fix(ssh): Re-add uint32 prefix for shared secret K in exchange hash and key derivation
Some checks failed
Test / test (push) Has been cancelled
Test / build (push) Has been cancelled

OpenSSH sshbuf_put_bignum2_bytes() writes uint32(len) + mpint_data
to the buffer (confirmed from sshbuf-getput-basic.c line 569). Both
kex_gen_hash() via sshbuf_putb() and kex_derive_keys() via
ssh_digest_update_buffer() consume the full buffer including the uint32
prefix.

Fixes 'incorrect signature' error on OpenSSH 10.2.
This commit is contained in:
Warren
2026-06-20 15:41:43 +08:00
parent 6ef1537c1b
commit e0e145e277
3 changed files with 63 additions and 41 deletions

View File

@@ -534,8 +534,12 @@ impl EncryptedPacket {
.ok_or_else(|| anyhow!("cipher_ctos not initialized"))?
};
let plaintext_bytes = plaintext_packet.ptr().to_vec();
info!("Plaintext packet FULL ({} bytes): {:?}", plaintext_bytes.len(), plaintext_bytes);
let mut encrypted_packet = plaintext_packet.into_vec();
cipher.apply_keystream(&mut encrypted_packet);
info!("Encrypted packet FULL ({} bytes): {:?}", encrypted_packet.len(), encrypted_packet);
info!("MAC FULL ({} bytes): {:?}", mac.len(), mac);
// 更新sequence number
if is_server_to_client {