Home Explore Help
Sign In
SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git
1
0
Fork 0
Files
Tree: 686cf76645
Branches Tags
ydb
/
contrib
/
restricted
/
aws
/
s2n
/
tls
/
s2n_record.h

s2n_record.h 3.9 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 
  1. /*
    2. 

  2.  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
    3. 

  3.  *
    4. 

  4.  * Licensed under the Apache License, Version 2.0 (the "License").
    5. 

  5.  * You may not use this file except in compliance with the License.
    6. 

  6.  * A copy of the License is located at
    7. 

  7.  *
    8. 

  8.  *  http://aws.amazon.com/apache2.0
    9. 

  9.  *
    10. 

  10.  * or in the "license" file accompanying this file. This file is distributed
    11. 

  11.  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
    12. 

  12.  * express or implied. See the License for the specific language governing
    13. 

  13.  * permissions and limitations under the License.
    14. 

  14.  */
    15. 

  15. 

  16. #pragma once
    17. 

  17. 

  18. #include <stdint.h>
    19. 

  19. 

  20. #include "crypto/s2n_hmac.h"
    21. 

  21. #include "stuffer/s2n_stuffer.h"
    22. 

  22. 

  23. #define S2N_TLS_CONTENT_TYPE_LENGTH 1
    24. 

  24. 

  25. /* All versions of TLS define the record header the same:
    26. 

  26.  * ContentType + ProtocolVersion + length
    27. 

  27.  */
    28. 

  28. #define S2N_TLS_RECORD_HEADER_LENGTH (S2N_TLS_CONTENT_TYPE_LENGTH + S2N_TLS_PROTOCOL_VERSION_LEN + 2)
    29. 

  29. 

  30. /*
    31. 

  31.  * All versions of TLS limit the data fragment to 2^14 bytes.
    32. 

  32.  *
    33. 

  33.  *= https://tools.ietf.org/rfc/rfc5246#section-6.2.1
    34. 

  34.  *# The record layer fragments information blocks into TLSPlaintext
    35. 

  35.  *# records carrying data in chunks of 2^14 bytes or less.
    36. 

  36.  *
    37. 

  37.  *= https://tools.ietf.org/rfc/rfc8446#section-5.1
    38. 

  38.  *# The record layer fragments information blocks into TLSPlaintext
    39. 

  39.  *# records carrying data in chunks of 2^14 bytes or less.
    40. 

  40.  */
    41. 

  41. #define S2N_TLS_MAXIMUM_FRAGMENT_LENGTH (1 << 14)
    42. 

  42. 

  43. /* The TLS1.2 record length allows for 1024 bytes of compression expansion and
    44. 

  44.  * 1024 bytes of encryption expansion and padding.
    45. 

  45.  * Since S2N does not support compression, we can ignore the compression overhead.
    46. 

  46.  */
    47. 

  47. #define S2N_TLS12_ENCRYPTION_OVERHEAD_SIZE 1024
    48. 

  48. #define S2N_TLS12_MAX_RECORD_LEN_FOR(frag) \
    49. 

  49.     ((frag) + S2N_TLS12_ENCRYPTION_OVERHEAD_SIZE + S2N_TLS_RECORD_HEADER_LENGTH)
    50. 

  50. #define S2N_TLS12_MAXIMUM_RECORD_LENGTH S2N_TLS12_MAX_RECORD_LEN_FOR(S2N_TLS_MAXIMUM_FRAGMENT_LENGTH)
    51. 

  51. 

  52. /*
    53. 

  53.  *= https://tools.ietf.org/rfc/rfc8446#section-5.2
    54. 

  54.  *# An AEAD algorithm used in TLS 1.3 MUST NOT produce an expansion
    55. 

  55.  *# greater than 255 octets.
    56. 

  56.  */
    57. 

  57. #define S2N_TLS13_ENCRYPTION_OVERHEAD_SIZE 255
    58. 

  58. #define S2N_TLS13_MAX_RECORD_LEN_FOR(frag) ((frag) + S2N_TLS_CONTENT_TYPE_LENGTH \
    59. 

  59.         + S2N_TLS13_ENCRYPTION_OVERHEAD_SIZE                                     \
    60. 

  60.         + S2N_TLS_RECORD_HEADER_LENGTH)
    61. 

  61. #define S2N_TLS13_MAXIMUM_RECORD_LENGTH S2N_TLS13_MAX_RECORD_LEN_FOR(S2N_TLS_MAXIMUM_FRAGMENT_LENGTH)
    62. 

  62. 

  63. /* Currently, TLS1.2 records may be larger than TLS1.3 records.
    64. 

  64.  * If the protocol is unknown, assume TLS1.2.
    65. 

  65.  */
    66. 

  66. #define S2N_TLS_MAX_RECORD_LEN_FOR(frag) S2N_TLS12_MAX_RECORD_LEN_FOR(frag)
    67. 

  67. #define S2N_TLS_MAXIMUM_RECORD_LENGTH    S2N_TLS_MAX_RECORD_LEN_FOR(S2N_TLS_MAXIMUM_FRAGMENT_LENGTH)
    68. 

  68. 

  69. S2N_RESULT s2n_record_max_write_size(struct s2n_connection *conn, uint16_t max_fragment_size, uint16_t *max_record_size);
    70. 

  70. S2N_RESULT s2n_record_max_write_payload_size(struct s2n_connection *conn, uint16_t *max_fragment_size);
    71. 

  71. S2N_RESULT s2n_record_min_write_payload_size(struct s2n_connection *conn, uint16_t *payload_size);
    72. 

  72. S2N_RESULT s2n_record_write(struct s2n_connection *conn, uint8_t content_type, struct s2n_blob *in);
    73. 

  73. int s2n_record_writev(struct s2n_connection *conn, uint8_t content_type, const struct iovec *in, int in_count, size_t offs, size_t to_write);
    74. 

  74. int s2n_record_parse(struct s2n_connection *conn);
    75. 

  75. int s2n_record_header_parse(struct s2n_connection *conn, uint8_t *content_type, uint16_t *fragment_length);
    76. 

  76. int s2n_tls13_parse_record_type(struct s2n_stuffer *stuffer, uint8_t *record_type);
    77. 

  77. int s2n_sslv2_record_header_parse(struct s2n_connection *conn, uint8_t *record_type, uint8_t *client_protocol_version, uint16_t *fragment_length);
    78. 

  78. int s2n_verify_cbc(struct s2n_connection *conn, struct s2n_hmac_state *hmac, struct s2n_blob *decrypted);
    79. 

  79. S2N_RESULT s2n_aead_aad_init(const struct s2n_connection *conn, uint8_t *sequence_number, uint8_t content_type, uint16_t record_length, struct s2n_blob *ad);
    80. 

  80. S2N_RESULT s2n_tls13_aead_aad_init(uint16_t record_length, uint8_t tag_length, struct s2n_blob *ad);
    81.