Hi Andreas, Thanks for your suggestion. While it would definitely serve a part of my purpose, I was also working on enhancing Wireshark so that we could decrypt SSH packets when a decryption key, decrypt IV, cipher name etc is fed to Wireshark. I understand how different cryptographic algorithms modify decrypt IV is probably outside the purview of libssh, so any link to resources where I can find more information about it would be very helpful.
My query can be summarized to: given the initial decrypt IV, decryt key, cipher name, etc, is there a way to find out what the decrypt IV will be when trying to decode the nth packet? Since, out of all the information that will be fed to Wireshark, the decrypt IV is the only piece of information that changes with each packet Rx (at least that is what I found for AES 256- CTR mode). Thanks, Dibyendu -----Original Message----- From: Andreas Schneider [mailto:a...@cryptomilk.org] Sent: Friday, February 2, 2018 12:57 PM To: email@example.com Subject: Re: Using libssh to decrypt packets offline On Friday, 2 February 2018 08:19:44 CET dibyendu.chakrabo...@keysight.com wrote: > Hi, > > I am trying to decode SSH encrypted packets in Wireshark using libssh > (eventually). For this, I have written a sample program following the > tutorials to connect to my localhost, authenticate myself, and run > commands. I have captured these packet exchanges using tcpdump. I went > through the code and found that I require several pieces of runtime > information (which the libssh library can generate with some tweaking) > - the cipher name, decrypt key, decrypt IV, if compression was used > etc. Out of all these, I found that decrypt IV kept on changing with each > packet Rx. > On my system (Ubuntu 14.04.2 LTS), I found AES 256 (CTR) was used to > encrypt/decrypt the packets. > > My question is: If I modify libssh library to store decrypt key, > decrypt IV, chipher name etc in a file when they are first generated > (modify > generate_session_keys) and later use them to decrypt packets offline > (by invoking ssh_packet_socket_callback with a dummy session having > decrypt key, decrypt IV etc previously generated), is there a way to > calculate the value of decrypt IV before decrypting the nth packet? > > Consider the following scenario: > Libssh generated the keys, and I wrote them in a file. Then some data > exchange happened. During this time, the decrypt IV has changed. Now I > run tcpdump for some time and capture the subsequent packets. Now I > want to decrypt these packets offline using the information that I had > stored in the file. Out of all these, the initial decrypt IV that was > generated is no longer valid. Is there a way to calculate the correct > decrypt IV from the initial decrypt IV so that the packets captured by > tcpdump could be decrypted properly. I'm guessing the algorithm to > calculate the final decrypt IV from the initial decrypt IV will vary > from one cipher to the next. Could you please provide some links about > the algorithms that each cipher employ (that libssh supports)? Or you just turn on pcap support in libssh ... https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.libssh.org%2Fprojects%2Flibssh.git%2Ftree%2Finclude%2Flibssh%2Fpcap.h&data=02%7C01%7C%7Ccbf0828c83194a37811a08d56a0e51a6%7Caecf336c753a47ca95a6f47ac27a1a6f%7C1%7C1%7C636531532106894589&sdata=prhDfL%2FBk5PrkEFjTrv3gs99HlWGmaWjDtraxVDyipQ%3D&reserved=0 Andreas