Branch data Line data Source code
1 : : /*
2 : : * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3 : : *
4 : : * Licensed under the Apache License, Version 2.0 (the "License").
5 : : * You may not use this file except in compliance with the License.
6 : : * A copy of the License is located at
7 : : *
8 : : * http://aws.amazon.com/apache2.0
9 : : *
10 : : * or in the "license" file accompanying this file. This file is distributed
11 : : * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12 : : * express or implied. See the License for the specific language governing
13 : : * permissions and limitations under the License.
14 : : */
15 : :
16 : : #include <time.h>
17 : :
18 : : #include "api/s2n.h"
19 : : #include "error/s2n_errno.h"
20 : : #include "stuffer/s2n_stuffer.h"
21 : : #include "tls/s2n_alerts.h"
22 : : #include "tls/s2n_connection.h"
23 : : #include "tls/s2n_record.h"
24 : : #include "tls/s2n_resume.h"
25 : : #include "tls/s2n_tls.h"
26 : : #include "tls/s2n_tls13_handshake.h"
27 : : #include "utils/s2n_random.h"
28 : : #include "utils/s2n_safety.h"
29 : :
30 : : /*
31 : : * The maximum size of the NewSessionTicket message, not taking into account the
32 : : * ticket itself.
33 : : *
34 : : * To get the actual maximum size required for the NewSessionTicket message, we'll need
35 : : * to add the size of the ticket, which is much less predictable.
36 : : *
37 : : * This constant is enforced via unit tests.
38 : : */
39 : 297 : #define S2N_TLS13_MAX_FIXED_NEW_SESSION_TICKET_SIZE 112
40 : :
41 : : int s2n_server_nst_recv(struct s2n_connection *conn)
42 : 18 : {
43 [ - + ]: 18 : POSIX_GUARD(s2n_stuffer_read_uint32(&conn->handshake.io, &conn->ticket_lifetime_hint));
44 : :
45 : 18 : uint16_t session_ticket_len = 0;
46 [ - + ]: 18 : POSIX_GUARD(s2n_stuffer_read_uint16(&conn->handshake.io, &session_ticket_len));
47 : :
48 [ + + ]: 18 : if (session_ticket_len > 0) {
49 [ - + ]: 17 : POSIX_GUARD(s2n_realloc(&conn->client_ticket, session_ticket_len));
50 : :
51 [ - + ]: 17 : POSIX_GUARD(s2n_stuffer_read(&conn->handshake.io, &conn->client_ticket));
52 : :
53 [ + + ]: 17 : if (conn->config->session_ticket_cb != NULL) {
54 : 7 : size_t session_len = s2n_connection_get_session_length(conn);
55 : :
56 : : /* Alloc some memory for the serialized session ticket */
57 : 7 : DEFER_CLEANUP(struct s2n_blob mem = { 0 }, s2n_free);
58 [ - + ]: 7 : POSIX_GUARD(s2n_alloc(&mem,
59 : 7 : S2N_STATE_FORMAT_LEN + S2N_SESSION_TICKET_SIZE_LEN + conn->client_ticket.size + S2N_TLS12_STATE_SIZE_IN_BYTES));
60 : :
61 [ - + ]: 7 : POSIX_GUARD(s2n_connection_get_session(conn, mem.data, session_len));
62 : 7 : uint32_t session_lifetime = s2n_connection_get_session_ticket_lifetime_hint(conn);
63 : :
64 : 7 : struct s2n_session_ticket ticket = { .ticket_data = mem, .session_lifetime = session_lifetime };
65 : :
66 [ - + ][ # # ]: 7 : POSIX_ENSURE(conn->config->session_ticket_cb(conn, conn->config->session_ticket_ctx, &ticket) >= S2N_SUCCESS,
67 : 7 : S2N_ERR_CANCELLED);
68 : 7 : }
69 : 17 : }
70 : :
71 : 18 : return S2N_SUCCESS;
72 : 18 : }
73 : :
74 : : static S2N_RESULT s2n_generate_ticket_lifetime(struct s2n_connection *conn, uint64_t key_intro_time,
75 : : uint32_t *ticket_lifetime)
76 : 402 : {
77 [ # # ][ - + ]: 402 : RESULT_ENSURE_REF(conn);
78 [ - + ][ # # ]: 402 : RESULT_ENSURE_REF(conn->config);
79 [ - + ][ # # ]: 402 : RESULT_ENSURE_MUT(ticket_lifetime);
80 : :
81 : 402 : uint64_t now = 0;
82 [ - + ]: 402 : RESULT_GUARD(s2n_config_wall_clock(conn->config, &now));
83 : :
84 : : /* Calculate ticket key age */
85 [ # # ][ - + ]: 402 : RESULT_ENSURE_GTE(now, key_intro_time);
86 : 402 : uint64_t ticket_key_age_in_nanos = now - key_intro_time;
87 : :
88 : : /* Calculate remaining key lifetime */
89 : 402 : uint64_t key_lifetime_in_nanos = conn->config->encrypt_decrypt_key_lifetime_in_nanos + conn->config->decrypt_key_lifetime_in_nanos;
90 [ - + ][ # # ]: 402 : RESULT_ENSURE_GTE(key_lifetime_in_nanos, ticket_key_age_in_nanos);
91 : 402 : uint32_t remaining_key_lifetime = (key_lifetime_in_nanos - ticket_key_age_in_nanos) / ONE_SEC_IN_NANOS;
92 : :
93 : 402 : uint32_t session_lifetime = conn->config->session_state_lifetime_in_nanos / ONE_SEC_IN_NANOS;
94 : :
95 : : /* Min of remaining key lifetime and session */
96 [ + + ]: 402 : uint32_t min_lifetime = S2N_MIN(remaining_key_lifetime, session_lifetime);
97 : :
98 : : /* In TLS1.3 we take into account keying material lifetime */
99 [ + + ]: 402 : if (conn->actual_protocol_version == S2N_TLS13) {
100 : 385 : uint32_t key_material_lifetime = conn->server_keying_material_lifetime;
101 : 385 : struct s2n_psk *chosen_psk = conn->psk_params.chosen_psk;
102 [ + + ]: 385 : if (chosen_psk) {
103 [ # # ][ - + ]: 186 : RESULT_ENSURE_GTE(chosen_psk->keying_material_expiration, now);
104 : 186 : uint32_t psk_key_material_lifetime = (chosen_psk->keying_material_expiration - now) / ONE_SEC_IN_NANOS;
105 [ - + ]: 186 : key_material_lifetime = S2N_MIN(key_material_lifetime, psk_key_material_lifetime);
106 : 186 : }
107 [ + - ]: 385 : min_lifetime = S2N_MIN(min_lifetime, key_material_lifetime);
108 : 385 : }
109 : :
110 : : /**
111 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.6.1
112 : : *# Servers MUST NOT use any value greater than
113 : : *# 604800 seconds (7 days).
114 : : **/
115 [ + - ]: 402 : *ticket_lifetime = S2N_MIN(min_lifetime, ONE_WEEK_IN_SEC);
116 : :
117 : 402 : return S2N_RESULT_OK;
118 : 402 : }
119 : :
120 : : int s2n_server_nst_send(struct s2n_connection *conn)
121 : 21 : {
122 [ # # ][ - + ]: 21 : POSIX_ENSURE_REF(conn);
123 : :
124 : 21 : uint8_t data[S2N_TLS12_TICKET_SIZE_IN_BYTES] = { 0 };
125 : 21 : struct s2n_blob session_ticket = { 0 };
126 [ - + ]: 21 : POSIX_GUARD(s2n_blob_init(&session_ticket, data, sizeof(data)));
127 : :
128 : 21 : uint32_t lifetime_hint_in_secs = 0;
129 : :
130 : : /* Send a zero-length ticket in the NewSessionTicket message if the server changes
131 : : * its mind mid-handshake or if there are no valid encrypt keys currently available.
132 : : *
133 : : *= https://www.rfc-editor.org/rfc/rfc5077#section-3.3
134 : : *# If the server determines that it does not want to include a
135 : : *# ticket after it has included the SessionTicket extension in the
136 : : *# ServerHello, then it sends a zero-length ticket in the
137 : : *# NewSessionTicket handshake message.
