Ethereal-dev: Re: [Ethereal-dev] patch for SSH Version 1 support

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Yaniv Kaul <ykaul@xxxxxxxxxxxxxx>
Date: Wed, 29 Jan 2003 12:29:11 +0200
I'd like to add deeper parsing of payloads into the SSH dissector, but was wondering perhaps you (or anyone else on the list) are already working on it. 
For example, on SSH_MSG_KEXDH_REPLY, the packet format is:
byte      SSH_MSG_KEXDH_REPLY
string    server public host key and certificates (K_S)
mpint     f
string    signature of H

Now, the string K_S, is actually:
    string   certificate or public key format identifier
    byte[n]  key/certificate data

Which means we can actually parse KEXDH_REPLY deeper.
See section 4.6 of the transport draft (http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.txt) 
For example, for ssh-rsa, we could actually have:

SSH_MSG_KEXDH_REPLY
   Length:
   +Certificate
       - Certificate format length: 4
       - Certificate format: ssh-rsa
           - 'mpint 'e' length' :
           - 'e':
           - 'mpint 'n' length:
           - 'n':
   + 'f'
       - 'mpint 'f' length:
       - 'f'
   + 'signature of H'
       - 'length of '...H':
       - 'H':
What do you think?