diff --git a/Cargo.lock b/Cargo.lock index cceebe1..36d3259 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -17,16 +17,6 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" -[[package]] -name = "aead" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" -dependencies = [ - "crypto-common", - "generic-array", -] - [[package]] name = "aho-corasick" version = "1.1.3" @@ -113,19 +103,6 @@ dependencies = [ "cpufeatures", ] -[[package]] -name = "chacha20poly1305" -version = "0.10.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35" -dependencies = [ - "aead", - "chacha20", - "cipher", - "poly1305", - "zeroize", -] - [[package]] name = "cipher" version = "0.4.4" @@ -134,7 +111,6 @@ checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" dependencies = [ "crypto-common", "inout", - "zeroize", ] [[package]] @@ -159,7 +135,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" dependencies = [ "generic-array", - "rand_core", "typenum", ] @@ -692,10 +667,10 @@ name = "ssh-transport" version = "0.1.0" dependencies = [ "chacha20", - "chacha20poly1305", "ed25519-dalek", "eyre", "hex-literal", + "poly1305", "rand", "rand_core", "sha2", diff --git a/ssh-transport/Cargo.toml b/ssh-transport/Cargo.toml index 74302c3..c5fd7a9 100644 --- a/ssh-transport/Cargo.toml +++ b/ssh-transport/Cargo.toml @@ -5,9 +5,9 @@ edition = "2021" [dependencies] chacha20 = "0.9.1" -chacha20poly1305 = "0.10.1" ed25519-dalek = { version = "2.1.1" } eyre = "0.6.12" +poly1305 = "0.8.0" rand = "0.8.5" rand_core = "0.6.4" sha2 = "0.10.8" diff --git a/ssh-transport/src/keys.rs b/ssh-transport/src/keys.rs index 6f46bb3..021e5e1 100644 --- a/ssh-transport/src/keys.rs +++ b/ssh-transport/src/keys.rs @@ -1,4 +1,4 @@ -use chacha20poly1305::{ChaCha20Poly1305, KeyInit}; +use chacha20::cipher::{KeyInit, KeyIvInit, StreamCipher, StreamCipherSeek}; use sha2::Digest; use crate::Result; @@ -55,7 +55,8 @@ impl Decryptor for Session { } fn decrypt_packet(&mut self, bytes: &mut [u8], packet_number: u64) { - self.encryption_key_client_to_server.decrypt_packet(bytes, packet_number); + self.encryption_key_client_to_server + .decrypt_packet(bytes, packet_number); } fn rekey(&mut self, h: [u8; 32], k: [u8; 32]) -> Result<(), ()> { @@ -110,28 +111,39 @@ pub(crate) fn encode_mpint_for_hash(mut key: &[u8], mut add_to_hash: impl FnMut( type SshChaCha20 = chacha20::ChaCha20Legacy; struct SshChaCha20Poly1305 { - header_key: [u8; 32], - main: ChaCha20Poly1305, + header_key: chacha20::Key, + main_key: chacha20::Key, } impl SshChaCha20Poly1305 { fn new(key: [u8; 64]) -> Self { Self { - main: ChaCha20Poly1305::new(&<[u8; 32]>::try_from(&key[..32]).unwrap().into()), - header_key: key[32..].try_into().unwrap(), + main_key: <[u8; 32]>::try_from(&key[..32]).unwrap().into(), + header_key: <[u8; 32]>::try_from(&key[32..]).unwrap().into(), } } fn decrypt_len(&self, bytes: &mut [u8], packet_number: u64) { - use chacha20::cipher::{KeyIvInit, StreamCipher}; - // - let mut cipher = - SshChaCha20::new(&self.header_key.into(), &packet_number.to_be_bytes().into()); + let mut cipher = SshChaCha20::new(&self.header_key, &packet_number.to_be_bytes().into()); cipher.apply_keystream(bytes); } fn decrypt_packet(&mut self, bytes: &mut [u8], packet_number: u64) { + // + let mut cipher = SshChaCha20::new(&self.main_key, &packet_number.to_be_bytes().into()); + + let mut poly1305_key = [0; poly1305::KEY_SIZE]; + cipher.apply_keystream(&mut poly1305_key); + + let total_len = bytes.len(); + let payload = &mut bytes[..(total_len - 16)]; + + // TODO: Compute it over THE LENGTH AS WELL + let hash = poly1305::Poly1305::new(&poly1305_key.into()).compute_unpadded(payload); + + cipher.seek(1_u32); + todo!() } }