auth_x_protocol.h 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137
  1. /* SPDX-License-Identifier: GPL-2.0 */
  2. #ifndef __FS_CEPH_AUTH_X_PROTOCOL
  3. #define __FS_CEPH_AUTH_X_PROTOCOL
  4. #define CEPHX_GET_AUTH_SESSION_KEY 0x0100
  5. #define CEPHX_GET_PRINCIPAL_SESSION_KEY 0x0200
  6. #define CEPHX_GET_ROTATING_KEY 0x0400
  7. /* Client <-> AuthMonitor */
  8. /*
  9. * The AUTH session's connection secret: encrypted with the AUTH
  10. * ticket session key
  11. */
  12. #define CEPHX_KEY_USAGE_AUTH_CONNECTION_SECRET 0x03
  13. /*
  14. * The ticket's blob for the client ("blob for me", contains the
  15. * session key): encrypted with the client's secret key in case of
  16. * the AUTH ticket and the AUTH ticket session key in case of other
  17. * service tickets
  18. */
  19. #define CEPHX_KEY_USAGE_TICKET_SESSION_KEY 0x04
  20. /*
  21. * The ticket's blob for the service (ceph_x_ticket_blob): possibly
  22. * encrypted with the old AUTH ticket session key in case of the AUTH
  23. * ticket and not encrypted in case of other service tickets
  24. */
  25. #define CEPHX_KEY_USAGE_TICKET_BLOB 0x05
  26. /* Client <-> Service */
  27. /*
  28. * The client's authorization request (ceph_x_authorize_b):
  29. * encrypted with the service ticket session key
  30. */
  31. #define CEPHX_KEY_USAGE_AUTHORIZE 0x10
  32. /*
  33. * The service's challenge (ceph_x_authorize_challenge):
  34. * encrypted with the service ticket session key
  35. */
  36. #define CEPHX_KEY_USAGE_AUTHORIZE_CHALLENGE 0x11
  37. /*
  38. * The service's final reply (ceph_x_authorize_reply + the service
  39. * session's connection secret): encrypted with the service ticket
  40. * session key
  41. */
  42. #define CEPHX_KEY_USAGE_AUTHORIZE_REPLY 0x12
  43. /* common bits */
  44. struct ceph_x_ticket_blob {
  45. __u8 struct_v;
  46. __le64 secret_id;
  47. __le32 blob_len;
  48. char blob[];
  49. } __attribute__ ((packed));
  50. /* common request/reply headers */
  51. struct ceph_x_request_header {
  52. __le16 op;
  53. } __attribute__ ((packed));
  54. struct ceph_x_reply_header {
  55. __le16 op;
  56. __le32 result;
  57. } __attribute__ ((packed));
  58. /* authenticate handshake */
  59. /* initial hello (no reply header) */
  60. struct ceph_x_server_challenge {
  61. __u8 struct_v;
  62. __le64 server_challenge;
  63. } __attribute__ ((packed));
  64. struct ceph_x_authenticate {
  65. __u8 struct_v;
  66. __le64 client_challenge;
  67. __le64 key;
  68. /* old_ticket blob */
  69. /* nautilus+: other_keys */
  70. } __attribute__ ((packed));
  71. struct ceph_x_service_ticket_request {
  72. __u8 struct_v;
  73. __le32 keys;
  74. } __attribute__ ((packed));
  75. struct ceph_x_challenge_blob {
  76. __le64 server_challenge;
  77. __le64 client_challenge;
  78. } __attribute__ ((packed));
  79. /* authorize handshake */
  80. /*
  81. * The authorizer consists of two pieces:
  82. * a - service id, ticket blob
  83. * b - encrypted with session key
  84. */
  85. struct ceph_x_authorize_a {
  86. __u8 struct_v;
  87. __le64 global_id;
  88. __le32 service_id;
  89. struct ceph_x_ticket_blob ticket_blob;
  90. } __attribute__ ((packed));
  91. struct ceph_x_authorize_b {
  92. __u8 struct_v;
  93. __le64 nonce;
  94. __u8 have_challenge;
  95. __le64 server_challenge_plus_one;
  96. } __attribute__ ((packed));
  97. struct ceph_x_authorize_challenge {
  98. __u8 struct_v;
  99. __le64 server_challenge;
  100. } __attribute__ ((packed));
  101. struct ceph_x_authorize_reply {
  102. __u8 struct_v;
  103. __le64 nonce_plus_one;
  104. } __attribute__ ((packed));
  105. /*
  106. * encryption bundle
  107. */
  108. #define CEPHX_ENC_MAGIC 0xff009cad8826aa55ull
  109. struct ceph_x_encrypt_header {
  110. __u8 struct_v;
  111. __le64 magic;
  112. } __attribute__ ((packed));
  113. #endif