1 /* src/rxgk/rxgk_private.h - Declarations of RXGK-internal routines */
3 * Copyright (C) 2013, 2014 by the Massachusetts Institute of Technology.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * * Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * * Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
21 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
25 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
27 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
29 * OF THE POSSIBILITY OF SUCH DAMAGE.
33 * Prototypes for routines internal to RXGK.
36 #ifndef RXGK_PRIVATE_H
37 #define RXGK_PRIVATE_H
39 /** Statistics about a connection. Bytes and packets sent/received. */
47 /* The packet pseudoheader used for auth and crypt connections. */
51 afs_uint32 callNumber;
55 } __attribute__((packed));
62 * Security Object private data for the server.
64 * Per-connection flags, and a way to get a decryption key for what the client
67 struct rxgk_sprivate {
69 rxgk_getkey_func getkey;
72 * Per-connection security data for the server.
74 * Security level, authentication state, expiration, the current challenge
75 * nonce, status, the connection start time and current key derivation key
76 * number. Cache both the user identity and callback identity presented
77 * in the token, for later use.
82 unsigned char challenge_valid;
84 unsigned char challenge[RXGK_CHALLENGE_NONCE_LEN];
85 struct rxgkStats stats;
87 struct rx_identity *client;
88 afs_uint32 key_number;
97 * Security Object private data for client.
99 * The session key ("token master key"), plust the enctype of the
100 * token and the token itself.
101 * UUIDs for both the client (cache manager) and target server. This is
102 * doable because the token is either a db server (the target has no UUID)
103 * or tied to a particular file server (which does have a UUID).
105 struct rxgk_cprivate {
112 * Per-connection security data for client.
114 * The start time of the connection and connection key number are used
115 * for key derivation, information about the callback key to be presented in
116 * the authenticator for the connection, and the requisite connection
121 afs_uint32 key_number;
122 struct rxgkStats stats;
125 /* rxgk_crypto_IMPL.c (currently rfc3961 is the only IMPL) */
126 ssize_t rxgk_etype_to_len(int etype);
129 afs_int32 rxgk_extract_token(RXGK_Data *tc, RXGK_Token *out,
130 rxgk_getkey_func getkey, void *rock)
131 AFS_NONNULL((1,2,3));
134 afs_int32 rxgk_security_overhead(struct rx_connection *aconn, RXGK_Level level,
136 afs_int32 rxgk_key_number(afs_uint16 wire, afs_uint32 local, afs_uint32 *real);
139 int rxgk_mic_packet(rxgk_key tk, afs_int32 keyusage,
140 struct rx_connection *aconn, struct rx_packet *apacket);
141 int rxgk_enc_packet(rxgk_key tk, afs_int32 keyusage,
142 struct rx_connection *aconn, struct rx_packet *apacket);
143 int rxgk_check_packet(int server, struct rx_connection *aconn,
144 struct rx_packet *apacket, RXGK_Level level,
145 rxgkTime start_time, afs_uint32 *a_kvno, rxgk_key k0);
147 #endif /* RXGK_PRIVATE_H */