如何正确生成 Diffie-Hellman(第 14 组)共享密钥

问题描述 投票:0回答:1

我正在使用 Diffie-Hellman 组 14 使用 openSSL 库用 C 语言编写一个简单的 SSH 客户端。我相信我已经成功实现了我的客户端,直到 Diffie-Hellman/服务器验证步骤的共享密钥 (K) 派生步骤。在我的客户端上派生共享密钥的 OSSL 函数会生成输出,但由于服务器验证失败,我想查看服务器的 K 来验证我的确实是错误的,或者其他一些问题是验证失败的原因。于是,我下载了openSSH服务器源码,修改为生成后打印出K。然后我让我的客户端连接到 openSSH 服务器,服务器的输出确认我的客户端派生的 K 是不正确的(我假设 openSSH 派生的 K 是正确的)。

下面是处理DH交换的代码:

int sendDiffieHellmanExchange(int sock) {
    // init all variables that will need to be freed
    EVP_PKEY_CTX *pctx = NULL, *kctx = NULL, *peerCtx = NULL;
    EVP_PKEY *params = NULL, *clientKey = NULL, *peerkey = NULL;
    BIO *out = NULL;
    BIGNUM *p = NULL, *g = NULL, *eBN = NULL, *fBN = NULL;
    OSSL_PARAM dhParams[3];
    OSSL_PARAM peerParams[4];
    unsigned char *pBin = NULL, *gBin = NULL, *eNetworkOrder = NULL, *buffer = NULL, *serverResponse = NULL;
    int pSize = 0, gSize = 0;
    RawByteArray *e = NULL, *payload = NULL, *packet = NULL;

    // create group 14 parameters with bignum
    p = BN_new();
    BN_get_rfc3526_prime_2048(p);
    g = BN_new();
    BN_set_word(g, 2);

    pSize = BN_num_bytes(p);
    gSize = BN_num_bytes(g);

    // allocate memory for pBin and gBin
    pBin = (unsigned char*)OPENSSL_malloc(pSize);
    gBin = (unsigned char*)OPENSSL_malloc(gSize);

    // convert p and g into binary form 
    // need to pad out binary to ensure standard size
    BN_bn2binpad(p, pBin, pSize);
    BN_bn2binpad(g, gBin, gSize);

    // initialize the parameter context for DH key generation 
    pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);

    // prepare the DH parameters (p and g) using OSSL_PARAM array 
    dhParams[0] = OSSL_PARAM_construct_BN("p", pBin, pSize);
    dhParams[1] = OSSL_PARAM_construct_BN("g", gBin, gSize);
    dhParams[2] = OSSL_PARAM_construct_end();

    // use EVP_PKEY_fromdata to create an EVP_PKEY using the DH parameters 
    EVP_PKEY_fromdata_init(pctx);
    EVP_PKEY_fromdata(pctx, &params, EVP_PKEY_KEY_PARAMETERS, dhParams);

    // generate a new DH key
    kctx = EVP_PKEY_CTX_new(params, NULL);
    EVP_PKEY_keygen_init(kctx);
    EVP_PKEY_keygen(kctx, &clientKey);

    // extract the public key BIGNUM
    EVP_PKEY_get_bn_param(clientKey, "pub", &eBN);

    int eLen = BN_num_bytes(eBN);  // get the length of the public key in bytes
    eNetworkOrder = (unsigned char *)malloc(eLen);

    BN_bn2bin(eBN, eNetworkOrder);

    // swap endian-ness from little-endian to big-endian
    eNetworkOrder = swapEndianNess(eNetworkOrder, eLen);
    
    e = addTwosComplementBit(eNetworkOrder, eLen);

    printf("public key (e)\n");
    printf("len of key: %zu\n", e -> size);
    for (int i = 0; i < e -> size; i++) {
        printf("%02x ", e -> data[i]);
    }
    printf("\n");

    // building e payload (including prepending size to mpint)
    buffer = malloc(e -> size + 1 + 4);
    buffer[0] = SSH_MSG_KEXDH_INIT;
    uint32_t mpintLenNetworkOrder = htonl(e->size);
    memcpy(buffer + 1, &mpintLenNetworkOrder, sizeof(uint32_t));
    memcpy(buffer + 5, e -> data, e -> size);

    // store a global copy of e for use in message verification
    eGlobal = malloc(e -> size + sizeof(uint32_t));
    memcpy(eGlobal, &mpintLenNetworkOrder, sizeof(uint32_t));
    memcpy(eGlobal + sizeof(uint32_t), e -> data, e -> size);
    eGlobalLen = e -> size + sizeof(uint32_t);

    /* Optional: Print the private key */
    out = BIO_new_fp(stdout, BIO_NOCLOSE);
    if (out && clientKey) {
        EVP_PKEY_print_private(out, clientKey, 0, NULL);
    }

    payload = malloc(sizeof(RawByteArray));
    assert(payload != NULL);

    payload -> data = buffer;
    payload -> size = e -> size + 1 + 4; // +1 for message code, +4 for mpint len

    packet = constructPacket(payload);

    int sentBytes = send(sock, packet -> data, packet -> size, 0);

    if (sentBytes != -1) {
        printf("Successful DH init send! Number of bytes sent: %i\n", sentBytes);
    } else {
        printf("Send did not complete successfully.\n");
    }
    
    serverResponse = malloc(BUFFER_SIZE);
    memset(serverResponse, 0, BUFFER_SIZE);  // Clear the buffer    
    ssize_t bytesReceived = recv(sock, serverResponse, BUFFER_SIZE, 0);
    
    if (bytesReceived > 0) {
        // printf("server DH init response:\n");
        // for (int i = 0; i < bytesReceived; i++) {
        //     printf("%02x ", (unsigned char)serverResponse[i]); 
        // }
        // printf("\n");
    } else {
        printf("No server DH response recieved :(\n");
        // random error message code
        exit(1);
    }

    ServerDHResponse *dhResponse = extractServerDHResponse(serverResponse);

    // need to store the f from server as global bc OSSL doesnt like the leading 2s complement bit, so we remove it for use within OSSL stuff
    fGlobal = malloc(dhResponse -> fLen + sizeof(uint32_t));
    mpintLenNetworkOrder = htonl(dhResponse -> fLen);
    memcpy(fGlobal, &mpintLenNetworkOrder, sizeof(uint32_t));
    memcpy(fGlobal + sizeof(uint32_t), dhResponse -> f, dhResponse -> fLen);
    fGlobalLen = dhResponse -> fLen + sizeof(uint32_t);

    // importing f into a PKEY:
    
    // If the first byte of f is 0x00 and the length is 257, strip the leading byte.
    // OSSL gets angry in key agreement if there is a leading byte
    if (dhResponse->fLen == 257 && dhResponse->f[0] == 0x00) {
        // Create a new buffer to store the adjusted public key
        unsigned char *adjustedF = malloc(dhResponse->fLen - 1);
        assert(adjustedF != NULL); // Check for allocation failure

        // Copy the data without the leading zero
        memcpy(adjustedF, dhResponse -> f + 1, dhResponse -> fLen - 1);

        // Update the pointer and length
        free(dhResponse -> f); // Free the old buffer if you dynamically allocated it
        dhResponse -> f = adjustedF; // Point to the new buffer
        dhResponse -> fLen -= 1; // Adjust the length
    }

    fBN = BN_new();
    BN_bin2bn(dhResponse -> f, dhResponse -> fLen, fBN);

    peerCtx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);

    // prepare the parameters for peer's public key
    peerParams[0] = OSSL_PARAM_construct_BN("p", pBin, pSize);  
    peerParams[1] = OSSL_PARAM_construct_BN("g", gBin, gSize); 
    peerParams[2] = OSSL_PARAM_construct_BN("pub", dhResponse -> f, dhResponse -> fLen); 
    peerParams[3] = OSSL_PARAM_construct_end(); 

    EVP_PKEY_fromdata_init(peerCtx);
    EVP_PKEY_fromdata(peerCtx, &peerkey, EVP_PKEY_PUBLIC_KEY, peerParams);
    
    printf("FFFFF:\n");
    for (int i = 0; i < dhResponse -> fLen; i++) {
        printf("%02x ", dhResponse -> f[i]);
    }
    printf("\n");

    // PRINTING TO DEBUG
    EVP_PKEY_print_public(out, peerkey, 0, NULL);

    RawByteArray *k = generateSharedKey(clientKey, peerkey);

    RawByteArray *twosK = addTwosComplementBit(k -> data, k -> size);
    RawByteArray *mpintK = malloc(sizeof(RawByteArray));
    unsigned char *mpintKdata = malloc(twosK -> size + sizeof(uint32_t));
    mpintLenNetworkOrder = htonl(twosK -> size);
    memcpy(mpintKdata, &mpintLenNetworkOrder, sizeof(uint32_t));
    memcpy(mpintKdata + sizeof(uint32_t), twosK -> data, twosK -> size);
    mpintK -> data = mpintKdata;
    mpintK -> size = twosK -> size + sizeof(uint32_t);

