xref: /titanic_41/usr/src/uts/common/inet/kssl/kssl.c (revision 4c0312813f96388b6ce9453c99f2db7d6a393bd4)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30  * The system call and DDI interface for the kernel SSL module
31  */
32 
33 #include <sys/types.h>
34 #include <sys/modctl.h>
35 #include <sys/conf.h>
36 #include <sys/stat.h>
37 #include <sys/ddi.h>
38 #include <sys/sunddi.h>
39 #include <sys/kmem.h>
40 #include <sys/errno.h>
41 #include <sys/ksynch.h>
42 #include <sys/file.h>
43 #include <sys/open.h>
44 #include <sys/cred.h>
45 #include <sys/proc.h>
46 #include <sys/task.h>
47 #include <sys/mkdev.h>
48 #include <sys/model.h>
49 #include <sys/sysmacros.h>
50 #include <sys/policy.h>
51 #include <sys/crypto/common.h>
52 #include <sys/crypto/api.h>
53 #include <c2/audit.h>
54 #include <sys/kstat.h>
55 
56 #include "kssl.h"
57 #include "ksslimpl.h"
58 
59 /*
60  * DDI entry points.
61  */
62 static int kssl_attach(dev_info_t *, ddi_attach_cmd_t);
63 static int kssl_detach(dev_info_t *, ddi_detach_cmd_t);
64 static int kssl_getinfo(dev_info_t *, ddi_info_cmd_t, void *, void **);
65 static int kssl_open(dev_t *, int, int, cred_t *);
66 static int kssl_close(dev_t, int, int, cred_t *);
67 static int kssl_ioctl(dev_t, int, intptr_t, int, cred_t *, int *);
68 
69 static int kssl_constructor(void *buf, void *arg, int kmflags);
70 static void kssl_destructor(void *buf, void *arg);
71 
72 /*
73  * Module linkage.
74  */
75 static struct cb_ops cbops = {
76 	kssl_open,		/* cb_open */
77 	kssl_close,		/* cb_close */
78 	nodev,			/* cb_strategy */
79 	nodev,			/* cb_print */
80 	nodev,			/* cb_dump */
81 	nodev,			/* cb_read */
82 	nodev,			/* cb_write */
83 	kssl_ioctl,		/* cb_ioctl */
84 	nodev,			/* cb_devmap */
85 	nodev,			/* cb_mmap */
86 	nodev,			/* cb_segmap */
87 	nochpoll,		/* cb_chpoll */
88 	ddi_prop_op,		/* cb_prop_op */
89 	NULL,			/* cb_streamtab */
90 	D_MP,			/* cb_flag */
91 	CB_REV,			/* cb_rev */
92 	nodev,			/* cb_aread */
93 	nodev,			/* cb_awrite */
94 };
95 
96 static struct dev_ops devops = {
97 	DEVO_REV,		/* devo_rev */
98 	0,			/* devo_refcnt */
99 	kssl_getinfo,		/* devo_getinfo */
100 	nulldev,		/* devo_identify */
101 	nulldev,		/* devo_probe */
102 	kssl_attach,		/* devo_attach */
103 	kssl_detach,		/* devo_detach */
104 	nodev,			/* devo_reset */
105 	&cbops,			/* devo_cb_ops */
106 	NULL,			/* devo_bus_ops */
107 	NULL,			/* devo_power */
108 };
109 
110 static struct modldrv modldrv = {
111 	&mod_driverops,			/* drv_modops */
112 	"Kernel SSL Interface v%I%",	/* drv_linkinfo */
113 	&devops,
114 };
115 
116 static struct modlinkage modlinkage = {
117 	MODREV_1,		/* ml_rev */
118 	&modldrv,		/* ml_linkage */
119 	NULL
120 };
121 
122 static dev_info_t *kssl_dip = NULL;
123 
124 crypto_mechanism_t rsa_x509_mech = {CRYPTO_MECH_INVALID, NULL, 0};
125 crypto_mechanism_t hmac_md5_mech = {CRYPTO_MECH_INVALID, NULL, 0};
126 crypto_mechanism_t hmac_sha1_mech = {CRYPTO_MECH_INVALID, NULL, 0};
127 crypto_call_flag_t kssl_call_flag = CRYPTO_ALWAYS_QUEUE;
128 
129 KSSLCipherDef cipher_defs[] = { /* indexed by SSL3BulkCipher */
130 	/* type bsize keysz crypto_mech_type_t */
131 
132 	{type_stream, 0, 0, CRYPTO_MECH_INVALID},
133 
134 	/* mech_type to be initialized with CKM_RC4's */
135 	{type_stream, 0, 16, CRYPTO_MECH_INVALID},
136 
137 	/* mech_type to be initialized with CKM_DES_CBC's */
138 	{type_block, 8, 8, CRYPTO_MECH_INVALID},
139 
140 	/* mech_type to be initialized with CKM_DES3_CBC's */
141 	{type_block, 8, 24, CRYPTO_MECH_INVALID},
142 };
143 
144 int kssl_enabled = 1;
145 struct kmem_cache *kssl_cache;
146 
147 static void kssl_global_init();
148 static void kssl_init_mechs();
149 static void kssl_event_callback(uint32_t, void *);
150 
151 /*
152  * DDI entry points.
