1/* RxRPC key type
  2 *
  3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
  4 * Written by David Howells (dhowells@redhat.com)
  5 *
  6 * This program is free software; you can redistribute it and/or
  7 * modify it under the terms of the GNU General Public License
  8 * as published by the Free Software Foundation; either version
  9 * 2 of the License, or (at your option) any later version.
 10 */
 11
 12#ifndef _KEYS_RXRPC_TYPE_H
 13#define _KEYS_RXRPC_TYPE_H
 14
 15#include <linux/key.h>
 16
 17/*
 18 * key type for AF_RXRPC keys
 19 */
 20extern struct key_type key_type_rxrpc;
 21
 22extern struct key *rxrpc_get_null_key(const char *);
 23
 24/*
 25 * RxRPC key for Kerberos IV (type-2 security)
 26 */
 27struct rxkad_key {
 28	u32	vice_id;
 29	u32	start;			/* time at which ticket starts */
 30	u32	expiry;			/* time at which ticket expires */
 31	u32	kvno;			/* key version number */
 32	u8	primary_flag;		/* T if key for primary cell for this user */
 33	u16	ticket_len;		/* length of ticket[] */
 34	u8	session_key[8];		/* DES session key */
 35	u8	ticket[0];		/* the encrypted ticket */
 36};
 37
 38/*
 39 * Kerberos 5 principal
 40 *	name/name/name@realm
 41 */
 42struct krb5_principal {
 43	u8	n_name_parts;		/* N of parts of the name part of the principal */
 44	char	**name_parts;		/* parts of the name part of the principal */
 45	char	*realm;			/* parts of the realm part of the principal */
 46};
 47
 48/*
 49 * Kerberos 5 tagged data
 50 */
 51struct krb5_tagged_data {
 52	/* for tag value, see /usr/include/krb5/krb5.h
 53	 * - KRB5_AUTHDATA_* for auth data
 54	 * -
 55	 */
 56	s32		tag;
 57	u32		data_len;
 58	u8		*data;
 59};
 60
 61/*
 62 * RxRPC key for Kerberos V (type-5 security)
 63 */
 64struct rxk5_key {
 65	u64			authtime;	/* time at which auth token generated */
 66	u64			starttime;	/* time at which auth token starts */
 67	u64			endtime;	/* time at which auth token expired */
 68	u64			renew_till;	/* time to which auth token can be renewed */
 69	s32			is_skey;	/* T if ticket is encrypted in another ticket's
 70						 * skey */
 71	s32			flags;		/* mask of TKT_FLG_* bits (krb5/krb5.h) */
 72	struct krb5_principal	client;		/* client principal name */
 73	struct krb5_principal	server;		/* server principal name */
 74	u16			ticket_len;	/* length of ticket */
 75	u16			ticket2_len;	/* length of second ticket */
 76	u8			n_authdata;	/* number of authorisation data elements */
 77	u8			n_addresses;	/* number of addresses */
 78	struct krb5_tagged_data	session;	/* session data; tag is enctype */
 79	struct krb5_tagged_data *addresses;	/* addresses */
 80	u8			*ticket;	/* krb5 ticket */
 81	u8			*ticket2;	/* second krb5 ticket, if related to ticket (via
 82						 * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */
 83	struct krb5_tagged_data *authdata;	/* authorisation data */
 84};
 85
 86/*
 87 * list of tokens attached to an rxrpc key
 88 */
 89struct rxrpc_key_token {
 90	u16	security_index;		/* RxRPC header security index */
 
