1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25 #ifndef _INET_KSSL_KSSLPROTO_H 26 #define _INET_KSSL_KSSLPROTO_H 27 28 #ifdef __cplusplus 29 extern "C" { 30 #endif 31 32 #include <sys/types.h> 33 #include <sys/stream.h> 34 #include <sys/md5.h> 35 #include <sys/sha1.h> 36 #include <sys/crypto/common.h> 37 #include <sys/crypto/api.h> 38 #include <inet/kssl/kssl.h> /* Cipher suite definitions */ 39 #include <inet/kssl/ksslapi.h> 40 #include <inet/kssl/ksslimpl.h> 41 42 #define SSL3_RANDOM_LENGTH 32 43 #define SSL3_SESSIONID_BYTES 32 44 #define SSL3_HDR_LEN 5 45 #define SSL3_MAX_RECORD_LENGTH 16384 46 #define SSL3_PRE_MASTER_SECRET_LEN 48 47 #define SSL3_MASTER_SECRET_LEN 48 48 #define SSL3_MD5_PAD_LEN 48 49 #define SSL3_SHA1_PAD_LEN 40 50 51 #define SSL_MIN_CHALLENGE_BYTES 16 52 #define SSL_MAX_CHALLENGE_BYTES 32 53 54 #define SHA1_HASH_LEN 20 55 #define MD5_HASH_LEN 16 56 #define MAX_HASH_LEN SHA1_HASH_LEN 57 58 #define KSSL_READ 0 59 #define KSSL_WRITE 1 60 61 #define KSSL_ENCRYPT 0 62 #define KSSL_DECRYPT 1 63 64 #define MSG_INIT 0 65 #define MSG_INIT_LEN 1 66 #define MSG_BODY 2 67 68 /* 69 * More than enough for the cipher suite that needs the 70 * largest key material (AES_256_CBC_SHA needs 136 bytes). 71 */ 72 #define MAX_KEYBLOCK_LENGTH 160 73 74 #define TLS_MASTER_SECRET_LABEL "master secret" 75 #define TLS_CLIENT_WRITE_KEY_LABEL "client write key" 76 #define TLS_SERVER_WRITE_KEY_LABEL "server write key" 77 #define TLS_CLIENT_FINISHED_LABEL "client finished" 78 #define TLS_SERVER_FINISHED_LABEL "server finished" 79 #define TLS_KEY_EXPANSION_LABEL "key expansion" 80 #define TLS_IV_BLOCK_LABEL "IV block" 81 #define TLS_MAX_LABEL_SIZE 24 82 83 #define TLS_FINISHED_SIZE 12 84 85 /* 86 * The following constants try to insure an input buffer is optimally aligned 87 * for MAC hash computation. SHA1/MD5 code prefers 4 byte alignment of each 88 * 64byte input block to avoid a copy. Our goal is to reach 4 byte alignment 89 * starting form the 3rd MAC block (input buffer starts in the 3rd block). The 90 * 3rd block includes the first 53 (MD5 SSL3 MAC) or 57 (SHA1 SSL3 MAC) bytes 91 * of the input buffer. This means input buffer should start at offset 3 92 * within a 4 byte word so that its next block is 4 byte aligned. Since the 93 * SSL3 record header is 5 bytes long it should start at at offset 2 within a 94 * 4 byte word. To insure the next record (for buffers that don't fit into 1 95 * SSL3 record) also starts at offset 2 within a 4 byte word the previous 96 * record length should be 3 mod 8 since 5 + 3 mod 8 is 0 i.e. the next record 97 * starts at the same offset within a 4 byte word as the the previous record. 98 */ 99 #define SSL3_MAX_OPTIMAL_RECORD_LENGTH (SSL3_MAX_RECORD_LENGTH - 1) 100 #define SSL3_OPTIMAL_RECORD_ALIGNMENT 2 101 102 /* session state */ 103 typedef struct sslSessionIDStr { 104 uchar_t session_id[SSL3_SESSIONID_BYTES]; 105 uchar_t master_secret[SSL3_MASTER_SECRET_LEN]; 106 clock_t time; 107 in6_addr_t client_addr; 108 boolean_t cached; 109 uint16_t cipher_suite; 110 } sslSessionID; 111 112 /* An element of the session cache */ 113 typedef struct kssl_sid_ent { 114 kmutex_t se_lock; 115 uint64_t se_used; /* Counter to check hash distribution */ 116 sslSessionID se_sid; 117 } kssl_sid_ent_t; 118 119 typedef enum { 120 content_change_cipher_spec = 20, 121 content_alert = 21, 122 content_handshake = 22, 123 content_application_data = 23, 124 content_handshake_v2 = 128 125 } SSL3ContentType; 126 127 typedef enum { 128 hello_request = 0, 129 client_hello = 1, 130 server_hello = 2, 131 certificate = 11, 132 server_key_exchange = 12, 133 certificate_request = 13, 134 server_hello_done = 14, 135 certificate_verify = 15, 136 client_key_exchange = 16, 137 finished = 20 138 } SSL3HandshakeType; 139 140 typedef struct SSL3HandshakeMsgStr { 141 int state; 142 SSL3HandshakeType type; 143 int msglen; 144 int msglen_bytes; 145 mblk_t *head; 146 mblk_t *tail; 147 } SSL3HandshakeMsg; 148 149 typedef struct KSSLJOBStr { 150 struct ssl_s *ssl; 151 crypto_req_id_t kjob; 152 char *buf; 153 size_t buflen; 154 int status; 155 } KSSLJOB; 156 157 158 typedef struct { 159 uchar_t md5[MD5_HASH_LEN]; 160 uchar_t sha1[SHA1_HASH_LEN]; 161 uchar_t tlshash[TLS_FINISHED_SIZE]; 162 } SSL3Hashes; 163 164 typedef enum { 165 close_notify = 0, 166 unexpected_message = 10, 167 bad_record_mac = 20, 168 decompression_failure = 30, 169 handshake_failure = 40, 170 no_certificate = 41, 171 bad_certificate = 42, 172 unsupported_certificate = 43, 173 certificate_revoked = 44, 174 certificate_expired = 45, 175 certificate_unknown = 46, 176 illegal_parameter = 47, 177 unknown_ca = 48, 178 access_denied = 49, 179 decode_error = 50, 180 decrypt_error = 51, 181 export_restriction = 60, 182 protocol_version = 70, 183 insufficient_security = 71, 184 internal_error = 80, 185 user_canceled = 90, 186 no_renegotiation = 100 187 } SSL3AlertDescription; 188 189 typedef enum { 190 alert_warning = 1, 191 alert_fatal = 2 192 } SSL3AlertLevel; 193 194 typedef enum { 195 wait_client_hello = 0, 196 wait_client_key = 1, 197 wait_client_key_done = 2, 198 wait_change_cipher = 3, 199 wait_finished = 4, 200 idle_handshake = 5 201 } SSL3WaitState; 202 203 typedef enum { 204 sender_client = 0x434c4e54, 205 sender_server = 0x53525652 206 } SSL3Sender; 207 208 typedef enum { 209 mac_md5 = 0, 210 mac_sha = 1 211 } SSL3MACAlgorithm; 212 213 /* The SSL bulk cipher definition */ 214 typedef enum { 215 cipher_null = 0, 216 cipher_rc4 = 1, 217 cipher_des = 2, 218 cipher_3des = 3, 219 cipher_aes128 = 4, 220 cipher_aes256 = 5, 221 } SSL3BulkCipher; 222 223 typedef enum { type_stream = 0, type_block = 1 } CipherType; 224 225 typedef struct ssl3CipherSuiteDefStr { 226 uint16_t suite; 227 SSL3BulkCipher calg; 228 SSL3MACAlgorithm malg; 229 int keyblksz; 230 } ssl3CipherSuiteDef; 231 232 typedef