1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Emulex. All rights reserved. 24 * Use is subject to License terms. 25 */ 26 27 28 #ifndef _EMLXS_DHCHAP_H 29 #define _EMLXS_DHCHAP_H 30 31 #ifdef __cplusplus 32 extern "C" { 33 #endif 34 35 #ifdef DHCHAP_SUPPORT 36 #include <sys/random.h> 37 38 39 /* emlxs_auth_cfg_t */ 40 #define PASSWORD_TYPE_ASCII 1 41 #define PASSWORD_TYPE_BINARY 2 42 #define PASSWORD_TYPE_IGNORE 3 43 44 #define AUTH_MODE_DISABLED 1 45 #define AUTH_MODE_ACTIVE 2 46 #define AUTH_MODE_PASSIVE 3 47 48 #define ELX_DHCHAP 0x01 /* Only one currently supported */ 49 #define ELX_FCAP 0x02 50 #define ELX_FCPAP 0x03 51 #define ELX_KERBEROS 0x04 52 53 #define ELX_MD5 0x01 54 #define ELX_SHA1 0x02 55 56 #define ELX_GROUP_NULL 0x01 57 #define ELX_GROUP_1024 0x02 58 #define ELX_GROUP_1280 0x03 59 #define ELX_GROUP_1536 0x04 60 #define ELX_GROUP_2048 0x05 61 62 63 /* AUTH_ELS Code */ 64 #define ELS_CMD_AUTH_CODE 0x90 65 66 /* AUTH_ELS Flags */ 67 68 /* state ? */ 69 #define AUTH_FINISH 0xFF 70 #define AUTH_ABORT 0xFE 71 72 /* auth_msg code for DHCHAP */ 73 #define AUTH_REJECT 0x0A 74 #define AUTH_NEGOTIATE 0x0B 75 #define AUTH_DONE 0x0C 76 #define DHCHAP_CHALLENGE 0x10 77 #define DHCHAP_REPLY 0x11 78 #define DHCHAP_SUCCESS 0x12 79 80 /* BIG ENDIAN and LITTLE ENDIAN */ 81 82 /* authentication protocol identifiers */ 83 #ifdef EMLXS_BIG_ENDIAN 84 85 #define AUTH_DHCHAP 0x00000001 86 #define AUTH_FCAP 0x00000002 87 #define AUTH_FCPAP 0x00000003 88 #define AUTH_KERBEROS 0x00000004 89 90 #define HASH_LIST_TAG 0x0001 91 #define DHGID_LIST_TAG 0x0002 92 93 /* hash function identifiers */ 94 #define AUTH_SHA1 0x00000006 95 #define AUTH_MD5 0x00000005 96 97 /* DHCHAP group ids */ 98 #define GROUP_NULL 0x00000000 99 #define GROUP_1024 0x00000001 100 #define GROUP_1280 0x00000002 101 #define GROUP_1536 0x00000003 102 #define GROUP_2048 0x00000004 103 104 /* Tran_id Mask */ 105 #define AUTH_TRAN_ID_MASK 0x000000FF 106 107 #endif /* EMLXS_BIG_ENDIAN */ 108 109 #ifdef EMLXS_LITTLE_ENDIAN 110 111 #define AUTH_DHCHAP 0x01000000 112 #define AUTH_FCAP 0x02000000 113 #define AUTH_FCPAP 0x03000000 114 #define AUTH_KERBEROS 0x04000000 115 116 #define HASH_LIST_TAG 0x0100 117 #define DHGID_LIST_TAG 0x0200 118 119 /* hash function identifiers */ 120 #define AUTH_SHA1 0x06000000 121 #define AUTH_MD5 0x05000000 122 123 /* DHCHAP group ids */ 124 #define GROUP_NULL 0x00000000 125 #define GROUP_1024 0x01000000 126 #define GROUP_1280 0x02000000 127 #define GROUP_1536 0x03000000 128 #define GROUP_2048 0x04000000 129 130 /* Tran_id Mask */ 131 #define AUTH_TRAN_ID_MASK 0xFF000000 132 133 #endif /* EMLXS_LITTLE_ENDIAN */ 134 135 /* hash funcs hash length in byte */ 136 #define SHA1_LEN 0x00000014 /* 20 bytes */ 137 #define MD5_LEN 0x00000010 /* 16 bytes */ 138 139 /* 140 * #define AUTH_IKEv2 0x04 #define AUTH_IKEv2_AUTH 0x05 141 */ 142 143 #define HBA_SECURITY 0x20 144 145 /* AUTH_Reject Reason Codes */ 146 #define AUTHRJT_FAILURE 0x01 147 #define AUTHRJT_LOGIC_ERR 0x02 148 149 /* LS_RJT Reason Codes for AUTH_ELS */ 150 #define LSRJT_AUTH_REQUIRED 0x03 151 #define LSRJT_AUTH_LOGICAL_BSY 0x05 152 #define LSRJT_AUTH_ELS_NOT_SUPPORTED 0x0B 153 #define LSRJT_AUTH_NOT_LOGGED_IN 0x09 154 