include/keys/rxrpc-type.h

   1 /* RxRPC key type
   2  *
   3  * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
   4  * Written by David Howells (dhowells@redhat.com)
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU General Public License
   8  * as published by the Free Software Foundation; either version
   9  * 2 of the License, or (at your option) any later version.
  10  */
  11
  12 #ifndef _KEYS_RXRPC_TYPE_H
  13 #define _KEYS_RXRPC_TYPE_H
  14
  15 #include <linux/key.h>
  16
  17 /*
  18  * key type for AF_RXRPC keys
  19  */
  20 extern struct key_type key_type_rxrpc;
  21
  22 extern struct key *rxrpc_get_null_key(const char *);
  23
  24 /*
  25  * RxRPC key for Kerberos IV (type-2 security)
  26  */
  27 struct rxkad_key {
  28         u32     vice_id;
  29         u32     start;                  /* time at which ticket starts */
  30         u32     expiry;                 /* time at which ticket expires */
  31         u32     kvno;                   /* key version number */
  32         u8      primary_flag;           /* T if key for primary cell for this user */
  33         u16     ticket_len;             /* length of ticket[] */
  34         u8      session_key[8];         /* DES session key */
  35         u8      ticket[0];              /* the encrypted ticket */
  36 };
  37
  38 /*
  39  * Kerberos 5 principal
  40  *      name/name/name@realm
  41  */
  42 struct krb5_principal {
  43         u8      n_name_parts;           /* N of parts of the name part of the principal */
  44         char    **name_parts;           /* parts of the name part of the principal */
  45         char    *realm;                 /* parts of the realm part of the principal */
  46 };
  47
  48 /*
  49  * Kerberos 5 tagged data
  50  */
  51 struct krb5_tagged_data {
  52         /* for tag value, see /usr/include/krb5/krb5.h
  53          * - KRB5_AUTHDATA_* for auth data
  54          * -
  55          */
  56         s32             tag;
  57         u32             data_len;
  58         u8              *data;
  59 };
  60
  61 /*
  62  * RxRPC key for Kerberos V (type-5 security)
  63  */
  64 struct rxk5_key {
  65         u64                     authtime;       /* time at which auth token generated */
  66         u64                     starttime;      /* time at which auth token starts */
  67         u64                     endtime;        /* time at which auth token expired */
  68         u64                     renew_till;     /* time to which auth token can be renewed */
  69         s32                     is_skey;        /* T if ticket is encrypted in another ticket's
  70                                                  * skey */
  71         s32                     flags;          /* mask of TKT_FLG_* bits (krb5/krb5.h) */
  72         struct krb5_principal   client;         /* client principal name */
  73         struct krb5_principal   server;         /* server principal name */
  74         u16                     ticket_len;     /* length of ticket */
  75         u16                     ticket2_len;    /* length of second ticket */
  76         u8                      n_authdata;     /* number of authorisation data elements */
  77         u8                      n_addresses;    /* number of addresses */
  78         struct krb5_tagged_data session;        /* session data; tag is enctype */
  79         struct krb5_tagged_data *addresses;     /* addresses */
  80         u8                      *ticket;        /* krb5 ticket */
  81         u8                      *ticket2;       /* second krb5 ticket, if related to ticket (via
  82                                                  * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */
  83         struct krb5_tagged_data *authdata;      /* authorisation data */
  84 };
  85
  86 /*
  87  * list of tokens attached to an rxrpc key
  88  */
  89 struct rxrpc_key_token {
  90         u16     security_index;         /* RxRPC header security index */
  91         struct rxrpc_key_token *next;   /* the next token in the list */
  92         union {
  93                 struct rxkad_key *kad;
  94                 struct rxk5_key *k5;
  95         };
  96 };
  97
  98 /*
  99  * structure of raw payloads passed to add_key() or instantiate key
 100  */
 101 struct rxrpc_key_data_v1 {
 102         u16             security_index;
 103         u16             ticket_length;
 104         u32             expiry;                 /* time_t */
 105         u32             kvno;
 106         u8              session_key[8];
 107         u8              ticket[0];
 108 };
 109
 110 /*
 111  * AF_RXRPC key payload derived from XDR format
 112  * - based on openafs-1.4.10/src/auth/afs_token.xg
 113  */
 114 #define AFSTOKEN_LENGTH_MAX             16384   /* max payload size */
 115 #define AFSTOKEN_STRING_MAX             256     /* max small string length */
 116 #define AFSTOKEN_DATA_MAX               64      /* max small data length */
 117 #define AFSTOKEN_CELL_MAX               64      /* max cellname length */
 118 #define AFSTOKEN_MAX                    8       /* max tokens per payload */
 119 #define AFSTOKEN_BDATALN_MAX            16384   /* max big data length */
 120 #define AFSTOKEN_RK_TIX_MAX             12000   /* max RxKAD ticket size */
 121 #define AFSTOKEN_GK_KEY_MAX             64      /* max GSSAPI key size */
 122 #define AFSTOKEN_GK_TOKEN_MAX           16384   /* max GSSAPI token size */
 123 #define AFSTOKEN_K5_COMPONENTS_MAX      16      /* max K5 components */
 124 #define AFSTOKEN_K5_NAME_MAX            128     /* max K5 name length */
 125 #define AFSTOKEN_K5_REALM_MAX           64      /* max K5 realm name length */
 126 #define AFSTOKEN_K5_TIX_MAX             16384   /* max K5 ticket size */
 127 #define AFSTOKEN_K5_ADDRESSES_MAX       16      /* max K5 addresses */
 128 #define AFSTOKEN_K5_AUTHDATA_MAX        16      /* max K5 pieces of auth data */
 129
 130 #endif /* _KEYS_RXRPC_TYPE_H */