ksslapi.h revision 5850:0ec7030e8335 
1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23 * Use is subject to license terms.
24 */
25
26#ifndef	_INET_KSSL_KSSLAPI_H
27#define	_INET_KSSL_KSSLAPI_H
28
29#pragma ident	"%Z%%M%	%I%	%E% SMI"
30
31/*
32 * The kernel SSL proxy interface
33 */
34
35
36#ifdef	__cplusplus
37extern "C" {
38#endif
39
40#include	<sys/socket.h>
41#include	<netinet/in.h>
42
43/* return status for the kssl API functions */
44
45typedef enum {
46	KSSL_STS_OK,	/* No further processing required */
47	KSSL_STS_ERR	/* bogus argument  ... */
48} kssl_status_t;
49
50/* Endpoint type */
51typedef	enum {
52	KSSL_NO_PROXY = 0,	/* Not configured for use with KSSL */
53	KSSL_IS_PROXY,		/* Acts as a proxy for someone else */
54	KSSL_HAS_PROXY		/* A proxy is handling its work */
55} kssl_endpt_type_t;
56
57/* Return codes/commands from kssl_handle_record */
58typedef enum {
59	KSSL_CMD_NOT_SUPPORTED,	/* Not supported */
60	KSSL_CMD_SEND,		/* send this packet out on the wire */
61	KSSL_CMD_DELIVER_PROXY,	/* deliver this packet to proxy listener */
62	KSSL_CMD_DELIVER_SSL,	/* Deliver to the SSL listener */
63	KSSL_CMD_NONE,		/* consider it consumed. (ACK it, ... */
64	KSSL_CMD_QUEUED		/* Queued, a call back will finish it */
65} kssl_cmd_t;
66
67typedef enum {
68	KSSL_EVENT_CLOSE	/* close this context */
69} kssl_event_t;
70
71/* Un opaque context of an SSL connection */
72typedef void *kssl_ctx_t;
73
74/* Un opaque handle for an SSL map entry */
75typedef	void *kssl_ent_t;
76
77#define	SSL3_HDR_LEN		5
78#define	SSL3_WROFFSET		7	/* 5 hdr + 2 byte-alignment */
79#define	SSL3_MAX_TAIL_LEN	36	/* 16 AES blocks +  20 SHA1 digest */
80#define	SSL3_MAX_RECORD_LEN	16384 - 1 - SSL3_HDR_LEN - SSL3_MAX_TAIL_LEN
81
82
83kssl_endpt_type_t kssl_check_proxy(mblk_t *, void *, kssl_ent_t *);
84
85kssl_status_t kssl_init_context(kssl_ent_t, uint32_t, int, kssl_ctx_t *);
86
87void kssl_hold_ent(kssl_ent_t);
88void kssl_release_ent(kssl_ent_t, void *, kssl_endpt_type_t);
89void *kssl_find_fallback(kssl_ent_t);
90
91void kssl_hold_ctx(kssl_ctx_t);
92void kssl_release_ctx(kssl_ctx_t);
93
94typedef void (*kssl_callback_t)(void *arg, mblk_t *mp, kssl_cmd_t cmd);
95
96kssl_cmd_t kssl_input(kssl_ctx_t, mblk_t *, mblk_t **, boolean_t *,
97    kssl_callback_t cbfn, void *arg);
98
99kssl_cmd_t kssl_handle_mblk(kssl_ctx_t, mblk_t **, mblk_t **);
100
101mblk_t *kssl_build_record(kssl_ctx_t, mblk_t *);
102
103
104#ifdef	__cplusplus
105}
106#endif
107
108#endif	/* _INET_KSSL_KSSLAPI_H */
109