发表文章

[Java] d)TLS 1.2 certificate_verify 哈希算法未正确确定 (D)TLS 1.2 certificate_verify hashing algorithm not correctly determined[bc-java]

areiter 2017-10-9 28

有一个 TODO, 它指出哈希算法需要从 DigitallySigned 结构中取出, 但它当前实现的方式在任何情况下都不能通过使用 TLS1.2 来验证。
我附加的差异, 使其 DTLS1.2 兼容, 但没有验证, 如果现有的代码是兼容版本较低的 DTLS1。2

index c78cb95..8ac08c8 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
@@ -478,8 +478,14 @@ protected void processCertificateVerify(ServerHandshakeState state, byte[] body,
         // Verify the CertificateVerify message contains a correct signature.
         try
         {
-            // TODO For TLS 1.2, this needs to be the hash specified in the DigitallySigned
-            byte[] certificateVerifyHash = TlsProtocol.getCurrentPRFHash(state.serverContext, prepareFinishHash, null);
+           byte[] certificateVerifyHash;
+           
+            // TODO Cross check with specification
+           if(TlsUtils.isTLSv12(state.serverContext)){
+               certificateVerifyHash = prepareFinishHash.getFinalHash(clientCertificateVerify.algorithm.getHash());
+           } else {        
+               certificateVerifyHash = TlsProtocol.getCurrentPRFHash(state.serverContext, prepareFinishHash, null);
+           }

             org.bouncycastle.asn1.x509.Certificate x509Cert = state.clientCertificate.getCertificateAt(0);
             SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo();
原文:

There is a TODO which states that the hashing algorithm needs to be taken from the DigitallySigned structure, but the way it is currently implemented it is not verifiable in any case using TLS1.2.
I attached the diff to make it DTLS1.2 compatible, but have not verified if the existing code is compatible with versions lower DTLS1.2

index c78cb95..8ac08c8 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
@@ -478,8 +478,14 @@ protected void processCertificateVerify(ServerHandshakeState state, byte[] body,
         // Verify the CertificateVerify message contains a correct signature.
         try
         {
-            // TODO For TLS 1.2, this needs to be the hash specified in the DigitallySigned
-            byte[] certificateVerifyHash = TlsProtocol.getCurrentPRFHash(state.serverContext, prepareFinishHash, null);
+           byte[] certificateVerifyHash;
+           
+            // TODO Cross check with specification
+           if(TlsUtils.isTLSv12(state.serverContext)){
+               certificateVerifyHash = prepareFinishHash.getFinalHash(clientCertificateVerify.algorithm.getHash());
+           } else {        
+               certificateVerifyHash = TlsProtocol.getCurrentPRFHash(state.serverContext, prepareFinishHash, null);
+           }

             org.bouncycastle.asn1.x509.Certificate x509Cert = state.clientCertificate.getCertificateAt(0);
             SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo();
相关推荐
最新评论 (2)
peterdettman 2017-10-9
1

谢谢安德烈, 我已经完成了您描述的实现, 并且已经添加了与 TLS 1.2.Test 覆盖率相同的内容来审核各种客户端身份验证方案 (参见 TlsTestSuite. java)。现在可以使用新的 beta 151b12 (http://downloads.bouncycastle.org/betas/), 包括此和其他修复程序。

原文:

Thanks Andreas, I've completed the implementation as you describe, and the equivalent for TLS 1.2.Test coverage has been added to vet various client-authentication scenarios (see TlsTestSuite.java). A new beta 151b12 is now available (http://downloads.bouncycastle.org/betas/) including this and other fixes.

peterdettman 2017-10-9
2

也有 DTLSTestSuite;某些测试在默认情况下是禁用的, 因为它们没有干净的出口, 但它们可以手动运行并在那里显示正确的客户端身份验证行为。

原文:

There is also DTLSTestSuite; some tests are disabled by default because they don't have clean exits, but they can be run manually and show correct client-authentication behaviour there too.

返回
发表文章
areiter
文章数
2
评论数
1
注册排名
60883