0x79, 0x00,
);
+/**
+ * TLS 1.3 static part of the data the peer signs (64 spaces followed by the
+ * context string "TLS 1.3, client CertificateVerify" and a 0 byte).
+ */
+static chunk_t tls13_sig_data_client = chunk_from_chars(
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x2c,
+ 0x20, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20,
+ 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+ 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, 0x69, 0x66,
+ 0x79, 0x00,
+);
+
METHOD(tls_crypto_t, sign, bool,
private_tls_crypto_t *this, private_key_t *key, bio_writer_t *writer,
chunk_t data, chunk_t hashsig)
return FALSE;
}
- data = chunk_cata("cm", tls13_sig_data_server, transcript_hash);
+ if (this->tls->is_server(this->tls))
+ {
+ data = chunk_cata("cm", tls13_sig_data_client, transcript_hash);
+ }
+ else
+ {
+ data = chunk_cata("cm", tls13_sig_data_server, transcript_hash);
+ }
}
if (!key->verify(key, params->scheme, params->params, data, sig))
{
projects / thirdparty / strongswan.git / blobdiff