xref: /illumos-gate/usr/src/uts/common/crypto/core/kcf.c (revision 9db7147e) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * Core KCF (Kernel Cryptographic Framework). This file implements
28  * the loadable module entry points and module verification routines.
29  */
30 
31 #include <sys/systm.h>
32 #include <sys/cmn_err.h>
33 #include <sys/ddi.h>
34 #include <sys/sunddi.h>
35 #include <sys/modctl.h>
36 #include <sys/errno.h>
37 #include <sys/rwlock.h>
38 #include <sys/kmem.h>
39 #include <sys/door.h>
40 #include <sys/kobj.h>
41 
42 #include <sys/crypto/common.h>
43 #include <sys/crypto/api.h>
44 #include <sys/crypto/spi.h>
45 #include <sys/crypto/impl.h>
46 #include <sys/crypto/sched_impl.h>
47 #include <sys/crypto/elfsign.h>
48 
49 #ifdef DEBUG
50 int kcf_frmwrk_debug = 0;
51 
52 #define	KCF_FRMWRK_DEBUG(l, x)	if (kcf_frmwrk_debug >= l) printf x
53 #else	/* DEBUG */
54 #define	KCF_FRMWRK_DEBUG(l, x)
55 #endif	/* DEBUG */
56 
57 /*
58  * Door to make upcalls to kcfd. kcfd will send us this
59  * handle when it is coming up.
60  */
61 kmutex_t kcf_dh_lock;
62 door_handle_t kcf_dh = NULL;
63 
64 uint32_t global_fips140_mode;	/* FIPS140 enable/disable flag */
65 
66 static struct modlmisc modlmisc = {
67 	&mod_miscops, "Kernel Crypto Framework"
68 };
69 
70 static struct modlinkage modlinkage = {
71 	MODREV_1, (void *)&modlmisc, NULL
72 };
73 
74 static int rngtimer_started;
75 
76 
77 int
78 _init()
79 {
80 	/* initialize the mechanisms tables supported out-of-the-box */
81 	kcf_init_mech_tabs();
82 
83 	/* initialize the providers tables */
84 	kcf_prov_tab_init();
85 
86 	/* initialize the policy table */
87 	kcf_policy_tab_init();
88 
89 	/* initialize soft_config_list */
90 	kcf_soft_config_init();
91 
92 	/*
93 	 * Initialize scheduling structures. Note that this does NOT
94 	 * start any threads since it might not be safe to do so.
95 	 */
96 	kcf_sched_init();
97 
98 	/* initialize the RNG support structures */
99 	rngtimer_started = 0;
100 	kcf_rnd_init();
101 
102 	return (mod_install(&modlinkage));
103 }
104 
105 int
106 _info(struct modinfo *modinfop)
107 {
108 	return (mod_info(&modlinkage, modinfop));
109 }
110 
111 /*
112  * We do not allow kcf to unload.
113  */
114 int
115 _fini(void)
116 {
117 	return (EBUSY);
118 }
119 
120 /*
121  * Return the FIPS140 mode status:
122  * FIPS140_MODE_DISABLED (0)
123  * FIPS140_MODE_ENABLED (1)
124  */
125 int
126 kcf_get_fips140_mode(void)
127 {
128 	return (global_fips140_mode);
129 }
130 
131 /*
132  * Return a pointer to the modctl structure of the
133  * provider's module.
134  */
135 struct modctl *
136 kcf_get_modctl(crypto_provider_info_t *pinfo)
137 {
138 	struct modctl *mctlp;
139 
140 	/* Get the modctl struct for this module */
141 	if (pinfo->pi_provider_type == CRYPTO_SW_PROVIDER)
142 		mctlp = mod_getctl(pinfo->pi_provider_dev.pd_sw);
143 	else {
144 		major_t major;
145 		char *drvmod;
146 
147 		if ((major =
148 		    ddi_driver_major(pinfo->pi_provider_dev.pd_hw)) != -1) {
149 			drvmod = ddi_major_to_name(major);
150 			mctlp = mod_find_by_filename("drv", drvmod);
151 		} else
152 			return (NULL);
153 	}
154 
155 	return (mctlp);
156 }
157 
158 /*
159  * Check if signature verification is needed for a provider.
160  *
161  * Returns 0, if no verification is needed. Returns 1, if
162  * verification is needed. Returns -1, if there is an
163  * error.
164  */
165 int
166 kcf_need_signature_verification(kcf_provider_desc_t *pd)
167 {
168 	struct module *mp;
169 	struct modctl *mctlp = pd->pd_mctlp;
170 	crypto_ops_t *prov_ops = pd->pd_ops_vector;
171 
172 	if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER)
173 		return (0);
174 
175 	if (mctlp == NULL || mctlp->mod_mp == NULL)
176 		return (-1);
177 
178 	mp = (struct module *)mctlp->mod_mp;
179 
180 	/*
181 	 * Check if this provider needs to be verified. We always verify
182 	 * the module if it carries a signature. Any operation set which has
183 	 * a encryption/decryption component is a candidate for verification.
184 	 */
185 	if (prov_ops->co_cipher_ops == NULL && prov_ops->co_dual_ops == NULL &&
186 	    prov_ops->co_dual_cipher_mac_ops == NULL &&
187 	    prov_ops->co_key_ops == NULL && prov_ops->co_sign_ops == NULL &&
188 	    prov_ops->co_verify_ops == NULL && mp->sigdata == NULL) {
189 		return (0);
190 	}
191 
192 	/*
193 	 * See if this module has a proper signature section.
194 	 */
195 	if (mp->sigdata == NULL) {
196 		return (-1);
197 	}
198 
199 	mutex_enter(&pd->pd_lock);
200 	pd->pd_state = KCF_PROV_UNVERIFIED;
201 	mutex_exit(&pd->pd_lock);
202 
203 	return (1);
204 }
205 
206 /*
207  * Do the signature verification on the given module. This function can
208  * be called from user context or kernel context.
209  *
210  * We call kcfd with the full pathname of the module to be
211  * verified. kcfd will return success/restricted/fail, signature length
212  * and the actual signature in the ELF section of the module. If kcfd
213  * returns success or restricted, we compare the signature and the length
214  * with the values that krtld stored in the module structure. We log an
215  * error message in case of a failure.
216  *
217  * The provider state is changed to KCF_PROV_READY on success.
218  */
219 void
220 kcf_verify_signature(void *arg)
221 {
222 	int rv;
223 	int error = CRYPTO_MODVERIFICATION_FAILED;
224 	door_arg_t darg;
225 	door_handle_t ldh;
226 	kcf_door_arg_t *kda;
227 	char *filename;
228 	kcf_provider_desc_t *pd = arg;
229 	struct module *mp;
230 	boolean_t do_notify = B_FALSE;
231 	boolean_t modhold_done = B_FALSE;
232 	struct modctl *mctlp = pd->pd_mctlp;
233 
234 	ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER);
235 	ASSERT(mctlp != NULL);
236 
237 	for (;;) {
238 		mutex_enter(&pd->pd_lock);
239 		/* No need to do verification */
240 		if (pd->pd_state != KCF_PROV_UNVERIFIED) {
241 			mutex_exit(&pd->pd_lock);
242 			goto out;
243 		}
244 		mutex_exit(&pd->pd_lock);
245 
246 		mutex_enter(&mod_lock);
247 		if (mctlp->mod_mp == NULL) {
248 			mutex_exit(&mod_lock);
249 			goto out;
250 		}
251 
252 		/*
253 		 * This check is needed since a software provider can call
254 		 * us directly from the _init->crypto_register_provider path.
255 		 */
256 		if (pd->pd_prov_type == CRYPTO_SW_PROVIDER &&
257 		    mctlp->mod_inprogress_thread == curthread) {
258 			mutex_exit(&mod_lock);
259 			modhold_done = B_FALSE;
260 			break;
261 		}
262 
263 		/*
264 		 * We could be in a race with the register thread or
265 		 * the unregister thread. So, retry if register or
266 		 * unregister is in progress. Note that we can't do
267 		 * mod_hold_by_modctl without this check since that
268 		 * could result in a deadlock with the other threads.
269 		 */
270 		if (mctlp->mod_busy) {
271 			mutex_exit(&mod_lock);
272 			/* delay for 10ms and try again */
273 			delay(drv_usectohz(10000));
274 			continue;
275 		}
276 
277 		(void) mod_hold_by_modctl(mctlp,
278 		    MOD_WAIT_FOREVER | MOD_LOCK_HELD);
279 		mutex_exit(&mod_lock);
280 		modhold_done = B_TRUE;
281 		break;
282 	}
283 
284 	/*
285 	 * Check if the door is set up yet. This will be set when kcfd
286 	 * comes up. If not, we return and leave the provider state unchanged
287 	 * at KCF_PROV_UNVERIFIED. This will trigger the verification of
288 	 * the module later when kcfd is up. This is safe as we NEVER use
289 	 * a provider that has not been verified yet.
290 	 */
291 	mutex_enter(&kcf_dh_lock);
292 	if (kcf_dh == NULL) {
293 		mutex_exit(&kcf_dh_lock);
294 		goto out;
295 	}
296 
297 	ldh = kcf_dh;
298 	door_ki_hold(ldh);
299 	mutex_exit(&kcf_dh_lock);
300 
301 	mp = (struct module *)mctlp->mod_mp;
302 	filename = mp->filename;
303 	KCF_FRMWRK_DEBUG(2, ("Verifying module: %s\n", filename));
304 
305 	kda = kmem_alloc(sizeof (kcf_door_arg_t) + mp->sigsize, KM_SLEEP);
306 	kda->da_version = KCF_KCFD_VERSION1;
307 	kda->da_iskernel = B_TRUE;
308 	bcopy(filename, kda->da_u.filename, strlen(filename) + 1);
309 
310 	darg.data_ptr = (char *)kda;
311 	darg.data_size = sizeof (kcf_door_arg_t) + mp->sigsize;
312 	darg.desc_ptr = NULL;
313 	darg.desc_num = 0;
314 	darg.rbuf = (char *)kda;
315 	darg.rsize = sizeof (kcf_door_arg_t);
316 
317 	/*
318 	 * Make door upcall. door_ki_upcall() checks for validity of the handle.
319 	 */
320 	rv = door_ki_upcall_limited(ldh, &darg, NULL, SIZE_MAX, 0);
321 
322 	if (rv == 0) {
323 		kcf_door_arg_t *rkda =  (kcf_door_arg_t *)darg.rbuf;
324 
325 		KCF_FRMWRK_DEBUG(2,
326 		    ("passed: %d\n", rkda->da_u.result.status));
327 		KCF_FRMWRK_DEBUG(2,
328 		    ("signature length: %d\n", rkda->da_u.result.siglen));
329 		KCF_FRMWRK_DEBUG(2,
330 		    ("signature: %p\n", (void*)rkda->da_u.result.signature));
331 
332 
333 		/* Check kcfd result and compare against module struct fields */
334 		if (((rkda->da_u.result.status != ELFSIGN_SUCCESS) &&
335 		    (rkda->da_u.result.status != ELFSIGN_RESTRICTED)) ||
336 		    !(rkda->da_u.result.siglen == mp->sigsize) ||
337 		    (bcmp(rkda->da_u.result.signature, mp->sigdata,
338 		    mp->sigsize))) {
339 			cmn_err(CE_WARN, "Module verification failed for %s.",
340 			    filename);
341 		} else {
342 			error = 0;
343 		}
344 
345 		if (rkda->da_u.result.status == ELFSIGN_RESTRICTED) {
346 			pd->pd_flags |= KCF_PROV_RESTRICTED;
347 			KCF_FRMWRK_DEBUG(2, ("provider is restricted\n"));
348 		}
349 
350 		if (rkda != kda)
351 			kmem_free(rkda, darg.rsize);
352 
353 	} else {
354 		cmn_err(CE_WARN, "Module verification door upcall failed "
355 		    "for %s. errno = %d", filename, rv);
356 	}
357 
358 	kmem_free(kda, sizeof (kcf_door_arg_t) + mp->sigsize);
359 	door_ki_rele(ldh);
360 
361 	mutex_enter(&pd->pd_lock);
362 	/* change state only if the original state is unchanged */
363 	if (pd->pd_state == KCF_PROV_UNVERIFIED) {
364 		if (error == 0) {
365 			pd->pd_state = KCF_PROV_READY;
366 			do_notify = B_TRUE;
367 		} else {
368 			pd->pd_state = KCF_PROV_VERIFICATION_FAILED;
369 		}
370 	}
371 	mutex_exit(&pd->pd_lock);
372 
373 	if (do_notify) {
374 		/* Dispatch events for this new provider */
375 		kcf_do_notify(pd, B_TRUE);
376 	}
377 
378 out:
379 	if (modhold_done)
380 		mod_release_mod(mctlp);
381 	KCF_PROV_REFRELE(pd);
382 }
383 
384 /* called from the CRYPTO_LOAD_DOOR ioctl */
385 int
386 crypto_load_door(uint_t did)
387 {
388 	mutex_enter(&kcf_dh_lock);
389 	kcf_dh = door_ki_lookup(did);
390 	mutex_exit(&kcf_dh_lock);
391 
392 	verify_unverified_providers();
393 
394 	/* Start the timeout handler to get random numbers */
395 	if (rngtimer_started == 0) {
396 		kcf_rnd_schedule_timeout(B_TRUE);
397 		rngtimer_started = 1;
398 	}
399 
400 	return (0);
401 }
402