1 /* $NetBSD: iscsi_text.c,v 1.1 2011/10/23 21:15:02 agc Exp $ */ 2 3 /*- 4 * Copyright (c) 2005,2006,2011 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Wasabi Systems, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include "iscsi_globals.h" 33 #include "base64.h" 34 #include <sys/md5.h> 35 36 #define isdigit(x) ((x) >= '0' && (x) <= '9') 37 #define toupper(x) ((x) & ~0x20) 38 39 /*****************************************************************************/ 40 41 #define MAX_STRING 255 /* Maximum length of parameter value */ 42 #define MAX_LIST 4 /* Maximum number of list elements we'll ever send */ 43 44 /* Maximum number of negotiation parameters in the operational negotiation phase */ 45 /* 48 should be more than enough even with the target defining its own keys */ 46 #define MAX_NEG 48 47 48 #define CHAP_CHALLENGE_LEN 32 /* Number of bytes to send in challenge */ 49 #define CHAP_MD5_SIZE 16 /* Number of bytes in MD5 hash */ 50 51 /*****************************************************************************/ 52 53 /* authentication states */ 54 55 typedef enum 56 { 57 AUTH_INITIAL, /* sending choice of algorithms */ 58 AUTH_METHOD_SELECTED, /* received choice, sending first parameter */ 59 /* from here it's alg dependent */ 60 AUTH_CHAP_ALG_SENT, /* CHAP: Algorithm selected */ 61 AUTH_CHAP_RSP_SENT, /* CHAP: Response sent */ 62 /* for all algorithms */ 63 AUTH_DONE /* in parameter negotiation stage */ 64 } auth_state_t; 65 66 67 /* enumeration of all the keys we know, and a place for the ones we don't */ 68 69 typedef enum 70 { 71 K_AuthMethod, 72 K_Auth_CHAP_Algorithm, 73 K_Auth_CHAP_Challenge, 74 K_Auth_CHAP_Identifier, 75 K_Auth_CHAP_Name, 76 K_Auth_CHAP_Response, 77 K_DataDigest, 78 K_DataPDUInOrder, 79 K_DataSequenceInOrder, 80 K_DefaultTime2Retain, 81 K_DefaultTime2Wait, 82 K_ErrorRecoveryLevel, 83 K_FirstBurstLength, 84 K_HeaderDigest, 85 K_IFMarker, 86 K_IFMarkInt, 87 K_ImmediateData, 88 K_InitialR2T, 89 K_InitiatorAlias, 90 K_InitiatorName, 91 K_MaxBurstLength, 92 K_MaxConnections, 93 K_MaxOutstandingR2T, 94 K_MaxRecvDataSegmentLength, 95 K_OFMarker, 96 K_OFMarkInt, 97 K_SendTargets, 98 K_SessionType, 99 K_TargetAddress, 100 K_TargetAlias, 101 K_TargetName, 102 K_TargetPortalGroupTag, 103 K_NotUnderstood 104 } text_key_t; 105 106 /* maximum known key */ 107 #define MAX_KEY K_TargetPortalGroupTag 108 109 110 #undef DEBOUT 111 #define DEBOUT(x) printf x 112 113 114 115 /* value types */ 116 typedef enum 117 { /* Value is... */ 118 T_NUM, /* numeric */ 119 T_BIGNUM, /* large numeric */ 120 T_STRING, /* string */ 121 T_YESNO, /* boolean (Yes or No) */ 122 T_AUTH, /* authentication type (CHAP or None for now) */ 123 T_DIGEST, /* digest (None or CRC32C) */ 124 T_RANGE, /* numeric range */ 125 T_SENDT, /* send target options (ALL, target-name, empty) */ 126 T_SESS /* session type (Discovery or Normal) */ 127 } val_kind_t; 128 129 130 /* table of negotiation key strings with value type and default */ 131 132 typedef struct 133 { 134 const uint8_t *name; /* the key name */ 135 val_kind_t val; /* the value type */ 136 uint32_t defval; /* default value */ 137 } key_entry_t; 138 139 STATIC key_entry_t entries[] = { 140 {"AuthMethod", T_AUTH, 0}, 141 {"CHAP_A", T_NUM, 5}, 142 {"CHAP_C", T_BIGNUM, 0}, 143 {"CHAP_I", T_NUM, 0}, 144 {"CHAP_N", T_STRING, 0}, 145 {"CHAP_R", T_BIGNUM, 0}, 146 {"DataDigest", T_DIGEST, 0}, 147 {"DataPDUInOrder", T_YESNO, 1}, 148 {"DataSequenceInOrder", T_YESNO, 1}, 149 {"DefaultTime2Retain", T_NUM, 20}, 150 {"DefaultTime2Wait", T_NUM, 2}, 151 {"ErrorRecoveryLevel", T_NUM, 0}, 152 {"FirstBurstLength", T_NUM, 64 * 1024}, 153 {"HeaderDigest", T_DIGEST, 0}, 154 {"IFMarker", T_YESNO, 0}, 155 {"IFMarkInt", T_RANGE, 2048}, 156 {"ImmediateData", T_YESNO, 1}, 157 {"InitialR2T", T_YESNO, 1}, 158 {"InitiatorAlias", T_STRING, 0}, 159 {"InitiatorName", T_STRING, 0}, 160 {"MaxBurstLength", T_NUM, 256 * 1024}, 161 {"MaxConnections", T_NUM, 1}, 162 {"MaxOutstandingR2T", T_NUM, 1}, 163 {"MaxRecvDataSegmentLength", T_NUM, 8192}, 164 {"OFMarker", T_YESNO, 0}, 165 {"OFMarkInt", T_RANGE, 2048}, 166 {"SendTargets", T_SENDT, 0}, 167 {"SessionType", T_SESS, 0}, 168 {"TargetAddress", T_STRING, 0}, 169 {"TargetAlias", T_STRING, 0}, 170 {"TargetName", T_STRING, 0}, 171 {"TargetPortalGroupTag", T_NUM, 0}, 172 {NULL, T_STRING, 0} 173 }; 174 175 /* a negotiation parameter: key and values (there may be more than 1 for lists) */ 176 typedef struct 177 { 178 text_key_t key; /* the key */ 179 int list_num; /* number of elements in list, doubles as */ 180 /* data size for large numeric values */ 181 union 182 { 183 uint32_t nval[MAX_LIST]; /* numeric or enumeration values */ 184 uint8_t *sval; /* string or data pointer */ 185 } val; 186 } negotiation_parameter_t; 187 188 189 /* Negotiation state flags */ 190 #define NS_SENT 0x01 /* key was sent to target */ 191 #define NS_RECEIVED 0x02 /* key was received from target */ 192 193 typedef struct 194 { 195 negotiation_parameter_t pars[MAX_NEG]; /* the parameters to send */ 196 negotiation_parameter_t *cpar; /* the last parameter set */ 197 uint16_t num_pars; /* number of parameters to send */ 198 auth_state_t auth_state; /* authentication state */ 199 iscsi_auth_types_t auth_alg; /* authentication algorithm */ 200 uint8_t kflags[MAX_KEY + 2]; /* negotiation flags for each key */ 201 uint8_t password[MAX_STRING + 1]; /* authentication secret */ 202 uint8_t target_password[MAX_STRING + 1]; /* target authentication secret */ 203 uint8_t user_name[MAX_STRING + 1]; /* authentication user ID */ 204 uint8_t temp_buf[MAX_STRING + 1]; /* scratch buffer */ 205 206 bool HeaderDigest; 207 bool DataDigest; 208 bool InitialR2T; 209 bool ImmediateData; 210 uint32_t