diff options
author | Péter Dimitrov <peterdmv@erlang.org> | 2019-01-24 16:58:01 +0100 |
---|---|---|
committer | Péter Dimitrov <peterdmv@erlang.org> | 2019-01-28 09:51:43 +0100 |
commit | 8dd9c18629be297b0ed5178630076882dd8b8880 (patch) | |
tree | d226151229c8438ce08442db0168be11a82473af /lib/ssl/src/tls_handshake_1_3.erl | |
parent | 117e475be14f92c74c6e6e90d5c6c047df49c7c9 (diff) | |
download | otp-8dd9c18629be297b0ed5178630076882dd8b8880.tar.gz otp-8dd9c18629be297b0ed5178630076882dd8b8880.tar.bz2 otp-8dd9c18629be297b0ed5178630076882dd8b8880.zip |
ssl: Add 'Finished'
Implement Finished message on the server side.
Change-Id: Ie0d054ac80f7eb47797273e1878990335112e923
Diffstat (limited to 'lib/ssl/src/tls_handshake_1_3.erl')
-rw-r--r-- | lib/ssl/src/tls_handshake_1_3.erl | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl index 8ff58b841d..453894e8b3 100644 --- a/lib/ssl/src/tls_handshake_1_3.erl +++ b/lib/ssl/src/tls_handshake_1_3.erl @@ -139,6 +139,23 @@ certificate_verify(PrivateKey, SignatureScheme, signature = Signature }. +finished(#state{connection_states = ConnectionStates, + handshake_env = + #handshake_env{ + tls_handshake_history = {Messages, _}}}) -> + #{security_parameters := SecParamsR} = + ssl_record:current_connection_state(ConnectionStates, write), + #security_parameters{prf_algorithm = HKDFAlgo, + master_secret = SHTS} = SecParamsR, + + FinishedKey = tls_v1:finished_key(SHTS, HKDFAlgo), + VerifyData = tls_v1:finished_verify_data(FinishedKey, HKDFAlgo, Messages), + + #finished{ + verify_data = VerifyData + }. + + %%==================================================================== %% Encode handshake %%==================================================================== @@ -464,10 +481,14 @@ do_negotiated(#{client_share := ClientKey, %% Create CertificateVerify CertificateVerify = certificate_verify(CertPrivateKey, SignatureScheme, State5, server), - %% Encode CertificateVerify - %% Send Certificate, CertifricateVerify - {_State6, _} = tls_connection:send_handshake(CertificateVerify, State5), + State6 = tls_connection:queue_handshake(CertificateVerify, State5), + + %% Create Finished + Finished = finished(State6), + + %% Encode Certificate, CertifricateVerify + {_State7, _} = tls_connection:send_handshake(Finished, State6), %% Send finished @@ -532,7 +553,8 @@ calculate_security_parameters(ClientKey, SelectedGroup, KeyShare, {ReadKey, ReadIV} = tls_v1:calculate_traffic_keys(HKDFAlgo, Cipher, ClientHSTrafficSecret), {WriteKey, WriteIV} = tls_v1:calculate_traffic_keys(HKDFAlgo, Cipher, ServerHSTrafficSecret), - {HandshakeSecret, ReadKey, ReadIV, WriteKey, WriteIV}. + %% TODO: store all relevant secrets in state! + {ServerHSTrafficSecret, ReadKey, ReadIV, WriteKey, WriteIV}. %% %% Update pending connection state %% PendingRead0 = ssl_record:pending_connection_state(ConnectionStates, read), |