1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2010 Emulex. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #ifndef _EMLXS_DHCHAP_H
28 #define _EMLXS_DHCHAP_H
29
30 #ifdef __cplusplus
31 extern "C" {
32 #endif
33
34 #ifdef DHCHAP_SUPPORT
35 #include <sys/random.h>
36
37
38 /* emlxs_auth_cfg_t */
39 #define PASSWORD_TYPE_ASCII 1
40 #define PASSWORD_TYPE_BINARY 2
41 #define PASSWORD_TYPE_IGNORE 3
42
43 #define AUTH_MODE_DISABLED 1
44 #define AUTH_MODE_ACTIVE 2
45 #define AUTH_MODE_PASSIVE 3
46
47 #define ELX_DHCHAP 0x01 /* Only one currently supported */
48 #define ELX_FCAP 0x02
49 #define ELX_FCPAP 0x03
50 #define ELX_KERBEROS 0x04
51
52 #define ELX_MD5 0x01
53 #define ELX_SHA1 0x02
54
55 #define ELX_GROUP_NULL 0x01
56 #define ELX_GROUP_1024 0x02
57 #define ELX_GROUP_1280 0x03
58 #define ELX_GROUP_1536 0x04
59 #define ELX_GROUP_2048 0x05
60
61
62 /* AUTH_ELS Code */
63 #define ELS_CMD_AUTH_CODE 0x90
64
65 /* AUTH_ELS Flags */
66
67 /* state ? */
68 #define AUTH_FINISH 0xFF
69 #define AUTH_ABORT 0xFE
70
71 /* auth_msg code for DHCHAP */
72 #define AUTH_REJECT 0x0A
73 #define AUTH_NEGOTIATE 0x0B
74 #define AUTH_DONE 0x0C
75 #define DHCHAP_CHALLENGE 0x10
76 #define DHCHAP_REPLY 0x11
77 #define DHCHAP_SUCCESS 0x12
78
79 /* BIG ENDIAN and LITTLE ENDIAN */
80
81 /* authentication protocol identifiers */
82 #ifdef EMLXS_BIG_ENDIAN
83
84 #define AUTH_DHCHAP 0x00000001
85 #define AUTH_FCAP 0x00000002
86 #define AUTH_FCPAP 0x00000003
87 #define AUTH_KERBEROS 0x00000004
88
89 #define HASH_LIST_TAG 0x0001
90 #define DHGID_LIST_TAG 0x0002
91
92 /* hash function identifiers */
93 #define AUTH_SHA1 0x00000006
94 #define AUTH_MD5 0x00000005
95
96 /* DHCHAP group ids */
97 #define GROUP_NULL 0x00000000
98 #define GROUP_1024 0x00000001
99 #define GROUP_1280 0x00000002
100 #define GROUP_1536 0x00000003
101 #define GROUP_2048 0x00000004
102
103 /* Tran_id Mask */
104 #define AUTH_TRAN_ID_MASK 0x000000FF
105
106 #endif /* EMLXS_BIG_ENDIAN */
107
108 #ifdef EMLXS_LITTLE_ENDIAN
109
110 #define AUTH_DHCHAP 0x01000000
111 #define AUTH_FCAP 0x02000000
112 #define AUTH_FCPAP 0x03000000
113 #define AUTH_KERBEROS 0x04000000
114
115 #define HASH_LIST_TAG 0x0100
116 #define DHGID_LIST_TAG 0x0200
117
118 /* hash function identifiers */
119 #define AUTH_SHA1 0x06000000
120 #define AUTH_MD5 0x05000000
121
122 /* DHCHAP group ids */
123 #define GROUP_NULL 0x00000000
124 #define GROUP_1024 0x01000000
125 #define GROUP_1280 0x02000000
126 #define GROUP_1536 0x03000000
127 #define GROUP_2048 0x04000000
128
129 /* Tran_id Mask */
130 #define AUTH_TRAN_ID_MASK 0xFF000000
131
132 #endif /* EMLXS_LITTLE_ENDIAN */
133
134 /* hash funcs hash length in byte */
135 #define SHA1_LEN 0x00000014 /* 20 bytes */
136 #define MD5_LEN 0x00000010 /* 16 bytes */
137
