123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154 |
- /* RxRPC key type
- *
- * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
- * Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- */
- #ifndef _KEYS_RXRPC_TYPE_H
- #define _KEYS_RXRPC_TYPE_H
- #include <linux/key.h>
- /*
- * key type for AF_RXRPC keys
- */
- extern struct key_type key_type_rxrpc;
- extern struct key *rxrpc_get_null_key(const char *);
- /*
- * RxRPC key for Kerberos IV (type-2 security)
- */
- struct rxkad_key {
- u32 vice_id;
- u32 start; /* time at which ticket starts */
- u32 expiry; /* time at which ticket expires */
- u32 kvno; /* key version number */
- u8 primary_flag; /* T if key for primary cell for this user */
- u16 ticket_len; /* length of ticket[] */
- u8 session_key[8]; /* DES session key */
- u8 ticket[0]; /* the encrypted ticket */
- };
- /*
- * Kerberos 5 principal
- * name/name/name@realm
- */
- struct krb5_principal {
- u8 n_name_parts; /* N of parts of the name part of the principal */
- char **name_parts; /* parts of the name part of the principal */
- char *realm; /* parts of the realm part of the principal */
- };
- /*
- * Kerberos 5 tagged data
- */
- struct krb5_tagged_data {
- /* for tag value, see /usr/include/krb5/krb5.h
- * - KRB5_AUTHDATA_* for auth data
- * -
- */
- s32 tag;
- u32 data_len;
- u8 *data;
- };
- /*
- * RxRPC key for Kerberos V (type-5 security)
- */
- struct rxk5_key {
- u64 authtime; /* time at which auth token generated */
- u64 starttime; /* time at which auth token starts */
- u64 endtime; /* time at which auth token expired */
- u64 renew_till; /* time to which auth token can be renewed */
- s32 is_skey; /* T if ticket is encrypted in another ticket's
- * skey */
- s32 flags; /* mask of TKT_FLG_* bits (krb5/krb5.h) */
- struct krb5_principal client; /* client principal name */
- struct krb5_principal server; /* server principal name */
- u16 ticket_len; /* length of ticket */
- u16 ticket2_len; /* length of second ticket */
- u8 n_authdata; /* number of authorisation data elements */
- u8 n_addresses; /* number of addresses */
- struct krb5_tagged_data session; /* session data; tag is enctype */
- struct krb5_tagged_data *addresses; /* addresses */
- u8 *ticket; /* krb5 ticket */
- u8 *ticket2; /* second krb5 ticket, if related to ticket (via
- * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */
- struct krb5_tagged_data *authdata; /* authorisation data */
- };
- /*
- * list of tokens attached to an rxrpc key
- */
- struct rxrpc_key_token {
- u16 security_index; /* RxRPC header security index */
- struct rxrpc_key_token *next; /* the next token in the list */
- union {
- struct rxkad_key *kad;
- struct rxk5_key *k5;
- };
- };
- /*
- * structure of raw payloads passed to add_key() or instantiate key
- */
- struct rxrpc_key_data_v1 {
- u16 security_index;
- u16 ticket_length;
- u32 expiry; /* time_t */
- u32 kvno;
- u8 session_key[8];
- u8 ticket[0];
- };
- /*
- * AF_RXRPC key payload derived from XDR format
- * - based on openafs-1.4.10/src/auth/afs_token.xg
- */
- #define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */
- #define AFSTOKEN_STRING_MAX 256 /* max small string length */
- #define AFSTOKEN_DATA_MAX 64 /* max small data length */
- #define AFSTOKEN_CELL_MAX 64 /* max cellname length */
- #define AFSTOKEN_MAX 8 /* max tokens per payload */
- #define AFSTOKEN_BDATALN_MAX 16384 /* max big data length */
- #define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */
- #define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */
- #define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */
- #define AFSTOKEN_K5_COMPONENTS_MAX 16 /* max K5 components */
- #define AFSTOKEN_K5_NAME_MAX 128 /* max K5 name length */
- #define AFSTOKEN_K5_REALM_MAX 64 /* max K5 realm name length */
- #define AFSTOKEN_K5_TIX_MAX 16384 /* max K5 ticket size */
- #define AFSTOKEN_K5_ADDRESSES_MAX 16 /* max K5 addresses */
- #define AFSTOKEN_K5_AUTHDATA_MAX 16 /* max K5 pieces of auth data */
- /*
- * Truncate a time64_t to the range from 1970 to 2106 as in the network
- * protocol.
- */
- static inline u32 rxrpc_time64_to_u32(time64_t time)
- {
- if (time < 0)
- return 0;
- if (time > UINT_MAX)
- return UINT_MAX;
- return (u32)time;
- }
- /*
- * Extend u32 back to time64_t using the same 1970-2106 range.
- */
- static inline time64_t rxrpc_u32_to_time64(u32 time)
- {
- return (time64_t)time;
- }
- #endif /* _KEYS_RXRPC_TYPE_H */
|