fix(tls): TLS12 sig and digest

Author: developStorm

tls/cipher_suites.go

@@ -555,31 +555,32 @@ func tls10MAC(h hash.Hash, out, seq, header, data, extra []byte) []byte {
 }
 
 func rsaKA(version uint16) keyAgreement {
-	return rsaKeyAgreement{}
-}
-
-/* TODO
-func rsaEphemeralKA(version uint16) keyAgreement {
-	return &rsaKeyAgreement{
-		version:   version,
-		ephemeral: true,
+	return rsaKeyAgreement{
 		auth: &signedKeyAgreement{
 			sigType: signatureRSA,
 			version: version,
-		},
-	}
+		}}
 }
-*/
 
 func ecdheECDSAKA(version uint16) keyAgreement {
 	return &ecdheKeyAgreement{
+		auth: &signedKeyAgreement{
+			sigType: signatureECDSA,
+			version: version,
+		},
+
 		isRSA:   false,
 		version: version,
 	}
 }
 
 func ecdheRSAKA(version uint16) keyAgreement {
 	return &ecdheKeyAgreement{
+		auth: &signedKeyAgreement{
+			sigType: signatureRSA,
+			version: version,
+		},
+
 		isRSA:   true,
 		version: version,
 	}

tls/key_agreement.go

@@ -205,6 +205,7 @@ func (ka *signedKeyAgreement) verifyParameters(config *Config, clientHello *clie
 // rsaKeyAgreement implements the standard TLS key agreement where the client
 // encrypts the pre-master secret to the server's public key.
 type rsaKeyAgreement struct {
+	auth        keyAgreementAuthentication
 	verifyError error
 }
 
@@ -381,6 +382,8 @@ func pickTLS12HashForSignature(sigType uint8, clientList, serverList []SigAndHas
 // pre-master secret is then calculated using ECDH. The signature may
 // be ECDSA, Ed25519 or RSA.
 type ecdheKeyAgreement struct {
+	auth keyAgreementAuthentication
+
 	version uint16
 	isRSA   bool
 	params  ecdheParameters
@@ -570,7 +573,21 @@ func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHell
 	sig = sig[2:]
 
 	signed := hashForServerKeyExchange(sigType, sigHash, ka.version, clientHello.random, serverHello.random, serverECDHEParams)
-	if ka.verifyError = verifyHandshakeSignature(sigType, cert.PublicKey, sigHash, signed, sig); ka.verifyError != nil {
+	ka.verifyError = verifyHandshakeSignature(sigType, cert.PublicKey, sigHash, signed, sig)
+
+	// For logging purposes
+	skx.digest = signed
+	switch auth := ka.auth.(type) {
+	case *signedKeyAgreement:
+		auth.raw = sig
+		auth.valid = ka.verifyError == nil
+		auth.sh.Signature = sigType
+		auth.sh.Hash = uint8(sigHash)
+	default:
+		break
+	}
+
+	if ka.verifyError != nil {
 		return errors.New("tls: invalid signature by the server certificate: " + ka.verifyError.Error())
 	}
 	return nil

tls/tls_handshake.go

@@ -434,7 +434,7 @@ func (c *Certificates) addParsed(certs []*x509.Certificate, validation *x509.Val
 func (m *serverKeyExchangeMsg) MakeLog(ka keyAgreement) *ServerKeyExchange {
 	skx := new(ServerKeyExchange)
 	skx.Raw = make([]byte, len(m.key))
-	//var auth keyAgreementAuthentication
+	var auth keyAgreementAuthentication
 	var errAuth error
 	copy(skx.Raw, m.key)
 	skx.Digest = append(make([]byte, 0), m.digest...)
@@ -443,31 +443,29 @@ func (m *serverKeyExchangeMsg) MakeLog(ka keyAgreement) *ServerKeyExchange {
 	switch ka := ka.(type) {
 	case *rsaKeyAgreement:
 		skx.RSAParams = ka.RSAParams()
-		//auth = ka.auth
+		auth = ka.auth
 		errAuth = ka.verifyError
 
 	case *dheKeyAgreement:
 		skx.DHParams = ka.DHParams()
-		//auth = ka.auth
+		auth = ka.auth
 		errAuth = ka.verifyError
 
 	case *ecdheKeyAgreement:
 		skx.ECDHParams = ka.ECDHParams()
-		//auth = ka.auth
+		auth = ka.auth
 		errAuth = ka.verifyError
 	default:
 		break
 	}
 
-	/*
-		// Write out signature
-		switch auth := auth.(type) {
-		case *signedKeyAgreement:
-			skx.Signature = auth.Signature()
-		default:
-			break
-		}
-	*/
+	// Write out signature
+	switch auth := auth.(type) {
+	case *signedKeyAgreement:
+		skx.Signature = auth.Signature()
+	default:
+		break
+	}
 
 	// Write the signature validation error
 	if errAuth != nil {

tls/tls_ka.go

@@ -74,6 +74,20 @@ func signatureTypeToName(sigType uint8) string {
 	return "unknown." + strconv.Itoa(int(sigType))
 }
 
+func (ka *signedKeyAgreement) Signature() *DigitalSignature {
+	out := DigitalSignature{
+		Raw:     ka.raw,
+		Type:    signatureTypeToName(ka.sigType),
+		Valid:   ka.valid,
+		Version: TLSVersion(ka.version),
+	}
+	if ka.version >= VersionTLS12 {
+		out.SigHashExtension = new(SignatureAndHash)
+		*out.SigHashExtension = SignatureAndHash(ka.sh)
+	}
+	return &out
+}
+
 func (ka *rsaKeyAgreement) RSAParams() *jsonKeys.RSAPublicKey {
 	out := new(jsonKeys.RSAPublicKey)
 	//out.PublicKey = ka.publicKey