libceph: add support for CEPH_CRYPTO_AES256KRB5

This is based on AES256-CTS-HMAC384-192 crypto algorithm per RFC 8009 (i.e. Kerberos 5, hence the name) with custom-defined key usage numbers. The implementation allows a given key to have/be linked to between one and three usage numbers. The existing CEPH_CRYPTO_AES remains in place and unchanged. The usage_slot parameter that needed to be added to ceph_crypt() and its wrappers is simply ignored there. Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
author: Ilya Dryomov <idryomov@gmail.com> 2025-12-22 20:41:27 +0100
committer: Ilya Dryomov <idryomov@gmail.com> 2026-02-09 12:29:22 +0100
commit: b7cc142dbafeaf6c053284ca9121b9f70b6d6d06 (patch)
tree: db63504302b2f10d80af2ab73d9f06afecd98d83 /include/linux
parent: 6cec0b61aacce4da5125b21c718189f0dc11eb51 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/include/linux/ceph/ceph_fs.h b/include/linux/ceph/ceph_fs.h
index 08e5dbe15ca4..69ac3e55a3fe 100644
--- a/include/linux/ceph/ceph_fs.h
+++ b/include/linux/ceph/ceph_fs.h
@@ -89,8 +89,9 @@ struct ceph_dir_layout {
 } __attribute__ ((packed));
 
 /* crypto algorithms */
-#define CEPH_CRYPTO_NONE 0x0
-#define CEPH_CRYPTO_AES  0x1
+#define CEPH_CRYPTO_NONE       0x0
+#define CEPH_CRYPTO_AES        0x1
+#define CEPH_CRYPTO_AES256KRB5 0x2 /* AES256-CTS-HMAC384-192 */
 
 #define CEPH_AES_IV "cephsageyudagreg"
author	Ilya Dryomov <idryomov@gmail.com>	2025-12-22 20:41:27 +0100
committer	Ilya Dryomov <idryomov@gmail.com>	2026-02-09 12:29:22 +0100
commit	b7cc142dbafeaf6c053284ca9121b9f70b6d6d06 (patch)
tree	db63504302b2f10d80af2ab73d9f06afecd98d83 /include/linux
parent	6cec0b61aacce4da5125b21c718189f0dc11eb51 (diff)