| 1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ |
|---|
| 2 | /* RxRPC key type |
|---|
| 3 | * |
|---|
| 4 | * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. |
|---|
| 5 | * Written by David Howells (dhowells@redhat.com) |
|---|
| 6 | */ |
|---|
| 7 | |
|---|
| 8 | #ifndef _KEYS_RXRPC_TYPE_H |
|---|
| 9 | #define _KEYS_RXRPC_TYPE_H |
|---|
| 10 | |
|---|
| 11 | #include <linux/key.h> |
|---|
| 12 | #include <crypto/krb5.h> |
|---|
| 13 | |
|---|
| 14 | /* |
|---|
| 15 | * key type for AF_RXRPC keys |
|---|
| 16 | */ |
|---|
| 17 | extern struct key_type key_type_rxrpc; |
|---|
| 18 | |
|---|
| 19 | extern struct key *rxrpc_get_null_key(const char *); |
|---|
| 20 | |
|---|
| 21 | /* |
|---|
| 22 | * RxRPC key for Kerberos IV (type-2 security) |
|---|
| 23 | */ |
|---|
| 24 | struct rxkad_key { |
|---|
| 25 | u32 vice_id; |
|---|
| 26 | u32 start; /* time at which ticket starts */ |
|---|
| 27 | u32 expiry; /* time at which ticket expires */ |
|---|
| 28 | u32 kvno; /* key version number */ |
|---|
| 29 | u8 primary_flag; /* T if key for primary cell for this user */ |
|---|
| 30 | u16 ticket_len; /* length of ticket[] */ |
|---|
| 31 | u8 session_key[8]; /* DES session key */ |
|---|
| 32 | u8 ticket[]; /* the encrypted ticket */ |
|---|
| 33 | }; |
|---|
| 34 | |
|---|
| 35 | /* |
|---|
| 36 | * RxRPC key for YFS-RxGK (type-6 security) |
|---|
| 37 | */ |
|---|
| 38 | struct rxgk_key { |
|---|
| 39 | s64 begintime; /* Time at which the ticket starts */ |
|---|
| 40 | s64 endtime; /* Time at which the ticket ends */ |
|---|
| 41 | u64 lifetime; /* Maximum lifespan of a connection (seconds) */ |
|---|
| 42 | u64 bytelife; /* Maximum number of bytes on a connection */ |
|---|
| 43 | unsigned int enctype; /* Encoding type */ |
|---|
| 44 | s8 level; /* Negotiated security RXRPC_SECURITY_PLAIN/AUTH/ENCRYPT */ |
|---|
| 45 | struct krb5_buffer key; /* Master key, K0 */ |
|---|
| 46 | struct krb5_buffer ticket; /* Ticket to be passed to server */ |
|---|
| 47 | u8 _key[]; /* Key storage */ |
|---|
| 48 | }; |
|---|
| 49 | |
|---|
| 50 | /* |
|---|
| 51 | * list of tokens attached to an rxrpc key |
|---|
| 52 | */ |
|---|
| 53 | struct rxrpc_key_token { |
|---|
| 54 | u16 security_index; /* RxRPC header security index */ |
|---|
| 55 | bool no_leak_key; /* Don't copy the key to userspace */ |
|---|
| 56 | struct rxrpc_key_token *next; /* the next token in the list */ |
|---|
| 57 | union { |
|---|
| 58 | struct rxkad_key *kad; |
|---|
| 59 | struct rxgk_key *rxgk; |
|---|
| 60 | }; |
|---|
| 61 | }; |
|---|
| 62 | |
|---|
| 63 | /* |
|---|
| 64 | * structure of raw payloads passed to add_key() or instantiate key |
|---|
| 65 | */ |
|---|
| 66 | struct rxrpc_key_data_v1 { |
|---|
| 67 | u16 security_index; |
|---|
| 68 | u16 ticket_length; |
|---|
| 69 | u32 expiry; /* time_t */ |
|---|
| 70 | u32 kvno; |
|---|
| 71 | u8 session_key[8]; |
|---|
| 72 | u8 ticket[]; |
|---|
| 73 | }; |
|---|
| 74 | |
|---|
| 75 | /* |
|---|
| 76 | * AF_RXRPC key payload derived from XDR format |
|---|
| 77 | * - based on openafs-1.4.10/src/auth/afs_token.xg |
|---|
| 78 | */ |
|---|
| 79 | #define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */ |
|---|
| 80 | #define AFSTOKEN_STRING_MAX 256 /* max small string length */ |
|---|
| 81 | #define AFSTOKEN_DATA_MAX 64 /* max small data length */ |
|---|
| 82 | #define AFSTOKEN_CELL_MAX 64 /* max cellname length */ |
|---|
| 83 | #define AFSTOKEN_MAX 8 /* max tokens per payload */ |
|---|
| 84 | #define AFSTOKEN_BDATALN_MAX 16384 /* max big data length */ |
|---|
| 85 | #define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */ |
|---|
| 86 | #define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */ |
|---|
| 87 | #define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */ |
|---|
| 88 | |
|---|
| 89 | /* |
|---|
| 90 | * Truncate a time64_t to the range from 1970 to 2106 as in the network |
|---|
| 91 | * protocol. |
|---|
| 92 | */ |
|---|
| 93 | static inline u32 rxrpc_time64_to_u32(time64_t time) |
|---|
| 94 | { |
|---|
| 95 | if (time < 0) |
|---|
| 96 | return 0; |
|---|
| 97 | |
|---|
| 98 | if (time > UINT_MAX) |
|---|
| 99 | return UINT_MAX; |
|---|
| 100 | |
|---|
| 101 | return (u32)time; |
|---|
| 102 | } |
|---|
| 103 | |
|---|
| 104 | /* |
|---|
| 105 | * Extend u32 back to time64_t using the same 1970-2106 range. |
|---|
| 106 | */ |
|---|
| 107 | static inline time64_t rxrpc_u32_to_time64(u32 time) |
|---|
| 108 | { |
|---|
| 109 | return (time64_t)time; |
|---|
| 110 | } |
|---|
| 111 | |
|---|
| 112 | #endif /* _KEYS_RXRPC_TYPE_H */ |
|---|
| 113 | |
|---|