155 /* AUTH_Reject Reason Code Explanations */ 156 #define AUTHEXP_MECH_UNUSABLE 0x01 /* AUTHRJT_LOGIC_ERR */ 157 #define AUTHEXP_DHGROUP_UNUSABLE 0x02 /* AUTHRJT_LOGIC_ERR */ 158 #define AUTHEXP_HASHFUNC_UNUSABLE 0x03 /* AUTHRJT_LOGIC_ERR */ 159 #define AUTHEXP_AUTHTRAN_STARTED 0x04 /* AUTHRJT_LOGIC_ERR */ 160 #define AUTHEXP_AUTH_FAILED 0x05 /* AUTHRJT_FAILURE */ 161 #define AUTHEXP_BAD_PAYLOAD 0x06 /* AUTHRJT_FAILURE */ 162 #define AUTHEXP_BAD_PROTOCOL 0x07 /* AUTHRJT_FAILURE */ 163 #define AUTHEXP_RESTART_AUTH 0x08 /* AUTHRJT_LOGIC_ERR */ 164 #define AUTHEXP_CONCAT_UNSUPP 0x09 /* AUTHRJT_LOGIC_ERR */ 165 #define AUTHEXP_BAD_PROTOVERS 0x0A /* AUTHRJT_LOGIC_ERR */ 166 167 /* LS_RJT Reason Code Explanations for AUTH_ELS */ 168 #define LSEXP_AUTH_REQUIRED 0x48 169 #define LSEXP_AUTH_ELS_NOT_SUPPORTED 0x2C 170 #define LSEXP_AUTH_ELS_NOT_LOGGED_IN 0x1E 171 #define LSEXP_AUTH_LOGICAL_BUSY 0x00 172 173 174 #define MAX_AUTH_MSA_SIZE 1024 175 176 #define MAX_AUTH_PID 0x4 /* Max auth proto identifier list */ 177 178 /* parameter tag */ 179 #define HASH_LIST 0x0001 180 #define DHG_ID_LIST 0x0002 181 182 /* name tag from Table 13 v1.8 pp 30 */ 183 #ifdef EMLXS_BIG_ENDIAN 184 #define AUTH_NAME_ID 0x0001 185 #define AUTH_NAME_LEN 0x0008 186 #define AUTH_PROTO_NUM 0x00000001 187 #define AUTH_NULL_PARA_LEN 0x00000028 188 #endif /* EMLXS_BIG_ENDIAN */ 189 190 #ifdef EMLXS_LITTLE_ENDIAN 191 #define AUTH_NAME_ID 0x0100 192 #define AUTH_NAME_LEN 0x0800 193 #define AUTH_PROTO_NUM 0x01000000 194 #define AUTH_NULL_PARA_LEN 0x28000000 195 #endif /* EMLXS_LITTLE_ENDIAN */ 196 197 /* name tag from Table 103 v 1.8 pp 123 */ 198 #define AUTH_NODE_NAME 0x0002 199 #define AUTH_PORT_NAME 0x0003 200 201 /* 202 * Sysevent support 203 */ 204 /* ddi_log_sysevent() vendors */ 205 #define DDI_VENDOR_EMLX "EMLXS" 206 207 /* Class */ 208 #define EC_EMLXS "EC_emlxs" 209 210 /* Subclass */ 211 #define ESC_EMLXS_01 "ESC_emlxs_issue_auth_negotiate" 212 #define ESC_EMLXS_02 "ESC_emlxs_cmpl_auth_negotiate_issue" 213 214 #define ESC_EMLXS_03 "ESC_emlxs_rcv_auth_msg_auth_negotiate_issue" 215 #define ESC_EMLXS_04 "ESC_emlxs_cmpl_auth_msg_auth_negotiate_issue" 216 217 #define ESC_EMLXS_05 "ESC_emlxs_rcv_auth_msg_unmapped_node" 218 #define ESC_EMLXS_06 "ESC_emlxs_issue_dhchap_challenge" 219 #define ESC_EMLXS_07 "ESC_emlxs_cmpl_dhchap_challenge_issue" 220 221 #define ESC_EMLXS_08 "ESC_emlxs_rcv_auth_msg_dhchap_challenge_cmpl_wait4next" 222 223 #define ESC_EMLXS_09 "ESC_emlxs_rcv_auth_msg_auth_negotiate_rcv" 224 #define ESC_EMLXS_10 "ESC_emlxs_cmpl_auth_msg_auth_negotiate_rcv" 225 226 #define ESC_EMLXS_11 "ESC_emlxs_cmpl_cmpl_dhchap_reply_issue" 227 #define ESC_EMLXS_12 "ESC_emlxs_cmpl_dhchap_reply_issue" 228 #define ESC_EMLXS_13 "ESC_emlxs_cmpl_auth_msg_dhchap_reply_issue" 229 230 #define ESC_EMLXS_14 "ESC_emlxs_cmpl_auth_msg_auth_negotiate_cmpl_wait4next" 231 232 #define ESC_EMLXS_15 "ESC_emlxs_issue_dhchap_success" 233 234 #define ESC_EMLXS_16 "ESC_emlxs_rcv_auth_msg_dhchap_challenge_issue" 235 #define ESC_EMLXS_17 "ESC_emlxs_cmpl_auth_msg_dhchap_challenge_issue" 236 237 #define ESC_EMLXS_18 "ESC_emlxs_rcv_auth_msg_dhchap_reply_issue" 238 239 #define ESC_EMLXS_19 \ 240 "ESC_emlxs_cmpl_auth_msg_dhchap_challenge_cmpl_wait4next" 241 242 #define ESC_EMLXS_20 "ESC_emlxs_rcv_auth_msg_dhchap_reply_cmpl_wait4next" 243 #define ESC_EMLXS_21 "ESC_emlxs_cmpl_dhchap_success_issue" 244 #define ESC_EMLXS_22 "ESC_emlxs_cmpl_auth_msg_dhchap_success_issue" 245 246 #define ESC_EMLXS_23 "ESC_emlxs_cmpl_auth_msg_dhchap_reply_cmpl_wait4next" 247 248 #define ESC_EMLXS_24 "ESC_emlxs_rcv_auth_msg_dhchap_success_issue_wait4next" 249 #define ESC_EMLXS_25 "ESC_emlxs_cmpl_auth_msg_dhchap_success_issue_wait4next" 250 251 #define ESC_EMLXS_26 "ESC_emlxs_rcv_auth_msg_dhchap_success_cmpl_wait4next" 252 #define ESC_EMLXS_27 "ESC_emlxs_cmpl_auth_msg_dhchap_success_cmpl_wait4next" 253 254 #define ESC_EMLXS_28 "ESC_emlxs_issue_auth_reject" 255 #define ESC_EMLXS_29 "ESC_emlxs_cmpl_auth_reject_issue" 256 257 #define ESC_EMLXS_30 "ESC_emlxs_rcv_auth_msg_npr_node" 258 259 #define ESC_EMLXS_31 "ESC_emlxs_dhc_reauth_timeout" 260 261 #define ESC_EMLXS_32 "ESC_emlxs_dhc_authrsp_timeout" 262 263 #define ESC_EMLXS_33 "ESC_emlxs_ioctl_auth_setcfg" 264 #define ESC_EMLXS_34 "ESC_emlxs_ioctl_auth_setpwd" 265 #define ESC_EMLXS_35 "ESC_emlxs_ioctl_auth_delcfg" 266 #define ESC_EMLXS_36 "ESC_emlxs_ioctl_auth_delpwd" 267 268 269 /* From HBAnyware dfc lib FC-SP */ 270 typedef struct emlxs_auth_cfg 271 { 272 NAME_TYPE local_entity; /* host wwpn (NPIV support) */ 273 NAME_TYPE remote_entity; /* switch or target wwpn */ 274 uint32_t authentication_timeout; 275 uint32_t authentication_mode; 276 uint32_t bidirectional:1; 277 uint32_t reserved:31; 278 uint32_t authentication_type_priority[4]; 279 uint32_t hash_priority[4]; 280 uint32_t dh_group_priority[8]; 281 uint32_t reauthenticate_time_interval; 282 283 dfc_auth_status_t auth_status; 284 time_t auth_time; 285 struct emlxs_node *node; 286 287 struct emlxs_auth_cfg *prev; 288 struct emlxs_auth_cfg *next; 289 } emlxs_auth_cfg_t; 290 291 292 typedef struct emlxs_auth_key 293 { 294 NAME_TYPE local_entity; /* host wwpn */ 295 /* (NPIV support) */ 296 NAME_TYPE remote_entity; /* switch or target */ 297 /* wwpn */ 298 uint16_t local_password_length; 299 uint16_t local_password_type; 300 uint8_t local_password[128]; /* hba authenticates */ 301 /* to switch */ 302 uint16_t remote_password_length; 303 uint16_t remote_password_type; 304 uint8_t remote_password[128]; /* hba authenticates */ 305 /* to switch */ 306 307 struct emlxs_node *node; 308 309 struct emlxs_auth_key *prev; 310 struct emlxs_auth_key *next; 311 } emlxs_auth_key_t; 312 313 314 typedef struct emlxs_auth_misc 315 { 316 uint8_t bi_cval[20]; /* our challenge for bi-dir */ 317 /* auth in reply as initiator */ 318 uint32_t bi_cval_len; /* 16 for MD5, 20 for SHA1 */ 319 uint8_t pub_key[512]; /* max is 512 bytes value of */ 320 /* (g^y mod p) */ 321 uint32_t pubkey_len; /* real length of the pub key */ 322 uint8_t ses_key[512]; /* session key: value of */ 323 /* (g^xy mod p) */ 324 uint32_t seskey_len; /* real length of the session */ 325 /* key */ 326 327 /* The following are parameters when host is the responder */ 328 uint8_t hrsp_cval[20]; /* challenge value from host */ 329 /* as responder */ 330 uint32_t hrsp_cval_len; /* host as the responder its */ 331 /* challenge value len */ 332 uint8_t hrsp_priv_key[20]; /* the private key generated */ 333 /* in host as responder */ 334 uint8_t hrsp_pub_key[512]; /* public key calculated when */ 335 /* host as responder */ 336 uint32_t hrsp_pubkey_len; /* public key length when */ 337 /* host is responder */ 338 uint8_t hrsp_ses_key[512]; /* session key computed when */ 339 /* host is responder */ 340 uint32_t hrsp_seskey_len; /* session key length when */ 341 /* host is responder */ 342 } emlxs_auth_misc_t; 343 344 345 /* 346 * emlxs_port_dhc struct to be used by emlxs_port_t in emlxs_fc.h 347 * 348 * This structure contains all the data used by DHCHAP. 349 * They are from EMLXSHBA_t in emlxs driver. 350 * 351 */ 352 typedef struct emlxs_port_dhc 353 { 354 355 int32_t state; 356 #define ELX_FABRIC_STATE_UNKNOWN 0x00 357 #define ELX_FABRIC_AUTH_DISABLED 0x01 358 #define ELX_FABRIC_AUTH_FAILED 0x02 359 #define ELX_FABRIC_AUTH_SUCCESS 0x03 360 #define ELX_FABRIC_IN_AUTH 0x04 361 #define ELX_FABRIC_IN_REAUTH 0x05 362 363 dfc_auth_status_t auth_status; /* Fabric auth status */ 364 time_t auth_time; 365 366 } emlxs_port_dhc_t; 367 368 369 /* Node Events */ 370 #define NODE_EVENT_DEVICE_RM 0x0 /* Auth response timeout and */ 371 /* fail */ 372 #define NODE_EVENT_DEVICE_RECOVERY 0x1 /* Auth response timeout and */ 373 /* recovery */ 374 #define NODE_EVENT_RCV_AUTH_MSG 0x2 /* Unsolicited Auth received */ 375 #define NODE_EVENT_CMPL_AUTH_MSG 0x3 376 #define NODE_EVENT_MAX_EVENT 0x4 377 378 /* 379 * emlxs_node_dhc struct to be used in emlxs_node_t. 380 * They are from emlxs_nodelist_t in emlxs driver. 381 */ 382 typedef struct emlxs_node_dhc 383 { 384 uint16_t state; /* used for state machine */ 385 #define NODE_STATE_UNKNOWN 0x00 386 #define NODE_STATE_AUTH_DISABLED 0x01 387 #define NODE_STATE_AUTH_FAILED 0x02 388 #define NODE_STATE_AUTH_SUCCESS 0x03 389 #define NODE_STATE_AUTH_NEGOTIATE_ISSUE 0x04 390 #define NODE_STATE_AUTH_NEGOTIATE_RCV 0x05 391 #define NODE_STATE_AUTH_NEGOTIATE_CMPL_WAIT4NEXT 0x06 392 #define NODE_STATE_DHCHAP_CHALLENGE_ISSUE 0x07 393 #define NODE_STATE_DHCHAP_REPLY_ISSUE 0x08 394 #define NODE_STATE_DHCHAP_CHALLENGE_CMPL_WAIT4NEXT 0x09 395 #define NODE_STATE_DHCHAP_REPLY_CMPL_WAIT4NEXT 0x0A 396 #define NODE_STATE_DHCHAP_SUCCESS_ISSUE 0x0B 397 #define NODE_STATE_DHCHAP_SUCCESS_ISSUE_WAIT4NEXT 0x0C 398 #define NODE_STATE_DHCHAP_SUCCESS_CMPL_WAIT4NEXT 0x0D 399 #define NODE_STATE_NOCHANGE 0xFFFFFFFF 400 401 uint16_t prev_state; /* for info only */ 402 403 uint32_t disc_refcnt; 404 405 emlxs_auth_cfg_t auth_cfg; 406 emlxs_auth_key_t auth_key; 407 408 uint32_t nlp_authrsp_tmo; /* Response timeout */ 409 uint32_t nlp_authrsp_tmocnt; 410 411 uint32_t nlp_auth_tranid_ini; /* tran_id when this */ 412 /* node is initiator */ 413 uint32_t nlp_auth_tranid_rsp; /* tran_id when this */ 414 /* node is responder */ 415 416 uint32_t nlp_auth_flag; /* 1:initiator */ 417 /* 2:responder */ 418 uint32_t nlp_auth_limit; /* 1: NULL DHCHAP */ 419 /* 2: full support */ 420 421 /* information in DHCHAP_Challenge as the auth responder */ 422 uint32_t nlp_auth_hashid; 423 uint32_t nlp_auth_dhgpid; 424 uint32_t nlp_auth_bidir; 425 NAME_TYPE nlp_auth_wwn; 426 427 emlxs_auth_misc_t nlp_auth_misc; 428 429 uint32_t nlp_reauth_tmo; 430 uint16_t