diff options
| author | Andy Fiddaman <omnios@citrus-it.co.uk> | 2018-02-07 15:01:24 +0000 |
|---|---|---|
| committer | Hans Rosenfeld <hans.rosenfeld@joyent.com> | 2018-02-09 10:43:07 +0100 |
| commit | bf5d9f18edeb77c14df996d367853599bdd43fd1 (patch) | |
| tree | 8fd13e954aafaf9802519bf439de34d48a665464 | |
| parent | a356818ef9fb10d29d03bcf84f6535092a4efff2 (diff) | |
| download | illumos-joyent-bf5d9f18edeb77c14df996d367853599bdd43fd1.tar.gz | |
9070 Remove wanboot from gate
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Reviewed by: Peter Tribble <peter.tribble@gmail.com>
Reviewed by: Alexander Pyhalov <apyhalov@gmail.com>
Reviewed by: Jorge Schrauwen <sjorge@blackdot.be>
Approved by: Hans Rosenfeld <hans.rosenfeld@joyent.com>
143 files changed, 37 insertions, 26771 deletions
diff --git a/exception_lists/packaging b/exception_lists/packaging index 5e6e873d8c..0ed8ba06e0 100644 --- a/exception_lists/packaging +++ b/exception_lists/packaging @@ -419,13 +419,6 @@ usr/lib/sparcv9/libuutil.so sparc # usr/include/sys/multidata_impl.h # -# The following files are used by wanboot. -# They contain interfaces which are currently private. -# -usr/include/sys/wanboot_impl.h -usr/include/wanboot -usr/include/wanbootutil.h -# # Even though all the objects built under usr/src/stand are later glommed # together into a couple of second-stage boot loaders, we dump the static # archives and lint libraries into $(ROOT)/stand for intermediate use diff --git a/usr/src/Makefile.lint b/usr/src/Makefile.lint index 18d2f2398a..8e589d6626 100644 --- a/usr/src/Makefile.lint +++ b/usr/src/Makefile.lint @@ -82,7 +82,6 @@ COMMON_SUBDIRS = \ cmd/cmd-inet/usr.lib/slpd \ cmd/cmd-inet/usr.lib/vrrpd \ cmd/cmd-inet/usr.lib/wpad \ - cmd/cmd-inet/usr.lib/wanboot \ cmd/cmd-inet/usr.sadm \ cmd/cmd-inet/usr.sbin \ cmd/cmd-inet/usr.sbin/ilbadm \ @@ -441,8 +440,6 @@ COMMON_SUBDIRS = \ lib/libuuid \ lib/libuutil \ lib/libvrrpadm \ - lib/libwanboot \ - lib/libwanbootutil \ lib/libxnet \ lib/libzfs \ lib/libzfs_jni \ diff --git a/usr/src/Targetdirs b/usr/src/Targetdirs index 1c0479fe60..25d0a14e02 100644 --- a/usr/src/Targetdirs +++ b/usr/src/Targetdirs @@ -272,7 +272,6 @@ DIRS= \ /usr/lib/hal \ /usr/lib/inet \ /usr/lib/inet/ilb \ - /usr/lib/inet/wanboot \ /usr/lib/krb5 \ /usr/lib/link_audit \ /usr/lib/lwp \ diff --git a/usr/src/cmd/cmd-inet/etc/Makefile b/usr/src/cmd/cmd-inet/etc/Makefile index 2336c5af1d..c9d3824663 100644 --- a/usr/src/cmd/cmd-inet/etc/Makefile +++ b/usr/src/cmd/cmd-inet/etc/Makefile @@ -25,7 +25,7 @@ SYMPROG= hosts inetd.conf networks protocols services netmasks # New /etc/inet files shouldn't have /etc entries. EDITPROG= ipaddrsel.conf ipsecalgs PROG= datemsk.ndpd ipsecinit.sample ipqosconf.1.sample ipqosconf.2.sample \ - ipqosconf.3.sample wanboot.conf.sample + ipqosconf.3.sample ETCPROG= $(SYMPROG) $(EDITPROG) $(PROG) SUBDIRS= default dhcp init.d ike nca ppp secret sock2path.d diff --git a/usr/src/cmd/cmd-inet/etc/wanboot.conf.sample b/usr/src/cmd/cmd-inet/etc/wanboot.conf.sample deleted file mode 100644 index 8fc0ee5d47..0000000000 --- a/usr/src/cmd/cmd-inet/etc/wanboot.conf.sample +++ /dev/null @@ -1,104 +0,0 @@ -# -# Copyright 2005 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# ident "%Z%%M% %I% %E% SMI" - -#################################################################### -# wanboot.conf(4): boot configuration file. -# -# Please consult wanboot.conf(4) for further information. Note that -# this interface is "Evolving" as defined by attributes(5). -# -# Anything after a '#' is comment. Values may be quoted (e.g. "val"). -# -# <empty> means there is no value, i.e. null. The absence of any -# parameter implies that it takes a default value (<empty> unless -# otherwise specified). -# -# <url> is of the form http://... or https://... -#################################################################### - -# The path of the bootstrap file (within htdocs) which is served up -# by wanboot-cgi(bootfile). -# -boot_file=/bootfiles/wanboot # <absolute pathname> - -# These are used by wanboot-cgi(bootfile|bootfs|rootfs) to determine -# whether boot_file or the bootfs is to be sent encrypted/signed, or -# root_file is to be sent signed; the client must be setup with the -# corresponding encryption/signature key(s) (which cannot be auto- -# matically verified). -# -# If an encryption_type is specified then a signature_type must also -# be specified. -# -encryption_type=3des # 3des | aes | <empty> -signature_type=sha1 # sha1 | <empty> - -# This is used by wanboot-cgi(bootfs) and wanboot to determine whether -# server authentication should be requested during SSL connection -# setup. -# -server_authentication=yes # yes | no - -# This is used by wanboot-cgi(bootfs) and wanboot to determine whether -# client authentication should be requested during SSL connection -# setup. If client_authentication is "yes", then server_authentication -# must also be "yes". -# -client_authentication=yes # yes | no - -# wanboot-cgi(bootfs) will construct a hosts file which resolves any -# hostnames specified in any of the URLs in the wanboot.conf file, -# plus those found in certificates, etc. The following parameter -# may be used to add additional mappings to the hosts file. -# -resolve_hosts= # <hostname>[,<hostname>*] | <empty> - -# This is used to specify the URL of wanboot-cgi on the server on which -# the root_file exists, and used by wanboot to obtain the root server's -# URL; wanboot substitutes root_file for the pathname part of the URL. -# If the schema is http://... then the root_file will be signed if there -# is a non-empty signature_type. If server_authentication is "yes", the -# schema must be https://...; otherwise it must be http://... -# -root_server=https://host:port/cgi-bin/wanboot-cgi # <url> | <empty> - -# This is used by wanboot-cgi(rootfs) to locate the path of the -# rootfs image (within htdocs) on the root_server. -# -root_file=/rootimages/miniroot # <absolute pathname> | <empty> - -# This is used by wanboot to determine the URL of the bootserver -# (and whether bootlog traffic should be sent using http or https), -# or whether it should simply be sent to the console. -# -boot_logger= # <url> | <empty> - -# This is used by the system startup scripts. If set, it should -# point to a file that contains name value pairs to be used at -# start up time. For example, this file may be used to provide -# install the values for sysidcfg and jumpscfg. -# -system_conf=system.conf diff --git a/usr/src/cmd/cmd-inet/sbin/dhcpagent/README.v6 b/usr/src/cmd/cmd-inet/sbin/dhcpagent/README.v6 index a52fe3e6b9..77adf3655b 100644 --- a/usr/src/cmd/cmd-inet/sbin/dhcpagent/README.v6 +++ b/usr/src/cmd/cmd-inet/sbin/dhcpagent/README.v6 @@ -20,8 +20,6 @@ CDDL HEADER END Copyright 2007 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. -ident "%Z%%M% %I% %E% SMI" - ** PLEASE NOTE: ** @@ -135,7 +133,7 @@ Background dhcp_pkt_t is a wrapper for packets to be sent. The basic PKT structure is used in dhcpagent, inetboot, in.dhcpd, - libdhcpagent, libwanboot, libdhcputil, and others. PKT_LIST is used + libdhcpagent, libdhcputil, and others. PKT_LIST is used in a similar set of places, including the kernel NFS modules. dhcp_pkt_t is (as the header file implies) limited to dhcpagent. diff --git a/usr/src/cmd/cmd-inet/sbin/dhcpagent/adopt.c b/usr/src/cmd/cmd-inet/sbin/dhcpagent/adopt.c index d81cb9264f..4fbaf6ac72 100644 --- a/usr/src/cmd/cmd-inet/sbin/dhcpagent/adopt.c +++ b/usr/src/cmd/cmd-inet/sbin/dhcpagent/adopt.c @@ -264,8 +264,7 @@ get_dhcp_kcache(dhcp_kcache_t **kernel_cachep, size_t *kcache_size) * output: boolean_t: Returns B_TRUE if successful (no problems), * otherwise B_FALSE. * note: The memory allocated by this function must be freed by - * the caller. This code is derived from - * usr/src/lib/libwanboot/common/bootinfo_aux.c. + * the caller. */ static boolean_t diff --git a/usr/src/cmd/cmd-inet/usr.lib/Makefile b/usr/src/cmd/cmd-inet/usr.lib/Makefile index 718d4ed15a..9f3c16413e 100644 --- a/usr/src/cmd/cmd-inet/usr.lib/Makefile +++ b/usr/src/cmd/cmd-inet/usr.lib/Makefile @@ -27,15 +27,14 @@ SUBDIRS= bridged ilbd in.chargend in.daytimed \ in.discardd in.echod in.mpathd in.ndpd \ in.ripngd in.timed inetd mdnsd ncaconfd pppoe \ - slpd vrrpd wanboot wpad + slpd vrrpd wpad -MSGSUBDIRS= ilbd inetd ncaconfd vrrpd wanboot +MSGSUBDIRS= ilbd inetd ncaconfd vrrpd include ../../Makefile.cmd include ./Makefile.lib -POFILES= inetd/inetd.po ncaconfd/ncaconfd.po vrrpd/vrrpd.po \ - wanboot/wanboot.po +POFILES= inetd/inetd.po ncaconfd/ncaconfd.po vrrpd/vrrpd.po POFILE= usr.lib.po all:= TARGET= all diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/Makefile b/usr/src/cmd/cmd-inet/usr.lib/wanboot/Makefile deleted file mode 100644 index 2d7d04478f..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/Makefile +++ /dev/null @@ -1,79 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" -# - -include $(SRC)/cmd/Makefile.cmd - -SUBDIR_SCR= bootlog-cgi -SUBDIR_PGMS= wanboot-cgi\ - keygen \ - keymgmt \ - hmac \ - encr \ - ickey \ - p12split \ - netbootinfo - -SUBDIRS= $(SUBDIR_SCR) $(SUBDIR_PGMS) - -MSGFILES= encr/encr.c hmac/hmac.c ickey/ickey.c keygen/keygen.c \ - keymgmt/keymgmt.c p12split/p12split.c netbootinfo/netbootinfo.c - -POFILE= wanboot.po -XGETFLAGS += -a -x wanboot.xcl - -all:= TARGET= all -install:= TARGET= install -clean:= TARGET= clean -clobber:= TARGET= clobber -lint:= TARGET= lint -_msg:= TARGET= _msg - -.KEEP_STATE: -.PARALLEL: $(SUBDIRS) - -all install: $(SUBDIRS) - -lint: $(SUBDIR_PGMS) - -clean: $(SUBDIR_PGMS) - -clobber: $(SUBDIR_PGMS) local_clobber - -local_clobber: - $(RM) $(CLOBBERFILES) - -$(POFILE): pofile_MSGFILES - -_msg: $(MSGDOMAINPOFILE) - -$(SUBDIRS): FRC - @cd $@; pwd; $(MAKE) $(TARGET) - -FRC: - -include $(SRC)/Makefile.msg.targ diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/Makefile.com b/usr/src/cmd/cmd-inet/usr.lib/wanboot/Makefile.com deleted file mode 100644 index aa9d03f162..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/Makefile.com +++ /dev/null @@ -1,34 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# - -include $(SRC)/cmd/Makefile.cmd -ROOTCMDDIR = $(ROOT)/usr/lib/inet/wanboot - -CMNCRYPTDIR = ../../../../../common/net/wanboot/crypt - -CERRWARN += -_gcc=-Wno-uninitialized - -.KEEP_STATE: diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/bootlog-cgi/Makefile b/usr/src/cmd/cmd-inet/usr.lib/wanboot/bootlog-cgi/Makefile deleted file mode 100644 index b84272bc89..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/bootlog-cgi/Makefile +++ /dev/null @@ -1,37 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" -# - -include ../Makefile.com - -PROG= bootlog-cgi - -all: $(PROG) - -install: all $(ROOTCMD) - -include ../../../../Makefile.targ diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/bootlog-cgi/bootlog-cgi b/usr/src/cmd/cmd-inet/usr.lib/wanboot/bootlog-cgi/bootlog-cgi deleted file mode 100644 index 0e4317de55..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/bootlog-cgi/bootlog-cgi +++ /dev/null @@ -1,59 +0,0 @@ -#! /usr/bin/sh -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" -# - -# cgi script to handle bootlog messages -# formats the message: -# replaces <time> placemarker by local time -# removes '\' inserted by cgi gateway -# writes the message to a log file - -BOOTLOG_PATH="/tmp/" -BOOTLOG_FILE_PREFIX="bootlog" -hostname=$2 - -# disable filename globbing -set -f - -bootlog_file=${BOOTLOG_PATH}${BOOTLOG_FILE_PREFIX}.$hostname - -# write date in bootlog format -echo "`date '+%b %d %H:%M:%S'` \c" >> $bootlog_file -# remove backslashes inserted by CGI gateway -# and remove time placeholder -echo $* | sed 's/\\//g;s/<time>//g' >> $bootlog_file - -# Do not change these lines vvv -echo Content-type: text/plain -echo Content-length: 32 -echo - -echo CGI/1.0 bootlog script report: -echo -# Do not change these lines ^^^ - diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/encr/Makefile b/usr/src/cmd/cmd-inet/usr.lib/wanboot/encr/Makefile deleted file mode 100644 index 4d57d0ad1e..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/encr/Makefile +++ /dev/null @@ -1,44 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" -# - -include ../Makefile.com - -PROG = encr -LDLIBS += -lwanbootutil - -CPPFLAGS += -I$(CMNCRYPTDIR) - -all: $(PROG) - -install: all $(ROOTCMD) - -clean: - -lint: lint_PROG - -include ../../../../Makefile.targ diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/encr/encr.c b/usr/src/cmd/cmd-inet/usr.lib/wanboot/encr/encr.c deleted file mode 100644 index 730f5b8101..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/encr/encr.c +++ /dev/null @@ -1,420 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <fcntl.h> -#include <libintl.h> -#include <locale.h> -#include <sys/des.h> -#include <strings.h> -#include <errno.h> -#include <wanbootutil.h> -#include <sys/sysmacros.h> -#include <sys/wanboot_impl.h> - -/* Return codes */ -#define ENCR_SUCCESS 0 -#define ENCR_NOKEY 1 -#define ENCR_ERROR 2 - -/* Private buffer length */ -#define ENCR_BUF_LEN 1024 - -/* Encryption algorithm suboption. */ -#define TYPE 0 - -static char *opts[] = { "type", NULL }; - -/* - * This routine is used to parse the suboptions of '-o' option. - * - * The option should be of the form: type=<3des|aes> - * - * This routine will pass the value of the suboption back in the - * supplied arguments, 'ka'. - * - * Returns: - * ENCR_SUCCESS or ENCR_ERROR. - */ -static int -process_option(char *arg, wbku_key_attr_t *ka) -{ - char *value; - wbku_retcode_t ret; - - while (*arg != '\0') { - switch (getsubopt(&arg, opts, &value)) { - case TYPE: - /* - * Key type. - */ - ret = wbku_str_to_keyattr(value, ka, WBKU_ENCR_KEY); - if (ret != WBKU_SUCCESS) { - wbku_printerr("%s\n", wbku_retmsg(ret)); - return (ENCR_ERROR); - } - break; - default: - wbku_printerr("Invalid option %s\n", value); - return (ENCR_ERROR); - } - } - - return (ENCR_SUCCESS); -} - -/* - * This routine is used to find the key of type defined by 'ka' and - * return it in 'key'. The key file should have been opened by the - * caller and the handle passed in 'key_fp'. - * - * Returns: - * ENCR_SUCCESS, ENCR_ERROR or ENCR_NOKEY. - */ -static int -get_key(FILE *key_fp, wbku_key_attr_t *ka, uint8_t *key) -{ - wbku_retcode_t ret; - - /* - * Find the client key, if it exists. - */ - ret = wbku_find_key(key_fp, NULL, ka, key, B_FALSE); - if (ret != WBKU_SUCCESS) { - wbku_printerr("%s\n", wbku_retmsg(ret)); - if (ret == WBKU_NOKEY) - return (ENCR_NOKEY); - else - return (ENCR_ERROR); - } - return (ENCR_SUCCESS); -} - -/* - * This routine is the common encryption routine used to encrypt data - * using the CBC handle initialized by the calling routine. The data - * to be encrypted is read from stdin and the encrypted data is written to - * stdout. - * - * Returns: - * ENCR_SUCCESS or ENCR_ERROR. - */ -static int -encr_gen(cbc_handle_t *ch) -{ - uint8_t iv[WANBOOT_MAXBLOCKLEN]; - uint8_t buf[ENCR_BUF_LEN]; - uint8_t *bufp; - int read_size; - ssize_t i, j, k; - - /* - * Use a random number as the IV - */ - if (wbio_nread_rand(iv, ch->blocklen) != 0) { - wbku_printerr("Cannot generate initialization vector"); - return (ENCR_ERROR); - } - - /* - * Output the IV to stdout. - */ - if (wbio_nwrite(STDOUT_FILENO, iv, ch->blocklen) != 0) { - wbku_printerr("Write error encountered\n"); - return (ENCR_ERROR); - } - - /* - * Try to read in multiple of block_size as CBC requires - * that data be encrypted in block_size chunks. - */ - read_size = ENCR_BUF_LEN / ch->blocklen * ch->blocklen; - while ((i = read(STDIN_FILENO, buf, read_size)) > 0) { - /* - * If data received is not a multiple of the block size, - * try to receive more. If reach EOF, pad the rest with - * 0. - */ - if ((j = i % ch->blocklen) != 0) { - /* - * Determine how more data need to be received to - * fill out the buffer so that it contains a - * multiple of block_size chunks. - */ - j = ch->blocklen - j; - bufp = buf + i; - k = j; - - /* - * Try to fill the gap. - * - */ - while ((j = read(STDIN_FILENO, bufp, j)) != k && - j != 0) { - bufp += j; - k -= j; - j = k; - } - - /* - * This is the total length of the buffer. - */ - i = (i + ch->blocklen) - (i % ch->blocklen); - - if (j == 0) { - /* EOF, do padding. */ - (void) memset(bufp, 0, k); - (void) cbc_encrypt(ch, buf, i, iv); - } else if (j > 0) { - /* The gap has been filled in */ - (void) cbc_encrypt(ch, buf, i, iv); - } else { - /* Oops. */ - wbku_printerr("Input error"); - return (ENCR_ERROR); - } - } else { - /* A multiple of the block size was received */ - (void) cbc_encrypt(ch, buf, i, iv); - } - if (wbio_nwrite(STDOUT_FILENO, buf, i) != 0) { - wbku_printerr("Write error encountered\n"); - return (ENCR_ERROR); - } - } - - return (ENCR_SUCCESS); -} - -/* - * This routine initializes a CBC handle for 3DES and calls the - * common encryption routine to encrypt data. - * - * Returns: - * ENCR_SUCCESS or ENCR_ERROR. - */ -static int -encr_gen_3des(const wbku_key_attr_t *ka, const uint8_t *key) -{ - cbc_handle_t ch; - void *eh; - int ret; - - /* - * Initialize a 3DES handle. - */ - if (des3_init(&eh) != 0) { - return (ENCR_ERROR); - } - des3_key(eh, key); - - /* - * Initialize the CBC handle. - */ - cbc_makehandle(&ch, eh, ka->ka_len, DES3_BLOCK_SIZE, - DES3_IV_SIZE, des3_encrypt, des3_decrypt); - - /* - * Encrypt the data. - */ - ret = encr_gen(&ch); - - /* - * Free the 3DES resources. - */ - des3_fini(eh); - - return (ret); -} - -/* - * This routine initializes a CBC handle for AES and calls the - * common encryption routine to encrypt data. - * - * Returns: - * ENCR_SUCCESS or ENCR_ERROR. - */ -static int -encr_gen_aes(const wbku_key_attr_t *ka, const uint8_t *key) -{ - cbc_handle_t ch; - void *eh; - int ret; - - /* - * Initialize an AES handle. - */ - if (aes_init(&eh) != 0) { - return (ENCR_ERROR); - } - aes_key(eh, key, ka->ka_len); - - /* - * Initialize the CBC handle. - */ - cbc_makehandle(&ch, eh, ka->ka_len, AES_BLOCK_SIZE, - AES_IV_SIZE, aes_encrypt, aes_decrypt); - - /* - * Encrypt the data. - */ - ret = encr_gen(&ch); - - /* - * Free the AES resources. - */ - aes_fini(eh); - - return (ret); -} - -/* - * Prints usage(). - */ -static void -usage(const char *cmd) -{ - (void) fprintf(stderr, - gettext("Usage: %s -o type=<%s|%s> -k key_file\n"), - cmd, WBKU_KW_3DES, WBKU_KW_AES_128); -} - -/* - * This program is used to encrypt data read from stdin and print it to - * stdout. The path to the key file and the algorithm to use are - * provided by the user. - * - * Returns: - * ENCR_SUCCESS, ENCR_ERROR or ENCR_NOKEY. - */ -int -main(int argc, char **argv) -{ - uint8_t key[WANBOOT_MAXKEYLEN]; - int c; - char *keyfile_name = NULL; - wbku_key_attr_t ka; - FILE *key_fp; - int ret; - - /* - * Do the necessary magic for localization support. - */ - (void) setlocale(LC_ALL, ""); -#if !defined(TEXT_DOMAIN) -#define TEXT_DOMAIN "SYS_TEST" -#endif - (void) textdomain(TEXT_DOMAIN); - - /* - * Initialize program name for use by wbku_printerr(). - */ - wbku_errinit(argv[0]); - - /* - * Should be five arguments. - */ - if (argc < 5) { - usage(argv[0]); - return (ENCR_ERROR); - } - - /* - * Parse the options. - */ - ka.ka_type = WBKU_KEY_UNKNOWN; - while ((c = getopt(argc, argv, "o:k:")) != EOF) { - switch (c) { - case 'o': - /* - * Suboptions. - */ - ret = process_option(optarg, &ka); - if (ret != ENCR_SUCCESS) { - usage(argv[0]); - return (ret); - } - break; - case 'k': - /* - * Path to key file. - */ - keyfile_name = optarg; - break; - default: - usage(argv[0]); - return (ENCR_ERROR); - } - } - - /* - * Gotta have a key file. - */ - if (keyfile_name == NULL) { - wbku_printerr("Must specify the key_file\n"); - return (ENCR_ERROR); - } - - /* - * Gotta have a key type. - */ - if (ka.ka_type == WBKU_KEY_UNKNOWN) { - wbku_printerr("Unsupported encryption algorithm\n"); - return (ENCR_ERROR); - } - - /* - * Open the key file for reading. - */ - if ((key_fp = fopen(keyfile_name, "r")) == NULL) { - wbku_printerr("Cannot open %s", keyfile_name); - return (ENCR_ERROR); - } - - /* - * Get the key from the key file and call the right - * encryption routine. - */ - ret = get_key(key_fp, &ka, key); - if (ret == ENCR_SUCCESS) { - switch (ka.ka_type) { - case WBKU_KEY_3DES: - ret = encr_gen_3des(&ka, key); - break; - case WBKU_KEY_AES_128: - ret = encr_gen_aes(&ka, key); - break; - default: - ret = ENCR_ERROR; /* Internal error only */ - } - } - - (void) fclose(key_fp); - return (ret); -} diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/hmac/Makefile b/usr/src/cmd/cmd-inet/usr.lib/wanboot/hmac/Makefile deleted file mode 100644 index 2b1733c3cc..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/hmac/Makefile +++ /dev/null @@ -1,44 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" -# - -include ../Makefile.com - -PROG= hmac -LDLIBS += -lwanbootutil - -CPPFLAGS += -I$(CMNCRYPTDIR) - -all: $(PROG) - -install: all $(ROOTCMD) - -clean: - -lint: lint_PROG - -include ../../../../Makefile.targ diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/hmac/hmac.c b/usr/src/cmd/cmd-inet/usr.lib/wanboot/hmac/hmac.c deleted file mode 100644 index 320550cf90..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/hmac/hmac.c +++ /dev/null @@ -1,237 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <fcntl.h> -#include <libintl.h> -#include <locale.h> -#include <string.h> -#include <errno.h> -#include <wanbootutil.h> -#include <sys/wanboot_impl.h> - -/* Return codes */ -#define HMAC_SUCCESS 0 -#define HMAC_NOKEY 1 -#define HMAC_ERROR 2 - -/* Private buffer length */ -#define HMAC_BUF_LEN 1024 - -/* - * This routine is used to compute a hash digest for the file represented - * by the file descirptor, 'fd'. The key, 'hmac_key', and key type, 'ka', - * will be provided by the caller. The resulting hash digest will be - * written to stdout. - * - * Returns: - * HMAC_SUCCESS or HMAC_ERROR. - */ -static int -hash_gen(int in_fd, const wbku_key_attr_t *ka, const uint8_t *hmac_key) -{ - SHA1_CTX ctx; - uint8_t buf[HMAC_BUF_LEN]; - ssize_t i; - uint8_t digest[HMAC_DIGEST_LEN]; - - /* - * Initialize the computation. - */ - HMACInit(&ctx, hmac_key, ka->ka_len); - - /* - * Read the data to hash. - */ - while ((i = read(in_fd, buf, HMAC_BUF_LEN)) > 0) { - HMACUpdate(&ctx, buf, i); - } - if (i < 0) { - wbku_printerr("Cannot read input_file"); - return (HMAC_ERROR); - } - - /* - * Finalize the digest. - */ - HMACFinal(&ctx, hmac_key, ka->ka_len, digest); - - /* - * Write the digest to stdout. - */ - if (wbio_nwrite(STDOUT_FILENO, digest, sizeof (digest)) != 0) { - wbku_printerr("Cannot output digest"); - return (HMAC_ERROR); - } - - /* - * Success. - */ - return (HMAC_SUCCESS); -} - -/* - * Prints usage(). - */ -static void -usage(const char *cmd) -{ - (void) fprintf(stderr, - gettext("Usage: %s [-i input_file] -k key_file\n"), cmd); -} - -/* - * This program is used to compute a hash digest for data read in from - * stdin or optionally, a file. The resulting hash digest will be written - * to stdout. - * - * Returns: - * HMAC_SUCCESS, HMAC_ERROR or HMAC_NOKEY. - */ -int -main(int argc, char **argv) -{ - uint8_t hmac_key[WANBOOT_HMAC_KEY_SIZE]; - int c; - char *infile_name = NULL; - char *keyfile_name = NULL; - int in_fd = -1; - FILE *key_fp = NULL; - wbku_key_attr_t ka; - wbku_retcode_t wbkuret; - int ret = HMAC_ERROR; - - /* - * Do the necessary magic for localization support. - */ - (void) setlocale(LC_ALL, ""); -#if !defined(TEXT_DOMAIN) -#define TEXT_DOMAIN "SYS_TEST" -#endif - (void) textdomain(TEXT_DOMAIN); - - /* - * Initialize program name for use by wbku_printerr(). - */ - wbku_errinit(argv[0]); - - /* - * Should be at least three arguments. - */ - if (argc < 3) { - usage(argv[0]); - return (HMAC_ERROR); - } - - /* - * Parse the options. - */ - while ((c = getopt(argc, argv, "i:k:")) != EOF) { - switch (c) { - case 'i': - /* - * Optional input file. - */ - infile_name = optarg; - break; - case 'k': - /* - * Path to key file. - */ - keyfile_name = optarg; - break; - default: - usage(argv[0]); - return (HMAC_ERROR); - } - } - - /* - * A key file must be defined. - */ - if (keyfile_name == NULL) { - wbku_printerr("Must specify the key_file\n"); - return (HMAC_ERROR); - } - - /* - * If the user did not provide an input file for the data, - * then use stdin as the source. - */ - if (infile_name == NULL) { - in_fd = STDIN_FILENO; - } else { - in_fd = open(infile_name, O_RDONLY); - if (in_fd < 0) { - wbku_printerr("Cannot open input_file"); - return (HMAC_ERROR); - } - } - - /* - * Open the key file for reading. - */ - if ((key_fp = fopen(keyfile_name, "r")) == NULL) { - wbku_printerr("Cannot open %s", keyfile_name); - goto out; - } - - /* - * Create a SHA1 key attribute structure. It's the only hash - * type we support. - */ - wbkuret = wbku_str_to_keyattr(WBKU_KW_HMAC_SHA1, &ka, WBKU_HASH_KEY); - if (wbkuret != WBKU_SUCCESS) { - wbku_printerr("%s\n", wbku_retmsg(wbkuret)); - goto out; - } - - /* - * Find the client key, if it exists. - */ - wbkuret = wbku_find_key(key_fp, NULL, &ka, hmac_key, B_FALSE); - if (wbkuret != WBKU_SUCCESS) { - wbku_printerr("%s\n", wbku_retmsg(wbkuret)); - ret = (wbkuret == WBKU_NOKEY) ? HMAC_NOKEY : HMAC_ERROR; - } else { - ret = hash_gen(in_fd, &ka, hmac_key); - } -out: - /* - * Cleanup. - */ - if (in_fd != -1) { - (void) close(in_fd); - } - if (key_fp != NULL) { - (void) fclose(key_fp); - } - - return (ret); -} diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/ickey/Makefile b/usr/src/cmd/cmd-inet/usr.lib/wanboot/ickey/Makefile deleted file mode 100644 index b6cefe2737..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/ickey/Makefile +++ /dev/null @@ -1,45 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" -# - -include ../Makefile.com - -PROG = ickey -LDLIBS += -linetutil -lwanbootutil - -COMMON_DIR = $(SRC)/common -CPPFLAGS += -I$(COMMON_DIR)/net/wanboot -I$(CMNCRYPTDIR) - -all: $(PROG) - -install: all $(ROOTCMD) - -clean: - -lint: lint_PROG - -include ../../../../Makefile.targ diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/ickey/ickey.c b/usr/src/cmd/cmd-inet/usr.lib/wanboot/ickey/ickey.c deleted file mode 100644 index ef177949e8..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/ickey/ickey.c +++ /dev/null @@ -1,287 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/types.h> -#include <sys/wanboot_impl.h> -#include <libinetutil.h> -#include <wanbootutil.h> -#include <libintl.h> -#include <locale.h> -#include <unistd.h> -#include <stdlib.h> -#include <strings.h> -#include <stdio.h> -#include <fcntl.h> -#include <ctype.h> -#include <assert.h> -#include <sys/openpromio.h> - -#define TYPE 0 -static char *progopts[] = { - "type", - NULL -}; - -/* - * The key's handle is the name by which a user knows the key (i.e. the - * name specified on the command line. The keyname is the name this - * utility uses to store the keys and the name OBP and wanboot use to - * retrieve them. - */ -static struct keylist { - const char *handle; - const char *keyname; - const int keysize; /* size of hex string representation */ -} keylist[] = { - WBKU_KW_3DES, WANBOOT_DES3_KEY_NAME, - (DES3_KEY_SIZE * 2), - WBKU_KW_AES_128, WANBOOT_AES_128_KEY_NAME, - (AES_128_KEY_SIZE * 2), - WBKU_KW_HMAC_SHA1, WANBOOT_HMAC_SHA1_KEY_NAME, - (WANBOOT_HMAC_KEY_SIZE * 2) -}; - -static const struct keylist *knownkeytype(char *); -static char *getkey(const struct keylist *); -static void deletekey(const struct keylist *); -static void installkey(const struct keylist *); -static void usage(const char *) __NORETURN; - -static boolean_t delete = B_FALSE; - -int -main(int ac, char **av) -{ - int i; - const struct keylist *k; - char *typestring = NULL; - char *options; - char *value; - - /* - * Do the necessary magic for localization support. - */ - (void) setlocale(LC_ALL, ""); -#if !defined(TEXT_DOMAIN) -#define TEXT_DOMAIN "SYS_TEST" -#endif - (void) textdomain(TEXT_DOMAIN); - - /* - * Initialize program name for use by wbku_printerr(). - */ - wbku_errinit(av[0]); - - while ((i = getopt(ac, av, "do:")) != -1) - switch (i) { - case 'd': - delete = B_TRUE; - break; - - case 'o': - options = optarg; - while (*options != '\0') { - switch (getsubopt(&options, progopts, - &value)) { - case TYPE: - typestring = value; - break; - - default: - /* unknown token */ - usage(*av); - /* NOTREACHED */ - } - } - break; - - case '?': - usage(*av); - /* NOTREACHED */ - } - - if ((optind >= ac) && (typestring != NULL) && - ((k = knownkeytype(typestring)) != NULL)) { - if (delete == B_TRUE) - deletekey(k); - else - installkey(k); - return (0); - } else { - usage(*av); - /* NOTREACHED */ - } -} - -static const struct keylist * -knownkeytype(char *type) -{ - int i; - - for (i = 0; i < sizeof (keylist)/sizeof (keylist[0]); i++) { - if (strcmp(keylist[i].handle, type) == 0) - return (&keylist[i]); - } - - return (NULL); -} - -static void -deletekey(const struct keylist *k) -{ - int fd; - struct wankeyio wkio; - struct openpromio *oio; - - (void) strlcpy(wkio.wk_keyname, k->keyname, WANBOOT_MAXKEYNAMELEN); - wkio.wk_keysize = 0; /* zero key size indicates a deletion */ - - oio = malloc(sizeof (struct openpromio) + sizeof (struct wankeyio)); - if (oio == NULL) { - wbku_printerr("openpromio malloc (%d) failed\n", - sizeof (struct openpromio) + - sizeof (struct wankeyio)); - exit(1); - } - oio->oprom_size = sizeof (struct wankeyio); - bcopy(&wkio, oio->oprom_array, sizeof (struct wankeyio)); - fd = open("/dev/openprom", O_RDWR); - if (fd == -1) { - wbku_printerr("open: /dev/openprom"); - exit(1); - } - - if (ioctl(fd, WANBOOT_SETKEY, oio) == -1) { - wbku_printerr("setkey: ioctl"); - exit(1); - } - - (void) close(fd); -} - -static void -installkey(const struct keylist *k) -{ - char *keyptr; - int fd; - struct wankeyio wkio; - struct openpromio *oio; - uint_t rawkeysize; - int err; - - (void) strlcpy(wkio.wk_keyname, k->keyname, WANBOOT_MAXKEYNAMELEN); - assert((k->keysize % 2) == 0); - wkio.wk_keysize = k->keysize / 2; - - if ((keyptr = getkey(k)) != NULL) { - rawkeysize = sizeof (wkio.wk_u); - if ((err = hexascii_to_octet(keyptr, strlen(keyptr), - wkio.wk_u.key, &rawkeysize)) != 0) { - wbku_printerr( - "internal error: hexascii_to_octet returned %d\n", - err); - exit(1); - } else if (rawkeysize != wkio.wk_keysize) { - wbku_printerr("internal error: key size mismatch\n"); - exit(1); - } - - oio = malloc(sizeof (struct openpromio) + - sizeof (struct wankeyio)); - if (oio == NULL) { - wbku_printerr("openpromio malloc (%d) failed\n", - sizeof (struct openpromio) + - sizeof (struct wankeyio)); - exit(1); - } - oio->oprom_size = sizeof (struct wankeyio); - bcopy(&wkio, oio->oprom_array, sizeof (struct wankeyio)); - fd = open("/dev/openprom", O_RDWR); - if (fd == -1) { - wbku_printerr("open: /dev/openprom"); - exit(1); - } - - if (ioctl(fd, WANBOOT_SETKEY, oio) == -1) { - wbku_printerr("setkey: ioctl"); - exit(1); - } - - (void) close(fd); - } else { - wbku_printerr("getpassphrase"); /* getpassphrase() failed */ - exit(1); - } -} - -static char * -getkey(const struct keylist *k) -{ - char prompt[BUFSIZ]; - char *p; - char *q; - int len; - - (void) snprintf(prompt, sizeof (prompt), - gettext("Enter %s key: "), k->handle); - p = getpassphrase(prompt); - if (p) { - /* skip over initial "0[xX]" */ - if ((p[0] == '0') && (p[1] == 'x' || p[1] == 'X')) - p += 2; - len = strlen(p); - if (len != k->keysize) { - wbku_printerr( - "key length mismatch (expected %d, got %d)\n", - k->keysize, len); - exit(1); - } - for (q = p; q < p + len; q++) - if (!isxdigit(*q)) { - wbku_printerr( - "non-hexadecimal characters in key\n"); - exit(1); - } - } - - return (p); -} - -static void -usage(const char *progname) -{ - int i; - - (void) fprintf(stderr, gettext( - "usage: %s [ -d ] -o type=keytype\nwhere keytype is one of "), - progname); - for (i = 0; i < sizeof (keylist)/sizeof (keylist[0]); i++) - (void) fprintf(stderr, "%s ", keylist[i].handle); - (void) fputc('\n', stderr); - exit(1); -} diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/keygen/Makefile b/usr/src/cmd/cmd-inet/usr.lib/wanboot/keygen/Makefile deleted file mode 100644 index 2baf2fe7ff..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/keygen/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" -# - -include ../Makefile.com - -PROG= keygen -LDLIBS += -lnsl -lgen -lwanbootutil -CPPFLAGS += -I$(CMNCRYPTDIR) - -all: $(PROG) - -install: all $(ROOTCMD) - -clean: - -lint: lint_PROG - -include ../../../../Makefile.targ diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/keygen/keygen.c b/usr/src/cmd/cmd-inet/usr.lib/wanboot/keygen/keygen.c deleted file mode 100644 index fc4a868b77..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/keygen/keygen.c +++ /dev/null @@ -1,746 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <stdio.h> -#include <ctype.h> -#include <unistd.h> -#include <strings.h> -#include <libintl.h> -#include <locale.h> -#include <limits.h> -#include <libgen.h> -#include <errno.h> -#include <assert.h> -#include <wanbootutil.h> -#include <sys/sysmacros.h> -#include <sys/socket.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/wanboot_impl.h> -#include <netinet/in.h> -#include <arpa/inet.h> - -/* Return codes */ -#define KEYGEN_SUCCESS 0 -#define KEYGEN_ERROR 1 - -/* Defaults */ -static char default_net[] = "0.0.0.0"; -static char default_cid[] = "00000000000000"; - -/* Suboption. */ -#define NET 0 -#define CID 1 -#define TYPE 2 - -static char *opts[] = { "net", "cid", "type", NULL }; - -/* - * This routine is used to parse the suboptions of '-o' option. - * - * The option should be of the form: - * net=<addr>,cid=<cid>,type=<3des|aes|sha1|rsa> - * - * This routine will pass the values of each of the suboptions back in the - * supplied arguments, 'net', 'cid' and 'ka'. - * - * Returns: - * KEYGEN_SUCCESS or KEYGEN_ERROR. - */ -static int -process_option(char *arg, char **net, char **cid, wbku_key_attr_t *ka) -{ - char *value; - wbku_retcode_t ret; - - while (*arg != '\0') { - switch (getsubopt(&arg, opts, &value)) { - case NET: - /* - * Network number. - */ - *net = value; - break; - case CID: - /* - * Client ID. - */ - *cid = value; - break; - case TYPE: - /* - * Key type. - */ - ret = wbku_str_to_keyattr(value, ka, WBKU_ANY_KEY); - if (ret != WBKU_SUCCESS) { - wbku_printerr("%s\n", wbku_retmsg(ret)); - return (KEYGEN_ERROR); - } - break; - default: - wbku_printerr("%s is not a valid option\n", value); - return (KEYGEN_ERROR); - } - } - - /* - * Sanity checks - */ - if (*net != NULL && **net == '\0') { - wbku_printerr("Missing net option value\n"); - return (KEYGEN_ERROR); - } - if (*cid != NULL && **cid == '\0') { - wbku_printerr("Missing cid option value\n"); - return (KEYGEN_ERROR); - } - if (*cid != NULL && *net == NULL) { - wbku_printerr( - "The cid option requires net option specification\n"); - return (KEYGEN_ERROR); - } - if (ka->ka_type == WBKU_KEY_UNKNOWN) { - wbku_printerr("Missing key type option value\n"); - return (KEYGEN_ERROR); - } - - return (KEYGEN_SUCCESS); -} - -/* - * This routine parses a buffer to determine whether or not it - * contains a hexascii string. If the buffer contains any characters - * that are not hexascii, then it is not a hexascii string. Since - * this function is used to validate a CID value (which is then used - * to identify a directory in the filesystem), no evaluation of the - * string is performed. That is, hex strings are not padded (e.g. "A" - * is not padded to "0A"). - * - * Returns: - * B_TRUE or B_FALSE - */ -static boolean_t -isxstring(const char *buf) -{ - if ((strlen(buf) % 2) != 0) { - return (B_FALSE); - } - - for (; *buf != '\0'; ++buf) { - if (!isxdigit(*buf)) { - return (B_FALSE); - } - } - return (B_TRUE); -} - -/* - * This routine uses the 'net' and the 'cid' to generate the client's - * keystore filename and, if requested, creates the directory path to - * the file if any of the directories do not exist. If directory path - * creation is not requested and any of the directories do not exist, - * then an error is returned. - * - * Returns: - * KEYGEN_SUCCESS or KEYGEN_ERROR. - */ -static int -create_client_filename(char *filename, size_t len, const char *net, - const char *cid, boolean_t create) -{ - struct in_addr addr; - size_t size; - - if (net == NULL) { - size = snprintf(filename, len, "%s", CLIENT_KEY_DIR); - } else if (inet_pton(AF_INET, net, &addr) != 1) { - wbku_printerr("%s is not a valid network address\n", net); - return (KEYGEN_ERROR); - } else if (cid == NULL) { - size = snprintf(filename, len, "%s/%s", CLIENT_KEY_DIR, net); - } else if (!isxstring(cid)) { - wbku_printerr( - "%s must be an even number of hexadecimal characters\n", - cid); - return (KEYGEN_ERROR); - } else { - size = snprintf(filename, len, "%s/%s/%s", CLIENT_KEY_DIR, - net, cid); - } - - /* - * Shouldn't be a problem, but make sure buffer was big enough. - */ - if (size >= len) { - wbku_printerr("Keystore path too long\n"); - return (KEYGEN_ERROR); - } - - /* - * If directory creation is allowed, then try to create it. - * If the directory already exists, then march on. - */ - if (create) { - if (mkdirp(filename, S_IRWXU) == -1 && errno != EEXIST) { - wbku_printerr("Cannot create client keystore"); - return (KEYGEN_ERROR); - } - } - - /* - * Append the filename. - */ - if (strlcat(filename, "/keystore", len) >= len) { - wbku_printerr("Keystore path too long\n"); - return (KEYGEN_ERROR); - } - - return (KEYGEN_SUCCESS); -} - -/* - * This routine generates a random key of the type defined by 'ka'. - * The key value is returned in 'rand_key' and the buffer pointed to - * by 'rand_key' is assumed to be of the correct size. - * - * Note: - * If 'ka' has a non-NULL keycheck value, then the routine will - * generate randon keys until a non-weak key is generated. - * - * Returns: - * KEYGEN_SUCCESS or KEYGEN_ERROR. - */ -static int -gen_key(const wbku_key_attr_t *ka, uint8_t *rand_key) -{ - /* - * Generate key, until non-weak key generated. - */ - for (;;) { - if (wbio_nread_rand(rand_key, ka->ka_len) != 0) { - wbku_printerr("Cannot generate random number"); - return (KEYGEN_ERROR); - } - - if (ka->ka_keycheck == NULL || ka->ka_keycheck(rand_key)) { - return (KEYGEN_SUCCESS); - } - } -} - -/* - * This routine generates a random master key of the type (currently only - * HMAC SHA1 supported) defined by 'ka' and stores it in the master key - * file. - * - * Returns: - * KEYGEN_SUCCESS or KEYGEN_ERROR. - */ -static int -master_gen_key(wbku_key_attr_t *ka) -{ - uint8_t mas_key[WANBOOT_HMAC_KEY_SIZE]; - int fd; - FILE *fp = NULL; - fpos_t pos; - wbku_retcode_t ret; - boolean_t exists = B_FALSE; - - /* - * If the file already exists (possibly via keymgmt), then open - * the file for update. Otherwise create it and open it for - * for writing. - */ - fd = open(MASTER_KEY_FILE, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR); - if (fd < 0) { - if (errno == EEXIST) { - fp = fopen(MASTER_KEY_FILE, "r+"); - exists = B_TRUE; - } - } else { - if ((fp = fdopen(fd, "w")) == NULL) { - (void) close(fd); - } - } - - if (fp == NULL) { - wbku_printerr("Cannot open master keystore", MASTER_KEY_FILE); - return (KEYGEN_ERROR); - } - - /* - * If the file already exists, then see if a master key already - * exists. We will not overwrite it if it does. - */ - ret = WBKU_NOKEY; - if (exists) { - ret = wbku_find_key(fp, NULL, ka, NULL, B_TRUE); - if (ret != WBKU_NOKEY) { - if (ret == WBKU_SUCCESS) { - wbku_printerr("The master %s key already " - "exists and will not be overwritten\n", - ka->ka_str); - } else { - wbku_printerr("%s\n", wbku_retmsg(ret)); - } - (void) fclose(fp); - return (KEYGEN_ERROR); - } - } - - /* - * If wbku_find_key() did not find the key position for us - * (expected behavior), then we should set position to - * the end of the file. - */ - if (ret == WBKU_NOKEY && - (fseek(fp, 0, SEEK_END) != 0 || fgetpos(fp, &pos) != 0)) { - wbku_printerr("Internal error"); - (void) fclose(fp); - return (KEYGEN_ERROR); - } - - /* - * Generate a key and write it. - */ - if (gen_key(ka, mas_key) != KEYGEN_SUCCESS) { - (void) fclose(fp); - return (KEYGEN_ERROR); - } - - ret = wbku_write_key(fp, &pos, ka, mas_key, B_TRUE); - (void) fclose(fp); - if (ret != WBKU_SUCCESS) { - wbku_printerr("%s\n", wbku_retmsg(ret)); - return (KEYGEN_ERROR); - } - - (void) printf(gettext("The master %s key has been generated\n"), - ka->ka_str); - return (KEYGEN_SUCCESS); -} - -/* - * This routine generates a random client key of the type - * defined by 'ka' and stores it in the client keystore. - * file. - * - * Returns: - * KEYGEN_SUCCESS or KEYGEN_ERROR. - */ -static int -client_gen_key(const char *filename, wbku_key_attr_t *ka, const char *net, - const char *cid) -{ - int fd; - FILE *cli_fp = NULL; - FILE *mas_fp; - fpos_t pos; - uint8_t cli_key[WANBOOT_MAXKEYLEN]; - uint8_t mas_key[WANBOOT_HMAC_KEY_SIZE]; - SHA1_CTX ctx; - char cid_buf[PATH_MAX]; - boolean_t exists = B_FALSE; - wbku_retcode_t ret; - - /* - * If the file already exists (possibly via keymgmt), then open - * the file for update. Otherwise create it and open it for - * for writing. - */ - fd = open(filename, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR); - if (fd < 0) { - if (errno == EEXIST) { - cli_fp = fopen(filename, "r+"); - exists = B_TRUE; - } - } else { - if ((cli_fp = fdopen(fd, "w")) == NULL) { - (void) close(fd); - } - } - - if (cli_fp == NULL) { - wbku_printerr("Cannot open client keystore"); - return (KEYGEN_ERROR); - } - - /* - * Generate the key. Encryption keys can be generated by simply - * calling gen_key(). An HMAC SHA1 key will be generated by - * hashing the master key. - */ - switch (ka->ka_type) { - case WBKU_KEY_3DES: - case WBKU_KEY_AES_128: - if (gen_key(ka, cli_key) != KEYGEN_SUCCESS) { - (void) fclose(cli_fp); - return (KEYGEN_ERROR); - } - break; - case WBKU_KEY_HMAC_SHA1: - /* - * Follow RFC 3118 Appendix A's algorithm to generate - * the HMAC/SHA1 client key. - */ - - /* - * Open the master keystore for reading only. - */ - if ((mas_fp = fopen(MASTER_KEY_FILE, "r")) == NULL) { - wbku_printerr("Cannot open master keystore"); - (void) fclose(cli_fp); - return (KEYGEN_ERROR); - } - - /* - * Find the master key. - */ - ret = wbku_find_key(mas_fp, NULL, ka, mas_key, B_TRUE); - if (ret != WBKU_SUCCESS) { - if (ret == WBKU_NOKEY) { - wbku_printerr("Cannot create a client key " - "without first creating a master key\n"); - } else { - wbku_printerr("%s\n", wbku_retmsg(ret)); - } - (void) fclose(mas_fp); - (void) fclose(cli_fp); - return (KEYGEN_ERROR); - } - (void) fclose(mas_fp); - - /* - * Now generate the client's unique ID buffer. - */ - if (strlcpy(cid_buf, net, PATH_MAX) >= PATH_MAX || - strlcat(cid_buf, cid, PATH_MAX) >= PATH_MAX) { - wbku_printerr("Unique id for client is too big\n"); - (void) fclose(cli_fp); - return (KEYGEN_ERROR); - } - - /* - * Hash the buffer to create the client key. - */ - HMACInit(&ctx, mas_key, WANBOOT_HMAC_KEY_SIZE); - HMACUpdate(&ctx, (uint8_t *)cid_buf, strlen(cid_buf)); - HMACFinal(&ctx, mas_key, WANBOOT_HMAC_KEY_SIZE, cli_key); - - break; - case WBKU_KEY_RSA: - wbku_printerr("Cannot generate RSA key using keygen\n"); - (void) fclose(cli_fp); - return (KEYGEN_ERROR); - default: - wbku_printerr("Internal error\n"); - (void) fclose(cli_fp); - return (KEYGEN_ERROR); - } - - /* - * Look to see if a client key of this type exists and if - * it does note its position in the file. - */ - ret = WBKU_NOKEY; - if (exists) { - ret = wbku_find_key(cli_fp, &pos, ka, NULL, B_FALSE); - if (ret != WBKU_SUCCESS && ret != WBKU_NOKEY) { - wbku_printerr("%s\n", wbku_retmsg(ret)); - (void) fclose(cli_fp); - return (KEYGEN_ERROR); - } - } - - /* - * If wbku_find_key() did not find the key position for us, - * then we should set position to the end of the file. - */ - if (ret == WBKU_NOKEY && - (fseek(cli_fp, 0, SEEK_END) != 0 || fgetpos(cli_fp, &pos) != 0)) { - wbku_printerr("Internal error"); - (void) fclose(cli_fp); - return (KEYGEN_ERROR); - } - - /* - * Write the key. - */ - ret = wbku_write_key(cli_fp, &pos, ka, cli_key, B_FALSE); - if (ret != WBKU_SUCCESS) { - wbku_printerr("%s\n", wbku_retmsg(ret)); - (void) fclose(cli_fp); - return (KEYGEN_ERROR); - } - (void) fclose(cli_fp); - - (void) printf(gettext("A new client %s key has been generated\n"), - ka->ka_str); - - return (KEYGEN_SUCCESS); -} - -/* - * This routine is used to print a hexascii version of a key. - * The hexascii version of the key will be twice the length - * of 'datalen'. - */ -static void -keydump(const char *key, int keylen) -{ - uint16_t *p16; - - assert(IS_P2ALIGNED(key, sizeof (uint16_t))); -/*LINTED aligned*/ - for (p16 = (uint16_t *)key; keylen > 0; keylen -= 2) { - (void) printf("%04x", htons(*p16++)); - } - (void) printf("\n"); -} - -/* - * This routine is used to print a key of the type - * described by 'ka'. If 'master' is true, then the - * key to display is the master key. Otherwise, it's a - * client key. - * - * Returns: - * KEYGEN_SUCCESS or KEYGEN_ERROR. - */ -static int -display_key(const char *filename, wbku_key_attr_t *ka, boolean_t master) -{ - uint8_t key[WANBOOT_MAXKEYLEN]; - FILE *fp; - wbku_retcode_t ret; - - /* - * Open the keystore for reading only. - */ - if ((fp = fopen(filename, "r")) == NULL) { - wbku_printerr("Cannot open keystore"); - return (KEYGEN_ERROR); - } - - /* - * Find the key. - */ - ret = wbku_find_key(fp, NULL, ka, key, master); - if (ret != WBKU_SUCCESS) { - if (ret == WBKU_NOKEY) { - wbku_printerr("The %s %s key does not exist\n", - (master ? "master" : "client"), ka->ka_str); - } else { - wbku_printerr("%s\n", wbku_retmsg(ret)); - } - (void) fclose(fp); - return (KEYGEN_ERROR); - } - (void) fclose(fp); - - /* - * Dump the key in hex. - */ - keydump((char *)key, ka->ka_len); - - return (KEYGEN_SUCCESS); -} - -/* - * Prints usage(). - */ -static void -usage(const char *cmd) -{ - (void) fprintf(stderr, gettext("Usage: %s [-m | -c " - "-o net=<addr>,cid=<cid>,type=<%s|%s|%s>]\n" - " %s -d [-m | -c -o net=<addr>,cid=<cid>," - "type=<%s|%s|%s|%s>]\n"), - cmd, WBKU_KW_3DES, WBKU_KW_AES_128, WBKU_KW_HMAC_SHA1, - cmd, WBKU_KW_3DES, WBKU_KW_AES_128, WBKU_KW_HMAC_SHA1, WBKU_KW_RSA); -} - -/* - * This program is used to generate and display WAN boot encryption and - * hash keys. The paths to the keystores are predetermined. That is, the - * master keystore (used to store a master HMAC SHA1 key) will always - * reside in the default location, MASTER_KEY_FILE. The client keystores - * will always reside in default locations that are computed using their - * network number and cid values. - * - * Note: - * The master keystore can store client keys too. This program - * cannot be used to insert client keys into the master keystore. - * However, it must not corrupt any client keystore inserted into - * the file by other means (keymgmt). - * - * We do not do any file locking scheme. This means that if two - * keygen commands are run concurrently, results can be disastrous. - * - * Returns: - * KEYGEN_SUCCESS or KEYGEN_ERROR. - */ -int -main(int argc, char **argv) -{ - char filename[PATH_MAX]; - char *filenamep; - int c; - boolean_t is_client = B_FALSE; - boolean_t is_master = B_FALSE; - boolean_t display = B_FALSE; - char *net = NULL; - char *cid = NULL; - wbku_key_attr_t ka; - wbku_retcode_t ret; - - /* - * Do the necessary magic for localization support. - */ - (void) setlocale(LC_ALL, ""); -#if !defined(TEXT_DOMAIN) -#define TEXT_DOMAIN "SYS_TEST" -#endif - (void) textdomain(TEXT_DOMAIN); - - /* - * Initialize program name for use by wbku_printerr(). - */ - wbku_errinit(argv[0]); - - /* - * At the very least, we'll need one arg. - */ - if (argc < 2) { - usage(argv[0]); - return (KEYGEN_ERROR); - } - - /* - * Parse the options. - */ - ka.ka_type = WBKU_KEY_UNKNOWN; - while ((c = getopt(argc, argv, "dcmo:")) != EOF) { - switch (c) { - case 'd': - /* - * Display a key. - */ - display = B_TRUE; - break; - case 'o': - /* - * Suboptions. - */ - if (process_option(optarg, &net, &cid, &ka) != 0) { - usage(argv[0]); - return (KEYGEN_ERROR); - } - break; - case 'c': - is_client = B_TRUE; - break; - case 'm': - is_master = B_TRUE; - break; - default: - usage(argv[0]); - return (KEYGEN_ERROR); - } - } - - /* - * Must be operating on a master or client key and if - * it's a client key, then type must have been given. - */ - if ((is_client == is_master) || - (is_client && ka.ka_type == WBKU_KEY_UNKNOWN)) { - usage(argv[0]); - return (KEYGEN_ERROR); - } - - /* - * If operating on the master key, then it is an HMAC SHA1 - * key. Build the correct 'ka'. If we're working on a client - * key, the 'ka' was already built as part of option parsing. - */ - if (is_master) { - ret = wbku_str_to_keyattr(WBKU_KW_HMAC_SHA1, &ka, - WBKU_HASH_KEY); - if (ret != WBKU_SUCCESS) { - wbku_printerr("Internal error\n"); - return (KEYGEN_ERROR); - } - filenamep = MASTER_KEY_FILE; - } else { - /* - * Build the path to the client keystore. - */ - if (create_client_filename(filename, sizeof (filename), net, - cid, !display) != KEYGEN_SUCCESS) { - return (KEYGEN_ERROR); - } - filenamep = filename; - } - - /* - * If display chosen, go do it. - */ - if (display) { - return (display_key(filenamep, &ka, is_master)); - } - - /* - * Can't generate RSA key here. - */ - if (ka.ka_type == WBKU_KEY_RSA) { - wbku_printerr("keygen cannot create RSA key\n"); - return (KEYGEN_ERROR); - } - - /* - * If generating a master key, go do it. - */ - if (is_master) { - return (master_gen_key(&ka)); - } - - /* - * Must be generating a client key, go do it. - */ - if (net == NULL) { - net = default_net; - } - if (cid == NULL) { - cid = default_cid; - } - if (client_gen_key(filename, &ka, net, cid) != KEYGEN_SUCCESS) { - return (KEYGEN_ERROR); - } - - return (KEYGEN_SUCCESS); -} diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/keymgmt/Makefile b/usr/src/cmd/cmd-inet/usr.lib/wanboot/keymgmt/Makefile deleted file mode 100644 index 560f08233c..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/keymgmt/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" -# - -include ../Makefile.com - -PROG= keymgmt -LDLIBS += -lwanbootutil -CPPFLAGS += -I$(CMNCRYPTDIR) - -all: $(PROG) - -install: all $(ROOTCMD) - -clean: - -lint: lint_PROG - -include ../../../../Makefile.targ diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/keymgmt/keymgmt.c b/usr/src/cmd/cmd-inet/usr.lib/wanboot/keymgmt/keymgmt.c deleted file mode 100644 index 10e8e0dd6c..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/keymgmt/keymgmt.c +++ /dev/null @@ -1,520 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <stdio.h> -#include <alloca.h> -#include <unistd.h> -#include <strings.h> -#include <stdlib.h> -#include <libintl.h> -#include <locale.h> -#include <limits.h> -#include <libgen.h> -#include <errno.h> -#include <ctype.h> -#include <wanbootutil.h> -#include <sys/sysmacros.h> -#include <sys/socket.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/wanboot_impl.h> -#include <netinet/in.h> -#include <arpa/inet.h> - -/* Return codes */ -#define KEYMGMT_SUCCESS 0 -#define KEYMGMT_ERROR 1 - -/* Suboption. */ -#define TYPE 0 - -static char *opts[] = { "type", NULL }; - -/* - * This routine is used to parse the suboptions of '-o' option. - * - * The option should be of the form: type=<3des|aes|sha1|rsa> - * - * This routine will pass the value of the suboption back in the - * supplied arguments, 'ka'. - * - * Returns: - * KEYMGMT_SUCCESS or KEYMGMT_ERROR. - */ -static int -process_option(char *arg, wbku_key_attr_t *ka) -{ - char *value; - wbku_retcode_t ret; - - while (*arg != '\0') { - switch (getsubopt(&arg, opts, &value)) { - case TYPE: - /* - * Key type. - */ - ret = wbku_str_to_keyattr(value, ka, WBKU_ANY_KEY); - if (ret != WBKU_SUCCESS) { - wbku_printerr("%s\n", wbku_retmsg(ret)); - return (KEYMGMT_ERROR); - } - break; - default: - wbku_printerr("%s is not a valid option\n", value); - return (KEYMGMT_ERROR); - } - } - - /* - * Success. - */ - return (KEYMGMT_SUCCESS); -} - -/* - * This routine extracts a key of type 'ka' from the keystore named - * 'keystore_name' and writes it the the file identified by 'name'. - * - * Returns: - * KEYMGMT_SUCCESS or KEYMGMT_ERROR. - */ -static int -process_extract(const char *keystore_name, const char *name, - wbku_key_attr_t *ka) -{ - size_t i; - uint8_t ex_key[WANBOOT_MAXKEYLEN]; - FILE *keystore_fp; - FILE *fp; - wbku_retcode_t ret; - - /* - * Open the keystore for reading. - */ - if ((keystore_fp = fopen(keystore_name, "r")) == NULL) { - wbku_printerr("Cannot open %s", keystore_name); - return (KEYMGMT_ERROR); - } - - /* - * Find the client key. - */ - ret = wbku_find_key(keystore_fp, NULL, ka, ex_key, B_FALSE); - if (ret != WBKU_SUCCESS) { - if (ret == WBKU_NOKEY) { - wbku_printerr("The client %s key does not exist\n", - ka->ka_str); - } else { - wbku_printerr("%s\n", wbku_retmsg(ret)); - } - (void) fclose(keystore_fp); - return (KEYMGMT_ERROR); - } - (void) fclose(keystore_fp); - - /* - * Open the output file. - */ - if ((fp = fopen(name, "w")) == NULL) { - wbku_printerr("Cannot open %s", name); - (void) fclose(keystore_fp); - return (KEYMGMT_ERROR); - } - - /* - * Dump the key to the output file. - */ - i = fwrite(ex_key, sizeof (uint8_t), ka->ka_len, fp); - if (i != ka->ka_len) { - wbku_printerr("Error writing to %s", name); - (void) fclose(fp); - return (KEYMGMT_ERROR); - } - (void) fclose(fp); - - /* - * Success. - */ - return (KEYMGMT_SUCCESS); -} - -/* - * There is a key which needs to be removed from the keystore. Given basic - * information about the key to be deleted, go through the keystore and - * remove it. The steps are: - * 1) create a temp file in the same directory as the keystore. - * 2) copy the existing keystore to the temp file, omitting the key being - * removed. - * 3) shuffle files. Close the keystore and move it aside. Close the - * temp file and move in to the keystore. - * - * Returns: - * B_TRUE on success - * B_FALSE on error - */ -static boolean_t -compress_keystore(const char *keystore_name, FILE *fp, - const wbku_key_attr_t *ka) -{ - char *tmp_path; - FILE *tmp_fp; - int tmp_fd; - int len; - wbku_retcode_t ret; - - /* - * Allocate storage for the temporary path from the stack. - */ - len = strlen(keystore_name) + sizeof (".XXXXXX"); - tmp_path = alloca(len); - (void) snprintf(tmp_path, len, "%s.XXXXXX", keystore_name); - - /* - * Make the temp working file where a new store will be created. - */ - if ((tmp_fd = mkstemp(tmp_path)) == -1) { - wbku_printerr("Error creating %s\n", tmp_path); - return (B_FALSE); - } - - /* - * Need to reference this file as a stream. - */ - if ((tmp_fp = fdopen(tmp_fd, "w")) == NULL) { - wbku_printerr("Error opening %s", tmp_path); - (void) close(tmp_fd); - (void) unlink(tmp_path); - return (B_FALSE); - } - - /* - * Copy the existing keystore to the temp one, omitting the - * key being deleted. - */ - ret = wbku_delete_key(fp, tmp_fp, ka); - (void) fclose(tmp_fp); - if (ret != WBKU_SUCCESS) { - wbku_printerr("%s\n", wbku_retmsg(ret)); - (void) unlink(tmp_path); - return (B_FALSE); - } - - /* - * Shuffle files. - */ - if (rename(tmp_path, keystore_name) == -1) { - wbku_printerr("Error moving new keystore file from %s to %s", - tmp_path, keystore_name); - (void) unlink(tmp_path); - return (B_FALSE); - } - - return (B_TRUE); -} - -/* - * This routine reads a key of type 'ka' from the file identified 'name' and - * inserts it into the keystore named 'keystore_name'. - * - * Returns: - * KEYMGMT_SUCCESS or KEYMGMT_ERROR. - */ -static int -process_insert(const char *keystore_name, const char *name, - wbku_key_attr_t *ka) -{ - int fd; - FILE *keystore_fp = NULL; - FILE *fp; - fpos_t pos; - uint8_t rd_key[WANBOOT_MAXKEYLEN]; - int inlen; - boolean_t newfile = B_TRUE; - wbku_retcode_t ret; - - /* - * If the file already exists, then open the file for update. - * Otherwise, create it and open it for writing. - */ - fd = open(keystore_name, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR); - if (fd < 0) { - if (errno == EEXIST) { - keystore_fp = fopen(keystore_name, "r+"); - newfile = B_FALSE; - } - } else { - if ((keystore_fp = fdopen(fd, "w")) == NULL) { - (void) close(fd); - } - } - - if (keystore_fp == NULL) { - wbku_printerr("Cannot open %s", keystore_name); - return (KEYMGMT_ERROR); - } - - /* - * Open the input file. - */ - fp = fopen(name, "r"); - if (fp == NULL) { - wbku_printerr("Cannot open %s", name); - (void) fclose(keystore_fp); - return (KEYMGMT_ERROR); - } - - /* - * Read the key from the file. - */ - inlen = fread(rd_key, sizeof (uint8_t), ka->ka_maxlen, fp); - if (inlen == 0 && ferror(fp) != 0) { - wbku_printerr("Error reading %s", name); - (void) fclose(fp); - (void) fclose(keystore_fp); - return (KEYMGMT_ERROR); - } - (void) fclose(fp); - - if ((inlen < ka->ka_minlen) || (inlen > ka->ka_maxlen)) { - wbku_printerr("Key length is not valid\n"); - (void) fclose(keystore_fp); - return (KEYMGMT_ERROR); - } - - /* - * If the keystore exists, search for a key of the type - * being inserted. If found, note its file position. - */ - ret = WBKU_NOKEY; - if (!newfile) { - ret = wbku_find_key(keystore_fp, &pos, ka, NULL, B_FALSE); - if (ret != WBKU_SUCCESS && ret != WBKU_NOKEY) { - wbku_printerr("%s\n", wbku_retmsg(ret)); - (void) fclose(keystore_fp); - return (KEYMGMT_ERROR); - } - - /* - * Unfortuantely, RSA keys have variable lengths. If - * the one being inserted is a different length than - * than the one that already exists in the file, then - * the key must be removed from the keystore and then - * readded. - */ - if (ret == WBKU_SUCCESS && inlen != ka->ka_len) { - if (!compress_keystore(keystore_name, - keystore_fp, ka)) { - wbku_printerr("Insertion required compression" - " of keystore, but compression failed\n" - "Key was not inserted\n"); - (void) fclose(keystore_fp); - return (KEYMGMT_ERROR); - } - - /* - * The original keystore is history. Close the - * stream and open a stream to the new keystore. - */ - (void) fclose(keystore_fp); - keystore_fp = fopen(keystore_name, "r+"); - if (keystore_fp == NULL) { - wbku_printerr("Cannot open %s", keystore_name); - return (KEYMGMT_ERROR); - } - - /* Force new key to end of file */ - ret = WBKU_NOKEY; - } - } - ka->ka_len = inlen; - - /* - * If wbku_find_key() did not find the key position for us, - * then we should set position to the end of the file. - */ - if (ret == WBKU_NOKEY && (fseek(keystore_fp, 0, SEEK_END) != 0 || - fgetpos(keystore_fp, &pos) != 0)) { - wbku_printerr("Internal error"); - (void) fclose(keystore_fp); - return (KEYMGMT_ERROR); - } - - /* - * Write the key to the keystore. - */ - ret = wbku_write_key(keystore_fp, &pos, ka, rd_key, B_FALSE); - (void) fclose(keystore_fp); - if (ret != WBKU_SUCCESS) { - wbku_printerr("%s\n", wbku_retmsg(ret)); - return (KEYMGMT_ERROR); - } - - (void) printf(gettext("The client's %s key has been set\n"), - ka->ka_str); - /* - * Success. - */ - return (KEYMGMT_SUCCESS); -} - -/* - * Prints usage(). - */ -static void -usage(const char *cmd) -{ - (void) fprintf(stderr, gettext("Usage: %s" - " -i -k <key_file> -s <keystore> -o type=<%s|%s|%s|%s>\n" - " %s -x -f <out_file> -s <keystore> -o" - " type=<%s|%s|%s|%s>\n"), - cmd, WBKU_KW_3DES, WBKU_KW_AES_128, WBKU_KW_HMAC_SHA1, WBKU_KW_RSA, - cmd, WBKU_KW_3DES, WBKU_KW_AES_128, WBKU_KW_HMAC_SHA1, WBKU_KW_RSA); -} - -/* - * This program is used to insert and extract WAN boot encryption and - * hash keys into and from keystores. The paths to the keystores are - * provided by the user as are the input and output files. - * - * Note: - * This program assumes all keys being inserted or extracted - * are client keys. There is no way for a user to insert or - * extract a master key using this program. - * - * We do not do any file locking scheme. This means that if two - * keymgmt commands are run concurrently, results can be disastrous. - * - * Returns: - * KEYMGMT_SUCCESS or KEYMGMT_ERROR. - */ -int -main(int argc, char **argv) -{ - int c; - boolean_t is_insert = B_FALSE; - boolean_t is_extract = B_FALSE; - char *keystore_name = NULL; - char *filename = NULL; - wbku_key_attr_t ka; - int ret; - - /* - * Do the necessary magic for localization support. - */ - (void) setlocale(LC_ALL, ""); -#if !defined(TEXT_DOMAIN) -#define TEXT_DOMAIN "SYS_TEST" -#endif - (void) textdomain(TEXT_DOMAIN); - - /* - * Initialize program name for use by wbku_printerr(). - */ - wbku_errinit(argv[0]); - - /* - * At the very least, we'll need one arg. - */ - if (argc < 2) { - usage(argv[0]); - return (KEYMGMT_ERROR); - } - - /* - * Parse the options. - */ - ka.ka_type = WBKU_KEY_UNKNOWN; - while ((c = getopt(argc, argv, "ixf:k:s:o:")) != EOF) { - switch (c) { - case 'i': - is_insert = B_TRUE; - break; - case 'x': - is_extract = B_TRUE; - break; - case 'o': - /* - * Suboptions. - */ - if (process_option(optarg, &ka) != KEYMGMT_SUCCESS) { - usage(argv[0]); - return (KEYMGMT_ERROR); - } - break; - case 's': - /* - * Keystore path. - */ - keystore_name = optarg; - break; - case 'f': - /* - * Input file. - */ - if (is_insert || filename != NULL) { - usage(argv[0]); - return (KEYMGMT_ERROR); - } - filename = optarg; - break; - case 'k': - /* - * Input file. - */ - if (is_extract || filename != NULL) { - usage(argv[0]); - return (KEYMGMT_ERROR); - } - filename = optarg; - break; - default: - usage(argv[0]); - return (KEYMGMT_ERROR); - } - } - - /* - * Must be inserting or extracting a key and we must have a - * key type, keystore filename and an input or output filename. - */ - if ((is_insert == is_extract) || keystore_name == NULL || - filename == NULL || ka.ka_type == WBKU_KEY_UNKNOWN) { - usage(argv[0]); - return (KEYMGMT_ERROR); - } - - /* - * Insert or extract the key. - */ - if (is_insert) { - ret = process_insert(keystore_name, filename, &ka); - } else { - ret = process_extract(keystore_name, filename, &ka); - } - - return (ret); -} diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/netbootinfo/Makefile b/usr/src/cmd/cmd-inet/usr.lib/wanboot/netbootinfo/Makefile deleted file mode 100644 index 0f2a3f4bb9..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/netbootinfo/Makefile +++ /dev/null @@ -1,42 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# - -include ../Makefile.com - -PROG = netbootinfo - -# The OpenSSL libraries need to be linked against in order to resolve -# references made to them by libwanboot. -LDLIBS += -lwanbootutil -lwanboot -CPPFLAGS += -I$(CMNCRYPTDIR) - -all: $(PROG) - -install: all $(ROOTCMD) - -clean: - -lint: lint_PROG - -include ../../../../Makefile.targ diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/netbootinfo/netbootinfo.c b/usr/src/cmd/cmd-inet/usr.lib/wanboot/netbootinfo/netbootinfo.c deleted file mode 100644 index 9df8510f46..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/netbootinfo/netbootinfo.c +++ /dev/null @@ -1,123 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ -#pragma ident "%Z%%M% %I% %E% SMI" - -/* - * This program extracts network interface parameters from the information - * passed to the kernel from the bootstrap (i.e. as properties of /chosen). - * - * Returns: - * = 0 - success - * > 0 - error (see exit codes below) - */ - -#include <libintl.h> -#include <locale.h> -#include <stdio.h> -#include <strings.h> -#include <parseURL.h> -#include <wanbootutil.h> -#include <bootinfo.h> - -/* - * Exit codes: - */ -#define NETBOOTINFO_SUCCESS 0 -#define NETBOOTINFO_UNKNOWN_PARAM 1 -#define NETBOOTINFO_BOOTINFO_ERR 2 -#define NETBOOTINFO_USAGE 3 - -int -main(int argc, char **argv) -{ - int i; - - /* - * Do the necessary magic for localization support. - */ - (void) setlocale(LC_ALL, ""); -#if !defined(TEXT_DOMAIN) -#define TEXT_DOMAIN "SYS_TEST" -#endif /* !defined(TEXT_DOMAIN) */ - (void) textdomain(TEXT_DOMAIN); - - /* - * Initialize program name for use by wbku_printerr(). - */ - wbku_errinit(argv[0]); - - /* - * Check usage is legal. - */ - if (argc < 2) { - (void) fprintf(stderr, - gettext("Usage: %s param [ param ... ]\n"), argv[0]); - return (NETBOOTINFO_USAGE); - } - - /* - * Initialize bootinfo. - */ - if (!bootinfo_init()) { - wbku_printerr("Internal error\n"); - return (NETBOOTINFO_BOOTINFO_ERR); - } - - /* - * Retrieve and print parameter value(s). - */ - for (i = 1; i < argc; ++i) { - char *name = argv[i]; - char valbuf[URL_MAX_STRLEN]; - size_t vallen = sizeof (valbuf); - - /* - * Call get_bootinfo() to fetch it's value. - */ - switch (bootinfo_get(name, valbuf, &vallen, NULL)) { - case BI_E_SUCCESS: - break; - - case BI_E_NOVAL: - (void) strlcpy(valbuf, "none", sizeof (valbuf)); - break; - - case BI_E_ILLNAME: - wbku_printerr("Unknown parameter %s\n", name); - bootinfo_end(); - return (NETBOOTINFO_UNKNOWN_PARAM); - - default: - wbku_printerr("Internal error\n"); - bootinfo_end(); - return (NETBOOTINFO_BOOTINFO_ERR); - } - (void) printf("%s\n", valbuf); - } - bootinfo_end(); - - return (NETBOOTINFO_SUCCESS); -} diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/p12split/Makefile b/usr/src/cmd/cmd-inet/usr.lib/wanboot/p12split/Makefile deleted file mode 100644 index f855d268c1..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/p12split/Makefile +++ /dev/null @@ -1,40 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# - -include ../Makefile.com - -PROG= p12split -LDLIBS += -lwanboot -linetutil -lwanbootutil -lcrypto -CPPFLAGS += -I$(CMNCRYPTDIR) -LINTFLAGS += -erroff=E_SUPPRESSION_DIRECTIVE_UNUSED - -all: $(PROG) - -install: all $(ROOTCMD) - -clean: - -lint: lint_PROG - -include ../../../../Makefile.targ diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/p12split/p12split.c b/usr/src/cmd/cmd-inet/usr.lib/wanboot/p12split/p12split.c deleted file mode 100644 index 600f7ffd33..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/p12split/p12split.c +++ /dev/null @@ -1,657 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <stdio.h> -#include <libintl.h> -#include <locale.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/wanboot_impl.h> -#include <unistd.h> -#include <string.h> -#include <libinetutil.h> -#include <wanbootutil.h> - -#include <openssl/crypto.h> -#include <openssl/buffer.h> -#include <openssl/bio.h> -#include <openssl/err.h> -#include <openssl/x509.h> -#include <openssl/x509v3.h> -#include <openssl/pkcs12.h> -#include <openssl/evp.h> -#include <p12aux.h> - -static boolean_t verbose = B_FALSE; /* When nonzero, do in verbose mode */ - -/* The following match/cert values require PKCS12 */ -static int matchty; /* Type of matching do to on input */ -static char *k_matchval; /* localkeyid value to match */ -static uint_t k_len; /* length of k_matchval */ - -#define IO_KEYFILE 1 /* Have a separate key file or data */ -#define IO_CERTFILE 2 /* Have a separate cert file or data */ -#define IO_TRUSTFILE 4 /* Have a separate trustanchor file */ - -static char *input = NULL; /* Consolidated input file */ -static char *key_out = NULL; /* Key file to be output */ -static char *cert_out = NULL; /* Cert file to be output */ -static char *trust_out = NULL; /* Trust anchor file to be output */ -static uint_t outfiles; /* What files are there for output */ -static char *progname; - -/* Returns from time_check */ -typedef enum { - CHK_TIME_OK = 0, /* Cert in effect and not expired */ - CHK_TIME_BEFORE_BAD, /* not_before field is invalid */ - CHK_TIME_AFTER_BAD, /* not_after field is invalid */ - CHK_TIME_IS_BEFORE, /* Cert not yet in force */ - CHK_TIME_HAS_EXPIRED /* Cert has expired */ -} time_errs_t; - -static int parse_keyid(const char *); -static int do_certs(void); -static int read_files(STACK_OF(X509) **, X509 **, EVP_PKEY **); -static void check_certs(STACK_OF(X509) *, X509 **); -static time_errs_t time_check_print(X509 *); -static time_errs_t time_check(X509 *); -static int write_files(STACK_OF(X509) *, X509 *, EVP_PKEY *); -static int get_ifile(char *, char *, EVP_PKEY **, X509 **, STACK_OF(X509) **); -static int do_ofile(char *, EVP_PKEY *, X509 *, STACK_OF(X509) *); -static void usage(void); -static const char *cryptoerr(void); - -int -main(int argc, char **argv) -{ - int i; - - /* - * Do the necessary magic for localization support. - */ - (void) setlocale(LC_ALL, ""); -#if !defined(TEXT_DOMAIN) -#define TEXT_DOMAIN "SYS_TEST" -#endif - (void) textdomain(TEXT_DOMAIN); - - progname = strrchr(argv[0], '/'); - if (progname != NULL) - progname++; - else - progname = argv[0]; - - wbku_errinit(progname); - - matchty = DO_FIRST_PAIR; - while ((i = getopt(argc, argv, "vc:i:k:l:t:")) != -1) { - switch (i) { - case 'v': - verbose = B_TRUE; - break; - - case 'l': - if (parse_keyid(optarg) < 0) - return (EXIT_FAILURE); - matchty = DO_FIND_KEYID; - break; - - case 'c': - cert_out = optarg; - outfiles |= IO_CERTFILE; - break; - - case 'k': - key_out = optarg; - outfiles |= IO_KEYFILE; - break; - - case 't': - trust_out = optarg; - outfiles |= IO_TRUSTFILE; - break; - - case 'i': - input = optarg; - break; - - default: - usage(); - } - } - - if (input == NULL) { - wbku_printerr("no input file specified\n"); - usage(); - } - - /* - * Need output files. - */ - if (outfiles == 0) { - wbku_printerr("at least one output file must be specified\n"); - usage(); - } - - if (do_certs() < 0) - return (EXIT_FAILURE); - - return (EXIT_SUCCESS); -} - -static int -parse_keyid(const char *keystr) -{ - const char *rp; - char *wp; - char *nkeystr; - uint_t nkeystrlen; - - /* - * In the worst case, we'll need one additional character in our - * output string -- e.g. "A\0" -> "0A\0" - */ - nkeystrlen = strlen(keystr) + 2; - k_len = (nkeystrlen + 1) / 2; - nkeystr = malloc(nkeystrlen); - k_matchval = malloc(k_len); - if (nkeystr == NULL || k_matchval == NULL) { - free(nkeystr); - free(k_matchval); - wbku_printerr("cannot allocate keyid"); - return (-1); - } - - /* - * For convenience, we allow the user to put spaces between each digit - * when entering it on the command line. As a result, we need to - * process it into a format that hexascii_to_octet() can handle. Note - * that we're careful to map strings like "AA B CC D" to "AA0BCC0D". - */ - for (rp = keystr, wp = nkeystr; *rp != '\0'; rp++) { - if (*rp == ' ') - continue; - - if (rp[1] == ' ' || rp[1] == '\0') { - *wp++ = '0'; /* one character sequence; prepend 0 */ - *wp++ = *rp; - } else { - *wp++ = *rp++; - *wp++ = *rp; - } - } - *wp = '\0'; - - if (hexascii_to_octet(nkeystr, wp - nkeystr, k_matchval, &k_len) != 0) { - free(nkeystr); - free(k_matchval); - wbku_printerr("invalid keyid `%s'\n", keystr); - return (-1); - } - - free(nkeystr); - return (0); -} - -static int -do_certs(void) -{ - char *bufp; - STACK_OF(X509) *ta_in = NULL; - EVP_PKEY *pkey_in = NULL; - X509 *xcert_in = NULL; - - sunw_crypto_init(); - - if (read_files(&ta_in, &xcert_in, &pkey_in) < 0) - return (-1); - - if (verbose) { - if (xcert_in != NULL) { - (void) printf(gettext("\nMain cert:\n")); - - /* - * sunw_subject_attrs() returns a pointer to - * memory allocated on our behalf. The same - * behavior is exhibited by sunw_issuer_attrs(). - */ - bufp = sunw_subject_attrs(xcert_in, NULL, 0); - if (bufp != NULL) { - (void) printf(gettext(" Subject: %s\n"), - bufp); - OPENSSL_free(bufp); - } - - bufp = sunw_issuer_attrs(xcert_in, NULL, 0); - if (bufp != NULL) { - (void) printf(gettext(" Issuer: %s\n"), bufp); - OPENSSL_free(bufp); - } - - (void) sunw_print_times(stdout, PRNT_BOTH, NULL, - xcert_in); - } - - if (ta_in != NULL) { - X509 *x; - int i; - - for (i = 0; i < sk_X509_num(ta_in); i++) { - /* LINTED */ - x = sk_X509_value(ta_in, i); - (void) printf( - gettext("\nTrust Anchor cert %d:\n"), i); - - /* - * sunw_subject_attrs() returns a pointer to - * memory allocated on our behalf. We get the - * same behavior from sunw_issuer_attrs(). - */ - bufp = sunw_subject_attrs(x, NULL, 0); - if (bufp != NULL) { - (void) printf( - gettext(" Subject: %s\n"), bufp); - OPENSSL_free(bufp); - } - - bufp = sunw_issuer_attrs(x, NULL, 0); - if (bufp != NULL) { - (void) printf( - gettext(" Issuer: %s\n"), bufp); - OPENSSL_free(bufp); - } - - (void) sunw_print_times(stdout, PRNT_BOTH, - NULL, x); - } - } - } - - check_certs(ta_in, &xcert_in); - if (xcert_in != NULL && pkey_in != NULL) { - if (sunw_check_keys(xcert_in, pkey_in) == 0) { - wbku_printerr("warning: key and certificate do " - "not match\n"); - } - } - - return (write_files(ta_in, xcert_in, pkey_in)); -} - -static int -read_files(STACK_OF(X509) **t_in, X509 **c_in, EVP_PKEY **k_in) -{ - char *i_pass; - - i_pass = getpassphrase(gettext("Enter key password: ")); - - if (get_ifile(input, i_pass, k_in, c_in, t_in) < 0) - return (-1); - - /* - * If we are only interested in getting a trust anchor, and if there - * is no trust anchor but is a regular cert, use it instead. Do this - * to handle the insanity with openssl, which requires a matching cert - * and key in order to write a PKCS12 file. - */ - if (outfiles == IO_TRUSTFILE) { - if (c_in != NULL && *c_in != NULL && t_in != NULL) { - if (*t_in == NULL) { - if ((*t_in = sk_X509_new_null()) == NULL) { - wbku_printerr("out of memory\n"); - return (-1); - } - } - - if (sk_X509_num(*t_in) == 0) { - if (sk_X509_push(*t_in, *c_in) == 0) { - wbku_printerr("out of memory\n"); - return (-1); - } - *c_in = NULL; - } - } - } - - if ((outfiles & IO_KEYFILE) && *k_in == NULL) { - wbku_printerr("no matching key found\n"); - return (-1); - } - if ((outfiles & IO_CERTFILE) && *c_in == NULL) { - wbku_printerr("no matching certificate found\n"); - return (-1); - } - if ((outfiles & IO_TRUSTFILE) && *t_in == NULL) { - wbku_printerr("no matching trust anchor found\n"); - return (-1); - } - - return (0); -} - -static void -check_certs(STACK_OF(X509) *ta_in, X509 **c_in) -{ - X509 *curr; - time_errs_t ret; - int i; - int del_expired = (outfiles != 0); - - if (c_in != NULL && *c_in != NULL) { - ret = time_check_print(*c_in); - if ((ret != CHK_TIME_OK && ret != CHK_TIME_IS_BEFORE) && - del_expired) { - (void) fprintf(stderr, gettext(" Removing cert\n")); - X509_free(*c_in); - *c_in = NULL; - } - } - - if (ta_in == NULL) - return; - - for (i = 0; i < sk_X509_num(ta_in); ) { - /* LINTED */ - curr = sk_X509_value(ta_in, i); - ret = time_check_print(curr); - if ((ret != CHK_TIME_OK && ret != CHK_TIME_IS_BEFORE) && - del_expired) { - (void) fprintf(stderr, gettext(" Removing cert\n")); - /* LINTED */ - curr = sk_X509_delete(ta_in, i); - X509_free(curr); - continue; - } - i++; - } -} - -static time_errs_t -time_check_print(X509 *cert) -{ - char buf[256]; - int ret; - - ret = time_check(cert); - if (ret == CHK_TIME_OK) - return (CHK_TIME_OK); - - (void) fprintf(stderr, gettext(" Subject: %s"), - sunw_subject_attrs(cert, buf, sizeof (buf))); - (void) fprintf(stderr, gettext(" Issuer: %s"), - sunw_issuer_attrs(cert, buf, sizeof (buf))); - - switch (ret) { - case CHK_TIME_BEFORE_BAD: - (void) fprintf(stderr, - gettext("\n Invalid cert 'not before' field\n")); - break; - - case CHK_TIME_AFTER_BAD: - (void) fprintf(stderr, - gettext("\n Invalid cert 'not after' field\n")); - break; - - case CHK_TIME_HAS_EXPIRED: - (void) sunw_print_times(stderr, PRNT_NOT_AFTER, - gettext("\n Cert has expired\n"), cert); - break; - - case CHK_TIME_IS_BEFORE: - (void) sunw_print_times(stderr, PRNT_NOT_BEFORE, - gettext("\n Warning: cert not yet valid\n"), cert); - break; - - default: - break; - } - - return (ret); -} - -static time_errs_t -time_check(X509 *cert) -{ - int i; - - i = X509_cmp_time(X509_get_notBefore(cert), NULL); - if (i == 0) - return (CHK_TIME_BEFORE_BAD); - if (i > 0) - return (CHK_TIME_IS_BEFORE); - /* After 'not before' time */ - - i = X509_cmp_time(X509_get_notAfter(cert), NULL); - if (i == 0) - return (CHK_TIME_AFTER_BAD); - if (i < 0) - return (CHK_TIME_HAS_EXPIRED); - return (CHK_TIME_OK); -} - -static int -write_files(STACK_OF(X509) *t_out, X509 *c_out, EVP_PKEY *k_out) -{ - if (key_out != NULL) { - if (verbose) - (void) printf(gettext("%s: writing key\n"), progname); - if (do_ofile(key_out, k_out, NULL, NULL) < 0) - return (-1); - } - - if (cert_out != NULL) { - if (verbose) - (void) printf(gettext("%s: writing cert\n"), progname); - if (do_ofile(cert_out, NULL, c_out, NULL) < 0) - return (-1); - } - - if (trust_out != NULL) { - if (verbose) - (void) printf(gettext("%s: writing trust\n"), - progname); - if (do_ofile(trust_out, NULL, NULL, t_out) < 0) - return (-1); - } - - return (0); -} - -static int -get_ifile(char *name, char *pass, EVP_PKEY **tmp_k, X509 **tmp_c, - STACK_OF(X509) **tmp_t) -{ - PKCS12 *p12; - FILE *fp; - int ret; - struct stat sbuf; - - if (stat(name, &sbuf) == 0 && !S_ISREG(sbuf.st_mode)) { - wbku_printerr("%s is not a regular file\n", name); - return (-1); - } - - if ((fp = fopen(name, "r")) == NULL) { - wbku_printerr("cannot open input file %s", name); - return (-1); - } - - p12 = d2i_PKCS12_fp(fp, NULL); - if (p12 == NULL) { - wbku_printerr("cannot read file %s: %s\n", name, cryptoerr()); - (void) fclose(fp); - return (-1); - } - (void) fclose(fp); - - ret = sunw_PKCS12_parse(p12, pass, matchty, k_matchval, k_len, - NULL, tmp_k, tmp_c, tmp_t); - if (ret <= 0) { - if (ret == 0) - wbku_printerr("cannot find matching cert and key\n"); - else - wbku_printerr("cannot parse %s: %s\n", name, - cryptoerr()); - PKCS12_free(p12); - return (-1); - } - return (0); -} - -static int -do_ofile(char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ta) -{ - STACK_OF(EVP_PKEY) *klist = NULL; - STACK_OF(X509) *clist = NULL; - PKCS12 *p12 = NULL; - int ret = 0; - FILE *fp; - struct stat sbuf; - - if (stat(name, &sbuf) == 0 && !S_ISREG(sbuf.st_mode)) { - wbku_printerr("%s is not a regular file\n", name); - return (-1); - } - - if ((fp = fopen(name, "w")) == NULL) { - wbku_printerr("cannot open output file %s", name); - return (-1); - } - - if ((clist = sk_X509_new_null()) == NULL || - (klist = sk_EVP_PKEY_new_null()) == NULL) { - wbku_printerr("out of memory\n"); - ret = -1; - goto cleanup; - } - - if (cert != NULL && sk_X509_push(clist, cert) == 0) { - wbku_printerr("out of memory\n"); - ret = -1; - goto cleanup; - } - - if (pkey != NULL && sk_EVP_PKEY_push(klist, pkey) == 0) { - wbku_printerr("out of memory\n"); - ret = -1; - goto cleanup; - } - - p12 = sunw_PKCS12_create(WANBOOT_PASSPHRASE, klist, clist, ta); - if (p12 == NULL) { - wbku_printerr("cannot create %s: %s\n", name, cryptoerr()); - ret = -1; - goto cleanup; - } - - if (i2d_PKCS12_fp(fp, p12) == 0) { - wbku_printerr("cannot write %s: %s\n", name, cryptoerr()); - ret = -1; - goto cleanup; - } - -cleanup: - (void) fclose(fp); - if (p12 != NULL) - PKCS12_free(p12); - /* - * Put the cert and pkey off of the stack so that they won't - * be freed two times. (If they get left in the stack then - * they will be freed with the stack.) - */ - if (clist != NULL) { - if (cert != NULL && sk_X509_num(clist) == 1) { - /* LINTED */ - (void) sk_X509_delete(clist, 0); - } - sk_X509_pop_free(clist, X509_free); - } - if (klist != NULL) { - if (pkey != NULL && sk_EVP_PKEY_num(klist) == 1) { - /* LINTED */ - (void) sk_EVP_PKEY_delete(klist, 0); - } - sk_EVP_PKEY_pop_free(klist, sunw_evp_pkey_free); - } - - return (ret); -} - -static void -usage(void) -{ - (void) fprintf(stderr, - gettext("usage:\n" - " %s -i <file> -c <file> -k <file> -t <file> [-l <keyid> -v]\n" - "\n"), - progname); - (void) fprintf(stderr, - gettext(" where:\n" - " -i - input file to be split into component parts and put in\n" - " files given by -c, -k and -t\n" - " -c - output file for the client certificate\n" - " -k - output file for the client private key\n" - " -t - output file for the remaining certificates (assumed\n" - " to be trust anchors)\n" - "\n Files are assumed to be pkcs12-format files.