1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25#ifndef _INET_KSSL_KSSLAPI_H 26#define _INET_KSSL_KSSLAPI_H 27 28/* 29 * The kernel SSL proxy interface 30 */ 31 32 33#ifdef __cplusplus 34extern "C" { 35#endif 36 37#include <sys/socket.h> 38#include <netinet/in.h> 39 40/* return status for the kssl API functions */ 41 42typedef enum { 43 KSSL_STS_OK, /* No further processing required */ 44 KSSL_STS_ERR /* bogus argument ... */ 45} kssl_status_t; 46 47/* Endpoint type */ 48typedef enum { 49 KSSL_NO_PROXY = 0, /* Not configured for use with KSSL */ 50 KSSL_IS_PROXY, /* Acts as a proxy for someone else */ 51 KSSL_HAS_PROXY /* A proxy is handling its work */ 52} kssl_endpt_type_t; 53 54/* Return codes/commands from kssl_handle_record */ 55typedef enum { 56 KSSL_CMD_NOT_SUPPORTED, /* Not supported */ 57 KSSL_CMD_SEND, /* send this packet out on the wire */ 58 KSSL_CMD_DELIVER_PROXY, /* deliver this packet to proxy listener */ 59 KSSL_CMD_DELIVER_SSL, /* Deliver to the SSL listener */ 60 KSSL_CMD_NONE, /* consider it consumed. (ACK it, ... */ 61 KSSL_CMD_QUEUED /* Queued, a call back will finish it */ 62} kssl_cmd_t; 63 64/* Un opaque context of an SSL connection */ 65typedef void *kssl_ctx_t; 66 67/* Un opaque handle for an SSL map entry */ 68typedef void *kssl_ent_t; 69 70#define SSL3_HDR_LEN 5 71#define SSL3_WROFFSET 7 /* 5 hdr + 2 byte-alignment */ 72#define SSL3_MAX_TAIL_LEN 36 /* 16 AES blocks + 20 SHA1 digest */ 73#define SSL3_MAX_RECORD_LEN 16384 - 1 - SSL3_HDR_LEN - SSL3_MAX_TAIL_LEN 74 75 76kssl_endpt_type_t kssl_check_proxy(struct sockaddr *, socklen_t, void *, 77 kssl_ent_t *); 78 79kssl_status_t kssl_init_context(kssl_ent_t, struct sockaddr *, int, 80 kssl_ctx_t *); 81void kssl_set_mss(kssl_ctx_t, uint32_t); 82 83void kssl_hold_ent(kssl_ent_t); 84void kssl_release_ent(kssl_ent_t, void *, kssl_endpt_type_t); 85void *kssl_find_fallback(kssl_ent_t); 86 87void kssl_release_ctx(kssl_ctx_t); 88void kssl_async_done(kssl_ctx_t); 89 90typedef void (*kssl_callback_t)(void *arg, mblk_t *mp, kssl_cmd_t cmd); 91 92kssl_cmd_t kssl_input(kssl_ctx_t, mblk_t *, mblk_t **, boolean_t *, 93 kssl_callback_t cbfn, void *arg); 94 95kssl_cmd_t kssl_handle_mblk(kssl_ctx_t, mblk_t **, mblk_t **); 96 97mblk_t *kssl_build_record(kssl_ctx_t, mblk_t *); 98 99 100#ifdef __cplusplus 101} 102#endif 103 104#endif /* _INET_KSSL_KSSLAPI_H */ 105