From 51ac471d5bf861a0052543d9b8689f9b0d50ffc9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= <peterdmv@erlang.org>
Date: Mon, 21 Jan 2019 15:14:46 +0100
Subject: ssl: Add EncryptedExtensions

Send empty EncryptedExtensions after ServerHello.

Update ssl logger.

Change-Id: Id57fdb52c360a1125ac1a735ee37c433bfb69a0a
---
 lib/ssl/src/ssl_logger.erl        |  5 +++++
 lib/ssl/src/tls_handshake_1_3.erl | 18 +++++++++++++++---
 2 files changed, 20 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/ssl/src/ssl_logger.erl b/lib/ssl/src/ssl_logger.erl
index 39b8c517b6..930077ba3c 100644
--- a/lib/ssl/src/ssl_logger.erl
+++ b/lib/ssl/src/ssl_logger.erl
@@ -170,6 +170,11 @@ parse_handshake(Direction, #certificate_verify_1_3{} = CertificateVerify) ->
     Header = io_lib:format("~s Handshake, CertificateVerify",
                            [header_prefix(Direction)]),
     Message = io_lib:format("~p", [?rec_info(certificate_verify_1_3, CertificateVerify)]),
+    {Header, Message};
+parse_handshake(Direction, #encrypted_extensions{} = EncryptedExtensions) ->
+    Header = io_lib:format("~s Handshake, EncryptedExtensions",
+                           [header_prefix(Direction)]),
+    Message = io_lib:format("~p", [?rec_info(encrypted_extensions, EncryptedExtensions)]),
     {Header, Message}.
 
 
diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl
index 25d495ed3f..ec3ec2214c 100644
--- a/lib/ssl/src/tls_handshake_1_3.erl
+++ b/lib/ssl/src/tls_handshake_1_3.erl
@@ -42,6 +42,7 @@
 %% Create handshake messages
 -export([certificate/5,
          certificate_verify/5,
+         encrypted_extensions/0,
          server_hello/4]).
 
 -export([do_negotiated/2]).
@@ -67,6 +68,11 @@ server_hello_extensions(KeyShare) ->
     Extensions = #{server_hello_selected_version => SupportedVersions},
     ssl_handshake:add_server_share(Extensions, KeyShare).
 
+%% TODO: implement support for encrypted_extensions
+encrypted_extensions() ->
+    #encrypted_extensions{
+       extensions = #{}
+      }.
 
 %% TODO: use maybe monad for error handling!
 certificate(OwnCert, CertDbHandle, CertDbRef, _CRContext, server) ->
@@ -413,15 +419,21 @@ do_negotiated(#{client_share := ClientKey,
 
         State3 = ssl_record:step_encryption_state(State2),
 
+        %% Create EncryptedExtensions
+        EncryptedExtensions = encrypted_extensions(),
+
+        %% Encode EncryptedExtensions
+        State4 = tls_connection:queue_handshake(EncryptedExtensions, State3),
+
         %% Create Certificate
         Certificate = certificate(OwnCert, CertDbHandle, CertDbRef, <<>>, server),
 
         %% Encode Certificate
-        State4 = tls_connection:queue_handshake(Certificate, State3),
+        State5 = tls_connection:queue_handshake(Certificate, State4),
 
         %% Create CertificateVerify
         #state{handshake_env =
-                   #handshake_env{tls_handshake_history = {Messages, _}}} = State4,
+                   #handshake_env{tls_handshake_history = {Messages, _}}} = State5,
 
         %% Use selected signature_alg from here, HKDF only used for key_schedule
         CertificateVerify =
@@ -430,7 +442,7 @@ do_negotiated(#{client_share := ClientKey,
 
         %% Encode CertificateVerify
         %% Send Certificate, CertifricateVerify
-        {_State5, _} = tls_connection:send_handshake(CertificateVerify, State4),
+        {_State6, _} = tls_connection:send_handshake(CertificateVerify, State5),
 
         %% Send finished
 
-- 
cgit v1.2.3