1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at
9 * http://www.opensource.org/licenses/cddl1.txt.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22/*
23 * Copyright (c) 2004-2011 Emulex. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27#ifndef _EMLXS_DHCHAP_H
28#define	_EMLXS_DHCHAP_H
29
30#ifdef	__cplusplus
31extern "C" {
32#endif
33
34#ifdef DHCHAP_SUPPORT
35#include <sys/random.h>
36
37
38/* emlxs_auth_cfg_t */
39#define	PASSWORD_TYPE_ASCII	1
40#define	PASSWORD_TYPE_BINARY	2
41#define	PASSWORD_TYPE_IGNORE	3
42
43#define	AUTH_MODE_DISABLED	1
44#define	AUTH_MODE_ACTIVE	2
45#define	AUTH_MODE_PASSIVE	3
46
47#define	ELX_DHCHAP		0x01	/* Only one currently supported */
48#define	ELX_FCAP		0x02
49#define	ELX_FCPAP		0x03
50#define	ELX_KERBEROS		0x04
51
52#define	ELX_MD5			0x01
53#define	ELX_SHA1		0x02
54
55#define	ELX_GROUP_NULL		0x01
56#define	ELX_GROUP_1024		0x02
57#define	ELX_GROUP_1280		0x03
58#define	ELX_GROUP_1536		0x04
59#define	ELX_GROUP_2048		0x05
60
61
62/* AUTH_ELS Code */
63#define	ELS_CMD_AUTH_CODE	0x90
64
65/* AUTH_ELS Flags */
66
67/* state ? */
68#define	AUTH_FINISH		0xFF
69#define	AUTH_ABORT		0xFE
70
71/* auth_msg code for DHCHAP */
72#define	AUTH_REJECT		0x0A
73#define	AUTH_NEGOTIATE		0x0B
74#define	AUTH_DONE		0x0C
75#define	DHCHAP_CHALLENGE	0x10
76#define	DHCHAP_REPLY		0x11
77#define	DHCHAP_SUCCESS		0x12
78
79/* BIG ENDIAN and LITTLE ENDIAN */
80
81/* authentication protocol identifiers */
82#ifdef EMLXS_BIG_ENDIAN
83
84#define	AUTH_DHCHAP		0x00000001
85#define	AUTH_FCAP		0x00000002
86#define	AUTH_FCPAP		0x00000003
87#define	AUTH_KERBEROS		0x00000004
88
89#define	HASH_LIST_TAG		0x0001
90#define	DHGID_LIST_TAG		0x0002
91
92/* hash function identifiers */
93#define	AUTH_SHA1		0x00000006
94#define	AUTH_MD5		0x00000005
95
96/* DHCHAP group ids */
97#define	GROUP_NULL		0x00000000
98#define	GROUP_1024		0x00000001
99#define	GROUP_1280		0x00000002
100#define	GROUP_1536		0x00000003
101#define	GROUP_2048		0x00000004
102
103/* Tran_id Mask */
104#define	AUTH_TRAN_ID_MASK	0x000000FF
105
106#endif	/* EMLXS_BIG_ENDIAN */
107
108#ifdef EMLXS_LITTLE_ENDIAN
109
110#define	AUTH_DHCHAP		0x01000000
111#define	AUTH_FCAP		0x02000000
112#define	AUTH_FCPAP		0x03000000
113#define	AUTH_KERBEROS		0x04000000
114
115#define	HASH_LIST_TAG		0x0100
116#define	DHGID_LIST_TAG		0x0200
117
118/* hash function identifiers */
119#define	AUTH_SHA1		0x06000000
120#define	AUTH_MD5		0x05000000
121
122/* DHCHAP group ids */
123#define	GROUP_NULL		0x00000000
124#define	GROUP_1024		0x01000000
125#define	GROUP_1280		0x02000000
126#define	GROUP_1536		0x03000000
127#define	GROUP_2048		0x04000000
128
129/* Tran_id Mask */
130#define	AUTH_TRAN_ID_MASK	0xFF000000
131
132#endif	/* EMLXS_LITTLE_ENDIAN */
133
134/* hash funcs hash length in byte */
135#define	SHA1_LEN		0x00000014	/* 20 bytes */
136#define	MD5_LEN			0x00000010	/* 16 bytes */
137
138#define	HBA_SECURITY			0x20
139
140/* AUTH_Reject Reason Codes */
141#define	AUTHRJT_FAILURE			0x01
142#define	AUTHRJT_LOGIC_ERR		0x02
143
144/* LS_RJT Reason Codes for AUTH_ELS */
145#define	LSRJT_AUTH_REQUIRED		0x03
146#define	LSRJT_AUTH_LOGICAL_BSY		0x05
147#define	LSRJT_AUTH_ELS_NOT_SUPPORTED	0x0B
148#define	LSRJT_AUTH_NOT_LOGGED_IN	0x09
149
150/* AUTH_Reject Reason Code Explanations */
151#define	AUTHEXP_MECH_UNUSABLE		0x01 /* AUTHRJT_LOGIC_ERR */
152#define	AUTHEXP_DHGROUP_UNUSABLE	0x02 /* AUTHRJT_LOGIC_ERR */
153#define	AUTHEXP_HASHFUNC_UNUSABLE	0x03 /* AUTHRJT_LOGIC_ERR */
154#define	AUTHEXP_AUTHTRAN_STARTED	0x04 /* AUTHRJT_LOGIC_ERR */
155#define	AUTHEXP_AUTH_FAILED		0x05 /* AUTHRJT_FAILURE */
156#define	AUTHEXP_BAD_PAYLOAD		0x06 /* AUTHRJT_FAILURE */
157#define	AUTHEXP_BAD_PROTOCOL		0x07 /* AUTHRJT_FAILURE */
158#define	AUTHEXP_RESTART_AUTH		0x08 /* AUTHRJT_LOGIC_ERR */
159#define	AUTHEXP_CONCAT_UNSUPP		0x09 /* AUTHRJT_LOGIC_ERR */
160#define	AUTHEXP_BAD_PROTOVERS		0x0A /* AUTHRJT_LOGIC_ERR */
161
162/* LS_RJT Reason Code Explanations for AUTH_ELS */
163#define	LSEXP_AUTH_REQUIRED		0x48
164#define	LSEXP_AUTH_ELS_NOT_SUPPORTED	0x2C
165#define	LSEXP_AUTH_ELS_NOT_LOGGED_IN	0x1E
166#define	LSEXP_AUTH_LOGICAL_BUSY		0x00
167
168
169#define	MAX_AUTH_MSA_SIZE 1024
170
171#define	MAX_AUTH_PID 	0x4	/* Max auth proto identifier list */
172
173/* parameter tag */
174#define	HASH_LIST	0x0001
175#define	DHG_ID_LIST	0x0002
176
177/* name tag from Table 13 v1.8 pp 30 */
178#ifdef EMLXS_BIG_ENDIAN
179#define	AUTH_NAME_ID		0x0001
180#define	AUTH_NAME_LEN		0x0008
181#define	AUTH_PROTO_NUM		0x00000001
182#define	AUTH_NULL_PARA_LEN	0x00000028
183#endif	/* EMLXS_BIG_ENDIAN */
184
185#ifdef EMLXS_LITTLE_ENDIAN
186#define	AUTH_NAME_ID		0x0100
187#define	AUTH_NAME_LEN		0x0800
188#define	AUTH_PROTO_NUM		0x01000000
189#define	AUTH_NULL_PARA_LEN	0x28000000
190#endif	/* EMLXS_LITTLE_ENDIAN */
191
192/* name tag from Table 103 v 1.8 pp 123 */
193#define	AUTH_NODE_NAME		0x0002
194#define	AUTH_PORT_NAME		0x0003
195
196
197/* From HBAnyware dfc lib FC-SP */
198typedef struct emlxs_auth_cfg
199{
200	NAME_TYPE		local_entity;	/* host wwpn (NPIV support) */
201	NAME_TYPE		remote_entity;	/* switch or target wwpn */
202	uint32_t		authentication_timeout;
203	uint32_t		authentication_mode;
204	uint32_t		bidirectional:1;
205	uint32_t		reserved:31;
206	uint32_t		authentication_type_priority[4];
207	uint32_t		hash_priority[4];
208	uint32_t		dh_group_priority[8];
209	uint32_t		reauthenticate_time_interval;
210
211	dfc_auth_status_t	auth_status;
212	time_t			auth_time;
213	struct emlxs_node	*node;
214
215	struct emlxs_auth_cfg	*prev;
216	struct emlxs_auth_cfg	*next;
217} emlxs_auth_cfg_t;
218
219
220typedef struct emlxs_auth_key
221{
222	NAME_TYPE		local_entity;		/* host wwpn */
223							/* (NPIV support) */
224	NAME_TYPE		remote_entity;		/* switch or target */
