From 600d533900a9a81303874d8fc8bcef6be8815e47 Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Fri, 20 Dec 2024 14:11:15 -0800 Subject: [PATCH] Remove PQ TLS 1.2 Support --- bin/policy.c | 4 - .../rust/extended/s2n-tls/src/connection.rs | 28 + .../extended/s2n-tls/src/testing/s2n_tls.rs | 4 +- bindings/rust/standard/integration/src/lib.rs | 4 +- .../integration/src/network/tls_client.rs | 28 +- error/s2n_errno.c | 1 + error/s2n_errno.h | 1 + .../cbmc/sources/make_common_datastructures.c | 2 - .../0e356ba505631fbf715758bed27d503f8b260e3a | Bin 2 -> 0 bytes .../19bbeeffd5ca3b4dd492e51ddc74cdbd97dcaced | Bin 848 -> 0 bytes .../2d0b82331a9f817f3c9345ba6d5657aca40a6a00 | Bin 828 -> 0 bytes .../3039044e9fcc0e9b2dee6103676d04bec90a8ffc | Bin 818 -> 0 bytes .../3368662134ad5fce476d7d1a1f8aa83cf4cb1bc4 | Bin 1948 -> 0 bytes .../3459631260dc55cc90c2f9a0a379e5254a90ce14 | Bin 1209 -> 0 bytes .../41b464aad39c7bebcfeec3d45943a040b512ebbc | Bin 811 -> 0 bytes .../429a23b0feef081a8394ea3e0b0c3bd86a54dc70 | Bin 848 -> 0 bytes .../518c3264f615b527fc92b393c512cde0d040c4ac | Bin 848 -> 0 bytes .../522510710b5ee6a8107e7324d98edc8663b7ebb8 | Bin 945 -> 0 bytes .../5ba93c9db0cff93f52b521d7420e43f6eda2784f | Bin 1 -> 0 bytes .../7519f457eccb3efd28d74c237f543d317e3becd8 | Bin 848 -> 0 bytes .../847bd6ff57e7591082f89b54624a58d7657c7fdf | Bin 848 -> 0 bytes .../848eeaf741cbd6fbb493aa1d06c0f129166afa8a | Bin 848 -> 0 bytes .../88166485140c55cc83d3df4404d3beaa49799805 | Bin 37 -> 0 bytes .../ac578702df787bb4a71a109fb398b4a12590e5c2 | Bin 36 -> 0 bytes .../c3dd518683173a14d38fb212e939351187291008 | Bin 804 -> 0 bytes .../c4f87a6290aee1acfc1f26083974ce94621fca64 | 1 - .../d6be497bf46f6081ab48be6ad126a9381703c529 | Bin 1208 -> 0 bytes .../ea479ea6c00b7ddedfecd84e2e087b8b1d542a6e | Bin 34 -> 0 bytes tests/fuzz/s2n_client_key_recv_fuzz_test.c | 6 +- .../s2n_hybrid_ecdhe_kyber_r3_fuzz_test.c | 134 ---- tests/unit/s2n_choose_supported_group_test.c | 2 - tests/unit/s2n_cipher_suite_match_test.c | 67 +- tests/unit/s2n_client_extensions_test.c | 249 -------- ...n_client_hello_get_supported_groups_test.c | 2 +- tests/unit/s2n_client_hello_retry_test.c | 9 +- .../s2n_client_key_share_extension_pq_test.c | 6 - tests/unit/s2n_client_pq_kem_extension_test.c | 134 ---- ...n_client_supported_groups_extension_test.c | 2 - .../s2n_ecc_point_format_extension_test.c | 4 - tests/unit/s2n_kem_preferences_test.c | 2 - tests/unit/s2n_kem_test.c | 41 -- tests/unit/s2n_kex_test.c | 18 - tests/unit/s2n_kex_with_kem_test.c | 183 ------ tests/unit/s2n_pq_mlkem_policies_test.c | 1 - tests/unit/s2n_security_policies_test.c | 341 ++-------- tests/unit/s2n_security_rules_test.c | 4 - .../s2n_server_key_share_extension_test.c | 4 - tests/unit/s2n_tls13_pq_handshake_test.c | 60 +- tls/extensions/s2n_client_pq_kem.c | 84 --- tls/extensions/s2n_client_pq_kem.h | 22 - tls/extensions/s2n_extension_type.h | 1 - tls/extensions/s2n_extension_type_lists.c | 2 - tls/s2n_cipher_preferences.c | 588 +++++++----------- tls/s2n_cipher_preferences.h | 28 +- tls/s2n_cipher_suites.c | 41 -- tls/s2n_cipher_suites.h | 3 +- tls/s2n_client_key_exchange.c | 94 --- tls/s2n_client_key_exchange.h | 2 - tls/s2n_connection.c | 8 +- tls/s2n_crypto.h | 2 - tls/s2n_kem.c | 113 ---- tls/s2n_kem.h | 10 - tls/s2n_kem_preferences.c | 24 +- tls/s2n_kem_preferences.h | 4 - tls/s2n_kex.c | 141 +---- tls/s2n_kex.h | 5 - tls/s2n_security_policies.c | 530 ++++++---------- tls/s2n_security_policies.h | 36 +- tls/s2n_server_key_exchange.c | 140 ----- tls/s2n_server_key_exchange.h | 8 - tls/s2n_tls_parameters.h | 5 - 71 files changed, 596 insertions(+), 2637 deletions(-) delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/0e356ba505631fbf715758bed27d503f8b260e3a delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/19bbeeffd5ca3b4dd492e51ddc74cdbd97dcaced delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/2d0b82331a9f817f3c9345ba6d5657aca40a6a00 delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/3039044e9fcc0e9b2dee6103676d04bec90a8ffc delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/3368662134ad5fce476d7d1a1f8aa83cf4cb1bc4 delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/3459631260dc55cc90c2f9a0a379e5254a90ce14 delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/41b464aad39c7bebcfeec3d45943a040b512ebbc delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/429a23b0feef081a8394ea3e0b0c3bd86a54dc70 delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/518c3264f615b527fc92b393c512cde0d040c4ac delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/522510710b5ee6a8107e7324d98edc8663b7ebb8 delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/5ba93c9db0cff93f52b521d7420e43f6eda2784f delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/7519f457eccb3efd28d74c237f543d317e3becd8 delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/847bd6ff57e7591082f89b54624a58d7657c7fdf delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/848eeaf741cbd6fbb493aa1d06c0f129166afa8a delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/88166485140c55cc83d3df4404d3beaa49799805 delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/ac578702df787bb4a71a109fb398b4a12590e5c2 delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/c3dd518683173a14d38fb212e939351187291008 delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/c4f87a6290aee1acfc1f26083974ce94621fca64 delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/d6be497bf46f6081ab48be6ad126a9381703c529 delete mode 100644 tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/ea479ea6c00b7ddedfecd84e2e087b8b1d542a6e delete mode 100644 tests/fuzz/s2n_hybrid_ecdhe_kyber_r3_fuzz_test.c delete mode 100644 tests/unit/s2n_client_pq_kem_extension_test.c delete mode 100644 tests/unit/s2n_kex_with_kem_test.c delete mode 100644 tls/extensions/s2n_client_pq_kem.c delete mode 100644 tls/extensions/s2n_client_pq_kem.h diff --git a/bin/policy.c b/bin/policy.c index a5216374cac..751d4eea08e 100644 --- a/bin/policy.c +++ b/bin/policy.c @@ -102,10 +102,6 @@ int main(int argc, char *const *argv) if (policy->kem_preferences && policy->kem_preferences != &kem_preferences_null) { printf("pq:\n"); printf("- revision: %i\n", policy->kem_preferences->tls13_pq_hybrid_draft_revision); - printf("- kems:\n"); - for (size_t i = 0; i < policy->kem_preferences->kem_count; i++) { - printf("-- %s\n", policy->kem_preferences->kems[i]->name); - } printf("- kem groups:\n"); for (size_t i = 0; i < policy->kem_preferences->tls13_kem_group_count; i++) { printf("-- %s\n", policy->kem_preferences->tls13_kem_groups[i]->name); diff --git a/bindings/rust/extended/s2n-tls/src/connection.rs b/bindings/rust/extended/s2n-tls/src/connection.rs index 7db69da50bf..849619324bf 100644 --- a/bindings/rust/extended/s2n-tls/src/connection.rs +++ b/bindings/rust/extended/s2n-tls/src/connection.rs @@ -1000,6 +1000,34 @@ impl Connection { } } + pub fn kem_group_name(&self) -> Option<&str> { + let name_bytes = { + let name = unsafe { s2n_connection_get_kem_group_name(self.connection.as_ptr()) }; + if name.is_null() { + return None; + } + name + }; + + let name_str = unsafe { + // SAFETY: The data is null terminated because it is declared as a C + // string literal. + // SAFETY: kem_name has a static lifetime because it lives on a const + // struct s2n_kem with file scope. + const_str!(name_bytes) + }; + + match name_str { + Ok("NONE") => None, + Ok(name) => Some(name), + Err(_) => { + // Unreachable: This would indicate a non-utf-8 string literal in + // the s2n-tls C codebase. + None + } + } + } + pub fn selected_curve(&self) -> Result<&str, Error> { let curve = unsafe { s2n_connection_get_curve(self.connection.as_ptr()).into_result()? }; unsafe { diff --git a/bindings/rust/extended/s2n-tls/src/testing/s2n_tls.rs b/bindings/rust/extended/s2n-tls/src/testing/s2n_tls.rs index 1d5d920c384..1d4ee6fcfe4 100644 --- a/bindings/rust/extended/s2n-tls/src/testing/s2n_tls.rs +++ b/bindings/rust/extended/s2n-tls/src/testing/s2n_tls.rs @@ -44,12 +44,12 @@ mod tests { // PQ is supported { - let policy = Policy::from_version("KMS-PQ-TLS-1-0-2020-07")?; + let policy = Policy::from_version("default_pq")?; let config = build_config(&policy)?; let mut pair = TestPair::from_config(&config); pair.handshake().unwrap(); - assert_eq!(pair.client.kem_name(), Some("kyber512r3")); + assert_eq!(pair.client.kem_group_name(), Some("X25519MLKEM768")); } Ok(()) diff --git a/bindings/rust/standard/integration/src/lib.rs b/bindings/rust/standard/integration/src/lib.rs index 25252295875..93b9f4c4adf 100644 --- a/bindings/rust/standard/integration/src/lib.rs +++ b/bindings/rust/standard/integration/src/lib.rs @@ -16,11 +16,11 @@ mod tests { #[cfg(feature = "pq")] #[test] fn pq_sanity_check() -> Result<(), Box> { - let config = testing::build_config(&Policy::from_version("KMS-PQ-TLS-1-0-2020-07")?)?; + let config = testing::build_config(&Policy::from_version("default_pq")?)?; let mut pair = TestPair::from_config(&config); pair.handshake()?; - if pair.client.kem_name().is_none() { + if pair.client.kem_group_name().is_none() { panic!( "PQ tests are enabled, but PQ functionality is unavailable. \ Are you sure that the libcrypto supports PQ?" diff --git a/bindings/rust/standard/integration/src/network/tls_client.rs b/bindings/rust/standard/integration/src/network/tls_client.rs index caef998abf7..ed46c4e2ebe 100644 --- a/bindings/rust/standard/integration/src/network/tls_client.rs +++ b/bindings/rust/standard/integration/src/network/tls_client.rs @@ -46,40 +46,18 @@ mod kms_pq { // supports ML-KEM. #[test_log::test(tokio::test)] async fn pq_handshake() -> Result<(), Box> { - let policy = Policy::from_version("KMS-PQ-TLS-1-0-2020-07")?; + let policy = Policy::from_version("PQ-TLS-1-2-2023-10-09")?; let tls = handshake_with_domain(DOMAIN, &policy).await?; assert_eq!( tls.as_ref().cipher_suite()?, - "ECDHE-KYBER-RSA-AES256-GCM-SHA384" + "TLS_AES_256_GCM_SHA384" ); - assert_eq!(tls.as_ref().kem_name(), Some("kyber512r3")); + assert_eq!(tls.as_ref().kem_group_name(), Some("secp256r1_kyber-512-r3")); Ok(()) } - // We want to confirm that non-supported kyber drafts successfully fall - // back to a full handshake. - #[test_log::test(tokio::test)] - async fn early_draft_falls_back_to_classical() -> Result<(), Box> { - const EARLY_DRAFT_PQ_POLICIES: &[&str] = &[ - "KMS-PQ-TLS-1-0-2019-06", - "PQ-SIKE-TEST-TLS-1-0-2019-11", - "KMS-PQ-TLS-1-0-2020-02", - "PQ-SIKE-TEST-TLS-1-0-2020-02", - ]; - - for security_policy in EARLY_DRAFT_PQ_POLICIES { - let policy = Policy::from_version(security_policy)?; - let tls = handshake_with_domain(DOMAIN, &policy).await?; - - assert_eq!(tls.as_ref().cipher_suite()?, "ECDHE-RSA-AES256-GCM-SHA384"); - assert_eq!(tls.as_ref().kem_name(), None); - } - Ok(()) - } -} - #[test_log::test(tokio::test)] async fn tls_client() -> Result<(), Box> { // The akamai request should be in internet_https_client.rs but Akamai diff --git a/error/s2n_errno.c b/error/s2n_errno.c index 82639fe2877..b135aad224d 100644 --- a/error/s2n_errno.c +++ b/error/s2n_errno.c @@ -255,6 +255,7 @@ static const char *no_such_error = "Internal s2n error"; ERR_ENTRY(S2N_ERR_UNSUPPORTED_EXTENSION, "Illegal use of a known, supported extension") \ ERR_ENTRY(S2N_ERR_MISSING_EXTENSION, "Mandatory extension not received") \ ERR_ENTRY(S2N_ERR_DUPLICATE_EXTENSION, "Extension block contains two or more extensions of the same type") \ + ERR_ENTRY(S2N_ERR_DEPRECATED_SECURITY_POLICY, "Deprecated security policy") \ ERR_ENTRY(S2N_ERR_INVALID_SECURITY_POLICY, "Invalid security policy") \ ERR_ENTRY(S2N_ERR_INVALID_KEM_PREFERENCES, "Invalid kem preferences version") \ ERR_ENTRY(S2N_ERR_INVALID_PARSED_EXTENSIONS, "Invalid parsed extension data") \ diff --git a/error/s2n_errno.h b/error/s2n_errno.h index 9375959a697..9f50b63d300 100644 --- a/error/s2n_errno.h +++ b/error/s2n_errno.h @@ -295,6 +295,7 @@ typedef enum { S2N_ERR_INVALID_SIGNATURE_ALGORITHMS_PREFERENCES, S2N_ERR_RSA_PSS_NOT_SUPPORTED, S2N_ERR_INVALID_ECC_PREFERENCES, + S2N_ERR_DEPRECATED_SECURITY_POLICY, S2N_ERR_INVALID_SECURITY_POLICY, S2N_ERR_INVALID_KEM_PREFERENCES, S2N_ERR_ASYNC_ALREADY_PERFORMED, diff --git a/tests/cbmc/sources/make_common_datastructures.c b/tests/cbmc/sources/make_common_datastructures.c index 59c7590f10d..7037f8bfdb1 100644 --- a/tests/cbmc/sources/make_common_datastructures.c +++ b/tests/cbmc/sources/make_common_datastructures.c @@ -599,9 +599,7 @@ void cbmc_populate_s2n_kex_parameters(struct s2n_kex_parameters *s2n_kex_paramet * If required, these initializations should be done in the proof harness. */ cbmc_populate_s2n_kem_group_params(&(s2n_kex_parameters->server_kem_group_params)); - cbmc_populate_s2n_kem_params(&(s2n_kex_parameters->kem_params)); cbmc_populate_s2n_blob(&(s2n_kex_parameters->client_key_exchange_message)); - cbmc_populate_s2n_blob(&(s2n_kex_parameters->client_pq_kem_extension)); } void cbmc_populate_s2n_crypto_parameters(struct s2n_crypto_parameters *s2n_crypto_parameters) diff --git a/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/0e356ba505631fbf715758bed27d503f8b260e3a b/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/0e356ba505631fbf715758bed27d503f8b260e3a deleted file mode 100644 index 35a038769b15c0935bb3cd038f5cc1de7579f128..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2 JcmZQ%0000400IC2 diff --git a/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/19bbeeffd5ca3b4dd492e51ddc74cdbd97dcaced b/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/19bbeeffd5ca3b4dd492e51ddc74cdbd97dcaced deleted file mode 100644 index bd09cf20ba46a174b67d616dc8ad45f34fcc0f86..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 848 zcmb7DK@P$o5FBbu)FVIOYT`?LL=VP;7i$2$`UOAWTYQKA@LqSJ=#rMEB>@(g+1=R< zrrH5eG--Tr^|Yt>gEYwG33&k`Ban#OQR9i5Y@VPW|tZEk(Xc!38o@ z@(H~8ju(ZMc%E-YVH6qOi#GK_WVsPA6-Gpi^x!H(6Qqb1^l@{ftdbaoh;EUPcsC#p P{3&D+(+3H?;Ggsb`_W0( diff --git a/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/2d0b82331a9f817f3c9345ba6d5657aca40a6a00 b/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/2d0b82331a9f817f3c9345ba6d5657aca40a6a00 deleted file mode 100644 index 2d619f3b2e1e2eed498a1028988671cb6b489963..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 828 zcmb7DQ3}E^41Jvl>Su4zU%``jh_N4GAVXaI_6lCWvv>~g;s2JjtEOy~t}Ey7Z$y`*ZxII@@ri?Q({5i9EW@#K$raL9 z@(H}YGL>5^fBPg;5!UyAPG18InaS_y6WZSp#YHGfX<%O$dQB NfG${U248pSnjVD-Nv!|? diff --git a/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/3039044e9fcc0e9b2dee6103676d04bec90a8ffc b/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/3039044e9fcc0e9b2dee6103676d04bec90a8ffc deleted file mode 100644 index d2c9f252abbc4416994ca586361ef24216da9e38..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 818 zcma)5$qm9V5F7^~L7wg)UnDA_2$T;J65e zI{KHe32m?!Rgo+~e6b~M97^D^1AHoU)=7bAefZ)Teu|tqYGFi8HaAE)wOt<%x=2%)_h3>xf{HAukZj!{&)NM&e(Ori~aKArK_5_J%BWHgA@Mur1l Od+TKS3&?@+HTeQNOi5k< diff --git a/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/3368662134ad5fce476d7d1a1f8aa83cf4cb1bc4 b/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/3368662134ad5fce476d7d1a1f8aa83cf4cb1bc4 deleted file mode 100644 index 809850ae37f26ff8a5e88a626c5fc6b1a96d99e6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1948 zcmb_dQBK1!40VQ(fY02Zzet>fLrnWYnuI3A!Z%mo0-S|&a1Z{wXD4ZFwV^H|TH7SH zpP%hG8+H#w6!2jD&|AXiRu=S5G>+GFh1KBF%4SAg8^#`dxP#68WX+R8h^NDjMt)+V zm)GMd?VpaP!}I=}4(ZJD%vw9@$5FK@&SMm;Z7*iY)V?@tWjrF74+InIh6%>1vpw|P z+#4j%0t|cJm8PWfljxiG_!a0ziMLO4WbjNWsXEPEc)4*-D7m$_6D}5+v8oFg=e^&e z$U4zR>Z({l#i{pr5t2h#K1}NXwNrKH2xMlVqW*LKs-YYtEIOFriXXS^%K0dijh-v9 zg1^*rl_9>Zq^;ANxKM9OEYgg9JQ^Tu<0_-+{?ncWW7a#fjphoZJDHyZz+b$R8VK^k z!B31>vd$`NdHyi?7Id*-NHuIll;EGI)=yN&W!X_EDYr4%mE7fW_bZG5PaZYX1#E&W FUjQ4Cl_~%L diff --git a/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/3459631260dc55cc90c2f9a0a379e5254a90ce14 b/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/3459631260dc55cc90c2f9a0a379e5254a90ce14 deleted file mode 100644 index a69b0cc263293eee0241136e285219384a210664..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1209 zcmcIkK?=e!5S&&D>M=j)Rq!P~qIeMsQpCoyU-0D3xA>0!!+YG_q%lR(j4f~-2r%fcq^AyCD_7i+?7JeoI75O3=ehNsdvo!d?~ zhql`vn_lmA&-Ye!NEFXw^oIK6$RRA9;_Yw7;KD>gQa&y%XdUGG00hZPfu(^N%q8Z;~9q8>eYq AI{*Lx diff --git a/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/41b464aad39c7bebcfeec3d45943a040b512ebbc b/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/41b464aad39c7bebcfeec3d45943a040b512ebbc deleted file mode 100644 index 2730c139c0dcaa45b95c645c90e97741df66ed2f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 811 zcmcgq!41MN47>y(6`tK7A09|d!aCv23M{}Z%)uV~c!aavRB75G^1)K$`g&*Av4cMW zaC~SlTq50016+ZWw%9NVKe0?Up_jsbExp@Qa~#$3;toxgwZS6=@6cu7yH95Ciq&h( zT!?YF8A0yAQ@k8nLaIIF!o)~CvyWTVhknyk6Sl%j)XZ;bLpAf`KW(fwJ^!HrX;;*# g%B`xFwxrqw?HUy41Pxo5DrDcs(UP8bADy>)AKx=TK>z>% diff --git a/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/429a23b0feef081a8394ea3e0b0c3bd86a54dc70 b/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/429a23b0feef081a8394ea3e0b0c3bd86a54dc70 deleted file mode 100644 index c484a14f4fccc567d0d564ecb3e6ee758131c138..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 848 zcmb7DQ3}E^41Jvl>Su4zU%``jh_N4GAVXaI_6lCWvv>~g;r~pURWr8fR%n~1c}ZSE zLbe0oc=LMULVT^`16QDFmRRsBOtMl~$J_$_n0vQj%=Uv8p-o7{kfD+738!;eQGO_^ z;+WS|P%ZzOwGA}RBU!`uIYwXe4#`qddq~yVwP!LnCgYQ$LuSZ)a_V1?B02Uo7Tj3I zO5TB|=;Ux%neX|c6644qGHvRG(A?U#vSBKWiKy`CYAO?h{v-YD`Ut`55HwzVMJ-8;?G52Q2oc)I_MwgJ7E`yh8372bGQGP0` z;+)r1P%ZBpvEMr-Ca7to$lYN0?9>w{?uLm{ zmmhB-xI%{DPv9kYvKVaC^Kvr^QGFI+vBO)PK&Lg=w#Su4TU%``jh_N4GAVXaJ_6lCWvv>~g;eVH;>z1)@xIniyc}d<& zX`Y<`7+PdMJRJS@a=;Vtev1vA@($(6=20O{!G}Z+*}3xOK+z*Zdg}=BInUsES%=%b zs$FrZ>hfANu5^vyrEFw4cv3nj8c5iwM#)_FVU|qo!&B?*Ok!Rn#zsd!U2!Dfe^VbS z^3G7}L^WxykTS_P@MRx=40bBKej9{QXE>*>Y0_fEjev15s$)o(QX@1$X3;8rdAl%H aofw3u+ae*smkWl2`it!Hi>{Zx3jRiEA0n?ehSVzxlT?FHvcSxJ5@ ztKyW`Qb^7Jh}tHa=FwTh4>^Wd^A4gUv?r_9u7i@fD;eJ@dSu4TlcE12QgRw=D!H)? zm3#m%>UcP;&G&pU64T5OF>M;8NX5pIK$5MK0skqhjS-2MZYhzd8zBb{g)L$?AfXqW Fqz|X5Nwoj~ diff --git a/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/848eeaf741cbd6fbb493aa1d06c0f129166afa8a b/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/848eeaf741cbd6fbb493aa1d06c0f129166afa8a deleted file mode 100644 index 95b549899c607102572477d138c8e299f0361739..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 848 zcmb7DK?=e!5S&&7^_UmftKds~g!Cd5q=;S5e!&m;7T@7NyvN;a({5>6G>~?)nc3M% zNRjUWWITC%a3gH7*3}*Geu)LIiV+G4l+p%pOLU=pf|zZXv+LLrv<*pEsgZr{+6rkVA=IJa#vVhh`0?$C>-1l`l-6F9EN%ZhX4Or8JHOu07#Amy#N3J diff --git a/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/ac578702df787bb4a71a109fb398b4a12590e5c2 b/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/ac578702df787bb4a71a109fb398b4a12590e5c2 deleted file mode 100644 index 201860d79a167dfdaaa349a7de190c8db91df574..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 36 acmY#nV)(zmgaHn`xfmEGXu-K41|tAn>H}r~ diff --git a/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/c3dd518683173a14d38fb212e939351187291008 b/tests/fuzz/corpus/s2n_hybrid_ecdhe_kyber_r3_fuzz_test/c3dd518683173a14d38fb212e939351187291008 deleted file mode 100644 index 7eab69f27a0802b479e3d83bda1de87364d80f3e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 804 zcmY#n(q&*^U<6_y_`*Fyz%W4z!3VP7T2MrZ=720JC=o)a zp9{4d6krelXAtiwm{yw6a5s@>10i1vA$-rkFqgPw0(BBFt%1V{*#sh^666sS0qltAu1N6N~l6K%uMWDfU|Ip9)X=b*iAn%C2gpbHcp=H z_w1xuvIU@M(DTN{&}Y>cxB}LuSdf)Pp`4q5`;IykUaiSz(|hxzCB)M#f#snMPUoUD z`JpKH$GkFoQ}MoI?I#NB=+Mw(jZLioUd)oIJ-KS_vm-Hg5~I5XA?6o6nmR?SX(%jR z>^Mgz6e2lr^egUGy%u<|=;secure->cipher_suite->key_exchange_alg->client_key_recv == s2n_ecdhe_client_key_recv || server_conn->secure->cipher_suite->key_exchange_alg->client_key_recv == s2n_hybrid_client_key_recv) { + if (server_conn->secure->cipher_suite->key_exchange_alg->client_key_recv == s2n_ecdhe_client_key_recv) { server_conn->kex_params.server_ecc_evp_params.negotiated_curve = ecc_preferences->ecc_curves[0]; s2n_ecc_evp_generate_ephemeral_key(&server_conn->kex_params.server_ecc_evp_params); } - if (server_conn->secure->cipher_suite->key_exchange_alg->client_key_recv == s2n_kem_client_key_recv || server_conn->secure->cipher_suite->key_exchange_alg->client_key_recv == s2n_hybrid_client_key_recv) { - server_conn->kex_params.kem_params.kem = &s2n_kyber_512_r3; - } - /* Run Test * Do not use GUARD macro here since the connection memory hasn't been freed. */ diff --git a/tests/fuzz/s2n_hybrid_ecdhe_kyber_r3_fuzz_test.c b/tests/fuzz/s2n_hybrid_ecdhe_kyber_r3_fuzz_test.c deleted file mode 100644 index 9f8f4e8a00f..00000000000 --- a/tests/fuzz/s2n_hybrid_ecdhe_kyber_r3_fuzz_test.c +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"). - * You may not use this file except in compliance with the License. - * A copy of the License is located at - * - * http://aws.amazon.com/apache2.0 - * - * or in the "license" file accompanying this file. This file is distributed - * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -/* Target Functions: s2n_client_key_recv s2n_kex_client_key_recv calculate_keys - s2n_kex_tls_prf s2n_prf_key_expansion s2n_ecdhe_client_key_recv - s2n_kem_client_key_recv s2n_hybrid_client_action */ - -#include "crypto/s2n_crypto.h" -#include "crypto/s2n_drbg.h" -#include "crypto/s2n_hash.h" -#include "crypto/s2n_openssl.h" -#include "crypto/s2n_pq.h" -#include "error/s2n_errno.h" -#include "stuffer/s2n_stuffer.h" -#include "tests/s2n_test.h" -#include "tests/testlib/s2n_testlib.h" -#include "tls/s2n_cipher_suites.h" -#include "tls/s2n_kem.h" -#include "tls/s2n_kex.h" -#include "tls/s2n_security_policies.h" -#include "tls/s2n_tls.h" -#include "utils/s2n_random.h" -#include "utils/s2n_safety.h" - -static struct s2n_kem_params kyber512_r3_draft0_params = { .kem = &s2n_kyber_512_r3, .len_prefixed = true }; -static struct s2n_kem_params kyber512_r3_draft5_params = { .kem = &s2n_kyber_512_r3, .len_prefixed = false }; - -/* Setup the connection in a state for a fuzz test run, s2n_client_key_recv modifies the state of the connection - * along the way and gets cleaned up at the end of each fuzz test. - * - Connection needs cipher suite, curve, and kem setup - * - Connection needs a ecdhe key and a kem private key, this would normally be setup when the server calls s2n_server_send_key - * */ -static int setup_connection(struct s2n_connection *server_conn, struct s2n_kem_params *params) -{ - server_conn->actual_protocol_version = S2N_TLS12; - - const struct s2n_ecc_preferences *ecc_preferences = NULL; - POSIX_GUARD(s2n_connection_get_ecc_preferences(server_conn, &ecc_preferences)); - POSIX_ENSURE_REF(ecc_preferences); - - server_conn->kex_params.server_ecc_evp_params.negotiated_curve = ecc_preferences->ecc_curves[0]; - server_conn->kex_params.server_ecc_evp_params.evp_pkey = NULL; - server_conn->kex_params.kem_params.kem = &s2n_kyber_512_r3; - server_conn->secure->cipher_suite = &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384; - server_conn->handshake_params.server_cert_sig_scheme = &s2n_rsa_pkcs1_sha384; - - POSIX_GUARD(s2n_dup(¶ms->private_key, &server_conn->kex_params.kem_params.private_key)); - POSIX_GUARD(s2n_ecc_evp_generate_ephemeral_key(&server_conn->kex_params.server_ecc_evp_params)); - - return S2N_SUCCESS; -} - -int s2n_fuzz_init_kem_param(struct s2n_kem_params *param) -{ - POSIX_ENSURE_REF(param->kem); - struct s2n_blob *public_key = ¶m->public_key; - POSIX_GUARD(s2n_alloc(public_key, S2N_KYBER_512_R3_PUBLIC_KEY_BYTES)); - - /* Do not GUARD this call to s2n_kem_generate_keypair(), as it will fail when attempting to generate the KEM - * key pair if !s2n_pq_is_enabled(). However, even if it does fail, it will have allocated zeroed memory for the - * public and private keys needed for setup_connection() to complete. */ - s2n_result result = s2n_kem_generate_keypair(param); - - POSIX_ENSURE_EQ(s2n_pq_is_enabled(), s2n_result_is_ok(result)); - - POSIX_ENSURE_REF(param->public_key.data); - POSIX_ENSURE_REF(param->private_key.data); - POSIX_GUARD(s2n_free(public_key)); - - return S2N_SUCCESS; -} - -int s2n_fuzz_init(int *argc, char **argv[]) -{ - POSIX_GUARD(s2n_fuzz_init_kem_param(&kyber512_r3_draft0_params)); - POSIX_GUARD(s2n_fuzz_init_kem_param(&kyber512_r3_draft5_params)); - - return S2N_SUCCESS; -} - -int s2n_fuzz_test_with_params(const uint8_t *buf, size_t len, struct s2n_kem_params *params) -{ - struct s2n_connection *server_conn; - POSIX_ENSURE_REF(server_conn = s2n_connection_new(S2N_SERVER)); - POSIX_GUARD(setup_connection(server_conn, params)); - - /* You can't write 0 bytes to a stuffer but attempting to call s2n_client_key_recv with 0 data is an interesting test */ - if (len > 0) { - POSIX_GUARD(s2n_stuffer_write_bytes(&server_conn->handshake.io, buf, len)); - } - - /* The missing GUARD is because s2n_client_key_recv might fail due to bad input which is okay, the connection - * must still be cleaned up. Don't return s2n_client_key_recv's result because the the test still passes as long as - * s2n_client_key_recv does not leak/contaminate any memory, the fuzz input is most likely not valid and will fail - * to be recv'd successfully. */ - int result = s2n_client_key_recv(server_conn); - - /* If PQ is disabled, then s2n_client_key_recv should always fail since the KEM calls will always fail. */ - if (!s2n_pq_is_enabled()) { - POSIX_ENSURE_EQ(result, S2N_FAILURE); - } - - POSIX_GUARD(s2n_connection_free(server_conn)); - - return S2N_SUCCESS; -} - -int s2n_fuzz_test(const uint8_t *buf, size_t len) -{ - POSIX_GUARD(s2n_fuzz_test_with_params(buf, len, &kyber512_r3_draft0_params)); - POSIX_GUARD(s2n_fuzz_test_with_params(buf, len, &kyber512_r3_draft5_params)); - - return S2N_SUCCESS; -} - -static void s2n_fuzz_cleanup() -{ - s2n_kem_free(&kyber512_r3_draft0_params); - s2n_kem_free(&kyber512_r3_draft5_params); -} - -S2N_FUZZ_TARGET(s2n_fuzz_init, s2n_fuzz_test, s2n_fuzz_cleanup) diff --git a/tests/unit/s2n_choose_supported_group_test.c b/tests/unit/s2n_choose_supported_group_test.c index b27880e11a6..7cc3e209bcc 100644 --- a/tests/unit/s2n_choose_supported_group_test.c +++ b/tests/unit/s2n_choose_supported_group_test.c @@ -142,8 +142,6 @@ int main() /* Test for PQ */ { const struct s2n_kem_preferences test_kem_prefs = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = kem_preferences_all.tls13_kem_group_count, .tls13_kem_groups = kem_preferences_all.tls13_kem_groups, }; diff --git a/tests/unit/s2n_cipher_suite_match_test.c b/tests/unit/s2n_cipher_suite_match_test.c index ff05d7de578..067d8a9ac24 100644 --- a/tests/unit/s2n_cipher_suite_match_test.c +++ b/tests/unit/s2n_cipher_suite_match_test.c @@ -195,7 +195,6 @@ int main(int argc, char **argv) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - TLS_ECDHE_KYBER_RSA_WITH_AES_256_GCM_SHA384, }; const uint8_t cipher_count = sizeof(wire_ciphers) / S2N_TLS_CIPHER_SUITE_LEN; @@ -325,7 +324,6 @@ int main(int argc, char **argv) const struct s2n_ecc_preferences *ecc_pref = NULL; EXPECT_SUCCESS(s2n_connection_get_ecc_preferences(conn, &ecc_pref)); EXPECT_NOT_NULL(ecc_pref); - /* Assume default for negotiated curve. */ /* Shouldn't be necessary unless the test fails, but we want the failure to be obvious. */ conn->kex_params.server_ecc_evp_params.negotiated_curve = ecc_pref->ecc_curves[0]; @@ -336,64 +334,6 @@ int main(int argc, char **argv) EXPECT_EQUAL(conn->secure->cipher_suite, expected_rsa_wire_choice); EXPECT_SUCCESS(s2n_connection_wipe(conn)); - /* Test that PQ cipher suites are marked available/unavailable appropriately in s2n_cipher_suites_init() */ - { - const struct s2n_cipher_suite *pq_suites[] = { - &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, - }; - - for (size_t i = 0; i < s2n_array_len(pq_suites); i++) { - if (s2n_pq_is_enabled()) { - EXPECT_EQUAL(pq_suites[i]->available, 1); - EXPECT_NOT_NULL(pq_suites[i]->record_alg); - } else { - EXPECT_EQUAL(pq_suites[i]->available, 0); - EXPECT_NULL(pq_suites[i]->record_alg); - } - } - }; - - /* Test that clients that support PQ ciphers can negotiate them. */ - { - uint8_t client_extensions_data[] = { - 0xFE, 0x01, /* PQ KEM extension ID */ - 0x00, 0x04, /* Total extension length in bytes */ - 0x00, 0x02, /* Length of the supported parameters list in bytes */ - 0x00, TLS_PQ_KEM_EXTENSION_ID_KYBER_512_R3 /* Kyber-512-Round3*/ - }; - int client_extensions_len = sizeof(client_extensions_data); - EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(conn, "PQ-TLS-1-0-2021-05-24")); - conn->actual_protocol_version = S2N_TLS12; - conn->kex_params.server_ecc_evp_params.negotiated_curve = ecc_pref->ecc_curves[0]; - conn->kex_params.client_pq_kem_extension.data = client_extensions_data; - conn->kex_params.client_pq_kem_extension.size = client_extensions_len; - EXPECT_SUCCESS(s2n_set_cipher_as_tls_server(conn, wire_ciphers, cipher_count)); - const struct s2n_cipher_suite *kyber_cipher = &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384; - const struct s2n_cipher_suite *ecc_cipher = &s2n_ecdhe_rsa_with_aes_256_gcm_sha384; - if (s2n_pq_is_enabled()) { - EXPECT_EQUAL(conn->secure->cipher_suite, kyber_cipher); - } else { - EXPECT_EQUAL(conn->secure->cipher_suite, ecc_cipher); - } - - EXPECT_SUCCESS(s2n_connection_wipe(conn)); - - /* Test cipher preferences that use PQ cipher suites that require TLS 1.2 fall back to classic ciphers if a client - * only supports TLS 1.1 or below, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is the first cipher suite that supports - * TLS 1.1 in KMS-PQ-TLS-1-0-2019-06 */ - for (int i = S2N_TLS10; i <= S2N_TLS11; i++) { - const struct s2n_cipher_suite *expected_classic_wire_choice = &s2n_ecdhe_rsa_with_aes_256_cbc_sha; - EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(conn, "KMS-PQ-TLS-1-0-2019-06")); - conn->actual_protocol_version = i; - conn->kex_params.server_ecc_evp_params.negotiated_curve = ecc_pref->ecc_curves[0]; - conn->kex_params.client_pq_kem_extension.data = client_extensions_data; - conn->kex_params.client_pq_kem_extension.size = client_extensions_len; - EXPECT_SUCCESS(s2n_set_cipher_as_tls_server(conn, wire_ciphers, cipher_count)); - EXPECT_EQUAL(conn->secure->cipher_suite, expected_classic_wire_choice); - EXPECT_SUCCESS(s2n_connection_wipe(conn)); - } - }; - /* Clean+free to setup for ECDSA tests */ EXPECT_SUCCESS(s2n_config_free(server_config)); @@ -404,7 +344,6 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_connection_get_ecc_preferences(conn, &ecc_pref)); EXPECT_NOT_NULL(ecc_pref); - /* TEST ECDSA */ EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(conn, "test_all_ecdsa")); const struct s2n_cipher_suite *expected_ecdsa_wire_choice = &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256; @@ -569,7 +508,6 @@ int main(int argc, char **argv) /* Override auto-chosen defaults with only ECDSA cert default. RSA still loaded, but not default. */ EXPECT_SUCCESS(s2n_config_set_cert_chain_and_key_defaults(server_config, &ecdsa_cert, 1)); - /* Client sends RSA and ECDSA ciphers, server prioritizes RSA, ECDSA + RSA cert is configured, * only ECDSA is default. Expect default ECDSA used instead of previous test that expects RSA for this case. */ { @@ -634,7 +572,6 @@ int main(int argc, char **argv) tls12_cipher_suite->iana_value[0], tls12_cipher_suite->iana_value[1] }; const uint8_t cipher_count_tls13 = sizeof(wire_ciphers_with_tls13) / S2N_TLS_CIPHER_SUITE_LEN; - /* Client sends TLS1.3 cipher suites, but server does not support TLS1.3 */ { EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(conn, "test_all")); @@ -668,7 +605,6 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_connection_wipe(conn)); } } - /* Check wire's cipher suites with preferred tls12 ordering does not affect tls13 selection */ { uint8_t wire_ciphers2[] = { @@ -835,7 +771,7 @@ int main(int argc, char **argv) { EXPECT_SUCCESS(s2n_enable_tls13_in_test()); uint8_t invalid_cipher_pref[] = { - TLS_ECDHE_KYBER_RSA_WITH_AES_256_GCM_SHA384 + TLS_NULL_WITH_NULL_NULL }; const uint8_t invalid_cipher_count = sizeof(invalid_cipher_pref) / S2N_TLS_CIPHER_SUITE_LEN; @@ -846,7 +782,6 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_connection_wipe(conn)); EXPECT_SUCCESS(s2n_disable_tls13_in_test()); }; - /* Client sends cipher that requires DH params */ { DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), diff --git a/tests/unit/s2n_client_extensions_test.c b/tests/unit/s2n_client_extensions_test.c index e1263898843..e40a4f3b69c 100644 --- a/tests/unit/s2n_client_extensions_test.c +++ b/tests/unit/s2n_client_extensions_test.c @@ -59,95 +59,6 @@ static uint8_t sct_list[] = { 0xff, 0xff, 0xff, 0xff, 0xff }; -/* Helper function to allow us to easily repeat the PQ extension test for many scenarios. - * If the KEM negotiation is expected to fail (because of e.g. a client/server extension - * mismatch), pass in expected_kem_id = -1. The tests should always EXPECT_SUCCESS when - * calling this function. */ -static int negotiate_kem(const uint8_t client_extensions[], const size_t client_extensions_len, - const uint8_t client_hello_message[], const size_t client_hello_len, - const char cipher_pref_version[], const int expected_kem_id, struct s2n_test_io_pair *io_pair) -{ - char *cert_chain = NULL; - char *private_key = NULL; - - POSIX_GUARD_PTR(cert_chain = malloc(S2N_MAX_TEST_PEM_SIZE)); - POSIX_GUARD_PTR(private_key = malloc(S2N_MAX_TEST_PEM_SIZE)); - POSIX_GUARD(setenv("S2N_DONT_MLOCK", "1", 0)); - - struct s2n_connection *server_conn = NULL; - struct s2n_config *server_config = NULL; - s2n_blocked_status server_blocked; - struct s2n_cert_chain_and_key *chain_and_key = NULL; - - size_t body_len = client_hello_len + client_extensions_len; - uint8_t message_header[] = { - /* Handshake message type CLIENT HELLO */ - 0x01, - /* Body len */ - (body_len >> 16) & 0xff, - (body_len >> 8) & 0xff, - (body_len & 0xff), - }; - size_t message_header_len = sizeof(message_header); - size_t message_len = message_header_len + body_len; - uint8_t record_header[] = { - /* Record type HANDSHAKE */ - 0x16, - /* Protocol version TLS 1.2 */ - 0x03, - 0x03, - /* Message len */ - (message_len >> 8) & 0xff, - (message_len & 0xff), - }; - size_t record_header_len = sizeof(record_header); - - POSIX_GUARD_PTR(server_conn = s2n_connection_new(S2N_SERVER)); - POSIX_GUARD(s2n_connection_set_io_pair(server_conn, io_pair)); - - POSIX_GUARD_PTR(server_config = s2n_config_new()); - POSIX_GUARD(s2n_read_test_pem(S2N_DEFAULT_TEST_CERT_CHAIN, cert_chain, S2N_MAX_TEST_PEM_SIZE)); - POSIX_GUARD(s2n_read_test_pem(S2N_DEFAULT_TEST_PRIVATE_KEY, private_key, S2N_MAX_TEST_PEM_SIZE)); - POSIX_GUARD_PTR(chain_and_key = s2n_cert_chain_and_key_new()); - POSIX_GUARD(s2n_cert_chain_and_key_load_pem(chain_and_key, cert_chain, private_key)); - POSIX_GUARD(s2n_config_add_cert_chain_and_key_to_store(server_config, chain_and_key)); - POSIX_GUARD(s2n_config_set_cipher_preferences(server_config, cipher_pref_version)); - POSIX_GUARD(s2n_connection_set_config(server_conn, server_config)); - server_conn->kex_params.kem_params.kem = NULL; - - /* Send the client hello */ - POSIX_ENSURE_EQ(write(io_pair->client, record_header, record_header_len), (int64_t) record_header_len); - POSIX_ENSURE_EQ(write(io_pair->client, message_header, message_header_len), (int64_t) message_header_len); - POSIX_ENSURE_EQ(write(io_pair->client, client_hello_message, client_hello_len), (int64_t) client_hello_len); - POSIX_ENSURE_EQ(write(io_pair->client, client_extensions, client_extensions_len), (int64_t) client_extensions_len); - - POSIX_GUARD(s2n_connection_set_blinding(server_conn, S2N_SELF_SERVICE_BLINDING)); - if (s2n_negotiate(server_conn, &server_blocked) == 0) { - /* We expect the overall negotiation to fail and return non-zero, but it should get far enough - * that a KEM extension was agreed upon. */ - return S2N_FAILURE; - } - - int negotiated_kem_id = 0; - - if (server_conn->kex_params.kem_params.kem != NULL) { - negotiated_kem_id = server_conn->kex_params.kem_params.kem->kem_extension_id; - } else { - negotiated_kem_id = -1; - } - - POSIX_GUARD(s2n_connection_free(server_conn)); - POSIX_GUARD(s2n_cert_chain_and_key_free(chain_and_key)); - POSIX_GUARD(s2n_config_free(server_config)); - - free(cert_chain); - free(private_key); - - POSIX_ENSURE_EQ(negotiated_kem_id, expected_kem_id); - - return 0; -} - int main(int argc, char **argv) { char *cert_chain = NULL; @@ -1321,166 +1232,6 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_config_free(client_config)); }; - /* All PQ KEM byte values are from https://tools.ietf.org/html/draft-campagna-tls-bike-sike-hybrid */ - { - /* Client requests Kyber ciphersuite but sends only PQ KEM extensions with bogus - * extension IDs; server is using the round 3 preference list. Expect to negotiate no KEM (-1) whether or - * not PQ is enabled. */ - int expected_kem_id = -1; - - uint8_t client_extensions[] = { - /* Extension type pq_kem_parameters */ - 0xFE, - 0x01, - /* Extension size */ - 0x00, - 0x08, - /* KEM names len */ - 0x00, - 0x06, - /* KEM values out of range of anything s2n supports */ - 0xcc, - 0x05, - 0xaa, - 0xbb, - 0xff, - 0xa1, - }; - size_t client_extensions_len = sizeof(client_extensions); - uint8_t client_hello_message[] = { - /* Protocol version TLS 1.2 */ - 0x03, - 0x03, - /* Client random */ - ZERO_TO_THIRTY_ONE, - /* SessionID len - 32 bytes */ - 0x20, - /* Session ID */ - ZERO_TO_THIRTY_ONE, - /* Cipher suites len */ - 0x00, - 0x02, - /* Cipher suite - TLS_ECDHE_KYBER_RSA_WITH_AES_256_GCM_SHA384 */ - 0xFF, - 0x0C, - /* Compression methods len */ - 0x01, - /* Compression method - none */ - 0x00, - /* Extensions len */ - (client_extensions_len >> 8) & 0xff, - (client_extensions_len & 0xff), - }; - size_t client_hello_len = sizeof(client_hello_message); - EXPECT_SUCCESS(negotiate_kem(client_extensions, client_extensions_len, client_hello_message, - client_hello_len, "PQ-TLS-1-0-2021-05-24", expected_kem_id, &io_pair)); - }; - - { - /* Client sends PQ KEM extension with BIKE extensions, but requests SIKE ciphersuite; - * server is using the round 1 only preference list. Expect to negotiate no KEM (-1) - * whether or not PQ is enabled. */ - int expected_kem_id = -1; - - uint8_t client_extensions[] = { - /* Extension type pq_kem_parameters */ - 0xFE, - 0x01, - /* Extension size */ - 0x00, - 0x06, - /* KEM names len */ - 0x00, - 0x04, - /* BIKE1_L1_R1 */ - 0x00, - 0x01, - /* BIKE1_L1_R2 */ - 0x00, - 0x0D, - }; - size_t client_extensions_len = sizeof(client_extensions); - uint8_t client_hello_message[] = { - /* Protocol version TLS 1.2 */ - 0x03, - 0x03, - /* Client random */ - ZERO_TO_THIRTY_ONE, - /* SessionID len - 32 bytes */ - 0x20, - /* Session ID */ - ZERO_TO_THIRTY_ONE, - /* Cipher suites len */ - 0x00, - 0x02, - /* Cipher suite - TLS_ECDHE_SIKE_RSA_WITH_AES_256_GCM_SHA384 */ - 0xFF, - 0x08, - /* Compression methods len */ - 0x01, - /* Compression method - none */ - 0x00, - /* Extensions len */ - (client_extensions_len >> 8) & 0xff, - (client_extensions_len & 0xff), - }; - size_t client_hello_len = sizeof(client_hello_message); - EXPECT_SUCCESS(negotiate_kem(client_extensions, client_extensions_len, client_hello_message, - client_hello_len, "KMS-PQ-TLS-1-0-2019-06", expected_kem_id, &io_pair)); - }; - - { - /* Client sends PQ KEM extensions for round 2 only; the server is using the round 1 - * only preference list. Expect to negotiate no KEM (-1) whether or not PQ is enabled. */ - int expected_kem_id = -1; - - uint8_t client_extensions[] = { - /* Extension type pq_kem_parameters */ - 0xFE, - 0x01, - /* Extension size */ - 0x00, - 0x06, - /* KEM names len */ - 0x00, - 0x04, - /* SIKE_P434_R3 */ - 0x00, - 0x13, - /* BIKE1_L1_R2 */ - 0x00, - 0x0D, - }; - size_t client_extensions_len = sizeof(client_extensions); - uint8_t client_hello_message[] = { - /* Protocol version TLS 1.2 */ - 0x03, - 0x03, - /* Client random */ - ZERO_TO_THIRTY_ONE, - /* SessionID len - 32 bytes */ - 0x20, - /* Session ID */ - ZERO_TO_THIRTY_ONE, - /* Cipher suites len */ - 0x00, - 0x02, - /* Cipher suite - TLS_ECDHE_SIKE_RSA_WITH_AES_256_GCM_SHA384 */ - 0xFF, - 0x08, - /* Compression methods len */ - 0x01, - /* Compression method - none */ - 0x00, - /* Extensions len */ - (client_extensions_len >> 8) & 0xff, - (client_extensions_len & 0xff), - }; - size_t client_hello_len = sizeof(client_hello_message); - EXPECT_SUCCESS(negotiate_kem(client_extensions, client_extensions_len, client_hello_message, - client_hello_len, "KMS-PQ-TLS-1-0-2019-06", expected_kem_id, &io_pair)); - }; - EXPECT_SUCCESS(s2n_io_pair_close(&io_pair)); free(cert_chain); free(private_key); diff --git a/tests/unit/s2n_client_hello_get_supported_groups_test.c b/tests/unit/s2n_client_hello_get_supported_groups_test.c index 6ca477e70e7..3f136be2a7d 100644 --- a/tests/unit/s2n_client_hello_get_supported_groups_test.c +++ b/tests/unit/s2n_client_hello_get_supported_groups_test.c @@ -327,7 +327,7 @@ int main(int argc, char **argv) "AWS-CRT-SDK-TLSv1.2-2023", "20230317", "20210816", - "PQ-TLS-1-0-2021-05-20", + "PQ-TLS-1-0-2021-05-24", "PQ-TLS-1-2-2023-04-08", "test_all" }; diff --git a/tests/unit/s2n_client_hello_retry_test.c b/tests/unit/s2n_client_hello_retry_test.c index c817ed54213..dc75a8949e6 100644 --- a/tests/unit/s2n_client_hello_retry_test.c +++ b/tests/unit/s2n_client_hello_retry_test.c @@ -1308,7 +1308,7 @@ int main(int argc, char **argv) /* Force the HRR path */ const struct s2n_security_policy security_policy_test_tls13_retry_with_pq = { .minimum_protocol_version = S2N_TLS11, - .cipher_preferences = &cipher_preferences_pq_tls_1_1_2021_05_21, + .cipher_preferences = &elb_security_policy_tls13_1_2_Ext2_2021_06, .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, .signature_preferences = &s2n_signature_preferences_20200207, .ecc_preferences = &ecc_preferences_for_retry, @@ -1317,7 +1317,7 @@ int main(int argc, char **argv) /* Setup all extensions */ uint8_t apn[] = "https"; - EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "PQ-TLS-1-1-2021-05-21")); + EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "PQ-TLS-1-2-2023-10-07")); EXPECT_SUCCESS(s2n_config_set_status_request_type(client_config, S2N_STATUS_REQUEST_OCSP)); EXPECT_SUCCESS(s2n_config_set_ct_support_level(client_config, S2N_CT_SUPPORT_REQUEST)); EXPECT_SUCCESS(s2n_config_send_max_fragment_length(client_config, S2N_TLS_MAX_FRAG_LEN_4096)); @@ -1350,11 +1350,6 @@ int main(int argc, char **argv) continue; } - /* No pq extension if pq not enabled for the build */ - if (iana == TLS_EXTENSION_PQ_KEM_PARAMETERS && !s2n_pq_is_enabled()) { - continue; - } - /* TLS1.2 session tickets and TLS1.3 session tickets are mutually exclusive */ if (tls13_tickets && iana == TLS_EXTENSION_SESSION_TICKET) { continue; diff --git a/tests/unit/s2n_client_key_share_extension_pq_test.c b/tests/unit/s2n_client_key_share_extension_pq_test.c index d103de55632..58013afa71a 100644 --- a/tests/unit/s2n_client_key_share_extension_pq_test.c +++ b/tests/unit/s2n_client_key_share_extension_pq_test.c @@ -45,8 +45,6 @@ int main() for (int len_prefixed = 0; len_prefixed < 2; len_prefixed++) { int draft_revision = (len_prefixed) ? 0 : 5; const struct s2n_kem_preferences kem_prefs_all = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = kem_preferences_all.tls13_kem_group_count, .tls13_kem_groups = kem_preferences_all.tls13_kem_groups, .tls13_pq_hybrid_draft_revision = draft_revision @@ -117,8 +115,6 @@ int main() } const struct s2n_kem_preferences test_kem_prefs = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = s2n_array_len(test_kem_groups), .tls13_kem_groups = test_kem_groups, .tls13_pq_hybrid_draft_revision = draft_revision @@ -544,8 +540,6 @@ int main() } struct s2n_kem_preferences test_kem_prefs = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = s2n_array_len(test_kem_groups), .tls13_kem_groups = test_kem_groups, .tls13_pq_hybrid_draft_revision = draft_revision diff --git a/tests/unit/s2n_client_pq_kem_extension_test.c b/tests/unit/s2n_client_pq_kem_extension_test.c deleted file mode 100644 index cb11a2ac9cb..00000000000 --- a/tests/unit/s2n_client_pq_kem_extension_test.c +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"). - * You may not use this file except in compliance with the License. - * A copy of the License is located at - * - * http://aws.amazon.com/apache2.0 - * - * or in the "license" file accompanying this file. This file is distributed - * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -#include "crypto/s2n_pq.h" -#include "s2n_test.h" -#include "tls/extensions/s2n_client_pq_kem.h" -#include "tls/s2n_security_policies.h" - -int main(int argc, char **argv) -{ - BEGIN_TEST(); - EXPECT_SUCCESS(s2n_disable_tls13_in_test()); - - const char *pq_security_policy_versions[] = { - "PQ-TLS-1-0-2021-05-24", - "PQ-TLS-1-0-2021-05-25", - "PQ-TLS-1-0-2021-05-26", - }; - - for (size_t policy_index = 0; policy_index < s2n_array_len(pq_security_policy_versions); policy_index++) { - const char *pq_security_policy_version = pq_security_policy_versions[policy_index]; - const struct s2n_security_policy *security_policy = NULL; - EXPECT_SUCCESS(s2n_find_security_policy_from_version(pq_security_policy_version, &security_policy)); - const struct s2n_kem_preferences *kem_preferences = security_policy->kem_preferences; - - /* Test should_send */ - { - struct s2n_connection *conn = NULL; - EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_CLIENT)); - - /* Default cipher preferences do not include PQ, so extension not sent */ - EXPECT_FALSE(s2n_client_pq_kem_extension.should_send(conn)); - - /* Use cipher preferences that do include PQ */ - EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(conn, pq_security_policy_version)); - if (s2n_pq_is_enabled()) { - EXPECT_TRUE(s2n_client_pq_kem_extension.should_send(conn)); - } else { - EXPECT_FALSE(s2n_client_pq_kem_extension.should_send(conn)); - } - - EXPECT_SUCCESS(s2n_connection_free(conn)); - }; - - /* Test send */ - { - struct s2n_connection *conn = NULL; - EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_CLIENT)); - EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(conn, pq_security_policy_version)); - - struct s2n_stuffer stuffer = { 0 }; - EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&stuffer, 0)); - - EXPECT_SUCCESS(s2n_client_pq_kem_extension.send(conn, &stuffer)); - - /* Should write correct size */ - uint16_t size = 0; - EXPECT_SUCCESS(s2n_stuffer_read_uint16(&stuffer, &size)); - EXPECT_EQUAL(size, s2n_stuffer_data_available(&stuffer)); - EXPECT_EQUAL(size, kem_preferences->kem_count * sizeof(kem_extension_size)); - - /* Should write ids */ - uint16_t actual_id = 0; - for (size_t i = 0; i < kem_preferences->kem_count; i++) { - POSIX_GUARD(s2n_stuffer_read_uint16(&stuffer, &actual_id)); - EXPECT_EQUAL(actual_id, kem_preferences->kems[i]->kem_extension_id); - } - - EXPECT_SUCCESS(s2n_stuffer_free(&stuffer)); - EXPECT_SUCCESS(s2n_connection_free(conn)); - }; - - /* Test receive - malformed length */ - { - struct s2n_connection *conn = NULL; - EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_CLIENT)); - EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(conn, pq_security_policy_version)); - - struct s2n_stuffer stuffer = { 0 }; - EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&stuffer, 0)); - - EXPECT_SUCCESS(s2n_client_pq_kem_extension.send(conn, &stuffer)); - EXPECT_SUCCESS(s2n_stuffer_wipe_n(&stuffer, 1)); - - EXPECT_SUCCESS(s2n_client_pq_kem_extension.recv(conn, &stuffer)); - EXPECT_EQUAL(conn->kex_params.client_pq_kem_extension.size, 0); - EXPECT_NULL(conn->kex_params.client_pq_kem_extension.data); - - EXPECT_SUCCESS(s2n_stuffer_free(&stuffer)); - EXPECT_SUCCESS(s2n_connection_free(conn)); - }; - - /* Test receive */ - { - struct s2n_connection *conn = NULL; - EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_CLIENT)); - EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(conn, pq_security_policy_version)); - - struct s2n_stuffer stuffer = { 0 }; - EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&stuffer, 0)); - - EXPECT_SUCCESS(s2n_client_pq_kem_extension.send(conn, &stuffer)); - - EXPECT_SUCCESS(s2n_client_pq_kem_extension.recv(conn, &stuffer)); - - if (s2n_pq_is_enabled()) { - EXPECT_EQUAL(conn->kex_params.client_pq_kem_extension.size, kem_preferences->kem_count * sizeof(kem_extension_size)); - EXPECT_NOT_NULL(conn->kex_params.client_pq_kem_extension.data); - EXPECT_EQUAL(s2n_stuffer_data_available(&stuffer), 0); - } else { - /* Server should ignore the extension if PQ is disabled */ - EXPECT_EQUAL(conn->kex_params.client_pq_kem_extension.size, 0); - EXPECT_NULL(conn->kex_params.client_pq_kem_extension.data); - } - - EXPECT_SUCCESS(s2n_stuffer_free(&stuffer)); - EXPECT_SUCCESS(s2n_connection_free(conn)); - }; - } - - END_TEST(); -} diff --git a/tests/unit/s2n_client_supported_groups_extension_test.c b/tests/unit/s2n_client_supported_groups_extension_test.c index 58cbe1d9da9..96a4ea9c700 100644 --- a/tests/unit/s2n_client_supported_groups_extension_test.c +++ b/tests/unit/s2n_client_supported_groups_extension_test.c @@ -83,8 +83,6 @@ int main() /* Kyber */ const struct s2n_kem_preferences test_kem_prefs_kyber = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = kem_preferences_all.tls13_kem_group_count, .tls13_kem_groups = kem_preferences_all.tls13_kem_groups, }; diff --git a/tests/unit/s2n_ecc_point_format_extension_test.c b/tests/unit/s2n_ecc_point_format_extension_test.c index 8d99cf6ee27..92f4958c026 100644 --- a/tests/unit/s2n_ecc_point_format_extension_test.c +++ b/tests/unit/s2n_ecc_point_format_extension_test.c @@ -48,10 +48,6 @@ int main(int argc, char **argv) conn->secure->cipher_suite = &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha; EXPECT_TRUE(s2n_server_ec_point_format_extension.should_send(conn)); - /* Do send for connection with hybrid ec kex */ - conn->secure->cipher_suite = &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384; - EXPECT_TRUE(s2n_server_ec_point_format_extension.should_send(conn)); - EXPECT_SUCCESS(s2n_connection_free(conn)); }; diff --git a/tests/unit/s2n_kem_preferences_test.c b/tests/unit/s2n_kem_preferences_test.c index 465b2032298..68359c58a16 100644 --- a/tests/unit/s2n_kem_preferences_test.c +++ b/tests/unit/s2n_kem_preferences_test.c @@ -36,8 +36,6 @@ int main(int argc, char **argv) { const struct s2n_kem_preferences test_prefs = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = S2N_KEM_GROUPS_COUNT, .tls13_kem_groups = ALL_SUPPORTED_KEM_GROUPS, }; diff --git a/tests/unit/s2n_kem_test.c b/tests/unit/s2n_kem_test.c index d0b9d7db2ab..570e45ae097 100644 --- a/tests/unit/s2n_kem_test.c +++ b/tests/unit/s2n_kem_test.c @@ -33,9 +33,6 @@ const uint8_t TEST_SHARED_SECRET[] = { 4, 4, 4, 4 }; #define TEST_CIPHERTEXT_LENGTH 5 const uint8_t TEST_CIPHERTEXT[] = { 5, 5, 5, 5, 5 }; -static const uint8_t kyber_iana[S2N_TLS_CIPHER_SUITE_LEN] = { TLS_ECDHE_KYBER_RSA_WITH_AES_256_GCM_SHA384 }; -static const uint8_t classic_ecdhe_iana[S2N_TLS_CIPHER_SUITE_LEN] = { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA }; - int alloc_test_kem_params(struct s2n_kem_params *kem_params) { POSIX_GUARD(s2n_alloc(&(kem_params->private_key), TEST_PRIVATE_KEY_LENGTH)); @@ -124,16 +121,6 @@ int main(int argc, char **argv) EXPECT_EQUAL(sizeof(kem_shared_secret_size), 2); EXPECT_EQUAL(sizeof(kem_ciphertext_key_size), 2); }; - { - const struct s2n_iana_to_kem *compatible_params = NULL; - EXPECT_FAILURE_WITH_ERRNO(s2n_cipher_suite_to_kem(classic_ecdhe_iana, &compatible_params), S2N_ERR_KEM_UNSUPPORTED_PARAMS); - EXPECT_NULL(compatible_params); - - EXPECT_SUCCESS(s2n_cipher_suite_to_kem(kyber_iana, &compatible_params)); - EXPECT_NOT_NULL(compatible_params); - EXPECT_EQUAL(compatible_params->kem_count, 1); - EXPECT_EQUAL(compatible_params->kems[0]->kem_extension_id, s2n_kyber_512_r3.kem_extension_id); - }; { /* Tests for s2n_kem_free() */ EXPECT_SUCCESS(s2n_kem_free(NULL)); @@ -167,34 +154,6 @@ int main(int argc, char **argv) EXPECT_SUCCESS(assert_kem_params_free(&kem_group_params.kem_params)); EXPECT_NULL(kem_group_params.ecc_params.evp_pkey); }; - { - /* Happy case(s) for s2n_get_kem_from_extension_id() */ - - /* The kem_extensions and kems arrays should be kept in sync with each other */ - kem_extension_size kem_extensions[] = { - TLS_PQ_KEM_EXTENSION_ID_KYBER_512_R3, - }; - - const struct s2n_kem *kems[] = { - &s2n_kyber_512_r3, - }; - - for (size_t i = 0; i < s2n_array_len(kems); i++) { - kem_extension_size kem_id = kem_extensions[i]; - const struct s2n_kem *returned_kem = NULL; - - EXPECT_SUCCESS(s2n_get_kem_from_extension_id(kem_id, &returned_kem)); - EXPECT_NOT_NULL(returned_kem); - EXPECT_EQUAL(kems[i], returned_kem); - } - }; - { - /* Failure cases for s2n_get_kem_from_extension_id() */ - const struct s2n_kem *returned_kem = NULL; - kem_extension_size non_existent_kem_id = 65535; - EXPECT_FAILURE_WITH_ERRNO(s2n_get_kem_from_extension_id(non_existent_kem_id, &returned_kem), S2N_ERR_KEM_UNSUPPORTED_PARAMS); - }; - /* If KEM tests depend on len_prefix, test with both possible values */ for (int len_prefixed = 0; len_prefixed < 2; len_prefixed++) { { diff --git a/tests/unit/s2n_kex_test.c b/tests/unit/s2n_kex_test.c index 9013f0323a0..b4ff536f27d 100644 --- a/tests/unit/s2n_kex_test.c +++ b/tests/unit/s2n_kex_test.c @@ -31,10 +31,6 @@ int main(int argc, char **argv) struct s2n_cipher_suite test_cipher_with_null_kex = test_cipher; test_cipher_with_null_kex.key_exchange_alg = NULL; - /* Null cipher suite kex - possible with tls1.3 cipher suites */ - EXPECT_ERROR(s2n_configure_kex(NULL, &conn)); - EXPECT_ERROR(s2n_configure_kex(&test_cipher_with_null_kex, NULL)); - /* Null kex -- possible with tls1.3 cipher suites */ bool is_ephemeral = false; EXPECT_ERROR(s2n_kex_is_ephemeral(NULL, &is_ephemeral)); @@ -52,23 +48,9 @@ int main(int argc, char **argv) /* True if same kex */ EXPECT_TRUE(s2n_kex_includes(NULL, NULL)); EXPECT_TRUE(s2n_kex_includes(&s2n_rsa, &s2n_rsa)); - EXPECT_TRUE(s2n_kex_includes(&s2n_hybrid_ecdhe_kem, &s2n_hybrid_ecdhe_kem)); /* False if different kex */ EXPECT_FALSE(s2n_kex_includes(&s2n_rsa, &s2n_dhe)); - EXPECT_FALSE(s2n_kex_includes(&s2n_kem, &s2n_ecdhe)); - - /* True if hybrid that contains */ - EXPECT_TRUE(s2n_kex_includes(&s2n_hybrid_ecdhe_kem, &s2n_ecdhe)); - EXPECT_TRUE(s2n_kex_includes(&s2n_hybrid_ecdhe_kem, &s2n_kem)); - - /* False if hybrid "contains" relationship reversed */ - EXPECT_FALSE(s2n_kex_includes(&s2n_ecdhe, &s2n_hybrid_ecdhe_kem)); - EXPECT_FALSE(s2n_kex_includes(&s2n_kem, &s2n_hybrid_ecdhe_kem)); - - /* False if hybrid that does not contain */ - EXPECT_FALSE(s2n_kex_includes(&s2n_hybrid_ecdhe_kem, &s2n_rsa)); - EXPECT_FALSE(s2n_kex_includes(&s2n_hybrid_ecdhe_kem, &s2n_dhe)); /* False if one kex null */ EXPECT_FALSE(s2n_kex_includes(&s2n_rsa, NULL)); diff --git a/tests/unit/s2n_kex_with_kem_test.c b/tests/unit/s2n_kex_with_kem_test.c deleted file mode 100644 index 8dfb3730e44..00000000000 --- a/tests/unit/s2n_kex_with_kem_test.c +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"). - * You may not use this file except in compliance with the License. - * A copy of the License is located at - * - * http://aws.amazon.com/apache2.0 - * - * or in the "license" file accompanying this file. This file is distributed - * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -#include "crypto/s2n_pq.h" -#include "tests/s2n_test.h" -#include "tls/s2n_cipher_suites.h" -#include "tls/s2n_client_key_exchange.h" -#include "tls/s2n_kem.h" -#include "tls/s2n_kex.h" -#include "tls/s2n_kex_data.h" -#include "tls/s2n_security_policies.h" -#include "tls/s2n_server_key_exchange.h" -#include "tls/s2n_tls.h" -#include "utils/s2n_safety.h" - -static struct s2n_kex s2n_test_kem_kex = { - .server_key_recv_read_data = &s2n_kem_server_key_recv_read_data, - .server_key_recv_parse_data = &s2n_kem_server_key_recv_parse_data, - .server_key_send = &s2n_kem_server_key_send, - .client_key_recv = &s2n_kem_client_key_recv, - .client_key_send = &s2n_kem_client_key_send, -}; - -static struct s2n_cipher_suite kyber_test_suite = { - .iana_value = { TLS_ECDHE_KYBER_RSA_WITH_AES_256_GCM_SHA384 }, - .key_exchange_alg = &s2n_test_kem_kex, -}; - -static int do_kex_with_kem(struct s2n_cipher_suite *cipher_suite, const char *security_policy_version, const struct s2n_kem *negotiated_kem) -{ - struct s2n_connection *client_conn = NULL; - struct s2n_connection *server_conn = NULL; - - POSIX_GUARD_PTR(client_conn = s2n_connection_new(S2N_CLIENT)); - POSIX_GUARD_PTR(server_conn = s2n_connection_new(S2N_SERVER)); - - const struct s2n_security_policy *security_policy = NULL; - POSIX_GUARD(s2n_find_security_policy_from_version(security_policy_version, &security_policy)); - POSIX_GUARD_PTR(security_policy); - - client_conn->kex_params.kem_params.kem = negotiated_kem; - client_conn->secure->cipher_suite = cipher_suite; - client_conn->security_policy_override = security_policy; - - server_conn->kex_params.kem_params.kem = negotiated_kem; - server_conn->secure->cipher_suite = cipher_suite; - server_conn->security_policy_override = security_policy; - - /* Part 1: Server calls send_key */ - struct s2n_blob data_to_sign = { 0 }; - POSIX_GUARD(s2n_kem_server_key_send(server_conn, &data_to_sign)); - /* 2 extra bytes for the kem extension id and 2 additional bytes for the length of the public key sent over the wire. */ - const uint32_t KEM_PUBLIC_KEY_MESSAGE_SIZE = (*negotiated_kem).public_key_length + 4; - POSIX_ENSURE_EQ(data_to_sign.size, KEM_PUBLIC_KEY_MESSAGE_SIZE); - - POSIX_ENSURE_EQ((*negotiated_kem).private_key_length, server_conn->kex_params.kem_params.private_key.size); - struct s2n_blob server_key_message = { .size = KEM_PUBLIC_KEY_MESSAGE_SIZE, .data = s2n_stuffer_raw_read(&server_conn->handshake.io, KEM_PUBLIC_KEY_MESSAGE_SIZE) }; - POSIX_GUARD_PTR(server_key_message.data); - - /* The KEM public key should get written directly to the server's handshake IO; kem_params.public_key - * should point to NULL */ - POSIX_ENSURE_EQ(NULL, server_conn->kex_params.kem_params.public_key.data); - POSIX_ENSURE_EQ(0, server_conn->kex_params.kem_params.public_key.size); - - /* Part 1.1: feed that to the client */ - POSIX_GUARD(s2n_stuffer_write(&client_conn->handshake.io, &server_key_message)); - - /* Part 2: Client calls recv_read and recv_parse */ - struct s2n_kex_raw_server_data raw_params = { 0 }; - struct s2n_blob data_to_verify = { 0 }; - POSIX_GUARD(s2n_kem_server_key_recv_read_data(client_conn, &data_to_verify, &raw_params)); - POSIX_ENSURE_EQ(data_to_verify.size, KEM_PUBLIC_KEY_MESSAGE_SIZE); - - if (s2n_kem_server_key_recv_parse_data(client_conn, &raw_params) != 0) { - /* Tests with incompatible parameters are expected to fail here; - * we want to clean up the connections before failing. */ - POSIX_GUARD(s2n_connection_free(client_conn)); - POSIX_GUARD(s2n_connection_free(server_conn)); - S2N_ERROR_PRESERVE_ERRNO(); - } - - POSIX_ENSURE_EQ((*negotiated_kem).public_key_length, client_conn->kex_params.kem_params.public_key.size); - - /* Part 3: Client calls send_key. The additional 2 bytes are for the ciphertext length sent over the wire */ - const uint32_t KEM_CIPHERTEXT_MESSAGE_SIZE = (*negotiated_kem).ciphertext_length + 2; - struct s2n_blob *client_shared_key = &(client_conn->kex_params.kem_params.shared_secret); - POSIX_GUARD(s2n_kem_client_key_send(client_conn, client_shared_key)); - struct s2n_blob client_key_message = { .size = KEM_CIPHERTEXT_MESSAGE_SIZE, .data = s2n_stuffer_raw_read(&client_conn->handshake.io, KEM_CIPHERTEXT_MESSAGE_SIZE) }; - POSIX_GUARD_PTR(client_key_message.data); - - /* Part 3.1: Send that back to the server */ - POSIX_GUARD(s2n_stuffer_write(&server_conn->handshake.io, &client_key_message)); - - /* Part 4: Call client key recv */ - struct s2n_blob *server_shared_key = &(server_conn->kex_params.kem_params.shared_secret); - POSIX_GUARD(s2n_kem_client_key_recv(server_conn, server_shared_key)); - POSIX_ENSURE_EQ(memcmp(client_shared_key->data, server_shared_key->data, (*negotiated_kem).shared_secret_key_length), 0); - - POSIX_GUARD(s2n_connection_free(client_conn)); - POSIX_GUARD(s2n_connection_free(server_conn)); - - return 0; -} - -static int assert_pq_disabled_checks(struct s2n_cipher_suite *cipher_suite, const char *security_policy_version, const struct s2n_kem *negotiated_kem) -{ - struct s2n_connection *server_conn = NULL; - POSIX_GUARD_PTR(server_conn = s2n_connection_new(S2N_SERVER)); - const struct s2n_security_policy *security_policy = NULL; - POSIX_GUARD(s2n_find_security_policy_from_version(security_policy_version, &security_policy)); - POSIX_GUARD_PTR(security_policy); - server_conn->kex_params.kem_params.kem = negotiated_kem; - server_conn->secure->cipher_suite = cipher_suite; - server_conn->security_policy_override = security_policy; - - /* If PQ is disabled: - * s2n_check_kem() (s2n_hybrid_ecdhe_kem.connection_supported) should indicate that the connection is not supported - * s2n_configure_kem() (s2n_hybrid_ecdhe_kem.configure_connection) should return S2N_RESULT_ERROR - * set s2n_errno to S2N_ERR_UNIMPLEMENTED */ - bool connection_supported = true; - POSIX_GUARD_RESULT(s2n_hybrid_ecdhe_kem.connection_supported(cipher_suite, server_conn, &connection_supported)); - POSIX_ENSURE_EQ(connection_supported, false); - - POSIX_ENSURE_EQ(s2n_result_is_error(s2n_hybrid_ecdhe_kem.configure_connection(cipher_suite, server_conn)), true); - - POSIX_ENSURE_EQ(s2n_errno, S2N_ERR_UNIMPLEMENTED); - - POSIX_GUARD(s2n_connection_free(server_conn)); - s2n_errno = 0; - s2n_debug_info_reset(); - - return S2N_SUCCESS; -} - -int main(int argc, char **argv) -{ - BEGIN_TEST(); - EXPECT_SUCCESS(s2n_disable_tls13_in_test()); - - if (!s2n_pq_is_enabled()) { - /* Verify s2n_check_kem() and s2n_configure_kem() are performing their pq-enabled checks appropriately. */ - EXPECT_SUCCESS(assert_pq_disabled_checks(&kyber_test_suite, "KMS-PQ-TLS-1-0-2019-06", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(assert_pq_disabled_checks(&kyber_test_suite, "KMS-PQ-TLS-1-0-2020-02", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(assert_pq_disabled_checks(&kyber_test_suite, "KMS-PQ-TLS-1-0-2020-07", &s2n_kyber_512_r3)); - - EXPECT_SUCCESS(assert_pq_disabled_checks(&kyber_test_suite, "PQ-TLS-1-1-2021-05-17", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(assert_pq_disabled_checks(&kyber_test_suite, "PQ-TLS-1-0-2021-05-18", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(assert_pq_disabled_checks(&kyber_test_suite, "PQ-TLS-1-0-2021-05-19", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(assert_pq_disabled_checks(&kyber_test_suite, "PQ-TLS-1-0-2021-05-20", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(assert_pq_disabled_checks(&kyber_test_suite, "PQ-TLS-1-1-2021-05-21", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(assert_pq_disabled_checks(&kyber_test_suite, "PQ-TLS-1-0-2021-05-22", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(assert_pq_disabled_checks(&kyber_test_suite, "PQ-TLS-1-0-2021-05-23", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(assert_pq_disabled_checks(&kyber_test_suite, "PQ-TLS-1-0-2021-05-24", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(assert_pq_disabled_checks(&kyber_test_suite, "PQ-TLS-1-0-2021-05-25", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(assert_pq_disabled_checks(&kyber_test_suite, "PQ-TLS-1-0-2021-05-26", &s2n_kyber_512_r3)); - - } else { - EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-1-2021-05-17", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-0-2021-05-18", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-0-2021-05-19", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-0-2021-05-20", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-1-2021-05-21", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-0-2021-05-22", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-0-2021-05-23", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-0-2021-05-24", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-0-2021-05-25", &s2n_kyber_512_r3)); - EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-0-2021-05-26", &s2n_kyber_512_r3)); - } - - END_TEST(); -} diff --git a/tests/unit/s2n_pq_mlkem_policies_test.c b/tests/unit/s2n_pq_mlkem_policies_test.c index f8589a2173e..28a4ba3c060 100644 --- a/tests/unit/s2n_pq_mlkem_policies_test.c +++ b/tests/unit/s2n_pq_mlkem_policies_test.c @@ -94,7 +94,6 @@ const struct s2n_kem *mlkem_list[] = { /* Ciphers that should not be present in TLS Policies that have ML-KEM */ const struct s2n_cipher_suite *legacy_cipher_suites[] = { - &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, /* Draft cipher for negotiating Kyber in TLS 1.2. */ &s2n_rsa_with_3des_ede_cbc_sha, &s2n_dhe_rsa_with_3des_ede_cbc_sha, &s2n_ecdhe_rsa_with_3des_ede_cbc_sha, diff --git a/tests/unit/s2n_security_policies_test.c b/tests/unit/s2n_security_policies_test.c index a4ae4e515c2..2666a26528b 100644 --- a/tests/unit/s2n_security_policies_test.c +++ b/tests/unit/s2n_security_policies_test.c @@ -115,26 +115,6 @@ int main(int argc, char **argv) for (size_t policy_index = 0; security_policy_selection[policy_index].version != NULL; policy_index++) { const struct s2n_security_policy *security_policy = security_policy_selection[policy_index].security_policy; - /* TLS 1.3 + PQ checks */ - if (security_policy->kem_preferences->tls13_kem_group_count > 0) { - /* Ensure that no TLS 1.3 KEM group preference lists go over max supported limit */ - EXPECT_TRUE(security_policy->kem_preferences->tls13_kem_group_count <= S2N_KEM_GROUPS_COUNT); - - /* Ensure all TLS 1.3 KEM groups in all policies are in the global list of all supported KEM groups */ - for (size_t i = 0; i < security_policy->kem_preferences->tls13_kem_group_count; i++) { - const struct s2n_kem_group *kem_group = security_policy->kem_preferences->tls13_kem_groups[i]; - - bool kem_group_is_supported = false; - for (size_t j = 0; j < kem_preferences_all.tls13_kem_group_count; j++) { - if (kem_group->iana_id == kem_preferences_all.tls13_kem_groups[j]->iana_id) { - kem_group_is_supported = true; - break; - } - } - EXPECT_TRUE(kem_group_is_supported); - } - } - /* TLS 1.3 Cipher suites have TLS 1.3 Signature Algorithms Test */ bool has_tls_13_cipher = false; for (size_t i = 0; i < security_policy->cipher_preferences->count; i++) { @@ -168,17 +148,64 @@ int main(int argc, char **argv) EXPECT_TRUE(has_tls_13_sig_alg); EXPECT_TRUE(has_rsa_pss); } + + /* TLS 1.3 + PQ checks */ + if (security_policy->kem_preferences->tls13_kem_group_count > 0) { + /* Ensure that PQ enabled Policies support TLS 1.3 since TLS 1.3 is now required for PQ support. */ + EXPECT_TRUE(has_tls_13_cipher); + + /* Ensure that no TLS 1.3 KEM group preference lists go over max supported limit */ + EXPECT_TRUE(security_policy->kem_preferences->tls13_kem_group_count <= S2N_KEM_GROUPS_COUNT); + + /* Ensure all TLS 1.3 KEM groups in all policies are in the global list of all supported KEM groups */ + for (size_t i = 0; i < security_policy->kem_preferences->tls13_kem_group_count; i++) { + const struct s2n_kem_group *kem_group = security_policy->kem_preferences->tls13_kem_groups[i]; + + bool kem_group_is_supported = false; + for (size_t j = 0; j < kem_preferences_all.tls13_kem_group_count; j++) { + if (kem_group->iana_id == kem_preferences_all.tls13_kem_groups[j]->iana_id) { + kem_group_is_supported = true; + break; + } + } + EXPECT_TRUE(kem_group_is_supported); + } + } } const struct s2n_security_policy *security_policy = NULL; + /* Test Deprecated Security Policies*/ + { + /* Ensure that every policy in the deprecated list has been removed from the supported policies list */ + for (size_t i = 0; i < deprecrated_security_policies_len; i++) { + EXPECT_FAILURE_WITH_ERRNO(s2n_find_security_policy_from_version(deprecated_security_policies[i], &security_policy), S2N_ERR_DEPRECATED_SECURITY_POLICY); + } + + /* Ensure that each policy that's been deprecated actually returns a deprecated error when requested. */ + EXPECT_FAILURE_WITH_ERRNO(s2n_find_security_policy_from_version("KMS-PQ-TLS-1-0-2019-06", &security_policy), S2N_ERR_DEPRECATED_SECURITY_POLICY); + EXPECT_FAILURE_WITH_ERRNO(s2n_find_security_policy_from_version("PQ-SIKE-TEST-TLS-1-0-2019-11", &security_policy), S2N_ERR_DEPRECATED_SECURITY_POLICY); + EXPECT_FAILURE_WITH_ERRNO(s2n_find_security_policy_from_version("PQ-SIKE-TEST-TLS-1-0-2020-02", &security_policy), S2N_ERR_DEPRECATED_SECURITY_POLICY); + EXPECT_FAILURE_WITH_ERRNO(s2n_find_security_policy_from_version("PQ-SIKE-TEST-TLS-1-0-2020-02", &security_policy), S2N_ERR_DEPRECATED_SECURITY_POLICY); + EXPECT_FAILURE_WITH_ERRNO(s2n_find_security_policy_from_version("KMS-PQ-TLS-1-0-2020-02", &security_policy), S2N_ERR_DEPRECATED_SECURITY_POLICY); + EXPECT_FAILURE_WITH_ERRNO(s2n_find_security_policy_from_version("PQ-TLS-1-0-2020-12", &security_policy), S2N_ERR_DEPRECATED_SECURITY_POLICY); + EXPECT_FAILURE_WITH_ERRNO(s2n_find_security_policy_from_version("PQ-TLS-1-1-2021-05-17", &security_policy), S2N_ERR_DEPRECATED_SECURITY_POLICY); + EXPECT_FAILURE_WITH_ERRNO(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-18", &security_policy), S2N_ERR_DEPRECATED_SECURITY_POLICY); + EXPECT_FAILURE_WITH_ERRNO(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-19", &security_policy), S2N_ERR_DEPRECATED_SECURITY_POLICY); + EXPECT_FAILURE_WITH_ERRNO(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-20", &security_policy), S2N_ERR_DEPRECATED_SECURITY_POLICY); + EXPECT_FAILURE_WITH_ERRNO(s2n_find_security_policy_from_version("PQ-TLS-1-1-2021-05-21", &security_policy), S2N_ERR_DEPRECATED_SECURITY_POLICY); + EXPECT_FAILURE_WITH_ERRNO(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-22", &security_policy), S2N_ERR_DEPRECATED_SECURITY_POLICY); + EXPECT_FAILURE_WITH_ERRNO(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-23", &security_policy), S2N_ERR_DEPRECATED_SECURITY_POLICY); + EXPECT_FAILURE_WITH_ERRNO(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-25", &security_policy), S2N_ERR_DEPRECATED_SECURITY_POLICY); + + /* Add list length check so that when new policies are deprecated, they are added to this test. */ + EXPECT_EQUAL(deprecrated_security_policies_len, 14); + } + /* Test common known good cipher suites for expected configuration */ { EXPECT_SUCCESS(s2n_find_security_policy_from_version("default", &security_policy)); EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_FALSE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_NULL(security_policy->kem_preferences->kems); - EXPECT_EQUAL(0, security_policy->kem_preferences->kem_count); EXPECT_NULL(security_policy->kem_preferences->tls13_kem_groups); EXPECT_EQUAL(0, security_policy->kem_preferences->tls13_kem_group_count); EXPECT_FALSE(s2n_security_policy_supports_tls13(security_policy)); @@ -186,21 +213,15 @@ int main(int argc, char **argv) security_policy = NULL; EXPECT_SUCCESS(s2n_find_security_policy_from_version("default_tls13", &security_policy)); EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_FALSE(s2n_pq_kem_is_extension_required(security_policy)); EXPECT_TRUE(s2n_security_policy_supports_tls13(security_policy)); - EXPECT_EQUAL(0, security_policy->kem_preferences->kems); EXPECT_NULL(security_policy->kem_preferences->tls13_kem_groups); EXPECT_EQUAL(0, security_policy->kem_preferences->tls13_kem_group_count); - EXPECT_NULL(security_policy->kem_preferences->kems); /* The "all" security policy contains both TLS 1.2 KEM extension and TLS 1.3 KEM SupportedGroup entries*/ security_policy = NULL; EXPECT_SUCCESS(s2n_find_security_policy_from_version("test_all", &security_policy)); EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_TRUE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(1, security_policy->kem_preferences->kem_count); - EXPECT_NOT_NULL(security_policy->kem_preferences->kems); - EXPECT_EQUAL(&s2n_kyber_512_r3, security_policy->kem_preferences->kems[0]); + EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, ALL_SUPPORTED_KEM_GROUPS); /* All supported kem groups should be in the preference list, but not all of them may be available. */ EXPECT_EQUAL(S2N_KEM_GROUPS_COUNT, security_policy->kem_preferences->tls13_kem_group_count); @@ -225,74 +246,12 @@ int main(int argc, char **argv) security_policy = NULL; EXPECT_SUCCESS(s2n_find_security_policy_from_version("KMS-TLS-1-0-2018-10", &security_policy)); EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_FALSE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(0, security_policy->kem_preferences->kem_count); - EXPECT_NULL(security_policy->kem_preferences->kems); - EXPECT_NULL(security_policy->kem_preferences->tls13_kem_groups); - EXPECT_EQUAL(0, security_policy->kem_preferences->tls13_kem_group_count); - - security_policy = NULL; - EXPECT_SUCCESS(s2n_find_security_policy_from_version("KMS-PQ-TLS-1-0-2019-06", &security_policy)); - EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_FALSE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(0, security_policy->kem_preferences->kem_count); - EXPECT_NULL(security_policy->kem_preferences->kems); - EXPECT_NULL(security_policy->kem_preferences->kems); - EXPECT_NULL(security_policy->kem_preferences->tls13_kem_groups); - EXPECT_EQUAL(0, security_policy->kem_preferences->tls13_kem_group_count); - - security_policy = NULL; - EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-SIKE-TEST-TLS-1-0-2019-11", &security_policy)); - EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_FALSE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(0, security_policy->kem_preferences->kem_count); - EXPECT_NULL(security_policy->kem_preferences->kems); - EXPECT_NULL(security_policy->kem_preferences->tls13_kem_groups); - EXPECT_EQUAL(0, security_policy->kem_preferences->tls13_kem_group_count); - - security_policy = NULL; - EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-SIKE-TEST-TLS-1-0-2020-02", &security_policy)); - EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_FALSE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(0, security_policy->kem_preferences->kem_count); - EXPECT_NULL(security_policy->kem_preferences->kems); - EXPECT_NULL(security_policy->kem_preferences->tls13_kem_groups); - EXPECT_EQUAL(0, security_policy->kem_preferences->tls13_kem_group_count); - - security_policy = NULL; - EXPECT_SUCCESS(s2n_find_security_policy_from_version("KMS-PQ-TLS-1-0-2020-02", &security_policy)); - EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_FALSE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(0, security_policy->kem_preferences->kem_count); - EXPECT_NULL(security_policy->kem_preferences->kems); EXPECT_NULL(security_policy->kem_preferences->tls13_kem_groups); EXPECT_EQUAL(0, security_policy->kem_preferences->tls13_kem_group_count); security_policy = NULL; - EXPECT_SUCCESS(s2n_find_security_policy_from_version("KMS-PQ-TLS-1-0-2020-07", &security_policy)); - EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_TRUE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(1, security_policy->kem_preferences->kem_count); - EXPECT_NOT_NULL(security_policy->kem_preferences->kems); - EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3_2021_05); - EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups); - EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3_2021_05); - EXPECT_OK(s2n_kem_preferences_groups_available(security_policy->kem_preferences, &available_groups)); - if (s2n_pq_is_enabled() && s2n_is_evp_apis_supported()) { - EXPECT_EQUAL(2, available_groups); - } else if (s2n_pq_is_enabled()) { - EXPECT_EQUAL(1, available_groups); - } else { - EXPECT_EQUAL(0, available_groups); - } - - security_policy = NULL; - EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-0-2020-12", &security_policy)); + EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-24", &security_policy)); EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_TRUE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(1, security_policy->kem_preferences->kem_count); - EXPECT_NOT_NULL(security_policy->kem_preferences->kems); - EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3_2021_05); EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups); EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3_2021_05); EXPECT_OK(s2n_kem_preferences_groups_available(security_policy->kem_preferences, &available_groups)); @@ -304,112 +263,16 @@ int main(int argc, char **argv) EXPECT_EQUAL(0, available_groups); } - security_policy = NULL; - EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-1-2021-05-17", &security_policy)); - EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_TRUE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(1, security_policy->kem_preferences->kem_count); - EXPECT_NOT_NULL(security_policy->kem_preferences->kems); - EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3_2021_05); - EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups); - EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3_2021_05); - EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20140601); - - security_policy = NULL; - EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-18", &security_policy)); - EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_TRUE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(1, security_policy->kem_preferences->kem_count); - EXPECT_NOT_NULL(security_policy->kem_preferences->kems); - EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3_2021_05); - EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups); - EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3_2021_05); - EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20140601); - - security_policy = NULL; - EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-19", &security_policy)); - EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_TRUE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(1, security_policy->kem_preferences->kem_count); - EXPECT_NOT_NULL(security_policy->kem_preferences->kems); - EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3_2021_05); - EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups); - EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3_2021_05); - EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20140601); - - security_policy = NULL; - EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-20", &security_policy)); - EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_TRUE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(1, security_policy->kem_preferences->kem_count); - EXPECT_NOT_NULL(security_policy->kem_preferences->kems); - EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3_2021_05); - EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups); - EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3_2021_05); - EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20140601); - - security_policy = NULL; - EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-1-2021-05-21", &security_policy)); - EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_TRUE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(1, security_policy->kem_preferences->kem_count); - EXPECT_NOT_NULL(security_policy->kem_preferences->kems); - EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3_2021_05); - EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups); - EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3_2021_05); - EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20200207); - - security_policy = NULL; - EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-22", &security_policy)); - EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_TRUE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(1, security_policy->kem_preferences->kem_count); - EXPECT_NOT_NULL(security_policy->kem_preferences->kems); - EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3_2021_05); - EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups); - EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3_2021_05); - EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20200207); - - security_policy = NULL; - EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-23", &security_policy)); - EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_TRUE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(1, security_policy->kem_preferences->kem_count); - EXPECT_NOT_NULL(security_policy->kem_preferences->kems); - EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3_2021_05); - EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups); - EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3_2021_05); - EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20200207); - security_policy = NULL; EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-24", &security_policy)); EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_TRUE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(1, security_policy->kem_preferences->kem_count); - EXPECT_NOT_NULL(security_policy->kem_preferences->kems); - EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3_2021_05); EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups); EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3_2021_05); EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20200207); - security_policy = NULL; - EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-25", &security_policy)); - EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_TRUE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(1, security_policy->kem_preferences->kem_count); - EXPECT_NOT_NULL(security_policy->kem_preferences->kems); - EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3_2021_05); - EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups); - EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3_2021_05); - EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20140601); - security_policy = NULL; EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-26", &security_policy)); EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_TRUE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(1, security_policy->kem_preferences->kem_count); - EXPECT_NOT_NULL(security_policy->kem_preferences->kems); - EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3_2021_05); EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups); EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3_2021_05); EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20200207); @@ -417,10 +280,7 @@ int main(int argc, char **argv) security_policy = NULL; EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-3-2023-06-01", &security_policy)); EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_FALSE(s2n_pq_kem_is_extension_required(security_policy)); EXPECT_EQUAL(security_policy->kem_preferences, &kem_preferences_pq_tls_1_3_2023_06); - EXPECT_EQUAL(0, security_policy->kem_preferences->kem_count); - EXPECT_NULL(security_policy->kem_preferences->kems); EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups); EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3_2023_06); /* All supported kem groups should be in the preference list, but not all of them may be available. */ @@ -437,18 +297,12 @@ int main(int argc, char **argv) security_policy = NULL; EXPECT_SUCCESS(s2n_find_security_policy_from_version("20141001", &security_policy)); EXPECT_FALSE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_FALSE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(0, security_policy->kem_preferences->kem_count); - EXPECT_NULL(security_policy->kem_preferences->kems); EXPECT_NULL(security_policy->kem_preferences->tls13_kem_groups); EXPECT_EQUAL(0, security_policy->kem_preferences->tls13_kem_group_count); security_policy = NULL; EXPECT_SUCCESS(s2n_find_security_policy_from_version("20201021", &security_policy)); EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_FALSE(s2n_pq_kem_is_extension_required(security_policy)); - EXPECT_EQUAL(0, security_policy->kem_preferences->kem_count); - EXPECT_NULL(security_policy->kem_preferences->kems); EXPECT_NULL(security_policy->kem_preferences->tls13_kem_groups); EXPECT_EQUAL(0, security_policy->kem_preferences->tls13_kem_group_count); } @@ -479,11 +333,6 @@ int main(int argc, char **argv) "CloudFront-TLS-1-2-2018-Legacy", "CloudFront-TLS-1-2-2019-Legacy", "KMS-TLS-1-0-2018-10", - "KMS-PQ-TLS-1-0-2019-06", - "KMS-PQ-TLS-1-0-2020-02", - "KMS-PQ-TLS-1-0-2020-07", - "PQ-SIKE-TEST-TLS-1-0-2019-11", - "PQ-SIKE-TEST-TLS-1-0-2020-02", "KMS-FIPS-TLS-1-2-2018-10", "20140601", "20141001", @@ -565,7 +414,6 @@ int main(int argc, char **argv) { security_policy = NULL; EXPECT_FALSE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_FALSE(s2n_pq_kem_is_extension_required(security_policy)); EXPECT_FALSE(s2n_security_policy_supports_tls13(security_policy)); } @@ -603,7 +451,6 @@ int main(int argc, char **argv) /* Test a security policy not on the official list */ { struct s2n_cipher_suite *fake_suites[] = { - &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, &s2n_tls13_chacha20_poly1305_sha256, }; @@ -613,8 +460,8 @@ int main(int argc, char **argv) }; const struct s2n_kem_preferences fake_kem_preference = { - .kem_count = 1, - .kems = NULL, + .tls13_kem_group_count = 1, + .tls13_kem_groups = NULL, }; const struct s2n_security_policy fake_security_policy = { @@ -625,7 +472,6 @@ int main(int argc, char **argv) security_policy = &fake_security_policy; EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); - EXPECT_TRUE(s2n_pq_kem_is_extension_required(security_policy)); EXPECT_TRUE(s2n_security_policy_supports_tls13(security_policy)); } { @@ -662,30 +508,13 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "test_all_tls12")); EXPECT_EQUAL(config->security_policy, &security_policy_test_all_tls12); EXPECT_EQUAL(config->security_policy->cipher_preferences, &cipher_preferences_test_all_tls12); - EXPECT_EQUAL(config->security_policy->kem_preferences, &kem_preferences_pq_tls_1_0_2021_05); + EXPECT_EQUAL(config->security_policy->kem_preferences, &kem_preferences_null); EXPECT_EQUAL(config->security_policy->signature_preferences, &s2n_signature_preferences_20201021); EXPECT_EQUAL(config->security_policy->ecc_preferences, &s2n_ecc_preferences_20201021); - EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "KMS-PQ-TLS-1-0-2020-07")); - EXPECT_EQUAL(config->security_policy, &security_policy_kms_pq_tls_1_0_2020_07); - EXPECT_EQUAL(config->security_policy->cipher_preferences, &cipher_preferences_kms_pq_tls_1_0_2020_07); - EXPECT_EQUAL(config->security_policy->kem_preferences, &kem_preferences_pq_tls_1_0_2021_05); - EXPECT_EQUAL(config->security_policy->signature_preferences, &s2n_signature_preferences_20140601); - EXPECT_EQUAL(config->security_policy->ecc_preferences, &s2n_ecc_preferences_20140601); - - EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "KMS-PQ-TLS-1-0-2020-02")); - EXPECT_EQUAL(config->security_policy, &security_policy_kms_pq_tls_1_0_2020_02); - EXPECT_EQUAL(config->security_policy->cipher_preferences, &cipher_preferences_kms_pq_tls_1_0_2020_02); - EXPECT_EQUAL(config->security_policy->kem_preferences, &kem_preferences_null); - EXPECT_EQUAL(config->security_policy->signature_preferences, &s2n_signature_preferences_20140601); - EXPECT_EQUAL(config->security_policy->ecc_preferences, &s2n_ecc_preferences_20140601); - - EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "KMS-PQ-TLS-1-0-2019-06")); - EXPECT_EQUAL(config->security_policy, &security_policy_kms_pq_tls_1_0_2019_06); - EXPECT_EQUAL(config->security_policy->cipher_preferences, &cipher_preferences_kms_pq_tls_1_0_2019_06); - EXPECT_EQUAL(config->security_policy->kem_preferences, &kem_preferences_null); - EXPECT_EQUAL(config->security_policy->signature_preferences, &s2n_signature_preferences_20140601); - EXPECT_EQUAL(config->security_policy->ecc_preferences, &s2n_ecc_preferences_20140601); + EXPECT_FAILURE_WITH_ERRNO(s2n_config_set_cipher_preferences(config, "KMS-PQ-TLS-1-0-2020-07"), S2N_ERR_DEPRECATED_SECURITY_POLICY); + EXPECT_FAILURE_WITH_ERRNO(s2n_config_set_cipher_preferences(config, "KMS-PQ-TLS-1-0-2020-02"), S2N_ERR_DEPRECATED_SECURITY_POLICY); + EXPECT_FAILURE_WITH_ERRNO(s2n_config_set_cipher_preferences(config, "KMS-PQ-TLS-1-0-2019-06"), S2N_ERR_DEPRECATED_SECURITY_POLICY); EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "AWS-CRT-SDK-SSLv3.0")); EXPECT_EQUAL(config->security_policy, &security_policy_aws_crt_sdk_ssl_v3); @@ -767,33 +596,13 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_connection_get_security_policy(conn, &security_policy)); EXPECT_EQUAL(security_policy, &security_policy_test_all_tls12); EXPECT_EQUAL(security_policy->cipher_preferences, &cipher_preferences_test_all_tls12); - EXPECT_EQUAL(security_policy->kem_preferences, &kem_preferences_pq_tls_1_0_2021_05); + EXPECT_EQUAL(security_policy->kem_preferences, &kem_preferences_null); EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20201021); EXPECT_EQUAL(security_policy->ecc_preferences, &s2n_ecc_preferences_20201021); - EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(conn, "KMS-PQ-TLS-1-0-2020-07")); - EXPECT_SUCCESS(s2n_connection_get_security_policy(conn, &security_policy)); - EXPECT_EQUAL(security_policy, &security_policy_kms_pq_tls_1_0_2020_07); - EXPECT_EQUAL(security_policy->cipher_preferences, &cipher_preferences_kms_pq_tls_1_0_2020_07); - EXPECT_EQUAL(security_policy->kem_preferences, &kem_preferences_pq_tls_1_0_2021_05); - EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20140601); - EXPECT_EQUAL(security_policy->ecc_preferences, &s2n_ecc_preferences_20140601); - - EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(conn, "KMS-PQ-TLS-1-0-2020-02")); - EXPECT_SUCCESS(s2n_connection_get_security_policy(conn, &security_policy)); - EXPECT_EQUAL(security_policy, &security_policy_kms_pq_tls_1_0_2020_02); - EXPECT_EQUAL(security_policy->cipher_preferences, &cipher_preferences_kms_pq_tls_1_0_2020_02); - EXPECT_EQUAL(security_policy->kem_preferences, &kem_preferences_null); - EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20140601); - EXPECT_EQUAL(security_policy->ecc_preferences, &s2n_ecc_preferences_20140601); - - EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(conn, "KMS-PQ-TLS-1-0-2019-06")); - EXPECT_SUCCESS(s2n_connection_get_security_policy(conn, &security_policy)); - EXPECT_EQUAL(security_policy, &security_policy_kms_pq_tls_1_0_2019_06); - EXPECT_EQUAL(security_policy->cipher_preferences, &cipher_preferences_kms_pq_tls_1_0_2019_06); - EXPECT_EQUAL(security_policy->kem_preferences, &kem_preferences_null); - EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20140601); - EXPECT_EQUAL(security_policy->ecc_preferences, &s2n_ecc_preferences_20140601); + EXPECT_FAILURE_WITH_ERRNO(s2n_config_set_cipher_preferences(config, "KMS-PQ-TLS-1-0-2020-07"), S2N_ERR_DEPRECATED_SECURITY_POLICY); + EXPECT_FAILURE_WITH_ERRNO(s2n_config_set_cipher_preferences(config, "KMS-PQ-TLS-1-0-2020-02"), S2N_ERR_DEPRECATED_SECURITY_POLICY); + EXPECT_FAILURE_WITH_ERRNO(s2n_config_set_cipher_preferences(config, "KMS-PQ-TLS-1-0-2019-06"), S2N_ERR_DEPRECATED_SECURITY_POLICY); EXPECT_FAILURE_WITH_ERRNO(s2n_connection_set_cipher_preferences(conn, "notathing"), S2N_ERR_INVALID_SECURITY_POLICY); @@ -859,43 +668,25 @@ int main(int argc, char **argv) /* Positive and negative cases for s2n_validate_kem_preferences() */ { - EXPECT_FAILURE_WITH_ERRNO(s2n_validate_kem_preferences(NULL, 0), S2N_ERR_NULL); - EXPECT_FAILURE_WITH_ERRNO(s2n_validate_kem_preferences(&kem_preferences_null, 1), S2N_ERR_INVALID_SECURITY_POLICY); - EXPECT_SUCCESS(s2n_validate_kem_preferences(&kem_preferences_null, 0)); + EXPECT_FAILURE_WITH_ERRNO(s2n_validate_kem_preferences(NULL), S2N_ERR_NULL); + EXPECT_SUCCESS(s2n_validate_kem_preferences(&kem_preferences_null)); const struct s2n_kem_preferences invalid_kem_prefs[] = { { - .kem_count = 1, - .kems = NULL, - .tls13_kem_group_count = 0, - .tls13_kem_groups = NULL, - }, - { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = 1, .tls13_kem_groups = NULL, }, { - .kem_count = 0, - .kems = pq_kems_r3_2021_05, - .tls13_kem_group_count = 0, - .tls13_kem_groups = NULL, - }, - { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = 0, .tls13_kem_groups = kem_preferences_all.tls13_kem_groups, }, }; for (size_t i = 0; i < s2n_array_len(invalid_kem_prefs); i++) { - EXPECT_FAILURE_WITH_ERRNO(s2n_validate_kem_preferences(&invalid_kem_prefs[i], 1), S2N_ERR_INVALID_SECURITY_POLICY); + EXPECT_FAILURE_WITH_ERRNO(s2n_validate_kem_preferences(&invalid_kem_prefs[i]), S2N_ERR_INVALID_SECURITY_POLICY); } - EXPECT_FAILURE_WITH_ERRNO(s2n_validate_kem_preferences(&kem_preferences_pq_tls_1_0_2021_05, 0), S2N_ERR_INVALID_SECURITY_POLICY); - EXPECT_SUCCESS(s2n_validate_kem_preferences(&kem_preferences_pq_tls_1_0_2021_05, 1)); + EXPECT_SUCCESS(s2n_validate_kem_preferences(&kem_preferences_pq_tls_1_0_2021_05)); } /* Checks that NUM_RSA_PSS_SCHEMES accurately represents the number of rsa_pss signature schemes usable in a diff --git a/tests/unit/s2n_security_rules_test.c b/tests/unit/s2n_security_rules_test.c index 67cb8afd2f9..a0288c3690f 100644 --- a/tests/unit/s2n_security_rules_test.c +++ b/tests/unit/s2n_security_rules_test.c @@ -136,15 +136,11 @@ int main(int argc, char **argv) }; const struct s2n_kem_preferences valid_kem_preferences = { - .kem_count = 0, - .kems = NULL, .tls13_kem_groups = &VALID_HYBRID_GROUP, .tls13_kem_group_count = 1, }; const struct s2n_kem_preferences invalid_kem_preferences = { - .kem_count = 0, - .kems = NULL, .tls13_kem_groups = &EXAMPLE_INVALID_HYBRID_GROUP, .tls13_kem_group_count = 1, }; diff --git a/tests/unit/s2n_server_key_share_extension_test.c b/tests/unit/s2n_server_key_share_extension_test.c index 14292ea0925..a3492730934 100644 --- a/tests/unit/s2n_server_key_share_extension_test.c +++ b/tests/unit/s2n_server_key_share_extension_test.c @@ -519,8 +519,6 @@ int main(int argc, char **argv) }; const struct s2n_kem_preferences test_kem_prefs = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = s2n_array_len(test_kem_groups), .tls13_kem_groups = test_kem_groups, .tls13_pq_hybrid_draft_revision = 0 @@ -535,8 +533,6 @@ int main(int argc, char **argv) }; const struct s2n_kem_preferences test_all_supported_kem_prefs = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = kem_preferences_all.tls13_kem_group_count, .tls13_kem_groups = kem_preferences_all.tls13_kem_groups, .tls13_pq_hybrid_draft_revision = 0 diff --git a/tests/unit/s2n_tls13_pq_handshake_test.c b/tests/unit/s2n_tls13_pq_handshake_test.c index d64b1145347..9646f401421 100644 --- a/tests/unit/s2n_tls13_pq_handshake_test.c +++ b/tests/unit/s2n_tls13_pq_handshake_test.c @@ -333,8 +333,6 @@ int main() }; const struct s2n_kem_preferences kyber_test_prefs_draft0 = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = s2n_array_len(kyber_test_groups), .tls13_kem_groups = kyber_test_groups, .tls13_pq_hybrid_draft_revision = 0 @@ -349,8 +347,6 @@ int main() }; const struct s2n_kem_preferences kyber_test_prefs_draft5 = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = s2n_array_len(kyber_test_groups), .tls13_kem_groups = kyber_test_groups, .tls13_pq_hybrid_draft_revision = 5 @@ -370,8 +366,6 @@ int main() }; const struct s2n_kem_preferences kyber768_test_prefs = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = s2n_array_len(kyber768_test_kem_groups), .tls13_kem_groups = kyber768_test_kem_groups, .tls13_pq_hybrid_draft_revision = 5, @@ -391,8 +385,6 @@ int main() }; const struct s2n_kem_preferences kyber1024_test_prefs = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = s2n_array_len(kyber1024_test_kem_groups), .tls13_kem_groups = kyber1024_test_kem_groups, .tls13_pq_hybrid_draft_revision = 5, @@ -412,8 +404,6 @@ int main() }; const struct s2n_kem_preferences mlkem768_test_prefs = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = s2n_array_len(mlkem768_test_groups), .tls13_kem_groups = mlkem768_test_groups, .tls13_pq_hybrid_draft_revision = 5 @@ -428,10 +418,10 @@ int main() }; const struct s2n_security_policy ecc_retry_policy = { - .minimum_protocol_version = security_policy_pq_tls_1_0_2020_12.minimum_protocol_version, - .cipher_preferences = security_policy_pq_tls_1_0_2020_12.cipher_preferences, - .kem_preferences = security_policy_pq_tls_1_0_2020_12.kem_preferences, - .signature_preferences = security_policy_pq_tls_1_0_2020_12.signature_preferences, + .minimum_protocol_version = security_policy_pq_tls_1_2_2024_10_09.minimum_protocol_version, + .cipher_preferences = security_policy_pq_tls_1_2_2024_10_09.cipher_preferences, + .kem_preferences = security_policy_pq_tls_1_2_2024_10_09.kem_preferences, + .signature_preferences = security_policy_pq_tls_1_2_2024_10_09.signature_preferences, .ecc_preferences = security_policy_test_tls13_retry.ecc_preferences, }; @@ -459,8 +449,6 @@ int main() } const struct s2n_kem_preferences singleton_test_pref = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = 1, .tls13_kem_groups = &kem_group, .tls13_pq_hybrid_draft_revision = 5 @@ -509,30 +497,6 @@ int main() .len_prefix_expected = false, }, /* Server and Client both support PQ and TLS 1.3 */ - { - .client_policy = &security_policy_pq_tls_1_1_2021_05_21, - .server_policy = &security_policy_pq_tls_1_1_2021_05_21, - .expected_kem_group = &s2n_x25519_kyber_512_r3, - .expected_curve = NULL, - .hrr_expected = false, - .len_prefix_expected = true, - }, - { - .client_policy = &security_policy_pq_tls_1_0_2021_05_22, - .server_policy = &security_policy_pq_tls_1_0_2021_05_22, - .expected_kem_group = &s2n_x25519_kyber_512_r3, - .expected_curve = NULL, - .hrr_expected = false, - .len_prefix_expected = true, - }, - { - .client_policy = &security_policy_pq_tls_1_0_2021_05_23, - .server_policy = &security_policy_pq_tls_1_0_2021_05_23, - .expected_kem_group = &s2n_x25519_kyber_512_r3, - .expected_curve = NULL, - .hrr_expected = false, - .len_prefix_expected = true, - }, { .client_policy = &security_policy_pq_tls_1_0_2021_05_24, .server_policy = &security_policy_pq_tls_1_0_2021_05_24, @@ -590,7 +554,7 @@ int main() * ECC on hello retry. */ { - .client_policy = &security_policy_pq_tls_1_1_2021_05_21, + .client_policy = &security_policy_pq_tls_1_0_2021_05_24, .server_policy = &security_policy_pq_tls_1_3_2023_06_01, .expected_kem_group = &s2n_x25519_kyber_512_r3, .expected_curve = NULL, @@ -634,8 +598,8 @@ int main() /* Server supports all KEM groups; client sends a PQ key share and an EC key * share; server chooses to negotiate client's first choice PQ without HRR. */ { - .client_policy = &security_policy_pq_tls_1_0_2020_12, - .server_policy = &security_policy_pq_tls_1_0_2020_12, + .client_policy = &security_policy_pq_tls_1_0_2021_05_24, + .server_policy = &security_policy_pq_tls_1_0_2021_05_24, .expected_kem_group = &s2n_x25519_kyber_512_r3, .expected_curve = NULL, .hrr_expected = false, @@ -646,7 +610,7 @@ int main() * client sends a PQ share and an EC share; server chooses to negotiate PQ * without HRR. */ { - .client_policy = &security_policy_pq_tls_1_0_2020_12, + .client_policy = &security_policy_pq_tls_1_0_2021_05_24, .server_policy = &kyber_test_policy_draft0, .expected_kem_group = &s2n_x25519_kyber_512_r3, .expected_curve = NULL, @@ -658,7 +622,7 @@ int main() * client sends a PQ share and an EC share; server chooses to negotiate PQ * without HRR. */ { - .client_policy = &security_policy_pq_tls_1_0_2020_12, + .client_policy = &security_policy_pq_tls_1_0_2021_05_24, .server_policy = &kyber_test_policy_draft5, .expected_kem_group = &s2n_x25519_kyber_512_r3, .expected_curve = NULL, @@ -669,7 +633,7 @@ int main() /* Server does not support PQ; client sends a PQ key share and an EC key share; * server should negotiate EC without HRR. */ { - .client_policy = &security_policy_pq_tls_1_0_2020_12, + .client_policy = &security_policy_pq_tls_1_0_2021_05_24, .server_policy = &security_policy_test_all_tls13, .expected_kem_group = NULL, .expected_curve = default_curve, @@ -692,7 +656,7 @@ int main() * EC should be negotiated without HRR */ { .client_policy = &security_policy_test_all_tls13, - .server_policy = &security_policy_pq_tls_1_0_2020_12, + .server_policy = &security_policy_pq_tls_1_0_2021_05_24, .expected_kem_group = NULL, .expected_curve = default_curve, .hrr_expected = false, @@ -703,7 +667,7 @@ int main() * EC should be negotiated after exchanging HRR */ { .client_policy = &security_policy_test_tls13_retry, - .server_policy = &security_policy_pq_tls_1_0_2020_12, + .server_policy = &security_policy_pq_tls_1_0_2021_05_24, .expected_kem_group = NULL, .expected_curve = default_curve, .hrr_expected = true, diff --git a/tls/extensions/s2n_client_pq_kem.c b/tls/extensions/s2n_client_pq_kem.c deleted file mode 100644 index 6bddbcf07a4..00000000000 --- a/tls/extensions/s2n_client_pq_kem.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"). - * You may not use this file except in compliance with the License. - * A copy of the License is located at - * - * http://aws.amazon.com/apache2.0 - * - * or in the "license" file accompanying this file. This file is distributed - * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -#include "tls/extensions/s2n_client_pq_kem.h" - -#include -#include - -#include "crypto/s2n_pq.h" -#include "tls/s2n_kem.h" -#include "tls/s2n_security_policies.h" -#include "tls/s2n_tls.h" -#include "tls/s2n_tls_parameters.h" -#include "utils/s2n_safety.h" - -static bool s2n_client_pq_kem_should_send(struct s2n_connection *conn); -static int s2n_client_pq_kem_send(struct s2n_connection *conn, struct s2n_stuffer *out); -static int s2n_client_pq_kem_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); - -const s2n_extension_type s2n_client_pq_kem_extension = { - .iana_value = TLS_EXTENSION_PQ_KEM_PARAMETERS, - .is_response = false, - .send = s2n_client_pq_kem_send, - .recv = s2n_client_pq_kem_recv, - .should_send = s2n_client_pq_kem_should_send, - .if_missing = s2n_extension_noop_if_missing, -}; - -static bool s2n_client_pq_kem_should_send(struct s2n_connection *conn) -{ - const struct s2n_security_policy *security_policy = NULL; - return s2n_connection_get_security_policy(conn, &security_policy) == S2N_SUCCESS - && s2n_pq_kem_is_extension_required(security_policy) - && s2n_pq_is_enabled(); -} - -static int s2n_client_pq_kem_send(struct s2n_connection *conn, struct s2n_stuffer *out) -{ - const struct s2n_kem_preferences *kem_preferences = NULL; - POSIX_GUARD(s2n_connection_get_kem_preferences(conn, &kem_preferences)); - POSIX_ENSURE_REF(kem_preferences); - - POSIX_GUARD(s2n_stuffer_write_uint16(out, kem_preferences->kem_count * sizeof(kem_extension_size))); - for (int i = 0; i < kem_preferences->kem_count; i++) { - POSIX_GUARD(s2n_stuffer_write_uint16(out, kem_preferences->kems[i]->kem_extension_id)); - } - - return S2N_SUCCESS; -} - -static int s2n_client_pq_kem_recv(struct s2n_connection *conn, struct s2n_stuffer *extension) -{ - uint16_t size_of_all = 0; - struct s2n_blob *proposed_kems = &conn->kex_params.client_pq_kem_extension; - - /* Ignore extension if PQ is disabled */ - if (!s2n_pq_is_enabled()) { - return S2N_SUCCESS; - } - - POSIX_GUARD(s2n_stuffer_read_uint16(extension, &size_of_all)); - if (size_of_all > s2n_stuffer_data_available(extension) || size_of_all % sizeof(kem_extension_size)) { - /* Malformed length, ignore the extension */ - return S2N_SUCCESS; - } - - proposed_kems->size = size_of_all; - proposed_kems->data = s2n_stuffer_raw_read(extension, proposed_kems->size); - POSIX_ENSURE_REF(proposed_kems->data); - - return S2N_SUCCESS; -} diff --git a/tls/extensions/s2n_client_pq_kem.h b/tls/extensions/s2n_client_pq_kem.h deleted file mode 100644 index ae2374a688d..00000000000 --- a/tls/extensions/s2n_client_pq_kem.h +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"). - * You may not use this file except in compliance with the License. - * A copy of the License is located at - * - * http://aws.amazon.com/apache2.0 - * - * or in the "license" file accompanying this file. This file is distributed - * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -#pragma once - -#include "stuffer/s2n_stuffer.h" -#include "tls/extensions/s2n_extension_type.h" -#include "tls/s2n_connection.h" - -extern const s2n_extension_type s2n_client_pq_kem_extension; diff --git a/tls/extensions/s2n_extension_type.h b/tls/extensions/s2n_extension_type.h index b1c1ef9f940..52b27ea3eb0 100644 --- a/tls/extensions/s2n_extension_type.h +++ b/tls/extensions/s2n_extension_type.h @@ -49,7 +49,6 @@ typedef struct { static const uint16_t s2n_supported_extensions[] = { TLS_EXTENSION_RENEGOTIATION_INFO, - TLS_EXTENSION_PQ_KEM_PARAMETERS, TLS_EXTENSION_SERVER_NAME, TLS_EXTENSION_MAX_FRAG_LEN, TLS_EXTENSION_STATUS_REQUEST, diff --git a/tls/extensions/s2n_extension_type_lists.c b/tls/extensions/s2n_extension_type_lists.c index c585e126954..c6bc592609b 100644 --- a/tls/extensions/s2n_extension_type_lists.c +++ b/tls/extensions/s2n_extension_type_lists.c @@ -23,7 +23,6 @@ #include "tls/extensions/s2n_client_cert_status_request.h" #include "tls/extensions/s2n_client_key_share.h" #include "tls/extensions/s2n_client_max_frag_len.h" -#include "tls/extensions/s2n_client_pq_kem.h" #include "tls/extensions/s2n_client_psk.h" #include "tls/extensions/s2n_client_renegotiation_info.h" #include "tls/extensions/s2n_client_sct_list.h" @@ -74,7 +73,6 @@ static const s2n_extension_type *const client_hello_extensions[] = { &s2n_client_max_frag_len_extension, &s2n_client_session_ticket_extension, &s2n_client_ec_point_format_extension, - &s2n_client_pq_kem_extension, &s2n_client_renegotiation_info_extension, &s2n_client_cookie_extension, &s2n_quic_transport_parameters_extension, diff --git a/tls/s2n_cipher_preferences.c b/tls/s2n_cipher_preferences.c index 5615b02d993..f02a2ee5b32 100644 --- a/tls/s2n_cipher_preferences.c +++ b/tls/s2n_cipher_preferences.c @@ -1606,86 +1606,85 @@ const struct s2n_cipher_preferences cipher_preferences_kms_tls_1_0_2021_08 = { .allow_chacha20_boosting = false, }; -struct s2n_cipher_suite *cipher_suites_kms_pq_tls_1_0_2019_06[] = { - &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_rsa_with_3des_ede_cbc_sha, - &s2n_dhe_rsa_with_aes_256_cbc_sha256, - &s2n_dhe_rsa_with_aes_128_cbc_sha256, - &s2n_dhe_rsa_with_aes_256_cbc_sha, - &s2n_dhe_rsa_with_aes_128_cbc_sha, -}; - -/* Includes only round 1 PQ KEM params */ -const struct s2n_cipher_preferences cipher_preferences_kms_pq_tls_1_0_2019_06 = { - .count = s2n_array_len(cipher_suites_kms_pq_tls_1_0_2019_06), - .suites = cipher_suites_kms_pq_tls_1_0_2019_06, - .allow_chacha20_boosting = false, -}; - -/* Includes round 1 and round 2 PQ KEM params. The cipher suite list is the same - * as in cipher_preferences_kms_pq_tls_1_0_2019_06.*/ -const struct s2n_cipher_preferences cipher_preferences_kms_pq_tls_1_0_2020_02 = { - .count = s2n_array_len(cipher_suites_kms_pq_tls_1_0_2019_06), - .suites = cipher_suites_kms_pq_tls_1_0_2019_06, - .allow_chacha20_boosting = false, -}; - -struct s2n_cipher_suite *cipher_suites_pq_sike_test_tls_1_0_2019_11[] = { - &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_rsa_with_3des_ede_cbc_sha, - &s2n_dhe_rsa_with_aes_256_cbc_sha256, - &s2n_dhe_rsa_with_aes_128_cbc_sha256, - &s2n_dhe_rsa_with_aes_256_cbc_sha, - &s2n_dhe_rsa_with_aes_128_cbc_sha, -}; - -/* Previously included only SIKE round 1 (for integration tests) */ -const struct s2n_cipher_preferences cipher_preferences_pq_sike_test_tls_1_0_2019_11 = { - .count = s2n_array_len(cipher_suites_pq_sike_test_tls_1_0_2019_11), - .suites = cipher_suites_pq_sike_test_tls_1_0_2019_11, - .allow_chacha20_boosting = false, -}; - -/* Previously included SIKE round 1 and round 2 (for integration tests). The cipher suite list - * is the same as in cipher_preferences_pq_sike_test_tls_1_0_2019_11. */ -const struct s2n_cipher_preferences cipher_preferences_pq_sike_test_tls_1_0_2020_02 = { - .count = s2n_array_len(cipher_suites_pq_sike_test_tls_1_0_2019_11), - .suites = cipher_suites_pq_sike_test_tls_1_0_2019_11, - .allow_chacha20_boosting = false, -}; +//struct s2n_cipher_suite *cipher_suites_kms_pq_tls_1_0_2019_06[] = { +// &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, +// &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, +// &s2n_ecdhe_rsa_with_aes_256_cbc_sha, +// &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, +// &s2n_ecdhe_rsa_with_3des_ede_cbc_sha, +// &s2n_dhe_rsa_with_aes_256_cbc_sha256, +// &s2n_dhe_rsa_with_aes_128_cbc_sha256, +// &s2n_dhe_rsa_with_aes_256_cbc_sha, +// &s2n_dhe_rsa_with_aes_128_cbc_sha, +//}; +// +///* Includes only round 1 PQ KEM params */ +//const struct s2n_cipher_preferences cipher_preferences_kms_pq_tls_1_0_2019_06 = { +// .count = s2n_array_len(cipher_suites_kms_pq_tls_1_0_2019_06), +// .suites = cipher_suites_kms_pq_tls_1_0_2019_06, +// .allow_chacha20_boosting = false, +//}; +// +///* Includes round 1 and round 2 PQ KEM params. The cipher suite list is the same +// * as in cipher_preferences_kms_pq_tls_1_0_2019_06.*/ +//const struct s2n_cipher_preferences cipher_preferences_kms_pq_tls_1_0_2020_02 = { +// .count = s2n_array_len(cipher_suites_kms_pq_tls_1_0_2019_06), +// .suites = cipher_suites_kms_pq_tls_1_0_2019_06, +// .allow_chacha20_boosting = false, +//}; + +//struct s2n_cipher_suite *cipher_suites_pq_sike_test_tls_1_0_2019_11[] = { +// &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, +// &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, +// &s2n_ecdhe_rsa_with_aes_256_cbc_sha, +// &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, +// &s2n_ecdhe_rsa_with_3des_ede_cbc_sha, +// &s2n_dhe_rsa_with_aes_256_cbc_sha256, +// &s2n_dhe_rsa_with_aes_128_cbc_sha256, +// &s2n_dhe_rsa_with_aes_256_cbc_sha, +// &s2n_dhe_rsa_with_aes_128_cbc_sha, +//}; +// +///* Previously included only SIKE round 1 (for integration tests) */ +//const struct s2n_cipher_preferences cipher_preferences_pq_sike_test_tls_1_0_2019_11 = { +// .count = s2n_array_len(cipher_suites_pq_sike_test_tls_1_0_2019_11), +// .suites = cipher_suites_pq_sike_test_tls_1_0_2019_11, +// .allow_chacha20_boosting = false, +//}; +// +///* Previously included SIKE round 1 and round 2 (for integration tests). The cipher suite list +// * is the same as in cipher_preferences_pq_sike_test_tls_1_0_2019_11. */ +//const struct s2n_cipher_preferences cipher_preferences_pq_sike_test_tls_1_0_2020_02 = { +// .count = s2n_array_len(cipher_suites_pq_sike_test_tls_1_0_2019_11), +// .suites = cipher_suites_pq_sike_test_tls_1_0_2019_11, +// .allow_chacha20_boosting = false, +//}; /* Includes Kyber PQ algorithm */ -struct s2n_cipher_suite *cipher_suites_kms_pq_tls_1_0_2020_07[] = { - &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_rsa_with_3des_ede_cbc_sha, - &s2n_dhe_rsa_with_aes_256_cbc_sha256, - &s2n_dhe_rsa_with_aes_128_cbc_sha256, - &s2n_dhe_rsa_with_aes_256_cbc_sha, - &s2n_dhe_rsa_with_aes_128_cbc_sha, -}; - -const struct s2n_cipher_preferences cipher_preferences_kms_pq_tls_1_0_2020_07 = { - .count = s2n_array_len(cipher_suites_kms_pq_tls_1_0_2020_07), - .suites = cipher_suites_kms_pq_tls_1_0_2020_07, - .allow_chacha20_boosting = false, -}; +//struct s2n_cipher_suite *cipher_suites_kms_pq_tls_1_0_2020_07[] = { +// &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, +// &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, +// &s2n_ecdhe_rsa_with_aes_256_cbc_sha, +// &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, +// &s2n_ecdhe_rsa_with_3des_ede_cbc_sha, +// &s2n_dhe_rsa_with_aes_256_cbc_sha256, +// &s2n_dhe_rsa_with_aes_128_cbc_sha256, +// &s2n_dhe_rsa_with_aes_256_cbc_sha, +// &s2n_dhe_rsa_with_aes_128_cbc_sha, +//}; +// +//const struct s2n_cipher_preferences cipher_preferences_kms_pq_tls_1_0_2020_07 = { +// .count = s2n_array_len(cipher_suites_kms_pq_tls_1_0_2020_07), +// .suites = cipher_suites_kms_pq_tls_1_0_2020_07, +// .allow_chacha20_boosting = false, +//}; struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2020_12[] = { S2N_TLS13_CIPHER_SUITES_20190801, - &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, @@ -1705,295 +1704,172 @@ const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2020_12 = { }; /* Same as ELBSecurityPolicy-TLS-1-1-2017-01, but with PQ Ciphers appended to top of preference list */ -struct s2n_cipher_suite *cipher_suites_pq_tls_1_1_2021_05_17[] = { - &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha, - &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha, - &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha, - &s2n_rsa_with_aes_128_gcm_sha256, - &s2n_rsa_with_aes_128_cbc_sha256, - &s2n_rsa_with_aes_128_cbc_sha, - &s2n_rsa_with_aes_256_gcm_sha384, - &s2n_rsa_with_aes_256_cbc_sha256, - &s2n_rsa_with_aes_256_cbc_sha, -}; - -const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_1_2021_05_17 = { - .count = s2n_array_len(cipher_suites_pq_tls_1_1_2021_05_17), - .suites = cipher_suites_pq_tls_1_1_2021_05_17, - .allow_chacha20_boosting = false, -}; +//struct s2n_cipher_suite *cipher_suites_pq_tls_1_1_2021_05_17[] = { +// &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, +// &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, +// &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, +// &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, +// &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha, +// &s2n_ecdhe_rsa_with_aes_128_cbc_sha, +// &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384, +// &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, +// &s2n_ecdhe_rsa_with_aes_256_cbc_sha, +// &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha, +// &s2n_rsa_with_aes_128_gcm_sha256, +// &s2n_rsa_with_aes_128_cbc_sha256, +// &s2n_rsa_with_aes_128_cbc_sha, +// &s2n_rsa_with_aes_256_gcm_sha384, +// &s2n_rsa_with_aes_256_cbc_sha256, +// &s2n_rsa_with_aes_256_cbc_sha, +//}; +// +//const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_1_2021_05_17 = { +// .count = s2n_array_len(cipher_suites_pq_tls_1_1_2021_05_17), +// .suites = cipher_suites_pq_tls_1_1_2021_05_17, +// .allow_chacha20_boosting = false, +//}; /* Same as cipher_preferences_20190214, but with PQ Ciphers appended to top of preference list */ -struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_18[] = { - &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha, - &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha, - &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, - &s2n_rsa_with_aes_128_cbc_sha, - &s2n_rsa_with_aes_128_gcm_sha256, - &s2n_rsa_with_aes_256_gcm_sha384, - &s2n_rsa_with_aes_128_cbc_sha256, - &s2n_rsa_with_aes_256_cbc_sha, - &s2n_rsa_with_aes_256_cbc_sha256, - &s2n_rsa_with_3des_ede_cbc_sha, - &s2n_dhe_rsa_with_aes_128_cbc_sha, - &s2n_dhe_rsa_with_aes_128_gcm_sha256, - &s2n_dhe_rsa_with_aes_256_gcm_sha384, - &s2n_dhe_rsa_with_aes_128_cbc_sha256, - &s2n_dhe_rsa_with_aes_256_cbc_sha, - &s2n_dhe_rsa_with_aes_256_cbc_sha256, -}; - -const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_18 = { - .