xref: /onnv-gate/usr/src/uts/common/sys/iscsi_authclient.h (revision 12546:b9d61378e1b8) 
12314Smcneal /*
22314Smcneal  * CDDL HEADER START
32314Smcneal  *
42314Smcneal  * The contents of this file are subject to the terms of the
52314Smcneal  * Common Development and Distribution License (the "License").
62314Smcneal  * You may not use this file except in compliance with the License.
72314Smcneal  *
82314Smcneal  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
92314Smcneal  * or http://www.opensolaris.org/os/licensing.
102314Smcneal  * See the License for the specific language governing permissions
112314Smcneal  * and limitations under the License.
122314Smcneal  *
132314Smcneal  * When distributing Covered Code, include this CDDL HEADER in each
142314Smcneal  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
152314Smcneal  * If applicable, add the following below this CDDL HEADER, with the
162314Smcneal  * fields enclosed by brackets "[]" replaced with your own identifying
172314Smcneal  * information: Portions Copyright [yyyy] [name of copyright owner]
182314Smcneal  *
192314Smcneal  * CDDL HEADER END
202314Smcneal  */
212314Smcneal /*
222314Smcneal  * Copyright 2000 by Cisco Systems, Inc.  All rights reserved.
23*12546SBing.Zhao@Sun.COM  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
242314Smcneal  */
252314Smcneal 
262314Smcneal #ifndef	_ISCSI_AUTHCLIENT_H
272314Smcneal #define	_ISCSI_AUTHCLIENT_H
282314Smcneal 
292314Smcneal 
302314Smcneal /*
312314Smcneal  * This file is the include file for for iscsiAuthClient.c
322314Smcneal  */
332314Smcneal 
342314Smcneal #ifdef __cplusplus
352314Smcneal extern "C" {
362314Smcneal #endif
372314Smcneal 
38*12546SBing.Zhao@Sun.COM enum { iscsiAuthStringMaxLength = 512 };
392314Smcneal enum { iscsiAuthStringBlockMaxLength = 1024 };
402314Smcneal enum { iscsiAuthLargeBinaryMaxLength = 1024 };
412314Smcneal 
422314Smcneal enum { iscsiAuthRecvEndMaxCount = 10 };
432314Smcneal 
442314Smcneal enum { iscsiAuthClientSignature = 0x5984B2E3 };
452314Smcneal 
462314Smcneal enum { iscsiAuthChapResponseLength = 16 };
472314Smcneal 
482314Smcneal /*
492314Smcneal  * Note: The ordering of these values are chosen to match
502314Smcneal  *       the ordering of the keys as shown in the iSCSI spec.
512314Smcneal  *       The table IscsiAuthClientKeyInfo in iscsiAuthClient.c
522314Smcneal  *       must also match this order.
532314Smcneal  */
542314Smcneal enum iscsiAuthKeyType_t {
552314Smcneal 	iscsiAuthKeyTypeNone = -1,
562314Smcneal 	iscsiAuthKeyTypeFirst = 0,
572314Smcneal 	iscsiAuthKeyTypeAuthMethod = iscsiAuthKeyTypeFirst,
582314Smcneal 	iscsiAuthKeyTypeChapAlgorithm,
592314Smcneal 	iscsiAuthKeyTypeChapUsername,
602314Smcneal 	iscsiAuthKeyTypeChapResponse,
612314Smcneal 	iscsiAuthKeyTypeChapIdentifier,
622314Smcneal 	iscsiAuthKeyTypeChapChallenge,
632314Smcneal 	iscsiAuthKeyTypeMaxCount,
642314Smcneal 	iscsiAuthKeyTypeLast = iscsiAuthKeyTypeMaxCount - 1
652314Smcneal };
662314Smcneal typedef enum iscsiAuthKeyType_t IscsiAuthKeyType;
672314Smcneal 
682314Smcneal enum {
692314Smcneal 	/*
702314Smcneal 	 * Common options for all keys.
