Commit 66835aa5 authored by jan.koester's avatar jan.koester
Browse files

test

parent 96f1a2b4
Loading
Loading
Loading
Loading
+0 −49
Original line number Diff line number Diff line
@@ -763,10 +763,6 @@ void netplus::ssl::_sendHandshake(uint8_t type, const std::vector<uint8_t>& data
    handshake.push_back(data.size() & 0xFF);
    handshake.insert(handshake.end(), data.begin(), data.end());

    std::cerr << "[TRANSCRIPT] _sendHandshake type=0x" << std::hex << int(type) << std::dec 
              << " adding " << handshake.size() << " bytes, transcript was " 
              << csock->_handshake_transcript.size() << "\n";

    // IMPORTANT: Add the Handshake Layer to the transcript for Finished verification
    csock->_handshake_transcript.insert(csock->_handshake_transcript.end(),
                                    handshake.begin(), handshake.end());
@@ -1025,10 +1021,6 @@ std::vector<uint8_t> netplus::ssl::_fetchNextHandshakePlain()
                _rx_handshake_buf.erase(_rx_handshake_buf.begin(),
                                        _rx_handshake_buf.begin() + 4 + len);

                std::cerr << "[TRANSCRIPT] _fetchNextHandshakePlain type=0x" << std::hex << int(msg[0]) << std::dec
                          << " adding " << msg.size() << " bytes, transcript was "
                          << _handshake_transcript.size() << "\n";

                // transcript: handshake messages only
                _handshake_transcript.insert(_handshake_transcript.end(),
                                             msg.begin(), msg.end());
@@ -1279,15 +1271,6 @@ std::vector<uint8_t> netplus::ssl::_tls13_read_record_handshake()
    uint64_t seq_used = _tls13_hs_recv_seq++;
    tls13_make_nonce(nonce, recv_iv, seq_used);

    std::cerr << "[RECV-HS] _is_client=" << _is_client << " seq=" << seq_used << "\n";
    std::cerr << "[RECV-HS] recv_iv: ";
    for(int i=0;i<12;i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(recv_iv[i]);
    std::cerr << std::dec << "\n";
    std::cerr << "[RECV-HS] nonce:   ";
    for(int i=0;i<12;i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(nonce[i]);
    std::cerr << std::dec << "\n";
    std::cerr << "[RECV-HS] ct_len=" << ct_len << " data_len=" << data_len << "\n";

    // AAD = outer header with length=data_len
    uint8_t aad[5];
    aad[0] = 0x17;
@@ -2433,9 +2416,6 @@ void netplus::ssl::handshake_after_accept(){
                server_pub
            );

            std::cerr << "[TRANSCRIPT] Server adding ServerHello " << hs.size() << " bytes, transcript was "
                      << _handshake_transcript.size() << "\n";

            // transcript includes plaintext SH
            _handshake_transcript.insert(_handshake_transcript.end(), hs.begin(), hs.end());

@@ -2687,14 +2667,6 @@ void netplus::ssl::_tls13_derive_handshake_keys(const std::vector<uint8_t>& ecdh
    if (th.size() != 32)
        throwSSL(NetException::Error, "TLS1.3: transcript hash wrong size");

    std::cerr << "[DERIVE-HS] ecdhe_shared: ";
    for(auto b : ecdhe_shared) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(b);
    std::cerr << std::dec << "\n";
    std::cerr << "[DERIVE-HS] transcript_len=" << _handshake_transcript.size() << "\n";
    std::cerr << "[DERIVE-HS] transcript_hash: ";
    for(auto b : th) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(b);
    std::cerr << std::dec << "\n";

    std::vector<uint8_t> zeros(32, 0x00);
    
    // SHA-256 hash of empty string - needed for "derived" context per RFC 8446
@@ -2722,12 +2694,6 @@ void netplus::ssl::_tls13_derive_handshake_keys(const std::vector<uint8_t>& ecdh
    std::vector<uint8_t> s_key = _hkdf_expand_label(_tls13_s_hs_secret, "key", empty, 16);
    std::vector<uint8_t> s_iv  = _hkdf_expand_label(_tls13_s_hs_secret, "iv",  empty, 12);

    std::cerr << "[DERIVE-HS] _is_client=" << _is_client << "\n";
    std::cerr << "[DERIVE-HS] c_key: "; for(auto b:c_key) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(b); std::cerr << "\n";
    std::cerr << "[DERIVE-HS] c_iv:  "; for(auto b:c_iv) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(b); std::cerr << "\n";
    std::cerr << "[DERIVE-HS] s_key: "; for(auto b:s_key) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(b); std::cerr << "\n";
    std::cerr << "[DERIVE-HS] s_iv:  "; for(auto b:s_iv) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(b); std::cerr << std::dec << "\n";

    // reset handshake record seq
    _tls13_hs_send_seq = 0;
    _tls13_hs_recv_seq = 0;
@@ -2975,13 +2941,6 @@ void netplus::ssl::handshake_after_connect(){
                const uint8_t* p = sh.data();
                size_t n = sh.size();

                std::cerr << "[CLI-SH] ServerHello size=" << n << " type=0x" << std::hex << (n>0?int(p[0]):-1) << std::dec << "\n";
                if (n >= 5) {
                    std::cerr << "[CLI-SH] first 5 bytes: ";
                    for(size_t i=0;i<5;i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(p[i]) << " ";
                    std::cerr << std::dec << "\n";
                }

                if (n < 4 + 2 + 32 + 1 + 2 + 1) {
                    NetException e;
                    e[NetException::Error] << "ServerHello too short";
@@ -3885,14 +3844,6 @@ void netplus::ssl::_tls13_send_record(uint8_t inner_type,
        s >>= 8;
    }

    std::cerr << "[SEND-REC] _is_client=" << _is_client << " hs_keys=" << handshake_keys << " seq=" << seq << "\n";
    std::cerr << "[SEND-REC] base_iv: ";
    for(int i=0;i<12;i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(base_iv[i]);
    std::cerr << std::dec << "\n";
    std::cerr << "[SEND-REC] nonce:   ";
    for(int i=0;i<12;i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(nonce[i]);
    std::cerr << std::dec << "\n";

    // ------------------------------------------------------------
    // Outer TLSCiphertext header (this is the AEAD AAD)
    // Protected record always has outer content type 0x17