Contributors: 4
Author Tokens Token Proportion Commits Commit Proportion
Sage Weil 247 85.17% 1 16.67%
Ilya Dryomov 41 14.14% 3 50.00%
Zheng Yongjun 1 0.34% 1 16.67%
Greg Kroah-Hartman 1 0.34% 1 16.67%
Total 290 6 


/* SPDX-License-Identifier: GPL-2.0 */
#ifndef __FS_CEPH_AUTH_X_PROTOCOL
#define __FS_CEPH_AUTH_X_PROTOCOL

#define CEPHX_GET_AUTH_SESSION_KEY      0x0100
#define CEPHX_GET_PRINCIPAL_SESSION_KEY 0x0200
#define CEPHX_GET_ROTATING_KEY          0x0400

/* Client <-> AuthMonitor */
/*
 * The AUTH session's connection secret: encrypted with the AUTH
 * ticket session key
 */
#define CEPHX_KEY_USAGE_AUTH_CONNECTION_SECRET	0x03
/*
 * The ticket's blob for the client ("blob for me", contains the
 * session key): encrypted with the client's secret key in case of
 * the AUTH ticket and the AUTH ticket session key in case of other
 * service tickets
 */
#define CEPHX_KEY_USAGE_TICKET_SESSION_KEY	0x04
/*
 * The ticket's blob for the service (ceph_x_ticket_blob): possibly
 * encrypted with the old AUTH ticket session key in case of the AUTH
 * ticket and not encrypted in case of other service tickets
 */
#define CEPHX_KEY_USAGE_TICKET_BLOB		0x05

/* Client <-> Service */
/*
 * The client's authorization request (ceph_x_authorize_b):
 * encrypted with the service ticket session key
 */
#define CEPHX_KEY_USAGE_AUTHORIZE		0x10
/*
 * The service's challenge (ceph_x_authorize_challenge):
 * encrypted with the service ticket session key
 */
#define CEPHX_KEY_USAGE_AUTHORIZE_CHALLENGE	0x11
/*
 * The service's final reply (ceph_x_authorize_reply + the service
 * session's connection secret): encrypted with the service ticket
 * session key
 */
#define CEPHX_KEY_USAGE_AUTHORIZE_REPLY		0x12

/* common bits */
struct ceph_x_ticket_blob {
	__u8 struct_v;
	__le64 secret_id;
	__le32 blob_len;
	char blob[];
} __attribute__ ((packed));


/* common request/reply headers */
struct ceph_x_request_header {
	__le16 op;
} __attribute__ ((packed));

struct ceph_x_reply_header {
	__le16 op;
	__le32 result;
} __attribute__ ((packed));


/* authenticate handshake */

/* initial hello (no reply header) */
struct ceph_x_server_challenge {
	__u8 struct_v;
	__le64 server_challenge;
} __attribute__ ((packed));

struct ceph_x_authenticate {
	__u8 struct_v;
	__le64 client_challenge;
	__le64 key;
	/* old_ticket blob */
	/* nautilus+: other_keys */
} __attribute__ ((packed));

struct ceph_x_service_ticket_request {
	__u8 struct_v;
	__le32 keys;
} __attribute__ ((packed));

struct ceph_x_challenge_blob {
	__le64 server_challenge;
	__le64 client_challenge;
} __attribute__ ((packed));



/* authorize handshake */

/*
 * The authorizer consists of two pieces:
 *  a - service id, ticket blob
 *  b - encrypted with session key
 */
struct ceph_x_authorize_a {
	__u8 struct_v;
	__le64 global_id;
	__le32 service_id;
	struct ceph_x_ticket_blob ticket_blob;
} __attribute__ ((packed));

struct ceph_x_authorize_b {
	__u8 struct_v;
	__le64 nonce;
	__u8 have_challenge;
	__le64 server_challenge_plus_one;
} __attribute__ ((packed));

struct ceph_x_authorize_challenge {
	__u8 struct_v;
	__le64 server_challenge;
} __attribute__ ((packed));

struct ceph_x_authorize_reply {
	__u8 struct_v;
	__le64 nonce_plus_one;
} __attribute__ ((packed));


/*
 * encryption bundle
 */
#define CEPHX_ENC_MAGIC 0xff009cad8826aa55ull

struct ceph_x_encrypt_header {
	__u8 struct_v;
	__le64 magic;
} __attribute__ ((packed));

#endif