feat: add custom critical extension support (#5321)

Author: CarolYeh910

.gitmodules

@@ -1,3 +1,4 @@
 [submodule "tests/cbmc/aws-verification-model-for-libcrypto"]
 	path = tests/cbmc/aws-verification-model-for-libcrypto
-	url = https://github.com/awslabs/aws-verification-model-for-libcrypto.git
+	url = https://github.com/goatgoose/aws-verification-model-for-libcrypto.git
+    branch = cbmc-test

api/unstable/custom_x509_extensions.h

@@ -0,0 +1,53 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+#pragma once
+
+#include <s2n.h>
+
+/**
+ * @file custom_x509_extensions.h
+ *
+ * The following API enables applications to configure custom x509 critical extensions unknown to s2n-tls.
+ * s2n-tls will ignore these extensions during certificate validation. Applications MUST validate their 
+ * custom critical extensions in the cert validation callback or after the handshake.
+ */
+
+/**
+ * Specify a custom critical extension to be ignored during certificate validation.
+ * 
+ * By default, s2n-tls will reject received certificates with unknown critical extensions. Calling 
+ * s2n_config_add_custom_x509_extension will mark the given extension_oid as known and handled.
+ * This allows applications to provide their own validation for certificate extensions unknown to s2n-tls.
+ * 
+ * This API adds a single custom critical extension to the config at a time.
+ * 
+ * Libcrypto Requirement: AWS-LC >= 1.51.0
+ * 
+ * # Safety
+ * 
+ * RFC 5280 indicates that certificate extensions are to be marked critical when validators MUST
+ * understand the extension in order to safely determine the certificate's validity. As such, s2n-tls
+ * assumes that this validation is performed by the application. Applications MUST implement this
+ * validation for all provided certificate extensions outside of s2n-tls. The `s2n_cert_validation_callback`
+ * can be used for this purpose. An alternative is to wait until after the handshake completes,
+ * but before any application data is sent or accepted.
+ *
+ * @param config The configuration object being updated
+ * @param extension_oid The pointer to a custom critical extension OID
+ * @param extension_oid_len The length of the extension OID
+ * @returns S2N_SUCCESS on success. S2N_FAILURE on failure
+ */
+S2N_API extern int s2n_config_add_custom_x509_extension(struct s2n_config *config, uint8_t *extension_oid, uint32_t extension_oid_len);

bindings/rust/extended/s2n-tls-sys/Cargo.toml

@@ -34,6 +34,7 @@ stacktrace = []
 unstable-cert_authorities = []
 unstable-cleanup = []
 unstable-crl = []
+unstable-custom_x509_extensions = []
 unstable-fingerprint = []
 unstable-ktls = []
 unstable-npn = []

crypto/s2n_libcrypto.c

@@ -235,3 +235,12 @@ bool s2n_libcrypto_supports_providers(void)
     return false;
 #endif
 }
+
+bool s2n_libcrypto_supports_custom_oid(void)
+{
+#if S2N_LIBCRYPTO_SUPPORTS_CUSTOM_OID
+    return true;
+#else
+    return false;
+#endif
+}

crypto/s2n_libcrypto.h

@@ -29,3 +29,4 @@ S2N_RESULT s2n_libcrypto_validate_runtime(void);
 const char *s2n_libcrypto_get_version_name(void);
 bool s2n_libcrypto_supports_flag_no_check_time(void);
 bool s2n_libcrypto_supports_providers(void);
+bool s2n_libcrypto_supports_custom_oid(void);

error/s2n_errno.c

@@ -105,6 +105,7 @@ static const char *no_such_error = "Internal s2n error";
     ERR_ENTRY(S2N_ERR_CERT_INVALID, "Certificate is invalid") \
     ERR_ENTRY(S2N_ERR_CERT_MAX_CHAIN_DEPTH_EXCEEDED, "The maximum certificate chain depth has been exceeded") \
     ERR_ENTRY(S2N_ERR_CERT_REJECTED, "Certificate failed custom application validation") \
+    ERR_ENTRY(S2N_ERR_CERT_UNHANDLED_CRITICAL_EXTENSION, "Unhandled critical certificate extension") \
     ERR_ENTRY(S2N_ERR_SECURITY_POLICY_INCOMPATIBLE_CERT, "Incompatibility found between loaded certificates and chosen security policy") \
     ERR_ENTRY(S2N_ERR_CRL_LOOKUP_FAILED, "No CRL could be found for the corresponding certificate") \
     ERR_ENTRY(S2N_ERR_CRL_SIGNATURE, "The signature of the CRL is invalid") \

error/s2n_errno.h

@@ -122,6 +122,7 @@ typedef enum {
     S2N_ERR_CERT_INVALID,
     S2N_ERR_CERT_MAX_CHAIN_DEPTH_EXCEEDED,
     S2N_ERR_CERT_REJECTED,
+    S2N_ERR_CERT_UNHANDLED_CRITICAL_EXTENSION,
     S2N_ERR_CRL_LOOKUP_FAILED,
     S2N_ERR_CRL_SIGNATURE,
     S2N_ERR_CRL_ISSUER,

tests/cbmc/aws-verification-model-for-libcrypto

@@ -0,0 +1,31 @@
+/*
+* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*
+* Licensed under the Apache License, Version 2.0 (the "License").
+* You may not use this file except in compliance with the License.
+* A copy of the License is located at
+*
+*  http://aws.amazon.com/apache2.0
+*
+* or in the "license" file accompanying this file. This file is distributed
+* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+* express or implied. See the License for the specific language governing
+* permissions and limitations under the License.
+*/
+
+#include <openssl/x509.h>
+
+static int verify_custom_crit_oids_cb(X509_STORE_CTX *ctx, X509 *x509, STACK_OF(ASN1_OBJECT) *oids) {
+    return 1;
+}
+
+int main()
+{
+    ASN1_OBJECT *critical_oid = NULL;
+    X509_STORE_CTX *store_ctx = NULL;
+
+    X509_STORE_CTX_add_custom_crit_oid(store_ctx, critical_oid);
+    X509_STORE_CTX_set_verify_crit_oids(store_ctx, verify_custom_crit_oids_cb);
+
+    return 0;
+}