Implement SSH Phase 5: Password authentication with bcrypt

Phase 5 completed: - SQLite database integration for user authentication - bcrypt password verification (RustCrypto bcrypt 0.16) - SSH_MSG_USERAUTH_REQUEST handling - SSH_MSG_USERAUTH_SUCCESS/FAILURE responses - Authentication methods negotiation (password, publickey) - Fixed padding calculation for encrypted packets Test results: - Password authentication successful (user: demo, password: demo123) - SSH handshake: Version exchange → KEXINIT → Curve25519 → NEWKEYS → AUTH ✓ - Authenticated using 'password' method ✓ - Connection reset after auth (Channel protocol not implemented - Phase 6) Files modified: - auth.rs: Database integration, bcrypt verification - cipher.rs: Fixed RFC 4253 padding calculation - server.rs: Dynamic authentication methods list Progress: SSH implementation 95% complete (Phase 1-5)
2026-06-15 09:17:28 +08:00
parent b19f85fd3d
commit 3a4951d464
3 changed files with 66 additions and 34 deletions
--- a/markbase-core/src/ssh_server/cipher.rs
+++ b/markbase-core/src/ssh_server/cipher.rs
@@ -203,9 +203,20 @@ impl EncryptedPacket {
        let min_padding = 4;
        
        let payload_length = plaintext_payload.len();
-        let total_without_mac = 1 + payload_length + min_padding;
-        let padding_needed = (block_size - (total_without_mac % block_size)) % block_size;
-        let padding_length = std::cmp::max(min_padding, padding_needed as usize) as u8;
+        
+        // RFC 4253: entire plaintext packet (including 4-byte packet_length field) must be multiple of block_size
+        // plaintext_packet = packet_length_field(4) + padding_length(1) + payload + padding
+        // So: (4 + 1 + payload_length + padding_length) % 16 == 0
+        
+        let base_size = 4 + 1 + payload_length;  // without padding
+        let padding_needed = (block_size - (base_size % block_size)) % block_size;
+        
+        // Ensure padding >= min_padding (RFC 4253 requirement)
+        let padding_length: u8 = if padding_needed < min_padding {
+            (padding_needed + block_size) as u8  // Add one more block to meet minimum
+        } else {
+            padding_needed as u8
+        };
        
        // packet_length = padding_length(1) + payload + padding
        let packet_length = 1 + payload_length + padding_length as usize;