1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2010 Emulex. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 /* 27 * Copyright 2014 Nexenta Systems, Inc. All rights reserved. 28 */ 29 30 #ifndef _EMLXS_DHCHAP_H 31 #define _EMLXS_DHCHAP_H 32 33 #ifdef __cplusplus 34 extern "C" { 35 #endif 36 37 #ifdef DHCHAP_SUPPORT 38 #include <sys/random.h> 39 40 41 /* emlxs_auth_cfg_t */ 42 #define PASSWORD_TYPE_ASCII 1 43 #define PASSWORD_TYPE_BINARY 2 44 #define PASSWORD_TYPE_IGNORE 3 45 46 #define AUTH_MODE_DISABLED 1 47 #define AUTH_MODE_ACTIVE 2 48 #define AUTH_MODE_PASSIVE 3 49 50 #define ELX_DHCHAP 0x01 /* Only one currently supported */ 51 #define ELX_FCAP 0x02 52 #define ELX_FCPAP 0x03 53 #define ELX_KERBEROS 0x04 54 55 #define ELX_MD5 0x01 56 #define ELX_SHA1 0x02 57 58 #define ELX_GROUP_NULL 0x01 59 #define ELX_GROUP_1024 0x02 60 #define ELX_GROUP_1280 0x03 61 #define ELX_GROUP_1536 0x04 62 #define ELX_GROUP_2048 0x05 63 64 65 /* AUTH_ELS Code */ 66 #define ELS_CMD_AUTH_CODE 0x90 67 68 /* AUTH_ELS Flags */ 69 70 /* state ? */ 71 #define AUTH_FINISH 0xFF 72 #define AUTH_ABORT 0xFE 73 74 /* auth_msg code for DHCHAP */ 75 #define AUTH_REJECT 0x0A 76 #define AUTH_NEGOTIATE 0x0B 77 #define AUTH_DONE 0x0C 78 #define DHCHAP_CHALLENGE 0x10 79 #define DHCHAP_REPLY 0x11 80 #define DHCHAP_SUCCESS 0x12 81 82 /* BIG ENDIAN and LITTLE ENDIAN */ 83 84 /* authentication protocol identifiers */ 85 #ifdef EMLXS_BIG_ENDIAN 86 87 #define AUTH_DHCHAP 0x00000001 88 #define AUTH_FCAP 0x00000002 89 #define AUTH_FCPAP 0x00000003 90 #define AUTH_KERBEROS 0x00000004 91 92 #define HASH_LIST_TAG 0x0001 93 #define DHGID_LIST_TAG 0x0002 94 95 /* hash function identifiers */ 96 #define AUTH_SHA1 0x00000006 97 #define AUTH_MD5 0x00000005 98 99 /* DHCHAP group ids */ 100 #define GROUP_NULL 0x00000000 101 #define GROUP_1024 0x00000001 102 #define GROUP_1280 0x00000002 103 #define GROUP_1536 0x00000003 104 #define GROUP_2048 0x00000004 105 106 /* Tran_id Mask */ 107 #define AUTH_TRAN_ID_MASK 0x000000FF 108 109 #endif /* EMLXS_BIG_ENDIAN */ 110 111 #ifdef EMLXS_LITTLE_ENDIAN 112 113 #define AUTH_DHCHAP 0x01000000 114 #define AUTH_FCAP 0x02000000 115 #define AUTH_FCPAP 0x03000000 116 #define AUTH_KERBEROS 0x04000000 117 118 #define HASH_LIST_TAG 0x0100 119 #define DHGID_LIST_TAG 0x0200 120 121 /* hash function identifiers */ 122 #define AUTH_SHA1 0x06000000 123 #define AUTH_MD5 0x05000000 124 125 /* DHCHAP group ids */ 126 #define GROUP_NULL 0x00000000 127 #define GROUP_1024 0x01000000 128 #define GROUP_1280 0x02000000 129 #define GROUP_1536 0x03000000 130 #define GROUP_2048 0x04000000 131 132 /* Tran_id Mask */ 133 #define AUTH_TRAN_ID_MASK 0xFF000000 134 135 #endif /* EMLXS_LITTLE_ENDIAN */ 136 137 /* hash funcs hash length in byte */ 138 #define SHA1_LEN 0x00000014 /* 20 bytes */ 139 #define MD5_LEN 0x00000010 /* 16 bytes */ 140 141 #define HBA_SECURITY 0x20 142 143 /* AUTH_Reject Reason Codes */ 144 #define AUTHRJT_FAILURE 0x01 145 #define AUTHRJT_LOGIC_ERR 0x02 146 147 /* LS_RJT Reason Codes for AUTH_ELS */ 148 #define LSRJT_AUTH_REQUIRED 0x03 149 #define LSRJT_AUTH_LOGICAL_BSY 0x05 150 #define LSRJT_AUTH_ELS_NOT_SUPPORTED 0x0B 151 #define LSRJT_AUTH_NOT_LOGGED_IN 0x09 152 153 /* AUTH_Reject Reason Code Explanations */ 154 #define AUTHEXP_MECH_UNUSABLE 0x01 /* AUTHRJT_LOGIC_ERR */ 155 #define AUTHEXP_DHGROUP_UNUSABLE 0x02 /* AUTHRJT_LOGIC_ERR */ 156 #define AUTHEXP_HASHFUNC_UNUSABLE 0x03 /* AUTHRJT_LOGIC_ERR */ 157 #define AUTHEXP_AUTHTRAN_STARTED 0x04 /* AUTHRJT_LOGIC_ERR */ 158 #define AUTHEXP_AUTH_FAILED 0x05 /* AUTHRJT_FAILURE */ 159 #define AUTHEXP_BAD_PAYLOAD 0x06 /* AUTHRJT_FAILURE */ 160 #define AUTHEXP_BAD_PROTOCOL 0x07 /* AUTHRJT_FAILURE */ 161 #define AUTHEXP_RESTART_AUTH 0x08 /* AUTHRJT_LOGIC_ERR */ 162 #define AUTHEXP_CONCAT_UNSUPP 0x09 /* AUTHRJT_LOGIC_ERR */ 163 #define AUTHEXP_BAD_PROTOVERS 0x0A /* AUTHRJT_LOGIC_ERR */ 164 165 /* LS_RJT Reason Code Explanations for AUTH_ELS */ 166 #define LSEXP_AUTH_REQUIRED 0x48 167 #define LSEXP_AUTH_ELS_NOT_SUPPORTED 0x2C 168 #define LSEXP_AUTH_ELS_NOT_LOGGED_IN 0x1E 169 #define LSEXP_AUTH_LOGICAL_BUSY 0x00 170 171 172 #define MAX_AUTH_MSA_SIZE 1024 173 174 #define MAX_AUTH_PID 0x4 /* Max auth proto identifier list */ 175 176 /* parameter tag */ 177 #define HASH_LIST 0x0001 178 #define DHG_ID_LIST 0x0002 179 180 /* name tag from Table 13 v1.8 pp 30 */ 181 #ifdef EMLXS_BIG_ENDIAN 182 #define AUTH_NAME_ID 0x0001 183 #define AUTH_NAME_LEN 0x0008 184 #define AUTH_PROTO_NUM 0x00000001 185 #define AUTH_NULL_PARA_LEN 0x00000028 186 #endif /* EMLXS_BIG_ENDIAN */ 187 188 #ifdef EMLXS_LITTLE_ENDIAN 189 #define AUTH_NAME_ID 0x0100 190 #define AUTH_NAME_LEN 0x0800 191 #define AUTH_PROTO_NUM 0x01000000 192 #define AUTH_NULL_PARA_LEN 0x28000000 193 #endif /* EMLXS_LITTLE_ENDIAN */ 194 195 /* name tag from Table 103 v 1.8 pp 123 */ 196 #define AUTH_NODE_NAME 0x0002 197 #define AUTH_PORT_NAME 0x0003 198 199 /* 200 * Sysevent support 201 */ 202 /* ddi_log_sysevent() vendors */ 203 #define DDI_VENDOR_EMLX "EMLXS" 204 205 /* Class */ 206 #define EC_EMLXS "EC_emlxs" 207 208 /* Subclass */ 209 #define ESC_EMLXS_01 "ESC_emlxs_issue_auth_negotiate" 210 #define ESC_EMLXS_02 "ESC_emlxs_cmpl_auth_negotiate_issue" 211 212 #define ESC_EMLXS_03 "ESC_emlxs_rcv_auth_msg_auth_negotiate_issue" 213 #define ESC_EMLXS_04 "ESC_emlxs_cmpl_auth_msg_auth_negotiate_issue" 214 215 #define ESC_EMLXS_05 "ESC_emlxs_rcv_auth_msg_unmapped_node" 216 #define ESC_EMLXS_06 "ESC_emlxs_issue_dhchap_challenge" 217 #define ESC_EMLXS_07 "ESC_emlxs_cmpl_dhchap_challenge_issue" 218 219 #define ESC_EMLXS_08 "ESC_emlxs_rcv_auth_msg_dhchap_challenge_cmpl_wait4next" 220 221 #define ESC_EMLXS_09 "ESC_emlxs_rcv_auth_msg_auth_negotiate_rcv" 222 #define ESC_EMLXS_10 "ESC_emlxs_cmpl_auth_msg_auth_negotiate_rcv" 223 224 #define ESC_EMLXS_11 "ESC_emlxs_cmpl_cmpl_dhchap_reply_issue" 225 #define ESC_EMLXS_12 "ESC_emlxs_cmpl_dhchap_reply_issue" 226 #define ESC_EMLXS_13 "ESC_emlxs_cmpl_auth_msg_dhchap_reply_issue" 227 228 #define ESC_EMLXS_14 "ESC_emlxs_cmpl_auth_msg_auth_negotiate_cmpl_wait4next" 229 230 #define ESC_EMLXS_15 "ESC_emlxs_issue_dhchap_success" 231 232 #define ESC_EMLXS_16 "ESC_emlxs_rcv_auth_msg_dhchap_challenge_issue" 233 #define ESC_EMLXS_17 "ESC_emlxs_cmpl_auth_msg_dhchap_challenge_issue" 234 235 #define ESC_EMLXS_18 "ESC_emlxs_rcv_auth_msg_dhchap_reply_issue" 236 237 #define ESC_EMLXS_19 \ 238 "ESC_emlxs_cmpl_auth_msg_dhchap_challenge_cmpl_wait4next" 239 240 #define ESC_EMLXS_20 "ESC_emlxs_rcv_auth_msg_dhchap_reply_cmpl_wait4next" 241 #define ESC_EMLXS_21 "ESC_emlxs_cmpl_dhchap_success_issue" 242 #define ESC_EMLXS_22 "ESC_emlxs_cmpl_auth_msg_dhchap_success_issue" 243 244 #define ESC_EMLXS_23 "ESC_emlxs_cmpl_auth_msg_dhchap_reply_cmpl_wait4next" 245 246 #define ESC_EMLXS_24 "ESC_emlxs_rcv_auth_msg_dhchap_success_issue_wait4next" 247 #define ESC_EMLXS_25 "ESC_emlxs_cmpl_auth_msg_dhchap_success_issue_wait4next" 248 249 #define ESC_EMLXS_26 "ESC_emlxs_rcv_auth_msg_dhchap_success_cmpl_wait4next" 250 #define ESC_EMLXS_27 "ESC_emlxs_cmpl_auth_msg_dhchap_success_cmpl_wait4next" 251 252 #define ESC_EMLXS_28 "ESC_emlxs_issue_auth_reject" 253 #define ESC_EMLXS_29 "ESC_emlxs_cmpl_auth_reject_issue" 254 255 #define ESC_EMLXS_30 "ESC_emlxs_rcv_auth_msg_npr_node" 256 257 #define ESC_EMLXS_31 "ESC_emlxs_dhc_reauth_timeout" 258 259 #define ESC_EMLXS_32 "ESC_emlxs_dhc_authrsp_timeout" 260 261 #define ESC_EMLXS_33 "ESC_emlxs_ioctl_auth_setcfg" 262 #define ESC_EMLXS_34 "ESC_emlxs_ioctl_auth_setpwd" 263 #define ESC_EMLXS_35 "ESC_emlxs_ioctl_auth_delcfg" 264 #define ESC_EMLXS_36 "ESC_emlxs_ioctl_auth_delpwd" 265 266 267 /* From HBAnyware dfc lib FC-SP */ 268 typedef struct emlxs_auth_cfg 269 { 270 NAME_TYPE local_entity; /* host wwpn (NPIV support) */ 271 NAME_TYPE remote_entity; /* switch or target wwpn */ 272 uint32_t authentication_timeout; 273 uint32_t authentication_mode; 274 uint32_t bidirectional:1; 275 uint32_t reserved:31; 276 uint32_t authentication_type_priority[4]; 277 uint32_t hash_priority[4]; 278 uint32_t dh_group_priority[8]; 279 uint32_t reauthenticate_time_interval; 280 281 dfc_auth_status_t auth_status; 282 uint32_t auth_time; 283 struct emlxs_node *node; 284 285 struct emlxs_auth_cfg *prev; 286 struct emlxs_auth_cfg *next; 287 } emlxs_auth_cfg_t; 288 289 290 typedef struct emlxs_auth_key 291 { 292 NAME_TYPE local_entity; /* host wwpn */ 293 /* (NPIV support) */ 294 NAME_TYPE remote_entity; /* switch or target */ 295 /* wwpn */ 296 uint16_t local_password_length; 297 uint16_t local_password_type; 298 uint8_t local_password[128]; /* hba authenticates */ 299 /* to switch */ 300 uint16_t remote_password_length; 301 uint16_t remote_password_type; 302 uint8_t remote_password[128]; /* hba authenticates */ 303 /* to switch */ 304 305 struct emlxs_node *node; 306 307 struct emlxs_auth_key *prev; 308 struct emlxs_auth_key *next; 309 } emlxs_auth_key_t; 310 311 312 typedef struct emlxs_auth_misc 313 { 314 uint8_t bi_cval[20]; /* our challenge for bi-dir */ 315 /* auth in reply as initiator */ 316 uint32_t bi_cval_len; /* 16 for MD5, 20 for SHA1 */ 317 uint8_t pub_key[512]; /* max is 512 bytes value of */ 318 /* (g^y mod p) */ 319 uint32_t pubkey_len; /* real length of the pub key */ 320 uint8_t ses_key[512]; /* session key: value of */ 321 /* (g^xy mod p) */ 322 uint32_t seskey_len; /* real length of the session */ 323 /* key */ 324 325 /* The following are parameters when host is the responder */ 326 uint8_t hrsp_cval[20]; /* challenge value from host */ 327 /* as responder */ 328 