Branch data     Line data    Source code

       1                 :            : /*
       2                 :            :  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
       3                 :            :  *
       4                 :            :  * Licensed under the Apache License, Version 2.0 (the "License").
       5                 :            :  * You may not use this file except in compliance with the License.
       6                 :            :  * A copy of the License is located at
       7                 :            :  *
       8                 :            :  *  http://aws.amazon.com/apache2.0
       9                 :            :  *
      10                 :            :  * or in the "license" file accompanying this file. This file is distributed
      11                 :            :  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
      12                 :            :  * express or implied. See the License for the specific language governing
      13                 :            :  * permissions and limitations under the License.
      14                 :            :  */
      15                 :            : 
      16                 :            : #include <stdint.h>
      17                 :            : 
      18                 :            : #include "error/s2n_errno.h"
      19                 :            : #include "stuffer/s2n_stuffer.h"
      20                 :            : #include "tls/s2n_connection.h"
      21                 :            : #include "tls/s2n_resume.h"
      22                 :            : #include "tls/s2n_tls.h"
      23                 :            : #include "tls/s2n_tls13_handshake.h"
      24                 :            : #include "utils/s2n_safety.h"
      25                 :            : 
      26                 :            : S2N_RESULT s2n_finished_recv(struct s2n_connection *conn, uint8_t *local_verify_data)
      27                 :       2664 : {
      28 [ -  + ][ #  # ]:       2664 :     RESULT_ENSURE_REF(conn);
      29                 :            : 
      30                 :       2664 :     uint8_t length = conn->handshake.finished_len;
      31                 :            :     /* Recalculate length to ensure that we're validating the right number of bytes */
      32         [ +  + ]:       2664 :     if (conn->actual_protocol_version == S2N_SSLv3) {
      33 [ #  # ][ -  + ]:        192 :         RESULT_ENSURE_EQ(length, S2N_SSL_FINISHED_LEN);
      34                 :       2472 :     } else {
      35 [ -  + ][ #  # ]:       2472 :         RESULT_ENSURE_EQ(length, S2N_TLS_FINISHED_LEN);
      36                 :       2472 :     }
      37                 :            : 
      38                 :       2664 :     uint8_t *peer_verify_data = s2n_stuffer_raw_read(&conn->handshake.io, length);
      39 [ -  + ][ #  # ]:       2664 :     RESULT_ENSURE_REF(peer_verify_data);
      40                 :            : 
      41 [ +  + ][ +  - ]:       2664 :     RESULT_ENSURE(s2n_constant_time_equals(local_verify_data, peer_verify_data, length), S2N_ERR_BAD_MESSAGE);
      42                 :       2662 :     return S2N_RESULT_OK;
      43                 :       2664 : }
      44                 :            : 
      45                 :            : S2N_RESULT s2n_finished_send(struct s2n_connection *conn, uint8_t *verify_data)
      46                 :       3591 : {
      47 [ -  + ][ #  # ]:       3591 :     RESULT_ENSURE_REF(conn);
      48                 :            : 
      49                 :       3591 :     uint8_t length = conn->handshake.finished_len;
      50 [ -  + ][ #  # ]:       3591 :     RESULT_ENSURE_GT(length, 0);
      51                 :            : 
      52         [ -  + ]:       3591 :     RESULT_GUARD_POSIX(s2n_stuffer_write_bytes(&conn->handshake.io, verify_data, length));
      53                 :       3591 :     return S2N_RESULT_OK;
      54                 :       3591 : }
      55                 :            : 
      56                 :            : int s2n_server_finished_recv(struct s2n_connection *conn)
      57                 :       1304 : {
      58 [ -  + ][ #  # ]:       1304 :     POSIX_ENSURE_REF(conn);
      59                 :       1304 :     uint8_t *verify_data = conn->handshake.server_finished;
      60         [ -  + ]:       1304 :     POSIX_GUARD_RESULT(s2n_finished_recv(conn, verify_data));
      61                 :       1304 :     return S2N_SUCCESS;
      62                 :       1304 : }
      63                 :            : 
      64                 :            : int s2n_server_finished_send(struct s2n_connection *conn)
      65                 :       1363 : {
      66 [ -  + ][ #  # ]:       1363 :     POSIX_ENSURE_REF(conn);
      67                 :            : 
      68                 :       1363 :     uint8_t *verify_data = conn->handshake.server_finished;
      69         [ -  + ]:       1363 :     POSIX_GUARD(s2n_prf_server_finished(conn));
      70         [ -  + ]:       1363 :     POSIX_GUARD_RESULT(s2n_finished_send(conn, verify_data));
