1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2000 by Cisco Systems, Inc.  All rights reserved.
23  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
24  */
25 
26 #ifndef	_ISCSIAUTHCLIENT_H
27 #define	_ISCSIAUTHCLIENT_H
28 
29 /*
30  * This file is the include file for for iscsiAuthClient.c
31  */
32 
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36 
37 enum { iscsiAuthStringMaxLength = 512 };
38 enum { iscsiAuthStringBlockMaxLength = 1024 };
39 enum { iscsiAuthLargeBinaryMaxLength = 1024 };
40 
41 enum { iscsiAuthRecvEndMaxCount = 10 };
42 
43 enum { iscsiAuthClientSignature = 0x5984B2E3 };
44 
45 enum { iscsiAuthChapResponseLength = 16 };
46 
47 /*
48  * Note: The ordering of these values are chosen to match
49  *       the ordering of the keys as shown in the iSCSI spec.
50  *       The table IscsiAuthClientKeyInfo in iscsiAuthClient.c
51  *       must also match this order.
52  */
53 enum iscsiAuthKeyType_t {
54 	iscsiAuthKeyTypeNone = -1,
55 	iscsiAuthKeyTypeFirst = 0,
56 	iscsiAuthKeyTypeAuthMethod = iscsiAuthKeyTypeFirst,
57 	iscsiAuthKeyTypeChapAlgorithm,
58 	iscsiAuthKeyTypeChapUsername,
59 	iscsiAuthKeyTypeChapResponse,
60 	iscsiAuthKeyTypeChapIdentifier,
61 	iscsiAuthKeyTypeChapChallenge,
62 	iscsiAuthKeyTypeMaxCount,
63 	iscsiAuthKeyTypeLast = iscsiAuthKeyTypeMaxCount - 1
64 };
65 typedef enum iscsiAuthKeyType_t IscsiAuthKeyType;
66 
67 enum {
68 	/*
69 	 * Common options for all keys.
70 	 */
71 	iscsiAuthOptionReject = -2,
72 	iscsiAuthOptionNotPresent = -1,
73 	iscsiAuthOptionNone = 1,
74 
75 	iscsiAuthMethodChap = 2,
76 	iscsiAuthMethodMaxCount = 2,
77 
78 	iscsiAuthChapAlgorithmMd5 = 5,
79 	iscsiAuthChapAlgorithmMaxCount = 2
80 };
81 
82 enum iscsiAuthNegRole_t {
83 	iscsiAuthNegRoleOriginator = 1,
84 	iscsiAuthNegRoleResponder = 2
85 };
86 typedef enum iscsiAuthNegRole_t IscsiAuthNegRole;
87 
88 /*
89  * Note: These values are chosen to map to the values sent
90  *       in the iSCSI header.
91  */
92 enum iscsiAuthVersion_t {
93 	iscsiAuthVersionDraft8 = 2,
94 	iscsiAuthVersionRfc = 0
95 };
96 typedef enum iscsiAuthVersion_t IscsiAuthVersion;
97 
98 enum iscsiAuthStatus_t {
99 	iscsiAuthStatusNoError = 0,
100 	iscsiAuthStatusError,
101 	iscsiAuthStatusPass,
102 	iscsiAuthStatusFail,
103 	iscsiAuthStatusContinue,
104 	iscsiAuthStatusInProgress
105 };
106 typedef enum iscsiAuthStatus_t IscsiAuthStatus;
107 
108 enum iscsiAuthDebugStatus_t {
109 	iscsiAuthDebugStatusNotSet = 0,
110 
111 	iscsiAuthDebugStatusAuthPass,
112 	iscsiAuthDebugStatusAuthRemoteFalse,
113 
114 	iscsiAuthDebugStatusAuthFail,
115 
116 	iscsiAuthDebugStatusAuthMethodBad,
117 	iscsiAuthDebugStatusChapAlgorithmBad,
118 	iscsiAuthDebugStatusPasswordDecryptFailed,
119 	iscsiAuthDebugStatusPasswordTooShortWithNoIpSec,
120 	iscsiAuthDebugStatusAuthServerError,
121 	iscsiAuthDebugStatusAuthStatusBad,
122 	iscsiAuthDebugStatusAuthPassNotValid,
123 	iscsiAuthDebugStatusSendDuplicateSetKeyValue,
124 	iscsiAuthDebugStatusSendStringTooLong,
125 	iscsiAuthDebugStatusSendTooMuchData,
126 
127 	iscsiAuthDebugStatusAuthMethodExpected,
128 	iscsiAuthDebugStatusChapAlgorithmExpected,
129 	iscsiAuthDebugStatusChapIdentifierExpected,
130 	iscsiAuthDebugStatusChapChallengeExpected,
131 	iscsiAuthDebugStatusChapResponseExpected,
