Revert X25519 byte reversal: OpenSSH doesn't reverse bytes

Browse Source

Key findings:
1. RFC 8731 says 'reinterpret as big-endian' = logical interpretation
2. OpenSSH sshbuf_put_bignum2_bytes() uses little-endian bytes directly
3. With reversal: signature verification fails
4. Without reversal: signature accepted, MAC still fails

Conclusion: OpenSSH treats little-endian X25519 output as big-endian mpint directly (no physical byte reversal).

Remaining issue: MAC verification fails despite signature success.
Next: need to compare client vs server key derivation details.

...

This commit is contained in:

Warren

2026-06-14 20:16:46 +08:00

parent 76f707a31d

commit 81ae052f48

4 changed files with 68 additions and 29 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

BIN

data/auth.sqlite

Binary file not shown.