nlp_reauth_status; 431 #define NLP_HOST_REAUTH_DISABLED 0x0 432 #define NLP_HOST_REAUTH_ENABLED 0x1 433 #define NLP_HOST_REAUTH_IN_PROGRESS 0x2 434 435 uint32_t nlp_fb_vendor; 436 #define NLP_FABRIC_CISCO 0x1 437 #define NLP_FABRIC_OTHERS 0x2 438 439 uint32_t fc_dhchap_success_expected; 440 441 /* hash_id, dhgp_id are set from responder, host is the initiator */ 442 uint32_t hash_id; /* 0x05 for MD5 */ 443 /* 0x06 for SHA-1 */ 444 uint32_t dhgp_id; /* DH grp identifier */ 445 446 uint8_t bi_cval[20]; /* our challenge for */ 447 /* bi-dir auth in */ 448 /* reply as initiator */ 449 uint32_t bi_cval_len; /* 16 for MD5 */ 450 /* 20 for SHA1 */ 451 uint8_t pub_key[512]; /* max is 512 bytes */ 452 /* value (g^y mod p) */ 453 uint32_t pubkey_len; /* real length of the */ 454 /* pub key */ 455 uint8_t ses_key[512]; /* session key: */ 456 /* value (g^xy mod p) */ 457 uint32_t seskey_len; /* real length of the */ 458 /* session key */ 459 460 /* The following are parameters when host is the responder */ 461 462 uint8_t hrsp_cval[20]; /* challenge value */ 463 uint32_t hrsp_cval_len; /* challenge value */ 464 /* length */ 465 uint8_t hrsp_priv_key[20]; /* private key */ 466 /* generated */ 467 uint8_t hrsp_pub_key[512]; /* public key */ 468 /* computed */ 469 uint32_t hrsp_pubkey_len; /* public key length */ 470 uint8_t hrsp_ses_key[512]; /* session key */ 471 /* computed */ 472 uint32_t hrsp_seskey_len; /* session key length */ 473 474 uint8_t *deferred_sbp; /* Pending IO for */ 475 /* auth completion */ 476 uint8_t *deferred_ubp; 477 478 uint32_t flag; 479 #define NLP_REMOTE_AUTH 0x00000001 480 #define NLP_SET_REAUTH_TIME 0x00000002 481 482 emlxs_auth_cfg_t *parent_auth_cfg; /* Original auth_cfg */ 483 /* table entry */ 484 emlxs_auth_key_t *parent_auth_key; /* Original auth_key */ 485 /* table entry */ 486 } emlxs_node_dhc_t; 487 488 489 /* For NULL DHCHAP with MD5 and SHA-1 */ 490 typedef struct _AUTH_NEGOT_PARAMS_1 491 { 492 uint16_t name_tag; /* set to 0x0001 */ 493 uint16_t name_len; /* set to 0x0008 */ 494 NAME_TYPE nodeName; /* WWPN */ 495 uint32_t proto_num; /* set to 0x5 */ 496 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 497 uint32_t proto_id; /* set to HDCHAP */ 498 uint16_t HashList_tag; /* set to 0x0001 */ 499 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 500 uint32_t HashList_value1; /* set to MD5 or SHA1 ID 0x00000005,6 */ 501 uint16_t DHgIDList_tag; /* set to 0x0002 */ 502 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 503 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 504 uint32_t DHgIDList_g1; /* set to 0x0000 0001 */ 505 uint32_t DHgIDList_g2; /* set to 0x0000 0002 */ 506 uint32_t DHgIDList_g3; /* set to 0x0000 0003 */ 507 uint32_t DHgIDList_g4; /* set to 0x0000 0004 */ 508 } AUTH_NEGOT_PARAMS_1; 509 510 511 typedef struct _AUTH_NEGOT_PARAMS_2 512 { 513 uint16_t name_tag; /* set to 0x0001 */ 514 uint16_t name_len; /* set to 0x0008 */ 515 NAME_TYPE nodeName; /* WWPN */ 516 uint32_t proto_num; /* set to 0x5 */ 517 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 518 uint32_t proto_id; /* set to HDCHAP */ 519 uint16_t HashList_tag; /* set to 0x0001 */ 520 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 521 