1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
4 * Modified from NFSv4 project for Lustre
5 * Copyright 2004, Cluster File Systems, Inc.
7 * Author: Eric Mei <ericm@clusterfs.com>
10 #include <linux/lustre_sec.h>
11 #ifndef __SEC_GSS_GSS_INTERNAL_H_
12 #define __SEC_GSS_GSS_INTERNAL_H_
14 /* remove this mess when libkcrypt is ready --umka */
17 * Algorithm masks and types.
19 #define CRYPTO_ALG_TYPE_MASK 0x000000ff
20 #define CRYPTO_ALG_TYPE_CIPHER 0x00000001
21 #define CRYPTO_ALG_TYPE_DIGEST 0x00000002
22 #define CRYPTO_ALG_TYPE_COMPRESS 0x00000004
25 * Transform masks and values (for crt_flags).
27 #define CRYPTO_TFM_MODE_MASK 0x000000ff
28 #define CRYPTO_TFM_REQ_MASK 0x000fff00
29 #define CRYPTO_TFM_RES_MASK 0xfff00000
31 #define CRYPTO_TFM_MODE_ECB 0x00000001
32 #define CRYPTO_TFM_MODE_CBC 0x00000002
33 #define CRYPTO_TFM_MODE_CFB 0x00000004
34 #define CRYPTO_TFM_MODE_CTR 0x00000008
36 #define CRYPTO_TFM_REQ_WEAK_KEY 0x00000100
37 #define CRYPTO_TFM_RES_WEAK_KEY 0x00100000
38 #define CRYPTO_TFM_RES_BAD_KEY_LEN 0x00200000
39 #define CRYPTO_TFM_RES_BAD_KEY_SCHED 0x00400000
40 #define CRYPTO_TFM_RES_BAD_BLOCK_LEN 0x00800000
41 #define CRYPTO_TFM_RES_BAD_FLAGS 0x01000000
44 * Miscellaneous stuff.
46 #define CRYPTO_UNSPEC 0
47 #define CRYPTO_MAX_ALG_NAME 64
56 static inline struct crypto_tfm *
57 crypto_alloc_tfm(const char *name, __u32 flags)
63 crypto_free_tfm(struct crypto_tfm *tfm)
69 crypto_digest_setkey(struct crypto_tfm *tfm,
70 const __u8 *key, unsigned int keylen)
75 static inline unsigned int
76 crypto_tfm_alg_blocksize(struct crypto_tfm *tfm)
81 static inline unsigned int
82 crypto_tfm_alg_ivsize(struct crypto_tfm *tfm)
87 #endif /* __KERNEL__ */
95 typedef struct rawobj_s {
100 typedef struct rawobj_buf_s {
107 int rawobj_alloc(rawobj_t *obj, char *buf, int len);
108 void rawobj_free(rawobj_t *obj);
109 int rawobj_equal(rawobj_t *a, rawobj_t *b);
110 int rawobj_dup(rawobj_t *dest, rawobj_t *src);
111 int rawobj_serialize(rawobj_t *obj, __u32 **buf, __u32 *buflen);
112 int rawobj_extract(rawobj_t *obj, __u32 **buf, __u32 *buflen);
113 int rawobj_extract_local(rawobj_t *obj, __u32 **buf, __u32 *buflen);
116 * mark of the interface between kernel and lgssd/lsvcgssd
118 #define GSSD_INTERFACE_VERSION (1)
121 * target of gss request
123 #define LUSTRE_GSS_SVC_MDS 0
124 #define LUSTRE_GSS_SVC_OSS 1
127 /* on-the-wire gss cred: */
128 struct rpc_gss_wire_cred {
129 __u32 gc_v; /* version */
130 __u32 gc_proc; /* control procedure */
131 __u32 gc_seq; /* sequence number */
132 __u32 gc_svc; /* service */
133 rawobj_t gc_ctx; /* context handle */
136 struct gss_svc_data {
137 /* decoded gss client cred: */
138 struct rpc_gss_wire_cred clcred;
139 /* internal used status */
140 unsigned int is_init:1,
148 * data types in gss header
150 #define MAXSEQ 0x80000000 /* maximum legal sequence number, from rfc 2203 */
153 RPC_GSS_PROC_DATA = 0,
154 RPC_GSS_PROC_INIT = 1,
155 RPC_GSS_PROC_CONTINUE_INIT = 2,
156 RPC_GSS_PROC_DESTROY = 3,
160 RPC_GSS_SVC_NONE = 1,
161 RPC_GSS_SVC_INTEGRITY = 2,
162 RPC_GSS_SVC_PRIVACY = 3,
165 /* on-the-wire gss verifier: */
166 struct rpc_gss_wire_verf {
172 atomic_t gc_refcount;
175 spinlock_t gc_seq_lock;
176 struct gss_ctx *gc_gss_ctx;
177 rawobj_t gc_wire_ctx;
182 struct ptlrpc_cred gc_base;
184 struct gss_cl_ctx *gc_ctx;
188 * This only guaranteed be enough for current krb5 des-cbc-crc . We might
189 * adjust this when new enc type or mech added in.
191 #define GSS_PRIVBUF_PREFIX_LEN (32)
192 #define GSS_PRIVBUF_SUFFIX_LEN (32)
194 /* This is too coarse. We'll let mech determine it */
195 #define GSS_MAX_AUTH_PAYLOAD (128)
197 /* gss_mech_switch.c */
198 int init_kerberos_module(void);
199 void cleanup_kerberos_module(void);
201 /* gss_generic_token.c */
202 int g_token_size(rawobj_t *mech, unsigned int body_size);
203 void g_make_token_header(rawobj_t *mech, int body_size, unsigned char **buf);
204 __u32 g_verify_token_header(rawobj_t *mech, int *body_size,
205 unsigned char **buf_in, int toksize);
208 int gss_svc_init(void);
209 void gss_svc_exit(void);
211 #endif /* __SEC_GSS_GSS_INTERNAL_H_ */