17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5d2b32306Smcpowers * Common Development and Distribution License (the "License"). 6d2b32306Smcpowers * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*005d3febSMarek Pospisil * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate 277c478bd9Sstevel@tonic-gate /* 287c478bd9Sstevel@tonic-gate * The ioctl interface for administrative commands. 297c478bd9Sstevel@tonic-gate */ 307c478bd9Sstevel@tonic-gate 317c478bd9Sstevel@tonic-gate #include <sys/types.h> 327c478bd9Sstevel@tonic-gate #include <sys/modctl.h> 337c478bd9Sstevel@tonic-gate #include <sys/conf.h> 347c478bd9Sstevel@tonic-gate #include <sys/stat.h> 357c478bd9Sstevel@tonic-gate #include <sys/ddi.h> 367c478bd9Sstevel@tonic-gate #include <sys/sunddi.h> 377c478bd9Sstevel@tonic-gate #include <sys/kmem.h> 387c478bd9Sstevel@tonic-gate #include <sys/errno.h> 397c478bd9Sstevel@tonic-gate #include <sys/ksynch.h> 407c478bd9Sstevel@tonic-gate #include <sys/file.h> 417c478bd9Sstevel@tonic-gate #include <sys/open.h> 427c478bd9Sstevel@tonic-gate #include <sys/cred.h> 437c478bd9Sstevel@tonic-gate #include <sys/model.h> 447c478bd9Sstevel@tonic-gate #include <sys/sysmacros.h> 457c478bd9Sstevel@tonic-gate #include <sys/crypto/common.h> 467c478bd9Sstevel@tonic-gate #include <sys/crypto/api.h> 477c478bd9Sstevel@tonic-gate #include <sys/crypto/impl.h> 487c478bd9Sstevel@tonic-gate #include <sys/crypto/sched_impl.h> 497c478bd9Sstevel@tonic-gate #include <sys/crypto/ioctladmin.h> 507c478bd9Sstevel@tonic-gate #include <c2/audit.h> 5173556491SAnthony Scarpino #include <sys/disp.h> 527c478bd9Sstevel@tonic-gate 537c478bd9Sstevel@tonic-gate /* 547c478bd9Sstevel@tonic-gate * DDI entry points. 557c478bd9Sstevel@tonic-gate */ 567c478bd9Sstevel@tonic-gate static int cryptoadm_attach(dev_info_t *, ddi_attach_cmd_t); 577c478bd9Sstevel@tonic-gate static int cryptoadm_detach(dev_info_t *, ddi_detach_cmd_t); 587c478bd9Sstevel@tonic-gate static int cryptoadm_getinfo(dev_info_t *, ddi_info_cmd_t, void *, void **); 597c478bd9Sstevel@tonic-gate static int cryptoadm_open(dev_t *, int, int, cred_t *); 607c478bd9Sstevel@tonic-gate static int cryptoadm_close(dev_t, int, int, cred_t *); 617c478bd9Sstevel@tonic-gate static int cryptoadm_ioctl(dev_t, int, intptr_t, int, cred_t *, int *); 627c478bd9Sstevel@tonic-gate 637c478bd9Sstevel@tonic-gate extern void audit_cryptoadm(int, char *, crypto_mech_name_t *, uint_t, 647c478bd9Sstevel@tonic-gate uint_t, uint32_t, int); 65b5a2d845SHai-May Chao 667c478bd9Sstevel@tonic-gate /* 677c478bd9Sstevel@tonic-gate * Module linkage. 687c478bd9Sstevel@tonic-gate */ 697c478bd9Sstevel@tonic-gate static struct cb_ops cbops = { 707c478bd9Sstevel@tonic-gate cryptoadm_open, /* cb_open */ 717c478bd9Sstevel@tonic-gate cryptoadm_close, /* cb_close */ 727c478bd9Sstevel@tonic-gate nodev, /* cb_strategy */ 737c478bd9Sstevel@tonic-gate nodev, /* cb_print */ 747c478bd9Sstevel@tonic-gate nodev, /* cb_dump */ 757c478bd9Sstevel@tonic-gate nodev, /* cb_read */ 767c478bd9Sstevel@tonic-gate nodev, /* cb_write */ 777c478bd9Sstevel@tonic-gate cryptoadm_ioctl, /* cb_ioctl */ 787c478bd9Sstevel@tonic-gate nodev, /* cb_devmap */ 797c478bd9Sstevel@tonic-gate nodev, /* cb_mmap */ 807c478bd9Sstevel@tonic-gate nodev, /* cb_segmap */ 817c478bd9Sstevel@tonic-gate nochpoll, /* cb_chpoll */ 827c478bd9Sstevel@tonic-gate ddi_prop_op, /* cb_prop_op */ 837c478bd9Sstevel@tonic-gate NULL, /* cb_streamtab */ 847c478bd9Sstevel@tonic-gate D_MP, /* cb_flag */ 857c478bd9Sstevel@tonic-gate CB_REV, /* cb_rev */ 867c478bd9Sstevel@tonic-gate nodev, /* cb_aread */ 877c478bd9Sstevel@tonic-gate nodev, /* cb_awrite */ 887c478bd9Sstevel@tonic-gate }; 897c478bd9Sstevel@tonic-gate 907c478bd9Sstevel@tonic-gate static struct dev_ops devops = { 917c478bd9Sstevel@tonic-gate DEVO_REV, /* devo_rev */ 927c478bd9Sstevel@tonic-gate 0, /* devo_refcnt */ 937c478bd9Sstevel@tonic-gate cryptoadm_getinfo, /* devo_getinfo */ 947c478bd9Sstevel@tonic-gate nulldev, /* devo_identify */ 957c478bd9Sstevel@tonic-gate nulldev, /* devo_probe */ 967c478bd9Sstevel@tonic-gate cryptoadm_attach, /* devo_attach */ 977c478bd9Sstevel@tonic-gate cryptoadm_detach, /* devo_detach */ 987c478bd9Sstevel@tonic-gate nodev, /* devo_reset */ 997c478bd9Sstevel@tonic-gate &cbops, /* devo_cb_ops */ 1007c478bd9Sstevel@tonic-gate NULL, /* devo_bus_ops */ 1017c478bd9Sstevel@tonic-gate NULL, /* devo_power */ 10219397407SSherry Moore ddi_quiesce_not_needed, /* devo_quiesce */ 1037c478bd9Sstevel@tonic-gate }; 1047c478bd9Sstevel@tonic-gate 1057c478bd9Sstevel@tonic-gate static struct modldrv modldrv = { 1067c478bd9Sstevel@tonic-gate &mod_driverops, /* drv_modops */ 107d2b32306Smcpowers "Cryptographic Administrative Interface", /* drv_linkinfo */ 1087c478bd9Sstevel@tonic-gate &devops, 1097c478bd9Sstevel@tonic-gate }; 1107c478bd9Sstevel@tonic-gate 1117c478bd9Sstevel@tonic-gate static struct modlinkage modlinkage = { 1127c478bd9Sstevel@tonic-gate MODREV_1, /* ml_rev */ 1137c478bd9Sstevel@tonic-gate &modldrv, /* ml_linkage */ 1147c478bd9Sstevel@tonic-gate NULL 1157c478bd9Sstevel@tonic-gate }; 1167c478bd9Sstevel@tonic-gate 1177c478bd9Sstevel@tonic-gate static dev_info_t *cryptoadm_dip = NULL; 1187c478bd9Sstevel@tonic-gate 1197c478bd9Sstevel@tonic-gate /* 1207c478bd9Sstevel@tonic-gate * DDI entry points. 