138 : : **/
139 [ + + ]: 21 : if (s2n_result_is_error(s2n_server_nst_write(conn, &lifetime_hint_in_secs, &session_ticket))) {
140 [ - + ]: 3 : POSIX_GUARD(s2n_stuffer_write_uint32(&conn->handshake.io, 0));
141 [ - + ]: 3 : POSIX_GUARD(s2n_stuffer_write_uint16(&conn->handshake.io, 0));
142 : 3 : return S2N_SUCCESS;
143 : 3 : }
144 : :
145 [ - + ]: 18 : POSIX_GUARD(s2n_stuffer_write_uint32(&conn->handshake.io, lifetime_hint_in_secs));
146 [ - + ]: 18 : POSIX_GUARD(s2n_stuffer_write_uint16(&conn->handshake.io, session_ticket.size));
147 [ - + ]: 18 : POSIX_GUARD(s2n_stuffer_write(&conn->handshake.io, &session_ticket));
148 : :
149 : : /* For parity with TLS1.3, track the single ticket sent.
150 : : * This simplifies s2n_connection_get_tickets_sent.
151 : : */
152 : 18 : conn->tickets_sent++;
153 : 18 : return S2N_SUCCESS;
154 : 18 : }
155 : :
156 : : S2N_RESULT s2n_server_nst_write(struct s2n_connection *conn, uint32_t *lifetime_hint_in_secs,
157 : : struct s2n_blob *session_ticket)
158 : 21 : {
159 [ # # ][ - + ]: 21 : RESULT_ENSURE_REF(conn);
160 [ + - ][ + + ]: 21 : RESULT_ENSURE(s2n_server_sending_nst(conn), S2N_ERR_SENDING_NST);
[ + - ]
161 : :
162 : 19 : struct s2n_stuffer output = { 0 };
163 [ - + ]: 19 : RESULT_GUARD_POSIX(s2n_stuffer_init(&output, session_ticket));
164 : :
165 : 19 : struct s2n_ticket_key *key = s2n_get_ticket_encrypt_decrypt_key(conn->config);
166 [ + - ][ + + ]: 19 : RESULT_ENSURE(key != NULL, S2N_ERR_NO_TICKET_ENCRYPT_DECRYPT_KEY);
167 : :
168 [ - + ]: 18 : RESULT_GUARD(s2n_generate_ticket_lifetime(conn, key->intro_timestamp, lifetime_hint_in_secs));
169 [ - + ]: 18 : RESULT_GUARD(s2n_resume_encrypt_session_ticket(conn, key, &output));
170 : :
171 : 18 : return S2N_RESULT_OK;
172 : 18 : }
173 : :
174 : : S2N_RESULT s2n_tls13_server_nst_send(struct s2n_connection *conn, s2n_blocked_status *blocked)
175 : 50566 : {
176 [ - + ][ # # ]: 50566 : RESULT_ENSURE_REF(conn);
177 [ + - ][ + + ]: 50566 : RESULT_ENSURE_GTE(conn->actual_protocol_version, S2N_TLS13);
178 : :
179 : : /* Usually tickets are sent immediately after the handshake.
180 : : * If possible, reuse the handshake IO stuffer before it's wiped.
181 : : *
182 : : * Note: handshake.io isn't explicitly dedicated to only reading or only writing,
183 : : * so we have to be careful using it outside of s2n_negotiate.
184 : : * If we use it for writing here, we CAN'T use it for reading any post-handshake messages.
185 : : */
186 : 50565 : struct s2n_stuffer *nst_stuffer = &conn->handshake.io;
187 : :
188 [ + + ][ + + ]: 50565 : if (conn->mode != S2N_SERVER || !conn->config->use_tickets) {
189 : 50105 : return S2N_RESULT_OK;
190 : 50105 : }
191 : :
192 : : /* Legacy behavior is that the s2n server sends a NST even if the client did not indicate support
193 : : * for resumption or does not support the psk_dhe_ke mode. This is potentially wasteful so we
194 : : * choose to not extend this behavior to QUIC.
195 : : */
196 [ + + ][ + + ]: 460 : if (conn->quic_enabled && conn->psk_params.psk_ke_mode != S2N_PSK_DHE_KE) {
197 : 3 : return S2N_RESULT_OK;
198 : 3 : }
199 : :
200 : : /* No-op if all tickets already sent.
