diff options
Diffstat (limited to 'lib/ssl/src/tls_connection.erl')
| -rw-r--r-- | lib/ssl/src/tls_connection.erl | 387 | 
1 files changed, 318 insertions, 69 deletions
| diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl index 114710a92e..a05858221a 100644 --- a/lib/ssl/src/tls_connection.erl +++ b/lib/ssl/src/tls_connection.erl @@ -37,7 +37,8 @@  -include("ssl_api.hrl").  -include("ssl_internal.hrl").  -include("ssl_srp.hrl"). --include_lib("public_key/include/public_key.hrl").  +-include_lib("public_key/include/public_key.hrl"). +-include_lib("kernel/include/logger.hrl").  %% Internal application API @@ -49,7 +50,8 @@           handle_protocol_record/3]).  %% Handshake handling --export([renegotiation/2, renegotiate/2, send_handshake/2,  +-export([renegotiation/2, renegotiate/2, send_handshake/2, +         send_handshake_flight/1,  	 queue_handshake/2, queue_change_cipher/2,  	 reinit/1, reinit_handshake_data/1, select_sni_extension/1,            empty_connection_state/2]). @@ -66,9 +68,26 @@  -export([init/3, error/3, downgrade/3, %% Initiation and take down states  	 hello/3, user_hello/3, certify/3, cipher/3, abbreviated/3, %% Handshake states   	 connection/3]). +%% TLS 1.3 state functions (server) +-export([start/3,         %% common state with client +         negotiated/3, +         recvd_ch/3, +         wait_cert/3,     %% common state with client +         wait_cv/3,       %% common state with client +         wait_eoed/3, +         wait_finished/3, %% common state with client +         wait_flight2/3, +         connected/3      %% common state with client +        ]). +%% TLS 1.3 state functions (client) +-export([wait_cert_cr/3, +         wait_ee/3, +         wait_sh/3 +        ]).  %% gen_statem callbacks  -export([callback_mode/0, terminate/3, code_change/4, format_status/2]). +-export([encode_handshake/4]).  -define(DIST_CNTRL_SPAWN_OPTS, [{priority, max}]). @@ -173,25 +192,32 @@ next_record(State) ->  next_record(State, CipherTexts, ConnectionStates, Check) ->      next_record(State, CipherTexts, ConnectionStates, Check, []).  %% -next_record(State, [#ssl_tls{type = ?APPLICATION_DATA} = CT|CipherTexts], ConnectionStates0, Check, Acc) -> -    case tls_record:decode_cipher_text(CT, ConnectionStates0, Check) of -        {#ssl_tls{fragment = Fragment}, ConnectionStates} -> -            next_record(State, CipherTexts, ConnectionStates, Check, [Fragment|Acc]); -        #alert{} = Alert -> -            Alert -    end; -next_record(State, [CT|CipherTexts], ConnectionStates0, Check, []) -> -    case tls_record:decode_cipher_text(CT, ConnectionStates0, Check) of -        {Record, ConnectionStates} -> +next_record(#state{connection_env = #connection_env{negotiated_version = Version}} = State, +            [CT|CipherTexts], ConnectionStates0, Check, Acc) -> +    case tls_record:decode_cipher_text(Version, CT, ConnectionStates0, Check) of +        {#ssl_tls{type = ?APPLICATION_DATA, fragment = Fragment}, ConnectionStates} -> +            case CipherTexts of +                [] -> +                    %% End of cipher texts - build and deliver an ?APPLICATION_DATA record +                    %% from the accumulated fragments +                    next_record_done(State, [], ConnectionStates, +                                     #ssl_tls{type = ?APPLICATION_DATA, +                                              fragment = iolist_to_binary(lists:reverse(Acc, [Fragment]))}); +                [_|_] -> +                    next_record(State, CipherTexts, ConnectionStates, Check, [Fragment|Acc]) +            end; +        {Record, ConnectionStates} when Acc =:= [] -> +            %% Singelton non-?APPLICATION_DATA record - deliver              next_record_done(State, CipherTexts, ConnectionStates, Record); +        {_Record, _ConnectionStates_to_forget} -> +            %% Not ?APPLICATION_DATA but we have accumulated fragments +            %% -> build an ?APPLICATION_DATA record with concatenated fragments +            %%    and forget about decrypting this record - we'll decrypt it again next time +            next_record_done(State, [CT|CipherTexts], ConnectionStates0, +                             #ssl_tls{type = ?APPLICATION_DATA, fragment = iolist_to_binary(lists:reverse(Acc))});          #alert{} = Alert ->              Alert -    end; -next_record(State, CipherTexts, ConnectionStates, _Check, Acc) -> -    %% Not ?APPLICATION_DATA but we have a nonempty Acc -    %% -> build an ?APPLICATION_DATA record with the accumulated fragments -    next_record_done(State, CipherTexts, ConnectionStates, -                     #ssl_tls{type = ?APPLICATION_DATA, fragment = iolist_to_binary(lists:reverse(Acc))}). +    end.  next_record_done(#state{protocol_buffers = Buffers} = State, CipherTexts, ConnectionStates, Record) ->      {Record, @@ -209,7 +235,8 @@ next_event(StateName, no_record, State0, Actions) ->   	{#ssl_tls{} = Record, State} ->   	    {next_state, StateName, State, [{next_event, internal, {protocol_record, Record}} | Actions]};  	#alert{} = Alert -> -	    {next_state, StateName, State0, [{next_event, internal, Alert} | Actions]} +            Version = State0#state.connection_env#connection_env.negotiated_version, +            ssl_connection:handle_own_alert(Alert, Version, StateName, State0)      end;  next_event(StateName, Record, State, Actions) ->      case Record of @@ -218,7 +245,8 @@ next_event(StateName, Record, State, Actions) ->  	#ssl_tls{} = Record ->  	    {next_state, StateName, State, [{next_event, internal, {protocol_record, Record}} | Actions]};  	#alert{} = Alert -> -	    {next_state, StateName, State, [{next_event, internal, Alert} | Actions]} +            Version = State#state.connection_env#connection_env.negotiated_version, +            ssl_connection:handle_own_alert(Alert, Version, StateName, State)      end. @@ -244,8 +272,12 @@ handle_protocol_record(#ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, Stat  	{stop, _, _} = Stop->              Stop;  	{Record, State1} -> -            {next_state, StateName, State, Actions} = next_event(StateName, Record, State1),  -            ssl_connection:hibernate_after(StateName, State, Actions) +            case next_event(StateName, Record, State1) of +                {next_state, StateName, State, Actions} -> +                    ssl_connection:hibernate_after(StateName, State, Actions); +                {stop, _, _} = Stop -> +                    Stop +            end      end;  %%% TLS record protocol level handshake messages   handle_protocol_record(#ssl_tls{type = ?HANDSHAKE, fragment = Data},  @@ -254,7 +286,8 @@ handle_protocol_record(#ssl_tls{type = ?HANDSHAKE, fragment = Data},                                        connection_env = #connection_env{negotiated_version = Version},  				      ssl_options = Options} = State0) ->      try -	{Packets, Buf} = tls_handshake:get_tls_handshake(Version,Data,Buf0, Options), +	EffectiveVersion = effective_version(Version, Options), +	{Packets, Buf} = tls_handshake:get_tls_handshake(EffectiveVersion,Data,Buf0, Options),  	State =  	    State0#state{protocol_buffers =  			     Buffers#protocol_buffers{tls_handshake_buffer = Buf}}, @@ -290,9 +323,7 @@ handle_protocol_record(#ssl_tls{type = ?ALERT, fragment = EncAlerts}, StateName,  	    handle_alerts(Alerts,  {next_state, StateName, State});  	[] ->  	    ssl_connection:handle_own_alert(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, empty_alert),  -					    Version, StateName, State); -	#alert{} = Alert -> -	    ssl_connection:handle_own_alert(Alert, Version, StateName, State) +					    Version, StateName, State)      catch  	_:_ ->  	    ssl_connection:handle_own_alert(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, alert_decode_error), @@ -335,12 +366,17 @@ renegotiate(#state{static_env = #static_env{role = server,  send_handshake(Handshake, State) ->      send_handshake_flight(queue_handshake(Handshake, State)). +  queue_handshake(Handshake, #state{handshake_env = #handshake_env{tls_handshake_history = Hist0} = HsEnv,  				  connection_env = #connection_env{negotiated_version = Version},                                    flight_buffer = Flight0, +                                  ssl_options = SslOpts,  				  connection_states = ConnectionStates0} = State0) ->      {BinHandshake, ConnectionStates, Hist} =  	encode_handshake(Handshake, Version, ConnectionStates0, Hist0), +    ssl_logger:debug(SslOpts#ssl_options.log_level, outbound, 'handshake', Handshake), +    ssl_logger:debug(SslOpts#ssl_options.log_level, outbound, 'record', BinHandshake), +      State0#state{connection_states = ConnectionStates,                   handshake_env = HsEnv#handshake_env{tls_handshake_history = Hist},  		 flight_buffer = Flight0 ++ [BinHandshake]}. @@ -351,11 +387,14 @@ send_handshake_flight(#state{static_env = #static_env{socket = Socket,      tls_socket:send(Transport, Socket, Flight),      {State0#state{flight_buffer = []}, []}. +  queue_change_cipher(Msg, #state{connection_env = #connection_env{negotiated_version = Version},                                  flight_buffer = Flight0, +                                ssl_options = SslOpts,                                  connection_states = ConnectionStates0} = State0) ->      {BinChangeCipher, ConnectionStates} =  	encode_change_cipher(Msg, Version, ConnectionStates0), +    ssl_logger:debug(SslOpts#ssl_options.log_level, outbound, 'record', BinChangeCipher),      State0#state{connection_states = ConnectionStates,  		 flight_buffer = Flight0 ++ [BinChangeCipher]}. @@ -375,8 +414,8 @@ reinit_handshake_data(#state{handshake_env = HsEnv} =State) ->                                             premaster_secret = undefined}       }. -select_sni_extension(#client_hello{extensions = HelloExtensions}) -> -    HelloExtensions#hello_extensions.sni; +select_sni_extension(#client_hello{extensions = #{sni := SNI}}) -> +    SNI;  select_sni_extension(_) ->      undefined. @@ -386,6 +425,7 @@ empty_connection_state(ConnectionEnd, BeastMitigation) ->  %%====================================================================  %% Alert and close handling  %%====================================================================	      +  %%--------------------------------------------------------------------  -spec encode_alert(#alert{}, ssl_record:ssl_version(), ssl_record:connection_states()) ->   		    {iolist(), ssl_record:connection_states()}. @@ -398,10 +438,12 @@ encode_alert(#alert{} = Alert, Version, ConnectionStates) ->  send_alert(Alert, #state{static_env = #static_env{socket = Socket,                                                    transport_cb = Transport},                           connection_env = #connection_env{negotiated_version = Version}, +                         ssl_options = SslOpts,                           connection_states = ConnectionStates0} = StateData0) ->      {BinMsg, ConnectionStates} =          encode_alert(Alert, Version, ConnectionStates0),      tls_socket:send(Transport, Socket, BinMsg), +    ssl_logger:debug(SslOpts#ssl_options.log_level, outbound, 'record', BinMsg),      StateData0#state{connection_states = ConnectionStates}.  %% If an ALERT sent in the connection state, should cause the TLS @@ -488,22 +530,27 @@ init({call, From}, {start, Timeout},  	    session = #session{own_certificate = Cert} = Session0,  	    connection_states = ConnectionStates0  	   } = State0) -> +    KeyShare = maybe_generate_client_shares(SslOpts),      Hello = tls_handshake:client_hello(Host, Port, ConnectionStates0, SslOpts, -				       Cache, CacheCb, Renegotiation, Cert), -     -    Version = Hello#client_hello.client_version, -    HelloVersion = tls_record:hello_version(Version, SslOpts#ssl_options.versions), +				       Cache, CacheCb, Renegotiation, Cert, KeyShare), + +    HelloVersion = tls_record:hello_version(SslOpts#ssl_options.versions),      Handshake0 = ssl_handshake:init_handshake_history(),      {BinMsg, ConnectionStates, Handshake} =          encode_handshake(Hello,  HelloVersion, ConnectionStates0, Handshake0),      tls_socket:send(Transport, Socket, BinMsg), +    