diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/ssl/src/tls_handshake_1_3.erl | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl index a0ece6c7f6..8ff58b841d 100644 --- a/lib/ssl/src/tls_handshake_1_3.erl +++ b/lib/ssl/src/tls_handshake_1_3.erl @@ -113,15 +113,24 @@ certificate(OwnCert, CertDbHandle, CertDbRef, _CRContext, server) -> %% TODO: use maybe monad for error handling! certificate_verify(PrivateKey, SignatureScheme, - #state{handshake_env = + #state{connection_states = ConnectionStates, + handshake_env = #handshake_env{ tls_handshake_history = {Messages, _}}}, server) -> + #{security_parameters := SecParamsR} = + ssl_record:pending_connection_state(ConnectionStates, write), + #security_parameters{prf_algorithm = HKDFAlgo} = SecParamsR, + {HashAlgo, _, _} = ssl_cipher:scheme_to_components(SignatureScheme), Context = lists:reverse(Messages), - THash = tls_v1:transcript_hash(Context, HashAlgo), + %% Transcript-Hash uses the HKDF hash function defined by the cipher suite. + THash = tls_v1:transcript_hash(Context, HKDFAlgo), + + %% Digital signatures use the hash function defined by the selected signature + %% scheme. Signature = digitally_sign(THash, <<"TLS 1.3, server CertificateVerify">>, HashAlgo, PrivateKey), @@ -313,9 +322,7 @@ digitally_sign(THash, Context, HashAlgo, PrivateKey = #'RSAPrivateKey'{}) -> Content = build_content(Context, THash), %% The length of the Salt MUST be equal to the length of the output - %% of the digest algorithm. - PadLen = ssl_cipher:hash_size(HashAlgo), - + %% of the digest algorithm: rsa_pss_saltlen = -1 public_key:sign(Content, HashAlgo, PrivateKey, [{rsa_padding, rsa_pkcs1_pss_padding}, {rsa_pss_saltlen, -1}, @@ -455,7 +462,6 @@ do_negotiated(#{client_share := ClientKey, State5 = tls_connection:queue_handshake(Certificate, State4), %% Create CertificateVerify - %% Use selected signature_alg from here, HKDF only used for key_schedule CertificateVerify = certificate_verify(CertPrivateKey, SignatureScheme, State5, server), |