usr/src/uts/common/fs/smbsrv/smb_sign_kcf.c

   1 /*
   2  * This file and its contents are supplied under the terms of the
   3  * Common Development and Distribution License ("CDDL"), version 1.0.
   4  * You may only use this file in accordance with the terms of version
   5  * 1.0 of the CDDL.
   6  *
   7  * A full copy of the text of the CDDL should have accompanied this
   8  * source.  A copy of the CDDL is also available via the Internet at
   9  * http://www.illumos.org/license/CDDL.
  10  */
  11
  12 /*
  13  * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
  14  */
  15
  16 /*
  17  * Helper functions for SMB1 signing using the
  18  * Kernel Cryptographic Framework (KCF)
  19  *
  20  * There are two implementations of these functions:
  21  * This one (for kernel) and another for user space:
  22  * See: lib/smbsrv/libfksmbsrv/common/fksmb_sign_pkcs.c
  23  */
  24
  25 #include <sys/types.h>
  26 #include <sys/kmem.h>
  27 #include <sys/crypto/api.h>
  28 #include <smbsrv/smb_kproto.h>
  29 #include <smbsrv/smb_signing.h>
  30
  31 /*
  32  * SMB1 signing helpers:
  33  * (getmech, init, update, final)
  34  */
  35
  36 int
  37 smb_md5_getmech(smb_sign_mech_t *mech)
  38 {
  39         crypto_mech_type_t t;
  40
  41         t = crypto_mech2id(SUN_CKM_MD5);
  42         if (t == CRYPTO_MECH_INVALID)
  43                 return (-1);
  44         mech->cm_type = t;
  45         return (0);
  46 }
  47
  48 /*
  49  * Start the KCF session, load the key
  50  */
  51 int
  52 smb_md5_init(smb_sign_ctx_t *ctxp, smb_sign_mech_t *mech)
  53 {
  54         int rv;
  55
  56         rv = crypto_digest_init(mech, ctxp, NULL);
  57
  58         return (rv == CRYPTO_SUCCESS ? 0 : -1);
  59 }
  60
  61 /*
  62  * Digest one segment
  63  */
  64 int
  65 smb_md5_update(smb_sign_ctx_t ctx, void *buf, size_t len)
  66 {
  67         crypto_data_t data;
  68         int rv;
  69
  70         bzero(&data, sizeof (data));
  71         data.cd_format = CRYPTO_DATA_RAW;
  72         data.cd_length = len;
  73         data.cd_raw.iov_base = buf;
  74         data.cd_raw.iov_len = len;
  75
  76         rv = crypto_digest_update(ctx, &data, 0);
  77
  78         return (rv == CRYPTO_SUCCESS ? 0 : -1);
  79 }
  80
  81 /*
  82  * Get the final digest.
  83  */
  84 int
  85 smb_md5_final(smb_sign_ctx_t ctx, uint8_t *digest16)
  86 {
  87         crypto_data_t out;
  88         int rv;
  89
  90         bzero(&out, sizeof (out));
  91         out.cd_format = CRYPTO_DATA_RAW;
  92         out.cd_length = MD5_DIGEST_LENGTH;
  93         out.cd_raw.iov_len = MD5_DIGEST_LENGTH;
  94         out.cd_raw.iov_base = (void *)digest16;
  95
  96         rv = crypto_digest_final(ctx, &out, 0);
  97
  98         return (rv == CRYPTO_SUCCESS ? 0 : -1);
  99 }