ErrorRecoveryLevel; 211 uint32_t MaxRecvDataSegmentLength; 212 uint32_t MaxConnections; 213 uint32_t DefaultTime2Wait; 214 uint32_t DefaultTime2Retain; 215 uint32_t MaxBurstLength; 216 uint32_t FirstBurstLength; 217 uint32_t MaxOutstandingR2T; 218 219 } negotiation_state_t; 220 221 222 #define TX(state, key) (state->kflags [key] & NS_SENT) 223 #define RX(state, key) (state->kflags [key] & NS_RECEIVED) 224 225 /*****************************************************************************/ 226 227 228 STATIC void 229 chap_md5_response(uint8_t *buffer, uint8_t identifier, uint8_t *secret, 230 uint8_t *challenge, int challenge_size) 231 { 232 MD5_CTX md5; 233 234 MD5Init(&md5); 235 MD5Update(&md5, &identifier, 1); 236 MD5Update(&md5, secret, strlen(secret)); 237 MD5Update(&md5, challenge, challenge_size); 238 MD5Final(buffer, &md5); 239 } 240 241 242 /*****************************************************************************/ 243 244 /* 245 * hexdig: 246 * Return value of hex digit. 247 * Note: a null character is acceptable, and returns 0. 248 * 249 * Parameter: 250 * c The character 251 * 252 * Returns: The value, -1 on error. 253 */ 254 255 static __inline int 256 hexdig(uint8_t c) 257 { 258 259 if (!c) { 260 return 0; 261 } 262 if (isdigit(c)) { 263 return c - '0'; 264 } 265 c = toupper(c); 266 if (c >= 'A' && c <= 'F') { 267 return c - 'A' + 10; 268 } 269 return -1; 270 } 271 272 /* 273 * skiptozero: 274 * Skip to next zero character in buffer. 275 * 276 * Parameter: 277 * buf The buffer pointer 278 * 279 * Returns: The pointer to the character after the zero character. 280 */ 281 282 static __inline uint8_t * 283 skiptozero(uint8_t *buf) 284 { 285 286 while (*buf) { 287 buf++; 288 } 289 return buf + 1; 290 } 291 292 293 /* 294 * get_bignumval: 295 * Get a large numeric value. 296 * NOTE: Overwrites source string. 297 * 298 * Parameter: 299 * buf The buffer pointer 300 * par The parameter 301 * 302 * Returns: The pointer to the next parameter, NULL on error. 303 */ 304 305 STATIC uint8_t * 306 get_bignumval(uint8_t *buf, negotiation_parameter_t *par) 307 { 308 int val; 309 char c; 310 uint8_t *dp = buf; 311 312 par->val.sval = buf; 313 314 if (buf[0] == '0' && (buf[1] == 'x' || buf[1] == 'X')) { 315 buf += 2; 316 while ((c = *buf) != 0x0) { 317 buf++; 318 val = (hexdig(c) << 4) | hexdig(*buf); 319 if (val < 0) { 320 return NULL; 321 } 322 *dp++ = (uint8_t) val; 323 if (*buf) { 324 buf++; 325 } 326 } 327 buf++; 328 par->list_num = dp - par->val.sval; 329 } else if (buf[0] == '0' && (buf[1] == 'b' || buf[1] == 'B')) { 330 buf = base64_decode(&buf[2], par->val.sval, &par->list_num); 331 } else { 332 DEBOUT(("Ill-formatted large number <%s>\n", buf)); 333 return NULL; 334 } 335 336 return buf; 337 } 338 339 340 /* 341 * get_numval: 342 * Get a numeric value. 343 * 344 * Parameter: 345 * buf The buffer pointer 346 * pval The pointer to the result. 347 * 348 * Returns: The pointer to the next parameter, NULL on error. 349 */ 350 351 STATIC uint8_t * 352 get_numval(uint8_t *buf, uint32_t *pval) 353 { 354 uint32_t val = 0; 355 char c; 356 357 if (buf[0] == '0' && (buf[1] == 'x' || buf[1] == 'X')) { 358 buf += 2; 359 while (*buf && *buf != '~') { 360 int n; 361 362 if ((n = hexdig(*buf++)) < 0) 363 return NULL; 364 val = (val << 4) | n; 365 } 366 } else 367 while (*buf && *buf != '~') { 368 c = *buf++; 369 if (!isdigit(c)) 370 return NULL; 371 val = val * 10 + (c - '0'); 372 } 373 374 *pval = val; 375 376 return buf + 1; 377 } 378 379 380 /* 381 * get_range: 382 * Get a numeric range. 383 * 384 * Parameter: 385 * buf The buffer pointer 386 * pval1 The pointer to the first result. 387 * pval2 The pointer to the second result. 388 * 389 * Returns: The pointer to the next parameter, NULL on error. 390 */ 391 392 STATIC uint8_t * 393 get_range(uint8_t *buf, uint32_t *pval1, uint32_t *pval2) 394 { 395 396 if ((buf = get_numval(buf, pval1)) == NULL) 397 return NULL; 398 if (!*buf) 399 return NULL; 400 if ((buf = get_numval(buf, pval2)) == NULL) 401 return NULL; 402 return buf; 403 } 404 405 406 /* 407 * get_ynval: 408 * Get a yes/no selection. 409 * 410 * Parameter: 411 * buf The buffer pointer 412 * pval The pointer to the result. 413 * 414 * Returns: The pointer to the next parameter, NULL on error. 415 */ 416 417 STATIC uint8_t * 418 get_ynval(uint8_t *buf, uint32_t *pval) 419 { 420 421 if (strcmp(buf, "Yes") == 0) 422 *pval = 1; 423 else if (strcmp(buf, "No") == 0) 424 *pval = 0; 425 else 426 return NULL; 427 428 return skiptozero(buf); 429 } 430 431 432 /* 433 * get_digestval: 434 * Get a digest selection. 435 * 436 * Parameter: 437 * buf The buffer pointer 438 * pval The pointer to the result. 439 * 440 * Returns: The pointer to the next parameter, NULL on error. 441 */ 442 443 STATIC uint8_t * 444 get_digestval(uint8_t *buf, uint32_t *pval) 445 { 446 447 if (strcmp(buf, "CRC32C") == 0) 448 *pval = 1; 449 else if (strcmp(buf, "None") == 0) 450 *pval = 0; 451 else 452 return NULL; 453 454 return skiptozero(buf); 455 } 456 457 458 /* 459 * get_authval: 460 * Get an authentication method. 461 * 462 * Parameter: 463 * buf The buffer pointer 464 * pval The pointer to the result. 465 * 466 * Returns: The pointer to the next parameter, NULL on error. 467 */ 468 469 STATIC uint8_t * 470 get_authval(uint8_t *buf, uint32_t *pval) 471 { 472 473 if (strcmp(buf, "None") == 0) 474 *pval = ISCSI_AUTH_None; 475 else if (strcmp(buf, "CHAP") == 0) 476 *pval = ISCSI_AUTH_CHAP; 477 else if (strcmp(buf, "KRB5") == 0) 478 *pval = ISCSI_AUTH_KRB5; 479 else if (strcmp(buf, "SRP") == 0) 480 *pval = ISCSI_AUTH_SRP; 481 else 482 return NULL; 483 484 return skiptozero(buf); 485 } 486 487 488 /* 489 * get_strval: 490 * Get a string value (returns pointer to original buffer, not a copy). 