(const char* name, const unsigned char* data, size_t len)
5965{
5966 size_t i, j, k;
5967 if (!ssh_debug_file)
5968 return;
5969#ifdef OPENSSH_STYLE
5970 fprintf(ssh_debug_file,"%s[%d]\n",name, (int) len);
5971#else
5972 fprintf(ssh_debug_file,"%s[%d]:\n",name, (int) len);
5973#endif
5974 for (i=0; i<len; i+=16) {
5975#ifdef OPENSSH_STYLE
5976 fprintf(ssh_debug_file,"%04u: ", (unsigned int)i);
5977#else
5978 fprintf(ssh_debug_file,"| ");
5979#endif
5980 for (j=i, k=0; k<16 && j<len; ++j, ++k)
5981 fprintf(ssh_debug_file,"%.2x ",data[j]);
5982 for (; k<16; ++k)
5983 fprintf(ssh_debug_file," ");
5984#ifdef OPENSSH_STYLE
5985 fputc(' ', ssh_debug_file);
5986#else
5987 fputc('|', ssh_debug_file);
5988#endif
5989 for (j=i, k=0; k<16 && j<len; ++j, ++k) {
5990 unsigned char c = data[j];
5991 if (!g_ascii_isprint(c)((g_ascii_table[(guchar) (c)] & G_ASCII_PRINT) != 0) || (c=='\t')) c = '.';
5992 fputc(c, ssh_debug_file);
5993 }
5994#ifdef OPENSSH_STYLE
5995 fprintf(ssh_debug_file,"\n");
5996#else
5997 for (; k<16; ++k)
5998 fputc(' ', ssh_debug_file);
5999 fprintf(ssh_debug_file,"|\n");
6000#endif
6001 }
6002}
6003
6004#endif /* SSH_DECRYPT_DEBUG }}} */
6005
6006static void
6007ssh_secrets_block_callback(const void *secrets, unsigned size)
6008{
6009 ssh_keylog_process_lines((const uint8_t *)secrets, size);
6010}
6011
6012/* Functions for SSH random hashtables. {{{ */
6013static int
6014ssh_equal (const void *v, const void *v2)
6015{
6016 if (v == NULL((void*)0) || v2 == NULL((void*)0)) {
6017 return 0;
6018 }
6019
6020 const ssh_bignum *val1;
6021 const ssh_bignum *val2;
6022 val1 = (const ssh_bignum *)v;
6023 val2 = (const ssh_bignum *)v2;
6024
6025 if (val1->length == val2->length &&
6026 !memcmp(val1->data, val2->data, val2->length)) {
6027 return 1;
6028 }
6029 return 0;
6030}
6031
6032static unsigned
6033ssh_hash (const void *v)
6034{
6035 unsigned l,hash;
6036 const ssh_bignum* id;
6037 const unsigned* cur;
6038
6039 if (v == NULL((void*)0)) {
6040 return 0;
6041 }
6042
6043 hash = 0;
6044 id = (const ssh_bignum*) v;
6045
6046 /* id and id->data are mallocated in ssh_save_master_key(). As such 'data'
6047 * should be aligned for any kind of access (for example as a unsigned as
6048 * is done below). The intermediate void* cast is to prevent "cast
6049 * increases required alignment of target type" warnings on CPUs (such
6050 * as SPARCs) that do not allow misaligned memory accesses.
6051 */
6052 cur = (const unsigned*)(void*) id->data;
6053
6054 for (l=4; (l < id->length); l+=4, cur++)
6055 hash = hash ^ (*cur);
6056
6057 return hash;
6058}
6059
6060static void
6061ssh_free_glib_allocated_bignum(void *data)
6062{
6063 ssh_bignum * bignum;
6064 if (data == NULL((void*)0)) {
6065 return;
6066 }
6067
6068 bignum = (ssh_bignum *) data;
6069 g_free(bignum->data)(__builtin_object_size ((bignum->data), 0) != ((size_t) - 1
)) ? g_free_sized (bignum->data, __builtin_object_size ((bignum
->data), 0)) : (g_free) (bignum->data);
6070 g_free(bignum)(__builtin_object_size ((bignum), 0) != ((size_t) - 1)) ? g_free_sized
(bignum, __builtin_object_size ((bignum), 0)) : (g_free) (bignum
);
6071}
6072
6073static void
6074ssh_free_glib_allocated_entry(void *data)
6075{
6076 ssh_key_map_entry_t * entry;
6077 if (data == NULL((void*)0)) {
6078 return;
6079 }
6080
6081 entry = (ssh_key_map_entry_t *) data;
6082 g_free(entry->type)(__builtin_object_size ((entry->type), 0) != ((size_t) - 1
)) ? g_free_sized (entry->type, __builtin_object_size ((entry
->type), 0)) : (g_free) (entry->type);
6083 ssh_free_glib_allocated_bignum(entry->key_material);
6084 g_free(entry)(__builtin_object_size ((entry), 0) != ((size_t) - 1)) ? g_free_sized
(entry, __builtin_object_size ((entry), 0)) : (g_free) (entry
);
6085}
6086/* Functions for SSH random hashtables. }}} */
6087
6088static void
6089ssh_shutdown(void) {
6090 g_hash_table_destroy(ssh_master_key_map);
6091}
6092
6093void
6094proto_register_ssh(void)
6095{
6096 static hf_register_info hf[] = {
6097 { &hf_ssh_protocol,
6098 { "Protocol", "ssh.protocol",
6099 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6100 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6101
6102 { &hf_ssh_packet_length,
6103 { "Packet Length", "ssh.packet_length",
6104 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6105 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6106
6107 { &hf_ssh_packet_length_encrypted,
6108 { "Packet Length (encrypted)", "ssh.packet_length_encrypted",
6109 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6110 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6111
6112 { &hf_ssh_padding_length,
6113 { "Padding Length", "ssh.padding_length",
6114 FT_UINT8, BASE_DEC, NULL((void*)0), 0x0,
6115 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6116
6117 { &hf_ssh_payload,
6118 { "Payload", "ssh.payload",
6119 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6120 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6121
6122 { &hf_ssh_encrypted_packet,
6123 { "Encrypted Packet", "ssh.encrypted_packet",
6124 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6125 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6126
6127 { &hf_ssh_padding_string,
6128 { "Padding String", "ssh.padding_string",
6129 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6130 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6131
6132 { &hf_ssh_seq_num,
6133 { "Sequence number", "ssh.seq_num",
6134 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6135 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6136
6137 { &hf_ssh_mac_string,
6138 { "MAC", "ssh.mac",
6139 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6140 "Message authentication code", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6141
6142 { &hf_ssh_mac_status,
6143 { "MAC Status", "ssh.mac.status", FT_UINT8, BASE_NONE, VALS(proto_checksum_vals)((0 ? (const struct _value_string*)0 : ((proto_checksum_vals)
))), 0x0,
6144 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6145
6146 { &hf_ssh_direction,
6147 { "Direction", "ssh.direction",
6148 FT_BOOLEAN, BASE_NONE, TFS(&tfs_s2c_c2s)((0 ? (const struct true_false_string*)0 : ((&tfs_s2c_c2s
)))), 0x0,
6149 "Message direction", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6150
6151 { &hf_ssh_msg_code,
6152 { "Message Code", "ssh.message_code",
6153 FT_UINT8, BASE_DEC, VALS(ssh1_msg_vals)((0 ? (const struct _value_string*)0 : ((ssh1_msg_vals)))), 0x0,
6154 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6155
6156 { &hf_ssh2_msg_code,
6157 { "Message Code", "ssh.message_code",
6158 FT_UINT8, BASE_DEC, VALS(ssh2_msg_vals)((0 ? (const struct _value_string*)0 : ((ssh2_msg_vals)))), 0x0,
6159 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6160
6161 { &hf_ssh2_kex_dh_msg_code,
6162 { "Message Code", "ssh.message_code",
6163 FT_UINT8, BASE_DEC, VALS(ssh2_kex_dh_msg_vals)((0 ? (const struct _value_string*)0 : ((ssh2_kex_dh_msg_vals
)))), 0x0,
6164 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6165
6166 { &hf_ssh2_kex_dh_gex_msg_code,
6167 { "Message Code", "ssh.message_code",
6168 FT_UINT8, BASE_DEC, VALS(ssh2_kex_dh_gex_msg_vals)((0 ? (const struct _value_string*)0 : ((ssh2_kex_dh_gex_msg_vals
)))), 0x0,
6169 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6170
6171 { &hf_ssh2_kex_ecdh_msg_code,
6172 { "Message Code", "ssh.message_code",
6173 FT_UINT8, BASE_DEC, VALS(ssh2_kex_ecdh_msg_vals)((0 ? (const struct _value_string*)0 : ((ssh2_kex_ecdh_msg_vals
)))), 0x0,
6174 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6175
6176 { &hf_ssh2_kex_hybrid_msg_code,
6177 { "Message Code", "ssh.message_code",
6178 FT_UINT8, BASE_DEC, VALS(ssh2_kex_hybrid_msg_vals)((0 ? (const struct _value_string*)0 : ((ssh2_kex_hybrid_msg_vals
)))), 0x0,
6179 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6180
6181 { &hf_ssh2_ext_ping_msg_code,
6182 { "Message Code", "ssh.message_code",
6183 FT_UINT8, BASE_DEC, VALS(ssh2_ext_ping_msg_vals)((0 ? (const struct _value_string*)0 : ((ssh2_ext_ping_msg_vals
)))), 0x0,
6184 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6185
6186 { &hf_ssh_cookie,
6187 { "Cookie", "ssh.cookie",
6188 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6189 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6190
6191 { &hf_ssh_kex_algorithms,
6192 { "kex_algorithms string", "ssh.kex_algorithms",
6193 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6194 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6195
