Branch data     Line data    Source code

       1                 :            : /*
       2                 :            :  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
       3                 :            :  *
       4                 :            :  * Licensed under the Apache License, Version 2.0 (the "License").
       5                 :            :  * You may not use this file except in compliance with the License.
       6                 :            :  * A copy of the License is located at
       7                 :            :  *
       8                 :            :  *  http://aws.amazon.com/apache2.0
       9                 :            :  *
      10                 :            :  * or in the "license" file accompanying this file. This file is distributed
      11                 :            :  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
      12                 :            :  * express or implied. See the License for the specific language governing
      13                 :            :  * permissions and limitations under the License.
      14                 :            :  */
      15                 :            : 
      16                 :            : #include <stdint.h>
      17                 :            : 
      18                 :            : #include "error/s2n_errno.h"
      19                 :            : #include "stuffer/s2n_stuffer.h"
      20                 :            : #include "tls/s2n_connection.h"
      21                 :            : #include "tls/s2n_tls.h"
      22                 :            : #include "tls/s2n_tls13_handshake.h"
      23                 :            : #include "utils/s2n_safety.h"
      24                 :            : 
      25                 :            : S2N_RESULT s2n_finished_recv(struct s2n_connection *conn, uint8_t *our_version);
      26                 :            : S2N_RESULT s2n_finished_send(struct s2n_connection *conn, uint8_t *our_version);
      27                 :            : 
      28                 :            : int s2n_client_finished_recv(struct s2n_connection *conn)
      29                 :       1362 : {
      30 [ #  # ][ -  + ]:       1362 :     POSIX_ENSURE_REF(conn);
      31                 :            : 
      32         [ +  + ]:       1362 :     POSIX_GUARD(s2n_prf_client_finished(conn));
      33                 :       1360 :     uint8_t *verify_data = conn->handshake.client_finished;
      34         [ +  + ]:       1360 :     POSIX_GUARD_RESULT(s2n_finished_recv(conn, verify_data));
      35 [ -  + ][ #  # ]:       1358 :     POSIX_ENSURE(!conn->handshake.rsa_failed, S2N_ERR_BAD_MESSAGE);
      36                 :       1358 :     return S2N_SUCCESS;
      37                 :       1358 : }
      38                 :            : 
      39                 :            : int s2n_client_finished_send(struct s2n_connection *conn)
      40                 :       2228 : {
      41 [ -  + ][ #  # ]:       2228 :     POSIX_ENSURE_REF(conn);
      42                 :            : 
      43         [ -  + ]:       2228 :     POSIX_GUARD(s2n_prf_client_finished(conn));
      44                 :       2228 :     uint8_t *verify_data = conn->handshake.client_finished;
      45         [ -  + ]:       2228 :     POSIX_GUARD_RESULT(s2n_finished_send(conn, verify_data));
      46         [ -  + ]:       2228 :     POSIX_GUARD_RESULT(s2n_crypto_parameters_switch(conn));
      47                 :            : 
      48                 :       2228 :     return S2N_SUCCESS;
      49                 :       2228 : }
      50                 :            : 
      51                 :            : int s2n_tls13_client_finished_recv(struct s2n_connection *conn)
      52                 :       2708 : {
      53 [ +  + ][ +  - ]:       2708 :     POSIX_ENSURE_EQ(conn->actual_protocol_version, S2N_TLS13);
      54                 :            : 
      55                 :       2707 :     uint8_t length = s2n_stuffer_data_available(&conn->handshake.io);
      56 [ -  + ][ #  # ]:       2707 :     S2N_ERROR_IF(length == 0, S2N_ERR_BAD_MESSAGE);
      57                 :            : 
      58                 :            :     /* read finished mac from handshake */
      59                 :       2707 :     struct s2n_blob wire_finished_mac = { 0 };
      60         [ -  + ]:       2707 :     POSIX_GUARD(s2n_blob_init(&wire_finished_mac, s2n_stuffer_raw_read(&conn->handshake.io, length), length));
      61                 :            : 
      62                 :            :     /* get tls13 keys */
      63         [ -  + ]:       2707 :     s2n_tls13_connection_keys(keys, conn);
      64                 :            : 
      65                 :            :     /* get transcript hash */
      66 [ -  + ][ #  # ]:       2707 :     POSIX_ENSURE_REF(conn->handshake.hashes);
      67                 :       2707 :     struct s2n_hash_state *hash_state = &conn->handshake.hashes->hash_workspace;
      68         [ -  + ]:       2707 :     POSIX_GUARD_RESULT(s2n_handshake_copy_hash_state(conn, keys.hash_algorithm, hash_state));
      69                 :            : 
      70                 :       2707 :     struct s2n_blob finished_key = { 0 };
      71         [ -  + ]:       2707 :     POSIX_GUARD(s2n_blob_init(&finished_key, conn->handshake.client_finished, keys.size));
      72                 :            : 
      73 [ -  + ][ #  # ]:       5414 :     s2n_tls13_key_blob(client_finished_mac, keys.size);
                 [ -  + ]
      74         [ -  + ]:       2707 :     POSIX_GUARD(s2n_tls13_calculate_finished_mac(&keys, &finished_key, hash_state, &client_finished_mac));
      75                 :            : 
      76         [ +  + ]:       2707 :     POSIX_GUARD(s2n_tls13_mac_verify(&keys, &client_finished_mac, &wire_finished_mac));
      77                 :            : 
      78                 :       2646 :     return 0;
      79                 :       2707 : }
      80                 :            : 
      81                 :            : int s2n_tls13_client_finished_send(struct s2n_connection *conn)
      82                 :       2650 : {
      83 [ +  + ][ +  - ]:       2650 :     POSIX_ENSURE_EQ(conn->actual_protocol_version, S2N_TLS13);
      84                 :            : 
      85                 :            :     /* get tls13 keys */
      86         [ -  + ]:       2650 :     s2n_tls13_connection_keys(keys, conn);
      87                 :            : 
      88                 :            :     /* get transcript hash */
      89 [ #  # ][ -  + ]:       2649 :     POSIX_ENSURE_REF(conn->handshake.hashes);
      90                 :       2649 :     struct s2n_hash_state *hash_state = &conn->handshake.hashes->hash_workspace;
      91         [ -  + ]:       2649 :     POSIX_GUARD_RESULT(s2n_handshake_copy_hash_state(conn, keys.hash_algorithm, hash_state));
      92                 :            : 
      93                 :            :     /* look up finished secret key */
      94                 :       2649 :     struct s2n_blob finished_key = { 0 };
      95         [ -  + ]:       2649 :     POSIX_GUARD(s2n_blob_init(&finished_key, conn->handshake.client_finished, keys.size));
      96                 :            : 
      97                 :            :     /* generate the hashed message authenticated code */
      98 [ #  # ][ -  + ]:       5298 :     s2n_stack_blob(client_finished_mac, keys.size, S2N_TLS13_SECRET_MAX_LEN);
                 [ -  + ]
      99         [ -  + ]:       2649 :     POSIX_GUARD(s2n_tls13_calculate_finished_mac(&keys, &finished_key, hash_state, &client_finished_mac));
     100                 :            : 
     101                 :            :     /* write to handshake io */
     102         [ -  + ]:       2649 :     POSIX_GUARD(s2n_stuffer_write(&conn->handshake.io, &client_finished_mac));
     103                 :            : 
     104                 :       2649 :     return 0;
     105                 :       2649 : }