\n\n" - " -v - verbose\n" - " -l - value of 'localkeyid' attribute in client cert and\n" - " private key to be selected from the input file.\n\n")); - exit(EXIT_FAILURE); -} - -/* - * Return a pointer to a static buffer that contains a listing of crypto - * errors. We presume that the user doesn't want more than 8KB of error - * messages :-) - */ -static const char * -cryptoerr(void) -{ - static char errbuf[8192]; - ulong_t err; - const char *pfile; - int line; - unsigned int nerr = 0; - - errbuf[0] = '\0'; - while ((err = ERR_get_error_line(&pfile, &line)) != 0) { - if (++nerr > 1) - (void) strlcat(errbuf, "\n\t", sizeof (errbuf)); - - if (err == (ulong_t)-1) { - (void) strlcat(errbuf, strerror(errno), - sizeof (errbuf)); - break; - } - (void) strlcat(errbuf, ERR_reason_error_string(err), - sizeof (errbuf)); - } - - return (errbuf); -} diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/wanboot-cgi/Makefile b/usr/src/cmd/cmd-inet/usr.lib/wanboot/wanboot-cgi/Makefile deleted file mode 100644 index 16e3eb8261..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/wanboot-cgi/Makefile +++ /dev/null @@ -1,40 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# - -include ../Makefile.com - -PROG = wanboot-cgi -LDLIBS += -lgen -lnsl -lwanbootutil -lnvpair -lwanboot -lcrypto -CPPFLAGS += -I$(CMNCRYPTDIR) -LINTFLAGS += -erroff=E_SUPPRESSION_DIRECTIVE_UNUSED - -all: $(PROG) - -install: all $(ROOTCMD) - -clean: - -lint: lint_PROG - -include ../../../../Makefile.targ diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/wanboot-cgi/wanboot-cgi.c b/usr/src/cmd/cmd-inet/usr.lib/wanboot/wanboot-cgi/wanboot-cgi.c deleted file mode 100644 index c8f391031a..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/wanboot-cgi/wanboot-cgi.c +++ /dev/null @@ -1,1903 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright 2012 Milan Jurik. All rights reserved. - */ - -#include <stdio.h> -#include <stdlib.h> -#include <strings.h> -#include <string.h> -#include <libgen.h> -#include <unistd.h> -#include <fcntl.h> -#include <errno.h> -#include <netdb.h> -#include <libnvpair.h> -#include <sys/types.h> -#include <sys/wait.h> -#include <sys/stat.h> -#include <sys/param.h> -#include <sys/sysmacros.h> -#include <sys/mman.h> -#include <sys/socket.h> -#include <sys/utsname.h> -#include <sys/wanboot_impl.h> -#include <netinet/in.h> -#include <arpa/inet.h> - -#include <openssl/crypto.h> -#include <openssl/x509.h> -#include <openssl/x509v3.h> -#include <openssl/pem.h> -#include <openssl/pkcs12.h> -#include <openssl/evp.h> -#include <openssl/err.h> - -#include <p12aux.h> - -#include <parseURL.h> -/* - * These can be replaced with wanbootutil.h once the openssl interfaces - * are moved to libwanboot. - */ -#include <wanboot/key_util.h> -#include <wanboot/key_xdr.h> -#include <hmac_sha1.h> - -#include <netboot_paths.h> -#include <wanboot_conf.h> - -/* - * Exit status: - */ -#define WBCGI_STATUS_OK 0 -#define WBCGI_STATUS_ERR 1 - -#define WBCGI_FILE_EXISTS(file, statbuf) \ - (stat(file, &statbuf) == 0 && S_ISREG(statbuf.st_mode)) - -#define WBCGI_DIR_EXISTS(dir, statbuf) \ - (stat(dir, &statbuf) == 0 && S_ISDIR(statbuf.st_mode)) - -#define WBCGI_HMAC_PATH "/usr/lib/inet/wanboot/hmac" -#define WBCGI_ENCR_PATH "/usr/lib/inet/wanboot/encr" -#define WBCGI_KEYMGMT_PATH "/usr/lib/inet/wanboot/keymgmt" -#define WBCGI_MKISOFS_PATH "/bin/mkisofs" - -#define WBCGI_DEV_URANDOM "/dev/urandom" - -#define WBCGI_CONTENT_TYPE "Content-Type: " -#define WBCGI_CONTENT_LENGTH "Content-Length: " -#define WBCGI_WANBOOT_BNDTXT "WANBoot_Part_Boundary" -#define WBCGI_CRNL "\r\n" - -#define WBCGI_CNSTR "CN=" -#define WBCGI_CNSTR_LEN (sizeof (WBCGI_CNSTR) - 1) -#define WBCGI_NAMESEP ",/\n\r" - -#define WBCGI_MAXBUF 256 - -/* - * Possible return values from netboot_ftw(): - */ -#define WBCGI_FTW_CBOK 2 /* CB terminated walk OK */ -#define WBCGI_FTW_CBCONT 1 /* CB wants walk should continue */ -#define WBCGI_FTW_DONE 0 /* Walk terminated without CBERR/CBOK */ -#define WBCGI_FTW_CBERR -1 /* CB terminated walk with err */ - -/* - * getsubopt() is used to map one of the contents[] keywords - * to one of these types - */ -#define WBCGI_CONTENT_ERROR -1 -#define WBCGI_CONTENT_BOOTFILE 0 -#define WBCGI_CONTENT_BOOTFS 1 -#define WBCGI_CONTENT_ROOTFS 2 - -static char *contents[] = - { "bootfile", "bootfs", "rootfs", NULL }; - -/* - * getsubopt() is used to parse the query string for - * the keywords defined by queryopts[] - */ -#define WBCGI_QUERYOPT_CONTENT 0 -#define WBCGI_QUERYOPT_NET 1 -#define WBCGI_QUERYOPT_CID 2 -#define WBCGI_QUERYOPT_NONCE 3 - -static char *queryopts[] = - { "CONTENT", "IP", "CID", "NONCE", NULL }; - -static bc_handle_t bc_handle; - - -static char * -status_msg(int status) -{ - char *msg; - - switch (status) { - case 400: - msg = "Bad Request"; - break; - case 403: - msg = "Forbidden"; - break; - case 500: - msg = "Internal Server Error"; - break; - default: - msg = "Unknown status"; - break; - } - - return (msg); -} - -static void -print_status(int status, const char *spec_msg) -{ - if (spec_msg == NULL) { - spec_msg = ""; - } - - (void) fprintf(stdout, "Status: %d %s %s%s", status, - status_msg(status), spec_msg, WBCGI_CRNL); -} - -static char * -make_path(const char *root, const char *suffix) -{ - char path[MAXPATHLEN]; - char *ptr = NULL; - int chars; - - if ((chars = snprintf(path, sizeof (path), - "%s/%s", root, suffix)) < 0 || chars > sizeof (path) || - (ptr = strdup(path)) == NULL) { - print_status(500, "(error making path)"); - } - - return (ptr); -} - -static void -free_path(char **pathp) -{ - if (*pathp != NULL) { - free(*pathp); - *pathp = NULL; - } -} - -static char * -gen_tmppath(const char *prefix, const char *net, const char *cid) -{ - pid_t pid; - time_t secs; - int chars; - char path[MAXPATHLEN]; - char *ptr = NULL; - - if ((pid = getpid()) < 0 || (secs = time(NULL)) < 0 || - (chars = snprintf(path, sizeof (path), "/tmp/%s_%s_%s_%ld_%ld", - prefix, net, cid, pid, secs)) < 0 || chars > sizeof (path) || - (ptr = strdup(path)) == NULL) { - print_status(500, "(error creating temporary filename)"); - } - - return (ptr); -} - -/* - * File I/O stuff: - */ -static boolean_t -write_buffer(int fd, const void *buffer, size_t buflen) -{ - size_t nwritten; - ssize_t nbytes; - const char *buf = buffer; - - for (nwritten = 0; nwritten < buflen; nwritten += nbytes) { - nbytes = write(fd, &buf[nwritten], buflen - nwritten); - if (nbytes <= 0) { - return (B_FALSE); - } - } - - return (B_TRUE); -} - -static boolean_t -write_file(int ofd, const char *filename, size_t size) -{ - boolean_t ret = B_TRUE; - int ifd; - char buf[1024]; - size_t rlen; - ssize_t wlen; - - if ((ifd = open(filename, O_RDONLY)) < 0) { - return (B_FALSE); - } - - for (; size != 0; size -= wlen) { - rlen = (size < sizeof (buf)) ? size : sizeof (buf); - - if ((wlen = read(ifd, buf, rlen)) < 0 || - !write_buffer(ofd, buf, wlen)) { - ret = B_FALSE; - break; - } - } - (void) close(ifd); - - return (ret); -} - -static boolean_t -copy_file(const char *src, const char *dest) -{ - boolean_t ret = B_FALSE; - char message[WBCGI_MAXBUF]; - const size_t chunksize = 16 * PAGESIZE; - size_t validsize; - size_t nwritten = 0; - size_t nbytes = 0; - off_t roff; - int mflags = MAP_PRIVATE; - char *buf = NULL; - struct stat st; - int rfd = -1; - int wfd = -1; - int chars; - - if ((rfd = open(src, O_RDONLY)) < 0 || - (wfd = open(dest, O_CREAT|O_EXCL|O_RDWR, S_IRUSR|S_IWUSR)) < 0 || - fstat(rfd, &st) == -1) { - goto cleanup; - } - - for (nbytes = st.st_size, roff = 0; nwritten < nbytes; - nwritten += validsize, roff += validsize) { - buf = mmap(buf, chunksize, PROT_READ, mflags, rfd, roff); - if (buf == MAP_FAILED) { - goto cleanup; - } - mflags |= MAP_FIXED; - - validsize = MIN(chunksize, nbytes - nwritten); - if (!write_buffer(wfd, buf, validsize)) { - (void) munmap(buf, chunksize); - goto cleanup; - } - - } - if (buf != NULL) { - (void) munmap(buf, chunksize); - } - - ret = B_TRUE; -cleanup: - if (ret == B_FALSE) { - if ((chars = snprintf(message, sizeof (message), - "error copying %s to %s", src, dest)) > 0 && - chars <= sizeof (message)) { - print_status(500, message); - } else { - print_status(500, NULL); - } - } - if (rfd != -1) { - (void) close(rfd); - } - if (wfd != -1) { - (void) close(wfd); - } - - return (ret); -} - -static boolean_t -create_nonce(const char *noncepath, const char *nonce) -{ - boolean_t ret = B_TRUE; - int fd; - - if ((fd = open(noncepath, - O_WRONLY|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR)) == -1 || - !write_buffer(fd, nonce, strlen(nonce))) { - print_status(500, "(error creating nonce file)"); - ret = B_FALSE; - } - if (fd != -1) { - (void) close(fd); - } - - return (ret); -} - -static boolean_t -create_timestamp(const char *timestamppath, const char *timestamp) -{ - boolean_t ret = B_TRUE; - int fd; - - if ((fd = open(timestamppath, - O_WRONLY|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR)) == -1 || - !write_buffer(fd, timestamp, strlen(timestamp))) { - print_status(500, "(error creating timestamp file)"); - ret = B_FALSE; - } - if (fd != -1) { - (void) close(fd); - } - - return (ret); -} - -static boolean_t -create_urandom(const char *urandompath) -{ - boolean_t ret = B_TRUE; - int fd; - - if ((fd = open(urandompath, - O_WRONLY|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR)) == -1 || - !write_file(fd, WBCGI_DEV_URANDOM, 32 * 1024)) { - print_status(500, "(error creating urandom file)"); - ret = B_FALSE; - } - if (fd != -1) { - (void) close(fd); - } - - return (ret); -} - -static boolean_t -create_null_hash(const char *hashpath) -{ - boolean_t ret = B_TRUE; - int fd; - static char null_hash[HMAC_DIGEST_LEN]; - - if ((fd = open(hashpath, - O_WRONLY|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR)) == -1 || - !write_buffer(fd, null_hash, sizeof (null_hash))) { - print_status(500, "(error creating null hash)"); - ret = B_FALSE; - } - if (fd != -1) { - (void) close(fd); - } - - return (ret); -} - - -static char * -determine_doc_root(void) -{ - char *doc_root; - - /* - * If DOCUMENT_ROOT is valid, use that. - */ - if ((doc_root = getenv("DOCUMENT_ROOT")) == NULL || - strlen(doc_root) == 0) { - /* - * No DOCUMENT_ROOT - try PATH_TRANSLATED. - */ - if ((doc_root = getenv("PATH_TRANSLATED")) == NULL || - strlen(doc_root) == 0) { - /* - * Can't determine the document root. - */ - return (NULL); - } - } - - return (doc_root); -} - -static boolean_t -get_request_info(int *contentp, char **netp, char **cidp, char **noncep, - char **docrootp) -{ - char *method; - char *query_string; - char *value; - char *junk; - int i; - - if ((method = getenv("REQUEST_METHOD")) == NULL || - strncasecmp(method, "GET", strlen("GET") != 0)) { - print_status(403, "(GET method expected)"); - return (B_FALSE); - } - - if ((query_string = getenv("QUERY_STRING")) == NULL) { - print_status(400, "(empty query string)"); - return (B_FALSE); - } - - for (i = 0; i < strlen(query_string); i++) { - if (query_string[i] == '&') { - query_string[i] = ','; - } - } - - *contentp = WBCGI_CONTENT_ERROR; - *netp = *cidp = *noncep = NULL; - - if ((*docrootp = determine_doc_root()) == NULL) { - print_status(400, "(unable to determine document root)"); - return (B_FALSE); - } - - while (*query_string != '\0') { - switch (getsubopt(&query_string, queryopts, &value)) { - case WBCGI_QUERYOPT_CONTENT: - *contentp = getsubopt(&value, contents, &junk); - break; - case WBCGI_QUERYOPT_NET: - *netp = value; - break; - case WBCGI_QUERYOPT_CID: - *cidp = value; - break; - case WBCGI_QUERYOPT_NONCE: - *noncep = value; - break; - default: - print_status(400, "(illegal query string)"); - return (B_FALSE); - } - } - - switch (*contentp) { - default: - print_status(400, "(missing or illegal CONTENT)"); - return (B_FALSE); - - case WBCGI_CONTENT_BOOTFS: - if (*netp == NULL || *cidp == NULL || *noncep == NULL) { - print_status(400, - "(CONTENT, IP, CID and NONCE required)"); - return (B_FALSE); - } - break; - - case WBCGI_CONTENT_BOOTFILE: - case WBCGI_CONTENT_ROOTFS: - if (*netp == NULL || *cidp == NULL || *docrootp == NULL) { - print_status(400, - "(CONTENT, IP, CID and DOCUMENT_ROOT required)"); - return (B_FALSE); - } - break; - } - - return (B_TRUE); -} - -static boolean_t -encrypt_payload(const char *payload, const char *encr_payload, - const char *keyfile, const char *encryption_type) -{ - struct stat sbuf; - int chars; - char cmd[MAXPATHLEN]; - FILE *fp; - int status; - char msg[WBCGI_MAXBUF]; - - if (!WBCGI_FILE_EXISTS(payload, sbuf)) { - print_status(500, "(encrypt_payload: missing payload)"); - return (B_FALSE); - } - - if ((chars = snprintf(cmd, sizeof (cmd), - "%s -o type=%s -k %s < %s > %s", WBCGI_ENCR_PATH, - encryption_type, keyfile, payload, encr_payload)) < 0 || - chars > sizeof (cmd)) { - print_status(500, "(encrypt_payload: buffer overflow)"); - return (B_FALSE); - } - - if ((fp = popen(cmd, "w")) == NULL) { - print_status(500, "(encrypt_payload: missing/file error)"); - return (B_FALSE); - } - if ((status = WEXITSTATUS(pclose(fp))) != 0) { - (void) snprintf(msg, sizeof (msg), - "(encrypt_payload: failed, status=%d)", status); - print_status(500, msg); - return (B_FALSE); - } - - if (!WBCGI_FILE_EXISTS(encr_payload, sbuf)) { - print_status(500, "(encrypt_payload: bad encrypted file)"); - return (B_FALSE); - } - - return (B_TRUE); -} - -static boolean_t -hash_payload(const char *payload, const char *payload_hash, - const char *keyfile) -{ - struct stat sbuf; - int chars; - char cmd[MAXPATHLEN]; - FILE *fp; - int status; - char msg[WBCGI_MAXBUF]; - - if (!WBCGI_FILE_EXISTS(payload, sbuf)) { - print_status(500, "(hash_payload: missing payload)"); - return (B_FALSE); - } - - if ((chars = snprintf(cmd, sizeof (cmd), "%s -i %s -k %s > %s", - WBCGI_HMAC_PATH, payload, keyfile, payload_hash)) < 0 || - chars > sizeof (cmd)) { - print_status(500, "(hash_payload: buffer overflow)"); - return (B_FALSE); - } - - if ((fp = popen(cmd, "w")) == NULL) { - print_status(500, "(hash_payload: missing/file error)"); - return (B_FALSE); - } - if ((status = WEXITSTATUS(pclose(fp))) != 0) { - (void) snprintf(msg, sizeof (msg), - "(hash_payload: failed, status=%d)", status); - print_status(500, msg); - return (B_FALSE); - } - - if (!WBCGI_FILE_EXISTS(payload_hash, sbuf) || - sbuf.st_size < HMAC_DIGEST_LEN) { - print_status(500, "(hash_payload: bad signature file)"); - return (B_FALSE); - } - - return (B_TRUE); -} - -static boolean_t -extract_keystore(const char *path, const char *keystorepath) -{ - struct stat sbuf; - int chars; - char cmd[MAXPATHLEN]; - FILE *fp; - int status; - char msg[WBCGI_MAXBUF]; - - if (!WBCGI_FILE_EXISTS(path, sbuf)) { - print_status(500, "(extract_keystore: missing keystore)"); - return (B_FALSE); - } - - if ((chars = snprintf(cmd, sizeof (cmd), - "%s -x -f %s -s %s -o type=rsa", - WBCGI_KEYMGMT_PATH, keystorepath, path)) < 0 || - chars > sizeof (cmd)) { - print_status(500, "(extract_keystore: buffer overflow)"); - return (B_FALSE); - } - - if ((fp = popen(cmd, "w")) == NULL) { - print_status(500, "(extract_keystore: missing/file error)"); - return (B_FALSE); - } - if ((status = WEXITSTATUS(pclose(fp))) != 0) { - (void) snprintf(msg, sizeof (msg), - "(extract_keystore: failed, status=%d)", status); - print_status(500, msg); - return (B_FALSE); - } - - if (!WBCGI_FILE_EXISTS(keystorepath, sbuf)) { - print_status(500, "(extract_keystore: failed to create)"); - return (B_FALSE); - } - - return (B_TRUE); -} - -static boolean_t -mkisofs(const char *image_dir, const char *image) -{ - struct stat sbuf; - int chars; - char cmd[MAXPATHLEN]; - FILE *fp; - int status; - char msg[WBCGI_MAXBUF]; - - if (!WBCGI_DIR_EXISTS(image_dir, sbuf)) { - print_status(500, "(mksiofs: missing image_dir)"); - return (B_FALSE); - } - - if ((chars = snprintf(cmd, sizeof (cmd), "%s -quiet -o %s -r %s", - WBCGI_MKISOFS_PATH, image, image_dir)) < 0 || - chars > sizeof (cmd)) { - print_status(500, "(mkisofs: buffer overflow)"); - return (B_FALSE); - } - - if ((fp = popen(cmd, "w")) == NULL) { - print_status(500, "(mkisofs: missing/file error)"); - return (B_FALSE); - } - if ((status = WEXITSTATUS(pclose(fp))) != 0) { - (void) snprintf(msg, sizeof (msg), - "(mkisofs: failed, status=%d)", status); - print_status(500, msg); - return (B_FALSE); - } - - if (!WBCGI_FILE_EXISTS(image, sbuf)) { - print_status(500, "(mksiofs: failed to create image)"); - return (B_FALSE); - } - - return (B_TRUE); -} - -/* - * This function, when invoked with a file name, optional network and - * client ID strings, and callback function will search for the file - * in the following locations: - * - * NB_NETBOOT_ROOT/<network>/<client id>/<file> - * NB_NETBOOT_ROOT/<client id>/<file> - * NB_NETBOOT_ROOT/<network>/<file> - * NB_NETBOOT_ROOT/<file> - * - * The callback function is invoked each time the file is found until - * we have searched all of the above locations or the callback function - * returns a value other than WBCGI_FTW_CBCONT. - * - * Arguments: - * filename - Name of file to search for. - * net - Optional network number to include in search hierarchy. - * cid - Optional client ID to include in search hierarchy. - * cb - Callback function to be called when file is found. - * arg - Argument to be supplied to the callback funtion. - * - * Returns: - * WBCGI_FTW_DONE, WBCGI_FTW_CBOK or WBCGI_FTW_CBERR. - */ -static int -netboot_ftw(const char *filename, const char *net, const char *cid, - int (*cb)(const char *, void *arg), void *arg) -{ - char ckpath[4][MAXPATHLEN]; - int ret; - struct stat buf; - int i = 0; - - if (snprintf(ckpath[i++], MAXPATHLEN, "%s%s", NB_NETBOOT_ROOT, filename) - >= MAXPATHLEN) - return (WBCGI_FTW_CBERR); - - if (net != NULL && snprintf(ckpath[i++], MAXPATHLEN, "%s%s/%s", - NB_NETBOOT_ROOT, net, filename) >= MAXPATHLEN) - return (WBCGI_FTW_CBERR); - - if (cid != NULL) { - if (snprintf(ckpath[i++], MAXPATHLEN, "%s%s/%s", - NB_NETBOOT_ROOT, cid, filename) >= MAXPATHLEN) - return (WBCGI_FTW_CBERR); - - if (net != NULL && snprintf(ckpath[i++], MAXPATHLEN, - "%s%s/%s/%s", NB_NETBOOT_ROOT, net, cid, filename) >= - MAXPATHLEN) - return (WBCGI_FTW_CBERR); - } - - /* - * Loop through hierarchy and check for file existence. - */ - while (i > 0) { - --i; - if (WBCGI_FILE_EXISTS(ckpath[i], buf)) { - if ((ret = cb(ckpath[i], arg)) != WBCGI_FTW_CBCONT) - return (ret); - } - } - return (WBCGI_FTW_DONE); -} - -/*ARGSUSED*/ -static int -noact_cb(const char *path, void *arg) -{ - return (WBCGI_FTW_CBOK); -} - -static int -set_pathname(const char *path, void *pathname) -{ - *(char **)pathname = strdup((char *)path); - return (WBCGI_FTW_CBOK); -} - -static int -create_keystore(const char *path, void *keystorepath) -{ - if (!extract_keystore(path, (char *)keystorepath)) { - return (WBCGI_FTW_CBERR); - } - return (WBCGI_FTW_CBOK); -} - -static int -copy_certstore(const char *path, void *certstorepath) -{ - if (!copy_file(path, (char *)certstorepath)) { - return (WBCGI_FTW_CBERR); - } - return (WBCGI_FTW_CBOK); -} - -/* - * Add the certs found in the trustfile found in path (a trust store) to - * the file found at bootfs_dir/truststore. If necessary, create the - * output file. - */ -static int -build_trustfile(const char *path, void *truststorepath) -{ - int ret = WBCGI_FTW_CBERR; - STACK_OF(X509) *i_anchors = NULL; - STACK_OF(X509) *o_anchors = NULL; - char message[WBCGI_MAXBUF]; - PKCS12 *p12 = NULL; - FILE *rfp = NULL; - FILE *wfp = NULL; - struct stat i_st; - struct stat o_st; - X509 *x = NULL; - int errtype = 0; - int wfd = -1; - int chars; - int i; - - if (!WBCGI_FILE_EXISTS(path, i_st)) { - goto cleanup; - } - - if (WBCGI_FILE_EXISTS((char *)truststorepath, o_st)) { - /* - * If we are inadvertantly writing to the input file. - * return success. - * XXX Pete: how can this happen, and why success? - */ - if (i_st.st_ino == o_st.st_ino) { - ret = WBCGI_FTW_CBCONT; - goto cleanup; - } - if ((wfp = fopen((char *)truststorepath, "r+")) == NULL) { - goto cleanup; - } - /* - * Read what's already there, so that new information - * can be added. - */ - if ((p12 = d2i_PKCS12_fp(wfp, NULL)) == NULL) { - errtype = 1; - goto cleanup; - } - i = sunw_PKCS12_parse(p12, WANBOOT_PASSPHRASE, DO_NONE, NULL, - 0, NULL, NULL, NULL, &o_anchors); - if (i <= 0) { - errtype = 1; - goto cleanup; - } - - PKCS12_free(p12); - p12 = NULL; - } else { - if (errno != ENOENT) { - chars = snprintf(message, sizeof (message), - "(error accessing file %s, error %s)", - path, strerror(errno)); - if (chars > 0 && chars < sizeof (message)) - print_status(500, message); - else - print_status(500, NULL); - return (WBCGI_FTW_CBERR); - } - - /* - * Note: We could copy the file to the new trustfile, but - * we can't verify the password that way. Therefore, copy - * it by reading it. - */ - if ((wfd = open((char *)truststorepath, - O_CREAT|O_EXCL|O_RDWR, 0700)) < 0) { - goto cleanup; - } - if ((wfp = fdopen(wfd, "w+")) == NULL) { - goto cleanup; - } - o_anchors = sk_X509_new_null(); - if (o_anchors == NULL) { - goto cleanup; - } - } - - if ((rfp = fopen(path, "r")) == NULL) { - goto cleanup; - } - if ((p12 = d2i_PKCS12_fp(rfp, NULL)) == NULL) { - errtype = 1; - goto cleanup; - } - i = sunw_PKCS12_parse(p12, WANBOOT_PASSPHRASE, DO_NONE, NULL, 0, NULL, - NULL, NULL, &i_anchors); - if (i <= 0) { - errtype = 1; - goto cleanup; - } - PKCS12_free(p12); - p12 = NULL; - - /* - * Merge the two stacks of pkcs12 certs. - */ - for (i = 0; i < sk_X509_num(i_anchors); i++) { - /* LINTED */ - x = sk_X509_delete(i_anchors, i); - (void) sk_X509_push(o_anchors, x); - } - - /* - * Create the pkcs12 structure from the modified input stack and - * then write out that structure. - */ - p12 = sunw_PKCS12_create((const char *)WANBOOT_PASSPHRASE, NULL, NULL, - o_anchors); - if (p12 == NULL) { - goto cleanup; - } - rewind(wfp); - if (i2d_PKCS12_fp(wfp, p12) == 0) { - goto cleanup; - } - - ret = WBCGI_FTW_CBCONT; -cleanup: - if (ret == WBCGI_FTW_CBERR) { - if (errtype == 1) { - chars = snprintf(message, sizeof (message), - "(internal PKCS12 error while copying %s to %s)", - path, (char *)truststorepath); - } else { - chars = snprintf(message, sizeof (message), - "(error copying %s to %s)", - path, (char *)truststorepath); - } - if (chars > 0 && chars <= sizeof (message)) { - print_status(500, message); - } else { - print_status(500, NULL); - } - } - if (rfp != NULL) { - (void) fclose(rfp); - } - if (wfp != NULL) { - /* Will also close wfd */ - (void) fclose(wfp); - } - if (p12 != NULL) { - PKCS12_free(p12); - } - if (i_anchors != NULL) { - sk_X509_pop_free(i_anchors, X509_free); - } - if (o_anchors != NULL) { - sk_X509_pop_free(o_anchors, X509_free); - } - - return (ret); -} - -static boolean_t -check_key_type(const char *keyfile, const char *keytype, int flag) -{ - boolean_t ret = B_FALSE; - FILE *key_fp = NULL; - wbku_key_attr_t ka; - - /* - * Map keytype into the ka structure - */ - if (wbku_str_to_keyattr(keytype, &ka, flag) != WBKU_SUCCESS) { - goto cleanup; - } - - /* - * Open the key file for reading. - */ - if ((key_fp = fopen(keyfile, "r")) == NULL) { - goto cleanup; - } - - /* - * Find the valid client key, if it exists. - */ - if (wbku_find_key(key_fp, NULL, &ka, NULL, B_FALSE) != WBKU_SUCCESS) { - goto cleanup; - } - - ret = B_TRUE; -cleanup: - if (key_fp != NULL) { - (void) fclose(key_fp); - } - - return (ret); -} - -static boolean_t -resolve_hostname(const char *hostname, nvlist_t *nvl, boolean_t may_be_crap) -{ - struct sockaddr_in sin; - struct hostent *hp; - struct utsname un; - static char myname[SYS_NMLN] = { '\0' }; - char *cp = NULL; - char msg[WBCGI_MAXBUF]; - - /* - * Initialize cached nodename - */ - if (strlen(myname) == 0) { - if (uname(&un) == -1) { - (void) snprintf(msg, sizeof (msg), - "(unable to retrieve uname, errno %d)", errno); - print_status(500, msg); - return (B_FALSE); - } - (void) strcpy(myname, un.nodename); - } - - /* - * If hostname is local node name, return the address this - * request came in on, which is supplied as SERVER_ADDR in the - * cgi environment. This ensures we don't send back a possible - * alternate address that may be unreachable from the client's - * network. Otherwise, just resolve with nameservice. - */ - if ((strcmp(hostname, myname) != 0) || - ((cp = getenv("SERVER_ADDR")) == NULL)) { - if (((hp = gethostbyname(hostname)) == NULL) || - (hp->h_addrtype != AF_INET) || - (hp->h_length != sizeof (struct in_addr))) { - if (!may_be_crap) { - print_status(500, "(error resolving hostname)"); - } - return (may_be_crap); - } - (void) memcpy(&sin.sin_addr, hp->h_addr, hp->h_length); - cp = inet_ntoa(sin.sin_addr); - } - - if (nvlist_add_string(nvl, (char *)hostname, cp) != 0) { - print_status(500, "(error adding hostname to nvlist)"); - return (B_FALSE); - } - - return (B_TRUE); -} - -/* - * one_name() is called for each certificate found and is passed the string - * that X509_NAME_oneline() returns. Its job is to find the common name and - * determine whether it is a host name; if it is then a line suitable for - * inclusion in /etc/inet/hosts is written to that file. - */ -static boolean_t -one_name(const char *namestr, nvlist_t *nvl) -{ - boolean_t ret = B_TRUE; - char *p; - char *q; - char c; - - if (namestr != NULL && - (p = strstr(namestr, WBCGI_CNSTR)) != NULL) { - p += WBCGI_CNSTR_LEN; - - if ((q = strpbrk(p, WBCGI_NAMESEP)) != NULL) { - c = *q; - *q = '\0'; - ret = resolve_hostname(p, nvl, B_TRUE); - *q = c; - } else { - ret = resolve_hostname(p, nvl, B_TRUE); - } - } - - return (ret); -} - -/* - * Loop through the certificates in a file - */ -static int -get_hostnames(const char *path, void *nvl) -{ - int ret = WBCGI_FTW_CBERR; - STACK_OF(X509) *certs = NULL; - PKCS12 *p12 = NULL; - char message[WBCGI_MAXBUF]; - char buf[WBCGI_MAXBUF + 1]; - FILE *rfp = NULL; - X509 *x = NULL; - int errtype = 0; - int chars; - int i; - - if ((rfp = fopen(path, "r")) == NULL) { - goto cleanup; - } - - if ((p12 = d2i_PKCS12_fp(rfp, NULL)) == NULL) { - errtype = 1; - goto cleanup; - } - i = sunw_PKCS12_parse(p12, WANBOOT_PASSPHRASE, DO_NONE, NULL, 0, NULL, - NULL, NULL, &certs); - if (i <= 0) { - errtype = 1; - goto cleanup; - } - - PKCS12_free(p12); - p12 = NULL; - - for (i = 0; i < sk_X509_num(certs); i++) { - /* LINTED */ - x = sk_X509_value(certs, i); - if (!one_name(sunw_issuer_attrs(x, buf, sizeof (buf) - 1), - nvl)) { - goto cleanup; - } - } - - ret = WBCGI_FTW_CBCONT; -cleanup: - if (ret == WBCGI_FTW_CBERR) { - if (errtype == 1) { - chars = snprintf(message, sizeof (message), - "(internal PKCS12 error reading %s)", path); - } else { - chars = snprintf(message, sizeof (message), - "error reading %s", path); - } - if (chars > 0 && chars <= sizeof (message)) { - print_status(500, message); - } else { - print_status(500, NULL); - } - } - if (rfp != NULL) { - (void) fclose(rfp); - } - if (p12 != NULL) { - PKCS12_free(p12); - } - if (certs != NULL) { - sk_X509_pop_free(certs, X509_free); - } - - return (ret); -} - -/* - * Create a hosts file by extracting hosts from client and truststore - * files. Use the CN. Then we should copy that file to the inet dir. - */ -static boolean_t -create_hostsfile(const char *hostsfile, const char *net, const char *cid) -{ - boolean_t ret = B_FALSE; - nvlist_t *nvl; - nvpair_t *nvp; - FILE *hostfp = NULL; - int hostfd = -1; - int i; - char *hostslist; - const char *bc_urls[] = { BC_ROOT_SERVER, BC_BOOT_LOGGER, NULL }; - - /* - * Allocate nvlist handle to store our hostname/IP pairs. - */ - if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) { - print_status(500, "(error allocating hostname nvlist)"); - goto cleanup; - } - - /* - * Extract and resolve hostnames from CNs. - */ - if (netboot_ftw(NB_CLIENT_CERT, net, cid, - get_hostnames, nvl) == WBCGI_FTW_CBERR || - netboot_ftw(NB_CA_CERT, net, cid, - get_hostnames, nvl) == WBCGI_FTW_CBERR) { - goto cleanup; - } - - /* - * Extract and resolve hostnames from any URLs in bootconf. - */ - for (i = 0; bc_urls[i] != NULL; ++i) { - char *urlstr; - url_t url; - - if ((urlstr = bootconf_get(&bc_handle, bc_urls[i])) != NULL && - url_parse(urlstr, &url) == URL_PARSE_SUCCESS) { - if (!resolve_hostname(url.hport.hostname, - nvl, B_FALSE)) { - goto cleanup; - } - } - } - - /* - * If there is a resolve-hosts list in bootconf, resolve those - * hostnames too. - */ - if ((hostslist = bootconf_get(&bc_handle, BC_RESOLVE_HOSTS)) != NULL) { - char *hostname; - - for (hostname = strtok(hostslist, ","); hostname != NULL; - hostname = strtok(NULL, ",")) { - if (!resolve_hostname(hostname, nvl, B_FALSE)) { - goto cleanup; - } - } - } - - /* - * Now write the hostname/IP pairs gathered to the hosts file. - */ - if ((hostfd = open(hostsfile, - O_RDWR|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR)) == -1 || - (hostfp = fdopen(hostfd, "w+")) == NULL) { - print_status(500, "(error creating hosts file)"); - goto cleanup; - } - for (nvp = nvlist_next_nvpair(nvl, NULL); nvp != NULL; - nvp = nvlist_next_nvpair(nvl, nvp)) { - char *hostname; - char *ipstr; - - hostname = nvpair_name(nvp); - if (nvpair_value_string(nvp, &ipstr) != 0) { - print_status(500, "(nvl error writing hosts file)"); - goto cleanup; - } - - if (fprintf(hostfp, "%s\t%s\n", ipstr, hostname) < 0) { - print_status(500, "(error writing hosts file)"); - goto cleanup; - } - } - - ret = B_TRUE; -cleanup: - if (nvl != NULL) { - nvlist_free(nvl); - } - if (hostfp != NULL) { - /* - * hostfd is automatically closed as well. - */ - (void) fclose(hostfp); - } - - return (ret); -} - -static boolean_t -bootfile_payload(const char *docroot, char **bootpathp) -{ - boolean_t ret = B_FALSE; - char *boot_file; - struct stat sbuf; - - if ((boot_file = bootconf_get(&bc_handle, BC_BOOT_FILE)) == NULL) { - print_status(500, "(boot_file must be specified)"); - goto cleanup; - } - if ((*bootpathp = make_path(docroot, boot_file)) == NULL) { - goto cleanup; - } - if (!WBCGI_FILE_EXISTS(*bootpathp, sbuf)) { - print_status(500, "(boot_file missing)"); - goto cleanup; - } - - ret = B_TRUE; -cleanup: - return (ret); -} - -/* - * Create the wanboot file system whose contents are determined by the - * security configuration specified in bootconf. - */ -static boolean_t -wanbootfs_payload(const char *net, const char *cid, const char *nonce, - const char *bootconf, char **wanbootfs_imagep) -{ - int ret = B_FALSE; - - char *server_authentication; - char *client_authentication; - char *scf; - - char *bootfs_dir = NULL; - char *bootfs_etc_dir = NULL; - char *bootfs_etc_inet_dir = NULL; - char *bootfs_dev_dir = NULL; - - char *systemconf = NULL; - char *keystorepath = NULL; - char *certstorepath = NULL; - char *truststorepath = NULL; - char *bootconfpath = NULL; - char *systemconfpath = NULL; - char *urandompath = NULL; - char *noncepath = NULL; - char *hostspath = NULL; - char *etc_hostspath = NULL; - char *timestamppath = NULL; - - boolean_t authenticate_client; - boolean_t authenticate_server; - - struct stat sbuf; - - /* - * Initialize SSL stuff. - */ - sunw_crypto_init(); - - /* - * Get the security strategy values. - */ - client_authentication = bootconf_get(&bc_handle, - BC_CLIENT_AUTHENTICATION); - authenticate_client = (client_authentication != NULL && - strcmp(client_authentication, "yes") == 0); - server_authentication = bootconf_get(&bc_handle, - BC_SERVER_AUTHENTICATION); - authenticate_server = (server_authentication != NULL && - strcmp(server_authentication, "yes") == 0); - - /* - * Make a temporary directory structure for the wanboot file system. - */ - if ((bootfs_dir = gen_tmppath("bootfs_dir", net, cid)) == NULL || - (bootfs_etc_dir = make_path(bootfs_dir, "etc")) == NULL || - (bootfs_etc_inet_dir = make_path(bootfs_etc_dir, "inet")) == NULL || - (bootfs_dev_dir = make_path(bootfs_dir, "dev")) == NULL) { - goto cleanup; - } - if (mkdirp(bootfs_dir, 0700) || - mkdirp(bootfs_etc_dir, 0700) || - mkdirp(bootfs_etc_inet_dir, 0700) || - mkdirp(bootfs_dev_dir, 0700)) { - print_status(500, "(error creating wanbootfs dir structure)"); - goto cleanup; - } - - if (authenticate_client) { - /* - * Add the client private key. - */ - if ((keystorepath = make_path(bootfs_dir, - NB_CLIENT_KEY)) == NULL || - netboot_ftw(NB_CLIENT_KEY, net, cid, - create_keystore, keystorepath) != WBCGI_FTW_CBOK) { - goto cleanup; - } - - /* - * Add the client certificate. - */ - if ((certstorepath = make_path(bootfs_dir, - NB_CLIENT_CERT)) == NULL || - netboot_ftw(NB_CLIENT_CERT, net, cid, - copy_certstore, certstorepath) != WBCGI_FTW_CBOK) { - goto cleanup; - } - } - - if (authenticate_client || authenticate_server) { - /* - * Add the trustfile; at least one truststore must exist. - */ - if ((truststorepath = make_path(bootfs_dir, - NB_CA_CERT)) == NULL) { - goto cleanup; - } - if (netboot_ftw(NB_CA_CERT, net, cid, - noact_cb, NULL) != WBCGI_FTW_CBOK) { - print_status(500, "(truststore not found)"); - } - if (netboot_ftw(NB_CA_CERT, net, cid, - build_trustfile, truststorepath) == WBCGI_FTW_CBERR) { - goto cleanup; - } - - /* - * Create the /dev/urandom file. - */ - if ((urandompath = make_path(bootfs_dev_dir, - "urandom")) == NULL || - !create_urandom(urandompath)) { - goto cleanup; - } - } - - /* - * Add the wanboot.conf(4) file. - */ - if ((bootconfpath = make_path(bootfs_dir, NB_WANBOOT_CONF)) == NULL || - !copy_file(bootconf, bootconfpath)) { - goto cleanup; - } - - /* - * Add the system_conf file if present. - */ - if ((scf = bootconf_get(&bc_handle, BC_SYSTEM_CONF)) != NULL) { - if (netboot_ftw(scf, net, cid, - set_pathname, &systemconf) != WBCGI_FTW_CBOK) { - print_status(500, "(system_conf file not found)"); - goto cleanup; - } - if ((systemconfpath = make_path(bootfs_dir, - NB_SYSTEM_CONF)) == NULL || - !copy_file(systemconf, systemconfpath)) { - goto cleanup; - } - } - - /* - * Create the /nonce file. - */ - if ((noncepath = make_path(bootfs_dir, "nonce")) == NULL || - !create_nonce(noncepath, nonce)) { - goto cleanup; - } - - /* - * Create an /etc/inet/hosts file by extracting hostnames from CN, - * URLs in bootconf and resolve-hosts in bootconf. - */ - if ((hostspath = make_path(bootfs_etc_inet_dir, "hosts")) == NULL || - !create_hostsfile(hostspath, net, cid)) { - goto cleanup; - } - - /* - * We would like to create a symbolic link etc/hosts -> etc/inet/hosts, - * but unfortunately the HSFS support in the standalone doesn't handle - * symlinks. - */ - if ((etc_hostspath = make_path(bootfs_etc_dir, "hosts")) == NULL || - !copy_file(hostspath, etc_hostspath)) { - goto cleanup; - } - - /* - * Create the /timestamp file. - */ - if ((timestamppath = make_path(bootfs_dir, "timestamp")) == NULL || - !create_timestamp(timestamppath, "timestamp")) { - goto cleanup; - } - - /* - * Create an HSFS file system for the directory. - */ - if ((*wanbootfs_imagep = gen_tmppath("wanbootfs", net, cid)) == NULL || - !mkisofs(bootfs_dir, *wanbootfs_imagep)) { - goto cleanup; - } - - ret = B_TRUE; -cleanup: - /* - * Clean up temporary files and directories. - */ - if (keystorepath != NULL && - WBCGI_FILE_EXISTS(keystorepath, sbuf)) { - (void) unlink(keystorepath); - } - if (certstorepath != NULL && - WBCGI_FILE_EXISTS(certstorepath, sbuf)) { - (void) unlink(certstorepath); - } - if (truststorepath != NULL && - WBCGI_FILE_EXISTS(truststorepath, sbuf)) { - (void) unlink(truststorepath); - } - if (bootconfpath != NULL && - WBCGI_FILE_EXISTS(bootconfpath, sbuf)) { - (void) unlink(bootconfpath); - } - if (systemconfpath != NULL && - WBCGI_FILE_EXISTS(systemconfpath, sbuf)) { - (void) unlink(systemconfpath); - } - if (urandompath != NULL && - WBCGI_FILE_EXISTS(urandompath, sbuf)) { - (void) unlink(urandompath); - } - if (noncepath != NULL && - WBCGI_FILE_EXISTS(noncepath, sbuf)) { - (void) unlink(noncepath); - } - if (hostspath != NULL && - WBCGI_FILE_EXISTS(hostspath, sbuf)) { - (void) unlink(hostspath); - } - if (etc_hostspath != NULL && - WBCGI_FILE_EXISTS(etc_hostspath, sbuf)) { - (void) unlink(etc_hostspath); - } - if (timestamppath != NULL && - WBCGI_FILE_EXISTS(timestamppath, sbuf)) { - (void) unlink(timestamppath); - } - - if (bootfs_etc_inet_dir != NULL && - WBCGI_DIR_EXISTS(bootfs_etc_inet_dir, sbuf)) { - (void) rmdir(bootfs_etc_inet_dir); - } - if (bootfs_etc_dir != NULL && - WBCGI_DIR_EXISTS(bootfs_etc_dir, sbuf)) { - (void) rmdir(bootfs_etc_dir); - } - if (bootfs_dev_dir != NULL && - WBCGI_DIR_EXISTS(bootfs_dev_dir, sbuf)) { - (void) rmdir(bootfs_dev_dir); - } - if (bootfs_dir != NULL && - WBCGI_DIR_EXISTS(bootfs_dir, sbuf)) { - (void) rmdir(bootfs_dir); - } - - /* - * Free allocated memory. - */ - free_path(&bootfs_dir); - free_path(&bootfs_etc_dir); - free_path(&bootfs_etc_inet_dir); - free_path(&bootfs_dev_dir); - - free_path(&systemconf); - free_path(&keystorepath); - free_path(&certstorepath); - free_path(&truststorepath); - free_path(&bootconfpath); - free_path(&systemconfpath); - free_path(&urandompath); - free_path(&noncepath); - free_path(&hostspath); - free_path(&etc_hostspath); - free_path(×tamppath); - - return (ret); -} - -static boolean_t -miniroot_payload(const char *net, const char *cid, const char *docroot, - char **rootpathp, char **rootinfop, boolean_t *https_rootserverp) -{ - boolean_t ret = B_FALSE; - char *root_server; - char *root_file; - url_t url; - struct stat sbuf; - char sizebuf[WBCGI_MAXBUF]; - int chars; - int fd = -1; - - if ((root_server = bootconf_get(&bc_handle, BC_ROOT_SERVER)) == NULL) { - print_status(500, "(root_server must be specified)"); - goto cleanup; - } - if (url_parse(root_server, &url) != URL_PARSE_SUCCESS) { - print_status(500, "(root_server URL is invalid)"); - } - *https_rootserverp = url.https; - - if ((root_file = bootconf_get(&bc_handle, BC_ROOT_FILE)) == NULL) { - print_status(500, "(rootfile must be specified)"); - goto cleanup; - } - if ((*rootpathp = make_path(docroot, root_file)) == NULL) { - goto cleanup; - } - if (!WBCGI_FILE_EXISTS(*rootpathp, sbuf)) { - print_status(500, "(root filesystem image missing)"); - goto cleanup; - } - - if ((*rootinfop = gen_tmppath("mrinfo", net, cid)) == NULL) { - goto cleanup; - } - if ((chars = snprintf(sizebuf, sizeof (sizebuf), "%ld", - sbuf.st_size)) < 0 || chars > sizeof (sizebuf) || - (fd = open(*rootinfop, - O_RDWR|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR)) == -1 || - !write_buffer(fd, sizebuf, strlen(sizebuf))) { - print_status(500, "(error creating miniroot info file)"); - goto cleanup; - } - - ret = B_TRUE; -cleanup: - if (fd != -1) { - (void) close(fd); - } - - return (ret); -} - -static boolean_t -deliver_payload(const char *payload, const char *payload_hash) -{ - int fd = fileno(stdout); - struct stat payload_buf, hash_buf; - int chars; - char main_header[WBCGI_MAXBUF]; - char multi_header[WBCGI_MAXBUF]; - char multi_header1[WBCGI_MAXBUF]; - char multi_header2[WBCGI_MAXBUF]; - char multi_end[WBCGI_MAXBUF]; - size_t msglen; - - if (!WBCGI_FILE_EXISTS(payload, payload_buf) || - !WBCGI_FILE_EXISTS(payload_hash, hash_buf)) { - print_status(500, "(payload/hash file(s) missing)"); - return (B_FALSE); - } - - /* - * Multi-part header. - */ - if ((chars = snprintf(multi_header, sizeof (multi_header), - "%s--%s%s%sapplication/octet-stream%s%s", WBCGI_CRNL, - WBCGI_WANBOOT_BNDTXT, WBCGI_CRNL, WBCGI_CONTENT_TYPE, WBCGI_CRNL, - WBCGI_CONTENT_LENGTH)) < 0 || chars > sizeof (multi_header)) { - print_status(500, "(error creating multi_header)"); - return (B_FALSE); - } - - /* - * Multi-part header for part one. - */ - if ((chars = snprintf(multi_header1, sizeof (multi_header1), - "%s%ld%s%s", multi_header, payload_buf.st_size, WBCGI_CRNL, - WBCGI_CRNL)) < 0 || chars > sizeof (multi_header1)) { - print_status(500, "(error creating multi_header1)"); - return (B_FALSE); - } - - /* - * Multi-part header for part two. - */ - if ((chars = snprintf(multi_header2, sizeof (multi_header2), - "%s%ld%s%s", multi_header, hash_buf.st_size, WBCGI_CRNL, - WBCGI_CRNL)) < 0 || chars > sizeof (multi_header2)) { - print_status(500, "(error creating multi_header2)"); - return (B_FALSE); - } - - /* - * End-of-parts Trailer. - */ - if ((chars = snprintf(multi_end, sizeof (multi_end), - "%s--%s--%s", WBCGI_CRNL, WBCGI_WANBOOT_BNDTXT, - WBCGI_CRNL)) < 0 || chars > sizeof (multi_end)) { - print_status(500, "(error creating multi_end)"); - return (B_FALSE); - } - - /* - * Message header. - */ - msglen = payload_buf.st_size + hash_buf.st_size + - strlen(multi_header1) + strlen(multi_header2) + strlen(multi_end); - - if ((chars = snprintf(main_header, sizeof (main_header), - "%s%u%s%smultipart/mixed; boundary=%s%s%s", WBCGI_CONTENT_LENGTH, - msglen, WBCGI_CRNL, WBCGI_CONTENT_TYPE, WBCGI_WANBOOT_BNDTXT, - WBCGI_CRNL, WBCGI_CRNL)) < 0 || chars > sizeof (main_header)) { - print_status(500, "(error creating main_header)"); - return (B_FALSE); - } - - /* - * Write the message out. If things fall apart during this then - * there's no way to report the error back to the client. - */ - if (!write_buffer(fd, main_header, strlen(main_header)) || - !write_buffer(fd, multi_header1, strlen(multi_header1)) || - !write_file(fd, payload, payload_buf.st_size) || - !write_buffer(fd, multi_header2, strlen(multi_header2)) || - !write_file(fd, payload_hash, hash_buf.st_size) || - !write_buffer(fileno(stdout), multi_end, strlen(multi_end))) { - return (B_FALSE); - } - - return (B_TRUE); -} - - -/*ARGSUSED*/ -int -main(int argc, char **argv) -{ - int ret = WBCGI_STATUS_ERR; - struct stat sbuf; - int content; - char *net; - char *cid; - char *nonce; - char *docroot; - char *payload; - char *signature_type; - char *encryption_type; - char *bootconf = NULL; - char *keyfile = NULL; - char *bootpath = NULL; - char *wanbootfs_image = NULL; - char *rootpath = NULL; - char *miniroot_info = NULL; - char *encr_payload = NULL; - char *payload_hash = NULL; - boolean_t https_rootserver; - - /* - * Process the query string. - */ - if (!get_request_info(&content, &net, &cid, &nonce, &docroot)) { - goto cleanup; - } - - /* - * Sanity check that the netboot directory exists. - */ - if (!WBCGI_DIR_EXISTS(NB_NETBOOT_ROOT, sbuf)) { - print_status(500, "(" NB_NETBOOT_ROOT " does not exist)"); - goto cleanup; - } - - /* - * Get absolute bootconf pathname. - */ - if (netboot_ftw(NB_WANBOOT_CONF, net, cid, - set_pathname, &bootconf) != WBCGI_FTW_CBOK) { - print_status(500, "(wanboot.conf not found)"); - goto cleanup; - } - - /* - * Initialize bc_handle from the given wanboot.conf file. - */ - if (bootconf_init(&bc_handle, bootconf) != BC_SUCCESS) { - char message[WBCGI_MAXBUF]; - int chars; - - chars = snprintf(message, sizeof (message), - "(wanboot.conf error: %s)", bootconf_errmsg(&bc_handle)); - if (chars > 0 && chars < sizeof (message)) - print_status(500, message); - else - print_status(500, "(wanboot.conf error)"); - goto cleanup; - } - - /* - * Get and check signature and encryption types, - * presence of helper utilities, keystore, etc. - */ - if ((signature_type = bootconf_get(&bc_handle, - BC_SIGNATURE_TYPE)) != NULL) { - if (!WBCGI_FILE_EXISTS(WBCGI_HMAC_PATH, sbuf)) { - print_status(500, "(hmac utility not found)"); - goto cleanup; - } - if (keyfile == NULL && netboot_ftw(NB_CLIENT_KEY, net, cid, - set_pathname, &keyfile) != WBCGI_FTW_CBOK) { - print_status(500, "(keystore not found)"); - goto cleanup; - } - if (!check_key_type(keyfile, signature_type, WBKU_HASH_KEY)) { - print_status(500, "(hash key not found)"); - goto cleanup; - } - } - if ((encryption_type = bootconf_get(&bc_handle, - BC_ENCRYPTION_TYPE)) != NULL) { - if (signature_type == NULL) { - print_status(500, "(encrypted but not signed)"); - goto cleanup; - } - if (!WBCGI_FILE_EXISTS(WBCGI_ENCR_PATH, sbuf)) { - print_status(500, "(encr utility not found)"); - goto cleanup; - } - if (keyfile == NULL && netboot_ftw(NB_CLIENT_KEY, net, cid, - set_pathname, &keyfile) != WBCGI_FTW_CBOK) { - print_status(500, "(keystore not found)"); - goto cleanup; - } - if (!check_key_type(keyfile, encryption_type, WBKU_ENCR_KEY)) { - print_status(500, "(encr key not found)"); - goto cleanup; - } - } - - /* - * Determine/create our payload. - */ - switch (content) { - case WBCGI_CONTENT_BOOTFILE: - if (!bootfile_payload(docroot, &bootpath)) { - goto cleanup; - } - payload = bootpath; - - break; - - case WBCGI_CONTENT_BOOTFS: - if (!wanbootfs_payload(net, cid, nonce, - bootconf, &wanbootfs_image)) { - goto cleanup; - } - payload = wanbootfs_image; - - break; - - case WBCGI_CONTENT_ROOTFS: - if (!miniroot_payload(net, cid, docroot, - &rootpath, &miniroot_info, &https_rootserver)) { - goto cleanup; - } - payload = rootpath; - - break; - } - - /* - * Encrypt the payload if necessary. - */ - if (content != WBCGI_CONTENT_BOOTFILE && - content != WBCGI_CONTENT_ROOTFS && - encryption_type != NULL) { - if ((encr_payload = gen_tmppath("encr", net, cid)) == NULL) { - goto cleanup; - } - - if (!encrypt_payload(payload, encr_payload, keyfile, - encryption_type)) { - goto cleanup; - } - - payload = encr_payload; - } - - /* - * Compute the hash (actual or null). - */ - if ((payload_hash = gen_tmppath("hash", net, cid)) == NULL) { - goto cleanup; - } - - if (signature_type != NULL && - (content != WBCGI_CONTENT_ROOTFS || !https_rootserver)) { - if (!hash_payload(payload, payload_hash, keyfile)) { - goto cleanup; - } - } else { - if (!create_null_hash(payload_hash)) { - goto cleanup; - } - } - - /* - * For the rootfs the actual payload transmitted is the file - * containing the size of the rootfs (as a string of ascii digits); - * point payload at this instead. - */ - if (content == WBCGI_CONTENT_ROOTFS) { - payload = miniroot_info; - } - - /* - * Finally, deliver the payload and hash as a multipart message. - */ - if (!deliver_payload(payload, payload_hash)) { - goto cleanup; - } - - ret = WBCGI_STATUS_OK; -cleanup: - /* - * Clean up temporary files. - */ - if (wanbootfs_image != NULL && - WBCGI_FILE_EXISTS(wanbootfs_image, sbuf)) { - (void) unlink(wanbootfs_image); - } - if (miniroot_info != NULL && - WBCGI_FILE_EXISTS(miniroot_info, sbuf)) { - (void) unlink(miniroot_info); - } - if (encr_payload != NULL && - WBCGI_FILE_EXISTS(encr_payload, sbuf)) { - (void) unlink(encr_payload); - } - if (payload_hash != NULL && - WBCGI_FILE_EXISTS(payload_hash, sbuf)) { - (void) unlink(payload_hash); - } - - /* - * Free up any allocated strings. - */ - free_path(&bootconf); - free_path(&keyfile); - free_path(&bootpath); - free_path(&wanbootfs_image); - free_path(&rootpath); - free_path(&miniroot_info); - free_path(&encr_payload); - free_path(&payload_hash); - - bootconf_end(&bc_handle); - - return (ret); -} diff --git a/usr/src/cmd/cmd-inet/usr.lib/wanboot/wanboot.xcl b/usr/src/cmd/cmd-inet/usr.lib/wanboot/wanboot.xcl deleted file mode 100644 index bdc2e166d0..0000000000 --- a/usr/src/cmd/cmd-inet/usr.lib/wanboot/wanboot.xcl +++ /dev/null @@ -1,61 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" -# - -msgid "type" -msgid "%s\n" -msgid "" -msgid "o:k:" -msgid "r" -msgid "i:k:" -msgid "do:" -msgid "/dev/openprom" -msgid "open: /dev/openprom" -msgid "setkey: ioctl" -msgid "getpassphrase" -msgid "%s " -msgid "0.0.0.0" -msgid "00000000000000" -msgid "net" -msgid "cid" -msgid "%s" -msgid "%s/%s" -msgid "%s/%s/%s" -msgid "/keystore" -msgid "r+" -msgid "w" -msgid "%04x" -msgid "\n" -msgid "master" -msgid "client" -msgid "dcmo:" -msgid ".XXXXXX" -msgid "%s.XXXXXX" -msgid "\n\t" -msgid "ixf:k:s:o:" -msgid "vc:i:k:l:t:" -msgid "none" diff --git a/usr/src/cmd/cmd-inet/usr.sbin/Makefile b/usr/src/cmd/cmd-inet/usr.sbin/Makefile index 972b9e497f..7a72f274b8 100644 --- a/usr/src/cmd/cmd-inet/usr.sbin/Makefile +++ b/usr/src/cmd/cmd-inet/usr.sbin/Makefile @@ -29,7 +29,7 @@ SYNCPROG= syncinit syncloop syncstat PROG= 6to4relay arp if_mpadm \ in.comsat in.fingerd in.rarpd in.rexecd in.rlogind \ in.rshd in.rwhod in.telnetd in.tftpd ipaddrsel \ - ndd ndp $(SYNCPROG) wanbootutil + ndd ndp $(SYNCPROG) MANIFEST= rarp.xml telnet.xml comsat.xml finger.xml \ login.xml shell.xml rexec.xml socket-filter-kssl.xml @@ -61,12 +61,12 @@ K5RSHDOBJS= in.rshd.o K5TELNETOBJS= in.telnetd.o SRCS= $(PROGSRCS) $(OTHERSRC) -SUBDIRS= bootconfchk ifconfig ilbadm in.rdisc in.routed \ +SUBDIRS= ifconfig ilbadm in.rdisc in.routed \ in.talkd inetadm inetconv ipadm ipmpstat ipqosconf ipsecutils \ kssl/kssladm kssl/ksslcfg nwamadm nwamcfg ping routeadm \ snoop sppptun traceroute wificonfig -MSGSUBDIRS= bootconfchk ifconfig ilbadm in.routed in.talkd \ +MSGSUBDIRS= ifconfig ilbadm in.routed in.talkd \ inetadm inetconv ipadm ipmpstat ipqosconf ipsecutils \ kssl/ksslcfg nwamadm nwamcfg routeadm sppptun snoop wificonfig @@ -80,7 +80,7 @@ LINTCLEAN= 6to4relay arp in.rlogind in.rshd in.telnetd in.tftpd \ # they're all clean, replace the dependency of the lint target # with SUBDIRS. Also (sigh) deal with the commented-out build lines # for the lint rule. -LINTSUBDIRS= bootconfchk ilbadm in.rdisc in.routed in.talkd inetadm \ +LINTSUBDIRS= ilbadm in.rdisc in.routed in.talkd inetadm \ inetconv ipmpstat ipqosconf ipsecutils kssl/kssladm \ kssl/ksslcfg nwamadm nwamcfg ping routeadm sppptun traceroute \ wificonfig diff --git a/usr/src/cmd/cmd-inet/usr.sbin/bootconfchk/Makefile b/usr/src/cmd/cmd-inet/usr.sbin/bootconfchk/Makefile deleted file mode 100644 index 2551ac5992..0000000000 --- a/usr/src/cmd/cmd-inet/usr.sbin/bootconfchk/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# - -include ../../../Makefile.cmd - -PROG = bootconfchk - -LDLIBS += -lwanbootutil -lwanboot - -CPPFLAGS += -I$(SRC)/common/net/wanboot/crypt - -.KEEP_STATE: - -all: $(PROG) - -install: all $(ROOTUSRSBINPROG) - -clean: - -lint: lint_PROG - -include ../../../Makefile.targ diff --git a/usr/src/cmd/cmd-inet/usr.sbin/bootconfchk/bootconfchk.c b/usr/src/cmd/cmd-inet/usr.sbin/bootconfchk/bootconfchk.c deleted file mode 100644 index d4e741ac6d..0000000000 --- a/usr/src/cmd/cmd-inet/usr.sbin/bootconfchk/bootconfchk.c +++ /dev/null @@ -1,92 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ -#pragma ident "%Z%%M% %I% %E% SMI" - -/* - * This program parses and validates a wanboot.conf(4) file, and reports - * any errors on standard error. - * - * Returns: - * = 0 - success - * > 0 - error (see exit codes below) - */ - -#include <libintl.h> -#include <locale.h> -#include <stdio.h> -#include <wanbootutil.h> -#include <wanboot_conf.h> - -/* - * Exit codes: - */ -#define BOOTCONFCHK_OK 0 -#define BOOTCONFCHK_INVALID 1 -#define BOOTCONFCHK_USAGE 2 - -int -main(int argc, char **argv) -{ - int ret = BOOTCONFCHK_OK; - char *bootconf; - bc_handle_t bc_handle; - - /* - * Do the necessary magic for localization support. - */ - (void) setlocale(LC_ALL, ""); -#if !defined(TEXT_DOMAIN) -#define TEXT_DOMAIN "SYS_TEST" -#endif /* !defined(TEXT_DOMAIN) */ - (void) textdomain(TEXT_DOMAIN); - - /* - * Initialize program name for use by wbku_printerr(). - */ - wbku_errinit(argv[0]); - - /* - * Check usage is legal. - */ - if (argc != 2) { - (void) fprintf(stderr, - gettext("Usage: %s bootconf_file\n"), argv[0]); - return (BOOTCONFCHK_USAGE); - } - bootconf = argv[1]; - - /* - * Parse and validate the given wanboot.conf(4) file. - */ - if (bootconf_init(&bc_handle, bootconf) != BC_SUCCESS) { - wbku_printerr("Error parsing/validating %s: %s\n", - bootconf, bootconf_errmsg(&bc_handle)); - ret = BOOTCONFCHK_INVALID; - } - bootconf_end(&bc_handle); - - return (ret); -} diff --git a/usr/src/cmd/cmd-inet/usr.sbin/wanbootutil.sh b/usr/src/cmd/cmd-inet/usr.sbin/wanbootutil.sh deleted file mode 100644 index 7280299202..0000000000 --- a/usr/src/cmd/cmd-inet/usr.sbin/wanbootutil.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/usr/bin/pfsh -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" - -# -# wanbootutil is a wrapper that executes programs in /usr/lib/inet/wanboot -# which are used to perform WAN boot administration tasks. -# - -case "$1" in -keygen | keymgmt | p12split) - exec /usr/lib/inet/wanboot/"$@" - ;; - -*) - echo "Usage: wanbootutil [keygen | keymgmt | p12split] [options] " - exit 1 - ;; -esac diff --git a/usr/src/common/net/wanboot/auxutil.c b/usr/src/common/net/wanboot/auxutil.c deleted file mode 100644 index b7ea152efb..0000000000 --- a/usr/src/common/net/wanboot/auxutil.c +++ /dev/null @@ -1,637 +0,0 @@ -/* - * ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - * Copyright 2002, 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - * - * All of the functions included here are internal to the pkcs12 functions - * in this library. None of these are exposed. - */ - -/* - * Copyright (c) 2012, OmniTI Computer Consulting, Inc. All rights reserved. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <stdio.h> -#include <string.h> - -#include <openssl/crypto.h> -#include <openssl/err.h> -#include <openssl/x509.h> - -#include <openssl/pkcs12.h> -#include <p12aux.h> -#include <auxutil.h> -#include <p12err.h> - -/* - * asc2bmpstring - Convert a regular C ASCII string to an ASn1_STRING in - * ASN1_BMPSTRING format. - * - * Arguments: - * str - String to be convered. - * len - Length of the string. - * - * Returns: - * == NULL - An error occurred. Error information (accessible by - * ERR_get_error()) is set. - * != NULL - Points to an ASN1_BMPSTRING structure with the converted - * string as a value. - */ -ASN1_BMPSTRING * -asc2bmpstring(const char *str, int len) -{ - ASN1_BMPSTRING *bmp = NULL; - uchar_t *uni = NULL; - int unilen; - - /* Convert the character to the bmp format. */ -#if OPENSSL_VERSION_NUMBER < 0x10000000L - if (asc2uni(str, len, &uni, &unilen) == 0) { -#else - if (OPENSSL_asc2uni(str, len, &uni, &unilen) == 0) { -#endif - SUNWerr(SUNW_F_ASC2BMPSTRING, SUNW_R_MEMORY_FAILURE); - return (NULL); - } - - /* - * Adjust for possible pair of NULL bytes at the end because - * asc2uni() returns a doubly null terminated string. - */ - if (uni[unilen - 1] == '\0' && uni[unilen - 2] == '\0') - unilen -= 2; - - /* Construct comparison string with correct format */ - bmp = M_ASN1_BMPSTRING_new(); - if (bmp == NULL) { - SUNWerr(SUNW_F_ASC2BMPSTRING, SUNW_R_MEMORY_FAILURE); - OPENSSL_free(uni); - return (NULL); - } - - bmp->data = uni; - bmp->length = unilen; - - return (bmp); -} - -/* - * utf82ascstr - Convert a UTF8STRING string to a regular C ASCII string. - * This goes through an intermediate step with a ASN1_STRING type of - * IA5STRING (International Alphabet 5, which is the same as ASCII). - * - * Arguments: - * str - UTF8STRING to be converted. - * - * Returns: - * == NULL - An error occurred. Error information (accessible by - * ERR_get_error()) is set. - * != NULL - Points to a NULL-termianted ASCII string. The caller must - * free it. - */ -uchar_t * -utf82ascstr(ASN1_UTF8STRING *ustr) -{ - ASN1_STRING tmpstr; - ASN1_STRING *astr = &tmpstr; - uchar_t *retstr = NULL; - int mbflag; - int ret; - - if (ustr == NULL || ustr->type != V_ASN1_UTF8STRING) { - SUNWerr(SUNW_F_UTF82ASCSTR, SUNW_R_INVALID_ARG); - return (NULL); - } - - mbflag = MBSTRING_ASC; - tmpstr.data = NULL; - tmpstr.length = 0; - - ret = ASN1_mbstring_copy(&astr, ustr->data, ustr->length, mbflag, - B_ASN1_IA5STRING); - if (ret < 0) { - SUNWerr(SUNW_F_UTF82ASCSTR, SUNW_R_STR_CONVERT_ERR); - return (NULL); - } - - retstr = OPENSSL_malloc(astr->length + 1); - if (retstr == NULL) { - SUNWerr(SUNW_F_UTF82ASCSTR, SUNW_R_MEMORY_FAILURE); - return (NULL); - } - - (void) memcpy(retstr, astr->data, astr->length); - retstr[astr->length] = '\0'; - OPENSSL_free(astr->data); - - return (retstr); -} - -/* - * set_results - Given two pointers to stacks of private keys, certs or CA - * CA certs, either copy the second stack to the first, or append the - * contents of the second to the first. - * - * Arguments: - * pkeys - Points to stack of pkeys - * work_kl - Points to working stack of pkeys - * certs - Points to stack of certs - * work_cl - Points to working stack of certs - * cacerts - Points to stack of CA certs - * work_ca - Points to working stack of CA certs - * xtrakeys - Points to stack of unmatcned pkeys - * work_xl - Points to working stack of unmatcned pkeys - * - * The arguments are in pairs. The first of each pair points to a stack - * of keys or certs. The second of the pair points at a 'working stack' - * of the same type of entities. Actions taken are as follows: - * - * - If either the first or second argument is NULL, or if there are no - * members in the second stack, there is nothing to do. - * - If the first argument points to a pointer which is NULL, then there - * is no existing stack for the first argument. Copy the stack pointer - * from the second argument to the first argument and NULL out the stack - * pointer for the second. - * - Otherwise, go through the elements of the second stack, removing each - * and adding it to the first stack. - * - * Returns: - * == -1 - An error occurred. Call ERR_get_error() to get error information. - * == 0 - No matching returns were found. - * > 0 - This is the arithmetic 'or' of the FOUND_* bits that indicate which - * of the requested entries were manipulated. - */ -int -set_results(STACK_OF(EVP_PKEY) **pkeys, STACK_OF(EVP_PKEY) **work_kl, - STACK_OF(X509) **certs, STACK_OF(X509) **work_cl, - STACK_OF(X509) **cacerts, STACK_OF(X509) **work_ca, - STACK_OF(EVP_PKEY) **xtrakeys, STACK_OF(EVP_PKEY) **work_xl) -{ - int retval = 0; - - if (pkeys != NULL && work_kl != NULL && *work_kl != NULL && - sk_EVP_PKEY_num(*work_kl) > 0) { - if (*pkeys == NULL) { - *pkeys = *work_kl; - *work_kl = NULL; - } else { - if (sunw_append_keys(*pkeys, *work_kl) < 0) { - return (-1); - } - } - retval |= FOUND_PKEY; - } - if (certs != NULL && work_cl != NULL && *work_cl != NULL && - sk_X509_num(*work_cl) > 0) { - if (*certs == NULL) { - *certs = *work_cl; - *work_cl = NULL; - } else { - if (move_certs(*certs, *work_cl) < 0) { - return (-1); - } - } - retval |= FOUND_CERT; - } - - if (cacerts != NULL && work_ca != NULL && *work_ca != NULL && - sk_X509_num(*work_ca) > 0) { - if (*cacerts == NULL) { - *cacerts = *work_ca; - *work_ca = NULL; - } else { - if (move_certs(*cacerts, *work_ca) < 0) { - return (-1); - } - } - retval |= FOUND_CA_CERTS; - } - - if (xtrakeys != NULL && work_xl != NULL && *work_xl != NULL && - sk_EVP_PKEY_num(*work_xl) > 0) { - if (*xtrakeys == NULL) { - *xtrakeys = *work_xl; - *work_xl = NULL; - } else { - if (sunw_append_keys(*xtrakeys, *work_xl) < 0) { - return (-1); - } - } - retval |= FOUND_XPKEY; - } - - return (retval); -} - -/* - * find_attr - Look for a given attribute of the type associated with the NID. - * - * Arguments: - * nid - NID for the attribute to be found (either NID_friendlyName or - * NID_locakKeyId) - * str - ASN1_STRING-type structure containing the value to be found, - * FriendlyName expects a ASN1_BMPSTRING and localKeyID uses a - * ASN1_STRING. - * kl - Points to a stack of private keys. - * pkey - Points at a location where the address of the matching private - * key will be stored. - * cl - Points to a stack of client certs with matching private keys. - * cert - Points to locaiton where the address of the matching client cert - * will be returned - * - * This function is designed to process lists of certs and private keys. - * This is made complex because these the attributes are stored differently - * for certs and for keys. For certs, only a few attributes are retained. - * FriendlyName is stored in the aux structure, under the name 'alias'. - * LocalKeyId is also stored in the aux structure, under the name 'keyid'. - * A pkey structure has a stack of attributes. - * - * The basic approach is: - * - If there there is no stack of certs but a stack of private keys exists, - * search the stack of keys for a match. Alternately, if there is a stack - * of certs and no private keys, search the certs. - * - * - If there are both certs and keys, assume that the matching certs and - * keys are in their respective stacks, with matching entries in the same - * order. Search for the name or keyid in the stack of certs. If it is - * not found, then this function returns 0 (nothing found). - * - * - Once a cert is found, verify that the key actually matches by - * comparing the private key with the public key (in the cert). - * If they don't match, return an error. - * - * A pointer to cert and/or pkey which matches the name or keyid is stored - * in the return arguments. - * - * Returns: - * 0 - No matches were found. - * > 0 - Bits set based on FOUND_* definitions, indicating what was found. - * This can be FOUND_PKEY, FOUND_CERT or (FOUND_PKEY | FOUND_CERT). - */ -int -find_attr(int nid, ASN1_STRING *str, STACK_OF(EVP_PKEY) *kl, EVP_PKEY **pkey, - STACK_OF(X509) *cl, X509 **cert) -{ - ASN1_UTF8STRING *ustr = NULL; - ASN1_STRING *s; - ASN1_TYPE *t; - EVP_PKEY *p; - uchar_t *fname = NULL; - X509 *x; - int found = 0; - int chkcerts; - int len; - int res; - int c = -1; - int k = -1; - - chkcerts = (cert != NULL || pkey != NULL) && cl != NULL; - if (chkcerts && nid == NID_friendlyName && - str->type == V_ASN1_BMPSTRING) { - ustr = ASN1_UTF8STRING_new(); - if (ustr == NULL) { - SUNWerr(SUNW_F_FINDATTR, SUNW_R_MEMORY_FAILURE); - return (0); - } - len = ASN1_STRING_to_UTF8(&fname, str); - if (fname == NULL) { - ASN1_UTF8STRING_free(ustr); - SUNWerr(SUNW_F_FINDATTR, SUNW_R_STR_CONVERT_ERR); - return (0); - } - - if (ASN1_STRING_set(ustr, fname, len) == 0) { - ASN1_UTF8STRING_free(ustr); - OPENSSL_free(fname); - SUNWerr(SUNW_F_FINDATTR, SUNW_R_MEMORY_FAILURE); - return (0); - } - } - - if (chkcerts) { - for (c = 0; c < sk_X509_num(cl); c++) { - res = -1; - x = sk_X509_value(cl, c); - if (nid == NID_friendlyName && ustr != NULL) { - if (x->aux == NULL || x->aux->alias == NULL) - continue; - s = x->aux->alias; - if (s != NULL && s->type == ustr->type && - s->data != NULL) { - res = ASN1_STRING_cmp(s, ustr); - } - } else { - if (x->aux == NULL || x->aux->keyid == NULL) - continue; - s = x->aux->keyid; - if (s != NULL && s->type == str->type && - s->data != NULL) { - res = ASN1_STRING_cmp(s, str); - } - } - if (res == 0) { - if (cert != NULL) - *cert = sk_X509_delete(cl, c); - found = FOUND_CERT; - break; - } - } - if (ustr != NULL) { - ASN1_UTF8STRING_free(ustr); - OPENSSL_free(fname); - } - } - - if (pkey != NULL && kl != NULL) { - /* - * Looking for pkey to match a cert? If so, assume that - * lists of certs and their matching pkeys are in the same - * order. Call X509_check_private_key() to verify this - * assumption. - */ - if (found != 0 && cert != NULL) { - k = c; - p = sk_EVP_PKEY_value(kl, k); - if (X509_check_private_key(x, p) != 0) { - if (pkey != NULL) - *pkey = sk_EVP_PKEY_delete(kl, k); - found |= FOUND_PKEY; - } - } else if (cert == NULL) { - for (k = 0; k < sk_EVP_PKEY_num(kl); k++) { - p = sk_EVP_PKEY_value(kl, k); - if (p == NULL || p->attributes == NULL) - continue; - - t = PKCS12_get_attr_gen(p->attributes, nid); - if (t != NULL || ASN1_STRING_cmp(str, - t->value.asn1_string) == 0) - continue; - - found |= FOUND_PKEY; - if (pkey != NULL) - *pkey = sk_EVP_PKEY_delete(kl, k); - break; - } - } - } - - return (found); -} - -/* - * find_attr_by_nid - Given a ASN1_TYPE, return the offset of a X509_ATTRIBUTE - * of the type specified by the given NID. - * - * Arguments: - * attrs - Stack of attributes to search - * nid - NID of the attribute being searched for - * - * Returns: - * -1 None found - * != -1 Offset of the matching attribute. - */ -int -find_attr_by_nid(STACK_OF(X509_ATTRIBUTE) *attrs, int nid) -{ - X509_ATTRIBUTE *a; - int i; - - if (attrs == NULL) - return (-1); - - for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) { - a = sk_X509_ATTRIBUTE_value(attrs, i); - if (OBJ_obj2nid(a->object) == nid) - return (i); - } - return (-1); -} - -/* - * get_key_cert - Get a cert and its matching key from the stacks of certs - * and keys. They are removed from the stacks. - * - * Arguments: - * n - Offset of the entries to return. - * kl - Points to a stack of private keys that matches the list of - * certs below. - * pkey - Points at location where the address of the matching private - * key will be stored. - * cl - Points to a stack of client certs with matching private keys. - * cert - Points to locaiton where the address of the matching client cert - * will be returned - * - * The assumption is that the stacks of keys and certs contain key/cert pairs, - * with entries in the same order and hence at the same offset. Provided - * the key and cert selected match, each will be removed from its stack and - * returned. - * - * A stack of certs can be passed in without a stack of private keys, and vise - * versa. In that case, the indicated key/cert will be returned. - * - * Returns: - * 0 - No matches were found. - * > 0 - Bits set based on FOUND_* definitions, indicating what is returned. - * This can be FOUND_PKEY, FOUND_CERT or (FOUND_PKEY | FOUND_CERT). - */ -int -get_key_cert(int n, STACK_OF(EVP_PKEY) *kl, EVP_PKEY **pkey, STACK_OF(X509) *cl, - X509 **cert) -{ - int retval = 0; - int nk; - int nc; - - nk = (kl != NULL) ? sk_EVP_PKEY_num(kl) : 0; - nc = (cl != NULL) ? sk_X509_num(cl) : 0; - - if (pkey != NULL && *pkey == NULL) { - if (nk > 0 && n >= 0 || n < nk) { - *pkey = sk_EVP_PKEY_delete(kl, n); - if (*pkey != NULL) - retval |= FOUND_PKEY; - } - } - - if (cert != NULL && *cert == NULL) { - if (nc > 0 && n >= 0 && n < nc) { - *cert = sk_X509_delete(cl, n); - if (*cert != NULL) - retval |= FOUND_CERT; - } - } - - return (retval); -} - -/* - * type2attrib - Given a ASN1_TYPE, return a X509_ATTRIBUTE of the type - * specified by the given NID. - * - * Arguments: - * ty - Type structure to be made into an attribute - * nid - NID of the attribute - * - * Returns: - * NULL An error occurred. - * != NULL An X509_ATTRIBUTE structure. - */ -X509_ATTRIBUTE * -type2attrib(ASN1_TYPE *ty, int nid) -{ - X509_ATTRIBUTE *a; - - if ((a = X509_ATTRIBUTE_new()) == NULL || - (a->value.set = sk_ASN1_TYPE_new_null()) == NULL || - sk_ASN1_TYPE_push(a->value.set, ty) == 0) { - if (a != NULL) - X509_ATTRIBUTE_free(a); - SUNWerr(SUNW_F_TYPE2ATTRIB, SUNW_R_MEMORY_FAILURE); - return (NULL); - } - a->single = 0; - a->object = OBJ_nid2obj(nid); - - return (a); -} - -/* - * attrib2type - Given a X509_ATTRIBUTE, return pointer to the ASN1_TYPE - * component - * - * Arguments: - * attr - Attribute structure containing a type. - * - * Returns: - * NULL An error occurred. - * != NULL An ASN1_TYPE structure. - */ -ASN1_TYPE * -attrib2type(X509_ATTRIBUTE *attr) -{ - ASN1_TYPE *ty = NULL; - - if (attr == NULL || attr->single == 1) - return (NULL); - - if (sk_ASN1_TYPE_num(attr->value.set) > 0) - ty = sk_ASN1_TYPE_value(attr->value.set, 0); - - return (ty); -} - -/* - * move_certs - Given two stacks of certs, remove the certs from - * the second stack and append them to the first. - * - * Arguments: - * dst - the stack to receive the certs from 'src' - * src - the stack whose certs are to be moved. - * - * Returns: - * -1 - An error occurred. The error status is set. - * >= 0 - The number of certs that were copied. - */ -int -move_certs(STACK_OF(X509) *dst, STACK_OF(X509) *src) -{ - X509 *tmpc; - int count = 0; - - while (sk_X509_num(src) > 0) { - tmpc = sk_X509_delete(src, 0); - if (sk_X509_push(dst, tmpc) == 0) { - X509_free(tmpc); - SUNWerr(SUNW_F_MOVE_CERTS, SUNW_R_MEMORY_FAILURE); - return (-1); - } - count++; - } - - return (count); -} - -/* - * print_time - Given an ASN1_TIME, print one or both of the times. - * - * Arguments: - * fp - File to write to - * t - The time to format and print. - * - * Returns: - * 0 - Error occurred while opening or writing. - * > 0 - Success. - */ -int -print_time(FILE *fp, ASN1_TIME *t) -{ - BIO *bp; - int ret = 1; - - if ((bp = BIO_new(BIO_s_file())) == NULL) { - return (0); - } - - (void) BIO_set_fp(bp, fp, BIO_NOCLOSE); - ret = ASN1_TIME_print(bp, t); - (void) BIO_free(bp); - - return (ret); -} diff --git a/usr/src/common/net/wanboot/auxutil.h b/usr/src/common/net/wanboot/auxutil.h deleted file mode 100644 index c0b30540d5..0000000000 --- a/usr/src/common/net/wanboot/auxutil.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright 2002, 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _AUXUTIL_H -#define _AUXUTIL_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#ifdef __cplusplus -extern "C" { -#endif - -#undef NULL -#define NULL ((void *) 0) - -ASN1_BMPSTRING *asc2bmpstring(const char *, int); - -uchar_t *utf82ascstr(ASN1_UTF8STRING *); - -int set_results(STACK_OF(EVP_PKEY) **, STACK_OF(EVP_PKEY) **, STACK_OF(X509) **, - STACK_OF(X509) **, STACK_OF(X509) **, STACK_OF(X509) **, - STACK_OF(EVP_PKEY) **, STACK_OF(EVP_PKEY) **); - -int find_attr(int, ASN1_STRING *, STACK_OF(EVP_PKEY) *, EVP_PKEY **, - STACK_OF(X509) *, X509 **); - -int find_attr_by_nid(STACK_OF(X509_ATTRIBUTE) *, int); - -int get_key_cert(int, STACK_OF(EVP_PKEY) *, EVP_PKEY **, STACK_OF(X509) *, - X509 **); - -X509_ATTRIBUTE *type2attrib(ASN1_TYPE *, int); - -ASN1_TYPE *attrib2type(X509_ATTRIBUTE *); - -int move_certs(STACK_OF(X509) *, STACK_OF(X509) *); - -int print_time(FILE *, ASN1_TIME *); - - -#ifdef __cplusplus -} -#endif - -#endif /* _AUXUTIL_H */ diff --git a/usr/src/common/net/wanboot/boot_http.c b/usr/src/common/net/wanboot/boot_http.c deleted file mode 100644 index 213d5e44c6..0000000000 --- a/usr/src/common/net/wanboot/boot_http.c +++ /dev/null @@ -1,2929 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ - -/* - * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2012, OmniTI Computer Consulting, Inc. All rights reserved. - */ - -#include <errno.