6196 { &hf_ssh_server_host_key_algorithms,
6197 { "server_host_key_algorithms string", "ssh.server_host_key_algorithms",
6198 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6199 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6200
6201 { &hf_ssh_encryption_algorithms_client_to_server,
6202 { "encryption_algorithms_client_to_server string", "ssh.encryption_algorithms_client_to_server",
6203 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6204 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6205
6206 { &hf_ssh_encryption_algorithms_server_to_client,
6207 { "encryption_algorithms_server_to_client string", "ssh.encryption_algorithms_server_to_client",
6208 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6209 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6210
6211 { &hf_ssh_mac_algorithms_client_to_server,
6212 { "mac_algorithms_client_to_server string", "ssh.mac_algorithms_client_to_server",
6213 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6214 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6215
6216 { &hf_ssh_mac_algorithms_server_to_client,
6217 { "mac_algorithms_server_to_client string", "ssh.mac_algorithms_server_to_client",
6218 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6219 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6220
6221 { &hf_ssh_compression_algorithms_client_to_server,
6222 { "compression_algorithms_client_to_server string", "ssh.compression_algorithms_client_to_server",
6223 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6224 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6225
6226 { &hf_ssh_compression_algorithms_server_to_client,
6227 { "compression_algorithms_server_to_client string", "ssh.compression_algorithms_server_to_client",
6228 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6229 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6230
6231 { &hf_ssh_languages_client_to_server,
6232 { "languages_client_to_server string", "ssh.languages_client_to_server",
6233 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6234 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6235
6236 { &hf_ssh_languages_server_to_client,
6237 { "languages_server_to_client string", "ssh.languages_server_to_client",
6238 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6239 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6240
6241 { &hf_ssh_kex_algorithms_length,
6242 { "kex_algorithms length", "ssh.kex_algorithms_length",
6243 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6244 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6245
6246 { &hf_ssh_server_host_key_algorithms_length,
6247 { "server_host_key_algorithms length", "ssh.server_host_key_algorithms_length",
6248 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6249 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6250
6251 { &hf_ssh_encryption_algorithms_client_to_server_length,
6252 { "encryption_algorithms_client_to_server length", "ssh.encryption_algorithms_client_to_server_length",
6253 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6254 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6255
6256 { &hf_ssh_encryption_algorithms_server_to_client_length,
6257 { "encryption_algorithms_server_to_client length", "ssh.encryption_algorithms_server_to_client_length",
6258 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6259 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6260
6261 { &hf_ssh_mac_algorithms_client_to_server_length,
6262 { "mac_algorithms_client_to_server length", "ssh.mac_algorithms_client_to_server_length",
6263 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6264 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6265
6266 { &hf_ssh_mac_algorithms_server_to_client_length,
6267 { "mac_algorithms_server_to_client length", "ssh.mac_algorithms_server_to_client_length",
6268 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6269 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6270
6271 { &hf_ssh_compression_algorithms_client_to_server_length,
6272 { "compression_algorithms_client_to_server length", "ssh.compression_algorithms_client_to_server_length",
6273 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6274 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6275
6276 { &hf_ssh_compression_algorithms_server_to_client_length,
6277 { "compression_algorithms_server_to_client length", "ssh.compression_algorithms_server_to_client_length",
6278 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6279 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6280
6281 { &hf_ssh_languages_client_to_server_length,
6282 { "languages_client_to_server length", "ssh.languages_client_to_server_length",
6283 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6284 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6285
6286 { &hf_ssh_languages_server_to_client_length,
6287 { "languages_server_to_client length", "ssh.languages_server_to_client_length",
6288 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6289 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6290
6291 { &hf_ssh_first_kex_packet_follows,
6292 { "First KEX Packet Follows", "ssh.first_kex_packet_follows",
6293 FT_UINT8, BASE_DEC, NULL((void*)0), 0x0,
6294 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6295
6296 { &hf_ssh_kex_reserved,
6297 { "Reserved", "ssh.kex.reserved",
6298 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6299 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6300
6301 { &hf_ssh_kex_hassh_algo,
6302 { "hasshAlgorithms", "ssh.kex.hassh_algorithms",
6303 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6304 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6305
6306 { &hf_ssh_kex_hassh,
6307 { "hassh", "ssh.kex.hassh",
6308 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6309 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6310
6311 { &hf_ssh_kex_hasshserver_algo,
6312 { "hasshServerAlgorithms", "ssh.kex.hasshserver_algorithms",
6313 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6314 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6315
6316 { &hf_ssh_kex_hasshserver,
6317 { "hasshServer", "ssh.kex.hasshserver",
6318 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6319 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6320
6321 { &hf_ssh_hostkey_length,
6322 { "Host key length", "ssh.host_key.length",
6323 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6324 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6325
6326 { &hf_ssh_hostkey_type_length,
6327 { "Host key type length", "ssh.host_key.type_length",
6328 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6329 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6330
6331 { &hf_ssh_hostkey_type,
6332 { "Host key type", "ssh.host_key.type",
6333 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6334 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6335
6336 { &hf_ssh_hostkey_data,
6337 { "Host key data", "ssh.host_key.data",
6338 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6339 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6340
6341 { &hf_ssh_hostkey_rsa_n,
6342 { "RSA modulus (N)", "ssh.host_key.rsa.n",
6343 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6344 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6345
6346 { &hf_ssh_hostkey_rsa_e,
6347 { "RSA public exponent (e)", "ssh.host_key.rsa.e",
6348 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6349 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6350
6351 { &hf_ssh_hostkey_dsa_p,
6352 { "DSA prime modulus (p)", "ssh.host_key.dsa.p",
6353 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6354 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6355
6356 { &hf_ssh_hostkey_dsa_q,
6357 { "DSA prime divisor (q)", "ssh.host_key.dsa.q",
6358 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6359 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6360
6361 { &hf_ssh_hostkey_dsa_g,
6362 { "DSA subgroup generator (g)", "ssh.host_key.dsa.g",
6363 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6364 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6365
6366 { &hf_ssh_hostkey_dsa_y,
6367 { "DSA public key (y)", "ssh.host_key.dsa.y",
6368 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6369 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6370
6371 { &hf_ssh_hostkey_ecdsa_curve_id,
6372 { "ECDSA elliptic curve identifier", "ssh.host_key.ecdsa.id",
