Fix/add security policy validation checks

error/s2n_errno.c

@@ -58,6 +58,7 @@ static const char *no_such_error = "Internal s2n error";
     ERR_ENTRY(S2N_ERR_ENCRYPT, "error encrypting data") \
     ERR_ENTRY(S2N_ERR_DECRYPT, "error decrypting data") \
     ERR_ENTRY(S2N_ERR_BAD_MESSAGE, "Bad message encountered") \
+    ERR_ENTRY(S2N_ERR_ILLEGAL_PARAMETER, "Illegal parameter in handshake message") \
     ERR_ENTRY(S2N_ERR_KEY_INIT, "error initializing encryption key") \
     ERR_ENTRY(S2N_ERR_KEY_DESTROY, "error destroying encryption key") \
     ERR_ENTRY(S2N_ERR_DH_SERIALIZING, "error serializing Diffie-Hellman parameters") \

error/s2n_errno.h

@@ -71,6 +71,7 @@ typedef enum {
     S2N_ERR_ENCRYPT = S2N_ERR_T_PROTO_START,
     S2N_ERR_DECRYPT,
     S2N_ERR_BAD_MESSAGE,
+    S2N_ERR_ILLEGAL_PARAMETER,
     S2N_ERR_UNEXPECTED_CERT_REQUEST,
     S2N_ERR_MISSING_CERT_REQUEST,
     S2N_ERR_MISSING_CLIENT_CERT,

tls/s2n_alerts.c

@@ -45,13 +45,12 @@ static S2N_RESULT s2n_translate_protocol_error_to_alert(int error_code, uint8_t
         S2N_ALERT_CASE(S2N_ERR_NO_VALID_SIGNATURE_SCHEME, S2N_TLS_ALERT_HANDSHAKE_FAILURE);
         S2N_ALERT_CASE(S2N_ERR_MISSING_CLIENT_CERT, S2N_TLS_ALERT_CERTIFICATE_REQUIRED);
 
-        /* TODO: The ERR_BAD_MESSAGE -> ALERT_UNEXPECTED_MESSAGE mapping
-         * isn't always correct. Sometimes s2n-tls uses ERR_BAD_MESSAGE
-         * to indicate S2N_TLS_ALERT_ILLEGAL_PARAMETER instead.
-         * We'll want to add a new error to distinguish between the two usages:
-         * our errors should be equally or more specific than alerts, not less.
+        /* S2N_ERR_BAD_MESSAGE maps to UNEXPECTED_MESSAGE for protocol violations
+         * where an unexpected message type was received. S2N_ERR_ILLEGAL_PARAMETER
+         * maps to ILLEGAL_PARAMETER for cases where a message has invalid content.
          */
         S2N_ALERT_CASE(S2N_ERR_BAD_MESSAGE, S2N_TLS_ALERT_UNEXPECTED_MESSAGE);
+        S2N_ALERT_CASE(S2N_ERR_ILLEGAL_PARAMETER, S2N_TLS_ALERT_ILLEGAL_PARAMETER);
         S2N_ALERT_CASE(S2N_ERR_UNEXPECTED_CERT_REQUEST, S2N_TLS_ALERT_UNEXPECTED_MESSAGE);
         S2N_ALERT_CASE(S2N_ERR_MISSING_CERT_REQUEST, S2N_TLS_ALERT_UNEXPECTED_MESSAGE);
 
@@ -112,7 +111,8 @@ static S2N_RESULT s2n_translate_protocol_error_to_alert(int error_code, uint8_t
         S2N_ALERT_CASE(S2N_ERR_CERT_INVALID, S2N_TLS_ALERT_BAD_CERTIFICATE);
         S2N_ALERT_CASE(S2N_ERR_DECODE_CERTIFICATE, S2N_TLS_ALERT_BAD_CERTIFICATE);
 
-        /* TODO: Add mappings for other protocol errors.
+        /* The following errors are internal/cryptographic errors that don't have
+         * corresponding TLS alert codes. They result in a generic internal_error alert.
          */
         S2N_NO_ALERT(S2N_ERR_ENCRYPT);
         S2N_NO_ALERT(S2N_ERR_DECRYPT);

tls/s2n_security_policies.c

@@ -1866,6 +1866,44 @@ int s2n_validate_kem_preferences(const struct s2n_kem_preferences *kem_preferenc
     return S2N_SUCCESS;
 }
 
+int s2n_validate_cipher_preferences(const struct s2n_cipher_preferences *cipher_preferences)
+{
+    POSIX_ENSURE_REF(cipher_preferences);
+    /* checks to assert that the count is 0 */
+    /* iff */
+    /* the associated list is null */
+    POSIX_ENSURE(S2N_IFF(cipher_preferences->count==0, cipher_preferences->suites==NULL),
+            S2N_ERR_INVALID_SECURITY_POLICY);
+
+    return S2N_SUCCESS;
+}
+
+int s2n_validate_signature_preferences(const struct s2n_signature_preferences *signature_preferences)
+{
+    POSIX_ENSURE_REF(signature_preferences);
+
+    /* checks to assert that the count is 0 */
+    /* iff */
+    /* the associated list is null */
+    POSIX_ENSURE(S2N_IFF(signature_preferences->count == 0, signature_preferences->signature_schemes == NULL),
+            S2N_ERR_INVALID_SECURITY_POLICY);
+
+    return S2N_SUCCESS;
+}
+
+int s2n_validate_ecc_preferences(const struct s2n_ecc_preferences *ecc_preferences)
+{
+    POSIX_ENSURE_REF(ecc_preferences);
+
+    /* checks to assert that the count is 0 */
+    /* iff */
+    /* the associated list is null */
+    POSIX_ENSURE(S2N_IFF(ecc_preferences->count == 0, ecc_preferences->ecc_curves == NULL),
+            S2N_ERR_INVALID_SECURITY_POLICY);
+
+    return S2N_SUCCESS;
+}
+
 S2N_RESULT s2n_validate_certificate_signature_preferences(const struct s2n_signature_preferences *certificate_signature_preferences)
 {
     RESULT_ENSURE_REF(certificate_signature_preferences);

tls/s2n_security_policies.h

@@ -281,6 +281,9 @@ bool s2n_ecc_is_extension_required(const struct s2n_security_policy *security_po
 bool s2n_pq_kem_is_extension_required(const struct s2n_security_policy *security_policy);
 bool s2n_security_policy_supports_tls13(const struct s2n_security_policy *security_policy);
 int s2n_find_security_policy_from_version(const char *version, const struct s2n_security_policy **security_policy);
+int s2n_validate_cipher_preferences(const struct s2n_cipher_preferences *cipher_preferences);
+int s2n_validate_signature_preferences(const struct s2n_signature_preferences *signature_preferences);
+int s2n_validate_ecc_preferences(const struct s2n_ecc_preferences *ecc_preferences);
 int s2n_validate_kem_preferences(const struct s2n_kem_preferences *kem_preferences, bool pq_kem_extension_required);
 S2N_RESULT s2n_validate_certificate_signature_preferences(const struct s2n_signature_preferences *s2n_certificate_signature_preferences);
 S2N_RESULT s2n_security_policy_get_version(const struct s2n_security_policy *security_policy,