admin/markbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(ssh): correct signature to sign Exchange Hash instead of shared_secret
Some checks failed
Test / test (push) Has been cancelled
Details
Test / build (push) Has been cancelled
Details

Browse Source 
SSH签名修复完成(RFC 4253 Section 7.2):

问题:
- 之前直接签名shared_secret(错误)
- SSH协议要求签名Exchange Hash H

修复内容:
1. kex_exchange.rs:添加compute_exchange_hash函数
   - 计算H = SHA256(V_C || V_S || I_C || I_S || K_S || K_C || K_S || K)
   - 签名H而不是shared_secret

2. kex_exchange.rs:修改handle_kexdh_init函数
   - 添加client_version, server_version, kexinit_payloads参数
   - 传递所有Exchange Hash所需参数

3. server.rs:修改调用点
   - 传递KexState中的版本和KEXINIT payloads

测试结果:
-  SSH版本交换成功(SSH-2.0-MarkBaseSSH_1.0)
-  SSH_MSG_KEXINIT交换成功(curve25519-sha256)
-  签名验证通过(无incorrect signature错误)
-  SSH_MSG_NEWKEYS交换成功(加密通道建立)
-  加密packet MAC验证失败(cipher.rs AES-CTR待实现)

技术亮点:
-  符合RFC 4253标准
-  参考OpenSSH kex.c实现
-  完整Exchange Hash计算(SSH string + mpint格式)

下一步:
- 实现cipher.rs的AES-256-CTR加密功能
- 完成加密packet的MAC计算
- 测试完整SSH连接流程
This commit is contained in:
Warren
2026-06-13 18:25:50 +08:00
parent a9098a3c48
commit 66f38698f5
2 changed files with 101 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
markbase-core/src/ssh_server/kex_exchange.rs
View File