6373 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6374 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6375
6376 { &hf_ssh_hostkey_ecdsa_curve_id_length,
6377 { "ECDSA elliptic curve identifier length", "ssh.host_key.ecdsa.id_length",
6378 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6379 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6380
6381 { &hf_ssh_hostkey_ecdsa_q,
6382 { "ECDSA public key (Q)", "ssh.host_key.ecdsa.q",
6383 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6384 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6385
6386 { &hf_ssh_hostkey_ecdsa_q_length,
6387 { "ECDSA public key length", "ssh.host_key.ecdsa.q_length",
6388 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6389 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6390
6391 { &hf_ssh_hostkey_eddsa_key,
6392 { "EdDSA public key", "ssh.host_key.eddsa.key",
6393 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6394 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6395
6396 { &hf_ssh_hostkey_eddsa_key_length,
6397 { "EdDSA public key length", "ssh.host_key.eddsa.key_length",
6398 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6399 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6400
6401 { &hf_ssh_hostsig_length,
6402 { "Host signature length", "ssh.host_sig.length",
6403 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6404 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6405
6406 { &hf_ssh_hostsig_type_length,
6407 { "Host signature type length", "ssh.host_sig.type_length",
6408 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6409 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6410
6411 { &hf_ssh_hostsig_type,
6412 { "Host signature type", "ssh.host_sig.type",
6413 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6414 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6415
6416 { &hf_ssh_hostsig_data_length,
6417 { "Host signature data length", "ssh.host_sig.data_length",
6418 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6419 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6420
6421 { &hf_ssh_hostsig_data,
6422 { "Host signature data", "ssh.host_sig.data",
6423 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6424 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6425
6426 { &hf_ssh_hostsig_rsa,
6427 { "RSA signature", "ssh.host_sig.rsa",
6428 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6429 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6430
6431 { &hf_ssh_hostsig_dsa,
6432 { "DSA signature", "ssh.host_sig.dsa",
6433 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6434 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6435
6436 { &hf_ssh_dh_e,
6437 { "DH client e", "ssh.dh.e",
6438 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6439 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6440
6441 { &hf_ssh_dh_f,
6442 { "DH server f", "ssh.dh.f",
6443 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6444 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6445
6446 { &hf_ssh_dh_gex_min,
6447 { "DH GEX Min", "ssh.dh_gex.min",
6448 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6449 "Minimal acceptable group size", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6450
6451 { &hf_ssh_dh_gex_nbits,
6452 { "DH GEX Number of Bits", "ssh.dh_gex.nbits",
6453 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6454 "Preferred group size", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6455
6456 { &hf_ssh_dh_gex_max,
6457 { "DH GEX Max", "ssh.dh_gex.max",
6458 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6459 "Maximal acceptable group size", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6460
6461 { &hf_ssh_dh_gex_p,
6462 { "DH GEX modulus (P)", "ssh.dh_gex.p",
6463 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6464 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6465
6466 { &hf_ssh_dh_gex_g,
6467 { "DH GEX base (G)", "ssh.dh_gex.g",
6468 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6469 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6470
6471 { &hf_ssh_ecdh_q_c,
6472 { "ECDH client's ephemeral public key (Q_C)", "ssh.ecdh.q_c",
6473 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6474 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6475
6476 { &hf_ssh_ecdh_q_c_length,
6477 { "ECDH client's ephemeral public key length", "ssh.ecdh.q_c_length",
6478 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6479 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6480
6481 { &hf_ssh_ecdh_q_s,
6482 { "ECDH server's ephemeral public key (Q_S)", "ssh.ecdh.q_s",
6483 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6484 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6485
6486 { &hf_ssh_ecdh_q_s_length,
6487 { "ECDH server's ephemeral public key length", "ssh.ecdh.q_s_length",
6488 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6489 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6490
6491 { &hf_ssh_mpint_length,
6492 { "Multi Precision Integer Length", "ssh.mpint_length",
6493 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6494 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6495
6496 { &hf_ssh_ignore_data_length,
6497 { "Debug message length", "ssh.ignore_data_length",
6498 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6499 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6500
6501 { &hf_ssh_ignore_data,
6502 { "Ignore data", "ssh.ignore_data",
6503 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6504 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6505
6506 { &hf_ssh_debug_always_display,
6507 { "Always Display", "ssh.debug_always_display",
6508 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
6509 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6510
6511 { &hf_ssh_debug_message_length,
6512 { "Debug message length", "ssh.debug_name_length",
6513 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6514 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6515
6516 { &hf_ssh_debug_message,
6517 { "Debug message", "ssh.debug_name",
6518 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6519 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6520
6521 { &hf_ssh_service_name_length,
6522 { "Service Name length", "ssh.service_name_length",
6523 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6524 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6525
6526 { &hf_ssh_service_name,
6527 { "Service Name", "ssh.service_name",
6528 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6529 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6530
6531 { &hf_ssh_disconnect_reason,
6532 { "Disconnect reason", "ssh.disconnect_reason",
6533 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
6534 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6535
6536 { &hf_ssh_disconnect_description_length,
6537 { "Disconnect description length", "ssh.disconnect_description_length",
6538 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6539 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6540
6541 { &hf_ssh_disconnect_description,
6542 { "Disconnect description", "ssh.disconnect_description",
6543 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6544 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6545
6546 { &hf_ssh_ext_count,
6547 { "Extension count", "ssh.extension.count",
6548 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6549 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6550
6551 { &hf_ssh_ext_name_length,
6552 { "Extension name length", "ssh.extension.name_length",
6553 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6554 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6555
6556 { &hf_ssh_ext_name,
6557 { "Extension name", "ssh.extension.name",
6558 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6559 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6560
6561 { &hf_ssh_ext_value_length,
6562 { "Extension value length", "ssh.extension.value_length",
6563 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6564 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6565
6566 { &hf_ssh_ext_value,
6567 { "Extension value", "ssh.extension.value",
6568 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6569 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6570
6571 { &hf_ssh_ext_server_sig_algs_algorithms,
6572 { "Accepted signature algorithms", "ssh.extension.server_sig_algs.algorithms",
6573 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6574 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6575
