xref: /illumos-gate/usr/src/uts/common/smbsrv/smb_kcrypt.h (revision f73e1ebf60792a8bdb2d559097c3131b68c09318)
1 /*
2  * This file and its contents are supplied under the terms of the
3  * Common Development and Distribution License ("CDDL"), version 1.0.
4  * You may only use this file in accordance with the terms of version
5  * 1.0 of the CDDL.
6  *
7  * A full copy of the text of the CDDL should have accompanied this
8  * source.  A copy of the CDDL is also available via the Internet at
9  * http://www.illumos.org/license/CDDL.
10  */
11 
12 /*
13  * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
14  * Copyright 2020 RackTop Systems, Inc.
15  */
16 
17 #ifndef _SMB_KCRYPT_H_
18 #define	_SMB_KCRYPT_H_
19 
20 /*
21  * SMB signing routines used in {smb,smb2}_signing.c
22  * Two implementations of these (kernel/user) in:
23  *	uts/common/fs/smbsrv/smb_sign_kcf.c
24  *	lib/smbsrv/libfksmbsrv/common/fksmb_sign_pkcs.c
25  */
26 
27 #ifdef	_KERNEL
28 #include <sys/crypto/api.h>
29 #else
30 #include <security/cryptoki.h>
31 #include <security/pkcs11.h>
32 #endif
33 
34 #ifdef __cplusplus
35 extern "C" {
36 #endif
37 
38 #define	MD5_DIGEST_LENGTH	16	/* MD5 digest length in bytes */
39 #define	SHA256_DIGEST_LENGTH	32	/* SHA256 digest length in bytes */
40 #define	SHA512_DIGEST_LENGTH	64	/* SHA512 digest length in bytes */
41 #define	SMB2_SIG_SIZE		16
42 #define	SMB2_KEYLEN		16
43 #define	SMB3_KEYLEN		16	/* AES-128 keys */
44 
45 #ifdef	_KERNEL
46 /* KCF variant */
47 typedef crypto_mechanism_t	smb_crypto_mech_t;
48 typedef crypto_context_t	smb_sign_ctx_t;
49 typedef struct smb3_enc_ctx {
50 	crypto_context_t ctx;
51 	crypto_data_t output;
52 	size_t len;
53 } smb3_enc_ctx_t;
54 
55 typedef union {
56 	CK_AES_CCM_PARAMS	ccm;
57 	CK_AES_GCM_PARAMS	gcm;
58 } smb3_crypto_param_t;
59 
60 #else	/* _KERNEL */
61 /* PKCS11 variant */
62 typedef CK_MECHANISM		smb_crypto_mech_t;
63 typedef CK_SESSION_HANDLE	smb_sign_ctx_t;
64 typedef struct smb_enc_ctx {
65 	CK_SESSION_HANDLE ctx;
66 	uint8_t *output;
67 	CK_ULONG len;
68 } smb3_enc_ctx_t;
69 /*
70  * CCM in PKCS has not been implemented.
71  * We just need an opaque type with space to refer to.
72  */
73 typedef struct pkcs_ccm_param {
74 	uint8_t buf[100];
75 } smb3_crypto_param_t;
76 #endif	/* _KERNEL */
77 
78 /*
79  * SMB signing routines used in smb_signing.c
80  */
81 int smb_md5_getmech(smb_crypto_mech_t *);
82 int smb_md5_init(smb_sign_ctx_t *, smb_crypto_mech_t *);
83 int smb_md5_update(smb_sign_ctx_t, void *, size_t);
84 int smb_md5_final(smb_sign_ctx_t, uint8_t *);
85 
86 /*
87  * SMB2/3 signing routines used in smb2_signing.c
88  * Two implementations of these (kernel/user) in:
89  *	uts/common/fs/smbsrv/smb2_sign_kcf.c
90  *	lib/smbsrv/libfksmbsrv/common/fksmb_sign_pkcs.c
91  */
92 
93 int smb2_hmac_getmech(smb_crypto_mech_t *);
94 int smb2_hmac_init(smb_sign_ctx_t *, smb_crypto_mech_t *, uint8_t *, size_t);
95 int smb2_hmac_update(smb_sign_ctx_t, uint8_t *, size_t);
96 int smb2_hmac_final(smb_sign_ctx_t, uint8_t *);
97 
98 int smb3_cmac_getmech(smb_crypto_mech_t *);
99 int smb3_cmac_init(smb_sign_ctx_t *, smb_crypto_mech_t *, uint8_t *, size_t);
100 int smb3_cmac_update(smb_sign_ctx_t, uint8_t *, size_t);
101 int smb3_cmac_final(smb_sign_ctx_t, uint8_t *);
102 
103 int smb3_kdf(uint8_t *outbuf, uint8_t *key, size_t key_len,
104     uint8_t *label, size_t label_len,
105     uint8_t *context, size_t context_len);
106 
107 int smb3_aes_ccm_getmech(smb_crypto_mech_t *);
108 int smb3_aes_gcm_getmech(smb_crypto_mech_t *);
109 void smb3_crypto_init_ccm_param(smb3_crypto_param_t *, uint8_t *, size_t,
110     uint8_t *, size_t, size_t);
111 void smb3_crypto_init_gcm_param(smb3_crypto_param_t *, uint8_t *, size_t,
112     uint8_t *, size_t);
113 
114 int smb3_encrypt_init(smb3_enc_ctx_t *, smb_crypto_mech_t *,
115     smb3_crypto_param_t *, uint8_t *, size_t, uint8_t *, size_t);
116 int smb3_encrypt_update(smb3_enc_ctx_t *, uint8_t *, size_t);
117 int smb3_encrypt_final(smb3_enc_ctx_t *, uint8_t *);
118 void smb3_encrypt_cancel(smb3_enc_ctx_t *);
119 
120 int smb3_decrypt_init(smb3_enc_ctx_t *, smb_crypto_mech_t *,
121     smb3_crypto_param_t *, uint8_t *, size_t);
122 int smb3_decrypt_update(smb3_enc_ctx_t *, uint8_t *, size_t);
123 int smb3_decrypt_final(smb3_enc_ctx_t *, uint8_t *, size_t);
124 
125 #ifdef	__cplusplus
126 }
127 #endif
128 
129 #endif /* _SMB_KCRYPT_H_ */
130