1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2010 Emulex. All rights reserved.
24 * Use is subject to license terms.
25 */
26 /*
27 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
28 */
29
30 #ifndef _EMLXS_DHCHAP_H
31 #define _EMLXS_DHCHAP_H
32
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36
37 #ifdef DHCHAP_SUPPORT
38 #include <sys/random.h>
39
40
41 /* emlxs_auth_cfg_t */
42 #define PASSWORD_TYPE_ASCII 1
43 #define PASSWORD_TYPE_BINARY 2
44 #define PASSWORD_TYPE_IGNORE 3
45
46 #define AUTH_MODE_DISABLED 1
47 #define AUTH_MODE_ACTIVE 2
48 #define AUTH_MODE_PASSIVE 3
49
50 #define ELX_DHCHAP 0x01 /* Only one currently supported */
51 #define ELX_FCAP 0x02
52 #define ELX_FCPAP 0x03
53 #define ELX_KERBEROS 0x04
54
55 #define ELX_MD5 0x01
56 #define ELX_SHA1 0x02
57
58 #define ELX_GROUP_NULL 0x01
59 #define ELX_GROUP_1024 0x02
60 #define ELX_GROUP_1280 0x03
61 #define ELX_GROUP_1536 0x04
62 #define ELX_GROUP_2048 0x05
63
64
65 /* AUTH_ELS Code */
66 #define ELS_CMD_AUTH_CODE 0x90
67
68 /* AUTH_ELS Flags */
69
70 /* state ? */
71 #define AUTH_FINISH 0xFF
72 #define AUTH_ABORT 0xFE
73
74 /* auth_msg code for DHCHAP */
75 #define AUTH_REJECT 0x0A
76 #define AUTH_NEGOTIATE 0x0B
77 #define AUTH_DONE 0x0C
78 #define DHCHAP_CHALLENGE 0x10
79 #define DHCHAP_REPLY 0x11
80 #define DHCHAP_SUCCESS 0x12
81
82 /* BIG ENDIAN and LITTLE ENDIAN */
83
84 /* authentication protocol identifiers */
85 #ifdef EMLXS_BIG_ENDIAN
86
87 #define AUTH_DHCHAP 0x00000001
88 #define AUTH_FCAP 0x00000002
89 #define AUTH_FCPAP 0x00000003
90 #define AUTH_KERBEROS 0x00000004
91
92 #define HASH_LIST_TAG 0x0001
93 #define DHGID_LIST_TAG 0x0002
94
95 /* hash function identifiers */
96 #define AUTH_SHA1 0x00000006
97 #define AUTH_MD5 0x00000005
98
99 /* DHCHAP group ids */
100 #define GROUP_NULL 0x00000000
101 #define GROUP_1024 0x00000001
102 #define GROUP_1280 0x00000002
103 #define GROUP_1536 0x00000003
104 #define GROUP_2048 0x00000004
105
106 /* Tran_id Mask */
107 #define AUTH_TRAN_ID_MASK 0x000000FF
108
109 #endif /* EMLXS_BIG_ENDIAN */
110
111 #ifdef EMLXS_LITTLE_ENDIAN
112
113 #define AUTH_DHCHAP 0x01000000
114 #define AUTH_FCAP 0x02000000
115 #define AUTH_FCPAP 0x03000000
116 #define AUTH_KERBEROS 0x04000000
117
118 #define HASH_LIST_TAG 0x0100
119 #define DHGID_LIST_TAG 0x0200
120
121 /* hash function identifiers */
122 #define AUTH_SHA1 0x06000000
123 #define AUTH_MD5 0x05000000
124
125 /* DHCHAP group ids */
126 #define GROUP_NULL 0x00000000
127 #define GROUP_1024 0x01000000
128 #define GROUP_1280 0x02000000
129 #define GROUP_1536 0x03000000
130 #define GROUP_2048 0x04000000
131
132 /* Tran_id Mask */
133 #define AUTH_TRAN_ID_MASK 0xFF000000
134
135 #endif /* EMLXS_LITTLE_ENDIAN */
136
137 /* hash funcs hash length in byte */
138 #define SHA1_LEN 0x00000014 /* 20 bytes */
