xref: /illumos-gate/usr/src/uts/common/smbsrv/smb_kcrypt.h (revision 1bff1300cebf1ea8e11ce928b10e208097e67f24)
1 /*
2  * This file and its contents are supplied under the terms of the
3  * Common Development and Distribution License ("CDDL"), version 1.0.
4  * You may only use this file in accordance with the terms of version
5  * 1.0 of the CDDL.
6  *
7  * A full copy of the text of the CDDL should have accompanied this
8  * source.  A copy of the CDDL is also available via the Internet at
9  * http://www.illumos.org/license/CDDL.
10  */
11 
12 /*
13  * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
14  */
15 
16 #ifndef _SMB_KCRYPT_H_
17 #define	_SMB_KCRYPT_H_
18 
19 /*
20  * SMB signing routines used in {smb,smb2}_signing.c
21  * Two implementations of these (kernel/user) in:
22  *	uts/common/fs/smbsrv/smb_sign_kcf.c
23  *	lib/smbsrv/libfksmbsrv/common/fksmb_sign_pkcs.c
24  */
25 
26 #ifdef	_KERNEL
27 #include <sys/crypto/api.h>
28 #else
29 #include <security/cryptoki.h>
30 #include <security/pkcs11.h>
31 #endif
32 
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36 
37 #define	MD5_DIGEST_LENGTH	16	/* MD5 digest length in bytes */
38 #define	SHA256_DIGEST_LENGTH	32	/* SHA256 digest length in bytes */
39 #define	SMB2_SIG_SIZE		16
40 #define	SMB2_KEYLEN		16
41 #define	SMB3_KEYLEN		16	/* AES-128 keys */
42 
43 #ifdef	_KERNEL
44 /* KCF variant */
45 typedef crypto_mechanism_t	smb_crypto_mech_t;
46 typedef crypto_context_t	smb_sign_ctx_t;
47 typedef struct smb3_enc_ctx {
48 	crypto_context_t ctx;
49 	crypto_data_t output;
50 	size_t len;
51 } smb3_enc_ctx_t;
52 typedef CK_AES_CCM_PARAMS	smb3_crypto_param_t;
53 #else	/* _KERNEL */
54 /* PKCS11 variant */
55 typedef CK_MECHANISM		smb_crypto_mech_t;
56 typedef CK_SESSION_HANDLE	smb_sign_ctx_t;
57 typedef struct smb_enc_ctx {
58 	CK_SESSION_HANDLE ctx;
59 	uint8_t *output;
60 	CK_ULONG len;
61 } smb3_enc_ctx_t;
62 /*
63  * CCM in PKCS has not been implemented.
64  * We just need an opaque type with space to refer to.
65  */
66 typedef struct pkcs_ccm_param {
67 	uint8_t buf[100];
68 } smb3_crypto_param_t;
69 #endif	/* _KERNEL */
70 
71 /*
72  * SMB signing routines used in smb_signing.c
73  */
74 int smb_md5_getmech(smb_crypto_mech_t *);
75 int smb_md5_init(smb_sign_ctx_t *, smb_crypto_mech_t *);
76 int smb_md5_update(smb_sign_ctx_t, void *, size_t);
77 int smb_md5_final(smb_sign_ctx_t, uint8_t *);
78 
79 /*
80  * SMB2/3 signing routines used in smb2_signing.c
81  * Two implementations of these (kernel/user) in:
82  *	uts/common/fs/smbsrv/smb2_sign_kcf.c
83  *	lib/smbsrv/libfksmbsrv/common/fksmb_sign_pkcs.c
84  */
85 
86 int smb2_hmac_getmech(smb_crypto_mech_t *);
87 int smb2_hmac_init(smb_sign_ctx_t *, smb_crypto_mech_t *, uint8_t *, size_t);
88 int smb2_hmac_update(smb_sign_ctx_t, uint8_t *, size_t);
89 int smb2_hmac_final(smb_sign_ctx_t, uint8_t *);
90 
91 int smb3_cmac_getmech(smb_crypto_mech_t *);
92 int smb3_cmac_init(smb_sign_ctx_t *, smb_crypto_mech_t *, uint8_t *, size_t);
93 int smb3_cmac_update(smb_sign_ctx_t, uint8_t *, size_t);
94 int smb3_cmac_final(smb_sign_ctx_t, uint8_t *);
95 
96 int smb3_do_kdf(void *, void *, size_t, uint8_t *, uint32_t);
97 
98 int smb3_encrypt_getmech(smb_crypto_mech_t *);
99 void smb3_crypto_init_param(smb3_crypto_param_t *, uint8_t *, size_t,
100     uint8_t *, size_t, size_t);
101 
102 int smb3_encrypt_init(smb3_enc_ctx_t *, smb_crypto_mech_t *,
103     smb3_crypto_param_t *, uint8_t *, size_t, uint8_t *, size_t);
104 int smb3_encrypt_update(smb3_enc_ctx_t *, uint8_t *, size_t);
105 int smb3_encrypt_final(smb3_enc_ctx_t *, uint8_t *);
106 void smb3_encrypt_cancel(smb3_enc_ctx_t *);
107 
108 int smb3_decrypt_init(smb3_enc_ctx_t *, smb_crypto_mech_t *,
109     smb3_crypto_param_t *, uint8_t *, size_t);
110 int smb3_decrypt_update(smb3_enc_ctx_t *, uint8_t *, size_t);
111 int smb3_decrypt_final(smb3_enc_ctx_t *, uint8_t *, size_t);
112 
113 #ifdef	__cplusplus
114 }
115 #endif
116 
117 #endif /* _SMB_KCRYPT_H_ */
118