712314Smcneal 	 */
722314Smcneal 	iscsiAuthOptionReject = -2,
732314Smcneal 	iscsiAuthOptionNotPresent = -1,
742314Smcneal 	iscsiAuthOptionNone = 1,
752314Smcneal 
762314Smcneal 	iscsiAuthMethodChap = 2,
772314Smcneal 	iscsiAuthMethodMaxCount = 2,
782314Smcneal 
792314Smcneal 	iscsiAuthChapAlgorithmMd5 = 5,
802314Smcneal 	iscsiAuthChapAlgorithmMaxCount = 2
812314Smcneal };
822314Smcneal 
832314Smcneal enum iscsiAuthNegRole_t {
842314Smcneal 	iscsiAuthNegRoleOriginator = 1,
852314Smcneal 	iscsiAuthNegRoleResponder = 2
862314Smcneal };
872314Smcneal typedef enum iscsiAuthNegRole_t IscsiAuthNegRole;
882314Smcneal 
892314Smcneal /*
902314Smcneal  * Note: These values are chosen to map to the values sent
912314Smcneal  *       in the iSCSI header.
922314Smcneal  */
932314Smcneal enum iscsiAuthVersion_t {
942314Smcneal 	iscsiAuthVersionDraft8 = 2,
952314Smcneal 	iscsiAuthVersionRfc = 0
962314Smcneal };
972314Smcneal typedef enum iscsiAuthVersion_t IscsiAuthVersion;
982314Smcneal 
992314Smcneal enum iscsiAuthStatus_t {
1002314Smcneal 	iscsiAuthStatusNoError = 0,
1012314Smcneal 	iscsiAuthStatusError,
1022314Smcneal 	iscsiAuthStatusPass,
1032314Smcneal 	iscsiAuthStatusFail,
1042314Smcneal 	iscsiAuthStatusContinue,
1052314Smcneal 	iscsiAuthStatusInProgress
1062314Smcneal };
1072314Smcneal typedef enum iscsiAuthStatus_t IscsiAuthStatus;
1082314Smcneal 
1092314Smcneal enum iscsiAuthDebugStatus_t {
1102314Smcneal 	iscsiAuthDebugStatusNotSet = 0,
1112314Smcneal 
1122314Smcneal 	iscsiAuthDebugStatusAuthPass,
1132314Smcneal 	iscsiAuthDebugStatusAuthRemoteFalse,
1142314Smcneal 
1152314Smcneal 	iscsiAuthDebugStatusAuthFail,
1162314Smcneal 
1172314Smcneal 	iscsiAuthDebugStatusAuthMethodBad,
1182314Smcneal 	iscsiAuthDebugStatusChapAlgorithmBad,
1192314Smcneal 	iscsiAuthDebugStatusPasswordDecryptFailed,
1202314Smcneal 	iscsiAuthDebugStatusPasswordTooShortWithNoIpSec,
1212314Smcneal 	iscsiAuthDebugStatusAuthServerError,
1222314Smcneal 	iscsiAuthDebugStatusAuthStatusBad,
1232314Smcneal 	iscsiAuthDebugStatusAuthPassNotValid,
1242314Smcneal 	iscsiAuthDebugStatusSendDuplicateSetKeyValue,
1252314Smcneal 	iscsiAuthDebugStatusSendStringTooLong,
1262314Smcneal 	iscsiAuthDebugStatusSendTooMuchData,
1272314Smcneal 
1282314Smcneal 	iscsiAuthDebugStatusAuthMethodExpected,
1292314Smcneal 	iscsiAuthDebugStatusChapAlgorithmExpected,
1302314Smcneal 	iscsiAuthDebugStatusChapIdentifierExpected,
1312314Smcneal 	iscsiAuthDebugStatusChapChallengeExpected,
1322314Smcneal 	iscsiAuthDebugStatusChapResponseExpected,
1332314Smcneal 	iscsiAuthDebugStatusChapUsernameExpected,
1342314Smcneal 
1352314Smcneal 	iscsiAuthDebugStatusAuthMethodNotPresent,
1362314Smcneal 	iscsiAuthDebugStatusAuthMethodReject,
1372314Smcneal 	iscsiAuthDebugStatusAuthMethodNone,