201 : : * Clean up the stuffer used for the ticket to conserve memory. */
202 [ + + ]: 457 : if (conn->tickets_to_send == conn->tickets_sent) {
203 [ - + ]: 159 : RESULT_GUARD_POSIX(s2n_stuffer_resize(nst_stuffer, 0));
204 : 159 : return S2N_RESULT_OK;
205 : 159 : }
206 : :
207 : : /**
208 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.6.1
209 : : *# Note that in principle it is possible to continue issuing new tickets
210 : : *# which indefinitely extend the lifetime of the keying material
211 : : *# originally derived from an initial non-PSK handshake (which was most
212 : : *# likely tied to the peer's certificate). It is RECOMMENDED that
213 : : *# implementations place limits on the total lifetime of such keying
214 : : *# material; these limits should take into account the lifetime of the
215 : : *# peer's certificate, the likelihood of intervening revocation, and the
216 : : *# time since the peer's online CertificateVerify signature.
217 : : */
218 [ + + ]: 298 : if (s2n_result_is_error(s2n_psk_validate_keying_material(conn))) {
219 : 1 : conn->tickets_to_send = conn->tickets_sent;
220 : 1 : return S2N_RESULT_OK;
221 : 1 : }
222 : :
223 [ - + ][ # # ]: 297 : RESULT_ENSURE(conn->tickets_sent <= conn->tickets_to_send, S2N_ERR_INTEGER_OVERFLOW);
224 : :
225 : 297 : size_t session_state_size = 0;
226 [ - + ]: 297 : RESULT_GUARD(s2n_connection_get_session_state_size(conn, &session_state_size));
227 : 297 : const size_t maximum_nst_size = session_state_size + S2N_TLS13_MAX_FIXED_NEW_SESSION_TICKET_SIZE;
228 [ + + ]: 297 : if (s2n_stuffer_space_remaining(nst_stuffer) < maximum_nst_size) {
229 [ - + ]: 128 : RESULT_GUARD_POSIX(s2n_stuffer_resize(nst_stuffer, maximum_nst_size));
230 : 128 : }
231 : :
232 [ + + ]: 593 : while (conn->tickets_to_send - conn->tickets_sent > 0) {
233 [ + + ]: 322 : if (s2n_result_is_error(s2n_tls13_server_nst_write(conn, nst_stuffer))) {
234 : 5 : return S2N_RESULT_OK;
235 : 5 : }
236 : :
237 [ + + ]: 317 : RESULT_GUARD(s2n_post_handshake_write_records(conn, blocked));
238 : 317 : }
239 : :
240 : 271 : return S2N_RESULT_OK;
241 : 297 : }
242 : :
243 : : /**
244 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.6.1
245 : : *# A per-ticket value that is unique across all tickets
246 : : *# issued on this connection.
247 : : **/
248 : : static S2N_RESULT s2n_generate_ticket_nonce(uint16_t value, struct s2n_blob *output)
249 : 384 : {
250 [ - + ][ # # ]: 384 : RESULT_ENSURE_MUT(output);
251 : :
252 : 384 : struct s2n_stuffer stuffer = { 0 };
253 [ - + ]: 384 : RESULT_GUARD_POSIX(s2n_stuffer_init(&stuffer, output));
254 [ - + ]: 384 : RESULT_GUARD_POSIX(s2n_stuffer_write_uint16(&stuffer, value));
255 : :
256 : 384 : return S2N_RESULT_OK;
257 : 384 : }
258 : :
259 : : /**
260 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.6.1
261 : : *# A securely generated, random 32-bit value that is
262 : : *# used to obscure the age of the ticket that the client includes in
263 : : *# the "pre_shared_key" extension.