    RawByteArray *verificationMessage = concatenateVerificationMessage(dhResponse -> hostKeyType, dhResponse -> hostKeyTypeLen, dhResponse -> publicKey, dhResponse -> publicKeyLen, mpintK -> data, mpintK -> size);

    verifyServerSignature(dhResponse, verificationMessage);

    // cleanup
    
    return 0;
}

这是导出 K 的代码:

RawByteArray *generateSharedKey(EVP_PKEY *pkey, EVP_PKEY *peerkey) {
    RawByteArray *sharedKey = malloc(sizeof(RawByteArray));
    assert(sharedKey != NULL); 

    EVP_PKEY_CTX *ctx;
    unsigned char *skey;
    size_t skeylen;

    // Initialize context
    ctx = EVP_PKEY_CTX_new(pkey, NULL);

    // Initialize derivation
    EVP_PKEY_derive_init(ctx);

    // Set peer's public key
    EVP_PKEY_derive_set_peer(ctx, peerkey);

    // Determine buffer length for shared secret
    EVP_PKEY_derive(ctx, NULL, &skeylen);

    // Allocate memory for shared secret
    skey = OPENSSL_malloc(skeylen);
    assert(skey != NULL);

    // Derive the shared secret
    EVP_PKEY_derive(ctx, skey, &skeylen);

    // Debugging output
    printf("skeylen: %zu\n", skeylen);
    printf("SHARED KEY!!\n");
    for (int i = 0; i < skeylen; i++) {
        printf("%02x ", skey[i]);
    }
    printf("\n");

    // Store the shared secret
    sharedKey->data = skey;
    sharedKey->size = skeylen;

    // Clean up
    EVP_PKEY_CTX_free(ctx);

    // will need to use OPENSSL free on sharedKey -> data since OSSL malloc is used to create it
    return sharedKey;
}

以下是

sendDiffieHellmanExchange()
的输出:

public key (e)
len of key: 256
3f 94 6e 9f 44 c6 0c 3e ac 78 c4 06 e7 37 ce ab 50 f2 a6 4e e5 72 a7 5f 0d 64 50 47 81 77 9c 3b df 8b e6 1a 73 0a e5 4e e2 15 9e cb 50 ab 3f f3 c0 61 12 75 0d 13 67 aa c0 f7 b2 d6 04 0d e7 fb 88 1b d8 0d be 67 da a6 bb fc 48 b7 fd 1a 91 5b 9d 7d aa 18 21 8b f1 07 6a 41 12 88 e9 da 39 a9 76 6b c3 c0 4a 38 67 9c 34 e6 60 1e 90 7e 9c 2d a1 ca fe 01 0d 05 70 53 19 d8 8d 4f ec a5 bd 14 84 c9 0f cb 8a 0c cf 12 a5 51 7b 29 c6 b8 7d de 44 a2 4d 20 01 b5 b7 54 97 ce 6e 6f 2d ce 3e 26 9f 24 82 95 fd 13 af 5c 79 df e5 b2 f8 dd 6c aa ac 95 e6 c4 fe 58 d9 09 91 f0 25 2e 65 82 59 b8 de 2c 49 e7 e8 3f 46 b3 33 91 02 aa 46 8a fb 58 bb 09 b1 fa 67 d5 b6 32 6c 71 66 a3 0a fb 92 52 f1 7e 0b d8 e3 d5 6a 69 ff 2c 13 f6 e2 a0 46 17 7c c3 44 21 20 5b 31 47 7c b6 2b d2 75 5d 90 a0 
DH Private-Key: (2048 bit)
private-key:
    4d:5a:58:8a:47:15:c8:25:47:95:4f:3a:62:50:a4:
    78:cc:5f:81:c1:f2:00:99:7c:15:f8:da:f7:09:f7:
    dc:aa:45:dd:6a:12:f4:a3:7a:5d:24:ec:bc:de:fc:
    51:db:ec:41:eb:2f:6d:24:b4:8f:30:54:91:ea:97:
    73:10:63:2b:9f:ad:96:20:94:ad:54:d5:22:c7:40:
    3f:23:6b:7f:c4:99:63:33:4d:6f:ab:1c:16:4c:9b:
    93:a7:8b:64:0d:11:1f:26:11:54:1b:7c:aa:aa:6e:
    7b:13:8c:26:1f:b6:95:eb:12:3b:19:b3:d5:c1:07:
    1b:97:79:82:16:ee:31:9c:8d:22:60:2f:bf:b2:77:
    ef:fa:87:08:52:f8:0c:20:9f:7c:94:45:61:02:09:
    7a:0c:ee:14:be:01:04:21:b7:14:00:14:40:22:43:
    fc:11:8f:ab:b2:37:85:59:7b:b0:a4:f3:8f:53:ee:
    d3:72:5d:14:b9:31:0d:0d:ac:55:ff:bb:04:14:4d:
    2a:c3:41:70:e3:71:6d:5d:5f:8c:69:45:26:e9:84:
    6e:43:e8:6e:57:23:6a:91:52:1b:0e:41:83:7f:d5:
    81:06:84:d7:55:df:80:20:7a:af:21:3b:a3:ba:fb:
    62:23:93:14:e2:78:39:29:42:d3:b1:c6:dd:b5:e8:
    58
public-key:
    00:a0:90:5d:75:d2:2b:b6:7c:47:31:5b:20:21:44:
    c3:7c:17:46:a0:e2:f6:13:2c:ff:69:6a:d5:e3:d8:
    0b:7e:f1:52:92:fb:0a:a3:66:71:6c:32:b6:d5:67:
    fa:b1:09:bb:58:fb:8a:46:aa:02:91:33:b3:46:3f:
    e8:e7:49:2c:de:b8:59:82:65:2e:25:f0:91:09:d9:
    58:fe:c4:e6:95:ac:aa:6c:dd:f8:b2:e5:df:79:5c:
    af:13:fd:95:82:24:9f:26:3e:ce:2d:6f:6e:ce:97:
    54:b7:b5:01:20:4d:a2:44:de:7d:b8:c6:29:7b:51:
    a5:12:cf:0c:8a:cb:0f:c9:84:14:bd:a5:ec:4f:8d:
    d8:19:53:70:05:0d:01:fe:ca:a1:2d:9c:7e:90:1e:
    60:e6:34:9c:67:38:4a:c0:c3:6b:76:a9:39:da:e9:
    88:12:41:6a:07:f1:8b:21:18:aa:7d:9d:5b:91:1a:
    fd:b7:48:fc:bb:a6:da:67:be:0d:d8:1b:88:fb:e7:
    0d:04:d6:b2:f7:c0:aa:67:13:0d:75:12:61:c0:f3:
    3f:ab:50:cb:9e:15:e2:4e:e5:0a:73:1a:e6:8b:df:
    3b:9c:77:81:47:50:64:0d:5f:a7:72:e5:4e:a6:f2:
    50:ab:ce:37:e7:06:c4:78:ac:3e:0c:c6:44:9f:6e:
    94:3f
P:   
    00:ff:ff:ff:ff:ff:ff:ff:ff:68:aa:ac:8a:5a:8e:
    72:15:10:05:fa:98:18:26:d2:15:e5:6a:95:ea:7c:
    49:95:39:18:17:58:95:f6:cb:2b:de:c9:52:4c:6f:
    f0:5d:c5:b5:8f:a2:07:ec:a2:83:27:9b:03:86:0e:
    18:2c:77:9e:e3:3b:ce:36:2e:46:5e:90:32:7c:21:
    18:ca:08:6c:74:f1:04:98:bc:4a:4e:35:0c:67:6d:
    96:96:70:07:29:d5:9e:bb:52:85:20:56:f3:62:1c:
    96:ad:a3:dc:23:5d:65:83:5f:cf:24:fd:a8:3f:16:
    69:9a:d3:55:1c:36:48:da:98:05:bf:63:a1:b8:7c:
    00:c2:3d:5b:e4:ec:51:66:28:49:e6:1f:4b:7c:11:
    24:9f:ae:a5:9f:89:5a:fb:6b:38:ee:ed:b7:06:f4:
    b6:5c:ff:0b:6b:ed:37:a6:e9:42:4c:f4:c6:7e:5e:
    62:76:b5:85:e4:45:c2:51:6d:6d:35:e1:4f:37:14:
    5f:f2:6d:0a:2b:30:1b:43:3a:cd:b3:19:95:ef:dd:
    04:34:8e:79:08:4a:51:22:9b:13:3b:a6:be:0b:02:
    74:cc:67:8a:08:4e:02:29:d1:1c:dc:80:8b:62:c6:
    c4:34:c2:68:21:a2:da:0f:c9:ff:ff:ff:ff:ff:ff:
    ff:ff
G:    2 (0x2)
Successful DH init send! Number of bytes sent: 272
FFFFF:
19 35 18 1d 9c 70 62 0e 55 4d 5b 2b 8f e2 e1 18 5b 22 23 68 d4 d2 5a 12 04 68 e3 49 a5 6c a2 a4 dc ce 58 ff a0 80 90 59 9b ce 25 55 21 9b 8a 68 c7 f0 37 56 5c c4 4b 72 02 80 d2 7c 20 31 2f 6d 04 fb 43 a2 ea 0b c7 e6 aa 2a ef 94 77 9a 89 e0 64 97 80 64 e2 6b cd 67 aa 23 0f 8f 90 41 15 b3 26 fa b4 d7 b1 53 2e 42 30 e3 b4 40 ae 23 f2 94 36 93 10 10 fb 32 f3 3c 49 25 3f 80 e2 44 00 dc 95 f4 9d fb 27 8f 24 3b 18 dc 2a 83 59 f2 31 8d 05 4a 3d 0c 40 f5 be 88 d7 c4 7c 1d 0a 3b 6c 11 8b f1 04 a0 66 a8 e2 17 f6 5c 94 0c 90 04 78 39 89 7e 4a 65 69 db d2 db 3e 59 85 62 a0 a8 b4 46 3b 31 00 ca 8b b9 9e 32 49 2d c5 b6 f9 19 c4 ca f7 ff bb 5b c5 1f 3d 99 0a cd f8 6f 3f 89 d3 af 5f fb 10 98 76 28 a1 6c a6 f5 fa 75 53 1f 44 ee 9c 71 a8 ab 53 ea 57 89 bc 56 5d 8e d6 d7 b2 f0 
DH Public-Key: (2048 bit)
public-key:
    00:f0:b2:d7:d6:8e:5d:56:bc:89:57:ea:53:ab:a8:
    71:9c:ee:44:1f:53:75:fa:f5:a6:6c:a1:28:76:98:
    10:fb:5f:af:d3:89:3f:6f:f8:cd:0a:99:3d:1f:c5:
    5b:bb:ff:f7:ca:c4:19:f9:b6:c5:2d:49:32:9e:b9:
    8b:ca:00:31:3b:46:b4:a8:a0:62:85:59:3e:db:d2:
    db:69:65:4a:7e:89:39:78:04:90:0c:94:5c:f6:17:
    e2:a8:66:a0:04:f1:8b:11:6c:3b:0a:1d:7c:c4:d7:
    88:be:f5:40:0c:3d:4a:05:8d:31:f2:59:83:2a:dc:
    18:3b:24:8f:27:fb:9d:f4:95:dc:00:44:e2:80:3f:
    25:49:3c:f3:32:fb:10:10:93:36:94:f2:23:ae:40:
    b4:e3:30:42:2e:53:b1:d7:b4:fa:26:b3:15:41:90:
    8f:0f:23:aa:67:cd:6b:e2:64:80:97:64:e0:89:9a:
    77:94:ef:2a:aa:e6:c7:0b:ea:a2:43:fb:04:6d:2f:
    31:20:7c:d2:80:02:72:4b:c4:5c:56:37:f0:c7:68:
    8a:9b:21:55:25:ce:9b:59:90:80:a0:ff:58:ce:dc:
    a4:a2:6c:a5:49:e3:68:04:12:5a:d2:d4:68:23:22:
    5b:18:e1:e2:8f:2b:5b:4d:55:0e:62:70:9c:1d:18:
    35:19
P:   
    00:ff:ff:ff:ff:ff:ff:ff:ff:68:aa:ac:8a:5a:8e:
    72:15:10:05:fa:98:18:26:d2:15:e5:6a:95:ea:7c:
    49:95:39:18:17:58:95:f6:cb:2b:de:c9:52:4c:6f:
    f0:5d:c5:b5:8f:a2:07:ec:a2:83:27:9b:03:86:0e:
    18:2c:77:9e:e3:3b:ce:36:2e:46:5e:90:32:7c:21:
    18:ca:08:6c:74:f1:04:98:bc:4a:4e:35:0c:67:6d:
    96:96:70:07:29:d5:9e:bb:52:85:20:56:f3:62:1c:
    96:ad:a3:dc:23:5d:65:83:5f:cf:24:fd:a8:3f:16:
    69:9a:d3:55:1c:36:48:da:98:05:bf:63:a1:b8:7c:
    00:c2:3d:5b:e4:ec:51:66:28:49:e6:1f:4b:7c:11:
