xref: /titanic_44/usr/src/uts/common/inet/kssl/ksslproto.h (revision 8339b41da2395f0525c46ceedfeb01961893ec44)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23  */
24 
25 #ifndef	_INET_KSSL_KSSLPROTO_H
26 #define	_INET_KSSL_KSSLPROTO_H
27 
28 #ifdef	__cplusplus
29 extern "C" {
30 #endif
31 
32 #include <sys/types.h>
33 #include <sys/stream.h>
34 #include <sys/md5.h>
35 #include <sys/sha1.h>
36 #include <sys/crypto/common.h>
37 #include <sys/crypto/api.h>
38 #include <inet/kssl/kssl.h>	/* Cipher suite definitions */
39 #include <inet/kssl/ksslapi.h>
40 #include <inet/kssl/ksslimpl.h>
41 
42 #define	SSL3_RANDOM_LENGTH		32
43 #define	SSL3_SESSIONID_BYTES		32
44 #define	SSL3_HDR_LEN			5
45 #define	SSL3_MAX_RECORD_LENGTH		16384
46 #define	SSL3_PRE_MASTER_SECRET_LEN	48
47 #define	SSL3_MASTER_SECRET_LEN		48
48 #define	SSL3_MD5_PAD_LEN		48
49 #define	SSL3_SHA1_PAD_LEN		40
50 
51 #define	SSL_MIN_CHALLENGE_BYTES		16
52 #define	SSL_MAX_CHALLENGE_BYTES		32
53 
54 #define	SHA1_HASH_LEN			20
55 #define	MD5_HASH_LEN			16
56 #define	MAX_HASH_LEN			SHA1_HASH_LEN
57 
58 #define	KSSL_READ			0
59 #define	KSSL_WRITE			1
60 
61 #define	KSSL_ENCRYPT			0
62 #define	KSSL_DECRYPT			1
63 
64 #define	MSG_INIT			0
65 #define	MSG_INIT_LEN			1
66 #define	MSG_BODY			2
67 
68 /*
69  * More than enough for the cipher suite that needs the
70  * largest key material (AES_256_CBC_SHA needs 136 bytes).
71  */
72 #define	MAX_KEYBLOCK_LENGTH		160
73 
74 #define	TLS_MASTER_SECRET_LABEL		"master secret"
75 #define	TLS_CLIENT_WRITE_KEY_LABEL	"client write key"
76 #define	TLS_SERVER_WRITE_KEY_LABEL	"server write key"
77 #define	TLS_CLIENT_FINISHED_LABEL	"client finished"
78 #define	TLS_SERVER_FINISHED_LABEL	"server finished"
79 #define	TLS_KEY_EXPANSION_LABEL		"key expansion"
80 #define	TLS_IV_BLOCK_LABEL		"IV block"
81 #define	TLS_MAX_LABEL_SIZE		24
82 
83 #define	TLS_FINISHED_SIZE		12
84 
85 /*
86  * The following constants try to insure an input buffer is optimally aligned
87  * for MAC hash computation.  SHA1/MD5 code prefers 4 byte alignment of each
88  * 64byte input block to avoid a copy. Our goal is to reach 4 byte alignment
89  * starting form the 3rd MAC block (input buffer starts in the 3rd block). The
90  * 3rd block includes the first 53 (MD5 SSL3 MAC) or 57 (SHA1 SSL3 MAC) bytes
91  * of the input buffer. This means input buffer should start at offset 3
92  * within a 4 byte word so that its next block is 4 byte aligned. Since the
93  * SSL3 record header is 5 bytes long it should start at at offset 2 within a
94  * 4 byte word. To insure the next record (for buffers that don't fit into 1
95  * SSL3 record) also starts at offset 2 within a 4 byte word the previous
96  * record length should be 3 mod 8 since 5 + 3 mod 8 is 0 i.e. the next record
97  * starts at the same offset within a 4 byte word as the the previous record.
