Branch data     Line data    Source code

       1                 :            : /*
       2                 :            :  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
       3                 :            :  *
       4                 :            :  * Licensed under the Apache License, Version 2.0 (the "License").
       5                 :            :  * You may not use this file except in compliance with the License.
       6                 :            :  * A copy of the License is located at
       7                 :            :  *
       8                 :            :  *  http://aws.amazon.com/apache2.0
       9                 :            :  *
      10                 :            :  * or in the "license" file accompanying this file. This file is distributed
      11                 :            :  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
      12                 :            :  * express or implied. See the License for the specific language governing
      13                 :            :  * permissions and limitations under the License.
      14                 :            :  */
      15                 :            : 
      16                 :            : #include "tls/extensions/s2n_psk_key_exchange_modes.h"
      17                 :            : 
      18                 :            : #include <stdint.h>
      19                 :            : #include <sys/param.h>
      20                 :            : 
      21                 :            : #include "tls/extensions/s2n_client_psk.h"
      22                 :            : #include "tls/s2n_tls_parameters.h"
      23                 :            : #include "utils/s2n_safety.h"
      24                 :            : 
      25                 :            : static bool s2n_psk_key_exchange_modes_should_send(struct s2n_connection *conn);
      26                 :            : static int s2n_psk_key_exchange_modes_send(struct s2n_connection *conn, struct s2n_stuffer *out);
      27                 :            : static int s2n_psk_key_exchange_modes_recv(struct s2n_connection *conn, struct s2n_stuffer *extension);
      28                 :            : 
      29                 :            : const s2n_extension_type s2n_psk_key_exchange_modes_extension = {
      30                 :            :     .iana_value = TLS_EXTENSION_PSK_KEY_EXCHANGE_MODES,
      31                 :            :     .minimum_version = S2N_TLS13,
      32                 :            :     .is_response = false,
      33                 :            :     .send = s2n_psk_key_exchange_modes_send,
      34                 :            :     .recv = s2n_psk_key_exchange_modes_recv,
      35                 :            :     .should_send = s2n_psk_key_exchange_modes_should_send,
      36                 :            :     .if_missing = s2n_extension_noop_if_missing,
      37                 :            : };
      38                 :            : 
      39                 :            : static bool s2n_psk_key_exchange_modes_should_send(struct s2n_connection *conn)
      40                 :       5311 : {
      41                 :            :     /**
      42                 :            :      *= https://www.rfc-editor.org/rfc/rfc8446#section-4.2.9
      43                 :            :      *# Servers MUST NOT select a key exchange mode that is not listed by the
      44                 :            :      *# client.  This extension also restricts the modes for use with PSK
      45                 :            :      *# resumption.
      46                 :            :      *
      47                 :            :      * The RFC is ambiguous about whether the psk_kx_modes extension should be
      48                 :            :      * sent in the first flight of messages, but we choose to do so for
      49                 :            :      * interoperability with other TLS implementations.
      50                 :            :      * https://github.com/aws/s2n-tls/issues/4124
      51                 :            :      * The final check for psk_list.len > 0 is necessary because external
      52                 :            :      * PSKs are used without setting `use_tickets` to true.
      53                 :            :      */
      54 [ +  + ][ +  + ]:       5311 :     return conn->config->use_tickets || conn->psk_params.psk_list.len > 0;
      55                 :       5311 : }
      56                 :            : 
      57                 :            : static int s2n_psk_key_exchange_modes_send(struct s2n_connection *conn, struct s2n_stuffer *out)
      58                 :       1146 : {
      59 [ -  + ][ #  # ]:       1146 :     POSIX_ENSURE_REF(conn);
      60                 :            : 
      61         [ -  + ]:       1146 :     POSIX_GUARD(s2n_stuffer_write_uint8(out, PSK_KEY_EXCHANGE_MODE_SIZE));
      62                 :            : 
      63                 :            :     /* s2n currently only supports pre-shared keys with (EC)DHE key establishment */
      64         [ -  + ]:       1146 :     POSIX_GUARD(s2n_stuffer_write_uint8(out, TLS_PSK_DHE_KE_MODE));
      65                 :            : 
      66                 :       1146 :     return S2N_SUCCESS;
      67                 :       1146 : }
      68                 :            : 
      69                 :            : static int s2n_psk_key_exchange_modes_recv(struct s2n_connection *conn, struct s2n_stuffer *extension)
      70                 :       1137 : {
      71 [ -  + ][ #  # ]:       1137 :     POSIX_ENSURE_REF(conn);
      72                 :            : 
      73                 :       1137 :     uint8_t psk_ke_mode_list_len = 0;
      74         [ -  + ]:       1137 :     POSIX_GUARD(s2n_stuffer_read_uint8(extension, &psk_ke_mode_list_len));
      75         [ +  + ]:       1137 :     if (psk_ke_mode_list_len > s2n_stuffer_data_available(extension)) {
      76                 :            :         /* Malformed length, ignore the extension */
      77                 :          1 :         return S2N_SUCCESS;
      78                 :          1 :     }
      79                 :            : 
      80         [ +  + ]:       1155 :     for (size_t i = 0; i < psk_ke_mode_list_len; i++) {
      81                 :       1151 :         uint8_t wire_psk_ke_mode = 0;
      82         [ -  + ]:       1151 :         POSIX_GUARD(s2n_stuffer_read_uint8(extension, &wire_psk_ke_mode));
      83                 :            : 
      84                 :            :         /* s2n currently only supports pre-shared keys with (EC)DHE key establishment */
      85         [ +  + ]:       1151 :         if (wire_psk_ke_mode == TLS_PSK_DHE_KE_MODE) {
      86                 :       1132 :             conn->psk_params.psk_ke_mode = S2N_PSK_DHE_KE;
      87                 :       1132 :             return S2N_SUCCESS;
      88                 :       1132 :         }
      89                 :       1151 :     }
      90                 :            : 
      91                 :          4 :     return S2N_SUCCESS;
      92                 :       1136 : }