auth.h - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
auth.h (6750B)
      1/* SPDX-License-Identifier: GPL-2.0 */
      2#ifndef _FS_CEPH_AUTH_H
      3#define _FS_CEPH_AUTH_H
      4
      5#include <linux/ceph/types.h>
      6#include <linux/ceph/buffer.h>
      7
      8/*
      9 * Abstract interface for communicating with the authenticate module.
     10 * There is some handshake that takes place between us and the monitor
     11 * to acquire the necessary keys.  These are used to generate an
     12 * 'authorizer' that we use when connecting to a service (mds, osd).
     13 */
     14
     15struct ceph_auth_client;
     16struct ceph_msg;
     17
     18struct ceph_authorizer {
     19	void (*destroy)(struct ceph_authorizer *);
     20};
     21
     22struct ceph_auth_handshake {
     23	struct ceph_authorizer *authorizer;
     24	void *authorizer_buf;
     25	size_t authorizer_buf_len;
     26	void *authorizer_reply_buf;
     27	size_t authorizer_reply_buf_len;
     28	int (*sign_message)(struct ceph_auth_handshake *auth,
     29			    struct ceph_msg *msg);
     30	int (*check_message_signature)(struct ceph_auth_handshake *auth,
     31				       struct ceph_msg *msg);
     32};
     33
     34struct ceph_auth_client_ops {
     35	/*
     36	 * true if we are authenticated and can connect to
     37	 * services.
     38	 */
     39	int (*is_authenticated)(struct ceph_auth_client *ac);
     40
     41	/*
     42	 * true if we should (re)authenticate, e.g., when our tickets
     43	 * are getting old and crusty.
     44	 */
     45	int (*should_authenticate)(struct ceph_auth_client *ac);
     46
     47	/*
     48	 * build requests and process replies during monitor
     49	 * handshake.  if handle_reply returns -EAGAIN, we build
     50	 * another request.
     51	 */
     52	int (*build_request)(struct ceph_auth_client *ac, void *buf, void *end);
     53	int (*handle_reply)(struct ceph_auth_client *ac, u64 global_id,
     54			    void *buf, void *end, u8 *session_key,
     55			    int *session_key_len, u8 *con_secret,
     56			    int *con_secret_len);
     57
     58	/*
     59	 * Create authorizer for connecting to a service, and verify
     60	 * the response to authenticate the service.
     61	 */
     62	int (*create_authorizer)(struct ceph_auth_client *ac, int peer_type,
     63				 struct ceph_auth_handshake *auth);
     64	/* ensure that an existing authorizer is up to date */
     65	int (*update_authorizer)(struct ceph_auth_client *ac, int peer_type,
     66				 struct ceph_auth_handshake *auth);
     67	int (*add_authorizer_challenge)(struct ceph_auth_client *ac,
     68					struct ceph_authorizer *a,
     69					void *challenge_buf,
     70					int challenge_buf_len);
     71	int (*verify_authorizer_reply)(struct ceph_auth_client *ac,
     72				       struct ceph_authorizer *a,
     73				       void *reply, int reply_len,
     74				       u8 *session_key, int *session_key_len,
     75				       u8 *con_secret, int *con_secret_len);
     76	void (*invalidate_authorizer)(struct ceph_auth_client *ac,
     77				      int peer_type);
     78
     79	/* reset when we (re)connect to a monitor */
     80	void (*reset)(struct ceph_auth_client *ac);
     81
     82	void (*destroy)(struct ceph_auth_client *ac);
     83
     84	int (*sign_message)(struct ceph_auth_handshake *auth,
     85			    struct ceph_msg *msg);
     86	int (*check_message_signature)(struct ceph_auth_handshake *auth,
     87				       struct ceph_msg *msg);
     88};
     89
     90struct ceph_auth_client {
     91	u32 protocol;           /* CEPH_AUTH_* */
     92	void *private;          /* for use by protocol implementation */
     93	const struct ceph_auth_client_ops *ops;  /* null iff protocol==0 */
     94
     95	bool negotiating;       /* true if negotiating protocol */
     96	const char *name;       /* entity name */
     97	u64 global_id;          /* our unique id in system */
     98	const struct ceph_crypto_key *key;     /* our secret key */
     99	unsigned want_keys;     /* which services we want */
