xref: /illumos-gate/usr/src/uts/common/sys/iscsi_authclient.h (revision 5633e4f8e97f7c73a0a130a449ccfd2c034561ce)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2000 by Cisco Systems, Inc.  All rights reserved.
23  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
24  */
25 
26 #ifndef	_ISCSI_AUTHCLIENT_H
27 #define	_ISCSI_AUTHCLIENT_H
28 
29 
30 /*
31  * This file is the include file for for iscsiAuthClient.c
32  */
33 
34 #ifdef __cplusplus
35 extern "C" {
36 #endif
37 
38 enum { iscsiAuthStringMaxLength = 512 };
39 enum { iscsiAuthStringBlockMaxLength = 1024 };
40 enum { iscsiAuthLargeBinaryMaxLength = 1024 };
41 
42 enum { iscsiAuthRecvEndMaxCount = 10 };
43 
44 enum { iscsiAuthClientSignature = 0x5984B2E3 };
45 
46 enum { iscsiAuthChapResponseLength = 16 };
47 
48 /*
49  * Note: The ordering of these values are chosen to match
50  *       the ordering of the keys as shown in the iSCSI spec.
51  *       The table IscsiAuthClientKeyInfo in iscsiAuthClient.c
52  *       must also match this order.
53  */
54 enum iscsiAuthKeyType_t {
55 	iscsiAuthKeyTypeNone = -1,
56 	iscsiAuthKeyTypeFirst = 0,
57 	iscsiAuthKeyTypeAuthMethod = iscsiAuthKeyTypeFirst,
58 	iscsiAuthKeyTypeChapAlgorithm,
59 	iscsiAuthKeyTypeChapUsername,
60 	iscsiAuthKeyTypeChapResponse,
61 	iscsiAuthKeyTypeChapIdentifier,
62 	iscsiAuthKeyTypeChapChallenge,
63 	iscsiAuthKeyTypeMaxCount,
64 	iscsiAuthKeyTypeLast = iscsiAuthKeyTypeMaxCount - 1
65 };
66 typedef enum iscsiAuthKeyType_t IscsiAuthKeyType;
67 
68 enum {
69 	/*
70 	 * Common options for all keys.
71 	 */
72 	iscsiAuthOptionReject = -2,
73 	iscsiAuthOptionNotPresent = -1,
74 	iscsiAuthOptionNone = 1,
75 
76 	iscsiAuthMethodChap = 2,
77 	iscsiAuthMethodMaxCount = 2,
78 
79 	iscsiAuthChapAlgorithmMd5 = 5,
80 	iscsiAuthChapAlgorithmMaxCount = 2
81 };
82 
83 enum iscsiAuthNegRole_t {
84 	iscsiAuthNegRoleOriginator = 1,
85 	iscsiAuthNegRoleResponder = 2
86 };
87 typedef enum iscsiAuthNegRole_t IscsiAuthNegRole;
88 
89 /*
90  * Note: These values are chosen to map to the values sent
91  *       in the iSCSI header.
92  */
93 enum iscsiAuthVersion_t {
94 	iscsiAuthVersionDraft8 = 2,
95 	iscsiAuthVersionRfc = 0
96 };
97 typedef enum iscsiAuthVersion_t IscsiAuthVersion;
98 
99 enum iscsiAuthStatus_t {
100 	iscsiAuthStatusNoError = 0,
101 	iscsiAuthStatusError,
102 	iscsiAuthStatusPass,
103 	iscsiAuthStatusFail,
104 	iscsiAuthStatusContinue,
105 	iscsiAuthStatusInProgress
106 };
107 typedef enum iscsiAuthStatus_t IscsiAuthStatus;
108 
109 enum iscsiAuthDebugStatus_t {
110 	iscsiAuthDebugStatusNotSet = 0,
111 
112 	iscsiAuthDebugStatusAuthPass,
113 	iscsiAuthDebugStatusAuthRemoteFalse,
114 
115 	iscsiAuthDebugStatusAuthFail,
116 
117 	iscsiAuthDebugStatusAuthMethodBad,
118 	iscsiAuthDebugStatusChapAlgorithmBad,
119 	iscsiAuthDebugStatusPasswordDecryptFailed,
120 	iscsiAuthDebugStatusPasswordTooShortWithNoIpSec,
121 	iscsiAuthDebugStatusAuthServerError,
122 	iscsiAuthDebugStatusAuthStatusBad,
123 	iscsiAuthDebugStatusAuthPassNotValid,
124 	iscsiAuthDebugStatusSendDuplicateSetKeyValue,
125 	iscsiAuthDebugStatusSendStringTooLong,
126 	iscsiAuthDebugStatusSendTooMuchData,
127 
128 	iscsiAuthDebugStatusAuthMethodExpected,
129 	iscsiAuthDebugStatusChapAlgorithmExpected,
130 	iscsiAuthDebugStatusChapIdentifierExpected,
131 	iscsiAuthDebugStatusChapChallengeExpected,
132 	iscsiAuthDebugStatusChapResponseExpected,
133 	iscsiAuthDebugStatusChapUsernameExpected,
134 
135 	iscsiAuthDebugStatusAuthMethodNotPresent,
136 	iscsiAuthDebugStatusAuthMethodReject,
137 	iscsiAuthDebugStatusAuthMethodNone,
138 	iscsiAuthDebugStatusChapAlgorithmReject,
139 	iscsiAuthDebugStatusChapChallengeReflected,
140 	iscsiAuthDebugStatusPasswordIdentical,
141 
142 	iscsiAuthDebugStatusLocalPasswordNotSet,
143 
144 	iscsiAuthDebugStatusChapIdentifierBad,
145 	iscsiAuthDebugStatusChapChallengeBad,
146 	iscsiAuthDebugStatusChapResponseBad,
147 	iscsiAuthDebugStatusUnexpectedKeyPresent,
148 	iscsiAuthDebugStatusTbitSetIllegal,
149 	iscsiAuthDebugStatusTbitSetPremature,
150 
151 	iscsiAuthDebugStatusRecvMessageCountLimit,
152 	iscsiAuthDebugStatusRecvDuplicateSetKeyValue,
153 	iscsiAuthDebugStatusRecvStringTooLong,
154 	iscsiAuthDebugStatusRecvTooMuchData
155 };
156 typedef enum iscsiAuthDebugStatus_t IscsiAuthDebugStatus;
157 
158 enum iscsiAuthNodeType_t {
159 	iscsiAuthNodeTypeInitiator = 1,
160 	iscsiAuthNodeTypeTarget = 2
161 };
162 typedef enum iscsiAuthNodeType_t IscsiAuthNodeType;
163 
164 enum iscsiAuthPhase_t {
165 	iscsiAuthPhaseConfigure = 1,
166 	iscsiAuthPhaseNegotiate,		/* Negotiating */
167 	iscsiAuthPhaseAuthenticate,		/* Authenticating */
168 	iscsiAuthPhaseDone,			/* Authentication done */
169 	iscsiAuthPhaseError
170 };
171 typedef enum iscsiAuthPhase_t IscsiAuthPhase;
172 
173 enum iscsiAuthLocalState_t {
174 	iscsiAuthLocalStateSendAlgorithm = 1,
175 	iscsiAuthLocalStateRecvAlgorithm,
176 	iscsiAuthLocalStateRecvChallenge,
177 	iscsiAuthLocalStateDone,
178 	iscsiAuthLocalStateError
179 };
180 typedef enum iscsiAuthLocalState_t IscsiAuthLocalState;
181 
182 enum iscsiAuthRemoteState_t {
183 	iscsiAuthRemoteStateSendAlgorithm = 1,
184 	iscsiAuthRemoteStateSendChallenge,
185 	iscsiAuthRemoteStateRecvResponse,
186 	iscsiAuthRemoteStateAuthRequest,
187 	iscsiAuthRemoteStateDone,
188 	iscsiAuthRemoteStateError
189 };
190 typedef enum iscsiAuthRemoteState_t IscsiAuthRemoteState;
191 
192 
193 typedef void IscsiAuthClientCallback(void *, void *, int);
194 
195 
196 struct iscsiAuthClientGlobalStats_t {
197 	unsigned long requestSent;
198 	unsigned long responseReceived;
199 };
200 typedef struct iscsiAuthClientGlobalStats_t IscsiAuthClientGlobalStats;
201 
202 struct iscsiAuthBufferDesc_t {
203 	unsigned int length;
204 	void *address;
205 };
206 typedef struct iscsiAuthBufferDesc_t IscsiAuthBufferDesc;
207 
208 struct iscsiAuthKey_t {
209 	unsigned int present:1;
210 	unsigned int processed:1;
211 	unsigned int valueSet:1;	/* 1 if the value is set to be valid */
212 	char *string;
213 };
214 typedef struct iscsiAuthKey_t IscsiAuthKey;
215 
216 struct iscsiAuthLargeBinaryKey_t {
217 	unsigned int length;
218 	unsigned char *largeBinary;
219 	};
220 typedef struct iscsiAuthLargeBinaryKey_t IscsiAuthLargeBinaryKey;
221 
222 struct iscsiAuthKeyBlock_t {
223 	unsigned int transitBit:1;	/* To transit: TRUE or FALSE */
224 	unsigned int duplicateSet:1;	/* Set the value more than once */
225 	unsigned int stringTooLong:1;	/* Key value too long */
226 	unsigned int tooMuchData:1;	/* The keypair data blk overflows */
227 	unsigned int blockLength:16;	/* The length of the keypair data blk */
