1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _INET_KSSL_KSSLPROTO_H 27 #define _INET_KSSL_KSSLPROTO_H 28 29 #pragma ident "%Z%%M% %I% %E% SMI" 30 31 #ifdef __cplusplus 32 extern "C" { 33 #endif 34 35 #include <sys/types.h> 36 #include <sys/stream.h> 37 #include <sys/md5.h> 38 #include <sys/sha1.h> 39 #include <sys/crypto/common.h> 40 #include <sys/crypto/api.h> 41 #include <inet/kssl/kssl.h> /* Cipher suite definitions */ 42 #include <inet/kssl/ksslapi.h> 43 #include <inet/kssl/ksslimpl.h> 44 45 #define SSL3_RANDOM_LENGTH 32 46 #define SSL3_SESSIONID_BYTES 32 47 #define SSL3_HDR_LEN 5 48 #define SSL3_MAX_RECORD_LENGTH 16384 49 #define SSL3_PRE_MASTER_SECRET_LEN 48 50 #define SSL3_MASTER_SECRET_LEN 48 51 #define SSL3_MD5_PAD_LEN 48 52 #define SSL3_SHA1_PAD_LEN 40 53 54 #define SSL_MIN_CHALLENGE_BYTES 16 55 #define SSL_MAX_CHALLENGE_BYTES 32 56 57 #define SHA1_HASH_LEN 20 58 #define MD5_HASH_LEN 16 59 #define MAX_HASH_LEN SHA1_HASH_LEN 60 61 #define KSSL_READ 0 62 #define KSSL_WRITE 1 63 64 #define KSSL_ENCRYPT 0 65 #define KSSL_DECRYPT 1 66 67 #define MSG_INIT 0 68 #define MSG_INIT_LEN 1 69 #define MSG_BODY 2 70 71 /* 72 * More than enough for the cipher suite that needs the 73 * largest key material (AES_256_CBC_SHA needs 136 bytes). 74 */ 75 #define MAX_KEYBLOCK_LENGTH 160 76 77 #define TLS_MASTER_SECRET_LABEL "master secret" 78 #define TLS_CLIENT_WRITE_KEY_LABEL "client write key" 79 #define TLS_SERVER_WRITE_KEY_LABEL "server write key" 80 #define TLS_CLIENT_FINISHED_LABEL "client finished" 81 #define TLS_SERVER_FINISHED_LABEL "server finished" 82 #define TLS_KEY_EXPANSION_LABEL "key expansion" 83 #define TLS_IV_BLOCK_LABEL "IV block" 84 #define TLS_MAX_LABEL_SIZE 24 85 86 #define TLS_FINISHED_SIZE 12 87 88 /* 89 * The following constants try to insure an input buffer is optimally aligned 90 * for MAC hash computation. SHA1/MD5 code prefers 4 byte alignment of each 91 * 64byte input block to avoid a copy. Our goal is to reach 4 byte alignment 92 * starting form the 3rd MAC block (input buffer starts in the 3rd block). The 93 * 3rd block includes the first 53 (MD5 SSL3 MAC) or 57 (SHA1 SSL3 MAC) bytes 94 * of the input buffer. This means input buffer should start at offset 3 95 * within a 4 byte word so that its next block is 4 byte aligned. Since the 96 * SSL3 record header is 5 bytes long it should start at at offset 2 within a 97 * 4 byte word. To insure the next record (for buffers that don't fit into 1 98 * SSL3 record) also starts at offset 2 within a 4 byte word the previous 99 * record length should be 3 mod 8 since 5 + 3 mod 8 is 0 i.e. the next record 100 * starts at the same offset within a 4 byte word as the the previous record. 101 */ 102 #define SSL3_MAX_OPTIMAL_RECORD_LENGTH (SSL3_MAX_RECORD_LENGTH - 1) 103 #define SSL3_OPTIMAL_RECORD_ALIGNMENT 2 104 105 /* session state */ 106 typedef struct sslSessionIDStr { 107 uchar_t session_id[SSL3_SESSIONID_BYTES]; 108 uchar_t master_secret[SSL3_MASTER_SECRET_LEN]; 109 clock_t time; 110 ipaddr_t client_addr; 111 boolean_t cached; 112 uint16_t cipher_suite; 113 } sslSessionID; 114 115 /* An element of the session cache */ 116 typedef struct kssl_sid_ent { 117 kmutex_t se_lock; 118 uint64_t se_used; /* Counter to check hash distribution */ 119 sslSessionID se_sid; 120 uchar_t pad[2 * 64 - sizeof (kmutex_t) - sizeof (uint64_t) \ 121 - sizeof (sslSessionID)]; 122 } kssl_sid_ent_t; 123 124 typedef struct RC4ContextStr { 125 uchar_t i; 126 uchar_t j; 127 uchar_t S[256]; 128 } RC4Context; 129 130 typedef enum { 131 content_change_cipher_spec = 20, 132 content_alert = 21, 133 content_handshake = 22, 134 content_application_data = 23, 135 content_handshake_v2 = 128 136 } SSL3ContentType; 137 138 typedef enum { 139 hello_request = 0, 140 client_hello = 1, 141 server_hello = 2, 142 certificate = 11, 143 server_key_exchange = 12, 144 certificate_request = 13, 145 server_hello_done = 14, 146 certificate_verify = 15, 147 client_key_exchange = 16, 148 finished = 20 149 } SSL3HandshakeType; 150 151 typedef struct SSL3HandshakeMsgStr { 152 int state; 153 SSL3HandshakeType type; 154 int msglen; 155 int msglen_bytes; 156 mblk_t *head; 157 mblk_t *tail; 158 } SSL3HandshakeMsg; 159 160 typedef struct KSSLJOBStr { 161 struct ssl_s *ssl; 162 crypto_req_id_t kjob; 163 char *buf; 164 size_t buflen; 165 int status; 166 } KSSLJOB; 167 168 typedef struct KSSLMACJOBStr { 169 struct ssl_s *ssl; 170 buf_t *in; 171 buf_t *out; 172 uchar_t *rstart; 173 int rlen; 174 uint64_t seq; 175 SSL3ContentType ct; 176 uchar_t *digest; 177 int dir; 178 } KSSLMACJOB; 179 180 181 typedef struct { 182 uchar_t md5[MD5_HASH_LEN]; 183 uchar_t sha1[SHA1_HASH_LEN]; 184 uchar_t tlshash[TLS_FINISHED_SIZE]; 185 } SSL3Hashes; 186 187 typedef enum { 188 close_notify = 0, 189 unexpected_message = 10, 190 bad_record_mac = 20, 191 decompression_failure = 30, 192 handshake_failure = 40, 193 no_certificate = 41, 194 bad_certificate = 42, 195 unsupported_certificate = 43, 196 certificate_revoked = 44, 197 certificate_expired = 45, 198 certificate_unknown = 46, 199 illegal_parameter = 47, 200 unknown_ca = 48, 201 access_denied = 49, 202 decode_error = 50, 203 decrypt_error = 51, 204 export_restriction = 60, 205 protocol_version = 70, 206 insufficient_security = 71, 207 internal_error = 80, 208 user_canceled = 90, 209 no_renegotiation = 100 210 } SSL3AlertDescription; 211 212 typedef enum { 213 alert_warning = 1, 214 alert_fatal = 2 215 } SSL3AlertLevel; 216 217 typedef enum { 218 wait_client_hello = 0, 219 wait_client_key = 1, 220 wait_client_key_done = 2, 221 wait_change_cipher = 3, 222 wait_finished = 4, 223 idle_handshake = 5 224 } SSL3WaitState; 225 226 typedef enum { 227 sender_client = 0x434c4e54, 228 sender_server = 0x53525652 229 } SSL3Sender; 230 231 typedef enum { 232 mac_md5 = 0, 233 mac_sha = 1 234 } SSL3MACAlgorithm; 235 236 /* The SSL bulk cipher definition */ 237 typedef enum { 238 cipher_null = 0, 239 cipher_rc4 = 1, 240 cipher_des = 2, 241 cipher_3des = 3, 242 cipher_aes128 = 4, 243 cipher_aes256 = 5, 244 } SSL3BulkCipher; 245 246 typedef enum { type_stream = 0, type_block = 1 } CipherType; 247 248 typedef struct ssl3CipherSuiteDefStr { 249 uint16_t suite; 250 SSL3BulkCipher calg; 251 SSL3MACAlgorithm malg; 252 int keyblksz; 253 } ssl3CipherSuiteDef; 254 255 typedef void (*hashinit_func_t)(void *); 256 typedef void (*hashupdate_func_t)(void *, uchar_t *, uint32_t); 257 typedef void (*hashfinal_func_t)(uchar_t *, void *); 258 259 typedef struct KSSLMACDefStr { 260 int hashsz; 261 int padsz; 262 hashinit_func_t HashInit; 263 hashupdate_func_t HashUpdate; 264 hashfinal_func_t HashFinal; 265 } KSSLMACDef; 266 267 typedef struct KSSLCipherDefStr { 268 CipherType type; 269 int bsize; 270 int keysz; 271 crypto_mech_type_t mech_type; 272 } KSSLCipherDef; 273 274 typedef union KSSL_HASHCTXUnion { 275 SHA1_CTX sha; 276 MD5_CTX md5; 277 } KSSL_HASHCTX; 278 279 typedef struct KSSLCipherSpecStr { 280 int mac_hashsz; 281 int mac_padsz; 282 void (*MAC_HashInit)(void *); 283 void (*MAC_HashUpdate)(void *, uchar_t *, uint32_t); 284 void (*MAC_HashFinal)(uchar_t *, void *); 285 286 CipherType cipher_type; 287 int cipher_bsize; 288 int cipher_keysz; 289 290 crypto_mechanism_t cipher_mech; 291 crypto_mechanism_t hmac_mech; /* for TLS */ 292 crypto_key_t cipher_key; 293 crypto_key_t hmac_key; /* for TLS */ 294 295 crypto_context_t cipher_ctx; 296 crypto_data_t cipher_data; 297 298 } KSSLCipherSpec; 299 300 /* 301 * SSL connection state. This one hangs off of a tcp_t structure. 302 */ 303 typedef struct ssl_s { 304 kmutex_t kssl_lock; 305 struct kssl_entry_s *kssl_entry; 306 mblk_t *rec_ass_head; 307 mblk_t *rec_ass_tail; 308 uint_t kssl_refcnt; 309 ipaddr_t faddr; 310 uint32_t tcp_mss; 311 SSL3WaitState hs_waitstate; 312 boolean_t resumed; 313 boolean_t close_notify; 314 boolean_t fatal_alert; 315 boolean_t fatal_error; 316 boolean_t alert_sent; 317 boolean_t appdata_sent; 318 boolean_t activeinput; 319 SSL3AlertLevel sendalert_level; 320 SSL3AlertDescription sendalert_desc; 321 mblk_t *handshake_sendbuf; 322 mblk_t *alert_sendbuf; 323 kssl_callback_t cke_callback_func; 324 void *cke_callback_arg; 325 uint32_t macjobs_todo; 326 uint32_t macjobs_done; 327 uint16_t pending_cipher_suite; 328 SSL3MACAlgorithm pending_malg; 329 SSL3BulkCipher pending_calg; 330 int pending_keyblksz; 331 uint64_t seq_num[2]; 332 SSL3HandshakeMsg msg; 333 KSSLJOB job; 334 KSSLCipherSpec spec[2]; 335 uchar_t pending_keyblock[MAX_KEYBLOCK_LENGTH]; 336 uchar_t mac_secret[2][MAX_HASH_LEN]; 337 KSSL_HASHCTX mac_ctx[2][2]; /* inner 'n outer per dir */ 338 sslSessionID sid; 339 SHA1_CTX hs_sha1; 340 MD5_CTX hs_md5; 341 SSL3Hashes hs_hashes; 342 uchar_t client_random[SSL3_RANDOM_LENGTH]; 343 uchar_t server_random[SSL3_RANDOM_LENGTH]; 344 int sslcnt; 345 uchar_t major_version; 346 uchar_t minor_version; 347 } ssl_t; 348 349 #define IS_TLS(s) (s->major_version == 3 && s->minor_version == 1) 350 351 #define SSL3_REC_SIZE(mp) (uint8_t *)(mp)->b_rptr + 3 352 353 extern int kssl_spec_init(ssl_t *, int); 354 extern void kssl_send_alert(ssl_t *, SSL3AlertLevel, SSL3AlertDescription); 355 356 #ifdef __cplusplus 357 } 358 #endif 359 360 #endif /* _INET_KSSL_KSSLPROTO_H */ 361