Add comprehensive SSH key derivation logging

Enhanced crypto.rs to log all key derivation values: - exchange_hash, shared_secret_mpint - All derived keys (encryption, IV, MAC keys) - Helps diagnose 'Corrupted MAC' issue Packet analysis completed: - Captured full SSH handshake (4.6KB pcap) - All keys logged for comparison - OpenSSH client still rejects MAC Next step: Compare with OpenSSH server or use test vectors
2026-06-14 16:11:22 +08:00
parent fcde6c82ca
commit 506a9a0b80
1 changed files with 11 additions and 1 deletions
--- a/markbase-core/src/ssh_server/crypto.rs
+++ b/markbase-core/src/ssh_server/crypto.rs
@@ -75,8 +75,10 @@ impl SessionKeys {
        let session_id = exchange_hash.to_vec();
        
        info!("SessionKeys::derive() starting");
-        info!("  shared_secret ({} bytes): {:?}", shared_secret.len(), &shared_secret[..8]);
+        info!("  shared_secret ({} bytes): {:?}", shared_secret.len(), &shared_secret[..std::cmp::min(8, shared_secret.len())]);
        info!("  shared_secret[0] = {} (>=0x80? {})", shared_secret[0], shared_secret[0] >= 0x80);
+        info!("  exchange_hash (H, {} bytes): {:?}", exchange_hash.len(), &exchange_hash[..8]);
+        info!("  session_id ({} bytes): {:?}", session_id.len(), &session_id[..8]);
        
        // RFC 4253密钥派生公式：HASH(K || H || X || session_id)
        // 其中K是shared_secret（需要mpint格式）
@@ -92,6 +94,14 @@ impl SessionKeys {
        let iv_ctos = Self::derive_key_rfc4253(&shared_secret_mpint, exchange_hash, 'A', &session_id)?;
        let iv_stoc = Self::derive_key_rfc4253(&shared_secret_mpint, exchange_hash, 'B', &session_id)?;
        
+        info!("Derived keys summary:");
+        info!("  encryption_key_ctos ({} bytes): {:?}", encryption_key_ctos.len(), &encryption_key_ctos[..std::cmp::min(16, encryption_key_ctos.len())]);
+        info!("  encryption_key_stoc ({} bytes): {:?}", encryption_key_stoc.len(), &encryption_key_stoc[..std::cmp::min(16, encryption_key_stoc.len())]);
+        info!("  iv_ctos ({} bytes): {:?}", iv_ctos.len(), &iv_ctos[..std::cmp::min(16, iv_ctos.len())]);
+        info!("  iv_stoc ({} bytes): {:?}", iv_stoc.len(), &iv_stoc[..std::cmp::min(16, iv_stoc.len())]);
+        info!("  mac_key_ctos ({} bytes): {:?}", mac_key_ctos.len(), &mac_key_ctos[..std::cmp::min(16, mac_key_ctos.len())]);
+        info!("  mac_key_stoc ({} bytes): {:?}", mac_key_stoc.len(), &mac_key_stoc[..std::cmp::min(16, mac_key_stoc.len())]);
+        
        Ok(Self {
            session_id,
            encryption_key_ctos,