1217c478bd9Sstevel@tonic-gate */ 1227c478bd9Sstevel@tonic-gate int 1237c478bd9Sstevel@tonic-gate _init(void) 1247c478bd9Sstevel@tonic-gate { 1257c478bd9Sstevel@tonic-gate return (mod_install(&modlinkage)); 1267c478bd9Sstevel@tonic-gate } 1277c478bd9Sstevel@tonic-gate 1287c478bd9Sstevel@tonic-gate int 1297c478bd9Sstevel@tonic-gate _fini(void) 1307c478bd9Sstevel@tonic-gate { 1317c478bd9Sstevel@tonic-gate return (mod_remove(&modlinkage)); 1327c478bd9Sstevel@tonic-gate } 1337c478bd9Sstevel@tonic-gate 1347c478bd9Sstevel@tonic-gate int 1357c478bd9Sstevel@tonic-gate _info(struct modinfo *modinfop) 1367c478bd9Sstevel@tonic-gate { 1377c478bd9Sstevel@tonic-gate return (mod_info(&modlinkage, modinfop)); 1387c478bd9Sstevel@tonic-gate } 1397c478bd9Sstevel@tonic-gate 1407c478bd9Sstevel@tonic-gate /* ARGSUSED */ 1417c478bd9Sstevel@tonic-gate static int 1427c478bd9Sstevel@tonic-gate cryptoadm_getinfo(dev_info_t *dip, ddi_info_cmd_t cmd, void *arg, void **result) 1437c478bd9Sstevel@tonic-gate { 1447c478bd9Sstevel@tonic-gate switch (cmd) { 1457c478bd9Sstevel@tonic-gate case DDI_INFO_DEVT2DEVINFO: 1467c478bd9Sstevel@tonic-gate *result = (void *)cryptoadm_dip; 1477c478bd9Sstevel@tonic-gate return (DDI_SUCCESS); 1487c478bd9Sstevel@tonic-gate 1497c478bd9Sstevel@tonic-gate case DDI_INFO_DEVT2INSTANCE: 1507c478bd9Sstevel@tonic-gate *result = (void *)0; 1517c478bd9Sstevel@tonic-gate return (DDI_SUCCESS); 1527c478bd9Sstevel@tonic-gate } 1537c478bd9Sstevel@tonic-gate return (DDI_FAILURE); 1547c478bd9Sstevel@tonic-gate } 1557c478bd9Sstevel@tonic-gate 1567c478bd9Sstevel@tonic-gate static int 1577c478bd9Sstevel@tonic-gate cryptoadm_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 1587c478bd9Sstevel@tonic-gate { 1597c478bd9Sstevel@tonic-gate if (cmd != DDI_ATTACH) { 1607c478bd9Sstevel@tonic-gate return (DDI_FAILURE); 1617c478bd9Sstevel@tonic-gate } 1627c478bd9Sstevel@tonic-gate if (ddi_get_instance(dip) != 0) { 1637c478bd9Sstevel@tonic-gate /* we only allow instance 0 to attach */ 1647c478bd9Sstevel@tonic-gate return (DDI_FAILURE); 1657c478bd9Sstevel@tonic-gate } 1667c478bd9Sstevel@tonic-gate 1677c478bd9Sstevel@tonic-gate /* create the minor node */ 1687c478bd9Sstevel@tonic-gate if (ddi_create_minor_node(dip, "cryptoadm", S_IFCHR, 0, 1697c478bd9Sstevel@tonic-gate DDI_PSEUDO, 0) != DDI_SUCCESS) { 1707c478bd9Sstevel@tonic-gate cmn_err(CE_WARN, "cryptoadm: failed creating minor node"); 1717c478bd9Sstevel@tonic-gate ddi_remove_minor_node(dip, NULL); 1727c478bd9Sstevel@tonic-gate return (DDI_FAILURE); 1737c478bd9Sstevel@tonic-gate } 1747c478bd9Sstevel@tonic-gate 1757c478bd9Sstevel@tonic-gate cryptoadm_dip = dip; 1767c478bd9Sstevel@tonic-gate 1777c478bd9Sstevel@tonic-gate return (DDI_SUCCESS); 1787c478bd9Sstevel@tonic-gate } 1797c478bd9Sstevel@tonic-gate 1807c478bd9Sstevel@tonic-gate static int 1817c478bd9Sstevel@tonic-gate cryptoadm_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 1827c478bd9Sstevel@tonic-gate { 1837c478bd9Sstevel@tonic-gate if (cmd != DDI_DETACH) 1847c478bd9Sstevel@tonic-gate return (DDI_FAILURE); 1857c478bd9Sstevel@tonic-gate 1867c478bd9Sstevel@tonic-gate cryptoadm_dip = NULL; 1877c478bd9Sstevel@tonic-gate ddi_remove_minor_node(dip, NULL); 1887c478bd9Sstevel@tonic-gate 1897c478bd9Sstevel@tonic-gate return (DDI_SUCCESS); 1907c478bd9Sstevel@tonic-gate } 1917c478bd9Sstevel@tonic-gate 1927c478bd9Sstevel@tonic-gate /* ARGSUSED */ 1937c478bd9Sstevel@tonic-gate static int 1947c478bd9Sstevel@tonic-gate cryptoadm_open(dev_t *devp, int flag, int otyp, cred_t *credp) 1957c478bd9Sstevel@tonic-gate { 1967c478bd9Sstevel@tonic-gate if (otyp != OTYP_CHR || cryptoadm_dip == NULL) 1977c478bd9Sstevel@tonic-gate return (ENXIO); 1987c478bd9Sstevel@tonic-gate 1997c478bd9Sstevel@tonic-gate /* exclusive opens are not supported */ 2007c478bd9Sstevel@tonic-gate if (flag & FEXCL) 2017c478bd9Sstevel@tonic-gate return (ENOTSUP); 2027c478bd9Sstevel@tonic-gate 2037c478bd9Sstevel@tonic-gate *devp = makedevice(getmajor(*devp), 0); 2047c478bd9Sstevel@tonic-gate 2057c478bd9Sstevel@tonic-gate kcf_sched_start(); 2067c478bd9Sstevel@tonic-gate 2077c478bd9Sstevel@tonic-gate return (0); 2087c478bd9Sstevel@tonic-gate } 2097c478bd9Sstevel@tonic-gate 2107c478bd9Sstevel@tonic-gate /* ARGSUSED */ 2117c478bd9Sstevel@tonic-gate static int 2127c478bd9Sstevel@tonic-gate cryptoadm_close(dev_t dev, int flag, int otyp, cred_t *credp) 2137c478bd9Sstevel@tonic-gate { 2147c478bd9Sstevel@tonic-gate return (0); 2157c478bd9Sstevel@tonic-gate } 2167c478bd9Sstevel@tonic-gate 2177c478bd9Sstevel@tonic-gate /* 2187c478bd9Sstevel@tonic-gate * Returns TRUE if array of size MAXNAMELEN contains a '\0' 2197c478bd9Sstevel@tonic-gate * termination character, otherwise, it returns FALSE. 2207c478bd9Sstevel@tonic-gate */ 2217c478bd9Sstevel@tonic-gate static boolean_t 2227c478bd9Sstevel@tonic-gate null_terminated(char *array) 2237c478bd9Sstevel@tonic-gate { 2247c478bd9Sstevel@tonic-gate int i; 2257c478bd9Sstevel@tonic-gate 2267c478bd9Sstevel@tonic-gate for (i = 0; i < MAXNAMELEN; i++) 2277c478bd9Sstevel@tonic-gate if (array[i] == '\0') 2287c478bd9Sstevel@tonic-gate return (B_TRUE); 2297c478bd9Sstevel@tonic-gate 2307c478bd9Sstevel@tonic-gate return (B_FALSE); 2317c478bd9Sstevel@tonic-gate } 2327c478bd9Sstevel@tonic-gate 2337c478bd9Sstevel@tonic-gate /* 2347c478bd9Sstevel@tonic-gate * This ioctl returns an array of hardware providers. Each entry 2357c478bd9Sstevel@tonic-gate * contains a device name, device instance, and number of 2367c478bd9Sstevel@tonic-gate * supported mechanisms. 2377c478bd9Sstevel@tonic-gate */ 2387c478bd9Sstevel@tonic-gate /* ARGSUSED */ 2397c478bd9Sstevel@tonic-gate static int 2407c478bd9Sstevel@tonic-gate get_dev_list(dev_t dev, caddr_t arg, int mode, int *rval) 2417c478bd9Sstevel@tonic-gate { 2427c478bd9Sstevel@tonic-gate crypto_get_dev_list_t dev_list; 2437c478bd9Sstevel@tonic-gate crypto_dev_list_entry_t *entries; 2447c478bd9Sstevel@tonic-gate size_t copyout_size; 2457c478bd9Sstevel@tonic-gate uint_t count; 2467c478bd9Sstevel@tonic-gate ulong_t offset; 2477c478bd9Sstevel@tonic-gate 2487c478bd9Sstevel@tonic-gate if (copyin(arg, &dev_list, sizeof (dev_list)) != 0) 2497c478bd9Sstevel@tonic-gate return (EFAULT); 2507c478bd9Sstevel@tonic-gate 2517c478bd9Sstevel@tonic-gate /* get the list from the core module */ 2527c478bd9Sstevel@tonic-gate if (crypto_get_dev_list(&count, &entries) != 0) { 2537c478bd9Sstevel@tonic-gate dev_list.dl_return_value = CRYPTO_FAILED; 2547c478bd9Sstevel@tonic-gate if (copyout(&dev_list, arg, sizeof (dev_list)) != 0) { 2557c478bd9Sstevel@tonic-gate return (EFAULT); 2567c478bd9Sstevel@tonic-gate } 2577c478bd9Sstevel@tonic-gate return (0); 2587c478bd9Sstevel@tonic-gate } 2597c478bd9Sstevel@tonic-gate 2607c478bd9Sstevel@tonic-gate /* check if buffer is too small */ 2617c478bd9Sstevel@tonic-gate if (count > dev_list.dl_dev_count) { 2627c478bd9Sstevel@tonic-gate dev_list.dl_dev_count = count; 2637c478bd9Sstevel@tonic-gate dev_list.dl_return_value = CRYPTO_BUFFER_TOO_SMALL; 2647c478bd9Sstevel@tonic-gate crypto_free_dev_list(entries, count); 2657c478bd9Sstevel@tonic-gate if (copyout(&dev_list, arg, sizeof (dev_list)) != 0) { 2667c478bd9Sstevel@tonic-gate return (EFAULT); 2677c478bd9Sstevel@tonic-gate } 2687c478bd9Sstevel@tonic-gate return (0); 2697c478bd9Sstevel@tonic-gate } 2707c478bd9Sstevel@tonic-gate 2717c478bd9Sstevel@tonic-gate dev_list.dl_dev_count = count; 2727c478bd9Sstevel@tonic-gate dev_list.dl_return_value = CRYPTO_SUCCESS; 2737c478bd9Sstevel@tonic-gate 2747c478bd9Sstevel@tonic-gate copyout_size = count * sizeof (crypto_dev_list_entry_t); 2757c478bd9Sstevel@tonic-gate 2767c478bd9Sstevel@tonic-gate /* copyout the first stuff */ 2777c478bd9Sstevel@tonic-gate if (copyout(&dev_list, arg, sizeof (dev_list)) != 0) { 2787c478bd9Sstevel@tonic-gate crypto_free_dev_list(entries, count); 2797c478bd9Sstevel@tonic-gate return (EFAULT); 2807c478bd9Sstevel@tonic-gate } 2817c478bd9Sstevel@tonic-gate 2827c478bd9Sstevel@tonic-gate /* copyout entries */ 2837c478bd9Sstevel@tonic-gate offset = offsetof(crypto_get_dev_list_t, dl_devs); 2847c478bd9Sstevel@tonic-gate if (count > 0 && copyout(entries, arg + offset, copyout_size) != 0) { 2857c478bd9Sstevel@tonic-gate crypto_free_dev_list(entries, count); 2867c478bd9Sstevel@tonic-gate return (EFAULT); 2877c478bd9Sstevel@tonic-gate } 2887c478bd9Sstevel@tonic-gate crypto_free_dev_list(entries, count); 2897c478bd9Sstevel@tonic-gate return (0); 2907c478bd9Sstevel@tonic-gate } 2917c478bd9Sstevel@tonic-gate 2927c478bd9Sstevel@tonic-gate /* 2937c478bd9Sstevel@tonic-gate * This ioctl returns a buffer containing the null terminated names 2947c478bd9Sstevel@tonic-gate * of software providers. 2957c478bd9Sstevel@tonic-gate */ 2967c478bd9Sstevel@tonic-gate /* ARGSUSED */ 2977c478bd9Sstevel@tonic-gate static int 2987c478bd9Sstevel@tonic-gate get_soft_list(dev_t dev, caddr_t arg, int mode, int *rval) 2997c478bd9Sstevel@tonic-gate { 3007c478bd9Sstevel@tonic-gate STRUCT_DECL(crypto_get_soft_list, soft_list); 3017c478bd9Sstevel@tonic-gate char *names; 3027c478bd9Sstevel@tonic-gate size_t len; 3037c478bd9Sstevel@tonic-gate uint_t count; 3047c478bd9Sstevel@tonic-gate 3057c478bd9Sstevel@tonic-gate STRUCT_INIT(soft_list, mode); 3067c478bd9Sstevel@tonic-gate 3077c478bd9Sstevel@tonic-gate if (copyin(arg, STRUCT_BUF(soft_list), STRUCT_SIZE(soft_list)) != 0) 3087c478bd9Sstevel@tonic-gate return (EFAULT); 3097c478bd9Sstevel@tonic-gate 3107c478bd9Sstevel@tonic-gate /* get the list from the core module */ 3117c478bd9Sstevel@tonic-gate if (crypto_get_soft_list(&count, &names, &len) != 0) { 3127c478bd9Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_return_value, CRYPTO_FAILED); 3137c478bd9Sstevel@tonic-gate if (copyout(STRUCT_BUF(soft_list), arg, 3147c478bd9Sstevel@tonic-gate STRUCT_SIZE(soft_list)) != 0) { 3157c478bd9Sstevel@tonic-gate return (EFAULT); 3167c478bd9Sstevel@tonic-gate } 3177c478bd9Sstevel@tonic-gate return (0); 3187c478bd9Sstevel@tonic-gate } 3197c478bd9Sstevel@tonic-gate 3207c478bd9Sstevel@tonic-gate /* check if buffer is too small */ 3217c478bd9Sstevel@tonic-gate if (len > STRUCT_FGET(soft_list, sl_soft_len)) { 3227c478bd9Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_soft_count, count); 3237c478bd9Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_soft_len, len); 3247c478bd9Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_return_value, 3257c478bd9Sstevel@tonic-gate CRYPTO_BUFFER_TOO_SMALL); 3267c478bd9Sstevel@tonic-gate kmem_free(names, len); 3277c478bd9Sstevel@tonic-gate if (copyout(STRUCT_BUF(soft_list), arg, 3287c478bd9Sstevel@tonic-gate STRUCT_SIZE(soft_list)) != 0) { 3297c478bd9Sstevel@tonic-gate return (EFAULT); 3307c478bd9Sstevel@tonic-gate } 3317c478bd9Sstevel@tonic-gate return (0); 3327c478bd9Sstevel@tonic-gate } 3337c478bd9Sstevel@tonic-gate 3347c478bd9Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_soft_count, count); 3357c478bd9Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_soft_len, len); 3367c478bd9Sstevel@tonic-gate STRUCT_FSET(soft_list, sl_return_value, CRYPTO_SUCCESS); 3377c478bd9Sstevel@tonic-gate 3387c478bd9Sstevel@tonic-gate if (count > 0 && copyout(names, 3397c478bd9Sstevel@tonic-gate STRUCT_FGETP(soft_list, sl_soft_names), len) != 0) { 3407c478bd9Sstevel@tonic-gate kmem_free(names, len); 3417c478bd9Sstevel@tonic-gate return (EFAULT); 3427c478bd9Sstevel@tonic-gate } 3437c478bd9Sstevel@tonic-gate kmem_free(names, len); 3447c478bd9Sstevel@tonic-gate 3457c478bd9Sstevel@tonic-gate if (copyout(STRUCT_BUF(soft_list), arg, STRUCT_SIZE(soft_list)) != 0) { 3467c478bd9Sstevel@tonic-gate return (EFAULT); 3477c478bd9Sstevel@tonic-gate } 3487c478bd9Sstevel@tonic-gate 3497c478bd9Sstevel@tonic-gate return (0); 3507c478bd9Sstevel@tonic-gate } 3517c478bd9Sstevel@tonic-gate 3527c478bd9Sstevel@tonic-gate /* 3537c478bd9Sstevel@tonic-gate * This ioctl returns an array of mechanisms supported by the 3547c478bd9Sstevel@tonic-gate * specified device. 3557c478bd9Sstevel@tonic-gate */ 3567c478bd9Sstevel@tonic-gate /* ARGSUSED */ 3577c478bd9Sstevel@tonic-gate static int 3587c478bd9Sstevel@tonic-gate get_dev_info(dev_t dev, caddr_t arg, int mode, int *rval) 3597c478bd9Sstevel@tonic-gate { 3607c478bd9Sstevel@tonic-gate crypto_get_dev_info_t dev_info; 3617c478bd9Sstevel@tonic-gate crypto_mech_name_t *entries; 3627c478bd9Sstevel@tonic-gate size_t copyout_size; 3637c478bd9Sstevel@tonic-gate uint_t count; 3647c478bd9Sstevel@tonic-gate ulong_t offset; 3657c478bd9Sstevel@tonic-gate char *dev_name; 3667c478bd9Sstevel@tonic-gate int rv; 3677c478bd9Sstevel@tonic-gate 3687c478bd9Sstevel@tonic-gate if (copyin(arg, &dev_info, sizeof (dev_info)) != 0) 3697c478bd9Sstevel@tonic-gate return (EFAULT); 3707c478bd9Sstevel@tonic-gate 3717c478bd9Sstevel@tonic-gate dev_name = dev_info.di_dev_name; 3727c478bd9Sstevel@tonic-gate /* make sure the device name is null terminated */ 3737c478bd9Sstevel@tonic-gate if (!null_terminated(dev_name)) { 3747c478bd9Sstevel@tonic-gate dev_info.di_return_value = CRYPTO_ARGUMENTS_BAD; 3757c478bd9Sstevel@tonic-gate if (copyout(&dev_info, arg, sizeof (dev_info)) != 0) { 3767c478bd9Sstevel@tonic-gate return (EFAULT); 3777c478bd9Sstevel@tonic-gate } 3787c478bd9Sstevel@tonic-gate return (0); 3797c478bd9Sstevel@tonic-gate } 3807c478bd9Sstevel@tonic-gate 3817c478bd9Sstevel@tonic-gate /* get mechanism names from the core module */ 3827c478bd9Sstevel@tonic-gate if ((rv = crypto_get_dev_info(dev_name, dev_info.di_dev_instance, 3837c478bd9Sstevel@tonic-gate &count, &entries)) != CRYPTO_SUCCESS) { 3847c478bd9Sstevel@tonic-gate dev_info.di_return_value = rv; 3857c478bd9Sstevel@tonic-gate if (copyout(&dev_info, arg, sizeof (dev_info)) != 0) { 3867c478bd9Sstevel@tonic-gate return (EFAULT); 3877c478bd9Sstevel@tonic-gate } 3887c478bd9Sstevel@tonic-gate return (0); 3897c478bd9Sstevel@tonic-gate } 3907c478bd9Sstevel@tonic-gate 3917c478bd9Sstevel@tonic-gate /* check if buffer is too small */ 3927c478bd9Sstevel@tonic-gate if (count > dev_info.di_count) { 3937c478bd9Sstevel@tonic-gate dev_info.di_count = count; 3947c478bd9Sstevel@tonic-gate dev_info.di_return_value = CRYPTO_BUFFER_TOO_SMALL; 3957c478bd9Sstevel@tonic-gate crypto_free_mech_list(entries, count); 3967c478bd9Sstevel@tonic-gate if (copyout(&dev_info, arg, sizeof (dev_info)) != 0) { 3977c478bd9Sstevel@tonic-gate return (EFAULT); 3987c478bd9Sstevel@tonic-gate } 3997c478bd9Sstevel@tonic-gate return (0); 4007c478bd9Sstevel@tonic-gate } 4017c478bd9Sstevel@tonic-gate 4027c478bd9Sstevel@tonic-gate dev_info.di_count = count; 4037c478bd9Sstevel@tonic-gate dev_info.di_return_value = CRYPTO_SUCCESS; 4047c478bd9Sstevel@tonic-gate 4057c478bd9Sstevel@tonic-gate copyout_size = count * sizeof (crypto_mech_name_t); 4067c478bd9Sstevel@tonic-gate 4077c478bd9Sstevel@tonic-gate /* copyout the first stuff */ 4087c478bd9Sstevel@tonic-gate if (copyout(&dev_info, arg, sizeof (dev_info)) != 0) { 4097c478bd9Sstevel@tonic-gate crypto_free_mech_list(entries, count); 4107c478bd9Sstevel@tonic-gate return (EFAULT); 4117c478bd9Sstevel@tonic-gate } 4127c478bd9Sstevel@tonic-gate 4137c478bd9Sstevel@tonic-gate /* copyout entries */ 4147c478bd9Sstevel@tonic-gate offset = offsetof(crypto_get_dev_info_t, di_list); 4157c478bd9Sstevel@tonic-gate if (copyout(entries, arg + offset, copyout_size) != 0) { 4167c478bd9Sstevel@tonic-gate crypto_free_mech_list(entries, count); 4177c478bd9Sstevel@tonic-gate return (EFAULT); 4187c478bd9Sstevel@tonic-gate } 4197c478bd9Sstevel@tonic-gate crypto_free_mech_list(entries, count); 4207c478bd9Sstevel@tonic-gate return (0); 4217c478bd9Sstevel@tonic-gate } 4227c478bd9Sstevel@tonic-gate 4237c478bd9Sstevel@tonic-gate /* 4247c478bd9Sstevel@tonic-gate * This ioctl returns an array of mechanisms supported by the 4257c478bd9Sstevel@tonic-gate * specified cryptographic module. 4267c478bd9Sstevel@tonic-gate */ 4277c478bd9Sstevel@tonic-gate /* ARGSUSED */ 4287c478bd9Sstevel@tonic-gate static int 4297c478bd9Sstevel@tonic-gate get_soft_info(dev_t dev, caddr_t arg, int mode, int *rval) 4307c478bd9Sstevel@tonic-gate { 4317c478bd9Sstevel@tonic-gate crypto_get_soft_info_t soft_info; 4327c478bd9Sstevel@tonic-gate crypto_mech_name_t *entries; 4337c478bd9Sstevel@tonic-gate size_t copyout_size; 4347c478bd9Sstevel@tonic-gate uint_t count; 4357c478bd9Sstevel@tonic-gate ulong_t offset; 4367c478bd9Sstevel@tonic-gate char *name; 4377c478bd9Sstevel@tonic-gate 4387c478bd9Sstevel@tonic-gate if (copyin(arg, &soft_info, sizeof (soft_info)) != 0) 4397c478bd9Sstevel@tonic-gate return (EFAULT); 4407c478bd9Sstevel@tonic-gate 4417c478bd9Sstevel@tonic-gate name = soft_info.si_name; 4427c478bd9Sstevel@tonic-gate /* make sure the provider name is null terminated */ 4437c478bd9Sstevel@tonic-gate if (!null_terminated(name)) { 4447c478bd9Sstevel@tonic-gate soft_info.si_return_value = CRYPTO_ARGUMENTS_BAD; 4457c478bd9Sstevel@tonic-gate if (copyout(&soft_info, arg, sizeof (soft_info)) != 0) { 4467c478bd9Sstevel@tonic-gate return (EFAULT); 4477c478bd9Sstevel@tonic-gate } 4487c478bd9Sstevel@tonic-gate return (0); 4497c478bd9Sstevel@tonic-gate } 4507c478bd9Sstevel@tonic-gate 4517c478bd9Sstevel@tonic-gate /* get mechanism names from the core module */ 4527c478bd9Sstevel@tonic-gate if (crypto_get_soft_info(name, &count, &entries) != 0) { 4537c478bd9Sstevel@tonic-gate soft_info.si_return_value = CRYPTO_FAILED; 4547c478bd9Sstevel@tonic-gate if (copyout(&soft_info, arg, sizeof (soft_info)) != 0) { 4557c478bd9Sstevel@tonic-gate return (EFAULT); 4567c478bd9Sstevel@tonic-gate } 4577c478bd9Sstevel@tonic-gate return (0); 4587c478bd9Sstevel@tonic-gate } 4597c478bd9Sstevel@tonic-gate 4607c478bd9Sstevel@tonic-gate /* check if buffer is too small */ 4617c478bd9Sstevel@tonic-gate if (count > soft_info.si_count) { 4627c478bd9Sstevel@tonic-gate soft_info.si_count = count; 4637c478bd9Sstevel@tonic-gate soft_info.si_return_value = CRYPTO_BUFFER_TOO_SMALL; 4647c478bd9Sstevel@tonic-gate crypto_free_mech_list(entries, count); 4657c478bd9Sstevel@tonic-gate if (copyout(&soft_info, arg, sizeof (soft_info)) != 0) { 4667c478bd9Sstevel@tonic-gate return (EFAULT); 4677c478bd9Sstevel@tonic-gate } 4687c478bd9Sstevel@tonic-gate return (0); 4697c478bd9Sstevel@tonic-gate } 4707c478bd9Sstevel@tonic-gate 4717c478bd9Sstevel@tonic-gate soft_info.si_count = count; 4727c478bd9Sstevel@tonic-gate soft_info.si_return_value = CRYPTO_SUCCESS; 4737c478bd9Sstevel@tonic-gate copyout_size = count * sizeof (crypto_mech_name_t); 4747c478bd9Sstevel@tonic-gate 4757c478bd9Sstevel@tonic-gate /* copyout the first stuff */ 4767c478bd9Sstevel@tonic-gate if (copyout(&soft_info, arg, sizeof (soft_info)) != 0) { 4777c478bd9Sstevel@tonic-gate crypto_free_mech_list(entries, count); 4787c478bd9Sstevel@tonic-gate return (EFAULT); 4797c478bd9Sstevel@tonic-gate } 4807c478bd9Sstevel@tonic-gate 4817c478bd9Sstevel@tonic-gate /* copyout entries */ 4827c478bd9Sstevel@tonic-gate offset = offsetof(crypto_get_soft_info_t, si_list); 4837c478bd9Sstevel@tonic-gate if (copyout(entries, arg + offset, copyout_size) != 0) { 4847c478bd9Sstevel@tonic-gate crypto_free_mech_list(entries, count); 4857c478bd9Sstevel@tonic-gate return (EFAULT); 4867c478bd9Sstevel@tonic-gate } 4877c478bd9Sstevel@tonic-gate crypto_free_mech_list(entries, count); 4887c478bd9Sstevel@tonic-gate return (0); 4897c478bd9Sstevel@tonic-gate } 4907c478bd9Sstevel@tonic-gate 4917c478bd9Sstevel@tonic-gate /* 4927c478bd9Sstevel@tonic-gate * This ioctl disables mechanisms supported by the specified device. 4937c478bd9Sstevel@tonic-gate */ 4947c478bd9Sstevel@tonic-gate /* ARGSUSED */ 4957c478bd9Sstevel@tonic-gate static int 4967c478bd9Sstevel@tonic-gate load_dev_disabled(dev_t dev, caddr_t arg, int mode, int *rval) 4977c478bd9Sstevel@tonic-gate { 4987c478bd9Sstevel@tonic-gate crypto_load_dev_disabled_t dev_disabled; 4997c478bd9Sstevel@tonic-gate crypto_mech_name_t *entries; 5007c478bd9Sstevel@tonic-gate size_t size; 5017c478bd9Sstevel@tonic-gate ulong_t offset; 5027c478bd9Sstevel@tonic-gate uint_t count; 5037c478bd9Sstevel@tonic-gate uint_t instance; 5047c478bd9Sstevel@tonic-gate char *dev_name; 5057c478bd9Sstevel@tonic-gate uint32_t rv; 5067c478bd9Sstevel@tonic-gate int error = 0; 5077c478bd9Sstevel@tonic-gate 5087c478bd9Sstevel@tonic-gate if (copyin(arg, &dev_disabled, sizeof (dev_disabled)) != 0) { 5097c478bd9Sstevel@tonic-gate error = EFAULT; 5107c478bd9Sstevel@tonic-gate goto out2; 5117c478bd9Sstevel@tonic-gate } 5127c478bd9Sstevel@tonic-gate 5137c478bd9Sstevel@tonic-gate dev_name = dev_disabled.dd_dev_name; 5147c478bd9Sstevel@tonic-gate /* make sure the device name is null terminated */ 5157c478bd9Sstevel@tonic-gate if (!null_terminated(dev_name)) { 