117926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells/* RxRPC key type 217926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells * 317926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 417926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells * Written by David Howells (dhowells@redhat.com) 517926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells * 617926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells * This program is free software; you can redistribute it and/or 717926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells * modify it under the terms of the GNU General Public License 817926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells * as published by the Free Software Foundation; either version 917926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells * 2 of the License, or (at your option) any later version. 1017926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells */ 1117926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells 1217926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells#ifndef _KEYS_RXRPC_TYPE_H 1317926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells#define _KEYS_RXRPC_TYPE_H 1417926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells 1517926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells#include <linux/key.h> 1617926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells 1717926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells/* 1817926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells * key type for AF_RXRPC keys 1917926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells */ 2017926a79320afa9b95df6b977b40cca6d8713ceaDavid Howellsextern struct key_type key_type_rxrpc; 2117926a79320afa9b95df6b977b40cca6d8713ceaDavid Howells 2276181c134f87479fa13bf2548ddf2999055d34d4David Howellsextern struct key *rxrpc_get_null_key(const char *); 2376181c134f87479fa13bf2548ddf2999055d34d4David Howells 24339412841d7620f93fea805fbd7469f08186f458David Howells/* 25339412841d7620f93fea805fbd7469f08186f458David Howells * RxRPC key for Kerberos IV (type-2 security) 26339412841d7620f93fea805fbd7469f08186f458David Howells */ 27339412841d7620f93fea805fbd7469f08186f458David Howellsstruct rxkad_key { 28339412841d7620f93fea805fbd7469f08186f458David Howells u32 vice_id; 29339412841d7620f93fea805fbd7469f08186f458David Howells u32 start; /* time at which ticket starts */ 30339412841d7620f93fea805fbd7469f08186f458David Howells u32 expiry; /* time at which ticket expires */ 31339412841d7620f93fea805fbd7469f08186f458David Howells u32 kvno; /* key version number */ 32339412841d7620f93fea805fbd7469f08186f458David Howells u8 primary_flag; /* T if key for primary cell for this user */ 33339412841d7620f93fea805fbd7469f08186f458David Howells u16 ticket_len; /* length of ticket[] */ 34339412841d7620f93fea805fbd7469f08186f458David Howells u8 session_key[8]; /* DES session key */ 35339412841d7620f93fea805fbd7469f08186f458David Howells u8 ticket[0]; /* the encrypted ticket */ 36339412841d7620f93fea805fbd7469f08186f458David Howells}; 37339412841d7620f93fea805fbd7469f08186f458David Howells 38339412841d7620f93fea805fbd7469f08186f458David Howells/* 3999455153d0670ba110e6a3b855b8369bcbd11120David Howells * Kerberos 5 principal 4099455153d0670ba110e6a3b855b8369bcbd11120David Howells * name/name/name@realm 4199455153d0670ba110e6a3b855b8369bcbd11120David Howells */ 4299455153d0670ba110e6a3b855b8369bcbd11120David Howellsstruct krb5_principal { 4399455153d0670ba110e6a3b855b8369bcbd11120David Howells u8 n_name_parts; /* N of parts of the name part of the principal */ 4499455153d0670ba110e6a3b855b8369bcbd11120David Howells char **name_parts; /* parts of the name part of the principal */ 4599455153d0670ba110e6a3b855b8369bcbd11120David Howells char *realm; /* parts of the realm part of the principal */ 4699455153d0670ba110e6a3b855b8369bcbd11120David Howells}; 4799455153d0670ba110e6a3b855b8369bcbd11120David Howells 4899455153d0670ba110e6a3b855b8369bcbd11120David Howells/* 4999455153d0670ba110e6a3b855b8369bcbd11120David Howells * Kerberos 5 tagged data 5099455153d0670ba110e6a3b855b8369bcbd11120David Howells */ 5199455153d0670ba110e6a3b855b8369bcbd11120David Howellsstruct krb5_tagged_data { 5299455153d0670ba110e6a3b855b8369bcbd11120David Howells /* for tag value, see /usr/include/krb5/krb5.h 5399455153d0670ba110e6a3b855b8369bcbd11120David Howells * - KRB5_AUTHDATA_* for auth data 5499455153d0670ba110e6a3b855b8369bcbd11120David Howells * - 5599455153d0670ba110e6a3b855b8369bcbd11120David Howells */ 564e36a95e591e9c58dd10bb4103c00993917c27fdDavid Howells s32 tag; 574e36a95e591e9c58dd10bb4103c00993917c27fdDavid Howells u32 data_len; 5899455153d0670ba110e6a3b855b8369bcbd11120David Howells u8 *data; 5999455153d0670ba110e6a3b855b8369bcbd11120David Howells}; 6099455153d0670ba110e6a3b855b8369bcbd11120David Howells 6199455153d0670ba110e6a3b855b8369bcbd11120David Howells/* 6299455153d0670ba110e6a3b855b8369bcbd11120David Howells * RxRPC key for Kerberos V (type-5 security) 6399455153d0670ba110e6a3b855b8369bcbd11120David Howells */ 6499455153d0670ba110e6a3b855b8369bcbd11120David Howellsstruct rxk5_key { 654e36a95e591e9c58dd10bb4103c00993917c27fdDavid Howells u64 authtime; /* time at which auth token generated */ 664e36a95e591e9c58dd10bb4103c00993917c27fdDavid Howells u64 starttime; /* time at which auth token starts */ 674e36a95e591e9c58dd10bb4103c00993917c27fdDavid Howells u64 endtime; /* time at which auth token expired */ 684e36a95e591e9c58dd10bb4103c00993917c27fdDavid Howells u64 renew_till; /* time to which auth token can be renewed */ 694e36a95e591e9c58dd10bb4103c00993917c27fdDavid Howells s32 is_skey; /* T if ticket is encrypted in another ticket's 7099455153d0670ba110e6a3b855b8369bcbd11120David Howells * skey */ 714e36a95e591e9c58dd10bb4103c00993917c27fdDavid Howells s32 flags; /* mask of TKT_FLG_* bits (krb5/krb5.h) */ 7299455153d0670ba110e6a3b855b8369bcbd11120David Howells struct krb5_principal client; /* client principal name */ 7399455153d0670ba110e6a3b855b8369bcbd11120David Howells struct krb5_principal server; /* server principal name */ 744e36a95e591e9c58dd10bb4103c00993917c27fdDavid Howells u16 ticket_len; /* length of ticket */ 754e36a95e591e9c58dd10bb4103c00993917c27fdDavid Howells u16 ticket2_len; /* length of second ticket */ 7699455153d0670ba110e6a3b855b8369bcbd11120David Howells u8 n_authdata; /* number of authorisation data elements */ 7799455153d0670ba110e6a3b855b8369bcbd11120David Howells u8 n_addresses; /* number of addresses */ 7899455153d0670ba110e6a3b855b8369bcbd11120David Howells struct krb5_tagged_data session; /* session data; tag is enctype */ 7999455153d0670ba110e6a3b855b8369bcbd11120David Howells struct krb5_tagged_data *addresses; /* addresses */ 8099455153d0670ba110e6a3b855b8369bcbd11120David Howells u8 *ticket; /* krb5 ticket */ 8199455153d0670ba110e6a3b855b8369bcbd11120David Howells u8 *ticket2; /* second krb5 ticket, if related to ticket (via 8299455153d0670ba110e6a3b855b8369bcbd11120David Howells * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */ 8399455153d0670ba110e6a3b855b8369bcbd11120David Howells struct krb5_tagged_data *authdata; /* authorisation data */ 8499455153d0670ba110e6a3b855b8369bcbd11120David Howells}; 8599455153d0670ba110e6a3b855b8369bcbd11120David Howells 8699455153d0670ba110e6a3b855b8369bcbd11120David Howells/* 87339412841d7620f93fea805fbd7469f08186f458David Howells * list of tokens attached to an rxrpc key 88339412841d7620f93fea805fbd7469f08186f458David Howells */ 89339412841d7620f93fea805fbd7469f08186f458David Howellsstruct rxrpc_key_token { 90339412841d7620f93fea805fbd7469f08186f458David Howells u16 security_index; /* RxRPC header security index */ 91339412841d7620f93fea805fbd7469f08186f458David Howells struct rxrpc_key_token *next; /* the next token in the list */ 92339412841d7620f93fea805fbd7469f08186f458David Howells union { 93339412841d7620f93fea805fbd7469f08186f458David Howells struct rxkad_key *kad; 9499455153d0670ba110e6a3b855b8369bcbd11120David Howells struct rxk5_key *k5; 95339412841d7620f93fea805fbd7469f08186f458David Howells }; 96339412841d7620f93fea805fbd7469f08186f458David Howells}; 97339412841d7620f93fea805fbd7469f08186f458David Howells 98339412841d7620f93fea805fbd7469f08186f458David Howells/* 99339412841d7620f93fea805fbd7469f08186f458David Howells * structure of raw payloads passed to add_key() or instantiate key 100339412841d7620f93fea805fbd7469f08186f458David Howells */ 101339412841d7620f93fea805fbd7469f08186f458David Howellsstruct rxrpc_key_data_v1 { 102339412841d7620f93fea805fbd7469f08186f458David Howells u16 security_index; 103339412841d7620f93fea805fbd7469f08186f458David Howells u16 ticket_length; 104339412841d7620f93fea805fbd7469f08186f458David Howells u32 expiry; /* time_t */ 105339412841d7620f93fea805fbd7469f08186f458David Howells u32 kvno; 106339412841d7620f93fea805fbd7469f08186f458David Howells u8 session_key[8]; 107339412841d7620f93fea805fbd7469f08186f458David Howells u8 ticket[0]; 108339412841d7620f93fea805fbd7469f08186f458David Howells}; 109339412841d7620f93fea805fbd7469f08186f458David Howells 110339412841d7620f93fea805fbd7469f08186f458David Howells/* 111339412841d7620f93fea805fbd7469f08186f458David Howells * AF_RXRPC key payload derived from XDR format 112339412841d7620f93fea805fbd7469f08186f458David Howells * - based on openafs-1.4.10/src/auth/afs_token.xg 113339412841d7620f93fea805fbd7469f08186f458David Howells */ 114339412841d7620f93fea805fbd7469f08186f458David Howells#define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */ 11599455153d0670ba110e6a3b855b8369bcbd11120David Howells#define AFSTOKEN_STRING_MAX 256 /* max small string length */ 11699455153d0670ba110e6a3b855b8369bcbd11120David Howells#define AFSTOKEN_DATA_MAX 64 /* max small data length */ 117339412841d7620f93fea805fbd7469f08186f458David Howells#define AFSTOKEN_CELL_MAX 64 /* max cellname length */ 118339412841d7620f93fea805fbd7469f08186f458David Howells#define AFSTOKEN_MAX 8 /* max tokens per payload */ 11999455153d0670ba110e6a3b855b8369bcbd11120David Howells#define AFSTOKEN_BDATALN_MAX 16384 /* max big data length */ 120339412841d7620f93fea805fbd7469f08186f458David Howells#define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */ 121339412841d7620f93fea805fbd7469f08186f458David Howells#define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */ 122339412841d7620f93fea805fbd7469f08186f458David Howells#define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */ 123339412841d7620f93fea805fbd7469f08186f458David Howells#define AFSTOKEN_K5_COMPONENTS_MAX 16 /* max K5 components */ 124339412841d7620f93fea805fbd7469f08186f458David Howells#define AFSTOKEN_K5_NAME_MAX 128 /* max K5 name length */ 125339412841d7620f93fea805fbd7469f08186f458David Howells#define AFSTOKEN_K5_REALM_MAX 64 /* max K5 realm name length */ 126339412841d7620f93fea805fbd7469f08186f458David Howells#define AFSTOKEN_K5_TIX_MAX 16384 /* max K5 ticket size */ 127339412841d7620f93fea805fbd7469f08186f458David Howells#define AFSTOKEN_K5_ADDRESSES_MAX 16 /* max K5 addresses */ 128339412841d7620f93fea805fbd7469f08186f458David Howells#define AFSTOKEN_K5_AUTHDATA_MAX 16 /* max K5 pieces of auth data */ 129339412841d7620f93fea805fbd7469f08186f458David Howells 130dd89db1df98003fadafa711ab8bc497aaf92980aRobert P. J. Day#endif /* _KEYS_RXRPC_TYPE_H */ 131