From db28c05964bd96cb8fdebd0d1d793c627bde03eb Mon Sep 17 00:00:00 2001
From: Warren <warren@momentry.ddns.net>
Date: Sun, 14 Jun 2026 20:58:46 +0800
Subject: [PATCH] Add detailed X25519 and ECDH public key logging
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Complete client密钥encoding分析：
- OpenSSH kexc25519_shared_key_ext分析
- OpenSSH kex_derive_keys分析
- 确认client使用同一个mpint encoding（非双重encoding）

已验证的完整数据：
- Client/Server public keys (32 bytes)
- X25519 shared secret计算过程
- Server密钥派生100%正确

核心矛盾：
- 签名成功 → exchange hash相同
- MAC失败 → 密钥不同

唯一解释：Client计算的shared secret bytes ≠ Server

下一步：Wireshark对比OpenSSH vs MarkBaseSSH的packet encoding
---
 markbase-core/src/ssh_server/crypto.rs       | 9 +++++++--
 markbase-core/src/ssh_server/kex_exchange.rs | 2 ++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/markbase-core/src/ssh_server/crypto.rs b/markbase-core/src/ssh_server/crypto.rs
index e8ea75d..f03a6a0 100644
--- a/markbase-core/src/ssh_server/crypto.rs
+++ b/markbase-core/src/ssh_server/crypto.rs
@@ -37,12 +37,17 @@ impl Curve25519Kex {
             return Err(anyhow!("Invalid client public key length"));
         }
         
+        info!("=== X25519 Shared Secret Calculation ===");
+        info!("Client public key input: {:?}", client_public);
+        info!("Server public key: {:?}", self.public.as_bytes());
+        
         // 参考OpenSSH：curve25519共享密钥计算
-        let client_public = PublicKey::from(<[u8; 32]>::try_from(client_public)?);
+        let client_public_key = PublicKey::from(<[u8; 32]>::try_from(client_public)?);
         
         // 使用take()取出secret（Rust标准模式）
         if let Some(secret) = self.secret.take() {
-            let shared_secret = secret.diffie_hellman(&client_public);
+            let shared_secret = secret.diffie_hellman(&client_public_key);
+            info!("Computed shared secret: {:?}", shared_secret.as_bytes());
             Ok(shared_secret.as_bytes().clone())
         } else {
             Err(anyhow!("Secret already used"))
diff --git a/markbase-core/src/ssh_server/kex_exchange.rs b/markbase-core/src/ssh_server/kex_exchange.rs
index f182287..cd06187 100644
--- a/markbase-core/src/ssh_server/kex_exchange.rs
+++ b/markbase-core/src/ssh_server/kex_exchange.rs
@@ -194,9 +194,11 @@ impl KexExchangeHandler {
         info!("K_S length: {}", host_key_blob.len());
         
         info!("Q_C (client ECDH public key): {:?}", &client_public_key[..std::cmp::min(16, client_public_key.len())]);
+        info!("Q_C full (32 bytes): {:?}", client_public_key);
         info!("Q_C length: {}", client_public_key.len());
         
         info!("Q_S (server ECDH public key): {:?}", &server_public_key[..std::cmp::min(16, server_public_key.len())]);
+        info!("Q_S full (32 bytes): {:?}", server_public_key);
         info!("Q_S length: {}", server_public_key.len());
         
         let mut hasher = Sha256::new();