diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-11-17 15:54:45 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-11-17 15:54:45 +0400 |
commit | 6a190004982f1e9456ccc9c1d6f0acdd37bd8dea (patch) | |
tree | c229d80233c359b23e3d1dbc91c4a53c3c0f779e /core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java | |
parent | 3e7f55745c18119e852bd31ce491c28f53c3387b (diff) |
Refactoring around DeferredHash so that for (D)TLS 1.2 we can snapshot
any/all hashes that might be needed for CertificateVerify.
Defer the actual CertificateVerify hash calculation at the server until
after we have seen the DigitallySigned.
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java | 24 |
1 files changed, 10 insertions, 14 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java index b7c3940b..257804d7 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java @@ -235,11 +235,6 @@ public class DTLSServerProtocol } } - if (!expectCertificateVerifyMessage(state)) - { - handshake.getHandshakeHash().stopTracking(); - } - if (clientMessage.getType() == HandshakeType.client_key_exchange) { processClientKeyExchange(state, clientMessage.getBody()); @@ -252,6 +247,8 @@ public class DTLSServerProtocol TlsProtocol.establishMasterSecret(state.serverContext, state.keyExchange); recordLayer.initPendingEpoch(state.server.getCipher()); + TlsHandshakeHash prepareFinishHash = handshake.prepareToFinish(); + /* * RFC 5246 7.4.8 This message is only sent following a client certificate that has signing * capability (i.e., all certificates except those containing fixed Diffie-Hellman @@ -259,17 +256,13 @@ public class DTLSServerProtocol */ if (expectCertificateVerifyMessage(state)) { - // TODO For TLS 1.2, this can't be calculated until we see what hash algorithm the sender used - byte[] certificateVerifyHash = handshake.getCurrentPRFHash(); byte[] certificateVerifyBody = handshake.receiveMessageBody(HandshakeType.certificate_verify); - processCertificateVerify(state, certificateVerifyBody, certificateVerifyHash); - - handshake.getHandshakeHash().stopTracking(); + processCertificateVerify(state, certificateVerifyBody, prepareFinishHash); } // NOTE: Calculated exclusive of the actual Finished message from the client - byte[] expectedClientVerifyData = TlsUtils.calculateVerifyData(state.serverContext, - ExporterLabel.client_finished, handshake.getCurrentPRFHash()); + byte[] expectedClientVerifyData = TlsUtils.calculateVerifyData(state.serverContext, ExporterLabel.client_finished, + TlsProtocol.getCurrentPRFHash(state.serverContext, handshake.getHandshakeHash(), null)); processFinished(handshake.receiveMessageBody(HandshakeType.finished), expectedClientVerifyData); if (state.expectSessionTicket) @@ -281,7 +274,7 @@ public class DTLSServerProtocol // NOTE: Calculated exclusive of the Finished message itself byte[] serverVerifyData = TlsUtils.calculateVerifyData(state.serverContext, ExporterLabel.server_finished, - handshake.getCurrentPRFHash()); + TlsProtocol.getCurrentPRFHash(state.serverContext, handshake.getHandshakeHash(), null)); handshake.sendMessage(HandshakeType.finished, serverVerifyData); handshake.finish(); @@ -469,7 +462,7 @@ public class DTLSServerProtocol notifyClientCertificate(state, clientCertificate); } - protected void processCertificateVerify(ServerHandshakeState state, byte[] body, byte[] certificateVerifyHash) + protected void processCertificateVerify(ServerHandshakeState state, byte[] body, TlsHandshakeHash prepareFinishHash) throws IOException { ByteArrayInputStream buf = new ByteArrayInputStream(body); @@ -481,6 +474,9 @@ public class DTLSServerProtocol // Verify the CertificateVerify message contains a correct signature. try { + // TODO For TLS 1.2, this needs to be the hash specified in the DigitallySigned + byte[] certificateVerifyHash = TlsProtocol.getCurrentPRFHash(state.serverContext, prepareFinishHash, null); + org.bouncycastle.asn1.x509.Certificate x509Cert = state.clientCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(keyInfo); |