ssl: Implement the 'key_share' extension

Change-Id: Ie7409675dd7a35825f32822df259286bbb95fd62
author: Péter Dimitrov <[email protected]> 2018-11-01 15:48:09 +0100
committer: Péter Dimitrov <[email protected]> 2018-11-16 14:32:14 +0100
commit: ff3fa2ff25499e42daf0d6f7a810e9c251916e39 (patch)
tree: 6aba756a074eb7ffca34076fca63765b4bac8947 /lib/ssl/test/property_test
parent: d7f9029afb669fd8dd8590e72cd7f0f30b2e9c84 (diff)
download: otp-ff3fa2ff25499e42daf0d6f7a810e9c251916e39.tar.gz
otp-ff3fa2ff25499e42daf0d6f7a810e9c251916e39.tar.bz2
otp-ff3fa2ff25499e42daf0d6f7a810e9c251916e39.zip
1 files changed, 58 insertions, 6 deletions
diff --git a/lib/ssl/test/property_test/ssl_eqc_handshake.erl b/lib/ssl/test/property_test/ssl_eqc_handshake.erl
index 8b3b81aaf1..0165c68a18 100644
--- a/lib/ssl/test/property_test/ssl_eqc_handshake.erl
+++ b/lib/ssl/test/property_test/ssl_eqc_handshake.erl
@@ -298,7 +298,7 @@ extensions(?'TLS_v1.3' = Version, client_hello) ->
            %% ClientCertiticateType,
            %% ServerCertificateType,
            %% Padding,
-           %% KeyShare,
+           KeyShare,
            %% PreSharedKey,
            %% PSKKeyExchangeModes,
            %% EarlyData,
@@ -321,7 +321,7 @@ extensions(?'TLS_v1.3' = Version, client_hello) ->
            %% oneof([client_cert_type(), undefined]),
            %% oneof([server_cert_type(), undefined]),
            %% oneof([padding(), undefined]),
-           %% oneof([key_share(), undefined]),
+           oneof([key_share(client_hello), undefined]),
            %% oneof([pre_shared_key(), undefined]),
            %% oneof([psk_key_exchange_modes(), undefined]),
            %% oneof([early_data(), undefined]),
@@ -349,7 +349,7 @@ extensions(?'TLS_v1.3' = Version, client_hello) ->
                         %% client_cert_type => ClientCertificateType,
                         %% server_cert_type => ServerCertificateType,
                         %% padding => Padding,
-                        %% key_share => KeyShare,
+                        key_share => KeyShare,
                         %% pre_shared_key => PreSharedKey,
                         %% psk_key_exhange_modes => PSKKeyExchangeModes,
                         %% early_data => EarlyData,
@@ -396,12 +396,12 @@ extensions(Version, client_hello) ->
                       }));
 extensions(?'TLS_v1.3' = Version, server_hello) ->
     ?LET({
-          %% KeyShare,
+          KeyShare,
           %% PreSharedKeys,
           SupportedVersions
          },
          {
-          %% oneof([key_share(), undefined]),
+          oneof([key_share(server_hello), undefined]),
           %% oneof([pre_shared_keys(),  undefined]),
           oneof([server_hello_selected_version(), undefined])
          },
@@ -411,7 +411,7 @@ extensions(?'TLS_v1.3' = Version, server_hello) ->
                              true
                      end,
                      #{
-                       %% key_share => KeyShare,
+                       key_share => KeyShare,
                        %% pre_shared_keys => PreSharedKeys,
                        server_hello_selected_version => SupportedVersions
                       }));
@@ -705,3 +705,55 @@ gen_string(0, Acc) ->
     Acc;
 gen_string(N, Acc) ->
     ?LET(Char, gen_char(), gen_string(N-1, [Char | Acc])).
+
+key_share(client_hello) ->
+    ?LET(ClientShares, key_share_entry_list(),
+        #key_share_client_hello{
+          client_shares = ClientShares});
+key_share(server_hello) ->
+    ?LET([ServerShare], key_share_entry_list(1),
+        #key_share_server_hello{
+          server_share = ServerShare}).
+
+key_share_entry_list() ->
+    ?LET(Size, choose(1,8), key_share_entry_list(Size)).
+%%
+key_share_entry_list(N) ->
+    key_share_entry_list(N, ssl:groups(), []).
+%%
+key_share_entry_list(0, _Pool, Acc) ->
+    Acc;
+key_share_entry_list(N, Pool, Acc) ->
+    R = rand:uniform(length(Pool)),
+    G = lists:nth(R, Pool),
+    P = generate_public_key(G),
+    KeyShareEntry =
+        #key_share_entry{
+          group = G,
+          key_exchange = P},
+    key_share_entry_list(N - 1, Pool -- [G], [KeyShareEntry|Acc]).
+
+generate_public_key(Group)
+  when Group =:= secp256r1 orelse
+       Group =:= secp384r1 orelse
+       Group =:= secp521r1 ->
+    #'ECPrivateKey'{publicKey = PublicKey} =
+        public_key:generate_key({namedCurve, secp256r1}),
+    PublicKey;
+generate_public_key(Group) ->
+    {PublicKey, _} =
+        public_key:generate_key(ssl_dh_groups:dh_params(Group)),
+    PublicKey.
+
+groups() ->
+    ?LET(Size, choose(1,8), group_list(Size)).
+
+group_list(N) ->
+    group_list(N, ssl:groups(), []).
+%%
+group_list(0, _Pool, Acc) ->
+    Acc;
+group_list(N, Pool, Acc) ->
+    R = rand:uniform(length(Pool)),
+    G = lists:nth(R, Pool),
+    group_list(N - 1, Pool -- [G], [G|Acc]).
author	Péter Dimitrov <[email protected]>	2018-11-01 15:48:09 +0100
committer	Péter Dimitrov <[email protected]>	2018-11-16 14:32:14 +0100
commit	ff3fa2ff25499e42daf0d6f7a810e9c251916e39 (patch)
tree	6aba756a074eb7ffca34076fca63765b4bac8947 /lib/ssl/test/property_test
parent	d7f9029afb669fd8dd8590e72cd7f0f30b2e9c84 (diff)
download	otp-ff3fa2ff25499e42daf0d6f7a810e9c251916e39.tar.gz otp-ff3fa2ff25499e42daf0d6f7a810e9c251916e39.tar.bz2 otp-ff3fa2ff25499e42daf0d6f7a810e9c251916e39.zip