Add TLS 1.2 support for raw signatures/verification

1 files changed, 34 insertions, 15 deletions

diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java
index 6728eb42..4cb80040 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java
@@ -13,48 +13,67 @@ import org.bouncycastle.crypto.signers.DSADigestSigner;
 public abstract class TlsDSASigner
     extends AbstractTlsSigner
 {
-    public byte[] generateRawSignature(AsymmetricKeyParameter privateKey, byte[] md5AndSha1)
+    public byte[] generateRawSignature(SignatureAndHashAlgorithm algorithm,
+        AsymmetricKeyParameter privateKey, byte[] hash)
         throws CryptoException
     {
-        // Note: Only use the SHA1 part of the hash
-        Signer signer = makeSigner(new NullDigest(), true,
+        Signer signer = makeSigner(algorithm, true, true,
             new ParametersWithRandom(privateKey, this.context.getSecureRandom()));
-        signer.update(md5AndSha1, 16, 20);
+        if (algorithm == null)
+        {
+            // Note: Only use the SHA1 part of the (MD5/SHA1) hash
+            signer.update(hash, 16, 20);
+        }
+        else
+        {
+            signer.update(hash, 0, hash.length);
+        }
         return signer.generateSignature();
     }
 
-    public boolean verifyRawSignature(byte[] sigBytes, AsymmetricKeyParameter publicKey, byte[] md5AndSha1)
+    public boolean verifyRawSignature(SignatureAndHashAlgorithm algorithm, byte[] sigBytes,
+        AsymmetricKeyParameter publicKey, byte[] hash)
         throws CryptoException
     {
-        // Note: Only use the SHA1 part of the hash
-        Signer signer = makeSigner(new NullDigest(), false, publicKey);
-        signer.update(md5AndSha1, 16, 20);
+        Signer signer = makeSigner(algorithm, true, false, publicKey);
+        if (algorithm == null)
+        {
+            // Note: Only use the SHA1 part of the (MD5/SHA1) hash
+            signer.update(hash, 16, 20);
+        }
+        else
+        {
+            signer.update(hash, 0, hash.length);
+        }
         return signer.verifySignature(sigBytes);
     }
 
     public Signer createSigner(SignatureAndHashAlgorithm algorithm, AsymmetricKeyParameter privateKey)
     {
-        return makeSigner(algorithm, true, new ParametersWithRandom(privateKey, this.context.getSecureRandom()));
+        return makeSigner(algorithm, false, true, new ParametersWithRandom(privateKey, this.context.getSecureRandom()));
     }
 
     public Signer createVerifyer(SignatureAndHashAlgorithm algorithm, AsymmetricKeyParameter publicKey)
     {
-        return makeSigner(algorithm, false, publicKey);
+        return makeSigner(algorithm, false, false, publicKey);
     }
 
-    protected Signer makeSigner(SignatureAndHashAlgorithm algorithm, boolean forSigning, CipherParameters cp)
+    protected Signer makeSigner(SignatureAndHashAlgorithm algorithm, boolean raw, boolean forSigning,
+        CipherParameters cp)
     {
+        if ((algorithm != null) != TlsUtils.isTLSv12(context))
+        {
+            throw new IllegalStateException();
+        }
+
         if (algorithm != null
             && (algorithm.getHash() != HashAlgorithm.sha1 || algorithm.getSignature() != getSignatureAlgorithm()))
         {
             throw new IllegalStateException();
         }
 
-        return makeSigner(TlsUtils.createHash(HashAlgorithm.sha1), forSigning, cp);
-    }
+        Digest d = raw ? new NullDigest() : TlsUtils.createHash(HashAlgorithm.sha1);
 
-    protected Signer makeSigner(Digest d, boolean forSigning, CipherParameters cp)
-    {
         Signer s = new DSADigestSigner(createDSAImpl(), d);
         s.init(forSigning, cp);
         return s;