diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-11-17 15:54:45 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-11-17 15:54:45 +0400 |
commit | 6a190004982f1e9456ccc9c1d6f0acdd37bd8dea (patch) | |
tree | c229d80233c359b23e3d1dbc91c4a53c3c0f779e /core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java | |
parent | 3e7f55745c18119e852bd31ce491c28f53c3387b (diff) |
Refactoring around DeferredHash so that for (D)TLS 1.2 we can snapshot
any/all hashes that might be needed for CertificateVerify.
Defer the actual CertificateVerify hash calculation at the server until
after we have seen the DigitallySigned.
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java index 85dd1168..2cea7584 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java @@ -372,6 +372,8 @@ public class TlsClientProtocol establishMasterSecret(getContext(), keyExchange); recordStream.setPendingConnectionState(getPeer().getCompression(), getPeer().getCipher()); + TlsHandshakeHash prepareFinishHash = recordStream.prepareToFinish(); + if (clientCreds != null && clientCreds instanceof TlsSignerCredentials) { TlsSignerCredentials signerCreds = (TlsSignerCredentials)clientCreds; @@ -379,7 +381,7 @@ public class TlsClientProtocol * TODO RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 */ SignatureAndHashAlgorithm algorithm = null; - byte[] hash = recordStream.getCurrentPRFHash(null); + byte[] hash = getCurrentPRFHash(getContext(), prepareFinishHash, null); byte[] signature = signerCreds.generateCertificateSignature(hash); DigitallySigned certificateVerify = new DigitallySigned(algorithm, signature); sendCertificateVerifyMessage(certificateVerify); @@ -387,8 +389,6 @@ public class TlsClientProtocol this.connection_state = CS_CERTIFICATE_VERIFY; } - this.recordStream.getHandshakeHash().stopTracking(); - sendChangeCipherSpecMessage(); sendFinishedMessage(); this.connection_state = CS_CLIENT_FINISHED; |