linux-pinenote/crypto/fips.c

/*
 * FIPS 200 support.
 *
 * Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com>
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
 * Software Foundation; either version 2 of the License, or (at your option)
 * any later version.
 *
 */

#include <linux/export.h>
#include <linux/fips.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/sysctl.h>

int fips_enabled;
EXPORT_SYMBOL_GPL(fips_enabled);

/* Process kernel command-line parameter at boot time. fips=0 or fips=1 */
static int fips_enable(char *str)
{
	fips_enabled = !!simple_strtol(str, NULL, 0);
	printk(KERN_INFO "fips mode: %s\n",
		fips_enabled ? "enabled" : "disabled");
	return 1;
}

__setup("fips=", fips_enable);

static struct ctl_table crypto_sysctl_table[] = {
	{
		.procname       = "fips_enabled",
		.data           = &fips_enabled,
		.maxlen         = sizeof(int),
		.mode           = 0444,
		.proc_handler   = proc_dointvec
	},
	{}
};

static struct ctl_table crypto_dir_table[] = {
	{
		.procname       = "crypto",
		.mode           = 0555,
		.child          = crypto_sysctl_table
	},
	{}
};

static struct ctl_table_header *crypto_sysctls;

static void crypto_proc_fips_init(void)
{
	crypto_sysctls = register_sysctl_table(crypto_dir_table);
}

static void crypto_proc_fips_exit(void)
{
	unregister_sysctl_table(crypto_sysctls);
}

static int __init fips_init(void)
{
	crypto_proc_fips_init();
	return 0;
}

static void __exit fips_exit(void)
{
	crypto_proc_fips_exit();
}

module_init(fips_init);
module_exit(fips_exit);
crypto: api - Add fips_enable flag Add the ability to turn FIPS-compliant mode on or off at boot In order to be FIPS compliant, several check may need to be preformed that may be construed as unusefull in a non-compliant mode. This patch allows us to set a kernel flag incating that we are running in a fips-compliant mode from boot up. It also exports that mode information to user space via a sysctl (/proc/sys/crypto/fips_enabled). Tested successfully by me. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2008-08-05 14:13:08 +08:00			`/*`
			`* FIPS 200 support.`
			`*`
			`* Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com>`
			`*`
			`* This program is free software; you can redistribute it and/or modify it`
			`* under the terms of the GNU General Public License as published by the Free`
			`* Software Foundation; either version 2 of the License, or (at your option)`
			`* any later version.`
			`*`
			`*/`

crypto: fips - Remove bogus inclusion of internal.h The header file internal.h is only meant for internal crypto API implementors such as rng.c. So fips has no business in including it. This patch removes that inclusions and instead adds inclusions of the actual features used by fips. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-04-22 13:25:54 +08:00			`#include <linux/export.h>`
			`#include <linux/fips.h>`
			`#include <linux/init.h>`
crypto: fips - Move fips_enabled sysctl into fips.c There is currently a large ifdef FIPS code section in proc.c. Ostensibly it's there because the fips_enabled sysctl sits under /proc/sys/crypto. However, no other crypto sysctls exist. In fact, the whole ethos of the crypto API is against such user interfaces so this patch moves all the FIPS sysctl code over to fips.c. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-04-22 13:25:56 +08:00			`#include <linux/module.h>`
crypto: fips - Remove bogus inclusion of internal.h The header file internal.h is only meant for internal crypto API implementors such as rng.c. So fips has no business in including it. This patch removes that inclusions and instead adds inclusions of the actual features used by fips. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-04-22 13:25:54 +08:00			`#include <linux/kernel.h>`
crypto: fips - Move fips_enabled sysctl into fips.c There is currently a large ifdef FIPS code section in proc.c. Ostensibly it's there because the fips_enabled sysctl sits under /proc/sys/crypto. However, no other crypto sysctls exist. In fact, the whole ethos of the crypto API is against such user interfaces so this patch moves all the FIPS sysctl code over to fips.c. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-04-22 13:25:56 +08:00			`#include <linux/sysctl.h>`
crypto: api - Add fips_enable flag Add the ability to turn FIPS-compliant mode on or off at boot In order to be FIPS compliant, several check may need to be preformed that may be construed as unusefull in a non-compliant mode. This patch allows us to set a kernel flag incating that we are running in a fips-compliant mode from boot up. It also exports that mode information to user space via a sysctl (/proc/sys/crypto/fips_enabled). Tested successfully by me. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2008-08-05 14:13:08 +08:00
			`int fips_enabled;`
			`EXPORT_SYMBOL_GPL(fips_enabled);`

			`/* Process kernel command-line parameter at boot time. fips=0 or fips=1 */`
			`static int fips_enable(char *str)`
			`{`
			`fips_enabled = !!simple_strtol(str, NULL, 0);`
			`printk(KERN_INFO "fips mode: %s\n",`
			`fips_enabled ? "enabled" : "disabled");`
			`return 1;`
			`}`

			`__setup("fips=", fips_enable);`
crypto: fips - Move fips_enabled sysctl into fips.c There is currently a large ifdef FIPS code section in proc.c. Ostensibly it's there because the fips_enabled sysctl sits under /proc/sys/crypto. However, no other crypto sysctls exist. In fact, the whole ethos of the crypto API is against such user interfaces so this patch moves all the FIPS sysctl code over to fips.c. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-04-22 13:25:56 +08:00
			`static struct ctl_table crypto_sysctl_table[] = {`
			`{`
			`.procname = "fips_enabled",`
			`.data = &fips_enabled,`
			`.maxlen = sizeof(int),`
			`.mode = 0444,`
			`.proc_handler = proc_dointvec`
			`},`
			`{}`
			`};`

			`static struct ctl_table crypto_dir_table[] = {`
			`{`
			`.procname = "crypto",`
			`.mode = 0555,`
			`.child = crypto_sysctl_table`
			`},`
			`{}`
			`};`

			`static struct ctl_table_header *crypto_sysctls;`

			`static void crypto_proc_fips_init(void)`
			`{`
			`crypto_sysctls = register_sysctl_table(crypto_dir_table);`
			`}`

			`static void crypto_proc_fips_exit(void)`
			`{`
			`unregister_sysctl_table(crypto_sysctls);`
			`}`

			`static int __init fips_init(void)`
			`{`
			`crypto_proc_fips_init();`
			`return 0;`
			`}`

			`static void __exit fips_exit(void)`
			`{`
			`crypto_proc_fips_exit();`
			`}`

			`module_init(fips_init);`
			`module_exit(fips_exit);`