Subject: peculiar ssh stuttering
To: None <tech-crypto@netbsd.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-crypto
Date: 05/30/2005 05:55:38
I've been working on my own ssh implementation for a while now, as
those of you also on the ietf-ssh list may remember.

This would be neither here nor there for this list, except that one of
the machines I've been using for my basic interop testing is a
NetBSD/sparc 2.0 box.  Everything's been fine in the past, but today I
added the aes* modes, and I promptly ran into a very peculiar problem.

The version string from the peer sshd in question is
"SSH-1.99-OpenSSH_3.6.1 NetBSD_Secure_Shell-20030917"; it's a vanilla
2.0 sshd.  When I tell my ssh client to offer only aes128-cbc for
encryption, it goes into a peculiar livelock failure mode.  Key
exchange completes, apparently normally.  Then it goes through the
usual startup mechanisms, which run normally until it comes time to
authenticate.

I see my client sending a USERAUTH_REQUEST packet with a method name of
"publickey", my public key in it, and no signature.  I get back a
USERAUTH_PK_OK packet.  I then compute an authentication signature and
send another USERAUTH_REQUEST, this time containing the signature.
This provokes another PK_OK packet, to which I reply with another
signature-bearing USERAUTH_REQUEST.  These last two packets repeat
until I get fed up and kill the process manually (well, I haven't
waited forever, but I do have traces showing over 25 REQUEST/PK_OK
pairs exchanged).

The bizarre part is that if I use, say, 3des-cbc, or blowfish-cbc,
everything works fine, even against the same running master sshd
process.  Yet obviously my aes128-cbc implementation basically works or
I'd be getting garbaged packets and/or MAC failures instead of
correctly formatted, syntactically reasonable packets that are un-sane
at the conceptual level.  And I don't think it's some weird mistake in
my crypto duplicating input packets, because I see a half-dozen
encrypted packets exchanged without apparent problem before it starts
repeating the REQUEST/PK_OK exchange.

Any ideas what could be happening here?

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B