1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2010 Emulex. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _EMLXS_DHCHAP_H 28 #define _EMLXS_DHCHAP_H 29 30 #ifdef __cplusplus 31 extern "C" { 32 #endif 33 34 #ifdef DHCHAP_SUPPORT 35 #include <sys/random.h> 36 37 38 /* emlxs_auth_cfg_t */ 39 #define PASSWORD_TYPE_ASCII 1 40 #define PASSWORD_TYPE_BINARY 2 41 #define PASSWORD_TYPE_IGNORE 3 42 43 #define AUTH_MODE_DISABLED 1 44 #define AUTH_MODE_ACTIVE 2 45 #define AUTH_MODE_PASSIVE 3 46 47 #define ELX_DHCHAP 0x01 /* Only one currently supported */ 48 #define ELX_FCAP 0x02 49 #define ELX_FCPAP 0x03 50 #define ELX_KERBEROS 0x04 51 52 #define ELX_MD5 0x01 53 #define ELX_SHA1 0x02 54 55 #define ELX_GROUP_NULL 0x01 56 #define ELX_GROUP_1024 0x02 57 #define ELX_GROUP_1280 0x03 58 #define ELX_GROUP_1536 0x04 59 #define ELX_GROUP_2048 0x05 60 61 62 /* AUTH_ELS Code */ 63 #define ELS_CMD_AUTH_CODE 0x90 64 65 /* AUTH_ELS Flags */ 66 67 /* state ? */ 68 #define AUTH_FINISH 0xFF 69 #define AUTH_ABORT 0xFE 70 71 /* auth_msg code for DHCHAP */ 72 #define AUTH_REJECT 0x0A 73 #define AUTH_NEGOTIATE 0x0B 74 #define AUTH_DONE 0x0C 75 #define DHCHAP_CHALLENGE 0x10 76 #define DHCHAP_REPLY 0x11 77 #define DHCHAP_SUCCESS 0x12 78 79 /* BIG ENDIAN and LITTLE ENDIAN */ 80 81 /* authentication protocol identifiers */ 82 #ifdef EMLXS_BIG_ENDIAN 83 84 #define AUTH_DHCHAP 0x00000001 85 #define AUTH_FCAP 0x00000002 86 #define AUTH_FCPAP 0x00000003 87 #define AUTH_KERBEROS 0x00000004 88 89 #define HASH_LIST_TAG 0x0001 90 #define DHGID_LIST_TAG 0x0002 91 92 /* hash function identifiers */ 93 #define AUTH_SHA1 0x00000006 94 #define AUTH_MD5 0x00000005 95 96 /* DHCHAP group ids */ 97 #define GROUP_NULL 0x00000000 98 #define GROUP_1024 0x00000001 99 #define GROUP_1280 0x00000002 100 #define GROUP_1536 0x00000003 101 #define GROUP_2048 0x00000004 102 103 /* Tran_id Mask */ 104 #define AUTH_TRAN_ID_MASK 0x000000FF 105 106 #endif /* EMLXS_BIG_ENDIAN */ 107 108 #ifdef EMLXS_LITTLE_ENDIAN 109 110 #define AUTH_DHCHAP 0x01000000 111 #define AUTH_FCAP 0x02000000 112 #define AUTH_FCPAP 0x03000000 113 #define AUTH_KERBEROS 0x04000000 114 115 #define HASH_LIST_TAG 0x0100 116 #define DHGID_LIST_TAG 0x0200 117 118 /* hash function identifiers */ 119 #define AUTH_SHA1 0x06000000 120 #define AUTH_MD5 0x05000000 121 122 /* DHCHAP group ids */ 123 #define GROUP_NULL 0x00000000 124 #define GROUP_1024 0x01000000 125 #define GROUP_1280 0x02000000 126 #define GROUP_1536 0x03000000 127 #define GROUP_2048 0x04000000 128 129 /* Tran_id Mask */ 130 #define AUTH_TRAN_ID_MASK 0xFF000000 131 132 #endif /* EMLXS_LITTLE_ENDIAN */ 133 134 /* hash funcs hash length in byte */ 135 #define SHA1_LEN 0x00000014 /* 20 bytes */ 136 #define MD5_LEN 0x00000010 /* 16 bytes */ 137 138 #define HBA_SECURITY 0x20 139 140 /* AUTH_Reject Reason Codes */ 141 #define AUTHRJT_FAILURE 0x01 142 #define AUTHRJT_LOGIC_ERR 0x02 143 144 /* LS_RJT Reason Codes for AUTH_ELS */ 145 #define LSRJT_AUTH_REQUIRED 0x03 146 #define LSRJT_AUTH_LOGICAL_BSY 0x05 147 #define LSRJT_AUTH_ELS_NOT_SUPPORTED 0x0B 148 #define LSRJT_AUTH_NOT_LOGGED_IN 0x09 149 150 /* AUTH_Reject Reason Code Explanations */ 151 #define AUTHEXP_MECH_UNUSABLE 0x01 /* AUTHRJT_LOGIC_ERR */ 152 #define AUTHEXP_DHGROUP_UNUSABLE 0x02 /* AUTHRJT_LOGIC_ERR */ 153 #define AUTHEXP_HASHFUNC_UNUSABLE 0x03 /* AUTHRJT_LOGIC_ERR */ 154 #define AUTHEXP_AUTHTRAN_STARTED 0x04 /* AUTHRJT_LOGIC_ERR */ 155 #define AUTHEXP_AUTH_FAILED 0x05 /* AUTHRJT_FAILURE */ 156 #define AUTHEXP_BAD_PAYLOAD 0x06 /* AUTHRJT_FAILURE */ 157 #define AUTHEXP_BAD_PROTOCOL 0x07 /* AUTHRJT_FAILURE */ 158 #define AUTHEXP_RESTART_AUTH 0x08 /* AUTHRJT_LOGIC_ERR */ 159 #define AUTHEXP_CONCAT_UNSUPP 0x09 /* AUTHRJT_LOGIC_ERR */ 160 #define AUTHEXP_BAD_PROTOVERS 0x0A /* AUTHRJT_LOGIC_ERR */ 161 162 /* LS_RJT Reason Code Explanations for AUTH_ELS */ 163 #define LSEXP_AUTH_REQUIRED 0x48 164 #define LSEXP_AUTH_ELS_NOT_SUPPORTED 0x2C 165 #define LSEXP_AUTH_ELS_NOT_LOGGED_IN 0x1E 166 #define LSEXP_AUTH_LOGICAL_BUSY 0x00 167 168 169 #define MAX_AUTH_MSA_SIZE 1024 170 171 #define MAX_AUTH_PID 0x4 /* Max auth proto identifier list */ 172 173 /* parameter tag */ 174 #define HASH_LIST 0x0001 175 #define DHG_ID_LIST 0x0002 176 177 /* name tag from Table 13 v1.8 pp 30 */ 178 #ifdef EMLXS_BIG_ENDIAN 179 #define AUTH_NAME_ID 0x0001 180 #define AUTH_NAME_LEN 0x0008 181 #define AUTH_PROTO_NUM 0x00000001 182 #define AUTH_NULL_PARA_LEN 0x00000028 183 #endif /* EMLXS_BIG_ENDIAN */ 184 185 #ifdef EMLXS_LITTLE_ENDIAN 186 #define AUTH_NAME_ID 0x0100 187 #define AUTH_NAME_LEN 0x0800 188 #define AUTH_PROTO_NUM 0x01000000 189 #define AUTH_NULL_PARA_LEN 0x28000000 190 #endif /* EMLXS_LITTLE_ENDIAN */ 191 192 /* name tag from Table 103 v 1.8 pp 123 */ 193 #define AUTH_NODE_NAME 0x0002 194 #define AUTH_PORT_NAME 0x0003 195 196 /* 197 * Sysevent support 198 */ 199 /* ddi_log_sysevent() vendors */ 200 #define DDI_VENDOR_EMLX "EMLXS" 201 202 /* Class */ 203 #define EC_EMLXS "EC_emlxs" 204 205 /* Subclass */ 206 #define ESC_EMLXS_01 "ESC_emlxs_issue_auth_negotiate" 207 #define ESC_EMLXS_02 "ESC_emlxs_cmpl_auth_negotiate_issue" 208 209 #define ESC_EMLXS_03 "ESC_emlxs_rcv_auth_msg_auth_negotiate_issue" 210 #define ESC_EMLXS_04 "ESC_emlxs_cmpl_auth_msg_auth_negotiate_issue" 211 212 #define ESC_EMLXS_05 "ESC_emlxs_rcv_auth_msg_unmapped_node" 213 #define ESC_EMLXS_06 "ESC_emlxs_issue_dhchap_challenge" 214 #define ESC_EMLXS_07 "ESC_emlxs_cmpl_dhchap_challenge_issue" 215 216 #define ESC_EMLXS_08 "ESC_emlxs_rcv_auth_msg_dhchap_challenge_cmpl_wait4next" 217 218 #define ESC_EMLXS_09 "ESC_emlxs_rcv_auth_msg_auth_negotiate_rcv" 219 #define ESC_EMLXS_10 "ESC_emlxs_cmpl_auth_msg_auth_negotiate_rcv" 220 221 #define ESC_EMLXS_11 "ESC_emlxs_cmpl_cmpl_dhchap_reply_issue" 222 #define ESC_EMLXS_12 "ESC_emlxs_cmpl_dhchap_reply_issue" 223 #define ESC_EMLXS_13 "ESC_emlxs_cmpl_auth_msg_dhchap_reply_issue" 224 225 #define ESC_EMLXS_14 "ESC_emlxs_cmpl_auth_msg_auth_negotiate_cmpl_wait4next" 226 227 #define ESC_EMLXS_15 "ESC_emlxs_issue_dhchap_success" 228 229 #define ESC_EMLXS_16 "ESC_emlxs_rcv_auth_msg_dhchap_challenge_issue" 230 #define ESC_EMLXS_17 "ESC_emlxs_cmpl_auth_msg_dhchap_challenge_issue" 231 232 #define ESC_EMLXS_18 "ESC_emlxs_rcv_auth_msg_dhchap_reply_issue" 233 234 #define ESC_EMLXS_19 \ 235 "ESC_emlxs_cmpl_auth_msg_dhchap_challenge_cmpl_wait4next" 236 237 #define ESC_EMLXS_20 "ESC_emlxs_rcv_auth_msg_dhchap_reply_cmpl_wait4next" 238 #define ESC_EMLXS_21 "ESC_emlxs_cmpl_dhchap_success_issue" 239 #define ESC_EMLXS_22 "ESC_emlxs_cmpl_auth_msg_dhchap_success_issue" 240 241 #define ESC_EMLXS_23 "ESC_emlxs_cmpl_auth_msg_dhchap_reply_cmpl_wait4next" 242 243 #define ESC_EMLXS_24 "ESC_emlxs_rcv_auth_msg_dhchap_success_issue_wait4next" 244 #define ESC_EMLXS_25 "ESC_emlxs_cmpl_auth_msg_dhchap_success_issue_wait4next" 245 246 #define ESC_EMLXS_26 "ESC_emlxs_rcv_auth_msg_dhchap_success_cmpl_wait4next" 247 #define ESC_EMLXS_27 "ESC_emlxs_cmpl_auth_msg_dhchap_success_cmpl_wait4next" 248 249 #define ESC_EMLXS_28 "ESC_emlxs_issue_auth_reject" 250 #define ESC_EMLXS_29 "ESC_emlxs_cmpl_auth_reject_issue" 251 252 #define ESC_EMLXS_30 "ESC_emlxs_rcv_auth_msg_npr_node" 253 254 #define ESC_EMLXS_31 "ESC_emlxs_dhc_reauth_timeout" 255 256 #define ESC_EMLXS_32 "ESC_emlxs_dhc_authrsp_timeout" 257 258 #define ESC_EMLXS_33 "ESC_emlxs_ioctl_auth_setcfg" 259 #define ESC_EMLXS_34 "ESC_emlxs_ioctl_auth_setpwd" 260 #define ESC_EMLXS_35 "ESC_emlxs_ioctl_auth_delcfg" 261 #define ESC_EMLXS_36 "ESC_emlxs_ioctl_auth_delpwd" 262 263 264 /* From HBAnyware dfc lib FC-SP */ 265 typedef struct emlxs_auth_cfg 266 { 267 NAME_TYPE local_entity; /* host wwpn (NPIV support) */ 268 NAME_TYPE remote_entity; /* switch or target wwpn */ 269 uint32_t authentication_timeout; 270 uint32_t authentication_mode; 271 uint32_t bidirectional:1; 272 uint32_t reserved:31; 273 uint32_t authentication_type_priority[4]; 274 uint32_t hash_priority[4]; 275 uint32_t dh_group_priority[8]; 276 uint32_t reauthenticate_time_interval; 277 278 dfc_auth_status_t auth_status; 279 time_t auth_time; 280 struct emlxs_node *node; 281 282 struct emlxs_auth_cfg *prev; 283 struct emlxs_auth_cfg *next; 284 } emlxs_auth_cfg_t; 285 286 287 typedef struct emlxs_auth_key 288 { 289 NAME_TYPE local_entity; /* host wwpn */ 290 /* (NPIV support) */ 291 NAME_TYPE remote_entity; /* switch or target */ 292 /* wwpn */ 293 uint16_t local_password_length; 294 uint16_t local_password_type; 295 uint8_t local_password[128]; /* hba authenticates */ 296 /* to switch */ 297 uint16_t remote_password_length; 298 uint16_t remote_password_type; 299 uint8_t remote_password[128]; /* hba authenticates */ 300 /* to switch */ 301 302 struct emlxs_node *node; 303 304 struct emlxs_auth_key *prev; 305 struct emlxs_auth_key *next; 306 } emlxs_auth_key_t; 307 308 309 typedef struct emlxs_auth_misc 310 { 311 uint8_t bi_cval[20]; /* our challenge for bi-dir */ 312 /* auth in reply as initiator */ 313 uint32_t bi_cval_len; /* 16 for MD5, 20 for SHA1 */ 314 uint8_t pub_key[512]; /* max is 512 bytes value of */ 315 /* (g^y mod p) */ 316 uint32_t pubkey_len; /* real length of the pub key */ 317 uint8_t ses_key[512]; /* session key: value of */ 318 /* (g^xy mod p) */ 319 uint32_t seskey_len; /* real length of the session */ 320 /* key */ 321 322 /* The following are parameters when host is the responder */ 323 uint8_t hrsp_cval[20]; /* challenge value from host */ 324 /* as responder */ 325 uint32_t hrsp_cval_len; /* host as the responder its */ 326 /* challenge value len */ 327 uint8_t hrsp_priv_key[20]; /* the private key generated */ 328 /* in host as responder */ 329 uint8_t hrsp_pub_key[512]; /* public key calculated when */ 330 /* host as responder */ 331 uint32_t hrsp_pubkey_len; /* public key length when */ 332 /* host is responder */ 333 uint8_t hrsp_ses_key[512]; /* session key computed when */ 334 /* host is responder */ 335 uint32_t hrsp_seskey_len; /* session key length when */ 336 /* host is responder */ 337 } emlxs_auth_misc_t; 338 339 340 /* 341 * emlxs_port_dhc struct to be used by emlxs_port_t in emlxs_fc.h 342 * 343 * This structure contains all the data used by DHCHAP. 344 * They are from EMLXSHBA_t in emlxs driver. 345 * 346 */ 347 typedef struct emlxs_port_dhc 348 { 349 350 int32_t state; 351 #define ELX_FABRIC_STATE_UNKNOWN 0x00 352 #define ELX_FABRIC_AUTH_DISABLED 0x01 353 #define ELX_FABRIC_AUTH_FAILED 0x02 354 #define ELX_FABRIC_AUTH_SUCCESS 0x03 355 #define ELX_FABRIC_IN_AUTH 0x04 356 #define ELX_FABRIC_IN_REAUTH 0x05 357 358 dfc_auth_status_t auth_status; /* Fabric auth status */ 359 time_t auth_time; 360 361 } emlxs_port_dhc_t; 362 363 364 /* Node Events */ 365 #define NODE_EVENT_DEVICE_RM 0x0 /* Auth response timeout and */ 366 /* fail */ 367 #define NODE_EVENT_DEVICE_RECOVERY 0x1 /* Auth response timeout and */ 368 /* recovery */ 369 #define NODE_EVENT_RCV_AUTH_MSG 0x2 /* Unsolicited Auth received */ 370 #define NODE_EVENT_CMPL_AUTH_MSG 0x3 371 #define NODE_EVENT_MAX_EVENT 0x4 372 373 /* 374 * emlxs_node_dhc struct to be used in emlxs_node_t. 375 * They are from emlxs_nodelist_t in emlxs driver. 376 */ 377 typedef struct emlxs_node_dhc 378 { 379 uint16_t state; /* used for state machine */ 380 #define NODE_STATE_UNKNOWN 0x00 381 #define NODE_STATE_AUTH_DISABLED 0x01 382 #define NODE_STATE_AUTH_FAILED 0x02 383 #define NODE_STATE_AUTH_SUCCESS 0x03 384 #define NODE_STATE_AUTH_NEGOTIATE_ISSUE 0x04 385 #define NODE_STATE_AUTH_NEGOTIATE_RCV 0x05 386 #define NODE_STATE_AUTH_NEGOTIATE_CMPL_WAIT4NEXT 0x06 387 #define NODE_STATE_DHCHAP_CHALLENGE_ISSUE 0x07 388 #define NODE_STATE_DHCHAP_REPLY_ISSUE 0x08 389 #define NODE_STATE_DHCHAP_CHALLENGE_CMPL_WAIT4NEXT 0x09 390 #define NODE_STATE_DHCHAP_REPLY_CMPL_WAIT4NEXT 0x0A 391 #define NODE_STATE_DHCHAP_SUCCESS_ISSUE 0x0B 392 #define NODE_STATE_DHCHAP_SUCCESS_ISSUE_WAIT4NEXT 0x0C 393 #define NODE_STATE_DHCHAP_SUCCESS_CMPL_WAIT4NEXT 0x0D 394 #define NODE_STATE_NOCHANGE 0xFFFFFFFF 395 396 uint16_t prev_state; /* for info only */ 397 398 uint32_t disc_refcnt; 399 400 emlxs_auth_cfg_t auth_cfg; 401 emlxs_auth_key_t auth_key; 402 403 uint32_t nlp_authrsp_tmo; /* Response timeout */ 404 uint32_t nlp_authrsp_tmocnt; 405 406 uint32_t nlp_auth_tranid_ini; /* tran_id when this */ 407 /* node is initiator */ 408 uint32_t nlp_auth_tranid_rsp; /* tran_id when this */ 409 /* node is responder */ 410 411 uint32_t nlp_auth_flag; /* 1:initiator */ 412 /* 2:responder */ 413 uint32_t nlp_auth_limit; /* 1: NULL DHCHAP */ 414 /* 2: full support */ 415 416 /* information in DHCHAP_Challenge as the auth responder */ 417 uint32_t nlp_auth_hashid; 418 uint32_t nlp_auth_dhgpid; 419 uint32_t nlp_auth_bidir; 420 NAME_TYPE nlp_auth_wwn; 421 422 emlxs_auth_misc_t nlp_auth_misc; 423 424 uint32_t nlp_reauth_tmo; 425 uint16_t nlp_reauth_status; 426 #define NLP_HOST_REAUTH_DISABLED 0x0 427 #define NLP_HOST_REAUTH_ENABLED 0x1 428 #define NLP_HOST_REAUTH_IN_PROGRESS 0x2 429 430 uint32_t nlp_fb_vendor; 431 #define NLP_FABRIC_CISCO 0x1 432 #define NLP_FABRIC_OTHERS 0x2 433 434 uint32_t fc_dhchap_success_expected; 435 436 /* hash_id, dhgp_id are set from responder, host is the initiator */ 437 uint32_t hash_id; /* 0x05 for MD5 */ 438 /* 0x06 for SHA-1 */ 439 uint32_t dhgp_id; /* DH grp identifier */ 440 441 uint8_t bi_cval[20]; /* our challenge for */ 442 /* bi-dir auth in */ 443 /* reply as initiator */ 444 uint32_t bi_cval_len; /* 16 for MD5 */ 445 /* 20 for SHA1 */ 446 uint8_t pub_key[512]; /* max is 512 bytes */ 447 /* value (g^y mod p) */ 448 uint32_t pubkey_len; /* real length of the */ 449 /* pub key */ 450 uint8_t ses_key[512]; /* session key: */ 451 /* value (g^xy mod p) */ 452 uint32_t seskey_len; /* real length of the */ 453 /* session key */ 454 455 /* The following are parameters when host is the responder */ 456 457 uint8_t hrsp_cval[20]; /* challenge value */ 458 uint32_t hrsp_cval_len; /* challenge value */ 459 /* length */ 460 uint8_t hrsp_priv_key[20]; /* private key */ 461 /* generated */ 462 uint8_t hrsp_pub_key[512]; /* public key */ 463 /* computed */ 464 uint32_t hrsp_pubkey_len; /* public key length */ 465 uint8_t hrsp_ses_key[512]; /* session key */ 466 /* computed */ 467 uint32_t hrsp_seskey_len; /* session key length */ 468 469 uint8_t *deferred_sbp; /* Pending IO for */ 470 /* auth completion */ 471 uint8_t *deferred_ubp; 472 473 uint32_t flag; 474 #define NLP_REMOTE_AUTH 0x00000001 475 #define NLP_SET_REAUTH_TIME 0x00000002 476 477 emlxs_auth_cfg_t *parent_auth_cfg; /* Original auth_cfg */ 478 /* table entry */ 479 emlxs_auth_key_t *parent_auth_key; /* Original auth_key */ 480 /* table entry */ 481 } emlxs_node_dhc_t; 482 483 484 /* For NULL DHCHAP with MD5 and SHA-1 */ 485 typedef struct _AUTH_NEGOT_PARAMS_1 486 { 487 uint16_t name_tag; /* set to 0x0001 */ 488 uint16_t name_len; /* set to 0x0008 */ 489 NAME_TYPE nodeName; /* WWPN */ 490 uint32_t proto_num; /* set to 0x5 */ 491 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 492 uint32_t proto_id; /* set to HDCHAP */ 493 uint16_t HashList_tag; /* set to 0x0001 */ 494 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 495 uint32_t HashList_value1; /* set to MD5 or SHA1 ID 0x00000005,6 */ 496 uint16_t DHgIDList_tag; /* set to 0x0002 */ 497 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 498 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 499 uint32_t DHgIDList_g1; /* set to 0x0000 0001 */ 500 uint32_t DHgIDList_g2; /* set to 0x0000 0002 */ 501 uint32_t DHgIDList_g3; /* set to 0x0000 0003 */ 502 uint32_t DHgIDList_g4; /* set to 0x0000 0004 */ 503 } AUTH_NEGOT_PARAMS_1; 504 505 506 typedef struct _AUTH_NEGOT_PARAMS_2 507 { 508 uint16_t name_tag; /* set to 0x0001 */ 509 uint16_t name_len; /* set to 0x0008 */ 510 NAME_TYPE nodeName; /* WWPN */ 511 uint32_t proto_num; /* set to 0x5 */ 512 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 