fips140-eval-testing.c 3.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * Copyright 2021 Google LLC
  4. *
  5. * This file can optionally be built into fips140.ko in order to support certain
  6. * types of testing that the FIPS lab has to do to evaluate the module. It
  7. * should not be included in production builds of the module.
  8. */
  9. /*
  10. * We have to redefine inline to mean always_inline, so that _copy_to_user()
  11. * gets inlined. This is needed for it to be placed into the correct section.
  12. * See fips140_copy_to_user().
  13. *
  14. * We also need to undefine BUILD_FIPS140_KO to allow the use of the code
  15. * patching which copy_to_user() requires.
  16. */
  17. #undef inline
  18. #define inline inline __attribute__((__always_inline__)) __gnu_inline \
  19. __inline_maybe_unused notrace
  20. #undef BUILD_FIPS140_KO
  21. /*
  22. * Since this .c file contains real module parameters for fips140.ko, it needs
  23. * to be compiled normally, so undo the hacks that were done in fips140-defs.h.
  24. */
  25. #define MODULE
  26. #undef KBUILD_MODFILE
  27. #undef __DISABLE_EXPORTS
  28. #include <linux/cdev.h>
  29. #include <linux/fs.h>
  30. #include <linux/module.h>
  31. #include <linux/slab.h>
  32. #include "fips140-module.h"
  33. #include "fips140-eval-testing-uapi.h"
  34. /*
  35. * This option allows deliberately failing the self-tests for a particular
  36. * algorithm.
  37. */
  38. static char *fips140_fail_selftest;
  39. module_param_named(fail_selftest, fips140_fail_selftest, charp, 0);
  40. /* This option allows deliberately failing the integrity check. */
  41. static bool fips140_fail_integrity_check;
  42. module_param_named(fail_integrity_check, fips140_fail_integrity_check, bool, 0);
  43. static dev_t fips140_devnum;
  44. static struct cdev fips140_cdev;
  45. /* Inject a self-test failure (via corrupting the result) if requested. */
  46. void fips140_inject_selftest_failure(const char *impl, u8 *result)
  47. {
  48. if (fips140_fail_selftest && strcmp(impl, fips140_fail_selftest) == 0)
  49. result[0] ^= 0xff;
  50. }
  51. /* Inject an integrity check failure (via corrupting the text) if requested. */
  52. void fips140_inject_integrity_failure(u8 *textcopy)
  53. {
  54. if (fips140_fail_integrity_check)
  55. textcopy[0] ^= 0xff;
  56. }
  57. static long fips140_ioctl_is_approved_service(unsigned long arg)
  58. {
  59. const char *service_name = strndup_user((const char __user *)arg, 256);
  60. long ret;
  61. if (IS_ERR(service_name))
  62. return PTR_ERR(service_name);
  63. ret = fips140_is_approved_service(service_name);
  64. kfree(service_name);
  65. return ret;
  66. }
  67. /*
  68. * Code in fips140.ko is covered by an integrity check by default, and this
  69. * check breaks if copy_to_user() is called. This is because copy_to_user() is
  70. * an inline function that relies on code patching. However, since this is
  71. * "evaluation testing" code which isn't included in the production builds of
  72. * fips140.ko, it's acceptable to just exclude it from the integrity check.
  73. */
  74. static noinline unsigned long __section("text.._fips140_unchecked")
  75. fips140_copy_to_user(void __user *to, const void *from, unsigned long n)
  76. {
  77. return copy_to_user(to, from, n);
  78. }
  79. static long fips140_ioctl_module_version(unsigned long arg)
  80. {
  81. const char *version = fips140_module_version();
  82. size_t len = strlen(version) + 1;
  83. if (len > 256)
  84. return -EOVERFLOW;
  85. if (fips140_copy_to_user((void __user *)arg, version, len))
  86. return -EFAULT;
  87. return 0;
  88. }
  89. static long fips140_ioctl(struct file *file, unsigned int cmd,
  90. unsigned long arg)
  91. {
  92. switch (cmd) {
  93. case FIPS140_IOCTL_IS_APPROVED_SERVICE:
  94. return fips140_ioctl_is_approved_service(arg);
  95. case FIPS140_IOCTL_MODULE_VERSION:
  96. return fips140_ioctl_module_version(arg);
  97. default:
  98. return -ENOTTY;
  99. }
  100. }
  101. static const struct file_operations fips140_fops = {
  102. .unlocked_ioctl = fips140_ioctl,
  103. };
  104. bool fips140_eval_testing_init(void)
  105. {
  106. if (alloc_chrdev_region(&fips140_devnum, 1, 1, "fips140") != 0) {
  107. pr_err("failed to allocate device number\n");
  108. return false;
  109. }
  110. cdev_init(&fips140_cdev, &fips140_fops);
  111. if (cdev_add(&fips140_cdev, fips140_devnum, 1) != 0) {
  112. pr_err("failed to add fips140 character device\n");
  113. return false;
  114. }
  115. return true;
  116. }