Add comprehensive SSH key derivation logging
Enhanced crypto.rs to log all key derivation values: - exchange_hash, shared_secret_mpint - All derived keys (encryption, IV, MAC keys) - Helps diagnose 'Corrupted MAC' issue Packet analysis completed: - Captured full SSH handshake (4.6KB pcap) - All keys logged for comparison - OpenSSH client still rejects MAC Next step: Compare with OpenSSH server or use test vectors
This commit is contained in:
Warren
@@ -75,8 +75,10 @@ impl SessionKeys {
|
|||||||
let session_id = exchange_hash.to_vec();
|
let session_id = exchange_hash.to_vec();
|
||||||
|
|
||||||
info!("SessionKeys::derive() starting");
|
info!("SessionKeys::derive() starting");
|
||||||
info!(" shared_secret ({} bytes): {:?}", shared_secret.len(), &shared_secret[..8]);
|
info!(" shared_secret ({} bytes): {:?}", shared_secret.len(), &shared_secret[..std::cmp::min(8, shared_secret.len())]);
|
||||||
info!(" shared_secret[0] = {} (>=0x80? {})", shared_secret[0], shared_secret[0] >= 0x80);
|
info!(" shared_secret[0] = {} (>=0x80? {})", shared_secret[0], shared_secret[0] >= 0x80);
|
||||||
|
info!(" exchange_hash (H, {} bytes): {:?}", exchange_hash.len(), &exchange_hash[..8]);
|
||||||
|
info!(" session_id ({} bytes): {:?}", session_id.len(), &session_id[..8]);
|
||||||
|
|
||||||
// RFC 4253密钥派生公式:HASH(K || H || X || session_id)
|
// RFC 4253密钥派生公式:HASH(K || H || X || session_id)
|
||||||
// 其中K是shared_secret(需要mpint格式)
|
// 其中K是shared_secret(需要mpint格式)
|
||||||
@@ -92,6 +94,14 @@ impl SessionKeys {
|
|||||||
let iv_ctos = Self::derive_key_rfc4253(&shared_secret_mpint, exchange_hash, 'A', &session_id)?;
|
let iv_ctos = Self::derive_key_rfc4253(&shared_secret_mpint, exchange_hash, 'A', &session_id)?;
|
||||||
let iv_stoc = Self::derive_key_rfc4253(&shared_secret_mpint, exchange_hash, 'B', &session_id)?;
|
let iv_stoc = Self::derive_key_rfc4253(&shared_secret_mpint, exchange_hash, 'B', &session_id)?;
|
||||||
|
|
||||||
|
info!("Derived keys summary:");
|
||||||
|
info!(" encryption_key_ctos ({} bytes): {:?}", encryption_key_ctos.len(), &encryption_key_ctos[..std::cmp::min(16, encryption_key_ctos.len())]);
|
||||||
|
info!(" encryption_key_stoc ({} bytes): {:?}", encryption_key_stoc.len(), &encryption_key_stoc[..std::cmp::min(16, encryption_key_stoc.len())]);
|
||||||
|
info!(" iv_ctos ({} bytes): {:?}", iv_ctos.len(), &iv_ctos[..std::cmp::min(16, iv_ctos.len())]);
|
||||||
|
info!(" iv_stoc ({} bytes): {:?}", iv_stoc.len(), &iv_stoc[..std::cmp::min(16, iv_stoc.len())]);
|
||||||
|
info!(" mac_key_ctos ({} bytes): {:?}", mac_key_ctos.len(), &mac_key_ctos[..std::cmp::min(16, mac_key_ctos.len())]);
|
||||||
|
info!(" mac_key_stoc ({} bytes): {:?}", mac_key_stoc.len(), &mac_key_stoc[..std::cmp::min(16, mac_key_stoc.len())]);
|
||||||
|
|
||||||
Ok(Self {
|
Ok(Self {
|
||||||
session_id,
|
session_id,
|
||||||
encryption_key_ctos,
|
encryption_key_ctos,
|
||||||
|
|||||||
Reference in New Issue
Block a user