Merge branch 'main' into ecdsa_sigalg

.github/workflows/ci_rust.yml

@@ -33,7 +33,7 @@ jobs:
           rustup override set stable
 
       # https://github.com/aws/aws-lc-rs/blob/main/aws-lc-fips-sys/README.md#build-prerequisites
-      # go required to build aws-lc-rs in FIPS mode
+      # go required for generate.sh to build aws-lc-rs in FIPS mode
       - name: Install go
         uses: actions/setup-go@v4
         with:
@@ -46,7 +46,8 @@ jobs:
 
       - name: Tests
         working-directory: ${{env.ROOT_PATH}}
-        run: cargo test --all-features
+        # Test all features except for FIPS, which is tested separately.
+        run: cargo test --features unstable-fingerprint,unstable-ktls,quic,pq
 
       # Ensure that all tests pass with the default feature set
       - name: Default Tests
@@ -159,7 +160,11 @@ jobs:
         run: cargo test --all-features
 
   fips:
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macOS-latest]
     steps:
       - uses: actions/checkout@v3
         with:
@@ -186,7 +191,16 @@ jobs:
       - name: Test fips
         working-directory: ${{env.ROOT_PATH}}
         run: |
-          cargo test --features fips
+          # The doc tests fail to link to AWS-LC in FIPS mode due to
+          # https://github.com/rust-lang/cargo/issues/8531. The --tests flag is provided to disable
+          # the doc tests. The doc tests are tested in the generate test, where FIPS is disabled.
+          cargo test --tests --features fips
+
+      # Test all features, including FIPS
+      - name: Test all
+        working-directory: ${{env.ROOT_PATH}}
+        run: |
+          cargo test --tests --all-features
 
   rustfmt:
     runs-on: ubuntu-latest

.github/workflows/proof_ci.yaml

@@ -9,6 +9,9 @@ on:
   pull_request:
     branches-ignore:
       - gh-pages
+  merge_group:
+    types: [checks_requested]
+    branches: [main]
 
 # USAGE
 #

.gitignore

@@ -40,3 +40,5 @@ build/
 result
 result-*
 *.class
+# Exclude rust build directories
+*target/

api/s2n.h

@@ -1112,6 +1112,13 @@ typedef enum {
  * Sets up a connection to request the certificate status of a peer during an SSL handshake. If set
  * to S2N_STATUS_REQUEST_NONE, no status request is made.
  *
+ * @note SHA-1 is the only supported hash algorithm for the `certID` field. This is different
+ * from the hash algorithm used for the OCSP signature. See 
+ * [RFC 6960](https://datatracker.ietf.org/doc/html/rfc6960#section-4.1.1) for more information.
+ * While unlikely to be the case, if support for a different hash algorithm is required, the
+ * s2n-tls validation can be disabled with `s2n_config_set_check_stapled_ocsp_response()` and the
+ * response can be retrieved for manual validation with `s2n_connection_get_ocsp_response()`.
+ * 
  * @param config The configuration object being updated
  * @param type The desired request status type
  * @returns S2N_SUCCESS on success. S2N_FAILURE on failure
@@ -1269,6 +1276,22 @@ S2N_API extern int s2n_config_set_ticket_decrypt_key_lifetime(struct s2n_config
  */
 S2N_API extern int s2n_config_add_ticket_crypto_key(struct s2n_config *config, const uint8_t *name, uint32_t name_len,
         uint8_t *key, uint32_t key_len, uint64_t intro_time_in_seconds_from_epoch);
+
+/**
+ * Requires that session tickets are only used when forward secrecy is possible.
+ *
+ * Restricts session resumption to TLS1.3, as the tickets used in TLS1.2 resumption are
+ * not forward secret. Clients should not expect to receive new session tickets and servers
+ * will not send new session tickets when TLS1.2 is negotiated and ticket forward secrecy is required.
+ * 
+ * @note The default behavior is that forward secrecy is not required.
+ *
+ * @param config The config object being updated
+ * @param enabled Indicates if forward secrecy is required or not on tickets
+ * @returns S2N_SUCCESS on success. S2N_FAILURE on failure
+ */
+S2N_API extern int s2n_config_require_ticket_forward_secrecy(struct s2n_config *config, bool enabled);
+
 /**
  * Sets user defined context on the `s2n_config` object.
  *

api/unstable/fingerprint.h

@@ -35,6 +35,116 @@ typedef enum {
     S2N_FINGERPRINT_JA3,
 } s2n_fingerprint_type;
 
+struct s2n_fingerprint;
+
+/**
+ * Create a reusable fingerprint structure.
+ *
+ * Fingerprinting is primarily used to identify malicious or abusive clients,
+ * so fingerprinting needs to be efficient and require minimal resources.
+ * The `s2n_client_hello_get_fingerprint_hash` and `s2n_client_hello_get_fingerprint_string`
+ * methods may require additional memory to calculate the fingerprint. Reusing
+ * the same `s2n_fingerprint` structure to calculate multiple fingerprints reduces
+ * the cost of each individual fingerprint.
+ *
+ * @param type The algorithm to use for the fingerprint.
+ * @returns S2N_SUCCESS on success, S2N_FAILURE on failure.
+ */
+S2N_API struct s2n_fingerprint *s2n_fingerprint_new(s2n_fingerprint_type type);
+
+/**
+ * Frees the memory allocated by `s2n_fingerprint_new` for a fingerprint structure.
+ *
+ * @param fingerprint The s2n_fingerprint structure to be freed.
+ * @returns S2N_SUCCESS on success, S2N_FAILURE on failure.
+ */
+S2N_API int s2n_fingerprint_free(struct s2n_fingerprint **fingerprint);
+
+/**
+ * Resets the fingerprint for safe reuse with a different ClientHello.
+ *
+ * @param fingerprint The s2n_fingerprint structure to be reset.
+ * @returns S2N_SUCCESS on success, S2N_FAILURE on failure.
+ */
+S2N_API int s2n_fingerprint_wipe(struct s2n_fingerprint *fingerprint);
+
+/**
+ * Sets the ClientHello to be fingerprinted.
+ *
+ * @param fingerprint The s2n_fingerprint to be modified
+ * @param ch The client hello to be fingerprinted. It will not be copied, so needs
+ * to live at least as long as this fingerprinting operation.
+ * @returns S2N_SUCCESS on success, S2N_FAILURE on failure.
+ */
+S2N_API int s2n_fingerprint_set_client_hello(struct s2n_fingerprint *fingerprint, struct s2n_client_hello *ch);
+
+/**
+ * Get the size of the fingerprint hash.
+ *
+ * Fingerprint hashes should be a constant size, but that size will vary based
+ * on the fingerprinting method used.
+ *
+ * @param fingerprint The s2n_fingerprint to be used for the hash
+ * @param size Output variable to be set to the size of the hash
+ * @returns S2N_SUCCESS on success, S2N_FAILURE on failure.
+ */
+S2N_API int s2n_fingerprint_get_hash_size(const struct s2n_fingerprint *fingerprint, uint32_t *size);
+
+/**
+ * Calculates a fingerprint hash.
+ *
+ * The output of this method depends on the type of fingerprint.
+ *
+ * JA3: A hex-encoded string representing the MD5 hash of the raw string.
+ * - See https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967
+ * - Example: "c34a54599a1fbaf1786aa6d633545a60"
+ *
+ * @param fingerprint The s2n_fingerprint to be used for the hash
+ * @param max_output_size The maximum size of data that may be written to `output`.
+ * If `output` is too small, an S2N_ERR_T_USAGE error will occur.
+ * @param output The location that the requested hash will be written to.
+ * @param output_size Output variable to be set to the actual size of the data
+ * written to `output`.
+ * @returns S2N_SUCCESS on success, S2N_FAILURE on failure.
+ */
+S2N_API int s2n_fingerprint_get_hash(struct s2n_fingerprint *fingerprint,
+        uint32_t max_output_size, uint8_t *output, uint32_t *output_size);
+
+/**
+ * Get the size of the raw fingerprint string.
+ *
+ * The size of the raw string depends on the ClientHello and cannot be known
+ * without calculating the fingerprint. Either `s2n_fingerprint_get_hash` or
+ * `s2n_fingerprint_get_raw` must be called before this method.
+ *
+ * @param fingerprint The s2n_fingerprint to be used for the raw string
+ * @param size Output variable to be set to the size of the raw string
+ * @returns S2N_SUCCESS on success, S2N_FAILURE on failure.
+ */
+S2N_API int s2n_fingerprint_get_raw_size(const struct s2n_fingerprint *fingerprint, uint32_t *size);
+
+/**
+ * Calculates the raw string for a fingerprint.
+ *
+ * The output of this method depends on the type of fingerprint.
+ *
+ * JA3: A string consisting of lists of decimal values.
+ * - See https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967
+ * - Example: "771,4866-4867-4865-49196-49200-159-52393-52392-52394-49195-49199-158-
+ *             49188-49192-107-49187-49191-103-49162-49172-57-49161-49171-51-157-
+ *             156-61-60-53-47-255,11-10-35-22-23-13-43-45-51,29-23-30-25-24,0-1-2"
+ *
+ * @param fingerprint The s2n_fingerprint to be used for the raw string
+ * @param max_output_size The maximum size of data that may be written to `output`.
+ * If `output` is too small, an S2N_ERR_T_USAGE error will occur.
+ * @param output The location that the requested raw string will be written to.
+ * @param output_size Output variable to be set to the actual size of the data
+ * written to `output`.
+ * @returns S2N_SUCCESS on success, S2N_FAILURE on failure.
+ */
+S2N_API int s2n_fingerprint_get_raw(struct s2n_fingerprint *fingerprint,
+        uint32_t max_output_size, uint8_t *output, uint32_t *output_size);
+
 /**
  * Calculates a fingerprint hash for a given ClientHello.
  *

