| 2 |
- |
1 |
.TH TLS 3
|
|
|
2 |
.SH NAME
|
|
|
3 |
tls \- TLS1 and SSL3 record layer
|
|
|
4 |
.SH SYNOPSIS
|
|
|
5 |
.nf
|
|
|
6 |
.B bind -a #a /net
|
|
|
7 |
|
|
|
8 |
.B /net/tls/clone
|
|
|
9 |
.B /net/tls/encalgs
|
|
|
10 |
.B /net/tls/hashalgs
|
|
|
11 |
.BI /net/tls/ n
|
|
|
12 |
.BI /net/tls/ n /ctl
|
|
|
13 |
.BI /net/tls/ n /data
|
|
|
14 |
.BI /net/tls/ n /hand
|
|
|
15 |
.BI /net/tls/ n /stats
|
|
|
16 |
.BI /net/tls/ n /status
|
|
|
17 |
.fi
|
|
|
18 |
.SH DESCRIPTION
|
|
|
19 |
The TLS device implements the record layer protocols
|
|
|
20 |
of Transport Layer Security version 1.0 and Secure Sockets Layer version 3.0.
|
|
|
21 |
It does not implement the handshake protocols, which are responsible for
|
|
|
22 |
mutual authentication and key exchange.
|
|
|
23 |
The
|
|
|
24 |
.I tls
|
|
|
25 |
device can be thought of as filters providing optional encryption and anti-tampering.
|
|
|
26 |
.PP
|
|
|
27 |
The top level directory contains a
|
|
|
28 |
.B clone
|
|
|
29 |
file and subdirectories numbered from zero through at least the last active filter.
|
|
|
30 |
Opening the
|
|
|
31 |
.B clone
|
|
|
32 |
file reserves a filter.
|
|
|
33 |
The file descriptor returned from the
|
|
|
34 |
.IR open (2)
|
|
|
35 |
will point to the control file,
|
|
|
36 |
.BR ctl ,
|
|
|
37 |
of the newly allocated filter.
|
|
|
38 |
Reading the
|
|
|
39 |
.B ctl
|
|
|
40 |
file returns a text string containing the number of the filter directory.
|
|
|
41 |
.PP
|
|
|
42 |
The filter initially cannot be used to pass messages
|
|
|
43 |
and will not encrypt or digest messages.
|
|
|
44 |
It is configured and controlled by writing commands to
|
|
|
45 |
.BR ctl .
|
|
|
46 |
.PP
|
|
|
47 |
The following commands are supported:
|
|
|
48 |
.TP
|
|
|
49 |
.BI fd \ open-fd\ vers
|
|
|
50 |
Pass record messages over the communications channel
|
|
|
51 |
.IR open-fd .
|
|
|
52 |
Initially, outgoing messages use version
|
|
|
53 |
.I vers
|
|
|
54 |
format records, but incoming messages of either version are accepted.
|
|
|
55 |
Valid versions are
|
|
|
56 |
.B 0x300
|
|
|
57 |
for SSLv3.0 and
|
|
|
58 |
.B 0x301
|
|
|
59 |
for TLSv1.0 (which could be known as SSLv3.01.)
|
|
|
60 |
This command must be issued before any other command
|
|
|
61 |
and before reading or writing any messages;
|
|
|
62 |
it may only be executed once.
|
|
|
63 |
.TP
|
|
|
64 |
.BI version \ vers
|
|
|
65 |
Use
|
|
|
66 |
.I vers
|
|
|
67 |
format records for all future records,
|
|
|
68 |
both outgoing and incoming.
|
|
|
69 |
This command may only be executed once.
|
|
|
70 |
.TP
|
|
|
71 |
.BI secret \ hashalg\ encalg\ isclient\ secretdata
|
|
|
72 |
Set up the digesting and encryption algorithms and secrets.
|
|
|
73 |
.I Hashalg
|
|
|
74 |
and
|
|
|
75 |
.I encalg
|
|
|
76 |
must be algorithm names returned by the corresponding files.
|
|
|
77 |
.I Secretdata
|
|
|
78 |
is the base-64 encoded (see
|
|
|
79 |
.IR encode (2))
|
|
|
80 |
secret data used for the algorithms.
|
|
|
81 |
It must contain at least enough data to populate the
|
|
|
82 |
secrets for digesting and encrypting.
|
|
|
83 |
These secrets are divided into three categories: digest secrets, keys, and initialization vectors.
|
|
|
84 |
The secrets are packed in this order, with no extra padding.
|
|
|
85 |
Within each category, the secret for data traveling from the client to the server comes first.
|
|
|
86 |
The incoming and outgoing secrets are automatically selected by devtls based on the
|
|
|
87 |
.I isclient
|
|
|
88 |
argument, which must be non-zero for the client of the TLS handshake,
|
|
|
89 |
and zero for the server.
|
|
|
90 |
.br
|
|
|
91 |
This command must be issued after
|
|
|
92 |
.BR version ,
|
|
|
93 |
and may be issued more than once.
|
|
|
94 |
At least one new
|
|
|
95 |
.I secret
|
|
|
96 |
command must be issued before each
|
|
|
97 |
.I changecipher
|
|
|
98 |
command; similarly, at least one new
|
|
|
99 |
.I secret command
|
|
|
100 |
must precede each incoming changecipher message.
|
|
|
101 |
.TP
|
|
|
102 |
.BI changecipher
|
|
|
103 |
Enable outgoing encryption and digesting as configured by the previous
|
|
|
104 |
.I secret
|
|
|
105 |
command.
|
|
|
106 |
This command sends a
|
|
|
107 |
.I changecipher
|
|
|
108 |
message.
|
|
|
109 |
.TP
|
|
|
110 |
.BI opened
|
|
|
111 |
Enable data messages.
|
|
|
112 |
This command may be issued any number of times,
|
|
|
113 |
although only the first is significant.
|
|
|
114 |
It must follow at least one successful
|
|
|
115 |
.I changecipher
|
|
|
116 |
command.
|
|
|
117 |
.TP
|
|
|
118 |
.BI alert \ alertno
|
|
|
119 |
Send an alert message.
|
|
|
120 |
.I Alertno
|
|
|
121 |
may be a valid alert code for either SSLv3.0 or TLSv1.0,
|
|
|
122 |
and is mapped to an appropriate code for the protocol in use.
|
|
|
123 |
If it is a fatal alert, the filter is set into an error state.
|
|
|
124 |
.PP
|
|
|
125 |
Application messages and handshake messages are communicated using
|
|
|
126 |
.I data
|
|
|
127 |
and
|
|
|
128 |
.IR hand ,
|
|
|
129 |
respectively.
|
|
|
130 |
Only one
|
|
|
131 |
.IR open (2)
|
|
|
132 |
of
|
|
|
133 |
.I hand
|
|
|
134 |
is allowed at a time.
|
|
|
135 |
.PP
|
|
|
136 |
Any record layer headers and trailers are inserted and
|
|
|
137 |
stripped automatically, and are not visible from the outside.
|
|
|
138 |
The device tries to synchronize record boundaries with reads and writes.
|
|
|
139 |
Each read will return data from exactly one record,
|
|
|
140 |
and will return all of the data from the record as long as
|
|
|
141 |
the buffer is big enough.
|
|
|
142 |
Each write will be converted into an integral number of records,
|
|
|
143 |
with all but potentially the last being maximal size.
|
|
|
144 |
The maximum record length supported is 16384 bytes.
|
|
|
145 |
This behavior is not specified in the protocols,
|
|
|
146 |
and may not be followed by other implementations.
|
|
|
147 |
.PP
|
|
|
148 |
If a fatal alert message is received, or a fatal
|
|
|
149 |
.I alert
|
|
|
150 |
command issued, the filter is set into an error state.
|
|
|
151 |
All further correspondence is halted,
|
|
|
152 |
although some pending operations may not be terminated.
|
|
|
153 |
Operations on
|
|
|
154 |
.I data
|
|
|
155 |
will fail with a
|
|
|
156 |
.BR "'tls error'" ,
|
|
|
157 |
and operations on
|
|
|
158 |
.I hand
|
|
|
159 |
will fail with a textual decoding of the alert.
|
|
|
160 |
The current non-fatal alert messages are
|
|
|
161 |
.BR "'close notify'" ,
|
|
|
162 |
.BR "'no renegotiation'" ,
|
|
|
163 |
and
|
|
|
164 |
.B "'handshake canceled by user'"
|
|
|
165 |
(sic).
|
|
|
166 |
Receipt of one of these alerts cause the next read on
|
|
|
167 |
.I hand
|
|
|
168 |
to terminate with an error.
|
|
|
169 |
If the alert is
|
|
|
170 |
.BR "'close notify'" ,
|
|
|
171 |
all future reads will terminate with a
|
|
|
172 |
.B "tls hungup"
|
|
|
173 |
error.
|
|
|
174 |
A
|
|
|
175 |
.B "'close notify'"
|
|
|
176 |
.I alert
|
|
|
177 |
command will terminate all future writes or reads from
|
|
|
178 |
.I data
|
|
|
179 |
with a
|
|
|
180 |
.B "'tls hungup'"
|
|
|
181 |
error.
|
|
|
182 |
.PP
|
|
|
183 |
If an error is encountered while reading or writing
|
|
|
184 |
the underlying communications channel, the error is returned
|
|
|
185 |
to the offending operation.
|
|
|
186 |
If the error is not
|
|
|
187 |
.BR "'interrupted'" ,
|
|
|
188 |
the filter is set into the error state.
|
|
|
189 |
In this case, all future operations on
|
|
|
190 |
.I hand
|
|
|
191 |
will fail with a
|
|
|
192 |
.BR "'channel error'" .
|
|
|
193 |
.PP
|
|
|
194 |
When all file descriptors for a filter have been closed,
|
|
|
195 |
the session is terminated and the filter reclaimed for future use.
|
|
|
196 |
A
|
|
|
197 |
.B "'close notify'"
|
|
|
198 |
alert will be sent on the underlying communications channel
|
|
|
199 |
unless one has already been sent or the filter is in the error state.
|
|
|
200 |
.PP
|
|
|
201 |
Reading
|
|
|
202 |
.I stats
|
|
|
203 |
or
|
|
|
204 |
.I status
|
|
|
205 |
returns information about the filter.
|
|
|
206 |
Each datum is returned on a single line of the form
|
|
|
207 |
.IB tag ": " data .
|
|
|
208 |
.I Stats
|
|
|
209 |
returns the number of bytes communicated by the
|
|
|
210 |
.B data
|
|
|
211 |
and
|
|
|
212 |
.B hand
|
|
|
213 |
channels.
|
|
|
214 |
The four lines returned are tagged by, in order,
|
|
|
215 |
.BR DataIn ,
|
|
|
216 |
.BR DataOut ,
|
|
|
217 |
.BR HandIn ,
|
|
|
218 |
and
|
|
|
219 |
.BR HandOut .
|
|
|
220 |
.I Status
|
|
|
221 |
returns lines following tags:
|
|
|
222 |
.BR State ,
|
|
|
223 |
.BR Version ,
|
|
|
224 |
.BR EncIn ,
|
|
|
225 |
.BR HashIn ,
|
|
|
226 |
.BR NewEncIn ,
|
|
|
227 |
.BR NewHashIn ,
|
|
|
228 |
.BR EncOut ,
|
|
|
229 |
.BR HashOut ,
|
|
|
230 |
.BR NewEncOut ,
|
|
|
231 |
and
|
|
|
232 |
.BR NewHashOut .
|
|
|
233 |
.BR State 's
|
|
|
234 |
value is a string describing the status of the connection,
|
|
|
235 |
and is one of the following:
|
|
|
236 |
.BR 'Handshaking' ,
|
|
|
237 |
.BR 'Established' ,
|
|
|
238 |
.BR 'RemoteClosed' ,
|
|
|
239 |
.BR 'LocalClosed' ,
|
|
|
240 |
.BR 'Alerting' ,
|
|
|
241 |
.BR 'Errored' ,
|
|
|
242 |
or
|
|
|
243 |
.BR 'Closed' .
|
|
|
244 |
.BR Version 's
|
|
|
245 |
give the hexadecimal record layer version in use.
|
|
|
246 |
The
|
|
|
247 |
.B Enc
|
|
|
248 |
and
|
|
|
249 |
.B Hash
|
|
|
250 |
fields return name of the current algorithms in use
|
|
|
251 |
or ready to be used, if any.
|
|
|
252 |
.PP
|
|
|
253 |
Reading
|
|
|
254 |
.I encalgs
|
|
|
255 |
and
|
|
|
256 |
.I hashalgs
|
|
|
257 |
will give the space-separated list of algorithms implemented.
|
|
|
258 |
This will always include
|
|
|
259 |
.BR clear ,
|
|
|
260 |
meaning no encryption or digesting.
|
|
|
261 |
Currently implemented encryption algorithms are
|
|
|
262 |
.BR 'rc4_128' ,
|
|
|
263 |
.BR '3des_ede_cbc' ,
|
|
|
264 |
.B 'aes_128_cbc'
|
|
|
265 |
and
|
|
|
266 |
.BR 'aes_256_cbc' .
|
|
|
267 |
Currently implemented hashing algorithms are
|
|
|
268 |
.B 'md5'
|
|
|
269 |
and
|
|
|
270 |
.BR 'sha1' .
|
|
|
271 |
.SH "SEE ALSO"
|
|
|
272 |
.IR listen (8),
|
|
|
273 |
.IR dial (2),
|
|
|
274 |
.IR pushtls (2)
|
|
|
275 |
.SH SOURCE
|
|
|
276 |
.B /sys/src/9/port/devtls.c
|