| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137 |
- /* SPDX-License-Identifier: GPL-2.0 */
- #ifndef __FS_CEPH_AUTH_X_PROTOCOL
- #define __FS_CEPH_AUTH_X_PROTOCOL
- #define CEPHX_GET_AUTH_SESSION_KEY 0x0100
- #define CEPHX_GET_PRINCIPAL_SESSION_KEY 0x0200
- #define CEPHX_GET_ROTATING_KEY 0x0400
- /* Client <-> AuthMonitor */
- /*
- * The AUTH session's connection secret: encrypted with the AUTH
- * ticket session key
- */
- #define CEPHX_KEY_USAGE_AUTH_CONNECTION_SECRET 0x03
- /*
- * The ticket's blob for the client ("blob for me", contains the
- * session key): encrypted with the client's secret key in case of
- * the AUTH ticket and the AUTH ticket session key in case of other
- * service tickets
- */
- #define CEPHX_KEY_USAGE_TICKET_SESSION_KEY 0x04
- /*
- * The ticket's blob for the service (ceph_x_ticket_blob): possibly
- * encrypted with the old AUTH ticket session key in case of the AUTH
- * ticket and not encrypted in case of other service tickets
- */
- #define CEPHX_KEY_USAGE_TICKET_BLOB 0x05
- /* Client <-> Service */
- /*
- * The client's authorization request (ceph_x_authorize_b):
- * encrypted with the service ticket session key
- */
- #define CEPHX_KEY_USAGE_AUTHORIZE 0x10
- /*
- * The service's challenge (ceph_x_authorize_challenge):
- * encrypted with the service ticket session key
- */
- #define CEPHX_KEY_USAGE_AUTHORIZE_CHALLENGE 0x11
- /*
- * The service's final reply (ceph_x_authorize_reply + the service
- * session's connection secret): encrypted with the service ticket
- * session key
- */
- #define CEPHX_KEY_USAGE_AUTHORIZE_REPLY 0x12
- /* common bits */
- struct ceph_x_ticket_blob {
- __u8 struct_v;
- __le64 secret_id;
- __le32 blob_len;
- char blob[];
- } __attribute__ ((packed));
- /* common request/reply headers */
- struct ceph_x_request_header {
- __le16 op;
- } __attribute__ ((packed));
- struct ceph_x_reply_header {
- __le16 op;
- __le32 result;
- } __attribute__ ((packed));
- /* authenticate handshake */
- /* initial hello (no reply header) */
- struct ceph_x_server_challenge {
- __u8 struct_v;
- __le64 server_challenge;
- } __attribute__ ((packed));
- struct ceph_x_authenticate {
- __u8 struct_v;
- __le64 client_challenge;
- __le64 key;
- /* old_ticket blob */
- /* nautilus+: other_keys */
- } __attribute__ ((packed));
- struct ceph_x_service_ticket_request {
- __u8 struct_v;
- __le32 keys;
- } __attribute__ ((packed));
- struct ceph_x_challenge_blob {
- __le64 server_challenge;
- __le64 client_challenge;
- } __attribute__ ((packed));
- /* authorize handshake */
- /*
- * The authorizer consists of two pieces:
- * a - service id, ticket blob
- * b - encrypted with session key
- */
- struct ceph_x_authorize_a {
- __u8 struct_v;
- __le64 global_id;
- __le32 service_id;
- struct ceph_x_ticket_blob ticket_blob;
- } __attribute__ ((packed));
- struct ceph_x_authorize_b {
- __u8 struct_v;
- __le64 nonce;
- __u8 have_challenge;
- __le64 server_challenge_plus_one;
- } __attribute__ ((packed));
- struct ceph_x_authorize_challenge {
- __u8 struct_v;
- __le64 server_challenge;
- } __attribute__ ((packed));
- struct ceph_x_authorize_reply {
- __u8 struct_v;
- __le64 nonce_plus_one;
- } __attribute__ ((packed));
- /*
- * encryption bundle
- */
- #define CEPHX_ENC_MAGIC 0xff009cad8826aa55ull
- struct ceph_x_encrypt_header {
- __u8 struct_v;
- __le64 magic;
- } __attribute__ ((packed));
- #endif
|