kmwebnet/se050-wireguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

debug: Add debug output for ChaCha20-Poly1305

Browse Source 
Found: TAG mismatch between encrypt and decrypt
- Encrypt produces: b3a7f2c8...
- Decrypt expects: f6e6610c...

Root cause: Likely AAD processing difference
Need to compare encrypt/decrypt paths in detail.

WireGuard tests: 28 passed, 4 failed
This commit is contained in:
km
2026-03-29 05:39:15 +09:00
parent a430accd11
commit 77c6dfbf1a
3 changed files with 64 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/se050_chacha20_poly1305.c
+7
View File
@@ -8,6 +8,7 @@
#include "se050_chacha20_poly1305.h" #include "se050_chacha20_poly1305.h"
#include "se050_crypto_utils.h" #include "se050_crypto_utils.h"
#include <string.h> #include <string.h>
#include <stdio.h>
/* ESP32 detection */ /* ESP32 detection */
#if defined(ESP_PLATFORM) || defined(__XTENSA__) || defined(__riscv) #if defined(ESP_PLATFORM) || defined(__XTENSA__) || defined(__riscv)
@@ -694,6 +695,12 @@ int se050_chacha20_poly1305_decrypt(se050_chacha20_poly1305_ctx_t *ctx,
/* Constant-time comparison */ /* Constant-time comparison */
int ret = 0; int ret = 0;
if (crypto_memneq(expected_tag, tag, 16) != 0) { if (crypto_memneq(expected_tag, tag, 16) != 0) {
fprintf(stderr, "DEBUG: tag mismatch\n");
fprintf(stderr, "Expected: ");
for(int i=0; i<16; i++) fprintf(stderr, "%02x", expected_tag[i]);
fprintf(stderr, "\nGot: ");
for(int i=0; i<16; i++) fprintf(stderr, "%02x", tag[i]);
fprintf(stderr, "\n");
ret = -1; ret = -1;
} }
src/se050_wireguard.c
+3
View File
@@ -23,6 +23,7 @@
#include <string.h> #include <string.h>
#include <stdint.h> #include <stdint.h>
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h>
/* ========================================================================= /* =========================================================================
* WireGuard Protocol Constants * WireGuard Protocol Constants
@@ -322,6 +323,8 @@ int se050_wireguard_decrypt_packet(se050_wireguard_session_t *session,
memzero_explicit(tag, 16); memzero_explicit(tag, 16);
if (ret < 0) { if (ret < 0) {
fprintf(stderr, "DEBUG: decrypt failed, ciphertext_len=%zu, packet_len=%zu, aad_len=16\n",
ciphertext_len, packet_len);
return -1; return -1;
} }
tests/test_debug_wg.c
+54
View File
@@ -0,0 +1,54 @@
#define X25519_SW_TEST 1
#include "se050_wireguard.h"
#include "se050_x25519_sw.h"
#include "se050_chacha20_poly1305.h"
#include <stdio.h>
#include <string.h>
int main() {
printf("=== Debug WireGuard Encrypt/Decrypt ===\n\n");
uint8_t priv[32], peer_pub[32];
for(int i=0; i<32; i++) { priv[i] = i+1; peer_pub[i] = i+2; }
se050_wireguard_session_t session;
se050_wireguard_session_init(&session, priv, peer_pub);
uint8_t ss[32] = {0};
for(int i=0; i<32; i++) ss[i] = i;
se050_wireguard_derive_keys(&session, ss);
printf("Sending key (first 8): ");
for(int i=0; i<8; i++) printf("%02x", session.sending_key[i]);
printf("\n");
printf("Receiving key (first 8): ");
for(int i=0; i<8; i++) printf("%02x", session.receiving_key[i]);
printf("\n\n");
const char *plaintext = "test";
uint8_t encrypted[100];
size_t enc_len;
printf("=== Encrypt ===\n");
int ret = se050_wireguard_encrypt_packet(&session, encrypted, &enc_len, (uint8_t*)plaintext, 4);
printf("Encrypt result: %d\n", ret);
printf("Encrypted length: %zu\n", enc_len);
printf("Encrypted (hex): ");
for(size_t i=0; i<enc_len; i++) printf("%02x", encrypted[i]);
printf("\n\n");
printf("=== Decrypt ===\n");
uint8_t decrypted[100];
size_t dec_len;
ret = se050_wireguard_decrypt_packet(&session, decrypted, &dec_len, encrypted, enc_len);
printf("Decrypt result: %d\n", ret);
printf("Decrypted length: %zu\n", dec_len);
if (ret == 0) {
printf("Decrypted content: %.*s\n", (int)dec_len, decrypted);
} else {
printf("Decrypt FAILED!\n");
}
return 0;
}