[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bouncycastle-crypto-dev
Subject:    [dev-crypto] TLS 1.2 TlsECDHEKeyExchange expect Signature in wrong format
From:       Hauke Mehrtens <hauke () hauke-m ! de>
Date:       2013-09-28 18:16:20
Message-ID: 52471CF4.70502 () hauke-m ! de
[Download RAW message or body]

Bouncycastle expected a SignatureAndHashAlgorithm when TLS 1.2 is used
in the Signature of the ServerKeyExchange. This is in
TlsECDHEKeyExchange.processServerKeyExchange() where
DigitallySigned.parse() is called.

In RFC 4492 it only references to Signature without a
SignatureAndHashAlgorithm.

        struct {
            ECParameters    curve_params;
            ECPoint         public;
        } ServerECDHParams;

          select (SignatureAlgorithm) {
              case ecdsa:
                  digitally-signed struct {
                      opaque sha_hash[sha_size];
                  };
          } Signature;

        select (KeyExchangeAlgorithm) {
            case ec_diffie_hellman:
                ServerECDHParams    params;
                Signature           signed_params;
        } ServerKeyExchange;

In  RFC 5246 DigitallySigned is added which has a
SignatureAndHashAlgorithm, but this is not Signature and I can not find
a new definition of the Signature in RFC 5246.

      struct {
         SignatureAndHashAlgorithm algorithm;
         opaque signature<0..2^16-1>;
      } DigitallySigned;

We already had problems to determine the correct hash algorithm used for
such a signature based on the RFC's when we tested with other TLS
implementations.

Hauke

[prev in list] [next in list] [prev in thread] [next in thread]