diff options
| author | Péter Dimitrov <[email protected]> | 2019-01-21 15:14:46 +0100 |
|---|---|---|
| committer | Péter Dimitrov <[email protected]> | 2019-01-28 09:39:47 +0100 |
| commit | 51ac471d5bf861a0052543d9b8689f9b0d50ffc9 (patch) | |
| tree | 35cfcccd01675454d915cb0bb18a43b7279cbd6b | |
| parent | 39acdd9f3dd43e6d008b9d3bddeade95e5f206af (diff) | |
| download | otp-51ac471d5bf861a0052543d9b8689f9b0d50ffc9.tar.gz otp-51ac471d5bf861a0052543d9b8689f9b0d50ffc9.tar.bz2 otp-51ac471d5bf861a0052543d9b8689f9b0d50ffc9.zip | |
ssl: Add EncryptedExtensions
Send empty EncryptedExtensions after ServerHello.
Update ssl logger.
Change-Id: Id57fdb52c360a1125ac1a735ee37c433bfb69a0a
| -rw-r--r-- | lib/ssl/src/ssl_logger.erl | 5 | ||||
| -rw-r--r-- | lib/ssl/src/tls_handshake_1_3.erl | 18 |
2 files changed, 20 insertions, 3 deletions
diff --git a/lib/ssl/src/ssl_logger.erl b/lib/ssl/src/ssl_logger.erl index 39b8c517b6..930077ba3c 100644 --- a/lib/ssl/src/ssl_logger.erl +++ b/lib/ssl/src/ssl_logger.erl @@ -170,6 +170,11 @@ parse_handshake(Direction, #certificate_verify_1_3{} = CertificateVerify) -> Header = io_lib:format("~s Handshake, CertificateVerify", [header_prefix(Direction)]), Message = io_lib:format("~p", [?rec_info(certificate_verify_1_3, CertificateVerify)]), + {Header, Message}; +parse_handshake(Direction, #encrypted_extensions{} = EncryptedExtensions) -> + Header = io_lib:format("~s Handshake, EncryptedExtensions", + [header_prefix(Direction)]), + Message = io_lib:format("~p", [?rec_info(encrypted_extensions, EncryptedExtensions)]), {Header, Message}. diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl index 25d495ed3f..ec3ec2214c 100644 --- a/lib/ssl/src/tls_handshake_1_3.erl +++ b/lib/ssl/src/tls_handshake_1_3.erl @@ -42,6 +42,7 @@ %% Create handshake messages -export([certificate/5, certificate_verify/5, + encrypted_extensions/0, server_hello/4]). -export([do_negotiated/2]). @@ -67,6 +68,11 @@ server_hello_extensions(KeyShare) -> Extensions = #{server_hello_selected_version => SupportedVersions}, ssl_handshake:add_server_share(Extensions, KeyShare). +%% TODO: implement support for encrypted_extensions +encrypted_extensions() -> + #encrypted_extensions{ + extensions = #{} + }. %% TODO: use maybe monad for error handling! certificate(OwnCert, CertDbHandle, CertDbRef, _CRContext, server) -> @@ -413,15 +419,21 @@ do_negotiated(#{client_share := ClientKey, State3 = ssl_record:step_encryption_state(State2), + %% Create EncryptedExtensions + EncryptedExtensions = encrypted_extensions(), + + %% Encode EncryptedExtensions + State4 = tls_connection:queue_handshake(EncryptedExtensions, State3), + %% Create Certificate Certificate = certificate(OwnCert, CertDbHandle, CertDbRef, <<>>, server), %% Encode Certificate - State4 = tls_connection:queue_handshake(Certificate, State3), + State5 = tls_connection:queue_handshake(Certificate, State4), %% Create CertificateVerify #state{handshake_env = - #handshake_env{tls_handshake_history = {Messages, _}}} = State4, + #handshake_env{tls_handshake_history = {Messages, _}}} = State5, %% Use selected signature_alg from here, HKDF only used for key_schedule CertificateVerify = @@ -430,7 +442,7 @@ do_negotiated(#{client_share := ClientKey, %% Encode CertificateVerify %% Send Certificate, CertifricateVerify - {_State5, _} = tls_connection:send_handshake(CertificateVerify, State4), + {_State6, _} = tls_connection:send_handshake(CertificateVerify, State5), %% Send finished |