fec509a05ddbf645268fe2e537314def7d1b67c8gm * CDDL HEADER START
fec509a05ddbf645268fe2e537314def7d1b67c8gm * The contents of this file are subject to the terms of the
fec509a05ddbf645268fe2e537314def7d1b67c8gm * Common Development and Distribution License (the "License").
fec509a05ddbf645268fe2e537314def7d1b67c8gm * You may not use this file except in compliance with the License.
fec509a05ddbf645268fe2e537314def7d1b67c8gm * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
fec509a05ddbf645268fe2e537314def7d1b67c8gm * See the License for the specific language governing permissions
fec509a05ddbf645268fe2e537314def7d1b67c8gm * and limitations under the License.
fec509a05ddbf645268fe2e537314def7d1b67c8gm * When distributing Covered Code, include this CDDL HEADER in each
fec509a05ddbf645268fe2e537314def7d1b67c8gm * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
fec509a05ddbf645268fe2e537314def7d1b67c8gm * If applicable, add the following below this CDDL HEADER, with the
fec509a05ddbf645268fe2e537314def7d1b67c8gm * fields enclosed by brackets "[]" replaced with your own identifying
fec509a05ddbf645268fe2e537314def7d1b67c8gm * information: Portions Copyright [yyyy] [name of copyright owner]
fec509a05ddbf645268fe2e537314def7d1b67c8gm * CDDL HEADER END
fec509a05ddbf645268fe2e537314def7d1b67c8gm * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
fec509a05ddbf645268fe2e537314def7d1b67c8gm * Use is subject to license terms.
fec509a05ddbf645268fe2e537314def7d1b67c8gm#pragma ident "%Z%%M% %I% %E% SMI"
fec509a05ddbf645268fe2e537314def7d1b67c8gm#define N2RNG_PROVIDER2N2RNG(x) (((n2rng_provider_private_t *)x)->mp_n2rng)
fec509a05ddbf645268fe2e537314def7d1b67c8gmstatic void n2rng_provider_status(crypto_provider_handle_t, uint_t *);
fec509a05ddbf645268fe2e537314def7d1b67c8gmstatic int n2rng_random_number(crypto_provider_handle_t, crypto_session_id_t,
fec509a05ddbf645268fe2e537314def7d1b67c8gmstatic int ext_info(crypto_provider_handle_t, crypto_provider_ext_info_t *,
fec509a05ddbf645268fe2e537314def7d1b67c8gmint fips_random(n2rng_t *n2rng, uint8_t *out, size_t nbytes);
fec509a05ddbf645268fe2e537314def7d1b67c8gmstatic crypto_provider_management_ops_t n2rng_extinfo_op = {
fec509a05ddbf645268fe2e537314def7d1b67c8gm 0, /* number of mechanisms */
fec509a05ddbf645268fe2e537314def7d1b67c8gm 0, /* pi_logical_provider_count */
fec509a05ddbf645268fe2e537314def7d1b67c8gmstatic void
fec509a05ddbf645268fe2e537314def7d1b67c8gm/*ARGSUSED*/
fec509a05ddbf645268fe2e537314def7d1b67c8gmext_info(crypto_provider_handle_t prov, crypto_provider_ext_info_t *ext_info,
fec509a05ddbf645268fe2e537314def7d1b67c8gm /* handle info common to logical and hardware provider */
fec509a05ddbf645268fe2e537314def7d1b67c8gm /* Manufacturer ID */
fec509a05ddbf645268fe2e537314def7d1b67c8gm strncpy_spacepad(ext_info->ei_manufacturerID, N2RNG_MANUFACTURER_ID,
fec509a05ddbf645268fe2e537314def7d1b67c8gm /* Model */
fec509a05ddbf645268fe2e537314def7d1b67c8gm strncpy_spacepad(ext_info->ei_model, "0", CRYPTO_EXT_SIZE_MODEL);
fec509a05ddbf645268fe2e537314def7d1b67c8gm /* Token flags */
fec509a05ddbf645268fe2e537314def7d1b67c8gm ext_info->ei_flags = CRYPTO_EXTF_RNG | CRYPTO_EXTF_SO_PIN_LOCKED |
fec509a05ddbf645268fe2e537314def7d1b67c8gm ext_info->ei_max_session_count = CRYPTO_EFFECTIVELY_INFINITE;
fec509a05ddbf645268fe2e537314def7d1b67c8gm ext_info->ei_total_public_memory = CRYPTO_UNAVAILABLE_INFO;
fec509a05ddbf645268fe2e537314def7d1b67c8gm ext_info->ei_free_public_memory = CRYPTO_UNAVAILABLE_INFO;
fec509a05ddbf645268fe2e537314def7d1b67c8gm ext_info->ei_total_private_memory = CRYPTO_UNAVAILABLE_INFO;
fec509a05ddbf645268fe2e537314def7d1b67c8gm ext_info->ei_free_private_memory = CRYPTO_UNAVAILABLE_INFO;
fec509a05ddbf645268fe2e537314def7d1b67c8gm /* Time. No need to be supplied for token without a clock */
fec509a05ddbf645268fe2e537314def7d1b67c8gm /* handle hardware provider specific fields */
fec509a05ddbf645268fe2e537314def7d1b67c8gm /* Token label */
fec509a05ddbf645268fe2e537314def7d1b67c8gm /* Serial number */
fec509a05ddbf645268fe2e537314def7d1b67c8gm /* Version info */
fec509a05ddbf645268fe2e537314def7d1b67c8gm /* set the token label */
fec509a05ddbf645268fe2e537314def7d1b67c8gm strncpy_spacepad(ext_info->ei_label, buf, CRYPTO_EXT_SIZE_LABEL);
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke /* Unregister provider without checking result */
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke * Register with KCF if not already registered
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke DBG0(n2rng, DKCF, "n2rng_kcf: Crypto provider already "
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke "registered");
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke "registered");
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke crypto_provider_notification(n2rng->n_prov, CRYPTO_PROVIDER_READY);
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke * Unregister with KCF if not already registered
