/* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ /** * @file s2n.h * s2n-tls is a C99 implementation of the TLS/SSL protocols that is designed to * be simple, small, fast, and with security as a priority.
It is released and * licensed under the Apache License 2.0. */ #pragma once #if ((__GNUC__ >= 4) || defined(__clang__)) && defined(S2N_EXPORTS) /** * Marks a function as belonging to the public s2n API. */ #define S2N_API __attribute__((visibility("default"))) #else /** * Marks a function as belonging to the public s2n API. */ #define S2N_API #endif /* __GNUC__ >= 4 || defined(__clang__) */ #ifdef __cplusplus extern "C" { #endif #include #include #include #include #include /** * Function return code */ #define S2N_SUCCESS 0 /** * Function return code */ #define S2N_FAILURE -1 /** * Callback return code */ #define S2N_CALLBACK_BLOCKED -2 /** * s2n minimum supported TLS record major version */ #define S2N_MINIMUM_SUPPORTED_TLS_RECORD_MAJOR_VERSION 2 /** * s2n maximum supported TLS record major version */ #define S2N_MAXIMUM_SUPPORTED_TLS_RECORD_MAJOR_VERSION 3 /** * s2n SSL 2.0 Version Constant */ #define S2N_SSLv2 20 /** * s2n SSL 3.0 Version Constant */ #define S2N_SSLv3 30 /** * s2n TLS 1.0 Version Constant */ #define S2N_TLS10 31 /** * s2n TLS 1.1 Version Constant */ #define S2N_TLS11 32 /** * s2n TLS 1.2 Version Constant */ #define S2N_TLS12 33 /** * s2n TLS 1.3 Version Constant */ #define S2N_TLS13 34 /** * s2n Unknown TLS Version */ #define S2N_UNKNOWN_PROTOCOL_VERSION 0 /** * s2n-tls functions that return 'int' return 0 to indicate success and -1 to indicate * failure. * * s2n-tls functions that return pointer types return NULL in the case of * failure. * * When an s2n-tls function returns a failure, s2n_errno will be set to a value * corresponding to the error. This error value can be translated into a string * explaining the error in English by calling s2n_strerror(s2n_errno, "EN"). * A string containing human readable error name; can be generated with `s2n_strerror_name`. * A string containing internal debug information, including filename and line number, can be generated with `s2n_strerror_debug`. * A string containing only the filename and line number can be generated with `s2n_strerror_source`. * This string is useful to include when reporting issues to the s2n-tls development team. * * @warning To avoid possible confusion, s2n_errno should be cleared after processing an error: `s2n_errno = S2N_ERR_T_OK` */ S2N_API extern __thread int s2n_errno; /** * This function can be used instead of trying to resolve `s2n_errno` directly * in runtimes where thread-local variables may not be easily accessible. * * @returns The address of the thread-local `s2n_errno` variable */ S2N_API extern int *s2n_errno_location(void); /** * Used to help applications determine why an s2n-tls function failed. * * This enum is optimized for use in C switch statements. Each value in the enum represents * an error "category". * * s2n-tls organizes errors into different "types" to allow applications to handle error * values without catching all possibilities. Applications using non-blocking I/O should check * the error type to determine if the I/O operation failed because it would block or for some other * error. To retrieve the type for a given error use `s2n_error_get_type()`. Applications should * perform any error handling logic using these high level types. * * See the [Error Handling](https://github.com/aws/s2n-tls/blob/main/docs/usage-guide/topics/ch03-error-handling.md) section for how the errors should be interpreted. */ typedef enum { /** No error */ S2N_ERR_T_OK = 0, /** Underlying I/O operation failed, check system errno */ S2N_ERR_T_IO, /** EOF */ S2N_ERR_T_CLOSED, /** Underlying I/O operation would block */ S2N_ERR_T_BLOCKED, /** Incoming Alert */ S2N_ERR_T_ALERT, /** Failure in some part of the TLS protocol. Ex: CBC verification failure */ S2N_ERR_T_PROTO, /** Error internal to s2n-tls. A precondition could have failed. */ S2N_ERR_T_INTERNAL, /** User input error. Ex: Providing an invalid cipher preference version */ S2N_ERR_T_USAGE } s2n_error_type; /** * Gets the category of error from an error. * * s2n-tls organizes errors into different "types" to allow applications to do logic on error values without catching all possibilities. * Applications using non-blocking I/O should check error type to determine if the I/O operation failed because * it would block or for some other error. * * @param error The error from s2n. Usually this is `s2n_errno`. * @returns An s2n_error_type */ S2N_API extern int s2n_error_get_type(int error); /** * An opaque configuration object, used by clients and servers for holding cryptographic certificates, keys and preferences. */ struct s2n_config; /** * An opaque connection. Used to track each s2n connection. */ struct s2n_connection; /** * Prevents S2N from calling `OPENSSL_init_crypto`/`OPENSSL_cleanup`/`EVP_cleanup` on OpenSSL versions * prior to 1.1.x. This allows applications or languages that also init OpenSSL to interoperate * with S2N. * * @warning This function must be called BEFORE s2n_init() to have any effect. It will return an error * if s2n is already initialized. * * @note If you disable this and are using a version of OpenSSL/libcrypto < 1.1.x, you will * be responsible for library init and cleanup (specifically `OPENSSL_add_all_algorithms()` * or `OPENSSL_init_crypto()`, and EVP_* APIs will not be usable unless the library is initialized. * * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_crypto_disable_init(void); /** * Prevents S2N from installing an atexit handler, which allows safe shutdown of S2N from within a * re-entrant shared library * * @warning This function must be called BEFORE s2n_init() to have any effect. It will return an error * if s2n is already initialized. * * @note This will cause `s2n_cleanup` to do complete cleanup of s2n-tls when called from the main * thread (the thread `s2n_init` was called from). * * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_disable_atexit(void); /** * Fetches the OpenSSL version s2n-tls was compiled with. This can be used by applications to validate at runtime * that the versions of s2n-tls and Openssl that they have loaded are correct. * * @returns the version number of OpenSSL that s2n-tls was compiled with */ S2N_API extern unsigned long s2n_get_openssl_version(void); /** * Initializes the s2n-tls library and should be called once in your application, before any other s2n-tls * functions are called. Failure to call s2n_init() will result in errors from other s2n-tls functions. * * @warning This function is not thread safe and should only be called once. * * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_init(void); /** * Cleans up any internal resources used by s2n-tls. This function should be called from each thread or process * that is created subsequent to calling `s2n_init` when that thread or process is done calling other s2n-tls functions. * * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_cleanup(void); typedef enum { S2N_FIPS_MODE_DISABLED = 0, S2N_FIPS_MODE_ENABLED, } s2n_fips_mode; /** * Determines whether s2n-tls is operating in FIPS mode. * * s2n-tls enters FIPS mode on initialization when the linked libcrypto has FIPS mode enabled. Some * libcryptos, such as AWS-LC-FIPS, have FIPS mode enabled by default. With other libcryptos, such * as OpenSSL, FIPS mode must be enabled before initialization by calling `FIPS_mode_set()`. * * s2n-tls MUST be linked to a FIPS libcrypto and MUST be in FIPS mode in order to comply with FIPS * requirements. Applications desiring FIPS compliance should use this API to ensure that s2n-tls * has been properly linked with a FIPS libcrypto and has successfully entered FIPS mode. * * @param fips_mode Set to the FIPS mode of s2n-tls. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure. */ S2N_API extern int s2n_get_fips_mode(s2n_fips_mode *fips_mode); /** * Creates a new s2n_config object. This object can (and should) be associated with many connection * objects. * * The returned config will be initialized with default system certificates in its trust store. * * The returned config should be freed with `s2n_config_free()` after it's no longer in use by any * connection. * * @returns A new configuration object suitable for configuring connections and associating certs * and keys. */ S2N_API extern struct s2n_config *s2n_config_new(void); /** * Creates a new s2n_config object with minimal default options. * * This function has better performance than `s2n_config_new()` because it does not load default * system certificates into the trust store by default. To add system certificates to this config, * call `s2n_config_load_system_certs()`. * * The returned config should be freed with `s2n_config_free()` after it's no longer in use by any * connection. * * @returns A new configuration object suitable for configuring connections and associating certs * and keys. */ S2N_API extern struct s2n_config *s2n_config_new_minimal(void); /** * Frees the memory associated with an `s2n_config` object. * * @param config The configuration object being freed * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_free(struct s2n_config *config); /** * Frees the DH params associated with an `s2n_config` object. * * @param config The configuration object with DH params being freed * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_free_dhparams(struct s2n_config *config); /** * Frees the certificate chain and key associated with an `s2n_config` object. * * @param config The configuration object with DH params being freed * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_free_cert_chain_and_key(struct s2n_config *config); /** * Callback function type used to get the system time. * * @param void* A pointer to arbitrary data for use within the callback * @param uint64_t* A pointer that the callback will set to the time in nanoseconds * The function should return 0 on success and -1 on failure. */ typedef int (*s2n_clock_time_nanoseconds)(void *, uint64_t *); /** * Cache callback function that allows the caller to retrieve SSL session data * from a cache. * * The callback function takes six arguments: * a pointer to the s2n_connection object, * a pointer to arbitrary data for use within the callback, * a pointer to a key which can be used to retrieve the cached entry, * a 64 bit unsigned integer specifying the size of this key, * a pointer to a memory location where the value should be stored, * and a pointer to a 64 bit unsigned integer specifying the size of this value. * * Initially *value_size will be set to the amount of space allocated for the value, * the callback should set *value_size to the actual size of the data returned. * If there is insufficient space, -1 should be returned. * If the cache is not ready to provide data for the request, * S2N_CALLBACK_BLOCKED should be returned. * * This will cause s2n_negotiate() to return S2N_BLOCKED_ON_APPLICATION_INPUT. */ typedef int (*s2n_cache_retrieve_callback)(struct s2n_connection *conn, void *, const void *key, uint64_t key_size, void *value, uint64_t *value_size); /** * Cache callback function that allows the caller to store SSL session data in a * cache. * * The callback function takes seven arguments: * a pointer to the s2n_connection object, * a pointer to arbitrary data for use within the callback, * a 64-bit unsigned integer specifying the number of seconds the session data may be stored for, * a pointer to a key which can be used to retrieve the cached entry, * a 64 bit unsigned integer specifying the size of this key, * a pointer to a value which should be stored, * and a 64 bit unsigned integer specified the size of this value. */ typedef int (*s2n_cache_store_callback)(struct s2n_connection *conn, void *, uint64_t ttl_in_seconds, const void *key, uint64_t key_size, const void *value, uint64_t value_size); /** * Cache callback function that allows the caller to set a callback function * that will be used to delete SSL session data from a cache. * * The callback function takes four arguments: * a pointer to s2n_connection object, * a pointer to arbitrary data for use within the callback, * a pointer to a key which can be used to delete the cached entry, * and a 64 bit unsigned integer specifying the size of this key. */ typedef int (*s2n_cache_delete_callback)(struct s2n_connection *conn, void *, const void *key, uint64_t key_size); /** * Allows the caller to set a callback function that will be used to get the * system time. The time returned should be the number of nanoseconds since the * Unix epoch (Midnight, January 1st, 1970). * * s2n-tls uses this clock for timestamps. * * @param config The configuration object being updated * @param clock_fn The wall clock time callback function * @param ctx An opaque pointer that the callback will be invoked with * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_wall_clock(struct s2n_config *config, s2n_clock_time_nanoseconds clock_fn, void *ctx); /** * Allows the caller to set a callback function that will be used to get * monotonic time. The monotonic time is the time since an arbitrary, unspecified * point. Unlike wall clock time, it MUST never move backwards. * * s2n-tls uses this clock for timers. * * @param config The configuration object being updated * @param clock_fn The monotonic time callback function * @param ctx An opaque pointer that the callback will be invoked with * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_monotonic_clock(struct s2n_config *config, s2n_clock_time_nanoseconds clock_fn, void *ctx); /** * Translates an s2n_error code to a human readable string explaining the error. * * @param error The error code to explain. Usually this is s2n_errno * @param lang The language to explain the error code. Pass "EN" or NULL for English. * @returns The error string */ S2N_API extern const char *s2n_strerror(int error, const char *lang); /** * Translates an s2n_error code to a human readable string containing internal debug * information, including file name and line number. This function is useful when * reporting issues to the s2n-tls development team. * * @param error The error code to explain. Usually this is s2n_errno * @param lang The language to explain the error code. Pass "EN" or NULL for English. * @returns The error string */ S2N_API extern const char *s2n_strerror_debug(int error, const char *lang); /** * Translates an s2n_error code to a human readable string. * * @param error The error code to explain. Usually this is s2n_errno * @returns The error string */ S2N_API extern const char *s2n_strerror_name(int error); /** * Translates an s2n_error code to a filename and line number. * * @param error The error code to explain. Usually this is s2n_errno. * @returns The error string. */ S2N_API extern const char *s2n_strerror_source(int error); /** * Opaque stack trace structure. */ struct s2n_stacktrace; /** * Checks if s2n stack trace captures are enabled. * * @returns True if stack traces are enabled. False if they are disabled. */ S2N_API extern bool s2n_stack_traces_enabled(void); /** * Configures the s2n stack trace captures option. * * @param newval Boolean to determine if stack traces should be enabled. True to enable them. False to disable them. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_stack_traces_enabled_set(bool newval); /** * Calculates the s2n stack trace. * * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_calculate_stacktrace(void); /** * Prints the s2n stack trace to a file. The file descriptor is expected to be * open and ready for writing. * * @param fptr A pointer to the file s2n-tls should write the stack trace to. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_print_stacktrace(FILE *fptr); /** * Clean up the memory used to contain the stack trace. * * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_free_stacktrace(void); /** * Export the s2n_stacktrace. * * @param trace A pointer to the s2n_stacktrace to fill. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_get_stacktrace(struct s2n_stacktrace *trace); /** * Allows the caller to set a callback function that will be used to store SSL * session data in a cache. * * @param config The configuration object being updated * @param cache_store_callback The cache store callback function. * @param data An opaque context pointer that the callback will be invoked with. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_cache_store_callback(struct s2n_config *config, s2n_cache_store_callback cache_store_callback, void *data); /** * Allows the caller to set a callback function that will be used to retrieve SSL * session data from a cache. * * @param config The configuration object being updated * @param cache_retrieve_callback The cache retrieve callback function. * @param data An opaque context pointer that the callback will be invoked with. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_cache_retrieve_callback(struct s2n_config *config, s2n_cache_retrieve_callback cache_retrieve_callback, void *data); /** * Allows the caller to set a callback function that will be used to delete SSL * session data from a cache. * * @param config The configuration object being updated * @param cache_delete_callback The cache delete callback function. * @param data An opaque context pointer that the callback will be invoked with. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_cache_delete_callback(struct s2n_config *config, s2n_cache_delete_callback cache_delete_callback, void *data); /** * Called when `s2n_init` is executed. */ typedef int (*s2n_mem_init_callback)(void); /** * Will be called when `s2n_cleanup` is executed. */ typedef int (*s2n_mem_cleanup_callback)(void); /** * A function that can allocate at least `requested` bytes of memory. * * It stores the location of that memory in **\*ptr** and the size of the allocated * data in **\*allocated**. The function may choose to allocate more memory * than was requested. s2n-tls will consider all allocated memory available for * use, and will attempt to free all allocated memory when able. */ typedef int (*s2n_mem_malloc_callback)(void **ptr, uint32_t requested, uint32_t *allocated); /** * Frees memory allocated by s2n_mem_malloc_callback. */ typedef int (*s2n_mem_free_callback)(void *ptr, uint32_t size); /** * Allows the caller to override s2n-tls's internal memory handling functions. * * @warning This function must be called before s2n_init(). * * @param mem_init_callback The s2n_mem_init_callback * @param mem_cleanup_callback The s2n_mem_cleanup_callback * @param mem_malloc_callback The s2n_mem_malloc_callback * @param mem_free_callback The s2n_mem_free_callback * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_mem_set_callbacks(s2n_mem_init_callback mem_init_callback, s2n_mem_cleanup_callback mem_cleanup_callback, s2n_mem_malloc_callback mem_malloc_callback, s2n_mem_free_callback mem_free_callback); /** * A callback function that will be called when s2n-tls is initialized. */ typedef int (*s2n_rand_init_callback)(void); /** * A callback function that will be called when `s2n_cleanup` is executed. */ typedef int (*s2n_rand_cleanup_callback)(void); /** * A callback function that will be used to provide entropy to the s2n-tls * random number generators. */ typedef int (*s2n_rand_seed_callback)(void *data, uint32_t size); /** * A callback function that will be used to mix in entropy every time the RNG * is invoked. */ typedef int (*s2n_rand_mix_callback)(void *data, uint32_t size); /** * Allows the caller to override s2n-tls's entropy functions. * * @warning This function must be called before s2n_init(). * * @note The overriden random callbacks will not be used when s2n-tls is operating in FIPS mode. * * @param rand_init_callback The s2n_rand_init_callback * @param rand_cleanup_callback The s2n_rand_cleanup_callback * @param rand_seed_callback The s2n_rand_seed_callback * @param rand_mix_callback The s2n_rand_mix_callback * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_rand_set_callbacks(s2n_rand_init_callback rand_init_callback, s2n_rand_cleanup_callback rand_cleanup_callback, s2n_rand_seed_callback rand_seed_callback, s2n_rand_mix_callback rand_mix_callback); /** * TLS extensions supported by s2n-tls */ typedef enum { S2N_EXTENSION_SERVER_NAME = 0, S2N_EXTENSION_MAX_FRAG_LEN = 1, S2N_EXTENSION_OCSP_STAPLING = 5, S2N_EXTENSION_SUPPORTED_GROUPS = 10, S2N_EXTENSION_EC_POINT_FORMATS = 11, S2N_EXTENSION_SIGNATURE_ALGORITHMS = 13, S2N_EXTENSION_ALPN = 16, S2N_EXTENSION_CERTIFICATE_TRANSPARENCY = 18, S2N_EXTENSION_SUPPORTED_VERSIONS = 43, S2N_EXTENSION_RENEGOTIATION_INFO = 65281, } s2n_tls_extension_type; /** * MFL configurations from https://datatracker.ietf.org/doc/html/rfc6066#section-4. */ typedef enum { S2N_TLS_MAX_FRAG_LEN_512 = 1, S2N_TLS_MAX_FRAG_LEN_1024 = 2, S2N_TLS_MAX_FRAG_LEN_2048 = 3, S2N_TLS_MAX_FRAG_LEN_4096 = 4, } s2n_max_frag_len; /** * Opaque certificate type. */ struct s2n_cert; /** * Opaque certificate chain and key type. */ struct s2n_cert_chain_and_key; /** * Opaque key type. */ struct s2n_pkey; /** * Opaque public key type. */ typedef struct s2n_pkey s2n_cert_public_key; /** * Opaque private key type. */ typedef struct s2n_pkey s2n_cert_private_key; /** * Creates a new s2n_cert_chain_and_key object. This object can be associated * with many config objects. It is used to represent a certificate and key pair. * * @returns A new object used to represent a certificate-chain/key pair */ S2N_API extern struct s2n_cert_chain_and_key *s2n_cert_chain_and_key_new(void); /** * Associates a certificate chain and private key with an `s2n_cert_chain_and_key` object. * * `cert_chain_pem` should be a PEM encoded certificate chain, with the first * certificate in the chain being your leaf certificate. `private_key_pem` * should be a PEM encoded private key corresponding to the leaf certificate. * * @note Prefer using s2n_cert_chain_and_key_load_pem_bytes. * * @param chain_and_key The certificate chain and private key handle * @param chain_pem A byte array of a PEM encoded certificate chain. * @param private_key_pem A byte array of a PEM encoded key. * * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_cert_chain_and_key_load_pem(struct s2n_cert_chain_and_key *chain_and_key, const char *chain_pem, const char *private_key_pem); /** * Associates a certificate chain and private key with an `s2n_cert_chain_and_key` object. * * `cert_chain_pem` should be a PEM encoded certificate chain, with the first * certificate in the chain being your leaf certificate. `private_key_pem` * should be a PEM encoded private key corresponding to the leaf certificate. * * @param chain_and_key The certificate chain and private key handle * @param chain_pem A byte array of a PEM encoded certificate chain. * @param chain_pem_len Size of `chain_pem` * @param private_key_pem A byte array of a PEM encoded key. * @param private_key_pem_len Size of `private_key_pem` * * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_cert_chain_and_key_load_pem_bytes(struct s2n_cert_chain_and_key *chain_and_key, uint8_t *chain_pem, uint32_t chain_pem_len, uint8_t *private_key_pem, uint32_t private_key_pem_len); /** * Associates a public certificate chain with a `s2n_cert_chain_and_key` object. It does * NOT set a private key, so the connection will need to be configured to * [offload private key operations](https://github.com/aws/s2n-tls/blob/main/docs/usage-guide/topics/ch12-private-key-ops.md). * * @param chain_and_key The certificate chain and private key handle * @param chain_pem A byte array of a PEM encoded certificate chain. * @param chain_pem_len Size of `chain_pem` * * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_cert_chain_and_key_load_public_pem_bytes(struct s2n_cert_chain_and_key *chain_and_key, uint8_t *chain_pem, uint32_t chain_pem_len); /** * Frees the memory associated with an `s2n_cert_chain_and_key` object. * * @param cert_and_key The certificate chain and private key handle * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_cert_chain_and_key_free(struct s2n_cert_chain_and_key *cert_and_key); /** * Adds a context to the `s2n_cert_chain_and_key` object. * * @param cert_and_key The certificate chain and private key handle * @param ctx An opaque pointer to user supplied data. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_cert_chain_and_key_set_ctx(struct s2n_cert_chain_and_key *cert_and_key, void *ctx); /** * Get the user supplied context from the `s2n_cert_chain_and_key` object. * * @param cert_and_key The certificate chain and private key handle * @returns The user supplied pointer from s2n_cert_chain_and_key_set_ctx() */ S2N_API extern void *s2n_cert_chain_and_key_get_ctx(struct s2n_cert_chain_and_key *cert_and_key); /** * Get the private key from the `s2n_cert_chain_and_key` object. * * @param cert_and_key The certificate chain and private key handle * @returns A pointer to the `s2n_cert_private_key` */ S2N_API extern s2n_cert_private_key *s2n_cert_chain_and_key_get_private_key(struct s2n_cert_chain_and_key *cert_and_key); /** * Set the raw OCSP stapling data for a certificate chain. * * @param chain_and_key The certificate chain handle * @param data A pointer to the raw OCSP stapling data bytes. The data will be copied. * @param length The length of the data bytes. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_cert_chain_and_key_set_ocsp_data(struct s2n_cert_chain_and_key *chain_and_key, const uint8_t *data, uint32_t length); /** * Set the signed certificate timestamp (SCT) for a certificate chain. * This is used for Certificate Transparency. * * @param chain_and_key The certificate chain handle * @param data A pointer to the SCT data. The data will be copied. * @param length The length of the data bytes. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_cert_chain_and_key_set_sct_list(struct s2n_cert_chain_and_key *chain_and_key, const uint8_t *data, uint32_t length); /** * A callback function that is invoked if s2n-tls cannot resolve a conflict between * two certificates with the same domain name. This function is invoked while certificates * are added to an `s2n_config`. * * Currently, the only builtin resolution for domain name conflicts is certificate type(RSA, * ECDSA, etc). The callback should return a pointer to the `s2n_cert_chain_and_key` that * should be used for dns name `name`. * * If NULL is returned, the first certificate will be used. Typically an application * will use properties like trust and expiry to implement tiebreaking. */ typedef struct s2n_cert_chain_and_key *(*s2n_cert_tiebreak_callback)(struct s2n_cert_chain_and_key *cert1, struct s2n_cert_chain_and_key *cert2, uint8_t *name, uint32_t name_len); /** * Sets the `s2n_cert_tiebreak_callback` for resolving domain name conflicts. * If no callback is set, the first certificate added for a domain name will always be preferred. * * @param config The configuration object being updated * @param cert_tiebreak_cb The pointer to the certificate tiebreak function * * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_cert_tiebreak_callback(struct s2n_config *config, s2n_cert_tiebreak_callback cert_tiebreak_cb); /** * Associates a certificate chain and private key with an `s2n_config` object. * Using this API, only one cert chain of each type (like ECDSA or RSA) may be associated with a config. * `cert_chain_pem` should be a PEM encoded certificate chain, with the first certificate * in the chain being your server's certificate. `private_key_pem` should be a * PEM encoded private key corresponding to the server certificate. * * @deprecated Use s2n_config_add_cert_chain_and_key_to_store instead. * * @param config The configuration object being updated * @param cert_chain_pem A byte array of a PEM encoded certificate chain. * @param private_key_pem A byte array of a PEM encoded key. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure. */ S2N_API extern int s2n_config_add_cert_chain_and_key(struct s2n_config *config, const char *cert_chain_pem, const char *private_key_pem); /** * The preferred method of associating a certificate chain and private key pair with an `s2n_config` object. * This method may be called multiple times to support multiple key types (RSA, RSA-PSS, ECDSA) and multiple * domains. On the server side, the certificate selected will be based on the incoming SNI value and the * client's capabilities (supported ciphers). * * In the case of no certificate matching the client's SNI extension or if no SNI extension was sent by * the client, the certificate from the `first` call to `s2n_config_add_cert_chain_and_key_to_store()` * will be selected. Use `s2n_config_set_cert_chain_and_key_defaults()` to set different defaults. * * @warning It is not recommended to free or modify the `cert_key_pair` as any subsequent changes will be * reflected in the config. * * @param config The configuration object being updated * @param cert_key_pair The certificate chain and private key handle * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_add_cert_chain_and_key_to_store(struct s2n_config *config, struct s2n_cert_chain_and_key *cert_key_pair); /** * Explicitly sets certificate chain and private key pairs to be used as defaults for each auth * method (key type). A "default" certificate is used when there is not an SNI match with any other * configured certificate. * * Only one certificate can be set as the default per auth method (one RSA default, one ECDSA default, * etc.). All previous default certificates will be cleared and re-set when this API is called. * * This API is called for a specific `s2n_config` object. s2n-tls will attempt to automatically choose * default certificates for each auth method (key type) based on the order that `s2n_cert_chain_and_key` * are added to the `s2n_config` using one of the APIs listed above. * `s2n_config_set_cert_chain_and_key_defaults` can be called at any time; s2n-tls will clear defaults * and no longer attempt to automatically choose any default certificates. * * @param config The configuration object being updated * @param cert_key_pairs An array of certificate chain and private key handles * @param num_cert_key_pairs The amount of handles in cert_key_pairs * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_cert_chain_and_key_defaults(struct s2n_config *config, struct s2n_cert_chain_and_key **cert_key_pairs, uint32_t num_cert_key_pairs); /** * Adds to the trust store from a CA file or directory containing trusted certificates. * * When configs are created with `s2n_config_new()`, the trust store is initialized with default * system certificates. To completely override these certificates, call * `s2n_config_wipe_trust_store()` before calling this function. * * @note The trust store will be initialized with the common locations for the host * operating system by default. * * @warning This API uses the PEM parsing implementation from the linked libcrypto. This * implementation will typically make a best-effort attempt to parse all of the certificates in the * provided file or directory. This permissive approach may silently ignore malformed certificates, * leading to possible connection failures if a certificate was expected to exist in the trust * store but was skipped while parsing. As such, this API should only be used on PEMs that are * known to be well-formed and parsable with the linked libcrypto, such as the system trust store. * For all other PEMs, `s2n_config_add_pem_to_trust_store()` should be used instead, which parses * more strictly. * * @param config The configuration object being updated * @param ca_pem_filename A string for the file path of the CA PEM file. * @param ca_dir A string for the directory of the CA PEM files. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_verification_ca_location(struct s2n_config *config, const char *ca_pem_filename, const char *ca_dir); /** * Adds a PEM to the trust store. This will allocate memory, and load `pem` into the trust store. * * When configs are created with `s2n_config_new()`, the trust store is initialized with default * system certificates. To completely override these certificates, call * `s2n_config_wipe_trust_store()` before calling this function. * * @note This API uses the s2n-tls PEM parsing implementation, which is more strict than typical * libcrypto implementations such as OpenSSL. An error is returned if any unexpected data is * encountered while parsing `pem`. This allows applications to be made aware of any malformed * certificates rather than attempt to negotiate with a partial trust store. However, some PEMs may * need to be loaded that are not under control of the application, such as system trust stores. In * this case, `s2n_config_set_verification_ca_location()` may be used, which performs more widely * compatible and permissive parsing from the linked libcrypto. * * @param config The configuration object being updated * @param pem The string value of the PEM certificate. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_add_pem_to_trust_store(struct s2n_config *config, const char *pem); /** * Clears the trust store of all certificates. * * When configs are created with `s2n_config_new()`, the trust store is initialized with default * system certificates. To completely override these certificates, call this function before * functions like `s2n_config_set_verification_ca_location()` or * `s2n_config_add_pem_to_trust_store()`. * * @param config The configuration object being updated * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_wipe_trust_store(struct s2n_config *config); /** * Loads default system certificates into the trust store. * * `s2n_config_new_minimal()` doesn't load default system certificates into the config's trust * store by default. If `config` was created with `s2n_config_new_minimal`, this function can be * used to load system certificates into the trust store. * * @note This API will error if called on a config that has already loaded system certificates * into its trust store, which includes all configs created with `s2n_config_new()`. * * @param config The configuration object being updated * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_load_system_certs(struct s2n_config *config); typedef enum { S2N_VERIFY_AFTER_SIGN_DISABLED, S2N_VERIFY_AFTER_SIGN_ENABLED } s2n_verify_after_sign; /** * Toggle whether generated signatures are verified before being sent. * * Although signatures produced by the underlying libcrypto should always be valid, * hardware faults, bugs in the signing implementation, or other uncommon factors * can cause unexpected mistakes in the final signatures. Because these mistakes * can leak information about the private key, applications with low trust in their * hardware or libcrypto may want to verify signatures before sending them. * * However, this feature will significantly impact handshake latency. * Additionally, most libcrypto implementations already check for common errors in signatures. */ S2N_API extern int s2n_config_set_verify_after_sign(struct s2n_config *config, s2n_verify_after_sign mode); /** * Set a custom send buffer size. * * This buffer is used to stage records for sending. By default, * enough memory is allocated to hold a single record of the maximum * size configured for the connection. With the default fragment size, * that is about 8K bytes. * * Less memory can be allocated for the send buffer, but this will result in * smaller, more fragmented records and increased overhead. While the absolute * minimum size required is 1034 bytes, at least 2K bytes is recommended for * reasonable record sizes. * * More memory can be allocated for the send buffer. This will result in s2n-tls * buffering multiple records before sending them, reducing system write calls. * At least 17K bytes is recommended for this use case, or at least 35K bytes * if larger fragment sizes are used via `s2n_connection_prefer_throughput()`. * * @param config The configuration object being updated * @param size The desired custom buffer size. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_send_buffer_size(struct s2n_config *config, uint32_t size); /** * Enable or disable receiving of multiple TLS records in a single s2n_recv call * * By default, s2n-tls returns from s2n_recv() after reading a single TLS record. * Enabling receiving of multiple records will instead cause s2n_recv() to attempt * to read until the application-provided output buffer is full. This may be more * efficient, especially if larger receive buffers are used. * * @note If this option is enabled with blocking IO, the call to s2n_recv() will * not return until either the application-provided output buffer is full or the * peer closes the connection. This may lead to unintentionally long waits if the * peer does not send enough data. * * @param config The configuration object being updated * @param enabled Set to `true` if multiple record receive is to be enabled; `false` to disable. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_recv_multi_record(struct s2n_config *config, bool enabled); /** * A callback function invoked (usually multiple times) during X.509 validation for each * name encountered in the leaf certificate. * * Return 1 to trust that hostname or 0 to not trust the hostname. * * If this function returns 1, then the certificate is considered trusted and that portion * of the X.509 validation will succeed. * * If no hostname results in a 1 being returned, the certificate will be untrusted and the * validation will terminate immediately. * * Data is a opaque user context set in s2n_config_set_verify_host_callback() or s2n_connection_set_verify_host_callback(). */ typedef uint8_t (*s2n_verify_host_fn)(const char *host_name, size_t host_name_len, void *data); /** * Sets the callback to use for verifying that a hostname from an X.509 certificate is trusted. * * The default behavior is to require that the hostname match the server name set with s2n_set_server_name(). * This will likely lead to all client certificates being rejected, so the callback will need to be overriden when using * client authentication. * * This change will be inherited by s2n_connections using this config. If a separate callback for different connections * using the same config is desired, see s2n_connection_set_verify_host_callback(). * * @param config The configuration object being updated * @param data A user supplied opaque context to pass back to the callback * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_verify_host_callback(struct s2n_config *config, s2n_verify_host_fn, void *data); /** * Toggles whether or not to validate stapled OCSP responses. * * 1 means OCSP responses will be validated when they are encountered, while 0 means this step will * be skipped. * * The default value is 1 if the underlying libCrypto implementation supports OCSP. * * @param config The configuration object being updated * @param check_ocsp The desired OCSP response check configuration * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_check_stapled_ocsp_response(struct s2n_config *config, uint8_t check_ocsp); /** * Disables timestamp validation for received certificates. * * By default, s2n-tls checks the notBefore and notAfter fields on the certificates it receives * during the handshake. If the current date is not within the range of these fields for any * certificate in the chain of trust, `s2n_negotiate()` will error. This validation is in * accordance with RFC 5280, section 6.1.3 a.2: * https://datatracker.ietf.org/doc/html/rfc5280#section-6.1.3. * * This API will disable this timestamp validation, permitting negotiation with peers that send * expired certificates, or certificates that are not yet considered valid. * * @warning Applications calling this API should seriously consider the security implications of * disabling this validation. The validity period of a certificate corresponds to the range of time * in which the CA is guaranteed to maintain information regarding the certificate's revocation * status. As such, it may not be possible to obtain accurate revocation information for * certificates with invalid timestamps. Applications disabling this validation MUST implement * some external method for limiting certificate lifetime. * * @param config The associated connection config. * @returns S2N_SUCCESS on success, S2N_FAILURE on failure. */ S2N_API extern int s2n_config_disable_x509_time_verification(struct s2n_config *config); /** * Turns off all X.509 validation during the negotiation phase of the connection. This should only * be used for testing or debugging purposes. * * @param config The configuration object being updated * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_disable_x509_verification(struct s2n_config *config); /** * Sets the maximum allowed depth of a cert chain used for X509 validation. The default value is * 7. If this limit is exceeded, validation will fail if s2n_config_disable_x509_verification() * has not been called. 0 is an illegal value and will return an error. * 1 means only a root certificate will be used. * * @param config The configuration object being updated * @param max_depth The number of allowed certificates in the certificate chain * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_max_cert_chain_depth(struct s2n_config *config, uint16_t max_depth); /** * Associates a set of Diffie-Hellman parameters with an `s2n_config` object. * @note `dhparams_pem` should be PEM encoded DH parameters. * * @param config The configuration object being updated * @param dhparams_pem A string containing the PEM encoded DH parameters. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_add_dhparams(struct s2n_config *config, const char *dhparams_pem); /** * Sets the security policy that includes the cipher/kem/signature/ecc preferences and * protocol version. * * See the [USAGE-GUIDE.md](https://github.com/aws/s2n-tls/blob/main/docs/usage-guide) for how to use security policies. */ S2N_API extern int s2n_config_set_cipher_preferences(struct s2n_config *config, const char *version); /** * Appends the provided application protocol to the preference list * * The data provided in `protocol` parameter will be copied into an internal buffer * * @param config The configuration object being updated * @param protocol A pointer to a byte array value * @param protocol_len The length of bytes that should be read from `protocol`. Note: this value cannot be 0, otherwise an error will be returned. */ S2N_API extern int s2n_config_append_protocol_preference(struct s2n_config *config, const uint8_t *protocol, uint8_t protocol_len); /** * Sets the application protocol preferences on an `s2n_config` object. * `protocols` is a list in order of preference, with most preferred protocol first, and of * length `protocol_count`. * * When acting as an `S2N_CLIENT` the protocol list is included in the Client Hello message * as the ALPN extension. * * As an `S2N_SERVER`, the list is used to negotiate a mutual application protocol with the * client. After the negotiation for the connection has completed, the agreed upon protocol * can be retrieved with s2n_get_application_protocol() * * @param config The configuration object being updated * @param protocols The list of preferred protocols, in order of preference * @param protocol_count The size of the protocols list * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_protocol_preferences(struct s2n_config *config, const char *const *protocols, int protocol_count); /** * Enum used to define the type, if any, of certificate status request * a connection should make during the handshake. The only supported status request type is * OCSP, `S2N_STATUS_REQUEST_OCSP`. */ typedef enum { S2N_STATUS_REQUEST_NONE = 0, S2N_STATUS_REQUEST_OCSP = 1 } s2n_status_request_type; /** * Sets up a connection to request the certificate status of a peer during an SSL handshake. If set * to S2N_STATUS_REQUEST_NONE, no status request is made. * * @note SHA-1 is the only supported hash algorithm for the `certID` field. This is different * from the hash algorithm used for the OCSP signature. See * [RFC 6960](https://datatracker.ietf.org/doc/html/rfc6960#section-4.1.1) for more information. * While unlikely to be the case, if support for a different hash algorithm is required, the * s2n-tls validation can be disabled with `s2n_config_set_check_stapled_ocsp_response()` and the * response can be retrieved for manual validation with `s2n_connection_get_ocsp_response()`. * * @param config The configuration object being updated * @param type The desired request status type * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_status_request_type(struct s2n_config *config, s2n_status_request_type type); /** * Enum to set Certificate Transparency Support level. */ typedef enum { S2N_CT_SUPPORT_NONE = 0, S2N_CT_SUPPORT_REQUEST = 1 } s2n_ct_support_level; /** * Set the Certificate Transparency Support level. * * @param config The configuration object being updated * @param level The desired Certificate Transparency Support configuration * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_ct_support_level(struct s2n_config *config, s2n_ct_support_level level); /** * Sets whether or not a connection should terminate on receiving a WARNING alert from its peer. * * `alert_behavior` can take the following values: * - `S2N_ALERT_FAIL_ON_WARNINGS` default behavior: s2n-tls will terminate the connection if its peer sends a WARNING alert. * - `S2N_ALERT_IGNORE_WARNINGS` - with the exception of `close_notify` s2n-tls will ignore all WARNING alerts and keep communicating with its peer. This setting is ignored in TLS1.3 * * @note TLS1.3 terminates a connection for all alerts except user_canceled. * @warning S2N_ALERT_FAIL_ON_WARNINGS is the recommended behavior. Past TLS protocol vulnerabilities have involved downgrading alerts to warnings. */ typedef enum { S2N_ALERT_FAIL_ON_WARNINGS = 0, S2N_ALERT_IGNORE_WARNINGS = 1 } s2n_alert_behavior; /** * Sets the config's alert behavior based on the `s2n_alert_behavior` enum. * * @param config The configuration object being updated * @param alert_behavior The desired alert behavior. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_alert_behavior(struct s2n_config *config, s2n_alert_behavior alert_behavior); /** * Sets the extension data in the `s2n_config` object for the specified extension. * This method will clear any existing data that is set. If the data and length * parameters are set to NULL, no new data is set in the `s2n_config` object, * effectively clearing existing data. * * @deprecated Use s2n_cert_chain_and_key_set_ocsp_data and s2n_cert_chain_and_key_set_sct_list instead. * * @param config The configuration object being updated * @param type The extension type * @param data Data for the extension * @param length Length of the `data` buffer */ S2N_API extern int s2n_config_set_extension_data(struct s2n_config *config, s2n_tls_extension_type type, const uint8_t *data, uint32_t length); /** * Allows the caller to set a TLS Maximum Fragment Length extension that will be used * to fragment outgoing messages. s2n-tls currently does not reject fragments larger * than the configured maximum when in server mode. The TLS negotiated maximum fragment * length overrides the preference set by the `s2n_connection_prefer_throughput` and * `s2n_connection_prefer_low_latency`. * * @note Some TLS implementations do not respect their peer's max fragment length extension. * * @param config The configuration object being updated * @param mfl_code The selected MFL size * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_send_max_fragment_length(struct s2n_config *config, s2n_max_frag_len mfl_code); /** * Allows the server to opt-in to accept client's TLS maximum fragment length extension * requests. If this API is not called, and client requests the extension, server will ignore * the request and continue TLS handshake with default maximum fragment length of 8k bytes * * @note Some TLS implementations do not respect their peer's max fragment length extension. * * @param config The configuration object being updated * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_accept_max_fragment_length(struct s2n_config *config); /** * Sets the lifetime of the cached session state. The default value is 15 hours. * * @param config The configuration object being updated * @param lifetime_in_secs The desired lifetime of the session state in seconds * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_session_state_lifetime(struct s2n_config *config, uint64_t lifetime_in_secs); /** * Enable or disable session resumption using session ticket. * * @param config The configuration object being updated * @param enabled The configuration object being updated. Set to 1 to enable. Set to 0 to disable. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_session_tickets_onoff(struct s2n_config *config, uint8_t enabled); /** * Enable or disable session caching. * * @note Session caching will not be turned on unless all three session cache callbacks are set * prior to calling this function. * * @param config The configuration object being updated * @param enabled The configuration object being updated. Set to 1 to enable. Set to 0 to disable. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_session_cache_onoff(struct s2n_config *config, uint8_t enabled); /** * Sets how long a session ticket key will be in a state where it can be used for both encryption * and decryption of tickets on the server side. * * @note The default value is 2 hours. * @param config The configuration object being updated * @param lifetime_in_secs The desired lifetime of decrypting and encrypting tickets in seconds * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_ticket_encrypt_decrypt_key_lifetime(struct s2n_config *config, uint64_t lifetime_in_secs); /** * Sets how long a session ticket key will be in a state where it can used just for decryption of * already assigned tickets on the server side. Once decrypted, the session will resume and the * server will issue a new session ticket encrypted using a key in encrypt-decrypt state. * * @note The default value is 13 hours. * @param config The configuration object being updated * @param lifetime_in_secs The desired lifetime of decrypting and encrypting tickets in seconds * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_ticket_decrypt_key_lifetime(struct s2n_config *config, uint64_t lifetime_in_secs); /** * Adds session ticket key on the server side. It would be ideal to add new keys after every * (encrypt_decrypt_key_lifetime_in_nanos/2) nanos because this will allow for gradual and * linear transition of a key from encrypt-decrypt state to decrypt-only state. * * @param config The configuration object being updated * @param name Name of the session ticket key that should be randomly generated to avoid collisions * @param name_len Length of session ticket key name * @param key Key used to perform encryption/decryption of session ticket * @param key_len Length of the session ticket key * @param intro_time_in_seconds_from_epoch Time at which the session ticket key is introduced. If this is 0, then intro_time_in_seconds_from_epoch is set to now. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_add_ticket_crypto_key(struct s2n_config *config, const uint8_t *name, uint32_t name_len, uint8_t *key, uint32_t key_len, uint64_t intro_time_in_seconds_from_epoch); /** * Requires that session tickets are only used when forward secrecy is possible. * * Restricts session resumption to TLS1.3, as the tickets used in TLS1.2 resumption are * not forward secret. Clients should not expect to receive new session tickets and servers * will not send new session tickets when TLS1.2 is negotiated and ticket forward secrecy is required. * * @note The default behavior is that forward secrecy is not required. * * @param config The config object being updated * @param enabled Indicates if forward secrecy is required or not on tickets * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_require_ticket_forward_secrecy(struct s2n_config *config, bool enabled); /** * Sets user defined context on the `s2n_config` object. * * @param config The configuration object being updated * @param ctx A pointer to the user defined ctx. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_ctx(struct s2n_config *config, void *ctx); /** * Gets the user defined context from the `s2n_config` object. * The context is set by calling s2n_config_set_ctx() * * @param config The configuration object being accessed * @param ctx A pointer to the user defined ctx. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_get_ctx(struct s2n_config *config, void **ctx); /** * Used to declare connections as server or client type, respectively. */ typedef enum { S2N_SERVER, S2N_CLIENT } s2n_mode; /** * Creates a new connection object. Each s2n-tls SSL/TLS connection uses * one of these objects. These connection objects can be operated on by up * to two threads at a time, one sender and one receiver, but neither sending * nor receiving are atomic, so if these objects are being called by multiple * sender or receiver threads, you must perform your own locking to ensure * that only one sender or receiver is active at a time. * * The `mode` parameters specifies if the caller is a server, or is a client. * Connections objects are re-usable across many connections, and should be * re-used (to avoid deallocating and allocating memory). You should wipe * connections immediately after use. * * @param mode The desired connection type * @returns A s2n_connection handle */ S2N_API extern struct s2n_connection *s2n_connection_new(s2n_mode mode); /** * Associates a configuration object with a connection. * * @param conn The connection object being associated * @param config The configuration object being associated * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_set_config(struct s2n_connection *conn, struct s2n_config *config); /** * Sets user defined context in `s2n_connection` object. * * @param conn The connection object being updated * @param ctx A pointer to the user defined context * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_set_ctx(struct s2n_connection *conn, void *ctx); /** * Gets user defined context from a `s2n_connection` object. * * @param conn The connection object that contains the desired context */ S2N_API extern void *s2n_connection_get_ctx(struct s2n_connection *conn); /** * The callback function takes a s2n-tls connection as input, which receives the ClientHello * and the context previously provided in `s2n_config_set_client_hello_cb`. The callback can * access any ClientHello information from the connection and use the `s2n_connection_set_config` * call to change the config of the connection. */ typedef int s2n_client_hello_fn(struct s2n_connection *conn, void *ctx); /** * Client Hello callback modes * - `S2N_CLIENT_HELLO_CB_BLOCKING` (default): * - In this mode s2n-tls expects the callback to complete its work and return the appropriate response code before the handshake continues. If any of the connection properties were changed based on the server_name extension the callback must either return a value greater than 0 or invoke `s2n_connection_server_name_extension_used`, otherwise the callback returns 0 to continue the handshake. * - `S2N_CLIENT_HELLO_CB_NONBLOCKING`: * - In non-blocking mode, s2n-tls expects the callback to not complete its work. If the callback returns a response code of 0, s2n-tls will return `S2N_FAILURE` with `S2N_ERR_T_BLOCKED` error type and `s2n_blocked_status` set to `S2N_BLOCKED_ON_APPLICATION_INPUT`. The handshake is paused and further calls to `s2n_negotiate` will continue to return the same error until `s2n_client_hello_cb_done` is invoked for the `s2n_connection` to resume the handshake. If any of the connection properties were changed on the basis of the server_name extension then `s2n_connection_server_name_extension_used` must be invoked before marking the callback done. */ typedef enum { S2N_CLIENT_HELLO_CB_BLOCKING, S2N_CLIENT_HELLO_CB_NONBLOCKING } s2n_client_hello_cb_mode; /** * Allows the caller to set a callback function that will be called after ClientHello was parsed. * * @param config The configuration object being updated * @param client_hello_callback The client hello callback function * @param ctx A pointer to a user defined context that the Client Hello callback will be invoked with. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_client_hello_cb(struct s2n_config *config, s2n_client_hello_fn client_hello_callback, void *ctx); /** * Sets the callback execution mode. * * See s2n_client_hello_cb_mode for each mode's behavior. * * @param config The configuration object being updated * @param cb_mode The desired callback mode * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_client_hello_cb_mode(struct s2n_config *config, s2n_client_hello_cb_mode cb_mode); /** * Marks the non-blocking callback as complete. Can be invoked from within the callback when * operating in non-blocking mode to continue the handshake. * * @param conn The connection object being updated * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_client_hello_cb_done(struct s2n_connection *conn); /** * Must be invoked if any of the connection properties were changed on the basis of the server_name * extension. This must be invoked before marking the Client Hello callback done. * * @param conn The connection object being updated * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_server_name_extension_used(struct s2n_connection *conn); /** * Opaque client hello handle */ struct s2n_client_hello; /** * Get the Client Hello from a s2n_connection. * * Earliest point during the handshake when this structure is available for use is in the * client_hello_callback (see s2n_config_set_client_hello_cb()). * * @param conn The connection object containing the client hello * @returns A handle to the s2n_client_hello structure holding the client hello message sent by the client during the handshake. NULL is returned if a Client Hello has not yet been received and parsed. */ S2N_API extern struct s2n_client_hello *s2n_connection_get_client_hello(struct s2n_connection *conn); /** * Creates an s2n_client_hello from bytes representing a ClientHello message. * * The input bytes should include the message header (message type and length), * but not the record header. * * Unlike s2n_connection_get_client_hello, the s2n_client_hello returned by this * method is owned by the application and must be freed with s2n_client_hello_free. * * This method does not support SSLv2 ClientHellos. * * @param bytes The raw bytes representing the ClientHello. * @param size The size of raw_message. * @returns A new s2n_client_hello on success, or NULL on failure. */ S2N_API extern struct s2n_client_hello *s2n_client_hello_parse_message(const uint8_t *bytes, uint32_t size); /** * Frees an s2n_client_hello structure. * * This method should be called to free s2n_client_hellos returned by * s2n_client_hello_parse_message. It will error if passed an s2n_client_hello * returned by s2n_connection_get_client_hello and owned by the connection. * * @param ch The structure to be freed. * @returns S2N_SUCCESS on success, S2N_FAILURE on failure. */ S2N_API extern int s2n_client_hello_free(struct s2n_client_hello **ch); /** * Function to determine the size of the raw Client Hello buffer. * * Can be used to determine the necessary size of the `out` buffer for * s2n_client_hello_get_raw_message() * * @param ch The Client Hello handle * @returns The size of the ClientHello message received by the server */ S2N_API extern ssize_t s2n_client_hello_get_raw_message_length(struct s2n_client_hello *ch); /** * Copies `max_length` bytes of the ClientHello message into the `out` buffer. * The ClientHello instrumented using this function will have the Random bytes * zero-ed out. * * Note: SSLv2 ClientHello messages follow a different structure than more modern * ClientHello messages. See [RFC5246](https://tools.ietf.org/html/rfc5246#appendix-E.2). * In addition, due to how s2n-tls parses SSLv2 ClientHellos, the raw message is * missing the first three bytes (the msg_type and version) and instead begins with * the cipher_specs. To determine whether a ClientHello is an SSLv2 ClientHello, * you will need to use s2n_connection_get_client_hello_version(). To get the * protocol version advertised in the SSLv2 ClientHello (which may be higher * than SSLv2), you will need to use s2n_connection_get_client_protocol_version(). * * @param ch The Client Hello handle * @param out The destination buffer for the raw Client Hello * @param max_length The size of out in bytes * @returns The number of copied bytes */ S2N_API extern ssize_t s2n_client_hello_get_raw_message(struct s2n_client_hello *ch, uint8_t *out, uint32_t max_length); /** * Function to determine the size of the Client Hello cipher suites. * This can be used to allocate the `out` buffer for s2n_client_hello_get_cipher_suites(). * * @param ch The Client Hello handle * @returns the number of bytes the cipher_suites takes on the ClientHello message received by the server */ S2N_API extern ssize_t s2n_client_hello_get_cipher_suites_length(struct s2n_client_hello *ch); /** * Copies into the `out` buffer `max_length` bytes of the cipher_suites on the ClientHello. * * Note: SSLv2 ClientHello cipher suites follow a different structure than modern * ClientHello messages. See [RFC5246](https://tools.ietf.org/html/rfc5246#appendix-E.2). * To determine whether a ClientHello is an SSLv2 ClientHello, * you will need to use s2n_connection_get_client_hello_version(). * * @param ch The Client Hello handle * @param out The destination buffer for the raw Client Hello cipher suites * @param max_length The size of out in bytes * @returns The number of copied bytes */ S2N_API extern ssize_t s2n_client_hello_get_cipher_suites(struct s2n_client_hello *ch, uint8_t *out, uint32_t max_length); /** * Function to determine the size of the Client Hello extensions. * This can be used to allocate the `out` buffer for s2n_client_hello_get_extensions(). * * @param ch The Client Hello handle * @returns the number of bytes the extensions take in the ClientHello message received by the server */ S2N_API extern ssize_t s2n_client_hello_get_extensions_length(struct s2n_client_hello *ch); /** * Copies into the `out` buffer `max_length` bytes of the extensions in the ClientHello. * * @param ch The Client Hello handle * @param out The destination buffer for the raw Client Hello extensions * @param max_length The size of out in bytes * @returns The number of copied bytes */ S2N_API extern ssize_t s2n_client_hello_get_extensions(struct s2n_client_hello *ch, uint8_t *out, uint32_t max_length); /** * Query the ClientHello message received by the server. Use this function to allocate the `out` buffer for * other client hello extension functions. * * @param ch A pointer to the Client Hello * @param extension_type Indicates the desired extension * @returns The number of bytes the given extension type takes */ S2N_API extern ssize_t s2n_client_hello_get_extension_length(struct s2n_client_hello *ch, s2n_tls_extension_type extension_type); /** * Copies into the `out` buffer `max_length` bytes of a given extension type on the ClientHello * * `ch` is a pointer to the `s2n_client_hello` of the `s2n_connection` which can be obtained using s2n_connection_get_client_hello(). * * @param ch A pointer to the Client Hello * @param extension_type Indicates the desired extension * @param out A pointer to the buffer that s2n will write the client session id to. This buffer MUST be the size of `max_length` * @param max_length The size of `out`. * @returns The number of copied bytes */ S2N_API extern ssize_t s2n_client_hello_get_extension_by_id(struct s2n_client_hello *ch, s2n_tls_extension_type extension_type, uint8_t *out, uint32_t max_length); /** * Used to check if a particular extension exists in the client hello. * * `ch` is a pointer to the `s2n_client_hello` of the `s2n_connection` which can be obtained using s2n_connection_get_client_hello(). * * @param ch A pointer to the client hello object * @param extension_iana The iana value of the extension * @param exists A pointer that will be set to whether or not the extension exists */ S2N_API extern int s2n_client_hello_has_extension(struct s2n_client_hello *ch, uint16_t extension_iana, bool *exists); /** * Get the the ClientHello session id length in bytes * * `ch` is a pointer to the `s2n_client_hello` of the `s2n_connection` which can be obtained using s2n_connection_get_client_hello(). * * @param ch A pointer to the Client Hello * @param out_length An out pointer. s2n will set it's value to the size of the session_id in bytes. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_client_hello_get_session_id_length(struct s2n_client_hello *ch, uint32_t *out_length); /** * Copies up to `max_length` bytes of the ClientHello session_id into the `out` buffer and stores the number of copied bytes in `out_length`. * * Retrieve the session id as sent by the client in the ClientHello message. The session id on the `s2n_connection` may change later * when the server sends the ServerHello; see `s2n_connection_get_session_id` for how to get the final session id used for future session resumption. * * Use s2n_client_hello_get_session_id_length() to get the the ClientHello session id length in bytes. `ch` is a pointer to the `s2n_client_hello` * of the `s2n_connection` which can be obtained using s2n_connection_get_client_hello(). * * @param ch A pointer to the Client Hello * @param out A pointer to the buffer that s2n will write the client session id to. This buffer MUST be the size of `max_length` * @param out_length An out pointer. s2n will set it's value to the size of the session_id in bytes. * @param max_length The size of `out`. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_client_hello_get_session_id(struct s2n_client_hello *ch, uint8_t *out, uint32_t *out_length, uint32_t max_length); /** * Get the length of the compression methods list sent in the Client Hello. * * @param ch A pointer to the Client Hello * @param out_length An out pointer. Will be set to the length of the compression methods list in bytes. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_client_hello_get_compression_methods_length(struct s2n_client_hello *ch, uint32_t *out_length); /** * Retrieves the list of compression methods sent in the Client Hello. * * Use `s2n_client_hello_get_compression_methods_length()` * to retrieve how much memory should be allocated for the buffer in advance. * * @note Compression methods were removed in TLS1.3 and therefore the only valid value in this list is the * "null" compression method when TLS1.3 is negotiated. * * @note s2n-tls has never supported compression methods in any TLS version and therefore a * compression method will never be negotiated or used. * * @param ch A pointer to the Client Hello * @param list A pointer to some memory that s2n will write the compression methods to. This memory MUST be the size of `list_length` * @param list_length The size of `list`. * @param out_length An out pointer. s2n will set its value to the size of the compression methods list in bytes. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_client_hello_get_compression_methods(struct s2n_client_hello *ch, uint8_t *list, uint32_t list_length, uint32_t *out_length); /** * Access the Client Hello protocol version * * @note This field is a legacy field in TLS1.3 and is no longer used to negotiate the * protocol version of the connection. It will be set to TLS1.2 even if TLS1.3 is negotiated. * Therefore this method should only be used for logging or fingerprinting. * * @param ch A pointer to the client hello struct * @param out The protocol version in the client hello. */ S2N_API extern int s2n_client_hello_get_legacy_protocol_version(struct s2n_client_hello *ch, uint8_t *out); /** * Retrieves the supported groups received from the client in the supported groups extension. * * IANA values for each of the received supported groups are written to the provided `groups` * array, and `groups_count` is set to the number of received supported groups. * * `groups_count_max` should be set to the maximum capacity of the `groups` array. If * `groups_count_max` is less than the number of received supported groups, this function will * error. To determine how large `groups` should be in advance, use * `s2n_client_hello_get_extension_length()` with the S2N_EXTENSION_SUPPORTED_GROUPS extension * type, and divide the value by 2. * * If no supported groups extension was received from the peer, or the received supported groups * extension is malformed, this function will error. * * @param ch A pointer to the ClientHello. Can be retrieved from a connection via * `s2n_connection_get_client_hello()`. * @param groups The array to populate with the received supported groups. * @param groups_count_max The maximum number of supported groups that can fit in the `groups` array. * @param groups_count Returns the number of received supported groups. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure. */ S2N_API extern int s2n_client_hello_get_supported_groups(struct s2n_client_hello *ch, uint16_t *groups, uint16_t groups_count_max, uint16_t *groups_count); /** * Gets the length of the first server name in a Client Hello. * * @param ch A pointer to the ClientHello * @param length A pointer which will be populated with the length of the server name */ S2N_API extern int s2n_client_hello_get_server_name_length(struct s2n_client_hello *ch, uint16_t *length); /** * Gets the first server name in a Client Hello. * * Use `s2n_client_hello_get_server_name_length()` to get the amount of memory needed for the buffer. * * @param ch A pointer to the ClientHello * @param server_name A pointer to the memory which will be populated with the server name * @param length The maximum amount of data that can be written to `server_name` * @param out_length A pointer which will be populated with the size of the server name */ S2N_API extern int s2n_client_hello_get_server_name(struct s2n_client_hello *ch, uint8_t *server_name, uint16_t length, uint16_t *out_length); /** * Sets the file descriptor for a s2n connection. * * @warning If the read end of the pipe is closed unexpectedly, writing to the pipe will raise a SIGPIPE signal. * **s2n-tls does NOT handle SIGPIPE.** A SIGPIPE signal will cause the process to terminate unless it is handled * or ignored by the application. * @note This file-descriptor should be active and connected * @param conn A pointer to the s2n connection * @param fd The new file descriptor * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_set_fd(struct s2n_connection *conn, int fd); /** * Sets the file descriptor for the read channel of an s2n connection. * * @warning If the read end of the pipe is closed unexpectedly, writing to the pipe will raise a SIGPIPE signal. * **s2n-tls does NOT handle SIGPIPE.** A SIGPIPE signal will cause the process to terminate unless it is handled * or ignored by the application. * @note This file-descriptor should be active and connected * @param conn A pointer to the s2n connection * @param readfd The new read file descriptor * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_set_read_fd(struct s2n_connection *conn, int readfd); /** * Sets the assigned file descriptor for the write channel of an s2n connection. * * @note This file-descriptor should be active and connected * @param conn A pointer to the s2n connection * @param writefd The new write file descriptor * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_set_write_fd(struct s2n_connection *conn, int writefd); /** * Gets the assigned file descriptor for the read channel of an s2n connection. * * @param conn A pointer to the s2n connection * @param readfd pointer to place the used file descriptor. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_get_read_fd(struct s2n_connection *conn, int *readfd); /** * Gets the assigned file descriptor for the write channel of an s2n connection. * * @param conn A pointer to the s2n connection * @param writefd pointer to place the used file descriptor. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_get_write_fd(struct s2n_connection *conn, int *writefd); /** * Indicates to s2n that the connection is using corked IO. * * @warning This API should only be used when using managed send IO. * * @param conn The connection object being updated * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_use_corked_io(struct s2n_connection *conn); /** * Function pointer for a user provided send callback. */ typedef int s2n_recv_fn(void *io_context, uint8_t *buf, uint32_t len); /** * Function pointer for a user provided send callback. */ typedef int s2n_send_fn(void *io_context, const uint8_t *buf, uint32_t len); /** * Set a context containing anything needed in the recv callback function (for example, * a file descriptor), the buffer holding data to be sent or received, and the length of the buffer. * * @note The `io_context` passed to the callbacks may be set separately using `s2n_connection_set_recv_ctx` and `s2n_connection_set_send_ctx`. * * @param conn The connection object being updated * @param ctx A user provided context that the callback will be invoked with * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_set_recv_ctx(struct s2n_connection *conn, void *ctx); /** * Set a context containing anything needed in the send callback function (for example, * a file descriptor), the buffer holding data to be sent or received, and the length of the buffer. * * @note The `io_context` passed to the callbacks may be set separately using `s2n_connection_set_recv_ctx` and `s2n_connection_set_send_ctx`. * * @param conn The connection object being updated * @param ctx A user provided context that the callback will be invoked with * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_set_send_ctx(struct s2n_connection *conn, void *ctx); /** * Configure a connection to use a recv callback to receive data. * * @note This callback may be blocking or nonblocking. * @note The callback may receive less than the requested length. The function should return the number * of bytes received, or set errno and return an error code < 0. * * @param conn The connection object being updated * @param recv A recv callback function pointer * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_set_recv_cb(struct s2n_connection *conn, s2n_recv_fn recv); /** * Configure a connection to use a send callback to send data. * * @note This callback may be blocking or nonblocking. * @note The callback may send less than the requested length. The function should return the * number of bytes sent or set errno and return an error code < 0. * * @param conn The connection object being updated * @param send A send callback function pointer * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_set_send_cb(struct s2n_connection *conn, s2n_send_fn send); /** * Change the behavior of s2n-tls when sending data to prefer high throughput. * * Connections preferring throughput will use * large record sizes that minimize overhead. * * @param conn The connection object being updated * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_prefer_throughput(struct s2n_connection *conn); /** * Change the behavior of s2n-tls when sending data to prefer low latency. * * Connections preferring low latency will be encrypted * using small record sizes that can be decrypted sooner by the recipient. * * @param conn The connection object being updated * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_prefer_low_latency(struct s2n_connection *conn); /** * Configure the connection to reduce potentially expensive calls to recv. * * If this setting is disabled, s2n-tls will call read twice for every TLS record, * which can be expensive but ensures that s2n-tls will always attempt to read the * exact number of bytes it requires. If this setting is enabled, s2n-tls will * instead reduce the number of calls to read by attempting to read as much data * as possible in each read call, storing the extra in the existing IO buffers. * This may cause it to request more data than will ever actually be available. * * There is no additional memory cost of enabling this setting. It reuses the * existing IO buffers. * * This setting is disabled by default. Depending on how your application detects * data available for reading, buffering reads may break your event loop. * In particular, note that: * * 1. File descriptor reads or calls to your custom s2n_recv_cb may request more * data than is available. Reads must return partial data when available rather * than blocking until all requested data is available. * * 2. s2n_negotiate may read and buffer application data records. * You must call s2n_recv at least once after negotiation to ensure that you * handle any buffered data. * * 3. s2n_recv may read and buffer more records than it parses and decrypts. * You must call s2n_recv until it reports S2N_ERR_T_BLOCKED, rather than just * until it reports S2N_SUCCESS. * * 4. s2n_peek reports available decrypted data. It does not report any data * buffered by this feature. However, s2n_peek_buffered does report data * buffered by this feature. * * 5. s2n_connection_release_buffers will not release the input buffer if it * contains buffered data. * * For example: if your event loop uses `poll`, you will receive a POLLIN event * for your read file descriptor when new data is available. When you call s2n_recv * to read that data, s2n-tls reads one or more TLS records from the file descriptor. * If you stop calling s2n_recv before it reports S2N_ERR_T_BLOCKED, some of those * records may remain in s2n-tls's read buffer. If you read part of a record, * s2n_peek will report the remainder of that record as available. But if you don't * read any of a record, it remains encrypted and is not reported by s2n_peek, but * is still reported by s2n_peek_buffered. And because the data is buffered in s2n-tls * instead of in the file descriptor, another call to `poll` will NOT report any * more data available. Your application may hang waiting for more data. * * @warning This feature cannot be enabled for a connection that will enable kTLS for receiving. * * @warning This feature may work with blocking IO, if used carefully. Your blocking * IO must support partial reads (so MSG_WAITALL cannot be used). You will either * need to know exactly how much data your peer is sending, or will need to use * `s2n_peek` and `s2n_peek_buffered` rather than relying on S2N_ERR_T_BLOCKED * as noted in #3 above. * * @param conn The connection object being updated * @param enabled Set to `true` to enable, `false` to disable. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_set_recv_buffering(struct s2n_connection *conn, bool enabled); /** * Reports how many bytes of unprocessed TLS records are buffered due to the optimization * enabled by `s2n_connection_set_recv_buffering`. * * `s2n_peek_buffered` is not a replacement for `s2n_peek`. * While `s2n_peek` reports application data that is ready for the application * to read with no additional processing, `s2n_peek_buffered` reports raw TLS * records that still need to be parsed and likely decrypted. Those records may * contain application data, but they may also only contain TLS control messages. * * If an application needs to determine whether there is any data left to handle * (for example, before calling `poll` to wait on the read file descriptor) then * that application must check both `s2n_peek` and `s2n_peek_buffered`. * * @param conn A pointer to the s2n_connection object * @returns The number of buffered encrypted bytes */ S2N_API extern uint32_t s2n_peek_buffered(struct s2n_connection *conn); /** * Configure the connection to free IO buffers when they are not currently in use. * * This configuration can be used to minimize connection memory footprint size, at the cost * of more calls to alloc and free. Some of these costs can be mitigated by configuring s2n-tls * to use an allocator that includes thread-local caches or lock-free allocation patterns. * * @param conn The connection object being update * @param enabled Set to `true` if dynamic buffers are enabled; `false` if disabled * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_set_dynamic_buffers(struct s2n_connection *conn, bool enabled); /** * Changes the behavior of s2n-tls when sending data to initially prefer records * small enough to fit in single ethernet frames. * * When dynamic record sizing is active, the connection sends records small enough * to fit in a single standard 1500 byte ethernet frame. Otherwise, the connection * chooses record sizes according to the configured maximum fragment length. * * Dynamic record sizing is active for the first resize_threshold bytes of a connection, * and is reactivated whenever timeout_threshold seconds pass without sending data. * * @param conn The connection object being updated * @param resize_threshold The number of bytes to send before changing the record size. Maximum 8MiB. * @param timeout_threshold Reset record size back to a single segment after threshold seconds of inactivity * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_set_dynamic_record_threshold(struct s2n_connection *conn, uint32_t resize_threshold, uint16_t timeout_threshold); /** * Sets the callback to use for verifying that a hostname from an X.509 certificate is trusted. * * The default behavior is to require that the hostname match the server name set with s2n_set_server_name(). This will * likely lead to all client certificates being rejected, so the callback will need to be overriden when using client authentication. * * If a single callback for different connections using the same config is desired, see s2n_config_set_verify_host_callback(). * * @param conn A pointer to a s2n_connection object * @param host_fn A pointer to a callback function that s2n will invoke in order to verify the hostname of an X.509 certificate * @param data Opaque pointer to data that the verify host function will be invoked with * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_set_verify_host_callback(struct s2n_connection *conn, s2n_verify_host_fn host_fn, void *data); /** * Used to opt-out of s2n-tls's built-in blinding. Blinding is a * mitigation against timing side-channels which in some cases can leak information * about encrypted data. By default s2n-tls will cause a thread to sleep between 10 and * 30 seconds whenever tampering is detected. * * Setting the S2N_SELF_SERVICE_BLINDING option with s2n_connection_set_blinding() * turns off this behavior. This is useful for applications that are handling many connections * in a single thread. In that case, if s2n_recv() or s2n_negotiate() return an error, * self-service applications should call s2n_connection_get_delay() and pause * activity on the connection for the specified number of nanoseconds before calling * close() or shutdown(). */ typedef enum { S2N_BUILT_IN_BLINDING, S2N_SELF_SERVICE_BLINDING } s2n_blinding; /** * Used to configure s2n-tls to either use built-in blinding (set blinding to S2N_BUILT_IN_BLINDING) or * self-service blinding (set blinding to S2N_SELF_SERVICE_BLINDING). * * @param conn The connection object being updated * @param blinding The desired blinding mode for the connection * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_set_blinding(struct s2n_connection *conn, s2n_blinding blinding); /** * Query the connection object for the configured blinding delay. * @param conn The connection object being updated * @returns the number of nanoseconds an application using self-service blinding should pause before calling close() or shutdown(). */ S2N_API extern uint64_t s2n_connection_get_delay(struct s2n_connection *conn); /** * Configures the maximum blinding delay enforced after errors. * * Blinding protects your application from timing side channel attacks like Lucky13. While s2n-tls * implements other, more specific mitigations for known timing side channels, blinding is important * as a defense against currently unknown or unreported timing attacks. * * Setting a maximum delay lower than the recommended default (30s) will make timing attacks against * your application easier. The lower you set the delay, the fewer requests and less total time an * attacker will require to execute an attack. If you must lower the delay for reasons such as client * timeouts, then you should choose the highest value practically possible to limit your risk. * * If you lower the blinding delay, you should also consider implementing monitoring and filtering * to detect and reject suspicious traffic that could be gathering timing information from a potential * side channel. Timing attacks usually involve repeatedly triggering TLS errors. * * @warning Do NOT set a lower blinding delay unless you understand the risks and have other * mitigations for timing side channels in place. * * @note This delay needs to be set lower than any timeouts, such as your TCP socket timeout. * * @param config The config object being updated. * @param seconds The maximum number of seconds that s2n-tls will delay for in the event of a * sensitive error. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure. */ S2N_API extern int s2n_config_set_max_blinding_delay(struct s2n_config *config, uint32_t seconds); /** * Sets the cipher preference override for the s2n_connection. Calling this function is not necessary * unless you want to set the cipher preferences on the connection to something different than what is in the s2n_config. * * @param conn The connection object being updated * @param version The human readable string representation of the security policy version. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_set_cipher_preferences(struct s2n_connection *conn, const char *version); /** * Used to indicate the type of key update that is being requested. For further * information refer to `s2n_connection_request_key_update`. */ typedef enum { S2N_KEY_UPDATE_NOT_REQUESTED = 0, S2N_KEY_UPDATE_REQUESTED } s2n_peer_key_update; /** * Signals the connection to do a key_update at the next possible opportunity. Note that the resulting key update message * will not be sent until `s2n_send` is called. * * @param conn The connection object to trigger the key update on. * @param peer_request Indicates if a key update should also be requested * of the peer. When set to `S2N_KEY_UPDATE_NOT_REQUESTED`, then only the sending * key of `conn` will be updated. If set to `S2N_KEY_UPDATE_REQUESTED`, then * the sending key of conn will be updated AND the peer will be requested to * update their sending key. Note that s2n-tls currently only supports * `peer_request` being set to `S2N_KEY_UPDATE_NOT_REQUESTED` and will return * S2N_FAILURE if any other value is used. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_request_key_update(struct s2n_connection *conn, s2n_peer_key_update peer_request); /** * Appends the provided application protocol to the preference list * * The data provided in `protocol` parameter will be copied into an internal buffer * * @param conn The connection object being updated * @param protocol A pointer to a slice of bytes * @param protocol_len The length of bytes that should be read from `protocol`. Note: this value cannot be 0, otherwise an error will be returned. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_append_protocol_preference(struct s2n_connection *conn, const uint8_t *protocol, uint8_t protocol_len); /** * Sets the protocol preference override for the s2n_connection. Calling this function is not necessary unless you want * to set the protocol preferences on the connection to something different than what is in the s2n_config. * * @param conn The connection object being updated * @param protocols A pointer to an array of protocol strings * @param protocol_count The number of protocols contained in protocols * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_set_protocol_preferences(struct s2n_connection *conn, const char *const *protocols, int protocol_count); /** * Sets the server name for the connection. * * The provided server name will be sent by the client to the server in the * server_name ClientHello extension. It may be desirable for clients * to provide this information to facilitate secure connections to * servers that host multiple 'virtual' servers at a single underlying * network address. * * s2n-tls does not place any restrictions on the provided server name. However, * other TLS implementations might. Specifically, the TLS specification for the * server_name extension requires that it be an ASCII-encoded DNS name without a * trailing dot, and explicitly forbids literal IPv4 or IPv6 addresses. * * @param conn The connection object being queried * @param server_name A pointer to a string containing the desired server name * @warning `server_name` must be a NULL terminated string. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_set_server_name(struct s2n_connection *conn, const char *server_name); /** * Query the connection for the selected server name. * * This can be used by a server to determine which server name the client is using. This function returns the first ServerName entry * in the ServerNameList sent by the client. Subsequent entries are not returned. * * @param conn The connection object being queried * @returns The server name associated with a connection, or NULL if none is found. */ S2N_API extern const char *s2n_get_server_name(struct s2n_connection *conn); /** * Query the connection for the selected application protocol. * * @param conn The connection object being queried * @returns The negotiated application protocol for a `s2n_connection`. In the event of no protocol being negotiated, NULL is returned. */ S2N_API extern const char *s2n_get_application_protocol(struct s2n_connection *conn); /** * Query the connection for a buffer containing the OCSP response. * * @param conn The connection object being queried * @param length A pointer that is set to the certificate transparency response buffer's size * @returns A pointer to the OCSP response sent by a server during the handshake. If no status response is received, NULL is returned. */ S2N_API extern const uint8_t *s2n_connection_get_ocsp_response(struct s2n_connection *conn, uint32_t *length); /** * Query the connection for a buffer containing the Certificate Transparency response. * * @param conn The connection object being queried * @param length A pointer that is set to the certificate transparency response buffer's size * @returns A pointer to the certificate transparency response buffer. */ S2N_API extern const uint8_t *s2n_connection_get_sct_list(struct s2n_connection *conn, uint32_t *length); /** * Used in non-blocking mode to indicate in which direction s2n-tls became blocked on I/O before it * returned control to the caller. This allows an application to avoid retrying s2n-tls operations * until I/O is possible in that direction. */ typedef enum { S2N_NOT_BLOCKED = 0, S2N_BLOCKED_ON_READ, S2N_BLOCKED_ON_WRITE, S2N_BLOCKED_ON_APPLICATION_INPUT, S2N_BLOCKED_ON_EARLY_DATA, } s2n_blocked_status; /** * Performs the initial "handshake" phase of a TLS connection and must be called before any s2n_recv() or s2n_send() calls. * * @note When using client authentication with TLS1.3, s2n_negotiate() will report a successful * handshake to clients before the server validates the client certificate. If the server then * rejects the client certificate, the client may later receive an alert while calling s2n_recv, * potentially after already having sent application data with s2n_send. * * See the following example for guidance on calling `s2n_negotiate()`: * https://github.com/aws/s2n-tls/blob/main/docs/examples/s2n_negotiate.c * * @param conn A pointer to the s2n_connection object * @param blocked A pointer which will be set to the blocked status if an `S2N_ERR_T_BLOCKED` error is returned. * @returns S2N_SUCCESS if the handshake completed. S2N_FAILURE if the handshake encountered an error or is blocked. */ S2N_API extern int s2n_negotiate(struct s2n_connection *conn, s2n_blocked_status *blocked); /** * Writes and encrypts `size` of `buf` data to the associated connection. s2n_send() will return the number of bytes * written, and may indicate a partial write. * * @note Partial writes are possible not just for non-blocking I/O, but also for connections aborted while active. * @note Unlike OpenSSL, repeated calls to s2n_send() should not duplicate the original parameters, but should * update `buf` and `size` per the indication of size written. * * See the following example for guidance on calling `s2n_send()`: * https://github.com/aws/s2n-tls/blob/main/docs/examples/s2n_send.c * * @param conn A pointer to the s2n_connection object * @param buf A pointer to a buffer that s2n will write data from * @param size The size of buf * @param blocked A pointer which will be set to the blocked status if an `S2N_ERR_T_BLOCKED` error is returned. * @returns The number of bytes written on success, which may indicate a partial write. S2N_FAILURE on failure. */ S2N_API extern ssize_t s2n_send(struct s2n_connection *conn, const void *buf, ssize_t size, s2n_blocked_status *blocked); /** * Works in the same way as s2n_sendv_with_offset() but with the `offs` parameter implicitly assumed to be 0. * Therefore in the partial write case, the caller would have to make sure that the `bufs` and `count` fields are modified in a way that takes * the partial writes into account. * * @param conn A pointer to the s2n_connection object * @param bufs A pointer to a vector of buffers that s2n will write data from. * @param count The number of buffers in `bufs` * @param blocked A pointer which will be set to the blocked status if an `S2N_ERR_T_BLOCKED` error is returned. * @returns The number of bytes written on success, which may indicate a partial write. S2N_FAILURE on failure. */ S2N_API extern ssize_t s2n_sendv(struct s2n_connection *conn, const struct iovec *bufs, ssize_t count, s2n_blocked_status *blocked); /** * Works in the same way as s2n_send() except that it accepts vectorized buffers. Will return the number of bytes written, and may indicate a partial write. Partial writes are possible not just for non-blocking I/O, but also for connections aborted while active. * * @note Partial writes are possible not just for non-blocking I/O, but also for connections aborted while active. * * @note Unlike OpenSSL, repeated calls to s2n_sendv_with_offset() should not duplicate the original parameters, but should update `bufs` and `count` per the indication of size written. * * See the following example for guidance on calling `s2n_sendv_with_offset()`: * https://github.com/aws/s2n-tls/blob/main/docs/examples/s2n_send.c * * @param conn A pointer to the s2n_connection object * @param bufs A pointer to a vector of buffers that s2n will write data from. * @param count The number of buffers in `bufs` * @param offs The write cursor offset. This should be updated as data is written. See the example code. * @param blocked A pointer which will be set to the blocked status if an `S2N_ERR_T_BLOCKED` error is returned. * @returns The number of bytes written on success, which may indicate a partial write. S2N_FAILURE on failure. */ S2N_API extern ssize_t s2n_sendv_with_offset(struct s2n_connection *conn, const struct iovec *bufs, ssize_t count, ssize_t offs, s2n_blocked_status *blocked); /** * Decrypts and reads **size* to `buf` data from the associated * connection. * * @note Unlike OpenSSL, repeated calls to `s2n_recv` should not duplicate the original parameters, but should update `buf` and `size` per the indication of size read. * * See the following example for guidance on calling `s2n_recv()`: * https://github.com/aws/s2n-tls/blob/main/docs/examples/s2n_recv.c * * @param conn A pointer to the s2n_connection object * @param buf A pointer to a buffer that s2n will place read data into. * @param size Size of `buf` * @param blocked A pointer which will be set to the blocked status if an `S2N_ERR_T_BLOCKED` error is returned. * @returns The number of bytes read on success. 0 if the connection was shutdown by the peer. S2N_FAILURE on failure. */ S2N_API extern ssize_t s2n_recv(struct s2n_connection *conn, void *buf, ssize_t size, s2n_blocked_status *blocked); /** * Allows users of s2n-tls to peek inside the data buffer of an s2n-tls connection to see if there more data to be read without actually reading it. * * This is useful when using select() on the underlying s2n-tls file descriptor with a message based application layer protocol. As a single call * to s2n_recv may read all data off the underlying file descriptor, select() will be unable to tell you there if there is more application data * ready for processing already loaded into the s2n-tls buffer. * * @note can then be used to determine if s2n_recv() needs to be called before more data comes in on the raw fd * @param conn A pointer to the s2n_connection object * @returns The number of bytes that can be read from the connection */ S2N_API extern uint32_t s2n_peek(struct s2n_connection *conn); /** * Wipes and releases buffers and memory allocated during the TLS handshake. * * @note This function should be called after the handshake is successfully negotiated and logging or recording of handshake data is complete. * * @param conn A pointer to the s2n_connection object * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_free_handshake(struct s2n_connection *conn); /** * Wipes and free the `in` and `out` buffers associated with a connection. * * @note This function may be called when a connection is * in keep-alive or idle state to reduce memory overhead of long lived connections. * * @param conn A pointer to the s2n_connection object * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_release_buffers(struct s2n_connection *conn); /** * Wipes an existing connection and allows it to be reused. Erases all data associated with a connection including * pending reads. * * @note This function should be called after all I/O is completed and s2n_shutdown has been called. * @note Reusing the same connection handle(s) is more performant than repeatedly calling s2n_connection_new() and s2n_connection_free(). * * @param conn A pointer to the s2n_connection object * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_wipe(struct s2n_connection *conn); /** * Frees the memory associated with an s2n_connection * handle. The handle is considered invalid after `s2n_connection_free` is used. * s2n_connection_wipe() does not need to be called prior to this function. `s2n_connection_free` performs its own wipe * of sensitive data. * * @param conn A pointer to the s2n_connection object * @returns 0 on success. -1 on failure */ S2N_API extern int s2n_connection_free(struct s2n_connection *conn); /** * Attempts a closure at the TLS layer. Does not close the underlying transport. This call may block in either direction. * * Unlike other TLS implementations, `s2n_shutdown` attempts a graceful shutdown by default. It will not return with success unless a close_notify alert is successfully * sent and received. As a result, `s2n_shutdown` may fail when interacting with a non-conformant TLS implementation. * * Once `s2n_shutdown` is complete: * * The s2n_connection handle cannot be used for reading for writing. * * The underlying transport can be closed. Most likely via `shutdown()` or `close()`. * * The s2n_connection handle can be freed via s2n_connection_free() or reused via s2n_connection_wipe() * * @param conn A pointer to the s2n_connection object * @param blocked A pointer which will be set to the blocked status if an `S2N_ERR_T_BLOCKED` error is returned. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_shutdown(struct s2n_connection *conn, s2n_blocked_status *blocked); /** * Attempts to close the write side of the TLS connection. * * TLS1.3 supports closing the write side of a TLS connection while leaving the read * side unaffected. This feature is usually referred to as "half-close". We send * a close_notify alert, but do not wait for the peer to respond. * * Like `s2n_shutdown()`, this method does not affect the underlying transport. * * `s2n_shutdown_send()` may still be called for earlier TLS versions, but most * TLS implementations will react by immediately discarding any pending writes and * closing the connection. * * Once `s2n_shutdown_send()` is complete: * * The s2n_connection handle CANNOT be used for writing. * * The s2n_connection handle CAN be used for reading. * * The write side of the underlying transport can be closed. Most likely via `shutdown()`. * * The application should still call `s2n_shutdown()` or wait for `s2n_recv()` to * return 0 to indicate end-of-data before cleaning up the connection or closing * the read side of the underlying transport. * * @param conn A pointer to the s2n_connection object * @param blocked A pointer which will be set to the blocked status if an `S2N_ERR_T_BLOCKED` error is returned. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_shutdown_send(struct s2n_connection *conn, s2n_blocked_status *blocked); /** * Used to declare what type of client certificate authentication to use. * * A s2n_connection will enforce client certificate authentication (mTLS) differently based on * the `s2n_cert_auth_type` and `s2n_mode` (client/server) of the connection, as described below. * * Server behavior: * - None (default): Will not request client authentication. * - Optional: Request the client's certificate and validate it. If no certificate is received then * no validation is performed. * - Required: Request the client's certificate and validate it. Abort the handshake if a client * certificate is not received. * * Client behavior: * - None: Abort the handshake if the server requests client authentication. * - Optional (default): Sends the client certificate if the server requests client * authentication. No certificate is sent if the application hasn't provided a certificate. * - Required: Send the client certificate. Abort the handshake if the server doesn't request * client authentication or if the application hasn't provided a certificate. */ typedef enum { S2N_CERT_AUTH_NONE, S2N_CERT_AUTH_REQUIRED, S2N_CERT_AUTH_OPTIONAL } s2n_cert_auth_type; /** * Gets Client Certificate authentication method the s2n_config object is using. * * @param config A pointer to a s2n_config object * @param client_auth_type A pointer to a client auth policy. This will be updated to the s2n_config value. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_get_client_auth_type(struct s2n_config *config, s2n_cert_auth_type *client_auth_type); /** * Sets whether or not a Client Certificate should be required to complete the TLS Connection. * * If this is set to `S2N_CERT_AUTH_OPTIONAL` the server will request a client certificate but allow the client to not provide one. * Rejecting a client certificate when using `S2N_CERT_AUTH_OPTIONAL` will terminate the handshake. * * @param config A pointer to a s2n_config object * @param client_auth_type The client auth policy for the connection * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_client_auth_type(struct s2n_config *config, s2n_cert_auth_type client_auth_type); /** * Gets Client Certificate authentication method the s2n_connection object is using. * * @param conn A pointer to the s2n_connection object * @param client_auth_type A pointer to a client auth policy. This will be updated to the s2n_connection value. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_get_client_auth_type(struct s2n_connection *conn, s2n_cert_auth_type *client_auth_type); /** * Sets whether or not a Client Certificate should be required to complete the TLS Connection. * * If this is set to `S2N_CERT_AUTH_OPTIONAL` the server will request a client certificate but allow the client to not provide one. * Rejecting a client certificate when using `S2N_CERT_AUTH_OPTIONAL` will terminate the handshake. * * @param conn A pointer to the s2n_connection object * @param client_auth_type The client auth policy for the connection * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_set_client_auth_type(struct s2n_connection *conn, s2n_cert_auth_type client_auth_type); /** * Gets the raw certificate chain received from the client. * * The retrieved certificate chain has the format described by the TLS 1.2 RFC: * https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.2. Each certificate is a DER-encoded ASN.1 X.509, * prepended by a 3 byte network-endian length value. Note that this format is used regardless of the connection's * protocol version. * * @warning The buffer pointed to by `cert_chain_out` shares its lifetime with the s2n_connection object. * * @param conn A pointer to the s2n_connection object * @param cert_chain_out A pointer that's set to the client certificate chain. * @param cert_chain_len A pointer that's set to the size of the `cert_chain_out` buffer. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_get_client_cert_chain(struct s2n_connection *conn, uint8_t **der_cert_chain_out, uint32_t *cert_chain_len); /** * Sets the initial number of session tickets to send after a >=TLS1.3 handshake. The default value is one ticket. * * @param config A pointer to the config object. * @param num The number of session tickets that will be sent. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_config_set_initial_ticket_count(struct s2n_config *config, uint8_t num); /** * Increases the number of session tickets to send after a >=TLS1.3 handshake. * * @param conn A pointer to the connection object. * @param num The number of additional session tickets to send. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_add_new_tickets_to_send(struct s2n_connection *conn, uint8_t num); /** * Returns the number of session tickets issued by the server. * * In TLS1.3, this number can be up to the limit configured by s2n_config_set_initial_ticket_count * and s2n_connection_add_new_tickets_to_send. In earlier versions of TLS, this number will be either 0 or 1. * * This method only works for server connections. * * @param conn A pointer to the connection object. * @param num The number of additional session tickets sent. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_get_tickets_sent(struct s2n_connection *conn, uint16_t *num); /** * Sets the keying material lifetime for >=TLS1.3 session tickets so that one session doesn't get re-used ad infinitum. * The default value is one week. * * @param conn A pointer to the connection object. * @param lifetime_in_secs Lifetime of keying material in seconds. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure */ S2N_API extern int s2n_connection_set_server_keying_material_lifetime(struct s2n_connection *conn, uint32_t lifetime_in_secs); struct s2n_session_ticket; /** * Callback function for receiving a session ticket. * * This function will be called each time a session ticket is received, which may be multiple times for TLS1.3. * * # Safety * * `ctx` is a void pointer and the caller is responsible for ensuring it is cast to the correct type. * `ticket` is valid only within the scope of this callback. * * @param conn A pointer to the connection object. * @param ctx Context for the session ticket callback function. * @param ticket Pointer to the received session ticket object. */ typedef int (*s2n_session_ticket_fn)(struct s2n_connection *conn, void *ctx, struct s2n_session_ticket *ticket); /** * Sets a session ticket callback to be called when a client receives a new session ticket. * * # Safety * * `callback` MUST cast `ctx` into the same type of pointer that was originally created. * `ctx` MUST be valid for the lifetime of the config, or until a different context is set. * * @param config A pointer to the config object. * @param callback The function that should be called when the callback is triggered. * @param ctx The context to be passed when the callback is called. */ S2N_API extern int s2n_config_set_session_ticket_cb(struct s2n_config *config, s2n_session_ticket_fn callback, void *ctx); /** * Gets the length of the session ticket from a session ticket object. * * @param ticket Pointer to the session ticket object. * @param data_len Pointer to be set to the length of the session ticket on success. */ S2N_API extern int s2n_session_ticket_get_data_len(struct s2n_session_ticket *ticket, size_t *data_len); /** * Gets the session ticket data from a session ticket object. * * # Safety * The entire session ticket will be copied into `data` on success. Therefore, `data` MUST have enough * memory to store the session ticket data. * * @param ticket Pointer to the session ticket object. * @param max_data_len Maximum length of data that can be written to the 'data' pointer. * @param data Pointer to where the session ticket data will be stored. */ S2N_API extern int s2n_session_ticket_get_data(struct s2n_session_ticket *ticket, size_t max_data_len, uint8_t *data); /** * Gets the lifetime in seconds of the session ticket from a session ticket object. * * @param ticket Pointer to the session ticket object. * @param session_lifetime Pointer to a variable where the lifetime of the session ticket will be stored. */ S2N_API extern int s2n_session_ticket_get_lifetime(struct s2n_session_ticket *ticket, uint32_t *session_lifetime); /** * De-serializes the session state and updates the connection accordingly. * * If this method fails, the connection should not be affected: calling s2n_negotiate * with the connection should simply result in a full handshake. * * @param conn A pointer to the s2n_connection object * @param session A pointer to a buffer of size `length` * @param length The size of the `session` buffer * * @returns The number of copied bytes */ S2N_API extern int s2n_connection_set_session(struct s2n_connection *conn, const uint8_t *session, size_t length); /** * Serializes the session state from connection and copies into the `session` buffer and returns the number of copied bytes * * @note This function is not recommended for > TLS 1.2 because in TLS1.3 * servers can send multiple session tickets and this function will only * return the most recently received ticket. * * @param conn A pointer to the s2n_connection object * @param session A pointer to a buffer of size `max_length` * @param max_length The size of the `session` buffer * * @returns The number of copied bytes */ S2N_API extern int s2n_connection_get_session(struct s2n_connection *conn, uint8_t *session, size_t max_length); /** * Retrieves a hint from the server indicating how long this ticket's lifetime is. * * @note This function is not recommended for > TLS 1.2 because in TLS1.3 * servers can send multiple session tickets and this function will only * return the most recently received ticket lifetime hint. * * @param conn A pointer to the s2n_connection object * * @returns The session ticket lifetime hint in seconds from the server or -1 when session ticket was not used for resumption. */ S2N_API extern int s2n_connection_get_session_ticket_lifetime_hint(struct s2n_connection *conn); /** * Use this to query the serialized session state size before copying it into a buffer. * * @param conn A pointer to the s2n_connection object * * @returns number of bytes needed to store serialized session state */ S2N_API extern int s2n_connection_get_session_length(struct s2n_connection *conn); /** * Gets the latest session id's length from the connection. * * Use this to query the session id size before copying it into a buffer. * * @param conn A pointer to the s2n_connection object * * @returns The latest session id length from the connection. Session id length will be 0 for TLS versions >= TLS1.3 as stateful session resumption has not yet been implemented in TLS1.3. */ S2N_API extern int s2n_connection_get_session_id_length(struct s2n_connection *conn); /** * Gets the latest session id from the connection, copies it into the `session_id` buffer, and returns the number of copied bytes. * * The session id may change between s2n receiving the ClientHello and sending the ServerHello, but this function will always describe the latest session id. * * See s2n_client_hello_get_session_id() to get the session id as it was sent by the client in the ClientHello message. * * @param conn A pointer to the s2n_connection object * @param session_id A pointer to a buffer of size `max_length` * @param max_length The size of the `session_id` buffer * * @returns The number of copied bytes. */ S2N_API extern int s2n_connection_get_session_id(struct s2n_connection *conn, uint8_t *session_id, size_t max_length); /** * Check if the connection was resumed from an earlier handshake. * * @param conn A pointer to the s2n_connection object * * @returns returns 1 if the handshake was abbreviated, otherwise returns 0 */ S2N_API extern int s2n_connection_is_session_resumed(struct s2n_connection *conn); /** * Check if the connection is OCSP stapled. * * @param conn A pointer to the s2n_connection object * * @returns 1 if OCSP response was sent (if connection is in S2N_SERVER mode) or received (if connection is in S2N_CLIENT mode) during handshake, otherwise it returns 0. */ S2N_API extern int s2n_connection_is_ocsp_stapled(struct s2n_connection *conn); /** * TLS Signature Algorithms - RFC 5246 7.4.1.4.1 * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16 */ typedef enum { S2N_TLS_SIGNATURE_ANONYMOUS = 0, S2N_TLS_SIGNATURE_RSA = 1, S2N_TLS_SIGNATURE_ECDSA = 3, /* Use Private Range for RSA PSS since it's not defined there */ S2N_TLS_SIGNATURE_RSA_PSS_RSAE = 224, S2N_TLS_SIGNATURE_RSA_PSS_PSS } s2n_tls_signature_algorithm; /** TLS Hash Algorithms - https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18 */ typedef enum { S2N_TLS_HASH_NONE = 0, S2N_TLS_HASH_MD5 = 1, S2N_TLS_HASH_SHA1 = 2, S2N_TLS_HASH_SHA224 = 3, S2N_TLS_HASH_SHA256 = 4, S2N_TLS_HASH_SHA384 = 5, S2N_TLS_HASH_SHA512 = 6, /* Use Private Range for MD5_SHA1 */ S2N_TLS_HASH_MD5_SHA1 = 224 } s2n_tls_hash_algorithm; /** * Get the connection's selected signature algorithm. * * @param conn A pointer to the s2n_connection object * @param chosen_alg A pointer to a s2n_tls_signature_algorithm object. This is an output parameter. * * @returns S2N_SUCCESS on success. S2N_FAILURE if bad parameters are received. */ S2N_API extern int s2n_connection_get_selected_signature_algorithm(struct s2n_connection *conn, s2n_tls_signature_algorithm *chosen_alg); /** * Get the connection's selected digest algorithm. * * @param conn A pointer to the s2n_connection object * @param chosen_alg A pointer to a s2n_tls_hash_algorithm object. This is an output parameter. * * @returns S2N_SUCCESS on success. S2N_FAILURE if bad parameters are received. */ S2N_API extern int s2n_connection_get_selected_digest_algorithm(struct s2n_connection *conn, s2n_tls_hash_algorithm *chosen_alg); /** * Get the client certificate's signature algorithm. * * @param conn A pointer to the s2n_connection object * @param chosen_alg A pointer to a s2n_tls_signature_algorithm object. This is an output parameter. * * @returns S2N_SUCCESS on success. S2N_FAILURE if bad parameters are received. */ S2N_API extern int s2n_connection_get_selected_client_cert_signature_algorithm(struct s2n_connection *conn, s2n_tls_signature_algorithm *chosen_alg); /** * Get the client certificate's digest algorithm. * * @param conn A pointer to the s2n_connection object * @param chosen_alg A pointer to a s2n_tls_hash_algorithm object. This is an output parameter. * * @returns S2N_SUCCESS on success. S2N_FAILURE if bad parameters are received. */ S2N_API extern int s2n_connection_get_selected_client_cert_digest_algorithm(struct s2n_connection *conn, s2n_tls_hash_algorithm *chosen_alg); /** * Get the certificate used during the TLS handshake * * - If `conn` is a server connection, the certificate selected will depend on the * ServerName sent by the client and supported ciphers. * - If `conn` is a client connection, the certificate sent in response to a CertificateRequest * message is returned. Currently s2n-tls supports loading only one certificate in client mode. Note that * not all TLS endpoints will request a certificate. * * @param conn A pointer to the s2n_connection object * * @returns NULL if the certificate selection phase of the handshake has not completed or if a certificate was not requested by the peer */ S2N_API extern struct s2n_cert_chain_and_key *s2n_connection_get_selected_cert(struct s2n_connection *conn); /** * @param chain_and_key A pointer to the s2n_cert_chain_and_key object being read. * @param cert_length This return value represents the length of the s2n certificate chain `chain_and_key`. * @returns the length of the s2n certificate chain `chain_and_key`. */ S2N_API extern int s2n_cert_chain_get_length(const struct s2n_cert_chain_and_key *chain_and_key, uint32_t *cert_length); /** * Returns the certificate `out_cert` present at the index `cert_idx` of the certificate chain `chain_and_key`. * * Note that the index of the leaf certificate is zero. If the certificate chain `chain_and_key` is NULL or the * certificate index value is not in the acceptable range for the input certificate chain, an error is returned. * * # Safety * * There is no memory allocation required for `out_cert` buffer prior to calling the `s2n_cert_chain_get_cert` API. * The `out_cert` will contain the pointer to the s2n_cert initialized within the input s2n_cert_chain_and_key `chain_and_key`. * The pointer to the output s2n certificate `out_cert` is valid until `chain_and_key` is freed up. * If a caller wishes to persist the `out_cert` beyond the lifetime of `chain_and_key`, the contents would need to be * copied prior to freeing `chain_and_key`. * * @param chain_and_key A pointer to the s2n_cert_chain_and_key object being read. * @param out_cert A pointer to the output s2n_cert `out_cert` present at the index `cert_idx` of the certificate chain `chain_and_key`. * @param cert_idx The certificate index for the requested certificate within the s2n certificate chain. */ S2N_API extern int s2n_cert_chain_get_cert(const struct s2n_cert_chain_and_key *chain_and_key, struct s2n_cert **out_cert, const uint32_t cert_idx); /** * Returns the s2n certificate in DER format along with its length. * * The API gets the s2n certificate `cert` in DER format. The certificate is returned in the `out_cert_der` buffer. * Here, `cert_len` represents the length of the certificate. * * A caller can use certificate parsing tools such as the ones provided by OpenSSL to parse the DER encoded certificate chain returned. * * # Safety * * The memory for the `out_cert_der` buffer is allocated and owned by s2n-tls. * Since the size of the certificate can potentially be very large, a pointer to internal connection data is returned instead of * copying the contents into a caller-provided buffer. * * The pointer to the output buffer `out_cert_der` is valid only while the connection exists. * The `s2n_connection_free` API frees the memory associated with the out_cert_der buffer and after the `s2n_connection_wipe` API is * called the memory pointed by out_cert_der is invalid. * * If a caller wishes to persist the `out_cert_der` beyond the lifetime of the connection, the contents would need to be * copied prior to the connection termination. * * @param cert A pointer to the s2n_cert object being read. * @param out_cert_der A pointer to the output buffer which will hold the s2n certificate `cert` in DER format. * @param cert_length This return value represents the length of the certificate. */ S2N_API extern int s2n_cert_get_der(const struct s2n_cert *cert, const uint8_t **out_cert_der, uint32_t *cert_length); /** * Returns the validated peer certificate chain as a `s2n_cert_chain_and_key` opaque object. * * The `s2n_cert_chain_and_key` parameter must be allocated by the caller using the `s2n_cert_chain_and_key_new` API * prior to this function call and must be empty. To free the memory associated with the `s2n_cert_chain_and_key` object use the * `s2n_cert_chain_and_key_free` API. * * @param conn A pointer to the s2n_connection object being read. * @param cert_chain The returned validated peer certificate chain `cert_chain` retrieved from the s2n connection. */ S2N_API extern int s2n_connection_get_peer_cert_chain(const struct s2n_connection *conn, struct s2n_cert_chain_and_key *cert_chain); /** * Returns the length of the DER encoded extension value of the ASN.1 X.509 certificate extension. * * @param cert A pointer to the s2n_cert object being read. * @param oid A null-terminated cstring that contains the OID of the X.509 certificate extension to be read. * @param ext_value_len This return value contains the length of DER encoded extension value of the ASN.1 X.509 certificate extension. */ S2N_API extern int s2n_cert_get_x509_extension_value_length(struct s2n_cert *cert, const uint8_t *oid, uint32_t *ext_value_len); /** * Returns the DER encoding of an ASN.1 X.509 certificate extension value, it's length and a boolean critical. * * @param cert A pointer to the s2n_cert object being read. * @param oid A null-terminated cstring that contains the OID of the X.509 certificate extension to be read. * @param ext_value A pointer to the output buffer which will hold the DER encoding of an ASN.1 X.509 certificate extension value returned. * @param ext_value_len This value is both an input and output parameter and represents the length of the output buffer `ext_value`. * When used as an input parameter, the caller must use this parameter to convey the maximum length of `ext_value`. * When used as an output parameter, `ext_value_len` holds the actual length of the DER encoding of the ASN.1 X.509 certificate extension value returned. * @param critical This return value contains the boolean value for `critical`. */ S2N_API extern int s2n_cert_get_x509_extension_value(struct s2n_cert *cert, const uint8_t *oid, uint8_t *ext_value, uint32_t *ext_value_len, bool *critical); /** * Returns the UTF8 String length of the ASN.1 X.509 certificate extension data. * * @param extension_data A pointer to the DER encoded ASN.1 X.509 certificate extension value being read. * @param extension_len represents the length of the input buffer `extension_data`. * @param utf8_str_len This return value contains the UTF8 String length of the ASN.1 X.509 certificate extension data. */ S2N_API extern int s2n_cert_get_utf8_string_from_extension_data_length(const uint8_t *extension_data, uint32_t extension_len, uint32_t *utf8_str_len); /** * Returns the UTF8 String representation of the DER encoded ASN.1 X.509 certificate extension data. * * @param extension_data A pointer to the DER encoded ASN.1 X.509 certificate extension value being read. * @param extension_len represents the length of the input buffer `extension_data`. * @param out_data A pointer to the output buffer which will hold the UTF8 String representation of the DER encoded ASN.1 X.509 * certificate extension data returned. * @param out_len This value is both an input and output parameter and represents the length of the output buffer `out_data`. * When used as an input parameter, the caller must use this parameter to convey the maximum length of `out_data`. * When used as an output parameter, `out_len` holds the actual length of UTF8 String returned. */ S2N_API extern int s2n_cert_get_utf8_string_from_extension_data(const uint8_t *extension_data, uint32_t extension_len, uint8_t *out_data, uint32_t *out_len); /** * Pre-shared key (PSK) Hash Algorithm - RFC 8446 Section-2.2 */ typedef enum { S2N_PSK_HMAC_SHA256, S2N_PSK_HMAC_SHA384, } s2n_psk_hmac; /** * Opaque pre shared key handle */ struct s2n_psk; /** * Creates a new s2n external pre-shared key (PSK) object with `S2N_PSK_HMAC_SHA256` as the default * PSK hash algorithm. An external PSK is a key established outside of TLS using a secure mutually agreed upon mechanism. * * Use `s2n_psk_free` to free the memory allocated to the s2n external PSK object created by this API. * * @returns struct s2n_psk* Returns a pointer to the newly created external PSK object. */ S2N_API struct s2n_psk *s2n_external_psk_new(void); /** * Frees the memory associated with the external PSK object. * * @param psk Pointer to the PSK object to be freed. */ S2N_API int s2n_psk_free(struct s2n_psk **psk); /** * Sets the identity for a given external PSK object. * The identity is a unique identifier for the pre-shared secret. * It is a non-secret value represented by raw bytes. * * # Safety * * The identity is transmitted over the network unencrypted and is a non-secret value. * Do not include confidential information in the identity. * * Note that the identity is copied into s2n-tls memory and the caller is responsible for * freeing the memory associated with the identity input. * * @param psk A pointer to a PSK object to be updated with the identity. * @param identity The identity in raw bytes format to be copied. * @param identity_size The length of the PSK identity being set. */ S2N_API int s2n_psk_set_identity(struct s2n_psk *psk, const uint8_t *identity, uint16_t identity_size); /** * Sets the out-of-band/externally provisioned secret for a given external PSK object. * * # Safety * * Note that the secret is copied into s2n-tls memory and the caller is responsible for * freeing the memory associated with the `secret` input. * * Deriving a shared secret from a password or other low-entropy source * is not secure and is subject to dictionary attacks. * See https://tools.ietf.org/rfc/rfc8446#section-2.2 for more information. * * @param psk A pointer to a PSK object to be updated with the secret. * @param secret The secret in raw bytes format to be copied. * @param secret_size The length of the pre-shared secret being set. */ S2N_API int s2n_psk_set_secret(struct s2n_psk *psk, const uint8_t *secret, uint16_t secret_size); /** * Sets the hash algorithm for a given external PSK object. The supported PSK hash * algorithms are as listed in the enum `s2n_psk_hmac` above. * * @param psk A pointer to the external PSK object to be updated with the PSK hash algorithm. * @param hmac The PSK hash algorithm being set. */ S2N_API int s2n_psk_set_hmac(struct s2n_psk *psk, s2n_psk_hmac hmac); /** * Appends a PSK object to the list of PSKs supported by the s2n connection. * If a PSK with a duplicate identity is found, an error is returned and the PSK is not added to the list. * Note that a copy of `psk` is stored on the connection. The user is still responsible for freeing the * memory associated with `psk`. * * @param conn A pointer to the s2n_connection object that contains the list of PSKs supported. * @param psk A pointer to the `s2n_psk` object to be appended to the list of PSKs on the s2n connection. */ S2N_API int s2n_connection_append_psk(struct s2n_connection *conn, struct s2n_psk *psk); /** * The list of PSK modes supported by s2n-tls for TLS versions >= TLS1.3. * Currently s2n-tls supports two modes - `S2N_PSK_MODE_RESUMPTION`, which represents the PSKs established * using the previous connection via session resumption, and `S2N_PSK_MODE_EXTERNAL`, which represents PSKs * established out-of-band/externally using a secure mutually agreed upon mechanism. */ typedef enum { S2N_PSK_MODE_RESUMPTION, S2N_PSK_MODE_EXTERNAL } s2n_psk_mode; /** * Sets the PSK mode on the s2n config object. * The supported PSK modes are listed in the enum `s2n_psk_mode` above. * * @param config A pointer