228 	char *stringBlock;
229 	IscsiAuthKey key[iscsiAuthKeyTypeMaxCount];
230 };
231 typedef struct iscsiAuthKeyBlock_t IscsiAuthKeyBlock;
232 
233 struct iscsiAuthStringBlock_t {
234 	char stringBlock[iscsiAuthStringBlockMaxLength];
235 };
236 typedef struct iscsiAuthStringBlock_t IscsiAuthStringBlock;
237 
238 struct iscsiAuthLargeBinary_t {
239 	unsigned char largeBinary[iscsiAuthLargeBinaryMaxLength];
240 };
241 typedef struct iscsiAuthLargeBinary_t IscsiAuthLargeBinary;
242 
243 struct iscsiAuthClient_t {
244 	unsigned long signature;
245 
246 	void *glueHandle;
247 	struct iscsiAuthClient_t *next;
248 	unsigned int authRequestId;
249 
250 	IscsiAuthNodeType nodeType;
251 	unsigned int authMethodCount;
252 	int authMethodList[iscsiAuthMethodMaxCount];
253 	IscsiAuthNegRole authMethodNegRole;
254 	unsigned int chapAlgorithmCount;
255 	int chapAlgorithmList[iscsiAuthChapAlgorithmMaxCount];
256 
257 	/*
258 	 * To indicate if remote authentication is enabled (0 = no 1 = yes)
259 	 * For the case of initiator, remote authentication enabled means
260 	 * enabling target authentication.
261 	 */
262 	int authRemote;
263 
264 	char username[iscsiAuthStringMaxLength];
265 	int passwordPresent;
266 	unsigned int passwordLength;
267 	unsigned char passwordData[iscsiAuthStringMaxLength];
268 	char methodListName[iscsiAuthStringMaxLength];
269 	IscsiAuthVersion version;
270 	unsigned int chapChallengeLength;
271 	int ipSec;
272 	int base64;
273 
274 	unsigned int authMethodValidCount;
275 	int authMethodValidList[iscsiAuthMethodMaxCount];
276 	int authMethodValidNegRole;
277 	const char *rejectOptionName;
278 	const char *noneOptionName;
279 
280 	int recvInProgressFlag;
281 	int recvEndCount;
282 	IscsiAuthClientCallback *callback;
283 	void *userHandle;
284 	void *messageHandle;
285 
286 	IscsiAuthPhase phase;
287 	IscsiAuthLocalState localState;
288 	IscsiAuthRemoteState remoteState;
289 	IscsiAuthStatus remoteAuthStatus;
290 	IscsiAuthDebugStatus debugStatus;
291 	int negotiatedAuthMethod;
292 	int negotiatedChapAlgorithm;
293 	int authResponseFlag;
294 	int authServerErrorFlag;
295 	int transitBitSentFlag;
296 
297 	unsigned int sendChapIdentifier;
298 	IscsiAuthLargeBinaryKey sendChapChallenge;
299 	char chapUsername[iscsiAuthStringMaxLength];
300 
301 	int recvChapChallengeStatus;
302 	IscsiAuthLargeBinaryKey recvChapChallenge;
303 
304 	char scratchKeyValue[iscsiAuthStringMaxLength];
305 
306 	IscsiAuthKeyBlock recvKeyBlock;		/* Received keypair data */
307 	IscsiAuthKeyBlock sendKeyBlock;		/* Keypair data to be sent */
308 };
309 typedef struct iscsiAuthClient_t IscsiAuthClient;
310 
311 
312 #ifdef __cplusplus
313 }
314 #endif
315 #include <sys/iscsi_authclientglue.h>
316 #ifdef __cplusplus
317 extern "C" {
318 #endif
319 
320 
321 extern IscsiAuthClientGlobalStats iscsiAuthClientGlobalStats;
322 
323 
324 extern int iscsiAuthClientInit(int, int, IscsiAuthBufferDesc *);
325 extern int iscsiAuthClientFinish(IscsiAuthClient *);
326 
327 extern int iscsiAuthClientRecvBegin(IscsiAuthClient *);
328 extern int iscsiAuthClientRecvEnd(IscsiAuthClient *,
329     IscsiAuthClientCallback *, void *, void *);
330 
331 extern const char *iscsiAuthClientGetKeyName(int);
332 extern int iscsiAuthClientGetNextKeyType(int *);
