1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at
9  * http://www.opensource.org/licenses/cddl1.txt.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 2004-2011 Emulex. All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef _EMLXS_DHCHAP_H
28 #define	_EMLXS_DHCHAP_H
29 
30 #ifdef	__cplusplus
31 extern "C" {
32 #endif
33 
34 #ifdef DHCHAP_SUPPORT
35 #include <sys/random.h>
36 
37 
38 /* emlxs_auth_cfg_t */
39 #define	PASSWORD_TYPE_ASCII	1
40 #define	PASSWORD_TYPE_BINARY	2
41 #define	PASSWORD_TYPE_IGNORE	3
42 
43 #define	AUTH_MODE_DISABLED	1
44 #define	AUTH_MODE_ACTIVE	2
45 #define	AUTH_MODE_PASSIVE	3
46 
47 #define	ELX_DHCHAP		0x01	/* Only one currently supported */
48 #define	ELX_FCAP		0x02
49 #define	ELX_FCPAP		0x03
50 #define	ELX_KERBEROS		0x04
51 
52 #define	ELX_MD5			0x01
53 #define	ELX_SHA1		0x02
54 
55 #define	ELX_GROUP_NULL		0x01
56 #define	ELX_GROUP_1024		0x02
57 #define	ELX_GROUP_1280		0x03
58 #define	ELX_GROUP_1536		0x04
59 #define	ELX_GROUP_2048		0x05
60 
61 
62 /* AUTH_ELS Code */
63 #define	ELS_CMD_AUTH_CODE	0x90
64 
65 /* AUTH_ELS Flags */
66 
67 /* state ? */
68 #define	AUTH_FINISH		0xFF
69 #define	AUTH_ABORT		0xFE
70 
71 /* auth_msg code for DHCHAP */
72 #define	AUTH_REJECT		0x0A
73 #define	AUTH_NEGOTIATE		0x0B
74 #define	AUTH_DONE		0x0C
75 #define	DHCHAP_CHALLENGE	0x10
76 #define	DHCHAP_REPLY		0x11
77 #define	DHCHAP_SUCCESS		0x12
78 
79 /* BIG ENDIAN and LITTLE ENDIAN */
80 
81 /* authentication protocol identifiers */
82 #ifdef EMLXS_BIG_ENDIAN
83 
84 #define	AUTH_DHCHAP		0x00000001
85 #define	AUTH_FCAP		0x00000002
86 #define	AUTH_FCPAP		0x00000003
87 #define	AUTH_KERBEROS		0x00000004
88 
89 #define	HASH_LIST_TAG		0x0001
90 #define	DHGID_LIST_TAG		0x0002
91 
92 /* hash function identifiers */
93 #define	AUTH_SHA1		0x00000006
94 #define	AUTH_MD5		0x00000005
95 
96 /* DHCHAP group ids */
97 #define	GROUP_NULL		0x00000000
98 #define	GROUP_1024		0x00000001
99 #define	GROUP_1280		0x00000002
100 #define	GROUP_1536		0x00000003
101 #define	GROUP_2048		0x00000004
102 
103 /* Tran_id Mask */
104 #define	AUTH_TRAN_ID_MASK	0x000000FF
105 
106 #endif	/* EMLXS_BIG_ENDIAN */
107 
108 #ifdef EMLXS_LITTLE_ENDIAN
109 
110 #define	AUTH_DHCHAP		0x01000000
111 #define	AUTH_FCAP		0x02000000
112 #define	AUTH_FCPAP		0x03000000
113 #define	AUTH_KERBEROS		0x04000000
114 
115 #define	HASH_LIST_TAG		0x0100
116 #define	DHGID_LIST_TAG		0x0200
117 
118 /* hash function identifiers */
119 #define	AUTH_SHA1		0x06000000
120 #define	AUTH_MD5		0x05000000
121 
122 /* DHCHAP group ids */
123 #define	GROUP_NULL		0x00000000
124 #define	GROUP_1024		0x01000000
125 #define	GROUP_1280		0x02000000
126 #define	GROUP_1536		0x03000000
127 #define	GROUP_2048		0x04000000
128 
129 /* Tran_id Mask */
130 #define	AUTH_TRAN_ID_MASK	0xFF000000
131 
132 #endif	/* EMLXS_LITTLE_ENDIAN */
133 
134 /* hash funcs hash length in byte */
135 #define	SHA1_LEN		0x00000014	/* 20 bytes */
136 #define	MD5_LEN			0x00000010	/* 16 bytes */
