Loading .vscode/tasks.json +18 −0 Original line number Diff line number Diff line Loading @@ -29,6 +29,24 @@ "command": "package", "problemMatcher": [], "detail": "CMake template package task" }, { "type": "cmake", "label": "CMake: build", "command": "build", "targets": [ "all" ], "group": "build", "problemMatcher": [], "detail": "CMake template build task" }, { "type": "cmake", "label": "CMake: test", "command": "test", "problemMatcher": [], "detail": "CMake template test task" } ], "version": "2.0.0" Loading CMakeLists.txt +7 −1 Original line number Diff line number Diff line Loading @@ -15,13 +15,19 @@ if(${CMAKE_HOST_SYSTEM_NAME} STREQUAL "Linux") "${CMAKE_CXX_FLAGS} \ -fPIC \ -Wall \ -O1 \ -g \ -fsanitize=undefined,address \ " ) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} \ -fPIC \ -Wall " -Wall \ -O1 \ -g \ -fsanitize=undefined,address " ) endif() Loading src/crypto/rsa_pss_sha256.cpp +13 −3 Original line number Diff line number Diff line Loading @@ -95,18 +95,26 @@ std::vector<uint8_t> rsa_pss_sha256::emsa_pss_encode(const std::vector<uint8_t>& std::vector<uint8_t> rsa_pss_sha256::sign(netplus::rsa& key, const std::vector<uint8_t>& message) { std::cerr << "[DEBUG] rsa_pss_sha256::sign: message.size=" << message.size() << std::endl; // hash message std::vector<uint8_t> mHash = sha256(message); if (mHash.size() != 32) std::cerr << "[DEBUG] rsa_pss_sha256::sign: mHash.size=" << mHash.size() << std::endl; if (mHash.size() != 32) { std::cerr << "[DEBUG] rsa_pss_sha256::sign: mHash wrong size" << std::endl; return {}; } // emBits = modBits-1 size_t modBits = key.n.bitLength(); size_t emBits = modBits - 1; std::cerr << "[DEBUG] rsa_pss_sha256::sign: modBits=" << modBits << ", emBits=" << emBits << std::endl; std::vector<uint8_t> EM = emsa_pss_encode(mHash, emBits); if (EM.empty()) std::cerr << "[DEBUG] rsa_pss_sha256::sign: EM.size=" << EM.size() << std::endl; if (EM.empty()) { std::cerr << "[DEBUG] rsa_pss_sha256::sign: EM empty" << std::endl; return {}; } netplus::rsa::bigInt m = rsa::bytesToBigIntBE(EM); Loading @@ -114,7 +122,9 @@ std::vector<uint8_t> rsa_pss_sha256::sign(netplus::rsa& key, netplus::rsa::bigInt s = netplus::rsa::modPow(m, key.d, key.n); size_t k = (modBits + 7) / 8; return rsa::bigIntToBytesBE(s, k); std::vector<uint8_t> out = rsa::bigIntToBytesBE(s, k); std::cerr << "[DEBUG] rsa_pss_sha256::sign: out.size=" << out.size() << std::endl; return out; } } // namespace netplus Loading src/event/epoll.cpp +13 −5 Original line number Diff line number Diff line Loading @@ -274,7 +274,7 @@ namespace netplus { c->csock->flush_out(); } catch (NetException& e) { if (e.getErrorType() == NetException::Note) { // need EPOLLOUT later setpollEventsFd(fd,EPOLLOUT | EPOLLRDHUP | EPOLLONESHOT); } else { throw; } Loading @@ -295,8 +295,10 @@ namespace netplus { try { rcv = c->csock->recvData(buf, 0); } catch (NetException& e) { if (e.getErrorType() == NetException::Note) if (e.getErrorType() == NetException::Note){ setpollEventsFd(fd,EPOLLIN | EPOLLRDHUP | EPOLLONESHOT); return; } throw; } Loading @@ -315,8 +317,10 @@ namespace netplus { try { c->csock->flush_out(); } catch (NetException& e) { if (e.getErrorType() == NetException::Note) if (e.getErrorType() == NetException::Note){ setpollEventsFd(fd,EPOLLOUT | EPOLLRDHUP | EPOLLONESHOT); return; } throw; } } Loading @@ -333,8 +337,10 @@ namespace netplus { c->csock->flush_out(); } catch (NetException& e) { if (e.getErrorType() == NetException::Note) if (e.getErrorType() == NetException::Note){ setpollEventsFd(fd,EPOLLOUT | EPOLLRDHUP | EPOLLONESHOT); return; } throw; } Loading @@ -350,8 +356,10 @@ namespace netplus { } } catch (NetException& e) { if (e.getErrorType() == NetException::Note) if (e.getErrorType() == NetException::Note){ setpollEventsFd(fd,EPOLLOUT | EPOLLIN | EPOLLRDHUP | EPOLLONESHOT); return; } needClose = true; } catch (...) { needClose = true; Loading src/socket.h +25 −13 Original line number Diff line number Diff line Loading @@ -403,12 +403,19 @@ namespace netplus { ssl* csock ); void _sendServerHello( void _sendServerHello_TLS12( ssl* csock, bool secureReneg, uint16_t suite ); std::vector<uint8_t> _buildServerHello_TLS13( uint16_t cipher13, const std::vector<uint8_t>& client_session_id, uint16_t named_group, const std::vector<uint8_t>& pubkey ); bool _popHandshakeMsg( std::vector<uint8_t>& out, uint8_t& type Loading Loading @@ -451,6 +458,9 @@ namespace netplus { std::vector<uint8_t> _fetchNextHandshakeTLS13(); std::vector<uint8_t> _tls13_read_record_handshake(); std::vector<uint8_t> _tls13_build_certificate(); std::vector<uint8_t> _tls13_build_certificate_verify(); void _tls13_send_record( uint8_t inner_content_type, const std::vector<uint8_t>& content, Loading Loading @@ -490,7 +500,6 @@ namespace netplus { std::vector<uint8_t> _tls13_client_keyshare; //debug std::vector<uint8_t> _tls13_server_keyshare; // from ServerHello std::vector<uint8_t> _tls13_ecdhe_shared; // 32 bytes shared secret bool _tls13_got_key_share = false; Loading @@ -505,8 +514,6 @@ namespace netplus { std::unique_ptr<netplus::aes> _aes = nullptr; std::unique_ptr<netplus::aes> _aes_recv = nullptr; netplus::rsa _rsa_priv; std::vector<uint8_t> _mac_key; std::vector<uint8_t> _client_mac_key; Loading Loading @@ -547,11 +554,7 @@ namespace netplus { uint16_t _neg_version = 0x0303; // 0x0303 TLS1.2, 0x0304 TLS1.3 uint16_t _tls13_cipher = 0x1301; // TLS_AES_128_GCM_SHA256 (default for TLS1.3 path) uint8_t _tls13_selected_group=0; // TLS 1.3 ephemeral ECDHE uint8_t _tls13_cli_priv[32] = {0}; // client ephemeral scalar (BE) uint8_t _tls13_srv_priv[32] = {0}; // server ephemeral scalar (BE) uint16_t _selected_group=0; // TLS 1.3 handshake/app traffic keys (AES-128-GCM) uint8_t _tls13_hs_key_c2s[16] = {0}; Loading @@ -578,6 +581,9 @@ namespace netplus { std::unique_ptr<netplus::aes> _aes13_hs_send=nullptr; std::unique_ptr<netplus::aes> _aes13_hs_recv=nullptr; std::vector<uint8_t> _cli_read_iv; std::vector<uint8_t> _cli_write_iv; std::vector<uint8_t> _tls13_early_secret; std::vector<uint8_t> _tls13_hs_secret; std::vector<uint8_t> _tls13_master_secret; Loading @@ -597,10 +603,16 @@ namespace netplus { void _tls13_send_finished(bool handshake_keys); void _tls13_derive_application_keys(); std::vector<uint8_t> _tls13_client_keyshare_x25519; // 32 bytes uint8_t _tls13_srv_priv_x25519[32]; uint8_t _tls13_srv_pub_x25519[32]; std::vector<uint8_t> _client_keyshare_x25519; // 32 bytes std::vector<uint8_t> _server_keyshare_x25519; uint8_t _server_priv_x25519[32]; uint8_t _server_pub_x25519[32]; std::vector<uint8_t> _client_keyshare_ecdhe; std::vector<uint8_t> _server_keyshare_ecdhe; uint8_t _client_priv_ecdhe[32] = {0}; // client ephemeral scalar (BE) uint8_t _server_priv_ecdhe[32] = {0}; // server ephemeral scalar (BE) enum class HsState { // server READ_CLIENT_HELLO, Loading Loading @@ -641,7 +653,7 @@ namespace netplus { std::vector<uint8_t> _handshake_transcript; std::vector<uint8_t> _clientHelloRawBytes; bool _handshakeDone; bool _handshakeDone = false; bool _is_server = true; bool hasTLS13SV = false; Loading Loading