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <ctype.h> -#include <stdio.h> -#include <strings.h> -#include <stdlib.h> -#include <netdb.h> - -#include <openssl/ssl.h> -#include <openssl/err.h> -#include <openssl/rand.h> -#include <openssl/pkcs12.h> - -/* this must be included after ssl.h to avoid re-defining 'offsetof' */ -#include <sys/sysmacros.h> - -#include <boot_http.h> -#include <socket_inet.h> -#include <p12access.h> - -#include "bootlog.h" - -#define BOOT_HTTP_MAJOR_VERSION 1 -#define BOOT_HTTP_MINOR_VERSION 0 -#define BOOT_HTTP_MICRO_VERSION 0 - -static boot_http_ver_t boot_http_ver = { - BOOT_HTTP_MAJOR_VERSION, - BOOT_HTTP_MINOR_VERSION, - BOOT_HTTP_MICRO_VERSION -}; - -static int early_err; /* Error from before error occurred */ - -static boolean_t verbosemode = B_FALSE; -static char *cipher_list = NULL; /* Ciphers supported (if not default) */ - -typedef struct { - int i; /* current position in buffer */ - int n; /* number of bytes in buffer */ - char buf[512]; /* buffer */ -} buf_struct_t; - -typedef struct { - uint_t errsrc; /* Source of this error */ - ulong_t error; /* Which error? */ -} errent_t; - - -typedef enum { - HTTP_REQ_TYPE_HEAD = 1, - HTTP_REQ_TYPE_GET -} http_req_t; - -#define FAILSAFE 20 /* Max # empty lines to accept */ -#define DEFAULT_TIMEOUT 10 /* Default socket read timeout value */ -#define HTTP_CONN_INFO 0x90919293 /* Identifies a http_conn_t struct */ -#define ESTACK_SIZE 20 /* Size of the stack */ - -typedef struct http_conn_t { - uint_t signature; /* Cookie indicating this is a handle */ - int fd; /* Connection's fd... */ - SSL_CTX *ctx; - void *ssl; /* Handle to ssl data structure */ - int read_timeout; /* Timeout to use on read requests in sec */ - char *basic_auth_userid; /* Basic authentication user ID */ - char *basic_auth_password; /* and password */ - char is_multipart; /* B_TRUE if doing multipart/mixed download */ - char is_firstpart; /* B_TRUE if first part in a multipart xfer */ - char is_firstchunk; /* B_TRUE if first chunk in chunked xfer */ - char is_chunked; /* B_TRUE if message body is chunked */ - boolean_t keepalive; - struct sockaddr_in host_addr; /* Address of host */ - url_t uri; /* The current URI */ - url_hport_t proxy; /* The proxy info */ - boolean_t proxied; /* Connection is proxied */ - char *random_file; /* File with seed info for pseudo random */ - /* number generator */ - char *client_cert_file; /* File holding client's certificate */ - char *private_key_file; /* File with the private key */ - char *file_password; /* file with password to key or pkcs12 file. */ - http_respinfo_t resp; /* Response summary info */ - char **resphdr; /* Array of header response lines */ - buf_struct_t inbuf; - char *boundary; /* Boundary text (multipart downloads only) */ - uint_t boundary_len; /* Length of boundary string */ - uint_t numerrs; - uint_t nexterr; /* Next error to return */ - ssize_t body_size; /* Size of message body or chunk */ - ssize_t body_read; /* # of bytes of body_size processed */ - ssize_t body_size_tot; /* Total message body size */ - ssize_t body_read_tot; /* # of bytes of body_size_tot processed */ - errent_t errs[ESTACK_SIZE]; /* stack of errors on the last request */ - /* (libssl can return multiple errors on one */ - /* operation) */ -} http_conn_t; - -/* - * Convenient macros for accessing fields in connection structure. - */ -#define CONN_HOSTNAME c_id->uri.hport.hostname -#define CONN_PORT c_id->uri.hport.port -#define CONN_ABSPATH c_id->uri.abspath -#define CONN_HTTPS c_id->uri.https -#define CONN_PROXY_HOSTNAME c_id->proxy.hostname -#define CONN_PROXY_PORT c_id->proxy.port - -#define RESET_ERR(c_id) (c_id)->numerrs = 0, (c_id)->nexterr = 0 -#define SET_ERR(c_id, src, err) if ((c_id)->numerrs < ESTACK_SIZE) \ - (c_id)->errs[(c_id)->numerrs].errsrc = (src), \ - (c_id)->errs[(c_id)->numerrs ++].error = (err) - -#define GET_ERR(c_id, e_src, e_code) \ - if ((c_id)->nexterr < (c_id)->numerrs) \ - (e_src) = (c_id)->errs[((c_id)->nexterr)].errsrc, \ - (e_code) = (c_id)->errs[((c_id)->nexterr)++].error; \ - else \ - (e_src) = 0, (e_code) = 0 - -/* - * Macro used to increment message body read counters - */ -#define INC_BREAD_CNT(bool, bcnt) \ - if (bool) { \ - bcnt--; \ - c_id->body_read++;\ - c_id->body_read_tot++; \ - } - -static int ssl_init = 0; /* 1 when ssl has been initialized */ -static char *ca_verify_file; /* List of trusted CA's */ -static int verify_depth = 16; /* Certificate chain depth to verify */ -static int p12_format = 0; /* Default to PEM format */ - - -/* prototypes for local functions */ -static int http_req(http_handle_t, const char *, http_req_t, offset_t, - offset_t); -static boolean_t http_check_conn(http_conn_t *); -static SSL_CTX *initialize_ctx(http_conn_t *); -static int tcp_connect(http_conn_t *, const char *, uint16_t); -static int readline(http_conn_t *, int, char *, int); -static int proxy_connect(http_conn_t *); -static int check_cert_chain(http_conn_t *, char *); -static void print_ciphers(SSL *); -static int read_headerlines(http_conn_t *, boolean_t); -static void free_response(http_conn_t *, int); -static int free_ctx_ssl(http_conn_t *); -static int get_chunk_header(http_conn_t *); -static int init_bread(http_conn_t *); -static int get_msgcnt(http_conn_t *, ssize_t *); -static int getaline(http_conn_t *, char *, int, boolean_t); -static int getbytes(http_conn_t *, char *, int); -static int http_srv_send(http_conn_t *, const void *, size_t); -static int http_srv_recv(http_conn_t *, void *, size_t); -static void handle_ssl_error(http_conn_t *, int); -static int count_digits(int); -static int hexdigit(char); -static char *eat_ws(const char *); -static boolean_t startswith(const char **strp, const char *starts); - -/* ---------------------- public functions ----------------------- */ - -/* - * http_set_p12_format - Set flag indicating that certs & keys will be in - * pkcs12 format. - * - * Default is PEM certs. When this is called, the default can be changed to - * pcs12 format. - */ -void -http_set_p12_format(int on_off) -{ - p12_format = on_off; -} - -/* - * http_get_version - Get current boot http support version - * - * pVer = http_get_version(); - * - * Arguments: - * None. - * - * Returns: - * Pointer to struct with version information. - * - * Returns the version of the http support in the current library. This - * is a struct with unsigned integsrs for <major>, <minor> and - * <micro> version numbers. <major> changes when an incompatible change - * is made. <minor> changes when an upwardly-compatible API change is - * made. <micro> consists of bug fixes, etc. - */ -boot_http_ver_t const * -http_get_version(void) -{ - return (&boot_http_ver); -} - -/* - * http_set_verbose - Turn verbose on/off - * - * http_set_verbose(on_off); - * - * Arguments: - * on_off - When TRUE, turn verbose mode one. When FALSE, turn - * verbose off. - * - * Returns: - * None. - * - * When enabled, information is logged to bootlog (or the Solaris equivalent). - */ -void -http_set_verbose(boolean_t on_off) -{ - verbosemode = on_off; -} - -/* - * http_set_cipher_list - Change the list of ciphers that can be used. - * - * ret = http_set_cipher_list(handle, list); - * - * Arguments: - * list - List of ciphers that can be used. - * - * Returns: - * 0 - Success - * -1 - An error occurred. Check http_get_lasterr(). - */ -int -http_set_cipher_list(const char *list) -{ - early_err = 0; - - if (list != NULL) { - list = strdup(list); - if (list == NULL) { - early_err = EHTTP_NOMEM; - return (-1); - } - } - - free(cipher_list); - cipher_list = (char *)list; - return (0); -} - -/* - * http_srv_init - Set up a structure for a connection. - * - * handle = http_srv_init(url); - * - * Arguments: - * url - the structure that contains the URI. - * - * Returns: - * != NULL - A handle for referring to this connection. - * == NULL - An error occurred. Get the exact error from - * http_get_lasterr(). - */ -http_handle_t -http_srv_init(const url_t *url) -{ - http_conn_t *c_id; - - early_err = 0; - if (url == NULL) { - early_err = EHTTP_BADARG; - return (NULL); - } - - if ((c_id = malloc(sizeof (*c_id))) == NULL) { - early_err = EHTTP_NOMEM; - return (NULL); - } - - bzero(c_id, sizeof (*c_id)); - c_id->uri = *url; - c_id->proxied = B_FALSE; - c_id->read_timeout = DEFAULT_TIMEOUT; - c_id->keepalive = B_TRUE; - c_id->fd = -1; - - /* Do this at the end, just in case.... */ - c_id->signature = HTTP_CONN_INFO; - - return (c_id); -} - -/* - * http_conn_is_https - Determine whether the scheme is http or https. - * - * B_TRUE - Connection is an SSL connection. - * B_FALSE - Connection isn't SSL. - * - * ret = http_conn_is_https(handle, boolean_t *bool); - * - * Arguments: - * handle - Handle associated with the desired connection - * bool - Ptr to boolean in which to place result - * - * Returns: - * 0 - Success - * -1 - Some error occurred. - */ -int -http_conn_is_https(http_handle_t handle, boolean_t *bool) -{ - http_conn_t *c_id = handle; - - if (!http_check_conn(c_id)) - return (-1); - - *bool = CONN_HTTPS; - return (0); -} - -/* - * http_set_proxy - Establish the proxy name/port. - * - * ret = http_set_proxy(handle, proxy); - * - * Arguments: - * handle - Handle associated with the desired connection - * proxy - The hostport definition for the proxy. If NULL, - * The next connect will not use a proxy. - * - * Returns: - * 0 - Success - * -1 - An error occurred. Check http_get_lasterr(). - */ -int -http_set_proxy(http_handle_t handle, const url_hport_t *proxy) -{ - http_conn_t *c_id = handle; - - if (!http_check_conn(c_id)) - return (-1); - - if (proxy != NULL) { - c_id->proxy = *proxy; - c_id->proxied = B_TRUE; - } else { - CONN_PROXY_HOSTNAME[0] = '\0'; - c_id->proxied = B_FALSE; - } - - return (0); -} - -/* - * http_set_keepalive - Set keepalive for this connection. - * - * http_set_keepalive(handle, on_off); - * - * Arguments: - * handle - Handle associated with the desired connection - * on_off - Boolean turning keepalive on (TRUE) or off (FALSE) - * - * Returns: - * 0 - Success. - * -1 - An error occurred. Check http_get_lasterr(). - * - * This setting takes effect next time a connection is opened using this - * handle. - */ -int -http_set_keepalive(http_handle_t handle, boolean_t on_off) -{ - http_conn_t *c_id = handle; - - if (!http_check_conn(c_id)) - return (-1); - - c_id->keepalive = on_off; - return (0); -} - -/* - * http_set_socket_read_timeout - Set the timeout reads - * - * http_set_socket_read_timeout(handle, timeout); - * - * Arguments: - * handle - Handle associated with the desired connection - * timeout - Timeout, in seconds. Zero will default to 10 second - * timeouts. - * - * Returns: - * 0 - Success. - * -1 - An error occurred. Check http_get_lasterr(). - * - * This setting takes effect beginning with the next read operation on this - * connection. - */ -int -http_set_socket_read_timeout(http_handle_t handle, uint_t timout) -{ - http_conn_t *c_id = handle; - - if (!http_check_conn(c_id)) - return (-1); - - c_id->read_timeout = (timout) ? timout : DEFAULT_TIMEOUT; - return (0); -} - -/* - * http_set_basic_auth - Set the basic authorization user ID and password - * - * ret = http_set_basic_auth(handle, userid, password); - * - * Arguments: - * handle - Handle associated with the desired connection - * userid - ID to pass as part of http/https request - * password- Password which goes with the user ID - * - * Returns: - * 0 - Success - * -1 - An error occurred. Check http_get_lasterr(). - * - * This must be set before a https connection is made. - */ -int -http_set_basic_auth(http_handle_t handle, const char *userid, - const char *password) -{ - http_conn_t *c_id = handle; - - if (!http_check_conn(c_id)) - return (-1); - - if (password == NULL || userid == NULL || userid[0] == '\0') { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_BADARG); - return (-1); - } - - userid = strdup(userid); - password = strdup(password); - if (userid == NULL || password == NULL) { - free((void *)userid); - free((void *)password); - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (-1); - } - - free(c_id->basic_auth_userid); - c_id->basic_auth_userid = (char *)userid; - free(c_id->basic_auth_password); - c_id->basic_auth_password = (char *)password; - return (0); -} - -/* - * http_set_random_file - See the pseudo random number generator with file data - * - * ret = http_set_random_file(handle, filename); - * - * Arguments: - * handle - Handle associated with the desired connection - * filename - * - filename (including path) with random number seed. - * - * Returns: - * 0 - Success - * -1 - An error occurred. Check http_get_lasterr(). - * - * This must be set before a https connection is made. - */ -int -http_set_random_file(http_handle_t handle, const char *fname) -{ - http_conn_t *c_id = handle; - - if (!http_check_conn(c_id)) - return (-1); - - if (fname != NULL) { - fname = strdup(fname); - if (fname == NULL) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (-1); - } - } - - free(c_id->random_file); - c_id->random_file = (char *)fname; - return (0); -} - -/* - * http_set_certificate_authority_file - Set the CA file. - * - * ret = http_set_certificate_authority_file(filename); - * - * Arguments: - * filename- File with the certificate authority certs - * - * Returns: - * 0 - Success - * -1 - An error occurred. Check http_get_lasterr(). - * - * This must be set before https connections to the servers is done. - */ -int -http_set_certificate_authority_file(const char *fname) -{ - early_err = 0; - - if (fname != NULL) { - fname = strdup(fname); - if (fname == NULL) { - early_err = EHTTP_NOMEM; - return (-1); - } - } - - free(ca_verify_file); - ca_verify_file = (char *)fname; - return (0); -} - -/* - * http_set_client_certificate_file - Set the file containing the PKCS#12 - * client certificate and optionally its certificate chain. - * - * ret = http_set_client_certificate_file(handle, filename); - * - * Arguments: - * handle - Handle associated with the desired connection - * filename- File (including path) containing certificate, etc. - * - * Returns: - * 0 - Success - * -1 - An error occurred. Check http_get_lasterr(). - * - * This must be set before the handle is used to make a https connection - * which will require a client certificate. - */ -int -http_set_client_certificate_file(http_handle_t handle, const char *fname) -{ - http_conn_t *c_id = handle; - - if (!http_check_conn(c_id)) - return (-1); - - if (fname != NULL) { - fname = strdup(fname); - if (fname == NULL) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (-1); - } - } - - free(c_id->client_cert_file); - c_id->client_cert_file = (char *)fname; - return (0); -} - -/* - * http_set_password - Set the password for the private key or pkcs12 file. - * - * ret = http_set_password(handle, password); - * - * Arguments: - * handle - Handle associated with the desired connection - * password- Password for the client's private key file or pkcs12 file. - * - * Returns: - * 0 - Success - * -1 - An error occurred. Check http_get_lasterr(). - * - * This must be set before the handle is used to make a https connection. - */ -int -http_set_password(http_handle_t handle, const char *password) -{ - http_conn_t *c_id = handle; - - if (!http_check_conn(c_id)) - return (-1); - - if (password != NULL) { - password = strdup(password); - if (password == NULL) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (-1); - } - } - - free(c_id->file_password); - c_id->file_password = (char *)password; - return (0); -} - -/* - * http_set_key_file_password - Set the password for the private key - * file. - * - * ret = http_set_key_file_password(handle, password); - * - * Arguments: - * handle - Handle associated with the desired connection - * password- Password for the client's private key file. - * - * Returns: - * 0 - Success - * -1 - An error occurred. Check http_get_lasterr(). - * - * This must be set before the handle is used to make a https connection. - */ -int -http_set_key_file_password(http_handle_t handle, const char *password) -{ - return (http_set_password(handle, password)); -} - -/* - * http_set_private_key_file - Set the file containing the PKCS#12 - * private key for this client. - * - * ret = http_set_private_key_file(handle, filename); - * - * Arguments: - * handle - Handle associated with the desired connection - * filename- File (including path) containing the private key. - * - * Returns: - * 0 - Success - * -1 - An error occurred. Check http_get_lasterr(). - * - * This must be set before the handle is used to make a https connection. - */ -int -http_set_private_key_file(http_handle_t handle, const char *fname) -{ - http_conn_t *c_id = handle; - - if (!http_check_conn(c_id)) - return (-1); - - if (fname != NULL) { - fname = strdup(fname); - if (fname == NULL) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (-1); - } - } - - free(c_id->private_key_file); - c_id->private_key_file = (char *)fname; - return (0); -} - -/* - * http_srv_connect - Establish a connection to the server - * - * ret = http_srv_connect(handle); - * - * Arguments: - * handle - Handle associated with the desired connection - * - * Returns: - * 0 - Success - * -1 - An error occurred. Check http_get_lasterr() for specifics. - */ -int -http_srv_connect(http_handle_t handle) -{ - http_conn_t *c_id = handle; - SSL_CTX *ctx = NULL; - int retval; - - ERR_clear_error(); - if (!http_check_conn(c_id)) - return (-1); - - if (CONN_HTTPS) { - /* Build our SSL context (this function sets any errors) */ - ctx = initialize_ctx(c_id); - if (ctx == NULL) { - libbootlog(BOOTLOG_CRIT, - "http_srv_connect: initialize_ctx returned NULL"); - return (-1); - } - } - - /* Connect the TCP socket */ - if (c_id->proxied) { - c_id->fd = proxy_connect(c_id); - } else { - c_id->fd = tcp_connect(c_id, CONN_HOSTNAME, CONN_PORT); - } - - if (c_id->fd < 0) { - if (ctx != NULL) - SSL_CTX_free(ctx); - libbootlog(BOOTLOG_CRIT, "http_srv_connect: %s returned %d", - (c_id->proxied) ? "proxy_connect" : "tcp_connect", - c_id->fd); - return (-1); - } - - if (CONN_HTTPS) { - /* Connect the SSL socket */ - if ((c_id->ssl = SSL_new(ctx)) == NULL) { - ulong_t err; - while ((err = ERR_get_error()) != 0) - SET_ERR(c_id, ERRSRC_LIBSSL, err); - libbootlog(BOOTLOG_CRIT, - "http_srv_connect: SSL_new returned " - "NULL"); - (void) free_ctx_ssl(c_id); - return (-1); - } - if (verbosemode) - print_ciphers(c_id->ssl); - - /* Ensure automatic negotiations will do things right */ - SSL_set_connect_state(c_id->ssl); - - if (SSL_set_fd(c_id->ssl, c_id->fd) == 0) { - ulong_t err; - while ((err = ERR_get_error()) != 0) - SET_ERR(c_id, ERRSRC_LIBSSL, err); - libbootlog(BOOTLOG_CRIT, - "http_srv_connect: SSL_set_fd returned 0"); - (void) free_ctx_ssl(c_id); - return (-1); - } - - if ((retval = SSL_connect(c_id->ssl)) <= 0) { - handle_ssl_error(c_id, retval); - libbootlog(BOOTLOG_CRIT, - "http_srv_connect: SSL_connect"); - (void) free_ctx_ssl(c_id); - return (-1); - } - - if (check_cert_chain(c_id, CONN_HOSTNAME) != 0) { - (void) free_ctx_ssl(c_id); - return (-1); - } - - if (verbosemode) - print_ciphers(c_id->ssl); - } - - return (0); -} - -/* - * http_head_request - Issue http HEAD request - * - * ret = http_head_request(handle, abs_path); - * - * Arguments: - * handle - Handle associated with the desired connection - * abs_path- File name portion of the URI, beginning with a /. Query, - * segment, etc are allowed. - * - * Returns: - * 0 - Success - * -1 - An error occurred. Check http_get_lasterr(). - */ -int -http_head_request(http_handle_t handle, const char *abs_path) -{ - return (http_req(handle, abs_path, HTTP_REQ_TYPE_HEAD, 0, 0)); -} - -/* - * http_get_request - Issue http GET request without a range. - * - * ret = http_get_request(handle, abs_path); - * - * Arguments: - * handle - Handle associated with the desired connection - * abs_path- File name portion of the URI, beginning with a /. Query, - * segment, etc are allowed. - * - * Returns: - * 0 - Success - * -1 - An error occurred. Check http_get_lasterr(). - */ -int -http_get_request(http_handle_t handle, const char *abs_path) -{ - return (http_req(handle, abs_path, HTTP_REQ_TYPE_GET, -1, 0)); -} - -/* - * http_get_range_request - Issue http GET request using a range. - * - * ret = http_get_range_request(handle, abs_path, curpos, len); - * - * Arguments: - * handle - Handle associated with the desired connection - * abs_path- File name portion of the URI, beginning with a /. Query, - * segment, etc are allowed. - * curpos - >=0 - Beginning of range - * len - = 0 - Range ends at the end of the file - * > 0 - Length of range. - * - * Returns: - * 0 - Success - * -1 - An error occurred. Check http_get_lasterr(). - */ -int -http_get_range_request(http_handle_t handle, const char *abs_path, - offset_t curpos, offset_t len) -{ - http_conn_t *c_id = handle; - - if (!http_check_conn(c_id)) - return (-1); - - if (curpos < 0) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_BADARG); - return (-1); - } - - return (http_req(handle, abs_path, HTTP_REQ_TYPE_GET, curpos, len)); -} - -/* - * http_free_respinfo - Free a respinfo structure - * - * ret = http_free_respinfo(resp); - * - * Arguments: - * resp - respinfo structure presumably allocated by - * http_process_headers() or http_process_part_headers() - * - * Note that if resp is NULL, then this results in a NOOP. - * - */ -void -http_free_respinfo(http_respinfo_t *resp) -{ - if (resp == NULL) { - return; - } - - if (resp->statusmsg != NULL) { - free(resp->statusmsg); - } - free(resp); -} - -/* - * http_process_headers - Read in the header lines from the response - * - * ret = http_process_headers(handle, resp); - * - * Arguments: - * handle - Handle associated with the connection where the request - * was made. - * resp - Summary information about the response. - * - * Returns: - * 0 - Success - * < 0 - An error occurred. Specifics of the error can - * be gotten using http_get_lasterr(). - * - * Process the HTTP headers in the response. Check for a valid response - * status line. Allocate and return response information via the 'resp' - * argument. Header lines are stored locally, are are returned using calls - * to http_get_response_header() and http_get_header_value(). - * - * Note that the errors will be set in the http_conn_t struct before the - * function which detected the error returns. - * - * Note that if resp is non-NULL, then upon a successful return, information - * about the status line, the code in the status line and the number of - * header lines are returned in the http_respinfo_t structure. The caller is - * responsible for freeing the resources allocated to this structure via - * http_free_respinfo(). - * - * Note that the counters used to read message bodies are initialized here. - * - * Calling this function replaces the header information which is - * queried using http_get_response_header() and http_get_header_value(). - * Once this function is called, headers read by the previous call - * to http_process_headers() or http_process_part_headers() is lost. - */ -int -http_process_headers(http_handle_t handle, http_respinfo_t **resp) -{ - http_conn_t *c_id = handle; - http_respinfo_t *lresp; - char line[MAXHOSTNAMELEN]; - char *ptr; - int i; - - ERR_clear_error(); - if (!http_check_conn(c_id)) - return (-1); - - if (resp != NULL) { - if ((lresp = malloc(sizeof (http_respinfo_t))) == NULL) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (-1); - } - - bzero(lresp, sizeof (http_respinfo_t)); - } - - /* - * check the response status line, expecting - * HTTP/1.1 200 OK - */ - i = getaline(c_id, line, sizeof (line), B_FALSE); - if (i == 0) { - if (resp != NULL) { - *resp = lresp; - } - return (0); - } - - if (i < 0) { - /* - * Cause of I/O error was already put into - * error stack. This is an additional error. - */ - http_free_respinfo(lresp); - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NODATA); - return (-1); - } - - free_response(c_id, B_TRUE); - - if (verbosemode) - libbootlog(BOOTLOG_VERBOSE, "http_process_headers: %s", line); - - ptr = line; - if (strncmp(ptr, "HTTP/1.1", 8) != 0) { - http_free_respinfo(lresp); - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOT_1_1); - return (-1); - } - - /* skip to the code */ - ptr += 8; - while (isspace(*ptr)) - ptr++; - - /* make sure it's three digits */ - i = 0; - while (isdigit(ptr[i])) - i++; - if (i != 3) { - http_free_respinfo(lresp); - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_BADHDR); - return (-1); - } - c_id->resp.code = strtol(ptr, NULL, 10); - - /* skip to the message */ - ptr += 3; - while (isspace(*ptr)) - ptr++; - - /* save the message */ - c_id->resp.statusmsg = malloc(strlen(ptr) + 1); - if (c_id->resp.statusmsg == NULL) { - http_free_respinfo(lresp); - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (-1); - } - (void) strcpy(c_id->resp.statusmsg, ptr); - - if ((i = read_headerlines(c_id, B_FALSE)) < 0) { - /* - * Error stack was already set at a lower level. - * 'statusmsg' will be cleaned up next time - * headers are read. - */ - http_free_respinfo(lresp); - return (-1); - } - - /* - * See if there is a 'content-type: multipart/mixed' line in the - * headers. If so, get the boundary string. - */ - ptr = http_get_header_value(handle, "Content-Type"); - if (ptr != NULL) { - char *ptr2; - - ptr2 = ptr; - while (isspace(*ptr2)) - ptr2 ++; - if (startswith((const char **)&ptr2, "Multipart/Mixed;")) { - while (isspace(*ptr2)) - ptr2 ++; - if (startswith((const char **)&ptr2, "Boundary=")) { - if (ptr2[0] == '"') { - ptr2 ++; - if (ptr2[strlen(ptr2) - 1] == '"') - ptr2[strlen(ptr2) - 1] = '\0'; - } - c_id->boundary = strdup(ptr2); - if (c_id->boundary == NULL) { - free(ptr); - http_free_respinfo(lresp); - SET_ERR(c_id, ERRSRC_LIBHTTP, - EHTTP_NOMEM); - return (-1); - } - c_id->boundary_len = strlen(c_id->boundary); - c_id->is_multipart = B_TRUE; - c_id->is_firstpart = B_TRUE; - } - } - free(ptr); - } - - /* - * Initialize the counters used to process message bodies. - */ - if (init_bread(c_id) != 0) { - /* - * Error stack was already set at a lower level. - */ - http_free_respinfo(lresp); - return (-1); - } - - /* Copy fields to the caller's structure */ - if (resp != NULL) { - lresp->code = c_id->resp.code; - lresp->nresphdrs = c_id->resp.nresphdrs; - lresp->statusmsg = strdup(c_id->resp.statusmsg); - if (lresp->statusmsg == NULL) { - http_free_respinfo(lresp); - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (-1); - } - *resp = lresp; - } - - return (0); -} - -/* - * http_process_part_headers - Read in part boundary and header lines for the - * next part of a multipart message. - * - * ret = http_process_part_headers(handle, resp); - * - * Arguments: - * handle - Handle associated with the connection where the request - * was made. - * resp - Return address for summary information about the - * header block. - * - * Returns: - * = 1 - The end part was found. - * = 0 - Success, with header info returned in 'resp' - * = -1 - An error occurred. Specifics of the error can - * be gotten using http_get_lasterr(). - * - * This function reads any \r\n sequences (empty lines) and expects to get - * a boundary line as the next non-empty line. It then reads header lines - * (content-length, etc) until it gets another empty lines, which ends the - * header section. - * - * Note that if resp is non-NULL, then upon a successful return, information - * about the the number of header lines is returned in the http_respinfo_t - * structure. The caller is responsible for freeing the resources allocated - * to this structure via http_free_respinfo(). - * - * Headers values can be returned using http_get_response_header() and - * http_get_header_value(). - * - * Calling this function replaces the header information which is - * queried using http_get_response_header() and http_get_header_value(). - * Once this function is called, information returned by the previous call - * to http_process_headers() or http_process_part_headers() is gone. - */ -int -http_process_part_headers(http_handle_t handle, http_respinfo_t **resp) -{ - http_conn_t *c_id = handle; - char line[MAXHOSTNAMELEN]; - int count; - int limit; - int i; - - ERR_clear_error(); - if (!http_check_conn(c_id)) - return (-1); - - if (c_id->is_multipart == 0) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOTMULTI); - return (-1); - } - - /* - * Figure out how many empty lines to allow. Before the first - * boundary of the transmission, there can be any number of - * empty lines (from 0 up). Limit these to some reasonable - * failsafe. - * - * For the 2nd and later boundaries, there is supposed to be - * one crlf pair. However, many implementations don't require - * it. So don't require it. - */ - if (c_id->is_firstpart) { - limit = FAILSAFE; - c_id->is_firstpart = B_FALSE; - } else - limit = 1; - - /* Look for the boundary line. */ - count = 0; - while ((i = getaline(c_id, line, sizeof (line), B_TRUE)) == 0 && - count < FAILSAFE) - count ++; - if (i < 0 || count > limit) { - /* - * If I/O error, cause was already put into - * error stack. This is an additional error. - */ - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOBOUNDARY); - return (-1); - } - - free_response(c_id, B_FALSE); - - if (verbosemode) - libbootlog(BOOTLOG_VERBOSE, - "http_process_part_headers: %s", line); - - /* Look for boundary line - '--<boundary text> */ - if (line[0] != '-' || line[1] != '-' || - strncmp(&line[2], c_id->boundary, c_id->boundary_len) != 0) { - /* No boundary line.... */ - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOBOUNDARY); - return (-1); - } - - /* Is this the end-of-parts boundary (ends with a trailing '--') */ - if (strcmp(&line[c_id->boundary_len + 2], "--") == 0) { - return (1); - } - - free_response(c_id, B_FALSE); - if (read_headerlines(c_id, B_TRUE) < 0) { - /* Error stack was already set at a lower level. */ - return (-1); - } - - /* Copy fields to the caller's structure */ - if (resp != NULL) { - if ((*resp = malloc(sizeof (http_respinfo_t))) == NULL) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (-1); - } - bzero(*resp, sizeof (http_respinfo_t)); - (*resp)->code = ' '; - (*resp)->nresphdrs = c_id->resp.nresphdrs; - } - - return (0); -} - -/* - * http_get_response_header - Get a line from the response header - * - * ret = http_get_response_header(handle, whichline); - * - * Arguments: - * handle - Handle associated with the desired connection - * whichline - Which line of the header to return. This must be between - * zero and resp.nresphdrs which was returned by the call to - * http_process_headers(). - * - * Returns: - * ptr - Points to a copy of the header line. - * NULL - An error occurred. Check http_get_lasterr(). - */ -char * -http_get_response_header(http_handle_t handle, uint_t which) -{ - http_conn_t *c_id = handle; - char *res; - - if (!http_check_conn(c_id)) - return (NULL); - - if (which >= c_id->resp.nresphdrs) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_OORANGE); - return (NULL); - } - - res = strdup(c_id->resphdr[which]); - if (res == NULL) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (NULL); - } - return (res); -} - -/* - * http_get_header_value - Get the value of a header line. - * - * ret = http_get_header_value(handle, what); - * - * Arguments: - * handle - Handle associated with the desired connection - * what - The field name to look up. - * - * Returns: - * ptr - Points to a copy of the header value. - * NULL - An error occurred. Check http_get_lasterr(). - */ -char * -http_get_header_value(http_handle_t handle, const char *field_name) -{ - http_conn_t *c_id = handle; - char *ptr; - char *res; - int i; - int n; - - if (!http_check_conn(c_id)) - return (NULL); - - if (field_name == NULL || field_name[0] == '\0') { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_BADARG); - return (NULL); - } - - for (i = 0; i < c_id->resp.nresphdrs; i++) { - ptr = c_id->resphdr[i]; - n = strlen(field_name); - if (strncasecmp(field_name, ptr, n) == 0 && ptr[n] == ':') { - ptr += n + 1; - - while (isspace(*ptr)) - ptr++; - - res = strdup(ptr); - if (res == NULL) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (NULL); - } - return (res); - } - } - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMATCH); - return (NULL); -} - -/* - * http_read_body - Read the HTTP response body. - * - * ret = http_read_body(handle, recv_buf_ptr, recv_buf_size); - * - * Arguments: - * handle - Handle associated with the relevant connection - * recv_buf_ptr - Points to buffer to receive buffer - * recv_buf_size - Length in bytes of buffer. - * - * Returns: - * n - Number of bytes read.. - * < 0 - An error occurred. This is (the number of bytes gotten + 1), - * negated. In other words, if 'n' bytes were read and then an - * error occurred, this will return (-(n+1)). So zero bytes - * were read and then an error occurs, this will return -1. If - * 1 byte was read, it will return -2, etc. Specifics of the - * error can be gotten using http_get_lasterr(). - * - * Note that the errors will be set in the http_conn_t struct before the - * function which detected the error returns. - */ -int -http_read_body(http_handle_t handle, char *recv_buf_ptr, size_t recv_buf_size) -{ - http_conn_t *c_id = handle; - - ERR_clear_error(); - if (!http_check_conn(c_id)) - return (-1); - - if (recv_buf_ptr == NULL || recv_buf_size == 0) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_BADARG); - return (-1); - } - - return (getbytes(c_id, recv_buf_ptr, recv_buf_size)); -} - -/* - * http_srv_disconnect - Get rid of the connection to the server without - * freeing the http_conn_t structure. - * - * ret = http_srv_disconnect(handle); - * - * Arguments: - * handle - Handle associated with the connection - * - * Returns: - * 0 - Success - * -1 - An error occurred. Specifics of the error can - * be gotten using http_get_lasterr(). - */ -int -http_srv_disconnect(http_handle_t handle) -{ - http_conn_t *c_id = handle; - int err_ret; - - ERR_clear_error(); - if (!http_check_conn(c_id)) - return (-1); - - err_ret = free_ctx_ssl(c_id); - bzero(&c_id->inbuf, sizeof (c_id->inbuf)); - free_response(c_id, B_TRUE); - - return (err_ret); -} - -/* - * http_srv_close - Close the connection and clean up the http_conn_t - * structure. - * - * http_srv_close(handle); - * - * Arguments: - * handle - Handle associated with the desired connection - * - * Returns: - * 0 - Success - * -1 - An error occurred. Specifics of the error can - * be gotten using http_get_lasterr(). - */ -int -http_srv_close(http_handle_t handle) -{ - http_conn_t *c_id = handle; - int err_ret = 0; - - if (!http_check_conn(c_id)) - return (-1); - - if (c_id->ctx != NULL || c_id->ssl != NULL || c_id->fd != -1) - err_ret = http_srv_disconnect(handle); - - free(c_id->basic_auth_userid); - free(c_id->basic_auth_password); - free(c_id->resp.statusmsg); - free(c_id->client_cert_file); - free(c_id->private_key_file); - free(c_id->random_file); - free(c_id->file_password); - c_id->signature = 0; - - free(c_id); - return (err_ret); -} - -/* - * http_get_conn_info - Return current information about the connection - * - * err = http_get_conn_info(handle); - * - * Arguments: - * handle - Handle associated with the connection in question - * - * Returns: - * non_NULL- Points to structure - * NULL - An error exists. Check http_get_lasterr(). - */ -http_conninfo_t * -http_get_conn_info(http_handle_t handle) -{ - http_conn_t *c_id = handle; - http_conninfo_t *info; - - if (!http_check_conn(c_id)) - return (NULL); - - info = malloc(sizeof (*info)); - if (info == NULL) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (NULL); - } - - bzero(info, sizeof (*info)); - - info->uri = c_id->uri; - info->proxy = c_id->proxy; - info->keepalive = c_id->keepalive; - info->read_timeout = c_id->read_timeout; - - return (info); -} - -/* - * http_get_lasterr - Return the next error on the last operation - * - * err = http_get_lasterr(handle, errsrc); - * - * Arguments: - * handle - Handle associated with the connection in question - * If no valid handle exists yet, this can be NULL. - * However, it must be checked with the very next call. - * errsrc - Returns the Sources of errors (ERRSRC_* values). - * - * Returns: - * 0 - No error exists - * <> 0 - The error. - */ -ulong_t -http_get_lasterr(http_handle_t handle, uint_t *errsrc) -{ - http_conn_t *c_id = handle; - ulong_t src; - ulong_t err; - - if (c_id == NULL || c_id->signature != HTTP_CONN_INFO) { - if (errsrc) - *errsrc = ERRSRC_LIBHTTP; - err = early_err; - early_err = 0; - return (err); - } - - GET_ERR(c_id, src, err); - if (src == 0 && err == 0) { - if (errsrc) - *errsrc = ERRSRC_LIBHTTP; - err = early_err; - early_err = 0; - return (err); - } - if (errsrc) - *errsrc = src; - return (err); -} - -/* - * http_decode_err - Decode a libssl error - * - * err = http_decode_err(err, errlib, errfunc, errcode); - * - * Arguments: - * err - libssl/libcrypto error returned. - * errlib - returns libssl/libcrypto sublibrary that caused the error - * errfunc - returns function in that library - * errcode - returns error code - * - * Returns: - * None other than the above. - */ -void -http_decode_err(ulong_t err, int *errlib, int *errfunc, int *errcode) -{ - if (errlib) - *errlib = ERR_GET_LIB(err); - if (errfunc) - *errfunc = ERR_GET_FUNC(err); - if (errcode) - *errcode = ERR_GET_REASON(err); -} - -/* ---------------------- private functions ----------------------- */ - -/* - * http_req - Issue http request (either HEAD or GET) - * - * ret = http_req(handle, abs_path, reqtype, curpos, len); - * - * Arguments: - * handle - Handle associated with the desired connection - * abs_path- File name portion of the URI, beginning with a /. Query, - * segment, etc are allowed. - * type - HTTP_REQ_TYPE_HEAD or HTTP_REQ_TYPE_GET - * - * In the case of GET requests, - * curpos- -1 - Range not used - * >=0 - Beginning of range - * len - 0 - Range ends at the end of the file - * >0 - Length of range. - * - * Returns: - * 0 - Success - * -1 - An error occurred. Check http_get_lasterr(). - */ -static int -http_req(http_handle_t handle, const char *abs_path, http_req_t type, - offset_t curpos, offset_t len) -{ - http_conn_t *c_id = handle; - char *request; - char *reqtypename; - char *newreq; - int requestlen; - int retval; - int j; - - ERR_clear_error(); - if (!http_check_conn(c_id)) - return (-1); - - if (abs_path == NULL || abs_path[0] == '\0') { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_BADARG); - return (-1); - } - - /* Determine the name for the request type */ - switch (type) { - case HTTP_REQ_TYPE_GET: - reqtypename = "GET"; - if (curpos < 0 && curpos != -1) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_BADARG); - return (-1); - } - break; - - case HTTP_REQ_TYPE_HEAD: - reqtypename = "HEAD"; - break; - - default: - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_BADARG); - return (-1); - } - - /* Do rudimentary checks on the absolute path */ - if (abs_path == NULL || *abs_path != '/') { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_BADARG); - libbootlog(BOOTLOG_CRIT, "http_req: invalid file path"); - if (abs_path != NULL) - libbootlog(BOOTLOG_CRIT, " %s", abs_path); - return (-1); - } - (void) strlcpy(CONN_ABSPATH, abs_path, MAXHOSTNAMELEN); - - /* - * Size the request. - * - * With proxy: - * reqtypename + " http://" + host + ":" + port + path + - * " HTTP/1.1\r\n" + - * Without proxy: - * reqtypename + " " + path + " HTTP/1.1\r\n" + - */ - requestlen = strlen(reqtypename) + 8 + strlen(CONN_HOSTNAME) + 1 + - count_digits(CONN_PORT) + strlen(CONN_ABSPATH) + 11; - - /* - * Plus the rest: - * "Host: " + targethost + ":" + count_digits(port) + "\r\n" + - * "Connection: Keep-Alive\r\n" plus trailing "\r\n\0" - */ - requestlen += 6 + strlen(CONN_HOSTNAME) + 1 + - count_digits(CONN_PORT) + 2 + 24 + 3; - if ((request = malloc(requestlen)) == NULL) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (-1); - } - - /* The request line */ - if (c_id->proxied && c_id->ssl == NULL) { - j = snprintf(request, requestlen, - "%s http://%s:%d%s HTTP/1.1\r\n", - reqtypename, CONN_HOSTNAME, CONN_PORT, - CONN_ABSPATH); - } else { - j = snprintf(request, requestlen, "%s %s HTTP/1.1\r\n", - reqtypename, CONN_ABSPATH); - } - - /* Ancillary headers */ - j += snprintf(&request[j], requestlen - j, "Host: %s:%d\r\n", - CONN_HOSTNAME, CONN_PORT); - if (!c_id->keepalive) - j += snprintf(&request[j], requestlen - j, - "Connection: close\r\n"); - else - j += snprintf(&request[j], requestlen - j, - "Connection: Keep-Alive\r\n"); - /* - * We only send the range header on GET requests - * - * "Range: bytes=" + from + "-" + end + "\r\n" or - * "Range: bytes=" + from + "-" "\r\n" - */ - if (type == HTTP_REQ_TYPE_GET && curpos >= 0) { - offset_t endpos; - - requestlen += 13 + count_digits(curpos) + 1 + 2; - if (len > 0) { - endpos = curpos + len - 1; - requestlen += count_digits(endpos); - } - - if ((newreq = realloc(request, requestlen)) == NULL) { - free(request); - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (-1); - } - request = newreq; - - j += sprintf(&request[j], "Range: bytes=%lld-", curpos); - if (len > 0) - j += sprintf(&request[j], "%lld", endpos); - j += sprintf(&request[j], "\r\n"); - } - - /* - * Authorization is added only if provided (RFC 2617, Section 2) - * - * "Authorization: Basic " + authencstr + "\r\n" - */ - if (c_id->basic_auth_userid && c_id->basic_auth_password) { - char *authstr; - char *authencstr; - int authlen; - - /* - * Allow for concat(basic_auth_userid ":" basic_auth_password) - */ - authlen = strlen(c_id->basic_auth_userid) + 2 + - strlen(c_id->basic_auth_password); - if ((authstr = malloc(authlen + 1)) == NULL) { - free(request); - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (-1); - } - (void) snprintf(authstr, authlen + 1, "%s:%s", - c_id->basic_auth_userid, c_id->basic_auth_password); - - /* 3 bytes encoded as 4 (round up) with null termination */ - if ((authencstr = malloc((authlen + 2) / 3 * 4 + 1)) == NULL) { - free(authstr); - free(request); - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (-1); - } - - (void) EVP_EncodeBlock((unsigned char *)authencstr, - (unsigned char *)authstr, authlen); - - /* - * Finally do concat(Authorization: Basic " authencstr "\r\n") - */ - requestlen += 21 + strlen(authencstr) + 2; - if ((newreq = realloc(request, requestlen)) == NULL) { - free(authencstr); - free(authstr); - free(request); - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (-1); - } - request = newreq; - - j += snprintf(&request[j], requestlen - j, - "Authorization: Basic %s\r\n", authencstr); - - free(authencstr); - free(authstr); - } - - j += sprintf(&request[j], "\r\n"); - - if (verbosemode) - libbootlog(BOOTLOG_VERBOSE, "%s", request); - - /* send the HTTP request */ - retval = http_srv_send(c_id, request, j); - - free(request); - if (retval != j) { - /* Assume error in was set by send request. */ - return (-1); - } - - return (0); -} - -/* - * password_cb - Callback to get private key password and return it - * to SSL. (Used for PEM certificates only.) - * - * len = passwd_cb(buf, buflen, rwflag, userdata); - * - * Arguments: - * buf - Buffer for the password - * buflen - Length of 'buf' - * rwflag - password will be used for reading/decryption (== 0) - * or writing/encryption (== 1). - * userdata - Points to connection-specific information. - * - * Returns: - * > 0 - Length of password that was put into 'buf'. - * 0 - No password was returned (usually error occurred) - * - * NOTE: The password code is not thread safe - */ -/* ARGSUSED */ -static int -password_cb(char *buf, int buflen, int rwflag, void *userdata) -{ - http_conn_t *c_id = userdata; - - if (c_id == NULL || c_id->signature != HTTP_CONN_INFO) - return (0); - - if (c_id->file_password == NULL || - buflen < strlen(c_id->file_password) + 1) - return (0); - - return (strlcpy(buf, c_id->file_password, buflen)); -} - -/* - * initialize_ctx - Initialize the context for a connection. - * - * ctx = initialize_ctx(c_id); - * - * Arguments: - * None. - * - * Returns: - * non-NULL - Points to ctx structure. - * NULL - An error occurred. Any cleanup is done and error - * information is in the error stack. - */ -static SSL_CTX * -initialize_ctx(http_conn_t *c_id) -{ -#if OPENSSL_VERSION_NUMBER < 0x10000000L - SSL_METHOD *meth; -#else - const SSL_METHOD *meth; -#endif - SSL_CTX *ctx; - - ERR_clear_error(); - - /* Global system initialization */ - if (ssl_init == 0) { - sunw_crypto_init(); - SSL_load_error_strings(); - ssl_init = 1; - } - - /* Create our context */ - meth = SSLv3_client_method(); - if ((ctx = SSL_CTX_new(meth)) == NULL) { - ulong_t err; - while ((err = ERR_get_error()) != 0) - SET_ERR(c_id, ERRSRC_LIBSSL, err); - libbootlog(BOOTLOG_CRIT, - "initialize_ctx: SSL_CTX_new returned NULL"); - return (NULL); - } - - /* - * Ensure that any renegotiations for blocking connections will - * be done automatically. (The alternative is to return partial - * reads to the caller and let it oversee the renegotiations.) - */ - if (SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY) == 0) { - ulong_t err; - while ((err = ERR_get_error()) != 0) - SET_ERR(c_id, ERRSRC_LIBSSL, err); - libbootlog(BOOTLOG_CRIT, - "initialize_ctx: SSL_CTX_set_mode returned 0"); - (void) SSL_CTX_free(ctx); - return (NULL); - } - - /* set cipher list if provided */ - if (cipher_list != NULL) { - if (!SSL_CTX_set_cipher_list(ctx, cipher_list)) { - ulong_t err; - while ((err = ERR_get_error()) != 0) - SET_ERR(c_id, ERRSRC_LIBSSL, err); - libbootlog(BOOTLOG_CRIT, - "initialize_ctx: Error in cipher list"); - SSL_CTX_free(ctx); - return (NULL); - } - } - - /* - * We attempt to use the client_certificate_file for the private - * key input scheme *only* in the absence of private_key_file. In - * this instance the scheme will be the same as that used for the - * certificate input. - */ - - /* Load our certificates */ - if (c_id->client_cert_file != NULL) { - if (p12_format) { - /* Load pkcs12-formated files */ - if (sunw_p12_use_certfile(ctx, c_id->client_cert_file, - c_id->file_password) - <= 0) { - ulong_t err; - while ((err = ERR_get_error()) != 0) - SET_ERR(c_id, ERRSRC_LIBSSL, err); - libbootlog(BOOTLOG_CRIT, - "initialize_ctx: Couldn't read " - "PKCS12 certificate file"); - SSL_CTX_free(ctx); - return (NULL); - } - } else { - /* Load PEM-formated files */ - if (SSL_CTX_use_certificate_file(ctx, - c_id->client_cert_file, SSL_FILETYPE_PEM) <= 0) { - ulong_t err; - while ((err = ERR_get_error()) != 0) - SET_ERR(c_id, ERRSRC_LIBSSL, err); - libbootlog(BOOTLOG_CRIT, - "initialize_ctx: Couldn't read " - "PEM certificate file"); - SSL_CTX_free(ctx); - return (NULL); - } - } - if (c_id->private_key_file == NULL) - c_id->private_key_file = c_id->client_cert_file; - } - - /* Load our keys */ - if (p12_format) { - /* Load pkcs12-formated files */ - if (c_id->private_key_file != NULL) { - if (sunw_p12_use_keyfile(ctx, c_id->private_key_file, - c_id->file_password) - <= 0) { - ulong_t err; - while ((err = ERR_get_error()) != 0) - SET_ERR(c_id, ERRSRC_LIBSSL, err); - libbootlog(BOOTLOG_CRIT, - "initialize_ctx: Couldn't read " - "PKCS12 key file"); - SSL_CTX_free(ctx); - return (NULL); - } - } - } else { - /* Load PEM-formated files */ - SSL_CTX_set_default_passwd_cb(ctx, password_cb); - SSL_CTX_set_default_passwd_cb_userdata(ctx, c_id); - if (c_id->private_key_file != NULL) { - if (SSL_CTX_use_PrivateKey_file(ctx, - c_id->private_key_file, SSL_FILETYPE_PEM) <= 0) { - ulong_t err; - while ((err = ERR_get_error()) != 0) - SET_ERR(c_id, ERRSRC_LIBSSL, err); - libbootlog(BOOTLOG_CRIT, - "initialize_ctx: Couldn't read " - "PEM key file"); - SSL_CTX_free(ctx); - return (NULL); - } - } - } - - /* Load the CAs we trust */ - if (ca_verify_file != NULL) { - if (p12_format) { - if (sunw_p12_use_trustfile(ctx, ca_verify_file, - c_id->file_password) - <= 0) { - ulong_t err; - while ((err = ERR_get_error()) != 0) - SET_ERR(c_id, ERRSRC_LIBSSL, err); - libbootlog(BOOTLOG_CRIT, - "initialize_ctx: Couldn't read " - "PKCS12 CA list file"); - SSL_CTX_free(ctx); - return (NULL); - } - } else { - if (SSL_CTX_load_verify_locations(ctx, ca_verify_file, - NULL) == 0) { - ulong_t err; - while ((err = ERR_get_error()) != 0) - SET_ERR(c_id, ERRSRC_LIBSSL, err); - libbootlog(BOOTLOG_CRIT, - "initialize_ctx: Couldn't read PEM" - " CA list file"); - SSL_CTX_free(ctx); - return (NULL); - } - } - } - - SSL_CTX_set_verify_depth(ctx, verify_depth); - - /* Load randomness */ - if (c_id->random_file != NULL && - RAND_load_file(c_id->random_file, 1024 * 1024) <= 0) { - ulong_t err; - while ((err = ERR_get_error()) != 0) - SET_ERR(c_id, ERRSRC_LIBSSL, err); - libbootlog(BOOTLOG_CRIT, - "initialize_ctx: Couldn't load random file"); - SSL_CTX_free(ctx); - return (NULL); - } - if (RAND_status() <= 0) { - ulong_t err; - while ((err = ERR_get_error()) != 0) - SET_ERR(c_id, ERRSRC_LIBSSL, err); - libbootlog(BOOTLOG_CRIT, - "initialize_ctx: PRNG not seeded"); - SSL_CTX_free(ctx); - return (NULL); - } - - return (ctx); -} - -/* - * tcp_connect - Set up a TCP connection. - * - * sock = tcp_connect(c_id, hostname, port); - * - * Arguments: - * c_id - Structure associated with the desired connection - * hostname - the host to connect to - * port - the port to connect to - * - * Returns: - * >= 0 - Socket number. - * -1 - Error occurred. Error information is set in the - * error stack. Any cleanup is done. - * - * This function established a connection to the target host. When - * it returns, the connection is ready for a HEAD or GET request. - */ -static int -tcp_connect(http_conn_t *c_id, const char *hostname, uint16_t port) -{ - struct hostent *hp; - struct sockaddr_in addr; - int sock; - int status; - - if ((hp = gethostbyname(hostname)) == NULL) { - SET_ERR(c_id, ERRSRC_RESOLVE, h_errno); - return (-1); - } - - bzero(&addr, sizeof (addr)); - /* LINTED */ - addr.sin_addr = *(struct in_addr *)hp->h_addr; - addr.sin_family = AF_INET; - addr.sin_port = htons(port); - - if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { - SET_ERR(c_id, ERRSRC_SYSTEM, errno); - return (-1); - } - - status = connect(sock, (struct sockaddr *)&addr, sizeof (addr)); - if (status < 0) { - SET_ERR(c_id, ERRSRC_SYSTEM, errno); - (void) socket_close(sock); - return (-1); - } - - c_id->host_addr = addr; /* save for future sendto calls */ - c_id->fd = sock; - - return (sock); -} - -/* - * readline - Get a line from the socket. Discard the end-of-line - * (CR or CR/LF or LF). - * - * ret = readline(c_id, sock, buf, len); - * - * Arguments: - * c_id - Structure associated with the desired connection - * sock - Socket to read - * buf - Buffer for the line - * len - Length of the buffer - * - * Returns: - * 0 - Success. 'buf' contains the line. - * -1 - Error occurred. Error information is set in the - * error stack. - */ -static int -readline(http_conn_t *c_id, int sock, char *buf, int len) -{ - int n, r; - char *ptr = buf; - - for (n = 0; n < len; n++) { - r = socket_read(sock, ptr, 1, c_id->read_timeout); - - if (r < 0) { - SET_ERR(c_id, ERRSRC_SYSTEM, errno); - return (-1); - } else if (r == 0) { - libbootlog(BOOTLOG_WARNING, "Readline: no data"); - return (0); - } - - if (*ptr == '\n') { - *ptr = '\0'; - - /* Strip off the CR if it's there */ - if (buf[n-1] == '\r') { - buf[n-1] = '\0'; - n--; - } - - return (n); - } - - ptr++; - } - - libbootlog(BOOTLOG_WARNING, "readline: Buffer too short\n"); - return (0); -} - -/* - * proxy_connect - Set up a proxied TCP connection to the target host. - * - * sock = proxy_connect(c_id); - * - * Arguments: - * c_id - Structure associated with the desired connection - * - * Returns: - * >= 0 - Socket number. - * -1 - Error occurred. Error information is set in the - * error stack. Any cleanup is done. - * - * This function established a connection to the proxy and then sends - * the request to connect to the target host. It reads the response - * (the status line and any headers). When it returns, the connection - * is ready for a HEAD or GET request. - */ -static int -proxy_connect(http_conn_t *c_id) -{ - struct sockaddr_in addr; - int sock; - char buf[1024]; - char *ptr; - int i; - - if ((sock = tcp_connect(c_id, CONN_PROXY_HOSTNAME, - CONN_PROXY_PORT)) < 0) { - return (-1); - } - - if (!CONN_HTTPS) { - return (sock); - } - - /* Now that we're connected, do the proxy request */ - (void) snprintf(buf, sizeof (buf), - "CONNECT %s:%d HTTP/1.0\r\n\r\n", CONN_HOSTNAME, CONN_PORT); - - /* socket_write sets the errors */ - if (socket_write(sock, buf, strlen(buf), &addr) <= 0) { - SET_ERR(c_id, ERRSRC_SYSTEM, errno); - (void) socket_close(sock); - return (-1); - } - - /* And read the response */ - i = readline(c_id, sock, buf, sizeof (buf)); - if (i <= 0) { - if (i == 0) - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NORESP); - libbootlog(BOOTLOG_CRIT, - "proxy_connect: Empty response from proxy"); - (void) socket_close(sock); - return (-1); - } - - ptr = buf; - if (strncmp(ptr, "HTTP", 4) != 0) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOT_1_1); - libbootlog(BOOTLOG_CRIT, - "proxy_connect: Unrecognized protocol"); - (void) socket_close(sock); - return (-1); - } - - /* skip to the code */ - ptr += 4; - while (*ptr != ' ' && *ptr != '\0') - ptr++; - while (*ptr == ' ' && *ptr != '\0') - ptr++; - - /* make sure it's three digits */ - if (strncmp(ptr, "200", 3) != 0) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_BADRESP); - libbootlog(BOOTLOG_CRIT, - "proxy_connect: Received error from proxy server"); - (void) socket_close(sock); - return (-1); - } - ptr += 3; - if (isdigit(*ptr)) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_BADRESP); - (void) socket_close(sock); - return (-1); - } - - /* Look for the blank line that signals end of proxy header */ - while ((i = readline(c_id, sock, buf, sizeof (buf))) > 0) - ; - - if (i < 0) { - (void) socket_close(sock); - return (-1); - } - - return (sock); -} - -/* - * check_cert_chain - Check if we have a valid certificate chain. - * - * ret = check_cert_chain(c_id, host); - * - * Arguments: - * c_id - Connection info. - * host - Name to compare with the common name in the certificate. - * - * Returns: - * 0 - Certificate chain and common name are both OK. - * -1 - Certificate chain and/or common name is not valid. - */ -static int -check_cert_chain(http_conn_t *c_id, char *host) -{ - X509 *peer; - char peer_CN[256]; - long verify_err; - - if ((verify_err = SSL_get_verify_result(c_id->ssl)) != X509_V_OK) { - SET_ERR(c_id, ERRSRC_VERIFERR, verify_err); - libbootlog(BOOTLOG_CRIT, - "check_cert_chain: Certificate doesn't verify"); - return (-1); - } - - /* - * Check the cert chain. The chain length - * is automatically checked by OpenSSL when we - * set the verify depth in the ctx - * - * All we need to do here is check that the CN - * matches - */ - - /* Check the common name */ - if ((peer = SSL_get_peer_certificate(c_id->ssl)) == NULL) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOCERT); - libbootlog(BOOTLOG_CRIT, - "check_cert_chain: Peer did not present a certificate"); - return (-1); - } - (void) X509_NAME_get_text_by_NID(X509_get_subject_name(peer), - NID_commonName, peer_CN, 256); - - if (verbosemode) - libbootlog(BOOTLOG_VERBOSE, - "server cert's peer_CN is %s, host is %s", peer_CN, host); - - if (strcasecmp(peer_CN, host)) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMATCH); - libbootlog(BOOTLOG_CRIT, - "check_cert_chain: Common name doesn't match host name"); - libbootlog(BOOTLOG_CRIT, - "peer_CN = %s, host = %s", peer_CN, host); - return (-1); - } - - return (0); -} - -/* - * print_ciphers - Print the list of ciphers for debugging. - * - * print_ciphers(ssl); - * - * Arguments: - * ssl - SSL connection. - * - * Returns: - * none - */ -static void -print_ciphers(SSL *ssl) -{ - SSL_CIPHER *c; - STACK_OF(SSL_CIPHER) *sk; - int i; - const char *name; - - if (ssl == NULL) - return; - - sk = SSL_get_ciphers(ssl); - if (sk == NULL) - return; - - for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { - /* LINTED */ - c = sk_SSL_CIPHER_value(sk, i); - libbootlog(BOOTLOG_VERBOSE, "%08lx %s", c->id, c->name); - } - name = SSL_get_cipher_name(ssl); - if (name == NULL) - name = ""; - libbootlog(BOOTLOG_VERBOSE, "Current cipher = %s", name); -} - -/* - * read_headerlines - Get the header lines from the server. This reads - * lines until it gets a empty line indicating end of headers. - * - * ret = read_headerlines(c_id); - * - * Arguments: - * c_id - Info about the connection being read. - * bread - TRUE if the headerlines are part of the message body. - * - * Returns: - * 0 - Header lines were read. - * -1 - Error occurred. The errors information is already in - * the error stack. - * - * Read the lines. If the current line begins with a space or tab, it is - * a continuation. Take the new line and append it to the end of the - * previous line rather than making an entry for another line in - * c_id->resphdr. - * - * Note that I/O errors are put into the error stack by http_srv_recv(), - * which is called by getaline(). - */ -static int -read_headerlines(http_conn_t *c_id, boolean_t bread) -{ - char line[MAXHOSTNAMELEN]; - char **new_buf; - char *ptr; - int next; - int cur; - int n; - - /* process headers, stop when we get to an empty line */ - cur = 0; - next = 0; - while ((n = getaline(c_id, line, sizeof (line), bread)) > 0) { - - if (verbosemode) - libbootlog(BOOTLOG_VERBOSE, - "read_headerlines: %s", line); - /* - * See if this is a continuation line (first col is a - * space or a tab) - */ - if (line[0] != ' ' && line[0] != ' ') { - cur = next; - next ++; - new_buf = - realloc(c_id->resphdr, (cur + 1) * sizeof (void *)); - if (new_buf == NULL) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (-1); - } - c_id->resphdr = new_buf; - - c_id->resphdr[cur] = strdup(line); - if (c_id->resphdr[cur] == NULL) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (-1); - } - } else { - ptr = line; - while (isspace(*ptr)) - ptr ++; - c_id->resphdr[cur] = realloc(c_id->resphdr[cur], - strlen(c_id->resphdr[cur]) + strlen(ptr) + 1); - if (c_id->resphdr[cur] == NULL) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOMEM); - return (-1); - } - (void) strcat(c_id->resphdr[cur], ptr); - } - ptr = &(c_id->resphdr[cur][strlen(c_id->resphdr[cur]) - 1]); - while (ptr > c_id->resphdr[cur] && isspace(*ptr)) - ptr --; - } - c_id->resp.nresphdrs = next; - - /* Cause of any I/O error was already put into error stack. */ - return (n >= 0 ? 0 : -1); -} - -static void -free_response(http_conn_t *c_id, int free_boundary) -{ - int i; - - /* free memory from previous calls */ - if (c_id->resp.statusmsg != NULL) { - free(c_id->resp.statusmsg); - c_id->resp.statusmsg = NULL; - } - for (i = 0; i < c_id->resp.nresphdrs; i++) { - free(c_id->resphdr[i]); - c_id->resphdr[i] = NULL; - } - c_id->resp.nresphdrs = 0; - if (c_id->resphdr != NULL) { - free(c_id->resphdr); - c_id->resphdr = NULL; - } - - if (free_boundary && c_id->boundary) { - free(c_id->boundary); - c_id->boundary = NULL; - c_id->is_multipart = B_FALSE; - } -} - -static int -free_ctx_ssl(http_conn_t *c_id) -{ - int err_ret = 0; - - if (c_id->ssl != NULL) { - if (SSL_shutdown(c_id->ssl) <= 0) { - ulong_t err; - while ((err = ERR_get_error()) != 0) - SET_ERR(c_id, ERRSRC_LIBSSL, err); - err_ret = -1; - } - SSL_free(c_id->ssl); - c_id->ssl = NULL; - } - - if (c_id->fd != -1 && socket_close(c_id->fd) < 0) { - SET_ERR(c_id, ERRSRC_SYSTEM, errno); - err_ret = -1; - } - c_id->fd = -1; - - if (c_id->ctx != NULL) { - SSL_CTX_free(c_id->ctx); - c_id->ctx = NULL; - } - - return (err_ret); -} - -/* - * get_chunk_header - Get a chunk header line - * - * Arguments: - * c_id - Structure describing the connection in question. - * - * Returns: - * >=0 - Length of next chunk - * -1 - Error occurred. The error information is in the error stack. - */ -static int -get_chunk_header(http_conn_t *c_id) -{ - char line[MAXHOSTNAMELEN]; - char *ptr; - int value; - int ok; - int i; - - /* - * Determine whether an extra crlf pair will precede the - * chunk header. For the first one, there is no preceding - * crlf. For later chunks, there is one crlf. - */ - if (c_id->is_firstchunk) { - ok = 1; - c_id->is_firstchunk = B_FALSE; - } else { - ok = ((i = getaline(c_id, line, sizeof (line), B_FALSE)) == 0); - } - - if (ok) - i = getaline(c_id, line, sizeof (line), B_FALSE); - if (!ok || i < 0) { - /* - * If I/O error, the Cause was already put into - * error stack. This is an additional error. - */ - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_NOHEADER); - return (-1); - } - - if (verbosemode) - libbootlog(BOOTLOG_VERBOSE, "get_chunk_header: <%s>", line); - - - /* - * The first (and probably only) field in the line is the hex - * length of the chunk. - */ - ptr = line; - value = 0; - while (*ptr != '\0' && (i = hexdigit(*ptr)) >= 0) { - value = (value << 4) + i; - ptr ++; - } - - return (value); -} - -/* - * init_bread - Initialize the counters used to read message bodies. - * - * Arguments: - * c_id - Structure describing the connection in question. - * - * Returns: - * 0 - Success - * -1 - Error occurred. The error information is in the error stack. - * - * This routine will determine whether the message body being received is - * chunked or non-chunked. Once determined, the counters used to read - * message bodies will be initialized. - */ -static int -init_bread(http_conn_t *c_id) -{ - char *hdr; - char *ptr; - boolean_t sized = B_FALSE; - - /* - * Assume non-chunked reads until proven otherwise. - */ - c_id->is_chunked = B_FALSE; - c_id->is_firstchunk = B_FALSE; - hdr = http_get_header_value(c_id, "Content-Length"); - if (hdr != NULL) { - c_id->body_size = strtol(hdr, NULL, 10); - if (c_id->body_size == 0 && errno != 0) { - free(hdr); - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_BADSIZE); - return (-1); - } - free(hdr); - sized = B_TRUE; - } - - /* - * If size was not determined above, then see if this is a - * chunked message. Keep in mind that the first chunk size is - * "special". - */ - if (!sized) { - hdr = http_get_header_value(c_id, "Transfer-Encoding"); - if (hdr != NULL) { - ptr = eat_ws(hdr); - if (startswith((const char **)&ptr, "chunked;") || - strcasecmp(ptr, "chunked") == 0) { - c_id->is_firstchunk = B_TRUE; - c_id->is_chunked = B_TRUE; - } - free(hdr); - if (c_id->is_chunked) { - c_id->body_size = get_chunk_header(c_id); - if (c_id->body_size == -1) { - /* - * Error stack was already set at a - * lower level. - */ - return (-1); - } - sized = B_TRUE; - } - } - } - - /* - * Well, isn't this a fine predicament? It wasn't chunked or - * non-chunked as far as we can tell. - */ - if (!sized) { - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_BADSIZE); - return (-1); - } - - c_id->body_read = 0; - c_id->body_size_tot = c_id->body_size; - c_id->body_read_tot = 0; - - return (0); -} - -/* - * get_msgcnt - Get the number of bytes left in the message body or chunk. - * - * Arguments: - * c_id - Structure describing the connection in question. - * msgcnt - Where to store the message count. - * - * Returns: - * 0 - Success - * -1 - Error occurred. The error information is in the error stack. - * - * Note that if the message being read is not chunked, then the byte count - * is simply the message size minus the bytes read thus far. In the case of - * chunked messages, the byte count returned will be the number of bytes - * left in the chunk. If the current chunk has been exhausted, then this - * routine will determine the size of the next chunk. When the next chunk - * size is zero, the message has been read in its entirety. - */ -static int -get_msgcnt(http_conn_t *c_id, ssize_t *msgcnt) -{ - /* - * If there are more bytes in the message, then return. - */ - *msgcnt = c_id->body_size - c_id->body_read; - if (*msgcnt != 0) { - return (0); - } - /* - * If this is not a chunked message and the body has been - * read, then we're done. - */ - if (!c_id->is_chunked) { - return (0); - } - - /* - * We're looking at a chunked message whose immediate - * chunk has been totally processed. See if there is - * another chunk. - */ - c_id->body_size = get_chunk_header(c_id); - if (c_id->body_size == -1) { - /* - * Error stack was already set at a - * lower level. - */ - return (-1); - } - - /* - * No bytes of this chunk have been processed yet. - */ - c_id->body_read = 0; - - /* - * A zero length chunk signals the end of the - * message body and chunking. - */ - if (c_id->body_size == 0) { - c_id->is_chunked = B_FALSE; - return (0); - } - - /* - * There is another chunk. - */ - c_id->body_size_tot += c_id->body_size; - *msgcnt = c_id->body_size - c_id->body_read; - - return (0); -} - -/* - * getaline - Get lines of data from the HTTP response, up to 'len' bytes. - * NOTE: the line will not end with a NULL if all 'len' bytes - * were read. - * - * Arguments: - * c_id - Structure describing the connection in question. - * line - Where to store the data. - * len - Maximum number of bytes in the line. - * bread - TRUE if the lines are part of the message body. - * - * Returns: - * >=0 - The number of bytes successfully read. - * <0 - An error occurred. This is (the number of bytes gotten + 1), - * negated. In other words, if 'n' bytes were read and then an - * error occurred, this will return (-(n+1)). So zero bytes read - * and then an error occurs, this will return -1. If 1 bytes - * was read, it will return -2, etc. - * - * Specifics of the error can be gotten using http_get_lasterr(); - * - * Note that I/O errors are put into the error stack by http_srv_recv().1 - */ -static int -getaline(http_conn_t *c_id, char *line, int len, boolean_t bread) -{ - int i = 0; - ssize_t msgcnt = 0; - ssize_t cnt; - - while (i < len) { - /* - * Special processing required for message body reads. - */ - if (bread) { - /* - * See if there is another chunk. Obviously, in the - * case of non-chunked messages, there won't be. - * But in either case, chunked or not, if msgcnt - * is still zero after the call to get_msgcnt(), - * then we're done. - */ - if (msgcnt == 0) { - if (get_msgcnt(c_id, &msgcnt) == -1) { - return (-(i+1)); - } - if (msgcnt == 0) { - break; - } - } - cnt = MIN(msgcnt, sizeof (c_id->inbuf.buf)); - } else { - cnt = sizeof (c_id->inbuf.buf); - } - - /* read more data if buffer empty */ - if (c_id->inbuf.i == c_id->inbuf.n) { - c_id->inbuf.i = 0; - c_id->inbuf.n = http_srv_recv(c_id, c_id->inbuf.buf, - cnt); - if (c_id->inbuf.n == 0) { - return (i); - } - if (c_id->inbuf.n < 0) { - return (-(i+1)); - } - } - /* skip CR */ - if (c_id->inbuf.buf[c_id->inbuf.i] == '\r') { - INC_BREAD_CNT(bread, msgcnt); - c_id->inbuf.i++; - continue; - } - if (c_id->inbuf.buf[c_id->inbuf.i] == '\n') { - INC_BREAD_CNT(bread, msgcnt); - c_id->inbuf.i++; - line[i] = '\0'; - return (i); - } - /* copy buf from internal buffer */ - INC_BREAD_CNT(bread, msgcnt); - line[i++] = c_id->inbuf.buf[c_id->inbuf.i++]; - } - return (i); -} - -/* - * getbytes - Get a block from the HTTP response. Used for the HTTP body. - * - * Arguments: - * c_id - Structure describing the connection in question. - * line - Where to store the data. - * len - Maximum number of bytes in the block. - * - * Returns: - * >=0 - The number of bytes successfully read. - * <0 - An error occurred. This is (the number of bytes gotten + 1), - * negated. In other words, if 'n' bytes were read and then an - * error occurred, this will return (-(n+1)). So zero bytes read - * and then an error occurs, this will return -1. If 1 bytes - * was read, it will return -2, etc. - * - * Specifics of the error can be gotten using http_get_lasterr(); - * - * Note that all reads performed here assume that a message body is being - * read. If this changes in the future, then the logic should more closely - * resemble getaline(). - * - * Note that I/O errors are put into the error stack by http_srv_recv(). - */ -static int -getbytes(http_conn_t *c_id, char *line, int len) -{ - int i = 0; - ssize_t msgcnt = 0; - ssize_t cnt; - int nbytes; - - while (i < len) { - /* - * See if there is another chunk. Obviously, in the - * case of non-chunked messages, there won't be. - * But in either case, chunked or not, if msgcnt - * is still zero after the call to get_msgcnt(), then - * we're done. - */ - if (msgcnt == 0) { - if (get_msgcnt(c_id, &msgcnt) == -1) { - return (-(i+1)); - } - if (msgcnt == 0) { - break; - } - } - - cnt = MIN(msgcnt, len - i); - - if (c_id->inbuf.n != c_id->inbuf.i) { - nbytes = (int)MIN(cnt, c_id->inbuf.n - c_id->inbuf.i); - (void) memcpy(line, &c_id->inbuf.buf[c_id->inbuf.i], - nbytes); - c_id->inbuf.i += nbytes; - } else { - nbytes = http_srv_recv(c_id, line, cnt); - if (nbytes == 0) { - return (i); - } - if (nbytes < 0) { - return (-(i+1)); - } - } - - i += nbytes; - line += nbytes; - msgcnt -= nbytes; - c_id->body_read += nbytes; - c_id->body_read_tot += nbytes; - } - - return (i); -} - -static int -http_srv_send(http_conn_t *c_id, const void *buf, size_t nbyte) -{ - int retval; - - if (c_id->ssl != NULL) { - if ((retval = SSL_write(c_id->ssl, buf, nbyte)) <= 0) { - handle_ssl_error(c_id, retval); - } - return (retval); - } else { - retval = socket_write(c_id->fd, buf, nbyte, &c_id->host_addr); - if (retval < 0) { - SET_ERR(c_id, ERRSRC_SYSTEM, errno); - return (-1); - } - return (retval); - } -} - -static int -http_srv_recv(http_conn_t *c_id, void *buf, size_t nbyte) -{ - int retval; - - if (c_id->ssl != NULL) { - if ((retval = SSL_read(c_id->ssl, buf, nbyte)) <= 0) { - handle_ssl_error(c_id, retval); - } - return (retval); - } else { - retval = socket_read(c_id->fd, buf, nbyte, c_id->read_timeout); - if (retval < 0) { - SET_ERR(c_id, ERRSRC_SYSTEM, errno); - return (-1); - } - return (retval); - } -} - -static boolean_t -http_check_conn(http_conn_t *c_id) -{ - early_err = 0; - if (c_id == NULL || c_id->signature != HTTP_CONN_INFO) { - early_err = EHTTP_BADARG; - return (B_FALSE); - } - RESET_ERR(c_id); - return (B_TRUE); -} - -static void -handle_ssl_error(http_conn_t *c_id, int retval) -{ - ulong_t err; - - err = SSL_get_error(c_id->ssl, retval); - - switch (err) { - case SSL_ERROR_NONE: - return; - - case SSL_ERROR_ZERO_RETURN: - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_CONCLOSED); - return; - - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - case SSL_ERROR_WANT_CONNECT: - case SSL_ERROR_WANT_X509_LOOKUP: - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_UNEXPECTED); - return; - - case SSL_ERROR_SYSCALL: - err = ERR_get_error(); - if (err == 0) - SET_ERR(c_id, ERRSRC_LIBHTTP, EHTTP_EOFERR); - else if (err == (ulong_t)-1) - SET_ERR(c_id, ERRSRC_SYSTEM, errno); - else { - SET_ERR(c_id, ERRSRC_LIBSSL, err); - while ((err = ERR_get_error()) != 0) - SET_ERR(c_id, ERRSRC_LIBSSL, err); - } - return; - - case SSL_ERROR_SSL: - while ((err = ERR_get_error()) != 0) { - SET_ERR(c_id, ERRSRC_LIBSSL, err); - } - return; - } -} - -static int -count_digits(int value) -{ - int count = 1; - - if (value < 0) { - count++; - value = -value; - } - - while (value > 9) { - value /= 10; - count++; - } - return (count); -} - -static int -hexdigit(char ch) -{ - if (ch >= '0' && ch <= '9') - return (ch - '0'); - if (ch >= 'A' && ch <= 'F') - return (ch - 'A' + 10); - if (ch >= 'a' && ch <= 'f') - return (ch - 'a' + 10); - return (-1); -} - -static char * -eat_ws(const char *buf) -{ - char *ptr = (char *)buf; - - while (isspace(*ptr)) - ptr++; - - return (ptr); -} - -static boolean_t -startswith(const char **strp, const char *starts) -{ - int len = strlen(starts); - - if (strncasecmp(*strp, starts, len) == 0) { - *strp += len; - return (B_TRUE); - } - return (B_FALSE); -} diff --git a/usr/src/common/net/wanboot/boot_http.h b/usr/src/common/net/wanboot/boot_http.h deleted file mode 100644 index 6547f54f2d..0000000000 --- a/usr/src/common/net/wanboot/boot_http.h +++ /dev/null @@ -1,137 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _BOOT_HTTP_H -#define _BOOT_HTTP_H - -#pragma ident "%Z%%M% %I% %E% SMI" - - -#include <sys/types.h> -#include <sys/errno.h> -#include <parseURL.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/* State information returned by http_conn_info() */ -typedef struct { - url_t uri; /* URI last loaded */ - url_hport_t proxy; /* proxy, if any being used */ - boolean_t keepalive; /* Keepalive setting being used */ - uint_t read_timeout; /* Timeout to use for socket reads */ -} http_conninfo_t; - - -/* Structure for version of the http file */ -typedef struct { - uint_t maj_ver; /* Major version */ - uint_t min_ver; /* Minor version */ - uint_t micro_ver; /* Micro version */ -} boot_http_ver_t; - -/* Internal Libhttp errors */ -#define EHTTP_BADARG 1 /* Function called with one+ bad arguments */ -#define EHTTP_NOMEM 2 /* Out of memory error detected */ -#define EHTTP_CONCLOSED 3 /* The ssl connection was closed (but not */ - /* necessarily the underlying transport */ - /* connection). */ -#define EHTTP_UNEXPECTED 4 /* A SSL I/O request returned an unexpected */ - /* error. */ -#define EHTTP_EOFERR 5 /* Unexpected/premature EOF */ -#define EHTTP_NOCERT 6 /* No certificate was persented */ -#define EHTTP_NOMATCH 7 /* Peer cert doesn't match hostname or */ - /* No matching entry */ -#define EHTTP_NODATA 8 /* No data was returned */ -#define EHTTP_NOT_1_1 9 /* This was not a HTTP/1.1 response */ -#define EHTTP_BADHDR 10 /* The header doesn't look to be valid */ -#define EHTTP_OORANGE 11 /* Requests header line is out of range */ -#define EHTTP_NORESP 12 /* No or partial response returned */ -#define EHTTP_BADRESP 13 /* Bad response or error returned */ -#define EHTTP_NOHEADER 14 /* Chunked header expected but not found */ -#define EHTTP_NOBOUNDARY 15 /* Boundary line expected but not found */ -#define EHTTP_NOTMULTI 16 /* This is not a multipart transfer */ -#define EHTTP_BADSIZE 17 /* Could not determine msg body size */ - - - -/* Sources of errors */ -#define ERRSRC_SYSTEM 1 /* System error occurred */ -#define ERRSRC_LIBHTTP 2 /* Internal (libhttp) error */ -#define ERRSRC_RESOLVE 3 /* Libresolv error */ -#define ERRSRC_VERIFERR 4 /* Verify error occurred */ -#define ERRSRC_LIBSSL 5 /* Libssl/libcrypto error */ - - -typedef struct { - uint_t code; /* status code */ - char *statusmsg; /* status message */ - uint_t nresphdrs; /* number of response headers */ -} http_respinfo_t; - - -typedef void *http_handle_t; - -boot_http_ver_t const *http_get_version(void); -void http_set_p12_format(int); -void http_set_verbose(boolean_t); -int http_set_cipher_list(const char *); -http_handle_t http_srv_init(const url_t *); -int http_set_proxy(http_handle_t, const url_hport_t *); -int http_set_keepalive(http_handle_t, boolean_t); -int http_set_socket_read_timeout(http_handle_t, uint_t); -int http_set_basic_auth(http_handle_t, const char *, const char *); -int http_set_random_file(http_handle_t, const char *); -int http_set_certificate_authority_file(const char *); -int http_set_client_certificate_file(http_handle_t, const char *); -int http_set_password(http_handle_t, const char *); -int http_set_key_file_password(http_handle_t, const char *); -int http_set_private_key_file(http_handle_t, const char *); - -int http_srv_connect(http_handle_t); -int http_head_request(http_handle_t, const char *); -int http_get_request(http_handle_t, const char *); -int http_get_range_request(http_handle_t, const char *, offset_t, offset_t); -void http_free_respinfo(http_respinfo_t *); -int http_process_headers(http_handle_t, http_respinfo_t **); -int http_process_part_headers(http_handle_t, http_respinfo_t **); -char *http_get_header_value(http_handle_t, const char *); -char *http_get_response_header(http_handle_t, uint_t); -int http_read_body(http_handle_t, char *, size_t); -int http_srv_disconnect(http_handle_t); -int http_srv_close(http_handle_t); -http_conninfo_t *http_get_conn_info(http_handle_t); -int http_conn_is_https(http_handle_t, boolean_t *); -ulong_t http_get_lasterr(http_handle_t, uint_t *); -void http_decode_err(ulong_t, int *, int *, int *); -char const *http_errorstr(uint_t, ulong_t); - -#ifdef __cplusplus -} -#endif - -#endif /* _BOOT_HTTP_H */ diff --git a/usr/src/common/net/wanboot/bootconf.c b/usr/src/common/net/wanboot/bootconf.c deleted file mode 100644 index 81f8317a0a..0000000000 --- a/usr/src/common/net/wanboot/bootconf.c +++ /dev/null @@ -1,625 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ -#pragma ident "%Z%%M% %I% %E% SMI" - -/* - * Functions for accessing the wanboot.conf(4) file. - */ - -#include <stdio.h> -#include <string.h> -#include <sys/types.h> -#include <parseURL.h> -#include <netboot_paths.h> -#include <wanboot_conf.h> - -/* - * Parser helper macros: - */ -#define is_whitespace(c) ((c) == ' ' || (c) == '\t') -#define skip_whitespace(p) while (is_whitespace(*(p))) ++p - -/* - * Table of valid wanboot.conf(4) names: - */ -static const char *bootconf_names[] = { - BC_BOOT_FILE, - BC_ROOT_SERVER, - BC_ROOT_FILE, - BC_ENCRYPTION_TYPE, - BC_SIGNATURE_TYPE, - BC_CLIENT_AUTHENTICATION, - BC_SERVER_AUTHENTICATION, - BC_BOOT_LOGGER, - BC_RESOLVE_HOSTS, - BC_SYSTEM_CONF, - NULL -}; - -/* - * Check whether 'name' is valid within wanboot.conf(4). - */ -static boolean_t -valid_name(const char *name) -{ - int i; - - for (i = 0; bootconf_names[i] != NULL; ++i) { - if (strcmp(name, bootconf_names[i]) == 0) { - return (B_TRUE); - } - } - - return (B_FALSE); -} - -/* - * parse_bootconf() parses a wanboot.conf(4) file and, if there are no - * errors, creates an nvpair list of the name-value pairs defined therein. - * - * Lines must be blank or of the form: - * [name=value] [# comment] - * - * Returns: - * B_TRUE - success - * B_FALSE - error (return code in handle->bc_error_code, line number - * on which the error occurred in handle->bc_error_pos) - */ -static boolean_t -parse_bootconf(bc_handle_t *handle, const char *bootconf) -{ - FILE *fp = NULL; - nvlist_t *nvl = NULL; - char line[BC_MAX_LINE_LENGTH]; - - if ((fp = fopen(bootconf, "r")) == NULL) { - handle->bc_error_code = BC_E_ACCESS; - goto cleanup; - } - - if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) { - handle->bc_error_code = BC_E_NVLIST; - goto cleanup; - } - - while (fgets(line, sizeof (line), fp) != NULL) { - int i; - char *p = line; - char *ks, *ke, *vs, *ve; - char quote; - - ++(handle->bc_error_pos); - - /* - * Strip off the '\n' at the end of the line. - */ - if ((i = strlen(line)) < 1) { - handle->bc_error_code = BC_E_IOERR; - goto cleanup; - } else if (line[i - 1] != '\n') { - handle->bc_error_code = BC_E_TOO_LONG; - goto cleanup; - } - line[i - 1] = '\0'; - - /* - * Skip leading whitespace. - */ - skip_whitespace(p); - - /* - * Blank line/comment-only line? - */ - if (*p == '\0' || *p == '#') { - continue; - } - - /* - * Get start and end pointers to the 'name'. - */ - ks = p; - while (!is_whitespace(*p) && *p != '=') { - ++p; - } - ke = p; - - /* - * Must be of the form "name=value"; skip leading and - * trailing whitespace. - */ - skip_whitespace(p); - if (*p == '=') { - ++p; /* skip '=' */ - skip_whitespace(p); - } else { - handle->bc_error_code = BC_E_SYNTAX; - goto cleanup; - } - - /* - * The 'value' may be quoted. - */ - if (*p == '"' || *p == '\'') { - quote = *p; - ++p; /* skip '"' */ - } else { - quote = '\0'; - } - - /* - * Get start and end pointers to the 'value' string. - * Note that 'value' may be the empty string. - */ - vs = p; - if (quote != '\0' || *p != '#') { - while (*p != '\0' && *p != quote) { - /* - * White space that is not part of a quoted - * value signals end of value. - */ - if (is_whitespace(*p) && quote == '\0') { - break; - } - ++p; - } - } - ve = p; - - /* - * If 'value' string was quoted, ensure that there is a - * balancing close-quote and skip it. - */ - if (quote != '\0') { - if (*p == quote) { - ++p; - } else { - handle->bc_error_code = BC_E_SYNTAX; - goto cleanup; - } - } - - /* - * Verify line is well-formed; the rest of the line should - * be blank or comment. - */ - skip_whitespace(p); - if (*p != '\0' && *p != '#') { - handle->bc_error_code = BC_E_SYNTAX; - goto cleanup; - } - - /* - * Nul-terminate both the 'name' and the 'value' string. - */ - *ke = '\0'; - *ve = '\0'; - - /* - * Check that this is a valid parameter name. - */ - if (!valid_name(ks)) { - handle->bc_error_code = BC_E_UNKNOWN_NAME; - goto cleanup; - } - - /* - * Add the name-value pair to the nvpair list. - */ - if (nvlist_add_string(nvl, ks, vs) != 0) { - handle->bc_error_code = BC_E_NVLIST; - goto cleanup; - } - } - - /* - * Verify that we didn't exit the parsing loop because of an - * input error. - */ - if (ferror(fp)) { - handle->bc_error_code = BC_E_IOERR; - goto cleanup; - } - -cleanup: - /* - * Close the file if open and free the nvlist if an error occurred. - */ - if (fp != NULL && fclose(fp) != 0) { - handle->bc_error_code = BC_E_IOERR; - } - if (handle->bc_error_code != BC_E_NOERROR) { - if (nvl != NULL) { - nvlist_free(nvl); - } - return (B_FALSE); - } - - /* - * All is well. - */ - handle->bc_nvl = nvl; - - return (B_TRUE); -} - -/* - * valid_encryption() validitate the encryption type value - * - * Returns: - * B_TRUE - success - * B_FALSE - error (return code in handle->bc_error_code) - */ -static boolean_t -valid_encryption(bc_handle_t *handle, boolean_t *is_encrypted) -{ - nvlist_t *nvl = handle->bc_nvl; - char *strval; - - /* - * Until proven otherwise, encryption is not enabled. - */ - *is_encrypted = B_FALSE; - - /* - * If encryption_type was specified then it must be either - * "3des", "aes" or "". - */ - if (nvlist_lookup_string(nvl, BC_ENCRYPTION_TYPE, &strval) == 0) { - if (strlen(strval) > 0) { - if (strcmp(strval, BC_ENCRYPTION_3DES) != 0 && - strcmp(strval, BC_ENCRYPTION_AES) != 0) { - handle->bc_error_code = BC_E_ENCRYPTION_ILLEGAL; - return (B_FALSE); - } - *is_encrypted = B_TRUE; - } - } - return (B_TRUE); -} - -/* - * valid_signature() validates the signature type value - * - * Returns: - * B_TRUE - success - * B_FALSE - error (return code in handle->bc_error_code) - */ -static boolean_t -valid_signature(bc_handle_t *handle, boolean_t *is_signed) -{ - nvlist_t *nvl = handle->bc_nvl; - char *strval; - - /* - * Until proven otherwise, signing is not enabled. - */ - *is_signed = B_FALSE; - - /* - * If signature_type was specified then it must be either - * "sha1" or "". - */ - if (nvlist_lookup_string(nvl, BC_SIGNATURE_TYPE, &strval) == 0) { - if (strlen(strval) > 0) { - if (strcmp(strval, BC_SIGNATURE_SHA1) != 0) { - handle->bc_error_code = BC_E_SIGNATURE_ILLEGAL; - return (B_FALSE); - } - *is_signed = B_TRUE; - } - } - - return (B_TRUE); -} - -/* - * valid_client_authentication() validates the client authentication value - * - * Returns: - * B_TRUE - success - * B_FALSE - error (return code in handle->bc_error_code) - */ -static boolean_t -valid_client_authentication(bc_handle_t *handle, boolean_t *is_authenticated) -{ - nvlist_t *nvl = handle->bc_nvl; - char *strval; - - /* - * Until proven otherwise, authentication is not enabled. - */ - *is_authenticated = B_FALSE; - - /* - * If client_authentication was specified then it must be either - * "yes" or "no". - */ - if (nvlist_lookup_string(nvl, BC_CLIENT_AUTHENTICATION, &strval) == 0) { - if (strcmp(strval, BC_YES) == 0) { - *is_authenticated = B_TRUE; - } else if (strcmp(strval, BC_NO) != 0) { - handle->bc_error_code = BC_E_CLIENT_AUTH_ILLEGAL; - return (B_FALSE); - } - } - - return (B_TRUE); -} - -/* - * valid_server_authentication() validates the server authentication value - * - * Returns: - * B_TRUE - success - * B_FALSE - error (return code in handle->bc_error_code) - */ -static boolean_t -valid_server_authentication(bc_handle_t *handle, boolean_t *is_authenticated) -{ - nvlist_t *nvl = handle->bc_nvl; - char *strval; - - /* - * Until proven otherwise, authentication is not enabled. - */ - *is_authenticated = B_FALSE; - - /* - * If server_authentication was specified then it must be either - * "yes" or"no". - */ - if (nvlist_lookup_string(nvl, BC_SERVER_AUTHENTICATION, &strval) == 0) { - if (strcmp(strval, BC_YES) == 0) { - *is_authenticated = B_TRUE; - } else if (strcmp(strval, BC_NO) != 0) { - handle->bc_error_code = BC_E_SERVER_AUTH_ILLEGAL; - return (B_FALSE); - } - } - - return (B_TRUE); -} - -/* - * valid_root_server() validates the root server and root file values - * - * Returns: - * B_TRUE - success - * B_FALSE - error (return code in handle->bc_error_code) - */ -static boolean_t -valid_root_server(bc_handle_t *handle, boolean_t *is_https) -{ - nvlist_t *nvl = handle->bc_nvl; - char *strval; - url_t url; - - /* - * Until proven otherwise, assume not https. - */ - *is_https = B_FALSE; - - /* - * Check whether a root_server URL was specified, and if so whether - * it is a secure URL (of the form https://...). - */ - if (nvlist_lookup_string(nvl, BC_ROOT_SERVER, &strval) == 0) { - if (url_parse(strval, &url) != URL_PARSE_SUCCESS) { - handle->bc_error_code = BC_E_ROOT_SERVER_BAD; - return (B_FALSE); - } - *is_https = url.https; - - /* - * Ensure that a root_file was also specified. - */ - if (nvlist_lookup_string(nvl, BC_ROOT_FILE, &strval) != 0 || - strlen(strval) == 0) { - handle->bc_error_code = BC_E_ROOT_FILE_ABSENT; - return (B_FALSE); - } - } else { - handle->bc_error_code = BC_E_ROOT_SERVER_ABSENT; - return (B_FALSE); - } - - return (B_TRUE); -} - -/* - * valid_boot_logger() validates the boot_logger value - * - * Returns: - * B_TRUE - success - * B_FALSE - error (return code in handle->bc_error_code) - */ -static boolean_t -valid_boot_logger(bc_handle_t *handle, boolean_t *is_https) -{ - nvlist_t *nvl = handle->bc_nvl; - char *strval; - url_t url; - - /* - * Until proven otherwise, assume not https. - */ - *is_https = B_FALSE; - - /* - * If boot_logger was specified, make sure that it is a valid URL. - */ - if (nvlist_lookup_string(nvl, BC_BOOT_LOGGER, &strval) == 0 && - strlen(strval) > 0) { - if (url_parse(strval, &url) != URL_PARSE_SUCCESS) { - handle->bc_error_code = BC_E_BOOT_LOGGER_BAD; - return (B_FALSE); - } - *is_https = url.https; - } - - return (B_TRUE); -} - -/* - * validate_bootconf() checks the consistency of the nvpair list representation - * of a wanboot.conf(4) file as returned by the parse_bootconf() function. - * - * Returns: - * B_TRUE - success - * B_FALSE - error (return code in handle->bc_error_code) - */ -static boolean_t -validate_bootconf(bc_handle_t *handle) -{ - boolean_t is_encrypted; - boolean_t is_signed; - boolean_t client_is_authenticated; - boolean_t server_is_authenticated; - boolean_t rootserver_is_https; - boolean_t bootlogger_is_https; - - /* - * Check to make sure option values are valid. - */ - if (!valid_encryption(handle, &is_encrypted) || - !valid_signature(handle, &is_signed) || - !valid_client_authentication(handle, &client_is_authenticated) || - !valid_server_authentication(handle, &server_is_authenticated) || - !valid_root_server(handle, &rootserver_is_https) || - !valid_boot_logger(handle, &bootlogger_is_https)) - return (B_FALSE); - - /* - * Now do consistency checking between bootconf settings. - */ - if (is_encrypted && !is_signed) { - handle->bc_error_code = BC_E_ENCRYPTED_NOT_SIGNED; - return (B_FALSE); - } - if (client_is_authenticated) { - if (!(is_encrypted && is_signed)) { - handle->bc_error_code = BC_E_CLIENT_AUTH_NOT_ENCRYPTED; - return (B_FALSE); - } - - if (!server_is_authenticated) { - handle->bc_error_code = BC_E_CLIENT_AUTH_NOT_SERVER; - return (B_FALSE); - } - } - if (server_is_authenticated) { - if (!is_signed) { - handle->bc_error_code = BC_E_SERVER_AUTH_NOT_SIGNED; - return (B_FALSE); - } - - if (!rootserver_is_https) { - handle->bc_error_code = BC_E_SERVER_AUTH_NOT_HTTPS; - return (B_FALSE); - } - } else if (rootserver_is_https) { - handle->bc_error_code = BC_E_SERVER_AUTH_NOT_HTTP; - return (B_FALSE); - } else if (bootlogger_is_https) { - handle->bc_error_code = BC_E_BOOTLOGGER_AUTH_NOT_HTTP; - return (B_FALSE); - } - - return (B_TRUE); -} - - -/* - * bootconf_end() cleans up once we're done accessing the nvpair list - * representation of wanboot.conf(4). - */ -void -bootconf_end(bc_handle_t *handle) -{ - if (handle->bc_nvl != NULL) { - nvlist_free(handle->bc_nvl); - handle->bc_nvl = NULL; - } -} - -/* - * bootconf_init() must be called to initialize 'handle' before bootconf_get() - * can be used to access values from the wanboot.conf(4) file. - */ -int -bootconf_init(bc_handle_t *handle, const char *bootconf) -{ - /* - * Initalise the handle's fields to sensible values. - */ - handle->bc_nvl = NULL; - handle->bc_error_code = BC_E_NOERROR; - handle->bc_error_pos = 0; - - /* - * Provide a default path for the bootconf file if none was given. - */ - if (bootconf == NULL) { - bootconf = NB_WANBOOT_CONF_PATH; - } - - /* - * Check that we can successfully parse and validate the file. - */ - if (parse_bootconf(handle, bootconf) && validate_bootconf(handle)) { - return (BC_SUCCESS); - } - - /* - * Parse/validate error; free any allocated resources. - */ - bootconf_end(handle); - - return (BC_FAILURE); -} - -/* - * bootconf_get() returns the value of a parameter in the wanboot.conf(4) file. - * - * Returns: - * != NULL - the given value - * == NULL - value not found or is empty - */ -char * -bootconf_get(bc_handle_t *handle, const char *name) -{ - char *strval; - - /* - * Look up the name in bc_nvl and return its value if found. - */ - if (handle->bc_nvl != NULL && - nvlist_lookup_string(handle->bc_nvl, (char *)name, &strval) == 0) { - return (strlen(strval) == 0 ? NULL : strval); - } - - return (NULL); -} diff --git a/usr/src/common/net/wanboot/bootconf_errmsg.c b/usr/src/common/net/wanboot/bootconf_errmsg.c deleted file mode 100644 index a14a4ce705..0000000000 --- a/usr/src/common/net/wanboot/bootconf_errmsg.c +++ /dev/null @@ -1,142 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <libintl.h> -#include <stdio.h> -#include "wanboot_conf.h" - -/* - * This function maps an error code (one of those defined in wanboot_conf.h) - * into an error message. - * - * Returns: the error message string. - */ -char * -bootconf_errmsg(bc_handle_t *handle) -{ - static char errmsg[256]; - char *errstr; - int chars; - - errstr = gettext("bootconf_errmsg: internal error"); - - switch (handle->bc_error_code) { - case BC_E_NOERROR: - errstr = gettext("No error"); - break; - case BC_E_ACCESS: - errstr = gettext("Can't open configuration file"); - break; - case BC_E_NVLIST: - errstr = gettext("Error creating/adding to nvlist"); - break; - case BC_E_IOERR: - errstr = gettext("Error reading/closing configuration file"); - break; - case BC_E_TOO_LONG: - if ((chars = snprintf(errmsg, sizeof (errmsg), - gettext("Line %d of configuration file is too long"), - handle->bc_error_pos)) > 0 && chars < sizeof (errmsg)) { - errstr = errmsg; - } - break; - case BC_E_SYNTAX: - if ((chars = snprintf(errmsg, sizeof (errmsg), - gettext("Syntax error on line %d of configuration file"), - handle->bc_error_pos)) > 0 && chars < sizeof (errmsg)) { - errstr = errmsg; - } - break; - case BC_E_UNKNOWN_NAME: - if ((chars = snprintf(errmsg, sizeof (errmsg), - gettext("Unknown name on line %d of configuration file"), - handle->bc_error_pos)) > 0 && chars < sizeof (errmsg)) { - errstr = errmsg; - } - break; - case BC_E_ENCRYPTION_ILLEGAL: - errstr = gettext("Illegal encryption_type"); - break; - case BC_E_SIGNATURE_ILLEGAL: - errstr = gettext("Illegal signature_type"); - break; - case BC_E_CLIENT_AUTH_ILLEGAL: - errstr = gettext("Illegal client_authentication"); - break; - case BC_E_SERVER_AUTH_ILLEGAL: - errstr = gettext("Illegal server_authentication"); - break; - case BC_E_ROOT_SERVER_BAD: - errstr = gettext("The root_server URL is malformed"); - break; - case BC_E_ROOT_SERVER_ABSENT: - errstr = gettext("A root_server must be provided"); - break; - case BC_E_ROOT_FILE_ABSENT: - errstr = gettext("The root_server URL is malformed"); - break; - case BC_E_BOOT_LOGGER_BAD: - errstr = gettext("The boot_logger URL is malformed"); - break; - case BC_E_ENCRYPTED_NOT_SIGNED: - errstr = gettext("When encryption_type is specified " - "signature_type must also be specified"); - break; - case BC_E_CLIENT_AUTH_NOT_ENCRYPTED: - errstr = gettext("When client_authentication is \"yes\" " - "encryption_type must also be specified"); - break; - case BC_E_CLIENT_AUTH_NOT_SERVER: - errstr = gettext("When client_authentication is \"yes\" " - "server_authentication must also be \"yes\""); - break; - case BC_E_SERVER_AUTH_NOT_SIGNED: - errstr = gettext("When server_authentication is \"yes\" " - "signature_type must also be specified"); - break; - case BC_E_SERVER_AUTH_NOT_HTTPS: - errstr = gettext("When server_authentication is \"yes\" " - "root_server must specify a secure URL"); - break; - case BC_E_SERVER_AUTH_NOT_HTTP: - errstr = gettext("When server_authentication is \"no\" " - "root_server must not specify a secure URL"); - break; - case BC_E_BOOTLOGGER_AUTH_NOT_HTTP: - errstr = gettext("When server_authentication is \"no\" " - "boot_logger must not specify a secure URL"); - break; - default: - if ((chars = snprintf(errmsg, sizeof (errmsg), - gettext("Unknown error %d"), - handle->bc_error_code)) > 0 && chars < sizeof (errmsg)) { - errstr = errmsg; - } - } - - return (errstr); -} diff --git a/usr/src/common/net/wanboot/bootinfo.c b/usr/src/common/net/wanboot/bootinfo.c deleted file mode 100644 index 67611d8774..0000000000 --- a/usr/src/common/net/wanboot/bootinfo.c +++ /dev/null @@ -1,509 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/types.h> -#include <stdlib.h> -#include <dhcp_impl.h> -#include <sys/time.h> -#include <sys/nvpair.h> -#include <netinet/inetutil.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <strings.h> -#include <net/if.h> -#if defined(_BOOT) -#include <sys/salib.h> -#include <sys/bootcmn.h> -#include <ipv4.h> -#include <dhcpv4.h> -#endif /* defined(_BOOT) */ -#include <bootinfo.h> -#include <bootinfo_aux.h> - -/* - * Declarations and definitions describing parameters which may be known by - * a bootconf name, a property of /chosen, a DHCP option or a 'bootmisc' name. - */ -typedef struct { - const char *opt_name; /* DHCP option name */ - dsym_cdtype_t opt_type; /* DHCP option type (dhcp_symbol.h) */ - uchar_t opt_cat; /* DHCP option category */ - uint16_t opt_code; /* DHCP option code */ - uint16_t opt_size; /* DHCP option size (FIELDs only) */ -} bi_dhcpopt_t; - -/* - * Possible values for the 'bi_flags' field below. - */ -#define BI_F_BYTES 0x01 /* chosen value is bytes, not string */ - -typedef struct { - const char *bi_name; /* parameter name */ - int bi_repository; /* entry's repository(s) */ - int bi_flags; /* BI_F_BYTES or zero */ - bi_dhcpopt_t *bi_dhcp; /* &dhcpopt struct */ -} bi_param_t; - -/* - * DHCP options which have bootinfo equivalents, and the information - * necessary to retrieve their values via dhcp_getinfo(). The 'type' - * is necessary so that all values may be converted to ascii strings. - */ -static bi_dhcpopt_t Yiaddr = { - "Yiaddr", DSYM_IP, DSYM_FIELD, 16, 4 -}; -static bi_dhcpopt_t Subnet = { - "Subnet", DSYM_IP, DSYM_STANDARD, 1, 0 -}; -static bi_dhcpopt_t Router = { - "Router", DSYM_IP, DSYM_STANDARD, 3, 0 -}; -static bi_dhcpopt_t Hostname = { - "Hostname", DSYM_ASCII, DSYM_STANDARD, 12, 0 -}; -static bi_dhcpopt_t ClientID = { - "ClientID", DSYM_OCTET, DSYM_STANDARD, 61, 0 -}; -static bi_dhcpopt_t SHTTPproxy = { - "SHTTPproxy", DSYM_ASCII, DSYM_VENDOR, 17, 0 -}; -#if defined(_BOOT) -static bi_dhcpopt_t BootFile = { - "BootFile", DSYM_ASCII, DSYM_FIELD, 108, 128 -}; -static bi_dhcpopt_t SbootURI = { - "SbootURI", DSYM_ASCII, DSYM_VENDOR, 16, 0 -}; -#else -static bi_dhcpopt_t SsysidCF = { - "SsysidCF", DSYM_ASCII, DSYM_VENDOR, 13, 0 -}; -static bi_dhcpopt_t SjumpsCF = { - "SjumpsCF", DSYM_ASCII, DSYM_VENDOR, 14, 0 -}; -#endif /* defined(_BOOT) */ - -/* - * bootinfo's main data structure. - */ -static bi_param_t bi_params[] = { - /* - * Parameters from /chosen or DHCP: - */ - { BI_HOST_IP, BI_R_CHOSEN|BI_R_DHCPOPT, - 0, &Yiaddr }, - { BI_SUBNET_MASK, BI_R_CHOSEN|BI_R_DHCPOPT, - 0, &Subnet }, - { BI_ROUTER_IP, BI_R_CHOSEN|BI_R_DHCPOPT, - 0, &Router }, - { BI_HOSTNAME, BI_R_CHOSEN|BI_R_DHCPOPT, - 0, &Hostname }, - { BI_CLIENT_ID, BI_R_CHOSEN|BI_R_DHCPOPT, - BI_F_BYTES, &ClientID }, - { BI_HTTP_PROXY, BI_R_CHOSEN|BI_R_DHCPOPT, - 0, &SHTTPproxy }, - -#if defined(_BOOT) - /* - * Parameters from /chosen or DHCP: - */ - { BI_NETWORK_BOOT_FILE, BI_R_CHOSEN|BI_R_DHCPOPT, - 0, &SbootURI }, - - /* - * Parameters from DHCP only: - */ - { BI_BOOTFILE, BI_R_DHCPOPT, - 0, &BootFile }, - - /* - * Parameters from /chosen only: - */ - { BI_BOOTP_RESPONSE, BI_R_CHOSEN, - BI_F_BYTES, NULL }, - { BI_NET_CONFIG_STRATEGY, BI_R_CHOSEN, - 0, NULL }, - - /* - * Parameters from 'bootmisc' only: - */ - { BI_BOOTSERVER, BI_R_BOOTMISC, - 0, NULL }, - { BI_AES_KEY, BI_R_BOOTMISC, - BI_F_BYTES, NULL }, - { BI_3DES_KEY, BI_R_BOOTMISC, - BI_F_BYTES, NULL }, - { BI_SHA1_KEY, BI_R_BOOTMISC, - BI_F_BYTES, NULL }, -#else - /* - * Parameters from DHCP only: - */ - { BI_SYSIDCFG, BI_R_DHCPOPT, - 0, &SsysidCF }, - { BI_JUMPSCFG, BI_R_DHCPOPT, - 0, &SjumpsCF }, - - /* - * Parameters from /chosen or 'bootmisc': - */ - { BI_NET_CONFIG_STRATEGY, BI_R_CHOSEN|BI_R_BOOTMISC, - 0, NULL }, - - /* - * Parameters from 'bootmisc' only: - */ - { BI_ROOTFS_TYPE, BI_R_BOOTMISC, - 0, NULL }, - { BI_INTERFACE_NAME, BI_R_BOOTMISC, - 0, NULL }, -#endif /* defined(_BOOT) */ - - NULL -}; - -/* - * Bootmisc data is handled internally as a nvpair list. - */ -static nvlist_t *bi_nvl = NULL; - - -/* - * Scan our parameter table to see whether 'name' matches any entry. - */ -static bi_param_t * -bi_find_param(const char *name) -{ - bi_param_t *bip; - - for (bip = bi_params; bip->bi_name != NULL; bip++) { - if (strcmp(name, bip->bi_name) == 0 || - ((bip->bi_repository & BI_R_DHCPOPT) && - strcmp(name, bip->bi_dhcp->opt_name) == 0)) { - return (bip); - } - } - return (NULL); -} - -/* - * Functions for retrieving /chosen, DHCP and bootmisc data. - */ -static int -bi_getval_chosen(bi_param_t *bip, void *valbuf, size_t *vallenp) -{ - size_t buflen = *vallenp; - - if (!bi_get_chosen_prop(bip->bi_name, valbuf, vallenp)) { - return (BI_E_NOVAL); - } else if (*vallenp > buflen) { - return (BI_E_BUF2SMALL); - } - - return (BI_E_SUCCESS); -} - -static int -bi_getval_dhcpopt(bi_param_t *bip, void *valbuf, size_t *vallenp) -{ - void *val; - size_t len, buflen = *vallenp; - struct in_addr ipaddr; - - if (bip->bi_dhcp->opt_type == DSYM_IP) { - val = &ipaddr; - len = sizeof (ipaddr); - } else { - val = valbuf; - len = *vallenp; - } - - if (!bi_get_dhcp_info(bip->bi_dhcp->opt_cat, bip->bi_dhcp->opt_code, - bip->bi_dhcp->opt_size, val, &len)) { - return (BI_E_NOVAL); - } - - switch (bip->bi_dhcp->opt_type) { - case DSYM_IP: - if (buflen < INET_ADDRSTRLEN + 1) { - *vallenp = len; - return (BI_E_BUF2SMALL); - } - len = strlen(strcpy(valbuf, inet_ntoa(ipaddr))) + 1; - break; - - case DSYM_ASCII: - if (len >= buflen) - return (BI_E_BUF2SMALL); - - ((uchar_t *)valbuf)[len++] = '\0'; - break; - } - *vallenp = len; - - return (BI_E_SUCCESS); -} - -static int -bi_getval_bootmisc(bi_param_t *bip, void *valbuf, size_t *vallenp) -{ - uchar_t *val; - uint_t len; - - if (nvlist_lookup_byte_array(bi_nvl, (char *)bip->bi_name, - &val, &len) != 0) { - return (BI_E_NOVAL); - } else if (*vallenp < len) { - *vallenp = len; - return (BI_E_BUF2SMALL); - } - *vallenp = len; - (void) memcpy(valbuf, val, *vallenp); - - return (BI_E_SUCCESS); -} - -/* - * This is also called from the userland bootinfo_aux.c to initialize - * its bootmisc data. - */ -boolean_t -bi_put_bootmisc(const char *name, const void *valbuf, size_t vallen) -{ - return (nvlist_add_byte_array(bi_nvl, (char *)name, - (uchar_t *)valbuf, (uint_t)vallen) == 0); -} - -#if defined(_BOOT) -/* - * Functions for storing /chosen and bootmisc data. - */ -static int -bi_putval_chosen(bi_param_t *bip, const void *valbuf, size_t vallen) -{ - return (bi_put_chosen_prop(bip->bi_name, valbuf, vallen, - (bip->bi_flags & BI_F_BYTES)) ? BI_E_SUCCESS : BI_E_ERROR); -} - -static int -bi_putval_bootmisc(bi_param_t *bip, const void *valbuf, size_t vallen) -{ - return (bi_put_bootmisc(bip->bi_name, valbuf, vallen) - ? BI_E_SUCCESS : BI_E_ERROR); -} -#endif /* defined(_BOOT) */ - - -/* - * Deallocate resources, etc. after accessing bootinfo. - */ -void -bootinfo_end(void) -{ - if (bi_nvl != NULL) { - nvlist_free(bi_nvl); - bi_nvl = NULL; - bi_end_bootinfo(); - } -} - -/* - * Perform bootinfo initialization. - */ -boolean_t -bootinfo_init(void) -{ - if (bi_nvl == NULL && - nvlist_alloc(&bi_nvl, NV_UNIQUE_NAME, 0) == 0) { - if (!bi_init_bootinfo()) { - nvlist_free(bi_nvl); - bi_nvl = NULL; - } - } - - return (bi_nvl != NULL); -} - -/* - * bootinfo_get(const char *name, void *valbuf, size_t *vallenp, - * int *repository); - * - * Obtain a value for a named boot parameter from one of a number of possible - * repositories: - * - * - stored properties under /chosen in the device tree; - * - returned DHCP data; - * - miscellaneous boot information, determined from the standalone or - * the kernel (depending on whether we're in the standalone or userland). - * - * These repositories are interrogated in the order listed above; the first - * one to match is value returned. - * - * Returns: - * 0 => successful, value copied to valbuf, length assigned to *vallen. - * >0 => error (BI_E_* codes defined in bootinfo.h) - */ -bi_errcode_t -bootinfo_get(const char *name, void *valbufp, size_t *vallenp, - int *repositoryp) -{ - bi_param_t *bip; - int repositories; - int err; - size_t zerolen = 0; - - /* - * Check whether we were successfully initialized. - */ - if (bi_nvl == NULL) { - return (BI_E_ERROR); - } - - /* - * Determine which repositories might be accessed; a NULL pointer - * means to (possibly) access them all. - */ - if (repositoryp != NULL) { - repositories = *repositoryp; - *repositoryp = 0; - } else { - repositories = BI_R_ALL; - } - - /* - * Check that we know about this name in one or more of the - * requested repositories. - */ - if ((bip = bi_find_param(name)) == NULL) { - return (BI_E_ILLNAME); - } - repositories &= bip->bi_repository; - if (repositories == 0) { - return (BI_E_ILLNAME); - } - - /* - * The caller may simply be enquiring whether a value is present: - * - * bootinfo_get(name, NULL, NULL, repository) == BI_E_BUF2SMALL - * - * indicates that there is a value, but doesn't fetch it. - */ - if (vallenp == NULL) { - vallenp = &zerolen; - } - - /* - * To retrieve a value, try the various repositories in order. - */ - if ((repositories & BI_R_CHOSEN) != 0 && - (err = bi_getval_chosen(bip, valbufp, vallenp)) != BI_E_NOVAL) { - if (repositoryp != NULL) { - *repositoryp = BI_R_CHOSEN; - } - return (err); - } - if ((repositories & BI_R_DHCPOPT) != 0 && - (err = bi_getval_dhcpopt(bip, valbufp, vallenp)) != BI_E_NOVAL) { - if (repositoryp != NULL) { - *repositoryp = BI_R_DHCPOPT; - } - return (err); - } - if ((repositories & BI_R_BOOTMISC) != 0 && - (err = bi_getval_bootmisc(bip, valbufp, vallenp)) != BI_E_NOVAL) { - if (repositoryp != NULL) { - *repositoryp = BI_R_BOOTMISC; - } - return (err); - } - - /* - * No-one has a value for 'name'. - */ - return (BI_E_NOVAL); -} - -#if defined(_BOOT) -/* - * bootinfo_put(const char *name, char *valbuf, int vallen, - * int repository); - * - * Create/update a value in the bootinfo repository (standalone only). - * - * Returns: - * 0 => successful, valbuf[0..vallen-1] bytes stored in repository - * >0 => error (BI_E_* codes defined in bootinfo.h) - */ -int -bootinfo_put(const char *name, const void *valbuf, size_t vallen, - int repository) -{ - bi_param_t *bip; - - /* - * Check whether we were successfully initialized. - */ - if (bi_nvl == NULL) { - return (BI_E_ERROR); - } - - /* - * Determine which repositories might be accessed; a zero value - * means to (possibly) access them all. - */ - if (repository == 0) { - repository = BI_R_ALL; - } - - /* - * Check that we know about this name in the specified repository, - * and that it may be written (note that DHCP options cannot be - * written). - */ - if ((bip = bi_find_param(name)) == NULL || - (repository & bip->bi_repository) == 0) { - return (BI_E_ILLNAME); - } - if ((repository & bip->bi_repository) == BI_R_DHCPOPT) { - return (BI_E_RDONLY); - } - - /* - * To put the value, try the various repositories in order. - */ - if ((bip->bi_repository & BI_R_CHOSEN) != 0) { - return (bi_putval_chosen(bip, valbuf, vallen)); - } - if ((bip->bi_repository & BI_R_BOOTMISC) != 0) { - return (bi_putval_bootmisc(bip, valbuf, vallen)); - } - - return (BI_E_ERROR); -} -#endif /* defined(_BOOT) */ diff --git a/usr/src/common/net/wanboot/bootinfo.h b/usr/src/common/net/wanboot/bootinfo.h deleted file mode 100644 index 017be8a9c5..0000000000 --- a/usr/src/common/net/wanboot/bootinfo.h +++ /dev/null @@ -1,97 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _BOOTINFO_H -#define _BOOTINFO_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/types.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Names known to bootinfo: - */ -#define BI_NET_CONFIG_STRATEGY "net-config-strategy" -#define BI_HOST_IP "host-ip" -#define BI_SUBNET_MASK "subnet-mask" -#define BI_ROUTER_IP "router-ip" -#define BI_HOSTNAME "hostname" -#define BI_HTTP_PROXY "http-proxy" -#define BI_CLIENT_ID "client-id" - -#if defined(_BOOT) -#define BI_NETWORK_BOOT_FILE "network-boot-file" -#define BI_BOOTFILE "bootfile" -#define BI_BOOTP_RESPONSE "bootp-response" -#define BI_BOOTSERVER "bootserver" -#define BI_AES_KEY "aes" -#define BI_3DES_KEY "3des" -#define BI_SHA1_KEY "sha1" -#else -#define BI_SYSIDCFG "sysidcfg" -#define BI_JUMPSCFG "jumpscfg" -#define BI_ROOTFS_TYPE "rootfs-type" -#define BI_INTERFACE_NAME "interface-name" -#endif /* defined(_BOOT) */ - -/* - * Possible bootinfo repositories: - */ -#define BI_R_CHOSEN 0x01 /* /chosen property */ -#define BI_R_DHCPOPT 0x02 /* DHCP option */ -#define BI_R_BOOTMISC 0x04 /* 'misc' value */ - -#define BI_R_ALL (BI_R_CHOSEN|BI_R_DHCPOPT|BI_R_BOOTMISC) - -/* - * bootinfo_get() return values: - */ -typedef enum { - BI_E_SUCCESS, - BI_E_ERROR, - BI_E_ILLNAME, - BI_E_NOVAL, - BI_E_BUF2SMALL, - BI_E_RDONLY -} bi_errcode_t; - -extern boolean_t bootinfo_init(void); -extern void bootinfo_end(void); -extern bi_errcode_t bootinfo_get(const char *, void *, size_t *, int *); - -#if defined(_BOOT) -extern int bootinfo_put(const char *, const void *, size_t, int); -#endif /* defined(_BOOT) */ - -#ifdef __cplusplus -} -#endif - -#endif /* _BOOTINFO_H */ diff --git a/usr/src/common/net/wanboot/bootinfo_aux.h b/usr/src/common/net/wanboot/bootinfo_aux.h deleted file mode 100644 index f39ec7ed1a..0000000000 --- a/usr/src/common/net/wanboot/bootinfo_aux.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _BOOTINFO_AUX_H -#define _BOOTINFO_AUX_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/types.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * The interfaces defined here are used by bootinfo.c. However, their - * implementations in userland and standalone are quite different. - * Therefore, their implementations can be found one of two places: - * - * usr/src/stand/lib/wanboot/bootinfo_aux.c - * usr/src/lib/wanboot/common/bootinfo_aux.c - */ -extern boolean_t bi_init_bootinfo(void); -extern void bi_end_bootinfo(void); -extern boolean_t bi_get_chosen_prop(const char *, void *, size_t *); -extern boolean_t bi_get_dhcp_info(uchar_t, uint16_t, uint16_t, - void *, size_t *); -#if defined(_BOOT) -extern boolean_t bi_put_chosen_prop(const char *, const void *, size_t, - boolean_t); -#else -extern boolean_t bi_put_bootmisc(const char *, const void *, size_t); -#endif /* defined(_BOOT) */ - -#ifdef __cplusplus -} -#endif - -#endif /* _BOOTINFO_AUX_H */ diff --git a/usr/src/common/net/wanboot/bootlog.c b/usr/src/common/net/wanboot/bootlog.c deleted file mode 100644 index 4e73261642..0000000000 --- a/usr/src/common/net/wanboot/bootlog.c +++ /dev/null @@ -1,708 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -/* - * bootlog() - error notification and progress reporting for - * WAN boot components - */ - -#include <sys/varargs.h> -#include <sys/types.h> -#include <sys/strlog.h> -#include <sys/wanboot_impl.h> -#include <errno.h> -#include <time.h> -#include <boot_http.h> -#include <stdio.h> -#include <parseURL.h> -#include <bootlog.h> -#include <strings.h> -#include <stdlib.h> -#include <unistd.h> -#include <netdb.h> -#include <libintl.h> -#include <netboot_paths.h> -#include <wanboot_conf.h> -#include <bootinfo.h> -#ifdef _BOOT -#include <sys/bootdebug.h> -#endif - -static struct code pri_names[] = { - "panic", BOOTLOG_EMERG, - "alert", BOOTLOG_ALERT, - "crit", BOOTLOG_CRIT, - "warn", BOOTLOG_WARNING, - "info", BOOTLOG_INFO, - "debug", BOOTLOG_DEBUG, - "verbose", BOOTLOG_VERBOSE, - "progress", BOOTLOG_PROGRESS, - "none", NOPRI, - NULL, -1 -}; - -typedef enum { - BL_NO_TRANSPORT, - BL_LOCAL_FILE, - BL_CONSOLE, - BL_HTTP, - BL_HTTPS -} bl_transport_t; - -typedef struct list_entry { - char message[BOOTLOG_QS_MAX]; - struct list_entry *flink; -} list; - -#define BOOTLOG_RING_NELEM 512 - -static struct ringbuffer_t { - int w_ptr; - int r_ptr; - list entries[BOOTLOG_RING_NELEM]; -} ringbuffer; - -static FILE *bl_filehandle = NULL; -static http_handle_t bl_httphandle = NULL; -static url_t bl_url; -static bl_transport_t bl_transport = BL_NO_TRANSPORT; - -static bl_transport_t openbootlog(void); -static boolean_t setup_con(http_handle_t, boolean_t, boolean_t); -static char *url_encode(const char *); -static boolean_t sendmessage(bl_transport_t, char *, const char *, - bootlog_severity_t, int); -static int ptr_incr(int ptr); -static int ptr_decr(int ptr); -static void rb_init(struct ringbuffer_t *); -static void rb_write(struct ringbuffer_t *, const char *); -static int rb_read(struct ringbuffer_t *, char *); - -/* - * Return a string representing the current time; not thread-safe. - */ -static const char * -gettime(void) -{ - static char timebuf[sizeof ("Tue Jan 19 03:14:07 2038\n")]; - time_t curtime; - - if (time(&curtime) == 0) - return ("<time unavailable>"); - - (void) strlcpy(timebuf, ctime(&curtime), sizeof (timebuf)); - timebuf[19] = '\0'; /* truncate before "2038" above */ - return (timebuf); -} - -/* - * bootlog_common() - Common routine used by bootlog() and - * bootlog_internal() to write a message comprising a message - * header and a message body to the appropriate transport. - * The message header comprises an ident string and a message - * severity. - */ -static void -bootlog_common(const char *ident, bootlog_severity_t severity, char *message) -{ - bl_transport_t entry_transport; - static int blrecurs; - static int blretry; - - /* - * This function may be called recursively because the HTTP code - * is a bootlog consumer. The blrecurs variable is used to determine - * whether or not the invocation is recursive. - */ - blrecurs++; - entry_transport = bl_transport; - - /* - * If this is the first bootlog call then setup the transport. - * We only do this in a non-recursive invocation as openbootlog() - * results in a recursive call for a HTTP or HTTPS transport. - */ - if (bl_transport == BL_NO_TRANSPORT && blrecurs == 1) { - rb_init(&ringbuffer); - bl_transport = openbootlog(); - } - - /* - * If we're not there already, try to move up a level. - * This is necessary because our consumer may have begun - * logging before it had enough information to initialize - * its HTTP or HTTPS transport. We've arbitrarily decided - * that we'll only check to see if we should move up, on - * every third (blretry) non-recursive invocation. - */ - if (blrecurs == 1 && - !(bl_transport == BL_HTTPS || bl_transport == BL_HTTP)) { - if (blretry > 3) { - bl_transport = openbootlog(); - blretry = 0; - } else - blretry++; - } - - if (entry_transport != bl_transport) { - switch (bl_transport) { - - case BL_CONSOLE: - (void) printf( - "%s wanboot info: WAN boot messages->console\n", - gettime()); - break; - - case BL_HTTP: - case BL_HTTPS: - (void) printf( - "%s wanboot info: WAN boot messages->%s:%u\n", - gettime(), bl_url.hport.hostname, - bl_url.hport.port); - break; - - default: - break; - } - } - - /* - * Failed attempts and recursively generated log messages are - * sent to the fallback transport. - */ - if (blrecurs > 1 || !sendmessage(bl_transport, message, ident, - severity, 0)) { - /* - * Fallback to a log file if one exists, or the console - * as a last resort. Note that bl_filehandle will always - * be NULL in standalone. - */ - (void) sendmessage(bl_filehandle != NULL ? BL_LOCAL_FILE : - BL_CONSOLE, message, ident, severity, 1); - } - blrecurs--; -} - -/* - * bootlog() - the exposed interface for logging boot messages. - */ -/* PRINTFLIKE3 */ -void -bootlog(const char *ident, bootlog_severity_t severity, char *fmt, ...) -{ - char message[BOOTLOG_MSG_MAX_LEN]; - va_list adx; - - va_start(adx, fmt); - (void) vsnprintf(message, BOOTLOG_MSG_MAX_LEN, fmt, adx); - va_end(adx); - - bootlog_common(ident, severity, message); -} - -/* - * libbootlog() - an internal interface for logging boot - * messages. - */ -/* PRINTFLIKE2 */ -void -libbootlog(bootlog_severity_t severity, char *fmt, ...) -{ - char message[BOOTLOG_MSG_MAX_LEN]; - va_list adx; - - va_start(adx, fmt); - (void) vsnprintf(message, BOOTLOG_MSG_MAX_LEN, - dgettext(TEXT_DOMAIN, fmt), adx); - va_end(adx); - - bootlog_common("libwanboot", severity, message); -} - -static boolean_t -send_http(void) -{ - http_respinfo_t *resp = NULL; - char buffer[BOOTLOG_MAX_URL + (BOOTLOG_QS_MAX * 3)]; - char ringmessage[BOOTLOG_QS_MAX]; - char *lenstr; - size_t length; - int retries; - - while ((rb_read(&ringbuffer, ringmessage) != -1)) { - (void) snprintf(buffer, sizeof (buffer), "%s?%s", - bl_url.abspath, url_encode(ringmessage)); - - for (retries = 0; retries < BOOTLOG_CONN_RETRIES; retries++) { - if (retries > 0) { - (void) http_srv_disconnect(bl_httphandle); - if (http_srv_connect(bl_httphandle) != 0) - continue; - } - - if (http_get_request(bl_httphandle, buffer) != 0 || - http_process_headers(bl_httphandle, &resp) != 0) - continue; - - if (resp->code != 200) { - http_free_respinfo(resp); - continue; - } - - http_free_respinfo(resp); - lenstr = http_get_header_value(bl_httphandle, - "Content-Length"); - length = strtol(lenstr, NULL, 10); - if (http_read_body(bl_httphandle, buffer, length) > 0) - break; - } - - /* - * The attempt to log the message failed. Back the - * read pointer up so that we'll try to log it again - * later. - */ - if (retries == BOOTLOG_CONN_RETRIES) { - ringbuffer.r_ptr = ptr_decr(ringbuffer.r_ptr); - return (B_FALSE); - } - } - - return (B_TRUE); -} - -static boolean_t -sendmessage(bl_transport_t transport, char *message, const char *ident, - bootlog_severity_t severity, int failure) -{ - static char *progtype = NULL; - char ringmessage[BOOTLOG_QS_MAX]; - char hostname[MAXHOSTNAMELEN]; - uint32_t msgid; - boolean_t ret; - int i; - - /* - * In standalone, only log VERBOSE and DEBUG messages if the - * corresponding flag (-V or -d) has been passed to boot. - * - * Note that some bootlog() consumers impose additional constraints on - * printing these messages -- for instance, http_set_verbose() must be - * used before the HTTP code will call bootlog() with BOOTLOG_VERBOSE - * messages. - */ -#ifdef _BOOT - if (severity == BOOTLOG_DEBUG && !(boothowto & RB_DEBUG)) - return (B_TRUE); - if (severity == BOOTLOG_VERBOSE && !verbosemode) - return (B_TRUE); -#endif - - for (i = 0; pri_names[i].c_val != NOPRI; i++) { - if (severity == pri_names[i].c_val) - break; - } - - /* - * VERBOSE and DEBUG messages always go to the console - */ - if (transport != BL_CONSOLE && - (severity == BOOTLOG_DEBUG || severity == BOOTLOG_VERBOSE)) { - (void) printf("%s %s %s: %s\n", gettime(), ident, - pri_names[i].c_name, message); - } - - STRLOG_MAKE_MSGID(message, msgid); - (void) gethostname(hostname, sizeof (hostname)); - - /* - * Note that in this case, "<time>" is a placeholder that will be used - * to fill in the actual time on the remote end. - */ - (void) snprintf(ringmessage, sizeof (ringmessage), - "<time> %s %s: [ID %u user.%s] %s", hostname, ident, msgid, - pri_names[i].c_name, message); - - /* - * Prevent duplicate messages from being inserted into - * the ring buffer. - */ - if (failure == 0) { - rb_write(&ringbuffer, ringmessage); - } - - switch (transport) { - case BL_CONSOLE: - /* - * PROGRESS messages update in-place on the console, as long - * as they are of the same 'progress type' (see below) -- - * if not, reset the progress information. - */ - if (progtype != NULL && (severity != BOOTLOG_PROGRESS || - strncmp(progtype, message, strlen(progtype)) != 0)) { - (void) printf("\n"); - free(progtype); - progtype = NULL; - } - - (void) printf("%s %s %s: %s\r", gettime(), ident, - pri_names[i].c_name, message); - - if (severity != BOOTLOG_PROGRESS) { - (void) printf("\n"); - } else if (progtype == NULL) { - /* - * New progress message; save its "type" (the part - * of the message up to and including the first - * colon). This should be made less clumsy in the - * future. - */ - progtype = strdup(message); - if (progtype != NULL) { - for (i = 0; progtype[i] != '\0'; i++) { - if (progtype[i] == ':') { - progtype[++i] = '\0'; - break; - } - } - } - } - ret = B_TRUE; - break; - - case BL_LOCAL_FILE: - if (bl_filehandle == NULL) - return (B_FALSE); - - (void) fprintf(bl_filehandle, "%s %s %s: [ID %u user.%s] %s\n", - gettime(), hostname, ident, msgid, pri_names[i].c_name, - message); - ret = B_TRUE; - break; - - case BL_HTTP: - case BL_HTTPS: - if (bl_httphandle == NULL) - return (B_FALSE); - ret = send_http(); - break; - - case BL_NO_TRANSPORT: - default: - ret = B_FALSE; - } - - return (ret); -} - -static bl_transport_t -openbootlog(void) -{ - static boolean_t got_boot_logger = B_FALSE; - static boolean_t bl_url_valid = B_FALSE; - static boolean_t clientauth = B_FALSE; - static bc_handle_t bootconf_handle; - bl_transport_t transport; - - /* - * We try to use a logfile in userland since our consumer (install) - * needs complete control over the terminal. - */ -#ifndef _BOOT - if (bl_filehandle == NULL) - bl_filehandle = fopen("/var/log/bootlog", "a"); -#endif - transport = (bl_filehandle != NULL) ? BL_LOCAL_FILE : BL_CONSOLE; - - /* - * If we haven't already been able to access wanboot.conf for a - * boot_logger URL, see if we can now. - */ - if (!got_boot_logger && - bootconf_init(&bootconf_handle, NULL) == BC_SUCCESS) { - char *urlstr; - char *cas; - - /* - * If there is a boot_logger, ensure that it's is a legal URL. - */ - if ((urlstr = bootconf_get(&bootconf_handle, - BC_BOOT_LOGGER)) != NULL && - url_parse(urlstr, &bl_url) == URL_PARSE_SUCCESS) { - bl_url_valid = B_TRUE; - } - - /* - * If the boot_logger URL uses an HTTPS scheme, see if - * client authentication is specified. - */ - if (bl_url.https) { - cas = bootconf_get(&bootconf_handle, - BC_CLIENT_AUTHENTICATION); - if (cas != NULL) { - clientauth = (strcmp(cas, BC_YES) == 0); - } - } - - bootconf_end(&bootconf_handle); - - /* - * Having now accessed wanboot.conf, remember not to come - * this way again; the value of boot_logger cannot change. - */ - got_boot_logger = B_TRUE; - } - - /* - * If there is no legal boot_logger URL available, then we're done. - */ - if (!bl_url_valid) { - return (transport); - } - - /* - * If we don't already have a bl_httphandle, try to get one. - * If we fail, then we're done. - */ - if (bl_httphandle == NULL) { - bl_httphandle = http_srv_init(&bl_url); - if (bl_httphandle == NULL) { - return (transport); - } - } - - /* - * If we succeed in setting up the connection, - * then we use the connection as our transport. - * Otherwise, we use the transport we've already - * determined above. - */ - if (setup_con(bl_httphandle, bl_url.https, clientauth)) { - transport = bl_url.https ? BL_HTTPS : BL_HTTP; - } - - return (transport); -} - -static boolean_t -setup_con(http_handle_t handle, boolean_t https, boolean_t client_auth) -{ - static boolean_t got_proxy = B_FALSE; - static boolean_t proxy_valid = B_FALSE; - static url_hport_t proxy; - int i; - - /* - * If an HTTPS scheme is specified, then check that time - * has been initialized. - * If time() returns a non-zero value, then we know - * that the boot file system has been mounted and that - * we have a trusted time. - */ - if (https && time(0) == 0) - return (B_FALSE); - - if (!got_proxy && bootinfo_init()) { - char hpstr[URL_MAX_STRLEN]; - size_t vallen = sizeof (hpstr); - - /* - * If there is a http-proxy, ensure that it's a legal host:port. - */ - if (bootinfo_get(BI_HTTP_PROXY, hpstr, &vallen, NULL) == - BI_E_SUCCESS && vallen > 0) { - hpstr[vallen] = '\0'; - if (url_parse_hostport(hpstr, &proxy, - URL_DFLT_PROXY_PORT) == URL_PARSE_SUCCESS) { - proxy_valid = B_TRUE; - } - } - - got_proxy = B_TRUE; - } - if (proxy_valid && http_set_proxy(handle, &proxy) != 0) - return (B_FALSE); - - (void) http_set_keepalive(handle, 1); - (void) http_set_socket_read_timeout(handle, BOOTLOG_HTTP_TIMEOUT); - - /* - * If an HTTPS scheme is specified, then setup the necessary - * SSL context for the connection - */ - if (https) { - if (http_set_random_file(handle, "/dev/urandom") == -1) - return (B_FALSE); - - if (http_set_certificate_authority_file(NB_CA_CERT_PATH) < 0) - return (B_FALSE); - - /* - * The client certificate and key will not exist unless - * client authentication has been configured. If it is - * configured then the webserver will have added these - * files to the wanboot file system and the HTTP library - * needs to be made aware of their existence. - */ - if (client_auth) { - if (http_set_client_certificate_file(handle, - NB_CLIENT_CERT_PATH) < 0) { - return (B_FALSE); - } - - if (http_set_private_key_file(handle, - NB_CLIENT_KEY_PATH) < 0) { - return (B_FALSE); - } - } - - if (http_set_password(handle, WANBOOT_PASSPHRASE) < 0) - return (B_FALSE); - } - - for (i = 0; i < BOOTLOG_CONN_RETRIES; i++) { - if (http_srv_connect(handle) == 0) - return (B_TRUE); - - (void) http_srv_disconnect(handle); - } - - return (B_FALSE); -} - -static char * -url_encode(const char *ibufp) -{ - int i; - char c; - unsigned char nibble; - static char obuff[BOOTLOG_QS_MAX * 3]; - char *obufp = obuff; - - /* - * Encode special characters as outlined in RFC2396. - * - * Special characters are encoded as a triplets beginning - * with '%' followed by the two hexidecimal digits representing - * the octet code. The space character is special. It can be encoded - * simply as a '+'. - */ - while ((c = *ibufp++) != '\0') { - /* - * Is the character one of the special characters - * that require encoding? If so append '%' to the output - * buffer follow that by the hexascii value. - */ - if (strchr("/?{}|^~[]`<>#%=\"\t", c) != NULL) { - *obufp++ = '%'; - /* - * Compute the character's hex value and - * convert it to ASCII. That is two nibbles - * per character. - */ - for (i = 1; i >= 0; i--) { - nibble = ((uchar_t)c >> (4 * i)) & 0x0f; - /* - * If the hex digit is 0xa - 0xf, then - * compute its ASCII value by adding 0x37 - * else 0x0 - 0x9 just add 0x30. - */ - if (nibble > 0x9) - nibble += 0x37; - else - nibble += 0x30; - *obufp++ = nibble; - } - /* - * The space character gets a special mapping. - */ - } else if (c == ' ') { - *obufp++ = '+'; - - /* - * Append the rest (sans any CR character) - */ - } else if (c != '\n') { - *obufp++ = c; - } - } - *obufp = '\0'; - return (obuff); -} - -static void -rb_init(struct ringbuffer_t *buffer) -{ - int i; - - buffer->w_ptr = 0; - buffer->r_ptr = 0; - - for (i = 0; i < BOOTLOG_RING_NELEM; i++) - buffer->entries[i].message[0] = '\0'; -} - -static int -ptr_incr(int ptr) -{ - if (++ptr < BOOTLOG_RING_NELEM) - return (ptr); - else - return (0); -} - -static int -ptr_decr(int ptr) -{ - if (ptr == 0) - return (BOOTLOG_RING_NELEM - 1); - else - return (--ptr); -} - -static void -rb_write(struct ringbuffer_t *buffer, const char *buff) -{ - (void) strlcpy(buffer->entries[buffer->w_ptr].message, buff, - BOOTLOG_QS_MAX); - buffer->w_ptr = ptr_incr(buffer->w_ptr); - if (buffer->r_ptr == buffer->w_ptr) - buffer->r_ptr = ptr_incr(buffer->r_ptr); -} - -static int -rb_read(struct ringbuffer_t *buffer, char *buff) -{ - if (buffer->r_ptr != buffer->w_ptr) { - (void) strlcpy(buff, buffer->entries[buffer->r_ptr].message, - BOOTLOG_QS_MAX); - buffer->r_ptr = ptr_incr(buffer->r_ptr); - return (0); - } - return (-1); -} diff --git a/usr/src/common/net/wanboot/bootlog.h b/usr/src/common/net/wanboot/bootlog.h deleted file mode 100644 index e90b9df7e7..0000000000 --- a/usr/src/common/net/wanboot/bootlog.h +++ /dev/null @@ -1,83 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _BOOTLOG_H -#define _BOOTLOG_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -/* - * bootlog - error notification and progress reporting interface - * for WAN boot components - * XXX some of this stuff should be split out into a bootlog_impl.h file. - */ - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * code translation struct for use in processing config file - */ -struct code { - char *c_name; - int c_val; -}; - -#define BOOTLOG_CONN_RETRIES 3 /* max http connect retries */ -#define BOOTLOG_HTTP_TIMEOUT 10 /* http read timeout */ - -#define BOOTLOG_MAX_URL 1024 /* max bootlog URL len */ -#define BOOTLOG_QS_MAX 1024 /* max unencoded len of query string */ - -#define BOOTLOG_MSG_MAX_LEN 80 /* maximum message body length */ - -/* - * severity codes - */ -typedef enum { - BOOTLOG_EMERG = 1, /* panic condition */ - BOOTLOG_ALERT, /* condition that should be corrected now */ - BOOTLOG_CRIT, /* critical condition - e.g. network errors */ - BOOTLOG_WARNING, /* warning messages */ - BOOTLOG_INFO, /* informational messages */ - BOOTLOG_PROGRESS, /* progress reports */ - BOOTLOG_DEBUG, /* debug messages */ - BOOTLOG_VERBOSE, /* verbose mode messages */ - NOPRI /* 'no-priority' priority */ -} bootlog_severity_t; - - -/* PRINTFLIKE3 */ -extern void bootlog(const char *, bootlog_severity_t, char *, ...); -/* PRINTFLIKE2 */ -extern void libbootlog(bootlog_severity_t, char *, ...); - -#ifdef __cplusplus -} -#endif - -#endif /* _BOOTLOG_H */ diff --git a/usr/src/common/net/wanboot/crypt/aes.c b/usr/src/common/net/wanboot/crypt/aes.c deleted file mode 100644 index 2242e93582..0000000000 --- a/usr/src/common/net/wanboot/crypt/aes.c +++ /dev/null @@ -1,1400 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -/* - * AES implementation taken from public domain. The S-boxes - * used by this implmentation are defined by NIST. - * - * For more information on AES refer to - * http://csrc.nist.gov/CryptoToolkit/aes - */ - -#include <stdlib.h> -#include <sys/sysmacros.h> - -#include "aes.h" - -/* Yay for Big-Endian Algorithms! */ -#ifdef _LITTLE_ENDIAN -#define BSWAP_L(l) (((l & 0xff) << 24) | ((l & 0xff00) <<8) \ - | ((l & 0xff0000) >> 8) | ((l & 0xff000000) >>24)) -#else -#define BSWAP_L(l) (l) -#endif - -#define GETU32(p) BSWAP_L(*(uint32_t *)(p)) -#define PUTU32(ct, st) *((uint32_t *)(ct)) = BSWAP_L(st) - - -/* - * Te0[x] = S [x].[02, 01, 01, 03]; - * Te1[x] = S [x].[03, 02, 01, 01]; - * Te2[x] = S [x].[01, 03, 02, 01]; - * Te3[x] = S [x].[01, 01, 03, 02]; - * Te4[x] = S [x].[01, 01, 01, 01]; - * - * Td0[x] = Si[x].[0e, 09, 0d, 0b]; - * Td1[x] = Si[x].[0b, 0e, 09, 0d]; - * Td2[x] = Si[x].[0d, 0b, 0e, 09]; - * Td3[x] = Si[x].[09, 0d, 0b, 0e]; - * Td4[x] = Si[x].[01, 01, 01, 01]; - */ - - -/* S-boxes */ -static const uint32_t Te0[256] = { - 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, - 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, - 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, - 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, - 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, - 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, - 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, - 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, - 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, - 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, - 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, - 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, - 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, - 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, - 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, - 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, - 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, - 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, - 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, - 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, - 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, - 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, - 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, - 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, - 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, - 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, - 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, - 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, - 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, - 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, - 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, - 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, - 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, - 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, - 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, - 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, - 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, - 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, - 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, - 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, - 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, - 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, - 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, - 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, - 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, - 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, - 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, - 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, - 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, - 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, - 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, - 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, - 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, - 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, - 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, - 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, - 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, - 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, - 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, - 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, - 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, - 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, - 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, - 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, -}; -static const uint32_t Te1[256] = { - 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, - 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, - 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, - 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, - 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, - 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, - 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, - 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, - 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, - 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, - 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, - 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, - 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, - 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, - 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, - 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, - 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, - 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, - 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, - 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, - 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, - 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, - 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, - 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, - 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, - 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, - 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, - 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, - 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, - 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, - 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, - 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, - 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, - 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, - 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, - 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, - 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, - 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, - 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, - 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, - 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, - 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, - 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, - 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, - 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, - 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, - 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, - 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, - 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, - 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, - 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, - 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, - 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, - 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, - 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, - 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, - 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, - 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, - 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, - 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, - 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, - 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, - 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, - 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, -}; -static const uint32_t Te2[256] = { - 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, - 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, - 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, - 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, - 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, - 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, - 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, - 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, - 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, - 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, - 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, - 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, - 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, - 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, - 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, - 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, - 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, - 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, - 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, - 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, - 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, - 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, - 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, - 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, - 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, - 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, - 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, - 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, - 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, - 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, - 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, - 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, - 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, - 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, - 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, - 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, - 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, - 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, - 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, - 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, - 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, - 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, - 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, - 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, - 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, - 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, - 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, - 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, - 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, - 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, - 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, - 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, - 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, - 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, - 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, - 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, - 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, - 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, - 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, - 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, - 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, - 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, - 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, - 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, -}; -static const uint32_t Te3[256] = { - 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, - 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, - 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, - 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, - 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, - 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, - 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, - 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, - 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, - 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, - 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, - 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, - 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, - 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, - 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, - 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, - 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, - 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, - 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, - 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, - 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, - 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, - 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, - 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, - 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, - 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, - 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, - 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, - 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, - 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, - 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, - 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, - 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, - 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, - 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, - 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, - 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, - 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, - 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, - 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, - 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, - 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, - 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, - 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, - 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, - 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, - 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, - 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, - 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, - 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, - 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, - 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, - 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, - 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, - 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, - 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, - 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, - 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, - 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, - 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, - 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, - 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, - 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, - 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, -}; -static const uint32_t Te4[256] = { - 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU, - 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U, - 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU, - 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U, - 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU, - 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U, - 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU, - 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U, - 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U, - 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU, - 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U, - 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U, - 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U, - 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU, - 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U, - 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U, - 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU, - 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U, - 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U, - 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U, - 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU, - 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU, - 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U, - 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU, - 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU, - 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U, - 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU, - 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U, - 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU, - 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U, - 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U, - 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U, - 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU, - 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U, - 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU, - 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U, - 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU, - 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U, - 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U, - 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU, - 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU, - 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU, - 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U, - 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U, - 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU, - 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U, - 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU, - 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U, - 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU, - 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U, - 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU, - 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU, - 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U, - 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU, - 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U, - 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU, - 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U, - 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U, - 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U, - 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU, - 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU, - 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U, - 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, - 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U, -}; -static const uint32_t Td0[256] = { - 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, - 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, - 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, - 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, - 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, - 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, - 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, - 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, - 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, - 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, - 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, - 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, - 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, - 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, - 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, - 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, - 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, - 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, - 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, - 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, - 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, - 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, - 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, - 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, - 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, - 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, - 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, - 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, - 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, - 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, - 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, - 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, - 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, - 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, - 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, - 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, - 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, - 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, - 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, - 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, - 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, - 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, - 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, - 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, - 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, - 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, - 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, - 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, - 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, - 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, - 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, - 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, - 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, - 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, - 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, - 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, - 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, - 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, - 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, - 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, - 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, - 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, - 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, - 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, -}; -static const uint32_t Td1[256] = { - 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, - 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, - 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, - 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, - 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, - 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, - 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, - 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, - 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, - 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, - 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, - 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, - 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, - 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, - 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, - 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, - 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, - 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, - 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, - 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, - 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, - 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, - 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, - 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, - 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, - 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, - 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, - 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, - 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, - 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, - 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, - 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, - 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, - 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, - 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, - 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, - 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, - 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, - 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, - 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, - 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, - 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, - 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, - 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, - 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, - 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, - 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, - 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, - 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, - 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, - 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, - 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, - 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, - 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, - 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, - 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, - 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, - 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, - 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, - 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, - 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, - 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, - 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, - 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U, -}; -static const uint32_t Td2[256] = { - 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, - 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, - 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, - 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, - 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, - 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, - 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, - 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, - 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, - 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, - 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, - 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, - 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, - 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, - 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, - 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, - 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, - 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, - 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, - 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, - 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, - 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, - 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, - 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, - 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, - 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, - 