uint32_t hrsp_cval_len; /* host as the responder its */ 329 /* challenge value len */ 330 uint8_t hrsp_priv_key[20]; /* the private key generated */ 331 /* in host as responder */ 332 uint8_t hrsp_pub_key[512]; /* public key calculated when */ 333 /* host as responder */ 334 uint32_t hrsp_pubkey_len; /* public key length when */ 335 /* host is responder */ 336 uint8_t hrsp_ses_key[512]; /* session key computed when */ 337 /* host is responder */ 338 uint32_t hrsp_seskey_len; /* session key length when */ 339 /* host is responder */ 340 } emlxs_auth_misc_t; 341 342 343 /* 344 * emlxs_port_dhc struct to be used by emlxs_port_t in emlxs_fc.h 345 * 346 * This structure contains all the data used by DHCHAP. 347 * They are from EMLXSHBA_t in emlxs driver. 348 * 349 */ 350 typedef struct emlxs_port_dhc 351 { 352 353 int32_t state; 354 #define ELX_FABRIC_STATE_UNKNOWN 0x00 355 #define ELX_FABRIC_AUTH_DISABLED 0x01 356 #define ELX_FABRIC_AUTH_FAILED 0x02 357 #define ELX_FABRIC_AUTH_SUCCESS 0x03 358 #define ELX_FABRIC_IN_AUTH 0x04 359 #define ELX_FABRIC_IN_REAUTH 0x05 360 361 dfc_auth_status_t auth_status; /* Fabric auth status */ 362 uint32_t auth_time; 363 364 } emlxs_port_dhc_t; 365 366 367 /* Node Events */ 368 #define NODE_EVENT_DEVICE_RM 0x0 /* Auth response timeout and */ 369 /* fail */ 370 #define NODE_EVENT_DEVICE_RECOVERY 0x1 /* Auth response timeout and */ 371 /* recovery */ 372 #define NODE_EVENT_RCV_AUTH_MSG 0x2 /* Unsolicited Auth received */ 373 #define NODE_EVENT_CMPL_AUTH_MSG 0x3 374 #define NODE_EVENT_MAX_EVENT 0x4 375 376 /* 377 * emlxs_node_dhc struct to be used in emlxs_node_t. 378 * They are from emlxs_nodelist_t in emlxs driver. 379 */ 380 typedef struct emlxs_node_dhc 381 { 382 uint16_t state; /* used for state machine */ 383 #define NODE_STATE_UNKNOWN 0x00 384 #define NODE_STATE_AUTH_DISABLED 0x01 385 #define NODE_STATE_AUTH_FAILED 0x02 386 #define NODE_STATE_AUTH_SUCCESS 0x03 387 #define NODE_STATE_AUTH_NEGOTIATE_ISSUE 0x04 388 #define NODE_STATE_AUTH_NEGOTIATE_RCV 0x05 389 #define NODE_STATE_AUTH_NEGOTIATE_CMPL_WAIT4NEXT 0x06 390 #define NODE_STATE_DHCHAP_CHALLENGE_ISSUE 0x07 391 #define NODE_STATE_DHCHAP_REPLY_ISSUE 0x08 392 #define NODE_STATE_DHCHAP_CHALLENGE_CMPL_WAIT4NEXT 0x09 393 #define NODE_STATE_DHCHAP_REPLY_CMPL_WAIT4NEXT 0x0A 394 #define NODE_STATE_DHCHAP_SUCCESS_ISSUE 0x0B 395 #define NODE_STATE_DHCHAP_SUCCESS_ISSUE_WAIT4NEXT 0x0C 396 #define NODE_STATE_DHCHAP_SUCCESS_CMPL_WAIT4NEXT 0x0D 397 #define NODE_STATE_NOCHANGE 0xFFFFFFFF 398 399 uint16_t prev_state; /* for info only */ 400 401 uint32_t disc_refcnt; 402 403 emlxs_auth_cfg_t auth_cfg; 404 emlxs_auth_key_t auth_key; 405 406 uint32_t nlp_authrsp_tmo; /* Response timeout */ 407 uint32_t nlp_authrsp_tmocnt; 408 409 uint32_t nlp_auth_tranid_ini; /* tran_id when this */ 410 /* node is initiator */ 411 uint32_t nlp_auth_tranid_rsp; /* tran_id when this */ 412 /* node is responder */ 413 414 uint32_t nlp_auth_flag; /* 1:initiator */ 415 /* 2:responder */ 416 uint32_t nlp_auth_limit; /* 1: NULL DHCHAP */ 417 /* 2: full support */ 418 419 /* information in DHCHAP_Challenge as the auth responder */ 420 uint32_t nlp_auth_hashid; 421 uint32_t