diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-12-02 17:54:20 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-12-02 17:54:20 +0400 |
commit | 09895e552fb92fc02aad0073b50e9b222dd63eea (patch) | |
tree | fb70063c127f0c6eaf330a9d312e75f6be219574 /core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java | |
parent | c35ead533dc3aee032d2d8e798a2eca6aa1eb18b (diff) |
Fix server key exchange signatures for TLS 1.2
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java index 32e13915..0abaee69 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java @@ -45,7 +45,28 @@ public class TlsDHEKeyExchange this.dhAgreeServerPrivateKey = TlsDHUtils.generateEphemeralServerKeyExchange(context.getSecureRandom(), this.dhParameters, buf); - Digest d = new CombinedHash(); + /* + * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 + */ + SignatureAndHashAlgorithm signatureAndHashAlgorithm; + Digest d; + + if (TlsUtils.isTLSv12(context)) + { + signatureAndHashAlgorithm = serverCredentials.getSignatureAndHashAlgorithm(); + if (signatureAndHashAlgorithm == null) + { + throw new TlsFatalAlert(AlertDescription.internal_error); + } + + d = TlsUtils.createHash(signatureAndHashAlgorithm.getHash()); + } + else + { + signatureAndHashAlgorithm = null; + d = new CombinedHash(); + } + SecurityParameters securityParameters = context.getSecurityParameters(); d.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length); d.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length); @@ -56,10 +77,7 @@ public class TlsDHEKeyExchange byte[] signature = serverCredentials.generateCertificateSignature(hash); - /* - * TODO RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 - */ - DigitallySigned signed_params = new DigitallySigned(null, signature); + DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature); signed_params.encode(buf); return buf.toByteArray(); |