Branch data     Line data    Source code

       1                 :            : /*
       2                 :            :  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
       3                 :            :  *
       4                 :            :  * Licensed under the Apache License, Version 2.0 (the "License").
       5                 :            :  * You may not use this file except in compliance with the License.
       6                 :            :  * A copy of the License is located at
       7                 :            :  *
       8                 :            :  *  http://aws.amazon.com/apache2.0
       9                 :            :  *
      10                 :            :  * or in the "license" file accompanying this file. This file is distributed
      11                 :            :  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
      12                 :            :  * express or implied. See the License for the specific language governing
      13                 :            :  * permissions and limitations under the License.
      14                 :            :  */
      15                 :            : 
      16                 :            : #include "tls/s2n_tls13.h"
      17                 :            : 
      18                 :            : #include "api/s2n.h"
      19                 :            : #include "crypto/s2n_rsa_pss.h"
      20                 :            : #include "tls/s2n_tls.h"
      21                 :            : 
      22                 :            : bool s2n_use_default_tls13_config_flag = false;
      23                 :            : 
      24                 :            : bool s2n_use_default_tls13_config()
      25                 :     127904 : {
      26                 :     127904 :     return s2n_use_default_tls13_config_flag;
      27                 :     127904 : }
      28                 :            : 
      29                 :            : bool s2n_is_tls13_fully_supported()
      30                 :      22171 : {
      31                 :            :     /* Older versions of Openssl (eg 1.0.2) do not support RSA PSS, which is required for TLS 1.3. */
      32 [ +  - ][ +  - ]:      22171 :     return s2n_is_rsa_pss_signing_supported() && s2n_is_rsa_pss_certs_supported();
      33                 :      22171 : }
      34                 :            : 
      35                 :            : int s2n_get_highest_fully_supported_tls_version()
      36                 :       5775 : {
      37         [ +  - ]:       5775 :     return s2n_is_tls13_fully_supported() ? S2N_TLS13 : S2N_TLS12;
      38                 :       5775 : }
      39                 :            : 
      40                 :            : /* Allow TLS1.3 to be negotiated, and use the default TLS1.3 security policy.
      41                 :            :  * This is NOT the default behavior, and this method is deprecated.
      42                 :            :  *
      43                 :            :  * Please consider using the default behavior and configuring
      44                 :            :  * TLS1.2/TLS1.3 via explicit security policy instead.
      45                 :            :  */
      46                 :            : int s2n_enable_tls13()
      47                 :          0 : {
      48                 :          0 :     return s2n_enable_tls13_in_test();
      49                 :          0 : }
      50                 :            : 
      51                 :            : /* Allow TLS1.3 to be negotiated, and use the default TLS1.3 security policy.
      52                 :            :  * This is NOT the default behavior, and this method is deprecated.
      53                 :            :  *
      54                 :            :  * Please consider using the default behavior and configuring
      55                 :            :  * TLS1.2/TLS1.3 via explicit security policy instead.
      56                 :            :  */
      57                 :            : int s2n_enable_tls13_in_test()
      58                 :         84 : {
      59                 :         84 :     s2n_highest_protocol_version = S2N_TLS13;
      60                 :         84 :     s2n_use_default_tls13_config_flag = true;
      61                 :         84 :     return S2N_SUCCESS;
      62                 :         84 : }
      63                 :            : 
      64                 :            : /* Do NOT allow TLS1.3 to be negotiated, regardless of security policy.
      65                 :            :  * This is NOT the default behavior, and this method is deprecated.
      66                 :            :  *
      67                 :            :  * Please consider using the default behavior and configuring
      68                 :            :  * TLS1.2/TLS1.3 via explicit security policy instead.
      69                 :            :  */
      70                 :            : int s2n_disable_tls13_in_test()
      71                 :        194 : {
      72 [ #  # ][ -  + ]:        194 :     POSIX_ENSURE(s2n_in_unit_test(), S2N_ERR_NOT_IN_UNIT_TEST);
      73                 :        194 :     s2n_highest_protocol_version = S2N_TLS12;
      74                 :        194 :     s2n_use_default_tls13_config_flag = false;
      75                 :        194 :     return S2N_SUCCESS;
      76                 :        194 : }
      77                 :            : 
      78                 :            : /* Reset S2N to the default protocol version behavior.
      79                 :            :  *
      80                 :            :  * This method is intended for use in existing unit tests when the APIs
      81                 :            :  * to enable/disable TLS1.3 have already been called.
      82                 :            :  */
      83                 :            : int s2n_reset_tls13_in_test()
      84                 :         16 : {
      85 [ -  + ][ #  # ]:         16 :     POSIX_ENSURE(s2n_in_unit_test(), S2N_ERR_NOT_IN_UNIT_TEST);
      86                 :         16 :     s2n_highest_protocol_version = S2N_TLS13;
      87                 :         16 :     s2n_use_default_tls13_config_flag = false;
      88                 :         16 :     return S2N_SUCCESS;
      89                 :         16 : }
      90                 :            : 
      91                 :            : /* Returns whether a uint16 iana value is a valid TLS 1.3 cipher suite */
      92                 :            : bool s2n_is_valid_tls13_cipher(const uint8_t version[2])
      93                 :    1030607 : {
      94                 :            :     /* Valid TLS 1.3 Ciphers are
      95                 :            :      * 0x1301, 0x1302, 0x1303, 0x1304, 0x1305.
      96                 :            :      * (https://tools.ietf.org/html/rfc8446#appendix-B.4)
      97                 :            :      */
      98 [ +  + ][ +  + ]:    1030607 :     return version[0] == 0x13 && version[1] >= 0x01 && version[1] <= 0x05;
                 [ +  + ]
      99                 :    1030607 : }
     100                 :            : 
     101                 :            : /* Use middlebox compatibility mode for TLS1.3 by default.
     102                 :            :  * For now, only disable it when QUIC support is enabled.
     103                 :            :  */
     104                 :            : bool s2n_is_middlebox_compat_enabled(struct s2n_connection *conn)
     105                 :      15758 : {
     106         [ +  + ]:      15758 :     return s2n_connection_get_protocol_version(conn) >= S2N_TLS13
     107         [ +  + ]:      15758 :             && !s2n_connection_is_quic_enabled(conn);
     108                 :      15758 : }
     109                 :            : 
     110                 :            : S2N_RESULT s2n_connection_validate_tls13_support(struct s2n_connection *conn)
     111                 :      16259 : {
     112 [ -  + ][ #  # ]:      16259 :     RESULT_ENSURE_REF(conn);
     113                 :            : 
     114                 :            :     /* If the underlying libcrypto supports all features of TLS1.3
     115                 :            :      * (including RSA-PSS, which is unsupported by some libraries),
     116                 :            :      * then we can always support TLS1.3.
     117                 :            :      */
     118         [ +  - ]:      16259 :     if (s2n_is_tls13_fully_supported()) {
     119                 :      16259 :         return S2N_RESULT_OK;
     120                 :      16259 :     }
     121                 :            : 
     122                 :            :     /*
     123                 :            :      * If the underlying libcrypto doesn't support all features...
     124                 :            :      */
     125                 :            : 
     126                 :            :     /* There are some TLS servers in the wild that will choose options not offered by the client.
     127                 :            :      * So a server might choose to use RSA-PSS even if even if the client does not advertise support for RSA-PSS.
     128                 :            :      * Therefore, only servers can perform TLS1.3 without full feature support.
     129                 :            :      */
     130 [ #  # ][ #  # ]:          0 :     RESULT_ENSURE(conn->mode == S2N_SERVER, S2N_ERR_RSA_PSS_NOT_SUPPORTED);
     131                 :            : 
     132                 :            :     /* RSA signatures must use RSA-PSS in TLS1.3.
     133                 :            :      * So RSA-PSS is required for TLS1.3 servers if an RSA certificate is used.
     134                 :            :      */
     135 [ #  # ][ #  # ]:          0 :     RESULT_ENSURE(!conn->config->is_rsa_cert_configured, S2N_ERR_RSA_PSS_NOT_SUPPORTED);
     136                 :            : 
     137                 :            :     /* RSA-PSS is also required for TLS1.3 servers if client auth is requested, because the
     138                 :            :      * client might offer an RSA certificate.
     139                 :            :      */
     140                 :          0 :     s2n_cert_auth_type client_auth_status = S2N_CERT_AUTH_NONE;
     141         [ #  # ]:          0 :     RESULT_GUARD_POSIX(s2n_connection_get_client_auth_type(conn, &client_auth_status));
     142 [ #  # ][ #  # ]:          0 :     RESULT_ENSURE(client_auth_status == S2N_CERT_AUTH_NONE, S2N_ERR_RSA_PSS_NOT_SUPPORTED);
     143                 :            : 
     144                 :          0 :     return S2N_RESULT_OK;
     145                 :          0 : }
     146                 :            : 
     147                 :            : bool s2n_connection_supports_tls13(struct s2n_connection *conn)
     148                 :      16210 : {
     149                 :      16210 :     return s2n_result_is_ok(s2n_connection_validate_tls13_support(conn));
     150                 :      16210 : }