1*2314Smcneal /* 2*2314Smcneal * CDDL HEADER START 3*2314Smcneal * 4*2314Smcneal * The contents of this file are subject to the terms of the 5*2314Smcneal * Common Development and Distribution License (the "License"). 6*2314Smcneal * You may not use this file except in compliance with the License. 7*2314Smcneal * 8*2314Smcneal * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*2314Smcneal * or http://www.opensolaris.org/os/licensing. 10*2314Smcneal * See the License for the specific language governing permissions 11*2314Smcneal * and limitations under the License. 12*2314Smcneal * 13*2314Smcneal * When distributing Covered Code, include this CDDL HEADER in each 14*2314Smcneal * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*2314Smcneal * If applicable, add the following below this CDDL HEADER, with the 16*2314Smcneal * fields enclosed by brackets "[]" replaced with your own identifying 17*2314Smcneal * information: Portions Copyright [yyyy] [name of copyright owner] 18*2314Smcneal * 19*2314Smcneal * CDDL HEADER END 20*2314Smcneal */ 21*2314Smcneal /* 22*2314Smcneal * Copyright 2000 by Cisco Systems, Inc. All rights reserved. 23*2314Smcneal * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 24*2314Smcneal * Use is subject to license terms. 25*2314Smcneal */ 26*2314Smcneal 27*2314Smcneal #ifndef _ISCSI_AUTHCLIENT_H 28*2314Smcneal #define _ISCSI_AUTHCLIENT_H 29*2314Smcneal 30*2314Smcneal #pragma ident "%Z%%M% %I% %E% SMI" 31*2314Smcneal 32*2314Smcneal /* 33*2314Smcneal * This file is the include file for for iscsiAuthClient.c 34*2314Smcneal */ 35*2314Smcneal 36*2314Smcneal #ifdef __cplusplus 37*2314Smcneal extern "C" { 38*2314Smcneal #endif 39*2314Smcneal 40*2314Smcneal enum { iscsiAuthStringMaxLength = 256 }; 41*2314Smcneal enum { iscsiAuthStringBlockMaxLength = 1024 }; 42*2314Smcneal enum { iscsiAuthLargeBinaryMaxLength = 1024 }; 43*2314Smcneal 44*2314Smcneal enum { iscsiAuthRecvEndMaxCount = 10 }; 45*2314Smcneal 46*2314Smcneal enum { iscsiAuthClientSignature = 0x5984B2E3 }; 47*2314Smcneal 48*2314Smcneal enum { iscsiAuthChapResponseLength = 16 }; 49*2314Smcneal 50*2314Smcneal /* 51*2314Smcneal * Note: The ordering of these values are chosen to match 52*2314Smcneal * the ordering of the keys as shown in the iSCSI spec. 53*2314Smcneal * The table IscsiAuthClientKeyInfo in iscsiAuthClient.c 54*2314Smcneal * must also match this order. 55*2314Smcneal */ 56*2314Smcneal enum iscsiAuthKeyType_t { 57*2314Smcneal iscsiAuthKeyTypeNone = -1, 58*2314Smcneal iscsiAuthKeyTypeFirst = 0, 59*2314Smcneal iscsiAuthKeyTypeAuthMethod = iscsiAuthKeyTypeFirst, 60*2314Smcneal iscsiAuthKeyTypeChapAlgorithm, 61*2314Smcneal iscsiAuthKeyTypeChapUsername, 62*2314Smcneal iscsiAuthKeyTypeChapResponse, 63*2314Smcneal iscsiAuthKeyTypeChapIdentifier, 64*2314Smcneal iscsiAuthKeyTypeChapChallenge, 65*2314Smcneal iscsiAuthKeyTypeMaxCount, 66*2314Smcneal iscsiAuthKeyTypeLast = iscsiAuthKeyTypeMaxCount - 1 67*2314Smcneal }; 68*2314Smcneal typedef enum iscsiAuthKeyType_t IscsiAuthKeyType; 69*2314Smcneal 70*2314Smcneal enum { 71*2314Smcneal /* 