Botan 3.0.0
Crypto and TLS for C&
msg_finished.cpp
Go to the documentation of this file.
1/*
2* Finished Message
3* (C) 2004-2006,2012 Jack Lloyd
4* 2021 Elektrobit Automotive GmbH
5* 2022 René Meusel, Hannes Rantzsch - neXenio GmbH
6*
7* Botan is released under the Simplified BSD License (see license.txt)
8*/
9
10#include <botan/tls_messages.h>
11#include <botan/kdf.h>
12#include <botan/internal/tls_handshake_io.h>
13#include <botan/internal/tls_handshake_state.h>
14
15#if defined(BOTAN_HAS_TLS_13)
16 #include <botan/internal/tls_cipher_state.h>
17#endif
18
19namespace Botan::TLS {
20
21namespace {
22
23/*
24* Compute the verify_data for TLS 1.2
25*/
26std::vector<uint8_t> finished_compute_verify_12(const Handshake_State& state,
27 Connection_Side side)
28 {
29 const uint8_t TLS_CLIENT_LABEL[] =
30 {
31 0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x66, 0x69, 0x6E, 0x69,
32 0x73, 0x68, 0x65, 0x64
33 };
34
35 const uint8_t TLS_SERVER_LABEL[] =
36 {
37 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69,
38 0x73, 0x68, 0x65, 0x64
39 };
40
41 auto prf = state.protocol_specific_prf();
42
43 std::vector<uint8_t> input;
44 std::vector<uint8_t> label;
45 label += (side == Connection_Side::Client)
46 ? std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL))
47 : std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL));
48
49 input += state.hash().final(state.ciphersuite().prf_algo());
50
51 return unlock(prf->derive_key(12, state.session_keys().master_secret(), input, label));
52 }
53
54} // namespace
55
56std::vector<uint8_t> Finished::serialize() const
57 {
59 }
60
61Finished::Finished(const std::vector<uint8_t>& buf) : m_verification_data(buf) {}
62
63std::vector<uint8_t> Finished::verify_data() const
64 {
66 }
67
69 Handshake_State& state,
70 Connection_Side side)
71 {
72 m_verification_data = finished_compute_verify_12(state, side);
73 state.hash().update(io.send(*this));
74 }
75
77 Connection_Side side) const
78 {
79 std::vector<uint8_t> computed_verify = finished_compute_verify_12(state, side);
80
81#if defined(BOTAN_UNSAFE_FUZZER_MODE)
82 return true;
83#else
84 return (m_verification_data.size() == computed_verify.size()) &&
85 constant_time_compare(m_verification_data.data(), computed_verify.data(), computed_verify.size());
86#endif
87 }
88
89#if defined(BOTAN_HAS_TLS_13)
90Finished_13::Finished_13(Cipher_State* cipher_state,
91 const Transcript_Hash& transcript_hash)
92 {
93 m_verification_data = cipher_state->finished_mac(transcript_hash);
94 }
95
96bool Finished_13::verify(Cipher_State* cipher_state, const Transcript_Hash& transcript_hash) const
97 {
98 return cipher_state->verify_peer_finished_mac(transcript_hash, m_verification_data);
99 }
100#endif
101}
std::vector< uint8_t > finished_mac(const Transcript_Hash &transcript_hash) const
bool verify(const Handshake_State &state, Connection_Side side) const
Finished_12(Handshake_IO &io, Handshake_State &state, Connection_Side side)
Finished(const std::vector< uint8_t > &buf)
std::vector< uint8_t > serialize() const override
std::vector< uint8_t > verify_data() const
std::vector< uint8_t > m_verification_data
Definition: tls_messages.h:817
void update(const uint8_t in[], size_t length)
virtual std::vector< uint8_t > send(const Handshake_Message &msg)=0
std::vector< uint8_t > Transcript_Hash
Definition: tls_magic.h:83
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:77
bool constant_time_compare(const uint8_t x[], const uint8_t y[], size_t len)
Definition: mem_ops.h:82