17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
5d2b32306Smcpowers * Common Development and Distribution License (the "License").
6d2b32306Smcpowers * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
217c478bd9Sstevel@tonic-gate /*
22005d3febSMarek Pospisil * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
237c478bd9Sstevel@tonic-gate * Use is subject to license terms.
247c478bd9Sstevel@tonic-gate */
257c478bd9Sstevel@tonic-gate
267c478bd9Sstevel@tonic-gate
277c478bd9Sstevel@tonic-gate /*
287c478bd9Sstevel@tonic-gate * The ioctl interface for administrative commands.
297c478bd9Sstevel@tonic-gate */
307c478bd9Sstevel@tonic-gate
317c478bd9Sstevel@tonic-gate #include <sys/types.h>
327c478bd9Sstevel@tonic-gate #include <sys/modctl.h>
337c478bd9Sstevel@tonic-gate #include <sys/conf.h>
347c478bd9Sstevel@tonic-gate #include <sys/stat.h>
357c478bd9Sstevel@tonic-gate #include <sys/ddi.h>
367c478bd9Sstevel@tonic-gate #include <sys/sunddi.h>
377c478bd9Sstevel@tonic-gate #include <sys/kmem.h>
387c478bd9Sstevel@tonic-gate #include <sys/errno.h>
397c478bd9Sstevel@tonic-gate #include <sys/ksynch.h>
407c478bd9Sstevel@tonic-gate #include <sys/file.h>
417c478bd9Sstevel@tonic-gate #include <sys/open.h>
427c478bd9Sstevel@tonic-gate #include <sys/cred.h>
437c478bd9Sstevel@tonic-gate #include <sys/model.h>
447c478bd9Sstevel@tonic-gate #include <sys/sysmacros.h>
457c478bd9Sstevel@tonic-gate #include <sys/crypto/common.h>
467c478bd9Sstevel@tonic-gate #include <sys/crypto/api.h>
477c478bd9Sstevel@tonic-gate #include <sys/crypto/impl.h>
487c478bd9Sstevel@tonic-gate #include <sys/crypto/sched_impl.h>
497c478bd9Sstevel@tonic-gate #include <sys/crypto/ioctladmin.h>
507c478bd9Sstevel@tonic-gate #include <c2/audit.h>
5173556491SAnthony Scarpino #include <sys/disp.h>
527c478bd9Sstevel@tonic-gate
537c478bd9Sstevel@tonic-gate /*
547c478bd9Sstevel@tonic-gate * DDI entry points.
557c478bd9Sstevel@tonic-gate */
567c478bd9Sstevel@tonic-gate static int cryptoadm_attach(dev_info_t *, ddi_attach_cmd_t);
577c478bd9Sstevel@tonic-gate static int cryptoadm_detach(dev_info_t *, ddi_detach_cmd_t);
587c478bd9Sstevel@tonic-gate static int cryptoadm_getinfo(dev_info_t *, ddi_info_cmd_t, void *, void **);
597c478bd9Sstevel@tonic-gate static int cryptoadm_open(dev_t *, int, int, cred_t *);
607c478bd9Sstevel@tonic-gate static int cryptoadm_close(dev_t, int, int, cred_t *);
617c478bd9Sstevel@tonic-gate static int cryptoadm_ioctl(dev_t, int, intptr_t, int, cred_t *, int *);
627c478bd9Sstevel@tonic-gate
637c478bd9Sstevel@tonic-gate extern void audit_cryptoadm(int, char *, crypto_mech_name_t *, uint_t,
647c478bd9Sstevel@tonic-gate uint_t, uint32_t, int);
65b5a2d845SHai-May Chao
667c478bd9Sstevel@tonic-gate /*
677c478bd9Sstevel@tonic-gate * Module linkage.
687c478bd9Sstevel@tonic-gate */
697c478bd9Sstevel@tonic-gate static struct cb_ops cbops = {
707c478bd9Sstevel@tonic-gate cryptoadm_open, /* cb_open */
717c478bd9Sstevel@tonic-gate cryptoadm_close, /* cb_close */
727c478bd9Sstevel@tonic-gate nodev, /* cb_strategy */
737c478bd9Sstevel@tonic-gate nodev, /* cb_print */
747c478bd9Sstevel@tonic-gate nodev, /* cb_dump */
757c478bd9Sstevel@tonic-gate nodev, /* cb_read */
767c478bd9Sstevel@tonic-gate nodev, /* cb_write */
777c478bd9Sstevel@tonic-gate cryptoadm_ioctl, /* cb_ioctl */
787c478bd9Sstevel@tonic-gate nodev, /* cb_devmap */
797c478bd9Sstevel@tonic-gate nodev, /* cb_mmap */
807c478bd9Sstevel@tonic-gate nodev, /* cb_segmap */
817c478bd9Sstevel@tonic-gate nochpoll, /* cb_chpoll */
827c478bd9Sstevel@tonic-gate ddi_prop_op, /* cb_prop_op */
837c478bd9Sstevel@tonic-gate NULL, /* cb_streamtab */
847c478bd9Sstevel@tonic-gate D_MP, /* cb_flag */
857c478bd9Sstevel@tonic-gate CB_REV, /* cb_rev */
867c478bd9Sstevel@tonic-gate nodev, /* cb_aread */
877c478bd9Sstevel@tonic-gate nodev, /* cb_awrite */
887c478bd9Sstevel@tonic-gate };
897c478bd9Sstevel@tonic-gate
907c478bd9Sstevel@tonic-gate static struct dev_ops devops = {
917c478bd9Sstevel@tonic-gate DEVO_REV, /* devo_rev */
927c478bd9Sstevel@tonic-gate 0, /* devo_refcnt */
937c478bd9Sstevel@tonic-gate cryptoadm_getinfo, /* devo_getinfo */
947c478bd9Sstevel@tonic-gate nulldev, /* devo_identify */
957c478bd9Sstevel@tonic-gate nulldev, /* devo_probe */
967c478bd9Sstevel@tonic-gate cryptoadm_attach, /* devo_attach */
977c478bd9Sstevel@tonic-gate cryptoadm_detach, /* devo_detach */
987c478bd9Sstevel@tonic-gate nodev, /* devo_reset */
997c478bd9Sstevel@tonic-gate &cbops, /* devo_cb_ops */
1007c478bd9Sstevel@tonic-gate NULL, /* devo_bus_ops */
1017c478bd9Sstevel@tonic-gate NULL, /* devo_power */
10219397407SSherry Moore ddi_quiesce_not_needed, /* devo_quiesce */
1037c478bd9Sstevel@tonic-gate };
1047c478bd9Sstevel@tonic-gate
1057c478bd9Sstevel@tonic-gate static struct modldrv modldrv = {
1067c478bd9Sstevel@tonic-gate &mod_driverops, /* drv_modops */
107d2b32306Smcpowers "Cryptographic Administrative Interface", /* drv_linkinfo */
1087c478bd9Sstevel@tonic-gate &devops,
1097c478bd9Sstevel@tonic-gate };
1107c478bd9Sstevel@tonic-gate
1117c478bd9Sstevel@tonic-gate static struct modlinkage modlinkage = {
1127c478bd9Sstevel@tonic-gate MODREV_1, /* ml_rev */
1137c478bd9Sstevel@tonic-gate &modldrv, /* ml_linkage */
1147c478bd9Sstevel@tonic-gate NULL
1157c478bd9Sstevel@tonic-gate };
1167c478bd9Sstevel@tonic-gate
1177c478bd9Sstevel@tonic-gate static dev_info_t *cryptoadm_dip = NULL;
1187c478bd9Sstevel@tonic-gate
1197c478bd9Sstevel@tonic-gate /*
1207c478bd9Sstevel@tonic-gate * DDI entry points.
1217c478bd9Sstevel@tonic-gate */
1227c478bd9Sstevel@tonic-gate int
_init(void)1237c478bd9Sstevel@tonic-gate _init(void)
1247c478bd9Sstevel@tonic-gate {
1257c478bd9Sstevel@tonic-gate return (mod_install(&modlinkage));
1267c478bd9Sstevel@tonic-gate }
1277c478bd9Sstevel@tonic-gate
1287c478bd9Sstevel@tonic-gate int
_fini(void)1297c478bd9Sstevel@tonic-gate _fini(void)
1307c478bd9Sstevel@tonic-gate {
1317c478bd9Sstevel@tonic-gate return (mod_remove(&modlinkage));
1327c478bd9Sstevel@tonic-gate }
1337c478bd9Sstevel@tonic-gate
1347c478bd9Sstevel@tonic-gate int
_info(struct modinfo * modinfop)1357c478bd9Sstevel@tonic-gate _info(struct modinfo *modinfop)
1367c478bd9Sstevel@tonic-gate {
1377c478bd9Sstevel@tonic-gate return (mod_info(&modlinkage, modinfop));
1387c478bd9Sstevel@tonic-gate }
1397c478bd9Sstevel@tonic-gate
1407c478bd9Sstevel@tonic-gate /* ARGSUSED */
1417c478bd9Sstevel@tonic-gate static int
cryptoadm_getinfo(dev_info_t * dip,ddi_info_cmd_t cmd,void * arg,void ** result)1427c478bd9Sstevel@tonic-gate cryptoadm_getinfo(dev_info_t *dip, ddi_info_cmd_t cmd, void *arg, void **result)
1437c478bd9Sstevel@tonic-gate {
1447c478bd9Sstevel@tonic-gate switch (cmd) {
1457c478bd9Sstevel@tonic-gate case DDI_INFO_DEVT2DEVINFO:
1467c478bd9Sstevel@tonic-gate *result = (void *)cryptoadm_dip;
1477c478bd9Sstevel@tonic-gate return (DDI_SUCCESS);
1487c478bd9Sstevel@tonic-gate
1497c478bd9Sstevel@tonic-gate case DDI_INFO_DEVT2INSTANCE:
1507c478bd9Sstevel@tonic-gate *result = (void *)0;
1517c478bd9Sstevel@tonic-gate return (DDI_SUCCESS);
1527c478bd9Sstevel@tonic-gate }
1537c478bd9Sstevel@tonic-gate return (DDI_FAILURE);
1547c478bd9Sstevel@tonic-gate }
1557c478bd9Sstevel@tonic-gate
1567c478bd9Sstevel@tonic-gate static int
cryptoadm_attach(dev_info_t * dip,ddi_attach_cmd_t cmd)1577c478bd9Sstevel@tonic-gate cryptoadm_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
1587c478bd9Sstevel@tonic-gate {
1597c478bd9Sstevel@tonic-gate if (cmd != DDI_ATTACH) {
1607c478bd9Sstevel@tonic-gate return (DDI_FAILURE);
1617c478bd9Sstevel@tonic-gate }
1627c478bd9Sstevel@tonic-gate if (ddi_get_instance(dip) != 0) {
1637c478bd9Sstevel@tonic-gate /* we only allow instance 0 to attach */
1647c478bd9Sstevel@tonic-gate return (DDI_FAILURE);
1657c478bd9Sstevel@tonic-gate }
1667c478bd9Sstevel@tonic-gate
1677c478bd9Sstevel@tonic-gate /* create the minor node */
1687c478bd9Sstevel@tonic-gate if (ddi_create_minor_node(dip, "cryptoadm", S_IFCHR, 0,
1697c478bd9Sstevel@tonic-gate DDI_PSEUDO, 0) != DDI_SUCCESS) {
1707c478bd9Sstevel@tonic-gate cmn_err(CE_WARN, "cryptoadm: failed creating minor node");
1717c478bd9Sstevel@tonic-gate ddi_remove_minor_node(dip, NULL);
1727c478bd9Sstevel@tonic-gate return (DDI_FAILURE);
1737c478bd9Sstevel@tonic-gate }
1747c478bd9Sstevel@tonic-gate
1757c478bd9Sstevel@tonic-gate cryptoadm_dip = dip;
1767c478bd9Sstevel@tonic-gate
1777c478bd9Sstevel@tonic-gate return (DDI_SUCCESS);
1787c478bd9Sstevel@tonic-gate }
1797c478bd9Sstevel@tonic-gate
1807c478bd9Sstevel@tonic-gate static int
cryptoadm_detach(dev_info_t * dip,ddi_detach_cmd_t cmd)1817c478bd9Sstevel@tonic-gate cryptoadm_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
1827c478bd9Sstevel@tonic-gate {
1837c478bd9Sstevel@tonic-gate if (cmd != DDI_DETACH)
1847c478bd9Sstevel@tonic-gate return (DDI_FAILURE);
1857c478bd9Sstevel@tonic-gate
1867c478bd9Sstevel@tonic-gate cryptoadm_dip = NULL;
1877c478bd9Sstevel@tonic-gate ddi_remove_minor_node(dip, NULL);
1887c478bd9Sstevel@tonic-gate
1897c478bd9Sstevel@tonic-gate return (DDI_SUCCESS);
1907c478bd9Sstevel@tonic-gate }
1917c478bd9Sstevel@tonic-gate
1927c478bd9Sstevel@tonic-gate /* ARGSUSED */
1937c478bd9Sstevel@tonic-gate static int
cryptoadm_open(dev_t * devp,int flag,int otyp,cred_t * credp)1947c478bd9Sstevel@tonic-gate cryptoadm_open(dev_t *devp, int flag, int otyp, cred_t *credp)
1957c478bd9Sstevel@tonic-gate {
1967c478bd9Sstevel@tonic-gate if (otyp != OTYP_CHR || cryptoadm_dip == NULL)
1977c478bd9Sstevel@tonic-gate return (ENXIO);
1987c478bd9Sstevel@tonic-gate
1997c478bd9Sstevel@tonic-gate /* exclusive opens are not supported */
2007c478bd9Sstevel@tonic-gate if (flag & FEXCL)
2017c478bd9Sstevel@tonic-gate return (ENOTSUP);
2027c478bd9Sstevel@tonic-gate
2037c478bd9Sstevel@tonic-gate *devp = makedevice(getmajor(*devp), 0);
2047c478bd9Sstevel@tonic-gate
2057c478bd9Sstevel@tonic-gate kcf_sched_start();
2067c478bd9Sstevel@tonic-gate
2077c478bd9Sstevel@tonic-gate return (0);
2087c478bd9Sstevel@tonic-gate }
2097c478bd9Sstevel@tonic-gate
2107c478bd9Sstevel@tonic-gate /* ARGSUSED */
2117c478bd9Sstevel@tonic-gate static int
cryptoadm_close(dev_t dev,int flag,int otyp,cred_t * credp)2127c478bd9Sstevel@tonic-gate cryptoadm_close(dev_t dev, int flag, int otyp, cred_t *credp)
2137c478bd9Sstevel@tonic-gate {
2147c478bd9Sstevel@tonic-gate return (0);
2157c478bd9Sstevel@tonic-gate }
2167c478bd9Sstevel@tonic-gate
2177c478bd9Sstevel@tonic-gate /*
2187c478bd9Sstevel@tonic-gate * Returns TRUE if array of size MAXNAMELEN contains a '\0'
2197c478bd9Sstevel@tonic-gate * termination character, otherwise, it returns FALSE.
