xref: /linux/crypto/fips.c (revision a703a4c2a3280835003d4d0eb8845bac0f1a6ef1) 
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * FIPS 200 support.
4  *
5  * Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com>
6  */
7 
8 #include <linux/export.h>
9 #include <linux/fips.h>
10 #include <linux/init.h>
11 #include <linux/module.h>
12 #include <linux/kernel.h>
13 #include <linux/sysctl.h>
14 #include <linux/notifier.h>
15 #include <linux/string_choices.h>
16 #include <generated/utsrelease.h>
17 
18 int fips_enabled;
19 EXPORT_SYMBOL_GPL(fips_enabled);
20 
21 ATOMIC_NOTIFIER_HEAD(fips_fail_notif_chain);
22 EXPORT_SYMBOL_GPL(fips_fail_notif_chain);
23 
24 /* Process kernel command-line parameter at boot time. fips=0 or fips=1 */
25 static int fips_enable(char *str)
26 {
27 	if (kstrtoint(str, 0, &fips_enabled))
28 		return 0;
29 
30 	fips_enabled = !!fips_enabled;
31 	pr_info("fips mode: %s\n", str_enabled_disabled(fips_enabled));
32 	return 1;
33 }
34 
35 __setup("fips=", fips_enable);
36 
37 #define FIPS_MODULE_NAME CONFIG_CRYPTO_FIPS_NAME
38 #ifdef CONFIG_CRYPTO_FIPS_CUSTOM_VERSION
39 #define FIPS_MODULE_VERSION CONFIG_CRYPTO_FIPS_VERSION
40 #else
41 #define FIPS_MODULE_VERSION UTS_RELEASE
42 #endif
43 
44 static char fips_name[] = FIPS_MODULE_NAME;
45 static char fips_version[] = FIPS_MODULE_VERSION;
46 
47 static const struct ctl_table crypto_sysctl_table[] = {
48 	{
49 		.procname	= "fips_enabled",
50 		.data		= &fips_enabled,
51 		.maxlen		= sizeof(int),
52 		.mode		= 0444,
53 		.proc_handler	= proc_dointvec
54 	},
55 	{
56 		.procname	= "fips_name",
57 		.data		= &fips_name,
58 		.maxlen		= 64,
59 		.mode		= 0444,
60 		.proc_handler	= proc_dostring
61 	},
62 	{
63 		.procname	= "fips_version",
64 		.data		= &fips_version,
65 		.maxlen		= 64,
66 		.mode		= 0444,
67 		.proc_handler	= proc_dostring
68 	},
69 };
70 
71 static struct ctl_table_header *crypto_sysctls;
72 
73 static void crypto_proc_fips_init(void)
74 {
75 	crypto_sysctls = register_sysctl("crypto", crypto_sysctl_table);
76 }
77 
78 static void crypto_proc_fips_exit(void)
79 {
80 	unregister_sysctl_table(crypto_sysctls);
81 }
82 
83 void fips_fail_notify(void)
84 {
85 	if (fips_enabled)
86 		atomic_notifier_call_chain(&fips_fail_notif_chain, 0, NULL);
87 }
88 EXPORT_SYMBOL_GPL(fips_fail_notify);
89 
90 static int __init fips_init(void)
91 {
92 	crypto_proc_fips_init();
93 	return 0;
94 }
95 
96 static void __exit fips_exit(void)
97 {
98 	crypto_proc_fips_exit();
99 }
100 
101 module_init(fips_init);
102 module_exit(fips_exit);
103