1 /* 2 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"). 5 * You may not use this file except in compliance with the License. 6 * A copy of the License is located at 7 * 8 * http://aws.amazon.com/apache2.0 9 * 10 * or in the "license" file accompanying this file. This file is distributed 11 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 12 * express or implied. See the License for the specific language governing 13 * permissions and limitations under the License. 14 */ 15 16 #pragma once 17 18 #include <stdint.h> 19 #include "crypto/s2n_hmac.h" 20 #include "stuffer/s2n_stuffer.h" 21 22 #define S2N_TLS_CONTENT_TYPE_LENGTH 1 23 24 /* All versions of TLS define the record header the same: 25 * ContentType + ProtocolVersion + length 26 */ 27 #define S2N_TLS_RECORD_HEADER_LENGTH (S2N_TLS_CONTENT_TYPE_LENGTH + S2N_TLS_PROTOCOL_VERSION_LEN + 2) 28 29 /* 30 * All versions of TLS limit the data fragment to 2^14 bytes. 31 * 32 *= https://tools.ietf.org/rfc/rfc5246#section-6.2.1 33 *# The record layer fragments information blocks into TLSPlaintext 34 *# records carrying data in chunks of 2^14 bytes or less. 35 * 36 *= https://tools.ietf.org/rfc/rfc8446#section-5.1 37 *# The record layer fragments information blocks into TLSPlaintext 38 *# records carrying data in chunks of 2^14 bytes or less. 39 */ 40 #define S2N_TLS_MAXIMUM_FRAGMENT_LENGTH (1 << 14) 41 42 /* The TLS1.2 record length allows for 1024 bytes of compression expansion and 43 * 1024 bytes of encryption expansion and padding. 44 * Since S2N does not support compression, we can ignore the compression overhead. 45 */ 46 #define S2N_TLS12_ENCRYPTION_OVERHEAD_SIZE 1024 47 #define S2N_TLS12_MAX_RECORD_LEN_FOR(frag) ((frag) + S2N_TLS12_ENCRYPTION_OVERHEAD_SIZE \ 48 + S2N_TLS_RECORD_HEADER_LENGTH) 49 #define S2N_TLS12_MAXIMUM_RECORD_LENGTH S2N_TLS12_MAX_RECORD_LEN_FOR(S2N_TLS_MAXIMUM_FRAGMENT_LENGTH) 50 51 /* 52 *= https://tools.ietf.org/rfc/rfc8446#section-5.2 53 *# An AEAD algorithm used in TLS 1.3 MUST NOT produce an expansion 54 *# greater than 255 octets. 55 */ 56 #define S2N_TLS13_ENCRYPTION_OVERHEAD_SIZE 255 57 #define S2N_TLS13_MAX_RECORD_LEN_FOR(frag) ((frag) + S2N_TLS_CONTENT_TYPE_LENGTH \ 58 + S2N_TLS13_ENCRYPTION_OVERHEAD_SIZE \ 59 + S2N_TLS_RECORD_HEADER_LENGTH) 60 #define S2N_TLS13_MAXIMUM_RECORD_LENGTH S2N_TLS13_MAX_RECORD_LEN_FOR(S2N_TLS_MAXIMUM_FRAGMENT_LENGTH) 61 62 /* Currently, TLS1.2 records may be larger than TLS1.3 records. 63 * If the protocol is unknown, assume TLS1.2. 64 */ 65 #define S2N_TLS_MAX_RECORD_LEN_FOR(frag) S2N_TLS12_MAX_RECORD_LEN_FOR(frag) 66 #define S2N_TLS_MAXIMUM_RECORD_LENGTH S2N_TLS_MAX_RECORD_LEN_FOR(S2N_TLS_MAXIMUM_FRAGMENT_LENGTH) 67 68 S2N_RESULT s2n_record_max_write_size(struct s2n_connection *conn, uint16_t max_fragment_size, uint16_t *max_record_size); 69 extern S2N_RESULT s2n_record_max_write_payload_size(struct s2n_connection *conn, uint16_t *max_fragment_size); 70 extern S2N_RESULT s2n_record_min_write_payload_size(struct s2n_connection *conn, uint16_t *payload_size); 71 extern int s2n_record_write(struct s2n_connection *conn, uint8_t content_type, struct s2n_blob *in); 72 extern int s2n_record_writev(struct s2n_connection *conn, uint8_t content_type, const struct iovec *in, int in_count, size_t offs, size_t to_write); 73 extern int s2n_record_parse(struct s2n_connection *conn); 74 extern int s2n_record_header_parse(struct s2n_connection *conn, uint8_t * content_type, uint16_t * fragment_length); 75 extern int s2n_tls13_parse_record_type(struct s2n_stuffer *stuffer, uint8_t * record_type); 76 extern int s2n_sslv2_record_header_parse(struct s2n_connection *conn, uint8_t * record_type, uint8_t * client_protocol_version, uint16_t * fragment_length); 77 extern int s2n_verify_cbc(struct s2n_connection *conn, struct s2n_hmac_state *hmac, struct s2n_blob *decrypted); 78 extern S2N_RESULT s2n_aead_aad_init(const struct s2n_connection *conn, uint8_t * sequence_number, uint8_t content_type, uint16_t record_length, struct s2n_blob *ad); 79 extern S2N_RESULT s2n_tls13_aead_aad_init(uint16_t record_length, uint8_t tag_length, struct s2n_blob *ad); 80