137 
138 #define	HBA_SECURITY			0x20
139 
140 /* AUTH_Reject Reason Codes */
141 #define	AUTHRJT_FAILURE			0x01
142 #define	AUTHRJT_LOGIC_ERR		0x02
143 
144 /* LS_RJT Reason Codes for AUTH_ELS */
145 #define	LSRJT_AUTH_REQUIRED		0x03
146 #define	LSRJT_AUTH_LOGICAL_BSY		0x05
147 #define	LSRJT_AUTH_ELS_NOT_SUPPORTED	0x0B
148 #define	LSRJT_AUTH_NOT_LOGGED_IN	0x09
149 
150 /* AUTH_Reject Reason Code Explanations */
151 #define	AUTHEXP_MECH_UNUSABLE		0x01 /* AUTHRJT_LOGIC_ERR */
152 #define	AUTHEXP_DHGROUP_UNUSABLE	0x02 /* AUTHRJT_LOGIC_ERR */
153 #define	AUTHEXP_HASHFUNC_UNUSABLE	0x03 /* AUTHRJT_LOGIC_ERR */
154 #define	AUTHEXP_AUTHTRAN_STARTED	0x04 /* AUTHRJT_LOGIC_ERR */
155 #define	AUTHEXP_AUTH_FAILED		0x05 /* AUTHRJT_FAILURE */
156 #define	AUTHEXP_BAD_PAYLOAD		0x06 /* AUTHRJT_FAILURE */
157 #define	AUTHEXP_BAD_PROTOCOL		0x07 /* AUTHRJT_FAILURE */
158 #define	AUTHEXP_RESTART_AUTH		0x08 /* AUTHRJT_LOGIC_ERR */
159 #define	AUTHEXP_CONCAT_UNSUPP		0x09 /* AUTHRJT_LOGIC_ERR */
160 #define	AUTHEXP_BAD_PROTOVERS		0x0A /* AUTHRJT_LOGIC_ERR */
161 
162 /* LS_RJT Reason Code Explanations for AUTH_ELS */
163 #define	LSEXP_AUTH_REQUIRED		0x48
164 #define	LSEXP_AUTH_ELS_NOT_SUPPORTED	0x2C
165 #define	LSEXP_AUTH_ELS_NOT_LOGGED_IN	0x1E
166 #define	LSEXP_AUTH_LOGICAL_BUSY		0x00
167 
168 
169 #define	MAX_AUTH_MSA_SIZE 1024
170 
171 #define	MAX_AUTH_PID 	0x4	/* Max auth proto identifier list */
172 
173 /* parameter tag */
174 #define	HASH_LIST	0x0001
175 #define	DHG_ID_LIST	0x0002
176 
177 /* name tag from Table 13 v1.8 pp 30 */
178 #ifdef EMLXS_BIG_ENDIAN
179 #define	AUTH_NAME_ID		0x0001
180 #define	AUTH_NAME_LEN		0x0008
181 #define	AUTH_PROTO_NUM		0x00000001
182 #define	AUTH_NULL_PARA_LEN	0x00000028
183 #endif	/* EMLXS_BIG_ENDIAN */
184 
185 #ifdef EMLXS_LITTLE_ENDIAN
186 #define	AUTH_NAME_ID		0x0100
187 #define	AUTH_NAME_LEN		0x0800
188 #define	AUTH_PROTO_NUM		0x01000000
189 #define	AUTH_NULL_PARA_LEN	0x28000000
190 #endif	/* EMLXS_LITTLE_ENDIAN */
191 
192 /* name tag from Table 103 v 1.8 pp 123 */
193 #define	AUTH_NODE_NAME		0x0002
194 #define	AUTH_PORT_NAME		0x0003
195 
196 
197 /* From HBAnyware dfc lib FC-SP */
198 typedef struct emlxs_auth_cfg
199 {
200 	NAME_TYPE		local_entity;	/* host wwpn (NPIV support) */
201 	NAME_TYPE		remote_entity;	/* switch or target wwpn */
202 	uint32_t		authentication_timeout;
203 	uint32_t		authentication_mode;
204 	uint32_t		bidirectional:1;
205 	uint32_t		reserved:31;
206 	uint32_t		authentication_type_priority[4];
207 	uint32_t		hash_priority[4];
208 	uint32_t		dh_group_priority[8];
209 	uint32_t		reauthenticate_time_interval;
210 
211 	dfc_auth_status_t	auth_status;
212 	time_t			auth_time;
213 	struct emlxs_node	*node;
214 
215 	struct emlxs_auth_cfg	*prev;
216 	struct emlxs_auth_cfg	*next;
217 } emlxs_auth_cfg_t;
218 
219 
220 typedef struct emlxs_auth_key
221 {
222 	NAME_TYPE		local_entity;		/* host wwpn */
223 							/* (NPIV support) */
224 	NAME_TYPE		remote_entity;		/* switch or target */
225 							/* wwpn */
226 	uint16_t		local_password_length;
227 	uint16_t		local_password_type;
228 	uint8_t			local_password[128];	/* hba authenticates */
229 							/* to switch  */
230 	uint16_t		remote_password_length;
231 	uint16_t		remote_password_type;
232 	uint8_t			remote_password[128];	/* hba authenticates */
233 							/* to switch  */
234 
235 	struct emlxs_node	*node;
236 
237 	struct emlxs_auth_key	*prev;
238 	struct emlxs_auth_key	*next;
239 } emlxs_auth_key_t;
240 
241 
242 typedef struct emlxs_auth_misc
243 {
244 	uint8_t		bi_cval[20];		/* our challenge for bi-dir */
245 						/* auth in reply as initiator */
246 	uint32_t	bi_cval_len;		/* 16 for MD5, 20 for SHA1 */
247 	uint8_t		pub_key[512];		/* max is 512 bytes value of */
248 						/* (g^y mod p) */
249 	uint32_t	pubkey_len;		/* real length of the pub key */
250 	uint8_t		ses_key[512];		/* session key: value of */
251 						/* (g^xy mod p) */
252 	uint32_t	seskey_len;		/* real length of the session */
253 						/* key */
254 
255 	/* The following are parameters when host is the responder */
256 	uint8_t		hrsp_cval[20];		/* challenge value from host */
257 						/* as responder */
258 	uint32_t	hrsp_cval_len;		/* host as the responder its */
259 						/* challenge value len */
260 	uint8_t		hrsp_priv_key[20];	/* the private key generated */
261 						/* in host as responder */
262 	uint8_t		hrsp_pub_key[512];	/* public key calculated when */
263 						/* host as responder */
264 	uint32_t	hrsp_pubkey_len;	/* public key length when */
265 						/* host is responder */
266 	uint8_t		hrsp_ses_key[512];	/* session key computed when */
267 						/* host is responder */
268 	uint32_t	hrsp_seskey_len;	/* session key length when */
269 						/* host is responder */
270 } emlxs_auth_misc_t;
271 
272 
273 /*
274  * emlxs_port_dhc struct to be used by emlxs_port_t in emlxs_fc.h
275  *
276  * This structure contains all the data used by DHCHAP.
277  * They are from EMLXSHBA_t in emlxs driver.
278  *
279  */
280 typedef struct emlxs_port_dhc
281 {
282 
283 	int32_t			state;
284 #define	ELX_FABRIC_STATE_UNKNOWN	0x00
285 #define	ELX_FABRIC_AUTH_DISABLED	0x01
286 #define	ELX_FABRIC_AUTH_FAILED		0x02
287 #define	ELX_FABRIC_AUTH_SUCCESS		0x03
288 #define	ELX_FABRIC_IN_AUTH		0x04
289 #define	ELX_FABRIC_IN_REAUTH		0x05
290 
291 	dfc_auth_status_t	auth_status;  /* Fabric auth status */
292 	time_t			auth_time;
293 
294 } emlxs_port_dhc_t;
295 
296 
297 /* Node Events */
298 #define	NODE_EVENT_DEVICE_RM		0x0	/* Auth response timeout and */
299 						/* fail */
300 #define	NODE_EVENT_DEVICE_RECOVERY	0x1	/* Auth response timeout and */
301 						/* recovery */
302 #define	NODE_EVENT_RCV_AUTH_MSG		0x2	/* Unsolicited Auth received */
303 #define	NODE_EVENT_CMPL_AUTH_MSG	0x3
304 #define	NODE_EVENT_MAX_EVENT		0x4
305 
306 /*
307  * emlxs_node_dhc struct to be used in emlxs_node_t.
308  * They are from emlxs_nodelist_t in emlxs driver.
309  */
310 typedef struct emlxs_node_dhc
311 {
312 	uint16_t		state;		/* used for state machine */
313 #define	NODE_STATE_UNKNOWN				0x00
314 #define	NODE_STATE_AUTH_DISABLED 			0x01
315 #define	NODE_STATE_AUTH_FAILED				0x02
316 #define	NODE_STATE_AUTH_SUCCESS				0x03
317 #define	NODE_STATE_AUTH_NEGOTIATE_ISSUE			0x04
318 #define	NODE_STATE_AUTH_NEGOTIATE_RCV			0x05
319 #define	NODE_STATE_AUTH_NEGOTIATE_CMPL_WAIT4NEXT	0x06
320 #define	NODE_STATE_DHCHAP_CHALLENGE_ISSUE		0x07
321 #define	NODE_STATE_DHCHAP_REPLY_ISSUE			0x08
322 #define	NODE_STATE_DHCHAP_CHALLENGE_CMPL_WAIT4NEXT	0x09
323 #define	NODE_STATE_DHCHAP_REPLY_CMPL_WAIT4NEXT		0x0A
324 #define	NODE_STATE_DHCHAP_SUCCESS_ISSUE			0x0B
325 #define	NODE_STATE_DHCHAP_SUCCESS_ISSUE_WAIT4NEXT	0x0C
326 #define	NODE_STATE_DHCHAP_SUCCESS_CMPL_WAIT4NEXT	0x0D
327 #define	NODE_STATE_NOCHANGE				0xFFFFFFFF
328 
329 	uint16_t		prev_state;  /* for info only */
330 
331 	uint32_t		disc_refcnt;
332 
333 	emlxs_auth_cfg_t	auth_cfg;
334 	emlxs_auth_key_t	auth_key;
335 
336 	uint32_t		nlp_authrsp_tmo;	/* Response timeout */
337 	uint32_t		nlp_authrsp_tmocnt;
338 
339 	uint32_t		nlp_auth_tranid_ini;	/* tran_id when this */
340 							/* node is initiator */
341 	uint32_t		nlp_auth_tranid_rsp;	/* tran_id when this */
342 							/* node is responder */
343 
344 	uint32_t		nlp_auth_flag;		/* 1:initiator */
345 							/* 2:responder */
346 	uint32_t		nlp_auth_limit;		/* 1: NULL DHCHAP */
347 							/* 2: full support */
348 
349 	/* information in DHCHAP_Challenge as the auth responder */
350 	uint32_t		nlp_auth_hashid;
351 	uint32_t		nlp_auth_dhgpid;
352 	uint32_t		nlp_auth_bidir;
353 	NAME_TYPE		nlp_auth_wwn;
354 
355 	emlxs_auth_misc_t	nlp_auth_misc;
356 
357 	uint32_t		nlp_reauth_tmo;
358 	uint16_t		nlp_reauth_status;
359 #define	NLP_HOST_REAUTH_DISABLED	0x0
360 #define	NLP_HOST_REAUTH_ENABLED		0x1
361 #define	NLP_HOST_REAUTH_IN_PROGRESS	0x2
362 
363 	uint32_t		nlp_fb_vendor;
364 #define	NLP_FABRIC_CISCO	0x1
365 #define	NLP_FABRIC_OTHERS	0x2
366 
367 	uint32_t		fc_dhchap_success_expected;
368 
369 	/* hash_id, dhgp_id are set from responder, host is the initiator */
370 	uint32_t		hash_id;		/* 0x05 for MD5 */
371 							/* 0x06 for SHA-1 */
372 	uint32_t		dhgp_id;		/* DH grp identifier */
373 
374 	uint8_t			bi_cval[20];		/* our challenge for */
375 							/* bi-dir auth in */
376 							/* reply as initiator */
377 	uint32_t		bi_cval_len;		/* 16 for MD5 */
378 							/* 20 for SHA1 */
379 	uint8_t			pub_key[512];		/* max is 512 bytes */
380 							/* value (g^y mod p) */
381 	uint32_t		pubkey_len;		/* real length of the */
382 							/* pub key */
383 	uint8_t			ses_key[512];		/* session key: */
384 							/* value (g^xy mod p) */
385 	uint32_t		seskey_len;		/* real length of the */
386 							/* session key */
387 
388 	/* The following are parameters when host is the responder */
389 
390 	uint8_t			hrsp_cval[20];		/* challenge value */
391 	uint32_t		hrsp_cval_len;		/* challenge value */
392 							/* length */
393 	uint8_t			hrsp_priv_key[20];	/* private key */
394 							/* generated */
395 	uint8_t			hrsp_pub_key[512];	/* public key */
396 							/* computed */
397 	uint32_t		hrsp_pubkey_len;	/* public key length */
398 	uint8_t			hrsp_ses_key[512];	/* session key */
399 							/* computed */
400 	uint32_t		hrsp_seskey_len;	/* session key length */
401 
402 	uint8_t			*deferred_sbp;		/* Pending IO for */
403 							/* auth completion */
404 	uint8_t			*deferred_ubp;
405 
406 	uint32_t		flag;
407 #define	NLP_REMOTE_AUTH			0x00000001
408 #define	NLP_SET_REAUTH_TIME		0x00000002
409 
410 	emlxs_auth_cfg_t	*parent_auth_cfg;	/* Original auth_cfg */
411 							/* table entry */
412 	emlxs_auth_key_t	*parent_auth_key;	/* Original auth_key */
413 							/* table entry */
414 } emlxs_node_dhc_t;
415 
416 
417 /* For NULL DHCHAP with MD5 and SHA-1 */
418 typedef struct _AUTH_NEGOT_PARAMS_1
419 {
420 	uint16_t  name_tag;		/* set to 0x0001 */
421 	uint16_t  name_len;		/* set to 0x0008 */
422 	NAME_TYPE nodeName;		/* WWPN */
423 	uint32_t  proto_num;		/* set to 0x5 */
424 	uint32_t  para_len;		/* set to 0x28 i.e., 40 bytes */
425 	uint32_t  proto_id;		/* set to HDCHAP */
426 	uint16_t  HashList_tag;		/* set to 0x0001 */
427 	uint16_t  HashList_wcnt;	/* set to 0x0002 i.e. MD5 and SHA-1 */
428 	uint32_t  HashList_value1;	/* set to MD5 or SHA1 ID 0x00000005,6 */
429 	uint16_t  DHgIDList_tag;	/* set to 0x0002 */
430 	uint16_t  DHgIDList_wnt;	/* set to 0x0005 i.e., Full DH groups */
431 	uint32_t  DHgIDList_g0;		/* set to 0x0000 0000 */
432 	uint32_t  DHgIDList_g1;		/* set to 0x0000 0001 */
433 	uint32_t  DHgIDList_g2;		/* set to 0x0000 0002 */
434 	uint32_t  DHgIDList_g3;		/* set to 0x0000 0003 */
435 	uint32_t  DHgIDList_g4;		/* set to 0x0000 0004 */
436 } AUTH_NEGOT_PARAMS_1;
437 
438 
439 typedef struct _AUTH_NEGOT_PARAMS_2
440 {
441 	uint16_t  name_tag;		/* set to 0x0001 */
442 	uint16_t  name_len;		/* set to 0x0008 */
443 	NAME_TYPE nodeName;		/* WWPN */
444 	uint32_t  proto_num;		/* set to 0x5 */
445 	uint32_t  para_len;		/* set to 0x28 i.e., 40 bytes */
446 	uint32_t  proto_id;		/* set to HDCHAP */
447 	uint16_t  HashList_tag;		/* set to 0x0001 */
448 	uint16_t  HashList_wcnt;	/* set to 0x0002 i.e. MD5 and SHA-1 */
449 	uint32_t  HashList_value1;	/* set to MD5's   ID 0x00000005 */
450 	uint32_t  HashList_value2;	/* set to SHA-1's ID 0x00000006 */
451 	uint16_t  DHgIDList_tag;	/* set to 0x0002 */
452 	uint16_t  DHgIDList_wnt;	/* set to 0x0005 i.e., Full DH groups */
453 	uint32_t  DHgIDList_g0;		/* set to 0x0000 0000 */
454 	uint32_t  DHgIDList_g1;		/* set to 0x0000 0001 */