513 uint32_t proto_id; /* set to HDCHAP */ 514 uint16_t HashList_tag; /* set to 0x0001 */ 515 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 516 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */ 517 uint32_t HashList_value2; /* set to SHA-1's ID 0x00000006 */ 518 uint16_t DHgIDList_tag; /* set to 0x0002 */ 519 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 520 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 521 uint32_t DHgIDList_g1; /* set to 0x0000 0001 */ 522 uint32_t DHgIDList_g2; /* set to 0x0000 0002 */ 523 uint32_t DHgIDList_g3; /* set to 0x0000 0003 */ 524 uint32_t DHgIDList_g4; /* set to 0x0000 0004 */ 525 } AUTH_NEGOT_PARAMS_2; 526 527 528 /* For NULL DHCHAP with MD5 and SHA-1 */ 529 typedef struct _AUTH_NEGOT_PARAMS 530 { 531 uint16_t name_tag; /* set to 0x0001 */ 532 uint16_t name_len; /* set to 0x0008 */ 533 NAME_TYPE nodeName; /* WWPN */ 534 uint32_t proto_num; /* set to 0x5 */ 535 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 536 uint32_t proto_id; /* set to HDCHAP */ 537 uint16_t HashList_tag; /* set to 0x0001 */ 538 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 539 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */ 540 uint32_t HashList_value2; /* set to SHA-1's ID 0x00000006 */ 541 uint16_t DHgIDList_tag; /* set to 0x0002 */ 542 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 543 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 544 uint32_t DHgIDList_g1; /* set to 0x0000 0001 */ 545 uint32_t DHgIDList_g2; /* set to 0x0000 0002 */ 546 uint32_t DHgIDList_g3; /* set to 0x0000 0003 */ 547 uint32_t DHgIDList_g4; /* set to 0x0000 0004 */ 548 } AUTH_NEGOT_PARAMS; 549 550 typedef struct _AUTH_NEGOT_PARAMS_NULL_1 551 { 552 uint16_t name_tag; /* set to 0x0001 */ 553 uint16_t name_len; /* set to 0x0008 */ 554 NAME_TYPE nodeName; /* WWPN */ 555 uint32_t proto_num; /* set to 0x5 */ 556 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 557 uint32_t proto_id; /* set to HDCHAP */ 558 uint16_t HashList_tag; /* set to 0x0001 */ 559 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 560 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */ 561 uint16_t DHgIDList_tag; /* set to 0x0002 */ 562 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 563 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 564 } AUTH_NEGOT_PARAMS_NULL_1; 565 566 typedef struct _AUTH_NEGOT_PARAMS_NULL_2 567 { 568 uint16_t name_tag; /* set to 0x0001 */ 569 uint16_t name_len; /* set to 0x0008 */ 570 NAME_TYPE nodeName; /* WWPN */ 571 uint32_t proto_num; /* set to 0x5 */ 572 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 573 uint32_t proto_id; /* set to HDCHAP */ 574 uint16_t HashList_tag; /* set to 0x0001 */ 575 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 576 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */ 577 uint32_t HashList_value2; 578 uint16_t DHgIDList_tag; /* set to 0x0002 */ 579 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 580 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 581 } AUTH_NEGOT_PARAMS_NULL_2; 582 583 584 /* Generic AUTH ELS Header */ 585 typedef struct _AUTH_MSG_HDR 586 { 587 /* 20 bytes in total */ 588 