1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 /*
27 * This file is part of the core Kernel Cryptographic Framework.
28 * It implements the SPI functions exported to cryptographic
29 * providers.
30 */
31
32 #include <sys/ksynch.h>
33 #include <sys/cmn_err.h>
34 #include <sys/ddi.h>
35 #include <sys/sunddi.h>
36 #include <sys/modctl.h>
37 #include <sys/crypto/common.h>
38 #include <sys/crypto/impl.h>
39 #include <sys/crypto/sched_impl.h>
40 #include <sys/crypto/spi.h>
41 #include <sys/crypto/ioctladmin.h>
42 #include <sys/taskq.h>
43 #include <sys/disp.h>
44 #include <sys/kstat.h>
45 #include <sys/policy.h>
46 #include <sys/cpuvar.h>
47
48 /*
49 * minalloc and maxalloc values to be used for taskq_create().
50 */
51 int crypto_taskq_threads = CRYPTO_TASKQ_THREADS;
52 int crypto_taskq_minalloc = CYRPTO_TASKQ_MIN;
53 int crypto_taskq_maxalloc = CRYPTO_TASKQ_MAX;
54
55 static void remove_provider(kcf_provider_desc_t *);
56 static void process_logical_providers(crypto_provider_info_t *,
57 kcf_provider_desc_t *);
58 static int init_prov_mechs(crypto_provider_info_t *, kcf_provider_desc_t *);
59 static int kcf_prov_kstat_update(kstat_t *, int);
60 static void undo_register_provider_extra(kcf_provider_desc_t *);
61 static void delete_kstat(kcf_provider_desc_t *);
62
63 static kcf_prov_stats_t kcf_stats_ks_data_template = {
64 { "kcf_ops_total", KSTAT_DATA_UINT64 },
65 { "kcf_ops_passed", KSTAT_DATA_UINT64 },
66 { "kcf_ops_failed", KSTAT_DATA_UINT64 },
67 { "kcf_ops_returned_busy", KSTAT_DATA_UINT64 }
68 };
69
70 #define KCF_SPI_COPY_OPS(src, dst, ops) if ((src)->ops != NULL) \
71 *((dst)->ops) = *((src)->ops);
72
73 extern int sys_shutdown;
74
75 /*
76 * Copy an ops vector from src to dst. Used during provider registration
77 * to copy the ops vector from the provider info structure to the
78 * provider descriptor maintained by KCF.
79 * Copying the ops vector specified by the provider is needed since the
80 * framework does not require the provider info structure to be
81 * persistent.
82 */
83 static void
copy_ops_vector_v1(crypto_ops_t * src_ops,crypto_ops_t * dst_ops)84 copy_ops_vector_v1(crypto_ops_t *src_ops, crypto_ops_t *dst_ops)
85 {
86 KCF_SPI_COPY_OPS(src_ops, dst_ops, co_control_ops);
87 KCF_SPI_COPY_OPS(src_ops, dst_ops, co_digest_ops);
88 KCF_SPI_COPY_OPS(src_ops, dst_ops, co_cipher_ops);
89 KCF_SPI_COPY_OPS(src_ops, dst_ops, co_mac_ops);
90 KCF_SPI_COPY_OPS(src_ops, dst_ops, co_sign_ops);
91 KCF_SPI_COPY_OPS(src_ops, dst_ops, co_verify_ops);
92 KCF_SPI_COPY_OPS(src_ops, dst_ops, co_dual_ops);
93 KCF_SPI_COPY_OPS(src_ops, dst_ops, co_dual_cipher_mac_ops);
94 KCF_SPI_COPY_OPS(src_ops, dst_ops, co_random_ops);
95 KCF_SPI_COPY_OPS(src_ops, dst_ops, co_session_ops);
96 KCF_SPI_COPY_OPS(src_ops, dst_ops, co_object_ops);
97 KCF_SPI_COPY_OPS(src_ops, dst_ops, co_key_ops);
98 KCF_SPI_COPY_OPS(src_ops, dst_ops, co_provider_ops);
99 KCF_SPI_COPY_OPS(src_ops, dst_ops, co_ctx_ops);
100 }
101
102 static void
copy_ops_vector_v2(crypto_ops_t * src_ops,crypto_ops_t * dst_ops)103 copy_ops_vector_v2(crypto_ops_t *src_ops, crypto_ops_t *dst_ops)
104 {
105 KCF_SPI_COPY_OPS(src_ops, dst_ops, co_mech_ops);
106 }
107
108 static void
copy_ops_vector_v3(crypto_ops_t * src_ops,crypto_ops_t * dst_ops)109 copy_ops_vector_v3(crypto_ops_t *src_ops, crypto_ops_t *dst_ops)
110 {
111 KCF_SPI_COPY_OPS(src_ops, dst_ops, co_nostore_key_ops);
112 }
113
114 static void
copy_ops_vector_v4(crypto_ops_t * src_ops,crypto_ops_t * dst_ops)115 copy_ops_vector_v4(crypto_ops_t *src_ops, crypto_ops_t *dst_ops)
116 {
117 KCF_SPI_COPY_OPS(src_ops, dst_ops, co_fips140_ops);
118 }
119
120 /*
121 * This routine is used to add cryptographic providers to the KEF framework.
122 * Providers pass a crypto_provider_info structure to crypto_register_provider()
123 * and get back a handle. The crypto_provider_info structure contains a
124 * list of mechanisms supported by the provider and an ops vector containing
125 * provider entry points. Hardware providers call this routine in their attach
126 * routines. Software providers call this routine in their _init() routine.
127 */
128 int
crypto_register_provider(crypto_provider_info_t * info,crypto_kcf_provider_handle_t * handle)129 crypto_register_provider(crypto_provider_info_t *info,
130 crypto_kcf_provider_handle_t *handle)
131 {
132 int need_fips140_verify, need_verify = 1;
133 struct modctl *mcp;
134 char *name;
135 char ks_name[KSTAT_STRLEN];
136 kcf_provider_desc_t *prov_desc = NULL;
137 int ret = CRYPTO_ARGUMENTS_BAD;
138
139 if (info->pi_interface_version > CRYPTO_SPI_VERSION_4) {
140 ret = CRYPTO_VERSION_MISMATCH;
141 goto errormsg;
142 }
143
144 /*
145 * Check provider type, must be software, hardware, or logical.
146 */
147 if (info->pi_provider_type != CRYPTO_HW_PROVIDER &&
148 info->pi_provider_type != CRYPTO_SW_PROVIDER &&
149 info->pi_provider_type != CRYPTO_LOGICAL_PROVIDER)
150 goto errormsg;
151
152 /*
153 * Allocate and initialize a new provider descriptor. We also
154 * hold it and release it when done.
155 */
156 prov_desc = kcf_alloc_provider_desc(info);
157 KCF_PROV_REFHOLD(prov_desc);
158
159 prov_desc->pd_prov_type = info->pi_provider_type;
160
161 /* provider-private handle, opaque to KCF */
162 prov_desc->pd_prov_handle = info->pi_provider_handle;
163
164 /* copy provider description string */
165 if (info->pi_provider_description != NULL) {
166 /*
167 * pi_provider_descriptor is a string that can contain
168 * up to CRYPTO_PROVIDER_DESCR_MAX_LEN + 1 characters
169 * INCLUDING the terminating null character. A bcopy()
170 * is necessary here as pd_description should not have
171 * a null character. See comments in kcf_alloc_provider_desc()
172 * for details on pd_description field.
173 */
174 bcopy(info->pi_provider_description, prov_desc->pd_description,
175 min(strlen(info->pi_provider_description),
176 CRYPTO_PROVIDER_DESCR_MAX_LEN));
177 }
178
179 if (info->pi_provider_type != CRYPTO_LOGICAL_PROVIDER) {
180 if (info->pi_ops_vector == NULL) {
181 goto bail;
182 }
183 copy_ops_vector_v1(info->pi_ops_vector,
184 prov_desc->pd_ops_vector);
185 if (info->pi_interface_version >= CRYPTO_SPI_VERSION_2) {
186 copy_ops_vector_v2(info->pi_ops_vector,
187 prov_desc->pd_ops_vector);
188 prov_desc->pd_flags = info->pi_flags;
189 }
190 if (info->pi_interface_version >= CRYPTO_SPI_VERSION_3) {
191 copy_ops_vector_v3(info->pi_ops_vector,
192 prov_desc->pd_ops_vector);
193 }
194 if (info->pi_interface_version == CRYPTO_SPI_VERSION_4) {
195 copy_ops_vector_v4(info->pi_ops_vector,
196 prov_desc->pd_ops_vector);
197 }
198 }
199
200 /* object_ops and nostore_key_ops are mutually exclusive */
201 if (prov_desc->pd_ops_vector->co_object_ops &&
202 prov_desc->pd_ops_vector->co_nostore_key_ops) {
203 goto bail;
204 }
205 /*
206 * For software providers, copy the module name and module ID.
207 * For hardware providers, copy the driver name and instance.
208 */
209 switch (info->pi_provider_type) {
210 case CRYPTO_SW_PROVIDER:
211 if (info->pi_provider_dev.pd_sw == NULL)
212 goto bail;
213
214 if ((mcp = mod_getctl(info->pi_provider_dev.pd_sw)) == NULL)
215 goto bail;
216
217 prov_desc->pd_module_id = mcp->mod_id;
218 name = mcp->mod_modname;
219 break;
220
221 case CRYPTO_HW_PROVIDER:
222 case CRYPTO_LOGICAL_PROVIDER:
223 if (info->pi_provider_dev.pd_hw == NULL)
224 goto bail;
225
226 prov_desc->pd_instance =
227 ddi_get_instance(info->pi_provider_dev.pd_hw);
228 name = (char *)ddi_driver_name(info->pi_provider_dev.pd_hw);
229 break;
230 }
231 if (name == NULL)
232 goto bail;
233
234 prov_desc->pd_name = kmem_alloc(strlen(name) + 1, KM_SLEEP);
235 (void) strcpy(prov_desc->pd_name, name);
236
237 if ((prov_desc->pd_mctlp = kcf_get_modctl(info)) == NULL)
238 goto bail;
239
240 /* process the mechanisms supported by the provider */
241 if ((ret = init_prov_mechs(info, prov_desc)) != CRYPTO_SUCCESS)
242 goto bail;
243
244 /*
245 * Add provider to providers tables, also sets the descriptor
246 * pd_prov_id field.
247 */
248 if ((ret = kcf_prov_tab_add_provider(prov_desc)) != CRYPTO_SUCCESS) {
249 undo_register_provider(prov_desc, B_FALSE);
250 goto bail;
251 }
252
253 if ((need_verify = kcf_need_signature_verification(prov_desc)) == -1) {
254 undo_register_provider(prov_desc, B_TRUE);
255 ret = CRYPTO_MODVERIFICATION_FAILED;
256 goto bail;
257 }
258
259 if ((need_fips140_verify =
260 kcf_need_fips140_verification(prov_desc)) == -1) {
261 mutex_enter(&prov_desc->pd_lock);
262 prov_desc->pd_state = KCF_PROV_VERIFICATION_FAILED;
263 mutex_exit(&prov_desc->pd_lock);
264 ret = CRYPTO_FIPS140_ERROR;
265 goto bail;
266 }
267
268 /*
269 * We create a taskq only for a hardware provider. The global
270 * software queue is used for software providers. We handle ordering
271 * of multi-part requests in the taskq routine. So, it is safe to
272 * have multiple threads for the taskq. We pass TASKQ_PREPOPULATE flag
273 * to keep some entries cached to improve performance.
274 */
275 if (prov_desc->pd_prov_type == CRYPTO_HW_PROVIDER)
276 prov_desc->pd_taskq = taskq_create("kcf_taskq",
277 crypto_taskq_threads, minclsyspri,
278 crypto_taskq_minalloc, crypto_taskq_maxalloc,
279 TASKQ_PREPOPULATE);
280 else
281 prov_desc->pd_taskq = NULL;
282
283 /* no kernel session to logical providers and no pd_flags */
284 if (prov_desc->pd_prov_type != CRYPTO_LOGICAL_PROVIDER) {
285 /*
286 * Open a session for session-oriented providers. This session
287 * is used for all kernel consumers. This is fine as a provider
288 * is required to support multiple thread access to a session.
289 * We can do this only after the taskq has been created as we
290 * do a kcf_submit_request() to open the session.
291 */
292 if (KCF_PROV_SESSION_OPS(prov_desc) != NULL) {
293 kcf_req_params_t params;
294
295 KCF_WRAP_SESSION_OPS_PARAMS(¶ms,
296 KCF_OP_SESSION_OPEN, &prov_desc->pd_sid, 0,
297 CRYPTO_USER, NULL, 0, prov_desc);
298 ret = kcf_submit_request(prov_desc, NULL, NULL, ¶ms,
299 B_FALSE);
300 if (ret != CRYPTO_SUCCESS)
301 goto undo_then_bail;
302 }
303
304 /*
305 * Get the value for the maximum input length allowed if
306 * CRYPTO_HASH_NO_UPDATE or CRYPTO_HASH_NO_UPDATE is specified.
307 */
308 if (prov_desc->pd_flags &
309 (CRYPTO_HASH_NO_UPDATE | CRYPTO_HMAC_NO_UPDATE)) {
310 kcf_req_params_t params;
311 crypto_provider_ext_info_t ext_info;
312
313 if (KCF_PROV_PROVMGMT_OPS(prov_desc) == NULL)
314 goto undo_then_bail;
315
316 bzero(&ext_info, sizeof (ext_info));
317 KCF_WRAP_PROVMGMT_OPS_PARAMS(¶ms,
318 KCF_OP_MGMT_EXTINFO,
319 0, NULL, 0, NULL, 0, NULL, &ext_info, prov_desc);
320 ret = kcf_submit_request(prov_desc, NULL, NULL,
321 ¶ms, B_FALSE);
322 if (ret != CRYPTO_SUCCESS)
323 goto undo_then_bail;
324
325 if (prov_desc->pd_flags & CRYPTO_HASH_NO_UPDATE) {
326 prov_desc->pd_hash_limit =
327 ext_info.ei_hash_max_input_len;
328 }
329 if (prov_desc->pd_flags & CRYPTO_HMAC_NO_UPDATE) {
330 prov_desc->pd_hmac_limit =
331 ext_info.ei_hmac_max_input_len;
332 }
333 }
334 }
335
336 if (prov_desc->pd_prov_type != CRYPTO_LOGICAL_PROVIDER) {
337 /*
338 * Create the kstat for this provider. There is a kstat
339 * installed for each successfully registered provider.
340 * This kstat is deleted, when the provider unregisters.
341 */
342 if (prov_desc->pd_prov_type == CRYPTO_SW_PROVIDER) {
343 (void) snprintf(ks_name, KSTAT_STRLEN, "%s_%s",
344 prov_desc->pd_name, "provider_stats");
345 } else {
346 (void) snprintf(ks_name, KSTAT_STRLEN, "%s_%d_%u_%s",
347 prov_desc->pd_name, prov_desc->pd_instance,
348 prov_desc->pd_prov_id, "provider_stats");
349 }
350
351 prov_desc->pd_kstat = kstat_create("kcf", 0, ks_name, "crypto",
352 KSTAT_TYPE_NAMED, sizeof (kcf_prov_stats_t) /
353 sizeof (kstat_named_t), KSTAT_FLAG_VIRTUAL);
354
355 if (prov_desc->pd_kstat != NULL) {
356 bcopy(&kcf_stats_ks_data_template,
357 &prov_desc->pd_ks_data,
358 sizeof (kcf_stats_ks_data_template));
359 prov_desc->pd_kstat->ks_data = &prov_desc->pd_ks_data;
360 KCF_PROV_REFHOLD(prov_desc);
361 prov_desc->pd_kstat->ks_private = prov_desc;
362 prov_desc->pd_kstat->ks_update = kcf_prov_kstat_update;
363 kstat_install(prov_desc->pd_kstat);
364 }
365 }
366
367 if (prov_desc->pd_prov_type == CRYPTO_HW_PROVIDER)
368 process_logical_providers(info, prov_desc);
369
370 /* This provider needs to wait until we know the FIPS 140 status */
371 if (need_fips140_verify == 1) {
372 mutex_enter(&prov_desc->pd_lock);
373 prov_desc->pd_state = KCF_PROV_UNVERIFIED_FIPS140;
374 mutex_exit(&prov_desc->pd_lock);
375 goto exit;
376 }
377
378 /* This provider needs to have the signature verified */
379 if (need_verify == 1) {
380 mutex_enter(&prov_desc->pd_lock);
381 prov_desc->pd_state = KCF_PROV_UNVERIFIED;
382 mutex_exit(&prov_desc->pd_lock);
383
384 /* kcf_verify_signature routine will release this hold */
385 KCF_PROV_REFHOLD(prov_desc);
386
387 if (prov_desc->pd_prov_type == CRYPTO_HW_PROVIDER) {
388 /*
389 * It is not safe to make the door upcall to kcfd from
390 * this context since the kcfd thread could reenter
391 * devfs. So, we dispatch a taskq job to do the
392 * verification and return to the provider.
393 */
394 (void) taskq_dispatch(system_taskq,
395 kcf_verify_signature, (void *)prov_desc, TQ_SLEEP);
396 } else if (prov_desc->pd_prov_type == CRYPTO_SW_PROVIDER) {
397 kcf_verify_signature(prov_desc);
398 if (prov_desc->pd_state ==
399 KCF_PROV_VERIFICATION_FAILED) {
400 undo_register_provider_extra(prov_desc);
401 ret = CRYPTO_MODVERIFICATION_FAILED;
402 goto bail;
403 }
404 }
405 } else {
406 mutex_enter(&prov_desc->pd_lock);
407 prov_desc->pd_state = KCF_PROV_READY;
408 mutex_exit(&prov_desc->pd_lock);
409 kcf_do_notify(prov_desc, B_TRUE);
410 }
411
412 exit:
413 *handle = prov_desc->pd_kcf_prov_handle;
414 KCF_PROV_REFRELE(prov_desc);
415 return (CRYPTO_SUCCESS);
416
417 undo_then_bail:
418 undo_register_provider(prov_desc, B_TRUE);
419 ret = CRYPTO_FAILED;
420 bail:
421 KCF_PROV_REFRELE(prov_desc);
422
423 errormsg:
424 if (ret != CRYPTO_SUCCESS && sys_shutdown == 0) {
425 switch (ret) {
426 case CRYPTO_FAILED:
427 cmn_err(CE_WARN, "%s failed when registering with the "
428 "Cryptographic Framework.",
429 info->pi_provider_description);
430 break;
431
432 case CRYPTO_MODVERIFICATION_FAILED:
433 cmn_err(CE_WARN, "%s failed module verification when "
434 "registering with the Cryptographic Framework.",
435 info->pi_provider_description);
436 break;
437
438 case CRYPTO_ARGUMENTS_BAD:
439 cmn_err(CE_WARN, "%s provided bad arguments and was "
440 "not registered with the Cryptographic Framework.",
441 info->pi_provider_description);
442 break;
443
444 case CRYPTO_VERSION_MISMATCH:
445 cmn_err(CE_WARN, "%s was not registered with the "
446 "Cryptographic Framework as there is a SPI version "
447 "mismatch (%d) error.",
448 info->pi_provider_description,
449 info->pi_interface_version);
450 break;
451
452 case CRYPTO_FIPS140_ERROR:
453 cmn_err(CE_WARN, "%s was not registered with the "
454 "Cryptographic Framework as there was a FIPS 140 "
455 "validation error.", info->pi_provider_description);
456 break;
457
458 default:
459 cmn_err(CE_WARN, "%s did not register with the "
460 "Cryptographic Framework. (0x%x)",
461 info->pi_provider_description, ret);
462 };
463 }
464
465 return (ret);
466 }
467
468 /* Return the number of holds on a provider. */
469 int
kcf_get_refcnt(kcf_provider_desc_t * pd,boolean_t do_lock)470 kcf_get_refcnt(kcf_provider_desc_t *pd, boolean_t do_lock)
471 {
472 int i;
473 int refcnt = 0;
474
475 if (do_lock)
476 for (i = 0; i < pd->pd_nbins; i++)
477 mutex_enter(&(pd->pd_percpu_bins[i].kp_lock));
478
479 for (i = 0; i < pd->pd_nbins; i++)
480 refcnt += pd->pd_percpu_bins[i].kp_holdcnt;
481
482 if (do_lock)
483 for (i = 0; i < pd->pd_nbins; i++)
484 mutex_exit(&(pd->pd_percpu_bins[i].kp_lock));
485
486 return (refcnt);
487 }
488
489 /*
490 * This routine is used to notify the framework when a provider is being
491 * removed. Hardware providers call this routine in their detach routines.
492 * Software providers call this routine in their _fini() routine.
493 */
494 int
crypto_unregister_provider(crypto_kcf_provider_handle_t handle)495 crypto_unregister_provider(crypto_kcf_provider_handle_t handle)
496 {
497 uint_t mech_idx;
498 kcf_provider_desc_t *desc;
499 kcf_prov_state_t saved_state;
500 int ret = CRYPTO_SUCCESS;
501
502 /* lookup provider descriptor */
503 if ((desc = kcf_prov_tab_lookup((crypto_provider_id_t)handle)) ==
504 NULL) {
505 ret = CRYPTO_UNKNOWN_PROVIDER;
506 goto errormsg;
507 }
508
509 mutex_enter(&desc->pd_lock);
510 /*
511 * Check if any other thread is disabling or removing
512 * this provider. We return if this is the case.
513 */
514 if (desc->pd_state >= KCF_PROV_DISABLED) {
515 mutex_exit(&desc->pd_lock);
516 /* Release reference held by kcf_prov_tab_lookup(). */
517 KCF_PROV_REFRELE(desc);
518 ret = CRYPTO_BUSY;
519 goto errormsg;
520 }
521
522 saved_state = desc->pd_state;
523 desc->pd_state = KCF_PROV_UNREGISTERING;
524
525 if (saved_state == KCF_PROV_BUSY) {
526 /*
527 * The per-provider taskq threads may be waiting. We
528 * signal them so that they can start failing requests.
529 */
530 cv_broadcast(&desc->pd_resume_cv);
531 }
532
533 mutex_exit(&desc->pd_lock);
534
535 if (desc->pd_prov_type != CRYPTO_SW_PROVIDER) {
536 remove_provider(desc);
537 }
538
539 if (desc->pd_prov_type != CRYPTO_LOGICAL_PROVIDER) {
540 /* remove the provider from the mechanisms tables */
541 for (mech_idx = 0; mech_idx < desc->pd_mech_list_count;
542 mech_idx++) {
543 kcf_remove_mech_provider(
544 desc->pd_mechanisms[mech_idx].cm_mech_name, desc);
545 }
546 }
547
548 /* remove provider from providers table */
549 if (kcf_prov_tab_rem_provider((crypto_provider_id_t)handle) !=
550 CRYPTO_SUCCESS) {
551 /* Release reference held by kcf_prov_tab_lookup(). */
552 KCF_PROV_REFRELE(desc);
553 ret = CRYPTO_UNKNOWN_PROVIDER;
554 goto errormsg;
555 }
556
557 delete_kstat(desc);
558
559 if (desc->pd_prov_type == CRYPTO_SW_PROVIDER) {
560 /*
561 * Wait till the existing requests with the provider complete
562 * and all the holds are released. All the holds on a software
563 * provider are from kernel clients and the hold time
564 * is expected to be short. So, we won't be stuck here forever.
565 */
566 while (kcf_get_refcnt(desc, B_TRUE) > 1) {
567 /* wait 1 second and try again. */
568 delay(1 * drv_usectohz(1000000));
569 }
570 } else {
571 int i;
572 kcf_prov_cpu_t *mp;
573
574 /*
575 * Wait until requests that have been sent to the provider
576 * complete.
577 */
578 for (i = 0; i < desc->pd_nbins; i++) {
579 mp = &(desc->pd_percpu_bins[i]);
580
581 mutex_enter(&mp->kp_lock);
582 while (mp->kp_jobcnt > 0) {
583 cv_wait(&mp->kp_cv, &mp->kp_lock);
584 }
585 mutex_exit(&mp->kp_lock);
586 }
587 }
588
589 mutex_enter(&desc->pd_lock);
590 desc->pd_state = KCF_PROV_UNREGISTERED;
591 mutex_exit(&desc->pd_lock);
592
593 kcf_do_notify(desc, B_FALSE);
594
595 mutex_enter(&prov_tab_mutex);
596 /* Release reference held by kcf_prov_tab_lookup(). */
597 KCF_PROV_REFRELE(desc);
598
599 if (kcf_get_refcnt(desc, B_TRUE) == 0) {
600 /* kcf_free_provider_desc drops prov_tab_mutex */
601 kcf_free_provider_desc(desc);
602 } else {
603 ASSERT(desc->pd_prov_type != CRYPTO_SW_PROVIDER);
604 /*
605 * We could avoid this if /dev/crypto can proactively
606 * remove any holds on us from a dormant PKCS #11 app.
607 * For now, we check the provider table for
608 * KCF_PROV_UNREGISTERED entries when a provider is
609 * added to the table or when a provider is removed from it
610 * and free them when refcnt reaches zero.
611 */
612 kcf_need_provtab_walk = B_TRUE;
613 mutex_exit(&prov_tab_mutex);
614 }
615
616 errormsg:
617 if (ret != CRYPTO_SUCCESS && sys_shutdown == 0) {
618 switch (ret) {
619 case CRYPTO_UNKNOWN_PROVIDER:
620 cmn_err(CE_WARN, "Unknown provider \"%s\" was "
621 "requested to unregister from the cryptographic "
622 "framework.", desc->pd_description);
623 break;
624
625 case CRYPTO_BUSY:
626 cmn_err(CE_WARN, "%s could not be unregistered from "
627 "the Cryptographic Framework as it is busy.",
628 desc->pd_description);
629 break;
630
631 default:
632 cmn_err(CE_WARN, "%s did not unregister with the "
633 "Cryptographic Framework. (0x%x)",
634 desc->pd_description, ret);
635 };
636 }
637
638 return (ret);
639 }
640
641 /*
642 * This routine is used to notify the framework that the state of
643 * a cryptographic provider has changed. Valid state codes are:
644 *
645 * CRYPTO_PROVIDER_READY
646 * The provider indicates that it can process more requests. A provider
647 * will notify with this event if it previously has notified us with a
648 * CRYPTO_PROVIDER_BUSY.
649 *
650 * CRYPTO_PROVIDER_BUSY
651 * The provider can not take more requests.
652 *
653 * CRYPTO_PROVIDER_FAILED
654 * The provider encountered an internal error. The framework will not
655 * be sending any more requests to the provider. The provider may notify
656 * with a CRYPTO_PROVIDER_READY, if it is able to recover from the error.
657 *
658 * This routine can be called from user or interrupt context.
659 */
660 void
crypto_provider_notification(crypto_kcf_provider_handle_t handle,uint_t state)661 crypto_provider_notification(crypto_kcf_provider_handle_t handle, uint_t state)
662 {
663 kcf_provider_desc_t *pd;
664
665 /* lookup the provider from the given handle */
666 if ((pd = kcf_prov_tab_lookup((crypto_provider_id_t)handle)) == NULL)
667 return;
668
669 mutex_enter(&pd->pd_lock);
670
671 if (pd->pd_state <= KCF_PROV_VERIFICATION_FAILED)
672 goto out;
673
674 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) {
675 cmn_err(CE_WARN, "crypto_provider_notification: "
676 "logical provider (%x) ignored\n", handle);
677 goto out;
678 }
679 switch (state) {
680 case CRYPTO_PROVIDER_READY:
681 switch (pd->pd_state) {
682 case KCF_PROV_BUSY:
683 pd->pd_state = KCF_PROV_READY;
684 /*
685 * Signal the per-provider taskq threads that they
686 * can start submitting requests.
687 */
688 cv_broadcast(&pd->pd_resume_cv);
689 break;
690
691 case KCF_PROV_FAILED:
692 /*
693 * The provider recovered from the error. Let us
694 * use it now.
695 */
696 pd->pd_state = KCF_PROV_READY;
697 break;
698 }
699 break;
700
701 case CRYPTO_PROVIDER_BUSY:
702 switch (pd->pd_state) {
703 case KCF_PROV_READY:
704 pd->pd_state = KCF_PROV_BUSY;
705 break;
706 }
707 break;
708
709 case CRYPTO_PROVIDER_FAILED:
710 /*
711 * We note the failure and return. The per-provider taskq
712 * threads check this flag and start failing the
713 * requests, if it is set. See process_req_hwp() for details.
714 */
715 switch (pd->pd_state) {
716 case KCF_PROV_READY:
717 pd->pd_state = KCF_PROV_FAILED;
718 break;
719
720 case KCF_PROV_BUSY:
721 pd->pd_state = KCF_PROV_FAILED;
722 /*
723 * The per-provider taskq threads may be waiting. We
724 * signal them so that they can start failing requests.
725 */
726 cv_broadcast(&pd->pd_resume_cv);
727 break;
728 }
729 break;
730 }
731 out:
732 mutex_exit(&pd->pd_lock);
733 KCF_PROV_REFRELE(pd);
734 }
735
736 /*
737 * This routine is used to notify the framework the result of
738 * an asynchronous request handled by a provider. Valid error
739 * codes are the same as the CRYPTO_* errors defined in common.h.
740 *
741 * This routine can be called from user or interrupt context.
742 */
743 void
crypto_op_notification(crypto_req_handle_t handle,int error)744 crypto_op_notification(crypto_req_handle_t handle, int error)
745 {
746 kcf_call_type_t ctype;
747
748 if (handle == NULL)
749 return;
750
751 if ((ctype = GET_REQ_TYPE(handle)) == CRYPTO_SYNCH) {
752 kcf_sreq_node_t *sreq = (kcf_sreq_node_t *)handle;
753
754 KCF_PROV_JOB_RELE_STAT(sreq->sn_mp, (error != CRYPTO_SUCCESS));
755 kcf_sop_done(sreq, error);
756 } else {
757 kcf_areq_node_t *areq = (kcf_areq_node_t *)handle;
758
759 ASSERT(ctype == CRYPTO_ASYNCH);
760 KCF_PROV_JOB_RELE_STAT(areq->an_mp, (error != CRYPTO_SUCCESS));
761 kcf_aop_done(areq, error);
762 }
763 }
764
765 /*
766 * This routine is used by software providers to determine
767 * whether to use KM_SLEEP or KM_NOSLEEP during memory allocation.
768 * Note that hardware providers can always use KM_SLEEP. So,
769 * they do not need to call this routine.
770 *
771 * This routine can be called from user or interrupt context.
772 */
773 int
crypto_kmflag(crypto_req_handle_t handle)774 crypto_kmflag(crypto_req_handle_t handle)
775 {
776 return (REQHNDL2_KMFLAG(handle));
777 }
778
779 /*
780 * Process the mechanism info structures specified by the provider
781 * during registration. A NULL crypto_provider_info_t indicates
782 * an already initialized provider descriptor.
783 *
784 * Mechanisms are not added to the kernel's mechanism table if the
785 * provider is a logical provider.
786 *
787 * Returns CRYPTO_SUCCESS on success, CRYPTO_ARGUMENTS if one
788 * of the specified mechanisms was malformed, or CRYPTO_HOST_MEMORY
789 * if the table of mechanisms is full.
790 */
791 static int
init_prov_mechs(crypto_provider_info_t * info,kcf_provider_desc_t * desc)792 init_prov_mechs(crypto_provider_info_t *info, kcf_provider_desc_t *desc)
793 {
794 uint_t mech_idx;
795 uint_t cleanup_idx;
796 int err = CRYPTO_SUCCESS;
797 kcf_prov_mech_desc_t *pmd;
798 int desc_use_count = 0;
799 int mcount = desc->pd_mech_list_count;
800
801 if (desc->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) {
802 if (info != NULL) {
803 ASSERT(info->pi_mechanisms != NULL);
804 bcopy(info->pi_mechanisms, desc->pd_mechanisms,
805 sizeof (crypto_mech_info_t) * mcount);
806 }
807 return (CRYPTO_SUCCESS);
808 }
809
810 /*
811 * Copy the mechanism list from the provider info to the provider
812 * descriptor. desc->pd_mechanisms has an extra crypto_mech_info_t
813 * element if the provider has random_ops since we keep an internal
814 * mechanism, SUN_RANDOM, in this case.
815 */
816 if (info != NULL) {
817 if (info->pi_ops_vector->co_random_ops != NULL) {
818 crypto_mech_info_t *rand_mi;
819
820 /*
821 * Need the following check as it is possible to have
822 * a provider that implements just random_ops and has
823 * pi_mechanisms == NULL.
824 */
825 if (info->pi_mechanisms != NULL) {
826 bcopy(info->pi_mechanisms, desc->pd_mechanisms,
827 sizeof (crypto_mech_info_t) * (mcount - 1));
828 }
829 rand_mi = &desc->pd_mechanisms[mcount - 1];
830
831 bzero(rand_mi, sizeof (crypto_mech_info_t));
832 (void) strncpy(rand_mi->cm_mech_name, SUN_RANDOM,
833 CRYPTO_MAX_MECH_NAME);
834 rand_mi->cm_func_group_mask = CRYPTO_FG_RANDOM;
835 } else {
836 ASSERT(info->pi_mechanisms != NULL);
837 bcopy(info->pi_mechanisms, desc->pd_mechanisms,
838 sizeof (crypto_mech_info_t) * mcount);
839 }
840 }
841
842 /*
843 * For each mechanism support by the provider, add the provider
844 * to the corresponding KCF mechanism mech_entry chain.
845 */
846 for (mech_idx = 0; mech_idx < desc->pd_mech_list_count; mech_idx++) {
847 crypto_mech_info_t *mi = &desc->pd_mechanisms[mech_idx];
848
849 if ((mi->cm_mech_flags & CRYPTO_KEYSIZE_UNIT_IN_BITS) &&
850 (mi->cm_mech_flags & CRYPTO_KEYSIZE_UNIT_IN_BYTES)) {
851 err = CRYPTO_ARGUMENTS_BAD;
852 break;
853 }
854
855 if ((err = kcf_add_mech_provider(mech_idx, desc, &pmd)) !=
856 KCF_SUCCESS)
857 break;
858
859 if (pmd == NULL)
860 continue;
861
862 /* The provider will be used for this mechanism */
863 desc_use_count++;
864 }
865
866 /*
867 * Don't allow multiple software providers with disabled mechanisms
868 * to register. Subsequent enabling of mechanisms will result in
869 * an unsupported configuration, i.e. multiple software providers
870 * per mechanism.
871 */
872 if (desc_use_count == 0 && desc->pd_prov_type == CRYPTO_SW_PROVIDER)
873 return (CRYPTO_ARGUMENTS_BAD);
874
875 if (err == KCF_SUCCESS)
876 return (CRYPTO_SUCCESS);
877
878 /*
879 * An error occurred while adding the mechanism, cleanup
880 * and bail.
881 */
882 for (cleanup_idx = 0; cleanup_idx < mech_idx; cleanup_idx++) {
883 kcf_remove_mech_provider(
884 desc->pd_mechanisms[cleanup_idx].cm_mech_name, desc);
885 }
886
887 if (err == KCF_MECH_TAB_FULL)
888 return (CRYPTO_HOST_MEMORY);
889
890 return (CRYPTO_ARGUMENTS_BAD);
891 }
892
893 /*
894 * Update routine for kstat. Only privileged users are allowed to
895 * access this information, since this information is sensitive.
896 * There are some cryptographic attacks (e.g. traffic analysis)
897 * which can use this information.
898 */
899 static int
kcf_prov_kstat_update(kstat_t * ksp,int rw)900 kcf_prov_kstat_update(kstat_t *ksp, int rw)
901 {
902 kcf_prov_stats_t *ks_data;
903 kcf_provider_desc_t *pd = (kcf_provider_desc_t *)ksp->ks_private;
904 int i;
905
906 if (rw == KSTAT_WRITE)
907 return (EACCES);
908
909 ks_data = ksp->ks_data;
910
911 if (secpolicy_sys_config(CRED(), B_TRUE) != 0) {
912 ks_data->ps_ops_total.value.ui64 = 0;
913 ks_data->ps_ops_passed.value.ui64 = 0;
914 ks_data->ps_ops_failed.value.ui64 = 0;
915 ks_data->ps_ops_busy_rval.value.ui64 = 0;
916 } else {
917 uint64_t dtotal, ftotal, btotal;
918
919 dtotal = ftotal = btotal = 0;
920 /* No locking done since an exact count is not required. */
921 for (i = 0; i < pd->pd_nbins; i++) {
922 dtotal += pd->pd_percpu_bins[i].kp_ndispatches;
923 ftotal += pd->pd_percpu_bins[i].kp_nfails;
924 btotal += pd->pd_percpu_bins[i].kp_nbusy_rval;
925 }
926
927 ks_data->ps_ops_total.value.ui64 = dtotal;
928 ks_data->ps_ops_failed.value.ui64 = ftotal;
929 ks_data->ps_ops_busy_rval.value.ui64 = btotal;
930 ks_data->ps_ops_passed.value.ui64 = dtotal - ftotal - btotal;
931 }
932
933 return (0);
934 }
935
936
937 /*
938 * Utility routine called from failure paths in crypto_register_provider()
939 * and from crypto_load_soft_disabled().
940 */
941 void
undo_register_provider(kcf_provider_desc_t * desc,boolean_t remove_prov)942 undo_register_provider(kcf_provider_desc_t *desc, boolean_t remove_prov)
943 {
944 uint_t mech_idx;
945
946 /* remove the provider from the mechanisms tables */
947 for (mech_idx = 0; mech_idx < desc->pd_mech_list_count;
948 mech_idx++) {
949 kcf_remove_mech_provider(
950 desc->pd_mechanisms[mech_idx].cm_mech_name, desc);
951 }
952
953 /* remove provider from providers table */
954 if (remove_prov)
955 (void) kcf_prov_tab_rem_provider(desc->pd_prov_id);
956 }
957
958 static void
undo_register_provider_extra(kcf_provider_desc_t * desc)959 undo_register_provider_extra(kcf_provider_desc_t *desc)
960 {
961 delete_kstat(desc);
962 undo_register_provider(desc, B_TRUE);
963 }
964
965 /*
966 * Utility routine called from crypto_load_soft_disabled(). Callers
967 * should have done a prior undo_register_provider().
968 */
969 void
redo_register_provider(kcf_provider_desc_t * pd)970 redo_register_provider(kcf_provider_desc_t *pd)
971 {
972 /* process the mechanisms supported by the provider */
973 (void) init_prov_mechs(NULL, pd);
974
975 /*
976 * Hold provider in providers table. We should not call
977 * kcf_prov_tab_add_provider() here as the provider descriptor
978 * is still valid which means it has an entry in the provider
979 * table.
980 */
981 KCF_PROV_REFHOLD(pd);
982 }
983
984 /*
985 * Add provider (p1) to another provider's array of providers (p2).
986 * Hardware and logical providers use this array to cross-reference
987 * each other.
988 */
989 static void
add_provider_to_array(kcf_provider_desc_t * p1,kcf_provider_desc_t * p2)990 add_provider_to_array(kcf_provider_desc_t *p1, kcf_provider_desc_t *p2)
991 {
992 kcf_provider_list_t *new;
993
994 new = kmem_alloc(sizeof (kcf_provider_list_t), KM_SLEEP);
995 mutex_enter(&p2->pd_lock);
996 new->pl_next = p2->pd_provider_list;
997 p2->pd_provider_list = new;
998 new->pl_provider = p1;
999 mutex_exit(&p2->pd_lock);
1000 }
1001
1002 /*
1003 * Remove provider (p1) from another provider's array of providers (p2).
1004 * Hardware and logical providers use this array to cross-reference
1005 * each other.
