From 668eb66bfdbdc8bb9c39cd5a47e6bbac6803e5a6 Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Wed, 13 Dec 2023 16:11:52 -0800 Subject: [PATCH 1/3] Add new PQ TLS Policies --- tls/s2n_cipher_preferences.c | 40 ++++++++++++++++++++++++++++++++++++ tls/s2n_cipher_preferences.h | 3 +++ tls/s2n_security_policies.c | 27 ++++++++++++++++++++++++ 3 files changed, 70 insertions(+) diff --git a/tls/s2n_cipher_preferences.c b/tls/s2n_cipher_preferences.c index cd3406d2a92..3552c72aaa8 100644 --- a/tls/s2n_cipher_preferences.c +++ b/tls/s2n_cipher_preferences.c @@ -1891,6 +1891,46 @@ const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_3_2023_06_01 = { .allow_chacha20_boosting = false, }; +struct s2n_cipher_suite *cipher_suites_20231213[] = { + &s2n_tls13_aes_128_gcm_sha256, + &s2n_tls13_aes_256_gcm_sha384, + &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, + &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, + &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, + &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, + &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, + &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, + &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384, + &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, + &s2n_rsa_with_aes_128_gcm_sha256, + &s2n_rsa_with_aes_256_gcm_sha384, + &s2n_rsa_with_aes_128_cbc_sha256, + &s2n_rsa_with_aes_256_cbc_sha256, +}; + +const struct s2n_cipher_preferences cipher_preferences_20231213 = { + .count = s2n_array_len(cipher_suites_20231213), + .suites = cipher_suites_20231213, +}; + +struct s2n_cipher_suite *cipher_suites_20231214[] = { + &s2n_tls13_aes_128_gcm_sha256, + &s2n_tls13_aes_256_gcm_sha384, + &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, + &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, + &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, + &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, + &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, + &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, + &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384, + &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, +}; + +const struct s2n_cipher_preferences cipher_preferences_20231214 = { + .count = s2n_array_len(cipher_suites_20231214), + .suites = cipher_suites_20231214, +}; + struct s2n_cipher_suite *cipher_suites_kms_fips_tls_1_2_2018_10[] = { &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, diff --git a/tls/s2n_cipher_preferences.h b/tls/s2n_cipher_preferences.h index a9f1830c821..dc68e1fbb8c 100644 --- a/tls/s2n_cipher_preferences.h +++ b/tls/s2n_cipher_preferences.h @@ -55,6 +55,9 @@ extern const struct s2n_cipher_preferences cipher_preferences_20210816_gcm; extern const struct s2n_cipher_preferences cipher_preferences_20210825; extern const struct s2n_cipher_preferences cipher_preferences_20210825_gcm; extern const struct s2n_cipher_preferences cipher_preferences_20210831; +extern const struct s2n_cipher_preferences cipher_preferences_20231213; +extern const struct s2n_cipher_preferences cipher_preferences_20231214; + extern const struct s2n_cipher_preferences cipher_preferences_default_fips; extern const struct s2n_cipher_preferences cipher_preferences_test_all; diff --git a/tls/s2n_security_policies.c b/tls/s2n_security_policies.c index 2b53f6bd9e9..46f7dc30496 100644 --- a/tls/s2n_security_policies.c +++ b/tls/s2n_security_policies.c @@ -731,6 +731,30 @@ const struct s2n_security_policy security_policy_pq_tls_1_2_2023_10_10 = { .ecc_preferences = &s2n_ecc_preferences_20200310, }; +const struct s2n_security_policy security_policy_pq_20231213 = { + .minimum_protocol_version = S2N_TLS12, + .cipher_preferences = &cipher_preferences_20231213, + .kem_preferences = &kem_preferences_pq_tls_1_3_2023_06, + .signature_preferences = &s2n_signature_preferences_20230317, + .ecc_preferences = &s2n_ecc_preferences_20201021, +}; + +const struct s2n_security_policy security_policy_pq_20231214 = { + .minimum_protocol_version = S2N_TLS12, + .cipher_preferences = &cipher_preferences_20231214, + .kem_preferences = &kem_preferences_pq_tls_1_3_2023_06, + .signature_preferences = &s2n_signature_preferences_20230317, + .ecc_preferences = &s2n_ecc_preferences_20201021, +}; + +const struct s2n_security_policy security_policy_pq_20231215 = { + .minimum_protocol_version = S2N_TLS12, + .cipher_preferences = &cipher_preferences_kms_fips_tls_1_2_2021_08, + .kem_preferences = &kem_preferences_pq_tls_1_3_2023_06, + .signature_preferences = &s2n_signature_preferences_20230317, + .ecc_preferences = &s2n_ecc_preferences_20201021, +}; + const struct s2n_security_policy security_policy_kms_fips_tls_1_2_2018_10 = { .minimum_protocol_version = S2N_TLS12, .cipher_preferences = &cipher_preferences_kms_fips_tls_1_2_2018_10, @@ -1103,6 +1127,9 @@ struct s2n_security_policy_selection security_policy_selection[] = { { .version = "PQ-TLS-1-2-2023-10-08", .security_policy = &security_policy_pq_tls_1_2_2023_10_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "PQ-TLS-1-2-2023-10-09", .security_policy = &security_policy_pq_tls_1_2_2023_10_09, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "PQ-TLS-1-2-2023-10-10", .security_policy = &security_policy_pq_tls_1_2_2023_10_10, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2023-12-13", .security_policy = &security_policy_pq_20231213, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2023-12-14", .security_policy = &security_policy_pq_20231214, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2023-12-15", .security_policy = &security_policy_pq_20231215, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "20140601", .security_policy = &security_policy_20140601, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "20141001", .security_policy = &security_policy_20141001, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "20150202", .security_policy = &security_policy_20150202, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, From 9791237647e7c8af0bdabf7dff7127a53ccaafab Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Thu, 28 Dec 2023 15:28:12 -0800 Subject: [PATCH 2/3] Integrate with FIPS Security Rules --- tests/unit/s2n_security_rules_test.c | 2 ++ tls/s2n_kem_preferences.c | 16 ++++++++++++++++ tls/s2n_kem_preferences.h | 1 + tls/s2n_security_policies.c | 12 +++++++++--- tls/s2n_security_rules.c | 14 ++++++++++++++ 5 files changed, 42 insertions(+), 3 deletions(-) diff --git a/tests/unit/s2n_security_rules_test.c b/tests/unit/s2n_security_rules_test.c index 5c69d9f2824..60d304f4699 100644 --- a/tests/unit/s2n_security_rules_test.c +++ b/tests/unit/s2n_security_rules_test.c @@ -126,6 +126,7 @@ int main(int argc, char **argv) .signature_preferences = &valid_sig_prefs, .certificate_signature_preferences = &valid_sig_prefs, .ecc_preferences = &valid_ecc_prefs, + .kem_preferences = &kem_preferences_null, .minimum_protocol_version = VALID_VERSION, }; const struct s2n_security_policy invalid_policy = { @@ -133,6 +134,7 @@ int main(int argc, char **argv) .signature_preferences = &invalid_sig_prefs, .certificate_signature_preferences = &invalid_sig_prefs, .ecc_preferences = &invalid_ecc_prefs, + .kem_preferences = &kem_preferences_null, .minimum_protocol_version = EXAMPLE_INVALID_VERSION, }; diff --git a/tls/s2n_kem_preferences.c b/tls/s2n_kem_preferences.c index b30bb86695b..7a30d34f3ee 100644 --- a/tls/s2n_kem_preferences.c +++ b/tls/s2n_kem_preferences.c @@ -34,6 +34,13 @@ const struct s2n_kem_group *pq_kem_groups_r3_2023_06[] = { &s2n_x25519_kyber_512_r3, }; +const struct s2n_kem_group *pq_kem_groups_r3_2023_12[] = { + &s2n_secp256r1_kyber_768_r3, + &s2n_secp384r1_kyber_768_r3, + &s2n_secp521r1_kyber_1024_r3, + &s2n_secp256r1_kyber_512_r3, +}; + const struct s2n_kem_preferences kem_preferences_pq_tls_1_0_2021_05 = { .kem_count = s2n_array_len(pq_kems_r3_2021_05), .kems = pq_kems_r3_2021_05, @@ -59,6 +66,15 @@ const struct s2n_kem_preferences kem_preferences_pq_tls_1_3_2023_06 = { .tls13_pq_hybrid_draft_revision = 5 }; +/* Same as kem_preferences_pq_tls_1_3_2023_06, but without x25519 */ +const struct s2n_kem_preferences kem_preferences_pq_tls_1_3_2023_12 = { + .kem_count = 0, + .kems = NULL, + .tls13_kem_group_count = s2n_array_len(pq_kem_groups_r3_2023_12), + .tls13_kem_groups = pq_kem_groups_r3_2023_12, + .tls13_pq_hybrid_draft_revision = 5 +}; + const struct s2n_kem_preferences kem_preferences_all = { .kem_count = s2n_array_len(pq_kems_r3_2021_05), .kems = pq_kems_r3_2021_05, diff --git a/tls/s2n_kem_preferences.h b/tls/s2n_kem_preferences.h index 59536da4e24..0d10b45a08c 100644 --- a/tls/s2n_kem_preferences.h +++ b/tls/s2n_kem_preferences.h @@ -47,6 +47,7 @@ extern const struct s2n_kem_group *pq_kem_groups_r3_2023_06[]; extern const struct s2n_kem_preferences kem_preferences_pq_tls_1_0_2021_05; extern const struct s2n_kem_preferences kem_preferences_pq_tls_1_0_2023_01; extern const struct s2n_kem_preferences kem_preferences_pq_tls_1_3_2023_06; +extern const struct s2n_kem_preferences kem_preferences_pq_tls_1_3_2023_12; extern const struct s2n_kem_preferences kem_preferences_all; extern const struct s2n_kem_preferences kem_preferences_null; diff --git a/tls/s2n_security_policies.c b/tls/s2n_security_policies.c index 46f7dc30496..bcd6f2c52b5 100644 --- a/tls/s2n_security_policies.c +++ b/tls/s2n_security_policies.c @@ -734,7 +734,7 @@ const struct s2n_security_policy security_policy_pq_tls_1_2_2023_10_10 = { const struct s2n_security_policy security_policy_pq_20231213 = { .minimum_protocol_version = S2N_TLS12, .cipher_preferences = &cipher_preferences_20231213, - .kem_preferences = &kem_preferences_pq_tls_1_3_2023_06, + .kem_preferences = &kem_preferences_pq_tls_1_3_2023_12, .signature_preferences = &s2n_signature_preferences_20230317, .ecc_preferences = &s2n_ecc_preferences_20201021, }; @@ -742,17 +742,23 @@ const struct s2n_security_policy security_policy_pq_20231213 = { const struct s2n_security_policy security_policy_pq_20231214 = { .minimum_protocol_version = S2N_TLS12, .cipher_preferences = &cipher_preferences_20231214, - .kem_preferences = &kem_preferences_pq_tls_1_3_2023_06, + .kem_preferences = &kem_preferences_pq_tls_1_3_2023_12, .signature_preferences = &s2n_signature_preferences_20230317, .ecc_preferences = &s2n_ecc_preferences_20201021, + .rules = { + [S2N_FIPS_140_3] = true, + }, }; const struct s2n_security_policy security_policy_pq_20231215 = { .minimum_protocol_version = S2N_TLS12, .cipher_preferences = &cipher_preferences_kms_fips_tls_1_2_2021_08, - .kem_preferences = &kem_preferences_pq_tls_1_3_2023_06, + .kem_preferences = &kem_preferences_pq_tls_1_3_2023_12, .signature_preferences = &s2n_signature_preferences_20230317, .ecc_preferences = &s2n_ecc_preferences_20201021, + .rules = { + [S2N_FIPS_140_3] = true, + }, }; const struct s2n_security_policy security_policy_kms_fips_tls_1_2_2018_10 = { diff --git a/tls/s2n_security_rules.c b/tls/s2n_security_rules.c index 9d85199d51b..ebeefe99430 100644 --- a/tls/s2n_security_rules.c +++ b/tls/s2n_security_rules.c @@ -166,6 +166,20 @@ S2N_RESULT s2n_security_rule_validate_policy(const struct s2n_security_rule *rul "curve", curve->name, i + 1)); } + const struct s2n_kem_preferences *kem_prefs = policy->kem_preferences; + RESULT_ENSURE_REF(kem_prefs); + for (size_t i = 0; i < kem_prefs->tls13_kem_group_count; i++) { + const struct s2n_kem_group *kem_group = kem_prefs->tls13_kem_groups[i]; + const struct s2n_ecc_named_curve *curve = kem_group->curve; + RESULT_ENSURE_REF(curve); + bool is_valid = false; + RESULT_ENSURE_REF(rule->validate_curve); + RESULT_GUARD(rule->validate_curve(curve, &is_valid)); + RESULT_GUARD(s2n_security_rule_result_process(result, is_valid, + error_msg_format_name, rule->name, policy_name, + "curve", curve->name, i + 1)); + } + bool is_valid = false; RESULT_ENSURE_REF(rule->validate_version); RESULT_GUARD(rule->validate_version(policy->minimum_protocol_version, &is_valid)); From d9ee2f1aadea4b6e29a487105bdbf47c780791f0 Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Mon, 8 Jan 2024 12:30:13 -0800 Subject: [PATCH 3/3] Add descriptions to each new security policy --- tls/s2n_security_policies.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tls/s2n_security_policies.c b/tls/s2n_security_policies.c index bcd6f2c52b5..0ac9e960da9 100644 --- a/tls/s2n_security_policies.c +++ b/tls/s2n_security_policies.c @@ -731,6 +731,7 @@ const struct s2n_security_policy security_policy_pq_tls_1_2_2023_10_10 = { .ecc_preferences = &s2n_ecc_preferences_20200310, }; +/* General purpose "mostly" FIPS + PQ policy (with the exception of supporting RSA Key Exchange for backwards compatibility). */ const struct s2n_security_policy security_policy_pq_20231213 = { .minimum_protocol_version = S2N_TLS12, .cipher_preferences = &cipher_preferences_20231213, @@ -739,6 +740,7 @@ const struct s2n_security_policy security_policy_pq_20231213 = { .ecc_preferences = &s2n_ecc_preferences_20201021, }; +/* General purpose FIPS + PQ policy that meets all current FIPS requirements. */ const struct s2n_security_policy security_policy_pq_20231214 = { .minimum_protocol_version = S2N_TLS12, .cipher_preferences = &cipher_preferences_20231214, @@ -750,6 +752,7 @@ const struct s2n_security_policy security_policy_pq_20231214 = { }, }; +/* FIPS + PQ Policy that uses KMS's FIPS cipher preference list and meets all current FIPS requirements. */ const struct s2n_security_policy security_policy_pq_20231215 = { .minimum_protocol_version = S2N_TLS12, .cipher_preferences = &cipher_preferences_kms_fips_tls_1_2_2021_08,