264 : : **/
265 : : static S2N_RESULT s2n_generate_ticket_age_add(struct s2n_blob *random_data, uint32_t *ticket_age_add)
266 : 384 : {
267 [ # # ][ - + ]: 384 : RESULT_ENSURE_REF(random_data);
268 [ # # ][ - + ]: 384 : RESULT_ENSURE_REF(ticket_age_add);
269 : :
270 : 384 : struct s2n_stuffer stuffer = { 0 };
271 [ - + ]: 384 : RESULT_GUARD_POSIX(s2n_stuffer_init(&stuffer, random_data));
272 [ - + ]: 384 : RESULT_GUARD_POSIX(s2n_stuffer_skip_write(&stuffer, random_data->size));
273 [ - + ]: 384 : RESULT_GUARD_POSIX(s2n_stuffer_read_uint32(&stuffer, ticket_age_add));
274 : :
275 : 384 : return S2N_RESULT_OK;
276 : 384 : }
277 : :
278 : : /**
279 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.6.1
280 : : *# The PSK associated with the ticket is computed as:
281 : : *#
282 : : *# HKDF-Expand-Label(resumption_master_secret,
283 : : *# "resumption", ticket_nonce, Hash.length)
284 : : **/
285 : : static int s2n_generate_session_secret(struct s2n_connection *conn, struct s2n_blob *nonce, struct s2n_blob *output)
286 : 849 : {
287 [ # # ][ - + ]: 849 : POSIX_ENSURE_REF(conn);
288 [ - + ][ # # ]: 849 : POSIX_ENSURE_REF(nonce);
289 [ - + ][ # # ]: 849 : POSIX_ENSURE_REF(output);
290 : :
291 [ - + ]: 849 : s2n_tls13_connection_keys(secrets, conn);
292 : 849 : struct s2n_blob master_secret = { 0 };
293 [ - + ]: 849 : POSIX_GUARD(s2n_blob_init(&master_secret, conn->secrets.version.tls13.resumption_master_secret, secrets.size));
294 [ - + ]: 849 : POSIX_GUARD(s2n_realloc(output, secrets.size));
295 [ - + ]: 849 : POSIX_GUARD_RESULT(s2n_tls13_derive_session_ticket_secret(&secrets, &master_secret, nonce, output));
296 : :
297 : 849 : return S2N_SUCCESS;
298 : 849 : }
299 : :
300 : : S2N_RESULT s2n_tls13_server_nst_write(struct s2n_connection *conn, struct s2n_stuffer *output)
301 : 426 : {
302 [ - + ][ # # ]: 426 : RESULT_ENSURE_REF(conn);
303 [ - + ][ # # ]: 426 : RESULT_ENSURE_REF(output);
304 : :
305 : 426 : struct s2n_ticket_key *key = s2n_get_ticket_encrypt_decrypt_key(conn->config);
306 [ + + ][ + - ]: 426 : RESULT_ENSURE(key != NULL, S2N_ERR_NO_TICKET_ENCRYPT_DECRYPT_KEY);
307 : :
308 : 421 : struct s2n_ticket_fields *ticket_fields = &conn->tls13_ticket_fields;
309 : :
310 : : /* Write message type because session resumption in TLS13 is a post-handshake message */
311 [ - + ]: 421 : RESULT_GUARD_POSIX(s2n_stuffer_write_uint8(output, TLS_SERVER_NEW_SESSION_TICKET));
312 : :
313 : 421 : struct s2n_stuffer_reservation message_size = { 0 };
314 [ - + ]: 421 : RESULT_GUARD_POSIX(s2n_stuffer_reserve_uint24(output, &message_size));
315 : :
316 : 421 : uint32_t ticket_lifetime_in_secs = 0;
317 [ - + ]: 421 : RESULT_GUARD(s2n_generate_ticket_lifetime(conn, key->intro_timestamp, &ticket_lifetime_in_secs));
318 : :
319 [ + + ][ + - ]: 421 : RESULT_ENSURE(ticket_lifetime_in_secs > 0, S2N_ERR_ZERO_LIFETIME_TICKET);
320 [ - + ]: 419 : RESULT_GUARD_POSIX(s2n_stuffer_write_uint32(output, ticket_lifetime_in_secs));
321 : :
322 : : /* Get random data to use as ticket_age_add value */
323 : 419 : uint8_t data[sizeof(uint32_t)] = { 0 };
324 : 419 : struct s2n_blob random_data = { 0 };
325 [ - + ]: 419 : RESULT_GUARD_POSIX(s2n_blob_init(&random_data, data, sizeof(data)));
326 : : /**
327 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.6.1
328 : : *# The server MUST generate a fresh value
329 : : *# for each ticket it sends.
