xref: /illumos-gate/usr/src/uts/common/sys/iscsi_authclient.h (revision eb0cc229f19c437a6b538d3ac0d0443268290b7e)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2000 by Cisco Systems, Inc.  All rights reserved.
23  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef	_ISCSI_AUTHCLIENT_H
28 #define	_ISCSI_AUTHCLIENT_H
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 /*
33  * This file is the include file for for iscsiAuthClient.c
34  */
35 
36 #ifdef __cplusplus
37 extern "C" {
38 #endif
39 
40 enum { iscsiAuthStringMaxLength = 256 };
41 enum { iscsiAuthStringBlockMaxLength = 1024 };
42 enum { iscsiAuthLargeBinaryMaxLength = 1024 };
43 
44 enum { iscsiAuthRecvEndMaxCount = 10 };
45 
46 enum { iscsiAuthClientSignature = 0x5984B2E3 };
47 
48 enum { iscsiAuthChapResponseLength = 16 };
49 
50 /*
51  * Note: The ordering of these values are chosen to match
52  *       the ordering of the keys as shown in the iSCSI spec.
53  *       The table IscsiAuthClientKeyInfo in iscsiAuthClient.c
54  *       must also match this order.
55  */
56 enum iscsiAuthKeyType_t {
57 	iscsiAuthKeyTypeNone = -1,
58 	iscsiAuthKeyTypeFirst = 0,
59 	iscsiAuthKeyTypeAuthMethod = iscsiAuthKeyTypeFirst,
60 	iscsiAuthKeyTypeChapAlgorithm,
61 	iscsiAuthKeyTypeChapUsername,
62 	iscsiAuthKeyTypeChapResponse,
63 	iscsiAuthKeyTypeChapIdentifier,
64 	iscsiAuthKeyTypeChapChallenge,
65 	iscsiAuthKeyTypeMaxCount,
66 	iscsiAuthKeyTypeLast = iscsiAuthKeyTypeMaxCount - 1
67 };
68 typedef enum iscsiAuthKeyType_t IscsiAuthKeyType;
69 
70 enum {
71 	/*
72 	 * Common options for all keys.
73 	 */
74 	iscsiAuthOptionReject = -2,
75 	iscsiAuthOptionNotPresent = -1,
76 	iscsiAuthOptionNone = 1,
77 
78 	iscsiAuthMethodChap = 2,
79 	iscsiAuthMethodMaxCount = 2,
80 
81 	iscsiAuthChapAlgorithmMd5 = 5,
82 	iscsiAuthChapAlgorithmMaxCount = 2
83 };
84 
85 enum iscsiAuthNegRole_t {
86 	iscsiAuthNegRoleOriginator = 1,
87 	iscsiAuthNegRoleResponder = 2
88 };
89 typedef enum iscsiAuthNegRole_t IscsiAuthNegRole;
90 
91 /*
92  * Note: These values are chosen to map to the values sent
93  *       in the iSCSI header.
94  */
95 enum iscsiAuthVersion_t {
96 	iscsiAuthVersionDraft8 = 2,
97 	iscsiAuthVersionRfc = 0
98 };
99 typedef enum iscsiAuthVersion_t IscsiAuthVersion;
100 
101 enum iscsiAuthStatus_t {
102 	iscsiAuthStatusNoError = 0,
103 	iscsiAuthStatusError,
104 	iscsiAuthStatusPass,
105 	iscsiAuthStatusFail,
106 	iscsiAuthStatusContinue,
107 	iscsiAuthStatusInProgress
108 };
109 typedef enum iscsiAuthStatus_t IscsiAuthStatus;
110 
111 enum iscsiAuthDebugStatus_t {
112 	iscsiAuthDebugStatusNotSet = 0,
113 
114 	iscsiAuthDebugStatusAuthPass,
115 	iscsiAuthDebugStatusAuthRemoteFalse,
116 
117 	iscsiAuthDebugStatusAuthFail,
118 
119 	iscsiAuthDebugStatusAuthMethodBad,
120 	iscsiAuthDebugStatusChapAlgorithmBad,
121 	iscsiAuthDebugStatusPasswordDecryptFailed,
122 	iscsiAuthDebugStatusPasswordTooShortWithNoIpSec,
123 	iscsiAuthDebugStatusAuthServerError,
124 	iscsiAuthDebugStatusAuthStatusBad,
125 	iscsiAuthDebugStatusAuthPassNotValid,
126 	iscsiAuthDebugStatusSendDuplicateSetKeyValue,
127 	iscsiAuthDebugStatusSendStringTooLong,
128 	iscsiAuthDebugStatusSendTooMuchData,
129 
130 	iscsiAuthDebugStatusAuthMethodExpected,
131 	iscsiAuthDebugStatusChapAlgorithmExpected,
132 	iscsiAuthDebugStatusChapIdentifierExpected,
133 	iscsiAuthDebugStatusChapChallengeExpected,
134 	iscsiAuthDebugStatusChapResponseExpected,
135 	iscsiAuthDebugStatusChapUsernameExpected,
136 
137 	iscsiAuthDebugStatusAuthMethodNotPresent,
138 	iscsiAuthDebugStatusAuthMethodReject,
139 	iscsiAuthDebugStatusAuthMethodNone,
140 	iscsiAuthDebugStatusChapAlgorithmReject,
141 	iscsiAuthDebugStatusChapChallengeReflected,
142 	iscsiAuthDebugStatusPasswordIdentical,
143 
144 	iscsiAuthDebugStatusLocalPasswordNotSet,
145 
146 	iscsiAuthDebugStatusChapIdentifierBad,
147 	iscsiAuthDebugStatusChapChallengeBad,
148 	iscsiAuthDebugStatusChapResponseBad,
149 	iscsiAuthDebugStatusUnexpectedKeyPresent,
150 	iscsiAuthDebugStatusTbitSetIllegal,
151 	iscsiAuthDebugStatusTbitSetPremature,
152 
153 	iscsiAuthDebugStatusRecvMessageCountLimit,
154 	iscsiAuthDebugStatusRecvDuplicateSetKeyValue,
155 	iscsiAuthDebugStatusRecvStringTooLong,
156 	iscsiAuthDebugStatusRecvTooMuchData
157 };
158 typedef enum iscsiAuthDebugStatus_t IscsiAuthDebugStatus;
159 
160 enum iscsiAuthNodeType_t {
161 	iscsiAuthNodeTypeInitiator = 1,
162 	iscsiAuthNodeTypeTarget = 2
163 };
164 typedef enum iscsiAuthNodeType_t IscsiAuthNodeType;
165 
166 enum iscsiAuthPhase_t {
167 	iscsiAuthPhaseConfigure = 1,
168 	iscsiAuthPhaseNegotiate,		/* Negotiating */
169 	iscsiAuthPhaseAuthenticate,		/* Authenticating */
170 	iscsiAuthPhaseDone,			/* Authentication done */
171 	iscsiAuthPhaseError
172 };
173 typedef enum iscsiAuthPhase_t IscsiAuthPhase;
174 
175 enum iscsiAuthLocalState_t {
176 	iscsiAuthLocalStateSendAlgorithm = 1,
177 	iscsiAuthLocalStateRecvAlgorithm,
178 	iscsiAuthLocalStateRecvChallenge,
179 	iscsiAuthLocalStateDone,
180 	iscsiAuthLocalStateError
181 };
182 typedef enum iscsiAuthLocalState_t IscsiAuthLocalState;
183 
184 enum iscsiAuthRemoteState_t {
185 	iscsiAuthRemoteStateSendAlgorithm = 1,
186 	iscsiAuthRemoteStateSendChallenge,
187 	iscsiAuthRemoteStateRecvResponse,
188 	iscsiAuthRemoteStateAuthRequest,
189 	iscsiAuthRemoteStateDone,
190 	iscsiAuthRemoteStateError
191 };
192 typedef enum iscsiAuthRemoteState_t IscsiAuthRemoteState;
193 
194 
195 typedef void IscsiAuthClientCallback(void *, void *, int);
196 
197 
198 struct iscsiAuthClientGlobalStats_t {
199 	unsigned long requestSent;
200 	unsigned long responseReceived;
201 };
202 typedef struct iscsiAuthClientGlobalStats_t IscsiAuthClientGlobalStats;
203 
204 struct iscsiAuthBufferDesc_t {
205 	unsigned int length;
206 	void *address;
207 };
208 typedef struct iscsiAuthBufferDesc_t IscsiAuthBufferDesc;
209 
210 struct iscsiAuthKey_t {
211 	unsigned int present:1;
212 	unsigned int processed:1;
213 	unsigned int valueSet:1;	/* 1 if the value is set to be valid */
214 	char *string;
215 };
216 typedef struct iscsiAuthKey_t IscsiAuthKey;
217 
218 struct iscsiAuthLargeBinaryKey_t {
219 	unsigned int length;
220 	unsigned char *largeBinary;
221 	};
222 typedef struct iscsiAuthLargeBinaryKey_t IscsiAuthLargeBinaryKey;
223 
224 struct iscsiAuthKeyBlock_t {
225 	unsigned int transitBit:1;	/* To transit: TRUE or FALSE */
226 	unsigned int duplicateSet:1;	/* Set the value more than once */
227 	unsigned int stringTooLong:1;	/* Key value too long */
228 	unsigned int tooMuchData:1;	/* The keypair data blk overflows */
229 	unsigned int blockLength:16;	/* The length of the keypair data blk */
