1 /* RxRPC key type 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #ifndef _KEYS_RXRPC_TYPE_H 13 #define _KEYS_RXRPC_TYPE_H 14 15 #include <linux/key.h> 16 17 /* 18 * key type for AF_RXRPC keys 19 */ 20 extern struct key_type key_type_rxrpc; 21 22 extern struct key *rxrpc_get_null_key(const char *); 23 24 /* 25 * RxRPC key for Kerberos IV (type-2 security) 26 */ 27 struct rxkad_key { 28 u32 vice_id; 29 u32 start; /* time at which ticket starts */ 30 u32 expiry; /* time at which ticket expires */ 31 u32 kvno; /* key version number */ 32 u8 primary_flag; /* T if key for primary cell for this user */ 33 u16 ticket_len; /* length of ticket[] */ 34 u8 session_key[8]; /* DES session key */ 35 u8 ticket[0]; /* the encrypted ticket */ 36 }; 37 38 /* 39 * Kerberos 5 principal 40 * name/name/name@realm 41 */ 42 struct krb5_principal { 43 u8 n_name_parts; /* N of parts of the name part of the principal */ 44 char **name_parts; /* parts of the name part of the principal */ 45 char *realm; /* parts of the realm part of the principal */ 46 }; 47 48 /* 49 * Kerberos 5 tagged data 50 */ 51 struct krb5_tagged_data { 52 /* for tag value, see /usr/include/krb5/krb5.h 53 * - KRB5_AUTHDATA_* for auth data 54 * - 55 */ 56 s32 tag; 57 u32 data_len; 58 u8 *data; 59 }; 60 61 /* 62 * RxRPC key for Kerberos V (type-5 security) 63 */ 64 struct rxk5_key { 65 u64 authtime; /* time at which auth token generated */ 66 u64 starttime; /* time at which auth token starts */ 67 u64 endtime; /* time at which auth token expired */ 68 u64 renew_till; /* time to which auth token can be renewed */ 69 s32 is_skey; /* T if ticket is encrypted in another ticket's 70 * skey */ 71 s32 flags; /* mask of TKT_FLG_* bits (krb5/krb5.h) */ 72 struct krb5_principal client; /* client principal name */ 73 struct krb5_principal server; /* server principal name */ 74 u16 ticket_len; /* length of ticket */ 75 u16 ticket2_len; /* length of second ticket */ 76 u8 n_authdata; /* number of authorisation data elements */ 77 u8 n_addresses; /* number of addresses */ 78 struct krb5_tagged_data session; /* session data; tag is enctype */ 79 struct krb5_tagged_data *addresses; /* addresses */ 80 u8 *ticket; /* krb5 ticket */ 81 u8 *ticket2; /* second krb5 ticket, if related to ticket (via 82 * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */ 83 struct krb5_tagged_data *authdata; /* authorisation data */ 84 }; 85 86 /* 87 * list of tokens attached to an rxrpc key 88 */ 89 struct rxrpc_key_token { 90 u16 security_index; /* RxRPC header security index */ 91 struct rxrpc_key_token *next; /* the next token in the list */ 92 union { 93 struct rxkad_key *kad; 94 struct rxk5_key *k5; 95 }; 96 }; 97 98 /* 99 * structure of raw payloads passed to add_key() or instantiate key 100 */ 101 struct rxrpc_key_data_v1 { 102 u16 security_index; 103 u16 ticket_length; 104 u32 expiry; /* time_t */ 105 u32 kvno; 106 u8 session_key[8]; 107 u8 ticket[0]; 108 }; 109 110 /* 111 * AF_RXRPC key payload derived from XDR format 112 * - based on openafs-1.4.10/src/auth/afs_token.xg 113 */ 114 #define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */ 115 #define AFSTOKEN_STRING_MAX 256 /* max small string length */ 116 #define AFSTOKEN_DATA_MAX 64 /* max small data length */ 117 #define AFSTOKEN_CELL_MAX 64 /* max cellname length */ 118 #define AFSTOKEN_MAX 8 /* max tokens per payload */ 119 #define AFSTOKEN_BDATALN_MAX 16384 /* max big data length */ 120 #define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */ 121 #define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */ 122 #define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */ 123 #define AFSTOKEN_K5_COMPONENTS_MAX 16 /* max K5 components */ 124 #define AFSTOKEN_K5_NAME_MAX 128 /* max K5 name length */ 125 #define AFSTOKEN_K5_REALM_MAX 64 /* max K5 realm name length */ 126 #define AFSTOKEN_K5_TIX_MAX 16384 /* max K5 ticket size */ 127 #define AFSTOKEN_K5_ADDRESSES_MAX 16 /* max K5 addresses */ 128 #define AFSTOKEN_K5_AUTHDATA_MAX 16 /* max K5 pieces of auth data */ 129 130 /* 131 * Truncate a time64_t to the range from 1970 to 2106 as in the network 132 * protocol. 133 */ 134 static inline u32 rxrpc_time64_to_u32(time64_t time) 135 { 136 if (time < 0) 137 return 0; 138 139 if (time > UINT_MAX) 140 return UINT_MAX; 141 142 return (u32)time; 143 } 144 145 /* 146 * Extend u32 back to time64_t using the same 1970-2106 range. 147 */ 148 static inline time64_t rxrpc_u32_to_time64(u32 time) 149 { 150 return (time64_t)time; 151 } 152 153 #endif /* _KEYS_RXRPC_TYPE_H */ 154