72*2314Smcneal * Common options for all keys. 73*2314Smcneal */ 74*2314Smcneal iscsiAuthOptionReject = -2, 75*2314Smcneal iscsiAuthOptionNotPresent = -1, 76*2314Smcneal iscsiAuthOptionNone = 1, 77*2314Smcneal 78*2314Smcneal iscsiAuthMethodChap = 2, 79*2314Smcneal iscsiAuthMethodMaxCount = 2, 80*2314Smcneal 81*2314Smcneal iscsiAuthChapAlgorithmMd5 = 5, 82*2314Smcneal iscsiAuthChapAlgorithmMaxCount = 2 83*2314Smcneal }; 84*2314Smcneal 85*2314Smcneal enum iscsiAuthNegRole_t { 86*2314Smcneal iscsiAuthNegRoleOriginator = 1, 87*2314Smcneal iscsiAuthNegRoleResponder = 2 88*2314Smcneal }; 89*2314Smcneal typedef enum iscsiAuthNegRole_t IscsiAuthNegRole; 90*2314Smcneal 91*2314Smcneal /* 92*2314Smcneal * Note: These values are chosen to map to the values sent 93*2314Smcneal * in the iSCSI header. 94*2314Smcneal */ 95*2314Smcneal enum iscsiAuthVersion_t { 96*2314Smcneal iscsiAuthVersionDraft8 = 2, 97*2314Smcneal iscsiAuthVersionRfc = 0 98*2314Smcneal }; 99*2314Smcneal typedef enum iscsiAuthVersion_t IscsiAuthVersion; 100*2314Smcneal 101*2314Smcneal enum iscsiAuthStatus_t { 102*2314Smcneal iscsiAuthStatusNoError = 0, 103*2314Smcneal iscsiAuthStatusError, 104*2314Smcneal iscsiAuthStatusPass, 105*2314Smcneal iscsiAuthStatusFail, 106*2314Smcneal iscsiAuthStatusContinue, 107*2314Smcneal iscsiAuthStatusInProgress 108*2314Smcneal }; 109*2314Smcneal typedef enum iscsiAuthStatus_t IscsiAuthStatus; 110*2314Smcneal 111*2314Smcneal enum iscsiAuthDebugStatus_t { 112*2314Smcneal iscsiAuthDebugStatusNotSet = 0, 113*2314Smcneal 114*2314Smcneal iscsiAuthDebugStatusAuthPass, 115*2314Smcneal iscsiAuthDebugStatusAuthRemoteFalse, 116*2314Smcneal 117*2314Smcneal iscsiAuthDebugStatusAuthFail, 118*2314Smcneal 119*2314Smcneal iscsiAuthDebugStatusAuthMethodBad, 120*2314Smcneal iscsiAuthDebugStatusChapAlgorithmBad, 121*2314Smcneal iscsiAuthDebugStatusPasswordDecryptFailed, 122*2314Smcneal iscsiAuthDebugStatusPasswordTooShortWithNoIpSec, 123*2314Smcneal iscsiAuthDebugStatusAuthServerError, 124*2314Smcneal iscsiAuthDebugStatusAuthStatusBad, 125*2314Smcneal iscsiAuthDebugStatusAuthPassNotValid, 126*2314Smcneal iscsiAuthDebugStatusSendDuplicateSetKeyValue, 127*2314Smcneal iscsiAuthDebugStatusSendStringTooLong, 128*2314Smcneal iscsiAuthDebugStatusSendTooMuchData, 129*2314Smcneal 130*2314Smcneal iscsiAuthDebugStatusAuthMethodExpected, 131*2314Smcneal iscsiAuthDebugStatusChapAlgorithmExpected, 132*2314Smcneal iscsiAuthDebugStatusChapIdentifierExpected, 133*2314Smcneal iscsiAuthDebugStatusChapChallengeExpected, 134*2314Smcneal iscsiAuthDebugStatusChapResponseExpected, 135*2314Smcneal iscsiAuthDebugStatusChapUsernameExpected, 136*2314Smcneal 137*2314Smcneal iscsiAuthDebugStatusAuthMethodNotPresent, 138*2314Smcneal iscsiAuthDebugStatusAuthMethodReject, 139*2314Smcneal iscsiAuthDebugStatusAuthMethodNone, 140*2314Smcneal iscsiAuthDebugStatusChapAlgorithmReject, 141*2314Smcneal iscsiAuthDebugStatusChapChallengeReflected, 142*2314Smcneal iscsiAuthDebugStatusPasswordIdentical, 143*2314Smcneal 144*2314Smcneal iscsiAuthDebugStatusLocalPasswordNotSet, 145*2314Smcneal 146*2314Smcneal iscsiAuthDebugStatusChapIdentifierBad, 147*2314Smcneal iscsiAuthDebugStatusChapChallengeBad, 148*2314Smcneal iscsiAuthDebugStatusChapResponseBad, 149*2314Smcneal iscsiAuthDebugStatusUnexpectedKeyPresent, 150*2314Smcneal iscsiAuthDebugStatusTbitSetIllegal, 151*2314Smcneal iscsiAuthDebugStatusTbitSetPremature, 152*2314Smcneal 153*2314Smcneal iscsiAuthDebugStatusRecvMessageCountLimit, 154*2314Smcneal iscsiAuthDebugStatusRecvDuplicateSetKeyValue, 155*2314Smcneal iscsiAuthDebugStatusRecvStringTooLong, 156*2314Smcneal iscsiAuthDebugStatusRecvTooMuchData 157*2314Smcneal }; 158*2314Smcneal typedef enum iscsiAuthDebugStatus_t IscsiAuthDebugStatus; 159*2314Smcneal 160*2314Smcneal enum iscsiAuthNodeType_t { 161*2314Smcneal iscsiAuthNodeTypeInitiator = 1, 162*2314Smcneal iscsiAuthNodeTypeTarget = 2 163*2314Smcneal }; 164*2314Smcneal typedef enum iscsiAuthNodeType_t IscsiAuthNodeType; 165*2314Smcneal 166*2314Smcneal enum iscsiAuthPhase_t { 167*2314Smcneal iscsiAuthPhaseConfigure = 1, 168*2314Smcneal iscsiAuthPhaseNegotiate, /* Negotiating */ 169*2314Smcneal iscsiAuthPhaseAuthenticate, /* Authenticating */ 170*2314Smcneal iscsiAuthPhaseDone, /* Authentication done */ 171*2314Smcneal iscsiAuthPhaseError 172*2314Smcneal }; 173*2314Smcneal typedef enum iscsiAuthPhase_t IscsiAuthPhase; 174*2314Smcneal 175*2314Smcneal enum iscsiAuthLocalState_t { 176*2314Smcneal iscsiAuthLocalStateSendAlgorithm = 1, 177*2314Smcneal iscsiAuthLocalStateRecvAlgorithm, 178*2314Smcneal iscsiAuthLocalStateRecvChallenge, 179*2314Smcneal iscsiAuthLocalStateDone, 180*2314Smcneal iscsiAuthLocalStateError 181*2314Smcneal }; 182*2314Smcneal typedef enum iscsiAuthLocalState_t IscsiAuthLocalState; 183*2314Smcneal 184*2314Smcneal enum iscsiAuthRemoteState_t { 185*2314Smcneal iscsiAuthRemoteStateSendAlgorithm = 1, 186*2314Smcneal iscsiAuthRemoteStateSendChallenge, 187*2314Smcneal iscsiAuthRemoteStateRecvResponse, 188*2314Smcneal iscsiAuthRemoteStateAuthRequest, 189*2314Smcneal iscsiAuthRemoteStateDone, 190*2314Smcneal iscsiAuthRemoteStateError 191*2314Smcneal }; 192*2314Smcneal typedef enum iscsiAuthRemoteState_t IscsiAuthRemoteState; 193*2314Smcneal 194*2314Smcneal 195*2314Smcneal typedef void IscsiAuthClientCallback(void *, void *, int); 196*2314Smcneal 197*2314Smcneal 198*2314Smcneal struct iscsiAuthClientGlobalStats_t { 199*2314Smcneal unsigned long requestSent; 200*2314Smcneal unsigned long responseReceived; 201*2314Smcneal }; 202*2314Smcneal typedef struct iscsiAuthClientGlobalStats_t IscsiAuthClientGlobalStats; 203*2314Smcneal 204*2314Smcneal struct iscsiAuthBufferDesc_t { 205*2314Smcneal unsigned int length; 206*2314Smcneal void *address; 207*2314Smcneal }; 208*2314Smcneal typedef struct iscsiAuthBufferDesc_t IscsiAuthBufferDesc; 209*2314Smcneal 210*2314Smcneal struct iscsiAuthKey_t { 211*2314Smcneal unsigned int present:1; 212*2314Smcneal unsigned int processed:1; 213*2314Smcneal unsigned int valueSet:1; /* 1 if the value is set to be valid */ 214*2314Smcneal char *string; 215*2314Smcneal }; 216*2314Smcneal typedef struct iscsiAuthKey_t IscsiAuthKey; 