1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 /* 25 * Copyright 2010 Nexenta Systems, Inc. All rights reserved. 26 */ 27 28 #include <fcntl.h> 29 #include <stdio.h> 30 #include <stdlib.h> 31 #include <strings.h> 32 #include <unistd.h> 33 #include <locale.h> 34 #include <libgen.h> 35 #include <sys/types.h> 36 #include <sys/varargs.h> 37 #include <zone.h> 38 #include <sys/crypto/ioctladmin.h> 39 #include "cryptoadm.h" 40 41 #define DEFAULT_DEV_NUM 5 42 #define DEFAULT_SOFT_NUM 10 43 44 static crypto_get_soft_info_t *setup_get_soft_info(char *, int); 45 46 /* 47 * Prepare the argument for the LOAD_SOFT_CONFIG ioctl call for the 48 * provider pointed by pent. Return NULL if out of memory. 49 */ 50 crypto_load_soft_config_t * 51 setup_soft_conf(entry_t *pent) 52 { 53 crypto_load_soft_config_t *pload_soft_conf; 54 mechlist_t *plist; 55 uint_t sup_count; 56 size_t extra_mech_size = 0; 57 int i; 58 59 if (pent == NULL) { 60 return (NULL); 61 } 62 63 sup_count = pent->sup_count; 64 if (sup_count > 1) { 65 extra_mech_size = sizeof (crypto_mech_name_t) * 66 (sup_count - 1); 67 } 68 69 pload_soft_conf = malloc(sizeof (crypto_load_soft_config_t) + 70 extra_mech_size); 71 if (pload_soft_conf == NULL) { 72 cryptodebug("out of memory."); 73 return (NULL); 74 } 75 76 (void) strlcpy(pload_soft_conf->sc_name, pent->name, MAXNAMELEN); 77 pload_soft_conf->sc_count = sup_count; 78 79 i = 0; 80 plist = pent->suplist; 81 while (i < sup_count) { 82 (void) strlcpy(pload_soft_conf->sc_list[i++], 83 plist->name, CRYPTO_MAX_MECH_NAME); 84 plist = plist->next; 85 } 86 87 return (pload_soft_conf); 88 } 89 90 91 /* 92 * Prepare the argument for the LOAD_SOFT_DISABLED ioctl call for the 93 * provider pointed by pent. Return NULL if out of memory. 94 */ 95 crypto_load_soft_disabled_t * 96 setup_soft_dis(entry_t *pent) 97 { 98 crypto_load_soft_disabled_t *pload_soft_dis = NULL; 99 mechlist_t *plist = NULL; 100 size_t extra_mech_size = 0; 101 uint_t dis_count; 102 int i; 103 104 if (pent == NULL) { 105 return (NULL); 106 } 107 108 dis_count = pent->dis_count; 109 if (dis_count > 1) { 110 extra_mech_size = sizeof (crypto_mech_name_t) * 111 (dis_count - 1); 112 } 113 114 pload_soft_dis = malloc(sizeof (crypto_load_soft_disabled_t) + 115 extra_mech_size); 116 if (pload_soft_dis == NULL) { 117 cryptodebug("out of memory."); 118 return (NULL); 119 } 120 121 (void) strlcpy(pload_soft_dis->sd_name, pent->name, MAXNAMELEN); 122 pload_soft_dis->sd_count = dis_count; 123 124 i = 0; 125 plist = pent->dislist; 126 while (i < dis_count) { 127 (void) strlcpy(pload_soft_dis->sd_list[i++], 128 plist->name, CRYPTO_MAX_MECH_NAME); 129 plist = plist->next; 130 } 131 132 return (pload_soft_dis); 133 } 134 135 136 /* 137 * Prepare the argument for the LOAD_DEV_DISABLED ioctl call for the 138 * provider pointed by pent. Return NULL if out of memory. 139 */ 140 crypto_load_dev_disabled_t * 141 setup_dev_dis(entry_t *pent) 142 { 143 crypto_load_dev_disabled_t *pload_dev_dis = NULL; 144 mechlist_t *plist = NULL; 145 size_t extra_mech_size = 0; 146 uint_t dis_count; 147 int i; 148 char pname[MAXNAMELEN]; 149 int inst_num; 150 151 if (pent == NULL) { 152 return (NULL); 153 } 154 155 /* get the device name and the instance number */ 156 if (split_hw_provname(pent->name, pname, &inst_num) == FAILURE) { 157 return (NULL); 158 } 159 160 /* allocate space for pload_dev_des */ 161 dis_count = pent->dis_count; 162 if (dis_count > 1) { 163 extra_mech_size = sizeof (crypto_mech_name_t) * 164 (dis_count - 1); 165 } 166 167 pload_dev_dis = malloc(sizeof (crypto_load_dev_disabled_t) + 168 extra_mech_size); 169 if (pload_dev_dis == NULL) { 170 cryptodebug("out of memory."); 171 return (NULL); 172 } 173 174 /* set the values for pload_dev_dis */ 175 (void) strlcpy(pload_dev_dis->dd_dev_name, pname, MAXNAMELEN); 176 pload_dev_dis->dd_dev_instance = inst_num; 177 pload_dev_dis->dd_count = dis_count; 178 179 i = 0; 180 plist = pent->dislist; 181 while (i < dis_count) { 182 (void) strlcpy(pload_dev_dis->dd_list[i++], 183 plist->name, CRYPTO_MAX_MECH_NAME); 184 plist = plist->next; 185 } 186 187 return (pload_dev_dis); 188 } 189 190 191 /* 192 * Prepare the calling argument of the UNLOAD_SOFT_MODULE ioctl call for the 193 * provider pointed by pent. Return NULL if out of memory. 194 */ 195 crypto_unload_soft_module_t * 196 setup_unload_soft(entry_t *pent) 197 { 198 crypto_unload_soft_module_t *punload_soft; 199 200 if (pent == NULL) { 201 return (NULL); 202 } 203 204 punload_soft = malloc(sizeof (crypto_unload_soft_module_t)); 205 if (punload_soft == NULL) { 206 cryptodebug("out of memory."); 207 return (NULL); 208 } 209 210 (void) strlcpy(punload_soft->sm_name, pent->name, MAXNAMELEN); 211 212 return (punload_soft); 213 } 214 215 216 /* 217 * Prepare the calling argument for the GET_SOFT_INFO call for the provider 218 * with the number of mechanisms specified in the second argument. 219 * 220 * Called by get_soft_info(). 221 */ 222 static crypto_get_soft_info_t * 223 setup_get_soft_info(char *provname, int count) 224 { 225 crypto_get_soft_info_t *psoft_info; 226 size_t extra_mech_size = 0; 227 228 if (provname == NULL) { 229 return (NULL); 230 } 231 232 if (count > 1) { 233 extra_mech_size = sizeof (crypto_mech_name_t) * (count - 1); 234 } 235 236 psoft_info = malloc(sizeof (crypto_get_soft_info_t) + extra_mech_size); 237 if (psoft_info == NULL) { 238 cryptodebug("out of memory."); 239 return (NULL); 240 } 241 242 (void) strlcpy(psoft_info->si_name, provname, MAXNAMELEN); 243 psoft_info->si_count = count; 244 245 return (psoft_info); 246 } 247 248 249 /* 250 * Get the device list from kernel. 