/src/botan/src/lib/tls/msg_finished.cpp
Line | Count | Source |
1 | | /* |
2 | | * Finished Message |
3 | | * (C) 2004-2006,2012 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #include <botan/tls_messages.h> |
9 | | #include <botan/kdf.h> |
10 | | #include <botan/internal/tls_handshake_io.h> |
11 | | #include <botan/internal/tls_handshake_state.h> |
12 | | |
13 | | namespace Botan { |
14 | | |
15 | | namespace TLS { |
16 | | |
17 | | namespace { |
18 | | |
19 | | /* |
20 | | * Compute the verify_data |
21 | | */ |
22 | | std::vector<uint8_t> finished_compute_verify(const Handshake_State& state, |
23 | | Connection_Side side) |
24 | 2.01k | { |
25 | 2.01k | const uint8_t TLS_CLIENT_LABEL[] = { |
26 | 2.01k | 0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x66, 0x69, 0x6E, 0x69, |
27 | 2.01k | 0x73, 0x68, 0x65, 0x64 }; |
28 | 2.01k | |
29 | 2.01k | const uint8_t TLS_SERVER_LABEL[] = { |
30 | 2.01k | 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69, |
31 | 2.01k | 0x73, 0x68, 0x65, 0x64 }; |
32 | 2.01k | |
33 | 2.01k | std::unique_ptr<KDF> prf(state.protocol_specific_prf()); |
34 | 2.01k | |
35 | 2.01k | std::vector<uint8_t> input; |
36 | 2.01k | std::vector<uint8_t> label; |
37 | 2.01k | if(side == CLIENT) |
38 | 1.44k | label += std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL)); |
39 | 574 | else |
40 | 574 | label += std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL)); |
41 | 2.01k | |
42 | 2.01k | input += state.hash().final(state.version(), state.ciphersuite().prf_algo()); |
43 | 2.01k | |
44 | 2.01k | return unlock(prf->derive_key(12, state.session_keys().master_secret(), input, label)); |
45 | 2.01k | } |
46 | | |
47 | | } |
48 | | |
49 | | /* |
50 | | * Create a new Finished message |
51 | | */ |
52 | | Finished::Finished(Handshake_IO& io, |
53 | | Handshake_State& state, |
54 | | Connection_Side side) : m_verification_data(finished_compute_verify( state, side )) |
55 | 1.44k | { |
56 | 1.44k | state.hash().update(io.send(*this)); |
57 | 1.44k | } |
58 | | |
59 | | /* |
60 | | * Serialize a Finished message |
61 | | */ |
62 | | std::vector<uint8_t> Finished::serialize() const |
63 | 1.44k | { |
64 | 1.44k | return m_verification_data; |
65 | 1.44k | } |
66 | | |
67 | | /* |
68 | | * Deserialize a Finished message |
69 | | */ |
70 | | Finished::Finished(const std::vector<uint8_t>& buf) : m_verification_data(buf) |
71 | 574 | {} |
72 | | |
73 | | /* |
74 | | * Verify a Finished message |
75 | | */ |
76 | | bool Finished::verify(const Handshake_State& state, |
77 | | Connection_Side side) const |
78 | 574 | { |
79 | 574 | std::vector<byte> computed_verify = finished_compute_verify(state, side); |
80 | 574 | |
81 | 574 | #if defined(BOTAN_UNSAFE_FUZZER_MODE) |
82 | 574 | return true; |
83 | | #else |
84 | | return (m_verification_data.size() == computed_verify.size()) && |
85 | | constant_time_compare(m_verification_data.data(), computed_verify.data(), computed_verify.size()); |
86 | | #endif |
87 | | } |
88 | | |
89 | | } |
90 | | |
91 | | } |