153  */
154 int
155 _init(void)
156 {
157 	return (mod_install(&modlinkage));
158 }
159 
160 int
161 _info(struct modinfo *modinfop)
162 {
163 	return (mod_info(&modlinkage, modinfop));
164 }
165 
166 /* ARGSUSED */
167 static int
168 kssl_getinfo(dev_info_t *dip, ddi_info_cmd_t cmd, void *arg, void **result)
169 {
170 	switch (cmd) {
171 	case DDI_INFO_DEVT2DEVINFO:
172 		*result = kssl_dip;
173 		return (DDI_SUCCESS);
174 
175 	case DDI_INFO_DEVT2INSTANCE:
176 		*result = (void *)0;
177 		return (DDI_SUCCESS);
178 	}
179 	return (DDI_FAILURE);
180 }
181 
182 static int
183 kssl_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
184 {
185 	if (cmd != DDI_ATTACH) {
186 		return (DDI_FAILURE);
187 	}
188 
189 	if (ddi_get_instance(dip) != 0) {
190 		/* we only allow instance 0 to attach */
191 		return (DDI_FAILURE);
192 	}
193 
194 	/* create the minor node */
195 	if (ddi_create_minor_node(dip, "kssl", S_IFCHR, 0, DDI_PSEUDO, 0) !=
196 	    DDI_SUCCESS) {
197 		cmn_err(CE_WARN, "kssl_attach: failed creating minor node");
198 		ddi_remove_minor_node(dip, NULL);
199 		return (DDI_FAILURE);
200 	}
201 
202 	kssl_dip = dip;
203 
204 	kssl_global_init();
205 
206 	return (DDI_SUCCESS);
207 }
208 
209 static kstat_t *kssl_ksp = NULL;
210 
211 static int
212 kssl_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
213 {
214 	if (cmd != DDI_DETACH)
215 		return (DDI_FAILURE);
216 
217 	if (kssl_entry_tab_nentries != 0 || kssl_cache_count != 0)
218 		return (DDI_FAILURE);
219 
220 	mutex_destroy(&kssl_tab_mutex);
221 	kssl_dip = NULL;
222 
223 	if (kssl_cache != NULL) {
224 		kmem_cache_destroy(kssl_cache);
225 		kssl_cache = NULL;
226 	}
227 
228 	if (kssl_ksp != NULL) {
229 		kstat_delete(kssl_ksp);
230 		kssl_ksp = NULL;
231 	}
232 
233 	ddi_remove_minor_node(dip, NULL);
234 
235 	return (DDI_SUCCESS);
236 }
237 
238 static crypto_notify_handle_t prov_update_handle = NULL;
239 
240 /* ARGSUSED */
241 static int
242 kssl_open(dev_t *devp, int flag, int otyp, cred_t *credp)
243 {
244 	if (otyp != OTYP_CHR)
245 		return (ENXIO);
246 
247 	if (kssl_dip == NULL)
248 		return (ENXIO);
249 
250 	/* first time here? initialize everything */
251 	if (rsa_x509_mech.cm_type == CRYPTO_MECH_INVALID) {
252 		kssl_init_mechs();
253 		prov_update_handle = crypto_notify_events(
254 		    kssl_event_callback, CRYPTO_EVENT_PROVIDERS_CHANGE);
255 	}
256 
257 	/* exclusive opens are not supported */
258 	if (flag & FEXCL)
259 		return (ENOTSUP);
260 
261 	return (0);
262 }
263 
264 /* ARGSUSED */
265 static int
266 kssl_close(dev_t dev, int flag, int otyp, cred_t *credp)
267 {
268 	return (0);
269 }
270 
271 #define	KSSL_MAX_KEYANDCERTS	80000	/* max 64K plus a little margin */
272 
273 /* ARGSUSED */
274 static int
275 kssl_ioctl(dev_t dev, int cmd, intptr_t arg, int mode, cred_t *c,
276     int *rval)
277 {
278 	int error = EINVAL;
279 
280 #define	ARG	((caddr_t)arg)
281 
282 	if (secpolicy_net_config(c, B_FALSE) != 0) {
283 		return (EPERM);
284 	}
285 
286 	switch (cmd) {
287 	case KSSL_ADD_ENTRY: {
288 		kssl_params_t kssl_params_s, *kssl_params = &kssl_params_s;
289 		uint64_t len;
290 
291 		if (copyin(ARG, kssl_params, sizeof (kssl_params_s)) != 0) {
292 			return (EFAULT);
293 		}
294 
295 		len = kssl_params->kssl_params_size;