139 #define MD5_LEN 0x00000010 /* 16 bytes */
140
141 #define HBA_SECURITY 0x20
142
143 /* AUTH_Reject Reason Codes */
144 #define AUTHRJT_FAILURE 0x01
145 #define AUTHRJT_LOGIC_ERR 0x02
146
147 /* LS_RJT Reason Codes for AUTH_ELS */
148 #define LSRJT_AUTH_REQUIRED 0x03
149 #define LSRJT_AUTH_LOGICAL_BSY 0x05
150 #define LSRJT_AUTH_ELS_NOT_SUPPORTED 0x0B
151 #define LSRJT_AUTH_NOT_LOGGED_IN 0x09
152
153 /* AUTH_Reject Reason Code Explanations */
154 #define AUTHEXP_MECH_UNUSABLE 0x01 /* AUTHRJT_LOGIC_ERR */
155 #define AUTHEXP_DHGROUP_UNUSABLE 0x02 /* AUTHRJT_LOGIC_ERR */
156 #define AUTHEXP_HASHFUNC_UNUSABLE 0x03 /* AUTHRJT_LOGIC_ERR */
157 #define AUTHEXP_AUTHTRAN_STARTED 0x04 /* AUTHRJT_LOGIC_ERR */
158 #define AUTHEXP_AUTH_FAILED 0x05 /* AUTHRJT_FAILURE */
159 #define AUTHEXP_BAD_PAYLOAD 0x06 /* AUTHRJT_FAILURE */
160 #define AUTHEXP_BAD_PROTOCOL 0x07 /* AUTHRJT_FAILURE */
161 #define AUTHEXP_RESTART_AUTH 0x08 /* AUTHRJT_LOGIC_ERR */
162 #define AUTHEXP_CONCAT_UNSUPP 0x09 /* AUTHRJT_LOGIC_ERR */
163 #define AUTHEXP_BAD_PROTOVERS 0x0A /* AUTHRJT_LOGIC_ERR */
164
165 /* LS_RJT Reason Code Explanations for AUTH_ELS */
166 #define LSEXP_AUTH_REQUIRED 0x48
167 #define LSEXP_AUTH_ELS_NOT_SUPPORTED 0x2C
168 #define LSEXP_AUTH_ELS_NOT_LOGGED_IN 0x1E
169 #define LSEXP_AUTH_LOGICAL_BUSY 0x00
170
171
172 #define MAX_AUTH_MSA_SIZE 1024
173
174 #define MAX_AUTH_PID 0x4 /* Max auth proto identifier list */
175
176 /* parameter tag */
177 #define HASH_LIST 0x0001
178 #define DHG_ID_LIST 0x0002
179
180 /* name tag from Table 13 v1.8 pp 30 */
181 #ifdef EMLXS_BIG_ENDIAN
182 #define AUTH_NAME_ID 0x0001
183 #define AUTH_NAME_LEN 0x0008
184 #define AUTH_PROTO_NUM 0x00000001
185 #define AUTH_NULL_PARA_LEN 0x00000028
186 #endif /* EMLXS_BIG_ENDIAN */
187
188 #ifdef EMLXS_LITTLE_ENDIAN
189 #define AUTH_NAME_ID 0x0100
190 #define AUTH_NAME_LEN 0x0800
191 #define AUTH_PROTO_NUM 0x01000000
192 #define AUTH_NULL_PARA_LEN 0x28000000
193 #endif /* EMLXS_LITTLE_ENDIAN */
194
195 /* name tag from Table 103 v 1.8 pp 123 */
196 #define AUTH_NODE_NAME 0x0002
197 #define AUTH_PORT_NAME 0x0003
198
199 /*
200 * Sysevent support
201 */
202 /* ddi_log_sysevent() vendors */
203 #define DDI_VENDOR_EMLX "EMLXS"
204
205 /* Class */
206 #define EC_EMLXS "EC_emlxs"
207
208 /* Subclass */
209 #define ESC_EMLXS_01 "ESC_emlxs_issue_auth_negotiate"
210 #define ESC_EMLXS_02 "ESC_emlxs_cmpl_auth_negotiate_issue"
211
212 #define ESC_EMLXS_03 "ESC_emlxs_rcv_auth_msg_auth_negotiate_issue"
213 #define ESC_EMLXS_04 "ESC_emlxs_cmpl_auth_msg_auth_negotiate_issue"
214
215 #define ESC_EMLXS_05 "ESC_emlxs_rcv_auth_msg_unmapped_node"
216 #define ESC_EMLXS_06 "ESC_emlxs_issue_dhchap_challenge"
217 #define ESC_EMLXS_07 "ESC_emlxs_cmpl_dhchap_challenge_issue"
218
