• Home
  • History
  • Annotate
  • Line#
  • Navigate
  • Raw
  • Download
  • only in /asuswrt-rt-n18u-9.0.0.4.380.2695/release/src-rt-6.x.4708/linux/linux-2.6.36/include/keys/
1/* RxRPC key type
2 *
3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#ifndef _KEYS_RXRPC_TYPE_H
13#define _KEYS_RXRPC_TYPE_H
14
15#include <linux/key.h>
16
17/*
18 * key type for AF_RXRPC keys
19 */
20extern struct key_type key_type_rxrpc;
21
22extern struct key *rxrpc_get_null_key(const char *);
23
24/*
25 * RxRPC key for Kerberos IV (type-2 security)
26 */
27struct rxkad_key {
28	u32	vice_id;
29	u32	start;			/* time at which ticket starts */
30	u32	expiry;			/* time at which ticket expires */
31	u32	kvno;			/* key version number */
32	u8	primary_flag;		/* T if key for primary cell for this user */
33	u16	ticket_len;		/* length of ticket[] */
34	u8	session_key[8];		/* DES session key */
35	u8	ticket[0];		/* the encrypted ticket */
36};
37
38/*
39 * Kerberos 5 principal
40 *	name/name/name@realm
41 */
42struct krb5_principal {
43	u8	n_name_parts;		/* N of parts of the name part of the principal */
44	char	**name_parts;		/* parts of the name part of the principal */
45	char	*realm;			/* parts of the realm part of the principal */
46};
47
48/*
49 * Kerberos 5 tagged data
50 */
51struct krb5_tagged_data {
52	/* for tag value, see /usr/include/krb5/krb5.h
53	 * - KRB5_AUTHDATA_* for auth data
54	 * -
55	 */
56	s32		tag;
57	u32		data_len;
58	u8		*data;
59};
60
61/*
62 * RxRPC key for Kerberos V (type-5 security)
63 */
64struct rxk5_key {
65	u64			authtime;	/* time at which auth token generated */
66	u64			starttime;	/* time at which auth token starts */
67	u64			endtime;	/* time at which auth token expired */
68	u64			renew_till;	/* time to which auth token can be renewed */
69	s32			is_skey;	/* T if ticket is encrypted in another ticket's
70						 * skey */
71	s32			flags;		/* mask of TKT_FLG_* bits (krb5/krb5.h) */
72	struct krb5_principal	client;		/* client principal name */
73	struct krb5_principal	server;		/* server principal name */
74	u16			ticket_len;	/* length of ticket */
75	u16			ticket2_len;	/* length of second ticket */
76	u8			n_authdata;	/* number of authorisation data elements */
77	u8			n_addresses;	/* number of addresses */
78	struct krb5_tagged_data	session;	/* session data; tag is enctype */
79	struct krb5_tagged_data *addresses;	/* addresses */
80	u8			*ticket;	/* krb5 ticket */
81	u8			*ticket2;	/* second krb5 ticket, if related to ticket (via
82						 * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */
83	struct krb5_tagged_data *authdata;	/* authorisation data */
84};
85
86/*
87 * list of tokens attached to an rxrpc key
88 */
89struct rxrpc_key_token {
90	u16	security_index;		/* RxRPC header security index */
91	struct rxrpc_key_token *next;	/* the next token in the list */
92	union {
93		struct rxkad_key *kad;
94		struct rxk5_key *k5;
95	};
96};
97
98/*
99 * structure of raw payloads passed to add_key() or instantiate key
100 */
101struct rxrpc_key_data_v1 {
102	u32		kif_version;		/* 1 */
103	u16		security_index;
104	u16		ticket_length;
105	u32		expiry;			/* time_t */
106	u32		kvno;
107	u8		session_key[8];
108	u8		ticket[0];
109};
110
111/*
112 * AF_RXRPC key payload derived from XDR format
113 * - based on openafs-1.4.10/src/auth/afs_token.xg
114 */
115#define AFSTOKEN_LENGTH_MAX		16384	/* max payload size */
116#define AFSTOKEN_STRING_MAX		256	/* max small string length */
117#define AFSTOKEN_DATA_MAX		64	/* max small data length */
118#define AFSTOKEN_CELL_MAX		64	/* max cellname length */
119#define AFSTOKEN_MAX			8	/* max tokens per payload */
120#define AFSTOKEN_BDATALN_MAX		16384	/* max big data length */
121#define AFSTOKEN_RK_TIX_MAX		12000	/* max RxKAD ticket size */
122#define AFSTOKEN_GK_KEY_MAX		64	/* max GSSAPI key size */
123#define AFSTOKEN_GK_TOKEN_MAX		16384	/* max GSSAPI token size */
124#define AFSTOKEN_K5_COMPONENTS_MAX	16	/* max K5 components */
125#define AFSTOKEN_K5_NAME_MAX		128	/* max K5 name length */
126#define AFSTOKEN_K5_REALM_MAX		64	/* max K5 realm name length */
127#define AFSTOKEN_K5_TIX_MAX		16384	/* max K5 ticket size */
128#define AFSTOKEN_K5_ADDRESSES_MAX	16	/* max K5 addresses */
129#define AFSTOKEN_K5_AUTHDATA_MAX	16	/* max K5 pieces of auth data */
130
131#endif /* _KEYS_RXRPC_TYPE_H */
132