From 240dbea494958c0aa622dd2d7a336f0571470959 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= <peterdmv@erlang.org>
Date: Tue, 23 Oct 2018 09:31:12 +0200
Subject: ssl: Implement TLS 1.3 state machine skeleton

Change-Id: I4b382a7907247cc2099951fdefa40f1511b1123e
---
 lib/ssl/src/tls_handshake_1_3.erl | 47 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

(limited to 'lib/ssl/src/tls_handshake_1_3.erl')

diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl
index 199054b43b..b9ebf2e502 100644
--- a/lib/ssl/src/tls_handshake_1_3.erl
+++ b/lib/ssl/src/tls_handshake_1_3.erl
@@ -33,6 +33,9 @@
 %% Encode
 -export([encode_handshake/1, decode_handshake/2]).
 
+%% Handshake
+-export([handle_client_hello/5]).
+
 encode_handshake(#certificate_request_1_3{
                     certificate_request_context = Context, 
                     extensions = Exts})->
@@ -151,3 +154,47 @@ decode_extensions(Exts) ->
 
 extensions_list(HelloExtensions) ->
     [Ext || {_, Ext} <- maps:to_list(HelloExtensions)].
+
+
+handle_client_hello(Version,
+                    #client_hello{session_id = SugesstedId,
+                                  cipher_suites = CipherSuites,
+                                  compression_methods = Compressions,
+                                  random = Random,
+                                  extensions = HelloExt},
+		    #ssl_options{versions = Versions,
+				 signature_algs = SupportedHashSigns,
+				 eccs = SupportedECCs,
+				 honor_ecc_order = ECCOrder} = SslOpts,
+		    {Port, Session0, Cache, CacheCb, ConnectionStates0, Cert, _},
+                    Renegotiation) ->
+    case tls_record:is_acceptable_version(Version, Versions) of
+	true ->
+            %% Get supported_groups
+            %% SupportedGroups = maps:get(elliptic_curves, HelloExt, undefined),
+            %% Get KeyShareClientHello
+
+            %% Validate supported_groups + KeyShareClientHello
+            %% IF valid THEN
+            %%   IF supported_groups IS empty send HelloRetryRequest
+            %%   ELSE continue
+            %% ELSE
+            %%   send Alert
+            %% ClientHashSigns = maps:get(signature_algs, HelloExt, undefined),
+            %% ClientSignatureSchemes = maps:get(signature_algs_cert, HelloExt, undefined),
+
+            %% Implement session handling.
+
+            %% Select curve
+
+            %% Sessions cannot be resumed by ClientHello
+
+            %% Select cipher_suite
+            %% Select hash_sign
+
+            %% Handle extensions
+	    ok;
+	false ->
+	    ?ALERT_REC(?FATAL, ?PROTOCOL_VERSION)
+    end.
+
-- 
cgit v1.2.3