include/sys/iscsi_authclient.h

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2000 by Cisco Systems, Inc.  All rights reserved.
  23  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
  24  */
  25
  26 #ifndef _ISCSI_AUTHCLIENT_H
  27 #define _ISCSI_AUTHCLIENT_H
  28
  29
  30 /*
  31  * This file is the include file for for iscsiAuthClient.c
  32  */
  33
  34 #ifdef __cplusplus
  35 extern "C" {
  36 #endif
  37
  38 enum { iscsiAuthStringMaxLength = 512 };
  39 enum { iscsiAuthStringBlockMaxLength = 1024 };
  40 enum { iscsiAuthLargeBinaryMaxLength = 1024 };
  41
  42 enum { iscsiAuthRecvEndMaxCount = 10 };
  43
  44 enum { iscsiAuthClientSignature = 0x5984B2E3 };
  45
  46 enum { iscsiAuthChapResponseLength = 16 };
  47
  48 /*
  49  * Note: The ordering of these values are chosen to match
  50  *       the ordering of the keys as shown in the iSCSI spec.
  51  *       The table IscsiAuthClientKeyInfo in iscsiAuthClient.c
  52  *       must also match this order.
  53  */
  54 enum iscsiAuthKeyType_t {
  55         iscsiAuthKeyTypeNone = -1,
  56         iscsiAuthKeyTypeFirst = 0,
  57         iscsiAuthKeyTypeAuthMethod = iscsiAuthKeyTypeFirst,
  58         iscsiAuthKeyTypeChapAlgorithm,
  59         iscsiAuthKeyTypeChapUsername,
  60         iscsiAuthKeyTypeChapResponse,
  61         iscsiAuthKeyTypeChapIdentifier,
  62         iscsiAuthKeyTypeChapChallenge,
  63         iscsiAuthKeyTypeMaxCount,
  64         iscsiAuthKeyTypeLast = iscsiAuthKeyTypeMaxCount - 1
  65 };
  66 typedef enum iscsiAuthKeyType_t IscsiAuthKeyType;
  67
  68 enum {
  69         /*
  70          * Common options for all keys.
  71          */
  72         iscsiAuthOptionReject = -2,
  73         iscsiAuthOptionNotPresent = -1,
  74         iscsiAuthOptionNone = 1,
  75
  76         iscsiAuthMethodChap = 2,
  77         iscsiAuthMethodMaxCount = 2,
  78
  79         iscsiAuthChapAlgorithmMd5 = 5,
  80         iscsiAuthChapAlgorithmMaxCount = 2
  81 };
  82
  83 enum iscsiAuthNegRole_t {
  84         iscsiAuthNegRoleOriginator = 1,
  85         iscsiAuthNegRoleResponder = 2
  86 };
  87 typedef enum iscsiAuthNegRole_t IscsiAuthNegRole;
  88
  89 /*
  90  * Note: These values are chosen to map to the values sent
  91  *       in the iSCSI header.
  92  */
  93 enum iscsiAuthVersion_t {
  94         iscsiAuthVersionDraft8 = 2,
  95         iscsiAuthVersionRfc = 0
  96 };
  97 typedef enum iscsiAuthVersion_t IscsiAuthVersion;
  98
  99 enum iscsiAuthStatus_t {
 100         iscsiAuthStatusNoError = 0,
 101         iscsiAuthStatusError,
 102         iscsiAuthStatusPass,
 103         iscsiAuthStatusFail,
 104         iscsiAuthStatusContinue,
 105         iscsiAuthStatusInProgress
 106 };
 107 typedef enum iscsiAuthStatus_t IscsiAuthStatus;
 108
 109 enum iscsiAuthDebugStatus_t {
 110         iscsiAuthDebugStatusNotSet = 0,
 111
 112         iscsiAuthDebugStatusAuthPass,
 113         iscsiAuthDebugStatusAuthRemoteFalse,
 114
 115         iscsiAuthDebugStatusAuthFail,
 116
 117         iscsiAuthDebugStatusAuthMethodBad,
 118         iscsiAuthDebugStatusChapAlgorithmBad,
 119         iscsiAuthDebugStatusPasswordDecryptFailed,
 120         iscsiAuthDebugStatusPasswordTooShortWithNoIpSec,
 121         iscsiAuthDebugStatusAuthServerError,
 122         iscsiAuthDebugStatusAuthStatusBad,
 123         iscsiAuthDebugStatusAuthPassNotValid,
 124         iscsiAuthDebugStatusSendDuplicateSetKeyValue,
 125         iscsiAuthDebugStatusSendStringTooLong,
 126         iscsiAuthDebugStatusSendTooMuchData,
 127
 128         iscsiAuthDebugStatusAuthMethodExpected,
 129         iscsiAuthDebugStatusChapAlgorithmExpected,
 130         iscsiAuthDebugStatusChapIdentifierExpected,
 131         iscsiAuthDebugStatusChapChallengeExpected,
 132         iscsiAuthDebugStatusChapResponseExpected,
 133         iscsiAuthDebugStatusChapUsernameExpected,
 134
 135         iscsiAuthDebugStatusAuthMethodNotPresent,
 136         iscsiAuthDebugStatusAuthMethodReject,
 137         iscsiAuthDebugStatusAuthMethodNone,
 138         iscsiAuthDebugStatusChapAlgorithmReject,
 139         iscsiAuthDebugStatusChapChallengeReflected,
 140         iscsiAuthDebugStatusPasswordIdentical,
 141
 142         iscsiAuthDebugStatusLocalPasswordNotSet,
 143
 144         iscsiAuthDebugStatusChapIdentifierBad,
 145         iscsiAuthDebugStatusChapChallengeBad,
 146         iscsiAuthDebugStatusChapResponseBad,
 147         iscsiAuthDebugStatusUnexpectedKeyPresent,
 148         iscsiAuthDebugStatusTbitSetIllegal,
 149         iscsiAuthDebugStatusTbitSetPremature,
 150
 151         iscsiAuthDebugStatusRecvMessageCountLimit,
 152         iscsiAuthDebugStatusRecvDuplicateSetKeyValue,
 153         iscsiAuthDebugStatusRecvStringTooLong,
 154         iscsiAuthDebugStatusRecvTooMuchData
 155 };
 156 typedef enum iscsiAuthDebugStatus_t IscsiAuthDebugStatus;
 157
 158 enum iscsiAuthNodeType_t {
 159         iscsiAuthNodeTypeInitiator = 1,
 160         iscsiAuthNodeTypeTarget = 2
 161 };
 162 typedef enum iscsiAuthNodeType_t IscsiAuthNodeType;
 163
 164 enum iscsiAuthPhase_t {
 165         iscsiAuthPhaseConfigure = 1,
 166         iscsiAuthPhaseNegotiate,                /* Negotiating */
 167         iscsiAuthPhaseAuthenticate,             /* Authenticating */
 168         iscsiAuthPhaseDone,                     /* Authentication done */
 169         iscsiAuthPhaseError
 170 };
 171 typedef enum iscsiAuthPhase_t IscsiAuthPhase;
 172
 173 enum iscsiAuthLocalState_t {
 174         iscsiAuthLocalStateSendAlgorithm = 1,
 175         iscsiAuthLocalStateRecvAlgorithm,
 176         iscsiAuthLocalStateRecvChallenge,
 177         iscsiAuthLocalStateDone,
 178         iscsiAuthLocalStateError
 179 };
 180 typedef enum iscsiAuthLocalState_t IscsiAuthLocalState;
 181
 182 enum iscsiAuthRemoteState_t {
 183         iscsiAuthRemoteStateSendAlgorithm = 1,
 184         iscsiAuthRemoteStateSendChallenge,
 185         iscsiAuthRemoteStateRecvResponse,
 186         iscsiAuthRemoteStateAuthRequest,
 187         iscsiAuthRemoteStateDone,
 188         iscsiAuthRemoteStateError
 189 };
 190 typedef enum iscsiAuthRemoteState_t IscsiAuthRemoteState;
 191
 192
 193 typedef void IscsiAuthClientCallback(void *, void *, int);
 194
 195
 196 struct iscsiAuthClientGlobalStats_t {
 197         unsigned long requestSent;
 198         unsigned long responseReceived;
 199 };
 200 typedef struct iscsiAuthClientGlobalStats_t IscsiAuthClientGlobalStats;
 201
 202 struct iscsiAuthBufferDesc_t {
 203         unsigned int length;
 204         void *address;
 205 };
 206 typedef struct iscsiAuthBufferDesc_t IscsiAuthBufferDesc;
 207
 208 struct iscsiAuthKey_t {
 209         unsigned int present:1;
 210         unsigned int processed:1;
 211         unsigned int valueSet:1;        /* 1 if the value is set to be valid */
 212         char *string;
 213 };
 214 typedef struct iscsiAuthKey_t IscsiAuthKey;
 215
 216 struct iscsiAuthLargeBinaryKey_t {
 217         unsigned int length;
 218         unsigned char *largeBinary;
 219         };
 220 typedef struct iscsiAuthLargeBinaryKey_t IscsiAuthLargeBinaryKey;
 221
 222 struct iscsiAuthKeyBlock_t {
 223         unsigned int transitBit:1;      /* To transit: TRUE or FALSE */
 224         unsigned int duplicateSet:1;    /* Set the value more than once */
 225         unsigned int stringTooLong:1;   /* Key value too long */
 226         unsigned int tooMuchData:1;     /* The keypair data blk overflows */
 227         unsigned int blockLength:16;    /* The length of the keypair data blk */
 228         char *stringBlock;
 229         IscsiAuthKey key[iscsiAuthKeyTypeMaxCount];
 230 };
 231 typedef struct iscsiAuthKeyBlock_t IscsiAuthKeyBlock;
 232
 233 struct iscsiAuthStringBlock_t {
 234         char stringBlock[iscsiAuthStringBlockMaxLength];
 235 };
 236 typedef struct iscsiAuthStringBlock_t IscsiAuthStringBlock;
 237
 238 struct iscsiAuthLargeBinary_t {
 239         unsigned char largeBinary[iscsiAuthLargeBinaryMaxLength];
 240 };
 241 typedef struct iscsiAuthLargeBinary_t IscsiAuthLargeBinary;
 242
 243 struct iscsiAuthClient_t {
 244         unsigned long signature;
 245
 246         void *glueHandle;
 247         struct iscsiAuthClient_t *next;
 248         unsigned int authRequestId;
 249
 250         IscsiAuthNodeType nodeType;
 251         unsigned int authMethodCount;
 252         int authMethodList[iscsiAuthMethodMaxCount];
 253         IscsiAuthNegRole authMethodNegRole;
 254         unsigned int chapAlgorithmCount;
 255         int chapAlgorithmList[iscsiAuthChapAlgorithmMaxCount];
 256
 257         /*
 258          * To indicate if remote authentication is enabled (0 = no 1 = yes)
 259          * For the case of initiator, remote authentication enabled means
 260          * enabling target authentication.
 261          */
 262         int authRemote;
 263
 264         char username[iscsiAuthStringMaxLength];
 265         int passwordPresent;
 266         unsigned int passwordLength;
 267         unsigned char passwordData[iscsiAuthStringMaxLength];
 268         char methodListName[iscsiAuthStringMaxLength];
 269         IscsiAuthVersion version;
 270         unsigned int chapChallengeLength;
 271         int ipSec;
 272         int base64;
 273
 274         unsigned int authMethodValidCount;
 275         int authMethodValidList[iscsiAuthMethodMaxCount];
 276         int authMethodValidNegRole;
 277         const char *rejectOptionName;
 278         const char *noneOptionName;
 279
 280         int recvInProgressFlag;
 281         int recvEndCount;
 282         IscsiAuthClientCallback *callback;
 283         void *userHandle;
 284         void *messageHandle;
 285
 286         IscsiAuthPhase phase;
 287         IscsiAuthLocalState localState;
 288         IscsiAuthRemoteState remoteState;
 289         IscsiAuthStatus remoteAuthStatus;
 290         IscsiAuthDebugStatus debugStatus;
 291         int negotiatedAuthMethod;
 292         int negotiatedChapAlgorithm;
 293         int authResponseFlag;
 294         int authServerErrorFlag;
 295         int transitBitSentFlag;
 296
 297         unsigned int sendChapIdentifier;
 298         IscsiAuthLargeBinaryKey sendChapChallenge;
 299         char chapUsername[iscsiAuthStringMaxLength];
 300
 301         int recvChapChallengeStatus;
 302         IscsiAuthLargeBinaryKey recvChapChallenge;
 303
 304         char scratchKeyValue[iscsiAuthStringMaxLength];
 305
 306         IscsiAuthKeyBlock recvKeyBlock;         /* Received keypair data */
 307         IscsiAuthKeyBlock sendKeyBlock;         /* Keypair data to be sent */
 308 };
 309 typedef struct iscsiAuthClient_t IscsiAuthClient;
 310
 311
 312 #ifdef __cplusplus
 313 }
 314 #endif
 315 #include <sys/iscsi_authclientglue.h>
 316 #ifdef __cplusplus
 317 extern "C" {
 318 #endif
 319
 320
 321 extern IscsiAuthClientGlobalStats iscsiAuthClientGlobalStats;
 322
 323
 324 extern int iscsiAuthClientInit(int, int, IscsiAuthBufferDesc *);
 325 extern int iscsiAuthClientFinish(IscsiAuthClient *);
 326
 327 extern int iscsiAuthClientRecvBegin(IscsiAuthClient *);
 328 extern int iscsiAuthClientRecvEnd(IscsiAuthClient *,
 329     IscsiAuthClientCallback *, void *, void *);
 330
 331 extern const char *iscsiAuthClientGetKeyName(int);
 332 extern int iscsiAuthClientGetNextKeyType(int *);
 333 extern int iscsiAuthClientKeyNameToKeyType(const char *);
 334 extern int iscsiAuthClientRecvKeyValue(IscsiAuthClient *, int, const char *);
 335 extern int iscsiAuthClientSendKeyValue(IscsiAuthClient *, int, int *, char *,
 336     unsigned int);
 337 extern int iscsiAuthClientRecvTransitBit(IscsiAuthClient *, int);
 338 extern int iscsiAuthClientSendTransitBit(IscsiAuthClient *, int *);
 339
 340 extern int iscsiAuthClientSetAuthMethodList(IscsiAuthClient *, unsigned int,
 341     const int *);
 342 extern int iscsiAuthClientSetAuthMethodNegRole(IscsiAuthClient *, int);
 343 extern int iscsiAuthClientSetChapAlgorithmList(IscsiAuthClient *, unsigned int,
 344     const int *);
 345 extern int iscsiAuthClientSetUsername(IscsiAuthClient *, const char *);
 346 extern int iscsiAuthClientSetPassword(IscsiAuthClient *, const unsigned char *,
 347     unsigned int);
 348 extern int iscsiAuthClientSetAuthRemote(IscsiAuthClient *, int);
 349 extern int iscsiAuthClientSetGlueHandle(IscsiAuthClient *, void *);
 350 extern int iscsiAuthClientSetMethodListName(IscsiAuthClient *, const char *);
 351 extern int iscsiAuthClientSetIpSec(IscsiAuthClient *, int);
 352 extern int iscsiAuthClientSetBase64(IscsiAuthClient *, int);
 353 extern int iscsiAuthClientSetChapChallengeLength(IscsiAuthClient *,
 354     unsigned int);
 355 extern int iscsiAuthClientSetVersion(IscsiAuthClient *, int);
 356 extern int iscsiAuthClientCheckPasswordNeeded(IscsiAuthClient *, int *);
 357
 358 extern int iscsiAuthClientGetAuthPhase(IscsiAuthClient *, int *);
 359 extern int iscsiAuthClientGetAuthStatus(IscsiAuthClient *, int *);
 360 extern int iscsiAuthClientAuthStatusPass(int);
 361 extern int iscsiAuthClientGetAuthMethod(IscsiAuthClient *, int *);
 362 extern int iscsiAuthClientGetChapAlgorithm(IscsiAuthClient *, int *);
 363 extern int iscsiAuthClientGetChapUsername(IscsiAuthClient *, char *,
 364     unsigned int);
 365
 366 extern int iscsiAuthClientSendStatusCode(IscsiAuthClient *, int *);
 367 extern int iscsiAuthClientGetDebugStatus(IscsiAuthClient *, int *);
 368 extern const char *iscsiAuthClientDebugStatusToText(int);
 369
 370 /*
 371  * The following is called by platform dependent code.
 372  */
 373 extern void iscsiAuthClientAuthResponse(IscsiAuthClient *, int);
 374
 375 /*
 376  * The following routines are considered platform dependent,
 377  * and need to be implemented for use by iscsiAuthClient.c.
 378  */
 379
 380 extern int iscsiAuthClientChapAuthRequest(IscsiAuthClient *, char *,
 381     unsigned int,
 382     unsigned char *, unsigned int, unsigned char *, unsigned int);
 383 extern void iscsiAuthClientChapAuthCancel(IscsiAuthClient *);
 384
 385 extern int iscsiAuthClientTextToNumber(const char *, unsigned long *);
 386 extern void iscsiAuthClientNumberToText(unsigned long, char *, unsigned int);
 387
 388 extern void iscsiAuthRandomSetData(unsigned char *, unsigned int);
 389 extern void iscsiAuthMd5Init(IscsiAuthMd5Context *);
 390 extern void iscsiAuthMd5Update(IscsiAuthMd5Context *, unsigned char *,
 391     unsigned int);
 392 extern void iscsiAuthMd5Final(unsigned char *, IscsiAuthMd5Context *);
 393
 394 extern int iscsiAuthClientData(unsigned char *, unsigned int *, unsigned char *,
 395     unsigned int);
 396
 397 #ifdef __cplusplus
 398 }
 399 #endif
 400
 401 #endif  /* _ISCSI_AUTHCLIENT_H */