1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2009 Emulex.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef _EMLXS_DHCHAP_H
28 #define	_EMLXS_DHCHAP_H
29 
30 #ifdef	__cplusplus
31 extern "C" {
32 #endif
33 
34 #ifdef DHCHAP_SUPPORT
35 #include <sys/random.h>
36 
37 
38 /* emlxs_auth_cfg_t */
39 #define	PASSWORD_TYPE_ASCII	1
40 #define	PASSWORD_TYPE_BINARY	2
41 #define	PASSWORD_TYPE_IGNORE	3
42 
43 #define	AUTH_MODE_DISABLED	1
44 #define	AUTH_MODE_ACTIVE	2
45 #define	AUTH_MODE_PASSIVE	3
46 
47 #define	ELX_DHCHAP		0x01	/* Only one currently supported */
48 #define	ELX_FCAP		0x02
49 #define	ELX_FCPAP		0x03
50 #define	ELX_KERBEROS		0x04
51 
52 #define	ELX_MD5			0x01
53 #define	ELX_SHA1		0x02
54 
55 #define	ELX_GROUP_NULL		0x01
56 #define	ELX_GROUP_1024		0x02
57 #define	ELX_GROUP_1280		0x03
58 #define	ELX_GROUP_1536		0x04
59 #define	ELX_GROUP_2048		0x05
60 
61 
62 /* AUTH_ELS Code */
63 #define	ELS_CMD_AUTH_CODE	0x90
64 
65 /* AUTH_ELS Flags */
66 
67 /* state ? */
68 #define	AUTH_FINISH		0xFF
69 #define	AUTH_ABORT		0xFE
70 
71 /* auth_msg code for DHCHAP */
72 #define	AUTH_REJECT		0x0A
73 #define	AUTH_NEGOTIATE		0x0B
74 #define	AUTH_DONE		0x0C
75 #define	DHCHAP_CHALLENGE	0x10
76 #define	DHCHAP_REPLY		0x11
77 #define	DHCHAP_SUCCESS		0x12
78 
79 /* BIG ENDIAN and LITTLE ENDIAN */
80 
81 /* authentication protocol identifiers */
82 #ifdef EMLXS_BIG_ENDIAN
83 
84 #define	AUTH_DHCHAP		0x00000001
85 #define	AUTH_FCAP		0x00000002
86 #define	AUTH_FCPAP		0x00000003
87 #define	AUTH_KERBEROS		0x00000004
88 
89 #define	HASH_LIST_TAG		0x0001
90 #define	DHGID_LIST_TAG		0x0002
91 
92 /* hash function identifiers */
93 #define	AUTH_SHA1		0x00000006
94 #define	AUTH_MD5		0x00000005
95 
96 /* DHCHAP group ids */
97 #define	GROUP_NULL		0x00000000
98 #define	GROUP_1024		0x00000001
99 #define	GROUP_1280		0x00000002
100 #define	GROUP_1536		0x00000003
101 #define	GROUP_2048		0x00000004
102 
103 /* Tran_id Mask */
104 #define	AUTH_TRAN_ID_MASK	0x000000FF
105 
106 #endif	/* EMLXS_BIG_ENDIAN */
107 
108 #ifdef EMLXS_LITTLE_ENDIAN
109 
110 #define	AUTH_DHCHAP		0x01000000
111 #define	AUTH_FCAP		0x02000000
112 #define	AUTH_FCPAP		0x03000000
113 #define	AUTH_KERBEROS		0x04000000
114 
115 #define	HASH_LIST_TAG		0x0100
116 #define	DHGID_LIST_TAG		0x0200
117 
118 /* hash function identifiers */
119 #define	AUTH_SHA1		0x06000000
120 #define	AUTH_MD5		0x05000000
121 
122 /* DHCHAP group ids */
123 #define	GROUP_NULL		0x00000000
124 #define	GROUP_1024		0x01000000
125 #define	GROUP_1280		0x02000000
126 #define	GROUP_1536		0x03000000
127 #define	GROUP_2048		0x04000000
128 
129 /* Tran_id Mask */
130 #define	AUTH_TRAN_ID_MASK	0xFF000000
131 
132 #endif	/* EMLXS_LITTLE_ENDIAN */
133 
134 /* hash funcs hash length in byte */
135 #define	SHA1_LEN		0x00000014	/* 20 bytes */
136 #define	MD5_LEN			0x00000010	/* 16 bytes */
137 
138 #define	HBA_SECURITY			0x20
139 
140 /* AUTH_Reject Reason Codes */
141 #define	AUTHRJT_FAILURE			0x01
142 #define	AUTHRJT_LOGIC_ERR		0x02
143 
144 /* LS_RJT Reason Codes for AUTH_ELS */
145 #define	LSRJT_AUTH_REQUIRED		0x03
146 #define	LSRJT_AUTH_LOGICAL_BSY		0x05
147 #define	LSRJT_AUTH_ELS_NOT_SUPPORTED	0x0B
148 #define	LSRJT_AUTH_NOT_LOGGED_IN	0x09
149 
150 /* AUTH_Reject Reason Code Explanations */
151 #define	AUTHEXP_MECH_UNUSABLE		0x01 /* AUTHRJT_LOGIC_ERR */
152 #define	AUTHEXP_DHGROUP_UNUSABLE	0x02 /* AUTHRJT_LOGIC_ERR */
153 #define	AUTHEXP_HASHFUNC_UNUSABLE	0x03 /* AUTHRJT_LOGIC_ERR */
154 #define	AUTHEXP_AUTHTRAN_STARTED	0x04 /* AUTHRJT_LOGIC_ERR */
155 #define	AUTHEXP_AUTH_FAILED		0x05 /* AUTHRJT_FAILURE */
156 #define	AUTHEXP_BAD_PAYLOAD		0x06 /* AUTHRJT_FAILURE */
157 #define	AUTHEXP_BAD_PROTOCOL		0x07 /* AUTHRJT_FAILURE */
158 #define	AUTHEXP_RESTART_AUTH		0x08 /* AUTHRJT_LOGIC_ERR */
159 #define	AUTHEXP_CONCAT_UNSUPP		0x09 /* AUTHRJT_LOGIC_ERR */
160 #define	AUTHEXP_BAD_PROTOVERS		0x0A /* AUTHRJT_LOGIC_ERR */
161 
162 /* LS_RJT Reason Code Explanations for AUTH_ELS */
163 #define	LSEXP_AUTH_REQUIRED		0x48
164 #define	LSEXP_AUTH_ELS_NOT_SUPPORTED	0x2C
165 #define	LSEXP_AUTH_ELS_NOT_LOGGED_IN	0x1E
166 #define	LSEXP_AUTH_LOGICAL_BUSY		0x00
167 
168 
169 #define	MAX_AUTH_MSA_SIZE 1024
170 
171 #define	MAX_AUTH_PID 	0x4	/* Max auth proto identifier list */
172 
173 /* parameter tag */
174 #define	HASH_LIST	0x0001
175 #define	DHG_ID_LIST	0x0002
176 
177 /* name tag from Table 13 v1.8 pp 30 */
178 #ifdef EMLXS_BIG_ENDIAN
179 #define	AUTH_NAME_ID		0x0001
180 #define	AUTH_NAME_LEN		0x0008
181 #define	AUTH_PROTO_NUM		0x00000001
182 #define	AUTH_NULL_PARA_LEN	0x00000028
183 #endif	/* EMLXS_BIG_ENDIAN */
184 
185 #ifdef EMLXS_LITTLE_ENDIAN
186 #define	AUTH_NAME_ID		0x0100
187 #define	AUTH_NAME_LEN		0x0800
188 #define	AUTH_PROTO_NUM		0x01000000
189 #define	AUTH_NULL_PARA_LEN	0x28000000
190 #endif	/* EMLXS_LITTLE_ENDIAN */
191 
192 /* name tag from Table 103 v 1.8 pp 123 */
193 #define	AUTH_NODE_NAME		0x0002
194 #define	AUTH_PORT_NAME		0x0003
195 
196 /*
197  * Sysevent support
198  */
199 /* ddi_log_sysevent() vendors */
200 #define	DDI_VENDOR_EMLX		"EMLXS"
201 
202 /* Class */
203 #define	EC_EMLXS	"EC_emlxs"
204 
205 /* Subclass */
206 #define	ESC_EMLXS_01	"ESC_emlxs_issue_auth_negotiate"
207 #define	ESC_EMLXS_02	"ESC_emlxs_cmpl_auth_negotiate_issue"
208 
209 #define	ESC_EMLXS_03	"ESC_emlxs_rcv_auth_msg_auth_negotiate_issue"
210 #define	ESC_EMLXS_04	"ESC_emlxs_cmpl_auth_msg_auth_negotiate_issue"
211 
212 #define	ESC_EMLXS_05	"ESC_emlxs_rcv_auth_msg_unmapped_node"
213 #define	ESC_EMLXS_06	"ESC_emlxs_issue_dhchap_challenge"
214 #define	ESC_EMLXS_07	"ESC_emlxs_cmpl_dhchap_challenge_issue"
215 
216 #define	ESC_EMLXS_08	"ESC_emlxs_rcv_auth_msg_dhchap_challenge_cmpl_wait4next"
217 
218 #define	ESC_EMLXS_09	"ESC_emlxs_rcv_auth_msg_auth_negotiate_rcv"
219 #define	ESC_EMLXS_10	"ESC_emlxs_cmpl_auth_msg_auth_negotiate_rcv"
220 
221 #define	ESC_EMLXS_11 	"ESC_emlxs_cmpl_cmpl_dhchap_reply_issue"
222 #define	ESC_EMLXS_12	"ESC_emlxs_cmpl_dhchap_reply_issue"
223 #define	ESC_EMLXS_13	"ESC_emlxs_cmpl_auth_msg_dhchap_reply_issue"
224 
225 #define	ESC_EMLXS_14	"ESC_emlxs_cmpl_auth_msg_auth_negotiate_cmpl_wait4next"
226 
227 #define	ESC_EMLXS_15	"ESC_emlxs_issue_dhchap_success"
228 
229 #define	ESC_EMLXS_16	"ESC_emlxs_rcv_auth_msg_dhchap_challenge_issue"
230 #define	ESC_EMLXS_17	"ESC_emlxs_cmpl_auth_msg_dhchap_challenge_issue"
231 
232 #define	ESC_EMLXS_18	"ESC_emlxs_rcv_auth_msg_dhchap_reply_issue"
233 
234 #define	ESC_EMLXS_19 \
235 	"ESC_emlxs_cmpl_auth_msg_dhchap_challenge_cmpl_wait4next"
236 
237 #define	ESC_EMLXS_20	"ESC_emlxs_rcv_auth_msg_dhchap_reply_cmpl_wait4next"
238 #define	ESC_EMLXS_21	"ESC_emlxs_cmpl_dhchap_success_issue"
239 #define	ESC_EMLXS_22	"ESC_emlxs_cmpl_auth_msg_dhchap_success_issue"
240 
241 #define	ESC_EMLXS_23	"ESC_emlxs_cmpl_auth_msg_dhchap_reply_cmpl_wait4next"
242 
243 #define	ESC_EMLXS_24	"ESC_emlxs_rcv_auth_msg_dhchap_success_issue_wait4next"
244 #define	ESC_EMLXS_25	"ESC_emlxs_cmpl_auth_msg_dhchap_success_issue_wait4next"
245 
246 #define	ESC_EMLXS_26	"ESC_emlxs_rcv_auth_msg_dhchap_success_cmpl_wait4next"
247 #define	ESC_EMLXS_27	"ESC_emlxs_cmpl_auth_msg_dhchap_success_cmpl_wait4next"
248 
249 #define	ESC_EMLXS_28	"ESC_emlxs_issue_auth_reject"
250 #define	ESC_EMLXS_29	"ESC_emlxs_cmpl_auth_reject_issue"
251 
252 #define	ESC_EMLXS_30	"ESC_emlxs_rcv_auth_msg_npr_node"
253 
254 #define	ESC_EMLXS_31	"ESC_emlxs_dhc_reauth_timeout"
255 
256 #define	ESC_EMLXS_32	"ESC_emlxs_dhc_authrsp_timeout"
257 
258 #define	ESC_EMLXS_33	"ESC_emlxs_ioctl_auth_setcfg"
259 #define	ESC_EMLXS_34	"ESC_emlxs_ioctl_auth_setpwd"
260 #define	ESC_EMLXS_35	"ESC_emlxs_ioctl_auth_delcfg"
261 #define	ESC_EMLXS_36	"ESC_emlxs_ioctl_auth_delpwd"
262 
263 
264 /* From HBAnyware dfc lib FC-SP */
265 typedef struct emlxs_auth_cfg
266 {
267 	NAME_TYPE		local_entity;	/* host wwpn (NPIV support) */
268 	NAME_TYPE		remote_entity;	/* switch or target wwpn */
269 	uint32_t		authentication_timeout;
270 	uint32_t		authentication_mode;
271 	uint32_t		bidirectional:1;
272 	uint32_t		reserved:31;
273 	uint32_t		authentication_type_priority[4];
274 	uint32_t		hash_priority[4];
275 	uint32_t		dh_group_priority[8];
276 	uint32_t		reauthenticate_time_interval;
277 
278 	dfc_auth_status_t	auth_status;
279 	time_t			auth_time;
280 	struct emlxs_node	*node;
281 
282 	struct emlxs_auth_cfg	*prev;
283 	struct emlxs_auth_cfg	*next;
284 } emlxs_auth_cfg_t;
285 
286 
287 typedef struct emlxs_auth_key
288 {
289 	NAME_TYPE		local_entity;		/* host wwpn */
290 							/* (NPIV support) */
291 	NAME_TYPE		remote_entity;		/* switch or target */
292 							/* wwpn */
293 	uint16_t		local_password_length;
294 	uint16_t		local_password_type;
295 	uint8_t			local_password[128];	/* hba authenticates */
296 							/* to switch  */
297 	uint16_t		remote_password_length;
298 	uint16_t		remote_password_type;
299 	uint8_t			remote_password[128];	/* hba authenticates */
300 							/* to switch  */
301 
302 	struct emlxs_node	*node;
303 
304 	struct emlxs_auth_key	*prev;
305 	struct emlxs_auth_key	*next;
306 } emlxs_auth_key_t;
307 
308 
309 typedef struct emlxs_auth_misc
310 {
311 	uint8_t		bi_cval[20];		/* our challenge for bi-dir */
312 						/* auth in reply as initiator */
313 	uint32_t	bi_cval_len;		/* 16 for MD5, 20 for SHA1 */
314 	uint8_t		pub_key[512];		/* max is 512 bytes value of */
315 						/* (g^y mod p) */
316 	uint32_t	pubkey_len;		/* real length of the pub key */
317 	uint8_t		ses_key[512];		/* session key: value of */
318 						/* (g^xy mod p) */
319 	uint32_t	seskey_len;		/* real length of the session */
320 						/* key */
321 
322 	/* The following are parameters when host is the responder */
323 	uint8_t		hrsp_cval[20];		/* challenge value from host */
324 						/* as responder */
325 	uint32_t	hrsp_cval_len;		/* host as the responder its */
326 						/* challenge value len */
327 	uint8_t		hrsp_priv_key[20];	/* the private key generated */
328 						/* in host as responder */
329 	uint8_t		hrsp_pub_key[512];	/* public key calculated when */
330 						/* host as responder */
331 	uint32_t	hrsp_pubkey_len;	/* public key length when */
332 						/* host is responder */
333 	uint8_t		hrsp_ses_key[512];	/* session key computed when */
334 						/* host is responder */
335 	uint32_t	hrsp_seskey_len;	/* session key length when */
336 						/* host is responder */
337 } emlxs_auth_misc_t;
338 
339 
340 /*
341  * emlxs_port_dhc struct to be used by emlxs_port_t in emlxs_fc.h
342  *
343  * This structure contains all the data used by DHCHAP.
