Branch data Line data Source code
1 : : /*
2 : : * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3 : : *
4 : : * Licensed under the Apache License, Version 2.0 (the "License").
5 : : * You may not use this file except in compliance with the License.
6 : : * A copy of the License is located at
7 : : *
8 : : * http://aws.amazon.com/apache2.0
9 : : *
10 : : * or in the "license" file accompanying this file. This file is distributed
11 : : * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12 : : * express or implied. See the License for the specific language governing
13 : : * permissions and limitations under the License.
14 : : */
15 : :
16 : : #include "tls/s2n_early_data.h"
17 : :
18 : : #include "tls/s2n_cipher_suites.h"
19 : : #include "tls/s2n_connection.h"
20 : : #include "tls/s2n_psk.h"
21 : : #include "utils/s2n_mem.h"
22 : : #include "utils/s2n_safety.h"
23 : :
24 : : const s2n_early_data_state valid_previous_states[] = {
25 : : [S2N_EARLY_DATA_REQUESTED] = S2N_UNKNOWN_EARLY_DATA_STATE,
26 : : [S2N_EARLY_DATA_NOT_REQUESTED] = S2N_UNKNOWN_EARLY_DATA_STATE,
27 : : [S2N_EARLY_DATA_REJECTED] = S2N_EARLY_DATA_REQUESTED,
28 : : [S2N_EARLY_DATA_ACCEPTED] = S2N_EARLY_DATA_REQUESTED,
29 : : [S2N_END_OF_EARLY_DATA] = S2N_EARLY_DATA_ACCEPTED,
30 : : };
31 : :
32 : : S2N_RESULT s2n_connection_set_early_data_state(struct s2n_connection *conn, s2n_early_data_state next_state)
33 : 15572 : {
34 [ + - ][ + + ]: 15572 : RESULT_ENSURE_REF(conn);
35 [ + + ]: 15571 : if (conn->early_data_state == next_state) {
36 : 195 : return S2N_RESULT_OK;
37 : 195 : }
38 [ + + ][ + - ]: 15376 : RESULT_ENSURE(next_state < S2N_EARLY_DATA_STATES_COUNT, S2N_ERR_INVALID_EARLY_DATA_STATE);
39 [ + - ][ + + ]: 15374 : RESULT_ENSURE(next_state != S2N_UNKNOWN_EARLY_DATA_STATE, S2N_ERR_INVALID_EARLY_DATA_STATE);
40 [ + - ][ + + ]: 15361 : RESULT_ENSURE(conn->early_data_state == valid_previous_states[next_state], S2N_ERR_INVALID_EARLY_DATA_STATE);
41 : 15313 : conn->early_data_state = next_state;
42 : 15313 : return S2N_RESULT_OK;
43 : 15361 : }
44 : :
45 : : int s2n_connection_set_early_data_expected(struct s2n_connection *conn)
46 : 6584 : {
47 [ + + ][ + - ]: 6584 : POSIX_ENSURE_REF(conn);
48 : 6583 : conn->early_data_expected = true;
49 : 6583 : return S2N_SUCCESS;
50 : 6584 : }
51 : :
52 : : int s2n_connection_set_end_of_early_data(struct s2n_connection *conn)
53 : 6069 : {
54 [ - + ][ # # ]: 6069 : POSIX_ENSURE_REF(conn);
55 : 6069 : conn->early_data_expected = false;
56 : 6069 : return S2N_SUCCESS;
57 : 6069 : }
58 : :
59 : : static S2N_RESULT s2n_early_data_validate(struct s2n_connection *conn)
60 : 218 : {
61 [ + + ][ + - ]: 218 : RESULT_ENSURE_REF(conn);
62 [ - + ][ # # ]: 217 : RESULT_ENSURE_REF(conn->secure);
63 : :
64 : : /**
65 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.2.10
66 : : *# In order to accept early data, the server MUST have accepted a PSK
67 : : *# cipher suite and selected the first key offered in the client's
68 : : *# "pre_shared_key" extension.
