10185 loader: add sha1 hash calculation

Reviewed by: Andy Fiddaman <af@citrus-it.net>
Approved by: Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>

10 files changed, 270 insertions, 8 deletions

diff --git a/usr/src/boot/sys/boot/Makefile b/usr/src/boot/sys/boot/Makefile
index fbda11357b..8a93119cd2 100644
--- a/usr/src/boot/sys/boot/Makefile
+++ b/usr/src/boot/sys/boot/Makefile
@@ -18,7 +18,7 @@
 include $(SRC)/Makefile.master
 
 INSTDIRS = i386 efi
-SUBDIRS = libstand libficl zfs $(INSTDIRS)
+SUBDIRS = libstand libficl libcrypto zfs $(INSTDIRS)
 
 all	:=	TARGET = all
 clean	:=	TARGET = clean
diff --git a/usr/src/boot/sys/boot/common/bootstrap.h b/usr/src/boot/sys/boot/common/bootstrap.h
index 97d86bed57..0ffe65f725 100644
--- a/usr/src/boot/sys/boot/common/bootstrap.h
+++ b/usr/src/boot/sys/boot/common/bootstrap.h
@@ -28,6 +28,7 @@
 #define	_BOOTSTRAP_H_
 
 #include <sys/types.h>
+#include <stdbool.h>
 #include <sys/queue.h>
 #include <sys/linker_set.h>
 
@@ -240,6 +241,7 @@ int  file_addmodule(struct preloaded_file *fp, char *modname, int version,
 void build_environment_module(void);
 void build_font_module(void);
 vm_offset_t bi_copyenv(vm_offset_t);
+bool sha1(void *, size_t, uint8_t *);
 
 /* MI module loaders */
 #ifdef __elfN
diff --git a/usr/src/boot/sys/boot/common/module.c b/usr/src/boot/sys/boot/common/module.c
index 243e8e466a..445d039144 100644
--- a/usr/src/boot/sys/boot/common/module.c
+++ b/usr/src/boot/sys/boot/common/module.c
@@ -39,9 +39,16 @@
 #include <sys/stdint.h>
 #include <sys/tem_impl.h>
 #include <sys/font.h>
+#include <sys/sha1.h>
 
 #include "bootstrap.h"
 
+#if defined(EFI)
+#define	PTOV(pa)	((void *)pa)
+#else
+#include "../i386/btx/lib/btxv86.h"
+#endif
+
 #define	MDIR_REMOVED	0x0001
 #define	MDIR_NOHINTS	0x0002
 
@@ -257,16 +264,20 @@ command_lsmod(int argc, char *argv[])
     struct kernel_module	*mp;
     struct file_metadata	*md;
     char			lbuf[80];
-    int				ch, verbose, ret = 0;
+    int				ch, verbose, hash, ret = 0;
 
     verbose = 0;
+    hash = 0;
     optind = 1;
     optreset = 1;
-    while ((ch = getopt(argc, argv, "v")) != -1) {
+    while ((ch = getopt(argc, argv, "vs")) != -1) {
 	switch(ch) {
 	case 'v':
 	    verbose = 1;
 	    break;
+	case 's':
+	    hash = 1;
+	    break;
 	case '?':
 	default:
 	    /* getopt has already reported an error */
@@ -287,7 +298,25 @@ command_lsmod(int argc, char *argv[])
 	    pager_output(fp->f_args);
 	    if (pager_output("\n"))
 		break;
+	    if (strcmp(fp->f_type, "hash") == 0) {
+		pager_output("    contents: ");
+		strncpy(lbuf, PTOV(fp->f_addr), fp->f_size);
+		if (pager_output(lbuf))
+			break;
+	    }
+	}
+
+	if (hash == 1) {
+		void *ptr = PTOV(fp->f_addr);
+
+		pager_output("  hash: ");
+		sha1(ptr, fp->f_size, (uint8_t *)lbuf);
+		for (int i = 0; i < SHA1_DIGEST_LENGTH; i++)
+			printf("%02x", (int)(lbuf[i] & 0xff));
+		if (pager_output("\n"))
+			break;
 	}
+
 	if (fp->f_modules) {
 	    pager_output("  modules: ");
 	    for (mp = fp->f_modules; mp; mp = mp->m_next) {
@@ -425,6 +454,22 @@ env_get_size(void)
 	return (size);
 }
 
