diff options
author | Péter Dimitrov <[email protected]> | 2019-01-24 15:12:32 +0100 |
---|---|---|
committer | Péter Dimitrov <[email protected]> | 2019-01-28 09:47:36 +0100 |
commit | 117e475be14f92c74c6e6e90d5c6c047df49c7c9 (patch) | |
tree | 111359260d964e3df0f448efee305ee7428e3483 /lib | |
parent | 35e42cb1c8b1616702bbe67f876759126ea6bea2 (diff) | |
download | otp-117e475be14f92c74c6e6e90d5c6c047df49c7c9.tar.gz otp-117e475be14f92c74c6e6e90d5c6c047df49c7c9.tar.bz2 otp-117e475be14f92c74c6e6e90d5c6c047df49c7c9.zip |
ssl: Use HKDF hash function in Transcript-Hash
Two hash functions needed to create the CertificateVerify message.
One for creating the Transcript-Hash and another for the digital
signature. Transcript-Hash uses the HKDF hash of the
selected cipher suite, the digital signature uses the hash
defined by the selected signature scheme.
Change-Id: Ife68ec123682d9aaf42c6b46cc2608e1df8be8d6
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ssl/src/tls_handshake_1_3.erl | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl index a0ece6c7f6..8ff58b841d 100644 --- a/lib/ssl/src/tls_handshake_1_3.erl +++ b/lib/ssl/src/tls_handshake_1_3.erl @@ -113,15 +113,24 @@ certificate(OwnCert, CertDbHandle, CertDbRef, _CRContext, server) -> %% TODO: use maybe monad for error handling! certificate_verify(PrivateKey, SignatureScheme, - #state{handshake_env = + #state{connection_states = ConnectionStates, + handshake_env = #handshake_env{ tls_handshake_history = {Messages, _}}}, server) -> + #{security_parameters := SecParamsR} = + ssl_record:pending_connection_state(ConnectionStates, write), + #security_parameters{prf_algorithm = HKDFAlgo} = SecParamsR, + {HashAlgo, _, _} = ssl_cipher:scheme_to_components(SignatureScheme), Context = lists:reverse(Messages), - THash = tls_v1:transcript_hash(Context, HashAlgo), + %% Transcript-Hash uses the HKDF hash function defined by the cipher suite. + THash = tls_v1:transcript_hash(Context, HKDFAlgo), + + %% Digital signatures use the hash function defined by the selected signature + %% scheme. Signature = digitally_sign(THash, <<"TLS 1.3, server CertificateVerify">>, HashAlgo, PrivateKey), @@ -313,9 +322,7 @@ digitally_sign(THash, Context, HashAlgo, PrivateKey = #'RSAPrivateKey'{}) -> Content = build_content(Context, THash), %% The length of the Salt MUST be equal to the length of the output - %% of the digest algorithm. - PadLen = ssl_cipher:hash_size(HashAlgo), - + %% of the digest algorithm: rsa_pss_saltlen = -1 public_key:sign(Content, HashAlgo, PrivateKey, [{rsa_padding, rsa_pkcs1_pss_padding}, {rsa_pss_saltlen, -1}, @@ -455,7 +462,6 @@ do_negotiated(#{client_share := ClientKey, State5 = tls_connection:queue_handshake(Certificate, State4), %% Create CertificateVerify - %% Use selected signature_alg from here, HKDF only used for key_schedule CertificateVerify = certificate_verify(CertPrivateKey, SignatureScheme, State5, server), |