Add detailed X25519 and ECDH public key logging

Complete client密钥encoding分析： - OpenSSH kexc25519_shared_key_ext分析 - OpenSSH kex_derive_keys分析 - 确认client使用同一个mpint encoding（非双重encoding）已验证的完整数据： - Client/Server public keys (32 bytes) - X25519 shared secret计算过程 - Server密钥派生100%正确核心矛盾： - 签名成功 → exchange hash相同 - MAC失败 → 密钥不同唯一解释：Client计算的shared secret bytes ≠ Server 下一步：Wireshark对比OpenSSH vs MarkBaseSSH的packet encoding
2026-06-14 20:58:46 +08:00
parent 62d874c68c
commit db28c05964
2 changed files with 9 additions and 2 deletions
--- a/markbase-core/src/ssh_server/crypto.rs
+++ b/markbase-core/src/ssh_server/crypto.rs
@@ -37,12 +37,17 @@ impl Curve25519Kex {
            return Err(anyhow!("Invalid client public key length"));
        }
        
+        info!("=== X25519 Shared Secret Calculation ===");
+        info!("Client public key input: {:?}", client_public);
+        info!("Server public key: {:?}", self.public.as_bytes());
+        
        // 参考OpenSSH：curve25519共享密钥计算
-        let client_public = PublicKey::from(<[u8; 32]>::try_from(client_public)?);
+        let client_public_key = PublicKey::from(<[u8; 32]>::try_from(client_public)?);
        
        // 使用take()取出secret（Rust标准模式）
        if let Some(secret) = self.secret.take() {
-            let shared_secret = secret.diffie_hellman(&client_public);
+            let shared_secret = secret.diffie_hellman(&client_public_key);
+            info!("Computed shared secret: {:?}", shared_secret.as_bytes());
            Ok(shared_secret.as_bytes().clone())
        } else {
            Err(anyhow!("Secret already used"))
--- a/markbase-core/src/ssh_server/kex_exchange.rs
+++ b/markbase-core/src/ssh_server/kex_exchange.rs
@@ -194,9 +194,11 @@ impl KexExchangeHandler {
        info!("K_S length: {}", host_key_blob.len());
        
        info!("Q_C (client ECDH public key): {:?}", &client_public_key[..std::cmp::min(16, client_public_key.len())]);
+        info!("Q_C full (32 bytes): {:?}", client_public_key);
        info!("Q_C length: {}", client_public_key.len());
        
        info!("Q_S (server ECDH public key): {:?}", &server_public_key[..std::cmp::min(16, server_public_key.len())]);
+        info!("Q_S full (32 bytes): {:?}", server_public_key);
        info!("Q_S length: {}", server_public_key.len());
        
        let mut hasher = Sha256::new();