kcf_spi.c revision fe2f74680a9b0a4c22a80f5da91700cd48e715fe
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* This file is part of the core Kernel Cryptographic Framework.
* It implements the SPI functions exported to cryptographic
* providers.
*/
/*
* minalloc and maxalloc values to be used for taskq_create().
*/
static void free_provider_list(kcf_provider_list_t *);
static void remove_provider(kcf_provider_desc_t *);
static void process_logical_providers(crypto_provider_info_t *,
static int kcf_prov_kstat_update(kstat_t *, int);
static void undo_register_provider_extra(kcf_provider_desc_t *);
static void delete_kstat(kcf_provider_desc_t *);
static kcf_prov_stats_t kcf_stats_ks_data_template = {
{ "kcf_ops_total", KSTAT_DATA_UINT64 },
{ "kcf_ops_passed", KSTAT_DATA_UINT64 },
{ "kcf_ops_failed", KSTAT_DATA_UINT64 },
{ "kcf_ops_returned_busy", KSTAT_DATA_UINT64 }
};
/*
* Copy an ops vector from src to dst. Used during provider registration
* to copy the ops vector from the provider info structure to the
* provider descriptor maintained by KCF.
* Copying the ops vector specified by the provider is needed since the
* framework does not require the provider info structure to be
* persistent.
*/
static void
{
}
static void
{
}
static void
{
}
/*
* This routine is used to add cryptographic providers to the KEF framework.
* Providers pass a crypto_provider_info structure to crypto_register_provider()
* and get back a handle. The crypto_provider_info structure contains a
* list of mechanisms supported by the provider and an ops vector containing
* provider entry points. Hardware providers call this routine in their attach
* routines. Software providers call this routine in their _init() routine.
*/
int
{
int need_verify;
char *name;
char ks_name[KSTAT_STRLEN];
int ret = CRYPTO_ARGUMENTS_BAD;
return (CRYPTO_VERSION_MISMATCH);
/*
* Check provider type, must be software, hardware, or logical.
*/
return (CRYPTO_ARGUMENTS_BAD);
/*
* Allocate and initialize a new provider descriptor. We also
* hold it and release it when done.
*/
/* provider-private handle, opaque to KCF */
/* copy provider description string */
/*
* pi_provider_descriptor is a string that can contain
* up to CRYPTO_PROVIDER_DESCR_MAX_LEN + 1 characters
* INCLUDING the terminating null character. A bcopy()
* is necessary here as pd_description should not have
* a null character. See comments in kcf_alloc_provider_desc()
* for details on pd_description field.
*/
}
goto bail;
}
}
}
}
/* object_ops and nostore_key_ops are mutually exclusive */
goto bail;
}
/*
* For software providers, copy the module name and module ID.
* For hardware providers, copy the driver name and instance.
*/
switch (info->pi_provider_type) {
case CRYPTO_SW_PROVIDER:
goto bail;
goto bail;
break;
case CRYPTO_HW_PROVIDER:
case CRYPTO_LOGICAL_PROVIDER:
goto bail;
break;
}
goto bail;
goto bail;
/* process the mechanisms supported by the provider */
goto bail;
/*
* Add provider to providers tables, also sets the descriptor
* pd_prov_id field.
*/
goto bail;
}
goto bail;
}
/*
* We create a taskq only for a hardware provider. The global
* software queue is used for software providers. The taskq
* is limited to one thread since tasks are guaranteed to be
* executed in the order they are scheduled, if nthreads == 1. We
* pass TASKQ_PREPOPULATE flag to keep some entries cached to
* improve performance.
*/
else
/* no kernel session to logical providers */
/*
* Open a session for session-oriented providers. This session
* is used for all kernel consumers. This is fine as a provider
* is required to support multiple thread access to a session.
* We can do this only after the taskq has been created as we
* do a kcf_submit_request() to open the session.
*/
B_FALSE);
if (ret != CRYPTO_SUCCESS) {
ret = CRYPTO_FAILED;
goto bail;
}
}
}
/*
* Create the kstat for this provider. There is a kstat
* installed for each successfully registered provider.
* This kstat is deleted, when the provider unregisters.
*/
} else {
}
KSTAT_TYPE_NAMED, sizeof (kcf_prov_stats_t) /
sizeof (kstat_named_t), KSTAT_FLAG_VIRTUAL);
sizeof (kcf_stats_ks_data_template));
}
}
if (need_verify == 1) {
/* kcf_verify_signature routine will release these holds */
/*
* It is not safe to make the door upcall to kcfd from
* this context since the kcfd thread could reenter
* devfs. So, we dispatch a taskq job to do the
* verification and return to the provider.