nlp_auth_dhgpid; 422 uint32_t nlp_auth_bidir; 423 NAME_TYPE nlp_auth_wwn; 424 425 emlxs_auth_misc_t nlp_auth_misc; 426 427 uint32_t nlp_reauth_tmo; 428 uint16_t nlp_reauth_status; 429 #define NLP_HOST_REAUTH_DISABLED 0x0 430 #define NLP_HOST_REAUTH_ENABLED 0x1 431 #define NLP_HOST_REAUTH_IN_PROGRESS 0x2 432 433 uint32_t nlp_fb_vendor; 434 #define NLP_FABRIC_CISCO 0x1 435 #define NLP_FABRIC_OTHERS 0x2 436 437 uint32_t fc_dhchap_success_expected; 438 439 /* hash_id, dhgp_id are set from responder, host is the initiator */ 440 uint32_t hash_id; /* 0x05 for MD5 */ 441 /* 0x06 for SHA-1 */ 442 uint32_t dhgp_id; /* DH grp identifier */ 443 444 uint8_t bi_cval[20]; /* our challenge for */ 445 /* bi-dir auth in */ 446 /* reply as initiator */ 447 uint32_t bi_cval_len; /* 16 for MD5 */ 448 /* 20 for SHA1 */ 449 uint8_t pub_key[512]; /* max is 512 bytes */ 450 /* value (g^y mod p) */ 451 uint32_t pubkey_len; /* real length of the */ 452 /* pub key */ 453 uint8_t ses_key[512]; /* session key: */ 454 /* value (g^xy mod p) */ 455 uint32_t seskey_len; /* real length of the */ 456 /* session key */ 457 458 /* The following are parameters when host is the responder */ 459 460 uint8_t hrsp_cval[20]; /* challenge value */ 461 uint32_t hrsp_cval_len; /* challenge value */ 462 /* length */ 463 uint8_t hrsp_priv_key[20]; /* private key */ 464 /* generated */ 465 uint8_t hrsp_pub_key[512]; /* public key */ 466 /* computed */ 467 uint32_t hrsp_pubkey_len; /* public key length */ 468 uint8_t hrsp_ses_key[512]; /* session key */ 469 /* computed */ 470 uint32_t hrsp_seskey_len; /* session key length */ 471 472 uint8_t *deferred_sbp; /* Pending IO for */ 473 /* auth completion */ 474 uint8_t *deferred_ubp; 475 476 uint32_t flag; 477 #define NLP_REMOTE_AUTH 0x00000001 478 #define NLP_SET_REAUTH_TIME 0x00000002 479 480 emlxs_auth_cfg_t *parent_auth_cfg; /* Original auth_cfg */ 481 /* table entry */ 482 emlxs_auth_key_t *parent_auth_key; /* Original auth_key */ 483 /* table entry */ 484 } emlxs_node_dhc_t; 485 486 487 /* For NULL DHCHAP with MD5 and SHA-1 */ 488 typedef struct _AUTH_NEGOT_PARAMS_1 489 { 490 uint16_t name_tag; /* set to 0x0001 */ 491 uint16_t name_len; /* set to 0x0008 */ 492 NAME_TYPE nodeName; /* WWPN */ 493 uint32_t proto_num; /* set to 0x5 */ 494 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 495 uint32_t proto_id; /* set to HDCHAP */ 496 uint16_t HashList_tag; /* set to 0x0001 */ 497 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 498 uint32_t HashList_value1; /* set to MD5 or SHA1 ID 0x00000005,6 */ 499 uint16_t DHgIDList_tag; /* set to 0x0002 */ 500 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 501 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 502 uint32_t DHgIDList_g1; /* set to 0x0000 0001 */ 503 uint32_t DHgIDList_g2; /* set to 0x0000 0002 */ 504 uint32_t DHgIDList_g3; /* set to 0x0000 0003 */ 505 uint32_t DHgIDList_g4; /* set to 0x0000 0004 */ 506 } AUTH_NEGOT_PARAMS_1; 507 508 509 typedef struct _AUTH_NEGOT_PARAMS_2 510 { 511 uint16_t name_tag; /* set to 0x0001 */ 512 uint16_t name_len; /* set to 0x0008 */ 513 NAME_TYPE nodeName; /* WWPN */ 514 uint32_t proto_num; /* set to 0x5 */ 515 