+static void
+module_hash(struct preloaded_file *fp, void *addr, size_t size)
+{
+	uint8_t hash[SHA1_DIGEST_LENGTH];
+	char ascii[2 * SHA1_DIGEST_LENGTH + 1];
+	int i;
+
+	sha1(addr, size, hash);
+	for (i = 0; i < SHA1_DIGEST_LENGTH; i++) {
+		snprintf(ascii + 2 * i, sizeof (ascii) - 2 * i, "%02x",
+		    hash[i] & 0xff);
+	}
+	/* Out of memory here is not fatal issue. */
+	asprintf(&fp->f_args, "hash=%s", ascii);
+}
+
 /*
  * Create virtual module for environment variables.
  * This module should be created as late as possible before executing
@@ -474,8 +519,8 @@ build_environment_module(void)
 	}
 
 	laddr = bi_copyenv(loadaddr);
-
 	/* Looks OK so far; populate control structure */
+	module_hash(fp, PTOV(loadaddr), laddr - loadaddr);
 	fp->f_loader = -1;
 	fp->f_addr = loadaddr;
 	fp->f_size = laddr - loadaddr;
@@ -581,6 +626,7 @@ build_font_module(void)
 	laddr += archsw.arch_copyin(fd->vf_bytes, laddr, fi.fi_bitmap_size);
 
 	/* Looks OK so far; populate control structure */
+	module_hash(fp, PTOV(loadaddr), laddr - loadaddr);
 	fp->f_loader = -1;
 	fp->f_addr = loadaddr;
 	fp->f_size = laddr - loadaddr;
diff --git a/usr/src/boot/sys/boot/efi/loader/Makefile.com b/usr/src/boot/sys/boot/efi/loader/Makefile.com
index 74099f45d9..be81482ae1 100644
--- a/usr/src/boot/sys/boot/efi/loader/Makefile.com
+++ b/usr/src/boot/sys/boot/efi/loader/Makefile.com
@@ -147,9 +147,11 @@ loader.bin: loader.sym
 		--output-target=$(EFI_TARGET) --subsystem efi-app loader.sym $@
 
 LIBEFI=		../../libefi/$(MACHINE)/libefi.a
+LIBCRYPTO=	../../../libcrypto/$(MACHINE)/libcrypto.a
 
-DPADD=		$(LIBFICL) $(LIBZFSBOOT) $(LIBEFI) $(LIBSTAND) $(LDSCRIPT)
-LDADD=		$(LIBFICL) $(LIBZFSBOOT) $(LIBEFI) $(LIBSTAND)
+DPADD=		$(LIBFICL) $(LIBZFSBOOT) $(LIBEFI) $(LIBCRYPTO) $(LIBSTAND) \
+		$(LDSCRIPT)
+LDADD=		$(LIBFICL) $(LIBZFSBOOT) $(LIBEFI) $(LIBCRYPTO) $(LIBSTAND)
 
 
 loader.sym:	$(OBJS) $(DPADD)
diff --git a/usr/src/boot/sys/boot/i386/loader/Makefile b/usr/src/boot/sys/boot/i386/loader/Makefile
index 84eb91bfde..b9d3705a00 100644
--- a/usr/src/boot/sys/boot/i386/loader/Makefile
+++ b/usr/src/boot/sys/boot/i386/loader/Makefile
@@ -98,6 +98,7 @@ LDFLAGS=	-static -Ttext 0x0
 # i386 standalone support library
 CPPFLAGS +=	-I.. -I../../../../lib/libstand
 LIBSTAND=	../../libstand/$(MACH)/libstand.a
+LIBCRYPTO=	../../libcrypto/$(MACH)/libcrypto.a
 
