From: Vadym Malakhatko Date: Tue, 30 Jun 2020 09:59:34 +0000 (+0300) Subject: rust/ssh: add hassh generation X-Git-Tag: suricata-6.0.0-beta1~257 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=536cee3ba98aa71d9e4a5ee4c56c960c7e71df49;p=thirdparty%2Fsuricata.git rust/ssh: add hassh generation Add generation of hassh fingerprints based on fields in the kexinit record --- diff --git a/rust/Cargo.toml.in b/rust/Cargo.toml.in index 61f4a73ab9..0b143d3e13 100644 --- a/rust/Cargo.toml.in +++ b/rust/Cargo.toml.in @@ -28,6 +28,7 @@ num = "0.2" num-derive = "0.2" num-traits = "0.2" widestring = "0.4" +md5 = "0.7.0" der-parser = "3.0" kerberos-parser = "0.4" diff --git a/rust/src/ssh/detect.rs b/rust/src/ssh/detect.rs index 8b2b0dfe08..ed5341625b 100644 --- a/rust/src/ssh/detect.rs +++ b/rust/src/ssh/detect.rs @@ -90,3 +90,81 @@ pub extern "C" fn rs_ssh_tx_get_software( return 0; } + +#[no_mangle] +pub extern "C" fn rs_ssh_tx_get_hassh( + tx: *mut std::os::raw::c_void, + buffer: *mut *const u8, + buffer_len: *mut u32, + direction: u8, +) -> u8 { + let tx = cast_pointer!(tx, SSHTransaction); + match direction { + STREAM_TOSERVER => { + let m = &tx.cli_hdr.hassh; + if m.len() > 0 { + unsafe { + *buffer = m.as_ptr(); + *buffer_len = m.len() as u32; + } + return 1; + } + } + STREAM_TOCLIENT => { + let m = &tx.srv_hdr.hassh; + if m.len() > 0 { + unsafe { + *buffer = m.as_ptr(); + *buffer_len = m.len() as u32; + } + return 1; + } + } + _ => {} + } + unsafe { + *buffer = ptr::null(); + *buffer_len = 0; + } + + return 0; +} + +#[no_mangle] +pub extern "C" fn rs_ssh_tx_get_hassh_string( + tx: *mut std::os::raw::c_void, + buffer: *mut *const u8, + buffer_len: *mut u32, + direction: u8, +) -> u8 { + let tx = cast_pointer!(tx, SSHTransaction); + match direction { + STREAM_TOSERVER => { + let m = &tx.cli_hdr.hassh_string; + if m.len() > 0 { + unsafe { + *buffer = m.as_ptr(); + *buffer_len = m.len() as u32; + } + return 1; + } + } + STREAM_TOCLIENT => { + let m = &tx.srv_hdr.hassh_string; + if m.len() > 0 { + unsafe { + *buffer = m.as_ptr(); + *buffer_len = m.len() as u32; + } + return 1; + } + } + _ => {} + } + unsafe { + *buffer = ptr::null(); + *buffer_len = 0; + } + + return 0; +} diff --git a/rust/src/ssh/parser.rs b/rust/src/ssh/parser.rs index 1d2ad8439c..a626359f78 100644 --- a/rust/src/ssh/parser.rs +++ b/rust/src/ssh/parser.rs @@ -19,6 +19,40 @@ use nom::combinator::rest; use nom::number::streaming::{be_u32, be_u8}; use std::fmt; +#[derive(PartialEq, Eq, Copy, Clone, Debug)] +pub enum MessageCode { + SshMsgDisconnect, + SshMsgIgnore, + SshMsgUnimplemented, + SshMsgDebug, + SshMsgServiceRequest, + SshMsgServiceAccept, + SshMsgKexinit, + SshMsgNewKeys, + SshMsgKexdhInit, + SshMsgKexdhReply, + + SshMsgUndefined(u8), +} + +impl MessageCode { + fn from_u8(value: u8) -> MessageCode { + match value { + 1 => MessageCode::SshMsgDisconnect, + 2 => MessageCode::SshMsgIgnore, + 3 => MessageCode::SshMsgUnimplemented, + 4 => MessageCode::SshMsgDebug, + 5 => MessageCode::SshMsgServiceRequest, + 6 => MessageCode::SshMsgServiceAccept, + 20 => MessageCode::SshMsgKexinit, + 21 => MessageCode::SshMsgNewKeys, + 30 => MessageCode::SshMsgKexdhInit, + 31 => MessageCode::SshMsgKexdhReply, + _ => MessageCode::SshMsgUndefined(value), + } + } +} + #[inline] fn is_not_lineend(b: u8) -> bool { if b == 10 || b == 13 { @@ -63,14 +97,14 @@ named!(pub ssh_parse_banner, pub struct SshRecordHeader { pub pkt_len: u32, padding_len: u8, - pub msg_code: u8, + pub msg_code: MessageCode, } impl fmt::Display for SshRecordHeader { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { write!( f, - "(pkt_len:{}, padding_len:{}, msg_code:{})", + "(pkt_len:{}, padding_len:{}, msg_code:{:?})", self.pkt_len, self.padding_len, self.msg_code ) } @@ -81,7 +115,9 @@ named!(pub ssh_parse_record_header, pkt_len: verify!(be_u32, |&val| val > 1) >> padding_len: be_u8 >> msg_code: be_u8 >> - (SshRecordHeader{pkt_len, padding_len, msg_code}) + (SshRecordHeader{pkt_len: pkt_len, + padding_len: padding_len, + msg_code: MessageCode::from_u8(msg_code)}) ) ); @@ -92,10 +128,91 @@ named!(pub ssh_parse_record, padding_len: be_u8 >> msg_code: be_u8 >> take!((pkt_len-2) as usize) >> - (SshRecordHeader{pkt_len, padding_len, msg_code}) + (SshRecordHeader{pkt_len: pkt_len, + padding_len: padding_len, + msg_code: MessageCode::from_u8(msg_code)}) ) ); +#[derive(Debug,PartialEq)] +pub struct SshPacketKeyExchange<'a> { + pub cookie: &'a[u8], + pub kex_algs: &'a [u8], + pub server_host_key_algs: &'a [u8], + pub encr_algs_client_to_server: &'a [u8], + pub encr_algs_server_to_client: &'a [u8], + pub mac_algs_client_to_server: &'a [u8], + pub mac_algs_server_to_client: &'a [u8], + pub comp_algs_client_to_server: &'a [u8], + pub comp_algs_server_to_client: &'a [u8], + pub langs_client_to_server: &'a [u8], + pub langs_server_to_client: &'a [u8], + pub first_kex_packet_follows: u8, + pub reserved: u32, +} + +use md5::compute; + +const SSH_HASSH_STRING_DELIMITER_SLICE: [u8; 1] = [b';']; + +impl<'a> SshPacketKeyExchange<'a> { + pub fn generate_hassh(&self, hassh_string: &mut Vec, hassh: &mut Vec, to_server: &bool) { + let slices = if *to_server { + [self.kex_algs, &SSH_HASSH_STRING_DELIMITER_SLICE, + self.encr_algs_server_to_client, &SSH_HASSH_STRING_DELIMITER_SLICE, + self.mac_algs_server_to_client, &SSH_HASSH_STRING_DELIMITER_SLICE, + self.comp_algs_server_to_client]} + else { + [self.kex_algs, &SSH_HASSH_STRING_DELIMITER_SLICE, + self.encr_algs_client_to_server, &SSH_HASSH_STRING_DELIMITER_SLICE, + self.mac_algs_client_to_server, &SSH_HASSH_STRING_DELIMITER_SLICE, + self.comp_algs_client_to_server] + }; + // reserving memory + hassh_string.reserve_exact(slices.iter().fold(0, |acc, x| acc + x.len())); + // copying slices to hassh string + slices.iter().for_each(|&x| hassh_string.extend_from_slice(x)); + hassh.extend(format!("{:x?