1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 /* 30 * The system call and DDI interface for the kernel SSL module 31 */ 32 33 #include <sys/types.h> 34 #include <sys/modctl.h> 35 #include <sys/conf.h> 36 #include <sys/stat.h> 37 #include <sys/ddi.h> 38 #include <sys/sunddi.h> 39 #include <sys/kmem.h> 40 #include <sys/errno.h> 41 #include <sys/ksynch.h> 42 #include <sys/file.h> 43 #include <sys/open.h> 44 #include <sys/cred.h> 45 #include <sys/proc.h> 46 #include <sys/task.h> 47 #include <sys/mkdev.h> 48 #include <sys/model.h> 49 #include <sys/sysmacros.h> 50 #include <sys/policy.h> 51 #include <sys/crypto/common.h> 52 #include <sys/crypto/api.h> 53 #include <c2/audit.h> 54 #include <sys/kstat.h> 55 56 #include "kssl.h" 57 #include "ksslimpl.h" 58 59 /* 60 * DDI entry points. 61 */ 62 static int kssl_attach(dev_info_t *, ddi_attach_cmd_t); 63 static int kssl_detach(dev_info_t *, ddi_detach_cmd_t); 64 static int kssl_getinfo(dev_info_t *, ddi_info_cmd_t, void *, void **); 65 static int kssl_open(dev_t *, int, int, cred_t *); 66 static int kssl_close(dev_t, int, int, cred_t *); 67 static int kssl_ioctl(dev_t, int, intptr_t, int, cred_t *, int *); 68 69 static int kssl_constructor(void *buf, void *arg, int kmflags); 70 static void kssl_destructor(void *buf, void *arg); 71 72 /* 73 * Module linkage. 74 */ 75 static struct cb_ops cbops = { 76 kssl_open, /* cb_open */ 77 kssl_close, /* cb_close */ 78 nodev, /* cb_strategy */ 79 nodev, /* cb_print */ 80 nodev, /* cb_dump */ 81 nodev, /* cb_read */ 82 nodev, /* cb_write */ 83 kssl_ioctl, /* cb_ioctl */ 84 nodev, /* cb_devmap */ 85 nodev, /* cb_mmap */ 86 nodev, /* cb_segmap */ 87 nochpoll, /* cb_chpoll */ 88 ddi_prop_op, /* cb_prop_op */ 89 NULL, /* cb_streamtab */ 90 D_MP, /* cb_flag */ 91 CB_REV, /* cb_rev */ 92 nodev, /* cb_aread */ 93 nodev, /* cb_awrite */ 94 }; 95 96 static struct dev_ops devops = { 97 DEVO_REV, /* devo_rev */ 98 0, /* devo_refcnt */ 99 kssl_getinfo, /* devo_getinfo */ 100 nulldev, /* devo_identify */ 101 nulldev, /* devo_probe */ 102 kssl_attach, /* devo_attach */ 103 kssl_detach, /* devo_detach */ 104 nodev, /* devo_reset */ 105 &cbops, /* devo_cb_ops */ 106 NULL, /* devo_bus_ops */ 107 NULL, /* devo_power */ 108 }; 109 110 static struct modldrv modldrv = { 111 &mod_driverops, /* drv_modops */ 112 "Kernel SSL Interface v%I%", /* drv_linkinfo */ 113 &devops, 114 }; 115 116 static struct modlinkage modlinkage = { 117 MODREV_1, /* ml_rev */ 118 &modldrv, /* ml_linkage */ 119 NULL 120 }; 121 122 static dev_info_t *kssl_dip = NULL; 123 124 crypto_mechanism_t rsa_x509_mech = {CRYPTO_MECH_INVALID, NULL, 0}; 125 crypto_mechanism_t hmac_md5_mech = {CRYPTO_MECH_INVALID, NULL, 0}; 126 crypto_mechanism_t hmac_sha1_mech = {CRYPTO_MECH_INVALID, NULL, 0}; 127 crypto_call_flag_t kssl_call_flag = CRYPTO_ALWAYS_QUEUE; 128 129 KSSLCipherDef cipher_defs[] = { /* indexed by SSL3BulkCipher */ 130 /* type bsize keysz crypto_mech_type_t */ 131 132 {type_stream, 0, 0, CRYPTO_MECH_INVALID}, 133 134 /* mech_type to be initialized with CKM_RC4's */ 135 {type_stream, 0, 16, CRYPTO_MECH_INVALID}, 136 137 /* mech_type to be initialized with CKM_DES_CBC's */ 138 {type_block, 8, 8, CRYPTO_MECH_INVALID}, 139 140 /* mech_type to be initialized with CKM_DES3_CBC's */ 141 {type_block, 8, 24, CRYPTO_MECH_INVALID}, 142 }; 143 144 int kssl_enabled = 1; 145 struct kmem_cache *kssl_cache; 146 147 static void kssl_global_init(); 148 static void kssl_init_mechs(); 149 static void kssl_event_callback(uint32_t, void *); 150 151 /* 152 * DDI entry points. 153 */ 154 int 155 _init(void) 156 { 157 return (mod_install(&modlinkage)); 158 } 159 160 int 161 _info(struct modinfo *modinfop) 162 { 163 return (mod_info(&modlinkage, modinfop)); 164 } 165 166 /* ARGSUSED */ 167 static int 168 kssl_getinfo(dev_info_t *dip, ddi_info_cmd_t cmd, void *arg, void **result) 169 { 170 switch (cmd) { 171 case DDI_INFO_DEVT2DEVINFO: 172 *result = kssl_dip; 173 return (DDI_SUCCESS); 174 175 case DDI_INFO_DEVT2INSTANCE: 176 *result = (void *)0; 177 return (DDI_SUCCESS); 178 } 179 return (DDI_FAILURE); 180 } 181 182 static int 183 kssl_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 184 { 185 if (cmd != DDI_ATTACH) { 186 return (DDI_FAILURE); 187 } 188 189 if (ddi_get_instance(dip) != 0) { 190 /* we only allow instance 0 to attach */ 191 return (DDI_FAILURE); 192 } 193 194 /* create the minor node */ 195 if (ddi_create_minor_node(dip, "kssl", S_IFCHR, 0, DDI_PSEUDO, 0) != 196 DDI_SUCCESS) { 197 cmn_err(CE_WARN, "kssl_attach: failed creating minor node"); 198 ddi_remove_minor_node(dip, NULL); 199 return (DDI_FAILURE); 200 } 201 202 kssl_dip = dip; 203 204 kssl_global_init(); 205 206 return (DDI_SUCCESS); 207 } 208 209 static kstat_t *kssl_ksp = NULL; 210 211 static int 212 kssl_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 213 { 214 if (cmd != DDI_DETACH) 215 return (DDI_FAILURE); 216 217 if (kssl_entry_tab_nentries != 0 || kssl_cache_count != 0) 218 return (DDI_FAILURE); 219 220 mutex_destroy(&kssl_tab_mutex); 221 kssl_dip = NULL; 222 223 if (kssl_cache != NULL) { 224 kmem_cache_destroy(kssl_cache); 225 kssl_cache = NULL; 226 } 227 228 if (kssl_ksp != NULL) { 229 kstat_delete(kssl_ksp); 230 kssl_ksp = NULL; 231 } 232 233 ddi_remove_minor_node(dip, NULL); 234 235 return (DDI_SUCCESS); 236 } 237 238 static crypto_notify_handle_t prov_update_handle = NULL; 239 240 /* ARGSUSED */ 241 static int 242 kssl_open(dev_t *devp, int flag, int otyp, cred_t *credp) 243 { 244 if (otyp != OTYP_CHR) 245 return (ENXIO); 246 247 if (kssl_dip == NULL) 248 return (ENXIO); 249 250 /* first time here? initialize everything */ 251 if (rsa_x509_mech.cm_type == CRYPTO_MECH_INVALID) { 252 kssl_init_mechs(); 253 prov_update_handle = crypto_notify_events( 254 kssl_event_callback, CRYPTO_EVENT_PROVIDERS_CHANGE); 255 } 256 257 /* exclusive opens are not supported */ 258 if (flag & FEXCL) 259 return (ENOTSUP); 260 261 return (0); 262 } 263 264 /* ARGSUSED */ 265 static int 266 kssl_close(dev_t dev, int flag, int otyp, cred_t *credp) 267 { 268 return (0); 269 } 270 271 #define KSSL_MAX_KEYANDCERTS 80000 /* max 64K plus a little margin */ 272 273 /* ARGSUSED */ 274 static int 275 kssl_ioctl(dev_t dev, int cmd, intptr_t arg, int mode, cred_t *c, 276 int *rval) 277 { 278 int error = EINVAL; 279 280 #define ARG ((caddr_t)arg) 281 282 if (secpolicy_net_config(c, B_FALSE) != 0) { 283 return (EPERM); 284 } 285 286 switch (cmd) { 287 case KSSL_ADD_ENTRY: { 288 kssl_params_t kssl_params_s, *kssl_params = &kssl_params_s; 289 uint64_t len; 290 291 if (copyin(ARG, kssl_params, sizeof (kssl_params_s)) != 0) { 292 return (EFAULT); 293 } 294 295 len = kssl_params->kssl_params_size; 296 if (len < sizeof (kssl_params_t) || 297 len > KSSL_MAX_KEYANDCERTS) { 298 return (EINVAL); 299 } 300 301 kssl_params = kmem_alloc(len, KM_SLEEP); 302 303 /* Get the whole structure and parameters in one move */ 304 if (copyin(ARG, kssl_params, len) != 0) { 305 kmem_free(kssl_params, len); 306 return (EFAULT); 307 } 308 error = kssl_add_entry(kssl_params); 309 #ifdef C2_AUDIT 310 if (audit_active) 311 audit_kssl(KSSL_ADD_ENTRY, kssl_params, error); 312 #endif 313 kmem_free(kssl_params, len); 314 break; 315 } 316 case KSSL_DELETE_ENTRY: { 317 struct sockaddr_in server_addr; 318 319 if (copyin(ARG, &server_addr, sizeof (server_addr)) != 0) { 320 return (EFAULT); 321 } 322 323 error = kssl_delete_entry(&server_addr); 324 #ifdef C2_AUDIT 325 if (audit_active) 326 audit_kssl(KSSL_DELETE_ENTRY, &server_addr, error); 327 #endif 328 break; 329 } 330 } 331 332 return (error); 333 } 334 335 #define NUM_MECHS 6 336 mech_to_cipher_t mech_to_cipher_tab[NUM_MECHS] = { 337 {CRYPTO_MECH_INVALID, SUN_CKM_RSA_X_509, 338 {SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, 339 SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, 340 SSL_RSA_WITH_NULL_SHA}}, 341 {CRYPTO_MECH_INVALID, SUN_CKM_MD5_HMAC, {SSL_RSA_WITH_RC4_128_MD5}}, 342 {CRYPTO_MECH_INVALID, SUN_CKM_SHA1_HMAC, 343 {SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA, 344 SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_NULL_SHA}}, 345 {CRYPTO_MECH_INVALID, SUN_CKM_RC4, 346 {SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA}}, 347 {CRYPTO_MECH_INVALID, SUN_CKM_DES_CBC, {SSL_RSA_WITH_DES_CBC_SHA}}, 348 {CRYPTO_MECH_INVALID, SUN_CKM_DES3_CBC, 349 {SSL_RSA_WITH_3DES_EDE_CBC_SHA}} 350 }; 351 352 static void 353 kssl_init_mechs() 354 { 355 mech_to_cipher_tab[0].mech = rsa_x509_mech.cm_type = 356 crypto_mech2id(SUN_CKM_RSA_X_509); 357 mech_to_cipher_tab[1].mech = hmac_md5_mech.cm_type = 358 crypto_mech2id(SUN_CKM_MD5_HMAC); 359 mech_to_cipher_tab[2].mech = hmac_sha1_mech.cm_type = 360 crypto_mech2id(SUN_CKM_SHA1_HMAC); 361 362 mech_to_cipher_tab[3].mech = cipher_defs[cipher_rc4].mech_type = 363 crypto_mech2id(SUN_CKM_RC4); 364 mech_to_cipher_tab[4].mech = cipher_defs[cipher_des].mech_type = 365 crypto_mech2id(SUN_CKM_DES_CBC); 366 mech_to_cipher_tab[5].mech = cipher_defs[cipher_3des].mech_type = 367 crypto_mech2id(SUN_CKM_DES3_CBC); 368 } 369 370 static int 371 is_in_suites(uint16_t s, uint16_t *sarray) 372 { 373 int i; 374 375 for (i = 0; i < CIPHER_SUITE_COUNT; i++) { 376 if (s == sarray[i]) 377 return (1); 378 } 379 380 return (0); 381 } 382 383 static int 384 is_in_mechlist(char *name, crypto_mech_name_t *mechs, int count) 385 { 386 int i; 387 388 for (i = 0; i < count; i++) { 389 if (strncmp(name, mechs[i], CRYPTO_MAX_MECH_NAME) == 0) 390 return (1); 391 } 392 393 return (0); 394 } 395 396 /* 397 * Callback function invoked by the crypto framework when a provider's 398 * mechanism is available/unavailable. This callback updates entries in the 399 * kssl_entry_tab[] to make changes to the cipher suites of an entry 400 * which are affected by the mechansim. 401 */ 402 static void 403 kssl_event_callback(uint32_t event, void *event_arg) 404 { 405 int i, j; 406 int cnt, rcnt; 407 uint16_t s; 408 boolean_t changed; 409 crypto_mech_name_t *mechs; 410 uint_t mech_count; 411 mech_to_cipher_t *mc; 412 kssl_entry_t *old; 413 kssl_entry_t *new; 414 uint16_t tmp_suites[CIPHER_SUITE_COUNT]; 415 uint16_t dis_list[CIPHER_SUITE_COUNT]; 416 crypto_notify_event_change_t *prov_change = 417 (crypto_notify_event_change_t *)event_arg; 418 419 /* ignore events for which we didn't register */ 420 if (event != CRYPTO_EVENT_PROVIDERS_CHANGE) { 421 return; 422 } 423 424 for (i = 0; i < NUM_MECHS; i++) { 425 mc = &(mech_to_cipher_tab[i]); 426 if (mc->mech == CRYPTO_MECH_INVALID) 427 continue; 428 429 /* 430 * Check if this crypto framework provider mechanism being 431 * added or removed affects us. 432 */ 433 if (strncmp(mc->name, prov_change->ec_mech_name, 434 CRYPTO_MAX_MECH_NAME) == 0) 435 break; 436 } 437 438 if (i == NUM_MECHS) 439 return; 440 441 mechs = crypto_get_mech_list(&mech_count, KM_SLEEP); 442 if (mechs == NULL) 443 return; 444 445 mutex_enter(&kssl_tab_mutex); 446 447 for (i = 0; i < kssl_entry_tab_size; i++) { 448 if ((old = kssl_entry_tab[i]) == NULL) 449 continue; 450 451 cnt = 0; 452 rcnt = 0; 453 changed = B_FALSE; 454 for (j = 0; j < CIPHER_SUITE_COUNT; j++) { 455 tmp_suites[j] = CIPHER_NOTSET; 456 dis_list[j] = CIPHER_NOTSET; 457 } 458 459 /* 460 * We start with the saved cipher suite list for the new entry. 461 * If a mechanism is disabled, resulting in a cipher suite being 462 * disabled now, we take it out from the list for the new entry. 463 * If a mechanism is enabled, resulting in a cipher suite being 464 * enabled now, we don't need to do any thing. 465 */ 466 if (!is_in_mechlist(mc->name, mechs, mech_count)) { 467 for (j = 0; j < CIPHER_SUITE_COUNT; j++) { 468 s = mc->kssl_suites[j]; 469 if (s == 0) 470 break; 471 if (is_in_suites(s, old->kssl_saved_Suites)) { 472 /* Disable this cipher suite */ 473 if (!is_in_suites(s, dis_list)) 474 dis_list[cnt++] = s; 475 } 476 } 477 } 478 479 for (j = 0; j < CIPHER_SUITE_COUNT; j++) { 480 s = old->kssl_saved_Suites[j]; 481 if (!is_in_suites(s, dis_list)) 482 tmp_suites[rcnt] = s; 483 484 if (!changed && 485 (tmp_suites[rcnt] != old->kssl_cipherSuites[rcnt])) 486 changed = B_TRUE; 487 rcnt++; 488 } 489 490 if (changed) { 491 new = kmem_zalloc(sizeof (kssl_entry_t), KM_NOSLEEP); 492 if (new == NULL) 493 continue; 494 495 *new = *old; /* Structure copy */ 496 old->ke_no_freeall = B_TRUE; 497 new->ke_refcnt = 0; 498 new->kssl_cipherSuites_nentries = rcnt; 499 for (j = 0; j < CIPHER_SUITE_COUNT; j++) 500 new->kssl_cipherSuites[j] = tmp_suites[j]; 501 502 KSSL_ENTRY_REFHOLD(new); 503 kssl_entry_tab[i] = new; 504 KSSL_ENTRY_REFRELE(old); 505 } 506 } 507 508 mutex_exit(&kssl_tab_mutex); 509 crypto_free_mech_list(mechs, mech_count); 510 } 511 512 513 kssl_stats_t *kssl_statp; 514 515 static void 516 kssl_global_init() 517 { 518 mutex_init(&kssl_tab_mutex, NULL, MUTEX_DRIVER, NULL); 519 520 kssl_cache = kmem_cache_create("kssl_cache", sizeof (ssl_t), 521 0, kssl_constructor, kssl_destructor, NULL, NULL, NULL, 0); 522 523 if ((kssl_ksp = kstat_create("kssl", 0, "kssl_stats", "crypto", 524 KSTAT_TYPE_NAMED, sizeof (kssl_stats_t) / sizeof (kstat_named_t), 525 KSTAT_FLAG_PERSISTENT)) != NULL) { 526 kssl_statp = kssl_ksp->ks_data; 527 528 kstat_named_init(&kssl_statp->sid_cache_lookups, 529 "kssl_sid_cache_lookups", KSTAT_DATA_UINT64); 530 kstat_named_init(&kssl_statp->sid_cache_hits, 531 "kssl_sid_cache_hits", KSTAT_DATA_UINT64); 532 kstat_named_init(&kssl_statp->sid_uncached, 533 "kssl_sid_uncached", KSTAT_DATA_UINT64); 534 535 kstat_named_init(&kssl_statp->full_handshakes, 536 "kssl_full_handshakes", KSTAT_DATA_UINT64); 537 kstat_named_init(&kssl_statp->resumed_sessions, 538 "kssl_resumed_sessions", KSTAT_DATA_UINT64); 539 kstat_named_init(&kssl_statp->fallback_connections, 540 "kssl_fallback_connections", KSTAT_DATA_UINT64); 541 kstat_named_init(&kssl_statp->proxy_fallback_failed, 542 "kssl_proxy_fallback_failed", KSTAT_DATA_UINT64); 543 kstat_named_init(&kssl_statp->appdata_record_ins, 544 "kssl_appdata_record_ins", KSTAT_DATA_UINT64); 545 kstat_named_init(&kssl_statp->appdata_record_outs, 546 "kssl_appdata_record_outs", KSTAT_DATA_UINT64); 547 548 kstat_named_init(&kssl_statp->alloc_fails, "kssl_alloc_fails", 549 KSTAT_DATA_UINT64); 550 kstat_named_init(&kssl_statp->fatal_alerts, 551 "kssl_fatal_alerts", KSTAT_DATA_UINT64); 552 kstat_named_init(&kssl_statp->warning_alerts, 553 "kssl_warning_alerts", KSTAT_DATA_UINT64); 554 kstat_named_init(&kssl_statp->no_suite_found, 555 "kssl_no_suite_found", KSTAT_DATA_UINT64); 556 kstat_named_init(&kssl_statp->compute_mac_failure, 557 "kssl_compute_mac_failure", KSTAT_DATA_UINT64); 558 kstat_named_init(&kssl_statp->verify_mac_failure, 559 "kssl_verify_mac_failure", KSTAT_DATA_UINT64); 560 kstat_named_init(&kssl_statp->record_decrypt_failure, 561 "kssl_record_decrypt_failure", KSTAT_DATA_UINT64); 562 kstat_named_init(&kssl_statp->bad_pre_master_secret, 563 "kssl_bad_pre_master_secret", KSTAT_DATA_UINT64); 564 565 kstat_install(kssl_ksp); 566 }; 567 } 568 569 /*ARGSUSED*/ 570 static int 571 kssl_constructor(void *buf, void *arg, int kmflags) 572 { 573 ssl_t *ssl = buf; 574 575 mutex_init(&ssl->kssl_lock, NULL, MUTEX_DEFAULT, NULL); 576 577 return (0); 578 } 579 580 /*ARGSUSED*/ 581 static void 582 kssl_destructor(void *buf, void *arg) 583 { 584 ssl_t *ssl = buf; 585 mutex_destroy(&ssl->kssl_lock); 586 } 587