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 516 uint32_t proto_id; /* set to HDCHAP */ 517 uint16_t HashList_tag; /* set to 0x0001 */ 518 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 519 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */ 520 uint32_t HashList_value2; /* set to SHA-1's ID 0x00000006 */ 521 uint16_t DHgIDList_tag; /* set to 0x0002 */ 522 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 523 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 524 uint32_t DHgIDList_g1; /* set to 0x0000 0001 */ 525 uint32_t DHgIDList_g2; /* set to 0x0000 0002 */ 526 uint32_t DHgIDList_g3; /* set to 0x0000 0003 */ 527 uint32_t DHgIDList_g4; /* set to 0x0000 0004 */ 528 } AUTH_NEGOT_PARAMS_2; 529 530 531 /* For NULL DHCHAP with MD5 and SHA-1 */ 532 typedef struct _AUTH_NEGOT_PARAMS 533 { 534 uint16_t name_tag; /* set to 0x0001 */ 535 uint16_t name_len; /* set to 0x0008 */ 536 NAME_TYPE nodeName; /* WWPN */ 537 uint32_t proto_num; /* set to 0x5 */ 538 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 539 uint32_t proto_id; /* set to HDCHAP */ 540 uint16_t HashList_tag; /* set to 0x0001 */ 541 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 542 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */ 543 uint32_t HashList_value2; /* set to SHA-1's ID 0x00000006 */ 544 uint16_t DHgIDList_tag; /* set to 0x0002 */ 545 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 546 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 547 uint32_t DHgIDList_g1; /* set to 0x0000 0001 */ 548 uint32_t DHgIDList_g2; /* set to 0x0000 0002 */ 549 uint32_t DHgIDList_g3; /* set to 0x0000 0003 */ 550 uint32_t DHgIDList_g4; /* set to 0x0000 0004 */ 551 } AUTH_NEGOT_PARAMS; 552 553 typedef struct _AUTH_NEGOT_PARAMS_NULL_1 554 { 555 uint16_t name_tag; /* set to 0x0001 */ 556 uint16_t name_len; /* set to 0x0008 */ 557 NAME_TYPE nodeName; /* WWPN */ 558 uint32_t proto_num; /* set to 0x5 */ 559 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 560 uint32_t proto_id; /* set to HDCHAP */ 561 uint16_t HashList_tag; /* set to 0x0001 */ 562 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 563 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */ 564 uint16_t DHgIDList_tag; /* set to 0x0002 */ 565 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 566 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 567 } AUTH_NEGOT_PARAMS_NULL_1; 568 569 typedef struct _AUTH_NEGOT_PARAMS_NULL_2 570 { 571 uint16_t name_tag; /* set to 0x0001 */ 572 uint16_t name_len; /* set to 0x0008 */ 573 NAME_TYPE nodeName; /* WWPN */ 574 uint32_t proto_num; /* set to 0x5 */ 575 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 576 uint32_t proto_id; /* set to HDCHAP */ 577 uint16_t HashList_tag; /* set to 0x0001 */ 578 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 579 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */ 580 uint32_t HashList_value2; 581 uint16_t DHgIDList_tag; /* set to 0x0002 */ 582 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 583 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 584 } AUTH_NEGOT_PARAMS_NULL_2; 585 586 587 /* Generic AUTH ELS Header */ 588 typedef struct _AUTH_MSG_HDR 589 { 590 /* 20 bytes in total */ 591 uint8_t auth_els_code; /* always 0x90h */ 592 uint8_t auth_els_flags; 593 uint8_t auth_msg_code; /* see above */ 594 uint8_t proto_version; 595 uint32_t msg_len; /* size of msg payload in byte */ 596 uint32_t tran_id; 597 uint16_t name_tag; /* set to 0x0001 */ 598 uint16_t name_len; /* set to 0x0008 */ 599 NAME_TYPE nodeName; /* WWPN */ 600 } AUTH_MSG_HDR; 601 602 603 typedef struct _SHA1_CVAL 604 { 605 uint8_t val[20]; 606 } SHA1_CVAL; 607 608 609 typedef struct _MD5_CVAL 610 { 611 uint8_t val[16]; 612 } MD5_CVAL; 613 614 615 union challenge_val 616 { 617 SHA1_CVAL sha1; 618 MD5_CVAL md5; 619 }; 620 621 622 /* DHCHAP_Replay */ 623 typedef struct _DHCHAP_REPLY_HDR 624 { 625 uint8_t auth_els_code; /* always 0x90h */ 626 uint8_t auth_els_flags; 627 uint8_t auth_msg_code; /* see above */ 628 uint8_t proto_version; 629 uint32_t msg_len; /* size of msg payload in byte */ 630 uint32_t tran_id; /* transaction id */ 631 } DHCHAP_REPLY_HDR; 632 633 634 /* DHCHAP_Challenge */ 635 typedef struct _DHCHAP_CHALL_NULL 636 { 637 AUTH_MSG_HDR msg_hdr; 638 uint32_t hash_id; 639 uint32_t dhgp_id; 640 uint32_t cval_len; 641 } DHCHAP_CHALL_NULL; 642 643 typedef struct _DHCHAP_CHALL 644 { 645 DHCHAP_CHALL_NULL cnul; 646 uint8_t *dhval; 647 } DHCHAP_CHALL; 648 649 /* 650 * size of msg_payload is variable based on the different protocol 651 * parameters supported in the driver. 652 * 653 * For DHCHAP we plan to support NULL, group 1, 2, 3, 4. 654 * 655 * For NULL DHCHAP protocol only: of these protocol identifiers, 656 * we need name_tag = 2 bytes name_len_size = 2 bytes name_len = 8 bytes 657 * number of usable auth proto = 4 bytes 658 * 659 * --------- for example for NULL DHCAHP only -------------------- 660 * auth proto #1 len = 4 bytes #1 ID = 4 bytes #1 params = 4 + 16 bytes. 661 * ------ Total for NULL DHCHAP = (16 + 12 + 16 ) = 44 bytes. 662 * 663 * If number of usable auth proto is 5, then we should have 5 auth proto params. 664 * assume we are using name_tag 0x0001, then auth name in total = 12 bytes. 665 * 666 * 12 bytes + 4 bytes = 16 bytes. 4 + 4 + 4 = 12 bytes 667 * (num of usable auth proto size = 4 668 * auth proto params #1 len size = 4 669 * auth prot ID for #1 size = 4 670 * 671 * For DHCHAP param: HashList 2 param tag size (set to 0x0001 as HashList) 672 * 2 param word cnt size (set to 0x0002 as two hash funcs) 673 * 8 for hash ids: MD5 and SHA-1 DHgIDList 674 * 2 param tag size (set to 0x0002 as DHgIDList) 675 * 2 param word cnt size (set to 0x0005 as NULL and 1/2/3/4 groups) 20 for 676 * 5 groups 0x0000 0000 0x0000 0001 0x0000 0002 0x0000 0003 0x0000 0004 677 * Total for FULL group support (16 + 12 + 12 + 24 ) = 64 bytes. 678 * 679 */ 680 681 typedef struct _AUTH_MSG_NEGOT_1 { /* in Big Endian format */ 682 uint8_t auth_els_code; /* always 0x90h */ 683 uint8_t auth_els_flags; 684 uint8_t auth_msg_code; /* see above */ 685 uint8_t proto_version; 686 uint32_t msg_len; /* size of msg payload */ 687 /* in byte */ 688 uint32_t tran_id; /* transaction identifier */ 689 690 /* anything else is variable in size (bytes) */ 691 /* uint8_t msg_payload[MAX_AUTH_MSG_SIZE]; */ 692 AUTH_NEGOT_PARAMS_1 params; 