225							/* wwpn */
226	uint16_t		local_password_length;
227	uint16_t		local_password_type;
228	uint8_t			local_password[128];	/* hba authenticates */
229							/* to switch  */
230	uint16_t		remote_password_length;
231	uint16_t		remote_password_type;
232	uint8_t			remote_password[128];	/* hba authenticates */
233							/* to switch  */
234
235	struct emlxs_node	*node;
236
237	struct emlxs_auth_key	*prev;
238	struct emlxs_auth_key	*next;
239} emlxs_auth_key_t;
240
241
242typedef struct emlxs_auth_misc
243{
244	uint8_t		bi_cval[20];		/* our challenge for bi-dir */
245						/* auth in reply as initiator */
246	uint32_t	bi_cval_len;		/* 16 for MD5, 20 for SHA1 */
247	uint8_t		pub_key[512];		/* max is 512 bytes value of */
248						/* (g^y mod p) */
249	uint32_t	pubkey_len;		/* real length of the pub key */
250	uint8_t		ses_key[512];		/* session key: value of */
251						/* (g^xy mod p) */
252	uint32_t	seskey_len;		/* real length of the session */
253						/* key */
254
255	/* The following are parameters when host is the responder */
256	uint8_t		hrsp_cval[20];		/* challenge value from host */
257						/* as responder */
258	uint32_t	hrsp_cval_len;		/* host as the responder its */
259						/* challenge value len */
260	uint8_t		hrsp_priv_key[20];	/* the private key generated */
261						/* in host as responder */
262	uint8_t		hrsp_pub_key[512];	/* public key calculated when */
263						/* host as responder */
264	uint32_t	hrsp_pubkey_len;	/* public key length when */
265						/* host is responder */
266	uint8_t		hrsp_ses_key[512];	/* session key computed when */
267						/* host is responder */
268	uint32_t	hrsp_seskey_len;	/* session key length when */
269						/* host is responder */
270} emlxs_auth_misc_t;
271
272
273/*
274 * emlxs_port_dhc struct to be used by emlxs_port_t in emlxs_fc.h
275 *
276 * This structure contains all the data used by DHCHAP.
277 * They are from EMLXSHBA_t in emlxs driver.
278 *
279 */
280typedef struct emlxs_port_dhc
281{
282
283	int32_t			state;
284#define	ELX_FABRIC_STATE_UNKNOWN	0x00
285#define	ELX_FABRIC_AUTH_DISABLED	0x01
286#define	ELX_FABRIC_AUTH_FAILED		0x02
287#define	ELX_FABRIC_AUTH_SUCCESS		0x03
288#define	ELX_FABRIC_IN_AUTH		0x04
289#define	ELX_FABRIC_IN_REAUTH		0x05
290
291	dfc_auth_status_t	auth_status;  /* Fabric auth status */
292	time_t			auth_time;
293
294} emlxs_port_dhc_t;
295
296
297/* Node Events */
298#define	NODE_EVENT_DEVICE_RM		0x0	/* Auth response timeout and */
299						/* fail */
300#define	NODE_EVENT_DEVICE_RECOVERY	0x1	/* Auth response timeout and */
301						/* recovery */
302#define	NODE_EVENT_RCV_AUTH_MSG		0x2	/* Unsolicited Auth received */
303#define	NODE_EVENT_CMPL_AUTH_MSG	0x3
304#define	NODE_EVENT_MAX_EVENT		0x4
305
306/*
307 * emlxs_node_dhc struct to be used in emlxs_node_t.
308 * They are from emlxs_nodelist_t in emlxs driver.
309 */
310typedef struct emlxs_node_dhc
311{
312	uint16_t		state;		/* used for state machine */
313#define	NODE_STATE_UNKNOWN				0x00
314#define	NODE_STATE_AUTH_DISABLED 			0x01
315#define	NODE_STATE_AUTH_FAILED				0x02
316#define	NODE_STATE_AUTH_SUCCESS				0x03
317#define	NODE_STATE_AUTH_NEGOTIATE_ISSUE			0x04
318#define	NODE_STATE_AUTH_NEGOTIATE_RCV			0x05
319#define	NODE_STATE_AUTH_NEGOTIATE_CMPL_WAIT4NEXT	0x06
320#define	NODE_STATE_DHCHAP_CHALLENGE_ISSUE		0x07
321#define	NODE_STATE_DHCHAP_REPLY_ISSUE			0x08
322#define	NODE_STATE_DHCHAP_CHALLENGE_CMPL_WAIT4NEXT	0x09
323#define	NODE_STATE_DHCHAP_REPLY_CMPL_WAIT4NEXT		0x0A
324#define	NODE_STATE_DHCHAP_SUCCESS_ISSUE			0x0B
325#define	NODE_STATE_DHCHAP_SUCCESS_ISSUE_WAIT4NEXT	0x0C
326#define	NODE_STATE_DHCHAP_SUCCESS_CMPL_WAIT4NEXT	0x0D
327#define	NODE_STATE_NOCHANGE				0xFFFFFFFF
328
329	uint16_t		prev_state;  /* for info only */
330
331	uint32_t		disc_refcnt;
332
333	emlxs_auth_cfg_t	auth_cfg;
334	emlxs_auth_key_t	auth_key;
335
336	uint32_t		nlp_authrsp_tmo;	/* Response timeout */
337	uint32_t		nlp_authrsp_tmocnt;
338
339	uint32_t		nlp_auth_tranid_ini;	/* tran_id when this */
340							/* node is initiator */
341	uint32_t		nlp_auth_tranid_rsp;	/* tran_id when this */
342							/* node is responder */
343
344	uint32_t		nlp_auth_flag;		/* 1:initiator */
345							/* 2:responder */
346	uint32_t		nlp_auth_limit;		/* 1: NULL DHCHAP */
347							/* 2: full support */
348
349	/* information in DHCHAP_Challenge as the auth responder */
350	uint32_t		nlp_auth_hashid;
351	uint32_t		nlp_auth_dhgpid;
352	uint32_t		nlp_auth_bidir;
353	NAME_TYPE		nlp_auth_wwn;
354
355	emlxs_auth_misc_t	nlp_auth_misc;
356
357	uint32_t		nlp_reauth_tmo;
358	uint16_t		nlp_reauth_status;
359#define	NLP_HOST_REAUTH_DISABLED	0x0
360#define	NLP_HOST_REAUTH_ENABLED		0x1
361#define	NLP_HOST_REAUTH_IN_PROGRESS	0x2
362
363	uint32_t		nlp_fb_vendor;
364#define	NLP_FABRIC_CISCO	0x1
365#define	NLP_FABRIC_OTHERS	0x2
366
367	uint32_t		fc_dhchap_success_expected;
368
369	/* hash_id, dhgp_id are set from responder, host is the initiator */
370	uint32_t		hash_id;		/* 0x05 for MD5 */
371							/* 0x06 for SHA-1 */
372	uint32_t		dhgp_id;		/* DH grp identifier */
373
374	uint8_t			bi_cval[20];		/* our challenge for */
375							/* bi-dir auth in */
376							/* reply as initiator */
377	uint32_t		bi_cval_len;		/* 16 for MD5 */
378							/* 20 for SHA1 */
379	uint8_t			pub_key[512];		/* max is 512 bytes */
380							/* value (g^y mod p) */
381	uint32_t		pubkey_len;		/* real length of the */
382							/* pub key */
383	uint8_t			ses_key[512];		/* session key: */
384							/* value (g^xy mod p) */
385	uint32_t		seskey_len;		/* real length of the */
386							/* session key */
387
388	/* The following are parameters when host is the responder */
389
390	uint8_t			hrsp_cval[20];		/* challenge value */
391	uint32_t		hrsp_cval_len;		/* challenge value */
392							/* length */
393	uint8_t			hrsp_priv_key[20];	/* private key */
394							/* generated */
395	uint8_t			hrsp_pub_key[512];	/* public key */
396							/* computed */
397	uint32_t		hrsp_pubkey_len;	/* public key length */
398	uint8_t			hrsp_ses_key[512];	/* session key */
399							/* computed */
400	uint32_t		hrsp_seskey_len;	/* session key length */
401
402	uint8_t			*deferred_sbp;		/* Pending IO for */
403							/* auth completion */
404	uint8_t			*deferred_ubp;
405
406	uint32_t		flag;
407#define	NLP_REMOTE_AUTH			0x00000001
408#define	NLP_SET_REAUTH_TIME		0x00000002
409
410	emlxs_auth_cfg_t	*parent_auth_cfg;	/* Original auth_cfg */
411							/* table entry */
412	emlxs_auth_key_t	*parent_auth_key;	/* Original auth_key */
413							/* table entry */
414} emlxs_node_dhc_t;
415
416
417/* For NULL DHCHAP with MD5 and SHA-1 */
418typedef struct _AUTH_NEGOT_PARAMS_1
419{
420	uint16_t  name_tag;		/* set to 0x0001 */
421	uint16_t  name_len;		/* set to 0x0008 */
422	NAME_TYPE nodeName;		/* WWPN */
423	uint32_t  proto_num;		/* set to 0x5 */
424	uint32_t  para_len;		/* set to 0x28 i.e., 40 bytes */
425	uint32_t  proto_id;		/* set to HDCHAP */
426	uint16_t  HashList_tag;		/* set to 0x0001 */
427	uint16_t  HashList_wcnt;	/* set to 0x0002 i.e. MD5 and SHA-1 */
428	uint32_t  HashList_value1;	/* set to MD5 or SHA1 ID 0x00000005,6 */
429	uint16_t  DHgIDList_tag;	/* set to 0x0002 */
430	uint16_t  DHgIDList_wnt;	/* set to 0x0005 i.e., Full DH groups */
431	uint32_t  DHgIDList_g0;		/* set to 0x0000 0000 */
432	uint32_t  DHgIDList_g1;		/* set to 0x0000 0001 */
433	uint32_t  DHgIDList_g2;		/* set to 0x0000 0002 */
434	uint32_t  DHgIDList_g3;		/* set to 0x0000 0003 */
435	uint32_t  DHgIDList_g4;		/* set to 0x0000 0004 */
436} AUTH_NEGOT_PARAMS_1;
437
438
439typedef struct _AUTH_NEGOT_PARAMS_2
440{
441	uint16_t  name_tag;		/* set to 0x0001 */
442	uint16_t  name_len;		/* set to 0x0008 */
443	NAME_TYPE nodeName;		/* WWPN */
444	uint32_t  proto_num;		/* set to 0x5 */
445	uint32_t  para_len;		/* set to 0x28 i.e., 40 bytes */
446	uint32_t  proto_id;		/* set to HDCHAP */
447	uint16_t  HashList_tag;		/* set to 0x0001 */
448	uint16_t  HashList_wcnt;	/* set to 0x0002 i.e. MD5 and SHA-1 */
449	uint32_t  HashList_value1;	/* set to MD5's   ID 0x00000005 */
450	uint32_t  HashList_value2;	/* set to SHA-1's ID 0x00000006 */
451	uint16_t  DHgIDList_tag;	/* set to 0x0002 */
452	uint16_t  DHgIDList_wnt;	/* set to 0x0005 i.e., Full DH groups */
453	uint32_t  DHgIDList_g0;		/* set to 0x0000 0000 */
454	uint32_t  DHgIDList_g1;		/* set to 0x0000 0001 */
455	uint32_t  DHgIDList_g2;		/* set to 0x0000 0002 */
456	uint32_t  DHgIDList_g3;		/* set to 0x0000 0003 */
457	uint32_t  DHgIDList_g4;		/* set to 0x0000 0004 */
458} AUTH_NEGOT_PARAMS_2;
459
460
461/* For NULL DHCHAP with MD5 and SHA-1 */
462typedef struct _AUTH_NEGOT_PARAMS
463{
464	uint16_t  name_tag;		/* set to 0x0001 */
465	uint16_t  name_len;		/* set to 0x0008 */
466	NAME_TYPE nodeName;		/* WWPN */
467	uint32_t  proto_num;		/* set to 0x5 */
468	uint32_t  para_len;		/* set to 0x28 i.e., 40 bytes */
469	uint32_t  proto_id;		/* set to HDCHAP */
470	uint16_t  HashList_tag;		/* set to 0x0001 */
471	uint16_t  HashList_wcnt;	/* set to 0x0002 i.e. MD5 and SHA-1 */
472	uint32_t  HashList_value1;	/* set to MD5's   ID 0x00000005 */
473	uint32_t  HashList_value2;	/* set to SHA-1's ID 0x00000006 */
474	uint16_t  DHgIDList_tag;	/* set to 0x0002 */
475	uint16_t  DHgIDList_wnt;	/* set to 0x0005 i.e., Full DH groups */
476	uint32_t  DHgIDList_g0;		/* set to 0x0000 0000 */
477	uint32_t  DHgIDList_g1;		/* set to 0x0000 0001 */
478	uint32_t  DHgIDList_g2;		/* set to 0x0000 0002 */
479	uint32_t  DHgIDList_g3;		/* set to 0x0000 0003 */
480	uint32_t  DHgIDList_g4;		/* set to 0x0000 0004 */
481} AUTH_NEGOT_PARAMS;
482
483typedef struct _AUTH_NEGOT_PARAMS_NULL_1
484{
485	uint16_t  name_tag;		/* set to 0x0001 */
486	uint16_t  name_len;		/* set to 0x0008 */
487	NAME_TYPE nodeName;		/* WWPN */
488	uint32_t  proto_num;		/* set to 0x5 */
489	uint32_t  para_len;		/* set to 0x28 i.e., 40 bytes */
490	uint32_t  proto_id;		/* set to HDCHAP */
491	uint16_t  HashList_tag;		/* set to 0x0001 */
492	uint16_t  HashList_wcnt;	/* set to 0x0002 i.e. MD5 and SHA-1 */
493	uint32_t  HashList_value1;	/* set to MD5's   ID 0x00000005 */
494	uint16_t  DHgIDList_tag;	/* set to 0x0002 */
495	uint16_t  DHgIDList_wnt;	/* set to 0x0005 i.e., Full DH groups */
496	uint32_t  DHgIDList_g0;		/* set to 0x0000 0000 */
497} AUTH_NEGOT_PARAMS_NULL_1;
498
499typedef struct _AUTH_NEGOT_PARAMS_NULL_2
500{
501	uint16_t  name_tag;		/* set to 0x0001 */
502	uint16_t  name_len;		/* set to 0x0008 */
503	NAME_TYPE nodeName;		/* WWPN */
504	uint32_t  proto_num;		/* set to 0x5 */
505	uint32_t  para_len;		/* set to 0x28 i.e., 40 bytes */
506	uint32_t  proto_id;		/* set to HDCHAP */
507	uint16_t  HashList_tag;		/* set to 0x0001 */
508	uint16_t  HashList_wcnt;	/* set to 0x0002 i.e. MD5 and SHA-1 */
509	uint32_t  HashList_value1;	/* set to MD5's   ID 0x00000005 */
510	uint32_t  HashList_value2;
511	uint16_t  DHgIDList_tag;	/* set to 0x0002 */
512	uint16_t  DHgIDList_wnt;	/* set to 0x0005 i.e., Full DH groups */
513	uint32_t  DHgIDList_g0;		/* set to 0x0000 0000 */
514} AUTH_NEGOT_PARAMS_NULL_2;
515
516
517/* Generic AUTH ELS Header */