251 */ 252 int 253 get_dev_list(crypto_get_dev_list_t **ppdevlist) 254 { 255 crypto_get_dev_list_t *pdevlist; 256 int fd = -1; 257 int count = DEFAULT_DEV_NUM; 258 259 pdevlist = malloc(sizeof (crypto_get_dev_list_t) + 260 sizeof (crypto_dev_list_entry_t) * (count - 1)); 261 if (pdevlist == NULL) { 262 cryptodebug("out of memory."); 263 return (FAILURE); 264 } 265 266 if ((fd = open(ADMIN_IOCTL_DEVICE, O_RDONLY)) == -1) { 267 cryptoerror(LOG_STDERR, gettext("failed to open %s: %s"), 268 ADMIN_IOCTL_DEVICE, strerror(errno)); 269 return (FAILURE); 270 } 271 272 pdevlist->dl_dev_count = count; 273 if (ioctl(fd, CRYPTO_GET_DEV_LIST, pdevlist) == -1) { 274 cryptodebug("CRYPTO_GET_DEV_LIST ioctl failed: %s", 275 strerror(errno)); 276 free(pdevlist); 277 (void) close(fd); 278 return (FAILURE); 279 } 280 281 /* BUFFER is too small, get the number of devices and retry it. */ 282 if (pdevlist->dl_return_value == CRYPTO_BUFFER_TOO_SMALL) { 283 count = pdevlist->dl_dev_count; 284 free(pdevlist); 285 pdevlist = malloc(sizeof (crypto_get_dev_list_t) + 286 sizeof (crypto_dev_list_entry_t) * (count - 1)); 287 if (pdevlist == NULL) { 288 cryptodebug("out of memory."); 289 (void) close(fd); 290 return (FAILURE); 291 } 292 293 if (ioctl(fd, CRYPTO_GET_DEV_LIST, pdevlist) == -1) { 294 cryptodebug("CRYPTO_GET_DEV_LIST ioctl failed: %s", 295 strerror(errno)); 296 free(pdevlist); 297 (void) close(fd); 298 return (FAILURE); 299 } 300 } 301 302 if (pdevlist->dl_return_value != CRYPTO_SUCCESS) { 303 cryptodebug("CRYPTO_GET_DEV_LIST ioctl failed, " 304 "return_value = %d", pdevlist->dl_return_value); 305 free(pdevlist); 306 (void) close(fd); 307 return (FAILURE); 308 } 309 310 *ppdevlist = pdevlist; 311 (void) close(fd); 312 return (SUCCESS); 313 } 314 315 316 /* 317 * Get all the mechanisms supported by the hardware provider. 318 * The result will be stored in the second argument. 319 */ 320 int 321 get_dev_info(char *devname, int inst_num, int count, mechlist_t **ppmechlist) 322 { 323 crypto_get_dev_info_t *dev_info; 324 mechlist_t *phead; 325 mechlist_t *pcur; 326 mechlist_t *pmech; 327 int fd = -1; 328 int i; 329 int rc; 330 331 if (devname == NULL || count < 1) { 332 cryptodebug("get_dev_info(): devname is NULL or bogus count"); 333 return (FAILURE); 334 } 335 336 /* Set up the argument for the CRYPTO_GET_DEV_INFO ioctl call */ 337 dev_info = malloc(sizeof (crypto_get_dev_info_t) + 338 sizeof (crypto_mech_name_t) * (count - 1)); 339 if (dev_info == NULL) { 340 cryptodebug("out of memory."); 341 return (FAILURE); 342 } 343 (void) strlcpy(dev_info->di_dev_name, devname, MAXNAMELEN); 344 dev_info->di_dev_instance = inst_num; 345 dev_info->di_count = count; 346 347 /* Open the ioctl device */ 348 if ((fd = open(ADMIN_IOCTL_DEVICE, O_RDONLY)) == -1) { 349 cryptoerror(LOG_STDERR, gettext("failed to open %s: %s"), 350 ADMIN_IOCTL_DEVICE, strerror(errno)); 351 free(dev_info); 352 return (FAILURE); 353 } 354 355 if (ioctl(fd, CRYPTO_GET_DEV_INFO, dev_info) == -1) { 356 cryptodebug("CRYPTO_GET_DEV_INFO ioctl failed: %s", 357 strerror(errno)); 358 free(dev_info); 359 (void) close(fd); 360 return (FAILURE); 361 } 362 363 if (dev_info->di_return_value != CRYPTO_SUCCESS) { 364 cryptodebug("CRYPTO_GET_DEV_INFO ioctl failed, " 365 "return_value = %d", dev_info->di_return_value); 366 free(dev_info); 367 (void) close(fd); 368 return (FAILURE); 369 } 370 371 phead = pcur = NULL; 372 rc = SUCCESS; 373 for (i = 0; i < dev_info->di_count; i++) { 374 pmech = create_mech(&dev_info->di_list[i][0]); 375 if (pmech == NULL) { 376 rc = FAILURE; 377 break; 378 } else { 379 if (phead == NULL) { 380 phead = pcur = pmech; 381 } else { 382 pcur->next = pmech; 383 pcur = pmech; 384 } 385 } 386 } 387 388 if (rc == SUCCESS) { 389 *ppmechlist = phead; 390 } else { 391 free_mechlist(phead); 392 } 393 394 free(dev_info); 395 (void) close(fd); 396 return (rc); 397 } 398 399 400 /* 401 * Get the supported mechanism list of the software provider from kernel. 402 * 403 * Parameters phardlist and psoftlist are supplied by get_kcfconf_info(). 404 * If NULL, this function calls get_kcfconf_info() internally. 405 */ 406 int 407 get_soft_info(char *provname, mechlist_t **ppmechlist, 408 entrylist_t *phardlist, entrylist_t *psoftlist) 409 { 410 boolean_t in_kernel = B_FALSE; 411 crypto_get_soft_info_t *psoft_info; 412 mechlist_t *phead; 413 mechlist_t *pmech; 414 mechlist_t *pcur; 415 entry_t *pent = NULL; 416 int count; 417 int fd = -1; 418 int rc; 419 int i; 420 421 if (provname == NULL) { 422 return (FAILURE); 423 } 424 425 if (getzoneid() == GLOBAL_ZONEID) { 426 /* use kcf.conf for kernel software providers in global zone */ 427 if ((pent = getent_kef(provname, phardlist, psoftlist)) == 428 NULL) { 429 430 /* No kcf.conf entry for this provider */ 431 if (check_kernel_for_soft(provname, NULL, &in_kernel) 432 == FAILURE) { 433 return (FAILURE); 434 } else if (in_kernel == B_FALSE) { 435 cryptoerror(LOG_STDERR, 436 gettext("%s does not exist."), provname); 437 return (FAILURE); 438 } 439 440 /* 441 * Set mech count to 1. It will be reset to the 442 * correct value later if the setup buffer is too small. 443 */ 444 count = 1; 445 } else { 446 count = pent->sup_count; 447 free_entry(pent); 448 } 449 } else { 450 /* 451 * kcf.conf not there in non-global zone: set mech count to 1. 452 * It will be reset to the correct value later if the setup 453 * buffer is too small. 454 */ 455 count = 1; 456 } 457 458 if ((psoft_info = setup_get_soft_info(provname, count)) == NULL) { 459 return (FAILURE); 460 } 461 462 if ((fd = open(ADMIN_IOCTL_DEVICE, O_RDONLY)) == -1) { 463 cryptoerror(LOG_STDERR, gettext("failed to open %s: %s"), 464 ADMIN_IOCTL_DEVICE, strerror(errno)); 465 free(psoft_info); 466 return (FAILURE); 467 } 468 469 /* make GET_SOFT_INFO ioctl call */ 470 if ((rc = ioctl(fd, CRYPTO_GET_SOFT_INFO, psoft_info)) == -1) { 471 cryptodebug("CRYPTO_GET_SOFT_INFO ioctl failed: %s", 472 strerror(errno)); 473 (void) close(fd); 474 free(psoft_info); 475 return (FAILURE); 476 } 477 478 /* BUFFER is too small, get the number of mechanisms and retry it. */ 479 if (psoft_info->si_return_value == CRYPTO_BUFFER_TOO_SMALL) { 480 count = psoft_info->si_count; 481 free(psoft_info); 482 if ((psoft_info = setup_get_soft_info(provname, count)) 483 == NULL) { 484 (void) close(fd); 485 return (FAILURE); 486 } else { 487 rc = ioctl(fd, CRYPTO_GET_SOFT_INFO, psoft_info); 488 if (rc == -1) { 489 cryptodebug("CRYPTO_GET_SOFT_INFO ioctl " 490 "failed: %s", strerror(errno)); 491 (void) close(fd); 492 free(psoft_info); 493 return (FAILURE); 494 } 495 } 496 } 497 498 (void) close(fd); 499 if (psoft_info->si_return_value != CRYPTO_SUCCESS) { 500 cryptodebug("CRYPTO_GET_SOFT_INFO ioctl failed, " 501 "return_value = %d", psoft_info->si_return_value); 502 free(psoft_info); 503 return (FAILURE); 504 } 505 506 507 /* Build the mechanism linked list and return it */ 508 rc = SUCCESS; 509 phead = pcur = NULL; 510 for (i = 0; i < psoft_info->si_count; i++) { 511 pmech = create_mech(&psoft_info->si_list[i][0]); 512 if (pmech == NULL) { 513 rc = FAILURE; 514 break; 515 } else { 516 if (phead == NULL) { 517 phead = pcur = pmech; 518 } else { 519 pcur->next = pmech; 520 pcur = pmech; 521 } 522 } 523 } 524 525 if (rc == FAILURE) { 526 free_mechlist(phead); 527 } else { 528 *ppmechlist = phead; 529 } 530 531 free(psoft_info); 532 return (rc); 533 } 534 535 536 /* 537 * Get the kernel software provider list from kernel. 538 */ 539 int 540 get_soft_list(crypto_get_soft_list_t **ppsoftlist) 541 { 542 crypto_get_soft_list_t *psoftlist = NULL; 543 int count = DEFAULT_SOFT_NUM; 544 int len; 545 int fd = -1; 546 547 if ((fd = open(ADMIN_IOCTL_DEVICE, O_RDONLY)) == -1) { 548 cryptoerror(LOG_STDERR, gettext("failed to open %s: %s"), 549 ADMIN_IOCTL_DEVICE, strerror(errno)); 550 return (FAILURE); 551 } 552 553 len = MAXNAMELEN * count; 554 psoftlist = malloc(sizeof (crypto_get_soft_list_t) + len); 555 if (psoftlist == NULL) { 556 cryptodebug("out of memory."); 557 (void) close(fd); 558 return (FAILURE); 559 } 560 psoftlist->sl_soft_names = (caddr_t)(psoftlist + 1); 561 psoftlist->sl_soft_count = count; 562 psoftlist->sl_soft_len = len; 563 564 if (ioctl(fd, CRYPTO_GET_SOFT_LIST, psoftlist) == -1) { 565 cryptodebug("CRYPTO_GET_SOFT_LIST ioctl failed: %s", 566 strerror(errno)); 567 free(psoftlist); 568 (void) close(fd); 569 return (FAILURE); 570 } 571 572 /* 573 * if BUFFER is too small, get the number of software providers and 574 * the minimum length needed for names and length and retry it. 575 */ 576 if (psoftlist->sl_return_value == CRYPTO_BUFFER_TOO_SMALL) { 577 count = psoftlist->sl_soft_count; 578 len = psoftlist->sl_soft_len; 579 free(psoftlist); 580 psoftlist = malloc(sizeof (crypto_get_soft_list_t) + len); 581 if (psoftlist == NULL) { 582 cryptodebug("out of memory."); 583 (void) close(fd); 584 return (FAILURE); 585 } 586 psoftlist->sl_soft_names = (caddr_t)(psoftlist + 1); 587 psoftlist->sl_soft_count = count; 588 psoftlist->sl_soft_len = len; 589 590 if (ioctl(fd, CRYPTO_GET_SOFT_LIST, psoftlist) == -1) { 591 cryptodebug("CRYPTO_GET_SOFT_LIST ioctl failed:" 592 "%s", strerror(errno)); 593 free(psoftlist); 594 (void) close(fd); 595 return (FAILURE); 596 } 597 } 598 599 if (psoftlist->sl_return_value != CRYPTO_SUCCESS) { 600 cryptodebug("CRYPTO_GET_SOFT_LIST ioctl failed, " 601 "return_value = %d", psoftlist->sl_return_value); 602 free(psoftlist); 603 (void) close(fd); 604 return (FAILURE); 605 } 606 607 *ppsoftlist = psoftlist; 608 (void) close(fd); 609 return (SUCCESS); 610 }