diff --git a/markbase-core/src/ssh_server/cipher.rs b/markbase-core/src/ssh_server/cipher.rs index ecbec1a..df43d7a 100644 --- a/markbase-core/src/ssh_server/cipher.rs +++ b/markbase-core/src/ssh_server/cipher.rs @@ -25,6 +25,19 @@ pub struct EncryptionContext { pub sequence_number_stoc: u32, // 服务器→客户端序列号 } +impl Default for EncryptionContext { + fn default() -> Self { + Self { + encryption_key_ctos: vec![0u8; 32], + encryption_key_stoc: vec![0u8; 32], + mac_key_ctos: vec![0u8; 32], + mac_key_stoc: vec![0u8; 32], + sequence_number_ctos: 0, + sequence_number_stoc: 0, + } + } +} + impl EncryptionContext { /// 创建加密上下文(从SessionKeys) pub fn from_session_keys(keys: &SessionKeys) -> Self { diff --git a/markbase-core/src/ssh_server/server.rs b/markbase-core/src/ssh_server/server.rs index f634b8e..c96b1b5 100644 --- a/markbase-core/src/ssh_server/server.rs +++ b/markbase-core/src/ssh_server/server.rs @@ -3,10 +3,11 @@ use crate::ssh_server::version::VersionExchange; use crate::ssh_server::packet::{SshPacket, PacketType}; -use crate::ssh_server::kex::{KexProposal, KexResult}; +use crate::ssh_server::kex::{KexResult, KexProposal}; use crate::ssh_server::kex_complete::{KexState}; use crate::ssh_server::auth::{AuthHandler, AuthResult}; use crate::ssh_server::channel::{ChannelManager}; +use crate::ssh_server::cipher::{EncryptionContext, EncryptedPacket}; use anyhow::Result; use log::{info, warn, error, debug}; use std::net::{TcpListener, TcpStream}; @@ -85,6 +86,8 @@ fn handle_connection_complete(stream: TcpStream) -> Result<()> { perform_complete_kex_exchange(&mut stream, client_version.clone(), kex_result, server_kexinit, client_kexinit)?; info!("Key exchange completed, encryption channel ready"); + let encryption_ctx = EncryptionContext::default(); + // Phase 5: SSH认证(参考OpenSSH auth2.c) let mut auth_handler = AuthHandler::new()?; let auth_user = perform_ssh_auth(&mut stream, &mut auth_handler)?; @@ -130,24 +133,20 @@ fn perform_complete_kex_exchange( kex_result: KexResult, server_kexinit: SshPacket, client_kexinit: SshPacket, -) -> Result<()> { +) -> Result { info!("Starting complete key exchange flow"); - // 1. 创建密钥交换状态 let mut kex_state = KexState::new( client_version, "SSH-2.0-MarkBaseSSH_1.0".to_string(), kex_result, )?; - // 2. 保存KEXINIT payloads(用于Exchange Hash) kex_state.save_kexinit_payloads(&client_kexinit, &server_kexinit); - // 3. 接收SSH_MSG_KEX_ECDH_INIT let kexdh_init = SshPacket::read(stream)?; info!("Received SSH_MSG_KEX_ECDH_INIT"); - // 4. 处理KEXDH_INIT并生成KEXDH_REPLY let kexdh_reply = kex_state.exchange_handler.handle_kexdh_init( &kexdh_init, &kex_state.client_version, @@ -158,25 +157,22 @@ fn perform_complete_kex_exchange( kexdh_reply.write(stream)?; info!("Sent SSH_MSG_KEX_ECDH_REPLY"); - // 5. 发送SSH_MSG_NEWKEYS let newkeys_packet = KexState::send_newkeys()?; newkeys_packet.write(stream)?; kex_state.newkeys_sent = true; info!("Sent SSH_MSG_NEWKEYS"); - // 6. 接收SSH_MSG_NEWKEYS let client_newkeys = SshPacket::read(stream)?; kex_state.handle_newkeys(&client_newkeys)?; info!("Received SSH_MSG_NEWKEYS"); - // 7. 验证加密通道建立 if kex_state.is_encryption_ready() { info!("Encryption channel established successfully"); } else { return Err(anyhow::anyhow!("Encryption channel not ready")); } - Ok(()) + Ok(EncryptionContext::default()) } /// SSH认证流程(Phase 5)