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */ 522 uint32_t HashList_value2; /* set to SHA-1's ID 0x00000006 */ 523 uint16_t DHgIDList_tag; /* set to 0x0002 */ 524 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 525 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 526 uint32_t DHgIDList_g1; /* set to 0x0000 0001 */ 527 uint32_t DHgIDList_g2; /* set to 0x0000 0002 */ 528 uint32_t DHgIDList_g3; /* set to 0x0000 0003 */ 529 uint32_t DHgIDList_g4; /* set to 0x0000 0004 */ 530 } AUTH_NEGOT_PARAMS_2; 531 532 533 /* For NULL DHCHAP with MD5 and SHA-1 */ 534 typedef struct _AUTH_NEGOT_PARAMS 535 { 536 uint16_t name_tag; /* set to 0x0001 */ 537 uint16_t name_len; /* set to 0x0008 */ 538 NAME_TYPE nodeName; /* WWPN */ 539 uint32_t proto_num; /* set to 0x5 */ 540 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 541 uint32_t proto_id; /* set to HDCHAP */ 542 uint16_t HashList_tag; /* set to 0x0001 */ 543 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 544 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */ 545 uint32_t HashList_value2; /* set to SHA-1's ID 0x00000006 */ 546 uint16_t DHgIDList_tag; /* set to 0x0002 */ 547 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 548 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 549 uint32_t DHgIDList_g1; /* set to 0x0000 0001 */ 550 uint32_t DHgIDList_g2; /* set to 0x0000 0002 */ 551 uint32_t DHgIDList_g3; /* set to 0x0000 0003 */ 552 uint32_t DHgIDList_g4; /* set to 0x0000 0004 */ 553 } AUTH_NEGOT_PARAMS; 554 555 typedef struct _AUTH_NEGOT_PARAMS_NULL_1 556 { 557 uint16_t name_tag; /* set to 0x0001 */ 558 uint16_t name_len; /* set to 0x0008 */ 559 NAME_TYPE nodeName; /* WWPN */ 560 uint32_t proto_num; /* set to 0x5 */ 561 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 562 uint32_t proto_id; /* set to HDCHAP */ 563 uint16_t HashList_tag; /* set to 0x0001 */ 564 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 565 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */ 566 uint16_t DHgIDList_tag; /* set to 0x0002 */ 567 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 568 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 569 } AUTH_NEGOT_PARAMS_NULL_1; 570 571 typedef struct _AUTH_NEGOT_PARAMS_NULL_2 572 { 573 uint16_t name_tag; /* set to 0x0001 */ 574 uint16_t name_len; /* set to 0x0008 */ 575 NAME_TYPE nodeName; /* WWPN */ 576 uint32_t proto_num; /* set to 0x5 */ 577 uint32_t para_len; /* set to 0x28 i.e., 40 bytes */ 578 uint32_t proto_id; /* set to HDCHAP */ 579 uint16_t HashList_tag; /* set to 0x0001 */ 580 uint16_t HashList_wcnt; /* set to 0x0002 i.e. MD5 and SHA-1 */ 581 uint32_t HashList_value1; /* set to MD5's ID 0x00000005 */ 582 uint32_t HashList_value2; 583 uint16_t DHgIDList_tag; /* set to 0x0002 */ 584 uint16_t DHgIDList_wnt; /* set to 0x0005 i.e., Full DH groups */ 585 uint32_t DHgIDList_g0; /* set to 0x0000 0000 */ 586 } AUTH_NEGOT_PARAMS_NULL_2; 587 588 589 /* Generic AUTH ELS Header */ 590 typedef struct _AUTH_MSG_HDR 591 { 592 /* 20 bytes in total */ 593 uint8_t auth_els_code; /* always 0x90h */ 594 uint8_t auth_els_flags; 595 uint8_t auth_msg_code; /* see above */ 596 uint8_t proto_version; 597 uint32_t msg_len; /* size of msg payload in byte */ 598 uint32_t