491 * 492 * Parameter: 493 * buf The buffer pointer 494 * pval The pointer to the result pointer. 495 * 496 * Returns: The pointer to the next parameter, NULL on error. 497 */ 498 499 STATIC uint8_t * 500 get_strval(uint8_t *buf, uint8_t **pval) 501 { 502 503 if (strlen(buf) > MAX_STRING) 504 return NULL; 505 506 *pval = buf; 507 508 return skiptozero(buf); 509 } 510 511 512 /* 513 * get_parameter: 514 * Analyze a key=value string. 515 * NOTE: The string is modified in the process. 516 * 517 * Parameter: 518 * buf The buffer pointer 519 * par The parameter descriptor to be filled in 520 * 521 * Returns: The pointer to the next parameter, NULL on error. 522 */ 523 524 STATIC uint8_t * 525 get_parameter(uint8_t *buf, negotiation_parameter_t *par) 526 { 527 uint8_t *bp = buf; 528 int i; 529 530 while (*bp && *bp != '=') { 531 bp++; 532 } 533 if (!*bp) { 534 DEBOUT(("get_parameter: Premature end of parameter\n")); 535 return NULL; 536 } 537 538 *bp++ = 0; 539 540 for (i = 0; i <= MAX_KEY; i++) 541 if (!strcmp(buf, entries[i].name)) 542 break; 543 544 par->key = i; 545 par->list_num = 1; 546 547 if (i > MAX_KEY) { 548 DEBOUT(("get_parameter: unrecognized key <%s>\n", buf)); 549 if (strlen(buf) > MAX_STRING) { 550 DEBOUT(("get_parameter: key name > MAX_STRING\n")); 551 return NULL; 552 } 553 par->val.sval = buf; 554 return skiptozero(bp); 555 } 556 557 switch (entries[i].val) { 558 case T_NUM: 559 bp = get_numval(bp, &par->val.nval[0]); 560 break; 561 562 case T_BIGNUM: 563 bp = get_bignumval(bp, par); 564 break; 565 566 case T_STRING: 567 bp = get_strval(bp, &par->val.sval); 568 break; 569 570 case T_YESNO: 571 bp = get_ynval(bp, &par->val.nval[0]); 572 break; 573 574 case T_AUTH: 575 bp = get_authval(bp, &par->val.nval[0]); 576 break; 577 578 case T_DIGEST: 579 bp = get_digestval(bp, &par->val.nval[0]); 580 break; 581 582 case T_RANGE: 583 bp = get_range(bp, &par->val.nval[0], &par->val.nval[1]); 584 break; 585 586 default: 587 /* Target sending any other types is wrong */ 588 bp = NULL; 589 break; 590 } 591 DEB(10, ("get_par: key <%s>=%d, val=%d, ret %p\n", 592 buf, i, entries[i].val, bp)); 593 return bp; 594 } 595 596 /*****************************************************************************/ 597 598 /* 599 * my_strcpy: 600 * Replacement for strcpy that returns the end of the result string 601 * 602 * Parameter: 603 * dest The destination buffer pointer 604 * src The source string 605 * 606 * Returns: A pointer to the terminating zero of the result. 607 */ 608 609 static __inline unsigned 610 my_strcpy(uint8_t *dest, const uint8_t *src) 611 { 612 unsigned cc; 613 614 for (cc = 0 ; (*dest = *src) != 0x0 ; cc++) { 615 dest++; 616 src++; 617 } 618 return cc; 619 } 620 621 622 /* 623 * put_parameter: 624 * Create a key=value string. 625 * 626 * Parameter: 627 * buf The buffer pointer 628 * par The parameter descriptor 629 * 630 * Returns: The pointer to the next free buffer space, NULL on error. 631 */ 632 633 STATIC unsigned 634 put_parameter(uint8_t *buf, unsigned len, negotiation_parameter_t *par) 635 { 636 int i; 637 unsigned cc; 638 const uint8_t *sp; 639 640 if (par->key > MAX_KEY) { 641 return snprintf(buf, len, "%s=NotUnderstood", par->val.sval); 642 } 643 644 cc = snprintf(buf, len, "%s=", entries[par->key].name); 645 646 for (i = 0; i < par->list_num; i++) { 647 switch (entries[par->key].val) { 648 case T_NUM: 649 cc += snprintf(&buf[cc], len - cc, "%d", par->val.nval[i]); 650 break; 651 652 case T_BIGNUM: 653 /* list_num holds value size */ 654 cc += base64_encode(par->val.sval, par->list_num, &buf[cc]); 655 i = par->list_num; 656 break; 657 658 case T_STRING: 659 cc += my_strcpy(&buf[cc], par->val.sval); 660 break; 661 662 case T_YESNO: 663 cc += my_strcpy(&buf[cc], 664 (par->val.nval[i]) ? "Yes" : "No"); 665 break; 666 667 case T_AUTH: 668 switch (par->val.nval[i]) { 669 case ISCSI_AUTH_CHAP: 670 sp = "CHAP"; 671 break; 672 case ISCSI_AUTH_KRB5: 673 sp = "KRB5"; 674 break; 675 case ISCSI_AUTH_SRP: 676 sp = "SRP"; 677 break; 678 default: 679 sp = "None"; 680 break; 681 } 682 cc += my_strcpy(&buf[cc], sp); 683 break; 684 685 case T_DIGEST: 686 cc += my_strcpy(&buf[cc], (par->val.nval[i]) ? "CRC32C" : "None"); 687 break; 688 689 case T_RANGE: 690 if ((i + 1) >= par->list_num) { 691 cc += my_strcpy(&buf[cc], "Reject"); 692 } else { 693 cc += snprintf(&buf[cc], len - cc, 694 "%d~%d", par->val.nval[i], 695 par->val.nval[i + 1]); 696 i++; 697 } 698 break; 699 700 case T_SENDT: 701 cc += my_strcpy(&buf[cc], par->val.sval); 702 break; 703 704 case T_SESS: 705 cc += my_strcpy(&buf[cc], 706 (par->val.nval[i]) ? "Normal" : "Discovery"); 707 break; 708 709 default: 710 /* We should't be here... */ 711 DEBOUT(("Invalid type %d in put_parameter!\n", 712 entries[par->key].val)); 713 break; 714 } 715 if ((i + 1) < par->list_num) { 716 buf[cc++] = ','; 717 } 718 } 719 720 buf[cc] = 0x0; /* make sure it's terminated */ 721 return cc + 1; /* return next place in list */ 722 } 723 724 725 /* 726 * put_par_block: 727 * Fill a parameter block 728 * 729 * Parameter: 730 * buf The buffer pointer 731 * pars The parameter descriptor array 732 * n The number of elements 733 * 734 * Returns: result from put_parameter (ptr to buffer, NULL on error) 735 */ 736 737 static __inline unsigned 738 put_par_block(uint8_t *buf, unsigned len, negotiation_parameter_t *pars, int n) 739 { 740 unsigned cc; 741 int i; 742 743 for (cc = 0, i = 0; i < n; i++) { 744 cc += put_parameter(&buf[cc], len - cc, pars++); 745 if (cc >= len) { 746 break; 747 } 748 } 749 return cc; 750 } 751 752 /* 753 * parameter_size: 754 * Determine the size of a key=value string. 