Remove obsolete fast_tls

rebar.config

@@ -12,7 +12,6 @@
         {uuid, "2.0.7", {pkg, uuid_erl}},
         {gun, "2.1.0"},
         {worker_pool, "6.4.0"},
-        {fast_tls, "1.1.21"},
         {fast_scram, "0.6.1"}
 ]}.
 

rebar.lock

@@ -4,10 +4,8 @@
  {<<"exml">>,{pkg,<<"hexml">>,<<"3.4.1">>},0},
  {<<"fast_pbkdf2">>,{pkg,<<"fast_pbkdf2">>,<<"1.0.6">>},1},
  {<<"fast_scram">>,{pkg,<<"fast_scram">>,<<"0.6.1">>},0},
- {<<"fast_tls">>,{pkg,<<"fast_tls">>,<<"1.1.21">>},0},
  {<<"gun">>,{pkg,<<"gun">>,<<"2.1.0">>},0},
  {<<"meck">>,{pkg,<<"meck">>,<<"1.0.0">>},0},
- {<<"p1_utils">>,{pkg,<<"p1_utils">>,<<"1.0.26">>},1},
  {<<"quickrand">>,{pkg,<<"quickrand">>,<<"2.0.7">>},1},
  {<<"uuid">>,{pkg,<<"uuid_erl">>,<<"2.0.7">>},0},
  {<<"worker_pool">>,{pkg,<<"worker_pool">>,<<"6.4.0">>},0}]}.
@@ -18,10 +16,8 @@
  {<<"exml">>, <<"9581FE6512D9772C61BBE611CD4A8E5BB90B4D4481275325EC520F7A931A9393">>},
  {<<"fast_pbkdf2">>, <<"199BCEC73A1A246941E9465D3DC41052953B638128841ED24B29ED03CF70AF27">>},
  {<<"fast_scram">>, <<"BEEADB03D774640F0671681759CE53B2FF33CB58C86FD9BF2A793E2FC1ED0F5D">>},
- {<<"fast_tls">>, <<"65D7D547A09EEFB37A1C0D04D8601FAC4F3E6E2C1EDE859A7787081670F9648D">>},
  {<<"gun">>, <<"B4E4CBBF3026D21981C447E9E7CA856766046EFF693720BA43114D7F5DE36E87">>},
  {<<"meck">>, <<"24676CB6EE6951530093A93EDCD410CFE4CB59FE89444B875D35C9D3909A15D0">>},
- {<<"p1_utils">>, <<"67B0C4AC9FA3BA3EF563B31AA111B0A004439A37FAC85E027F1C3617E1C7EC6C">>},
  {<<"quickrand">>, <<"D2BD76676A446E6A058D678444B7FDA1387B813710D1AF6D6E29BB92186C8820">>},
  {<<"uuid">>, <<"B2078D2CC814F53AFA52D36C91E08962C7E7373585C623F4C0EA6DFB04B2AF94">>},
  {<<"worker_pool">>, <<"0347B805A8E5804B5676A9885FB3B9B6C1627099C449C3C67C0E8E6AF79E9AA6">>}]},
@@ -31,10 +27,8 @@
  {<<"exml">>, <<"D8E7894E2544402B4986EEB2443C15B51B14F686266F091DBF2777D1D99A2FA2">>},
  {<<"fast_pbkdf2">>, <<"35EEC22629AAA739915843C7B7DE0D84657D1ECE972D8BBC86368747E9C14012">>},
  {<<"fast_scram">>, <<"FE0650A309FDF97C75E1EA812CCFB40EB464ECAFD3783E83AA17C7F572EDAB0B">>},
- {<<"fast_tls">>, <<"131542913937025E48CD80AA81F00359686D5501B75621E72026A87B5229505B">>},
  {<<"gun">>, <<"52FC7FC246BFC3B00E01AEA1C2854C70A366348574AB50C57DFE796D24A0101D">>},
  {<<"meck">>, <<"680A9BCFE52764350BEB9FB0335FB75FEE8E7329821416CEE0A19FEC35433882">>},
- {<<"p1_utils">>, <<"D0379E8C1156B98BD64F8129C1DE022FCCA4F2FDB7486CE73BF0ED2C3376B04C">>},
  {<<"quickrand">>, <<"B8ACBF89A224BC217C3070CA8BEBC6EB236DBE7F9767993B274084EA044D35F0">>},
  {<<"uuid">>, <<"4E4C5CA3461DC47C5E157ED42AA3981A053B7A186792AF972A27B14A9489324E">>},
  {<<"worker_pool">>, <<"59946FBCE1D331CDEB153EDD36A823DC1AAB4C2482662582B983C9C90EBC3461">>}]}

src/escalus.app.src

@@ -12,7 +12,6 @@
                   meck,
                   bbmustache,
                   uuid,
-                  fast_tls,
                   fast_scram,
                   worker_pool
                  ]},

src/escalus_auth.erl

@@ -23,21 +23,24 @@
          auth_sasl_oauth/2]).
 
 %% Useful helpers for writing own mechanisms
--export([get_challenge/2,
+-export([auth_sasl_scram/3,
+         get_challenge/2,
          wait_for_success/2]).
 
 %% Some shorthands
 -type client() :: escalus_connection:client().
 -type user_spec() :: escalus_users:user_spec().
 -type hash_type() :: fast_scram:sha_type().
--type plus_variant() :: none | tls_unique.
+-type plus_variant() :: undefined | none | tls_exporter.
 -type scram_options() :: #{plus_variant := plus_variant(),
                            hash_type := hash_type(),
                            xmpp_method := binary()
                           }.
 
 -include_lib("exml/include/exml.hrl").
 
+-define(CB_LABEL, <<"EXPORTER-Channel-Binding">>).
+
 %%--------------------------------------------------------------------
 %% Public API
 %%--------------------------------------------------------------------
@@ -66,57 +69,57 @@ auth_digest_md5(Conn, Props) ->
 %% SCRAM Regular
 -spec auth_sasl_scram_sha1(client(), user_spec()) -> ok.
 auth_sasl_scram_sha1(Conn, Props) ->
-    Options = #{plus_variant => none, hash_type => sha, xmpp_method => <<"SCRAM-SHA-1">>},
+    Options = #{plus_variant => undefined, hash_type => sha, xmpp_method => <<"SCRAM-SHA-1">>},
     auth_sasl_scram(Options, Conn, Props).
 
 -spec auth_sasl_scram_sha224(client(), user_spec()) -> ok.
 auth_sasl_scram_sha224(Conn, Props) ->
-    Options = #{plus_variant => none, hash_type => sha224, xmpp_method => <<"SCRAM-SHA-224">>},
+    Options = #{plus_variant => undefined, hash_type => sha224, xmpp_method => <<"SCRAM-SHA-224">>},
     auth_sasl_scram(Options, Conn, Props).
 
 -spec auth_sasl_scram_sha256(client(), user_spec()) -> ok.
 auth_sasl_scram_sha256(Conn, Props) ->
-    Options = #{plus_variant => none, hash_type => sha256, xmpp_method => <<"SCRAM-SHA-256">>},
+    Options = #{plus_variant => undefined, hash_type => sha256, xmpp_method => <<"SCRAM-SHA-256">>},
     auth_sasl_scram(Options, Conn, Props).
 
 -spec auth_sasl_scram_sha384(client(), user_spec()) -> ok.
 auth_sasl_scram_sha384(Conn, Props) ->
-    Options = #{plus_variant => none, hash_type => sha384, xmpp_method => <<"SCRAM-SHA-384">>},
+    Options = #{plus_variant => undefined, hash_type => sha384, xmpp_method => <<"SCRAM-SHA-384">>},
     auth_sasl_scram(Options, Conn, Props).
 
 -spec auth_sasl_scram_sha512(client(), user_spec()) -> ok.
 auth_sasl_scram_sha512(Conn, Props) ->
-    Options = #{plus_variant => none, hash_type => sha512, xmpp_method => <<"SCRAM-SHA-512">>},
+    Options = #{plus_variant => undefined, hash_type => sha512, xmpp_method => <<"SCRAM-SHA-512">>},
     auth_sasl_scram(Options, Conn, Props).
 
 %% SCRAM PLUS
 -spec auth_sasl_scram_sha1_plus(client(), user_spec()) -> ok.
 auth_sasl_scram_sha1_plus(Conn, Props) ->
-    Options = #{plus_variant => tls_unique, hash_type => sha,
+    Options = #{plus_variant => tls_exporter, hash_type => sha,
                 xmpp_method => <<"SCRAM-SHA-1-PLUS">>},
     auth_sasl_scram(Options, Conn, Props).
 
 -spec auth_sasl_scram_sha224_plus(client(), user_spec()) -> ok.
 auth_sasl_scram_sha224_plus(Conn, Props) ->
-    Options = #{plus_variant => tls_unique, hash_type => sha224,
+    Options = #{plus_variant => tls_exporter, hash_type => sha224,
                 xmpp_method => <<"SCRAM-SHA-224-PLUS">>},
     auth_sasl_scram(Options, Conn, Props).
 
 -spec auth_sasl_scram_sha256_plus(client(), user_spec()) -> ok.
 auth_sasl_scram_sha256_plus(Conn, Props) ->
-    Options = #{plus_variant => tls_unique, hash_type => sha256,
+    Options = #{plus_variant => tls_exporter, hash_type => sha256,
                 xmpp_method => <<"SCRAM-SHA-256-PLUS">>},
     auth_sasl_scram(Options, Conn, Props).
 
 -spec auth_sasl_scram_sha384_plus(client(), user_spec()) -> ok.
 auth_sasl_scram_sha384_plus(Conn, Props) ->
-    Options = #{plus_variant => tls_unique, hash_type => sha384,
+    Options = #{plus_variant => tls_exporter, hash_type => sha384,
                 xmpp_method => <<"SCRAM-SHA-384-PLUS">>},
     auth_sasl_scram(Options, Conn, Props).
 
 -spec auth_sasl_scram_sha512_plus(client(), user_spec()) -> ok.
 auth_sasl_scram_sha512_plus(Conn, Props) ->
-    Options = #{plus_variant => tls_unique, hash_type => sha512,
+    Options = #{plus_variant => tls_exporter, hash_type => sha512,
                 xmpp_method => <<"SCRAM-SHA-512-PLUS">>},
     auth_sasl_scram(Options, Conn, Props).
 
@@ -127,8 +130,7 @@ auth_sasl_scram(#{plus_variant := PlusVariant,
                 Conn, Props) ->
     Username = get_property(username, Props),
     Password = get_property(password, Props),
-    ChannelBinding = scram_sha_auth_payload(
-                       proplists:get_value(tls_module, Props, ssl), PlusVariant, Conn),
+    ChannelBinding = scram_sha_auth_payload(PlusVariant, Conn),
     {ok, ClientState1} = fast_scram:mech_new(
         #{entity => client, username => Username, hash_method => HashMethod, nonce_size => 16,
           channel_binding => ChannelBinding, auth_data => #{password => Password}}),
@@ -220,14 +222,14 @@ md5_digest_response(ChallengeData, Props) ->
         {<<"authzid">>, FullJid}
     ])).
 
-scram_sha_auth_payload(ssl, _, _) ->
+scram_sha_auth_payload(undefined, _) ->
     {undefined, <<>>};
-scram_sha_auth_payload(fast_tls, none, _) ->
+scram_sha_auth_payload(none, _) ->
     {none, <<>>};
-scram_sha_auth_payload(fast_tls, tls_unique, Conn) ->
-    {ok, FinishedTLS} = escalus_connection:get_tls_last_message(Conn),
-    {<<"tls-unique">>, FinishedTLS}.
-
+scram_sha_auth_payload(tls_exporter, Conn) ->
+    {ok, [Material | _]} = escalus_connection:export_key_materials(
+                       Conn, [?CB_LABEL], [no_context], [32], true),
+    {<<"tls-exporter">>, Material}.
 
 hex_md5(Data) ->
     binary:encode_hex(crypto:hash(md5, Data), lowercase).

src/escalus_connection.erl

@@ -31,7 +31,7 @@
          get_sm_h/1,
          set_sm_h/2,
          set_filter_predicate/2,
-         get_tls_last_message/1,
+         export_key_materials/5,
          reset_parser/1,
          is_connected/1,
          wait_for_close/1,
@@ -87,6 +87,16 @@
 -callback set_filter_predicate(pid(), filter_pred()) -> ok.
 -callback stop(pid()) -> ok | already_stopped.
 -callback kill(pid()) -> ok | already_stopped.
+-callback export_key_materials(pid(), Labels, Contexts, WantedLengths, ConsumeSecret) ->
+    {ok, ExportKeyMaterials} |
+    {error, undefined_tls_material | exporter_master_secret_already_consumed | bad_input}
+      when
+      Labels :: [binary()],
+      Contexts :: [binary() | no_context],
+      WantedLengths :: [non_neg_integer()],
+      ConsumeSecret :: boolean(),
+      ExportKeyMaterials :: binary() | [binary()].
+-optional_callbacks([export_key_materials/5]).
 
 -callback stream_start_req(user_spec()) -> exml_stream:element().
 -callback stream_end_req(user_spec()) -> exml_stream:element().
@@ -390,11 +400,19 @@ set_sm_h(#client{module = Mod}, _) ->
 set_filter_predicate(#client{module = Module, rcv_pid = Pid}, Pred) ->
     Module:set_filter_predicate(Pid, Pred).
 
--spec get_tls_last_message(client()) -> {ok, binary()} | {error, undefined_tls_message}.
-get_tls_last_message(#client{module = escalus_tcp, rcv_pid = Pid}) ->
-    escalus_tcp:get_tls_last_message(Pid);
-get_tls_last_message(#client{module = Mod}) ->
-    error({get_tls_last_message, {undefined_for_escalus_module, Mod}}).
+-spec export_key_materials(client(), Labels, Contexts, WantedLengths, ConsumeSecret) ->
+    {ok, ExportKeyMaterials} |
+    {error, undefined_tls_material | exporter_master_secret_already_consumed | bad_input}
+      when
+      Labels :: [binary()],
+      Contexts :: [binary() | no_context],
+      WantedLengths :: [non_neg_integer()],
+      ConsumeSecret :: boolean(),
+      ExportKeyMaterials :: binary() | [binary()].
+export_key_materials(#client{module = escalus_tcp, rcv_pid = Pid}, Labels, Contexts, WantedLengths, ConsumeSecret) ->
+    escalus_tcp:export_key_materials(Pid, Labels, Contexts, WantedLengths, ConsumeSecret);
+export_key_materials(#client{module = Mod}, _Labels, _Contexts, _WantedLengths, _ConsumeSecret) ->
+    error({export_key_materials, {undefined_for_escalus_module, Mod}}).
 
 -spec reset_parser(client()) -> ok.
 reset_parser(#client{module = Mod, rcv_pid = Pid}) ->

src/escalus_session.erl

@@ -78,16 +78,19 @@ authenticate(Client = #client{props = Props}) ->
     %% but as a default we use plain, as it incurrs lower load and better logs (no hashing)
     %% for common setups. If a different mechanism is required then it should be configured on the
     %% user specification.
-    {M, F} = proplists:get_value(auth, Props, {escalus_auth, auth_plain}),
-    PropsAfterAuth = case apply(M, F, [Client, Props]) of
-                         ok -> Props;
-                         {ok, P} when is_list(P) -> P
-                     end,
+    PropsAfterAuth = apply_auth_method(Client, Props),
     escalus_connection:reset_parser(Client),
     Client1 = escalus_session:start_stream(Client#client{props = PropsAfterAuth}),
     escalus_session:stream_features(Client1, []),
     Client1.
 
+apply_auth_method(Client, Props) ->
+    Fun = proplists:get_value(auth, Props, fun escalus_auth:auth_plain/2),
+    case apply(Fun, [Client, Props]) of
+        ok -> Props;
+        {ok, P} when is_list(P) -> P
+    end.
+
 -spec bind(client()) -> client().
 bind(Client = #client{props = Props0}) ->
     Resource = proplists:get_value(resource, Props0, ?DEFAULT_RESOURCE),