Branch data Line data Source code
1 : : /*
2 : : * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3 : : *
4 : : * Licensed under the Apache License, Version 2.0 (the "License").
5 : : * You may not use this file except in compliance with the License.
6 : : * A copy of the License is located at
7 : : *
8 : : * http://aws.amazon.com/apache2.0
9 : : *
10 : : * or in the "license" file accompanying this file. This file is distributed
11 : : * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12 : : * express or implied. See the License for the specific language governing
13 : : * permissions and limitations under the License.
14 : : */
15 : :
16 : : #include "tls/s2n_early_data.h"
17 : :
18 : : #include <sys/param.h>
19 : :
20 : : #include "tls/s2n_cipher_suites.h"
21 : : #include "tls/s2n_connection.h"
22 : : #include "tls/s2n_psk.h"
23 : : #include "utils/s2n_mem.h"
24 : : #include "utils/s2n_safety.h"
25 : :
26 : : const s2n_early_data_state valid_previous_states[] = {
27 : : [S2N_EARLY_DATA_REQUESTED] = S2N_UNKNOWN_EARLY_DATA_STATE,
28 : : [S2N_EARLY_DATA_NOT_REQUESTED] = S2N_UNKNOWN_EARLY_DATA_STATE,
29 : : [S2N_EARLY_DATA_REJECTED] = S2N_EARLY_DATA_REQUESTED,
30 : : [S2N_EARLY_DATA_ACCEPTED] = S2N_EARLY_DATA_REQUESTED,
31 : : [S2N_END_OF_EARLY_DATA] = S2N_EARLY_DATA_ACCEPTED,
32 : : };
33 : :
34 : : S2N_RESULT s2n_connection_set_early_data_state(struct s2n_connection *conn, s2n_early_data_state next_state)
35 : 14859 : {
36 [ + + ][ + - ]: 14859 : RESULT_ENSURE_REF(conn);
37 [ + + ]: 14858 : if (conn->early_data_state == next_state) {
38 : 176 : return S2N_RESULT_OK;
39 : 176 : }
40 [ + - ][ + + ]: 14682 : RESULT_ENSURE(next_state < S2N_EARLY_DATA_STATES_COUNT, S2N_ERR_INVALID_EARLY_DATA_STATE);
41 [ + + ][ + - ]: 14680 : RESULT_ENSURE(next_state != S2N_UNKNOWN_EARLY_DATA_STATE, S2N_ERR_INVALID_EARLY_DATA_STATE);
42 [ + + ][ + - ]: 14667 : RESULT_ENSURE(conn->early_data_state == valid_previous_states[next_state], S2N_ERR_INVALID_EARLY_DATA_STATE);
43 : 14619 : conn->early_data_state = next_state;
44 : 14619 : return S2N_RESULT_OK;
45 : 14667 : }
46 : :
47 : : int s2n_connection_set_early_data_expected(struct s2n_connection *conn)
48 : 6584 : {
49 [ + - ][ + + ]: 6584 : POSIX_ENSURE_REF(conn);
50 : 6583 : conn->early_data_expected = true;
51 : 6583 : return S2N_SUCCESS;
52 : 6584 : }
53 : :
54 : : int s2n_connection_set_end_of_early_data(struct s2n_connection *conn)
55 : 6069 : {
56 [ - + ][ # # ]: 6069 : POSIX_ENSURE_REF(conn);
57 : 6069 : conn->early_data_expected = false;
58 : 6069 : return S2N_SUCCESS;
59 : 6069 : }
60 : :
61 : : static S2N_RESULT s2n_early_data_validate(struct s2n_connection *conn)
62 : 218 : {
63 [ + + ][ + - ]: 218 : RESULT_ENSURE_REF(conn);
64 [ - + ][ # # ]: 217 : RESULT_ENSURE_REF(conn->secure);
65 : :
66 : : /**
67 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.2.10
68 : : *# In order to accept early data, the server MUST have accepted a PSK
69 : : *# cipher suite and selected the first key offered in the client's
70 : : *# "pre_shared_key" extension.