455 	uint32_t  DHgIDList_g2;		/* set to 0x0000 0002 */
456 	uint32_t  DHgIDList_g3;		/* set to 0x0000 0003 */
457 	uint32_t  DHgIDList_g4;		/* set to 0x0000 0004 */
458 } AUTH_NEGOT_PARAMS_2;
459 
460 
461 /* For NULL DHCHAP with MD5 and SHA-1 */
462 typedef struct _AUTH_NEGOT_PARAMS
463 {
464 	uint16_t  name_tag;		/* set to 0x0001 */
465 	uint16_t  name_len;		/* set to 0x0008 */
466 	NAME_TYPE nodeName;		/* WWPN */
467 	uint32_t  proto_num;		/* set to 0x5 */
468 	uint32_t  para_len;		/* set to 0x28 i.e., 40 bytes */
469 	uint32_t  proto_id;		/* set to HDCHAP */
470 	uint16_t  HashList_tag;		/* set to 0x0001 */
471 	uint16_t  HashList_wcnt;	/* set to 0x0002 i.e. MD5 and SHA-1 */
472 	uint32_t  HashList_value1;	/* set to MD5's   ID 0x00000005 */
473 	uint32_t  HashList_value2;	/* set to SHA-1's ID 0x00000006 */
474 	uint16_t  DHgIDList_tag;	/* set to 0x0002 */
475 	uint16_t  DHgIDList_wnt;	/* set to 0x0005 i.e., Full DH groups */
476 	uint32_t  DHgIDList_g0;		/* set to 0x0000 0000 */
477 	uint32_t  DHgIDList_g1;		/* set to 0x0000 0001 */
478 	uint32_t  DHgIDList_g2;		/* set to 0x0000 0002 */
479 	uint32_t  DHgIDList_g3;		/* set to 0x0000 0003 */
480 	uint32_t  DHgIDList_g4;		/* set to 0x0000 0004 */
481 } AUTH_NEGOT_PARAMS;
482 
483 typedef struct _AUTH_NEGOT_PARAMS_NULL_1
484 {
485 	uint16_t  name_tag;		/* set to 0x0001 */
486 	uint16_t  name_len;		/* set to 0x0008 */
487 	NAME_TYPE nodeName;		/* WWPN */
488 	uint32_t  proto_num;		/* set to 0x5 */
489 	uint32_t  para_len;		/* set to 0x28 i.e., 40 bytes */
490 	uint32_t  proto_id;		/* set to HDCHAP */
491 	uint16_t  HashList_tag;		/* set to 0x0001 */
492 	uint16_t  HashList_wcnt;	/* set to 0x0002 i.e. MD5 and SHA-1 */
493 	uint32_t  HashList_value1;	/* set to MD5's   ID 0x00000005 */
494 	uint16_t  DHgIDList_tag;	/* set to 0x0002 */
495 	uint16_t  DHgIDList_wnt;	/* set to 0x0005 i.e., Full DH groups */
496 	uint32_t  DHgIDList_g0;		/* set to 0x0000 0000 */
497 } AUTH_NEGOT_PARAMS_NULL_1;
498 
499 typedef struct _AUTH_NEGOT_PARAMS_NULL_2
500 {
501 	uint16_t  name_tag;		/* set to 0x0001 */
502 	uint16_t  name_len;		/* set to 0x0008 */
503 	NAME_TYPE nodeName;		/* WWPN */
504 	uint32_t  proto_num;		/* set to 0x5 */
505 	uint32_t  para_len;		/* set to 0x28 i.e., 40 bytes */
506 	uint32_t  proto_id;		/* set to HDCHAP */
507 	uint16_t  HashList_tag;		/* set to 0x0001 */
508 	uint16_t  HashList_wcnt;	/* set to 0x0002 i.e. MD5 and SHA-1 */
509 	uint32_t  HashList_value1;	/* set to MD5's   ID 0x00000005 */
510 	uint32_t  HashList_value2;
511 	uint16_t  DHgIDList_tag;	/* set to 0x0002 */
512 	uint16_t  DHgIDList_wnt;	/* set to 0x0005 i.e., Full DH groups */
513 	uint32_t  DHgIDList_g0;		/* set to 0x0000 0000 */
514 } AUTH_NEGOT_PARAMS_NULL_2;
515 
516 
517 /* Generic AUTH ELS Header */
518 typedef struct _AUTH_MSG_HDR
