Home | History | Annotate | Download | only in kssl
      1 /*
      2  * CDDL HEADER START
      3  *
      4  * The contents of this file are subject to the terms of the
      5  * Common Development and Distribution License (the "License").
      6  * You may not use this file except in compliance with the License.
      7  *
      8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
      9  * or http://www.opensolaris.org/os/licensing.
     10  * See the License for the specific language governing permissions
     11  * and limitations under the License.
     12  *
     13  * When distributing Covered Code, include this CDDL HEADER in each
     14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     15  * If applicable, add the following below this CDDL HEADER, with the
     16  * fields enclosed by brackets "[]" replaced with your own identifying
     17  * information: Portions Copyright [yyyy] [name of copyright owner]
     18  *
     19  * CDDL HEADER END
     20  */
     21 /*
     22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
     23  * Use is subject to license terms.
     24  */
     25 
     26 #ifndef	_INET_KSSL_KSSLAPI_H
     27 #define	_INET_KSSL_KSSLAPI_H
     28 
     29 /*
     30  * The kernel SSL proxy interface
     31  */
     32 
     33 
     34 #ifdef	__cplusplus
     35 extern "C" {
     36 #endif
     37 
     38 #include	<sys/socket.h>
     39 #include	<netinet/in.h>
     40 
     41 /* return status for the kssl API functions */
     42 
     43 typedef enum {
     44 	KSSL_STS_OK,	/* No further processing required */
     45 	KSSL_STS_ERR	/* bogus argument  ... */
     46 } kssl_status_t;
     47 
     48 /* Endpoint type */
     49 typedef	enum {
     50 	KSSL_NO_PROXY = 0,	/* Not configured for use with KSSL */
     51 	KSSL_IS_PROXY,		/* Acts as a proxy for someone else */
     52 	KSSL_HAS_PROXY		/* A proxy is handling its work */
     53 } kssl_endpt_type_t;
     54 
     55 /* Return codes/commands from kssl_handle_record */
     56 typedef enum {
     57 	KSSL_CMD_NOT_SUPPORTED,	/* Not supported */
     58 	KSSL_CMD_SEND,		/* send this packet out on the wire */
     59 	KSSL_CMD_DELIVER_PROXY,	/* deliver this packet to proxy listener */
     60 	KSSL_CMD_DELIVER_SSL,	/* Deliver to the SSL listener */
     61 	KSSL_CMD_NONE,		/* consider it consumed. (ACK it, ... */
     62 	KSSL_CMD_QUEUED		/* Queued, a call back will finish it */
     63 } kssl_cmd_t;
     64 
     65 /* Un opaque context of an SSL connection */
     66 typedef void *kssl_ctx_t;
     67 
     68 /* Un opaque handle for an SSL map entry */
     69 typedef	void *kssl_ent_t;
     70 
     71 #define	SSL3_HDR_LEN		5
     72 #define	SSL3_WROFFSET		7	/* 5 hdr + 2 byte-alignment */
     73 #define	SSL3_MAX_TAIL_LEN	36	/* 16 AES blocks +  20 SHA1 digest */
     74 #define	SSL3_MAX_RECORD_LEN	16384 - 1 - SSL3_HDR_LEN - SSL3_MAX_TAIL_LEN
     75 
     76 
     77 kssl_endpt_type_t kssl_check_proxy(mblk_t *, void *, kssl_ent_t *);
     78 
     79 kssl_status_t kssl_init_context(kssl_ent_t, void *, boolean_t,
     80     int, kssl_ctx_t *);
     81 
     82 void kssl_hold_ent(kssl_ent_t);
     83 void kssl_release_ent(kssl_ent_t, void *, kssl_endpt_type_t);
     84 void *kssl_find_fallback(kssl_ent_t);
     85 
     86 void kssl_hold_ctx(kssl_ctx_t);
     87 void kssl_release_ctx(kssl_ctx_t);
     88 
     89 typedef void (*kssl_callback_t)(void *arg, mblk_t *mp, kssl_cmd_t cmd);
     90 
     91 kssl_cmd_t kssl_input(kssl_ctx_t, mblk_t *, mblk_t **, boolean_t *,
     92     kssl_callback_t cbfn, void *arg);
     93 
     94 kssl_cmd_t kssl_handle_mblk(kssl_ctx_t, mblk_t **, mblk_t **);
     95 
     96 mblk_t *kssl_build_record(kssl_ctx_t, mblk_t *);
     97 
     98 
     99 #ifdef	__cplusplus
    100 }
    101 #endif
    102 
    103 #endif	/* _INET_KSSL_KSSLAPI_H */
    104