1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /* RxRPC key type
3  *
4  * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
5  * Written by David Howells (dhowells@redhat.com)
6  */
7 
8 #ifndef _KEYS_RXRPC_TYPE_H
9 #define _KEYS_RXRPC_TYPE_H
10 
11 #include <linux/key.h>
12 
13 /*
14  * key type for AF_RXRPC keys
15  */
16 extern struct key_type key_type_rxrpc;
17 
18 extern struct key *rxrpc_get_null_key(const char *);
19 
20 /*
21  * RxRPC key for Kerberos IV (type-2 security)
22  */
23 struct rxkad_key {
24 	u32	vice_id;
25 	u32	start;			/* time at which ticket starts */
26 	u32	expiry;			/* time at which ticket expires */
27 	u32	kvno;			/* key version number */
28 	u8	primary_flag;		/* T if key for primary cell for this user */
29 	u16	ticket_len;		/* length of ticket[] */
30 	u8	session_key[8];		/* DES session key */
31 	u8	ticket[0];		/* the encrypted ticket */
32 };
33 
34 /*
35  * Kerberos 5 principal
36  *	name/name/name@realm
37  */
38 struct krb5_principal {
39 	u8	n_name_parts;		/* N of parts of the name part of the principal */
40 	char	**name_parts;		/* parts of the name part of the principal */
41 	char	*realm;			/* parts of the realm part of the principal */
42 };
43 
44 /*
45  * Kerberos 5 tagged data
46  */
47 struct krb5_tagged_data {
48 	/* for tag value, see /usr/include/krb5/krb5.h
49 	 * - KRB5_AUTHDATA_* for auth data
50 	 * -
51 	 */
52 	s32		tag;
53 	u32		data_len;
54 	u8		*data;
55 };
56 
57 /*
58  * RxRPC key for Kerberos V (type-5 security)
59  */
60 struct rxk5_key {
61 	u64			authtime;	/* time at which auth token generated */
62 	u64			starttime;	/* time at which auth token starts */
63 	u64			endtime;	/* time at which auth token expired */
64 	u64			renew_till;	/* time to which auth token can be renewed */
65 	s32			is_skey;	/* T if ticket is encrypted in another ticket's
66 						 * skey */
67 	s32			flags;		/* mask of TKT_FLG_* bits (krb5/krb5.h) */
68 	struct krb5_principal	client;		/* client principal name */
69 	struct krb5_principal	server;		/* server principal name */
70 	u16			ticket_len;	/* length of ticket */
71 	u16			ticket2_len;	/* length of second ticket */
72 	u8			n_authdata;	/* number of authorisation data elements */
73 	u8			n_addresses;	/* number of addresses */
74 	struct krb5_tagged_data	session;	/* session data; tag is enctype */
75 	struct krb5_tagged_data *addresses;	/* addresses */
76 	u8			*ticket;	/* krb5 ticket */
77 	u8			*ticket2;	/* second krb5 ticket, if related to ticket (via
78 						 * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */
79 	struct krb5_tagged_data *authdata;	/* authorisation data */
80 };
81 
82 /*
83  * list of tokens attached to an rxrpc key
84  */
85 struct rxrpc_key_token {
86 	u16	security_index;		/* RxRPC header security index */
87 	struct rxrpc_key_token *next;	/* the next token in the list */
88 	union {
89 		struct rxkad_key *kad;
90 		struct rxk5_key *k5;
91 	};
92 };
93 
94 /*
95  * structure of raw payloads passed to add_key() or instantiate key
96  */
97 struct rxrpc_key_data_v1 {
98 	u16		security_index;
99 	u16		ticket_length;
100 	u32		expiry;			/* time_t */
101 	u32		kvno;
102 	u8		session_key[8];
103 	u8		ticket[0];
104 };
105 
106 /*
107  * AF_RXRPC key payload derived from XDR format
108  * - based on openafs-1.4.10/src/auth/afs_token.xg
109  */
110 #define AFSTOKEN_LENGTH_MAX		16384	/* max payload size */
111 #define AFSTOKEN_STRING_MAX		256	/* max small string length */
112 #define AFSTOKEN_DATA_MAX		64	/* max small data length */
113 #define AFSTOKEN_CELL_MAX		64	/* max cellname length */
114 #define AFSTOKEN_MAX			8	/* max tokens per payload */
115 #define AFSTOKEN_BDATALN_MAX		16384	/* max big data length */
116 #define AFSTOKEN_RK_TIX_MAX		12000	/* max RxKAD ticket size */
117 #define AFSTOKEN_GK_KEY_MAX		64	/* max GSSAPI key size */
118 #define AFSTOKEN_GK_TOKEN_MAX		16384	/* max GSSAPI token size */
119 #define AFSTOKEN_K5_COMPONENTS_MAX	16	/* max K5 components */
120 #define AFSTOKEN_K5_NAME_MAX		128	/* max K5 name length */
121 #define AFSTOKEN_K5_REALM_MAX		64	/* max K5 realm name length */
122 #define AFSTOKEN_K5_TIX_MAX		16384	/* max K5 ticket size */
123 #define AFSTOKEN_K5_ADDRESSES_MAX	16	/* max K5 addresses */
124 #define AFSTOKEN_K5_AUTHDATA_MAX	16	/* max K5 pieces of auth data */
125 
126 /*
127  * Truncate a time64_t to the range from 1970 to 2106 as in the network
128  * protocol.
129  */
rxrpc_time64_to_u32(time64_t time)130 static inline u32 rxrpc_time64_to_u32(time64_t time)
131 {
132 	if (time < 0)
133 		return 0;
134 
135 	if (time > UINT_MAX)
136 		return UINT_MAX;
137 
138 	return (u32)time;
139 }
140 
141 /*
142  * Extend u32 back to time64_t using the same 1970-2106 range.
143  */
rxrpc_u32_to_time64(u32 time)144 static inline time64_t rxrpc_u32_to_time64(u32 time)
145 {
146 	return (time64_t)time;
147 }
148 
149 #endif /* _KEYS_RXRPC_TYPE_H */
150