10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 55072Smcpowers * Common Development and Distribution License (the "License"). 65072Smcpowers * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 210Sstevel@tonic-gate /* 22*7656SSherry.Moore@Sun.COM * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 230Sstevel@tonic-gate * Use is subject to license terms. 240Sstevel@tonic-gate */ 250Sstevel@tonic-gate 260Sstevel@tonic-gate 270Sstevel@tonic-gate /* 280Sstevel@tonic-gate * The ioctl interface for administrative commands. 290Sstevel@tonic-gate */ 300Sstevel@tonic-gate 310Sstevel@tonic-gate #include <sys/types.h> 320Sstevel@tonic-gate #include <sys/modctl.h> 330Sstevel@tonic-gate #include <sys/conf.h> 340Sstevel@tonic-gate #include <sys/stat.h> 350Sstevel@tonic-gate #include <sys/ddi.h> 360Sstevel@tonic-gate #include <sys/sunddi.h> 370Sstevel@tonic-gate #include <sys/kmem.h> 380Sstevel@tonic-gate #include <sys/errno.h> 390Sstevel@tonic-gate #include <sys/ksynch.h> 400Sstevel@tonic-gate #include <sys/file.h> 410Sstevel@tonic-gate #include <sys/open.h> 420Sstevel@tonic-gate #include <sys/cred.h> 430Sstevel@tonic-gate #include <sys/model.h> 440Sstevel@tonic-gate #include <sys/sysmacros.h> 450Sstevel@tonic-gate #include <sys/crypto/common.h> 460Sstevel@tonic-gate #include <sys/crypto/api.h> 470Sstevel@tonic-gate #include <sys/crypto/impl.h> 480Sstevel@tonic-gate #include <sys/crypto/sched_impl.h> 490Sstevel@tonic-gate #include <sys/crypto/ioctladmin.h> 500Sstevel@tonic-gate #include <c2/audit.h> 510Sstevel@tonic-gate 520Sstevel@tonic-gate /* 530Sstevel@tonic-gate * DDI entry points. 540Sstevel@tonic-gate */ 550Sstevel@tonic-gate static int cryptoadm_attach(dev_info_t *, ddi_attach_cmd_t); 560Sstevel@tonic-gate static int cryptoadm_detach(dev_info_t *, ddi_detach_cmd_t); 570Sstevel@tonic-gate static int cryptoadm_getinfo(dev_info_t *, ddi_info_cmd_t, void *, void **); 580Sstevel@tonic-gate static int cryptoadm_open(dev_t *, int, int, cred_t *); 590Sstevel@tonic-gate static int cryptoadm_close(dev_t, int, int, cred_t *); 600Sstevel@tonic-gate static int cryptoadm_ioctl(dev_t, int, intptr_t, int, cred_t *, int *); 610Sstevel@tonic-gate 620Sstevel@tonic-gate extern void audit_cryptoadm(int, char *, crypto_mech_name_t *, uint_t, 630Sstevel@tonic-gate uint_t, uint32_t, int); 640Sstevel@tonic-gate /* 650Sstevel@tonic-gate * Module linkage. 660Sstevel@tonic-gate */ 670Sstevel@tonic-gate static struct cb_ops cbops = { 680Sstevel@tonic-gate cryptoadm_open, /* cb_open */ 690Sstevel@tonic-gate cryptoadm_close, /* cb_close */ 700Sstevel@tonic-gate nodev, /* cb_strategy */ 710Sstevel@tonic-gate nodev, /* cb_print */ 720Sstevel@tonic-gate nodev, /* cb_dump */ 730Sstevel@tonic-gate nodev, /* cb_read */ 740Sstevel@tonic-gate nodev, /* cb_write */ 750Sstevel@tonic-gate cryptoadm_ioctl, /* cb_ioctl */ 760Sstevel@tonic-gate nodev, /* cb_devmap */ 770Sstevel@tonic-gate nodev, /* cb_mmap */ 780Sstevel@tonic-gate nodev, /* cb_segmap */ 790Sstevel@tonic-gate nochpoll, /* cb_chpoll */ 800Sstevel@tonic-gate ddi_prop_op, /* cb_prop_op */ 810Sstevel@tonic-gate NULL, /* cb_streamtab */ 820Sstevel@tonic-gate D_MP, /* cb_flag */ 830Sstevel@tonic-gate CB_REV, /* cb_rev */ 840Sstevel@tonic-gate nodev, /* cb_aread */ 850Sstevel@tonic-gate nodev, /* cb_awrite */ 860Sstevel@tonic-gate }; 870Sstevel@tonic-gate 880Sstevel@tonic-gate static struct dev_ops devops = { 890Sstevel@tonic-gate DEVO_REV, /* devo_rev */ 900Sstevel@tonic-gate 0, /* devo_refcnt */ 910Sstevel@tonic-gate cryptoadm_getinfo, /* devo_getinfo */ 920Sstevel@tonic-gate nulldev, /* devo_identify */ 930Sstevel@tonic-gate nulldev, /* devo_probe */ 940Sstevel@tonic-gate cryptoadm_attach, /* devo_attach */ 950Sstevel@tonic-gate cryptoadm_detach, /* devo_detach */ 960Sstevel@tonic-gate nodev, /* devo_reset */ 970Sstevel@tonic-gate &cbops, /* devo_cb_ops */ 980Sstevel@tonic-gate NULL, /* devo_bus_ops */ 990Sstevel@tonic-gate NULL, /* devo_power */ 100*7656SSherry.Moore@Sun.COM ddi_quiesce_not_needed, /* devo_quiesce */ 1010Sstevel@tonic-gate }; 1020Sstevel@tonic-gate 1030Sstevel@tonic-gate static struct modldrv modldrv = { 1040Sstevel@tonic-gate &mod_driverops, /* drv_modops */ 1055072Smcpowers "Cryptographic Administrative Interface", /* drv_linkinfo */ 1060Sstevel@tonic-gate &devops, 1070Sstevel@tonic-gate }; 1080Sstevel@tonic-gate 1090Sstevel@tonic-gate static struct modlinkage modlinkage = { 1100Sstevel@tonic-gate MODREV_1, /* ml_rev */ 1110Sstevel@tonic-gate &modldrv, /* ml_linkage */ 1120Sstevel@tonic-gate NULL 1130Sstevel@tonic-gate }; 1140Sstevel@tonic-gate 1150Sstevel@tonic-gate static dev_info_t *cryptoadm_dip = NULL; 1160Sstevel@tonic-gate 1170Sstevel@tonic-gate /* 1180Sstevel@tonic-gate * DDI entry points. 1190Sstevel@tonic-gate */ 1200Sstevel@tonic-gate int 1210Sstevel@tonic-gate _init(void) 1220Sstevel@tonic-gate { 1230Sstevel@tonic-gate return (mod_install(&modlinkage)); 1240Sstevel@tonic-gate } 1250Sstevel@tonic-gate 1260Sstevel@tonic-gate int 1270Sstevel@tonic-gate _fini(void) 1280Sstevel@tonic-gate { 1290Sstevel@tonic-gate return (mod_remove(&modlinkage)); 1300Sstevel@tonic-gate } 1310Sstevel@tonic-gate 1320Sstevel@tonic-gate int 1330Sstevel@tonic-gate _info(struct modinfo *modinfop) 1340Sstevel@tonic-gate { 1350Sstevel@tonic-gate return (mod_info(&modlinkage, modinfop)); 1360Sstevel@tonic-gate } 1370Sstevel@tonic-gate 1380Sstevel@tonic-gate /* ARGSUSED */ 1390Sstevel@tonic-gate static int 1400Sstevel@tonic-gate cryptoadm_getinfo(dev_info_t *dip, ddi_info_cmd_t cmd, void *arg, void **result) 1410Sstevel@tonic-gate { 1420Sstevel@tonic-gate switch (cmd) { 1430Sstevel@tonic-gate case DDI_INFO_DEVT2DEVINFO: 1440Sstevel@tonic-gate *result = (void *)cryptoadm_dip; 1450Sstevel@tonic-gate return (DDI_SUCCESS); 1460Sstevel@tonic-gate 1470Sstevel@tonic-gate case DDI_INFO_DEVT2INSTANCE: 1480Sstevel@tonic-gate *result = (void *)0; 1490Sstevel@tonic-gate return (DDI_SUCCESS); 1500Sstevel@tonic-gate } 1510Sstevel@tonic-gate return (DDI_FAILURE); 1520Sstevel@tonic-gate } 1530Sstevel@tonic-gate 1540Sstevel@tonic-gate static int 1550Sstevel@tonic-gate cryptoadm_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 1560Sstevel@tonic-gate { 1570Sstevel@tonic-gate if (cmd != DDI_ATTACH) { 1580Sstevel@tonic-gate return (DDI_FAILURE); 1590Sstevel@tonic-gate } 1600Sstevel@tonic-gate if (ddi_get_instance(dip) != 0) { 1610Sstevel@tonic-gate /* we only allow instance 0 to attach */ 1620Sstevel@tonic-gate return (DDI_FAILURE); 1630Sstevel@tonic-gate } 1640Sstevel@tonic-gate 1650Sstevel@tonic-gate /* create the minor node */ 1660Sstevel@tonic-gate if (ddi_create_minor_node(dip, "cryptoadm", S_IFCHR, 0, 1670Sstevel@tonic-gate DDI_PSEUDO, 0) != DDI_SUCCESS) { 1680Sstevel@tonic-gate cmn_err(CE_WARN, "cryptoadm: failed creating minor node"); 1690Sstevel@tonic-gate ddi_remove_minor_node(dip, NULL); 1700Sstevel@tonic-gate return (DDI_FAILURE); 1710Sstevel@tonic-gate } 1720Sstevel@tonic-gate 1730Sstevel@tonic-gate cryptoadm_dip = dip; 1740Sstevel@tonic-gate 1750Sstevel@tonic-gate return (DDI_SUCCESS); 1760Sstevel@tonic-gate } 1770Sstevel@tonic-gate 1780Sstevel@tonic-gate static int 1790Sstevel@tonic-gate cryptoadm_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 1800Sstevel@tonic-gate { 1810Sstevel@tonic-gate if (cmd != DDI_DETACH) 1820Sstevel@tonic-gate return (DDI_FAILURE); 1830Sstevel@tonic-gate 1840Sstevel@tonic-gate cryptoadm_dip = NULL; 1850Sstevel@tonic-gate ddi_remove_minor_node(dip, NULL); 1860Sstevel@tonic-gate 1870Sstevel@tonic-gate return (DDI_SUCCESS); 1880Sstevel@tonic-gate } 1890Sstevel@tonic-gate 1900Sstevel@tonic-gate /* ARGSUSED */ 1910Sstevel@tonic-gate static int 1920Sstevel@tonic-gate cryptoadm_open(dev_t *devp, int flag, int otyp, cred_t *credp) 1930Sstevel@tonic-gate { 1940Sstevel@tonic-gate if (otyp != OTYP_CHR || cryptoadm_dip == NULL) 1950Sstevel@tonic-gate return (ENXIO); 1960Sstevel@tonic-gate 1970Sstevel@tonic-gate /* exclusive opens are not supported */ 1980Sstevel@tonic-gate if (flag & FEXCL) 1990Sstevel@tonic-gate return (ENOTSUP); 2000Sstevel@tonic-gate 2010Sstevel@tonic-gate *devp = makedevice(getmajor(*devp), 0); 2020Sstevel@tonic-gate 2030Sstevel@tonic-gate kcf_sched_start(); 2040Sstevel@tonic-gate 2050Sstevel@tonic-gate return (0); 2060Sstevel@tonic-gate } 2070Sstevel@tonic-gate 2080Sstevel@tonic-gate /* ARGSUSED */ 2090Sstevel@tonic-gate static int 2100Sstevel@tonic-gate cryptoadm_close(dev_t dev, int flag, int otyp, cred_t *credp) 2110Sstevel@tonic-gate { 2120Sstevel@tonic-gate return (0); 2130Sstevel@tonic-gate } 2140Sstevel@tonic-gate 2150Sstevel@tonic-gate /* 2160Sstevel@tonic-gate * Returns TRUE if array of size MAXNAMELEN contains a '\0' 2170Sstevel@tonic-gate * termination character, otherwise, it returns FALSE. 2180Sstevel@tonic-gate */ 2190Sstevel@tonic-gate static boolean_t 2200Sstevel@tonic-gate null_terminated(char *array) 2210Sstevel@tonic-gate { 2220Sstevel@tonic-gate int i; 2230Sstevel@tonic-gate 2240Sstevel@tonic-gate for (i = 0; i < MAXNAMELEN; i++) 2250Sstevel@tonic-gate if (array[i] == '\0') 2260Sstevel@tonic-gate return (B_TRUE); 2270Sstevel@tonic-gate 2280Sstevel@tonic-gate return (B_FALSE); 2290Sstevel@tonic-gate } 2300Sstevel@tonic-gate 2310Sstevel@tonic-gate /* 2320Sstevel@tonic-gate * This ioctl returns an array of hardware providers. Each entry 2330Sstevel@tonic-gate * contains a device name, device instance, and number of 2340Sstevel@tonic-gate * supported mechanisms. 2350Sstevel@tonic-gate */ 2360Sstevel@tonic-gate /* ARGSUSED */ 2370Sstevel@tonic-gate static int 2380Sstevel@tonic-gate get_dev_list(dev_t dev, caddr_t arg, int mode, int *rval) 2390Sstevel@tonic-gate { 2400Sstevel@tonic-gate crypto_get_dev_list_t dev_list; 2410Sstevel@tonic-gate crypto_dev_list_entry_t *entries; 2420Sstevel@tonic-gate size_t copyout_size; 2430Sstevel@tonic-gate uint_t count; 2440Sstevel@tonic-gate ulong_t offset; 2450Sstevel@tonic-gate 2460Sstevel@tonic-gate if (copyin(arg, &dev_list, sizeof (dev_list)) != 0) 2470Sstevel@tonic-gate return (EFAULT); 2480Sstevel@tonic-gate 2490Sstevel@tonic-gate /* get the list from the core module */ 2500Sstevel@tonic-gate if (crypto_get_dev_list(&count, &entries) != 0) { 2510Sstevel@tonic-gate dev_list.dl_return_value = CRYPTO_FAILED; 2520Sstevel@tonic-gate if (copyout(&dev_list, arg, sizeof (dev_list)) != 0) { 2530Sstevel@tonic-gate return (EFAULT); 2540Sstevel@tonic-gate } 2550Sstevel@tonic-gate return (0); 2560Sstevel@tonic-gate } 2570Sstevel@tonic-gate 2580Sstevel@tonic-gate /* check if buffer is too small */ 2590Sstevel@tonic-gate if (count > dev_list.dl_dev_count) { 2600Sstevel@tonic-gate dev_list.dl_dev_count = count; 2610Sstevel@tonic-gate dev_list.dl_return_value = CRYPTO_BUFFER_TOO_SMALL; 2620Sstevel@tonic-gate crypto_free_dev_list(entries, count); 2630Sstevel@tonic-gate if (copyout(&dev_list, arg, sizeof (dev_list)) != 0) { 2640Sstevel@tonic-gate return (EFAULT); 2650Sstevel@tonic-gate } 2660Sstevel@tonic-gate return (0); 2670Sstevel@tonic-gate } 2680Sstevel@tonic-gate 2690Sstevel@tonic-gate dev_list.dl_dev_count = count; 2700Sstevel@tonic-gate dev_list.dl_return_value = CRYPTO_SUCCESS; 2710Sstevel@tonic-gate 2720Sstevel@tonic-gate copyout_size = count * sizeof (crypto_dev_list_entry_t); 2730Sstevel@tonic-gate 2740Sstevel@tonic-gate /* copyout the first stuff */ 2750Sstevel@tonic-gate if (copyout(&dev_list, arg, sizeof (dev_list)) != 0) { 2760Sstevel@tonic-gate crypto_free_dev_list(entries, count); 2770Sstevel@tonic-gate return (EFAULT); 2780Sstevel@tonic-gate } 2790Sstevel@tonic-gate 2800Sstevel@tonic-gate /* copyout entries */ 2810Sstevel@tonic-gate offset = offsetof(crypto_get_dev_list_t, dl_devs); 2820Sstevel@tonic-gate if (count > 0 && copyout(entries, arg + offset, copyout_size) != 0) { 2830Sstevel@tonic-gate crypto_free_dev_list(entries, count); 2840Sstevel@tonic-gate return (EFAULT); 2850Sstevel@tonic-gate } 2860Sstevel@tonic-gate crypto_free_dev_list(entries, count); 2870Sstevel@tonic-gate return (0); 2880Sstevel@tonic-gate } 2890Sstevel@tonic-gate 2900Sstevel@tonic-gate /* 2910Sstevel@tonic-gate * This ioctl returns a buffer containing the null terminated names 2920Sstevel@tonic-gate * of software providers. 2930Sstevel@tonic-gate */ 2940Sstevel@tonic-gate /* ARGSUSED */ 2950Sstevel@tonic-gate static int 2960Sstevel@tonic-gate get_soft_list(dev_t dev, caddr_t arg, int mode, int *rval) 2970Sstevel@tonic-gate { 2980Sstevel@tonic-gate STRUCT_DECL(crypto_get_soft_list, soft_list); 2990Sstevel@tonic-gate char *names; 3000Sstevel@tonic-gate size_t len; 3010Sstevel@tonic-gate uint_t count; 3020Sstevel@tonic-gate 3030Sstevel@tonic-gate STRUCT_INIT(soft_list, mode); 3040Sstevel@tonic-gate 3050Sstevel@tonic-gate if (copyin(arg, STRUCT_BUF(soft_list), STRUCT_SIZE(soft_list)) != 0) 3060Sstevel@tonic-gate return (EFAULT); 3070Sstevel@tonic-gate 3080Sstevel@tonic-gate /* get the list from the core module */ 3090Sstevel@tonic-gate if (crypto_get_soft_list(&count, &names, &len) != 0) { 3100Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_return_value, CRYPTO_FAILED); 3110Sstevel@tonic-gate if (copyout(STRUCT_BUF(soft_list), arg, 3120Sstevel@tonic-gate STRUCT_SIZE(soft_list)) != 0) { 3130Sstevel@tonic-gate return (EFAULT); 3140Sstevel@tonic-gate } 3150Sstevel@tonic-gate return (0); 3160Sstevel@tonic-gate } 3170Sstevel@tonic-gate 3180Sstevel@tonic-gate /* check if buffer is too small */ 3190Sstevel@tonic-gate if (len > STRUCT_FGET(soft_list, sl_soft_len)) { 3200Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_soft_count, count); 3210Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_soft_len, len); 3220Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_return_value, 3230Sstevel@tonic-gate CRYPTO_BUFFER_TOO_SMALL); 3240Sstevel@tonic-gate kmem_free(names, len); 3250Sstevel@tonic-gate if (copyout(STRUCT_BUF(soft_list), arg, 3260Sstevel@tonic-gate STRUCT_SIZE(soft_list)) != 0) { 3270Sstevel@tonic-gate return (EFAULT); 3280Sstevel@tonic-gate } 3290Sstevel@tonic-gate return (0); 3300Sstevel@tonic-gate } 3310Sstevel@tonic-gate 3320Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_soft_count, count); 3330Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_soft_len, len); 3340Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_return_value, CRYPTO_SUCCESS); 3350Sstevel@tonic-gate 3360Sstevel@tonic-gate if (count > 0 && copyout(names, 3370Sstevel@tonic-gate STRUCT_FGETP(soft_list, sl_soft_names), len) != 0) { 3380Sstevel@tonic-gate kmem_free(names, len); 3390Sstevel@tonic-gate return (EFAULT); 3400Sstevel@tonic-gate } 3410Sstevel@tonic-gate kmem_free(names, len); 3420Sstevel@tonic-gate 3430Sstevel@tonic-gate if (copyout(STRUCT_BUF(soft_list), arg, STRUCT_SIZE(soft_list)) != 0) { 3440Sstevel@tonic-gate return (EFAULT); 3450Sstevel@tonic-gate } 3460Sstevel@tonic-gate 3470Sstevel@tonic-gate return (0); 3480Sstevel@tonic-gate } 3490Sstevel@tonic-gate 3500Sstevel@tonic-gate /* 3510Sstevel@tonic-gate * This ioctl returns an array of mechanisms supported by the 3520Sstevel@tonic-gate * specified device. 3530Sstevel@tonic-gate */ 3540Sstevel@tonic-gate /* ARGSUSED */ 3550Sstevel@tonic-gate static int 3560Sstevel@tonic-gate get_dev_info(dev_t dev, caddr_t arg, int mode, int *rval) 3570Sstevel@tonic-gate { 3580Sstevel@tonic-gate crypto_get_dev_info_t dev_info; 3590Sstevel@tonic-gate crypto_mech_name_t *entries; 3600Sstevel@tonic-gate size_t copyout_size; 3610Sstevel@tonic-gate uint_t count; 3620Sstevel@tonic-gate ulong_t offset; 3630Sstevel@tonic-gate char *dev_name; 3640Sstevel@tonic-gate int rv; 3650Sstevel@tonic-gate 3660Sstevel@tonic-gate if (copyin(arg, &dev_info, sizeof (dev_info)) != 0) 3670Sstevel@tonic-gate return (EFAULT); 3680Sstevel@tonic-gate 3690Sstevel@tonic-gate dev_name = dev_info.di_dev_name; 3700Sstevel@tonic-gate /* make sure the device name is null terminated */ 3710Sstevel@tonic-gate if (!null_terminated(dev_name)) { 3720Sstevel@tonic-gate dev_info.di_return_value = CRYPTO_ARGUMENTS_BAD; 3730Sstevel@tonic-gate if (copyout(&dev_info, arg, sizeof (dev_info)) != 0) { 3740Sstevel@tonic-gate return (EFAULT); 3750Sstevel@tonic-gate } 3760Sstevel@tonic-gate return (0); 3770Sstevel@tonic-gate } 3780Sstevel@tonic-gate 3790Sstevel@tonic-gate /* get mechanism names from the core module */ 3800Sstevel@tonic-gate if ((rv = crypto_get_dev_info(dev_name, dev_info.di_dev_instance, 3810Sstevel@tonic-gate &count, &entries)) != CRYPTO_SUCCESS) { 3820Sstevel@tonic-gate dev_info.di_return_value = rv; 3830Sstevel@tonic-gate if (copyout(&dev_info, arg, sizeof (dev_info)) != 0) { 3840Sstevel@tonic-gate return (EFAULT); 3850Sstevel@tonic-gate } 3860Sstevel@tonic-gate return (0); 3870Sstevel@tonic-gate } 3880Sstevel@tonic-gate 3890Sstevel@tonic-gate /* check if buffer is too small */ 3900Sstevel@tonic-gate if (count > dev_info.di_count) { 3910Sstevel@tonic-gate dev_info.di_count = count; 3920Sstevel@tonic-gate dev_info.di_return_value = CRYPTO_BUFFER_TOO_SMALL; 3930Sstevel@tonic-gate crypto_free_mech_list(entries, count); 3940Sstevel@tonic-gate if (copyout(&dev_info, arg, sizeof (dev_info)) != 0) { 3950Sstevel@tonic-gate return (EFAULT); 3960Sstevel@tonic-gate } 3970Sstevel@tonic-gate return (0); 3980Sstevel@tonic-gate } 3990Sstevel@tonic-gate 4000Sstevel@tonic-gate dev_info.di_count = count; 4010Sstevel@tonic-gate dev_info.di_return_value = CRYPTO_SUCCESS; 4020Sstevel@tonic-gate 4030Sstevel@tonic-gate copyout_size = count * sizeof (crypto_mech_name_t); 4040Sstevel@tonic-gate 4050Sstevel@tonic-gate /* copyout the first stuff */ 4060Sstevel@tonic-gate if (copyout(&dev_info, arg, sizeof (dev_info)) != 0) { 4070Sstevel@tonic-gate crypto_free_mech_list(entries, count); 4080Sstevel@tonic-gate return (EFAULT); 4090Sstevel@tonic-gate } 4100Sstevel@tonic-gate 4110Sstevel@tonic-gate /* copyout entries */ 4120Sstevel@tonic-gate offset = offsetof(crypto_get_dev_info_t, di_list); 4130Sstevel@tonic-gate if (copyout(entries, arg + offset, copyout_size) != 0) { 4140Sstevel@tonic-gate crypto_free_mech_list(entries, count); 4150Sstevel@tonic-gate return (EFAULT); 4160Sstevel@tonic-gate } 4170Sstevel@tonic-gate crypto_free_mech_list(entries, count); 4180Sstevel@tonic-gate return (0); 4190Sstevel@tonic-gate } 4200Sstevel@tonic-gate 4210Sstevel@tonic-gate /* 4220Sstevel@tonic-gate * This ioctl returns an array of mechanisms supported by the 4230Sstevel@tonic-gate * specified cryptographic module. 4240Sstevel@tonic-gate */ 4250Sstevel@tonic-gate /* ARGSUSED */ 4260Sstevel@tonic-gate static int 4270Sstevel@tonic-gate get_soft_info(dev_t dev, caddr_t arg, int mode, int *rval) 4280Sstevel@tonic-gate { 4290Sstevel@tonic-gate crypto_get_soft_info_t soft_info; 4300Sstevel@tonic-gate crypto_mech_name_t *entries; 4310Sstevel@tonic-gate size_t copyout_size; 4320Sstevel@tonic-gate uint_t count; 4330Sstevel@tonic-gate ulong_t offset; 4340Sstevel@tonic-gate char *name; 4350Sstevel@tonic-gate 4360Sstevel@tonic-gate if (copyin(arg, &soft_info, sizeof (soft_info)) != 0) 4370Sstevel@tonic-gate return (EFAULT); 4380Sstevel@tonic-gate 4390Sstevel@tonic-gate name = soft_info.si_name; 4400Sstevel@tonic-gate /* make sure the provider name is null terminated */ 4410Sstevel@tonic-gate if (!null_terminated(name)) { 4420Sstevel@tonic-gate soft_info.si_return_value = CRYPTO_ARGUMENTS_BAD; 4430Sstevel@tonic-gate if (copyout(&soft_info, arg, sizeof (soft_info)) != 0) { 4440Sstevel@tonic-gate return (EFAULT); 4450Sstevel@tonic-gate } 4460Sstevel@tonic-gate return (0); 4470Sstevel@tonic-gate } 4480Sstevel@tonic-gate 4490Sstevel@tonic-gate /* get mechanism names from the core module */ 4500Sstevel@tonic-gate if (crypto_get_soft_info(name, &count, &entries) != 0) { 4510Sstevel@tonic-gate soft_info.si_return_value = CRYPTO_FAILED; 4520Sstevel@tonic-gate if (copyout(&soft_info, arg, sizeof (soft_info)) != 0) { 4530Sstevel@tonic-gate return (EFAULT); 4540Sstevel@tonic-gate } 4550Sstevel@tonic-gate return (0); 4560Sstevel@tonic-gate } 4570Sstevel@tonic-gate 4580Sstevel@tonic-gate /* check if buffer is too small */ 4590Sstevel@tonic-gate if (count > soft_info.si_count) { 4600Sstevel@tonic-gate soft_info.si_count = count; 4610Sstevel@tonic-gate soft_info.si_return_value = CRYPTO_BUFFER_TOO_SMALL; 4620Sstevel@tonic-gate crypto_free_mech_list(entries, count); 4630Sstevel@tonic-gate if (copyout(&soft_info, arg, sizeof (soft_info)) != 0) { 4640Sstevel@tonic-gate return (EFAULT); 4650Sstevel@tonic-gate } 4660Sstevel@tonic-gate return (0); 4670Sstevel@tonic-gate } 4680Sstevel@tonic-gate 4690Sstevel@tonic-gate soft_info.si_count = count; 4700Sstevel@tonic-gate soft_info.si_return_value = CRYPTO_SUCCESS; 4710Sstevel@tonic-gate copyout_size = count * sizeof (crypto_mech_name_t); 4720Sstevel@tonic-gate 4730Sstevel@tonic-gate /* copyout the first stuff */ 4740Sstevel@tonic-gate if (copyout(&soft_info, arg, sizeof (soft_info)) != 0) { 4750Sstevel@tonic-gate crypto_free_mech_list(entries, count); 4760Sstevel@tonic-gate return (EFAULT); 4770Sstevel@tonic-gate } 4780Sstevel@tonic-gate 4790Sstevel@tonic-gate /* copyout entries */ 4800Sstevel@tonic-gate offset = offsetof(crypto_get_soft_info_t, si_list); 4810Sstevel@tonic-gate if (copyout(entries, arg + offset, copyout_size) != 0) { 4820Sstevel@tonic-gate crypto_free_mech_list(entries, count); 4830Sstevel@tonic-gate return (EFAULT); 4840Sstevel@tonic-gate } 4850Sstevel@tonic-gate crypto_free_mech_list(entries, count); 4860Sstevel@tonic-gate return (0); 4870Sstevel@tonic-gate } 4880Sstevel@tonic-gate 4890Sstevel@tonic-gate /* 4900Sstevel@tonic-gate * This ioctl disables mechanisms supported by the specified device. 4910Sstevel@tonic-gate */ 4920Sstevel@tonic-gate /* ARGSUSED */ 4930Sstevel@tonic-gate static int 4940Sstevel@tonic-gate load_dev_disabled(dev_t dev, caddr_t arg, int mode, int *rval) 4950Sstevel@tonic-gate { 4960Sstevel@tonic-gate crypto_load_dev_disabled_t dev_disabled; 4970Sstevel@tonic-gate crypto_mech_name_t *entries; 4980Sstevel@tonic-gate size_t size; 4990Sstevel@tonic-gate ulong_t offset; 5000Sstevel@tonic-gate uint_t count; 5010Sstevel@tonic-gate uint_t instance; 5020Sstevel@tonic-gate char *dev_name; 5030Sstevel@tonic-gate uint32_t rv; 5040Sstevel@tonic-gate int error = 0; 5050Sstevel@tonic-gate 5060Sstevel@tonic-gate if (copyin(arg, &dev_disabled, sizeof (dev_disabled)) != 0) { 5070Sstevel@tonic-gate error = EFAULT; 5080Sstevel@tonic-gate goto out2; 5090Sstevel@tonic-gate } 5100Sstevel@tonic-gate 5110Sstevel@tonic-gate dev_name = dev_disabled.dd_dev_name; 5120Sstevel@tonic-gate /* make sure the device name is null terminated */ 5130Sstevel@tonic-gate if (!null_terminated(dev_name)) { 5140Sstevel@tonic-gate rv = CRYPTO_ARGUMENTS_BAD; 5150Sstevel@tonic-gate goto out; 5160Sstevel@tonic-gate } 5170Sstevel@tonic-gate 5180Sstevel@tonic-gate count = dev_disabled.dd_count; 5190Sstevel@tonic-gate instance = dev_disabled.dd_dev_instance; 5200Sstevel@tonic-gate if (count == 0) { 5210Sstevel@tonic-gate /* remove the entry */ 5220Sstevel@tonic-gate if (crypto_load_dev_disabled(dev_name, instance, 0, NULL) != 0) 5230Sstevel@tonic-gate rv = CRYPTO_FAILED; 5240Sstevel@tonic-gate else 5250Sstevel@tonic-gate rv = CRYPTO_SUCCESS; 5260Sstevel@tonic-gate goto out; 5270Sstevel@tonic-gate } 5280Sstevel@tonic-gate 5290Sstevel@tonic-gate if (count > KCF_MAXMECHS) { 5300Sstevel@tonic-gate rv = CRYPTO_ARGUMENTS_BAD; 5310Sstevel@tonic-gate goto out; 5320Sstevel@tonic-gate } 5330Sstevel@tonic-gate 5340Sstevel@tonic-gate size = count * sizeof (crypto_mech_name_t); 5350Sstevel@tonic-gate entries = kmem_alloc(size, KM_SLEEP); 5360Sstevel@tonic-gate 5370Sstevel@tonic-gate offset = offsetof(crypto_load_dev_disabled_t, dd_list); 5380Sstevel@tonic-gate if (copyin(arg + offset, entries, size) != 0) { 5390Sstevel@tonic-gate kmem_free(entries, size); 5400Sstevel@tonic-gate error = EFAULT; 5410Sstevel@tonic-gate goto out2; 5420Sstevel@tonic-gate } 5430Sstevel@tonic-gate 5440Sstevel@tonic-gate /* 'entries' consumed (but not freed) by crypto_load_dev_disabled() */ 5450Sstevel@tonic-gate if (crypto_load_dev_disabled(dev_name, instance, count, entries) != 0) { 5460Sstevel@tonic-gate kmem_free(entries, size); 5470Sstevel@tonic-gate rv = CRYPTO_FAILED; 5480Sstevel@tonic-gate goto out; 5490Sstevel@tonic-gate } 5500Sstevel@tonic-gate rv = CRYPTO_SUCCESS; 5510Sstevel@tonic-gate out: 5520Sstevel@tonic-gate dev_disabled.dd_return_value = rv; 5530Sstevel@tonic-gate 5540Sstevel@tonic-gate if (copyout(&dev_disabled, arg, sizeof (dev_disabled)) != 0) { 5550Sstevel@tonic-gate error = EFAULT; 5560Sstevel@tonic-gate } 5570Sstevel@tonic-gate out2: 5580Sstevel@tonic-gate if (audit_active) 5590Sstevel@tonic-gate audit_cryptoadm(CRYPTO_LOAD_DEV_DISABLED, dev_name, entries, 5600Sstevel@tonic-gate count, instance, rv, error); 5610Sstevel@tonic-gate return (error); 5620Sstevel@tonic-gate } 5630Sstevel@tonic-gate 5640Sstevel@tonic-gate /* 5650Sstevel@tonic-gate * This ioctl disables mechanisms supported by the specified 5660Sstevel@tonic-gate * cryptographic module. 5670Sstevel@tonic-gate */ 5680Sstevel@tonic-gate /* ARGSUSED */ 5690Sstevel@tonic-gate static int 5700Sstevel@tonic-gate load_soft_disabled(dev_t dev, caddr_t arg, int mode, int *rval) 5710Sstevel@tonic-gate { 5720Sstevel@tonic-gate crypto_load_soft_disabled_t soft_disabled; 5730Sstevel@tonic-gate crypto_mech_name_t *entries; 5740Sstevel@tonic-gate size_t size; 5750Sstevel@tonic-gate uint_t count; 5760Sstevel@tonic-gate ulong_t offset; 5770Sstevel@tonic-gate char *name; 5780Sstevel@tonic-gate uint32_t rv; 5790Sstevel@tonic-gate int error = 0; 5800Sstevel@tonic-gate 5810Sstevel@tonic-gate if (copyin(arg, &soft_disabled, sizeof (soft_disabled)) != 0) { 5820Sstevel@tonic-gate error = EFAULT; 5830Sstevel@tonic-gate goto out2; 5840Sstevel@tonic-gate } 5850Sstevel@tonic-gate 5860Sstevel@tonic-gate name = soft_disabled.sd_name; 5870Sstevel@tonic-gate /* make sure the name is null terminated */ 5880Sstevel@tonic-gate if (!null_terminated(name)) { 5890Sstevel@tonic-gate soft_disabled.sd_return_value = CRYPTO_ARGUMENTS_BAD; 5900Sstevel@tonic-gate if (copyout(&soft_disabled, arg, sizeof (soft_disabled)) != 0) { 5910Sstevel@tonic-gate return (EFAULT); 5920Sstevel@tonic-gate } 5930Sstevel@tonic-gate return (0); 5940Sstevel@tonic-gate } 5950Sstevel@tonic-gate 5960Sstevel@tonic-gate count = soft_disabled.sd_count; 5970Sstevel@tonic-gate if (count == 0) { 5980Sstevel@tonic-gate /* remove the entry */ 5990Sstevel@tonic-gate if (crypto_load_soft_disabled(name, 0, NULL) != 0) { 6000Sstevel@tonic-gate rv = CRYPTO_FAILED; 6010Sstevel@tonic-gate } else { 6020Sstevel@tonic-gate rv = CRYPTO_SUCCESS; 6030Sstevel@tonic-gate } 6040Sstevel@tonic-gate goto out; 6050Sstevel@tonic-gate } 6060Sstevel@tonic-gate 6070Sstevel@tonic-gate if (count > KCF_MAXMECHS) { 6080Sstevel@tonic-gate rv = CRYPTO_ARGUMENTS_BAD; 6090Sstevel@tonic-gate goto out; 6100Sstevel@tonic-gate } 6110Sstevel@tonic-gate 6120Sstevel@tonic-gate size = count * sizeof (crypto_mech_name_t); 6130Sstevel@tonic-gate entries = kmem_alloc(size, KM_SLEEP); 6140Sstevel@tonic-gate 6150Sstevel@tonic-gate offset = offsetof(crypto_load_soft_disabled_t, sd_list); 6160Sstevel@tonic-gate if (copyin(arg + offset, entries, size) != 0) { 6170Sstevel@tonic-gate kmem_free(entries, size); 6180Sstevel@tonic-gate error = EFAULT; 6190Sstevel@tonic-gate goto out2; 6200Sstevel@tonic-gate } 6210Sstevel@tonic-gate 6220Sstevel@tonic-gate /* 'entries' is consumed by crypto_load_soft_disabled() */ 6230Sstevel@tonic-gate if (crypto_load_soft_disabled(name, count, entries) != 0) { 6240Sstevel@tonic-gate kmem_free(entries, size); 6250Sstevel@tonic-gate rv = CRYPTO_FAILED; 6260Sstevel@tonic-gate goto out; 6270Sstevel@tonic-gate } 6280Sstevel@tonic-gate rv = CRYPTO_SUCCESS; 6290Sstevel@tonic-gate out: 6300Sstevel@tonic-gate soft_disabled.sd_return_value = rv; 6310Sstevel@tonic-gate 6320Sstevel@tonic-gate if (copyout(&soft_disabled, arg, sizeof (soft_disabled)) != 0) { 6330Sstevel@tonic-gate error = EFAULT; 6340Sstevel@tonic-gate } 6350Sstevel@tonic-gate out2: 6360Sstevel@tonic-gate if (audit_active) 6370Sstevel@tonic-gate audit_cryptoadm(CRYPTO_LOAD_SOFT_DISABLED, name, entries, 6380Sstevel@tonic-gate count, 0, rv, error); 6390Sstevel@tonic-gate return (error); 6400Sstevel@tonic-gate } 6410Sstevel@tonic-gate 6420Sstevel@tonic-gate /* 6430Sstevel@tonic-gate * This ioctl loads the supported mechanisms of the specfied cryptographic 6440Sstevel@tonic-gate * module. This is so, at boot time, all software providers do not 6450Sstevel@tonic-gate * have to be opened in order to cause them to register their 6460Sstevel@tonic-gate * supported mechanisms. 6470Sstevel@tonic-gate */ 6480Sstevel@tonic-gate /* ARGSUSED */ 6490Sstevel@tonic-gate static int 6500Sstevel@tonic-gate load_soft_config(dev_t dev, caddr_t arg, int mode, int *rval) 6510Sstevel@tonic-gate { 6520Sstevel@tonic-gate crypto_load_soft_config_t soft_config; 6530Sstevel@tonic-gate crypto_mech_name_t *entries; 6540Sstevel@tonic-gate size_t size; 6550Sstevel@tonic-gate uint_t count; 6560Sstevel@tonic-gate ulong_t offset; 6570Sstevel@tonic-gate char *name; 6580Sstevel@tonic-gate uint32_t rv; 6590Sstevel@tonic-gate int error = 0; 6600Sstevel@tonic-gate 6610Sstevel@tonic-gate if (copyin(arg, &soft_config, sizeof (soft_config)) != 0) { 6620Sstevel@tonic-gate error = EFAULT; 6630Sstevel@tonic-gate goto out2; 6640Sstevel@tonic-gate } 6650Sstevel@tonic-gate 6660Sstevel@tonic-gate name = soft_config.sc_name; 6670Sstevel@tonic-gate /* make sure the name is null terminated */ 6680Sstevel@tonic-gate if (!null_terminated(name)) { 6690Sstevel@tonic-gate soft_config.sc_return_value = CRYPTO_ARGUMENTS_BAD; 6700Sstevel@tonic-gate if (copyout(&soft_config, arg, sizeof (soft_config)) != 0) { 6710Sstevel@tonic-gate return (EFAULT); 6720Sstevel@tonic-gate } 6730Sstevel@tonic-gate return (0); 6740Sstevel@tonic-gate } 6750Sstevel@tonic-gate 6760Sstevel@tonic-gate count = soft_config.sc_count; 6770Sstevel@tonic-gate if (count == 0) { 6780Sstevel@tonic-gate if (crypto_load_soft_config(name, 0, NULL) != 0) { 6790Sstevel@tonic-gate rv = CRYPTO_FAILED; 6800Sstevel@tonic-gate } else { 6810Sstevel@tonic-gate rv = CRYPTO_SUCCESS; 6820Sstevel@tonic-gate } 6830Sstevel@tonic-gate goto out; 6840Sstevel@tonic-gate } 6850Sstevel@tonic-gate 6860Sstevel@tonic-gate if (count > KCF_MAXMECHS) { 6870Sstevel@tonic-gate rv = CRYPTO_ARGUMENTS_BAD; 6880Sstevel@tonic-gate goto out; 6890Sstevel@tonic-gate } 6900Sstevel@tonic-gate 6910Sstevel@tonic-gate size = count * sizeof (crypto_mech_name_t); 6920Sstevel@tonic-gate entries = kmem_alloc(size, KM_SLEEP); 6930Sstevel@tonic-gate 6940Sstevel@tonic-gate offset = offsetof(crypto_load_soft_config_t, sc_list); 6950Sstevel@tonic-gate if (copyin(arg + offset, entries, size) != 0) { 6960Sstevel@tonic-gate kmem_free(entries, size); 6970Sstevel@tonic-gate error = EFAULT; 6980Sstevel@tonic-gate goto out2; 6990Sstevel@tonic-gate } 7000Sstevel@tonic-gate 7010Sstevel@tonic-gate /* 7020Sstevel@tonic-gate * 'entries' is consumed (but not freed) by 7030Sstevel@tonic-gate * crypto_load_soft_config() 7040Sstevel@tonic-gate */ 7050Sstevel@tonic-gate if (crypto_load_soft_config(name, count, entries) != 0) { 7060Sstevel@tonic-gate kmem_free(entries, size); 7070Sstevel@tonic-gate rv = CRYPTO_FAILED; 7080Sstevel@tonic-gate goto out; 7090Sstevel@tonic-gate } 7100Sstevel@tonic-gate rv = CRYPTO_SUCCESS; 7110Sstevel@tonic-gate out: 7120Sstevel@tonic-gate soft_config.sc_return_value = rv; 7130Sstevel@tonic-gate 7140Sstevel@tonic-gate if (copyout(&soft_config, arg, sizeof (soft_config)) != 0) { 7150Sstevel@tonic-gate error = EFAULT; 7160Sstevel@tonic-gate } 7170Sstevel@tonic-gate out2: 7180Sstevel@tonic-gate if (audit_active) 7190Sstevel@tonic-gate audit_cryptoadm(CRYPTO_LOAD_SOFT_CONFIG, name, entries, count, 7200Sstevel@tonic-gate 0, rv, error); 7210Sstevel@tonic-gate return (error); 7220Sstevel@tonic-gate } 7230Sstevel@tonic-gate 7240Sstevel@tonic-gate /* 7250Sstevel@tonic-gate * This ioctl unloads the specfied cryptographic module and removes 7260Sstevel@tonic-gate * its table of supported mechanisms. 7270Sstevel@tonic-gate */ 7280Sstevel@tonic-gate /* ARGSUSED */ 7290Sstevel@tonic-gate static int 7300Sstevel@tonic-gate unload_soft_module(dev_t dev, caddr_t arg, int mode, int *rval) 7310Sstevel@tonic-gate { 7320Sstevel@tonic-gate crypto_unload_soft_module_t unload_soft_module; 7330Sstevel@tonic-gate char *name; 7340Sstevel@tonic-gate uint32_t rv; 7350Sstevel@tonic-gate int error = 0; 7360Sstevel@tonic-gate 7370Sstevel@tonic-gate if (copyin(arg, &unload_soft_module, 7380Sstevel@tonic-gate sizeof (unload_soft_module)) != 0) { 7390Sstevel@tonic-gate error = EFAULT; 7400Sstevel@tonic-gate goto out2; 7410Sstevel@tonic-gate } 7420Sstevel@tonic-gate 7430Sstevel@tonic-gate name = unload_soft_module.sm_name; 7440Sstevel@tonic-gate /* make sure the name is null terminated */ 7450Sstevel@tonic-gate if (!null_terminated(name)) { 7460Sstevel@tonic-gate unload_soft_module.sm_return_value = CRYPTO_ARGUMENTS_BAD; 7470Sstevel@tonic-gate if (copyout(&unload_soft_module, arg, 7480Sstevel@tonic-gate sizeof (unload_soft_module)) != 0) { 7490Sstevel@tonic-gate return (EFAULT); 7500Sstevel@tonic-gate } 7510Sstevel@tonic-gate return (0); 7520Sstevel@tonic-gate } 7530Sstevel@tonic-gate 7540Sstevel@tonic-gate rv = crypto_unload_soft_module(name); 7550Sstevel@tonic-gate out: 7560Sstevel@tonic-gate unload_soft_module.sm_return_value = rv; 7570Sstevel@tonic-gate 7580Sstevel@tonic-gate if (copyout(&unload_soft_module, arg, 7590Sstevel@tonic-gate sizeof (unload_soft_module)) != 0) { 7600Sstevel@tonic-gate error = EFAULT; 7610Sstevel@tonic-gate } 7620Sstevel@tonic-gate out2: 7630Sstevel@tonic-gate if (audit_active) 7640Sstevel@tonic-gate audit_cryptoadm(CRYPTO_UNLOAD_SOFT_MODULE, name, NULL, 0, 0, 7650Sstevel@tonic-gate rv, error); 7660Sstevel@tonic-gate 7670Sstevel@tonic-gate return (error); 7680Sstevel@tonic-gate } 7690Sstevel@tonic-gate 7700Sstevel@tonic-gate /* 7710Sstevel@tonic-gate * This ioctl loads a door descriptor into the kernel. The descriptor 7720Sstevel@tonic-gate * is used for module verification. 7730Sstevel@tonic-gate */ 7740Sstevel@tonic-gate /* ARGSUSED */ 7750Sstevel@tonic-gate static int 7760Sstevel@tonic-gate load_door(dev_t dev, caddr_t arg, int mode, int *rval) 7770Sstevel@tonic-gate { 7780Sstevel@tonic-gate crypto_load_door_t load_door; 7790Sstevel@tonic-gate uint32_t rv; 7800Sstevel@tonic-gate int error = 0; 7810Sstevel@tonic-gate 7820Sstevel@tonic-gate if (copyin(arg, &load_door, sizeof (crypto_load_door_t)) != 0) { 7830Sstevel@tonic-gate error = EFAULT; 7840Sstevel@tonic-gate goto out2; 7850Sstevel@tonic-gate } 7860Sstevel@tonic-gate 7870Sstevel@tonic-gate if (crypto_load_door(load_door.ld_did) != 0) { 7880Sstevel@tonic-gate rv = CRYPTO_FAILED; 7890Sstevel@tonic-gate goto out; 7900Sstevel@tonic-gate } 7910Sstevel@tonic-gate rv = CRYPTO_SUCCESS; 7920Sstevel@tonic-gate out: 7930Sstevel@tonic-gate load_door.ld_return_value = rv; 7940Sstevel@tonic-gate 7950Sstevel@tonic-gate if (copyout(&load_door, arg, sizeof (crypto_load_door_t)) != 0) 7960Sstevel@tonic-gate error = EFAULT; 7970Sstevel@tonic-gate 7980Sstevel@tonic-gate out2: 7990Sstevel@tonic-gate if (audit_active) 8000Sstevel@tonic-gate audit_cryptoadm(CRYPTO_LOAD_DOOR, NULL, NULL, 8010Sstevel@tonic-gate 0, 0, rv, error); 8020Sstevel@tonic-gate return (error); 8030Sstevel@tonic-gate } 8040Sstevel@tonic-gate 8050Sstevel@tonic-gate static int 8060Sstevel@tonic-gate cryptoadm_ioctl(dev_t dev, int cmd, intptr_t arg, int mode, cred_t *c, 8070Sstevel@tonic-gate int *rval) 8080Sstevel@tonic-gate { 8090Sstevel@tonic-gate int error; 8100Sstevel@tonic-gate #define ARG ((caddr_t)arg) 8110Sstevel@tonic-gate 8120Sstevel@tonic-gate switch (cmd) { 8130Sstevel@tonic-gate case CRYPTO_LOAD_DEV_DISABLED: 8140Sstevel@tonic-gate case CRYPTO_LOAD_SOFT_DISABLED: 8150Sstevel@tonic-gate case CRYPTO_LOAD_SOFT_CONFIG: 8160Sstevel@tonic-gate case CRYPTO_UNLOAD_SOFT_MODULE: 8170Sstevel@tonic-gate case CRYPTO_POOL_CREATE: 8180Sstevel@tonic-gate case CRYPTO_POOL_WAIT: 8190Sstevel@tonic-gate case CRYPTO_POOL_RUN: 8200Sstevel@tonic-gate case CRYPTO_LOAD_DOOR: 8210Sstevel@tonic-gate if ((error = drv_priv(c)) != 0) 8220Sstevel@tonic-gate return (error); 8230Sstevel@tonic-gate default: 8240Sstevel@tonic-gate break; 8250Sstevel@tonic-gate } 8260Sstevel@tonic-gate 8270Sstevel@tonic-gate switch (cmd) { 8280Sstevel@tonic-gate case CRYPTO_GET_DEV_LIST: 8290Sstevel@tonic-gate return (get_dev_list(dev, ARG, mode, rval)); 8300Sstevel@tonic-gate 8310Sstevel@tonic-gate case CRYPTO_GET_DEV_INFO: 8320Sstevel@tonic-gate return (get_dev_info(dev, ARG, mode, rval)); 8330Sstevel@tonic-gate 8340Sstevel@tonic-gate case CRYPTO_GET_SOFT_LIST: 8350Sstevel@tonic-gate return (get_soft_list(dev, ARG, mode, rval)); 8360Sstevel@tonic-gate 8370Sstevel@tonic-gate case CRYPTO_GET_SOFT_INFO: 8380Sstevel@tonic-gate return (get_soft_info(dev, ARG, mode, rval)); 8390Sstevel@tonic-gate 8400Sstevel@tonic-gate case CRYPTO_LOAD_DEV_DISABLED: 8410Sstevel@tonic-gate return (load_dev_disabled(dev, ARG, mode, rval)); 8420Sstevel@tonic-gate 8430Sstevel@tonic-gate case CRYPTO_LOAD_SOFT_DISABLED: 8440Sstevel@tonic-gate return (load_soft_disabled(dev, ARG, mode, rval)); 8450Sstevel@tonic-gate 8460Sstevel@tonic-gate case CRYPTO_LOAD_SOFT_CONFIG: 8470Sstevel@tonic-gate return (load_soft_config(dev, ARG, mode, rval)); 8480Sstevel@tonic-gate 8490Sstevel@tonic-gate case CRYPTO_UNLOAD_SOFT_MODULE: 8500Sstevel@tonic-gate return (unload_soft_module(dev, ARG, mode, rval)); 8510Sstevel@tonic-gate 8520Sstevel@tonic-gate case CRYPTO_POOL_CREATE: 8530Sstevel@tonic-gate /* 8540Sstevel@tonic-gate * The framework allocates and initializes the pool. 8550Sstevel@tonic-gate * So, this is a no op. We are keeping this ioctl around 8560Sstevel@tonic-gate * to be used for any future threadpool related work. 8570Sstevel@tonic-gate */ 8580Sstevel@tonic-gate if (audit_active) 8590Sstevel@tonic-gate audit_cryptoadm(CRYPTO_POOL_CREATE, NULL, NULL, 8600Sstevel@tonic-gate 0, 0, 0, 0); 8610Sstevel@tonic-gate return (0); 8620Sstevel@tonic-gate 8630Sstevel@tonic-gate case CRYPTO_POOL_WAIT: { 8640Sstevel@tonic-gate int nthrs = 0, err; 8650Sstevel@tonic-gate 8660Sstevel@tonic-gate if ((err = kcf_svc_wait(&nthrs)) == 0) { 8670Sstevel@tonic-gate if (copyout((caddr_t)&nthrs, ARG, sizeof (int)) 8680Sstevel@tonic-gate == -1) 8690Sstevel@tonic-gate err = EFAULT; 8700Sstevel@tonic-gate } 8710Sstevel@tonic-gate if (audit_active) 8720Sstevel@tonic-gate audit_cryptoadm(CRYPTO_POOL_WAIT, NULL, NULL, 8730Sstevel@tonic-gate 0, 0, 0, err); 8740Sstevel@tonic-gate return (err); 8750Sstevel@tonic-gate } 8760Sstevel@tonic-gate 8770Sstevel@tonic-gate case CRYPTO_POOL_RUN: { 8780Sstevel@tonic-gate int err; 8790Sstevel@tonic-gate 8800Sstevel@tonic-gate err = kcf_svc_do_run(); 8810Sstevel@tonic-gate if (audit_active) 8820Sstevel@tonic-gate audit_cryptoadm(CRYPTO_POOL_RUN, NULL, NULL, 8830Sstevel@tonic-gate 0, 0, 0, err); 8840Sstevel@tonic-gate return (err); 8850Sstevel@tonic-gate } 8860Sstevel@tonic-gate 8870Sstevel@tonic-gate case CRYPTO_LOAD_DOOR: 8880Sstevel@tonic-gate return (load_door(dev, ARG, mode, rval)); 8890Sstevel@tonic-gate } 8900Sstevel@tonic-gate return (EINVAL); 8910Sstevel@tonic-gate } 892