diff options
author | Andreas Reiter <andreas.reiter@iaik.tugraz.at> | 2014-04-16 07:08:17 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-04-16 07:08:17 +0400 |
commit | 6b818d940a53ab2821fe5128c90fb948d25526f9 (patch) | |
tree | 601cb11b40378984b364dd866434876e85e90d77 /core/src/main/java/org/bouncycastle/crypto/tls | |
parent | f7648ab09458a8554960d6b90cee4d8933109a49 (diff) |
Use explicit hash in certificateVerify verification for DTLS 1.2
Signed-off-by: Peter Dettman <peter.dettman@bouncycastle.org>
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java index ac11b8ea..e1699bb0 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java @@ -475,17 +475,19 @@ public class DTLSServerProtocol TlsProtocol.assertEmpty(buf); - if (TlsUtils.isTLSv12(state.serverContext)) - { - throw new TlsFatalAlert(AlertDescription.decrypt_error); - } - // Verify the CertificateVerify message contains a correct signature. boolean verified = false; try { - // TODO For TLS 1.2, this needs to be the hash specified in the DigitallySigned - byte[] certificateVerifyHash = TlsProtocol.getCurrentPRFHash(state.serverContext, prepareFinishHash, null); + byte[] certificateVerifyHash; + if (TlsUtils.isTLSv12(state.serverContext)) + { + certificateVerifyHash = prepareFinishHash.getFinalHash(clientCertificateVerify.getAlgorithm().getHash()); + } + else + { + certificateVerifyHash = TlsProtocol.getCurrentPRFHash(state.serverContext, prepareFinishHash, null); + } org.bouncycastle.asn1.x509.Certificate x509Cert = state.clientCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); |