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_18), - .suites = cipher_suites_pq_tls_1_0_2021_05_18, - .allow_chacha20_boosting = false, -}; +//struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_18[] = { +// &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha, +// &s2n_ecdhe_rsa_with_aes_128_cbc_sha, +// &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, +// &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, +// &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, +// &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, +// &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha, +// &s2n_ecdhe_rsa_with_aes_256_cbc_sha, +// &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384, +// &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, +// &s2n_rsa_with_aes_128_cbc_sha, +// &s2n_rsa_with_aes_128_gcm_sha256, +// &s2n_rsa_with_aes_256_gcm_sha384, +// &s2n_rsa_with_aes_128_cbc_sha256, +// &s2n_rsa_with_aes_256_cbc_sha, +// &s2n_rsa_with_aes_256_cbc_sha256, +// &s2n_rsa_with_3des_ede_cbc_sha, +// &s2n_dhe_rsa_with_aes_128_cbc_sha, +// &s2n_dhe_rsa_with_aes_128_gcm_sha256, +// &s2n_dhe_rsa_with_aes_256_gcm_sha384, +// &s2n_dhe_rsa_with_aes_128_cbc_sha256, +// &s2n_dhe_rsa_with_aes_256_cbc_sha, +// &s2n_dhe_rsa_with_aes_256_cbc_sha256, +//}; +// +//const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_18 = { +// .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_18), +// .suites = cipher_suites_pq_tls_1_0_2021_05_18, +// .allow_chacha20_boosting = false, +//}; /* Same as ELBSecurityPolicy-2016-08, but with PQ Ciphers appended to top of preference list */ -struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_19[] = { - &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha, - &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha, - &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha, - &s2n_rsa_with_aes_128_gcm_sha256, - &s2n_rsa_with_aes_128_cbc_sha256, - &s2n_rsa_with_aes_128_cbc_sha, - &s2n_rsa_with_aes_256_gcm_sha384, - &s2n_rsa_with_aes_256_cbc_sha256, - &s2n_rsa_with_aes_256_cbc_sha, -}; - -const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_19 = { - .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_19), - .suites = cipher_suites_pq_tls_1_0_2021_05_19, - .allow_chacha20_boosting = false, -}; - -/* Same as ELBSecurityPolicy-TLS-1-1-2017-01, but with TLS 1.3 and PQ Ciphers appended to top of preference list */ -struct s2n_cipher_suite *cipher_suites_pq_tls_1_1_2021_05_21[] = { - /* TLS 1.3 Ciphers don't specify their Key exchange method, allowing for Hybrid PQ KEMs to be negotiated separately */ - S2N_TLS13_CLOUDFRONT_CIPHER_SUITES_20200716, - &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha, - &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha, - &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha, - &s2n_rsa_with_aes_128_gcm_sha256, - &s2n_rsa_with_aes_128_cbc_sha256, - &s2n_rsa_with_aes_128_cbc_sha, - &s2n_rsa_with_aes_256_gcm_sha384, - &s2n_rsa_with_aes_256_cbc_sha256, - &s2n_rsa_with_aes_256_cbc_sha, -}; - -const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_1_2021_05_21 = { - .count = s2n_array_len(cipher_suites_pq_tls_1_1_2021_05_21), - .suites = cipher_suites_pq_tls_1_1_2021_05_21, - .allow_chacha20_boosting = false, -}; - -/* Same as cipher_preferences_20190214, but with TLS 1.3 and PQ Ciphers appended to top of preference list */ -struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_22[] = { - /* TLS 1.3 Ciphers don't specify their Key exchange method, allowing for Hybrid PQ KEMs to be negotiated separately */ - S2N_TLS13_CLOUDFRONT_CIPHER_SUITES_20200716, - &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha, - &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha, - &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, - &s2n_rsa_with_aes_128_cbc_sha, - &s2n_rsa_with_aes_128_gcm_sha256, - &s2n_rsa_with_aes_256_gcm_sha384, - &s2n_rsa_with_aes_128_cbc_sha256, - &s2n_rsa_with_aes_256_cbc_sha, - &s2n_rsa_with_aes_256_cbc_sha256, - &s2n_rsa_with_3des_ede_cbc_sha, - &s2n_dhe_rsa_with_aes_128_cbc_sha, - &s2n_dhe_rsa_with_aes_128_gcm_sha256, - &s2n_dhe_rsa_with_aes_256_gcm_sha384, - &s2n_dhe_rsa_with_aes_128_cbc_sha256, - &s2n_dhe_rsa_with_aes_256_cbc_sha, - &s2n_dhe_rsa_with_aes_256_cbc_sha256, -}; - -const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_22 = { - .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_22), - .suites = cipher_suites_pq_tls_1_0_2021_05_22, - .allow_chacha20_boosting = false, -}; - -/* Same as ELBSecurityPolicy-2016-08, but with TLS 1.3 and PQ Ciphers appended to top of preference list */ -struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_23[] = { - /* TLS 1.3 Ciphers don't specify their Key exchange method, allowing for Hybrid PQ KEMs to be negotiated separately */ - S2N_TLS13_CLOUDFRONT_CIPHER_SUITES_20200716, - &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha, - &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha, - &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha, - &s2n_rsa_with_aes_128_gcm_sha256, - &s2n_rsa_with_aes_128_cbc_sha256, - &s2n_rsa_with_aes_128_cbc_sha, - &s2n_rsa_with_aes_256_gcm_sha384, - &s2n_rsa_with_aes_256_cbc_sha256, - &s2n_rsa_with_aes_256_cbc_sha, -}; - -const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_23 = { - .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_23), - .suites = cipher_suites_pq_tls_1_0_2021_05_23, - .allow_chacha20_boosting = false, -}; - -/* Same as cipher_preferences_kms_pq_tls_1_0_2020_07, but with TLS 1.3 appended to top of preference list */ -struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_24[] = { - /* TLS 1.3 Ciphers don't specify their Key exchange method, allowing for Hybrid PQ KEMs to be negotiated separately */ - S2N_TLS13_CIPHER_SUITES_20190801, - &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_rsa_with_3des_ede_cbc_sha, - &s2n_dhe_rsa_with_aes_256_cbc_sha256, - &s2n_dhe_rsa_with_aes_128_cbc_sha256, - &s2n_dhe_rsa_with_aes_256_cbc_sha, - &s2n_dhe_rsa_with_aes_128_cbc_sha, -}; - -const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_24 = { - .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_24), - .suites = cipher_suites_pq_tls_1_0_2021_05_24, - .allow_chacha20_boosting = false, -}; +//struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_19[] = { +// &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, +// &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, +// &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, +// &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, +// &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha, +// &s2n_ecdhe_rsa_with_aes_128_cbc_sha, +// &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384, +// &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, +// &s2n_ecdhe_rsa_with_aes_256_cbc_sha, +// &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha, +// &s2n_rsa_with_aes_128_gcm_sha256, +// &s2n_rsa_with_aes_128_cbc_sha256, +// &s2n_rsa_with_aes_128_cbc_sha, +// &s2n_rsa_with_aes_256_gcm_sha384, +// &s2n_rsa_with_aes_256_cbc_sha256, +// &s2n_rsa_with_aes_256_cbc_sha, +//}; + +//const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_19 = { +// .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_19), +// .suites = cipher_suites_pq_tls_1_0_2021_05_19, +// .allow_chacha20_boosting = false, +//}; /* Same as 20190214_gcm, but with PQ Ciphers appended to top of preference list */ -struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_25[] = { - &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha, - &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha, - &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, - &s2n_rsa_with_aes_128_gcm_sha256, - &s2n_rsa_with_aes_256_gcm_sha384, - &s2n_rsa_with_aes_128_cbc_sha, - &s2n_rsa_with_aes_128_cbc_sha256, - &s2n_rsa_with_aes_256_cbc_sha, - &s2n_rsa_with_aes_256_cbc_sha256, - &s2n_rsa_with_3des_ede_cbc_sha, - &s2n_dhe_rsa_with_aes_128_gcm_sha256, - &s2n_dhe_rsa_with_aes_256_gcm_sha384, - &s2n_dhe_rsa_with_aes_128_cbc_sha, - &s2n_dhe_rsa_with_aes_128_cbc_sha256, - &s2n_dhe_rsa_with_aes_256_cbc_sha, - &s2n_dhe_rsa_with_aes_256_cbc_sha256, -}; - -const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_25 = { - .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_25), - .suites = cipher_suites_pq_tls_1_0_2021_05_25, - .allow_chacha20_boosting = false, -}; +//struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_25[] = { +// &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, +// &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, +// &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha, +// &s2n_ecdhe_rsa_with_aes_128_cbc_sha, +// &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, +// &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, +// &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha, +// &s2n_ecdhe_rsa_with_aes_256_cbc_sha, +// &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384, +// &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, +// &s2n_rsa_with_aes_128_gcm_sha256, +// &s2n_rsa_with_aes_256_gcm_sha384, +// &s2n_rsa_with_aes_128_cbc_sha, +// &s2n_rsa_with_aes_128_cbc_sha256, +// &s2n_rsa_with_aes_256_cbc_sha, +// &s2n_rsa_with_aes_256_cbc_sha256, +// &s2n_rsa_with_3des_ede_cbc_sha, +// &s2n_dhe_rsa_with_aes_128_gcm_sha256, +// &s2n_dhe_rsa_with_aes_256_gcm_sha384, +// &s2n_dhe_rsa_with_aes_128_cbc_sha, +// &s2n_dhe_rsa_with_aes_128_cbc_sha256, +// &s2n_dhe_rsa_with_aes_256_cbc_sha, +// &s2n_dhe_rsa_with_aes_256_cbc_sha256, +//}; +// +//const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_25 = { +// .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_25), +// .suites = cipher_suites_pq_tls_1_0_2021_05_25, +// .allow_chacha20_boosting = false, +//}; /* Same as 20190214_gcm, but with TLS 1.3 and PQ Ciphers appended to top of preference list */ -struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_26[] = { - /* TLS 1.3 Ciphers don't specify their Key exchange method, allowing for Hybrid PQ KEMs to be negotiated separately */ - S2N_TLS13_CLOUDFRONT_CIPHER_SUITES_20200716, - &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, - &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, - &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha, - &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, - &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha, - &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384, - &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, - &s2n_rsa_with_aes_128_gcm_sha256, - &s2n_rsa_with_aes_256_gcm_sha384, - &s2n_rsa_with_aes_128_cbc_sha, - &s2n_rsa_with_aes_128_cbc_sha256, - &s2n_rsa_with_aes_256_cbc_sha, - &s2n_rsa_with_aes_256_cbc_sha256, - &s2n_rsa_with_3des_ede_cbc_sha, - &s2n_dhe_rsa_with_aes_128_gcm_sha256, - &s2n_dhe_rsa_with_aes_256_gcm_sha384, - &s2n_dhe_rsa_with_aes_128_cbc_sha, - &s2n_dhe_rsa_with_aes_128_cbc_sha256, - &s2n_dhe_rsa_with_aes_256_cbc_sha, - &s2n_dhe_rsa_with_aes_256_cbc_sha256, -}; - -const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_26 = { - .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_26), - .suites = cipher_suites_pq_tls_1_0_2021_05_26, - .allow_chacha20_boosting = false, -}; +//struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_26[] = { +// /* TLS 1.3 Ciphers don't specify their Key exchange method, allowing for Hybrid PQ KEMs to be negotiated separately */ +// S2N_TLS13_CLOUDFRONT_CIPHER_SUITES_20200716, +// &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, +// &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, +// &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, +// &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha, +// &s2n_ecdhe_rsa_with_aes_128_cbc_sha, +// &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, +// &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, +// &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha, +// &s2n_ecdhe_rsa_with_aes_256_cbc_sha, +// &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384, +// &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, +// &s2n_rsa_with_aes_128_gcm_sha256, +// &s2n_rsa_with_aes_256_gcm_sha384, +// &s2n_rsa_with_aes_128_cbc_sha, +// &s2n_rsa_with_aes_128_cbc_sha256, +// &s2n_rsa_with_aes_256_cbc_sha, +// &s2n_rsa_with_aes_256_cbc_sha256, +// &s2n_rsa_with_3des_ede_cbc_sha, +// &s2n_dhe_rsa_with_aes_128_gcm_sha256, +// &s2n_dhe_rsa_with_aes_256_gcm_sha384, +// &s2n_dhe_rsa_with_aes_128_cbc_sha, +// &s2n_dhe_rsa_with_aes_128_cbc_sha256, +// &s2n_dhe_rsa_with_aes_256_cbc_sha, +// &s2n_dhe_rsa_with_aes_256_cbc_sha256, +//}; +// +//const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_26 = { +// .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_26), +// .suites = cipher_suites_pq_tls_1_0_2021_05_26, +// .allow_chacha20_boosting = false, +//}; /* Same as 2021_05_26 except: * diff --git a/tls/s2n_cipher_preferences.h b/tls/s2n_cipher_preferences.h index 37c86f3fd84..32128528c5d 100644 --- a/tls/s2n_cipher_preferences.h +++ b/tls/s2n_cipher_preferences.h @@ -122,21 +122,21 @@ extern const struct s2n_cipher_preferences cipher_preferences_kms_tls_1_0_2018_1 extern const struct s2n_cipher_preferences cipher_preferences_kms_tls_1_0_2021_08; extern const struct s2n_cipher_preferences cipher_preferences_kms_fips_tls_1_2_2018_10; extern const struct s2n_cipher_preferences cipher_preferences_kms_fips_tls_1_2_2021_08; -extern const struct s2n_cipher_preferences cipher_preferences_kms_pq_tls_1_0_2019_06; -extern const struct s2n_cipher_preferences cipher_preferences_kms_pq_tls_1_0_2020_02; -extern const struct s2n_cipher_preferences cipher_preferences_kms_pq_tls_1_0_2020_07; -extern const struct s2n_cipher_preferences cipher_preferences_pq_sike_test_tls_1_0_2019_11; -extern const struct s2n_cipher_preferences cipher_preferences_pq_sike_test_tls_1_0_2020_02; +//extern const struct s2n_cipher_preferences cipher_preferences_kms_pq_tls_1_0_2019_06; +//extern const struct s2n_cipher_preferences cipher_preferences_kms_pq_tls_1_0_2020_02; +//extern const struct s2n_cipher_preferences cipher_preferences_kms_pq_tls_1_0_2020_07; +//extern const struct s2n_cipher_preferences cipher_preferences_pq_sike_test_tls_1_0_2019_11; +//extern const struct s2n_cipher_preferences cipher_preferences_pq_sike_test_tls_1_0_2020_02; extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2020_12; -extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_1_2021_05_17; -extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_18; -extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_19; -extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_1_2021_05_21; -extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_22; -extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_23; -extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_24; -extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_25; -extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_26; +//extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_1_2021_05_17; +//extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_18; +//extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_19; +//extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_1_2021_05_21; +//extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_22; +//extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_23; +//extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_24; +//extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_25; +//extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_26; extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_3_2023_06_01; extern const struct s2n_cipher_preferences cipher_preferences_null; diff --git a/tls/s2n_cipher_suites.c b/tls/s2n_cipher_suites.c index d7d563dca9b..148e81a32bb 100644 --- a/tls/s2n_cipher_suites.c +++ b/tls/s2n_cipher_suites.c @@ -712,23 +712,6 @@ struct s2n_cipher_suite s2n_dhe_rsa_with_chacha20_poly1305_sha256 = /* 0xCC,0xAA .minimum_required_tls_version = S2N_TLS12, }; -/* From https://tools.ietf.org/html/draft-campagna-tls-bike-sike-hybrid */ - -struct s2n_cipher_suite s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384 = /* 0xFF, 0x0C */ { - .available = 0, - .name = "ECDHE-KYBER-RSA-AES256-GCM-SHA384", - .iana_name = "TLS_ECDHE_KYBER_RSA_WITH_AES_256_GCM_SHA384", - .iana_value = { TLS_ECDHE_KYBER_RSA_WITH_AES_256_GCM_SHA384 }, - .key_exchange_alg = &s2n_hybrid_ecdhe_kem, - .auth_method = S2N_AUTHENTICATION_RSA, - .record_alg = NULL, - .all_record_algs = { &s2n_record_alg_aes256_gcm }, - .num_record_algs = 1, - .sslv3_record_alg = NULL, - .prf_alg = S2N_HMAC_SHA384, - .minimum_required_tls_version = S2N_TLS12, -}; - struct s2n_cipher_suite s2n_tls13_aes_128_gcm_sha256 = { .available = 0, .name = "TLS_AES_128_GCM_SHA256", @@ -817,7 +800,6 @@ static struct s2n_cipher_suite *s2n_all_cipher_suites[] = { &s2n_ecdhe_rsa_with_chacha20_poly1305_sha256, /* 0xCC,0xA8 */ &s2n_ecdhe_ecdsa_with_chacha20_poly1305_sha256, /* 0xCC,0xA9 */ &s2n_dhe_rsa_with_chacha20_poly1305_sha256, /* 0xCC,0xAA */ - &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, /* 0xFF,0x0C */ }; /* All supported ciphers. Exposed for integration testing. */ @@ -863,7 +845,6 @@ static struct s2n_cipher_suite *s2n_all_tls12_cipher_suites[] = { &s2n_ecdhe_rsa_with_chacha20_poly1305_sha256, /* 0xCC,0xA8 */ &s2n_ecdhe_ecdsa_with_chacha20_poly1305_sha256, /* 0xCC,0xA9 */ &s2n_dhe_rsa_with_chacha20_poly1305_sha256, /* 0xCC,0xAA */ - &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, /* 0xFF,0x0C */ }; const struct s2n_cipher_preferences cipher_preferences_test_all_tls12 = { @@ -1029,12 +1010,6 @@ int s2n_cipher_suites_init(void) } } - /* Mark PQ cipher suites as unavailable if PQ is disabled */ - if (s2n_kex_includes(cur_suite->key_exchange_alg, &s2n_kem) && !s2n_pq_is_enabled()) { - cur_suite->available = 0; - cur_suite->record_alg = NULL; - } - /* Initialize SSLv3 cipher suite if SSLv3 utilizes a different record algorithm */ if (cur_suite->sslv3_record_alg && cur_suite->sslv3_record_alg->cipher->is_available()) { struct s2n_blob cur_suite_mem = { 0 }; @@ -1321,10 +1296,6 @@ static int s2n_set_cipher_as_server(struct s2n_connection *conn, uint8_t *wire, if (!kex_supported) { continue; } - /* If the kex is not configured correctly continue to the next candidate */ - if (s2n_result_is_error(s2n_configure_kex(match, conn))) { - continue; - } /** *= https://www.rfc-editor.org/rfc/rfc8446#section-4.2.11 @@ -1406,15 +1377,3 @@ bool s2n_cipher_suite_requires_ecc_extension(struct s2n_cipher_suite *cipher) return false; } - -bool s2n_cipher_suite_requires_pq_extension(struct s2n_cipher_suite *cipher) -{ - if (!cipher) { - return false; - } - - if (s2n_kex_includes(cipher->key_exchange_alg, &s2n_kem)) { - return true; - } - return false; -} diff --git a/tls/s2n_cipher_suites.h b/tls/s2n_cipher_suites.h index 5c0ce5e16a3..e3cbffe9b9c 100644 --- a/tls/s2n_cipher_suites.h +++ b/tls/s2n_cipher_suites.h @@ -33,7 +33,7 @@ #define S2N_MAX_POSSIBLE_RECORD_ALGS 2 /* Kept up-to-date by s2n_cipher_suite_test */ -#define S2N_CIPHER_SUITE_COUNT 37 +#define S2N_CIPHER_SUITE_COUNT 36 /* Record algorithm flags that can be OR'ed */ #define S2N_TLS12_AES_GCM_AEAD_NONCE 0x01 @@ -170,4 +170,3 @@ int s2n_set_cipher_as_client(struct s2n_connection *conn, uint8_t wire[S2N_TLS_C int s2n_set_cipher_as_sslv2_server(struct s2n_connection *conn, uint8_t *wire, uint16_t count); int s2n_set_cipher_as_tls_server(struct s2n_connection *conn, uint8_t *wire, uint16_t count); bool s2n_cipher_suite_requires_ecc_extension(struct s2n_cipher_suite *cipher); -bool s2n_cipher_suite_requires_pq_extension(struct s2n_cipher_suite *cipher); diff --git a/tls/s2n_client_key_exchange.c b/tls/s2n_client_key_exchange.c index 303cece9483..6560230158c 100644 --- a/tls/s2n_client_key_exchange.c +++ b/tls/s2n_client_key_exchange.c @@ -39,45 +39,6 @@ typedef void *s2n_stuffer_action(struct s2n_stuffer *stuffer, uint32_t data_len) static int s2n_rsa_client_key_recv_complete(struct s2n_connection *conn, bool rsa_failed, struct s2n_blob *shared_key); -static int s2n_hybrid_client_action(struct s2n_connection *conn, struct s2n_blob *combined_shared_key, - s2n_kex_client_key_method kex_method, uint32_t *cursor, s2n_stuffer_action stuffer_action) -{ - POSIX_ENSURE_REF(conn); - POSIX_ENSURE_REF(conn->secure); - POSIX_ENSURE_REF(kex_method); - POSIX_ENSURE_REF(stuffer_action); - - struct s2n_stuffer *io = &conn->handshake.io; - const struct s2n_kex *hybrid_kex_0 = conn->secure->cipher_suite->key_exchange_alg->hybrid[0]; - const struct s2n_kex *hybrid_kex_1 = conn->secure->cipher_suite->key_exchange_alg->hybrid[1]; - - /* Keep a copy to the start of the entire hybrid client key exchange message for the hybrid PRF */ - struct s2n_blob *client_key_exchange_message = &conn->kex_params.client_key_exchange_message; - client_key_exchange_message->data = stuffer_action(io, 0); - POSIX_ENSURE_REF(client_key_exchange_message->data); - const uint32_t start_cursor = *cursor; - - DEFER_CLEANUP(struct s2n_blob shared_key_0 = { 0 }, s2n_free); - POSIX_GUARD_RESULT(kex_method(hybrid_kex_0, conn, &shared_key_0)); - - struct s2n_blob *shared_key_1 = &(conn->kex_params.kem_params.shared_secret); - POSIX_GUARD_RESULT(kex_method(hybrid_kex_1, conn, shared_key_1)); - - const uint32_t end_cursor = *cursor; - POSIX_ENSURE_GTE(end_cursor, start_cursor); - client_key_exchange_message->size = end_cursor - start_cursor; - - POSIX_GUARD(s2n_alloc(combined_shared_key, shared_key_0.size + shared_key_1->size)); - struct s2n_stuffer stuffer_combiner = { 0 }; - POSIX_GUARD(s2n_stuffer_init(&stuffer_combiner, combined_shared_key)); - POSIX_GUARD(s2n_stuffer_write(&stuffer_combiner, &shared_key_0)); - POSIX_GUARD(s2n_stuffer_write(&stuffer_combiner, shared_key_1)); - - POSIX_GUARD(s2n_kem_free(&conn->kex_params.kem_params)); - - return 0; -} - static int s2n_calculate_keys(struct s2n_connection *conn, struct s2n_blob *shared_key) { POSIX_ENSURE_REF(conn); @@ -198,33 +159,6 @@ int s2n_ecdhe_client_key_recv(struct s2n_connection *conn, struct s2n_blob *shar return 0; } -int s2n_kem_client_key_recv(struct s2n_connection *conn, struct s2n_blob *shared_key) -{ - /* s2n_kem_recv_ciphertext() writes the KEM shared secret directly to - * conn->kex_params.kem_params. However, the calling function - * likely expects *shared_key to point to the shared secret. We - * can't reassign *shared_key to point to kem_params.shared_secret, - * because that would require us to take struct s2n_blob **shared_key - * as the argument, but we can't (easily) change the function signature - * because it has to be consistent with what is defined in s2n_kex. - * - * So, we assert that the caller already has *shared_key pointing - * to kem_params.shared_secret. */ - POSIX_ENSURE_REF(shared_key); - S2N_ERROR_IF(shared_key != &(conn->kex_params.kem_params.shared_secret), S2N_ERR_SAFETY); - conn->kex_params.kem_params.len_prefixed = true; /* PQ TLS 1.2 is always length prefixed. */ - - POSIX_GUARD(s2n_kem_recv_ciphertext(&(conn->handshake.io), &(conn->kex_params.kem_params))); - - return 0; -} - -int s2n_hybrid_client_key_recv(struct s2n_connection *conn, struct s2n_blob *combined_shared_key) -{ - return s2n_hybrid_client_action(conn, combined_shared_key, &s2n_kex_client_key_recv, &conn->handshake.io.read_cursor, - &s2n_stuffer_raw_read); -} - int s2n_client_key_recv(struct s2n_connection *conn) { POSIX_ENSURE_REF(conn); @@ -298,34 +232,6 @@ int s2n_rsa_client_key_send(struct s2n_connection *conn, struct s2n_blob *shared return 0; } -int s2n_kem_client_key_send(struct s2n_connection *conn, struct s2n_blob *shared_key) -{ - /* s2n_kem_send_ciphertext() writes the KEM shared secret directly to - * conn->kex_params.kem_params. However, the calling function - * likely expects *shared_key to point to the shared secret. We - * can't reassign *shared_key to point to kem_params.shared_secret, - * because that would require us to take struct s2n_blob **shared_key - * as the argument, but we can't (easily) change the function signature - * because it has to be consistent with what is defined in s2n_kex. - * - * So, we assert that the caller already has *shared_key pointing - * to kem_params.shared_secret. */ - POSIX_ENSURE_REF(shared_key); - S2N_ERROR_IF(shared_key != &(conn->kex_params.kem_params.shared_secret), S2N_ERR_SAFETY); - - conn->kex_params.kem_params.len_prefixed = true; /* PQ TLS 1.2 is always length prefixed */ - - POSIX_GUARD(s2n_kem_send_ciphertext(&(conn->handshake.io), &(conn->kex_params.kem_params))); - - return 0; -} - -int s2n_hybrid_client_key_send(struct s2n_connection *conn, struct s2n_blob *combined_shared_key) -{ - return s2n_hybrid_client_action(conn, combined_shared_key, &s2n_kex_client_key_send, &conn->handshake.io.write_cursor, - s2n_stuffer_raw_write); -} - int s2n_client_key_send(struct s2n_connection *conn) { POSIX_ENSURE_REF(conn); diff --git a/tls/s2n_client_key_exchange.h b/tls/s2n_client_key_exchange.h index 4b1f91f8f54..75706d8cdc5 100644 --- a/tls/s2n_client_key_exchange.h +++ b/tls/s2n_client_key_exchange.h @@ -21,13 +21,11 @@ int s2n_dhe_client_key_send(struct s2n_connection *conn, struct s2n_blob *shared_key); int s2n_ecdhe_client_key_send(struct s2n_connection *conn, struct s2n_blob *shared_key); int s2n_rsa_client_key_send(struct s2n_connection *conn, struct s2n_blob *shared_key); -int s2n_kem_client_key_send(struct s2n_connection *conn, struct s2n_blob *shared_key); int s2n_hybrid_client_key_send(struct s2n_connection *conn, struct s2n_blob *shared_key); int s2n_dhe_client_key_recv(struct s2n_connection *conn, struct s2n_blob *shared_key); int s2n_ecdhe_client_key_recv(struct s2n_connection *conn, struct s2n_blob *shared_key); int s2n_rsa_client_key_recv(struct s2n_connection *conn, struct s2n_blob *shared_key); -int s2n_kem_client_key_recv(struct s2n_connection *conn, struct s2n_blob *shared_key); int s2n_hybrid_client_key_recv(struct s2n_connection *conn, struct s2n_blob *shared_key); int s2n_dhe_client_key_external(struct s2n_connection *conn, struct s2n_blob *shared_key); diff --git a/tls/s2n_connection.c b/tls/s2n_connection.c index fcc737d7718..88aa18a6735 100644 --- a/tls/s2n_connection.c +++ b/tls/s2n_connection.c @@ -158,7 +158,6 @@ static int s2n_connection_wipe_keys(struct s2n_connection *conn) s2n_x509_validator_wipe(&conn->x509_validator); POSIX_GUARD(s2n_dh_params_free(&conn->kex_params.server_dh_params)); POSIX_GUARD_RESULT(s2n_connection_wipe_all_keyshares(conn)); - POSIX_GUARD(s2n_kem_free(&conn->kex_params.kem_params)); POSIX_GUARD(s2n_free(&conn->handshake_params.client_cert_chain)); POSIX_GUARD(s2n_free(&conn->ct_response)); @@ -986,11 +985,8 @@ const char *s2n_connection_get_kem_name(struct s2n_connection *conn) { PTR_ENSURE_REF(conn); - if (!conn->kex_params.kem_params.kem) { - return "NONE"; - } - - return conn->kex_params.kem_params.kem->name; + /* PQ TLS 1.2 KEMs are no longer supported. Only PQ TLS 1.3 KemGroups are supported. */ + return "NONE"; } const char *s2n_connection_get_kem_group_name(struct s2n_connection *conn) diff --git a/tls/s2n_crypto.h b/tls/s2n_crypto.h index 9a52ce799bd..af82d58427a 100644 --- a/tls/s2n_crypto.h +++ b/tls/s2n_crypto.h @@ -37,9 +37,7 @@ struct s2n_kex_parameters { struct s2n_kem_group_params server_kem_group_params; struct s2n_kem_group_params client_kem_group_params; const struct