    24:9f:ae:a5:9f:89:5a:fb:6b:38:ee:ed:b7:06:f4:
    b6:5c:ff:0b:6b:ed:37:a6:e9:42:4c:f4:c6:7e:5e:
    62:76:b5:85:e4:45:c2:51:6d:6d:35:e1:4f:37:14:
    5f:f2:6d:0a:2b:30:1b:43:3a:cd:b3:19:95:ef:dd:
    04:34:8e:79:08:4a:51:22:9b:13:3b:a6:be:0b:02:
    74:cc:67:8a:08:4e:02:29:d1:1c:dc:80:8b:62:c6:
    c4:34:c2:68:21:a2:da:0f:c9:ff:ff:ff:ff:ff:ff:
    ff:ff
G:    2 (0x2)
skeylen: 256
SHARED KEY!!
59 e4 b4 05 4d 6a 0d 69 76 a2 57 66 8b 05 24 cf 99 cd a2 8c 2b b6 52 75 8c 0c 52 bc 0b 68 d7 18 a1 3a 15 3e 19 46 75 d6 27 27 38 fd ae c7 4a 15 ec 40 20 6b d9 e6 c4 80 01 2b d5 84 10 e5 72 1d 45 7e 66 9a 9b 13 e0 52 fb c5 e8 c5 14 82 48 4d 52 f4 1c e5 b1 81 06 eb fb a4 3e 0e c8 1f 5d 92 70 92 8a cb 73 f4 1f 4c a8 34 c6 7e 76 7d 6f 9f d3 13 fd 12 bd 2e 95 d7 bb 08 c7 fc 63 00 9a dd 5d 52 2c fb f8 30 e5 8f 8b 92 72 da 16 e6 b0 89 31 56 fc 61 a9 d6 29 5a 68 d1 af 7f 06 4d e4 54 f3 0a 4e 2a fa 7a cb 67 dc 74 e9 17 48 bd a2 8d 37 4b ce 04 11 5c e9 b2 e0 7c 3e 89 eb e5 2f ba f7 a2 1e 69 bf 4b 3c cc 6d 07 5a a8 28 c3 2f fe e8 dd 82 c7 f4 06 91 f2 b2 7f 32 bf c9 15 9b 2a d8 26 7b 62 ed fe fc 50 dd b7 68 5c 80 82 ac a6 de e2 bc e6 70 a4 3a 49 4d 24 a9 e1 9e 39 f8 bc 
V_C: 
00 00 00 0d 53 53 48 2d 32 2e 30 2d 6d 79 53 53 48 
V_S: 
00 00 00 15 53 53 48 2d 32 2e 30 2d 4f 70 65 6e 53 53 48 5f 39 2e 39 70 31 
I_C: 
00 00 00 a2 14 c5 5a a4 f0 a0 fe ae 01 b6 b2 80 5e 55 1f 69 7a 00 00 00 1d 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 34 2d 73 68 61 32 35 36 00 00 00 0b 73 73 68 2d 65 64 32 35 35 31 39 00 00 00 16 61 65 73 32 35 36 2d 67 63 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 00 00 00 16 61 65 73 32 35 36 2d 67 63 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 00 00 00 04 6e 6f 6e 65 00 00 00 04 6e 6f 6e 65 00 00 00 04 6e 6f 6e 65 00 00 00 04 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 00 00 00 
I_S: 
00 00 04 81 14 c3 7d 52 a7 2a 01 ed 1a a2 73 ff 8c 4a 6d 40 e2 00 00 01 5e 73 6e 74 72 75 70 37 36 31 78 32 35 35 31 39 2d 73 68 61 35 31 32 2c 73 6e 74 72 75 70 37 36 31 78 32 35 35 31 39 2d 73 68 61 35 31 32 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 6d 6c 6b 65 6d 37 36 38 78 32 35 35 31 39 2d 73 68 61 32 35 36 2c 63 75 72 76 65 32 35 35 31 39 2d 73 68 61 32 35 36 2c 63 75 72 76 65 32 35 35 31 39 2d 73 68 61 32 35 36 40 6c 69 62 73 73 68 2e 6f 72 67 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 32 35 36 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 33 38 34 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 35 32 31 2c 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 78 63 68 61 6e 67 65 2d 73 68 61 32 35 36 2c 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 36 2d 73 68 61 35 31 32 2c 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 38 2d 73 68 61 35 31 32 2c 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 34 2d 73 68 61 32 35 36 2c 65 78 74 2d 69 6e 66 6f 2d 73 2c 6b 65 78 2d 73 74 72 69 63 74 2d 73 2d 76 30 30 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 00 00 00 39 72 73 61 2d 73 68 61 32 2d 35 31 32 2c 72 73 61 2d 73 68 61 32 2d 32 35 36 2c 65 63 64 73 61 2d 73 68 61 32 2d 6e 69 73 74 70 32 35 36 2c 73 73 68 2d 65 64 32 35 35 31 39 00 00 00 6c 63 68 61 63 68 61 32 30 2d 70 6f 6c 79 31 33 30 35 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 61 65 73 31 32 38 2d 63 74 72 2c 61 65 73 31 39 32 2d 63 74 72 2c 61 65 73 32 35 36 2d 63 74 72 2c 61 65 73 31 32 38 2d 67 63 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 61 65 73 32 35 36 2d 67 63 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 00 00 00 6c 63 68 61 63 68 61 32 30 2d 70 6f 6c 79 31 33 30 35 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 61 65 73 31 32 38 2d 63 74 72 2c 61 65 73 31 39 32 2d 63 74 72 2c 61 65 73 32 35 36 2d 63 74 72 2c 61 65 73 31 32 38 2d 67 63 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 61 65 73 32 35 36 2d 67 63 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 00 00 00 d5 75 6d 61 63 2d 36 34 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 75 6d 61 63 2d 31 32 38 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 32 2d 32 35 36 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 32 2d 35 31 32 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 31 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 75 6d 61 63 2d 36 34 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 75 6d 61 63 2d 31 32 38 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 32 2d 32 35 36 2c 68 6d 61 63 2d 73 68 61 32 2d 35 31 32 2c 68 6d 61 63 2d 73 68 61 31 00 00 00 d5 75 6d 61 63 2d 36 34 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 75 6d 61 63 2d 31 32 38 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 32 2d 32 35 36 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 32 2d 35 31 32 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 31 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 75 6d 61 63 2d 36 34 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 75 6d 61 63 2d 31 32 38 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 32 2d 32 35 36 2c 68 6d 61 63 2d 73 68 61 32 2d 35 31 32 2c 68 6d 61 63 2d 73 68 61 31 00 00 00 15 6e 6f 6e 65 2c 7a 6c 69 62 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 00 00 00 15 6e 6f 6e 65 2c 7a 6c 69 62 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 00 00 00 00 00 00 00 00 00 00 00 00 00 
K_S: 
00 00 00 33 00 00 00 0b 73 73 68 2d 65 64 32 35 35 31 39 00 00 00 20 f6 08 01 2a e0 69 0d a4 09 db db ef 70 93 79 ab 10 ed f5 b0 f8 83 1d 3b 4c 81 a5 3c 4a fe 57 30 
E: 
00 00 01 00 3f 94 6e 9f 44 c6 0c 3e ac 78 c4 06 e7 37 ce ab 50 f2 a6 4e e5 72 a7 5f 0d 64 50 47 81 77 9c 3b df 8b e6 1a 73 0a e5 4e e2 15 9e cb 50 ab 3f f3 c0 61 12 75 0d 13 67 aa c0 f7 b2 d6 04 0d e7 fb 88 1b d8 0d be 67 da a6 bb fc 48 b7 fd 1a 91 5b 9d 7d aa 18 21 8b f1 07 6a 41 12 88 e9 da 39 a9 76 6b c3 c0 4a 38 67 9c 34 e6 60 1e 90 7e 9c 2d a1 ca fe 01 0d 05 70 53 19 d8 8d 4f ec a5 bd 14 84 c9 0f cb 8a 0c cf 12 a5 51 7b 29 c6 b8 7d de 44 a2 4d 20 01 b5 b7 54 97 ce 6e 6f 2d ce 3e 26 9f 24 82 95 fd 13 af 5c 79 df e5 b2 f8 dd 6c aa ac 95 e6 c4 fe 58 d9 09 91 f0 25 2e 65 82 59 b8 de 2c 49 e7 e8 3f 46 b3 33 91 02 aa 46 8a fb 58 bb 09 b1 fa 67 d5 b6 32 6c 71 66 a3 0a fb 92 52 f1 7e 0b d8 e3 d5 6a 69 ff 2c 13 f6 e2 a0 46 17 7c c3 44 21 20 5b 31 47 7c b6 2b d2 75 5d 90 a0 
F: 
00 00 01 00 19 35 18 1d 9c 70 62 0e 55 4d 5b 2b 8f e2 e1 18 5b 22 23 68 d4 d2 5a 12 04 68 e3 49 a5 6c a2 a4 dc ce 58 ff a0 80 90 59 9b ce 25 55 21 9b 8a 68 c7 f0 37 56 5c c4 4b 72 02 80 d2 7c 20 31 2f 6d 04 fb 43 a2 ea 0b c7 e6 aa 2a ef 94 77 9a 89 e0 64 97 80 64 e2 6b cd 67 aa 23 0f 8f 90 41 15 b3 26 fa b4 d7 b1 53 2e 42 30 e3 b4 40 ae 23 f2 94 36 93 10 10 fb 32 f3 3c 49 25 3f 80 e2 44 00 dc 95 f4 9d fb 27 8f 24 3b 18 dc 2a 83 59 f2 31 8d 05 4a 3d 0c 40 f5 be 88 d7 c4 7c 1d 0a 3b 6c 11 8b f1 04 a0 66 a8 e2 17 f6 5c 94 0c 90 04 78 39 89 7e 4a 65 69 db d2 db 3e 59 85 62 a0 a8 b4 46 3b 31 00 ca 8b b9 9e 32 49 2d c5 b6 f9 19 c4 ca f7 ff bb 5b c5 1f 3d 99 0a cd f8 6f 3f 89 d3 af 5f fb 10 98 76 28 a1 6c a6 f5 fa 75 53 1f 44 ee 9c 71 a8 ab 53 ea 57 89 bc 56 5d 8e d6 d7 b2 f0 
K: 
00 00 01 00 59 e4 b4 05 4d 6a 0d 69 76 a2 57 66 8b 05 24 cf 99 cd a2 8c 2b b6 52 75 8c 0c 52 bc 0b 68 d7 18 a1 3a 15 3e 19 46 75 d6 27 27 38 fd ae c7 4a 15 ec 40 20 6b d9 e6 c4 80 01 2b d5 84 10 e5 72 1d 45 7e 66 9a 9b 13 e0 52 fb c5 e8 c5 14 82 48 4d 52 f4 1c e5 b1 81 06 eb fb a4 3e 0e c8 1f 5d 92 70 92 8a cb 73 f4 1f 4c a8 34 c6 7e 76 7d 6f 9f d3 13 fd 12 bd 2e 95 d7 bb 08 c7 fc 63 00 9a dd 5d 52 2c fb f8 30 e5 8f 8b 92 72 da 16 e6 b0 89 31 56 fc 61 a9 d6 29 5a 68 d1 af 7f 06 4d e4 54 f3 0a 4e 2a fa 7a cb 67 dc 74 e9 17 48 bd a2 8d 37 4b ce 04 11 5c e9 b2 e0 7c 3e 89 eb e5 2f ba f7 a2 1e 69 bf 4b 3c cc 6d 07 5a a8 28 c3 2f fe e8 dd 82 c7 f4 06 91 f2 b2 7f 32 bf c9 15 9b 2a d8 26 7b 62 ed fe fc 50 dd b7 68 5c 80 82 ac a6 de e2 bc e6 70 a4 3a 49 4d 24 a9 e1 9e 39 f8 bc 
HASHED MESSAGE:
0b 89 fe 62 3b fc da e2 78 41 31 25 5f e9 fc 44 2f 57 90 17 05 73 3d 96 45 ad db 98 1a ab 6d 7e 
Error: Server's signature verification failed

值得注意的是,我在这里打印的 K 与服务器派生的 K 不匹配。

我的实施中有什么明显错误的地方吗?

我是否应该放弃使用较新的 EVP API,转而使用 openSSH 中的 kexdh.c 文件中使用的旧版本,因为该版本正在工作(我专门查看 kex_dh_compute_key

 函数)?

如果我错过了任何相关代码,

这是我的 client.c 文件

任何有关使我的代码更清晰/更好地使用 OSSL 函数的建议也将不胜感激。预先感谢。

c ssh openssl openssh diffie-hellman
1个回答
0
投票
问题是我没有在交换消息中包含最后 8 个字节,因为我将消息交换长度设置为 8 个字节太短。我为调试添加的打印输出看起来是正确的,因为我使用的是单个元素的长度,但我为服务器验证而散列的消息实际上缺少最后 8 个字节。

© www.soinside.com 2019 - 2024. All rights reserved.