Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ERL-166: Add API for accessing master_secret, client_random, and server_random values #3116

Closed
OTP-Maintainer opened this issue Jun 14, 2016 · 3 comments
Closed

ERL-166: Add API for accessing master_secret, client_random, and server_random values #3116

OTP-Maintainer opened this issue Jun 14, 2016 · 3 comments
Assignees
@IngelaAndin
Labels
enhancement priority:medium team:PS Assigned to OTP team PS
Milestone
OTP-20.0

Comments

@OTP-Maintainer
Copy link

Original reporter: ahf
Affected version: Not Specified
Fixed in version: OTP-20.0
Component: ssl
Migrated from: https://bugs.erlang.org/browse/ERL-166

I was unable to find a public interface in OTP's SSL application for getting the master_secret, client_random, and server_random values. They are all located in the security parameters record stored in the connection state. These values are useful for certain crypto protocols as mixing material for handshakes done over the SSL connection.

I'm currently reading the values through the following slightly icky hack (but great that it is possible at all):

{code:erlang}
lookup({sslsocket, _, Connection}) ->
    {_, #state { connection_states = CS }} = sys:get_state(Connection),
    #connection_state { security_parameters = Params } = ssl_record:current_connection_state(CS, read),
    Params.

client_random(Socket) ->
    #security_parameters { client_random = ClientRandom } = lookup(Socket),
    ClientRandom.
{code}


(and same for server_random/1 and master_secret/1)

I'm unsure how they should be exposed in the SSL module, but I will happily implement it if I get a hint on where to put the logic. I assume the OTP application doesn't want one function per value like I currently have in my (hacked) implementation.
@OTP-Maintainer
Copy link
Author

ingela said:

The potential place to put it would be in connection_info  or possible session_info that is a function that we thought we might need but we actually have not made it an API function yet. We have not decided if we need it or not, and what it should return.

However there is also the ssl:prf/5 that helps you in some cases. I am not sure if it is useful in your use case.

@OTP-Maintainer
Copy link
Author

ahf said:

ssl:prf/5 does a bit too much to the values for being usable for me.

I'll try to prioritise getting a proof of concept patch working for upstreaming :-)

@OTP-Maintainer
Copy link
Author

ingela said:

Not yet merged to  master but will be during next week.

@OTP-Maintainer OTP-Maintainer added this to the OTP-20.0 milestone Feb 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@IngelaAndin IngelaAndin

Labels
enhancement priority:medium team:PS Assigned to OTP team PS
Projects
None yet
Milestone
OTP-20.0
Development

No branches or pull requests
2 participants
@IngelaAndin @OTP-Maintainer