void (*hashinit_func_t)(void *); 233 typedef void (*hashupdate_func_t)(void *, uchar_t *, uint32_t); 234 typedef void (*hashfinal_func_t)(uchar_t *, void *); 235 236 typedef struct KSSLMACDefStr { 237 int hashsz; 238 int padsz; 239 hashinit_func_t HashInit; 240 hashupdate_func_t HashUpdate; 241 hashfinal_func_t HashFinal; 242 } KSSLMACDef; 243 244 typedef struct KSSLCipherDefStr { 245 CipherType type; 246 int bsize; 247 int keysz; 248 crypto_mech_type_t mech_type; 249 } KSSLCipherDef; 250 251 typedef union KSSL_HASHCTXUnion { 252 SHA1_CTX sha; 253 MD5_CTX md5; 254 } KSSL_HASHCTX; 255 256 typedef struct KSSLCipherSpecStr { 257 int mac_hashsz; 258 int mac_padsz; 259 void (*MAC_HashInit)(void *); 260 void (*MAC_HashUpdate)(void *, uchar_t *, uint32_t); 261 void (*MAC_HashFinal)(uchar_t *, void *); 262 263 CipherType cipher_type; 264 int cipher_bsize; 265 int cipher_keysz; 266 267 crypto_mechanism_t cipher_mech; 268 crypto_mechanism_t hmac_mech; /* for TLS */ 269 crypto_key_t cipher_key; 270 crypto_key_t hmac_key; /* for TLS */ 271 272 crypto_context_t cipher_ctx; 273 crypto_data_t cipher_data; 274 275 } KSSLCipherSpec; 276 277 /* 278 * SSL connection state. This one hangs off of a ksslf_t structure. 279 */ 280 typedef struct ssl_s { 281 kmutex_t kssl_lock; 282 struct kssl_entry_s *kssl_entry; 283 mblk_t *rec_ass_head; 284 mblk_t *rec_ass_tail; 285 in6_addr_t faddr; 286 uint32_t tcp_mss; 287 SSL3WaitState hs_waitstate; 288 boolean_t resumed; 289 boolean_t close_notify; 290 boolean_t fatal_alert; 291 boolean_t fatal_error; 292 boolean_t alert_sent; 293 boolean_t appdata_sent; 294 boolean_t activeinput; 295 SSL3AlertLevel sendalert_level; 296 SSL3AlertDescription sendalert_desc; 297 mblk_t *handshake_sendbuf; 298 mblk_t *alert_sendbuf; 299 kssl_callback_t cke_callback_func; 300 void *cke_callback_arg; 301 uint16_t pending_cipher_suite; 302 SSL3MACAlgorithm pending_malg; 303 SSL3BulkCipher pending_calg; 304 int pending_keyblksz; 305 uint64_t seq_num[2]; 306 SSL3HandshakeMsg msg; 307 KSSLJOB job; 308 KSSLCipherSpec spec[2]; 309 uchar_t pending_keyblock[MAX_KEYBLOCK_LENGTH]; 310 uchar_t mac_secret[2][MAX_HASH_LEN]; 311 KSSL_HASHCTX mac_ctx[2][2]; /* inner 'n outer per dir */ 312 sslSessionID sid; 313 SHA1_CTX hs_sha1; 314 MD5_CTX hs_md5; 315 SSL3Hashes hs_hashes; 316 uchar_t client_random[SSL3_RANDOM_LENGTH]; 317 uchar_t server_random[SSL3_RANDOM_LENGTH]; 318 int sslcnt; 319 uchar_t major_version; 320 uchar_t minor_version; 321 boolean_t secure_renegotiation; 322 uint_t async_ops_pending; 323 kcondvar_t async_cv; 324 } ssl_t; 325 326 #define IS_TLS(s) (s->major_version == 3 && s->minor_version == 1) 327 328 #define SSL3_REC_SIZE(mp) (uint8_t *)(mp)->b_rptr + 3 329 330 extern int kssl_spec_init(ssl_t *, int); 331 extern void kssl_send_alert(ssl_t *, SSL3AlertLevel, SSL3AlertDescription); 332 333 #ifdef __cplusplus 334 } 335 #endif 336 337 #endif /* _INET_KSSL_KSSLPROTO_H */ 338