fs/smbsrv/smb_sign_kcf.c

b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * This file and its contents are supplied under the terms of the
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Common Development and Distribution License ("CDDL"), version 1.0.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * You may only use this file in accordance with the terms of version
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * 1.0 of the CDDL.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * A full copy of the text of the CDDL should have accompanied this
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * source.  A copy of the CDDL is also available via the Internet at
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * http://www.illumos.org/license/CDDL.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Helper functions for SMB signing using the
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Kernel Cryptographic Framework (KCF)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross *
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * There are two implementations of these functions:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * This one (for kernel) and another for user space:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * See: lib/smbsrv/libfksmbsrv/common/fksmb_sign_pkcs.c
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <sys/types.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <sys/kmem.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <sys/crypto/api.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <smbsrv/smb_kproto.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <smbsrv/smb_signing.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * SMB1 signing helpers:
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * (getmech, init, update, final)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rossint
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rosssmb_md5_getmech(smb_sign_mech_t *mech)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross{
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    crypto_mech_type_t t;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    t = crypto_mech2id(SUN_CKM_MD5);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    if (t == CRYPTO_MECH_INVALID)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        return (-1);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    mech->cm_type = t;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    return (0);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross}
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Start the KCF session, load the key
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rossint
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rosssmb_md5_init(smb_sign_ctx_t *ctxp, smb_sign_mech_t *mech)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross{
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    int rv;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    rv = crypto_digest_init(mech, ctxp, NULL);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    return (rv == CRYPTO_SUCCESS ? 0 : -1);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross}
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Digest one segment
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rossint
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rosssmb_md5_update(smb_sign_ctx_t ctx, void *buf, size_t len)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross{
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    crypto_data_t data;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    int rv;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    bzero(&data, sizeof (data));
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    data.cd_format = CRYPTO_DATA_RAW;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    data.cd_length = len;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    data.cd_raw.iov_base = buf;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    data.cd_raw.iov_len = len;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    rv = crypto_digest_update(ctx, &data, 0);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    return (rv == CRYPTO_SUCCESS ? 0 : -1);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross}
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross/*
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * Get the final digest.
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross */
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rossint
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Rosssmb_md5_final(smb_sign_ctx_t ctx, uint8_t *digest16)
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross{
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    crypto_data_t out;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    int rv;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    bzero(&out, sizeof (out));
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    out.cd_format = CRYPTO_DATA_RAW;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    out.cd_length = MD5_DIGEST_LENGTH;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    out.cd_raw.iov_len = MD5_DIGEST_LENGTH;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    out.cd_raw.iov_base = (void *)digest16;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    rv = crypto_digest_final(ctx, &out, 0);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    return (rv == CRYPTO_SUCCESS ? 0 : -1);
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross}
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross/*
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * SMB2 signing helpers:
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * (getmech, init, update, final)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Rossint
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Rosssmb2_hmac_getmech(smb_sign_mech_t *mech)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross{
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    crypto_mech_type_t t;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    t = crypto_mech2id(SUN_CKM_SHA256_HMAC);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    if (t == CRYPTO_MECH_INVALID)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross        return (-1);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    mech->cm_type = t;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    return (0);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross}
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross/*
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Start the KCF session, load the key
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Rossint
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Rosssmb2_hmac_init(smb_sign_ctx_t *ctxp, smb_sign_mech_t *mech,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    uint8_t *key, size_t key_len)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross{
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    crypto_key_t ckey;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    int rv;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    bzero(&ckey, sizeof (ckey));
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    ckey.ck_format = CRYPTO_KEY_RAW;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    ckey.ck_data = key;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    ckey.ck_length = key_len * 8; /* in bits */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    rv = crypto_mac_init(mech, &ckey, NULL, ctxp, NULL);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    return (rv == CRYPTO_SUCCESS ? 0 : -1);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross}
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross/*
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Digest one segment
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Rossint
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Rosssmb2_hmac_update(smb_sign_ctx_t ctx, uint8_t *in, size_t len)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross{
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    crypto_data_t data;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    int rv;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    bzero(&data, sizeof (data));
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    data.cd_format = CRYPTO_DATA_RAW;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    data.cd_length = len;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    data.cd_raw.iov_base = (void *)in;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    data.cd_raw.iov_len = len;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    rv = crypto_mac_update(ctx, &data, 0);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    return (rv == CRYPTO_SUCCESS ? 0 : -1);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross}
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross/*
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Note, the SMB2 signature is the first 16 bytes of the
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * 32-byte SHA256 HMAC digest.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Rossint
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Rosssmb2_hmac_final(smb_sign_ctx_t ctx, uint8_t *digest16)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross{
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    uint8_t full_digest[SHA256_DIGEST_LENGTH];
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    crypto_data_t out;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    int rv;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    bzero(&out, sizeof (out));
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    out.cd_format = CRYPTO_DATA_RAW;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    out.cd_length = SHA256_DIGEST_LENGTH;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    out.cd_raw.iov_len = SHA256_DIGEST_LENGTH;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    out.cd_raw.iov_base = (void *)full_digest;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    rv = crypto_mac_final(ctx, &out, 0);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    if (rv == CRYPTO_SUCCESS)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross        bcopy(full_digest, digest16, 16);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross    return (rv == CRYPTO_SUCCESS ? 0 : -1);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross}