Fix <list/> (forgot <t>...</t> wrappers).
This commit is contained in:
parent
48585b7d8e
commit
b0aa9c35b2
1 changed files with 71 additions and 65 deletions
|
|
@ -128,31 +128,33 @@
|
|||
|
||||
<t>All signed PDUs are generated in the same way:</t>
|
||||
|
||||
<list style="symbols">
|
||||
<t>
|
||||
<list style="symbols">
|
||||
|
||||
<t>
|
||||
Compose the PDU, with all fields including "Sig Type" and
|
||||
"Signature Length" set, but omitting the trailing
|
||||
"Signature" field itself. This is the "message to be
|
||||
signed" for purposes of the signature algorithm.
|
||||
</t>
|
||||
<t>
|
||||
Compose the PDU, with all fields including "Sig Type" and
|
||||
"Signature Length" set, but omitting the trailing
|
||||
"Signature" field itself. This is the "message to be
|
||||
signed" for purposes of the signature algorithm.
|
||||
</t>
|
||||
|
||||
<t>
|
||||
Generate the signature as specified for the chosen signature
|
||||
suite, using the private member of the asymmetric key pair.
|
||||
In general this will involve first hashing the "message to
|
||||
be signed" then signing the hash, but the precise details
|
||||
may vary with the specific algorithm. The result will be a
|
||||
sequence of octets, the length of which MUST be equal to the
|
||||
setting of the "Signature Length" field.
|
||||
</t>
|
||||
<t>
|
||||
Generate the signature as specified for the chosen signature
|
||||
suite, using the private member of the asymmetric key pair.
|
||||
In general this will involve first hashing the "message to
|
||||
be signed" then signing the hash, but the precise details
|
||||
may vary with the specific algorithm. The result will be a
|
||||
sequence of octets, the length of which MUST be equal to the
|
||||
setting of the "Signature Length" field.
|
||||
</t>
|
||||
|
||||
<t>
|
||||
Construct the complete message by appending the signature
|
||||
octets to the otherwise complete message composed above.
|
||||
</t>
|
||||
<t>
|
||||
Construct the complete message by appending the signature
|
||||
octets to the otherwise complete message composed above.
|
||||
</t>
|
||||
|
||||
</list>
|
||||
</list>
|
||||
</t>
|
||||
|
||||
<t>
|
||||
In the case of the OPEN PDU, the message to be signed will
|
||||
|
|
@ -171,37 +173,39 @@
|
|||
OPEN PDU also establishes the session key.
|
||||
</t>
|
||||
|
||||
<list style="symbols">
|
||||
<t>
|
||||
<list style="symbols">
|
||||
|
||||
<t>
|
||||
Verify that the PDU is syntactically correct, and extract
|
||||
the Auth Type, Key, Sig Type, and Signature fields.
|
||||
</t>
|
||||
<t>
|
||||
Verify that the PDU is syntactically correct, and extract
|
||||
the Auth Type, Key, Sig Type, and Signature fields.
|
||||
</t>
|
||||
|
||||
<t>
|
||||
Verify that Auth Type and Sig Type refer to the same
|
||||
algorithm suite, and that said algorithm suite is one that
|
||||
the implementation understands.
|
||||
</t>
|
||||
<t>
|
||||
Verify that Auth Type and Sig Type refer to the same
|
||||
algorithm suite, and that said algorithm suite is one that
|
||||
the implementation understands.
|
||||
</t>
|
||||
|
||||
<t>
|
||||
Construct the "message to be verified" by truncating the PDU
|
||||
to remove the Signature field (in practice this should not
|
||||
require copying any data, just subtract the signature length
|
||||
from the PDU length).
|
||||
</t>
|
||||
<t>
|
||||
Construct the "message to be verified" by truncating the PDU
|
||||
to remove the Signature field (in practice this should not
|
||||
require copying any data, just subtract the signature length
|
||||
from the PDU length).
|
||||
</t>
|
||||
|
||||
<t>
|
||||
Verify the message constructed above against the public key
|
||||
using the rules for the specific signature suite.
|
||||
</t>
|
||||
<t>
|
||||
Verify the message constructed above against the public key
|
||||
using the rules for the specific signature suite.
|
||||
</t>
|
||||
|
||||
<t>
|
||||
Record Auth Type and Key as this sessions's authentication
|
||||
type and session key, for use in verifying subseuqent PDUs.
|
||||
</t>
|
||||
<t>
|
||||
Record Auth Type and Key as this sessions's authentication
|
||||
type and session key, for use in verifying subseuqent PDUs.
|
||||
</t>
|
||||
|
||||
</list>
|
||||
</list>
|
||||
</t>
|
||||
|
||||
<t>
|
||||
If any of the above verification steps fail, generate an error
|
||||
|
|
@ -227,30 +231,32 @@
|
|||
but follows the same basic pattern as for OPEN PDUs.
|
||||
</t>
|
||||
|
||||
<list style="symbols">
|
||||
<t>
|
||||
<list style="symbols">
|
||||
|
||||
<t>
|
||||
Verify that the PDU is syntactically correct, and extract
|
||||
the Sig Type and Signature fields.
|
||||
</t>
|
||||
<t>
|
||||
Verify that the PDU is syntactically correct, and extract
|
||||
the Sig Type and Signature fields.
|
||||
</t>
|
||||
|
||||
<t>
|
||||
Verify that Sig Type refers to the same algorithm suite as
|
||||
the Auth Type recorded during verification of the OPEN PDU.
|
||||
</t>
|
||||
<t>
|
||||
Verify that Sig Type refers to the same algorithm suite as
|
||||
the Auth Type recorded during verification of the OPEN PDU.
|
||||
</t>
|
||||
|
||||
<t>
|
||||
Construct the "message to be verified" by truncating the PDU
|
||||
to remove the Signature field.
|
||||
</t>
|
||||
<t>
|
||||
Construct the "message to be verified" by truncating the PDU
|
||||
to remove the Signature field.
|
||||
</t>
|
||||
|
||||
<t>
|
||||
Verify the message constructed above against the recorded
|
||||
session key using the rules for the specific signature
|
||||
suite.
|
||||
</t>
|
||||
<t>
|
||||
Verify the message constructed above against the recorded
|
||||
session key using the rules for the specific signature
|
||||
suite.
|
||||
</t>
|
||||
|
||||
</list>
|
||||
</list>
|
||||
</t>
|
||||
|
||||
<t>
|
||||
If any of the above verification steps fail, generate an error
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue