1 /* SPDX-License-Identifier: GPL-2.0-or-later */
4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
8 #ifndef _KEYS_RXRPC_TYPE_H
9 #define _KEYS_RXRPC_TYPE_H
11 #include <linux/key.h>
14 * key type for AF_RXRPC keys
16 extern struct key_type key_type_rxrpc
;
18 extern struct key
*rxrpc_get_null_key(const char *);
21 * RxRPC key for Kerberos IV (type-2 security)
25 u32 start
; /* time at which ticket starts */
26 u32 expiry
; /* time at which ticket expires */
27 u32 kvno
; /* key version number */
28 u8 primary_flag
; /* T if key for primary cell for this user */
29 u16 ticket_len
; /* length of ticket[] */
30 u8 session_key
[8]; /* DES session key */
31 u8 ticket
[0]; /* the encrypted ticket */
35 * Kerberos 5 principal
36 * name/name/name@realm
38 struct krb5_principal
{
39 u8 n_name_parts
; /* N of parts of the name part of the principal */
40 char **name_parts
; /* parts of the name part of the principal */
41 char *realm
; /* parts of the realm part of the principal */
45 * Kerberos 5 tagged data
47 struct krb5_tagged_data
{
48 /* for tag value, see /usr/include/krb5/krb5.h
49 * - KRB5_AUTHDATA_* for auth data
58 * RxRPC key for Kerberos V (type-5 security)
61 u64 authtime
; /* time at which auth token generated */
62 u64 starttime
; /* time at which auth token starts */
63 u64 endtime
; /* time at which auth token expired */
64 u64 renew_till
; /* time to which auth token can be renewed */
65 s32 is_skey
; /* T if ticket is encrypted in another ticket's
67 s32 flags
; /* mask of TKT_FLG_* bits (krb5/krb5.h) */
68 struct krb5_principal client
; /* client principal name */
69 struct krb5_principal server
; /* server principal name */
70 u16 ticket_len
; /* length of ticket */
71 u16 ticket2_len
; /* length of second ticket */
72 u8 n_authdata
; /* number of authorisation data elements */
73 u8 n_addresses
; /* number of addresses */
74 struct krb5_tagged_data session
; /* session data; tag is enctype */
75 struct krb5_tagged_data
*addresses
; /* addresses */
76 u8
*ticket
; /* krb5 ticket */
77 u8
*ticket2
; /* second krb5 ticket, if related to ticket (via
78 * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */
79 struct krb5_tagged_data
*authdata
; /* authorisation data */
83 * list of tokens attached to an rxrpc key
85 struct rxrpc_key_token
{
86 u16 security_index
; /* RxRPC header security index */
87 struct rxrpc_key_token
*next
; /* the next token in the list */
89 struct rxkad_key
*kad
;
95 * structure of raw payloads passed to add_key() or instantiate key
97 struct rxrpc_key_data_v1
{
100 u32 expiry
; /* time_t */
107 * AF_RXRPC key payload derived from XDR format
108 * - based on openafs-1.4.10/src/auth/afs_token.xg
110 #define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */
111 #define AFSTOKEN_STRING_MAX 256 /* max small string length */
112 #define AFSTOKEN_DATA_MAX 64 /* max small data length */
113 #define AFSTOKEN_CELL_MAX 64 /* max cellname length */
114 #define AFSTOKEN_MAX 8 /* max tokens per payload */
115 #define AFSTOKEN_BDATALN_MAX 16384 /* max big data length */
116 #define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */
117 #define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */
118 #define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */
119 #define AFSTOKEN_K5_COMPONENTS_MAX 16 /* max K5 components */
120 #define AFSTOKEN_K5_NAME_MAX 128 /* max K5 name length */
121 #define AFSTOKEN_K5_REALM_MAX 64 /* max K5 realm name length */
122 #define AFSTOKEN_K5_TIX_MAX 16384 /* max K5 ticket size */
123 #define AFSTOKEN_K5_ADDRESSES_MAX 16 /* max K5 addresses */
124 #define AFSTOKEN_K5_AUTHDATA_MAX 16 /* max K5 pieces of auth data */
127 * Truncate a time64_t to the range from 1970 to 2106 as in the network
130 static inline u32
rxrpc_time64_to_u32(time64_t time
)
142 * Extend u32 back to time64_t using the same 1970-2106 range.
144 static inline time64_t
rxrpc_u32_to_time64(u32 time
)
146 return (time64_t
)time
;
149 #endif /* _KEYS_RXRPC_TYPE_H */
