/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* This file is part of the core Kernel Cryptographic Framework.
* It implements the management of the policy table. Entries are
* added and removed by administrative ioctls.
*
* Each element of the policy table contains a pointer to a
* policy descriptor, or NULL if the entry is free.
*/
#include <sys/types.h>
#include <sys/kmem.h>
#include <sys/cmn_err.h>
#include <sys/ddi.h>
#include <sys/sunddi.h>
#include <sys/ksynch.h>
#include <sys/crypto/common.h>
#include <sys/crypto/impl.h>
#define KCF_MAX_POLICY 512 /* max number of policy entries */
static kmutex_t policy_tab_mutex; /* ensure exclusive access to the table */
static kcf_policy_desc_t **policy_tab = NULL;
static uint_t policy_tab_num = 0; /* number of providers in table */
static uint_t policy_tab_max = KCF_MAX_POLICY;
static int kcf_policy_add_entry(kcf_policy_desc_t *);
static kcf_policy_desc_t *kcf_policy_alloc_desc(int);
/*
* Initialize the policy table. The policy table is dynamically
* allocated with policy_tab_max entries.
*/
void
kcf_policy_tab_init(void)
{
mutex_init(&policy_tab_mutex, NULL, MUTEX_DRIVER, NULL);
policy_tab = kmem_zalloc(policy_tab_max * sizeof (kcf_policy_desc_t *),
KM_SLEEP);
}
/*
* Add entry to the policy table. If no free slot can be found
* return CRYPTO_HOST_MEMORY, otherwise CRYPTO_SUCCESS.
*
* policy_tab_mutex must already be held.
*/
static int
kcf_policy_add_entry(kcf_policy_desc_t *policy_desc)
{
uint_t i = 0;
ASSERT(policy_tab != NULL);
ASSERT(MUTEX_HELD(&policy_tab_mutex));
/* find free slot in policy table */
while (i < KCF_MAX_POLICY && policy_tab[i] != NULL)
i++;
if (i == KCF_MAX_POLICY) {
/* ran out of policy entries */
cmn_err(CE_WARN, "out of policy entries");
return (CRYPTO_HOST_MEMORY);
}
/* initialize entry */
policy_tab[i] = policy_desc;
KCF_POLICY_REFHOLD(policy_desc);
policy_tab_num++;
return (CRYPTO_SUCCESS);
}
/*
* Remove policy descriptor for the specified software module.
*/
void
kcf_policy_remove_by_name(char *module_name, uint_t *count,
crypto_mech_name_t **array)
{
kcf_policy_desc_t *policy_desc;
int i;
ASSERT(policy_tab != NULL);
ASSERT(policy_tab_num != (uint_t)-1); /* underflow */
mutex_enter(&policy_tab_mutex);
for (i = 0; i < KCF_MAX_POLICY; i++) {
if ((policy_desc = policy_tab[i]) != NULL &&
policy_desc->pd_prov_type == CRYPTO_SW_PROVIDER) {
ASSERT(policy_desc->pd_name != NULL);
if (strncmp(module_name, policy_desc->pd_name,
MAXNAMELEN) == 0) {
*count = policy_desc->pd_disabled_count;
*array = policy_desc->pd_disabled_mechs;
mutex_destroy(&policy_desc->pd_mutex);
kmem_free(policy_desc->pd_name,
strlen(policy_desc->pd_name) + 1);
kmem_free(policy_desc,
sizeof (kcf_policy_desc_t));
policy_tab[i] = NULL;
policy_tab_num--;
break;
}
}
}
if (i == KCF_MAX_POLICY) {
*count = 0;
*array = NULL;
}
mutex_exit(&policy_tab_mutex);
}
/*
* Remove policy descriptor for the specified device.
*/
void
kcf_policy_remove_by_dev(char *name, uint_t instance, uint_t *count,
crypto_mech_name_t **array)
{
kcf_policy_desc_t *policy_desc;
int i;
ASSERT(policy_tab != NULL);
ASSERT(policy_tab_num != (uint_t)-1); /* underflow */
mutex_enter(&policy_tab_mutex);
for (i = 0; i < KCF_MAX_POLICY; i++) {
if ((policy_desc = policy_tab[i]) != NULL &&
policy_desc->pd_prov_type == CRYPTO_HW_PROVIDER &&
strncmp(policy_desc->pd_name, name, MAXNAMELEN) == 0 &&
policy_desc->pd_instance == instance) {
*count = policy_desc->pd_disabled_count;
*array = policy_desc->pd_disabled_mechs;
mutex_destroy(&policy_desc->pd_mutex);
kmem_free(policy_desc->pd_name,
strlen(policy_desc->pd_name) + 1);
kmem_free(policy_desc, sizeof (kcf_policy_desc_t));
policy_tab[i] = NULL;
policy_tab_num--;
break;
}
}
if (i == KCF_MAX_POLICY) {
*count = 0;
*array = NULL;
}
mutex_exit(&policy_tab_mutex);
}
/*
* Returns policy descriptor for the specified software module.
*/
kcf_policy_desc_t *
kcf_policy_lookup_by_name(char *module_name)
{
kcf_policy_desc_t *policy_desc;
uint_t i;
mutex_enter(&policy_tab_mutex);
for (i = 0; i < KCF_MAX_POLICY; i++) {
if ((policy_desc = policy_tab[i]) != NULL &&
policy_desc->pd_prov_type == CRYPTO_SW_PROVIDER) {
ASSERT(policy_desc->pd_name != NULL);
if (strncmp(module_name, policy_desc->pd_name,
MAXNAMELEN) == 0) {
KCF_POLICY_REFHOLD(policy_desc);
mutex_exit(&policy_tab_mutex);
return (policy_desc);
}
}
}
mutex_exit(&policy_tab_mutex);
return (NULL);
}
/*
* Returns policy descriptor for the specified device.
*/
kcf_policy_desc_t *
kcf_policy_lookup_by_dev(char *name, uint_t instance)
{
kcf_policy_desc_t *policy_desc;
uint_t i;
mutex_enter(&policy_tab_mutex);
for (i = 0; i < KCF_MAX_POLICY; i++) {
if ((policy_desc = policy_tab[i]) != NULL &&
policy_desc->pd_prov_type == CRYPTO_HW_PROVIDER &&
strncmp(policy_desc->pd_name, name, MAXNAMELEN) == 0 &&
policy_desc->pd_instance == instance) {
KCF_POLICY_REFHOLD(policy_desc);
mutex_exit(&policy_tab_mutex);
return (policy_desc);
}
}
mutex_exit(&policy_tab_mutex);
return (NULL);
}
/*
* Loads disabled mechanism array for specified software provider, and
* creates a policy descriptor if one does not already exist.
* Important note: new_array is consumed.
*/
int
kcf_policy_load_soft_disabled(char *module_name, uint_t new_count,
crypto_mech_name_t *new_array, uint_t *prev_count,
crypto_mech_name_t **prev_array)
{
kcf_policy_desc_t *new_desc, *policy_desc = NULL;
uint_t i;
int rv;
/*
* Allocate storage for a new entry.
* Free new entry if a policy descriptor already exists.
*/
new_desc = kcf_policy_alloc_desc(KM_SLEEP);
new_desc->pd_prov_type = CRYPTO_SW_PROVIDER;
new_desc->pd_name = kmem_alloc(strlen(module_name) + 1, KM_SLEEP);
(void) strcpy(new_desc->pd_name, module_name);
mutex_enter(&policy_tab_mutex);
/*
* Search for an existing entry.
