1 /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 /* RxRPC key type 3 * 4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8 #ifndef _KEYS_RXRPC_TYPE_H 9 #define _KEYS_RXRPC_TYPE_H 10 11 #include <linux/key.h> 12 13 /* 14 * key type for AF_RXRPC keys 15 */ 16 extern struct key_type key_type_rxrpc; 17 18 extern struct key *rxrpc_get_null_key(const char *); 19 20 /* 21 * RxRPC key for Kerberos IV (type-2 security) 22 */ 23 struct rxkad_key { 24 u32 vice_id; 25 u32 start; /* time at which ticket starts */ 26 u32 expiry; /* time at which ticket expires */ 27 u32 kvno; /* key version number */ 28 u8 primary_flag; /* T if key for primary cell for this user */ 29 u16 ticket_len; /* length of ticket[] */ 30 u8 session_key[8]; /* DES session key */ 31 u8 ticket[]; /* the encrypted ticket */ 32 }; 33 34 /* 35 * Kerberos 5 principal 36 * name/name/name@realm 37 */ 38 struct krb5_principal { 39 u8 n_name_parts; /* N of parts of the name part of the principal */ 40 char **name_parts; /* parts of the name part of the principal */ 41 char *realm; /* parts of the realm part of the principal */ 42 }; 43 44 /* 45 * Kerberos 5 tagged data 46 */ 47 struct krb5_tagged_data { 48 /* for tag value, see /usr/include/krb5/krb5.h 49 * - KRB5_AUTHDATA_* for auth data 50 * - 51 */ 52 s32 tag; 53 u32 data_len; 54 u8 *data; 55 }; 56 57 /* 58 * RxRPC key for Kerberos V (type-5 security) 59 */ 60 struct rxk5_key { 61 u64 authtime; /* time at which auth token generated */ 62 u64 starttime; /* time at which auth token starts */ 63 u64 endtime; /* time at which auth token expired */ 64 u64 renew_till; /* time to which auth token can be renewed */ 65 s32 is_skey; /* T if ticket is encrypted in another ticket's 66 * skey */ 67 s32 flags; /* mask of TKT_FLG_* bits (krb5/krb5.h) */ 68 struct krb5_principal client; /* client principal name */ 69 struct krb5_principal server; /* server principal name */ 70 u16 ticket_len; /* length of ticket */ 71 u16 ticket2_len; /* length of second ticket */ 72 u8 n_authdata; /* number of authorisation data elements */ 73 u8 n_addresses; /* number of addresses */ 74 struct krb5_tagged_data session; /* session data; tag is enctype */ 75 struct krb5_tagged_data *addresses; /* addresses */ 76 u8 *ticket; /* krb5 ticket */ 77 u8 *ticket2; /* second krb5 ticket, if related to ticket (via 78 * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */ 79 struct krb5_tagged_data *authdata; /* authorisation data */ 80 }; 81 82 /* 83 * list of tokens attached to an rxrpc key 84 */ 85 struct rxrpc_key_token { 86 u16 security_index; /* RxRPC header security index */ 87 struct rxrpc_key_token *next; /* the next token in the list */ 88 union { 89 struct rxkad_key *kad; 90 struct rxk5_key *k5; 91 }; 92 }; 93 94 /* 95 * structure of raw payloads passed to add_key() or instantiate key 96 */ 97 struct rxrpc_key_data_v1 { 98 u16 security_index; 99 u16 ticket_length; 100 u32 expiry; /* time_t */ 101 u32 kvno; 102 u8 session_key[8]; 103 u8 ticket[]; 104 }; 105 106 /* 107 * AF_RXRPC key payload derived from XDR format 108 * - based on openafs-1.4.10/src/auth/afs_token.xg 109 */ 110 #define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */ 111 #define AFSTOKEN_STRING_MAX 256 /* max small string length */ 112 #define AFSTOKEN_DATA_MAX 64 /* max small data length */ 113 #define AFSTOKEN_CELL_MAX 64 /* max cellname length */ 114 #define AFSTOKEN_MAX 8 /* max tokens per payload */ 115 #define AFSTOKEN_BDATALN_MAX 16384 /* max big data length */ 116 #define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */ 117 #define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */ 118 #define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */ 119 #define AFSTOKEN_K5_COMPONENTS_MAX 16 /* max K5 components */ 120 #define AFSTOKEN_K5_NAME_MAX 128 /* max K5 name length */ 121 #define AFSTOKEN_K5_REALM_MAX 64 /* max K5 realm name length */ 122 #define AFSTOKEN_K5_TIX_MAX 16384 /* max K5 ticket size */ 123 #define AFSTOKEN_K5_ADDRESSES_MAX 16 /* max K5 addresses */ 124 #define AFSTOKEN_K5_AUTHDATA_MAX 16 /* max K5 pieces of auth data */ 125 126 /* 127 * Truncate a time64_t to the range from 1970 to 2106 as in the network 128 * protocol. 129 */ rxrpc_time64_to_u32(time64_t time)130static inline u32 rxrpc_time64_to_u32(time64_t time) 131 { 132 if (time < 0) 133 return 0; 134 135 if (time > UINT_MAX) 136 return UINT_MAX; 137 138 return (u32)time; 139 } 140 141 /* 142 * Extend u32 back to time64_t using the same 1970-2106 range. 143 */ rxrpc_u32_to_time64(u32 time)144static inline time64_t rxrpc_u32_to_time64(u32 time) 145 { 146 return (time64_t)time; 147 } 148 149 #endif /* _KEYS_RXRPC_TYPE_H */ 150