219 #define ESC_EMLXS_08 "ESC_emlxs_rcv_auth_msg_dhchap_challenge_cmpl_wait4next"
220
221 #define ESC_EMLXS_09 "ESC_emlxs_rcv_auth_msg_auth_negotiate_rcv"
222 #define ESC_EMLXS_10 "ESC_emlxs_cmpl_auth_msg_auth_negotiate_rcv"
223
224 #define ESC_EMLXS_11 "ESC_emlxs_cmpl_cmpl_dhchap_reply_issue"
225 #define ESC_EMLXS_12 "ESC_emlxs_cmpl_dhchap_reply_issue"
226 #define ESC_EMLXS_13 "ESC_emlxs_cmpl_auth_msg_dhchap_reply_issue"
227
228 #define ESC_EMLXS_14 "ESC_emlxs_cmpl_auth_msg_auth_negotiate_cmpl_wait4next"
229
230 #define ESC_EMLXS_15 "ESC_emlxs_issue_dhchap_success"
231
232 #define ESC_EMLXS_16 "ESC_emlxs_rcv_auth_msg_dhchap_challenge_issue"
233 #define ESC_EMLXS_17 "ESC_emlxs_cmpl_auth_msg_dhchap_challenge_issue"
234
235 #define ESC_EMLXS_18 "ESC_emlxs_rcv_auth_msg_dhchap_reply_issue"
236
237 #define ESC_EMLXS_19 \
238 "ESC_emlxs_cmpl_auth_msg_dhchap_challenge_cmpl_wait4next"
239
240 #define ESC_EMLXS_20 "ESC_emlxs_rcv_auth_msg_dhchap_reply_cmpl_wait4next"
241 #define ESC_EMLXS_21 "ESC_emlxs_cmpl_dhchap_success_issue"
242 #define ESC_EMLXS_22 "ESC_emlxs_cmpl_auth_msg_dhchap_success_issue"
243
244 #define ESC_EMLXS_23 "ESC_emlxs_cmpl_auth_msg_dhchap_reply_cmpl_wait4next"
245
246 #define ESC_EMLXS_24 "ESC_emlxs_rcv_auth_msg_dhchap_success_issue_wait4next"
247 #define ESC_EMLXS_25 "ESC_emlxs_cmpl_auth_msg_dhchap_success_issue_wait4next"
248
249 #define ESC_EMLXS_26 "ESC_emlxs_rcv_auth_msg_dhchap_success_cmpl_wait4next"
250 #define ESC_EMLXS_27 "ESC_emlxs_cmpl_auth_msg_dhchap_success_cmpl_wait4next"
251
252 #define ESC_EMLXS_28 "ESC_emlxs_issue_auth_reject"
253 #define ESC_EMLXS_29 "ESC_emlxs_cmpl_auth_reject_issue"
254
255 #define ESC_EMLXS_30 "ESC_emlxs_rcv_auth_msg_npr_node"
256
257 #define ESC_EMLXS_31 "ESC_emlxs_dhc_reauth_timeout"
258
259 #define ESC_EMLXS_32 "ESC_emlxs_dhc_authrsp_timeout"
260
261 #define ESC_EMLXS_33 "ESC_emlxs_ioctl_auth_setcfg"
262 #define ESC_EMLXS_34 "ESC_emlxs_ioctl_auth_setpwd"
263 #define ESC_EMLXS_35 "ESC_emlxs_ioctl_auth_delcfg"
264 #define ESC_EMLXS_36 "ESC_emlxs_ioctl_auth_delpwd"
265
266
267 /* From HBAnyware dfc lib FC-SP */
268 typedef struct emlxs_auth_cfg
269 {
270 NAME_TYPE local_entity; /* host wwpn (NPIV support) */
271 NAME_TYPE remote_entity; /* switch or target wwpn */
272 uint32_t authentication_timeout;
273 uint32_t authentication_mode;
274 uint32_t bidirectional:1;
275 uint32_t reserved:31;
276 uint32_t authentication_type_priority[4];
277 uint32_t hash_priority[4];
278 uint32_t dh_group_priority[8];
279 uint32_t reauthenticate_time_interval;
280
281 dfc_auth_status_t auth_status;
282 uint32_t auth_time;
283 struct emlxs_node *node;
284
285 struct emlxs_auth_cfg *prev;
286 struct emlxs_auth_cfg *next;
287 } emlxs_auth_cfg_t;
288
289
290 typedef struct emlxs_auth_key
291 {
292 NAME_TYPE local_entity; /* host wwpn */
293 /* (NPIV support) */
294 NAME_TYPE remote_entity; /* switch or target */
295 /* wwpn */
296 uint16_t local_password_length;
297 uint16_t local_password_type;
298 uint8_t local_password[128]; /* hba authenticates */
299 /* to switch */
300 uint16_t remote_password_length;
301 uint16_t remote_password_type;
302 uint8_t remote_password[128]; /* hba authenticates */
303 /* to switch */
304
305 struct emlxs_node *node;
306
307 struct emlxs_auth_key *prev;
308 struct emlxs_auth_key *next;
309 } emlxs_auth_key_t;
310
311
312 typedef struct emlxs_auth_misc
313 {
314 uint8_t bi_cval[20]; /* our challenge for bi-dir */
315 /* auth in reply as initiator */
316 uint32_t bi_cval_len; /* 16 for MD5, 20 for SHA1 */
317 uint8_t pub_key[512]; /* max is 512 bytes value of */
318 /* (g^y mod p) */
319 uint32_t pubkey_len; /* real length of the pub key */
320 uint8_t ses_key[512]; /* session key: value of */
321 /* (g^xy mod p) */
322 uint32_t seskey_len; /* real length of the session */
323 /* key */
324
325 /* The following are parameters when host is the responder */
326 uint8_t hrsp_cval[20]; /* challenge value from host */
327 /* as responder */
328 uint32_t hrsp_cval_len; /* host as the responder its */
329 /* challenge value len */
330 uint8_t hrsp_priv_key[20]; /* the private key generated */
331 /* in host as responder */
332 uint8_t hrsp_pub_key[512]; /* public key calculated when */
333 /* host as responder */
334 uint32_t hrsp_pubkey_len; /* public key length when */
335 /* host is responder */
336 uint8_t hrsp_ses_key[512]; /* session key computed when */
337 /* host is responder */
338 uint32_t hrsp_seskey_len; /* session key length when */
339 /* host is responder */
340 } emlxs_auth_misc_t;
341
342
343 /*
344 * emlxs_port_dhc struct to be used by emlxs_port_t in emlxs_fc.h
345 *
346 * This structure contains all the data used by DHCHAP.
347 * They are from EMLXSHBA_t in emlxs driver.
348 *
349 */
350 typedef struct emlxs_port_dhc
351 {
352
353 int32_t state;
354 #define ELX_FABRIC_STATE_UNKNOWN 0x00
355 #define ELX_FABRIC_AUTH_DISABLED 0x01
356 #define ELX_FABRIC_AUTH_FAILED 0x02
357 #define ELX_FABRIC_AUTH_SUCCESS 0x03
358 #define ELX_FABRIC_IN_AUTH 0x04
359 #define ELX_FABRIC_IN_REAUTH 0x05
360
361 dfc_auth_status_t auth_status; /* Fabric auth status */
362 uint32_t auth_time;
363
364 } emlxs_port_dhc_t;
365
366
367 /* Node Events */
368 #define NODE_EVENT_DEVICE_RM 0x0 /* Auth response timeout and */
369 /* fail */
370 #define NODE_EVENT_DEVICE_RECOVERY 0x1 /* Auth response timeout and */
371 /* recovery */
372 #define NODE_EVENT_RCV_AUTH_MSG 0x2 /* Unsolicited Auth received */
373 #define NODE_EVENT_CMPL_AUTH_MSG 0x3
374 #define NODE_EVENT_MAX_EVENT 0x4
375
376 /*
377 * emlxs_node_dhc struct to be used in emlxs_node_t.
378 * They are from emlxs_nodelist_t in emlxs driver.