71 : : **/
72 [ + - ][ + + ]: 217 : RESULT_ENSURE_REF(conn->psk_params.chosen_psk);
73 [ + - ][ + + ]: 212 : RESULT_ENSURE_EQ(conn->psk_params.chosen_psk_wire_index, 0);
74 : :
75 : 211 : struct s2n_early_data_config *config = &conn->psk_params.chosen_psk->early_data_config;
76 [ + + ][ + - ]: 211 : RESULT_ENSURE_GT(config->max_early_data_size, 0);
77 : :
78 : : /**
79 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.2.10
80 : : *# In addition, it MUST verify that the
81 : : *# following values are the same as those associated with the
82 : : *# selected PSK:
83 : : *#
84 : : *# - The TLS version number
85 : : **/
86 [ + - ][ + + ]: 207 : RESULT_ENSURE_EQ(config->protocol_version, s2n_connection_get_protocol_version(conn));
87 : : /**
88 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.2.10
89 : : *# - The selected cipher suite
90 : : **/
91 [ + - ][ + + ]: 204 : RESULT_ENSURE_EQ(config->cipher_suite, conn->secure->cipher_suite);
92 : : /**
93 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.2.10
94 : : *# - The selected ALPN [RFC7301] protocol, if any
95 : : **/
96 : 199 : const size_t app_protocol_size = strlen(conn->application_protocol);
97 [ + + ][ + + ]: 199 : if (app_protocol_size > 0 || config->application_protocol.size > 0) {
98 [ + - ][ + + ]: 4 : RESULT_ENSURE_EQ(config->application_protocol.size, app_protocol_size + 1 /* null-terminating char */);
99 [ # # ][ - + ]: 1 : RESULT_ENSURE(s2n_constant_time_equals(config->application_protocol.data, (uint8_t *) conn->application_protocol, app_protocol_size), S2N_ERR_SAFETY);
100 : 1 : }
101 : :
102 : 196 : return S2N_RESULT_OK;
103 : 199 : }
104 : :
105 : : bool s2n_early_data_is_valid_for_connection(struct s2n_connection *conn)
106 : 218 : {
107 : 218 : return s2n_result_is_ok(s2n_early_data_validate(conn));
108 : 218 : }
109 : :
110 : : S2N_RESULT s2n_early_data_accept_or_reject(struct s2n_connection *conn)
111 : 14482 : {
112 [ + - ][ + + ]: 14482 : RESULT_ENSURE_REF(conn);
113 [ + + ]: 14481 : if (conn->early_data_state != S2N_EARLY_DATA_REQUESTED) {
114 : 14318 : return S2N_RESULT_OK;
115 : 14318 : }
116 : :
117 [ + + ]: 163 : if (conn->handshake.early_data_async_state.conn) {
118 [ + - ]: 3 : RESULT_BAIL(S2N_ERR_ASYNC_BLOCKED);
119 : 3 : }
120 : :
121 : : /**
122 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.2.10
123 : : *# If any of these checks fail, the server MUST NOT respond with the
124 : : *# extension
125 : : **/
126 [ + + ]: 160 : if (!s2n_early_data_is_valid_for_connection(conn)) {
127 [ - + ]: 13 : RESULT_GUARD(s2n_connection_set_early_data_state(conn, S2N_EARLY_DATA_REJECTED));
128 : 13 : return S2N_RESULT_OK;
129 : 13 : }
130 : :
131 : : /* Even if the connection is valid for early data, the client can't consider
132 : : * early data accepted until the server sends the early data indication. */
133 [ + + ]: 147 : if (conn->mode == S2N_CLIENT) {
134 : 71 : return S2N_RESULT_OK;
135 : 71 : }
136 : :
137 : : /* The server should reject early data if the application is not prepared to handle it. */
138 [ + + ]: 76 : if (!conn->early_data_expected) {
139 [ - + ]: 23 : RESULT_GUARD(s2n_connection_set_early_data_state(conn, S2N_EARLY_DATA_REJECTED));
140 : 23 : return S2N_RESULT_OK;
141 : 23 : }
142 : :
143 : : /* If early data would otherwise be accepted, let the application apply any additional restrictions.
144 : : * For example, an application could use this callback to implement anti-replay protections.
145 : : *
146 : : * This callback can be either synchronous or asynchronous. The handshake will not proceed until
147 : : * the application either accepts or rejects early data.
148 : : */
149 [ - + ][ # # ]: 53 : RESULT_ENSURE_REF(conn->config);
150 [ + + ]: 53 : if (conn->config->early_data_cb) {
151 : 5 : conn->handshake.early_data_async_state.conn = conn;
152 [ - + ][ # # ]: 5 : RESULT_ENSURE(conn->config->early_data_cb(conn, &conn->handshake.early_data_async_state) >= S2N_SUCCESS,
153 : 5 : S2N_ERR_CANCELLED);
154 [ + + ]: 5 : if (conn->early_data_state == S2N_EARLY_DATA_REQUESTED) {
155 [ + - ]: 3 : RESULT_BAIL(S2N_ERR_ASYNC_BLOCKED);
156 : 3 : }
157 : 48 : } else {
158 [ - + ]: 48 : RESULT_GUARD(s2n_connection_set_early_data_state(conn, S2N_EARLY_DATA_ACCEPTED));
159 : 48 : }
160 : 50 : return S2N_RESULT_OK;
161 : 53 : }
162 : :
163 : : int s2n_config_set_server_max_early_data_size(struct s2n_config *config, uint32_t max_early_data_size)
164 : 4 : {
165 [ + + ][ + - ]: 4 : POSIX_ENSURE_REF(config);
166 : 3 : config->server_max_early_data_size = max_early_data_size;
167 : 3 : return S2N_SUCCESS;
168 : 4 : }
169 : :
170 : : int s2n_connection_set_server_max_early_data_size(struct s2n_connection *conn, uint32_t max_early_data_size)
171 : 739 : {
172 [ + - ][ + + ]: 739 : POSIX_ENSURE_REF(conn);
173 : 738 : conn->server_max_early_data_size = max_early_data_size;
174 : 738 : conn->server_max_early_data_size_overridden = true;
175 : 738 : return S2N_SUCCESS;
176 : 739 : }
177 : :
178 : : S2N_RESULT s2n_early_data_get_server_max_size(struct s2n_connection *conn, uint32_t *max_early_data_size)
179 : 14199 : {
180 [ + - ][ + + ]: 14199 : RESULT_ENSURE_REF(conn);
181 [ + - ][ + + ]: 14196 : RESULT_ENSURE_REF(max_early_data_size);
182 [ + + ]: 14195 : if (conn->server_max_early_data_size_overridden) {
183 : 2413 : *max_early_data_size = conn->server_max_early_data_size;
184 : 11782 : } else {
185 [ + + ][ + - ]: 11782 : RESULT_ENSURE_REF(conn->config);
186 : 11781 : *max_early_data_size = conn->config->server_max_early_data_size;
187 : 11781 : }
188 : 14194 : return S2N_RESULT_OK;
189 : 14195 : }
190 : :
191 : : int s2n_connection_set_server_early_data_context(struct s2n_connection *conn, const uint8_t *context, uint16_t context_size)
192 : 12 : {
193 [ + - ][ + + ]: 12 : POSIX_ENSURE_REF(conn);
194 [ + + ]: 11 : if (context_size > 0) {
195 [ + + ][ + - ]: 10 : POSIX_ENSURE_REF(context);
196 : 10 : }
197 : :
198 [ - + ]: 10 : POSIX_GUARD(s2n_realloc(&conn->server_early_data_context, context_size));
199 [ - + ][ # # ]: 10 : POSIX_CHECKED_MEMCPY(conn->server_early_data_context.data, context, context_size);
[ + + ]
200 : 10 : return S2N_SUCCESS;
201 : 10 : }
202 : :