69 : : **/
70 [ + + ][ + - ]: 217 : RESULT_ENSURE_REF(conn->psk_params.chosen_psk);
71 [ + + ][ + - ]: 212 : RESULT_ENSURE_EQ(conn->psk_params.chosen_psk_wire_index, 0);
72 : :
73 : 211 : struct s2n_early_data_config *config = &conn->psk_params.chosen_psk->early_data_config;
74 [ + + ][ + - ]: 211 : RESULT_ENSURE_GT(config->max_early_data_size, 0);
75 : :
76 : : /**
77 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.2.10
78 : : *# In addition, it MUST verify that the
79 : : *# following values are the same as those associated with the
80 : : *# selected PSK:
81 : : *#
82 : : *# - The TLS version number
83 : : **/
84 [ + + ][ + - ]: 207 : RESULT_ENSURE_EQ(config->protocol_version, s2n_connection_get_protocol_version(conn));
85 : : /**
86 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.2.10
87 : : *# - The selected cipher suite
88 : : **/
89 [ + + ][ + - ]: 204 : RESULT_ENSURE_EQ(config->cipher_suite, conn->secure->cipher_suite);
90 : : /**
91 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.2.10
92 : : *# - The selected ALPN [RFC7301] protocol, if any
93 : : **/
94 : 199 : const size_t app_protocol_size = strlen(conn->application_protocol);
95 [ + + ][ + + ]: 199 : if (app_protocol_size > 0 || config->application_protocol.size > 0) {
96 [ + + ][ + - ]: 4 : RESULT_ENSURE_EQ(config->application_protocol.size, app_protocol_size + 1 /* null-terminating char */);
97 [ - + ][ # # ]: 1 : RESULT_ENSURE(s2n_constant_time_equals(config->application_protocol.data, (uint8_t *) conn->application_protocol, app_protocol_size), S2N_ERR_SAFETY);
98 : 1 : }
99 : :
100 : 196 : return S2N_RESULT_OK;
101 : 199 : }
102 : :
103 : : bool s2n_early_data_is_valid_for_connection(struct s2n_connection *conn)
104 : 218 : {
105 : 218 : return s2n_result_is_ok(s2n_early_data_validate(conn));
106 : 218 : }
107 : :
108 : : S2N_RESULT s2n_early_data_accept_or_reject(struct s2n_connection *conn)
109 : 15191 : {
110 [ + - ][ + + ]: 15191 : RESULT_ENSURE_REF(conn);
111 [ + + ]: 15190 : if (conn->early_data_state != S2N_EARLY_DATA_REQUESTED) {
112 : 15027 : return S2N_RESULT_OK;
113 : 15027 : }
114 : :
115 [ + + ]: 163 : if (conn->handshake.early_data_async_state.conn) {
116 [ + - ]: 3 : RESULT_BAIL(S2N_ERR_ASYNC_BLOCKED);
117 : 3 : }
118 : :
119 : : /**
120 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.2.10
121 : : *# If any of these checks fail, the server MUST NOT respond with the
122 : : *# extension
123 : : **/
124 [ + + ]: 160 : if (!s2n_early_data_is_valid_for_connection(conn)) {
125 [ - + ]: 13 : RESULT_GUARD(s2n_connection_set_early_data_state(conn, S2N_EARLY_DATA_REJECTED));
126 : 13 : return S2N_RESULT_OK;
127 : 13 : }
128 : :
129 : : /* Even if the connection is valid for early data, the client can't consider
130 : : * early data accepted until the server sends the early data indication. */
131 [ + + ]: 147 : if (conn->mode == S2N_CLIENT) {
132 : 71 : return S2N_RESULT_OK;
133 : 71 : }
134 : :
135 : : /* The server should reject early data if the application is not prepared to handle it. */
136 [ + + ]: 76 : if (!conn->early_data_expected) {
137 [ - + ]: 23 : RESULT_GUARD(s2n_connection_set_early_data_state(conn, S2N_EARLY_DATA_REJECTED));
138 : 23 : return S2N_RESULT_OK;
139 : 23 : }
140 : :
141 : : /* If early data would otherwise be accepted, let the application apply any additional restrictions.