tran_id; 599 uint16_t name_tag; /* set to 0x0001 */ 600 uint16_t name_len; /* set to 0x0008 */ 601 NAME_TYPE nodeName; /* WWPN */ 602 } AUTH_MSG_HDR; 603 604 605 typedef struct _SHA1_CVAL 606 { 607 uint8_t val[20]; 608 } SHA1_CVAL; 609 610 611 typedef struct _MD5_CVAL 612 { 613 uint8_t val[16]; 614 } MD5_CVAL; 615 616 617 union challenge_val 618 { 619 SHA1_CVAL sha1; 620 MD5_CVAL md5; 621 }; 622 623 624 /* DHCHAP_Replay */ 625 typedef struct _DHCHAP_REPLY_HDR 626 { 627 uint8_t auth_els_code; /* always 0x90h */ 628 uint8_t auth_els_flags; 629 uint8_t auth_msg_code; /* see above */ 630 uint8_t proto_version; 631 uint32_t msg_len; /* size of msg payload in byte */ 632 uint32_t tran_id; /* transaction id */ 633 } DHCHAP_REPLY_HDR; 634 635 636 /* DHCHAP_Challenge */ 637 typedef struct _DHCHAP_CHALL_NULL 638 { 639 AUTH_MSG_HDR msg_hdr; 640 uint32_t hash_id; 641 uint32_t dhgp_id; 642 uint32_t cval_len; 643 } DHCHAP_CHALL_NULL; 644 645 typedef struct _DHCHAP_CHALL 646 { 647 DHCHAP_CHALL_NULL cnul; 648 uint8_t *dhval; 649 } DHCHAP_CHALL; 650 651 /* 652 * size of msg_payload is variable based on the different protocol 653 * parameters supported in the driver. 654 * 655 * For DHCHAP we plan to support NULL, group 1, 2, 3, 4. 656 * 657 * For NULL DHCHAP protocol only: of these protocol identifiers, 658 * we need name_tag = 2 bytes name_len_size = 2 bytes name_len = 8 bytes 659 * number of usable auth proto = 4 bytes 660 * 661 * --------- for example for NULL DHCAHP only -------------------- 662 * auth proto #1 len = 4 bytes #1 ID = 4 bytes #1 params = 4 + 16 bytes. 663 * ------ Total for NULL DHCHAP = (16 + 12 + 16 ) = 44 bytes. 664 * 665 * If number of usable auth proto is 5, then we should have 5 auth proto params. 666 * assume we are using name_tag 0x0001, then auth name in total = 12 bytes. 667 * 668 * 12 bytes + 4 bytes = 16 bytes. 4 + 4 + 4 = 12 bytes 669 * (num of usable auth proto size = 4 670 * auth proto params #1 len size = 4 671 * auth prot ID for #1 size = 4 672 * 673 * For DHCHAP param: HashList 2 param tag size (set to 0x0001 as HashList) 674 * 2 param word cnt size (set to 0x0002 as two hash funcs) 675 * 8 for hash ids: MD5 and SHA-1 DHgIDList 676 * 2 param tag size (set to 0x0002 as DHgIDList) 677 * 2 param word cnt size (set to 0x0005 as NULL and 1/2/3/4 groups) 20 for 678 * 5 groups 0x0000 0000 0x0000 0001 0x0000 0002 0x0000 0003 0x0000 0004 679 * Total for FULL group support (16 + 12 + 12 + 24 ) = 64 bytes. 680 * 681 */ 682 683 typedef struct _AUTH_MSG_NEGOT_1 { /* in Big Endian format */ 684 uint8_t auth_els_code; /* always 0x90h */ 685 uint8_t auth_els_flags; 686 uint8_t auth_msg_code; /* see above */ 687 uint8_t proto_version; 688 uint32_t msg_len; /* size of msg payload */ 689 /* in byte */ 690 uint32_t tran_id; /* transaction identifier */ 691 692 /* anything else is variable in size (bytes) */ 693 /* uint8_t msg_payload[MAX_AUTH_MSG_SIZE]; */ 694 AUTH_NEGOT_PARAMS_1 params; 695 } AUTH_MSG_NEGOT_1, *PAUTH_MSG_NEGOT_1; 696 697 698 typedef struct _AUTH_MSG_NEGOT_2 { /* in Big Endian format */ 699 uint8_t auth_els_code; /* always 0x90h */ 700 uint8_t auth_els_flags; 701 uint8_t auth_msg_code; /* see above */ 702 uint8_t proto_version; 703 uint32_t