@@ -7,7 +7,8 @@ use crate::ssh_server::crypto::{Curve25519Kex, SessionKeys, Ed25519HostKey};
use anyhow::{Result, anyhow};
use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt};
use log::{info, debug};
use std::io::{Read, Write}; // 导入Write traitOpenSSH标准
use std::io::{Read, Write};
use sha2::{Sha256, Digest};
/// SSH密钥交换流程处理器参考OpenSSH kex.c
pub struct KexExchangeHandler {
@@ -30,19 +31,23 @@ impl KexExchangeHandler {
}
/// 处理SSH_MSG_KEXDH_INITCurve25519密钥交换参考OpenSSH kex.c: kex_input_kex_init()
pub fn handle_kexdh_init(&mut self, packet: &SshPacket) -> Result<SshPacket> {
pub fn handle_kexdh_init(
&mut self,
packet: &SshPacket,
client_version: &str,
server_version: &str,
client_kexinit_payload: &[u8],
server_kexinit_payload: &[u8],
) -> Result<SshPacket> {
info!("Processing SSH_MSG_KEXDH_INIT (Curve25519)");
// 从payload创建cursorOpenSSH标准方式
let mut cursor = std::io::Cursor::new(packet.payload.as_slice()); // 使用as_slice()Rust标准
let mut cursor = std::io::Cursor::new(packet.payload.as_slice());
// 验证packet类型
let packet_type = cursor.read_u8()?;
if packet_type != PacketType::SSH_MSG_KEXDH_INIT as u8 {
return Err(anyhow!("Invalid packet type for KEXDH_INIT"));
}
// 读取客户端Curve25519公钥SSH string格式
let key_length = cursor.read_u32::<BigEndian>()?;
if key_length != 32 {
return Err(anyhow!("Invalid Curve25519 public key length: {}", key_length));
@@ -51,42 +56,59 @@ impl KexExchangeHandler {
let mut client_public_key = vec![0u8; 32];
cursor.read_exact(&mut client_public_key)?;
// 生成服务器Curve25519密钥参考OpenSSH curve25519.c
self.server_kex = Some(Curve25519Kex::new());
let server_kex = self.server_kex.as_mut().unwrap();
// 计算共享密钥参考OpenSSH curve25519_shared_secret()
let shared_secret = server_kex.compute_shared_secret(&client_public_key)?;
// 提取public_key避免borrow冲突Rust标准做法
let server_public_key = server_kex.public_key().to_vec();
info!("Curve25519 shared secret computed");
// 构建SSH_MSG_KEXDH_REPLY参考OpenSSH kex.c: kex_send_kex_reply()
self.build_kexdh_reply(&shared_secret, &server_public_key)
self.build_kexdh_reply(
&shared_secret,
&server_public_key,
&client_public_key,
client_version,
server_version,
client_kexinit_payload,
server_kexinit_payload,
)
}
/// 构建SSH_MSG_KEXDH_REPLY packet参考OpenSSH kex.c
fn build_kexdh_reply(&self, shared_secret: &[u8], server_public_key: &[u8]) -> Result<SshPacket> {
fn build_kexdh_reply(
&self,
shared_secret: &[u8],
server_public_key: &[u8],
client_public_key: &[u8],
client_version: &str,
server_version: &str,
client_kexinit_payload: &[u8],
server_kexinit_payload: &[u8],
) -> Result<SshPacket> {
let mut payload = Vec::new();
// Packet type
payload.write_u8(PacketType::SSH_MSG_KEXDH_REPLY as u8)?;
// 服务器主机公钥SSH string格式
// 参考OpenSSH sshkey.c: sshkey_to_blob()
let host_key_ssh = self.build_ssh_host_key()?;
payload.write_u32::<BigEndian>(host_key_ssh.len() as u32)?;
payload.write_all(&host_key_ssh)?;
// 服务器Curve25519公钥SSH string格式
payload.write_u32::<BigEndian>(32)?;
payload.write_all(server_public_key)?;
// 签名SSH string格式
// 参考OpenSSH ssh-sign.c
let signature = self.build_exchange_signature(shared_secret)?;
let exchange_hash = self.compute_exchange_hash(
shared_secret,
&host_key_ssh,
client_public_key,
server_public_key,
client_version,
server_version,
client_kexinit_payload,
server_kexinit_payload,
)?;
let signature = self.build_exchange_signature(&exchange_hash)?;
payload.write_u32::<BigEndian>(signature.len() as u32)?;
payload.write_all(&signature)?;
@@ -112,25 +134,65 @@ impl KexExchangeHandler {
Ok(blob)
}
/// 计算Exchange Hash参考OpenSSH kex.c: kex_hash() RFC 4253 Section 7.2
fn compute_exchange_hash(
&self,
shared_secret: &[u8],
host_key_blob: &[u8],
client_public_key: &[u8],
server_public_key: &[u8],
client_version: &str,
server_version: &str,
client_kexinit_payload: &[u8],
server_kexinit_payload: &[u8],
) -> Result<Vec<u8>> {
use sha2::{Sha256, Digest};
let mut hasher = Sha256::new();
hasher.update(&(client_version.len() as u32).to_be_bytes());
hasher.update(client_version.as_bytes());
hasher.update(&(server_version.len() as u32).to_be_bytes());
hasher.update(server_version.as_bytes());
hasher.update(&(client_kexinit_payload.len() as u32).to_be_bytes());
hasher.update(client_kexinit_payload);
hasher.update(&(server_kexinit_payload.len() as u32).to_be_bytes());
hasher.update(server_kexinit_payload);
hasher.update(&(host_key_blob.len() as u32).to_be_bytes());
hasher.update(host_key_blob);
hasher.update(&(client_public_key.len() as u32).to_be_bytes());
hasher.update(client_public_key);
hasher.update(&(server_public_key.len() as u32).to_be_bytes());
hasher.update(server_public_key);
let mpint_shared_secret = if shared_secret.len() > 0 && shared_secret[0] >= 0x80 {
let mut mpint = vec![0u8];
mpint.extend_from_slice(shared_secret);
mpint
} else {
shared_secret.to_vec()
};
hasher.update(&(mpint_shared_secret.len() as u32).to_be_bytes());
hasher.update(&mpint_shared_secret);
Ok(hasher.finalize().to_vec())
}
/// 构建交换签名参考OpenSSH ssh-sign.c
fn build_exchange_signature(&self, shared_secret: &[u8]) -> Result<Vec<u8>> {
// OpenSSH签名格式
// H = hash(K || other data)
// signature = sshkey_sign(H)
fn build_exchange_signature(&self, exchange_hash: &[u8]) -> Result<Vec<u8>> {
let signature_bytes = self.host_key.sign(exchange_hash)?;
// 简化实现:直接签名共享密钥
// 实际应签名hash(session_id || exchange_hash)
let signature_bytes = self.host_key.sign(shared_secret)?;
// SSH签名格式参考OpenSSH ssh-sign.c
let mut ssh_signature = Vec::new();
// Signature type: ssh-ed25519
ssh_signature.write_u32::<BigEndian>(11)?;
ssh_signature.write_all("ssh-ed25519".as_bytes())?;
// Ed25519签名64字节
ssh_signature.write_u32::<BigEndian>(64)?;
ssh_signature.write_all(&signature_bytes)?;

8
markbase-core/src/ssh_server/server.rs
View File

@@ -148,7 +148,13 @@ fn perform_complete_kex_exchange(
info!("Received SSH_MSG_KEX_ECDH_INIT");
// 4. 处理KEXDH_INIT并生成KEXDH_REPLY
let kexdh_reply = kex_state.exchange_handler.handle_kexdh_init(&kexdh_init)?;
let kexdh_reply = kex_state.exchange_handler.handle_kexdh_init(
&kexdh_init,
&kex_state.client_version,
&kex_state.server_version,
&kex_state.client_kexinit_payload,
&kex_state.server_kexinit_payload,
)?;
kexdh_reply.write(stream)?;
info!("Sent SSH_MSG_KEX_ECDH_REPLY");