Fix SSH X25519 shared secret encoding for exchange hash

Browse Source

CRITICAL BUG FIX (RFC 8731 Section 3.1):
- X25519 output is little-endian
- SSH exchange hash requires big-endian encoding
- Reverse shared_secret bytes before mpint encoding
- Fix exchange hash computation in kex_exchange.rs
- Fix key derivation in crypto.rs
- Fix KEXINIT cookie to use random bytes

This resolves the fundamental encoding mismatch that caused
'Corrupted MAC on input' errors.

Next: verify signature verification after exchange hash fix.

...

This commit is contained in:

Warren

2026-06-14 19:13:18 +08:00

parent 0403a340c4

commit 76f707a31d

4 changed files with 66 additions and 35 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

BIN

data/auth.sqlite

Binary file not shown.