Home Explore Help
Sign In
SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git
1
0
Fork 0
Files
Tree: 686cf76645
Branches Tags
ydb
/
contrib
/
restricted
/
aws
/
s2n
/
tls
/
s2n_kex.c

s2n_kex.c 12 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338 
  1. /*
    2. 

  2.  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
    3. 

  3.  *
    4. 

  4.  * Licensed under the Apache License, Version 2.0 (the "License").
    5. 

  5.  * You may not use this file except in compliance with the License.
    6. 

  6.  * A copy of the License is located at
    7. 

  7.  *
    8. 

  8.  *  http://aws.amazon.com/apache2.0
    9. 

  9.  *
    10. 

  10.  * or in the "license" file accompanying this file. This file is distributed
    11. 

  11.  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
    12. 

  12.  * express or implied. See the License for the specific language governing
    13. 

  13.  * permissions and limitations under the License.
    14. 

  14.  */
    15. 

  15. 

  16. #include "tls/s2n_kex.h"
    17. 

  17. 

  18. #include "pq-crypto/s2n_pq.h"
    19. 

  19. #include "tls/s2n_cipher_preferences.h"
    20. 

  20. #include "tls/s2n_cipher_suites.h"
    21. 

  21. #include "tls/s2n_client_key_exchange.h"
    22. 

  22. #include "tls/s2n_kem.h"
    23. 

  23. #include "tls/s2n_security_policies.h"
    24. 

  24. #include "tls/s2n_server_key_exchange.h"
    25. 

  25. #include "tls/s2n_tls.h"
    26. 

  26. #include "utils/s2n_safety.h"
    27. 

  27. 

  28. static S2N_RESULT s2n_check_rsa_key(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn, bool *is_supported)
    29. 

  29. {
    30. 

  30.     RESULT_ENSURE_REF(cipher_suite);
    31. 

  31.     RESULT_ENSURE_REF(conn);
    32. 

  32.     RESULT_ENSURE_REF(is_supported);
    33. 

  33. 

  34.     *is_supported = s2n_get_compatible_cert_chain_and_key(conn, S2N_PKEY_TYPE_RSA) != NULL;
    35. 

  35. 

  36.     return S2N_RESULT_OK;
    37. 

  37. }
    38. 

  38. 

  39. static S2N_RESULT s2n_check_dhe(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn, bool *is_supported)
    40. 

  40. {
    41. 

  41.     RESULT_ENSURE_REF(cipher_suite);
    42. 

  42.     RESULT_ENSURE_REF(conn);
    43. 

  43.     RESULT_ENSURE_REF(conn->config);
    44. 

  44.     RESULT_ENSURE_REF(is_supported);
    45. 

  45. 

  46.     *is_supported = conn->config->dhparams != NULL;
    47. 

  47. 

  48.     return S2N_RESULT_OK;
    49. 

  49. }
    50. 

  50. 

  51. static S2N_RESULT s2n_check_ecdhe(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn, bool *is_supported)
    52. 

  52. {
    53. 

  53.     RESULT_ENSURE_REF(cipher_suite);
    54. 

  54.     RESULT_ENSURE_REF(conn);
    55. 

  55.     RESULT_ENSURE_REF(is_supported);
    56. 

  56. 

  57.     *is_supported = conn->kex_params.server_ecc_evp_params.negotiated_curve != NULL;
    58. 

  58. 

  59.     return S2N_RESULT_OK;
    60. 

  60. }
    61. 

  61. 

  62. static S2N_RESULT s2n_check_kem(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn, bool *is_supported)
    63. 

  63. {
    64. 

  64.     RESULT_ENSURE_REF(cipher_suite);
    65. 

  65.     RESULT_ENSURE_REF(conn);
    66. 

  66.     RESULT_ENSURE_REF(is_supported);
    67. 

  67. 

  68.     /* If any of the necessary conditions are not met, we will return early and indicate KEM is not supported. */
    69. 

  69.     *is_supported = false;
    70. 

  70. 

  71.     const struct s2n_kem_preferences *kem_preferences = NULL;
    72. 

