Branch data     Line data    Source code

       1                 :            : /*
       2                 :            :  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
       3                 :            :  *
       4                 :            :  * Licensed under the Apache License, Version 2.0 (the "License").
       5                 :            :  * You may not use this file except in compliance with the License.
       6                 :            :  * A copy of the License is located at
       7                 :            :  *
       8                 :            :  *  http://aws.amazon.com/apache2.0
       9                 :            :  *
      10                 :            :  * or in the "license" file accompanying this file. This file is distributed
      11                 :            :  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
      12                 :            :  * express or implied. See the License for the specific language governing
      13                 :            :  * permissions and limitations under the License.
      14                 :            :  */
      15                 :            : 
      16                 :            : #pragma once
      17                 :            : 
      18                 :            : #include <stdint.h>
      19                 :            : 
      20                 :            : #include "crypto/s2n_certificate.h"
      21                 :            : #include "crypto/s2n_cipher.h"
      22                 :            : #include "crypto/s2n_hmac.h"
      23                 :            : #include "tls/s2n_connection.h"
      24                 :            : #include "tls/s2n_crypto.h"
      25                 :            : #include "tls/s2n_kem_preferences.h"
      26                 :            : #include "tls/s2n_tls_parameters.h"
      27                 :            : 
      28                 :            : /* Key exchange flags that can be OR'ed */
      29                 :            : #define S2N_KEY_EXCHANGE_DH  0x01 /* Diffie-Hellman key exchange, including ephemeral */
      30                 :            : #define S2N_KEY_EXCHANGE_EPH 0x02 /* Ephemeral key exchange */
      31                 :            : #define S2N_KEY_EXCHANGE_ECC 0x04 /* Elliptic curve cryptography */
      32                 :            : 
      33                 :            : #define S2N_MAX_POSSIBLE_RECORD_ALGS 2
      34                 :            : 
      35                 :            : /* Kept up-to-date by s2n_cipher_suite_test */
      36                 :            : #define S2N_CIPHER_SUITE_COUNT 36
      37                 :            : 
      38                 :            : /* Record algorithm flags that can be OR'ed */
      39                 :    6740945 : #define S2N_TLS12_AES_GCM_AEAD_NONCE     0x01
      40                 :    4582972 : #define S2N_TLS12_CHACHA_POLY_AEAD_NONCE 0x02
      41                 :    6999467 : #define S2N_TLS13_RECORD_AEAD_NONCE      0x04
      42                 :            : 
      43                 :            : /* From RFC: https://tools.ietf.org/html/rfc8446#section-5.5
      44                 :            :  * For AES-GCM, up to 2^24.5 full-size records (about 24 million) may be
      45                 :            :  * encrypted on a given connection while keeping a safety margin of
      46                 :            :  * approximately 2^-57 for Authenticated Encryption (AE) security.
      47                 :            :  * S2N_TLS13_MAXIMUM_RECORD_NUMBER is 2^24.5 rounded down to the nearest whole number
      48                 :            :  * minus 1 for the key update message.
      49                 :            :  */
      50                 :            : #define S2N_TLS13_AES_GCM_MAXIMUM_RECORD_NUMBER ((uint64_t) 23726565)
      51                 :            : 
      52                 :            : typedef enum {
      53                 :            :     S2N_AUTHENTICATION_RSA = 0,
      54                 :            :     S2N_AUTHENTICATION_ECDSA,
      55                 :            :     S2N_AUTHENTICATION_METHOD_SENTINEL
      56                 :            : } s2n_authentication_method;
      57                 :            : 
      58                 :            : /* Used by TLS 1.3 CipherSuites (Eg TLS_AES_128_GCM_SHA256 "0x1301") where the Auth method will be specified by the
      59                 :            :  * SignatureScheme Extension, not the CipherSuite. */
      60                 :            : #define S2N_AUTHENTICATION_METHOD_TLS13 S2N_AUTHENTICATION_METHOD_SENTINEL
      61                 :            : 
      62                 :            : struct s2n_record_algorithm {
      63                 :            :     const struct s2n_cipher *cipher;
      64                 :            :     s2n_hmac_algorithm hmac_alg;
      65                 :            :     uint32_t flags;
      66                 :            :     uint64_t encryption_limit;
      67                 :            : };
      68                 :            : 
      69                 :            : /* Verbose names to avoid confusion with s2n_cipher. Exposed for unit tests */
      70                 :            : extern const struct s2n_record_algorithm s2n_record_alg_null;
      71                 :            : extern const struct s2n_record_algorithm s2n_record_alg_rc4_md5;
      72                 :            : extern const struct s2n_record_algorithm s2n_record_alg_rc4_sha;
      73                 :            : extern const struct s2n_record_algorithm s2n_record_alg_3des_sha;
      74                 :            : extern const struct s2n_record_algorithm s2n_record_alg_aes128_sha;
      75                 :            : extern const struct s2n_record_algorithm s2n_record_alg_aes128_sha_composite;
      76                 :            : extern const struct s2n_record_algorithm s2n_record_alg_aes128_sha256;
      77                 :            : extern const struct s2n_record_algorithm s2n_record_alg_aes128_sha256_composite;
      78                 :            : extern const struct s2n_record_algorithm s2n_record_alg_aes256_sha;
      79                 :            : extern const struct s2n_record_algorithm s2n_record_alg_aes256_sha_composite;
      80                 :            : extern const struct s2n_record_algorithm s2n_record_alg_aes256_sha256;
      81                 :            : extern const struct s2n_record_algorithm s2n_record_alg_aes256_sha256_composite;
      82                 :            : extern const struct s2n_record_algorithm s2n_record_alg_aes256_sha384;
      83                 :            : extern const struct s2n_record_algorithm s2n_record_alg_aes128_gcm;
      84                 :            : extern const struct s2n_record_algorithm s2n_record_alg_aes256_gcm;
      85                 :            : extern const struct s2n_record_algorithm s2n_record_alg_chacha20_poly1305;
      86                 :            : extern const struct s2n_record_algorithm s2n_tls13_record_alg_aes128_gcm;
      87                 :            : extern const struct s2n_record_algorithm s2n_tls13_record_alg_chacha20_poly1305;
      88                 :            : 
      89                 :            : struct s2n_cipher_suite {
      90                 :            :     /* Is there an implementation available? Set in s2n_cipher_suites_init() */
      91                 :            :     unsigned int available : 1;
      92                 :            : 
      93                 :            :     /* Cipher name in Openssl format */
      94                 :            :     const char *name;
      95                 :            : 
      96                 :            :     /* Cipher name in IANA format */
      97                 :            :     const char *iana_name;
      98                 :            : 
      99                 :            :     const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN];
     100                 :            : 
     101                 :            :     const struct s2n_kex *key_exchange_alg;
     102                 :            : 
     103                 :            :     const s2n_authentication_method auth_method;
     104                 :            : 
     105                 :            :     /* Algorithms used for per-record security. Set in s2n_cipher_suites_init() */
     106                 :            :     const struct s2n_record_algorithm *record_alg;
     107                 :            : 
     108                 :            :     /* List of all possible record alg implementations in descending priority */
     109                 :            :     const struct s2n_record_algorithm *all_record_algs[S2N_MAX_POSSIBLE_RECORD_ALGS];
     110                 :            :     const uint8_t num_record_algs;
     111                 :            : 
     112                 :            :     /* SSLv3 utilizes HMAC differently from TLS */
     113                 :            :     const struct s2n_record_algorithm *sslv3_record_alg;
     114                 :            :     struct s2n_cipher_suite *sslv3_cipher_suite;
     115                 :            : 
     116                 :            :     /* RFC 5426(TLS1.2) allows cipher suite defined PRFs. Cipher suites defined in and before TLS1.2 will use
     117                 :            :      * P_hash with SHA256 when TLS1.2 is negotiated.
