xref: /illumos-gate/usr/src/uts/common/fs/smbsrv/smb_sign_kcf.c (revision 4c28a617e3922d92a58e813a5b955eb526b9c386)
1 /*
2  * This file and its contents are supplied under the terms of the
3  * Common Development and Distribution License ("CDDL"), version 1.0.
4  * You may only use this file in accordance with the terms of version
5  * 1.0 of the CDDL.
6  *
7  * A full copy of the text of the CDDL should have accompanied this
8  * source.  A copy of the CDDL is also available via the Internet at
9  * http://www.illumos.org/license/CDDL.
10  */
11 
12 /*
13  * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
14  */
15 
16 /*
17  * Helper functions for SMB signing using the
18  * Kernel Cryptographic Framework (KCF)
19  *
20  * There are two implementations of these functions:
21  * This one (for kernel) and another for user space:
22  * See: lib/smbsrv/libfksmbsrv/common/fksmb_sign_pkcs.c
23  */
24 
25 #include <sys/types.h>
26 #include <sys/kmem.h>
27 #include <sys/crypto/api.h>
28 #include <smbsrv/smb_kproto.h>
29 #include <smbsrv/smb_signing.h>
30 
31 /*
32  * SMB1 signing helpers:
33  * (getmech, init, update, final)
34  */
35 
36 int
37 smb_md5_getmech(smb_sign_mech_t *mech)
38 {
39 	crypto_mech_type_t t;
40 
41 	t = crypto_mech2id(SUN_CKM_MD5);
42 	if (t == CRYPTO_MECH_INVALID)
43 		return (-1);
44 	mech->cm_type = t;
45 	return (0);
46 }
47 
48 /*
49  * Start the KCF session, load the key
50  */
51 int
52 smb_md5_init(smb_sign_ctx_t *ctxp, smb_sign_mech_t *mech)
53 {
54 	int rv;
55 
56 	rv = crypto_digest_init(mech, ctxp, NULL);
57 
58 	return (rv == CRYPTO_SUCCESS ? 0 : -1);
59 }
60 
61 /*
62  * Digest one segment
63  */
64 int
65 smb_md5_update(smb_sign_ctx_t ctx, void *buf, size_t len)
66 {
67 	crypto_data_t data;
68 	int rv;
69 
70 	bzero(&data, sizeof (data));
71 	data.cd_format = CRYPTO_DATA_RAW;
72 	data.cd_length = len;
73 	data.cd_raw.iov_base = buf;
74 	data.cd_raw.iov_len = len;
75 
76 	rv = crypto_digest_update(ctx, &data, 0);
77 
78 	return (rv == CRYPTO_SUCCESS ? 0 : -1);
79 }
80 
81 /*
82  * Get the final digest.
83  */
84 int
85 smb_md5_final(smb_sign_ctx_t ctx, uint8_t *digest16)
86 {
87 	crypto_data_t out;
88 	int rv;
89 
90 	bzero(&out, sizeof (out));
91 	out.cd_format = CRYPTO_DATA_RAW;
92 	out.cd_length = MD5_DIGEST_LENGTH;
93 	out.cd_raw.iov_len = MD5_DIGEST_LENGTH;
94 	out.cd_raw.iov_base = (void *)digest16;
95 
96 	rv = crypto_digest_final(ctx, &out, 0);
97 
98 	return (rv == CRYPTO_SUCCESS ? 0 : -1);
99 }
100 
101 /*
102  * SMB2 signing helpers:
103  * (getmech, init, update, final)
104  */
105 
106 int
107 smb2_hmac_getmech(smb_sign_mech_t *mech)
108 {
109 	crypto_mech_type_t t;
110 
111 	t = crypto_mech2id(SUN_CKM_SHA256_HMAC);
112 	if (t == CRYPTO_MECH_INVALID)
113 		return (-1);
114 	mech->cm_type = t;
115 	return (0);
116 }
117 
118 /*
119  * Start the KCF session, load the key
120  */
121 int
122 smb2_hmac_init(smb_sign_ctx_t *ctxp, smb_sign_mech_t *mech,
123     uint8_t *key, size_t key_len)
124 {
125 	crypto_key_t ckey;
126 	int rv;
127 
128 	bzero(&ckey, sizeof (ckey));
129 	ckey.ck_format = CRYPTO_KEY_RAW;
130 	ckey.ck_data = key;
131 	ckey.ck_length = key_len * 8; /* in bits */
132 
133 	rv = crypto_mac_init(mech, &ckey, NULL, ctxp, NULL);
134 
135 	return (rv == CRYPTO_SUCCESS ? 0 : -1);
136 }
137 
138 /*
139  * Digest one segment
140  */
141 int
142 smb2_hmac_update(smb_sign_ctx_t ctx, uint8_t *in, size_t len)
143 {
144 	crypto_data_t data;
145 	int rv;
146 
147 	bzero(&data, sizeof (data));
148 	data.cd_format = CRYPTO_DATA_RAW;
149 	data.cd_length = len;
150 	data.cd_raw.iov_base = (void *)in;
151 	data.cd_raw.iov_len = len;
152 
153 	rv = crypto_mac_update(ctx, &data, 0);
154 
155 	return (rv == CRYPTO_SUCCESS ? 0 : -1);
156 }
157 
158 /*
159  * Note, the SMB2 signature is the first 16 bytes of the
160  * 32-byte SHA256 HMAC digest.
161  */
162 int
163 smb2_hmac_final(smb_sign_ctx_t ctx, uint8_t *digest16)
164 {
165 	uint8_t full_digest[SHA256_DIGEST_LENGTH];
166 	crypto_data_t out;
167 	int rv;
168 
169 	bzero(&out, sizeof (out));
170 	out.cd_format = CRYPTO_DATA_RAW;
171 	out.cd_length = SHA256_DIGEST_LENGTH;
172 	out.cd_raw.iov_len = SHA256_DIGEST_LENGTH;
173 	out.cd_raw.iov_base = (void *)full_digest;
174 
175 	rv = crypto_mac_final(ctx, &out, 0);
176 	if (rv == CRYPTO_SUCCESS)
177 		bcopy(full_digest, digest16, 16);
178 
179 	return (rv == CRYPTO_SUCCESS ? 0 : -1);
180 }
181