  72.     RESULT_GUARD_POSIX(s2n_connection_get_kem_preferences(conn, &kem_preferences));
    73. 

  73.     RESULT_ENSURE_REF(kem_preferences);
    74. 

  74. 

  75.     if (!s2n_pq_is_enabled() || kem_preferences->kem_count == 0) {
    76. 

  76.         return S2N_RESULT_OK;
    77. 

  77.     }
    78. 

  78. 

  79.     const struct s2n_iana_to_kem *supported_params = NULL;
    80. 

  80.     if (s2n_cipher_suite_to_kem(cipher_suite->iana_value, &supported_params) != S2N_SUCCESS) {
    81. 

  81.         return S2N_RESULT_OK;
    82. 

  82.     }
    83. 

  83. 

  84.     RESULT_ENSURE_REF(supported_params);
    85. 

  85.     if (supported_params->kem_count == 0) {
    86. 

  86.         return S2N_RESULT_OK;
    87. 

  87.     }
    88. 

  88. 

  89.     struct s2n_blob *client_kem_pref_list = &(conn->kex_params.client_pq_kem_extension);
    90. 

  90.     const struct s2n_kem *chosen_kem = NULL;
    91. 

  91.     if (client_kem_pref_list == NULL || client_kem_pref_list->data == NULL) {
    92. 

  92.         /* If the client did not send a PQ KEM extension, then the server can pick its preferred parameter */
    93. 

  93.         if (s2n_choose_kem_without_peer_pref_list(
    94. 

  94.                     cipher_suite->iana_value, kem_preferences->kems, kem_preferences->kem_count, &chosen_kem)
    95. 

  95.                 != S2N_SUCCESS) {
    96. 

  96.             return S2N_RESULT_OK;
    97. 

  97.         }
    98. 

  98.     } else {
    99. 

  99.         /* If the client did send a PQ KEM extension, then the server must find a mutually supported parameter. */
    100. 

  100.         if (s2n_choose_kem_with_peer_pref_list(
    101. 

  101.                     cipher_suite->iana_value, client_kem_pref_list, kem_preferences->kems, kem_preferences->kem_count, &chosen_kem)
    102. 

  102.                 != S2N_SUCCESS) {
    103. 

  103.             return S2N_RESULT_OK;
    104. 

  104.         }
    105. 

  105.     }
    106. 

  106. 

  107.     *is_supported = chosen_kem != NULL;
    108. 

  108.     return S2N_RESULT_OK;
    109. 

  109. }
    110. 

  110. 

  111. static S2N_RESULT s2n_configure_kem(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn)
    112. 

  112. {
    113. 

  113.     RESULT_ENSURE_REF(cipher_suite);
    114. 

  114.     RESULT_ENSURE_REF(conn);
    115. 

  115. 

  116.     RESULT_ENSURE(s2n_pq_is_enabled(), S2N_ERR_PQ_DISABLED);
    117. 

  117. 

  118.     const struct s2n_kem_preferences *kem_preferences = NULL;
    119. 

  119.     RESULT_GUARD_POSIX(s2n_connection_get_kem_preferences(conn, &kem_preferences));
    120. 

  120.     RESULT_ENSURE_REF(kem_preferences);
    121. 

  121. 

  122.     struct s2n_blob *proposed_kems = &(conn->kex_params.client_pq_kem_extension);
    123. 

  123.     const struct s2n_kem *chosen_kem = NULL;
    124. 

  124.     if (proposed_kems == NULL || proposed_kems->data == NULL) {
    125. 

  125.         /* If the client did not send a PQ KEM extension, then the server can pick its preferred parameter */
    126. 

  126.         RESULT_GUARD_POSIX(s2n_choose_kem_without_peer_pref_list(cipher_suite->iana_value, kem_preferences->kems,
    127. 

  127.                 kem_preferences->kem_count, &chosen_kem));
    128. 

  128.     } else {
    129. 

  129.         /* If the client did send a PQ KEM extension, then the server must find a mutually supported parameter. */
    130. 

  130.         RESULT_GUARD_POSIX(s2n_choose_kem_with_peer_pref_list(cipher_suite->iana_value, proposed_kems, kem_preferences->kems,
    131. 

  131.                 kem_preferences->kem_count, &chosen_kem));
    132. 

  132.     }
    133. 

  133. 

  134.     conn->kex_params.kem_params.kem = chosen_kem;
    135. 

  135.     return S2N_RESULT_OK;
    136. 

  136. }
    137. 

  137. 

  138. static S2N_RESULT s2n_no_op_configure(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn)
    139. 

  139. {
    140. 

  140.     return S2N_RESULT_OK;
    141. 

  141. }
    142. 

  142. 

  143. static S2N_RESULT s2n_check_hybrid_ecdhe_kem(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn, bool *is_supported)
    144. 

  144. {
    145. 

  145.     RESULT_ENSURE_REF(cipher_suite);
    146. 

  146.     RESULT_ENSURE_REF(conn);
    147. 

  147.     RESULT_ENSURE_REF(is_supported);
    148. 

  148. 

  149.     bool ecdhe_supported = false;
    150. 

  150.     bool kem_supported = false;
    151. 

  151.     RESULT_GUARD(s2n_check_ecdhe(cipher_suite, conn, &ecdhe_supported));
    152. 

  152.     RESULT_GUARD(s2n_check_kem(cipher_suite, conn, &kem_supported));
    153. 

  153. 

  154.     *is_supported = ecdhe_supported && kem_supported;
    155. 

  155. 

  156.     return S2N_RESULT_OK;
    157. 

  157. }
    158. 

  158. 

  159. const struct s2n_kex s2n_kem = {
    160. 

  160.     .is_ephemeral = true,
    161. 

  161.     .connection_supported = &s2n_check_kem,
    162. 

  162.     .configure_connection = &s2n_configure_kem,
    163. 

  163.     .server_key_recv_read_data = &s2n_kem_server_key_recv_read_data,
    164. 

  164.     .server_key_recv_parse_data = &s2n_kem_server_key_recv_parse_data,
    165. 

  165.     .server_key_send = &s2n_kem_server_key_send,
    166. 

  166.     .client_key_recv = &s2n_kem_client_key_recv,
    167. 

  167.     .client_key_send = &s2n_kem_client_key_send,
    168. 

  168. };
    169. 

  169. 

  170. const struct s2n_kex s2n_rsa = {
    171. 

  171.     .is_ephemeral = false,
    172. 

  172.     .connection_supported = &s2n_check_rsa_key,
    173. 

  173.     .configure_connection = &s2n_no_op_configure,
    174. 

  174.     .server_key_recv_read_data = NULL,
    175. 

  175.     .server_key_recv_parse_data = NULL,
    176. 

  176.     .server_key_send = NULL,
    177. 

  177.     .client_key_recv = &s2n_rsa_client_key_recv,
    178. 

  178.     .client_key_send = &s2n_rsa_client_key_send,
    179. 

  179.     .prf = &s2n_prf_calculate_master_secret,
    180. 

  180. };
    181. 

  181. 

  182. const struct s2n_kex s2n_dhe = {
    183. 

  183.     .is_ephemeral = true,
    184. 

  184.     .connection_supported = &s2n_check_dhe,
    185. 

  185.     .configure_connection = &s2n_no_op_configure,
    186. 

  186.     .server_key_recv_read_data = &s2n_dhe_server_key_recv_read_data,
    187. 

  187.     .server_key_recv_parse_data = &s2n_dhe_server_key_recv_parse_data,
    188. 

  188.     .server_key_send = &s2n_dhe_server_key_send,
    189. 

  189.     .client_key_recv = &s2n_dhe_client_key_recv,
    190. 

  190.     .client_key_send = &s2n_dhe_client_key_send,
    191. 

  191.     .prf = &s2n_prf_calculate_master_secret,
    192. 

  192. };
    193. 

  193. 

  194. const struct s2n_kex s2n_ecdhe = {
    195. 

  195.     .is_ephemeral = true,
    196. 

  196.     .connection_supported = &s2n_check_ecdhe,
    197. 

  197.     .configure_connection = &s2n_no_op_configure,
    198. 

  198.     .server_key_recv_read_data = &s2n_ecdhe_server_key_recv_read_data,
    199. 

  199.     .server_key_recv_parse_data = &s2n_ecdhe_server_key_recv_parse_data,
    200. 

  200.     .server_key_send = &s2n_ecdhe_server_key_send,
    201. 

  201.     .client_key_recv = &s2n_ecdhe_client_key_recv,
    202. 

  202.     .client_key_send = &s2n_ecdhe_client_key_send,
    203. 

  203.     .prf = &s2n_prf_calculate_master_secret,
    204. 

  204. };
    205. 

  205. 

  206. const struct s2n_kex s2n_hybrid_ecdhe_kem = {
    207. 

  207.     .is_ephemeral = true,
    208. 

  208.     .hybrid = { &s2n_ecdhe, &s2n_kem },
    209. 

  209.     .connection_supported = &s2n_check_hybrid_ecdhe_kem,
    210. 

  210.     .configure_connection = &s2n_configure_kem,
    211. 

  211.     .server_key_recv_read_data = &s2n_hybrid_server_key_recv_read_data,
    212. 

  212.     .server_key_recv_parse_data = &s2n_hybrid_server_key_recv_parse_data,
    213. 

  213.     .server_key_send = &s2n_hybrid_server_key_send,
    214. 

  214.     .client_key_recv = &s2n_hybrid_client_key_recv,
    215. 

  215.     .client_key_send = &s2n_hybrid_client_key_send,
    216. 

  216.     .prf = &s2n_hybrid_prf_master_secret,
    217. 

  217. };
    218. 

  218. 

  219. S2N_RESULT s2n_kex_supported(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn, bool *is_supported)
    220. 

  220. {
    221. 

  221.     RESULT_ENSURE_REF(cipher_suite);
    222. 

  222.     RESULT_ENSURE_REF(cipher_suite->key_exchange_alg);
    223. 

  223.     RESULT_ENSURE_REF(cipher_suite->key_exchange_alg->connection_supported);
    224. 

  224.     RESULT_ENSURE_REF(conn);
    225. 

  225.     RESULT_ENSURE_REF(is_supported);
    226. 

  226. 

  227.     RESULT_GUARD(cipher_suite->key_exchange_alg->connection_supported(cipher_suite, conn, is_supported));
    228. 

  228. 

  229.     return S2N_RESULT_OK;
    230. 

  230. }
    231. 

  231. 

  232. S2N_RESULT s2n_configure_kex(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn)
    233. 

  233. {
    234. 

  234.     RESULT_ENSURE_REF(cipher_suite);
    235. 

  235.     RESULT_ENSURE_REF(cipher_suite->key_exchange_alg);
    236. 

  236.     RESULT_ENSURE_REF(cipher_suite->key_exchange_alg->configure_connection);
    237. 

  237.     RESULT_ENSURE_REF(conn);
    238. 

  238. 

  239.     RESULT_GUARD(cipher_suite->key_exchange_alg->configure_connection(cipher_suite, conn));
    240. 

  240. 

  241.     return S2N_RESULT_OK;
    242. 

  242. }
    243. 

  243. 

  244. S2N_RESULT s2n_kex_is_ephemeral(const struct s2n_kex *kex, bool *is_ephemeral)
    245. 

  245. {
    246. 

  246.     RESULT_ENSURE_REF(kex);
    247. 

  247.     RESULT_ENSURE_REF(is_ephemeral);
    248. 

  248. 

  249.     *is_ephemeral = kex->is_ephemeral;
    250. 

  250. 

  251.     return S2N_RESULT_OK;
    252. 

  252. }
    253. 

  253. 

  254. S2N_RESULT s2n_kex_server_key_recv_parse_data(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_kex_raw_server_data *raw_server_data)
    255. 

  255. {
    256. 

  256.     RESULT_ENSURE_REF(kex);
    257. 

  257.     RESULT_ENSURE_REF(kex->server_key_recv_parse_data);
    258. 

  258.     RESULT_ENSURE_REF(conn);
    259. 

  259.     RESULT_ENSURE_REF(raw_server_data);
    260. 

  260. 

  261.     RESULT_GUARD_POSIX(kex->server_key_recv_parse_data(conn, raw_server_data));
    262. 

  262. 

  263.     return S2N_RESULT_OK;
    264. 

  264. }
    265. 

  265. 

  266. S2N_RESULT s2n_kex_server_key_recv_read_data(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_blob *data_to_verify,
    267. 

  267.         struct s2n_kex_raw_server_data *raw_server_data)
    268. 

  268. {
    269. 

  269.     RESULT_ENSURE_REF(kex);
    270. 

  270.     RESULT_ENSURE_REF(kex->server_key_recv_read_data);
    271. 

  271.     RESULT_ENSURE_REF(conn);
    272. 

  272.     RESULT_ENSURE_REF(data_to_verify);
    273. 

  273. 

  274.     RESULT_GUARD_POSIX(kex->server_key_recv_read_data(conn, data_to_verify, raw_server_data));
    275. 

  275. 

  276.     return S2N_RESULT_OK;
    277. 

  277. }
    278. 

  278. 

  279. S2N_RESULT s2n_kex_server_key_send(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_blob *data_to_sign)
    280. 

  280. {
    281. 

  281.     RESULT_ENSURE_REF(kex);
    282. 

  282.     RESULT_ENSURE_REF(kex->server_key_send);
    283. 

  283.     RESULT_ENSURE_REF(conn);
    284. 

  284.     RESULT_ENSURE_REF(data_to_sign);
    285. 

  285. 

  286.     RESULT_GUARD_POSIX(kex->server_key_send(conn, data_to_sign));
    287. 

  287. 

  288.     return S2N_RESULT_OK;
    289. 

  289. }
    290. 

  290. 

  291. S2N_RESULT s2n_kex_client_key_recv(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_blob *shared_key)
    292. 

  292. {
    293. 

  293.     RESULT_ENSURE_REF(kex);
    294. 

  294.     RESULT_ENSURE_REF(kex->client_key_recv);
    295. 

  295.     RESULT_ENSURE_REF(conn);
    296. 

  296.     RESULT_ENSURE_REF(shared_key);
    297. 

  297. 

  298.     RESULT_GUARD_POSIX(kex->client_key_recv(conn, shared_key));
    299. 

  299. 

  300.     return S2N_RESULT_OK;
    301. 

  301. }
    302. 

  302. 

  303. S2N_RESULT s2n_kex_client_key_send(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_blob *shared_key)
    304. 

  304. {
    305. 

  305.     RESULT_ENSURE_REF(kex);
    306. 

  306.     RESULT_ENSURE_REF(kex->client_key_send);
    307. 

  307.     RESULT_ENSURE_REF(conn);
    308. 

  308.     RESULT_ENSURE_REF(shared_key);
    309. 

  309. 

  310.     RESULT_GUARD_POSIX(kex->client_key_send(conn, shared_key));
    311. 

  311. 

  312.     return S2N_RESULT_OK;
    313. 

  313. }
    314. 

  314. 

  315. S2N_RESULT s2n_kex_tls_prf(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_blob *premaster_secret)
    316. 

  316. {
    317. 

  317.     RESULT_ENSURE_REF(kex);
    318. 

  318.     RESULT_ENSURE_REF(kex->prf);
    319. 

  319.     RESULT_ENSURE_REF(conn);
    320. 

  320.     RESULT_ENSURE_REF(premaster_secret);
    321. 

  321. 

  322.     RESULT_GUARD_POSIX(kex->prf(conn, premaster_secret));
    323. 

  323. 

  324.     return S2N_RESULT_OK;
    325. 

  325. }
    326. 

  326. 

  327. bool s2n_kex_includes(const struct s2n_kex *kex, const struct s2n_kex *query)
    328. 

  328. {
    329. 

  329.     if (kex == query) {
    330. 

  330.         return true;
    331. 

  331.     }
    332. 

  332. 

  333.     if (kex == NULL || query == NULL) {
    334. 

  334.         return false;
    335. 

  335.     }
    336. 

  336. 

  337.     return query == kex->hybrid[0] || query == kex->hybrid[1];
    338. 

  338. }
    339.