Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/quite/humla-spongycastle.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2013-06-19 15:12:59 +0400
committerPeter Dettman <peter.dettman@bouncycastle.org>2013-06-19 15:12:59 +0400
commit14fa6ce5353addb53e5199c4de8e1cc307ceb9b1 (patch)
tree8aaa616d0cd51aff25630c1c08c0fbef8bba6e29 /core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java
parent839f4b348a9e576992a37b8e68caa368460a6e36 (diff)
Use explicit DigitallySigned struct instead of simple signature
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java')
-rw-r--r--core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java20
1 files changed, 10 insertions, 10 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java
index 66f3e170..97e84765 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java
@@ -5,13 +5,10 @@ import java.io.IOException;
import java.io.InputStream;
import java.util.Vector;
-import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.io.SignerInputStream;
import org.bouncycastle.crypto.params.DHParameters;
-import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
-import org.bouncycastle.crypto.params.DHPublicKeyParameters;
public class TlsDHEKeyExchange
extends TlsDHKeyExchange
@@ -60,11 +57,13 @@ public class TlsDHEKeyExchange
byte[] hash = new byte[d.getDigestSize()];
d.doFinal(hash, 0);
- byte[] sigBytes = serverCredentials.generateCertificateSignature(hash);
+ byte[] signature = serverCredentials.generateCertificateSignature(hash);
+
/*
- * TODO RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm prepended from TLS 1.2
+ * TODO RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2
*/
- TlsUtils.writeOpaque16(sigBytes, buf);
+ DigitallySigned signed_params = new DigitallySigned(null, signature);
+ signed_params.encode(buf);
return buf.toByteArray();
}
@@ -77,15 +76,16 @@ public class TlsDHEKeyExchange
Signer signer = initVerifyer(tlsSigner, securityParameters);
InputStream sigIn = new SignerInputStream(input, signer);
- ServerDHParams serverDHParams = ServerDHParams.parse(sigIn);
+ ServerDHParams params = ServerDHParams.parse(sigIn);
+
+ DigitallySigned signed_params = DigitallySigned.parse(context, input);
- byte[] sigBytes = TlsUtils.readOpaque16(input);
- if (!signer.verifySignature(sigBytes))
+ if (!signer.verifySignature(signed_params.getSignature()))
{
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
- this.dhAgreeServerPublicKey = TlsDHUtils.validateDHPublicKey(serverDHParams.getPublicKey());
+ this.dhAgreeServerPublicKey = TlsDHUtils.validateDHPublicKey(params.getPublicKey());
}
protected Signer initVerifyer(TlsSigner tlsSigner, SecurityParameters securityParameters)
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-07 11:57:17 +0300