1 /*
2  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License").
5  * You may not use this file except in compliance with the License.
6  * A copy of the License is located at
7  *
8  *  http://aws.amazon.com/apache2.0
9  *
10  * or in the "license" file accompanying this file. This file is distributed
11  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12  * express or implied. See the License for the specific language governing
13  * permissions and limitations under the License.
14  */
15 
16 #pragma once
17 
18 #include <stdint.h>
19 #include "crypto/s2n_hmac.h"
20 #include "stuffer/s2n_stuffer.h"
21 
22 #define S2N_TLS_CONTENT_TYPE_LENGTH             1
23 
24 /* All versions of TLS define the record header the same:
25  * ContentType + ProtocolVersion + length
26  */
27 #define S2N_TLS_RECORD_HEADER_LENGTH            (S2N_TLS_CONTENT_TYPE_LENGTH + S2N_TLS_PROTOCOL_VERSION_LEN + 2)
28 
29 /*
30  * All versions of TLS limit the data fragment to 2^14 bytes.
31  *
32  *= https://tools.ietf.org/rfc/rfc5246#section-6.2.1
33  *# The record layer fragments information blocks into TLSPlaintext
34  *# records carrying data in chunks of 2^14 bytes or less.
35  *
36  *= https://tools.ietf.org/rfc/rfc8446#section-5.1
37  *# The record layer fragments information blocks into TLSPlaintext
38  *# records carrying data in chunks of 2^14 bytes or less.
39  */
40 #define S2N_TLS_MAXIMUM_FRAGMENT_LENGTH         (1 << 14)
41 
42 /* The TLS1.2 record length allows for 1024 bytes of compression expansion and
43  * 1024 bytes of encryption expansion and padding.
44  * Since S2N does not support compression, we can ignore the compression overhead.
45  */
46 #define S2N_TLS12_ENCRYPTION_OVERHEAD_SIZE      1024
47 #define S2N_TLS12_MAX_RECORD_LEN_FOR(frag)      ((frag) + S2N_TLS12_ENCRYPTION_OVERHEAD_SIZE \
48                                                         + S2N_TLS_RECORD_HEADER_LENGTH)
49 #define S2N_TLS12_MAXIMUM_RECORD_LENGTH         S2N_TLS12_MAX_RECORD_LEN_FOR(S2N_TLS_MAXIMUM_FRAGMENT_LENGTH)
50 
51 /*
52  *= https://tools.ietf.org/rfc/rfc8446#section-5.2
53  *# An AEAD algorithm used in TLS 1.3 MUST NOT produce an expansion
54  *# greater than 255 octets.
55  */
56 #define S2N_TLS13_ENCRYPTION_OVERHEAD_SIZE      255
57 #define S2N_TLS13_MAX_RECORD_LEN_FOR(frag)      ((frag) + S2N_TLS_CONTENT_TYPE_LENGTH \
58                                                         + S2N_TLS13_ENCRYPTION_OVERHEAD_SIZE \
59                                                         + S2N_TLS_RECORD_HEADER_LENGTH)
60 #define S2N_TLS13_MAXIMUM_RECORD_LENGTH         S2N_TLS13_MAX_RECORD_LEN_FOR(S2N_TLS_MAXIMUM_FRAGMENT_LENGTH)
61 
62 /* Currently, TLS1.2 records may be larger than TLS1.3 records.
63  * If the protocol is unknown, assume TLS1.2.
64  */
65 #define S2N_TLS_MAX_RECORD_LEN_FOR(frag)        S2N_TLS12_MAX_RECORD_LEN_FOR(frag)
66 #define S2N_TLS_MAXIMUM_RECORD_LENGTH           S2N_TLS_MAX_RECORD_LEN_FOR(S2N_TLS_MAXIMUM_FRAGMENT_LENGTH)
67 
68 S2N_RESULT s2n_record_max_write_size(struct s2n_connection *conn, uint16_t max_fragment_size, uint16_t *max_record_size);
69 extern S2N_RESULT s2n_record_max_write_payload_size(struct s2n_connection *conn, uint16_t *max_fragment_size);
70 extern S2N_RESULT s2n_record_min_write_payload_size(struct s2n_connection *conn, uint16_t *payload_size);
71 extern int s2n_record_write(struct s2n_connection *conn, uint8_t content_type, struct s2n_blob *in);
72 extern int s2n_record_writev(struct s2n_connection *conn, uint8_t content_type, const struct iovec *in, int in_count, size_t offs, size_t to_write);
73 extern int s2n_record_parse(struct s2n_connection *conn);
74 extern int s2n_record_header_parse(struct s2n_connection *conn, uint8_t * content_type, uint16_t * fragment_length);
75 extern int s2n_tls13_parse_record_type(struct s2n_stuffer *stuffer, uint8_t * record_type);
76 extern int s2n_sslv2_record_header_parse(struct s2n_connection *conn, uint8_t * record_type, uint8_t * client_protocol_version, uint16_t * fragment_length);
77 extern int s2n_verify_cbc(struct s2n_connection *conn, struct s2n_hmac_state *hmac, struct s2n_blob *decrypted);
78 extern S2N_RESULT s2n_aead_aad_init(const struct s2n_connection *conn, uint8_t * sequence_number, uint8_t content_type, uint16_t record_length, struct s2n_blob *ad);
79 extern S2N_RESULT s2n_tls13_aead_aad_init(uint16_t record_length, uint8_t tag_length, struct s2n_blob *ad);
80