1 /* $NetBSD: iscsi_text.c,v 1.9 2015/05/30 16:12:34 joerg Exp $ */ 2 3 /*- 4 * Copyright (c) 2005,2006,2011 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Wasabi Systems, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include "iscsi_globals.h" 33 #include "base64.h" 34 #include <sys/md5.h> 35 #include <sys/cprng.h> 36 37 #define isdigit(x) ((x) >= '0' && (x) <= '9') 38 #define toupper(x) ((x) & ~0x20) 39 40 /*****************************************************************************/ 41 42 #define MAX_STRING 255 /* Maximum length of parameter value */ 43 #define MAX_LIST 4 /* Maximum number of list elements we'll ever send */ 44 45 /* Maximum number of negotiation parameters in the operational negotiation phase */ 46 /* 48 should be more than enough even with the target defining its own keys */ 47 #define MAX_NEG 48 48 49 #define CHAP_CHALLENGE_LEN 32 /* Number of bytes to send in challenge */ 50 #define CHAP_MD5_SIZE 16 /* Number of bytes in MD5 hash */ 51 52 /*****************************************************************************/ 53 54 /* authentication states */ 55 56 typedef enum 57 { 58 AUTH_INITIAL, /* sending choice of algorithms */ 59 AUTH_METHOD_SELECTED, /* received choice, sending first parameter */ 60 /* from here it's alg dependent */ 61 AUTH_CHAP_ALG_SENT, /* CHAP: Algorithm selected */ 62 AUTH_CHAP_RSP_SENT, /* CHAP: Response sent */ 63 /* for all algorithms */ 64 AUTH_DONE /* in parameter negotiation stage */ 65 } auth_state_t; 66 67 68 /* enumeration of all the keys we know, and a place for the ones we don't */ 69 70 typedef enum 71 { 72 K_AuthMethod, 73 K_Auth_CHAP_Algorithm, 74 K_Auth_CHAP_Challenge, 75 K_Auth_CHAP_Identifier, 76 K_Auth_CHAP_Name, 77 K_Auth_CHAP_Response, 78 K_DataDigest, 79 K_DataPDUInOrder, 80 K_DataSequenceInOrder, 81 K_DefaultTime2Retain, 82 K_DefaultTime2Wait, 83 K_ErrorRecoveryLevel, 84 K_FirstBurstLength, 85 K_HeaderDigest, 86 K_IFMarker, 87 K_IFMarkInt, 88 K_ImmediateData, 89 K_InitialR2T, 90 K_InitiatorAlias, 91 K_InitiatorName, 92 K_MaxBurstLength, 93 K_MaxConnections, 94 K_MaxOutstandingR2T, 95 K_MaxRecvDataSegmentLength, 96 K_OFMarker, 97 K_OFMarkInt, 98 K_SendTargets, 99 K_SessionType, 100 K_TargetAddress, 101 K_TargetAlias, 102 K_TargetName, 103 K_TargetPortalGroupTag, 104 K_NotUnderstood 105 } text_key_t; 106 107 /* maximum known key */ 108 #define MAX_KEY K_TargetPortalGroupTag 109 110 111 #undef DEBOUT 112 #define DEBOUT(x) printf x 113 114 115 116 /* value types */ 117 typedef enum 118 { /* Value is... */ 119 T_NUM, /* numeric */ 120 T_BIGNUM, /* large numeric */ 121 T_STRING, /* string */ 122 T_YESNO, /* boolean (Yes or No) */ 123 T_AUTH, /* authentication type (CHAP or None for now) */ 124 T_DIGEST, /* digest (None or CRC32C) */ 125 T_RANGE, /* numeric range */ 126 T_SENDT, /* send target options (ALL, target-name, empty) */ 127 T_SESS /* session type (Discovery or Normal) */ 128 } val_kind_t; 129 130 131 /* table of negotiation key strings with value type and default */ 132 133 typedef struct 134 { 135 const uint8_t *name; /* the key name */ 136 val_kind_t val; /* the value type */ 137 uint32_t defval; /* default value */ 138 } key_entry_t; 139 140 STATIC key_entry_t entries[] = { 141 {"AuthMethod", T_AUTH, 0}, 142 {"CHAP_A", T_NUM, 5}, 143 {"CHAP_C", T_BIGNUM, 0}, 144 {"CHAP_I", T_NUM, 0}, 145 {"CHAP_N", T_STRING, 0}, 146 {"CHAP_R", T_BIGNUM, 0}, 147 {"DataDigest", T_DIGEST, 0}, 148 {"DataPDUInOrder", T_YESNO, 1}, 149 {"DataSequenceInOrder", T_YESNO, 1}, 150 {"DefaultTime2Retain", T_NUM, 20}, 151 {"DefaultTime2Wait", T_NUM, 2}, 152 {"ErrorRecoveryLevel", T_NUM, 0}, 153 {"FirstBurstLength", T_NUM, 64 * 1024}, 154 {"HeaderDigest", T_DIGEST, 0}, 155 {"IFMarker", T_YESNO, 0}, 156 {"IFMarkInt", T_RANGE, 2048}, 157 {"ImmediateData", T_YESNO, 1}, 158 {"InitialR2T", T_YESNO, 1}, 159 {"InitiatorAlias", T_STRING, 0}, 160 {"InitiatorName", T_STRING, 0}, 161 {"MaxBurstLength", T_NUM, 256 * 1024}, 162 {"MaxConnections", T_NUM, 1}, 163 {"MaxOutstandingR2T", T_NUM, 1}, 164 {"MaxRecvDataSegmentLength", T_NUM, 8192}, 165 {"OFMarker", T_YESNO, 0}, 166 {"OFMarkInt", T_RANGE, 2048}, 167 {"SendTargets", T_SENDT, 0}, 168 {"SessionType", T_SESS, 0}, 169 {"TargetAddress", T_STRING, 0}, 170 {"TargetAlias", T_STRING, 0}, 171 {"TargetName", T_STRING, 0}, 172 {"TargetPortalGroupTag", T_NUM, 0}, 173 {NULL, T_STRING, 0} 174 }; 175 176 /* a negotiation parameter: key and values (there may be more than 1 for lists) */ 177 typedef struct 178 { 179 text_key_t key; /* the key */ 180 int list_num; /* number of elements in list, doubles as */ 181 /* data size for large numeric values */ 182 union 183 { 184 uint32_t nval[MAX_LIST]; /* numeric or enumeration values */ 185 uint8_t *sval; /* string or data pointer */ 186 } val; 187 } negotiation_parameter_t; 188 189 190 /* Negotiation state flags */ 191 #define NS_SENT 0x01 /* key was sent to target */ 192 #define NS_RECEIVED 0x02 /* key was received from target */ 193 194 typedef struct 195 { 196 negotiation_parameter_t pars[MAX_NEG]; /* the parameters to send */ 197 negotiation_parameter_t *cpar; /* the last parameter set */ 198 uint16_t num_pars; /* number of parameters to send */ 199 auth_state_t auth_state; /* authentication state */ 200 iscsi_auth_types_t auth_alg; /* authentication algorithm */ 201 uint8_t kflags[MAX_KEY + 2]; /* negotiation flags for each key */ 202 uint8_t password[MAX_STRING + 1]; /* authentication secret */ 203 uint8_t target_password[MAX_STRING + 1]; /* target authentication secret */ 204 uint8_t user_name[MAX_STRING + 1]; /* authentication user ID */ 205 uint8_t temp_buf[MAX_STRING + 1]; /* scratch buffer */ 206 207 bool HeaderDigest; 208 bool DataDigest; 209 bool InitialR2T; 210 bool ImmediateData; 211 uint32_t ErrorRecoveryLevel; 212 uint32_t MaxRecvDataSegmentLength; 213 uint32_t MaxConnections; 214 uint32_t DefaultTime2Wait; 215 uint32_t DefaultTime2Retain; 216 uint32_t MaxBurstLength; 217 uint32_t FirstBurstLength; 218 uint32_t MaxOutstandingR2T; 219 220 } negotiation_state_t; 221 222 223 #define TX(state, key) (state->kflags [key] & NS_SENT) 224 #define RX(state, key) (state->kflags [key] & NS_RECEIVED) 225 226 /*****************************************************************************/ 227 228 229 STATIC void 230 chap_md5_response(uint8_t *buffer, uint8_t identifier, uint8_t *secret, 231 uint8_t *challenge, int challenge_size) 232 { 233 MD5_CTX md5; 234 235 MD5Init(&md5); 236 MD5Update(&md5, &identifier, 1); 237 MD5Update(&md5, secret, strlen(secret)); 238 MD5Update(&md5, challenge, challenge_size); 239 MD5Final(buffer, &md5); 240 } 241 242 243 /*****************************************************************************/ 244 245 /* 246 * hexdig: 247 * Return value of hex digit. 248 * Note: a null character is acceptable, and returns 0. 249 * 250 * Parameter: 251 * c The character 252 * 253 * Returns: The value, -1 on error. 254 */ 255 256 static __inline int 257 hexdig(uint8_t c) 258 { 259 260 if (!c) { 261 return 0; 262 } 263 if (isdigit(c)) { 264 return c - '0'; 265 } 266 c = toupper(c); 267 if (c >= 'A' && c <= 'F') { 268 return c - 'A' + 10; 269 } 270 return -1; 271 } 272 273 /* 274 * skiptozero: 275 * Skip to next zero character in buffer. 276 * 277 * Parameter: 278 * buf The buffer pointer 279 * 280 * Returns: The pointer to the character after the zero character. 281 */ 282 283 static __inline uint8_t * 284 skiptozero(uint8_t *buf) 285 { 286 287 while (*buf) { 288 buf++; 289 } 290 return buf + 1; 291 } 292 293 294 /* 295 * get_bignumval: 296 * Get a large numeric value. 297 * NOTE: Overwrites source string. 298 * 299 * Parameter: 300 * buf The buffer pointer 301 * par The parameter 302 * 303 * Returns: The pointer to the next parameter, NULL on error. 304 */ 305 306 STATIC uint8_t * 307 get_bignumval(uint8_t *buf, negotiation_parameter_t *par) 308 { 309 int val; 310 char c; 311 uint8_t *dp = buf; 312 313 par->val.sval = buf; 314 315 if (buf[0] == '0' && (buf[1] == 'x' || buf[1] == 'X')) { 316 buf += 2; 317 while ((c = *buf) != 0x0) { 318 buf++; 319 val = (hexdig(c) << 4) | hexdig(*buf); 320 if (val < 0) { 321 return NULL; 322 } 323 *dp++ = (uint8_t) val; 324 if (*buf) { 325 buf++; 326 } 327 } 328 buf++; 329 par->list_num = dp - par->val.sval; 330 } else if (buf[0] == '0' && (buf[1] == 'b' || buf[1] == 'B')) { 331 buf = base64_decode(&buf[2], par->val.sval, &par->list_num); 332 } else { 333 DEBOUT(("Ill-formatted large number <%s>\n", buf)); 334 return NULL; 335 } 336 337 return buf; 338 } 339 340 341 /* 342 * get_numval: 343 * Get a numeric value. 344 * 345 * Parameter: 346 * buf The buffer pointer 347 * pval The pointer to the result. 348 * 349 * Returns: The pointer to the next parameter, NULL on error. 350 */ 351 352 STATIC uint8_t * 353 get_numval(uint8_t *buf, uint32_t *pval) 354 { 355 uint32_t val = 0; 356 char c; 357 358 if (buf[0] == '0' && (buf[1] == 'x' || buf[1] == 'X')) { 359 buf += 2; 360 while (*buf && *buf != '~') { 361 int n; 362 363 if ((n = hexdig(*buf++)) < 0) 364 return NULL; 365 val = (val << 4) | n; 366 } 367 } else 368 while (*buf && *buf != '~') { 369 c = *buf++; 370 if (!isdigit(c)) 371 return NULL; 372 val = val * 10 + (c - '0'); 373 } 374 375 *pval = val; 376 377 return buf + 1; 378 } 379 380 381 /* 382 * get_range: 383 * Get a numeric range. 384 * 385 * Parameter: 386 * buf The buffer pointer 387 * pval1 The pointer to the first result. 388 * pval2 The pointer to the second result. 389 * 390 * Returns: The pointer to the next parameter, NULL on error. 391 */ 392 393 STATIC uint8_t * 394 get_range(uint8_t *buf, uint32_t *pval1, uint32_t *pval2) 395 { 396 397 if ((buf = get_numval(buf, pval1)) == NULL) 398 return NULL; 399 if (!*buf) 400 return NULL; 401 if ((buf = get_numval(buf, pval2)) == NULL) 402 return NULL; 403 return buf; 404 } 405 406 407 /* 408 * get_ynval: 409 * Get a yes/no selection. 410 * 411 * Parameter: 412 * buf The buffer pointer 413 * pval The pointer to the result. 414 * 415 * Returns: The pointer to the next parameter, NULL on error. 416 */ 417 418 STATIC uint8_t * 419 get_ynval(uint8_t *buf, uint32_t *pval) 420 { 421 422 if (strcmp(buf, "Yes") == 0) 423 *pval = 1; 424 else if (strcmp(buf, "No") == 0) 425 *pval = 0; 426 else 427 return NULL; 428 429 return skiptozero(buf); 430 } 431 432 433 /* 434 * get_digestval: 435 * Get a digest selection. 436 * 437 * Parameter: 438 * buf The buffer pointer 439 * pval The pointer to the result. 440 * 441 * Returns: The pointer to the next parameter, NULL on error. 442 */ 443 444 STATIC uint8_t * 445 get_digestval(uint8_t *buf, uint32_t *pval) 446 { 447 448 if (strcmp(buf, "CRC32C") == 0) 449 *pval = 1; 450 else if (strcmp(buf, "None") == 0) 451 *pval = 0; 452 else 453 return NULL; 454 455 return skiptozero(buf); 456 } 457 458 459 /* 460 * get_authval: 461 * Get an authentication method. 462 * 463 * Parameter: 464 * buf The buffer pointer 465 * pval The pointer to the result. 466 * 467 * Returns: The pointer to the next parameter, NULL on error. 