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke DBG0(n2rng, DKCF, "n2rng_kcf: Crypto provider already "
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke "unregistered");
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke "unregistered");
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke * Set state to failed for all rngs if in control domain and dispatch a task
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke * to unregister from kcf
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke /* Check if error has already been detected */
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke cmn_err(CE_WARN, "n2rng: hardware failure detected");
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke /* Set each rng to failed if running in control domain */
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke for (rngid = 0; rngid < n2rng->n_ctl_data->n_num_rngs;
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke /* Dispatch task to unregister from kcf */
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke if (ddi_taskq_dispatch(n2rng->n_taskq, unregister_task,
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke cmn_err(CE_WARN, "n2rng: ddi_taskq_dispatch() failed");
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke * Set state to unconfigured for all rngs if in control domain and dispatch a
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke * task to unregister from kcf.
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke /* Check if unconfigured state has already been detected */
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke cmn_err(CE_WARN, "n2rng: no longer generating entropy");
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke /* Set each rng to unconfigured if running in control domain */
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke for (rngid = 0; rngid < n2rng->n_ctl_data->n_num_rngs;
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke /* Dispatch task to unregister from kcf */
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke if (ddi_taskq_dispatch(n2rng->n_taskq, unregister_task,
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke cmn_err(CE_WARN, "n2rng: ddi_taskq_dispatch() failed");
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke /* Schedule a configuration retry */
fec509a05ddbf645268fe2e537314def7d1b67c8gm * Setup and also register to kCF
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke /* Initialize data structures if not already done */
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke /* initialize kstats */
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke /* initialize the FIPS data and mutexes */
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke * Register with crypto framework if not already registered.
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke * Be careful not to exceed 32 characters.
fec509a05ddbf645268fe2e537314def7d1b67c8gm * Unregister from kCF and cleanup
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke /* Un-initialize data structures if they exist */
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke * Unregister from kCF.
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke * This needs to be done at the beginning of detach.
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke if (n2rng_unregister_provider(n2rng) != DDI_SUCCESS) {
741c280d5486676df48cd5d5e8ed8d92eac714a8twelke /* deinitialize kstats */
fec509a05ddbf645268fe2e537314def7d1b67c8gm * At this time there are no periodic health checks. If the health
fec509a05ddbf645268fe2e537314def7d1b67c8gm * check done at attrach time fails, the driver does not even attach.
fec509a05ddbf645268fe2e537314def7d1b67c8gm * So there are no failure conditions to report, and this provider is
fec509a05ddbf645268fe2e537314def7d1b67c8gm * never busy.
fec509a05ddbf645268fe2e537314def7d1b67c8gm/* ARGSUSED */
fec509a05ddbf645268fe2e537314def7d1b67c8gmstatic void
fec509a05ddbf645268fe2e537314def7d1b67c8gmn2rng_provider_status(crypto_provider_handle_t provider, uint_t *status)
fec509a05ddbf645268fe2e537314def7d1b67c8gm/*ARGSUSED*/
fec509a05ddbf645268fe2e537314def7d1b67c8gm crypto_session_id_t sess, unsigned char *buf, size_t buflen,
fec509a05ddbf645268fe2e537314def7d1b67c8gm return (rv);
fec509a05ddbf645268fe2e537314def7d1b67c8gm for (i = 0; i < N2RNG_FIPS_INSTANCES; i++) {
fec509a05ddbf645268fe2e537314def7d1b67c8gm rv = n2rng_fips_random_init(n2rng, &n2rng->n_frs.fipsarray[i]);
fec509a05ddbf645268fe2e537314def7d1b67c8gm /* finalize all the FIPS structures allocated so far */
fec509a05ddbf645268fe2e537314def7d1b67c8gm for (--i; i >= 0; --i) {
fec509a05ddbf645268fe2e537314def7d1b67c8gm return (rv);
fec509a05ddbf645268fe2e537314def7d1b67c8gm return (0);
fec509a05ddbf645268fe2e537314def7d1b67c8gmstatic void
fec509a05ddbf645268fe2e537314def7d1b67c8gm for (i = 0; i < N2RNG_FIPS_INSTANCES; i++) {