Commit b3c439e8 authored by jan.koester's avatar jan.koester
Browse files

test

parent d4718e21

src/CMakeLists.txt

+1 −1
Original line number Diff line number Diff line
@@ -15,7 +15,7 @@ list(APPEND netplussrc 
    exception.cpp

    connection.cpp

    ssl.cpp

    quick.cpp

    quic.cpp

)



if(${CMAKE_HOST_SYSTEM_NAME} STREQUAL "Windows")

src/crypto/sha.cpp

+60 −0
Original line number Diff line number Diff line
@@ -147,6 +147,66 @@ std::vector<uint8_t> netplus::sha384_hash(const std::vector<uint8_t>& input) { 
    return std::vector<uint8_t>(digest, digest + SHA384_DIGEST_LENGTH);

}



// HMAC-SHA256 implementation

std::vector<uint8_t> netplus::hmac_sha256(const std::vector<uint8_t>& key,

                                          const std::vector<uint8_t>& msg) {

    constexpr size_t B = 64;   // SHA-256 block size

    constexpr size_t D = 32;   // SHA-256 output size



    // Lambda for secure zeroing - wipes sensitive data to prevent leakage

    auto secure_zero = [](std::vector<uint8_t>& v) {

#if defined(__STDC_LIB_EXT1__)

        if (!v.empty()) memset_s(v.data(), v.size(), 0, v.size());

#else

        volatile uint8_t* p = v.empty() ? nullptr : v.data();

        for (size_t i = 0; p && i < v.size(); ++i) p[i] = 0;

#endif

    };



    // Step 1: K0 = key normalized to block size B

    std::vector<uint8_t> K0;

    K0.reserve(B);



    if (key.size() > B) {

        K0 = sha256_hash(key);              // 32 bytes

        K0.resize(B, 0x00);                 // pad to 64

    } else {

        K0 = key;

        K0.resize(B, 0x00);

    }



    // Step 2: ipad/opad

    std::vector<uint8_t> ipad(B), opad(B);

    for (size_t i = 0; i < B; ++i) {

        ipad[i] = static_cast<uint8_t>(K0[i] ^ 0x36);

        opad[i] = static_cast<uint8_t>(K0[i] ^ 0x5c);

    }



    // Step 3: inner = H((K0^ipad) || msg)

    std::vector<uint8_t> inner_input;

    inner_input.reserve(B + msg.size());

    inner_input.insert(inner_input.end(), ipad.begin(), ipad.end());

    inner_input.insert(inner_input.end(), msg.begin(), msg.end());

    std::vector<uint8_t> inner = sha256_hash(inner_input);



    // Step 4: outer = H((K0^opad) || inner)

    std::vector<uint8_t> outer_input;

    outer_input.reserve(B + D);

    outer_input.insert(outer_input.end(), opad.begin(), opad.end());

    outer_input.insert(outer_input.end(), inner.begin(), inner.end());

    std::vector<uint8_t> mac = sha256_hash(outer_input);



    // Wipe sensitive buffers best-effort

    secure_zero(K0);

    secure_zero(ipad);

    secure_zero(opad);

    secure_zero(inner_input);

    secure_zero(outer_input);

    secure_zero(inner);



    return mac; // 32 bytes

}



// HMAC-SHA384 implementation

std::vector<uint8_t> netplus::hmac_sha384(const std::vector<uint8_t>& key,

                                          const std::vector<uint8_t>& msg) {

src/crypto/sha.h

+4 −0
Original line number Diff line number Diff line
@@ -8,6 +8,10 @@ namespace netplus { 
    extern std::vector<uint8_t> sha256_hash(const std::vector<uint8_t>& input);

    extern std::vector<uint8_t> sha384_hash(const std::vector<uint8_t>& input);

    

    // HMAC-SHA256 functions

    extern std::vector<uint8_t> hmac_sha256(const std::vector<uint8_t>& key,

                                            const std::vector<uint8_t>& msg);

    

    // HMAC-SHA384 functions

    extern std::vector<uint8_t> hmac_sha384(const std::vector<uint8_t>& key,

                                            const std::vector<uint8_t>& msg);

src/event/epoll.cpp

+4 −2
Original line number Diff line number Diff line
@@ -216,12 +216,14 @@ namespace netplus { 


                if (_ServerSocket->_Type == sockettype::TCP)

                    ccon->csock = std::make_unique<tcp>(-1);

                else if (_ServerSocket->_Type == sockettype::UDP)

                    ccon->csock = std::make_unique<udp>(-1);

                else if (_ServerSocket->_Type == sockettype::SSL) {

                    ssl* srv = static_cast<ssl*>(_ServerSocket);

                    // ✅ Pass the certificate bundle map (SNI will select appropriate cert per connection)

                    ccon->csock = std::make_unique<ssl>(srv->_cert_map, -1);

                } else if (_ServerSocket->_Type == sockettype::QUIC) {

                    quic* srv = static_cast<quic*>(_ServerSocket);

                    // Create QUIC client socket with certificate map

                    ccon->csock = std::make_unique<quic>(srv->_cert_map, "", 0, 0, 0);

                }



                _ServerSocket->accept(ccon->csock, true);

src/event/kqueue.cpp

+3 −2
Original line number Diff line number Diff line
@@ -279,11 +279,12 @@ namespace netplus { 


                if (_ServerSocket->_Type == sockettype::TCP)

                    ccon->csock = std::make_unique<tcp>(-1);

                else if (_ServerSocket->_Type == sockettype::UDP)

                    ccon->csock = std::make_unique<udp>(-1);

                else if (_ServerSocket->_Type == sockettype::SSL) {

                    ssl* srv = static_cast<ssl*>(_ServerSocket);

                    ccon->csock = std::make_unique<ssl>(srv->_cert, -1);

                } else if (_ServerSocket->_Type == sockettype::QUIC) {

                    quic* srv = static_cast<quic*>(_ServerSocket);

                    ccon->csock = std::make_unique<quic>(srv->_cert_map, "", 0, 0, 0);

                }



                _ServerSocket->accept(ccon->csock, true);