adm_fips_hw.c revision 32e0ab73531b6e6e8957e9ecdbbd42603865f2d0
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
*/
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <strings.h>
#include <unistd.h>
#include <locale.h>
#include <libgen.h>
#include <zone.h>
#include "cryptoadm.h"
#define HW_CONF_DIR "/platform/sun4v/kernel/drv"
/* Get FIPS-140 status from .conf */
int
{
/* Open the .conf file */
return (FAILURE);
}
if (buffer[0] == '#') {
/* skip comments */
continue;
}
/* find the property string */
/* didn't find the property string in this line */
continue;
}
"Invalid config file contents: %s."), filename);
return (FAILURE);
}
return (SUCCESS);
}
/*
* If the fips property is not found in the config file,
* FIPS mode is false by default.
*/
return (SUCCESS);
}
/*
* Update the HW .conf file with the updated entry.
*/
int
{
char *tmpfile_name = NULL;
/* Open the .conf file */
gettext("failed to update the configuration - %s"),
return (FAILURE);
}
/* Lock the .conf file */
gettext("failed to update the configuration - %s"),
return (FAILURE);
}
/*
* Create a temporary file to save updated configuration file first.
*/
return (FAILURE);
}
/*
* Loop thru entire .conf file, update the entry to be
* updated and save the updated file to the temporary file first.
*/
if (buffer[0] == '#') {
/* comments: write to the file without modification */
goto write_to_tmp;
}
/* find the property string */
/*
* Didn't find the property string in this line.
* Write to the file without modification.
*/
goto write_to_tmp;
}
"Invalid config file contents %s: %s."),
goto errorexit;
}
"failed to write to a temp file: %s."),
goto errorexit;
}
}
/* if the fips mode property is not specified, FALSE by default */
"failed to write to a tmp file: %s."),
goto errorexit;
}
}
return (FAILURE);
}
/* Copy the temporary file to the .conf file */
gettext("failed to update the configuration - %s"),
gettext("failed to update the configuration - %s"),
} else {
}
"(Warning) failed to remove %s: %s"),
}
return (rc);
return (FAILURE);
}
/*
* Perform the FIPS related actions
*/
int
{
int fips_mode = 0;
char *filename;
char *propname;
char *provname;
switch (provider) {
case HW_PROVIDER_NCP:
propname = "ncp-fips-140";
provname = "ncp";
break;
case HW_PROVIDER_N2CP:
propname = "n2cp-fips-140";
provname = "n2cp";
break;
case HW_PROVIDER_N2RNG:
propname = "n2rng-fips-140";
provname = "n2rng";
break;
default:
"provider [%d] specified.\n"));
return (FAILURE);
}
/* Get FIPS-140 status from .conf */
return (FAILURE);
}
if (action == FIPS140_STATUS) {
if (fips_mode == CRYPTO_FIPS_MODE_ENABLED)
"%s: FIPS-140 mode is enabled.\n"), provname);
else
"%s: FIPS-140 mode is disabled.\n"), provname);
return (SUCCESS);
}
/* Is it a duplicate operation? */
if ((action == FIPS140_ENABLE) &&
(fips_mode == CRYPTO_FIPS_MODE_ENABLED)) {
(void) printf(
gettext("%s: FIPS-140 mode has already been enabled.\n"),
provname);
return (FAILURE);
}
if ((action == FIPS140_DISABLE) &&
(fips_mode == CRYPTO_FIPS_MODE_DISABLED)) {
(void) printf(
gettext("%s: FIPS-140 mode has already been disabled.\n"),
provname);
return (FAILURE);
}
/* Update .conf */
!= SUCCESS)
return (rc);
}
/* No need to inform kernel */
if (action == FIPS140_ENABLE) {
"%s: FIPS-140 mode was enabled successfully.\n"),
provname);
} else {
"%s: FIPS-140 mode was disabled successfully.\n"),
provname);
}
return (SUCCESS);
}