468 */ 469 470 STATIC uint8_t * 471 get_authval(uint8_t *buf, uint32_t *pval) 472 { 473 474 if (strcmp(buf, "None") == 0) 475 *pval = ISCSI_AUTH_None; 476 else if (strcmp(buf, "CHAP") == 0) 477 *pval = ISCSI_AUTH_CHAP; 478 else if (strcmp(buf, "KRB5") == 0) 479 *pval = ISCSI_AUTH_KRB5; 480 else if (strcmp(buf, "SRP") == 0) 481 *pval = ISCSI_AUTH_SRP; 482 else 483 return NULL; 484 485 return skiptozero(buf); 486 } 487 488 489 /* 490 * get_strval: 491 * Get a string value (returns pointer to original buffer, not a copy). 492 * 493 * Parameter: 494 * buf The buffer pointer 495 * pval The pointer to the result pointer. 496 * 497 * Returns: The pointer to the next parameter, NULL on error. 498 */ 499 500 STATIC uint8_t * 501 get_strval(uint8_t *buf, uint8_t **pval) 502 { 503 504 if (strlen(buf) > MAX_STRING) 505 return NULL; 506 507 *pval = buf; 508 509 return skiptozero(buf); 510 } 511 512 513 /* 514 * get_parameter: 515 * Analyze a key=value string. 516 * NOTE: The string is modified in the process. 517 * 518 * Parameter: 519 * buf The buffer pointer 520 * par The parameter descriptor to be filled in 521 * 522 * Returns: The pointer to the next parameter, NULL on error. 523 */ 524 525 STATIC uint8_t * 526 get_parameter(uint8_t *buf, negotiation_parameter_t *par) 527 { 528 uint8_t *bp = buf; 529 int i; 530 531 while (*bp && *bp != '=') { 532 bp++; 533 } 534 if (!*bp) { 535 DEBOUT(("get_parameter: Premature end of parameter\n")); 536 return NULL; 537 } 538 539 *bp++ = 0; 540 541 for (i = 0; i <= MAX_KEY; i++) 542 if (!strcmp(buf, entries[i].name)) 543 break; 544 545 par->key = i; 546 par->list_num = 1; 547 548 if (i > MAX_KEY) { 549 DEBOUT(("get_parameter: unrecognized key <%s>\n", buf)); 550 if (strlen(buf) > MAX_STRING) { 551 DEBOUT(("get_parameter: key name > MAX_STRING\n")); 552 return NULL; 553 } 554 par->val.sval = buf; 555 return skiptozero(bp); 556 } 557 558 DEB(10, ("get_par: key <%s>=%d, val=%d, ret %p\n", 559 buf, i, entries[i].val, bp)); 560 DEB(10, ("get_par: value '%s'\n",bp)); 561 562 switch (entries[i].val) { 563 case T_NUM: 564 bp = get_numval(bp, &par->val.nval[0]); 565 break; 566 567 case T_BIGNUM: 568 bp = get_bignumval(bp, par); 569 break; 570 571 case T_STRING: 572 bp = get_strval(bp, &par->val.sval); 573 break; 574 575 case T_YESNO: 576 bp = get_ynval(bp, &par->val.nval[0]); 577 break; 578 579 case T_AUTH: 580 bp = get_authval(bp, &par->val.nval[0]); 581 break; 582 583 case T_DIGEST: 584 bp = get_digestval(bp, &par->val.nval[0]); 585 break; 586 587 case T_RANGE: 588 bp = get_range(bp, &par->val.nval[0], &par->val.nval[1]); 589 break; 590 591 default: 592 /* Target sending any other types is wrong */ 593 bp = NULL; 594 break; 595 } 596 return bp; 597 } 598 599 /*****************************************************************************/ 600 601 /* 602 * my_strcpy: 603 * Replacement for strcpy that returns the end of the result string 604 * 605 * Parameter: 606 * dest The destination buffer pointer 607 * src The source string 608 * 609 * Returns: A pointer to the terminating zero of the result. 610 */ 611 612 static __inline unsigned 613 my_strcpy(uint8_t *dest, const uint8_t *src) 614 { 615 unsigned cc; 616 617 for (cc = 0 ; (*dest = *src) != 0x0 ; cc++) { 618 dest++; 619 src++; 620 } 621 return cc; 622 } 623 624 /* 625 * put_bignumval: 626 * Write a large numeric value. 627 * NOTE: Overwrites source string. 628 * 629 * Parameter: 630 * buf The buffer pointer 631 * par The parameter 632 * 633 * Returns: The pointer to the next parameter, NULL on error. 634 */ 635 636 STATIC unsigned 637 put_bignumval(negotiation_parameter_t *par, uint8_t *buf) 638 { 639 return base64_encode(par->val.sval, par->list_num, buf); 640 } 641 642 /* 643 * put_parameter: 644 * Create a key=value string. 645 * 646 * Parameter: 647 * buf The buffer pointer 648 * par The parameter descriptor 649 * 650 * Returns: The pointer to the next free buffer space, NULL on error. 651 */ 652 653 STATIC unsigned 654 put_parameter(uint8_t *buf, unsigned len, negotiation_parameter_t *par) 655 { 656 int i; 657 unsigned cc, cl; 658 const uint8_t *sp; 659 660 DEB(10, ("put_par: key <%s>=%d, val=%d\n", 661 entries[par->key].name, par->key, entries[par->key].val)); 662 663 if (par->key > MAX_KEY) { 664 return snprintf(buf, len, "%s=NotUnderstood", par->val.sval); 665 } 666 667 cc = snprintf(buf, len, "%s=", entries[par->key].name); 668 if (cc >= len) 669 return len; 670 671 for (i = 0; i < par->list_num; i++) { 672 switch (entries[par->key].val) { 673 case T_NUM: 674 cl = snprintf(&buf[cc], len - cc, "%d", 675 par->val.nval[i]); 676 break; 677 678 case T_BIGNUM: 679 cl = put_bignumval(par, &buf[cc]); 680 i = par->list_num; 681 break; 682 683 case T_STRING: 684 cl = my_strcpy(&buf[cc], par->val.sval); 685 break; 686 687 case T_YESNO: 688 cl = my_strcpy(&buf[cc], 689 (par->val.nval[i]) ? "Yes" : "No"); 690 break; 691 692 case T_AUTH: 693 switch (par->val.nval[i]) { 694 case ISCSI_AUTH_CHAP: 695 sp = "CHAP"; 696 break; 697 case ISCSI_AUTH_KRB5: 698 sp = "KRB5"; 699 break; 700 case ISCSI_AUTH_SRP: 701 sp = "SRP"; 702 break; 703 default: 704 sp = "None"; 705 break; 706 } 707 cl = my_strcpy(&buf[cc], sp); 708 break; 709 710 case T_DIGEST: 711 cl = my_strcpy(&buf[cc], 712 (par->val.nval[i]) ? "CRC32C" : "None"); 713 break; 714 715 case T_RANGE: 716 if ((i + 1) >= par->list_num) { 717 cl = my_strcpy(&buf[cc], "Reject"); 718 } else { 719 cl = snprintf(&buf[cc], len - cc, 720 "%d~%d", par->val.nval[i], 721 par->val.nval[i + 1]); 722 i++; 723 } 724 break; 725 726 case T_SENDT: 727 cl = my_strcpy(&buf[cc], par->val.sval); 728 break; 729 730 case T_SESS: 731 cl = my_strcpy(&buf[cc], 732 (par->val.nval[i]) ? "Normal" : "Discovery"); 733 break; 734 735 default: 736 cl = 0; 737 /* We should't be here... */ 738 DEBOUT(("Invalid type %d in put_parameter!\n", 739 entries[par->key].val)); 740 break; 741 } 742 743 DEB(10, ("put_par: value '%s'\n",&buf[cc])); 744 745 cc += cl; 746 if (cc >= len) 747 return len; 748 if ((i + 1) < par->list_num) { 749 if (cc >= len) 750 return len; 751 buf[cc++] = ','; 752 } 753 } 754 755 if (cc >= len) 756 return len; 757 buf[cc] = 0x0; /* make sure it's terminated */ 758 return cc + 1; /* return next place in list */ 759 } 760 761 762 /* 763 * put_par_block: 764 * Fill a parameter block 765 * 766 * Parameter: 767 * buf The buffer pointer 768 * pars The parameter descriptor array 769 * n The number of elements 770 * 771 * Returns: result from put_parameter (ptr to buffer, NULL on error) 772 */ 773 774 static __inline unsigned 775 put_par_block(uint8_t *buf, unsigned len, negotiation_parameter_t *pars, int n) 776 { 777 unsigned cc; 778 int i; 779 780 for (cc = 0, i = 0; i < n; i++) { 781 cc += put_parameter(&buf[cc], len - cc, pars++); 782 if (cc >= len) { 783 break; 784 } 785 } 786 return cc; 787 } 788 789 /* 790 * parameter_size: 791 * Determine the size of a key=value string. 792 * 793 * Parameter: 794 * par The parameter descriptor 795 * 796 * Returns: The size of the resulting string. 797 */ 798 799 STATIC int 800 parameter_size(negotiation_parameter_t *par) 801 { 802 int i, size; 803 char buf[24]; /* max. 2 10-digit numbers + sep. */ 804 805 if (par->key > MAX_KEY) { 806 return strlen(par->val.sval) + 15; 807 } 808 /* count '=' and terminal zero */ 809 size = strlen(entries[par->key].name) + 2; 810 811 for (i = 0; i < par->list_num; i++) { 812 switch (entries[par->key].val) { 813 case T_NUM: 814 size += snprintf(buf, sizeof(buf), "%d", 815 par->val.nval[i]); 816 break; 817 818 case T_BIGNUM: 819 /* list_num holds value size */ 820 size += base64_enclen(par->list_num); 821 i = par->list_num; 822 break; 823 824 case T_STRING: 825 case T_SENDT: 826 size += strlen(par->val.sval); 827 break; 828 829 case T_YESNO: 830 size += (par->val.nval[i]) ? 3 : 2; 831 break; 832 833 case T_AUTH: 834 size += (par->val.nval[i] == ISCSI_AUTH_SRP) ? 3 : 4; 835 break; 836 837 case T_DIGEST: 838 size += (par->val.nval[i]) ? 6 : 4; 839 break; 840 841 case T_RANGE: 842 assert((i + 1) < par->list_num); 843 size += snprintf(buf, sizeof(buf), "%d~%d", 844 par->val.nval[i], 845 par->val.nval[i + 1]); 846 i++; 847 break; 848 849 case T_SESS: 850 size += (par->val.nval[i]) ? 6 : 9; 851 break; 852 853 default: 854 /* We should't be here... */ 855 DEBOUT(("Invalid type %d in parameter_size!\n", 856 entries[par->key].val)); 857 break; 858 } 859 if ((i + 1) < par->list_num) { 860 size++; 861 } 862 } 863 864 return size; 865 } 866 867 868 /* 869 * total_size: 870 * Determine the size of a negotiation data block 871 * 872 * Parameter: 873 * pars The parameter descriptor array 874 * n The number of elements 875 * 876 * Returns: The size of the block 877 */ 878 879 static __inline int 880 total_size(negotiation_parameter_t *pars, int n) 881 { 882 int i, size; 883 884 for (i = 0, size = 0; i < n; i++) { 885 size += parameter_size(pars++); 886 } 887 return size; 888 } 889 890 /*****************************************************************************/ 891 892 893 /* 894 * complete_pars: 895 * Allocate space for text parameters, translate parameter values into 896 * text. 897 * 898 * Parameter: 899 * state Negotiation state 900 * pdu The transmit PDU 901 * 902 * Returns: 0 On success 903 * > 0 (an ISCSI error code) if an error occurred. 904 */ 905 906 STATIC int 907 complete_pars(negotiation_state_t *state, pdu_t *pdu) 908 { 909 int len; 910 uint8_t *bp; 911 912 len = total_size(state->pars, state->num_pars); 913 914 DEB(10, ("complete_pars: n=%d, len=%d\n", state->num_pars, len)); 915 916 if ((bp = malloc(len, M_TEMP, M_WAITOK)) == NULL) { 917 DEBOUT(("*** Out of memory in complete_pars\n")); 918 return ISCSI_STATUS_NO_RESOURCES; 919 } 920 pdu->temp_data = bp; 921 922 if (put_par_block(pdu->temp_data, len, state->pars, 923 state->num_pars) == 0) { 924 DEBOUT(("Bad parameter in complete_pars\n")); 925 return ISCSI_STATUS_PARAMETER_INVALID; 926 } 927 928 pdu->temp_data_len = len; 929 return 0; 930 } 931 932 933 /* 934 * set_key_n: 935 * Initialize a key and its numeric value. 936 * 937 * Parameter: 938 * state Negotiation state 939 * key The key 940 * val The value 941 */ 942 943 STATIC negotiation_parameter_t * 944 set_key_n(negotiation_state_t *state, text_key_t key, uint32_t val) 945 { 946 negotiation_parameter_t *par; 947 948 if (state->num_pars >= MAX_NEG) { 949 DEBOUT(("set_key_n: num_pars (%d) >= MAX_NEG (%d)\n", 950 state->num_pars, MAX_NEG)); 951 return NULL; 952 } 953 par = &state->pars[state->num_pars]; 954 par->key = key; 955 par->list_num = 1; 956 par->val.nval[0] = val; 957 state->num_pars++; 958 state->kflags[key] |= NS_SENT; 959 960 return par; 961 } 962 963 /* 964 * set_key_s: 965 * Initialize a key and its string value. 966 * 967 * Parameter: 968 * state Negotiation state 969 * key The key 970 * val The value 971 */ 972 973 STATIC negotiation_parameter_t * 974 set_key_s(negotiation_state_t *state, text_key_t key, uint8_t *val) 975 { 976 negotiation_parameter_t *par; 977 978 if (state->num_pars >= MAX_NEG) { 979 DEBOUT(("set_key_s: num_pars (%d) >= MAX_NEG (%d)\n", 980 state->num_pars, MAX_NEG)); 981 return NULL; 982 } 983 par = &state->pars[state->num_pars]; 984 par->key = key; 985 par->list_num = 1; 986 par->val.sval = val; 987 state->num_pars++; 988 state->kflags[key] |= NS_SENT; 989 990 return par; 991 } 992 993 994 /*****************************************************************************/ 995 996 /* 997 * eval_parameter: 998 * Evaluate a received negotiation value. 