     118                 :            :      */
     119                 :            :     const s2n_hmac_algorithm prf_alg;
     120                 :            : 
     121                 :            :     const uint8_t minimum_required_tls_version;
     122                 :            : };
     123                 :            : 
     124                 :            : /* Never negotiated */
     125                 :            : extern struct s2n_cipher_suite s2n_null_cipher_suite;
     126                 :            : 
     127                 :            : extern struct s2n_cipher_suite s2n_rsa_with_rc4_128_md5;
     128                 :            : extern struct s2n_cipher_suite s2n_rsa_with_rc4_128_sha;
     129                 :            : extern struct s2n_cipher_suite s2n_rsa_with_3des_ede_cbc_sha;
     130                 :            : extern struct s2n_cipher_suite s2n_dhe_rsa_with_3des_ede_cbc_sha;
     131                 :            : extern struct s2n_cipher_suite s2n_rsa_with_aes_128_cbc_sha;
     132                 :            : extern struct s2n_cipher_suite s2n_dhe_rsa_with_aes_128_cbc_sha;
     133                 :            : extern struct s2n_cipher_suite s2n_rsa_with_aes_256_cbc_sha;
     134                 :            : extern struct s2n_cipher_suite s2n_dhe_rsa_with_aes_256_cbc_sha;
     135                 :            : extern struct s2n_cipher_suite s2n_rsa_with_aes_128_cbc_sha256;
     136                 :            : extern struct s2n_cipher_suite s2n_rsa_with_aes_256_cbc_sha256;
     137                 :            : extern struct s2n_cipher_suite s2n_dhe_rsa_with_aes_128_cbc_sha256;
     138                 :            : extern struct s2n_cipher_suite s2n_dhe_rsa_with_aes_256_cbc_sha256;
     139                 :            : extern struct s2n_cipher_suite s2n_rsa_with_aes_128_gcm_sha256;
     140                 :            : extern struct s2n_cipher_suite s2n_rsa_with_aes_256_gcm_sha384;
     141                 :            : extern struct s2n_cipher_suite s2n_dhe_rsa_with_aes_128_gcm_sha256;
     142                 :            : extern struct s2n_cipher_suite s2n_dhe_rsa_with_aes_256_gcm_sha384;
     143                 :            : extern struct s2n_cipher_suite s2n_ecdhe_ecdsa_with_aes_128_cbc_sha;
     144                 :            : extern struct s2n_cipher_suite s2n_ecdhe_ecdsa_with_aes_256_cbc_sha;
     145                 :            : extern struct s2n_cipher_suite s2n_ecdhe_rsa_with_3des_ede_cbc_sha;
     146                 :            : extern struct s2n_cipher_suite s2n_ecdhe_rsa_with_aes_128_cbc_sha;
     147                 :            : extern struct s2n_cipher_suite s2n_ecdhe_rsa_with_aes_256_cbc_sha;
     148                 :            : extern struct s2n_cipher_suite s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256;
     149                 :            : extern struct s2n_cipher_suite s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384;
     150                 :            : extern struct s2n_cipher_suite s2n_ecdhe_rsa_with_aes_128_cbc_sha256;
     151                 :            : extern struct s2n_cipher_suite s2n_ecdhe_rsa_with_aes_256_cbc_sha384;
     152                 :            : extern struct s2n_cipher_suite s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256;
     153                 :            : extern struct s2n_cipher_suite s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384;
     154                 :            : extern struct s2n_cipher_suite s2n_ecdhe_rsa_with_aes_128_gcm_sha256;
     155                 :            : extern struct s2n_cipher_suite s2n_ecdhe_rsa_with_aes_256_gcm_sha384;
     156                 :            : extern struct s2n_cipher_suite s2n_ecdhe_rsa_with_chacha20_poly1305_sha256;
     157                 :            : extern struct s2n_cipher_suite s2n_dhe_rsa_with_chacha20_poly1305_sha256;
     158                 :            : extern struct s2n_cipher_suite s2n_ecdhe_ecdsa_with_chacha20_poly1305_sha256;
     159                 :            : extern struct s2n_cipher_suite s2n_ecdhe_rsa_with_rc4_128_sha;
     160                 :            : extern struct s2n_cipher_suite s2n_tls13_aes_256_gcm_sha384;
     161                 :            : extern struct s2n_cipher_suite s2n_tls13_aes_128_gcm_sha256;
     162                 :            : extern struct s2n_cipher_suite s2n_tls13_chacha20_poly1305_sha256;
     163                 :            : 
     164                 :            : int s2n_cipher_suites_init(void);
     165                 :            : S2N_RESULT s2n_cipher_suites_cleanup(void);
     166                 :            : S2N_RESULT s2n_cipher_suite_from_iana(const uint8_t *iana, size_t iana_len, struct s2n_cipher_suite **cipher_suite);
     167                 :            : bool s2n_cipher_suite_uses_chacha20_alg(struct s2n_cipher_suite *cipher_suite);
     168                 :            : int s2n_set_cipher_as_client(struct s2n_connection *conn, uint8_t wire[S2N_TLS_CIPHER_SUITE_LEN]);
     169                 :            : int s2n_set_cipher_as_sslv2_server(struct s2n_connection *conn, uint8_t *wire, uint16_t count);
     170                 :            : int s2n_set_cipher_as_tls_server(struct s2n_connection *conn, uint8_t *wire, uint16_t count);
     171                 :            : bool s2n_cipher_suite_requires_ecc_extension(struct s2n_cipher_suite *cipher);
     172                 :            : bool s2n_cipher_suite_requires_pq_extension(struct s2n_cipher_suite *cipher);