Botan  2.1.0
Crypto and TLS for C++11
msg_finished.cpp
Go to the documentation of this file.
1 /*
2 * Finished Message
3 * (C) 2004-2006,2012 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/tls_messages.h>
9 #include <botan/internal/tls_handshake_io.h>
10 #include <botan/internal/tls_handshake_state.h>
11 
12 namespace Botan {
13 
14 namespace TLS {
15 
16 namespace {
17 
18 /*
19 * Compute the verify_data
20 */
21 std::vector<uint8_t> finished_compute_verify(const Handshake_State& state,
22  Connection_Side side)
23  {
24  const uint8_t TLS_CLIENT_LABEL[] = {
25  0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x66, 0x69, 0x6E, 0x69,
26  0x73, 0x68, 0x65, 0x64 };
27 
28  const uint8_t TLS_SERVER_LABEL[] = {
29  0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69,
30  0x73, 0x68, 0x65, 0x64 };
31 
32  std::unique_ptr<KDF> prf(state.protocol_specific_prf());
33 
34  std::vector<uint8_t> input;
35  std::vector<uint8_t> label;
36  if(side == CLIENT)
37  label += std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL));
38  else
39  label += std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL));
40 
41  input += state.hash().final(state.version(), state.ciphersuite().prf_algo());
42 
43  return unlock(prf->derive_key(12, state.session_keys().master_secret(), input, label));
44  }
45 
46 }
47 
48 /*
49 * Create a new Finished message
50 */
52  Handshake_State& state,
53  Connection_Side side) : m_verification_data(finished_compute_verify( state, side ))
54  {
55  state.hash().update(io.send(*this));
56  }
57 
58 /*
59 * Serialize a Finished message
60 */
61 std::vector<uint8_t> Finished::serialize() const
62  {
63  return m_verification_data;
64  }
65 
66 /*
67 * Deserialize a Finished message
68 */
69 Finished::Finished(const std::vector<uint8_t>& buf) : m_verification_data(buf)
70  {}
71 
72 /*
73 * Verify a Finished message
74 */
76  Connection_Side side) const
77  {
78  std::vector<byte> computed_verify = finished_compute_verify(state, side);
79 
80 #if defined(BOTAN_UNSAFE_FUZZER_MODE)
81  return true;
82 #else
83  return (m_verification_data.size() == computed_verify.size()) &&
84  same_mem(m_verification_data.data(), computed_verify.data(), computed_verify.size());
85 #endif
86  }
87 
88 }
89 
90 }
virtual std::vector< uint8_t > send(const Handshake_Message &msg)=0
bool same_mem(const T *p1, const T *p2, size_t n)
Definition: mem_ops.h:98
bool verify(const Handshake_State &state, Connection_Side side) const
void update(const uint8_t in[], size_t length)
Definition: alg_id.cpp:13
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:125
Finished(Handshake_IO &io, Handshake_State &state, Connection_Side side)