ssl_logger:debug(SslOpts#ssl_options.log_level, outbound, 'handshake', Hello), +    ssl_logger:debug(SslOpts#ssl_options.log_level, outbound, 'record', BinMsg), +      State = State0#state{connection_states = ConnectionStates, -                         connection_env = CEnv#connection_env{negotiated_version = Version}, %% Requested version +                         connection_env = CEnv#connection_env{negotiated_version = HelloVersion}, %% Requested version                           session =                               Session0#session{session_id = Hello#client_hello.session_id},                           handshake_env = HsEnv#handshake_env{tls_handshake_history = Handshake}, -                         start_or_recv_from = From}, +                         start_or_recv_from = From, +                         key_share = KeyShare},      next_event(hello, no_record, State, [{{timeout, handshake}, Timeout, close}]); +  init(Type, Event, State) ->      gen_handshake(?FUNCTION_NAME, Type, Event, State). @@ -534,14 +581,15 @@ hello(internal, #client_hello{extensions = Extensions} = Hello,               start_or_recv_from = From} = State) ->      {next_state, user_hello, State#state{start_or_recv_from = undefined,                                           handshake_env = HsEnv#handshake_env{hello = Hello}}, -     [{reply, From, {ok, ssl_connection:map_extensions(Extensions)}}]}; +     [{reply, From, {ok, Extensions}}]};  hello(internal, #server_hello{extensions = Extensions} = Hello,         #state{ssl_options = #ssl_options{handshake = hello},               handshake_env = HsEnv,               start_or_recv_from = From} = State) ->      {next_state, user_hello, State#state{start_or_recv_from = undefined,                                           handshake_env = HsEnv#handshake_env{hello = Hello}}, -     [{reply, From, {ok, ssl_connection:map_extensions(Extensions)}}]};      +     [{reply, From, {ok, Extensions}}]};      +  hello(internal, #client_hello{client_version = ClientVersion} = Hello,        #state{connection_states = ConnectionStates0,               static_env = #static_env{ @@ -554,27 +602,40 @@ hello(internal, #client_hello{client_version = ClientVersion} = Hello,               connection_env = CEnv,               session = #session{own_certificate = Cert} = Session0,  	     ssl_options = SslOpts} = State) -> -    case tls_handshake:hello(Hello, SslOpts, {Port, Session0, Cache, CacheCb, -					      ConnectionStates0, Cert, KeyExAlg}, Renegotiation) of -        #alert{} = Alert -> -            ssl_connection:handle_own_alert(Alert, ClientVersion, hello, -                                            State#state{connection_env =  -                                                            CEnv#connection_env{negotiated_version = ClientVersion}}); -        {Version, {Type, Session}, -	 ConnectionStates, Protocol0, ServerHelloExt, HashSign} -> -	    Protocol = case Protocol0 of -			   undefined -> CurrentProtocol; -			   _ -> Protocol0 -		       end, -            gen_handshake(?FUNCTION_NAME, internal, {common_client_hello, Type, ServerHelloExt}, -                          State#state{connection_states  = ConnectionStates, -                                      connection_env = CEnv#connection_env{negotiated_version = Version}, -                                      handshake_env = HsEnv#handshake_env{ -                                                        hashsign_algorithm = HashSign, -                                                        client_hello_version = ClientVersion, -                                                        negotiated_protocol = Protocol}, -                                      session = Session -                                     }) + +    case choose_tls_version(SslOpts, Hello) of +        'tls_v1.3' -> +            %% Continue in TLS 1.3 'start' state +            {next_state, start, State, [{next_event, internal, Hello}]}; +        'tls_v1.2' -> +            case tls_handshake:hello(Hello, +                                     SslOpts, +                                     {Port, Session0, Cache, CacheCb, +                                      ConnectionStates0, Cert, KeyExAlg}, +                                     Renegotiation) of +                #alert{} = Alert -> +                    ssl_connection:handle_own_alert(Alert, ClientVersion, hello, +                                                    State#state{connection_env = CEnv#connection_env{negotiated_version +                                                                                                     = ClientVersion}}); +                {Version, {Type, Session}, +                 ConnectionStates, Protocol0, ServerHelloExt, HashSign} -> +                    Protocol = case Protocol0 of +                                   undefined -> CurrentProtocol; +                                   _ -> Protocol0 +                               end, +                    gen_handshake(?FUNCTION_NAME, +                                  internal, +                                  {common_client_hello, Type, ServerHelloExt}, +                                  State#state{connection_states  = ConnectionStates, +                                              connection_env = CEnv#connection_env{negotiated_version = Version}, +                                              handshake_env = HsEnv#handshake_env{ +                                                                hashsign_algorithm = HashSign, +                                                                client_hello_version = ClientVersion, +                                                                negotiated_protocol = Protocol}, +                                              session = Session +                                             }) +            end +      end;  hello(internal, #server_hello{} = Hello,              #state{connection_states = ConnectionStates0, @@ -679,7 +740,7 @@ connection(internal, #hello_request{},      try tls_sender:peer_renegotiate(Pid) of          {ok, Write} ->              Hello = tls_handshake:client_hello(Host, Port, ConnectionStates, SslOpts, -                                               Cache, CacheCb, Renegotiation, Cert), +                                               Cache, CacheCb, Renegotiation, Cert, undefined),              {State, Actions} = send_handshake(Hello, State0#state{connection_states = ConnectionStates#{current_write => Write}}),              next_event(hello, no_record, State#state{session = Session0#session{session_id                                                                        = Hello#client_hello.session_id}}, Actions) @@ -698,7 +759,8 @@ connection(internal, #hello_request{},  		  ssl_options = SslOpts,   		  connection_states = ConnectionStates} = State0) ->      Hello = tls_handshake:client_hello(Host, Port, ConnectionStates, SslOpts, -                                       Cache, CacheCb, Renegotiation, Cert), +				       Cache, CacheCb, Renegotiation, Cert, undefined), +      {State, Actions} = send_handshake(Hello, State0),      next_event(hello, no_record, State#state{session = Session0#session{session_id                                                                          = Hello#client_hello.session_id}}, Actions); @@ -753,14 +815,126 @@ downgrade(info, {CloseTag, Socket},  downgrade(info, Info, State) ->      handle_info(Info, ?FUNCTION_NAME, State);  downgrade(Type, Event, State) -> -    ssl_connection:?FUNCTION_NAME(Type, Event, State, ?MODULE). +     ssl_connection:?FUNCTION_NAME(Type, Event, State, ?MODULE). + +%%-------------------------------------------------------------------- +%% TLS 1.3 state functions +%%-------------------------------------------------------------------- +%%-------------------------------------------------------------------- +-spec start(gen_statem:event_type(), term(), #state{}) -> +			 gen_statem:state_function_result(). +%%-------------------------------------------------------------------- +start(info, Event, State) -> +    