/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */
#ifndef _ISCSIT_AUTHCLIENT_H_
#define	_ISCSIT_AUTHCLIENT_H_

#define	ISCSI_AUTH_PASSED	0
#define	ISCSI_AUTH_FAILED	1

enum { iscsitAuthStringMaxLength = 256 };

enum { AuthStringMaxLength = 256 };
enum { AuthStringBlockMaxLength = 1024 };
enum { AuthLargeBinaryMaxLength = 1024 };

enum { iscsitAuthChapResponseLength = 16 };

enum { iscsitAuthMethodMaxCount = 2 };

enum { iscsitAuthChapAlgorithmMd5 = 5 };

enum {
	AKT_CHAP_A = 0,
	AKT_CHAP_I,
	AKT_CHAP_C,
	AKT_CHAP_N,
	AKT_CHAP_R,
	AUTH_KEY_TYPE_MAX
};

typedef union auth_value {
	uint32_t	numeric;
	char		*string;
	unsigned char	*binary;
} auth_value_t;

typedef struct auth_key {
	unsigned char	present;
	unsigned int	len;
	auth_value_t	value;
} auth_key_t;

typedef struct iscsit_auth_key_block {
	auth_key_t	key[AUTH_KEY_TYPE_MAX];
} auth_key_block_t;

typedef struct auth_large_binary {
	unsigned char largeBinary[AuthLargeBinaryMaxLength];
} auth_large_binary_t;

typedef enum {
	AM_CHAP = 1, /* keep 0 as invalid */
	AM_KRB5,
	AM_SPKM1,
	AM_SPKM2,
	AM_SRP,
	AM_NONE
} iscsit_auth_method_t;

typedef enum {
	/* authentication phase start status */
	AP_AM_UNDECIDED = 0,
	AP_AM_PROPOSED,
	AP_AM_DECIDED,

	/* authentication phase for chap */
	AP_CHAP_A_WAITING,
	AP_CHAP_A_RCVD,
	AP_CHAP_R_WAITING,
	AP_CHAP_R_RCVD,

	/* authentication phase for kerberos */
	AP_KRB_REQ_WAITING,
	AP_KRB_REQ_RCVD,

	/* authentication phase done */
	AP_DONE
} iscsit_auth_phase_t;

typedef struct iscsit_auth_client {
	iscsit_auth_phase_t	phase;
	iscsit_auth_method_t	negotiatedMethod;

	auth_large_binary_t	auth_send_binary_block;

	auth_key_block_t	recvKeyBlock;
	auth_key_block_t	sendKeyBlock;
} iscsit_auth_client_t;

void
client_set_numeric_data(auth_key_block_t *keyBlock,
    int key_type,
    uint32_t numeric);

void
client_set_string_data(auth_key_block_t *keyBlock,
    int key_type,
    char *string);

void
client_set_binary_data(auth_key_block_t *keyBlock,
    int key_type,
    unsigned char *binary, unsigned int len);

void
client_get_numeric_data(auth_key_block_t *keyBlock,
    int key_type,
    uint32_t *numeric);

void
client_get_string_data(auth_key_block_t *keyBlock,
    int key_type,
    char **string);

void
client_get_binary_data(auth_key_block_t *keyBlock,
    int key_type,
    unsigned char **binary, unsigned int *len);

int
client_auth_key_present(auth_key_block_t *keyBlock,
    int key_type);

void
client_compute_chap_resp(uchar_t *resp,
    unsigned int chap_i,
    uint8_t *password, int password_len,
    uchar_t *chap_c, unsigned int challenge_len);

int
client_verify_chap_resp(char *target_chap_name, char *initiator_chap_name,
    uint8_t *password, int password_len,
    unsigned int chap_i, uchar_t *chap_c, unsigned int challenge_len,
    uchar_t *chap_r, unsigned int resp_len);

void
auth_random_set_data(uchar_t *data, unsigned int length);

#endif /* _ISCSIT_AUTHCLIENT_H_ */