999 * 1000 * Parameter: 1001 * conn The connection 1002 * state The negotiation state 1003 * par The parameter 1004 * 1005 * Returns: 0 on success, else an ISCSI status value. 1006 */ 1007 1008 STATIC int 1009 eval_parameter(connection_t *conn, negotiation_state_t *state, 1010 negotiation_parameter_t *par) 1011 { 1012 uint32_t n = par->val.nval[0]; 1013 size_t sz; 1014 text_key_t key = par->key; 1015 bool sent = (state->kflags[key] & NS_SENT) != 0; 1016 1017 state->kflags[key] |= NS_RECEIVED; 1018 1019 switch (key) { 1020 /* 1021 * keys connected to security negotiation 1022 */ 1023 case K_AuthMethod: 1024 if (n) { 1025 DEBOUT(("eval_par: AuthMethod nonzero (%d)\n", n)); 1026 return ISCSI_STATUS_NEGOTIATION_ERROR; 1027 } 1028 break; 1029 1030 case K_Auth_CHAP_Algorithm: 1031 case K_Auth_CHAP_Challenge: 1032 case K_Auth_CHAP_Identifier: 1033 case K_Auth_CHAP_Name: 1034 case K_Auth_CHAP_Response: 1035 DEBOUT(("eval_par: Authorization Key in Operational Phase\n")); 1036 return ISCSI_STATUS_NEGOTIATION_ERROR; 1037 1038 /* 1039 * keys we always send 1040 */ 1041 case K_DataDigest: 1042 state->DataDigest = n; 1043 if (!sent) 1044 set_key_n(state, key, n); 1045 break; 1046 1047 case K_HeaderDigest: 1048 state->HeaderDigest = n; 1049 if (!sent) 1050 set_key_n(state, key, n); 1051 break; 1052 1053 case K_ErrorRecoveryLevel: 1054 state->ErrorRecoveryLevel = n; 1055 if (!sent) 1056 set_key_n(state, key, n); 1057 break; 1058 1059 case K_ImmediateData: 1060 state->ImmediateData = n; 1061 if (!sent) 1062 set_key_n(state, key, n); 1063 break; 1064 1065 case K_InitialR2T: 1066 state->InitialR2T = n; 1067 if (!sent) 1068 set_key_n(state, key, n); 1069 break; 1070 1071 case K_MaxRecvDataSegmentLength: 1072 state->MaxRecvDataSegmentLength = n; 1073 /* this is basically declarative, not negotiated */ 1074 /* (each side has its own value) */ 1075 break; 1076 1077 /* 1078 * keys we don't always send, so we may have to reflect the value 1079 */ 1080 case K_DefaultTime2Retain: 1081 state->DefaultTime2Retain = n = min(state->DefaultTime2Retain, n); 1082 if (!sent) 1083 set_key_n(state, key, n); 1084 break; 1085 1086 case K_DefaultTime2Wait: 1087 state->DefaultTime2Wait = n = min(state->DefaultTime2Wait, n); 1088 if (!sent) 1089 set_key_n(state, key, n); 1090 break; 1091 1092 case K_MaxConnections: 1093 if (state->MaxConnections) 1094 state->MaxConnections = n = min(state->MaxConnections, n); 1095 else 1096 state->MaxConnections = n; 1097 1098 if (!sent) 1099 set_key_n(state, key, n); 1100 break; 1101 1102 case K_MaxOutstandingR2T: 1103 state->MaxOutstandingR2T = n; 1104 if (!sent) 1105 set_key_n(state, key, n); 1106 break; 1107 1108 case K_FirstBurstLength: 1109 state->FirstBurstLength = n; 1110 if (!sent) 1111 set_key_n(state, key, n); 1112 break; 1113 1114 case K_MaxBurstLength: 1115 state->MaxBurstLength = n; 1116 if (!sent) 1117 set_key_n(state, key, n); 1118 break; 1119 1120 case K_IFMarker: 1121 case K_OFMarker: 1122 /* not (yet) supported */ 1123 if (!sent) 1124 set_key_n(state, key, 0); 1125 break; 1126 1127 case K_IFMarkInt: 1128 case K_OFMarkInt: 1129 /* it's a range, and list_num will be 1, so this will reply "Reject" */ 1130 if (!sent) 1131 set_key_n(state, key, 0); 1132 break; 1133 1134 case K_DataPDUInOrder: 1135 case K_DataSequenceInOrder: 1136 /* values are don't care */ 1137 if (!sent) 1138 set_key_n(state, key, n); 1139 break; 1140 1141 case K_NotUnderstood: 1142 /* return "NotUnderstood" */ 1143 set_key_s(state, key, par->val.sval); 1144 break; 1145 1146 /* 1147 * Declarative keys (no response required) 1148 */ 1149 case K_TargetAddress: 1150 /* ignore for now... */ 1151 break; 1152 1153 case K_TargetAlias: 1154 if (conn->login_par->is_present.TargetAlias) { 1155 copyoutstr(par->val.sval, conn->login_par->TargetAlias, 1156 ISCSI_STRING_LENGTH - 1, &sz); 1157 /* do anything with return code?? */ 1158 } 1159 break; 1160 1161 case K_TargetPortalGroupTag: 1162 /* ignore for now... */ 1163 break; 1164 1165 default: 1166 DEBOUT(("eval_par: Invalid parameter type %d\n", par->key)); 1167 return ISCSI_STATUS_NEGOTIATION_ERROR; 1168 } 1169 return 0; 1170 } 1171 1172 /*****************************************************************************/ 1173 1174 1175 /* 1176 * init_session_parameters: 1177 * Initialize session-related negotiation parameters from existing session 1178 * 1179 * Parameter: 1180 * sess The session 1181 * state The negotiation state 1182 */ 1183 1184 STATIC void 1185 init_session_parameters(session_t *sess, negotiation_state_t *state) 1186 { 1187 1188 state->ErrorRecoveryLevel = sess->ErrorRecoveryLevel; 1189 state->InitialR2T = sess->InitialR2T; 1190 state->ImmediateData = sess->ImmediateData; 1191 state->MaxConnections = sess->MaxConnections; 1192 state->DefaultTime2Wait = sess->DefaultTime2Wait; 1193 state->DefaultTime2Retain = sess->DefaultTime2Retain; 1194 state->MaxBurstLength = sess->MaxBurstLength; 1195 state->FirstBurstLength = sess->FirstBurstLength; 1196 state->MaxOutstandingR2T = sess->MaxOutstandingR2T; 1197 } 1198 1199 1200 1201 /* 1202 * assemble_login_parameters: 1203 * Assemble the initial login negotiation parameters. 1204 * 1205 * Parameter: 1206 * conn The connection 1207 * ccb The CCB for the login exchange 1208 * pdu The PDU to use for sending 1209 * 1210 * Returns: < 0 if more security negotiation is required 1211 * 0 if this is the last security negotiation block 1212 * > 0 (an ISCSI error code) if an error occurred. 