s2n_kem_group *mutually_supported_kem_groups[S2N_KEM_GROUPS_COUNT]; - struct s2n_kem_params kem_params; struct s2n_blob client_key_exchange_message; - struct s2n_blob client_pq_kem_extension; }; struct s2n_tls12_secrets { diff --git a/tls/s2n_kem.c b/tls/s2n_kem.c index ca71e4f9cfb..f536f527edb 100644 --- a/tls/s2n_kem.c +++ b/tls/s2n_kem.c @@ -26,7 +26,6 @@ const struct s2n_kem s2n_mlkem_768 = { .name = "mlkem768", .kem_nid = S2N_NID_MLKEM768, - .kem_extension_id = 0, /* This is not used in TLS 1.2's KEM extension */ .public_key_length = S2N_MLKEM_768_PUBLIC_KEY_BYTES, .private_key_length = S2N_MLKEM_768_SECRET_KEY_BYTES, .shared_secret_key_length = S2N_MLKEM_768_SHARED_SECRET_BYTES, @@ -39,7 +38,6 @@ const struct s2n_kem s2n_mlkem_768 = { const struct s2n_kem s2n_kyber_512_r3 = { .name = "kyber512r3", .kem_nid = S2N_NID_KYBER512, - .kem_extension_id = TLS_PQ_KEM_EXTENSION_ID_KYBER_512_R3, .public_key_length = S2N_KYBER_512_R3_PUBLIC_KEY_BYTES, .private_key_length = S2N_KYBER_512_R3_SECRET_KEY_BYTES, .shared_secret_key_length = S2N_KYBER_512_R3_SHARED_SECRET_BYTES, @@ -52,7 +50,6 @@ const struct s2n_kem s2n_kyber_512_r3 = { const struct s2n_kem s2n_kyber_768_r3 = { .name = "kyber768r3", .kem_nid = S2N_NID_KYBER768, - .kem_extension_id = 0, /* This is not used in TLS 1.2's KEM extension */ .public_key_length = S2N_KYBER_768_R3_PUBLIC_KEY_BYTES, .private_key_length = S2N_KYBER_768_R3_SECRET_KEY_BYTES, .shared_secret_key_length = S2N_KYBER_768_R3_SHARED_SECRET_BYTES, @@ -65,7 +62,6 @@ const struct s2n_kem s2n_kyber_768_r3 = { const struct s2n_kem s2n_kyber_1024_r3 = { .name = "kyber1024r3", .kem_nid = S2N_NID_KYBER1024, - .kem_extension_id = 0, /* This is not used in TLS 1.2's KEM extension */ .public_key_length = S2N_KYBER_1024_R3_PUBLIC_KEY_BYTES, .private_key_length = S2N_KYBER_1024_R3_SECRET_KEY_BYTES, .shared_secret_key_length = S2N_KYBER_1024_R3_SHARED_SECRET_BYTES, @@ -75,18 +71,6 @@ const struct s2n_kem s2n_kyber_1024_r3 = { .decapsulate = &s2n_evp_kem_decapsulate, }; -const struct s2n_kem *tls12_kyber_kems[] = { - &s2n_kyber_512_r3, -}; - -const struct s2n_iana_to_kem kem_mapping[1] = { - { - .iana_value = { TLS_ECDHE_KYBER_RSA_WITH_AES_256_GCM_SHA384 }, - .kems = tls12_kyber_kems, - .kem_count = s2n_array_len(tls12_kyber_kems), - }, -}; - /* Specific assignments of KEM group IDs and names have not yet been * published in an RFC (or draft). There is consensus in the * community to use values in the proposed reserved range defined in @@ -243,74 +227,6 @@ S2N_RESULT s2n_kem_decapsulate(struct s2n_kem_params *kem_params, const struct s return S2N_RESULT_OK; } -static int s2n_kem_check_kem_compatibility(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], const struct s2n_kem *candidate_kem, - uint8_t *kem_is_compatible) -{ - const struct s2n_iana_to_kem *compatible_kems = NULL; - POSIX_GUARD(s2n_cipher_suite_to_kem(iana_value, &compatible_kems)); - - for (uint8_t i = 0; i < compatible_kems->kem_count; i++) { - if (candidate_kem->kem_extension_id == compatible_kems->kems[i]->kem_extension_id) { - *kem_is_compatible = 1; - return S2N_SUCCESS; - } - } - - *kem_is_compatible = 0; - return S2N_SUCCESS; -} - -int s2n_choose_kem_with_peer_pref_list(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], struct s2n_blob *client_kem_ids, - const struct s2n_kem *server_kem_pref_list[], const uint8_t num_server_supported_kems, const struct s2n_kem **chosen_kem) -{ - struct s2n_stuffer client_kem_ids_stuffer = { 0 }; - POSIX_GUARD(s2n_stuffer_init(&client_kem_ids_stuffer, client_kem_ids)); - POSIX_GUARD(s2n_stuffer_write(&client_kem_ids_stuffer, client_kem_ids)); - - /* Each KEM ID is 2 bytes */ - uint8_t num_client_candidate_kems = client_kem_ids->size / 2; - - for (uint8_t i = 0; i < num_server_supported_kems; i++) { - const struct s2n_kem *candidate_server_kem = (server_kem_pref_list[i]); - - uint8_t server_kem_is_compatible = 0; - POSIX_GUARD(s2n_kem_check_kem_compatibility(iana_value, candidate_server_kem, &server_kem_is_compatible)); - - if (!server_kem_is_compatible) { - continue; - } - - for (uint8_t j = 0; j < num_client_candidate_kems; j++) { - kem_extension_size candidate_client_kem_id = 0; - POSIX_GUARD(s2n_stuffer_read_uint16(&client_kem_ids_stuffer, &candidate_client_kem_id)); - - if (candidate_server_kem->kem_extension_id == candidate_client_kem_id) { - *chosen_kem = candidate_server_kem; - return S2N_SUCCESS; - } - } - POSIX_GUARD(s2n_stuffer_reread(&client_kem_ids_stuffer)); - } - - /* Client and server did not propose any mutually supported KEMs compatible with the ciphersuite */ - POSIX_BAIL(S2N_ERR_KEM_UNSUPPORTED_PARAMS); -} - -int s2n_choose_kem_without_peer_pref_list(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], const struct s2n_kem *server_kem_pref_list[], - const uint8_t num_server_supported_kems, const struct s2n_kem **chosen_kem) -{ - for (uint8_t i = 0; i < num_server_supported_kems; i++) { - uint8_t kem_is_compatible = 0; - POSIX_GUARD(s2n_kem_check_kem_compatibility(iana_value, server_kem_pref_list[i], &kem_is_compatible)); - if (kem_is_compatible) { - *chosen_kem = server_kem_pref_list[i]; - return S2N_SUCCESS; - } - } - - /* The server preference list did not contain any KEM extensions compatible with the ciphersuite */ - POSIX_BAIL(S2N_ERR_KEM_UNSUPPORTED_PARAMS); -} int s2n_kem_free(struct s2n_kem_params *kem_params) { @@ -331,35 +247,6 @@ int s2n_kem_group_free(struct s2n_kem_group_params *kem_group_params) return S2N_SUCCESS; } -int s2n_cipher_suite_to_kem(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], const struct s2n_iana_to_kem **compatible_params) -{ - for (size_t i = 0; i < s2n_array_len(kem_mapping); i++) { - const struct s2n_iana_to_kem *candidate = &kem_mapping[i]; - if (s2n_constant_time_equals(iana_value, candidate->iana_value, S2N_TLS_CIPHER_SUITE_LEN)) { - *compatible_params = candidate; - return S2N_SUCCESS; - } - } - POSIX_BAIL(S2N_ERR_KEM_UNSUPPORTED_PARAMS); -} - -int s2n_get_kem_from_extension_id(kem_extension_size kem_id, const struct s2n_kem **kem) -{ - for (size_t i = 0; i < s2n_array_len(kem_mapping); i++) { - const struct s2n_iana_to_kem *iana_to_kem = &kem_mapping[i]; - - for (int j = 0; j < iana_to_kem->kem_count; j++) { - const struct s2n_kem *candidate_kem = iana_to_kem->kems[j]; - if (candidate_kem->kem_extension_id == kem_id) { - *kem = candidate_kem; - return S2N_SUCCESS; - } - } - } - - POSIX_BAIL(S2N_ERR_KEM_UNSUPPORTED_PARAMS); -} - int s2n_kem_send_public_key(struct s2n_stuffer *out, struct s2n_kem_params *kem_params) { POSIX_ENSURE_REF(out); diff --git a/tls/s2n_kem.h b/tls/s2n_kem.h index 52590223fb1..e13c4b4dcbd 100644 --- a/tls/s2n_kem.h +++ b/tls/s2n_kem.h @@ -50,7 +50,6 @@ typedef uint16_t kem_ciphertext_key_size; struct s2n_kem { const char *name; int kem_nid; - const kem_extension_size kem_extension_id; const kem_public_key_size public_key_length; const kem_private_key_size private_key_length; const kem_shared_secret_size shared_secret_key_length; @@ -117,17 +116,8 @@ extern const struct s2n_kem_group s2n_x25519_kyber_768_r3; S2N_RESULT s2n_kem_generate_keypair(struct s2n_kem_params *kem_params); S2N_RESULT s2n_kem_encapsulate(struct s2n_kem_params *kem_params, struct s2n_blob *ciphertext); S2N_RESULT s2n_kem_decapsulate(struct s2n_kem_params *kem_params, const struct s2n_blob *ciphertext); -int s2n_choose_kem_with_peer_pref_list(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], - struct s2n_blob *client_kem_ids, const struct s2n_kem *server_kem_pref_list[], - const uint8_t num_server_supported_kems, const struct s2n_kem **chosen_kem); -int s2n_choose_kem_without_peer_pref_list(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], - const struct s2n_kem *server_kem_pref_list[], const uint8_t num_server_supported_kems, - const struct s2n_kem **chosen_kem); int s2n_kem_free(struct s2n_kem_params *kem_params); int s2n_kem_group_free(struct s2n_kem_group_params *kem_group_params); -int s2n_cipher_suite_to_kem(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], - const struct s2n_iana_to_kem **supported_params); -int s2n_get_kem_from_extension_id(kem_extension_size kem_id, const struct s2n_kem **kem); int s2n_kem_send_public_key(struct s2n_stuffer *out, struct s2n_kem_params *kem_params); int s2n_kem_recv_public_key(struct s2n_stuffer *in, struct s2n_kem_params *kem_params); int s2n_kem_send_ciphertext(struct s2n_stuffer *out, struct s2n_kem_params *kem_params); diff --git a/tls/s2n_kem_preferences.c b/tls/s2n_kem_preferences.c index 9024807e8a3..154a2ad147e 100644 --- a/tls/s2n_kem_preferences.c +++ b/tls/s2n_kem_preferences.c @@ -17,10 +17,10 @@ #include "tls/s2n_kem.h" -const struct s2n_kem *pq_kems_r3_2021_05[] = { - /* Round 3 Algorithms */ - &s2n_kyber_512_r3, -}; +//const struct s2n_kem *pq_kems_r3_2021_05[] = { +// /* Round 3 Algorithms */ +// &s2n_kyber_512_r3, +//}; const struct s2n_kem_group *pq_kem_groups_r3_2021_05[] = { &s2n_x25519_kyber_512_r3, @@ -62,16 +62,12 @@ const struct s2n_kem_group *pq_kem_groups_mixed_2024_10[] = { }; const struct s2n_kem_preferences kem_preferences_pq_tls_1_0_2021_05 = { - .kem_count = s2n_array_len(pq_kems_r3_2021_05), - .kems = pq_kems_r3_2021_05, .tls13_kem_group_count = s2n_array_len(pq_kem_groups_r3_2021_05), .tls13_kem_groups = pq_kem_groups_r3_2021_05, .tls13_pq_hybrid_draft_revision = 0 }; const struct s2n_kem_preferences kem_preferences_pq_tls_1_0_2023_01 = { - .kem_count = s2n_array_len(pq_kems_r3_2021_05), - .kems = pq_kems_r3_2021_05, .tls13_kem_group_count = s2n_array_len(pq_kem_groups_r3_2021_05), .tls13_kem_groups = pq_kem_groups_r3_2021_05, .tls13_pq_hybrid_draft_revision = 5 @@ -79,8 +75,6 @@ const struct s2n_kem_preferences kem_preferences_pq_tls_1_0_2023_01 = { /* TLS 1.3 specifies KEMS via SupportedGroups extension, not TLS 1.2's KEM-specific extension. */ const struct s2n_kem_preferences kem_preferences_pq_tls_1_3_2023_06 = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = s2n_array_len(pq_kem_groups_r3_2023_06), .tls13_kem_groups = pq_kem_groups_r3_2023_06, .tls13_pq_hybrid_draft_revision = 5 @@ -88,40 +82,30 @@ const struct s2n_kem_preferences kem_preferences_pq_tls_1_3_2023_06 = { /* Same as kem_preferences_pq_tls_1_3_2023_06, but without x25519 */ const struct s2n_kem_preferences kem_preferences_pq_tls_1_3_2023_12 = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = s2n_array_len(pq_kem_groups_r3_2023_12), .tls13_kem_groups = pq_kem_groups_r3_2023_12, .tls13_pq_hybrid_draft_revision = 5 }; const struct s2n_kem_preferences kem_preferences_pq_tls_1_3_ietf_2024_10 = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = s2n_array_len(pq_kem_groups_ietf_2024_10), .tls13_kem_groups = pq_kem_groups_ietf_2024_10, .tls13_pq_hybrid_draft_revision = 5 }; const struct s2n_kem_preferences kem_preferences_pq_tls_1_3_mixed_2024_10 = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = s2n_array_len(pq_kem_groups_mixed_2024_10), .tls13_kem_groups = pq_kem_groups_mixed_2024_10, .tls13_pq_hybrid_draft_revision = 5 }; const struct s2n_kem_preferences kem_preferences_all = { - .kem_count = s2n_array_len(pq_kems_r3_2021_05), - .kems = pq_kems_r3_2021_05, .tls13_kem_group_count = S2N_KEM_GROUPS_COUNT, .tls13_kem_groups = ALL_SUPPORTED_KEM_GROUPS, .tls13_pq_hybrid_draft_revision = 5 }; const struct s2n_kem_preferences kem_preferences_null = { - .kem_count = 0, - .kems = NULL, .tls13_kem_group_count = 0, .tls13_kem_groups = NULL, .tls13_pq_hybrid_draft_revision = 0 diff --git a/tls/s2n_kem_preferences.h b/tls/s2n_kem_preferences.h index d2b8db7d703..cb9fc983096 100644 --- a/tls/s2n_kem_preferences.h +++ b/tls/s2n_kem_preferences.h @@ -21,10 +21,6 @@ #include "tls/s2n_kex.h" struct s2n_kem_preferences { - /* kems used for hybrid TLS 1.2 */ - uint8_t kem_count; - const struct s2n_kem **kems; - /* tls13_kem_groups used for hybrid TLS 1.3 */ const uint8_t tls13_kem_group_count; const struct s2n_kem_group **tls13_kem_groups; diff --git a/tls/s2n_kex.c b/tls/s2n_kex.c index 7da8c7b2586..b5a7ff2bc3a 100644 --- a/tls/s2n_kex.c +++ b/tls/s2n_kex.c @@ -67,104 +67,6 @@ static S2N_RESULT s2n_check_ecdhe(const struct s2n_cipher_suite *cipher_suite, s return S2N_RESULT_OK; } -static S2N_RESULT s2n_check_kem(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn, bool *is_supported) -{ - RESULT_ENSURE_REF(cipher_suite); - RESULT_ENSURE_REF(conn); - RESULT_ENSURE_REF(is_supported); - - /* If any of the necessary conditions are not met, we will return early and indicate KEM is not supported. */ - *is_supported = false; - - const struct s2n_kem_preferences *kem_preferences = NULL; - RESULT_GUARD_POSIX(s2n_connection_get_kem_preferences(conn, &kem_preferences)); - RESULT_ENSURE_REF(kem_preferences); - - if (!s2n_pq_is_enabled() || kem_preferences->kem_count == 0) { - return S2N_RESULT_OK; - } - - const struct s2n_iana_to_kem *supported_params = NULL; - if (s2n_cipher_suite_to_kem(cipher_suite->iana_value, &supported_params) != S2N_SUCCESS) { - return S2N_RESULT_OK; - } - - RESULT_ENSURE_REF(supported_params); - if (supported_params->kem_count == 0) { - return S2N_RESULT_OK; - } - - struct s2n_blob *client_kem_pref_list = &(conn->kex_params.client_pq_kem_extension); - const struct s2n_kem *chosen_kem = NULL; - if (client_kem_pref_list == NULL || client_kem_pref_list->data == NULL) { - /* If the client did not send a PQ KEM extension, then the server can pick its preferred parameter */ - if (s2n_choose_kem_without_peer_pref_list( - cipher_suite->iana_value, kem_preferences->kems, kem_preferences->kem_count, &chosen_kem) - != S2N_SUCCESS) { - return S2N_RESULT_OK; - } - } else { - /* If the client did send a PQ KEM extension, then the server must find a mutually supported parameter. */ - if (s2n_choose_kem_with_peer_pref_list( - cipher_suite->iana_value, client_kem_pref_list, kem_preferences->kems, kem_preferences->kem_count, &chosen_kem) - != S2N_SUCCESS) { - return S2N_RESULT_OK; - } - } - - *is_supported = chosen_kem != NULL; - return S2N_RESULT_OK; -} - -static S2N_RESULT s2n_configure_kem(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn) -{ - RESULT_ENSURE_REF(cipher_suite); - RESULT_ENSURE_REF(conn); - - RESULT_ENSURE(s2n_pq_is_enabled(), S2N_ERR_UNIMPLEMENTED); - - const struct s2n_kem_preferences *kem_preferences = NULL; - RESULT_GUARD_POSIX(s2n_connection_get_kem_preferences(conn, &kem_preferences)); - RESULT_ENSURE_REF(kem_preferences); - - struct s2n_blob *proposed_kems = &(conn->kex_params.client_pq_kem_extension); - const struct s2n_kem *chosen_kem = NULL; - if (proposed_kems == NULL || proposed_kems->data == NULL) { - /* If the client did not send a PQ KEM extension, then the server can pick its preferred parameter */ - RESULT_GUARD_POSIX(s2n_choose_kem_without_peer_pref_list(cipher_suite->iana_value, kem_preferences->kems, - kem_preferences->kem_count, &chosen_kem)); - } else { - /* If the client did send a PQ KEM extension, then the server must find a mutually supported parameter. */ - RESULT_GUARD_POSIX(s2n_choose_kem_with_peer_pref_list(cipher_suite->iana_value, proposed_kems, kem_preferences->kems, - kem_preferences->kem_count, &chosen_kem)); - } - - conn->kex_params.kem_params.kem = chosen_kem; - return S2N_RESULT_OK; -} - -static S2N_RESULT s2n_check_hybrid_ecdhe_kem(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn, bool *is_supported) -{ - RESULT_ENSURE_REF(cipher_suite); - RESULT_ENSURE_REF(conn); - RESULT_ENSURE_REF(is_supported); - - bool ecdhe_supported = false; - bool kem_supported = false; - RESULT_GUARD(s2n_check_ecdhe(cipher_suite, conn, &ecdhe_supported)); - RESULT_GUARD(s2n_check_kem(cipher_suite, conn, &kem_supported)); - - *is_supported = ecdhe_supported && kem_supported; - - return S2N_RESULT_OK; -} - -static S2N_RESULT s2n_kex_configure_noop(const struct s2n_cipher_suite *cipher_suite, - struct s2n_connection *conn) -{ - return S2N_RESULT_OK; -} - static int s2n_kex_server_key_recv_read_data_unimplemented(struct s2n_connection *conn, struct s2n_blob *data_to_verify, struct s2n_kex_raw_server_data *kex_data) { @@ -187,22 +89,9 @@ static int s2n_kex_prf_unimplemented(struct s2n_connection *conn, struct s2n_blo POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); } -const struct s2n_kex s2n_kem = { - .is_ephemeral = true, - .connection_supported = &s2n_check_kem, - .configure_connection = &s2n_configure_kem, - .server_key_recv_read_data = &s2n_kem_server_key_recv_read_data, - .server_key_recv_parse_data = &s2n_kem_server_key_recv_parse_data, - .server_key_send = &s2n_kem_server_key_send, - .client_key_recv = &s2n_kem_client_key_recv, - .client_key_send = &s2n_kem_client_key_send, - .prf = &s2n_kex_prf_unimplemented, -}; - const struct s2n_kex s2n_rsa = { .is_ephemeral = false, .connection_supported = &s2n_check_rsa_key, - .configure_connection = &s2n_kex_configure_noop, .server_key_recv_read_data = &s2n_kex_server_key_recv_read_data_unimplemented, .server_key_recv_parse_data = &s2n_kex_server_key_recv_parse_data_unimplemented, .server_key_send = &s2n_kex_io_unimplemented, @@ -214,7 +103,6 @@ const struct s2n_kex s2n_rsa = { const struct s2n_kex s2n_dhe = { .is_ephemeral = true, .connection_supported = &s2n_check_dhe, - .configure_connection = &s2n_kex_configure_noop, .server_key_recv_read_data = &s2n_dhe_server_key_recv_read_data, .server_key_recv_parse_data = &s2n_dhe_server_key_recv_parse_data, .server_key_send = &s2n_dhe_server_key_send, @@ -226,7 +114,6 @@ const struct s2n_kex s2n_dhe = { const struct s2n_kex s2n_ecdhe = { .is_ephemeral = true, .connection_supported = &s2n_check_ecdhe, - .configure_connection = &s2n_kex_configure_noop, .server_key_recv_read_data = &s2n_ecdhe_server_key_recv_read_data, .server_key_recv_parse_data = &s2n_ecdhe_server_key_recv_parse_data, .server_key_send = &s2n_ecdhe_server_key_send, @@ -235,19 +122,6 @@ const struct s2n_kex s2n_ecdhe = { .prf = &s2n_prf_calculate_master_secret, }; -const struct s2n_kex s2n_hybrid_ecdhe_kem = { - .is_ephemeral = true, - .hybrid = { &s2n_ecdhe, &s2n_kem }, - .connection_supported = &s2n_check_hybrid_ecdhe_kem, - .configure_connection = &s2n_configure_kem, - .server_key_recv_read_data = &s2n_hybrid_server_key_recv_read_data, - .server_key_recv_parse_data = &s2n_hybrid_server_key_recv_parse_data, - .server_key_send = &s2n_hybrid_server_key_send, - .client_key_recv = &s2n_hybrid_client_key_recv, - .client_key_send = &s2n_hybrid_client_key_send, - .prf = &s2n_hybrid_prf_master_secret, -}; - /* TLS1.3 key exchange is implemented differently from previous versions and does * not currently require most of the functionality offered by s2n_kex. * This structure primarily acts as a placeholder, so its methods are either @@ -256,7 +130,6 @@ const struct s2n_kex s2n_hybrid_ecdhe_kem = { const struct s2n_kex s2n_tls13_kex = { .is_ephemeral = true, .connection_supported = &s2n_check_tls13, - .configure_connection = &s2n_kex_configure_noop, .server_key_recv_read_data = &s2n_kex_server_key_recv_read_data_unimplemented, .server_key_recv_parse_data = &s2n_kex_server_key_recv_parse_data_unimplemented, .server_key_send = &s2n_kex_io_unimplemented, @@ -278,18 +151,6 @@ S2N_RESULT s2n_kex_supported(const struct s2n_cipher_suite *cipher_suite, struct return S2N_RESULT_OK; } -S2N_RESULT s2n_configure_kex(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn) -{ - RESULT_ENSURE_REF(cipher_suite); - RESULT_ENSURE_REF(cipher_suite->key_exchange_alg); - RESULT_ENSURE_REF(cipher_suite->key_exchange_alg->configure_connection); - RESULT_ENSURE_REF(conn); - - RESULT_GUARD(cipher_suite->key_exchange_alg->configure_connection(cipher_suite, conn)); - - return S2N_RESULT_OK; -} - S2N_RESULT s2n_kex_is_ephemeral(const struct s2n_kex *kex, bool *is_ephemeral) { RESULT_ENSURE_REF(kex); @@ -383,5 +244,5 @@ bool s2n_kex_includes(const struct s2n_kex *kex, const struct s2n_kex *query) return false; } - return query == kex->hybrid[0] || query == kex->hybrid[1]; + return false; } diff --git a/tls/s2n_kex.h b/tls/s2n_kex.h index f229914e2ad..52bae85f4ab 100644 --- a/tls/s2n_kex.h +++ b/tls/s2n_kex.h @@ -23,10 +23,8 @@ struct s2n_kex { bool is_ephemeral; - const struct s2n_kex *hybrid[2]; S2N_RESULT (*connection_supported)(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn, bool *is_supported); - S2N_RESULT (*configure_connection)(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn); int (*server_key_recv_read_data)(struct s2n_connection *conn, struct s2n_blob *data_to_verify, struct s2n_kex_raw_server_data *kex_data); int (*server_key_recv_parse_data)(struct s2n_connection *conn, struct s2n_kex_raw_server_data *kex_data); int (*server_key_send)(struct s2n_connection *conn, struct s2n_blob *data_to_sign); @@ -35,15 +33,12 @@ struct s2n_kex { int (*prf)(struct s2n_connection *conn, struct s2n_blob *premaster_secret); }; -extern const struct s2n_kex s2n_kem; extern const struct s2n_kex s2n_rsa; extern const struct s2n_kex s2n_dhe; extern const struct s2n_kex s2n_ecdhe; -extern const struct s2n_kex s2n_hybrid_ecdhe_kem; extern const struct s2n_kex s2n_tls13_kex; S2N_RESULT s2n_kex_supported(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn, bool *is_supported); -S2N_RESULT s2n_configure_kex(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn); S2N_RESULT s2n_kex_is_ephemeral(const struct s2n_kex *kex, bool *is_ephemeral); S2N_RESULT s2n_kex_server_key_recv_read_data(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_blob *data_to_verify, diff --git a/tls/s2n_security_policies.c b/tls/s2n_security_policies.c index 54bfc431762..a7e251501d3 100644 --- a/tls/s2n_security_policies.c +++ b/tls/s2n_security_policies.c @@ -588,136 +588,45 @@ const struct s2n_security_policy security_policy_kms_tls_1_2_2023_06 = { }, }; -const struct s2n_security_policy security_policy_kms_pq_tls_1_0_2019_06 = { - .minimum_protocol_version = S2N_TLS10, - .cipher_preferences = &cipher_preferences_kms_pq_tls_1_0_2019_06, - .kem_preferences = &kem_preferences_null, - .signature_preferences = &s2n_signature_preferences_20140601, - .ecc_preferences = &s2n_ecc_preferences_20140601, - .rules = { - [S2N_PERFECT_FORWARD_SECRECY] = true, - }, -}; - -const struct s2n_security_policy security_policy_kms_pq_tls_1_0_2020_02 = { - .minimum_protocol_version = S2N_TLS10, - .cipher_preferences = &cipher_preferences_kms_pq_tls_1_0_2020_02, - .kem_preferences = &kem_preferences_null, - .signature_preferences = &s2n_signature_preferences_20140601, - .ecc_preferences = &s2n_ecc_preferences_20140601, - .rules = { - [S2N_PERFECT_FORWARD_SECRECY] = true, - }, -}; - -const struct s2n_security_policy security_policy_pq_sike_test_tls_1_0_2019_11 = { - .minimum_protocol_version = S2N_TLS10, - .cipher_preferences = &cipher_preferences_pq_sike_test_tls_1_0_2019_11, - .kem_preferences = &kem_preferences_null, - .signature_preferences = &s2n_signature_preferences_20140601, - .ecc_preferences = &s2n_ecc_preferences_20140601, - .rules = { - [S2N_PERFECT_FORWARD_SECRECY] = true, - }, -}; - -const struct s2n_security_policy security_policy_pq_sike_test_tls_1_0_2020_02 = { - .minimum_protocol_version = S2N_TLS10, - .cipher_preferences = &cipher_preferences_pq_sike_test_tls_1_0_2020_02, - .kem_preferences = &kem_preferences_null, - .signature_preferences = &s2n_signature_preferences_20140601, - .ecc_preferences = &s2n_ecc_preferences_20140601, - .rules = { - [S2N_PERFECT_FORWARD_SECRECY] = true, - }, -}; - -const struct s2n_security_policy security_policy_kms_pq_tls_1_0_2020_07 = { - .minimum_protocol_version = S2N_TLS10, - .cipher_preferences = &cipher_preferences_kms_pq_tls_1_0_2020_07, - .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, - .signature_preferences = &s2n_signature_preferences_20140601, - .ecc_preferences = &s2n_ecc_preferences_20140601, - .rules = { - [S2N_PERFECT_FORWARD_SECRECY] = true, - }, -}; - -const struct s2n_security_policy security_policy_pq_tls_1_0_2020_12 = { - .minimum_protocol_version = S2N_TLS10, - .cipher_preferences = &cipher_preferences_pq_tls_1_0_2020_12, - .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, - .signature_preferences = &s2n_signature_preferences_20200207, - .ecc_preferences = &s2n_ecc_preferences_20200310, - .rules = { - [S2N_PERFECT_FORWARD_SECRECY] = true, - }, -}; - -const struct s2n_security_policy security_policy_pq_tls_1_1_2021_05_17 = { - .minimum_protocol_version = S2N_TLS11, - .cipher_preferences = &cipher_preferences_pq_tls_1_1_2021_05_17, - .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, - .signature_preferences = &s2n_signature_preferences_20140601, - .ecc_preferences = &s2n_ecc_preferences_20200310, -}; -const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_18 = { - .minimum_protocol_version = S2N_TLS10, - .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_18, - .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, - .signature_preferences = &s2n_signature_preferences_20140601, - .ecc_preferences = &s2n_ecc_preferences_20200310, -}; - -const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_19 = { - .minimum_protocol_version = S2N_TLS10, - .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_19, - .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, - .signature_preferences = &s2n_signature_preferences_20140601, - .ecc_preferences = &s2n_ecc_preferences_20200310, -}; - -const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_20 = { - .minimum_protocol_version = S2N_TLS10, - /* Yes, this is the same cipher_preferences as kms_pq_tls_1_0_2020_07. The difference between these policies is - * the ecc_preferences, with this one adding support for x25519. */ - .cipher_preferences = &cipher_preferences_kms_pq_tls_1_0_2020_07, - .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, - .signature_preferences = &s2n_signature_preferences_20140601, - .ecc_preferences = &s2n_ecc_preferences_20200310, - .rules = { - [S2N_PERFECT_FORWARD_SECRECY] = true, - }, -}; - -const struct s2n_security_policy security_policy_pq_tls_1_1_2021_05_21 = { - .minimum_protocol_version = S2N_TLS11, - .cipher_preferences = &cipher_preferences_pq_tls_1_1_2021_05_21, - .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, - .signature_preferences = &s2n_signature_preferences_20200207, - .ecc_preferences = &s2n_ecc_preferences_20200310, -}; - -const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_22 = { - .minimum_protocol_version = S2N_TLS10, - .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_22, - .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, - .signature_preferences = &s2n_signature_preferences_20200207, - .ecc_preferences = &s2n_ecc_preferences_20200310, -}; - -const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_23 = { - .minimum_protocol_version = S2N_TLS10, - .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_23, - .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, - .signature_preferences = &s2n_signature_preferences_20200207, - .ecc_preferences = &s2n_ecc_preferences_20200310, -}; +//const struct s2n_security_policy security_policy_pq_tls_1_0_2020_12 = { +// .minimum_protocol_version = S2N_TLS10, +// .cipher_preferences = &cipher_preferences_pq_tls_1_0_2020_12, +// .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, +// .signature_preferences = &s2n_signature_preferences_20200207, +// .ecc_preferences = &s2n_ecc_preferences_20200310, +// .rules = { +// [S2N_PERFECT_FORWARD_SECRECY] = true, +// }, +//}; + +//const struct s2n_security_policy security_policy_pq_tls_1_1_2021_05_21 = { +// .minimum_protocol_version = S2N_TLS11, +// .cipher_preferences = &elb_security_policy_tls13_1_2_Ext2_2021_06, +// .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, +// .signature_preferences = &s2n_signature_preferences_20200207, +// .ecc_preferences = &s2n_ecc_preferences_20200310, +//}; +// +//const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_22 = { +// .minimum_protocol_version = S2N_TLS10, +// .cipher_preferences = &cipher_preferences_20210825, +// .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, +// .signature_preferences = &s2n_signature_preferences_20200207, +// .ecc_preferences = &s2n_ecc_preferences_20200310, +//}; +// +//const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_23 = { +// .minimum_protocol_version = S2N_TLS10, +// .cipher_preferences = &elb_security_policy_tls13_1_2_Ext2_2021_06, +// .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, +// .signature_preferences = &s2n_signature_preferences_20200207, +// .ecc_preferences = &s2n_ecc_preferences_20200310, +//}; const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_24 = { .minimum_protocol_version = S2N_TLS10, - .