Botan 3.8.1
Crypto and TLS for C&
msg_finished.cpp
Go to the documentation of this file.
1/*
2* Finished Message
3* (C) 2004-2006,2012 Jack Lloyd
4* 2021 Elektrobit Automotive GmbH
5* 2022 René Meusel, Hannes Rantzsch - neXenio GmbH
6*
7* Botan is released under the Simplified BSD License (see license.txt)
8*/
9
10#include <botan/tls_messages.h>
11
12#include <botan/kdf.h>
13#include <botan/internal/ct_utils.h>
14#include <botan/internal/target_info.h>
15#include <botan/internal/tls_handshake_io.h>
16#include <botan/internal/tls_handshake_state.h>
17
18#if defined(BOTAN_HAS_TLS_13)
19 #include <botan/internal/tls_cipher_state.h>
20#endif
21
22namespace Botan::TLS {
23
24namespace {
25
26/*
27* Compute the verify_data for TLS 1.2
28*/
29std::vector<uint8_t> finished_compute_verify_12(const Handshake_State& state, Connection_Side side) {
30 const uint8_t TLS_CLIENT_LABEL[] = {
31 0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x66, 0x69, 0x6E, 0x69, 0x73, 0x68, 0x65, 0x64};
32
33 const uint8_t TLS_SERVER_LABEL[] = {
34 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69, 0x73, 0x68, 0x65, 0x64};
35
36 auto prf = state.protocol_specific_prf();
37
38 std::vector<uint8_t> input;
39 std::vector<uint8_t> label;
40 label += (side == Connection_Side::Client) ? std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL))
41 : std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL));
42
43 input += state.hash().final(state.ciphersuite().prf_algo());
44
45 return unlock(prf->derive_key(12, state.session_keys().master_secret(), input, label));
46}
47
48} // namespace
49
50std::vector<uint8_t> Finished::serialize() const {
52}
53
54Finished::Finished(const std::vector<uint8_t>& buf) : m_verification_data(buf) {}
55
56std::vector<uint8_t> Finished::verify_data() const {
58}
59
61 m_verification_data = finished_compute_verify_12(state, side);
62 state.hash().update(io.send(*this));
63}
64
65bool Finished_12::verify(const Handshake_State& state, Connection_Side side) const {
66 std::vector<uint8_t> computed_verify = finished_compute_verify_12(state, side);
67
68#if defined(BOTAN_UNSAFE_FUZZER_MODE)
69 return true;
70#else
71 // first check the size:
72 if(m_verification_data.size() != computed_verify.size()) {
73 return false;
74 }
75
76 return CT::is_equal(m_verification_data.data(), computed_verify.data(), computed_verify.size()).as_bool();
77#endif
78}
79
80#if defined(BOTAN_HAS_TLS_13)
81Finished_13::Finished_13(Cipher_State* cipher_state, const Transcript_Hash& transcript_hash) {
82 m_verification_data = cipher_state->finished_mac(transcript_hash);
83}
84
85bool Finished_13::verify(Cipher_State* cipher_state, const Transcript_Hash& transcript_hash) const {
86 return cipher_state->verify_peer_finished_mac(transcript_hash, m_verification_data);
87}
88#endif
89} // namespace Botan::TLS
bool verify_peer_finished_mac(const Transcript_Hash &transcript_hash, const std::vector< uint8_t > &peer_mac) const
std::vector< uint8_t > finished_mac(const Transcript_Hash &transcript_hash) const
bool verify(const Handshake_State &state, Connection_Side side) const
Finished_12(Handshake_IO &io, Handshake_State &state, Connection_Side side)
bool verify(Cipher_State *cipher_state, const Transcript_Hash &transcript_hash) const
Finished_13(Cipher_State *cipher_state, const Transcript_Hash &transcript_hash)
Finished(const std::vector< uint8_t > &buf)
std::vector< uint8_t > serialize() const override
std::vector< uint8_t > verify_data() const
std::vector< uint8_t > m_verification_data
void update(const uint8_t in[], size_t length)
virtual std::vector< uint8_t > send(const Handshake_Message &msg)=0
constexpr CT::Mask< T > is_equal(const T x[], const T y[], size_t len)
Definition ct_utils.h:789
std::vector< uint8_t > Transcript_Hash
Definition tls_magic.h:81
std::vector< T > unlock(const secure_vector< T > &in)
Definition secmem.h:82