to the s2n_config object being updated. * @param mode The PSK mode to be set. */ S2N_API int s2n_config_set_psk_mode(struct s2n_config *config, s2n_psk_mode mode); /** * Sets the PSK mode on the s2n connection object. * The supported PSK modes are listed in the enum `s2n_psk_mode` above. * This API overrides the PSK mode set on config for this connection. * * @param conn A pointer to the s2n_connection object being updated. * @param mode The PSK mode to be set. */ S2N_API int s2n_connection_set_psk_mode(struct s2n_connection *conn, s2n_psk_mode mode); /** * Gets the negotiated PSK identity length from the s2n connection object. The negotiated PSK * refers to the chosen PSK by the server to be used for the connection. * * This API can be used to determine if the negotiated PSK exists. If negotiated PSK exists a * call to this API returns a value greater than zero. If the negotiated PSK does not exist, the * value `0` is returned. * * @param conn A pointer to the s2n_connection object that successfully negotiated a PSK connection. * @param identity_length The length of the negotiated PSK identity. */ S2N_API int s2n_connection_get_negotiated_psk_identity_length(struct s2n_connection *conn, uint16_t *identity_length); /** * Gets the negotiated PSK identity from the s2n connection object. * If the negotiated PSK does not exist, the PSK identity will not be obtained and no error will be returned. * Prior to this API call, use `s2n_connection_get_negotiated_psk_identity_length` to determine if a * negotiated PSK exists or not. * * # Safety * * The negotiated PSK identity will be copied into the identity buffer on success. * Therefore, the identity buffer must have enough memory to fit the identity length. * * @param conn A pointer to the s2n_connection object. * @param identity The negotiated PSK identity obtained from the s2n_connection object. * @param max_identity_length The maximum length for the PSK identity. If the negotiated psk_identity length is * greater than this `max_identity_length` value an error will be returned. */ S2N_API int s2n_connection_get_negotiated_psk_identity(struct s2n_connection *conn, uint8_t *identity, uint16_t max_identity_length); struct s2n_offered_psk; /** * Creates a new s2n offered PSK object. * An offered PSK object represents a single PSK sent by the client. * * # Safety * * Use `s2n_offered_psk_free` to free the memory allocated to the s2n offered PSK object created by this API. * * @returns struct s2n_offered_psk* Returns a pointer to the newly created offered PSK object. */ S2N_API struct s2n_offered_psk *s2n_offered_psk_new(void); /** * Frees the memory associated with the `s2n_offered_psk` object. * * @param psk A pointer to the `s2n_offered_psk` object to be freed. */ S2N_API int s2n_offered_psk_free(struct s2n_offered_psk **psk); /** * Gets the PSK identity and PSK identity length for a given offered PSK object. * * @param psk A pointer to the offered PSK object being read. * @param identity The PSK identity being obtained. * @param size The length of the PSK identity being obtained. */ S2N_API int s2n_offered_psk_get_identity(struct s2n_offered_psk *psk, uint8_t **identity, uint16_t *size); struct s2n_offered_psk_list; /** * Checks whether the offered PSK list has an offered psk object next in line in the list. * An offered PSK list contains all the PSKs offered by the client for the server to select. * * # Safety * * This API returns a pointer to the s2n-tls internal memory with limited lifetime. * After the completion of `s2n_psk_selection_callback` this pointer is invalid. * * @param psk_list A pointer to the offered PSK list being read. * @returns bool A boolean value representing whether an offered psk object is present next in line in the offered PSK list. */ S2N_API bool s2n_offered_psk_list_has_next(struct s2n_offered_psk_list *psk_list); /** * Obtains the next offered PSK object from the list of offered PSKs. Use `s2n_offered_psk_list_has_next` * prior to this API call to ensure we have not reached the end of the list. * * @param psk_list A pointer to the offered PSK list being read. * @param psk A pointer to the next offered PSK object being obtained. */ S2N_API int s2n_offered_psk_list_next(struct s2n_offered_psk_list *psk_list, struct s2n_offered_psk *psk); /** * Returns the offered PSK list to its original read state. * * When `s2n_offered_psk_list_reread` is called, `s2n_offered_psk_list_next` will return the first PSK * in the offered PSK list. * * @param psk_list A pointer to the offered PSK list being reread. */ S2N_API int s2n_offered_psk_list_reread(struct s2n_offered_psk_list *psk_list); /** * Chooses a PSK from the offered PSK list to be used for the connection. * This API matches the PSK identity received from the client against the server's known PSK identities * list, in order to choose the PSK to be used for the connection. If the PSK identity sent from the client * is NULL, no PSK is chosen for the connection. If the client offered PSK identity has no matching PSK identity * with the server, an error will be returned. Use this API along with the `s2n_psk_selection_callback` callback * to select a PSK identity. * * @param psk_list A pointer to the server's known PSK list used to compare for a matching PSK with the client. * @param psk A pointer to the client's PSK object used to compare with the server's known PSK identities. */ S2N_API int s2n_offered_psk_list_choose_psk(struct s2n_offered_psk_list *psk_list, struct s2n_offered_psk *psk); /** * Callback function to select a PSK from a list of offered PSKs. * Use this callback to implement custom PSK selection logic. The s2n-tls default PSK selection logic * chooses the first matching PSK from the list of offered PSKs sent by the client. * * # Safety * * `context` is a void pointer and the caller is responsible for ensuring it is cast to the correct type. * After the completion of this callback, the pointer to `psk_list` is invalid. * * @param conn A pointer to the s2n_connection object. * @param context A pointer to a context for the caller to pass state to the callback, if needed. * @param psk_list A pointer to the offered PSK list being read. */ typedef int (*s2n_psk_selection_callback)(struct s2n_connection *conn, void *context, struct s2n_offered_psk_list *psk_list); /** * Sets the callback to select the matching PSK. * If this callback is not set s2n-tls uses a default PSK selection logic that selects the first matching * server PSK. * * @param config A pointer to the s2n_config object. * @param cb The function that should be called when the callback is triggered. * @param context A pointer to a context for the caller to pass state to the callback, if needed. */ S2N_API int s2n_config_set_psk_selection_callback(struct s2n_config *config, s2n_psk_selection_callback cb, void *context); /** * Get the number of bytes the connection has received. * * @param conn A pointer to the connection * @returns return the number of bytes received by s2n-tls "on the wire" */ S2N_API extern uint64_t s2n_connection_get_wire_bytes_in(struct s2n_connection *conn); /** * Get the number of bytes the connection has transmitted out. * * @param conn A pointer to the connection * @returns return the number of bytes transmitted out by s2n-tls "on the wire" */ S2N_API extern uint64_t s2n_connection_get_wire_bytes_out(struct s2n_connection *conn); /** * Access the protocol version supported by the client. * * @note The return value corresponds to the macros defined as S2N_SSLv2, * S2N_SSLv3, S2N_TLS10, S2N_TLS11, S2N_TLS12, and S2N_TLS13. * * @param conn A pointer to the connection * @returns returns the highest protocol version supported by the client */ S2N_API extern int s2n_connection_get_client_protocol_version(struct s2n_connection *conn); /** * Access the protocol version supported by the server. * * @note The return value corresponds to the macros defined as S2N_SSLv2, * S2N_SSLv3, S2N_TLS10, S2N_TLS11, S2N_TLS12, and S2N_TLS13. * * @param conn A pointer to the connection * @returns Returns the highest protocol version supported by the server */ S2N_API extern int s2n_connection_get_server_protocol_version(struct s2n_connection *conn); /** * Access the protocol version selected for the connection. * * @note The return value corresponds to the macros defined as S2N_SSLv2, * S2N_SSLv3, S2N_TLS10, S2N_TLS11, S2N_TLS12, and S2N_TLS13. * * @param conn A pointer to the connection * @returns The protocol version actually negotiated by the handshake */ S2N_API extern int s2n_connection_get_actual_protocol_version(struct s2n_connection *conn); /** * Access the client hello protocol version for the connection. * * @note The return value corresponds to the macros defined as S2N_SSLv2, * S2N_SSLv3, S2N_TLS10, S2N_TLS11, S2N_TLS12, and S2N_TLS13. * * @param conn A pointer to the connection * @returns The protocol version used to send the initial client hello message. */ S2N_API extern int s2n_connection_get_client_hello_version(struct s2n_connection *conn); /** * Access the protocol version from the header of the first record that contained the ClientHello message. * * @note This field has been deprecated and should not be confused with the client hello * version. It is often set very low, usually to TLS1.0 for compatibility reasons, * and should never be set higher than TLS1.2. Therefore this method should only be used * for logging or fingerprinting. * * @param conn A pointer to the client hello struct * @param out The protocol version in the record header containing the Client Hello. */ S2N_API extern int s2n_client_hello_get_legacy_record_version(struct s2n_client_hello *ch, uint8_t *out); /** * Check if Client Auth was used for a connection. * * @param conn A pointer to the connection * @returns 1 if the handshake completed and Client Auth was negotiated during then * handshake. */ S2N_API extern int s2n_connection_client_cert_used(struct s2n_connection *conn); /** * A function that provides a human readable string of the cipher suite that was chosen * for a connection. * * @warning The string "TLS_NULL_WITH_NULL_NULL" is returned before the TLS handshake has been performed. * This does not mean that the ciphersuite "TLS_NULL_WITH_NULL_NULL" will be used by the connection, * it is merely being used as a placeholder. * * @note This function is only accurate after the TLS handshake. * * @param conn A pointer to the connection * @returns A string indicating the cipher suite negotiated by s2n in OpenSSL format. */ S2N_API extern const char *s2n_connection_get_cipher(struct s2n_connection *conn); /** * Provides access to the TLS master secret. * * This is a dangerous method and should not be used unless absolutely necessary. * Mishandling the master secret can compromise both the current connection * and any past or future connections that use the same master secret due to * session resumption. * * This method is only supported for older TLS versions, and will report an S2N_ERR_INVALID_STATE * usage error if called for a TLS1.3 connection. TLS1.3 includes a new key schedule * that derives independent secrets from the master secret for specific purposes, * such as separate traffic, session ticket, and exporter secrets. Using the master * secret directly circumvents that security feature, reducing the security of * the protocol. * * If you need cryptographic material tied to the current TLS session, consider * `s2n_connection_tls_exporter` instead. Although s2n_connection_tls_exporter * currently only supports TLS1.3, there is also an RFC that describes exporters * for older TLS versions: https://datatracker.ietf.org/doc/html/rfc5705 * Using the master secret as-is or defining your own exporter is dangerous. * * @param conn A pointer to the connection. * @param secret_bytes Memory to copy the master secret into. The secret * is always 48 bytes long. * @param max_size The size of the memory available at `secret_bytes`. Must be * at least 48 bytes. * @returns S2N_SUCCESS on success, S2N_FAILURE otherwise. `secret_bytes` * will be set on success. */ S2N_API extern int s2n_connection_get_master_secret(const struct s2n_connection *conn, uint8_t *secret_bytes, size_t max_size); /** * Provides access to the TLS-Exporter functionality. * * See https://datatracker.ietf.org/doc/html/rfc5705 and https://www.rfc-editor.org/rfc/rfc8446. * * @note This is currently only available with TLS 1.3 connections which have finished a handshake. * * @param conn A pointer to the connection * @returns A POSIX error signal. If an error was returned, the value contained in `output` should be considered invalid. */ S2N_API extern int s2n_connection_tls_exporter(struct s2n_connection *conn, const uint8_t *label, uint32_t label_length, const uint8_t *context, uint32_t context_length, uint8_t *output, uint32_t output_length); /** * Returns the IANA value for the connection's negotiated cipher suite. * * The value is returned in the form of `first,second`, in order to closely match * the values defined in the [IANA Registry](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#table-tls-parameters-4). * For example if the connection's negotiated cipher suite is `TLS_AES_128_GCM_SHA256`, * which is registered as `0x13,0x01`, then `first = 0x13` and `second = 0x01`. * * This method will only succeed after the cipher suite has been negotiated with the peer. * * @param conn A pointer to the connection being read * @param first A pointer to a single byte, which will be updated with the first byte in the registered IANA value. * @param second A pointer to a single byte, which will be updated with the second byte in the registered IANA value. * @returns A POSIX error signal. If an error was returned, the values contained in `first` and `second` should be considered invalid. */ S2N_API extern int s2n_connection_get_cipher_iana_value(struct s2n_connection *conn, uint8_t *first, uint8_t *second); /** * Function to check if the cipher used by current connection is supported by the current * cipher preferences. * @param conn A pointer to the s2n connection * @param version A string representing the security policy to check against. * @returns 1 if the connection satisfies the cipher suite. 0 if the connection does not satisfy the cipher suite. -1 if there is an error. */ S2N_API extern int s2n_connection_is_valid_for_cipher_preferences(struct s2n_connection *conn, const char *version); /** * Function to get the human readable elliptic curve name for the connection. * * @param conn A pointer to the s2n connection * @returns A string indicating the elliptic curve used during ECDHE key exchange. The string "NONE" is returned if no curve was used. */ S2N_API extern const char *s2n_connection_get_curve(struct s2n_connection *conn); /** * Function to get the human readable KEM name for the connection. * * @param conn A pointer to the s2n connection * @returns A human readable string for the KEM group. If there is no KEM configured returns "NONE" */ S2N_API extern const char *s2n_connection_get_kem_name(struct s2n_connection *conn); /** * Function to get the human readable KEM group name for the connection. * * @param conn A pointer to the s2n connection * @returns A human readable string for the KEM group. If the connection is < TLS1.3 or there is no KEM group configured returns "NONE" */ S2N_API extern const char *s2n_connection_get_kem_group_name(struct s2n_connection *conn); /** * Function to get the alert that caused a connection to close. s2n-tls considers all * TLS alerts fatal and shuts down a connection whenever one is received. * * @param conn A pointer to the s2n connection * @returns The TLS alert code that caused a connection to be shut down */ S2N_API extern int s2n_connection_get_alert(struct s2n_connection *conn); /** * Function to return the last TLS handshake type that was processed. The returned format is a human readable string. * * @param conn A pointer to the s2n connection * @returns A human-readable handshake type name, e.g. "NEGOTIATED|FULL_HANDSHAKE|PERFECT_FORWARD_SECRECY" */ S2N_API extern const char *s2n_connection_get_handshake_type_name(struct s2n_connection *conn); /** * Function to return the last TLS message that was processed. The returned format is a human readable string. * @param conn A pointer to the s2n connection * @returns The last message name in the TLS state machine, e.g. "SERVER_HELLO", "APPLICATION_DATA". */ S2N_API extern const char *s2n_connection_get_last_message_name(struct s2n_connection *conn); /** * Opaque async private key operation handle */ struct s2n_async_pkey_op; /** * Sets whether or not a connection should enforce strict signature validation during the * `s2n_async_pkey_op_apply` call. * * `mode` can take the following values: * - `S2N_ASYNC_PKEY_VALIDATION_FAST` - default behavior: s2n-tls will perform only the minimum validation required for safe use of the asyn pkey operation. * - `S2N_ASYNC_PKEY_VALIDATION_STRICT` - in addition to the previous checks, s2n-tls will also ensure that the signature created as a result of the async private key sign operation matches the public key on the connection. */ typedef enum { S2N_ASYNC_PKEY_VALIDATION_FAST, S2N_ASYNC_PKEY_VALIDATION_STRICT } s2n_async_pkey_validation_mode; /** * The type of private key operation */ typedef enum { S2N_ASYNC_DECRYPT, S2N_ASYNC_SIGN } s2n_async_pkey_op_type; /** * Callback function for handling private key operations * * Invoked every time an operation requiring the private key is encountered * during the handshake. * * # Safety * * `op` is owned by the application and MUST be freed. * * @param conn Connection which triggered the callback * @param op An opaque object representing the private key operation */ typedef int (*s2n_async_pkey_fn)(struct s2n_connection *conn, struct s2n_async_pkey_op *op); /** * Sets up the callback to invoke when private key operations occur. * * @param config Config to set the callback * @param fn The function that should be called for each private key operation */ S2N_API extern int s2n_config_set_async_pkey_callback(struct s2n_config *config, s2n_async_pkey_fn fn); /** * Performs a private key operation using the given private key. * * # Safety * * Can only be called once. Any subsequent calls will produce a `S2N_ERR_T_USAGE` error. * * Safe to call from inside s2n_async_pkey_fn * * Safe to call from a different thread, as long as no other thread is operating on `op`. * * @param op An opaque object representing the private key operation * @param key The private key used for the operation. It can be extracted from * `conn` through the `s2n_connection_get_selected_cert` and `s2n_cert_chain_and_key_get_private_key` calls */ S2N_API extern int s2n_async_pkey_op_perform(struct s2n_async_pkey_op *op, s2n_cert_private_key *key); /** * Finalizes a private key operation and unblocks the connection. * * # Safety * * `conn` must match the connection that originally triggered the callback. * * Must be called after the operation is performed. * * Can only be called once. Any subsequent calls will produce a `S2N_ERR_T_USAGE` error. * * Safe to call from inside s2n_async_pkey_fn * * Safe to call from a different thread, as long as no other thread is operating on `op`. * * @param op An opaque object representing the private key operation * @param conn The connection associated with the operation that should be unblocked */ S2N_API extern int s2n_async_pkey_op_apply(struct s2n_async_pkey_op *op, struct s2n_connection *conn); /** * Frees the opaque structure representing a private key operation. * * # Safety * * MUST be called for every operation passed to s2n_async_pkey_fn * * Safe to call before or after the connection that created the operation is freed * * @param op An opaque object representing the private key operation */ S2N_API extern int s2n_async_pkey_op_free(struct s2n_async_pkey_op *op); /** * Configures whether or not s2n-tls will perform potentially expensive validation of * the results of a private key operation. * * @param config Config to set the validation mode for * @param mode What level of validation to perform */ S2N_API extern int s2n_config_set_async_pkey_validation_mode(struct s2n_config *config, s2n_async_pkey_validation_mode mode); /** * Returns the type of the private key operation. * * @param op An opaque object representing the private key operation * @param type A pointer to be set to the type */ S2N_API extern int s2n_async_pkey_op_get_op_type(struct s2n_async_pkey_op *op, s2n_async_pkey_op_type *type); /** * Returns the size of the input to the private key operation. * * @param op An opaque object representing the private key operation * @param data_len A pointer to be set to the size */ S2N_API extern int s2n_async_pkey_op_get_input_size(struct s2n_async_pkey_op *op, uint32_t *data_len); /** * Returns the input to the private key operation. * * When signing, the input is the digest to sign. * When decrypting, the input is the data to decrypt. * * # Safety * * `data` must be sufficiently large to contain the input. * `s2n_async_pkey_op_get_input_size` can be called to determine how much memory is required. * * s2n-tls does not take ownership of `data`. * The application still owns the memory and must free it if necessary. * * @param op An opaque object representing the private key operation * @param data A pointer to a buffer to copy the input into * @param data_len The maximum size of the `data` buffer */ S2N_API extern int s2n_async_pkey_op_get_input(struct s2n_async_pkey_op *op, uint8_t *data, uint32_t data_len); /** * Sets the output of the private key operation. * * # Safety * * s2n-tls does not take ownership of `data`. * The application still owns the memory and must free it if necessary. * * @param op An opaque object representing the private key operation * @param data A pointer to a buffer containing the output * @param data_len The size of the `data` buffer */ S2N_API extern int s2n_async_pkey_op_set_output(struct s2n_async_pkey_op *op, const uint8_t *data, uint32_t data_len); /** * Callback function for handling key log events * * THIS SHOULD BE USED FOR DEBUGGING PURPOSES ONLY! * * Each log line is formatted with the * [NSS Key Log Format](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format) * without a newline. * * # Safety * * * `ctx` MUST be cast into the same type of pointer that was originally created * * `logline` bytes MUST be copied or discarded before this function returns * * @param ctx Context for the callback * @param conn Connection for which the log line is being emitted * @param logline Pointer to the log line data * @param len Length of the log line data */ typedef int (*s2n_key_log_fn)(void *ctx, struct s2n_connection *conn, uint8_t *logline, size_t len); /** * Sets a key logging callback on the provided config * * THIS SHOULD BE USED FOR DEBUGGING PURPOSES ONLY! * * Setting this function enables configurations to emit secrets in the * [NSS Key Log Format](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format) * * # Safety * * * `callback` MUST cast `ctx` into the same type of pointer that was originally created * * `ctx` MUST live for at least as long as it is set on the config * * @param config Config to set the callback * @param callback The function that should be called for each secret log entry * @param ctx The context to be passed when the callback is called */ S2N_API extern int s2n_config_set_key_log_cb(struct s2n_config *config, s2n_key_log_fn callback, void *ctx); /** * s2n_config_enable_cert_req_dss_legacy_compat adds a dss cert type in the server certificate request when being called. * It only sends the dss cert type in the cert request but does not succeed the handshake if a dss cert is received. * Please DO NOT call this api unless you know you actually need legacy DSS certificate type compatibility * @param config Config to enable legacy DSS certificates for */ S2N_API extern int s2n_config_enable_cert_req_dss_legacy_compat(struct s2n_config *config); /** * Sets the maximum bytes of early data the server will accept. * * The default maximum is 0. If the maximum is 0, the server rejects all early data requests. * The config maximum can be overridden by the connection maximum or the maximum on an external pre-shared key. * * @param config A pointer to the config * @param max_early_data_size The maximum early data that the server will accept * @returns A POSIX error signal. If successful, the maximum early data size was updated. */ S2N_API int s2n_config_set_server_max_early_data_size(struct s2n_config *config, uint32_t max_early_data_size); /** * Sets the maximum bytes of early data the server will accept. * * The default maximum is 0. If the maximum is 0, the server rejects all early data requests. * The connection maximum can be overridden by the maximum on an external pre-shared key. * * @param conn A pointer to the connection * @param max_early_data_size The maximum early data the server will accept * @returns A POSIX error signal. If successful, the maximum early data size was updated. */ S2N_API int s2n_connection_set_server_max_early_data_size(struct s2n_connection *conn, uint32_t max_early_data_size); /** * Sets the user context associated with early data on a server. * * This context is passed to the `s2n_early_data_cb` callback to help decide whether to accept or reject early data. * * Unlike most contexts, the early data context is a byte buffer instead of a void pointer. * This is because we need to serialize the context into session tickets. * * This API is intended for use with session resumption, and will not affect pre-shared keys. * * @param conn A pointer to the connection * @param context A pointer to the user context data. This data will be copied. * @param context_size The size of the data to read from the `context` pointer. * @returns A POSIX error signal. If successful, the context was updated. */ S2N_API int s2n_connection_set_server_early_data_context(struct s2n_connection *conn, const uint8_t *context, uint16_t context_size); /** * Configures a particular pre-shared key to allow early data. * * `max_early_data_size` must be set to the maximum early data accepted by the server. * * In order to use early data, the cipher suite set on the pre-shared key must match the cipher suite * ultimately negotiated by the TLS handshake. Additionally, the cipher suite must have the same * hmac algorithm as the pre-shared key. * * @param psk A pointer to the pre-shared key, created with `s2n_external_psk_new`. * @param max_early_data_size The maximum early data that can be sent or received using this key. * @param cipher_suite_first_byte The first byte in the registered IANA value of the associated cipher suite. * @param cipher_suite_second_byte The second byte in the registered IANA value of the associated cipher suite. * @returns A POSIX error signal. If successful, `psk` was updated. */ S2N_API int s2n_psk_configure_early_data(struct s2n_psk *psk, uint32_t max_early_data_size, uint8_t cipher_suite_first_byte, uint8_t cipher_suite_second_byte); /** * Sets the optional `application_protocol` associated with the given pre-shared key. * * In order to use early data, the `application_protocol` set on the pre-shared key must match * the `application_protocol` ultimately negotiated by the TLS handshake. * * @param psk A pointer to the pre-shared key, created with `s2n_external_psk_new`. * @param application_protocol A pointer to the associated application protocol data. This data will be copied. * @param size The size of the data to read from the `application_protocol` pointer. * @returns A POSIX error signal. If successful, the application protocol was set. */ S2N_API int s2n_psk_set_application_protocol(struct s2n_psk *psk, const uint8_t *application_protocol, uint8_t size); /** * Sets the optional user early data context associated with the given pre-shared key. * * The early data context is passed to the `s2n_early_data_cb` callback to help decide whether * to accept or reject early data. * * @param psk A pointer to the pre-shared key, created with `s2n_external_psk_new`. * @param context A pointer to the associated user context data. This data will be copied. * @param size The size of the data to read from the `context` pointer. * @returns A POSIX error signal. If successful, the context was set. */ S2N_API int s2n_psk_set_early_data_context(struct s2n_psk *psk, const uint8_t *context, uint16_t size); /** * The status of early data on a connection. * * S2N_EARLY_DATA_STATUS_OK: Early data is in progress. * S2N_EARLY_DATA_STATUS_NOT_REQUESTED: The client did not request early data, so none was sent or received. * S2N_EARLY_DATA_STATUS_REJECTED: The client requested early data, but the server rejected the request. * Early data may have been sent, but was not received. * S2N_EARLY_DATA_STATUS_END: All early data was successfully sent and received. */ typedef enum { S2N_EARLY_DATA_STATUS_OK, S2N_EARLY_DATA_STATUS_NOT_REQUESTED, S2N_EARLY_DATA_STATUS_REJECTED, S2N_EARLY_DATA_STATUS_END, } s2n_early_data_status_t; /** * Reports the current state of early data for a connection. * * See `s2n_early_data_status_t` for all possible states. * * @param conn A pointer to the connection * @param status A pointer which will be set to the current early data status * @returns A POSIX error signal. */ S2N_API int s2n_connection_get_early_data_status(struct s2n_connection *conn, s2n_early_data_status_t *status); /** * Reports the remaining size of the early data allowed by a connection. * * If early data was rejected or not requested, the remaining early data size is 0. * Otherwise, the remaining early data size is the maximum early data allowed by the connection, * minus the early data sent or received so far. * * @param conn A pointer to the connection * @param allowed_early_data_size A pointer which will be set to the remaining early data currently allowed by `conn` * @returns A POSIX error signal. */ S2N_API int s2n_connection_get_remaining_early_data_size(struct s2n_connection *conn, uint32_t *allowed_early_data_size); /** * Reports the maximum size of the early data allowed by a connection. * * This is the maximum amount of early data that can ever be sent and received for a connection. * It is not affected by the actual status of the early data, so can be non-zero even if early data * is rejected or not requested. * * @param conn A pointer to the connection * @param max_early_data_size A pointer which will be set to the maximum early data allowed by `conn` * @returns A POSIX error signal. */ S2N_API int s2n_connection_get_max_early_data_size(struct s2n_connection *conn, uint32_t *max_early_data_size); /** * Called by the client to begin negotiation and send early data. * * See https://github.com/aws/s2n-tls/blob/main/docs/usage-guide/topics/ch14-early-data.md * for usage and examples. DO NOT USE unless you have considered the security issues and * implemented mitigation for anti-replay attacks. * * @param conn A pointer to the connection * @param data A pointer to the early data to be sent * @param data_len The size of the early data to send * @param data_sent A pointer which will be set to the size of the early data sent * @param blocked A pointer which will be set to the blocked status, as in `s2n_negotiate`. * @returns A POSIX error signal. The error should be handled as in `s2n_negotiate`. */ S2N_API int s2n_send_early_data(struct s2n_connection *conn, const uint8_t *data, ssize_t data_len, ssize_t *data_sent, s2n_blocked_status *blocked); /** * Called by the server to begin negotiation and accept any early data the client sends. * * See https://github.com/aws/s2n-tls/blob/main/docs/usage-guide/topics/ch14-early-data.md * for usage and examples. DO NOT USE unless you have considered the security issues and * implemented mitigation for anti-replay attacks. * * @param conn A pointer to the connection * @param data A pointer to a buffer to store the early data received * @param max_data_len The size of the early data buffer * @param data_received A pointer which will be set to the size of the early data received * @param blocked A pointer which will be set to the blocked status, as in `s2n_negotiate`. * @returns A POSIX error signal. The error should be handled as in `s2n_negotiate`. */ S2N_API int s2n_recv_early_data(struct s2n_connection *conn, uint8_t *data, ssize_t max_data_len, ssize_t *data_received, s2n_blocked_status *blocked); struct s2n_offered_early_data; /** * A callback which can be implemented to accept or reject early data. * * This callback is triggered only after the server has determined early data is otherwise acceptable according * to the TLS early data specification. Implementations therefore only need to cover application-specific checks, * not the standard TLS early data validation. * * This callback can be synchronous or asynchronous. For asynchronous behavior, return success without * calling `s2n_offered_early_data_reject` or `s2n_offered_early_data_accept`. `early_data` will * still be a valid reference, and the connection will block until `s2n_offered_early_data_reject` or * `s2n_offered_early_data_accept` is called. * * @param conn A pointer to the connection * @param early_data A pointer which can be used to access information about the proposed early data * and then accept or reject it. * @returns A POSIX error signal. If unsuccessful, the connection will be closed with an error. */ typedef int (*s2n_early_data_cb)(struct s2n_connection *conn, struct s2n_offered_early_data *early_data); /** * Set a callback to accept or reject early data. * * @param config A pointer to the connection config * @param cb A pointer to the implementation of the callback. * @returns A POSIX error signal. If successful, the callback was set. */ S2N_API int s2n_config_set_early_data_cb(struct s2n_config *config, s2n_early_data_cb cb); /** * Get the length of the early data context set by the user. * * @param early_data A pointer to the early data information * @param context_len The length of the user context * @returns A POSIX error signal. */ S2N_API int s2n_offered_early_data_get_context_length(struct s2n_offered_early_data *early_data, uint16_t *context_len); /** * Get the early data context set by the user. * * @param early_data A pointer to the early data information * @param context A byte buffer to copy the user context into * @param max_len The size of `context`. Must be >= to the result of `s2n_offered_early_data_get_context_length`. * @returns A POSIX error signal. */ S2N_API int s2n_offered_early_data_get_context(struct s2n_offered_early_data *early_data, uint8_t *context, uint16_t max_len); /** * Reject early data offered by the client. * * @param early_data A pointer to the early data information * @returns A POSIX error signal. If success, the client's early data will be rejected. */ S2N_API int s2n_offered_early_data_reject(struct s2n_offered_early_data *early_data); /** * Accept early data offered by the client. * * @param early_data A pointer to the early data information * @returns A POSIX error signal. If success, the client's early data will be accepted. */ S2N_API int s2n_offered_early_data_accept(struct s2n_offered_early_data *early_data); /** * Retrieves the list of supported groups configured by the security policy associated with `config`. * * The retrieved list of groups will contain all of the supported groups for a security policy that are compatible * with the build of s2n-tls. For instance, PQ kem groups that are not supported by the linked libcrypto will not * be written. Otherwise, all of the supported groups configured for the security policy will be written. This API * can be used with the s2n_client_hello_get_supported_groups() API as a means of comparing compatibility between * a client and server. * * IANA values for each of the supported groups are written to the provided `groups` array, and `groups_count` is * set to the number of written supported groups. * * `groups_count_max` should be set to the maximum capacity of the `groups` array. If `groups_count_max` is less * than the number of supported groups configured by the security policy, this function will error. * * Note that this API retrieves only the groups from a security policy that are available to negotiate via the * supported groups extension, and does not return TLS 1.2 PQ kem groups that are negotiated in the supported PQ * kem parameters extension. * * @param config A pointer to the s2n_config object from which the supported groups will be retrieved. * @param groups The array to populate with the supported groups. * @param groups_count_max The maximum number of supported groups that can fit in the `groups` array. * @param groups_count Set to the number of supported groups written to `groups`. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure. */ S2N_API int s2n_config_get_supported_groups(struct s2n_config *config, uint16_t *groups, uint16_t groups_count_max, uint16_t *groups_count); /* Indicates which serialized connection version will be provided. The default value is * S2N_SERIALIZED_CONN_NONE, which indicates the feature is off. */ typedef enum { S2N_SERIALIZED_CONN_NONE = 0, S2N_SERIALIZED_CONN_V1 = 1 } s2n_serialization_version; /** * Set what version to use when serializing connections * * A version is required to serialize connections. Versioning ensures that all features negotiated * during the handshake will be available wherever the connection is deserialized. Applications may * need to update this version to pick up new features, since versioning may disable newer TLS * features to ensure compatibility. * * @param config A pointer to the config object. * @param version The requested version. * @returns S2N_SUCCESS on success, S2N_FAILURE on error. */ S2N_API int s2n_config_set_serialization_version(struct s2n_config *config, s2n_serialization_version version); /** * Retrieves the length of the serialized connection from `s2n_connection_serialize()`. Should be * used to allocate enough memory for the serialized connection buffer. * * @note The size of the serialized connection changes based on parameters negotiated in the TLS * handshake. Do not expect the size to always remain the same. * * @param conn A pointer to the connection object. * @param length Output parameter where the length will be written. * @returns S2N_SUCCESS on success, S2N_FAILURE on error. */ S2N_API int s2n_connection_serialization_length(struct s2n_connection *conn, uint32_t *length); /** * Serializes the s2n_connection into the provided buffer. * * This API takes an established s2n-tls connection object and "serializes" it * into a transferable object to be sent off-box or to another process. This transferable object can * then be "deserialized" using the `s2n_connection_deserialize` method to instantiate an s2n-tls * connection object that can talk to the original peer with the same encryption keys. * * @warning This feature is dangerous because it provides cryptographic material from a TLS session * in plaintext. Users MUST both encrypt and MAC the contents of the outputted material to provide * secrecy and integrity if this material is transported off-box. DO NOT store or send this material off-box * without encryption. * * @note You MUST have used `s2n_config_set_serialization_version()` to set a version on the * s2n_config object associated with this connection before this connection began its TLS handshake. * @note Call `s2n_connection_serialization_length` to retrieve the amount of memory needed for the * buffer parameter. * @note This API will error if the handshake is not yet complete. * * @param conn A pointer to the connection object. * @param buffer A pointer to the buffer where the serialized connection will be written. * @param buffer_length Maximum amount of data that can be written to the buffer param. * @returns S2N_SUCCESS on success, S2N_FAILURE on error. */ S2N_API int s2n_connection_serialize(struct s2n_connection *conn, uint8_t *buffer, uint32_t buffer_length); /** * Deserializes the provided buffer into the `s2n_connection` parameter. * * @warning s2n-tls DOES NOT check the integrity of the provided buffer. s2n-tls may successfully * deserialize a corrupted buffer which WILL cause a connection failure when attempting to resume * sending/receiving encrypted data. To avoid this, it is recommended to MAC and encrypt the serialized * connection before sending it off-box and deserializing it. * * @warning Only a minimal amount of information about the original TLS connection is serialized. * Therefore, after deserialization, the connection will behave like a new `s2n_connection` from the * `s2n_connection_new()` call, except that it can read/write encrypted data from a peer. Any desired * config-level or connection-level configuration will need to be re-applied to the deserialized connection. * For this same reason none of the connection getters will return useful information about the * original connection after deserialization. Any information about the original connection needs to * be retrieved before serialization. * * @param conn A pointer to the connection object. Should be a new s2n_connection object. * @param buffer A pointer to the buffer where the serialized connection will be read from. * @param buffer_length Maximum amount of data that can be read from the buffer parameter. * @returns S2N_SUCCESS on success, S2N_FAILURE on error. */ S2N_API int s2n_connection_deserialize(struct s2n_connection *conn, uint8_t *buffer, uint32_t buffer_length); /* Load all acceptable certificate authorities from the currently configured trust store. * * The loaded certificate authorities will be advertised during the handshake. * This can help your peer select a certificate if they have multiple certificate * chains available. * * For now, s2n-tls only supports advertising certificate authorities to support * client auth, so only servers will send the list of certificate authorities. * * To avoid configuration mistakes, certificate authorities cannot be loaded from * a trust store that includes the default system certificates. That means that * s2n_config_new_minimal or s2n_config_wipe_trust_store should be used. * * s2n-tls currently limits the total certificate authorities size to 10k bytes. * This method will fail if the certificate authorities retrieved from the trust * store exceed that limit. * * @param config A pointer to the s2n_config object. * @returns S2N_SUCCESS on success. S2N_FAILURE on failure. */ S2N_API int s2n_config_set_cert_authorities_from_trust_store(struct s2n_config *config); #ifdef __cplusplus } #endif