Commit 0ba14241 authored by jan.koester's avatar jan.koester
Browse files

test

parent 267005e1
Loading
Loading
Loading
Loading
+53 −0
Original line number Diff line number Diff line
@@ -1654,6 +1654,9 @@ void netplus::ssl::handshake_after_accept(){
            if (ch.size() < 4) throwSSL(NetException::Error, "ClientHello too short");
            if (ch[0] != 0x01) throwSSL(NetException::Error, "Expected ClientHello");

            // ✅ CRITICAL: Save raw ClientHello bytes for transcript hash
            _clientHelloRawBytes = ch;

            auto readU16 = [&](size_t& p) -> uint16_t {
                if (p + 2 > ch.size()) throwSSL(NetException::Error, "parse underrun u16");
                uint16_t x = (uint16_t(ch[p]) << 8) | ch[p+1];
@@ -2480,14 +2483,22 @@ void netplus::ssl::handshake_after_accept(){
            return;

        case HsState::TLS13_SEND_SERVER_HELLO: {
            std::cerr << "[SSL] Entering TLS13_SEND_SERVER_HELLO state" << std::endl;
            std::cerr.flush();

            // Reset per-handshake shared secrets
            _x25519_shared.clear();
            _ecdhe_shared.clear();

            std::cerr << "[SSL] Cleared secrets, checking keyshares..." << std::endl;
            std::cerr.flush();

            bool use_x25519 = (_client_keyshare_x25519.size() == 32);
            bool use_p256   = (_client_keyshare_ecdhe.size() == 65);

            std::cerr << "[SSL] use_x25519=" << use_x25519 << " use_p256=" << use_p256 << std::endl;
            std::cerr.flush();

            if (!use_x25519 && !use_p256)
                throwSSL(NetException::Error, "TLS1.3 missing supported client key_share");

@@ -2553,11 +2564,19 @@ void netplus::ssl::handshake_after_accept(){
            _handshake_transcript.insert(_handshake_transcript.end(), hs.begin(), hs.end());

            // ✅ choose correct shared secret by group, not by "empty"
            std::cerr << "[SSL] About to derive handshake keys, group=" << (int)_selected_group 
                      << " x25519_shared.size=" << _x25519_shared.size()
                      << " ecdhe_shared.size=" << _ecdhe_shared.size() << std::endl;
            std::cerr.flush();
            
            if (_selected_group == 0x001d)
                _tls13_derive_handshake_keys(_x25519_shared);
            else
                _tls13_derive_handshake_keys(_ecdhe_shared);

            std::cerr << "[SSL] Handshake keys derived successfully" << std::endl;
            std::cerr.flush();

            // send plaintext ServerHello record
            std::vector<uint8_t> rec;
            rec.reserve(5 + hs.size());
@@ -2850,6 +2869,13 @@ void netplus::ssl::_tls13_derive_handshake_keys(const std::vector<uint8_t>& ecdh
    if (ecdhe_shared.size() != 32)
        throwSSL(NetException::Error, "TLS1.3: ECDHE shared secret wrong size");

    // ✅ DEBUG: Log ECDHE shared secret
    std::cerr << "[TLS] ECDHE shared secret (first 16 bytes): ";
    for (int i = 0; i < 16; i++)
        std::cerr << std::hex << std::setw(2) << std::setfill('0') << (int)ecdhe_shared[i];
    std::cerr << std::dec << std::endl;
    std::cerr.flush();

    std::vector<uint8_t> empty;

    // transcript hash(ClientHello || ServerHello)
@@ -2884,6 +2910,24 @@ void netplus::ssl::_tls13_derive_handshake_keys(const std::vector<uint8_t>& ecdh
    std::vector<uint8_t> s_key = _hkdf_expand_label(_tls13_s_hs_secret, "key", empty, 16);
    std::vector<uint8_t> s_iv  = _hkdf_expand_label(_tls13_s_hs_secret, "iv",  empty, 12);

    // ✅ DEBUG: Log the derived keys and IVs
    std::cerr << "[TLS] Derived keys - c_key: ";
    for (int i = 0; i < 8 && i < (int)c_key.size(); i++) 
        std::cerr << std::hex << std::setw(2) << std::setfill('0') << (int)c_key[i];
    std::cerr << "... s_key: ";
    for (int i = 0; i < 8 && i < (int)s_key.size(); i++) 
        std::cerr << std::hex << std::setw(2) << std::setfill('0') << (int)s_key[i];
    std::cerr << std::dec << std::endl;

    std::cerr << "[TLS] Derived IVs - c_iv: ";
    for (int i = 0; i < 12; i++) 
        std::cerr << std::hex << std::setw(2) << std::setfill('0') << (int)c_iv[i];
    std::cerr << " s_iv: ";
    for (int i = 0; i < 12; i++) 
        std::cerr << std::hex << std::setw(2) << std::setfill('0') << (int)s_iv[i];
    std::cerr << std::dec << std::endl;
    std::cerr.flush();

    // reset handshake record seq
    _tls13_hs_send_seq = 0;
    _tls13_hs_recv_seq = 0;
@@ -4397,6 +4441,15 @@ bool netplus::ssl::_tls13_recv_record(
    if (!aead)
        throwSSL(NetException::Error, "TLS1.3 recv: AEAD not initialized");

    // ✅ DEBUG: Log what we're about to decrypt
    std::cerr << "[TLS] _tls13_recv_record: recv seq=" << seq << " data_len=" << data_len 
              << " is_client=" << _is_client << " handshake_keys=" << handshake_keys << std::endl;
    std::cerr << "[TLS] IV (first 12 bytes): ";
    for (int i = 0; i < 12; i++)
        std::cerr << std::hex << std::setw(2) << std::setfill('0') << (int)iv[i];
    std::cerr << std::dec << std::endl;
    std::cerr.flush();

    const size_t ct_len = data_len - 16;
    const uint8_t* ct  = data;
    const uint8_t* tag = data + ct_len;