      71         [ -  + ]:       1363 :     POSIX_GUARD_RESULT(s2n_crypto_parameters_switch(conn));
      72                 :            : 
      73         [ +  + ]:       1363 :     if (s2n_connection_is_session_resumed(conn)) {
      74         [ -  + ]:         25 :         POSIX_GUARD(s2n_prf_key_expansion(conn));
      75                 :         25 :     }
      76                 :            : 
      77                 :       1363 :     return S2N_SUCCESS;
      78                 :       1363 : }
      79                 :            : 
      80                 :            : int s2n_tls13_server_finished_recv(struct s2n_connection *conn)
      81                 :       2714 : {
      82 [ +  - ][ +  + ]:       2714 :     POSIX_ENSURE_EQ(conn->actual_protocol_version, S2N_TLS13);
      83                 :            : 
      84                 :       2713 :     uint8_t length = s2n_stuffer_data_available(&conn->handshake.io);
      85 [ -  + ][ #  # ]:       2713 :     S2N_ERROR_IF(length == 0, S2N_ERR_BAD_MESSAGE);
      86                 :            : 
      87                 :            :     /* read finished mac from handshake */
      88                 :       2713 :     struct s2n_blob wire_finished_mac = { 0 };
      89         [ -  + ]:       2713 :     POSIX_GUARD(s2n_blob_init(&wire_finished_mac, s2n_stuffer_raw_read(&conn->handshake.io, length), length));
      90                 :            : 
      91                 :            :     /* get tls13 keys */
      92         [ -  + ]:       2713 :     s2n_tls13_connection_keys(keys, conn);
      93                 :            : 
      94                 :            :     /* get transcript hash */
      95 [ -  + ][ #  # ]:       2713 :     POSIX_ENSURE_REF(conn->handshake.hashes);
      96                 :       2713 :     struct s2n_hash_state *hash_state = &conn->handshake.hashes->hash_workspace;
      97         [ -  + ]:       2713 :     POSIX_GUARD_RESULT(s2n_handshake_copy_hash_state(conn, keys.hash_algorithm, hash_state));
      98                 :            : 
      99                 :            :     /* look up finished secret key */
     100                 :       2713 :     struct s2n_blob finished_key = { 0 };
     101         [ -  + ]:       2713 :     POSIX_GUARD(s2n_blob_init(&finished_key, conn->handshake.server_finished, keys.size));
     102                 :            : 
     103                 :            :     /* generate the hashed message authenticated code */
     104 [ -  + ][ #  # ]:       5426 :     s2n_tls13_key_blob(server_finished_mac, keys.size);
                 [ -  + ]
     105         [ -  + ]:       2713 :     POSIX_GUARD(s2n_tls13_calculate_finished_mac(&keys, &finished_key, hash_state, &server_finished_mac));
     106                 :            : 
     107                 :            :     /* compare mac with received message */
     108         [ +  + ]:       2713 :     POSIX_GUARD(s2n_tls13_mac_verify(&keys, &server_finished_mac, &wire_finished_mac));
     109                 :            : 
     110                 :       2652 :     return 0;
     111                 :       2713 : }
     112                 :            : 
     113                 :            : int s2n_tls13_server_finished_send(struct s2n_connection *conn)
     114                 :       3442 : {
     115 [ +  - ][ +  + ]:       3442 :     POSIX_ENSURE_EQ(conn->actual_protocol_version, S2N_TLS13);
     116                 :            : 
     117                 :            :     /* get tls13 keys */
     118         [ -  + ]:       3442 :     s2n_tls13_connection_keys(keys, conn);
     119                 :            : 
     120                 :            :     /* get transcript hash */
     121 [ -  + ][ #  # ]:       3441 :     POSIX_ENSURE_REF(conn->handshake.hashes);
     122                 :       3441 :     struct s2n_hash_state *hash_state = &conn->handshake.hashes->hash_workspace;
     123         [ -  + ]:       3441 :     POSIX_GUARD_RESULT(s2n_handshake_copy_hash_state(conn, keys.hash_algorithm, hash_state));
     124                 :            : 
     125                 :            :     /* look up finished secret key */
     126                 :       3441 :     struct s2n_blob finished_key = { 0 };
     127         [ -  + ]:       3441 :     POSIX_GUARD(s2n_blob_init(&finished_key, conn->handshake.server_finished, keys.size));
     128                 :            : 
     129                 :            :     /* generate the hashed message authenticated code */
     130 [ -  + ][ #  # ]:       6882 :     s2n_tls13_key_blob(server_finished_mac, keys.size);
                 [ -  + ]
     131         [ -  + ]:       3441 :     POSIX_GUARD(s2n_tls13_calculate_finished_mac(&keys, &finished_key, hash_state, &server_finished_mac));
     132                 :            : 
     133                 :            :     /* write to handshake io */
     134         [ -  + ]:       3441 :     POSIX_GUARD(s2n_stuffer_write(&conn->handshake.io, &server_finished_mac));
     135                 :            : 
     136                 :       3441 :     return 0;
     137                 :       3441 : }