344  * They are from EMLXSHBA_t in emlxs driver.
345  *
346  */
347 typedef struct emlxs_port_dhc
348 {
349 
350 	int32_t			state;
351 #define	ELX_FABRIC_STATE_UNKNOWN	0x00
352 #define	ELX_FABRIC_AUTH_DISABLED	0x01
353 #define	ELX_FABRIC_AUTH_FAILED		0x02
354 #define	ELX_FABRIC_AUTH_SUCCESS		0x03
355 #define	ELX_FABRIC_IN_AUTH		0x04
356 #define	ELX_FABRIC_IN_REAUTH		0x05
357 
358 	dfc_auth_status_t	auth_status;  /* Fabric auth status */
359 	time_t			auth_time;
360 
361 } emlxs_port_dhc_t;
362 
363 
364 /* Node Events */
365 #define	NODE_EVENT_DEVICE_RM		0x0	/* Auth response timeout and */
366 						/* fail */
367 #define	NODE_EVENT_DEVICE_RECOVERY	0x1	/* Auth response timeout and */
368 						/* recovery */
369 #define	NODE_EVENT_RCV_AUTH_MSG		0x2	/* Unsolicited Auth received */
370 #define	NODE_EVENT_CMPL_AUTH_MSG	0x3
371 #define	NODE_EVENT_MAX_EVENT		0x4
372 
373 /*
374  * emlxs_node_dhc struct to be used in emlxs_node_t.
375  * They are from emlxs_nodelist_t in emlxs driver.
376  */
377 typedef struct emlxs_node_dhc
378 {
379 	uint16_t		state;		/* used for state machine */
380 #define	NODE_STATE_UNKNOWN				0x00
381 #define	NODE_STATE_AUTH_DISABLED 			0x01
382 #define	NODE_STATE_AUTH_FAILED				0x02
383 #define	NODE_STATE_AUTH_SUCCESS				0x03
384 #define	NODE_STATE_AUTH_NEGOTIATE_ISSUE			0x04
385 #define	NODE_STATE_AUTH_NEGOTIATE_RCV			0x05
386 #define	NODE_STATE_AUTH_NEGOTIATE_CMPL_WAIT4NEXT	0x06
387 #define	NODE_STATE_DHCHAP_CHALLENGE_ISSUE		0x07
388 #define	NODE_STATE_DHCHAP_REPLY_ISSUE			0x08
389 #define	NODE_STATE_DHCHAP_CHALLENGE_CMPL_WAIT4NEXT	0x09
390 #define	NODE_STATE_DHCHAP_REPLY_CMPL_WAIT4NEXT		0x0A
391 #define	NODE_STATE_DHCHAP_SUCCESS_ISSUE			0x0B
392 #define	NODE_STATE_DHCHAP_SUCCESS_ISSUE_WAIT4NEXT	0x0C
393 #define	NODE_STATE_DHCHAP_SUCCESS_CMPL_WAIT4NEXT	0x0D
394 #define	NODE_STATE_NOCHANGE				0xFFFFFFFF
395 
396 	uint16_t		prev_state;  /* for info only */
397 
398 	uint32_t		disc_refcnt;
399 
400 	emlxs_auth_cfg_t	auth_cfg;
401 	emlxs_auth_key_t	auth_key;
402 
403 	uint32_t		nlp_authrsp_tmo;	/* Response timeout */
404 	uint32_t		nlp_authrsp_tmocnt;
405 
406 	uint32_t		nlp_auth_tranid_ini;	/* tran_id when this */
407 							/* node is initiator */
408 	uint32_t		nlp_auth_tranid_rsp;	/* tran_id when this */
409 							/* node is responder */
410 
411 	uint32_t		nlp_auth_flag;		/* 1:initiator */
412 							/* 2:responder */
413 	uint32_t		nlp_auth_limit;		/* 1: NULL DHCHAP */
414 							/* 2: full support */
415 
416 	/* information in DHCHAP_Challenge as the auth responder */
417 	uint32_t		nlp_auth_hashid;
418 	uint32_t		nlp_auth_dhgpid;
419 	uint32_t		nlp_auth_bidir;
420 	NAME_TYPE		nlp_auth_wwn;
421 
422 	emlxs_auth_misc_t	nlp_auth_misc;
423 
424 	uint32_t		nlp_reauth_tmo;
425 	uint16_t		nlp_reauth_status;
426 #define	NLP_HOST_REAUTH_DISABLED	0x0
427 #define	NLP_HOST_REAUTH_ENABLED		0x1
428 #define	NLP_HOST_REAUTH_IN_PROGRESS	0x2
429 
430 	uint32_t		nlp_fb_vendor;
431 #define	NLP_FABRIC_CISCO	0x1
432 #define	NLP_FABRIC_OTHERS	0x2
433 
434 	uint32_t		fc_dhchap_success_expected;
