ssl: Generalize extensions handling

As TLS 1.3 introduces more extensions in other places than in hello messages we like to have generalize extension handling encode/decode with some hello wrappers. Also extend property tests of handshake encod/decode
author: Ingela Anderton Andin <[email protected]> 2018-09-11 18:14:23 +0200
committer: Ingela Anderton Andin <[email protected]> 2018-09-27 16:59:14 +0200
commit: 973169ab1e1b79e6ef006ec25eb81c84ac0be34a (patch)
tree: 472a2a9890de0f8f3eb7bf96996b69202dbb9485 /lib/ssl/src/tls_handshake.erl
parent: 08ef38b2c9f84ed118e693bff38efa69fc2c7eb8 (diff)
download: otp-973169ab1e1b79e6ef006ec25eb81c84ac0be34a.tar.gz
otp-973169ab1e1b79e6ef006ec25eb81c84ac0be34a.tar.bz2
otp-973169ab1e1b79e6ef006ec25eb81c84ac0be34a.zip
1 files changed, 13 insertions, 17 deletions
diff --git a/lib/ssl/src/tls_handshake.erl b/lib/ssl/src/tls_handshake.erl
index 82ed2e8d14..050b4be870 100644
--- a/lib/ssl/src/tls_handshake.erl
+++ b/lib/ssl/src/tls_handshake.erl
@@ -100,7 +100,7 @@ client_hello(Host, Port, ConnectionStates,
 		    ssl_record:connection_states(), alpn | npn, binary() | undefined}|
 		   {tls_record:tls_version(), {resumed | new, #session{}}, 
 		    ssl_record:connection_states(), binary() | undefined, 
-		    #hello_extensions{}, {ssl_cipher_format:hash(), ssl_cipher_format:sign_algo()} | 
+                    HelloExt::map(), {ssl_cipher_format:hash(), ssl_cipher_format:sign_algo()} | 
                     undefined} | #alert{}.
 %%
 %% Description: Handles a received hello message
@@ -145,10 +145,9 @@ hello(#server_hello{server_version = {Major, Minor},
 %% - If "supported_version" is present (ServerHello):
 %%   - Abort handshake with an "illegal_parameter" alert
 hello(#server_hello{server_version = Version,
-                    extensions = #hello_extensions{
-                                    server_hello_selected_version =
-                                        #server_hello_selected_version{selected_version = Version}
-                                   }},
+                    extensions = #{server_hello_selected_version :=
+                                       #server_hello_selected_version{selected_version = Version}}
+                   },
       #ssl_options{versions = SupportedVersions},
       _ConnectionStates0, _Renegotiation) ->
     case tls_record:is_higher({3,4}, Version) of
@@ -196,10 +195,9 @@ hello(#server_hello{server_version = Version, random = Random,
 %%      e.g. Server 1.0,1.2 Client 1.1 -> ServerHello 1.0
 hello(#client_hello{client_version = _ClientVersion,
 		    cipher_suites = CipherSuites,
-                    extensions = #hello_extensions{
-                                    client_hello_versions =
-                                        #client_hello_versions{versions = ClientVersions}
-                                   }} = Hello,
+                    extensions = #{client_hello_versions :=
+                                       #client_hello_versions{versions = ClientVersions}
+                                  }} = Hello,
       #ssl_options{versions = Versions} = SslOpts,
       Info, Renegotiation) ->
     try
@@ -267,10 +265,7 @@ handle_client_hello(Version,
                                   cipher_suites = CipherSuites,
                                   compression_methods = Compressions,
                                   random = Random,
-                                  extensions = 
-                                      #hello_extensions{elliptic_curves = Curves,
-                                                        signature_algs = ClientHashSigns} 
-                                  = HelloExt},
+                                  extensions = HelloExt},
 		    #ssl_options{versions = Versions,
 				 signature_algs = SupportedHashSigns,
 				 eccs = SupportedECCs,
@@ -279,6 +274,8 @@ handle_client_hello(Version,
                     Renegotiation) ->
     case tls_record:is_acceptable_version(Version, Versions) of
 	true ->
+            Curves = maps:get(elliptic_curves, HelloExt, undefined),
+            ClientHashSigns = maps:get(signature_algs, HelloExt, undefined),
 	    AvailableHashSigns = ssl_handshake:available_signature_algs(
 				   ClientHashSigns, SupportedHashSigns, Cert, Version),
 	    ECCCurve = ssl_handshake:select_curve(Curves, SupportedECCs, ECCOrder),
@@ -407,13 +404,14 @@ get_tls_handshake_aux(_Version, Data, _, Acc) ->
 
 decode_handshake({3, N}, ?HELLO_REQUEST, <<>>) when N < 4 ->
     #hello_request{};
-decode_handshake(_Version, ?CLIENT_HELLO, 
+decode_handshake(Version, ?CLIENT_HELLO, 
                  <<?BYTE(Major), ?BYTE(Minor), Random:32/binary,
                    ?BYTE(SID_length), Session_ID:SID_length/binary,
                    ?UINT16(Cs_length), CipherSuites:Cs_length/binary,
                    ?BYTE(Cm_length), Comp_methods:Cm_length/binary,
                    Extensions/binary>>) ->
-    DecodedExtensions = ssl_handshake:decode_hello_extensions({client, Extensions}),
+    Exts = ssl_handshake:decode_vector(Extensions),
+    DecodedExtensions = ssl_handshake:decode_hello_extensions(Exts, Version, client),
     #client_hello{
        client_version = {Major,Minor},
        random = Random,
@@ -426,5 +424,3 @@ decode_handshake({3, 4}, Tag, Msg) ->
     tls_handshake_1_3:decode_handshake(Tag, Msg);
 decode_handshake(Version, Tag, Msg) ->
     ssl_handshake:decode_handshake(Version, Tag, Msg).
-
-
author	Ingela Anderton Andin <[email protected]>	2018-09-11 18:14:23 +0200
committer	Ingela Anderton Andin <[email protected]>	2018-09-27 16:59:14 +0200
commit	973169ab1e1b79e6ef006ec25eb81c84ac0be34a (patch)
tree	472a2a9890de0f8f3eb7bf96996b69202dbb9485 /lib/ssl/src/tls_handshake.erl
parent	08ef38b2c9f84ed118e693bff38efa69fc2c7eb8 (diff)
download	otp-973169ab1e1b79e6ef006ec25eb81c84ac0be34a.tar.gz otp-973169ab1e1b79e6ef006ec25eb81c84ac0be34a.tar.bz2 otp-973169ab1e1b79e6ef006ec25eb81c84ac0be34a.zip