}", compute(&hassh_string)).as_bytes()); + } +} + +named!(parse_string<&[u8]>, do_parse!( + len: be_u32 >> + string: take!(len) >> + ( string ) +)); + +named!(pub ssh_parse_key_exchange, do_parse!( + cookie: take!(16) >> + kex_algs: parse_string >> + server_host_key_algs: parse_string >> + encr_algs_client_to_server: parse_string >> + encr_algs_server_to_client: parse_string >> + mac_algs_client_to_server: parse_string >> + mac_algs_server_to_client: parse_string >> + comp_algs_client_to_server: parse_string >> + comp_algs_server_to_client: parse_string >> + langs_client_to_server: parse_string >> + langs_server_to_client: parse_string >> + first_kex_packet_follows: be_u8 >> + reserved: be_u32 >> + ( SshPacketKeyExchange { + cookie: cookie, + kex_algs: kex_algs, + server_host_key_algs: server_host_key_algs, + encr_algs_client_to_server: encr_algs_client_to_server, + encr_algs_server_to_client: encr_algs_server_to_client, + mac_algs_client_to_server: mac_algs_client_to_server, + mac_algs_server_to_client: mac_algs_server_to_client, + comp_algs_client_to_server: comp_algs_client_to_server, + comp_algs_server_to_client: comp_algs_server_to_client, + langs_client_to_server: langs_client_to_server, + langs_server_to_client: langs_server_to_client, + first_kex_packet_follows: first_kex_packet_follows, + reserved: reserved, + } ) +)); + #[cfg(test)] mod tests { @@ -192,5 +309,396 @@ mod tests { } } } + #[test] + fn test_parse_key_exchange() { + let client_key_exchange = [0x18 ,0x70 ,0xCB ,0xA4 ,0xA3 ,0xD4 ,0xDC ,0x88 ,0x6F + ,0xFD ,0x76 ,0x06 ,0xCF ,0x36 ,0x1B ,0xC6 ,0x00 ,0x00 ,0x01 ,0x0D ,0x63 ,0x75 ,0x72 ,0x76 + ,0x65 ,0x32 ,0x35 ,0x35 ,0x31 ,0x39 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x35 ,0x36 ,0x2C ,0x63 + ,0x75 ,0x72 ,0x76 ,0x65 ,0x32 ,0x35 ,0x35 ,0x31 ,0x39 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x35 + ,0x36 ,0x40 ,0x6C ,0x69 ,0x62 ,0x73 ,0x73 ,0x68 ,0x2E ,0x6F ,0x72 ,0x67 ,0x2C ,0x65 ,0x63 + ,0x64 ,0x68 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x6E ,0x69 ,0x73 ,0x74 ,0x70 ,0x32 ,0x35 + ,0x36 ,0x2C ,0x65 ,0x63 ,0x64 ,0x68 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x6E ,0x69 ,0x73 + ,0x74 ,0x70 ,0x33 ,0x38 ,0x34 ,0x2C ,0x65 ,0x63 ,0x64 ,0x68 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 + ,0x2D ,0x6E ,0x69 ,0x73 ,0x74 ,0x70 ,0x35 ,0x32 ,0x31 ,0x2C ,0x64 ,0x69 ,0x66 ,0x66 ,0x69 + ,0x65 ,0x2D ,0x68 ,0x65 ,0x6C ,0x6C ,0x6D ,0x61 ,0x6E ,0x2D ,0x67 ,0x72 ,0x6F ,0x75 ,0x70 + ,0x2D ,0x65 ,0x78 ,0x63 ,0x68 ,0x61 ,0x6E ,0x67 ,0x65 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x35 + ,0x36 ,0x2C ,0x64 ,0x69 ,0x66 ,0x66 ,0x69 ,0x65 ,0x2D ,0x68 ,0x65 ,0x6C ,0x6C ,0x6D ,0x61 + ,0x6E ,0x2D ,0x67 ,0x72 ,0x6F ,0x75 ,0x70 ,0x31 ,0x36 ,0x2D ,0x73 ,0x68 ,0x61 ,0x35 ,0x31 + ,0x32 ,0x2C ,0x64 ,0x69 ,0x66 ,0x66 ,0x69 ,0x65 ,0x2D ,0x68 ,0x65 ,0x6C ,0x6C ,0x6D ,0x61 + ,0x6E ,0x2D ,0x67 ,0x72 ,0x6F ,0x75 ,0x70 ,0x31 ,0x38 ,0x2D ,0x73 ,0x68 ,0x61 ,0x35 ,0x31 + ,0x32 ,0x2C ,0x64 ,0x69 ,0x66 ,0x66 ,0x69 ,0x65 ,0x2D ,0x68 ,0x65 ,0x6C ,0x6C ,0x6D ,0x61 + ,0x6E ,0x2D ,0x67 ,0x72 ,0x6F ,0x75 ,0x70 ,0x31 ,0x34 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x35 + ,0x36 ,0x2C ,0x64 ,0x69 ,0x66 ,0x66 ,0x69 ,0x65 ,0x2D ,0x68 ,0x65 ,0x6C ,0x6C ,0x6D ,0x61 + ,0x6E ,0x2D ,0x67 ,0x72 ,0x6F ,0x75 ,0x70 ,0x31 ,0x34 ,0x2D ,0x73 ,0x68 ,0x61 ,0x31 ,0x2C + ,0x65 ,0x78 ,0x74 ,0x2D ,0x69 ,0x6E ,0x66 ,0x6F ,0x2D ,0x63 ,0x00 ,0x00 ,0x01 ,0x66 ,0x65 + ,0x63 ,0x64 ,0x73 ,0x61 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x6E ,0x69 ,0x73 ,0x74 ,0x70 + ,0x32 ,0x35 ,0x36 ,0x2D ,0x63 ,0x65 ,0x72 ,0x74 ,0x2D ,0x76 ,0x30 ,0x31 ,0x40 ,0x6F ,0x70 + ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x65 ,0x63 ,0x64 ,0x73 ,0x61 + ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x6E ,0x69 ,0x73 ,0x74 ,0x70 ,0x33 ,0x38 ,0x34 ,0x2D + ,0x63 ,0x65 ,0x72 ,0x74 ,0x2D ,0x76 ,0x30 ,0x31 ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 + ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x65 ,0x63 ,0x64 ,0x73 ,0x61 ,0x2D ,0x73 ,0x68 ,0x61 + ,0x32 ,0x2D ,0x6E ,0x69 ,0x73 ,0x74 ,0x70 ,0x35 ,0x32 ,0x31 ,0x2D ,0x63 ,0x65 ,0x72 ,0x74 + ,0x2D ,0x76 ,0x30 ,0x31 ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F + ,0x6D ,0x2C ,0x65 ,0x63 ,0x64 ,0x73 ,0x61 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x6E ,0x69 + ,0x73 ,0x74 ,0x70 ,0x32 ,0x35 ,0x36 ,0x2C ,0x65 ,0x63 ,0x64 ,0x73 ,0x61 ,0x2D ,0x73 ,0x68 + ,0x61 ,0x32 ,0x2D ,0x6E ,0x69 ,0x73 ,0x74 ,0x70 ,0x33 ,0x38 ,0x34 ,0x2C ,0x65 ,0x63 ,0x64 + ,0x73 ,0x61 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x6E ,0x69 ,0x73 ,0x74 ,0x70 ,0x35 ,0x32 + ,0x31 ,0x2C ,0x73 ,0x73 ,0x68 ,0x2D ,0x65 ,0x64 ,0x32 ,0x35 ,0x35 ,0x31 ,0x39 ,0x2D ,0x63 + ,0x65 ,0x72 ,0x74 ,0x2D ,0x76 ,0x30 ,0x31 ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 + ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x72 ,0x73 ,0x61 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x35 + ,0x31 ,0x32 ,0x2D ,0x63 ,0x65 ,0x72 ,0x74 ,0x2D ,0x76 ,0x30 ,0x31 ,0x40 ,0x6F ,0x70 ,0x65 + ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x72 ,0x73 ,0x61 ,0x2D ,0x73 ,0x68 + ,0x61 ,0x32 ,0x2D ,0x32 ,0x35 ,0x36 ,0x2D ,0x63 ,0x65 ,0x72 ,0x74 ,0x2D ,0x76 ,0x30 ,0x31 + ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x73 ,0x73 + ,0x68 ,0x2D ,0x72 ,0x73 ,0x61 ,0x2D ,0x63 ,0x65 ,0x72 ,0x74 ,0x2D ,0x76 ,0x30 ,0x31 ,0x40 + ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x73 ,0x73 ,0x68 + ,0x2D ,0x65 ,0x64 ,0x32 ,0x35 ,0x35 ,0x31 ,0x39 ,0x2C ,0x72 ,0x73 ,0x61 ,0x2D ,0x73 ,0x68 + ,0x61 ,0x32 ,0x2D ,0x35 ,0x31 ,0x32 ,0x2C ,0x72 ,0x73 ,0x61 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 + ,0x2D ,0x32 ,0x35 ,0x36 ,0x2C ,0x73 ,0x73 ,0x68 ,0x2D ,0x72 ,0x73 ,0x61 ,0x00 ,0x00 ,0x00 + ,0x6C ,0x63 ,0x68 ,0x61 ,0x63 ,0x68 ,0x61 ,0x32 ,0x30 ,0x2D ,0x70 ,0x6F ,0x6C ,0x79 ,0x31 + ,0x33 ,0x30 ,0x35 ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D + ,0x2C ,0x61 ,0x65 ,0x73 ,0x31 ,0x32 ,0x38 ,0x2D ,0x63 ,0x74 ,0x72 ,0x2C ,0x61 ,0x65 ,0x73 + ,0x31 ,0x39 ,0x32 ,0x2D ,0x63 ,0x74 ,0x72 ,0x2C ,0x61 ,0x65 ,0x73 ,0x32 ,0x35 ,0x36 ,0x2D + ,0x63 ,0x74 ,0x72 ,0x2C ,0x61 ,0x65 ,0x73 ,0x31 ,0x32 ,0x38 ,0x2D ,0x67 ,0x63 ,0x6D ,0x40 + ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x61 ,0x65 ,0x73 + ,0x32 ,0x35 ,0x36 ,0x2D ,0x67 ,0x63 ,0x6D ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 + ,0x2E ,0x63 ,0x6F ,0x6D ,0x00 ,0x00 ,0x00 ,0x6C ,0x63 ,0x68 ,0x61 ,0x63 ,0x68 ,0x61 ,0x32 + ,0x30 ,0x2D ,0x70 ,0x6F ,0x6C ,0x79 ,0x31 ,0x33 ,0x30 ,0x35 ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E + ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x61 ,0x65 ,0x73 ,0x31 ,0x32 ,0x38 ,0x2D + ,0x63 ,0x74 ,0x72 ,0x2C ,0x61 ,0x65 ,0x73 ,0x31 ,0x39 ,0x32 ,0x2D ,0x63 ,0x74 ,0x72 ,0x2C + ,0x61 ,0x65 ,0x73 ,0x32 ,0x35 ,0x36 ,0x2D ,0x63 ,0x74 ,0x72 ,0x2C ,0x61 ,0x65 ,0x73 ,0x31 + ,0x32 ,0x38 ,0x2D ,0x67 ,0x63 ,0x6D ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E + ,0x63 ,0x6F ,0x6D ,0x2C ,0x61 ,0x65 ,0x73 ,0x32 ,0x35 ,0x36 ,0x2D ,0x67 ,0x63 ,0x6D ,0x40 + ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x00 ,0x00 ,0x00 ,0xD5 + ,0x75 ,0x6D ,0x61 ,0x63 ,0x2D ,0x36 ,0x34 ,0x2D ,0x65 ,0x74 ,0x6D ,0x40 ,0x6F ,0x70 ,0x65 + ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x75 ,0x6D ,0x61 ,0x63 ,0x2D ,0x31 + ,0x32 ,0x38 ,0x2D ,0x65 ,0x74 ,0x6D ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E + ,0x63 ,0x6F ,0x6D ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x32 + ,0x35 ,0x36 ,0x2D ,0x65 ,0x74 ,0x6D ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E + ,0x63 ,0x6F ,0x6D ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x35 + ,0x31 ,0x32 ,0x2D ,0x65 ,0x74 ,0x6D ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E + ,0x63 ,0x6F ,0x6D ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 ,0x2D ,0x73 ,0x68 ,0x61 ,0x31 ,0x2D ,0x65 + ,0x74 ,0x6D ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C + ,0x75 ,0x6D ,0x61 ,0x63 ,0x2D ,0x36 ,0x34 ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 + ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x75 ,0x6D ,0x61 ,0x63 ,0x2D ,0x31 ,0x32 ,0x38 ,0x40 ,0x6F + ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 + ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x32 ,0x35 ,0x36 ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 ,0x2D + ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x35 ,0x31 ,0x32 ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 ,0x2D ,0x73 + ,0x68 ,0x61 ,0x31 ,0x00 ,0x00 ,0x00 ,0xD5 ,0x75 ,0x6D ,0x61 ,0x63 ,0x2D ,0x36 ,0x34 ,0x2D + ,0x65 ,0x74 ,0x6D ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D + ,0x2C ,0x75 ,0x6D ,0x61 ,0x63 ,0x2D ,0x31 ,0x32 ,0x38 ,0x2D ,0x65 ,0x74 ,0x6D ,0x40 ,0x6F + ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 + ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x32 ,0x35 ,0x36 ,0x2D ,0x65 ,0x74 ,0x6D ,0x40 ,0x6F + ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 + ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x35 ,0x31 ,0x32 ,0x2D ,0x65 ,0x74 ,0x6D ,0x40 ,0x6F + ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 + ,0x2D ,0x73 ,0x68 ,0x61 ,0x31 ,0x2D ,0x65 ,0x74 ,0x6D ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 + ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x75 ,0x6D ,0x61 ,0x63 ,0x2D ,0x36 ,0x34 ,0x40 + ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x75 ,0x6D ,0x61 + ,0x63 ,0x2D ,0x31 ,0x32 ,0x38 ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 + ,0x6F ,0x6D ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x32 ,0x35 + ,0x36 ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x35 ,0x31 ,0x32 + ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 ,0x2D ,0x73 ,0x68 ,0x61 ,0x31 ,0x00 ,0x00 ,0x00 ,0x1A ,0x6E + ,0x6F ,0x6E ,0x65 ,0x2C ,0x7A ,0x6C ,0x69 ,0x62 ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 + ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x7A ,0x6C ,0x69 ,0x62 ,0x00 ,0x00 ,0x00 ,0x1A ,0x6E + ,0x6F ,0x6E ,0x65 ,0x2C ,0x7A ,0x6C ,0x69 ,0x62 ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 + ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x7A ,0x6C ,0x69 ,0x62 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 + ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00]; + let cookie = [0x18, 0x70, 0xcb, 0xa4, 0xa3, 0xd4, 0xdc, 0x88, 0x6f, 0xfd, 0x76, 0x06, 0xcf, 0x36, 0x1b, 0xc6]; + let key_exchange = SshPacketKeyExchange { + cookie: &cookie, + kex_algs: b"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c", + server_host_key_algs: b"ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa", + encr_algs_client_to_server: b"chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com", + encr_algs_server_to_client: b"chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com", + mac_algs_client_to_server: b"umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1", + mac_algs_server_to_client: b"umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1", + comp_algs_client_to_server: b"none,zlib@openssh.com,zlib", + comp_algs_server_to_client: b"none,zlib@openssh.com,zlib", + langs_client_to_server: b"", + langs_server_to_client: b"", + first_kex_packet_follows: 0, + reserved: 0, + }; + let expected = Ok((b"" as &[u8], key_exchange)); + let res = ssh_parse_key_exchange(&client_key_exchange); + assert_eq!(res, expected); + } + + #[test] + fn test_parse_hassh() { + let client_key_exchange = [0x18 ,0x70 ,0xCB ,0xA4 ,0xA3 ,0xD4 ,0xDC ,0x88 ,0x6F + ,0xFD ,0x76 ,0x06 ,0xCF ,0x36 ,0x1B ,0xC6 ,0x00 ,0x00 ,0x01 ,0x0D ,0x63 ,0x75 ,0x72 ,0x76 + ,0x65 ,0x32 ,0x35 ,0x35 ,0x31 ,0x39 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x35 ,0x36 ,0x2C ,0x63 + ,0x75 ,0x72 ,0x76 ,0x65 ,0x32 ,0x35 ,0x35 ,0x31 ,0x39 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x35 + ,0x36 ,0x40 ,0x6C ,0x69 ,0x62 ,0x73 ,0x73 ,0x68 ,0x2E ,0x6F ,0x72 ,0x67 ,0x2C ,0x65 ,0x63 + ,0x64 ,0x68 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x6E ,0x69 ,0x73 ,0x74 ,0x70 ,0x32 ,0x35 + ,0x36 ,0x2C ,0x65 ,0x63 ,0x64 ,0x68 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x6E ,0x69 ,0x73 + ,0x74 ,0x70 ,0x33 ,0x38 ,0x34 ,0x2C ,0x65 ,0x63 ,0x64 ,0x68 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 + ,0x2D ,0x6E ,0x69 ,0x73 ,0x74 ,0x70 ,0x35 ,0x32 ,0x31 ,0x2C ,0x64 ,0x69 ,0x66 ,0x66 ,0x69 + ,0x65 ,0x2D ,0x68 ,0x65 ,0x6C ,0x6C ,0x6D ,0x61 ,0x6E ,0x2D ,0x67 ,0x72 ,0x6F ,0x75 ,0x70 + ,0x2D ,0x65 ,0x78 ,0x63 ,0x68 ,0x61 ,0x6E ,0x67 ,0x65 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x35 + ,0x36 ,0x2C ,0x64 ,0x69 ,0x66 ,0x66 ,0x69 ,0x65 ,0x2D ,0x68 ,0x65 ,0x6C ,0x6C ,0x6D ,0x61 + ,0x6E ,0x2D ,0x67 ,0x72 ,0x6F ,0x75 ,0x70 ,0x31 ,0x36 ,0x2D ,0x73 ,0x68 ,0x61 ,0x35 ,0x31 + ,0x32 ,0x2C ,0x64 ,0x69 ,0x66 ,0x66 ,0x69 ,0x65 ,0x2D ,0x68 ,0x65 ,0x6C ,0x6C ,0x6D ,0x61 + ,0x6E ,0x2D ,0x67 ,0x72 ,0x6F ,0x75 ,0x70 ,0x31 ,0x38 ,0x2D ,0x73 ,0x68 ,0x61 ,0x35 ,0x31 + ,0x32 ,0x2C ,0x64 ,0x69 ,0x66 ,0x66 ,0x69 ,0x65 ,0x2D ,0x68 ,0x65 ,0x6C ,0x6C ,0x6D ,0x61 + ,0x6E ,0x2D ,0x67 ,0x72 ,0x6F ,0x75 ,0x70 ,0x31 ,0x34 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x35 + ,0x36 ,0x2C ,0x64 ,0x69 ,0x66 ,0x66 ,0x69 ,0x65 ,0x2D ,0x68 ,0x65 ,0x6C ,0x6C ,0x6D ,0x61 + ,0x6E ,0x2D ,0x67 ,0x72 ,0x6F ,0x75 ,0x70 ,0x31 ,0x34 ,0x2D ,0x73 ,0x68 ,0x61 ,0x31 ,0x2C + ,0x65 ,0x78 ,0x74 ,0x2D ,0x69 ,0x6E ,0x66 ,0x6F ,0x2D ,0x63 ,0x00 ,0x00 ,0x01 ,0x66 ,0x65 + ,0x63 ,0x64 ,0x73 ,0x61 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x6E ,0x69 ,0x73 ,0x74 ,0x70 + ,0x32 ,0x35 ,0x36 ,0x2D ,0x63 ,0x65 ,0x72 ,0x74 ,0x2D ,0x76 ,0x30 ,0x31 ,0x40 ,0x6F ,0x70 + ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x65 ,0x63 ,0x64 ,0x73 ,0x61 + ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x6E ,0x69 ,0x73 ,0x74 ,0x70 ,0x33 ,0x38 ,0x34 ,0x2D + ,0x63 ,0x65 ,0x72 ,0x74 ,0x2D ,0x76 ,0x30 ,0x31 ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 + ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x65 ,0x63 ,0x64 ,0x73 ,0x61 ,0x2D ,0x73 ,0x68 ,0x61 + ,0x32 ,0x2D ,0x6E ,0x69 ,0x73 ,0x74 ,0x70 ,0x35 ,0x32 ,0x31 ,0x2D ,0x63 ,0x65 ,0x72 ,0x74 + ,0x2D ,0x76 ,0x30 ,0x31 ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F + ,0x6D ,0x2C ,0x65 ,0x63 ,0x64 ,0x73 ,0x61 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x6E ,0x69 + ,0x73 ,0x74 ,0x70 ,0x32 ,0x35 ,0x36 ,0x2C ,0x65 ,0x63 ,0x64 ,0x73 ,0x61 ,0x2D ,0x73 ,0x68 + ,0x61 ,0x32 ,0x2D ,0x6E ,0x69 ,0x73 ,0x74 ,0x70 ,0x33 ,0x38 ,0x34 ,0x2C ,0x65 ,0x63 ,0x64 + ,0x73 ,0x61 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x6E ,0x69 ,0x73 ,0x74 ,0x70 ,0x35 ,0x32 + ,0x31 ,0x2C ,0x73 ,0x73 ,0x68 ,0x2D ,0x65 ,0x64 ,0x32 ,0x35 ,0x35 ,0x31 ,0x39 ,0x2D ,0x63 + ,0x65 ,0x72 ,0x74 ,0x2D ,0x76 ,0x30 ,0x31 ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 + ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x72 ,0x73 ,0x61 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x35 + ,0x31 ,0x32 ,0x2D ,0x63 ,0x65 ,0x72 ,0x74 ,0x2D ,0x76 ,0x30 ,0x31 ,0x40 ,0x6F ,0x70 ,0x65 + ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x72 ,0x73 ,0x61 ,0x2D ,0x73 ,0x68 + ,0x61 ,0x32 ,0x2D ,0x32 ,0x35 ,0x36 ,0x2D ,0x63 ,0x65 ,0x72 ,0x74 ,0x2D ,0x76 ,0x30 ,0x31 + ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x73 ,0x73 + ,0x68 ,0x2D ,0x72 ,0x73 ,0x61 ,0x2D ,0x63 ,0x65 ,0x72 ,0x74 ,0x2D ,0x76 ,0x30 ,0x31 ,0x40 + ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x73 ,0x73 ,0x68 + ,0x2D ,0x65 ,0x64 ,0x32 ,0x35 ,0x35 ,0x31 ,0x39 ,0x2C ,0x72 ,0x73 ,0x61 ,0x2D ,0x73 ,0x68 + ,0x61 ,0x32 ,0x2D ,0x35 ,0x31 ,0x32 ,0x2C ,0x72 ,0x73 ,0x61 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 + ,0x2D ,0x32 ,0x35 ,0x36 ,0x2C ,0x73 ,0x73 ,0x68 ,0x2D ,0x72 ,0x73 ,0x61 ,0x00 ,0x00 ,0x00 + ,0x6C ,0x63 ,0x68 ,0x61 ,0x63 ,0x68 ,0x61 ,0x32 ,0x30 ,0x2D ,0x70 ,0x6F ,0x6C ,0x79 ,0x31 + ,0x33 ,0x30 ,0x35 ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D + ,0x2C ,0x61 ,0x65 ,0x73 ,0x31 ,0x32 ,0x38 ,0x2D ,0x63 ,0x74 ,0x72 ,0x2C ,0x61 ,0x65 ,0x73 + ,0x31 ,0x39 ,0x32 ,0x2D ,0x63 ,0x74 ,0x72 ,0x2C ,0x61 ,0x65 ,0x73 ,0x32 ,0x35 ,0x36 ,0x2D + ,0x63 ,0x74 ,0x72 ,0x2C ,0x61 ,0x65 ,0x73 ,0x31 ,0x32 ,0x38 ,0x2D ,0x67 ,0x63 ,0x6D ,0x40 + ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x61 ,0x65 ,0x73 + ,0x32 ,0x35 ,0x36 ,0x2D ,0x67 ,0x63 ,0x6D ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 + ,0x2E ,0x63 ,0x6F ,0x6D ,0x00 ,0x00 ,0x00 ,0x6C ,0x63 ,0x68 ,0x61 ,0x63 ,0x68 ,0x61 ,0x32 + ,0x30 ,0x2D ,0x70 ,0x6F ,0x6C ,0x79 ,0x31 ,0x33 ,0x30 ,0x35 ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E + ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x61 ,0x65 ,0x73 ,0x31 ,0x32 ,0x38 ,0x2D + ,0x63 ,0x74 ,0x72 ,0x2C ,0x61 ,0x65 ,0x73 ,0x31 ,0x39 ,0x32 ,0x2D ,0x63 ,0x74 ,0x72 ,0x2C + ,0x61 ,0x65 ,0x73 ,0x32 ,0x35 ,0x36 ,0x2D ,0x63 ,0x74 ,0x72 ,0x2C ,0x61 ,0x65 ,0x73 ,0x31 + ,0x32 ,0x38 ,0x2D ,0x67 ,0x63 ,0x6D ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E + ,0x63 ,0x6F ,0x6D ,0x2C ,0x61 ,0x65 ,0x73 ,0x32 ,0x35 ,0x36 ,0x2D ,0x67 ,0x63 ,0x6D ,0x40 + ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x00 ,0x00 ,0x00 ,0xD5 + ,0x75 ,0x6D ,0x61 ,0x63 ,0x2D ,0x36 ,0x34 ,0x2D ,0x65 ,0x74 ,0x6D ,0x40 ,0x6F ,0x70 ,0x65 + ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x75 ,0x6D ,0x61 ,0x63 ,0x2D ,0x31 + ,0x32 ,0x38 ,0x2D ,0x65 ,0x74 ,0x6D ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E + ,0x63 ,0x6F ,0x6D ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x32 + ,0x35 ,0x36 ,0x2D ,0x65 ,0x74 ,0x6D ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E + ,0x63 ,0x6F ,0x6D ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x35 + ,0x31 ,0x32 ,0x2D ,0x65 ,0x74 ,0x6D ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E + ,0x63 ,0x6F ,0x6D ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 ,0x2D ,0x73 ,0x68 ,0x61 ,0x31 ,0x2D ,0x65 + ,0x74 ,0x6D ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C + ,0x75 ,0x6D ,0x61 ,0x63 ,0x2D ,0x36 ,0x34 ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 + ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x75 ,0x6D ,0x61 ,0x63 ,0x2D ,0x31 ,0x32 ,0x38 ,0x40 ,0x6F + ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 + ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x32 ,0x35 ,0x36 ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 ,0x2D + ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x35 ,0x31 ,0x32 ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 ,0x2D ,0x73 + ,0x68 ,0x61 ,0x31 ,0x00 ,0x00 ,0x00 ,0xD5 ,0x75 ,0x6D ,0x61 ,0x63 ,0x2D ,0x36 ,0x34 ,0x2D + ,0x65 ,0x74 ,0x6D ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D + ,0x2C ,0x75 ,0x6D ,0x61 ,0x63 ,0x2D ,0x31 ,0x32 ,0x38 ,0x2D ,0x65 ,0x74 ,0x6D ,0x40 ,0x6F + ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 + ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x32 ,0x35 ,0x36 ,0x2D ,0x65 ,0x74 ,0x6D ,0x40 ,0x6F + ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 + ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x35 ,0x31 ,0x32 ,0x2D ,0x65 ,0x74 ,0x6D ,0x40 ,0x6F + ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 + ,0x2D ,0x73 ,0x68 ,0x61 ,0x31 ,0x2D ,0x65 ,0x74 ,0x6D ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 + ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x75 ,0x6D ,0x61 ,0x63 ,0x2D ,0x36 ,0x34 ,0x40 + ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x75 ,0x6D ,0x61 + ,0x63 ,0x2D ,0x31 ,0x32 ,0x38 ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 ,0x68 ,0x2E ,0x63 + ,0x6F ,0x6D ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x32 ,0x35 + ,0x36 ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 ,0x2D ,0x73 ,0x68 ,0x61 ,0x32 ,0x2D ,0x35 ,0x31 ,0x32 + ,0x2C ,0x68 ,0x6D ,0x61 ,0x63 ,0x2D ,0x73 ,0x68 ,0x61 ,0x31 ,0x00 ,0x00 ,0x00 ,0x1A ,0x6E + ,0x6F ,0x6E ,0x65 ,0x2C ,0x7A ,0x6C ,0x69 ,0x62 ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 + ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x7A ,0x6C ,0x69 ,0x62 ,0x00 ,0x00 ,0x00 ,0x1A ,0x6E + ,0x6F ,0x6E ,0x65 ,0x2C ,0x7A ,0x6C ,0x69 ,0x62 ,0x40 ,0x6F ,0x70 ,0x65 ,0x6E ,0x73 ,0x73 + ,0x68 ,0x2E ,0x63 ,0x6F ,0x6D ,0x2C ,0x7A ,0x6C ,0x69 ,0x62 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 + ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00]; + let mut hassh_string: Vec = vec!(); + let mut hassh: Vec = vec!(); + match ssh_parse_key_exchange(&client_key_exchange){ + Ok((_, key_exchange)) => { + key_exchange.generate_hassh(&mut hassh_string, &mut hassh, &true); + } + Err(_) => { } + } + + assert_eq!(hassh_string, "curve25519-sha256,curve25519-sha256@libssh.org,\ + ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,\ + diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,\ + diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-ctr,\ + aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com;umac-64-etm@openssh.com,\ + umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,\ + hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,\ + hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib".as_bytes().to_vec()); + + assert_eq!(hassh, "ec7378c1a92f5a8dde7e8b7a1ddf33d1".as_bytes().to_vec()); + } + + #[test] + fn test_parse_hassh_server() { + let server_key_exchange = [0x7d, 0x76, 0x4f, 0x78, 0x81, 0x9e, 0x10, 0xfa, 0x23, 0x72, + 0xb5, 0x15, 0x56, 0xba, 0xf9, 0x46, 0x00, 0x00, 0x01, 0x02, 0x63, 0x75, 0x72, 0x76, 0x65, 0x32, + 0x35, 0x35, 0x31, 0x39, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x2c, 0x63, 0x75, 0x72, 0x76, + 0x65, 0x32, 0x35, 0x35, 0x31, 0x39, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x40, 0x6c, 0x69, + 0x62, 0x73, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x67, 0x2c, 0x65, 0x63, 0x64, 0x68, 0x2d, 0x73, 0x68, + 0x61, 0x32, 0x2d, 0x6e, 0x69, 0x73, 0x74, 0x70, 0x32, 0x35, 0x36, 0x2c, 0x65, 0x63, 0x64, 0x68, + 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x6e, 0x69, 0x73, 0x74, 0x70, 0x33, 0x38, 0x34, 0x2c, 0x65, + 0x63, 0x64, 0x68, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x6e, 0x69, 0x73, 0x74, 0x70, 0x35, 0x32, + 0x31, 0x2c, 0x64, 0x69, 0x66, 0x66, 0x69, 0x65, 0x2d, 0x68, 0x65, 0x6c, 0x6c, 0x6d, 0x61, 0x6e, + 0x2d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x2d, 0x65, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x2d, + 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x2c, 0x64, 0x69, 0x66, 0x66, 0x69, 0x65, 0x2d, 0x68, 0x65, + 0x6c, 0x6c, 0x6d, 0x61, 0x6e, 0x2d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x31, 0x36, 0x2d, 0x73, 0x68, + 0x61, 0x35, 0x31, 0x32, 0x2c, 0x64, 0x69, 0x66, 0x66, 0x69, 0x65, 0x2d, 0x68, 0x65, 0x6c, 0x6c, + 0x6d, 0x61, 0x6e, 0x2d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x31, 0x38, 0x2d, 0x73, 0x68, 0x61, 0x35, + 0x31, 0x32, 0x2c, 0x64, 0x69, 0x66, 0x66, 0x69, 0x65, 0x2d, 0x68, 0x65, 0x6c, 0x6c, 0x6d, 0x61, + 0x6e, 0x2d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x31, 0x34, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, + 0x2c, 0x64, 0x69, 0x66, 0x66, 0x69, 0x65, 0x2d, 0x68, 0x65, 0x6c, 0x6c, 0x6d, 0x61, 0x6e, 0x2d, + 0x67, 0x72, 0x6f, 0x75, 0x70, 0x31, 0x34, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x00, 0x00, 0x00, 0x41, + 0x73, 0x73, 0x68, 0x2d, 0x72, 0x73, 0x61, 0x2c, 0x72, 0x73, 0x61, 0x2d, 0x73, 0x68, 0x61, 0x32, + 0x2d, 0x35, 0x31, 0x32, 0x2c, 0x72, 0x73, 0x61, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x32, 0x35, + 0x36, 0x2c, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x6e, 0x69, 0x73, + 0x74, 0x70, 0x32, 0x35, 0x36, 0x2c, 0x73, 0x73, 0x68, 0x2d, 0x65, 0x64, 0x32, 0x35, 0x35, 0x31, + 0x39, 0x00, 0x00, 0x00, 0x6c, 0x63, 0x68, 0x61, 0x63, 0x68, 0x61, 0x32, 0x30, 0x2d, 0x70, 0x6f, + 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, + 0x6f, 0x6d, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x32, 0x38, 0x2d, 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, + 0x73, 0x31, 0x39, 0x32, 0x2d, 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x32, 0x35, 0x36, 0x2d, + 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x32, 0x38, 0x2d, 0x67, 0x63, 0x6d, 0x40, 0x6f, + 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x61, 0x65, 0x73, 0x32, 0x35, + 0x36, 0x2d, 0x67, 0x63, 0x6d, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, + 0x6d, 0x00, 0x00, 0x00, 0x6c, 0x63, 0x68, 0x61, 0x63, 0x68, 0x61, 0x32, 0x30, 0x2d, 0x70, 0x6f, + 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, + 0x6f, 0x6d, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x32, 0x38, 0x2d, 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, + 0x73, 0x31, 0x39, 0x32, 0x2d, 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x32, 0x35, 0x36, 0x2d, + 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x32, 0x38, 0x2d, 0x67, 0x63, 0x6d, 0x40, 0x6f, + 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x61, 0x65, 0x73, 0x32, 0x35, + 0x36, 0x2d, 0x67, 0x63, 0x6d, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, + 0x6d, 0x00, 0x00, 0x00, 0xd5, 0x75, 0x6d, 0x61, 0x63, 0x2d, 0x36, 0x34, 0x2d, 0x65, 0x74, 0x6d, + 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x75, 0x6d, 0x61, + 0x63, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x65, 0x74, 0x6d, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, + 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, + 0x32, 0x35, 0x36, 0x2d, 0x65, 0x74, 0x6d, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, + 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x35, 0x31, + 0x32, 0x2d, 0x65, 0x74, 0x6d, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, + 0x6d, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x2d, 0x65, 0x74, 0x6d, 0x40, + 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x75, 0x6d, 0x61, 0x63, + 0x2d, 0x36, 0x34, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, + 0x75, 0x6d, 0x61, 0x63, 0x2d, 0x31, 0x32, 0x38, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, + 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x32, + 0x35, 0x36, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x35, 0x31, 0x32, + 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x00, 0x00, 0x00, 0xd5, 0x75, 0x6d, + 0x61, 0x63, 0x2d, 0x36, 0x34, 0x2d, 0x65, 0x74, 0x6d, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, + 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x75, 0x6d, 0x61, 0x63, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x65, + 0x74, 0x6d, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, + 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x32, 0x35, 0x36, 0x2d, 0x65, 0x74, 0x6d, + 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, 0x61, + 0x63, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x35, 0x31, 0x32, 0x2d, 0x65, 0x74, 0x6d, 0x40, 0x6f, + 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, + 0x73, 0x68, 0x61, 0x31, 0x2d, 0x65, 0x74, 0x6d, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, + 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x75, 0x6d, 0x61, 0x63, 0x2d, 0x36, 0x34, 0x40, 0x6f, 0x70, 0x65, + 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x75, 0x6d, 0x61, 0x63, 0x2d, 0x31, 0x32, + 0x38, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, + 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x32, 0x35, 0x36, 0x2c, 0x68, 0x6d, 0x61, 0x63, + 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x35, 0x31, 0x32, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, + 0x68, 0x61, 0x31, 0x00, 0x00, 0x00, 0x15, 0x6e, 0x6f, 0x6e, 0x65, 0x2c, 0x7a, 0x6c, 0x69, 0x62, + 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x00, 0x15, + 0x6e, 0x6f, 0x6e, 0x65, 0x2c, 0x7a, 0x6c, 0x69, 0x62, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, + 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; + let mut hassh_server_string: Vec = vec!(); + let mut hassh_server: Vec = vec!(); + match ssh_parse_key_exchange(&server_key_exchange){ + Ok((_, key_exchange)) => { + key_exchange.generate_hassh(&mut hassh_server_string, &mut hassh_server, &true); + } + Err(_) => { } + } + assert_eq!(hassh_server, "b12d2871a1189eff20364cf5333619ee".as_bytes().to_vec()); + } + + #[test] + fn test_parse_hassh_server_malicious() { + let server_key_exchange = [0x7d, 0x76, 0x4f, 0x78, 0x81, 0x9e, 0x10, 0xfa, 0x23, 0x72, + 0xb5, 0x15, 0x56, 0xba, 0xf9, 0x46, 0x00, 0x00, 0x01, 0x02, 0x75, 0x72, 0x76, 0x65, 0x32, + 0x35, 0x35, 0x31, 0x39, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x2c, 0x63, 0x75, 0x72, 0x76, + 0x65, 0x32, 0x35, 0x35, 0x31, 0x39, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x40, 0x6c, 0x69, + 0x62, 0x73, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x67, 0x2c, 0x65, 0x63, 0x64, 0x68, 0x2d, 0x73, 0x68, + 0x61, 0x32, 0x2d, 0x6e, 0x69, 0x73, 0x74, 0x70, 0x32, 0x35, 0x36, 0x2c, 0x65, 0x63, 0x64, 0x68, + 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x6e, 0x69, 0x73, 0x74, 0x70, 0x33, 0x38, 0x34, 0x2c, 0x65, + 0x63, 0x64, 0x68, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x6e, 0x69, 0x73, 0x74, 0x70, 0x35, 0x32, + 0x31, 0x2c, 0x64, 0x69, 0x66, 0x66, 0x69, 0x65, 0x2d, 0x68, 0x65, 0x6c, 0x6c, 0x6d, 0x61, 0x6e, + 0x2d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x2d, 0x65, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x2d, + 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x2c, 0x64, 0x69, 0x66, 0x66, 0x69, 0x65, 0x2d, 0x68, 0x65, + 0x6c, 0x6c, 0x6d, 0x61, 0x6e, 0x2d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x31, 0x36, 0x2d, 0x73, 0x68, + 0x61, 0x35, 0x31, 0x32, 0x2c, 0x64, 0x69, 0x66, 0x66, 0x69, 0x65, 0x2d, 0x68, 0x65, 0x6c, 0x6c, + 0x6d, 0x61, 