138 #define HBA_SECURITY 0x20
139
140 /* AUTH_Reject Reason Codes */
141 #define AUTHRJT_FAILURE 0x01
142 #define AUTHRJT_LOGIC_ERR 0x02
143
144 /* LS_RJT Reason Codes for AUTH_ELS */
145 #define LSRJT_AUTH_REQUIRED 0x03
146 #define LSRJT_AUTH_LOGICAL_BSY 0x05
147 #define LSRJT_AUTH_ELS_NOT_SUPPORTED 0x0B
148 #define LSRJT_AUTH_NOT_LOGGED_IN 0x09
149
150 /* AUTH_Reject Reason Code Explanations */
151 #define AUTHEXP_MECH_UNUSABLE 0x01 /* AUTHRJT_LOGIC_ERR */
152 #define AUTHEXP_DHGROUP_UNUSABLE 0x02 /* AUTHRJT_LOGIC_ERR */
153 #define AUTHEXP_HASHFUNC_UNUSABLE 0x03 /* AUTHRJT_LOGIC_ERR */
154 #define AUTHEXP_AUTHTRAN_STARTED 0x04 /* AUTHRJT_LOGIC_ERR */
155 #define AUTHEXP_AUTH_FAILED 0x05 /* AUTHRJT_FAILURE */
156 #define AUTHEXP_BAD_PAYLOAD 0x06 /* AUTHRJT_FAILURE */
157 #define AUTHEXP_BAD_PROTOCOL 0x07 /* AUTHRJT_FAILURE */
158 #define AUTHEXP_RESTART_AUTH 0x08 /* AUTHRJT_LOGIC_ERR */
159 #define AUTHEXP_CONCAT_UNSUPP 0x09 /* AUTHRJT_LOGIC_ERR */
160 #define AUTHEXP_BAD_PROTOVERS 0x0A /* AUTHRJT_LOGIC_ERR */
161
162 /* LS_RJT Reason Code Explanations for AUTH_ELS */
163 #define LSEXP_AUTH_REQUIRED 0x48
164 #define LSEXP_AUTH_ELS_NOT_SUPPORTED 0x2C
165 #define LSEXP_AUTH_ELS_NOT_LOGGED_IN 0x1E
166 #define LSEXP_AUTH_LOGICAL_BUSY 0x00
167
168
169 #define MAX_AUTH_MSA_SIZE 1024
170
171 #define MAX_AUTH_PID 0x4 /* Max auth proto identifier list */
172
173 /* parameter tag */
174 #define HASH_LIST 0x0001
175 #define DHG_ID_LIST 0x0002
176
177 /* name tag from Table 13 v1.8 pp 30 */
178 #ifdef EMLXS_BIG_ENDIAN
179 #define AUTH_NAME_ID 0x0001
180 #define AUTH_NAME_LEN 0x0008
181 #define AUTH_PROTO_NUM 0x00000001
182 #define AUTH_NULL_PARA_LEN 0x00000028
183 #endif /* EMLXS_BIG_ENDIAN */
184
185 #ifdef EMLXS_LITTLE_ENDIAN
186 #define AUTH_NAME_ID 0x0100
187 #define AUTH_NAME_LEN 0x0800
188 #define AUTH_PROTO_NUM 0x01000000
189 #define AUTH_NULL_PARA_LEN 0x28000000
190 #endif /* EMLXS_LITTLE_ENDIAN */
191
192 /* name tag from Table 103 v 1.8 pp 123 */
193 #define AUTH_NODE_NAME 0x0002
194 #define AUTH_PORT_NAME 0x0003
195
196 /*
197 * Sysevent support
198 */
199 /* ddi_log_sysevent() vendors */
200 #define DDI_VENDOR_EMLX "EMLXS"
201
202 /* Class */
203 #define EC_EMLXS "EC_emlxs"
204
205 /* Subclass */
206 #define ESC_EMLXS_01 "ESC_emlxs_issue_auth_negotiate"
207 #define ESC_EMLXS_02 "ESC_emlxs_cmpl_auth_negotiate_issue"
208
209 #define ESC_EMLXS_03 "ESC_emlxs_rcv_auth_msg_auth_negotiate_issue"
210 #define ESC_EMLXS_04 "ESC_emlxs_cmpl_auth_msg_auth_negotiate_issue"
211
212 #define ESC_EMLXS_05 "ESC_emlxs_rcv_auth_msg_unmapped_node"
213 #define ESC_EMLXS_06 "ESC_emlxs_issue_dhchap_challenge"
214 #define ESC_EMLXS_07 "ESC_emlxs_cmpl_dhchap_challenge_issue"
215
216 #define ESC_EMLXS_08 "ESC_emlxs_rcv_auth_msg_dhchap_challenge_cmpl_wait4next"