379 */
380 typedef struct emlxs_node_dhc
381 {
382 uint16_t state; /* used for state machine */
383 #define NODE_STATE_UNKNOWN 0x00
384 #define NODE_STATE_AUTH_DISABLED 0x01
385 #define NODE_STATE_AUTH_FAILED 0x02
386 #define NODE_STATE_AUTH_SUCCESS 0x03
387 #define NODE_STATE_AUTH_NEGOTIATE_ISSUE 0x04
388 #define NODE_STATE_AUTH_NEGOTIATE_RCV 0x05
389 #define NODE_STATE_AUTH_NEGOTIATE_CMPL_WAIT4NEXT 0x06
390 #define NODE_STATE_DHCHAP_CHALLENGE_ISSUE 0x07
391 #define NODE_STATE_DHCHAP_REPLY_ISSUE 0x08
392 #define NODE_STATE_DHCHAP_CHALLENGE_CMPL_WAIT4NEXT 0x09
393 #define NODE_STATE_DHCHAP_REPLY_CMPL_WAIT4NEXT 0x0A
394 #define NODE_STATE_DHCHAP_SUCCESS_ISSUE 0x0B
395 #define NODE_STATE_DHCHAP_SUCCESS_ISSUE_WAIT4NEXT 0x0C
396 #define NODE_STATE_DHCHAP_SUCCESS_CMPL_WAIT4NEXT 0x0D
397 #define NODE_STATE_NOCHANGE 0xFFFFFFFF
398
399 uint16_t prev_state; /* for info only */
400
401 uint32_t disc_refcnt;
402
403 emlxs_auth_cfg_t auth_cfg;
404 emlxs_auth_key_t auth_key;
405
406 uint32_t nlp_authrsp_tmo; /* Response timeout */
407 uint32_t nlp_authrsp_tmocnt;
408
409 uint32_t nlp_auth_tranid_ini; /* tran_id when this */
410 /* node is initiator */
411 uint32_t nlp_auth_tranid_rsp; /* tran_id when this */
412 /* node is responder */
413
414 uint32_t nlp_auth_flag; /* 1:initiator */
415 /* 2:responder */
416 uint32_t nlp_auth_limit; /* 1: NULL DHCHAP */
417 /* 2: full support */
418
419 /* information in DHCHAP_Challenge as the auth responder */
420 uint32_t nlp_auth_hashid;
421 uint32_t nlp_auth_dhgpid;
422 uint32_t nlp_auth_bidir;
423 NAME_TYPE nlp_auth_wwn;
424
425 emlxs_auth_misc_t nlp_auth_misc;
426
427 uint32_t nlp_reauth_tmo;
428 uint16_t nlp_reauth_status;
429 #define NLP_HOST_REAUTH_DISABLED 0x0
430 #define NLP_HOST_REAUTH_ENABLED 0x1
431 #define NLP_HOST_REAUTH_IN_PROGRESS 0x2
432
433 uint32_t nlp_fb_vendor;
434 #define NLP_FABRIC_CISCO 0x1
435 #define NLP_FABRIC_OTHERS 0x2
436
437 uint32_t fc_dhchap_success_expected;
438
439 /* hash_id, dhgp_id are set from responder, host is the initiator */
440 uint32_t hash_id; /* 0x05 for MD5 */
441 /* 0x06 for SHA-1 */
442 uint32_t dhgp_id; /* DH grp identifier */
443
444 uint8_t bi_cval[20]; /* our challenge for */
445 /* bi-dir auth in */
446 /* reply as initiator */
447 uint32_t bi_cval_len; /* 16 for MD5 */
448 /* 20 for SHA1 */
449 uint8_t pub_key[512]; /* max is 512 bytes */
450 /* value (g^y mod p) */
451 uint32_t pubkey_len; /* real length of the */
452 /* pub key */
453 uint8_t ses_key[512]; /* session key: */
454 /* value (g^xy mod p) */
455 uint32_t seskey_len; /* real length of the */
456 /* session key */
457
458 /* The following are parameters when host is the responder */
459
460 uint8_t hrsp_cval[20]; /* challenge value */
461 uint32_t hrsp_cval_len; /* challenge value */
462 /* length */
463 uint8_t hrsp_priv_key[20]; /* private key */
464 /* generated */
465 uint8_t hrsp_pub_key[512]; /* public key */
466 /* computed */
467 uint32_t hrsp_pubkey_len; /* public key length */
468 uint8_t hrsp_ses_key[512]; /* session key */
469 /* computed */
470 uint32_t hrsp_seskey_len; /* session key length */
471
472 uint8_t *deferred_sbp; /* Pending IO for */
473 /* auth completion */
474 uint8_t *deferred_ubp;
475
476 uint32_t flag;
477 #define NLP_REMOTE_AUTH 0x00000001
478 #define NLP_SET_REAUTH_TIME 0x00000002
479
480 emlxs_auth_cfg_t *parent_auth_cfg; /* Original auth_cfg */
481 /* table entry */
482 emlxs_auth_key_t *parent_auth_key; /* Original auth_key */
483 /* table entry */
484 } emlxs_node_dhc_t;
485
486
