/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

/*
 *      nis_dhext.h: NIS+ extended Diffie-Hellman interface.
 */

#ifndef _NIS_DHEXT_H
#define _NIS_DHEXT_H

#ifdef __cplusplus
extern "C" {
#endif

#include <rpc/rpc.h>
#include <rpc/key_prot.h>
#include <rpcsvc/nis.h>   /* to get nis_server */


#define AUTH_DES_KEYLEN  192
#define AUTH_DES_ALGTYPE 0
#define AUTH_DES_AUTH_TYPE "DES"

#define AUTH_DES_KEY(k, a) (((k) == AUTH_DES_KEYLEN) && \
                            ((a) == AUTH_DES_ALGTYPE))

#define BITS2NIBBLES(b) ((b)/4)

#define NIS_SVCNAME_NISD        "nisd"
#define NIS_SVCNAME_NISPASSWD   "nispasswd"

typedef struct extdhkey {
        ushort_t        keylen;
        ushort_t        algtype;
        uchar_t         key[1];
} extdhkey_t;

char *__nis_dhext_extract_pkey(netobj *, keylen_t, algtype_t);
int __nis_dhext_extract_keyinfo(nis_server *, extdhkey_t **);


/*
 * NIS+ Security conf file
 */

#define NIS_SEC_CF_PATHNAME             "/etc/rpcsec/nisplussec.conf"
#define NIS_SEC_CF_MAX_FLDLEN           MAX_GSS_NAME


typedef struct {
                char                    *mechname;
                char                    *alias;
                keylen_t                keylen;
                algtype_t               algtype;
                char                    *qop;
                rpc_gss_service_t       secserv;
} mechanism_t;

/* The string that indicates AUTH_DES compat in the nis sec conf file. */
#define NIS_SEC_CF_DES_ALIAS            "des"

/*
 * The value a keylen or algtype mechanism_t element will be set
 * to if the conf file indicates "not applicable" for that field.
 * Except if the alias is equal to NIS_SEC_CF_DES_ALIAS,
 * then the keylen is set to 192 and the algtype to 0.
 */
#define NIS_SEC_CF_NA_KA                -1

/* Is the NIS+ security conf file mech entry a real live GSS mech? */
#define NIS_SEC_CF_GSS_MECH(mp) ((mp)->mechname != NULL)

#define AUTH_DES_COMPAT_CHK(mp) ((mp)->alias && \
                                        (strncasecmp(NIS_SEC_CF_DES_ALIAS, \
                                        (mp)->alias,\
                                        sizeof (NIS_SEC_CF_DES_ALIAS) + 1) \
                                        == 0))

#define VALID_GSS_MECH(m)       ((m) != NULL)

/* valid keylen and algtype check */
#define VALID_KEYALG(k, a)      ((k) != NIS_SEC_CF_NA_KA && \
                                        (a) != NIS_SEC_CF_NA_KA)

#define VALID_ALIAS(a)  ((a) != NULL)

#define VALID_MECH_ENTRY(mp) (VALID_GSS_MECH((mp)->mechname) && \
                                VALID_KEYALG((mp)->keylen, (mp)->algtype) &&\
                                VALID_ALIAS((mp)->alias))

/* Is the mech entry of the public key crypto variety? */
#define MECH_PK_TECH(mp)  (((mp)->alias)[0] == 'd' && ((mp)->alias)[1] == 'h')

#define MECH_MAXATNAME 32       /* Mechanism max size of auth_type name */
#define MECH_MAXALIASNAME 32    /* Mechanism max size of mech alias name */

mechanism_t ** __nis_get_mechanisms(bool_t);
int __nis_translate_mechanism(const char *, int *, int *);
void __nis_release_mechanisms(mechanism_t **);
char *__nis_mechname2alias(const char *, char *, size_t);
char *__nis_authtype2mechalias(const char *, char *, size_t);
char *__nis_mechalias2authtype(const char *, char *, size_t);
char *__nis_keyalg2mechalias(keylen_t, algtype_t, char *, size_t);
char *__nis_keyalg2authtype(keylen_t, algtype_t, char *, size_t);


/*
 * NIS+ GSS Mech Dynamic Library Loading
 */

#define MAXDHNAME       64

char *__nis_get_mechanism_library(keylen_t keylen, algtype_t algtype,
                                        char *buffer, size_t buflen);

void *__nis_get_mechanism_symbol(keylen_t keylen, algtype_t algtype,
                                        const char *);


/*
 * misc prototypes
 */

CLIENT *nis_make_rpchandle_gss_svc(nis_server *, int, rpcprog_t, rpcvers_t,
                                        uint_t, int, int, char *, char *);
CLIENT *nis_make_rpchandle_gss_svc_ruid(nis_server *, int, rpcprog_t, rpcvers_t,
                                        uint_t, int, int, char *, char *);
nis_server *__nis_host2nis_server_g(const char *, bool_t, bool_t, int *);
int __nis_gssprin2netname(rpc_gss_principal_t, char []);
void __nis_auth2princ_rpcgss(char *, struct svc_req *, bool_t, int);

void des_setparity_g(des_block *);
int passwd2des_g(const char *, const char *, int, des_block *, bool_t);
int getpublickey_g(const char [], keylen_t, algtype_t, char *, size_t);
int getsecretkey_g(const char *, keylen_t, algtype_t, char *, size_t,
                        const char *);
int __getpublickey_cached_g(const char [], keylen_t, algtype_t, char *, size_t,
                                        int *);
void __getpublickey_flush_g(const char *, keylen_t, algtype_t);
int __gen_dhkeys_g(char *, char *, keylen_t, algtype_t, char *);
int __gen_common_dhkeys_g(char *, char *, keylen_t, algtype_t, des_block [],
        keynum_t);
int __cbc_triple_crypt(des_block [], char *, uint_t, uint_t, char *);
int key_get_conv_g(const char *, keylen_t, algtype_t, des_block [], keynum_t);
int key_secretkey_is_set_g(keylen_t, algtype_t);
int key_removesecret_g(void);
int key_setnet_g(const char *, const char *, keylen_t, const char *,
                        keylen_t, algtype_t);
int xencrypt_g(char *, keylen_t, algtype_t, const char *, const char [],
                char **, bool_t);
int xdecrypt_g(char *, keylen_t, algtype_t, const char *, const char [],
                bool_t);

#ifdef __cplusplus
}
#endif

#endif /* !_NIS_DHEXT_H */