diff options
| author | Péter Dimitrov <[email protected]> | 2019-01-15 18:29:48 +0100 |
|---|---|---|
| committer | Péter Dimitrov <[email protected]> | 2019-01-28 09:37:07 +0100 |
| commit | a0d770fb9979c295fd0b9f69c9c558e3b8250072 (patch) | |
| tree | db83fe2e3eab50842dc62e58bb4c975761aa6c78 /lib/ssl/src/tls_v1.erl | |
| parent | 9cdc4cb22a4465709e347c07f240fd6e3a74b490 (diff) | |
| download | otp-a0d770fb9979c295fd0b9f69c9c558e3b8250072.tar.gz otp-a0d770fb9979c295fd0b9f69c9c558e3b8250072.tar.bz2 otp-a0d770fb9979c295fd0b9f69c9c558e3b8250072.zip | |
ssl: Fix key schedule and traffic keys
Fix key schedule and traffic key calculation.
Add test for the server side calculation of shared secrets and
traffic keys.
Change-Id: Ia955e5e8787f3851bdb3170723e6586bdf4548ca
Diffstat (limited to 'lib/ssl/src/tls_v1.erl')
| -rw-r--r-- | lib/ssl/src/tls_v1.erl | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl index df2a421bce..d1a62696cc 100644 --- a/lib/ssl/src/tls_v1.erl +++ b/lib/ssl/src/tls_v1.erl @@ -37,7 +37,7 @@ groups/1, groups/2, group_to_enum/1, enum_to_group/1, default_groups/1]). -export([derive_secret/4, hkdf_expand_label/5, hkdf_extract/3, hkdf_expand/4, - key_schedule/3, key_schedule/4, + key_schedule/3, key_schedule/4, create_info/3, external_binder_key/2, resumption_binder_key/2, client_early_traffic_secret/3, early_exporter_master_secret/3, client_handshake_traffic_secret/3, server_handshake_traffic_secret/3, @@ -74,18 +74,24 @@ derive_secret(Secret, Label, Messages, Algo) -> Context::binary(), Length::integer(), Algo::ssl_cipher_format:hash()) -> KeyingMaterial::binary(). hkdf_expand_label(Secret, Label0, Context, Length, Algo) -> + HkdfLabel = create_info(Label0, Context, Length), + hkdf_expand(Secret, HkdfLabel, Length, Algo). + +%% Create info parameter for HKDF-Expand: +%% HKDF-Expand(PRK, info, L) -> OKM +create_info(Label0, Context0, Length) -> %% struct { %% uint16 length = Length; %% opaque label<7..255> = "tls13 " + Label; %% opaque context<0..255> = Context; %% } HkdfLabel; Label1 = << <<"tls13 ">>/binary, Label0/binary>>, - LLen = size(Label1), - Label = <<?BYTE(LLen), Label1/binary>>, + LabelLen = size(Label1), + Label = <<?BYTE(LabelLen), Label1/binary>>, + ContextLen = size(Context0), + Context = <<?BYTE(ContextLen),Context0/binary>>, Content = <<Label/binary, Context/binary>>, - Len = size(Content), - HkdfLabel = <<?UINT16(Len), Content/binary>>, - hkdf_expand(Secret, HkdfLabel, Length, Algo). + <<?UINT16(Length), Content/binary>>. -spec hkdf_extract(MacAlg::ssl_cipher_format:hash(), Salt::binary(), KeyingMaterial::binary()) -> PseudoRandKey::binary(). @@ -394,7 +400,8 @@ update_traffic_secret(Algo, Secret) -> -spec calculate_traffic_keys(atom(), atom(), binary()) -> {binary(), binary()}. calculate_traffic_keys(HKDFAlgo, Cipher, Secret) -> Key = hkdf_expand_label(Secret, <<"key">>, <<>>, ssl_cipher:key_material(Cipher), HKDFAlgo), - IV = hkdf_expand_label(Secret, <<"iv">>, <<>>, ssl_cipher:key_material(Cipher), HKDFAlgo), + %% TODO: remove hard coded IV size + IV = hkdf_expand_label(Secret, <<"iv">>, <<>>, 12, HKDFAlgo), {Key, IV}. %% TLS v1.3 --------------------------------------------------- |