 # BTX components
 CPPFLAGS +=	-I../btx/lib
@@ -135,8 +136,8 @@ FORTH +=	menu.rc
 
 # XXX crt0.o needs to be first for pxeboot(8) to work
 
-DPADD=	${LIBFICL} ${LIBZFSBOOT} ${LIBI386} ${LIBSTAND}
-LDADD=	${LIBFICL} ${LIBZFSBOOT} ${LIBI386} ${LIBSTAND}
+DPADD=	${LIBFICL} ${LIBZFSBOOT} ${LIBI386} ${LIBCRYPTO} ${LIBSTAND}
+LDADD=	${LIBFICL} ${LIBZFSBOOT} ${LIBI386} ${LIBCRYPTO} ${LIBSTAND}
 
 CLEANFILES +=	machine x86
 
diff --git a/usr/src/boot/sys/boot/libcrypto/Makefile b/usr/src/boot/sys/boot/libcrypto/Makefile
new file mode 100644
index 0000000000..482bfd2b4d
--- /dev/null
+++ b/usr/src/boot/sys/boot/libcrypto/Makefile
@@ -0,0 +1,34 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright 2016 Toomas Soome <tsoome@me.com>
+#
+
+.KEEP_STATE:
+
+include $(SRC)/Makefile.master
+
+SUBDIRS = $(MACH) $(MACH64)
+
+all	:=	TARGET = all
+clean	:=	TARGET = clean
+clobber	:=	TARGET = clobber
+install	:=	TARGET = install
+
+all clean clobber: $(SUBDIRS)
+
+install: all
+
+$(SUBDIRS): FRC
+	@cd $@; pwd; $(MAKE) $(MFLAGS) $(TARGET)
+
+FRC:
diff --git a/usr/src/boot/sys/boot/libcrypto/Makefile.com b/usr/src/boot/sys/boot/libcrypto/Makefile.com
new file mode 100644
index 0000000000..8776128ed5
--- /dev/null
+++ b/usr/src/boot/sys/boot/libcrypto/Makefile.com
@@ -0,0 +1,71 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright 2016 Toomas Soome <tsoome@me.com>
+#
+
+include $(SRC)/Makefile.master
+
+CC=     $(GCC_ROOT)/bin/gcc
+
+COMDIR = ../../../../../common/crypto
+
+install:
+
+SRCS +=	sha1.c digest.c
+OBJS += sha1.o digest.o
+
+CFLAGS = -Os
+CFLAGS += -fPIC -ffreestanding -msoft-float
+CFLAGS += -mno-mmx -mno-3dnow -mno-sse2 -mno-sse3 -mno-sse
+CFLAGS += -mno-avx -mno-aes -std=gnu99
+
+#.if ${MACHINE_CPUARCH} == "aarch64"
+#CFLAGS+=	-msoft-float -mgeneral-regs-only
+#.endif
+
+CPPFLAGS = -nostdinc -I. -I../../../../include -I../../..
+CPPFLAGS += -I../../../../lib/libstand
+
+# Pick up the bootstrap header for some interface items
+CPPFLAGS += -I../../common
+CPPFLAGS += -D_STANDALONE
+
+# For multiboot2.h, must be last, to avoid conflicts
+CPPFLAGS +=	-I$(SRC)/uts/common
+
+libcrypto.a: $(OBJS)
+	$(AR) $(ARFLAGS) $@ $(OBJS)
+
+clean: clobber
+clobber:
+	$(RM) $(CLEANFILES) $(OBJS) libcrypto.a
+
+machine:
+	$(RM) machine
+	$(SYMLINK) ../../../${MACHINE}/include machine
+
+x86:
+	$(RM) x86
+	$(SYMLINK) ../../../x86/include x86
+
+%.o:	../%.c
+	$(COMPILE.c) $<
+
+%.o:	../../../../../common/crypto/sha1/%.c
