2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* Declarations of data structures associated with rxkad security objects. */
12 #ifndef RXKAD_PRIVATE_DATA_H
13 #define RXKAD_PRIVATE_DATA_H
21 afs_uint32 bytesReceived
, bytesSent
, packetsReceived
, packetsSent
;
24 /* Private data structure representing an RX server end point for rxkad.
25 * This structure is encrypted in network byte order and transmitted as
26 * part of a challenge response. It is also used as part of the per-packet
27 * checksum sent on every packet, to ensure that the per-packet checksum
28 * is not used in the context of another end point.
30 * THIS STRUCTURE MUST BE A MULTIPLE OF 8 BYTES LONG SINCE IT IS
33 struct rxkad_endpoint
{
34 afs_int32 cuid
[2]; /* being used for connection routing */
35 afs_uint32 cksum
; /* cksum of challenge response */
36 afs_int32 securityIndex
; /* security index */
39 #define PDATA_SIZE(l) (sizeof(struct rxkad_cprivate) - MAXKTCTICKETLEN + (l))
41 /* private data in client-side security object */
42 /* type and level offsets should match sprivate */
43 struct rxkad_cprivate
{
44 rxkad_type type
; /* always client */
45 rxkad_level level
; /* minimum security level of client */
46 afs_int32 kvno
; /* key version of ticket */
47 afs_int32 ticketLen
; /* length of ticket */
48 fc_KeySchedule keysched
; /* the session key */
49 fc_InitializationVector ivec
; /* initialization vector for cbc */
50 char ticket
[MAXKTCTICKETLEN
]; /* the ticket for the server */
53 /* Per connection client-side info */
55 fc_InitializationVector preSeq
; /* used in computing checksum */
56 struct connStats stats
;
57 char cksumSeen
; /* rx: header.spare is a checksum */
60 /* private data in server-side security object */
61 /* type and level offsets should match cprivate */
62 struct rxkad_sprivate
{
63 rxkad_type type
; /* always server */
64 rxkad_level level
; /* minimum security level of server */
65 void *get_key_rock
; /* rock for get_key function */
66 int (*get_key
) (void *, int,
67 struct ktc_encryptionKey
*);
68 /* func. of kvno and server key ptr */
69 rxkad_get_key_enctype_func get_key_enctype
;
70 int (*user_ok
) (char *, char *,
72 /* func called with new client name */
73 afs_uint32 flags
; /* configuration flags */
76 /* private data in server-side connection */
78 rxkad_level level
; /* security level of connection */
79 char tried
; /* did we ever try to auth this conn */
80 char authenticated
; /* connection is good */
81 char cksumSeen
; /* rx: header.spare is a checksum */
82 afs_uint32 expirationTime
; /* when the ticket expires */
83 afs_int32 challengeID
; /* unique challenge */
84 struct connStats stats
; /* per connection stats */
85 fc_KeySchedule keysched
; /* session key */
86 fc_InitializationVector ivec
; /* initialization vector for cbc */
87 fc_InitializationVector preSeq
; /* used in computing checksum */
88 struct rxkad_serverinfo
*rock
; /* info about client if saved */
91 struct rxkad_serverinfo
{
93 struct ktc_principal client
;
96 #define RXKAD_CHALLENGE_PROTOCOL_VERSION 2
98 /* An old style (any version predating 2) challenge packet */
99 struct rxkad_oldChallenge
{
100 afs_int32 challengeID
;
101 afs_int32 level
; /* minimum security level */
104 /* A version 2 challenge */
105 struct rxkad_v2Challenge
{
107 afs_int32 challengeID
;
112 /* An old challenge response packet */
113 struct rxkad_oldChallengeResponse
{
114 struct { /* encrypted with session key */
115 afs_int32 incChallengeID
;
121 /* <ticketLen> bytes of ticket follow here */
123 /* A version 2 challenge response also includes connection routing (Rx server
124 * end point) and client call number state as well as version and spare fields.
125 * The encrypted part probably doesn't need to start on an 8 byte boundary, but
126 * just in case we put in a spare. */
127 struct rxkad_v2ChallengeResponse
{
130 struct { /* encrypted with session key */
131 struct rxkad_endpoint endpoint
; /* for connection routing */
132 afs_int32 callNumbers
[RX_MAXCALLS
]; /* client call # state */
133 afs_int32 incChallengeID
;
139 /* <ticketLen> bytes of ticket follow here */
141 The above structure requires
142 that(RX_MAXCALLS
== 4).
144 #endif /* RXKAD_PRIVATE_DATA_H */