1 /*
2  * This file and its contents are supplied under the terms of the
3  * Common Development and Distribution License ("CDDL"), version 1.0.
4  * You may only use this file in accordance with the terms of version
5  * 1.0 of the CDDL.
6  *
7  * A full copy of the text of the CDDL should have accompanied this
8  * source.  A copy of the CDDL is also available via the Internet at
9  * http://www.illumos.org/license/CDDL.
10  */
11 
12 /*
13  * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
14  * Copyright 2020 RackTop Systems, Inc.
15  */
16 
17 /*
18  * Helper functions for SMB3 encryption using PKCS#11
19  *
20  * There are two implementations of these functions:
21  * This one (for user space) and another for kernel.
22  * See: uts/common/fs/smbsrv/smb3_encrypt_kcf.c
23  *
24  * NOTE: CCM is not implemented in PKCS yet, so these are just stubs.
25  */
26 
27 #include <smbsrv/smb_kcrypt.h>
28 #include <smbsrv/smb2_kproto.h>
29 
30 /*
31  * SMB3 encryption helpers:
32  * (getmech, init, update, final)
33  */
34 
35 /* ARGSUSED */
36 int
smb3_aes_ccm_getmech(smb_crypto_mech_t * mech)37 smb3_aes_ccm_getmech(smb_crypto_mech_t *mech)
38 {
39 	cmn_err(CE_NOTE, "fksmbsrv does not support SMB3 Encryption");
40 	return (-1);
41 }
42 
43 /* ARGSUSED */
44 int
smb3_aes_gcm_getmech(smb_crypto_mech_t * mech)45 smb3_aes_gcm_getmech(smb_crypto_mech_t *mech)
46 {
47 	cmn_err(CE_NOTE, "fksmbsrv does not support SMB3 Encryption");
48 	return (-1);
49 }
50 
51 /* ARGSUSED */
52 void
smb3_crypto_init_ccm_param(smb3_crypto_param_t * param,uint8_t * nonce,size_t noncesize,uint8_t * auth,size_t authsize,size_t datasize)53 smb3_crypto_init_ccm_param(smb3_crypto_param_t *param,
54     uint8_t *nonce, size_t noncesize, uint8_t *auth, size_t authsize,
55     size_t datasize)
56 {
57 }
58 
59 /* ARGSUSED */
60 void
smb3_crypto_init_gcm_param(smb3_crypto_param_t * param,uint8_t * nonce,size_t noncesize,uint8_t * auth,size_t authsize)61 smb3_crypto_init_gcm_param(smb3_crypto_param_t *param,
62     uint8_t *nonce, size_t noncesize, uint8_t *auth, size_t authsize)
63 {
64 }
65 
66 /*
67  * Start the KCF session, load the key
68  */
69 
70 /* ARGSUSED */
71 static int
smb3_crypto_init(smb3_enc_ctx_t * ctxp,smb_crypto_mech_t * mech,uint8_t * key,size_t key_len,smb3_crypto_param_t * param,boolean_t is_encrypt)72 smb3_crypto_init(smb3_enc_ctx_t *ctxp, smb_crypto_mech_t *mech,
73     uint8_t *key, size_t key_len, smb3_crypto_param_t *param,
74     boolean_t is_encrypt)
75 {
76 	return (-1);
77 }
78 
79 /* ARGSUSED */
80 int
smb3_encrypt_init(smb3_enc_ctx_t * ctxp,smb_crypto_mech_t * mech,smb3_crypto_param_t * param,uint8_t * key,size_t keylen,uint8_t * buf,size_t buflen)81 smb3_encrypt_init(smb3_enc_ctx_t *ctxp, smb_crypto_mech_t *mech,
82     smb3_crypto_param_t *param, uint8_t *key, size_t keylen,
83     uint8_t *buf, size_t buflen)
84 {
85 	return (smb3_crypto_init(ctxp, mech, key, keylen, param, B_TRUE));
86 }
87 
88 int
smb3_decrypt_init(smb3_enc_ctx_t * ctxp,smb_crypto_mech_t * mech,smb3_crypto_param_t * param,uint8_t * key,size_t keylen)89 smb3_decrypt_init(smb3_enc_ctx_t *ctxp, smb_crypto_mech_t *mech,
90     smb3_crypto_param_t *param, uint8_t *key, size_t keylen)
91 {
92 	return (smb3_crypto_init(ctxp, mech, key, keylen, param, B_FALSE));
93 }
94 
95 /*
96  * Digest one segment
97  */
98 
99 /* ARGSUSED */
100 int
smb3_encrypt_update(smb3_enc_ctx_t * ctxp,uint8_t * in,size_t len)101 smb3_encrypt_update(smb3_enc_ctx_t *ctxp, uint8_t *in, size_t len)
102 {
103 	return (-1);
104 }
105 
106 /* ARGSUSED */
107 int
smb3_decrypt_update(smb3_enc_ctx_t * ctxp,uint8_t * in,size_t len)108 smb3_decrypt_update(smb3_enc_ctx_t *ctxp, uint8_t *in, size_t len)
109 {
110 	return (-1);
111 }
112 
113 /* ARGSUSED */
114 int
smb3_encrypt_final(smb3_enc_ctx_t * ctxp,uint8_t * digest16)115 smb3_encrypt_final(smb3_enc_ctx_t *ctxp, uint8_t *digest16)
116 {
117 	return (-1);
118 }
119 
120 /* ARGSUSED */
121 int
smb3_decrypt_final(smb3_enc_ctx_t * ctxp,uint8_t * buf,size_t buflen)122 smb3_decrypt_final(smb3_enc_ctx_t *ctxp, uint8_t *buf, size_t buflen)
123 {
124 	return (-1);
125 }
126 
127 /* ARGSUSED */
128 void
smb3_encrypt_cancel(smb3_enc_ctx_t * ctxp)129 smb3_encrypt_cancel(smb3_enc_ctx_t *ctxp)
130 {
131 }
132