From 1279f9b0838df165a4e16c04d36f455936690412 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Mon, 20 May 2013 18:11:29 +0700 Subject: Verify CertificateVerify signature in DTLS --- .../crypto/tls/DTLSServerProtocol.java | 25 +++++++++++++++++----- .../bouncycastle/crypto/tls/TlsServerProtocol.java | 2 +- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java index 4a3139ac..4ff11a1e 100644 --- a/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java +++ b/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java @@ -7,6 +7,9 @@ import java.security.SecureRandom; import java.util.Hashtable; import java.util.Vector; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.crypto.params.AsymmetricKeyParameter; +import org.bouncycastle.crypto.util.PublicKeyFactory; import org.bouncycastle.util.Arrays; public class DTLSServerProtocol extends DTLSProtocol { @@ -366,7 +369,7 @@ public class DTLSServerProtocol extends DTLSProtocol { notifyClientCertificate(state, clientCertificate); } - protected void processCertificateVerify(ServerHandshakeState state, byte[] body, byte[] handshakeHash) + protected void processCertificateVerify(ServerHandshakeState state, byte[] body, byte[] certificateVerifyHash) throws IOException { ByteArrayInputStream buf = new ByteArrayInputStream(body); @@ -375,7 +378,19 @@ public class DTLSServerProtocol extends DTLSProtocol { TlsProtocol.assertEmpty(buf); - // TODO Verify the signature against the client certificate + // Verify the CertificateVerify message contains a correct signature. + try { + TlsSigner tlsSigner = TlsUtils.createTlsSigner(state.clientCertificateType); + tlsSigner.init(state.serverContext); + + org.bouncycastle.asn1.x509.Certificate x509Cert = state.clientCertificate.getCertificateAt(0); + SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); + AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(keyInfo); + + tlsSigner.verifyRawSignature(clientCertificateSignature, publicKey, certificateVerifyHash); + } catch (Exception e) { + throw new TlsFatalAlert(AlertDescription.decrypt_error); + } } protected void processClientHello(ServerHandshakeState state, byte[] body) throws IOException { @@ -440,9 +455,9 @@ public class DTLSServerProtocol extends DTLSProtocol { */ { /* - * RFC 5746 3.4. The client MUST include either an empty "renegotiation_info" extension, or - * the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the ClientHello. - * Including both is NOT RECOMMENDED. + * RFC 5746 3.4. The client MUST include either an empty "renegotiation_info" extension, + * or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the + * ClientHello. Including both is NOT RECOMMENDED. */ /* diff --git a/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java b/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java index 9bbe76b9..b26e5b33 100644 --- a/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java +++ b/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java @@ -385,7 +385,7 @@ public class TlsServerProtocol extends TlsProtocol { SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(keyInfo); - tlsSigner.verifyRawSignature(clientCertificateSignature, publicKey, certificateVerifyHash); + tlsSigner.verifyRawSignature(clientCertificateSignature, publicKey, this.certificateVerifyHash); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } -- cgit v1.2.3