diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-11-17 15:54:45 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-11-17 15:54:45 +0400 |
commit | 6a190004982f1e9456ccc9c1d6f0acdd37bd8dea (patch) | |
tree | c229d80233c359b23e3d1dbc91c4a53c3c0f779e /core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java | |
parent | 3e7f55745c18119e852bd31ce491c28f53c3387b (diff) |
Refactoring around DeferredHash so that for (D)TLS 1.2 we can snapshot
any/all hashes that might be needed for CertificateVerify.
Defer the actual CertificateVerify hash calculation at the server until
after we have seen the DigitallySigned.
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java | 27 |
1 files changed, 10 insertions, 17 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java index 5256d2e4..b2c392c8 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java @@ -23,7 +23,7 @@ public class TlsServerProtocol protected CertificateRequest certificateRequest = null; protected short clientCertificateType = -1; - protected byte[] certificateVerifyHash = null; + protected TlsHandshakeHash prepareFinishHash = null; public TlsServerProtocol(InputStream input, OutputStream output, SecureRandom secureRandom) { @@ -70,7 +70,7 @@ public class TlsServerProtocol this.keyExchange = null; this.serverCredentials = null; this.certificateRequest = null; - this.certificateVerifyHash = null; + this.prepareFinishHash = null; } protected AbstractTlsContext getContext() @@ -282,7 +282,7 @@ public class TlsServerProtocol * signing capability (i.e., all certificates except those containing fixed * Diffie-Hellman parameters). */ - if (this.certificateVerifyHash == null) + if (!expectCertificateVerifyMessage()) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } @@ -290,8 +290,6 @@ public class TlsServerProtocol receiveCertificateVerifyMessage(buf); this.connection_state = CS_CERTIFICATE_VERIFY; - this.recordStream.getHandshakeHash().stopTracking(); - break; } default: @@ -305,7 +303,7 @@ public class TlsServerProtocol { case CS_CLIENT_KEY_EXCHANGE: { - if (this.certificateVerifyHash != null) + if (expectCertificateVerifyMessage()) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } @@ -434,6 +432,9 @@ public class TlsServerProtocol // Verify the CertificateVerify message contains a correct signature. try { + // TODO For TLS 1.2, this needs to be the hash specified in the DigitallySigned + byte[] certificateVerifyHash = getCurrentPRFHash(getContext(), prepareFinishHash, null); + org.bouncycastle.asn1.x509.Certificate x509Cert = this.peerCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(keyInfo); @@ -441,7 +442,7 @@ public class TlsServerProtocol TlsSigner tlsSigner = TlsUtils.createTlsSigner(this.clientCertificateType); tlsSigner.init(getContext()); tlsSigner.verifyRawSignature(clientCertificateVerify.getAlgorithm(), - clientCertificateVerify.getSignature(), publicKey, this.certificateVerifyHash); + clientCertificateVerify.getSignature(), publicKey, certificateVerifyHash); } catch (Exception e) { @@ -568,20 +569,12 @@ public class TlsServerProtocol establishMasterSecret(getContext(), keyExchange); recordStream.setPendingConnectionState(getPeer().getCompression(), getPeer().getCipher()); + this.prepareFinishHash = recordStream.prepareToFinish(); + if (!expectSessionTicket) { sendChangeCipherSpecMessage(); } - - if (expectCertificateVerifyMessage()) - { - // TODO For TLS 1.2, this can't be calculated until we see what hash algorithm the sender used - this.certificateVerifyHash = recordStream.getCurrentPRFHash(null); - } - else - { - this.recordStream.getHandshakeHash().stopTracking(); - } } protected void sendCertificateRequestMessage(CertificateRequest certificateRequest) |