230 	char *stringBlock;
231 	IscsiAuthKey key[iscsiAuthKeyTypeMaxCount];
232 };
233 typedef struct iscsiAuthKeyBlock_t IscsiAuthKeyBlock;
234 
235 struct iscsiAuthStringBlock_t {
236 	char stringBlock[iscsiAuthStringBlockMaxLength];
237 };
238 typedef struct iscsiAuthStringBlock_t IscsiAuthStringBlock;
239 
240 struct iscsiAuthLargeBinary_t {
241 	unsigned char largeBinary[iscsiAuthLargeBinaryMaxLength];
242 };
243 typedef struct iscsiAuthLargeBinary_t IscsiAuthLargeBinary;
244 
245 struct iscsiAuthClient_t {
246 	unsigned long signature;
247 
248 	void *glueHandle;
249 	struct iscsiAuthClient_t *next;
250 	unsigned int authRequestId;
251 
252 	IscsiAuthNodeType nodeType;
253 	unsigned int authMethodCount;
254 	int authMethodList[iscsiAuthMethodMaxCount];
255 	IscsiAuthNegRole authMethodNegRole;
256 	unsigned int chapAlgorithmCount;
257 	int chapAlgorithmList[iscsiAuthChapAlgorithmMaxCount];
258 
259 	/*
260 	 * To indicate if remote authentication is enabled (0 = no 1 = yes)
261 	 * For the case of initiator, remote authentication enabled means
262 	 * enabling target authentication.
263 	 */
264 	int authRemote;
265 
266 	char username[iscsiAuthStringMaxLength];
267 	int passwordPresent;
268 	unsigned int passwordLength;
269 	unsigned char passwordData[iscsiAuthStringMaxLength];
270 	char methodListName[iscsiAuthStringMaxLength];
271 	IscsiAuthVersion version;
272 	unsigned int chapChallengeLength;
273 	int ipSec;
274 	int base64;
275 
276 	unsigned int authMethodValidCount;
277 	int authMethodValidList[iscsiAuthMethodMaxCount];
278 	int authMethodValidNegRole;
279 	const char *rejectOptionName;
280 	const char *noneOptionName;
281 
282 	int recvInProgressFlag;
283 	int recvEndCount;
284 	IscsiAuthClientCallback *callback;
285 	void *userHandle;
286 	void *messageHandle;
287 
288 	IscsiAuthPhase phase;
289 	IscsiAuthLocalState localState;
290 	IscsiAuthRemoteState remoteState;
291 	IscsiAuthStatus remoteAuthStatus;
292 	IscsiAuthDebugStatus debugStatus;
293 	int negotiatedAuthMethod;
294 	int negotiatedChapAlgorithm;
295 	int authResponseFlag;
296 	int authServerErrorFlag;
297 	int transitBitSentFlag;
298 
299 	unsigned int sendChapIdentifier;
300 	IscsiAuthLargeBinaryKey sendChapChallenge;
301 	char chapUsername[iscsiAuthStringMaxLength];
302 
303 	int recvChapChallengeStatus;
304 	IscsiAuthLargeBinaryKey recvChapChallenge;
305 
306 	char scratchKeyValue[iscsiAuthStringMaxLength];
307 
308 	IscsiAuthKeyBlock recvKeyBlock;		/* Received keypair data */
309 	IscsiAuthKeyBlock sendKeyBlock;		/* Keypair data to be sent */
310 };
311 typedef struct iscsiAuthClient_t IscsiAuthClient;
312 
313 
314 #ifdef __cplusplus
315 }
316 #endif
317 #include <sys/iscsi_authclientglue.h>
318 #ifdef __cplusplus
319 extern "C" {
320 #endif
321 
322 
323 extern IscsiAuthClientGlobalStats iscsiAuthClientGlobalStats;
324 
325 
326 extern int iscsiAuthClientInit(int, int, IscsiAuthBufferDesc *);
327 extern int iscsiAuthClientFinish(IscsiAuthClient *);
328 
329 extern int iscsiAuthClientRecvBegin(IscsiAuthClient *);
330 extern int iscsiAuthClientRecvEnd(IscsiAuthClient *,
331     IscsiAuthClientCallback *, void *, void *);
332 
333 extern const char *iscsiAuthClientGetKeyName(int);
334 extern int iscsiAuthClientGetNextKeyType(int *);
