David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1 | /* RxRPC key type |
| 2 | * |
| 3 | * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. |
| 4 | * Written by David Howells (dhowells@redhat.com) |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or |
| 7 | * modify it under the terms of the GNU General Public License |
| 8 | * as published by the Free Software Foundation; either version |
| 9 | * 2 of the License, or (at your option) any later version. |
| 10 | */ |
| 11 | |
| 12 | #ifndef _KEYS_RXRPC_TYPE_H |
| 13 | #define _KEYS_RXRPC_TYPE_H |
| 14 | |
| 15 | #include <linux/key.h> |
| 16 | |
| 17 | /* |
| 18 | * key type for AF_RXRPC keys |
| 19 | */ |
| 20 | extern struct key_type key_type_rxrpc; |
| 21 | |
David Howells | 76181c13 | 2007-10-16 23:29:46 -0700 | [diff] [blame] | 22 | extern struct key *rxrpc_get_null_key(const char *); |
| 23 | |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame] | 24 | /* |
| 25 | * RxRPC key for Kerberos IV (type-2 security) |
| 26 | */ |
| 27 | struct rxkad_key { |
| 28 | u32 vice_id; |
| 29 | u32 start; /* time at which ticket starts */ |
| 30 | u32 expiry; /* time at which ticket expires */ |
| 31 | u32 kvno; /* key version number */ |
| 32 | u8 primary_flag; /* T if key for primary cell for this user */ |
| 33 | u16 ticket_len; /* length of ticket[] */ |
| 34 | u8 session_key[8]; /* DES session key */ |
| 35 | u8 ticket[0]; /* the encrypted ticket */ |
| 36 | }; |
| 37 | |
| 38 | /* |
David Howells | 99455153 | 2009-09-14 01:17:46 +0000 | [diff] [blame] | 39 | * Kerberos 5 principal |
| 40 | * name/name/name@realm |
| 41 | */ |
| 42 | struct krb5_principal { |
| 43 | u8 n_name_parts; /* N of parts of the name part of the principal */ |
| 44 | char **name_parts; /* parts of the name part of the principal */ |
| 45 | char *realm; /* parts of the realm part of the principal */ |
| 46 | }; |
| 47 | |
| 48 | /* |
| 49 | * Kerberos 5 tagged data |
| 50 | */ |
| 51 | struct krb5_tagged_data { |
| 52 | /* for tag value, see /usr/include/krb5/krb5.h |
| 53 | * - KRB5_AUTHDATA_* for auth data |
David Howells | 965475a | 2016-06-14 10:29:44 +0100 | [diff] [blame] | 54 | * - |
David Howells | 99455153 | 2009-09-14 01:17:46 +0000 | [diff] [blame] | 55 | */ |
David Howells | 4e36a95 | 2009-09-16 00:01:13 -0700 | [diff] [blame] | 56 | s32 tag; |
| 57 | u32 data_len; |
David Howells | 99455153 | 2009-09-14 01:17:46 +0000 | [diff] [blame] | 58 | u8 *data; |
| 59 | }; |
| 60 | |
| 61 | /* |
| 62 | * RxRPC key for Kerberos V (type-5 security) |
| 63 | */ |
| 64 | struct rxk5_key { |
David Howells | 4e36a95 | 2009-09-16 00:01:13 -0700 | [diff] [blame] | 65 | u64 authtime; /* time at which auth token generated */ |
| 66 | u64 starttime; /* time at which auth token starts */ |
| 67 | u64 endtime; /* time at which auth token expired */ |
| 68 | u64 renew_till; /* time to which auth token can be renewed */ |
| 69 | s32 is_skey; /* T if ticket is encrypted in another ticket's |
David Howells | 99455153 | 2009-09-14 01:17:46 +0000 | [diff] [blame] | 70 | * skey */ |
David Howells | 4e36a95 | 2009-09-16 00:01:13 -0700 | [diff] [blame] | 71 | s32 flags; /* mask of TKT_FLG_* bits (krb5/krb5.h) */ |
David Howells | 99455153 | 2009-09-14 01:17:46 +0000 | [diff] [blame] | 72 | struct krb5_principal client; /* client principal name */ |
| 73 | struct krb5_principal server; /* server principal name */ |
David Howells | 4e36a95 | 2009-09-16 00:01:13 -0700 | [diff] [blame] | 74 | u16 ticket_len; /* length of ticket */ |
| 75 | u16 ticket2_len; /* length of second ticket */ |
David Howells | 99455153 | 2009-09-14 01:17:46 +0000 | [diff] [blame] | 76 | u8 n_authdata; /* number of authorisation data elements */ |
| 77 | u8 n_addresses; /* number of addresses */ |
| 78 | struct krb5_tagged_data session; /* session data; tag is enctype */ |
| 79 | struct krb5_tagged_data *addresses; /* addresses */ |
| 80 | u8 *ticket; /* krb5 ticket */ |
| 81 | u8 *ticket2; /* second krb5 ticket, if related to ticket (via |
| 82 | * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */ |
| 83 | struct krb5_tagged_data *authdata; /* authorisation data */ |
| 84 | }; |
| 85 | |
| 86 | /* |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame] | 87 | * list of tokens attached to an rxrpc key |
| 88 | */ |
| 89 | struct rxrpc_key_token { |
| 90 | u16 security_index; /* RxRPC header security index */ |
| 91 | struct rxrpc_key_token *next; /* the next token in the list */ |
| 92 | union { |
| 93 | struct rxkad_key *kad; |
David Howells | 99455153 | 2009-09-14 01:17:46 +0000 | [diff] [blame] | 94 | struct rxk5_key *k5; |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame] | 95 | }; |
| 96 | }; |
| 97 | |
| 98 | /* |
| 99 | * structure of raw payloads passed to add_key() or instantiate key |
| 100 | */ |
| 101 | struct rxrpc_key_data_v1 { |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame] | 102 | u16 security_index; |
| 103 | u16 ticket_length; |
| 104 | u32 expiry; /* time_t */ |
| 105 | u32 kvno; |
| 106 | u8 session_key[8]; |
| 107 | u8 ticket[0]; |
| 108 | }; |
| 109 | |
| 110 | /* |
| 111 | * AF_RXRPC key payload derived from XDR format |
| 112 | * - based on openafs-1.4.10/src/auth/afs_token.xg |
| 113 | */ |
| 114 | #define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */ |
David Howells | 99455153 | 2009-09-14 01:17:46 +0000 | [diff] [blame] | 115 | #define AFSTOKEN_STRING_MAX 256 /* max small string length */ |
| 116 | #define AFSTOKEN_DATA_MAX 64 /* max small data length */ |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame] | 117 | #define AFSTOKEN_CELL_MAX 64 /* max cellname length */ |
| 118 | #define AFSTOKEN_MAX 8 /* max tokens per payload */ |
David Howells | 99455153 | 2009-09-14 01:17:46 +0000 | [diff] [blame] | 119 | #define AFSTOKEN_BDATALN_MAX 16384 /* max big data length */ |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame] | 120 | #define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */ |
| 121 | #define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */ |
| 122 | #define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */ |
| 123 | #define AFSTOKEN_K5_COMPONENTS_MAX 16 /* max K5 components */ |
| 124 | #define AFSTOKEN_K5_NAME_MAX 128 /* max K5 name length */ |
| 125 | #define AFSTOKEN_K5_REALM_MAX 64 /* max K5 realm name length */ |
| 126 | #define AFSTOKEN_K5_TIX_MAX 16384 /* max K5 ticket size */ |
| 127 | #define AFSTOKEN_K5_ADDRESSES_MAX 16 /* max K5 addresses */ |
| 128 | #define AFSTOKEN_K5_AUTHDATA_MAX 16 /* max K5 pieces of auth data */ |
| 129 | |
Baolin Wang | 10674a0 | 2017-08-29 10:15:40 +0100 | [diff] [blame] | 130 | /* |
| 131 | * Truncate a time64_t to the range from 1970 to 2106 as in the network |
| 132 | * protocol. |
| 133 | */ |
| 134 | static inline u32 rxrpc_time64_to_u32(time64_t time) |
| 135 | { |
| 136 | if (time < 0) |
| 137 | return 0; |
| 138 | |
| 139 | if (time > UINT_MAX) |
| 140 | return UINT_MAX; |
| 141 | |
| 142 | return (u32)time; |
| 143 | } |
| 144 | |
| 145 | /* |
| 146 | * Extend u32 back to time64_t using the same 1970-2106 range. |
| 147 | */ |
| 148 | static inline time64_t rxrpc_u32_to_time64(u32 time) |
| 149 | { |
| 150 | return (time64_t)time; |
| 151 | } |
| 152 | |
Robert P. J. Day | dd89db1 | 2008-04-21 22:43:55 +0000 | [diff] [blame] | 153 | #endif /* _KEYS_RXRPC_TYPE_H */ |