755 * 756 * Parameter: 757 * par The parameter descriptor 758 * 759 * Returns: The size of the resulting string. 760 */ 761 762 STATIC int 763 parameter_size(negotiation_parameter_t *par) 764 { 765 int i, size; 766 char buf[24]; /* max. 2 10-digit numbers + sep. */ 767 768 if (par->key > MAX_KEY) { 769 return strlen(par->val.sval) + 15; 770 } 771 /* count '=' and terminal zero */ 772 size = strlen(entries[par->key].name) + 2; 773 774 for (i = 0; i < par->list_num; i++) { 775 switch (entries[par->key].val) { 776 case T_NUM: 777 size += snprintf(buf, sizeof(buf), "%d", 778 par->val.nval[i]); 779 break; 780 781 case T_BIGNUM: 782 /* list_num holds value size */ 783 size += base64_enclen(par->list_num); 784 i = par->list_num; 785 break; 786 787 case T_STRING: 788 case T_SENDT: 789 size += strlen(par->val.sval); 790 break; 791 792 case T_YESNO: 793 size += (par->val.nval[i]) ? 3 : 2; 794 break; 795 796 case T_AUTH: 797 size += (par->val.nval[i] == ISCSI_AUTH_SRP) ? 3 : 4; 798 break; 799 800 case T_DIGEST: 801 size += (par->val.nval[i]) ? 6 : 4; 802 break; 803 804 case T_RANGE: 805 assert((i + 1) < par->list_num); 806 size += snprintf(buf, sizeof(buf), "%d~%d", 807 par->val.nval[i], 808 par->val.nval[i + 1]); 809 i++; 810 break; 811 812 case T_SESS: 813 size += (par->val.nval[i]) ? 6 : 9; 814 break; 815 816 default: 817 /* We should't be here... */ 818 DEBOUT(("Invalid type %d in parameter_size!\n", 819 entries[par->key].val)); 820 break; 821 } 822 if ((i + 1) < par->list_num) { 823 size++; 824 } 825 } 826 827 return size; 828 } 829 830 831 /* 832 * total_size: 833 * Determine the size of a negotiation data block 834 * 835 * Parameter: 836 * pars The parameter descriptor array 837 * n The number of elements 838 * 839 * Returns: The size of the block 840 */ 841 842 static __inline int 843 total_size(negotiation_parameter_t *pars, int n) 844 { 845 int i, size; 846 847 for (i = 0, size = 0; i < n; i++) { 848 size += parameter_size(pars++); 849 } 850 return size; 851 } 852 853 /*****************************************************************************/ 854 855 856 /* 857 * complete_pars: 858 * Allocate space for text parameters, translate parameter values into 859 * text. 860 * 861 * Parameter: 862 * state Negotiation state 863 * pdu The transmit PDU 864 * 865 * Returns: 0 On success 866 * > 0 (an ISCSI error code) if an error occurred. 867 */ 868 869 STATIC int 870 complete_pars(negotiation_state_t *state, pdu_t *pdu) 871 { 872 int len; 873 uint8_t *bp; 874 #ifdef ISCSI_TEST_MODE 875 test_pars_t *tp = pdu->connection->test_pars; 876 neg_desc_t *nd = NULL; 877 #endif 878 879 len = total_size(state->pars, state->num_pars); 880 881 #ifdef ISCSI_TEST_MODE 882 if (tp != NULL) { 883 while ((nd = TAILQ_FIRST(&pdu->connection->test_pars->negs)) != NULL && 884 nd->entry.state < state->auth_state) { 885 TAILQ_REMOVE(&tp->negs, nd, link); 886 free(nd, M_TEMP); 887 } 888 if (nd != NULL && nd->entry.state == state->auth_state) { 889 if (nd->entry.flags & ISCSITEST_NEGOPT_REPLACE) 890 len = 0; 891 len += nd->entry.size; 892 } else 893 nd = NULL; 894 } 895 #endif 896 897 DEB(10, ("complete_pars: n=%d, len=%d\n", state->num_pars, len)); 898 899 if ((bp = malloc(len, M_TEMP, M_WAITOK)) == NULL) { 900 DEBOUT(("*** Out of memory in complete_pars\n")); 901 return ISCSI_STATUS_NO_RESOURCES; 902 } 903 pdu->temp_data = bp; 904 905 #ifdef ISCSI_TEST_MODE 906 if (nd == NULL || !(nd->entry.flags & ISCSITEST_NEGOPT_REPLACE)) 907 if ((bp = put_par_block(pdu->temp_data, len, 908 state->pars, state->num_pars)) == NULL) { 909 DEBOUT(("Bad parameter in complete_pars\n")); 910 return ISCSI_STATUS_PARAMETER_INVALID; 911 } 912 if (nd != NULL) { 913 memcpy(bp, nd->entry.value, nd->entry.size); 914 TAILQ_REMOVE(&tp->negs, nd, link); 915 free(nd, M_TEMP); 916 } 917 #else 918 if (put_par_block(pdu->temp_data, len, state->pars, 919 state->num_pars) == 0) { 920 DEBOUT(("Bad parameter in complete_pars\n")); 921 return ISCSI_STATUS_PARAMETER_INVALID; 922 } 923 #endif 924 925 pdu->temp_data_len = len; 926 return 0; 927 } 928 929 930 /* 931 * set_key_n: 932 * Initialize a key and its numeric value. 933 * 934 * Parameter: 935 * state Negotiation state 936 * key The key 937 * val The value 938 */ 939 940 STATIC negotiation_parameter_t * 941 set_key_n(negotiation_state_t *state, text_key_t key, uint32_t val) 942 { 943 negotiation_parameter_t *par; 944 945 if (state->num_pars >= MAX_NEG) { 946 DEBOUT(("set_key_n: num_pars (%d) >= MAX_NEG (%d)\n", 947 state->num_pars, MAX_NEG)); 948 return NULL; 949 } 950 par = &state->pars[state->num_pars]; 951 par->key = key; 952 par->list_num = 1; 953 par->val.nval[0] = val; 954 state->num_pars++; 955 state->kflags[key] |= NS_SENT; 956 957 return par; 958 } 959 960 /* 961 * set_key_s: 962 * Initialize a key and its string value. 963 * 964 * Parameter: 965 * state Negotiation state 966 * key The key 967 * val The value 968 */ 969 970 STATIC negotiation_parameter_t * 971 set_key_s(negotiation_state_t *state, text_key_t key, uint8_t *val) 972 { 973 negotiation_parameter_t *par; 974 975 if (state->num_pars >= MAX_NEG) { 976 DEBOUT(("set_key_s: num_pars (%d) >= MAX_NEG (%d)\n", 977 state->num_pars, MAX_NEG)); 978 return NULL; 979 } 980 par = &state->pars[state->num_pars]; 981 par->key = key; 982 par->list_num = 1; 983 par->val.sval = val; 984 state->num_pars++; 985 state->kflags[key] |= NS_SENT; 986 987 return par; 988 } 989 990 991 /*****************************************************************************/ 992 993 /* 994 * eval_parameter: 995 * Evaluate a received negotiation value. 996 * 997 * Parameter: 998 * conn The connection 999 * state The negotiation state 1000 * par The parameter 1001 * 1002 * Returns: 0 on success, else an ISCSI status value. 