Branch data     Line data    Source code

       1                 :            : /*
       2                 :            :  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
       3                 :            :  *
       4                 :            :  * Licensed under the Apache License, Version 2.0 (the "License").
       5                 :            :  * You may not use this file except in compliance with the License.
       6                 :            :  * A copy of the License is located at
       7                 :            :  *
       8                 :            :  *  http://aws.amazon.com/apache2.0
       9                 :            :  *
      10                 :            :  * or in the "license" file accompanying this file. This file is distributed
      11                 :            :  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
      12                 :            :  * express or implied. See the License for the specific language governing
      13                 :            :  * permissions and limitations under the License.
      14                 :            :  */
      15                 :            : 
      16                 :            : #include "tls/extensions/s2n_client_session_ticket.h"
      17                 :            : 
      18                 :            : #include <stdint.h>
      19                 :            : #include <sys/param.h>
      20                 :            : 
      21                 :            : #include "tls/extensions/s2n_client_psk.h"
      22                 :            : #include "tls/s2n_resume.h"
      23                 :            : #include "tls/s2n_tls.h"
      24                 :            : #include "tls/s2n_tls_parameters.h"
      25                 :            : #include "utils/s2n_safety.h"
      26                 :            : 
      27                 :            : static bool s2n_client_session_ticket_should_send(struct s2n_connection *conn);
      28                 :            : static int s2n_client_session_ticket_send(struct s2n_connection *conn, struct s2n_stuffer *out);
      29                 :            : static int s2n_client_session_ticket_recv(struct s2n_connection *conn, struct s2n_stuffer *extension);
      30                 :            : 
      31                 :            : const s2n_extension_type s2n_client_session_ticket_extension = {
      32                 :            :     .iana_value = TLS_EXTENSION_SESSION_TICKET,
      33                 :            :     .is_response = false,
      34                 :            :     .send = s2n_client_session_ticket_send,
      35                 :            :     .recv = s2n_client_session_ticket_recv,
      36                 :            :     .should_send = s2n_client_session_ticket_should_send,
      37                 :            :     .if_missing = s2n_extension_noop_if_missing,
      38                 :            : };
      39                 :            : 
      40                 :            : static bool s2n_client_session_ticket_should_send(struct s2n_connection *conn)
      41                 :       7355 : {
      42 [ +  + ][ +  + ]:       7355 :     return conn->config->use_tickets && !conn->config->ticket_forward_secrecy
      43         [ +  + ]:       7355 :             && !s2n_client_psk_should_send(conn);
      44                 :       7355 : }
      45                 :            : 
      46                 :            : static int s2n_client_session_ticket_send(struct s2n_connection *conn, struct s2n_stuffer *out)
      47                 :        106 : {
      48         [ -  + ]:        106 :     POSIX_GUARD(s2n_stuffer_write(out, &conn->client_ticket));
      49                 :        106 :     return S2N_SUCCESS;
      50                 :        106 : }
      51                 :            : 
      52                 :            : static int s2n_client_session_ticket_recv(struct s2n_connection *conn, struct s2n_stuffer *extension)
      53                 :        113 : {
      54 [ +  + ][ +  + ]:        113 :     if (conn->config->use_tickets != 1 || conn->actual_protocol_version > S2N_TLS12
      55         [ +  + ]:        113 :             || conn->config->ticket_forward_secrecy) {
      56                 :            :         /* Ignore the extension. */
      57                 :         62 :         return S2N_SUCCESS;
      58                 :         62 :     }
      59                 :            : 
      60                 :            :     /* s2n server does not support session ticket with CLIENT_AUTH enabled */
      61         [ +  + ]:         51 :     if (s2n_connection_is_client_auth_enabled(conn) > 0) {
      62                 :          2 :         return S2N_SUCCESS;
      63                 :          2 :     }
      64                 :            : 
      65         [ +  + ]:         49 :     if (s2n_stuffer_data_available(extension) == S2N_TLS12_TICKET_SIZE_IN_BYTES) {
      66                 :         29 :         conn->session_ticket_status = S2N_DECRYPT_TICKET;
      67         [ -  + ]:         29 :         POSIX_GUARD(s2n_stuffer_copy(extension, &conn->client_ticket_to_decrypt, S2N_TLS12_TICKET_SIZE_IN_BYTES));
      68         [ +  + ]:         29 :     } else if (s2n_result_is_ok(s2n_config_is_encrypt_key_available(conn->config))) {
      69                 :         16 :         conn->session_ticket_status = S2N_NEW_TICKET;
      70                 :         16 :     }
      71                 :            : 
      72                 :         49 :     return S2N_SUCCESS;
      73                 :         49 : }