xref: /titanic_44/usr/src/uts/common/inet/kssl/ksslproto.h (revision bfed486ad8de8b8ebc6345a8e10accae08bf2f45)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_INET_KSSL_KSSLPROTO_H
27 #define	_INET_KSSL_KSSLPROTO_H
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 #ifdef	__cplusplus
32 extern "C" {
33 #endif
34 
35 #include <sys/types.h>
36 #include <sys/stream.h>
37 #include <sys/md5.h>
38 #include <sys/sha1.h>
39 #include <sys/crypto/common.h>
40 #include <sys/crypto/api.h>
41 #include <inet/kssl/kssl.h>	/* Cipher suite definitions */
42 #include <inet/kssl/ksslapi.h>
43 #include <inet/kssl/ksslimpl.h>
44 
45 #define	SSL3_RANDOM_LENGTH		32
46 #define	SSL3_SESSIONID_BYTES		32
47 #define	SSL3_HDR_LEN			5
48 #define	SSL3_MAX_RECORD_LENGTH		16384
49 #define	SSL3_PRE_MASTER_SECRET_LEN	48
50 #define	SSL3_MASTER_SECRET_LEN		48
51 #define	SSL3_MD5_PAD_LEN		48
52 #define	SSL3_SHA1_PAD_LEN		40
53 
54 #define	SSL_MIN_CHALLENGE_BYTES		16
55 #define	SSL_MAX_CHALLENGE_BYTES		32
56 
57 #define	SHA1_HASH_LEN			20
58 #define	MD5_HASH_LEN			16
59 #define	MAX_HASH_LEN			SHA1_HASH_LEN
60 
61 #define	KSSL_READ			0
62 #define	KSSL_WRITE			1
63 
64 #define	KSSL_ENCRYPT			0
65 #define	KSSL_DECRYPT			1
66 
67 #define	MSG_INIT			0
68 #define	MSG_INIT_LEN			1
69 #define	MSG_BODY			2
70 
71 /*
72  * More than enough for the cipher suite that needs the
73  * largest key material (AES_256_CBC_SHA needs 136 bytes).
74  */
75 #define	MAX_KEYBLOCK_LENGTH		160
76 
77 #define	TLS_MASTER_SECRET_LABEL		"master secret"
78 #define	TLS_CLIENT_WRITE_KEY_LABEL	"client write key"
79 #define	TLS_SERVER_WRITE_KEY_LABEL	"server write key"
80 #define	TLS_CLIENT_FINISHED_LABEL	"client finished"
81 #define	TLS_SERVER_FINISHED_LABEL	"server finished"
82 #define	TLS_KEY_EXPANSION_LABEL		"key expansion"
83 #define	TLS_IV_BLOCK_LABEL		"IV block"
84 #define	TLS_MAX_LABEL_SIZE		24
85 
86 #define	TLS_FINISHED_SIZE		12
87 
88 /*
89  * The following constants try to insure an input buffer is optimally aligned
90  * for MAC hash computation.  SHA1/MD5 code prefers 4 byte alignment of each
91  * 64byte input block to avoid a copy. Our goal is to reach 4 byte alignment
92  * starting form the 3rd MAC block (input buffer starts in the 3rd block). The
93  * 3rd block includes the first 53 (MD5 SSL3 MAC) or 57 (SHA1 SSL3 MAC) bytes
94  * of the input buffer. This means input buffer should start at offset 3
95  * within a 4 byte word so that its next block is 4 byte aligned. Since the
96  * SSL3 record header is 5 bytes long it should start at at offset 2 within a
97  * 4 byte word. To insure the next record (for buffers that don't fit into 1
98  * SSL3 record) also starts at offset 2 within a 4 byte word the previous
99  * record length should be 3 mod 8 since 5 + 3 mod 8 is 0 i.e. the next record
100  * starts at the same offset within a 4 byte word as the the previous record.
101  */
102 #define	SSL3_MAX_OPTIMAL_RECORD_LENGTH	(SSL3_MAX_RECORD_LENGTH - 1)
103 #define	SSL3_OPTIMAL_RECORD_ALIGNMENT	2
104 
105 /* session state */
106 typedef struct sslSessionIDStr {
107 	uchar_t	session_id[SSL3_SESSIONID_BYTES];
108 	uchar_t master_secret[SSL3_MASTER_SECRET_LEN];
109 	clock_t time;
110 	ipaddr_t client_addr;
111 	boolean_t cached;
112 	uint16_t cipher_suite;
113 } sslSessionID;
114 
115 /* An element of the session cache */
116 typedef struct kssl_sid_ent {
117 	kmutex_t se_lock;
118 	uint64_t se_used;	/* Counter to check hash distribution */
119 	sslSessionID se_sid;
120 	uchar_t  pad[2 * 64 - sizeof (kmutex_t) - sizeof (uint64_t) \
121 	    - sizeof (sslSessionID)];
122 } kssl_sid_ent_t;
123 
124 typedef struct RC4ContextStr {
125 	uchar_t i;
126 	uchar_t j;
127 	uchar_t S[256];
128 } RC4Context;
129 
130 typedef enum {
131     content_change_cipher_spec	= 20,
132     content_alert		= 21,
133     content_handshake		= 22,
134     content_application_data	= 23,
135     content_handshake_v2	= 128
136 } SSL3ContentType;
137 
138 typedef enum {
139     hello_request	= 0,
140     client_hello	= 1,
141     server_hello	= 2,
142     certificate		= 11,
143     server_key_exchange	= 12,
144     certificate_request	= 13,
145     server_hello_done	= 14,
146     certificate_verify	= 15,
147     client_key_exchange	= 16,
148     finished		= 20
149 } SSL3HandshakeType;
150 
151 typedef struct SSL3HandshakeMsgStr {
152 	int state;
153 	SSL3HandshakeType type;
154 	int msglen;
155 	int msglen_bytes;
156 	mblk_t *head;
157 	mblk_t *tail;
158 } SSL3HandshakeMsg;
159 
160 typedef struct KSSLJOBStr {
161 	struct ssl_s	*ssl;
162 	crypto_req_id_t	kjob;
163 	char		*buf;
164 	size_t		buflen;
165 	int		status;
166 } KSSLJOB;
167 
168 typedef struct KSSLMACJOBStr {
169 	struct ssl_s *ssl;
170 	buf_t *in;
171 	buf_t *out;
172 	uchar_t *rstart;
173 	int rlen;
174 	uint64_t seq;
175 	SSL3ContentType ct;
176 	uchar_t *digest;
177 	int dir;
178 } KSSLMACJOB;
179 
180 
181 typedef struct {
182 	uchar_t md5[MD5_HASH_LEN];
183 	uchar_t sha1[SHA1_HASH_LEN];
184 	uchar_t tlshash[TLS_FINISHED_SIZE];
185 } SSL3Hashes;
186 
187 typedef enum {
188 	close_notify		= 0,
189 	unexpected_message	= 10,
190 	bad_record_mac		= 20,
191 	decompression_failure	= 30,
192 	handshake_failure	= 40,
193 	no_certificate		= 41,
194 	bad_certificate		= 42,
195 	unsupported_certificate	= 43,
196 	certificate_revoked	= 44,
197 	certificate_expired	= 45,
198 	certificate_unknown	= 46,
199 	illegal_parameter	= 47,
200 	unknown_ca		= 48,
201 	access_denied		= 49,
202 	decode_error		= 50,
203 	decrypt_error		= 51,
204 	export_restriction	= 60,
205 	protocol_version	= 70,
206 	insufficient_security	= 71,
207 	internal_error		= 80,
208 	user_canceled		= 90,
209 	no_renegotiation	= 100
210 } SSL3AlertDescription;
211 
212 typedef enum {
213 	alert_warning = 1,
214 	alert_fatal = 2
215 } SSL3AlertLevel;
216 
217 typedef enum {
218 	wait_client_hello = 0,
219 	wait_client_key = 1,
220 	wait_client_key_done = 2,
221 	wait_change_cipher = 3,
222 	wait_finished = 4,
223 	idle_handshake = 5
224 } SSL3WaitState;
225 
226 typedef enum {
227     sender_client = 0x434c4e54,
228     sender_server = 0x53525652
229 } SSL3Sender;
230 
231 typedef enum {
232     mac_md5	= 0,
233     mac_sha	= 1
234 } SSL3MACAlgorithm;
235 
236 /* The SSL bulk cipher definition */
237 typedef enum {
238     cipher_null = 0,
239     cipher_rc4 = 1,
240     cipher_des = 2,
241     cipher_3des = 3,
242     cipher_aes128 = 4,
243     cipher_aes256 = 5,
244 } SSL3BulkCipher;
245 
246 typedef enum { type_stream = 0, type_block = 1 } CipherType;
247 
248 typedef struct ssl3CipherSuiteDefStr {
249 	uint16_t		suite;
250 	SSL3BulkCipher		calg;
251 	SSL3MACAlgorithm	malg;
252 	int			keyblksz;
253 } ssl3CipherSuiteDef;
254 
255 typedef void (*hashinit_func_t)(void *);
256 typedef void (*hashupdate_func_t)(void *, uchar_t *, uint32_t);
257 typedef void (*hashfinal_func_t)(uchar_t *, void *);
258 
259 typedef struct KSSLMACDefStr {
260 	int			hashsz;
261 	int			padsz;
262 	hashinit_func_t		HashInit;
263 	hashupdate_func_t	HashUpdate;
264 	hashfinal_func_t	HashFinal;
265 } KSSLMACDef;
266 
267 typedef struct KSSLCipherDefStr {
268 	CipherType		type;
269 	int			bsize;
270 	int			keysz;
271 	crypto_mech_type_t	mech_type;
272 } KSSLCipherDef;
273 
274 typedef union KSSL_HASHCTXUnion {
275 	SHA1_CTX	sha;
276 	MD5_CTX		md5;
277 } KSSL_HASHCTX;
278 
279 typedef struct KSSLCipherSpecStr {
280 	int		mac_hashsz;
281 	int		mac_padsz;
282 	void		(*MAC_HashInit)(void *);
283 	void		(*MAC_HashUpdate)(void *, uchar_t *, uint32_t);
284 	void		(*MAC_HashFinal)(uchar_t *, void *);
285 
286 	CipherType	cipher_type;
287 	int		cipher_bsize;
288 	int		cipher_keysz;
289 
290 	crypto_mechanism_t	cipher_mech;
291 	crypto_mechanism_t	hmac_mech;	/* for TLS */
292 	crypto_key_t		cipher_key;
293 	crypto_key_t		hmac_key;	/* for TLS */
294 
295 	crypto_context_t	cipher_ctx;
296 	crypto_data_t		cipher_data;
297 
298 } KSSLCipherSpec;
299 
300 /*
301  * SSL connection state. This one hangs off of a tcp_t structure.
302  */
303 typedef struct ssl_s {
304 	kmutex_t		kssl_lock;
305 	struct kssl_entry_s	*kssl_entry;
306 	mblk_t			*rec_ass_head;
307 	mblk_t			*rec_ass_tail;
308 	uint_t			kssl_refcnt;
309 	ipaddr_t		faddr;
310 	uint32_t		tcp_mss;
311 	SSL3WaitState		hs_waitstate;
312 	boolean_t		resumed;
313 	boolean_t		close_notify;
314 	boolean_t		fatal_alert;
315 	boolean_t		fatal_error;
316 	boolean_t		alert_sent;
317 	boolean_t		appdata_sent;
318 	boolean_t		activeinput;
319 	SSL3AlertLevel		sendalert_level;
320 	SSL3AlertDescription	sendalert_desc;
321 	mblk_t			*handshake_sendbuf;
322 	mblk_t			*alert_sendbuf;
323 	kssl_callback_t		cke_callback_func;
324 	void			*cke_callback_arg;
325 	uint32_t		macjobs_todo;
326 	uint32_t		macjobs_done;
327 	uint16_t		pending_cipher_suite;
328 	SSL3MACAlgorithm	pending_malg;
329 	SSL3BulkCipher		pending_calg;
330 	int			pending_keyblksz;
331 	uint64_t		seq_num[2];
332 	SSL3HandshakeMsg	msg;
333 	KSSLJOB			job;
334 	KSSLCipherSpec		spec[2];
335 	uchar_t			pending_keyblock[MAX_KEYBLOCK_LENGTH];
336 	uchar_t			mac_secret[2][MAX_HASH_LEN];
337 	KSSL_HASHCTX		mac_ctx[2][2];	/* inner 'n outer per dir */
338 	sslSessionID		sid;
339 	SHA1_CTX		hs_sha1;
340 	MD5_CTX			hs_md5;
341 	SSL3Hashes		hs_hashes;
342 	uchar_t			client_random[SSL3_RANDOM_LENGTH];
343 	uchar_t			server_random[SSL3_RANDOM_LENGTH];
344 	int			sslcnt;
345 	uchar_t			major_version;
346 	uchar_t			minor_version;
347 } ssl_t;
348 
349 #define	IS_TLS(s) (s->major_version == 3 && s->minor_version == 1)
350 
351 #define	SSL3_REC_SIZE(mp)	(uint8_t *)(mp)->b_rptr + 3
352 
353 extern int kssl_spec_init(ssl_t *, int);
354 extern void kssl_send_alert(ssl_t *, SSL3AlertLevel, SSL3AlertDescription);
355 
356 #ifdef	__cplusplus
357 }
358 #endif
359 
360 #endif	/* _INET_KSSL_KSSLPROTO_H */
361