1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2008 Emulex. All rights reserved. 24 * Use is subject to License terms. 25 */ 26 27 28 #ifndef _EMLXS_DHCHAP_H 29 #define _EMLXS_DHCHAP_H 30 31 #ifdef __cplusplus 32 extern "C" { 33 #endif 34 35 #ifdef DHCHAP_SUPPORT 36 #include <sys/random.h> 37 38 39 /* emlxs_auth_cfg_t */ 40 #define PASSWORD_TYPE_ASCII 1 41 #define PASSWORD_TYPE_BINARY 2 42 #define PASSWORD_TYPE_IGNORE 3 43 44 #define AUTH_MODE_DISABLED 1 45 #define AUTH_MODE_ACTIVE 2 46 #define AUTH_MODE_PASSIVE 3 47 48 #define ELX_DHCHAP 0x01 /* Only one supported */ 49 #define ELX_FCAP 0x02 50 #define ELX_FCPAP 0x03 51 #define ELX_KERBEROS 0x04 52 53 #define ELX_MD5 0x01 54 #define ELX_SHA1 0x02 55 56 #define ELX_GROUP_NULL 0x01 57 #define ELX_GROUP_1024 0x02 58 #define ELX_GROUP_1280 0x03 59 #define ELX_GROUP_1536 0x04 60 #define ELX_GROUP_2048 0x05 61 62 63 /* AUTH_ELS Code */ 64 #define ELS_CMD_AUTH_CODE 0x90 65 66 /* AUTH_ELS Flags */ 67 68 /* state ? */ 69 #define AUTH_FINISH 0xFF 70 #define AUTH_ABORT 0xFE 71 72 /* auth_msg code for DHCHAP */ 73 #define AUTH_REJECT 0x0A 74 #define AUTH_NEGOTIATE 0x0B 75 #define AUTH_DONE 0x0C 76 #define DHCHAP_CHALLENGE 0x10 77 #define DHCHAP_REPLY 0x11 78 #define DHCHAP_SUCCESS 0x12 79 80 /* BIG ENDIAN and LITTLE ENDIAN */ 81 82 /* authentication protocol identifiers */ 83 #ifdef EMLXS_BIG_ENDIAN 84 85 #define AUTH_DHCHAP 0x00000001 86 #define AUTH_FCAP 0x00000002 87 #define AUTH_FCPAP 0x00000003 88 #define AUTH_KERBEROS 0x00000004 89 90 #define HASH_LIST_TAG 0x0001 91 #define DHGID_LIST_TAG 0x0002 92 93 /* hash function identifiers */ 94 #define AUTH_SHA1 0x00000006 95 #define AUTH_MD5 0x00000005 96 97 /* DHCHAP group ids */ 98 #define GROUP_NULL 0x00000000 99 #define GROUP_1024 0x00000001 100 #define GROUP_1280 0x00000002 101 #define GROUP_1536 0x00000003 102 #define GROUP_2048 0x00000004 103 104 /* Tran_id Mask */ 105 #define AUTH_TRAN_ID_MASK 0x000000FF 106 107 #endif /* EMLXS_BIG_ENDIAN */ 108 109 #ifdef EMLXS_LITTLE_ENDIAN 110 111 #define AUTH_DHCHAP 0x01000000 112 #define AUTH_FCAP 0x02000000 113 #define AUTH_FCPAP 0x03000000 114 #define AUTH_KERBEROS 0x04000000 115 116 #define HASH_LIST_TAG 0x0100 117 #define DHGID_LIST_TAG 0x0200 118 119 /* hash function identifiers */ 120 #define AUTH_SHA1 0x06000000 121 #define AUTH_MD5 0x05000000 122 123 /* DHCHAP group ids */ 124 #define GROUP_NULL 0x00000000 125 #define GROUP_1024 0x01000000 126 #define GROUP_1280 0x02000000 127 #define GROUP_1536 0x03000000 128 #define GROUP_2048 0x04000000 129 130 /* Tran_id Mask */ 131 #define AUTH_TRAN_ID_MASK 0xFF000000 132 133 #endif /* EMLXS_LITTLE_ENDIAN */ 134 135 /* hash funcs hash length in byte */ 136 #define SHA1_LEN 0x00000014 /* 20 bytes */ 137 #define MD5_LEN 0x00000010 /* 16 bytes */ 138 139 /* 140 * #define AUTH_IKEv2 0x04 #define AUTH_IKEv2_AUTH 0x05 141 */ 142 143 #define HBA_SECURITY 0x20 144 145 /* AUTH_Reject Reason Codes */ 146 #define AUTHRJT_FAILURE 0x01 147 #define AUTHRJT_LOGIC_ERR 0x02 148 149 /* LS_RJT Reason Codes for AUTH_ELS */ 150 #define LSRJT_AUTH_REQUIRED 0x03 151 #define LSRJT_AUTH_LOGICAL_BSY 0x05 152 #define LSRJT_AUTH_ELS_NOT_SUPPORTED 0x0B 153 #define LSRJT_AUTH_NOT_LOGGED_IN 0x09 154 155 /* AUTH_Reject Reason Code Explanations */ 156 #define AUTHEXP_MECH_UNUSABLE 0x01 /* AUTHRJT_LOGIC_ERR */ 157 #define AUTHEXP_DHGROUP_UNUSABLE 0x02 /* AUTHRJT_LOGIC_ERR */ 158 #define AUTHEXP_HASHFUNC_UNUSABLE 0x03 /* AUTHRJT_LOGIC_ERR */ 159 #define AUTHEXP_AUTHTRAN_STARTED 0x04 /* AUTHRJT_LOGIC_ERR */ 160 #define AUTHEXP_AUTH_FAILED 0x05 /* AUTHRJT_FAILURE */ 161 #define AUTHEXP_BAD_PAYLOAD 0x06 /* AUTHRJT_FAILURE */ 162 #define AUTHEXP_BAD_PROTOCOL 0x07 /* AUTHRJT_FAILURE */ 163 #define AUTHEXP_RESTART_AUTH 0x08 /* AUTHRJT_LOGIC_ERR */ 164 #define AUTHEXP_CONCAT_UNSUPP 0x09 /* AUTHRJT_LOGIC_ERR */ 165 #define AUTHEXP_BAD_PROTOVERS 0x0A /* AUTHRJT_LOGIC_ERR */ 166 167 /* LS_RJT Reason Code Explanations for AUTH_ELS */ 168 #define LSEXP_AUTH_REQUIRED 0x48 169 #define LSEXP_AUTH_ELS_NOT_SUPPORTED 0x2C 170 #define LSEXP_AUTH_ELS_NOT_LOGGED_IN 0x1E 171 #define LSEXP_AUTH_LOGICAL_BUSY 0x00 172 173 174 #define MAX_AUTH_MSA_SIZE 1024 175 176 #define MAX_AUTH_PID 0x4 /* Max auth proto identifier list */ 177 178 /* parameter tag */ 179 #define HASH_LIST 0x0001 180 #define DHG_ID_LIST 0x0002 181 182 /* name tag from Table 13 v1.8 pp 30 */ 183 #ifdef EMLXS_BIG_ENDIAN 184 #define AUTH_NAME_ID 0x0001 185 #define AUTH_NAME_LEN 0x0008 186 #define AUTH_PROTO_NUM 0x00000001 187 #define AUTH_NULL_PARA_LEN 0x00000028 188 #endif /* EMLXS_BIG_ENDIAN */ 189 190 #ifdef EMLXS_LITTLE_ENDIAN 191 #define AUTH_NAME_ID 0x0100 192 #define AUTH_NAME_LEN 0x0800 193 #define AUTH_PROTO_NUM 0x01000000 194 #define AUTH_NULL_PARA_LEN 0x28000000 195 #endif /* EMLXS_LITTLE_ENDIAN */ 196 197 /* name tag from Table 103 v 1.8 pp 123 */ 198 #define AUTH_NODE_NAME 0x0002 199 #define AUTH_PORT_NAME 0x0003 200 201 /* 202 * Sysevent support 203 */ 204 /* ddi_log_sysevent() vendors */ 205 #define DDI_VENDOR_EMLX "EMLXS" 206 207 /* Class */ 208 #define EC_EMLXS "EC_emlxs" 209 210 /* Subclass */ 211 #define ESC_EMLXS_01 "ESC_emlxs_issue_auth_negotiate" 212 #define ESC_EMLXS_02 "ESC_emlxs_cmpl_auth_negotiate_issue" 213 214 #define ESC_EMLXS_03 "ESC_emlxs_rcv_auth_msg_auth_negotiate_issue" 215 #define ESC_EMLXS_04 "ESC_emlxs_cmpl_auth_msg_auth_negotiate_issue" 216 217 #define ESC_EMLXS_05 "ESC_emlxs_rcv_auth_msg_unmapped_node" 218 #define ESC_EMLXS_06 "ESC_emlxs_issue_dhchap_challenge" 219 #define ESC_EMLXS_07 "ESC_emlxs_cmpl_dhchap_challenge_issue" 220 221 #define ESC_EMLXS_08 "ESC_emlxs_rcv_auth_msg_dhchap_challenge_cmpl_wait4next" 222 223 #define ESC_EMLXS_09 "ESC_emlxs_rcv_auth_msg_auth_negotiate_rcv" 224 #define ESC_EMLXS_10 "ESC_emlxs_cmpl_auth_msg_auth_negotiate_rcv" 225 226 #define ESC_EMLXS_11 "ESC_emlxs_cmpl_cmpl_dhchap_reply_issue" 227 #define ESC_EMLXS_12 "ESC_emlxs_cmpl_dhchap_reply_issue" 228 #define ESC_EMLXS_13 "ESC_emlxs_cmpl_auth_msg_dhchap_reply_issue" 229 230 #define ESC_EMLXS_14 "ESC_emlxs_cmpl_auth_msg_auth_negotiate_cmpl_wait4next" 231 232 #define ESC_EMLXS_15 "ESC_emlxs_issue_dhchap_success" 233 234 #define ESC_EMLXS_16 "ESC_emlxs_rcv_auth_msg_dhchap_challenge_issue" 235 #define ESC_EMLXS_17 "ESC_emlxs_cmpl_auth_msg_dhchap_challenge_issue" 236 237 #define ESC_EMLXS_18 "ESC_emlxs_rcv_auth_msg_dhchap_reply_issue" 238 239 #define ESC_EMLXS_19 "ESC_emlxs_cmpl_auth_msg_dhchap_challenge_cmpl_wait4nxt" 240 241 #define ESC_EMLXS_20 "ESC_emlxs_rcv_auth_msg_dhchap_reply_cmpl_wait4next" 242 #define ESC_EMLXS_21 "ESC_emlxs_cmpl_dhchap_success_issue" 243 #define ESC_EMLXS_22 "ESC_emlxs_cmpl_auth_msg_dhchap_success_issue" 244 245 #define ESC_EMLXS_23 "ESC_emlxs_cmpl_auth_msg_dhchap_reply_cmpl_wait4next" 246 247 #define ESC_EMLXS_24 "ESC_emlxs_rcv_auth_msg_dhchap_success_issue_wait4next" 248 #define ESC_EMLXS_25 "ESC_emlxs_cmpl_auth_msg_dhchap_success_issue_wait4next" 249 250 #define ESC_EMLXS_26 "ESC_emlxs_rcv_auth_msg_dhchap_success_cmpl_wait4next" 251 #define ESC_EMLXS_27 "ESC_emlxs_cmpl_auth_msg_dhchap_success_cmpl_wait4next" 252 253 #define ESC_EMLXS_28 "ESC_emlxs_issue_auth_reject" 254 #define ESC_EMLXS_29 "ESC_emlxs_cmpl_auth_reject_issue" 255 256 #define ESC_EMLXS_30 "ESC_emlxs_rcv_auth_msg_npr_node" 257 258 #define ESC_EMLXS_31 "ESC_emlxs_dhc_reauth_timeout" 259 260 #define ESC_EMLXS_32 "ESC_emlxs_dhc_authrsp_timeout" 261 262 #define ESC_EMLXS_33 "ESC_emlxs_ioctl_auth_setcfg" 263 #define ESC_EMLXS_34 "ESC_emlxs_ioctl_auth_setpwd" 264 #define ESC_EMLXS_35 "ESC_emlxs_ioctl_auth_delcfg" 265 #define ESC_EMLXS_36 "ESC_emlxs_ioctl_auth_delpwd" 266 267 268 /* From HBAnyware dfc lib FC-SP */ 269 typedef struct emlxs_auth_cfg { 270 NAME_TYPE local_entity; /* host hba wwpn (NPIV support) */ 271 NAME_TYPE remote_entity; /* switch or target wwpn */ 272 uint32_t authentication_timeout; 273 uint32_t authentication_mode; 274 uint32_t bidirectional:1; 275 uint32_t reserved:31; 276 uint32_t authentication_type_priority[4]; 277 uint32_t hash_priority[4]; 278 uint32_t dh_group_priority[8]; 279 uint32_t reauthenticate_time_interval; 280 281 dfc_auth_status_t auth_status; 282 time_t auth_time; 283 struct emlxs_node *node; 284 285 struct emlxs_auth_cfg *prev; 286 struct emlxs_auth_cfg *next; 287 288 } emlxs_auth_cfg_t; 289 290 291 typedef struct emlxs_auth_key { 292 NAME_TYPE local_entity; /* host hba wwpn (NPIV support) */ 293 NAME_TYPE remote_entity; /* switch or target wwpn */ 294 uint16_t local_password_length; 295 uint16_t local_password_type; 296 uint8_t local_password[128]; /* hba authenticates to switch */ 297 uint16_t remote_password_length; 298 uint16_t remote_password_type; 299 uint8_t remote_password[128]; /* hba authenticates to switch */ 300 301 struct emlxs_node *node; 302 303 struct emlxs_auth_key *prev; 304 struct emlxs_auth_key *next; 305 306 } emlxs_auth_key_t; 307 308 309 typedef struct emlxs_auth_misc { 310 311 uint8_t bi_cval[20]; /* our challenge for bi-dir auth in reply as */ 312 /* initiator */ 313 uint32_t bi_cval_len; /* 16 for MD5, 20 for SHA1 */ 314 uint8_t pub_key[512]; /* max is 512 bytes value of (g^y mod p) */ 315 uint32_t pubkey_len; /* real length of the pub key */ 316 uint8_t ses_key[512]; /* session key: value of (g^xy mod p) */ 317 uint32_t seskey_len; /* real length of the session key */ 318 319 /* The following are parameters when host is the responder */ 320 uint8_t hrsp_cval[20]; /* challenge value from host as responder */ 321 uint32_t hrsp_cval_len; /* host as the responder: challenge value len */ 322 uint8_t hrsp_priv_key[20]; /* the private key generated in host */ 323 /* as responder */ 324 uint8_t hrsp_pub_key[512]; /* public key calculated when host as */ 325 /* responder */ 326 uint32_t hrsp_pubkey_len; /* public key length when host as */ 327 /* responder */ 328 uint8_t hrsp_ses_key[512]; /* session key computed when host is */ 329 /* responder */ 330 uint32_t hrsp_seskey_len; /* session key length when host is */ 331 /* responder */ 332 333 } emlxs_auth_misc_t; 334 335 336 /* 337 * emlxs_port_dhc struct to be used by emlxs_port_t in emlxs_fc.h 338 * 339 * This structure contains all the data used by DHCHAP. 340 * They are from EMLXSHBA_t in emlxs driver. 