Branch data     Line data    Source code

       1                 :            : /*
       2                 :            :  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
       3                 :            :  *
       4                 :            :  * Licensed under the Apache License, Version 2.0 (the "License").
       5                 :            :  * You may not use this file except in compliance with the License.
       6                 :            :  * A copy of the License is located at
       7                 :            :  *
       8                 :            :  *  http://aws.amazon.com/apache2.0
       9                 :            :  *
      10                 :            :  * or in the "license" file accompanying this file. This file is distributed
      11                 :            :  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
      12                 :            :  * express or implied. See the License for the specific language governing
      13                 :            :  * permissions and limitations under the License.
      14                 :            :  */
      15                 :            : 
      16                 :            : #pragma once
      17                 :            : 
      18                 :            : #include "crypto/s2n_signature.h"
      19                 :            : #include "utils/s2n_blob.h"
      20                 :            : #include "utils/s2n_result.h"
      21                 :            : 
      22                 :            : struct s2n_connection;
      23                 :            : 
      24                 :            : typedef int (*s2n_async_pkey_sign_complete)(struct s2n_connection *conn, struct s2n_blob *signature);
      25                 :            : typedef int (*s2n_async_pkey_decrypt_complete)(struct s2n_connection *conn, bool rsa_failed, struct s2n_blob *decrypted);
      26                 :            : 
      27                 :            : struct s2n_async_pkey_op;
      28                 :            : 
      29                 :            : /* Guard to handle async states inside handler which uses async pkey operations. If async operation was not invoked
      30                 :            :  * it means that we enter this handler for the first time and handler may or may not use async operation, so we let it
      31                 :            :  * continue. If async operation is invoking or was invoked, but yet to be complete, we error out of the handler to let
      32                 :            :  * s2n_handle_retry_state try again. If async operation was complete we clear the state and let s2n_handle_retry_state
      33                 :            :  * proceed to the next handler */
      34                 :            : #define S2N_ASYNC_PKEY_GUARD(conn)                                         \
      35                 :       5746 :     do {                                                                   \
      36                 :       5746 :         __typeof(conn) __tmp_conn = (conn);                                \
      37                 :       5746 :         POSIX_GUARD_PTR(__tmp_conn);                                       \
      38                 :       5746 :         switch (conn->handshake.async_state) {                             \
      39                 :       5573 :             case S2N_ASYNC_NOT_INVOKED:                                    \
      40                 :       5573 :                 break;                                                     \
      41                 :          0 :                                                                            \
      42                 :         74 :             case S2N_ASYNC_INVOKED:                                        \
      43                 :         74 :                 POSIX_BAIL(S2N_ERR_ASYNC_BLOCKED);                         \
      44                 :         74 :                                                                            \
      45                 :         99 :             case S2N_ASYNC_COMPLETE:                                       \
      46                 :         99 :                 /* clean up state and return a success from handler */     \
      47                 :         99 :                 __tmp_conn->handshake.async_state = S2N_ASYNC_NOT_INVOKED; \
      48                 :         99 :                 return S2N_SUCCESS;                                        \
      49                 :       5746 :         }                                                                  \
      50                 :       5746 :     } while (0)
      51                 :            : 
      52                 :            : /* Macros for safe exection of async sign/decrypt.
      53                 :            :  *
      54                 :            :  * When operation is done asynchronously, we drop to s2n_negotiate loop with S2N_ERR_ASYNC_BLOCKED error and do not
      55                 :            :  * perform any of the operations to follow after s2n_async* call. To enforce that there are no operations after the
      56                 :            :  * call, we use a macro which directly returns the result of s2n_async* operation forcing compiler to error out on
      57                 :            :  * unreachable code and forcing developer to use on_complete function instead */
      58                 :            : #define S2N_ASYNC_PKEY_DECRYPT(conn, encrypted, init_decrypted, on_complete) \
      59                 :       1451 :     return s2n_result_is_ok(s2n_async_pkey_decrypt(conn, encrypted, init_decrypted, on_complete)) ? S2N_SUCCESS : S2N_FAILURE;
      60                 :            : 
      61                 :            : #define S2N_ASYNC_PKEY_SIGN(conn, sig_alg, digest, on_complete) \
      62                 :       4089 :     return s2n_result_is_ok(s2n_async_pkey_sign(conn, sig_alg, digest, on_complete)) ? S2N_SUCCESS : S2N_FAILURE;
      63                 :            : 
      64                 :            : int s2n_async_pkey_op_perform(struct s2n_async_pkey_op *op, s2n_cert_private_key *key);
      65                 :            : int s2n_async_pkey_op_apply(struct s2n_async_pkey_op *op, struct s2n_connection *conn);
      66                 :            : int s2n_async_pkey_op_free(struct s2n_async_pkey_op *op);
      67                 :            : 
      68                 :            : int s2n_async_pkey_op_get_op_type(struct s2n_async_pkey_op *op, s2n_async_pkey_op_type *type);
      69                 :            : int s2n_async_pkey_op_get_input_size(struct s2n_async_pkey_op *op, uint32_t *data_len);
      70                 :            : int s2n_async_pkey_op_get_input(struct s2n_async_pkey_op *op, uint8_t *data, uint32_t data_len);
      71                 :            : int s2n_async_pkey_op_set_output(struct s2n_async_pkey_op *op, const uint8_t *data, uint32_t data_len);
      72                 :            : int s2n_async_pkey_op_set_validation_mode(struct s2n_async_pkey_op *op, s2n_async_pkey_validation_mode mode);
      73                 :            : 
      74                 :            : S2N_RESULT s2n_async_pkey_verify_signature(struct s2n_connection *conn, s2n_signature_algorithm sig_alg,
      75                 :            :         struct s2n_hash_state *digest, struct s2n_blob *signature);
      76                 :            : S2N_RESULT s2n_async_pkey_decrypt(struct s2n_connection *conn, struct s2n_blob *encrypted, struct s2n_blob *init_decrypted,
      77                 :            :         s2n_async_pkey_decrypt_complete on_complete);
      78                 :            : S2N_RESULT s2n_async_pkey_sign(struct s2n_connection *conn, s2n_signature_algorithm sig_alg, struct s2n_hash_state *digest,
      79                 :            :         s2n_async_pkey_sign_complete on_complete);
      80                 :            : 
      81                 :            : struct s2n_async_pkey_verify_data {
      82                 :            :     struct s2n_hash_state digest;
      83                 :            :     s2n_signature_algorithm sig_alg;
      84                 :            :     struct s2n_blob signature;
      85                 :            : };
      86                 :            : 
      87                 :            : int s2n_async_pkey_verify(struct s2n_connection *conn, s2n_signature_algorithm sig_alg,
      88                 :            :         struct s2n_hash_state *digest, struct s2n_blob *signature);