diff options
Diffstat (limited to 'src/main/java/org/bouncycastle/crypto/tls/TlsRSASigner.java')
| -rw-r--r-- | src/main/java/org/bouncycastle/crypto/tls/TlsRSASigner.java | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/src/main/java/org/bouncycastle/crypto/tls/TlsRSASigner.java b/src/main/java/org/bouncycastle/crypto/tls/TlsRSASigner.java index 7e90e2d4..d9f7975a 100644 --- a/src/main/java/org/bouncycastle/crypto/tls/TlsRSASigner.java +++ b/src/main/java/org/bouncycastle/crypto/tls/TlsRSASigner.java @@ -14,9 +14,13 @@ import org.bouncycastle.crypto.signers.GenericSigner; import org.bouncycastle.crypto.signers.RSADigestSigner; import org.bouncycastle.util.Arrays; -public class TlsRSASigner extends AbstractTlsSigner { +public class TlsRSASigner + extends AbstractTlsSigner +{ - public byte[] generateRawSignature(AsymmetricKeyParameter privateKey, byte[] md5AndSha1) throws CryptoException { + public byte[] generateRawSignature(AsymmetricKeyParameter privateKey, byte[] md5AndSha1) + throws CryptoException + { AsymmetricBlockCipher engine = createRSAImpl(); engine.init(true, new ParametersWithRandom(privateKey, this.context.getSecureRandom())); @@ -24,7 +28,8 @@ public class TlsRSASigner extends AbstractTlsSigner { } public boolean verifyRawSignature(byte[] sigBytes, AsymmetricKeyParameter publicKey, byte[] md5AndSha1) - throws CryptoException { + throws CryptoException + { AsymmetricBlockCipher engine = createRSAImpl(); engine.init(false, publicKey); @@ -32,28 +37,35 @@ public class TlsRSASigner extends AbstractTlsSigner { return Arrays.constantTimeAreEqual(signed, md5AndSha1); } - public Signer createSigner(AsymmetricKeyParameter privateKey) { + public Signer createSigner(AsymmetricKeyParameter privateKey) + { return makeSigner(new CombinedHash(), true, new ParametersWithRandom(privateKey, this.context.getSecureRandom())); } - public Signer createVerifyer(AsymmetricKeyParameter publicKey) { + public Signer createVerifyer(AsymmetricKeyParameter publicKey) + { return makeSigner(new CombinedHash(), false, publicKey); } - public boolean isValidPublicKey(AsymmetricKeyParameter publicKey) { + public boolean isValidPublicKey(AsymmetricKeyParameter publicKey) + { return publicKey instanceof RSAKeyParameters && !publicKey.isPrivate(); } - protected Signer makeSigner(Digest d, boolean forSigning, CipherParameters cp) { + protected Signer makeSigner(Digest d, boolean forSigning, CipherParameters cp) + { Signer s; - if (ProtocolVersion.TLSv12.isEqualOrEarlierVersionOf(context.getServerVersion().getEquivalentTLSVersion())) { + if (ProtocolVersion.TLSv12.isEqualOrEarlierVersionOf(context.getServerVersion().getEquivalentTLSVersion())) + { /* * RFC 5246 4.7. In RSA signing, the opaque vector contains the signature generated * using the RSASSA-PKCS1-v1_5 signature scheme defined in [PKCS1]. */ s = new RSADigestSigner(d); - } else { + } + else + { /* * RFC 5246 4.7. Note that earlier versions of TLS used a different RSA signature scheme * that did not include a DigestInfo encoding. @@ -64,7 +76,8 @@ public class TlsRSASigner extends AbstractTlsSigner { return s; } - protected AsymmetricBlockCipher createRSAImpl() { + protected AsymmetricBlockCipher createRSAImpl() + { /* * RFC 5264 7.4.7.1. Implementation note: It is now known that remote timing-based attacks * on TLS are possible, at least when the client and server are on the same LAN. |