1382314Smcneal 	iscsiAuthDebugStatusChapAlgorithmReject,
1392314Smcneal 	iscsiAuthDebugStatusChapChallengeReflected,
1402314Smcneal 	iscsiAuthDebugStatusPasswordIdentical,
1412314Smcneal 
1422314Smcneal 	iscsiAuthDebugStatusLocalPasswordNotSet,
1432314Smcneal 
1442314Smcneal 	iscsiAuthDebugStatusChapIdentifierBad,
1452314Smcneal 	iscsiAuthDebugStatusChapChallengeBad,
1462314Smcneal 	iscsiAuthDebugStatusChapResponseBad,
1472314Smcneal 	iscsiAuthDebugStatusUnexpectedKeyPresent,
1482314Smcneal 	iscsiAuthDebugStatusTbitSetIllegal,
1492314Smcneal 	iscsiAuthDebugStatusTbitSetPremature,
1502314Smcneal 
1512314Smcneal 	iscsiAuthDebugStatusRecvMessageCountLimit,
1522314Smcneal 	iscsiAuthDebugStatusRecvDuplicateSetKeyValue,
1532314Smcneal 	iscsiAuthDebugStatusRecvStringTooLong,
1542314Smcneal 	iscsiAuthDebugStatusRecvTooMuchData
1552314Smcneal };
1562314Smcneal typedef enum iscsiAuthDebugStatus_t IscsiAuthDebugStatus;
1572314Smcneal 
1582314Smcneal enum iscsiAuthNodeType_t {
1592314Smcneal 	iscsiAuthNodeTypeInitiator = 1,
1602314Smcneal 	iscsiAuthNodeTypeTarget = 2
1612314Smcneal };
1622314Smcneal typedef enum iscsiAuthNodeType_t IscsiAuthNodeType;
1632314Smcneal 
1642314Smcneal enum iscsiAuthPhase_t {
1652314Smcneal 	iscsiAuthPhaseConfigure = 1,
1662314Smcneal 	iscsiAuthPhaseNegotiate,		/* Negotiating */
1672314Smcneal 	iscsiAuthPhaseAuthenticate,		/* Authenticating */
1682314Smcneal 	iscsiAuthPhaseDone,			/* Authentication done */
1692314Smcneal 	iscsiAuthPhaseError
1702314Smcneal };
1712314Smcneal typedef enum iscsiAuthPhase_t IscsiAuthPhase;
1722314Smcneal 
1732314Smcneal enum iscsiAuthLocalState_t {
1742314Smcneal 	iscsiAuthLocalStateSendAlgorithm = 1,
1752314Smcneal 	iscsiAuthLocalStateRecvAlgorithm,
1762314Smcneal 	iscsiAuthLocalStateRecvChallenge,
1772314Smcneal 	iscsiAuthLocalStateDone,
1782314Smcneal 	iscsiAuthLocalStateError
1792314Smcneal };
1802314Smcneal typedef enum iscsiAuthLocalState_t IscsiAuthLocalState;
1812314Smcneal 
1822314Smcneal enum iscsiAuthRemoteState_t {
1832314Smcneal 	iscsiAuthRemoteStateSendAlgorithm = 1,
1842314Smcneal 	iscsiAuthRemoteStateSendChallenge,
1852314Smcneal 	iscsiAuthRemoteStateRecvResponse,
1862314Smcneal 	iscsiAuthRemoteStateAuthRequest,
1872314Smcneal 	iscsiAuthRemoteStateDone,
1882314Smcneal 	iscsiAuthRemoteStateError
1892314Smcneal };
1902314Smcneal typedef enum iscsiAuthRemoteState_t IscsiAuthRemoteState;
1912314Smcneal 
1922314Smcneal 
1932314Smcneal typedef void IscsiAuthClientCallback(void *, void *, int);
1942314Smcneal 
1952314Smcneal 
1962314Smcneal struct iscsiAuthClientGlobalStats_t {
1972314Smcneal 	unsigned long requestSent;
1982314Smcneal 	unsigned long responseReceived;
1992314Smcneal };
2002314Smcneal typedef struct iscsiAuthClientGlobalStats_t IscsiAuthClientGlobalStats;
2012314Smcneal 
2022314Smcneal struct iscsiAuthBufferDesc_t {
2032314Smcneal 	unsigned int length;
2042314Smcneal 	void *address;
2052314Smcneal };
2062314Smcneal typedef struct iscsiAuthBufferDesc_t IscsiAuthBufferDesc;
2072314Smcneal 
2082314Smcneal struct iscsiAuthKey_t {
2092314Smcneal 	unsigned int present:1;
2102314Smcneal 	unsigned int processed:1;
2112314Smcneal 	unsigned int valueSet:1;	/* 1 if the value is set to be valid */
2122314Smcneal 	char *string;
2132314Smcneal };
2142314Smcneal typedef struct iscsiAuthKey_t IscsiAuthKey;
2152314Smcneal 
2162314Smcneal struct iscsiAuthLargeBinaryKey_t {
2172314Smcneal 	unsigned int length;
2182314Smcneal 	unsigned char *largeBinary;
2192314Smcneal 	};
2202314Smcneal typedef struct iscsiAuthLargeBinaryKey_t IscsiAuthLargeBinaryKey;
2212314Smcneal 
2222314Smcneal struct iscsiAuthKeyBlock_t {
2232314Smcneal 	unsigned int transitBit:1;	/* To transit: TRUE or FALSE */
2242314Smcneal 	unsigned int duplicateSet:1;	/* Set the value more than once */
2252314Smcneal 	unsigned int stringTooLong:1;	/* Key value too long */
2262314Smcneal 	unsigned int tooMuchData:1;	/* The keypair data blk overflows */
2272314Smcneal 	unsigned int blockLength:16;	/* The length of the keypair data blk */
2282314Smcneal 	char *stringBlock;
2292314Smcneal 	IscsiAuthKey key[iscsiAuthKeyTypeMaxCount];
2302314Smcneal };
2312314Smcneal typedef struct iscsiAuthKeyBlock_t IscsiAuthKeyBlock;
2322314Smcneal 
2332314Smcneal struct iscsiAuthStringBlock_t {
2342314Smcneal 	char stringBlock[iscsiAuthStringBlockMaxLength];
2352314Smcneal };
2362314Smcneal typedef struct iscsiAuthStringBlock_t IscsiAuthStringBlock;
2372314Smcneal 
2382314Smcneal struct iscsiAuthLargeBinary_t {
2392314Smcneal 	unsigned char largeBinary[iscsiAuthLargeBinaryMaxLength];
2402314Smcneal };
2412314Smcneal typedef struct iscsiAuthLargeBinary_t IscsiAuthLargeBinary;
2422314Smcneal 
2432314Smcneal struct iscsiAuthClient_t {
2442314Smcneal 	unsigned long signature;
2452314Smcneal 
2462314Smcneal 	void *glueHandle;
2472314Smcneal 	struct iscsiAuthClient_t *next;
2482314Smcneal 	unsigned int authRequestId;
2492314Smcneal 
2502314Smcneal 	IscsiAuthNodeType nodeType;
2512314Smcneal 	unsigned int authMethodCount;
2522314Smcneal 	int authMethodList[iscsiAuthMethodMaxCount];
2532314Smcneal 	IscsiAuthNegRole authMethodNegRole;
2542314Smcneal 	unsigned int chapAlgorithmCount;
2552314Smcneal 	int chapAlgorithmList[iscsiAuthChapAlgorithmMaxCount];
2562314Smcneal 
2572314Smcneal 	/*
2582314Smcneal 	 * To indicate if remote authentication is enabled (0 = no 1 = yes)
2592314Smcneal 	 * For the case of initiator, remote authentication enabled means
2602314Smcneal 	 * enabling target authentication.
2612314Smcneal 	 */
2622314Smcneal 	int authRemote;
2632314Smcneal 
2642314Smcneal 	char username[iscsiAuthStringMaxLength];
2652314Smcneal 	int passwordPresent;
2662314Smcneal 	unsigned int passwordLength;
2672314Smcneal 	unsigned char passwordData[iscsiAuthStringMaxLength];
2682314Smcneal 	char methodListName[iscsiAuthStringMaxLength];
2692314Smcneal 	IscsiAuthVersion version;
2702314Smcneal 	unsigned int chapChallengeLength;
2712314Smcneal 	int ipSec;
2722314Smcneal 	int base64;
2732314Smcneal 
2742314Smcneal 	unsigned int authMethodValidCount;
2752314Smcneal 	int authMethodValidList[iscsiAuthMethodMaxCount];
2762314Smcneal 	int authMethodValidNegRole;
2772314Smcneal 	const char *rejectOptionName;
2782314Smcneal 	const char *noneOptionName;
2792314Smcneal 
2802314Smcneal 	int recvInProgressFlag;
2812314Smcneal 	int recvEndCount;
2822314Smcneal 	IscsiAuthClientCallback *callback;
2832314Smcneal 	void *userHandle;
2842314Smcneal 	void *messageHandle;
2852314Smcneal 
2862314Smcneal 	IscsiAuthPhase phase;
2872314Smcneal 	IscsiAuthLocalState localState;
2882314Smcneal 	IscsiAuthRemoteState remoteState;
2892314Smcneal 	IscsiAuthStatus remoteAuthStatus;
2902314Smcneal 	IscsiAuthDebugStatus debugStatus;
2912314Smcneal 	int negotiatedAuthMethod;
2922314Smcneal 	int negotiatedChapAlgorithm;
2932314Smcneal 	int authResponseFlag;
2942314Smcneal 	int authServerErrorFlag;
2952314Smcneal 	int transitBitSentFlag;
2962314Smcneal 
2972314Smcneal 	unsigned int sendChapIdentifier;
2982314Smcneal 	IscsiAuthLargeBinaryKey sendChapChallenge;
2992314Smcneal 	char chapUsername[iscsiAuthStringMaxLength];
3002314Smcneal 
3012314Smcneal 	int recvChapChallengeStatus;
3022314Smcneal 	IscsiAuthLargeBinaryKey recvChapChallenge;
3032314Smcneal 
3042314Smcneal 	char scratchKeyValue[iscsiAuthStringMaxLength];
3052314Smcneal 
3062314Smcneal 	IscsiAuthKeyBlock recvKeyBlock;		/* Received keypair data */
3072314Smcneal 	IscsiAuthKeyBlock sendKeyBlock;		/* Keypair data to be sent */
3082314Smcneal };
3092314Smcneal typedef struct iscsiAuthClient_t IscsiAuthClient;
3102314Smcneal 
3112314Smcneal 
3122314Smcneal #ifdef __cplusplus
3132314Smcneal }
3142314Smcneal #endif
3152314Smcneal #include <sys/iscsi_authclientglue.h>
3162314Smcneal #ifdef __cplusplus
3172314Smcneal extern "C" {
3182314Smcneal #endif
3192314Smcneal 
3202314Smcneal 
3212314Smcneal extern IscsiAuthClientGlobalStats iscsiAuthClientGlobalStats;
3222314Smcneal 
3232314Smcneal 
3242314Smcneal extern int iscsiAuthClientInit(int, int, IscsiAuthBufferDesc *);
3252314Smcneal extern int iscsiAuthClientFinish(IscsiAuthClient *);
3262314Smcneal 
3272314Smcneal extern int iscsiAuthClientRecvBegin(IscsiAuthClient *);
3282314Smcneal extern int iscsiAuthClientRecvEnd(IscsiAuthClient *,
3292314Smcneal     IscsiAuthClientCallback *, void *, void *);
3302314Smcneal 
3312314Smcneal extern const char *iscsiAuthClientGetKeyName(int);
3322314Smcneal extern int iscsiAuthClientGetNextKeyType(int *);
3332314Smcneal extern int iscsiAuthClientKeyNameToKeyType(const char *);
3342314Smcneal extern int iscsiAuthClientRecvKeyValue(IscsiAuthClient *, int, const char *);
3352314Smcneal extern int iscsiAuthClientSendKeyValue(IscsiAuthClient *, int, int *, char *,
3362314Smcneal     unsigned int);
3372314Smcneal extern int iscsiAuthClientRecvTransitBit(IscsiAuthClient *, int);
3382314Smcneal extern int iscsiAuthClientSendTransitBit(IscsiAuthClient *, int *);
3392314Smcneal 
3402314Smcneal extern int iscsiAuthClientSetAuthMethodList(IscsiAuthClient *, unsigned int,
