ssh: add hostkey information

Adds a framework for hostkey to be printed out separately from the rest of the key exchange. This will allow for individual key information to be presented separately in subsequent changes. Change-Id: I27433772ef1a9e1c45f388809017ed07cf6e41fa Reviewed-on: https://code.wireshark.org/review/15974 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Kenny Root <kenny@the-b.org> 2016-06-15 17:05:54 -0700
committer: Anders Broman <a.broman58@gmail.com> 2016-06-17 17:26:41 +0000
commit: e600526ccd5aee4686f0f8e0f2cfdf3a3c361388 (patch)
tree: 19847608901088ae39f7d5a47a6954f22d1c571a /epan/dissectors/packet-ssh.c
parent: ecd4120934b09d7f28fc3c96ed4c7b47aa7d3de6 (diff)
1 files changed, 56 insertions, 6 deletions
diff --git a/epan/dissectors/packet-ssh.c b/epan/dissectors/packet-ssh.c
index 53bd322ccc..08bad96b12 100644
--- a/epan/dissectors/packet-ssh.c
+++ b/epan/dissectors/packet-ssh.c
@@ -139,7 +139,9 @@ static int hf_ssh_mpint_e= -1;
 static int hf_ssh_mpint_f= -1;
 static int hf_ssh_mpint_length= -1;
 static int hf_ssh_kexdh_host_key= -1;
-static int hf_ssh_kexdh_host_key_length= -1;
+static int hf_ssh_hostkey_length= -1;
+static int hf_ssh_hostkey_type= -1;
+static int hf_ssh_hostkey_data= -1;
 static int hf_ssh_kexdh_h_sig= -1;
 static int hf_ssh_kexdh_h_sig_length= -1;
 static int hf_ssh_kex_algorithms = -1;
@@ -167,6 +169,7 @@ static int hf_ssh_kex_reserved = -1;
 
 static gint ett_ssh = -1;
 static gint ett_key_exchange = -1;
+static gint ett_key_exchange_host_key = -1;
 static gint ett_key_init = -1;
 static gint ett_ssh1 = -1;
 static gint ett_ssh2 = -1;
@@ -616,6 +619,42 @@ ssh_tree_add_string(tvbuff_t *tvb, int offset, proto_tree *tree,
 }
 
 static int
+ssh_tree_add_hostkey(tvbuff_t *tvb, int offset, proto_tree *parent_tree, const char *tree_name,
+                     int ett_idx)
+{
+    proto_tree *tree = NULL;
+    int last_offset;
+    int remaining_len;
+    guint key_len, type_len;
+    guint8* key_type;
+    gchar *tree_title;
+
+    last_offset = offset;
+
+    key_len = tvb_get_ntohl(tvb, offset);
+    offset += 4;
+
+    /* Read the key type before creating the tree so we can append it as info. */
+    type_len = tvb_get_ntohl(tvb, offset);
+    offset += 4;
+    key_type = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, type_len, ENC_ASCII|ENC_NA);
+
+    tree_title = wmem_strdup_printf(wmem_packet_scope(), "%s (type: %s)", tree_name, key_type);
+    tree = proto_tree_add_subtree(parent_tree, tvb, last_offset, key_len, ett_idx, NULL,
+                                  tree_title);
+
+    proto_tree_add_uint(tree, hf_ssh_hostkey_length, tvb, last_offset, 4, key_len);
+    proto_tree_add_string(tree, hf_ssh_hostkey_type, tvb, offset, type_len, key_type);
+    offset += type_len;
+
+    remaining_len = key_len - (type_len + 4);
+    proto_tree_add_item(tree, hf_ssh_hostkey_data, tvb, offset, remaining_len, ENC_NA);
+    offset += remaining_len;
+
+    return 4+key_len;
+}
+
+static int
 ssh_dissect_key_exchange(tvbuff_t *tvb, packet_info *pinfo,
         struct ssh_flow_data *global_data,
         int offset, proto_tree *tree, int is_response,
@@ -774,7 +813,7 @@ static int ssh_dissect_kex_dh(guint8 msg_code, tvbuff_t *tvb,
         break;
 
     case SSH_MSG_KEXDH_REPLY:
-        offset += ssh_tree_add_string(tvb, offset, tree, hf_ssh_kexdh_host_key, hf_ssh_kexdh_host_key_length);
+        offset += ssh_tree_add_hostkey(tvb, offset, tree, "KEX DH host key", ett_key_exchange_host_key);
         offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_mpint_f);
         offset += ssh_tree_add_string(tvb, offset, tree, hf_ssh_kexdh_h_sig, hf_ssh_kexdh_h_sig_length);
         break;
@@ -808,7 +847,7 @@ static int ssh_dissect_kex_dh_gex(guint8 msg_code, tvbuff_t *tvb,
         break;
 
     case SSH_MSG_KEX_DH_GEX_REPLY:
-        offset += ssh_tree_add_string(tvb, offset, tree, hf_ssh_kexdh_host_key, hf_ssh_kexdh_host_key_length);
+        offset += ssh_tree_add_string(tvb, offset, tree, hf_ssh_kexdh_host_key, hf_ssh_hostkey_length);
         offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_mpint_f);
         offset += ssh_tree_add_string(tvb, offset, tree, hf_ssh_kexdh_h_sig, hf_ssh_kexdh_h_sig_length);
         break;
@@ -1205,10 +1244,20 @@ proto_register_ssh(void)
             FT_BYTES, BASE_NONE, NULL, 0x0,
             "SSH KEX DH H signature", HFILL }},
 
-        { &hf_ssh_kexdh_host_key_length,
-          { "KEX DH host key length",         "ssh.kexdh.host_key_length",
+        { &hf_ssh_hostkey_length,
+          { "Host key length",         "ssh.host_key.length",
             FT_UINT32, BASE_DEC, NULL, 0x0,
-            "SSH KEX DH host key length", HFILL }},
+            NULL, HFILL }},
+
+        { &hf_ssh_hostkey_type,
+          { "Host key type",         "ssh.host_key.type",
+            FT_STRING, BASE_NONE, NULL, 0x0,
+            NULL, HFILL }},
+
+        { &hf_ssh_hostkey_data,
+          { "Host key data",         "ssh.host_key.data",
+            FT_BYTES, BASE_NONE, NULL, 0x0,
+            NULL, HFILL }},
 
         { &hf_ssh_kexdh_h_sig_length,
           { "KEX DH H signature length",         "ssh.kexdh.h_sig_length",
@@ -1374,6 +1423,7 @@ proto_register_ssh(void)
     static gint *ett[] = {
         &ett_ssh,
         &ett_key_exchange,
+        &ett_key_exchange_host_key,
         &ett_ssh1,
         &ett_ssh2,
         &ett_key_init
author	Kenny Root <kenny@the-b.org>	2016-06-15 17:05:54 -0700
committer	Anders Broman <a.broman58@gmail.com>	2016-06-17 17:26:41 +0000
commit	e600526ccd5aee4686f0f8e0f2cfdf3a3c361388 (patch)
tree	19847608901088ae39f7d5a47a6954f22d1c571a /epan/dissectors/packet-ssh.c
parent	ecd4120934b09d7f28fc3c96ed4c7b47aa7d3de6 (diff)