Loading src/ssl.cpp +0 −49 Original line number Diff line number Diff line Loading @@ -763,10 +763,6 @@ void netplus::ssl::_sendHandshake(uint8_t type, const std::vector<uint8_t>& data handshake.push_back(data.size() & 0xFF); handshake.insert(handshake.end(), data.begin(), data.end()); std::cerr << "[TRANSCRIPT] _sendHandshake type=0x" << std::hex << int(type) << std::dec << " adding " << handshake.size() << " bytes, transcript was " << csock->_handshake_transcript.size() << "\n"; // IMPORTANT: Add the Handshake Layer to the transcript for Finished verification csock->_handshake_transcript.insert(csock->_handshake_transcript.end(), handshake.begin(), handshake.end()); Loading Loading @@ -1025,10 +1021,6 @@ std::vector<uint8_t> netplus::ssl::_fetchNextHandshakePlain() _rx_handshake_buf.erase(_rx_handshake_buf.begin(), _rx_handshake_buf.begin() + 4 + len); std::cerr << "[TRANSCRIPT] _fetchNextHandshakePlain type=0x" << std::hex << int(msg[0]) << std::dec << " adding " << msg.size() << " bytes, transcript was " << _handshake_transcript.size() << "\n"; // transcript: handshake messages only _handshake_transcript.insert(_handshake_transcript.end(), msg.begin(), msg.end()); Loading Loading @@ -1279,15 +1271,6 @@ std::vector<uint8_t> netplus::ssl::_tls13_read_record_handshake() uint64_t seq_used = _tls13_hs_recv_seq++; tls13_make_nonce(nonce, recv_iv, seq_used); std::cerr << "[RECV-HS] _is_client=" << _is_client << " seq=" << seq_used << "\n"; std::cerr << "[RECV-HS] recv_iv: "; for(int i=0;i<12;i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(recv_iv[i]); std::cerr << std::dec << "\n"; std::cerr << "[RECV-HS] nonce: "; for(int i=0;i<12;i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(nonce[i]); std::cerr << std::dec << "\n"; std::cerr << "[RECV-HS] ct_len=" << ct_len << " data_len=" << data_len << "\n"; // AAD = outer header with length=data_len uint8_t aad[5]; aad[0] = 0x17; Loading Loading @@ -2433,9 +2416,6 @@ void netplus::ssl::handshake_after_accept(){ server_pub ); std::cerr << "[TRANSCRIPT] Server adding ServerHello " << hs.size() << " bytes, transcript was " << _handshake_transcript.size() << "\n"; // transcript includes plaintext SH _handshake_transcript.insert(_handshake_transcript.end(), hs.begin(), hs.end()); Loading Loading @@ -2687,14 +2667,6 @@ void netplus::ssl::_tls13_derive_handshake_keys(const std::vector<uint8_t>& ecdh if (th.size() != 32) throwSSL(NetException::Error, "TLS1.3: transcript hash wrong size"); std::cerr << "[DERIVE-HS] ecdhe_shared: "; for(auto b : ecdhe_shared) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(b); std::cerr << std::dec << "\n"; std::cerr << "[DERIVE-HS] transcript_len=" << _handshake_transcript.size() << "\n"; std::cerr << "[DERIVE-HS] transcript_hash: "; for(auto b : th) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(b); std::cerr << std::dec << "\n"; std::vector<uint8_t> zeros(32, 0x00); // SHA-256 hash of empty string - needed for "derived" context per RFC 8446 Loading Loading @@ -2722,12 +2694,6 @@ void netplus::ssl::_tls13_derive_handshake_keys(const std::vector<uint8_t>& ecdh std::vector<uint8_t> s_key = _hkdf_expand_label(_tls13_s_hs_secret, "key", empty, 16); std::vector<uint8_t> s_iv = _hkdf_expand_label(_tls13_s_hs_secret, "iv", empty, 12); std::cerr << "[DERIVE-HS] _is_client=" << _is_client << "\n"; std::cerr << "[DERIVE-HS] c_key: "; for(auto b:c_key) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(b); std::cerr << "\n"; std::cerr << "[DERIVE-HS] c_iv: "; for(auto b:c_iv) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(b); std::cerr << "\n"; std::cerr << "[DERIVE-HS] s_key: "; for(auto b:s_key) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(b); std::cerr << "\n"; std::cerr << "[DERIVE-HS] s_iv: "; for(auto b:s_iv) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(b); std::cerr << std::dec << "\n"; // reset handshake record seq _tls13_hs_send_seq = 0; _tls13_hs_recv_seq = 0; Loading Loading @@ -2975,13 +2941,6 @@ void netplus::ssl::handshake_after_connect(){ const uint8_t* p = sh.data(); size_t n = sh.size(); std::cerr << "[CLI-SH] ServerHello size=" << n << " type=0x" << std::hex << (n>0?int(p[0]):-1) << std::dec << "\n"; if (n >= 5) { std::cerr << "[CLI-SH] first 5 bytes: "; for(size_t i=0;i<5;i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(p[i]) << " "; std::cerr << std::dec << "\n"; } if (n < 4 + 2 + 32 + 1 + 2 + 1) { NetException e; e[NetException::Error] << "ServerHello too short"; Loading Loading @@ -3885,14 +3844,6 @@ void netplus::ssl::_tls13_send_record(uint8_t inner_type, s >>= 8; } std::cerr << "[SEND-REC] _is_client=" << _is_client << " hs_keys=" << handshake_keys << " seq=" << seq << "\n"; std::cerr << "[SEND-REC] base_iv: "; for(int i=0;i<12;i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(base_iv[i]); std::cerr << std::dec << "\n"; std::cerr << "[SEND-REC] nonce: "; for(int i=0;i<12;i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(nonce[i]); std::cerr << std::dec << "\n"; // ------------------------------------------------------------ // Outer TLSCiphertext header (this is the AEAD AAD) // Protected record always has outer content type 0x17 Loading Loading
src/ssl.cpp +0 −49 Original line number Diff line number Diff line Loading @@ -763,10 +763,6 @@ void netplus::ssl::_sendHandshake(uint8_t type, const std::vector<uint8_t>& data handshake.push_back(data.size() & 0xFF); handshake.insert(handshake.end(), data.begin(), data.end()); std::cerr << "[TRANSCRIPT] _sendHandshake type=0x" << std::hex << int(type) << std::dec << " adding " << handshake.size() << " bytes, transcript was " << csock->_handshake_transcript.size() << "\n"; // IMPORTANT: Add the Handshake Layer to the transcript for Finished verification csock->_handshake_transcript.insert(csock->_handshake_transcript.end(), handshake.begin(), handshake.end()); Loading Loading @@ -1025,10 +1021,6 @@ std::vector<uint8_t> netplus::ssl::_fetchNextHandshakePlain() _rx_handshake_buf.erase(_rx_handshake_buf.begin(), _rx_handshake_buf.begin() + 4 + len); std::cerr << "[TRANSCRIPT] _fetchNextHandshakePlain type=0x" << std::hex << int(msg[0]) << std::dec << " adding " << msg.size() << " bytes, transcript was " << _handshake_transcript.size() << "\n"; // transcript: handshake messages only _handshake_transcript.insert(_handshake_transcript.end(), msg.begin(), msg.end()); Loading Loading @@ -1279,15 +1271,6 @@ std::vector<uint8_t> netplus::ssl::_tls13_read_record_handshake() uint64_t seq_used = _tls13_hs_recv_seq++; tls13_make_nonce(nonce, recv_iv, seq_used); std::cerr << "[RECV-HS] _is_client=" << _is_client << " seq=" << seq_used << "\n"; std::cerr << "[RECV-HS] recv_iv: "; for(int i=0;i<12;i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(recv_iv[i]); std::cerr << std::dec << "\n"; std::cerr << "[RECV-HS] nonce: "; for(int i=0;i<12;i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(nonce[i]); std::cerr << std::dec << "\n"; std::cerr << "[RECV-HS] ct_len=" << ct_len << " data_len=" << data_len << "\n"; // AAD = outer header with length=data_len uint8_t aad[5]; aad[0] = 0x17; Loading Loading @@ -2433,9 +2416,6 @@ void netplus::ssl::handshake_after_accept(){ server_pub ); std::cerr << "[TRANSCRIPT] Server adding ServerHello " << hs.size() << " bytes, transcript was " << _handshake_transcript.size() << "\n"; // transcript includes plaintext SH _handshake_transcript.insert(_handshake_transcript.end(), hs.begin(), hs.end()); Loading Loading @@ -2687,14 +2667,6 @@ void netplus::ssl::_tls13_derive_handshake_keys(const std::vector<uint8_t>& ecdh if (th.size() != 32) throwSSL(NetException::Error, "TLS1.3: transcript hash wrong size"); std::cerr << "[DERIVE-HS] ecdhe_shared: "; for(auto b : ecdhe_shared) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(b); std::cerr << std::dec << "\n"; std::cerr << "[DERIVE-HS] transcript_len=" << _handshake_transcript.size() << "\n"; std::cerr << "[DERIVE-HS] transcript_hash: "; for(auto b : th) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(b); std::cerr << std::dec << "\n"; std::vector<uint8_t> zeros(32, 0x00); // SHA-256 hash of empty string - needed for "derived" context per RFC 8446 Loading Loading @@ -2722,12 +2694,6 @@ void netplus::ssl::_tls13_derive_handshake_keys(const std::vector<uint8_t>& ecdh std::vector<uint8_t> s_key = _hkdf_expand_label(_tls13_s_hs_secret, "key", empty, 16); std::vector<uint8_t> s_iv = _hkdf_expand_label(_tls13_s_hs_secret, "iv", empty, 12); std::cerr << "[DERIVE-HS] _is_client=" << _is_client << "\n"; std::cerr << "[DERIVE-HS] c_key: "; for(auto b:c_key) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(b); std::cerr << "\n"; std::cerr << "[DERIVE-HS] c_iv: "; for(auto b:c_iv) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(b); std::cerr << "\n"; std::cerr << "[DERIVE-HS] s_key: "; for(auto b:s_key) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(b); std::cerr << "\n"; std::cerr << "[DERIVE-HS] s_iv: "; for(auto b:s_iv) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(b); std::cerr << std::dec << "\n"; // reset handshake record seq _tls13_hs_send_seq = 0; _tls13_hs_recv_seq = 0; Loading Loading @@ -2975,13 +2941,6 @@ void netplus::ssl::handshake_after_connect(){ const uint8_t* p = sh.data(); size_t n = sh.size(); std::cerr << "[CLI-SH] ServerHello size=" << n << " type=0x" << std::hex << (n>0?int(p[0]):-1) << std::dec << "\n"; if (n >= 5) { std::cerr << "[CLI-SH] first 5 bytes: "; for(size_t i=0;i<5;i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(p[i]) << " "; std::cerr << std::dec << "\n"; } if (n < 4 + 2 + 32 + 1 + 2 + 1) { NetException e; e[NetException::Error] << "ServerHello too short"; Loading Loading @@ -3885,14 +3844,6 @@ void netplus::ssl::_tls13_send_record(uint8_t inner_type, s >>= 8; } std::cerr << "[SEND-REC] _is_client=" << _is_client << " hs_keys=" << handshake_keys << " seq=" << seq << "\n"; std::cerr << "[SEND-REC] base_iv: "; for(int i=0;i<12;i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(base_iv[i]); std::cerr << std::dec << "\n"; std::cerr << "[SEND-REC] nonce: "; for(int i=0;i<12;i++) std::cerr << std::hex << std::setw(2) << std::setfill('0') << int(nonce[i]); std::cerr << std::dec << "\n"; // ------------------------------------------------------------ // Outer TLSCiphertext header (this is the AEAD AAD) // Protected record always has outer content type 0x17 Loading