1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _INET_KSSL_KSSLPROTO_H 28 #define _INET_KSSL_KSSLPROTO_H 29 30 #pragma ident "%Z%%M% %I% %E% SMI" 31 32 #ifdef __cplusplus 33 extern "C" { 34 #endif 35 36 #include <sys/types.h> 37 #include <sys/stream.h> 38 #include <sys/md5.h> 39 #include <sys/sha1.h> 40 #include <sys/crypto/common.h> 41 #include <sys/crypto/api.h> 42 #include <inet/kssl/kssl.h> /* Cipher suite definitions */ 43 #include <inet/kssl/ksslapi.h> 44 #include <inet/kssl/ksslimpl.h> 45 46 #define SSL3_RANDOM_LENGTH 32 47 #define SSL3_SESSIONID_BYTES 32 48 #define SSL3_HDR_LEN 5 49 #define SSL3_MAX_RECORD_LENGTH 16384 50 #define SSL3_PRE_MASTER_SECRET_LEN 48 51 #define SSL3_MASTER_SECRET_LEN 48 52 #define SSL3_MD5_PAD_LEN 48 53 #define SSL3_SHA1_PAD_LEN 40 54 55 #define SSL_MIN_CHALLENGE_BYTES 16 56 #define SSL_MAX_CHALLENGE_BYTES 32 57 58 #define SHA1_HASH_LEN 20 59 #define MD5_HASH_LEN 16 60 #define MAX_HASH_LEN SHA1_HASH_LEN 61 62 #define KSSL_READ 0 63 #define KSSL_WRITE 1 64 65 #define KSSL_ENCRYPT 0 66 #define KSSL_DECRYPT 1 67 68 #define MSG_INIT 0 69 #define MSG_INIT_LEN 1 70 #define MSG_BODY 2 71 72 #define MAX_KEYBLOCK_LENGTH 112 73 74 #define TLS_MASTER_SECRET_LABEL "master secret" 75 #define TLS_CLIENT_WRITE_KEY_LABEL "client write key" 76 #define TLS_SERVER_WRITE_KEY_LABEL "server write key" 77 #define TLS_CLIENT_FINISHED_LABEL "client finished" 78 #define TLS_SERVER_FINISHED_LABEL "server finished" 79 #define TLS_KEY_EXPANSION_LABEL "key expansion" 80 #define TLS_IV_BLOCK_LABEL "IV block" 81 #define TLS_MAX_LABEL_SIZE 24 82 83 #define TLS_FINISHED_SIZE 12 84 85 /* 86 * The following constants try to insure an input buffer is optimally aligned 87 * for MAC hash computation. SHA1/MD5 code prefers 4 byte alignment of each 88 * 64byte input block to avoid a copy. Our goal is to reach 4 byte alignment 89 * starting form the 3rd MAC block (input buffer starts in the 3rd block). The 90 * 3rd block includes the first 53 (MD5 SSL3 MAC) or 57 (SHA1 SSL3 MAC) bytes 91 * of the input buffer. This means input buffer should start at offset 3 92 * within a 4 byte word so that its next block is 4 byte aligned. Since the 93 * SSL3 record header is 5 bytes long it should start at at offset 2 within a 94 * 4 byte word. To insure the next record (for buffers that don't fit into 1 95 * SSL3 record) also starts at offset 2 within a 4 byte word the previous 96 * record length should be 3 mod 8 since 5 + 3 mod 8 is 0 i.e. the next record 97 * starts at the same offset within a 4 byte word as the the previous record. 98 */ 99 #define SSL3_MAX_OPTIMAL_RECORD_LENGTH (SSL3_MAX_RECORD_LENGTH - 1) 100 #define SSL3_OPTIMAL_RECORD_ALIGNMENT 2 101 102 /* session state */ 103 typedef struct sslSessionIDStr { 104 uchar_t session_id[SSL3_SESSIONID_BYTES]; 105 uchar_t master_secret[SSL3_MASTER_SECRET_LEN]; 106 clock_t time; 107 ipaddr_t client_addr; 108 boolean_t cached; 109 uint16_t cipher_suite; 110 } sslSessionID; 111 112 /* An element of the session cache */ 113 typedef struct kssl_sid_ent { 114 kmutex_t se_lock; 115 uint64_t se_used; /* Counter to check hash distribution */ 116 sslSessionID se_sid; 117 uchar_t pad[2 * 64 - sizeof (kmutex_t) - sizeof (uint64_t) \ 118 - sizeof (sslSessionID)]; 119 } kssl_sid_ent_t; 120 121 typedef struct RC4ContextStr { 122 uchar_t i; 123 uchar_t j; 124 uchar_t S[256]; 125 } RC4Context; 126 127 typedef enum { 128 content_change_cipher_spec = 20, 129 content_alert = 21, 130 content_handshake = 22, 131 content_application_data = 23, 132 content_handshake_v2 = 128 133 } SSL3ContentType; 134 135 typedef enum { 136 hello_request = 0, 137 client_hello = 1, 138 server_hello = 2, 139 certificate = 11, 140 server_key_exchange = 12, 141 certificate_request = 13, 142 server_hello_done = 14, 143 certificate_verify = 15, 144 client_key_exchange = 16, 145 finished = 20 146 } SSL3HandshakeType; 147 148 typedef struct SSL3HandshakeMsgStr { 149 int state; 150 SSL3HandshakeType type; 151 int msglen; 152 int msglen_bytes; 153 mblk_t *head; 154 mblk_t *tail; 155 } SSL3HandshakeMsg; 156 157 typedef struct KSSLJOBStr { 158 struct ssl_s *ssl; 159 crypto_req_id_t kjob; 160 char *buf; 161 size_t buflen; 162 int status; 163 } KSSLJOB; 164 165 typedef struct KSSLMACJOBStr { 166 struct ssl_s *ssl; 167 buf_t *in; 168 buf_t *out; 169 uchar_t *rstart; 170 int rlen; 171 uint64_t seq; 172 SSL3ContentType ct; 173 uchar_t *digest; 174 int dir; 175 } KSSLMACJOB; 176 177 178 typedef struct { 179 uchar_t md5[MD5_HASH_LEN]; 180 uchar_t sha1[SHA1_HASH_LEN]; 181 uchar_t tlshash[TLS_FINISHED_SIZE]; 182 } SSL3Hashes; 183 184 typedef enum { 185 close_notify = 0, 186 unexpected_message = 10, 187 bad_record_mac = 20, 188 decompression_failure = 30, 189 handshake_failure = 40, 190 no_certificate = 41, 191 bad_certificate = 42, 192 unsupported_certificate = 43, 193 certificate_revoked = 44, 194 certificate_expired = 45, 195 certificate_unknown = 46, 196 illegal_parameter = 47, 197 unknown_ca = 48, 198 access_denied = 49, 199 decode_error = 50, 200 decrypt_error = 51, 201 export_restriction = 60, 202 protocol_version = 70, 203 insufficient_security = 71, 204 internal_error = 80, 205 user_canceled = 90, 206 no_renegotiation = 100 207 } SSL3AlertDescription; 208 209 typedef enum { 210 alert_warning = 1, 211 alert_fatal = 2 212 } SSL3AlertLevel; 213 214 typedef enum { 215 wait_client_hello = 0, 216 wait_client_key = 1, 217 wait_client_key_done = 2, 218 wait_change_cipher = 3, 219 wait_finished = 4, 220 idle_handshake = 5 221 } SSL3WaitState; 222 223 typedef enum { 224 sender_client = 0x434c4e54, 225 sender_server = 0x53525652 226 } SSL3Sender; 227 228 typedef enum { 229 mac_md5 = 0, 230 mac_sha = 1 231 } SSL3MACAlgorithm; 232 233 /* The SSL bulk cipher definition */ 234 typedef enum { 235 cipher_null = 0, 236 cipher_rc4 = 1, 237 cipher_des = 2, 238 cipher_3des = 3 239 } SSL3BulkCipher; 240 241 typedef enum { type_stream = 0, type_block = 1 } CipherType; 242 243 typedef struct ssl3CipherSuiteDefStr { 244 uint16_t suite; 245 SSL3BulkCipher calg; 246 SSL3MACAlgorithm malg; 247 int keyblksz; 248 } ssl3CipherSuiteDef; 249 250 typedef void (*hashinit_func_t)(void *); 251 typedef void (*hashupdate_func_t)(void *, uchar_t *, uint32_t); 252 typedef void (*hashfinal_func_t)(uchar_t *, void *); 253 254 typedef struct KSSLMACDefStr { 255 int hashsz; 256 int padsz; 257 hashinit_func_t HashInit; 258 hashupdate_func_t HashUpdate; 259 hashfinal_func_t HashFinal; 260 } KSSLMACDef; 261 262 typedef struct KSSLCipherDefStr { 263 CipherType type; 264 int bsize; 265 int keysz; 266 crypto_mech_type_t mech_type; 267 } KSSLCipherDef; 268 269 typedef union KSSL_HASHCTXUnion { 270 SHA1_CTX sha; 271 MD5_CTX md5; 272 } KSSL_HASHCTX; 273 274 typedef struct KSSLCipherSpecStr { 275 int mac_hashsz; 276 int mac_padsz; 277 void (*MAC_HashInit)(void *); 278 void (*MAC_HashUpdate)(void *, uchar_t *, uint32_t); 279 void (*MAC_HashFinal)(uchar_t *, void *); 280 281 CipherType cipher_type; 282 int cipher_bsize; 283 int cipher_keysz; 284 285 crypto_mechanism_t cipher_mech; 286 crypto_mechanism_t hmac_mech; /* for TLS */ 287 crypto_key_t cipher_key; 288 crypto_key_t hmac_key; /* for TLS */ 289 290 crypto_context_t cipher_ctx; 291 crypto_data_t cipher_data; 292 293 } KSSLCipherSpec; 294 295 /* 296 * SSL connection state. This one hangs off of a tcp_t structure. 297 */ 298 typedef struct ssl_s { 299 kmutex_t kssl_lock; 300 struct kssl_entry_s *kssl_entry; 301 mblk_t *rec_ass_head; 302 mblk_t *rec_ass_tail; 303 uint_t kssl_refcnt; 304 ipaddr_t faddr; 305 uint32_t tcp_mss; 306 SSL3WaitState hs_waitstate; 307 boolean_t resumed; 308 boolean_t close_notify; 309 boolean_t fatal_alert; 310 boolean_t fatal_error; 311 boolean_t alert_sent; 312 boolean_t appdata_sent; 313 boolean_t activeinput; 314 SSL3AlertLevel sendalert_level; 315 SSL3AlertDescription sendalert_desc; 316 mblk_t *handshake_sendbuf; 317 mblk_t *alert_sendbuf; 318 kssl_callback_t cke_callback_func; 319 void *cke_callback_arg; 320 uint32_t macjobs_todo; 321 uint32_t macjobs_done; 322 uint16_t pending_cipher_suite; 323 SSL3MACAlgorithm pending_malg; 324 SSL3BulkCipher pending_calg; 325 int pending_keyblksz; 326 uint64_t seq_num[2]; 327 SSL3HandshakeMsg msg; 328 KSSLJOB job; 329 KSSLCipherSpec spec[2]; 330 uchar_t pending_keyblock[MAX_KEYBLOCK_LENGTH]; 331 uchar_t mac_secret[2][MAX_HASH_LEN]; 332 KSSL_HASHCTX mac_ctx[2][2]; /* inner 'n outer per dir */ 333 sslSessionID sid; 334 SHA1_CTX hs_sha1; 335 MD5_CTX hs_md5; 336 SSL3Hashes hs_hashes; 337 uchar_t client_random[SSL3_RANDOM_LENGTH]; 338 uchar_t server_random[SSL3_RANDOM_LENGTH]; 339 int sslcnt; 340 uchar_t major_version; 341 uchar_t minor_version; 342 } ssl_t; 343 344 #define IS_TLS(s) (s->major_version == 3 && s->minor_version == 1) 345 346 #define SSL3_REC_SIZE(mp) (uint8_t *)(mp)->b_rptr + 3 347 348 extern int kssl_spec_init(ssl_t *, int); 349 extern void kssl_send_alert(ssl_t *, SSL3AlertLevel, SSL3AlertDescription); 350 351 #ifdef __cplusplus 352 } 353 #endif 354 355 #endif /* _INET_KSSL_KSSLPROTO_H */ 356