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, - 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, - 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, - 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, - 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, - 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, - 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, - 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, - 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, - 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, - 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, - 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, - 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, - 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, - 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, - 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, - 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, - 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, - 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, - 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, - 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, - 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, - 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, - 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, - 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, - 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, - 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, - 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, - 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, - 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, - 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, - 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, - 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, - 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, - 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, - 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, - 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, - 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U, -}; -static const uint32_t Td3[256] = { - 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, - 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, - 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, - 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, - 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, - 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, - 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, - 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, - 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, - 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, - 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, - 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, - 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, - 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, - 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, - 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, - 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, - 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, - 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, - 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, - 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, - 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, - 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, - 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, - 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, - 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, - 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, - 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, - 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, - 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, - 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, - 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, - 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, - 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, - 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, - 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, - 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, - 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, - 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, - 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, - 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, - 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, - 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, - 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, - 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, - 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, - 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, - 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, - 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, - 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, - 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, - 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, - 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, - 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, - 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, - 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, - 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, - 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, - 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, - 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, - 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, - 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, - 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, - 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, -}; -static const uint32_t Td4[256] = { - 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, - 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, - 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU, - 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU, - 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U, - 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U, - 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U, - 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU, - 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U, - 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU, - 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU, - 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU, - 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U, - 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U, - 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U, - 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U, - 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U, - 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U, - 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU, - 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U, - 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U, - 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU, - 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U, - 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U, - 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U, - 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU, - 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U, - 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U, - 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU, - 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U, - 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U, - 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU, - 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U, - 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU, - 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU, - 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U, - 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U, - 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U, - 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U, - 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU, - 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U, - 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U, - 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU, - 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU, - 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU, - 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U, - 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU, - 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U, - 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U, - 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U, - 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U, - 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU, - 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U, - 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU, - 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU, - 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU, - 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU, - 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U, - 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU, - 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U, - 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU, - 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U, - 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U, - 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU, -}; -static const uint32_t rcon[] = { - 0x01000000, 0x02000000, 0x04000000, 0x08000000, - 0x10000000, 0x20000000, 0x40000000, 0x80000000, - 0x1B000000, 0x36000000, - /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ -}; -typedef struct keysched_s { - uint32_t Nr; - uint32_t rk_e[60]; /* max round key size */ - uint32_t rk_d[60]; /* max round key size */ -} keysched_t; - -int -aes_init(void **cookie) -{ - if ((*cookie = malloc(sizeof (keysched_t))) == NULL) { - return (-1); - } - return (0); -} - -void -aes_fini(void *cookie) -{ - free(cookie); -} - -void -aes_encrypt(void *cookie, uint8_t *block) -{ - keysched_t *ksch = (keysched_t *)cookie; - uint32_t s0, s1, s2, s3, t0, t1, t2, t3; - uint32_t *rk = ksch->rk_e; - uint32_t Nr = ksch->Nr; - -#if _ALIGNMENT_REQUIRED - - if (IS_P2ALIGNED(block, sizeof (uint32_t))) { -#endif /* _ALIGNMENT_REQUIRED */ - /* - * map byte array block to cipher state - * and add initial round key: - */ - /*LINTED*/ - s0 = GETU32(block) ^ rk[0]; - /*LINTED*/ - s1 = GETU32(block + 4) ^ rk[1]; - /*LINTED*/ - s2 = GETU32(block + 8) ^ rk[2]; - /*LINTED*/ - s3 = GETU32(block + 12) ^ rk[3]; - -#if _ALIGNMENT_REQUIRED - } else { - s0 = (((uint32_t)block[0] << 24) | ((uint32_t)block[1] << 16) | - ((uint32_t)block[2] << 8) | (uint32_t)block[3]) ^ rk[0]; - - s1 = (((uint32_t)block[4] << 24) | ((uint32_t)block[5] << 16) | - ((uint32_t)block[6] << 8) | (uint32_t)block[7]) ^ rk[1]; - - s2 = (((uint32_t)block[8] << 24) | ((uint32_t)block[9] << 16) | - ((uint32_t)block[10] << 8) | (uint32_t)block[11]) ^ rk[2]; - - s3 = (((uint32_t)block[12] << 24) | - ((uint32_t)block[13] << 16) | ((uint32_t)block[14] << 8) | - (uint32_t)block[15]) ^ rk[3]; - } -#endif /* _ALIGNMENT_REQUIRED */ - - /* - * Danger Will Robinson, DANGER - * DATA DEPENDANT TRANSFORMS - * - * because s0-s3 t0-t3 are changing every round, tsr* and - * ssr* are changing in value. - */ - -#define tsr0 (Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] \ - ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff]) -#define tsr1 (Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] \ - ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff]) -#define tsr2 (Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] \ - ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff]) -#define tsr3 (Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] \ - ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff]) -#define ssr0 (Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] \ - ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff]) -#define ssr1 (Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] \ - ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff]) -#define ssr2 (Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] \ - ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff]) -#define ssr3 (Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] \ - ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff]) - - /* round 1: */ - t0 = tsr0 ^ rk[4]; - t1 = tsr1 ^ rk[5]; - t2 = tsr2 ^ rk[6]; - t3 = tsr3 ^ rk[7]; - /* round 2: */ - s0 = ssr0 ^ rk[8]; - s1 = ssr1 ^ rk[9]; - s2 = ssr2 ^ rk[10]; - s3 = ssr3 ^ rk[11]; - /* round 3: */ - t0 = tsr0 ^ rk[12]; - t1 = tsr1 ^ rk[13]; - t2 = tsr2 ^ rk[14]; - t3 = tsr3 ^ rk[15]; - /* round 4: */ - s0 = ssr0 ^ rk[16]; - s1 = ssr1 ^ rk[17]; - s2 = ssr2 ^ rk[18]; - s3 = ssr3 ^ rk[19]; - /* round 5: */ - t0 = tsr0 ^ rk[20]; - t1 = tsr1 ^ rk[21]; - t2 = tsr2 ^ rk[22]; - t3 = tsr3 ^ rk[23]; - /* round 6: */ - s0 = ssr0 ^ rk[24]; - s1 = ssr1 ^ rk[25]; - s2 = ssr2 ^ rk[26]; - s3 = ssr3 ^ rk[27]; - /* round 7: */ - t0 = tsr0 ^ rk[28]; - t1 = tsr1 ^ rk[29]; - t2 = tsr2 ^ rk[30]; - t3 = tsr3 ^ rk[31]; - /* round 8: */ - s0 = ssr0 ^ rk[32]; - s1 = ssr1 ^ rk[33]; - s2 = ssr2 ^ rk[34]; - s3 = ssr3 ^ rk[35]; - /* round 9: */ - t0 = tsr0 ^ rk[36]; - t1 = tsr1 ^ rk[37]; - t2 = tsr2 ^ rk[38]; - t3 = tsr3 ^ rk[39]; - if (Nr > 10) { - /* round 10: */ - s0 = ssr0 ^ rk[40]; - s1 = ssr1 ^ rk[41]; - s2 = ssr2 ^ rk[42]; - s3 = ssr3 ^ rk[43]; - /* round 11: */ - t0 = tsr0 ^ rk[44]; - t1 = tsr1 ^ rk[45]; - t2 = tsr2 ^ rk[46]; - t3 = tsr3 ^ rk[47]; - if (Nr > 12) { - /* round 12: */ - s0 = ssr0 ^ rk[48]; - s1 = ssr1 ^ rk[49]; - s2 = ssr2 ^ rk[50]; - s3 = ssr3 ^ rk[51]; - /* round 13: */ - t0 = tsr0 ^ rk[52]; - t1 = tsr1 ^ rk[53]; - t2 = tsr2 ^ rk[54]; - t3 = tsr3 ^ rk[55]; - } - } - rk += Nr << 2; - - /* - * apply last round and - * map cipher state to byte array block: - */ - s0 = (Te4[(t0 >> 24)] & 0xff000000) ^ - (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t3) & 0xff] & 0x000000ff) ^ - rk[0]; - - s1 = (Te4[(t1 >> 24)] & 0xff000000) ^ - (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t0) & 0xff] & 0x000000ff) ^ - rk[1]; - - s2 = (Te4[(t2 >> 24)] & 0xff000000) ^ - (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t1) & 0xff] & 0x000000ff) ^ - rk[2]; - - s3 = (Te4[(t3 >> 24)] & 0xff000000) ^ - (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t2) & 0xff] & 0x000000ff) ^ - rk[3]; - -#if _ALIGNMENT_REQUIRED - if (IS_P2ALIGNED(block, sizeof (uint32_t))) { -#endif /* _ALIGNMENT_REQUIRED */ - /*LINTED*/ - PUTU32(block, s0); - /*LINTED*/ - PUTU32(block + 4, s1); - /*LINTED*/ - PUTU32(block + 8, s2); - /*LINTED*/ - PUTU32(block + 12, s3); -#if _ALIGNMENT_REQUIRED - } else { - block[0] = s0 >> 24; - block[1] = s0 >> 16; - block[2] = s0 >> 8; - block[3] = s0; - block[4] = s1 >> 24; - block[5] = s1 >> 16; - block[6] = s1 >> 8; - block[7] = s1; - block[8] = s2 >> 24; - block[9] = s2 >> 16; - block[10] = s2 >> 8; - block[11] = s2; - block[12] = s3 >> 24; - block[13] = s3 >> 16; - block[14] = s3 >> 8; - block[15] = s3; - } -#endif /* _ALIGNMENT_REQUIRED */ -} - - -/* - * Decrypt a block of data. - */ -void -aes_decrypt(void *cookie, uint8_t *block) -{ - keysched_t *ksch = (keysched_t *)cookie; - uint32_t s0, s1, s2, s3, t0, t1, t2, t3; - uint32_t *rk = ksch->rk_d; - uint32_t Nr = ksch->Nr; - -#if _ALIGNMENT_REQUIRED - if (IS_P2ALIGNED(block, sizeof (uint32_t))) { -#endif /* _ALIGNMENT_REQUIRED */ - /* - * map byte array block to cipher state - * and add initial round key: - */ - /*LINTED*/ - s0 = GETU32(block) ^ rk[0]; - /*LINTED*/ - s1 = GETU32(block + 4) ^ rk[1]; - /*LINTED*/ - s2 = GETU32(block + 8) ^ rk[2]; - /*LINTED*/ - s3 = GETU32(block + 12) ^ rk[3]; -#if _ALIGNMENT_REQUIRED - } else { - s0 = (((uint32_t)block[0] << 24) | ((uint32_t)block[1] << 16) | - ((uint32_t)block[2] << 8) | (uint32_t)block[3]) ^ rk[0]; - - s1 = (((uint32_t)block[4] << 24) | ((uint32_t)block[5] << 16) | - ((uint32_t)block[6] << 8) | (uint32_t)block[7]) ^ rk[1]; - - s2 = (((uint32_t)block[8] << 24) | ((uint32_t)block[9] << 16) | - ((uint32_t)block[10] << 8) | (uint32_t)block[11]) ^ rk[2]; - - s3 = (((uint32_t)block[12] << 24) | - ((uint32_t)block[13] << 16) | ((uint32_t)block[14] << 8) | - (uint32_t)block[15]) ^ rk[3]; - } -#endif /* _ALIGNMENT_REQUIRED */ - - /* - * Danger Will Robinson, DANGER - * DATA DEPENDANT TRANSFORMS - * - * because s0-s3 t0-t3 are changing every round, tdsr* and - * sdsr* are changing in value. - */ - -#define tdsr0 Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] \ - ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] -#define tdsr1 Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] \ - ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] -#define tdsr2 Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] \ - ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] -#define tdsr3 Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] \ - ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] -#define sdsr0 Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] \ - ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] -#define sdsr1 Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] \ - ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] -#define sdsr2 Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] \ - ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] -#define sdsr3 Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] \ - ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] - - /* round 1: */ - t0 = tdsr0 ^ rk[4]; - t1 = tdsr1 ^ rk[5]; - t2 = tdsr2 ^ rk[6]; - t3 = tdsr3 ^ rk[7]; - /* round 2: */ - s0 = sdsr0 ^ rk[8]; - s1 = sdsr1 ^ rk[9]; - s2 = sdsr2 ^ rk[10]; - s3 = sdsr3 ^ rk[11]; - /* round 3: */ - t0 = tdsr0 ^ rk[12]; - t1 = tdsr1 ^ rk[13]; - t2 = tdsr2 ^ rk[14]; - t3 = tdsr3 ^ rk[15]; - /* round 4: */ - s0 = sdsr0 ^ rk[16]; - s1 = sdsr1 ^ rk[17]; - s2 = sdsr2 ^ rk[18]; - s3 = sdsr3 ^ rk[19]; - /* round 5: */ - t0 = tdsr0 ^ rk[20]; - t1 = tdsr1 ^ rk[21]; - t2 = tdsr2 ^ rk[22]; - t3 = tdsr3 ^ rk[23]; - /* round 6: */ - s0 = sdsr0 ^ rk[24]; - s1 = sdsr1 ^ rk[25]; - s2 = sdsr2 ^ rk[26]; - s3 = sdsr3 ^ rk[27]; - /* round 7: */ - t0 = tdsr0 ^ rk[28]; - t1 = tdsr1 ^ rk[29]; - t2 = tdsr2 ^ rk[30]; - t3 = tdsr3 ^ rk[31]; - /* round 8: */ - s0 = sdsr0 ^ rk[32]; - s1 = sdsr1 ^ rk[33]; - s2 = sdsr2 ^ rk[34]; - s3 = sdsr3 ^ rk[35]; - /* round 9: */ - t0 = tdsr0 ^ rk[36]; - t1 = tdsr1 ^ rk[37]; - t2 = tdsr2 ^ rk[38]; - t3 = tdsr3 ^ rk[39]; - if (Nr > 10) { - /* round 10: */ - s0 = sdsr0 ^ rk[40]; - s1 = sdsr1 ^ rk[41]; - s2 = sdsr2 ^ rk[42]; - s3 = sdsr3 ^ rk[43]; - /* round 11: */ - t0 = tdsr0 ^ rk[44]; - t1 = tdsr1 ^ rk[45]; - t2 = tdsr2 ^ rk[46]; - t3 = tdsr3 ^ rk[47]; - if (Nr > 12) { - /* round 12: */ - s0 = sdsr0 ^ rk[48]; - s1 = sdsr1 ^ rk[49]; - s2 = sdsr2 ^ rk[50]; - s3 = sdsr3 ^ rk[51]; - /* round 13: */ - t0 = tdsr0 ^ rk[52]; - t1 = tdsr1 ^ rk[53]; - t2 = tdsr2 ^ rk[54]; - t3 = tdsr3 ^ rk[55]; - } - } - rk += Nr << 2; - - /* - * apply last round and - * map cipher state to byte array block: - */ - s0 = - (Td4[(t0 >> 24)] & 0xff000000) ^ - (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t1) & 0xff] & 0x000000ff) ^ - rk[0]; - - s1 = - (Td4[(t1 >> 24)] & 0xff000000) ^ - (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t2) & 0xff] & 0x000000ff) ^ - rk[1]; - - s2 = - (Td4[(t2 >> 24)] & 0xff000000) ^ - (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t3) & 0xff] & 0x000000ff) ^ - rk[2]; - - s3 = - (Td4[(t3 >> 24)] & 0xff000000) ^ - (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t0) & 0xff] & 0x000000ff) ^ - rk[3]; - -#if _ALIGNMENT_REQUIRED - if (IS_P2ALIGNED(block, sizeof (uint32_t))) { -#endif /* _ALIGNMENT_REQUIRED */ - /*LINTED*/ - PUTU32(block, s0); - /*LINTED*/ - PUTU32(block + 4, s1); - /*LINTED*/ - PUTU32(block + 8, s2); - /*LINTED*/ - PUTU32(block + 12, s3); -#if _ALIGNMENT_REQUIRED - } else { - block[0] = s0 >> 24; - block[1] = s0 >> 16; - block[2] = s0 >> 8; - block[3] = s0; - block[4] = s1 >> 24; - block[5] = s1 >> 16; - block[6] = s1 >> 8; - block[7] = s1; - block[8] = s2 >> 24; - block[9] = s2 >> 16; - block[10] = s2 >> 8; - block[11] = s2; - block[12] = s3 >> 24; - block[13] = s3 >> 16; - block[14] = s3 >> 8; - block[15] = s3; - } -#endif /* _ALIGNMENT_REQUIRED */ -} - - -/* - * For now, just reality-check the key size. - * Just remember to keep an eye open for - * anyone finding weak keys in rijndael/aes. - */ -boolean_t -aes_keycheck(const uint8_t *key, uint32_t keysize) -{ - if (key == NULL) { - return (B_FALSE); - } - - /* rijndael can work with 160 or 224 */ - /* but, that's not in the AES spec */ - switch (keysize) { - case AES_128_KEY_SIZE: - case AES_192_KEY_SIZE: - case AES_256_KEY_SIZE: - break; - default: - return (B_FALSE); - } - - /* - * No known weak keys in AES (yet). But if there were, - * check here - */ - return (B_TRUE); -} - -void -aes_key(void *cookie, const uint8_t *key, uint32_t keysize) -{ - keysched_t *ks = (keysched_t *)cookie; - uint32_t keybits; - uint32_t Nr; - uint32_t temp; - uint32_t *rk_d = ks->rk_d; - uint32_t *rk_e = ks->rk_e; - int i = 0; - int j; - - keybits = keysize * 8; - switch (keybits) { - case 128: - Nr = ks->Nr = 10; - break; - - case 192: - Nr = ks->Nr = 12; - break; - - case 256: - Nr = ks->Nr = 14; - break; - - default: - /* should never get here */ - return; - } - -#if _ALIGNMENT_REQUIRED - - if (IS_P2ALIGNED(key, sizeof (uint32_t))) { -#endif /* _ALIGNMENT_REQUIRED */ - /* - * map byte array block to cipher state - * and add initial round key: - */ - /*LINTED*/ - rk_e[0] = GETU32(key); - /*LINTED*/ - rk_e[1] = GETU32(key + 4); - /*LINTED*/ - rk_e[2] = GETU32(key + 8); - /*LINTED*/ - rk_e[3] = GETU32(key + 12); - -#if _ALIGNMENT_REQUIRED - } else { - rk_e[0] = (((uint32_t)key[0] << 24) | - ((uint32_t)key[1] << 16) | - ((uint32_t)key[2] << 8) | (uint32_t)key[3]); - - rk_e[1] = (((uint32_t)key[4] << 24) | - ((uint32_t)key[5] << 16) | - ((uint32_t)key[6] << 8) | (uint32_t)key[7]); - - rk_e[2] = (((uint32_t)key[8] << 24) | - ((uint32_t)key[9] << 16) | - ((uint32_t)key[10] << 8) | (uint32_t)key[11]); - - rk_e[3] = (((uint32_t)key[12] << 24) | - ((uint32_t)key[13] << 16) | ((uint32_t)key[14] << 8) | - (uint32_t)key[15]); - } -#endif /* _ALIGNMENT_REQUIRED */ - - if (keybits == 128) { - for (;;) { - temp = rk_e[3]; - rk_e[4] = rk_e[0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24)] & 0x000000ff) ^ - rcon[i]; - rk_e[5] = rk_e[1] ^ rk_e[4]; - rk_e[6] = rk_e[2] ^ rk_e[5]; - rk_e[7] = rk_e[3] ^ rk_e[6]; - if (++i == 10) { - goto finish_keysched; - } - rk_e += 4; - } - } -#if _ALIGNMENT_REQUIRED - - if (IS_P2ALIGNED(key, sizeof (uint32_t))) { -#endif /* _ALIGNMENT_REQUIRED */ - /*LINTED*/ - rk_e[4] = GETU32(key + 16); - /*LINTED*/ - rk_e[5] = GETU32(key + 20); -#if _ALIGNMENT_REQUIRED - } else { - rk_e[4] = (((uint32_t)key[16] << 24) | - ((uint32_t)key[17] << 16) | - ((uint32_t)key[18] << 8) | (uint32_t)key[19]); - rk_e[5] = (((uint32_t)key[20] << 24) | - ((uint32_t)key[21] << 16) | - ((uint32_t)key[22] << 8) | (uint32_t)key[23]); - } -#endif /* _ALIGNMENT_REQUIRED */ - - if (keybits == 192) { - for (;;) { - temp = rk_e[5]; - rk_e[6] = rk_e[0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24)] & 0x000000ff) ^ - rcon[i]; - rk_e[7] = rk_e[1] ^ rk_e[6]; - rk_e[8] = rk_e[2] ^ rk_e[7]; - rk_e[9] = rk_e[3] ^ rk_e[8]; - if (++i == 8) { - goto finish_keysched; - } - rk_e[10] = rk_e[4] ^ rk_e[9]; - rk_e[11] = rk_e[5] ^ rk_e[10]; - rk_e += 6; - } - } -#if _ALIGNMENT_REQUIRED - - if (IS_P2ALIGNED(key, sizeof (uint32_t))) { -#endif /* _ALIGNMENT_REQUIRED */ - /*LINTED*/ - rk_e[6] = GETU32(key + 24); - /*LINTED*/ - rk_e[7] = GETU32(key + 28); -#if _ALIGNMENT_REQUIRED - } else { - rk_e[6] = (((uint32_t)key[24] << 24) | - ((uint32_t)key[25] << 16) | - ((uint32_t)key[26] << 8) | (uint32_t)key[27]); - rk_e[7] = (((uint32_t)key[28] << 24) | - ((uint32_t)key[29] << 16) | - ((uint32_t)key[30] << 8) | (uint32_t)key[31]); - } -#endif /* _ALIGNMENT_REQUIRED */ - if (keybits == 256) { - for (;;) { - temp = rk_e[7]; - rk_e[8] = rk_e[0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24)] & 0x000000ff) ^ - rcon[i]; - rk_e[9] = rk_e[1] ^ rk_e[8]; - rk_e[10] = rk_e[2] ^ rk_e[9]; - rk_e[11] = rk_e[3] ^ rk_e[10]; - if (++i == 7) { - goto finish_keysched; - } - temp = rk_e[11]; - rk_e[12] = rk_e[4] ^ - (Te4[(temp >> 24)] & 0xff000000) ^ - (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(temp) & 0xff] & 0x000000ff); - rk_e[13] = rk_e[5] ^ rk_e[12]; - rk_e[14] = rk_e[6] ^ rk_e[13]; - rk_e[15] = rk_e[7] ^ rk_e[14]; - - rk_e += 8; - } - } - -finish_keysched: - rk_e = ks->rk_e; - - /* invert the order of the round keys: */ - for (i = 0, j = 4*Nr; i <= j; i += 4, j -= 4) { - rk_d[i] = rk_e[j]; rk_d[j] = rk_e[i]; - rk_d[i + 1] = rk_e[j + 1]; rk_d[j + 1] = rk_e[i + 1]; - rk_d[i + 2] = rk_e[j + 2]; rk_d[j + 2] = rk_e[i + 2]; - rk_d[i + 3] = rk_e[j + 3]; rk_d[j + 3] = rk_e[i + 3]; - } - - /* - * apply the inverse MixColumn transform to all round keys - * but the first and the last: - */ - for (i = 1; i < Nr; i++) { - rk_d += 4; - rk_d[0] = - Td0[Te4[(rk_d[0] >> 24)] & 0xff] ^ - Td1[Te4[(rk_d[0] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk_d[0] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk_d[0]) & 0xff] & 0xff]; - rk_d[1] = - Td0[Te4[(rk_d[1] >> 24)] & 0xff] ^ - Td1[Te4[(rk_d[1] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk_d[1] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk_d[1]) & 0xff] & 0xff]; - rk_d[2] = - Td0[Te4[(rk_d[2] >> 24)] & 0xff] ^ - Td1[Te4[(rk_d[2] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk_d[2] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk_d[2]) & 0xff] & 0xff]; - rk_d[3] = - Td0[Te4[(rk_d[3] >> 24)] & 0xff] ^ - Td1[Te4[(rk_d[3] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk_d[3] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk_d[3]) & 0xff] & 0xff]; - } -} diff --git a/usr/src/common/net/wanboot/crypt/aes.h b/usr/src/common/net/wanboot/crypt/aes.h deleted file mode 100644 index c9bcf9df07..0000000000 --- a/usr/src/common/net/wanboot/crypt/aes.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _AES_H -#define _AES_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/types.h> - -#ifdef __cplusplus -extern "C" { -#endif - -#define AES_256_KEY_SIZE 32 -#define AES_192_KEY_SIZE 24 -#define AES_128_KEY_SIZE 16 -#define AES_BLOCK_SIZE 16 -#define AES_IV_SIZE 16 - -extern int aes_init(void **); -extern void aes_fini(void *); -extern void aes_encrypt(void *, uint8_t *); -extern void aes_decrypt(void *, uint8_t *); -extern void aes_key(void *, const uint8_t *, uint32_t); -extern boolean_t aes_keycheck(const uint8_t *, uint32_t); - -#ifdef __cplusplus -} -#endif - -#endif /* _AES_H */ diff --git a/usr/src/common/net/wanboot/crypt/aes_test.c b/usr/src/common/net/wanboot/crypt/aes_test.c deleted file mode 100644 index 4cc4cfe816..0000000000 --- a/usr/src/common/net/wanboot/crypt/aes_test.c +++ /dev/null @@ -1,115 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -/* - * AES tests as defined by FIPS 197. - * - * Encrypts plain text with the defined key and verifies that the result - * is the expected cipher. Then decrypts the cipher and verifies that the - * result is the original plain text. One test is run for each AES128, - * AES192 and AES256. - */ - -#include <stdio.h> -#include <strings.h> - -#include "aes.h" -#include "cmn_test.h" -#include "aes_test.h" - -typedef struct test_data { - char key[AES_256_KEY_SIZE * 2]; - char plain[AES_BLOCK_SIZE * 2]; - char cipher[AES_BLOCK_SIZE * 2]; - uint32_t keysize; -} test_data_t; - -static test_data_t td[] = { - { "000102030405060708090a0b0c0d0e0f", - "00112233445566778899aabbccddeeff", - "69c4e0d86a7b0430d8cdb78070b4c55a", AES_128_KEY_SIZE }, - { "000102030405060708090a0b0c0d0e0f1011121314151617", - "00112233445566778899aabbccddeeff", - "dda97ca4864cdfe06eaf70a0ec0d7191", AES_192_KEY_SIZE }, - { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", - "00112233445566778899aabbccddeeff", - "8ea2b7ca516745bfeafc49904b496089", AES_256_KEY_SIZE } -}; - -int -aestest(void) -{ - void *ah; - - unsigned char key[AES_256_KEY_SIZE]; - unsigned char plain[AES_BLOCK_SIZE]; - unsigned char cipher[AES_BLOCK_SIZE]; - unsigned char work[AES_BLOCK_SIZE]; - - int fail; - int num; - int i; - - if (aes_init(&ah) != 0) { - (void) printf("Error initializing AES\n"); - return (-1); - } - - num = sizeof (td) / sizeof (test_data_t); - for (i = 0; i < num; i++) { - fail = 0; - - (void) printf("Test #%d [AES%d] ", i, td[i].keysize * 8); - getxdata(key, td[i].key, td[i].keysize); - aes_key(ah, key, td[i].keysize); - - getxdata(plain, td[i].plain, AES_BLOCK_SIZE); - - getxdata(cipher, td[i].cipher, AES_BLOCK_SIZE); - - bcopy(plain, work, AES_BLOCK_SIZE); - aes_encrypt(ah, work); - - if (bcmp(work, cipher, AES_BLOCK_SIZE) != 0) { - (void) printf("FAILED [Encrypt]"); - fail++; - } - aes_decrypt(ah, work); - if (bcmp(work, plain, AES_BLOCK_SIZE) != 0) { - (void) printf("FAILED [Decrypt]"); - fail++; - } - if (fail == 0) - (void) printf("PASSED"); - (void) printf("\n"); - } - - aes_fini(ah); - - return (fail); -} diff --git a/usr/src/common/net/wanboot/crypt/aes_test.h b/usr/src/common/net/wanboot/crypt/aes_test.h deleted file mode 100644 index d0beb35655..0000000000 --- a/usr/src/common/net/wanboot/crypt/aes_test.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _AES_TEST_H -#define _AES_TEST_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#ifdef __cplusplus -extern "C" { -#endif - -extern int aestest(void); - -#ifdef __cplusplus -} -#endif - -#endif /* _AES_TEST_H */ diff --git a/usr/src/common/net/wanboot/crypt/cbc.c b/usr/src/common/net/wanboot/crypt/cbc.c deleted file mode 100644 index 4c994c4fe5..0000000000 --- a/usr/src/common/net/wanboot/crypt/cbc.c +++ /dev/null @@ -1,138 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/sysmacros.h> -#if defined(_KERNEL) && !defined(_BOOT) -#include <sys/systm.h> -#else -#include <strings.h> -#endif -#include "cbc.h" - -#define CBC_MAX_BLOCK_SIZE 64 - -static void -cbc_xorblock(uint8_t *lastp, uint8_t *thisp, int blocksize) -{ - uint32_t *this32p; - uint32_t *last32p; - int i; - - if (IS_P2ALIGNED(thisp, sizeof (uint32_t)) && - IS_P2ALIGNED(lastp, sizeof (uint32_t)) && - IS_P2ALIGNED(blocksize, sizeof (uint32_t))) { - /* LINTED */ - this32p = (uint32_t *)thisp; - /* LINTED */ - last32p = (uint32_t *)lastp; - for (i = 0; i < blocksize; i += 4) { - *this32p ^= *last32p; - this32p++; - last32p++; - } - } else { - for (i = 0; i < blocksize; i++) { - thisp[i] ^= lastp[i]; - } - } -} - -boolean_t -cbc_encrypt(cbc_handle_t *ch, uint8_t *data, size_t datalen, - uint8_t *IV) -{ - uint8_t *lastp; - uint8_t *thisp; - size_t i; - - if (!IS_P2ALIGNED(datalen, ch->blocklen)) { - return (B_FALSE); - } - - thisp = data; - lastp = IV; - - for (i = 0; i < datalen; i += ch->blocklen) { - cbc_xorblock(lastp, thisp, ch->blocklen); - /* Encrypt the current block. */ - ch->encrypt(ch->ks, thisp); - lastp = thisp; - thisp += ch->blocklen; - } - - bcopy(lastp, IV, ch->blocklen); - return (B_TRUE); -} - -boolean_t -cbc_decrypt(cbc_handle_t *ch, uint8_t *data, size_t datalen, - uint8_t *IV) -{ - uint8_t cbcblock[CBC_MAX_BLOCK_SIZE]; - uint8_t *lastp; - uint8_t *thisp; - size_t i; - - if (!IS_P2ALIGNED(datalen, ch->blocklen)) { - return (B_FALSE); - } - - thisp = data; - lastp = IV; - - for (i = 0; i < datalen; i += ch->blocklen) { - - /* Copy the current ciphertext block. */ - bcopy(thisp, cbcblock, ch->blocklen); - - /* Decrypt the current block. */ - ch->decrypt(ch->ks, thisp); - - cbc_xorblock(lastp, thisp, ch->blocklen); - - /* Save the last ciphertext block. */ - bcopy(cbcblock, lastp, ch->blocklen); - thisp += ch->blocklen; - } - - return (B_TRUE); -} - -void -cbc_makehandle(cbc_handle_t *ch, void *cookie, uint32_t keysize, - uint32_t blocksize, uint32_t ivsize, - void (*encrypt)(void *, uint8_t *), - void (*decrypt)(void *, uint8_t *)) -{ - ch->ks = cookie; - ch->keylen = keysize; - ch->blocklen = blocksize; - ch->ivlen = ivsize; - ch->encrypt = encrypt; - ch->decrypt = decrypt; -} diff --git a/usr/src/common/net/wanboot/crypt/cbc.h b/usr/src/common/net/wanboot/crypt/cbc.h deleted file mode 100644 index 7c47cdfe12..0000000000 --- a/usr/src/common/net/wanboot/crypt/cbc.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _CBC_H -#define _CBC_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/types.h> - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct cbc_handle_s { - uint32_t keylen; - uint32_t blocklen; - uint32_t ivlen; - void *ks; - void (*encrypt)(void *, uint8_t *); - void (*decrypt)(void *, uint8_t *); -} cbc_handle_t; - -extern boolean_t cbc_encrypt(cbc_handle_t *ch, uint8_t *data, size_t datalen, - uint8_t *IV); -extern boolean_t cbc_decrypt(cbc_handle_t *ch, uint8_t *data, size_t datalen, - uint8_t *IV); -extern void cbc_makehandle(cbc_handle_t *ch, void *cookie, uint32_t keysize, - uint32_t blocksize, uint32_t ivsize, - void (*encrypt)(void *, uint8_t *), - void (*decrypt)(void *, uint8_t *)); - -#ifdef __cplusplus -} -#endif - -#endif /* _CBC_H */ diff --git a/usr/src/common/net/wanboot/crypt/cbc_test.c b/usr/src/common/net/wanboot/crypt/cbc_test.c deleted file mode 100644 index 4df9c69037..0000000000 --- a/usr/src/common/net/wanboot/crypt/cbc_test.c +++ /dev/null @@ -1,167 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -/* - * Assertion based test of the CBC implementation. - * - * This test can be used to the CBC implementation using either - * 3DES, AES128, AES192 or AES256. The test string above is encrypted - * and then decrypted using one of the algorithms and keys below. The test - * passes if the decrypted string is the same as the original. Note, - * that this test should not be used to test the underlying algorithms - * and relies on the correctness of those algorithms. - */ - -#include <stdio.h> -#include <strings.h> - -#include "cbc.h" -#include "des3.h" -#include "aes.h" -#include "cbc_test.h" - -#define CBC_MAX_KEY_SIZE AES_256_KEY_SIZE -#define CBC_MAX_BLOCK_SIZE AES_BLOCK_SIZE -#define CBC_MIN_BLOCK_SIZE DES3_BLOCK_SIZE -#define CBC_MAX_IV_SIZE AES_IV_SIZE - -#define DES3_KEY "01234567" -#define AES_128_KEY "0123456789ABCDEF" -#define AES_192_KEY "0123456789ABCDEFHIJKLMNO" -#define AES_256_KEY "0123456789ABCDEFHIJKLMNOPQRSTUVW" - -#define TEST_BLOCK_SIZE (CBC_MAX_BLOCK_SIZE * 2) -#define TEST_SIZE (TEST_BLOCK_SIZE * 2) -#define TEST "This test is successful if this string has a period at the end." - -int -cbctest(int type) -{ - unsigned char test_string[TEST_SIZE]; - char iv[CBC_MAX_IV_SIZE]; - - cbc_handle_t ch; - void *eh; - int ret; - int i; - - switch (type) { - case CBC_DES3_TYPE: - ret = des3_init(&eh); - break; - case CBC_AES_128_TYPE: - ret = aes_init(&eh); - break; - case CBC_AES_192_TYPE: - ret = aes_init(&eh); - break; - case CBC_AES_256_TYPE: - ret = aes_init(&eh); - break; - default: - (void) printf("Illegal encryption type\n"); - return (-1); - } - - if (ret != 0) { - (void) printf("Error initializing encryption algorithm\n"); - return (-1); - } - - bzero(iv, CBC_MAX_IV_SIZE); - - switch (type) { - case CBC_DES3_TYPE: - des3_key(eh, (uint8_t *)DES3_KEY); - cbc_makehandle(&ch, eh, DES3_KEY_SIZE, DES3_BLOCK_SIZE, - DES3_IV_SIZE, des3_encrypt, des3_decrypt); - break; - case CBC_AES_128_TYPE: - aes_key(eh, (uint8_t *)AES_128_KEY, AES_128_KEY_SIZE); - cbc_makehandle(&ch, eh, AES_128_KEY_SIZE, AES_BLOCK_SIZE, - AES_IV_SIZE, aes_encrypt, aes_decrypt); - break; - case CBC_AES_192_TYPE: - aes_key(eh, (uint8_t *)AES_192_KEY, AES_192_KEY_SIZE); - cbc_makehandle(&ch, eh, AES_192_KEY_SIZE, AES_BLOCK_SIZE, - AES_IV_SIZE, aes_encrypt, aes_decrypt); - break; - case CBC_AES_256_TYPE: - aes_key(eh, (uint8_t *)AES_256_KEY, AES_256_KEY_SIZE); - cbc_makehandle(&ch, eh, AES_256_KEY_SIZE, AES_BLOCK_SIZE, - AES_IV_SIZE, aes_encrypt, aes_decrypt); - break; - default: - /* Should not happen */ - (void) printf("Illegal encryption type\n"); - return (-1); - } - - (void) strcpy((char *)test_string, TEST); - - for (i = 0; i < TEST_SIZE; i += TEST_BLOCK_SIZE) { - (void) cbc_encrypt(&ch, (uint8_t *)&test_string[i], - TEST_BLOCK_SIZE, (uint8_t *)iv); - } - - if (strcmp((char *)test_string, TEST) == 0) { - (void) printf("FAILED [Encryption]\n"); - goto out; - } - - bzero(iv, CBC_MAX_IV_SIZE); - - for (i = 0; i < TEST_SIZE; i += TEST_BLOCK_SIZE) { - (void) cbc_decrypt(&ch, (uint8_t *)&test_string[i], - TEST_BLOCK_SIZE, (uint8_t *)iv); - } - - if (strcmp((char *)test_string, TEST) == 0) { - (void) printf("PASSED\n"); - } else { - (void) printf("FAILED [Decryption]\n"); - } - -out: - switch (type) { - case CBC_DES3_TYPE: - des3_fini(eh); - break; - case CBC_AES_128_TYPE: - case CBC_AES_192_TYPE: - case CBC_AES_256_TYPE: - aes_fini(eh); - break; - default: - /* Should not happen */ - (void) printf("Illegal encryption type\n"); - return (-1); - } - - return (0); -} diff --git a/usr/src/common/net/wanboot/crypt/cbc_test.h b/usr/src/common/net/wanboot/crypt/cbc_test.h deleted file mode 100644 index 9f66361193..0000000000 --- a/usr/src/common/net/wanboot/crypt/cbc_test.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _CBC_TEST_H -#define _CBC_TEST_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#ifdef __cplusplus -extern "C" { -#endif - -#define CBC_DES3_TYPE 0 -#define CBC_AES_128_TYPE 1 -#define CBC_AES_192_TYPE 2 -#define CBC_AES_256_TYPE 3 - -extern int cbctest(int); - -#ifdef __cplusplus -} -#endif - -#endif /* _CBC_TEST_H */ diff --git a/usr/src/common/net/wanboot/crypt/cmn_test.c b/usr/src/common/net/wanboot/crypt/cmn_test.c deleted file mode 100644 index 8e6f51332b..0000000000 --- a/usr/src/common/net/wanboot/crypt/cmn_test.c +++ /dev/null @@ -1,91 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -/* - * Common functions used by the crypto tests. - */ - -#include <stdio.h> -#include "cmn_test.h" - -/* - * hexascii to integer conversion - */ -static int -xstrtoi(char *str, int len) { - int val; - int c; - int i; - - val = 0; - for (i = 0, c = *str++; len-- > 0; i++, c = *str++) { - if (c >= '0' && c <= '9') { - c -= '0'; - } else if (c >= 'A' && c <= 'F') { - c = (c - 'A') + 10; - } else if (c >= 'a' && c <= 'f') { - c = (c - 'a') + 10; - } else { - break; - } - val *= 16; - val += c; - } - return (val); -} - -/* - * Accepts a buffer containing a hexascii string and converts - * it to a buffer with the hexascii nibbles converted to integers. - */ -void -getxdata(unsigned char *cp, char *field, int len) -{ - int i; - int t; - - for (i = 0; i < len; i++) { - t = xstrtoi(field, 2); - *cp++ = (char)t; - field += 2; - } -} - -/* - * Accepts a buffer of integer nibbles and prints them - * out as a hexascii string. - */ -void -putxdata(unsigned char *cp, int len) -{ - int i; - - for (i = 0; i < len; i++) { - (void) printf("%02X", *cp++ & 0xff); - } -} diff --git a/usr/src/common/net/wanboot/crypt/cmn_test.h b/usr/src/common/net/wanboot/crypt/cmn_test.h deleted file mode 100644 index 1f1c01cebe..0000000000 --- a/usr/src/common/net/wanboot/crypt/cmn_test.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _CMN_TEST_H -#define _CMN_TEST_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#ifdef __cplusplus -extern "C" { -#endif - -extern void getxdata(unsigned char *, char *, int); -extern void putxdata(unsigned char *, int); - -#ifdef __cplusplus -} -#endif - -#endif /* _CMN_TEST_H */ diff --git a/usr/src/common/net/wanboot/crypt/des.c b/usr/src/common/net/wanboot/crypt/des.c deleted file mode 100644 index ec0e267fdf..0000000000 --- a/usr/src/common/net/wanboot/crypt/des.c +++ /dev/null @@ -1,388 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -/* - * Portable C version of des() and des_key() functions. - * This version is very similar to that in Part V of Applied Cryptography - * by Bruce Schneier. - * - * This information is in the public domain 12/15/95 P. Karn - */ - -#include <sys/types.h> -#include <sys/sysmacros.h> -#if defined(_KERNEL) && !defined(_BOOT) -#include <sys/systm.h> -#else -#include <strings.h> -#endif - -#include "des.h" - -/* - * Combined SP lookup table, linked in - * For best results, ensure that this is aligned on a 32-bit boundary; - */ -static uint32_t Spbox[8][64] = { - 0x01010400U, 0x00000000U, 0x00010000U, 0x01010404U, - 0x01010004U, 0x00010404U, 0x00000004U, 0x00010000U, - 0x00000400U, 0x01010400U, 0x01010404U, 0x00000400U, - 0x01000404U, 0x01010004U, 0x01000000U, 0x00000004U, - 0x00000404U, 0x01000400U, 0x01000400U, 0x00010400U, - 0x00010400U, 0x01010000U, 0x01010000U, 0x01000404U, - 0x00010004U, 0x01000004U, 0x01000004U, 0x00010004U, - 0x00000000U, 0x00000404U, 0x00010404U, 0x01000000U, - 0x00010000U, 0x01010404U, 0x00000004U, 0x01010000U, - 0x01010400U, 0x01000000U, 0x01000000U, 0x00000400U, - 0x01010004U, 0x00010000U, 0x00010400U, 0x01000004U, - 0x00000400U, 0x00000004U, 0x01000404U, 0x00010404U, - 0x01010404U, 0x00010004U, 0x01010000U, 0x01000404U, - 0x01000004U, 0x00000404U, 0x00010404U, 0x01010400U, - 0x00000404U, 0x01000400U, 0x01000400U, 0x00000000U, - 0x00010004U, 0x00010400U, 0x00000000U, 0x01010004U, - 0x80108020U, 0x80008000U, 0x00008000U, 0x00108020U, - 0x00100000U, 0x00000020U, 0x80100020U, 0x80008020U, - 0x80000020U, 0x80108020U, 0x80108000U, 0x80000000U, - 0x80008000U, 0x00100000U, 0x00000020U, 0x80100020U, - 0x00108000U, 0x00100020U, 0x80008020U, 0x00000000U, - 0x80000000U, 0x00008000U, 0x00108020U, 0x80100000U, - 0x00100020U, 0x80000020U, 0x00000000U, 0x00108000U, - 0x00008020U, 0x80108000U, 0x80100000U, 0x00008020U, - 0x00000000U, 0x00108020U, 0x80100020U, 0x00100000U, - 0x80008020U, 0x80100000U, 0x80108000U, 0x00008000U, - 0x80100000U, 0x80008000U, 0x00000020U, 0x80108020U, - 0x00108020U, 0x00000020U, 0x00008000U, 0x80000000U, - 0x00008020U, 0x80108000U, 0x00100000U, 0x80000020U, - 0x00100020U, 0x80008020U, 0x80000020U, 0x00100020U, - 0x00108000U, 0x00000000U, 0x80008000U, 0x00008020U, - 0x80000000U, 0x80100020U, 0x80108020U, 0x00108000U, - 0x00000208U, 0x08020200U, 0x00000000U, 0x08020008U, - 0x08000200U, 0x00000000U, 0x00020208U, 0x08000200U, - 0x00020008U, 0x08000008U, 0x08000008U, 0x00020000U, - 0x08020208U, 0x00020008U, 0x08020000U, 0x00000208U, - 0x08000000U, 0x00000008U, 0x08020200U, 0x00000200U, - 0x00020200U, 0x08020000U, 0x08020008U, 0x00020208U, - 0x08000208U, 0x00020200U, 0x00020000U, 0x08000208U, - 0x00000008U, 0x08020208U, 0x00000200U, 0x08000000U, - 0x08020200U, 0x08000000U, 0x00020008U, 0x00000208U, - 0x00020000U, 0x08020200U, 0x08000200U, 0x00000000U, - 0x00000200U, 0x00020008U, 0x08020208U, 0x08000200U, - 0x08000008U, 0x00000200U, 0x00000000U, 0x08020008U, - 0x08000208U, 0x00020000U, 0x08000000U, 0x08020208U, - 0x00000008U, 0x00020208U, 0x00020200U, 0x08000008U, - 0x08020000U, 0x08000208U, 0x00000208U, 0x08020000U, - 0x00020208U, 0x00000008U, 0x08020008U, 0x00020200U, - 0x00802001U, 0x00002081U, 0x00002081U, 0x00000080U, - 0x00802080U, 0x00800081U, 0x00800001U, 0x00002001U, - 0x00000000U, 0x00802000U, 0x00802000U, 0x00802081U, - 0x00000081U, 0x00000000U, 0x00800080U, 0x00800001U, - 0x00000001U, 0x00002000U, 0x00800000U, 0x00802001U, - 0x00000080U, 0x00800000U, 0x00002001U, 0x00002080U, - 0x00800081U, 0x00000001U, 0x00002080U, 0x00800080U, - 0x00002000U, 0x00802080U, 0x00802081U, 0x00000081U, - 0x00800080U, 0x00800001U, 0x00802000U, 0x00802081U, - 0x00000081U, 0x00000000U, 0x00000000U, 0x00802000U, - 0x00002080U, 0x00800080U, 0x00800081U, 0x00000001U, - 0x00802001U, 0x00002081U, 0x00002081U, 0x00000080U, - 0x00802081U, 0x00000081U, 0x00000001U, 0x00002000U, - 0x00800001U, 0x00002001U, 0x00802080U, 0x00800081U, - 0x00002001U, 0x00002080U, 0x00800000U, 0x00802001U, - 0x00000080U, 0x00800000U, 0x00002000U, 0x00802080U, - 0x00000100U, 0x02080100U, 0x02080000U, 0x42000100U, - 0x00080000U, 0x00000100U, 0x40000000U, 0x02080000U, - 0x40080100U, 0x00080000U, 0x02000100U, 0x40080100U, - 0x42000100U, 0x42080000U, 0x00080100U, 0x40000000U, - 0x02000000U, 0x40080000U, 0x40080000U, 0x00000000U, - 0x40000100U, 0x42080100U, 0x42080100U, 0x02000100U, - 0x42080000U, 0x40000100U, 0x00000000U, 0x42000000U, - 0x02080100U, 0x02000000U, 0x42000000U, 0x00080100U, - 0x00080000U, 0x42000100U, 0x00000100U, 0x02000000U, - 0x40000000U, 0x02080000U, 0x42000100U, 0x40080100U, - 0x02000100U, 0x40000000U, 0x42080000U, 0x02080100U, - 0x40080100U, 0x00000100U, 0x02000000U, 0x42080000U, - 0x42080100U, 0x00080100U, 0x42000000U, 0x42080100U, - 0x02080000U, 0x00000000U, 0x40080000U, 0x42000000U, - 0x00080100U, 0x02000100U, 0x40000100U, 0x00080000U, - 0x00000000U, 0x40080000U, 0x02080100U, 0x40000100U, - 0x20000010U, 0x20400000U, 0x00004000U, 0x20404010U, - 0x20400000U, 0x00000010U, 0x20404010U, 0x00400000U, - 0x20004000U, 0x00404010U, 0x00400000U, 0x20000010U, - 0x00400010U, 0x20004000U, 0x20000000U, 0x00004010U, - 0x00000000U, 0x00400010U, 0x20004010U, 0x00004000U, - 0x00404000U, 0x20004010U, 0x00000010U, 0x20400010U, - 0x20400010U, 0x00000000U, 0x00404010U, 0x20404000U, - 0x00004010U, 0x00404000U, 0x20404000U, 0x20000000U, - 0x20004000U, 0x00000010U, 0x20400010U, 0x00404000U, - 0x20404010U, 0x00400000U, 0x00004010U, 0x20000010U, - 0x00400000U, 0x20004000U, 0x20000000U, 0x00004010U, - 0x20000010U, 0x20404010U, 0x00404000U, 0x20400000U, - 0x00404010U, 0x20404000U, 0x00000000U, 0x20400010U, - 0x00000010U, 0x00004000U, 0x20400000U, 0x00404010U, - 0x00004000U, 0x00400010U, 0x20004010U, 0x00000000U, - 0x20404000U, 0x20000000U, 0x00400010U, 0x20004010U, - 0x00200000U, 0x04200002U, 0x04000802U, 0x00000000U, - 0x00000800U, 0x04000802U, 0x00200802U, 0x04200800U, - 0x04200802U, 0x00200000U, 0x00000000U, 0x04000002U, - 0x00000002U, 0x04000000U, 0x04200002U, 0x00000802U, - 0x04000800U, 0x00200802U, 0x00200002U, 0x04000800U, - 0x04000002U, 0x04200000U, 0x04200800U, 0x00200002U, - 0x04200000U, 0x00000800U, 0x00000802U, 0x04200802U, - 0x00200800U, 0x00000002U, 0x04000000U, 0x00200800U, - 0x04000000U, 0x00200800U, 0x00200000U, 0x04000802U, - 0x04000802U, 0x04200002U, 0x04200002U, 0x00000002U, - 0x00200002U, 0x04000000U, 0x04000800U, 0x00200000U, - 0x04200800U, 0x00000802U, 0x00200802U, 0x04200800U, - 0x00000802U, 0x04000002U, 0x04200802U, 0x04200000U, - 0x00200800U, 0x00000000U, 0x00000002U, 0x04200802U, - 0x00000000U, 0x00200802U, 0x04200000U, 0x00000800U, - 0x04000002U, 0x04000800U, 0x00000800U, 0x00200002U, - 0x10001040U, 0x00001000U, 0x00040000U, 0x10041040U, - 0x10000000U, 0x10001040U, 0x00000040U, 0x10000000U, - 0x00040040U, 0x10040000U, 0x10041040U, 0x00041000U, - 0x10041000U, 0x00041040U, 0x00001000U, 0x00000040U, - 0x10040000U, 0x10000040U, 0x10001000U, 0x00001040U, - 0x00041000U, 0x00040040U, 0x10040040U, 0x10041000U, - 0x00001040U, 0x00000000U, 0x00000000U, 0x10040040U, - 0x10000040U, 0x10001000U, 0x00041040U, 0x00040000U, - 0x00041040U, 0x00040000U, 0x10041000U, 0x00001000U, - 0x00000040U, 0x10040040U, 0x00001000U, 0x00041040U, - 0x10001000U, 0x00000040U, 0x10000040U, 0x10040000U, - 0x10040040U, 0x10000000U, 0x00040000U, 0x10001040U, - 0x00000000U, 0x10041040U, 0x00040040U, 0x10000040U, - 0x10040000U, 0x10001000U, 0x10001040U, 0x00000000U, - 0x10041040U, 0x00041000U, 0x00041000U, 0x00001040U, - 0x00001040U, 0x00040040U, 0x10000000U, 0x10041000U, -}; - -/* - * Primitive function F. - * Input is r, subkey array in keys, output is XORed into l. - * Each round consumes eight 6-bit subkeys, one for - * each of the 8 S-boxes, 2 longs for each round. - * Each long contains four 6-bit subkeys, each taking up a byte. - * The first long contains, from high to low end, the subkeys for - * S-boxes 1, 3, 5 & 7; the second contains the subkeys for S-boxes - * 2, 4, 6 & 8 (using the origin-1 S-box numbering in the standard, - * not the origin-0 numbering used elsewhere in this code) - * See comments elsewhere about the pre-rotated values of r and Spbox. - */ -#define F(l, r, key) {\ - work = ((r >> 4) | (r << 28)) ^ (key)[0];\ - l ^= Spbox[6][work & 0x3f];\ - l ^= Spbox[4][(work >> 8) & 0x3f];\ - l ^= Spbox[2][(work >> 16) & 0x3f];\ - l ^= Spbox[0][(work >> 24) & 0x3f];\ - work = r ^ (key)[1];\ - l ^= Spbox[7][work & 0x3f];\ - l ^= Spbox[5][(work >> 8) & 0x3f];\ - l ^= Spbox[3][(work >> 16) & 0x3f];\ - l ^= Spbox[1][(work >> 24) & 0x3f];\ -} - -/* Encrypt or decrypt a block of data in ECB mode */ -void -des(void *cookie, uint8_t *block) -{ - uint32_t *ks = (uint32_t *)cookie; - uint32_t left; - uint32_t right; - uint32_t work; - - /* Read input block and place in left/right in big-endian order */ - left = ((uint32_t)block[0] << 24) | - ((uint32_t)block[1] << 16) | - ((uint32_t)block[2] << 8) | - (uint32_t)block[3]; - right = ((uint32_t)block[4] << 24) | - ((uint32_t)block[5] << 16) | - ((uint32_t)block[6] << 8) | - (uint32_t)block[7]; - - /* - * Hoey's clever initial permutation algorithm, from Outerbridge - * (see Schneier p 478) - * - * The convention here is the same as Outerbridge: rotate each - * register left by 1 bit, i.e., so that "left" contains permuted - * input bits 2, 3, 4, ... 1 and "right" contains 33, 34, 35, ... 32 - * (using origin-1 numbering as in the FIPS). This allows us to avoid - * one of the two rotates that would otherwise be required in each of - * the 16 rounds. - */ - work = ((left >> 4) ^ right) & 0x0f0f0f0f; - right ^= work; - left ^= work << 4; - work = ((left >> 16) ^ right) & 0xffff; - right ^= work; - left ^= work << 16; - work = ((right >> 2) ^ left) & 0x33333333; - left ^= work; - right ^= (work << 2); - work = ((right >> 8) ^ left) & 0xff00ff; - left ^= work; - right ^= (work << 8); - right = (right << 1) | (right >> 31); - work = (left ^ right) & 0xaaaaaaaa; - left ^= work; - right ^= work; - left = (left << 1) | (left >> 31); - - /* First key */ - F(left, right, ks); - F(right, left, ks + 2); - F(left, right, ks + 4); - F(right, left, ks + 6); - F(left, right, ks + 8); - F(right, left, ks + 10); - F(left, right, ks + 12); - F(right, left, ks + 14); - F(left, right, ks + 16); - F(right, left, ks + 18); - F(left, right, ks + 20); - F(right, left, ks + 22); - F(left, right, ks + 24); - F(right, left, ks + 26); - F(left, right, ks + 28); - F(right, left, ks + 30); - - /* Inverse permutation, also from Hoey via Outerbridge and Schneier */ - right = (right << 31) | (right >> 1); - work = (left ^ right) & 0xaaaaaaaa; - left ^= work; - right ^= work; - left = (left >> 1) | (left << 31); - work = ((left >> 8) ^ right) & 0xff00ff; - right ^= work; - left ^= work << 8; - work = ((left >> 2) ^ right) & 0x33333333; - right ^= work; - left ^= work << 2; - work = ((right >> 16) ^ left) & 0xffff; - left ^= work; - right ^= work << 16; - work = ((right >> 4) ^ left) & 0x0f0f0f0f; - left ^= work; - right ^= work << 4; - - /* Put the block back into the user's buffer with final swap */ - block[0] = right >> 24; - block[1] = right >> 16; - block[2] = right >> 8; - block[3] = right; - block[4] = left >> 24; - block[5] = left >> 16; - block[6] = left >> 8; - block[7] = left; -} - -/* Key schedule-related tables from FIPS-46 */ - -/* permuted choice table (key) */ -static unsigned char pc1[] = { - 57, 49, 41, 33, 25, 17, 9, - 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, - 19, 11, 3, 60, 52, 44, 36, - 63, 55, 47, 39, 31, 23, 15, - 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, - 21, 13, 5, 28, 20, 12, 4 -}; - -/* number left rotations of pc1 */ -static unsigned char totrot[] = { - 1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28 -}; - -/* permuted choice key (table) */ -static unsigned char pc2[] = { - 14, 17, 11, 24, 1, 5, - 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, - 16, 7, 27, 20, 13, 2, - 41, 52, 31, 37, 47, 55, - 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, - 46, 42, 50, 36, 29, 32 -}; - -/* End of DES-defined tables */ - - -/* bit 0 is left-most in byte */ -static int bytebit[] = { - 0200, 0100, 040, 020, 010, 04, 02, 01 -}; - -/* - * Generate key schedule for encryption or decryption - * depending on the value of "decrypt" - */ -void -des_key(DES_KS k, const unsigned char *key, int decrypt) -{ - unsigned char pc1m[56]; /* place to modify pc1 into */ - unsigned char pcr[56]; /* place to rotate pc1 into */ - int i; - int j; - int l; - int m; - unsigned char ks[8]; - - for (j = 0; j < 56; j++) { /* convert pc1 to bits of key */ - l = pc1[j] - 1; /* integer bit location */ - m = l & 07; /* find bit */ - pc1m[j] = (key[l >>3 ] /* find which key byte l is in */ - & bytebit[m]) /* and which bit of that byte */ - ? 1 : 0; /* and store 1-bit result */ - } - for (i = 0; i < 16; i++) { /* key chunk for each iteration */ - bzero(ks, sizeof (ks)); /* Clear key schedule */ - for (j = 0; j < 56; j++) /* rotate pc1 the right amount */ - pcr[j] = pc1m[(l = j + totrot[decrypt ? 15 - i : i]) < - (j < 28 ? 28 : 56) ? l : l - 28]; - /* rotate left and right halves independently */ - for (j = 0; j < 48; j++) { /* select bits individually */ - /* check bit that goes to ks[j] */ - if (pcr[pc2[j] - 1]) { - /* mask it in if it's there */ - l = j % 6; - ks[j/6] |= bytebit[l] >> 2; - } - } - /* Now convert to packed odd/even interleaved form */ - k[i][0] = ((uint32_t)ks[0] << 24) | - ((uint32_t)ks[2] << 16) | - ((uint32_t)ks[4] << 8) | - ((uint32_t)ks[6]); - k[i][1] = ((uint32_t)ks[1] << 24) | - ((uint32_t)ks[3] << 16) | - ((uint32_t)ks[5] << 8) | - ((uint32_t)ks[7]); - } -} diff --git a/usr/src/common/net/wanboot/crypt/des.h b/usr/src/common/net/wanboot/crypt/des.h deleted file mode 100644 index a8a0e3fb52..0000000000 --- a/usr/src/common/net/wanboot/crypt/des.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _DES_H -#define _DES_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/types.h> - -#ifdef __cplusplus -extern "C" { -#endif - -#define DES_KEY_SIZE 8 -#define DES_BLOCK_SIZE 8 -#define DES_IV_SIZE 8 - -typedef uint32_t DES_KS[16][2]; /* Single-key DES key schedule */ - -extern void des(void *, uint8_t *); -extern void des_key(DES_KS k, const unsigned char key[DES_KEY_SIZE], - int decrypt); - -#ifdef __cplusplus -} -#endif - -#endif /* _DES_H */ diff --git a/usr/src/common/net/wanboot/crypt/des3.c b/usr/src/common/net/wanboot/crypt/des3.c deleted file mode 100644 index 397644f2dc..0000000000 --- a/usr/src/common/net/wanboot/crypt/des3.c +++ /dev/null @@ -1,242 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <stdlib.h> -#include <strings.h> -#include <sys/sysmacros.h> - -#include "des3.h" -#include "des.h" - -typedef struct keysched_s { - uint32_t ksch_encrypt1[16][2]; - uint32_t ksch_encrypt2[16][2]; - uint32_t ksch_encrypt3[16][2]; - - uint32_t ksch_decrypt1[16][2]; - uint32_t ksch_decrypt2[16][2]; - uint32_t ksch_decrypt3[16][2]; -} keysched_t; - -int -des3_init(void **cookie) -{ - if ((*cookie = malloc(sizeof (keysched_t))) == NULL) { - return (-1); - } - return (0); -} - -void -des3_fini(void *cookie) -{ - free(cookie); -} - -void -des3_encrypt(void *cookie, uint8_t *block) -{ - keysched_t *ksch = (keysched_t *)cookie; - - des(ksch->ksch_encrypt1, block); - des(ksch->ksch_decrypt2, block); - des(ksch->ksch_encrypt3, block); -} - -void -des3_decrypt(void *cookie, uint8_t *block) -{ - keysched_t *ksch = (keysched_t *)cookie; - - des(ksch->ksch_decrypt3, block); - des(ksch->ksch_encrypt2, block); - des(ksch->ksch_decrypt1, block); -} - -/* - * Generate key schedule for triple DES in E-D-E (or D-E-D) mode. - * - * The key argument is taken to be 24 bytes. The first 8 bytes are K1 - * for the first stage, the second 8 bytes are K2 for the middle stage - * and the third 8 bytes are K3 for the last stage - */ -void -des3_key(void *cookie, const uint8_t *key) -{ - keysched_t *ks = (keysched_t *)cookie; - uint8_t *k1 = (uint8_t *)key; - uint8_t *k2 = k1 + DES_KEY_SIZE; - uint8_t *k3 = k2 + DES_KEY_SIZE; - - des_key(ks->ksch_decrypt1, k1, B_TRUE); - des_key(ks->ksch_encrypt1, k1, B_FALSE); - des_key(ks->ksch_decrypt2, k2, B_TRUE); - des_key(ks->ksch_encrypt2, k2, B_FALSE); - des_key(ks->ksch_decrypt3, k3, B_TRUE); - des_key(ks->ksch_encrypt3, k3, B_FALSE); -} - - -boolean_t -des3_keycheck(const uint8_t *key) -{ - uint64_t key_so_far; - uint64_t scratch; - uint64_t *currentkey; - uint64_t tmpbuf[3]; - uint_t parity; - uint_t num_weakkeys = 0; - uint_t i; - uint_t j; - - /* - * Table of weak and semi-weak keys. Fortunately, weak keys are - * endian-independent, and some semi-weak keys can be paired up in - * endian-opposite order. Since keys are stored as uint64_t's, - * use the ifdef _LITTLE_ENDIAN where appropriate. - */ - static uint64_t des_weak_keys[] = { - /* Really weak keys. Byte-order independent values. */ - 0x0101010101010101ULL, - 0x1f1f1f1f0e0e0e0eULL, - 0xe0e0e0e0f1f1f1f1ULL, - 0xfefefefefefefefeULL, - - /* Semi-weak (and a few possibly-weak) keys. */ - - /* Byte-order independent semi-weak keys. */ - 0x01fe01fe01fe01feULL, 0xfe01fe01fe01fe01ULL, - - /* Byte-order dependent semi-weak keys. */ -#ifdef _LITTLE_ENDIAN - 0xf10ef10ee01fe01fULL, 0x0ef10ef11fe01fe0ULL, - 0x01f101f101e001e0ULL, 0xf101f101e001e001ULL, - 0x0efe0efe1ffe1ffeULL, 0xfe0efe0efe1ffe1fULL, - 0x010e010e011f011fULL, 0x0e010e011f011f01ULL, - 0xf1fef1fee0fee0feULL, 0xfef1fef1fee0fee0ULL, -#else /* Big endian */ - 0x1fe01fe00ef10ef1ULL, 0xe01fe01ff10ef10eULL, - 0x01e001e001f101f1ULL, 0xe001e001f101f101ULL, - 0x1ffe1ffe0efe0efeULL, 0xfe1ffe1ffe0efe0eULL, - 0x011f011f010e010eULL, 0x1f011f010e010e01ULL, - 0xe0fee0fef1fef1feULL, 0xfee0fee0fef1fef1ULL, -#endif - - /* We'll save the other possibly-weak keys for the future. */ - }; - - if (IS_P2ALIGNED(key, sizeof (uint64_t))) { - /* LINTED */ - currentkey = (uint64_t *)key; - } else { - currentkey = tmpbuf; - bcopy(key, currentkey, 3 * sizeof (uint64_t)); - } - - for (j = 0; j < 3; j++) { - key_so_far = currentkey[j]; - scratch = key_so_far; - - /* Unroll the loop within each byte. */ - for (i = 0; i < 8; i++) { - parity = 1; - - /* - * Start shifting at byte n, right to left. - * Low bit (0) doesn't count. - */ - scratch >>= 1; - if (scratch & 0x1) /* bit 1 */ - parity++; - scratch >>= 1; - if (scratch & 0x1) /* bit 2 */ - parity++; - scratch >>= 1; - if (scratch & 0x1) /* bit 3 */ - parity++; - scratch >>= 1; - if (scratch & 0x1) /* bit 4 */ - parity++; - scratch >>= 1; - if (scratch & 0x1) /* bit 5 */ - parity++; - scratch >>= 1; - if (scratch & 0x1) /* bit 6 */ - parity++; - scratch >>= 1; - if (scratch & 0x1) /* bit 7 */ - parity++; - scratch >>= 1; - - parity &= 1; /* Mask off other bits. */ - - /* Will common subexpression elimination help me? */ - key_so_far &= ~((uint64_t)1 << (i << 3)); - key_so_far |= ((uint64_t)parity << (i << 3)); - } - - /* Do weak key check itself. */ - for (i = 0; i < (sizeof (des_weak_keys) / sizeof (uint64_t)); - i++) { - if (key_so_far == des_weak_keys[i]) { - /* In 3DES, one weak key is OK. Two is bad. */ - if (++num_weakkeys > 1) { - return (B_FALSE); - } else { - /* - * We found a weak key, but since - * we've only found one weak key, - * we can not reject the whole 3DES - * set of keys as weak. - * - * Break from the weak key loop - * (since this DES key is weak) and - * continue on. - */ - break; - } - } - } - - /* - * Fix key extension, adjust bits if necessary. - */ - currentkey[j] = key_so_far; - } - - /* - * Perform key equivalence checks, now that parity is properly set. - * All three keys must be unique. - */ - if (currentkey[0] == currentkey[1] || currentkey[1] == currentkey[2] || - currentkey[2] == currentkey[0]) { - return (B_FALSE); - } - - return (B_TRUE); -} diff --git a/usr/src/common/net/wanboot/crypt/des3.h b/usr/src/common/net/wanboot/crypt/des3.h deleted file mode 100644 index 3f0c19a90d..0000000000 --- a/usr/src/common/net/wanboot/crypt/des3.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _DES3_H -#define _DES3_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/types.h> - -#ifdef __cplusplus -extern "C" { -#endif - -#define DES3_KEY_SIZE 24 -#define DES3_BLOCK_SIZE 8 -#define DES3_IV_SIZE 8 - -extern int des3_init(void **); -extern void des3_fini(void *); -extern void des3_encrypt(void *, uint8_t *); -extern void des3_decrypt(void *, uint8_t *); -extern void des3_key(void *, const uint8_t *); -extern boolean_t des3_keycheck(const uint8_t *); - -#ifdef __cplusplus -} -#endif - -#endif /* _DES3_H */ diff --git a/usr/src/common/net/wanboot/crypt/des3_test.c b/usr/src/common/net/wanboot/crypt/des3_test.c deleted file mode 100644 index 0475ede87b..0000000000 --- a/usr/src/common/net/wanboot/crypt/des3_test.c +++ /dev/null @@ -1,206 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -/* - * NIST tests for 3DES certification. - * - * Using the values for td[], encrypts plain text using the provided - * key and verifies the result against the cipher value. Then decrypts - * the cipher and compares the result against the plain value. - * - * Also, gk[] and bk[] are used to test the 3DES keycheck algorithm. - * Each key in gk[] should pass the keycheck and every key in bk[] should - * fail the keycheck. - */ - -#include <stdio.h> -#include <strings.h> - -#include "des3.h" -#include "des.h" -#include "des3_test.h" -#include "cmn_test.h" - -typedef struct test_data { - char key[DES_KEY_SIZE * 2]; - char plain[DES3_BLOCK_SIZE * 2]; - char cipher[DES3_BLOCK_SIZE * 2]; -} test_data_t; - -static test_data_t td[] = { - { "0000000000000000", "0000000000000000", "8CA64DE9C1B123A7" }, - { "FFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFF", "7359B2163E4EDC58" }, - { "3000000000000000", "1000000000000001", "958E6E627A05557B" }, - { "1111111111111111", "1111111111111111", "F40379AB9E0EC533" }, - { "0123456789ABCDEF", "1111111111111111", "17668DFC7292532D" }, - { "1111111111111111", "0123456789ABCDEF", "8A5AE1F81AB8F2DD" }, - { "0000000000000000", "0000000000000000", "8CA64DE9C1B123A7" }, - { "FEDCBA9876543210", "0123456789ABCDEF", "ED39D950FA74BCC4" }, - { "7CA110454A1A6E57", "01A1D6D039776742", "690F5B0D9A26939B" }, - { "0131D9619DC1376E", "5CD54CA83DEF57DA", "7A389D10354BD271" }, - { "07A1133E4A0B2686", "0248D43806F67172", "868EBB51CAB4599A" }, - { "3849674C2602319E", "51454B582DDF440A", "7178876E01F19B2A" }, - { "04B915BA43FEB5B6", "42FD443059577FA2", "AF37FB421F8C4095" }, - { "0113B970FD34F2CE", "059B5E0851CF143A", "86A560F10EC6D85B" }, - { "0170F175468FB5E6", "0756D8E0774761D2", "0CD3DA020021DC09" }, - { "43297FAD38E373FE", "762514B829BF486A", "EA676B2CB7DB2B7A" }, - { "07A7137045DA2A16", "3BDD119049372802", "DFD64A815CAF1A0F" }, - { "04689104C2FD3B2F", "26955F6835AF609A", "5C513C9C4886C088" }, - { "37D06BB516CB7546", "164D5E404F275232", "0A2AEEAE3FF4AB77" }, - { "1F08260D1AC2465E", "6B056E18759F5CCA", "EF1BF03E5DFA575A" }, - { "584023641ABA6176", "004BD6EF09176062", "88BF0DB6D70DEE56" }, - { "025816164629B007", "480D39006EE762F2", "A1F9915541020B56" }, - { "49793EBC79B3258F", "437540C8698F3CFA", "6FBF1CAFCFFD0556" }, - { "4FB05E1515AB73A7", "072D43A077075292", "2F22E49BAB7CA1AC" }, - { "49E95D6D4CA229BF", "02FE55778117F12A", "5A6B612CC26CCE4A" }, - { "018310DC409B26D6", "1D9D5C5018F728C2", "5F4C038ED12B2E41" }, - { "1C587F1C13924FEF", "305532286D6F295A", "63FAC0D034D9F793" }, - { "0101010101010101", "0123456789ABCDEF", "617B3A0CE8F07100" }, - { "1F1F1F1F0E0E0E0E", "0123456789ABCDEF", "DB958605F8C8C606" }, - { "E0FEE0FEF1FEF1FE", "0123456789ABCDEF", "EDBFD1C66C29CCC7" }, - { "0000000000000000", "FFFFFFFFFFFFFFFF", "355550B2150E2451" }, - { "FFFFFFFFFFFFFFFF", "0000000000000000", "CAAAAF4DEAF1DBAE" }, - { "0123456789ABCDEF", "0000000000000000", "D5D44FF720683D0D" }, - { "FEDCBA9876543210", "FFFFFFFFFFFFFFFF", "2A2BB008DF97C2F2" } -}; - -typedef struct test_keys { - char key1[DES_KEY_SIZE * 2]; - char key2[DES_KEY_SIZE * 2]; - char key3[DES_KEY_SIZE * 2]; -} test_keys_t; - -static test_keys_t gk[] = { - { "A0CB0D98FE752301", "105237EFCBA00DFE", "8CA64DE9C1B123A7" } -}; - -static test_keys_t bk[] = { - { "A0CB0D98FE752301", "A0CB0D98FE752301", "8CA64DE9C1B123A7" }, - { "FFFFFFFFFFFFFFFF", "0101010101010101", "E0E0E0E0F1F1F1F1" } -}; - -int -des3test(void) -{ - void *d3h; - - unsigned char key[DES3_KEY_SIZE]; - unsigned char plain[DES3_BLOCK_SIZE]; - unsigned char cipher[DES3_BLOCK_SIZE]; - unsigned char work[DES3_BLOCK_SIZE]; - - int fail; - int num; - int i; - - if (des3_init(&d3h) != 0) { - (void) printf("Error initializing DES3\n"); - return (-1); - } - - num = sizeof (td) / sizeof (test_data_t); - for (i = 0; i < num; i++) { - fail = 0; - - (void) printf("NIST Test #%d ", i+1); - getxdata(key, td[i].key, DES_KEY_SIZE); - bcopy(key, &key[8], DES_KEY_SIZE); /* K1=K2=K3 for test */ - bcopy(key, &key[16], DES_KEY_SIZE); - des3_key(d3h, key); - - getxdata(plain, td[i].plain, DES3_BLOCK_SIZE); - - getxdata(cipher, td[i].cipher, DES3_BLOCK_SIZE); - - bcopy(plain, work, DES3_BLOCK_SIZE); - des3_encrypt(d3h, work); - - if (bcmp(work, cipher, DES3_BLOCK_SIZE) != 0) { - (void) printf("FAILED [Encrypt]"); - (void) printf(" c: "); - putxdata(work, DES3_BLOCK_SIZE); - fail++; - } - des3_decrypt(d3h, work); - if (bcmp(work, plain, DES3_BLOCK_SIZE) != 0) { - (void) printf("FAILED [Decrypt]"); - (void) printf(" p: "); - putxdata(work, DES3_BLOCK_SIZE); - fail++; - } - if (fail == 0) - (void) printf("PASSED"); - (void) printf("\n"); - } - - des3_fini(d3h); - - return (fail); -} - -int -des3_keytest(void) -{ - unsigned char key[DES_KEY_SIZE * 3]; - int num; - int testnum = 0; - int fail = 0; - int i; - - num = sizeof (gk) / sizeof (test_keys_t); - for (i = 0; i < num; i++) { - getxdata(key, gk[i].key1, DES_KEY_SIZE); - getxdata(&key[8], gk[i].key2, DES_KEY_SIZE); - getxdata(&key[16], gk[i].key3, DES_KEY_SIZE); - (void) printf("Keycheck Test #%d ", testnum); - if (des3_keycheck(key)) { - (void) printf("PASSED\n", testnum); - } else { - fail++; - (void) printf("FAILED\n", testnum); - } - testnum++; - } - - num = sizeof (bk) / sizeof (test_keys_t); - for (i = 0; i < num; i++) { - getxdata(key, bk[i].key1, DES_KEY_SIZE); - getxdata(&key[8], bk[i].key2, DES_KEY_SIZE); - getxdata(&key[16], bk[i].key3, DES_KEY_SIZE); - (void) printf("Keycheck Test #%d ", testnum); - if (!des3_keycheck(key)) { - (void) printf("PASSED\n", testnum); - } else { - fail++; - (void) printf("FAILED\n", testnum); - } - testnum++; - } - - return (fail); -} diff --git a/usr/src/common/net/wanboot/crypt/des3_test.h b/usr/src/common/net/wanboot/crypt/des3_test.h deleted file mode 100644 index 63c5238842..0000000000 --- a/usr/src/common/net/wanboot/crypt/des3_test.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _DES3_TEST_H -#define _DES3_TEST_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#ifdef __cplusplus -extern "C" { -#endif - -extern int des3test(void); - -#ifdef __cplusplus -} -#endif - -#endif /* _DES3_TEST_H */ diff --git a/usr/src/common/net/wanboot/crypt/hmac_sha1.c b/usr/src/common/net/wanboot/crypt/hmac_sha1.c deleted file mode 100644 index d62cd10689..0000000000 --- a/usr/src/common/net/wanboot/crypt/hmac_sha1.c +++ /dev/null @@ -1,103 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/sha1.h> -#include <sys/sha1_consts.h> -#include "hmac_sha1.h" - -static void -HMACHashKey(uchar_t *hashedKey, const uchar_t *key, size_t klen) -{ - SHA1_CTX keyContext; - - SHA1Init(&keyContext); - SHA1Update(&keyContext, key, klen); - SHA1Final(hashedKey, &keyContext); -} - -void -HMACInit(SHA1_CTX *sha1Context, const uchar_t *key, size_t klen) -{ - uchar_t hashedKey[20]; - const uchar_t *keyptr; - uchar_t kipad[64]; - int i; - - if (klen > 64) { - HMACHashKey(hashedKey, key, klen); - keyptr = hashedKey; - klen = 20; - } else { - keyptr = key; - } - - /* kipad = K XOR ipad */ - for (i = 0; i < 64; i++) { - kipad[i] = (i < klen ? keyptr[i] : 0) ^ 0x36; - } - - SHA1Init(sha1Context); - SHA1Update(sha1Context, kipad, 64); -} - -void -HMACUpdate(SHA1_CTX *sha1Context, const uchar_t *data, size_t dlen) -{ - SHA1Update(sha1Context, data, dlen); -} - -void -HMACFinal(SHA1_CTX *sha1Context, const uchar_t *key, size_t klen, - uchar_t digest[20]) -{ - uchar_t hashedKey[20]; - const uchar_t *keyptr; - uchar_t kopad[64]; - int i; - - if (klen > 64) { - HMACHashKey(hashedKey, key, klen); - keyptr = hashedKey; - klen = 20; - } else { - keyptr = key; - } - - /* kopad = K XOR opad */ - for (i = 0; i < 64; i++) { - kopad[i] = (i < klen ? keyptr[i] : 0) ^ 0x5c; - } - - /* Compute H(kopad, H(kipad, text)) */ - SHA1Final(digest, sha1Context); - - SHA1Init(sha1Context); - SHA1Update(sha1Context, kopad, 64); - SHA1Update(sha1Context, digest, 20); - SHA1Final(digest, sha1Context); -} diff --git a/usr/src/common/net/wanboot/crypt/hmac_sha1.h b/usr/src/common/net/wanboot/crypt/hmac_sha1.h deleted file mode 100644 index de4b69495e..0000000000 --- a/usr/src/common/net/wanboot/crypt/hmac_sha1.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _HMAC_SHA1_H -#define _HMAC_SHA1_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/types.h> -#include <sys/sha1.h> - -#ifdef __cplusplus -extern "C" { -#endif - -#define HMAC_DIGEST_LEN 20 - -extern void HMACInit(SHA1_CTX *, const uchar_t *, size_t); -extern void HMACUpdate(SHA1_CTX *, const uchar_t *, size_t); -extern void HMACFinal(SHA1_CTX *sha1Context, const uchar_t *, size_t, - uchar_t digest[HMAC_DIGEST_LEN]); - - -#ifdef __cplusplus -} -#endif - -#endif /* _HMAC_SHA1_H */ diff --git a/usr/src/common/net/wanboot/crypt/hmac_test.c b/usr/src/common/net/wanboot/crypt/hmac_test.c deleted file mode 100644 index a02a449b96..0000000000 --- a/usr/src/common/net/wanboot/crypt/hmac_test.c +++ /dev/null @@ -1,138 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -/* - * HMAC SHA-1 test cases as defined by RFC 2202. - * - * The test uses predefined keys, data and digests. The data and keys - * are used by the HMAC SHA-1 implemention to produce a hash digest and - * the the result is compared against the expected digest. - */ - -#include <stdio.h> -#include <string.h> -#include <strings.h> - -#include "hmac_sha1.h" -#include "hmac_test.h" -#include "cmn_test.h" - -typedef struct test_data { - unsigned char key[80]; - int keylen; - unsigned char data[80]; - int datalen; - unsigned char digest[20]; -} test_data_t; - -int -hmactest(void) -{ - test_data_t td[7]; - SHA1_CTX sha; - uchar_t digest[20]; - int fail; - int num; - int i; - - td[0].keylen = 20; - getxdata(td[0].key, "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", - td[0].keylen); - td[0].datalen = 8; - (void) strcpy((char *)td[0].data, "Hi There"); - getxdata(td[0].digest, "b617318655057264e28bc0b6fb378c8ef146be00", 20); - - td[1].keylen = 4; - (void) strcpy((char *)td[1].key, "Jefe"); - td[1].datalen = 28; - (void) strcpy((char *)td[1].data, "what do ya want for nothing?"); - getxdata(td[1].digest, "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79", 20); - - td[2].keylen = 20; - getxdata(td[2].key, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - td[2].keylen); - td[2].datalen = 50; - getxdata(td[2].data, "ddddddddddddddddddddddddddddddddddddddddddddd" - "ddddddddddddddddddddddddddddddddddddddddddddddddddddddd", 50); - getxdata(td[2].digest, "125d7342b9ac11cd91a39af48aa17b4f63f175d3", 20); - - td[3].keylen = 25; - getxdata(td[3].key, "0102030405060708090a0b0c0d0e0f1011121314151617" - "1819", td[3].keylen); - td[3].datalen = 50; - getxdata(td[3].data, "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd" - "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd", - td[3].datalen); - getxdata(td[3].digest, "4c9007f4026250c6bc8414f9bf50c86c2d7235da", 20); - - td[4].keylen = 20; - getxdata(td[4].key, "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c", - td[4].keylen); - td[4].datalen = 20; - (void) strcpy((char *)td[4].data, "Test With Truncation"); - getxdata(td[4].digest, "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04", 20); - - td[5].keylen = 80; - getxdata(td[5].key, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - td[5].keylen); - td[5].datalen = 54; - (void) strcpy((char *)td[5].data, - "Test Using Larger Than Block-Size Key - Hash Key First"); - getxdata(td[5].digest, "aa4ae5e15272d00e95705637ce8a3b55ed402112", 20); - - td[6].keylen = 80; - getxdata(td[6].key, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - td[6].keylen); - td[6].datalen = 73; - (void) strcpy((char *)td[6].data, - "Test Using Larger Than Block-Size Key and Larger Than One " - "Block-Size Data"); - getxdata(td[6].digest, "e8e99d0f45237d786d6bbaa7965c7808bbff1a91", 20); - - num = sizeof (td) / sizeof (test_data_t); - for (i = 0; i < num; i++) { - fail = 0; - - (void) printf("Test #%d ", i); - HMACInit(&sha, td[i].key, td[i].keylen); - HMACUpdate(&sha, td[i].data, td[i].datalen); - HMACFinal(&sha, td[i].key, td[i].keylen, digest); - - if (bcmp(digest, td[i].digest, 20) != 0) { - (void) printf("FAILED\n"); - fail++; - } else { - (void) printf("PASSED\n"); - } - } - return (fail); -} diff --git a/usr/src/common/net/wanboot/crypt/hmac_test.h b/usr/src/common/net/wanboot/crypt/hmac_test.h deleted file mode 100644 index 0d66c70486..0000000000 --- a/usr/src/common/net/wanboot/crypt/hmac_test.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _HMAC_TEST_H -#define _HMAC_TEST_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#ifdef __cplusplus -extern "C" { -#endif - -extern int hmactest(void); - -#ifdef __cplusplus -} -#endif - -#endif /* _HMAC_TEST_H */ diff --git a/usr/src/common/net/wanboot/crypt/sha1_test.c b/usr/src/common/net/wanboot/crypt/sha1_test.c deleted file mode 100644 index 8293e00ba1..0000000000 --- a/usr/src/common/net/wanboot/crypt/sha1_test.c +++ /dev/null @@ -1,116 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -/* - * sha1_test.c - * - * Description: - * This file will exercise the SHA-1 code performing the three - * tests documented in FIPS PUB 180-1 plus one which calls - * SHA1Input with an exact multiple of 512 bits, plus a few - * error test checks. - * - * Portability Issues: - * None. - * - */ - -#include <stdio.h> -#include <strings.h> - -#include <sys/sha1.h> -#include "sha1_test.h" -#include "cmn_test.h" - -/* - * Define patterns for testing - */ -#define TEST1 "abc" -#define TEST2a "abcdbcdecdefdefgefghfghighijhi" -#define TEST2b "jkijkljklmklmnlmnomnopnopq" -#define TEST2 TEST2a TEST2b -#define TEST3 "a" -#define TEST4a "01234567012345670123456701234567" -#define TEST4b "01234567012345670123456701234567" - -/* an exact multiple of 512 bits */ -#define TEST4 TEST4a TEST4b - -static char *testarray[4] = { - TEST1, - TEST2, - TEST3, - TEST4 -}; - -static int repeatcount[4] = { 1, 1, 1000000, 10 }; - -static char *resultarray[4] = { - "A9993E364706816ABA3E25717850C26C9CD0D89D", - "84983E441C3BD26EBAAE4AA1F95129E5E54670F1", - "34AA973CD4C4DAA4F61EEB2BDBAD27316534016F", - "DEA356A2CDDD90C7A7ECEDC5EBB563934F460452" -}; - -int -sha1test(void) -{ - SHA1_CTX sha; - int fail; - int i; - int j; - uint8_t digest[20]; - uint8_t rdigest[20]; - - /* - * Perform SHA-1 tests - */ - for (j = 0; j < 4; ++j) { - fail = 0; - (void) printf("Test #%d ", j+1); - - SHA1Init(&sha); - - for (i = 0; i < repeatcount[j]; ++i) { - SHA1Update(&sha, (unsigned char *)testarray[j], - strlen(testarray[j])); - } - - SHA1Final(digest, &sha); - - getxdata(rdigest, resultarray[j], 20); - if (bcmp(digest, rdigest, 20) != 0) { - (void) printf("FAILED\n"); - fail++; - } else { - (void) printf("PASSED\n"); - } - } - - return (fail); -} diff --git a/usr/src/common/net/wanboot/crypt/sha1_test.h b/usr/src/common/net/wanboot/crypt/sha1_test.h deleted file mode 100644 index 51e9f89a89..0000000000 --- a/usr/src/common/net/wanboot/crypt/sha1_test.