Coverage Report

Created: 2022-01-14 08:07

/src/botan/src/lib/tls/msg_finished.cpp
Line
Count
Source
1
/*
2
* Finished Message
3
* (C) 2004-2006,2012 Jack Lloyd
4
*
5
* Botan is released under the Simplified BSD License (see license.txt)
6
*/
7
8
#include <botan/tls_messages.h>
9
#include <botan/kdf.h>
10
#include <botan/internal/tls_handshake_io.h>
11
#include <botan/internal/tls_handshake_state.h>
12
13
namespace Botan {
14
15
namespace TLS {
16
17
namespace {
18
19
/*
20
* Compute the verify_data
21
*/
22
std::vector<uint8_t> finished_compute_verify(const Handshake_State& state,
23
                                          Connection_Side side)
24
618
   {
25
618
   const uint8_t TLS_CLIENT_LABEL[] = {
26
618
      0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x66, 0x69, 0x6E, 0x69,
27
618
      0x73, 0x68, 0x65, 0x64 };
28
29
618
   const uint8_t TLS_SERVER_LABEL[] = {
30
618
      0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69,
31
618
      0x73, 0x68, 0x65, 0x64 };
32
33
618
   auto prf = state.protocol_specific_prf();
34
35
618
   std::vector<uint8_t> input;
36
618
   std::vector<uint8_t> label;
37
618
   if(side == CLIENT)
38
309
      label += std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL));
39
309
   else
40
309
      label += std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL));
41
42
618
   input += state.hash().final(state.ciphersuite().prf_algo());
43
44
618
   return unlock(prf->derive_key(12, state.session_keys().master_secret(), input, label));
45
618
   }
46
47
}
48
49
/*
50
* Create a new Finished message
51
*/
52
Finished::Finished(Handshake_IO& io,
53
                   Handshake_State& state,
54
                   Connection_Side side) : m_verification_data(finished_compute_verify( state, side ))
55
309
   {
56
309
   state.hash().update(io.send(*this));
57
309
   }
58
59
/*
60
* Serialize a Finished message
61
*/
62
std::vector<uint8_t> Finished::serialize() const
63
309
   {
64
309
   return m_verification_data;
65
309
   }
66
67
/*
68
* Deserialize a Finished message
69
*/
70
Finished::Finished(const std::vector<uint8_t>& buf) : m_verification_data(buf)
71
309
   {}
72
73
/*
74
* Verify a Finished message
75
*/
76
bool Finished::verify(const Handshake_State& state,
77
                      Connection_Side side) const
78
309
   {
79
309
   std::vector<uint8_t> computed_verify = finished_compute_verify(state, side);
80
81
309
#if defined(BOTAN_UNSAFE_FUZZER_MODE)
82
309
   return true;
83
#else
84
   return (m_verification_data.size() == computed_verify.size()) &&
85
      constant_time_compare(m_verification_data.data(), computed_verify.data(), computed_verify.size());
86
#endif
87
309
   }
88
89
}
90
91
}