Loading src/ssl.cpp +53 −0 Original line number Diff line number Diff line Loading @@ -1654,6 +1654,9 @@ void netplus::ssl::handshake_after_accept(){ if (ch.size() < 4) throwSSL(NetException::Error, "ClientHello too short"); if (ch[0] != 0x01) throwSSL(NetException::Error, "Expected ClientHello"); // ✅ CRITICAL: Save raw ClientHello bytes for transcript hash _clientHelloRawBytes = ch; auto readU16 = [&](size_t& p) -> uint16_t { if (p + 2 > ch.size()) throwSSL(NetException::Error, "parse underrun u16"); uint16_t x = (uint16_t(ch[p]) << 8) | ch[p+1]; Loading Loading @@ -2480,14 +2483,22 @@ void netplus::ssl::handshake_after_accept(){ return; case HsState::TLS13_SEND_SERVER_HELLO: { std::cerr << "[SSL] Entering TLS13_SEND_SERVER_HELLO state" << std::endl; std::cerr.flush(); // Reset per-handshake shared secrets _x25519_shared.clear(); _ecdhe_shared.clear(); std::cerr << "[SSL] Cleared secrets, checking keyshares..." << std::endl; std::cerr.flush(); bool use_x25519 = (_client_keyshare_x25519.size() == 32); bool use_p256 = (_client_keyshare_ecdhe.size() == 65); std::cerr << "[SSL] use_x25519=" << use_x25519 << " use_p256=" << use_p256 << std::endl; std::cerr.flush(); if (!use_x25519 && !use_p256) throwSSL(NetException::Error, "TLS1.3 missing supported client key_share"); Loading Loading @@ -2553,11 +2564,19 @@ void netplus::ssl::handshake_after_accept(){ _handshake_transcript.insert(_handshake_transcript.end(), hs.begin(), hs.end()); // ✅ choose correct shared secret by group, not by "empty" std::cerr << "[SSL] About to derive handshake keys, group=" << (int)_selected_group << " x25519_shared.size=" << _x25519_shared.size() << " ecdhe_shared.size=" << _ecdhe_shared.size() << std::endl; std::cerr.flush(); if (_selected_group == 0x001d) _tls13_derive_handshake_keys(_x25519_shared); else _tls13_derive_handshake_keys(_ecdhe_shared); std::cerr << "[SSL] Handshake keys derived successfully" << std::endl; std::cerr.flush(); // send plaintext ServerHello record std::vector<uint8_t> rec; rec.reserve(5 + hs.size()); Loading Loading @@ -2850,6 +2869,13 @@ void netplus::ssl::_tls13_derive_handshake_keys(const std::vector<uint8_t>& ecdh if (ecdhe_shared.size() != 32) throwSSL(NetException::Error, "TLS1.3: ECDHE shared secret wrong size"); // ✅ DEBUG: Log ECDHE shared secret std::cerr << "[TLS] ECDHE shared secret (first 16 bytes): "; for (int i = 0; i < 16; i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << (int)ecdhe_shared[i]; std::cerr << std::dec << std::endl; std::cerr.flush(); std::vector<uint8_t> empty; // transcript hash(ClientHello || ServerHello) Loading Loading @@ -2884,6 +2910,24 @@ void netplus::ssl::_tls13_derive_handshake_keys(const std::vector<uint8_t>& ecdh std::vector<uint8_t> s_key = _hkdf_expand_label(_tls13_s_hs_secret, "key", empty, 16); std::vector<uint8_t> s_iv = _hkdf_expand_label(_tls13_s_hs_secret, "iv", empty, 12); // ✅ DEBUG: Log the derived keys and IVs std::cerr << "[TLS] Derived keys - c_key: "; for (int i = 0; i < 8 && i < (int)c_key.size(); i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << (int)c_key[i]; std::cerr << "... s_key: "; for (int i = 0; i < 8 && i < (int)s_key.size(); i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << (int)s_key[i]; std::cerr << std::dec << std::endl; std::cerr << "[TLS] Derived IVs - c_iv: "; for (int i = 0; i < 12; i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << (int)c_iv[i]; std::cerr << " s_iv: "; for (int i = 0; i < 12; i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << (int)s_iv[i]; std::cerr << std::dec << std::endl; std::cerr.flush(); // reset handshake record seq _tls13_hs_send_seq = 0; _tls13_hs_recv_seq = 0; Loading Loading @@ -4397,6 +4441,15 @@ bool netplus::ssl::_tls13_recv_record( if (!aead) throwSSL(NetException::Error, "TLS1.3 recv: AEAD not initialized"); // ✅ DEBUG: Log what we're about to decrypt std::cerr << "[TLS] _tls13_recv_record: recv seq=" << seq << " data_len=" << data_len << " is_client=" << _is_client << " handshake_keys=" << handshake_keys << std::endl; std::cerr << "[TLS] IV (first 12 bytes): "; for (int i = 0; i < 12; i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << (int)iv[i]; std::cerr << std::dec << std::endl; std::cerr.flush(); const size_t ct_len = data_len - 16; const uint8_t* ct = data; const uint8_t* tag = data + ct_len; Loading Loading
