aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
diff options
context:
space:
mode:
authorAndreas Schultz <[email protected]>2016-01-07 15:11:35 +0100
committerIngela Anderton Andin <[email protected]>2016-06-13 22:24:15 +0200
commit84f8ef36501d041e9a1cab073c3108912276674e (patch)
tree3e5cf60128d1b627e6fda746b4bcf8a43530671f /lib/ssl/src
parent0b2593dd0e9558998ba0c2de3ec1bf9adcc2e20b (diff)
downloadotp-84f8ef36501d041e9a1cab073c3108912276674e.tar.gz
otp-84f8ef36501d041e9a1cab073c3108912276674e.tar.bz2
otp-84f8ef36501d041e9a1cab073c3108912276674e.zip
dtls: sync dtls_record DTLS version and crypto handling with TLS
Diffstat (limited to 'lib/ssl/src')
-rw-r--r--lib/ssl/src/dtls_record.erl107
1 files changed, 75 insertions, 32 deletions
diff --git a/lib/ssl/src/dtls_record.erl b/lib/ssl/src/dtls_record.erl
index ed8024d892..5387fcafa8 100644
--- a/lib/ssl/src/dtls_record.erl
+++ b/lib/ssl/src/dtls_record.erl
@@ -36,11 +36,12 @@
-export([decode_cipher_text/2]).
%% Encoding
--export([encode_plain_text/4, encode_change_cipher_spec/2]).
+-export([encode_plain_text/4, encode_tls_cipher_text/5, encode_change_cipher_spec/2]).
%% Protocol version handling
--export([protocol_version/1, lowest_protocol_version/2, lowest_protocol_version/1,
- highest_protocol_version/1, supported_protocol_versions/0,
+-export([protocol_version/1, lowest_protocol_version/1, lowest_protocol_version/2,
+ highest_protocol_version/1, highest_protocol_version/2,
+ is_higher/2, supported_protocol_versions/0,
is_acceptable_version/2]).
%% DTLS Epoch handling
@@ -263,20 +264,39 @@ lowest_protocol_version(Versions) ->
%%
%% Description: Highest protocol version present in a list
%%--------------------------------------------------------------------
-highest_protocol_version([Ver | Vers]) ->
- highest_protocol_version(Ver, Vers).
+highest_protocol_version([]) ->
+ highest_protocol_version();
+highest_protocol_version(Versions) ->
+ [Ver | Vers] = Versions,
+ highest_list_protocol_version(Ver, Vers).
-highest_protocol_version(Version, []) ->
+%%--------------------------------------------------------------------
+-spec highest_protocol_version(dtls_version(), dtls_version()) -> dtls_version().
+%%
+%% Description: Highest protocol version of two given versions
+%%--------------------------------------------------------------------
+highest_protocol_version(Version = {M, N}, {M, O}) when N < O ->
+ Version;
+highest_protocol_version({M, _},
+ Version = {M, _}) ->
Version;
-highest_protocol_version(Version = {N, M}, [{N, O} | Rest]) when M < O ->
- highest_protocol_version(Version, Rest);
-highest_protocol_version({M, _}, [Version = {M, _} | Rest]) ->
- highest_protocol_version(Version, Rest);
-highest_protocol_version(Version = {M,_}, [{N,_} | Rest]) when M < N ->
- highest_protocol_version(Version, Rest);
-highest_protocol_version(_, [Version | Rest]) ->
- highest_protocol_version(Version, Rest).
+highest_protocol_version(Version = {M,_},
+ {N, _}) when M < N ->
+ Version;
+highest_protocol_version(_,Version) ->
+ Version.
+%%--------------------------------------------------------------------
+-spec is_higher(V1 :: dtls_version(), V2::dtls_version()) -> boolean().
+%%
+%% Description: Is V1 > V2
+%%--------------------------------------------------------------------
+is_higher({M, N}, {M, O}) when N < O ->
+ true;
+is_higher({M, _}, {N, _}) when M < N ->
+ true;
+is_higher(_, _) ->
+ false.
%%--------------------------------------------------------------------
-spec supported_protocol_versions() -> [dtls_version()].
