I'm not sure if I like this asthetically, but passing around the

entire handshake state in many cases makes things simpler to update,
in that each message type already knows what it needs depending on the
version, params, etc, and this way a) that knowledge doesn't need to
percolate up the the actual client and server handshake code and b)
each message type can be updated for new formats/version without
having to change its callers. Downside is it hides the dependency
information away, and makes it non-obvious what needs to be created
beforehand for each message to work correctly. However this is
(almost) entirely predicated on the handshake message flows, and these
we control with the next expected message scheme, so this should be
fairly safe to do.

This checkin only updates the ones where it was immediately relevant
but for consistency probably all of them should be updated in the same
way.

1 files changed, 49 insertions, 54 deletions

diff --git a/src/tls/finished.cpp b/src/tls/finished.cpp
index 70b714bfd..836512f81 100644
--- a/src/tls/finished.cpp
+++ b/src/tls/finished.cpp
@@ -1,6 +1,6 @@
 /*
 * Finished Message
-* (C) 2004-2006 Jack Lloyd
+* (C) 2004-2006,2012 Jack Lloyd
 *
 * Released under the terms of the Botan license
 */
@@ -10,58 +10,15 @@
 
 namespace Botan {
 
-/*
-* Create a new Finished message
-*/
-Finished::Finished(Record_Writer& writer,
-                   TLS_Handshake_Hash& hash,
-                   Version_Code version,
-                   Connection_Side side,
-                   const MemoryRegion<byte>& master_secret)
-   {
-   verification_data = compute_verify(master_secret, hash, side, version);
-   send(writer, hash);
-   }
-
-/*
-* Serialize a Finished message
-*/
-MemoryVector<byte> Finished::serialize() const
-   {
-   return verification_data;
-   }
-
-/*
-* Deserialize a Finished message
-*/
-void Finished::deserialize(const MemoryRegion<byte>& buf)
-   {
-   verification_data = buf;
-   }
-
-/*
-* Verify a Finished message
-*/
-bool Finished::verify(const MemoryRegion<byte>& secret,
-                      Version_Code version,
-                      const TLS_Handshake_Hash& hash,
-                      Connection_Side side)
-   {
-   MemoryVector<byte> computed = compute_verify(secret, hash, side, version);
-   if(computed == verification_data)
-      return true;
-   return false;
-   }
+namespace {
 
 /*
 * Compute the verify_data
 */
-MemoryVector<byte> Finished::compute_verify(const MemoryRegion<byte>& secret,
-                                            TLS_Handshake_Hash hash,
-                                            Connection_Side side,
-                                            Version_Code version)
+MemoryVector<byte> finished_compute_verify(TLS_Handshake_State* state,
+                                           Connection_Side side)
    {
-   if(version == SSL_V3)
+   if(state->version == SSL_V3)
       {
       const byte SSL_CLIENT_LABEL[] = { 0x43, 0x4C, 0x4E, 0x54 };
       const byte SSL_SERVER_LABEL[] = { 0x53, 0x52, 0x56, 0x52 };
@@ -69,13 +26,13 @@ MemoryVector<byte> Finished::compute_verify(const MemoryRegion<byte>& secret,
       MemoryVector<byte> ssl3_finished;
 
       if(side == CLIENT)
-         hash.update(SSL_CLIENT_LABEL, sizeof(SSL_CLIENT_LABEL));
+         state->hash.update(SSL_CLIENT_LABEL, sizeof(SSL_CLIENT_LABEL));
       else
-         hash.update(SSL_SERVER_LABEL, sizeof(SSL_SERVER_LABEL));
+         state->hash.update(SSL_SERVER_LABEL, sizeof(SSL_SERVER_LABEL));
 
-      return hash.final_ssl3(secret);
+      return state->hash.final_ssl3(state->keys.master_secret());
       }
-   else if(version == TLS_V10 || version == TLS_V11)
+   else if(state->version == TLS_V10 || state->version == TLS_V11)
       {
       const byte TLS_CLIENT_LABEL[] = {
          0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x66, 0x69, 0x6E, 0x69,
@@ -92,12 +49,50 @@ MemoryVector<byte> Finished::compute_verify(const MemoryRegion<byte>& secret,
          input += std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL));
       else
          input += std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL));
-      input += hash.final();
+      input += state->hash.final();
 
-      return prf.derive_key(12, secret, input);
+      return prf.derive_key(12, state->keys.master_secret(), input);
       }
    else
       throw Invalid_Argument("Finished message: Unknown protocol version");
    }
 
 }
+
+/*
+* Create a new Finished message
+*/
+Finished::Finished(Record_Writer& writer,
+                   TLS_Handshake_State* state,
+                   Connection_Side side)
+   {
+   verification_data = finished_compute_verify(state, side);
+   send(writer, state->hash);
+   }
+
+/*
+* Serialize a Finished message
+*/
+MemoryVector<byte> Finished::serialize() const
+   {
+   return verification_data;
+   }
+
+/*
+* Deserialize a Finished message
+*/
+void Finished::deserialize(const MemoryRegion<byte>& buf)
+   {
+   verification_data = buf;
+   }
+
+/*
+* Verify a Finished message
+*/
+bool Finished::verify(TLS_Handshake_State* state,
+                      Connection_Side side)
+   {
+   return (verification_data == finished_compute_verify(state, side));
+   }
+
+}