1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright (c) 2017, Datto, Inc. All rights reserved. 24 */ 25 26 #ifdef _KERNEL 27 #include <linux/module.h> 28 #include <linux/kernel.h> 29 #include <linux/init.h> 30 #else 31 #define __exit 32 #define __init 33 #endif 34 35 #include <sys/crypto/common.h> 36 #include <sys/crypto/api.h> 37 #include <sys/crypto/impl.h> 38 #include <sys/crypto/sched_impl.h> 39 #include <sys/modhash_impl.h> 40 #include <sys/crypto/icp.h> 41 42 /* 43 * Changes made to the original Illumos Crypto Layer for the ICP: 44 * 45 * Several changes were needed to allow the Illumos Crypto Layer 46 * to work in the Linux kernel. Almost all of the changes fall into 47 * one of the following categories: 48 * 49 * 1) Moving the syntax to the C90: This was mostly a matter of 50 * changing func() definitions to func(void). In a few cases, 51 * initializations of structs with unions needed to have brackets 52 * added. 53 * 54 * 2) Changes to allow userspace compilation: The ICP is meant to be 55 * compiled and used in both userspace and kernel space (for ztest and 56 * libzfs), so the _KERNEL macros did not make sense anymore. For the 57 * same reason, many header includes were also changed to use 58 * sys/zfs_context.h 59 * 60 * 3) Moving to a statically compiled architecture: At some point in 61 * the future it may make sense to have encryption algorithms that are 62 * loadable into the ICP at runtime via separate kernel modules. 63 * However, considering that this code will probably not see much use 64 * outside of zfs and zfs encryption only requires aes and sha256 65 * algorithms it seemed like more trouble than it was worth to port over 66 * Illumos's kernel module structure to a Linux kernel module. In 67 * addition, The Illumos code related to keeping track of kernel modules 68 * is very much tied to the Illumos OS and proved difficult to port to 69 * Linux. Therefore, the structure of the ICP was simplified to work 70 * statically and several pieces of code responsible for keeping track 71 * of Illumos kernel modules were removed and simplified. All module 72 * initialization and destruction is now called in this file during 73 * Linux kernel module loading and unloading. 74 * 75 * 4) Adding destructors: The Illumos Crypto Layer is built into 76 * the Illumos kernel and is not meant to be unloaded. Some destructors 77 * were added to allow the ICP to be unloaded without leaking 78 * structures. 79 * 80 * 5) Removing CRYPTO_DATA_MBLK related structures and code: 81 * crypto_data_t can have 3 formats, CRYPTO_DATA_RAW, CRYPTO_DATA_UIO, 82 * and CRYPTO_DATA_MBLK. ZFS only requires the first 2 formats, as the 83 * last one is related to streamed data. To simplify the port, code 84 * related to this format was removed. 85 * 86 * 6) Changes for architecture specific code: Some changes were needed 87 * to make architecture specific assembly compile. The biggest change 88 * here was to functions related to detecting CPU capabilities for amd64. 89 * The Illumos Crypto Layer used called into the Illumos kernel's API 90 * to discover these. They have been converted to instead use the 91 * 'cpuid' instruction as per the Intel spec. In addition, references to 92 * the sun4u' and sparc architectures have been removed so that these 93 * will use the generic implementation. 94 * 95 * 7) Removing sha384 and sha512 code: The sha code was actually very 96 * easy to port. However, the generic sha384 and sha512 code actually 97 * exceeds the stack size on arm and powerpc architectures. In an effort 98 * to remove warnings, this code was removed. 99 * 100 * 8) Change large allocations from kmem_alloc() to vmem_alloc(): In 101 * testing the ICP with the ZFS encryption code, a few allocations were 102 * found that could potentially be very large. These caused the SPL to 103 * throw warnings and so they were changed to use vmem_alloc(). 104 * 105 * 9) Makefiles: Makefiles were added that would work with the existing 106 * ZFS Makefiles. 107 */ 108 109 void __exit 110 icp_fini(void) 111 { 112 skein_mod_fini(); 113 sha2_mod_fini(); 114 sha1_mod_fini(); 115 edonr_mod_fini(); 116 aes_mod_fini(); 117 kcf_sched_destroy(); 118 kcf_prov_tab_destroy(); 119 kcf_destroy_mech_tabs(); 120 mod_hash_fini(); 121 } 122 123 /* roughly equivalent to kcf.c: _init() */ 124 int __init 125 icp_init(void) 126 { 127 /* initialize the mod hash module */ 128 mod_hash_init(); 129 130 /* initialize the mechanisms tables supported out-of-the-box */ 131 kcf_init_mech_tabs(); 132 133 /* initialize the providers tables */ 134 kcf_prov_tab_init(); 135 136 /* 137 * Initialize scheduling structures. Note that this does NOT 138 * start any threads since it might not be safe to do so. 139 */ 140 kcf_sched_init(); 141 142 /* initialize algorithms */ 143 aes_mod_init(); 144 edonr_mod_init(); 145 sha1_mod_init(); 146 sha2_mod_init(); 147 skein_mod_init(); 148 149 return (0); 150 } 151 152 #if defined(_KERNEL) 153 module_exit(icp_fini); 154 module_init(icp_init); 155 MODULE_AUTHOR(ZFS_META_AUTHOR); 156 MODULE_LICENSE(ZFS_META_LICENSE); 157 MODULE_VERSION(ZFS_META_VERSION "-" ZFS_META_RELEASE); 158 #endif 159