a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap/*
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * CDDL HEADER START
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap *
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * The contents of this file are subject to the terms of the
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * Common Development and Distribution License (the "License").
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * You may not use this file except in compliance with the License.
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap *
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * or http://www.opensolaris.org/os/licensing.
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * See the License for the specific language governing permissions
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * and limitations under the License.
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap *
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * When distributing Covered Code, include this CDDL HEADER in each
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * If applicable, add the following below this CDDL HEADER, with the
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * fields enclosed by brackets "[]" replaced with your own identifying
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * information: Portions Copyright [yyyy] [name of copyright owner]
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap *
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * CDDL HEADER END
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap/*
30e7468f8f41aa30ada067b2c1d5d284046514daPeter Dunlap * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * Use is subject to license terms.
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap#ifndef _ISCSIT_AUTHCLIENT_H_
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap#define _ISCSIT_AUTHCLIENT_H_
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap#define ISCSI_AUTH_PASSED 0
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap#define ISCSI_AUTH_FAILED 1
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
30e7468f8f41aa30ada067b2c1d5d284046514daPeter Dunlapenum { iscsitAuthStringMaxLength = 256 };
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapenum { AuthStringMaxLength = 256 };
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapenum { AuthStringBlockMaxLength = 1024 };
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapenum { AuthLargeBinaryMaxLength = 1024 };
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
30e7468f8f41aa30ada067b2c1d5d284046514daPeter Dunlapenum { iscsitAuthChapResponseLength = 16 };
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
30e7468f8f41aa30ada067b2c1d5d284046514daPeter Dunlapenum { iscsitAuthMethodMaxCount = 2 };
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
30e7468f8f41aa30ada067b2c1d5d284046514daPeter Dunlapenum { iscsitAuthChapAlgorithmMd5 = 5 };
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapenum {
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AKT_CHAP_A = 0,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AKT_CHAP_I,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AKT_CHAP_C,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AKT_CHAP_N,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AKT_CHAP_R,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AUTH_KEY_TYPE_MAX
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap};
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlaptypedef union auth_value {
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap uint32_t numeric;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap char *string;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap unsigned char *binary;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap} auth_value_t;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlaptypedef struct auth_key {
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap unsigned char present;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap unsigned int len;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap auth_value_t value;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap} auth_key_t;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlaptypedef struct iscsit_auth_key_block {
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap auth_key_t key[AUTH_KEY_TYPE_MAX];
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap} auth_key_block_t;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlaptypedef struct auth_large_binary {
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap unsigned char largeBinary[AuthLargeBinaryMaxLength];
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap} auth_large_binary_t;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlaptypedef enum {
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AM_CHAP = 1, /* keep 0 as invalid */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AM_KRB5,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AM_SPKM1,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AM_SPKM2,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AM_SRP,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AM_NONE
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap} iscsit_auth_method_t;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlaptypedef enum {
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap /* authentication phase start status */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AP_AM_UNDECIDED = 0,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AP_AM_PROPOSED,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AP_AM_DECIDED,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap /* authentication phase for chap */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AP_CHAP_A_WAITING,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AP_CHAP_A_RCVD,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AP_CHAP_R_WAITING,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AP_CHAP_R_RCVD,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap /* authentication phase for kerberos */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AP_KRB_REQ_WAITING,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AP_KRB_REQ_RCVD,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap /* authentication phase done */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap AP_DONE
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap} iscsit_auth_phase_t;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlaptypedef struct iscsit_auth_client {
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap iscsit_auth_phase_t phase;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap iscsit_auth_method_t negotiatedMethod;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap auth_large_binary_t auth_send_binary_block;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap auth_key_block_t recvKeyBlock;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap auth_key_block_t sendKeyBlock;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap} iscsit_auth_client_t;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapvoid
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapclient_set_numeric_data(auth_key_block_t *keyBlock,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap int key_type,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap uint32_t numeric);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapvoid
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapclient_set_string_data(auth_key_block_t *keyBlock,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap int key_type,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap char *string);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapvoid
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapclient_set_binary_data(auth_key_block_t *keyBlock,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap int key_type,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap unsigned char *binary, unsigned int len);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapvoid
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapclient_get_numeric_data(auth_key_block_t *keyBlock,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap int key_type,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap uint32_t *numeric);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapvoid
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapclient_get_string_data(auth_key_block_t *keyBlock,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap int key_type,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap char **string);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapvoid
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapclient_get_binary_data(auth_key_block_t *keyBlock,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap int key_type,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap unsigned char **binary, unsigned int *len);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapint
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapclient_auth_key_present(auth_key_block_t *keyBlock,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap int key_type);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapvoid
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapclient_compute_chap_resp(uchar_t *resp,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap unsigned int chap_i,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap uint8_t *password, int password_len,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap uchar_t *chap_c, unsigned int challenge_len);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapint
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapclient_verify_chap_resp(char *target_chap_name, char *initiator_chap_name,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap uint8_t *password, int password_len,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap unsigned int chap_i, uchar_t *chap_c, unsigned int challenge_len,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap uchar_t *chap_r, unsigned int resp_len);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapvoid
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapauth_random_set_data(uchar_t *data, unsigned int length);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap#endif /* _ISCSIT_AUTHCLIENT_H_ */