81ae052f48
Key findings: 1. RFC 8731 says 'reinterpret as big-endian' = logical interpretation 2. OpenSSH sshbuf_put_bignum2_bytes() uses little-endian bytes directly 3. With reversal: signature verification fails 4. Without reversal: signature accepted, MAC still fails Conclusion: OpenSSH treats little-endian X25519 output as big-endian mpint directly (no physical byte reversal). Remaining issue: MAC verification fails despite signature success. Next: need to compare client vs server key derivation details.
72 KiB
72 KiB