330 : : **/
331 [ - + ]: 419 : RESULT_GUARD(s2n_get_private_random_data(&random_data));
332 [ - + ]: 419 : RESULT_GUARD(s2n_generate_ticket_age_add(&random_data, &ticket_fields->ticket_age_add));
333 [ - + ]: 419 : RESULT_GUARD_POSIX(s2n_stuffer_write_uint32(output, ticket_fields->ticket_age_add));
334 : :
335 : : /* Write ticket nonce */
336 : 419 : uint8_t nonce_data[sizeof(uint16_t)] = { 0 };
337 : 419 : struct s2n_blob nonce = { 0 };
338 [ - + ]: 419 : RESULT_GUARD_POSIX(s2n_blob_init(&nonce, nonce_data, sizeof(nonce_data)));
339 [ - + ]: 419 : RESULT_GUARD(s2n_generate_ticket_nonce(conn->tickets_sent, &nonce));
340 [ - + ]: 419 : RESULT_GUARD_POSIX(s2n_stuffer_write_uint8(output, nonce.size));
341 [ - + ]: 419 : RESULT_GUARD_POSIX(s2n_stuffer_write_bytes(output, nonce.data, nonce.size));
342 : :
343 : : /* Derive individual session ticket secret */
344 [ - + ]: 419 : RESULT_GUARD_POSIX(s2n_generate_session_secret(conn, &nonce, &ticket_fields->session_secret));
345 : :
346 : : /* Write ticket */
347 : 419 : struct s2n_stuffer_reservation ticket_size = { 0 };
348 [ - + ]: 419 : RESULT_GUARD_POSIX(s2n_stuffer_reserve_uint16(output, &ticket_size));
349 [ - + ]: 419 : RESULT_GUARD(s2n_resume_encrypt_session_ticket(conn, key, output));
350 [ + + ]: 419 : RESULT_GUARD_POSIX(s2n_stuffer_write_vector_size(&ticket_size));
351 : :
352 [ - + ]: 418 : RESULT_GUARD_POSIX(s2n_extension_list_send(S2N_EXTENSION_LIST_NST, conn, output));
353 : :
354 [ - + ]: 418 : RESULT_GUARD_POSIX(s2n_stuffer_write_vector_size(&message_size));
355 : :
356 [ + - ][ + + ]: 418 : RESULT_ENSURE(conn->tickets_sent < UINT16_MAX, S2N_ERR_INTEGER_OVERFLOW);
357 : 417 : conn->tickets_sent++;
358 : :
359 : 417 : return S2N_RESULT_OK;
360 : 418 : }
361 : :
362 : : /**
363 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.6.1
364 : : *# struct {
365 : : *# uint32 ticket_lifetime;
366 : : *# uint32 ticket_age_add;
367 : : *# opaque ticket_nonce<0..255>;
368 : : *# opaque ticket<1..2^16-1>;
369 : : *# Extension extensions<0..2^16-2>;
370 : : *# } NewSessionTicket;
371 : : **/
372 : : S2N_RESULT s2n_tls13_server_nst_recv(struct s2n_connection *conn, struct s2n_stuffer *input)
373 : 484 : {
374 [ # # ][ - + ]: 484 : RESULT_ENSURE_REF(conn);
375 [ - + ][ # # ]: 484 : RESULT_ENSURE_REF(input);
376 [ - + ][ # # ]: 484 : RESULT_ENSURE_REF(conn->config);
377 : :
378 [ + + ][ + - ]: 484 : RESULT_ENSURE(conn->actual_protocol_version >= S2N_TLS13, S2N_ERR_BAD_MESSAGE);
379 [ + + ][ + - ]: 483 : RESULT_ENSURE(conn->mode == S2N_CLIENT, S2N_ERR_BAD_MESSAGE);
380 : :
381 [ + + ]: 480 : if (!conn->config->use_tickets) {
382 : 1 : return S2N_RESULT_OK;
383 : 1 : }
384 : 479 : struct s2n_ticket_fields *ticket_fields = &conn->tls13_ticket_fields;
385 : :
386 : : /* Handle `ticket_lifetime` field */
387 : 479 : uint32_t ticket_lifetime = 0;
388 [ - + ]: 479 : RESULT_GUARD_POSIX(s2n_stuffer_read_uint32(input, &ticket_lifetime));
389 : : /**
390 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.6.1
391 : : *# Servers MUST NOT use any value greater than
392 : : *# 604800 seconds (7 days).
