xref: /titanic_41/usr/src/uts/common/inet/kssl/ksslproto.h (revision f29fbe76ce646ba8bcf62627d89087d5f02c62a8)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef	_INET_KSSL_KSSLPROTO_H
28 #define	_INET_KSSL_KSSLPROTO_H
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 #ifdef	__cplusplus
33 extern "C" {
34 #endif
35 
36 #include <sys/types.h>
37 #include <sys/stream.h>
38 #include <sys/md5.h>
39 #include <sys/sha1.h>
40 #include <sys/crypto/common.h>
41 #include <sys/crypto/api.h>
42 #include <inet/kssl/kssl.h>	/* Cipher suite definitions */
43 #include <inet/kssl/ksslapi.h>
44 #include <inet/kssl/ksslimpl.h>
45 
46 #define	SSL3_RANDOM_LENGTH		32
47 #define	SSL3_SESSIONID_BYTES		32
48 #define	SSL3_HDR_LEN			5
49 #define	SSL3_MAX_RECORD_LENGTH		16384
50 #define	SSL3_PRE_MASTER_SECRET_LEN	48
51 #define	SSL3_MASTER_SECRET_LEN		48
52 #define	SSL3_MD5_PAD_LEN		48
53 #define	SSL3_SHA1_PAD_LEN		40
54 
55 #define	SSL_MIN_CHALLENGE_BYTES		16
56 #define	SSL_MAX_CHALLENGE_BYTES		32
57 
58 #define	SHA1_HASH_LEN			20
59 #define	MD5_HASH_LEN			16
60 #define	MAX_HASH_LEN			SHA1_HASH_LEN
61 
62 #define	KSSL_READ			0
63 #define	KSSL_WRITE			1
64 
65 #define	KSSL_ENCRYPT			0
66 #define	KSSL_DECRYPT			1
67 
68 #define	MSG_INIT			0
69 #define	MSG_INIT_LEN			1
70 #define	MSG_BODY			2
71 
72 #define	MAX_KEYBLOCK_LENGTH		112
73 
74 #define	TLS_MASTER_SECRET_LABEL		"master secret"
75 #define	TLS_CLIENT_WRITE_KEY_LABEL	"client write key"
76 #define	TLS_SERVER_WRITE_KEY_LABEL	"server write key"
77 #define	TLS_CLIENT_FINISHED_LABEL	"client finished"
78 #define	TLS_SERVER_FINISHED_LABEL	"server finished"
79 #define	TLS_KEY_EXPANSION_LABEL		"key expansion"
80 #define	TLS_IV_BLOCK_LABEL		"IV block"
81 #define	TLS_MAX_LABEL_SIZE		24
82 
83 #define	TLS_FINISHED_SIZE		12
84 
85 /*
86  * The following constants try to insure an input buffer is optimally aligned
87  * for MAC hash computation.  SHA1/MD5 code prefers 4 byte alignment of each
88  * 64byte input block to avoid a copy. Our goal is to reach 4 byte alignment
89  * starting form the 3rd MAC block (input buffer starts in the 3rd block). The
90  * 3rd block includes the first 53 (MD5 SSL3 MAC) or 57 (SHA1 SSL3 MAC) bytes
91  * of the input buffer. This means input buffer should start at offset 3
92  * within a 4 byte word so that its next block is 4 byte aligned. Since the
93  * SSL3 record header is 5 bytes long it should start at at offset 2 within a
94  * 4 byte word. To insure the next record (for buffers that don't fit into 1
95  * SSL3 record) also starts at offset 2 within a 4 byte word the previous
96  * record length should be 3 mod 8 since 5 + 3 mod 8 is 0 i.e. the next record
97  * starts at the same offset within a 4 byte word as the the previous record.
98  */
99 #define	SSL3_MAX_OPTIMAL_RECORD_LENGTH	(SSL3_MAX_RECORD_LENGTH - 1)
100 #define	SSL3_OPTIMAL_RECORD_ALIGNMENT	2
101 
102 /* session state */
103 typedef struct sslSessionIDStr {
104 	uchar_t	session_id[SSL3_SESSIONID_BYTES];
105 	uchar_t master_secret[SSL3_MASTER_SECRET_LEN];
106 	clock_t time;
107 	ipaddr_t client_addr;
108 	boolean_t cached;
109 	uint16_t cipher_suite;
110 } sslSessionID;
111 
112 /* An element of the session cache */
113 typedef struct kssl_sid_ent {
114 	kmutex_t se_lock;
115 	uint64_t se_used;	/* Counter to check hash distribution */
116 	sslSessionID se_sid;
117 	uchar_t  pad[2 * 64 - sizeof (kmutex_t) - sizeof (uint64_t) \
118 	    - sizeof (sslSessionID)];
119 } kssl_sid_ent_t;
120 
121 typedef struct RC4ContextStr {
122 	uchar_t i;
123 	uchar_t j;
124 	uchar_t S[256];
125 } RC4Context;
126 
127 typedef enum {
128     content_change_cipher_spec	= 20,
129     content_alert		= 21,
130     content_handshake		= 22,
131     content_application_data	= 23,
132     content_handshake_v2	= 128
133 } SSL3ContentType;
134 
135 typedef enum {
136     hello_request	= 0,
137     client_hello	= 1,
138     server_hello	= 2,
139     certificate		= 11,
140     server_key_exchange	= 12,
141     certificate_request	= 13,
142     server_hello_done	= 14,
143     certificate_verify	= 15,
144     client_key_exchange	= 16,
145     finished		= 20
146 } SSL3HandshakeType;
147 
148 typedef struct SSL3HandshakeMsgStr {
149 	int state;
150 	SSL3HandshakeType type;
151 	int msglen;
152 	int msglen_bytes;
153 	mblk_t *head;
154 	mblk_t *tail;
155 } SSL3HandshakeMsg;
156 
157 typedef struct KSSLJOBStr {
158 	struct ssl_s	*ssl;
159 	crypto_req_id_t	kjob;
160 	char		*buf;
161 	size_t		buflen;
162 	int		status;
163 } KSSLJOB;
164 
165 typedef struct KSSLMACJOBStr {
166 	struct ssl_s *ssl;
167 	buf_t *in;
168 	buf_t *out;
169 	uchar_t *rstart;
170 	int rlen;
171 	uint64_t seq;
172 	SSL3ContentType ct;
173 	uchar_t *digest;
174 	int dir;
175 } KSSLMACJOB;
176 
177 
178 typedef struct {
179 	uchar_t md5[MD5_HASH_LEN];
180 	uchar_t sha1[SHA1_HASH_LEN];
181 	uchar_t tlshash[TLS_FINISHED_SIZE];
182 } SSL3Hashes;
183 
184 typedef enum {
185 	close_notify		= 0,
186 	unexpected_message	= 10,
187 	bad_record_mac		= 20,
188 	decompression_failure	= 30,
189 	handshake_failure	= 40,
190 	no_certificate		= 41,
191 	bad_certificate		= 42,
192 	unsupported_certificate	= 43,
193 	certificate_revoked	= 44,
194 	certificate_expired	= 45,
195 	certificate_unknown	= 46,
196 	illegal_parameter	= 47,
197 	unknown_ca		= 48,
198 	access_denied		= 49,
199 	decode_error		= 50,
200 	decrypt_error		= 51,
201 	export_restriction	= 60,
202 	protocol_version	= 70,
203 	insufficient_security	= 71,
204 	internal_error		= 80,
205 	user_canceled		= 90,
206 	no_renegotiation	= 100
207 } SSL3AlertDescription;
208 
209 typedef enum {
210 	alert_warning = 1,
211 	alert_fatal = 2
212 } SSL3AlertLevel;
213 
214 typedef enum {
215 	wait_client_hello = 0,
216 	wait_client_key = 1,
217 	wait_client_key_done = 2,
218 	wait_change_cipher = 3,
219 	wait_finished = 4,
220 	idle_handshake = 5
221 } SSL3WaitState;
222 
223 typedef enum {
224     sender_client = 0x434c4e54,
225     sender_server = 0x53525652
226 } SSL3Sender;
227 
228 typedef enum {
229     mac_md5	= 0,
230     mac_sha	= 1
231 } SSL3MACAlgorithm;
232 
233 /* The SSL bulk cipher definition */
234 typedef enum {
235     cipher_null = 0,
236     cipher_rc4 = 1,
237     cipher_des = 2,
238     cipher_3des = 3
239 } SSL3BulkCipher;
240 
241 typedef enum { type_stream = 0, type_block = 1 } CipherType;
242 
243 typedef struct ssl3CipherSuiteDefStr {
244 	uint16_t		suite;
245 	SSL3BulkCipher		calg;
246 	SSL3MACAlgorithm	malg;
247 	int			keyblksz;
248 } ssl3CipherSuiteDef;
249 
250 typedef void (*hashinit_func_t)(void *);
251 typedef void (*hashupdate_func_t)(void *, uchar_t *, uint32_t);
252 typedef void (*hashfinal_func_t)(uchar_t *, void *);
253 
254 typedef struct KSSLMACDefStr {
255 	int			hashsz;
256 	int			padsz;
257 	hashinit_func_t		HashInit;
258 	hashupdate_func_t	HashUpdate;
259 	hashfinal_func_t	HashFinal;
260 } KSSLMACDef;
261 
262 typedef struct KSSLCipherDefStr {
263 	CipherType		type;
264 	int			bsize;
265 	int			keysz;
266 	crypto_mech_type_t	mech_type;
267 } KSSLCipherDef;
268 
269 typedef union KSSL_HASHCTXUnion {
270 	SHA1_CTX	sha;
271 	MD5_CTX		md5;
272 } KSSL_HASHCTX;
273 
274 typedef struct KSSLCipherSpecStr {
275 	int		mac_hashsz;
276 	int		mac_padsz;
277 	void		(*MAC_HashInit)(void *);
278 	void		(*MAC_HashUpdate)(void *, uchar_t *, uint32_t);
279 	void		(*MAC_HashFinal)(uchar_t *, void *);
280 
281 	CipherType	cipher_type;
282 	int		cipher_bsize;
283 	int		cipher_keysz;
284 
285 	crypto_mechanism_t	cipher_mech;
286 	crypto_mechanism_t	hmac_mech;	/* for TLS */
287 	crypto_key_t		cipher_key;
288 	crypto_key_t		hmac_key;	/* for TLS */
289 
290 	crypto_context_t	cipher_ctx;
291 	crypto_data_t		cipher_data;
292 
293 } KSSLCipherSpec;
294 
295 /*
296  * SSL connection state. This one hangs off of a tcp_t structure.
297  */
298 typedef struct ssl_s {
299 	kmutex_t		kssl_lock;
300 	struct kssl_entry_s	*kssl_entry;
301 	mblk_t			*rec_ass_head;
302 	mblk_t			*rec_ass_tail;
303 	uint_t			kssl_refcnt;
304 	ipaddr_t		faddr;
305 	uint32_t		tcp_mss;
306 	SSL3WaitState		hs_waitstate;
307 	boolean_t		resumed;
308 	boolean_t		close_notify;
309 	boolean_t		fatal_alert;
310 	boolean_t		fatal_error;
311 	boolean_t		alert_sent;
312 	boolean_t		appdata_sent;
313 	boolean_t		activeinput;
314 	SSL3AlertLevel		sendalert_level;
315 	SSL3AlertDescription	sendalert_desc;
316 	mblk_t			*handshake_sendbuf;
317 	mblk_t			*alert_sendbuf;
318 	kssl_callback_t		cke_callback_func;
319 	void			*cke_callback_arg;
320 	uint32_t		macjobs_todo;
321 	uint32_t		macjobs_done;
322 	uint16_t		pending_cipher_suite;
323 	SSL3MACAlgorithm	pending_malg;
324 	SSL3BulkCipher		pending_calg;
325 	int			pending_keyblksz;
326 	uint64_t		seq_num[2];
327 	SSL3HandshakeMsg	msg;
328 	KSSLJOB			job;
329 	KSSLCipherSpec		spec[2];
330 	uchar_t			pending_keyblock[MAX_KEYBLOCK_LENGTH];
331 	uchar_t			mac_secret[2][MAX_HASH_LEN];
332 	KSSL_HASHCTX		mac_ctx[2][2];	/* inner 'n outer per dir */
333 	sslSessionID		sid;
334 	SHA1_CTX		hs_sha1;
335 	MD5_CTX			hs_md5;
336 	SSL3Hashes		hs_hashes;
337 	uchar_t			client_random[SSL3_RANDOM_LENGTH];
338 	uchar_t			server_random[SSL3_RANDOM_LENGTH];
339 	int			sslcnt;
340 	uchar_t			major_version;
341 	uchar_t			minor_version;
342 } ssl_t;
343 
344 #define	IS_TLS(s) (s->major_version == 3 && s->minor_version == 1)
345 
346 #define	SSL3_REC_SIZE(mp)	(uint8_t *)(mp)->b_rptr + 3
347 
348 extern int kssl_spec_init(ssl_t *, int);
349 extern void kssl_send_alert(ssl_t *, SSL3AlertLevel, SSL3AlertDescription);
350 
351 #ifdef	__cplusplus
352 }
353 #endif
354 
355 #endif	/* _INET_KSSL_KSSLPROTO_H */
356