6576 { &hf_ssh_ext_delay_compression_algorithms_client_to_server_length,
6577 { "Compression algorithms (client to server) length", "ssh.extension.delay_compression.compression_algorithms_client_to_server_length",
6578 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6579 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6580
6581 { &hf_ssh_ext_delay_compression_algorithms_client_to_server,
6582 { "Compression algorithms (client to server)", "ssh.extension.delay_compression.compression_algorithms_client_to_server",
6583 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6584 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6585
6586 { &hf_ssh_ext_delay_compression_algorithms_server_to_client_length,
6587 { "Compression algorithms (server to client) length", "ssh.extension.delay_compression.compression_algorithms_server_to_client_length",
6588 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6589 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6590
6591 { &hf_ssh_ext_delay_compression_algorithms_server_to_client,
6592 { "Compression algorithms (server to client)", "ssh.extension.delay_compression.compression_algorithms_server_to_client",
6593 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6594 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6595
6596 { &hf_ssh_ext_no_flow_control_value,
6597 { "No flow control flag", "ssh.extension.no_flow_control.value",
6598 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6599 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6600
6601 { &hf_ssh_ext_elevation_value,
6602 { "Elevation flag", "ssh.extension.elevation.value",
6603 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6604 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6605
6606 { &hf_ssh_ext_prop_publickey_algorithms_algorithms,
6607 { "Public key algorithms", "ssh.extension.prop_publickey_algorithms.algorithms",
6608 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6609 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6610
6611 { &hf_ssh_lang_tag_length,
6612 { "Language tag length", "ssh.lang_tag_length",
6613 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6614 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6615
6616 { &hf_ssh_lang_tag,
6617 { "Language tag", "ssh.lang_tag",
6618 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6619 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6620
6621 { &hf_ssh_ping_data_length,
6622 { "Data length", "ssh.ping_data_length",
6623 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6624 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6625
6626 { &hf_ssh_ping_data,
6627 { "Data", "ssh.ping_data",
6628 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6629 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6630
6631 { &hf_ssh_pong_data_length,
6632 { "Data length", "ssh.pong_data_length",
6633 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6634 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6635
6636 { &hf_ssh_pong_data,
6637 { "Data", "ssh.pong_data",
6638 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6639 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6640
6641
6642 { &hf_ssh_userauth_user_name_length,
6643 { "User Name length", "ssh.userauth_user_name_length",
6644 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6645 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6646
6647 { &hf_ssh_userauth_user_name,
6648 { "User Name", "ssh.userauth_user_name",
6649 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6650 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6651
6652 { &hf_ssh_userauth_change_password,
6653 { "Change password", "ssh.userauth.change_password",
6654 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
6655 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6656
6657 { &hf_ssh_userauth_service_name_length,
6658 { "Service Name length", "ssh.userauth_service_name_length",
6659 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6660 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6661
6662 { &hf_ssh_userauth_service_name,
6663 { "Service Name", "ssh.userauth_service_name",
6664 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6665 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6666
6667 { &hf_ssh_userauth_method_name_length,
6668 { "Method Name length", "ssh.userauth_method_name_length",
6669 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6670 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6671
6672 { &hf_ssh_userauth_method_name,
6673 { "Method Name", "ssh.userauth_method_name",
6674 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6675 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6676
6677 { &hf_ssh_userauth_have_signature,
6678 { "Have signature", "ssh.userauth.have_signature",
6679 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
6680 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6681
6682 { &hf_ssh_userauth_password_length,
6683 { "Password length", "ssh.userauth_password_length",
6684 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6685 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6686
6687 { &hf_ssh_userauth_password,
6688 { "Password", "ssh.userauth_password",
6689 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6690 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6691
6692 { &hf_ssh_userauth_new_password_length,
6693 { "New password length", "ssh.userauth_new_password_length",
6694 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6695 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6696
6697 { &hf_ssh_userauth_new_password,
6698 { "New password", "ssh.userauth_new_password",
6699 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6700 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6701
6702 { &hf_ssh_auth_failure_list_length,
6703 { "Authentications that can continue list len", "ssh.auth_failure_cont_list_length",
6704 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6705 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6706
6707 { &hf_ssh_auth_failure_list,
6708 { "Authentications that can continue list", "ssh.auth_failure_cont_list",
6709 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6710 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6711
6712 { &hf_ssh_userauth_partial_success,
6713 { "Partial success", "ssh.userauth.partial_success",
6714 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
6715 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6716
6717 { &hf_ssh_userauth_pka_name_len,
6718 { "Public key algorithm name length", "ssh.userauth_pka_name_length",
6719 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6720 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6721
6722 { &hf_ssh_userauth_pka_name,
6723 { "Public key algorithm name", "ssh.userauth_pka_name",
6724 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6725 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6726
6727 { &hf_ssh_pk_blob_name_length,
6728 { "Public key blob algorithm name length", "ssh.pk_blob_name_length",
6729 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6730 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6731
6732 { &hf_ssh_pk_blob_name,
6733 { "Public key blob algorithm name", "ssh.pk_blob_name",
6734 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6735 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6736
6737 { &hf_ssh_blob_length,
6738 { "Public key blob length", "ssh.pk_blob_length",
6739 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6740 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6741
6742 { &hf_ssh_blob,
6743 { "Public key blob", "ssh.pk_blob",
6744 FT_NONE, BASE_NONE, NULL((void*)0), 0x0,
6745 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6746
6747 { &hf_ssh_blob_e,
6748 { "ssh-rsa public exponent (e)", "ssh.pk_blob.ssh-rsa.e",
6749 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6750 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6751
6752 { &hf_ssh_blob_n,
6753 { "ssh-rsa modulus (n)", "ssh.pk_blob.ssh-rsa.n",
6754 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6755 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6756
6757 { &hf_ssh_blob_dsa_p,
6758 { "DSA prime modulus (p)", "ssh.pk_blob.dsa.p",
6759 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6760 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6761
6762 { &hf_ssh_blob_dsa_q,
6763 { "DSA prime divisor (q)", "ssh.pk_blob.dsa.q",