2207c478bd9Sstevel@tonic-gate */
2217c478bd9Sstevel@tonic-gate static boolean_t
null_terminated(char * array)2227c478bd9Sstevel@tonic-gate null_terminated(char *array)
2237c478bd9Sstevel@tonic-gate {
2247c478bd9Sstevel@tonic-gate int i;
2257c478bd9Sstevel@tonic-gate
2267c478bd9Sstevel@tonic-gate for (i = 0; i < MAXNAMELEN; i++)
2277c478bd9Sstevel@tonic-gate if (array[i] == '\0')
2287c478bd9Sstevel@tonic-gate return (B_TRUE);
2297c478bd9Sstevel@tonic-gate
2307c478bd9Sstevel@tonic-gate return (B_FALSE);
2317c478bd9Sstevel@tonic-gate }
2327c478bd9Sstevel@tonic-gate
2337c478bd9Sstevel@tonic-gate /*
2347c478bd9Sstevel@tonic-gate * This ioctl returns an array of hardware providers. Each entry
2357c478bd9Sstevel@tonic-gate * contains a device name, device instance, and number of
2367c478bd9Sstevel@tonic-gate * supported mechanisms.
2377c478bd9Sstevel@tonic-gate */
2387c478bd9Sstevel@tonic-gate /* ARGSUSED */
2397c478bd9Sstevel@tonic-gate static int
get_dev_list(dev_t dev,caddr_t arg,int mode,int * rval)2407c478bd9Sstevel@tonic-gate get_dev_list(dev_t dev, caddr_t arg, int mode, int *rval)
2417c478bd9Sstevel@tonic-gate {
2427c478bd9Sstevel@tonic-gate crypto_get_dev_list_t dev_list;
2437c478bd9Sstevel@tonic-gate crypto_dev_list_entry_t *entries;
2447c478bd9Sstevel@tonic-gate size_t copyout_size;
2457c478bd9Sstevel@tonic-gate uint_t count;
2467c478bd9Sstevel@tonic-gate ulong_t offset;
2477c478bd9Sstevel@tonic-gate
2487c478bd9Sstevel@tonic-gate if (copyin(arg, &dev_list, sizeof (dev_list)) != 0)
2497c478bd9Sstevel@tonic-gate return (EFAULT);
2507c478bd9Sstevel@tonic-gate
2517c478bd9Sstevel@tonic-gate /* get the list from the core module */
2527c478bd9Sstevel@tonic-gate if (crypto_get_dev_list(&count, &entries) != 0) {
2537c478bd9Sstevel@tonic-gate dev_list.dl_return_value = CRYPTO_FAILED;
2547c478bd9Sstevel@tonic-gate if (copyout(&dev_list, arg, sizeof (dev_list)) != 0) {
2557c478bd9Sstevel@tonic-gate return (EFAULT);
2567c478bd9Sstevel@tonic-gate }
2577c478bd9Sstevel@tonic-gate return (0);
2587c478bd9Sstevel@tonic-gate }
2597c478bd9Sstevel@tonic-gate
2607c478bd9Sstevel@tonic-gate /* check if buffer is too small */
2617c478bd9Sstevel@tonic-gate if (count > dev_list.dl_dev_count) {
2627c478bd9Sstevel@tonic-gate dev_list.dl_dev_count = count;
2637c478bd9Sstevel@tonic-gate dev_list.dl_return_value = CRYPTO_BUFFER_TOO_SMALL;
2647c478bd9Sstevel@tonic-gate crypto_free_dev_list(entries, count);
2657c478bd9Sstevel@tonic-gate if (copyout(&dev_list, arg, sizeof (dev_list)) != 0) {
2667c478bd9Sstevel@tonic-gate return (EFAULT);
2677c478bd9Sstevel@tonic-gate }
2687c478bd9Sstevel@tonic-gate return (0);
2697c478bd9Sstevel@tonic-gate }
2707c478bd9Sstevel@tonic-gate
2717c478bd9Sstevel@tonic-gate dev_list.dl_dev_count = count;
2727c478bd9Sstevel@tonic-gate dev_list.dl_return_value = CRYPTO_SUCCESS;
2737c478bd9Sstevel@tonic-gate
2747c478bd9Sstevel@tonic-gate copyout_size = count * sizeof (crypto_dev_list_entry_t);
2757c478bd9Sstevel@tonic-gate
2767c478bd9Sstevel@tonic-gate /* copyout the first stuff */
2777c478bd9Sstevel@tonic-gate if (copyout(&dev_list, arg, sizeof (dev_list)) != 0) {
2787c478bd9Sstevel@tonic-gate crypto_free_dev_list(entries, count);
2797c478bd9Sstevel@tonic-gate return (EFAULT);
2807c478bd9Sstevel@tonic-gate }
2817c478bd9Sstevel@tonic-gate
2827c478bd9Sstevel@tonic-gate /* copyout entries */
2837c478bd9Sstevel@tonic-gate offset = offsetof(crypto_get_dev_list_t, dl_devs);
2847c478bd9Sstevel@tonic-gate if (count > 0 && copyout(entries, arg + offset, copyout_size) != 0) {
2857c478bd9Sstevel@tonic-gate crypto_free_dev_list(entries, count);
2867c478bd9Sstevel@tonic-gate return (EFAULT);
2877c478bd9Sstevel@tonic-gate }
2887c478bd9Sstevel@tonic-gate crypto_free_dev_list(entries, count);
2897c478bd9Sstevel@tonic-gate return (0);
2907c478bd9Sstevel@tonic-gate }
2917c478bd9Sstevel@tonic-gate
2927c478bd9Sstevel@tonic-gate /*
2937c478bd9Sstevel@tonic-gate * This ioctl returns a buffer containing the null terminated names
2947c478bd9Sstevel@tonic-gate * of software providers.
2957c478bd9Sstevel@tonic-gate */
2967c478bd9Sstevel@tonic-gate /* ARGSUSED */
2977c478bd9Sstevel@tonic-gate static int
get_soft_list(dev_t dev,caddr_t arg,int mode,int * rval)2987c478bd9Sstevel@tonic-gate get_soft_list(dev_t dev, caddr_t arg, int mode, int *rval)
2997c478bd9Sstevel@tonic-gate {
3007c478bd9Sstevel@tonic-gate STRUCT_DECL(crypto_get_soft_list, soft_list);
3017c478bd9Sstevel@tonic-gate char *names;
3027c478bd9Sstevel@tonic-gate size_t len;
3037c478bd9Sstevel@tonic-gate uint_t count;
3047c478bd9Sstevel@tonic-gate
3057c478bd9Sstevel@tonic-gate STRUCT_INIT(soft_list, mode);
3067c478bd9Sstevel@tonic-gate
3077c478bd9Sstevel@tonic-gate if (copyin(arg, STRUCT_BUF(soft_list), STRUCT_SIZE(soft_list)) != 0)
3087c478bd9Sstevel@tonic-gate return (EFAULT);
3097c478bd9Sstevel@tonic-gate
3107c478bd9Sstevel@tonic-gate /* get the list from the core module */
3117c478bd9Sstevel@tonic-gate if (crypto_get_soft_list(&count, &names, &len) != 0) {
3127c478bd9Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_return_value, CRYPTO_FAILED);
3137c478bd9Sstevel@tonic-gate if (copyout(STRUCT_BUF(soft_list), arg,
3147c478bd9Sstevel@tonic-gate STRUCT_SIZE(soft_list)) != 0) {
3157c478bd9Sstevel@tonic-gate return (EFAULT);
3167c478bd9Sstevel@tonic-gate }
3177c478bd9Sstevel@tonic-gate return (0);
3187c478bd9Sstevel@tonic-gate }
3197c478bd9Sstevel@tonic-gate
3207c478bd9Sstevel@tonic-gate /* check if buffer is too small */
3217c478bd9Sstevel@tonic-gate if (len > STRUCT_FGET(soft_list, sl_soft_len)) {
3227c478bd9Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_soft_count, count);
3237c478bd9Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_soft_len, len);
3247c478bd9Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_return_value,
3257c478bd9Sstevel@tonic-gate CRYPTO_BUFFER_TOO_SMALL);
3267c478bd9Sstevel@tonic-gate kmem_free(names, len);
3277c478bd9Sstevel@tonic-gate if (copyout(STRUCT_BUF(soft_list), arg,
3287c478bd9Sstevel@tonic-gate STRUCT_SIZE(soft_list)) != 0) {
3297c478bd9Sstevel@tonic-gate return (EFAULT);
3307c478bd9Sstevel@tonic-gate }
3317c478bd9Sstevel@tonic-gate return (0);
3327c478bd9Sstevel@tonic-gate }
3337c478bd9Sstevel@tonic-gate
3347c478bd9Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_soft_count, count);
3357c478bd9Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_soft_len, len);
3367c478bd9Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_return_value, CRYPTO_SUCCESS);
3377c478bd9Sstevel@tonic-gate
3387c478bd9Sstevel@tonic-gate if (count > 0 && copyout(names,
3397c478bd9Sstevel@tonic-gate STRUCT_FGETP(soft_list, sl_soft_names), len) != 0) {
3407c478bd9Sstevel@tonic-gate kmem_free(names, len);
3417c478bd9Sstevel@tonic-gate return (EFAULT);
3427c478bd9Sstevel@tonic-gate }
3437c478bd9Sstevel@tonic-gate kmem_free(names, len);
3447c478bd9Sstevel@tonic-gate
3457c478bd9Sstevel@tonic-gate if (copyout(STRUCT_BUF(soft_list), arg, STRUCT_SIZE(soft_list)) != 0) {
3467c478bd9Sstevel@tonic-gate return (EFAULT);
3477c478bd9Sstevel@tonic-gate }
3487c478bd9Sstevel@tonic-gate
3497c478bd9Sstevel@tonic-gate return (0);
3507c478bd9Sstevel@tonic-gate }
3517c478bd9Sstevel@tonic-gate
3527c478bd9Sstevel@tonic-gate /*
3537c478bd9Sstevel@tonic-gate * This ioctl returns an array of mechanisms supported by the
3547c478bd9Sstevel@tonic-gate * specified device.
3557c478bd9Sstevel@tonic-gate */
3567c478bd9Sstevel@tonic-gate /* ARGSUSED */
3577c478bd9Sstevel@tonic-gate static int
get_dev_info(dev_t dev,caddr_t arg,int mode,int * rval)3587c478bd9Sstevel@tonic-gate get_dev_info(dev_t dev, caddr_t arg, int mode, int *rval)
3597c478bd9Sstevel@tonic-gate {
3607c478bd9Sstevel@tonic-gate crypto_get_dev_info_t dev_info;
3617c478bd9Sstevel@tonic-gate crypto_mech_name_t *entries;
3627c478bd9Sstevel@tonic-gate size_t copyout_size;
3637c478bd9Sstevel@tonic-gate uint_t count;
3647c478bd9Sstevel@tonic-gate ulong_t offset;
3657c478bd9Sstevel@tonic-gate char *dev_name;
3667c478bd9Sstevel@tonic-gate int rv;
3677c478bd9Sstevel@tonic-gate
3687c478bd9Sstevel@tonic-gate if (copyin(arg, &dev_info, sizeof (dev_info)) != 0)
3697c478bd9Sstevel@tonic-gate return (EFAULT);
3707c478bd9Sstevel@tonic-gate
3717c478bd9Sstevel@tonic-gate dev_name = dev_info.di_dev_name;
3727c478bd9Sstevel@tonic-gate /* make sure the device name is null terminated */
3737c478bd9Sstevel@tonic-gate if (!null_terminated(dev_name)) {
3747c478bd9Sstevel@tonic-gate dev_info.di_return_value = CRYPTO_ARGUMENTS_BAD;
3757c478bd9Sstevel@tonic-gate if (copyout(&dev_info, arg, sizeof (dev_info)) != 0) {
3767c478bd9Sstevel@tonic-gate return (EFAULT);
3777c478bd9Sstevel@tonic-gate }
3787c478bd9Sstevel@tonic-gate return (0);
3797c478bd9Sstevel@tonic-gate }
3807c478bd9Sstevel@tonic-gate
3817c478bd9Sstevel@tonic-gate /* get mechanism names from the core module */
3827c478bd9Sstevel@tonic-gate if ((rv = crypto_get_dev_info(dev_name, dev_info.di_dev_instance,
3837c478bd9Sstevel@tonic-gate &count, &entries)) != CRYPTO_SUCCESS) {
3847c478bd9Sstevel@tonic-gate dev_info.di_return_value = rv;
3857c478bd9Sstevel@tonic-gate if (copyout(&dev_info, arg, sizeof (dev_info)) != 0) {
3867c478bd9Sstevel@tonic-gate return (EFAULT);
3877c478bd9Sstevel@tonic-gate }
3887c478bd9Sstevel@tonic-gate return (0);
3897c478bd9Sstevel@tonic-gate }
3907c478bd9Sstevel@tonic-gate
3917c478bd9Sstevel@tonic-gate /* check if buffer is too small */
3927c478bd9Sstevel@tonic-gate if (count > dev_info.di_count) {
3937c478bd9Sstevel@tonic-gate dev_info.di_count = count;
3947c478bd9Sstevel@tonic-gate dev_info.di_return_value = CRYPTO_BUFFER_TOO_SMALL;
3957c478bd9Sstevel@tonic-gate crypto_free_mech_list(entries, count);
3967c478bd9Sstevel@tonic-gate if (copyout(&dev_info, arg, sizeof (dev_info)) != 0) {
3977c478bd9Sstevel@tonic-gate return (EFAULT);
3987c478bd9Sstevel@tonic-gate }
3997c478bd9Sstevel@tonic-gate return (0);
4007c478bd9Sstevel@tonic-gate }
4017c478bd9Sstevel@tonic-gate
4027c478bd9Sstevel@tonic-gate dev_info.di_count = count;
4037c478bd9Sstevel@tonic-gate dev_info.di_return_value = CRYPTO_SUCCESS;
4047c478bd9Sstevel@tonic-gate
4057c478bd9Sstevel@tonic-gate copyout_size = count * sizeof (crypto_mech_name_t);
4067c478bd9Sstevel@tonic-gate
4077c478bd9Sstevel@tonic-gate /* copyout the first stuff */
4087c478bd9Sstevel@tonic-gate if (copyout(&dev_info, arg, sizeof (dev_info)) != 0) {
4097c478bd9Sstevel@tonic-gate crypto_free_mech_list(entries, count);
4107c478bd9Sstevel@tonic-gate return (EFAULT);
4117c478bd9Sstevel@tonic-gate }
4127c478bd9Sstevel@tonic-gate
4137c478bd9Sstevel@tonic-gate /* copyout entries */
4147c478bd9Sstevel@tonic-gate offset = offsetof(crypto_get_dev_info_t, di_list);
4157c478bd9Sstevel@tonic-gate if (copyout(entries, arg + offset, copyout_size) != 0) {
4167c478bd9Sstevel@tonic-gate crypto_free_mech_list(entries, count);
4177c478bd9Sstevel@tonic-gate return (EFAULT);
4187c478bd9Sstevel@tonic-gate }
4197c478bd9Sstevel@tonic-gate crypto_free_mech_list(entries, count);
4207c478bd9Sstevel@tonic-gate return (0);
4217c478bd9Sstevel@tonic-gate }
4227c478bd9Sstevel@tonic-gate
4237c478bd9Sstevel@tonic-gate /*
4247c478bd9Sstevel@tonic-gate * This ioctl returns an array of mechanisms supported by the
4257c478bd9Sstevel@tonic-gate * specified cryptographic module.
