1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 #ifndef _ISCSIT_AUTHCLIENT_H_
26 #define	_ISCSIT_AUTHCLIENT_H_
27 
28 #define	ISCSI_AUTH_PASSED	0
29 #define	ISCSI_AUTH_FAILED	1
30 
31 enum { iscsitAuthStringMaxLength = 256 };
32 
33 enum { AuthStringMaxLength = 256 };
34 enum { AuthStringBlockMaxLength = 1024 };
35 enum { AuthLargeBinaryMaxLength = 1024 };
36 
37 enum { iscsitAuthChapResponseLength = 16 };
38 
39 enum { iscsitAuthMethodMaxCount = 2 };
40 
41 enum { iscsitAuthChapAlgorithmMd5 = 5 };
42 
43 enum {
44 	AKT_CHAP_A = 0,
45 	AKT_CHAP_I,
46 	AKT_CHAP_C,
47 	AKT_CHAP_N,
48 	AKT_CHAP_R,
49 	AUTH_KEY_TYPE_MAX
50 };
51 
52 typedef union auth_value {
53 	uint32_t	numeric;
54 	char		*string;
55 	unsigned char	*binary;
56 } auth_value_t;
57 
58 typedef struct auth_key {
59 	unsigned char	present;
60 	unsigned int	len;
61 	auth_value_t	value;
62 } auth_key_t;
63 
64 typedef struct iscsit_auth_key_block {
65 	auth_key_t	key[AUTH_KEY_TYPE_MAX];
66 } auth_key_block_t;
67 
68 typedef struct auth_large_binary {
69 	unsigned char largeBinary[AuthLargeBinaryMaxLength];
70 } auth_large_binary_t;
71 
72 typedef enum {
73 	AM_CHAP = 1, /* keep 0 as invalid */
74 	AM_KRB5,
75 	AM_SPKM1,
76 	AM_SPKM2,
77 	AM_SRP,
78 	AM_NONE
79 } iscsit_auth_method_t;
80 
81 typedef enum {
82 	/* authentication phase start status */
83 	AP_AM_UNDECIDED = 0,
84 	AP_AM_PROPOSED,
85 	AP_AM_DECIDED,
86 
87 	/* authentication phase for chap */
88 	AP_CHAP_A_WAITING,
89 	AP_CHAP_A_RCVD,
90 	AP_CHAP_R_WAITING,
91 	AP_CHAP_R_RCVD,
92 
93 	/* authentication phase for kerberos */
94 	AP_KRB_REQ_WAITING,
95 	AP_KRB_REQ_RCVD,
96 
97 	/* authentication phase done */
98 	AP_DONE
99 } iscsit_auth_phase_t;
100 
101 typedef struct iscsit_auth_client {
102 	iscsit_auth_phase_t	phase;
103 	iscsit_auth_method_t	negotiatedMethod;
104 
105 	auth_large_binary_t	auth_send_binary_block;
106 
107 	auth_key_block_t	recvKeyBlock;
108 	auth_key_block_t	sendKeyBlock;
109 } iscsit_auth_client_t;
110 
111 void
112 client_set_numeric_data(auth_key_block_t *keyBlock,
113     int key_type,
114     uint32_t numeric);
115 
116 void
117 client_set_string_data(auth_key_block_t *keyBlock,
118     int key_type,
119     char *string);
120 
121 void
122 client_set_binary_data(auth_key_block_t *keyBlock,
123     int key_type,
124     unsigned char *binary, unsigned int len);
125 
126 void
127 client_get_numeric_data(auth_key_block_t *keyBlock,
128     int key_type,
129     uint32_t *numeric);
130 
131 void
132 client_get_string_data(auth_key_block_t *keyBlock,
133     int key_type,
134     char **string);
135 
136 void
137 client_get_binary_data(auth_key_block_t *keyBlock,
138     int key_type,
139     unsigned char **binary, unsigned int *len);
140 
141 int
142 client_auth_key_present(auth_key_block_t *keyBlock,
143     int key_type);
144 
145 void
146 client_compute_chap_resp(uchar_t *resp,
147     unsigned int chap_i,
148     uint8_t *password, int password_len,
149     uchar_t *chap_c, unsigned int challenge_len);
150 
151 int
152 client_verify_chap_resp(char *target_chap_name, char *initiator_chap_name,
153     uint8_t *password, int password_len,
154     unsigned int chap_i, uchar_t *chap_c, unsigned int challenge_len,
155     uchar_t *chap_r, unsigned int resp_len);
156 
157 void
158 auth_random_set_data(uchar_t *data, unsigned int length);
159 
160 #endif /* _ISCSIT_AUTHCLIENT_H_ */
161