6764 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6765 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6766
6767 { &hf_ssh_blob_dsa_g,
6768 { "DSA subgroup generator (g)", "ssh.pk_blob.dsa.g",
6769 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6770 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6771
6772 { &hf_ssh_blob_dsa_y,
6773 { "DSA public key (y)", "ssh.pk_blob.dsa.y",
6774 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6775 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6776
6777 { &hf_ssh_blob_ecdsa_curve_id,
6778 { "ECDSA elliptic curve identifier", "ssh.pk_blob.ecdsa.id",
6779 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6780 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6781
6782 { &hf_ssh_blob_ecdsa_curve_id_length,
6783 { "ECDSA elliptic curve identifier length", "ssh.pk_blob.ecdsa.id_length",
6784 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6785 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6786
6787 { &hf_ssh_blob_ecdsa_q,
6788 { "ECDSA public key (Q)", "ssh.pk_blob.ecdsa.q",
6789 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6790 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6791
6792 { &hf_ssh_blob_ecdsa_q_length,
6793 { "ECDSA public key length", "ssh.pk_blob.ecdsa.q_length",
6794 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6795 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6796
6797 { &hf_ssh_blob_eddsa_key,
6798 { "EdDSA public key", "ssh.pk_blob.eddsa.key",
6799 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6800 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6801
6802 { &hf_ssh_blob_eddsa_key_length,
6803 { "EdDSA public key length", "ssh.pk_blob.eddsa.key_length",
6804 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6805 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6806
6807 { &hf_ssh_blob_data,
6808 { "Public key blob data", "ssh.pk_blob.data",
6809 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6810 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6811
6812 { &hf_ssh_signature_length,
6813 { "Public key signature blob length", "ssh.pk_sig_blob_length",
6814 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6815 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6816
6817 { &hf_ssh_pk_sig_blob_name_length,
6818 { "Public key signature blob algorithm name length", "ssh.pk_sig_blob_name_length",
6819 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6820 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6821
6822 { &hf_ssh_pk_sig_blob_name,
6823 { "Public key signature blob algorithm name", "ssh.pk_sig_blob_name",
6824 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6825 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6826
6827 { &hf_ssh_pk_sig_s_length,
6828 { "ssh-rsa signature length", "ssh.sig.ssh-rsa.length",
6829 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6830 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6831
6832 { &hf_ssh_pk_sig_s,
6833 { "ssh-rsa signature (s)", "ssh.sig.ssh-rsa.s",
6834 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
6835 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6836
6837 { &hf_ssh_connection_type_name_len,
6838 { "Channel type name length", "ssh.connection_type_name_length",
6839 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6840 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6841
6842 { &hf_ssh_connection_type_name,
6843 { "Channel type name", "ssh.connection_type_name",
6844 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6845 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6846
6847 { &hf_ssh_connection_sender_channel,
6848 { "Sender channel", "ssh.connection_sender_channel",
6849 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6850 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6851
6852 { &hf_ssh_connection_recipient_channel,
6853 { "Recipient channel", "ssh.connection_recipient_channel",
6854 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6855 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6856
6857 { &hf_ssh_connection_initial_window,
6858 { "Initial window size", "ssh.connection_initial_window_size",
6859 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6860 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6861
6862 { &hf_ssh_connection_maximum_packet_size,
6863 { "Maximum packet size", "ssh.userauth_maximum_packet_size",
6864 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6865 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6866
6867 { &hf_ssh_global_request_name_len,
6868 { "Global request name length", "ssh.global_request_name_length",
6869 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6870 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6871
6872 { &hf_ssh_global_request_name,
6873 { "Global request name", "ssh.global_request_name",
6874 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6875 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6876
6877 { &hf_ssh_global_request_want_reply,
6878 { "Global request want reply", "ssh.global_request_want_reply",
6879 FT_UINT8, BASE_DEC, NULL((void*)0), 0x0,
6880 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6881
6882 { &hf_ssh_global_request_hostkeys_array_len,
6883 { "Host keys array length", "ssh.global_request_hostkeys",
6884 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6885 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6886
6887 { &hf_ssh_channel_request_name_len,
6888 { "Channel request name length", "ssh.channel_request_name_length",
6889 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6890 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6891
6892 { &hf_ssh_channel_request_name,
6893 { "Channel request name", "ssh.channel_request_name",
6894 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6895 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6896
6897 { &hf_ssh_channel_request_want_reply,
6898 { "Channel request want reply", "ssh.channel_request_want_reply",
6899 FT_UINT8, BASE_DEC, NULL((void*)0), 0x0,
6900 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6901
6902 { &hf_ssh_subsystem_name_len,
6903 { "Subsystem name length", "ssh.subsystem_name_length",
6904 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6905 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6906
6907 { &hf_ssh_subsystem_name,
6908 { "Subsystem name", "ssh.subsystem_name",
6909 FT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6910 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
6911
6912 { &hf_ssh_exec_cmd,
6913 { "Command", "ssh.exec_command",
6914 FT_UINT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6915 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6916
6917 { &hf_ssh_env_name,
6918 { "Variable name", "ssh.env_name",
6919 FT_UINT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6920 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6921
6922 { &hf_ssh_env_value,
6923 { "Variable value", "ssh.env_value",
6924 FT_UINT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6925 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6926
6927 { &hf_ssh_pty_term,
6928 { "TERM environment variable", "ssh.pty_term",
6929 FT_UINT_STRING, BASE_NONE, NULL((void*)0), 0x0,
6930 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6931
6932 { &hf_ssh_pty_term_width_char,
6933 { "Terminal width, characters", "ssh.pty_term_width_char",
6934 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6935 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6936
6937 { &hf_ssh_pty_term_height_row,
6938 { "Terminal height, rows", "ssh.pty_term_height_row",
6939 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6940 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6941
6942 { &hf_ssh_pty_term_width_pixel,
6943 { "Terminal width, pixels", "ssh.pty_term_width_pixel",
6944 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6945 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6946
6947 { &hf_ssh_pty_term_height_pixel,
6948 { "Terminal height, pixels", "ssh.pty_term_height_pixel",
6949 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6950 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6951
6952 { &hf_ssh_pty_term_modes_len,
6953 { "Encoded Terminal Modes Length", "ssh.pty_term_modes_length",
6954 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
6955 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6956
6957 { &hf_ssh_pty_term_modes,
6958 { "Encoded Terminal Modes", "ssh.pty_term_modes",
