diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-09-01 18:31:10 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-09-01 18:31:10 +0400 |
commit | 61079ceeeab6a248e6e641c526cbd0b95735e437 (patch) | |
tree | 7415f25d3bf206961e29c94c1dfc0222fb06bbaa /core/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java | |
parent | 0a46c92ae767c0be4af1f744a20afe9b8ca6a51f (diff) |
Add TLS 1.2 support for raw signatures/verification
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java | 49 |
1 files changed, 34 insertions, 15 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java index 6728eb42..4cb80040 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java @@ -13,48 +13,67 @@ import org.bouncycastle.crypto.signers.DSADigestSigner; public abstract class TlsDSASigner extends AbstractTlsSigner { - public byte[] generateRawSignature(AsymmetricKeyParameter privateKey, byte[] md5AndSha1) + public byte[] generateRawSignature(SignatureAndHashAlgorithm algorithm, + AsymmetricKeyParameter privateKey, byte[] hash) throws CryptoException { - // Note: Only use the SHA1 part of the hash - Signer signer = makeSigner(new NullDigest(), true, + Signer signer = makeSigner(algorithm, true, true, new ParametersWithRandom(privateKey, this.context.getSecureRandom())); - signer.update(md5AndSha1, 16, 20); + if (algorithm == null) + { + // Note: Only use the SHA1 part of the (MD5/SHA1) hash + signer.update(hash, 16, 20); + } + else + { + signer.update(hash, 0, hash.length); + } return signer.generateSignature(); } - public boolean verifyRawSignature(byte[] sigBytes, AsymmetricKeyParameter publicKey, byte[] md5AndSha1) + public boolean verifyRawSignature(SignatureAndHashAlgorithm algorithm, byte[] sigBytes, + AsymmetricKeyParameter publicKey, byte[] hash) throws CryptoException { - // Note: Only use the SHA1 part of the hash - Signer signer = makeSigner(new NullDigest(), false, publicKey); - signer.update(md5AndSha1, 16, 20); + Signer signer = makeSigner(algorithm, true, false, publicKey); + if (algorithm == null) + { + // Note: Only use the SHA1 part of the (MD5/SHA1) hash + signer.update(hash, 16, 20); + } + else + { + signer.update(hash, 0, hash.length); + } return signer.verifySignature(sigBytes); } public Signer createSigner(SignatureAndHashAlgorithm algorithm, AsymmetricKeyParameter privateKey) { - return makeSigner(algorithm, true, new ParametersWithRandom(privateKey, this.context.getSecureRandom())); + return makeSigner(algorithm, false, true, new ParametersWithRandom(privateKey, this.context.getSecureRandom())); } public Signer createVerifyer(SignatureAndHashAlgorithm algorithm, AsymmetricKeyParameter publicKey) { - return makeSigner(algorithm, false, publicKey); + return makeSigner(algorithm, false, false, publicKey); } - protected Signer makeSigner(SignatureAndHashAlgorithm algorithm, boolean forSigning, CipherParameters cp) + protected Signer makeSigner(SignatureAndHashAlgorithm algorithm, boolean raw, boolean forSigning, + CipherParameters cp) { + if ((algorithm != null) != TlsUtils.isTLSv12(context)) + { + throw new IllegalStateException(); + } + if (algorithm != null && (algorithm.getHash() != HashAlgorithm.sha1 || algorithm.getSignature() != getSignatureAlgorithm())) { throw new IllegalStateException(); } - return makeSigner(TlsUtils.createHash(HashAlgorithm.sha1), forSigning, cp); - } + Digest d = raw ? new NullDigest() : TlsUtils.createHash(HashAlgorithm.sha1); - protected Signer makeSigner(Digest d, boolean forSigning, CipherParameters cp) - { Signer s = new DSADigestSigner(createDSAImpl(), d); s.init(forSigning, cp); return s; |