98  */
99 #define	SSL3_MAX_OPTIMAL_RECORD_LENGTH	(SSL3_MAX_RECORD_LENGTH - 1)
100 #define	SSL3_OPTIMAL_RECORD_ALIGNMENT	2
101 
102 /* session state */
103 typedef struct sslSessionIDStr {
104 	uchar_t		session_id[SSL3_SESSIONID_BYTES];
105 	uchar_t 	master_secret[SSL3_MASTER_SECRET_LEN];
106 	clock_t 	time;
107 	in6_addr_t 	client_addr;
108 	boolean_t	cached;
109 	uint16_t	cipher_suite;
110 } sslSessionID;
111 
112 /* An element of the session cache */
113 typedef struct kssl_sid_ent {
114 	kmutex_t	se_lock;
115 	uint64_t	se_used;	/* Counter to check hash distribution */
116 	sslSessionID	se_sid;
117 } kssl_sid_ent_t;
118 
119 typedef enum {
120 	content_change_cipher_spec	= 20,
121 	content_alert			= 21,
122 	content_handshake		= 22,
123 	content_application_data	= 23,
124 	content_handshake_v2		= 128
125 } SSL3ContentType;
126 
127 typedef enum {
128 	hello_request		= 0,
129 	client_hello		= 1,
130 	server_hello		= 2,
131 	certificate		= 11,
132 	server_key_exchange	= 12,
133 	certificate_request	= 13,
134 	server_hello_done	= 14,
135 	certificate_verify	= 15,
136 	client_key_exchange	= 16,
137 	finished		= 20
138 } SSL3HandshakeType;
139 
140 typedef struct SSL3HandshakeMsgStr {
141 	int			state;
142 	SSL3HandshakeType	type;
143 	int			msglen;
144 	int			msglen_bytes;
145 	mblk_t			*head;
146 	mblk_t			*tail;
147 } SSL3HandshakeMsg;
148 
149 typedef struct KSSLJOBStr {
150 	struct ssl_s	*ssl;
151 	crypto_req_id_t	kjob;
152 	char		*buf;
153 	size_t		buflen;
154 	int		status;
155 } KSSLJOB;
156 
157 
158 typedef struct {
159 	uchar_t md5[MD5_HASH_LEN];
160 	uchar_t sha1[SHA1_HASH_LEN];
161 	uchar_t tlshash[TLS_FINISHED_SIZE];
162 } SSL3Hashes;
163 
164 typedef enum {
165 	close_notify		= 0,
166 	unexpected_message	= 10,
167 	bad_record_mac		= 20,
168 	decompression_failure	= 30,
169 	handshake_failure	= 40,
170 	no_certificate		= 41,
171 	bad_certificate		= 42,
172 	unsupported_certificate	= 43,
173 	certificate_revoked	= 44,
174 	certificate_expired	= 45,
175 	certificate_unknown	= 46,
176 	illegal_parameter	= 47,
177 	unknown_ca		= 48,
178 	access_denied		= 49,
179 	decode_error		= 50,
180 	decrypt_error		= 51,
181 	export_restriction	= 60,
182 	protocol_version	= 70,
183 	insufficient_security	= 71,
184 	internal_error		= 80,
185 	user_canceled		= 90,
186 	no_renegotiation	= 100
187 } SSL3AlertDescription;
188 
189 typedef enum {
190 	alert_warning = 1,
191 	alert_fatal = 2
192 } SSL3AlertLevel;
193 
194 typedef enum {
195 	wait_client_hello = 0,
196 	wait_client_key = 1,
197 	wait_client_key_done = 2,
198 	wait_change_cipher = 3,
199 	wait_finished = 4,
200 	idle_handshake = 5
201 } SSL3WaitState;
202 
203 typedef enum {
204 	sender_client = 0x434c4e54,
205 	sender_server = 0x53525652
206 } SSL3Sender;
207 
208 typedef enum {
209 	mac_md5	= 0,
210 	mac_sha	= 1
211 } SSL3MACAlgorithm;
212 
213 /* The SSL bulk cipher definition */
214 typedef enum {
215 	cipher_null = 0,
216 	cipher_rc4 = 1,
217 	cipher_des = 2,
218 	cipher_3des = 3,
219 	cipher_aes128 = 4,
220 	cipher_aes256 = 5,
221 } SSL3BulkCipher;
222 
223 typedef enum { type_stream = 0, type_block = 1 } CipherType;
224 
225 typedef struct ssl3CipherSuiteDefStr {
226 	uint16_t		suite;
227 	SSL3BulkCipher		calg;
228 	SSL3MACAlgorithm	malg;
229 	int			keyblksz;
230 } ssl3CipherSuiteDef;
231 
232 typedef void (*hashinit_func_t)(void *);
233 typedef void (*hashupdate_func_t)(void *, uchar_t *, uint32_t);
234 typedef void (*hashfinal_func_t)(uchar_t *, void *);
235 
236 typedef struct KSSLMACDefStr {
237 	int			hashsz;
238 	int			padsz;
239 	hashinit_func_t		HashInit;
240 	hashupdate_func_t	HashUpdate;
241 	hashfinal_func_t	HashFinal;
242 } KSSLMACDef;
243 
244 typedef struct KSSLCipherDefStr {
245 	CipherType		type;
246 	int			bsize;
247 	int			keysz;
248 	crypto_mech_type_t	mech_type;
249 } KSSLCipherDef;
250 
251 typedef union KSSL_HASHCTXUnion {
252 	SHA1_CTX	sha;
253 	MD5_CTX		md5;
254 } KSSL_HASHCTX;
255 
256 typedef struct KSSLCipherSpecStr {
257 	int		mac_hashsz;
258 	int		mac_padsz;
259 	void		(*MAC_HashInit)(void *);
260 	void		(*MAC_HashUpdate)(void *, uchar_t *, uint32_t);
261 	void		(*MAC_HashFinal)(uchar_t *, void *);
262 
263 	CipherType	cipher_type;
264 	int		cipher_bsize;
265 	int		cipher_keysz;
266 
267 	crypto_mechanism_t	cipher_mech;
268 	crypto_mechanism_t	hmac_mech;	/* for TLS */
269 	crypto_key_t		cipher_key;
270 	crypto_key_t		hmac_key;	/* for TLS */
271 
272 	crypto_context_t	cipher_ctx;
273 	crypto_data_t		cipher_data;
274 
275 } KSSLCipherSpec;
276 
277 /*
278  * SSL connection state. This one hangs off of a tcp_t structure.
279  */
280 typedef struct ssl_s {
281 	kmutex_t		kssl_lock;
282 	struct kssl_entry_s	*kssl_entry;
283 	mblk_t			*rec_ass_head;
284 	mblk_t			*rec_ass_tail;
285 	uint_t			kssl_refcnt;
286 	in6_addr_t		faddr;
287 	uint32_t		tcp_mss;
288 	SSL3WaitState		hs_waitstate;
289 	boolean_t		resumed;
290 	boolean_t		close_notify;
291 	boolean_t		fatal_alert;
292 	boolean_t		fatal_error;
293 	boolean_t		alert_sent;
294 	boolean_t		appdata_sent;
295 	boolean_t		activeinput;
296 	SSL3AlertLevel		sendalert_level;
297 	SSL3AlertDescription	sendalert_desc;
298 	mblk_t			*handshake_sendbuf;
299 	mblk_t			*alert_sendbuf;
300 	kssl_callback_t		cke_callback_func;
301 	void			*cke_callback_arg;
302 	uint16_t		pending_cipher_suite;
303 	SSL3MACAlgorithm	pending_malg;
304 	SSL3BulkCipher		pending_calg;
305 	int			pending_keyblksz;
306 	uint64_t		seq_num[2];
307 	SSL3HandshakeMsg	msg;
308 	KSSLJOB			job;
309 	KSSLCipherSpec		spec[2];
310 	uchar_t			pending_keyblock[MAX_KEYBLOCK_LENGTH];
311 	uchar_t			mac_secret[2][MAX_HASH_LEN];
312 	KSSL_HASHCTX		mac_ctx[2][2];	/* inner 'n outer per dir */
313 	sslSessionID		sid;
314 	SHA1_CTX		hs_sha1;
315 	MD5_CTX			hs_md5;
316 	SSL3Hashes		hs_hashes;
317 	uchar_t			client_random[SSL3_RANDOM_LENGTH];
318 	uchar_t			server_random[SSL3_RANDOM_LENGTH];
319 	int			sslcnt;
320 	uchar_t			major_version;
321 	uchar_t			minor_version;
322 	boolean_t		secure_renegotiation;
323 } ssl_t;
324 
325 #define	IS_TLS(s) (s->major_version == 3 && s->minor_version == 1)
326 
327 #define	SSL3_REC_SIZE(mp)	(uint8_t *)(mp)->b_rptr + 3
328 
329 extern int kssl_spec_init(ssl_t *, int);
330 extern void kssl_send_alert(ssl_t *, SSL3AlertLevel, SSL3AlertDescription);
331 
332 #ifdef	__cplusplus
333 }
334 #endif
335 
336 #endif	/* _INET_KSSL_KSSLPROTO_H */
337