2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* Declarations of data structures associated with rxkad security objects. */
12 #ifndef RXKAD_PRIVATE_DATA_H
13 #define RXKAD_PRIVATE_DATA_H
21 afs_uint32 bytesReceived, bytesSent, packetsReceived, packetsSent;
24 /* Private data structure representing an RX server end point for rxkad.
25 * This structure is encrypted in network byte order and transmitted as
26 * part of a challenge response. It is also used as part of the per-packet
27 * checksum sent on every packet, to ensure that the per-packet checksum
28 * is not used in the context of another end point.
30 * THIS STRUCTURE MUST BE A MULTIPLE OF 8 BYTES LONG SINCE IT IS
33 struct rxkad_endpoint {
34 afs_int32 cuid[2]; /* being used for connection routing */
35 afs_uint32 cksum; /* cksum of challenge response */
36 afs_int32 securityIndex; /* security index */
39 /* structure used for generating connection IDs; must be encrypted in network
40 * byte order. Also must be a multiple of 8 bytes for encryption to work
44 struct clock time; /* time now */
45 afs_int32 random1; /* some implementation-specific random info */
46 afs_int32 random2; /* more random info */
47 afs_int32 counter; /* a counter */
48 afs_int32 ipAddr; /* or an approximation to it */
51 #define PDATA_SIZE(l) (sizeof(struct rxkad_cprivate) - MAXKTCTICKETLEN + (l))
53 /* private data in client-side security object */
54 /* type and level offsets should match sprivate */
55 struct rxkad_cprivate {
56 rxkad_type type; /* always client */
57 rxkad_level level; /* minimum security level of client */
58 afs_int32 kvno; /* key version of ticket */
59 afs_int32 ticketLen; /* length of ticket */
60 fc_KeySchedule keysched; /* the session key */
61 fc_InitializationVector ivec; /* initialization vector for cbc */
62 char ticket[MAXKTCTICKETLEN]; /* the ticket for the server */
65 /* Per connection client-side info */
67 fc_InitializationVector preSeq; /* used in computing checksum */
68 struct connStats stats;
69 char cksumSeen; /* rx: header.spare is a checksum */
72 /* private data in server-side security object */
73 /* type and level offsets should match cprivate */
74 struct rxkad_sprivate {
75 rxkad_type type; /* always server */
76 rxkad_level level; /* minimum security level of server */
77 void *get_key_rock; /* rock for get_key function */
78 int (*get_key) (void *, int,
79 struct ktc_encryptionKey *);
80 /* func. of kvno and server key ptr */
81 rxkad_get_key_enctype_func get_key_enctype;
82 int (*user_ok) (char *, char *,
84 /* func called with new client name */
85 afs_uint32 flags; /* configuration flags */
88 /* private data in server-side connection */
90 rxkad_level level; /* security level of connection */
91 char tried; /* did we ever try to auth this conn */
92 char authenticated; /* connection is good */
93 char cksumSeen; /* rx: header.spare is a checksum */
94 afs_uint32 expirationTime; /* when the ticket expires */
95 afs_int32 challengeID; /* unique challenge */
96 struct connStats stats; /* per connection stats */
97 fc_KeySchedule keysched; /* session key */
98 fc_InitializationVector ivec; /* initialization vector for cbc */
99 fc_InitializationVector preSeq; /* used in computing checksum */
100 struct rxkad_serverinfo *rock; /* info about client if saved */
103 struct rxkad_serverinfo {
105 struct ktc_principal client;
108 #define RXKAD_CHALLENGE_PROTOCOL_VERSION 2
110 /* An old style (any version predating 2) challenge packet */
111 struct rxkad_oldChallenge {
112 afs_int32 challengeID;
113 afs_int32 level; /* minimum security level */
116 /* A version 2 challenge */
117 struct rxkad_v2Challenge {
119 afs_int32 challengeID;
124 /* An old challenge response packet */
125 struct rxkad_oldChallengeResponse {
126 struct { /* encrypted with session key */
127 afs_int32 incChallengeID;
133 /* <ticketLen> bytes of ticket follow here */
135 /* A version 2 challenge response also includes connection routing (Rx server
136 * end point) and client call number state as well as version and spare fields.
137 * The encrypted part probably doesn't need to start on an 8 byte boundary, but
138 * just in case we put in a spare. */
139 struct rxkad_v2ChallengeResponse {
142 struct { /* encrypted with session key */
143 struct rxkad_endpoint endpoint; /* for connection routing */
144 afs_int32 callNumbers[RX_MAXCALLS]; /* client call # state */
145 afs_int32 incChallengeID;
151 /* <ticketLen> bytes of ticket follow here */
153 The above structure requires
154 that(RX_MAXCALLS == 4).
156 #endif /* RXKAD_PRIVATE_DATA_H */