Comments (2)
mondain
commented on June 11, 2024
Sequence example from RFC 5764
sequenceDiagram
participant X as Client
participant Y as Server
X->>Y: ClientHello
Y->>X: ServerHello
Y-->>X: Certificate
Y-->>X: ServerKeyExchange
Y-->>X: CertificateRequest
Y->>X: ServerHelloDone
X-->>Y: Certificate
X-->>Y: ClientKeyExchange
X-->>Y: CertificateVerify
X->>Y: ChangeCipherSpec
X->>Y: Finished
Y->>X: ChangeCipherSpec
Y->>X: Finished
Actual sequence in bctls 177 / 1.77
sequenceDiagram
participant X as Client
participant Y as Server
X->>Y: ClientHello
Y->>X: ServerHello
Y-->>X: Certificate
Y-->>X: ServerKeyExchange
Y-->>X: CertificateRequest
Y->>X: ServerHelloDone
X-->>Y: Certificate
X-->>Y: ClientKeyExchange
X-->>Y: CertificateVerify
X->>Y: HelloRequest
from bc-java.
mondain
commented on June 11, 2024
Truncated log output:
From the client end after we've received the server_hello_done and have sent up-to certificate_verify:
Send handshake certificate_verify
output stream write:
16
fe fd
00 00
00 00 00 00 00 03
01 10
0f
0001040003000000000104040101001efe8b5fa5b69c7acd5c5695e861e815956d7fa9f8223c8fadfd5494c75937929322027a97d08fa7593f5c0b2affda30de8f88198666cc7822661908a0cdf337d0a6b8ee742f81c63a60b14a5b742113c3d6079f3edf2e7f3ae502690c53395f34ee7baddd0906b608bab15018cb5593acb968b8144dbf58c01a45d712396fd0c01b23f25eede0910ad0cc380edb83b1de4b7d299c282866f3770de2879c6810e172eebaeedf02a2d6f2e32e8323d9d2993f56798fd7fb4ce7d153bcb2eb7970ae1dd32843e84c6b6f20a88eb4ab663b46bb9cc05a95085d162b0069c8f07dd651dddb40d305e8731837e7056bf1a92bc5194d93bd11c07990beacdfcbbd939d
Sent handshake certificate_verify
Send handshake finished
org.bouncycastle.tls.DTLSRecordLayer - send - buf: 1400000c000400000000000cb998963f6464e0fc82e4e1f0
org.bouncycastle.tls.DTLSRecordLayer - send - inHandshake: true writeEpoch: org.bouncycastle.tls.DTLSEpoch@49ac46f9 retransmitEpoch: null
org.bouncycastle.tls.DTLSRecordLayer - send finished - handshakeType: 20
org.bouncycastle.tls.DTLSRecordLayer - send change cipher spec
org.bouncycastle.tls.DTLSRecordLayer - sendRecord - contentType: 20 buf: 01
org.bouncycastle.tls.DTLSRecordLayer - getMacSequenceNumber - epoch: 0 sequence_number: 4
org.bouncycastle.tls.DTLSRecordLayer - sendDatagram: 14fefd0000000000000004000101
Send change_cipher_spec
output stream write:
14
fe fd
00 00
00 00 00 00 00 04
00 01
01
org.bouncycastle.tls.DTLSRecordLayer - sendRecord - contentType: 22 buf: 1400000c000400000000000cb998963f6464e0fc82e4e1f0
org.bouncycastle.tls.DTLSRecordLayer - getMacSequenceNumber - epoch: 1 sequence_number: 0
org.bouncycastle.tls.DTLSRecordLayer - sendDatagram: 16fefd00010000000000000030000100000000000037c2d8db838d0ec23b49682f7807834921ba1e712740f97a32974c5edf7a275393fe2381f405439c
Send handshake hello_request <-- this should be finished
output stream write:
16
fe fd
00 01
00 00 00 00 00 00
00 30
00
0100000000000037c2d8db838d0ec23b49682f7807834921ba1e712740f97a32974c5edf7a275393fe2381f405439c
from bc-java.
Related Issues (20)
- Dilithium object identifier mismatch with OQS provider HOT 2
- Cannot generate BcPGPKeyPair for X448
- CMSSignedData.replaceSigners() does not handle DigestAlgorithms parameters properly HOT 2
- Public key parameter digestParamSet should be optional for GOST 34.10 R 2012 HOT 2
- Number of Tr bytes for Dilithium signatures does not match NIST Documentation or test vectors. HOT 1
- current main doesn't compile anymore HOT 6
- SExpParser fails with GnuPG ed25519 private keys HOT 1
- Integrating FIPS-Compliant Libraries with OpenSAML
- Signature size of the PQC algorithms dilithium3 and dilithium5 do not match NIST 204 (Draft) HOT 1
- Unable to compile code in sources jars HOT 6
- An infinite loop occurs when ED25519 signature verification HOT 27
- lcrypto-jdk12-177 org.bouncycastle.crypto.test.RegressionTest fails with 3 StringIndexOutOfBoundsException HOT 6
- Does Bouncy Castle Support Connection ID ?
- org.bouncycastle.crypto.modes.CBCBlockCipher has been deprecated. Which function or combination can be taken it or instead of ? HOT 1
- Does Bouncy Castle 1.77 release compatible with OpenJDK-21 ? HOT 1
- PreShared Key support in Bouncy Castle JSSE Provider HOT 2
- java Caused by: javax.net.ssl.SSLProtocolException: Cannot decode named group: x25519 HOT 2
- PQC tests fail - missing files HOT 1
- Lineage OS build with custom edits complains bouncycastle.asn1 is "missing" HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bc-java.