/* Pull in the protocol description */
#include <rx/rxgk_int.h>
+/* RX-internal headers we depend on. */
+#include <rx/rx_opaque.h>
+#include <rx/rx_identity.h>
+
+/* rxgkTime is defined in rxgk_int.xg. rxgkTime values are unix timestamps, but
+ * in 100-nanosecond units. */
+
+/* Helpers to avoid having to count zeros. */
+static_inline rxgkTime secondsToRxgkTime(afs_uint64 seconds) {
+ return seconds * (rxgkTime)10000000;
+}
+static_inline afs_uint64 rxgkTimeToSeconds(rxgkTime atime) {
+ return (afs_uint64)atime / 10000000;
+}
+
+/** Get the current timestamp as an rxgkTime. */
+static_inline rxgkTime RXGK_NOW(void)
+{
+ struct timeval tv;
+ osi_GetTime(&tv);
+ return secondsToRxgkTime(tv.tv_sec) + (rxgkTime)tv.tv_usec * 10;
+}
+
/* rxgk_key is an opaque type to wrap our RFC3961 implementation's concept
* of a key. It has (at least) the keyblock and length, and enctype. */
-typedef void * rxgk_key;
+typedef struct rxgk_key_s * rxgk_key;
typedef afs_int32 (*rxgk_getkey_func)(void *rock, afs_int32 *kvno,
afs_int32 *enctype, rxgk_key *key);
+
+/* Flags for our rx security stats */
+#define RXGK_STATS_UNALLOC 0x1
+#define RXGK_STATS_AUTH 0x2
+
/* rxgk_server.c */
struct rx_securityClass * rxgk_NewServerSecurityObject(void *getkey_rock,
rxgk_getkey_func getkey);
+afs_int32 rxgk_GetServerInfo(struct rx_connection *conn, RXGK_Level *level,
+ rxgkTime *expiry, struct rx_identity **identity);
+
/* rxgk_client.c */
struct rx_securityClass *rxgk_NewClientSecurityObject(RXGK_Level level,
afs_int32 enctype,
RXGK_Data *token,
afsUUID *uuid);
+/* rxgk_crypto_IMPL.c (currently rfc3961 is the only IMPL) */
+afs_int32 rxgk_make_key(rxgk_key *key_out, void *raw_key, afs_uint32 length,
+ afs_int32 enctype) AFS_NONNULL();
+afs_int32 rxgk_copy_key(rxgk_key key_in, rxgk_key *key_out) AFS_NONNULL();
+afs_int32 rxgk_random_key(afs_int32 *enctype, rxgk_key *key_out) AFS_NONNULL();
+void rxgk_release_key(rxgk_key *key) AFS_NONNULL();
+afs_int32 rxgk_mic_length(rxgk_key key, size_t *out) AFS_NONNULL();
+afs_int32 rxgk_mic_in_key(rxgk_key key, afs_int32 usage, RXGK_Data *in,
+ RXGK_Data *out) AFS_NONNULL();
+afs_int32 rxgk_check_mic_in_key(rxgk_key key, afs_int32 usage, RXGK_Data *in,
+ RXGK_Data *mic) AFS_NONNULL();
+afs_int32 rxgk_encrypt_in_key(rxgk_key key, afs_int32 usage, RXGK_Data *in,
+ RXGK_Data *out) AFS_NONNULL();
+afs_int32 rxgk_decrypt_in_key(rxgk_key key, afs_int32 usage, RXGK_Data *in,
+ RXGK_Data *out) AFS_NONNULL();
+afs_int32 rxgk_derive_tk(rxgk_key *tk, rxgk_key k0, afs_uint32 epoch,
+ afs_uint32 cid, rxgkTime start_time,
+ afs_uint32 key_number) AFS_NONNULL();
+afs_int32 rxgk_cipher_expansion(rxgk_key k0, afs_uint32 *len_out) AFS_NONNULL();
+afs_int32 rxgk_nonce(RXGK_Data *nonce, afs_uint32 len) AFS_NONNULL();
+
+/* rxgk_token.c */
+afs_int32 rxgk_make_token(struct rx_opaque *out, RXGK_TokenInfo *info,
+ struct rx_opaque *k0, PrAuthName *identities,
+ int nids, rxgk_key key, afs_int32 kvno,
+ afs_int32 enctype) AFS_NONNULL((1,2,3,6));
+afs_int32 rxgk_print_token(struct rx_opaque *out, RXGK_TokenInfo *input_info,
+ struct rx_opaque *k0, rxgk_key key, afs_int32 kvno,
+ afs_int32 enctype) AFS_NONNULL();
+afs_int32 rxgk_print_token_and_key(struct rx_opaque *out,
+ RXGK_TokenInfo *input_info, rxgk_key key,
+ afs_int32 kvno, afs_int32 enctype,
+ rxgk_key *k0_out) AFS_NONNULL();
+
#endif /* OPENAFS_RXGK_H */
git://git.openafs.org / openafs.git / blobdiff