1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
#include "api/s2n.h"
#include "tls/s2n_ecc_preferences.h"
#include "tls/s2n_connection.h"
#include "crypto/s2n_ecc_evp.h"
#include "utils/s2n_safety.h"
const struct s2n_ecc_named_curve *const s2n_ecc_pref_list_20140601[] = {
&s2n_ecc_curve_secp256r1,
&s2n_ecc_curve_secp384r1,
};
const struct s2n_ecc_named_curve *const s2n_ecc_pref_list_20200310[] = {
#if EVP_APIS_SUPPORTED
&s2n_ecc_curve_x25519,
#endif
&s2n_ecc_curve_secp256r1,
&s2n_ecc_curve_secp384r1,
};
/*
* These curves were chosen based on the following specification:
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf
*/
const struct s2n_ecc_named_curve *const s2n_ecc_pref_list_default_fips[] = {
&s2n_ecc_curve_secp256r1,
&s2n_ecc_curve_secp384r1,
};
const struct s2n_ecc_named_curve *const s2n_ecc_pref_list_20201021[] = {
&s2n_ecc_curve_secp256r1,
&s2n_ecc_curve_secp384r1,
&s2n_ecc_curve_secp521r1,
};
const struct s2n_ecc_named_curve *const s2n_ecc_pref_list_20210816[] = {
&s2n_ecc_curve_secp384r1,
};
const struct s2n_ecc_named_curve *const s2n_ecc_pref_list_test_all[] = {
#if EVP_APIS_SUPPORTED
&s2n_ecc_curve_x25519,
#endif
&s2n_ecc_curve_secp256r1,
&s2n_ecc_curve_secp384r1,
&s2n_ecc_curve_secp521r1,
};
const struct s2n_ecc_preferences s2n_ecc_preferences_20140601 = {
.count = s2n_array_len(s2n_ecc_pref_list_20140601),
.ecc_curves = s2n_ecc_pref_list_20140601,
};
const struct s2n_ecc_preferences s2n_ecc_preferences_20200310 = {
.count = s2n_array_len(s2n_ecc_pref_list_20200310),
.ecc_curves = s2n_ecc_pref_list_20200310,
};
const struct s2n_ecc_preferences s2n_ecc_preferences_default_fips = {
.count = s2n_array_len(s2n_ecc_pref_list_default_fips),
.ecc_curves = s2n_ecc_pref_list_default_fips,
};
const struct s2n_ecc_preferences s2n_ecc_preferences_20201021 = {
.count = s2n_array_len(s2n_ecc_pref_list_20201021),
.ecc_curves = s2n_ecc_pref_list_20201021,
};
const struct s2n_ecc_preferences s2n_ecc_preferences_20210816 = {
.count = s2n_array_len(s2n_ecc_pref_list_20210816),
.ecc_curves = s2n_ecc_pref_list_20210816,
};
const struct s2n_ecc_preferences s2n_ecc_preferences_test_all = {
.count = s2n_array_len(s2n_ecc_pref_list_test_all),
.ecc_curves = s2n_ecc_pref_list_test_all,
};
const struct s2n_ecc_preferences s2n_ecc_preferences_null = {
.count = 0,
.ecc_curves = NULL,
};
/* Checks if the ecc_curves present in s2n_ecc_preferences list is a subset of s2n_all_supported_curves_list
* maintained in s2n_ecc_evp.c */
int s2n_check_ecc_preferences_curves_list(const struct s2n_ecc_preferences *ecc_preferences) {
int check = 1;
for (int i = 0; i < ecc_preferences->count; i++) {
const struct s2n_ecc_named_curve *named_curve = ecc_preferences->ecc_curves[i];
int curve_found = 0;
for (size_t j = 0; j < s2n_all_supported_curves_list_len; j++) {
if (named_curve->iana_id == s2n_all_supported_curves_list[j]->iana_id) {
curve_found = 1;
break;
}
}
check *= curve_found;
if (check == 0) {
POSIX_BAIL(S2N_ERR_ECDHE_UNSUPPORTED_CURVE);
}
}
return S2N_SUCCESS;
}
/* Determines if query_iana_id corresponds to a curve for these ECC preferences. */
bool s2n_ecc_preferences_includes_curve(const struct s2n_ecc_preferences *ecc_preferences, uint16_t query_iana_id) {
if (ecc_preferences == NULL) {
return false;
}
for (size_t i = 0; i < ecc_preferences->count; i++) {
if (query_iana_id == ecc_preferences->ecc_curves[i]->iana_id) {
return true;
}
}
return false;
}
|