From 3f10f10404ee85fcf9d8f7915f768b4826eed12a Mon Sep 17 00:00:00 2001 From: Andreas Schultz Date: Mon, 18 Jun 2012 12:07:37 +0200 Subject: ssl: Implement TLS 1.2 signature support --- lib/ssl/src/ssl_handshake.erl | 43 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-) (limited to 'lib/ssl') diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 0d681e9fcb..2957059b74 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -312,10 +312,10 @@ certificate_verify(Signature, {?'rsaEncryption', PublicKey, _}, Version, certificate_verify(Signature, {?'id-dsa', PublicKey, PublicKeyParams}, Version, {HashAlgo, _SignAlgo}, MasterSecret, {_, Handshake}) -> Hashes = calc_certificate_verify(Version, HashAlgo, MasterSecret, Handshake), - case public_key:verify(Hashes, none, Signature, {PublicKey, PublicKeyParams}) of + case public_key:verify({digest, Hashes}, sha, Signature, {PublicKey, PublicKeyParams}) of true -> valid; - false -> + false -> ?ALERT_REC(?FATAL, ?BAD_CERTIFICATE) end. @@ -890,6 +890,16 @@ dec_hs(_Version, ?SERVER_KEY_EXCHANGE, <>, hashsign = {null, anon}}; +dec_hs({Major, Minor}, ?SERVER_KEY_EXCHANGE, <>) + when Major == 3, Minor >= 3 -> + #server_key_exchange{params = #server_dh_params{dh_p = P,dh_g = G, + dh_y = Y}, + signed_params = Sig, + hashsign = {ssl_cipher:hash_algorithm(HashAlgo), ssl_cipher:sign_algorithm(SignAlgo)}}; dec_hs(_Version, ?SERVER_KEY_EXCHANGE, <>) + when Major == 3, Minor >= 3 -> + #certificate_request{certificate_types = CertTypes, + hashsign_algorithms = HashSigns, + certificate_authorities = CertAuths}; dec_hs(_Version, ?CERTIFICATE_REQUEST, <>) -> @@ -904,6 +922,9 @@ dec_hs(_Version, ?CERTIFICATE_REQUEST, certificate_authorities = CertAuths}; dec_hs(_Version, ?SERVER_HELLO_DONE, <<>>) -> #server_hello_done{}; +dec_hs({Major, Minor}, ?CERTIFICATE_VERIFY,<>) + when Major == 3, Minor >= 3 -> + #certificate_verify{hashsign_algorithm = hashsign_dec(HashSign), signature = Signature}; dec_hs(_Version, ?CERTIFICATE_VERIFY,<>)-> #certificate_verify{hashsign_algorithm = {unknown, unknown}, signature = Signature}; dec_hs(_Version, ?CLIENT_KEY_EXCHANGE, PKEPMS) -> @@ -1026,6 +1047,19 @@ enc_hs(#server_key_exchange{params = #server_dh_params{ ?UINT16(YLen), Y/binary, Signature/binary>> }; +enc_hs(#certificate_request{certificate_types = CertTypes, + hashsign_algorithms = HashSigns, + certificate_authorities = CertAuths}, + {Major, Minor}) + when Major == 3, Minor >= 3 -> + CertTypesLen = byte_size(CertTypes), + HashSignsLen = byte_size(HashSigns), + CertAuthsLen = byte_size(CertAuths), + {?CERTIFICATE_REQUEST, + <> + }; enc_hs(#certificate_request{certificate_types = CertTypes, certificate_authorities = CertAuths}, _Version) -> @@ -1054,6 +1088,11 @@ enc_cke(#client_diffie_hellman_public{dh_public = DHPublic}, _) -> Len = byte_size(DHPublic), <>. +enc_sign({HashAlg, SignAlg}, Signature, _Version = {Major, Minor}) + when Major == 3, Minor >= 3-> + SignLen = byte_size(Signature), + HashSign = hashsign_enc(HashAlg, SignAlg), + <>; enc_sign(_HashSign, Sign, _Version) -> SignLen = byte_size(Sign), <>. -- cgit v1.2.3