217
218 #define ESC_EMLXS_09 "ESC_emlxs_rcv_auth_msg_auth_negotiate_rcv"
219 #define ESC_EMLXS_10 "ESC_emlxs_cmpl_auth_msg_auth_negotiate_rcv"
220
221 #define ESC_EMLXS_11 "ESC_emlxs_cmpl_cmpl_dhchap_reply_issue"
222 #define ESC_EMLXS_12 "ESC_emlxs_cmpl_dhchap_reply_issue"
223 #define ESC_EMLXS_13 "ESC_emlxs_cmpl_auth_msg_dhchap_reply_issue"
224
225 #define ESC_EMLXS_14 "ESC_emlxs_cmpl_auth_msg_auth_negotiate_cmpl_wait4next"
226
227 #define ESC_EMLXS_15 "ESC_emlxs_issue_dhchap_success"
228
229 #define ESC_EMLXS_16 "ESC_emlxs_rcv_auth_msg_dhchap_challenge_issue"
230 #define ESC_EMLXS_17 "ESC_emlxs_cmpl_auth_msg_dhchap_challenge_issue"
231
232 #define ESC_EMLXS_18 "ESC_emlxs_rcv_auth_msg_dhchap_reply_issue"
233
234 #define ESC_EMLXS_19 \
235 "ESC_emlxs_cmpl_auth_msg_dhchap_challenge_cmpl_wait4next"
236
237 #define ESC_EMLXS_20 "ESC_emlxs_rcv_auth_msg_dhchap_reply_cmpl_wait4next"
238 #define ESC_EMLXS_21 "ESC_emlxs_cmpl_dhchap_success_issue"
239 #define ESC_EMLXS_22 "ESC_emlxs_cmpl_auth_msg_dhchap_success_issue"
240
241 #define ESC_EMLXS_23 "ESC_emlxs_cmpl_auth_msg_dhchap_reply_cmpl_wait4next"
242
243 #define ESC_EMLXS_24 "ESC_emlxs_rcv_auth_msg_dhchap_success_issue_wait4next"
244 #define ESC_EMLXS_25 "ESC_emlxs_cmpl_auth_msg_dhchap_success_issue_wait4next"
245
246 #define ESC_EMLXS_26 "ESC_emlxs_rcv_auth_msg_dhchap_success_cmpl_wait4next"
247 #define ESC_EMLXS_27 "ESC_emlxs_cmpl_auth_msg_dhchap_success_cmpl_wait4next"
248
249 #define ESC_EMLXS_28 "ESC_emlxs_issue_auth_reject"
250 #define ESC_EMLXS_29 "ESC_emlxs_cmpl_auth_reject_issue"
251
252 #define ESC_EMLXS_30 "ESC_emlxs_rcv_auth_msg_npr_node"
253
254 #define ESC_EMLXS_31 "ESC_emlxs_dhc_reauth_timeout"
255
256 #define ESC_EMLXS_32 "ESC_emlxs_dhc_authrsp_timeout"
257
258 #define ESC_EMLXS_33 "ESC_emlxs_ioctl_auth_setcfg"
259 #define ESC_EMLXS_34 "ESC_emlxs_ioctl_auth_setpwd"
260 #define ESC_EMLXS_35 "ESC_emlxs_ioctl_auth_delcfg"
261 #define ESC_EMLXS_36 "ESC_emlxs_ioctl_auth_delpwd"
262
263
264 /* From HBAnyware dfc lib FC-SP */
265 typedef struct emlxs_auth_cfg
266 {
267 NAME_TYPE local_entity; /* host wwpn (NPIV support) */
268 NAME_TYPE remote_entity; /* switch or target wwpn */
269 uint32_t authentication_timeout;
270 uint32_t authentication_mode;
271 uint32_t bidirectional:1;
272 uint32_t reserved:31;
273 uint32_t authentication_type_priority[4];
274 uint32_t hash_priority[4];
275 uint32_t dh_group_priority[8];
276 uint32_t reauthenticate_time_interval;
277
278 dfc_auth_status_t auth_status;
279 time_t auth_time;
280 struct emlxs_node *node;
281
282 struct emlxs_auth_cfg *prev;
283 struct emlxs_auth_cfg *next;
284 } emlxs_auth_cfg_t;
285
286
287 typedef struct emlxs_auth_key
288 {
289 NAME_TYPE local_entity; /* host wwpn */
290 /* (NPIV support) */