487 /* For NULL DHCHAP with MD5 and SHA-1 */
488 typedef struct _AUTH_NEGOT_PARAMS_1
489 {
490 uint16_t name_tag; /* set to 0x0001 */
491 uint16_t name_len; /* set to 0x0008 */
492 NAME_TYPE nodeName; /* WWPN */
493 uint32_t proto_num; /* set to 0x5 */
494 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */
495 uint32_t proto_id; /* set to HDCHAP */
496 uint16_t HashList_tag; /* set to 0x0001 */
497 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */
498 uint32_t HashList_value1; /* set to MD5 or SHA1 ID 0x00000005,6 */
499 uint16_t DHgIDList_tag; /* set to 0x0002 */
500 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */
501 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */
502 uint32_t DHgIDList_g1; /* set to 0x0000 0001 */
503 uint32_t DHgIDList_g2; /* set to 0x0000 0002 */
504 uint32_t DHgIDList_g3; /* set to 0x0000 0003 */
505 uint32_t DHgIDList_g4; /* set to 0x0000 0004 */
506 } AUTH_NEGOT_PARAMS_1;
507
508
509 typedef struct _AUTH_NEGOT_PARAMS_2
510 {
511 uint16_t name_tag; /* set to 0x0001 */
512 uint16_t name_len; /* set to 0x0008 */
513 NAME_TYPE nodeName; /* WWPN */
514 uint32_t proto_num; /* set to 0x5 */
515 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */
516 uint32_t proto_id; /* set to HDCHAP */
517 uint16_t HashList_tag; /* set to 0x0001 */
518 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */
519 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */
520 uint32_t HashList_value2; /* set to SHA-1's ID 0x00000006 */
521 uint16_t DHgIDList_tag; /* set to 0x0002 */
522 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */
523 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */
524 uint32_t DHgIDList_g1; /* set to 0x0000 0001 */
525 uint32_t DHgIDList_g2; /* set to 0x0000 0002 */
526 uint32_t DHgIDList_g3; /* set to 0x0000 0003 */
527 uint32_t DHgIDList_g4; /* set to 0x0000 0004 */
528 } AUTH_NEGOT_PARAMS_2;
529
530
531 /* For NULL DHCHAP with MD5 and SHA-1 */
532 typedef struct _AUTH_NEGOT_PARAMS
533 {
534 uint16_t name_tag; /* set to 0x0001 */
535 uint16_t name_len; /* set to 0x0008 */
536 NAME_TYPE nodeName; /* WWPN */
537 uint32_t proto_num; /* set to 0x5 */
538 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */
539 uint32_t proto_id; /* set to HDCHAP */
540 uint16_t HashList_tag; /* set to 0x0001 */
541 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */
542 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */
543 uint32_t HashList_value2; /* set to SHA-1's ID 0x00000006 */
544 uint16_t DHgIDList_tag; /* set to 0x0002 */
545 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */
546 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */
547 uint32_t DHgIDList_g1; /* set to 0x0000 0001 */
548 uint32_t DHgIDList_g2; /* set to 0x0000 0002 */
549 uint32_t DHgIDList_g3; /* set to 0x0000 0003 */
550 uint32_t DHgIDList_g4; /* set to 0x0000 0004 */
551 } AUTH_NEGOT_PARAMS;
552
553 typedef struct _AUTH_NEGOT_PARAMS_NULL_1
554 {
555 uint16_t name_tag; /* set to 0x0001 */
556 uint16_t name_len; /* set to 0x0008 */
557 NAME_TYPE nodeName; /* WWPN */
558 uint32_t proto_num; /* set to 0x5 */
559 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */
560 uint32_t proto_id; /* set to HDCHAP */
561 uint16_t HashList_tag; /* set to 0x0001 */
562 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */
563 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */
564 uint16_t DHgIDList_tag; /* set to 0x0002 */
565 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */
566 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */
567 } AUTH_NEGOT_PARAMS_NULL_1;
568
569 typedef struct _AUTH_NEGOT_PARAMS_NULL_2
570 {
571 uint16_t name_tag; /* set to 0x0001 */
572 uint16_t name_len; /* set to 0x0008 */
573 NAME_TYPE nodeName; /* WWPN */
574 uint32_t proto_num; /* set to 0x5 */
575 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */
576 uint32_t proto_id; /* set to HDCHAP */
577 uint16_t HashList_tag; /* set to 0x0001 */
578 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */
579 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */
580 uint32_t HashList_value2;
581 uint16_t DHgIDList_tag; /* set to 0x0002 */
582 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */
583 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */
584 } AUTH_NEGOT_PARAMS_NULL_2;
585
586
587 /* Generic AUTH ELS Header */
588 typedef struct _AUTH_MSG_HDR
589 {
590 /* 20 bytes in total */
591 uint8_t auth_els_code; /* always 0x90h */
592 uint8_t auth_els_flags;
593 uint8_t auth_msg_code; /* see above */
594 uint8_t proto_version;
595 uint32_t msg_len; /* size of msg payload in byte */
596 uint32_t tran_id;
597 uint16_t name_tag; /* set to 0x0001 */
598 uint16_t name_len; /* set to 0x0008 */
599 NAME_TYPE nodeName; /* WWPN */
600 } AUTH_MSG_HDR;
601
602
603 typedef struct _SHA1_CVAL
604 {
605 uint8_t val[20];
606 } SHA1_CVAL;
607
608
609 typedef struct _MD5_CVAL
610 {
611 uint8_t val[16];
612 } MD5_CVAL;
613
614
615 union challenge_val
616 {
617 SHA1_CVAL sha1;
618 MD5_CVAL md5;
619 };
620
621
622 /* DHCHAP_Replay */
623 typedef struct _DHCHAP_REPLY_HDR
624 {
625 uint8_t auth_els_code; /* always 0x90h */
626 uint8_t auth_els_flags;
627 uint8_t auth_msg_code; /* see above */
628 uint8_t proto_version;
629 uint32_t msg_len; /* size of msg payload in byte */
630 uint32_t tran_id; /* transaction id */
631 } DHCHAP_REPLY_HDR;
632
633
634 /* DHCHAP_Challenge */
635 typedef struct _DHCHAP_CHALL_NULL
636 {
637 AUTH_MSG_HDR msg_hdr;
638 uint32_t hash_id;
639 uint32_t dhgp_id;
640 uint32_t cval_len;
641 } DHCHAP_CHALL_NULL;
642
643 typedef struct _DHCHAP_CHALL
644 {
645 DHCHAP_CHALL_NULL cnul;
646 uint8_t *dhval;
647 } DHCHAP_CHALL;
648
649 /*
650 * size of msg_payload is variable based on the different protocol
651 * parameters supported in the driver.
652 *
653 * For DHCHAP we plan to support NULL, group 1, 2, 3, 4.
654 *
655 * For NULL DHCHAP protocol only: of these protocol identifiers,
656 * we need name_tag = 2 bytes name_len_size = 2 bytes name_len = 8 bytes
657 * number of usable auth proto = 4 bytes
658 *
659 * --------- for example for NULL DHCAHP only --------------------
660 * auth proto #1 len = 4 bytes #1 ID = 4 bytes #1 params = 4 + 16 bytes.
661 * ------ Total for NULL DHCHAP = (16 + 12 + 16 ) = 44 bytes.
662 *
663 * If number of usable auth proto is 5, then we should have 5 auth proto params.
664 * assume we are using name_tag 0x0001, then auth name in total = 12 bytes.
665 *
666 * 12 bytes + 4 bytes = 16 bytes. 4 + 4 + 4 = 12 bytes
667 * (num of usable auth proto size = 4
668 * auth proto params #1 len size = 4
669 * auth prot ID for #1 size = 4
670 *
671 * For DHCHAP param: HashList 2 param tag size (set to 0x0001 as HashList)
672 * 2 param word cnt size (set to 0x0002 as two hash funcs)
673 * 8 for hash ids: MD5 and SHA-1 DHgIDList
674 * 2 param tag size (set to 0x0002 as DHgIDList)
675 * 2 param word cnt size (set to 0x0005 as NULL and 1/2/3/4 groups) 20 for
676 * 5 groups 0x0000 0000 0x0000 0001 0x0000 0002 0x0000 0003 0x0000 0004
677 * Total for FULL group support (16 + 12 + 12 + 24 ) = 64 bytes.