518typedef struct _AUTH_MSG_HDR
519{
520	/* 20 bytes in total */
521	uint8_t		auth_els_code;	/* always 0x90h */
522	uint8_t		auth_els_flags;
523	uint8_t		auth_msg_code;	/* see above */
524	uint8_t		proto_version;
525	uint32_t	msg_len;	/* size of msg payload in byte */
526	uint32_t	tran_id;
527	uint16_t	name_tag;	/* set to 0x0001 */
528	uint16_t	name_len;	/* set to 0x0008 */
529	NAME_TYPE	nodeName;	/* WWPN */
530} AUTH_MSG_HDR;
531
532
533typedef struct _SHA1_CVAL
534{
535	uint8_t val[20];
536} SHA1_CVAL;
537
538
539typedef struct _MD5_CVAL
540{
541	uint8_t	val[16];
542} MD5_CVAL;
543
544
545union challenge_val
546{
547	SHA1_CVAL	sha1;
548	MD5_CVAL	md5;
549};
550
551
552/* DHCHAP_Replay */
553typedef struct _DHCHAP_REPLY_HDR
554{
555	uint8_t  auth_els_code;	/* always 0x90h */
556	uint8_t  auth_els_flags;
557	uint8_t  auth_msg_code;	/* see above */
558	uint8_t  proto_version;
559	uint32_t msg_len;	/* size of msg payload in byte */
560	uint32_t tran_id;	/* transaction id */
561} DHCHAP_REPLY_HDR;
562
563
564/* DHCHAP_Challenge */
565typedef struct _DHCHAP_CHALL_NULL
566{
567	AUTH_MSG_HDR	msg_hdr;
568	uint32_t	hash_id;
569	uint32_t	dhgp_id;
570	uint32_t	cval_len;
571} DHCHAP_CHALL_NULL;
572
573typedef struct _DHCHAP_CHALL
574{
575	DHCHAP_CHALL_NULL	cnul;
576	uint8_t			*dhval;
577} DHCHAP_CHALL;
578
579/*
580 * size of msg_payload is variable based on the different protocol
581 * parameters supported in the driver.
582 *
583 * For DHCHAP we plan to support NULL, group 1, 2, 3, 4.
584 *
585 * For NULL DHCHAP protocol only: of these protocol identifiers,
586 * we need name_tag = 2 bytes name_len_size = 2 bytes name_len = 8 bytes
587 * number of usable auth proto = 4 bytes
588 *
589 * --------- for example for NULL DHCAHP only --------------------
590 * auth proto #1 len = 4 bytes #1 ID  = 4 bytes #1 params = 4 + 16 bytes.
591 * ------ Total for NULL DHCHAP = (16 + 12 + 16 ) = 44 bytes.
592 *
593 * If number of usable auth proto is 5, then we should have 5 auth proto params.
594 * assume we are using name_tag 0x0001, then auth name in total = 12 bytes.
595 *
596 * 12 bytes + 4 bytes = 16 bytes. 4 + 4 + 4 = 12 bytes
597 * (num of usable auth proto size = 4
598 * auth proto params #1 len size = 4
599 * auth prot ID for #1 size  = 4
600 *
601 * For DHCHAP param: HashList	2 param tag size (set to 0x0001 as HashList)
602 * 2 param word cnt size (set to 0x0002 as two hash funcs)
603 * 8 for hash ids: MD5 and SHA-1 DHgIDList
604 * 2 param tag size (set to 0x0002 as DHgIDList)
605 * 2 param word cnt size (set to 0x0005 as NULL and 1/2/3/4 groups) 20 for
606 * 5 groups 0x0000 0000 0x0000 0001 0x0000 0002 0x0000 0003 0x0000 0004
607 * Total for FULL group support (16 + 12 + 12 + 24 ) = 64 bytes.
608 *
609 */
610
611typedef struct _AUTH_MSG_NEGOT_1 { /* in Big Endian format */
612	uint8_t			auth_els_code;  /* always 0x90h */
613	uint8_t			auth_els_flags;
614	uint8_t			auth_msg_code;  /* see above */
615	uint8_t			proto_version;
616	uint32_t		msg_len;	/* size of msg payload */
617						/* in byte */
618	uint32_t		tran_id;	/* transaction identifier */
619
620	/* anything else is variable in size (bytes) */
621	/* uint8_t   msg_payload[MAX_AUTH_MSG_SIZE]; */
622	AUTH_NEGOT_PARAMS_1	params;
623} AUTH_MSG_NEGOT_1, *PAUTH_MSG_NEGOT_1;
624
625
626typedef struct _AUTH_MSG_NEGOT_2 { /* in Big Endian format */
627	uint8_t			auth_els_code;  /* always 0x90h */
628	uint8_t			auth_els_flags;
629	uint8_t			auth_msg_code;  /* see above */
630	uint8_t			proto_version;
631	uint32_t		msg_len;	/* size of msg payload */
632						/* in byte */
633	uint32_t		tran_id;	/* transaction identifier */
634
635	/* anything else is variable in size (bytes) */
636	/* uint8_t   msg_payload[MAX_AUTH_MSG_SIZE]; */
637	AUTH_NEGOT_PARAMS_2	params;
638} AUTH_MSG_NEGOT_2, *PAUTH_MSG_NEGOT_2;
639
640
641typedef struct _AUTH_MSG_NEGOT
642{
643	/* in Big Endian format */
644	uint8_t			auth_els_code;	/* always 0x90h */
645	uint8_t			auth_els_flags;
646	uint8_t			auth_msg_code;	/* see above */
647	uint8_t			proto_version;
648	uint32_t		msg_len;	/* size of msg payload */
649						/* in byte */
650	uint32_t		tran_id;	/* transaction identifier */
651
652	/* anything else is variable in size (bytes) */
653	/* uint8_t	msg_payload[MAX_AUTH_MSG_SIZE]; */
654	AUTH_NEGOT_PARAMS	params;
655} AUTH_MSG_NEGOT, *PAUTH_MSG_NEGOT;
656
657
658/* AUTH_Negotiate msg for NULL DH support only */
659typedef struct _AUTH_MSG_NEGOT_NULL
660{
661	uint8_t  auth_els_code;
662	uint8_t  auth_els_flags;
663	uint8_t  auth_msg_code;
664	uint8_t  proto_version;
665	uint32_t msg_len;
666	uint32_t tran_id;
667} AUTH_MSG_NEGOT_NULL, *PAUTH_MSG_NEGOT_NULL;
668
669typedef struct _AUTH_MSG_NEGOT_NULL_1
670{
671	uint8_t				auth_els_code;
672	uint8_t				auth_els_flags;
673	uint8_t				auth_msg_code;
674	uint8_t				proto_version;
675	uint32_t			msg_len;
676	uint32_t			tran_id;
677
678	AUTH_NEGOT_PARAMS_NULL_1	params;
679
680} AUTH_MSG_NEGOT_NULL_1, *PAUTH_MSG_NEGOT_NULL_1;
681
682typedef struct _AUTH_MSG_NEGOT_NULL_2
683{
684	uint8_t				auth_els_code;
685	uint8_t				auth_els_flags;
686	uint8_t				auth_msg_code;
687	uint8_t				proto_version;
688	uint32_t			msg_len;
689	uint32_t			tran_id;
690
691	AUTH_NEGOT_PARAMS_NULL_2	params;
692
693} AUTH_MSG_NEGOT_NULL_2, *PAUTH_MSG_NEGOT_NULL_2;
694
695
696/* auth_els_flags */
697#define	AUTH_ELS_FLAGS_MASK	0x0f;
698
699
700typedef struct _AUTH_RJT
701{
702	uint8_t  auth_els_code;	/* always 0x90h */
703	uint8_t  auth_els_flags;
704	uint8_t  auth_msg_code;	/* see above */
705	uint8_t  proto_version;
706	uint32_t msg_len;	/* size of msg payload in byte */
707	uint32_t tran_id;	/* transaction identifier */
708
709	uint8_t  ReasonCode;
710	uint8_t  ReasonCodeExplanation;
711	uint16_t Reserved;
712} AUTH_RJT, *PAUTH_RJT;
713
714typedef struct _DHCHAP_SUCCESS_HDR
715{
716	uint8_t  auth_els_code;	/* always 0x90h */
717	uint8_t  auth_els_flags;
718	uint8_t  auth_msg_code;	/* see above */
719	uint8_t  proto_version;
720	uint32_t msg_len;	/* size of msg payload in byte */
721	uint32_t tran_id;	/* transaction identifier */
722
723	uint32_t RspVal_len;
724} DHCHAP_SUCCESS_HDR, *PDHCHAP_SUCCESS_HDR;
725
726
727typedef struct dh_group_st
728{
729	unsigned long   groupid;
730	unsigned long   length;
731	unsigned char   value[256];
732} DH_GROUP, *PDH_GROUP;
733
734#pragma weak random_get_pseudo_bytes
735
736
737#endif	/* DHCHAP_SUPPORT */
738
739#ifdef	__cplusplus
740}
741#endif
742
743#endif	/* _EMLXS_DHCHAP_H */
744