admin/markbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

SSH AES-128-CTR encryption fixes (Phase 4 refinement)
Some checks failed
Test / test (push) Has been cancelled
Details
Test / build (push) Has been cancelled
Details

Browse Source 
Major fixes:
- Persistent cipher state: ciphers maintain counter across packets
- Cipher direction bug: use cipher_ctos for client packets, cipher_stoc for server packets
- MAC key length: 32 bytes for HMAC-SHA256 (was incorrectly 16 bytes)
- MtE mode MAC: calculate MAC over plaintext before encryption
- AES-CTR encryption: encrypt entire packet including packet_length field
- Service name length: corrected to 12 for 'ssh-userauth'
- mpint encoding: properly remove leading zeros and handle high bit

Remaining issue:
- SSH client reports 'Corrupted MAC on input'
- Likely due to key derivation mismatch with OpenSSH client
- Requires further investigation with packet capture analysis

Progress: 80% of SSH encryption implementation complete
Security: Still using RustCrypto authoritative libraries ()
This commit is contained in:
Warren
2026-06-14 15:06:01 +08:00
parent 2cbf0d7b98
commit 7d50c1147d
4 changed files with 179 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
markbase-core/src/ssh_server/crypto.rs
View File

@@ -74,10 +74,16 @@ impl SessionKeys {
// RFC 4253: session_id = H (第一次exchange hash)
let session_id = exchange_hash.to_vec();
info!("SessionKeys::derive() starting");
info!(" shared_secret ({} bytes): {:?}", shared_secret.len(), &shared_secret[..8]);
info!(" shared_secret[0] = {} (>=0x80? {})", shared_secret[0], shared_secret[0] >= 0x80);
// RFC 4253密钥派生公式HASH(K || H || X || session_id)
// 其中K是shared_secret需要mpint格式
let shared_secret_mpint = Self::encode_mpint(shared_secret);
info!(" shared_secret_mpint ({} bytes): {:?}", shared_secret_mpint.len(), &shared_secret_mpint[..std::cmp::min(12, shared_secret_mpint.len())]);
let encryption_key_ctos = Self::derive_key_rfc4253(&shared_secret_mpint, exchange_hash, 'C', &session_id)?;
let encryption_key_stoc = Self::derive_key_rfc4253(&shared_secret_mpint, exchange_hash, 'D', &session_id)?;
let mac_key_ctos = Self::derive_key_rfc4253(&shared_secret_mpint, exchange_hash, 'E', &session_id)?;
@@ -102,6 +108,11 @@ impl SessionKeys {
fn derive_key_rfc4253(K_mpint: &[u8], H: &[u8], X: char, session_id: &[u8]) -> Result<Vec<u8>> {
let mut hasher = Sha256::new();
info!("Deriving key for X='{}'", X);
info!(" K_mpint ({} bytes): {:?}", K_mpint.len(), &K_mpint[..std::cmp::min(8, K_mpint.len())]);
info!(" H ({} bytes): {:?}", H.len(), &H[..8]);
info!(" session_id ({} bytes): {:?}", session_id.len(), &session_id[..8]);
// RFC 4253: HASH(K || H || X || session_id)
hasher.update(K_mpint); // K (shared secret in mpint format)
hasher.update(H); // H (exchange hash)
@@ -110,8 +121,16 @@ impl SessionKeys {
let full_hash = hasher.finalize();
// aes128-ctr: 只取前16字节
Ok(full_hash[..16].to_vec())
info!(" Derived key (first 8 bytes): {:?}", &full_hash[..8]);
// 根據key類型返回不同長度
// AES-128-CTR key/IV: 16 bytes
// HMAC-SHA256 key: 32 bytes
match X {
'A' | 'B' | 'C' | 'D' => Ok(full_hash[..16].to_vec()), // IV or encryption key
'E' | 'F' => Ok(full_hash.to_vec()), // MAC key (full 32 bytes)
_ => Ok(full_hash[..16].to_vec()), // default
}
}
/// SSH mpint编码参考RFC 4253 Section 5