diff options
| author | Péter Dimitrov <[email protected]> | 2018-11-16 11:39:51 +0100 |
|---|---|---|
| committer | Péter Dimitrov <[email protected]> | 2018-11-20 09:55:54 +0100 |
| commit | f2ec822db072c3366effc93688e6def9742d8c5b (patch) | |
| tree | 09c22e0928243c528c45ecb89683d5c21cd2e1e4 /lib/ssl/src/ssl_cipher.erl | |
| parent | f995d04a0575cdd110a96741bc733eb95d063113 (diff) | |
| download | otp-f2ec822db072c3366effc93688e6def9742d8c5b.tar.gz otp-f2ec822db072c3366effc93688e6def9742d8c5b.tar.bz2 otp-f2ec822db072c3366effc93688e6def9742d8c5b.zip | |
ssl: Improve the "start" and "negotiated" states
This change adds the capability to the TLS 1.3 server to process
ClientHello messages and answer with ServerHello.
Change-Id: I13f6cfac932574300338e7301c6162252a591c70
Diffstat (limited to 'lib/ssl/src/ssl_cipher.erl')
| -rw-r--r-- | lib/ssl/src/ssl_cipher.erl | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl index 18109741cc..c4b8e2172a 100644 --- a/lib/ssl/src/ssl_cipher.erl +++ b/lib/ssl/src/ssl_cipher.erl @@ -34,7 +34,7 @@ -include("tls_handshake_1_3.hrl"). -include_lib("public_key/include/public_key.hrl"). --export([security_parameters/2, security_parameters/3, +-export([security_parameters/2, security_parameters/3, security_parameters_1_3/3, cipher_init/3, nonce_seed/2, decipher/6, cipher/5, aead_encrypt/5, aead_decrypt/6, suites/1, all_suites/1, crypto_support_filters/0, chacha_suites/1, anonymous_suites/1, psk_suites/1, psk_suites_anon/1, @@ -47,7 +47,7 @@ scheme_to_components/1, hash_size/1]). %% RFC 8446 TLS 1.3 --export([generate_client_shares/1]). +-export([generate_client_shares/1, generate_server_share/1]). -compile(inline). @@ -88,6 +88,24 @@ security_parameters(Version, CipherSuite, SecParams) -> prf_algorithm = prf_algorithm(PrfHashAlg, Version), hash_size = hash_size(Hash)}. +security_parameters_1_3(SecParams, ClientRandom, CipherSuite) -> + #{cipher := Cipher, + mac := Hash, + prf := PrfHashAlg} = ssl_cipher_format:suite_definition(CipherSuite), + SecParams#security_parameters{ + client_random = ClientRandom, + cipher_suite = CipherSuite, + bulk_cipher_algorithm = bulk_cipher_algorithm(Cipher), + cipher_type = type(Cipher), + key_size = effective_key_bits(Cipher), + expanded_key_material_length = expanded_key_material(Cipher), + key_material_length = key_material(Cipher), + iv_size = iv_size(Cipher), + mac_algorithm = mac_algorithm(Hash), + prf_algorithm =prf_algorithm(PrfHashAlg, {3,4}), + hash_size = hash_size(Hash), + compression_algorithm = 0}. + %%-------------------------------------------------------------------- -spec cipher_init(cipher_enum(), binary(), binary()) -> #cipher_state{}. %% @@ -1192,6 +1210,13 @@ filter_keyuse_suites(Use, KeyUse, CipherSuits, Suites) -> CipherSuits -- Suites end. +generate_server_share(Group) -> + Key = generate_key_exchange(Group), + #key_share_server_hello{ + server_share = #key_share_entry{ + group = Group, + key_exchange = Key + }}. generate_client_shares([]) -> #key_share_client_hello{client_shares = []}; |