296 		if (len < sizeof (kssl_params_t) ||
297 		    len > KSSL_MAX_KEYANDCERTS) {
298 			return (EINVAL);
299 		}
300 
301 		kssl_params = kmem_alloc(len, KM_SLEEP);
302 
303 		/* Get the whole structure and parameters in one move */
304 		if (copyin(ARG, kssl_params, len) != 0) {
305 			kmem_free(kssl_params, len);
306 			return (EFAULT);
307 		}
308 		error = kssl_add_entry(kssl_params);
309 #ifdef C2_AUDIT
310 	if (audit_active)
311 		audit_kssl(KSSL_ADD_ENTRY, kssl_params, error);
312 #endif
313 		kmem_free(kssl_params, len);
314 		break;
315 	}
316 	case KSSL_DELETE_ENTRY: {
317 		struct sockaddr_in server_addr;
318 
319 		if (copyin(ARG, &server_addr, sizeof (server_addr)) != 0) {
320 			return (EFAULT);
321 		}
322 
323 		error = kssl_delete_entry(&server_addr);
324 #ifdef C2_AUDIT
325 	if (audit_active)
326 		audit_kssl(KSSL_DELETE_ENTRY, &server_addr, error);
327 #endif
328 		break;
329 	}
330 	}
331 
332 	return (error);
333 }
334 
335 #define	NUM_MECHS	6
336 mech_to_cipher_t mech_to_cipher_tab[NUM_MECHS] = {
337 	{CRYPTO_MECH_INVALID, SUN_CKM_RSA_X_509,
338 	    {SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
339 	    SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
340 	    SSL_RSA_WITH_NULL_SHA}},
341 	{CRYPTO_MECH_INVALID, SUN_CKM_MD5_HMAC, {SSL_RSA_WITH_RC4_128_MD5}},
342 	{CRYPTO_MECH_INVALID, SUN_CKM_SHA1_HMAC,
343 	    {SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA,
344 	    SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_NULL_SHA}},
345 	{CRYPTO_MECH_INVALID, SUN_CKM_RC4,
346 	    {SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA}},
347 	{CRYPTO_MECH_INVALID, SUN_CKM_DES_CBC, {SSL_RSA_WITH_DES_CBC_SHA}},
348 	{CRYPTO_MECH_INVALID, SUN_CKM_DES3_CBC,
349 	    {SSL_RSA_WITH_3DES_EDE_CBC_SHA}}
350 };
351 
352 static void
353 kssl_init_mechs()
354 {
355 	mech_to_cipher_tab[0].mech = rsa_x509_mech.cm_type =
356 	    crypto_mech2id(SUN_CKM_RSA_X_509);
357 	mech_to_cipher_tab[1].mech = hmac_md5_mech.cm_type =
358 	    crypto_mech2id(SUN_CKM_MD5_HMAC);
359 	mech_to_cipher_tab[2].mech = hmac_sha1_mech.cm_type =
360 	    crypto_mech2id(SUN_CKM_SHA1_HMAC);
361 
362 	mech_to_cipher_tab[3].mech = cipher_defs[cipher_rc4].mech_type =
363 	    crypto_mech2id(SUN_CKM_RC4);
364 	mech_to_cipher_tab[4].mech = cipher_defs[cipher_des].mech_type =
365 	    crypto_mech2id(SUN_CKM_DES_CBC);
366 	mech_to_cipher_tab[5].mech = cipher_defs[cipher_3des].mech_type =
367 	    crypto_mech2id(SUN_CKM_DES3_CBC);
368 }
369 
370 static int
371 is_in_suites(uint16_t s, uint16_t *sarray)
372 {
373 	int i;
374 
375 	for (i = 0; i < CIPHER_SUITE_COUNT; i++) {
376 		if (s == sarray[i])
377 			return (1);
378 	}
379 
380 	return (0);
381 }
382 
383 static int
384 is_in_mechlist(char *name, crypto_mech_name_t *mechs, int count)
385 {
386 	int i;
387 
388 	for (i = 0; i < count; i++) {
389 		if (strncmp(name, mechs[i], CRYPTO_MAX_MECH_NAME) == 0)
390 			return (1);
391 	}
392 
393 	return (0);
394 }
395 
396 /*
397  * Callback function invoked by the crypto framework when a provider's
398  * mechanism is available/unavailable. This callback updates entries in the
399  * kssl_entry_tab[] to make changes to the cipher suites of an entry
400  * which are affected by the mechansim.
401  */
402 static void
403 kssl_event_callback(uint32_t event, void *event_arg)
404 {
405 	int i, j;
406 	int cnt, rcnt;
407 	uint16_t s;
408 	boolean_t changed;
409 	crypto_mech_name_t *mechs;
410 	uint_t mech_count;
411 	mech_to_cipher_t *mc;
412 	kssl_entry_t *old;
413 	kssl_entry_t *new;
414 	uint16_t tmp_suites[CIPHER_SUITE_COUNT];
415 	uint16_t dis_list[CIPHER_SUITE_COUNT];
416 	crypto_notify_event_change_t *prov_change =
417 	    (crypto_notify_event_change_t *)event_arg;
418 
419 	/* ignore events for which we didn't register */
420 	if (event != CRYPTO_EVENT_PROVIDERS_CHANGE) {
421 		return;
422 	}
423 
424 	for (i = 0; i < NUM_MECHS; i++) {
425 		mc = &(mech_to_cipher_tab[i]);
426 		if (mc->mech == CRYPTO_MECH_INVALID)
427 			continue;
428 
429 		/*
430 		 * Check if this crypto framework provider mechanism being
431 		 * added or removed affects us.
432 		 */
433 		if (strncmp(mc->name, prov_change->ec_mech_name,
434 		    CRYPTO_MAX_MECH_NAME) == 0)
435 			break;
436 	}
437 
438 	if (i == NUM_MECHS)
439 		return;
440 
441 	mechs = crypto_get_mech_list(&mech_count, KM_SLEEP);
442 	if (mechs == NULL)
443 		return;
444 
445 	mutex_enter(&kssl_tab_mutex);
446 
447 	for (i = 0; i < kssl_entry_tab_size; i++) {
448 		if ((old = kssl_entry_tab[i]) == NULL)
449 			continue;
450 
451 		cnt = 0;
452 		rcnt = 0;
453 		changed = B_FALSE;
454 		for (j = 0; j < CIPHER_SUITE_COUNT; j++) {
455 			tmp_suites[j] = CIPHER_NOTSET;
456 			dis_list[j] = CIPHER_NOTSET;
457 		}
458 
459 		/*
460 		 * We start with the saved cipher suite list for the new entry.
461 		 * If a mechanism is disabled, resulting in a cipher suite being
462 		 * disabled now, we take it out from the list for the new entry.
463 		 * If a mechanism is enabled, resulting in a cipher suite being
464 		 * enabled now, we don't need to do any thing.
465 		 */
466 		if (!is_in_mechlist(mc->name, mechs, mech_count)) {
467 			for (j = 0; j < CIPHER_SUITE_COUNT; j++) {
468 				s = mc->kssl_suites[j];
469 				if (s == 0)
470 					break;
471 				if (is_in_suites(s, old->kssl_saved_Suites)) {
472 					/* Disable this cipher suite */
473 					if (!is_in_suites(s, dis_list))
474 						dis_list[cnt++] = s;
475 				}
476 			}
477 		}
478 
479 		for (j = 0; j < CIPHER_SUITE_COUNT; j++) {
480 			s = old->kssl_saved_Suites[j];
481 			if (!is_in_suites(s, dis_list))
482 				tmp_suites[rcnt] = s;
483 
484 			if (!changed &&
485 			    (tmp_suites[rcnt] != old->kssl_cipherSuites[rcnt]))
486 				changed = B_TRUE;
487 			rcnt++;
488 		}
489 
490 		if (changed) {
491 			new = kmem_zalloc(sizeof (kssl_entry_t), KM_NOSLEEP);
492 			if (new == NULL)
493 				continue;
494 
495 			*new = *old;		/* Structure copy */
496 			old->ke_no_freeall = B_TRUE;
497 			new->ke_refcnt = 0;
498 			new->kssl_cipherSuites_nentries = rcnt;
499 			for (j = 0; j < CIPHER_SUITE_COUNT; j++)
500 				new->kssl_cipherSuites[j] = tmp_suites[j];
501 
502 			KSSL_ENTRY_REFHOLD(new);
503 			kssl_entry_tab[i] = new;
