xref: /titanic_44/usr/src/uts/common/inet/kssl/ksslproto.h (revision 1a5e258f5471356ca102c7176637cdce45bac147)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23  */
24 
25 #ifndef	_INET_KSSL_KSSLPROTO_H
26 #define	_INET_KSSL_KSSLPROTO_H
27 
28 #ifdef	__cplusplus
29 extern "C" {
30 #endif
31 
32 #include <sys/types.h>
33 #include <sys/stream.h>
34 #include <sys/md5.h>
35 #include <sys/sha1.h>
36 #include <sys/crypto/common.h>
37 #include <sys/crypto/api.h>
38 #include <inet/kssl/kssl.h>	/* Cipher suite definitions */
39 #include <inet/kssl/ksslapi.h>
40 #include <inet/kssl/ksslimpl.h>
41 
42 #define	SSL3_RANDOM_LENGTH		32
43 #define	SSL3_SESSIONID_BYTES		32
44 #define	SSL3_HDR_LEN			5
45 #define	SSL3_ALERT_LEN			2
46 #define	SSL3_MAX_RECORD_LENGTH		16384
47 #define	SSL3_PRE_MASTER_SECRET_LEN	48
48 #define	SSL3_MASTER_SECRET_LEN		48
49 #define	SSL3_MD5_PAD_LEN		48
50 #define	SSL3_SHA1_PAD_LEN		40
51 
52 #define	SSL_MIN_CHALLENGE_BYTES		16
53 #define	SSL_MAX_CHALLENGE_BYTES		32
54 
55 #define	SHA1_HASH_LEN			20
56 #define	MD5_HASH_LEN			16
57 #define	MAX_HASH_LEN			SHA1_HASH_LEN
58 
59 #define	KSSL_READ			0
60 #define	KSSL_WRITE			1
61 
62 #define	KSSL_ENCRYPT			0
63 #define	KSSL_DECRYPT			1
64 
65 #define	MSG_INIT			0
66 #define	MSG_INIT_LEN			1
67 #define	MSG_BODY			2
68 
69 /*
70  * More than enough for the cipher suite that needs the
71  * largest key material (AES_256_CBC_SHA needs 136 bytes).
72  */
73 #define	MAX_KEYBLOCK_LENGTH		160
74 
75 #define	TLS_MASTER_SECRET_LABEL		"master secret"
76 #define	TLS_CLIENT_WRITE_KEY_LABEL	"client write key"
77 #define	TLS_SERVER_WRITE_KEY_LABEL	"server write key"
78 #define	TLS_CLIENT_FINISHED_LABEL	"client finished"
79 #define	TLS_SERVER_FINISHED_LABEL	"server finished"
80 #define	TLS_KEY_EXPANSION_LABEL		"key expansion"
81 #define	TLS_IV_BLOCK_LABEL		"IV block"
82 #define	TLS_MAX_LABEL_SIZE		24
83 
84 #define	TLS_FINISHED_SIZE		12
85 
86 /*
87  * The following constants try to insure an input buffer is optimally aligned
88  * for MAC hash computation.  SHA1/MD5 code prefers 4 byte alignment of each
89  * 64byte input block to avoid a copy. Our goal is to reach 4 byte alignment
90  * starting form the 3rd MAC block (input buffer starts in the 3rd block). The
91  * 3rd block includes the first 53 (MD5 SSL3 MAC) or 57 (SHA1 SSL3 MAC) bytes
92  * of the input buffer. This means input buffer should start at offset 3
93  * within a 4 byte word so that its next block is 4 byte aligned. Since the
94  * SSL3 record header is 5 bytes long it should start at at offset 2 within a
95  * 4 byte word. To insure the next record (for buffers that don't fit into 1
96  * SSL3 record) also starts at offset 2 within a 4 byte word the previous
97  * record length should be 3 mod 8 since 5 + 3 mod 8 is 0 i.e. the next record
98  * starts at the same offset within a 4 byte word as the the previous record.
