root/usr/src/uts/common/inet/tcp_sig.h 
/*
 * This file and its contents are supplied under the terms of the
 * Common Development and Distribution License ("CDDL"), version 1.0.
 * You may only use this file in accordance with the terms of version
 * 1.0 of the CDDL.
 *
 * A full copy of the text of the CDDL should have accompanied this
 * source.  A copy of the CDDL is also available via the Internet at
 * http://www.illumos.org/license/CDDL.
 */

/*
 * Copyright 2024 Oxide Computer Company
 */

#ifndef _INET_TCPSIG_H
#define _INET_TCPSIG_H

#include <sys/stdbool.h>
#include <inet/keysock.h>
#include <inet/sadb.h>

#ifdef  __cplusplus
extern "C" {
#endif

typedef struct tcpsig_sa {
        list_node_t                     ts_link;

        tcp_stack_t                     *ts_stack;

        sa_family_t                     ts_family;
        struct sockaddr_storage         ts_src;
        struct sockaddr_storage         ts_dst;

        ipsa_key_t                      ts_key;

        kmutex_t                        ts_lock;

        /* All of the following are protected by ts_lock */

        time_t                          ts_addtime;     /* Time added */
        time_t                          ts_usetime;     /* Time of first use */
        time_t                          ts_lastuse;     /* Time of last use */
        time_t                          ts_softexpiretime; /* First soft exp */
        time_t                          ts_hardexpiretime; /* First hard exp */

        /* Configured lifetimes */
        uint64_t                        ts_softaddlt;
        uint64_t                        ts_softuselt;
        uint64_t                        ts_hardaddlt;
        uint64_t                        ts_harduselt;

        uint64_t                        ts_refcnt;
        bool                            ts_tombstoned;
        uint_t                          ts_state;
} tcpsig_sa_t;

typedef struct tcpsig_db {
        krwlock_t                       td_lock;
        list_t                          td_salist;
} tcpsig_db_t;

extern void tcpsig_init(tcp_stack_t *);
extern void tcpsig_fini(tcp_stack_t *);
extern void tcpsig_sa_handler(keysock_t *, mblk_t *, sadb_msg_t *,
    sadb_ext_t **);

extern void tcpsig_sa_rele(tcpsig_sa_t *);
extern bool tcpsig_sa_exists(tcp_t *, bool, tcpsig_sa_t **);
extern bool tcpsig_signature(mblk_t *, tcp_t *, tcpha_t *, int, uint8_t *,
    bool);
extern bool tcpsig_verify(mblk_t *, tcp_t *, tcpha_t *, ip_recv_attr_t *,
    uint8_t *);

#ifdef  __cplusplus
}
#endif

#endif /* _INET_TCPSIG_H */