6959 FT_NONE, BASE_NONE, NULL((void*)0), 0x0,
6960 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6961
6962 { &hf_ssh_pty_term_mode,
6963 { "Mode", "ssh.pty_term_mode",
6964 FT_NONE, BASE_NONE, NULL((void*)0), 0x0,
6965 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6966
6967 { &hf_ssh_pty_term_mode_opcode,
6968 { "Opcode", "ssh.pty_term_mode.opcode",
6969 FT_UINT8, BASE_DEC, VALS(ssh_tty_op_vals)((0 ? (const struct _value_string*)0 : ((ssh_tty_op_vals)))), 0x0,
6970 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6971
6972 { &hf_ssh_pty_term_mode_vintr,
6973 { "Interrupt character", "ssh.pty_term_mode.vintr",
6974 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6975 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
6976
6977 { &hf_ssh_pty_term_mode_vquit,
6978 { "Quit character", "ssh.pty_term_mode.vquit",
6979 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6980 "Sends SIGQUIT on POSIX systems", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)}},
6981
6982 { &hf_ssh_pty_term_mode_verase,
6983 { "Erase the character to the left of the cursor", "ssh.pty_term_mode.verase",
6984 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6985 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
6986
6987 { &hf_ssh_pty_term_mode_vkill,
6988 { "Kill the current input line", "ssh.pty_term_mode.vkill",
6989 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6990 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
6991
6992 { &hf_ssh_pty_term_mode_veof,
6993 { "End-of-file character", "ssh.pty_term_mode.veof",
6994 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
6995 "Sends EOF from the terminal", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)}},
6996
6997 { &hf_ssh_pty_term_mode_veol,
6998 { "End-of-line character", "ssh.pty_term_mode.veol",
6999 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
7000 "In additional to carriage return and/or line feed", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
7001
7002 { &hf_ssh_pty_term_mode_veol2,
7003 { "Additional end-of-line character", "ssh.pty_term_mode.veol2",
7004 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
7005 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
7006
7007 { &hf_ssh_pty_term_mode_vstart,
7008 { "Continues paused output", "ssh.pty_term_mode.vstart",
7009 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
7010 "Normally Control-Q", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)}},
7011
7012 { &hf_ssh_pty_term_mode_vstop,
7013 { "Pauses output", "ssh.pty_term_mode.vstop",
7014 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
7015 "Normally Control-S", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
7016
7017 { &hf_ssh_pty_term_mode_vsusp,
7018 { "Suspends the current program", "ssh.pty_term_mode.vsusp",
7019 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
7020 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
7021
7022 { &hf_ssh_pty_term_mode_vdsusp,
7023 { "Another suspend character", "ssh.pty_term_mode.vdsusp",
7024 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
7025 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
7026
7027 { &hf_ssh_pty_term_mode_vreprint,
7028 { "Reprints the current input line", "ssh.pty_term_mode.vreprint",
7029 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
7030 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
7031
7032 { &hf_ssh_pty_term_mode_vwerase,
7033 { "Erase a word to the left of the cursor", "ssh.pty_term_mode.vwerase",
7034 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
7035 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
7036
7037 { &hf_ssh_pty_term_mode_vlnext,
7038 { "Enter the next character typed literally", "ssh.pty_term_mode.vlnext",
7039 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
7040 "Even if a special character", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
7041
7042 { &hf_ssh_pty_term_mode_vflush,
7043 { "Character to flush output", "ssh.pty_term_mode.vflush",
7044 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
7045 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
7046
7047 { &hf_ssh_pty_term_mode_vswtch,
7048 { "Switch to a different shell layer", "ssh.pty_term_mode.vswtch",
7049 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
7050 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
7051
7052 { &hf_ssh_pty_term_mode_vstatus,
7053 { "Print system status line", "ssh.pty_term_mode.vstatus",
7054 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
7055 "Load, command, pid, etc.", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)}},
7056
7057 { &hf_ssh_pty_term_mode_vdiscard,
7058 { "Toggles the flushing of terminal output", "ssh.pty_term_mode.vdiscard",
7059 FT_CHAR, BASE_HEX, NULL((void*)0), 0x0,
7060 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0)} },
7061
7062 { &hf_ssh_pty_term_mode_ignpar,
7063 { "Ignore parity flag", "ssh.pty_term_mode.ignpar",
7064 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7065 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7066
7067 { &hf_ssh_pty_term_mode_parmrk,
7068 { "Mark parity and framing errors", "ssh.pty_term_mode.parmrk",
7069 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7070 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7071
7072 { &hf_ssh_pty_term_mode_inpck,
7073 { "Enable checking of parity errors", "ssh.pty_term_mode.inpck",
7074 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7075 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7076
7077 { &hf_ssh_pty_term_mode_istrip,
7078 { "Strip 8th bit off characters", "ssh.pty_term_mode.istrip",
7079 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7080 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7081
7082 { &hf_ssh_pty_term_mode_inlcr,
7083 { "Map NL into CR on input", "ssh.pty_term_mode.inlcr",
7084 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7085 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7086
7087 { &hf_ssh_pty_term_mode_igncr,
7088 { "Ignore CR on input", "ssh.pty_term_mode.igncr",
7089 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7090 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7091
7092 { &hf_ssh_pty_term_mode_icrnl,
7093 { "Map CR to NL on input", "ssh.pty_term_mode.icrnl",
7094 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7095 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7096
7097 { &hf_ssh_pty_term_mode_iuclc,
7098 { "Translate uppercase characters to lowercase", "ssh.pty_term_mode.iuclc",
7099 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7100 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7101
7102 { &hf_ssh_pty_term_mode_ixon,
7103 { "Enable output flow control", "ssh.pty_term_mode.ixon",
7104 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7105 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7106
7107 { &hf_ssh_pty_term_mode_ixany,
7108 { "Any char will restart after stop", "ssh.pty_term_mode.ixany",
7109 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7110 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7111
7112 { &hf_ssh_pty_term_mode_ixoff,
7113 { "Enable input flow control", "ssh.pty_term_mode.ixoff",
7114 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7115 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7116
7117 { &hf_ssh_pty_term_mode_imaxbel,
7118 { "Ring bell on input queue full", "ssh.pty_term_mode.imaxbel",
7119 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7120 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7121
7122 { &hf_ssh_pty_term_mode_iutf8,
7123 { "Terminal input and output is assumed to be encoded in UTF-8", "ssh.pty_term_mode.iutf8",
7124 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7125 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7126
7127 { &hf_ssh_pty_term_mode_isig,
7128 { "Enable signals INTR, QUIT, [D]SUSP", "ssh.pty_term_mode.isig",
7129 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7130 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7131
7132 { &hf_ssh_pty_term_mode_icanon,
7133 { "Canonicalize input lines", "ssh.pty_term_mode.icanon",
7134 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7135 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7136
7137 { &hf_ssh_pty_term_mode_xcase,
7138 { "Enable input and output of uppercase characters by preceding their lowercase equivalents with '\'", "ssh.pty_term_mode.xcase",
7139 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7140 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7141
7142 { &hf_ssh_pty_term_mode_echo,
7143 { "Enable echoing", "ssh.pty_term_mode.echo",
7144 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7145 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7146
7147 { &hf_ssh_pty_term_mode_echoe,
7148 { "Visually erase chars", "ssh.pty_term_mode.echoe",
7149 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7150 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7151
7152 { &hf_ssh_pty_term_mode_echok,
7153 { "Kill character discards current line", "ssh.pty_term_mode.echok",
7154 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7155 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7156
7157 { &hf_ssh_pty_term_mode_echonl,
7158 { "Echo NL even if ECHO is off", "ssh.pty_term_mode.echonl",
7159 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7160 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7161
7162 { &hf_ssh_pty_term_mode_noflsh,
7163 { "No flush after interrupt", "ssh.pty_term_mode.noflsh",
7164 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7165 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7166
7167 { &hf_ssh_pty_term_mode_tostop,
7168 { "Stop background jobs from output", "ssh.pty_term_mode.tostop",
7169 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7170 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7171
7172 { &hf_ssh_pty_term_mode_iexten,
7173 { "Enable extensions", "ssh.pty_term_mode.iexten",
7174 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7175 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7176
7177 { &hf_ssh_pty_term_mode_echoctl,
7178 { "Echo control characters as ^(Char)", "ssh.pty_term_mode.echoctl",
7179 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7180 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7181
7182 { &hf_ssh_pty_term_mode_echoke,
7183 { "Visual erase for line kill", "ssh.pty_term_mode.echoke",
7184 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7185 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7186
7187 { &hf_ssh_pty_term_mode_pendin,
7188 { "Retype pending input", "ssh.pty_term_mode.pendin",
7189 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7190 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7191
7192 { &hf_ssh_pty_term_mode_opost,
7193 { "Enable output processing", "ssh.pty_term_mode.opost",
7194 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7195 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7196
7197 { &hf_ssh_pty_term_mode_olcuc,
7198 { "Convert lowercase to uppercase", "ssh.pty_term_mode.olcuc",
7199 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7200 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7201
7202 { &hf_ssh_pty_term_mode_onlcr,
7203 { "Map NL to CR-NL", "ssh.pty_term_mode.onlcr",
7204 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7205 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7206
7207 { &hf_ssh_pty_term_mode_ocrnl,
7208 { "Translate carriage return to newline (output)", "ssh.pty_term_mode.ocrnl",
7209 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7210 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7211
7212 { &hf_ssh_pty_term_mode_onocr,
7213 { "Translate newline to carriage-return newline (output)", "ssh.pty_term_mode.onocr",
7214 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7215 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7216
7217 { &hf_ssh_pty_term_mode_onlret,
7218 { "Newline performs a carriage return (output)", "ssh.pty_term_mode.onlret",
7219 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7220 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7221
7222 { &hf_ssh_pty_term_mode_cs7,
7223 { "7 bit mode", "ssh.pty_term_mode.cs7",
7224 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7225 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7226
7227 { &hf_ssh_pty_term_mode_cs8,
7228 { "8 bit mode", "ssh.pty_term_mode.cs8",
7229 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7230 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7231
7232 { &hf_ssh_pty_term_mode_parenb,
7233 { "Parity enable", "ssh.pty_term_mode.parenb",
7234 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7235 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7236
7237 { &hf_ssh_pty_term_mode_parodd,
7238 { "Odd parity", "ssh.pty_term_mode.parodd",
7239 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7240 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7241
7242 { &hf_ssh_pty_term_mode_ispeed,
7243 { "Input baud rate", "ssh.pty_term_mode.ispeed",
7244 FT_UINT32, BASE_DEC|BASE_UNIT_STRING0x00001000, UNS(&units_bit_sec)((0 ? (const struct unit_name_string*)0 : ((&units_bit_sec
)))), 0x0,
7245 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7246
7247 { &hf_ssh_pty_term_mode_ospeed,
7248 { "Output baud rate", "ssh.pty_term_mode.ospeed",
7249 FT_UINT32, BASE_DEC|BASE_UNIT_STRING0x00001000, UNS(&units_bit_sec)((0 ? (const struct unit_name_string*)0 : ((&units_bit_sec
)))), 0x0,
7250 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7251
7252 { &hf_ssh_pty_term_mode_value,
7253 { "Value", "ssh.pty_term_mode.value",
7254 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
7255 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7256
7257 { &hf_ssh_exit_status,
7258 { "Exit status", "ssh.exit_status",
7259 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
7260 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7261
7262 { &hf_ssh_channel_window_adjust,
7263 { "Bytes to add", "ssh.channel_window_adjust",
7264 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
7265 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7266
7267 { &hf_ssh_channel_data_len,
7268 { "Data length", "ssh.channel_data_length",
7269 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
7270 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7271
7272 { &hf_ssh_channel_data_type_code,
7273 { "Data Type Code", "ssh.channel_data_type_code",
7274 FT_UINT32, BASE_DEC, VALS(ssh_channel_data_type_code_vals)((0 ? (const struct _value_string*)0 : ((ssh_channel_data_type_code_vals
)))), 0x0,
7275 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) } },
7276
7277 { &hf_ssh_reassembled_in,
7278 { "Reassembled PDU in frame", "ssh.reassembled_in",
7279 FT_FRAMENUM, BASE_NONE, NULL((void*)0), 0x0,
7280 "The PDU that doesn't end in this segment is reassembled in this frame", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7281
7282 { &hf_ssh_reassembled_length,
7283 { "Reassembled PDU length", "ssh.reassembled.length",
7284 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
7285 "The total length of the reassembled payload", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7286
7287 { &hf_ssh_reassembled_data,
7288 { "Reassembled PDU data", "ssh.reassembled.data",
7289 FT_BYTES, BASE_NONE, NULL((void*)0), 0x00,
7290 "The payload of multiple reassembled SSH segments", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7291
7292 { &hf_ssh_segments,
7293 { "Reassembled SSH segments", "ssh.segments",
7294 FT_NONE, BASE_NONE, NULL((void*)0), 0x0,
7295 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7296
7297 { &hf_ssh_segment,
7298 { "SSH segment", "ssh.segment",
7299 FT_FRAMENUM, BASE_NONE, NULL((void*)0), 0x0,
7300 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7301
7302 { &hf_ssh_segment_overlap,
7303 { "Segment overlap", "ssh.segment.overlap",
7304 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7305 "Segment overlaps with other segments", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7306
7307 { &hf_ssh_segment_overlap_conflict,
7308 { "Conflicting data in segment overlap", "ssh.segment.overlap.conflict",
7309 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7310 "Overlapping segments contained conflicting data", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7311
7312 { &hf_ssh_segment_multiple_tails,
7313 { "Multiple tail segments found", "ssh.segment.multipletails",
7314 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7315 "Several tails were found when reassembling the pdu", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7316
7317 { &hf_ssh_segment_too_long_fragment,
7318 { "Segment too long", "ssh.segment.toolongfragment",
7319 FT_BOOLEAN, BASE_NONE, NULL((void*)0), 0x0,
7320 "Segment contained data past end of the pdu", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7321
7322 { &hf_ssh_segment_error,
7323 { "Reassembling error", "ssh.segment.error",
7324 FT_FRAMENUM, BASE_NONE, NULL((void*)0), 0x0,
7325 "Reassembling error due to illegal segments", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7326
7327 { &hf_ssh_segment_count,
7328 { "Segment count", "ssh.segment.count",
7329 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
7330 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7331
7332 { &hf_ssh_segment_data,
7333 { "SSH segment data", "ssh.segment.data",
7334 FT_BYTES, BASE_NONE, NULL((void*)0), 0x00,
7335 "The payload of a single SSH segment", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }},
7336
7337 { &hf_ssh_hybrid_blob_client,
7338 { "Hybrid Key Exchange Blob Client", "ssh.kex_hybrid_blob_client",
7339 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, "Client post-quantum hybrid blob", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
7340 },
7341
7342 { &hf_ssh_hybrid_blob_client_len,
7343 { "Hybrid Key Exchange Blob Client Length", "ssh.kex_hybrid_blob_client_len",
7344 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0, "Length of client post-quantum hybrid blob", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
7345 },
7346
7347 { &hf_ssh_hybrid_blob_server,
7348 { "Hybrid Key Exchange Blob Server", "ssh.kex_hybrid_blob_server",
7349 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0, "Server post-quantum hybrid blob", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
7350 },
7351
7352 { &hf_ssh_hybrid_blob_server_len,
7353 { "Hybrid Key Exchange Blob Server Length", "ssh.kex_hybrid_blob_server_len",
7354 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0, "Length of server post-quantum hybrid blob", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
7355 },
7356
7357 { &hf_ssh_pq_kem_client,
7358 { "Client PQ KEM Public Key", "ssh.kex.pq_kem_client",
7359 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
7360 "Post-quantum key (client)", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
7361 },
7362
7363 { &hf_ssh_pq_kem_server,
7364 { "Server PQ KEM Response", "ssh.kex.pq_kem_server",
7365 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
7366 "Post-quantum ciphertext (server response)", HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
7367 },
7368
7369 };
7370
7371 static int *ett[] = {
7372 &ett_ssh,
7373 &ett_key_exchange,
7374 &ett_key_exchange_host_key,
7375 &ett_key_exchange_host_sig,
7376 &ett_extension,
7377 &ett_userauth_pk_blob,
7378 &ett_userauth_pk_signature,
7379 &ett_term_modes,
7380 &ett_term_mode,
7381 &ett_ssh1,
7382 &ett_ssh2,
7383 &ett_key_init,
7384 &ett_ssh_segments,
7385 &ett_ssh_pqhybrid_client, // added for PQ hybrid CLIENT dissection
7386 &ett_ssh_pqhybrid_server, // added for PQ hybrid SERVER dissection
7387 &ett_ssh_segment
7388 };
7389
7390 static ei_register_info ei[] = {
7391 { &ei_ssh_packet_length, { "ssh.packet_length.error", PI_PROTOCOL0x09000000, PI_WARN0x00600000, "Invalid packet length", EXPFILL0, ((void*)0), 0, ((void*)0), {0, {((void*)0), ((void*)0), FT_NONE
, BASE_NONE, ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE
, -1, ((void*)0)}} }},
7392 { &ei_ssh_padding_length, { "ssh.padding_length.error", PI_PROTOCOL0x09000000, PI_WARN0x00600000, "Invalid padding length", EXPFILL0, ((void*)0), 0, ((void*)0), {0, {((void*)0), ((void*)0), FT_NONE
, BASE_NONE, ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE
, -1, ((void*)0)}} }},
7393 { &ei_ssh_packet_decode, { "ssh.packet_decode.error", PI_UNDECODED0x05000000, PI_WARN0x00600000, "Packet decoded length not equal to packet length", EXPFILL0, ((void*)0), 0, ((void*)0), {0, {((void*)0), ((void*)0), FT_NONE
, BASE_NONE, ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE
, -1, ((void*)0)}} }},
7394 { &ei_ssh_channel_number, { "ssh.channel_number.error", PI_PROTOCOL0x09000000, PI_WARN0x00600000, "Could not find channel", EXPFILL0, ((void*)0), 0, ((void*)0), {0, {((void*)0), ((void*)0), FT_NONE
, BASE_NONE, ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE
, -1, ((void*)0)}} }},
7395 { &ei_ssh_invalid_keylen, { "ssh.key_length.error", PI_PROTOCOL0x09000000, PI_ERROR0x00800000, "Invalid key length", EXPFILL0, ((void*)0), 0, ((void*)0), {0, {((void*)0), ((void*)0), FT_NONE
, BASE_NONE, ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE
, -1, ((void*)0)}} }},
7396 { &ei_ssh_mac_bad, { "ssh.mac_bad.expert", PI_CHECKSUM0x01000000, PI_ERROR0x00800000, "Bad MAC", EXPFILL0, ((void*)0), 0, ((void*)0), {0, {((void*)0), ((void*)0), FT_NONE
, BASE_NONE, ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE
, -1, ((void*)0)}} }},
7397 { &ei_ssh2_kex_hybrid_msg_code, { "ssh.kex_hybrid_msg_code", PI_SECURITY0x0a000000, PI_NOTE0x00400000, "Hybrid KEX encountered", EXPFILL0, ((void*)0), 0, ((void*)0), {0, {((void*)0), ((void*)0), FT_NONE
, BASE_NONE, ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE
, -1, ((void*)0)}} }},
7398 { &ei_ssh2_kex_hybrid_msg_code_unknown, { "ssh.kex_hybrid_msg_code.unknown", PI_UNDECODED0x05000000, PI_NOTE0x00400000, "Unknown KEX_HYBRID message code", EXPFILL0, ((void*)0), 0, ((void*)0), {0, {((void*)0), ((void*)0), FT_NONE
, BASE_NONE, ((void*)0), 0, ((void*)0), -1, 0, HF_REF_TYPE_NONE
, -1, ((void*)0)}} }},
7399
7400 };
7401 module_t *ssh_module;
7402 expert_module_t *expert_ssh;
7403
7404 proto_ssh = proto_register_protocol("SSH Protocol", "SSH", "ssh");
7405 proto_register_field_array(proto_ssh, hf, array_length(hf)(sizeof (hf) / sizeof (hf)[0]));
7406 proto_register_subtree_array(ett, array_length(ett)(sizeof (ett) / sizeof (ett)[0]));
7407 expert_ssh = expert_register_protocol(proto_ssh);
7408 expert_register_field_array(expert_ssh, ei, array_length(ei)(sizeof (ei) / sizeof (ei)[0]));
7409
7410#ifdef SSH_DECRYPT_DEBUG
7411 ssh_module = prefs_register_protocol(proto_ssh, ssh_prefs_apply_cb);
7412#else
7413 ssh_module = prefs_register_protocol(proto_ssh, NULL((void*)0));
7414#endif
7415 prefs_register_bool_preference(ssh_module, "desegment_buffers",
7416 "Reassemble SSH buffers spanning multiple TCP segments",
7417 "Whether the SSH dissector should reassemble SSH buffers spanning multiple TCP segments. "
7418 "To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
7419 &ssh_desegment);
7420 prefs_register_bool_preference(ssh_module, "ignore_ssh_mac_failed",
7421 "Ignore Message Authentication Code (MAC) failure",
7422 "For troubleshooting purposes, decrypt even if the "
7423 "Message Authentication Code (MAC) check fails.",
7424 &ssh_ignore_mac_failed);
7425
7426 ssh_master_key_map = g_hash_table_new_full(ssh_hash, ssh_equal, ssh_free_glib_allocated_bignum, ssh_free_glib_allocated_entry);
7427 prefs_register_filename_preference(ssh_module, "keylog_file", "Key log filename",
7428 "The path to the file which contains a list of key exchange secrets in the following format:\n"
7429 "\"<hex-encoded-cookie> <PRIVATE_KEY|SHARED_SECRET> <hex-encoded-key>\" (without quotes or leading spaces).\n",
7430 &pref_keylog_file, false0);
7431
7432 prefs_register_filename_preference(ssh_module, "debug_file", "SSH debug file",
7433 "Redirect SSH debug to the file specified. Leave empty to disable debugging "
7434 "or use \"" SSH_DEBUG_USE_STDERR"-" "\" to redirect output to stderr.",
7435 &ssh_debug_file_name, true1);
7436
7437 secrets_register_type(SECRETS_TYPE_SSH0x5353484b, ssh_secrets_block_callback);
7438
7439 ssh_handle = register_dissector("ssh", dissect_ssh, proto_ssh);
7440 reassembly_table_register(&ssh_reassembly_table, &tcp_reassembly_table_functions);
7441 register_shutdown_routine(ssh_shutdown);
7442}
7443
7444void
7445proto_reg_handoff_ssh(void)
7446{
7447#ifdef SSH_DECRYPT_DEBUG
7448 ssh_set_debug(ssh_debug_file_name);
7449#endif
7450 dissector_add_uint_range_with_preference("tcp.port", TCP_RANGE_SSH"22", ssh_handle);
7451 dissector_add_uint("sctp.port", SCTP_PORT_SSH22, ssh_handle);
7452 dissector_add_uint("sctp.ppi", SSH_PAYLOAD_PROTOCOL_ID45, ssh_handle);
7453 sftp_handle = find_dissector_add_dependency("sftp", proto_ssh);
7454 data_text_lines_handle = find_dissector_add_dependency("data-text-lines", proto_ssh);
7455
7456 heur_dissector_add("tcp", dissect_ssh_heur, "SSH over TCP", "ssh_tcp", proto_ssh, HEURISTIC_ENABLE);
7457}
7458
7459/*
7460 * Editor modelines - https://www.wireshark.org/tools/modelines.html
7461 *
7462 * Local variables:
7463 * c-basic-offset: 4
7464 * tab-width: 8
7465 * indent-tabs-mode: nil
7466 * End:
7467 *
7468 * vi: set shiftwidth=4 tabstop=8 expandtab:
7469 * :indentSize=4:tabSize=8:noTabs=true:
7470 */