bin/common.c

@@ -489,9 +489,15 @@ uint8_t unsafe_verify_host(const char *host_name, size_t host_name_len, void *da
         return (uint8_t) (strcasecmp(suffix, host_name + 1) == 0);
     }
 
-    if (strcasecmp(host_name, "localhost") == 0 || strcasecmp(host_name, "127.0.0.1") == 0) {
-        return (uint8_t) (strcasecmp(verify_data->trusted_host, "localhost") == 0
-                || strcasecmp(verify_data->trusted_host, "127.0.0.1") == 0);
+    /* If we're connecting to localhost, accept any values that represent localhost */
+    bool is_localhost = (strcasecmp(verify_data->trusted_host, "localhost") == 0);
+    is_localhost |= (strcasecmp(verify_data->trusted_host, "127.0.0.1") == 0);
+    if (is_localhost) {
+        bool match = (strcasecmp(host_name, "localhost") == 0);
+        match |= (strcasecmp(host_name, "127.0.0.1") == 0);
+        /* Some of our older test certificates use odd common names */
+        match |= (strcasecmp(host_name, "s2nTestServer") == 0);
+        return (uint8_t) match;
     }
 
     return (uint8_t) (strcasecmp(host_name, verify_data->trusted_host) == 0);

bin/s2nc.c

@@ -47,6 +47,28 @@
 #define OPT_SERIALIZE_OUT      1008
 #define OPT_DESERIALIZE_IN     1009
 
+/* This should match the final cert in the s2nd default_certificate_chain */
+const char default_trusted_cert[] =
+        "-----BEGIN CERTIFICATE-----"
+        "MIIC/jCCAeagAwIBAgIUFFjxpSf0mUsrVbyLPQhccDYfixowDQYJKoZIhvcNAQEL"
+        "BQAwFjEUMBIGA1UEAwwLczJuVGVzdFJvb3QwIBcNMjAwMTI0MDEwODIyWhgPMjEx"
+        "OTEyMzEwMTA4MjJaMBYxFDASBgNVBAMMC3MyblRlc3RSb290MIIBIjANBgkqhkiG"
+        "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3AaOAlkcxJHryCI9SfwB9q4PA53hv5tz4ZL"
+        "be37b69v58mfP+D18cWIBHUmkmN6gWWoWZ/9hv75pxcNXW0zPn7+wOVvXLUjtmkq"
+        "1IGT/mykhasw00viaBFAuBHZ5iLwfc4/cjUFAPVCKLmfv5Xs7TJVzWA/0mR4r1h8"
+        "uFqqXczkVMklIbsOIrlZXz8ifQs3DpFA2FeoziEh+Pcb4c3QBPgCHFDEGyTSdqo9"
+        "+NbS+iRlw0T6tqUOpC0DdKXo/3mJNBmy4XPahTi9zgsu7b+UVqemL7eXXf/iSr5y"
+        "iwJKJjz+N/rLpcF1VJtF8q0fpHagzljQaN7/emjg7BplUUyLawIDAQABo0IwQDAP"
+        "BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTDmXkyQEJ7ZciyE4KF7wAJKDxMfDAO"
+        "BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAFobyhsc7mYoGaA7N4Pp"
+        "it+MQZZNzWte5vWal/3/2V7ZGrJsgeCPwLblzzTmey85RilX6ovMQHEqT1vBFSHq"
+        "nntMZnHkEl2QLU8XopJWR4MXK7LzjjQYaXiZhGbJbtylVSfATAa/ZzdgjBx1C8aD"
+        "IM1+ELGCP/UHD0YEJkFoxSUwXGAXoV8I+cPDAWHC6VnC4mY8qubhx95FpX02ERnz"
+        "1Cw2YWtntyO8P52dEJD1+0EJjtVX4Bj5wwgJHHbDkPP1IzFrR/uBC2LCjtRY+UtZ"
+        "kfoDfWu2tslkLK7/LaC5qZyCPKnpPHLLz8gUWKlvbuejM99FTlBg/tcH+bv5x7WB"
+        "MZ8="
+        "-----END CERTIFICATE-----";
+
 /*
  * s2nc is an example client that uses many s2n-tls APIs.
  * It is intended for testing purposes only, and should not be used in production.
@@ -616,6 +638,8 @@ int main(int argc, char *const *argv)
             GUARD_EXIT(s2n_config_add_cert_chain_and_key_to_store(config, chain_and_key), "Error setting certificate/key");
         }
 
+        GUARD_EXIT(s2n_config_add_pem_to_trust_store(config, default_trusted_cert),
+                "Error adding default cert to trust store.");
         if (ca_file || ca_dir) {
             GUARD_EXIT(s2n_config_wipe_trust_store(config), "Error wiping trust store");
             if (s2n_config_set_verification_ca_location(config, ca_file, ca_dir) < 0) {

bindings/rust/Cargo.toml

@@ -4,6 +4,7 @@ members = [
     "s2n-tls",
     "s2n-tls-sys",
     "s2n-tls-tokio",
+    "s2n-tls-hyper",
 ]
 # generate can't be included in the workspace because of a bootstrapping problem
 # s2n-tls-sys/Cargo.toml (part of the workspace) is generated by

bindings/rust/s2n-tls-hyper/Cargo.toml

@@ -0,0 +1,25 @@
+[package]
+name = "s2n-tls-hyper"
+description = "A compatbility crate allowing s2n-tls to be used with the hyper HTTP library"
+version = "0.0.1"
+authors = ["AWS s2n"]
+edition = "2021"
+rust-version = "1.63.0"
+repository = "https://github.com/aws/s2n-tls"
+license = "Apache-2.0"
+
+[features]
+default = []
+
+[dependencies]
+s2n-tls = { version = "=0.2.9", path = "../s2n-tls" }
+s2n-tls-tokio = { version = "=0.2.9", path = "../s2n-tls-tokio" }
+hyper = { version = "1" }
+hyper-util = { version = "0.1", features = ["client-legacy", "tokio", "http1"] }
+tower-service = { version = "0.3" }
+http = { version= "1" }
+
+[dev-dependencies]
+tokio = { version = "1", features = ["macros", "test-util"] }
+http-body-util = "0.1"
+bytes = "1"

bindings/rust/s2n-tls-hyper/README.md

@@ -0,0 +1,3 @@
+`s2n-tls-hyper` provides compatibility structs for [hyper](https://hyper.rs/), allowing s2n-tls to be used as the underlying TLS implementation with hyper clients.
+
+This crate is currently being developed and is unstable.