LCOV - code coverage report
Current view: top level - tls - s2n_resume.h (source / functions) Hit Total Coverage
Test: unit_test_coverage.info Lines: 18 18 100.0 %
Date: 2025-08-15 07:28:39 Functions: 0 0 -
Branches: 0 0 - 

           Branch data     Line data    Source code
       1                 :            : /*
       2                 :            :  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
       3                 :            :  *
       4                 :            :  * Licensed under the Apache License, Version 2.0 (the "License").
       5                 :            :  * You may not use this file except in compliance with the License.
       6                 :            :  * A copy of the License is located at
       7                 :            :  *
       8                 :            :  *  http://aws.amazon.com/apache2.0
       9                 :            :  *
      10                 :            :  * or in the "license" file accompanying this file. This file is distributed
      11                 :            :  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
      12                 :            :  * express or implied. See the License for the specific language governing
      13                 :            :  * permissions and limitations under the License.
      14                 :            :  */
      15                 :            : 
      16                 :            : #pragma once
      17                 :            : 
      18                 :            : #include "stuffer/s2n_stuffer.h"
      19                 :            : #include "utils/s2n_blob.h"
      20                 :            : 
      21                 :       2657 : #define S2N_STATE_LIFETIME_IN_NANOS           54000000000000 /* 15 hours */
      22                 :        123 : #define S2N_TLS12_STATE_SIZE_IN_BYTES         (1 + 8 + 1 + S2N_TLS_CIPHER_SUITE_LEN + S2N_TLS_SECRET_LEN + 1)
      23                 :       1161 : #define S2N_TLS13_FIXED_STATE_SIZE            21
      24                 :        386 : #define S2N_TLS13_FIXED_EARLY_DATA_STATE_SIZE 3
      25                 :            : 
      26                 :            : /* This is used in session ticket validation. This controls how far in the future
      27                 :            :  * the session ticket issue time can be while still being accepted.
      28                 :            :  */
      29                 :            : #define MAX_ALLOWED_CLOCK_SKEW_SEC     3600
      30                 :          5 : #define S2N_TLS_SESSION_CACHE_TTL      (6 * 60 * 60)
      31                 :        207 : #define S2N_TICKET_KEY_NAME_LEN        16
      32                 :            : #define S2N_TICKET_AAD_IMPLICIT_LEN    12
      33                 :            : #define S2N_TICKET_AAD_LEN             (S2N_TICKET_AAD_IMPLICIT_LEN + S2N_TICKET_KEY_NAME_LEN)
      34                 :        136 : #define S2N_AES256_KEY_LEN             32
      35                 :       1766 : #define ONE_SEC_IN_NANOS               1000000000
      36                 :        226 : #define ONE_MILLISEC_IN_NANOS          1000000
      37                 :    3420586 : #define ONE_WEEK_IN_SEC                604800
      38                 :         49 : #define S2N_TICKET_INFO_SIZE           32
      39                 :         49 : #define S2N_TICKET_VERSION_SIZE        1
      40                 :         49 : #define S2N_TLS12_TICKET_SIZE_IN_BYTES (S2N_TICKET_VERSION_SIZE + S2N_TICKET_KEY_NAME_LEN \
      41                 :         49 :         + S2N_TICKET_INFO_SIZE + S2N_TLS_GCM_IV_LEN + S2N_TLS12_STATE_SIZE_IN_BYTES + S2N_TLS_GCM_TAG_LEN)
      42                 :            : 
      43                 :       2657 : #define S2N_TICKET_ENCRYPT_DECRYPT_KEY_LIFETIME_IN_NANOS 7200000000000  /* 2 hours */
      44                 :       2657 : #define S2N_TICKET_DECRYPT_KEY_LIFETIME_IN_NANOS         46800000000000 /* 13 hours */
      45                 :        433 : #define S2N_STATE_FORMAT_LEN                             1
      46                 :            : #define S2N_TICKET_LIFETIME_HINT_LEN                     4
      47                 :        423 : #define S2N_SESSION_TICKET_SIZE_LEN                      2
      48                 :            : #define S2N_GREATER_OR_EQUAL                             1
      49                 :            : #define S2N_LESS_THAN                                    -1
      50                 :            : 
      51                 :            : #define S2N_TLS12_SESSION_SIZE S2N_STATE_FORMAT_LEN + S2N_SESSION_TICKET_SIZE_LEN \
      52                 :            :         + S2N_TLS12_TICKET_SIZE_IN_BYTES + S2N_TLS12_STATE_SIZE_IN_BYTES
      53                 :            : 
