1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2000 by Cisco Systems, Inc. All rights reserved. 23 * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. 24 */ 25 26 #ifndef _ISCSI_AUTHCLIENT_H 27 #define _ISCSI_AUTHCLIENT_H 28 29 30 /* 31 * This file is the include file for for iscsiAuthClient.c 32 */ 33 34 #ifdef __cplusplus 35 extern "C" { 36 #endif 37 38 enum { iscsiAuthStringMaxLength = 512 }; 39 enum { iscsiAuthStringBlockMaxLength = 1024 }; 40 enum { iscsiAuthLargeBinaryMaxLength = 1024 }; 41 42 enum { iscsiAuthRecvEndMaxCount = 10 }; 43 44 enum { iscsiAuthClientSignature = 0x5984B2E3 }; 45 46 enum { iscsiAuthChapResponseLength = 16 }; 47 48 /* 49 * Note: The ordering of these values are chosen to match 50 * the ordering of the keys as shown in the iSCSI spec. 51 * The table IscsiAuthClientKeyInfo in iscsiAuthClient.c 52 * must also match this order. 53 */ 54 enum iscsiAuthKeyType_t { 55 iscsiAuthKeyTypeNone = -1, 56 iscsiAuthKeyTypeFirst = 0, 57 iscsiAuthKeyTypeAuthMethod = iscsiAuthKeyTypeFirst, 58 iscsiAuthKeyTypeChapAlgorithm, 59 iscsiAuthKeyTypeChapUsername, 60 iscsiAuthKeyTypeChapResponse, 61 iscsiAuthKeyTypeChapIdentifier, 62 iscsiAuthKeyTypeChapChallenge, 63 iscsiAuthKeyTypeMaxCount, 64 iscsiAuthKeyTypeLast = iscsiAuthKeyTypeMaxCount - 1 65 }; 66 typedef enum iscsiAuthKeyType_t IscsiAuthKeyType; 67 68 enum { 69 /* 70 * Common options for all keys. 71 */ 72 iscsiAuthOptionReject = -2, 73 iscsiAuthOptionNotPresent = -1, 74 iscsiAuthOptionNone = 1, 75 76 iscsiAuthMethodChap = 2, 77 iscsiAuthMethodMaxCount = 2, 78 79 iscsiAuthChapAlgorithmMd5 = 5, 80 iscsiAuthChapAlgorithmMaxCount = 2 81 }; 82 83 enum iscsiAuthNegRole_t { 84 iscsiAuthNegRoleOriginator = 1, 85 iscsiAuthNegRoleResponder = 2 86 }; 87 typedef enum iscsiAuthNegRole_t IscsiAuthNegRole; 88 89 /* 90 * Note: These values are chosen to map to the values sent 91 * in the iSCSI header. 92 */ 93 enum iscsiAuthVersion_t { 94 iscsiAuthVersionDraft8 = 2, 95 iscsiAuthVersionRfc = 0 96 }; 97 typedef enum iscsiAuthVersion_t IscsiAuthVersion; 98 99 enum iscsiAuthStatus_t { 100 iscsiAuthStatusNoError = 0, 101 iscsiAuthStatusError, 102 iscsiAuthStatusPass, 103 iscsiAuthStatusFail, 104 iscsiAuthStatusContinue, 105 iscsiAuthStatusInProgress 106 }; 107 typedef enum iscsiAuthStatus_t IscsiAuthStatus; 108 109 enum iscsiAuthDebugStatus_t { 110 iscsiAuthDebugStatusNotSet = 0, 111 112 iscsiAuthDebugStatusAuthPass, 113 iscsiAuthDebugStatusAuthRemoteFalse, 114 115 iscsiAuthDebugStatusAuthFail, 116 117 iscsiAuthDebugStatusAuthMethodBad, 118 iscsiAuthDebugStatusChapAlgorithmBad, 119 iscsiAuthDebugStatusPasswordDecryptFailed, 120 iscsiAuthDebugStatusPasswordTooShortWithNoIpSec, 121 iscsiAuthDebugStatusAuthServerError, 122 iscsiAuthDebugStatusAuthStatusBad, 123 iscsiAuthDebugStatusAuthPassNotValid, 124 iscsiAuthDebugStatusSendDuplicateSetKeyValue, 125 iscsiAuthDebugStatusSendStringTooLong, 126 iscsiAuthDebugStatusSendTooMuchData, 127 128 iscsiAuthDebugStatusAuthMethodExpected, 129 iscsiAuthDebugStatusChapAlgorithmExpected, 130 iscsiAuthDebugStatusChapIdentifierExpected, 131 iscsiAuthDebugStatusChapChallengeExpected, 132 iscsiAuthDebugStatusChapResponseExpected, 133 