aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPéter Dimitrov <[email protected]>2019-01-21 15:14:46 +0100
committerPéter Dimitrov <[email protected]>2019-01-28 09:39:47 +0100
commit51ac471d5bf861a0052543d9b8689f9b0d50ffc9 (patch)
tree35cfcccd01675454d915cb0bb18a43b7279cbd6b
parent39acdd9f3dd43e6d008b9d3bddeade95e5f206af (diff)
downloadotp-51ac471d5bf861a0052543d9b8689f9b0d50ffc9.tar.gz
otp-51ac471d5bf861a0052543d9b8689f9b0d50ffc9.tar.bz2
otp-51ac471d5bf861a0052543d9b8689f9b0d50ffc9.zip
ssl: Add EncryptedExtensions
Send empty EncryptedExtensions after ServerHello. Update ssl logger. Change-Id: Id57fdb52c360a1125ac1a735ee37c433bfb69a0a
-rw-r--r--lib/ssl/src/ssl_logger.erl5
-rw-r--r--lib/ssl/src/tls_handshake_1_3.erl18
2 files changed, 20 insertions, 3 deletions
diff --git a/lib/ssl/src/ssl_logger.erl b/lib/ssl/src/ssl_logger.erl
index 39b8c517b6..930077ba3c 100644
--- a/lib/ssl/src/ssl_logger.erl
+++ b/lib/ssl/src/ssl_logger.erl
@@ -170,6 +170,11 @@ parse_handshake(Direction, #certificate_verify_1_3{} = CertificateVerify) ->
Header = io_lib:format("~s Handshake, CertificateVerify",
[header_prefix(Direction)]),
Message = io_lib:format("~p", [?rec_info(certificate_verify_1_3, CertificateVerify)]),
+ {Header, Message};
+parse_handshake(Direction, #encrypted_extensions{} = EncryptedExtensions) ->
+ Header = io_lib:format("~s Handshake, EncryptedExtensions",
+ [header_prefix(Direction)]),
+ Message = io_lib:format("~p", [?rec_info(encrypted_extensions, EncryptedExtensions)]),
{Header, Message}.
diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl
index 25d495ed3f..ec3ec2214c 100644
--- a/lib/ssl/src/tls_handshake_1_3.erl
+++ b/lib/ssl/src/tls_handshake_1_3.erl
@@ -42,6 +42,7 @@
%% Create handshake messages
-export([certificate/5,
certificate_verify/5,
+ encrypted_extensions/0,
server_hello/4]).
-export([do_negotiated/2]).
@@ -67,6 +68,11 @@ server_hello_extensions(KeyShare) ->
Extensions = #{server_hello_selected_version => SupportedVersions},
ssl_handshake:add_server_share(Extensions, KeyShare).
+%% TODO: implement support for encrypted_extensions
+encrypted_extensions() ->
+ #encrypted_extensions{
+ extensions = #{}
+ }.
%% TODO: use maybe monad for error handling!
certificate(OwnCert, CertDbHandle, CertDbRef, _CRContext, server) ->
@@ -413,15 +419,21 @@ do_negotiated(#{client_share := ClientKey,
State3 = ssl_record:step_encryption_state(State2),
+ %% Create EncryptedExtensions
+ EncryptedExtensions = encrypted_extensions(),
+
+ %% Encode EncryptedExtensions
+ State4 = tls_connection:queue_handshake(EncryptedExtensions, State3),
+
%% Create Certificate
Certificate = certificate(OwnCert, CertDbHandle, CertDbRef, <<>>, server),
%% Encode Certificate
- State4 = tls_connection:queue_handshake(Certificate, State3),
+ State5 = tls_connection:queue_handshake(Certificate, State4),
%% Create CertificateVerify
#state{handshake_env =
- #handshake_env{tls_handshake_history = {Messages, _}}} = State4,
+ #handshake_env{tls_handshake_history = {Messages, _}}} = State5,
%% Use selected signature_alg from here, HKDF only used for key_schedule
CertificateVerify =
@@ -430,7 +442,7 @@ do_negotiated(#{client_share := ClientKey,
%% Encode CertificateVerify
%% Send Certificate, CertifricateVerify
- {_State5, _} = tls_connection:send_handshake(CertificateVerify, State4),
+ {_State6, _} = tls_connection:send_handshake(CertificateVerify, State5),
%% Send finished