Home Explore Help
Sign In
SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git
1
0
Fork 0
Files
Tree: 686cf76645
Branches Tags
ydb
/
contrib
/
restricted
/
aws
/
s2n
/
tls
/
extensions
/
s2n_client_session_ticket.c

s2n_client_session_ticket.c 2.6 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. /*
    2. 

  2.  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
    3. 

  3.  *
    4. 

  4.  * Licensed under the Apache License, Version 2.0 (the "License").
    5. 

  5.  * You may not use this file except in compliance with the License.
    6. 

  6.  * A copy of the License is located at
    7. 

  7.  *
    8. 

  8.  *  http://aws.amazon.com/apache2.0
    9. 

  9.  *
    10. 

  10.  * or in the "license" file accompanying this file. This file is distributed
    11. 

  11.  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
    12. 

  12.  * express or implied. See the License for the specific language governing
    13. 

  13.  * permissions and limitations under the License.
    14. 

  14.  */
    15. 

  15. 

  16. #include "tls/extensions/s2n_client_session_ticket.h"
    17. 

  17. 

  18. #include <stdint.h>
    19. 

  19. #include <sys/param.h>
    20. 

  20. 

  21. #include "tls/extensions/s2n_client_psk.h"
    22. 

  22. #include "tls/s2n_resume.h"
    23. 

  23. #include "tls/s2n_tls.h"
    24. 

  24. #include "tls/s2n_tls_parameters.h"
    25. 

  25. #include "utils/s2n_safety.h"
    26. 

  26. 

  27. static bool s2n_client_session_ticket_should_send(struct s2n_connection *conn);
    28. 

  28. static int s2n_client_session_ticket_send(struct s2n_connection *conn, struct s2n_stuffer *out);
    29. 

  29. static int s2n_client_session_ticket_recv(struct s2n_connection *conn, struct s2n_stuffer *extension);
    30. 

  30. 

  31. const s2n_extension_type s2n_client_session_ticket_extension = {
    32. 

  32.     .iana_value = TLS_EXTENSION_SESSION_TICKET,
    33. 

  33.     .is_response = false,
    34. 

  34.     .send = s2n_client_session_ticket_send,
    35. 

  35.     .recv = s2n_client_session_ticket_recv,
    36. 

  36.     .should_send = s2n_client_session_ticket_should_send,
    37. 

  37.     .if_missing = s2n_extension_noop_if_missing,
    38. 

  38. };
    39. 

  39. 

  40. static bool s2n_client_session_ticket_should_send(struct s2n_connection *conn)
    41. 

  41. {
    42. 

  42.     return conn->config->use_tickets && !s2n_client_psk_should_send(conn);
    43. 

  43. }
    44. 

  44. 

  45. static int s2n_client_session_ticket_send(struct s2n_connection *conn, struct s2n_stuffer *out)
    46. 

  46. {
    47. 

  47.     POSIX_GUARD(s2n_stuffer_write(out, &conn->client_ticket));
    48. 

  48.     return S2N_SUCCESS;
    49. 

  49. }
    50. 

  50. 

  51. static int s2n_client_session_ticket_recv(struct s2n_connection *conn, struct s2n_stuffer *extension)
    52. 

  52. {
    53. 

  53.     if (conn->config->use_tickets != 1 || conn->actual_protocol_version > S2N_TLS12) {
    54. 

  54.         /* Ignore the extension. */
    55. 

  55.         return S2N_SUCCESS;
    56. 

  56.     }
    57. 

  57. 

  58.     /* s2n server does not support session ticket with CLIENT_AUTH enabled */
    59. 

  59.     if (s2n_connection_is_client_auth_enabled(conn) > 0) {
    60. 

  60.         return S2N_SUCCESS;
    61. 

  61.     }
    62. 

  62. 

  63.     if (s2n_stuffer_data_available(extension) == S2N_TLS12_TICKET_SIZE_IN_BYTES) {
    64. 

  64.         conn->session_ticket_status = S2N_DECRYPT_TICKET;
    65. 

  65.         POSIX_GUARD(s2n_stuffer_copy(extension, &conn->client_ticket_to_decrypt, S2N_TLS12_TICKET_SIZE_IN_BYTES));
    66. 

  66.     } else if (s2n_config_is_encrypt_decrypt_key_available(conn->config) == 1) {
    67. 

  67.         conn->session_ticket_status = S2N_NEW_TICKET;
    68. 

  68.     }
    69. 

  69. 

  70.     return S2N_SUCCESS;
    71. 

  71. }
    72.