1 /* 2 * This file and its contents are supplied under the terms of the 3 * Common Development and Distribution License ("CDDL"), version 1.0. 4 * You may only use this file in accordance with the terms of version 5 * 1.0 of the CDDL. 6 * 7 * A full copy of the text of the CDDL should have accompanied this 8 * source. A copy of the CDDL is also available via the Internet at 9 * http://www.illumos.org/license/CDDL. 10 */ 11 12 /* 13 * Copyright 2017-2021 Tintri by DDN, Inc. All rights reserved. 14 * Copyright 2022 RackTop Systems, Inc. 15 */ 16 17 #ifndef _SMB_KCRYPT_H_ 18 #define _SMB_KCRYPT_H_ 19 20 /* 21 * SMB signing routines used in {smb,smb2}_signing.c 22 * Two implementations of these (kernel/user) in: 23 * uts/common/fs/smbsrv/smb_sign_kcf.c 24 * lib/smbsrv/libfksmbsrv/common/fksmb_sign_pkcs.c 25 */ 26 27 #ifdef _KERNEL 28 #include <sys/crypto/api.h> 29 #else 30 #include <security/cryptoki.h> 31 #include <security/pkcs11.h> 32 #endif 33 #include <sys/uio.h> 34 35 #ifdef __cplusplus 36 extern "C" { 37 #endif 38 39 #define AES128_KEY_LENGTH 16 /* AES128 key length in bytes */ 40 #define AES256_KEY_LENGTH 32 /* AES256 key length in bytes */ 41 #define MD5_DIGEST_LENGTH 16 /* MD5 digest length in bytes */ 42 #define SHA256_DIGEST_LENGTH 32 /* SHA256 digest length in bytes */ 43 #define SHA512_DIGEST_LENGTH 64 /* SHA512 digest length in bytes */ 44 #define SMB2_SIG_SIZE 16 45 #define SMB2_KEYLEN 16 /* SMB2/3 Signing Key length */ 46 #define SMB2_SSN_KEYLEN 16 /* Max size of the SMB2 Session Key */ 47 48 #define SMB3_AES_CCM_NONCE_SIZE 11 49 #define SMB3_AES_GCM_NONCE_SIZE 12 50 51 #ifdef _KERNEL 52 53 /* KCF variant */ 54 typedef crypto_mechanism_t smb_crypto_mech_t; 55 typedef crypto_context_t smb_sign_ctx_t; 56 57 typedef union { 58 CK_AES_CCM_PARAMS ccm; 59 CK_AES_GCM_PARAMS gcm; 60 } smb_crypto_param_t; 61 62 typedef struct smb_enc_ctx { 63 smb_crypto_mech_t mech; 64 smb_crypto_param_t param; 65 crypto_key_t ckey; 66 crypto_context_t ctx; 67 /* crypto_ctx_template_t *TODO */ 68 } smb_enc_ctx_t; 69 70 #else /* _KERNEL */ 71 72 /* PKCS11 variant */ 73 typedef CK_MECHANISM smb_crypto_mech_t; 74 typedef CK_SESSION_HANDLE smb_sign_ctx_t; 75 76 typedef union { 77 CK_CCM_PARAMS ccm; 78 CK_GCM_PARAMS gcm; 79 } smb_crypto_param_t; 80 81 typedef struct smb_enc_ctx { 82 smb_crypto_mech_t mech; 83 smb_crypto_param_t param; 84 CK_OBJECT_HANDLE key; 85 CK_SESSION_HANDLE ctx; 86 } smb_enc_ctx_t; 87 88 #endif /* _KERNEL */ 89 90 /* 91 * SMB signing routines used in smb_signing.c 92 */ 93 int smb_md5_getmech(smb_crypto_mech_t *); 94 int smb_md5_init(smb_sign_ctx_t *, smb_crypto_mech_t *); 95 int smb_md5_update(smb_sign_ctx_t, void *, size_t); 96 int smb_md5_final(smb_sign_ctx_t, uint8_t *); 97 98 /* 99 * SMB2/3 signing routines used in smb2_signing.c 100 * Two implementations of these (kernel/user) in: 101 * uts/common/fs/smbsrv/smb2_sign_kcf.c 102 * lib/smbsrv/libfksmbsrv/common/fksmb_sign_pkcs.c 103 */ 104 105 int smb2_hmac_getmech(smb_crypto_mech_t *); 106 int smb2_hmac_init(smb_sign_ctx_t *, smb_crypto_mech_t *, uint8_t *, size_t); 107 int smb2_hmac_update(smb_sign_ctx_t, uint8_t *, size_t); 108 int smb2_hmac_final(smb_sign_ctx_t, uint8_t *); 109 110 int smb2_hmac_one(smb_crypto_mech_t *mech, uint8_t *key, size_t key_len, 111 uint8_t *data, size_t data_len, uint8_t *mac, size_t mac_len); 112 113 int smb3_cmac_getmech(smb_crypto_mech_t *); 114 int smb3_cmac_init(smb_sign_ctx_t *, smb_crypto_mech_t *, uint8_t *, size_t); 115 int smb3_cmac_update(smb_sign_ctx_t, uint8_t *, size_t); 116 int smb3_cmac_final(smb_sign_ctx_t, uint8_t *); 117 118 int smb3_kdf(uint8_t *outbuf, uint32_t outbuf_len, 119 uint8_t *key, size_t key_len, 120 uint8_t *label, size_t label_len, 121 uint8_t *context, size_t context_len); 122 123 int smb3_aes_ccm_getmech(smb_crypto_mech_t *); 124 int smb3_aes_gcm_getmech(smb_crypto_mech_t *); 125 void smb3_crypto_init_ccm_param(smb_enc_ctx_t *, 126 uint8_t *, size_t, uint8_t *, size_t, size_t); 127 void smb3_crypto_init_gcm_param(smb_enc_ctx_t *, 128 uint8_t *, size_t, uint8_t *, size_t); 129 130 int smb3_encrypt_init(smb_enc_ctx_t *, uint8_t *, size_t); 131 int smb3_encrypt_uio(smb_enc_ctx_t *, uio_t *, uio_t *); 132 void smb3_enc_ctx_done(smb_enc_ctx_t *); 133 134 int smb3_decrypt_init(smb_enc_ctx_t *, uint8_t *, size_t); 135 int smb3_decrypt_uio(smb_enc_ctx_t *, uio_t *, uio_t *); 136 137 #ifdef __cplusplus 138 } 139 #endif 140 141 #endif /* _SMB_KCRYPT_H_ */ 142