1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef __FS_CEPH_AUTH_X_PROTOCOL 3 #define __FS_CEPH_AUTH_X_PROTOCOL 4 5 #define CEPHX_GET_AUTH_SESSION_KEY 0x0100 6 #define CEPHX_GET_PRINCIPAL_SESSION_KEY 0x0200 7 #define CEPHX_GET_ROTATING_KEY 0x0400 8 9 /* common bits */ 10 struct ceph_x_ticket_blob { 11 __u8 struct_v; 12 __le64 secret_id; 13 __le32 blob_len; 14 char blob[]; 15 } __attribute__ ((packed)); 16 17 18 /* common request/reply headers */ 19 struct ceph_x_request_header { 20 __le16 op; 21 } __attribute__ ((packed)); 22 23 struct ceph_x_reply_header { 24 __le16 op; 25 __le32 result; 26 } __attribute__ ((packed)); 27 28 29 /* authenticate handshake */ 30 31 /* initial hello (no reply header) */ 32 struct ceph_x_server_challenge { 33 __u8 struct_v; 34 __le64 server_challenge; 35 } __attribute__ ((packed)); 36 37 struct ceph_x_authenticate { 38 __u8 struct_v; 39 __le64 client_challenge; 40 __le64 key; 41 /* ticket blob */ 42 } __attribute__ ((packed)); 43 44 struct ceph_x_service_ticket_request { 45 __u8 struct_v; 46 __le32 keys; 47 } __attribute__ ((packed)); 48 49 struct ceph_x_challenge_blob { 50 __le64 server_challenge; 51 __le64 client_challenge; 52 } __attribute__ ((packed)); 53 54 55 56 /* authorize handshake */ 57 58 /* 59 * The authorizer consists of two pieces: 60 * a - service id, ticket blob 61 * b - encrypted with session key 62 */ 63 struct ceph_x_authorize_a { 64 __u8 struct_v; 65 __le64 global_id; 66 __le32 service_id; 67 struct ceph_x_ticket_blob ticket_blob; 68 } __attribute__ ((packed)); 69 70 struct ceph_x_authorize_b { 71 __u8 struct_v; 72 __le64 nonce; 73 } __attribute__ ((packed)); 74 75 struct ceph_x_authorize_reply { 76 __u8 struct_v; 77 __le64 nonce_plus_one; 78 } __attribute__ ((packed)); 79 80 81 /* 82 * encyption bundle 83 */ 84 #define CEPHX_ENC_MAGIC 0xff009cad8826aa55ull 85 86 struct ceph_x_encrypt_header { 87 __u8 struct_v; 88 __le64 magic; 89 } __attribute__ ((packed)); 90 91 #endif 92