291 NAME_TYPE remote_entity; /* switch or target */
292 /* wwpn */
293 uint16_t local_password_length;
294 uint16_t local_password_type;
295 uint8_t local_password[128]; /* hba authenticates */
296 /* to switch */
297 uint16_t remote_password_length;
298 uint16_t remote_password_type;
299 uint8_t remote_password[128]; /* hba authenticates */
300 /* to switch */
301
302 struct emlxs_node *node;
303
304 struct emlxs_auth_key *prev;
305 struct emlxs_auth_key *next;
306 } emlxs_auth_key_t;
307
308
309 typedef struct emlxs_auth_misc
310 {
311 uint8_t bi_cval[20]; /* our challenge for bi-dir */
312 /* auth in reply as initiator */
313 uint32_t bi_cval_len; /* 16 for MD5, 20 for SHA1 */
314 uint8_t pub_key[512]; /* max is 512 bytes value of */
315 /* (g^y mod p) */
316 uint32_t pubkey_len; /* real length of the pub key */
317 uint8_t ses_key[512]; /* session key: value of */
318 /* (g^xy mod p) */
319 uint32_t seskey_len; /* real length of the session */
320 /* key */
321
322 /* The following are parameters when host is the responder */
323 uint8_t hrsp_cval[20]; /* challenge value from host */
324 /* as responder */
325 uint32_t hrsp_cval_len; /* host as the responder its */
326 /* challenge value len */
327 uint8_t hrsp_priv_key[20]; /* the private key generated */
328 /* in host as responder */
329 uint8_t hrsp_pub_key[512]; /* public key calculated when */
330 /* host as responder */
331 uint32_t hrsp_pubkey_len; /* public key length when */
332 /* host is responder */
333 uint8_t hrsp_ses_key[512]; /* session key computed when */
334 /* host is responder */
335 uint32_t hrsp_seskey_len; /* session key length when */
336 /* host is responder */
337 } emlxs_auth_misc_t;
338
339
340 /*
341 * emlxs_port_dhc struct to be used by emlxs_port_t in emlxs_fc.h
342 *
343 * This structure contains all the data used by DHCHAP.
344 * They are from EMLXSHBA_t in emlxs driver.
345 *
346 */
347 typedef struct emlxs_port_dhc
348 {
349
350 int32_t state;
351 #define ELX_FABRIC_STATE_UNKNOWN 0x00
352 #define ELX_FABRIC_AUTH_DISABLED 0x01
353 #define ELX_FABRIC_AUTH_FAILED 0x02
354 #define ELX_FABRIC_AUTH_SUCCESS 0x03
355 #define ELX_FABRIC_IN_AUTH 0x04
356 #define ELX_FABRIC_IN_REAUTH 0x05
357
358 dfc_auth_status_t auth_status; /* Fabric auth status */
359 time_t auth_time;
360
361 } emlxs_port_dhc_t;
362
363
364 /* Node Events */
365 #define NODE_EVENT_DEVICE_RM 0x0 /* Auth response timeout and */
366 /* fail */
367 #define NODE_EVENT_DEVICE_RECOVERY 0x1 /* Auth response timeout and */
368 /* recovery */
369 #define NODE_EVENT_RCV_AUTH_MSG 0x2 /* Unsolicited Auth received */
370 #define NODE_EVENT_CMPL_AUTH_MSG 0x3
371 #define NODE_EVENT_MAX_EVENT 0x4
372
373 /*
374 * emlxs_node_dhc struct to be used in emlxs_node_t.
375 * They are from emlxs_nodelist_t in emlxs driver.
376 */
377 typedef struct emlxs_node_dhc
378 {
379 uint16_t state; /* used for state machine */
380 #define NODE_STATE_UNKNOWN 0x00
381 #define NODE_STATE_AUTH_DISABLED 0x01
382 #define NODE_STATE_AUTH_FAILED 0x02
383 #define NODE_STATE_AUTH_SUCCESS 0x03
384 #define NODE_STATE_AUTH_NEGOTIATE_ISSUE 0x04
385 #define NODE_STATE_AUTH_NEGOTIATE_RCV 0x05
386 #define NODE_STATE_AUTH_NEGOTIATE_CMPL_WAIT4NEXT 0x06
387 #define NODE_STATE_DHCHAP_CHALLENGE_ISSUE 0x07
388 #define NODE_STATE_DHCHAP_REPLY_ISSUE 0x08
389 #define NODE_STATE_DHCHAP_CHALLENGE_CMPL_WAIT4NEXT 0x09
390 #define NODE_STATE_DHCHAP_REPLY_CMPL_WAIT4NEXT 0x0A
391 #define NODE_STATE_DHCHAP_SUCCESS_ISSUE 0x0B
392 #define NODE_STATE_DHCHAP_SUCCESS_ISSUE_WAIT4NEXT 0x0C
393 #define NODE_STATE_DHCHAP_SUCCESS_CMPL_WAIT4NEXT 0x0D
394 #define NODE_STATE_NOCHANGE 0xFFFFFFFF
395
396 uint16_t prev_state; /* for info only */
397
398 uint32_t disc_refcnt;
399
400 emlxs_auth_cfg_t auth_cfg;
401 emlxs_auth_key_t auth_key;
402
403 uint32_t nlp_authrsp_tmo; /* Response timeout */
404 uint32_t nlp_authrsp_tmocnt;
405
406 uint32_t nlp_auth_tranid_ini; /* tran_id when this */
407 /* node is initiator */
408 uint32_t nlp_auth_tranid_rsp; /* tran_id when this */
409 /* node is responder */
410
411 uint32_t nlp_auth_flag; /* 1:initiator */
412 /* 2:responder */
413 uint32_t nlp_auth_limit; /* 1: NULL DHCHAP */
414 /* 2: full support */
415
416 /* information in DHCHAP_Challenge as the auth responder */
417 uint32_t nlp_auth_hashid;
418 uint32_t nlp_auth_dhgpid;
419 uint32_t nlp_auth_bidir;
420 NAME_TYPE nlp_auth_wwn;
421
422 emlxs_auth_misc_t nlp_auth_misc;
423
424 uint32_t nlp_reauth_tmo;
425 uint16_t nlp_reauth_status;
426 #define NLP_HOST_REAUTH_DISABLED 0x0
427 #define NLP_HOST_REAUTH_ENABLED 0x1
428 #define NLP_HOST_REAUTH_IN_PROGRESS 0x2
429
430 uint32_t nlp_fb_vendor;
431 #define NLP_FABRIC_CISCO 0x1
432 #define NLP_FABRIC_OTHERS 0x2
433
434 uint32_t fc_dhchap_success_expected;
435
436 /* hash_id, dhgp_id are set from responder, host is the initiator */
437 uint32_t hash_id; /* 0x05 for MD5 */
438 /* 0x06 for SHA-1 */
439 uint32_t dhgp_id; /* DH grp identifier */
440
441 uint8_t bi_cval[20]; /* our challenge for */
442 /* bi-dir auth in */
443 /* reply as initiator */
444 uint32_t bi_cval_len; /* 16 for MD5 */
445 /* 20 for SHA1 */
446 uint8_t pub_key[512]; /* max is 512 bytes */
447 /* value (g^y mod p) */
448 uint32_t pubkey_len; /* real length of the */
449 /* pub key */
450 uint8_t ses_key[512]; /* session key: */
451 /* value (g^xy mod p) */
452 uint32_t seskey_len; /* real length of the */
453 /* session key */
454
455 /* The following are parameters when host is the responder */
456
457 uint8_t hrsp_cval[20]; /* challenge value */
458 uint32_t hrsp_cval_len; /* challenge value */
459 /* length */
460 uint8_t hrsp_priv_key[20]; /* private key */
461 /* generated */
462 uint8_t hrsp_pub_key[512]; /* public key */
463 /* computed */
464 uint32_t hrsp_pubkey_len; /* public key length */
465 uint8_t hrsp_ses_key[512]; /* session key */
466 /* computed */
467 uint32_t hrsp_seskey_len; /* session key length */
468
469 uint8_t *deferred_sbp; /* Pending IO for */
470 /* auth completion */
471 uint8_t *deferred_ubp;
472
473 uint32_t flag;
474 #define NLP_REMOTE_AUTH 0x00000001
475 #define NLP_SET_REAUTH_TIME 0x00000002
476
477 emlxs_auth_cfg_t *parent_auth_cfg; /* Original auth_cfg */
478 /* table entry */
479 emlxs_auth_key_t *parent_auth_key; /* Original auth_key */
480 /* table entry */
481 } emlxs_node_dhc_t;
482
483
