/src/gnutls/lib/ext/early_data.c

Source (jump to first uncovered line)
/*
 * Copyright (C) 2018 Red Hat, Inc.
 *
 * Author: Daiki Ueno
 *
 * This file is part of GnuTLS.
 *
 * The GnuTLS is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
 *
 */

/* This file contains the code for the Early Data TLS 1.3 extension.
 */

#include "gnutls_int.h"
#include "errors.h"
#include "num.h"
#include "hello_ext_lib.h"
#include "ext/early_data.h"

static int early_data_recv_params(gnutls_session_t session, const uint8_t *data,
          size_t data_size);
static int early_data_send_params(gnutls_session_t session,
          gnutls_buffer_st *extdata);

const hello_ext_entry_st ext_mod_early_data = {
  .name = "Early Data",
  .tls_id = 42,
  .gid = GNUTLS_EXTENSION_EARLY_DATA,
  .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
        GNUTLS_EXT_FLAG_EE,
  .client_parse_point =
    GNUTLS_EXT_MANDATORY, /* force parsing prior to EXT_TLS extensions */
  .server_parse_point =
    GNUTLS_EXT_MANDATORY, /* force parsing prior to EXT_TLS extensions */
  .recv_func = early_data_recv_params,
  .send_func = early_data_send_params,
  .pack_func = NULL,
  .unpack_func = NULL,
  .deinit_func = _gnutls_hello_ext_default_deinit,
  .cannot_be_overriden = 0
};

static int early_data_recv_params(gnutls_session_t session, const uint8_t *data,
          size_t _data_size)
{
  const version_entry_st *vers = get_version(session);

  if (!vers || !vers->tls13_sem)
    return gnutls_assert_val(0);

  if (session->security_parameters.entity == GNUTLS_SERVER) {
    /* Whether to accept early data is decided during processing the
     * pre_shared_key extension in the later phase.
     */
    session->internals.hsk_flags |= HSK_EARLY_DATA_IN_FLIGHT;
  } else {
    if (_gnutls_ext_get_msg(session) == GNUTLS_EXT_FLAG_EE)
      session->internals.hsk_flags |= HSK_EARLY_DATA_ACCEPTED;
  }

  return 0;
}

/* returns data_size or a negative number on failure
 */
static int early_data_send_params(gnutls_session_t session,
          gnutls_buffer_st *extdata)
{
  if (session->security_parameters.entity == GNUTLS_SERVER) {
    if (session->internals.hsk_flags & HSK_EARLY_DATA_ACCEPTED)
      return GNUTLS_E_INT_RET_0;
  } else {
    /* early data is enabled and resuming a TLS 1.3 session */
    if (session->internals.flags & GNUTLS_ENABLE_EARLY_DATA &&
        !(session->internals.resumption_requested == 0 &&
          session->internals.premaster_set == 0) &&
        session->internals.resumed_security_parameters.pversion &&
        session->internals.resumed_security_parameters.pversion
          ->tls13_sem) {
      session->internals.hsk_flags |=
        HSK_EARLY_DATA_IN_FLIGHT;
      return GNUTLS_E_INT_RET_0;
    }
  }

  return 0;
}

/**
 * gnutls_record_get_max_early_data_size:
 * @session: is a #gnutls_session_t type.
 *
 * This function returns the maximum early data size in this connection.
 * This property can only be set to servers.  The client may be
 * provided with the maximum allowed size through the "early_data"
 * extension of the NewSessionTicket handshake message.
 *
 * Returns: The maximum early data size in this connection.
 *
 * Since: 3.6.5
 **/
size_t gnutls_record_get_max_early_data_size(gnutls_session_t session)
{
  return session->security_parameters.max_early_data_size;
}

/**
 * gnutls_record_set_max_early_data_size:
 * @session: is a #gnutls_session_t type.
 * @size: is the new size
 *
 * This function sets the maximum early data size in this connection.
 * This property can only be set to servers.  The client may be
 * provided with the maximum allowed size through the "early_data"
 * extension of the NewSessionTicket handshake message.
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
 *   otherwise a negative error code is returned.
 *
 * Since: 3.6.4
 **/
int gnutls_record_set_max_early_data_size(gnutls_session_t session, size_t size)
{
  if (session->security_parameters.entity == GNUTLS_CLIENT)
    return GNUTLS_E_INVALID_REQUEST;

  /* Reject zero as well, as it is useless. */
  if (size == 0 || size > UINT32_MAX)
    return GNUTLS_E_INVALID_REQUEST;

  session->security_parameters.max_early_data_size = (uint32_t)size;

  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright (C) 2018 Red Hat, Inc.
3		*
4		* Author: Daiki Ueno
5		*
6		* This file is part of GnuTLS.
7		*
8		* The GnuTLS is free software; you can redistribute it and/or
9		* modify it under the terms of the GNU Lesser General Public License
10		* as published by the Free Software Foundation; either version 2.1 of
11		* the License, or (at your option) any later version.
12		*
13		* This library is distributed in the hope that it will be useful, but
14		* WITHOUT ANY WARRANTY; without even the implied warranty of
15		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16		* Lesser General Public License for more details.
17		*
18		* You should have received a copy of the GNU Lesser General Public License
19		* along with this program. If not, see <https://www.gnu.org/licenses/>
20		*
21		*/
22
23		/* This file contains the code for the Early Data TLS 1.3 extension.
24		*/
25
26		#include "gnutls_int.h"
27		#include "errors.h"
28		#include "num.h"
29		#include "hello_ext_lib.h"
30		#include "ext/early_data.h"
31
32		static int early_data_recv_params(gnutls_session_t session, const uint8_t *data,
33		size_t data_size);
34		static int early_data_send_params(gnutls_session_t session,
35		gnutls_buffer_st *extdata);
36
37		const hello_ext_entry_st ext_mod_early_data = {
38		.name = "Early Data",
39		.tls_id = 42,
40		.gid = GNUTLS_EXTENSION_EARLY_DATA,
41		.validity = GNUTLS_EXT_FLAG_TLS \| GNUTLS_EXT_FLAG_CLIENT_HELLO \|
42		GNUTLS_EXT_FLAG_EE,
43		.client_parse_point =
44		GNUTLS_EXT_MANDATORY, /* force parsing prior to EXT_TLS extensions */
45		.server_parse_point =
46		GNUTLS_EXT_MANDATORY, /* force parsing prior to EXT_TLS extensions */
47		.recv_func = early_data_recv_params,
48		.send_func = early_data_send_params,
49		.pack_func = NULL,
50		.unpack_func = NULL,
51		.deinit_func = _gnutls_hello_ext_default_deinit,
52		.cannot_be_overriden = 0
53		};
54
55		static int early_data_recv_params(gnutls_session_t session, const uint8_t *data,
56		size_t _data_size)
57	0	{
58	0	const version_entry_st *vers = get_version(session);
59
60	0	if (!vers \|\| !vers->tls13_sem)
61	0	return gnutls_assert_val(0);
62
63	0	if (session->security_parameters.entity == GNUTLS_SERVER) {
64		/* Whether to accept early data is decided during processing the
65		* pre_shared_key extension in the later phase.
66		*/
67	0	session->internals.hsk_flags \|= HSK_EARLY_DATA_IN_FLIGHT;
68	0	} else {
69	0	if (_gnutls_ext_get_msg(session) == GNUTLS_EXT_FLAG_EE)
70	0	session->internals.hsk_flags \|= HSK_EARLY_DATA_ACCEPTED;
71	0	}
72
73	0	return 0;
74	0	}
75
76		/* returns data_size or a negative number on failure
77		*/
78		static int early_data_send_params(gnutls_session_t session,
79		gnutls_buffer_st *extdata)
80	0	{
81	0	if (session->security_parameters.entity == GNUTLS_SERVER) {
82	0	if (session->internals.hsk_flags & HSK_EARLY_DATA_ACCEPTED)
83	0	return GNUTLS_E_INT_RET_0;
84	0	} else {
85		/* early data is enabled and resuming a TLS 1.3 session */
86	0	if (session->internals.flags & GNUTLS_ENABLE_EARLY_DATA &&
87	0	!(session->internals.resumption_requested == 0 &&
88	0	session->internals.premaster_set == 0) &&
89	0	session->internals.resumed_security_parameters.pversion &&
90	0	session->internals.resumed_security_parameters.pversion
91	0	->tls13_sem) {
92	0	session->internals.hsk_flags \|=
93	0	HSK_EARLY_DATA_IN_FLIGHT;
94	0	return GNUTLS_E_INT_RET_0;
95	0	}
96	0	}
97
98	0	return 0;
99	0	}
100
101		/**
102		* gnutls_record_get_max_early_data_size:
103		* @session: is a #gnutls_session_t type.
104		*
105		* This function returns the maximum early data size in this connection.
106		* This property can only be set to servers. The client may be
107		* provided with the maximum allowed size through the "early_data"
108		* extension of the NewSessionTicket handshake message.
109		*
110		* Returns: The maximum early data size in this connection.
111		*
112		* Since: 3.6.5
113		**/
114		size_t gnutls_record_get_max_early_data_size(gnutls_session_t session)
115	0	{
116	0	return session->security_parameters.max_early_data_size;
117	0	}
118
119		/**
120		* gnutls_record_set_max_early_data_size:
121		* @session: is a #gnutls_session_t type.
122		* @size: is the new size
123		*
124		* This function sets the maximum early data size in this connection.
125		* This property can only be set to servers. The client may be
126		* provided with the maximum allowed size through the "early_data"
127		* extension of the NewSessionTicket handshake message.
128		*
129		* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
130		* otherwise a negative error code is returned.
131		*
132		* Since: 3.6.4
133		**/
134		int gnutls_record_set_max_early_data_size(gnutls_session_t session, size_t size)
135	0	{
136	0	if (session->security_parameters.entity == GNUTLS_CLIENT)
137	0	return GNUTLS_E_INVALID_REQUEST;
138
139		/* Reject zero as well, as it is useless. */
140	0	if (size == 0 \|\| size > UINT32_MAX)
141	0	return GNUTLS_E_INVALID_REQUEST;
142
143	0	session->security_parameters.max_early_data_size = (uint32_t)size;
144
145	0	return 0;
146	0	}

Coverage Report

Created: 2025-03-18 06:55