285ea34fc8
- request service tickets together with auth ticket. Currently we get auth ticket via CEPHX_GET_AUTH_SESSION_KEY op and then request service tickets via CEPHX_GET_PRINCIPAL_SESSION_KEY op in a separate message. Since nautilus, desired service tickets are shared togther with auth ticket in CEPHX_GET_AUTH_SESSION_KEY reply. - propagate session key and connection secret, if any. In preparation for msgr2, update handle_reply() and verify_authorizer_reply() auth ops to propagate session key and connection secret. Since nautilus, if secure mode is negotiated, connection secret is shared either in CEPHX_GET_AUTH_SESSION_KEY reply (for mons) or in a final authorizer reply (for osds and mdses). Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
40 lines
1.1 KiB
C
40 lines
1.1 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _FS_CEPH_CRYPTO_H
|
|
#define _FS_CEPH_CRYPTO_H
|
|
|
|
#include <linux/ceph/types.h>
|
|
#include <linux/ceph/buffer.h>
|
|
|
|
#define CEPH_KEY_LEN 16
|
|
#define CEPH_MAX_CON_SECRET_LEN 64
|
|
|
|
/*
|
|
* cryptographic secret
|
|
*/
|
|
struct ceph_crypto_key {
|
|
int type;
|
|
struct ceph_timespec created;
|
|
int len;
|
|
void *key;
|
|
struct crypto_sync_skcipher *tfm;
|
|
};
|
|
|
|
int ceph_crypto_key_clone(struct ceph_crypto_key *dst,
|
|
const struct ceph_crypto_key *src);
|
|
int ceph_crypto_key_encode(struct ceph_crypto_key *key, void **p, void *end);
|
|
int ceph_crypto_key_decode(struct ceph_crypto_key *key, void **p, void *end);
|
|
int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, const char *in);
|
|
void ceph_crypto_key_destroy(struct ceph_crypto_key *key);
|
|
|
|
/* crypto.c */
|
|
int ceph_crypt(const struct ceph_crypto_key *key, bool encrypt,
|
|
void *buf, int buf_len, int in_len, int *pout_len);
|
|
int ceph_crypto_init(void);
|
|
void ceph_crypto_shutdown(void);
|
|
|
|
/* armor.c */
|
|
int ceph_armor(char *dst, const char *src, const char *end);
|
|
int ceph_unarmor(char *dst, const char *src, const char *end);
|
|
|
|
#endif
|