LCOV - code coverage report
Current view: top level - tls/extensions - s2n_server_psk.c (source / functions) Hit Total Coverage
Test: unit_test_coverage.info Lines: 22 22 100.0 %
Date: 2025-08-14 07:26:07 Functions: 3 3 100.0 %
Branches: 16 28 57.1 % 

           Branch data     Line data    Source code
       1                 :            : /*
       2                 :            :  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
       3                 :            :  *
       4                 :            :  * Licensed under the Apache License, Version 2.0 (the "License").
       5                 :            :  * You may not use this file except in compliance with the License.
       6                 :            :  * A copy of the License is located at
       7                 :            :  *
       8                 :            :  *  http://aws.amazon.com/apache2.0
       9                 :            :  *
      10                 :            :  * or in the "license" file accompanying this file. This file is distributed
      11                 :            :  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
      12                 :            :  * express or implied. See the License for the specific language governing
      13                 :            :  * permissions and limitations under the License.
      14                 :            :  */
      15                 :            : 
      16                 :            : #include "tls/extensions/s2n_server_psk.h"
      17                 :            : 
      18                 :            : #include <stdint.h>
      19                 :            : #include <sys/param.h>
      20                 :            : 
      21                 :            : #include "tls/s2n_tls.h"
      22                 :            : #include "utils/s2n_bitmap.h"
      23                 :            : #include "utils/s2n_safety.h"
      24                 :            : 
      25                 :            : static bool s2n_server_psk_should_send(struct s2n_connection *conn);
      26                 :            : static int s2n_server_psk_send(struct s2n_connection *conn, struct s2n_stuffer *out);
      27                 :            : static int s2n_server_psk_recv(struct s2n_connection *conn, struct s2n_stuffer *extension);
      28                 :            : 
      29                 :            : const s2n_extension_type s2n_server_psk_extension = {
      30                 :            :     .iana_value = TLS_EXTENSION_PRE_SHARED_KEY,
      31                 :            :     .minimum_version = S2N_TLS13,
      32                 :            :     .is_response = true,
      33                 :            :     .send = s2n_server_psk_send,
      34                 :            :     .recv = s2n_server_psk_recv,
      35                 :            :     .should_send = s2n_server_psk_should_send,
      36                 :            :     .if_missing = s2n_extension_noop_if_missing,
      37                 :            : };
      38                 :            : 
      39                 :            : static bool s2n_server_psk_should_send(struct s2n_connection *conn)
      40                 :        616 : {
      41                 :            :     /* Only send a server pre_shared_key extension if a chosen PSK is set on the connection */
      42 [ +  + ][ +  + ]:        616 :     return conn && conn->psk_params.chosen_psk;
      43                 :        616 : }
      44                 :            : 
      45                 :            : static int s2n_server_psk_send(struct s2n_connection *conn, struct s2n_stuffer *out)
      46                 :        600 : {
      47 [ #  # ][ -  + ]:        600 :     POSIX_ENSURE_REF(conn);
      48                 :            : 
      49                 :            :     /* Send the index of the chosen PSK that is stored on the connection. */
      50         [ -  + ]:        600 :     POSIX_GUARD(s2n_stuffer_write_uint16(out, conn->psk_params.chosen_psk_wire_index));
      51                 :            : 
      52                 :        600 :     return S2N_SUCCESS;
      53                 :        600 : }
      54                 :            : 
      55                 :            : static int s2n_server_psk_recv(struct s2n_connection *conn, struct s2n_stuffer *extension)
      56                 :        595 : {
      57 [ -  + ][ #  # ]:        595 :     POSIX_ENSURE_REF(conn);
      58                 :            : 
      59                 :            :     /* Currently in s2n, only (EC)DHE key exchange mode is supported.
      60                 :            :      * Any other mode selected by the server is invalid because it was not offered by the client.
      61                 :            :      * A key_share extension MUST have been received in order to use a pre-shared key in (EC)DHE key exchange mode.
      62                 :            :      */
      63                 :        595 :     s2n_extension_type_id key_share_ext_id = s2n_unsupported_extension;
      64         [ -  + ]:        595 :     POSIX_GUARD(s2n_extension_supported_iana_value_to_id(TLS_EXTENSION_KEY_SHARE, &key_share_ext_id));
      65 [ +  - ][ +  + ]:        595 :     POSIX_ENSURE(S2N_CBIT_TEST(conn->extension_responses_received, key_share_ext_id), S2N_ERR_MISSING_EXTENSION);
      66                 :            : 
      67                 :            :     /* From RFC section: https://tools.ietf.org/html/rfc8446#section-4.2.8.1
      68                 :            :      * Any future values that are allocated must ensure that the transmitted protocol messages
      69                 :            :      * unambiguously identify which mode was selected by the server; at present, this is
      70                 :            :      * indicated by the presence of the "key_share" in the ServerHello.
      71                 :            :      */
      72                 :        593 :     conn->psk_params.psk_ke_mode = S2N_PSK_DHE_KE;
      73                 :            : 
      74                 :        593 :     uint16_t chosen_psk_wire_index = 0;
      75         [ -  + ]:        593 :     POSIX_GUARD(s2n_stuffer_read_uint16(extension, &chosen_psk_wire_index));
      76                 :            : 
      77                 :            :     /* From RFC section: https://tools.ietf.org/html/rfc8446#section-4.2.11 
      78                 :            :      * Clients MUST verify that the server's selected_identity is within the
      79                 :            :      * range supplied by the client.
      80                 :            :      */
      81 [ +  + ][ +  - ]:        593 :     POSIX_ENSURE(chosen_psk_wire_index < conn->psk_params.psk_list.len, S2N_ERR_INVALID_ARGUMENT);
      82                 :        592 :     conn->psk_params.chosen_psk_wire_index = chosen_psk_wire_index;
      83                 :            : 
      84         [ -  + ]:        592 :     POSIX_GUARD_RESULT(s2n_array_get(&conn->psk_params.psk_list, conn->psk_params.chosen_psk_wire_index,
      85                 :        592 :             (void **) &conn->psk_params.chosen_psk));
      86                 :            : 
      87                 :        592 :     return S2N_SUCCESS;
      88                 :        592 : }

Generated by: LCOV version 1.14