 91	struct rxrpc_key_token *next;	/* the next token in the list */
 92	union {
 93		struct rxkad_key *kad;
 94		struct rxk5_key *k5;
 95	};
 96};
 97
 98/*
 99 * structure of raw payloads passed to add_key() or instantiate key
100 */
101struct rxrpc_key_data_v1 {
102	u16		security_index;
103	u16		ticket_length;
104	u32		expiry;			/* time_t */
105	u32		kvno;
106	u8		session_key[8];
107	u8		ticket[0];
108};
109
110/*
111 * AF_RXRPC key payload derived from XDR format
112 * - based on openafs-1.4.10/src/auth/afs_token.xg
113 */
114#define AFSTOKEN_LENGTH_MAX		16384	/* max payload size */
115#define AFSTOKEN_STRING_MAX		256	/* max small string length */
116#define AFSTOKEN_DATA_MAX		64	/* max small data length */
117#define AFSTOKEN_CELL_MAX		64	/* max cellname length */
118#define AFSTOKEN_MAX			8	/* max tokens per payload */
119#define AFSTOKEN_BDATALN_MAX		16384	/* max big data length */
120#define AFSTOKEN_RK_TIX_MAX		12000	/* max RxKAD ticket size */
121#define AFSTOKEN_GK_KEY_MAX		64	/* max GSSAPI key size */
122#define AFSTOKEN_GK_TOKEN_MAX		16384	/* max GSSAPI token size */
123#define AFSTOKEN_K5_COMPONENTS_MAX	16	/* max K5 components */
124#define AFSTOKEN_K5_NAME_MAX		128	/* max K5 name length */
125#define AFSTOKEN_K5_REALM_MAX		64	/* max K5 realm name length */
126#define AFSTOKEN_K5_TIX_MAX		16384	/* max K5 ticket size */
127#define AFSTOKEN_K5_ADDRESSES_MAX	16	/* max K5 addresses */
128#define AFSTOKEN_K5_AUTHDATA_MAX	16	/* max K5 pieces of auth data */
129
130/*
131 * Truncate a time64_t to the range from 1970 to 2106 as in the network
132 * protocol.
133 */
134static inline u32 rxrpc_time64_to_u32(time64_t time)
135{
136	if (time < 0)
137		return 0;
138
139	if (time > UINT_MAX)
140		return UINT_MAX;
141
142	return (u32)time;
143}
144
145/*
146 * Extend u32 back to time64_t using the same 1970-2106 range.
147 */
148static inline time64_t rxrpc_u32_to_time64(u32 time)
149{
150	return (time64_t)time;
151}
152
153#endif /* _KEYS_RXRPC_TYPE_H */

 1/* SPDX-License-Identifier: GPL-2.0-or-later */
 2/* RxRPC key type
 3 *
 4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
 5 * Written by David Howells (dhowells@redhat.com)
 
 
 
 
 
 6 */
 7
 8#ifndef _KEYS_RXRPC_TYPE_H
 9#define _KEYS_RXRPC_TYPE_H
10
11#include <linux/key.h>
12
13/*
14 * key type for AF_RXRPC keys
15 */
16extern struct key_type key_type_rxrpc;
17
18extern struct key *rxrpc_get_null_key(const char *);
19
20/*
21 * RxRPC key for Kerberos IV (type-2 security)
22 */
23struct rxkad_key {
24	u32	vice_id;
25	u32	start;			/* time at which ticket starts */
26	u32	expiry;			/* time at which ticket expires */
27	u32	kvno;			/* key version number */
28	u8	primary_flag;		/* T if key for primary cell for this user */
29	u16	ticket_len;		/* length of ticket[] */
30	u8	session_key[8];		/* DES session key */
31	u8	ticket[];		/* the encrypted ticket */
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
32};
33
34/*
35 * list of tokens attached to an rxrpc key
36 */
37struct rxrpc_key_token {
38	u16	security_index;		/* RxRPC header security index */
39	bool	no_leak_key;		/* Don't copy the key to userspace */
40	struct rxrpc_key_token *next;	/* the next token in the list */
41	union {
42		struct rxkad_key *kad;
 
43	};
44};
45
46/*
47 * structure of raw payloads passed to add_key() or instantiate key
48 */
49struct rxrpc_key_data_v1 {
50	u16		security_index;
51	u16		ticket_length;
52	u32		expiry;			/* time_t */
53	u32		kvno;
54	u8		session_key[8];
55	u8		ticket[];
56};
57
58/*
59 * AF_RXRPC key payload derived from XDR format
60 * - based on openafs-1.4.10/src/auth/afs_token.xg
61 */
62#define AFSTOKEN_LENGTH_MAX		16384	/* max payload size */
63#define AFSTOKEN_STRING_MAX		256	/* max small string length */
64#define AFSTOKEN_DATA_MAX		64	/* max small data length */
65#define AFSTOKEN_CELL_MAX		64	/* max cellname length */
66#define AFSTOKEN_MAX			8	/* max tokens per payload */
67#define AFSTOKEN_BDATALN_MAX		16384	/* max big data length */
68#define AFSTOKEN_RK_TIX_MAX		12000	/* max RxKAD ticket size */
69#define AFSTOKEN_GK_KEY_MAX		64	/* max GSSAPI key size */
70#define AFSTOKEN_GK_TOKEN_MAX		16384	/* max GSSAPI token size */
 
 
 
 
 
 
71
72/*
73 * Truncate a time64_t to the range from 1970 to 2106 as in the network
74 * protocol.
75 */
76static inline u32 rxrpc_time64_to_u32(time64_t time)
77{
78	if (time < 0)
79		return 0;
80
81	if (time > UINT_MAX)
82		return UINT_MAX;
83
84	return (u32)time;
85}
86
87/*
88 * Extend u32 back to time64_t using the same 1970-2106 range.
89 */
90static inline time64_t rxrpc_u32_to_time64(u32 time)
91{
92	return (time64_t)time;
93}
94
95#endif /* _KEYS_RXRPC_TYPE_H */