341 * 342 */ 343 typedef struct emlxs_port_dhc { 344 345 int32_t state; 346 #define ELX_FABRIC_STATE_UNKNOWN 0x00 347 #define ELX_FABRIC_AUTH_DISABLED 0x01 348 #define ELX_FABRIC_AUTH_FAILED 0x02 349 #define ELX_FABRIC_AUTH_SUCCESS 0x03 350 #define ELX_FABRIC_IN_AUTH 0x04 351 #define ELX_FABRIC_IN_REAUTH 0x05 352 353 dfc_auth_status_t auth_status; /* Fabric auth status */ 354 time_t auth_time; 355 356 } emlxs_port_dhc_t; 357 358 359 /* Node Events */ 360 #define NODE_EVENT_DEVICE_RM 0x0 /* Auth response timeout */ 361 /* & fail */ 362 #define NODE_EVENT_DEVICE_RECOVERY 0x1 /* Auth response timeout */ 363 /* & recovery */ 364 #define NODE_EVENT_RCV_AUTH_MSG 0x2 /* Unsolicited Auth received */ 365 #define NODE_EVENT_CMPL_AUTH_MSG 0x3 366 #define NODE_EVENT_MAX_EVENT 0x4 367 368 #if 0 /* old node events */ 369 #define NODE_EVENT_RCV_PLOGI 0x0 /* Rcv'd an ELS PLOGI command */ 370 #define NODE_EVENT_RCV_PRLI 0x1 /* Rcv'd an ELS PRLI command */ 371 #define NODE_EVENT_RCV_LOGO 0x2 /* Rcv'd an ELS LOGO command */ 372 #define NODE_EVENT_RCV_ADISC 0x3 /* Rcv'd an ELS ADISC command */ 373 #define NODE_EVENT_RCV_PDISC 0x4 /* Rcv'd an ELS PDISC command */ 374 #define NODE_EVENT_RCV_PRLO 0x5 /* Rcv'd an ELS PRLO command */ 375 #define NODE_EVENT_CMPL_PLOGI 0x6 /* ELS PLOGI command */ 376 /* completed */ 377 #define NODE_EVENT_CMPL_PRLI 0x7 /* ELS PRLI command */ 378 /* completed */ 379 #define NODE_EVENT_CMPL_LOGO 0x8 /* ELS LOGO command */ 380 /* completed */ 381 #define NODE_EVENT_CMPL_ADISC 0x9 /* ELS ADISC command */ 382 /* completed */ 383 #define NODE_EVENT_CMPL_REG_LOGIN 0xa /* REGLOGIN mbox cmd */ 384 /* completed */ 385 #define NODE_EVENT_DEVICE_RM 0xb /* Device not found in NS / */ 386 /* ALPAmap */ 387 #define NODE_EVENT_DEVICE_RECOVERY 0xc /* Device is in recovery */ 388 #define NODE_EVENT_RCV_AUTH_MSG 0xd 389 #define NODE_EVENT_CMPL_AUTH_MSG 0xe 390 #define NODE_EVENT_MAX_EVENT 0xf 391 #endif /* 0 */ 392 393 394 /* 395 * emlxs_node_dhc struct to be used in emlxs_node_t. 396 * They are from emlxs_nodelist_t in emlxs driver. 397 */ 398 typedef struct emlxs_node_dhc { 399 uint16_t state; /* used for state machine */ 400 #define NODE_STATE_UNKNOWN 0x00 401 #define NODE_STATE_AUTH_DISABLED 0x01 402 #define NODE_STATE_AUTH_FAILED 0x02 403 #define NODE_STATE_AUTH_SUCCESS 0x03 404 #define NODE_STATE_AUTH_NEGOTIATE_ISSUE 0x04 405 #define NODE_STATE_AUTH_NEGOTIATE_RCV 0x05 406 #define NODE_STATE_AUTH_NEGOTIATE_CMPL_WAIT4NEXT 0x06 407 #define NODE_STATE_DHCHAP_CHALLENGE_ISSUE 0x07 408 #define NODE_STATE_DHCHAP_REPLY_ISSUE 0x08 409 #define NODE_STATE_DHCHAP_CHALLENGE_CMPL_WAIT4NEXT 0x09 410 #define NODE_STATE_DHCHAP_REPLY_CMPL_WAIT4NEXT 0x0A 411 #define NODE_STATE_DHCHAP_SUCCESS_ISSUE 0x0B 412 #define NODE_STATE_DHCHAP_SUCCESS_ISSUE_WAIT4NEXT 0x0C 413 #define NODE_STATE_DHCHAP_SUCCESS_CMPL_WAIT4NEXT 0x0D 414 #define NODE_STATE_NOCHANGE 0xFFFFFFFF 415 416 uint16_t prev_state; /* for info only */ 417 418 uint32_t disc_refcnt; 419 420 emlxs_auth_cfg_t auth_cfg; 421 emlxs_auth_key_t auth_key; 422 423 uint32_t nlp_authrsp_tmo; /* Response timeout */ 424 uint32_t nlp_authrsp_tmocnt; 425 426 uint32_t nlp_auth_tranid_ini; /* tran_id when this node is the */ 427 /* initiator */ 428 uint32_t nlp_auth_tranid_rsp; /* tran_id when this node is the */ 429 /* responder */ 430 431 uint32_t nlp_auth_flag; /* 1:initiator, 2: responder */ 432 uint32_t nlp_auth_limit; /* 1: NULL DHCHAP only, 2: full group */ 433 /* support */ 434 435 /* information in DHCHAP_Challenge as the auth responder */ 436 uint32_t nlp_auth_hashid; 437 uint32_t nlp_auth_dhgpid; 438 uint32_t nlp_auth_bidir; 439 NAME_TYPE nlp_auth_wwn; 440 441 emlxs_auth_misc_t nlp_auth_misc; 442 443 uint32_t nlp_reauth_tmo; 444 uint16_t nlp_reauth_status; 445 #define NLP_HOST_REAUTH_DISABLED 0x0 446 #define NLP_HOST_REAUTH_ENABLED 0x1 447 #define NLP_HOST_REAUTH_IN_PROGRESS 0x2 448 449 uint32_t nlp_fb_vendor; 450 #define NLP_FABRIC_CISCO 0x1 451 #define NLP_FABRIC_OTHERS 0x2 452 453 uint32_t fc_dhchap_success_expected; 454 455 /* hash_id, dhgp_id are set from responder, host is the initiator */ 456 uint32_t hash_id; /* 0x05 for MD5, 0x06 for SHA-1 */ 457 uint32_t dhgp_id; /* DH group identifier */ 458 459 uint8_t bi_cval[20]; /* our challenge for bi-dir auth in reply as */ 460 /* initiator */ 461 uint32_t bi_cval_len; /* 16 for MD5, 20 for SHA1 */ 462 uint8_t pub_key[512]; /* max is 512 bytes value of (g^y mod p) */ 463 uint32_t pubkey_len; /* real length of the pub key */ 464 uint8_t ses_key[512]; /* session key: value of (g^xy mod p) */ 465 uint32_t seskey_len; /* real length of the session key */ 466 467 /* The following are parameters when host is the responder */ 468 469 uint8_t hrsp_cval[20]; /* challenge value from host as responder */ 470 uint32_t hrsp_cval_len; /* host as the responder: challenge value len */ 471 uint8_t hrsp_priv_key[20]; /* the private key generated in host */ 472 /* as responder */ 473 uint8_t hrsp_pub_key[512]; /* public key calculated when host as */ 474 /* responder */ 475 uint32_t hrsp_pubkey_len; /* public key length when host as */ 476 /* responder */ 477 uint8_t hrsp_ses_key[512]; /* session key computed when host is */ 478 /* responder */ 479 uint32_t hrsp_seskey_len; /* session key length when host is */ 480 /* responder */ 481 482 uint8_t *deferred_sbp; /* Pending IO for auth completion */ 483 uint8_t *deferred_ubp; 484 485 uint32_t flag; 486 #define NLP_REMOTE_AUTH 0x00000001 487 #define NLP_SET_REAUTH_TIME 0x00000002 488 489 emlxs_auth_cfg_t *parent_auth_cfg; /* Original auth_cfg table */ 490 /* entry */ 491 emlxs_auth_key_t *parent_auth_key; /* Original auth_key table */ 492 /* entry */ 493 494 } emlxs_node_dhc_t; 495 496 497 /* For NULL DHCHAP with MD5 and SHA-1 */ 498 typedef struct _AUTH_NEGOT_PARAMS_1 { 499 uint16_t name_tag; /* set to 0x0001 */ 500 uint16_t name_len; /* set to 0x0008 */ 501 NAME_TYPE nodeName; /* WWPN */ 502 uint32_t proto_num; /* set to 0x5 */ 503 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 504 uint32_t proto_id; /* set to HDCHAP */ 505 uint16_t HashList_tag; /* set to 0x0001 */ 506 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 507 uint32_t HashList_value1; /* set to MD5 or SHA1 ID 0x00000005,6 */ 508 uint16_t DHgIDList_tag; /* set to 0x0002 */ 509 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 510 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 511 uint32_t DHgIDList_g1; /* set to 0x0000 0001 */ 512 uint32_t DHgIDList_g2; /* set to 0x0000 0002 */ 513 uint32_t DHgIDList_g3; /* set to 0x0000 0003 */ 514 uint32_t DHgIDList_g4; /* set to 0x0000 0004 */ 515 516 } AUTH_NEGOT_PARAMS_1; 517 518 519 typedef struct _AUTH_NEGOT_PARAMS_2 { 520 uint16_t name_tag; /* set to 0x0001 */ 521 uint16_t name_len; /* set to 0x0008 */ 522 NAME_TYPE nodeName; /* WWPN */ 523 uint32_t proto_num; /* set to 0x5 */ 524 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 525 uint32_t proto_id; /* set to HDCHAP */ 526 uint16_t HashList_tag; /* set to 0x0001 */ 527 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 528 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */ 529 uint32_t HashList_value2; /* set to SHA-1's ID 0x00000006 */ 530 uint16_t DHgIDList_tag; /* set to 0x0002 */ 531 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 532 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 533 uint32_t DHgIDList_g1; /* set to 0x0000 0001 */ 534 uint32_t DHgIDList_g2; /* set to 0x0000 0002 */ 535 uint32_t DHgIDList_g3; /* set to 0x0000 0003 */ 536 uint32_t DHgIDList_g4; /* set to 0x0000 0004 */ 537 538 } AUTH_NEGOT_PARAMS_2; 539 540 541 /* For NULL DHCHAP with MD5 and SHA-1 */ 542 typedef struct _AUTH_NEGOT_PARAMS { 543 uint16_t name_tag; /* set to 0x0001 */ 544 uint16_t name_len; /* set to 0x0008 */ 545 NAME_TYPE nodeName; /* WWPN */ 546 uint32_t proto_num; /* set to 0x5 */ 547 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 548 uint32_t proto_id; /* set to HDCHAP */ 549 uint16_t HashList_tag; /* set to 0x0001 */ 550 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 551 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */ 552 uint32_t HashList_value2; /* set to SHA-1's ID 0x00000006 */ 553 uint16_t DHgIDList_tag; /* set to 0x0002 */ 554 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 555 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 556 uint32_t DHgIDList_g1; /* set to 0x0000 0001 */ 557 uint32_t DHgIDList_g2; /* set to 0x0000 0002 */ 558 uint32_t DHgIDList_g3; /* set to 0x0000 0003 */ 559 uint32_t DHgIDList_g4; /* set to 0x0000 0004 */ 560 561 } AUTH_NEGOT_PARAMS; 562 563 typedef struct _AUTH_NEGOT_PARAMS_NULL_1 { 564 uint16_t name_tag; /* set to 0x0001 */ 565 uint16_t name_len; /* set to 0x0008 */ 566 NAME_TYPE nodeName; /* WWPN */ 567 uint32_t proto_num; /* set to 0x5 */ 568 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 569 uint32_t proto_id; /* set to HDCHAP */ 570 uint16_t HashList_tag; /* set to 0x0001 */ 571 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 572 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */ 573 uint16_t DHgIDList_tag; /* set to 0x0002 */ 574 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 575 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 576 577 } AUTH_NEGOT_PARAMS_NULL_1; 578 579 typedef struct _AUTH_NEGOT_PARAMS_NULL_2 { 580 uint16_t name_tag; /* set to 0x0001 */ 581 uint16_t name_len; /* set to 0x0008 */ 582 NAME_TYPE nodeName; /* WWPN */ 583 uint32_t proto_num; /* set to 0x5 */ 584 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 585 uint32_t proto_id; /* set to HDCHAP */ 586 uint16_t HashList_tag; /* set to 0x0001 */ 587 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 588 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */ 589 uint32_t HashList_value2; 590 uint16_t DHgIDList_tag; /* set to 0x0002 */ 591 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 592 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 593 594 } AUTH_NEGOT_PARAMS_NULL_2; 595 596 597 /* Generic AUTH ELS Header */ 598 typedef struct _AUTH_MSG_HDR { 599 /* 20 bytes in total */ 600 uint8_t auth_els_code; /* always 0x90h */ 601 uint8_t auth_els_flags; 602 uint8_t auth_msg_code; /* see above */ 603 uint8_t proto_version; 604 uint32_t msg_len; /* size of msg payload in byte */ 605 uint32_t tran_id; 606 uint16_t name_tag; /* set to 0x0001 */ 607 uint16_t name_len; /* set to 0x0008 */ 608 NAME_TYPE nodeName; /* WWPN */ 609 610 } AUTH_MSG_HDR; 611 612 613 typedef struct _SHA1_CVAL { 614 uint8_t val[20]; 615 } SHA1_CVAL; 616 617 618 typedef struct _MD5_CVAL { 619 uint8_t val[16]; 620 } MD5_CVAL; 621 622 623 union challenge_val { 624 SHA1_CVAL sha1; 625 MD5_CVAL md5; 626 }; 627 628 629 /* DHCHAP_Replay */ 630 typedef struct _DHCHAP_REPLY_HDR { 631 uint8_t auth_els_code; /* always 0x90h */ 632 uint8_t auth_els_flags; 633 uint8_t auth_msg_code; /* see above */ 634 uint8_t proto_version; 635 uint32_t msg_len; /* size of msg payload in byte */ 636 uint32_t tran_id; /* transaction id */ 637 638 } DHCHAP_REPLY_HDR; 639 640 641 /* DHCHAP_Challenge */ 642 typedef struct _DHCHAP_CHALL_NULL { 643 AUTH_MSG_HDR msg_hdr; 644 uint32_t hash_id; 645 uint32_t dhgp_id; 646 uint32_t cval_len; 647 #if 0 648 union { 649 SHA1_CVAL cvalue_sha1; 650 MD5_CVAL cvalue_md5; 651 } un_cval; 652 uint32_t dhval_len; 653 #endif /* 0 */ 654 655 } DHCHAP_CHALL_NULL; 656 657 typedef struct _DHCHAP_CHALL { 658 DHCHAP_CHALL_NULL cnul; 659 uint8_t *dhval; 660 } DHCHAP_CHALL; 661 662 /* 663 * size of msg_payload is variable based on the different 664 * protocol parameters supported in the driver. For DHCHAP we plan to 665 * support NULL, group 1, 2, 3, 4. To support all 666 * 667 * For NULL DHCHAP protocol only: of these protocol identifiers, 668 * we need name_tag = 2 bytes name_len_size = 2 bytes name_len 669 * = 8 bytes number of usable auth proto = 4 bytes 670 * 671 * --------- for example for NULL DHCAHP only -------------------- 672 * auth proto #1 len = 4 bytes #1 ID = 4 bytes #1 params = 4 + 16 673 * bytes. ------ Total for NULL DHCHAP = (16 + 12 + 16 ) = 44 bytes. 674 * 675 * If number of usable auth proto is 5, then we should have 5 auth 676 * proto params. assume we are using name_tag 0x0001, then auth 677 * name in total = 12 bytes. 678 * 679 * 12 bytes + 4 bytes = 16 bytes. 4 + 4 + 4 = 12 bytes 680 * (num of usable auth proto size = 4 auth proto params #1 len size 681 * = 4 auth prot ID for #1 size = 4 682 * 683 * For DHCHAP param: HashList 2 param tag size 684 * (set to 0x0001 as HashList) 2 param word cnt size (set to 0x0002 as 685 * two hash funcs) 8 for hash ids: MD5 and SHA-1 DHgIDList 686 * 2 param tag size (set to 0x0002 as DHgIDList) 2 param 687 * word cnt size (set to 0x0005 as NULL and 1/2/3/4 groups) 20 for 5 groups 688 * 0x0000 0000 0x0000 0001 0x0000 0002 0x0000 0003 689 * 0x0000 0004 Total for FULL group support (16 + 12 + 12 + 24 ) = 64 bytes. 690 * 691 */ 692 693 typedef struct _AUTH_MSG_NEGOT_1 { /* in Big Endian format */ 694 uint8_t auth_els_code; /* always 0x90h */ 695 uint8_t auth_els_flags; 696 uint8_t auth_msg_code; /* see above */ 697 uint8_t proto_version; 698 uint32_t msg_len; /* size of msg payload in byte */ 699 uint32_t tran_id; /* transaction identifier */ 700 701 /* anything else is variable in size (bytes) */ 702 /* uint8_t msg_payload[MAX_AUTH_MSG_SIZE]; */ 703 AUTH_NEGOT_PARAMS_1 params; 704 705 } AUTH_MSG_NEGOT_1, *PAUTH_MSG_NEGOT_1; 706 707 708 typedef struct _AUTH_MSG_NEGOT_2 { /* in Big Endian format */ 709 uint8_t auth_els_code; /* always 0x90h */ 710 uint8_t auth_els_flags; 711 uint8_t auth_msg_code; /* see above */ 712 uint8_t proto_version; 713 uint32_t msg_len; /* size of msg payload in byte */ 714 uint32_t tran_id; /* transaction identifier */ 715 716 /* anything else is variable in size (bytes) */ 717 /* uint8_t msg_payload[MAX_AUTH_MSG_SIZE]; */ 718 AUTH_NEGOT_PARAMS_2 params; 719 720 } AUTH_MSG_NEGOT_2, *PAUTH_MSG_NEGOT_2; 721 722 723 typedef struct _AUTH_MSG_NEGOT { /* in Big Endian format */ 724 uint8_t auth_els_code; /* always 0x90h */ 725 uint8_t auth_els_flags; 726 uint8_t auth_msg_code; /* see above */ 727 uint8_t proto_version; 728 uint32_t msg_len; /* size of msg payload in byte */ 729 uint32_t tran_id; /* transaction identifier */ 730 731 /* anything else is variable in size (bytes) */ 732 /* uint8_t msg_payload[MAX_AUTH_MSG_SIZE]; */ 733 AUTH_NEGOT_PARAMS params; 734 735 } AUTH_MSG_NEGOT, *PAUTH_MSG_NEGOT; 736 737 738 /* AUTH_Negotiate msg for NULL DH support only */ 739 typedef struct _AUTH_MSG_NEGOT_NULL { 740 uint8_t auth_els_code; 741 uint8_t auth_els_flags; 742 uint8_t auth_msg_code; 743 uint8_t proto_version; 744 uint32_t msg_len; 745 uint32_t tran_id; 746 747 } AUTH_MSG_NEGOT_NULL, *PAUTH_MSG_NEGOT_NULL; 748 749 typedef struct _AUTH_MSG_NEGOT_NULL_1 { 750 uint8_t auth_els_code; 751 uint8_t auth_els_flags; 752 uint8_t auth_msg_code; 753 uint8_t proto_version; 754 uint32_t msg_len; 755 uint32_t tran_id; 756 757 AUTH_NEGOT_PARAMS_NULL_1 params; 758 759 } AUTH_MSG_NEGOT_NULL_1, *PAUTH_MSG_NEGOT_NULL_1; 760 761 typedef struct _AUTH_MSG_NEGOT_NULL_2 { 762 uint8_t auth_els_code; 763 uint8_t auth_els_flags; 764 uint8_t auth_msg_code; 765 uint8_t proto_version; 766 uint32_t msg_len; 767 uint32_t tran_id; 768 769 AUTH_NEGOT_PARAMS_NULL_2 params; 770 771 } AUTH_MSG_NEGOT_NULL_2, *PAUTH_MSG_NEGOT_NULL_2; 772 773 774 /* auth_els_flags */ 775 #define AUTH_ELS_FLAGS_MASK 0x0f; 776 777 778 typedef struct _AUTH_RJT { 779 uint8_t auth_els_code; /* always 0x90h */ 780 uint8_t auth_els_flags; 781 uint8_t auth_msg_code; /* see above */ 782 uint8_t proto_version; 783 uint32_t msg_len; /* size of msg payload in byte */ 784 uint32_t tran_id; /* transaction identifier */ 785 786 uint8_t ReasonCode; 787 uint8_t ReasonCodeExplanation; 788 uint16_t Reserved; 789 790 } AUTH_RJT, *PAUTH_RJT; 791 792 typedef struct _DHCHAP_SUCCESS_HDR { 793 uint8_t auth_els_code; /* always 0x90h */ 794 uint8_t auth_els_flags; 795 uint8_t auth_msg_code; /* see above */ 796 uint8_t proto_version; 797 uint32_t msg_len; /* size of msg payload in byte */ 798 uint32_t tran_id; /* transaction identifier */ 799 800 uint32_t RspVal_len; 801 802 } DHCHAP_SUCCESS_HDR, *PDHCHAP_SUCCESS_HDR; 803 804 805 typedef struct dh_group_st { 806 unsigned long groupid; 807 unsigned long length; 808 unsigned char value[256]; 809 810 } DH_GROUP, *PDH_GROUP; 811 812 #if 0 813 unsigned char dhgp1_pVal[] = 814 815 {0xEE, 0xAF, 0x0A, 0xB9, 0xAD, 0xB3, 0x8D, 0xD6, 0x9C, 0x33, 0xF8, 816 0x0A, 0xFA, 0x8F, 0xC5, 0xE8, 817 0x60, 0x72, 0x61, 0x87, 0x75, 0xFF, 0x3C, 0x0B, 0x9E, 0xA2, 0x31, 818 0x4C, 0x9C, 0x25, 0x65, 0x76, 819 0xD6, 0x74, 0xDF, 0x74, 0x96, 0xEA, 0x81, 0xD3, 0x38, 0x3B, 0x48, 820 0x13, 0xD6, 0x92, 0xC6, 0xE0, 821 0xE0, 0xD5, 0xD8, 0xE2, 0x50, 0xB9, 0x8B, 0xE4, 0x8E, 0x49, 0x5C, 822 0x1D, 0x60, 0x89, 0xDA, 0xD1, 823 0x5D, 0xC7, 0xD7, 0xB4, 0x61, 0x54, 0xD6, 0xB6, 0xCE, 0x8E, 0xF4, 824 0xAD, 0x69, 0xB1, 0x5D, 0x49, 825 0x82, 0x55, 0x9B, 0x29, 0x7B, 0xCF, 0x18, 0x85, 0xC5, 0x29, 0xF5, 826 0x66, 0x66, 0x0E, 0x57, 0xEC, 827 0x68, 0xED, 0xBC, 0x3C, 0x05, 0x72, 0x6C, 0xC0, 0x2F, 0xD4, 0xCB, 828 0xF4, 0x97, 0x6E, 0xAA, 0x9A, 829 0xFD, 0x51, 0x38, 0xFE, 0x83, 0x76, 0x43, 0x5B, 0x9F, 0xC6, 0x1D, 830 0x2F, 0xC0, 0xEB, 0x06, 0xE3, 831 }; 832 #endif /* 0 */ 833 834 static char *emlxs_local_pwd = "11223344556677881122334455667788"; 835 static char *emlxs_remote_pwd = "aabbccddeeffgghhaabbccddeeffgghh"; 836 837 static uint8_t emlxs_null_wwn[8] = {0, 0, 0, 0, 0, 0, 0, 0}; 838 static uint8_t emlxs_fabric_wwn[8] = {0xff, 0xff, 0xff, 0xff, 0xff, 839 0xff, 0xff, 0xff}; 840 841 #if 0 842 void 843 emlxs_dhc_authrsp_timeout(emlxs_hba_t *phba, void *arg1, void *arg2); 844 845 uint32_t * 846 emlxs_hash_rsp(emlxs_port_t *, emlxs_port_dhc_t *, NODELIST *, 847 uint32_t, union challenge_val, uint8_t *, uint32_t); 848 uint32_t * 849 emlxs_hash_vrf(emlxs_port_t *, emlxs_port_dhc_t *, NODELIST *, 850 uint32_t, union challenge_val); 851 void emlxs_md5_digest_to_hex(const uint8_t digest[MD5_LEN], char *output); 852 void emlxs_sha1_digest_to_hex(const uint8_t digest[SHA1_LEN], char *output); 853 854 /* for sysevent log */ 855 static int emlxs_generate_event(emlxs_port_t *); 856 extern void emlxs_log_auth_event(emlxs_port_t *, char *subclass, char *info); 857 #endif /* 0 */ 858 859 #pragma weak random_get_pseudo_bytes 860 861 862 #endif /* DHCHAP_SUPPORT */ 863 864 #ifdef __cplusplus 865 } 866 #endif 867 868 #endif /* _EMLXS_DHCHAP_H */ 869