1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /* RxRPC key type
3  *
4  * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
5  * Written by David Howells (dhowells@redhat.com)
6  */
7 
8 #ifndef _KEYS_RXRPC_TYPE_H
9 #define _KEYS_RXRPC_TYPE_H
10 
11 #include <linux/key.h>
12 #include <crypto/krb5.h>
13 
14 /*
15  * key type for AF_RXRPC keys
16  */
17 extern struct key_type key_type_rxrpc;
18 
19 extern struct key *rxrpc_get_null_key(const char *);
20 
21 /*
22  * RxRPC key for Kerberos IV (type-2 security)
23  */
24 struct rxkad_key {
25 	u32	vice_id;
26 	u32	start;			/* time at which ticket starts */
27 	u32	expiry;			/* time at which ticket expires */
28 	u32	kvno;			/* key version number */
29 	u8	primary_flag;		/* T if key for primary cell for this user */
30 	u16	ticket_len;		/* length of ticket[] */
31 	u8	session_key[8];		/* DES session key */
32 	u8	ticket[];		/* the encrypted ticket */
33 };
34 
35 /*
36  * RxRPC key for YFS-RxGK (type-6 security)
37  */
38 struct rxgk_key {
39 	s64		begintime;	/* Time at which the ticket starts */
40 	s64		endtime;	/* Time at which the ticket ends */
41 	u64		lifetime;	/* Maximum lifespan of a connection (seconds) */
42 	u64		bytelife;	/* Maximum number of bytes on a connection */
43 	unsigned int	enctype;	/* Encoding type */
44 	s8		level;		/* Negotiated security RXRPC_SECURITY_PLAIN/AUTH/ENCRYPT */
45 	struct krb5_buffer key;		/* Master key, K0 */
46 	struct krb5_buffer ticket;	/* Ticket to be passed to server */
47 	u8		_key[];		/* Key storage */
48 };
49 
50 /*
51  * list of tokens attached to an rxrpc key
52  */
53 struct rxrpc_key_token {
54 	u16	security_index;		/* RxRPC header security index */
55 	bool	no_leak_key;		/* Don't copy the key to userspace */
56 	struct rxrpc_key_token *next;	/* the next token in the list */
57 	union {
58 		struct rxkad_key *kad;
59 		struct rxgk_key *rxgk;
60 	};
61 };
62 
63 /*
64  * structure of raw payloads passed to add_key() or instantiate key
65  */
66 struct rxrpc_key_data_v1 {
67 	u16		security_index;
68 	u16		ticket_length;
69 	u32		expiry;			/* time_t */
70 	u32		kvno;
71 	u8		session_key[8];
72 	u8		ticket[];
73 };
74 
75 /*
76  * AF_RXRPC key payload derived from XDR format
77  * - based on openafs-1.4.10/src/auth/afs_token.xg
78  */
79 #define AFSTOKEN_LENGTH_MAX		16384	/* max payload size */
80 #define AFSTOKEN_STRING_MAX		256	/* max small string length */
81 #define AFSTOKEN_DATA_MAX		64	/* max small data length */
82 #define AFSTOKEN_CELL_MAX		64	/* max cellname length */
83 #define AFSTOKEN_MAX			8	/* max tokens per payload */
84 #define AFSTOKEN_BDATALN_MAX		16384	/* max big data length */
85 #define AFSTOKEN_RK_TIX_MAX		12000	/* max RxKAD ticket size */
86 #define AFSTOKEN_GK_KEY_MAX		64	/* max GSSAPI key size */
87 #define AFSTOKEN_GK_TOKEN_MAX		16384	/* max GSSAPI token size */
88 
89 /*
90  * Truncate a time64_t to the range from 1970 to 2106 as in the network
91  * protocol.
92  */
93 static inline u32 rxrpc_time64_to_u32(time64_t time)
94 {
95 	if (time < 0)
96 		return 0;
97 
98 	if (time > UINT_MAX)
99 		return UINT_MAX;
100 
101 	return (u32)time;
102 }
103 
104 /*
105  * Extend u32 back to time64_t using the same 1970-2106 range.
106  */
107 static inline time64_t rxrpc_u32_to_time64(u32 time)
108 {
109 	return (time64_t)time;
110 }
111 
112 #endif /* _KEYS_RXRPC_TYPE_H */
113