[prev in list] [next in list] [prev in thread] [next in thread]
List: bouncycastle-crypto-dev
Subject: Re: Spam:********, [dev-crypto] TLS 1.2 TlsECDHEKeyExchange expect Signature in wrong format
From: Hauke Mehrtens <hauke () hauke-m ! de>
Date: 2013-09-29 12:04:26
Message-ID: 5248174A.7010003 () hauke-m ! de
[Download RAW message or body]
Hi Peter,
On 09/29/2013 04:42 AM, Peter Dettman wrote:
> RFC 5246 updated RFC 4492. The digitally-signed element was changed to
> include a signature algorithm field before the actual signature. This
> change affects RFC 4492 digitally-signed elements when TLS 1.2 is
> negotiated. Please see RFC 5246, Appendix A.7. Changes to RFC 4492.
Thanks for the info, I haven't seen RFC 5246, Appendix A.7, I should
have read the full document and not the parts that I though are
relevant. ;-) I will change my implementation and go further with testing.
> Note that the signatures are now over a single hash (as specified in the
> DigitallySigned struct) instead of the MD5/SHA1 combination, and the
> actual signature format is also changed for RSA (to RSASSA-PKCS1-v1_5,
> which includes a DigestInfo encoding). Please see RFC 5246 4.7.
> Cryptographic Attributes
>
> Regards,
> Pete Dettman
>
> On 29/09/2013 1:16 AM, Hauke Mehrtens wrote:
>> Bouncycastle expected a SignatureAndHashAlgorithm when TLS 1.2 is used
>> in the Signature of the ServerKeyExchange. This is in
>> TlsECDHEKeyExchange.processServerKeyExchange() where
>> DigitallySigned.parse() is called.
>>
>> In RFC 4492 it only references to Signature without a
>> SignatureAndHashAlgorithm.
>>
>> struct {
>> ECParameters curve_params;
>> ECPoint public;
>> } ServerECDHParams;
>>
>> select (SignatureAlgorithm) {
>> case ecdsa:
>> digitally-signed struct {
>> opaque sha_hash[sha_size];
>> };
>> } Signature;
>>
>> select (KeyExchangeAlgorithm) {
>> case ec_diffie_hellman:
>> ServerECDHParams params;
>> Signature signed_params;
>> } ServerKeyExchange;
>>
>> In RFC 5246 DigitallySigned is added which has a
>> SignatureAndHashAlgorithm, but this is not Signature and I can not find
>> a new definition of the Signature in RFC 5246.
>>
>> struct {
>> SignatureAndHashAlgorithm algorithm;
>> opaque signature<0..2^16-1>;
>> } DigitallySigned;
>>
>> We already had problems to determine the correct hash algorithm used for
>> such a signature based on the RFC's when we tested with other TLS
>> implementations.
>>
>> Hauke
>>
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic