LCOV - code coverage report
Current view: top level - builds/gnutls/coverage/gnutls-git/lib/ext - ext_master_secret.c (source / functions) Hit Total Coverage
Test: GnuTLS-3.6.14 Code Coverage Lines: 20 20 100.0 %
Date: 2020-10-30 04:50:48 Functions: 3 3 100.0 %
Legend: Lines: hit not hit 

          Line data    Source code
       1             : /*
       2             :  * Copyright (C) 2014-2017 Red Hat, Inc.
       3             :  *
       4             :  * Author: Nikos Mavrogiannopoulos
       5             :  *
       6             :  * This file is part of GnuTLS.
       7             :  *
       8             :  * The GnuTLS is free software; you can redistribute it and/or
       9             :  * modify it under the terms of the GNU Lesser General Public License
      10             :  * as published by the Free Software Foundation; either version 2.1 of
      11             :  * the License, or (at your option) any later version.
      12             :  *
      13             :  * This library is distributed in the hope that it will be useful, but
      14             :  * WITHOUT ANY WARRANTY; without even the implied warranty of
      15             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      16             :  * Lesser General Public License for more details.
      17             :  *
      18             :  * You should have received a copy of the GNU Lesser General Public License
      19             :  * along with this program.  If not, see <https://www.gnu.org/licenses/>
      20             :  *
      21             :  */
      22             : 
      23             : /* This file contains the code for the RFC7627 (ext master secret) TLS extension.
      24             :  */
      25             : 
      26             : #include "gnutls_int.h"
      27             : #include "errors.h"
      28             : #include "num.h"
      29             : #include <hello_ext.h>
      30             : #include <ext/ext_master_secret.h>
      31             : 
      32             : static int _gnutls_ext_master_secret_recv_params(gnutls_session_t session,
      33             :                                           const uint8_t * data,
      34             :                                           size_t data_size);
      35             : static int _gnutls_ext_master_secret_send_params(gnutls_session_t session,
      36             :                                           gnutls_buffer_st * extdata);
      37             : 
      38             : const hello_ext_entry_st ext_mod_ext_master_secret = {
      39             :         .name = "Extended Master Secret",
      40             :         .tls_id = 23,
      41             :         .gid = GNUTLS_EXTENSION_EXT_MASTER_SECRET,
      42             :         .client_parse_point = GNUTLS_EXT_MANDATORY,
      43             :         .server_parse_point = GNUTLS_EXT_MANDATORY,
      44             :         .validity = GNUTLS_EXT_FLAG_TLS|GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
      45             :                     GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
      46             :         .recv_func = _gnutls_ext_master_secret_recv_params,
      47             :         .send_func = _gnutls_ext_master_secret_send_params,
      48             :         .pack_func = NULL,
      49             :         .unpack_func = NULL,
      50             :         .deinit_func = NULL,
      51             :         .cannot_be_overriden = 1
      52             : };
      53             : 
      54             : #ifdef ENABLE_SSL3
      55             : static inline unsigned have_only_ssl3_enabled(gnutls_session_t session)
      56             : {
      57             :         if (session->internals.priorities->protocol.num_priorities == 1 &&
      58             :             session->internals.priorities->protocol.priorities[0] == GNUTLS_SSL3)
      59             :             return 1;
      60             :         return 0;
      61             : }
      62             : #endif
      63             : 
      64             : /*
      65             :  * In case of a server: if an EXT_MASTER_SECRET extension type is received then it
      66             :  * sets a flag into the session security parameters.
      67             :  *
      68             :  */
      69             : static int
      70       10263 : _gnutls_ext_master_secret_recv_params(gnutls_session_t session,
      71             :                                const uint8_t * data, size_t _data_size)
      72             : {
      73       10263 :         ssize_t data_size = _data_size;
      74             : 
      75       10263 :         if ((session->internals.flags & GNUTLS_NO_EXTENSIONS) ||
      76       10263 :             session->internals.priorities->no_extensions ||
      77       10263 :             session->internals.no_ext_master_secret != 0) {
      78             :                 return 0;
      79             :         }
      80             : 
      81       10216 :         if (data_size != 0) {
      82           5 :                 return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
      83             :         }
      84             : 
      85             : #ifdef ENABLE_SSL3
      86             :         if (session->security_parameters.entity == GNUTLS_CLIENT) {
      87             :                 const version_entry_st *ver = get_version(session);
      88             : 
      89             :                 if (unlikely(ver == NULL))
      90             :                         return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
      91             : 
      92             :                 if (ver->id != GNUTLS_SSL3)
      93             :                         session->security_parameters.ext_master_secret = 1;
      94             :         /* do not enable ext master secret if SSL 3.0 is the only protocol supported by server */
      95             :         } else if (!have_only_ssl3_enabled(session))
      96             : #endif
      97       10212 :                 session->security_parameters.ext_master_secret = 1;
      98             : 
      99       10212 :         return 0;
     100             : }
     101             : 
     102             : /* returns data_size or a negative number on failure
     103             :  */
     104             : static int
     105        8881 : _gnutls_ext_master_secret_send_params(gnutls_session_t session,
     106             :                                gnutls_buffer_st * extdata)
     107             : {
     108        8881 :         if ((session->internals.flags & GNUTLS_NO_EXTENSIONS) ||
     109        8875 :             session->internals.priorities->no_extensions != 0 ||
     110        8875 :             session->internals.no_ext_master_secret != 0) {
     111         110 :             session->security_parameters.ext_master_secret = 0;
     112         110 :             return 0;
     113             :         }
     114             : 
     115             :         /* this function sends the client extension data */
     116             : #ifdef ENABLE_SSL3
     117             :         if (session->security_parameters.entity == GNUTLS_CLIENT) {
     118             :                 if (have_only_ssl3_enabled(session))
     119             :                     return 0; /* this extension isn't available for SSL 3.0 */
     120             : 
     121             :                 return GNUTLS_E_INT_RET_0;
     122             :         } else { /* server side */
     123             :                 const version_entry_st *ver = get_version(session);
     124             :                 if (unlikely(ver == NULL))
     125             :                         return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
     126             : 
     127             :                 if (ver->id != GNUTLS_SSL3 && session->security_parameters.ext_master_secret != 0)
     128             :                         return GNUTLS_E_INT_RET_0;
     129             :         }
     130             : 
     131             : 
     132             :         return 0;
     133             : #else
     134        8771 :         if (session->security_parameters.entity == GNUTLS_CLIENT ||
     135        5050 :             session->security_parameters.ext_master_secret != 0)
     136        8771 :                 return GNUTLS_E_INT_RET_0;
     137             :         return 0;
     138             : #endif
     139             : }
     140             : 
     141             : /**
     142             :  * gnutls_session_ext_master_secret_status:
     143             :  * @session: is a #gnutls_session_t type.
     144             :  *
     145             :  * Get the status of the extended master secret extension negotiation.
     146             :  * This is in accordance to RFC7627. That information is also
     147             :  * available to the more generic gnutls_session_get_flags().
     148             :  *
     149             :  * Returns: Non-zero if the negotiation was successful or zero otherwise.
     150             :  **/
     151        6702 : unsigned gnutls_session_ext_master_secret_status(gnutls_session_t session)
     152             : {
     153        6702 :         return session->security_parameters.ext_master_secret;
     154             : }
     155             :

Generated by: LCOV version 1.14