1213 */ 1214 1215 int 1216 assemble_login_parameters(connection_t *conn, ccb_t *ccb, pdu_t *pdu) 1217 { 1218 iscsi_login_parameters_t *par = conn->login_par; 1219 size_t sz; 1220 int rc, i, next; 1221 negotiation_state_t *state; 1222 negotiation_parameter_t *cpar; 1223 1224 state = malloc(sizeof(*state), M_TEMP, M_WAITOK | M_ZERO); 1225 if (state == NULL) { 1226 DEBOUT(("*** Out of memory in assemble_login_params\n")); 1227 return ISCSI_STATUS_NO_RESOURCES; 1228 } 1229 ccb->temp_data = state; 1230 1231 if (!iscsi_InitiatorName[0]) { 1232 DEBOUT(("No InitiatorName\n")); 1233 return ISCSI_STATUS_PARAMETER_MISSING; 1234 } 1235 set_key_s(state, K_InitiatorName, iscsi_InitiatorName); 1236 1237 if (iscsi_InitiatorAlias[0]) 1238 set_key_s(state, K_InitiatorAlias, iscsi_InitiatorAlias); 1239 1240 conn->Our_MaxRecvDataSegmentLength = 1241 (par->is_present.MaxRecvDataSegmentLength) 1242 ? par->MaxRecvDataSegmentLength : DEFAULT_MaxRecvDataSegmentLength; 1243 1244 /* setup some values for authentication */ 1245 if (par->is_present.password) 1246 copyinstr(par->password, state->password, MAX_STRING, &sz); 1247 if (par->is_present.target_password) 1248 copyinstr(par->target_password, state->target_password, 1249 MAX_STRING, &sz); 1250 if (par->is_present.user_name) 1251 copyinstr(par->user_name, state->user_name, MAX_STRING, &sz); 1252 else 1253 strlcpy(state->user_name, iscsi_InitiatorName, 1254 sizeof(state->user_name)); 1255 1256 next = TRUE; 1257 1258 set_key_n(state, K_SessionType, 1259 par->login_type > ISCSI_LOGINTYPE_DISCOVERY); 1260 1261 cpar = set_key_n(state, K_AuthMethod, ISCSI_AUTH_None); 1262 1263 if (cpar != NULL && par->is_present.auth_info && 1264 par->auth_info.auth_number > 0) { 1265 if (par->auth_info.auth_number > ISCSI_AUTH_OPTIONS) { 1266 DEBOUT(("Auth number too big in asm_login\n")); 1267 return ISCSI_STATUS_PARAMETER_INVALID; 1268 } 1269 cpar->list_num = par->auth_info.auth_number; 1270 for (i = 0; i < cpar->list_num; i++) { 1271 cpar->val.nval[i] = par->auth_info.auth_type[i]; 1272 if (par->auth_info.auth_type[i]) 1273 next = FALSE; 1274 } 1275 } 1276 1277 if (par->is_present.TargetName) 1278 copyinstr(par->TargetName, state->temp_buf, ISCSI_STRING_LENGTH - 1, 1279 &sz); 1280 else { 1281 state->temp_buf[0] = 0; 1282 sz = 0; 1283 } 1284 1285 if ((!sz || !state->temp_buf[0]) && 1286 par->login_type != ISCSI_LOGINTYPE_DISCOVERY) { 1287 DEBOUT(("No TargetName\n")); 1288 return ISCSI_STATUS_PARAMETER_MISSING; 1289 } 1290 1291 if (state->temp_buf[0]) { 1292 set_key_s(state, K_TargetName, state->temp_buf); 1293 } 1294 1295 if ((rc = complete_pars(state, pdu)) != 0) 1296 return rc; 1297 1298 return (next) ? 0 : -1; 1299 } 1300 1301 1302 /* 1303 * assemble_security_parameters: 1304 * Assemble the security negotiation parameters. 1305 * 1306 * Parameter: 1307 * conn The connection 1308 * rx_pdu The received login response PDU 1309 * tx_pdu The transmit PDU 1310 * 1311 * Returns: < 0 if more security negotiation is required 1312 * 0 if this is the last security negotiation block 1313 * > 0 (an ISCSI error code) if an error occurred. 1314 */ 1315 1316 int 1317 assemble_security_parameters(connection_t *conn, ccb_t *ccb, pdu_t *rx_pdu, 1318 pdu_t *tx_pdu) 1319 { 1320 negotiation_state_t *state = (negotiation_state_t *) ccb->temp_data; 1321 iscsi_login_parameters_t *par = conn->login_par; 1322 negotiation_parameter_t rxp, *cpar; 1323 uint8_t *rxpars; 1324 int rc, next; 1325 uint8_t identifier = 0; 1326 uint8_t *challenge = NULL; 1327 int challenge_size = 0; 1328 uint8_t *response = NULL; 1329 int response_size = 0; 1330 1331 state->num_pars = 0; 1332 next = 0; 1333 1334 rxpars = (uint8_t *) rx_pdu->temp_data; 1335 if (rxpars == NULL) { 1336 DEBOUT(("No received parameters!\n")); 1337 return ISCSI_STATUS_NEGOTIATION_ERROR; 1338 } 1339 /* Note: There are always at least 2 extra bytes past temp_data_len */ 1340 rxpars[rx_pdu->temp_data_len] = '\0'; 1341 rxpars[rx_pdu->temp_data_len + 1] = '\0'; 1342 1343 while (*rxpars) { 1344 if ((rxpars = get_parameter(rxpars, &rxp)) == NULL) { 1345 DEBOUT(("get_parameter returned error\n")); 1346 return ISCSI_STATUS_NEGOTIATION_ERROR; 1347 } 1348 1349 state->kflags[rxp.key] |= NS_RECEIVED; 1350 1351 switch (rxp.key) { 1352 case K_AuthMethod: 1353 if (state->auth_state != AUTH_INITIAL) { 1354 DEBOUT(("AuthMethod received, auth_state = %d\n", 1355 state->auth_state)); 1356 return ISCSI_STATUS_NEGOTIATION_ERROR; 1357 } 1358 1359 /* Note: if the selection is None, we shouldn't be here, 1360 * the target should have transited the state to op-neg. 1361 */ 1362 if (rxp.val.nval[0] != ISCSI_AUTH_CHAP) { 1363 DEBOUT(("AuthMethod isn't CHAP (%d)\n", rxp.val.nval[0])); 1364 return ISCSI_STATUS_NEGOTIATION_ERROR; 1365 } 1366 1367 state->auth_state = AUTH_METHOD_SELECTED; 1368 state->auth_alg = rxp.val.nval[0]; 1369 break; 1370 1371 case K_Auth_CHAP_Algorithm: 1372 if (state->auth_state != AUTH_CHAP_ALG_SENT || 1373 rxp.val.nval[0] != 5) { 1374 DEBOUT(("Bad algorithm, auth_state = %d, alg %d\n", 1375 state->auth_state, rxp.val.nval[0])); 1376 return ISCSI_STATUS_NEGOTIATION_ERROR; 1377 } 1378 break; 1379 1380 case K_Auth_CHAP_Challenge: 1381 if (state->auth_state != AUTH_CHAP_ALG_SENT || !rxp.list_num) { 1382 DEBOUT(("Bad Challenge, auth_state = %d, len %d\n", 1383 state->auth_state, rxp.list_num)); 1384 return ISCSI_STATUS_NEGOTIATION_ERROR; 1385 } 1386 challenge = rxp.val.sval; 1387 challenge_size = rxp.list_num; 1388 break; 1389 1390 case K_Auth_CHAP_Identifier: 1391 if (state->auth_state != AUTH_CHAP_ALG_SENT) { 1392 DEBOUT(("Bad ID, auth_state = %d, id %d\n", 1393 state->auth_state, rxp.val.nval[0])); 1394 return ISCSI_STATUS_NEGOTIATION_ERROR; 1395 } 1396 identifier = (uint8_t) rxp.val.nval[0]; 1397 break; 1398 1399 case K_Auth_CHAP_Name: 1400 if (state->auth_state != AUTH_CHAP_RSP_SENT) { 1401 DEBOUT(("Bad Name, auth_state = %d, name <%s>\n", 1402 state->auth_state, rxp.val.sval)); 1403 return ISCSI_STATUS_NEGOTIATION_ERROR; 1404 } 1405 /* what do we do with the name?? */ 1406 break; 1407 1408 case K_Auth_CHAP_Response: 1409 if (state->auth_state != AUTH_CHAP_RSP_SENT) { 1410 DEBOUT(("Bad Response, auth_state = %d, size %d\n", 1411 state->auth_state, rxp.list_num)); 1412 return ISCSI_STATUS_NEGOTIATION_ERROR; 1413 } 1414 response = rxp.val.sval; 1415 response_size = rxp.list_num; 1416 if (response_size != CHAP_MD5_SIZE) 1417 return ISCSI_STATUS_NEGOTIATION_ERROR; 1418 break; 1419 1420 default: 1421 rc = eval_parameter(conn, state, &rxp); 1422 if (rc) 1423 return rc; 1424 break; 1425 } 1426 } 1427 1428 switch (state->auth_state) { 1429 case AUTH_INITIAL: 1430 DEBOUT(("Didn't receive Method\n")); 1431 return ISCSI_STATUS_NEGOTIATION_ERROR; 1432 1433 case AUTH_METHOD_SELECTED: 1434 set_key_n(state, K_Auth_CHAP_Algorithm, 5); 1435 state->auth_state = AUTH_CHAP_ALG_SENT; 1436 next = -1; 1437 break; 1438 1439 case AUTH_CHAP_ALG_SENT: 1440 if (!RX(state, K_Auth_CHAP_Algorithm) || 1441 !RX(state, K_Auth_CHAP_Identifier) || 1442 !RX(state, K_Auth_CHAP_Challenge)) { 1443 DEBOUT(("Didn't receive all parameters\n")); 1444 return ISCSI_STATUS_NEGOTIATION_ERROR; 1445 } 1446 1447 set_key_s(state, K_Auth_CHAP_Name, state->user_name); 1448 1449 chap_md5_response(state->temp_buf, identifier, state->password, 1450 challenge, challenge_size); 1451 1452 cpar = set_key_s(state, K_Auth_CHAP_Response, state->temp_buf); 1453 if (cpar != NULL) 1454 cpar->list_num = CHAP_MD5_SIZE; 1455 1456 if (par->auth_info.mutual_auth) { 1457 if (!state->target_password[0]) { 1458 DEBOUT(("No target password with mutual authentication!\n")); 1459 return ISCSI_STATUS_PARAMETER_MISSING; 1460 } 1461 1462 cprng_strong(kern_cprng, 1463 &state->temp_buf[CHAP_MD5_SIZE], 1464 CHAP_CHALLENGE_LEN + 1, 0); 1465 set_key_n(state, K_Auth_CHAP_Identifier, 1466 state->temp_buf[CHAP_MD5_SIZE]); 1467 cpar = set_key_s(state, K_Auth_CHAP_Challenge, 1468 &state->temp_buf[CHAP_MD5_SIZE + 1]); 1469 if (cpar != NULL) 1470 cpar->list_num = CHAP_CHALLENGE_LEN; 1471 next = -1; 1472 } 1473 state->auth_state = AUTH_CHAP_RSP_SENT; 1474 break; 1475 1476 case AUTH_CHAP_RSP_SENT: 1477 /* we can only be here for mutual authentication */ 1478 if (!par->auth_info.mutual_auth || response == NULL) { 1479 DEBOUT(("Mutual authentication not requested\n")); 1480 return ISCSI_STATUS_NEGOTIATION_ERROR; 1481 } 1482 1483 chap_md5_response(state->temp_buf, 1484 state->temp_buf[CHAP_MD5_SIZE], 1485 state->password, 1486 &state->temp_buf[CHAP_MD5_SIZE + 1], 1487 CHAP_CHALLENGE_LEN); 1488 1489 if (memcmp(state->temp_buf, response, response_size)) { 1490 DEBOUT(("Mutual authentication mismatch\n")); 1491 return ISCSI_STATUS_AUTHENTICATION_FAILED; 1492 } 1493 break; 1494 1495 default: 1496 break; 1497 } 1498 1499 complete_pars(state, tx_pdu); 1500 1501 return next; 1502 } 1503 1504 1505 /* 1506 * set_first_opnegs: 1507 * Set the operational negotiation parameters we want to negotiate in 1508 * the first login request in op_neg phase. 1509 * 1510 * Parameter: 1511 * conn The connection 1512 * state Negotiation state 1513 */ 1514 1515 STATIC void 1516 set_first_opnegs(connection_t *conn, negotiation_state_t *state) 1517 { 1518 iscsi_login_parameters_t *lpar = conn->login_par; 1519 negotiation_parameter_t *cpar; 1520 1521 /* Digests - suggest None,CRC32C unless the user forces a value */ 1522 cpar = set_key_n(state, K_HeaderDigest, 1523 (lpar->is_present.HeaderDigest) ? lpar->HeaderDigest : 0); 1524 if (cpar != NULL && !lpar->is_present.HeaderDigest) { 1525 cpar->list_num = 2; 1526 cpar->val.nval[1] = 1; 1527 } 1528 1529 cpar = set_key_n(state, K_DataDigest, (lpar->is_present.DataDigest) 1530 ? lpar->DataDigest : 0); 1531 if (cpar != NULL && !lpar->is_present.DataDigest) { 1532 cpar->list_num = 2; 1533 cpar->val.nval[1] = 1; 1534 } 1535 1536 set_key_n(state, K_MaxRecvDataSegmentLength, 1537 conn->Our_MaxRecvDataSegmentLength); 1538 /* This is direction-specific, we may have a different default */ 1539 state->MaxRecvDataSegmentLength = 1540 entries[K_MaxRecvDataSegmentLength].defval; 1541 1542 /* First connection only */ 1543 if (!conn->session->TSIH) { 1544 state->ErrorRecoveryLevel = 1545 (lpar->is_present.ErrorRecoveryLevel) ? lpar->ErrorRecoveryLevel 1546 : 2; 1547 /* 1548 Negotiate InitialR2T to FALSE and ImmediateData to TRUE, should 1549 be slightly more efficient than the default InitialR2T=TRUE. 1550 */ 1551 state->InitialR2T = FALSE; 1552 state->ImmediateData = TRUE; 1553 1554 /* We don't really care about this, so don't negotiate by default */ 1555 state->MaxBurstLength = entries[K_MaxBurstLength].defval; 1556 state->FirstBurstLength = entries[K_FirstBurstLength].defval; 1557 state->MaxOutstandingR2T = entries[K_MaxOutstandingR2T].defval; 1558 1559 set_key_n(state, K_ErrorRecoveryLevel, state->ErrorRecoveryLevel); 1560 set_key_n(state, K_InitialR2T, state->InitialR2T); 1561 set_key_n(state, K_ImmediateData, state->ImmediateData); 1562 1563 if (lpar->is_present.MaxConnections) { 1564 state->MaxConnections = lpar->MaxConnections; 1565 set_key_n(state, K_MaxConnections, lpar->MaxConnections); 1566 } 1567 1568 if (lpar->is_present.DefaultTime2Wait) 1569 set_key_n(state, K_DefaultTime2Wait, lpar->DefaultTime2Wait); 1570 else 1571 state->DefaultTime2Wait = entries[K_DefaultTime2Wait].defval; 1572 1573 if (lpar->is_present.DefaultTime2Retain) 1574 set_key_n(state, K_DefaultTime2Retain, lpar->DefaultTime2Retain); 1575 else 1576 state->DefaultTime2Retain = entries[K_DefaultTime2Retain].defval; 1577 } else 1578 init_session_parameters(conn->session, state); 1579 1580 DEBC(conn, 10, ("SetFirstOpnegs: recover=%d, MRDSL=%d\n", 1581 conn->recover, state->MaxRecvDataSegmentLength)); 1582 } 1583 1584 1585 /* 1586 * assemble_negotiation_parameters: 1587 * Assemble any negotiation parameters requested by the other side. 1588 * 1589 * Parameter: 1590 * conn The connection 1591 * ccb The login ccb 1592 * rx_pdu The received login response PDU 1593 * tx_pdu The transmit PDU 1594 * 1595 * Returns: 0 On success 1596 * > 0 (an ISCSI error code) if an error occurred. 