132 	iscsiAuthDebugStatusChapUsernameExpected,
133 
134 	iscsiAuthDebugStatusAuthMethodNotPresent,
135 	iscsiAuthDebugStatusAuthMethodReject,
136 	iscsiAuthDebugStatusAuthMethodNone,
137 	iscsiAuthDebugStatusChapAlgorithmReject,
138 	iscsiAuthDebugStatusChapChallengeReflected,
139 	iscsiAuthDebugStatusPasswordIdentical,
140 
141 	iscsiAuthDebugStatusLocalPasswordNotSet,
142 
143 	iscsiAuthDebugStatusChapIdentifierBad,
144 	iscsiAuthDebugStatusChapChallengeBad,
145 	iscsiAuthDebugStatusChapResponseBad,
146 	iscsiAuthDebugStatusUnexpectedKeyPresent,
147 	iscsiAuthDebugStatusTbitSetIllegal,
148 	iscsiAuthDebugStatusTbitSetPremature,
149 
150 	iscsiAuthDebugStatusRecvMessageCountLimit,
151 	iscsiAuthDebugStatusRecvDuplicateSetKeyValue,
152 	iscsiAuthDebugStatusRecvStringTooLong,
153 	iscsiAuthDebugStatusRecvTooMuchData
154 };
155 typedef enum iscsiAuthDebugStatus_t IscsiAuthDebugStatus;
156 
157 enum iscsiAuthNodeType_t {
158 	iscsiAuthNodeTypeInitiator = 1,
159 	iscsiAuthNodeTypeTarget = 2
160 };
161 typedef enum iscsiAuthNodeType_t IscsiAuthNodeType;
162 
163 enum iscsiAuthPhase_t {
164 	iscsiAuthPhaseConfigure = 1,
165 	iscsiAuthPhaseNegotiate,		/* Negotiating */
166 	iscsiAuthPhaseAuthenticate,		/* Authenticating */
167 	iscsiAuthPhaseDone,			/* Authentication done */
168 	iscsiAuthPhaseError
169 };
170 typedef enum iscsiAuthPhase_t IscsiAuthPhase;
171 
172 enum iscsiAuthLocalState_t {
173 	iscsiAuthLocalStateSendAlgorithm = 1,
174 	iscsiAuthLocalStateRecvAlgorithm,
175 	iscsiAuthLocalStateRecvChallenge,
176 	iscsiAuthLocalStateDone,
177 	iscsiAuthLocalStateError
178 };
179 typedef enum iscsiAuthLocalState_t IscsiAuthLocalState;
180 
181 enum iscsiAuthRemoteState_t {
182 	iscsiAuthRemoteStateSendAlgorithm = 1,
183 	iscsiAuthRemoteStateSendChallenge,
184 	iscsiAuthRemoteStateRecvResponse,
185 	iscsiAuthRemoteStateAuthRequest,
186 	iscsiAuthRemoteStateDone,
187 	iscsiAuthRemoteStateError
188 };
189 typedef enum iscsiAuthRemoteState_t IscsiAuthRemoteState;
190 
191 
192 typedef void IscsiAuthClientCallback(void *, void *, int);
193 
194 
195 struct iscsiAuthClientGlobalStats_t {
196 	unsigned long requestSent;
197 	unsigned long responseReceived;
198 };
199 typedef struct iscsiAuthClientGlobalStats_t IscsiAuthClientGlobalStats;
200 
201 struct iscsiAuthBufferDesc_t {
202 	unsigned int length;
203 	void *address;
204 };
205 typedef struct iscsiAuthBufferDesc_t IscsiAuthBufferDesc;
206 
207 struct iscsiAuthKey_t {
208 	unsigned int present:1;
209 	unsigned int processed:1;
210 	unsigned int valueSet:1;	/* 1 if the value is set to be valid */
211 	char *string;
212 };
213 typedef struct iscsiAuthKey_t IscsiAuthKey;
214 
215 struct iscsiAuthLargeBinaryKey_t {
216 	unsigned int length;
217 	unsigned char *largeBinary;
218 	};
219 typedef struct iscsiAuthLargeBinaryKey_t IscsiAuthLargeBinaryKey;
220 
221 struct iscsiAuthKeyBlock_t {
222 	unsigned int transitBit:1;	/* To transit: TRUE or FALSE */
223 	unsigned int duplicateSet:1;	/* Set the value more than once */
224 	unsigned int stringTooLong:1;	/* Key value too long */
225 	unsigned int tooMuchData:1;	/* The keypair data blk overflows */
226 	unsigned int blockLength:16;	/* The length of the keypair data blk */
227 	char *stringBlock;