519 {
520 	/* 20 bytes in total */
521 	uint8_t		auth_els_code;	/* always 0x90h */
522 	uint8_t		auth_els_flags;
523 	uint8_t		auth_msg_code;	/* see above */
524 	uint8_t		proto_version;
525 	uint32_t	msg_len;	/* size of msg payload in byte */
526 	uint32_t	tran_id;
527 	uint16_t	name_tag;	/* set to 0x0001 */
528 	uint16_t	name_len;	/* set to 0x0008 */
529 	NAME_TYPE	nodeName;	/* WWPN */
530 } AUTH_MSG_HDR;
531 
532 
533 typedef struct _SHA1_CVAL
534 {
535 	uint8_t val[20];
536 } SHA1_CVAL;
537 
538 
539 typedef struct _MD5_CVAL
540 {
541 	uint8_t	val[16];
542 } MD5_CVAL;
543 
544 
545 union challenge_val
546 {
547 	SHA1_CVAL	sha1;
548 	MD5_CVAL	md5;
549 };
550 
551 
552 /* DHCHAP_Replay */
553 typedef struct _DHCHAP_REPLY_HDR
554 {
555 	uint8_t  auth_els_code;	/* always 0x90h */
556 	uint8_t  auth_els_flags;
557 	uint8_t  auth_msg_code;	/* see above */
558 	uint8_t  proto_version;
559 	uint32_t msg_len;	/* size of msg payload in byte */
560 	uint32_t tran_id;	/* transaction id */
561 } DHCHAP_REPLY_HDR;
562 
563 
564 /* DHCHAP_Challenge */
565 typedef struct _DHCHAP_CHALL_NULL
566 {
567 	AUTH_MSG_HDR	msg_hdr;
568 	uint32_t	hash_id;
569 	uint32_t	dhgp_id;
570 	uint32_t	cval_len;
571 } DHCHAP_CHALL_NULL;
572 
573 typedef struct _DHCHAP_CHALL
574 {
575 	DHCHAP_CHALL_NULL	cnul;
576 	uint8_t			*dhval;
577 } DHCHAP_CHALL;
578 
579 /*
580  * size of msg_payload is variable based on the different protocol
581  * parameters supported in the driver.
582  *
583  * For DHCHAP we plan to support NULL, group 1, 2, 3, 4.
584  *
585  * For NULL DHCHAP protocol only: of these protocol identifiers,
586  * we need name_tag = 2 bytes name_len_size = 2 bytes name_len = 8 bytes
587  * number of usable auth proto = 4 bytes
588  *
589  * --------- for example for NULL DHCAHP only --------------------
590  * auth proto #1 len = 4 bytes #1 ID  = 4 bytes #1 params = 4 + 16 bytes.
591  * ------ Total for NULL DHCHAP = (16 + 12 + 16 ) = 44 bytes.
592  *
593  * If number of usable auth proto is 5, then we should have 5 auth proto params.
594  * assume we are using name_tag 0x0001, then auth name in total = 12 bytes.
595  *
596  * 12 bytes + 4 bytes = 16 bytes. 4 + 4 + 4 = 12 bytes
597  * (num of usable auth proto size = 4
598  * auth proto params #1 len size = 4
599  * auth prot ID for #1 size  = 4
600  *
601  * For DHCHAP param: HashList	2 param tag size (set to 0x0001 as HashList)
602  * 2 param word cnt size (set to 0x0002 as two hash funcs)
603  * 8 for hash ids: MD5 and SHA-1 DHgIDList
604  * 2 param tag size (set to 0x0002 as DHgIDList)
605  * 2 param word cnt size (set to 0x0005 as NULL and 1/2/3/4 groups) 20 for
606  * 5 groups 0x0000 0000 0x0000 0001 0x0000 0002 0x0000 0003 0x0000 0004
607  * Total for FULL group support (16 + 12 + 12 + 24 ) = 64 bytes.
608  *
609  */
610 
611 typedef struct _AUTH_MSG_NEGOT_1 { /* in Big Endian format */
612 	uint8_t			auth_els_code;  /* always 0x90h */
613 	uint8_t			auth_els_flags;
614 	uint8_t			auth_msg_code;  /* see above */
615 	uint8_t			proto_version;
616 	uint32_t		msg_len;	/* size of msg payload */
617 						/* in byte */
618 	uint32_t		tran_id;	/* transaction identifier */
619 
620 	/* anything else is variable in size (bytes) */
621 	/* uint8_t   msg_payload[MAX_AUTH_MSG_SIZE]; */
622 	AUTH_NEGOT_PARAMS_1	params;
623 } AUTH_MSG_NEGOT_1, *PAUTH_MSG_NEGOT_1;
624 
625 
626 typedef struct _AUTH_MSG_NEGOT_2 { /* in Big Endian format */
627 	uint8_t			auth_els_code;  /* always 0x90h */
628 	uint8_t			auth_els_flags;
629 	uint8_t			auth_msg_code;  /* see above */
630 	uint8_t			proto_version;
631 	uint32_t		msg_len;	/* size of msg payload */
632 						/* in byte */
633 	uint32_t		tran_id;	/* transaction identifier */
634 
635 	/* anything else is variable in size (bytes) */
636 	/* uint8_t   msg_payload[MAX_AUTH_MSG_SIZE]; */
637 	AUTH_NEGOT_PARAMS_2	params;
638 } AUTH_MSG_NEGOT_2, *PAUTH_MSG_NEGOT_2;
639 
640 
641 typedef struct _AUTH_MSG_NEGOT
642 {
643 	/* in Big Endian format */
644 	uint8_t			auth_els_code;	/* always 0x90h */
645 	uint8_t			auth_els_flags;
646 	uint8_t			auth_msg_code;	/* see above */
647 	uint8_t			proto_version;
648 	uint32_t		msg_len;	/* size of msg payload */
649 						/* in byte */
650 	uint32_t		tran_id;	/* transaction identifier */
651 
652 	/* anything else is variable in size (bytes) */
653 	/* uint8_t	msg_payload[MAX_AUTH_MSG_SIZE]; */
654 	AUTH_NEGOT_PARAMS	params;
655 } AUTH_MSG_NEGOT, *PAUTH_MSG_NEGOT;
656 
657 
658 /* AUTH_Negotiate msg for NULL DH support only */
659 typedef struct _AUTH_MSG_NEGOT_NULL
660 {
661 	uint8_t  auth_els_code;
662 	uint8_t  auth_els_flags;
663 	uint8_t  auth_msg_code;
664 	uint8_t  proto_version;
665 	uint32_t msg_len;
666 	uint32_t tran_id;
667 } AUTH_MSG_NEGOT_NULL, *PAUTH_MSG_NEGOT_NULL;
668 
669 typedef struct _AUTH_MSG_NEGOT_NULL_1
670 {
671 	uint8_t				auth_els_code;
672 	uint8_t				auth_els_flags;
673 	uint8_t				auth_msg_code;
674 	uint8_t				proto_version;
675 	uint32_t			msg_len;
676 	uint32_t			tran_id;
677 
678 	AUTH_NEGOT_PARAMS_NULL_1	params;
679 
680 } AUTH_MSG_NEGOT_NULL_1, *PAUTH_MSG_NEGOT_NULL_1;
681 
682 typedef struct _AUTH_MSG_NEGOT_NULL_2
683 {
684 	uint8_t				auth_els_code;
685 	uint8_t				auth_els_flags;
686 	uint8_t				auth_msg_code;
687 	uint8_t				proto_version;
688 	uint32_t			msg_len;
689 	uint32_t			tran_id;
690 
691 	AUTH_NEGOT_PARAMS_NULL_2	params;
692 
693 } AUTH_MSG_NEGOT_NULL_2, *PAUTH_MSG_NEGOT_NULL_2;
694 
695 
696 /* auth_els_flags */
697 #define	AUTH_ELS_FLAGS_MASK	0x0f;
698 
699 
700 typedef struct _AUTH_RJT
701 {
702 	uint8_t  auth_els_code;	/* always 0x90h */
703 	uint8_t  auth_els_flags;
704 	uint8_t  auth_msg_code;	/* see above */
705 	uint8_t  proto_version;
706 	uint32_t msg_len;	/* size of msg payload in byte */
707 	uint32_t tran_id;	/* transaction identifier */
708 
709 	uint8_t  ReasonCode;
710 	uint8_t  ReasonCodeExplanation;
711 	uint16_t Reserved;
712 } AUTH_RJT, *PAUTH_RJT;
713 
714 typedef struct _DHCHAP_SUCCESS_HDR
715 {
716 	uint8_t  auth_els_code;	/* always 0x90h */
717 	uint8_t  auth_els_flags;
718 	uint8_t  auth_msg_code;	/* see above */
719 	uint8_t  proto_version;
720 	uint32_t msg_len;	/* size of msg payload in byte */
721 	uint32_t tran_id;	/* transaction identifier */
722 
723 	uint32_t RspVal_len;
724 } DHCHAP_SUCCESS_HDR, *PDHCHAP_SUCCESS_HDR;
725 
726 
727 typedef struct dh_group_st
728 {
729 	unsigned long   groupid;
730 	unsigned long   length;
731 	unsigned char   value[256];
732 } DH_GROUP, *PDH_GROUP;
733 
734 #pragma weak random_get_pseudo_bytes
735 
736 
737 #endif	/* DHCHAP_SUPPORT */
738 
739 #ifdef	__cplusplus
740 }
741 #endif
742 
743 #endif	/* _EMLXS_DHCHAP_H */
744