aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/finished.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/tls/finished.cpp')
-rw-r--r--src/tls/finished.cpp111
1 files changed, 56 insertions, 55 deletions
diff --git a/src/tls/finished.cpp b/src/tls/finished.cpp
index 70b714bfd..a494bf932 100644
--- a/src/tls/finished.cpp
+++ b/src/tls/finished.cpp
@@ -1,71 +1,33 @@
/*
* Finished Message
-* (C) 2004-2006 Jack Lloyd
+* (C) 2004-2006,2012 Jack Lloyd
*
* Released under the terms of the Botan license
*/
#include <botan/internal/tls_messages.h>
-#include <botan/prf_tls.h>
+#include <botan/tls_record.h>
+#include <memory>
namespace Botan {
-/*
-* Create a new Finished message
-*/
-Finished::Finished(Record_Writer& writer,
- TLS_Handshake_Hash& hash,
- Version_Code version,
- Connection_Side side,
- const MemoryRegion<byte>& master_secret)
- {
- verification_data = compute_verify(master_secret, hash, side, version);
- send(writer, hash);
- }
-
-/*
-* Serialize a Finished message
-*/
-MemoryVector<byte> Finished::serialize() const
- {
- return verification_data;
- }
-
-/*
-* Deserialize a Finished message
-*/
-void Finished::deserialize(const MemoryRegion<byte>& buf)
- {
- verification_data = buf;
- }
+namespace TLS {
-/*
-* Verify a Finished message
-*/
-bool Finished::verify(const MemoryRegion<byte>& secret,
- Version_Code version,
- const TLS_Handshake_Hash& hash,
- Connection_Side side)
- {
- MemoryVector<byte> computed = compute_verify(secret, hash, side, version);
- if(computed == verification_data)
- return true;
- return false;
- }
+namespace {
/*
* Compute the verify_data
*/
-MemoryVector<byte> Finished::compute_verify(const MemoryRegion<byte>& secret,
- TLS_Handshake_Hash hash,
- Connection_Side side,
- Version_Code version)
+MemoryVector<byte> finished_compute_verify(Handshake_State* state,
+ Connection_Side side)
{
- if(version == SSL_V3)
+ if(state->version() == Protocol_Version::SSL_V3)
{
const byte SSL_CLIENT_LABEL[] = { 0x43, 0x4C, 0x4E, 0x54 };
const byte SSL_SERVER_LABEL[] = { 0x53, 0x52, 0x56, 0x52 };
+ Handshake_Hash hash = state->hash; // don't modify state
+
MemoryVector<byte> ssl3_finished;
if(side == CLIENT)
@@ -73,9 +35,9 @@ MemoryVector<byte> Finished::compute_verify(const MemoryRegion<byte>& secret,
else
hash.update(SSL_SERVER_LABEL, sizeof(SSL_SERVER_LABEL));
- return hash.final_ssl3(secret);
+ return hash.final_ssl3(state->keys.master_secret());
}
- else if(version == TLS_V10 || version == TLS_V11)
+ else
{
const byte TLS_CLIENT_LABEL[] = {
0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x66, 0x69, 0x6E, 0x69,
@@ -85,19 +47,58 @@ MemoryVector<byte> Finished::compute_verify(const MemoryRegion<byte>& secret,
0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69,
0x73, 0x68, 0x65, 0x64 };
- TLS_PRF prf;
+ std::auto_ptr<KDF> prf(state->protocol_specific_prf());
MemoryVector<byte> input;
if(side == CLIENT)
input += std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL));
else
input += std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL));
- input += hash.final();
- return prf.derive_key(12, secret, input);
+ input += state->hash.final(state->version(), state->suite.mac_algo());
+
+ return prf->derive_key(12, state->keys.master_secret(), input);
}
- else
- throw Invalid_Argument("Finished message: Unknown protocol version");
}
}
+
+/*
+* Create a new Finished message
+*/
+Finished::Finished(Record_Writer& writer,
+ Handshake_State* state,
+ Connection_Side side)
+ {
+ verification_data = finished_compute_verify(state, side);
+ state->hash.update(writer.send(*this));
+ }
+
+/*
+* Serialize a Finished message
+*/
+MemoryVector<byte> Finished::serialize() const
+ {
+ return verification_data;
+ }
+
+/*
+* Deserialize a Finished message
+*/
+Finished::Finished(const MemoryRegion<byte>& buf)
+ {
+ verification_data = buf;
+ }
+
+/*
+* Verify a Finished message
+*/
+bool Finished::verify(Handshake_State* state,
+ Connection_Side side)
+ {
+ return (verification_data == finished_compute_verify(state, side));
+ }
+
+}
+
+}