393 : : */
394 [ + + ][ + - ]: 479 : RESULT_ENSURE(ticket_lifetime <= ONE_WEEK_IN_SEC, S2N_ERR_BAD_MESSAGE);
395 : : /**
396 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-4.6.1
397 : : *# The value of zero indicates that the
398 : : *# ticket should be discarded immediately.
399 : : */
400 [ + + ]: 478 : if (ticket_lifetime == 0) {
401 : 1 : return S2N_RESULT_OK;
402 : 1 : }
403 : 477 : conn->ticket_lifetime_hint = ticket_lifetime;
404 : :
405 : : /* Handle `ticket_age_add` field */
406 [ - + ]: 477 : RESULT_GUARD_POSIX(s2n_stuffer_read_uint32(input, &ticket_fields->ticket_age_add));
407 : :
408 : : /* Handle `ticket_nonce` field */
409 : 477 : uint8_t ticket_nonce_len = 0;
410 [ - + ]: 477 : RESULT_GUARD_POSIX(s2n_stuffer_read_uint8(input, &ticket_nonce_len));
411 : 477 : uint8_t nonce_data[UINT8_MAX] = { 0 };
412 : 477 : struct s2n_blob nonce = { 0 };
413 [ - + ]: 477 : RESULT_GUARD_POSIX(s2n_blob_init(&nonce, nonce_data, ticket_nonce_len));
414 [ - + ]: 477 : RESULT_GUARD_POSIX(s2n_stuffer_read_bytes(input, nonce.data, ticket_nonce_len));
415 [ - + ]: 477 : RESULT_GUARD_POSIX(s2n_generate_session_secret(conn, &nonce, &ticket_fields->session_secret));
416 : :
417 : : /* Handle `ticket` field */
418 : 477 : uint16_t session_ticket_len = 0;
419 [ - + ]: 477 : RESULT_GUARD_POSIX(s2n_stuffer_read_uint16(input, &session_ticket_len));
420 [ - + ][ # # ]: 477 : RESULT_ENSURE(session_ticket_len > 0, S2N_ERR_SAFETY);
421 [ - + ]: 477 : RESULT_GUARD_POSIX(s2n_realloc(&conn->client_ticket, session_ticket_len));
422 [ - + ]: 477 : RESULT_GUARD_POSIX(s2n_stuffer_read(input, &conn->client_ticket));
423 : :
424 : : /* Handle `extensions` field */
425 [ - + ]: 477 : RESULT_GUARD_POSIX(s2n_extension_list_recv(S2N_EXTENSION_LIST_NST, conn, input));
426 : :
427 [ + + ]: 477 : if (conn->config->session_ticket_cb != NULL) {
428 : : /* Retrieve serialized session data */
429 : 430 : const uint16_t session_state_size = s2n_connection_get_session_length(conn);
430 : 430 : DEFER_CLEANUP(struct s2n_blob session_state = { 0 }, s2n_free);
431 [ - + ]: 430 : RESULT_GUARD_POSIX(s2n_realloc(&session_state, session_state_size));
432 [ - + ]: 430 : RESULT_GUARD_POSIX(s2n_connection_get_session(conn, session_state.data, session_state.size));
433 : :
434 : 430 : struct s2n_session_ticket ticket = {
435 : 430 : .ticket_data = session_state,
436 : 430 : .session_lifetime = ticket_lifetime
437 : 430 : };
438 [ - + ][ # # ]: 430 : RESULT_ENSURE(conn->config->session_ticket_cb(conn, conn->config->session_ticket_ctx, &ticket) >= S2N_SUCCESS,
439 : 430 : S2N_ERR_CANCELLED);
440 : 430 : }
441 : :
442 : 477 : return S2N_RESULT_OK;
443 : 477 : }
|