diff --git a/src/se050_chacha20_poly1305.c b/src/se050_chacha20_poly1305.c index 85a38f4..3b0fe19 100644 --- a/src/se050_chacha20_poly1305.c +++ b/src/se050_chacha20_poly1305.c @@ -8,7 +8,6 @@ #include "se050_chacha20_poly1305.h" #include "se050_crypto_utils.h" #include -#include /* ESP32 detection */ #if defined(ESP_PLATFORM) || defined(__XTENSA__) || defined(__riscv) @@ -695,12 +694,6 @@ int se050_chacha20_poly1305_decrypt(se050_chacha20_poly1305_ctx_t *ctx, /* Constant-time comparison */ int ret = 0; if (crypto_memneq(expected_tag, tag, 16) != 0) { - fprintf(stderr, "DEBUG: tag mismatch\n"); - fprintf(stderr, "Expected: "); - for(int i=0; i<16; i++) fprintf(stderr, "%02x", expected_tag[i]); - fprintf(stderr, "\nGot: "); - for(int i=0; i<16; i++) fprintf(stderr, "%02x", tag[i]); - fprintf(stderr, "\n"); ret = -1; } diff --git a/src/se050_wireguard.c b/src/se050_wireguard.c index 361d5f0..819ff86 100644 --- a/src/se050_wireguard.c +++ b/src/se050_wireguard.c @@ -23,7 +23,6 @@ #include #include #include -#include /* ========================================================================= * WireGuard Protocol Constants @@ -172,6 +171,12 @@ int se050_wireguard_derive_keys(se050_wireguard_session_t *session, /* Derive sending and receiving keys using HKDF * WireGuard uses simplified HKDF with 32-byte PRK + * + * Key derivation differs for initiator vs responder: + * - Initiator: sending = T(1), receiving = T(2) + * - Responder: sending = T(2), receiving = T(1) + * + * For now, using initiator mode (can be extended with is_initiator flag) */ wg_hkdf_2(shared_secret, session->sending_key, session->receiving_key); @@ -323,8 +328,6 @@ int se050_wireguard_decrypt_packet(se050_wireguard_session_t *session, memzero_explicit(tag, 16); if (ret < 0) { - fprintf(stderr, "DEBUG: decrypt failed, ciphertext_len=%zu, packet_len=%zu, aad_len=16\n", - ciphertext_len, packet_len); return -1; }