.vscode/tasks.json +18 −0 Original line number Diff line number Diff line Loading @@ -29,6 +29,24 @@ "command": "package", "problemMatcher": [], "detail": "CMake template package task" }, { "type": "cmake", "label": "CMake: build", "command": "build", "targets": [ "all" ], "group": "build", "problemMatcher": [], "detail": "CMake template build task" }, { "type": "cmake", "label": "CMake: test", "command": "test", "problemMatcher": [], "detail": "CMake template test task" } ], "version": "2.0.0" Loading
CMakeLists.txt +7 −1 Original line number Diff line number Diff line Loading @@ -15,13 +15,19 @@ if(${CMAKE_HOST_SYSTEM_NAME} STREQUAL "Linux") "${CMAKE_CXX_FLAGS} \ -fPIC \ -Wall \ -O1 \ -g \ -fsanitize=undefined,address \ " ) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} \ -fPIC \ -Wall " -Wall \ -O1 \ -g \ -fsanitize=undefined,address " ) endif() Loading
src/crypto/rsa_pss_sha256.cpp +13 −3 Original line number Diff line number Diff line Loading @@ -95,18 +95,26 @@ std::vector<uint8_t> rsa_pss_sha256::emsa_pss_encode(const std::vector<uint8_t>& std::vector<uint8_t> rsa_pss_sha256::sign(netplus::rsa& key, const std::vector<uint8_t>& message) { std::cerr << "[DEBUG] rsa_pss_sha256::sign: message.size=" << message.size() << std::endl; // hash message std::vector<uint8_t> mHash = sha256(message); if (mHash.size() != 32) std::cerr << "[DEBUG] rsa_pss_sha256::sign: mHash.size=" << mHash.size() << std::endl; if (mHash.size() != 32) { std::cerr << "[DEBUG] rsa_pss_sha256::sign: mHash wrong size" << std::endl; return {}; } // emBits = modBits-1 size_t modBits = key.n.bitLength(); size_t emBits = modBits - 1; std::cerr << "[DEBUG] rsa_pss_sha256::sign: modBits=" << modBits << ", emBits=" << emBits << std::endl; std::vector<uint8_t> EM = emsa_pss_encode(mHash, emBits); if (EM.empty()) std::cerr << "[DEBUG] rsa_pss_sha256::sign: EM.size=" << EM.size() << std::endl; if (EM.empty()) { std::cerr << "[DEBUG] rsa_pss_sha256::sign: EM empty" << std::endl; return {}; } netplus::rsa::bigInt m = rsa::bytesToBigIntBE(EM); Loading @@ -114,7 +122,9 @@ std::vector<uint8_t> rsa_pss_sha256::sign(netplus::rsa& key, netplus::rsa::bigInt s = netplus::rsa::modPow(m, key.d, key.n); size_t k = (modBits + 7) / 8; return rsa::bigIntToBytesBE(s, k); std::vector<uint8_t> out = rsa::bigIntToBytesBE(s, k); std::cerr << "[DEBUG] rsa_pss_sha256::sign: out.size=" << out.size() << std::endl; return out; } } // namespace netplus Loading
src/event/epoll.cpp +13 −5 Original line number Diff line number Diff line Loading @@ -274,7 +274,7 @@ namespace netplus { c->csock->flush_out(); } catch (NetException& e) { if (e.getErrorType() == NetException::Note) { // need EPOLLOUT later setpollEventsFd(fd,EPOLLOUT | EPOLLRDHUP | EPOLLONESHOT); } else { throw; } Loading @@ -295,8 +295,10 @@ namespace netplus { try { rcv = c->csock->recvData(buf, 0); } catch (NetException& e) { if (e.getErrorType() == NetException::Note) if (e.getErrorType() == NetException::Note){ setpollEventsFd(fd,EPOLLIN | EPOLLRDHUP | EPOLLONESHOT); return; } throw; } Loading @@ -315,8 +317,10 @@ namespace netplus { try { c->csock->flush_out(); } catch (NetException& e) { if (e.getErrorType() == NetException::Note) if (e.getErrorType() == NetException::Note){ setpollEventsFd(fd,EPOLLOUT | EPOLLRDHUP | EPOLLONESHOT); return; } throw; } } Loading @@ -333,8 +337,10 @@ namespace netplus { c->csock->flush_out(); } catch (NetException& e) { if (e.getErrorType() == NetException::Note) if (e.getErrorType() == NetException::Note){ setpollEventsFd(fd,EPOLLOUT | EPOLLRDHUP | EPOLLONESHOT); return; } throw; } Loading @@ -350,8 +356,10 @@ namespace netplus { } } catch (NetException& e) { if (e.getErrorType() == NetException::Note) if (e.getErrorType() == NetException::Note){ setpollEventsFd(fd,EPOLLOUT | EPOLLIN | EPOLLRDHUP | EPOLLONESHOT); return; } needClose = true; } catch (...) { needClose = true; Loading