333 extern int iscsiAuthClientKeyNameToKeyType(const char *);
334 extern int iscsiAuthClientRecvKeyValue(IscsiAuthClient *, int, const char *);
335 extern int iscsiAuthClientSendKeyValue(IscsiAuthClient *, int, int *, char *,
336     unsigned int);
337 extern int iscsiAuthClientRecvTransitBit(IscsiAuthClient *, int);
338 extern int iscsiAuthClientSendTransitBit(IscsiAuthClient *, int *);
339 
340 extern int iscsiAuthClientSetAuthMethodList(IscsiAuthClient *, unsigned int,
341     const int *);
342 extern int iscsiAuthClientSetAuthMethodNegRole(IscsiAuthClient *, int);
343 extern int iscsiAuthClientSetChapAlgorithmList(IscsiAuthClient *, unsigned int,
344     const int *);
345 extern int iscsiAuthClientSetUsername(IscsiAuthClient *, const char *);
346 extern int iscsiAuthClientSetPassword(IscsiAuthClient *, const unsigned char *,
347     unsigned int);
348 extern int iscsiAuthClientSetAuthRemote(IscsiAuthClient *, int);
349 extern int iscsiAuthClientSetGlueHandle(IscsiAuthClient *, void *);
350 extern int iscsiAuthClientSetMethodListName(IscsiAuthClient *, const char *);
351 extern int iscsiAuthClientSetIpSec(IscsiAuthClient *, int);
352 extern int iscsiAuthClientSetBase64(IscsiAuthClient *, int);
353 extern int iscsiAuthClientSetChapChallengeLength(IscsiAuthClient *,
354     unsigned int);
355 extern int iscsiAuthClientSetVersion(IscsiAuthClient *, int);
356 extern int iscsiAuthClientCheckPasswordNeeded(IscsiAuthClient *, int *);
357 
358 extern int iscsiAuthClientGetAuthPhase(IscsiAuthClient *, int *);
359 extern int iscsiAuthClientGetAuthStatus(IscsiAuthClient *, int *);
360 extern int iscsiAuthClientAuthStatusPass(int);
361 extern int iscsiAuthClientGetAuthMethod(IscsiAuthClient *, int *);
362 extern int iscsiAuthClientGetChapAlgorithm(IscsiAuthClient *, int *);
363 extern int iscsiAuthClientGetChapUsername(IscsiAuthClient *, char *,
364     unsigned int);
365 
366 extern int iscsiAuthClientSendStatusCode(IscsiAuthClient *, int *);
367 extern int iscsiAuthClientGetDebugStatus(IscsiAuthClient *, int *);
368 extern const char *iscsiAuthClientDebugStatusToText(int);
369 
370 /*
371  * The following is called by platform dependent code.
372  */
373 extern void iscsiAuthClientAuthResponse(IscsiAuthClient *, int);
374 
375 /*
376  * The following routines are considered platform dependent,
377  * and need to be implemented for use by iscsiAuthClient.c.
378  */
379 
380 extern int iscsiAuthClientChapAuthRequest(IscsiAuthClient *, char *,
381     unsigned int,
382     unsigned char *, unsigned int, unsigned char *, unsigned int);
383 extern void iscsiAuthClientChapAuthCancel(IscsiAuthClient *);
384 
385 extern int iscsiAuthClientTextToNumber(const char *, unsigned long *);
386 extern void iscsiAuthClientNumberToText(unsigned long, char *, unsigned int);
387 
388 extern void iscsiAuthRandomSetData(unsigned char *, unsigned int);
389 extern void iscsiAuthMd5Init(IscsiAuthMd5Context *);
390 extern void iscsiAuthMd5Update(IscsiAuthMd5Context *, unsigned char *,
391     unsigned int);
392 extern void iscsiAuthMd5Final(unsigned char *, IscsiAuthMd5Context *);
393 
394 extern int iscsiAuthClientData(unsigned char *, unsigned int *, unsigned char *,
395     unsigned int);
396 
397 #ifdef __cplusplus
398 }
399 #endif
400 
401 #endif	/* _ISCSI_AUTHCLIENT_H */
402