ksslproto.h revision c28749e97052f09388969427adf7df641cdcdc22
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _INET_KSSL_KSSLPROTO_H
#define _INET_KSSL_KSSLPROTO_H
#pragma ident "%Z%%M% %I% %E% SMI"
#ifdef __cplusplus
extern "C" {
#endif
#define SSL3_RANDOM_LENGTH 32
#define SSL3_SESSIONID_BYTES 32
#define SSL3_HDR_LEN 5
#define SSL3_MAX_RECORD_LENGTH 16384
#define SSL3_PRE_MASTER_SECRET_LEN 48
#define SSL3_MASTER_SECRET_LEN 48
#define SSL3_MD5_PAD_LEN 48
#define SSL3_SHA1_PAD_LEN 40
#define SSL_MIN_CHALLENGE_BYTES 16
#define SSL_MAX_CHALLENGE_BYTES 32
#define SHA1_HASH_LEN 20
#define MD5_HASH_LEN 16
#define MAX_HASH_LEN SHA1_HASH_LEN
#define KSSL_READ 0
#define KSSL_WRITE 1
#define KSSL_ENCRYPT 0
#define KSSL_DECRYPT 1
#define MSG_INIT 0
#define MSG_INIT_LEN 1
#define MSG_BODY 2
#define MAX_KEYBLOCK_LENGTH 112
#define TLS_MASTER_SECRET_LABEL "master secret"
#define TLS_CLIENT_WRITE_KEY_LABEL "client write key"
#define TLS_SERVER_WRITE_KEY_LABEL "server write key"
#define TLS_CLIENT_FINISHED_LABEL "client finished"
#define TLS_SERVER_FINISHED_LABEL "server finished"
#define TLS_KEY_EXPANSION_LABEL "key expansion"
#define TLS_IV_BLOCK_LABEL "IV block"
#define TLS_MAX_LABEL_SIZE 24
#define TLS_FINISHED_SIZE 12
/*
* The following constants try to insure an input buffer is optimally aligned
* 64byte input block to avoid a copy. Our goal is to reach 4 byte alignment
* starting form the 3rd MAC block (input buffer starts in the 3rd block). The
* 3rd block includes the first 53 (MD5 SSL3 MAC) or 57 (SHA1 SSL3 MAC) bytes
* of the input buffer. This means input buffer should start at offset 3
* within a 4 byte word so that its next block is 4 byte aligned. Since the
* SSL3 record header is 5 bytes long it should start at at offset 2 within a
* 4 byte word. To insure the next record (for buffers that don't fit into 1
* SSL3 record) also starts at offset 2 within a 4 byte word the previous
* record length should be 3 mod 8 since 5 + 3 mod 8 is 0 i.e. the next record
* starts at the same offset within a 4 byte word as the the previous record.
*/
#define SSL3_OPTIMAL_RECORD_ALIGNMENT 2
/* session state */
typedef struct sslSessionIDStr {
} sslSessionID;
/* An element of the session cache */
typedef struct kssl_sid_ent {
- sizeof (sslSessionID)];
typedef struct RC4ContextStr {
uchar_t i;
uchar_t j;
uchar_t S[256];
} RC4Context;
typedef enum {
content_alert = 21,
content_handshake = 22,
content_application_data = 23,
content_handshake_v2 = 128
typedef enum {
hello_request = 0,
client_hello = 1,
server_hello = 2,
certificate = 11,
server_key_exchange = 12,
certificate_request = 13,
server_hello_done = 14,
certificate_verify = 15,
client_key_exchange = 16,
finished = 20
typedef struct SSL3HandshakeMsgStr {
int state;
int msglen;
int msglen_bytes;
typedef struct KSSLJOBStr {
char *buf;
int status;
} KSSLJOB;
typedef struct KSSLMACJOBStr {
int rlen;
int dir;
} KSSLMACJOB;
typedef struct {
} SSL3Hashes;
typedef enum {
close_notify = 0,
unexpected_message = 10,
bad_record_mac = 20,
decompression_failure = 30,
handshake_failure = 40,
no_certificate = 41,
bad_certificate = 42,
unsupported_certificate = 43,
certificate_revoked = 44,
certificate_expired = 45,
certificate_unknown = 46,
illegal_parameter = 47,
unknown_ca = 48,
access_denied = 49,
decode_error = 50,
decrypt_error = 51,
export_restriction = 60,
protocol_version = 70,
insufficient_security = 71,
internal_error = 80,
user_canceled = 90,
no_renegotiation = 100
typedef enum {
alert_warning = 1,
alert_fatal = 2
typedef enum {
wait_client_hello = 0,
wait_client_key = 1,
wait_client_key_done = 2,
wait_change_cipher = 3,
wait_finished = 4,
idle_handshake = 5
typedef enum {
sender_client = 0x434c4e54,
sender_server = 0x53525652
} SSL3Sender;
typedef enum {
mac_md5 = 0,
mac_sha = 1
/* The SSL bulk cipher definition */
typedef enum {
cipher_null = 0,
cipher_rc4 = 1,
cipher_des = 2,
cipher_3des = 3
typedef struct ssl3CipherSuiteDefStr {
int keyblksz;
typedef void (*hashinit_func_t)(void *);
typedef void (*hashfinal_func_t)(uchar_t *, void *);
typedef struct KSSLMACDefStr {
int hashsz;
int padsz;
} KSSLMACDef;
typedef struct KSSLCipherDefStr {
int bsize;
int keysz;
typedef union KSSL_HASHCTXUnion {
} KSSL_HASHCTX;
typedef struct KSSLCipherSpecStr {
int mac_hashsz;
int mac_padsz;
void (*MAC_HashInit)(void *);
void (*MAC_HashFinal)(uchar_t *, void *);
int cipher_bsize;
int cipher_keysz;
/*
* SSL connection state. This one hangs off of a tcp_t structure.
*/
typedef struct ssl_s {
struct kssl_entry_s *kssl_entry;
void *cke_callback_arg;
int pending_keyblksz;
int sslcnt;
} ssl_t;
extern int kssl_spec_init(ssl_t *, int);
#ifdef __cplusplus
}
#endif
#endif /* _INET_KSSL_KSSLPROTO_H */