uint8_t auth_els_code; /* always 0x90h */ 589 uint8_t auth_els_flags; 590 uint8_t auth_msg_code; /* see above */ 591 uint8_t proto_version; 592 uint32_t msg_len; /* size of msg payload in byte */ 593 uint32_t tran_id; 594 uint16_t name_tag; /* set to 0x0001 */ 595 uint16_t name_len; /* set to 0x0008 */ 596 NAME_TYPE nodeName; /* WWPN */ 597 } AUTH_MSG_HDR; 598 599 600 typedef struct _SHA1_CVAL 601 { 602 uint8_t val[20]; 603 } SHA1_CVAL; 604 605 606 typedef struct _MD5_CVAL 607 { 608 uint8_t val[16]; 609 } MD5_CVAL; 610 611 612 union challenge_val 613 { 614 SHA1_CVAL sha1; 615 MD5_CVAL md5; 616 }; 617 618 619 /* DHCHAP_Replay */ 620 typedef struct _DHCHAP_REPLY_HDR 621 { 622 uint8_t auth_els_code; /* always 0x90h */ 623 uint8_t auth_els_flags; 624 uint8_t auth_msg_code; /* see above */ 625 uint8_t proto_version; 626 uint32_t msg_len; /* size of msg payload in byte */ 627 uint32_t tran_id; /* transaction id */ 628 } DHCHAP_REPLY_HDR; 629 630 631 /* DHCHAP_Challenge */ 632 typedef struct _DHCHAP_CHALL_NULL 633 { 634 AUTH_MSG_HDR msg_hdr; 635 uint32_t hash_id; 636 uint32_t dhgp_id; 637 uint32_t cval_len; 638 } DHCHAP_CHALL_NULL; 639 640 typedef struct _DHCHAP_CHALL 641 { 642 DHCHAP_CHALL_NULL cnul; 643 uint8_t *dhval; 644 } DHCHAP_CHALL; 645 646 /* 647 * size of msg_payload is variable based on the different protocol 648 * parameters supported in the driver. 649 * 650 * For DHCHAP we plan to support NULL, group 1, 2, 3, 4. 651 * 652 * For NULL DHCHAP protocol only: of these protocol identifiers, 653 * we need name_tag = 2 bytes name_len_size = 2 bytes name_len = 8 bytes 654 * number of usable auth proto = 4 bytes 655 * 656 * --------- for example for NULL DHCAHP only -------------------- 657 * auth proto #1 len = 4 bytes #1 ID = 4 bytes #1 params = 4 + 16 bytes. 658 * ------ Total for NULL DHCHAP = (16 + 12 + 16 ) = 44 bytes. 659 * 660 * If number of usable auth proto is 5, then we should have 5 auth proto params. 661 * assume we are using name_tag 0x0001, then auth name in total = 12 bytes. 662 * 663 * 12 bytes + 4 bytes = 16 bytes. 4 + 4 + 4 = 12 bytes 664 * (num of usable auth proto size = 4 665 * auth proto params #1 len size = 4 666 * auth prot ID for #1 size = 4 667 * 668 * For DHCHAP param: HashList 2 param tag size (set to 0x0001 as HashList) 669 * 2 param word cnt size (set to 0x0002 as two hash funcs) 670 * 8 for hash ids: MD5 and SHA-1 DHgIDList 671 * 2 param tag size (set to 0x0002 as DHgIDList) 672 * 2 param word cnt size (set to 0x0005 as NULL and 1/2/3/4 groups) 20 for 673 * 5 groups 0x0000 0000 0x0000 0001 0x0000 0002 0x0000 0003 0x0000 0004 674 * Total for FULL group support (16 + 12 + 12 + 24 ) = 64 bytes. 675 * 676 */ 677 678 typedef struct _AUTH_MSG_NEGOT_1 { /* in Big Endian format */ 679 uint8_t auth_els_code; /* always 0x90h */ 680 uint8_t auth_els_flags; 681 uint8_t auth_msg_code; /* see above */ 682 uint8_t proto_version; 683 uint32_t msg_len; /* size of msg payload */ 684 /* in byte */ 685 uint32_t tran_id; /* transaction identifier */ 686 687 /* anything else is variable in size (bytes) */ 688 /* uint8_t msg_payload[MAX_AUTH_MSG_SIZE]; */ 689 AUTH_NEGOT_PARAMS_1 params; 690 } AUTH_MSG_NEGOT_1, *PAUTH_MSG_NEGOT_1; 691 692 693 typedef struct _AUTH_MSG_NEGOT_2 { /* in Big Endian format */ 694 uint8_t auth_els_code; /* always 0x90h */ 695 uint8_t auth_els_flags; 696 uint8_t auth_msg_code; /* see above */ 697 uint8_t proto_version; 698 uint32_t msg_len; /* size of msg payload */ 699 /* in byte */ 700 uint32_t tran_id; /* transaction identifier */ 701 702 /* anything else is variable in size (bytes) */ 703 /* uint8_t msg_payload[MAX_AUTH_MSG_SIZE]; */ 704 AUTH_NEGOT_PARAMS_2 params; 705 } AUTH_MSG_NEGOT_2, *PAUTH_MSG_NEGOT_2; 706 707 708 typedef struct _AUTH_MSG_NEGOT 709 { 710 /* in Big Endian format */ 711 uint8_t auth_els_code; /* always 0x90h */ 712 uint8_t auth_els_flags; 713 uint8_t auth_msg_code; /* see above */ 714 uint8_t proto_version; 715 uint32_t msg_len; /* size of msg payload */ 716 /* in byte */ 717 uint32_t tran_id; /* transaction identifier */ 718 719 /* anything else is variable in size (bytes) */ 720 /* uint8_t msg_payload[MAX_AUTH_MSG_SIZE]; */ 721 AUTH_NEGOT_PARAMS params; 722 } AUTH_MSG_NEGOT, *PAUTH_MSG_NEGOT; 723 724 725 /* AUTH_Negotiate msg for NULL DH support only */ 726 typedef struct _AUTH_MSG_NEGOT_NULL 727 { 728 uint8_t auth_els_code; 729 uint8_t auth_els_flags; 730 uint8_t auth_msg_code; 731 uint8_t proto_version; 732 uint32_t msg_len; 733 uint32_t tran_id; 734 } AUTH_MSG_NEGOT_NULL, *PAUTH_MSG_NEGOT_NULL; 735 736 typedef struct _AUTH_MSG_NEGOT_NULL_1 737 { 738 uint8_t auth_els_code; 739 uint8_t auth_els_flags; 740 uint8_t auth_msg_code; 741 uint8_t proto_version; 742 uint32_t msg_len; 743 uint32_t tran_id; 744 745 AUTH_NEGOT_PARAMS_NULL_1 params; 746 747 } AUTH_MSG_NEGOT_NULL_1, *PAUTH_MSG_NEGOT_NULL_1; 748 749 typedef struct _AUTH_MSG_NEGOT_NULL_2 750 { 751 uint8_t auth_els_code; 752 uint8_t auth_els_flags; 753 uint8_t auth_msg_code; 754 uint8_t proto_version; 755 uint32_t msg_len; 756 uint32_t tran_id; 757 758 AUTH_NEGOT_PARAMS_NULL_2 params; 759 760 } AUTH_MSG_NEGOT_NULL_2, *PAUTH_MSG_NEGOT_NULL_2; 761 762 763 /* auth_els_flags */ 764 #define AUTH_ELS_FLAGS_MASK 0x0f; 765 766 767 typedef struct _AUTH_RJT 768 { 769 uint8_t auth_els_code; /* always 0x90h */ 770 uint8_t auth_els_flags; 771 uint8_t auth_msg_code; /* see above */ 772 uint8_t proto_version; 773 uint32_t msg_len; /* size of msg payload in byte */ 774 uint32_t tran_id; /* transaction identifier */ 775 776 uint8_t ReasonCode; 777 uint8_t ReasonCodeExplanation; 778 uint16_t Reserved; 779 } AUTH_RJT, *PAUTH_RJT; 780 781 typedef struct _DHCHAP_SUCCESS_HDR 782 { 783 uint8_t auth_els_code; /* always 0x90h */ 784 uint8_t auth_els_flags; 785 uint8_t auth_msg_code; /* see above */ 786 uint8_t proto_version; 787 uint32_t msg_len; /* size of msg payload in byte */ 788 uint32_t tran_id; /* transaction identifier */ 789 790 uint32_t RspVal_len; 791 } DHCHAP_SUCCESS_HDR, *PDHCHAP_SUCCESS_HDR; 792 793 794 typedef struct dh_group_st 795 { 796 unsigned long groupid; 797 unsigned long length; 798 unsigned char value[256]; 799 } DH_GROUP, *PDH_GROUP; 800 801 #pragma weak random_get_pseudo_bytes 802 803 804 #endif /* DHCHAP_SUPPORT */ 805 806 #ifdef __cplusplus 807 } 808 #endif 809 810 #endif /* _EMLXS_DHCHAP_H */ 811