iscsiAuthDebugStatusChapUsernameExpected, 134 135 iscsiAuthDebugStatusAuthMethodNotPresent, 136 iscsiAuthDebugStatusAuthMethodReject, 137 iscsiAuthDebugStatusAuthMethodNone, 138 iscsiAuthDebugStatusChapAlgorithmReject, 139 iscsiAuthDebugStatusChapChallengeReflected, 140 iscsiAuthDebugStatusPasswordIdentical, 141 142 iscsiAuthDebugStatusLocalPasswordNotSet, 143 144 iscsiAuthDebugStatusChapIdentifierBad, 145 iscsiAuthDebugStatusChapChallengeBad, 146 iscsiAuthDebugStatusChapResponseBad, 147 iscsiAuthDebugStatusUnexpectedKeyPresent, 148 iscsiAuthDebugStatusTbitSetIllegal, 149 iscsiAuthDebugStatusTbitSetPremature, 150 151 iscsiAuthDebugStatusRecvMessageCountLimit, 152 iscsiAuthDebugStatusRecvDuplicateSetKeyValue, 153 iscsiAuthDebugStatusRecvStringTooLong, 154 iscsiAuthDebugStatusRecvTooMuchData 155 }; 156 typedef enum iscsiAuthDebugStatus_t IscsiAuthDebugStatus; 157 158 enum iscsiAuthNodeType_t { 159 iscsiAuthNodeTypeInitiator = 1, 160 iscsiAuthNodeTypeTarget = 2 161 }; 162 typedef enum iscsiAuthNodeType_t IscsiAuthNodeType; 163 164 enum iscsiAuthPhase_t { 165 iscsiAuthPhaseConfigure = 1, 166 iscsiAuthPhaseNegotiate, /* Negotiating */ 167 iscsiAuthPhaseAuthenticate, /* Authenticating */ 168 iscsiAuthPhaseDone, /* Authentication done */ 169 iscsiAuthPhaseError 170 }; 171 typedef enum iscsiAuthPhase_t IscsiAuthPhase; 172 173 enum iscsiAuthLocalState_t { 174 iscsiAuthLocalStateSendAlgorithm = 1, 175 iscsiAuthLocalStateRecvAlgorithm, 176 iscsiAuthLocalStateRecvChallenge, 177 iscsiAuthLocalStateDone, 178 iscsiAuthLocalStateError 179 }; 180 typedef enum iscsiAuthLocalState_t IscsiAuthLocalState; 181 182 enum iscsiAuthRemoteState_t { 183 iscsiAuthRemoteStateSendAlgorithm = 1, 184 iscsiAuthRemoteStateSendChallenge, 185 iscsiAuthRemoteStateRecvResponse, 186 iscsiAuthRemoteStateAuthRequest, 187 iscsiAuthRemoteStateDone, 188 iscsiAuthRemoteStateError 189 }; 190 typedef enum iscsiAuthRemoteState_t IscsiAuthRemoteState; 191 192 193 typedef void IscsiAuthClientCallback(void *, void *, int); 194 195 196 struct iscsiAuthClientGlobalStats_t { 197 unsigned long requestSent; 198 unsigned long responseReceived; 199 }; 200 typedef struct iscsiAuthClientGlobalStats_t IscsiAuthClientGlobalStats; 201 202 struct iscsiAuthBufferDesc_t { 203 unsigned int length; 204 void *address; 205 }; 206 typedef struct iscsiAuthBufferDesc_t IscsiAuthBufferDesc; 207 208 struct iscsiAuthKey_t { 209 unsigned int present:1; 210 unsigned int processed:1; 211 unsigned int valueSet:1; /* 1 if the value is set to be valid */ 212 char *string; 213 }; 214 typedef struct iscsiAuthKey_t IscsiAuthKey; 215 216 struct iscsiAuthLargeBinaryKey_t { 217 unsigned int length; 218 unsigned char *largeBinary; 219 }; 220 typedef struct iscsiAuthLargeBinaryKey_t IscsiAuthLargeBinaryKey; 221 222 struct iscsiAuthKeyBlock_t { 223 unsigned int transitBit:1; /* To transit: TRUE or FALSE */ 224 unsigned int duplicateSet:1; /* Set the value more than once */ 225 unsigned int stringTooLong:1; /* Key value too long */ 226 unsigned int tooMuchData:1; /* The keypair data blk overflows */ 227 unsigned int blockLength:16; /* The length of the keypair data blk */ 228 char *stringBlock; 229 IscsiAuthKey key[iscsiAuthKeyTypeMaxCount]; 230 }; 231 typedef struct iscsiAuthKeyBlock_t IscsiAuthKeyBlock; 232 233 struct iscsiAuthStringBlock_t { 234 char stringBlock[iscsiAuthStringBlockMaxLength]; 235 }; 236 typedef struct iscsiAuthStringBlock_t IscsiAuthStringBlock; 237 238 struct iscsiAuthLargeBinary_t { 239 unsigned char largeBinary[iscsiAuthLargeBinaryMaxLength]; 240 }; 241 typedef struct iscsiAuthLargeBinary_t IscsiAuthLargeBinary; 242 243 struct iscsiAuthClient_t { 244 unsigned long signature; 245 246 void *glueHandle; 247 struct iscsiAuthClient_t *next; 248 unsigned int authRequestId; 249 250 IscsiAuthNodeType nodeType; 251 unsigned int authMethodCount; 252 int authMethodList[iscsiAuthMethodMaxCount]; 253 IscsiAuthNegRole authMethodNegRole; 254 unsigned int chapAlgorithmCount; 255 int chapAlgorithmList[iscsiAuthChapAlgorithmMaxCount]; 256 257 /* 258 * To indicate if remote authentication is enabled (0 = no 1 = yes) 259 * For the case of initiator, remote authentication enabled means 260 * enabling target authentication. 261 */ 262 int authRemote; 263 264 char username[iscsiAuthStringMaxLength]; 265 int passwordPresent; 266 unsigned int passwordLength; 267 unsigned char passwordData[iscsiAuthStringMaxLength]; 268 char methodListName[iscsiAuthStringMaxLength]; 269 IscsiAuthVersion version; 270 unsigned int chapChallengeLength; 271 int ipSec; 272 int base64; 273 274 unsigned int authMethodValidCount; 275 int authMethodValidList[iscsiAuthMethodMaxCount]; 276 int authMethodValidNegRole; 277 const char *rejectOptionName; 278 const char *noneOptionName; 279 280 int recvInProgressFlag; 281 int recvEndCount; 282 IscsiAuthClientCallback *callback; 283 void *userHandle; 284 void *messageHandle; 285 286 IscsiAuthPhase phase; 287 IscsiAuthLocalState localState; 288 IscsiAuthRemoteState remoteState; 289 IscsiAuthStatus remoteAuthStatus; 290 IscsiAuthDebugStatus debugStatus; 291 int negotiatedAuthMethod; 292 int negotiatedChapAlgorithm; 293 int authResponseFlag; 294 int authServerErrorFlag; 295 int transitBitSentFlag; 296 297 unsigned int sendChapIdentifier; 298 IscsiAuthLargeBinaryKey sendChapChallenge; 299 char chapUsername[iscsiAuthStringMaxLength]; 300 301 int recvChapChallengeStatus; 302 IscsiAuthLargeBinaryKey recvChapChallenge; 303 304 char scratchKeyValue[iscsiAuthStringMaxLength]; 305 306 IscsiAuthKeyBlock recvKeyBlock; /* Received keypair data */ 307 IscsiAuthKeyBlock sendKeyBlock; /* Keypair data to be sent */ 308 }; 309 typedef struct iscsiAuthClient_t IscsiAuthClient; 310 311 312 #ifdef __cplusplus 313 } 314 #endif 315 #include <sys/iscsi_authclientglue.h> 316 #ifdef __cplusplus 317 extern "C" { 318 #endif 319 320 321 extern IscsiAuthClientGlobalStats iscsiAuthClientGlobalStats; 322 323 324 extern int iscsiAuthClientInit(int, int, IscsiAuthBufferDesc *); 325 extern int iscsiAuthClientFinish(IscsiAuthClient *); 326 327 extern int iscsiAuthClientRecvBegin(IscsiAuthClient *); 328 extern int iscsiAuthClientRecvEnd(IscsiAuthClient *, 329 IscsiAuthClientCallback *, void *, void *); 330 331 extern const char *iscsiAuthClientGetKeyName(int); 332 extern int iscsiAuthClientGetNextKeyType(int *); 333 extern int iscsiAuthClientKeyNameToKeyType(const char *); 334 