Add detailed X25519 and ECDH public key logging
Complete client密钥encoding分析: - OpenSSH kexc25519_shared_key_ext分析 - OpenSSH kex_derive_keys分析 - 确认client使用同一个mpint encoding(非双重encoding) 已验证的完整数据: - Client/Server public keys (32 bytes) - X25519 shared secret计算过程 - Server密钥派生100%正确 核心矛盾: - 签名成功 → exchange hash相同 - MAC失败 → 密钥不同 唯一解释:Client计算的shared secret bytes ≠ Server 下一步:Wireshark对比OpenSSH vs MarkBaseSSH的packet encoding
This commit is contained in:
Warren
@@ -37,12 +37,17 @@ impl Curve25519Kex {
|
|||||||
return Err(anyhow!("Invalid client public key length"));
|
return Err(anyhow!("Invalid client public key length"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
info!("=== X25519 Shared Secret Calculation ===");
|
||||||
|
info!("Client public key input: {:?}", client_public);
|
||||||
|
info!("Server public key: {:?}", self.public.as_bytes());
|
||||||
|
|
||||||
// 参考OpenSSH:curve25519共享密钥计算
|
// 参考OpenSSH:curve25519共享密钥计算
|
||||||
let client_public = PublicKey::from(<[u8; 32]>::try_from(client_public)?);
|
let client_public_key = PublicKey::from(<[u8; 32]>::try_from(client_public)?);
|
||||||
|
|
||||||
// 使用take()取出secret(Rust标准模式)
|
// 使用take()取出secret(Rust标准模式)
|
||||||
if let Some(secret) = self.secret.take() {
|
if let Some(secret) = self.secret.take() {
|
||||||
let shared_secret = secret.diffie_hellman(&client_public);
|
let shared_secret = secret.diffie_hellman(&client_public_key);
|
||||||
|
info!("Computed shared secret: {:?}", shared_secret.as_bytes());
|
||||||
Ok(shared_secret.as_bytes().clone())
|
Ok(shared_secret.as_bytes().clone())
|
||||||
} else {
|
} else {
|
||||||
Err(anyhow!("Secret already used"))
|
Err(anyhow!("Secret already used"))
|
||||||
|
|||||||
@@ -194,9 +194,11 @@ impl KexExchangeHandler {
|
|||||||
info!("K_S length: {}", host_key_blob.len());
|
info!("K_S length: {}", host_key_blob.len());
|
||||||
|
|
||||||
info!("Q_C (client ECDH public key): {:?}", &client_public_key[..std::cmp::min(16, client_public_key.len())]);
|
info!("Q_C (client ECDH public key): {:?}", &client_public_key[..std::cmp::min(16, client_public_key.len())]);
|
||||||
|
info!("Q_C full (32 bytes): {:?}", client_public_key);
|
||||||
info!("Q_C length: {}", client_public_key.len());
|
info!("Q_C length: {}", client_public_key.len());
|
||||||
|
|
||||||
info!("Q_S (server ECDH public key): {:?}", &server_public_key[..std::cmp::min(16, server_public_key.len())]);
|
info!("Q_S (server ECDH public key): {:?}", &server_public_key[..std::cmp::min(16, server_public_key.len())]);
|
||||||
|
info!("Q_S full (32 bytes): {:?}", server_public_key);
|
||||||
info!("Q_S length: {}", server_public_key.len());
|
info!("Q_S length: {}", server_public_key.len());
|
||||||
|
|
||||||
let mut hasher = Sha256::new();
|
let mut hasher = Sha256::new();
|
||||||
|
|||||||
Reference in New Issue
Block a user