504 			KSSL_ENTRY_REFRELE(old);
505 		}
506 	}
507 
508 	mutex_exit(&kssl_tab_mutex);
509 	crypto_free_mech_list(mechs, mech_count);
510 }
511 
512 
513 kssl_stats_t *kssl_statp;
514 
515 static void
516 kssl_global_init()
517 {
518 	mutex_init(&kssl_tab_mutex, NULL, MUTEX_DRIVER, NULL);
519 
520 	kssl_cache = kmem_cache_create("kssl_cache", sizeof (ssl_t),
521 	    0, kssl_constructor, kssl_destructor, NULL, NULL, NULL, 0);
522 
523 	if ((kssl_ksp = kstat_create("kssl", 0, "kssl_stats", "crypto",
524 	    KSTAT_TYPE_NAMED, sizeof (kssl_stats_t) / sizeof (kstat_named_t),
525 	    KSTAT_FLAG_PERSISTENT)) != NULL) {
526 		kssl_statp = kssl_ksp->ks_data;
527 
528 		kstat_named_init(&kssl_statp->sid_cache_lookups,
529 		    "kssl_sid_cache_lookups", KSTAT_DATA_UINT64);
530 		kstat_named_init(&kssl_statp->sid_cache_hits,
531 		    "kssl_sid_cache_hits", KSTAT_DATA_UINT64);
532 		kstat_named_init(&kssl_statp->sid_uncached,
533 		    "kssl_sid_uncached", KSTAT_DATA_UINT64);
534 
535 		kstat_named_init(&kssl_statp->full_handshakes,
536 		    "kssl_full_handshakes", KSTAT_DATA_UINT64);
537 		kstat_named_init(&kssl_statp->resumed_sessions,
538 		    "kssl_resumed_sessions", KSTAT_DATA_UINT64);
539 		kstat_named_init(&kssl_statp->fallback_connections,
540 		    "kssl_fallback_connections", KSTAT_DATA_UINT64);
541 		kstat_named_init(&kssl_statp->proxy_fallback_failed,
542 		    "kssl_proxy_fallback_failed", KSTAT_DATA_UINT64);
543 		kstat_named_init(&kssl_statp->appdata_record_ins,
544 		    "kssl_appdata_record_ins", KSTAT_DATA_UINT64);
545 		kstat_named_init(&kssl_statp->appdata_record_outs,
546 		    "kssl_appdata_record_outs", KSTAT_DATA_UINT64);
547 
548 		kstat_named_init(&kssl_statp->alloc_fails, "kssl_alloc_fails",
549 		    KSTAT_DATA_UINT64);
550 		kstat_named_init(&kssl_statp->fatal_alerts,
551 		    "kssl_fatal_alerts", KSTAT_DATA_UINT64);
552 		kstat_named_init(&kssl_statp->warning_alerts,
553 		    "kssl_warning_alerts", KSTAT_DATA_UINT64);
554 		kstat_named_init(&kssl_statp->no_suite_found,
555 		    "kssl_no_suite_found", KSTAT_DATA_UINT64);
556 		kstat_named_init(&kssl_statp->compute_mac_failure,
557 		    "kssl_compute_mac_failure", KSTAT_DATA_UINT64);
558 		kstat_named_init(&kssl_statp->verify_mac_failure,
559 		    "kssl_verify_mac_failure", KSTAT_DATA_UINT64);
560 		kstat_named_init(&kssl_statp->record_decrypt_failure,
561 		    "kssl_record_decrypt_failure", KSTAT_DATA_UINT64);
562 		kstat_named_init(&kssl_statp->bad_pre_master_secret,
563 		    "kssl_bad_pre_master_secret", KSTAT_DATA_UINT64);
564 
565 		kstat_install(kssl_ksp);
566 	};
567 }
568 
569 /*ARGSUSED*/
570 static int
571 kssl_constructor(void *buf, void *arg, int kmflags)
572 {
573 	ssl_t *ssl = buf;
574 
575 	mutex_init(&ssl->kssl_lock, NULL, MUTEX_DEFAULT, NULL);
576 
577 	return (0);
578 }
579 
580 /*ARGSUSED*/
581 static void
582 kssl_destructor(void *buf, void *arg)
583 {
584 	ssl_t *ssl = buf;
585 	mutex_destroy(&ssl->kssl_lock);
586 }
587