Commit | Line | Data |
---|---|---|
17926a79 DH |
1 | /* RxRPC key type |
2 | * | |
3 | * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. | |
4 | * Written by David Howells (dhowells@redhat.com) | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public License | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the License, or (at your option) any later version. | |
10 | */ | |
11 | ||
12 | #ifndef _KEYS_RXRPC_TYPE_H | |
13 | #define _KEYS_RXRPC_TYPE_H | |
14 | ||
15 | #include <linux/key.h> | |
16 | ||
17 | /* | |
18 | * key type for AF_RXRPC keys | |
19 | */ | |
20 | extern struct key_type key_type_rxrpc; | |
21 | ||
76181c13 DH |
22 | extern struct key *rxrpc_get_null_key(const char *); |
23 | ||
33941284 DH |
24 | /* |
25 | * RxRPC key for Kerberos IV (type-2 security) | |
26 | */ | |
27 | struct rxkad_key { | |
28 | u32 vice_id; | |
29 | u32 start; /* time at which ticket starts */ | |
30 | u32 expiry; /* time at which ticket expires */ | |
31 | u32 kvno; /* key version number */ | |
32 | u8 primary_flag; /* T if key for primary cell for this user */ | |
33 | u16 ticket_len; /* length of ticket[] */ | |
34 | u8 session_key[8]; /* DES session key */ | |
35 | u8 ticket[0]; /* the encrypted ticket */ | |
36 | }; | |
37 | ||
99455153 DH |
38 | /* |
39 | * Kerberos 5 principal | |
40 | * name/name/name@realm | |
41 | */ | |
42 | struct krb5_principal { | |
43 | u8 n_name_parts; /* N of parts of the name part of the principal */ | |
44 | char **name_parts; /* parts of the name part of the principal */ | |
45 | char *realm; /* parts of the realm part of the principal */ | |
46 | }; | |
47 | ||
48 | /* | |
49 | * Kerberos 5 tagged data | |
50 | */ | |
51 | struct krb5_tagged_data { | |
52 | /* for tag value, see /usr/include/krb5/krb5.h | |
53 | * - KRB5_AUTHDATA_* for auth data | |
54 | * - | |
55 | */ | |
4e36a95e DH |
56 | s32 tag; |
57 | u32 data_len; | |
99455153 DH |
58 | u8 *data; |
59 | }; | |
60 | ||
61 | /* | |
62 | * RxRPC key for Kerberos V (type-5 security) | |
63 | */ | |
64 | struct rxk5_key { | |
4e36a95e DH |
65 | u64 authtime; /* time at which auth token generated */ |
66 | u64 starttime; /* time at which auth token starts */ | |
67 | u64 endtime; /* time at which auth token expired */ | |
68 | u64 renew_till; /* time to which auth token can be renewed */ | |
69 | s32 is_skey; /* T if ticket is encrypted in another ticket's | |
99455153 | 70 | * skey */ |
4e36a95e | 71 | s32 flags; /* mask of TKT_FLG_* bits (krb5/krb5.h) */ |
99455153 DH |
72 | struct krb5_principal client; /* client principal name */ |
73 | struct krb5_principal server; /* server principal name */ | |
4e36a95e DH |
74 | u16 ticket_len; /* length of ticket */ |
75 | u16 ticket2_len; /* length of second ticket */ | |
99455153 DH |
76 | u8 n_authdata; /* number of authorisation data elements */ |
77 | u8 n_addresses; /* number of addresses */ | |
78 | struct krb5_tagged_data session; /* session data; tag is enctype */ | |
79 | struct krb5_tagged_data *addresses; /* addresses */ | |
80 | u8 *ticket; /* krb5 ticket */ | |
81 | u8 *ticket2; /* second krb5 ticket, if related to ticket (via | |
82 | * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */ | |
83 | struct krb5_tagged_data *authdata; /* authorisation data */ | |
84 | }; | |
85 | ||
33941284 DH |
86 | /* |
87 | * list of tokens attached to an rxrpc key | |
88 | */ | |
89 | struct rxrpc_key_token { | |
90 | u16 security_index; /* RxRPC header security index */ | |
91 | struct rxrpc_key_token *next; /* the next token in the list */ | |
92 | union { | |
93 | struct rxkad_key *kad; | |
99455153 | 94 | struct rxk5_key *k5; |
33941284 DH |
95 | }; |
96 | }; | |
97 | ||
98 | /* | |
99 | * structure of raw payloads passed to add_key() or instantiate key | |
100 | */ | |
101 | struct rxrpc_key_data_v1 { | |
33941284 DH |
102 | u16 security_index; |
103 | u16 ticket_length; | |
104 | u32 expiry; /* time_t */ | |
105 | u32 kvno; | |
106 | u8 session_key[8]; | |
107 | u8 ticket[0]; | |
108 | }; | |
109 | ||
110 | /* | |
111 | * AF_RXRPC key payload derived from XDR format | |
112 | * - based on openafs-1.4.10/src/auth/afs_token.xg | |
113 | */ | |
114 | #define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */ | |
99455153 DH |
115 | #define AFSTOKEN_STRING_MAX 256 /* max small string length */ |
116 | #define AFSTOKEN_DATA_MAX 64 /* max small data length */ | |
33941284 DH |
117 | #define AFSTOKEN_CELL_MAX 64 /* max cellname length */ |
118 | #define AFSTOKEN_MAX 8 /* max tokens per payload */ | |
99455153 | 119 | #define AFSTOKEN_BDATALN_MAX 16384 /* max big data length */ |
33941284 DH |
120 | #define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */ |
121 | #define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */ | |
122 | #define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */ | |
123 | #define AFSTOKEN_K5_COMPONENTS_MAX 16 /* max K5 components */ | |
124 | #define AFSTOKEN_K5_NAME_MAX 128 /* max K5 name length */ | |
125 | #define AFSTOKEN_K5_REALM_MAX 64 /* max K5 realm name length */ | |
126 | #define AFSTOKEN_K5_TIX_MAX 16384 /* max K5 ticket size */ | |
127 | #define AFSTOKEN_K5_ADDRESSES_MAX 16 /* max K5 addresses */ | |
128 | #define AFSTOKEN_K5_AUTHDATA_MAX 16 /* max K5 pieces of auth data */ | |
129 | ||
dd89db1d | 130 | #endif /* _KEYS_RXRPC_TYPE_H */ |