Branch data Line data Source code
1 : : /* 2 : : * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 : : * 4 : : * Licensed under the Apache License, Version 2.0 (the "License"). 5 : : * You may not use this file except in compliance with the License. 6 : : * A copy of the License is located at 7 : : * 8 : : * http://aws.amazon.com/apache2.0 9 : : * 10 : : * or in the "license" file accompanying this file. This file is distributed 11 : : * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 12 : : * express or implied. See the License for the specific language governing 13 : : * permissions and limitations under the License. 14 : : */ 15 : : 16 : : #include "tls/extensions/s2n_client_session_ticket.h" 17 : : 18 : : #include <stdint.h> 19 : : 20 : : #include "tls/extensions/s2n_client_psk.h" 21 : : #include "tls/s2n_resume.h" 22 : : #include "tls/s2n_tls.h" 23 : : #include "tls/s2n_tls_parameters.h" 24 : : #include "utils/s2n_safety.h" 25 : : 26 : : static bool s2n_client_session_ticket_should_send(struct s2n_connection *conn); 27 : : static int s2n_client_session_ticket_send(struct s2n_connection *conn, struct s2n_stuffer *out); 28 : : static int s2n_client_session_ticket_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); 29 : : 30 : : const s2n_extension_type s2n_client_session_ticket_extension = { 31 : : .iana_value = TLS_EXTENSION_SESSION_TICKET, 32 : : .is_response = false, 33 : : .send = s2n_client_session_ticket_send, 34 : : .recv = s2n_client_session_ticket_recv, 35 : : .should_send = s2n_client_session_ticket_should_send, 36 : : .if_missing = s2n_extension_noop_if_missing, 37 : : }; 38 : : 39 : : static bool s2n_client_session_ticket_should_send(struct s2n_connection *conn) 40 : 7724 : { 41 [ + + ][ + + ]: 7724 : return conn->config->use_tickets && !conn->config->ticket_forward_secrecy 42 [ + + ]: 7724 : && !s2n_client_psk_should_send(conn); 43 : 7724 : } 44 : : 45 : : static int s2n_client_session_ticket_send(struct s2n_connection *conn, struct s2n_stuffer *out) 46 : 106 : { 47 [ - + ]: 106 : POSIX_GUARD(s2n_stuffer_write(out, &conn->client_ticket)); 48 : 106 : return S2N_SUCCESS; 49 : 106 : } 50 : : 51 : : static int s2n_client_session_ticket_recv(struct s2n_connection *conn, struct s2n_stuffer *extension) 52 : 113 : { 53 [ + + ][ + + ]: 113 : if (conn->config->use_tickets != 1 || conn->actual_protocol_version > S2N_TLS12 54 [ + + ]: 113 : || conn->config->ticket_forward_secrecy) { 55 : : /* Ignore the extension. */ 56 : 62 : return S2N_SUCCESS; 57 : 62 : } 58 : : 59 : : /* s2n server does not support session ticket with CLIENT_AUTH enabled */ 60 [ + + ]: 51 : if (s2n_connection_is_client_auth_enabled(conn) > 0) { 61 : 2 : return S2N_SUCCESS; 62 : 2 : } 63 : : 64 [ + + ]: 49 : if (s2n_stuffer_data_available(extension) == S2N_TLS12_TICKET_SIZE_IN_BYTES) { 65 : 29 : conn->session_ticket_status = S2N_DECRYPT_TICKET; 66 [ - + ]: 29 : POSIX_GUARD(s2n_stuffer_copy(extension, &conn->client_ticket_to_decrypt, S2N_TLS12_TICKET_SIZE_IN_BYTES)); 67 [ + + ]: 29 : } else if (s2n_result_is_ok(s2n_config_is_encrypt_key_available(conn->config))) { 68 : 16 : conn->session_ticket_status = S2N_NEW_TICKET; 69 : 16 : } 70 : : 71 : 49 : return S2N_SUCCESS; 72 : 49 : }