1597 */ 1598 1599 int 1600 assemble_negotiation_parameters(connection_t *conn, ccb_t *ccb, pdu_t *rx_pdu, 1601 pdu_t *tx_pdu) 1602 { 1603 negotiation_state_t *state = (negotiation_state_t *) ccb->temp_data; 1604 negotiation_parameter_t rxp; 1605 uint8_t *rxpars; 1606 int rc; 1607 1608 state->num_pars = 0; 1609 1610 DEBC(conn, 10, ("AsmNegParams: connState=%d, MRDSL=%d\n", 1611 conn->state, state->MaxRecvDataSegmentLength)); 1612 1613 if (conn->state == ST_SEC_NEG) { 1614 conn->state = ST_OP_NEG; 1615 set_first_opnegs(conn, state); 1616 } 1617 1618 rxpars = (uint8_t *) rx_pdu->temp_data; 1619 if (rxpars != NULL) { 1620 /* Note: There are always at least 2 extra bytes past temp_data_len */ 1621 rxpars[rx_pdu->temp_data_len] = '\0'; 1622 rxpars[rx_pdu->temp_data_len + 1] = '\0'; 1623 1624 while (*rxpars) { 1625 if ((rxpars = get_parameter(rxpars, &rxp)) == NULL) 1626 return ISCSI_STATUS_NEGOTIATION_ERROR; 1627 1628 rc = eval_parameter(conn, state, &rxp); 1629 if (rc) 1630 return rc; 1631 } 1632 } 1633 1634 if (tx_pdu == NULL) 1635 return 0; 1636 1637 complete_pars(state, tx_pdu); 1638 1639 return 0; 1640 } 1641 1642 /* 1643 * init_text_parameters: 1644 * Initialize text negotiation. 1645 * 1646 * Parameter: 1647 * conn The connection 1648 * tx_pdu The transmit PDU 1649 * 1650 * Returns: 0 On success 1651 * > 0 (an ISCSI error code) if an error occurred. 1652 */ 1653 1654 int 1655 init_text_parameters(connection_t *conn, ccb_t *ccb) 1656 { 1657 negotiation_state_t *state; 1658 1659 state = malloc(sizeof(*state), M_TEMP, M_WAITOK | M_ZERO); 1660 if (state == NULL) { 1661 DEBOUT(("*** Out of memory in init_text_params\n")); 1662 return ISCSI_STATUS_NO_RESOURCES; 1663 } 1664 ccb->temp_data = state; 1665 1666 state->HeaderDigest = conn->HeaderDigest; 1667 state->DataDigest = conn->DataDigest; 1668 state->MaxRecvDataSegmentLength = conn->MaxRecvDataSegmentLength; 1669 init_session_parameters(conn->session, state); 1670 1671 return 0; 1672 } 1673 1674 1675 /* 1676 * assemble_send_targets: 1677 * Assemble send targets request 1678 * 1679 * Parameter: 1680 * pdu The transmit PDU 1681 * val The SendTargets key value 1682 * 1683 * Returns: 0 On success 1684 * > 0 (an ISCSI error code) if an error occurred. 1685 */ 1686 1687 int 1688 assemble_send_targets(pdu_t *pdu, uint8_t *val) 1689 { 1690 negotiation_parameter_t par; 1691 uint8_t *buf; 1692 int len; 1693 1694 par.key = K_SendTargets; 1695 par.list_num = 1; 1696 par.val.sval = val; 1697 1698 len = parameter_size(&par); 1699 1700 if ((buf = malloc(len, M_TEMP, M_WAITOK)) == NULL) { 1701 DEBOUT(("*** Out of memory in assemble_send_targets\n")); 1702 return ISCSI_STATUS_NO_RESOURCES; 1703 } 1704 pdu->temp_data = buf; 1705 pdu->temp_data_len = len; 1706 1707 if (put_parameter(buf, len, &par) == 0) 1708 return ISCSI_STATUS_PARAMETER_INVALID; 1709 1710 return 0; 1711 } 1712 1713 1714 /* 1715 * set_negotiated_parameters: 1716 * Copy the negotiated parameters into the connection and session structure. 1717 * 1718 * Parameter: 1719 * ccb The ccb containing the state information 1720 */ 1721 1722 void 1723 set_negotiated_parameters(ccb_t *ccb) 1724 { 1725 negotiation_state_t *state = (negotiation_state_t *) ccb->temp_data; 1726 connection_t *conn = ccb->connection; 1727 session_t *sess = ccb->session; 1728 1729 conn->HeaderDigest = state->HeaderDigest; 1730 conn->DataDigest = state->DataDigest; 1731 sess->ErrorRecoveryLevel = state->ErrorRecoveryLevel; 1732 sess->InitialR2T = state->InitialR2T; 1733 sess->ImmediateData = state->ImmediateData; 1734 conn->MaxRecvDataSegmentLength = state->MaxRecvDataSegmentLength; 1735 sess->MaxConnections = state->MaxConnections; 1736 sess->DefaultTime2Wait = conn->Time2Wait = state->DefaultTime2Wait; 1737 sess->DefaultTime2Retain = conn->Time2Retain = 1738 state->DefaultTime2Retain; 1739 1740 /* set idle connection timeout to half the Time2Retain window so we */ 1741 /* don't miss it, unless Time2Retain is ridiculously small. */ 1742 conn->idle_timeout_val = (conn->Time2Retain >= 10) ? 1743 (conn->Time2Retain / 2) * hz : CONNECTION_IDLE_TIMEOUT; 1744 1745 sess->MaxBurstLength = state->MaxBurstLength; 1746 sess->FirstBurstLength = state->FirstBurstLength; 1747 sess->MaxOutstandingR2T = state->MaxOutstandingR2T; 1748 1749 DEBC(conn, 10,("SetNegPar: MRDSL=%d, MBL=%d, FBL=%d, IR2T=%d, ImD=%d\n", 1750 state->MaxRecvDataSegmentLength, state->MaxBurstLength, 1751 state->FirstBurstLength, state->InitialR2T, 1752 state->ImmediateData)); 1753 1754 conn->max_transfer = min(sess->MaxBurstLength, conn->MaxRecvDataSegmentLength); 1755 1756 conn->max_firstimmed = (!sess->ImmediateData) ? 0 : 1757 min(sess->FirstBurstLength, conn->max_transfer); 1758 1759 conn->max_firstdata = (sess->InitialR2T || sess->FirstBurstLength < conn->max_firstimmed) ? 0 : 1760 min(sess->FirstBurstLength - conn->max_firstimmed, conn->max_transfer); 1761 1762 } 1763