1 /*
2  * This file and its contents are supplied under the terms of the
3  * Common Development and Distribution License ("CDDL"), version 1.0.
4  * You may only use this file in accordance with the terms of version
5  * 1.0 of the CDDL.
6  *
7  * A full copy of the text of the CDDL should have accompanied this
8  * source.  A copy of the CDDL is also available via the Internet at
9  * http://www.illumos.org/license/CDDL.
10  */
11 
12 /*
13  * Copyright 2017-2021 Tintri by DDN, Inc. All rights reserved.
14  * Copyright 2022 RackTop Systems, Inc.
15  */
16 
17 #ifndef _SMB_KCRYPT_H_
18 #define	_SMB_KCRYPT_H_
19 
20 /*
21  * SMB signing routines used in {smb,smb2}_signing.c
22  * Two implementations of these (kernel/user) in:
23  *	uts/common/fs/smbsrv/smb_sign_kcf.c
24  *	lib/smbsrv/libfksmbsrv/common/fksmb_sign_pkcs.c
25  */
26 
27 #ifdef	_KERNEL
28 #include <sys/crypto/api.h>
29 #else
30 #include <security/cryptoki.h>
31 #include <security/pkcs11.h>
32 #endif
33 #include <sys/uio.h>
34 
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38 
39 #define	AES128_KEY_LENGTH	16	/* AES128 key length in bytes */
40 #define	AES256_KEY_LENGTH	32	/* AES256 key length in bytes */
41 #define	MD5_DIGEST_LENGTH	16	/* MD5 digest length in bytes */
42 #define	SHA256_DIGEST_LENGTH	32	/* SHA256 digest length in bytes */
43 #define	SHA512_DIGEST_LENGTH	64	/* SHA512 digest length in bytes */
44 #define	SMB2_SIG_SIZE		16
45 #define	SMB2_KEYLEN		16	/* SMB2/3 Signing Key length */
46 #define	SMB2_SSN_KEYLEN		16	/* Max size of the SMB2 Session Key */
47 
48 #define	SMB3_AES_CCM_NONCE_SIZE	11
49 #define	SMB3_AES_GCM_NONCE_SIZE	12
50 
51 #ifdef	_KERNEL
52 
53 /* KCF variant */
54 typedef crypto_mechanism_t	smb_crypto_mech_t;
55 typedef crypto_context_t	smb_sign_ctx_t;
56 
57 typedef union {
58 	CK_AES_CCM_PARAMS	ccm;
59 	CK_AES_GCM_PARAMS	gcm;
60 } smb_crypto_param_t;
61 
62 typedef struct smb_enc_ctx {
63 	smb_crypto_mech_t mech;
64 	smb_crypto_param_t param;
65 	crypto_key_t ckey;
66 	crypto_context_t ctx;
67 	/* crypto_ctx_template_t *TODO */
68 } smb_enc_ctx_t;
69 
70 #else	/* _KERNEL */
71 
72 /* PKCS11 variant */
73 typedef CK_MECHANISM		smb_crypto_mech_t;
74 typedef CK_SESSION_HANDLE	smb_sign_ctx_t;
75 
76 typedef union {
77 	CK_CCM_PARAMS	ccm;
78 	CK_GCM_PARAMS	gcm;
79 } smb_crypto_param_t;
80 
81 typedef struct smb_enc_ctx {
82 	smb_crypto_mech_t mech;
83 	smb_crypto_param_t param;
84 	CK_OBJECT_HANDLE key;
85 	CK_SESSION_HANDLE ctx;
86 } smb_enc_ctx_t;
87 
88 #endif	/* _KERNEL */
89 
90 /*
91  * SMB signing routines used in smb_signing.c
92  */
93 int smb_md5_getmech(smb_crypto_mech_t *);
94 int smb_md5_init(smb_sign_ctx_t *, smb_crypto_mech_t *);
95 int smb_md5_update(smb_sign_ctx_t, void *, size_t);
96 int smb_md5_final(smb_sign_ctx_t, uint8_t *);
97 
98 /*
99  * SMB2/3 signing routines used in smb2_signing.c
100  * Two implementations of these (kernel/user) in:
101  *	uts/common/fs/smbsrv/smb2_sign_kcf.c
102  *	lib/smbsrv/libfksmbsrv/common/fksmb_sign_pkcs.c
103  */
104 
105 int smb2_hmac_getmech(smb_crypto_mech_t *);
106 int smb2_hmac_init(smb_sign_ctx_t *, smb_crypto_mech_t *, uint8_t *, size_t);
107 int smb2_hmac_update(smb_sign_ctx_t, uint8_t *, size_t);
108 int smb2_hmac_final(smb_sign_ctx_t, uint8_t *);
109 
110 int smb2_hmac_one(smb_crypto_mech_t *mech, uint8_t *key, size_t key_len,
111     uint8_t *data, size_t data_len, uint8_t *mac, size_t mac_len);
112 
113 int smb3_cmac_getmech(smb_crypto_mech_t *);
114 int smb3_cmac_init(smb_sign_ctx_t *, smb_crypto_mech_t *, uint8_t *, size_t);
115 int smb3_cmac_update(smb_sign_ctx_t, uint8_t *, size_t);
116 int smb3_cmac_final(smb_sign_ctx_t, uint8_t *);
117 
118 int smb3_kdf(uint8_t *outbuf, uint32_t outbuf_len,
119     uint8_t *key, size_t key_len,
120     uint8_t *label, size_t label_len,
121     uint8_t *context, size_t context_len);
122 
123 int smb3_aes_ccm_getmech(smb_crypto_mech_t *);
124 int smb3_aes_gcm_getmech(smb_crypto_mech_t *);
125 void smb3_crypto_init_ccm_param(smb_enc_ctx_t *,
126     uint8_t *, size_t, uint8_t *, size_t, size_t);
127 void smb3_crypto_init_gcm_param(smb_enc_ctx_t *,
128     uint8_t *, size_t, uint8_t *, size_t);
129 
130 int smb3_encrypt_init(smb_enc_ctx_t *, uint8_t *, size_t);
131 int smb3_encrypt_uio(smb_enc_ctx_t *, uio_t *, uio_t *);
132 void smb3_enc_ctx_done(smb_enc_ctx_t *);
133 
134 int smb3_decrypt_init(smb_enc_ctx_t *, uint8_t *, size_t);
135 int smb3_decrypt_uio(smb_enc_ctx_t *, uio_t *, uio_t *);
136 
137 #ifdef	__cplusplus
138 }
139 #endif
140 
141 #endif /* _SMB_KCRYPT_H_ */
142