3412314Smcneal     const int *);
3422314Smcneal extern int iscsiAuthClientSetAuthMethodNegRole(IscsiAuthClient *, int);
3432314Smcneal extern int iscsiAuthClientSetChapAlgorithmList(IscsiAuthClient *, unsigned int,
3442314Smcneal     const int *);
3452314Smcneal extern int iscsiAuthClientSetUsername(IscsiAuthClient *, const char *);
3462314Smcneal extern int iscsiAuthClientSetPassword(IscsiAuthClient *, const unsigned char *,
3472314Smcneal     unsigned int);
3482314Smcneal extern int iscsiAuthClientSetAuthRemote(IscsiAuthClient *, int);
3492314Smcneal extern int iscsiAuthClientSetGlueHandle(IscsiAuthClient *, void *);
3502314Smcneal extern int iscsiAuthClientSetMethodListName(IscsiAuthClient *, const char *);
3512314Smcneal extern int iscsiAuthClientSetIpSec(IscsiAuthClient *, int);
3522314Smcneal extern int iscsiAuthClientSetBase64(IscsiAuthClient *, int);
3532314Smcneal extern int iscsiAuthClientSetChapChallengeLength(IscsiAuthClient *,
3542314Smcneal     unsigned int);
3552314Smcneal extern int iscsiAuthClientSetVersion(IscsiAuthClient *, int);
3562314Smcneal extern int iscsiAuthClientCheckPasswordNeeded(IscsiAuthClient *, int *);
3572314Smcneal 
3582314Smcneal extern int iscsiAuthClientGetAuthPhase(IscsiAuthClient *, int *);
3592314Smcneal extern int iscsiAuthClientGetAuthStatus(IscsiAuthClient *, int *);
3602314Smcneal extern int iscsiAuthClientAuthStatusPass(int);
3612314Smcneal extern int iscsiAuthClientGetAuthMethod(IscsiAuthClient *, int *);
3622314Smcneal extern int iscsiAuthClientGetChapAlgorithm(IscsiAuthClient *, int *);
3632314Smcneal extern int iscsiAuthClientGetChapUsername(IscsiAuthClient *, char *,
3642314Smcneal     unsigned int);
3652314Smcneal 
3662314Smcneal extern int iscsiAuthClientSendStatusCode(IscsiAuthClient *, int *);
3672314Smcneal extern int iscsiAuthClientGetDebugStatus(IscsiAuthClient *, int *);
3682314Smcneal extern const char *iscsiAuthClientDebugStatusToText(int);
3692314Smcneal 
3702314Smcneal /*
3712314Smcneal  * The following is called by platform dependent code.
3722314Smcneal  */
3732314Smcneal extern void iscsiAuthClientAuthResponse(IscsiAuthClient *, int);
3742314Smcneal 
3752314Smcneal /*
3762314Smcneal  * The following routines are considered platform dependent,
3772314Smcneal  * and need to be implemented for use by iscsiAuthClient.c.
3782314Smcneal  */
3792314Smcneal 
3802314Smcneal extern int iscsiAuthClientChapAuthRequest(IscsiAuthClient *, char *,
3812314Smcneal     unsigned int,
3822314Smcneal     unsigned char *, unsigned int, unsigned char *, unsigned int);
3832314Smcneal extern void iscsiAuthClientChapAuthCancel(IscsiAuthClient *);
3842314Smcneal 
3852314Smcneal extern int iscsiAuthClientTextToNumber(const char *, unsigned long *);
3862314Smcneal extern void iscsiAuthClientNumberToText(unsigned long, char *, unsigned int);
3872314Smcneal 
3882314Smcneal extern void iscsiAuthRandomSetData(unsigned char *, unsigned int);
3892314Smcneal extern void iscsiAuthMd5Init(IscsiAuthMd5Context *);
3902314Smcneal extern void iscsiAuthMd5Update(IscsiAuthMd5Context *, unsigned char *,
3912314Smcneal     unsigned int);
3922314Smcneal extern void iscsiAuthMd5Final(unsigned char *, IscsiAuthMd5Context *);
3932314Smcneal 
3942314Smcneal extern int iscsiAuthClientData(unsigned char *, unsigned int *, unsigned char *,
3952314Smcneal     unsigned int);
3962314Smcneal 
3972314Smcneal #ifdef __cplusplus
3982314Smcneal }
3992314Smcneal #endif
4002314Smcneal 
4012314Smcneal #endif	/* _ISCSI_AUTHCLIENT_H */
402