extern int iscsiAuthClientRecvKeyValue(IscsiAuthClient *, int, const char *); 335 extern int iscsiAuthClientSendKeyValue(IscsiAuthClient *, int, int *, char *, 336 unsigned int); 337 extern int iscsiAuthClientRecvTransitBit(IscsiAuthClient *, int); 338 extern int iscsiAuthClientSendTransitBit(IscsiAuthClient *, int *); 339 340 extern int iscsiAuthClientSetAuthMethodList(IscsiAuthClient *, unsigned int, 341 const int *); 342 extern int iscsiAuthClientSetAuthMethodNegRole(IscsiAuthClient *, int); 343 extern int iscsiAuthClientSetChapAlgorithmList(IscsiAuthClient *, unsigned int, 344 const int *); 345 extern int iscsiAuthClientSetUsername(IscsiAuthClient *, const char *); 346 extern int iscsiAuthClientSetPassword(IscsiAuthClient *, const unsigned char *, 347 unsigned int); 348 extern int iscsiAuthClientSetAuthRemote(IscsiAuthClient *, int); 349 extern int iscsiAuthClientSetGlueHandle(IscsiAuthClient *, void *); 350 extern int iscsiAuthClientSetMethodListName(IscsiAuthClient *, const char *); 351 extern int iscsiAuthClientSetIpSec(IscsiAuthClient *, int); 352 extern int iscsiAuthClientSetBase64(IscsiAuthClient *, int); 353 extern int iscsiAuthClientSetChapChallengeLength(IscsiAuthClient *, 354 unsigned int); 355 extern int iscsiAuthClientSetVersion(IscsiAuthClient *, int); 356 extern int iscsiAuthClientCheckPasswordNeeded(IscsiAuthClient *, int *); 357 358 extern int iscsiAuthClientGetAuthPhase(IscsiAuthClient *, int *); 359 extern int iscsiAuthClientGetAuthStatus(IscsiAuthClient *, int *); 360 extern int iscsiAuthClientAuthStatusPass(int); 361 extern int iscsiAuthClientGetAuthMethod(IscsiAuthClient *, int *); 362 extern int iscsiAuthClientGetChapAlgorithm(IscsiAuthClient *, int *); 363 extern int iscsiAuthClientGetChapUsername(IscsiAuthClient *, char *, 364 unsigned int); 365 366 extern int iscsiAuthClientSendStatusCode(IscsiAuthClient *, int *); 367 extern int iscsiAuthClientGetDebugStatus(IscsiAuthClient *, int *); 368 extern const char *iscsiAuthClientDebugStatusToText(int); 369 370 /* 371 * The following is called by platform dependent code. 372 */ 373 extern void iscsiAuthClientAuthResponse(IscsiAuthClient *, int); 374 375 /* 376 * The following routines are considered platform dependent, 377 * and need to be implemented for use by iscsiAuthClient.c. 378 */ 379 380 extern int iscsiAuthClientChapAuthRequest(IscsiAuthClient *, char *, 381 unsigned int, 382 unsigned char *, unsigned int, unsigned char *, unsigned int); 383 extern void iscsiAuthClientChapAuthCancel(IscsiAuthClient *); 384 385 extern int iscsiAuthClientTextToNumber(const char *, unsigned long *); 386 extern void iscsiAuthClientNumberToText(unsigned long, char *, unsigned int); 387 388 extern void iscsiAuthRandomSetData(unsigned char *, unsigned int); 389 extern void iscsiAuthMd5Init(IscsiAuthMd5Context *); 390 extern void iscsiAuthMd5Update(IscsiAuthMd5Context *, unsigned char *, 391 unsigned int); 392 extern void iscsiAuthMd5Final(unsigned char *, IscsiAuthMd5Context *); 393 394 extern int iscsiAuthClientData(unsigned char *, unsigned int *, unsigned char *, 395 unsigned int); 396 397 #ifdef __cplusplus 398 } 399 #endif 400 401 #endif /* _ISCSI_AUTHCLIENT_H */ 402