217*2314Smcneal 218*2314Smcneal struct iscsiAuthLargeBinaryKey_t { 219*2314Smcneal unsigned int length; 220*2314Smcneal unsigned char *largeBinary; 221*2314Smcneal }; 222*2314Smcneal typedef struct iscsiAuthLargeBinaryKey_t IscsiAuthLargeBinaryKey; 223*2314Smcneal 224*2314Smcneal struct iscsiAuthKeyBlock_t { 225*2314Smcneal unsigned int transitBit:1; /* To transit: TRUE or FALSE */ 226*2314Smcneal unsigned int duplicateSet:1; /* Set the value more than once */ 227*2314Smcneal unsigned int stringTooLong:1; /* Key value too long */ 228*2314Smcneal unsigned int tooMuchData:1; /* The keypair data blk overflows */ 229*2314Smcneal unsigned int blockLength:16; /* The length of the keypair data blk */ 230*2314Smcneal char *stringBlock; 231*2314Smcneal IscsiAuthKey key[iscsiAuthKeyTypeMaxCount]; 232*2314Smcneal }; 233*2314Smcneal typedef struct iscsiAuthKeyBlock_t IscsiAuthKeyBlock; 234*2314Smcneal 235*2314Smcneal struct iscsiAuthStringBlock_t { 236*2314Smcneal char stringBlock[iscsiAuthStringBlockMaxLength]; 237*2314Smcneal }; 238*2314Smcneal typedef struct iscsiAuthStringBlock_t IscsiAuthStringBlock; 239*2314Smcneal 240*2314Smcneal struct iscsiAuthLargeBinary_t { 241*2314Smcneal unsigned char largeBinary[iscsiAuthLargeBinaryMaxLength]; 242*2314Smcneal }; 243*2314Smcneal typedef struct iscsiAuthLargeBinary_t IscsiAuthLargeBinary; 244*2314Smcneal 245*2314Smcneal struct iscsiAuthClient_t { 246*2314Smcneal unsigned long signature; 247*2314Smcneal 248*2314Smcneal void *glueHandle; 249*2314Smcneal struct iscsiAuthClient_t *next; 250*2314Smcneal unsigned int authRequestId; 251*2314Smcneal 252*2314Smcneal IscsiAuthNodeType nodeType; 253*2314Smcneal unsigned int authMethodCount; 254*2314Smcneal int authMethodList[iscsiAuthMethodMaxCount]; 255*2314Smcneal IscsiAuthNegRole authMethodNegRole; 256*2314Smcneal unsigned int chapAlgorithmCount; 257*2314Smcneal int chapAlgorithmList[iscsiAuthChapAlgorithmMaxCount]; 258*2314Smcneal 259*2314Smcneal /* 260*2314Smcneal * To indicate if remote authentication is enabled (0 = no 1 = yes) 261*2314Smcneal * For the case of initiator, remote authentication enabled means 262*2314Smcneal * enabling target authentication. 263*2314Smcneal */ 264*2314Smcneal int authRemote; 265*2314Smcneal 266*2314Smcneal char username[iscsiAuthStringMaxLength]; 267*2314Smcneal int passwordPresent; 268*2314Smcneal unsigned int passwordLength; 269*2314Smcneal unsigned char passwordData[iscsiAuthStringMaxLength]; 270*2314Smcneal char methodListName[iscsiAuthStringMaxLength]; 271*2314Smcneal IscsiAuthVersion version; 272*2314Smcneal unsigned int chapChallengeLength; 273*2314Smcneal int ipSec; 274*2314Smcneal int base64; 275*2314Smcneal 276*2314Smcneal unsigned int authMethodValidCount; 277*2314Smcneal int authMethodValidList[iscsiAuthMethodMaxCount]; 278*2314Smcneal int authMethodValidNegRole; 279*2314Smcneal const char *rejectOptionName; 280*2314Smcneal const char *noneOptionName; 281*2314Smcneal 282*2314Smcneal int recvInProgressFlag; 283*2314Smcneal int recvEndCount; 284*2314Smcneal IscsiAuthClientCallback *callback; 