Branch data Line data Source code
1 : : /* 2 : : * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 : : * 4 : : * Licensed under the Apache License, Version 2.0 (the "License"). 5 : : * You may not use this file except in compliance with the License. 6 : : * A copy of the License is located at 7 : : * 8 : : * http://aws.amazon.com/apache2.0 9 : : * 10 : : * or in the "license" file accompanying this file. This file is distributed 11 : : * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 12 : : * express or implied. See the License for the specific language governing 13 : : * permissions and limitations under the License. 14 : : */ 15 : : 16 : : #include <stdint.h> 17 : : 18 : : #include "tls/extensions/s2n_ems.h" 19 : : #include "tls/s2n_tls.h" 20 : : #include "utils/s2n_safety.h" 21 : : 22 : : static int s2n_server_ems_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); 23 : : static bool s2n_server_ems_should_send(struct s2n_connection *conn); 24 : : static int s2n_server_ems_if_missing(struct s2n_connection *conn); 25 : : 26 : : /** 27 : : *= https://www.rfc-editor.org/rfc/rfc7627#section-5.1 28 : : *# 29 : : *# This document defines a new TLS extension, "extended_master_secret" 30 : : *# (with extension type 0x0017), which is used to signal both client and 31 : : *# server to use the extended master secret computation. The 32 : : *# "extension_data" field of this extension is empty. Thus, the entire 33 : : *# encoding of the extension is 00 17 00 00 (in hexadecimal.) 34 : : **/ 35 : : const s2n_extension_type s2n_server_ems_extension = { 36 : : .iana_value = TLS_EXTENSION_EMS, 37 : : .is_response = true, 38 : : .send = s2n_extension_send_noop, 39 : : .recv = s2n_server_ems_recv, 40 : : .should_send = s2n_server_ems_should_send, 41 : : .if_missing = s2n_server_ems_if_missing, 42 : : }; 43 : : 44 : : static int s2n_server_ems_recv(struct s2n_connection *conn, struct s2n_stuffer *extension) 45 : 2308 : { 46 [ - + ][ # # ]: 2308 : POSIX_ENSURE_REF(conn); 47 : : 48 : : /* Read nothing. The extension just needs to exist without any data. */ 49 [ - + ][ # # ]: 2308 : POSIX_ENSURE(s2n_stuffer_data_available(extension) == 0, S2N_ERR_UNSUPPORTED_EXTENSION); 50 : 2308 : conn->ems_negotiated = true; 51 : : 52 : 2308 : return S2N_SUCCESS; 53 : 2308 : } 54 : : 55 : : static bool s2n_server_ems_should_send(struct s2n_connection *conn) 56 : 2363 : { 57 [ + - ][ + + ]: 2363 : return conn && conn->actual_protocol_version < S2N_TLS13; 58 : 2363 : } 59 : : 60 : : static int s2n_server_ems_if_missing(struct s2n_connection *conn) 61 : 10 : { 62 [ - + ][ # # ]: 10 : POSIX_ENSURE_REF(conn); 63 : : 64 : : /** 65 : : *= https://www.rfc-editor.org/rfc/rfc7627#section-5.3 66 : : *# If the original session used the extension but the new ServerHello 67 : : *# does not contain the extension, the client MUST abort the 68 : : *# handshake. 69 : : **/ 70 [ + + ][ + - ]: 10 : POSIX_ENSURE(!conn->ems_negotiated, S2N_ERR_MISSING_EXTENSION); 71 : : 72 : 9 : return S2N_SUCCESS; 73 : 10 : }