    100
    101	int preferred_mode;	/* CEPH_CON_MODE_* */
    102	int fallback_mode;	/* ditto */
    103
    104	struct mutex mutex;
    105};
    106
    107void ceph_auth_set_global_id(struct ceph_auth_client *ac, u64 global_id);
    108
    109struct ceph_auth_client *ceph_auth_init(const char *name,
    110					const struct ceph_crypto_key *key,
    111					const int *con_modes);
    112extern void ceph_auth_destroy(struct ceph_auth_client *ac);
    113
    114extern void ceph_auth_reset(struct ceph_auth_client *ac);
    115
    116extern int ceph_auth_build_hello(struct ceph_auth_client *ac,
    117				 void *buf, size_t len);
    118extern int ceph_handle_auth_reply(struct ceph_auth_client *ac,
    119				  void *buf, size_t len,
    120				  void *reply_buf, size_t reply_len);
    121int ceph_auth_entity_name_encode(const char *name, void **p, void *end);
    122
    123extern int ceph_build_auth(struct ceph_auth_client *ac,
    124		    void *msg_buf, size_t msg_len);
    125extern int ceph_auth_is_authenticated(struct ceph_auth_client *ac);
    126
    127int __ceph_auth_get_authorizer(struct ceph_auth_client *ac,
    128			       struct ceph_auth_handshake *auth,
    129			       int peer_type, bool force_new,
    130			       int *proto, int *pref_mode, int *fallb_mode);
    131void ceph_auth_destroy_authorizer(struct ceph_authorizer *a);
    132int ceph_auth_add_authorizer_challenge(struct ceph_auth_client *ac,
    133				       struct ceph_authorizer *a,
    134				       void *challenge_buf,
    135				       int challenge_buf_len);
    136int ceph_auth_verify_authorizer_reply(struct ceph_auth_client *ac,
    137				      struct ceph_authorizer *a,
    138				      void *reply, int reply_len,
    139				      u8 *session_key, int *session_key_len,
    140				      u8 *con_secret, int *con_secret_len);
    141extern void ceph_auth_invalidate_authorizer(struct ceph_auth_client *ac,
    142					    int peer_type);
    143
    144static inline int ceph_auth_sign_message(struct ceph_auth_handshake *auth,
    145					 struct ceph_msg *msg)
    146{
    147	if (auth->sign_message)
    148		return auth->sign_message(auth, msg);
    149	return 0;
    150}
    151
    152static inline
    153int ceph_auth_check_message_signature(struct ceph_auth_handshake *auth,
    154				      struct ceph_msg *msg)
    155{
    156	if (auth->check_message_signature)
    157		return auth->check_message_signature(auth, msg);
    158	return 0;
    159}
    160
    161int ceph_auth_get_request(struct ceph_auth_client *ac, void *buf, int buf_len);
    162int ceph_auth_handle_reply_more(struct ceph_auth_client *ac, void *reply,
    163				int reply_len, void *buf, int buf_len);
    164int ceph_auth_handle_reply_done(struct ceph_auth_client *ac,
    165				u64 global_id, void *reply, int reply_len,
    166				u8 *session_key, int *session_key_len,
    167				u8 *con_secret, int *con_secret_len);
    168bool ceph_auth_handle_bad_method(struct ceph_auth_client *ac,
    169				 int used_proto, int result,
    170				 const int *allowed_protos, int proto_cnt,
    171				 const int *allowed_modes, int mode_cnt);
    172
    173int ceph_auth_get_authorizer(struct ceph_auth_client *ac,
    174			     struct ceph_auth_handshake *auth,
    175			     int peer_type, void *buf, int *buf_len);
    176int ceph_auth_handle_svc_reply_more(struct ceph_auth_client *ac,
    177				    struct ceph_auth_handshake *auth,
    178				    void *reply, int reply_len,
    179				    void *buf, int *buf_len);
    180int ceph_auth_handle_svc_reply_done(struct ceph_auth_client *ac,
    181				    struct ceph_auth_handshake *auth,
    182				    void *reply, int reply_len,
    183				    u8 *session_key, int *session_key_len,
    184				    u8 *con_secret, int *con_secret_len);
    185bool ceph_auth_handle_bad_authorizer(struct ceph_auth_client *ac,
    186				     int peer_type, int used_proto, int result,
    187				     const int *allowed_protos, int proto_cnt,
    188				     const int *allowed_modes, int mode_cnt);
    189
    190#endif