diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-09-07 14:59:13 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-09-07 14:59:13 +0400 |
commit | be3d25591ffd0c6e2066e943c1b39aaec9cd6f20 (patch) | |
tree | 4b8ea7eabb414dc283e23e3171331fda03fa18ba /core/src/main/java/org/bouncycastle/crypto/tls/TlsSRPKeyExchange.java | |
parent | e95297ba62e1c77e876c6f774f34444d75d97304 (diff) |
Update server key exchange verifyers for TLS 1.2
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/TlsSRPKeyExchange.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsSRPKeyExchange.java | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsSRPKeyExchange.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsSRPKeyExchange.java index 15929582..fc010ab0 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsSRPKeyExchange.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsSRPKeyExchange.java @@ -13,10 +13,10 @@ import org.bouncycastle.crypto.Signer; import org.bouncycastle.crypto.agreement.srp.SRP6Client; import org.bouncycastle.crypto.agreement.srp.SRP6Util; import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.io.SignerInputStream; import org.bouncycastle.crypto.params.AsymmetricKeyParameter; import org.bouncycastle.crypto.util.PublicKeyFactory; import org.bouncycastle.util.BigIntegers; +import org.bouncycastle.util.io.TeeInputStream; /** * TLS 1.1 SRP key exchange (RFC 5054). @@ -116,24 +116,26 @@ public class TlsSRPKeyExchange extends AbstractTlsKeyExchange { SecurityParameters securityParameters = context.getSecurityParameters(); - InputStream sigIn = input; - Signer signer = null; + SignerInputBuffer buf = null; + InputStream teeIn = input; if (tlsSigner != null) { - signer = initVerifyer(tlsSigner, securityParameters); - sigIn = new SignerInputStream(input, signer); + buf = new SignerInputBuffer(); + teeIn = new TeeInputStream(input, buf); } - byte[] NBytes = TlsUtils.readOpaque16(sigIn); - byte[] gBytes = TlsUtils.readOpaque16(sigIn); - byte[] sBytes = TlsUtils.readOpaque8(sigIn); - byte[] BBytes = TlsUtils.readOpaque16(sigIn); + byte[] NBytes = TlsUtils.readOpaque16(teeIn); + byte[] gBytes = TlsUtils.readOpaque16(teeIn); + byte[] sBytes = TlsUtils.readOpaque8(teeIn); + byte[] BBytes = TlsUtils.readOpaque16(teeIn); - if (signer != null) + if (buf != null) { DigitallySigned signed_params = DigitallySigned.parse(context, input); + Signer signer = initVerifyer(tlsSigner, signed_params.getAlgorithm(), securityParameters); + buf.updateSigner(signer); if (!signer.verifySignature(signed_params.getSignature())) { throw new TlsFatalAlert(AlertDescription.decrypt_error); @@ -193,9 +195,9 @@ public class TlsSRPKeyExchange extends AbstractTlsKeyExchange } } - protected Signer initVerifyer(TlsSigner tlsSigner, SecurityParameters securityParameters) + protected Signer initVerifyer(TlsSigner tlsSigner, SignatureAndHashAlgorithm algorithm, SecurityParameters securityParameters) { - Signer signer = tlsSigner.createVerifyer(this.serverPublicKey); + Signer signer = tlsSigner.createVerifyer(algorithm, this.serverPublicKey); signer.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length); signer.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length); return signer; |