src/rxkad/private_data.h

   1 /*
   2  * Copyright 2000, International Business Machines Corporation and others.
   3  * All Rights Reserved.
   4  *
   5  * This software has been released under the terms of the IBM Public
   6  * License.  For details, see the LICENSE file in the top-level source
   7  * directory or online at http://www.openafs.org/dl/license10.html
   8  */
   9
  10 /* Declarations of data structures associated with rxkad security objects. */
  11
  12 #ifndef RXKAD_PRIVATE_DATA_H
  13 #define RXKAD_PRIVATE_DATA_H
  14
  15 #include "rxkad.h"
  16
  17
  18 #include "fcrypt.h"
  19
  20 struct connStats {
  21     afs_uint32 bytesReceived, bytesSent, packetsReceived, packetsSent;
  22 };
  23
  24 /* Private data structure representing an RX server end point for rxkad.
  25  * This structure is encrypted in network byte order and transmitted as
  26  * part of a challenge response.  It is also used as part of the per-packet
  27  * checksum sent on every packet, to ensure that the per-packet checksum
  28  * is not used in the context of another end point.
  29  *
  30  * THIS STRUCTURE MUST BE A MULTIPLE OF 8 BYTES LONG SINCE IT IS
  31  * ENCRYPTED IN PLACE!
  32  */
  33 struct rxkad_endpoint {
  34     afs_int32 cuid[2];          /* being used for connection routing */
  35     afs_uint32 cksum;           /* cksum of challenge response */
  36     afs_int32 securityIndex;    /* security index */
  37 };
  38
  39 #define PDATA_SIZE(l) (sizeof(struct rxkad_cprivate) - MAXKTCTICKETLEN + (l))
  40
  41 /* private data in client-side security object */
  42 /* type and level offsets should match sprivate */
  43 struct rxkad_cprivate {
  44     rxkad_type type;            /* always client */
  45     rxkad_level level;          /* minimum security level of client */
  46     afs_int32 kvno;             /* key version of ticket */
  47     afs_int32 ticketLen;        /* length of ticket */
  48     fc_KeySchedule keysched;    /* the session key */
  49     fc_InitializationVector ivec;       /* initialization vector for cbc */
  50     char ticket[MAXKTCTICKETLEN];       /* the ticket for the server */
  51 };
  52
  53 /* Per connection client-side info */
  54 struct rxkad_cconn {
  55     fc_InitializationVector preSeq;     /* used in computing checksum */
  56     struct connStats stats;
  57     char cksumSeen;             /* rx: header.spare is a checksum */
  58 };
  59
  60 /* private data in server-side security object */
  61 /* type and level offsets should match cprivate */
  62 struct rxkad_sprivate {
  63     rxkad_type type;            /* always server */
  64     rxkad_level level;          /* minimum security level of server */
  65     void *get_key_rock;         /* rock for get_key function */
  66     int (*get_key) (void *, int,
  67                     struct ktc_encryptionKey *);
  68                                 /* func. of kvno and server key ptr */
  69     rxkad_get_key_enctype_func get_key_enctype;
  70     int (*user_ok) (char *, char *,
  71                     char *, afs_int32);
  72                                 /* func called with new client name */
  73     afs_uint32 flags;           /* configuration flags */
  74 };
  75
  76 /* private data in server-side connection */
  77 struct rxkad_sconn {
  78     rxkad_level level;          /* security level of connection */
  79     char tried;                 /* did we ever try to auth this conn */
  80     char authenticated;         /* connection is good */
  81     char cksumSeen;             /* rx: header.spare is a checksum */
  82     afs_uint32 expirationTime;  /* when the ticket expires */
  83     afs_int32 challengeID;      /* unique challenge */
  84     struct connStats stats;     /* per connection stats */
  85     fc_KeySchedule keysched;    /* session key */
  86     fc_InitializationVector ivec;       /* initialization vector for cbc */
  87     fc_InitializationVector preSeq;     /* used in computing checksum */
  88     struct rxkad_serverinfo *rock;      /* info about client if saved */
  89 };
  90
  91 struct rxkad_serverinfo {
  92     int kvno;
  93     struct ktc_principal client;
  94 };
  95
  96 #define RXKAD_CHALLENGE_PROTOCOL_VERSION 2
  97
  98 /* An old style (any version predating 2) challenge packet */
  99 struct rxkad_oldChallenge {
 100     afs_int32 challengeID;
 101     afs_int32 level;            /* minimum security level */
 102 };
 103
 104 /* A version 2 challenge */
 105 struct rxkad_v2Challenge {
 106     afs_int32 version;
 107     afs_int32 challengeID;
 108     afs_int32 level;
 109     afs_int32 spare;
 110 };
 111
 112 /* An old challenge response packet */
 113 struct rxkad_oldChallengeResponse {
 114     struct {                    /* encrypted with session key */
 115         afs_int32 incChallengeID;
 116         afs_int32 level;
 117     } encrypted;
 118     afs_int32 kvno;
 119     afs_int32 ticketLen;
 120 };
 121 /*  <ticketLen> bytes of ticket follow here */
 122
 123 /* A version 2 challenge response also includes connection routing (Rx server
 124  * end point) and client call number state as well as version and spare fields.
 125  * The encrypted part probably doesn't need to start on an 8 byte boundary, but
 126  * just in case we put in a spare. */
 127 struct rxkad_v2ChallengeResponse {
 128     afs_int32 version;
 129     afs_int32 spare;
 130     struct {                    /* encrypted with session key */
 131         struct rxkad_endpoint endpoint; /* for connection routing */
 132         afs_int32 callNumbers[RX_MAXCALLS];     /* client call # state */
 133         afs_int32 incChallengeID;
 134         afs_int32 level;
 135     } encrypted;
 136     afs_int32 kvno;
 137     afs_int32 ticketLen;
 138 };
 139 /*  <ticketLen> bytes of ticket follow here */
 140 #if RX_MAXCALLS != 4
 141 The above structure requires
 142 that(RX_MAXCALLS == 4).
 143 #endif
 144 #endif /* RXKAD_PRIVATE_DATA_H */