From f2ec822db072c3366effc93688e6def9742d8c5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= <peterdmv@erlang.org>
Date: Fri, 16 Nov 2018 11:39:51 +0100
Subject: ssl: Improve the "start" and "negotiated" states

This change adds the capability to the TLS 1.3 server to process
ClientHello messages and answer with ServerHello.

Change-Id: I13f6cfac932574300338e7301c6162252a591c70
---
 lib/ssl/src/ssl_handshake.erl | 42 +++++++++++++++++++++++++-----------------
 1 file changed, 25 insertions(+), 17 deletions(-)

(limited to 'lib/ssl/src/ssl_handshake.erl')

diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 0b2ecfc981..417e5d9eb6 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -76,9 +76,11 @@
 	 handle_client_hello_extensions/9, %% Returns server hello extensions
 	 handle_server_hello_extensions/9, select_curve/2, select_curve/3,
          select_hashsign/4, select_hashsign/5,
-	 select_hashsign_algs/3, empty_extensions/2
+	 select_hashsign_algs/3, empty_extensions/2, add_server_share/2
 	]).
 
+-export([get_cert_params/1]).
+
 %%====================================================================
 %% Create handshake messages 
 %%====================================================================
@@ -1137,25 +1139,31 @@ maybe_add_key_share(HelloExtensions, undefined) ->
 maybe_add_key_share(HelloExtensions, KeyShare) ->
     #key_share_client_hello{client_shares = ClientShares0} = KeyShare,
     %% Keep only public keys
-    Fun = fun(#key_share_entry{
-                group = Group,
-                key_exchange =
-                     #'ECPrivateKey'{publicKey = PublicKey}}) ->
-                  #key_share_entry{
-                    group = Group,
-                     key_exchange = PublicKey};
-             (#key_share_entry{
-                 group = Group,
-                 key_exchange =
-                     {PublicKey, _}}) ->
-                  #key_share_entry{
-                     group = Group,
-                     key_exchange = PublicKey}
-          end,
-    ClientShares = lists:map(Fun, ClientShares0),
+    ClientShares = lists:map(fun kse_remove_private_key/1, ClientShares0),
     HelloExtensions#{key_share => #key_share_client_hello{
                                      client_shares = ClientShares}}.
 
+add_server_share(Extensions, KeyShare) ->
+    #key_share_server_hello{server_share = ServerShare0} = KeyShare,
+    %% Keep only public keys
+    ServerShare = kse_remove_private_key(ServerShare0),
+    Extensions#{key_share => #key_share_server_hello{
+                                server_share = ServerShare}}.
+
+kse_remove_private_key(#key_share_entry{
+                      group = Group,
+                      key_exchange =
+                          #'ECPrivateKey'{publicKey = PublicKey}}) ->
+    #key_share_entry{
+       group = Group,
+       key_exchange = PublicKey};
+kse_remove_private_key(#key_share_entry{
+                      group = Group,
+                      key_exchange =
+                          {PublicKey, _}}) ->
+    #key_share_entry{
+       group = Group,
+       key_exchange = PublicKey}.
 
 signature_algs_ext(undefined) ->
     undefined;
-- 
cgit v1.2.3