+	$(COMPILE.c) $<
+
+sha1-x86_64.s: $(COMDIR)/sha1/amd64/sha1-x86_64.pl
+	$(PERL) $? $@
+
+sha1-x86_64.o: sha1-x86_64.s
+	$(COMPILE.s) -o $@ ${@F:.o=.s}
diff --git a/usr/src/boot/sys/boot/libcrypto/amd64/Makefile b/usr/src/boot/sys/boot/libcrypto/amd64/Makefile
new file mode 100644
index 0000000000..f3c2b2e5df
--- /dev/null
+++ b/usr/src/boot/sys/boot/libcrypto/amd64/Makefile
@@ -0,0 +1,31 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright 2016 Toomas Soome <tsoome@me.com>
+#
+
+COMDIR=		$(SRC)/common/crypto
+MACHINE=	$(MACH64)
+AS=		$(AS_amd64_64)
+
+all:		libcrypto.a
+
+SRCS = sha1-x86_64.s
+OBJS = sha1-x86_64.o
+
+include ../Makefile.com
+ASFLAGS =	$(amd64_AS_XARCH) -I$(SRC)/uts/common -D_ASM
+
+CFLAGS +=	-m64
+CLEANFILES +=	machine x86 sha1-x86_64.s
+
+$(OBJS): machine x86
diff --git a/usr/src/boot/sys/boot/libcrypto/digest.c b/usr/src/boot/sys/boot/libcrypto/digest.c
new file mode 100644
index 0000000000..f3b37b7cb7
--- /dev/null
+++ b/usr/src/boot/sys/boot/libcrypto/digest.c
@@ -0,0 +1,48 @@
+
+#include <sys/cdefs.h>
+#include <stdbool.h>
+#include <stand.h>
+#include <sys/sha1.h>
+
+#include <bootstrap.h>
+
+bool
+sha1(void *data, size_t size, uint8_t *result)
+{
+	SHA1_CTX sha1_ctx;
+
+	SHA1Init(&sha1_ctx);
+	SHA1Update(&sha1_ctx, data, size);
+	SHA1Final(result, &sha1_ctx);
+
+	return (true);
+}
+
+static int
+command_sha1(int argc, char **argv)
+{
+	void *ptr;
+	size_t size, i;
+	uint8_t resultbuf[SHA1_DIGEST_LENGTH];
+
+	/*
+	 * usage: address size
+	 */
+	if (argc != 3) {
+		command_errmsg = "usage: address size";
+		return (CMD_ERROR);
+	}
+
+	ptr = (void *)(uintptr_t)strtol(argv[1], NULL, 0);
+	size = strtol(argv[2], NULL, 0);
+
+	if (sha1(ptr, size, resultbuf) == false)
+		return (CMD_OK);
+
+	for (i = 0; i < SHA1_DIGEST_LENGTH; i++)
+		printf("%02x", resultbuf[i]);
+	printf("\n");
+	return (CMD_OK);
+}
+
+COMMAND_SET(sha1, "sha1", "print the sha1 checksum", command_sha1);
diff --git a/usr/src/boot/sys/boot/libcrypto/i386/Makefile b/usr/src/boot/sys/boot/libcrypto/i386/Makefile
new file mode 100644
index 0000000000..64630eaeef
--- /dev/null
+++ b/usr/src/boot/sys/boot/libcrypto/i386/Makefile
@@ -0,0 +1,27 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright 2016 Toomas Soome <tsoome@me.com>
+#
+
+MACHINE=	$(MACH)
+ASFLAGS=	-m32
+
+all:		libcrypto.a
+
+include ../Makefile.com
+
+CFLAGS +=	-m32
+
+CLEANFILES +=	machine x86
+
+$(OBJS): machine x86