228 	IscsiAuthKey key[iscsiAuthKeyTypeMaxCount];
229 };
230 typedef struct iscsiAuthKeyBlock_t IscsiAuthKeyBlock;
231 
232 struct iscsiAuthStringBlock_t {
233 	char stringBlock[iscsiAuthStringBlockMaxLength];
234 };
235 typedef struct iscsiAuthStringBlock_t IscsiAuthStringBlock;
236 
237 struct iscsiAuthLargeBinary_t {
238 	unsigned char largeBinary[iscsiAuthLargeBinaryMaxLength];
239 };
240 typedef struct iscsiAuthLargeBinary_t IscsiAuthLargeBinary;
241 
242 struct iscsiAuthClient_t {
243 	unsigned long signature;
244 
245 	void *glueHandle;
246 	struct iscsiAuthClient_t *next;
247 	unsigned int authRequestId;
248 
249 	IscsiAuthNodeType nodeType;
250 	unsigned int authMethodCount;
251 	int authMethodList[iscsiAuthMethodMaxCount];
252 	IscsiAuthNegRole authMethodNegRole;
253 	unsigned int chapAlgorithmCount;
254 	int chapAlgorithmList[iscsiAuthChapAlgorithmMaxCount];
255 
256 	/*
257 	 * To indicate if remote authentication is enabled (0 = no 1 = yes)
258 	 * For the case of initiator, remote authentication enabled means
259 	 * enabling target authentication.
260 	 */
261 	int authRemote;
262 
263 	char username[iscsiAuthStringMaxLength];
264 	int passwordPresent;
265 	unsigned int passwordLength;
266 	unsigned char passwordData[iscsiAuthStringMaxLength];
267 	char methodListName[iscsiAuthStringMaxLength];
268 	IscsiAuthVersion version;
269 	unsigned int chapChallengeLength;
270 	int ipSec;
271 	int base64;
272 
273 	unsigned int authMethodValidCount;
274 	int authMethodValidList[iscsiAuthMethodMaxCount];
275 	int authMethodValidNegRole;
276 	const char *rejectOptionName;
277 	const char *noneOptionName;
278 
279 	int recvInProgressFlag;
280 	int recvEndCount;
281 	IscsiAuthClientCallback *callback;
282 	void *userHandle;
283 	void *messageHandle;
284 
285 	IscsiAuthPhase phase;
286 	IscsiAuthLocalState localState;
287 	IscsiAuthRemoteState remoteState;
288 	IscsiAuthStatus remoteAuthStatus;
289 	IscsiAuthDebugStatus debugStatus;
290 	int negotiatedAuthMethod;
291 	int negotiatedChapAlgorithm;
292 	int authResponseFlag;
293 	int authServerErrorFlag;
294 	int transitBitSentFlag;
295 
296 	unsigned int sendChapIdentifier;
297 	IscsiAuthLargeBinaryKey sendChapChallenge;
298 	char chapUsername[iscsiAuthStringMaxLength];
299 
300 	int recvChapChallengeStatus;
301 	IscsiAuthLargeBinaryKey recvChapChallenge;
302 
303 	char scratchKeyValue[iscsiAuthStringMaxLength];
304 
305 	IscsiAuthKeyBlock recvKeyBlock;		/* Received keypair data */
306 	IscsiAuthKeyBlock sendKeyBlock;		/* Keypair data to be sent */
307 };
308 typedef struct iscsiAuthClient_t IscsiAuthClient;
309 
310 
311 #ifdef __cplusplus
312 }
313 #endif
314 #include <iscsiAuthClientGlue.h>
315 #ifdef __cplusplus
316 extern "C" {
317 #endif
318 
319 
320 extern IscsiAuthClientGlobalStats iscsiAuthClientGlobalStats;
321 
322 
323 extern int iscsiAuthClientInit(int, int, IscsiAuthBufferDesc *);
324 extern int iscsiAuthClientFinish(IscsiAuthClient *);
325 
326 extern int iscsiAuthClientRecvBegin(IscsiAuthClient *);
327 extern int iscsiAuthClientRecvEnd(IscsiAuthClient *,
328     IscsiAuthClientCallback *, void *, void *);
329 
330 extern const char *iscsiAuthClientGetKeyName(int);
331 extern int iscsiAuthClientGetNextKeyType(int *);
332 extern int iscsiAuthClientKeyNameToKeyType(const char *);
