aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/tls_handshake_1_3.erl
diff options
context:
space:
mode:
authorPéter Dimitrov <peterdmv@erlang.org>2019-01-24 16:58:01 +0100
committerPéter Dimitrov <peterdmv@erlang.org>2019-01-28 09:51:43 +0100
commit8dd9c18629be297b0ed5178630076882dd8b8880 (patch)
treed226151229c8438ce08442db0168be11a82473af /lib/ssl/src/tls_handshake_1_3.erl
parent117e475be14f92c74c6e6e90d5c6c047df49c7c9 (diff)
downloadotp-8dd9c18629be297b0ed5178630076882dd8b8880.tar.gz
otp-8dd9c18629be297b0ed5178630076882dd8b8880.tar.bz2
otp-8dd9c18629be297b0ed5178630076882dd8b8880.zip
ssl: Add 'Finished'
Implement Finished message on the server side. Change-Id: Ie0d054ac80f7eb47797273e1878990335112e923
Diffstat (limited to 'lib/ssl/src/tls_handshake_1_3.erl')
-rw-r--r--lib/ssl/src/tls_handshake_1_3.erl30
1 files changed, 26 insertions, 4 deletions
diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl
index 8ff58b841d..453894e8b3 100644
--- a/lib/ssl/src/tls_handshake_1_3.erl
+++ b/lib/ssl/src/tls_handshake_1_3.erl
@@ -139,6 +139,23 @@ certificate_verify(PrivateKey, SignatureScheme,
signature = Signature
}.
+finished(#state{connection_states = ConnectionStates,
+ handshake_env =
+ #handshake_env{
+ tls_handshake_history = {Messages, _}}}) ->
+ #{security_parameters := SecParamsR} =
+ ssl_record:current_connection_state(ConnectionStates, write),
+ #security_parameters{prf_algorithm = HKDFAlgo,
+ master_secret = SHTS} = SecParamsR,
+
+ FinishedKey = tls_v1:finished_key(SHTS, HKDFAlgo),
+ VerifyData = tls_v1:finished_verify_data(FinishedKey, HKDFAlgo, Messages),
+
+ #finished{
+ verify_data = VerifyData
+ }.
+
+
%%====================================================================
%% Encode handshake
%%====================================================================
@@ -464,10 +481,14 @@ do_negotiated(#{client_share := ClientKey,
%% Create CertificateVerify
CertificateVerify = certificate_verify(CertPrivateKey, SignatureScheme,
State5, server),
-
%% Encode CertificateVerify
- %% Send Certificate, CertifricateVerify
- {_State6, _} = tls_connection:send_handshake(CertificateVerify, State5),
+ State6 = tls_connection:queue_handshake(CertificateVerify, State5),
+
+ %% Create Finished
+ Finished = finished(State6),
+
+ %% Encode Certificate, CertifricateVerify
+ {_State7, _} = tls_connection:send_handshake(Finished, State6),
%% Send finished
@@ -532,7 +553,8 @@ calculate_security_parameters(ClientKey, SelectedGroup, KeyShare,
{ReadKey, ReadIV} = tls_v1:calculate_traffic_keys(HKDFAlgo, Cipher, ClientHSTrafficSecret),
{WriteKey, WriteIV} = tls_v1:calculate_traffic_keys(HKDFAlgo, Cipher, ServerHSTrafficSecret),
- {HandshakeSecret, ReadKey, ReadIV, WriteKey, WriteIV}.
+ %% TODO: store all relevant secrets in state!
+ {ServerHSTrafficSecret, ReadKey, ReadIV, WriteKey, WriteIV}.
%% %% Update pending connection state
%% PendingRead0 = ssl_record:pending_connection_state(ConnectionStates, read),