203 : : S2N_CLEANUP_RESULT s2n_early_data_config_free(struct s2n_early_data_config *config)
204 : 4567 : {
205 [ + + ]: 4567 : if (config == NULL) {
206 : 1 : return S2N_RESULT_OK;
207 : 1 : }
208 [ - + ]: 4566 : RESULT_GUARD_POSIX(s2n_free(&config->application_protocol));
209 [ - + ]: 4566 : RESULT_GUARD_POSIX(s2n_free(&config->context));
210 : 4566 : return S2N_RESULT_OK;
211 : 4566 : }
212 : :
213 : : int s2n_psk_configure_early_data(struct s2n_psk *psk, uint32_t max_early_data_size,
214 : : uint8_t cipher_suite_first_byte, uint8_t cipher_suite_second_byte)
215 : 177 : {
216 [ + - ][ + + ]: 177 : POSIX_ENSURE_REF(psk);
217 : :
218 : 176 : const uint8_t cipher_suite_iana[] = { cipher_suite_first_byte, cipher_suite_second_byte };
219 : 176 : struct s2n_cipher_suite *cipher_suite = NULL;
220 [ - + ]: 176 : POSIX_GUARD_RESULT(s2n_cipher_suite_from_iana(cipher_suite_iana, sizeof(cipher_suite_iana), &cipher_suite));
221 [ # # ][ - + ]: 176 : POSIX_ENSURE_REF(cipher_suite);
222 [ + - ][ + + ]: 176 : POSIX_ENSURE(cipher_suite->prf_alg == psk->hmac_alg, S2N_ERR_INVALID_ARGUMENT);
223 : :
224 : 175 : psk->early_data_config.max_early_data_size = max_early_data_size;
225 : 175 : psk->early_data_config.protocol_version = S2N_TLS13;
226 : 175 : psk->early_data_config.cipher_suite = cipher_suite;
227 : 175 : return S2N_SUCCESS;
228 : 176 : }
229 : :
230 : : int s2n_psk_set_application_protocol(struct s2n_psk *psk, const uint8_t *application_protocol, uint8_t size)
231 : 1456 : {
232 [ + + ][ + - ]: 1456 : POSIX_ENSURE_REF(psk);
233 [ + + ]: 1455 : if (size > 0) {
234 [ + + ][ + - ]: 24 : POSIX_ENSURE_REF(application_protocol);
235 : 24 : }
236 : 1454 : struct s2n_blob *protocol_blob = &psk->early_data_config.application_protocol;
237 [ - + ]: 1454 : POSIX_GUARD(s2n_realloc(protocol_blob, size));
238 [ - + ][ # # ]: 1454 : POSIX_CHECKED_MEMCPY(protocol_blob->data, application_protocol, size);
[ + + ]
239 : 1454 : return S2N_SUCCESS;
240 : 1454 : }
241 : :
242 : : int s2n_psk_set_early_data_context(struct s2n_psk *psk, const uint8_t *context, uint16_t size)
243 : 1450 : {
244 [ + - ][ + + ]: 1450 : POSIX_ENSURE_REF(psk);
245 [ + + ]: 1449 : if (size > 0) {
246 [ + - ][ + + ]: 18 : POSIX_ENSURE_REF(context);
247 : 18 : }
248 : 1448 : struct s2n_blob *context_blob = &psk->early_data_config.context;
249 [ - + ]: 1448 : POSIX_GUARD(s2n_realloc(context_blob, size));
250 [ - + ][ # # ]: 1448 : POSIX_CHECKED_MEMCPY(context_blob->data, context, size);
[ + + ]
251 : 1448 : return S2N_SUCCESS;
252 : 1448 : }
253 : :
254 : : S2N_RESULT s2n_early_data_config_clone(struct s2n_psk *new_psk, struct s2n_early_data_config *old_config)
255 : 1338 : {
256 [ - + ][ # # ]: 1338 : RESULT_ENSURE_REF(old_config);
257 [ - + ][ # # ]: 1338 : RESULT_ENSURE_REF(new_psk);
258 : :
259 : 1338 : struct s2n_early_data_config config_copy = new_psk->early_data_config;