693 } AUTH_MSG_NEGOT_1, *PAUTH_MSG_NEGOT_1; 694 695 696 typedef struct _AUTH_MSG_NEGOT_2 { /* in Big Endian format */ 697 uint8_t auth_els_code; /* always 0x90h */ 698 uint8_t auth_els_flags; 699 uint8_t auth_msg_code; /* see above */ 700 uint8_t proto_version; 701 uint32_t msg_len; /* size of msg payload */ 702 /* in byte */ 703 uint32_t tran_id; /* transaction identifier */ 704 705 /* anything else is variable in size (bytes) */ 706 /* uint8_t msg_payload[MAX_AUTH_MSG_SIZE]; */ 707 AUTH_NEGOT_PARAMS_2 params; 708 } AUTH_MSG_NEGOT_2, *PAUTH_MSG_NEGOT_2; 709 710 711 typedef struct _AUTH_MSG_NEGOT 712 { 713 /* in Big Endian format */ 714 uint8_t auth_els_code; /* always 0x90h */ 715 uint8_t auth_els_flags; 716 uint8_t auth_msg_code; /* see above */ 717 uint8_t proto_version; 718 uint32_t msg_len; /* size of msg payload */ 719 /* in byte */ 720 uint32_t tran_id; /* transaction identifier */ 721 722 /* anything else is variable in size (bytes) */ 723 /* uint8_t msg_payload[MAX_AUTH_MSG_SIZE]; */ 724 AUTH_NEGOT_PARAMS params; 725 } AUTH_MSG_NEGOT, *PAUTH_MSG_NEGOT; 726 727 728 /* AUTH_Negotiate msg for NULL DH support only */ 729 typedef struct _AUTH_MSG_NEGOT_NULL 730 { 731 uint8_t auth_els_code; 732 uint8_t auth_els_flags; 733 uint8_t auth_msg_code; 734 uint8_t proto_version; 735 uint32_t msg_len; 736 uint32_t tran_id; 737 } AUTH_MSG_NEGOT_NULL, *PAUTH_MSG_NEGOT_NULL; 738 739 typedef struct _AUTH_MSG_NEGOT_NULL_1 740 { 741 uint8_t auth_els_code; 742 uint8_t auth_els_flags; 743 uint8_t auth_msg_code; 744 uint8_t proto_version; 745 uint32_t msg_len; 746 uint32_t tran_id; 747 748 AUTH_NEGOT_PARAMS_NULL_1 params; 749 750 } AUTH_MSG_NEGOT_NULL_1, *PAUTH_MSG_NEGOT_NULL_1; 751 752 typedef struct _AUTH_MSG_NEGOT_NULL_2 753 { 754 uint8_t auth_els_code; 755 uint8_t auth_els_flags; 756 uint8_t auth_msg_code; 757 uint8_t proto_version; 758 uint32_t msg_len; 759 uint32_t tran_id; 760 761 AUTH_NEGOT_PARAMS_NULL_2 params; 762 763 } AUTH_MSG_NEGOT_NULL_2, *PAUTH_MSG_NEGOT_NULL_2; 764 765 766 /* auth_els_flags */ 767 #define AUTH_ELS_FLAGS_MASK 0x0f; 768 769 770 typedef struct _AUTH_RJT 771 { 772 uint8_t auth_els_code; /* always 0x90h */ 773 uint8_t auth_els_flags; 774 uint8_t auth_msg_code; /* see above */ 775 uint8_t proto_version; 776 uint32_t msg_len; /* size of msg payload in byte */ 777 uint32_t tran_id; /* transaction identifier */ 778 779 uint8_t ReasonCode; 780 uint8_t ReasonCodeExplanation; 781 uint16_t Reserved; 782 } AUTH_RJT, *PAUTH_RJT; 783 784 typedef struct _DHCHAP_SUCCESS_HDR 785 { 786 uint8_t auth_els_code; /* always 0x90h */ 787 uint8_t auth_els_flags; 788 uint8_t auth_msg_code; /* see above */ 789 uint8_t proto_version; 790 uint32_t msg_len; /* size of msg payload in byte */ 791 uint32_t tran_id; /* transaction identifier */ 792 793 uint32_t RspVal_len; 794 } DHCHAP_SUCCESS_HDR, *PDHCHAP_SUCCESS_HDR; 795 796 797 typedef struct dh_group_st 798 { 799 unsigned long groupid; 800 unsigned long length; 801 unsigned char value[256]; 802 } DH_GROUP, *PDH_GROUP; 803 804 #pragma weak random_get_pseudo_bytes 805 806 807 #endif /* DHCHAP_SUPPORT */ 808 809 #ifdef __cplusplus 810 } 811 #endif 812 813 #endif /* _EMLXS_DHCHAP_H */