1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25 #ifndef _INET_KSSL_KSSLPROTO_H 26 #define _INET_KSSL_KSSLPROTO_H 27 28 #ifdef __cplusplus 29 extern "C" { 30 #endif 31 32 #include <sys/types.h> 33 #include <sys/stream.h> 34 #include <sys/md5.h> 35 #include <sys/sha1.h> 36 #include <sys/crypto/common.h> 37 #include <sys/crypto/api.h> 38 #include <inet/kssl/kssl.h> /* Cipher suite definitions */ 39 #include <inet/kssl/ksslapi.h> 40 #include <inet/kssl/ksslimpl.h> 41 42 #define SSL3_RANDOM_LENGTH 32 43 #define SSL3_SESSIONID_BYTES 32 44 #define SSL3_HDR_LEN 5 45 #define SSL3_ALERT_LEN 2 46 #define SSL3_MAX_RECORD_LENGTH 16384 47 #define SSL3_PRE_MASTER_SECRET_LEN 48 48 #define SSL3_MASTER_SECRET_LEN 48 49 #define SSL3_MD5_PAD_LEN 48 50 #define SSL3_SHA1_PAD_LEN 40 51 52 #define SSL_MIN_CHALLENGE_BYTES 16 53 #define SSL_MAX_CHALLENGE_BYTES 32 54 55 #define SHA1_HASH_LEN 20 56 #define MD5_HASH_LEN 16 57 #define MAX_HASH_LEN SHA1_HASH_LEN 58 59 #define KSSL_READ 0 60 #define KSSL_WRITE 1 61 62 #define KSSL_ENCRYPT 0 63 #define KSSL_DECRYPT 1 64 65 #define MSG_INIT 0 66 #define MSG_INIT_LEN 1 67 #define MSG_BODY 2 68 69 /* 70 * More than enough for the cipher suite that needs the 71 * largest key material (AES_256_CBC_SHA needs 136 bytes). 72 */ 73 #define MAX_KEYBLOCK_LENGTH 160 74 75 #define TLS_MASTER_SECRET_LABEL "master secret" 76 #define TLS_CLIENT_WRITE_KEY_LABEL "client write key" 77 #define TLS_SERVER_WRITE_KEY_LABEL "server write key" 78 #define TLS_CLIENT_FINISHED_LABEL "client finished" 79 #define TLS_SERVER_FINISHED_LABEL "server finished" 80 #define TLS_KEY_EXPANSION_LABEL "key expansion" 81 #define TLS_IV_BLOCK_LABEL "IV block" 82 #define TLS_MAX_LABEL_SIZE 24 83 84 #define TLS_FINISHED_SIZE 12 85 86 /* 87 * The following constants try to insure an input buffer is optimally aligned 88 * for MAC hash computation. SHA1/MD5 code prefers 4 byte alignment of each 89 * 64byte input block to avoid a copy. Our goal is to reach 4 byte alignment 90 * starting form the 3rd MAC block (input buffer starts in the 3rd block). The 91 * 3rd block includes the first 53 (MD5 SSL3 MAC) or 57 (SHA1 SSL3 MAC) bytes 92 * of the input buffer. This means input buffer should start at offset 3 93 * within a 4 byte word so that its next block is 4 byte aligned. Since the 94 * SSL3 record header is 5 bytes long it should start at at offset 2 within a 95 * 4 byte word. To insure the next record (for buffers that don't fit into 1 96 * SSL3 record) also starts at offset 2 within a 4 byte word the previous 97 * record length should be 3 mod 8 since 5 + 3 mod 8 is 0 i.e. the next record 98 * starts at the same offset within a 4 byte word as the the previous record. 99 */ 100 #define SSL3_MAX_OPTIMAL_RECORD_LENGTH (SSL3_MAX_RECORD_LENGTH - 1) 101 #define SSL3_OPTIMAL_RECORD_ALIGNMENT 2 102 103 /* session state */ 104 typedef struct sslSessionIDStr { 105 uchar_t session_id[SSL3_SESSIONID_BYTES]; 106 uchar_t master_secret[SSL3_MASTER_SECRET_LEN]; 107 clock_t time; 108 in6_addr_t client_addr; 109 boolean_t cached; 110 uint16_t cipher_suite; 111 } sslSessionID; 112 113 /* An element of the session cache */ 114 typedef struct kssl_sid_ent { 115 kmutex_t se_lock; 116 uint64_t se_used; /* Counter to check hash distribution */ 117 sslSessionID se_sid; 118 } kssl_sid_ent_t; 119 120 typedef enum { 121 content_change_cipher_spec = 20, 122 content_alert = 21, 123 content_handshake = 22, 124 content_application_data = 23, 125 content_handshake_v2 = 128 126 } SSL3ContentType; 127 128 typedef enum { 129 hello_request = 0, 130 client_hello = 1, 131 server_hello = 2, 132 certificate = 11, 133 server_key_exchange = 12, 134 certificate_request = 13, 135 server_hello_done = 14, 136 certificate_verify = 15, 137 client_key_exchange = 16, 138 finished = 20 139 } SSL3HandshakeType; 140 141 typedef struct SSL3HandshakeMsgStr { 142 int state; 143 SSL3HandshakeType type; 144 int msglen; 145 int msglen_bytes; 146 mblk_t *head; 147 mblk_t *tail; 148 } SSL3HandshakeMsg; 149 150 typedef struct KSSLJOBStr { 151 struct ssl_s *ssl; 152 crypto_req_id_t kjob; 153 char *buf; 154 size_t buflen; 155 int status; 156 } KSSLJOB; 157 158 159 typedef struct { 160 uchar_t md5[MD5_HASH_LEN]; 161 uchar_t sha1[SHA1_HASH_LEN]; 162 uchar_t tlshash[TLS_FINISHED_SIZE]; 163 } SSL3Hashes; 164 165 typedef enum { 166 close_notify = 0, 167 unexpected_message = 10, 168 bad_record_mac = 20, 169 decompression_failure = 30, 170 handshake_failure = 40, 171 no_certificate = 41, 172 bad_certificate = 42, 173 unsupported_certificate = 43, 174 certificate_revoked = 44, 175 certificate_expired = 45, 176 certificate_unknown = 46, 177 illegal_parameter = 47, 178 unknown_ca = 48, 179 access_denied = 49, 180 decode_error = 50, 181 decrypt_error = 51, 182 export_restriction = 60, 183 protocol_version = 70, 184 insufficient_security = 71, 185 internal_error = 80, 186 user_canceled = 90, 187 no_renegotiation = 100 188 } SSL3AlertDescription; 189 190 typedef enum { 191 alert_warning = 1, 192 alert_fatal = 2 193 } SSL3AlertLevel; 194 195 typedef enum { 196 wait_client_hello = 0, 197 wait_client_key = 1, 198 wait_client_key_done = 2, 199 wait_change_cipher = 3, 200 wait_finished = 4, 201 idle_handshake = 5 202 } SSL3WaitState; 203 204 typedef enum { 205 sender_client = 0x434c4e54, 206 sender_server = 0x53525652 207 } SSL3Sender; 208 209 typedef enum { 210 mac_md5 = 0, 211 mac_sha = 1 212 } SSL3MACAlgorithm; 213 214 /* The SSL bulk cipher definition */ 215 typedef enum { 216 cipher_null = 0, 217 cipher_rc4 = 1, 218 cipher_des = 2, 219 cipher_3des = 3, 220 cipher_aes128 = 4, 221 cipher_aes256 = 5, 222 } SSL3BulkCipher; 223 224 typedef enum { type_stream = 0, type_block = 1 } CipherType; 225 226 typedef struct ssl3CipherSuiteDefStr { 227 uint16_t suite; 228 SSL3BulkCipher calg; 229 SSL3MACAlgorithm malg; 230 int keyblksz; 231 } ssl3CipherSuiteDef; 232 233 typedef void (*hashinit_func_t)(void *); 234 typedef void (*hashupdate_func_t)(void *, uchar_t *, uint32_t); 235 typedef void (*hashfinal_func_t)(uchar_t *, void *); 236 237 typedef struct KSSLMACDefStr { 238 int hashsz; 239 int padsz; 240 hashinit_func_t HashInit; 241 hashupdate_func_t HashUpdate; 242 hashfinal_func_t HashFinal; 243 } KSSLMACDef; 244 245 typedef struct KSSLCipherDefStr { 246 CipherType type; 247 int bsize; 248 int keysz; 249 crypto_mech_type_t mech_type; 250 } KSSLCipherDef; 251 252 typedef union KSSL_HASHCTXUnion { 253 SHA1_CTX sha; 254 MD5_CTX md5; 255 } KSSL_HASHCTX; 256 257 typedef struct KSSLCipherSpecStr { 258 int mac_hashsz; 259 int mac_padsz; 260 void (*MAC_HashInit)(void *); 261 void (*MAC_HashUpdate)(void *, uchar_t *, uint32_t); 262 void (*MAC_HashFinal)(uchar_t *, void *); 263 264 CipherType cipher_type; 265 int cipher_bsize; 266 int cipher_keysz; 267 268 crypto_mechanism_t cipher_mech; 269 crypto_mechanism_t hmac_mech; /* for TLS */ 270 crypto_key_t cipher_key; 271 crypto_key_t hmac_key; /* for TLS */ 272 273 crypto_context_t cipher_ctx; 274 crypto_data_t cipher_data; 275 276 } KSSLCipherSpec; 277 278 /* 279 * SSL connection state. This one hangs off of a ksslf_t structure. 280 */ 281 typedef struct ssl_s { 282 kmutex_t kssl_lock; 283 struct kssl_entry_s *kssl_entry; 284 mblk_t *rec_ass_head; 285 mblk_t *rec_ass_tail; 286 in6_addr_t faddr; 287 uint32_t tcp_mss; 288 SSL3WaitState hs_waitstate; 289 boolean_t resumed; 290 boolean_t close_notify_clnt; 291 boolean_t close_notify_srvr; 292 boolean_t fatal_alert; 293 boolean_t fatal_error; 294 boolean_t alert_sent; 295 boolean_t appdata_sent; 296 boolean_t activeinput; 297 SSL3AlertLevel sendalert_level; 298 SSL3AlertDescription sendalert_desc; 299 mblk_t *handshake_sendbuf; 300 mblk_t *alert_sendbuf; 301 kssl_callback_t cke_callback_func; 302 void *cke_callback_arg; 303 uint16_t pending_cipher_suite; 304 SSL3MACAlgorithm pending_malg; 305 SSL3BulkCipher pending_calg; 306 int pending_keyblksz; 307 uint64_t seq_num[2]; 308 SSL3HandshakeMsg msg; 309 KSSLJOB job; 310 KSSLCipherSpec spec[2]; 311 uchar_t pending_keyblock[MAX_KEYBLOCK_LENGTH]; 312 uchar_t mac_secret[2][MAX_HASH_LEN]; 313 KSSL_HASHCTX mac_ctx[2][2]; /* inner 'n outer per dir */ 314 sslSessionID sid; 315 SHA1_CTX hs_sha1; 316 MD5_CTX hs_md5; 317 SSL3Hashes hs_hashes; 318 uchar_t client_random[SSL3_RANDOM_LENGTH]; 319 uchar_t server_random[SSL3_RANDOM_LENGTH]; 320 int sslcnt; 321 uchar_t major_version; 322 uchar_t minor_version; 323 boolean_t secure_renegotiation; 324 uint_t async_ops_pending; 325 kcondvar_t async_cv; 326 } ssl_t; 327 328 #define IS_TLS(s) (s->major_version == 3 && s->minor_version == 1) 329 330 #define SSL3_REC_SIZE(mp) (uint8_t *)(mp)->b_rptr + 3 331 332 extern int kssl_spec_init(ssl_t *, int); 333 extern void kssl_send_alert(ssl_t *, SSL3AlertLevel, SSL3AlertDescription); 334 335 #ifdef __cplusplus 336 } 337 #endif 338 339 #endif /* _INET_KSSL_KSSLPROTO_H */ 340