fix(ssh): Re-add uint32 prefix for shared secret K in exchange hash and key derivation
OpenSSH sshbuf_put_bignum2_bytes() writes uint32(len) + mpint_data to the buffer (confirmed from sshbuf-getput-basic.c line 569). Both kex_gen_hash() via sshbuf_putb() and kex_derive_keys() via ssh_digest_update_buffer() consume the full buffer including the uint32 prefix. Fixes 'incorrect signature' error on OpenSSH 10.2.
This commit is contained in:
@@ -534,8 +534,12 @@ impl EncryptedPacket {
|
||||
.ok_or_else(|| anyhow!("cipher_ctos not initialized"))?
|
||||
};
|
||||
|
||||
let plaintext_bytes = plaintext_packet.ptr().to_vec();
|
||||
info!("Plaintext packet FULL ({} bytes): {:?}", plaintext_bytes.len(), plaintext_bytes);
|
||||
let mut encrypted_packet = plaintext_packet.into_vec();
|
||||
cipher.apply_keystream(&mut encrypted_packet);
|
||||
info!("Encrypted packet FULL ({} bytes): {:?}", encrypted_packet.len(), encrypted_packet);
|
||||
info!("MAC FULL ({} bytes): {:?}", mac.len(), mac);
|
||||
|
||||
// 更新sequence number
|
||||
if is_server_to_client {
|
||||
|
||||
Reference in New Issue
Block a user