1 /*
2  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License").
5  * You may not use this file except in compliance with the License.
6  * A copy of the License is located at
7  *
8  *  http://aws.amazon.com/apache2.0
9  *
10  * or in the "license" file accompanying this file. This file is distributed
11  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12  * express or implied. See the License for the specific language governing
13  * permissions and limitations under the License.
14  */
15 
16 #pragma once
17 
18 #include "utils/s2n_result.h"
19 
20 /* Maximum number of valid handshakes */
21 #define S2N_HANDSHAKES_COUNT        256
22 
23 #define IS_NEGOTIATED(conn)                 \
24     ( s2n_handshake_type_check_flag(conn, NEGOTIATED) )
25 
26 #define IS_FULL_HANDSHAKE(conn)             \
27     ( s2n_handshake_type_check_flag(conn, FULL_HANDSHAKE) )
28 
29 #define IS_RESUMPTION_HANDSHAKE(conn)       \
30     ( !IS_FULL_HANDSHAKE(conn) && IS_NEGOTIATED(conn) )
31 
32 #define IS_CLIENT_AUTH_HANDSHAKE(conn)      \
33     ( s2n_handshake_type_check_flag(conn, CLIENT_AUTH) )
34 
35 #define IS_CLIENT_AUTH_NO_CERT(conn)        \
36     ( IS_CLIENT_AUTH_HANDSHAKE(conn) && s2n_handshake_type_check_flag(conn, NO_CLIENT_CERT) )
37 
38 #define IS_TLS12_PERFECT_FORWARD_SECRECY_HANDSHAKE(conn) \
39     ( s2n_handshake_type_check_tls12_flag(conn, TLS12_PERFECT_FORWARD_SECRECY) )
40 
41 #define IS_OCSP_STAPLED(conn)               \
42     ( s2n_handshake_type_check_tls12_flag(conn, OCSP_STATUS) )
43 
44 #define IS_ISSUING_NEW_SESSION_TICKET(conn) \
45     ( s2n_handshake_type_check_tls12_flag(conn, WITH_SESSION_TICKET) )
46 
47 #define IS_HELLO_RETRY_HANDSHAKE(conn)      \
48     ( s2n_handshake_type_check_tls13_flag(conn, HELLO_RETRY_REQUEST) )
49 
50 #define IS_MIDDLEBOX_COMPAT_MODE(conn)      \
51     ( s2n_handshake_type_check_tls13_flag(conn, MIDDLEBOX_COMPAT) )
52 
53 #define WITH_EARLY_DATA(conn)               \
54     ( s2n_handshake_type_check_tls13_flag(conn, WITH_EARLY_DATA) )
55 
56 #define WITH_EARLY_CLIENT_CCS(conn)         \
57     ( s2n_handshake_type_check_tls13_flag(conn, EARLY_CLIENT_CCS) )
58 
59 typedef enum {
60     INITIAL                         = 0,
61     NEGOTIATED                      = 1,
62     FULL_HANDSHAKE                  = 2,
63     CLIENT_AUTH                     = 4,
64     NO_CLIENT_CERT                  = 8,
65 } s2n_handshake_type_flag;
66 
67 S2N_RESULT s2n_handshake_type_set_flag(struct s2n_connection *conn, s2n_handshake_type_flag flag);
68 bool s2n_handshake_type_check_flag(struct s2n_connection *conn, s2n_handshake_type_flag flag);
69 
70 typedef enum {
71     TLS12_PERFECT_FORWARD_SECRECY   = 16,
72     OCSP_STATUS                     = 32,
73     WITH_SESSION_TICKET             = 64,
74 } s2n_tls12_handshake_type_flag;
75 
76 S2N_RESULT s2n_handshake_type_set_tls12_flag(struct s2n_connection *conn, s2n_tls12_handshake_type_flag flag);
77 S2N_RESULT s2n_handshake_type_unset_tls12_flag(struct s2n_connection *conn, s2n_tls12_handshake_type_flag flag);
78 bool s2n_handshake_type_check_tls12_flag(struct s2n_connection *conn, s2n_tls12_handshake_type_flag flag);
79 
80 typedef enum {
81     HELLO_RETRY_REQUEST             = 16,
82     MIDDLEBOX_COMPAT                = 32,
83     WITH_EARLY_DATA                 = 64,
84     EARLY_CLIENT_CCS                = 128,
85 } s2n_tls13_handshake_type_flag;
86 
87 S2N_RESULT s2n_handshake_type_set_tls13_flag(struct s2n_connection *conn, s2n_tls13_handshake_type_flag flag);
88 bool s2n_handshake_type_check_tls13_flag(struct s2n_connection *conn, s2n_tls13_handshake_type_flag flag);
89 
90 S2N_RESULT s2n_handshake_type_reset(struct s2n_connection *conn);
91