0x6e, 0x2d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x31, 0x38, 0x2d, 0x73, 0x68, 0x61, 0x35, + 0x31, 0x32, 0x2c, 0x64, 0x69, 0x66, 0x66, 0x69, 0x65, 0x2d, 0x68, 0x65, 0x6c, 0x6c, 0x6d, 0x61, + 0x6e, 0x2d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x31, 0x34, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, + 0x2c, 0x64, 0x69, 0x66, 0x66, 0x69, 0x65, 0x2d, 0x68, 0x65, 0x6c, 0x6c, 0x6d, 0x61, 0x6e, 0x2d, + 0x67, 0x72, 0x6f, 0x75, 0x70, 0x31, 0x34, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x00, 0x00, 0x00, 0x41, + 0x73, 0x73, 0x68, 0x2d, 0x72, 0x73, 0x61, 0x2c, 0x72, 0x73, 0x61, 0x2d, 0x73, 0x68, 0x61, 0x32, + 0x2d, 0x35, 0x31, 0x32, 0x2c, 0x72, 0x73, 0x61, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x32, 0x35, + 0x36, 0x2c, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x6e, 0x69, 0x73, + 0x74, 0x70, 0x32, 0x35, 0x36, 0x2c, 0x73, 0x73, 0x68, 0x2d, 0x65, 0x64, 0x32, 0x35, 0x35, 0x31, + 0x39, 0x00, 0x00, 0x00, 0x6c, 0x63, 0x68, 0x61, 0x63, 0x68, 0x61, 0x32, 0x30, 0x2d, 0x70, 0x6f, + 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, + 0x6f, 0x6d, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x32, 0x38, 0x2d, 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, + 0x73, 0x31, 0x39, 0x32, 0x2d, 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x32, 0x35, 0x36, 0x2d, + 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x32, 0x38, 0x2d, 0x67, 0x63, 0x6d, 0x40, 0x6f, + 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x61, 0x65, 0x73, 0x32, 0x35, + 0x36, 0x2d, 0x67, 0x63, 0x6d, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, + 0x6d, 0x00, 0x00, 0x00, 0x6c, 0x63, 0x68, 0x61, 0x63, 0x68, 0x61, 0x32, 0x30, 0x2d, 0x70, 0x6f, + 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, + 0x6f, 0x6d, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x32, 0x38, 0x2d, 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, + 0x73, 0x31, 0x39, 0x32, 0x2d, 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x32, 0x35, 0x36, 0x2d, + 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x32, 0x38, 0x2d, 0x67, 0x63, 0x6d, 0x40, 0x6f, + 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x61, 0x65, 0x73, 0x32, 0x35, + 0x36, 0x2d, 0x67, 0x63, 0x6d, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, + 0x6d, 0x00, 0x00, 0x00, 0xd5, 0x75, 0x6d, 0x61, 0x63, 0x2d, 0x36, 0x34, 0x2d, 0x65, 0x74, 0x6d, + 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x75, 0x6d, 0x61, + 0x63, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x65, 0x74, 0x6d, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, + 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, + 0x32, 0x35, 0x36, 0x2d, 0x65, 0x74, 0x6d, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, + 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x35, 0x31, + 0x32, 0x2d, 0x65, 0x74, 0x6d, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, + 0x6d, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x2d, 0x65, 0x74, 0x6d, 0x40, + 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x75, 0x6d, 0x61, 0x63, + 0x2d, 0x36, 0x34, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, + 0x75, 0x6d, 0x61, 0x63, 0x2d, 0x31, 0x32, 0x38, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, + 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x32, + 0x35, 0x36, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x35, 0x31, 0x32, + 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x00, 0x00, 0x00, 0xd5, 0x75, 0x6d, + 0x61, 0x63, 0x2d, 0x36, 0x34, 0x2d, 0x65, 0x74, 0x6d, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, + 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x75, 0x6d, 0x61, 0x63, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x65, + 0x74, 0x6d, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, + 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x32, 0x35, 0x36, 0x2d, 0x65, 0x74, 0x6d, + 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, 0x61, + 0x63, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x35, 0x31, 0x32, 0x2d, 0x65, 0x74, 0x6d, 0x40, 0x6f, + 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, + 0x73, 0x68, 0x61, 0x31, 0x2d, 0x65, 0x74, 0x6d, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, + 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x75, 0x6d, 0x61, 0x63, 0x2d, 0x36, 0x34, 0x40, 0x6f, 0x70, 0x65, + 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x75, 0x6d, 0x61, 0x63, 0x2d, 0x31, 0x32, + 0x38, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, + 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x32, 0x35, 0x36, 0x2c, 0x68, 0x6d, 0x61, 0x63, + 0x2d, 0x73, 0x68, 0x61, 0x32, 0x2d, 0x35, 0x31, 0x32, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, + 0x68, 0x61, 0x31, 0x00, 0x00, 0x00, 0x15, 0x6e, 0x6f, 0x6e, 0x65, 0x2c, 0x7a, 0x6c, 0x69, 0x62, + 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x00, 0x15, + 0x6e, 0x6f, 0x6e, 0x65, 0x2c, 0x7a, 0x6c, 0x69, 0x62, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, + 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; + + if let Err(e) = ssh_parse_key_exchange(&server_key_exchange) { + assert_eq!(e, nom::Err::Incomplete(nom::Needed::Size(16755))); + } + else { + panic!