Pre-master secret mistmatched when implementing Diffie-Hellman key exchange

I am trying to implement DHE_DSS into go's crypto/tls package. Unfortunately I can not seem to get the PreMasterSecret (Z) to be the same, my basic workflow is:

Receive Server Key Exchange Message

• Extract P, G, Ys
• Verify using the digital signature provided

Prepare Client Key Exchange Message

• Create client's Xc
• Generate Yc (Yc = G^Xc % P)
• Generate Z (Z = Ys^Xc % P)
• Send back Yc, packed like so:

<!-- -->

ckx := make([]byte, len(yC)+2)
ckx[0] = byte(len(Yc)>>8)
ckx[1] = byte(len(Yc))
copy(ckx[2:], yBytes)

However, when I am debugging this with gnutls-serv the two PreMasterSecrets (Z) are different. Do I need to sign the returned Yc, or perhaps pack it in another way? I can not see anything in RFC 5246 to suggest this.

<-- EDIT -->

Here is a patch of my changes:

https://08766345559465695203.googlegroups.com/attach/48587532c74b4348/crypto.patch?part=4&amp;view=1&amp;vt=ANaJVrHbwydqEZc3zjUWqQ5C8Q5zEkWXZLdL0w6JJG3HYntOlBurUTY7mc9xR9OTfE0bJxs4eeL5a5SGd2jj9eIfXcwJQgLvJchXOgkYKBBynbPfshY8kuQ

Client key exchange will contain:

length (2 bytes) --> Y_C (in plain text)

I have implemented TLS in Java and I follow the same structure and works fine for me.

> Do I need to sign the returned Yc?

No there is no need to sign the client DH public value, it is transferred in plain text.

You can take a pcap and check whether same values are being transferred in the packet. Also if GNU TLS has logger for printing the Y_C received, then you can check if proper data is being received.

If in case you still getting different Pre-Master secret then there seems to be some issue with the logic of generation of secret.