1b819cea2SGordon Ross /* 2b819cea2SGordon Ross * This file and its contents are supplied under the terms of the 3b819cea2SGordon Ross * Common Development and Distribution License ("CDDL"), version 1.0. 4b819cea2SGordon Ross * You may only use this file in accordance with the terms of version 5b819cea2SGordon Ross * 1.0 of the CDDL. 6b819cea2SGordon Ross * 7b819cea2SGordon Ross * A full copy of the text of the CDDL should have accompanied this 8b819cea2SGordon Ross * source. A copy of the CDDL is also available via the Internet at 9b819cea2SGordon Ross * http://www.illumos.org/license/CDDL. 10b819cea2SGordon Ross */ 11b819cea2SGordon Ross 12b819cea2SGordon Ross /* 13*4f0ce1daSGordon Ross * Copyright 2017-2021 Tintri by DDN, Inc. All rights reserved. 14a4568e19SAlexander Stetsenko * Copyright 2022 RackTop Systems, Inc. 15b819cea2SGordon Ross */ 16b819cea2SGordon Ross 171160dcf7SMatt Barden #ifndef _SMB_KCRYPT_H_ 181160dcf7SMatt Barden #define _SMB_KCRYPT_H_ 19b819cea2SGordon Ross 20a90cf9f2SGordon Ross /* 21a90cf9f2SGordon Ross * SMB signing routines used in {smb,smb2}_signing.c 22a90cf9f2SGordon Ross * Two implementations of these (kernel/user) in: 23a90cf9f2SGordon Ross * uts/common/fs/smbsrv/smb_sign_kcf.c 24a90cf9f2SGordon Ross * lib/smbsrv/libfksmbsrv/common/fksmb_sign_pkcs.c 25a90cf9f2SGordon Ross */ 26a90cf9f2SGordon Ross 27b819cea2SGordon Ross #ifdef _KERNEL 28b819cea2SGordon Ross #include <sys/crypto/api.h> 29b819cea2SGordon Ross #else 30b819cea2SGordon Ross #include <security/cryptoki.h> 31b819cea2SGordon Ross #include <security/pkcs11.h> 32b819cea2SGordon Ross #endif 33*4f0ce1daSGordon Ross #include <sys/uio.h> 34b819cea2SGordon Ross 3512b65585SGordon Ross #ifdef __cplusplus 3612b65585SGordon Ross extern "C" { 3712b65585SGordon Ross #endif 3812b65585SGordon Ross 39a4568e19SAlexander Stetsenko #define AES128_KEY_LENGTH 16 /* AES128 key length in bytes */ 40a4568e19SAlexander Stetsenko #define AES256_KEY_LENGTH 32 /* AES256 key length in bytes */ 41b819cea2SGordon Ross #define MD5_DIGEST_LENGTH 16 /* MD5 digest length in bytes */ 42a90cf9f2SGordon Ross #define SHA256_DIGEST_LENGTH 32 /* SHA256 digest length in bytes */ 434e065a9fSAlexander Stetsenko #define SHA512_DIGEST_LENGTH 64 /* SHA512 digest length in bytes */ 44a90cf9f2SGordon Ross #define SMB2_SIG_SIZE 16 45a4568e19SAlexander Stetsenko #define SMB2_KEYLEN 16 /* SMB2/3 Signing Key length */ 46a4568e19SAlexander Stetsenko #define SMB2_SSN_KEYLEN 16 /* Max size of the SMB2 Session Key */ 47b819cea2SGordon Ross 48*4f0ce1daSGordon Ross #define SMB3_AES_CCM_NONCE_SIZE 11 49*4f0ce1daSGordon Ross #define SMB3_AES_GCM_NONCE_SIZE 12 50*4f0ce1daSGordon Ross 51b819cea2SGordon Ross #ifdef _KERNEL 52*4f0ce1daSGordon Ross 53b819cea2SGordon Ross /* KCF variant */ 541160dcf7SMatt Barden typedef crypto_mechanism_t smb_crypto_mech_t; 55b819cea2SGordon Ross typedef crypto_context_t smb_sign_ctx_t; 564e065a9fSAlexander Stetsenko 574e065a9fSAlexander Stetsenko typedef union { 584e065a9fSAlexander Stetsenko CK_AES_CCM_PARAMS ccm; 594e065a9fSAlexander Stetsenko CK_AES_GCM_PARAMS gcm; 60*4f0ce1daSGordon Ross } smb_crypto_param_t; 61*4f0ce1daSGordon Ross 62*4f0ce1daSGordon Ross typedef struct smb_enc_ctx { 63*4f0ce1daSGordon Ross smb_crypto_mech_t mech; 64*4f0ce1daSGordon Ross smb_crypto_param_t param; 65*4f0ce1daSGordon Ross crypto_key_t ckey; 66*4f0ce1daSGordon Ross crypto_context_t ctx; 67*4f0ce1daSGordon Ross /* crypto_ctx_template_t *TODO */ 68*4f0ce1daSGordon Ross } smb_enc_ctx_t; 694e065a9fSAlexander Stetsenko 70b819cea2SGordon Ross #else /* _KERNEL */ 71*4f0ce1daSGordon Ross 72b819cea2SGordon Ross /* PKCS11 variant */ 731160dcf7SMatt Barden typedef CK_MECHANISM smb_crypto_mech_t; 74b819cea2SGordon Ross typedef CK_SESSION_HANDLE smb_sign_ctx_t; 75*4f0ce1daSGordon Ross 76*4f0ce1daSGordon Ross typedef union { 77*4f0ce1daSGordon Ross CK_CCM_PARAMS ccm; 78*4f0ce1daSGordon Ross CK_GCM_PARAMS gcm; 79*4f0ce1daSGordon Ross } smb_crypto_param_t; 80*4f0ce1daSGordon Ross 811160dcf7SMatt Barden typedef struct smb_enc_ctx { 82*4f0ce1daSGordon Ross smb_crypto_mech_t mech; 83*4f0ce1daSGordon Ross smb_crypto_param_t param; 84*4f0ce1daSGordon Ross CK_OBJECT_HANDLE key; 851160dcf7SMatt Barden CK_SESSION_HANDLE ctx; 86*4f0ce1daSGordon Ross } smb_enc_ctx_t; 87*4f0ce1daSGordon Ross 88b819cea2SGordon Ross #endif /* _KERNEL */ 89b819cea2SGordon Ross 90b819cea2SGordon Ross /* 91a90cf9f2SGordon Ross * SMB signing routines used in smb_signing.c 92b819cea2SGordon Ross */ 931160dcf7SMatt Barden int smb_md5_getmech(smb_crypto_mech_t *); 941160dcf7SMatt Barden int smb_md5_init(smb_sign_ctx_t *, smb_crypto_mech_t *); 95b819cea2SGordon Ross int smb_md5_update(smb_sign_ctx_t, void *, size_t); 96b819cea2SGordon Ross int smb_md5_final(smb_sign_ctx_t, uint8_t *); 97b819cea2SGordon Ross 98a90cf9f2SGordon Ross /* 99c51c88bdSMatt Barden * SMB2/3 signing routines used in smb2_signing.c 100c51c88bdSMatt Barden * Two implementations of these (kernel/user) in: 101c51c88bdSMatt Barden * uts/common/fs/smbsrv/smb2_sign_kcf.c 102c51c88bdSMatt Barden * lib/smbsrv/libfksmbsrv/common/fksmb_sign_pkcs.c 103a90cf9f2SGordon Ross */ 104a90cf9f2SGordon Ross 1051160dcf7SMatt Barden int smb2_hmac_getmech(smb_crypto_mech_t *); 1061160dcf7SMatt Barden int smb2_hmac_init(smb_sign_ctx_t *, smb_crypto_mech_t *, uint8_t *, size_t); 107a90cf9f2SGordon Ross int smb2_hmac_update(smb_sign_ctx_t, uint8_t *, size_t); 108a90cf9f2SGordon Ross int smb2_hmac_final(smb_sign_ctx_t, uint8_t *); 109a90cf9f2SGordon Ross 110a4568e19SAlexander Stetsenko int smb2_hmac_one(smb_crypto_mech_t *mech, uint8_t *key, size_t key_len, 111a4568e19SAlexander Stetsenko uint8_t *data, size_t data_len, uint8_t *mac, size_t mac_len); 112a4568e19SAlexander Stetsenko 1131160dcf7SMatt Barden int smb3_cmac_getmech(smb_crypto_mech_t *); 1141160dcf7SMatt Barden int smb3_cmac_init(smb_sign_ctx_t *, smb_crypto_mech_t *, uint8_t *, size_t); 115c51c88bdSMatt Barden int smb3_cmac_update(smb_sign_ctx_t, uint8_t *, size_t); 116c51c88bdSMatt Barden int smb3_cmac_final(smb_sign_ctx_t, uint8_t *); 117c51c88bdSMatt Barden 118a4568e19SAlexander Stetsenko int smb3_kdf(uint8_t *outbuf, uint32_t outbuf_len, 119a4568e19SAlexander Stetsenko uint8_t *key, size_t key_len, 1204e065a9fSAlexander Stetsenko uint8_t *label, size_t label_len, 1214e065a9fSAlexander Stetsenko uint8_t *context, size_t context_len); 1221160dcf7SMatt Barden 1234e065a9fSAlexander Stetsenko int smb3_aes_ccm_getmech(smb_crypto_mech_t *); 1244e065a9fSAlexander Stetsenko int smb3_aes_gcm_getmech(smb_crypto_mech_t *); 125*4f0ce1daSGordon Ross void smb3_crypto_init_ccm_param(smb_enc_ctx_t *, 126*4f0ce1daSGordon Ross uint8_t *, size_t, uint8_t *, size_t, size_t); 127*4f0ce1daSGordon Ross void smb3_crypto_init_gcm_param(smb_enc_ctx_t *, 128*4f0ce1daSGordon Ross uint8_t *, size_t, uint8_t *, size_t); 129*4f0ce1daSGordon Ross 130*4f0ce1daSGordon Ross int smb3_encrypt_init(smb_enc_ctx_t *, uint8_t *, size_t); 131*4f0ce1daSGordon Ross int smb3_encrypt_uio(smb_enc_ctx_t *, uio_t *, uio_t *); 132*4f0ce1daSGordon Ross void smb3_enc_ctx_done(smb_enc_ctx_t *); 133*4f0ce1daSGordon Ross 134*4f0ce1daSGordon Ross int smb3_decrypt_init(smb_enc_ctx_t *, uint8_t *, size_t); 135*4f0ce1daSGordon Ross int smb3_decrypt_uio(smb_enc_ctx_t *, uio_t *, uio_t *); 1361160dcf7SMatt Barden 137c51c88bdSMatt Barden #ifdef __cplusplus 13812b65585SGordon Ross } 13912b65585SGordon Ross #endif 14012b65585SGordon Ross 1411160dcf7SMatt Barden #endif /* _SMB_KCRYPT_H_ */ 142