*/
for (i = 0; i < KCF_MAX_POLICY; i++) {
if (policy_tab[i] != NULL &&
policy_tab[i]->pd_prov_type == CRYPTO_SW_PROVIDER) {
ASSERT(policy_tab[i]->pd_name != NULL);
if (strncmp(policy_tab[i]->pd_name, module_name,
MAXNAMELEN) == 0) {
policy_desc = policy_tab[i];
break;
}
}
}
if (policy_desc == NULL) {
rv = kcf_policy_add_entry(new_desc);
if (rv != CRYPTO_SUCCESS) {
mutex_exit(&policy_tab_mutex);
kcf_policy_free_desc(new_desc);
return (rv);
}
policy_desc = new_desc;
} else {
kcf_policy_free_desc(new_desc);
}
mutex_enter(&policy_desc->pd_mutex);
*prev_count = policy_desc->pd_disabled_count;
/* prev_array is freed by the caller */
*prev_array = policy_desc->pd_disabled_mechs;
policy_desc->pd_disabled_count = new_count;
policy_desc->pd_disabled_mechs = new_array;
mutex_exit(&policy_desc->pd_mutex);
mutex_exit(&policy_tab_mutex);
return (CRYPTO_SUCCESS);
}
/*
* Loads disabled mechanism array for specified device, and
* creates a policy descriptor if one does not already exist.
* Important note: new_array is consumed.
*/
int
kcf_policy_load_dev_disabled(char *name, uint_t instance, uint_t new_count,
crypto_mech_name_t *new_array, uint_t *prev_count,
crypto_mech_name_t **prev_array)
{
kcf_policy_desc_t *new_desc, *policy_desc = NULL;
uint_t i;
int rv;
/*
* Allocate storage for a new entry.
* Free new entry if a policy descriptor already exists.
*/
new_desc = kcf_policy_alloc_desc(KM_SLEEP);
new_desc->pd_prov_type = CRYPTO_HW_PROVIDER;
new_desc->pd_name = kmem_alloc(strlen(name) + 1, KM_SLEEP);
(void) strcpy(new_desc->pd_name, name);
new_desc->pd_instance = instance;
mutex_enter(&policy_tab_mutex);
/*
* Search for an existing entry.
*/
for (i = 0; i < KCF_MAX_POLICY; i++) {
if (policy_tab[i] != NULL &&
policy_tab[i]->pd_prov_type == CRYPTO_HW_PROVIDER &&
strncmp(policy_tab[i]->pd_name, name, MAXNAMELEN) == 0 &&
policy_tab[i]->pd_instance == instance) {
policy_desc = policy_tab[i];
break;
}
}
if (policy_desc == NULL) {
rv = kcf_policy_add_entry(new_desc);
if (rv != CRYPTO_SUCCESS) {
mutex_exit(&policy_tab_mutex);
kcf_policy_free_desc(new_desc);
return (rv);
}
policy_desc = new_desc;
} else {
kcf_policy_free_desc(new_desc);
}
mutex_enter(&policy_desc->pd_mutex);
*prev_count = policy_desc->pd_disabled_count;
/* prev_array is freed by the caller */
*prev_array = policy_desc->pd_disabled_mechs;
policy_desc->pd_disabled_count = new_count;
policy_desc->pd_disabled_mechs = new_array;
mutex_exit(&policy_desc->pd_mutex);
mutex_exit(&policy_tab_mutex);
return (CRYPTO_SUCCESS);
}
/*
* Allocate a policy descriptor.
*/
static kcf_policy_desc_t *
kcf_policy_alloc_desc(int km_flag)
{
kcf_policy_desc_t *desc;
if ((desc = kmem_zalloc(sizeof (kcf_policy_desc_t), km_flag)) == NULL)
return (NULL);
mutex_init(&desc->pd_mutex, NULL, MUTEX_DEFAULT, NULL);
return (desc);
}
/*
* Free a policy descriptor.
*/
void
kcf_policy_free_desc(kcf_policy_desc_t *desc)
{
if (desc == NULL)
return;
mutex_destroy(&desc->pd_mutex);
ASSERT(desc->pd_name != NULL);
kmem_free(desc->pd_name, strlen(desc->pd_name) + 1);
if (desc->pd_disabled_mechs != NULL)
kmem_free(desc->pd_disabled_mechs, sizeof (crypto_mech_name_t) *
desc->pd_disabled_count);
kmem_free(desc, sizeof (kcf_policy_desc_t));
}