/src/botan/src/lib/tls/msg_finished.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Finished Message |
3 | | * (C) 2004-2006,2012 Jack Lloyd |
4 | | * 2021 Elektrobit Automotive GmbH |
5 | | * 2022 René Meusel, Hannes Rantzsch - neXenio GmbH |
6 | | * |
7 | | * Botan is released under the Simplified BSD License (see license.txt) |
8 | | */ |
9 | | |
10 | | #include <botan/tls_messages.h> |
11 | | #include <botan/kdf.h> |
12 | | #include <botan/internal/tls_handshake_io.h> |
13 | | #include <botan/internal/tls_handshake_state.h> |
14 | | |
15 | | #if defined(BOTAN_HAS_TLS_13) |
16 | | #include <botan/internal/tls_cipher_state.h> |
17 | | #endif |
18 | | |
19 | | namespace Botan::TLS { |
20 | | |
21 | | namespace { |
22 | | |
23 | | /* |
24 | | * Compute the verify_data for TLS 1.2 |
25 | | */ |
26 | | std::vector<uint8_t> finished_compute_verify_12(const Handshake_State& state, |
27 | | Connection_Side side) |
28 | 644 | { |
29 | 644 | const uint8_t TLS_CLIENT_LABEL[] = |
30 | 644 | { |
31 | 644 | 0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x66, 0x69, 0x6E, 0x69, |
32 | 644 | 0x73, 0x68, 0x65, 0x64 |
33 | 644 | }; |
34 | | |
35 | 644 | const uint8_t TLS_SERVER_LABEL[] = |
36 | 644 | { |
37 | 644 | 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69, |
38 | 644 | 0x73, 0x68, 0x65, 0x64 |
39 | 644 | }; |
40 | | |
41 | 644 | auto prf = state.protocol_specific_prf(); |
42 | | |
43 | 644 | std::vector<uint8_t> input; |
44 | 644 | std::vector<uint8_t> label; |
45 | 644 | label += (side == Connection_Side::Client) |
46 | 644 | ? std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL)) |
47 | 644 | : std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL)); |
48 | | |
49 | 644 | input += state.hash().final(state.ciphersuite().prf_algo()); |
50 | | |
51 | 644 | return unlock(prf->derive_key(12, state.session_keys().master_secret(), input, label)); |
52 | 644 | } |
53 | | |
54 | | } // namespace |
55 | | |
56 | | std::vector<uint8_t> Finished::serialize() const |
57 | 322 | { |
58 | 322 | return m_verification_data; |
59 | 322 | } |
60 | | |
61 | 7.49k | Finished::Finished(const std::vector<uint8_t>& buf) : m_verification_data(buf) {} |
62 | | |
63 | | std::vector<uint8_t> Finished::verify_data() const |
64 | 0 | { |
65 | 0 | return m_verification_data; |
66 | 0 | } |
67 | | |
68 | | Finished_12::Finished_12(Handshake_IO& io, |
69 | | Handshake_State& state, |
70 | | Connection_Side side) |
71 | 322 | { |
72 | 322 | m_verification_data = finished_compute_verify_12(state, side); |
73 | 322 | state.hash().update(io.send(*this)); |
74 | 322 | } |
75 | | |
76 | | bool Finished_12::verify(const Handshake_State& state, |
77 | | Connection_Side side) const |
78 | 322 | { |
79 | 322 | std::vector<uint8_t> computed_verify = finished_compute_verify_12(state, side); |
80 | | |
81 | 322 | #if defined(BOTAN_UNSAFE_FUZZER_MODE) |
82 | 322 | return true; |
83 | | #else |
84 | | return (m_verification_data.size() == computed_verify.size()) && |
85 | | constant_time_compare(m_verification_data.data(), computed_verify.data(), computed_verify.size()); |
86 | | #endif |
87 | 322 | } |
88 | | |
89 | | #if defined(BOTAN_HAS_TLS_13) |
90 | | Finished_13::Finished_13(Cipher_State* cipher_state, |
91 | | const Transcript_Hash& transcript_hash) |
92 | 0 | { |
93 | 0 | m_verification_data = cipher_state->finished_mac(transcript_hash); |
94 | 0 | } |
95 | | |
96 | | bool Finished_13::verify(Cipher_State* cipher_state, const Transcript_Hash& transcript_hash) const |
97 | 0 | { |
98 | 0 | return cipher_state->verify_peer_finished_mac(transcript_hash, m_verification_data); |
99 | 0 | } |
100 | | #endif |
101 | | } |