crypto/fips.c

   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /*
   3  * FIPS 200 support.
   4  *
   5  * Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com>
   6  */
   7
   8 #include <linux/export.h>
   9 #include <linux/fips.h>
  10 #include <linux/init.h>
  11 #include <linux/module.h>
  12 #include <linux/kernel.h>
  13 #include <linux/sysctl.h>
  14 #include <linux/notifier.h>
  15 #include <generated/utsrelease.h>
  16
  17 int fips_enabled;
  18 EXPORT_SYMBOL_GPL(fips_enabled);
  19
  20 ATOMIC_NOTIFIER_HEAD(fips_fail_notif_chain);
  21 EXPORT_SYMBOL_GPL(fips_fail_notif_chain);
  22
  23 /* Process kernel command-line parameter at boot time. fips=0 or fips=1 */
  24 static int fips_enable(char *str)
  25 {
  26         fips_enabled = !!simple_strtol(str, NULL, 0);
  27         printk(KERN_INFO "fips mode: %s\n",
  28                 fips_enabled ? "enabled" : "disabled");
  29         return 1;
  30 }
  31
  32 __setup("fips=", fips_enable);
  33
  34 #define FIPS_MODULE_NAME CONFIG_CRYPTO_FIPS_NAME
  35 #ifdef CONFIG_CRYPTO_FIPS_CUSTOM_VERSION
  36 #define FIPS_MODULE_VERSION CONFIG_CRYPTO_FIPS_VERSION
  37 #else
  38 #define FIPS_MODULE_VERSION UTS_RELEASE
  39 #endif
  40
  41 static char fips_name[] = FIPS_MODULE_NAME;
  42 static char fips_version[] = FIPS_MODULE_VERSION;
  43
  44 static struct ctl_table crypto_sysctl_table[] = {
  45         {
  46                 .procname       = "fips_enabled",
  47                 .data           = &fips_enabled,
  48                 .maxlen         = sizeof(int),
  49                 .mode           = 0444,
  50                 .proc_handler   = proc_dointvec
  51         },
  52         {
  53                 .procname       = "fips_name",
  54                 .data           = &fips_name,
  55                 .maxlen         = 64,
  56                 .mode           = 0444,
  57                 .proc_handler   = proc_dostring
  58         },
  59         {
  60                 .procname       = "fips_version",
  61                 .data           = &fips_version,
  62                 .maxlen         = 64,
  63                 .mode           = 0444,
  64                 .proc_handler   = proc_dostring
  65         },
  66 };
  67
  68 static struct ctl_table_header *crypto_sysctls;
  69
  70 static void crypto_proc_fips_init(void)
  71 {
  72         crypto_sysctls = register_sysctl("crypto", crypto_sysctl_table);
  73 }
  74
  75 static void crypto_proc_fips_exit(void)
  76 {
  77         unregister_sysctl_table(crypto_sysctls);
  78 }
  79
  80 void fips_fail_notify(void)
  81 {
  82         if (fips_enabled)
  83                 atomic_notifier_call_chain(&fips_fail_notif_chain, 0, NULL);
  84 }
  85 EXPORT_SYMBOL_GPL(fips_fail_notify);
  86
  87 static int __init fips_init(void)
  88 {
  89         crypto_proc_fips_init();
  90         return 0;
  91 }
  92
  93 static void __exit fips_exit(void)
  94 {
  95         crypto_proc_fips_exit();
  96 }
  97
  98 subsys_initcall(fips_init);
  99 module_exit(fips_exit);