142 : : * For example, an application could use this callback to implement anti-replay protections.
143 : : *
144 : : * This callback can be either synchronous or asynchronous. The handshake will not proceed until
145 : : * the application either accepts or rejects early data.
146 : : */
147 [ - + ][ # # ]: 53 : RESULT_ENSURE_REF(conn->config);
148 [ + + ]: 53 : if (conn->config->early_data_cb) {
149 : 5 : conn->handshake.early_data_async_state.conn = conn;
150 [ - + ][ # # ]: 5 : RESULT_ENSURE(conn->config->early_data_cb(conn, &conn->handshake.early_data_async_state) >= S2N_SUCCESS,
151 : 5 : S2N_ERR_CANCELLED);
152 [ + + ]: 5 : if (conn->early_data_state == S2N_EARLY_DATA_REQUESTED) {
153 [ + - ]: 3 : RESULT_BAIL(S2N_ERR_ASYNC_BLOCKED);
154 : 3 : }
155 : 48 : } else {
156 [ - + ]: 48 : RESULT_GUARD(s2n_connection_set_early_data_state(conn, S2N_EARLY_DATA_ACCEPTED));
157 : 48 : }
158 : 50 : return S2N_RESULT_OK;
159 : 53 : }
160 : :
161 : : int s2n_config_set_server_max_early_data_size(struct s2n_config *config, uint32_t max_early_data_size)
162 : 4 : {
163 [ + + ][ + - ]: 4 : POSIX_ENSURE_REF(config);
164 : 3 : config->server_max_early_data_size = max_early_data_size;
165 : 3 : return S2N_SUCCESS;
166 : 4 : }
167 : :
168 : : int s2n_connection_set_server_max_early_data_size(struct s2n_connection *conn, uint32_t max_early_data_size)
169 : 747 : {
170 [ + - ][ + + ]: 747 : POSIX_ENSURE_REF(conn);
171 : 746 : conn->server_max_early_data_size = max_early_data_size;
172 : 746 : conn->server_max_early_data_size_overridden = true;
173 : 746 : return S2N_SUCCESS;
174 : 747 : }
175 : :
176 : : S2N_RESULT s2n_early_data_get_server_max_size(struct s2n_connection *conn, uint32_t *max_early_data_size)
177 : 14223 : {
178 [ + - ][ + + ]: 14223 : RESULT_ENSURE_REF(conn);
179 [ + - ][ + + ]: 14220 : RESULT_ENSURE_REF(max_early_data_size);
180 [ + + ]: 14219 : if (conn->server_max_early_data_size_overridden) {
181 : 2437 : *max_early_data_size = conn->server_max_early_data_size;
182 : 11782 : } else {
183 [ + + ][ + - ]: 11782 : RESULT_ENSURE_REF(conn->config);
184 : 11781 : *max_early_data_size = conn->config->server_max_early_data_size;
185 : 11781 : }
186 : 14218 : return S2N_RESULT_OK;
187 : 14219 : }
188 : :
189 : : int s2n_connection_set_server_early_data_context(struct s2n_connection *conn, const uint8_t *context, uint16_t context_size)
190 : 12 : {
191 [ + - ][ + + ]: 12 : POSIX_ENSURE_REF(conn);
192 [ + + ]: 11 : if (context_size > 0) {
193 [ + + ][ + - ]: 10 : POSIX_ENSURE_REF(context);
194 : 10 : }
195 : :
196 [ - + ]: 10 : POSIX_GUARD(s2n_realloc(&conn->server_early_data_context, context_size));
197 [ - + ][ # # ]: 10 : POSIX_CHECKED_MEMCPY(conn->server_early_data_context.data, context, context_size);
[ + + ]
198 : 10 : return S2N_SUCCESS;
199 : 10 : }
200 : :
201 : : S2N_CLEANUP_RESULT s2n_early_data_config_free(struct s2n_early_data_config *config)
202 : 4569 : {
203 [ + + ]: 4569 : if (config == NULL) {
204 : 1 : return S2N_RESULT_OK;
205 : 1 : }
206 [ - + ]: 4568 : RESULT_GUARD_POSIX(s2n_free(&config->application_protocol));
207 [ - + ]: 4568 : RESULT_GUARD_POSIX(s2n_free(&config->context));
208 : 4568 : return S2N_RESULT_OK;
209 : 4568 : }
210 : :
211 : : int s2n_psk_configure_early_data(struct s2n_psk *psk, uint32_t max_early_data_size,
212 : : uint8_t cipher_suite_first_byte, uint8_t cipher_suite_second_byte)
213 : 177 : {
214 [ + - ][ + + ]: 177 : POSIX_ENSURE_REF(psk);
215 : :
216 : 176 : const uint8_t cipher_suite_iana[] = { cipher_suite_first_byte, cipher_suite_second_byte };
217 : 176 : struct s2n_cipher_suite *cipher_suite = NULL;
218 [ - + ]: 176 : POSIX_GUARD_RESULT(s2n_cipher_suite_from_iana(cipher_suite_iana, sizeof(cipher_suite_iana), &cipher_suite));
219 [ # # ][ - + ]: 176 : POSIX_ENSURE_REF(cipher_suite);
220 [ + - ][ + + ]: 176 : POSIX_ENSURE(cipher_suite->prf_alg == psk->hmac_alg, S2N_ERR_INVALID_ARGUMENT);
221 : :
222 : 175 : psk->early_data_config.max_early_data_size = max_early_data_size;
223 : 175 : psk->early_data_config.protocol_version = S2N_TLS13;
224 : 175 : psk->early_data_config.cipher_suite = cipher_suite;
225 : 175 : return S2N_SUCCESS;
226 : 176 : }
227 : :
228 : : int s2n_psk_set_application_protocol(struct s2n_psk *psk, const uint8_t *application_protocol, uint8_t size)
229 : 1456 : {
230 [ + + ][ + - ]: 1456 : POSIX_ENSURE_REF(psk);
231 [ + + ]: 1455 : if (size > 0) {
232 [ + + ][ + - ]: 24 : POSIX_ENSURE_REF(application_protocol);
233 : 24 : }
234 : 1454 : struct s2n_blob *protocol_blob = &psk->early_data_config.application_protocol;
235 [ - + ]: 1454 : POSIX_GUARD(s2n_realloc(protocol_blob, size));
236 [ - + ][ # # ]: 1454 : POSIX_CHECKED_MEMCPY(protocol_blob->data, application_protocol, size);
[ + + ]
237 : 1454 : return S2N_SUCCESS;
238 : 1454 : }
239 : :
240 : : int s2n_psk_set_early_data_context(struct s2n_psk *psk, const uint8_t *context, uint16_t size)
241 : 1450 : {
242 [ + - ][ + + ]: 1450 : POSIX_ENSURE_REF(psk);
243 [ + + ]: 1449 : if (size > 0) {
244 [ + - ][ + + ]: 18 : POSIX_ENSURE_REF(context);
245 : 18 : }
246 : 1448 : struct s2n_blob *context_blob = &psk->early_data_config.context;
247 [ - + ]: 1448 : POSIX_GUARD(s2n_realloc(context_blob, size));
248 [ - + ][ # # ]: 1448 : POSIX_CHECKED_MEMCPY(context_blob->data, context, size);
[ + + ]
249 : 1448 : return S2N_SUCCESS;
250 : 1448 : }
251 : :
252 : : S2N_RESULT s2n_early_data_config_clone(struct s2n_psk *new_psk, struct s2n_early_data_config *old_config)
253 : 1338 : {
254 [ - + ][ # # ]: 1338 : RESULT_ENSURE_REF(old_config);
255 [ # # ][ - + ]: 1338 : RESULT_ENSURE_REF(new_psk);
256 : :
257 : 1338 : struct s2n_early_data_config config_copy = new_psk->early_data_config;