src/socket.h +25 −13 Original line number Diff line number Diff line Loading @@ -403,12 +403,19 @@ namespace netplus { ssl* csock ); void _sendServerHello( void _sendServerHello_TLS12( ssl* csock, bool secureReneg, uint16_t suite ); std::vector<uint8_t> _buildServerHello_TLS13( uint16_t cipher13, const std::vector<uint8_t>& client_session_id, uint16_t named_group, const std::vector<uint8_t>& pubkey ); bool _popHandshakeMsg( std::vector<uint8_t>& out, uint8_t& type Loading Loading @@ -451,6 +458,9 @@ namespace netplus { std::vector<uint8_t> _fetchNextHandshakeTLS13(); std::vector<uint8_t> _tls13_read_record_handshake(); std::vector<uint8_t> _tls13_build_certificate(); std::vector<uint8_t> _tls13_build_certificate_verify(); void _tls13_send_record( uint8_t inner_content_type, const std::vector<uint8_t>& content, Loading Loading @@ -490,7 +500,6 @@ namespace netplus { std::vector<uint8_t> _tls13_client_keyshare; //debug std::vector<uint8_t> _tls13_server_keyshare; // from ServerHello std::vector<uint8_t> _tls13_ecdhe_shared; // 32 bytes shared secret bool _tls13_got_key_share = false; Loading @@ -505,8 +514,6 @@ namespace netplus { std::unique_ptr<netplus::aes> _aes = nullptr; std::unique_ptr<netplus::aes> _aes_recv = nullptr; netplus::rsa _rsa_priv; std::vector<uint8_t> _mac_key; std::vector<uint8_t> _client_mac_key; Loading Loading @@ -547,11 +554,7 @@ namespace netplus { uint16_t _neg_version = 0x0303; // 0x0303 TLS1.2, 0x0304 TLS1.3 uint16_t _tls13_cipher = 0x1301; // TLS_AES_128_GCM_SHA256 (default for TLS1.3 path) uint8_t _tls13_selected_group=0; // TLS 1.3 ephemeral ECDHE uint8_t _tls13_cli_priv[32] = {0}; // client ephemeral scalar (BE) uint8_t _tls13_srv_priv[32] = {0}; // server ephemeral scalar (BE) uint16_t _selected_group=0; // TLS 1.3 handshake/app traffic keys (AES-128-GCM) uint8_t _tls13_hs_key_c2s[16] = {0}; Loading @@ -578,6 +581,9 @@ namespace netplus { std::unique_ptr<netplus::aes> _aes13_hs_send=nullptr; std::unique_ptr<netplus::aes> _aes13_hs_recv=nullptr; std::vector<uint8_t> _cli_read_iv; std::vector<uint8_t> _cli_write_iv; std::vector<uint8_t> _tls13_early_secret; std::vector<uint8_t> _tls13_hs_secret; std::vector<uint8_t> _tls13_master_secret; Loading @@ -597,10 +603,16 @@ namespace netplus { void _tls13_send_finished(bool handshake_keys); void _tls13_derive_application_keys(); std::vector<uint8_t> _tls13_client_keyshare_x25519; // 32 bytes uint8_t _tls13_srv_priv_x25519[32]; uint8_t _tls13_srv_pub_x25519[32]; std::vector<uint8_t> _client_keyshare_x25519; // 32 bytes std::vector<uint8_t> _server_keyshare_x25519; uint8_t _server_priv_x25519[32]; uint8_t _server_pub_x25519[32]; std::vector<uint8_t> _client_keyshare_ecdhe; std::vector<uint8_t> _server_keyshare_ecdhe; uint8_t _client_priv_ecdhe[32] = {0}; // client ephemeral scalar (BE) uint8_t _server_priv_ecdhe[32] = {0}; // server ephemeral scalar (BE) enum class HsState { // server READ_CLIENT_HELLO, Loading Loading @@ -641,7 +653,7 @@ namespace netplus { std::vector<uint8_t> _handshake_transcript; std::vector<uint8_t> _clientHelloRawBytes; bool _handshakeDone; bool _handshakeDone = false; bool _is_server = true; bool hasTLS13SV = false; Loading