src/ssl.cpp +53 −0 Original line number Diff line number Diff line Loading @@ -1654,6 +1654,9 @@ void netplus::ssl::handshake_after_accept(){ if (ch.size() < 4) throwSSL(NetException::Error, "ClientHello too short"); if (ch[0] != 0x01) throwSSL(NetException::Error, "Expected ClientHello"); // ✅ CRITICAL: Save raw ClientHello bytes for transcript hash _clientHelloRawBytes = ch; auto readU16 = [&](size_t& p) -> uint16_t { if (p + 2 > ch.size()) throwSSL(NetException::Error, "parse underrun u16"); uint16_t x = (uint16_t(ch[p]) << 8) | ch[p+1]; Loading Loading @@ -2480,14 +2483,22 @@ void netplus::ssl::handshake_after_accept(){ return; case HsState::TLS13_SEND_SERVER_HELLO: { std::cerr << "[SSL] Entering TLS13_SEND_SERVER_HELLO state" << std::endl; std::cerr.flush(); // Reset per-handshake shared secrets _x25519_shared.clear(); _ecdhe_shared.clear(); std::cerr << "[SSL] Cleared secrets, checking keyshares..." << std::endl; std::cerr.flush(); bool use_x25519 = (_client_keyshare_x25519.size() == 32); bool use_p256 = (_client_keyshare_ecdhe.size() == 65); std::cerr << "[SSL] use_x25519=" << use_x25519 << " use_p256=" << use_p256 << std::endl; std::cerr.flush(); if (!use_x25519 && !use_p256) throwSSL(NetException::Error, "TLS1.3 missing supported client key_share"); Loading Loading @@ -2553,11 +2564,19 @@ void netplus::ssl::handshake_after_accept(){ _handshake_transcript.insert(_handshake_transcript.end(), hs.begin(), hs.end()); // ✅ choose correct shared secret by group, not by "empty" std::cerr << "[SSL] About to derive handshake keys, group=" << (int)_selected_group << " x25519_shared.size=" << _x25519_shared.size() << " ecdhe_shared.size=" << _ecdhe_shared.size() << std::endl; std::cerr.flush(); if (_selected_group == 0x001d) _tls13_derive_handshake_keys(_x25519_shared); else _tls13_derive_handshake_keys(_ecdhe_shared); std::cerr << "[SSL] Handshake keys derived successfully" << std::endl; std::cerr.flush(); // send plaintext ServerHello record std::vector<uint8_t> rec; rec.reserve(5 + hs.size()); Loading Loading @@ -2850,6 +2869,13 @@ void netplus::ssl::_tls13_derive_handshake_keys(const std::vector<uint8_t>& ecdh if (ecdhe_shared.size() != 32) throwSSL(NetException::Error, "TLS1.3: ECDHE shared secret wrong size"); // ✅ DEBUG: Log ECDHE shared secret std::cerr << "[TLS] ECDHE shared secret (first 16 bytes): "; for (int i = 0; i < 16; i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << (int)ecdhe_shared[i]; std::cerr << std::dec << std::endl; std::cerr.flush(); std::vector<uint8_t> empty; // transcript hash(ClientHello || ServerHello) Loading Loading @@ -2884,6 +2910,24 @@ void netplus::ssl::_tls13_derive_handshake_keys(const std::vector<uint8_t>& ecdh std::vector<uint8_t> s_key = _hkdf_expand_label(_tls13_s_hs_secret, "key", empty, 16); std::vector<uint8_t> s_iv = _hkdf_expand_label(_tls13_s_hs_secret, "iv", empty, 12); // ✅ DEBUG: Log the derived keys and IVs std::cerr << "[TLS] Derived keys - c_key: "; for (int i = 0; i < 8 && i < (int)c_key.size(); i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << (int)c_key[i]; std::cerr << "... s_key: "; for (int i = 0; i < 8 && i < (int)s_key.size(); i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << (int)s_key[i]; std::cerr << std::dec << std::endl; std::cerr << "[TLS] Derived IVs - c_iv: "; for (int i = 0; i < 12; i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << (int)c_iv[i]; std::cerr << " s_iv: "; for (int i = 0; i < 12; i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << (int)s_iv[i]; std::cerr << std::dec << std::endl; std::cerr.flush(); // reset handshake record seq _tls13_hs_send_seq = 0; _tls13_hs_recv_seq = 0; Loading Loading @@ -4397,6 +4441,15 @@ bool netplus::ssl::_tls13_recv_record( if (!aead) throwSSL(NetException::Error, "TLS1.3 recv: AEAD not initialized"); // ✅ DEBUG: Log what we're about to decrypt std::cerr << "[TLS] _tls13_recv_record: recv seq=" << seq << " data_len=" << data_len << " is_client=" << _is_client << " handshake_keys=" << handshake_keys << std::endl; std::cerr << "[TLS] IV (first 12 bytes): "; for (int i = 0; i < 12; i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << (int)iv[i]; std::cerr << std::dec << std::endl; std::cerr.flush(); const size_t ct_len = data_len - 16; const uint8_t* ct = data; const uint8_t* tag = data + ct_len; Loading