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_24, + .cipher_preferences = &cipher_preferences_pq_tls_1_0_2020_12, .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, .signature_preferences = &s2n_signature_preferences_20200207, .ecc_preferences = &s2n_ecc_preferences_20200310, @@ -725,18 +634,19 @@ const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_24 = { [S2N_PERFECT_FORWARD_SECRECY] = true, }, }; +// +//const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_25 = { +// .minimum_protocol_version = S2N_TLS10, +// .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_25, +// .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, +// .signature_preferences = &s2n_signature_preferences_20140601, +// .ecc_preferences = &s2n_ecc_preferences_20200310, +//}; -const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_25 = { - .minimum_protocol_version = S2N_TLS10, - .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_25, - .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, - .signature_preferences = &s2n_signature_preferences_20140601, - .ecc_preferences = &s2n_ecc_preferences_20200310, -}; - +/* Used by AWS CRT SDK */ const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_26 = { .minimum_protocol_version = S2N_TLS10, - .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_26, + .cipher_preferences = &cipher_preferences_20210825_gcm, .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, .signature_preferences = &s2n_signature_preferences_20200207, .ecc_preferences = &s2n_ecc_preferences_20200310, @@ -744,7 +654,7 @@ const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_26 = { const struct s2n_security_policy security_policy_pq_tls_1_0_2023_01_24 = { .minimum_protocol_version = S2N_TLS10, - .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_24, + .cipher_preferences = &cipher_preferences_pq_tls_1_0_2020_12, .kem_preferences = &kem_preferences_pq_tls_1_0_2023_01, .signature_preferences = &s2n_signature_preferences_20200207, .ecc_preferences = &s2n_ecc_preferences_20200310, @@ -756,7 +666,7 @@ const struct s2n_security_policy security_policy_pq_tls_1_0_2023_01_24 = { /* Same as security_policy_pq_tls_1_1_2021_05_21, but with TLS 1.2 as minimum */ const struct s2n_security_policy security_policy_pq_tls_1_2_2023_04_07 = { .minimum_protocol_version = S2N_TLS12, - .cipher_preferences = &cipher_preferences_pq_tls_1_1_2021_05_21, + .cipher_preferences = &elb_security_policy_tls13_1_2_Ext2_2021_06, .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, .signature_preferences = &s2n_signature_preferences_20200207, .ecc_preferences = &s2n_ecc_preferences_20200310, @@ -765,7 +675,7 @@ const struct s2n_security_policy security_policy_pq_tls_1_2_2023_04_07 = { /* Same as security_policy_pq_tls_1_0_2021_05_22, but with TLS 1.2 as minimum */ const struct s2n_security_policy security_policy_pq_tls_1_2_2023_04_08 = { .minimum_protocol_version = S2N_TLS12, - .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_22, + .cipher_preferences = &cipher_preferences_20210825, .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, .signature_preferences = &s2n_signature_preferences_20200207, .ecc_preferences = &s2n_ecc_preferences_20200310, @@ -774,7 +684,7 @@ const struct s2n_security_policy security_policy_pq_tls_1_2_2023_04_08 = { /* Same as security_policy_pq_tls_1_0_2021_05_24, but with TLS 1.2 as minimum */ const struct s2n_security_policy security_policy_pq_tls_1_2_2023_04_09 = { .minimum_protocol_version = S2N_TLS12, - .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_24, + .cipher_preferences = &cipher_preferences_pq_tls_1_0_2020_12, .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, .signature_preferences = &s2n_signature_preferences_20200207, .ecc_preferences = &s2n_ecc_preferences_20200310, @@ -786,7 +696,7 @@ const struct s2n_security_policy security_policy_pq_tls_1_2_2023_04_09 = { /* Same as security_policy_pq_tls_1_0_2021_05_26, but with TLS 1.2 as minimum */ const struct s2n_security_policy security_policy_pq_tls_1_2_2023_04_10 = { .minimum_protocol_version = S2N_TLS12, - .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_26, + .cipher_preferences = &cipher_preferences_20210825_gcm, .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, .signature_preferences = &s2n_signature_preferences_20200207, .ecc_preferences = &s2n_ecc_preferences_20200310, @@ -803,7 +713,7 @@ const struct s2n_security_policy security_policy_pq_tls_1_3_2023_06_01 = { /* Same as security_policy_pq_tls_1_2_2023_04_07, but with updated KEM prefs */ const struct s2n_security_policy security_policy_pq_tls_1_2_2023_10_07 = { .minimum_protocol_version = S2N_TLS12, - .cipher_preferences = &cipher_preferences_pq_tls_1_1_2021_05_21, + .cipher_preferences = &elb_security_policy_tls13_1_2_Ext2_2021_06, .kem_preferences = &kem_preferences_pq_tls_1_3_2023_06, .signature_preferences = &s2n_signature_preferences_20200207, .ecc_preferences = &s2n_ecc_preferences_20200310, @@ -812,7 +722,7 @@ const struct s2n_security_policy security_policy_pq_tls_1_2_2023_10_07 = { /* Same as security_policy_pq_tls_1_2_2023_04_08, but with updated KEM prefs */ const struct s2n_security_policy security_policy_pq_tls_1_2_2023_10_08 = { .minimum_protocol_version = S2N_TLS12, - .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_22, + .cipher_preferences = &cipher_preferences_20210825, .kem_preferences = &kem_preferences_pq_tls_1_3_2023_06, .signature_preferences = &s2n_signature_preferences_20200207, .ecc_preferences = &s2n_ecc_preferences_20200310, @@ -821,7 +731,7 @@ const struct s2n_security_policy security_policy_pq_tls_1_2_2023_10_08 = { /* Same as security_policy_pq_tls_1_2_2023_04_09, but with updated KEM prefs */ const struct s2n_security_policy security_policy_pq_tls_1_2_2023_10_09 = { .minimum_protocol_version = S2N_TLS12, - .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_24, + .cipher_preferences = &cipher_preferences_pq_tls_1_0_2020_12, .kem_preferences = &kem_preferences_pq_tls_1_3_2023_06, .signature_preferences = &s2n_signature_preferences_20200207, .ecc_preferences = &s2n_ecc_preferences_20200310, @@ -833,7 +743,7 @@ const struct s2n_security_policy security_policy_pq_tls_1_2_2023_10_09 = { /* Same as security_policy_pq_tls_1_2_2023_04_10, but with updated KEM prefs */ const struct s2n_security_policy security_policy_pq_tls_1_2_2023_10_10 = { .minimum_protocol_version = S2N_TLS12, - .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_26, + .cipher_preferences = &cipher_preferences_20210825_gcm, .kem_preferences = &kem_preferences_pq_tls_1_3_2023_06, .signature_preferences = &s2n_signature_preferences_20200207, .ecc_preferences = &s2n_ecc_preferences_20200310, @@ -1164,7 +1074,7 @@ const struct s2n_security_policy security_policy_test_all = { const struct s2n_security_policy security_policy_test_all_tls12 = { .minimum_protocol_version = S2N_SSLv3, .cipher_preferences = &cipher_preferences_test_all_tls12, - .kem_preferences = &kem_preferences_pq_tls_1_0_2021_05, + .kem_preferences = &kem_preferences_null, .signature_preferences = &s2n_signature_preferences_20201021, .ecc_preferences = &s2n_ecc_preferences_20201021, }; @@ -1227,145 +1137,152 @@ const struct s2n_security_policy security_policy_null = { }; struct s2n_security_policy_selection security_policy_selection[] = { - { .version = "default", .security_policy = &security_policy_20240501, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "default_tls13", .security_policy = &security_policy_20240503, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "default_fips", .security_policy = &security_policy_20240502, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "default_pq", .security_policy = &security_policy_20241001, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20241106", .security_policy = &security_policy_20241106, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20240501", .security_policy = &security_policy_20240501, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20240502", .security_policy = &security_policy_20240502, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20240503", .security_policy = &security_policy_20240503, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20230317", .security_policy = &security_policy_20230317, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20240331", .security_policy = &security_policy_20240331, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20240417", .security_policy = &security_policy_20240417, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20240416", .security_policy = &security_policy_20240416, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20240730", .security_policy = &security_policy_20240730, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20241001", .security_policy = &security_policy_20241001, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20241001_pq_mixed", .security_policy = &security_policy_20241001_pq_mixed, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "ELBSecurityPolicy-TLS-1-0-2015-04", .security_policy = &security_policy_elb_2015_04, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "default", .security_policy = &security_policy_20240501, .ecc_extension_required = 0 }, + { .version = "default_tls13", .security_policy = &security_policy_20240503, .ecc_extension_required = 0 }, + { .version = "default_fips", .security_policy = &security_policy_20240502, .ecc_extension_required = 0 }, + { .version = "default_pq", .security_policy = &security_policy_20241001, .ecc_extension_required = 0 }, + { .version = "20241106", .security_policy = &security_policy_20241106, .ecc_extension_required = 0 }, + { .version = "20240501", .security_policy = &security_policy_20240501, .ecc_extension_required = 0 }, + { .version = "20240502", .security_policy = &security_policy_20240502, .ecc_extension_required = 0 }, + { .version = "20240503", .security_policy = &security_policy_20240503, .ecc_extension_required = 0 }, + { .version = "20230317", .security_policy = &security_policy_20230317, .ecc_extension_required = 0 }, + { .version = "20240331", .security_policy = &security_policy_20240331, .ecc_extension_required = 0 }, + { .version = "20240417", .security_policy = &security_policy_20240417, .ecc_extension_required = 0 }, + { .version = "20240416", .security_policy = &security_policy_20240416, .ecc_extension_required = 0 }, + { .version = "20240730", .security_policy = &security_policy_20240730, .ecc_extension_required = 0 }, + { .version = "20241001", .security_policy = &security_policy_20241001, .ecc_extension_required = 0 }, + { .version = "20241001_pq_mixed", .security_policy = &security_policy_20241001_pq_mixed, .ecc_extension_required = 0 }, + { .version = "ELBSecurityPolicy-TLS-1-0-2015-04", .security_policy = &security_policy_elb_2015_04, .ecc_extension_required = 0 }, /* Not a mistake. TLS-1-0-2015-05 and 2016-08 are equivalent */ - { .version = "ELBSecurityPolicy-TLS-1-0-2015-05", .security_policy = &security_policy_elb_2016_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "ELBSecurityPolicy-2016-08", .security_policy = &security_policy_elb_2016_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "ELBSecurityPolicy-TLS-1-1-2017-01", .security_policy = &security_policy_elb_tls_1_1_2017_01, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "ELBSecurityPolicy-TLS-1-2-2017-01", .security_policy = &security_policy_elb_tls_1_2_2017_01, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "ELBSecurityPolicy-TLS-1-2-Ext-2018-06", .security_policy = &security_policy_elb_tls_1_2_ext_2018_06, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "ELBSecurityPolicy-FS-2018-06", .security_policy = &security_policy_elb_fs_2018_06, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "ELBSecurityPolicy-FS-1-2-2019-08", .security_policy = &security_policy_elb_fs_1_2_2019_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "ELBSecurityPolicy-FS-1-1-2019-08", .security_policy = &security_policy_elb_fs_1_1_2019_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "ELBSecurityPolicy-FS-1-2-Res-2019-08", .security_policy = &security_policy_elb_fs_1_2_Res_2019_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "CloudFront-Upstream", .security_policy = &security_policy_cloudfront_upstream, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "CloudFront-Upstream-TLS-1-0", .security_policy = &security_policy_cloudfront_upstream_tls10, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "CloudFront-Upstream-TLS-1-1", .security_policy = &security_policy_cloudfront_upstream_tls11, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "CloudFront-Upstream-TLS-1-2", .security_policy = &security_policy_cloudfront_upstream_tls12, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "ELBSecurityPolicy-TLS-1-0-2015-05", .security_policy = &security_policy_elb_2016_08, .ecc_extension_required = 0 }, + { .version = "ELBSecurityPolicy-2016-08", .security_policy = &security_policy_elb_2016_08, .ecc_extension_required = 0 }, + { .version = "ELBSecurityPolicy-TLS-1-1-2017-01", .security_policy = &security_policy_elb_tls_1_1_2017_01, .ecc_extension_required = 0 }, + { .version = "ELBSecurityPolicy-TLS-1-2-2017-01", .security_policy = &security_policy_elb_tls_1_2_2017_01, .ecc_extension_required = 0 }, + { .version = "ELBSecurityPolicy-TLS-1-2-Ext-2018-06", .security_policy = &security_policy_elb_tls_1_2_ext_2018_06, .ecc_extension_required = 0 }, + { .version = "ELBSecurityPolicy-FS-2018-06", .security_policy = &security_policy_elb_fs_2018_06, .ecc_extension_required = 0 }, + { .version = "ELBSecurityPolicy-FS-1-2-2019-08", .security_policy = &security_policy_elb_fs_1_2_2019_08, .ecc_extension_required = 0 }, + { .version = "ELBSecurityPolicy-FS-1-1-2019-08", .security_policy = &security_policy_elb_fs_1_1_2019_08, .ecc_extension_required = 0 }, + { .version = "ELBSecurityPolicy-FS-1-2-Res-2019-08", .security_policy = &security_policy_elb_fs_1_2_Res_2019_08, .ecc_extension_required = 0 }, + { .version = "CloudFront-Upstream", .security_policy = &security_policy_cloudfront_upstream, .ecc_extension_required = 0 }, + { .version = "CloudFront-Upstream-TLS-1-0", .security_policy = &security_policy_cloudfront_upstream_tls10, .ecc_extension_required = 0 }, + { .version = "CloudFront-Upstream-TLS-1-1", .security_policy = &security_policy_cloudfront_upstream_tls11, .ecc_extension_required = 0 }, + { .version = "CloudFront-Upstream-TLS-1-2", .security_policy = &security_policy_cloudfront_upstream_tls12, .ecc_extension_required = 0 }, /* CloudFront Viewer Facing */ - { .version = "CloudFront-SSL-v-3", .security_policy = &security_policy_cloudfront_ssl_v_3, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "CloudFront-TLS-1-0-2014", .security_policy = &security_policy_cloudfront_tls_1_0_2014, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "CloudFront-TLS-1-0-2016", .security_policy = &security_policy_cloudfront_tls_1_0_2016, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "CloudFront-TLS-1-1-2016", .security_policy = &security_policy_cloudfront_tls_1_1_2016, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "CloudFront-TLS-1-2-2017", .security_policy = &security_policy_cloudfront_tls_1_2_2017, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "CloudFront-TLS-1-2-2018", .security_policy = &security_policy_cloudfront_tls_1_2_2018, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "CloudFront-TLS-1-2-2019", .security_policy = &security_policy_cloudfront_tls_1_2_2019, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "CloudFront-TLS-1-2-2021", .security_policy = &security_policy_cloudfront_tls_1_2_2021, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "CloudFront-TLS-1-2-2021-Chacha20-Boosted", .security_policy = &security_policy_cloudfront_tls_1_2_2021_chacha20_boosted, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-SSL-v-3", .security_policy = &security_policy_cloudfront_ssl_v_3, .ecc_extension_required = 0 }, + { .version = "CloudFront-TLS-1-0-2014", .security_policy = &security_policy_cloudfront_tls_1_0_2014, .ecc_extension_required = 0 }, + { .version = "CloudFront-TLS-1-0-2016", .security_policy = &security_policy_cloudfront_tls_1_0_2016, .ecc_extension_required = 0 }, + { .version = "CloudFront-TLS-1-1-2016", .security_policy = &security_policy_cloudfront_tls_1_1_2016, .ecc_extension_required = 0 }, + { .version = "CloudFront-TLS-1-2-2017", .security_policy = &security_policy_cloudfront_tls_1_2_2017, .ecc_extension_required = 0 }, + { .version = "CloudFront-TLS-1-2-2018", .security_policy = &security_policy_cloudfront_tls_1_2_2018, .ecc_extension_required = 0 }, + { .version = "CloudFront-TLS-1-2-2019", .security_policy = &security_policy_cloudfront_tls_1_2_2019, .ecc_extension_required = 0 }, + { .version = "CloudFront-TLS-1-2-2021", .security_policy = &security_policy_cloudfront_tls_1_2_2021, .ecc_extension_required = 0 }, + { .version = "CloudFront-TLS-1-2-2021-Chacha20-Boosted", .security_policy = &security_policy_cloudfront_tls_1_2_2021_chacha20_boosted, .ecc_extension_required = 0 }, /* CloudFront Legacy (TLS 1.2) policies */ - { .version = "CloudFront-SSL-v-3-Legacy", .security_policy = &security_policy_cloudfront_ssl_v_3_legacy, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "CloudFront-TLS-1-0-2014-Legacy", .security_policy = &security_policy_cloudfront_tls_1_0_2014_legacy, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "CloudFront-TLS-1-0-2016-Legacy", .security_policy = &security_policy_cloudfront_tls_1_0_2016_legacy, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "CloudFront-TLS-1-1-2016-Legacy", .security_policy = &security_policy_cloudfront_tls_1_1_2016_legacy, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "CloudFront-TLS-1-2-2018-Legacy", .security_policy = &security_policy_cloudfront_tls_1_2_2018_legacy, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "CloudFront-TLS-1-2-2019-Legacy", .security_policy = &security_policy_cloudfront_tls_1_2_2019_legacy, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-SSL-v-3-Legacy", .security_policy = &security_policy_cloudfront_ssl_v_3_legacy, .ecc_extension_required = 0 }, + { .version = "CloudFront-TLS-1-0-2014-Legacy", .security_policy = &security_policy_cloudfront_tls_1_0_2014_legacy, .ecc_extension_required = 0 }, + { .version = "CloudFront-TLS-1-0-2016-Legacy", .security_policy = &security_policy_cloudfront_tls_1_0_2016_legacy, .ecc_extension_required = 0 }, + { .version = "CloudFront-TLS-1-1-2016-Legacy", .security_policy = &security_policy_cloudfront_tls_1_1_2016_legacy, .ecc_extension_required = 0 }, + { .version = "CloudFront-TLS-1-2-2018-Legacy", .security_policy = &security_policy_cloudfront_tls_1_2_2018_legacy, .ecc_extension_required = 0 }, + { .version = "CloudFront-TLS-1-2-2019-Legacy", .security_policy = &security_policy_cloudfront_tls_1_2_2019_legacy, .ecc_extension_required = 0 }, /* CRT allows users to choose the minimal TLS protocol they want to negotiate with. This translates to 5 different security policies in s2n */ - { .version = "AWS-CRT-SDK-SSLv3.0", .security_policy = &security_policy_aws_crt_sdk_ssl_v3, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "AWS-CRT-SDK-TLSv1.0", .security_policy = &security_policy_aws_crt_sdk_tls_10, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "AWS-CRT-SDK-TLSv1.1", .security_policy = &security_policy_aws_crt_sdk_tls_11, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "AWS-CRT-SDK-TLSv1.2", .security_policy = &security_policy_aws_crt_sdk_tls_12, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "AWS-CRT-SDK-TLSv1.3", .security_policy = &security_policy_aws_crt_sdk_tls_13, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "AWS-CRT-SDK-SSLv3.0-2023", .security_policy = &security_policy_aws_crt_sdk_ssl_v3_06_23, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "AWS-CRT-SDK-TLSv1.0-2023", .security_policy = &security_policy_aws_crt_sdk_tls_10_06_23, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "AWS-CRT-SDK-TLSv1.1-2023", .security_policy = &security_policy_aws_crt_sdk_tls_11_06_23, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "AWS-CRT-SDK-TLSv1.2-2023", .security_policy = &security_policy_aws_crt_sdk_tls_12_06_23, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "AWS-CRT-SDK-TLSv1.2-2023-PQ", .security_policy = &security_policy_aws_crt_sdk_tls_12_06_23_pq, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "AWS-CRT-SDK-TLSv1.3-2023", .security_policy = &security_policy_aws_crt_sdk_tls_13_06_23, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "AWS-CRT-SDK-SSLv3.0", .security_policy = &security_policy_aws_crt_sdk_ssl_v3, .ecc_extension_required = 0 }, + { .version = "AWS-CRT-SDK-TLSv1.0", .security_policy = &security_policy_aws_crt_sdk_tls_10, .ecc_extension_required = 0 }, + { .version = "AWS-CRT-SDK-TLSv1.1", .security_policy = &security_policy_aws_crt_sdk_tls_11, .ecc_extension_required = 0 }, + { .version = "AWS-CRT-SDK-TLSv1.2", .security_policy = &security_policy_aws_crt_sdk_tls_12, .ecc_extension_required = 0 }, + { .version = "AWS-CRT-SDK-TLSv1.3", .security_policy = &security_policy_aws_crt_sdk_tls_13, .ecc_extension_required = 0 }, + { .version = "AWS-CRT-SDK-SSLv3.0-2023", .security_policy = &security_policy_aws_crt_sdk_ssl_v3_06_23, .ecc_extension_required = 0 }, + { .version = "AWS-CRT-SDK-TLSv1.0-2023", .security_policy = &security_policy_aws_crt_sdk_tls_10_06_23, .ecc_extension_required = 0 }, + { .version = "AWS-CRT-SDK-TLSv1.1-2023", .security_policy = &security_policy_aws_crt_sdk_tls_11_06_23, .ecc_extension_required = 0 }, + { .version = "AWS-CRT-SDK-TLSv1.2-2023", .security_policy = &security_policy_aws_crt_sdk_tls_12_06_23, .ecc_extension_required = 0 }, + { .version = "AWS-CRT-SDK-TLSv1.2-2023-PQ", .security_policy = &security_policy_aws_crt_sdk_tls_12_06_23_pq, .ecc_extension_required = 0 }, + { .version = "AWS-CRT-SDK-TLSv1.3-2023", .security_policy = &security_policy_aws_crt_sdk_tls_13_06_23, .ecc_extension_required = 0 }, /* KMS TLS Policies*/ - { .version = "KMS-TLS-1-0-2018-10", .security_policy = &security_policy_kms_tls_1_0_2018_10, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "KMS-TLS-1-0-2021-08", .security_policy = &security_policy_kms_tls_1_0_2021_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "KMS-TLS-1-2-2023-06", .security_policy = &security_policy_kms_tls_1_2_2023_06, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "KMS-FIPS-TLS-1-2-2018-10", .security_policy = &security_policy_kms_fips_tls_1_2_2018_10, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "KMS-FIPS-TLS-1-2-2021-08", .security_policy = &security_policy_kms_fips_tls_1_2_2021_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "KMS-FIPS-TLS-1-2-2024-10", .security_policy = &security_policy_kms_fips_tls_1_2_2024_10, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "KMS-PQ-TLS-1-0-2019-06", .security_policy = &security_policy_kms_pq_tls_1_0_2019_06, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "KMS-PQ-TLS-1-0-2020-02", .security_policy = &security_policy_kms_pq_tls_1_0_2020_02, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "KMS-PQ-TLS-1-0-2020-07", .security_policy = &security_policy_kms_pq_tls_1_0_2020_07, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-SIKE-TEST-TLS-1-0-2019-11", .security_policy = &security_policy_pq_sike_test_tls_1_0_2019_11, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-SIKE-TEST-TLS-1-0-2020-02", .security_policy = &security_policy_pq_sike_test_tls_1_0_2020_02, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-0-2020-12", .security_policy = &security_policy_pq_tls_1_0_2020_12, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-1-2021-05-17", .security_policy = &security_policy_pq_tls_1_1_2021_05_17, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-0-2021-05-18", .security_policy = &security_policy_pq_tls_1_0_2021_05_18, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-0-2021-05-19", .security_policy = &security_policy_pq_tls_1_0_2021_05_19, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-0-2021-05-20", .security_policy = &security_policy_pq_tls_1_0_2021_05_20, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-1-2021-05-21", .security_policy = &security_policy_pq_tls_1_1_2021_05_21, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-0-2021-05-22", .security_policy = &security_policy_pq_tls_1_0_2021_05_22, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-0-2021-05-23", .security_policy = &security_policy_pq_tls_1_0_2021_05_23, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-0-2021-05-24", .security_policy = &security_policy_pq_tls_1_0_2021_05_24, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-0-2021-05-25", .security_policy = &security_policy_pq_tls_1_0_2021_05_25, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-0-2021-05-26", .security_policy = &security_policy_pq_tls_1_0_2021_05_26, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-0-2023-01-24", .security_policy = &security_policy_pq_tls_1_0_2023_01_24, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-2-2023-04-07", .security_policy = &security_policy_pq_tls_1_2_2023_04_07, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-2-2023-04-08", .security_policy = &security_policy_pq_tls_1_2_2023_04_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-2-2023-04-09", .security_policy = &security_policy_pq_tls_1_2_2023_04_09, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-2-2023-04-10", .security_policy = &security_policy_pq_tls_1_2_2023_04_10, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-3-2023-06-01", .security_policy = &security_policy_pq_tls_1_3_2023_06_01, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-2-2023-10-07", .security_policy = &security_policy_pq_tls_1_2_2023_10_07, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-2-2023-10-08", .security_policy = &security_policy_pq_tls_1_2_2023_10_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-2-2023-10-09", .security_policy = &security_policy_pq_tls_1_2_2023_10_09, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-2-2023-10-10", .security_policy = &security_policy_pq_tls_1_2_2023_10_10, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-2-2023-12-13", .security_policy = &security_policy_pq_20231213, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-2-2023-12-14", .security_policy = &security_policy_pq_20231214, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-2-2023-12-15", .security_policy = &security_policy_pq_20231215, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-2-2024-10-07", .security_policy = &security_policy_pq_tls_1_2_2024_10_07, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-2-2024-10-08", .security_policy = &security_policy_pq_tls_1_2_2024_10_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-2-2024-10-08_gcm", .security_policy = &security_policy_pq_tls_1_2_2024_10_08_gcm, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "PQ-TLS-1-2-2024-10-09", .security_policy = &security_policy_pq_tls_1_2_2024_10_09, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20140601", .security_policy = &security_policy_20140601, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20141001", .security_policy = &security_policy_20141001, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20150202", .security_policy = &security_policy_20150202, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20150214", .security_policy = &security_policy_20150214, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20150306", .security_policy = &security_policy_20150306, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20160411", .security_policy = &security_policy_20160411, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20160804", .security_policy = &security_policy_20160804, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20160824", .security_policy = &security_policy_20160824, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20170210", .security_policy = &security_policy_20170210, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20170328", .security_policy = &security_policy_20170328, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20170328_gcm", .security_policy = &security_policy_20170328_gcm, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20190214", .security_policy = &security_policy_20190214, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20190214_gcm", .security_policy = &security_policy_20190214_gcm, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20210825", .security_policy = &security_policy_20210825, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20210825_gcm", .security_policy = &security_policy_20210825_gcm, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20170405", .security_policy = &security_policy_20170405, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20170405_gcm", .security_policy = &security_policy_20170405_gcm, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20170718", .security_policy = &security_policy_20170718, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20170718_gcm", .security_policy = &security_policy_20170718_gcm, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20190120", .security_policy = &security_policy_20190120, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20190121", .security_policy = &security_policy_20190121, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20190122", .security_policy = &security_policy_20190122, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20190801", .security_policy = &security_policy_20190801, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20190802", .security_policy = &security_policy_20190802, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20200207", .security_policy = &security_policy_test_all_tls13, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20201021", .security_policy = &security_policy_20201021, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20210816", .security_policy = &security_policy_20210816, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20210816_GCM", .security_policy = &security_policy_20210816_gcm, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "20240603", .security_policy = &security_policy_20240603, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "rfc9151", .security_policy = &security_policy_rfc9151, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "test_all", .security_policy = &security_policy_test_all, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "test_all_fips", .security_policy = &security_policy_test_all_fips, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "test_all_ecdsa", .security_policy = &security_policy_test_all_ecdsa, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "test_all_rsa_kex", .security_policy = &security_policy_test_all_rsa_kex, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "test_ecdsa_priority", .security_policy = &security_policy_test_ecdsa_priority, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "test_all_tls12", .security_policy = &security_policy_test_all_tls12, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "test_all_tls13", .security_policy = &security_policy_test_all_tls13, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = "null", .security_policy = &security_policy_null, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, - { .version = NULL, .security_policy = NULL, .ecc_extension_required = 0, .pq_kem_extension_required = 0 } -}; + { .version = "KMS-TLS-1-0-2018-10", .security_policy = &security_policy_kms_tls_1_0_2018_10, .ecc_extension_required = 0 }, + { .version = "KMS-TLS-1-0-2021-08", .security_policy = &security_policy_kms_tls_1_0_2021_08, .ecc_extension_required = 0 }, + { .version = "KMS-TLS-1-2-2023-06", .security_policy = &security_policy_kms_tls_1_2_2023_06, .ecc_extension_required = 0 }, + { .version = "KMS-FIPS-TLS-1-2-2018-10", .security_policy = &security_policy_kms_fips_tls_1_2_2018_10, .ecc_extension_required = 0 }, + { .version = "KMS-FIPS-TLS-1-2-2021-08", .security_policy = &security_policy_kms_fips_tls_1_2_2021_08, .ecc_extension_required = 0 }, + { .version = "KMS-FIPS-TLS-1-2-2024-10", .security_policy = &security_policy_kms_fips_tls_1_2_2024_10, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-0-2021-05-24", .security_policy = &security_policy_pq_tls_1_0_2021_05_24, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-0-2021-05-26", .security_policy = &security_policy_pq_tls_1_0_2021_05_26, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-0-2023-01-24", .security_policy = &security_policy_pq_tls_1_0_2023_01_24, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2023-04-07", .security_policy = &security_policy_pq_tls_1_2_2023_04_07, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2023-04-08", .security_policy = &security_policy_pq_tls_1_2_2023_04_08, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2023-04-09", .security_policy = &security_policy_pq_tls_1_2_2023_04_09, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2023-04-10", .security_policy = &security_policy_pq_tls_1_2_2023_04_10, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-3-2023-06-01", .security_policy = &security_policy_pq_tls_1_3_2023_06_01, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2023-10-07", .security_policy = &security_policy_pq_tls_1_2_2023_10_07, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2023-10-08", .security_policy = &security_policy_pq_tls_1_2_2023_10_08, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2023-10-09", .security_policy = &security_policy_pq_tls_1_2_2023_10_09, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2023-10-10", .security_policy = &security_policy_pq_tls_1_2_2023_10_10, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2023-12-13", .security_policy = &security_policy_pq_20231213, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2023-12-14", .security_policy = &security_policy_pq_20231214, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2023-12-15", .security_policy = &security_policy_pq_20231215, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2024-10-07", .security_policy = &security_policy_pq_tls_1_2_2024_10_07, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2024-10-08", .security_policy = &security_policy_pq_tls_1_2_2024_10_08, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2024-10-08_gcm", .security_policy = &security_policy_pq_tls_1_2_2024_10_08_gcm, .ecc_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2024-10-09", .security_policy = &security_policy_pq_tls_1_2_2024_10_09, .ecc_extension_required = 0 }, + { .version = "20140601", .security_policy = &security_policy_20140601, .ecc_extension_required = 0 }, + { .version = "20141001", .security_policy = &security_policy_20141001, .ecc_extension_required = 0 }, + { .version = "20150202", .security_policy = &security_policy_20150202, .ecc_extension_required = 0 }, + { .version = "20150214", .security_policy = &security_policy_20150214, .ecc_extension_required = 0 }, + { .version = "20150306", .security_policy = &security_policy_20150306, .ecc_extension_required = 0 }, + { .version = "20160411", .security_policy = &security_policy_20160411, .ecc_extension_required = 0 }, + { .version = "20160804", .security_policy = &security_policy_20160804, .ecc_extension_required = 0 }, + { .version = "20160824", .security_policy = &security_policy_20160824, .ecc_extension_required = 0 }, + { .version = "20170210", .security_policy = &security_policy_20170210, .ecc_extension_required = 0 }, + { .version = "20170328", .security_policy = &security_policy_20170328, .ecc_extension_required = 0 }, + { .version = "20170328_gcm", .security_policy = &security_policy_20170328_gcm, .ecc_extension_required = 0 }, + { .version = "20190214", .security_policy = &security_policy_20190214, .ecc_extension_required = 0 }, + { .version = "20190214_gcm", .security_policy = &security_policy_20190214_gcm, .ecc_extension_required = 0 }, + { .version = "20210825", .security_policy = &security_policy_20210825, .ecc_extension_required = 0 }, + { .version = "20210825_gcm", .security_policy = &security_policy_20210825_gcm, .ecc_extension_required = 0 }, + { .version = "20170405", .security_policy = &security_policy_20170405, .ecc_extension_required = 0 }, + { .version = "20170405_gcm", .security_policy = &security_policy_20170405_gcm, .ecc_extension_required = 0 }, + { .version = "20170718", .security_policy = &security_policy_20170718, .ecc_extension_required = 0 }, + { .version = "20170718_gcm", .security_policy = &security_policy_20170718_gcm, .ecc_extension_required = 0 }, + { .version = "20190120", .security_policy = &security_policy_20190120, .ecc_extension_required = 0 }, + { .version = "20190121", .security_policy = &security_policy_20190121, .ecc_extension_required = 0 }, + { .version = "20190122", .security_policy = &security_policy_20190122, .ecc_extension_required = 0 }, + { .version = "20190801", .security_policy = &security_policy_20190801, .ecc_extension_required = 0 }, + { .version = "20190802", .security_policy = &security_policy_20190802, .ecc_extension_required = 0 }, + { .version = "20200207", .security_policy = &security_policy_test_all_tls13, .ecc_extension_required = 0 }, + { .version = "20201021", .security_policy = &security_policy_20201021, .ecc_extension_required = 0 }, + { .version = "20210816", .security_policy = &security_policy_20210816, .ecc_extension_required = 0 }, + { .version = "20210816_GCM", .security_policy = &security_policy_20210816_gcm, .ecc_extension_required = 0 }, + { .version = "20240603", .security_policy = &security_policy_20240603, .ecc_extension_required = 0 }, + { .version = "rfc9151", .security_policy = &security_policy_rfc9151, .ecc_extension_required = 0 }, + { .version = "test_all", .security_policy = &security_policy_test_all, .ecc_extension_required = 0 }, + { .version = "test_all_fips", .security_policy = &security_policy_test_all_fips, .ecc_extension_required = 0 }, + { .version = "test_all_ecdsa", .security_policy = &security_policy_test_all_ecdsa, .ecc_extension_required = 0 }, + { .version = "test_all_rsa_kex", .security_policy = &security_policy_test_all_rsa_kex, .ecc_extension_required = 0 }, + { .version = "test_ecdsa_priority", .security_policy = &security_policy_test_ecdsa_priority, .ecc_extension_required = 0 }, + { .version = "test_all_tls12", .security_policy = &security_policy_test_all_tls12, .ecc_extension_required = 0 }, + { .version = "test_all_tls13", .security_policy = &security_policy_test_all_tls13, .ecc_extension_required = 0 }, + { .version = "null", .security_policy = &security_policy_null, .ecc_extension_required = 0 }, + { .version = NULL, .security_policy = NULL, .ecc_extension_required = 0 } +}; + +// TODO: Unit test that ensures no deprecated policies are supported. +// TODO: Unit test that ensures every PQ enabled policy supports TLS 1.3 +const char* deprecated_security_policies[] = { + "KMS-PQ-TLS-1-0-2019-06", + "KMS-PQ-TLS-1-0-2020-02", + "KMS-PQ-TLS-1-0-2020-07", + "PQ-SIKE-TEST-TLS-1-0-2019-11", + "PQ-SIKE-TEST-TLS-1-0-2020-02", + "PQ-TLS-1-0-2020-12", + "PQ-TLS-1-1-2021-05-17", + "PQ-TLS-1-0-2021-05-18", + "PQ-TLS-1-0-2021-05-19", + "PQ-TLS-1-0-2021-05-20", + "PQ-TLS-1-1-2021-05-21", + "PQ-TLS-1-0-2021-05-22", + "PQ-TLS-1-0-2021-05-23", + "PQ-TLS-1-0-2021-05-25" +}; + +const size_t deprecrated_security_policies_len = s2n_array_len(deprecated_security_policies); int s2n_find_security_policy_from_version(const char *version, const struct s2n_security_policy **security_policy) { @@ -1379,6 +1296,12 @@ int s2n_find_security_policy_from_version(const char *version, const struct s2n_ } } + for (size_t i = 0; i < deprecrated_security_policies_len; i++) { + if (!strcasecmp(version, deprecated_security_policies[i])) { + POSIX_BAIL(S2N_ERR_DEPRECATED_SECURITY_POLICY); + } + } + POSIX_BAIL(S2N_ERR_INVALID_SECURITY_POLICY); } @@ -1463,13 +1386,9 @@ int s2n_security_policies_init() if (s2n_cipher_suite_requires_ecc_extension(cipher)) { security_policy_selection[i].ecc_extension_required = 1; } - - if (s2n_cipher_suite_requires_pq_extension(cipher) && kem_preference->kem_count > 0) { - security_policy_selection[i].pq_kem_extension_required = 1; - } } - POSIX_GUARD(s2n_validate_kem_preferences(kem_preference, security_policy_selection[i].pq_kem_extension_required)); + POSIX_GUARD(s2n_validate_kem_preferences(kem_preference)); /* Validate that security rules are correctly applied. * This should be checked by a unit test, but outside of unit tests we @@ -1510,36 +1429,6 @@ bool s2n_ecc_is_extension_required(const struct s2n_security_policy *security_po return false; } -bool s2n_pq_kem_is_extension_required(const struct s2n_security_policy *security_policy) -{ - if (security_policy == NULL) { - return false; - } - - for (int i = 0; security_policy_selection[i].version != NULL; i++) { - if (security_policy_selection[i].security_policy == security_policy) { - return 1 == security_policy_selection[i].pq_kem_extension_required; - } - } - - /* Preferences with no KEMs for the TLS 1.2 PQ KEM extension do not require that extension. */ - if (security_policy->kem_preferences && security_policy->kem_preferences->kem_count == 0) { - return false; - } - - /* If cipher preference is not in the official list, compute the result */ - const struct s2n_cipher_preferences *cipher_preferences = security_policy->cipher_preferences; - if (cipher_preferences == NULL) { - return false; - } - for (uint8_t i = 0; i < cipher_preferences->count; i++) { - if (s2n_cipher_suite_requires_pq_extension(cipher_preferences->suites[i])) { - return true; - } - } - return false; -} - /* Checks whether cipher preference supports TLS 1.3 based on whether it is configured * with TLS 1.3 ciphers. Returns true or false. */ @@ -1597,26 +1486,15 @@ int s2n_connection_is_valid_for_cipher_preferences(struct s2n_connection *conn, return 0; } -int s2n_validate_kem_preferences(const struct s2n_kem_preferences *kem_preferences, bool pq_kem_extension_required) +int s2n_validate_kem_preferences(const struct s2n_kem_preferences *kem_preferences) { POSIX_ENSURE_REF(kem_preferences); /* Basic sanity checks to assert that the count is 0 if and only if the associated list is NULL */ POSIX_ENSURE(S2N_IFF(kem_preferences->tls13_kem_group_count == 0, kem_preferences->tls13_kem_groups == NULL), S2N_ERR_INVALID_SECURITY_POLICY); - POSIX_ENSURE(S2N_IFF(kem_preferences->kem_count == 0, kem_preferences->kems == NULL), - S2N_ERR_INVALID_SECURITY_POLICY); POSIX_ENSURE(kem_preferences->tls13_kem_group_count <= S2N_KEM_GROUPS_COUNT, S2N_ERR_ARRAY_INDEX_OOB); - /* The PQ KEM extension is applicable only to TLS 1.2 */ - if (pq_kem_extension_required) { - POSIX_ENSURE(kem_preferences->kem_count > 0, S2N_ERR_INVALID_SECURITY_POLICY); - POSIX_ENSURE(kem_preferences->kems != NULL, S2N_ERR_INVALID_SECURITY_POLICY); - } else { - POSIX_ENSURE(kem_preferences->kem_count == 0, S2N_ERR_INVALID_SECURITY_POLICY); - POSIX_ENSURE(kem_preferences->kems == NULL, S2N_ERR_INVALID_SECURITY_POLICY); - } - return S2N_SUCCESS; } diff --git a/tls/s2n_security_policies.h b/tls/s2n_security_policies.h index 8387831449e..ad27f48e992 100644 --- a/tls/s2n_security_policies.h +++ b/tls/s2n_security_policies.h @@ -88,11 +88,12 @@ struct s2n_security_policy_selection { const char *version; const struct s2n_security_policy *security_policy; unsigned ecc_extension_required : 1; - unsigned pq_kem_extension_required : 1; unsigned supports_tls13 : 1; }; extern struct s2n_security_policy_selection security_policy_selection[]; +extern const char* deprecated_security_policies[]; +extern const size_t deprecrated_security_policies_len; /* Defaults as of 05/24 */ extern const struct s2n_security_policy security_policy_20240501; @@ -157,22 +158,22 @@ extern const struct s2n_security_policy security_policy_aws_crt_sdk_tls_12_06_23 extern const struct s2n_security_policy security_policy_aws_crt_sdk_tls_12_06_23_pq; extern const struct s2n_security_policy security_policy_aws_crt_sdk_tls_13; -extern const struct s2n_security_policy security_policy_kms_pq_tls_1_0_2019_06; -extern const struct s2n_security_policy security_policy_kms_pq_tls_1_0_2020_02; -extern const struct s2n_security_policy security_policy_kms_pq_tls_1_0_2020_07; -extern const struct s2n_security_policy security_policy_pq_sike_test_tls_1_0_2019_11; -extern const struct s2n_security_policy security_policy_pq_sike_test_tls_1_0_2020_02; -extern const struct s2n_security_policy security_policy_pq_tls_1_0_2020_12; -extern const struct s2n_security_policy security_policy_pq_tls_1_1_2021_05_17; -extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_18; -extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_19; -extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_20; -extern const struct s2n_security_policy security_policy_pq_tls_1_1_2021_05_21; -extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_22; -extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_23; +//extern const struct s2n_security_policy security_policy_kms_pq_tls_1_0_2019_06; +//extern const struct s2n_security_policy security_policy_kms_pq_tls_1_0_2020_02; +//extern const struct s2n_security_policy security_policy_kms_pq_tls_1_0_2020_07; +//extern const struct s2n_security_policy security_policy_pq_sike_test_tls_1_0_2019_11; +//extern const struct s2n_security_policy security_policy_pq_sike_test_tls_1_0_2020_02; +//extern const struct s2n_security_policy security_policy_pq_tls_1_0_2020_12; +//extern const struct s2n_security_policy security_policy_pq_tls_1_1_2021_05_17; +//extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_18; +//extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_19; +//extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_20; +//extern const struct s2n_security_policy security_policy_pq_tls_1_1_2021_05_21; +//extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_22; +//extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_23; extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_24; -extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_25; -extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_26; +//extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_25; +extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_26; /* Used by AWS CRT SDK */ extern const struct s2n_security_policy security_policy_pq_tls_1_0_2023_01_24; extern const struct s2n_security_policy security_policy_pq_tls_1_2_2023_04_07; extern const struct s2n_security_policy security_policy_pq_tls_1_2_2023_04_08; @@ -216,10 +217,9 @@ int s2n_security_policies_init(); int s2n_config_set_cipher_preferences(struct s2n_config *config, const char *version); int s2n_connection_set_cipher_preferences(struct s2n_connection *conn, const char *version); bool s2n_ecc_is_extension_required(const struct s2n_security_policy *security_policy); -bool s2n_pq_kem_is_extension_required(const struct s2n_security_policy *security_policy); bool s2n_security_policy_supports_tls13(const struct s2n_security_policy *security_policy); int s2n_find_security_policy_from_version(const char *version, const struct s2n_security_policy **security_policy); -int s2n_validate_kem_preferences(const struct s2n_kem_preferences *kem_preferences, bool pq_kem_extension_required); +int s2n_validate_kem_preferences(const struct s2n_kem_preferences *kem_preferences); S2N_RESULT s2n_validate_certificate_signature_preferences(const struct s2n_signature_preferences *s2n_certificate_signature_preferences); S2N_RESULT s2n_security_policy_get_version(const struct s2n_security_policy *security_policy, const char **version); diff --git a/tls/s2n_server_key_exchange.c b/tls/s2n_server_key_exchange.c index 0e710950270..dc4653a9b2a 100644 --- a/tls/s2n_server_key_exchange.c +++ b/tls/s2n_server_key_exchange.c @@ -145,106 +145,6 @@ int s2n_dhe_server_key_recv_parse_data(struct s2n_connection *conn, struct s2n_k return 0; } -int s2n_kem_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *data_to_verify, - struct s2n_kex_raw_server_data *raw_server_data) -{ - struct s2n_kem_raw_server_params *kem_data = &raw_server_data->kem_data; - struct s2n_stuffer *in = &conn->handshake.io; - - /* Keep a copy to the start of the whole structure for the signature check */ - data_to_verify->data = s2n_stuffer_raw_read(in, 0); - POSIX_ENSURE_REF(data_to_verify->data); - - /* the server sends the KEM ID */ - kem_data->kem_name.data = s2n_stuffer_raw_read(in, 2); - POSIX_ENSURE_REF(kem_data->kem_name.data); - kem_data->kem_name.size = 2; - - struct s2n_stuffer kem_id_stuffer = { 0 }; - uint8_t kem_id_arr[2]; - kem_extension_size kem_id = 0; - struct s2n_blob kem_id_blob = { 0 }; - POSIX_GUARD(s2n_blob_init(&kem_id_blob, kem_id_arr, s2n_array_len(kem_id_arr))); - POSIX_GUARD(s2n_stuffer_init(&kem_id_stuffer, &kem_id_blob)); - POSIX_GUARD(s2n_stuffer_write(&kem_id_stuffer, &(kem_data->kem_name))); - POSIX_GUARD(s2n_stuffer_read_uint16(&kem_id_stuffer, &kem_id)); - - POSIX_GUARD(s2n_get_kem_from_extension_id(kem_id, &(conn->kex_params.kem_params.kem))); - conn->kex_params.kem_params.len_prefixed = true; /* PQ TLS 1.2 is always length prefixed. */ - POSIX_GUARD(s2n_kem_recv_public_key(in, &(conn->kex_params.kem_params))); - - kem_data->raw_public_key.data = conn->kex_params.kem_params.public_key.data; - kem_data->raw_public_key.size = conn->kex_params.kem_params.public_key.size; - - data_to_verify->size = sizeof(kem_extension_size) + sizeof(kem_public_key_size) + kem_data->raw_public_key.size; - - return 0; -} - -int s2n_kem_server_key_recv_parse_data(struct s2n_connection *conn, struct s2n_kex_raw_server_data *raw_server_data) -{ - POSIX_ENSURE_REF(conn); - POSIX_ENSURE_REF(conn->secure); - - struct s2n_kem_raw_server_params *kem_data = &raw_server_data->kem_data; - - /* Check that the server's requested kem is supported by the client */ - const struct s2n_kem_preferences *kem_preferences = NULL; - POSIX_GUARD(s2n_connection_get_kem_preferences(conn, &kem_preferences)); - POSIX_ENSURE_REF(kem_preferences); - - const struct s2n_cipher_suite *cipher_suite = conn->secure->cipher_suite; - const struct s2n_kem *match = NULL; - S2N_ERROR_IF(s2n_choose_kem_with_peer_pref_list(cipher_suite->iana_value, &kem_data->kem_name, - kem_preferences->kems, kem_preferences->kem_count, &match) - != 0, - S2N_ERR_KEM_UNSUPPORTED_PARAMS); - conn->kex_params.kem_params.kem = match; - - S2N_ERROR_IF(kem_data->raw_public_key.size != conn->kex_params.kem_params.kem->public_key_length, - S2N_ERR_BAD_MESSAGE); - - return 0; -} - -int s2n_hybrid_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *total_data_to_verify, - struct s2n_kex_raw_server_data *raw_server_data) -{ - POSIX_ENSURE_REF(conn); - POSIX_ENSURE_REF(conn->secure); - POSIX_ENSURE_REF(conn->secure->cipher_suite); - const struct s2n_kex *kex = conn->secure->cipher_suite->key_exchange_alg; - const struct s2n_kex *hybrid_kex_0 = kex->hybrid[0]; - const struct s2n_kex *hybrid_kex_1 = kex->hybrid[1]; - - /* Keep a copy to the start of the whole structure for the signature check */ - total_data_to_verify->data = s2n_stuffer_raw_read(&conn->handshake.io, 0); - POSIX_ENSURE_REF(total_data_to_verify->data); - - struct s2n_blob data_to_verify_0 = { 0 }; - POSIX_GUARD_RESULT(s2n_kex_server_key_recv_read_data(hybrid_kex_0, conn, &data_to_verify_0, raw_server_data)); - - struct s2n_blob data_to_verify_1 = { 0 }; - POSIX_GUARD_RESULT(s2n_kex_server_key_recv_read_data(hybrid_kex_1, conn, &data_to_verify_1, raw_server_data)); - - total_data_to_verify->size = data_to_verify_0.size + data_to_verify_1.size; - return 0; -} - -int s2n_hybrid_server_key_recv_parse_data(struct s2n_connection *conn, struct s2n_kex_raw_server_data *raw_server_data) -{ - POSIX_ENSURE_REF(conn); - POSIX_ENSURE_REF(conn->secure); - POSIX_ENSURE_REF(conn->secure->cipher_suite); - const struct s2n_kex *kex = conn->secure->cipher_suite->key_exchange_alg; - const struct s2n_kex *hybrid_kex_0 = kex->hybrid[0]; - const struct s2n_kex *hybrid_kex_1 = kex->hybrid[1]; - - POSIX_GUARD_RESULT(s2n_kex_server_key_recv_parse_data(hybrid_kex_0, conn, raw_server_data)); - POSIX_GUARD_RESULT(s2n_kex_server_key_recv_parse_data(hybrid_kex_1, conn, raw_server_data)); - return 0; -} - int s2n_server_key_send(struct s2n_connection *conn) { POSIX_ENSURE_REF(conn); @@ -311,46 +211,6 @@ int s2n_dhe_server_key_send(struct s2n_connection *conn, struct s2n_blob *data_t return 0; } -int s2n_kem_server_key_send(struct s2n_connection *conn, struct s2n_blob *data_to_sign) -{ - struct s2n_stuffer *out = &conn->handshake.io; - const struct s2n_kem *kem = conn->kex_params.kem_params.kem; - - data_to_sign->data = s2n_stuffer_raw_write(out, 0); - POSIX_ENSURE_REF(data_to_sign->data); - - POSIX_GUARD(s2n_stuffer_write_uint16(out, kem->kem_extension_id)); - conn->kex_params.kem_params.len_prefixed = true; /* PQ TLS 1.2 is always length prefixed. */ - POSIX_GUARD(s2n_kem_send_public_key(out, &(conn->kex_params.kem_params))); - - data_to_sign->size = sizeof(kem_extension_size) + sizeof(kem_public_key_size) + kem->public_key_length; - - return 0; -} - -int s2n_hybrid_server_key_send(struct s2n_connection *conn, struct s2n_blob *total_data_to_sign) -{ - POSIX_ENSURE_REF(conn); - POSIX_ENSURE_REF(conn->secure); - POSIX_ENSURE_REF(conn->secure->cipher_suite); - const struct s2n_kex *kex = conn->secure->cipher_suite->key_exchange_alg; - const struct s2n_kex *hybrid_kex_0 = kex->hybrid[0]; - const struct s2n_kex *hybrid_kex_1 = kex->hybrid[1]; - - /* Keep a copy to the start of the whole structure for the signature check */ - total_data_to_sign->data = s2n_stuffer_raw_write(&conn->handshake.io, 0); - POSIX_ENSURE_REF(total_data_to_sign->data); - - struct s2n_blob data_to_verify_0 = { 0 }; - POSIX_GUARD_RESULT(s2n_kex_server_key_send(hybrid_kex_0, conn, &data_to_verify_0)); - - struct s2n_blob data_to_verify_1 = { 0 }; - POSIX_GUARD_RESULT(s2n_kex_server_key_send(hybrid_kex_1, conn, &data_to_verify_1)); - - total_data_to_sign->size = data_to_verify_0.size + data_to_verify_1.size; - return 0; -} - int s2n_server_key_send_write_signature(struct s2n_connection *conn, struct s2n_blob *signature) { struct s2n_stuffer *out = &conn->handshake.io; diff --git a/tls/s2n_server_key_exchange.h b/tls/s2n_server_key_exchange.h index 82fe855abd3..089dfe53b5a 100644 --- a/tls/s2n_server_key_exchange.h +++ b/tls/s2n_server_key_exchange.h @@ -23,17 +23,9 @@ int s2n_dhe_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_bl struct s2n_kex_raw_server_data *raw_server_data); int s2n_ecdhe_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *data_to_verify, struct s2n_kex_raw_server_data *raw_server_data); -int s2n_kem_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *data_to_verify, - struct s2n_kex_raw_server_data *raw_server_data); -int s2n_hybrid_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *total_data_to_verify, - struct s2n_kex_raw_server_data *raw_server_data); int s2n_dhe_server_key_recv_parse_data(struct s2n_connection *conn, struct s2n_kex_raw_server_data *raw_server_data); int s2n_ecdhe_server_key_recv_parse_data(struct s2n_connection *conn, struct s2n_kex_raw_server_data *raw_server_data); -int s2n_kem_server_key_recv_parse_data(struct s2n_connection *conn, struct s2n_kex_raw_server_data *raw_server_data); -int s2n_hybrid_server_key_recv_parse_data(struct s2n_connection *conn, struct s2n_kex_raw_server_data *raw_server_data); int s2n_dhe_server_key_send(struct s2n_connection *conn, struct s2n_blob *data_to_sign); int s2n_ecdhe_server_key_send(struct s2n_connection *conn, struct s2n_blob *data_to_sign); -int s2n_kem_server_key_send(struct s2n_connection *conn, struct s2n_blob *data_to_sign); -int s2n_hybrid_server_key_send(struct s2n_connection *conn, struct s2n_blob *data_to_sign); diff --git a/tls/s2n_tls_parameters.h b/tls/s2n_tls_parameters.h index b030c3c8b2c..e8fae59d53c 100644 --- a/tls/s2n_tls_parameters.h +++ b/tls/s2n_tls_parameters.h @@ -58,11 +58,6 @@ #define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCC, 0xA9 #define TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCC, 0xAA -/* TLS 1.2 hybrid post-quantum definitions from https://tools.ietf.org/html/draft-campagna-tls-bike-sike-hybrid */ -#define TLS_ECDHE_KYBER_RSA_WITH_AES_256_GCM_SHA384 0xFF, 0x0C -#define TLS_EXTENSION_PQ_KEM_PARAMETERS 0xFE01 -#define TLS_PQ_KEM_EXTENSION_ID_KYBER_512_R3 28 - /* TLS 1.3 hybrid post-quantum definitions are from the proposed reserved range defined * in https://tools.ietf.org/html/draft-stebila-tls-hybrid-design. Values for interoperability are defined in * https://github.com/open-quantum-safe/oqs-provider/blob/main/oqs-template/oqs-kem-info.md and