LXR linux/include/keys/rxrpc-type.h

   1/* RxRPC key type
   2 *
   3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
   4 * Written by David Howells (dhowells@redhat.com)
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public License
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the License, or (at your option) any later version.
  10 */
  11
  12#ifndef _KEYS_RXRPC_TYPE_H
  13#define _KEYS_RXRPC_TYPE_H
  14
  15#include <linux/key.h>
  16
  17/*
  18 * key type for AF_RXRPC keys
  19 */
  20extern struct key_type key_type_rxrpc;
  21
  22extern struct key *rxrpc_get_null_key(const char *);
  23
  24/*
  25 * RxRPC key for Kerberos IV (type-2 security)
  26 */
  27struct rxkad_key {
  28        u32     vice_id;
  29        u32     start;                  /* time at which ticket starts */
  30        u32     expiry;                 /* time at which ticket expires */
  31        u32     kvno;                   /* key version number */
  32        u8      primary_flag;           /* T if key for primary cell for this user */
  33        u16     ticket_len;             /* length of ticket[] */
  34        u8      session_key[8];         /* DES session key */
  35        u8      ticket[0];              /* the encrypted ticket */
  36};
  37
  38/*
  39 * Kerberos 5 principal
  40 *      name/name/name@realm
  41 */
  42struct krb5_principal {
  43        u8      n_name_parts;           /* N of parts of the name part of the principal */
  44        char    **name_parts;           /* parts of the name part of the principal */
  45        char    *realm;                 /* parts of the realm part of the principal */
  46};
  47
  48/*
  49 * Kerberos 5 tagged data
  50 */
  51struct krb5_tagged_data {
  52        /* for tag value, see /usr/include/krb5/krb5.h
  53         * - KRB5_AUTHDATA_* for auth data
  54         * - 
  55         */
  56        s32             tag;
  57        u32             data_len;
  58        u8              *data;
  59};
  60
  61/*
  62 * RxRPC key for Kerberos V (type-5 security)
  63 */
  64struct rxk5_key {
  65        u64                     authtime;       /* time at which auth token generated */
  66        u64                     starttime;      /* time at which auth token starts */
  67        u64                     endtime;        /* time at which auth token expired */
  68        u64                     renew_till;     /* time to which auth token can be renewed */
  69        s32                     is_skey;        /* T if ticket is encrypted in another ticket's
  70                                                 * skey */
  71        s32                     flags;          /* mask of TKT_FLG_* bits (krb5/krb5.h) */
  72        struct krb5_principal   client;         /* client principal name */
  73        struct krb5_principal   server;         /* server principal name */
  74        u16                     ticket_len;     /* length of ticket */
  75        u16                     ticket2_len;    /* length of second ticket */
  76        u8                      n_authdata;     /* number of authorisation data elements */
  77        u8                      n_addresses;    /* number of addresses */
  78        struct krb5_tagged_data session;        /* session data; tag is enctype */
  79        struct krb5_tagged_data *addresses;     /* addresses */
  80        u8                      *ticket;        /* krb5 ticket */
  81        u8                      *ticket2;       /* second krb5 ticket, if related to ticket (via
  82                                                 * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */
  83        struct krb5_tagged_data *authdata;      /* authorisation data */
  84};
  85
  86/*
  87 * list of tokens attached to an rxrpc key
  88 */
  89struct rxrpc_key_token {
  90        u16     security_index;         /* RxRPC header security index */
  91        struct rxrpc_key_token *next;   /* the next token in the list */
  92        union {
  93                struct rxkad_key *kad;
  94                struct rxk5_key *k5;
  95        };
  96};
  97
  98/*
  99 * structure of raw payloads passed to add_key() or instantiate key
 100 */
 101struct rxrpc_key_data_v1 {
 102        u16             security_index;
 103        u16             ticket_length;
 104        u32             expiry;                 /* time_t */
 105        u32             kvno;
 106        u8              session_key[8];
 107        u8              ticket[0];
 108};
 109
 110/*
 111 * AF_RXRPC key payload derived from XDR format
 112 * - based on openafs-1.4.10/src/auth/afs_token.xg
 113 */
 114#define AFSTOKEN_LENGTH_MAX             16384   /* max payload size */
 115#define AFSTOKEN_STRING_MAX             256     /* max small string length */
 116#define AFSTOKEN_DATA_MAX               64      /* max small data length */
 117#define AFSTOKEN_CELL_MAX               64      /* max cellname length */
 118#define AFSTOKEN_MAX                    8       /* max tokens per payload */
 119#define AFSTOKEN_BDATALN_MAX            16384   /* max big data length */
 120#define AFSTOKEN_RK_TIX_MAX             12000   /* max RxKAD ticket size */
 121#define AFSTOKEN_GK_KEY_MAX             64      /* max GSSAPI key size */
 122#define AFSTOKEN_GK_TOKEN_MAX           16384   /* max GSSAPI token size */
 123#define AFSTOKEN_K5_COMPONENTS_MAX      16      /* max K5 components */
 124#define AFSTOKEN_K5_NAME_MAX            128     /* max K5 name length */
 125#define AFSTOKEN_K5_REALM_MAX           64      /* max K5 realm name length */
 126#define AFSTOKEN_K5_TIX_MAX             16384   /* max K5 ticket size */
 127#define AFSTOKEN_K5_ADDRESSES_MAX       16      /* max K5 addresses */
 128#define AFSTOKEN_K5_AUTHDATA_MAX        16      /* max K5 pieces of auth data */
 129
 130#endif /* _KEYS_RXRPC_TYPE_H */
 131