gen_info_1_3(Event, ?FUNCTION_NAME, State); +start(Type, Event, State) -> +    gen_handshake_1_3(?FUNCTION_NAME, Type, Event, State). + +%%-------------------------------------------------------------------- +-spec negotiated(gen_statem:event_type(), term(), #state{}) -> +			 gen_statem:state_function_result(). +%%-------------------------------------------------------------------- +negotiated(info, Event, State) -> +    gen_info_1_3(Event, ?FUNCTION_NAME, State); +negotiated(Type, Event, State) -> +    gen_handshake_1_3(?FUNCTION_NAME, Type, Event, State). + +%%-------------------------------------------------------------------- +-spec recvd_ch(gen_statem:event_type(), term(), #state{}) -> +			 gen_statem:state_function_result(). +%%-------------------------------------------------------------------- +recvd_ch(info, Event, State) -> +    gen_info_1_3(Event, ?FUNCTION_NAME, State); +recvd_ch(Type, Event, State) -> +    gen_handshake_1_3(?FUNCTION_NAME, Type, Event, State). + +%%-------------------------------------------------------------------- +-spec wait_cert(gen_statem:event_type(), term(), #state{}) -> +			 gen_statem:state_function_result(). +%%-------------------------------------------------------------------- +wait_cert(info, Event, State) -> +    gen_info_1_3(Event, ?FUNCTION_NAME, State); +wait_cert(Type, Event, State) -> +    gen_handshake_1_3(?FUNCTION_NAME, Type, Event, State). + +%%-------------------------------------------------------------------- +-spec wait_cv(gen_statem:event_type(), term(), #state{}) -> +			 gen_statem:state_function_result(). +%%-------------------------------------------------------------------- +wait_cv(info, Event, State) -> +    gen_info_1_3(Event, ?FUNCTION_NAME, State); +wait_cv(Type, Event, State) -> +    gen_handshake_1_3(?FUNCTION_NAME, Type, Event, State). + +%%-------------------------------------------------------------------- +-spec wait_eoed(gen_statem:event_type(), term(), #state{}) -> +			 gen_statem:state_function_result(). +%%-------------------------------------------------------------------- +wait_eoed(info, Event, State) -> +    gen_info_1_3(Event, ?FUNCTION_NAME, State); +wait_eoed(Type, Event, State) -> +    gen_handshake_1_3(?FUNCTION_NAME, Type, Event, State). + +%%-------------------------------------------------------------------- +-spec wait_finished(gen_statem:event_type(), term(), #state{}) -> +			 gen_statem:state_function_result(). +%%-------------------------------------------------------------------- +wait_finished(info, Event, State) -> +    gen_info_1_3(Event, ?FUNCTION_NAME, State); +wait_finished(Type, Event, State) -> +    gen_handshake_1_3(?FUNCTION_NAME, Type, Event, State). + +%%-------------------------------------------------------------------- +-spec wait_flight2(gen_statem:event_type(), term(), #state{}) -> +			 gen_statem:state_function_result(). +%%-------------------------------------------------------------------- +wait_flight2(info, Event, State) -> +    gen_info_1_3(Event, ?FUNCTION_NAME, State); +wait_flight2(Type, Event, State) -> +    gen_handshake_1_3(?FUNCTION_NAME, Type, Event, State). + +%%-------------------------------------------------------------------- +-spec connected(gen_statem:event_type(), term(), #state{}) -> +			 gen_statem:state_function_result(). +%%-------------------------------------------------------------------- +connected(info, Event, State) -> +    gen_info_1_3(Event, ?FUNCTION_NAME, State); +connected(Type, Event, State) -> +    gen_handshake_1_3(?FUNCTION_NAME, Type, Event, State). + +%%-------------------------------------------------------------------- +-spec wait_cert_cr(gen_statem:event_type(), term(), #state{}) -> +			 gen_statem:state_function_result(). +%%-------------------------------------------------------------------- +wait_cert_cr(info, Event, State) -> +    gen_info_1_3(Event, ?FUNCTION_NAME, State); +wait_cert_cr(Type, Event, State) -> +    gen_handshake_1_3(?FUNCTION_NAME, Type, Event, State). + +%%-------------------------------------------------------------------- +-spec