5167c478bd9Sstevel@tonic-gate rv = CRYPTO_ARGUMENTS_BAD; 5177c478bd9Sstevel@tonic-gate goto out; 5187c478bd9Sstevel@tonic-gate } 5197c478bd9Sstevel@tonic-gate 5207c478bd9Sstevel@tonic-gate count = dev_disabled.dd_count; 5217c478bd9Sstevel@tonic-gate instance = dev_disabled.dd_dev_instance; 5227c478bd9Sstevel@tonic-gate if (count == 0) { 5237c478bd9Sstevel@tonic-gate /* remove the entry */ 5247c478bd9Sstevel@tonic-gate if (crypto_load_dev_disabled(dev_name, instance, 0, NULL) != 0) 5257c478bd9Sstevel@tonic-gate rv = CRYPTO_FAILED; 5267c478bd9Sstevel@tonic-gate else 5277c478bd9Sstevel@tonic-gate rv = CRYPTO_SUCCESS; 5287c478bd9Sstevel@tonic-gate goto out; 5297c478bd9Sstevel@tonic-gate } 5307c478bd9Sstevel@tonic-gate 5317c478bd9Sstevel@tonic-gate if (count > KCF_MAXMECHS) { 5327c478bd9Sstevel@tonic-gate rv = CRYPTO_ARGUMENTS_BAD; 5337c478bd9Sstevel@tonic-gate goto out; 5347c478bd9Sstevel@tonic-gate } 5357c478bd9Sstevel@tonic-gate 5367c478bd9Sstevel@tonic-gate size = count * sizeof (crypto_mech_name_t); 5377c478bd9Sstevel@tonic-gate entries = kmem_alloc(size, KM_SLEEP); 5387c478bd9Sstevel@tonic-gate 5397c478bd9Sstevel@tonic-gate offset = offsetof(crypto_load_dev_disabled_t, dd_list); 5407c478bd9Sstevel@tonic-gate if (copyin(arg + offset, entries, size) != 0) { 5417c478bd9Sstevel@tonic-gate kmem_free(entries, size); 5427c478bd9Sstevel@tonic-gate error = EFAULT; 5437c478bd9Sstevel@tonic-gate goto out2; 5447c478bd9Sstevel@tonic-gate } 5457c478bd9Sstevel@tonic-gate 5467c478bd9Sstevel@tonic-gate /* 'entries' consumed (but not freed) by crypto_load_dev_disabled() */ 5477c478bd9Sstevel@tonic-gate if (crypto_load_dev_disabled(dev_name, instance, count, entries) != 0) { 5487c478bd9Sstevel@tonic-gate kmem_free(entries, size); 5497c478bd9Sstevel@tonic-gate rv = CRYPTO_FAILED; 5507c478bd9Sstevel@tonic-gate goto out; 5517c478bd9Sstevel@tonic-gate } 5527c478bd9Sstevel@tonic-gate rv = CRYPTO_SUCCESS; 5537c478bd9Sstevel@tonic-gate out: 5547c478bd9Sstevel@tonic-gate dev_disabled.dd_return_value = rv; 5557c478bd9Sstevel@tonic-gate 5567c478bd9Sstevel@tonic-gate if (copyout(&dev_disabled, arg, sizeof (dev_disabled)) != 0) { 5577c478bd9Sstevel@tonic-gate error = EFAULT; 5587c478bd9Sstevel@tonic-gate } 5597c478bd9Sstevel@tonic-gate out2: 560*005d3febSMarek Pospisil if (AU_AUDITING()) 5617c478bd9Sstevel@tonic-gate audit_cryptoadm(CRYPTO_LOAD_DEV_DISABLED, dev_name, entries, 5627c478bd9Sstevel@tonic-gate count, instance, rv, error); 5637c478bd9Sstevel@tonic-gate return (error); 5647c478bd9Sstevel@tonic-gate } 5657c478bd9Sstevel@tonic-gate 5667c478bd9Sstevel@tonic-gate /* 5677c478bd9Sstevel@tonic-gate * This ioctl disables mechanisms supported by the specified 5687c478bd9Sstevel@tonic-gate * cryptographic module. 5697c478bd9Sstevel@tonic-gate */ 5707c478bd9Sstevel@tonic-gate /* ARGSUSED */ 5717c478bd9Sstevel@tonic-gate static int 5727c478bd9Sstevel@tonic-gate load_soft_disabled(dev_t dev, caddr_t arg, int mode, int *rval) 5737c478bd9Sstevel@tonic-gate { 5747c478bd9Sstevel@tonic-gate crypto_load_soft_disabled_t soft_disabled; 5757c478bd9Sstevel@tonic-gate crypto_mech_name_t *entries; 5767c478bd9Sstevel@tonic-gate size_t size; 5777c478bd9Sstevel@tonic-gate uint_t count; 5787c478bd9Sstevel@tonic-gate ulong_t offset; 5797c478bd9Sstevel@tonic-gate char *name; 5807c478bd9Sstevel@tonic-gate uint32_t rv; 5817c478bd9Sstevel@tonic-gate int error = 0; 5827c478bd9Sstevel@tonic-gate 5837c478bd9Sstevel@tonic-gate if (copyin(arg, &soft_disabled, sizeof (soft_disabled)) != 0) { 5847c478bd9Sstevel@tonic-gate error = EFAULT; 5857c478bd9Sstevel@tonic-gate goto out2; 5867c478bd9Sstevel@tonic-gate } 5877c478bd9Sstevel@tonic-gate 5887c478bd9Sstevel@tonic-gate name = soft_disabled.sd_name; 5897c478bd9Sstevel@tonic-gate /* make sure the name is null terminated */ 5907c478bd9Sstevel@tonic-gate if (!null_terminated(name)) { 5917c478bd9Sstevel@tonic-gate soft_disabled.sd_return_value = CRYPTO_ARGUMENTS_BAD; 5927c478bd9Sstevel@tonic-gate if (copyout(&soft_disabled, arg, sizeof (soft_disabled)) != 0) { 5937c478bd9Sstevel@tonic-gate return (EFAULT); 5947c478bd9Sstevel@tonic-gate } 5957c478bd9Sstevel@tonic-gate return (0); 5967c478bd9Sstevel@tonic-gate } 5977c478bd9Sstevel@tonic-gate 5987c478bd9Sstevel@tonic-gate count = soft_disabled.sd_count; 5997c478bd9Sstevel@tonic-gate if (count == 0) { 6007c478bd9Sstevel@tonic-gate /* remove the entry */ 6017c478bd9Sstevel@tonic-gate if (crypto_load_soft_disabled(name, 0, NULL) != 0) { 6027c478bd9Sstevel@tonic-gate rv = CRYPTO_FAILED; 6037c478bd9Sstevel@tonic-gate } else { 6047c478bd9Sstevel@tonic-gate rv = CRYPTO_SUCCESS; 6057c478bd9Sstevel@tonic-gate } 6067c478bd9Sstevel@tonic-gate goto out; 6077c478bd9Sstevel@tonic-gate } 6087c478bd9Sstevel@tonic-gate 6097c478bd9Sstevel@tonic-gate if (count > KCF_MAXMECHS) { 6107c478bd9Sstevel@tonic-gate rv = CRYPTO_ARGUMENTS_BAD; 6117c478bd9Sstevel@tonic-gate goto out; 6127c478bd9Sstevel@tonic-gate } 6137c478bd9Sstevel@tonic-gate 6147c478bd9Sstevel@tonic-gate size = count * sizeof (crypto_mech_name_t); 6157c478bd9Sstevel@tonic-gate entries = kmem_alloc(size, KM_SLEEP); 6167c478bd9Sstevel@tonic-gate 6177c478bd9Sstevel@tonic-gate offset = offsetof(crypto_load_soft_disabled_t, sd_list); 