diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-19 15:12:59 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-19 15:12:59 +0400 |
commit | 14fa6ce5353addb53e5199c4de8e1cc307ceb9b1 (patch) | |
tree | 8aaa616d0cd51aff25630c1c08c0fbef8bba6e29 /core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java | |
parent | 839f4b348a9e576992a37b8e68caa368460a6e36 (diff) |
Use explicit DigitallySigned struct instead of simple signature
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java index 66f3e170..97e84765 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java @@ -5,13 +5,10 @@ import java.io.IOException; import java.io.InputStream; import java.util.Vector; -import org.bouncycastle.crypto.AsymmetricCipherKeyPair; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.Signer; import org.bouncycastle.crypto.io.SignerInputStream; import org.bouncycastle.crypto.params.DHParameters; -import org.bouncycastle.crypto.params.DHPrivateKeyParameters; -import org.bouncycastle.crypto.params.DHPublicKeyParameters; public class TlsDHEKeyExchange extends TlsDHKeyExchange @@ -60,11 +57,13 @@ public class TlsDHEKeyExchange byte[] hash = new byte[d.getDigestSize()]; d.doFinal(hash, 0); - byte[] sigBytes = serverCredentials.generateCertificateSignature(hash); + byte[] signature = serverCredentials.generateCertificateSignature(hash); + /* - * TODO RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm prepended from TLS 1.2 + * TODO RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 */ - TlsUtils.writeOpaque16(sigBytes, buf); + DigitallySigned signed_params = new DigitallySigned(null, signature); + signed_params.encode(buf); return buf.toByteArray(); } @@ -77,15 +76,16 @@ public class TlsDHEKeyExchange Signer signer = initVerifyer(tlsSigner, securityParameters); InputStream sigIn = new SignerInputStream(input, signer); - ServerDHParams serverDHParams = ServerDHParams.parse(sigIn); + ServerDHParams params = ServerDHParams.parse(sigIn); + + DigitallySigned signed_params = DigitallySigned.parse(context, input); - byte[] sigBytes = TlsUtils.readOpaque16(input); - if (!signer.verifySignature(sigBytes)) + if (!signer.verifySignature(signed_params.getSignature())) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } - this.dhAgreeServerPublicKey = TlsDHUtils.validateDHPublicKey(serverDHParams.getPublicKey()); + this.dhAgreeServerPublicKey = TlsDHUtils.validateDHPublicKey(params.getPublicKey()); } protected Signer initVerifyer(TlsSigner tlsSigner, SecurityParameters securityParameters) |