aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorPéter Dimitrov <[email protected]>2019-01-24 15:12:32 +0100
committerPéter Dimitrov <[email protected]>2019-01-28 09:47:36 +0100
commit117e475be14f92c74c6e6e90d5c6c047df49c7c9 (patch)
tree111359260d964e3df0f448efee305ee7428e3483 /lib
parent35e42cb1c8b1616702bbe67f876759126ea6bea2 (diff)
downloadotp-117e475be14f92c74c6e6e90d5c6c047df49c7c9.tar.gz
otp-117e475be14f92c74c6e6e90d5c6c047df49c7c9.tar.bz2
otp-117e475be14f92c74c6e6e90d5c6c047df49c7c9.zip
ssl: Use HKDF hash function in Transcript-Hash
Two hash functions needed to create the CertificateVerify message. One for creating the Transcript-Hash and another for the digital signature. Transcript-Hash uses the HKDF hash of the selected cipher suite, the digital signature uses the hash defined by the selected signature scheme. Change-Id: Ife68ec123682d9aaf42c6b46cc2608e1df8be8d6
Diffstat (limited to 'lib')
-rw-r--r--lib/ssl/src/tls_handshake_1_3.erl18
1 files changed, 12 insertions, 6 deletions
diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl
index a0ece6c7f6..8ff58b841d 100644
--- a/lib/ssl/src/tls_handshake_1_3.erl
+++ b/lib/ssl/src/tls_handshake_1_3.erl
@@ -113,15 +113,24 @@ certificate(OwnCert, CertDbHandle, CertDbRef, _CRContext, server) ->
%% TODO: use maybe monad for error handling!
certificate_verify(PrivateKey, SignatureScheme,
- #state{handshake_env =
+ #state{connection_states = ConnectionStates,
+ handshake_env =
#handshake_env{
tls_handshake_history = {Messages, _}}}, server) ->
+ #{security_parameters := SecParamsR} =
+ ssl_record:pending_connection_state(ConnectionStates, write),
+ #security_parameters{prf_algorithm = HKDFAlgo} = SecParamsR,
+
{HashAlgo, _, _} =
ssl_cipher:scheme_to_components(SignatureScheme),
Context = lists:reverse(Messages),
- THash = tls_v1:transcript_hash(Context, HashAlgo),
+ %% Transcript-Hash uses the HKDF hash function defined by the cipher suite.
+ THash = tls_v1:transcript_hash(Context, HKDFAlgo),
+
+ %% Digital signatures use the hash function defined by the selected signature
+ %% scheme.
Signature = digitally_sign(THash, <<"TLS 1.3, server CertificateVerify">>,
HashAlgo, PrivateKey),
@@ -313,9 +322,7 @@ digitally_sign(THash, Context, HashAlgo, PrivateKey = #'RSAPrivateKey'{}) ->
Content = build_content(Context, THash),
%% The length of the Salt MUST be equal to the length of the output
- %% of the digest algorithm.
- PadLen = ssl_cipher:hash_size(HashAlgo),
-
+ %% of the digest algorithm: rsa_pss_saltlen = -1
public_key:sign(Content, HashAlgo, PrivateKey,
[{rsa_padding, rsa_pkcs1_pss_padding},
{rsa_pss_saltlen, -1},
@@ -455,7 +462,6 @@ do_negotiated(#{client_share := ClientKey,
State5 = tls_connection:queue_handshake(Certificate, State4),
%% Create CertificateVerify
- %% Use selected signature_alg from here, HKDF only used for key_schedule
CertificateVerify = certificate_verify(CertPrivateKey, SignatureScheme,
State5, server),