xref: /titanic_51/usr/src/uts/common/crypto/spi/kcf_spi.c (revision a31148363f598def767ac48c5d82e1572e44b935)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * This file is part of the core Kernel Cryptographic Framework.
28  * It implements the SPI functions exported to cryptographic
29  * providers.
30  */
31 
32 #include <sys/ksynch.h>
33 #include <sys/cmn_err.h>
34 #include <sys/ddi.h>
35 #include <sys/sunddi.h>
36 #include <sys/modctl.h>
37 #include <sys/crypto/common.h>
38 #include <sys/crypto/impl.h>
39 #include <sys/crypto/sched_impl.h>
40 #include <sys/crypto/spi.h>
41 #include <sys/crypto/ioctladmin.h>
42 #include <sys/taskq.h>
43 #include <sys/disp.h>
44 #include <sys/kstat.h>
45 #include <sys/policy.h>
46 #include <sys/cpuvar.h>
47 
48 /*
49  * minalloc and maxalloc values to be used for taskq_create().
50  */
51 int crypto_taskq_threads = CRYPTO_TASKQ_THREADS;
52 int crypto_taskq_minalloc = CYRPTO_TASKQ_MIN;
53 int crypto_taskq_maxalloc = CRYPTO_TASKQ_MAX;
54 
55 static void remove_provider(kcf_provider_desc_t *);
56 static void process_logical_providers(crypto_provider_info_t *,
57     kcf_provider_desc_t *);
58 static int init_prov_mechs(crypto_provider_info_t *, kcf_provider_desc_t *);
59 static int kcf_prov_kstat_update(kstat_t *, int);
60 static void undo_register_provider_extra(kcf_provider_desc_t *);
61 static void delete_kstat(kcf_provider_desc_t *);
62 
63 static kcf_prov_stats_t kcf_stats_ks_data_template = {
64 	{ "kcf_ops_total",		KSTAT_DATA_UINT64 },
65 	{ "kcf_ops_passed",		KSTAT_DATA_UINT64 },
66 	{ "kcf_ops_failed",		KSTAT_DATA_UINT64 },
67 	{ "kcf_ops_returned_busy",	KSTAT_DATA_UINT64 }
68 };
69 
70 #define	KCF_SPI_COPY_OPS(src, dst, ops) if ((src)->ops != NULL) \
71 	*((dst)->ops) = *((src)->ops);
72 
73 extern int sys_shutdown;
74 
75 /*
76  * Copy an ops vector from src to dst. Used during provider registration
77  * to copy the ops vector from the provider info structure to the
78  * provider descriptor maintained by KCF.
79  * Copying the ops vector specified by the provider is needed since the
80  * framework does not require the provider info structure to be
81  * persistent.
82  */
83 static void
84 copy_ops_vector_v1(crypto_ops_t *src_ops, crypto_ops_t *dst_ops)
85 {
86 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_control_ops);
87 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_digest_ops);
88 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_cipher_ops);
89 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_mac_ops);
90 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_sign_ops);
91 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_verify_ops);
92 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_dual_ops);
93 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_dual_cipher_mac_ops);
94 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_random_ops);
95 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_session_ops);
96 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_object_ops);
97 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_key_ops);
98 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_provider_ops);
99 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_ctx_ops);
100 }
101 
102 static void
103 copy_ops_vector_v2(crypto_ops_t *src_ops, crypto_ops_t *dst_ops)
104 {
105 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_mech_ops);
106 }
107 
108 static void
109 copy_ops_vector_v3(crypto_ops_t *src_ops, crypto_ops_t *dst_ops)
110 {
111 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_nostore_key_ops);
112 }
113 
114 static void
115 copy_ops_vector_v4(crypto_ops_t *src_ops, crypto_ops_t *dst_ops)
116 {
117 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_fips140_ops);
118 }
119 
120 /*
121  * This routine is used to add cryptographic providers to the KEF framework.
122  * Providers pass a crypto_provider_info structure to crypto_register_provider()
123  * and get back a handle.  The crypto_provider_info structure contains a
124  * list of mechanisms supported by the provider and an ops vector containing
125  * provider entry points.  Hardware providers call this routine in their attach
126  * routines.  Software providers call this routine in their _init() routine.
127  */
128 int
129 crypto_register_provider(crypto_provider_info_t *info,
130     crypto_kcf_provider_handle_t *handle)
131 {
132 	int need_fips140_verify, need_verify = 1;
133 	struct modctl *mcp;
134 	char *name;
135 	char ks_name[KSTAT_STRLEN];
136 	kcf_provider_desc_t *prov_desc = NULL;
137 	int ret = CRYPTO_ARGUMENTS_BAD;
138 
139 	if (info->pi_interface_version > CRYPTO_SPI_VERSION_4) {
140 		ret = CRYPTO_VERSION_MISMATCH;
141 		goto errormsg;
142 	}
143 
144 	/*
145 	 * Check provider type, must be software, hardware, or logical.
146 	 */
147 	if (info->pi_provider_type != CRYPTO_HW_PROVIDER &&
148 	    info->pi_provider_type != CRYPTO_SW_PROVIDER &&
149 	    info->pi_provider_type != CRYPTO_LOGICAL_PROVIDER)
150 		goto errormsg;
151 
152 	/*
153 	 * Allocate and initialize a new provider descriptor. We also
154 	 * hold it and release it when done.
155 	 */
156 	prov_desc = kcf_alloc_provider_desc(info);
157 	KCF_PROV_REFHOLD(prov_desc);
158 
159 	prov_desc->pd_prov_type = info->pi_provider_type;
160 
161 	/* provider-private handle, opaque to KCF */
162 	prov_desc->pd_prov_handle = info->pi_provider_handle;
163 
164 	/* copy provider description string */
165 	if (info->pi_provider_description != NULL) {
166 		/*
167 		 * pi_provider_descriptor is a string that can contain
168 		 * up to CRYPTO_PROVIDER_DESCR_MAX_LEN + 1 characters
169 		 * INCLUDING the terminating null character. A bcopy()
170 		 * is necessary here as pd_description should not have
171 		 * a null character. See comments in kcf_alloc_provider_desc()
172 		 * for details on pd_description field.