435 
436 	/* hash_id, dhgp_id are set from responder, host is the initiator */
437 	uint32_t		hash_id;		/* 0x05 for MD5 */
438 							/* 0x06 for SHA-1 */
439 	uint32_t		dhgp_id;		/* DH grp identifier */
440 
441 	uint8_t			bi_cval[20];		/* our challenge for */
442 							/* bi-dir auth in */
443 							/* reply as initiator */
444 	uint32_t		bi_cval_len;		/* 16 for MD5 */
445 							/* 20 for SHA1 */
446 	uint8_t			pub_key[512];		/* max is 512 bytes */
447 							/* value (g^y mod p) */
448 	uint32_t		pubkey_len;		/* real length of the */
449 							/* pub key */
450 	uint8_t			ses_key[512];		/* session key: */
451 							/* value (g^xy mod p) */
452 	uint32_t		seskey_len;		/* real length of the */
453 							/* session key */
454 
455 	/* The following are parameters when host is the responder */
456 
457 	uint8_t			hrsp_cval[20];		/* challenge value */
458 	uint32_t		hrsp_cval_len;		/* challenge value */
459 							/* length */
460 	uint8_t			hrsp_priv_key[20];	/* private key */
461 							/* generated */
462 	uint8_t			hrsp_pub_key[512];	/* public key */
463 							/* computed */
464 	uint32_t		hrsp_pubkey_len;	/* public key length */
465 	uint8_t			hrsp_ses_key[512];	/* session key */
466 							/* computed */
467 	uint32_t		hrsp_seskey_len;	/* session key length */
468 
469 	uint8_t			*deferred_sbp;		/* Pending IO for */
470 							/* auth completion */
471 	uint8_t			*deferred_ubp;
472 
473 	uint32_t		flag;
474 #define	NLP_REMOTE_AUTH			0x00000001
475 #define	NLP_SET_REAUTH_TIME		0x00000002
476 
477 	emlxs_auth_cfg_t	*parent_auth_cfg;	/* Original auth_cfg */
478 							/* table entry */
479 	emlxs_auth_key_t	*parent_auth_key;	/* Original auth_key */
480 							/* table entry */
481 } emlxs_node_dhc_t;
482 
483 
484 /* For NULL DHCHAP with MD5 and SHA-1 */
485 typedef struct _AUTH_NEGOT_PARAMS_1
486 {
487 	uint16_t  name_tag;		/* set to 0x0001 */
488 	uint16_t  name_len;		/* set to 0x0008 */
489 	NAME_TYPE nodeName;		/* WWPN */
490 	uint32_t  proto_num;		/* set to 0x5 */
491 	uint32_t  para_len;		/* set to 0x28 i.e., 40 bytes */
492 	uint32_t  proto_id;		/* set to HDCHAP */
493 	uint16_t  HashList_tag;		/* set to 0x0001 */
494 	uint16_t  HashList_wcnt;	/* set to 0x0002 i.e. MD5 and SHA-1 */
495 	uint32_t  HashList_value1;	/* set to MD5 or SHA1 ID 0x00000005,6 */
496 	uint16_t  DHgIDList_tag;	/* set to 0x0002 */
497 	uint16_t  DHgIDList_wnt;	/* set to 0x0005 i.e., Full DH groups */
498 	uint32_t  DHgIDList_g0;		/* set to 0x0000 0000 */
499 	uint32_t  DHgIDList_g1;		/* set to 0x0000 0001 */
500 	uint32_t  DHgIDList_g2;		/* set to 0x0000 0002 */
501 	uint32_t  DHgIDList_g3;		/* set to 0x0000 0003 */
502 	uint32_t  DHgIDList_g4;		/* set to 0x0000 0004 */
503 } AUTH_NEGOT_PARAMS_1;
504 
505 
506 typedef struct _AUTH_NEGOT_PARAMS_2
507 {
508 	uint16_t  name_tag;		/* set to 0x0001 */
509 	uint16_t  name_len;		/* set to 0x0008 */
510 	NAME_TYPE nodeName;		/* WWPN */
511 	uint32_t  proto_num;		/* set to 0x5 */
512 	uint32_t  para_len;		/* set to 0x28 i.e., 40 bytes */
513 	uint32_t  proto_id;		/* set to HDCHAP */