4267c478bd9Sstevel@tonic-gate */
4277c478bd9Sstevel@tonic-gate /* ARGSUSED */
4287c478bd9Sstevel@tonic-gate static int
get_soft_info(dev_t dev,caddr_t arg,int mode,int * rval)4297c478bd9Sstevel@tonic-gate get_soft_info(dev_t dev, caddr_t arg, int mode, int *rval)
4307c478bd9Sstevel@tonic-gate {
4317c478bd9Sstevel@tonic-gate crypto_get_soft_info_t soft_info;
4327c478bd9Sstevel@tonic-gate crypto_mech_name_t *entries;
4337c478bd9Sstevel@tonic-gate size_t copyout_size;
4347c478bd9Sstevel@tonic-gate uint_t count;
4357c478bd9Sstevel@tonic-gate ulong_t offset;
4367c478bd9Sstevel@tonic-gate char *name;
4377c478bd9Sstevel@tonic-gate
4387c478bd9Sstevel@tonic-gate if (copyin(arg, &soft_info, sizeof (soft_info)) != 0)
4397c478bd9Sstevel@tonic-gate return (EFAULT);
4407c478bd9Sstevel@tonic-gate
4417c478bd9Sstevel@tonic-gate name = soft_info.si_name;
4427c478bd9Sstevel@tonic-gate /* make sure the provider name is null terminated */
4437c478bd9Sstevel@tonic-gate if (!null_terminated(name)) {
4447c478bd9Sstevel@tonic-gate soft_info.si_return_value = CRYPTO_ARGUMENTS_BAD;
4457c478bd9Sstevel@tonic-gate if (copyout(&soft_info, arg, sizeof (soft_info)) != 0) {
4467c478bd9Sstevel@tonic-gate return (EFAULT);
4477c478bd9Sstevel@tonic-gate }
4487c478bd9Sstevel@tonic-gate return (0);
4497c478bd9Sstevel@tonic-gate }
4507c478bd9Sstevel@tonic-gate
4517c478bd9Sstevel@tonic-gate /* get mechanism names from the core module */
4527c478bd9Sstevel@tonic-gate if (crypto_get_soft_info(name, &count, &entries) != 0) {
4537c478bd9Sstevel@tonic-gate soft_info.si_return_value = CRYPTO_FAILED;
4547c478bd9Sstevel@tonic-gate if (copyout(&soft_info, arg, sizeof (soft_info)) != 0) {
4557c478bd9Sstevel@tonic-gate return (EFAULT);
4567c478bd9Sstevel@tonic-gate }
4577c478bd9Sstevel@tonic-gate return (0);
4587c478bd9Sstevel@tonic-gate }
4597c478bd9Sstevel@tonic-gate
4607c478bd9Sstevel@tonic-gate /* check if buffer is too small */
4617c478bd9Sstevel@tonic-gate if (count > soft_info.si_count) {
4627c478bd9Sstevel@tonic-gate soft_info.si_count = count;
4637c478bd9Sstevel@tonic-gate soft_info.si_return_value = CRYPTO_BUFFER_TOO_SMALL;
4647c478bd9Sstevel@tonic-gate crypto_free_mech_list(entries, count);
4657c478bd9Sstevel@tonic-gate if (copyout(&soft_info, arg, sizeof (soft_info)) != 0) {
4667c478bd9Sstevel@tonic-gate return (EFAULT);
4677c478bd9Sstevel@tonic-gate }
4687c478bd9Sstevel@tonic-gate return (0);
4697c478bd9Sstevel@tonic-gate }
4707c478bd9Sstevel@tonic-gate
4717c478bd9Sstevel@tonic-gate soft_info.si_count = count;
4727c478bd9Sstevel@tonic-gate soft_info.si_return_value = CRYPTO_SUCCESS;
4737c478bd9Sstevel@tonic-gate copyout_size = count * sizeof (crypto_mech_name_t);
4747c478bd9Sstevel@tonic-gate
4757c478bd9Sstevel@tonic-gate /* copyout the first stuff */
4767c478bd9Sstevel@tonic-gate if (copyout(&soft_info, arg, sizeof (soft_info)) != 0) {
4777c478bd9Sstevel@tonic-gate crypto_free_mech_list(entries, count);
4787c478bd9Sstevel@tonic-gate return (EFAULT);
4797c478bd9Sstevel@tonic-gate }
4807c478bd9Sstevel@tonic-gate
4817c478bd9Sstevel@tonic-gate /* copyout entries */
4827c478bd9Sstevel@tonic-gate offset = offsetof(crypto_get_soft_info_t, si_list);
4837c478bd9Sstevel@tonic-gate if (copyout(entries, arg + offset, copyout_size) != 0) {
4847c478bd9Sstevel@tonic-gate crypto_free_mech_list(entries, count);
4857c478bd9Sstevel@tonic-gate return (EFAULT);
4867c478bd9Sstevel@tonic-gate }
4877c478bd9Sstevel@tonic-gate crypto_free_mech_list(entries, count);
4887c478bd9Sstevel@tonic-gate return (0);
4897c478bd9Sstevel@tonic-gate }
4907c478bd9Sstevel@tonic-gate
4917c478bd9Sstevel@tonic-gate /*
4927c478bd9Sstevel@tonic-gate * This ioctl disables mechanisms supported by the specified device.
4937c478bd9Sstevel@tonic-gate */
4947c478bd9Sstevel@tonic-gate /* ARGSUSED */
4957c478bd9Sstevel@tonic-gate static int
load_dev_disabled(dev_t dev,caddr_t arg,int mode,int * rval)4967c478bd9Sstevel@tonic-gate load_dev_disabled(dev_t dev, caddr_t arg, int mode, int *rval)
4977c478bd9Sstevel@tonic-gate {
4987c478bd9Sstevel@tonic-gate crypto_load_dev_disabled_t dev_disabled;
4997c478bd9Sstevel@tonic-gate crypto_mech_name_t *entries;
5007c478bd9Sstevel@tonic-gate size_t size;
5017c478bd9Sstevel@tonic-gate ulong_t offset;
5027c478bd9Sstevel@tonic-gate uint_t count;
5037c478bd9Sstevel@tonic-gate uint_t instance;
5047c478bd9Sstevel@tonic-gate char *dev_name;
5057c478bd9Sstevel@tonic-gate uint32_t rv;
5067c478bd9Sstevel@tonic-gate int error = 0;
5077c478bd9Sstevel@tonic-gate
508*c846684cSToomas Soome entries = NULL;
509*c846684cSToomas Soome count = 0;
510*c846684cSToomas Soome instance = 0;
511*c846684cSToomas Soome rv = CRYPTO_SUCCESS;
5127c478bd9Sstevel@tonic-gate if (copyin(arg, &dev_disabled, sizeof (dev_disabled)) != 0) {
5137c478bd9Sstevel@tonic-gate error = EFAULT;
5147c478bd9Sstevel@tonic-gate goto out2;
5157c478bd9Sstevel@tonic-gate }
5167c478bd9Sstevel@tonic-gate
5177c478bd9Sstevel@tonic-gate dev_name = dev_disabled.dd_dev_name;
5187c478bd9Sstevel@tonic-gate /* make sure the device name is null terminated */
5197c478bd9Sstevel@tonic-gate if (!null_terminated(dev_name)) {
5207c478bd9Sstevel@tonic-gate rv = CRYPTO_ARGUMENTS_BAD;
5217c478bd9Sstevel@tonic-gate goto out;
5227c478bd9Sstevel@tonic-gate }
5237c478bd9Sstevel@tonic-gate
5247c478bd9Sstevel@tonic-gate count = dev_disabled.dd_count;
5257c478bd9Sstevel@tonic-gate instance = dev_disabled.dd_dev_instance;
5267c478bd9Sstevel@tonic-gate if (count == 0) {
5277c478bd9Sstevel@tonic-gate /* remove the entry */
5287c478bd9Sstevel@tonic-gate if (crypto_load_dev_disabled(dev_name, instance, 0, NULL) != 0)
5297c478bd9Sstevel@tonic-gate rv = CRYPTO_FAILED;
5307c478bd9Sstevel@tonic-gate else
5317c478bd9Sstevel@tonic-gate rv = CRYPTO_SUCCESS;
5327c478bd9Sstevel@tonic-gate goto out;
5337c478bd9Sstevel@tonic-gate }
5347c478bd9Sstevel@tonic-gate
5357c478bd9Sstevel@tonic-gate if (count > KCF_MAXMECHS) {
5367c478bd9Sstevel@tonic-gate rv = CRYPTO_ARGUMENTS_BAD;
5377c478bd9Sstevel@tonic-gate goto out;
5387c478bd9Sstevel@tonic-gate }
5397c478bd9Sstevel@tonic-gate
5407c478bd9Sstevel@tonic-gate size = count * sizeof (crypto_mech_name_t);
5417c478bd9Sstevel@tonic-gate entries = kmem_alloc(size, KM_SLEEP);
5427c478bd9Sstevel@tonic-gate
5437c478bd9Sstevel@tonic-gate offset = offsetof(crypto_load_dev_disabled_t, dd_list);
5447c478bd9Sstevel@tonic-gate if (copyin(arg + offset, entries, size) != 0) {
5457c478bd9Sstevel@tonic-gate kmem_free(entries, size);
5467c478bd9Sstevel@tonic-gate error = EFAULT;
5477c478bd9Sstevel@tonic-gate goto out2;
5487c478bd9Sstevel@tonic-gate }
5497c478bd9Sstevel@tonic-gate
5507c478bd9Sstevel@tonic-gate /* 'entries' consumed (but not freed) by crypto_load_dev_disabled() */
5517c478bd9Sstevel@tonic-gate if (crypto_load_dev_disabled(dev_name, instance, count, entries) != 0) {
5527c478bd9Sstevel@tonic-gate kmem_free(entries, size);
5537c478bd9Sstevel@tonic-gate rv = CRYPTO_FAILED;
5547c478bd9Sstevel@tonic-gate goto out;
5557c478bd9Sstevel@tonic-gate }
5567c478bd9Sstevel@tonic-gate rv = CRYPTO_SUCCESS;
5577c478bd9Sstevel@tonic-gate out:
5587c478bd9Sstevel@tonic-gate dev_disabled.dd_return_value = rv;
5597c478bd9Sstevel@tonic-gate
5607c478bd9Sstevel@tonic-gate if (copyout(&dev_disabled, arg, sizeof (dev_disabled)) != 0) {
5617c478bd9Sstevel@tonic-gate error = EFAULT;
5627c478bd9Sstevel@tonic-gate }
5637c478bd9Sstevel@tonic-gate out2:
564005d3febSMarek Pospisil if (AU_AUDITING())
5657c478bd9Sstevel@tonic-gate audit_cryptoadm(CRYPTO_LOAD_DEV_DISABLED, dev_name, entries,
5667c478bd9Sstevel@tonic-gate count, instance, rv, error);
5677c478bd9Sstevel@tonic-gate return (error);
5687c478bd9Sstevel@tonic-gate }
5697c478bd9Sstevel@tonic-gate
5707c478bd9Sstevel@tonic-gate /*
5717c478bd9Sstevel@tonic-gate * This ioctl disables mechanisms supported by the specified
5727c478bd9Sstevel@tonic-gate * cryptographic module.
5737c478bd9Sstevel@tonic-gate */
5747c478bd9Sstevel@tonic-gate /* ARGSUSED */
5757c478bd9Sstevel@tonic-gate static int
load_soft_disabled(dev_t dev,caddr_t arg,int mode,int * rval)5767c478bd9Sstevel@tonic-gate load_soft_disabled(dev_t dev, caddr_t arg, int mode, int *rval)
5777c478bd9Sstevel@tonic-gate {
5787c478bd9Sstevel@tonic-gate crypto_load_soft_disabled_t soft_disabled;
5797c478bd9Sstevel@tonic-gate crypto_mech_name_t *entries;
5807c478bd9Sstevel@tonic-gate size_t size;
5817c478bd9Sstevel@tonic-gate uint_t count;
5827c478bd9Sstevel@tonic-gate ulong_t offset;
5837c478bd9Sstevel@tonic-gate char *name;
5847c478bd9Sstevel@tonic-gate uint32_t rv;
5857c478bd9Sstevel@tonic-gate int error = 0;
5867c478bd9Sstevel@tonic-gate
587*c846684cSToomas Soome entries = NULL;
588*c846684cSToomas Soome count = 0;
589*c846684cSToomas Soome rv = CRYPTO_SUCCESS;
5907c478bd9Sstevel@tonic-gate if (copyin(arg, &soft_disabled, sizeof (soft_disabled)) != 0) {
5917c478bd9Sstevel@tonic-gate error = EFAULT;
5927c478bd9Sstevel@tonic-gate goto out2;
5937c478bd9Sstevel@tonic-gate }
5947c478bd9Sstevel@tonic-gate
5957c478bd9Sstevel@tonic-gate name = soft_disabled.sd_name;
5967c478bd9Sstevel@tonic-gate /* make sure the name is null terminated */
5977c478bd9Sstevel@tonic-gate if (!null_terminated(name)) {
5987c478bd9Sstevel@tonic-gate soft_disabled.sd_return_value = CRYPTO_ARGUMENTS_BAD;
5997c478bd9Sstevel@tonic-gate if (copyout(&soft_disabled, arg, sizeof (soft_disabled)) != 0) {
6007c478bd9Sstevel@tonic-gate return (EFAULT);
6017c478bd9Sstevel@tonic-gate }
6027c478bd9Sstevel@tonic-gate return (0);
6037c478bd9Sstevel@tonic-gate }
6047c478bd9Sstevel@tonic-gate
6057c478bd9Sstevel@tonic-gate count = soft_disabled.sd_count;
6067c478bd9Sstevel@tonic-gate if (count == 0) {
6077c478bd9Sstevel@tonic-gate /* remove the entry */
6087c478bd9Sstevel@tonic-gate if (crypto_load_soft_disabled(name, 0, NULL) != 0) {
6097c478bd9Sstevel@tonic-gate rv = CRYPTO_FAILED;
6107c478bd9Sstevel@tonic-gate } else {
6117c478bd9Sstevel@tonic-gate rv = CRYPTO_SUCCESS;
6127c478bd9Sstevel@tonic-gate }
6137c478bd9Sstevel@tonic-gate goto out;
6147c478bd9Sstevel@tonic-gate }
6157c478bd9Sstevel@tonic-gate
6167c478bd9Sstevel@tonic-gate if (count > KCF_MAXMECHS) {
6177c478bd9Sstevel@tonic-gate rv = CRYPTO_ARGUMENTS_BAD;
6187c478bd9Sstevel@tonic-gate goto out;
6197c478bd9Sstevel@tonic-gate }
6207c478bd9Sstevel@tonic-gate
6217c478bd9Sstevel@tonic-gate size = count * sizeof (crypto_mech_name_t);
6227c478bd9Sstevel@tonic-gate entries = kmem_alloc(size, KM_SLEEP);
6237c478bd9Sstevel@tonic-gate
6247c478bd9Sstevel@tonic-gate offset = offsetof(crypto_load_soft_disabled_t, sd_list);
6257c478bd9Sstevel@tonic-gate if (copyin(arg + offset, entries, size) != 0) {
6267c478bd9Sstevel@tonic-gate kmem_free(entries, size);
6277c478bd9Sstevel@tonic-gate error = EFAULT;
6287c478bd9Sstevel@tonic-gate goto out2;
6297c478bd9Sstevel@tonic-gate }
6307c478bd9Sstevel@tonic-gate
6317c478bd9Sstevel@tonic-gate /* 'entries' is consumed by crypto_load_soft_disabled() */
6327c478bd9Sstevel@tonic-gate if (crypto_load_soft_disabled(name, count, entries) != 0) {
6337c478bd9Sstevel@tonic-gate kmem_free(entries, size);
6347c478bd9Sstevel@tonic-gate rv = CRYPTO_FAILED;
6357c478bd9Sstevel@tonic-gate goto out;
6367c478bd9Sstevel@tonic-gate }
6377c478bd9Sstevel@tonic-gate rv = CRYPTO_SUCCESS;
6387c478bd9Sstevel@tonic-gate out:
6397c478bd9Sstevel@tonic-gate soft_disabled.sd_return_value = rv;
6407c478bd9Sstevel@tonic-gate
6417c478bd9Sstevel@tonic-gate if (copyout(&soft_disabled, arg, sizeof (soft_disabled)) != 0) {
6427c478bd9Sstevel@tonic-gate error = EFAULT;
6437c478bd9Sstevel@tonic-gate }
6447c478bd9Sstevel@tonic-gate out2:
645005d3febSMarek Pospisil if (AU_AUDITING())
6467c478bd9Sstevel@tonic-gate audit_cryptoadm(CRYPTO_LOAD_SOFT_DISABLED, name, entries,
6477c478bd9Sstevel@tonic-gate count, 0, rv, error);
6487c478bd9Sstevel@tonic-gate return (error);
6497c478bd9Sstevel@tonic-gate }
6507c478bd9Sstevel@tonic-gate
6517c478bd9Sstevel@tonic-gate /*
6527c478bd9Sstevel@tonic-gate * This ioctl loads the supported mechanisms of the specfied cryptographic
6537c478bd9Sstevel@tonic-gate * module. This is so, at boot time, all software providers do not
6547c478bd9Sstevel@tonic-gate * have to be opened in order to cause them to register their
6557c478bd9Sstevel@tonic-gate * supported mechanisms.
6567c478bd9Sstevel@tonic-gate */
6577c478bd9Sstevel@tonic-gate /* ARGSUSED */
6587c478bd9Sstevel@tonic-gate static int
load_soft_config(dev_t dev,caddr_t arg,int mode,int * rval)6597c478bd9Sstevel@tonic-gate load_soft_config(dev_t dev, caddr_t arg, int mode, int *rval)
6607c478bd9Sstevel@tonic-gate {
6617c478bd9Sstevel@tonic-gate crypto_load_soft_config_t soft_config;
6627c478bd9Sstevel@tonic-gate crypto_mech_name_t *entries;
6637c478bd9Sstevel@tonic-gate size_t size;
6647c478bd9Sstevel@tonic-gate uint_t count;
6657c478bd9Sstevel@tonic-gate ulong_t offset;
6667c478bd9Sstevel@tonic-gate char *name;
6677c478bd9Sstevel@tonic-gate uint32_t rv;
6687c478bd9Sstevel@tonic-gate int error = 0;
6697c478bd9Sstevel@tonic-gate
670*c846684cSToomas Soome entries = NULL;
671*c846684cSToomas Soome count = 0;
672*c846684cSToomas Soome rv = CRYPTO_SUCCESS;
6737c478bd9Sstevel@tonic-gate if (copyin(arg, &soft_config, sizeof (soft_config)) != 0) {
6747c478bd9Sstevel@tonic-gate error = EFAULT;
6757c478bd9Sstevel@tonic-gate goto out2;
6767c478bd9Sstevel@tonic-gate }
6777c478bd9Sstevel@tonic-gate
6787c478bd9Sstevel@tonic-gate name = soft_config.sc_name;
6797c478bd9Sstevel@tonic-gate /* make sure the name is null terminated */
6807c478bd9Sstevel@tonic-gate if (!null_terminated(name)) {
6817c478bd9Sstevel@tonic-gate soft_config.sc_return_value = CRYPTO_ARGUMENTS_BAD;
6827c478bd9Sstevel@tonic-gate if (copyout(&soft_config, arg, sizeof (soft_config)) != 0) {
6837c478bd9Sstevel@tonic-gate return (EFAULT);
6847c478bd9Sstevel@tonic-gate }
6857c478bd9Sstevel@tonic-gate return (0);
6867c478bd9Sstevel@tonic-gate }
6877c478bd9Sstevel@tonic-gate
6887c478bd9Sstevel@tonic-gate count = soft_config.sc_count;
6897c478bd9Sstevel@tonic-gate if (count == 0) {
6907c478bd9Sstevel@tonic-gate if (crypto_load_soft_config(name, 0, NULL) != 0) {
6917c478bd9Sstevel@tonic-gate rv = CRYPTO_FAILED;
6927c478bd9Sstevel@tonic-gate } else {
6937c478bd9Sstevel@tonic-gate rv = CRYPTO_SUCCESS;
6947c478bd9Sstevel@tonic-gate }
6957c478bd9Sstevel@tonic-gate goto out;
6967c478bd9Sstevel@tonic-gate }
6977c478bd9Sstevel@tonic-gate
6987c478bd9Sstevel@tonic-gate if (count > KCF_MAXMECHS) {
6997c478bd9Sstevel@tonic-gate rv = CRYPTO_ARGUMENTS_BAD;
7007c478bd9Sstevel@tonic-gate goto out;
7017c478bd9Sstevel@tonic-gate }
7027c478bd9Sstevel@tonic-gate
7037c478bd9Sstevel@tonic-gate size = count * sizeof (crypto_mech_name_t);
7047c478bd9Sstevel@tonic-gate entries = kmem_alloc(size, KM_SLEEP);
7057c478bd9Sstevel@tonic-gate
7067c478bd9Sstevel@tonic-gate offset = offsetof(crypto_load_soft_config_t, sc_list);
7077c478bd9Sstevel@tonic-gate if (copyin(arg + offset, entries, size) != 0) {
7087c478bd9Sstevel@tonic-gate kmem_free(entries, size);
7097c478bd9Sstevel@tonic-gate error = EFAULT;
7107c478bd9Sstevel@tonic-gate goto out2;
7117c478bd9Sstevel@tonic-gate }
7127c478bd9Sstevel@tonic-gate
7137c478bd9Sstevel@tonic-gate /*
7147c478bd9Sstevel@tonic-gate * 'entries' is consumed (but not freed) by
7157c478bd9Sstevel@tonic-gate * crypto_load_soft_config()
7167c478bd9Sstevel@tonic-gate */
7177c478bd9Sstevel@tonic-gate if (crypto_load_soft_config(name, count, entries) != 0) {
7187c478bd9Sstevel@tonic-gate kmem_free(entries, size);
7197c478bd9Sstevel@tonic-gate rv = CRYPTO_FAILED;
7207c478bd9Sstevel@tonic-gate goto out;
7217c478bd9Sstevel@tonic-gate }
7227c478bd9Sstevel@tonic-gate rv = CRYPTO_SUCCESS;
7237c478bd9Sstevel@tonic-gate out:
7247c478bd9Sstevel@tonic-gate soft_config.sc_return_value = rv;
7257c478bd9Sstevel@tonic-gate
7267c478bd9Sstevel@tonic-gate if (copyout(&soft_config, arg, sizeof (soft_config)) != 0) {
7277c478bd9Sstevel@tonic-gate error = EFAULT;
7287c478bd9Sstevel@tonic-gate }
7297c478bd9Sstevel@tonic-gate out2:
730005d3febSMarek Pospisil if (AU_AUDITING())
7317c478bd9Sstevel@tonic-gate audit_cryptoadm(CRYPTO_LOAD_SOFT_CONFIG, name, entries, count,
7327c478bd9Sstevel@tonic-gate 0, rv, error);
7337c478bd9Sstevel@tonic-gate return (error);
7347c478bd9Sstevel@tonic-gate }
7357c478bd9Sstevel@tonic-gate
7367c478bd9Sstevel@tonic-gate /*
7377c478bd9Sstevel@tonic-gate * This ioctl unloads the specfied cryptographic module and removes
7387c478bd9Sstevel@tonic-gate * its table of supported mechanisms.
