ssl: Improve the "start" and "negotiated" states

This change adds the capability to the TLS 1.3 server to process ClientHello messages and answer with ServerHello. Change-Id: I13f6cfac932574300338e7301c6162252a591c70
author: Péter Dimitrov <[email protected]> 2018-11-16 11:39:51 +0100
committer: Péter Dimitrov <[email protected]> 2018-11-20 09:55:54 +0100
commit: f2ec822db072c3366effc93688e6def9742d8c5b (patch)
tree: 09c22e0928243c528c45ecb89683d5c21cd2e1e4 /lib/ssl/src/ssl_handshake.erl
parent: f995d04a0575cdd110a96741bc733eb95d063113 (diff)
download: otp-f2ec822db072c3366effc93688e6def9742d8c5b.tar.gz
otp-f2ec822db072c3366effc93688e6def9742d8c5b.tar.bz2
otp-f2ec822db072c3366effc93688e6def9742d8c5b.zip
1 files changed, 25 insertions, 17 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 0b2ecfc981..417e5d9eb6 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -76,9 +76,11 @@
 	 handle_client_hello_extensions/9, %% Returns server hello extensions
 	 handle_server_hello_extensions/9, select_curve/2, select_curve/3,
          select_hashsign/4, select_hashsign/5,
-	 select_hashsign_algs/3, empty_extensions/2
+	 select_hashsign_algs/3, empty_extensions/2, add_server_share/2
 	]).
 
+-export([get_cert_params/1]).
+
 %%====================================================================
 %% Create handshake messages 
 %%====================================================================
@@ -1137,25 +1139,31 @@ maybe_add_key_share(HelloExtensions, undefined) ->
 maybe_add_key_share(HelloExtensions, KeyShare) ->
     #key_share_client_hello{client_shares = ClientShares0} = KeyShare,
     %% Keep only public keys
-    Fun = fun(#key_share_entry{
-                group = Group,
-                key_exchange =
-                     #'ECPrivateKey'{publicKey = PublicKey}}) ->
-                  #key_share_entry{
-                    group = Group,
-                     key_exchange = PublicKey};
-             (#key_share_entry{
-                 group = Group,
-                 key_exchange =
-                     {PublicKey, _}}) ->
-                  #key_share_entry{
-                     group = Group,
-                     key_exchange = PublicKey}
-          end,
-    ClientShares = lists:map(Fun, ClientShares0),
+    ClientShares = lists:map(fun kse_remove_private_key/1, ClientShares0),
     HelloExtensions#{key_share => #key_share_client_hello{
                                      client_shares = ClientShares}}.
 
+add_server_share(Extensions, KeyShare) ->
+    #key_share_server_hello{server_share = ServerShare0} = KeyShare,
+    %% Keep only public keys
+    ServerShare = kse_remove_private_key(ServerShare0),
+    Extensions#{key_share => #key_share_server_hello{
+                                server_share = ServerShare}}.
+
+kse_remove_private_key(#key_share_entry{
+                      group = Group,
+                      key_exchange =
+                          #'ECPrivateKey'{publicKey = PublicKey}}) ->
+    #key_share_entry{
+       group = Group,
+       key_exchange = PublicKey};
+kse_remove_private_key(#key_share_entry{
+                      group = Group,
+                      key_exchange =
+                          {PublicKey, _}}) ->
+    #key_share_entry{
+       group = Group,
+       key_exchange = PublicKey}.
 
 signature_algs_ext(undefined) ->
     undefined;
author	Péter Dimitrov <[email protected]>	2018-11-16 11:39:51 +0100
committer	Péter Dimitrov <[email protected]>	2018-11-20 09:55:54 +0100
commit	f2ec822db072c3366effc93688e6def9742d8c5b (patch)
tree	09c22e0928243c528c45ecb89683d5c21cd2e1e4 /lib/ssl/src/ssl_handshake.erl
parent	f995d04a0575cdd110a96741bc733eb95d063113 (diff)
download	otp-f2ec822db072c3366effc93688e6def9742d8c5b.tar.gz otp-f2ec822db072c3366effc93688e6def9742d8c5b.tar.bz2 otp-f2ec822db072c3366effc93688e6def9742d8c5b.zip