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _SHA1_TEST_H -#define _SHA1_TEST_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#ifdef __cplusplus -extern "C" { -#endif - -extern int sha1test(void); - -#ifdef __cplusplus -} -#endif - -#endif /* _SHA1_TEST_H */ diff --git a/usr/src/common/net/wanboot/http_errorstr.c b/usr/src/common/net/wanboot/http_errorstr.c deleted file mode 100644 index 6f91e24c4d..0000000000 --- a/usr/src/common/net/wanboot/http_errorstr.c +++ /dev/null @@ -1,116 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <unistd.h> -#include <string.h> -#include <errno.h> -#include <sys/types.h> - -#include <openssl/ssl.h> -#include <openssl/err.h> - -#include <boot_http.h> - -#ifndef _BOOT -extern const char *hstrerror(int); -#endif - -static const char *errlist[] = { - /* EHTTP_BADARG */ "One or more arguments are not valid", - /* EHTTP_NOMEM */ "Insufficient memory", - /* EHTTP_CONCLOSED */ "SSL connection is closed (but maybe not the" - " underlying connection)", - /* EHTTP_UNEXPECTED */ "SSL connection returned unexpected error", - /* EHTTP_EOFERR */ "Unexpected/premature EOF", - /* EHTTP_NOCERT */ "No certificate was presented", - /* EHTTP_NOMATCH */ "'Peername' doesn't match 'host' or no " - "matching entry", - /* EHTTP_NODATA */ "No data was returned", - /* EHTTP_NOT_1_1 */ "Not a HTTP/1.1 server", - /* EHTTP_BADHDR */ "Invalid header", - /* EHTTP_OORANGE */ "Request header line out of range", - /* EHTTP_NORESP */ "No response or partial response received", - /* EHTTP_BADRESP */ "Bad response or error response returned", - /* EHTTP_NOHEADER */ "Chunked header expected but not found", - /* EHTTP_NOBOUNDARY */ "Boundary line expected but not found", - /* EHTTP_NOTMULTI */ "This is not a multipart transfer", - /* EHTTP_BADSIZE */ "Could not determine msg body size" -}; -static int nerrs = { sizeof (errlist) / sizeof (errlist[0]) }; - -/* - * http_errorstr - print the error associated with the source and errorcode - * - * Arguments: - * errsrc - Which library caused the error (as returned by - * http_get_lasterr()) - * error - The error code returned - * - * Returns: - * Pointer to error string for this error. - */ -char const * -http_errorstr(uint_t errsrc, ulong_t error) -{ - char const *msg = NULL; -#ifdef _BOOT - static char message[128]; -#endif - switch (errsrc) { - case ERRSRC_SYSTEM: - msg = strerror(error); - if (msg == NULL) - msg = "Unknown system error"; - break; - case ERRSRC_LIBHTTP: - if (error == 0 || error > nerrs) - msg = "Unknown libhttp error"; - else - msg = errlist[error - 1]; - break; - case ERRSRC_RESOLVE: -#ifdef _BOOT - (void) sprintf(message, "Host retrieval error %lu\n", error); - msg = message; -#else - msg = hstrerror(error); -#endif - break; - case ERRSRC_VERIFERR: - msg = X509_verify_cert_error_string(error); - break; - case ERRSRC_LIBSSL: - msg = ERR_error_string(error, NULL); - break; - default: - msg = "Unknown error"; - break; - } - - return (msg); -} diff --git a/usr/src/common/net/wanboot/netboot_paths.h b/usr/src/common/net/wanboot/netboot_paths.h deleted file mode 100644 index 23bfa30914..0000000000 --- a/usr/src/common/net/wanboot/netboot_paths.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _NETBOOT_PATHS_H -#define _NETBOOT_PATHS_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * The netboot filesystem is mounted in different places in userland - * (the default) and the standalone; these are their mount-points: - */ -#if defined(_BOOT) -#define NB_NETBOOT_ROOT "/" -#else -#define NB_NETBOOT_ROOT "/etc/netboot/" -#endif /* defined(_BOOT) */ - -/* - * Well-known files within the netboot filesystem: - */ -#define NB_CA_CERT "truststore" -#define NB_CLIENT_CERT "certstore" -#define NB_CLIENT_KEY "keystore" -#define NB_WANBOOT_CONF "wanboot.conf" -#define NB_SYSTEM_CONF "system.conf" - -/* - * Well-known paths, derived from the above: - */ -#define NB_CA_CERT_PATH NB_NETBOOT_ROOT NB_CA_CERT -#define NB_CLIENT_CERT_PATH NB_NETBOOT_ROOT NB_CLIENT_CERT -#define NB_CLIENT_KEY_PATH NB_NETBOOT_ROOT NB_CLIENT_KEY -#define NB_WANBOOT_CONF_PATH NB_NETBOOT_ROOT NB_WANBOOT_CONF -#define NB_SYSTEM_CONF_PATH NB_NETBOOT_ROOT NB_SYSTEM_CONF - -#ifdef __cplusplus -} -#endif - -#endif /* _NETBOOT_PATHS_H */ diff --git a/usr/src/common/net/wanboot/p12access.c b/usr/src/common/net/wanboot/p12access.c deleted file mode 100644 index 53419dda42..0000000000 --- a/usr/src/common/net/wanboot/p12access.c +++ /dev/null @@ -1,496 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * This file includes interfaces to be used together with SSL to get PKCS#12 - * certs and pass them to SSL. They replace similar functions for PEM, - * already provided for within SSL. - * - * The interfaces included here are: - * sunw_p12_use_certfile - gets the user's cert from a pkcs12 file & pass - * it to SSL. - * sunw_p12_use_keyfile - gets the RSA private key from a pkcs12 file and - * pass it to SSL - * sunw_p12_use_trustfile - read the pkcs12 trust anchor (aka certificate - * authority certs) file into memory and hand them off to SSL. - * - * These functions use the sunw_PKCS12_parse to read the certs. - * - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <stdio.h> -#include <strings.h> -#include <stdlib.h> -#include <sys/stat.h> -#include <unistd.h> - -#include <openssl/crypto.h> -#include <openssl/err.h> -#include <openssl/x509.h> -#include <openssl/ssl.h> - -#include <openssl/pkcs12.h> -#include <p12access.h> -#include <p12err.h> - -static PKCS12 *p12_read_file(char *); -static int p12_doparse(PKCS12 *, char *, int, EVP_PKEY **, - X509 **, STACK_OF(X509) **); -static int checkfile(char *); -static int check_password(PKCS12 *, char *); - -/* - * sunw_use_x509cert - pass an x509 client certificate to ssl - * - * Arguments: - * ctx - SSL's context structure - * cert - Certificate to pass in x509 format - * - * Returns: - * <=0 - Error occurred. Check the error stack for specifics. - * >0 - Success. Cert was successfully added. - */ -static int -sunw_use_x509cert(SSL_CTX *ctx, X509 *cert) -{ - ERR_clear_error(); - - if (ctx == NULL || cert == NULL) { - SUNWerr(SUNW_F_USE_X509CERT, SUNW_R_INVALID_ARG); - return (-1); - } - - if (SSL_CTX_use_certificate(ctx, cert) != 1) { - SUNWerr(SUNW_F_USE_X509CERT, SUNW_R_CERT_ERR); - return (-1); - } - return (1); -} - -/* - * sunw_use_pkey - pass an EVP_PKEY private key to ssl - * - * Arguments: - * ctx - SSL's context structure - * pkey - EVP_PKEY formatted private key - * - * Returns: - * <=0 - Error occurred. Check the error stack for specifics. - * >0 - Success. - */ -static int -sunw_use_pkey(SSL_CTX *ctx, EVP_PKEY *pkey) -{ - ERR_clear_error(); - if (ctx == NULL || pkey == NULL) { - SUNWerr(SUNW_F_USE_PKEY, SUNW_R_INVALID_ARG); - return (-1); - } - - if (SSL_CTX_use_PrivateKey(ctx, pkey) != 1) { - SUNWerr(SUNW_F_USE_PKEY, SUNW_R_PKEY_ERR); - return (-1); - } - - return (1); -} - -/* - * sunw_use_tastore - take a stack of X509 certs and add them to the - * SSL store of trust anchors (aka CA certs). - * - * This function takes the certs in the stack and passes them into - * SSL for addition to the cache of TA certs. - * - * Arguments: - * ctx - SSL's context structure - * ta_certs - Stack of certs to add to the list of SSL trust anchors. - * - * Returns: - * <=0 - Error occurred. Check the error stack for specifics. - * >0 - Success. Certs were successfully added. - */ -static int -sunw_use_tastore(SSL_CTX *ctx, STACK_OF(X509) *ta_certs) -{ - X509 *tmp; - int ret = -1; - int i; - - ERR_clear_error(); - if (ctx == NULL || ctx->cert_store == NULL || ta_certs == NULL) { - SUNWerr(SUNW_F_USE_TASTORE, SUNW_R_INVALID_ARG); - return (-1); - } - - if (sk_X509_num(ta_certs) == 0) { - SUNWerr(SUNW_F_USE_TASTORE, SUNW_R_NO_TRUST_ANCHOR); - return (-1); - } - - for (i = 0; i < sk_X509_num(ta_certs); i++) { - tmp = sk_X509_value(ta_certs, i); - - ret = X509_STORE_add_cert(ctx->cert_store, tmp); - if (ret == 0) { - if (ERR_GET_REASON(ERR_peek_error()) == - X509_R_CERT_ALREADY_IN_HASH_TABLE) { - ERR_clear_error(); - continue; - } - SUNWerr(SUNW_F_USE_TASTORE, SUNW_R_ADD_TRUST_ERR); - return (-1); - } else if (ret < 0) { - break; - } - } - - if (ret < 0) { - SUNWerr(SUNW_F_USE_TASTORE, SUNW_R_ADD_TRUST_ERR); - } - - return (ret); -} - -/* - * sunw_p12_use_certfile - read a client certificate from a pkcs12 file and - * pass it in to SSL. - * - * Read in the certificate in pkcs12-formated file. Use the provided - * passphrase to decrypt it. Pass the cert to SSL. - * - * Arguments: - * ctx - SSL's context structure - * filename - Name of file with the client certificate. - * passwd - Passphrase for pkcs12 data. - * - * Returns: - * <=0 - Error occurred. Check the error stack for specifics. - * >0 - Success. Cert was successfully added. - */ -int -sunw_p12_use_certfile(SSL_CTX *ctx, char *filename, char *passwd) -{ - PKCS12 *p12 = NULL; - X509 *cert = NULL; - int ret = -1; - - ERR_clear_error(); - if (ctx == NULL || filename == NULL) { - SUNWerr(SUNW_F_USE_CERTFILE, SUNW_R_INVALID_ARG); - return (-1); - } - - p12 = p12_read_file(filename); - if (p12 != NULL) { - ret = p12_doparse(p12, passwd, DO_UNMATCHING, NULL, - &cert, NULL); - if (ret > 0 && cert != NULL) { - if (sunw_use_x509cert(ctx, cert) == -1) { - /* - * Error already on stack - */ - ret = -1; - } - } - } - - if (p12 != NULL) - PKCS12_free(p12); - - if (ret == -1 && cert != NULL) { - X509_free(cert); - cert = NULL; - } - - return (ret); -} - -/* - * sunw_p12_use_keyfile - read a RSA private key from a pkcs12 file and pass - * it in to SSL. - * - * Read in the RSA private key in pkcs12 format. Use the provided - * passphrase to decrypt it. Pass the cert to SSL. - * - * Arguments: - * ctx - SSL's context structure - * filename - Name of file with private key. - * passwd - Passphrase for pkcs12 data. - * - * Returns: - * <=0 - Error occurred. Check the error stack for specifics. - * >0 - Success. Key was successfully added. - */ -int -sunw_p12_use_keyfile(SSL_CTX *ctx, char *filename, char *passwd) -{ - EVP_PKEY *pkey = NULL; - PKCS12 *p12 = NULL; - int ret = -1; - - ERR_clear_error(); - if (ctx == NULL || filename == NULL) { - SUNWerr(SUNW_F_USE_KEYFILE, SUNW_R_INVALID_ARG); - return (-1); - } - - p12 = p12_read_file(filename); - if (p12 != NULL) { - ret = p12_doparse(p12, passwd, DO_UNMATCHING, &pkey, NULL, - NULL); - if (ret > 0 && pkey != NULL) { - if (sunw_use_pkey(ctx, pkey) != 1) { - /* - * Error already on stack - */ - ret = -1; - } - } else { - SUNWerr(SUNW_F_USE_KEYFILE, SUNW_R_BAD_PKEY); - } - } else { - SUNWerr(SUNW_F_USE_KEYFILE, SUNW_R_PKEY_READ_ERR); - } - - if (p12 != NULL) - PKCS12_free(p12); - - if (ret == -1 && pkey != NULL) { - sunw_evp_pkey_free(pkey); - pkey = NULL; - } - - return (ret); -} - -/* - * sunw_p12_use_trustfile - read a list of trustanchors from a pkcs12 file and - * pass the stack in to SSL. - * - * Read in the trust anchors from pkcs12-formated file. Use the provided - * passphrase to decrypt it. Pass the cert to SSL. - * - * Arguments: - * ctx - SSL's context structure - * filename - Name of file with the certificates. - * passwd - Passphrase for pkcs12 data. - * - * Returns: - * <=0 - Error occurred. Check the error stack for specifics. - * >0 - Success. Trust anchors were successfully added. - */ -int -sunw_p12_use_trustfile(SSL_CTX *ctx, char *filename, char *passwd) -{ - PKCS12 *p12 = NULL; - STACK_OF(X509) *ta_sk = NULL; - int ret = -1; - - ERR_clear_error(); - if (ctx == NULL || filename == NULL) { - SUNWerr(SUNW_F_USE_TRUSTFILE, SUNW_R_INVALID_ARG); - return (-1); - } - - p12 = p12_read_file(filename); - if (p12 != NULL) { - ret = p12_doparse(p12, passwd, DO_NONE, NULL, NULL, - &ta_sk); - if (ret > 0 && ta_sk != NULL) - ret = sunw_use_tastore(ctx, ta_sk); - else { - SUNWerr(SUNW_F_USE_TRUSTFILE, SUNW_R_BAD_TRUST); - ret = -1; - } - } else { - SUNWerr(SUNW_F_USE_TRUSTFILE, SUNW_R_READ_TRUST_ERR); - } - - if (p12 != NULL) - PKCS12_free(p12); - - if (ta_sk != NULL) - sk_X509_pop_free(ta_sk, X509_free); - - return (ret); -} - -/* - * p12_read_file - read a pkcs12 file and get its contents. Return the - * pkcs12 structures. - * - * Arguments: - * filename - Name of file with the client certificate. - * - * - * Returns: - * NULL - Error occurred. Check the error stack for specifics. - * != NULL - Success. The return value is the address of a pkcs12 - * structure. - */ -static PKCS12 * -p12_read_file(char *filename) -{ - PKCS12 *p12 = NULL; - FILE *fp = NULL; - int ret = 0; - - ERR_clear_error(); - if (checkfile(filename) == -1) { - /* - * Error already on stack - */ - return (NULL); - } - - if ((fp = fopen(filename, "r")) == 0) { - SYSerr(SYS_F_FOPEN, errno); - return (NULL); - } - - p12 = d2i_PKCS12_fp(fp, NULL); - if (p12 == NULL) { - SUNWerr(SUNW_F_READ_FILE, SUNW_R_READ_ERR); - ret = -1; - } - - if (fp != NULL) - (void) fclose(fp); - - if (ret == -1 && p12 != NULL) { - PKCS12_free(p12); - p12 = NULL; - } - - return (p12); -} - -/* - * p12_doparse - Given a pkcs12 structure, check the passphrase and then - * parse it. - * - * Arguments: - * p12 - Structure with pkcs12 data which has been read in - * passwd - Passphrase for pkcs12 data & key. - * matchty - How to decide which matching entry to take... See the - * DO_* definitions for valid values. - * pkey - Points at pointer to private key structure. - * cert - Points at pointer to client certificate structure - * ca - Points at pointer to list of CA certs - * - * Returns: - * <=0 - Error occurred. Check the error stack for specifics. - * >0 - Success. Bits set reflect the kind of information - * returned. (See the FOUND_* definitions.) - */ -static int -p12_doparse(PKCS12 *p12, char *passwd, int matchty, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) -{ - int ret = 0; - - ERR_clear_error(); - - /* - * Check passphrase (including null one). - */ - if (check_password(p12, passwd) == 0) { - SUNWerr(SUNW_F_DOPARSE, SUNW_R_MAC_VERIFY_FAILURE); - return (-1); - } - - ret = sunw_PKCS12_parse(p12, passwd, matchty, NULL, 0, NULL, - pkey, cert, ca); - if (ret <= 0) { - /* - * Error already on stack - */ - return (-1); - } - - return (ret); -} - -/* - * checkfile - given a file name, verify that the file exists and is - * readable. - */ -/* ARGSUSED */ -static int -checkfile(char *filename) -{ -#ifndef _BOOT - struct stat sbuf; - - if (access(filename, R_OK) == -1 || stat(filename, &sbuf) == -1) { - SYSerr(SYS_F_FOPEN, errno); - return (-1); - } - - if (!S_ISREG(sbuf.st_mode)) { - SUNWerr(SUNW_F_CHECKFILE, SUNW_R_BAD_FILETYPE); - return (-1); - } -#endif - return (0); -} - -/* - * check_password - do various password checks to see if the current password - * will work or we need to prompt for a new one. - * - * Arguments: - * pass - password to check - * - * Returns: - * 1 - Password is OK. - * 0 - Password not valid. Error stack was set - use ERR_get_error() to - * to get the error. - */ -static int -check_password(PKCS12 *p12, char *pass) -{ - int ret = 1; - - /* - * If password is zero length or NULL then try verifying both cases - * to determine which password is correct. The reason for this is that - * under PKCS#12 password based encryption no password and a zero - * length password are two different things. Otherwise, calling - * PKCS12_verify_mac() with a length of -1 means that the length - * can be determined via strlen(). - */ - /* Check the mac */ - if (pass == NULL || *pass == '\0') { - if (PKCS12_verify_mac(p12, NULL, 0) == 0 && - PKCS12_verify_mac(p12, "", 0) == 0) - ret = 0; - } else if (PKCS12_verify_mac(p12, pass, -1) == 0) { - ret = 0; - } - - return (ret); -} diff --git a/usr/src/common/net/wanboot/p12access.h b/usr/src/common/net/wanboot/p12access.h deleted file mode 100644 index 288274d5b7..0000000000 --- a/usr/src/common/net/wanboot/p12access.h +++ /dev/null @@ -1,101 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002, 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _P12ACCESS_H -#define _P12ACCESS_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#ifdef __cplusplus -extern "C" { -#endif - -#include <p12aux.h> -#include <openssl/ssl.h> - -/* - * sunw_p12_use_certfile - read a client certificate from a pkcs12 file and - * pass it in to SSL. - * - * Read in the certificate in pkcs12-formated file. If there is a pass phrase - * use that to decrypt; if no pass phrase was given and there is a callback - * routine, call it. Pass the cert to SSL. - * - * Arguments: - * ctx - SSL's context structure - * filename - Name of file with the client certificate. - * passwd - Pass phrase for pkcs12 data. - * - * Returns: - * -1 - Error occurred. Check the error stack for specifics. - * 0 - Success. Cert was successfully added. - */ -int sunw_p12_use_certfile(SSL_CTX *, char *, char *); - -/* - * sunw_p12_use_keyfile - read a RSA private key from a pkcs12 file and pass - * it in to SSL. - * - * Read in the RSA private key in pkcs12 format. If there is a pass phrase - * use it to decrypt; if no pass phrase was given and there is a callback - * given, call it. Pass the key to SSL. - * - * Arguments: - * ctx - SSL's context structure - * filename - Name of file with private key. - * passwd - Pass phrase for pkcs12 data. - * - * Returns: - * -1 - Error occurred. Check the error stack for specifics. - * 0 - Success. - */ -int sunw_p12_use_keyfile(SSL_CTX *, char *, char *); - -/* - * sunw_p12_use_trustfile - read a list of trustanchors from a pkcs12 file and - * pass the stack in to SSL. - * - * Read in the trust anchors from pkcs12-formated file. If there is a pass - * phrase use that to decrypt; if no pass phrase was given and there is a - * callback routine, call it. Pass the stack of certs to SSL. - * - * Arguments: - * ctx - SSL's context structure - * filename - Name of file with the certificates. - * passwd - Pass phrase for pkcs12 data. - * - * Returns: - * -1 - Error occurred. Check the error stack for specifics. - * 0 - Success. Trust anchors were successfully added. - */ -int sunw_p12_use_trustfile(SSL_CTX *, char *, char *); - - -#ifdef __cplusplus -} -#endif - -#endif /* _P12ACCESS_H */ diff --git a/usr/src/common/net/wanboot/p12aux.h b/usr/src/common/net/wanboot/p12aux.h deleted file mode 100644 index da07f09720..0000000000 --- a/usr/src/common/net/wanboot/p12aux.h +++ /dev/null @@ -1,489 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002, 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -/* - * Copyright (c) 2015 by Delphix. All rights reserved. - */ - -#ifndef _P12AUX_H -#define _P12AUX_H - -#include <openssl/pkcs12.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * I really hate to do this. It's pretty gross, but go ahead and use the - * macros and functions already defined to provide new EVP_PKEY-specific - * macros, for use within this file only. - * - * My apologies. - */ -/* BEGIN CSTYLED */ -DECLARE_STACK_OF(EVP_PKEY) -/* END CSTYLED */ - -#define sk_EVP_PKEY_new_null() SKM_sk_new_null(EVP_PKEY) -#define sk_EVP_PKEY_free(st) SKM_sk_free(EVP_PKEY, (st)) -#define sk_EVP_PKEY_num(st) SKM_sk_num(EVP_PKEY, (st)) -#define sk_EVP_PKEY_value(st, i) SKM_sk_value(EVP_PKEY, (st), (i)) -#define sk_EVP_PKEY_push(st, val) SKM_sk_push(EVP_PKEY, (st), (val)) -#define sk_EVP_PKEY_find(st, val) SKM_sk_find(EVP_PKEY, (st), (val)) -#define sk_EVP_PKEY_delete(st, i) SKM_sk_delete(EVP_PKEY, (st), (i)) -#define sk_EVP_PKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY, (st), (ptr)) -#define sk_EVP_PKEY_insert(st, val, i) SKM_sk_insert(EVP_PKEY, (st), (val), (i)) -#define sk_EVP_PKEY_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY, (st), \ - (free_func)) -#define sk_EVP_PKEY_pop(st) SKM_sk_pop(EVP_PKEY, (st)) - -/* - * This type indicates what to do with an attribute being returned. - */ -typedef enum { - GETDO_COPY = 1, /* Simply return the value of the attribute */ - GETDO_DEL /* Delete the attribute at the same time. */ -} getdo_actions_t; - -/* - * The following is used to call the sunw_print_times function which is - * described at the bottom of the page. - */ -typedef enum { - PRNT_NOT_BEFORE = 1, /* Print 'not before' date */ - PRNT_NOT_AFTER, /* Print 'not after' date */ - PRNT_BOTH /* Prints both dates */ -} prnt_actions_t; - -/* - * For sunw_pkcs12_parse, the following are values for bits that indicate - * various types of searches/matching to do. Any of these values can be - * OR'd together. However, the order in which an attempt will be made - * to satisfy them is the order in which they are listed below. The - * exception is DO_NONE. It should not be OR'd with any other value. - */ -#define DO_NONE 0x00 /* Don't even try to match */ -#define DO_FIND_KEYID 0x01 /* 1st cert, key with matching localkeyid */ -#define DO_FIND_FN 0x02 /* 1st cert, key with matching friendlyname */ -#define DO_FIRST_PAIR 0x04 /* Return first matching cert/key pair found */ -#define DO_LAST_PAIR 0x08 /* Return last matching cert/key pair found */ -#define DO_UNMATCHING 0x10 /* Return first cert and/or key */ - -/* Bits returned, which indicate what values were found. */ -#define FOUND_PKEY 0x01 /* Found one or more private key */ -#define FOUND_CERT 0x02 /* Found one or more client certificate */ -#define FOUND_CA_CERTS 0x04 /* Added at least one cert to the CA list */ -#define FOUND_XPKEY 0x08 /* Found at least one private key which does */ - /* not match a certificate in the certs list */ - -/* - * sunw_cryto_init() does crypto-specific initialization. - * - * Arguments: - * None. - * - * Returns: - * None. - */ -void sunw_crypto_init(void); - -/* - * sunw_PKCS12_parse() parses a pkcs#12 structure and returns component parts. - * - * Parse and decrypt a PKCS#12 structure returning user key, user cert and/or - * other (CA) certs. Note either ca should be NULL, *ca should be NULL, - * or it should point to a valid STACK_OF(X509) structure. pkey and cert can - * be passed uninitialized. - * - * Arguments: - * p12 - Structure with pkcs12 info to be parsed - * pass - Pass phrase for the private key and entire pkcs12 wad (possibly - * empty) or NULL if there is none. - * matchty - Info about which certs/keys to return if many are in the file. - * keyid_str- If private key localkeyids are to match a predetermined value, - * the value to match. - * keyid_len- Length of the keyid byte string. - * name_str - If friendlynames are to match a predetermined value, the value - * to match. - * pkey - Points to location pointing to the private key returned. - * cert - Points to locaiton which points to the client cert returned - * ca - Points to location that points to a stack of 'certificate - * authority' certs (possibly including trust anchors). - * - * Match based on the value of 'matchty' and the contents of 'keyid_str' - * and/or 'name_str', as appropriate. Go through the lists of certs and - * private keys which were taken from the pkcs12 structure, looking for - * matches of the requested type. This function only searches the lists of - * matching private keys and client certificates. Kinds of matches allowed, - * and the order in which they will be checked, are: - * - * 1) Find the key and/or cert whose localkeyid attributes matches 'cmpstr' - * 2) Find the key and/or cert whose friendlyname attributes matches 'cmpstr' - * 3) Return the first matching key/cert pair found. - * 4) Return the last matching key/cert pair found. - * 5) Return whatever cert and/or key are available, even unmatching. - * - * Append the certs which do not have matching private keys and which were - * not selected to the CA list. - * - * If none of the bits are set, no client certs or private keys will be - * returned. CA (aka trust anchor) certs can be. - * - * Notes: If #3 is selected, then #4 will never occur. CA certs will be - * selected after a cert/key pairs are isolated. - * - * Returns: - * < 0 - An error returned. Call ERR_get_error() to get errors information. - * Where possible, memory has been freed. - * >= 0 - Objects were found and returned. Which objects are indicated by - * which bits are set (FOUND_PKEY, FOUND_CERT, FOUND_CA_CERTS). - */ -int sunw_PKCS12_parse(PKCS12 *, const char *, int, char *, int, char *, - EVP_PKEY **, X509 **, STACK_OF(X509) **); - - -/* - * sunw_PKCS12_create() creates a pkcs#12 structure and given component parts. - * - * Given one or more of user private key, user cert and/or other (CA) certs, - * return an encrypted PKCS12 structure containing them. - * - * Arguments: - * pass - Pass phrase for the pkcs12 structure and private key (possibly - * empty) or NULL if there is none. It will be used to encrypt - * both the private key(s) and as the pass phrase for the whole - * pkcs12 wad. - * pkey - Points to stack of private keys. - * cert - Points to stack of client (public ke) certs - * ca - Points to stack of 'certificate authority' certs (or trust - * anchors). - * - * Note that any of these may be NULL. - * - * Returns: - * NULL - An error occurred. - * != NULL - Address of PKCS12 structure. The user is responsible for - * freeing the memory when done. - */ -PKCS12 *sunw_PKCS12_create(const char *, STACK_OF(EVP_PKEY) *, STACK_OF(X509) *, - STACK_OF(X509) *); - - -/* - * sunw_split_certs() - Given a list of certs and a list of private keys, - * moves certs which match one of the keys to a different stack. - * - * Arguments: - * allkeys - Points to a stack of private keys to search. - * allcerts - Points to a stack of certs to be searched. - * keycerts - Points to address of a stack of certs with matching private - * keys. They are moved from 'allcerts'. This may not be NULL - * when called. If *keycerts is NULL upon entry, a new stack will - * be allocated. Otherwise, it must be a valid STACK_OF(509). - * nocerts - Points to address of a stack for keys which have no matching - * certs. Keys are moved from 'allkeys' here when they have no - * matching certs. If this is NULL, matchless keys will be - * discarded. - * - * Notes: If an error occurs while moving certs, the cert being move may be - * lost. 'keycerts' may only contain part of the matching certs. The number - * of certs successfully moved can be found by checking sk_X509_num(keycerts). - * - * If there is a key which does not have a matching cert, it is moved to - * the list nocerts. - * - * If all certs are removed from 'certs' and/or 'pkeys', it will be the - * caller's responsibility to free the empty stacks. - * - * Returns: - * < 0 - An error returned. Call ERR_get_error() to get errors information. - * Where possible, memory has been freed. - * >= 0 - The number of certs moved from 'cert' to 'pkcerts'. - */ -int sunw_split_certs(STACK_OF(EVP_PKEY) *, STACK_OF(X509) *, STACK_OF(X509) **, - STACK_OF(EVP_PKEY) **); - -/* - * sunw_evp_pkey_free() Given an EVP_PKEY structure, free any attributes - * that are attached. Then free the EVP_PKEY itself. - * - * This is the replacement for EVP_PKEY_free() for the sunw stuff. - * It should be used in places where EVP_PKEY_free would be used, - * including calls to sk_EVP_PKEY_pop_free(). - * - * Arguments: - * pkey - Entry which potentially has attributes to be freed. - * - * Returns: - * None. - */ -void sunw_evp_pkey_free(EVP_PKEY *); - -/* - * sunw_set_localkeyid() sets the localkeyid in a cert, a private key or - * both. Any existing localkeyid will be discarded. - * - * Arguments: - * keyid_str- A byte string with the localkeyid to set - * keyid_len- Length of the keyid byte string. - * pkey - Points to a private key to set the keyidstr in. - * cert - Points to a cert to set the keyidstr in. - * - * Note that setting a keyid into a cert which will not be written out as - * a PKCS12 cert is pointless since it will be lost. - * - * Returns: - * 0 - Success. - * < 0 - An error occurred. It was probably an error in allocating - * memory. The error will be set in the error stack. Call - * ERR_get_error() to get specific information. - */ -int sunw_set_localkeyid(const char *, int, EVP_PKEY *, X509 *); - - -/* - * sunw_get_pkey_localkeyid() gets the localkeyid from a private key. It can - * optionally remove the value found. - * - * Arguments: - * dowhat - What to do with the attributes (remove them or copy them). - * pkey - Points to a private key to set the keyidstr in. - * keyid_str- Points to a location which will receive the pointer to - * a byte string containing the binary localkeyid. Note that - * this is a copy, and the caller must free it. - * keyid_len- Length of keyid_str. - * - * Returns: - * >= 0 - The number of characters in the keyid returned. - * < 0 - An error occurred. It was probably an error in allocating - * memory. The error will be set in the error stack. Call - * ERR_get_error() to get specific information. - */ -int sunw_get_pkey_localkeyid(getdo_actions_t, EVP_PKEY *, char **, int *); - - -/* - * sunw_get_pkey_fname() gets the friendlyName from a private key. It can - * optionally remove the value found. - * - * Arguments: - * dowhat - What to do with the attributes (remove them or just return - * them). - * pkey - Points to a private key to get the keyid from - * fname - Points to a location which will receive the pointer to a - * byte string with the ASCII friendlyname - * - * Returns: - * >= 0 - The number of characters in the keyid returned. - * < 0 - An error occurred. It was probably an error in allocating - * memory. The error will be set in the error stack. Call - * ERR_get_error() to get specific information. - */ -int sunw_get_pkey_fname(getdo_actions_t, EVP_PKEY *, char **); - - -/* - * sunw_find_localkeyid() searches stacks of certs and private keys, and - * returns the first matching cert/private key found. - * - * Look for a keyid in a stack of certs. if 'certs' is NULL and 'pkeys' is - * not NULL, search the list of private keys. Move the matching cert to - * 'matching_cert' and its matching private key to 'matching_pkey'. If no - * cert or keys match, no match occurred. - * - * Arguments: - * keyid_str- A byte string with the localkeyid to match - * keyid_len- Length of the keyid byte string. - * pkeys - Points to a stack of private keys which match the certs. - * This may be NULL, in which case no keys are returned. - * certs - Points to a stack of certs to search. If NULL, search the - * stack of keys instead. - * matching_pkey - * - Pointer to receive address of first matching pkey found. - * 'matching_pkey' must not be NULL; '*matching_pkey' will be - * reset. - * matching_cert - * - Pointer to receive address of first matching cert found. - * 'matching_cert' must not be NULL; '*matching_cert' will be - * reset. - * - * Returns: - * < 0 - An error returned. Call ERR_get_error() to get errors information. - * Where possible, memory has been freed. - * >= 0 - Objects were found and returned. Which objects are indicated by - * which bits are set (FOUND_PKEY and/or FOUND_CERT). - */ -int sunw_find_localkeyid(char *, int, STACK_OF(EVP_PKEY) *, STACK_OF(X509) *, - EVP_PKEY **, X509 **); - - -/* - * sunw_find_fname() searches stacks of certs and private keys for one with - * a matching friendlyname and returns the first matching cert/private - * key found. - * - * Look for a friendlyname in a stack of certs. if 'certs' is NULL and 'pkeys' - * is not NULL, search the list of private keys. Move the matching cert to - * 'matching_cert' and its matching private key to 'matching_pkey'. If no - * cert or keys match, no match occurred. - * - * Arguments: - * fname - Friendlyname to find (NULL-terminated ASCII string). - * pkeys - Points to a stack of private keys which match the certs. - * This may be NULL, in which case no keys are returned. - * certs - Points to a stack of certs to search. If NULL, search the - * stack of keys instead. - * matching_pkey - * - Pointer to receive address of first matching pkey found. - * matching_cert - * - Pointer to receive address of first matching cert found. - * - * Returns: - * < 0 - An error returned. Call ERR_get_error() to get errors information. - * Where possible, memory has been freed. - * >= 0 - Objects were found and returned. Which objects are indicated by - * which bits are set (FOUND_PKEY and/or FOUND_CERT). - */ -int sunw_find_fname(char *, STACK_OF(EVP_PKEY) *, STACK_OF(X509) *, EVP_PKEY **, - X509 **); - - -/* - * sunw_print_times() formats and prints cert times to the given file. - * - * The label is printed on one line. One or both dates are printed on - * the following line or two, each with it's own indented label in the - * format: - * - * label - * 'not before' date: whatever - * 'not after' date: whatever - * - * Arguments: - * fp - file pointer for file to write to. - * dowhat - what field(s) to print. - * label - Label to use. If NULL, no line will be printed. - * cert - Points to a client or CA cert to check - * - * Returns: - * < 0 - An error occured. - * >= 0 - Number of lines written. - */ -int sunw_print_times(FILE *, prnt_actions_t, char *, X509 *); - - -/* - * sunw_check_keys() compares the public key in the certificate and a - * private key to ensure that they match. - * - * Arguments: - * cert - Points to a certificate. - * pkey - Points to a private key. - * - * Returns: - * == 0 - These do not match. - * != 0 - The cert's public key and the private key match. - */ -int sunw_check_keys(X509 *, EVP_PKEY *); - - -/* - * sunw_issuer_attrs - Given a cert, return the issuer-specific attributes - * as one ASCII string. - * - * Arguments: - * cert - Cert to process - * buf - If non-NULL, buffer to receive string. If NULL, one will - * be allocated and its value will be returned to the caller. - * len - If 'buff' is non-null, the buffer's length. - * - * This returns an ASCII string with all issuer-related attributes in one - * string separated by '/' characters. Each attribute begins with its name - * and an equal sign. Two attributes (ATTR1 and Attr2) would have the - * following form: - * - * ATTR1=attr_value/ATTR2=attr2_value - * - * Returns: - * != NULL - Pointer to the ASCII string containing the issuer-related - * attributes. If the 'buf' argument was NULL, this is a - * dynamically-allocated buffer and the caller will have the - * responsibility for freeing it. - * NULL - Memory needed to be allocated but could not be. Errors - * are set on the error stack. - */ -char *sunw_issuer_attrs(X509 *cert, char *buf, int len); - - -/* - * sunw_subject_attrs - Given a cert, return the subject-specific attributes - * as one ASCII string. - * - * Arguments: - * cert - Cert to process - * buf - If non-NULL, buffer to receive string. If NULL, one will - * be allocated and its value will be returned to the caller. - * len - If 'buff' is non-null, the buffer's length. - * - * This returns an ASCII string with all subject-related attributes in one - * string separated by '/' characters. Each attribute begins with its name - * and an equal sign. Two attributes (ATTR1 and Attr2) would have the - * following form: - * - * ATTR1=attr_value/ATTR2=attr2_value - * - * Returns: - * != NULL - Pointer to the ASCII string containing the subject-related - * attributes. If the 'buf' argument was NULL, this is a - * dynamically-allocated buffer and the caller will have the - * responsibility for freeing it. - * NULL - Memory needed to be allocated but could not be. Errors - * are set on the error stack. - */ -char *sunw_subject_attrs(X509 *cert, char *buf, int len); - -/* - * sunw_append_keys - Given two stacks of private keys, remove the keys from - * the second stack and append them to the first. Both stacks must exist - * at time of call. - * - * Arguments: - * dst - the stack to receive the keys from 'src' - * src - the stack whose keys are to be moved. - * - * Returns: - * -1 - An error occurred. The error status is set. - * >= 0 - The number of keys that were copied. - */ -int sunw_append_keys(STACK_OF(EVP_PKEY) *, STACK_OF(EVP_PKEY) *); - - -#ifdef __cplusplus -} -#endif - -#endif /* _P12AUX_H */ diff --git a/usr/src/common/net/wanboot/p12auxpars.c b/usr/src/common/net/wanboot/p12auxpars.c deleted file mode 100644 index 2ce0836fed..0000000000 --- a/usr/src/common/net/wanboot/p12auxpars.c +++ /dev/null @@ -1,859 +0,0 @@ -/* - * ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - * Copyright 2002, 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <stdio.h> -#include <strings.h> -#include <stdlib.h> - -#include <openssl/crypto.h> -#include <openssl/err.h> -#include <openssl/x509.h> - -#include <openssl/pkcs12.h> -#include <p12aux.h> -#include <auxutil.h> -#include <p12err.h> - -/* - * Briefly, a note on the APIs provided by this module. - * - * The sunw_PKCS_parse, parse_pkcs12 and sunw_PKCS12_contents APIs - * replace OpenSSL funcionality provided by PKCS12_parse and its - * supporting routines. - * - * The APIs provided here provide more functionality: - * - * - sunw_PKCS12_parse provides: - * - * earlier MAC processing than PKCS12_parse - * - * treats the handling of the difference between CA certs and certs - * with matching private keys differently that PKCS12_parse does. In - * PKCS12_parse, any cert which is not the one selected is assumed to be - * a CA cert. In parse_pkcs12, certs which have matching private keys are - * not returned as part of the CA certs. - * - * the matching of private keys and certs is done at this level, rather than - * at the lower levels which were used in the openssl implementation. This - * is part of the changes introduced so that the parsing functions can - * return just a cert, just a private key, the stack of CA certs or any - * combination. - * - * added DO_FIRST_PAIR, DO_LAST_PAIR and DO_UNMATCHING matchty support. - * - * do a much better job of cleaning up. Specifically, free the added - * attributes on the private key which was done by calling - * sunw_evp_pkey_free(). - * - * in sunw_PKCS12_contents, handle allocation of the stacks of certificates - * and private keys so that a) the original stacks are not changed unless - * the parsing was successful; b) it will either extend stacks passed in, - * or allocate new ones if none were supplied. - * - * - for parse_outer vs. parse_pk12() (from the openssl source base): - * - * this calls lower levels with stacks of private keys and certs, rather - * that a cert, a private key and a stack for CA certs. - * - * - In the case of parse_all_bags vs. parse_bags, there is no real difference, - * other than use of stacks of private keys and certificates (as opposed - * to one cert, one private key and a stack of CA certificates). - * - * - Finally, for parse_one_bag vs. parse_bag: - * - * got rid of the bugs the openssl matching of keys and certificates. - * - * got rid of the requirement that there is one private key and a matching - * cert somewhere in the input. This was done by moving the matching - * code to a higher level. - * - * put any localKeyID and/or friendlyName attributes found in the structures - * returned, so that they can be used at higher levels for searching, etc. - * - * added some error returns (like an error when there is an unsupported - * bag type, an unsupported certificate type or an unsupported key type) - * - * Added cleanup before returning. - */ - -static int parse_pkcs12(PKCS12 *, const char *, int, char *, int, char *, - EVP_PKEY **, X509 **, STACK_OF(X509) **); - -static int parse_outer(PKCS12 *, const char *, STACK_OF(EVP_PKEY) *, - STACK_OF(X509) *); - -static int parse_all_bags(STACK_OF(PKCS12_SAFEBAG) *, const char *, - STACK_OF(EVP_PKEY) *, STACK_OF(X509) *); - -static int parse_one_bag(PKCS12_SAFEBAG *, const char *, STACK_OF(EVP_PKEY) *, - STACK_OF(X509) *); - -static int sunw_PKCS12_contents(PKCS12 *p12, const char *pass, - STACK_OF(EVP_PKEY) **pkey, STACK_OF(X509) **certs); - -/* - * sunw_PKCS12_parse - Parse a PKCS12 structure and break it into its parts. - * - * Parse and decrypt a PKCS#12 structure returning user key, user cert and/or - * other (CA) certs. Note either ca should be NULL, *ca should be NULL, - * or it should point to a valid STACK_OF(X509) structure. pkey and cert can - * be passed uninitialized. - * - * Arguments: - * p12 - Structure with pkcs12 info to be parsed - * pass - Pass phrase for the private key (possibly empty) or NULL if - * there is none. - * matchty - Info about which certs/keys to return if many are in the file. - * keyid - If private key localkeyids friendlynames are to match a - * predetermined value, the value to match. This value should - * be an octet string. - * keyid_len- Length of the keyid byte string. - * name_str - If friendlynames are to match a predetermined value, the value - * to match. This value should be a NULL terminated string. - * pkey - Points to location pointing to the private key returned. - * cert - Points to locaiton which points to the client cert returned - * ca - Points to location that points to a stack of 'certificate - * authority' certs/trust anchors. - * - * Match based on the value of 'matchty' and the contents of 'keyid' - * and/or 'name_str', as appropriate. Go through the lists of certs and - * private keys which were taken from the pkcs12 structure, looking for - * matches of the requested type. This function only searches the lists of - * matching private keys and client certificates. Kinds of matches allowed, - * and the order in which they will be checked, are: - * - * 1) Find the key and/or cert whose localkeyid attributes matches - * 'keyid'. - * 2) Find the key and/or cert whose friendlyname attributes matches - * 'name_str' - * 3) Return the first matching key/cert pair found. - * 4) Return the last matching key/cert pair found. - * 5) Return whatever cert and/or key are available, even unmatching. - * - * Append to the CA list, the certs which do not have matching private - * keys and which were not selected. - * - * If none of the bits are set, no client certs or private keys will be - * returned. CA (aka trust anchor) certs can be. - * - * Notes: If #3 is selected, then #4 will never occur. CA certs will be - * selected after a cert/key pairs are isolated. - * - * Returns: - * < 0 - An error returned. Call ERR_get_error() to get errors information. - * Where possible, memory has been freed. - * >= 0 - Objects were found and returned. Which objects are indicated by - * which bits are set (FOUND_PKEY, FOUND_CERT, FOUND_CA_CERTS). - */ -int -sunw_PKCS12_parse(PKCS12 *p12, const char *pass, int matchty, char *keyid, - int keyid_len, char *name_str, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca) -{ - boolean_t ca_supplied; - int retval = -1; - - /* If NULL PKCS12 structure, this is an error */ - if (p12 == NULL) { - SUNWerr(SUNW_F_PKCS12_PARSE, SUNW_R_INVALID_ARG); - return (-1); - } - - /* Set up arguments.... These will be allocated if needed */ - if (pkey) - *pkey = NULL; - if (cert) - *cert = NULL; - - /* - * If there is already a ca list, use it. Otherwise, allocate one - * and free is later if an error occurs or whatever.) - */ - ca_supplied = (ca != NULL && *ca != NULL); - if (ca != NULL && *ca == NULL) { - if ((*ca = sk_X509_new_null()) == NULL) { - SUNWerr(SUNW_F_PKCS12_PARSE, SUNW_R_MEMORY_FAILURE); - return (-1); - } - } - - /* - * If password is zero length or NULL then try verifying both cases - * to determine which password is correct. The reason for this is that - * under PKCS#12 password based encryption no password and a zero - * length password are two different things. If the password has a - * non-zero length and is not NULL then call PKCS12_verify_mac() with - * a length of '-1' and let it use strlen() to figure out the length - * of the password. - */ - /* Check the mac */ - if (pass == NULL || *pass == '\0') { - if (PKCS12_verify_mac(p12, NULL, 0)) - pass = NULL; - else if (PKCS12_verify_mac(p12, "", 0)) - pass = ""; - else { - SUNWerr(SUNW_F_PKCS12_PARSE, - SUNW_R_MAC_VERIFY_FAILURE); - goto err; - } - } else if (PKCS12_verify_mac(p12, pass, -1) == 0) { - SUNWerr(SUNW_F_PKCS12_PARSE, SUNW_R_MAC_VERIFY_FAILURE); - goto err; - } - - retval = parse_pkcs12(p12, pass, matchty, keyid, keyid_len, - name_str, pkey, cert, ca); - if (retval < 0) { - SUNWerr(SUNW_F_PKCS12_PARSE, SUNW_R_PKCS12_PARSE_ERR); - goto err; - } - return (retval); - -err: - if (pkey && *pkey) { - sunw_evp_pkey_free(*pkey); - } - if (cert && *cert) - X509_free(*cert); - if (ca_supplied == B_FALSE && ca != NULL) - sk_X509_pop_free(*ca, X509_free); - - return (-1); - -} - -/* - * parse_pkcs12 - Oversee parsing of the pkcs12 structure. Get it - * parsed. After that either return what's found directly, or - * do any required matching. - * - * Arguments: - * p12 - Structure with pkcs12 info to be parsed - * pass - Pass phrase for the private key (possibly empty) or NULL if - * there is none. - * matchty - Info about which certs/keys to return if many are in the file. - * keyid - If private key localkeyids friendlynames are to match a - * predetermined value, the value to match. This value should - * be an octet string. - * keyid_len- Length of the keyid byte string. - * name_str - If friendlynames are to match a predetermined value, the value - * to match. This value should be a NULL terminated string. - * pkey - Points to location pointing to the private key returned. - * cert - Points to locaiton which points to the client cert returned - * ca - Points to location that points to a stack of 'certificate - * authority' certs/trust anchors. - * - * Note about error codes: This function is an internal function, and the - * place where it is called sets error codes. Therefore only set an error - * code if it is something that is unique or if the function which detected - * the error doesn't set one. - * - * Returns: - * == -1 - An error occurred. Call ERR_get_error() to get error information. - * Where possible, memory has been freed. - * == 0 - No matching returns were found. - * > 0 - This is the aithmetic 'or' of the FOUND_* bits that indicate which - * of the requested entries were found. - */ -static int -parse_pkcs12(PKCS12 *p12, const char *pass, int matchty, char *keyid, - int kstr_len, char *name_str, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca) -{ - STACK_OF(EVP_PKEY) *work_kl = NULL; /* Head for private key list */ - STACK_OF(EVP_PKEY) *nocerts = NULL; /* Head for alt. key list */ - STACK_OF(X509) *work_ca = NULL; /* Head for cert list */ - STACK_OF(X509) *work_cl = NULL; - int retval = 0; - int n; - - retval = sunw_PKCS12_contents(p12, pass, &work_kl, &work_ca); - if (retval < 0) { - goto cleanup; - } else if (retval == 0) { - /* - * Not really an error here - its just that nothing was found. - */ - goto cleanup; - } - - if (sk_EVP_PKEY_num(work_kl) > 0) { - - if (sunw_split_certs(work_kl, work_ca, &work_cl, &nocerts) - < 0) { - goto cleanup; - } - } - - /* - * Go through the lists of certs and private keys which were - * returned, looking for matches of the appropriate type. Do these - * in the order described above. - */ - if ((matchty & DO_FIND_KEYID) != 0) { - - if (keyid == NULL) { - SUNWerr(SUNW_F_PKCS12_PARSE, SUNW_R_INVALID_ARG); - retval = -1; - goto cleanup; - } - - /* See if string matches localkeyid's */ - retval = sunw_find_localkeyid(keyid, kstr_len, - work_kl, work_cl, pkey, cert); - if (retval != 0) { - if (retval == -1) - goto cleanup; - else - goto last_part; - } - } - if ((matchty & DO_FIND_FN) != 0) { - - if (name_str == NULL) { - SUNWerr(SUNW_F_PKCS12_PARSE, SUNW_R_INVALID_ARG); - retval = -1; - goto cleanup; - } - - /* See if string matches friendly names */ - retval = sunw_find_fname(name_str, work_kl, work_cl, - pkey, cert); - if (retval != 0) { - if (retval == -1) - goto cleanup; - else - goto last_part; - } - } - - if (matchty & DO_FIRST_PAIR) { - - /* Find the first cert and private key and return them */ - retval = get_key_cert(0, work_kl, pkey, work_cl, cert); - if (retval != 0) { - if (retval == -1) - goto cleanup; - else - goto last_part; - } - } - - if (matchty & DO_LAST_PAIR) { - - /* - * Find the last matching cert and private key and return - * them. Since keys which don't have matching client certs - * are at the end of the list of keys, use the number of - * client certs to compute the position of the last private - * key which matches a client cert. - */ - n = sk_X509_num(work_cl) - 1; - retval = get_key_cert(n, work_kl, pkey, work_cl, cert); - if (retval != 0) { - if (retval == -1) - goto cleanup; - else - goto last_part; - } - } - - if (matchty & DO_UNMATCHING) { - STACK_OF(EVP_PKEY) *tmpk; - STACK_OF(X509) *tmpc; - - /* Find the first cert and private key and return them */ - tmpc = work_cl; - if (work_cl == NULL || sk_X509_num(work_cl) == 0) - tmpc = work_ca; - tmpk = work_kl; - if (work_kl == NULL || sk_EVP_PKEY_num(work_kl) == 0) - tmpk = nocerts; - retval = get_key_cert(0, tmpk, pkey, tmpc, cert); - if (retval != 0) { - if (retval == -1) - goto cleanup; - else - goto last_part; - } - } - -last_part: - /* If no errors, terminate normally */ - if (retval != -1) - retval |= set_results(NULL, NULL, NULL, NULL, ca, &work_ca, - NULL, NULL); - if (retval >= 0) { - goto clean_part; - } - - /* Fallthrough is intentional in error cases. */ -cleanup: - if (pkey != NULL && *pkey != NULL) { - sunw_evp_pkey_free(*pkey); - *pkey = NULL; - } - if (cert != NULL && *cert != NULL) { - X509_free(*cert); - *cert = NULL; - } - -clean_part: - - if (work_kl != NULL) { - sk_EVP_PKEY_pop_free(work_kl, sunw_evp_pkey_free); - } - if (work_ca != NULL) - sk_X509_pop_free(work_ca, X509_free); - if (work_cl != NULL) - sk_X509_pop_free(work_cl, X509_free); - - return (retval); -} - -/* - * sunw_PKCS12_contents() parses a pkcs#12 structure and returns component - * parts found, without evaluation. - * - * Parse and decrypt a PKCS#12 structure returning any user keys and/or - * various certs. Note these should either be NULL, *whatever should - * be NULL, or it should point to a valid STACK_OF(X509) structure. - * - * Arguments: - * p12 - Structure with pkcs12 info to be parsed - * pass - Pass phrase for the private key and entire pkcs12 wad (possibly - * empty) or NULL if there is none. - * pkeys - Points to address of a stack of private keys to return. - * certs - Points to address of a stack of client certs return. - * - * Note: The certs and keys being returned are in random order. - * - * Returns: - * < 0 - An error returned. Call ERR_get_error() to get errors information. - * Where possible, memory has been freed. - * >= 0 - Objects were found and returned. Which objects are indicated by - * which bits are set (FOUND_PKEY or FOUND_CERT) - */ -static int -sunw_PKCS12_contents(PKCS12 *p12, const char *pass, STACK_OF(EVP_PKEY) **pkey, - STACK_OF(X509) **certs) -{ - STACK_OF(EVP_PKEY) *work_kl = NULL; - STACK_OF(X509) *work_ca = NULL; - int retval = -1; - - /* - * Allocate the working stacks for private key and for the - * ca certs. - */ - if ((work_kl = sk_EVP_PKEY_new_null()) == NULL) { - SUNWerr(SUNW_F_PKCS12_CONTENTS, SUNW_R_MEMORY_FAILURE); - goto cleanup; - } - - if ((work_ca = sk_X509_new_null()) == NULL) { - SUNWerr(SUNW_F_PKCS12_CONTENTS, SUNW_R_MEMORY_FAILURE); - goto cleanup; - } - - if (parse_outer(p12, pass, work_kl, work_ca) == 0) { - /* - * Error already on stack - */ - goto cleanup; - } - - /* on error, set_results() returns an error on the stack */ - retval = set_results(pkey, &work_kl, certs, &work_ca, NULL, - NULL, NULL, NULL); - -cleanup: - if (work_kl != NULL) { - sk_EVP_PKEY_pop_free(work_kl, sunw_evp_pkey_free); - } - - return (retval); -} - -/* - * parse_outer - Unpack the outer PKCS#12 structure and go through the - * individual bags. Return stacks of certs, private keys found and - * CA certs found. - * - * Note about error codes: This function is an internal function, and the - * place where it is called sets error codes. - * - * Returns: - * 0 - An error returned. Call ERR_get_error() to get errors information. - * Where possible, memory has been freed. - * 1 - PKCS12 data object was parsed and lists of certs and private keys - * were returned. - */ -static int -parse_outer(PKCS12 *p12, const char *pass, STACK_OF(EVP_PKEY) *kl, - STACK_OF(X509) *cl) -{ - STACK_OF(PKCS12_SAFEBAG) *bags; - STACK_OF(PKCS7) *asafes; - int i, bagnid; - PKCS7 *p7; - - if ((asafes = M_PKCS12_unpack_authsafes(p12)) == NULL) - return (0); - - for (i = 0; i < sk_PKCS7_num(asafes); i++) { - p7 = sk_PKCS7_value(asafes, i); - bagnid = OBJ_obj2nid(p7->type); - if (bagnid == NID_pkcs7_data) { - bags = M_PKCS12_unpack_p7data(p7); - } else if (bagnid == NID_pkcs7_encrypted) { - /* - * A length of '-1' means strlen() can be used - * to determine the password length. - */ - bags = M_PKCS12_unpack_p7encdata(p7, pass, -1); - } else { - SUNWerr(SUNW_F_PARSE_OUTER, SUNW_R_BAD_BAGTYPE); - return (0); - } - - if (bags == NULL) { - SUNWerr(SUNW_F_PARSE_OUTER, SUNW_R_PARSE_BAG_ERR); - sk_PKCS7_pop_free(asafes, PKCS7_free); - return (0); - } - if (parse_all_bags(bags, pass, kl, cl) == 0) { - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - sk_PKCS7_pop_free(asafes, PKCS7_free); - return (0); - } - } - - return (1); -} - -/* - * parse_all_bags - go through the stack of bags, parsing each. - * - * Note about error codes: This function is an internal function, and the - * place where it is called sets error codes. - * - * Returns: - * 0 - An error returned. Call ERR_get_error() to get errors information. - * Where possible, memory has been freed. - * 1 - Stack of safebags was parsed and lists of certs and private keys - * were returned. - */ -static int -parse_all_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - STACK_OF(EVP_PKEY) *kl, STACK_OF(X509) *cl) -{ - int i; - for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { - if (parse_one_bag(sk_PKCS12_SAFEBAG_value(bags, i), - pass, kl, cl) == 0) - return (0); - } - return (1); -} - -/* - * parse_one_bag - Parse an individual bag - * - * i = parse_one_bag(bag, pass, kl, cl); - * - * Arguments: - * bag - pkcs12 safebag to parse. - * pass - password for use in decryption of shrouded keybag - * kl - Stack of private keys found so far. New private keys will - * be added here if found. - * cl - Stack of certs found so far. New certificates will be - * added here if found. - * - * Returns: - * 0 - An error returned. Call ERR_get_error() to get errors information. - * Where possible, memory has been freed. - * 1 - one safebag was parsed. If it contained a cert or private key, it - * was added to the stack of certs or private keys found, respectively. - * localKeyId or friendlyName attributes are returned with the - * private key or certificate. - */ -static int -parse_one_bag(PKCS12_SAFEBAG *bag, const char *pass, STACK_OF(EVP_PKEY) *kl, - STACK_OF(X509) *cl) -{ - X509_ATTRIBUTE *attr = NULL; - ASN1_TYPE *keyid = NULL; - ASN1_TYPE *fname = NULL; - PKCS8_PRIV_KEY_INFO *p8; - EVP_PKEY *pkey = NULL; - X509 *x509 = NULL; - uchar_t *data = NULL; - char *str = NULL; - int retval = 1; - - keyid = PKCS12_get_attr(bag, NID_localKeyID); - fname = PKCS12_get_attr(bag, NID_friendlyName); - - switch (M_PKCS12_bag_type(bag)) { - case NID_keyBag: - if ((pkey = EVP_PKCS82PKEY(bag->value.keybag)) == NULL) { - SUNWerr(SUNW_F_PARSE_ONE_BAG, SUNW_R_PARSE_BAG_ERR); - retval = 0; - break; - } - break; - - case NID_pkcs8ShroudedKeyBag: - /* - * A length of '-1' means strlen() can be used - * to determine the password length. - */ - if ((p8 = M_PKCS12_decrypt_skey(bag, pass, -1)) == NULL) { - SUNWerr(SUNW_F_PARSE_ONE_BAG, SUNW_R_PARSE_BAG_ERR); - retval = 0; - break; - } - pkey = EVP_PKCS82PKEY(p8); - PKCS8_PRIV_KEY_INFO_free(p8); - if (pkey == NULL) { - SUNWerr(SUNW_F_PARSE_ONE_BAG, SUNW_R_PARSE_BAG_ERR); - retval = 0; - } - break; - - case NID_certBag: - if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) { - SUNWerr(SUNW_F_PARSE_ONE_BAG, SUNW_R_BAD_CERTTYPE); - break; - } - if ((x509 = M_PKCS12_certbag2x509(bag)) == NULL) { - SUNWerr(SUNW_F_PARSE_ONE_BAG, - SUNW_R_PARSE_CERT_ERR); - retval = 0; - break; - } - - if (keyid != NULL) { - if (keyid->type != V_ASN1_OCTET_STRING) { - SUNWerr(SUNW_F_PARSE_ONE_BAG, - SUNW_R_BAD_LKID); - retval = 0; - break; - } - if (X509_keyid_set1(x509, - keyid->value.octet_string->data, - keyid->value.octet_string->length) == 0) { - SUNWerr(SUNW_F_PARSE_ONE_BAG, - SUNW_R_SET_LKID_ERR); - retval = 0; - break; - } - } - - if (fname != NULL) { - ASN1_STRING *tmpstr = NULL; - int len; - - if (fname->type != V_ASN1_BMPSTRING) { - SUNWerr(SUNW_F_PARSE_ONE_BAG, - SUNW_R_BAD_FNAME); - retval = 0; - break; - } - - tmpstr = fname->value.asn1_string; - len = ASN1_STRING_to_UTF8(&data, tmpstr); - if (len < 0) { - SUNWerr(SUNW_F_PARSE_ONE_BAG, - SUNW_R_SET_FNAME_ERR); - retval = 0; - break; - } - - if (X509_alias_set1(x509, data, len) == 0) { - SUNWerr(SUNW_F_PARSE_ONE_BAG, - SUNW_R_SET_FNAME_ERR); - retval = 0; - break; - } - } - - if (sk_X509_push(cl, x509) == 0) { - SUNWerr(SUNW_F_PARSE_ONE_BAG, SUNW_R_MEMORY_FAILURE); - retval = 0; - break; - } - x509 = NULL; - break; - - case NID_safeContentsBag: - if (keyid != NULL) - ASN1_TYPE_free(keyid); - if (fname != NULL) - ASN1_TYPE_free(fname); - if (parse_all_bags(bag->value.safes, pass, kl, cl) == 0) { - /* - * Error already on stack - */ - return (0); - } - return (1); - - default: - if (keyid != NULL) - ASN1_TYPE_free(keyid); - if (fname != NULL) - ASN1_TYPE_free(fname); - SUNWerr(SUNW_F_PARSE_ONE_BAG, SUNW_R_BAD_BAGTYPE); - return (0); - } - - - if (pkey != NULL) { - if (retval != 0 && (keyid != NULL || fname != NULL) && - pkey->attributes == NULL) { - pkey->attributes = sk_X509_ATTRIBUTE_new_null(); - if (pkey->attributes == NULL) { - SUNWerr(SUNW_F_PARSE_ONE_BAG, - SUNW_R_MEMORY_FAILURE); - retval = 0; - } - } - - if (retval != 0 && keyid != NULL) { - attr = type2attrib(keyid, NID_localKeyID); - if (attr == NULL) - /* - * Error already on stack - */ - retval = 0; - else { - keyid = NULL; - if (sk_X509_ATTRIBUTE_push(pkey->attributes, - attr) == 0) { - SUNWerr(SUNW_F_PARSE_ONE_BAG, - SUNW_R_MEMORY_FAILURE); - retval = 0; - } else { - attr = NULL; - } - } - } - - if (retval != 0 && fname != NULL) { - attr = type2attrib(fname, NID_friendlyName); - if (attr == NULL) { - /* - * Error already on stack - */ - retval = 0; - } else { - fname = NULL; - if (sk_X509_ATTRIBUTE_push(pkey->attributes, - attr) == 0) { - SUNWerr(SUNW_F_PARSE_ONE_BAG, - SUNW_R_MEMORY_FAILURE); - retval = 0; - } else { - attr = NULL; - } - } - } - - /* Save the private key */ - if (retval != 0) { - if (sk_EVP_PKEY_push(kl, pkey) == 0) { - SUNWerr(SUNW_F_PARSE_ONE_BAG, - SUNW_R_MEMORY_FAILURE); - retval = 0; - } else { - pkey = NULL; - } - } - } - - if (pkey != NULL) { - sunw_evp_pkey_free(pkey); - } - - if (x509 != NULL) - X509_free(x509); - - if (keyid != NULL) - ASN1_TYPE_free(keyid); - - if (fname != NULL) - ASN1_TYPE_free(fname); - - if (attr != NULL) - X509_ATTRIBUTE_free(attr); - - if (data != NULL) - OPENSSL_free(data); - - if (str != NULL) - OPENSSL_free(str); - - return (retval); -} diff --git a/usr/src/common/net/wanboot/p12auxutl.c b/usr/src/common/net/wanboot/p12auxutl.c deleted file mode 100644 index edb56c30bb..0000000000 --- a/usr/src/common/net/wanboot/p12auxutl.c +++ /dev/null @@ -1,376 +0,0 @@ -/* - * Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* - * ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - * Copyright 2002, 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <stdio.h> -#include <strings.h> - -#include <openssl/crypto.h> -#include <openssl/err.h> -#include <openssl/x509.h> - -#include <openssl/pkcs12.h> -#include <p12aux.h> -#include <auxutil.h> -#include <p12err.h> - -/* - * sunw_PKCS12_create() creates a pkcs#12 structure and given component parts. - * - * Given one or more of user private key, user cert and/or other (CA) certs, - * return an encrypted PKCS12 structure containing them. - * - * Arguments: - * pass - Pass phrase for the pkcs12 structure and private key (possibly - * empty) or NULL if there is none. It will be used to encrypt - * both the private key(s) and as the pass phrase for the whole - * pkcs12 wad. - * pkeys - Points to stack of private keys. - * certs - Points to stack of client (public ke) certs - * cacerts - Points to stack of 'certificate authority' certs (or trust - * anchors). - * - * Note that any of these may be NULL. - * - * Returns: - * NULL - An error occurred. - * != NULL - Address of PKCS12 structure. The user is responsible for - * freeing the memory when done. - */ -PKCS12 * -sunw_PKCS12_create(const char *pass, STACK_OF(EVP_PKEY) *pkeys, - STACK_OF(X509) *certs, STACK_OF(X509) *cacerts) -{ - int nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; - int nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - STACK_OF(PKCS12_SAFEBAG) *bags = NULL; - STACK_OF(PKCS7) *safes = NULL; - PKCS12_SAFEBAG *bag = NULL; - PKCS8_PRIV_KEY_INFO *p8 = NULL; - EVP_PKEY *pkey = NULL; - PKCS12 *ret_p12 = NULL; - PKCS12 *p12 = NULL; - PKCS7 *authsafe = NULL; - X509 *cert = NULL; - uchar_t *str = NULL; - int certs_there = 0; - int keys_there = 0; - int len; - int i; - - if ((safes = sk_PKCS7_new_null()) == NULL) { - SUNWerr(SUNW_F_PKCS12_CREATE, SUNW_R_MEMORY_FAILURE); - return (NULL); - } - - if ((bags = sk_PKCS12_SAFEBAG_new_null()) == NULL) { - SUNWerr(SUNW_F_PKCS12_CREATE, SUNW_R_MEMORY_FAILURE); - goto err_ret; - } - - if (certs != NULL && sk_X509_num(certs) > 0) { - - for (i = 0; i < sk_X509_num(certs); i++) { - cert = sk_X509_value(certs, i); - - /* Add user certificate */ - if ((bag = M_PKCS12_x5092certbag(cert)) == NULL) { - SUNWerr(SUNW_F_PKCS12_CREATE, SUNW_R_CERT_ERR); - goto err_ret; - } - if (cert->aux != NULL && cert->aux->alias != NULL && - cert->aux->alias->type == V_ASN1_UTF8STRING) { - str = utf82ascstr(cert->aux->alias); - if (str == NULL) { - /* - * Error already on stack - */ - goto err_ret; - } - if (PKCS12_add_friendlyname_asc(bag, - (char const *) str, - strlen((char const *) str)) == 0) { - SUNWerr(SUNW_F_PKCS12_CREATE, - SUNW_R_ADD_ATTR_ERR); - goto err_ret; - } - } - if (cert->aux != NULL && cert->aux->keyid != NULL && - cert->aux->keyid->type == V_ASN1_OCTET_STRING) { - str = cert->aux->keyid->data; - len = cert->aux->keyid->length; - - if (str != NULL && - PKCS12_add_localkeyid(bag, str, len) == 0) { - SUNWerr(SUNW_F_PKCS12_CREATE, - SUNW_R_ADD_ATTR_ERR); - goto err_ret; - } - } - if (sk_PKCS12_SAFEBAG_push(bags, bag) == 0) { - SUNWerr(SUNW_F_PKCS12_CREATE, - SUNW_R_MEMORY_FAILURE); - goto err_ret; - } - certs_there++; - bag = NULL; - } - } - - if (cacerts != NULL && sk_X509_num(cacerts) > 0) { - - /* Put all certs in structure */ - for (i = 0; i < sk_X509_num(cacerts); i++) { - cert = sk_X509_value(cacerts, i); - if ((bag = M_PKCS12_x5092certbag(cert)) == NULL) { - SUNWerr(SUNW_F_PKCS12_CREATE, SUNW_R_CERT_ERR); - goto err_ret; - } - - if (cert->aux != NULL && cert->aux->alias != NULL && - cert->aux->alias->type == V_ASN1_UTF8STRING) { - str = utf82ascstr(cert->aux->alias); - if (str == NULL) { - /* - * Error already on stack - */ - goto err_ret; - } - if (PKCS12_add_friendlyname_asc( - bag, (char const *) str, - strlen((char const *) str)) == 0) { - SUNWerr(SUNW_F_PKCS12_CREATE, - SUNW_R_ADD_ATTR_ERR); - goto err_ret; - } - } - if (cert->aux != NULL && cert->aux->keyid != NULL && - cert->aux->keyid->type == V_ASN1_OCTET_STRING) { - str = cert->aux->keyid->data; - len = cert->aux->keyid->length; - - if (str != NULL && - PKCS12_add_localkeyid(bag, str, len) == 0) { - SUNWerr(SUNW_F_PKCS12_CREATE, - SUNW_R_ADD_ATTR_ERR); - goto err_ret; - } - } - if (sk_PKCS12_SAFEBAG_push(bags, bag) == 0) { - SUNWerr(SUNW_F_PKCS12_CREATE, - SUNW_R_MEMORY_FAILURE); - goto err_ret; - } - certs_there++; - bag = NULL; - } - } - - if (certs != NULL || cacerts != NULL && certs_there) { - /* Turn certbags into encrypted authsafe */ - authsafe = PKCS12_pack_p7encdata(nid_cert, pass, -1, - NULL, 0, PKCS12_DEFAULT_ITER, bags); - if (authsafe == NULL) { - SUNWerr(SUNW_F_PKCS12_CREATE, SUNW_R_CERT_ERR); - goto err_ret; - } - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - bags = NULL; - - if (sk_PKCS7_push(safes, authsafe) == 0) { - SUNWerr(SUNW_F_PKCS12_CREATE, SUNW_R_MEMORY_FAILURE); - goto err_ret; - } - authsafe = NULL; - } - - if (pkeys != NULL && sk_EVP_PKEY_num(pkeys) > 0) { - - if (bags == NULL && - (bags = sk_PKCS12_SAFEBAG_new_null()) == NULL) { - SUNWerr(SUNW_F_PKCS12_CREATE, SUNW_R_MEMORY_FAILURE); - goto err_ret; - } - - for (i = 0; i < sk_EVP_PKEY_num(pkeys); i++) { - - pkey = sk_EVP_PKEY_value(pkeys, i); - - /* Make a shrouded key bag */ - if ((p8 = EVP_PKEY2PKCS8(pkey)) == NULL) { - SUNWerr(SUNW_F_PKCS12_CREATE, SUNW_R_PKEY_ERR); - goto err_ret; - } - - bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, - PKCS12_DEFAULT_ITER, p8); - if (bag == NULL) { - SUNWerr(SUNW_F_PKCS12_CREATE, - SUNW_R_MAKE_BAG_ERR); - goto err_ret; - } - PKCS8_PRIV_KEY_INFO_free(p8); - p8 = NULL; - - len = sunw_get_pkey_fname(GETDO_COPY, pkey, - (char **)&str); - if (str != NULL) { - if (PKCS12_add_friendlyname_asc(bag, - (const char *)str, len) == 0) { - SUNWerr(SUNW_F_PKCS12_CREATE, - SUNW_R_ADD_ATTR_ERR); - goto err_ret; - } - } - str = NULL; - - len = sunw_get_pkey_localkeyid(GETDO_COPY, pkey, - (char **)&str, &len); - if (str != NULL) { - if (PKCS12_add_localkeyid(bag, str, len) == 0) { - SUNWerr(SUNW_F_PKCS12_CREATE, - SUNW_R_ADD_ATTR_ERR); - goto err_ret; - } - } - str = NULL; - - if (sk_PKCS12_SAFEBAG_push(bags, bag) == 0) { - SUNWerr(SUNW_F_PKCS12_CREATE, - SUNW_R_MEMORY_FAILURE); - goto err_ret; - } - keys_there++; - bag = NULL; - } - - if (keys_there) { - /* Turn into unencrypted authsafe */ - authsafe = PKCS12_pack_p7data(bags); - if (authsafe == NULL) { - SUNWerr(SUNW_F_PKCS12_CREATE, - SUNW_R_PKCS12_CREATE_ERR); - goto err_ret; - } - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - bags = NULL; - - if (sk_PKCS7_push(safes, authsafe) == 0) { - SUNWerr(SUNW_F_PKCS12_CREATE, - SUNW_R_MEMORY_FAILURE); - } - authsafe = NULL; - } - } - - if (certs_there == 0 && keys_there == 0) { - SUNWerr(SUNW_F_PKCS12_CREATE, SUNW_R_PKCS12_EMPTY_ERR); - goto err_ret; - } - - if ((p12 = PKCS12_init(NID_pkcs7_data)) == NULL) { - SUNWerr(SUNW_F_PKCS12_CREATE, SUNW_R_PKCS12_CREATE_ERR); - goto err_ret; - } - - /* - * Note that safes is copied by the following. Therefore, it needs - * to be freed whether or not the following succeeds. - */ - if (M_PKCS12_pack_authsafes(p12, safes) == 0) { - SUNWerr(SUNW_F_PKCS12_CREATE, SUNW_R_PKCS12_CREATE_ERR); - goto err_ret; - } - if (PKCS12_set_mac(p12, pass, -1, NULL, 0, 2048, NULL) == 0) { - SUNWerr(SUNW_F_PKCS12_CREATE, SUNW_R_MAC_CREATE_FAILURE); - goto err_ret; - } - - ret_p12 = p12; - p12 = NULL; - - /* Fallthrough is intentional */ - -err_ret: - - if (str != NULL) - free(str); - - if (p8 != NULL) - PKCS8_PRIV_KEY_INFO_free(p8); - - if (bag != NULL) - PKCS12_SAFEBAG_free(bag); - if (bags != NULL) - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - if (authsafe != NULL) - PKCS7_free(authsafe); - if (safes != NULL) - sk_PKCS7_pop_free(safes, PKCS7_free); - if (p12 != NULL) - PKCS12_free(p12); - - return (ret_p12); -} diff --git a/usr/src/common/net/wanboot/p12err.c b/usr/src/common/net/wanboot/p12err.c deleted file mode 100644 index 485fbce13b..0000000000 --- a/usr/src/common/net/wanboot/p12err.c +++ /dev/null @@ -1,169 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <stdio.h> -#include <assert.h> -#include <openssl/err.h> -#include <p12err.h> - -/* - * OpenSSL provides a framework for pushing error codes onto a stack. - * When an error occurs, the consumer may use the framework to - * pop the errors off the stack and provide a trace of where the - * errors occurred. - * - * Our PKCS12 code plugs into this framework by calling - * ERR_load_SUNW_strings(). To push an error (which by the way, consists - * of a function code and an error code) onto the stack our PKCS12 code - * calls SUNWerr(). - * - * Consumers of our PKCS12 code can then call the OpenSSL error routines - * when an error occurs and retrieve the stack of errors. - */ - -#ifndef OPENSSL_NO_ERR - -/* Function codes and their matching strings */ -static ERR_STRING_DATA SUNW_str_functs[] = { - { ERR_PACK(0, SUNW_F_USE_X509CERT, 0), "sunw_use_x509cert" }, - { ERR_PACK(0, SUNW_F_USE_PKEY, 0), "sunw_use_pkey" }, - { ERR_PACK(0, SUNW_F_USE_TASTORE, 0), "sunw_use_tastore" }, - { ERR_PACK(0, SUNW_F_USE_CERTFILE, 0), "sunw_p12_use_certfile" }, - { ERR_PACK(0, SUNW_F_USE_KEYFILE, 0), "sunw_p12_use_keyfile" }, - { ERR_PACK(0, SUNW_F_USE_TRUSTFILE, 0), "sunw_p12_use_trustfile" }, - { ERR_PACK(0, SUNW_F_READ_FILE, 0), "p12_read_file" }, - { ERR_PACK(0, SUNW_F_DOPARSE, 0), "p12_doparse" }, - { ERR_PACK(0, SUNW_F_PKCS12_PARSE, 0), "sunw_PKCS12_parse" }, - { ERR_PACK(0, SUNW_F_PKCS12_CONTENTS, 0), "sunw_PKCS12_contents" }, - { ERR_PACK(0, SUNW_F_PARSE_ONE_BAG, 0), "parse_one_bag" }, - { ERR_PACK(0, SUNW_F_PKCS12_CREATE, 0), "sunw_PKCS12_create" }, - { ERR_PACK(0, SUNW_F_SPLIT_CERTS, 0), "sunw_split_certs" }, - { ERR_PACK(0, SUNW_F_FIND_LOCALKEYID, 0), "sunw_find_localkeyid" }, - { ERR_PACK(0, SUNW_F_SET_LOCALKEYID, 0), "sunw_set_localkeyid" }, - { ERR_PACK(0, SUNW_F_GET_LOCALKEYID, 0), "sunw_get_localkeyid" }, - { ERR_PACK(0, SUNW_F_GET_PKEY_FNAME, 0), "sunw_get_pkey_fname" }, - { ERR_PACK(0, SUNW_F_APPEND_KEYS, 0), "sunw_append_keys" }, - { ERR_PACK(0, SUNW_F_PEM_INFO, 0), "pem_info" }, - { ERR_PACK(0, SUNW_F_ASC2BMPSTRING, 0), "asc2bmpstring" }, - { ERR_PACK(0, SUNW_F_UTF82ASCSTR, 0), "utf82ascstr" }, - { ERR_PACK(0, SUNW_F_FINDATTR, 0), "findattr" }, - { ERR_PACK(0, SUNW_F_TYPE2ATTRIB, 0), "type2attrib" }, - { ERR_PACK(0, SUNW_F_MOVE_CERTS, 0), "move_certs" }, - { ERR_PACK(0, SUNW_F_FIND_FNAME, 0), "sunw_find_fname" }, - { ERR_PACK(0, SUNW_F_PARSE_OUTER, 0), "parse_outer" }, - { ERR_PACK(0, SUNW_F_CHECKFILE, 0), "checkfile" }, - { 0, NULL } -}; - -/* Error codes and their matching strings */ -static ERR_STRING_DATA SUNW_str_reasons[] = { - { SUNW_R_INVALID_ARG, "invalid argument" }, - { SUNW_R_MEMORY_FAILURE, "memory failure" }, - { SUNW_R_MAC_VERIFY_FAILURE, "mac verify failure" }, - { SUNW_R_MAC_CREATE_FAILURE, "mac create failure" }, - { SUNW_R_BAD_FILETYPE, "bad file type" }, - { SUNW_R_BAD_PKEY, "bad or missing private key" }, - { SUNW_R_BAD_PKEYTYPE, "unsupported key type" }, - { SUNW_R_PKEY_READ_ERR, "unable to read private key" }, - { SUNW_R_NO_TRUST_ANCHOR, "no trust anchors found" }, - { SUNW_R_READ_TRUST_ERR, "unable to read trust anchor" }, - { SUNW_R_ADD_TRUST_ERR, "unable to add trust anchor" }, - { SUNW_R_PKCS12_PARSE_ERR, "PKCS12 parse error" }, - { SUNW_R_PKCS12_CREATE_ERR, "PKCS12 create error" }, - { SUNW_R_BAD_CERTTYPE, "unsupported certificate type" }, - { SUNW_R_PARSE_CERT_ERR, "error parsing PKCS12 certificate" }, - { SUNW_R_PARSE_BAG_ERR, "error parsing PKCS12 bag" }, - { SUNW_R_MAKE_BAG_ERR, "error making PKCS12 bag" }, - { SUNW_R_BAD_LKID, "bad localKeyID format" }, - { SUNW_R_SET_LKID_ERR, "error setting localKeyID" }, - { SUNW_R_BAD_FNAME, "bad friendlyName format" }, - { SUNW_R_SET_FNAME_ERR, "error setting friendlyName" }, - { SUNW_R_BAD_TRUST, "bad or missing trust anchor" }, - { SUNW_R_BAD_BAGTYPE, "unsupported bag type" }, - { SUNW_R_CERT_ERR, "certificate error" }, - { SUNW_R_PKEY_ERR, "private key error" }, - { SUNW_R_READ_ERR, "error reading file" }, - { SUNW_R_ADD_ATTR_ERR, "error adding attribute" }, - { SUNW_R_STR_CONVERT_ERR, "error converting string" }, - { SUNW_R_PKCS12_EMPTY_ERR, "empty PKCS12 structure" }, - { SUNW_R_PASSWORD_ERR, "bad password" }, - { 0, NULL } -}; - -/* - * The library name that our module will be known as. This name - * may be retrieved via OpenSSLs error APIs. - */ -static ERR_STRING_DATA SUNW_lib_name[] = { - { 0, SUNW_LIB_NAME }, - { 0, NULL } -}; -#endif - -/* - * The value of this variable (initialized by a call to - * ERR_load_SUNW_strings()) is what identifies our errors - * to OpenSSL as being ours. - */ -static int SUNW_lib_error_code = 0; - -/* - * Called by our PKCS12 code to read our function and error codes - * into memory so that the OpenSSL framework can retrieve them. - */ -void -ERR_load_SUNW_strings(void) -{ - assert(SUNW_lib_error_code == 0); -#ifndef OPENSSL_NO_ERR - /* - * Have OpenSSL provide us with a unique ID. - */ - SUNW_lib_error_code = ERR_get_next_error_library(); - - ERR_load_strings(SUNW_lib_error_code, SUNW_str_functs); - ERR_load_strings(SUNW_lib_error_code, SUNW_str_reasons); - - SUNW_lib_name->error = ERR_PACK(SUNW_lib_error_code, 0, 0); - ERR_load_strings(0, SUNW_lib_name); -#endif -} - -/* - * The SUNWerr macro resolves to this routine. So when we need - * to push an error, this routine does it for us. Notice that - * the SUNWerr macro provides a filename and line #. - */ -void -ERR_SUNW_error(int function, int reason, char *file, int line) -{ - assert(SUNW_lib_error_code != 0); -#ifndef OPENSSL_NO_ERR - ERR_PUT_error(SUNW_lib_error_code, function, reason, file, line); -#endif -} diff --git a/usr/src/common/net/wanboot/p12err.h b/usr/src/common/net/wanboot/p12err.h deleted file mode 100644 index fdec13803b..0000000000 --- a/usr/src/common/net/wanboot/p12err.h +++ /dev/null @@ -1,115 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _P12ERR_H -#define _P12ERR_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#ifdef __cplusplus -extern "C" { -#endif - -extern void ERR_load_SUNW_strings(void); -extern void ERR_SUNW_error(int function, int reason, char *file, int line); - -#define SUNW_LIB_NAME "SUNW_PKCS12" -#define SUNWerr(f, r) ERR_SUNW_error((f), (r), __FILE__, __LINE__) - -/* Error codes for the SUNW functions. */ -/* OpenSSL prefers codes to start at 100 */ - -/* Function codes. */ -typedef enum { - SUNW_F_USE_X509CERT = 100, - SUNW_F_USE_PKEY, - SUNW_F_USE_TASTORE, - SUNW_F_USE_CERTFILE, - SUNW_F_USE_KEYFILE, - SUNW_F_USE_TRUSTFILE, - SUNW_F_READ_FILE, - SUNW_F_DOPARSE, - SUNW_F_PKCS12_PARSE, - SUNW_F_PKCS12_CONTENTS, - SUNW_F_PARSE_ONE_BAG, - SUNW_F_PKCS12_CREATE, - SUNW_F_SPLIT_CERTS, - SUNW_F_FIND_LOCALKEYID, - SUNW_F_SET_LOCALKEYID, - SUNW_F_GET_LOCALKEYID, - SUNW_F_GET_PKEY_FNAME, - SUNW_F_APPEND_KEYS, - SUNW_F_PEM_CONTENTS, - SUNW_F_PEM_INFO, - SUNW_F_ASC2BMPSTRING, - SUNW_F_UTF82ASCSTR, - SUNW_F_FINDATTR, - SUNW_F_TYPE2ATTRIB, - SUNW_F_MOVE_CERTS, - SUNW_F_FIND_FNAME, - SUNW_F_PARSE_OUTER, - SUNW_F_CHECKFILE -} sunw_err_func_t; - -/* Reason codes. */ -typedef enum { - SUNW_R_INVALID_ARG = 100, - SUNW_R_MEMORY_FAILURE, - SUNW_R_MAC_VERIFY_FAILURE, - SUNW_R_MAC_CREATE_FAILURE, - SUNW_R_BAD_FILETYPE, - SUNW_R_BAD_PKEY, - SUNW_R_BAD_PKEYTYPE, - SUNW_R_PKEY_READ_ERR, - SUNW_R_NO_TRUST_ANCHOR, - SUNW_R_READ_TRUST_ERR, - SUNW_R_ADD_TRUST_ERR, - SUNW_R_PKCS12_PARSE_ERR, - SUNW_R_PKCS12_CREATE_ERR, - SUNW_R_PARSE_BAG_ERR, - SUNW_R_MAKE_BAG_ERR, - SUNW_R_BAD_CERTTYPE, - SUNW_R_PARSE_CERT_ERR, - SUNW_R_BAD_LKID, - SUNW_R_SET_LKID_ERR, - SUNW_R_BAD_FNAME, - SUNW_R_SET_FNAME_ERR, - SUNW_R_BAD_TRUST, - SUNW_R_BAD_BAGTYPE, - SUNW_R_CERT_ERR, - SUNW_R_PKEY_ERR, - SUNW_R_READ_ERR, - SUNW_R_ADD_ATTR_ERR, - SUNW_R_STR_CONVERT_ERR, - SUNW_R_PKCS12_EMPTY_ERR, - SUNW_R_PASSWORD_ERR -} sunw_err_reason_t; - -#ifdef __cplusplus -} -#endif - -#endif /* _P12ERR_H */ diff --git a/usr/src/common/net/wanboot/p12misc.c b/usr/src/common/net/wanboot/p12misc.c deleted file mode 100644 index 23c9106da1..0000000000 --- a/usr/src/common/net/wanboot/p12misc.c +++ /dev/null @@ -1,773 +0,0 @@ -/* - * ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -/* - * Copyright (c) 2012, OmniTI Computer Consulting, Inc. All rights reserved. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <stdio.h> -#include <strings.h> -#include <stdlib.h> - -#include <openssl/crypto.h> -#include <openssl/err.h> -#include <openssl/x509.h> -#include <openssl/ssl.h> - -#include <openssl/pkcs12.h> -#include <p12aux.h> -#include <auxutil.h> -#include <p12err.h> - -/* - * sunw_cryto_init() does crypto-specific initialization. - * - * Arguments: - * None. - * - * Returns: - * None. - */ -void -sunw_crypto_init(void) -{ - OpenSSL_add_all_algorithms(); - SSL_load_error_strings(); - ERR_load_SUNW_strings(); - (void) SSL_library_init(); -} - -/* - * sunw_split_certs() - Given a list of certs and a list of private keys, - * moves certs which match one of the keys to a different stack. - * - * Arguments: - * allkeys - Points to a stack of private keys to search. - * allcerts - Points to a stack of certs to be searched. - * keycerts - Points to address of a stack of certs with matching private - * keys. They are moved from 'allcerts'. This may not be NULL - * when called. If *keycerts is NULL upon entry, a new stack will - * be allocated. Otherwise, it must be a valid STACK_OF(509). - * nocerts - Points to address of a stack for keys which have no matching - * certs. Keys are moved from 'allkeys' here when they have no - * matching certs. If this is NULL, matchless keys will be - * discarded. - * - * Notes: If an error occurs while moving certs, the cert being move may be - * lost. 'keycerts' may only contain part of the matching certs. The number - * of certs successfully moved can be found by checking sk_X509_num(keycerts). - * - * If there is a key which does not have a matching cert, it is moved to - * the list nocerts. - * - * If all certs are removed from 'certs' and/or 'pkeys', it will be the - * caller's responsibility to free the empty stacks. - * - * Returns: - * < 0 - An error returned. Call ERR_get_error() to get errors information. - * Where possible, memory has been freed. - * >= 0 - The number of certs moved from 'cert' to 'pkcerts'. - */ -int -sunw_split_certs(STACK_OF(EVP_PKEY) *allkeys, STACK_OF(X509) *allcerts, - STACK_OF(X509) **keycerts, STACK_OF(EVP_PKEY) **nocerts) -{ - STACK_OF(X509) *matching; - STACK_OF(EVP_PKEY) *nomatch; - EVP_PKEY *tmpkey; - X509 *tmpcert; - int count = 0; - int found; - int res; - int i; - int k; - - *keycerts = NULL; - if (nocerts != NULL) - *nocerts = NULL; - nomatch = NULL; - - if ((matching = sk_X509_new_null()) == NULL) { - SUNWerr(SUNW_F_SPLIT_CERTS, SUNW_R_MEMORY_FAILURE); - return (-1); - } - *keycerts = matching; - - k = 0; - while (k < sk_EVP_PKEY_num(allkeys)) { - found = 0; - tmpkey = sk_EVP_PKEY_value(allkeys, k); - - for (i = 0; i < sk_X509_num(allcerts); i++) { - tmpcert = sk_X509_value(allcerts, i); - res = X509_check_private_key(tmpcert, tmpkey); - if (res != 0) { - count++; - found = 1; - tmpcert = sk_X509_delete(allcerts, i); - if (sk_X509_push(matching, tmpcert) == 0) { - X509_free(tmpcert); - SUNWerr(SUNW_F_SPLIT_CERTS, - SUNW_R_MEMORY_FAILURE); - return (-1); - } - break; - } - } - if (found != 0) { - /* - * Found a match - keep the key & check out the next - * one. - */ - k++; - } else { - /* - * No cert matching this key. Move the key if - * possible or discard it. Don't increment the - * index. - */ - if (nocerts == NULL) { - tmpkey = sk_EVP_PKEY_delete(allkeys, k); - sunw_evp_pkey_free(tmpkey); - } else { - if (*nocerts == NULL) { - nomatch = sk_EVP_PKEY_new_null(); - if (nomatch == NULL) { - SUNWerr(SUNW_F_SPLIT_CERTS, - SUNW_R_MEMORY_FAILURE); - return (-1); - } - *nocerts = nomatch; - } - tmpkey = sk_EVP_PKEY_delete(allkeys, k); - if (sk_EVP_PKEY_push(nomatch, tmpkey) == 0) { - sunw_evp_pkey_free(tmpkey); - SUNWerr(SUNW_F_SPLIT_CERTS, - SUNW_R_MEMORY_FAILURE); - return (-1); - } - } - } - } - - return (count); -} - -/* - * sunw_evp_pkey_free() Given an EVP_PKEY structure, free any attributes - * that are attached. Then free the EVP_PKEY itself. - * - * This is a replacement for EVP_PKEY_free() for the sunw stuff. - * It should be used in places where EVP_PKEY_free would be used, - * including calls to sk_EVP_PKEY_pop_free(). - * - * Arguments: - * pkey - Entry which potentially has attributes to be freed. - * - * Returns: - * None. - */ -void -sunw_evp_pkey_free(EVP_PKEY *pkey) -{ - if (pkey != NULL) { - if (pkey->attributes != NULL) { - sk_X509_ATTRIBUTE_pop_free(pkey->attributes, - X509_ATTRIBUTE_free); - pkey->attributes = NULL; - } - EVP_PKEY_free(pkey); - } -} - -/* - * sunw_set_localkeyid() sets the localkeyid in a cert, a private key or - * both. Any existing localkeyid will be discarded. - * - * Arguments: - * keyid_str- A byte string with the localkeyid to set - * keyid_len- Length of the keyid byte string. - * pkey - Points to a private key to set the keyidstr in. - * cert - Points to a cert to set the keyidstr in. - * - * Note that setting a keyid into a cert which will not be written out as - * a PKCS12 cert is pointless since it will be lost. - * - * Returns: - * 0 - Success. - * < 0 - An error occurred. It was probably an error in allocating - * memory. The error will be set in the error stack. Call - * ERR_get_error() to get specific information. - */ -int -sunw_set_localkeyid(const char *keyid_str, int keyid_len, EVP_PKEY *pkey, - X509 *cert) -{ - X509_ATTRIBUTE *attr = NULL; - ASN1_STRING *str = NULL; - ASN1_TYPE *keyid = NULL; - int retval = -1; - int i; - - if (cert != NULL) { - if (X509_keyid_set1(cert, (uchar_t *)keyid_str, keyid_len) - == 0) { - SUNWerr(SUNW_F_SET_LOCALKEYID, SUNW_R_SET_LKID_ERR); - goto cleanup; - } - } - if (pkey != NULL) { - str = (ASN1_STRING *)M_ASN1_OCTET_STRING_new(); - if (str == NULL || - M_ASN1_OCTET_STRING_set(str, keyid_str, keyid_len) == 0 || - (keyid = ASN1_TYPE_new()) == NULL) { - SUNWerr(SUNW_F_SET_LOCALKEYID, SUNW_R_MEMORY_FAILURE); - goto cleanup; - } - - ASN1_TYPE_set(keyid, V_ASN1_OCTET_STRING, str); - str = NULL; - - attr = type2attrib(keyid, NID_localKeyID); - if (attr == NULL) { - /* - * Error already on stack - */ - goto cleanup; - } - keyid = NULL; - - if (pkey->attributes == NULL) { - pkey->attributes = sk_X509_ATTRIBUTE_new_null(); - if (pkey->attributes == NULL) { - SUNWerr(SUNW_F_SET_LOCALKEYID, - SUNW_R_MEMORY_FAILURE); - goto cleanup; - } - } else { - i = find_attr_by_nid(pkey->attributes, NID_localKeyID); - if (i >= 0) - sk_X509_ATTRIBUTE_delete(pkey->attributes, i); - } - if (sk_X509_ATTRIBUTE_push(pkey->attributes, attr) == 0) { - SUNWerr(SUNW_F_SET_LOCALKEYID, SUNW_R_MEMORY_FAILURE); - goto cleanup; - } - attr = NULL; - } - retval = 0; - -cleanup: - if (str != NULL) - ASN1_STRING_free(str); - if (keyid != NULL) - ASN1_TYPE_free(keyid); - if (attr != NULL) - X509_ATTRIBUTE_free(attr); - - return (retval); -} - -/* - * sunw_get_pkey_localkeyid() gets the localkeyid from a private key. It can - * optionally remove the value found. - * - * Arguments: - * dowhat - What to do with the attributes (remove them or copy them). - * pkey - Points to a private key to set the keyidstr in. - * keyid_str- Points to a location which will receive the pointer to - * a byte string containing the binary localkeyid. Note that - * this is a copy, and the caller must free it. - * keyid_len- Length of keyid_str. - * - * Returns: - * >= 0 - The number of characters in the keyid returned. - * < 0 - An error occurred. It was probably an error in allocating - * memory. The error will be set in the error stack. Call - * ERR_get_error() to get specific information. - */ -int -sunw_get_pkey_localkeyid(getdo_actions_t dowhat, EVP_PKEY *pkey, - char **keyid_str, int *keyid_len) -{ - X509_ATTRIBUTE *attr = NULL; - ASN1_OCTET_STRING *str = NULL; - ASN1_TYPE *ty = NULL; - int len = 0; - int i; - - if (keyid_str != NULL) - *keyid_str = NULL; - if (keyid_len != NULL) - *keyid_len = 0; - - if (pkey == NULL || pkey->attributes == NULL) { - return (0); - } - - if ((i = find_attr_by_nid(pkey->attributes, NID_localKeyID)) < 0) { - return (0); - } - attr = sk_X509_ATTRIBUTE_value(pkey->attributes, i); - - if ((ty = attrib2type(attr)) == NULL || - ty->type != V_ASN1_OCTET_STRING) { - return (0); - } - - if (dowhat == GETDO_DEL) { - attr = sk_X509_ATTRIBUTE_delete(pkey->attributes, i); - if (attr != NULL) - X509_ATTRIBUTE_free(attr); - return (0); - } - - str = ty->value.octet_string; - len = str->length; - if ((*keyid_str = malloc(len)) == NULL) { - SUNWerr(SUNW_F_GET_LOCALKEYID, SUNW_R_MEMORY_FAILURE); - return (-1); - } - - (void) memcpy(*keyid_str, str->data, len); - *keyid_len = len; - - return (len); -} - -/* - * sunw_get_pkey_fname() gets the friendlyName from a private key. It can - * optionally remove the value found. - * - * Arguments: - * dowhat - What to do with the attributes (remove them or copy them). - * pkey - Points to a private key to get the frientlyname from - * fname - Points to a location which will receive the pointer to a - * byte string with the ASCII friendlyname - * - * Returns: - * >= 0 - The number of characters in the frienlyname returned. - * < 0 - An error occurred. It was probably an error in allocating - * memory. The error will be set in the error stack. Call - * ERR_get_error() to get specific information. - */ -int -sunw_get_pkey_fname(getdo_actions_t dowhat, EVP_PKEY *pkey, char **fname) -{ - X509_ATTRIBUTE *attr = NULL; - ASN1_BMPSTRING *str = NULL; - ASN1_TYPE *ty = NULL; - int len = 0; - int i; - - if (fname != NULL) - *fname = NULL; - - if (pkey == NULL || pkey->attributes == NULL) { - return (0); - } - - if ((i = find_attr_by_nid(pkey->attributes, NID_friendlyName)) < 0) { - return (0); - } - attr = sk_X509_ATTRIBUTE_value(pkey->attributes, i); - - if ((ty = attrib2type(attr)) == NULL || - ty->type != V_ASN1_BMPSTRING) { - return (0); - } - - if (dowhat == GETDO_DEL) { - attr = sk_X509_ATTRIBUTE_delete(pkey->attributes, i); - if (attr != NULL) - X509_ATTRIBUTE_free(attr); - return (0); - } - - str = ty->value.bmpstring; -#if OPENSSL_VERSION_NUMBER < 0x10000000L - *fname = uni2asc(str->data, str->length); -#else - *fname = OPENSSL_uni2asc(str->data, str->length); -#endif - if (*fname == NULL) { - SUNWerr(SUNW_F_GET_PKEY_FNAME, SUNW_R_MEMORY_FAILURE); - return (-1); - } - - len = strlen(*fname); - - return (len); -} - -/* - * sunw_find_localkeyid() searches stacks of certs and private keys, - * and returns the first matching cert/private key found. - * - * Look for a keyid in a stack of certs. if 'certs' is NULL and 'pkeys' is - * not NULL, search the list of private keys. Move the matching cert to - * 'matching_cert' and its matching private key to 'matching_pkey'. If no - * cert or keys match, no match occurred. - * - * Arguments: - * keyid_str- A byte string with the localkeyid to match - * keyid_len- Length of the keyid byte string. - * pkeys - Points to a stack of private keys which match the certs. - * This may be NULL, in which case no keys are returned. - * certs - Points to a stack of certs to search. If NULL, search the - * stack of keys instead. - * matching_pkey - * - Pointer to receive address of first matching pkey found. - * 'matching_pkey' must not be NULL; '*matching_pkey' will be - * reset. - * matching_cert - * - Pointer to receive address of first matching cert found. - * 'matching_cert' must not be NULL; '*matching_cert' will be - * reset. - * - * Returns: - * < 0 - An error returned. Call ERR_get_error() to get errors information. - * Where possible, memory has been freed. - * >= 0 - Objects were found and returned. Which objects are indicated by - * which bits are set (FOUND_PKEY and/or FOUND_CERT). - */ -int -sunw_find_localkeyid(char *keyid_str, int len, STACK_OF(EVP_PKEY) *pkeys, -STACK_OF(X509) *certs, EVP_PKEY **matching_pkey, X509 **matching_cert) -{ - ASN1_STRING *cmpstr = NULL; - EVP_PKEY *tmp_pkey = NULL; - X509 *tmp_cert = NULL; - int retval = 0; - - /* If NULL arguments, this is an error */ - if (keyid_str == NULL || - (pkeys == NULL || certs == NULL) || - (pkeys != NULL && matching_pkey == NULL) || - (certs != NULL && matching_cert == NULL)) { - SUNWerr(SUNW_F_FIND_LOCALKEYID, SUNW_R_INVALID_ARG); - return (-1); - } - - if (matching_pkey != NULL) - *matching_pkey = NULL; - if (matching_cert != NULL) - *matching_cert = NULL; - - cmpstr = (ASN1_STRING *)M_ASN1_OCTET_STRING_new(); - if (cmpstr == NULL || - M_ASN1_OCTET_STRING_set(cmpstr, keyid_str, len) == 0) { - SUNWerr(SUNW_F_FIND_LOCALKEYID, SUNW_R_MEMORY_FAILURE); - return (-1); - } - - retval = find_attr(NID_localKeyID, cmpstr, pkeys, &tmp_pkey, certs, - &tmp_cert); - if (retval == 0) { - ASN1_STRING_free(cmpstr); - return (retval); - } - - if (matching_pkey != NULL) - *matching_pkey = tmp_pkey; - if (matching_cert != NULL) - *matching_cert = tmp_cert; - - return (retval); -} - -/* - * sunw_find_fname() searches stacks of certs and private keys for one with - * a matching friendlyname and returns the first matching cert/private - * key found. - * - * Look for a friendlyname in a stack of certs. if 'certs' is NULL and 'pkeys' - * is not NULL, search the list of private keys. Move the matching cert to - * 'matching_cert' and its matching private key to 'matching_pkey'. If no - * cert or keys match, no match occurred. - * - * Arguments: - * fname - Friendlyname to find (NULL-terminated ASCII string). - * pkeys - Points to a stack of private keys which match the certs. - * This may be NULL, in which case no keys are returned. - * certs - Points to a stack of certs to search. If NULL, search the - * stack of keys instead. - * matching_pkey - * - Pointer to receive address of first matching pkey found. - * matching_cert - * - Pointer to receive address of first matching cert found. - * - * Returns: - * < 0 - An error returned. Call ERR_get_error() to get errors information. - * Where possible, memory has been freed. - * >= 0 - Objects were found and returned. Which objects are indicated by - * which bits are set (FOUND_PKEY and/or FOUND_CERT). - */ -int -sunw_find_fname(char *fname, STACK_OF(EVP_PKEY) *pkeys, STACK_OF(X509) *certs, - EVP_PKEY **matching_pkey, X509 ** matching_cert) -{ - ASN1_STRING *cmpstr = NULL; - EVP_PKEY *tmp_pkey = NULL; - X509 *tmp_cert = NULL; - int retval = 0; - - /* If NULL arguments, this is an error */ - if (fname == NULL || - (pkeys == NULL || certs == NULL) || - (pkeys != NULL && matching_pkey == NULL) || - (certs != NULL && matching_cert == NULL)) { - SUNWerr(SUNW_F_FIND_FNAME, SUNW_R_INVALID_ARG); - return (-1); - } - - if (matching_pkey != NULL) - *matching_pkey = NULL; - if (matching_cert != NULL) - *matching_cert = NULL; - - cmpstr = (ASN1_STRING *)asc2bmpstring(fname, strlen(fname)); - if (cmpstr == NULL) { - /* - * Error already on stack - */ - return (-1); - } - - retval = find_attr(NID_friendlyName, cmpstr, pkeys, &tmp_pkey, certs, - &tmp_cert); - if (retval == 0) { - ASN1_STRING_free(cmpstr); - return (retval); - } - - if (matching_pkey != NULL) - *matching_pkey = tmp_pkey; - if (matching_cert != NULL) - *matching_cert = tmp_cert; - - return (retval); -} - -/* - * sunw_print_times() formats and prints cert times to the given file. - * - * The label is printed on one line. One or both dates are printed on - * the following line or two, each with it's own indented label in the - * format: - * - * label - * 'not before' date: whatever - * 'not after' date: whatever - * - * Arguments: - * fp - file pointer for file to write to. - * dowhat - what field(s) to print. - * label - Label to use. If NULL, no line will be printed. - * cert - Points to a client or CA certs to check - * - * Returns: - * < 0 - An error occured. - * >= 0 - Number of lines written. - */ -int -sunw_print_times(FILE *fp, prnt_actions_t dowhat, char *label, X509 *cert) -{ - int lines = 0; - - if (label != NULL) { - (void) fprintf(fp, "%s\n", label); - lines++; - } - - if (dowhat == PRNT_NOT_BEFORE || dowhat == PRNT_BOTH) { - (void) fprintf(fp, "'not before' date: "); - (void) print_time(fp, X509_get_notBefore(cert)); - (void) fprintf(fp, "\n"); - lines++; - } - - if (dowhat == PRNT_NOT_AFTER || dowhat == PRNT_BOTH) { - (void) fprintf(fp, "'not after' date: "); - (void) print_time(fp, X509_get_notAfter(cert)); - (void) fprintf(fp, "\n"); - lines++; - } - return (lines); -} - -/* - * sunw_check_keys() compares the public key in the certificate and a - * private key to ensure that they match. - * - * Arguments: - * cert - Points to a certificate. - * pkey - Points to a private key. - * - * Returns: - * == 0 - These do not match. - * != 0 - The cert's public key and the private key match. - */ -int -sunw_check_keys(X509 *cert, EVP_PKEY *pkey) -{ - int retval = 0; - - if (pkey != NULL && cert != NULL) - retval = X509_check_private_key(cert, pkey); - - return (retval); -} - -/* - * sunw_issuer_attrs - Given a cert, return the issuer-specific attributes - * as one ASCII string. - * - * Arguments: - * cert - Cert to process - * buf - If non-NULL, buffer to receive string. If NULL, one will - * be allocated and its value will be returned to the caller. - * len - If 'buff' is non-null, the buffer's length. - * - * This returns an ASCII string with all issuer-related attributes in one - * string separated by '/' characters. Each attribute begins with its name - * and an equal sign. Two attributes (ATTR1 and Attr2) would have the - * following form: - * - * ATTR1=attr_value/ATTR2=attr2_value - * - * Returns: - * != NULL - Pointer to the ASCII string containing the issuer-related - * attributes. If the 'buf' argument was NULL, this is a - * dynamically-allocated buffer and the caller will have the - * responsibility for freeing it. - * NULL - Memory needed to be allocated but could not be. Errors - * are set on the error stack. - */ -char * -sunw_issuer_attrs(X509 *cert, char *buf, int len) -{ - return (X509_NAME_oneline(X509_get_issuer_name(cert), buf, len)); -} - -/* - * sunw_subject_attrs - Given a cert, return the subject-specific attributes - * as one ASCII string. - * - * Arguments: - * cert - Cert to process - * buf - If non-NULL, buffer to receive string. If NULL, one will - * be allocated and its value will be returned to the caller. - * len - If 'buff' is non-null, the buffer's length. - * - * This returns an ASCII string with all subject-related attributes in one - * string separated by '/' characters. Each attribute begins with its name - * and an equal sign. Two attributes (ATTR1 and Attr2) would have the - * following form: - * - * ATTR1=attr_value/ATTR2=attr2_value - * - * Returns: - * != NULL - Pointer to the ASCII string containing the subject-related - * attributes. If the 'buf' argument was NULL, this is a - * dynamically-allocated buffer and the caller will have the - * responsibility for freeing it. - * NULL - Memory needed to be allocated but could not be. Errors - * are set on the error stack. - */ -char * -sunw_subject_attrs(X509 *cert, char *buf, int len) -{ - return (X509_NAME_oneline(X509_get_subject_name(cert), buf, len)); -} - -/* - * sunw_append_keys - Given two stacks of private keys, remove the keys from - * the second stack and append them to the first. Both stacks must exist - * at time of call. - * - * Arguments: - * dst - the stack to receive the keys from 'src' - * src - the stack whose keys are to be moved. - * - * Returns: - * -1 - An error occurred. The error status is set. - * >= 0 - The number of keys that were copied. - */ -int -sunw_append_keys(STACK_OF(EVP_PKEY) *dst, STACK_OF(EVP_PKEY) *src) -{ - EVP_PKEY *tmpk; - int count = 0; - - while (sk_EVP_PKEY_num(src) > 0) { - tmpk = sk_EVP_PKEY_delete(src, 0); - if (sk_EVP_PKEY_push(dst, tmpk) == 0) { - sunw_evp_pkey_free(tmpk); - SUNWerr(SUNW_F_APPEND_KEYS, SUNW_R_MEMORY_FAILURE); - return (-1); - } - count++; - } - - return (count); -} diff --git a/usr/src/common/net/wanboot/parseURL.c b/usr/src/common/net/wanboot/parseURL.c deleted file mode 100644 index c27c784433..0000000000 --- a/usr/src/common/net/wanboot/parseURL.c +++ /dev/null @@ -1,179 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <ctype.h> -#include <strings.h> -#include <stdlib.h> - -#include <parseURL.h> - -#define HTTP_SCHEME "http://" -#define HTTPS_SCHEME "https://" - -/* - * This routine parses a hostport string and initializes an url_hport_t - * structure with its contents. Technically, a hostport string does not - * require a port component. In the case, where there is no port component - * in the hostport string, this routine will initialize the url_hport_t - * structure with the default port supplied by the caller. - * - * A host port string should be of the form -> host[:port] - * - * Returns: One of the URL parsing error return codes. - */ -int -url_parse_hostport(const char *hpstr, url_hport_t *hport, ushort_t def_port) -{ - char *lhpstr; - char *ptr; - char *optr; - size_t hlen; - - lhpstr = strdup(hpstr); - if (lhpstr == NULL) { - return (URL_PARSE_NOMEM); - } - - /* - * Find the host/port separator. - */ - ptr = lhpstr; - optr = ptr; - ptr = strstr(optr, ":"); - if (ptr != NULL) { - *ptr = '\0'; - ptr++; - } - - /* - * Copy in the hostname and check to see that it was a - * a valid size. - */ - hlen = strlcpy(hport->hostname, optr, sizeof (hport->hostname)); - if (hlen == 0 || hlen >= sizeof (hport->hostname)) { - free(lhpstr); - return (URL_PARSE_BAD_HOSTPORT); - } - - /* - * If the hostport string does not contain a port, then use - * the default port provided by the caller. - */ - if (ptr == NULL || *ptr == '\0') { - hport->port = def_port; - } else { - hport->port = 0; - while (*ptr != '\0') { - if (!isdigit(*ptr)) { - free(lhpstr); - return (URL_PARSE_BAD_HOSTPORT); - } - hport->port *= 10; - hport->port += (*ptr - '0'); - ptr++; - } - } - - free(lhpstr); - return (URL_PARSE_SUCCESS); -} - -/* - * This routine parses an http or https URL and initializes an url_t - * structure with its contents. - * - * A URL string should be of the form -> http[s]://host[:port]/abspath - * - * Returns: One of the URL parsing error return codes. - */ -int -url_parse(const char *urlstr, url_t *url) { - - char *lurlstr; - char *ptr; - char *optr; - size_t plen; - int ret; - - lurlstr = strdup(urlstr); - if (lurlstr == NULL) { - return (URL_PARSE_NOMEM); - } - - /* - * Determine 'http' or 'https'. - */ - ptr = lurlstr; - if (strncmp(ptr, HTTP_SCHEME, strlen(HTTP_SCHEME)) == 0) { - ptr += strlen(HTTP_SCHEME); - url->https = B_FALSE; - } else if (strncmp(ptr, HTTPS_SCHEME, strlen(HTTPS_SCHEME)) == 0) { - ptr += strlen(HTTPS_SCHEME); - url->https = B_TRUE; - } else { - free(lurlstr); - return (URL_PARSE_BAD_SCHEME); - } - - /* - * Find the hostport/abspath separator. - */ - optr = ptr; - ptr = strstr(optr, "/"); - if (ptr != NULL) { - *ptr = '\0'; - } - - /* - * Parse the hostport entity; supply suitable port defaults. - */ - ret = url_parse_hostport(optr, &url->hport, url->https ? - URL_DFLT_HTTPS_SRVR_PORT : URL_DFLT_SRVR_PORT); - if (ret != URL_PARSE_SUCCESS) { - free(lurlstr); - return (ret); - } - - /* - * If the URL string does not contain an abspath, then supply "/" - * by default. - */ - if (ptr != NULL) { - *ptr = '/'; - plen = strlcpy(url->abspath, ptr, sizeof (url->abspath)); - if (plen >= sizeof (url->abspath)) { - free(lurlstr); - return (URL_PARSE_BAD_ABSPATH); - } - } else { - (void) strlcpy(url->abspath, "/", sizeof (url->abspath)); - } - - free(lurlstr); - return (URL_PARSE_SUCCESS); -} diff --git a/usr/src/common/net/wanboot/parseURL.h b/usr/src/common/net/wanboot/parseURL.h deleted file mode 100644 index e5150a6fee..0000000000 --- a/usr/src/common/net/wanboot/parseURL.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _PARSEURL_H -#define _PARSEURL_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/param.h> - -#ifdef __cplusplus -extern "C" { -#endif - -#define URL_PARSE_SUCCESS (uint_t)0 -#define URL_PARSE_NOMEM (uint_t)1 -#define URL_PARSE_BAD_HOSTPORT (uint_t)2 -#define URL_PARSE_BAD_SCHEME (uint_t)3 -#define URL_PARSE_BAD_ABSPATH (uint_t)4 - -#define URL_DFLT_SRVR_PORT (ushort_t)80 -#define URL_DFLT_HTTPS_SRVR_PORT (ushort_t)443 -#define URL_DFLT_PROXY_PORT (ushort_t)8080 - -#define URL_MAX_STRLEN MAXPATHLEN * 2 -#define URL_MAX_PATHLEN MAXPATHLEN -#define URL_MAX_HOSTLEN 256 - -typedef struct { - char hostname[URL_MAX_HOSTLEN]; - ushort_t port; -} url_hport_t; - -typedef struct { - boolean_t https; - url_hport_t hport; - char abspath[URL_MAX_PATHLEN]; -} url_t; - -extern int url_parse_hostport(const char *, url_hport_t *, ushort_t); -extern int url_parse(const char *, url_t *); - -#ifdef __cplusplus -} -#endif - -#endif /* _PARSEURL_H */ diff --git a/usr/src/common/net/wanboot/wanboot_conf.h b/usr/src/common/net/wanboot/wanboot_conf.h deleted file mode 100644 index 92a0347db6..0000000000 --- a/usr/src/common/net/wanboot/wanboot_conf.h +++ /dev/null @@ -1,134 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _WANBOOT_CONF_H -#define _WANBOOT_CONF_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/time.h> -#include <sys/nvpair.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Valid wanboot.conf(4) names - */ -#define BC_BOOT_FILE "boot_file" -#define BC_ROOT_SERVER "root_server" -#define BC_ROOT_FILE "root_file" -#define BC_ENCRYPTION_TYPE "encryption_type" -#define BC_SIGNATURE_TYPE "signature_type" -#define BC_CLIENT_AUTHENTICATION "client_authentication" -#define BC_SERVER_AUTHENTICATION "server_authentication" -#define BC_BOOT_LOGGER "boot_logger" -#define BC_RESOLVE_HOSTS "resolve_hosts" -#define BC_SYSTEM_CONF "system_conf" - -/* - * Valid encryption types - */ -#define BC_ENCRYPTION_3DES "3des" -#define BC_ENCRYPTION_AES "aes" - -/* - * Valid signature types - */ -#define BC_SIGNATURE_SHA1 "sha1" - -/* - * Valid yes/no options - */ -#define BC_YES "yes" -#define BC_NO "no" - -/* - * Define some maximum length for a line in wanboot.conf(4): - */ -#define BC_MAX_LINE_LENGTH 4096 - -/* - * Return codes from init_bootconf(); if BC_FAILURE, the 'bc_error_code' - * field below gives the reason: - */ -#define BC_SUCCESS 0 -#define BC_FAILURE 1 - -/* - * Possible values of the 'bc_error_code' field below; refer to - * bootconf_errmsg.c for a description of these codes: - */ -typedef enum { - BC_E_NOERROR, - BC_E_ACCESS, - BC_E_NVLIST, - BC_E_IOERR, - BC_E_TOO_LONG, - BC_E_SYNTAX, - BC_E_UNKNOWN_NAME, - BC_E_ENCRYPTION_ILLEGAL, - BC_E_SIGNATURE_ILLEGAL, - BC_E_CLIENT_AUTH_ILLEGAL, - BC_E_SERVER_AUTH_ILLEGAL, - BC_E_ROOT_SERVER_BAD, - BC_E_ROOT_SERVER_ABSENT, - BC_E_ROOT_FILE_ABSENT, - BC_E_BOOT_LOGGER_BAD, - BC_E_ENCRYPTED_NOT_SIGNED, - BC_E_CLIENT_AUTH_NOT_ENCRYPTED, - BC_E_CLIENT_AUTH_NOT_SERVER, - BC_E_SERVER_AUTH_NOT_SIGNED, - BC_E_SERVER_AUTH_NOT_HTTPS, - BC_E_SERVER_AUTH_NOT_HTTP, - BC_E_BOOTLOGGER_AUTH_NOT_HTTP -} bc_errcode_t; - -/* - * Structure defining the bootconf context: - */ -typedef struct bc_handle { - nvlist_t *bc_nvl; /* The nvpair list representation */ - bc_errcode_t bc_error_code; /* On error, one of the above codes */ - int bc_error_pos; /* Line in error in wanboot.conf */ -} bc_handle_t; - -/* - * The interfaces to be used when accessing the wanboot.conf file: - */ -extern int bootconf_init(bc_handle_t *handle, const char *bootconf); -extern char *bootconf_get(bc_handle_t *handle, const char *name); -extern void bootconf_end(bc_handle_t *handle); -#if !defined(_BOOT) -extern char *bootconf_errmsg(bc_handle_t *handle); -#endif /* !defined(_BOOT) */ - -#ifdef __cplusplus -} -#endif - -#endif /* _WANBOOT_CONF_H */ diff --git a/usr/src/lib/Makefile b/usr/src/lib/Makefile index 0f62e87b79..3091b1a6f4 100644 --- a/usr/src/lib/Makefile +++ b/usr/src/lib/Makefile @@ -233,8 +233,6 @@ SUBDIRS += \ libvrrpadm \ libvscan \ libw \ - libwanboot \ - libwanbootutil \ libwrap \ libxcurses \ libxcurses2 \ @@ -348,8 +346,6 @@ MSGSUBDIRS= \ libuutil \ libvrrpadm \ libvscan \ - libwanboot \ - libwanbootutil \ libzfs \ libzonecfg \ madv \ @@ -480,8 +476,6 @@ HDRSUBDIRS= \ libvolmgt \ libvrrpadm \ libvscan \ - libwanboot \ - libwanbootutil \ libwrap \ libxcurses2 \ libzfs \ @@ -636,7 +630,7 @@ libnisdb: libldap5 libnwam: libscf libbsm libdladm libipadm libpcp: libumem libdevinfo libpctx: libproc -libpkg: libwanboot libscf libadm +libpkg: libscf libadm libpool: libscf libexacct libpp: libast libproc: ../cmd/sgs/librtld_db ../cmd/sgs/libelf libctf @@ -675,7 +669,6 @@ libv12n: libds libuuid libvolmgt: libadm libvrrpadm: libdladm libscf libvscan: libscf libsecdb -libwanboot: libresolv2 libdevinfo libinetutil libdhcputil libzfs: libdevid libgen libuutil libadm libavl libefi libidmap \ libumem libtsol libzfs_core libcmdutils libzfs_jni: libdiskmgt libzfs diff --git a/usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c b/usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c index 94225f846a..46aea6a2aa 100644 --- a/usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c +++ b/usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c @@ -135,8 +135,7 @@ static uchar_t G[] = { 0x00, 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, #define SET_SYS_ERROR(h, c) h->lasterr.kstype = -1; h->lasterr.errcode = c; /* - * Declare some new macros for managing stacks of EVP_PKEYS, similar to - * what wanboot did. + * Declare some new macros for managing stacks of EVP_PKEYS. */ DECLARE_STACK_OF(EVP_PKEY) diff --git a/usr/src/lib/libwanboot/Makefile b/usr/src/lib/libwanboot/Makefile deleted file mode 100644 index 580716ccc2..0000000000 --- a/usr/src/lib/libwanboot/Makefile +++ /dev/null @@ -1,77 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2006 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# Copyright 2012 OmniTI Computer Consulting, Inc. All rights reserved. -# - -include $(SRC)/lib/Makefile.lib - -SUBDIRS = $(MACH) -$(BUILD64)SUBDIRS += $(MACH64) - -HDRS = boot_http.h \ - bootinfo.h \ - bootlog.h \ - netboot_paths.h \ - parseURL.h \ - p12aux.h \ - p12access.h\ - p12err.h\ - wanboot_conf.h -HDRDIR = $(SRCDIR) $(SRC)/common/net/wanboot - -CHECKHDRS += $(SRC)/common/net/wanboot/auxutil.h - -POFILE = libwanboot.po -MSGFILES = $(SRC)/common/net/wanboot/bootconf_errmsg.c \ - $(SRC)/common/net/wanboot/boot_http.c \ - $(SRC)/common/net/wanboot/bootlog.c \ - $(SRC)/common/net/wanboot/http_errorstr.c \ - $(SRC)/common/net/wanboot/p12err.c -XGETFLAGS = -a -x libwanboot.xcl - -all := TARGET = all -clean := TARGET = clean -clobber := TARGET = clobber -install := TARGET = install -lint := TARGET = lint - -.KEEP_STATE: - -all clean clobber install lint: $(SUBDIRS) - -install_h: $(ROOTHDRS) - -check: $(CHECKHDRS) - -$(POFILE): pofile_MSGFILES - -_msg: $(MSGDOMAINPOFILE) - -$(SUBDIRS): FRC - @cd $@; pwd; $(MAKE) $(TARGET) - -FRC: - -include $(SRC)/Makefile.msg.targ -include $(SRC)/lib/Makefile.targ diff --git a/usr/src/lib/libwanboot/Makefile.com b/usr/src/lib/libwanboot/Makefile.com deleted file mode 100644 index 322bfb51f7..0000000000 --- a/usr/src/lib/libwanboot/Makefile.com +++ /dev/null @@ -1,99 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# Copyright (c) 2012 by Delphix. All rights reserved. -# - -LIBRARY = libwanboot.a -VERS = .1 - -# List of locally located modules. -LOC_DIR = ../common -LOC_OBJS = socket_inet.o bootinfo_aux.o -LOC_SRCS = $(LOC_OBJS:%.o=$(LOC_DIR)/%.c) - -# List of common wanboot objects. -COM_DIR = ../../../common/net/wanboot -COM_OBJS = auxutil.o \ - boot_http.o \ - bootconf.o \ - bootconf_errmsg.o \ - bootinfo.o \ - bootlog.o \ - http_errorstr.o \ - p12access.o \ - p12auxpars.o \ - p12auxutl.o \ - p12err.o \ - p12misc.o \ - parseURL.o -COM_SRCS = $(COM_OBJS:%.o=$(COM_DIR)/%.c) - -# List of common DHCP modules. -DHCP_DIR = $(SRC)/common/net/dhcp -DHCP_OBJS = dhcpinfo.o -DHCP_SRCS = $(DHCP_OBJS:%.o=$(DHCP_DIR)/%.c) - -OBJECTS = $(LOC_OBJS) $(COM_OBJS) $(DHCP_OBJS) - -include ../../Makefile.lib - -LIBS += $(LINTLIB) -LDLIBS += -lnvpair -lresolv -lnsl -lsocket -ldevinfo -ldhcputil \ - -linetutil -lc -lcrypto -lssl -CPPFLAGS = -I$(SRC)/common/net/wanboot/crypt $(CPPFLAGS.master) -CERRWARN += -_gcc=-Wno-switch -CERRWARN += -_gcc=-Wno-parentheses -CERRWARN += -_gcc=-Wno-unused-value -CERRWARN += -_gcc=-Wno-uninitialized - -# Must override SRCS from Makefile.lib since sources have -# multiple source directories. -SRCS = $(LOC_SRCS) $(COM_SRCS) $(DHCP_SRCS) - -# Must define location of lint library source. -SRCDIR = $(LOC_DIR) -$(LINTLIB) := SRCS = $(SRCDIR)/$(LINTSRC) - -# OpenSSL (incl. varying versions) requires us to turn these off -LINTFLAGS += -erroff=E_BAD_PTR_CAST_ALIGN,E_SUPPRESSION_DIRECTIVE_UNUSED -LINTFLAGS64 += -erroff=E_BAD_PTR_CAST_ALIGN,E_SUPPRESSION_DIRECTIVE_UNUSED - -CFLAGS += $(CCVERBOSE) -CPPFLAGS += -I$(LOC_DIR) -I$(COM_DIR) -I$(DHCP_DIR) - -.KEEP_STATE: - -all: $(LIBS) - -lint: lintcheck - -pics/%.o: $(COM_DIR)/%.c - $(COMPILE.c) -o $@ $< - $(POST_PROCESS_O) - -pics/%.o: $(DHCP_DIR)/%.c - $(COMPILE.c) -o $@ $< - $(POST_PROCESS_O) - -include ../../Makefile.targ diff --git a/usr/src/lib/libwanboot/amd64/Makefile b/usr/src/lib/libwanboot/amd64/Makefile deleted file mode 100644 index df2bad0003..0000000000 --- a/usr/src/lib/libwanboot/amd64/Makefile +++ /dev/null @@ -1,29 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2012 OmniTI Computer Consulting, Inc. All rights reserved. -# - -include ../Makefile.com -include ../../Makefile.lib.64 - -install: all $(ROOTLIBS64) $(ROOTLINKS64) $(ROOTLINT64) diff --git a/usr/src/lib/libwanboot/common/bootinfo_aux.c b/usr/src/lib/libwanboot/common/bootinfo_aux.c deleted file mode 100644 index a72561da57..0000000000 --- a/usr/src/lib/libwanboot/common/bootinfo_aux.c +++ /dev/null @@ -1,520 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/types.h> -#include <stdlib.h> -#include <dhcp_impl.h> -#include <netinet/inetutil.h> -#include <sys/systeminfo.h> -#include <netinet/in.h> -#include <strings.h> -#include <net/if.h> -#include <libdevinfo.h> -#include <sys/isa_defs.h> -#include <unistd.h> -#include <fcntl.h> -#include <netdb.h> -#include <alloca.h> -#include <stdio.h> -#include <sys/sockio.h> -#include <sys/statvfs.h> -#include <sys/utsname.h> -#include <bootinfo.h> -#include <bootinfo_aux.h> - -#define MAXIFS 256 /* default max number of interfaces */ - -/* - * Callback structure used when walking the device tree. - */ -typedef struct { - char *cb_path; /* device path we want to match */ - di_node_t cb_node; /* found leaf node of device path */ -} cb_t; - -/* - * Handles on devinfo stuff. - */ -static di_node_t root_node = DI_NODE_NIL; -static di_prom_handle_t phdl = DI_PROM_HANDLE_NIL; - -/* - * Root filesystem type string. - */ -static char *rootfs_type = NULL; - -/* - * Handles on DHCP's packet list and interface-name. - */ -static PKT_LIST *dhcp_pl = NULL; -static char dhcp_ifn[IFNAMSIZ + 1]; - -/* - * Deallocate dhcp_pl. - */ -static void -dhcp_info_end(void) -{ - if (dhcp_pl != NULL) { - free(dhcp_pl->pkt); - free(dhcp_pl); - } - dhcp_pl = NULL; - dhcp_ifn[0] = '\0'; -} - -/* - * Determine whether the kernel has a cached DHCP ACK, and if so - * initialize dhcp_pl and dhcp_ifn. - */ -static boolean_t -dhcp_info_init(void) -{ - boolean_t ret = B_FALSE; - char dummy; - char *dhcack = NULL; - long dhcacksz; - char *ackp; - - /* - * See whether the kernel has a cached DHCP ACK, and if so get it. - * If there is no DHCP ACK, then the returned length is equal to - * the size of an empty string. - */ - if ((dhcacksz = sysinfo(SI_DHCP_CACHE, &dummy, - sizeof (dummy))) == sizeof ("")) { - return (B_TRUE); - } - if ((dhcack = malloc(dhcacksz)) == NULL) { - goto cleanup; - } - if ((dhcp_pl = calloc(1, sizeof (PKT_LIST))) == NULL) { - goto cleanup; - } - (void) sysinfo(SI_DHCP_CACHE, (caddr_t)dhcack, dhcacksz); - - /* - * The first IFNAMSIZ bytes are reserved for the interface name; - * the ACK follows. - */ - ackp = &dhcack[IFNAMSIZ]; - - /* - * Convert and scan the options. - */ - dhcp_pl->len = strlen(ackp) / 2; - if ((dhcp_pl->pkt = malloc(dhcp_pl->len)) == NULL) { - goto cleanup; - } - if (hexascii_to_octet(ackp, dhcp_pl->len * 2, - dhcp_pl->pkt, &dhcp_pl->len) != 0) { - goto cleanup; - } - if (dhcp_options_scan(dhcp_pl, B_TRUE) != 0) { - goto cleanup; - } - - /* - * Set the interface-name. - */ - (void) strlcpy(dhcp_ifn, dhcack, sizeof (dhcp_ifn)); - - ret = B_TRUE; -cleanup: - if (!ret) { - dhcp_info_end(); - } - if (dhcack != NULL) { - free(dhcack); - } - - return (ret); -} - -/* - * Deallocate devinfo stuff. - */ -static void -destroy_snapshot(void) -{ - if (phdl != DI_PROM_HANDLE_NIL) { - di_prom_fini(phdl); - } - phdl = DI_PROM_HANDLE_NIL; - - if (root_node != DI_NODE_NIL) { - di_fini(root_node); - } - root_node = DI_NODE_NIL; -} - -/* - * Take a snapshot of the device tree, i.e. get a devinfo handle and - * a PROM handle. - */ -static boolean_t -snapshot_devtree(void) -{ - /* - * Deallocate any existing devinfo stuff first. - */ - destroy_snapshot(); - - if ((root_node = di_init("/", DINFOCPYALL)) == DI_NODE_NIL || - (phdl = di_prom_init()) == DI_PROM_HANDLE_NIL) { - destroy_snapshot(); - return (B_FALSE); - } - - return (B_TRUE); -} - -/* - * Get the value of the named property on the named node in root. - */ -static char * -get_prop(const char *nodename, const char *propname, size_t *lenp) -{ - di_node_t node; - di_prom_prop_t pp; - char *val = NULL; - int len; - - /* - * Locate nodename within '/'. - */ - for (node = di_child_node(root_node); - node != DI_NODE_NIL; - node = di_sibling_node(node)) { - if (strcmp(di_node_name(node), nodename) == 0) { - break; - } - } - if (node == DI_NODE_NIL) { - return (NULL); - } - - /* - * Scan all properties of /nodename for the 'propname' property. - */ - for (pp = di_prom_prop_next(phdl, node, DI_PROM_PROP_NIL); - pp != DI_PROM_PROP_NIL; - pp = di_prom_prop_next(phdl, node, pp)) { - if (strcmp(propname, di_prom_prop_name(pp)) == 0) { - break; - } - } - if (pp == DI_PROM_PROP_NIL) { - return (NULL); - } - - /* - * Found the property; copy out its length and return its value. - */ - len = di_prom_prop_data(pp, (uchar_t **)&val); - if (lenp != NULL) { - *lenp = len; - } - return (val); -} - -/* - * Strip any trailing arguments from a device path. - * Returned memory must be freed by caller. - */ -static char * -strip_args(char *path, size_t len) -{ - char *stripped_path = NULL; - - if (path != NULL && len != 0 && - (stripped_path = calloc(len + 1, sizeof (char))) != NULL) { - char *p; - - (void) memcpy(stripped_path, path, len); - if ((p = strchr(stripped_path, ':')) != NULL) { - *p = '\0'; - } - } - return (stripped_path); -} - -/* - * Return the "bootpath" property (sans arguments) from /chosen. - * Returned memory must be freed by caller. - */ -static char * -get_bootpath(void) -{ - char *path; - size_t len; - - path = get_prop("chosen", "bootpath", &len); - return (strip_args(path, len)); -} - -/* - * Return the "net" property (sans arguments) from /aliases. - * Returned memory must be freed by caller. - */ -static char * -get_netalias(void) -{ - char *path; - size_t len; - - path = get_prop("aliases", "net", &len); - return (strip_args(path, len)); -} - -/* - * Callback used by path2node(). - */ -static int -p2n_cb(di_node_t node, void *arg) -{ - int ret = DI_WALK_CONTINUE; - cb_t *cbp = arg; - char *phys_path = di_devfs_path(node); - - if (strcmp(cbp->cb_path, phys_path) == 0) { - cbp->cb_node = node; - ret = DI_WALK_TERMINATE; - } - di_devfs_path_free(phys_path); - - return (ret); -} - -/* - * Map a device path to its matching di_node_t. - */ -static di_node_t -path2node(char *path) -{ - cb_t cb; - - cb.cb_path = path; - cb.cb_node = DI_NODE_NIL; - - (void) di_walk_node(root_node, DI_WALK_CLDFIRST, &cb, p2n_cb); - - return (cb.cb_node); -} - -/* - * Check whether node corresponds to a network device. - */ -static boolean_t -is_network_device(di_node_t node) -{ - char *type; - - return (di_prom_prop_lookup_strings(phdl, node, - "device_type", &type) > 0 && strcmp(type, "network") == 0); -} - -/* - * Initialise bootmisc with the rootfs-type. - */ -static boolean_t -rootfs_type_init(void) -{ - static struct statvfs vfs; - - if (statvfs("/", &vfs) >= 0) { - if (strncmp(vfs.f_basetype, "nfs", sizeof ("nfs") - 1) == 0) { - vfs.f_basetype[sizeof ("nfs") - 1] = '\0'; - } - rootfs_type = vfs.f_basetype; - } - - return (rootfs_type != NULL && bi_put_bootmisc(BI_ROOTFS_TYPE, - rootfs_type, strlen(rootfs_type) + 1)); -} - -/* - * Initialise bootmisc with the interface-name of the primary network device, - * and the net-config-strategy employed in configuring that device. - */ -static boolean_t -netif_init(char *ifn, char *ncs) -{ - return (bi_put_bootmisc(BI_INTERFACE_NAME, ifn, strlen(ifn) + 1) && - bi_put_bootmisc(BI_NET_CONFIG_STRATEGY, ncs, strlen(ncs) + 1)); -} - -/* - * Determine whether the interface was configured manually. - */ -static boolean_t -manual_if_init(void) -{ - boolean_t ret = B_FALSE; - char *ncs; - char *devpath; - di_node_t node; - int instance; - char *drvname; - char ifname[IFNAMSIZ + 1]; - - /* - * If net-config-strategy isn't "manual", don't go any further. - */ - if ((ncs = get_prop("chosen", BI_NET_CONFIG_STRATEGY, NULL)) == NULL || - strcmp(ncs, "manual") != 0) { - return (B_FALSE); - } - - /* - * First check the 'bootpath' property of /chosen to see whether - * it specifies the path of a network device; if so, use this. - */ - if ((devpath = get_bootpath()) == NULL || - (node = path2node(devpath)) == DI_NODE_NIL || - !is_network_device(node)) { - /* - * Must have been booted from CD-ROM or disk; attempt to - * use the path defined by the 'net' property of /aliases. - */ - free(devpath); - if ((devpath = get_netalias()) == NULL || - (node = path2node(devpath)) == DI_NODE_NIL || - !is_network_device(node)) { - goto cleanup; - } - } - - /* - * Get the driver name and instance number of this node. - * We may have to load the driver. - */ - if ((drvname = di_driver_name(node)) == NULL) { - goto cleanup; - } - if ((instance = di_instance(node)) == -1) { - di_node_t tmp; - - /* - * Attempt to load the driver, create a new snapshot of the - * (possibly changed) device tree and re-compute our node. - */ - if ((tmp = di_init_driver(drvname, 0)) != DI_NODE_NIL) { - di_fini(tmp); - - if (!snapshot_devtree() || - (node = path2node(devpath)) == DI_NODE_NIL) { - goto cleanup; - } - } - instance = di_instance(node); - } - - /* - * Construct the interface name. - */ - if (instance == -1) { - (void) snprintf(ifname, sizeof (ifname), - "%s", di_driver_name(node)); - } else { - (void) snprintf(ifname, sizeof (ifname), - "%s%d", di_driver_name(node), instance); - } - - ret = netif_init(ifname, "manual"); -cleanup: - free(devpath); - return (ret); -} - -/* - * Determine whether the interface was configured via DHCP. - */ -static boolean_t -dhcp_if_init(void) -{ - return (strlen(dhcp_ifn) != 0 && netif_init(dhcp_ifn, "dhcp")); -} - -static boolean_t -bootmisc_init(void) -{ - return (rootfs_type_init() && - (manual_if_init() || dhcp_if_init())); -} - - -/* - * Functions dealing with bootinfo initialization/cleanup. - */ -boolean_t -bi_init_bootinfo(void) -{ - if (snapshot_devtree() && dhcp_info_init() && bootmisc_init()) { - return (B_TRUE); - } - bi_end_bootinfo(); - return (B_FALSE); -} - -void -bi_end_bootinfo(void) -{ - destroy_snapshot(); - dhcp_info_end(); -} - -/* - * Function dealing with /chosen data. - */ -boolean_t -bi_get_chosen_prop(const char *name, void *valbuf, size_t *vallenp) -{ - char *val; - size_t buflen = *vallenp; - - if ((val = get_prop("chosen", name, vallenp)) == NULL) { - return (B_FALSE); - } - if (*vallenp <= buflen) { - (void) memcpy(valbuf, val, *vallenp); - } - - return (B_TRUE); -} - -/* - * Function dealing with DHCP data. - */ -boolean_t -bi_get_dhcp_info(uchar_t optcat, uint16_t optcode, uint16_t optsize, - void *valbuf, size_t *vallenp) -{ - return (dhcp_getinfo_pl(dhcp_pl, - optcat, optcode, optsize, valbuf, vallenp)); -} diff --git a/usr/src/lib/libwanboot/common/llib-lwanboot b/usr/src/lib/libwanboot/common/llib-lwanboot deleted file mode 100644 index 885e58e1fc..0000000000 --- a/usr/src/lib/libwanboot/common/llib-lwanboot +++ /dev/null @@ -1,41 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -/* LINTLIBRARY */ -/* PROTOLIB1 */ - -#include <boot_http.h> -#include <bootinfo.h> -#include <bootlog.h> -#include <parseURL.h> -#include <wanboot_conf.h> - -#include <openssl/ssl.h> -#include <openssl/pkcs12.h> -#include <p12access.h> -#include <p12aux.h> diff --git a/usr/src/lib/libwanboot/common/mapfile-vers b/usr/src/lib/libwanboot/common/mapfile-vers deleted file mode 100644 index 0bbcc85a2e..0000000000 --- a/usr/src/lib/libwanboot/common/mapfile-vers +++ /dev/null @@ -1,95 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. -# - -# -# MAPFILE HEADER START -# -# WARNING: STOP NOW. DO NOT MODIFY THIS FILE. -# Object versioning must comply with the rules detailed in -# -# usr/src/lib/README.mapfiles -# -# You should not be making modifications here until you've read the most current -# copy of that file. If you need help, contact a gatekeeper for guidance. -# -# MAPFILE HEADER END -# - -$mapfile_version 2 - -SYMBOL_VERSION SUNWprivate_1.1 { - global: - bootconf_end; - bootconf_errmsg; - bootconf_get; - bootconf_init; - bootinfo_end; - bootinfo_get; - bootinfo_init; - bootlog; - http_conn_is_https; - http_decode_err; - http_errorstr; - http_free_respinfo; - http_get_conn_info; - http_get_header_value; - http_get_lasterr; - http_get_range_request; - http_get_request; - http_get_response_header; - http_get_version; - http_head_request; - http_process_headers; - http_process_part_headers; - http_read_body; - http_set_basic_auth; - http_set_certificate_authority_file; - http_set_cipher_list; - http_set_client_certificate_file; - http_set_keepalive; - http_set_key_file_password; - http_set_p12_format; - http_set_password; - http_set_private_key_file; - http_set_proxy; - http_set_random_file; - http_set_socket_read_timeout; - http_set_verbose; - http_srv_close; - http_srv_connect; - http_srv_disconnect; - http_srv_init; - sunw_check_keys; - sunw_crypto_init; - sunw_evp_pkey_free; - sunw_issuer_attrs; - sunw_PKCS12_create; - sunw_PKCS12_parse; - sunw_print_times; - sunw_subject_attrs; - url_parse; - url_parse_hostport; - local: - *; -}; diff --git a/usr/src/lib/libwanboot/common/socket_inet.c b/usr/src/lib/libwanboot/common/socket_inet.c deleted file mode 100644 index f1ddd29e53..0000000000 --- a/usr/src/lib/libwanboot/common/socket_inet.c +++ /dev/null @@ -1,91 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <unistd.h> -#include <poll.h> -#include <errno.h> - -#include <socket_inet.h> - -/* - * Name: socket_read - * Description: Use recv in non-secure sockets. - * Scope: private - * Arguments: fildes - Socket file descriptor. - * buf - Buffer to read data into. - * nbyte - Number of bytes to read. - * read_timeout - Timeout value in seconds. - * Returns: n - Number of bytes read. -1 on error. - */ -int -socket_read(int fildes, void *buf, size_t nbyte, int read_timeout) -{ - struct pollfd pfd; - - pfd.fd = fildes; - pfd.events = POLLIN; - - switch (poll(&pfd, 1, read_timeout * 1000)) { - case 0: - errno = EINTR; - return (-1); - case -1: - return (-1); - default: - break; - } - - return (recv(fildes, buf, nbyte, 0)); -} - -/* - * Name: socket_write - * Description: Use sendto for non-secure connections. - * Scope: private - * Arguments: fildes - Socket file descriptor. - * buf - Buffer containing data to be written. - * nbyte - Number of bytes to write. - * addr - Connection address - * Returns: n - Number of bytes written. -1 on error. - */ -int -socket_write(int fildes, const void *buf, size_t nbyte, - struct sockaddr_in *addr) -{ - return (sendto(fildes, buf, nbyte, 0, (struct sockaddr *)addr, - sizeof (*addr))); -} - -int -socket_close(int fildes) -{ - return (close(fildes)); -} diff --git a/usr/src/lib/libwanboot/common/socket_inet.h b/usr/src/lib/libwanboot/common/socket_inet.h deleted file mode 100644 index 7e4401b3ce..0000000000 --- a/usr/src/lib/libwanboot/common/socket_inet.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _SOCKET_INET_H -#define _SOCKET_INET_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#ifdef __cplusplus -extern "C" { -#endif - -int socket_read(int, void *, size_t, int); -int socket_write(int, const void *, size_t, struct sockaddr_in *); -int socket_close(int); - -#ifdef __cplusplus -} -#endif - -#endif /* _SOCKET_INET_H */ diff --git a/usr/src/lib/libwanboot/i386/Makefile b/usr/src/lib/libwanboot/i386/Makefile deleted file mode 100644 index 8b836a15c9..0000000000 --- a/usr/src/lib/libwanboot/i386/Makefile +++ /dev/null @@ -1,34 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -#ident "%Z%%M% %I% %E% SMI" -# - -include ../Makefile.com - -install: all $(ROOTLIBS) $(ROOTLINKS) $(ROOTLINT) - - - diff --git a/usr/src/lib/libwanboot/libwanboot.xcl b/usr/src/lib/libwanboot/libwanboot.xcl deleted file mode 100644 index aa4184949c..0000000000 --- a/usr/src/lib/libwanboot/libwanboot.xcl +++ /dev/null @@ -1,115 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" -# - -msgid "proxy_connect" -msgid "tcp_connect" -msgid "HTTP/1.1" -msgid "Content-Type" -msgid "Multipart/Mixed;" -msgid "Boundary=" -msgid "--" -msgid "GET" -msgid "HEAD" -msgid "CONNECT %s:%d HTTP/1.0\r\n\r\n" -msgid " %s" -msgid "%s http://%s:%d%s HTTP/1.1\r\n" -msgid "%s %s HTTP/1.1\r\n" -msgid "Host: %s:%d\r\n" -msgid "Connection: close\r\n" -msgid "Connection: Keep-Alive\r\n" -msgid "Range: bytes=%ld-" -msgid "%ld" -msgid "\r\n" -msgid "%s:%s" -msgid "Authorization: Basic %s\r\n" -msgid "%s" -msgid "HTTP" -msgid "200" -msgid "%08lx %s" -msgid "" -msgid "Content-Length" -msgid "Transfer-Encoding" -msgid "chunked" -msgid "chunked;" -msgid "panic" -msgid "alert" -msgid "crit" -msgid "warn" -msgid "info" -msgid "debug" -msgid "verbose" -msgid "progress" -msgid "none" -msgid "libwanboot" -msgid "?" -msgid "%s %s %s: %s\n" -msgid "/var/log/bootlog" -msgid "a" -msgid "/dev/urandom" -msgid "sunw_p12_use_x509cert" -msgid "sunw_p12_use_certfile" -msgid "sunw_p12_use_pkey" -msgid "sunw_p12_use_keyfile" -msgid "sunw_p12_use_tastore" -msgid "sunw_p12_use_trustfile" -msgid "p12_read_file" -msgid "p12_doparse" -msgid "sunw_PKCS12_parse" -msgid "sunw_PKCS12_contents" -msgid "parse_one_bag" -msgid "sunw_PKCS12_create" -msgid "sunw_split_certs" -msgid "sunw_find_localkeyid" -msgid "sunw_set_localkeyid" -msgid "sunw_get_localkeyid" -msgid "sunw_set_fname" -msgid "sunw_get_pkey_fname" -msgid "sunw_append_keys" -msgid "sunw_PEM_contents" -msgid "pem_info" -msgid "asc2bmpstring" -msgid "utf82ascstr" -msgid "findattr" -msgid "type2attrib" -msgid "move_certs" -msgid "sunw_find_fname" -msgid "parse_outer" -msgid "Tue Jan 19 03:14:07 2038\n" -msgid "%s?%s" -msgid "\n" -msgid "%s %s %s: %s\r" -msgid "/?{}|^~[]`<>#%=\"\t" -msgid "read_headerlines: %s" -msgid "get_chunk_header: <%s>" -msgid "<time> %s %s: [ID %u user.%s] %s" -msgid "%s %s %s: [ID %u user.%s] %s\n" -msgid "sunw_use_x509cert" -msgid "sunw_use_pkey" -msgid "sunw_use_tastore" -msgid "checkfile" -msgid "peer_CN = %s, host = %s" diff --git a/usr/src/lib/libwanboot/req.flg b/usr/src/lib/libwanboot/req.flg deleted file mode 100644 index bd87a35f8a..0000000000 --- a/usr/src/lib/libwanboot/req.flg +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" -# -# lib/libwanboot/req.flg -# - -find_files "s.*" usr/src/common/net/wanboot diff --git a/usr/src/lib/libwanboot/sparc/Makefile b/usr/src/lib/libwanboot/sparc/Makefile deleted file mode 100644 index 3921305654..0000000000 --- a/usr/src/lib/libwanboot/sparc/Makefile +++ /dev/null @@ -1,31 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -#ident "%Z%%M% %I% %E% SMI" -# - -include ../Makefile.com - -install: all $(ROOTLIBS) $(ROOTLINKS) $(ROOTLINT) diff --git a/usr/src/lib/libwanboot/sparcv9/Makefile b/usr/src/lib/libwanboot/sparcv9/Makefile deleted file mode 100644 index df2bad0003..0000000000 --- a/usr/src/lib/libwanboot/sparcv9/Makefile +++ /dev/null @@ -1,29 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2012 OmniTI Computer Consulting, Inc. All rights reserved. -# - -include ../Makefile.com -include ../../Makefile.lib.64 - -install: all $(ROOTLIBS64) $(ROOTLINKS64) $(ROOTLINT64) diff --git a/usr/src/lib/libwanbootutil/Makefile b/usr/src/lib/libwanbootutil/Makefile deleted file mode 100644 index 2899af6623..0000000000 --- a/usr/src/lib/libwanbootutil/Makefile +++ /dev/null @@ -1,101 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2006 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# Copyright 2012 OmniTI Computer Consulting, Inc. All rights reserved. -# - -include ../Makefile.lib - -SUBDIRS = $(MACH) -$(BUILD64)SUBDIRS += $(MACH64) - -# Library header. -HDRS = wanbootutil.h -HDRDIR = common - -# Headers who get installed into $(ROOT)/usr/include/wanboot -LOCHDRS = key_util.h \ - key_xdr.h \ - wbio.h -LOCSRCS = $(LOCHDRS:%=$(HDRDIR)/%) - -# Must define targets for thise headers being installed into -# a non-default location. -WBKUHDRDIR = $(ROOT)/usr/include/wanboot -WBKUHDRS = $(LOCHDRS:%=$(WBKUHDRDIR)/%) - -# Must override CHECKHDRS so that it does not check the -# RPC generated header. -CHECKHDRS = $(HDRDIR)/key_util.check - -# Must rpcgen XDR source. -RPCFILES = common/key_xdr.c common/key_xdr.h - -POFILE = libwanbootutil.po -MSGFILES = common/key_util.c -XGETFLAGS = -a -x libwanbootutil.xcl - -all := TARGET = all -clean := TARGET = clean -clobber := TARGET = clobber -install := TARGET = install -lint := TARGET = lint - -.KEEP_STATE: -.PARALLEL: $(ROOTHDRS) - -all clean clobber install: $(RPCFILES) $(SUBDIRS) - -lint: $(SUBDIRS) - -install_h: $(ROOTHDRDIR) $(WBKUHDRDIR) .WAIT $(ROOTHDRS) $(WBKUHDRS) - -check: $(CHECKHDRS) - -$(POFILE): pofile_MSGFILES - -_msg: $(MSGDOMAINPOFILE) - -$(SUBDIRS): FRC - @cd $@; pwd; $(MAKE) $(TARGET) - -FRC: - -# No rules for this in Makefile.lib. -$(WBKUHDRDIR)/%: $(HDRDIR)/% - $(INS.file) -$(WBKUHDRDIR): - $(INS.dir) - -# No rules for this in Makefile.lib. -common/key_xdr.c: common/key_xdr.x - cd common; $(RPCGEN) -cC -o key_xdr.c key_xdr.x; cd .. - -common/key_xdr.h: common/key_xdr.x - cd common; $(RPCGEN) -h -o key_xdr.h key_xdr.x; cd .. - -CLOBBERFILES += common/key_xdr.c common/key_xdr.h - -include $(SRC)/Makefile.msg.targ -include $(SRC)/lib/Makefile.targ - diff --git a/usr/src/lib/libwanbootutil/Makefile.com b/usr/src/lib/libwanbootutil/Makefile.com deleted file mode 100644 index 4bc03836e1..0000000000 --- a/usr/src/lib/libwanbootutil/Makefile.com +++ /dev/null @@ -1,91 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2006 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# Copyright (c) 2012 by Delphix. All rights reserved. -# - -LIBRARY = libwanbootutil.a -VERS = .1 - -# List of locally located modules. -LOC_DIR = ../common -LOC_OBJS = key_xdr.o \ - key_util.o \ - wbio.o -LOC_SRCS = $(LOC_OBJS:%.o=$(LOC_DIR)/%.c) - -# The crypto modules are located under usr/src/common. -CRYPTO_DIR = $(SRC)/common/net/wanboot/crypt -CRYPTO_OBJS = hmac_sha1.o \ - aes.o \ - des3.o \ - des.o \ - cbc.o -CRYPTO_SRCS = $(CRYPTO_OBJS:%.o=$(CRYPTO_DIR)/%.c) - -# Together the local and crypto modules makeup the entire wad. -OBJECTS = $(LOC_OBJS) $(CRYPTO_OBJS) - -include $(SRC)/lib/Makefile.lib - -LIBS += $(LINTLIB) -LDLIBS += -lc -lnsl -lmd - -# Must override SRCS from Makefile.lib since sources have -# multiple source directories. -SRCS = $(LOC_SRCS) $(CRYPTO_SRCS) - -# Must define location of lint library source. -SRCDIR = $(LOC_DIR) -$(LINTLIB):= SRCS = $(SRCDIR)/$(LINTSRC) - -# Library includes sources created via rpcgen. And rpcgen unfortunately -# created unused function variables. -LINTFLAGS += -erroff=E_FUNC_VAR_UNUSED -LINTFLAGS64 += -erroff=E_FUNC_VAR_UNUSED - -CPPFLAGS += -I$(CRYPTO_DIR) - -CERRWARN += -_gcc=-Wno-unused-variable -CERRWARN += -_gcc=-Wno-type-limits -CERRWARN += -_gcc=-Wno-uninitialized - -install: all - -all: $(LIBS) - -lint: lintcheck - - -# Define rule for local modules. -objs/%.o pics/%.o: $(LOC_DIR)/%.c - $(COMPILE.c) -o $@ $< - $(POST_PROCESS_O) - -# Define rule for crypto modules. -objs/%.o pics/%.o: $(CRYPTO_DIR)/%.c - $(COMPILE.c) -o $@ $< - $(POST_PROCESS_O) - -include $(SRC)/lib/Makefile.targ diff --git a/usr/src/lib/libwanbootutil/amd64/Makefile b/usr/src/lib/libwanbootutil/amd64/Makefile deleted file mode 100644 index df2bad0003..0000000000 --- a/usr/src/lib/libwanbootutil/amd64/Makefile +++ /dev/null @@ -1,29 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2012 OmniTI Computer Consulting, Inc. All rights reserved. -# - -include ../Makefile.com -include ../../Makefile.lib.64 - -install: all $(ROOTLIBS64) $(ROOTLINKS64) $(ROOTLINT64) diff --git a/usr/src/lib/libwanbootutil/common/key_util.c b/usr/src/lib/libwanbootutil/common/key_util.c deleted file mode 100644 index e4c45e9966..0000000000 --- a/usr/src/lib/libwanbootutil/common/key_util.c +++ /dev/null @@ -1,424 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <strings.h> -#include <stdarg.h> -#include <errno.h> -#include <libintl.h> -#include <sys/wanboot_impl.h> - -#include "key_xdr.h" -#include "key_util.h" - -/* - * Size of 'empty' pkcs12 key file (with no key in it) plus 1 - * This is the minimum length for our RSA keys, because we - * only use RSA keys that are stored in PKCS12 format. - */ -#define PKCS12_MIN_LEN 76 - -/* - * Program name to be used by wbku_printerr() - */ -static const char *wbku_pname = NULL; - -/* - * Note: must be kept in sync with codes in <key_util.h> - */ -static char *wbku_retmsgs[WBKU_NRET] = { -/* 0 WBKU_SUCCESS */ "Success", -/* 1 WBKU_INTERNAL_ERR */ "Internal error", -/* 2 WBKU_WRITE_ERR */ "Keystore write error", -/* 3 WBKU_NOKEY */ "Key does not exist in keystore", -/* 4 WBKU_BAD_KEYTYPE */ "Invalid keytype specified" -}; - -/* - * Initialize library for calls to wbku_printerr(). - */ -void -wbku_errinit(const char *arg0) -{ - wbku_pname = strrchr(arg0, '/'); - - if (wbku_pname == NULL) - wbku_pname = arg0; - else - wbku_pname++; -} - -/* - * Print an error message to standard error and optionally - * append a system error. - */ -/*PRINTFLIKE1*/ -void -wbku_printerr(const char *format, ...) -{ - int err = errno; - va_list ap; - - if (wbku_pname != NULL) - (void) fprintf(stderr, "%s: ", wbku_pname); - - /* - * Note that gettext() is used in order to obtain the - * message from the consumer's domain. - */ - va_start(ap, format); - (void) vfprintf(stderr, gettext(format), ap); - va_end(ap); - - if (strchr(format, '\n') == NULL) - (void) fprintf(stderr, ": %s\n", strerror(err)); -} - -/* - * Return the appropriate message for a given WBKU return code. - */ -const char * -wbku_retmsg(wbku_retcode_t retcode) -{ - if ((retcode < WBKU_SUCCESS) || (retcode >= WBKU_NRET)) - return (dgettext(TEXT_DOMAIN, "<unknown code>")); - - return (dgettext(TEXT_DOMAIN, wbku_retmsgs[retcode])); -} - -/* - * This routine is a simple helper routine that initializes a - * wbku_key_attr_t object. - */ -static void -wbku_keyattr_init(wbku_key_attr_t *attr, wbku_key_type_t type, uint_t atype, - uint_t len, uint_t minlen, uint_t maxlen, - char *str, char *oid, boolean_t (*keycheck)(const uint8_t *)) -{ - attr->ka_type = type; - attr->ka_atype = atype; - attr->ka_len = len; - attr->ka_minlen = minlen; - attr->ka_maxlen = maxlen; - attr->ka_str = str; - attr->ka_oid = oid; - attr->ka_keycheck = keycheck; -} - - -/* - * This routine is used to build a key attribute structure of the type - * defined by 'str' and 'flag'. This structure, 'attr', is the common - * structure used by the utilities that defines the attributes of a - * specific key type. - * - * Returns: - * WBKU_SUCCESS or WBKU_BAD_KEYTYPE. - */ -wbku_retcode_t -wbku_str_to_keyattr(const char *str, wbku_key_attr_t *attr, uint_t flag) -{ - if (str == NULL) - return (WBKU_BAD_KEYTYPE); - - if (flag & WBKU_ENCR_KEY) { - if (strcmp(str, WBKU_KW_3DES) == 0) { - wbku_keyattr_init(attr, WBKU_KEY_3DES, - WBKU_ENCR_KEY, DES3_KEY_SIZE, DES3_KEY_SIZE, - DES3_KEY_SIZE, "3DES", WBKU_DES3_OID, - des3_keycheck); - return (WBKU_SUCCESS); - } - if (strcmp(str, WBKU_KW_AES_128) == 0) { - wbku_keyattr_init(attr, WBKU_KEY_AES_128, - WBKU_ENCR_KEY, AES_128_KEY_SIZE, AES_128_KEY_SIZE, - AES_128_KEY_SIZE, "AES", WBKU_AES_128_OID, NULL); - return (WBKU_SUCCESS); - } - if (strcmp(str, WBKU_KW_RSA) == 0) { - wbku_keyattr_init(attr, WBKU_KEY_RSA, - WBKU_ENCR_KEY, 0, PKCS12_MIN_LEN, - WBKU_MAX_KEYLEN, "RSA", WBKU_RSA_OID, NULL); - return (WBKU_SUCCESS); - } - } - if (flag & WBKU_HASH_KEY) { - if (strcmp(str, WBKU_KW_HMAC_SHA1) == 0) { - wbku_keyattr_init(attr, WBKU_KEY_HMAC_SHA1, - WBKU_HASH_KEY, WANBOOT_HMAC_KEY_SIZE, - WANBOOT_HMAC_KEY_SIZE, WANBOOT_HMAC_KEY_SIZE, - "HMAC/SHA1", WBKU_HMAC_SHA1_OID, NULL); - return (WBKU_SUCCESS); - } - } - return (WBKU_BAD_KEYTYPE); -} - -/* - * This routine is used to search a key file (whose handle, fp, has been - * initialized by the caller) for the key of type 'ka'. The search is further - * constrained by the 'master' argument which is used to signify that the - * key being searched for is the master key. - * - * This routine may be used for a number of purposes: - * - Check for the existence of key of type foo. - * - Get the value for the key of type foo. - * - Return the file position of the key of type foo. - * - * To faciliate the uses above, both 'ppos' and 'ekey' will only be - * returned if they are not NULL pointers. - * - * Returns: - * WBKU_SUCCESS, WBKU_INTERNAL_ERR or WBKU_NOKEY. - */ -wbku_retcode_t -wbku_find_key(FILE *fp, fpos_t *ppos, wbku_key_attr_t *ka, uint8_t *ekey, - boolean_t master) -{ - fpos_t pos; - XDR xdrs; - wbku_key keyobj; - int keyno; - int ret; - - /* - * Always, start at the beginning. - */ - rewind(fp); - - /* - * Initialize the XDR stream. - */ - xdrs.x_ops = NULL; - xdrstdio_create(&xdrs, fp, XDR_DECODE); - if (xdrs.x_ops == NULL) { - return (WBKU_INTERNAL_ERR); - } - - /* - * The XDR routines may examine the content of the keyobj - * structure to determine whether or not to provide memory - * resources. Since XDR does not provide an init routine - * for XDR generated objects, it seems that the safest thing - * to do is to bzero() the object as a means of initialization. - */ - bzero(&keyobj, sizeof (keyobj)); - - /* - * Read a key and check to see if matches the criteria. - */ - for (keyno = 0; !feof(fp); keyno++) { - - /* - * Returning the file position is conditional. - */ - if (ppos != NULL) { - if (fgetpos(fp, &pos) != 0) { - ret = WBKU_INTERNAL_ERR; - break; - } - } - - /* - * Read the key. Unfortuantely, XDR does not provide - * the ability to tell an EOF from some other IO error. - * Therefore, a faliure to read is assumed to be EOF. - */ - if (!xdr_wbku_key(&xdrs, &keyobj)) { - ret = WBKU_NOKEY; - break; - } - - /* - * Check this key against the criteria. - */ - if ((strcmp(keyobj.wk_oid, ka->ka_oid) == 0) && - (keyobj.wk_master == master)) { - - ka->ka_len = keyobj.wk_key_len; - - /* - * Conditionally return the key value and file - * position. - */ - if (ekey != NULL) { - (void) memcpy(ekey, keyobj.wk_key_val, - ka->ka_len); - } - if (ppos != NULL) { - *ppos = pos; - } - - xdr_free(xdr_wbku_key, (char *)&keyobj); - ret = WBKU_SUCCESS; - break; - } - xdr_free(xdr_wbku_key, (char *)&keyobj); - } - - xdr_destroy(&xdrs); - return (ret); -} - -/* - * This routine writes a key object to the key file at the location - * specified by the caller. - * - * Returns: - * WBKU_SUCCESS, WBKU_INTERNAL_ERR or WBKU_WRITE_ERR. - */ -wbku_retcode_t -wbku_write_key(FILE *fp, const fpos_t *ppos, const wbku_key_attr_t *ka, - uint8_t *rand_key, boolean_t master) -{ - XDR xdrs; - wbku_key keyobj; - - /* - * Set the file position as specified by the caller. - */ - if (fsetpos(fp, ppos) != 0) { - return (WBKU_INTERNAL_ERR); - } - - /* - * Initialize the XDR stream. - */ - xdrs.x_ops = NULL; - xdrstdio_create(&xdrs, fp, XDR_ENCODE); - if (xdrs.x_ops == NULL) { - return (WBKU_INTERNAL_ERR); - } - - /* - * Build the key object. - */ - keyobj.wk_master = master; - keyobj.wk_oid = ka->ka_oid; - keyobj.wk_key_len = ka->ka_len; - keyobj.wk_key_val = (char *)rand_key; - - /* - * Write it. - */ - if (!xdr_wbku_key(&xdrs, &keyobj)) { - xdr_free(xdr_wbku_key, (char *)&keyobj); - xdr_destroy(&xdrs); - return (WBKU_WRITE_ERR); - } - - /* - * Free the stream and return success. - */ - xdr_destroy(&xdrs); - return (WBKU_SUCCESS); -} - -/* - * This routine reads the contents of one keystore file and copies it to - * another, omitting the key of the type defined by 'ka'. - * - * Returns: - * WBKU_SUCCESS, WBKU_INTERNAL_ERR or WBKU_WRITE_ERR. - */ -wbku_retcode_t -wbku_delete_key(FILE *from_fp, FILE *to_fp, const wbku_key_attr_t *ka) -{ - XDR from_xdrs; - XDR to_xdrs; - wbku_key keyobj; - int keyno; - int ret; - - /* - * Always, start at the beginning. - */ - rewind(from_fp); - rewind(to_fp); - - /* - * Initialize the XDR streams. - */ - from_xdrs.x_ops = NULL; - xdrstdio_create(&from_xdrs, from_fp, XDR_DECODE); - if (from_xdrs.x_ops == NULL) { - return (WBKU_INTERNAL_ERR); - } - - to_xdrs.x_ops = NULL; - xdrstdio_create(&to_xdrs, to_fp, XDR_ENCODE); - if (to_xdrs.x_ops == NULL) { - xdr_destroy(&from_xdrs); - return (WBKU_INTERNAL_ERR); - } - - /* - * The XDR routines may examine the content of the keyobj - * structure to determine whether or not to provide memory - * resources. Since XDR does not provide an init routine - * for XDR generated objects, it seems that the safest thing - * to do is to bzero() the object as a means of initialization. - */ - bzero(&keyobj, sizeof (keyobj)); - - /* - * Read a key and check to see if matches the criteria. - */ - ret = WBKU_SUCCESS; - for (keyno = 0; !feof(from_fp); keyno++) { - - /* - * Read the key. Unfortuantely, XDR does not provide - * the ability to tell an EOF from some other IO error. - * Therefore, a faliure to read is assumed to be EOF. - */ - if (!xdr_wbku_key(&from_xdrs, &keyobj)) { - break; - } - - /* - * If this isn't the key to skip, then write it. - */ - if (strcmp(keyobj.wk_oid, ka->ka_oid) != 0) { - /* - * Write this to the copy. - */ - if (!xdr_wbku_key(&to_xdrs, &keyobj)) { - xdr_free(xdr_wbku_key, (char *)&keyobj); - ret = WBKU_WRITE_ERR; - break; - } - - } - - xdr_free(xdr_wbku_key, (char *)&keyobj); - } - - xdr_destroy(&from_xdrs); - xdr_destroy(&to_xdrs); - - return (ret); -} diff --git a/usr/src/lib/libwanbootutil/common/key_util.h b/usr/src/lib/libwanbootutil/common/key_util.h deleted file mode 100644 index fd1d2199fc..0000000000 --- a/usr/src/lib/libwanbootutil/common/key_util.h +++ /dev/null @@ -1,103 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _KEY_UTIL_H -#define _KEY_UTIL_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <stdio.h> -#include <sys/types.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/* Key algorithms */ -typedef enum { - WBKU_KEY_3DES, - WBKU_KEY_AES_128, - WBKU_KEY_HMAC_SHA1, - WBKU_KEY_RSA, - WBKU_KEY_UNKNOWN -} wbku_key_type_t; - -/* Algorithm keywords */ -#define WBKU_KW_3DES "3des" -#define WBKU_KW_AES_128 "aes" -#define WBKU_KW_HMAC_SHA1 "sha1" -#define WBKU_KW_RSA "rsa" - -/* Algorithm types */ -#define WBKU_ENCR_KEY (uint_t)0x1 -#define WBKU_HASH_KEY (uint_t)0x2 -#define WBKU_ANY_KEY (WBKU_ENCR_KEY | WBKU_HASH_KEY) - -/* Return codes */ -typedef enum { - WBKU_SUCCESS, - WBKU_INTERNAL_ERR, - WBKU_WRITE_ERR, - WBKU_NOKEY, - WBKU_BAD_KEYTYPE -} wbku_retcode_t; - -#define WBKU_NRET (WBKU_BAD_KEYTYPE + 1) - -/* The master key file location. */ -#define MASTER_KEY_FILE "/etc/netboot/keystore" - -/* The root directory for all client keys */ -#define CLIENT_KEY_DIR "/etc/netboot" - -/* The structure that defines the attributes of a particular key type */ -typedef struct key_attr { - wbku_key_type_t ka_type; /* key type */ - uint_t ka_atype; /* key algorithm type */ - uint_t ka_len; /* length of the current key */ - uint_t ka_minlen; /* shortest allowable key value */ - uint_t ka_maxlen; /* maximum allowable key length */ - char *ka_str; /* key string identifier */ - char *ka_oid; /* key algorithm oid */ - boolean_t (*ka_keycheck)(const uint8_t *); /* keycheck function */ -} wbku_key_attr_t; - -extern void wbku_errinit(const char *); -extern void wbku_printerr(const char *, ...); -extern const char *wbku_retmsg(wbku_retcode_t); -extern wbku_retcode_t wbku_str_to_keyattr(const char *, wbku_key_attr_t *, - uint_t); -extern wbku_retcode_t wbku_find_key(FILE *, fpos_t *, wbku_key_attr_t *, - uint8_t *, boolean_t); -extern wbku_retcode_t wbku_write_key(FILE *, const fpos_t *, - const wbku_key_attr_t *, uint8_t *, boolean_t); -extern wbku_retcode_t wbku_delete_key(FILE *, FILE *, const wbku_key_attr_t *); - -#ifdef __cplusplus -} -#endif - -#endif /* _KEY_UTIL_H */ diff --git a/usr/src/lib/libwanbootutil/common/key_xdr.x b/usr/src/lib/libwanbootutil/common/key_xdr.x deleted file mode 100644 index f0b2be9b99..0000000000 --- a/usr/src/lib/libwanbootutil/common/key_xdr.x +++ /dev/null @@ -1,57 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -/* #ident "%Z%%M% %I% %E% SMI" */ - -/* - * The formal definition of OIDs comes from ITU-T recommendation X.208 - */ -const WBKU_AES_128_OID = "2.16.840.1.101.3.4.1.2"; -const WBKU_DES3_OID = "1.3.6.1.4.1.4929.1.8"; -const WBKU_HMAC_SHA1_OID = "1.3.6.1.5.5.8.1.2"; -const WBKU_RSA_OID = "1.2.840.113549.1.1.1"; - -const WBKU_MAX_KEYLEN = 1024; - -struct wbku_key { - bool wk_master; - string wk_oid<>; - opaque KEYDATA<WBKU_MAX_KEYLEN>; -}; - -#ifdef RPC_HDR -%#define wk_key_len KEYDATA.KEYDATA_len -%#define wk_key_val KEYDATA.KEYDATA_val -#endif /* RPC_HDR */ - -/* - * Allow one entry for each key that can be in a keystore at - * the same time. There can be one AES key, one 3DES key, - * two HMAC SHA-1 values (one master and one for the client) and one RSA - * private key. The master key is a HMAC SHA-1 master key used to - * derive a per-client HMAC SHA-1 key as described in RFC 3118, Appendix A. - */ -typedef struct wbku_key wbku_keystore<5>; diff --git a/usr/src/lib/libwanbootutil/common/llib-lwanbootutil b/usr/src/lib/libwanbootutil/common/llib-lwanbootutil deleted file mode 100644 index 537e95af3b..0000000000 --- a/usr/src/lib/libwanbootutil/common/llib-lwanbootutil +++ /dev/null @@ -1,32 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -/* LINTLIBRARY */ -/* PROTOLIB1 */ - -#include <wanbootutil.h> diff --git a/usr/src/lib/libwanbootutil/common/mapfile-vers b/usr/src/lib/libwanbootutil/common/mapfile-vers deleted file mode 100644 index 260a6904b0..0000000000 --- a/usr/src/lib/libwanbootutil/common/mapfile-vers +++ /dev/null @@ -1,73 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. -# - -# -# MAPFILE HEADER START -# -# WARNING: STOP NOW. DO NOT MODIFY THIS FILE. -# Object versioning must comply with the rules detailed in -# -# usr/src/lib/README.mapfiles -# -# You should not be making modifications here until you've read the most current -# copy of that file. If you need help, contact a gatekeeper for guidance. -# -# MAPFILE HEADER END -# - -$mapfile_version 2 - -SYMBOL_VERSION SUNWprivate_1.1 { - global: - aes_decrypt; - aes_encrypt; - aes_fini; - aes_init; - aes_key; - aes_keycheck; - cbc_decrypt; - cbc_encrypt; - cbc_makehandle; - des3_decrypt; - des3_encrypt; - des3_fini; - des3_init; - des3_key; - des3_keycheck; - HMACFinal; - HMACInit; - HMACUpdate; - wbio_nread; - wbio_nread_rand; - wbio_nwrite; - wbku_delete_key; - wbku_errinit; - wbku_find_key; - wbku_printerr; - wbku_retmsg; - wbku_str_to_keyattr; - wbku_write_key; - local: - *; -}; diff --git a/usr/src/lib/libwanbootutil/common/wanbootutil.h b/usr/src/lib/libwanbootutil/common/wanbootutil.h deleted file mode 100644 index 96f11edf9d..0000000000 --- a/usr/src/lib/libwanbootutil/common/wanbootutil.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _WANBOOTUTIL_H -#define _WANBOOTUTIL_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <aes.h> -#include <cbc.h> -#include <des3.h> -#include <hmac_sha1.h> -#include <wanboot/wbio.h> -#include <wanboot/key_util.h> -#include <wanboot/key_xdr.h> - -#endif /* _WANBOOTUTIL_H */ diff --git a/usr/src/lib/libwanbootutil/common/wbio.c b/usr/src/lib/libwanbootutil/common/wbio.c deleted file mode 100644 index a03b0a00bb..0000000000 --- a/usr/src/lib/libwanbootutil/common/wbio.c +++ /dev/null @@ -1,94 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <unistd.h> -#include <sys/stat.h> -#include <fcntl.h> - -#include "wbio.h" - -/* - * Write `buflen' bytes from `buffer' to the file represented by `fd'. - * Returns -1 if all `buflen' bytes cannot be written, otherwise returns 0. - */ -int -wbio_nwrite(int fd, const void *buffer, size_t buflen) -{ - size_t nwritten; - ssize_t nbytes; - const char *buf = buffer; - - for (nwritten = 0; nwritten < buflen; nwritten += nbytes) { - nbytes = write(fd, &buf[nwritten], buflen - nwritten); - if (nbytes <= 0) - return (-1); - } - - return (0); -} - -/* - * Read `buflen' bytes into `buffer' from the file represented by `fd'. - * Returns -1 if all `buflen' bytes cannot be read, otherwise returns 0. - */ -int -wbio_nread(int fd, void *buffer, size_t buflen) -{ - size_t nread; - ssize_t nbytes; - char *buf = buffer; - - for (nread = 0; nread < buflen; nread += nbytes) { - nbytes = read(fd, &buf[nread], buflen - nread); - if (nbytes <= 0) - return (-1); - } - - return (0); -} - -/* - * Read a random number of `buflen' bytes into `buffer' from /dev/urandom. - * Returns -1 if all `buflen' bytes cannot be read, otherwise returns 0. - */ -int -wbio_nread_rand(void *buffer, size_t buflen) -{ - int fd; - - if ((fd = open("/dev/urandom", O_RDONLY)) == -1) { - return (-1); - } - - if (wbio_nread(fd, buffer, buflen) != 0) { - (void) close(fd); - return (-1); - } - - (void) close(fd); - return (0); -} diff --git a/usr/src/lib/libwanbootutil/common/wbio.h b/usr/src/lib/libwanbootutil/common/wbio.h deleted file mode 100644 index 3747946492..0000000000 --- a/usr/src/lib/libwanbootutil/common/wbio.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _WBIO_H -#define _WBIO_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/types.h> - -#ifdef __cplusplus -extern "C" { -#endif - -extern int wbio_nwrite(int, const void *, size_t); -extern int wbio_nread(int, void *, size_t); -extern int wbio_nread_rand(void *, size_t); - -#ifdef __cplusplus -} -#endif - -#endif /* _WBIO_H */ diff --git a/usr/src/lib/libwanbootutil/i386/Makefile b/usr/src/lib/libwanbootutil/i386/Makefile deleted file mode 100644 index 5da8a52eba..0000000000 --- a/usr/src/lib/libwanbootutil/i386/Makefile +++ /dev/null @@ -1,31 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" -# - -include ../Makefile.com - -install: all $(ROOTLIBS) $(ROOTLINKS) $(ROOTLINT) diff --git a/usr/src/lib/libwanbootutil/libwanbootutil.xcl b/usr/src/lib/libwanbootutil/libwanbootutil.xcl deleted file mode 100644 index 7ef4c71843..0000000000 --- a/usr/src/lib/libwanbootutil/libwanbootutil.xcl +++ /dev/null @@ -1,35 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" -# - -msgid "3DES" -msgid "AES" -msgid "HMAC/SHA1" -msgid "rsa" -msgid "%s: " -msgid ": %s\n" -msgid "RSA" diff --git a/usr/src/lib/libwanbootutil/req.flg b/usr/src/lib/libwanbootutil/req.flg deleted file mode 100644 index 54c90e1cda..0000000000 --- a/usr/src/lib/libwanbootutil/req.flg +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" - -find_files "s.*" usr/src/common/net/wanboot/crypt diff --git a/usr/src/lib/libwanbootutil/sparc/Makefile b/usr/src/lib/libwanbootutil/sparc/Makefile deleted file mode 100644 index 5da8a52eba..0000000000 --- a/usr/src/lib/libwanbootutil/sparc/Makefile +++ /dev/null @@ -1,31 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" -# - -include ../Makefile.com - -install: all $(ROOTLIBS) $(ROOTLINKS) $(ROOTLINT) diff --git a/usr/src/lib/libwanbootutil/sparcv9/Makefile b/usr/src/lib/libwanbootutil/sparcv9/Makefile deleted file mode 100644 index df2bad0003..0000000000 --- a/usr/src/lib/libwanbootutil/sparcv9/Makefile +++ /dev/null @@ -1,29 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2012 OmniTI Computer Consulting, Inc. All rights reserved. -# - -include ../Makefile.com -include ../../Makefile.lib.64 - -install: all $(ROOTLIBS64) $(ROOTLINKS64) $(ROOTLINT64) diff --git a/usr/src/man/man1/digest.1 b/usr/src/man/man1/digest.1 index b615f0f2fc..ec18edb247 100644 --- a/usr/src/man/man1/digest.1 +++ b/usr/src/man/man1/digest.1 @@ -1,9 +1,10 @@ '\" te .\" Copyright 2006, Sun Microsystems, Inc. All Rights Reserved +.\" Copyright 2018 OmniOS Community Edition (OmniOSce) Association. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH DIGEST 1 "May 21, 2009" +.TH DIGEST 1 "Feb 07, 2018" .SH NAME digest \- calculate a message digest .SH SYNOPSIS @@ -115,7 +116,6 @@ sha1 (/usr/lib/inet/ppp) = c96ee458549871a6ffdf2674a888b01d0c9e9740 sha1 (/usr/lib/inet/pppoec) = 5f022498d79dacacd947cddadc64f171822e3dee sha1 (/usr/lib/inet/pppoed) = 252bd2f0863dbc1b05fffae72821a2a95609b8ad sha1 (/usr/lib/inet/slpd) = dfa24cc0f0b05f790546d4f0948a9094f7089027 -sha1 (/usr/lib/inet/wanboot) = a8b8c51c389c774d0be2ae43cb85d1b1439484ae sha1 (/usr/lib/inet/ntpd) = 5b4aff102372cea801e7d08acde9655fec81f07c .fi .in -2 diff --git a/usr/src/man/man1m/Makefile b/usr/src/man/man1m/Makefile index 55c4db738f..409095162d 100644 --- a/usr/src/man/man1m/Makefile +++ b/usr/src/man/man1m/Makefile @@ -55,7 +55,6 @@ _MANFILES= 6to4relay.1m \ beadm.1m \ boot.1m \ bootadm.1m \ - bootconfchk.1m \ busstat.1m \ captoinfo.1m \ catman.1m \ @@ -174,7 +173,6 @@ _MANFILES= 6to4relay.1m \ halt.1m \ hextoalabel.1m \ hostconfig.1m \ - ickey.1m \ id.1m \ idmap.1m \ idmapd.1m \ @@ -527,10 +525,6 @@ _MANFILES= 6to4relay.1m \ vscanadm.1m \ vscand.1m \ wall.1m \ - wanboot_keygen.1m \ - wanboot_keymgmt.1m \ - wanboot_p12split.1m \ - wanbootutil.1m \ whodo.1m \ wificonfig.1m \ wpad.1m \ diff --git a/usr/src/man/man1m/boot.1m b/usr/src/man/man1m/boot.1m index 2d031006d0..857f2be805 100644 --- a/usr/src/man/man1m/boot.1m +++ b/usr/src/man/man1m/boot.1m @@ -1,11 +1,12 @@ '\" te +.