173 		 */
174 		bcopy(info->pi_provider_description, prov_desc->pd_description,
175 		    min(strlen(info->pi_provider_description),
176 		    CRYPTO_PROVIDER_DESCR_MAX_LEN));
177 	}
178 
179 	if (info->pi_provider_type != CRYPTO_LOGICAL_PROVIDER) {
180 		if (info->pi_ops_vector == NULL) {
181 			goto bail;
182 		}
183 		copy_ops_vector_v1(info->pi_ops_vector,
184 		    prov_desc->pd_ops_vector);
185 		if (info->pi_interface_version >= CRYPTO_SPI_VERSION_2) {
186 			copy_ops_vector_v2(info->pi_ops_vector,
187 			    prov_desc->pd_ops_vector);
188 			prov_desc->pd_flags = info->pi_flags;
189 		}
190 		if (info->pi_interface_version >= CRYPTO_SPI_VERSION_3) {
191 			copy_ops_vector_v3(info->pi_ops_vector,
192 			    prov_desc->pd_ops_vector);
193 		}
194 		if (info->pi_interface_version == CRYPTO_SPI_VERSION_4) {
195 			copy_ops_vector_v4(info->pi_ops_vector,
196 			    prov_desc->pd_ops_vector);
197 		}
198 	}
199 
200 	/* object_ops and nostore_key_ops are mutually exclusive */
201 	if (prov_desc->pd_ops_vector->co_object_ops &&
202 	    prov_desc->pd_ops_vector->co_nostore_key_ops) {
203 		goto bail;
204 	}
205 	/*
206 	 * For software providers, copy the module name and module ID.
207 	 * For hardware providers, copy the driver name and instance.
208 	 */
209 	switch (info->pi_provider_type) {
210 	case  CRYPTO_SW_PROVIDER:
211 		if (info->pi_provider_dev.pd_sw == NULL)
212 			goto bail;
213 
214 		if ((mcp = mod_getctl(info->pi_provider_dev.pd_sw)) == NULL)
215 			goto bail;
216 
217 		prov_desc->pd_module_id = mcp->mod_id;
218 		name = mcp->mod_modname;
219 		break;
220 
221 	case CRYPTO_HW_PROVIDER:
222 	case CRYPTO_LOGICAL_PROVIDER:
223 		if (info->pi_provider_dev.pd_hw == NULL)
224 			goto bail;
225 
226 		prov_desc->pd_instance =
227 		    ddi_get_instance(info->pi_provider_dev.pd_hw);
228 		name = (char *)ddi_driver_name(info->pi_provider_dev.pd_hw);
229 		break;
230 	}
231 	if (name == NULL)
232 		goto bail;
233 
234 	prov_desc->pd_name = kmem_alloc(strlen(name) + 1, KM_SLEEP);
235 	(void) strcpy(prov_desc->pd_name, name);
236 
237 	if ((prov_desc->pd_mctlp = kcf_get_modctl(info)) == NULL)
238 		goto bail;
239 
240 	/* process the mechanisms supported by the provider */
241 	if ((ret = init_prov_mechs(info, prov_desc)) != CRYPTO_SUCCESS)
242 		goto bail;
243 
244 	/*
245 	 * Add provider to providers tables, also sets the descriptor
246 	 * pd_prov_id field.
247 	 */
248 	if ((ret = kcf_prov_tab_add_provider(prov_desc)) != CRYPTO_SUCCESS) {
249 		undo_register_provider(prov_desc, B_FALSE);
250 		goto bail;
251 	}
252 
253 	if ((need_verify = kcf_need_signature_verification(prov_desc)) == -1) {
254 		undo_register_provider(prov_desc, B_TRUE);
255 		ret = CRYPTO_MODVERIFICATION_FAILED;
256 		goto bail;
257 	}
258 
259 	if ((need_fips140_verify =
260 	    kcf_need_fips140_verification(prov_desc)) == -1) {
261 		mutex_enter(&prov_desc->pd_lock);
262 		prov_desc->pd_state = KCF_PROV_VERIFICATION_FAILED;
263 		mutex_exit(&prov_desc->pd_lock);
264 		ret = CRYPTO_FIPS140_ERROR;
265 		goto bail;
266 	}
267 
268 	/*
269 	 * We create a taskq only for a hardware provider. The global
270 	 * software queue is used for software providers. We handle ordering
271 	 * of multi-part requests in the taskq routine. So, it is safe to
272 	 * have multiple threads for the taskq. We pass TASKQ_PREPOPULATE flag
273 	 * to keep some entries cached to improve performance.
274 	 */
275 	if (prov_desc->pd_prov_type == CRYPTO_HW_PROVIDER)
276 		prov_desc->pd_taskq = taskq_create("kcf_taskq",
277 		    crypto_taskq_threads, minclsyspri,
278 		    crypto_taskq_minalloc, crypto_taskq_maxalloc,
279 		    TASKQ_PREPOPULATE);
280 	else
281 		prov_desc->pd_taskq = NULL;
282 
283 	/* no kernel session to logical providers and no pd_flags  */
284 	if (prov_desc->pd_prov_type != CRYPTO_LOGICAL_PROVIDER) {
285 		/*
286 		 * Open a session for session-oriented providers. This session
287 		 * is used for all kernel consumers. This is fine as a provider
288 		 * is required to support multiple thread access to a session.
289 		 * We can do this only after the taskq has been created as we
290 		 * do a kcf_submit_request() to open the session.
291 		 */
292 		if (KCF_PROV_SESSION_OPS(prov_desc) != NULL) {
293 			kcf_req_params_t params;
294 
295 			KCF_WRAP_SESSION_OPS_PARAMS(&params,
296 			    KCF_OP_SESSION_OPEN, &prov_desc->pd_sid, 0,
297 			    CRYPTO_USER, NULL, 0, prov_desc);
298 			ret = kcf_submit_request(prov_desc, NULL, NULL, &params,
299 			    B_FALSE);
300 			if (ret != CRYPTO_SUCCESS)
301 				goto undo_then_bail;
302 		}
303 
304 		/*
305 		 * Get the value for the maximum input length allowed if
306 		 * CRYPTO_HASH_NO_UPDATE or CRYPTO_HASH_NO_UPDATE is specified.
307 		 */
308 		if (prov_desc->pd_flags &
309 		    (CRYPTO_HASH_NO_UPDATE | CRYPTO_HMAC_NO_UPDATE)) {
310 			kcf_req_params_t params;
311 			crypto_provider_ext_info_t ext_info;
312 
313 			if (KCF_PROV_PROVMGMT_OPS(prov_desc) == NULL)
314 				goto undo_then_bail;
315 
316 			bzero(&ext_info, sizeof (ext_info));
317 			KCF_WRAP_PROVMGMT_OPS_PARAMS(&params,
318 			    KCF_OP_MGMT_EXTINFO,
319 			    0, NULL, 0, NULL, 0, NULL, &ext_info, prov_desc);
320 			ret = kcf_submit_request(prov_desc, NULL, NULL,
321 			    &params, B_FALSE);
322 			if (ret != CRYPTO_SUCCESS)
323 				goto undo_then_bail;
324 
325 			if (prov_desc->pd_flags & CRYPTO_HASH_NO_UPDATE) {
326 				prov_desc->pd_hash_limit =
327 				    ext_info.ei_hash_max_input_len;
328 			}
329 			if (prov_desc->pd_flags & CRYPTO_HMAC_NO_UPDATE) {
330 				prov_desc->pd_hmac_limit =
331 				    ext_info.ei_hmac_max_input_len;
332 			}
333 		}
334 	}
335 
336 	if (prov_desc->pd_prov_type != CRYPTO_LOGICAL_PROVIDER) {
337 		/*
338 		 * Create the kstat for this provider. There is a kstat
339 		 * installed for each successfully registered provider.
340 		 * This kstat is deleted, when the provider unregisters.
341 		 */
342 		if (prov_desc->pd_prov_type == CRYPTO_SW_PROVIDER) {
343 			(void) snprintf(ks_name, KSTAT_STRLEN, "%s_%s",
344 			    prov_desc->pd_name, "provider_stats");
345 		} else {
346 			(void) snprintf(ks_name, KSTAT_STRLEN, "%s_%d_%u_%s",
347 			    prov_desc->pd_name, prov_desc->pd_instance,
348 			    prov_desc->pd_prov_id, "provider_stats");
349 		}
350 
351 		prov_desc->pd_kstat = kstat_create("kcf", 0, ks_name, "crypto",
352 		    KSTAT_TYPE_NAMED, sizeof (kcf_prov_stats_t) /
353 		    sizeof (kstat_named_t), KSTAT_FLAG_VIRTUAL);
354 
355 		if (prov_desc->pd_kstat != NULL) {
356 			bcopy(&kcf_stats_ks_data_template,
357 			    &prov_desc->pd_ks_data,
358 			    sizeof (kcf_stats_ks_data_template));
359 			prov_desc->pd_kstat->ks_data = &prov_desc->pd_ks_data;
360 			KCF_PROV_REFHOLD(prov_desc);
361 			prov_desc->pd_kstat->ks_private = prov_desc;
362 			prov_desc->pd_kstat->ks_update = kcf_prov_kstat_update;
363 			kstat_install(prov_desc->pd_kstat);
364 		}
365 	}
366 
367 	if (prov_desc->pd_prov_type == CRYPTO_HW_PROVIDER)
368 		process_logical_providers(info, prov_desc);
369 
370 	/* This provider needs to wait until we know the FIPS 140 status */
371 	if (need_fips140_verify == 1) {
372 		mutex_enter(&prov_desc->pd_lock);
373 		prov_desc->pd_state = KCF_PROV_UNVERIFIED_FIPS140;
374 		mutex_exit(&prov_desc->pd_lock);
375 		goto exit;
376 	}
377 
378 	/* This provider needs to have the signature verified */
379 	if (need_verify == 1) {
380 		mutex_enter(&prov_desc->pd_lock);
381 		prov_desc->pd_state = KCF_PROV_UNVERIFIED;
382 		mutex_exit(&prov_desc->pd_lock);
383 
384 		/* kcf_verify_signature routine will release this hold */
385 		KCF_PROV_REFHOLD(prov_desc);
386 
387 		if (prov_desc->pd_prov_type == CRYPTO_HW_PROVIDER) {
388 			/*
389 			 * It is not safe to make the door upcall to kcfd from
390 			 * this context since the kcfd thread could reenter
391 			 * devfs. So, we dispatch a taskq job to do the
392 			 * verification and return to the provider.
393 			 */
394 			(void) taskq_dispatch(system_taskq,
395 			    kcf_verify_signature, (void *)prov_desc, TQ_SLEEP);
396 		} else if (prov_desc->pd_prov_type == CRYPTO_SW_PROVIDER) {
397 			kcf_verify_signature(prov_desc);
398 			if (prov_desc->pd_state ==
399 			    KCF_PROV_VERIFICATION_FAILED) {
400 				undo_register_provider_extra(prov_desc);
401 				ret = CRYPTO_MODVERIFICATION_FAILED;
402 				goto bail;
403 			}
404 		}
405 	} else {
406 		mutex_enter(&prov_desc->pd_lock);
407 		prov_desc->pd_state = KCF_PROV_READY;
408 		mutex_exit(&prov_desc->pd_lock);
409 		kcf_do_notify(prov_desc, B_TRUE);
410 	}
411 
412 exit:
413 	*handle = prov_desc->pd_kcf_prov_handle;
414 	KCF_PROV_REFRELE(prov_desc);
415 	return (CRYPTO_SUCCESS);
416 
417 undo_then_bail:
418 	undo_register_provider(prov_desc, B_TRUE);
419 	ret = CRYPTO_FAILED;
420 bail:
421 	KCF_PROV_REFRELE(prov_desc);
422 
423 errormsg:
424 	if (ret != CRYPTO_SUCCESS && sys_shutdown == 0) {
425 		switch (ret) {
426 		case CRYPTO_FAILED:
427 			cmn_err(CE_WARN, "%s failed when registering with the "
428 			    "Cryptographic Framework.",
429 			    info->pi_provider_description);
430 			break;
431 
432 		case CRYPTO_MODVERIFICATION_FAILED:
433 			cmn_err(CE_WARN, "%s failed module verification when "
434 			    "registering with the Cryptographic Framework.",
435 			    info->pi_provider_description);
436 			break;
437 
438 		case CRYPTO_ARGUMENTS_BAD:
439 			cmn_err(CE_WARN, "%s provided bad arguments and was "
440 			    "not registered with the Cryptographic Framework.",
441 			    info->pi_provider_description);
442 			break;
443 
444 		case CRYPTO_VERSION_MISMATCH:
445 			cmn_err(CE_WARN, "%s was not registered with the "
446 			    "Cryptographic Framework as there is a SPI version "
447 			    "mismatch (%d) error.",
448 			    info->pi_provider_description,
449 			    info->pi_interface_version);
450 			break;
451 
452 		case CRYPTO_FIPS140_ERROR:
453 			cmn_err(CE_WARN, "%s was not registered with the "
454 			    "Cryptographic Framework as there was a FIPS 140 "
455 			    "validation error.", info->pi_provider_description);
456 			break;
457 
458 		default:
459 			cmn_err(CE_WARN, "%s did not register with the "
460 			    "Cryptographic Framework. (0x%x)",
461 			    info->pi_provider_description, ret);
462 		};
463 	}
464 
465 	return (ret);
466 }
467 
468 /* Return the number of holds on a provider. */
469 int
470 kcf_get_refcnt(kcf_provider_desc_t *pd, boolean_t do_lock)
471 {
472 	int i;
473 	int refcnt = 0;
474 
475 	if (do_lock)
476 		for (i = 0; i < pd->pd_nbins; i++)
477 			mutex_enter(&(pd->pd_percpu_bins[i].kp_lock));
478 
479 	for (i = 0; i < pd->pd_nbins; i++)
480 		refcnt += pd->pd_percpu_bins[i].kp_holdcnt;
481 
482 	if (do_lock)
483 		for (i = 0; i < pd->pd_nbins; i++)
484 			mutex_exit(&(pd->pd_percpu_bins[i].kp_lock));
485 
486 	return (refcnt);
487 }
488 
489 /*
490  * This routine is used to notify the framework when a provider is being
491  * removed.  Hardware providers call this routine in their detach routines.
492  * Software providers call this routine in their _fini() routine.
493  */
494 int
495 crypto_unregister_provider(crypto_kcf_provider_handle_t handle)
496 {
497 	uint_t mech_idx;
498 	kcf_provider_desc_t *desc;
499 	kcf_prov_state_t saved_state;
500 	int ret = CRYPTO_SUCCESS;
501 
502 	/* lookup provider descriptor */
503 	if ((desc = kcf_prov_tab_lookup((crypto_provider_id_t)handle)) ==
504 	    NULL) {
505 		ret = CRYPTO_UNKNOWN_PROVIDER;
506 		goto errormsg;
507 	}
508 
509 	mutex_enter(&desc->pd_lock);
510 	/*
511 	 * Check if any other thread is disabling or removing
512 	 * this provider. We return if this is the case.
513 	 */
514 	if (desc->pd_state >= KCF_PROV_DISABLED) {
515 		mutex_exit(&desc->pd_lock);
516 		/* Release reference held by kcf_prov_tab_lookup(). */
517 		KCF_PROV_REFRELE(desc);
518 		ret = CRYPTO_BUSY;
519 		goto errormsg;
520 	}
521 
522 	saved_state = desc->pd_state;
523 	desc->pd_state = KCF_PROV_UNREGISTERING;
524 
525 	if (saved_state == KCF_PROV_BUSY) {
526 		/*
527 		 * The per-provider taskq threads may be waiting. We
528 		 * signal them so that they can start failing requests.
529 		 */
530 		cv_broadcast(&desc->pd_resume_cv);
531 	}
532 
533 	mutex_exit(&desc->pd_lock);
534 
535 	if (desc->pd_prov_type != CRYPTO_SW_PROVIDER) {
536 		remove_provider(desc);
537 	}
538 
539 	if (desc->pd_prov_type != CRYPTO_LOGICAL_PROVIDER) {
540 		/* remove the provider from the mechanisms tables */
541 		for (mech_idx = 0; mech_idx < desc->pd_mech_list_count;
542 		    mech_idx++) {
543 			kcf_remove_mech_provider(
544 			    desc->pd_mechanisms[mech_idx].cm_mech_name, desc);
545 		}
546 	}
547 
548 	/* remove provider from providers table */
549 	if (kcf_prov_tab_rem_provider((crypto_provider_id_t)handle) !=
550 	    CRYPTO_SUCCESS) {
551 		/* Release reference held by kcf_prov_tab_lookup(). */
552 		KCF_PROV_REFRELE(desc);
553 		ret = CRYPTO_UNKNOWN_PROVIDER;
554 		goto errormsg;
555 	}
556 
557 	delete_kstat(desc);
558 
559 	if (desc->pd_prov_type == CRYPTO_SW_PROVIDER) {
560 		/*
561 		 * Wait till the existing requests with the provider complete
562 		 * and all the holds are released. All the holds on a software
563 		 * provider are from kernel clients and the hold time
564 		 * is expected to be short. So, we won't be stuck here forever.
565 		 */
566 		while (kcf_get_refcnt(desc, B_TRUE) > 1) {
567 			/* wait 1 second and try again. */
568 			delay(1 * drv_usectohz(1000000));
569 		}
570 	} else {
571 		int i;
572 		kcf_prov_cpu_t *mp;
573 
574 		/*
575 		 * Wait until requests that have been sent to the provider
576 		 * complete.
577 		 */
578 		for (i = 0; i < desc->pd_nbins; i++) {
579 			mp = &(desc->pd_percpu_bins[i]);
580 
581 			mutex_enter(&mp->kp_lock);
582 			while (mp->kp_jobcnt > 0) {
583 				cv_wait(&mp->kp_cv, &mp->kp_lock);
584 			}
585 			mutex_exit(&mp->kp_lock);
586 		}
587 	}
588 
589 	mutex_enter(&desc->pd_lock);
590 	desc->pd_state = KCF_PROV_UNREGISTERED;
591 	mutex_exit(&desc->pd_lock);
592 
593 	kcf_do_notify(desc, B_FALSE);
594 
595 	mutex_enter(&prov_tab_mutex);
596 	/* Release reference held by kcf_prov_tab_lookup(). */
597 	KCF_PROV_REFRELE(desc);
598 
599 	if (kcf_get_refcnt(desc, B_TRUE) == 0) {
600 		/* kcf_free_provider_desc drops prov_tab_mutex */
601 		kcf_free_provider_desc(desc);
602 	} else {
603 		ASSERT(desc->pd_prov_type != CRYPTO_SW_PROVIDER);
604 		/*
605 		 * We could avoid this if /dev/crypto can proactively
606 		 * remove any holds on us from a dormant PKCS #11 app.
607 		 * For now, we check the provider table for
608 		 * KCF_PROV_UNREGISTERED entries when a provider is
609 		 * added to the table or when a provider is removed from it
610 		 * and free them when refcnt reaches zero.
611 		 */
612 		kcf_need_provtab_walk = B_TRUE;
613 		mutex_exit(&prov_tab_mutex);
614 	}
615 
616 errormsg:
617 	if (ret != CRYPTO_SUCCESS && sys_shutdown == 0) {
618 		switch (ret) {
619 		case CRYPTO_UNKNOWN_PROVIDER:
620 			cmn_err(CE_WARN, "Unknown provider \"%s\" was "
621 			    "requested to unregister from the cryptographic "
622 			    "framework.", desc->pd_description);
623 			break;
624 
625 		case CRYPTO_BUSY:
626 			cmn_err(CE_WARN, "%s could not be unregistered from "
627 			    "the Cryptographic Framework as it is busy.",
628 			    desc->pd_description);
629 			break;
630 
631 		default:
632 			cmn_err(CE_WARN, "%s did not unregister with the "
633 			    "Cryptographic Framework. (0x%x)",
634 			    desc->pd_description, ret);
635 		};
636 	}
637 
638 	return (ret);
639 }
640 
641 /*
642  * This routine is used to notify the framework that the state of
643  * a cryptographic provider has changed. Valid state codes are:
644  *
645  * CRYPTO_PROVIDER_READY
646  * 	The provider indicates that it can process more requests. A provider
647  *	will notify with this event if it previously has notified us with a
648  *	CRYPTO_PROVIDER_BUSY.
649  *
650  * CRYPTO_PROVIDER_BUSY
651  * 	The provider can not take more requests.
652  *
653  * CRYPTO_PROVIDER_FAILED
654  *	The provider encountered an internal error. The framework will not
655  * 	be sending any more requests to the provider. The provider may notify
656  *	with a CRYPTO_PROVIDER_READY, if it is able to recover from the error.
657  *
658  * This routine can be called from user or interrupt context.
659  */
660 void
661 crypto_provider_notification(crypto_kcf_provider_handle_t handle, uint_t state)
662 {
663 	kcf_provider_desc_t *pd;
664 
665 	/* lookup the provider from the given handle */
666 	if ((pd = kcf_prov_tab_lookup((crypto_provider_id_t)handle)) == NULL)
667 		return;
668 
669 	mutex_enter(&pd->pd_lock);
670 
671 	if (pd->pd_state <= KCF_PROV_VERIFICATION_FAILED)
672 		goto out;
673 
674 	if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) {
675 		cmn_err(CE_WARN, "crypto_provider_notification: "
676 		    "logical provider (%x) ignored\n", handle);
677 		goto out;
678 	}
679 	switch (state) {
680 	case CRYPTO_PROVIDER_READY:
681 		switch (pd->pd_state) {
682 		case KCF_PROV_BUSY:
683 			pd->pd_state = KCF_PROV_READY;
684 			/*
685 			 * Signal the per-provider taskq threads that they
686 			 * can start submitting requests.
687 			 */
688 			cv_broadcast(&pd->pd_resume_cv);
689 			break;
690 
691 		case KCF_PROV_FAILED:
692 			/*
693 			 * The provider recovered from the error. Let us
694 			 * use it now.
695 			 */
696 			pd->pd_state = KCF_PROV_READY;
697 			break;
698 		}
699 		break;
700 
701 	case CRYPTO_PROVIDER_BUSY:
702 		switch (pd->pd_state) {
703 		case KCF_PROV_READY:
704 			pd->pd_state = KCF_PROV_BUSY;
705 			break;
706 		}
707 		break;
708 
709 	case CRYPTO_PROVIDER_FAILED:
710 		/*
711 		 * We note the failure and return. The per-provider taskq
712 		 * threads check this flag and start failing the
713 		 * requests, if it is set. See process_req_hwp() for details.
714 		 */
715 		switch (pd->pd_state) {
716 		case KCF_PROV_READY:
717 			pd->pd_state = KCF_PROV_FAILED;
718 			break;
719 
720 		case KCF_PROV_BUSY:
721 			pd->pd_state = KCF_PROV_FAILED;
722 			/*
723 			 * The per-provider taskq threads may be waiting. We
724 			 * signal them so that they can start failing requests.
725 			 */
726 			cv_broadcast(&pd->pd_resume_cv);
727 			break;
728 		}
729 		break;
730 	}
731 out:
732 	mutex_exit(&pd->pd_lock);
733 	KCF_PROV_REFRELE(pd);
734 }
735 
736 /*
737  * This routine is used to notify the framework the result of
738  * an asynchronous request handled by a provider. Valid error
739  * codes are the same as the CRYPTO_* errors defined in common.h.
740  *
741  * This routine can be called from user or interrupt context.
742  */
743 void
744 crypto_op_notification(crypto_req_handle_t handle, int error)
745 {
746 	kcf_call_type_t ctype;
747 
748 	if (handle == NULL)
749 		return;
750 
751 	if ((ctype = GET_REQ_TYPE(handle)) == CRYPTO_SYNCH) {
752 		kcf_sreq_node_t *sreq = (kcf_sreq_node_t *)handle;
753 
754 		KCF_PROV_JOB_RELE_STAT(sreq->sn_mp, (error != CRYPTO_SUCCESS));
755 		kcf_sop_done(sreq, error);
756 	} else {
757 		kcf_areq_node_t *areq = (kcf_areq_node_t *)handle;
758 
759 		ASSERT(ctype == CRYPTO_ASYNCH);
760 		KCF_PROV_JOB_RELE_STAT(areq->an_mp, (error != CRYPTO_SUCCESS));
761 		kcf_aop_done(areq, error);
762 	}
763 }
764 
765 /*
766  * This routine is used by software providers to determine
767  * whether to use KM_SLEEP or KM_NOSLEEP during memory allocation.
768  * Note that hardware providers can always use KM_SLEEP. So,
769  * they do not need to call this routine.
770  *
771  * This routine can be called from user or interrupt context.
772  */
773 int
774 crypto_kmflag(crypto_req_handle_t handle)
775 {
776 	return (REQHNDL2_KMFLAG(handle));
777 }
778 
779 /*
780  * Process the mechanism info structures specified by the provider
781  * during registration. A NULL crypto_provider_info_t indicates
782  * an already initialized provider descriptor.
783  *
784  * Mechanisms are not added to the kernel's mechanism table if the
785  * provider is a logical provider.
786  *
787  * Returns CRYPTO_SUCCESS on success, CRYPTO_ARGUMENTS if one
788  * of the specified mechanisms was malformed, or CRYPTO_HOST_MEMORY
789  * if the table of mechanisms is full.
790  */
791 static int
792 init_prov_mechs(crypto_provider_info_t *info, kcf_provider_desc_t *desc)
793 {
794 	uint_t mech_idx;
795 	uint_t cleanup_idx;
796 	int err = CRYPTO_SUCCESS;
797 	kcf_prov_mech_desc_t *pmd;
798 	int desc_use_count = 0;
799 	int mcount = desc->pd_mech_list_count;
800 
801 	if (desc->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) {
802 		if (info != NULL) {
803 			ASSERT(info->pi_mechanisms != NULL);
804 			bcopy(info->pi_mechanisms, desc->pd_mechanisms,
805 			    sizeof (crypto_mech_info_t) * mcount);
806 		}
807 		return (CRYPTO_SUCCESS);
808 	}
809 
810 	/*
811 	 * Copy the mechanism list from the provider info to the provider
812 	 * descriptor. desc->pd_mechanisms has an extra crypto_mech_info_t
813 	 * element if the provider has random_ops since we keep an internal
814 	 * mechanism, SUN_RANDOM, in this case.
815 	 */
816 	if (info != NULL) {
817 		if (info->pi_ops_vector->co_random_ops != NULL) {
818 			crypto_mech_info_t *rand_mi;
819 
820 			/*
821 			 * Need the following check as it is possible to have
822 			 * a provider that implements just random_ops and has
823 			 * pi_mechanisms == NULL.
824 			 */
825 			if (info->pi_mechanisms != NULL) {
826 				bcopy(info->pi_mechanisms, desc->pd_mechanisms,
827 				    sizeof (crypto_mech_info_t) * (mcount - 1));
828 			}
829 			rand_mi = &desc->pd_mechanisms[mcount - 1];
830 
831 			bzero(rand_mi, sizeof (crypto_mech_info_t));
832 			(void) strncpy(rand_mi->cm_mech_name, SUN_RANDOM,
833 			    CRYPTO_MAX_MECH_NAME);
834 			rand_mi->cm_func_group_mask = CRYPTO_FG_RANDOM;
835 		} else {
836 			ASSERT(info->pi_mechanisms != NULL);
837 			bcopy(info->pi_mechanisms, desc->pd_mechanisms,
838 			    sizeof (crypto_mech_info_t) * mcount);
839 		}
840 	}
841 
842 	/*
843 	 * For each mechanism support by the provider, add the provider
844 	 * to the corresponding KCF mechanism mech_entry chain.
845 	 */
846 	for (mech_idx = 0; mech_idx < desc->pd_mech_list_count; mech_idx++) {
847 		crypto_mech_info_t *mi = &desc->pd_mechanisms[mech_idx];
848 
849 		if ((mi->cm_mech_flags & CRYPTO_KEYSIZE_UNIT_IN_BITS) &&
850 		    (mi->cm_mech_flags & CRYPTO_KEYSIZE_UNIT_IN_BYTES)) {
851 			err = CRYPTO_ARGUMENTS_BAD;
852 			break;
853 		}
854 
855 		if ((err = kcf_add_mech_provider(mech_idx, desc, &pmd)) !=
856 		    KCF_SUCCESS)
857 			break;
858 
859 		if (pmd == NULL)
860 			continue;
861 
862 		/* The provider will be used for this mechanism */
863 		desc_use_count++;
864 	}
865 
866 	/*
867 	 * Don't allow multiple software providers with disabled mechanisms
868 	 * to register. Subsequent enabling of mechanisms will result in
869 	 * an unsupported configuration, i.e. multiple software providers
870 	 * per mechanism.
871 	 */
872 	if (desc_use_count == 0 && desc->pd_prov_type == CRYPTO_SW_PROVIDER)
873 		return (CRYPTO_ARGUMENTS_BAD);
874 
875 	if (err == KCF_SUCCESS)
876 		return (CRYPTO_SUCCESS);
877 
878 	/*
879 	 * An error occurred while adding the mechanism, cleanup
880 	 * and bail.
881 	 */
882 	for (cleanup_idx = 0; cleanup_idx < mech_idx; cleanup_idx++) {
883 		kcf_remove_mech_provider(
884 		    desc->pd_mechanisms[cleanup_idx].cm_mech_name, desc);
885 	}
886 
887 	if (err == KCF_MECH_TAB_FULL)
888 		return (CRYPTO_HOST_MEMORY);
889 
890 	return (CRYPTO_ARGUMENTS_BAD);
891 }
892 
893 /*
894  * Update routine for kstat. Only privileged users are allowed to
895  * access this information, since this information is sensitive.
896  * There are some cryptographic attacks (e.g. traffic analysis)
897  * which can use this information.
898  */
899 static int
900 kcf_prov_kstat_update(kstat_t *ksp, int rw)
901 {
902 	kcf_prov_stats_t *ks_data;
903 	kcf_provider_desc_t *pd = (kcf_provider_desc_t *)ksp->ks_private;
904 	int i;
905 
906 	if (rw == KSTAT_WRITE)
907 		return (EACCES);
908 
909 	ks_data = ksp->ks_data;
910 
911 	if (secpolicy_sys_config(CRED(), B_TRUE) != 0) {
912 		ks_data->ps_ops_total.value.ui64 = 0;
913 		ks_data->ps_ops_passed.value.ui64 = 0;
914 		ks_data->ps_ops_failed.value.ui64 = 0;
915 		ks_data->ps_ops_busy_rval.value.ui64 = 0;
916 	} else {
917 		uint64_t dtotal, ftotal, btotal;
918 
919 		dtotal = ftotal = btotal = 0;
920 		/* No locking done since an exact count is not required. */
921 		for (i = 0; i < pd->pd_nbins; i++) {
922 			dtotal += pd->pd_percpu_bins[i].kp_ndispatches;
923 			ftotal += pd->pd_percpu_bins[i].kp_nfails;
924 			btotal += pd->pd_percpu_bins[i].kp_nbusy_rval;
925 		}
926 
927 		ks_data->ps_ops_total.value.ui64 = dtotal;
928 		ks_data->ps_ops_failed.value.ui64 = ftotal;
929 		ks_data->ps_ops_busy_rval.value.ui64 = btotal;
930 		ks_data->ps_ops_passed.value.ui64 = dtotal - ftotal - btotal;
931 	}
932 
933 	return (0);
934 }
935 
936 
937 /*
938  * Utility routine called from failure paths in crypto_register_provider()
939  * and from crypto_load_soft_disabled().
940  */
941 void
942 undo_register_provider(kcf_provider_desc_t *desc, boolean_t remove_prov)
943 {
944 	uint_t mech_idx;
945 
946 	/* remove the provider from the mechanisms tables */
947 	for (mech_idx = 0; mech_idx < desc->pd_mech_list_count;
948 	    mech_idx++) {
949 		kcf_remove_mech_provider(
950 		    desc->pd_mechanisms[mech_idx].cm_mech_name, desc);
951 	}
952 
953 	/* remove provider from providers table */
954 	if (remove_prov)
955 		(void) kcf_prov_tab_rem_provider(desc->pd_prov_id);
956 }
957 
958 static void
959 undo_register_provider_extra(kcf_provider_desc_t *desc)
960 {
961 	delete_kstat(desc);
962 	undo_register_provider(desc, B_TRUE);
963 }
964 
965 /*
966  * Utility routine called from crypto_load_soft_disabled(). Callers
967  * should have done a prior undo_register_provider().
968  */
969 void
970 redo_register_provider(kcf_provider_desc_t *pd)
971 {
972 	/* process the mechanisms supported by the provider */
973 	(void) init_prov_mechs(NULL, pd);
974 
975 	/*
976 	 * Hold provider in providers table. We should not call
977 	 * kcf_prov_tab_add_provider() here as the provider descriptor
978 	 * is still valid which means it has an entry in the provider
979 	 * table.
980 	 */
981 	KCF_PROV_REFHOLD(pd);
982 }
983 
984 /*
985  * Add provider (p1) to another provider's array of providers (p2).
986  * Hardware and logical providers use this array to cross-reference
987  * each other.
988  */
989 static void
990 add_provider_to_array(kcf_provider_desc_t *p1, kcf_provider_desc_t *p2)
991 {
992 	kcf_provider_list_t *new;
993 
994 	new = kmem_alloc(sizeof (kcf_provider_list_t), KM_SLEEP);
995 	mutex_enter(&p2->pd_lock);
996 	new->pl_next = p2->pd_provider_list;
997 	p2->pd_provider_list = new;
998 	new->pl_provider = p1;
999 	mutex_exit(&p2->pd_lock);
1000 }
1001 
1002 /*
1003  * Remove provider (p1) from another provider's array of providers (p2).
1004  * Hardware and logical providers use this array to cross-reference
1005  * each other.
1006  */
1007 static void
1008 remove_provider_from_array(kcf_provider_desc_t *p1, kcf_provider_desc_t *p2)
1009 {
1010 
1011 	kcf_provider_list_t *pl = NULL, **prev;
1012 
1013 	mutex_enter(&p2->pd_lock);
1014 	for (pl = p2->pd_provider_list, prev = &p2->pd_provider_list;
1015 	    pl != NULL; prev = &pl->pl_next, pl = pl->pl_next) {
1016 		if (pl->pl_provider == p1) {
1017 			break;
1018 		}
1019 	}
1020 
1021 	if (p1 == NULL) {
1022 		mutex_exit(&p2->pd_lock);
1023 		return;
1024 	}
1025 
1026 	/* detach and free kcf_provider_list structure */
1027 	*prev = pl->pl_next;
1028 	kmem_free(pl, sizeof (*pl));
1029 	mutex_exit(&p2->pd_lock);
1030 }
1031 
1032 /*
1033  * Convert an array of logical provider handles (crypto_provider_id)
1034  * stored in a crypto_provider_info structure into an array of provider
1035  * descriptors (kcf_provider_desc_t) attached to a logical provider.
1036  */
1037 static void
1038 process_logical_providers(crypto_provider_info_t *info, kcf_provider_desc_t *hp)
1039 {
1040 	kcf_provider_desc_t *lp;
1041 	crypto_provider_id_t handle;
1042 	int count = info->pi_logical_provider_count;
1043 	int i;
1044 
1045 	/* add hardware provider to each logical provider */
1046 	for (i = 0; i < count; i++) {
1047 		handle = info->pi_logical_providers[i];
1048 		lp = kcf_prov_tab_lookup((crypto_provider_id_t)handle);
1049 		if (lp == NULL) {
1050 			continue;
1051 		}
1052 		add_provider_to_array(hp, lp);
1053 		hp->pd_flags |= KCF_LPROV_MEMBER;
1054 
1055 		/*
1056 		 * A hardware provider has to have the provider descriptor of
1057 		 * every logical provider it belongs to, so it can be removed
1058 		 * from the logical provider if the hardware provider
1059 		 * unregisters from the framework.
1060 		 */
1061 		add_provider_to_array(lp, hp);
1062 		KCF_PROV_REFRELE(lp);
1063 	}
1064 }
1065 
1066 /*
1067  * This routine removes a provider from all of the logical or
1068  * hardware providers it belongs to, and frees the provider's
1069  * array of pointers to providers.
1070  */
1071 static void
1072 remove_provider(kcf_provider_desc_t *pp)
1073 {
1074 	kcf_provider_desc_t *p;
1075 	kcf_provider_list_t *e, *next;
1076 
1077 	mutex_enter(&pp->pd_lock);
1078 	for (e = pp->pd_provider_list; e != NULL; e = next) {
1079 		p = e->pl_provider;
1080 		remove_provider_from_array(pp, p);
1081 		if (p->pd_prov_type == CRYPTO_HW_PROVIDER &&
1082 		    p->pd_provider_list == NULL)
1083 			p->pd_flags &= ~KCF_LPROV_MEMBER;
1084 		next = e->pl_next;
1085 		kmem_free(e, sizeof (*e));
1086 	}
1087 	pp->pd_provider_list = NULL;
1088 	mutex_exit(&pp->pd_lock);
1089 }
1090 
1091 /*
1092  * Dispatch events as needed for a provider. is_added flag tells
1093  * whether the provider is registering or unregistering.
1094  */
1095 void
1096 kcf_do_notify(kcf_provider_desc_t *prov_desc, boolean_t is_added)
1097 {
1098 	int i;
1099 	crypto_notify_event_change_t ec;
1100 
1101 	ASSERT(prov_desc->pd_state > KCF_PROV_VERIFICATION_FAILED);
1102 
1103 	/*
1104 	 * Inform interested clients of the mechanisms becoming
1105 	 * available/unavailable. We skip this for logical providers
1106 	 * as they do not affect mechanisms.
1107 	 */
1108 	if (prov_desc->pd_prov_type != CRYPTO_LOGICAL_PROVIDER) {
1109 		ec.ec_provider_type = prov_desc->pd_prov_type;
1110 		ec.ec_change = is_added ? CRYPTO_MECH_ADDED :
1111 		    CRYPTO_MECH_REMOVED;
1112 		for (i = 0; i < prov_desc->pd_mech_list_count; i++) {
1113 			/* Skip any mechanisms not allowed by the policy */
1114 			if (is_mech_disabled(prov_desc,
1115 			    prov_desc->pd_mechanisms[i].cm_mech_name))
1116 				continue;
1117 
1118 			(void) strncpy(ec.ec_mech_name,
1119 			    prov_desc->pd_mechanisms[i].cm_mech_name,
1120 			    CRYPTO_MAX_MECH_NAME);
1121 			kcf_walk_ntfylist(CRYPTO_EVENT_MECHS_CHANGED, &ec);
1122 		}
1123 
1124 	}
1125 
1126 	/*
1127 	 * Inform interested clients about the new or departing provider.
1128 	 * In case of a logical provider, we need to notify the event only
1129 	 * for the logical provider and not for the underlying
1130 	 * providers which are known by the KCF_LPROV_MEMBER bit.
1131 	 */
1132 	if (prov_desc->pd_prov_type == CRYPTO_LOGICAL_PROVIDER ||
1133 	    (prov_desc->pd_flags & KCF_LPROV_MEMBER) == 0) {
1134 		kcf_walk_ntfylist(is_added ? CRYPTO_EVENT_PROVIDER_REGISTERED :
1135 		    CRYPTO_EVENT_PROVIDER_UNREGISTERED, prov_desc);
1136 	}
1137 }
1138 
1139 static void
1140 delete_kstat(kcf_provider_desc_t *desc)
1141 {
1142 	/* destroy the kstat created for this provider */
1143 	if (desc->pd_kstat != NULL) {
1144 		kcf_provider_desc_t *kspd = desc->pd_kstat->ks_private;
1145 
1146 		/* release reference held by desc->pd_kstat->ks_private */
1147 		ASSERT(desc == kspd);
1148 		kstat_delete(kspd->pd_kstat);
1149 		desc->pd_kstat = NULL;
1150 		KCF_PROV_REFRELE(kspd);
1151 	}
1152 }
1153