*/
(void) taskq_dispatch(system_taskq,
goto bail;
}
}
} else {
}
bail:
return (ret);
}
/*
* This routine is used to notify the framework when a provider is being
* removed. Hardware providers call this routine in their detach routines.
* Software providers call this routine in their _fini() routine.
*/
int
{
/* lookup provider descriptor */
return (CRYPTO_UNKNOWN_PROVIDER);
/*
* Check if any other thread is disabling or removing
* this provider. We return if this is the case.
*/
/* Release reference held by kcf_prov_tab_lookup(). */
return (CRYPTO_BUSY);
}
if (saved_state == KCF_PROV_BUSY) {
/*
* The per-provider taskq thread may be waiting. We
* signal it so that it can start failing requests.
* Note that we do not need a cv_broadcast() as we keep
* only a single thread per taskq.
*/
}
/*
* Check if this provider is currently being used.
* pd_irefcnt is the number of holds from the internal
* structures. We add one to account for the above lookup.
*/
/* Release reference held by kcf_prov_tab_lookup(). */
/*
* The administrator presumably will stop the clients
* thus removing the holds, when they get the busy
* return value. Any retry will succeed then.
*/
return (CRYPTO_BUSY);
}
}
}
/* remove the provider from the mechanisms tables */
mech_idx++) {
}
}
/* remove provider from providers table */
/* Release reference held by kcf_prov_tab_lookup(). */
return (CRYPTO_UNKNOWN_PROVIDER);
}
/* Release reference held by kcf_prov_tab_lookup(). */
/*
* Wait till the existing requests complete.
*/
} else {
/*
* Wait until requests that have been sent to the provider
* complete.
*/
while (desc->pd_irefcnt > 0)
}
/*
* This is the only place where kcf_free_provider_desc()
* is called directly. KCF_PROV_REFRELE() should free the
* structure in all other places.
*/
} else {
}
return (CRYPTO_SUCCESS);
}
/*
* This routine is used to notify the framework that the state of
* a cryptographic provider has changed. Valid state codes are:
*
* CRYPTO_PROVIDER_READY
* The provider indicates that it can process more requests. A provider
* will notify with this event if it previously has notified us with a
* CRYPTO_PROVIDER_BUSY.
*
* CRYPTO_PROVIDER_BUSY
* The provider can not take more requests.
*
* CRYPTO_PROVIDER_FAILED
* The provider encountered an internal error. The framework will not
* be sending any more requests to the provider. The provider may notify
* with a CRYPTO_PROVIDER_READY, if it is able to recover from the error.
*
* This routine can be called from user or interrupt context.
*/
void
{
/* lookup the provider from the given handle */
return;
goto out;
"logical provider (%x) ignored\n", handle);
goto out;
}
switch (state) {
case CRYPTO_PROVIDER_READY:
case KCF_PROV_BUSY:
/*
* Signal the per-provider taskq thread that it
* can start submitting requests. Note that we do
* not need a cv_broadcast() as we keep only a
* single thread per taskq.
*/
break;
case KCF_PROV_FAILED:
/*
* The provider recovered from the error. Let us
* use it now.
*/
break;
}
break;
case CRYPTO_PROVIDER_BUSY:
case KCF_PROV_READY:
break;
}
break;
case CRYPTO_PROVIDER_FAILED:
/*
* We note the failure and return. The per-provider taskq
* thread checks this flag and starts failing the
* requests, if it is set. See process_req_hwp() for details.
*/
case KCF_PROV_READY:
break;
case KCF_PROV_BUSY:
/*
* The per-provider taskq thread may be waiting. We
* signal it so that it can start failing requests.
*/
break;
}
break;
}
out:
}
/*
* This routine is used to notify the framework the result of
* an asynchronous request handled by a provider. Valid error
* codes are the same as the CRYPTO_* errors defined in common.h.
*
* This routine can be called from user or interrupt context.
*/
void
{
if (error != CRYPTO_SUCCESS)
} else {
if (error != CRYPTO_SUCCESS)
}
}
/*
* This routine is used by software providers to determine
* whether to use KM_SLEEP or KM_NOSLEEP during memory allocation.
* Note that hardware providers can always use KM_SLEEP. So,
* they do not need to call this routine.
*
* This routine can be called from user or interrupt context.
*/
int
{
return (REQHNDL2_KMFLAG(handle));
}
/*
* Process the mechanism info structures specified by the provider
* during registration. A NULL crypto_provider_info_t indicates
* an already initialized provider descriptor.
*
* Mechanisms are not added to the kernel's mechanism table if the
* provider is a logical provider.
*
* Returns CRYPTO_SUCCESS on success, CRYPTO_ARGUMENTS if one
* of the specified mechanisms was malformed, or CRYPTO_HOST_MEMORY
* if the table of mechanisms is full.