335 extern int iscsiAuthClientKeyNameToKeyType(const char *);
336 extern int iscsiAuthClientRecvKeyValue(IscsiAuthClient *, int, const char *);
337 extern int iscsiAuthClientSendKeyValue(IscsiAuthClient *, int, int *, char *,
338     unsigned int);
339 extern int iscsiAuthClientRecvTransitBit(IscsiAuthClient *, int);
340 extern int iscsiAuthClientSendTransitBit(IscsiAuthClient *, int *);
341 
342 extern int iscsiAuthClientSetAuthMethodList(IscsiAuthClient *, unsigned int,
343     const int *);
344 extern int iscsiAuthClientSetAuthMethodNegRole(IscsiAuthClient *, int);
345 extern int iscsiAuthClientSetChapAlgorithmList(IscsiAuthClient *, unsigned int,
346     const int *);
347 extern int iscsiAuthClientSetUsername(IscsiAuthClient *, const char *);
348 extern int iscsiAuthClientSetPassword(IscsiAuthClient *, const unsigned char *,
349     unsigned int);
350 extern int iscsiAuthClientSetAuthRemote(IscsiAuthClient *, int);
351 extern int iscsiAuthClientSetGlueHandle(IscsiAuthClient *, void *);
352 extern int iscsiAuthClientSetMethodListName(IscsiAuthClient *, const char *);
353 extern int iscsiAuthClientSetIpSec(IscsiAuthClient *, int);
354 extern int iscsiAuthClientSetBase64(IscsiAuthClient *, int);
355 extern int iscsiAuthClientSetChapChallengeLength(IscsiAuthClient *,
356     unsigned int);
357 extern int iscsiAuthClientSetVersion(IscsiAuthClient *, int);
358 extern int iscsiAuthClientCheckPasswordNeeded(IscsiAuthClient *, int *);
359 
360 extern int iscsiAuthClientGetAuthPhase(IscsiAuthClient *, int *);
361 extern int iscsiAuthClientGetAuthStatus(IscsiAuthClient *, int *);
362 extern int iscsiAuthClientAuthStatusPass(int);
363 extern int iscsiAuthClientGetAuthMethod(IscsiAuthClient *, int *);
364 extern int iscsiAuthClientGetChapAlgorithm(IscsiAuthClient *, int *);
365 extern int iscsiAuthClientGetChapUsername(IscsiAuthClient *, char *,
366     unsigned int);
367 
368 extern int iscsiAuthClientSendStatusCode(IscsiAuthClient *, int *);
369 extern int iscsiAuthClientGetDebugStatus(IscsiAuthClient *, int *);
370 extern const char *iscsiAuthClientDebugStatusToText(int);
371 
372 /*
373  * The following is called by platform dependent code.
374  */
375 extern void iscsiAuthClientAuthResponse(IscsiAuthClient *, int);
376 
377 /*
378  * The following routines are considered platform dependent,
379  * and need to be implemented for use by iscsiAuthClient.c.
380  */
381 
382 extern int iscsiAuthClientChapAuthRequest(IscsiAuthClient *, char *,
383     unsigned int,
384     unsigned char *, unsigned int, unsigned char *, unsigned int);
385 extern void iscsiAuthClientChapAuthCancel(IscsiAuthClient *);
386 
387 extern int iscsiAuthClientTextToNumber(const char *, unsigned long *);
388 extern void iscsiAuthClientNumberToText(unsigned long, char *, unsigned int);
389 
390 extern void iscsiAuthRandomSetData(unsigned char *, unsigned int);
391 extern void iscsiAuthMd5Init(IscsiAuthMd5Context *);
392 extern void iscsiAuthMd5Update(IscsiAuthMd5Context *, unsigned char *,
393     unsigned int);
394 extern void iscsiAuthMd5Final(unsigned char *, IscsiAuthMd5Context *);
395 
396 extern int iscsiAuthClientData(unsigned char *, unsigned int *, unsigned char *,
397     unsigned int);
398 
399 #ifdef __cplusplus
400 }
401 #endif
402 
403 #endif	/* _ISCSI_AUTHCLIENT_H */
404