6187c478bd9Sstevel@tonic-gate if (copyin(arg + offset, entries, size) != 0) { 6197c478bd9Sstevel@tonic-gate kmem_free(entries, size); 6207c478bd9Sstevel@tonic-gate error = EFAULT; 6217c478bd9Sstevel@tonic-gate goto out2; 6227c478bd9Sstevel@tonic-gate } 6237c478bd9Sstevel@tonic-gate 6247c478bd9Sstevel@tonic-gate /* 'entries' is consumed by crypto_load_soft_disabled() */ 6257c478bd9Sstevel@tonic-gate if (crypto_load_soft_disabled(name, count, entries) != 0) { 6267c478bd9Sstevel@tonic-gate kmem_free(entries, size); 6277c478bd9Sstevel@tonic-gate rv = CRYPTO_FAILED; 6287c478bd9Sstevel@tonic-gate goto out; 6297c478bd9Sstevel@tonic-gate } 6307c478bd9Sstevel@tonic-gate rv = CRYPTO_SUCCESS; 6317c478bd9Sstevel@tonic-gate out: 6327c478bd9Sstevel@tonic-gate soft_disabled.sd_return_value = rv; 6337c478bd9Sstevel@tonic-gate 6347c478bd9Sstevel@tonic-gate if (copyout(&soft_disabled, arg, sizeof (soft_disabled)) != 0) { 6357c478bd9Sstevel@tonic-gate error = EFAULT; 6367c478bd9Sstevel@tonic-gate } 6377c478bd9Sstevel@tonic-gate out2: 638*005d3febSMarek Pospisil if (AU_AUDITING()) 6397c478bd9Sstevel@tonic-gate audit_cryptoadm(CRYPTO_LOAD_SOFT_DISABLED, name, entries, 6407c478bd9Sstevel@tonic-gate count, 0, rv, error); 6417c478bd9Sstevel@tonic-gate return (error); 6427c478bd9Sstevel@tonic-gate } 6437c478bd9Sstevel@tonic-gate 6447c478bd9Sstevel@tonic-gate /* 6457c478bd9Sstevel@tonic-gate * This ioctl loads the supported mechanisms of the specfied cryptographic 6467c478bd9Sstevel@tonic-gate * module. This is so, at boot time, all software providers do not 6477c478bd9Sstevel@tonic-gate * have to be opened in order to cause them to register their 6487c478bd9Sstevel@tonic-gate * supported mechanisms. 6497c478bd9Sstevel@tonic-gate */ 6507c478bd9Sstevel@tonic-gate /* ARGSUSED */ 6517c478bd9Sstevel@tonic-gate static int 6527c478bd9Sstevel@tonic-gate load_soft_config(dev_t dev, caddr_t arg, int mode, int *rval) 6537c478bd9Sstevel@tonic-gate { 6547c478bd9Sstevel@tonic-gate crypto_load_soft_config_t soft_config; 6557c478bd9Sstevel@tonic-gate crypto_mech_name_t *entries; 6567c478bd9Sstevel@tonic-gate size_t size; 6577c478bd9Sstevel@tonic-gate uint_t count; 6587c478bd9Sstevel@tonic-gate ulong_t offset; 6597c478bd9Sstevel@tonic-gate char *name; 6607c478bd9Sstevel@tonic-gate uint32_t rv; 6617c478bd9Sstevel@tonic-gate int error = 0; 6627c478bd9Sstevel@tonic-gate 6637c478bd9Sstevel@tonic-gate if (copyin(arg, &soft_config, sizeof (soft_config)) != 0) { 6647c478bd9Sstevel@tonic-gate error = EFAULT; 6657c478bd9Sstevel@tonic-gate goto out2; 6667c478bd9Sstevel@tonic-gate } 6677c478bd9Sstevel@tonic-gate 6687c478bd9Sstevel@tonic-gate name = soft_config.sc_name; 6697c478bd9Sstevel@tonic-gate /* make sure the name is null terminated */ 6707c478bd9Sstevel@tonic-gate if (!null_terminated(name)) { 6717c478bd9Sstevel@tonic-gate soft_config.sc_return_value = CRYPTO_ARGUMENTS_BAD; 6727c478bd9Sstevel@tonic-gate if (copyout(&soft_config, arg, sizeof (soft_config)) != 0) { 6737c478bd9Sstevel@tonic-gate return (EFAULT); 6747c478bd9Sstevel@tonic-gate } 6757c478bd9Sstevel@tonic-gate return (0); 6767c478bd9Sstevel@tonic-gate } 6777c478bd9Sstevel@tonic-gate 6787c478bd9Sstevel@tonic-gate count = soft_config.sc_count; 6797c478bd9Sstevel@tonic-gate if (count == 0) { 6807c478bd9Sstevel@tonic-gate if (crypto_load_soft_config(name, 0, NULL) != 0) { 6817c478bd9Sstevel@tonic-gate rv = CRYPTO_FAILED; 6827c478bd9Sstevel@tonic-gate } else { 6837c478bd9Sstevel@tonic-gate rv = CRYPTO_SUCCESS; 6847c478bd9Sstevel@tonic-gate } 6857c478bd9Sstevel@tonic-gate goto out; 6867c478bd9Sstevel@tonic-gate } 6877c478bd9Sstevel@tonic-gate 6887c478bd9Sstevel@tonic-gate if (count > KCF_MAXMECHS) { 6897c478bd9Sstevel@tonic-gate rv = CRYPTO_ARGUMENTS_BAD; 6907c478bd9Sstevel@tonic-gate goto out; 6917c478bd9Sstevel@tonic-gate } 6927c478bd9Sstevel@tonic-gate 6937c478bd9Sstevel@tonic-gate size = count * sizeof (crypto_mech_name_t); 6947c478bd9Sstevel@tonic-gate entries = kmem_alloc(size, KM_SLEEP); 6957c478bd9Sstevel@tonic-gate 6967c478bd9Sstevel@tonic-gate offset = offsetof(crypto_load_soft_config_t, sc_list); 6977c478bd9Sstevel@tonic-gate if (copyin(arg + offset, entries, size) != 0) { 6987c478bd9Sstevel@tonic-gate kmem_free(entries, size); 6997c478bd9Sstevel@tonic-gate error = EFAULT; 7007c478bd9Sstevel@tonic-gate goto out2; 7017c478bd9Sstevel@tonic-gate } 7027c478bd9Sstevel@tonic-gate 7037c478bd9Sstevel@tonic-gate /* 7047c478bd9Sstevel@tonic-gate * 'entries' is consumed (but not freed) by 7057c478bd9Sstevel@tonic-gate * crypto_load_soft_config() 7067c478bd9Sstevel@tonic-gate */ 7077c478bd9Sstevel@tonic-gate if (crypto_load_soft_config(name, count, entries) != 0) { 7087c478bd9Sstevel@tonic-gate kmem_free(entries, size); 7097c478bd9Sstevel@tonic-gate rv = CRYPTO_FAILED; 7107c478bd9Sstevel@tonic-gate goto out; 7117c478bd9Sstevel@tonic-gate } 7127c478bd9Sstevel@tonic-gate rv = CRYPTO_SUCCESS; 7137c478bd9Sstevel@tonic-gate out: 7147c478bd9Sstevel@tonic-gate soft_config.sc_return_value = rv; 7157c478bd9Sstevel@tonic-gate 7167c478bd9Sstevel@tonic-gate if (copyout(&soft_config, arg, sizeof (soft_config)) != 0) { 7177c478bd9Sstevel@tonic-gate error = EFAULT; 7187c478bd9Sstevel@tonic-gate } 7197c478bd9Sstevel@tonic-gate out2: 720*005d3febSMarek Pospisil if (AU_AUDITING()) 7217c478bd9Sstevel@tonic-gate audit_cryptoadm(CRYPTO_LOAD_SOFT_CONFIG, name, entries, count, 7227c478bd9Sstevel@tonic-gate 0, rv, error); 7237c478bd9Sstevel@tonic-gate return (error); 7247c478bd9Sstevel@tonic-gate } 7257c478bd9Sstevel@tonic-gate 7267c478bd9Sstevel@tonic-gate /* 7277c478bd9Sstevel@tonic-gate * This ioctl unloads the specfied cryptographic module and removes 7287c478bd9Sstevel@tonic-gate * its table of supported mechanisms. 