Draft: Improving ssh decryption and dissection
Add decryption. Add retrieval of cookie/private key in DSB. Add dissection of STFP protocol.
This code is based on #16054
Working algorithms: (mostly ssh-audit v2.3.1 recommendations)
- key exchange algorithms (kex) [essential for decryption]
-
diffie-hellman-group-exchange-sha256 -
diffie-hellman-group16-sha512 -
diffie-hellman-group18-sha512 -
diffie-hellman-group14-sha256 -
diffie-hellman-group14-sha1 -
diffie-hellman-group1-sha1 -
curve25519-sha256 / curve25519-sha256@libssh.org
- host-key algorithms (key) [not necessary for decryption]
-
rsa-sha2-256 / rsa-sha2-512 -
ssh-ed25519
- encryption algorithms (ciphers) [essential for decryption]
-
chacha20-poly1305 -
aes128-ctr / aes192-ctr / aes256-ctr -
aes128-cbc / aes192-cbc / aes256-cbc -
aes128-gcm / aes256-gcm
- message authentication code (mac) [not necessary for decryption]
-
umac-128-etm -
hmac-sha2-256-etm / hmac-sha2-512-etm
Test file: ssh-test.zip
- ssh.pcapng / ssh.txt a short ssh session, and its key file
- sshS.pcapng the same short ssh session, but the key is embedded in the capture file
- sftp.pcapng / sftp.txt a short sftp session, and its key file
- sftpS.pcapng the same short sftp session, but the key is embedded in the capture file
Edited by Jerome-PS