678 *
679 */
680
681 typedef struct _AUTH_MSG_NEGOT_1 { /* in Big Endian format */
682 uint8_t auth_els_code; /* always 0x90h */
683 uint8_t auth_els_flags;
684 uint8_t auth_msg_code; /* see above */
685 uint8_t proto_version;
686 uint32_t msg_len; /* size of msg payload */
687 /* in byte */
688 uint32_t tran_id; /* transaction identifier */
689
690 /* anything else is variable in size (bytes) */
691 /* uint8_t msg_payload[MAX_AUTH_MSG_SIZE]; */
692 AUTH_NEGOT_PARAMS_1 params;
693 } AUTH_MSG_NEGOT_1, *PAUTH_MSG_NEGOT_1;
694
695
696 typedef struct _AUTH_MSG_NEGOT_2 { /* in Big Endian format */
697 uint8_t auth_els_code; /* always 0x90h */
698 uint8_t auth_els_flags;
699 uint8_t auth_msg_code; /* see above */
700 uint8_t proto_version;
701 uint32_t msg_len; /* size of msg payload */
702 /* in byte */
703 uint32_t tran_id; /* transaction identifier */
704
705 /* anything else is variable in size (bytes) */
706 /* uint8_t msg_payload[MAX_AUTH_MSG_SIZE]; */
707 AUTH_NEGOT_PARAMS_2 params;
708 } AUTH_MSG_NEGOT_2, *PAUTH_MSG_NEGOT_2;
709
710
711 typedef struct _AUTH_MSG_NEGOT
712 {
713 /* in Big Endian format */
714 uint8_t auth_els_code; /* always 0x90h */
715 uint8_t auth_els_flags;
716 uint8_t auth_msg_code; /* see above */
717 uint8_t proto_version;
718 uint32_t msg_len; /* size of msg payload */
719 /* in byte */
720 uint32_t tran_id; /* transaction identifier */
721
722 /* anything else is variable in size (bytes) */
723 /* uint8_t msg_payload[MAX_AUTH_MSG_SIZE]; */
724 AUTH_NEGOT_PARAMS params;
725 } AUTH_MSG_NEGOT, *PAUTH_MSG_NEGOT;
726
727
728 /* AUTH_Negotiate msg for NULL DH support only */
729 typedef struct _AUTH_MSG_NEGOT_NULL
730 {
731 uint8_t auth_els_code;
732 uint8_t auth_els_flags;
733 uint8_t auth_msg_code;
734 uint8_t proto_version;
735 uint32_t msg_len;
736 uint32_t tran_id;
737 } AUTH_MSG_NEGOT_NULL, *PAUTH_MSG_NEGOT_NULL;
738
739 typedef struct _AUTH_MSG_NEGOT_NULL_1
740 {
741 uint8_t auth_els_code;
742 uint8_t auth_els_flags;
743 uint8_t auth_msg_code;
744 uint8_t proto_version;
745 uint32_t msg_len;
746 uint32_t tran_id;
747
748 AUTH_NEGOT_PARAMS_NULL_1 params;
749
750 } AUTH_MSG_NEGOT_NULL_1, *PAUTH_MSG_NEGOT_NULL_1;
751
752 typedef struct _AUTH_MSG_NEGOT_NULL_2
753 {
754 uint8_t auth_els_code;
755 uint8_t auth_els_flags;
756 uint8_t auth_msg_code;
757 uint8_t proto_version;
758 uint32_t msg_len;
759 uint32_t tran_id;
760
761 AUTH_NEGOT_PARAMS_NULL_2 params;
762
763 } AUTH_MSG_NEGOT_NULL_2, *PAUTH_MSG_NEGOT_NULL_2;
764
765
766 /* auth_els_flags */
767 #define AUTH_ELS_FLAGS_MASK 0x0f;
768
769
770 typedef struct _AUTH_RJT
771 {
772 uint8_t auth_els_code; /* always 0x90h */
773 uint8_t auth_els_flags;
774 uint8_t auth_msg_code; /* see above */
775 uint8_t proto_version;
776 uint32_t msg_len; /* size of msg payload in byte */
777 uint32_t tran_id; /* transaction identifier */
778
779 uint8_t ReasonCode;
780 uint8_t ReasonCodeExplanation;
781 uint16_t Reserved;
782 } AUTH_RJT, *PAUTH_RJT;
783
784 typedef struct _DHCHAP_SUCCESS_HDR
785 {
786 uint8_t auth_els_code; /* always 0x90h */
787 uint8_t auth_els_flags;
788 uint8_t auth_msg_code; /* see above */
789 uint8_t proto_version;
790 uint32_t msg_len; /* size of msg payload in byte */
791 uint32_t tran_id; /* transaction identifier */
792
793 uint32_t RspVal_len;
794 } DHCHAP_SUCCESS_HDR, *PDHCHAP_SUCCESS_HDR;
795
796
797 typedef struct dh_group_st
798 {
799 unsigned long groupid;
800 unsigned long length;
801 unsigned char value[256];
802 } DH_GROUP, *PDH_GROUP;
803
804 #pragma weak random_get_pseudo_bytes
805
806
807 #endif /* DHCHAP_SUPPORT */
808
809 #ifdef __cplusplus
810 }
811 #endif
812
813 #endif /* _EMLXS_DHCHAP_H */