260 : :
261 : : /* Copy all fields from the old_config EXCEPT the blobs, which we need to reallocate. */
262 : 1338 : new_psk->early_data_config = *old_config;
263 : 1338 : new_psk->early_data_config.application_protocol = config_copy.application_protocol;
264 : 1338 : new_psk->early_data_config.context = config_copy.context;
265 : :
266 : : /* Clone / realloc blobs */
267 [ - + ]: 1338 : RESULT_GUARD_POSIX(s2n_psk_set_application_protocol(new_psk, old_config->application_protocol.data,
268 : 1338 : old_config->application_protocol.size));
269 [ - + ]: 1338 : RESULT_GUARD_POSIX(s2n_psk_set_early_data_context(new_psk, old_config->context.data,
270 : 1338 : old_config->context.size));
271 : :
272 : 1338 : return S2N_RESULT_OK;
273 : 1338 : }
274 : :
275 : : int s2n_connection_get_early_data_status(struct s2n_connection *conn, s2n_early_data_status_t *status)
276 : 29 : {
277 [ + - ][ + + ]: 29 : POSIX_ENSURE_REF(conn);
278 [ + - ][ + + ]: 28 : POSIX_ENSURE_REF(status);
279 : :
280 [ - + ]: 27 : switch (conn->early_data_state) {
281 [ + + ]: 1 : case S2N_EARLY_DATA_STATES_COUNT:
282 : 1 : break;
283 [ + + ]: 5 : case S2N_EARLY_DATA_NOT_REQUESTED:
284 : 5 : *status = S2N_EARLY_DATA_STATUS_NOT_REQUESTED;
285 : 5 : return S2N_SUCCESS;
286 [ + + ]: 5 : case S2N_EARLY_DATA_REJECTED:
287 : 5 : *status = S2N_EARLY_DATA_STATUS_REJECTED;
288 : 5 : return S2N_SUCCESS;
289 [ + + ]: 3 : case S2N_END_OF_EARLY_DATA:
290 : 3 : *status = S2N_EARLY_DATA_STATUS_END;
291 : 3 : return S2N_SUCCESS;
292 [ + + ]: 2 : case S2N_UNKNOWN_EARLY_DATA_STATE:
293 [ + + ]: 8 : case S2N_EARLY_DATA_REQUESTED:
294 [ + + ]: 13 : case S2N_EARLY_DATA_ACCEPTED:
295 : 13 : *status = S2N_EARLY_DATA_STATUS_OK;
296 : 13 : return S2N_SUCCESS;
297 : 27 : }
298 [ + - ]: 1 : POSIX_BAIL(S2N_ERR_INVALID_EARLY_DATA_STATE);
299 : 1 : }
300 : :
301 : : static S2N_RESULT s2n_get_remaining_early_data_bytes(struct s2n_connection *conn, uint32_t *early_data_allowed)
302 : 10425 : {
303 [ # # ][ - + ]: 10425 : RESULT_ENSURE_REF(conn);
304 [ - + ][ # # ]: 10425 : RESULT_ENSURE_REF(early_data_allowed);
305 : 10425 : *early_data_allowed = 0;
306 : :
307 : 10425 : uint32_t max_early_data_size = 0;
308 [ - + ]: 10425 : RESULT_GUARD_POSIX(s2n_connection_get_max_early_data_size(conn, &max_early_data_size));
309 : :
310 [ + + ][ + - ]: 10425 : RESULT_ENSURE(max_early_data_size >= conn->early_data_bytes, S2N_ERR_MAX_EARLY_DATA_SIZE);
311 : 10424 : *early_data_allowed = (max_early_data_size - conn->early_data_bytes);
312 : :
313 : 10424 : return S2N_RESULT_OK;
314 : 10425 : }
315 : :
316 : : int s2n_connection_get_remaining_early_data_size(struct s2n_connection *conn, uint32_t *allowed_early_data_size)
317 : 10510 : {
318 [ + + ][ + - ]: 10510 : POSIX_ENSURE_REF(conn);
319 [ + - ][ + + ]: 10509 : POSIX_ENSURE_REF(allowed_early_data_size);