wait_ee(gen_statem:event_type(), term(), #state{}) -> +			 gen_statem:state_function_result(). +%%-------------------------------------------------------------------- +wait_ee(info, Event, State) -> +    gen_info_1_3(Event, ?FUNCTION_NAME, State); +wait_ee(Type, Event, State) -> +    gen_handshake_1_3(?FUNCTION_NAME, Type, Event, State). + +%%-------------------------------------------------------------------- +-spec wait_sh(gen_statem:event_type(), term(), #state{}) -> +			 gen_statem:state_function_result(). +%%-------------------------------------------------------------------- +wait_sh(info, Event, State) -> +    gen_info_1_3(Event, ?FUNCTION_NAME, State); +wait_sh(Type, Event, State) -> +    gen_handshake_1_3(?FUNCTION_NAME, Type, Event, State). +  %--------------------------------------------------------------------  %% gen_statem callbacks  %%--------------------------------------------------------------------  callback_mode() ->      state_functions. -terminate({shutdown, sender_died, Reason}, _StateName, +terminate({shutdown, {sender_died, Reason}}, _StateName,            #state{static_env = #static_env{socket = Socket,                                             transport_cb = Transport}}             = State) -> @@ -784,7 +958,6 @@ initial_state(Role, Sender, Host, Port, Socket, {SSLOptions, SocketOptions, Trac      #ssl_options{beast_mitigation = BeastMitigation,                   erl_dist = IsErlDist} = SSLOptions,      ConnectionStates = tls_record:init_connection_states(Role, BeastMitigation), -          SessionCacheCb = case application:get_env(ssl, session_cb) of  			 {ok, Cb} when is_atom(Cb) ->  			    Cb; @@ -841,8 +1014,9 @@ initialize_tls_sender(#state{static_env = #static_env{                                               tracker = Tracker                                              },                               connection_env = #connection_env{negotiated_version = Version}, -                             socket_options = SockOpts,                              -                             ssl_options = #ssl_options{renegotiate_at = RenegotiateAt}, +                             socket_options = SockOpts,  +                             ssl_options = #ssl_options{renegotiate_at = RenegotiateAt, +                                                        log_level = LogLevel},                               connection_states = #{current_write := ConnectionWriteState},                               protocol_specific = #{sender := Sender}}) ->      Init = #{current_write => ConnectionWriteState, @@ -852,21 +1026,27 @@ initialize_tls_sender(#state{static_env = #static_env{               tracker => Tracker,               transport_cb => Transport,               negotiated_version => Version, -             renegotiate_at => RenegotiateAt}, +             renegotiate_at => RenegotiateAt, +             log_level => LogLevel},      tls_sender:initialize(Sender, Init).  next_tls_record(Data, StateName,                           #state{protocol_buffers =                                      #protocol_buffers{tls_record_buffer = Buf0, -                                                      tls_cipher_texts = CT0} = Buffers} = State0) -> +                                                      tls_cipher_texts = CT0} = Buffers, +                                ssl_options = SslOpts} = State0) ->      Versions = +        %% TLS 1.3 Client/Server +        %% - Ignore TLSPlaintext.legacy_record_version +        %% - Verify that TLSCiphertext.legacy_record_version is set to  0x0303 for all records +        %%   other than an initial ClientHello, where it MAY also be 0x0301.          