1003 */ 1004 1005 STATIC int 1006 eval_parameter(connection_t *conn, negotiation_state_t *state, 1007 negotiation_parameter_t *par) 1008 { 1009 uint32_t n = par->val.nval[0]; 1010 size_t sz; 1011 text_key_t key = par->key; 1012 bool sent = (state->kflags[key] & NS_SENT) != 0; 1013 1014 state->kflags[key] |= NS_RECEIVED; 1015 1016 switch (key) { 1017 /* 1018 * keys connected to security negotiation 1019 */ 1020 case K_AuthMethod: 1021 if (n) { 1022 DEBOUT(("eval_par: AuthMethod nonzero (%d)\n", n)); 1023 return ISCSI_STATUS_NEGOTIATION_ERROR; 1024 } 1025 break; 1026 1027 case K_Auth_CHAP_Algorithm: 1028 case K_Auth_CHAP_Challenge: 1029 case K_Auth_CHAP_Identifier: 1030 case K_Auth_CHAP_Name: 1031 case K_Auth_CHAP_Response: 1032 DEBOUT(("eval_par: Authorization Key in Operational Phase\n")); 1033 return ISCSI_STATUS_NEGOTIATION_ERROR; 1034 1035 /* 1036 * keys we always send 1037 */ 1038 case K_DataDigest: 1039 state->DataDigest = n; 1040 if (!sent) 1041 set_key_n(state, key, n); 1042 break; 1043 1044 case K_HeaderDigest: 1045 state->HeaderDigest = n; 1046 if (!sent) 1047 set_key_n(state, key, n); 1048 break; 1049 1050 case K_ErrorRecoveryLevel: 1051 state->ErrorRecoveryLevel = n; 1052 if (!sent) 1053 set_key_n(state, key, n); 1054 break; 1055 1056 case K_ImmediateData: 1057 state->ImmediateData = n; 1058 if (!sent) 1059 set_key_n(state, key, n); 1060 break; 1061 1062 case K_InitialR2T: 1063 state->InitialR2T = n; 1064 if (!sent) 1065 set_key_n(state, key, n); 1066 break; 1067 1068 case K_MaxRecvDataSegmentLength: 1069 state->MaxRecvDataSegmentLength = n; 1070 /* this is basically declarative, not negotiated */ 1071 /* (each side has its own value) */ 1072 break; 1073 1074 /* 1075 * keys we don't always send, so we may have to reflect the value 1076 */ 1077 case K_DefaultTime2Retain: 1078 state->DefaultTime2Retain = n = min(state->DefaultTime2Retain, n); 1079 if (!sent) 1080 set_key_n(state, key, n); 1081 break; 1082 1083 case K_DefaultTime2Wait: 1084 state->DefaultTime2Wait = n = min(state->DefaultTime2Wait, n); 1085 if (!sent) 1086 set_key_n(state, key, n); 1087 break; 1088 1089 case K_MaxConnections: 1090 if (state->MaxConnections) 1091 state->MaxConnections = n = min(state->MaxConnections, n); 1092 else 1093 state->MaxConnections = n; 1094 1095 if (!sent) 1096 set_key_n(state, key, n); 1097 break; 1098 1099 case K_MaxOutstandingR2T: 1100 state->MaxOutstandingR2T = n; 1101 if (!sent) 1102 set_key_n(state, key, n); 1103 break; 1104 1105 case K_FirstBurstLength: 1106 state->FirstBurstLength = n; 1107 if (!sent) 1108 set_key_n(state, key, n); 1109 break; 1110 1111 case K_MaxBurstLength: 1112 state->MaxBurstLength = n; 1113 if (!sent) 1114 set_key_n(state, key, n); 1115 break; 1116 1117 case K_IFMarker: 1118 case K_OFMarker: 1119 /* not (yet) supported */ 1120 if (!sent) 1121 set_key_n(state, key, 0); 1122 break; 1123 1124 case K_IFMarkInt: 1125 case K_OFMarkInt: 1126 /* it's a range, and list_num will be 1, so this will reply "Reject" */ 1127 if (!sent) 1128 set_key_n(state, key, 0); 1129 break; 1130 1131 case K_DataPDUInOrder: 1132 case K_DataSequenceInOrder: 1133 /* values are don't care */ 1134 if (!sent) 1135 set_key_n(state, key, n); 1136 break; 1137 1138 case K_NotUnderstood: 1139 /* return "NotUnderstood" */ 1140 set_key_s(state, key, par->val.sval); 1141 break; 1142 1143 /* 1144 * Declarative keys (no response required) 1145 */ 1146 case K_TargetAddress: 1147 /* ignore for now... */ 1148 break; 1149 1150 case K_TargetAlias: 1151 if (conn->login_par->is_present.TargetAlias) { 1152 copyoutstr(par->val.sval, conn->login_par->TargetAlias, 1153 ISCSI_STRING_LENGTH - 1, &sz); 1154 /* do anything with return code?? */ 1155 } 1156 break; 1157 1158 case K_TargetPortalGroupTag: 1159 /* ignore for now... */ 1160 break; 1161 1162 default: 1163 DEBOUT(("eval_par: Invalid parameter type %d\n", par->key)); 1164 return ISCSI_STATUS_NEGOTIATION_ERROR; 1165 } 1166 return 0; 1167 } 1168 1169 /*****************************************************************************/ 1170 1171 1172 /* 1173 * init_session_parameters: 1174 * Initialize session-related negotiation parameters from existing session 1175 * 1176 * Parameter: 1177 * sess The session 1178 * state The negotiation state 1179 */ 1180 1181 STATIC void 1182 init_session_parameters(session_t *sess, negotiation_state_t *state) 1183 { 1184 1185 state->ErrorRecoveryLevel = sess->ErrorRecoveryLevel; 1186 state->InitialR2T = sess->InitialR2T; 1187 state->ImmediateData = sess->ImmediateData; 1188 state->MaxConnections = sess->MaxConnections; 1189 state->DefaultTime2Wait = sess->DefaultTime2Wait; 1190 state->DefaultTime2Retain = sess->DefaultTime2Retain; 1191 state->MaxBurstLength = sess->MaxBurstLength; 1192 state->FirstBurstLength = sess->FirstBurstLength; 1193 state->MaxOutstandingR2T = sess->MaxOutstandingR2T; 1194 } 1195 1196 1197 1198 /* 1199 * assemble_login_parameters: 1200 * Assemble the initial login negotiation parameters. 1201 * 1202 * Parameter: 1203 * conn The connection 1204 * ccb The CCB for the login exchange 1205 * pdu The PDU to use for sending 1206 * 1207 * Returns: < 0 if more security negotiation is required 1208 * 0 if this is the last security negotiation block 1209 * > 0 (an ISCSI error code) if an error occurred. 