258 : :
259 : : /* Copy all fields from the old_config EXCEPT the blobs, which we need to reallocate. */
260 : 1338 : new_psk->early_data_config = *old_config;
261 : 1338 : new_psk->early_data_config.application_protocol = config_copy.application_protocol;
262 : 1338 : new_psk->early_data_config.context = config_copy.context;
263 : :
264 : : /* Clone / realloc blobs */
265 [ - + ]: 1338 : RESULT_GUARD_POSIX(s2n_psk_set_application_protocol(new_psk, old_config->application_protocol.data,
266 : 1338 : old_config->application_protocol.size));
267 [ - + ]: 1338 : RESULT_GUARD_POSIX(s2n_psk_set_early_data_context(new_psk, old_config->context.data,
268 : 1338 : old_config->context.size));
269 : :
270 : 1338 : return S2N_RESULT_OK;
271 : 1338 : }
272 : :
273 : : int s2n_connection_get_early_data_status(struct s2n_connection *conn, s2n_early_data_status_t *status)
274 : 29 : {
275 [ + - ][ + + ]: 29 : POSIX_ENSURE_REF(conn);
276 [ + - ][ + + ]: 28 : POSIX_ENSURE_REF(status);
277 : :
278 [ - + ]: 27 : switch (conn->early_data_state) {
279 [ + + ]: 1 : case S2N_EARLY_DATA_STATES_COUNT:
280 : 1 : break;
281 [ + + ]: 5 : case S2N_EARLY_DATA_NOT_REQUESTED:
282 : 5 : *status = S2N_EARLY_DATA_STATUS_NOT_REQUESTED;
283 : 5 : return S2N_SUCCESS;
284 [ + + ]: 5 : case S2N_EARLY_DATA_REJECTED:
285 : 5 : *status = S2N_EARLY_DATA_STATUS_REJECTED;
286 : 5 : return S2N_SUCCESS;
287 [ + + ]: 3 : case S2N_END_OF_EARLY_DATA:
288 : 3 : *status = S2N_EARLY_DATA_STATUS_END;
289 : 3 : return S2N_SUCCESS;
290 [ + + ]: 2 : case S2N_UNKNOWN_EARLY_DATA_STATE:
291 [ + + ]: 8 : case S2N_EARLY_DATA_REQUESTED:
292 [ + + ]: 13 : case S2N_EARLY_DATA_ACCEPTED:
293 : 13 : *status = S2N_EARLY_DATA_STATUS_OK;
294 : 13 : return S2N_SUCCESS;
295 : 27 : }
296 [ + - ]: 1 : POSIX_BAIL(S2N_ERR_INVALID_EARLY_DATA_STATE);
297 : 1 : }
298 : :
299 : : static S2N_RESULT s2n_get_remaining_early_data_bytes(struct s2n_connection *conn, uint32_t *early_data_allowed)
300 : 10425 : {
301 [ # # ][ - + ]: 10425 : RESULT_ENSURE_REF(conn);
302 [ - + ][ # # ]: 10425 : RESULT_ENSURE_REF(early_data_allowed);
303 : 10425 : *early_data_allowed = 0;
304 : :
305 : 10425 : uint32_t max_early_data_size = 0;
306 [ - + ]: 10425 : RESULT_GUARD_POSIX(s2n_connection_get_max_early_data_size(conn, &max_early_data_size));
307 : :
308 [ + + ][ + - ]: 10425 : RESULT_ENSURE(max_early_data_size >= conn->early_data_bytes, S2N_ERR_MAX_EARLY_DATA_SIZE);
309 : 10424 : *early_data_allowed = (max_early_data_size - conn->early_data_bytes);
310 : :
311 : 10424 : return S2N_RESULT_OK;
312 : 10425 : }
313 : :
314 : : int s2n_connection_get_remaining_early_data_size(struct s2n_connection *conn, uint32_t *allowed_early_data_size)
315 : 10510 : {
316 [ + + ][ + - ]: 10510 : POSIX_ENSURE_REF(conn);
317 [ + - ][ + + ]: 10509 : POSIX_ENSURE_REF(allowed_early_data_size);
318 : 10508 : *allowed_early_data_size = 0;
319 : :
320 [ - + ]: 10508 : switch (conn->early_data_state) {
321 [ - + ]: 0 : case S2N_EARLY_DATA_STATES_COUNT:
322 [ + + ]: 40 : case S2N_EARLY_DATA_NOT_REQUESTED:
323 [ + + ]: 75 : case S2N_EARLY_DATA_REJECTED:
324 [ + + ]: 83 : case S2N_END_OF_EARLY_DATA:
325 : 83 : *allowed_early_data_size = 0;
326 : 83 : break;
327 [ + + ]: 5097 : case S2N_UNKNOWN_EARLY_DATA_STATE:
328 [ + + ]: 7244 : case S2N_EARLY_DATA_REQUESTED:
329 [ + + ]: 10425 : case S2N_EARLY_DATA_ACCEPTED:
330 [ + + ]: 10425 : POSIX_GUARD_RESULT(s2n_get_remaining_early_data_bytes(conn, allowed_early_data_size));
331 : 10424 : break;
332 : 10508 : }
333 : 10507 : return S2N_SUCCESS;
334 : 10508 : }
335 : :
336 : : int s2n_connection_get_max_early_data_size(struct s2n_connection *conn, uint32_t *max_early_data_size)
337 : 11608 : {
338 [ + - ][ + + ]: 11608 : POSIX_ENSURE_REF(conn);
339 [ + - ][ + + ]: 11607 : POSIX_ENSURE_REF(max_early_data_size);
340 : 11606 : *max_early_data_size = 0;
341 : :
342 : 11606 : uint32_t server_max_early_data_size = 0;
343 [ - + ]: 11606 : POSIX_GUARD_RESULT(s2n_early_data_get_server_max_size(conn, &server_max_early_data_size));
344 : :
345 [ + + ]: 11606 : if (conn->psk_params.psk_list.len == 0) {
346 : : /* This method may be called by the server before loading its PSKs.
347 : : * The server can load its PSKs during the handshake, either via the PSK selection callback
348 : : * or by receiving a stateless session ticket.
349 : : *
350 : : * Before that happens, we should make an optimistic assumption of the early data size.
351 : : * That way, the max early data size always decreases (for example, it won't go from 0 -> UINT32_MAX
352 : : * after receiving a PSK in the ClientHello).
353 : : */
354 [ + + ][ + + ]: 186 : if (conn->mode == S2N_SERVER && !IS_NEGOTIATED(conn)) {
355 : 165 : *max_early_data_size = server_max_early_data_size;
356 : 165 : }
357 : 186 : return S2N_SUCCESS;
358 : 186 : }
359 : :
360 : 11420 : struct s2n_psk *first_psk = NULL;
361 [ - + ]: 11420 : POSIX_GUARD_RESULT(s2n_array_get(&conn->psk_params.psk_list, 0, (void **) &first_psk));
362 [ # # ][ - + ]: 11420 : POSIX_ENSURE_REF(first_psk);
363 : 11420 : *max_early_data_size = first_psk->early_data_config.max_early_data_size;
364 : :
365 : : /* For the server, we should use the minimum of the limit retrieved from the ticket
366 : : * and the current limit being set for new tickets.
367 : : *
368 : : * This is defensive: even if more early data was previously allowed, the server may not be
369 : : * willing or able to handle that much early data now.
370 : : *
371 : : * We don't do this for external PSKs because the server has intentionally set the limit
372 : : * while setting up this connection, not during a previous connection.
373 : : */
374 [ + + ][ + + ]: 11420 : if (conn->mode == S2N_SERVER && first_psk->type == S2N_PSK_TYPE_RESUMPTION) {
375 [ + + ]: 124 : *max_early_data_size = S2N_MIN(*max_early_data_size, server_max_early_data_size);
376 : 124 : }
377 : :
378 : 11420 : return S2N_SUCCESS;
379 : 11420 : }
380 : :
381 : : int s2n_config_set_early_data_cb(struct s2n_config *config, s2n_early_data_cb cb)
382 : 7 : {
383 [ + + ][ + - ]: 7 : POSIX_ENSURE_REF(config);
384 : 6 : config->early_data_cb = cb;
385 : 6 : return S2N_SUCCESS;
386 : 7 : }
387 : :
388 : : int s2n_offered_early_data_get_context_length(struct s2n_offered_early_data *early_data, uint16_t *context_len)
389 : 8 : {
390 [ + + ][ + - ]: 8 : POSIX_ENSURE_REF(context_len);
391 [ + + ][ + - ]: 7 : POSIX_ENSURE_REF(early_data);
392 : 6 : struct s2n_connection *conn = early_data->conn;
393 : :
394 [ + + ][ + - ]: 6 : POSIX_ENSURE_REF(conn);
395 [ + - ][ + + ]: 5 : POSIX_ENSURE_REF(conn->psk_params.chosen_psk);
396 : 4 : struct s2n_early_data_config *early_data_config = &conn->psk_params.chosen_psk->early_data_config;
397 : :
398 : 4 : *context_len = early_data_config->context.size;
399 : :
400 : 4 : return S2N_SUCCESS;
401 : 5 : }
402 : :
403 : : int s2n_offered_early_data_get_context(struct s2n_offered_early_data *early_data, uint8_t *context, uint16_t max_len)
404 : 10 : {
405 [ + + ][ + - ]: 10 : POSIX_ENSURE_REF(context);
406 [ + - ][ + + ]: 9 : POSIX_ENSURE_REF(early_data);
407 : 8 : struct s2n_connection *conn = early_data->conn;
408 : :
409 [ + + ][ + - ]: 8 : POSIX_ENSURE_REF(conn);
410 [ + + ][ + - ]: 7 : POSIX_ENSURE_REF(conn->psk_params.chosen_psk);
411 : 6 : struct s2n_early_data_config *early_data_config = &conn->psk_params.chosen_psk->early_data_config;
412 : :
413 [ + + ][ + - ]: 6 : POSIX_ENSURE(early_data_config->context.size <= max_len, S2N_ERR_INSUFFICIENT_MEM_SIZE);
414 [ - + ][ # # ]: 5 : POSIX_CHECKED_MEMCPY(context, early_data_config->context.data, early_data_config->context.size);
[ + + ]
415 : :
416 : 5 : return S2N_SUCCESS;
417 : 5 : }
418 : :
419 : : int s2n_offered_early_data_reject(struct s2n_offered_early_data *early_data)
420 : 6 : {
421 [ + + ][ + - ]: 6 : POSIX_ENSURE_REF(early_data);
422 : 5 : struct s2n_connection *conn = early_data->conn;
423 [ + - ][ + + ]: 5 : POSIX_ENSURE_REF(conn);
424 [ - + ]: 4 : POSIX_GUARD_RESULT(s2n_connection_set_early_data_state(conn, S2N_EARLY_DATA_REJECTED));
425 : 4 : return S2N_SUCCESS;
426 : 4 : }
427 : :
428 : : int s2n_offered_early_data_accept(struct s2n_offered_early_data *early_data)
429 : 5 : {
430 [ + + ][ + - ]: 5 : POSIX_ENSURE_REF(early_data);
431 : 4 : struct s2n_connection *conn = early_data->conn;
432 [ + + ][ + - ]: 4 : POSIX_ENSURE_REF(conn);
433 [ - + ]: 3 : POSIX_GUARD_RESULT(s2n_connection_set_early_data_state(conn, S2N_EARLY_DATA_ACCEPTED));
434 : 3 : return S2N_SUCCESS;
435 : 3 : }
|