From 51ac471d5bf861a0052543d9b8689f9b0d50ffc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= Date: Mon, 21 Jan 2019 15:14:46 +0100 Subject: ssl: Add EncryptedExtensions Send empty EncryptedExtensions after ServerHello. Update ssl logger. Change-Id: Id57fdb52c360a1125ac1a735ee37c433bfb69a0a --- lib/ssl/src/ssl_logger.erl | 5 +++++ lib/ssl/src/tls_handshake_1_3.erl | 18 +++++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/lib/ssl/src/ssl_logger.erl b/lib/ssl/src/ssl_logger.erl index 39b8c517b6..930077ba3c 100644 --- a/lib/ssl/src/ssl_logger.erl +++ b/lib/ssl/src/ssl_logger.erl @@ -170,6 +170,11 @@ parse_handshake(Direction, #certificate_verify_1_3{} = CertificateVerify) -> Header = io_lib:format("~s Handshake, CertificateVerify", [header_prefix(Direction)]), Message = io_lib:format("~p", [?rec_info(certificate_verify_1_3, CertificateVerify)]), + {Header, Message}; +parse_handshake(Direction, #encrypted_extensions{} = EncryptedExtensions) -> + Header = io_lib:format("~s Handshake, EncryptedExtensions", + [header_prefix(Direction)]), + Message = io_lib:format("~p", [?rec_info(encrypted_extensions, EncryptedExtensions)]), {Header, Message}. diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl index 25d495ed3f..ec3ec2214c 100644 --- a/lib/ssl/src/tls_handshake_1_3.erl +++ b/lib/ssl/src/tls_handshake_1_3.erl @@ -42,6 +42,7 @@ %% Create handshake messages -export([certificate/5, certificate_verify/5, + encrypted_extensions/0, server_hello/4]). -export([do_negotiated/2]). @@ -67,6 +68,11 @@ server_hello_extensions(KeyShare) -> Extensions = #{server_hello_selected_version => SupportedVersions}, ssl_handshake:add_server_share(Extensions, KeyShare). +%% TODO: implement support for encrypted_extensions +encrypted_extensions() -> + #encrypted_extensions{ + extensions = #{} + }. %% TODO: use maybe monad for error handling! certificate(OwnCert, CertDbHandle, CertDbRef, _CRContext, server) -> @@ -413,15 +419,21 @@ do_negotiated(#{client_share := ClientKey, State3 = ssl_record:step_encryption_state(State2), + %% Create EncryptedExtensions + EncryptedExtensions = encrypted_extensions(), + + %% Encode EncryptedExtensions + State4 = tls_connection:queue_handshake(EncryptedExtensions, State3), + %% Create Certificate Certificate = certificate(OwnCert, CertDbHandle, CertDbRef, <<>>, server), %% Encode Certificate - State4 = tls_connection:queue_handshake(Certificate, State3), + State5 = tls_connection:queue_handshake(Certificate, State4), %% Create CertificateVerify #state{handshake_env = - #handshake_env{tls_handshake_history = {Messages, _}}} = State4, + #handshake_env{tls_handshake_history = {Messages, _}}} = State5, %% Use selected signature_alg from here, HKDF only used for key_schedule CertificateVerify = @@ -430,7 +442,7 @@ do_negotiated(#{client_share := ClientKey, %% Encode CertificateVerify %% Send Certificate, CertifricateVerify - {_State5, _} = tls_connection:send_handshake(CertificateVerify, State4), + {_State6, _} = tls_connection:send_handshake(CertificateVerify, State5), %% Send finished -- cgit v1.2.3