1210 */ 1211 1212 int 1213 assemble_login_parameters(connection_t *conn, ccb_t *ccb, pdu_t *pdu) 1214 { 1215 iscsi_login_parameters_t *par = conn->login_par; 1216 size_t sz; 1217 int rc, i, next; 1218 negotiation_state_t *state; 1219 negotiation_parameter_t *cpar; 1220 1221 state = malloc(sizeof(*state), M_TEMP, M_WAITOK | M_ZERO); 1222 if (state == NULL) { 1223 DEBOUT(("*** Out of memory in assemble_login_params\n")); 1224 return ISCSI_STATUS_NO_RESOURCES; 1225 } 1226 ccb->temp_data = state; 1227 1228 if (!InitiatorName[0]) { 1229 DEBOUT(("No InitiatorName\n")); 1230 return ISCSI_STATUS_PARAMETER_MISSING; 1231 } 1232 set_key_s(state, K_InitiatorName, InitiatorName); 1233 1234 if (InitiatorAlias[0]) 1235 set_key_s(state, K_InitiatorAlias, InitiatorAlias); 1236 1237 conn->Our_MaxRecvDataSegmentLength = 1238 (par->is_present.MaxRecvDataSegmentLength) 1239 ? par->MaxRecvDataSegmentLength : DEFAULT_MaxRecvDataSegmentLength; 1240 1241 /* setup some values for authentication */ 1242 if (par->is_present.password) 1243 copyinstr(par->password, state->password, MAX_STRING, &sz); 1244 if (par->is_present.target_password) 1245 copyinstr(par->target_password, state->target_password, 1246 MAX_STRING, &sz); 1247 if (par->is_present.user_name) 1248 copyinstr(par->user_name, state->user_name, MAX_STRING, &sz); 1249 else 1250 strlcpy(state->user_name, InitiatorName, 1251 sizeof(state->user_name)); 1252 1253 next = TRUE; 1254 1255 set_key_n(state, K_SessionType, 1256 par->login_type > ISCSI_LOGINTYPE_DISCOVERY); 1257 1258 cpar = set_key_n(state, K_AuthMethod, ISCSI_AUTH_None); 1259 1260 if (cpar != NULL && par->is_present.auth_info && 1261 par->auth_info.auth_number > 0) { 1262 if (par->auth_info.auth_number > ISCSI_AUTH_OPTIONS) { 1263 DEBOUT(("Auth number too big in asm_login\n")); 1264 return ISCSI_STATUS_PARAMETER_INVALID; 1265 } 1266 cpar->list_num = par->auth_info.auth_number; 1267 for (i = 0; i < cpar->list_num; i++) { 1268 cpar->val.nval[i] = par->auth_info.auth_type[i]; 1269 if (par->auth_info.auth_type[i]) 1270 next = FALSE; 1271 } 1272 } 1273 1274 if (par->is_present.TargetName) 1275 copyinstr(par->TargetName, state->temp_buf, ISCSI_STRING_LENGTH - 1, 1276 &sz); 1277 else { 1278 state->temp_buf[0] = 0; 1279 sz = 0; 1280 } 1281 1282 if ((!sz || !state->temp_buf[0]) && 1283 par->login_type != ISCSI_LOGINTYPE_DISCOVERY) { 1284 DEBOUT(("No TargetName\n")); 1285 return ISCSI_STATUS_PARAMETER_MISSING; 1286 } 1287 1288 if (state->temp_buf[0]) { 1289 set_key_s(state, K_TargetName, state->temp_buf); 1290 } 1291 1292 if ((rc = complete_pars(state, pdu)) != 0) 1293 return rc; 1294 1295 return (next) ? 0 : -1; 1296 } 1297 1298 1299 /* 1300 * assemble_security_parameters: 1301 * Assemble the security negotiation parameters. 1302 * 1303 * Parameter: 1304 * conn The connection 1305 * rx_pdu The received login response PDU 1306 * tx_pdu The transmit PDU 1307 * 1308 * Returns: < 0 if more security negotiation is required 1309 * 0 if this is the last security negotiation block 1310 * > 0 (an ISCSI error code) if an error occurred. 1311 */ 1312 1313 int 1314 assemble_security_parameters(connection_t *conn, ccb_t *ccb, pdu_t *rx_pdu, 1315 pdu_t *tx_pdu) 1316 { 1317 negotiation_state_t *state = (negotiation_state_t *) ccb->temp_data; 1318 iscsi_login_parameters_t *par = conn->login_par; 1319 negotiation_parameter_t rxp, *cpar; 1320 uint8_t *rxpars; 1321 int rc, next; 1322 uint8_t identifier = 0; 1323 uint8_t *challenge = NULL; 1324 int challenge_size = 0; 1325 uint8_t *response = NULL; 1326 int response_size = 0; 1327 1328 state->num_pars = 0; 1329 next = 0; 1330 1331 rxpars = (uint8_t *) rx_pdu->temp_data; 1332 if (rxpars == NULL) { 1333 DEBOUT(("No received parameters!\n")); 1334 return ISCSI_STATUS_NEGOTIATION_ERROR; 1335 } 1336 /* Note: There are always at least 2 extra bytes past temp_data_len */ 1337 rxpars[rx_pdu->temp_data_len] = '\0'; 1338 rxpars[rx_pdu->temp_data_len + 1] = '\0'; 1339 1340 while (*rxpars) { 1341 if ((rxpars = get_parameter(rxpars, &rxp)) == NULL) { 1342 DEBOUT(("get_parameter returned error\n")); 1343 return ISCSI_STATUS_NEGOTIATION_ERROR; 1344 } 1345 1346 state->kflags[rxp.key] |= NS_RECEIVED; 1347 1348 switch (rxp.key) { 1349 case K_AuthMethod: 1350 if (state->auth_state != AUTH_INITIAL) { 1351 DEBOUT(("AuthMethod received, auth_state = %d\n", 1352 state->auth_state)); 1353 return ISCSI_STATUS_NEGOTIATION_ERROR; 1354 } 1355 1356 /* Note: if the selection is None, we shouldn't be here, 1357 * the target should have transited the state to op-neg. 1358 */ 1359 if (rxp.val.nval[0] != ISCSI_AUTH_CHAP) { 1360 DEBOUT(("AuthMethod isn't CHAP (%d)\n", rxp.val.nval[0])); 1361 return ISCSI_STATUS_NEGOTIATION_ERROR; 1362 } 1363 1364 state->auth_state = AUTH_METHOD_SELECTED; 1365 state->auth_alg = rxp.val.nval[0]; 1366 break; 1367 1368 case K_Auth_CHAP_Algorithm: 1369 if (state->auth_state != AUTH_CHAP_ALG_SENT || 1370 rxp.val.nval[0] != 5) { 1371 DEBOUT(("Bad algorithm, auth_state = %d, alg %d\n", 1372 state->auth_state, rxp.val.nval[0])); 1373 return ISCSI_STATUS_NEGOTIATION_ERROR; 1374 } 1375 break; 1376 1377 case K_Auth_CHAP_Challenge: 1378 if (state->auth_state != AUTH_CHAP_ALG_SENT || !rxp.list_num) { 1379 DEBOUT(("Bad Challenge, auth_state = %d, len %d\n", 1380 state->auth_state, rxp.list_num)); 1381 return ISCSI_STATUS_NEGOTIATION_ERROR; 1382 } 1383 challenge = rxp.val.sval; 1384 challenge_size = rxp.list_num; 1385 break; 1386 1387 case K_Auth_CHAP_Identifier: 1388 if (state->auth_state != AUTH_CHAP_ALG_SENT) { 1389 DEBOUT(("Bad ID, auth_state = %d, id %d\n", 1390 state->auth_state, rxp.val.nval[0])); 1391 return ISCSI_STATUS_NEGOTIATION_ERROR; 1392 } 1393 identifier = (uint8_t) rxp.val.nval[0]; 1394 break; 1395 1396 case K_Auth_CHAP_Name: 1397 if (state->auth_state != AUTH_CHAP_RSP_SENT) { 1398 DEBOUT(("Bad Name, auth_state = %d, name <%s>\n", 1399 state->auth_state, rxp.val.sval)); 1400 return ISCSI_STATUS_NEGOTIATION_ERROR; 1401 } 1402 /* what do we do with the name?? */ 1403 break; 1404 1405 case K_Auth_CHAP_Response: 1406 if (state->auth_state != AUTH_CHAP_RSP_SENT) { 1407 DEBOUT(("Bad Response, auth_state = %d, size %d\n", 1408 