("ssh_parse_key_exchange() parsed malicious key_exchange"); + } +} } diff --git a/rust/src/ssh/ssh.rs b/rust/src/ssh/ssh.rs index f12cb99f34..7f28fe750d 100644 --- a/rust/src/ssh/ssh.rs +++ b/rust/src/ssh/ssh.rs @@ -22,14 +22,21 @@ use crate::core::{self, AppProto, Flow, ALPROTO_UNKNOWN, IPPROTO_TCP}; use crate::log::*; use std::ffi::{CStr, CString}; use std::mem::transmute; +use std::sync::atomic::{AtomicBool, Ordering}; static mut ALPROTO_SSH: AppProto = ALPROTO_UNKNOWN; +static HASSH_ENABLED: AtomicBool = AtomicBool::new(false); + +fn hassh_is_enabled() -> bool { + HASSH_ENABLED.load(Ordering::Relaxed) +} #[repr(u32)] pub enum SSHEvent { InvalidBanner = 0, LongBanner, InvalidRecord, + LongKexRecord, } impl SSHEvent { @@ -38,6 +45,7 @@ impl SSHEvent { 0 => Some(SSHEvent::InvalidBanner), 1 => Some(SSHEvent::LongBanner), 2 => Some(SSHEvent::InvalidRecord), + 3 => Some(SSHEvent::LongKexRecord), _ => None, } } @@ -54,23 +62,33 @@ pub enum SSHConnectionState { const SSH_MAX_BANNER_LEN: usize = 256; const SSH_RECORD_HEADER_LEN: usize = 6; -//TODO complete enum and parse messages contents -const SSH_MSG_NEWKEYS: u8 = 21; +const SSH_RECORD_PADDING_LEN: usize = 4; +const SSH_MAX_REASSEMBLED_RECORD_LEN: usize = 65535; pub struct SshHeader { record_left: u32, + record_left_msg: parser::MessageCode, + flags: SSHConnectionState, pub protover: Vec, pub swver: Vec, + + pub hassh: Vec, + pub hassh_string: Vec, } impl SshHeader { pub fn new() -> SshHeader { SshHeader { record_left: 0, + record_left_msg: parser::MessageCode::SshMsgUndefined(0), + flags: SSHConnectionState::SshStateInProgress, protover: Vec::new(), swver: Vec::new(), + + hassh: Vec::new(), + hassh_string: Vec::new(), } } } @@ -146,8 +164,20 @@ impl SSHState { hdr.record_left -= ilen; return AppLayerResult::ok(); } else { - let start = hdr.record_left as usize; - input = &input[start..]; + match hdr.record_left_msg { + // parse reassembled tcp segments + parser::MessageCode::SshMsgKexinit if hassh_is_enabled() => { + if let Ok((rem, key_exchange)) = parser::ssh_parse_key_exchange(&input) { + key_exchange.generate_hassh(&mut hdr.hassh_string, &mut hdr.hassh, &resp); + input = &rem[SSH_RECORD_PADDING_LEN..]; + } + hdr.record_left_msg = parser::MessageCode::SshMsgUndefined(0); + } + _ => { + let start = hdr.record_left as usize; + input = &input[start..]; + } + } hdr.record_left = 0; } } @@ -156,20 +186,29 @@ impl SSHState { match parser::ssh_parse_record(input) { Ok((rem, head)) => { SCLogDebug!("SSH valid record {}", head); - input = rem; - if head.msg_code == SSH_MSG_NEWKEYS { - hdr.flags = SSHConnectionState::SshStateFinished; - if ohdr.flags >= SSHConnectionState::SshStateFinished { - unsafe { - AppLayerParserStateSetFlag( - pstate, - APP_LAYER_PARSER_NO_INSPECTION + match head.msg_code { + parser::MessageCode::SshMsgKexinit if hassh_is_enabled() => { + if let Ok((_, key_exchange)) = parser::ssh_parse_key_exchange(&input[SSH_RECORD_HEADER_LEN..]) { + key_exchange.generate_hassh(&mut hdr.hassh_string, &mut hdr.hassh, &resp); + } + } + parser::MessageCode::SshMsgNewKeys => { + hdr.flags = SSHConnectionState::SshStateFinished; + if ohdr.flags >= SSHConnectionState::SshStateFinished { + unsafe { + AppLayerParserStateSetFlag( + pstate, + APP_LAYER_PARSER_NO_INSPECTION | APP_LAYER_PARSER_NO_REASSEMBLY | APP_LAYER_PARSER_BYPASS_READY, - ); + ); + } } } + _ => {} } + + input = rem; //header and complete data (not returned) } Err(nom::Err::Incomplete(_)) => { @@ -179,8 +218,26 @@ impl SSHState { let remlen = rem.len() as u32; hdr.record_left = head.pkt_len - 2 - remlen; //header with rem as incomplete data - if head.msg_code == SSH_MSG_NEWKEYS { - hdr.flags = SSHConnectionState::SshStateFinished; + match head.msg_code { + parser::MessageCode::SshMsgNewKeys => { + hdr.flags = SSHConnectionState::SshStateFinished; + } + parser::MessageCode::SshMsgKexinit if hassh_is_enabled() => { + // check if buffer is bigger than maximum reassembled packet size + if hdr.record_left < SSH_MAX_REASSEMBLED_RECORD_LEN as u32 { + // saving type of incomplete kex message + hdr.record_left_msg = parser::MessageCode::SshMsgKexinit; + return AppLayerResult::incomplete( + SSH_RECORD_HEADER_LEN as u32, + hdr.record_left as u32 + ); + } + else { + SCLogDebug!("SSH buffer is bigger than maximum reassembled packet size"); + self.set_event(SSHEvent::LongKexRecord); + } + } + _ => {} } return AppLayerResult::ok(); } @@ -333,6 +390,7 @@ pub extern "C" fn rs_ssh_state_get_event_info( "invalid_banner" => SSHEvent::InvalidBanner as i32, "long_banner" => SSHEvent::LongBanner as i32, "invalid_record" => SSHEvent::InvalidRecord as i32, + "long_kex_record" => SSHEvent::LongKexRecord as i32, _ => -1, // unknown event } } @@ -355,6 +413,7 @@ pub extern "C" fn rs_ssh_state_get_event_info_by_id( SSHEvent::InvalidBanner => "invalid_banner\0", SSHEvent::LongBanner => "long_banner\0", SSHEvent::InvalidRecord => "invalid_record\0", + SSHEvent::LongKexRecord => "long_kex_record\0", }; unsafe { *event_name = estr.as_ptr() as *const std::os::raw::c_char; @@ -537,3 +596,13 @@ pub unsafe extern "C" fn rs_ssh_register_parser() { SCLogNotice!("Protocol detector and parser disabled for SSH."); } } + +#[no_mangle] +pub extern "C" fn rs_ssh_enable_hassh() { + HASSH_ENABLED.store(true, Ordering::Relaxed) +} + +#[no_mangle] +pub extern "C" fn rs_ssh_hassh_is_enabled() -> bool { + hassh_is_enabled() +} diff --git a/src/app-layer-ssh.c b/src/app-layer-ssh.c index 44b4004870..01ce4fd089 100644 --- a/src/app-layer-ssh.c +++ b/src/app-layer-ssh.c @@ -53,6 +53,8 @@ #include "util-byte.h" #include "util-memcmp.h" +/* HASSH fingerprints are disabled by default */ +#define SSH_CONFIG_DEFAULT_HASSH FALSE static int SSHRegisterPatternsForProtocolDetection(void) { @@ -79,6 +81,23 @@ void RegisterSSHParsers(void) AppLayerProtoDetectRegisterProtocol(ALPROTO_SSH, proto_name); if (SSHRegisterPatternsForProtocolDetection() < 0) return; + + /* Check if we should generate Hassh fingerprints */ + int enable_hassh = SSH_CONFIG_DEFAULT_HASSH; + const char *strval = NULL; + if (ConfGetValue("app-layer.protocols.ssh.hassh", &strval) != 1) { + enable_hassh = SSH_CONFIG_DEFAULT_HASSH; + } else if (strcmp(strval, "auto") == 0) { + enable_hassh = SSH_CONFIG_DEFAULT_HASSH; + } else if (ConfValIsFalse(strval)) { + enable_hassh = SSH_CONFIG_DEFAULT_HASSH; + } else if (ConfValIsTrue(strval)) { + enable_hassh = true; + } + + if (RunmodeIsUnittests() || enable_hassh) { + rs_ssh_enable_hassh(); + } } SCLogDebug("Registering Rust SSH parser.");