1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
|
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
#include "crypto/s2n_pq.h"
#include "s2n_test.h"
#include "testlib/s2n_testlib.h"
#include "tls/s2n_kem.h"
#include "tls/s2n_security_policies.h"
#include "tls/s2n_tls.h"
static S2N_RESULT s2n_policy_has_cipher(const struct s2n_security_policy *security_policy, const struct s2n_cipher_suite *needle, bool *val)
{
RESULT_ENSURE_REF(security_policy);
RESULT_ENSURE_REF(security_policy->cipher_preferences);
RESULT_ENSURE_REF(security_policy->cipher_preferences->suites);
for (size_t i = 0; i < security_policy->cipher_preferences->count; i++) {
const struct s2n_cipher_suite *hay = security_policy->cipher_preferences->suites[i];
if (hay == needle) {
*val = true;
return S2N_RESULT_OK;
}
}
*val = false;
return S2N_RESULT_OK;
}
static S2N_RESULT s2n_policy_has_kem(const struct s2n_security_policy *security_policy, const struct s2n_kem **kem_list, size_t kem_list_count, bool *val)
{
RESULT_ENSURE_REF(security_policy);
RESULT_ENSURE_REF(security_policy->kem_preferences);
if (security_policy->kem_preferences->tls13_kem_groups == NULL || security_policy->kem_preferences->tls13_kem_group_count == 0) {
*val = false;
return S2N_RESULT_OK;
}
for (size_t i = 0; i < security_policy->kem_preferences->tls13_kem_group_count; i++) {
const struct s2n_kem_group *supported_kem_group = security_policy->kem_preferences->tls13_kem_groups[i];
RESULT_ENSURE_REF(supported_kem_group);
for (int j = 0; j < kem_list_count; j++) {
const struct s2n_kem *banned_kem = kem_list[j];
RESULT_ENSURE_REF(banned_kem);
if (supported_kem_group->kem == banned_kem) {
*val = true;
return S2N_RESULT_OK;
}
}
}
*val = false;
return S2N_RESULT_OK;
}
static S2N_RESULT s2n_policy_in_list(const char *policy_name, const char **exception_list, size_t list_count, bool *val)
{
RESULT_ENSURE_REF(policy_name);
for (size_t i = 0; i < list_count; i++) {
const char *exception = exception_list[i];
RESULT_ENSURE_REF(exception);
if (strlen(policy_name) != strlen(exception)) {
continue;
}
if (memcmp(policy_name, exception, strlen(policy_name)) == 0) {
*val = true;
return S2N_RESULT_OK;
}
}
*val = false;
return S2N_RESULT_OK;
}
/* List of all ML-KEM Parameter sizes */
const struct s2n_kem *mlkem_list[] = {
&s2n_mlkem_768
};
/* Ciphers that should not be present in TLS Policies that have ML-KEM */
const struct s2n_cipher_suite *legacy_cipher_suites[] = {
&s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384, /* Draft cipher for negotiating Kyber in TLS 1.2. */
&s2n_rsa_with_3des_ede_cbc_sha,
&s2n_dhe_rsa_with_3des_ede_cbc_sha,
&s2n_ecdhe_rsa_with_3des_ede_cbc_sha,
&s2n_ecdhe_rsa_with_rc4_128_sha,
&s2n_rsa_with_rc4_128_sha,
&s2n_rsa_with_rc4_128_md5,
&s2n_null_cipher_suite,
};
/* List of s2n TLS Security Policies that are allowed to have legacy TLS Ciphers and support ML-KEM */
const char *cipher_exceptions[] = {
"test_all",
};
/* List of s2n TLS Security Policies that are allowed to have a minimum TLS Version below TLS 1.2 and support ML-KEM */
const char *tls_version_exceptions[] = {
"test_all",
};
const size_t mlkem_list_size = s2n_array_len(mlkem_list);
const size_t cipher_exceptions_size = s2n_array_len(cipher_exceptions);
const size_t tls_version_exceptions_size = s2n_array_len(tls_version_exceptions);
int main(int argc, char **argv)
{
BEGIN_TEST();
/* Enforce minimum requirements on all security policies that support ML-KEM */
for (size_t policy_index = 0; security_policy_selection[policy_index].version != NULL; policy_index++) {
const struct s2n_security_policy_selection selection = security_policy_selection[policy_index];
const char *policy_name = selection.version;
const struct s2n_security_policy *security_policy = selection.security_policy;
POSIX_ENSURE_REF(security_policy);
bool has_mlkem = false;
EXPECT_OK(s2n_policy_has_kem(security_policy, mlkem_list, mlkem_list_size, &has_mlkem));
if (!has_mlkem) {
continue;
}
/* ML-KEM requires TLS 1.3 in order to be negotiated. Ensure that Policies with ML-KEM also support TLS 1.3 */
bool has_tls_13_cipher = false;
for (size_t i = 0; i < security_policy->cipher_preferences->count; i++) {
if (security_policy->cipher_preferences->suites[i]->minimum_required_tls_version == S2N_TLS13) {
has_tls_13_cipher = true;
break;
}
}
EXPECT_TRUE(has_tls_13_cipher);
/* Ensure all security policies that have ML-KEM support do not use previous draft wire-format
* for Hybrid KeyShares with length prefixing. */
const struct s2n_kem_preferences *kem_preferences = security_policy->kem_preferences;
POSIX_ENSURE_REF(kem_preferences);
EXPECT_FALSE(s2n_tls13_client_must_use_hybrid_kem_length_prefix(kem_preferences));
/* All security policies that have ML-KEM should have TLS 1.2 as their minimum supported TLS Version */
if (security_policy->minimum_protocol_version < S2N_TLS12) {
bool has_exception = false;
EXPECT_OK(s2n_policy_in_list(policy_name, tls_version_exceptions, tls_version_exceptions_size, &has_exception));
if (!has_exception) {
fprintf(stdout, "Security Policy: %s has ML-KEM and uses a legacy TLS Version: %d\n",
policy_name, security_policy->minimum_protocol_version);
FAIL_MSG("ML-KEM policies should not contain legacy TLS Versions.");
}
}
/* Policies that have ML-KEM should not have 3DES, RC4, or (abandoned/deprecated) draft TLS 1.2 Kyber support */
for (int j = 0; j < s2n_array_len(legacy_cipher_suites); j++) {
bool has_cipher = false;
EXPECT_OK(s2n_policy_has_cipher(security_policy, legacy_cipher_suites[j], &has_cipher));
if (has_cipher) {
bool has_exception = false;
EXPECT_OK(s2n_policy_in_list(policy_name, cipher_exceptions, cipher_exceptions_size, &has_exception));
if (!has_exception) {
fprintf(stdout, "Security Policy: %s has ML-KEM and legacy cipher: %s\n",
policy_name, legacy_cipher_suites[j]->name);
FAIL_MSG("ML-KEM policies should not contain legacy ciphers.");
}
}
}
}
END_TEST();
}
|
