/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#ifndef	_INET_KSSL_KSSLAPI_H
#define	_INET_KSSL_KSSLAPI_H

#pragma ident	"%Z%%M%	%I%	%E% SMI"

/*
 * The kernel SSL proxy interface
 */


#ifdef	__cplusplus
extern "C" {
#endif

#include	<sys/socket.h>
#include	<netinet/in.h>

/* return status for the kssl API functions */

typedef enum {
	KSSL_STS_OK,	/* No further processing required */
	KSSL_STS_ERR	/* bogus argument  ... */
} kssl_status_t;

/* Endpoint type */
typedef	enum {
	KSSL_NO_PROXY = 0,	/* Not configured for use with KSSL */
	KSSL_IS_PROXY,		/* Acts as a proxy for someone else */
	KSSL_HAS_PROXY		/* A proxy is handling its work */
} kssl_endpt_type_t;

/* Return codes/commands from kssl_handle_record */
typedef enum {
	KSSL_CMD_NOT_SUPPORTED,	/* Not supported */
	KSSL_CMD_SEND,		/* send this packet out on the wire */
	KSSL_CMD_DELIVER_PROXY,	/* deliver this packet to proxy listener */
	KSSL_CMD_DELIVER_SSL,	/* Deliver to the SSL listener */
	KSSL_CMD_NONE,		/* consider it consumed. (ACK it, ... */
	KSSL_CMD_QUEUED		/* Queued, a call back will finish it */
} kssl_cmd_t;

typedef enum {
	KSSL_EVENT_CLOSE	/* close this context */
} kssl_event_t;

/* Un opaque context of an SSL connection */
typedef void *kssl_ctx_t;

/* Un opaque handle for an SSL map entry */
typedef	void *kssl_ent_t;

#define	SSL3_HDR_LEN		5
#define	SSL3_WROFFSET		7	/* 5 hdr + 2 byte-alignment */
#define	SSL3_MAX_TAIL_LEN	36	/* 16 AES blocks +  20 SHA1 digest */
#define	SSL3_MAX_RECORD_LEN	16384 - 1 - SSL3_HDR_LEN - SSL3_MAX_TAIL_LEN


kssl_endpt_type_t kssl_check_proxy(mblk_t *, void *, kssl_ent_t *);

kssl_status_t kssl_init_context(kssl_ent_t, uint32_t, int, kssl_ctx_t *);

void kssl_hold_ent(kssl_ent_t);
void kssl_release_ent(kssl_ent_t, void *, kssl_endpt_type_t);
void *kssl_find_fallback(kssl_ent_t);

void kssl_hold_ctx(kssl_ctx_t);
void kssl_release_ctx(kssl_ctx_t);

typedef void (*kssl_callback_t)(void *arg, mblk_t *mp, kssl_cmd_t cmd);

kssl_cmd_t kssl_input(kssl_ctx_t, mblk_t *, mblk_t **, boolean_t *,
    kssl_callback_t cbfn, void *arg);

kssl_cmd_t kssl_handle_record(kssl_ctx_t, mblk_t **, mblk_t **);

mblk_t *kssl_build_record(kssl_ctx_t, mblk_t *);


#ifdef	__cplusplus
}
#endif

#endif	/* _INET_KSSL_KSSLAPI_H */