333 extern int iscsiAuthClientRecvKeyValue(IscsiAuthClient *, int, const char *);
334 extern int iscsiAuthClientSendKeyValue(IscsiAuthClient *, int, int *, char *,
335     unsigned int);
336 extern int iscsiAuthClientRecvTransitBit(IscsiAuthClient *, int);
337 extern int iscsiAuthClientSendTransitBit(IscsiAuthClient *, int *);
338 
339 extern int iscsiAuthClientSetAuthMethodList(IscsiAuthClient *, unsigned int,
340     const int *);
341 extern int iscsiAuthClientSetAuthMethodNegRole(IscsiAuthClient *, int);
342 extern int iscsiAuthClientSetChapAlgorithmList(IscsiAuthClient *, unsigned int,
343     const int *);
344 extern int iscsiAuthClientSetUsername(IscsiAuthClient *, const char *);
345 extern int iscsiAuthClientSetPassword(IscsiAuthClient *, const unsigned char *,
346     unsigned int);
347 extern int iscsiAuthClientSetAuthRemote(IscsiAuthClient *, int);
348 extern int iscsiAuthClientSetGlueHandle(IscsiAuthClient *, void *);
349 extern int iscsiAuthClientSetMethodListName(IscsiAuthClient *, const char *);
350 extern int iscsiAuthClientSetIpSec(IscsiAuthClient *, int);
351 extern int iscsiAuthClientSetBase64(IscsiAuthClient *, int);
352 extern int iscsiAuthClientSetChapChallengeLength(IscsiAuthClient *,
353     unsigned int);
354 extern int iscsiAuthClientSetVersion(IscsiAuthClient *, int);
355 extern int iscsiAuthClientCheckPasswordNeeded(IscsiAuthClient *, int *);
356 
357 extern int iscsiAuthClientGetAuthPhase(IscsiAuthClient *, int *);
358 extern int iscsiAuthClientGetAuthStatus(IscsiAuthClient *, int *);
359 extern int iscsiAuthClientAuthStatusPass(int);
360 extern int iscsiAuthClientGetAuthMethod(IscsiAuthClient *, int *);
361 extern int iscsiAuthClientGetChapAlgorithm(IscsiAuthClient *, int *);
362 extern int iscsiAuthClientGetChapUsername(IscsiAuthClient *, char *,
363     unsigned int);
364 
365 extern int iscsiAuthClientSendStatusCode(IscsiAuthClient *, int *);
366 extern int iscsiAuthClientGetDebugStatus(IscsiAuthClient *, int *);
367 extern const char *iscsiAuthClientDebugStatusToText(int);
368 
369 /*
370  * The following is called by platform dependent code.
371  */
372 extern void iscsiAuthClientAuthResponse(IscsiAuthClient *, int);
373 
374 /*
375  * The following routines are considered platform dependent,
376  * and need to be implemented for use by iscsiAuthClient.c.
377  */
378 
379 extern int iscsiAuthClientChapAuthRequest(IscsiAuthClient *, char *,
380     unsigned int,
381     unsigned char *, unsigned int, unsigned char *, unsigned int);
382 extern void iscsiAuthClientChapAuthCancel(IscsiAuthClient *);
383 
384 extern int iscsiAuthClientTextToNumber(const char *, unsigned long *);
385 extern void iscsiAuthClientNumberToText(unsigned long, char *, unsigned int);
386 
387 extern void iscsiAuthRandomSetData(unsigned char *, unsigned int);
388 extern void iscsiAuthMd5Init(IscsiAuthMd5Context *);
389 extern void iscsiAuthMd5Update(IscsiAuthMd5Context *, unsigned char *,
390     unsigned int);
391 extern void iscsiAuthMd5Final(unsigned char *, IscsiAuthMd5Context *);
392 
393 extern int iscsiAuthClientData(unsigned char *, unsigned int *, unsigned char *,
394     unsigned int);
395 
396 #ifdef __cplusplus
397 }
398 #endif
399 
400 #endif	/* _ISCSIAUTHCLIENT_H */
401