99  */
100 #define	SSL3_MAX_OPTIMAL_RECORD_LENGTH	(SSL3_MAX_RECORD_LENGTH - 1)
101 #define	SSL3_OPTIMAL_RECORD_ALIGNMENT	2
102 
103 /* session state */
104 typedef struct sslSessionIDStr {
105 	uchar_t		session_id[SSL3_SESSIONID_BYTES];
106 	uchar_t 	master_secret[SSL3_MASTER_SECRET_LEN];
107 	clock_t 	time;
108 	in6_addr_t 	client_addr;
109 	boolean_t	cached;
110 	uint16_t	cipher_suite;
111 } sslSessionID;
112 
113 /* An element of the session cache */
114 typedef struct kssl_sid_ent {
115 	kmutex_t	se_lock;
116 	uint64_t	se_used;	/* Counter to check hash distribution */
117 	sslSessionID	se_sid;
118 } kssl_sid_ent_t;
119 
120 typedef enum {
121 	content_change_cipher_spec	= 20,
122 	content_alert			= 21,
123 	content_handshake		= 22,
124 	content_application_data	= 23,
125 	content_handshake_v2		= 128
126 } SSL3ContentType;
127 
128 typedef enum {
129 	hello_request		= 0,
130 	client_hello		= 1,
131 	server_hello		= 2,
132 	certificate		= 11,
133 	server_key_exchange	= 12,
134 	certificate_request	= 13,
135 	server_hello_done	= 14,
136 	certificate_verify	= 15,
137 	client_key_exchange	= 16,
138 	finished		= 20
139 } SSL3HandshakeType;
140 
141 typedef struct SSL3HandshakeMsgStr {
142 	int			state;
143 	SSL3HandshakeType	type;
144 	int			msglen;
145 	int			msglen_bytes;
146 	mblk_t			*head;
147 	mblk_t			*tail;
148 } SSL3HandshakeMsg;
149 
150 typedef struct KSSLJOBStr {
151 	struct ssl_s	*ssl;
152 	crypto_req_id_t	kjob;
153 	char		*buf;
154 	size_t		buflen;
155 	int		status;
156 } KSSLJOB;
157 
158 
159 typedef struct {
160 	uchar_t md5[MD5_HASH_LEN];
161 	uchar_t sha1[SHA1_HASH_LEN];
162 	uchar_t tlshash[TLS_FINISHED_SIZE];
163 } SSL3Hashes;
164 
165 typedef enum {
166 	close_notify		= 0,
167 	unexpected_message	= 10,
168 	bad_record_mac		= 20,
169 	decompression_failure	= 30,
170 	handshake_failure	= 40,
171 	no_certificate		= 41,
172 	bad_certificate		= 42,
173 	unsupported_certificate	= 43,
174 	certificate_revoked	= 44,
175 	certificate_expired	= 45,
176 	certificate_unknown	= 46,
177 	illegal_parameter	= 47,
178 	unknown_ca		= 48,
179 	access_denied		= 49,
180 	decode_error		= 50,
181 	decrypt_error		= 51,
182 	export_restriction	= 60,
183 	protocol_version	= 70,
184 	insufficient_security	= 71,
185 	internal_error		= 80,
186 	user_canceled		= 90,
187 	no_renegotiation	= 100
188 } SSL3AlertDescription;
189 
190 typedef enum {
191 	alert_warning = 1,
192 	alert_fatal = 2
193 } SSL3AlertLevel;
194 
195 typedef enum {
196 	wait_client_hello = 0,
197 	wait_client_key = 1,
198 	wait_client_key_done = 2,
199 	wait_change_cipher = 3,
200 	wait_finished = 4,
201 	idle_handshake = 5
202 } SSL3WaitState;
203 
204 typedef enum {
205 	sender_client = 0x434c4e54,
206 	sender_server = 0x53525652
207 } SSL3Sender;
208 
209 typedef enum {
210 	mac_md5	= 0,
211 	mac_sha	= 1
212 } SSL3MACAlgorithm;
213 
214 /* The SSL bulk cipher definition */
215 typedef enum {
216 	cipher_null = 0,
217 	cipher_rc4 = 1,
218 	cipher_des = 2,
219 	cipher_3des = 3,
220 	cipher_aes128 = 4,
221 	cipher_aes256 = 5,
222 } SSL3BulkCipher;
223 
224 typedef enum { type_stream = 0, type_block = 1 } CipherType;
225 
226 typedef struct ssl3CipherSuiteDefStr {
227 	uint16_t		suite;
228 	SSL3BulkCipher		calg;
229 	SSL3MACAlgorithm	malg;
230 	int			keyblksz;
231 } ssl3CipherSuiteDef;
232 
233 typedef void (*hashinit_func_t)(void *);
234 typedef void (*hashupdate_func_t)(void *, uchar_t *, uint32_t);
235 typedef void (*hashfinal_func_t)(uchar_t *, void *);
236 
237 typedef struct KSSLMACDefStr {
238 	int			hashsz;
239 	int			padsz;
240 	hashinit_func_t		HashInit;
241 	hashupdate_func_t	HashUpdate;
242 	hashfinal_func_t	HashFinal;
243 } KSSLMACDef;
244 
245 typedef struct KSSLCipherDefStr {
246 	CipherType		type;
247 	int			bsize;
248 	int			keysz;
249 	crypto_mech_type_t	mech_type;
250 } KSSLCipherDef;
251 
252 typedef union KSSL_HASHCTXUnion {
253 	SHA1_CTX	sha;
254 	MD5_CTX		md5;
255 } KSSL_HASHCTX;
256 
257 typedef struct KSSLCipherSpecStr {
258 	int		mac_hashsz;
259 	int		mac_padsz;
260 	void		(*MAC_HashInit)(void *);
261 	void		(*MAC_HashUpdate)(void *, uchar_t *, uint32_t);
262 	void		(*MAC_HashFinal)(uchar_t *, void *);
263 
264 	CipherType	cipher_type;
265 	int		cipher_bsize;
266 	int		cipher_keysz;
267 
268 	crypto_mechanism_t	cipher_mech;
269 	crypto_mechanism_t	hmac_mech;	/* for TLS */
270 	crypto_key_t		cipher_key;
271 	crypto_key_t		hmac_key;	/* for TLS */
272 
273 	crypto_context_t	cipher_ctx;
274 	crypto_data_t		cipher_data;
275 
276 } KSSLCipherSpec;
277 
278 /*
279  * SSL connection state. This one hangs off of a ksslf_t structure.
280  */
281 typedef struct ssl_s {
282 	kmutex_t		kssl_lock;
283 	struct kssl_entry_s	*kssl_entry;
284 	mblk_t			*rec_ass_head;
285 	mblk_t			*rec_ass_tail;
286 	in6_addr_t		faddr;
287 	uint32_t		tcp_mss;
288 	SSL3WaitState		hs_waitstate;
289 	boolean_t		resumed;
290 	boolean_t		close_notify_clnt;
291 	boolean_t		close_notify_srvr;
292 	boolean_t		fatal_alert;
293 	boolean_t		fatal_error;
294 	boolean_t		alert_sent;
295 	boolean_t		appdata_sent;
296 	boolean_t		activeinput;
297 	SSL3AlertLevel		sendalert_level;
298 	SSL3AlertDescription	sendalert_desc;
299 	mblk_t			*handshake_sendbuf;
300 	mblk_t			*alert_sendbuf;
301 	kssl_callback_t		cke_callback_func;
302 	void			*cke_callback_arg;
303 	uint16_t		pending_cipher_suite;
304 	SSL3MACAlgorithm	pending_malg;
305 	SSL3BulkCipher		pending_calg;
306 	int			pending_keyblksz;
307 	uint64_t		seq_num[2];
308 	SSL3HandshakeMsg	msg;
309 	KSSLJOB			job;
310 	KSSLCipherSpec		spec[2];
311 	uchar_t			pending_keyblock[MAX_KEYBLOCK_LENGTH];
312 	uchar_t			mac_secret[2][MAX_HASH_LEN];
313 	KSSL_HASHCTX		mac_ctx[2][2];	/* inner 'n outer per dir */
314 	sslSessionID		sid;
315 	SHA1_CTX		hs_sha1;
316 	MD5_CTX			hs_md5;
317 	SSL3Hashes		hs_hashes;
318 	uchar_t			client_random[SSL3_RANDOM_LENGTH];
319 	uchar_t			server_random[SSL3_RANDOM_LENGTH];
320 	int			sslcnt;
321 	uchar_t			major_version;
322 	uchar_t			minor_version;
323 	boolean_t		secure_renegotiation;
324 	uint_t			async_ops_pending;
325 	kcondvar_t		async_cv;
326 } ssl_t;
327 
328 #define	IS_TLS(s) (s->major_version == 3 && s->minor_version == 1)
329 
330 #define	SSL3_REC_SIZE(mp)	(uint8_t *)(mp)->b_rptr + 3
331 
332 extern int kssl_spec_init(ssl_t *, int);
333 extern void kssl_send_alert(ssl_t *, SSL3AlertLevel, SSL3AlertDescription);
334 
335 #ifdef	__cplusplus
336 }
337 #endif
338 
339 #endif	/* _INET_KSSL_KSSLPROTO_H */
340