1*48e11a6eSGordon Ross /* 2*48e11a6eSGordon Ross * This file and its contents are supplied under the terms of the 3*48e11a6eSGordon Ross * Common Development and Distribution License ("CDDL"), version 1.0. 4*48e11a6eSGordon Ross * You may only use this file in accordance with the terms of version 5*48e11a6eSGordon Ross * 1.0 of the CDDL. 6*48e11a6eSGordon Ross * 7*48e11a6eSGordon Ross * A full copy of the text of the CDDL should have accompanied this 8*48e11a6eSGordon Ross * source. A copy of the CDDL is also available via the Internet at 9*48e11a6eSGordon Ross * http://www.illumos.org/license/CDDL. 10*48e11a6eSGordon Ross */ 11*48e11a6eSGordon Ross 12*48e11a6eSGordon Ross /* 13*48e11a6eSGordon Ross * Copyright 2017-2021 Tintri by DDN, Inc. All rights reserved. 14*48e11a6eSGordon Ross * Copyright 2022-2024 RackTop Systems, Inc. 15*48e11a6eSGordon Ross */ 16*48e11a6eSGordon Ross 17*48e11a6eSGordon Ross #ifndef _NSMB_KCRYPT_H_ 18*48e11a6eSGordon Ross #define _NSMB_KCRYPT_H_ 19*48e11a6eSGordon Ross 20*48e11a6eSGordon Ross /* 21*48e11a6eSGordon Ross * SMB crypto routines used in signing and encryption. 22*48e11a6eSGordon Ross * Two implementations of these (kernel/user) in: 23*48e11a6eSGordon Ross * uts/common/fs/smbclient/netsmb/nsmb_*_kcf.c 24*48e11a6eSGordon Ross * lib/smbclnt/libfknsmb/common/fksmb_*_pkcs.c 25*48e11a6eSGordon Ross * 26*48e11a6eSGordon Ross * Might want to later factor these out from client and server, 27*48e11a6eSGordon Ross * but that severely amplifies the test burden when working on 28*48e11a6eSGordon Ross * either one, so keeping them separate for now. Do try to keep 29*48e11a6eSGordon Ross * the *_kcrypt.h structs consistent between this and smbsrv. 30*48e11a6eSGordon Ross */ 31*48e11a6eSGordon Ross 32*48e11a6eSGordon Ross #ifdef _KERNEL 33*48e11a6eSGordon Ross #include <sys/crypto/api.h> 34*48e11a6eSGordon Ross #else 35*48e11a6eSGordon Ross #include <security/cryptoki.h> 36*48e11a6eSGordon Ross #include <security/pkcs11.h> 37*48e11a6eSGordon Ross #endif 38*48e11a6eSGordon Ross #include <sys/stream.h> 39*48e11a6eSGordon Ross #include <sys/uio.h> 40*48e11a6eSGordon Ross 41*48e11a6eSGordon Ross #ifdef __cplusplus 42*48e11a6eSGordon Ross extern "C" { 43*48e11a6eSGordon Ross #endif 44*48e11a6eSGordon Ross 45*48e11a6eSGordon Ross #define MD5_DIGEST_LENGTH 16 /* MD5 digest length in bytes */ 46*48e11a6eSGordon Ross #define SHA256_DIGEST_LENGTH 32 /* SHA256 digest length in bytes */ 47*48e11a6eSGordon Ross #define SHA512_DIGEST_LENGTH 64 /* SHA512 digest length in bytes */ 48*48e11a6eSGordon Ross #define SMB2_SIG_SIZE 16 49*48e11a6eSGordon Ross #define SMB2_KEYLEN 16 /* SMB2/3 Signing Key length */ 50*48e11a6eSGordon Ross #define SMB3_KEYLEN 16 /* Only AES128 for now */ 51*48e11a6eSGordon Ross 52*48e11a6eSGordon Ross #define SMB3_AES_CCM_NONCE_SIZE 11 53*48e11a6eSGordon Ross #define SMB3_AES_GCM_NONCE_SIZE 12 54*48e11a6eSGordon Ross 55*48e11a6eSGordon Ross #ifdef _KERNEL 56*48e11a6eSGordon Ross 57*48e11a6eSGordon Ross /* KCF variant */ 58*48e11a6eSGordon Ross typedef crypto_mechanism_t smb_crypto_mech_t; 59*48e11a6eSGordon Ross typedef crypto_context_t smb_sign_ctx_t; 60*48e11a6eSGordon Ross 61*48e11a6eSGordon Ross typedef union { 62*48e11a6eSGordon Ross CK_AES_CCM_PARAMS ccm; 63*48e11a6eSGordon Ross CK_AES_GCM_PARAMS gcm; 64*48e11a6eSGordon Ross ulong_t hmac; 65*48e11a6eSGordon Ross CK_AES_GMAC_PARAMS gmac; 66*48e11a6eSGordon Ross } smb_crypto_param_t; 67*48e11a6eSGordon Ross 68*48e11a6eSGordon Ross typedef struct smb_enc_ctx { 69*48e11a6eSGordon Ross smb_crypto_mech_t mech; 70*48e11a6eSGordon Ross smb_crypto_param_t param; 71*48e11a6eSGordon Ross crypto_key_t ckey; 72*48e11a6eSGordon Ross crypto_context_t ctx; 73*48e11a6eSGordon Ross } smb_enc_ctx_t; 74*48e11a6eSGordon Ross 75*48e11a6eSGordon Ross #else /* _KERNEL */ 76*48e11a6eSGordon Ross 77*48e11a6eSGordon Ross /* PKCS11 variant */ 78*48e11a6eSGordon Ross typedef CK_MECHANISM smb_crypto_mech_t; 79*48e11a6eSGordon Ross typedef CK_SESSION_HANDLE smb_sign_ctx_t; 80*48e11a6eSGordon Ross 81*48e11a6eSGordon Ross typedef union { 82*48e11a6eSGordon Ross CK_CCM_PARAMS ccm; 83*48e11a6eSGordon Ross CK_GCM_PARAMS gcm; 84*48e11a6eSGordon Ross CK_MAC_GENERAL_PARAMS hmac; 85*48e11a6eSGordon Ross } smb_crypto_param_t; 86*48e11a6eSGordon Ross 87*48e11a6eSGordon Ross typedef struct smb_enc_ctx { 88*48e11a6eSGordon Ross smb_crypto_mech_t mech; 89*48e11a6eSGordon Ross smb_crypto_param_t param; 90*48e11a6eSGordon Ross CK_OBJECT_HANDLE key; 91*48e11a6eSGordon Ross CK_SESSION_HANDLE ctx; 92*48e11a6eSGordon Ross } smb_enc_ctx_t; 93*48e11a6eSGordon Ross 94*48e11a6eSGordon Ross #endif /* _KERNEL */ 95*48e11a6eSGordon Ross 96*48e11a6eSGordon Ross /* 97*48e11a6eSGordon Ross * SMB signing routines used in smb_signing.c 98*48e11a6eSGordon Ross */ 99*48e11a6eSGordon Ross int nsmb_md5_getmech(smb_crypto_mech_t *); 100*48e11a6eSGordon Ross int nsmb_md5_init(smb_sign_ctx_t *, smb_crypto_mech_t *); 101*48e11a6eSGordon Ross int nsmb_md5_update(smb_sign_ctx_t, void *, size_t); 102*48e11a6eSGordon Ross int nsmb_md5_final(smb_sign_ctx_t, uint8_t *); 103*48e11a6eSGordon Ross 104*48e11a6eSGordon Ross /* 105*48e11a6eSGordon Ross * SMB2/3 signing routines used in smb2_signing.c 106*48e11a6eSGordon Ross * Two implementations of these (kernel/user) in: 107*48e11a6eSGordon Ross * uts/common/fs/smbsrv/smb2_sign_kcf.c 108*48e11a6eSGordon Ross * lib/smbsrv/libfksmbsrv/common/fksmb_sign_pkcs.c 109*48e11a6eSGordon Ross */ 110*48e11a6eSGordon Ross 111*48e11a6eSGordon Ross int nsmb_hmac_getmech(smb_crypto_mech_t *); 112*48e11a6eSGordon Ross int nsmb_hmac_init(smb_sign_ctx_t *, smb_crypto_mech_t *, uint8_t *, size_t); 113*48e11a6eSGordon Ross int nsmb_hmac_update(smb_sign_ctx_t, uint8_t *, size_t); 114*48e11a6eSGordon Ross int nsmb_hmac_final(smb_sign_ctx_t, uint8_t *); 115*48e11a6eSGordon Ross 116*48e11a6eSGordon Ross int nsmb_hmac_one(smb_crypto_mech_t *mech, uint8_t *key, size_t key_len, 117*48e11a6eSGordon Ross uint8_t *data, size_t data_len, uint8_t *mac, size_t mac_len); 118*48e11a6eSGordon Ross 119*48e11a6eSGordon Ross int nsmb_cmac_getmech(smb_crypto_mech_t *); 120*48e11a6eSGordon Ross int nsmb_cmac_init(smb_sign_ctx_t *, smb_crypto_mech_t *, uint8_t *, size_t); 121*48e11a6eSGordon Ross int nsmb_cmac_update(smb_sign_ctx_t, uint8_t *, size_t); 122*48e11a6eSGordon Ross int nsmb_cmac_final(smb_sign_ctx_t, uint8_t *); 123*48e11a6eSGordon Ross 124*48e11a6eSGordon Ross int nsmb_kdf(uint8_t *outbuf, uint32_t outbuf_len, 125*48e11a6eSGordon Ross uint8_t *key, size_t key_len, 126*48e11a6eSGordon Ross uint8_t *label, size_t label_len, 127*48e11a6eSGordon Ross uint8_t *context, size_t context_len); 128*48e11a6eSGordon Ross 129*48e11a6eSGordon Ross int nsmb_aes_ccm_getmech(smb_crypto_mech_t *); 130*48e11a6eSGordon Ross int nsmb_aes_gcm_getmech(smb_crypto_mech_t *); 131*48e11a6eSGordon Ross void nsmb_crypto_init_ccm_param(smb_enc_ctx_t *, 132*48e11a6eSGordon Ross uint8_t *, size_t, uint8_t *, size_t, size_t); 133*48e11a6eSGordon Ross void nsmb_crypto_init_gcm_param(smb_enc_ctx_t *, 134*48e11a6eSGordon Ross uint8_t *, size_t, uint8_t *, size_t); 135*48e11a6eSGordon Ross 136*48e11a6eSGordon Ross int nsmb_encrypt_init(smb_enc_ctx_t *, uint8_t *, size_t); 137*48e11a6eSGordon Ross int nsmb_encrypt_mblks(smb_enc_ctx_t *, mblk_t *, size_t); 138*48e11a6eSGordon Ross int nsmb_encrypt_uio(smb_enc_ctx_t *, uio_t *, uio_t *); 139*48e11a6eSGordon Ross void nsmb_enc_ctx_done(smb_enc_ctx_t *); 140*48e11a6eSGordon Ross 141*48e11a6eSGordon Ross int nsmb_decrypt_init(smb_enc_ctx_t *, uint8_t *, size_t); 142*48e11a6eSGordon Ross int nsmb_decrypt_mblks(smb_enc_ctx_t *, mblk_t *, size_t); 143*48e11a6eSGordon Ross int nsmb_decrypt_uio(smb_enc_ctx_t *, uio_t *, uio_t *); 144*48e11a6eSGordon Ross 145*48e11a6eSGordon Ross #ifdef __cplusplus 146*48e11a6eSGordon Ross } 147*48e11a6eSGordon Ross #endif 148*48e11a6eSGordon Ross 149*48e11a6eSGordon Ross #endif /* _NSMB_KCRYPT_H_ */ 150