285*2314Smcneal void *userHandle; 286*2314Smcneal void *messageHandle; 287*2314Smcneal 288*2314Smcneal IscsiAuthPhase phase; 289*2314Smcneal IscsiAuthLocalState localState; 290*2314Smcneal IscsiAuthRemoteState remoteState; 291*2314Smcneal IscsiAuthStatus remoteAuthStatus; 292*2314Smcneal IscsiAuthDebugStatus debugStatus; 293*2314Smcneal int negotiatedAuthMethod; 294*2314Smcneal int negotiatedChapAlgorithm; 295*2314Smcneal int authResponseFlag; 296*2314Smcneal int authServerErrorFlag; 297*2314Smcneal int transitBitSentFlag; 298*2314Smcneal 299*2314Smcneal unsigned int sendChapIdentifier; 300*2314Smcneal IscsiAuthLargeBinaryKey sendChapChallenge; 301*2314Smcneal char chapUsername[iscsiAuthStringMaxLength]; 302*2314Smcneal 303*2314Smcneal int recvChapChallengeStatus; 304*2314Smcneal IscsiAuthLargeBinaryKey recvChapChallenge; 305*2314Smcneal 306*2314Smcneal char scratchKeyValue[iscsiAuthStringMaxLength]; 307*2314Smcneal 308*2314Smcneal IscsiAuthKeyBlock recvKeyBlock; /* Received keypair data */ 309*2314Smcneal IscsiAuthKeyBlock sendKeyBlock; /* Keypair data to be sent */ 310*2314Smcneal }; 311*2314Smcneal typedef struct iscsiAuthClient_t IscsiAuthClient; 312*2314Smcneal 313*2314Smcneal 314*2314Smcneal #ifdef __cplusplus 315*2314Smcneal } 316*2314Smcneal #endif 317*2314Smcneal #include <sys/iscsi_authclientglue.h> 318*2314Smcneal #ifdef __cplusplus 319*2314Smcneal extern "C" { 320*2314Smcneal #endif 321*2314Smcneal 322*2314Smcneal 323*2314Smcneal extern IscsiAuthClientGlobalStats iscsiAuthClientGlobalStats; 324*2314Smcneal 325*2314Smcneal 326*2314Smcneal extern int iscsiAuthClientInit(int, int, IscsiAuthBufferDesc *); 327*2314Smcneal extern int iscsiAuthClientFinish(IscsiAuthClient *); 328*2314Smcneal 329*2314Smcneal extern int iscsiAuthClientRecvBegin(IscsiAuthClient *); 330*2314Smcneal extern int iscsiAuthClientRecvEnd(IscsiAuthClient *, 331*2314Smcneal IscsiAuthClientCallback *, void *, void *); 332*2314Smcneal 333*2314Smcneal extern const char *iscsiAuthClientGetKeyName(int); 334*2314Smcneal extern int iscsiAuthClientGetNextKeyType(int *); 335*2314Smcneal extern int iscsiAuthClientKeyNameToKeyType(const char *); 336*2314Smcneal extern int iscsiAuthClientRecvKeyValue(IscsiAuthClient *, int, const char *); 337*2314Smcneal extern int iscsiAuthClientSendKeyValue(IscsiAuthClient *, int, int *, char *, 338*2314Smcneal unsigned int); 339*2314Smcneal extern int iscsiAuthClientRecvTransitBit(IscsiAuthClient *, int); 340*2314Smcneal extern int iscsiAuthClientSendTransitBit(IscsiAuthClient *, int *); 341*2314Smcneal 342*2314Smcneal extern int iscsiAuthClientSetAuthMethodList(IscsiAuthClient *, unsigned int, 343*2314Smcneal const int *); 344*2314Smcneal extern int iscsiAuthClientSetAuthMethodNegRole(IscsiAuthClient *, int); 345*2314Smcneal extern int iscsiAuthClientSetChapAlgorithmList(IscsiAuthClient *, unsigned int, 346*2314Smcneal const int *); 347*2314Smcneal extern int iscsiAuthClientSetUsername(IscsiAuthClient *, const char *); 348*2314Smcneal extern int iscsiAuthClientSetPassword(IscsiAuthClient *, const unsigned char *, 349*2314Smcneal