[prev in list] [next in list] [prev in thread] [next in thread]
List: bouncycastle-crypto-dev
Subject: [dev-crypto] TLS 1.2 TlsECDHEKeyExchange expect Signature in wrong format
From: Hauke Mehrtens <hauke () hauke-m ! de>
Date: 2013-09-28 18:16:20
Message-ID: 52471CF4.70502 () hauke-m ! de
[Download RAW message or body]
Bouncycastle expected a SignatureAndHashAlgorithm when TLS 1.2 is used
in the Signature of the ServerKeyExchange. This is in
TlsECDHEKeyExchange.processServerKeyExchange() where
DigitallySigned.parse() is called.
In RFC 4492 it only references to Signature without a
SignatureAndHashAlgorithm.
struct {
ECParameters curve_params;
ECPoint public;
} ServerECDHParams;
select (SignatureAlgorithm) {
case ecdsa:
digitally-signed struct {
opaque sha_hash[sha_size];
};
} Signature;
select (KeyExchangeAlgorithm) {
case ec_diffie_hellman:
ServerECDHParams params;
Signature signed_params;
} ServerKeyExchange;
In RFC 5246 DigitallySigned is added which has a
SignatureAndHashAlgorithm, but this is not Signature and I can not find
a new definition of the Signature in RFC 5246.
struct {
SignatureAndHashAlgorithm algorithm;
opaque signature<0..2^16-1>;
} DigitallySigned;
We already had problems to determine the correct hash algorithm used for
such a signature based on the RFC's when we tested with other TLS
implementations.
Hauke
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic