xref: /onnv-gate/usr/src/uts/common/inet/kssl/kssl.h (revision 12381:490a3ce45042) 
1898Skais /*
2898Skais  * CDDL HEADER START
3898Skais  *
4898Skais  * The contents of this file are subject to the terms of the
52800Skrishna  * Common Development and Distribution License (the "License").
62800Skrishna  * You may not use this file except in compliance with the License.
7898Skais  *
8898Skais  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9898Skais  * or http://www.opensolaris.org/os/licensing.
10898Skais  * See the License for the specific language governing permissions
11898Skais  * and limitations under the License.
12898Skais  *
13898Skais  * When distributing Covered Code, include this CDDL HEADER in each
14898Skais  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15898Skais  * If applicable, add the following below this CDDL HEADER, with the
16898Skais  * fields enclosed by brackets "[]" replaced with your own identifying
17898Skais  * information: Portions Copyright [yyyy] [name of copyright owner]
18898Skais  *
19898Skais  * CDDL HEADER END
20898Skais  */
21898Skais /*
22*12381SVladimir.Kotal@Sun.COM  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23898Skais  */
24898Skais 
25898Skais #ifndef	_INET_KSSL_KSSL_H
26898Skais #define	_INET_KSSL_KSSL_H
27898Skais 
28898Skais #ifdef	__cplusplus
29898Skais extern "C" {
30898Skais #endif
31898Skais 
32898Skais #include <sys/types.h>
33898Skais #include <netinet/in.h>
34898Skais #include <sys/crypto/common.h>
35898Skais 
36898Skais /* These are re-definition from <crypto/ioctl.h>  */
37898Skais typedef struct kssl_object_attribute {
38898Skais 	uint64_t	ka_type;		/* attribute type */
39898Skais 	uint32_t	ka_value_offset;	/* offset to attribute value */
40898Skais 	uint32_t	ka_value_len;		/* length of attribute value */
41898Skais } kssl_object_attribute_t;
42898Skais 
43898Skais typedef struct kssl_key {
44898Skais 	crypto_key_format_t ks_format;	/* format identifier */
45898Skais 	uint32_t ks_count;		/* number of attributes */
46898Skais 	uint32_t ks_attrs_offset;	/* offset to the attributes */
47898Skais } kssl_key_t;
48898Skais 
49898Skais typedef struct kssl_certs_s {
50898Skais 	uint32_t sc_count;		/* number of certificates */
51898Skais 	uint32_t sc_sizes_offset;	/* offset to certificates sizes array */
52898Skais 	uint32_t sc_certs_offset;	/* offset to certificates array */
53898Skais } kssl_certs_t;
54898Skais 
552800Skrishna #define	MAX_PIN_LENGTH			1024
562800Skrishna 
572800Skrishna typedef struct kssl_tokinfo_s {
582800Skrishna 	uint8_t toklabel[CRYPTO_EXT_SIZE_LABEL];
592800Skrishna 	uint32_t pinlen;
602800Skrishna 	uint32_t tokpin_offset;		/* offset to the pin */
612800Skrishna 	uint32_t ck_rv;			/* PKCS #11 specific error */
622800Skrishna } kssl_tokinfo_t;
63898Skais 
64*12381SVladimir.Kotal@Sun.COM /* Code point for Signalling Cipher Suite Value (SCSV) */
65*12381SVladimir.Kotal@Sun.COM #define	SSL_SCSV			0x00ff
66*12381SVladimir.Kotal@Sun.COM 
67*12381SVladimir.Kotal@Sun.COM /* Cipher suites */
68898Skais #define	SSL_RSA_WITH_NULL_SHA		0x0002
69898Skais #define	SSL_RSA_WITH_RC4_128_MD5	0x0004
70898Skais #define	SSL_RSA_WITH_RC4_128_SHA	0x0005
71898Skais #define	SSL_RSA_WITH_DES_CBC_SHA	0x0009
72898Skais #define	SSL_RSA_WITH_3DES_EDE_CBC_SHA	0x000a
736788Skrishna #define	TLS_RSA_WITH_AES_128_CBC_SHA	0x002f
746788Skrishna #define	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035
75*12381SVladimir.Kotal@Sun.COM /* total number of cipher suites supported */
766788Skrishna #define	CIPHER_SUITE_COUNT		7
77898Skais #define	CIPHER_NOTSET			0xffff
78898Skais 
79*12381SVladimir.Kotal@Sun.COM /* TLS extension types */
80*12381SVladimir.Kotal@Sun.COM #define	TLSEXT_RENEGOTIATION_INFO	0xff01
81*12381SVladimir.Kotal@Sun.COM 
82898Skais #define	DEFAULT_SID_TIMEOUT		86400	/* 24 hours in seconds */
83898Skais #define	DEFAULT_SID_CACHE_NENTRIES	5000
84898Skais 
85898Skais typedef struct kssl_params_s {
86898Skais 	uint64_t		kssl_params_size; /* total params buf len */
87898Skais 	/* address and port number */
8810520SBhargava.Yenduri@Sun.COM 	struct sockaddr_in6	kssl_addr;
89898Skais 	uint16_t		kssl_proxy_port;
90898Skais 
91898Skais 	uint32_t		kssl_session_cache_timeout;	/* In seconds */
92898Skais 	uint32_t		kssl_session_cache_size;
93898Skais 
94898Skais 	/*
95898Skais 	 * Contains ordered list of cipher suites. We do not include
96898Skais 	 * the one suite with no encryption. Hence the -1.
97898Skais 	 */
98898Skais 	uint16_t		kssl_suites[CIPHER_SUITE_COUNT - 1];
99898Skais 
1002800Skrishna 	uint8_t			kssl_is_nxkey;
1012800Skrishna 	kssl_tokinfo_t		kssl_token;
1022800Skrishna 
103898Skais 	/* certificates */
104898Skais 	kssl_certs_t		kssl_certs;
105898Skais 
106898Skais 	/* private key */
107898Skais 	kssl_key_t		kssl_privkey;
108898Skais } kssl_params_t;
109898Skais 
110898Skais /* The ioctls to /dev/kssl */
1111400Skrishna #define	KSSL_IOC(x)		(('s' << 24) | ('s' << 16) | ('l' << 8) | (x))
112898Skais #define	KSSL_ADD_ENTRY		KSSL_IOC(1)
113898Skais #define	KSSL_DELETE_ENTRY	KSSL_IOC(2)
114898Skais 
115898Skais #ifdef	_KERNEL
116898Skais 
117898Skais extern int kssl_add_entry(kssl_params_t *);
11810520SBhargava.Yenduri@Sun.COM extern int kssl_delete_entry(struct sockaddr_in6 *);
119898Skais 
120898Skais #endif	/* _KERNEL */
121898Skais 
122898Skais #ifdef	__cplusplus
123898Skais }
124898Skais #endif
125898Skais 
126898Skais #endif /* _INET_KSSL_KSSL_H */
127