@@ -293,27 +313,33 @@ supported_protocol_versions() ->
{ok, []} ->
lists:map(Fun, supported_protocol_versions([]));
{ok, Vsns} when is_list(Vsns) ->
- supported_protocol_versions(Vsns);
+ supported_protocol_versions(lists:map(Fun, Vsns));
{ok, Vsn} ->
- supported_protocol_versions([Vsn])
+ supported_protocol_versions([Fun(Vsn)])
end.
supported_protocol_versions([]) ->
- Vsns = supported_connection_protocol_versions([]),
+ Vsns = case sufficient_dtlsv1_2_crypto_support() of
+ true ->
+ ?ALL_DATAGRAM_SUPPORTED_VERSIONS;
+ false ->
+ ?MIN_DATAGRAM_SUPPORTED_VERSIONS
+ end,
application:set_env(ssl, dtls_protocol_version, Vsns),
Vsns;
supported_protocol_versions([_|_] = Vsns) ->
- Vsns.
-
-%% highest_protocol_version() ->
-%% highest_protocol_version(supported_protocol_versions()).
-
-lowest_protocol_version() ->
- lowest_protocol_version(supported_protocol_versions()).
-
-supported_connection_protocol_versions([]) ->
- ?ALL_DATAGRAM_SUPPORTED_VERSIONS.
+ case sufficient_dtlsv1_2_crypto_support() of
+ true ->
+ Vsns;
+ false ->
+ case Vsns -- ['dtlsv1.2'] of
+ [] ->
+ ?MIN_SUPPORTED_VERSIONS;
+ NewVsns ->
+ NewVsns
+ end
+ end.
%%--------------------------------------------------------------------
-spec is_acceptable_version(dtls_version(), Supported :: [dtls_version()]) -> boolean().
@@ -411,6 +437,18 @@ set_connection_state_by_epoch(ConnectionStates0 =
%%--------------------------------------------------------------------
%%% Internal functions
%%--------------------------------------------------------------------
+
+
+lowest_list_protocol_version(Ver, []) ->
+ Ver;
+lowest_list_protocol_version(Ver1, [Ver2 | Rest]) ->
+ lowest_list_protocol_version(lowest_protocol_version(Ver1, Ver2), Rest).
+
+highest_list_protocol_version(Ver, []) ->
+ Ver;
+highest_list_protocol_version(Ver1, [Ver2 | Rest]) ->
+ highest_list_protocol_version(highest_protocol_version(Ver1, Ver2), Rest).
+
encode_tls_cipher_text(Type, {MajVer, MinVer}, Epoch, Seq, Fragment) ->
Length = erlang:iolist_size(Fragment),
[<<?BYTE(Type), ?BYTE(MajVer), ?BYTE(MinVer), ?UINT16(Epoch),
@@ -424,6 +462,16 @@ calc_mac_hash(#connection_state{mac_secret = MacSecret,
mac_hash(Version, MacAlg, MacSecret, NewSeq, Type,
Length, Fragment).
+highest_protocol_version() ->
+ highest_protocol_version(supported_protocol_versions()).
+
+lowest_protocol_version() ->
+ lowest_protocol_version(supported_protocol_versions()).
+
+sufficient_dtlsv1_2_crypto_support() ->
+ CryptoSupport = crypto:supports(),
+ proplists:get_bool(sha256, proplists:get_value(hashs, CryptoSupport)).
+
mac_hash(Version, MacAlg, MacSecret, SeqNo, Type, Length, Fragment) ->
dtls_v1:mac_hash(Version, MacAlg, MacSecret, SeqNo, Type,
Length, Fragment).
@@ -431,8 +479,3 @@ mac_hash(Version, MacAlg, MacSecret, SeqNo, Type, Length, Fragment) ->
calc_aad(Type, {MajVer, MinVer}, Epoch, SeqNo) ->
NewSeq = (Epoch bsl 48) + SeqNo,
<<NewSeq:64/integer, ?BYTE(Type), ?BYTE(MajVer), ?BYTE(MinVer)>>.
-
-lowest_list_protocol_version(Ver, []) ->
- Ver;
-lowest_list_protocol_version(Ver1, [Ver2 | Rest]) ->
- lowest_list_protocol_version(lowest_protocol_version(Ver1, Ver2), Rest).