Branch data     Line data    Source code

       1                 :            : /*
       2                 :            :  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
       3                 :            :  *
       4                 :            :  * Licensed under the Apache License, Version 2.0 (the "License").
       5                 :            :  * You may not use this file except in compliance with the License.
       6                 :            :  * A copy of the License is located at
       7                 :            :  *
       8                 :            :  *  http://aws.amazon.com/apache2.0
       9                 :            :  *
      10                 :            :  * or in the "license" file accompanying this file. This file is distributed
      11                 :            :  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
      12                 :            :  * express or implied. See the License for the specific language governing
      13                 :            :  * permissions and limitations under the License.
      14                 :            :  */
      15                 :            : 
      16                 :            : #include "error/s2n_errno.h"
      17                 :            : #include "stuffer/s2n_stuffer.h"
      18                 :            : #include "tls/extensions/s2n_extension_list.h"
      19                 :            : #include "tls/s2n_tls.h"
      20                 :            : #include "tls/s2n_tls13.h"
      21                 :            : #include "utils/s2n_safety.h"
      22                 :            : 
      23                 :            : /**
      24                 :            :   * Specified in https://tools.ietf.org/html/rfc8446#section-4.3.1
      25                 :            :   *
      26                 :            :   * In all handshakes, the server MUST send the EncryptedExtensions
      27                 :            :   * message immediately after the ServerHello message.
      28                 :            :   *
      29                 :            :   * The EncryptedExtensions message contains extensions that can be
      30                 :            :   * protected, i.e., any which are not needed to establish the
      31                 :            :   * cryptographic context but which are not associated with individual
      32                 :            :   * certificates.
      33                 :            :   **/
      34                 :            : 
      35                 :            : int s2n_encrypted_extensions_send(struct s2n_connection *conn)
      36                 :       4213 : {
      37 [ +  - ][ +  + ]:       4213 :     POSIX_ENSURE_REF(conn);
      38 [ +  - ][ +  + ]:       4212 :     POSIX_ENSURE(conn->actual_protocol_version >= S2N_TLS13, S2N_ERR_BAD_MESSAGE);
      39                 :            : 
      40                 :       4211 :     struct s2n_stuffer *out = &conn->handshake.io;
      41         [ -  + ]:       4211 :     POSIX_GUARD(s2n_extension_list_send(S2N_EXTENSION_LIST_ENCRYPTED_EXTENSIONS, conn, out));
      42                 :       4211 :     return S2N_SUCCESS;
      43                 :       4211 : }
      44                 :            : 
      45                 :            : int s2n_encrypted_extensions_recv(struct s2n_connection *conn)
      46                 :       4197 : {
      47 [ +  + ][ +  - ]:       4197 :     POSIX_ENSURE_REF(conn);
      48 [ +  + ][ +  - ]:       4196 :     POSIX_ENSURE(conn->actual_protocol_version >= S2N_TLS13, S2N_ERR_BAD_MESSAGE);
      49                 :            : 
      50                 :       4195 :     struct s2n_stuffer *in = &conn->handshake.io;
      51         [ -  + ]:       4195 :     POSIX_GUARD(s2n_extension_list_recv(S2N_EXTENSION_LIST_ENCRYPTED_EXTENSIONS, conn, in));
      52                 :       4195 :     return S2N_SUCCESS;
      53                 :       4195 : }