320 : 10508 : *allowed_early_data_size = 0;
321 : :
322 [ - + ]: 10508 : switch (conn->early_data_state) {
323 [ - + ]: 0 : case S2N_EARLY_DATA_STATES_COUNT:
324 [ + + ]: 40 : case S2N_EARLY_DATA_NOT_REQUESTED:
325 [ + + ]: 75 : case S2N_EARLY_DATA_REJECTED:
326 [ + + ]: 83 : case S2N_END_OF_EARLY_DATA:
327 : 83 : *allowed_early_data_size = 0;
328 : 83 : break;
329 [ + + ]: 5097 : case S2N_UNKNOWN_EARLY_DATA_STATE:
330 [ + + ]: 7244 : case S2N_EARLY_DATA_REQUESTED:
331 [ + + ]: 10425 : case S2N_EARLY_DATA_ACCEPTED:
332 [ + + ]: 10425 : POSIX_GUARD_RESULT(s2n_get_remaining_early_data_bytes(conn, allowed_early_data_size));
333 : 10424 : break;
334 : 10508 : }
335 : 10507 : return S2N_SUCCESS;
336 : 10508 : }
337 : :
338 : : int s2n_connection_get_max_early_data_size(struct s2n_connection *conn, uint32_t *max_early_data_size)
339 : 11608 : {
340 [ + - ][ + + ]: 11608 : POSIX_ENSURE_REF(conn);
341 [ + - ][ + + ]: 11607 : POSIX_ENSURE_REF(max_early_data_size);
342 : 11606 : *max_early_data_size = 0;
343 : :
344 : 11606 : uint32_t server_max_early_data_size = 0;
345 [ - + ]: 11606 : POSIX_GUARD_RESULT(s2n_early_data_get_server_max_size(conn, &server_max_early_data_size));
346 : :
347 [ + + ]: 11606 : if (conn->psk_params.psk_list.len == 0) {
348 : : /* This method may be called by the server before loading its PSKs.
349 : : * The server can load its PSKs during the handshake, either via the PSK selection callback
350 : : * or by receiving a stateless session ticket.
351 : : *
352 : : * Before that happens, we should make an optimistic assumption of the early data size.
353 : : * That way, the max early data size always decreases (for example, it won't go from 0 -> UINT32_MAX
354 : : * after receiving a PSK in the ClientHello).
355 : : */
356 [ + + ][ + + ]: 186 : if (conn->mode == S2N_SERVER && !IS_NEGOTIATED(conn)) {
357 : 165 : *max_early_data_size = server_max_early_data_size;
358 : 165 : }
359 : 186 : return S2N_SUCCESS;
360 : 186 : }
361 : :
362 : 11420 : struct s2n_psk *first_psk = NULL;
363 [ - + ]: 11420 : POSIX_GUARD_RESULT(s2n_array_get(&conn->psk_params.psk_list, 0, (void **) &first_psk));
364 [ # # ][ - + ]: 11420 : POSIX_ENSURE_REF(first_psk);
365 : 11420 : *max_early_data_size = first_psk->early_data_config.max_early_data_size;
366 : :
367 : : /* For the server, we should use the minimum of the limit retrieved from the ticket
368 : : * and the current limit being set for new tickets.
369 : : *
370 : : * This is defensive: even if more early data was previously allowed, the server may not be
371 : : * willing or able to handle that much early data now.
372 : : *
373 : : * We don't do this for external PSKs because the server has intentionally set the limit
374 : : * while setting up this connection, not during a previous connection.
