12513 SMB 3.1.1 support for server

          --- old/usr/src/uts/common/smbsrv/smb_kcrypt.h
          +++ new/usr/src/uts/common/smbsrv/smb_kcrypt.h

   1    1  /*
   2    2   * This file and its contents are supplied under the terms of the
   3    3   * Common Development and Distribution License ("CDDL"), version 1.0.

   4    4   * You may only use this file in accordance with the terms of version
   5    5   * 1.0 of the CDDL.
   6    6   *
   7    7   * A full copy of the text of the CDDL should have accompanied this
   8    8   * source.  A copy of the CDDL is also available via the Internet at
   9    9   * http://www.illumos.org/license/CDDL.
  10   10   */
  11   11  
  12   12  /*
  13   13   * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
       14 + * Copyright 2020 RackTop Systems, Inc.
  14   15   */
  15   16  
  16   17  #ifndef _SMB_KCRYPT_H_
  17   18  #define _SMB_KCRYPT_H_
  18   19  
  19   20  /*
  20   21   * SMB signing routines used in {smb,smb2}_signing.c
  21   22   * Two implementations of these (kernel/user) in:
  22   23   *      uts/common/fs/smbsrv/smb_sign_kcf.c
  23   24   *      lib/smbsrv/libfksmbsrv/common/fksmb_sign_pkcs.c

  24   25   */
  25   26  
  26   27  #ifdef  _KERNEL
  27   28  #include <sys/crypto/api.h>
  28   29  #else

  29   30  #include <security/cryptoki.h>
  30   31  #include <security/pkcs11.h>
  31   32  #endif
  32   33  
  33   34  #ifdef __cplusplus
  34   35  extern "C" {
  35   36  #endif
  36   37  
  37   38  #define MD5_DIGEST_LENGTH       16      /* MD5 digest length in bytes */
  38   39  #define SHA256_DIGEST_LENGTH    32      /* SHA256 digest length in bytes */
       40 +#define SHA512_DIGEST_LENGTH    64      /* SHA512 digest length in bytes */
  39   41  #define SMB2_SIG_SIZE           16
  40   42  #define SMB2_KEYLEN             16
  41   43  #define SMB3_KEYLEN             16      /* AES-128 keys */
  42   44  
  43   45  #ifdef  _KERNEL
  44   46  /* KCF variant */
  45   47  typedef crypto_mechanism_t      smb_crypto_mech_t;
  46   48  typedef crypto_context_t        smb_sign_ctx_t;
  47   49  typedef struct smb3_enc_ctx {
  48   50          crypto_context_t ctx;
  49   51          crypto_data_t output;
  50   52          size_t len;
  51   53  } smb3_enc_ctx_t;
  52      -typedef CK_AES_CCM_PARAMS       smb3_crypto_param_t;
       54 +
       55 +typedef union {
       56 +        CK_AES_CCM_PARAMS       ccm;
       57 +        CK_AES_GCM_PARAMS       gcm;
       58 +} smb3_crypto_param_t;
       59 +
  53   60  #else   /* _KERNEL */
  54   61  /* PKCS11 variant */
  55   62  typedef CK_MECHANISM            smb_crypto_mech_t;
  56   63  typedef CK_SESSION_HANDLE       smb_sign_ctx_t;
  57   64  typedef struct smb_enc_ctx {
  58   65          CK_SESSION_HANDLE ctx;
  59   66          uint8_t *output;
  60   67          CK_ULONG len;
  61   68  } smb3_enc_ctx_t;
  62   69  /*

  63   70   * CCM in PKCS has not been implemented.
  64   71   * We just need an opaque type with space to refer to.
  65   72   */
  66   73  typedef struct pkcs_ccm_param {
  67   74          uint8_t buf[100];
  68   75  } smb3_crypto_param_t;
  69   76  #endif  /* _KERNEL */
  70   77  
  71   78  /*
  72   79   * SMB signing routines used in smb_signing.c
  73   80   */
  74   81  int smb_md5_getmech(smb_crypto_mech_t *);
  75   82  int smb_md5_init(smb_sign_ctx_t *, smb_crypto_mech_t *);
  76   83  int smb_md5_update(smb_sign_ctx_t, void *, size_t);
  77   84  int smb_md5_final(smb_sign_ctx_t, uint8_t *);
  78   85  
  79   86  /*
  80   87   * SMB2/3 signing routines used in smb2_signing.c
  81   88   * Two implementations of these (kernel/user) in:
  82   89   *      uts/common/fs/smbsrv/smb2_sign_kcf.c
  83   90   *      lib/smbsrv/libfksmbsrv/common/fksmb_sign_pkcs.c
  84   91   */
  85   92  

  86   93  int smb2_hmac_getmech(smb_crypto_mech_t *);
  87   94  int smb2_hmac_init(smb_sign_ctx_t *, smb_crypto_mech_t *, uint8_t *, size_t);
  88   95  int smb2_hmac_update(smb_sign_ctx_t, uint8_t *, size_t);
  89   96  int smb2_hmac_final(smb_sign_ctx_t, uint8_t *);
  90   97  
  91   98  int smb3_cmac_getmech(smb_crypto_mech_t *);
  92   99  int smb3_cmac_init(smb_sign_ctx_t *, smb_crypto_mech_t *, uint8_t *, size_t);
  93  100  int smb3_cmac_update(smb_sign_ctx_t, uint8_t *, size_t);
  94  101  int smb3_cmac_final(smb_sign_ctx_t, uint8_t *);
  95  102  
  96      -int smb3_do_kdf(void *, void *, size_t, uint8_t *, uint32_t);
  97      -
  98      -int smb3_encrypt_getmech(smb_crypto_mech_t *);
  99      -void smb3_crypto_init_param(smb3_crypto_param_t *, uint8_t *, size_t,
      103 +int smb3_kdf(uint8_t *outbuf, uint8_t *key, size_t key_len,
      104 +    uint8_t *label, size_t label_len,
      105 +    uint8_t *context, size_t context_len);
      106 +
      107 +int smb3_aes_ccm_getmech(smb_crypto_mech_t *);
      108 +int smb3_aes_gcm_getmech(smb_crypto_mech_t *);
      109 +void smb3_crypto_init_ccm_param(smb3_crypto_param_t *, uint8_t *, size_t,
 100  110      uint8_t *, size_t, size_t);
      111 +void smb3_crypto_init_gcm_param(smb3_crypto_param_t *, uint8_t *, size_t,
      112 +    uint8_t *, size_t);
 101  113  
 102  114  int smb3_encrypt_init(smb3_enc_ctx_t *, smb_crypto_mech_t *,
 103  115      smb3_crypto_param_t *, uint8_t *, size_t, uint8_t *, size_t);
 104  116  int smb3_encrypt_update(smb3_enc_ctx_t *, uint8_t *, size_t);
 105  117  int smb3_encrypt_final(smb3_enc_ctx_t *, uint8_t *);
 106  118  void smb3_encrypt_cancel(smb3_enc_ctx_t *);
 107  119  
 108  120  int smb3_decrypt_init(smb3_enc_ctx_t *, smb_crypto_mech_t *,
 109  121      smb3_crypto_param_t *, uint8_t *, size_t);
 110  122  int smb3_decrypt_update(smb3_enc_ctx_t *, uint8_t *, size_t);
 111  123  int smb3_decrypt_final(smb3_enc_ctx_t *, uint8_t *, size_t);
 112  124  
 113  125  #ifdef  __cplusplus
 114  126  }
 115  127  #endif
 116  128  
 117  129  #endif /* _SMB_KCRYPT_H_ */
    

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX