/src/botan/src/lib/tls/msg_finished.cpp

Source (jump to first uncovered line)
/*
* Finished Message
* (C) 2004-2006,2012 Jack Lloyd
*     2021 Elektrobit Automotive GmbH
*     2022 René Meusel, Hannes Rantzsch - neXenio GmbH
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/tls_messages.h>
#include <botan/kdf.h>
#include <botan/internal/tls_handshake_io.h>
#include <botan/internal/tls_handshake_state.h>

#if defined(BOTAN_HAS_TLS_13)
   #include <botan/internal/tls_cipher_state.h>
#endif

namespace Botan::TLS {

namespace {

/*
* Compute the verify_data for TLS 1.2
*/
std::vector<uint8_t> finished_compute_verify_12(const Handshake_State& state,
      Connection_Side side)
   {
   const uint8_t TLS_CLIENT_LABEL[] =
      {
      0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x66, 0x69, 0x6E, 0x69,
      0x73, 0x68, 0x65, 0x64
      };

   const uint8_t TLS_SERVER_LABEL[] =
      {
      0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69,
      0x73, 0x68, 0x65, 0x64
      };

   auto prf = state.protocol_specific_prf();

   std::vector<uint8_t> input;
   std::vector<uint8_t> label;
   label += (side == Connection_Side::Client)
            ? std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL))
            : std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL));

   input += state.hash().final(state.ciphersuite().prf_algo());

   return unlock(prf->derive_key(12, state.session_keys().master_secret(), input, label));
   }

} // namespace

std::vector<uint8_t> Finished::serialize() const
   {
   return m_verification_data;
   }

Finished::Finished(const std::vector<uint8_t>& buf) : m_verification_data(buf) {}

std::vector<uint8_t> Finished::verify_data() const
   {
   return m_verification_data;
   }

Finished_12::Finished_12(Handshake_IO& io,
                      Handshake_State& state,
                      Connection_Side side)
   {
   m_verification_data = finished_compute_verify_12(state, side);
   state.hash().update(io.send(*this));
   }

bool Finished_12::verify(const Handshake_State& state,
                         Connection_Side side) const
   {
   std::vector<uint8_t> computed_verify = finished_compute_verify_12(state, side);

#if defined(BOTAN_UNSAFE_FUZZER_MODE)
   return true;
#else
   return (m_verification_data.size() == computed_verify.size()) &&
          constant_time_compare(m_verification_data.data(), computed_verify.data(), computed_verify.size());
#endif
   }

#if defined(BOTAN_HAS_TLS_13)
Finished_13::Finished_13(Cipher_State* cipher_state,
                         const Transcript_Hash& transcript_hash)
   {
   m_verification_data = cipher_state->finished_mac(transcript_hash);
   }

bool Finished_13::verify(Cipher_State* cipher_state, const Transcript_Hash& transcript_hash) const
   {
   return cipher_state->verify_peer_finished_mac(transcript_hash, m_verification_data);
   }
#endif
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Finished Message
3		* (C) 2004-2006,2012 Jack Lloyd
4		* 2021 Elektrobit Automotive GmbH
5		* 2022 René Meusel, Hannes Rantzsch - neXenio GmbH
6		*
7		* Botan is released under the Simplified BSD License (see license.txt)
8		*/
9
10		#include <botan/tls_messages.h>
11		#include <botan/kdf.h>
12		#include <botan/internal/tls_handshake_io.h>
13		#include <botan/internal/tls_handshake_state.h>
14
15		#if defined(BOTAN_HAS_TLS_13)
16		#include <botan/internal/tls_cipher_state.h>
17		#endif
18
19		namespace Botan::TLS {
20
21		namespace {
22
23		/*
24		* Compute the verify_data for TLS 1.2
25		*/
26		std::vector<uint8_t> finished_compute_verify_12(const Handshake_State& state,
27		Connection_Side side)
28	644	{
29	644	const uint8_t TLS_CLIENT_LABEL[] =
30	644	{
31	644	0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x66, 0x69, 0x6E, 0x69,
32	644	0x73, 0x68, 0x65, 0x64
33	644	};
34
35	644	const uint8_t TLS_SERVER_LABEL[] =
36	644	{
37	644	0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69,
38	644	0x73, 0x68, 0x65, 0x64
39	644	};
40
41	644	auto prf = state.protocol_specific_prf();
42
43	644	std::vector<uint8_t> input;
44	644	std::vector<uint8_t> label;
45	644	label += (side == Connection_Side::Client)
46	644	? std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL))
47	644	: std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL));
48
49	644	input += state.hash().final(state.ciphersuite().prf_algo());
50
51	644	return unlock(prf->derive_key(12, state.session_keys().master_secret(), input, label));
52	644	}
53
54		} // namespace
55
56		std::vector<uint8_t> Finished::serialize() const
57	322	{
58	322	return m_verification_data;
59	322	}
60
61	7.49k	Finished::Finished(const std::vector<uint8_t>& buf) : m_verification_data(buf) {}
62
63		std::vector<uint8_t> Finished::verify_data() const
64	0	{
65	0	return m_verification_data;
66	0	}
67
68		Finished_12::Finished_12(Handshake_IO& io,
69		Handshake_State& state,
70		Connection_Side side)
71	322	{
72	322	m_verification_data = finished_compute_verify_12(state, side);
73	322	state.hash().update(io.send(*this));
74	322	}
75
76		bool Finished_12::verify(const Handshake_State& state,
77		Connection_Side side) const
78	322	{
79	322	std::vector<uint8_t> computed_verify = finished_compute_verify_12(state, side);
80
81	322	#if defined(BOTAN_UNSAFE_FUZZER_MODE)
82	322	return true;
83		#else
84		return (m_verification_data.size() == computed_verify.size()) &&
85		constant_time_compare(m_verification_data.data(), computed_verify.data(), computed_verify.size());
86		#endif
87	322	}
88
89		#if defined(BOTAN_HAS_TLS_13)
90		Finished_13::Finished_13(Cipher_State* cipher_state,
91		const Transcript_Hash& transcript_hash)
92	0	{
93	0	m_verification_data = cipher_state->finished_mac(transcript_hash);
94	0	}
95
96		bool Finished_13::verify(Cipher_State* cipher_state, const Transcript_Hash& transcript_hash) const
97	0	{
98	0	return cipher_state->verify_peer_finished_mac(transcript_hash, m_verification_data);
99	0	}
100		#endif
101		}

Coverage Report

Created: 2023-02-13 06:21