7297c478bd9Sstevel@tonic-gate */ 7307c478bd9Sstevel@tonic-gate /* ARGSUSED */ 7317c478bd9Sstevel@tonic-gate static int 7327c478bd9Sstevel@tonic-gate unload_soft_module(dev_t dev, caddr_t arg, int mode, int *rval) 7337c478bd9Sstevel@tonic-gate { 7347c478bd9Sstevel@tonic-gate crypto_unload_soft_module_t unload_soft_module; 7357c478bd9Sstevel@tonic-gate char *name; 7367c478bd9Sstevel@tonic-gate uint32_t rv; 7377c478bd9Sstevel@tonic-gate int error = 0; 7387c478bd9Sstevel@tonic-gate 7397c478bd9Sstevel@tonic-gate if (copyin(arg, &unload_soft_module, 7407c478bd9Sstevel@tonic-gate sizeof (unload_soft_module)) != 0) { 7417c478bd9Sstevel@tonic-gate error = EFAULT; 7427c478bd9Sstevel@tonic-gate goto out2; 7437c478bd9Sstevel@tonic-gate } 7447c478bd9Sstevel@tonic-gate 7457c478bd9Sstevel@tonic-gate name = unload_soft_module.sm_name; 7467c478bd9Sstevel@tonic-gate /* make sure the name is null terminated */ 7477c478bd9Sstevel@tonic-gate if (!null_terminated(name)) { 7487c478bd9Sstevel@tonic-gate unload_soft_module.sm_return_value = CRYPTO_ARGUMENTS_BAD; 7497c478bd9Sstevel@tonic-gate if (copyout(&unload_soft_module, arg, 7507c478bd9Sstevel@tonic-gate sizeof (unload_soft_module)) != 0) { 7517c478bd9Sstevel@tonic-gate return (EFAULT); 7527c478bd9Sstevel@tonic-gate } 7537c478bd9Sstevel@tonic-gate return (0); 7547c478bd9Sstevel@tonic-gate } 7557c478bd9Sstevel@tonic-gate 7567c478bd9Sstevel@tonic-gate rv = crypto_unload_soft_module(name); 7577c478bd9Sstevel@tonic-gate out: 7587c478bd9Sstevel@tonic-gate unload_soft_module.sm_return_value = rv; 7597c478bd9Sstevel@tonic-gate 7607c478bd9Sstevel@tonic-gate if (copyout(&unload_soft_module, arg, 7617c478bd9Sstevel@tonic-gate sizeof (unload_soft_module)) != 0) { 7627c478bd9Sstevel@tonic-gate error = EFAULT; 7637c478bd9Sstevel@tonic-gate } 7647c478bd9Sstevel@tonic-gate out2: 765*005d3febSMarek Pospisil if (AU_AUDITING()) 7667c478bd9Sstevel@tonic-gate audit_cryptoadm(CRYPTO_UNLOAD_SOFT_MODULE, name, NULL, 0, 0, 7677c478bd9Sstevel@tonic-gate rv, error); 7687c478bd9Sstevel@tonic-gate 7697c478bd9Sstevel@tonic-gate return (error); 7707c478bd9Sstevel@tonic-gate } 7717c478bd9Sstevel@tonic-gate 7727c478bd9Sstevel@tonic-gate static int 7737c478bd9Sstevel@tonic-gate cryptoadm_ioctl(dev_t dev, int cmd, intptr_t arg, int mode, cred_t *c, 7747c478bd9Sstevel@tonic-gate int *rval) 7757c478bd9Sstevel@tonic-gate { 7767c478bd9Sstevel@tonic-gate int error; 7777c478bd9Sstevel@tonic-gate #define ARG ((caddr_t)arg) 7787c478bd9Sstevel@tonic-gate 7797c478bd9Sstevel@tonic-gate switch (cmd) { 7807c478bd9Sstevel@tonic-gate case CRYPTO_LOAD_DEV_DISABLED: 7817c478bd9Sstevel@tonic-gate case CRYPTO_LOAD_SOFT_DISABLED: 7827c478bd9Sstevel@tonic-gate case CRYPTO_LOAD_SOFT_CONFIG: 7837c478bd9Sstevel@tonic-gate case CRYPTO_UNLOAD_SOFT_MODULE: 7847c478bd9Sstevel@tonic-gate case CRYPTO_LOAD_DOOR: 785b5a2d845SHai-May Chao case CRYPTO_FIPS140_SET: 7867c478bd9Sstevel@tonic-gate if ((error = drv_priv(c)) != 0) 7877c478bd9Sstevel@tonic-gate return (error); 7887c478bd9Sstevel@tonic-gate default: 7897c478bd9Sstevel@tonic-gate break; 7907c478bd9Sstevel@tonic-gate } 7917c478bd9Sstevel@tonic-gate 7927c478bd9Sstevel@tonic-gate switch (cmd) { 7937c478bd9Sstevel@tonic-gate case CRYPTO_GET_DEV_LIST: 7947c478bd9Sstevel@tonic-gate return (get_dev_list(dev, ARG, mode, rval)); 7957c478bd9Sstevel@tonic-gate 7967c478bd9Sstevel@tonic-gate case CRYPTO_GET_DEV_INFO: 7977c478bd9Sstevel@tonic-gate return (get_dev_info(dev, ARG, mode, rval)); 7987c478bd9Sstevel@tonic-gate 7997c478bd9Sstevel@tonic-gate case CRYPTO_GET_SOFT_LIST: 8007c478bd9Sstevel@tonic-gate return (get_soft_list(dev, ARG, mode, rval)); 8017c478bd9Sstevel@tonic-gate 8027c478bd9Sstevel@tonic-gate case CRYPTO_GET_SOFT_INFO: 8037c478bd9Sstevel@tonic-gate return (get_soft_info(dev, ARG, mode, rval)); 8047c478bd9Sstevel@tonic-gate 8057c478bd9Sstevel@tonic-gate case CRYPTO_LOAD_DEV_DISABLED: 8067c478bd9Sstevel@tonic-gate return (load_dev_disabled(dev, ARG, mode, rval)); 8077c478bd9Sstevel@tonic-gate 8087c478bd9Sstevel@tonic-gate case CRYPTO_LOAD_SOFT_DISABLED: 8097c478bd9Sstevel@tonic-gate return (load_soft_disabled(dev, ARG, mode, rval)); 8107c478bd9Sstevel@tonic-gate 8117c478bd9Sstevel@tonic-gate case CRYPTO_LOAD_SOFT_CONFIG: 8127c478bd9Sstevel@tonic-gate return (load_soft_config(dev, ARG, mode, rval)); 8137c478bd9Sstevel@tonic-gate 8147c478bd9Sstevel@tonic-gate case CRYPTO_UNLOAD_SOFT_MODULE: 8157c478bd9Sstevel@tonic-gate return (unload_soft_module(dev, ARG, mode, rval)); 816b5a2d845SHai-May Chao } 817b5a2d845SHai-May Chao 8187c478bd9Sstevel@tonic-gate return (EINVAL); 8197c478bd9Sstevel@tonic-gate } 820