1006 */
1007 static void
remove_provider_from_array(kcf_provider_desc_t * p1,kcf_provider_desc_t * p2)1008 remove_provider_from_array(kcf_provider_desc_t *p1, kcf_provider_desc_t *p2)
1009 {
1010
1011 kcf_provider_list_t *pl = NULL, **prev;
1012
1013 mutex_enter(&p2->pd_lock);
1014 for (pl = p2->pd_provider_list, prev = &p2->pd_provider_list;
1015 pl != NULL; prev = &pl->pl_next, pl = pl->pl_next) {
1016 if (pl->pl_provider == p1) {
1017 break;
1018 }
1019 }
1020
1021 if (p1 == NULL) {
1022 mutex_exit(&p2->pd_lock);
1023 return;
1024 }
1025
1026 /* detach and free kcf_provider_list structure */
1027 *prev = pl->pl_next;
1028 kmem_free(pl, sizeof (*pl));
1029 mutex_exit(&p2->pd_lock);
1030 }
1031
1032 /*
1033 * Convert an array of logical provider handles (crypto_provider_id)
1034 * stored in a crypto_provider_info structure into an array of provider
1035 * descriptors (kcf_provider_desc_t) attached to a logical provider.
1036 */
1037 static void
process_logical_providers(crypto_provider_info_t * info,kcf_provider_desc_t * hp)1038 process_logical_providers(crypto_provider_info_t *info, kcf_provider_desc_t *hp)
1039 {
1040 kcf_provider_desc_t *lp;
1041 crypto_provider_id_t handle;
1042 int count = info->pi_logical_provider_count;
1043 int i;
1044
1045 /* add hardware provider to each logical provider */
1046 for (i = 0; i < count; i++) {
1047 handle = info->pi_logical_providers[i];
1048 lp = kcf_prov_tab_lookup((crypto_provider_id_t)handle);
1049 if (lp == NULL) {
1050 continue;
1051 }
1052 add_provider_to_array(hp, lp);
1053 hp->pd_flags |= KCF_LPROV_MEMBER;
1054
1055 /*
1056 * A hardware provider has to have the provider descriptor of
1057 * every logical provider it belongs to, so it can be removed
1058 * from the logical provider if the hardware provider
1059 * unregisters from the framework.
1060 */
1061 add_provider_to_array(lp, hp);
1062 KCF_PROV_REFRELE(lp);
1063 }
1064 }
1065
1066 /*
1067 * This routine removes a provider from all of the logical or
1068 * hardware providers it belongs to, and frees the provider's
1069 * array of pointers to providers.
1070 */
1071 static void
remove_provider(kcf_provider_desc_t * pp)1072 remove_provider(kcf_provider_desc_t *pp)
1073 {
1074 kcf_provider_desc_t *p;
1075 kcf_provider_list_t *e, *next;
1076
1077 mutex_enter(&pp->pd_lock);
1078 for (e = pp->pd_provider_list; e != NULL; e = next) {
1079 p = e->pl_provider;
1080 remove_provider_from_array(pp, p);
1081 if (p->pd_prov_type == CRYPTO_HW_PROVIDER &&
1082 p->pd_provider_list == NULL)
1083 p->pd_flags &= ~KCF_LPROV_MEMBER;
1084 next = e->pl_next;
1085 kmem_free(e, sizeof (*e));
1086 }
1087 pp->pd_provider_list = NULL;
1088 mutex_exit(&pp->pd_lock);
1089 }
1090
1091 /*
1092 * Dispatch events as needed for a provider. is_added flag tells
1093 * whether the provider is registering or unregistering.
1094 */
1095 void
kcf_do_notify(kcf_provider_desc_t * prov_desc,boolean_t is_added)1096 kcf_do_notify(kcf_provider_desc_t *prov_desc, boolean_t is_added)
1097 {
1098 int i;
1099 crypto_notify_event_change_t ec;
1100
1101 ASSERT(prov_desc->pd_state > KCF_PROV_VERIFICATION_FAILED);
1102
1103 /*
1104 * Inform interested clients of the mechanisms becoming
1105 * available/unavailable. We skip this for logical providers
1106 * as they do not affect mechanisms.
1107 */
1108 if (prov_desc->pd_prov_type != CRYPTO_LOGICAL_PROVIDER) {
1109 ec.ec_provider_type = prov_desc->pd_prov_type;
1110 ec.ec_change = is_added ? CRYPTO_MECH_ADDED :
1111 CRYPTO_MECH_REMOVED;
1112 for (i = 0; i < prov_desc->pd_mech_list_count; i++) {
1113 /* Skip any mechanisms not allowed by the policy */
1114 if (is_mech_disabled(prov_desc,
1115 prov_desc->pd_mechanisms[i].cm_mech_name))
1116 continue;
1117
1118 (void) strncpy(ec.ec_mech_name,
1119 prov_desc->pd_mechanisms[i].cm_mech_name,
1120 CRYPTO_MAX_MECH_NAME);
1121 kcf_walk_ntfylist(CRYPTO_EVENT_MECHS_CHANGED, &ec);
1122 }
1123
1124 }
1125
1126 /*
1127 * Inform interested clients about the new or departing provider.
1128 * In case of a logical provider, we need to notify the event only
1129 * for the logical provider and not for the underlying
1130 * providers which are known by the KCF_LPROV_MEMBER bit.
1131 */
1132 if (prov_desc->pd_prov_type == CRYPTO_LOGICAL_PROVIDER ||
1133 (prov_desc->pd_flags & KCF_LPROV_MEMBER) == 0) {
1134 kcf_walk_ntfylist(is_added ? CRYPTO_EVENT_PROVIDER_REGISTERED :
1135 CRYPTO_EVENT_PROVIDER_UNREGISTERED, prov_desc);
1136 }
1137 }
1138
1139 static void
delete_kstat(kcf_provider_desc_t * desc)1140 delete_kstat(kcf_provider_desc_t *desc)
1141 {
1142 /* destroy the kstat created for this provider */
1143 if (desc->pd_kstat != NULL) {
1144 kcf_provider_desc_t *kspd = desc->pd_kstat->ks_private;
1145
1146 /* release reference held by desc->pd_kstat->ks_private */
1147 ASSERT(desc == kspd);
1148 kstat_delete(kspd->pd_kstat);
1149 desc->pd_kstat = NULL;
1150 KCF_PROV_REFRELE(kspd);
1151 }
1152 }
1153