375 : : */
376 [ + + ][ + + ]: 11420 : if (conn->mode == S2N_SERVER && first_psk->type == S2N_PSK_TYPE_RESUMPTION) {
377 : 124 : *max_early_data_size = MIN(*max_early_data_size, server_max_early_data_size);
378 : 124 : }
379 : :
380 : 11420 : return S2N_SUCCESS;
381 : 11420 : }
382 : :
383 : : int s2n_config_set_early_data_cb(struct s2n_config *config, s2n_early_data_cb cb)
384 : 7 : {
385 [ + + ][ + - ]: 7 : POSIX_ENSURE_REF(config);
386 : 6 : config->early_data_cb = cb;
387 : 6 : return S2N_SUCCESS;
388 : 7 : }
389 : :
390 : : int s2n_offered_early_data_get_context_length(struct s2n_offered_early_data *early_data, uint16_t *context_len)
391 : 8 : {
392 [ + + ][ + - ]: 8 : POSIX_ENSURE_REF(context_len);
393 [ + + ][ + - ]: 7 : POSIX_ENSURE_REF(early_data);
394 : 6 : struct s2n_connection *conn = early_data->conn;
395 : :
396 [ + + ][ + - ]: 6 : POSIX_ENSURE_REF(conn);
397 [ + + ][ + - ]: 5 : POSIX_ENSURE_REF(conn->psk_params.chosen_psk);
398 : 4 : struct s2n_early_data_config *early_data_config = &conn->psk_params.chosen_psk->early_data_config;
399 : :
400 : 4 : *context_len = early_data_config->context.size;
401 : :
402 : 4 : return S2N_SUCCESS;
403 : 5 : }
404 : :
405 : : int s2n_offered_early_data_get_context(struct s2n_offered_early_data *early_data, uint8_t *context, uint16_t max_len)
406 : 10 : {
407 [ + - ][ + + ]: 10 : POSIX_ENSURE_REF(context);
408 [ + - ][ + + ]: 9 : POSIX_ENSURE_REF(early_data);
409 : 8 : struct s2n_connection *conn = early_data->conn;
410 : :
411 [ + - ][ + + ]: 8 : POSIX_ENSURE_REF(conn);
412 [ + + ][ + - ]: 7 : POSIX_ENSURE_REF(conn->psk_params.chosen_psk);
413 : 6 : struct s2n_early_data_config *early_data_config = &conn->psk_params.chosen_psk->early_data_config;
414 : :
415 [ + + ][ + - ]: 6 : POSIX_ENSURE(early_data_config->context.size <= max_len, S2N_ERR_INSUFFICIENT_MEM_SIZE);
416 [ # # ][ - + ]: 5 : POSIX_CHECKED_MEMCPY(context, early_data_config->context.data, early_data_config->context.size);
[ + + ]
417 : :
418 : 5 : return S2N_SUCCESS;
419 : 5 : }
420 : :
421 : : int s2n_offered_early_data_reject(struct s2n_offered_early_data *early_data)
422 : 6 : {
423 [ + + ][ + - ]: 6 : POSIX_ENSURE_REF(early_data);
424 : 5 : struct s2n_connection *conn = early_data->conn;
425 [ + + ][ + - ]: 5 : POSIX_ENSURE_REF(conn);
426 [ - + ]: 4 : POSIX_GUARD_RESULT(s2n_connection_set_early_data_state(conn, S2N_EARLY_DATA_REJECTED));
427 : 4 : return S2N_SUCCESS;
428 : 4 : }
429 : :
430 : : int s2n_offered_early_data_accept(struct s2n_offered_early_data *early_data)
431 : 5 : {
432 [ + + ][ + - ]: 5 : POSIX_ENSURE_REF(early_data);
433 : 4 : struct s2n_connection *conn = early_data->conn;
434 [ + + ][ + - ]: 4 : POSIX_ENSURE_REF(conn);
435 [ - + ]: 3 : POSIX_GUARD_RESULT(s2n_connection_set_early_data_state(conn, S2N_EARLY_DATA_ACCEPTED));
436 : 3 : return S2N_SUCCESS;
437 : 3 : }
|