msg_len; /* size of msg payload */ 704 /* in byte */ 705 uint32_t tran_id; /* transaction identifier */ 706 707 /* anything else is variable in size (bytes) */ 708 /* uint8_t msg_payload[MAX_AUTH_MSG_SIZE]; */ 709 AUTH_NEGOT_PARAMS_2 params; 710 } AUTH_MSG_NEGOT_2, *PAUTH_MSG_NEGOT_2; 711 712 713 typedef struct _AUTH_MSG_NEGOT 714 { 715 /* in Big Endian format */ 716 uint8_t auth_els_code; /* always 0x90h */ 717 uint8_t auth_els_flags; 718 uint8_t auth_msg_code; /* see above */ 719 uint8_t proto_version; 720 uint32_t msg_len; /* size of msg payload */ 721 /* in byte */ 722 uint32_t tran_id; /* transaction identifier */ 723 724 /* anything else is variable in size (bytes) */ 725 /* uint8_t msg_payload[MAX_AUTH_MSG_SIZE]; */ 726 AUTH_NEGOT_PARAMS params; 727 } AUTH_MSG_NEGOT, *PAUTH_MSG_NEGOT; 728 729 730 /* AUTH_Negotiate msg for NULL DH support only */ 731 typedef struct _AUTH_MSG_NEGOT_NULL 732 { 733 uint8_t auth_els_code; 734 uint8_t auth_els_flags; 735 uint8_t auth_msg_code; 736 uint8_t proto_version; 737 uint32_t msg_len; 738 uint32_t tran_id; 739 } AUTH_MSG_NEGOT_NULL, *PAUTH_MSG_NEGOT_NULL; 740 741 typedef struct _AUTH_MSG_NEGOT_NULL_1 742 { 743 uint8_t auth_els_code; 744 uint8_t auth_els_flags; 745 uint8_t auth_msg_code; 746 uint8_t proto_version; 747 uint32_t msg_len; 748 uint32_t tran_id; 749 750 AUTH_NEGOT_PARAMS_NULL_1 params; 751 752 } AUTH_MSG_NEGOT_NULL_1, *PAUTH_MSG_NEGOT_NULL_1; 753 754 typedef struct _AUTH_MSG_NEGOT_NULL_2 755 { 756 uint8_t auth_els_code; 757 uint8_t auth_els_flags; 758 uint8_t auth_msg_code; 759 uint8_t proto_version; 760 uint32_t msg_len; 761 uint32_t tran_id; 762 763 AUTH_NEGOT_PARAMS_NULL_2 params; 764 765 } AUTH_MSG_NEGOT_NULL_2, *PAUTH_MSG_NEGOT_NULL_2; 766 767 768 /* auth_els_flags */ 769 #define AUTH_ELS_FLAGS_MASK 0x0f; 770 771 772 typedef struct _AUTH_RJT 773 { 774 uint8_t auth_els_code; /* always 0x90h */ 775 uint8_t auth_els_flags; 776 uint8_t auth_msg_code; /* see above */ 777 uint8_t proto_version; 778 uint32_t msg_len; /* size of msg payload in byte */ 779 uint32_t tran_id; /* transaction identifier */ 780 781 uint8_t ReasonCode; 782 uint8_t ReasonCodeExplanation; 783 uint16_t Reserved; 784 } AUTH_RJT, *PAUTH_RJT; 785 786 typedef struct _DHCHAP_SUCCESS_HDR 787 { 788 uint8_t auth_els_code; /* always 0x90h */ 789 uint8_t auth_els_flags; 790 uint8_t auth_msg_code; /* see above */ 791 uint8_t proto_version; 792 uint32_t msg_len; /* size of msg payload in byte */ 793 uint32_t tran_id; /* transaction identifier */ 794 795 uint32_t RspVal_len; 796 } DHCHAP_SUCCESS_HDR, *PDHCHAP_SUCCESS_HDR; 797 798 799 typedef struct dh_group_st 800 { 801 unsigned long groupid; 802 unsigned long length; 803 unsigned char value[256]; 804 } DH_GROUP, *PDH_GROUP; 805 806 static char *emlxs_local_pwd = "11223344556677881122334455667788"; 807 static char *emlxs_remote_pwd = "aabbccddeeffgghhaabbccddeeffgghh"; 808 809 static uint8_t emlxs_null_wwn[8] = 810 {0, 0, 0, 0, 0, 0, 0, 0}; 811 static uint8_t emlxs_fabric_wwn[8] = 812 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 813 814 #pragma weak random_get_pseudo_bytes 815 816 817 #endif /* DHCHAP_SUPPORT */ 818 819 #ifdef __cplusplus 820 } 821 #endif 822 823 #endif /* _EMLXS_DHCHAP_H */ 824