484 /* For NULL DHCHAP with MD5 and SHA-1 */
485 typedef struct _AUTH_NEGOT_PARAMS_1
486 {
487 uint16_t name_tag; /* set to 0x0001 */
488 uint16_t name_len; /* set to 0x0008 */
489 NAME_TYPE nodeName; /* WWPN */
490 uint32_t proto_num; /* set to 0x5 */
491 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */
492 uint32_t proto_id; /* set to HDCHAP */
493 uint16_t HashList_tag; /* set to 0x0001 */
494 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */
495 uint32_t HashList_value1; /* set to MD5 or SHA1 ID 0x00000005,6 */
496 uint16_t DHgIDList_tag; /* set to 0x0002 */
497 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */
498 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */
499 uint32_t DHgIDList_g1; /* set to 0x0000 0001 */
500 uint32_t DHgIDList_g2; /* set to 0x0000 0002 */
501 uint32_t DHgIDList_g3; /* set to 0x0000 0003 */
502 uint32_t DHgIDList_g4; /* set to 0x0000 0004 */
503 } AUTH_NEGOT_PARAMS_1;
504
505
506 typedef struct _AUTH_NEGOT_PARAMS_2
507 {
508 uint16_t name_tag; /* set to 0x0001 */
509 uint16_t name_len; /* set to 0x0008 */
510 NAME_TYPE nodeName; /* WWPN */
511 uint32_t proto_num; /* set to 0x5 */
512 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */
513 uint32_t proto_id; /* set to HDCHAP */
514 uint16_t HashList_tag; /* set to 0x0001 */
515 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */
516 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */
517 uint32_t HashList_value2; /* set to SHA-1's ID 0x00000006 */
518 uint16_t DHgIDList_tag; /* set to 0x0002 */
519 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */
520 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */
521 uint32_t DHgIDList_g1; /* set to 0x0000 0001 */
522 uint32_t DHgIDList_g2; /* set to 0x0000 0002 */
523 uint32_t DHgIDList_g3; /* set to 0x0000 0003 */
524 uint32_t DHgIDList_g4; /* set to 0x0000 0004 */
525 } AUTH_NEGOT_PARAMS_2;
526
527
528 /* For NULL DHCHAP with MD5 and SHA-1 */
529 typedef struct _AUTH_NEGOT_PARAMS
530 {
531 uint16_t name_tag; /* set to 0x0001 */
532 uint16_t name_len; /* set to 0x0008 */
533 NAME_TYPE nodeName; /* WWPN */
534 uint32_t proto_num; /* set to 0x5 */
535 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */
536 uint32_t proto_id; /* set to HDCHAP */
537 uint16_t HashList_tag; /* set to 0x0001 */
538 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */
539 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */
540 uint32_t HashList_value2; /* set to SHA-1's ID 0x00000006 */
541 uint16_t DHgIDList_tag; /* set to 0x0002 */
542 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */
543 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */
544 uint32_t DHgIDList_g1; /* set to 0x0000 0001 */
545 uint32_t DHgIDList_g2; /* set to 0x0000 0002 */
546 uint32_t DHgIDList_g3; /* set to 0x0000 0003 */
547 uint32_t DHgIDList_g4; /* set to 0x0000 0004 */
548 } AUTH_NEGOT_PARAMS;
549
550 typedef struct _AUTH_NEGOT_PARAMS_NULL_1
551 {
552 uint16_t name_tag; /* set to 0x0001 */
553 uint16_t name_len; /* set to 0x0008 */
554 NAME_TYPE nodeName; /* WWPN */
555 uint32_t proto_num; /* set to 0x5 */
556 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */
557 uint32_t proto_id; /* set to HDCHAP */
558 uint16_t HashList_tag; /* set to 0x0001 */
559 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */
560 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */
561 uint16_t DHgIDList_tag; /* set to 0x0002 */
562 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */
563 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */
564 } AUTH_NEGOT_PARAMS_NULL_1;
565
566 typedef struct _AUTH_NEGOT_PARAMS_NULL_2
567 {
568 uint16_t name_tag; /* set to 0x0001 */
569 uint16_t name_len; /* set to 0x0008 */
570 NAME_TYPE nodeName; /* WWPN */
571 uint32_t proto_num; /* set to 0x5 */
572 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */
573 uint32_t proto_id; /* set to HDCHAP */
574 uint16_t HashList_tag; /* set to 0x0001 */
575 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */
576 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */
577 uint32_t HashList_value2;
578 uint16_t DHgIDList_tag; /* set to 0x0002 */
579 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */
580 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */
581 } AUTH_NEGOT_PARAMS_NULL_2;
582
583
584 /* Generic AUTH ELS Header */
585 typedef struct _AUTH_MSG_HDR
586 {
587 /* 20 bytes in total */
588 uint8_t auth_els_code; /* always 0x90h */
589 uint8_t auth_els_flags;
590 uint8_t auth_msg_code; /* see above */
591 uint8_t proto_version;
592 uint32_t msg_len; /* size of msg payload in byte */
593 uint32_t tran_id;
594 uint16_t name_tag; /* set to 0x0001 */
595 uint16_t name_len; /* set to 0x0008 */
596 NAME_TYPE nodeName; /* WWPN */
597 } AUTH_MSG_HDR;
598
599
600 typedef struct _SHA1_CVAL
601 {
602 uint8_t val[20];
603 } SHA1_CVAL;
604
605
606 typedef struct _MD5_CVAL
607 {
608 uint8_t val[16];
609 } MD5_CVAL;
610
611
612 union challenge_val
613 {
614 SHA1_CVAL sha1;
615 MD5_CVAL md5;
616 };
617
618
619 /* DHCHAP_Replay */
620 typedef struct _DHCHAP_REPLY_HDR
621 {
622 uint8_t auth_els_code; /* always 0x90h */
623 uint8_t auth_els_flags;
624 uint8_t auth_msg_code; /* see above */
625 uint8_t proto_version;
626 uint32_t msg_len; /* size of msg payload in byte */
627 uint32_t tran_id; /* transaction id */
628 } DHCHAP_REPLY_HDR;
629
630
631 /* DHCHAP_Challenge */
632 typedef struct _DHCHAP_CHALL_NULL
633 {
634 AUTH_MSG_HDR msg_hdr;
635 uint32_t hash_id;
636 uint32_t dhgp_id;
637 uint32_t cval_len;
638 } DHCHAP_CHALL_NULL;
639
640 typedef struct _DHCHAP_CHALL
641 {
642 DHCHAP_CHALL_NULL cnul;
643 uint8_t *dhval;
644 } DHCHAP_CHALL;
645
646 /*
647 * size of msg_payload is variable based on the different protocol
648 * parameters supported in the driver.
649 *
650 * For DHCHAP we plan to support NULL, group 1, 2, 3, 4.
651 *
652 * For NULL DHCHAP protocol only: of these protocol identifiers,
653 * we need name_tag = 2 bytes name_len_size = 2 bytes name_len = 8 bytes
654 * number of usable auth proto = 4 bytes
655 *
656 * --------- for example for NULL DHCAHP only --------------------
657 * auth proto #1 len = 4 bytes #1 ID = 4 bytes #1 params = 4 + 16 bytes.
658 * ------ Total for NULL DHCHAP = (16 + 12 + 16 ) = 44 bytes.
659 *
660 * If number of usable auth proto is 5, then we should have 5 auth proto params.
661 * assume we are using name_tag 0x0001, then auth name in total = 12 bytes.
662 *
663 * 12 bytes + 4 bytes = 16 bytes. 4 + 4 + 4 = 12 bytes
664 * (num of usable auth proto size = 4
665 * auth proto params #1 len size = 4
666 * auth prot ID for #1 size = 4
667 *
668 * For DHCHAP param: HashList 2 param tag size (set to 0x0001 as HashList)
669 * 2 param word cnt size (set to 0x0002 as two hash funcs)
670 * 8 for hash ids: MD5 and SHA-1 DHgIDList
671 * 2 param tag size (set to 0x0002 as DHgIDList)
672 * 2 param word cnt size (set to 0x0005 as NULL and 1/2/3/4 groups) 20 for
673 * 5 groups 0x0000 0000 0x0000 0001 0x0000 0002 0x0000 0003 0x0000 0004
674 * Total for FULL group support (16 + 12 + 12 + 24 ) = 64 bytes.
675 *
676 */
677
678 typedef struct _AUTH_MSG_NEGOT_1 { /* in Big Endian format */
679 uint8_t auth_els_code; /* always 0x90h */
680 uint8_t auth_els_flags;
681 uint8_t auth_msg_code; /* see above */
682 uint8_t proto_version;
683 uint32_t msg_len; /* size of msg payload */
684 /* in byte */
685 uint32_t tran_id; /* transaction identifier */
686
687 /* anything else is variable in size (bytes) */
688 /* uint8_t msg_payload[MAX_AUTH_MSG_SIZE]; */
689 AUTH_NEGOT_PARAMS_1 params;
690 } AUTH_MSG_NEGOT_1, *PAUTH_MSG_NEGOT_1;
691
692
693 typedef struct _AUTH_MSG_NEGOT_2 { /* in Big Endian format */
694 uint8_t auth_els_code; /* always 0x90h */
695 uint8_t auth_els_flags;
696 uint8_t auth_msg_code; /* see above */
697 uint8_t proto_version;
698 uint32_t msg_len; /* size of msg payload */
699 /* in byte */
700 uint32_t tran_id; /* transaction identifier */
701
702 /* anything else is variable in size (bytes) */
703 /* uint8_t msg_payload[MAX_AUTH_MSG_SIZE]; */
704 AUTH_NEGOT_PARAMS_2 params;
705 } AUTH_MSG_NEGOT_2, *PAUTH_MSG_NEGOT_2;
706
707
708 typedef struct _AUTH_MSG_NEGOT
709 {
710 /* in Big Endian format */
711 uint8_t auth_els_code; /* always 0x90h */
712 uint8_t auth_els_flags;
713 uint8_t auth_msg_code; /* see above */
714 uint8_t proto_version;
715 uint32_t msg_len; /* size of msg payload */
716 /* in byte */
717 uint32_t tran_id; /* transaction identifier */
718
719 /* anything else is variable in size (bytes) */
720 /* uint8_t msg_payload[MAX_AUTH_MSG_SIZE]; */
721 AUTH_NEGOT_PARAMS params;
722 } AUTH_MSG_NEGOT, *PAUTH_MSG_NEGOT;
723
724
725 /* AUTH_Negotiate msg for NULL DH support only */
726 typedef struct _AUTH_MSG_NEGOT_NULL
727 {
728 uint8_t auth_els_code;
729 uint8_t auth_els_flags;
730 uint8_t auth_msg_code;
731 uint8_t proto_version;
732 uint32_t msg_len;
733 uint32_t tran_id;
734 } AUTH_MSG_NEGOT_NULL, *PAUTH_MSG_NEGOT_NULL;
735
736 typedef struct _AUTH_MSG_NEGOT_NULL_1
737 {
738 uint8_t auth_els_code;
739 uint8_t auth_els_flags;
740 uint8_t auth_msg_code;
741 uint8_t proto_version;
742 uint32_t msg_len;
743 uint32_t tran_id;
744
745 AUTH_NEGOT_PARAMS_NULL_1 params;
746
747 } AUTH_MSG_NEGOT_NULL_1, *PAUTH_MSG_NEGOT_NULL_1;
748
749 typedef struct _AUTH_MSG_NEGOT_NULL_2
750 {
751 uint8_t auth_els_code;
752 uint8_t auth_els_flags;
753 uint8_t auth_msg_code;
754 uint8_t proto_version;
755 uint32_t msg_len;
756 uint32_t tran_id;
757
758 AUTH_NEGOT_PARAMS_NULL_2 params;
759
760 } AUTH_MSG_NEGOT_NULL_2, *PAUTH_MSG_NEGOT_NULL_2;
761
762
763 /* auth_els_flags */
764 #define AUTH_ELS_FLAGS_MASK 0x0f;
765
766
767 typedef struct _AUTH_RJT
768 {
769 uint8_t auth_els_code; /* always 0x90h */
770 uint8_t auth_els_flags;
771 uint8_t auth_msg_code; /* see above */
772 uint8_t proto_version;
773 uint32_t msg_len; /* size of msg payload in byte */
774 uint32_t tran_id; /* transaction identifier */
775
776 uint8_t ReasonCode;
777 uint8_t ReasonCodeExplanation;
778 uint16_t Reserved;
779 } AUTH_RJT, *PAUTH_RJT;
780
781 typedef struct _DHCHAP_SUCCESS_HDR
782 {
783 uint8_t auth_els_code; /* always 0x90h */
784 uint8_t auth_els_flags;
785 uint8_t auth_msg_code; /* see above */
786 uint8_t proto_version;
787 uint32_t msg_len; /* size of msg payload in byte */
788 uint32_t tran_id; /* transaction identifier */
789
790 uint32_t RspVal_len;
791 } DHCHAP_SUCCESS_HDR, *PDHCHAP_SUCCESS_HDR;
792
793
794 typedef struct dh_group_st
795 {
796 unsigned long groupid;
797 unsigned long length;
798 unsigned char value[256];
799 } DH_GROUP, *PDH_GROUP;
800
801 #pragma weak random_get_pseudo_bytes
802
803
804 #endif /* DHCHAP_SUPPORT */
805
806 #ifdef __cplusplus
807 }
808 #endif
809
810 #endif /* _EMLXS_DHCHAP_H */