*/
static int
{
int err = CRYPTO_SUCCESS;
int desc_use_count = 0;
sizeof (crypto_mech_info_t) * mcount);
}
return (CRYPTO_SUCCESS);
}
/*
* Copy the mechanism list from the provider info to the provider
* descriptor. desc->pd_mechanisms has an extra crypto_mech_info_t
* element if the provider has random_ops since we keep an internal
* mechanism, SUN_RANDOM, in this case.
*/
/*
* Need the following check as it is possible to have
* a provider that implements just random_ops and has
* pi_mechanisms == NULL.
*/
}
} else {
sizeof (crypto_mech_info_t) * mcount);
}
}
/*
* For each mechanism support by the provider, add the provider
* to the corresponding KCF mechanism mech_entry chain.
*/
break;
}
/*
* We ask the provider to specify the limit
* per hash mechanism. But, in practice, a
* hardware limitation means all hash mechanisms
* will have the same maximum size allowed for
* input data. So, we make it a per provider
* limit to keep it simple.
*/
if (mi->cm_max_input_length == 0) {
break;
} else {
}
}
break;
continue;
/* The provider will be used for this mechanism */
}
/*
* Don't allow multiple software providers with disabled mechanisms
* to register. Subsequent enabling of mechanisms will result in
* an unsupported configuration, i.e. multiple software providers
* per mechanism.
*/
return (CRYPTO_ARGUMENTS_BAD);
if (err == KCF_SUCCESS)
return (CRYPTO_SUCCESS);
/*
* An error occurred while adding the mechanism, cleanup
* and bail.
*/
}
if (err == KCF_MECH_TAB_FULL)
return (CRYPTO_HOST_MEMORY);
return (CRYPTO_ARGUMENTS_BAD);
}
/*
* Update routine for kstat. Only privileged users are allowed to
* access this information, since this information is sensitive.
* There are some cryptographic attacks (e.g. traffic analysis)
* which can use this information.
*/
static int
{
if (rw == KSTAT_WRITE)
return (EACCES);
} else {
}
return (0);
}
/*
* Utility routine called from failure paths in crypto_register_provider()
* and from crypto_load_soft_disabled().
*/
void
{
/* remove the provider from the mechanisms tables */
mech_idx++) {
}
/* remove provider from providers table */
if (remove_prov)
}
static void
{
}
/*
* Utility routine called from crypto_load_soft_disabled(). Callers
* should have done a prior undo_register_provider().
*/
void
{
/* process the mechanisms supported by the provider */
/*
* Hold provider in providers table. We should not call
* kcf_prov_tab_add_provider() here as the provider descriptor
* is still valid which means it has an entry in the provider
* table.
*/
}
/*
* Add provider (p1) to another provider's array of providers (p2).
* Hardware and logical providers use this array to cross-reference
* each other.
*/
static void
{
}
/*
* Remove provider (p1) from another provider's array of providers (p2).
* Hardware and logical providers use this array to cross-reference
* each other.
*/
static void
{
break;
}
}
return;
}
/* detach and free kcf_provider_list structure */
}
/*
* Convert an array of logical provider handles (crypto_provider_id)
* stored in a crypto_provider_info structure into an array of provider
* descriptors (kcf_provider_desc_t) attached to a logical provider.
*/
static void
{
int i;
/* add hardware provider to each logical provider */
for (i = 0; i < count; i++) {
continue;
}
/*
* A hardware provider has to have the provider descriptor of
* every logical provider it belongs to, so it can be removed
* from the logical provider if the hardware provider
* unregisters from the framework.
*/
}
}
/*
* This routine removes a provider from all of the logical or
* hardware providers it belongs to, and frees the provider's
* array of pointers to providers.
*/
static void
{
kcf_provider_list_t *e, *next;
p = e->pl_provider;
if (p->pd_prov_type == CRYPTO_HW_PROVIDER &&
p->pd_provider_list == NULL)
p->pd_flags &= ~KCF_LPROV_MEMBER;
kmem_free(e, sizeof (*e));
}
}
/*
* Dispatch events as needed for a provider. is_added flag tells
* whether the provider is registering or unregistering.
*/
void
{
int i;
/*
* Inform interested clients of the mechanisms becoming
* available/unavailable. We skip this for logical providers
* as they do not affect mechanisms.
*/
for (i = 0; i < prov_desc->pd_mech_list_count; i++) {
/* Skip any mechanisms not allowed by the policy */
continue;
}
}
/*
* Inform interested clients about the new or departing provider.
* In case of a logical provider, we need to notify the event only
* for the logical provider and not for the underlying
* providers which are known by the KCF_LPROV_MEMBER bit.
*/
}
}
static void
{
/* destroy the kstat created for this provider */
/* release reference held by desc->pd_kstat->ks_private */
}
}