rxrpc-type.h 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154
  1. /* RxRPC key type
  2. *
  3. * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
  4. * Written by David Howells (dhowells@redhat.com)
  5. *
  6. * This program is free software; you can redistribute it and/or
  7. * modify it under the terms of the GNU General Public License
  8. * as published by the Free Software Foundation; either version
  9. * 2 of the License, or (at your option) any later version.
  10. */
  11. #ifndef _KEYS_RXRPC_TYPE_H
  12. #define _KEYS_RXRPC_TYPE_H
  13. #include <linux/key.h>
  14. /*
  15. * key type for AF_RXRPC keys
  16. */
  17. extern struct key_type key_type_rxrpc;
  18. extern struct key *rxrpc_get_null_key(const char *);
  19. /*
  20. * RxRPC key for Kerberos IV (type-2 security)
  21. */
  22. struct rxkad_key {
  23. u32 vice_id;
  24. u32 start; /* time at which ticket starts */
  25. u32 expiry; /* time at which ticket expires */
  26. u32 kvno; /* key version number */
  27. u8 primary_flag; /* T if key for primary cell for this user */
  28. u16 ticket_len; /* length of ticket[] */
  29. u8 session_key[8]; /* DES session key */
  30. u8 ticket[0]; /* the encrypted ticket */
  31. };
  32. /*
  33. * Kerberos 5 principal
  34. * name/name/name@realm
  35. */
  36. struct krb5_principal {
  37. u8 n_name_parts; /* N of parts of the name part of the principal */
  38. char **name_parts; /* parts of the name part of the principal */
  39. char *realm; /* parts of the realm part of the principal */
  40. };
  41. /*
  42. * Kerberos 5 tagged data
  43. */
  44. struct krb5_tagged_data {
  45. /* for tag value, see /usr/include/krb5/krb5.h
  46. * - KRB5_AUTHDATA_* for auth data
  47. * -
  48. */
  49. s32 tag;
  50. u32 data_len;
  51. u8 *data;
  52. };
  53. /*
  54. * RxRPC key for Kerberos V (type-5 security)
  55. */
  56. struct rxk5_key {
  57. u64 authtime; /* time at which auth token generated */
  58. u64 starttime; /* time at which auth token starts */
  59. u64 endtime; /* time at which auth token expired */
  60. u64 renew_till; /* time to which auth token can be renewed */
  61. s32 is_skey; /* T if ticket is encrypted in another ticket's
  62. * skey */
  63. s32 flags; /* mask of TKT_FLG_* bits (krb5/krb5.h) */
  64. struct krb5_principal client; /* client principal name */
  65. struct krb5_principal server; /* server principal name */
  66. u16 ticket_len; /* length of ticket */
  67. u16 ticket2_len; /* length of second ticket */
  68. u8 n_authdata; /* number of authorisation data elements */
  69. u8 n_addresses; /* number of addresses */
  70. struct krb5_tagged_data session; /* session data; tag is enctype */
  71. struct krb5_tagged_data *addresses; /* addresses */
  72. u8 *ticket; /* krb5 ticket */
  73. u8 *ticket2; /* second krb5 ticket, if related to ticket (via
  74. * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */
  75. struct krb5_tagged_data *authdata; /* authorisation data */
  76. };
  77. /*
  78. * list of tokens attached to an rxrpc key
  79. */
  80. struct rxrpc_key_token {
  81. u16 security_index; /* RxRPC header security index */
  82. struct rxrpc_key_token *next; /* the next token in the list */
  83. union {
  84. struct rxkad_key *kad;
  85. struct rxk5_key *k5;
  86. };
  87. };
  88. /*
  89. * structure of raw payloads passed to add_key() or instantiate key
  90. */
  91. struct rxrpc_key_data_v1 {
  92. u16 security_index;
  93. u16 ticket_length;
  94. u32 expiry; /* time_t */
  95. u32 kvno;
  96. u8 session_key[8];
  97. u8 ticket[0];
  98. };
  99. /*
  100. * AF_RXRPC key payload derived from XDR format
  101. * - based on openafs-1.4.10/src/auth/afs_token.xg
  102. */
  103. #define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */
  104. #define AFSTOKEN_STRING_MAX 256 /* max small string length */
  105. #define AFSTOKEN_DATA_MAX 64 /* max small data length */
  106. #define AFSTOKEN_CELL_MAX 64 /* max cellname length */
  107. #define AFSTOKEN_MAX 8 /* max tokens per payload */
  108. #define AFSTOKEN_BDATALN_MAX 16384 /* max big data length */
  109. #define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */
  110. #define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */
  111. #define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */
  112. #define AFSTOKEN_K5_COMPONENTS_MAX 16 /* max K5 components */
  113. #define AFSTOKEN_K5_NAME_MAX 128 /* max K5 name length */
  114. #define AFSTOKEN_K5_REALM_MAX 64 /* max K5 realm name length */
  115. #define AFSTOKEN_K5_TIX_MAX 16384 /* max K5 ticket size */
  116. #define AFSTOKEN_K5_ADDRESSES_MAX 16 /* max K5 addresses */
  117. #define AFSTOKEN_K5_AUTHDATA_MAX 16 /* max K5 pieces of auth data */
  118. /*
  119. * Truncate a time64_t to the range from 1970 to 2106 as in the network
  120. * protocol.
  121. */
  122. static inline u32 rxrpc_time64_to_u32(time64_t time)
  123. {
  124. if (time < 0)
  125. return 0;
  126. if (time > UINT_MAX)
  127. return UINT_MAX;
  128. return (u32)time;
  129. }
  130. /*
  131. * Extend u32 back to time64_t using the same 1970-2106 range.
  132. */
  133. static inline time64_t rxrpc_u32_to_time64(u32 time)
  134. {
  135. return (time64_t)time;
  136. }
  137. #endif /* _KEYS_RXRPC_TYPE_H */