xref: /illumos-gate/usr/src/uts/common/fs/smbclnt/netsmb/nsmb_kcrypt.h (revision 48e11a6ea0245c522078ddb86a73f16c8c28b949) 
1 /*
2  * This file and its contents are supplied under the terms of the
3  * Common Development and Distribution License ("CDDL"), version 1.0.
4  * You may only use this file in accordance with the terms of version
5  * 1.0 of the CDDL.
6  *
7  * A full copy of the text of the CDDL should have accompanied this
8  * source.  A copy of the CDDL is also available via the Internet at
9  * http://www.illumos.org/license/CDDL.
10  */
11 
12 /*
13  * Copyright 2017-2021 Tintri by DDN, Inc. All rights reserved.
14  * Copyright 2022-2024 RackTop Systems, Inc.
15  */
16 
17 #ifndef _NSMB_KCRYPT_H_
18 #define	_NSMB_KCRYPT_H_
19 
20 /*
21  * SMB crypto routines used in signing and encryption.
22  * Two implementations of these (kernel/user) in:
23  *	uts/common/fs/smbclient/netsmb/nsmb_*_kcf.c
24  *	lib/smbclnt/libfknsmb/common/fksmb_*_pkcs.c
25  *
26  * Might want to later factor these out from client and server,
27  * but that severely amplifies the test burden when working on
28  * either one, so keeping them separate for now.  Do try to keep
29  * the *_kcrypt.h structs consistent between this and smbsrv.
30  */
31 
32 #ifdef	_KERNEL
33 #include <sys/crypto/api.h>
34 #else
35 #include <security/cryptoki.h>
36 #include <security/pkcs11.h>
37 #endif
38 #include <sys/stream.h>
39 #include <sys/uio.h>
40 
41 #ifdef __cplusplus
42 extern "C" {
43 #endif
44 
45 #define	MD5_DIGEST_LENGTH	16	/* MD5 digest length in bytes */
46 #define	SHA256_DIGEST_LENGTH	32	/* SHA256 digest length in bytes */
47 #define	SHA512_DIGEST_LENGTH	64	/* SHA512 digest length in bytes */
48 #define	SMB2_SIG_SIZE		16
49 #define	SMB2_KEYLEN		16	/* SMB2/3 Signing Key length */
50 #define	SMB3_KEYLEN		16	/* Only AES128 for now */
51 
52 #define	SMB3_AES_CCM_NONCE_SIZE	11
53 #define	SMB3_AES_GCM_NONCE_SIZE	12
54 
55 #ifdef	_KERNEL
56 
57 /* KCF variant */
58 typedef crypto_mechanism_t	smb_crypto_mech_t;
59 typedef crypto_context_t	smb_sign_ctx_t;
60 
61 typedef union {
62 	CK_AES_CCM_PARAMS	ccm;
63 	CK_AES_GCM_PARAMS	gcm;
64 	ulong_t			hmac;
65 	CK_AES_GMAC_PARAMS	gmac;
66 } smb_crypto_param_t;
67 
68 typedef struct smb_enc_ctx {
69 	smb_crypto_mech_t mech;
70 	smb_crypto_param_t param;
71 	crypto_key_t ckey;
72 	crypto_context_t ctx;
73 } smb_enc_ctx_t;
74 
75 #else	/* _KERNEL */
76 
77 /* PKCS11 variant */
78 typedef CK_MECHANISM		smb_crypto_mech_t;
79 typedef CK_SESSION_HANDLE	smb_sign_ctx_t;
80 
81 typedef union {
82 	CK_CCM_PARAMS		ccm;
83 	CK_GCM_PARAMS		gcm;
84 	CK_MAC_GENERAL_PARAMS	hmac;
85 } smb_crypto_param_t;
86 
87 typedef struct smb_enc_ctx {
88 	smb_crypto_mech_t mech;
89 	smb_crypto_param_t param;
90 	CK_OBJECT_HANDLE key;
91 	CK_SESSION_HANDLE ctx;
92 } smb_enc_ctx_t;
93 
94 #endif	/* _KERNEL */
95 
96 /*
97  * SMB signing routines used in smb_signing.c
98  */
99 int nsmb_md5_getmech(smb_crypto_mech_t *);
100 int nsmb_md5_init(smb_sign_ctx_t *, smb_crypto_mech_t *);
101 int nsmb_md5_update(smb_sign_ctx_t, void *, size_t);
102 int nsmb_md5_final(smb_sign_ctx_t, uint8_t *);
103 
104 /*
105  * SMB2/3 signing routines used in smb2_signing.c
106  * Two implementations of these (kernel/user) in:
107  *	uts/common/fs/smbsrv/smb2_sign_kcf.c
108  *	lib/smbsrv/libfksmbsrv/common/fksmb_sign_pkcs.c
109  */
110 
111 int nsmb_hmac_getmech(smb_crypto_mech_t *);
112 int nsmb_hmac_init(smb_sign_ctx_t *, smb_crypto_mech_t *, uint8_t *, size_t);
113 int nsmb_hmac_update(smb_sign_ctx_t, uint8_t *, size_t);
114 int nsmb_hmac_final(smb_sign_ctx_t, uint8_t *);
115 
116 int nsmb_hmac_one(smb_crypto_mech_t *mech, uint8_t *key, size_t key_len,
117     uint8_t *data, size_t data_len, uint8_t *mac, size_t mac_len);
118 
119 int nsmb_cmac_getmech(smb_crypto_mech_t *);
120 int nsmb_cmac_init(smb_sign_ctx_t *, smb_crypto_mech_t *, uint8_t *, size_t);
121 int nsmb_cmac_update(smb_sign_ctx_t, uint8_t *, size_t);
122 int nsmb_cmac_final(smb_sign_ctx_t, uint8_t *);
123 
124 int nsmb_kdf(uint8_t *outbuf, uint32_t outbuf_len,
125     uint8_t *key, size_t key_len,
126     uint8_t *label, size_t label_len,
127     uint8_t *context, size_t context_len);
128 
129 int nsmb_aes_ccm_getmech(smb_crypto_mech_t *);
130 int nsmb_aes_gcm_getmech(smb_crypto_mech_t *);
131 void nsmb_crypto_init_ccm_param(smb_enc_ctx_t *,
132     uint8_t *, size_t, uint8_t *, size_t, size_t);
133 void nsmb_crypto_init_gcm_param(smb_enc_ctx_t *,
134     uint8_t *, size_t, uint8_t *, size_t);
135 
136 int nsmb_encrypt_init(smb_enc_ctx_t *, uint8_t *, size_t);
137 int nsmb_encrypt_mblks(smb_enc_ctx_t *, mblk_t *, size_t);
138 int nsmb_encrypt_uio(smb_enc_ctx_t *, uio_t *, uio_t *);
139 void nsmb_enc_ctx_done(smb_enc_ctx_t *);
140 
141 int nsmb_decrypt_init(smb_enc_ctx_t *, uint8_t *, size_t);
142 int nsmb_decrypt_mblks(smb_enc_ctx_t *, mblk_t *, size_t);
143 int nsmb_decrypt_uio(smb_enc_ctx_t *, uio_t *, uio_t *);
144 
145 #ifdef	__cplusplus
146 }
147 #endif
148 
149 #endif /* _NSMB_KCRYPT_H_ */
150