case StateName of              hello ->                  [tls_record:protocol_version(Vsn) || Vsn <- ?ALL_AVAILABLE_VERSIONS];              _ ->                  State0#state.connection_env#connection_env.negotiated_version          end, -    case tls_record:get_tls_records(Data, Versions, Buf0) of +    case tls_record:get_tls_records(Data, Versions, Buf0, SslOpts) of  	{Records, Buf1} ->  	    CT1 = CT0 ++ Records,  	    next_record(State0#state{protocol_buffers = @@ -939,7 +1119,7 @@ handle_info({CloseTag, Socket}, StateName,      end;  handle_info({'EXIT', Sender, Reason}, _,              #state{protocol_specific = #{sender := Sender}} = State) -> -    {stop, {shutdown, sender_died, Reason}, State}; +    {stop, {shutdown, {sender_died, Reason}}, State};  handle_info(Msg, StateName, State) ->      ssl_connection:StateName(info, Msg, State, ?MODULE). @@ -970,6 +1150,7 @@ encode_handshake(Handshake, Version, ConnectionStates0, Hist0) ->  encode_change_cipher(#change_cipher_spec{}, Version, ConnectionStates) ->      tls_record:encode_change_cipher_spec(Version, ConnectionStates). +-spec decode_alerts(binary()) -> list().  decode_alerts(Bin) ->      ssl_alert:decode(Bin). @@ -985,12 +1166,26 @@ gen_handshake(StateName, Type, Event,  					    Version, StateName, State)        end. + +gen_handshake_1_3(StateName, Type, Event, +	      #state{connection_env = #connection_env{negotiated_version = Version}} = State) -> +    try tls_connection_1_3:StateName(Type, Event, State, ?MODULE) of +	Result -> +	    Result +    catch +	_:_ -> +            ssl_connection:handle_own_alert(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, +						       malformed_handshake_data), +					    Version, StateName, State) +    end. + +  gen_info(Event, connection = StateName,  #state{connection_env = #connection_env{negotiated_version = Version}} = State) ->      try handle_info(Event, StateName, State) of  	Result ->  	    Result      catch  -	_:_ -> +        _:_ ->  	    ssl_connection:handle_own_alert(?ALERT_REC(?FATAL, ?INTERNAL_ERROR,   						       malformed_data),   					    Version, StateName, State)   @@ -1006,6 +1201,29 @@ gen_info(Event, StateName, #state{connection_env = #connection_env{negotiated_ve  						       malformed_handshake_data),   					    Version, StateName, State)        end. + +gen_info_1_3(Event, connected = StateName,  #state{connection_env = #connection_env{negotiated_version = Version}} = State) -> +    try handle_info(Event, StateName, State) of +	Result -> +	    Result +    catch +        _:_ -> +	    ssl_connection:handle_own_alert(?ALERT_REC(?FATAL, ?INTERNAL_ERROR, +						       malformed_data), +					    Version, StateName, State) +    end; + +gen_info_1_3(Event, StateName, #state{connection_env = #connection_env{negotiated_version = Version}} = State) -> +    try handle_info(Event, StateName, State) of +	Result -> +	    Result +    catch +        _:_ -> +	    ssl_connection:handle_own_alert(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, +						       malformed_handshake_data), +					    Version, StateName, State) +    end. +  unprocessed_events(Events) ->      %% The first handshake event will be processed immediately @@ -1050,3 +1268,34 @@ ensure_sender_terminate(_,  #state{protocol_specific = #{sender := Sender}}) ->                     end             end,      spawn(Kill). + +maybe_generate_client_shares(#ssl_options{ +                            versions = [Version|_], +                            supported_groups = +                                #supported_groups{ +                                  supported_groups = Groups}}) +  when Version =:= {3,4} -> +    ssl_cipher:generate_client_shares(Groups); +maybe_generate_client_shares(_) -> +    undefined. + +choose_tls_version(#ssl_options{versions = Versions}, +                   #client_hello{ +                      extensions = #{client_hello_versions := +                                         #client_hello_versions{versions = ClientVersions} +                                    } +                     }) -> +    case ssl_handshake:select_supported_version(ClientVersions, Versions) of +        {3,4} -> +            'tls_v1.3'; +        _Else -> +            'tls_v1.2' +    end; +choose_tls_version(_, _) -> +    'tls_v1.2'. + + +effective_version(undefined, #ssl_options{versions = [Version|_]}) -> +    Version; +effective_version(Version, _) -> +    Version. | 