state->auth_state, rxp.list_num)); 1409 return ISCSI_STATUS_NEGOTIATION_ERROR; 1410 } 1411 response = rxp.val.sval; 1412 response_size = rxp.list_num; 1413 if (response_size != CHAP_MD5_SIZE) 1414 return ISCSI_STATUS_NEGOTIATION_ERROR; 1415 break; 1416 1417 default: 1418 rc = eval_parameter(conn, state, &rxp); 1419 if (rc) 1420 return rc; 1421 break; 1422 } 1423 } 1424 1425 switch (state->auth_state) { 1426 case AUTH_INITIAL: 1427 DEBOUT(("Didn't receive Method\n")); 1428 return ISCSI_STATUS_NEGOTIATION_ERROR; 1429 1430 case AUTH_METHOD_SELECTED: 1431 set_key_n(state, K_Auth_CHAP_Algorithm, 5); 1432 state->auth_state = AUTH_CHAP_ALG_SENT; 1433 next = -1; 1434 break; 1435 1436 case AUTH_CHAP_ALG_SENT: 1437 if (!RX(state, K_Auth_CHAP_Algorithm) || 1438 !RX(state, K_Auth_CHAP_Identifier) || 1439 !RX(state, K_Auth_CHAP_Challenge)) { 1440 DEBOUT(("Didn't receive all parameters\n")); 1441 return ISCSI_STATUS_NEGOTIATION_ERROR; 1442 } 1443 1444 set_key_s(state, K_Auth_CHAP_Name, state->user_name); 1445 1446 chap_md5_response(state->temp_buf, identifier, state->password, 1447 challenge, challenge_size); 1448 1449 cpar = set_key_s(state, K_Auth_CHAP_Response, state->temp_buf); 1450 if (cpar != NULL) 1451 cpar->list_num = CHAP_MD5_SIZE; 1452 1453 if (par->auth_info.mutual_auth) { 1454 if (!state->target_password[0]) { 1455 DEBOUT(("No target password with mutual authentication!\n")); 1456 return ISCSI_STATUS_PARAMETER_MISSING; 1457 } 1458 1459 GEN_RAND(&state->temp_buf[CHAP_MD5_SIZE], CHAP_CHALLENGE_LEN + 1); 1460 set_key_n(state, K_Auth_CHAP_Identifier, 1461 state->temp_buf[CHAP_MD5_SIZE]); 1462 cpar = set_key_s(state, K_Auth_CHAP_Challenge, 1463 &state->temp_buf[CHAP_MD5_SIZE + 1]); 1464 if (cpar != NULL) 1465 cpar->list_num = CHAP_CHALLENGE_LEN; 1466 next = -1; 1467 } 1468 state->auth_state = AUTH_CHAP_RSP_SENT; 1469 break; 1470 1471 case AUTH_CHAP_RSP_SENT: 1472 /* we can only be here for mutual authentication */ 1473 if (!par->auth_info.mutual_auth || response == NULL) { 1474 DEBOUT(("Mutual authentication not requested\n")); 1475 return ISCSI_STATUS_NEGOTIATION_ERROR; 1476 } 1477 1478 chap_md5_response(state->temp_buf, 1479 state->temp_buf[CHAP_MD5_SIZE], 1480 state->password, 1481 &state->temp_buf[CHAP_MD5_SIZE + 1], 1482 CHAP_CHALLENGE_LEN); 1483 1484 if (memcmp(state->temp_buf, response, response_size)) { 1485 DEBOUT(("Mutual authentication mismatch\n")); 1486 return ISCSI_STATUS_AUTHENTICATION_FAILED; 1487 } 1488 break; 1489 1490 default: 1491 break; 1492 } 1493 1494 complete_pars(state, tx_pdu); 1495 1496 return next; 1497 } 1498 1499 1500 /* 1501 * set_first_opnegs: 1502 * Set the operational negotiation parameters we want to negotiate in 1503 * the first login request in op_neg phase. 1504 * 1505 * Parameter: 1506 * conn The connection 1507 * state Negotiation state 1508 */ 1509 1510 STATIC void 1511 set_first_opnegs(connection_t *conn, negotiation_state_t *state) 1512 { 1513 iscsi_login_parameters_t *lpar = conn->login_par; 1514 negotiation_parameter_t *cpar; 1515 1516 /* Digests - suggest None,CRC32C unless the user forces a value */ 1517 cpar = set_key_n(state, K_HeaderDigest, 1518 (lpar->is_present.HeaderDigest) ? lpar->HeaderDigest : 0); 1519 if (cpar != NULL && !lpar->is_present.HeaderDigest) { 1520 cpar->list_num = 2; 1521 cpar->val.nval[1] = 1; 1522 } 1523 1524 cpar = set_key_n(state, K_DataDigest, (lpar->is_present.DataDigest) 1525 ? lpar->DataDigest : 0); 1526 if (cpar != NULL && !lpar->is_present.DataDigest) { 1527 cpar->list_num = 2; 1528 cpar->val.nval[1] = 1; 1529 } 1530 1531 set_key_n(state, K_MaxRecvDataSegmentLength, 1532 conn->Our_MaxRecvDataSegmentLength); 1533 /* This is direction-specific, we may have a different default */ 1534 state->MaxRecvDataSegmentLength = 1535 entries[K_MaxRecvDataSegmentLength].defval; 1536 1537 /* First connection only */ 1538 if (!conn->session->TSIH) { 1539 state->ErrorRecoveryLevel = 1540 (lpar->is_present.ErrorRecoveryLevel) ? lpar->ErrorRecoveryLevel 1541 : 2; 1542 /* 1543 Negotiate InitialR2T to FALSE and ImmediateData to TRUE, should 1544 be slightly more efficient than the default InitialR2T=TRUE. 1545 */ 1546 state->InitialR2T = FALSE; 1547 state->ImmediateData = TRUE; 1548 1549 /* We don't really care about this, so don't negotiate by default */ 1550 state->MaxBurstLength = entries[K_MaxBurstLength].defval; 1551 state->FirstBurstLength = entries[K_FirstBurstLength].defval; 1552 state->MaxOutstandingR2T = entries[K_MaxOutstandingR2T].defval; 1553 1554 #ifdef ISCSI_TEST_MODE 1555 if (conn->test_pars != NULL) { 1556 test_pars_t *tp = conn->test_pars; 1557 1558 if (tp->options & ISCSITEST_OVERRIDE_INITIALR2T) 1559 state->InitialR2T = TRUE; 1560 if (tp->options & ISCSITEST_OVERRIDE_IMMDATA) 1561 state->ImmediateData = FALSE; 1562 1563 if (tp->options & ISCSITEST_NEGOTIATE_MAXBURST) { 1564 state->MaxBurstLength = tp->maxburst_val; 1565 set_key_n(state, K_MaxBurstLength, state->MaxBurstLength); 1566 } 1567 if (tp->options & ISCSITEST_NEGOTIATE_FIRSTBURST) { 1568 state->FirstBurstLength = tp->firstburst_val; 1569 set_key_n(state, K_FirstBurstLength, state->FirstBurstLength); 1570 } 1571 if (tp->options & ISCSITEST_NEGOTIATE_R2T) { 1572 state->MaxOutstandingR2T = tp->r2t_val; 1573 set_key_n(state, K_MaxOutstandingR2T, state->MaxOutstandingR2T); 1574 } 1575 } 1576 #endif 1577 1578 set_key_n(state, K_ErrorRecoveryLevel, state->ErrorRecoveryLevel); 1579 set_key_n(state, K_InitialR2T, state->InitialR2T); 1580 set_key_n(state, K_ImmediateData, state->ImmediateData); 1581 1582 if (lpar->is_present.MaxConnections) { 1583 state->MaxConnections = lpar->MaxConnections; 1584 set_key_n(state, K_MaxConnections, lpar->MaxConnections); 1585 } 1586 1587 if (lpar->is_present.DefaultTime2Wait) 1588 set_key_n(state, K_DefaultTime2Wait, lpar->DefaultTime2Wait); 1589 else 1590 state->DefaultTime2Wait = entries[K_DefaultTime2Wait].defval; 1591 1592 if (lpar->is_present.DefaultTime2Retain) 1593 set_key_n(state, K_DefaultTime2Retain, lpar->DefaultTime2Retain); 1594 else 1595 state->DefaultTime2Retain = entries[K_DefaultTime2Retain].defval; 1596 } else 1597 init_session_parameters(conn->session, state); 1598 1599 DEBC(conn, 10, ("SetFirstOpnegs: recover=%d, MRDSL=%d\n", 1600 conn->recover, state->MaxRecvDataSegmentLength)); 1601 } 1602 1603 1604 /* 1605 * assemble_negotiation_parameters: 1606 * Assemble any negotiation parameters requested by the other side. 1607 * 1608 * Parameter: 1609 * conn The connection 1610 * ccb The login ccb 1611 * rx_pdu The received login response PDU 1612 * tx_pdu The transmit PDU 1613 * 1614 * Returns: 0 On success 1615 * > 0 (an ISCSI error code) if an error occurred. 1616 */ 1617 1618 int 1619 assemble_negotiation_parameters(connection_t *conn, ccb_t *ccb, pdu_t *rx_pdu, 1620 pdu_t *tx_pdu) 1621 { 1622 negotiation_state_t *state = (negotiation_state_t *) ccb->temp_data; 1623 negotiation_parameter_t rxp; 1624 uint8_t *rxpars; 1625 int rc; 1626 1627 state->num_pars = 0; 1628 1629 DEBC(conn, 10, ("AsmNegParams: connState=%d, MRDSL=%d\n", 1630 conn->state, state->MaxRecvDataSegmentLength)); 1631 1632 if (conn->state == ST_SEC_NEG) { 1633 conn->state = ST_OP_NEG; 1634 set_first_opnegs(conn, state); 1635 } 1636 1637 rxpars = (uint8_t *) rx_pdu->temp_data; 1638 if (rxpars != NULL) { 1639 /* Note: There are always at least 2 extra bytes past temp_data_len */ 1640 rxpars[rx_pdu->temp_data_len] = '\0'; 1641 rxpars[rx_pdu->temp_data_len + 1] = '\0'; 1642 1643 while (*rxpars) { 1644 if ((rxpars = get_parameter(rxpars, &rxp)) == NULL) 1645 return ISCSI_STATUS_NEGOTIATION_ERROR; 1646 1647 rc = eval_parameter(conn, state, &rxp); 1648 if (rc) 1649 return rc; 1650 } 1651 } 1652 1653 if (tx_pdu == NULL) 1654 return 0; 1655 1656 complete_pars(state, tx_pdu); 1657 1658 return 0; 1659 } 1660 1661 /* 1662 * init_text_parameters: 1663 * Initialize text negotiation. 1664 * 1665 * Parameter: 1666 * conn The connection 1667 * tx_pdu The transmit PDU 1668 * 1669 * Returns: 0 On success 1670 * > 0 (an ISCSI error code) if an error occurred. 1671 */ 1672 1673 int 1674 init_text_parameters(connection_t *conn, ccb_t *ccb) 1675 { 1676 negotiation_state_t *state; 1677 1678 state = malloc(sizeof(*state), M_TEMP, M_WAITOK | M_ZERO); 1679 if (state == NULL) { 1680 DEBOUT(("*** Out of memory in init_text_params\n")); 1681 return ISCSI_STATUS_NO_RESOURCES; 1682 } 1683 ccb->temp_data = state; 1684 1685 state->HeaderDigest = conn->HeaderDigest; 1686 state->DataDigest = conn->DataDigest; 1687 state->MaxRecvDataSegmentLength = conn->MaxRecvDataSegmentLength; 1688 init_session_parameters(conn->session, state); 1689 1690 return 0; 1691 } 1692 1693 1694 /* 1695 * assemble_send_targets: 1696 * Assemble send targets request 1697 * 1698 * Parameter: 1699 * pdu The transmit PDU 1700 * val The SendTargets key value 1701 * 1702 * Returns: 0 On success 1703 * > 0 (an ISCSI error code) if an error occurred. 1704 */ 1705 1706 int 1707 assemble_send_targets(pdu_t *pdu, uint8_t *val) 1708 { 1709 negotiation_parameter_t par; 1710 uint8_t *buf; 1711 int len; 1712 1713 par.key = K_SendTargets; 1714 par.list_num = 1; 1715 par.val.sval = val; 1716 1717 len = parameter_size(&par); 1718 1719 if ((buf = malloc(len, M_TEMP, M_WAITOK)) == NULL) { 1720 DEBOUT(("*** Out of memory in assemble_send_targets\n")); 1721 return ISCSI_STATUS_NO_RESOURCES; 1722 } 1723 pdu->temp_data = buf; 1724 pdu->temp_data_len = len; 1725 1726 if (put_parameter(buf, len, &par) == 0) 1727 return ISCSI_STATUS_PARAMETER_INVALID; 1728 1729 return 0; 1730 } 1731 1732 1733 /* 1734 * set_negotiated_parameters: 1735 * Copy the negotiated parameters into the connection and session structure. 1736 * 1737 * Parameter: 1738 * ccb The ccb containing the state information 1739 */ 1740 1741 void 1742 set_negotiated_parameters(ccb_t *ccb) 1743 { 1744 negotiation_state_t *state = (negotiation_state_t *) ccb->temp_data; 1745 connection_t *conn = ccb->connection; 1746 session_t *sess = ccb->session; 1747 1748 conn->HeaderDigest = state->HeaderDigest; 1749 conn->DataDigest = state->DataDigest; 1750 sess->ErrorRecoveryLevel = state->ErrorRecoveryLevel; 1751 sess->InitialR2T = state->InitialR2T; 1752 sess->ImmediateData = state->ImmediateData; 1753 conn->MaxRecvDataSegmentLength = state->MaxRecvDataSegmentLength; 1754 sess->MaxConnections = state->MaxConnections; 1755 sess->DefaultTime2Wait = conn->Time2Wait = state->DefaultTime2Wait; 1756 sess->DefaultTime2Retain = conn->Time2Retain = 1757 state->DefaultTime2Retain; 1758 1759 /* set idle connection timeout to half the Time2Retain window so we */ 1760 /* don't miss it, unless Time2Retain is ridiculously small. */ 1761 conn->idle_timeout_val = (conn->Time2Retain >= 10) ? 1762 (conn->Time2Retain / 2) * hz : CONNECTION_IDLE_TIMEOUT; 1763 1764 sess->MaxBurstLength = state->MaxBurstLength; 1765 sess->FirstBurstLength = state->FirstBurstLength; 1766 sess->MaxOutstandingR2T = state->MaxOutstandingR2T; 1767 1768 DEBC(conn, 10,("SetNegPar: MRDSL=%d, MBL=%d, FBL=%d, IR2T=%d, ImD=%d\n", 1769 state->MaxRecvDataSegmentLength, state->MaxBurstLength, 1770 state->FirstBurstLength, state->InitialR2T, 1771 state->ImmediateData)); 1772 1773 conn->max_transfer = min(sess->MaxBurstLength, 1774 conn->MaxRecvDataSegmentLength); 1775 1776 conn->max_firstimmed = (!sess->ImmediateData) ? 0 : 1777 min(sess->FirstBurstLength, conn->max_transfer); 1778 1779 conn->max_firstdata = (sess->InitialR2T) ? 0 : sess->FirstBurstLength; 1780 } 1781