unsigned int); 350*2314Smcneal extern int iscsiAuthClientSetAuthRemote(IscsiAuthClient *, int); 351*2314Smcneal extern int iscsiAuthClientSetGlueHandle(IscsiAuthClient *, void *); 352*2314Smcneal extern int iscsiAuthClientSetMethodListName(IscsiAuthClient *, const char *); 353*2314Smcneal extern int iscsiAuthClientSetIpSec(IscsiAuthClient *, int); 354*2314Smcneal extern int iscsiAuthClientSetBase64(IscsiAuthClient *, int); 355*2314Smcneal extern int iscsiAuthClientSetChapChallengeLength(IscsiAuthClient *, 356*2314Smcneal unsigned int); 357*2314Smcneal extern int iscsiAuthClientSetVersion(IscsiAuthClient *, int); 358*2314Smcneal extern int iscsiAuthClientCheckPasswordNeeded(IscsiAuthClient *, int *); 359*2314Smcneal 360*2314Smcneal extern int iscsiAuthClientGetAuthPhase(IscsiAuthClient *, int *); 361*2314Smcneal extern int iscsiAuthClientGetAuthStatus(IscsiAuthClient *, int *); 362*2314Smcneal extern int iscsiAuthClientAuthStatusPass(int); 363*2314Smcneal extern int iscsiAuthClientGetAuthMethod(IscsiAuthClient *, int *); 364*2314Smcneal extern int iscsiAuthClientGetChapAlgorithm(IscsiAuthClient *, int *); 365*2314Smcneal extern int iscsiAuthClientGetChapUsername(IscsiAuthClient *, char *, 366*2314Smcneal unsigned int); 367*2314Smcneal 368*2314Smcneal extern int iscsiAuthClientSendStatusCode(IscsiAuthClient *, int *); 369*2314Smcneal extern int iscsiAuthClientGetDebugStatus(IscsiAuthClient *, int *); 370*2314Smcneal extern const char *iscsiAuthClientDebugStatusToText(int); 371*2314Smcneal 372*2314Smcneal /* 373*2314Smcneal * The following is called by platform dependent code. 374*2314Smcneal */ 375*2314Smcneal extern void iscsiAuthClientAuthResponse(IscsiAuthClient *, int); 376*2314Smcneal 377*2314Smcneal /* 378*2314Smcneal * The following routines are considered platform dependent, 379*2314Smcneal * and need to be implemented for use by iscsiAuthClient.c. 380*2314Smcneal */ 381*2314Smcneal 382*2314Smcneal extern int iscsiAuthClientChapAuthRequest(IscsiAuthClient *, char *, 383*2314Smcneal unsigned int, 384*2314Smcneal unsigned char *, unsigned int, unsigned char *, unsigned int); 385*2314Smcneal extern void iscsiAuthClientChapAuthCancel(IscsiAuthClient *); 386*2314Smcneal 387*2314Smcneal extern int iscsiAuthClientTextToNumber(const char *, unsigned long *); 388*2314Smcneal extern void iscsiAuthClientNumberToText(unsigned long, char *, unsigned int); 389*2314Smcneal 390*2314Smcneal extern void iscsiAuthRandomSetData(unsigned char *, unsigned int); 391*2314Smcneal extern void iscsiAuthMd5Init(IscsiAuthMd5Context *); 392*2314Smcneal extern void iscsiAuthMd5Update(IscsiAuthMd5Context *, unsigned char *, 393*2314Smcneal unsigned int); 394*2314Smcneal extern void iscsiAuthMd5Final(unsigned char *, IscsiAuthMd5Context *); 395*2314Smcneal 396*2314Smcneal extern int iscsiAuthClientData(unsigned char *, unsigned int *, unsigned char *, 397*2314Smcneal unsigned int); 398*2314Smcneal 399*2314Smcneal #ifdef __cplusplus 400*2314Smcneal } 401*2314Smcneal #endif 402*2314Smcneal 403*2314Smcneal #endif /* _ISCSI_AUTHCLIENT_H */ 404