      54                 :            : struct s2n_connection;
      55                 :            : struct s2n_config;
      56                 :            : 
      57                 :            : struct s2n_ticket_key {
      58                 :            :     unsigned char key_name[S2N_TICKET_KEY_NAME_LEN];
      59                 :            :     uint8_t aes_key[S2N_AES256_KEY_LEN];
      60                 :            :     uint8_t implicit_aad[S2N_TICKET_AAD_IMPLICIT_LEN];
      61                 :            :     uint64_t intro_timestamp;
      62                 :            : };
      63                 :            : 
      64                 :            : struct s2n_ticket_key_weight {
      65                 :            :     double key_weight;
      66                 :            :     uint8_t key_index;
      67                 :            : };
      68                 :            : 
      69                 :            : struct s2n_ticket_fields {
      70                 :            :     struct s2n_blob session_secret;
      71                 :            :     uint32_t ticket_age_add;
      72                 :            : };
      73                 :            : 
      74                 :            : struct s2n_session_ticket {
      75                 :            :     struct s2n_blob ticket_data;
      76                 :            :     uint32_t session_lifetime;
      77                 :            : };
      78                 :            : 
      79                 :            : struct s2n_ticket_key *s2n_find_ticket_key(struct s2n_config *config, const uint8_t name[S2N_TICKET_KEY_NAME_LEN]);
      80                 :            : struct s2n_ticket_key *s2n_get_ticket_encrypt_decrypt_key(struct s2n_config *config);
      81                 :            : S2N_RESULT s2n_resume_encrypt_session_ticket(struct s2n_connection *conn, struct s2n_ticket_key *key, struct s2n_stuffer *to);
      82                 :            : S2N_RESULT s2n_resume_decrypt_session(struct s2n_connection *conn, struct s2n_stuffer *from);
      83                 :            : S2N_RESULT s2n_config_is_encrypt_key_available(struct s2n_config *config);
      84                 :            : int s2n_verify_unique_ticket_key(struct s2n_config *config, uint8_t *hash, uint16_t *insert_index);
      85                 :            : int s2n_config_wipe_expired_ticket_crypto_keys(struct s2n_config *config, int8_t expired_key_index);
      86                 :            : int s2n_config_store_ticket_key(struct s2n_config *config, struct s2n_ticket_key *key);
      87                 :            : 
      88                 :            : typedef enum {
      89                 :            :     S2N_STATE_WITH_SESSION_ID = 0,
      90                 :            :     S2N_STATE_WITH_SESSION_TICKET
      91                 :            : } s2n_client_tls_session_state_format;
      92                 :            : 
      93                 :            : typedef enum {
      94                 :            :     S2N_SERIALIZED_FORMAT_TLS12_V1 = 1,
      95                 :            :     S2N_SERIALIZED_FORMAT_TLS13_V1,
      96                 :            :     S2N_SERIALIZED_FORMAT_TLS12_V2,
      97                 :            :     S2N_SERIALIZED_FORMAT_TLS12_V3,
      98                 :            : } s2n_serial_format_version;
      99                 :            : 
     100                 :            : /* Used to specify the format of the ticket schema before encryption.
     101                 :            :  *
     102                 :            :  * This makes it easier to make changes to the ticket schema in the future
     103                 :            :  * as it allows us to interpret and parse all ticket schemas.
     104                 :            :  **/
     105                 :            : typedef enum {
     106                 :            :     S2N_PRE_ENCRYPTED_STATE_V1 = 1,
     107                 :            : } s2n_pre_encrypted_state;
     108                 :            : 
     109                 :            : int s2n_allowed_to_cache_connection(struct s2n_connection *conn);
     110                 :            : int s2n_resume_from_cache(struct s2n_connection *conn);
     111                 :            : S2N_RESULT s2n_store_to_cache(struct s2n_connection *conn);
     112                 :            : S2N_RESULT s2n_connection_get_session_state_size(struct s2n_connection *conn, size_t *state_size);
     113                 :            : S2N_RESULT s2n_deserialize_resumption_state(struct s2n_connection *conn, struct s2n_blob *psk_identity,
     114                 :            :         struct s2n_stuffer *from);

Generated by: LCOV version 1.14