1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0 */ 2*4882a593Smuzhiyun #ifndef __FS_CEPH_AUTH_X_PROTOCOL 3*4882a593Smuzhiyun #define __FS_CEPH_AUTH_X_PROTOCOL 4*4882a593Smuzhiyun 5*4882a593Smuzhiyun #define CEPHX_GET_AUTH_SESSION_KEY 0x0100 6*4882a593Smuzhiyun #define CEPHX_GET_PRINCIPAL_SESSION_KEY 0x0200 7*4882a593Smuzhiyun #define CEPHX_GET_ROTATING_KEY 0x0400 8*4882a593Smuzhiyun 9*4882a593Smuzhiyun /* common bits */ 10*4882a593Smuzhiyun struct ceph_x_ticket_blob { 11*4882a593Smuzhiyun __u8 struct_v; 12*4882a593Smuzhiyun __le64 secret_id; 13*4882a593Smuzhiyun __le32 blob_len; 14*4882a593Smuzhiyun char blob[]; 15*4882a593Smuzhiyun } __attribute__ ((packed)); 16*4882a593Smuzhiyun 17*4882a593Smuzhiyun 18*4882a593Smuzhiyun /* common request/reply headers */ 19*4882a593Smuzhiyun struct ceph_x_request_header { 20*4882a593Smuzhiyun __le16 op; 21*4882a593Smuzhiyun } __attribute__ ((packed)); 22*4882a593Smuzhiyun 23*4882a593Smuzhiyun struct ceph_x_reply_header { 24*4882a593Smuzhiyun __le16 op; 25*4882a593Smuzhiyun __le32 result; 26*4882a593Smuzhiyun } __attribute__ ((packed)); 27*4882a593Smuzhiyun 28*4882a593Smuzhiyun 29*4882a593Smuzhiyun /* authenticate handshake */ 30*4882a593Smuzhiyun 31*4882a593Smuzhiyun /* initial hello (no reply header) */ 32*4882a593Smuzhiyun struct ceph_x_server_challenge { 33*4882a593Smuzhiyun __u8 struct_v; 34*4882a593Smuzhiyun __le64 server_challenge; 35*4882a593Smuzhiyun } __attribute__ ((packed)); 36*4882a593Smuzhiyun 37*4882a593Smuzhiyun struct ceph_x_authenticate { 38*4882a593Smuzhiyun __u8 struct_v; 39*4882a593Smuzhiyun __le64 client_challenge; 40*4882a593Smuzhiyun __le64 key; 41*4882a593Smuzhiyun /* ticket blob */ 42*4882a593Smuzhiyun } __attribute__ ((packed)); 43*4882a593Smuzhiyun 44*4882a593Smuzhiyun struct ceph_x_service_ticket_request { 45*4882a593Smuzhiyun __u8 struct_v; 46*4882a593Smuzhiyun __le32 keys; 47*4882a593Smuzhiyun } __attribute__ ((packed)); 48*4882a593Smuzhiyun 49*4882a593Smuzhiyun struct ceph_x_challenge_blob { 50*4882a593Smuzhiyun __le64 server_challenge; 51*4882a593Smuzhiyun __le64 client_challenge; 52*4882a593Smuzhiyun } __attribute__ ((packed)); 53*4882a593Smuzhiyun 54*4882a593Smuzhiyun 55*4882a593Smuzhiyun 56*4882a593Smuzhiyun /* authorize handshake */ 57*4882a593Smuzhiyun 58*4882a593Smuzhiyun /* 59*4882a593Smuzhiyun * The authorizer consists of two pieces: 60*4882a593Smuzhiyun * a - service id, ticket blob 61*4882a593Smuzhiyun * b - encrypted with session key 62*4882a593Smuzhiyun */ 63*4882a593Smuzhiyun struct ceph_x_authorize_a { 64*4882a593Smuzhiyun __u8 struct_v; 65*4882a593Smuzhiyun __le64 global_id; 66*4882a593Smuzhiyun __le32 service_id; 67*4882a593Smuzhiyun struct ceph_x_ticket_blob ticket_blob; 68*4882a593Smuzhiyun } __attribute__ ((packed)); 69*4882a593Smuzhiyun 70*4882a593Smuzhiyun struct ceph_x_authorize_b { 71*4882a593Smuzhiyun __u8 struct_v; 72*4882a593Smuzhiyun __le64 nonce; 73*4882a593Smuzhiyun __u8 have_challenge; 74*4882a593Smuzhiyun __le64 server_challenge_plus_one; 75*4882a593Smuzhiyun } __attribute__ ((packed)); 76*4882a593Smuzhiyun 77*4882a593Smuzhiyun struct ceph_x_authorize_challenge { 78*4882a593Smuzhiyun __u8 struct_v; 79*4882a593Smuzhiyun __le64 server_challenge; 80*4882a593Smuzhiyun } __attribute__ ((packed)); 81*4882a593Smuzhiyun 82*4882a593Smuzhiyun struct ceph_x_authorize_reply { 83*4882a593Smuzhiyun __u8 struct_v; 84*4882a593Smuzhiyun __le64 nonce_plus_one; 85*4882a593Smuzhiyun } __attribute__ ((packed)); 86*4882a593Smuzhiyun 87*4882a593Smuzhiyun 88*4882a593Smuzhiyun /* 89*4882a593Smuzhiyun * encyption bundle 90*4882a593Smuzhiyun */ 91*4882a593Smuzhiyun #define CEPHX_ENC_MAGIC 0xff009cad8826aa55ull 92*4882a593Smuzhiyun 93*4882a593Smuzhiyun struct ceph_x_encrypt_header { 94*4882a593Smuzhiyun __u8 struct_v; 95*4882a593Smuzhiyun __le64 magic; 96*4882a593Smuzhiyun } __attribute__ ((packed)); 97*4882a593Smuzhiyun 98*4882a593Smuzhiyun #endif 99