7397c478bd9Sstevel@tonic-gate */
7407c478bd9Sstevel@tonic-gate /* ARGSUSED */
7417c478bd9Sstevel@tonic-gate static int
unload_soft_module(dev_t dev,caddr_t arg,int mode,int * rval)7427c478bd9Sstevel@tonic-gate unload_soft_module(dev_t dev, caddr_t arg, int mode, int *rval)
7437c478bd9Sstevel@tonic-gate {
7447c478bd9Sstevel@tonic-gate crypto_unload_soft_module_t unload_soft_module;
7457c478bd9Sstevel@tonic-gate char *name;
7467c478bd9Sstevel@tonic-gate uint32_t rv;
7477c478bd9Sstevel@tonic-gate int error = 0;
7487c478bd9Sstevel@tonic-gate
749*c846684cSToomas Soome rv = CRYPTO_SUCCESS;
7507c478bd9Sstevel@tonic-gate if (copyin(arg, &unload_soft_module,
7517c478bd9Sstevel@tonic-gate sizeof (unload_soft_module)) != 0) {
7527c478bd9Sstevel@tonic-gate error = EFAULT;
7537c478bd9Sstevel@tonic-gate goto out2;
7547c478bd9Sstevel@tonic-gate }
7557c478bd9Sstevel@tonic-gate
7567c478bd9Sstevel@tonic-gate name = unload_soft_module.sm_name;
7577c478bd9Sstevel@tonic-gate /* make sure the name is null terminated */
7587c478bd9Sstevel@tonic-gate if (!null_terminated(name)) {
7597c478bd9Sstevel@tonic-gate unload_soft_module.sm_return_value = CRYPTO_ARGUMENTS_BAD;
7607c478bd9Sstevel@tonic-gate if (copyout(&unload_soft_module, arg,
7617c478bd9Sstevel@tonic-gate sizeof (unload_soft_module)) != 0) {
7627c478bd9Sstevel@tonic-gate return (EFAULT);
7637c478bd9Sstevel@tonic-gate }
7647c478bd9Sstevel@tonic-gate return (0);
7657c478bd9Sstevel@tonic-gate }
7667c478bd9Sstevel@tonic-gate
7677c478bd9Sstevel@tonic-gate rv = crypto_unload_soft_module(name);
7687c478bd9Sstevel@tonic-gate out:
7697c478bd9Sstevel@tonic-gate unload_soft_module.sm_return_value = rv;
7707c478bd9Sstevel@tonic-gate
7717c478bd9Sstevel@tonic-gate if (copyout(&unload_soft_module, arg,
7727c478bd9Sstevel@tonic-gate sizeof (unload_soft_module)) != 0) {
7737c478bd9Sstevel@tonic-gate error = EFAULT;
7747c478bd9Sstevel@tonic-gate }
7757c478bd9Sstevel@tonic-gate out2:
776005d3febSMarek Pospisil if (AU_AUDITING())
7777c478bd9Sstevel@tonic-gate audit_cryptoadm(CRYPTO_UNLOAD_SOFT_MODULE, name, NULL, 0, 0,
7787c478bd9Sstevel@tonic-gate rv, error);
7797c478bd9Sstevel@tonic-gate
7807c478bd9Sstevel@tonic-gate return (error);
7817c478bd9Sstevel@tonic-gate }
7827c478bd9Sstevel@tonic-gate
7837c478bd9Sstevel@tonic-gate static int
cryptoadm_ioctl(dev_t dev,int cmd,intptr_t arg,int mode,cred_t * c,int * rval)7847c478bd9Sstevel@tonic-gate cryptoadm_ioctl(dev_t dev, int cmd, intptr_t arg, int mode, cred_t *c,
7857c478bd9Sstevel@tonic-gate int *rval)
7867c478bd9Sstevel@tonic-gate {
7877c478bd9Sstevel@tonic-gate int error;
7887c478bd9Sstevel@tonic-gate #define ARG ((caddr_t)arg)
7897c478bd9Sstevel@tonic-gate
7907c478bd9Sstevel@tonic-gate switch (cmd) {
7917c478bd9Sstevel@tonic-gate case CRYPTO_LOAD_DEV_DISABLED:
7927c478bd9Sstevel@tonic-gate case CRYPTO_LOAD_SOFT_DISABLED:
7937c478bd9Sstevel@tonic-gate case CRYPTO_LOAD_SOFT_CONFIG:
7947c478bd9Sstevel@tonic-gate case CRYPTO_UNLOAD_SOFT_MODULE:
7957c478bd9Sstevel@tonic-gate case CRYPTO_LOAD_DOOR:
796b5a2d845SHai-May Chao case CRYPTO_FIPS140_SET:
7977c478bd9Sstevel@tonic-gate if ((error = drv_priv(c)) != 0)
7987c478bd9Sstevel@tonic-gate return (error);
7997c478bd9Sstevel@tonic-gate default:
8007c478bd9Sstevel@tonic-gate break;
8017c478bd9Sstevel@tonic-gate }
8027c478bd9Sstevel@tonic-gate
8037c478bd9Sstevel@tonic-gate switch (cmd) {
8047c478bd9Sstevel@tonic-gate case CRYPTO_GET_DEV_LIST:
8057c478bd9Sstevel@tonic-gate return (get_dev_list(dev, ARG, mode, rval));
8067c478bd9Sstevel@tonic-gate
8077c478bd9Sstevel@tonic-gate case CRYPTO_GET_DEV_INFO:
8087c478bd9Sstevel@tonic-gate return (get_dev_info(dev, ARG, mode, rval));
8097c478bd9Sstevel@tonic-gate
8107c478bd9Sstevel@tonic-gate case CRYPTO_GET_SOFT_LIST:
8117c478bd9Sstevel@tonic-gate return (get_soft_list(dev, ARG, mode, rval));
8127c478bd9Sstevel@tonic-gate
8137c478bd9Sstevel@tonic-gate case CRYPTO_GET_SOFT_INFO:
8147c478bd9Sstevel@tonic-gate return (get_soft_info(dev, ARG, mode, rval));
8157c478bd9Sstevel@tonic-gate
8167c478bd9Sstevel@tonic-gate case CRYPTO_LOAD_DEV_DISABLED:
8177c478bd9Sstevel@tonic-gate return (load_dev_disabled(dev, ARG, mode, rval));
8187c478bd9Sstevel@tonic-gate
8197c478bd9Sstevel@tonic-gate case CRYPTO_LOAD_SOFT_DISABLED:
8207c478bd9Sstevel@tonic-gate return (load_soft_disabled(dev, ARG, mode, rval));
8217c478bd9Sstevel@tonic-gate
8227c478bd9Sstevel@tonic-gate case CRYPTO_LOAD_SOFT_CONFIG:
8237c478bd9Sstevel@tonic-gate return (load_soft_config(dev, ARG, mode, rval));
8247c478bd9Sstevel@tonic-gate
8257c478bd9Sstevel@tonic-gate case CRYPTO_UNLOAD_SOFT_MODULE:
8267c478bd9Sstevel@tonic-gate return (unload_soft_module(dev, ARG, mode, rval));
827b5a2d845SHai-May Chao }
828b5a2d845SHai-May Chao
8297c478bd9Sstevel@tonic-gate return (EINVAL);
8307c478bd9Sstevel@tonic-gate }
831