514 	uint16_t  HashList_tag;		/* set to 0x0001 */
515 	uint16_t  HashList_wcnt;	/* set to 0x0002 i.e. MD5 and SHA-1 */
516 	uint32_t  HashList_value1;	/* set to MD5's   ID 0x00000005 */
517 	uint32_t  HashList_value2;	/* set to SHA-1's ID 0x00000006 */
518 	uint16_t  DHgIDList_tag;	/* set to 0x0002 */
519 	uint16_t  DHgIDList_wnt;	/* set to 0x0005 i.e., Full DH groups */
520 	uint32_t  DHgIDList_g0;		/* set to 0x0000 0000 */
521 	uint32_t  DHgIDList_g1;		/* set to 0x0000 0001 */
522 	uint32_t  DHgIDList_g2;		/* set to 0x0000 0002 */
523 	uint32_t  DHgIDList_g3;		/* set to 0x0000 0003 */
524 	uint32_t  DHgIDList_g4;		/* set to 0x0000 0004 */
525 } AUTH_NEGOT_PARAMS_2;
526 
527 
528 /* For NULL DHCHAP with MD5 and SHA-1 */
529 typedef struct _AUTH_NEGOT_PARAMS
530 {
531 	uint16_t  name_tag;		/* set to 0x0001 */
532 	uint16_t  name_len;		/* set to 0x0008 */
533 	NAME_TYPE nodeName;		/* WWPN */
534 	uint32_t  proto_num;		/* set to 0x5 */
535 	uint32_t  para_len;		/* set to 0x28 i.e., 40 bytes */
536 	uint32_t  proto_id;		/* set to HDCHAP */
537 	uint16_t  HashList_tag;		/* set to 0x0001 */
538 	uint16_t  HashList_wcnt;	/* set to 0x0002 i.e. MD5 and SHA-1 */
539 	uint32_t  HashList_value1;	/* set to MD5's   ID 0x00000005 */
540 	uint32_t  HashList_value2;	/* set to SHA-1's ID 0x00000006 */
541 	uint16_t  DHgIDList_tag;	/* set to 0x0002 */
542 	uint16_t  DHgIDList_wnt;	/* set to 0x0005 i.e., Full DH groups */
543 	uint32_t  DHgIDList_g0;		/* set to 0x0000 0000 */
544 	uint32_t  DHgIDList_g1;		/* set to 0x0000 0001 */
545 	uint32_t  DHgIDList_g2;		/* set to 0x0000 0002 */
546 	uint32_t  DHgIDList_g3;		/* set to 0x0000 0003 */
547 	uint32_t  DHgIDList_g4;		/* set to 0x0000 0004 */
548 } AUTH_NEGOT_PARAMS;
549 
550 typedef struct _AUTH_NEGOT_PARAMS_NULL_1
551 {
552 	uint16_t  name_tag;		/* set to 0x0001 */
553 	uint16_t  name_len;		/* set to 0x0008 */
554 	NAME_TYPE nodeName;		/* WWPN */
555 	uint32_t  proto_num;		/* set to 0x5 */
556 	uint32_t  para_len;		/* set to 0x28 i.e., 40 bytes */
557 	uint32_t  proto_id;		/* set to HDCHAP */
558 	uint16_t  HashList_tag;		/* set to 0x0001 */
559 	uint16_t  HashList_wcnt;	/* set to 0x0002 i.e. MD5 and SHA-1 */
560 	uint32_t  HashList_value1;	/* set to MD5's   ID 0x00000005 */
561 	uint16_t  DHgIDList_tag;	/* set to 0x0002 */
562 	uint16_t  DHgIDList_wnt;	/* set to 0x0005 i.e., Full DH groups */
563 	uint32_t  DHgIDList_g0;		/* set to 0x0000 0000 */
564 } AUTH_NEGOT_PARAMS_NULL_1;
565 
566 typedef struct _AUTH_NEGOT_PARAMS_NULL_2
567 {
568 	uint16_t  name_tag;		/* set to 0x0001 */
569 	uint16_t  name_len;		/* set to 0x0008 */
570 	NAME_TYPE nodeName;		/* WWPN */
571 	uint32_t  proto_num;		/* set to 0x5 */
572 	uint32_t  para_len;		/* set to 0x28 i.e., 40 bytes */
573 	uint32_t  proto_id;		/* set to HDCHAP */
574 	uint16_t  HashList_tag;		/* set to 0x0001 */
575 	uint16_t  HashList_wcnt;	/* set to 0x0002 i.e. MD5 and SHA-1 */
576 	uint32_t  HashList_value1;	/* set to MD5's   ID 0x00000005 */
577 	uint32_t  HashList_value2;
578 	uint16_t  DHgIDList_tag;	/* set to 0x0002 */
579 	uint16_t  DHgIDList_wnt;	/* set to 0x0005 i.e., Full DH groups */
580 	uint32_t  DHgIDList_g0;		/* set to 0x0000 0000 */
581 } AUTH_NEGOT_PARAMS_NULL_2;
582 
583 
584 /* Generic AUTH ELS Header */
585 typedef struct _AUTH_MSG_HDR
586 {
587 	/* 20 bytes in total */
588 	uint8_t		auth_els_code;	/* always 0x90h */
589 	uint8_t		auth_els_flags;
590 	uint8_t		auth_msg_code;	/* see above */
591 	uint8_t		proto_version;
592 	uint32_t	msg_len;	/* size of msg payload in byte */
593 	uint32_t	tran_id;
594 	uint16_t	name_tag;	/* set to 0x0001 */
595 	uint16_t	name_len;	/* set to 0x0008 */
596 	NAME_TYPE	nodeName;	/* WWPN */
597 } AUTH_MSG_HDR;
598 
599 
600 typedef struct _SHA1_CVAL
601 {
602 	uint8_t val[20];
603 } SHA1_CVAL;
604 
605 
606 typedef struct _MD5_CVAL
607 {
608 	uint8_t	val[16];
609 } MD5_CVAL;
610 
611 
612 union challenge_val
613 {
614 	SHA1_CVAL	sha1;
615 	MD5_CVAL	md5;
616 };
617 
618 
619 /* DHCHAP_Replay */
620 typedef struct _DHCHAP_REPLY_HDR
621 {
622 	uint8_t  auth_els_code;	/* always 0x90h */
623 	uint8_t  auth_els_flags;
624 	uint8_t  auth_msg_code;	/* see above */
625 	uint8_t  proto_version;
626 	uint32_t msg_len;	/* size of msg payload in byte */
627 	uint32_t tran_id;	/* transaction id */
628 } DHCHAP_REPLY_HDR;
629 
630 
631 /* DHCHAP_Challenge */
632 typedef struct _DHCHAP_CHALL_NULL
633 {
634 	AUTH_MSG_HDR	msg_hdr;
635 	uint32_t	hash_id;
636 	uint32_t	dhgp_id;
637 	uint32_t	cval_len;
638 } DHCHAP_CHALL_NULL;
639 
640 typedef struct _DHCHAP_CHALL
641 {
642 	DHCHAP_CHALL_NULL	cnul;
643 	uint8_t			*dhval;
644 } DHCHAP_CHALL;
645 
646 /*
647  * size of msg_payload is variable based on the different protocol
648  * parameters supported in the driver.
649  *
650  * For DHCHAP we plan to support NULL, group 1, 2, 3, 4.
651  *
652  * For NULL DHCHAP protocol only: of these protocol identifiers,
653  * we need name_tag = 2 bytes name_len_size = 2 bytes name_len = 8 bytes
654  * number of usable auth proto = 4 bytes
655  *
656  * --------- for example for NULL DHCAHP only --------------------
657  * auth proto #1 len = 4 bytes #1 ID  = 4 bytes #1 params = 4 + 16 bytes.
658  * ------ Total for NULL DHCHAP = (16 + 12 + 16 ) = 44 bytes.
659  *
660  * If number of usable auth proto is 5, then we should have 5 auth proto params.
661  * assume we are using name_tag 0x0001, then auth name in total = 12 bytes.
662  *
663  * 12 bytes + 4 bytes = 16 bytes. 4 + 4 + 4 = 12 bytes
664  * (num of usable auth proto size = 4
665  * auth proto params #1 len size = 4
666  * auth prot ID for #1 size  = 4
667  *
668  * For DHCHAP param: HashList	2 param tag size (set to 0x0001 as HashList)
669  * 2 param word cnt size (set to 0x0002 as two hash funcs)
670  * 8 for hash ids: MD5 and SHA-1 DHgIDList
671  * 2 param tag size (set to 0x0002 as DHgIDList)
672  * 2 param word cnt size (set to 0x0005 as NULL and 1/2/3/4 groups) 20 for
673  * 5 groups 0x0000 0000 0x0000 0001 0x0000 0002 0x0000 0003 0x0000 0004
674  * Total for FULL group support (16 + 12 + 12 + 24 ) = 64 bytes.
675  *
676  */
677 
678 typedef struct _AUTH_MSG_NEGOT_1 { /* in Big Endian format */
679 	uint8_t			auth_els_code;  /* always 0x90h */
680 	uint8_t			auth_els_flags;
681 	uint8_t			auth_msg_code;  /* see above */
682 	uint8_t			proto_version;
683 	uint32_t		msg_len;	/* size of msg payload */
684 						/* in byte */
685 	uint32_t		tran_id;	/* transaction identifier */
686 
687 	/* anything else is variable in size (bytes) */
688 	/* uint8_t   msg_payload[MAX_AUTH_MSG_SIZE]; */
689 	AUTH_NEGOT_PARAMS_1	params;
690 } AUTH_MSG_NEGOT_1, *PAUTH_MSG_NEGOT_1;
691 
692 
693 typedef struct _AUTH_MSG_NEGOT_2 { /* in Big Endian format */
694 	uint8_t			auth_els_code;  /* always 0x90h */
695 	uint8_t			auth_els_flags;
696 	uint8_t			auth_msg_code;  /* see above */
697 	uint8_t			proto_version;
698 	uint32_t		msg_len;	/* size of msg payload */
699 						/* in byte */
700 	uint32_t		tran_id;	/* transaction identifier */
701 
702 	/* anything else is variable in size (bytes) */
703 	/* uint8_t   msg_payload[MAX_AUTH_MSG_SIZE]; */
704 	AUTH_NEGOT_PARAMS_2	params;
705 } AUTH_MSG_NEGOT_2, *PAUTH_MSG_NEGOT_2;
706 
707 
708 typedef struct _AUTH_MSG_NEGOT
709 {
710 	/* in Big Endian format */
711 	uint8_t			auth_els_code;	/* always 0x90h */
712 	uint8_t			auth_els_flags;
713 	uint8_t			auth_msg_code;	/* see above */
714 	uint8_t			proto_version;
715 	uint32_t		msg_len;	/* size of msg payload */
716 						/* in byte */
717 	uint32_t		tran_id;	/* transaction identifier */
718 
719 	/* anything else is variable in size (bytes) */
720 	/* uint8_t	msg_payload[MAX_AUTH_MSG_SIZE]; */
721 	AUTH_NEGOT_PARAMS	params;
722 } AUTH_MSG_NEGOT, *PAUTH_MSG_NEGOT;
723 
724 
725 /* AUTH_Negotiate msg for NULL DH support only */
726 typedef struct _AUTH_MSG_NEGOT_NULL
727 {
728 	uint8_t  auth_els_code;
729 	uint8_t  auth_els_flags;
730 	uint8_t  auth_msg_code;
731 	uint8_t  proto_version;
732 	uint32_t msg_len;
733 	uint32_t tran_id;
734 } AUTH_MSG_NEGOT_NULL, *PAUTH_MSG_NEGOT_NULL;
735 
736 typedef struct _AUTH_MSG_NEGOT_NULL_1
737 {
738 	uint8_t				auth_els_code;
739 	uint8_t				auth_els_flags;
740 	uint8_t				auth_msg_code;
741 	uint8_t				proto_version;
742 	uint32_t			msg_len;
743 	uint32_t			tran_id;
744 
745 	AUTH_NEGOT_PARAMS_NULL_1	params;
746 
747 } AUTH_MSG_NEGOT_NULL_1, *PAUTH_MSG_NEGOT_NULL_1;
748 
749 typedef struct _AUTH_MSG_NEGOT_NULL_2
750 {
751 	uint8_t				auth_els_code;
752 	uint8_t				auth_els_flags;
753 	uint8_t				auth_msg_code;
754 	uint8_t				proto_version;
755 	uint32_t			msg_len;
756 	uint32_t			tran_id;
757 
758 	AUTH_NEGOT_PARAMS_NULL_2	params;
759 
760 } AUTH_MSG_NEGOT_NULL_2, *PAUTH_MSG_NEGOT_NULL_2;
761 
762 
763 /* auth_els_flags */
764 #define	AUTH_ELS_FLAGS_MASK	0x0f;
765 
766 
767 typedef struct _AUTH_RJT
768 {
769 	uint8_t  auth_els_code;	/* always 0x90h */
770 	uint8_t  auth_els_flags;
771 	uint8_t  auth_msg_code;	/* see above */
772 	uint8_t  proto_version;
773 	uint32_t msg_len;	/* size of msg payload in byte */
774 	uint32_t tran_id;	/* transaction identifier */
775 
776 	uint8_t  ReasonCode;
777 	uint8_t  ReasonCodeExplanation;
778 	uint16_t Reserved;
779 } AUTH_RJT, *PAUTH_RJT;
780 
781 typedef struct _DHCHAP_SUCCESS_HDR
782 {
783 	uint8_t  auth_els_code;	/* always 0x90h */
784 	uint8_t  auth_els_flags;
785 	uint8_t  auth_msg_code;	/* see above */
786 	uint8_t  proto_version;
787 	uint32_t msg_len;	/* size of msg payload in byte */
788 	uint32_t tran_id;	/* transaction identifier */
789 
790 	uint32_t RspVal_len;
791 } DHCHAP_SUCCESS_HDR, *PDHCHAP_SUCCESS_HDR;
792 
793 
794 typedef struct dh_group_st
795 {
796 	unsigned long   groupid;
797 	unsigned long   length;
798 	unsigned char   value[256];
799 } DH_GROUP, *PDH_GROUP;
800 
801 static char *emlxs_local_pwd  = "11223344556677881122334455667788";
802 static char *emlxs_remote_pwd = "aabbccddeeffgghhaabbccddeeffgghh";
803 
804 static uint8_t emlxs_null_wwn[8] =
805 	{0, 0, 0, 0, 0, 0, 0, 0};
806 static uint8_t emlxs_fabric_wwn[8] =
807 	{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
808 
809 #pragma weak random_get_pseudo_bytes
810 
811 
812 #endif	/* DHCHAP_SUPPORT */
813 
814 #ifdef	__cplusplus
815 }
816 #endif
817 
818 #endif	/* _EMLXS_DHCHAP_H */
819