\" Copyright 2018 OmniOS Community Edition (OmniOSce) Association. .\" Copyright 2015 Nexenta Systems Inc. .\" Copyright (c) 2008 Sun Microsystems, Inc. All Rights Reserved .\" Copyright 1989 AT&T .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the .\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH BOOT 1M "Aug 18, 2016" +.TH BOOT 1M "Feb 07, 2018" .SH NAME boot \- start the system kernel or a standalone program .SH SYNOPSIS @@ -65,7 +66,7 @@ system has been halted. .sp .LP The second level program is either a fileystem-specific boot block (when -booting from a disk), or \fBinetboot\fR or \fBwanboot\fR (when booting across +booting from a disk), or \fBinetboot\fR (when booting across the network). .sp .LP @@ -138,289 +139,7 @@ name appears to be an HTTP URL. If it does not, the PROM downloads loads the boot archive, which takes over the machine and releases \fBinetboot\fR. Startup scripts then initiate the DHCP agent (see \fBdhcpagent\fR(1M)), which implements further DHCP activities. -.sp -.LP -If the file to be loaded is an HTTP URL, the PROM will use HTTP to load the -referenced file. If the client has been configured with an HMAC SHA-1 key, it -will check the integrity of the loaded file before proceeding to execute it. -The file is expected to be the \fBwanboot\fR binary. The WAN boot process can -be configured to use either DHCP or NVRAM properties to discover the install -server and router and the proxies needed to connect to it. When \fBwanboot\fR -begins executing, it determines whether sufficient information is available to -it to allow it to proceed. If any necessary information is missing, it will -either exit with an appropriate error or bring up a command interpreter and -prompt for further configuration information. Once \fBwanboot\fR has obtained -the necessary information, it loads the boot loader into memory by means of -HTTP. If an encryption key has been installed on the client, \fBwanboot\fR will -verify the boot loader's signature and its accompanying hash. Presence of an -encryption key but no hashing key is an error. -.sp -.LP -The \fBwanboot\fR boot loader can communicate with the client using either HTTP -or secure HTTP. If the former, and if the client has been configured with an -HMAC SHA-1 key, the boot loader will perform an integrity check of the root -file system. Once the root file system has been loaded into memory (and -possibly had an integrity check performed), the boot archive is transferred -from the server. If provided with a \fBboot_logger\fR URL by means of the -\fBwanboot.conf\fR(4) file, \fBwanboot\fR will periodically log its progress. -.sp -.LP -Not all PROMs are capable of consuming URLs. You can determine whether a client -is so capable using the \fBlist-security-keys\fR OBP command (see -\fBmonitor\fR(1M)). -.sp -.LP -WAN booting is not currently available on the x86 platform. -.sp -.LP -The \fBwanboot\fR Command Line -.sp -.LP -When the client program is \fBwanboot\fR, it accepts \fBclient-program-args\fR -of the form: -.sp -.in +2 -.nf -boot ... -o \fIopt1\fR[,\fIopt2\fR[,...]] -.fi -.in -2 -.sp - -.sp -.LP -where each option may be an action: -.sp -.ne 2 -.na -\fB\fBdhcp\fR\fR -.ad -.sp .6 -.RS 4n -Require \fBwanboot\fR to obtain configuration parameters by means of DHCP. -.RE - -.sp -.ne 2 -.na -\fB\fBprompt\fR\fR -.ad -.sp .6 -.RS 4n -Cause \fBwanboot\fR to enter its command interpreter. -.RE - -.sp -.ne 2 -.na -\fB\fI<cmd>\fR\fR -.ad -.sp .6 -.RS 4n -One of the interpreter commands listed below. -.RE - -.sp -.LP -\&...or an assignment, using the interpreter's parameter names listed below. -.sp -.LP -The \fBwanboot\fR Command Interpreter -.sp -.LP -The \fBwanboot\fR command interpreter is invoked by supplying a -\fBclient-program-args\fR of "\fB-o prompt\fR" when booting. Input consists of -single commands or assignments, or a comma-separated list of commands or -assignments. The configuration parameters are: -.sp -.ne 2 -.na -\fB\fBhost-ip\fR\fR -.ad -.sp .6 -.RS 4n -IP address of the client (in dotted-decimal notation) -.RE - -.sp -.ne 2 -.na -\fB\fBrouter-ip\fR\fR -.ad -.sp .6 -.RS 4n -IP address of the default router (in dotted-decimal notation) -.RE - -.sp -.ne 2 -.na -\fB\fBsubnet-mask\fR\fR -.ad -.sp .6 -.RS 4n -subnet mask (in dotted-decimal notation) -.RE - -.sp -.ne 2 -.na -\fB\fBclient-id\fR\fR -.ad -.sp .6 -.RS 4n -DHCP client identifier (a quoted ASCII string or hex ASCII) -.RE - -.sp -.ne 2 -.na -\fB\fBhostname\fR\fR -.ad -.sp .6 -.RS 4n -hostname to request in DHCP transactions (ASCII) -.RE - -.sp -.ne 2 -.na -\fB\fBhttp-proxy\fR\fR -.ad -.sp .6 -.RS 4n -HTTP proxy server specification (IPADDR[:PORT]) -.RE - -.sp -.LP -The key names are: -.sp -.ne 2 -.na -\fB\fB3des\fR\fR -.ad -.sp .6 -.RS 4n -the triple DES encryption key (48 hex ASCII characters) -.RE - -.sp -.ne 2 -.na -\fB\fBaes\fR\fR -.ad -.sp .6 -.RS 4n -the AES encryption key (32 hex ASCII characters) -.RE - -.sp -.ne 2 -.na -\fB\fBsha1\fR\fR -.ad -.sp .6 -.RS 4n -the HMAC SHA-1 signature key (40 hex ASCII characters) -.RE - -.sp -.LP -Finally, the URL or the WAN boot CGI is referred to by means of: -.sp -.ne 2 -.na -\fB\fBbootserver\fR\fR -.ad -.sp .6 -.RS 4n -URL of WAN boot's CGI (the equivalent of OBP's \fBfile\fR parameter) -.RE - -.sp -.LP -The interpreter accepts the following commands: -.sp -.ne 2 -.na -\fB\fBhelp\fR\fR -.ad -.sp .6 -.RS 4n -Print a brief description of the available commands -.RE -.sp -.ne 2 -.na -\fB\fB\fIvar\fR=\fIval\fR\fR\fR -.ad -.sp .6 -.RS 4n -Assign \fIval\fR to \fIvar\fR, where \fIvar\fR is one of the configuration -parameter names, the key names, or \fBbootserver\fR. -.RE - -.sp -.ne 2 -.na -\fB\fB\fIvar\fR=\fR\fR -.ad -.sp .6 -.RS 4n -Unset parameter \fIvar\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBlist\fR\fR -.ad -.sp .6 -.RS 4n -List all parameters and their values (key values retrieved by means of OBP are -never shown). -.RE - -.sp -.ne 2 -.na -\fB\fBprompt\fR\fR -.ad -.sp .6 -.RS 4n -Prompt for values for unset parameters. The name of each parameter and its -current value (if any) is printed, and the user can accept this value (press -Return) or enter a new value. -.RE - -.sp -.ne 2 -.na -\fB\fBgo\fR\fR -.ad -.sp .6 -.RS 4n -Once the user is satisfied that all values have been entered, leave the -interpreter and continue booting. -.RE - -.sp -.ne 2 -.na -\fB\fBexit\fR\fR -.ad -.sp .6 -.RS 4n -Quit the boot interpreter and return to OBP's \fBok\fR prompt. -.RE - -.sp -.LP -Any of these assignments or commands can be passed on the command line as part -of the \fB-o\fR options, subject to the OBP limit of 128 bytes for boot -arguments. For example, \fB-o\fR \fBlist,go\fR would simply list current -(default) values of the parameters and then continue booting. .SS "iSCSI Boot" .LP iSCSI boot is currently supported only on x86. The host being booted must be @@ -601,13 +320,6 @@ depending on the form of the \fBboot\fR command used, reliance upon \fIboot-file\fR should be discouraged for most production systems. .sp .LP -When executing a WAN boot from a local (CD or DVD) copy of wanboot, one must -use: -.sp -.LP -ok \fBboot cdrom -F wanboot - install\fR -.sp -.LP Modern PROMs have enhanced the network boot support package to support the following syntax for arguments to be processed by the package: .sp @@ -643,7 +355,7 @@ IP address of the TFTP server .ad .sp .6 .RS 4n -file to download using TFTP or URL for WAN boot +file to download using TFTP .RE .sp @@ -788,9 +500,7 @@ The TFTP RRQ is unicast to the server if one is specified as an argument or in the DHCP response. Otherwise, the TFTP RRQ is broadcast. .sp .LP -\fIfile\fR specifies the file to be loaded by TFTP from the TFTP server, or the -URL if using HTTP. The use of HTTP is triggered if the file name is a URL, that -is, the file name starts with \fBhttp:\fR (case-insensitive). +\fIfile\fR specifies the file to be loaded by TFTP from the TFTP server. .sp .LP When using RARP and TFTP, the default file name is the ASCII hexadecimal @@ -810,17 +520,6 @@ When specified on the command line, the filename must not contain slashes (\fB/\fR). .sp .LP -The format of URLs is described in RFC 2396. The HTTP server must be specified -as an IP address (in standard IPv4 dotted-decimal notation). The optional port -number is specified in decimal. If a port is not specified, port 80 (decimal) -is implied. -.sp -.LP -The URL presented must be "safe-encoded", that is, the package does not apply -escape encodings to the URL presented. URLs containing commas must be presented -as a quoted string. Quoting URLs is optional otherwise. -.sp -.LP \fBhost-ip\fR specifies the IP address (in standard IPv4 dotted-decimal notation) of the client, the system being booted. If using RARP as the address discovery protocol, specifying this argument makes use of RARP unnecessary. @@ -1002,7 +701,7 @@ exported by the \fBboot\fR program. .RS 4n Boot using the named object. The object must be either an ELF executable or bootable object containing a boot block. The primary use is to boot the -failsafe or \fBwanboot\fR boot archive. +failsafe boot archive. .RE .sp @@ -1243,7 +942,7 @@ To boot the default kernel in single-user interactive mode, respond to the .sp .LP -\fBExample 2 \fRNetwork Booting with WAN Boot-Capable PROMs +\fBExample 2 \fRNetwork Booting .sp .LP To illustrate some of the subtle repercussions of various boot command line @@ -1303,26 +1002,9 @@ boot support package processes arguments in \fBnetwork-boot-arguments\fR. .in -2 .sp -.LP -\fBExample 3 \fRUsing \fBwanboot\fR with Older PROMs -.sp -.LP -The command below results in the \fBwanboot\fR binary being loaded from DVD or -CD, at which time \fBwanboot\fR will perform DHCP and then drop into its -command interpreter to allow the user to enter keys and any other necessary -configuration. - -.sp -.in +2 -.nf -\fBboot cdrom -F wanboot -o dhcp,prompt\fR -.fi -.in -2 -.sp - .SS "x86" .LP -\fBExample 4 \fRTo Boot the Default Kernel In 64-bit Single-User Interactive +\fBExample 3 \fRTo Boot the Default Kernel In 64-bit Single-User Interactive Mode .sp .LP @@ -1417,7 +1099,7 @@ the root pool of your current system. \fBinit\fR(1M), \fBinstallboot\fR(1M), \fBkernel\fR(1M), \fBmonitor\fR(1M), \fBshutdown\fR(1M), \fBsvcadm\fR(1M), \fBumountall\fR(1M), \fBzpool\fR(1M), \fBuadmin\fR(2), \fBbootparams\fR(4), \fBinittab\fR(4), \fBvfstab\fR(4), -\fBwanboot.conf\fR(4), \fBfilesystem\fR(5) +\fBfilesystem\fR(5) .sp .LP RFC 903, \fIA Reverse Address Resolution Protocol\fR, diff --git a/usr/src/man/man1m/bootconfchk.1m b/usr/src/man/man1m/bootconfchk.1m deleted file mode 100644 index 56798639b8..0000000000 --- a/usr/src/man/man1m/bootconfchk.1m +++ /dev/null @@ -1,70 +0,0 @@ -'\" te -.\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. -.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. -.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH BOOTCONFCHK 1M "Apr 18, 2003" -.SH NAME -bootconfchk \- verify the integrity of a network boot configuration file -.SH SYNOPSIS -.LP -.nf -\fB/usr/sbin/bootconfchk\fR [\fIbootconf-file\fR] -.fi - -.SH DESCRIPTION -.sp -.LP -The \fBbootconfchk\fR command checks that the file specified is a valid network -boot configuration file as described in \fBwanboot.conf\fR(4). -.sp -.LP -Any discrepancies are reported on standard error. -.SH EXIT STATUS -.sp -.ne 2 -.na -\fB\fB0\fR\fR -.ad -.RS 5n -Successful completion. -.RE - -.sp -.ne 2 -.na -\fB\fB1\fR\fR -.ad -.RS 5n -An error occurred. -.RE - -.sp -.ne 2 -.na -\fB\fB2\fR\fR -.ad -.RS 5n -Usage error. -.RE - -.SH ATTRIBUTES -.sp -.LP -See \fBattributes\fR(5) for descriptions of the following attributes: -.sp - -.sp -.TS -box; -c | c -l | l . -ATTRIBUTE TYPE ATTRIBUTE VALUE -_ -Interface Stability Evolving -.TE - -.SH SEE ALSO -.sp -.LP -\fBwanboot.conf\fR(4), \fBattributes\fR(5) diff --git a/usr/src/man/man1m/ickey.1m b/usr/src/man/man1m/ickey.1m deleted file mode 100644 index 10a01df891..0000000000 --- a/usr/src/man/man1m/ickey.1m +++ /dev/null @@ -1,88 +0,0 @@ -'\" te -.\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. -.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. -.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH ICKEY 1M "April 9, 2016" -.SH NAME -ickey \- install a client key for WAN boot -.SH SYNOPSIS -.LP -.nf -\fB/usr/lib/inet/wanboot/ickey\fR [\fB-d\fR] [\fB-o\fR type=3des] -.fi - -.LP -.nf -\fB/usr/lib/inet/wanboot/ickey\fR [\fB-d\fR] [\fB-o\fR type=aes] -.fi - -.LP -.nf -\fB/usr/lib/inet/wanboot/ickey\fR [\fB-d\fR] [\fB-o\fR type=sha1] -.fi - -.SH DESCRIPTION -.LP -The \fBickey\fR command is used to install WAN boot keys on a running UNIX -system so that they can be used the next time the system is installed. You can -store three different types of keys: 3DES and AES for encryption and an HMAC -SHA-1 key for hashed verification. -.sp -.LP -\fBickey\fR reads the key from standard input using \fBgetpassphrase\fR(3C) so -that it does not appear on the command line. When installing keys on a remote -system, you must take proper precautions to ensure that any keying materials -are kept confidential. At a minimum, use \fBssh\fR(1) to prevent interception -of data in transit. -.sp -.LP -Keys are expected to be presented as strings of hexadecimal digits; they can -(but need not) be preceded by a \fB0x\fR or \fB0X\fR. -.sp -.LP -The \fBickey\fR command has a single option, described below. An argument of -the type \fB-o\fR\ \fBtype=\fR\fIkeytype\fR is required. -.SH OPTIONS -.LP -The \fBickey\fR command the following option. -.sp -.ne 2 -.na -\fB\fB-d\fR\fR -.ad -.RS 6n -Delete the key specified by the \fIkeytype\fR argument. -.RE - -.SH EXIT STATUS -.LP -On success, \fBickey\fR exits with status 0; if a problem occurs, a diagnostic -message is printed and \fBickey\fR exits with non-zero status. -.SH FILES -.ne 2 -.na -\fB\fB/dev/openprom\fR\fR -.ad -.RS 17n -WAN boot key storage driver -.RE - -.SH ATTRIBUTES -.LP -See \fBattributes\fR(5) for descriptions of the following attributes: -.sp - -.sp -.TS -box; -c | c -l | l . -ATTRIBUTE TYPE ATTRIBUTE VALUE -_ -Interface Stability Unstable -.TE - -.SH SEE ALSO -.LP -\fBssh\fR(1), \fBopenprom\fR(7D), \fBattributes\fR(5) diff --git a/usr/src/man/man1m/wanboot_keygen.1m b/usr/src/man/man1m/wanboot_keygen.1m deleted file mode 100644 index 5edfbf04a2..0000000000 --- a/usr/src/man/man1m/wanboot_keygen.1m +++ /dev/null @@ -1,191 +0,0 @@ -'\" te -.\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. -.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. -.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH WANBOOT_KEYGEN 1M "Apr 18, 2003" -.SH NAME -wanboot_keygen \- create and display client and server keys for WAN booting -.SH SYNOPSIS -.LP -.nf -\fB/usr/lib/inet/wanboot/keygen\fR \fB-c\fR \fB-o\fR net=\fIa.b.c.d\fR ,cid=\fIclient_ID\fR,type=3des -.fi - -.LP -.nf -\fB/usr/lib/inet/wanboot/keygen\fR \fB-c\fR \fB-o\fR net=\fIa.b.c.d\fR ,cid=\fIclient_ID\fR,type=aes -.fi - -.LP -.nf -\fB/usr/lib/inet/wanboot/keygen\fR \fB-m\fR -.fi - -.LP -.nf -\fB/usr/lib/inet/wanboot/keygen\fR \fB-c\fR \fB-o\fR net=\fIa.b.c.d\fR ,cid=\fIclient_ID\fR,type=sha1 -.fi - -.LP -.nf -\fB/usr/lib/inet/wanboot/keygen\fR \fB-d\fR \fB-m\fR -.fi - -.LP -.nf -\fB/usr/lib/inet/wanboot/keygen\fR \fB-c\fR \fB-o\fR net=\fIa.b.c.d\fR ,cid=\fIclient_ID\fR,type=\fIkeytype\fR -.fi - -.SH DESCRIPTION -.sp -.LP -The \fBkeygen\fR utility has three purposes: -.RS +4 -.TP -.ie t \(bu -.el o -Using the \fB-c\fR flag, to generate and store per-client 3DES/AES encryption -keys, avoiding any DES weak keys. -.RE -.RS +4 -.TP -.ie t \(bu -.el o -Using the \fB-m\fR flag, to generate and store a "master" HMAC SHA-1 key for -WAN install, and to derive from the master key per-client HMAC SHA-1 hashing -keys, in a manner described in RFC 3118, Appendix A. -.RE -.RS +4 -.TP -.ie t \(bu -.el o -Using the \fB-d\fR flag along with either the \fB-c\fR or \fB-m\fR flag to -indicate the key repository, to display a key of type specified by -\fIkeytype\fR, which must be one of \fB3des\fR, \fBaes\fR, or \fBsha1\fR. -.RE -.sp -.LP -The \fBnet\fR and \fBcid\fR arguments are used to identify a specific client. -Both arguments are optional. If the \fBcid\fR option is not provided, the key -being created or displayed will have a per-network scope. If the \fBnet\fR -option is not provided, then the key will have a global scope. Default net and -code values are used to derive an HMAC SHA-1 key if the values are not provided -by the user. -.SH OPTIONS -.sp -.LP -The following options are supported: -.sp -.ne 2 -.na -\fB\fB-c\fR\fR -.ad -.RS 6n -Generate and store per-client 3DES/AES encryption keys, avoiding any DES weak -keys. Also generates and stores per-client HMAC SHA-1 keys. Used in conjunction -with \fB-o\fR. -.RE - -.sp -.ne 2 -.na -\fB\fB-d\fR\fR -.ad -.RS 6n -Display a key of type specified by \fIkeytype\fR, which must be one of -\fB3des\fR, \fBaes\fR, or \fBsha1\fR. Use \fB-d\fR with \fB-m\fR or with -\fB-c\fR and \fB-o\fR. -.RE - -.sp -.ne 2 -.na -\fB\fB-m\fR\fR -.ad -.RS 6n -Generate and store a "master" HMAC SHA-1 key for WAN install. -.RE - -.sp -.ne 2 -.na -\fB\fB-o\fR\fR -.ad -.RS 6n -Specifies the WANboot client and/or keytype. -.RE - -.SH EXAMPLES -.LP -\fBExample 1 \fRGenerate a Master HMAC SHA-1 Key -.sp -.in +2 -.nf -# keygen -m -.fi -.in -2 -.sp - -.LP -\fBExample 2 \fRGenerate and Then Display a Client-Specific Master HMAC SHA-1 -Key -.sp -.in +2 -.nf -# keygen -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1 -# keygen -d -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1 -.fi -.in -2 -.sp - -.LP -\fBExample 3 \fRGenerate and Display a 3DES Key with a Per-Network Scope -.sp -.in +2 -.nf -# keygen -c -o net=172.16.174.0,type=3des -# keygen -d -o net=172.16.174.0,type=3des -.fi -.in -2 -.sp - -.SH EXIT STATUS -.sp -.ne 2 -.na -\fB\fB0\fR\fR -.ad -.RS 6n -Successful operation. -.RE - -.sp -.ne 2 -.na -\fB\fB>0\fR\fR -.ad -.RS 6n -An error occurred. -.RE - -.SH ATTRIBUTES -.sp -.LP -See \fBattributes\fR(5) for descriptions of the following attributes: -.sp - -.sp -.TS -box; -c | c -l | l . -ATTRIBUTE TYPE ATTRIBUTE VALUE -_ -Interface Stability Obsolete -.TE - -.SH SEE ALSO -.sp -.LP -\fBattributes\fR(5) diff --git a/usr/src/man/man1m/wanboot_keymgmt.1m b/usr/src/man/man1m/wanboot_keymgmt.1m deleted file mode 100644 index bda9ca6221..0000000000 --- a/usr/src/man/man1m/wanboot_keymgmt.1m +++ /dev/null @@ -1,148 +0,0 @@ -'\" te -.\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. -.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. -.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH WANBOOT_KEYMGMT 1M "Apr 18, 2003" -.SH NAME -wanboot_keymgmt \- insert and extract keys -.SH SYNOPSIS -.LP -.nf -\fB/usr/lib/inet/wanboot/keymgmt\fR \fB-i\fR \fB-k\fR \fIkey_file\fR \fB-s\fR \fIkeystore\fR \fB-o\fR type=\fIkeytype\fR -.fi - -.LP -.nf -\fB/usr/lib/inet/wanboot/keymgmt\fR \fB-x\fR \fB-f\fR \fIoutfile\fR \fB-s\fR \fIkeystore\fR \fB-o\fR type=\fIkeytype\fR -.fi - -.SH DESCRIPTION -.sp -.LP -The \fBkeymgmt\fR utility has two purposes: -.RS +4 -.TP -.ie t \(bu -.el o -To take a raw key, stored in \fIkey_file\fR, and insert it in the repository -specified by \fIkeystore\fR. -.RE -.RS +4 -.TP -.ie t \(bu -.el o -To extract a key of a specified type from the repository specified by -\fIkeystore\fR, depositing it in \fIoutfile\fR. -.RE -.sp -.LP -\fIoutfile\fR will be created if it does not already exist. The type of key -being added or extracted is specified by \fIkeytype\fR and may have one of four -values: \fB3des\fR, \fBaes\fR, \fBrsa\fR, or \fBsha1\fR (the last used by HMAC -SHA-1). When extracting a key, the first key with an OID matching the supplied -type is used. -.SH ARGUMENTS -.sp -.LP -The following arguments are supported: -.sp -.ne 2 -.na -\fB\fB-i\fR\fR -.ad -.RS 19n -Used in conjunction with \fB-k\fR to insert a raw key in \fIkeystore\fR. -.RE - -.sp -.ne 2 -.na -\fB\fB-f\fR \fIoutfile\fR\fR -.ad -.RS 19n -Used to specify a file to receive an extracted key. -.RE - -.sp -.ne 2 -.na -\fB\fB-k\fR \fIkey_file\fR\fR -.ad -.RS 19n -Used in conjunction with \fB-i\fR to specify the file in which a raw key is -stored. This key will be inserted in \fIkeystore\fR. -.RE - -.sp -.ne 2 -.na -\fB\fB-o\fR type=\fIkeytype\fR\fR -.ad -.RS 19n -Specifies the type of key being inserted or extracted. Must be one of -\fB3des\fR, \fBaes\fR, \fBrsa\fR, or \fBsha1\fR. -.RE - -.sp -.ne 2 -.na -\fB\fB-s\fR \fIkeystore\fR\fR -.ad -.RS 19n -Specifies a repository in which a key will be inserted or from which a key will -be extracted. -.RE - -.sp -.ne 2 -.na -\fB\fB-x\fR\fR -.ad -.RS 19n -Used in conjunction with \fB-f\fR to extract a key of a specified type and -deposit it in \fIoutfile\fR. -.RE - -.SH EXIT STATUS -.sp -.ne 2 -.na -\fB\fB0\fR\fR -.ad -.RS 6n -Successful operation. -.RE - -.sp -.ne 2 -.na -\fB\fB>0\fR\fR -.ad -.RS 6n -An error occurred. -.RE - -.SH ATTRIBUTES -.sp -.LP -See \fBattributes\fR(5) for descriptions of the following attributes: -.sp - -.sp -.TS -box; -c | c -l | l . -ATTRIBUTE TYPE ATTRIBUTE VALUE -_ -Interface Stability Obsolete -.TE - -.SH SEE ALSO -.sp -.LP -\fBattributes\fR(5) -.sp -.LP -ITU-T Recommendation X.208 diff --git a/usr/src/man/man1m/wanboot_p12split.1m b/usr/src/man/man1m/wanboot_p12split.1m deleted file mode 100644 index ede930eeb9..0000000000 --- a/usr/src/man/man1m/wanboot_p12split.1m +++ /dev/null @@ -1,125 +0,0 @@ -'\" te -.\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. -.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. -.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH WANBOOT_P12SPLIT 1M "Apr 18, 2003" -.SH NAME -wanboot_p12split \- split a PKCS #12 file into separate certificate and key -files -.SH SYNOPSIS -.LP -.nf -\fB/usr/lib/inet/wanboot/p12split\fR \fB-i\fR \fIp12file\fR \fB-c\fR \fIout_cert\fR \fB-k\fR \fIout_key\fR - [\fB-t\fR \fIout_trust\fR \fB-l\fR \fIid\fR \fB-v\fR] -.fi - -.SH DESCRIPTION -.sp -.LP -The \fBp12split\fR utility extracts a certificate and private key from the -repository specified by \fIp12file\fR, depositing the certificate in -\fIout_cert\fR and the key in \fIout_key\fR. If supplied, the \fB-l\fR option -specifies the value for the \fBLocalKeyId\fR that will be used in the new -certificate and key files. \fBp12split\fR can optionally extract a trust -certificate into the \fIout_trust\fR file if the \fB-t\fR option is specified. -Use the \fB-v\fR option to get a verbose description of the split displayed to -standard output. -.SH OPTIONS -.sp -.LP -The following arguments and options are supported: -.sp -.ne 2 -.na -\fB\fB-c\fR \fIout_cert\fR\fR -.ad -.RS 16n -Specifies a repository that receives a extracted certificate. -.RE - -.sp -.ne 2 -.na -\fB\fB-i\fR \fIp12file\fR\fR -.ad -.RS 16n -Specifies a repository from which a certificate and private key is extracted. -.RE - -.sp -.ne 2 -.na -\fB\fB-k\fR \fIout_key\fR\fR -.ad -.RS 16n -Specifies a repository that receives a extracted private key. -.RE - -.sp -.ne 2 -.na -\fB\fB-l\fR \fIid\fR\fR -.ad -.RS 16n -Specifies the value for the \fBLocalKeyId\fR that will be used in the new -certificate and key files. -.RE - -.sp -.ne 2 -.na -\fB\fB-t\fR \fIout_trust\fR\fR -.ad -.RS 16n -Specifies a file for receiving an extracted trust certificate. -.RE - -.sp -.ne 2 -.na -\fB\fB-v\fR\fR -.ad -.RS 16n -Displays a verbose description of the split to stdout. -.RE - -.SH EXIT STATUS -.sp -.ne 2 -.na -\fB\fB0\fR\fR -.ad -.RS 6n -Successful operation. -.RE - -.sp -.ne 2 -.na -\fB\fB>0\fR\fR -.ad -.RS 6n -An error occurred. -.RE - -.SH ATTRIBUTES -.sp -.LP -See \fBattributes\fR(5) for descriptions of the following attributes: -.sp - -.sp -.TS -box; -c | c -l | l . -ATTRIBUTE TYPE ATTRIBUTE VALUE -_ -Interface Stability Unstable -.TE - -.SH SEE ALSO -.sp -.LP -\fBattributes\fR(5) diff --git a/usr/src/man/man1m/wanbootutil.1m b/usr/src/man/man1m/wanbootutil.1m deleted file mode 100644 index aed2a6b85d..0000000000 --- a/usr/src/man/man1m/wanbootutil.1m +++ /dev/null @@ -1,138 +0,0 @@ -'\" te -.\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. -.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. -.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH WANBOOTUTIL 1M "Apr 18, 2003" -.SH NAME -wanbootutil \- manage keys and certificates for WAN booting -.SH SYNOPSIS -.LP -.nf -\fBwanbootutil\fR [keygen] [\fIoption_specific_arguments\fR] -.fi - -.LP -.nf -\fBwanbootutil\fR [keymgmt] [\fIoption_specific_arguments\fR] -.fi - -.LP -.nf -\fBwanbootutil\fR [p12split] [\fIoption_specific_arguments\fR] -.fi - -.SH DESCRIPTION -.sp -.LP -The \fBwanbootutil\fR command creates and manages WANboot encyrption and -hashing keys and manipulates PKCS #12 files for use by WAN boot. -.sp -.LP -\fBwanbootutil\fR has three subcommands, each covered in a separate man page: -.sp -.ne 2 -.na -\fB\fBwanboot_keygen\fR(1M)\fR -.ad -.RS 24n -Generates encryption and hashing keys. -.RE - -.sp -.ne 2 -.na -\fB\fBwanboot_keymgmt\fR(1M)\fR -.ad -.RS 24n -Inserts and extracts keys from WAN boot key repositories. -.RE - -.sp -.ne 2 -.na -\fB\fBwanboot_p12split\fR(1M)\fR -.ad -.RS 24n -Splits a PKCS #12 file into separate certificate and key files for use by WAN -boot. -.RE - -.SH OPTIONS -.sp -.LP -The options are supported for \fBwanbootutil\fR are the use of \fBkeygen\fR, -\fBkeymgmt\fR, or \fBp12split\fR. The options for these subcommands are -described in their respective man pages. -.SH EXAMPLES -.LP -\fBExample 1 \fRGenerate a 3DES Client Key -.sp -.in +2 -.nf -# wanbootutil keygen -c -o net=172.16.174.0,cid=010003BA0E6A36,type=3des -.fi -.in -2 -.sp - -.LP -\fBExample 2 \fRInsert an RSA Private Client Key -.sp -.in +2 -.nf -wanbootutil keymgmt -i -k keyfile \e - -s /etc/netboot/172.16.174.0/010003BA0E6A36/keystore -o type=rsa -.fi -.in -2 -.sp - -.LP -\fBExample 3 \fRSplit a PKCS #12 File into Certificate and Key Components -.sp -.in +2 -.nf -# wanbootutil p12split -i p12file -c out_cert -k out_key -.fi -.in -2 -.sp - -.SH EXIT STATUS -.sp -.ne 2 -.na -\fB\fB0\fR\fR -.ad -.RS 12n -Successful operation. -.RE - -.sp -.ne 2 -.na -\fB\fBnon-zero\fR\fR -.ad -.RS 12n -An error occurred. Writes an appropriate error message to standard error. -.RE - -.SH ATTRIBUTES -.sp -.LP -See \fBattributes\fR(5) for descriptions of the following attributes: -.sp - -.sp -.TS -box; -c | c -l | l . -ATTRIBUTE TYPE ATTRIBUTE VALUE -_ -Interface Stability Obsolete -.TE - -.SH SEE ALSO -.sp -.LP -\fBwanboot_keygen\fR(1M), \fBwanboot_keymgmt\fR(1M), -\fBwanboot_p12split\fR(1M), \fBattributes\fR(5) diff --git a/usr/src/man/man4/Makefile b/usr/src/man/man4/Makefile index f4c4317405..d10620939b 100644 --- a/usr/src/man/man4/Makefile +++ b/usr/src/man/man4/Makefile @@ -197,7 +197,6 @@ _MANFILES= Intro.4 \ utmp.4 \ utmpx.4 \ vfstab.4 \ - wanboot.conf.4 \ warn.conf.4 \ ypfiles.4 \ yppasswdd.4 \ diff --git a/usr/src/man/man4/wanboot.conf.4 b/usr/src/man/man4/wanboot.conf.4 deleted file mode 100644 index 5eff3a1b1d..0000000000 --- a/usr/src/man/man4/wanboot.conf.4 +++ /dev/null @@ -1,344 +0,0 @@ -'\" te -.\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved. -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. -.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. -.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH WANBOOT.CONF 4 "Nov 15, 2003" -.SH NAME -wanboot.conf \- repository for WANboot configuration data -.SH SYNOPSIS -.LP -.nf -\fB\fR\fB/etc/netboot/wanboot.conf\fR -.fi - -.SH DESCRIPTION -.sp -.LP -The \fBwanboot.conf\fR file is set up by a system administrator for one or more -WANboot clients. The file contains information used to drive the WANboot -process. The CGI program that serves up the bootstrap (wanboot) and the boot -and root filesystems use information contained in the file to determine file -paths, encryption and signing policies, and other characteristics of the -operating environment. -.sp -.LP -A copy of \fBwanboot.conf\fR is incorporated in the boot filesystem that is -transmitted to the client. This is used by the bootstrap (wanboot) to determine -SSL authentication policy, and other security conditions. -.sp -.LP -You should use the \fBbootconfchk\fR(1M) utility to check the format and -content of a \fBwanboot.conf\fR file prior to deployment. -.SH FILE FORMAT -.sp -.LP -Entries in \fBwanboot.conf\fR are written one per line; an entry cannot be -continued onto another line. Blank lines are ignored, as is anything following -a hash mark character (\fB#\fR), which allows you to insert comments. -.sp -.LP -Each non-blank, non-comment line must take the form: -.sp -.in +2 -.nf -\fIparameter\fR=\fIvalue\fR -.fi -.in -2 -.sp - -.sp -.LP -where \fIvalue\fR is terminated by the end-of-line, a space, or the hash mark -character. The value can be quoted if it contains a space or a hash mark, using -single or double quotes. -.sp -.LP -The parameters currently supported and their meanings are as follows: -.sp -.ne 2 -.na -\fB\fIboot_file\fR\fR -.ad -.RS 25n -Specifies the path of the bootstrap file relative to the directory from which -the web server serves files. This parameter must be given if the bootstrap file -(wanboot) is to be served via HTTP, and must be specified with a leading slash -(\fB/\fR). -.RE - -.sp -.ne 2 -.na -\fB\fIroot_server\fR\fR -.ad -.RS 25n -Specifies the location of the CGI program that will serve up the information -about the root filesystem that will be transmitted to the client. If present, -the value must be a URL in one of the following forms: -.sp -.in +2 -.nf -http://\fIhost\fR:\fIport\fR/\fIsome_path\fR/\fIwanboot-cgi\fR -https://\fIhost\fR:\fIport\fR/\fIsome_path\fR/\fIwanboot-cgi\fR -.fi -.in -2 -.sp - -where \fBhttp\fR specifies insecure download of the root filesystem; -\fBhttps\fR specifies secure download of the root filesystem; \fIhost\fR is the -name of the system which will serve the root filesystem; \fIport\fR is the port -through which the web server will serve the root filesystem image; -\fIsome-path\fR is the directory which contains the \fIwanboot-cgi\fR CGI -program which will serve information about the root filesystem. For example: -.sp -.in +2 -.nf -http://webserver:8080/cgi-bin/wanboot-cgi -.fi -.in -2 -.sp - -.RE - -.sp -.ne 2 -.na -\fB\fIroot_file\fR\fR -.ad -.RS 25n -Specifies the path of the root filesystem image relative to the directory from -which the web server serves files. This parameter must be given if the root -filesystem is to be served by means of HTTP, and must be specified with a -leading \fB/\fR. -.RE - -.sp -.ne 2 -.na -\fB\fIsignature_type\fR\fR -.ad -.RS 25n -Specifies the signing algorithm to be used when signing the bootstrap (that is, -wanboot), the boot filesystem, and the root filesystem (assuming the last is -not being sent using secure HTTP), prior to transmission to the client. If -absent, or the value is empty, no signing will be performed. If present, its -value must be: \fBsha1\fR. -.sp -If \fIsignature_type\fR is set, the client system being booted must also be -setup with a client key for that algorithm. -.RE - -.sp -.ne 2 -.na -\fB\fIencryption_type\fR\fR -.ad -.RS 25n -Specifies the encryption algorithm to be used when encrypting the boot -filesystem prior to transmission to the client. If absent, or the value is -empty, no encryption of the boot filesystem will be performed. If present, its -value must be one of: \fB3des\fR or \fBaes\fR. -.sp -If \fIencryption_type\fR is set to one of the above algorithms, then the client -system being booted must also be setup with a client key for that algorithm and -a non-empty \fIencryption_type\fR must also be specified. -.RE - -.sp -.ne 2 -.na -\fB\fIserver_authentication\fR\fR -.ad -.RS 25n -Specifies whether server authentication should be requested during SSL -connection setup. If absent, or the value is empty, server authentication will -not be requested. If present, its value must be one of: \fByes\fR or \fBno\fR. -.RE - -.sp -.ne 2 -.na -\fB\fIclient_authentication\fR\fR -.ad -.RS 25n -Specifies whether client authentication should be requested during SSL -coonection setup. If absent, or the value is empty, client authentication will -not be requested. If present, its value must be one of: \fByes\fR or \fBno\fR. -.sp -If client_authentication is \fByes\fR, then encryption and signing algorithms -must also be specified, the URL scheme in \fIroot_server\fR must be -\fBhttps\fR, and server_authentication must also be \fByes\fR. -.RE - -.sp -.ne 2 -.na -\fB\fIresolve_hosts\fR\fR -.ad -.RS 25n -Used to specify any host names that might need to be resolved for the client -system. Host names appearing in URLs in \fBwanboot.conf\fR and any discovered -in certificates associated with the client will automatically be resolved and -do not need to be specified here. The value should be a comma-separated list of -host names. -.sp -A typical use of this parameter would be to name hosts used by the installer -that differ from any of those used by the bootstrap. -.RE - -.sp -.ne 2 -.na -\fB\fIboot_logger\fR\fR -.ad -.RS 25n -Specifies the URL of a system to which logging messages will be sent. If -absent, or the value is empty, then logging will be to the system console only. -If present it must specify a URL in one of the following forms: -.sp - -.sp -.in +2 -.nf -http://\fIhost\fR:\fIport\fR/\fIsome_path\fR/\fIbootlog-cgi\fR -https://\fIhost\fR:\fIport\fR/\fIsome_path\fR/\fIbootlog-cgi\fR -.fi -.in -2 -.sp - -where the constituent parts are as defined for \fIroot_server\fR, above. -.sp -Logging can be insecure or secure. -.RE - -.sp -.ne 2 -.na -\fB\fIsystem_conf\fR\fR -.ad -.RS 25n -Specifies the name of a file in the \fB/etc/netboot\fR hierarchy that will be -incorporated in the boot filesystem named \fBsystem.conf\fR and which is -intended for use by the system startup scripts only. -.RE - -.SH EXAMPLES -.LP -\fBExample 1 \fRSample \fB\fR File -.sp -.LP -The following is a sample \fBwanboot.conf\fR file: - -.sp -.in +2 -.nf -#################################################################### -# -# Copyright 2003 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -#ident "@(#)wanboot.conf 1.12 03/01/30 SMI" -# -#################################################################### -# wanboot.conf(4): boot configuration file. -# -# Please consult wanboot.conf(4) for further information. Note that -# this interface is "Evolving" as defined by attributes(5). -# -# Anything after a '#' is comment. Values may be quoted (e.g. "val"). -# -# <empty> means there is no value, i.e. null. The absence of any -# parameter implies that it takes a default value (<empty> unless -# otherwise specified). -# -# <url> is of the form http://... or https://... -#################################################################### - -# The path of the bootstrap file (within htdocs) which is served up -# by wanboot-cgi(bootfile). -# -boot_file=/bootfiles/wanboot # <absolute pathname> - -# These are used by wanboot-cgi(bootfile|bootfs|rootfs) to determine -# whether boot_file or the bootfs is to be sent encrypted/signed, or -# root_file is to be sent signed; the client must be setup with the -# corresponding encryption/signature key(s) (which cannot be auto- -# matically verified). -# -# If an encryption_type is specified then a signature_type must also -# be specified. -# -encryption_type=3des # 3des | aes | <empty> -signature_type=sha1 # sha1 | <empty> - -# This is used by wanboot-cgi(bootfs) and WANboot to determine whether -# server authentication should be requested during SSL connection -# setup. -# -server_authentication=yes # yes | no - -# This is used by wanboot-cgi(bootfs) and wanboot to determine whether -# client authentication should be requested during SSL connection -# setup. If client_authentication is "yes", then server_authentication -# must also be "yes". -# -client_authentication=yes # yes | no - - -# wanboot-cgi(bootfs) will construct a hosts file which resolves any -# hostnames specified in any of the URLs in the wanboot.conf file, -# plus those found in certificates, etc. The following parameter -# may be used to add additional mappings to the hosts file. -# -resolve_hosts= # <hostname>[,<hostname>*] | <empty> - -# This is used to specify the URL of wanboot-cgi on the server on which -# the root_file exists, and used by wanboot to obtain the root server's -# URL; wanboot substitutes root_file for the pathname part of the URL. -# If the schema is http://... then the root_file will be signed if there -# is a non-empty signature_type. If server_authentication is "yes", the -# schema must be https://...; otherwise it must be http://... -# -root_server=https://www.example.com:1234/cgi-bin/wanboot-cgi # <url> \e - | <empty> - -# This is used by wanboot-cgi(rootfs) to locate the path of the -# rootfs image (within htdocs) on the root_server. -# -root_file=/rootimages/miniroot # <absolute pathname> | <empty> - -# This is used by wanboot to determine the URL of the boot_logger -# (and whether logging traffic should be sent using http or https), -# or whether it should simply be sent to the console. -# -boot_logger=http://www.example.com:1234/cgi-bin/bootlog-cgi # <url> \e - | <empty> - -# This is used by the system startup scripts. -# -system_conf=system.conf -.fi -.in -2 -.sp - -.SH ATTRIBUTES -.sp -.LP -See \fBattributes\fR(5) for descriptions of the following attributes: -.sp - -.sp -.TS -box; -c | c -l | l . -ATTRIBUTE TYPE ATTRIBUTE VALUE -_ -Interface Stability Evolving -.TE - -.SH SEE ALSO -.sp -.LP -\fBbootconfchk\fR(1M), \fBattributes\fR(5) diff --git a/usr/src/pkg/manifests/SUNWcs.man4.inc b/usr/src/pkg/manifests/SUNWcs.man4.inc index ff14e835e7..ee5cad09d8 100644 --- a/usr/src/pkg/manifests/SUNWcs.man4.inc +++ b/usr/src/pkg/manifests/SUNWcs.man4.inc @@ -102,7 +102,6 @@ file path=usr/share/man/man4/user_attr.4 file path=usr/share/man/man4/utmp.4 file path=usr/share/man/man4/utmpx.4 file path=usr/share/man/man4/vfstab.4 -file path=usr/share/man/man4/wanboot.conf.4 file path=usr/share/man/man4/zoneinfo.4 link path=usr/share/man/man4/devid_cache.4 target=devices.4 link path=usr/share/man/man4/devname_cache.4 target=devices.4 diff --git a/usr/src/pkg/manifests/SUNWcs.mf b/usr/src/pkg/manifests/SUNWcs.mf index 64ae87b79a..1a146fd573 100644 --- a/usr/src/pkg/manifests/SUNWcs.mf +++ b/usr/src/pkg/manifests/SUNWcs.mf @@ -369,7 +369,6 @@ file path=etc/inet/netmasks group=sys preserve=true file path=etc/inet/networks group=sys preserve=true file path=etc/inet/protocols group=sys preserve=true file path=etc/inet/services group=sys preserve=true -file path=etc/inet/wanboot.conf.sample group=sys mode=0444 file path=etc/init.d/PRESERVE group=sys mode=0744 preserve=true file path=etc/init.d/README group=sys preserve=true file path=etc/init.d/sysetup group=sys mode=0744 preserve=true diff --git a/usr/src/pkg/manifests/system-boot-wanboot-internal.mf b/usr/src/pkg/manifests/system-boot-wanboot-internal.mf index d9c6e60174..13f30082f8 100644 --- a/usr/src/pkg/manifests/system-boot-wanboot-internal.mf +++ b/usr/src/pkg/manifests/system-boot-wanboot-internal.mf @@ -22,35 +22,9 @@ # # Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. # Copyright 2012 OmniTI Computer Consulting, Inc. All rights reserved. +# Copyright 2018 OmniOS Community Edition (OmniOSce) Association. # set name=pkg.fmri value=pkg:/system/boot/wanboot/internal@$(PKGVERS) -set name=pkg.description value="Solaris WAN boot internal" -set name=pkg.summary value="WAN boot internal" -set name=info.classification value=org.opensolaris.category.2008:System/Core +set name=pkg.obsolete value=true set name=variant.arch value=$(ARCH) -dir path=usr group=sys -dir path=usr/include -dir path=usr/lib -file path=usr/include/boot_http.h -file path=usr/include/bootinfo.h -file path=usr/include/bootlog.h -file path=usr/include/netboot_paths.h -file path=usr/include/p12access.h -file path=usr/include/p12aux.h -file path=usr/include/p12err.h -file path=usr/include/parseURL.h -file path=usr/include/wanboot_conf.h -file path=usr/lib/$(ARCH64)/llib-lwanboot.ln -file path=usr/lib/$(ARCH64)/llib-lwanbootutil.ln -file path=usr/lib/llib-lwanboot -file path=usr/lib/llib-lwanboot.ln -file path=usr/lib/llib-lwanbootutil -file path=usr/lib/llib-lwanbootutil.ln -legacy pkg=SUNWwbint desc="Solaris WAN boot internal" name="WAN boot internal" -license cr_Sun license=cr_Sun -license lic_CDDL license=lic_CDDL -link path=usr/lib/$(ARCH64)/libwanboot.so target=./libwanboot.so.1 -link path=usr/lib/$(ARCH64)/libwanbootutil.so target=./libwanbootutil.so.1 -link path=usr/lib/libwanboot.so target=./libwanboot.so.1 -link path=usr/lib/libwanbootutil.so target=./libwanbootutil.so.1 diff --git a/usr/src/pkg/manifests/system-boot-wanboot.mf b/usr/src/pkg/manifests/system-boot-wanboot.mf index 16750a7ab1..9ab99df261 100644 --- a/usr/src/pkg/manifests/system-boot-wanboot.mf +++ b/usr/src/pkg/manifests/system-boot-wanboot.mf @@ -22,41 +22,9 @@ # # Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. # Copyright 2016 OmniTI Computer Consulting, Inc. All rights reserved. +# Copyright 2018 OmniOS Community Edition (OmniOSce) Association. # set name=pkg.fmri value=pkg:/system/boot/wanboot@$(PKGVERS) -set name=pkg.description value="Solaris WAN boot support" -set name=pkg.summary value="WAN boot support" -set name=info.classification value=org.opensolaris.category.2008:System/Core +set name=pkg.obsolete value=true set name=variant.arch value=$(ARCH) -dir path=usr group=sys -dir path=usr/lib -dir path=usr/lib/abi -dir path=usr/lib/inet -dir path=usr/lib/inet/wanboot -dir path=usr/sbin -dir path=usr/share/man/man1m -file path=usr/lib/$(ARCH64)/libwanboot.so.1 -file path=usr/lib/$(ARCH64)/libwanbootutil.so.1 -file path=usr/lib/inet/wanboot/bootlog-cgi mode=0555 -file path=usr/lib/inet/wanboot/encr mode=0555 -file path=usr/lib/inet/wanboot/hmac mode=0555 -file path=usr/lib/inet/wanboot/ickey mode=0555 -file path=usr/lib/inet/wanboot/keygen mode=0555 -file path=usr/lib/inet/wanboot/keymgmt mode=0555 -file path=usr/lib/inet/wanboot/netbootinfo mode=0555 -file path=usr/lib/inet/wanboot/p12split mode=0555 -file path=usr/lib/inet/wanboot/wanboot-cgi mode=0555 -file path=usr/lib/libwanboot.so.1 -file path=usr/lib/libwanbootutil.so.1 -file path=usr/sbin/bootconfchk mode=0555 -file path=usr/sbin/wanbootutil mode=0555 -file path=usr/share/man/man1m/bootconfchk.1m -file path=usr/share/man/man1m/ickey.1m -file path=usr/share/man/man1m/wanboot_keygen.1m -file path=usr/share/man/man1m/wanboot_keymgmt.1m -file path=usr/share/man/man1m/wanboot_p12split.1m -file path=usr/share/man/man1m/wanbootutil.1m -legacy pkg=SUNWwbsup desc="Solaris WAN boot support" name="WAN boot support" -license cr_Sun license=cr_Sun -license lic_CDDL license=lic_CDDL diff --git a/usr/src/psm/stand/boot/sparc/common/boot_plat.h b/usr/src/psm/stand/boot/sparc/common/boot_plat.h index 7241cec417..68d9dd9791 100644 --- a/usr/src/psm/stand/boot/sparc/common/boot_plat.h +++ b/usr/src/psm/stand/boot/sparc/common/boot_plat.h @@ -45,7 +45,6 @@ extern int verbosemode; extern char filename[]; extern char *const defname; extern char *const defname64; -extern char wanboot_arguments[]; extern int bootprog(char *, char *, boolean_t); extern char *choose_default_filename(char *, char *); diff --git a/usr/src/psm/stand/boot/sparc/common/bootflags.c b/usr/src/psm/stand/boot/sparc/common/bootflags.c index f401f8ac57..d30e3a1cb3 100644 --- a/usr/src/psm/stand/boot/sparc/common/bootflags.c +++ b/usr/src/psm/stand/boot/sparc/common/bootflags.c @@ -23,8 +23,6 @@ * Use is subject to license terms. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <sys/types.h> #include <sys/bootconf.h> #include <sys/reboot.h> @@ -39,8 +37,6 @@ static char default_path_buf[MAXPATHLEN]; -char wanboot_arguments[OBP_MAXPATHLEN]; /* args following "-o" */ - char cmd_line_boot_archive[MAXPATHLEN]; boolean_t halt; @@ -114,18 +110,6 @@ bootflags(char *args, size_t argsz) cmd_line_default_path = default_path_buf; break; - case 'o': - if (params.gos_optarglen >= - sizeof (wanboot_arguments)) { - printf("boot: -o argument too long. " - "Ignoring.\n"); - break; - } - (void) strncpy(wanboot_arguments, params.gos_optargp, - params.gos_optarglen); - wanboot_arguments[params.gos_optarglen] = '\0'; - break; - case 'a': boothowto |= RB_ASKNAME; break; @@ -157,7 +141,6 @@ bootflags(char *args, size_t argsz) case 'F': case 'I': case 'D': - case 'o': printf("boot: -%c flag missing required " "argument. Ignoring.\n", params.gos_last_opt); diff --git a/usr/src/psm/stand/boot/sparc/common/ramdisk.c b/usr/src/psm/stand/boot/sparc/common/ramdisk.c index 99821651e9..10779521ef 100644 --- a/usr/src/psm/stand/boot/sparc/common/ramdisk.c +++ b/usr/src/psm/stand/boot/sparc/common/ramdisk.c @@ -26,7 +26,6 @@ #include <sys/param.h> #include <sys/promif.h> #include <sys/salib.h> -#include <bootlog.h> #include "ramdisk.h" #include <sys/param.h> diff --git a/usr/src/psm/stand/boot/sparc/common/wanboot.c b/usr/src/psm/stand/boot/sparc/common/wanboot.c deleted file mode 100644 index 76d6da91fe..0000000000 --- a/usr/src/psm/stand/boot/sparc/common/wanboot.c +++ /dev/null @@ -1,1678 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#include <sys/types.h> -#include <sys/promif.h> -#include <sys/obpdefs.h> -#include <sys/bootvfs.h> -#include <sys/bootconf.h> -#include <netinet/in.h> -#include <sys/wanboot_impl.h> -#include <boot_http.h> -#include <aes.h> -#include <des3.h> -#include <cbc.h> -#include <hmac_sha1.h> -#include <sys/sha1.h> -#include <sys/sha1_consts.h> -#include <bootlog.h> -#include <parseURL.h> -#include <netboot_paths.h> -#include <netinet/inetutil.h> -#include <sys/salib.h> -#include <inet/mac.h> -#include <inet/ipv4.h> -#include <dhcp_impl.h> -#include <inet/dhcpv4.h> -#include <bootinfo.h> -#include <wanboot_conf.h> -#include "boot_plat.h" -#include "ramdisk.h" -#include "wbcli.h" - -/* - * Types of downloads - */ -#define MINIINFO "miniinfo" -#define MINIROOT "miniroot" -#define WANBOOTFS "wanbootfs" - -#define WANBOOT_RETRY_NOMAX -1 -#define WANBOOT_RETRY_ROOT_MAX 50 -#define WANBOOT_RETRY_MAX 5 -#define WANBOOT_RETRY_SECS 5 -#define WANBOOT_RETRY_MAX_SECS 30 - -/* - * Our read requests should timeout after 25 seconds - */ -#define SOCKET_READ_TIMEOUT 25 - -/* - * Experimentation has shown that an 8K download buffer is optimal - */ -#define HTTP_XFER_SIZE 8192 -static char buffer[HTTP_XFER_SIZE]; - -bc_handle_t bc_handle; - -extern int determine_fstype_and_mountroot(char *); -extern uint64_t get_ticks(void); - -/* - * The following is used to determine whether the certs and private key - * files will be in PEM format or PKCS12 format. 'use_p12' is zero - * to use PEM format, and 1 when PKCS12 format is to be used. It is - * done this way, as a global, so that it can be patched if needs be - * using the OBP debugger. - */ -uint32_t use_p12 = 1; - -#define CONTENT_LENGTH "Content-Length" - -#define NONCELEN (2 * HMAC_DIGEST_LEN) /* two hex nibbles/byte */ -#define WANBOOTFS_NONCE_FILE "/nonce" - -static char nonce[NONCELEN + 1]; - -enum URLtype { - URLtype_wanbootfs = 0, - URLtype_miniroot = 1 -}; - -static char *URLtoCGIcontent[] = { - "bootfs", - "rootfs" -}; -#define CGIcontent(urltype) URLtoCGIcontent[urltype] - -/* Encryption algorithms */ -typedef enum { - ENCR_NONE, - ENCR_3DES, - ENCR_AES -} encr_type_t; - -/* Hash algorithms */ -typedef enum { - HASH_NONE, - HASH_HMAC_SHA1 -} hash_type_t; - -/* - * Keys ... - */ -static encr_type_t encr_type = ENCR_NONE; -static unsigned char *g_encr_key = NULL; - -static hash_type_t hash_type = HASH_NONE; -static unsigned char *g_hash_key = NULL; - -void -print_errors(const char *func, http_handle_t handle) -{ - char const *msg; - ulong_t err; - uint_t src; - - while ((err = http_get_lasterr(handle, &src)) != 0) { - msg = http_errorstr(src, err); - bootlog("wanboot", BOOTLOG_ALERT, - "%s: errsrc %u, err %lu (0x%lx)", func, src, err, err); - bootlog("wanboot", BOOTLOG_ALERT, "%s", msg); - } -} - -/* - * This routine is called by a consumer to determine whether or not a - * retry should be attempted. If a retry is in order (depends upon the - * 'retry_cnt' and 'retry_max' arguments), then this routine will print a - * message indicating this is the case and will determine an appropriate - * "sleep" time before retrying. The "sleep" time will depend upon the - * 'retry_cnt' and will max out at WANBOOT_RETRY_MAX_SECS. - * - * Returns: - * B_TRUE = retry is in order - * B_FALSE = retry limit exceeded - */ -boolean_t -wanboot_retry(int retry_cnt, int retry_max) -{ - unsigned int seconds; - - if (retry_max == WANBOOT_RETRY_NOMAX || retry_cnt <= retry_max) { - seconds = WANBOOT_RETRY_SECS * retry_cnt; - if (seconds > WANBOOT_RETRY_MAX_SECS) { - seconds = WANBOOT_RETRY_MAX_SECS; - } - bootlog("wanboot", BOOTLOG_INFO, - "Will retry in %d seconds ...", seconds); - (void) sleep(seconds); - return (B_TRUE); - } else { - bootlog("wanboot", BOOTLOG_INFO, - "Maximum retries exceeded."); - return (B_FALSE); - } -} - -/* - * Determine which encryption algorithm the client is configured to use. - * WAN boot determines which key to use by order of priority. That is - * multiple encryption keys may exist in the PROM, but the first one found - * (while searching in a preferred order) is the one that will be used. - */ -static void -init_encryption(void) -{ - static unsigned char key[WANBOOT_MAXKEYLEN]; - size_t len = sizeof (key); - - if (bootinfo_get(BI_AES_KEY, (char *)&key, &len, NULL) == - BI_E_SUCCESS) { - encr_type = ENCR_AES; - g_encr_key = key; - } else if (bootinfo_get(BI_3DES_KEY, (char *)&key, &len, NULL) == - BI_E_SUCCESS) { - encr_type = ENCR_3DES; - g_encr_key = key; - } -} - -/* - * Determine whether the client is configured to use hashing. - */ -static void -init_hashing(void) -{ - static unsigned char key[WANBOOT_HMAC_KEY_SIZE]; - size_t len = sizeof (key); - - if (bootinfo_get(BI_SHA1_KEY, (char *)&key, &len, NULL) == - BI_E_SUCCESS) { - hash_type = HASH_HMAC_SHA1; - g_hash_key = key; - } -} - -/* - * Read some CPU-specific rapidly-varying data (assumed to be of length - * sizeof (hrtime_t) in the non-SPARC case), and digestify it to further - * randomize the output. - */ -char * -generate_nonce(void) -{ - uint64_t t; - SHA1_CTX c; - unsigned char digest[HMAC_DIGEST_LEN]; - uint_t nlen = sizeof (nonce); - - int err; - - /* - * Read SPARC %tick register or x86 TSC - */ - t = get_ticks(); - SHA1Init(&c); - SHA1Update(&c, (const uint8_t *)&t, sizeof (t)); - SHA1Final(digest, &c); - - err = octet_to_hexascii(digest, sizeof (digest), nonce, &nlen); - if (err != 0) { - bootlog("wanboot", BOOTLOG_CRIT, - "cannot convert nonce to ASCII: error %d", err); - return (NULL); - } - nonce[NONCELEN] = '\0'; - return (nonce); -} - -/* - * Given a server URL, builds a URL to request one of the wanboot - * datastreams. - * - * Returns: - * -1 = Non-recoverable error - * 0 = Success - */ -static int -build_request_url(url_t *req_url, enum URLtype ut, const url_t *server_url) -{ - char clid[WB_MAX_CID_LEN]; - size_t clen; - char wid[WB_MAX_CID_LEN * 2 + 1]; - uint_t wlen; - struct in_addr ip; - struct in_addr mask; - char *netstr; - char *ppath; - size_t plen; - const char reqstr[] = "/?CONTENT=%s&IP=%s&CID=%s"; - - /* - * Initialize the request - */ - *req_url = *server_url; - - /* - * Build the network number string - */ - ipv4_getipaddr(&ip); - ipv4_getnetmask(&mask); - ip.s_addr = ip.s_addr & mask.s_addr; - netstr = inet_ntoa(ip); - - /* - * Get the wan id - */ - clen = sizeof (clid); - if (bootinfo_get(BI_CLIENT_ID, clid, &clen, NULL) != BI_E_SUCCESS) { - bootlog("wanboot", BOOTLOG_CRIT, - "Cannot retrieve the client ID"); - return (-1); - } - wlen = sizeof (wid); - (void) octet_to_hexascii(clid, clen, wid, &wlen); - - /* - * Build the request, making sure that the length of the - * constructed URL falls within the supported maximum. - */ - plen = strlen(req_url->abspath); - ppath = req_url->abspath + plen; - if (snprintf(ppath, URL_MAX_PATHLEN - plen, reqstr, - CGIcontent(ut), netstr, wid) >= URL_MAX_PATHLEN - plen) { - bootlog("wanboot", BOOTLOG_CRIT, - "The URL path length of the %s request is greater than " - "the maximum of %d", CGIcontent(ut), URL_MAX_PATHLEN); - return (-1); - } - - /* - * If the URL type requires a nonce, then supply it. - * It will be returned in the reply to detect attempted - * replays. - */ - if (ut == URLtype_wanbootfs) { - char *n = generate_nonce(); - - if (n != NULL) { - plen += strlen("&NONCE=") + NONCELEN; - if (plen > URL_MAX_PATHLEN) - return (-1); - (void) strcat(req_url->abspath, "&NONCE="); - (void) strcat(req_url->abspath, n); - } - } - - return (0); -} - -/* - * This routine reads data from an HTTP connection into a buffer. - * - * Returns: - * 0 = Success - * 1 = HTTP download error - */ -static int -read_bytes(http_handle_t handle, char *buffer, size_t cnt) -{ - int len; - size_t i; - - for (i = 0; i < cnt; i += len) { - len = http_read_body(handle, &buffer[i], cnt - i); - if (len <= 0) { - print_errors("http_read_body", handle); - return (1); - } - } - return (0); -} - -/* - * This routine compares two hash digests, one computed by the server and - * the other computed by the client to verify that a transmitted message - * was received without corruption. - * - * Notes: - * The client only computes a digest if it is configured with a - * hash key. If it is not, then the server should not have a hash - * key for the client either and therefore should have sent a - * zero filled digest. - * - * Returns: - * B_TRUE = digest was verified - * B_FALSE = digest did not verify - */ -static boolean_t -verify_digests(const char *what, unsigned char *cdigest, unsigned char *sdigest) -{ - static char null_digest[HMAC_DIGEST_LEN]; - - if (bcmp(sdigest, cdigest, HMAC_DIGEST_LEN) != 0) { - bootlog("wanboot", BOOTLOG_CRIT, - "%s: invalid hash digest", what); - bootlog("wanboot", BOOTLOG_CRIT, - "This may signify a client/server key mismatch"); - if (bcmp(sdigest, null_digest, HMAC_DIGEST_LEN) == 0) { - bootlog("wanboot", BOOTLOG_CRIT, - "(client has key but wrong signature_type?)"); - } else if (bcmp(cdigest, null_digest, HMAC_DIGEST_LEN) == 0) { - bootlog("wanboot", BOOTLOG_CRIT, - "(signature_type specified but no client key?)"); - } - bootlog("wanboot", BOOTLOG_CRIT, - "or possible corruption of the image in transit"); - return (B_FALSE); - } - - return (B_TRUE); -} - -/* - * This routine reads the part of a multipart message that contains a - * hash digest. Errors in reading the digest are differentiated from - * other kinds of errors so that the caller can decide whether or - * not a retry is worthwhile. - * - * Note: - * The hash digest can either be an HMAC digest or it can be - * a zero length message (representing no hash digest). - * - * Returns: - * -1 = Non-recoverable error - * 0 = Success - * 1 = HTTP download error - */ -static int -read_digest(const char *what, http_handle_t handle, unsigned char *sdigest) -{ - char *lenstr; - size_t digest_size; - - /* - * Process the HMAC digest header. - */ - if (http_process_part_headers(handle, NULL) != 0) { - print_errors("http_process_part_headers", handle); - return (1); - } - lenstr = http_get_header_value(handle, CONTENT_LENGTH); - if (lenstr == NULL) { - bootlog("wanboot", BOOTLOG_ALERT, - "%s: error getting digest length", what); - return (1); - } - digest_size = (size_t)strtol(lenstr, NULL, 10); - free(lenstr); - - /* - * Validate the HMAC digest length. - */ - if (digest_size != HMAC_DIGEST_LEN) { - bootlog("wanboot", BOOTLOG_CRIT, - "%s: error validating response - invalid digest size", - what); - return (-1); - } - - /* - * Read the HMAC digest. - */ - if (read_bytes(handle, (char *)sdigest, digest_size) != 0) { - bootlog("wanboot", BOOTLOG_ALERT, - "%s: error reading digest", what); - return (1); - } - - return (0); -} - -/* - * This routine reads data from an HTTP connection and writes the data - * to a ramdisk. It also, optionally computes a hash digest of the processed - * data. This routine may be called to continue writing a previously aborted - * write. If this is the case, then the offset will be non-zero and the write - * pointer into the ramdisk will be positioned correctly by the caller. - * - * Returns: - * -1 = Non-recoverable error - * 0 = Success - * 1 = HTTP download error - */ -static int -write_msg_to_ramdisk(const char *what, caddr_t addr, http_handle_t handle, - size_t ramdisk_size, off_t *offset, SHA1_CTX *sha) -{ - int len; - long nleft; - static int bootlog_message_interval; - static int bootlog_progress; - int ret; - - /* - * Read the data and write it to the ramdisk. - */ - if (*offset == 0) { - bootlog_progress = 0; - bootlog_message_interval = ramdisk_size / sizeof (buffer); - if (bootlog_message_interval < 500) - bootlog_message_interval /= 5; - else - bootlog_message_interval /= 50; - - bootlog("wanboot", BOOTLOG_VERBOSE, - "Reading %s file system (%ld kB)", - what, ramdisk_size / 1024); - } else { - bootlog("wanboot", BOOTLOG_VERBOSE, - "Continuing read of %s file system (%ld kB)", - what, ramdisk_size / 1024); - } - for (ret = 0; ret == 0 && *offset < ramdisk_size; - *offset += len, addr += len) { - nleft = ramdisk_size - *offset; - - if (nleft > sizeof (buffer)) - nleft = sizeof (buffer); - - len = http_read_body(handle, addr, nleft); - if (len <= 0) { - print_errors("http_read_body", handle); - /* - * In the case of a partial failure, http_read_body() - * returns into 'len', 1 - the number of bytes read. - * So, a -65 means 64 bytes read and an error occurred. - */ - if (len != 0) { - len = -(len + 1); - } - ret = 1; - } - if (sha != NULL) { - HMACUpdate(sha, (uchar_t *)addr, (size_t)len); - } - if (bootlog_progress == bootlog_message_interval) { - bootlog("wanboot", BOOTLOG_PROGRESS, - "%s: Read %ld of %ld kB (%ld%%)", what, - *offset / 1024, ramdisk_size / 1024, - *offset * 100 / ramdisk_size); - bootlog_progress = 0; - } else { - bootlog_progress++; - } - } - if (ret == 0) { - bootlog("wanboot", BOOTLOG_PROGRESS, - "%s: Read %ld of %ld kB (%ld%%)", what, - *offset / 1024, ramdisk_size / 1024, - *offset * 100 / ramdisk_size); - bootlog("wanboot", BOOTLOG_INFO, "%s: Download complete", what); - } - return (ret); -} - -/* - * This routine is called with a bootinfo parameter name. If the parameter - * has a value it should be a URL, and this will be used to initialize the - * http_url structure. - * - * Returns: - * -1 = Non-recoverable error - * 0 = Success - * 1 = DHCP option not set - */ -static int -get_url(char *name, url_t *url) -{ - char buf[URL_MAX_STRLEN]; - size_t len; - int ret; - - bzero(buf, sizeof (buf)); - len = sizeof (buf) - 1; - if (bootinfo_get(name, buf, &len, NULL) != BI_E_SUCCESS || len == 0) { - return (1); - } - - /* - * Parse the URL. - */ - ret = url_parse(buf, url); - if (ret != URL_PARSE_SUCCESS) { - bootlog("wanboot", BOOTLOG_CRIT, - "Unable to parse URL %s", buf); - return (-1); - } - - return (0); -} - -/* - * This routine initiates an HTTP request and returns a handle so that - * the caller can process the response. - * - * Notes: - * Requests may be either secure or not. If the request is secure, then - * this routine assumes that a wanboot file system exists and - * uses its contents to provide the HTTP library with the information - * that will be required by SSL. - * - * In order to facilitate transmission retries, this routine supports - * range requests. A caller may request a range by providing a non-zero - * offset. In which case, a range request is made that ranges from the - * offet to the end of the file. - * - * If the client is configured to use an HTTP proxy, then this routine - * will make the HTTP library aware of the proxy. - * - * Any HTTP errors encountered in downloading or processing the message - * are not deemed unrecoverable errors. The caller can simply try the - * request once again. - * - * Returns: - * -1 = Non-recoverable error - * 0 = Success - * 1 = HTTP download error - */ -static int -establish_http_connection(const char *what, http_handle_t *handlep, - url_t *url, offset_t offset) -{ - static boolean_t is_auth_file_init = B_FALSE; - static boolean_t is_proxy_init = B_FALSE; - static boolean_t proxy_exists = B_FALSE; - static url_hport_t proxy_hp; - http_respinfo_t *resp; - char buf[URL_MAX_STRLEN]; - size_t len = sizeof (buf) - 1; - int ret; - - /* Check for HTTP proxy */ - if (!is_proxy_init && - bootinfo_get(BI_HTTP_PROXY, buf, &len, NULL) == BI_E_SUCCESS && - strlen(buf) > 0) { - /* - * Parse the hostport. - */ - ret = url_parse_hostport(buf, &proxy_hp, URL_DFLT_PROXY_PORT); - if (ret == URL_PARSE_SUCCESS) { - proxy_exists = B_TRUE; - } else { - bootlog("wanboot", BOOTLOG_CRIT, - "%s is not set to a valid hostport value", - BI_HTTP_PROXY); - return (-1); - } - is_proxy_init = B_TRUE; - } - - http_set_p12_format(use_p12); - - /* - * Initialize the handle that will be used for the request. - */ - *handlep = http_srv_init(url); - if (*handlep == NULL) { - print_errors("http_srv_init", NULL); - return (-1); - } - - /* - * Is the request a secure one? If it is, then we need to do further - * setup. Search the wanboot file system for files that will be - * needed by SSL. - */ - if (url->https) { - char *cas; - boolean_t client_authentication = B_FALSE; - - if (http_set_random_file(*handlep, "/dev/urandom") < 0) { - print_errors("http_set_random_file", *handlep); - (void) http_srv_close(*handlep); - return (-1); - } - - /* - * We only need to initialize the CA once as it is not handle - * specific. - */ - if (!is_auth_file_init) { - if (http_set_certificate_authority_file(NB_CA_CERT_PATH) - < 0) { - print_errors( - "http_set_certificate_authority_file", - *handlep); - (void) http_srv_close(*handlep); - return (-1); - } - - is_auth_file_init = B_TRUE; - } - - /* - * The client certificate and key will not exist unless - * client authentication has been configured. If it is - * configured then the webserver will have added these - * files to the wanboot file system and the HTTP library - * needs to be made aware of their existence. - */ - if ((cas = bootconf_get(&bc_handle, - BC_CLIENT_AUTHENTICATION)) != NULL && - strcmp(cas, "yes") == 0) { - client_authentication = B_TRUE; - - if (http_set_client_certificate_file(*handlep, - NB_CLIENT_CERT_PATH) < 0) { - print_errors("http_set_client_certificate_file", - *handlep); - (void) http_srv_close(*handlep); - return (-1); - } - - if (http_set_private_key_file(*handlep, - NB_CLIENT_KEY_PATH) < 0) { - print_errors("http_set_private_key_file", - *handlep); - (void) http_srv_close(*handlep); - return (-1); - } - } - - /* - * We do not really need to set this unless client - * authentication is configured or unless pkcs12 files - * are used. - */ - if ((client_authentication || use_p12) && - http_set_password(*handlep, WANBOOT_PASSPHRASE) < 0) { - print_errors("http_set_password", *handlep); - (void) http_srv_close(*handlep); - return (-1); - } - } - - /* - * If the client is using a proxy, tell the library. - */ - if (proxy_exists) { - if (http_set_proxy(*handlep, &proxy_hp) != 0) { - print_errors("http_set_proxy", *handlep); - (void) http_srv_close(*handlep); - return (-1); - } - } - - (void) http_set_socket_read_timeout(*handlep, SOCKET_READ_TIMEOUT); - - /* - * Ok, connect to the webserver. - */ - if (http_srv_connect(*handlep) == -1) { - print_errors("http_srv_connect", *handlep); - (void) http_srv_close(*handlep); - return (1); - } - - /* - * If the offset is 0, then we assume that we want the entire - * message. If the offset is not 0, then we assume that we are - * retrying a previously interrupted transfer and thus we make - * a range request. - */ - if (offset == 0) { - if ((ret = http_get_request(*handlep, url->abspath)) == 0) { - bootlog("wanboot", BOOTLOG_VERBOSE, - "%s: http_get_request: sent", what); - } else { - print_errors("http_get_request", *handlep); - (void) http_srv_close(*handlep); - return (1); - } - } else { - if ((ret = http_get_range_request(*handlep, url->abspath, - offset, 0)) == 0) { - bootlog("wanboot", BOOTLOG_VERBOSE, - "%s: http_get_range_request: sent", what); - } else { - print_errors("http_get_range_request", *handlep); - (void) http_srv_close(*handlep); - return (1); - } - } - - /* - * Tell the library to read in the response headers. - */ - ret = http_process_headers(*handlep, &resp); - if (ret == -1) { - print_errors("http_process_headers", *handlep); - (void) http_srv_close(*handlep); - return (1); - } - - /* - * Check for a valid response code. - */ - if ((offset == 0 && resp->code != 200) || - (offset != 0 && resp->code != 206)) { - bootlog("wanboot", BOOTLOG_ALERT, - "%s: Request returned code %d", what, resp->code); - if (resp->statusmsg != NULL && resp->statusmsg[0] != '\0') - bootlog("wanboot", BOOTLOG_ALERT, - "%s", resp->statusmsg); - http_free_respinfo(resp); - (void) http_srv_close(*handlep); - return (1); - } - http_free_respinfo(resp); - - /* - * Success. - */ - return (0); -} - -/* - * This routine is called by get_miniinfo() to receive the reply - * to the request for the miniroot metadata. The reply is a two - * part multipart message. The first part of the message contains - * the miniroot file size. The second part of the message contains - * a hash digest of the miniroot as computed by the server. This - * routine receives both message parts and returns them to the caller. - * - * Notes: - * If the miniroot is going to be downloaded securely or if the - * the server has no hash key for the client, then the hash digest - * downloaded contains all zeros. - * - * Any HTTP errors encountered in downloading or processing the message - * are not deemed unrecoverable errors. That is, get_miniinfo() - * tries re-requesting the message and tries processing it again. - * - * Returns: - * -1 = Non-recoverable error - * 0 = Success - * 1 = HTTP download error - */ -static int -process_miniinfo(http_handle_t handle, size_t *mini_size, - unsigned char *sdigest) -{ - char *lenstr; - size_t cnt; - - /* - * Process the file size header. - */ - if (http_process_part_headers(handle, NULL) != 0) { - print_errors("http_process_part_headers", handle); - return (1); - } - lenstr = http_get_header_value(handle, CONTENT_LENGTH); - if (lenstr == NULL) { - bootlog("wanboot", BOOTLOG_ALERT, "%s: error getting length " - "of first part of multipart message", MINIINFO); - return (1); - } - cnt = (size_t)strtol(lenstr, NULL, 10); - free(lenstr); - if (cnt == 0 || cnt >= sizeof (buffer)) { - bootlog("wanboot", BOOTLOG_ALERT, "%s: length of first part " - "of multipart message not a legal size", MINIINFO); - return (1); - } - - if (read_bytes(handle, buffer, cnt) != 0) { - bootlog("wanboot", BOOTLOG_ALERT, - "%s: error reading miniroot size", MINIINFO); - return (1); - } - buffer[cnt] = '\0'; - - *mini_size = (size_t)strtol(buffer, NULL, 10); - if (*mini_size == 0) { - bootlog("wanboot", BOOTLOG_ALERT, "%s: body of first part " - "of multipart message not a legal size", MINIINFO); - return (1); - } - - return (read_digest(MINIINFO, handle, sdigest)); -} - -/* - * This routine is called by get_miniroot() to retrieve the miniroot - * metadata (miniroot size and a hash digest). This routine sends an - * HTTP GET request to the webserver to request the download of the - * miniroot metadata and relies on process_miniinfo() to receive the - * reply, process it and ultimately return to it the miniroot size and - * the hash digest. - * - * Note: - * Any HTTP errors encountered in downloading or processing the message - * are not deemed unrecoverable errors. That is, get_miniinfo() should - * try re-requesting the message and try processing again. - * - * Returns: - * -1 = Non-recoverable error - * 0 = Success - */ -int -get_miniinfo(const url_t *server_url, size_t *mini_size, - unsigned char *sdigest) -{ - http_handle_t handle; - url_t req_url; - int retry_cnt = 0; - int retry_max = WANBOOT_RETRY_MAX; - int ret; - - /* - * Build the URL to request the miniroot info. - */ - if (build_request_url(&req_url, URLtype_miniroot, server_url) == -1) { - bootlog("wanboot", BOOTLOG_CRIT, - "Can't build the URL to make the %s request", - CGIcontent(URLtype_miniroot)); - return (-1); - } - - /* - * Go get the miniroot info. If we fail reading the - * response we re-request the info in its entirety. - */ - bootlog("wanboot", BOOTLOG_VERBOSE, "Downloading miniroot info"); - - do { - if ((ret = establish_http_connection(MINIINFO, &handle, - &req_url, 0)) < 0) { - break; - } else if (ret > 0) { - if (wanboot_retry(++retry_cnt, retry_max)) { - continue; - } else { - break; - } - } - - if ((ret = process_miniinfo(handle, mini_size, - sdigest)) > 0) { - if (!wanboot_retry(++retry_cnt, retry_max)) { - (void) http_srv_close(handle); - break; - } - } - - (void) http_srv_close(handle); - - } while (ret > 0); - - /* - * Success. - */ - if (ret == 0) { - bootlog("wanboot", BOOTLOG_VERBOSE, - "Miniroot info download successful"); - return (0); - } else { - bootlog("wanboot", BOOTLOG_CRIT, - "Miniroot info download aborted"); - return (-1); - } -} - -/* - * This routine is called by get_miniroot() to receive the reply to - * the request for the miniroot download. The miniroot is written - * to ramdisk as it is received and a hash digest is optionally computed - * as it does so. The miniroot is downloaded as one large message. - * Because the message is so large, this routine is prepared to deal - * with errors in the middle of download. If an error occurs during - * download, then this message processes all received data up to the - * point of the error and returns to get_miniroot() an error signifying - * that a download error has occurred. Presumably, get_miniroot() - * re-requests the remaining part of the miniroot not yet processed and - * calls this routine back to process the reply. When this routine - * returns succesfully, it returns a devpath to the ramdisk and the - * computed hash (if computed). - * - * Note: - * In order to facilitate reentry, the ramdisk is left open - * and the original miniroot_size and HMAC handle are kept - * static. - * - * Returns: - * -1 = Non-recoverable error - * 0 = Success - * 1 = HTTP download error - */ -static int -process_miniroot(http_handle_t handle, hash_type_t htype, - size_t length, char **devpath, off_t *offset, unsigned char *cdigest) -{ - static SHA1_CTX sha; - static size_t miniroot_size; - static caddr_t miniroot_vaddr = NULL; - int ret; - - if (miniroot_vaddr == NULL) { - if (htype == HASH_HMAC_SHA1) { - bootlog("wanboot", BOOTLOG_INFO, - "%s: Authentication will use HMAC-SHA1", MINIROOT); - HMACInit(&sha, g_hash_key, WANBOOT_HMAC_KEY_SIZE); - } - - miniroot_size = length; - - miniroot_vaddr = create_ramdisk(RD_ROOTFS, miniroot_size, - devpath); - } - - miniroot_vaddr += *offset; - - if ((ret = write_msg_to_ramdisk(MINIROOT, miniroot_vaddr, handle, - miniroot_size, offset, (htype == HASH_NONE) ? NULL : &sha)) != 0) { - return (ret); - } - - if (htype != HASH_NONE) { - HMACFinal(&sha, g_hash_key, WANBOOT_HMAC_KEY_SIZE, cdigest); - } - - return (0); -} - -/* - * This routine retrieves the miniroot from the webserver. The miniroot - * is retrieved in two steps. First a request is made to the server - * to retrieve miniroot metadata (miniroot size and a hash digest). - * The second request actually results in the download of the miniroot. - * - * This routine relies on get_miniinfo() to make and process - * the request for the miniroot metadata and returns the - * miniroot size and the hash digest of the miniroot as computed by - * the server. - * - * If get_miniinfo() returns successfully, then this routine sends - * an HTTP GET request to the webserver to request download of the - * miniroot. This routine relies on process_miniroot() to receive - * the reply, process it and ultimately return to it a device path to - * a ramdisk containing the miniroot and a client computed hash digest. - * This routine verifies that the client computed hash digest matches - * the one retrieved by get_miniinfo(). - * - * If an error occurs in the transfer of the miniroot from the server - * to the client, then the client re-requests the download of the - * miniroot using a range request and only requests the part of the - * miniroot not previously downloaded and written to ramdisk. The - * process_miniroot() routine has the intelligence to recognize that - * it is processing a range request. Errors not related to the actual - * message download are deemed unrecoverable. - * - * Note: - * If the client request for the miniroot is a secure request or - * if the server is not configured with a hash key for the client, - * then the hash digest downloaded from the server will contain - * all zeros. This routine verifies that the server and client are - * in-sync with respect to the need for hash verification. - * - * Returns: - * -1 = Non-recoverable error - * 0 = Success - */ -int -get_miniroot(char **devpath) -{ - http_handle_t handle; - unsigned char cdigest[HMAC_DIGEST_LEN]; - unsigned char sdigest[HMAC_DIGEST_LEN]; - char *urlstr; - url_t server_url; - size_t mini_size; - off_t offset; - int plen; - int retry_cnt = 0; - int retry_max = WANBOOT_RETRY_ROOT_MAX; - int ret; - - /* - * Get the miniroot URL. - */ - if ((urlstr = bootconf_get(&bc_handle, BC_ROOT_SERVER)) == NULL) { - bootlog("wanboot", BOOTLOG_CRIT, - "Missing root_server URL"); - return (-1); - } else if (url_parse(urlstr, &server_url) != URL_PARSE_SUCCESS) { - bootlog("wanboot", BOOTLOG_CRIT, - "Unable to parse URL %s", urlstr); - return (-1); - } - - /* - * We must get the miniroot info before we can request - * the miniroot itself. - */ - if (get_miniinfo(&server_url, &mini_size, sdigest) != 0) { - return (-1); - } - - plen = sizeof (server_url.abspath); - if ((urlstr = bootconf_get(&bc_handle, BC_ROOT_FILE)) == NULL || - strlcpy(server_url.abspath, urlstr, plen) >= plen) { - bootlog("wanboot", BOOTLOG_CRIT, - "Cannot retrieve the miniroot path"); - return (-1); - } - - /* - * Go get the miniroot. If we fail reading the response - * then we re-request only the range we have yet to read, - * unless the error was "unrecoverable" in which case we - * re-request the entire file system. - */ - bootlog("wanboot", BOOTLOG_VERBOSE, "Downloading miniroot"); - - bzero(cdigest, sizeof (cdigest)); - offset = 0; - do { - if ((ret = establish_http_connection(MINIROOT, &handle, - &server_url, offset)) < 0) { - break; - } else if (ret > 0) { - if (wanboot_retry(++retry_cnt, retry_max)) { - continue; - } else { - break; - } - } - - if ((ret = process_miniroot(handle, - server_url.https ? HASH_NONE : hash_type, - mini_size, devpath, &offset, cdigest)) > 0) { - if (!wanboot_retry(++retry_cnt, retry_max)) { - (void) http_srv_close(handle); - break; - } - } - - (void) http_srv_close(handle); - - } while (ret > 0); - - /* - * Validate the computed digest against the one received. - */ - if (ret != 0 || !verify_digests(MINIROOT, cdigest, sdigest)) { - bootlog("wanboot", BOOTLOG_CRIT, - "Miniroot download aborted"); - return (-1); - } - - bootlog("wanboot", BOOTLOG_VERBOSE, "Miniroot download successful"); - return (0); -} - -/* - * This routine is called to finish the decryption process. - * Its purpose is to free the resources allocated by the - * encryption init routines. - */ -static void -encr_fini(encr_type_t etype, void *eh) -{ - switch (etype) { - case ENCR_3DES: - des3_fini(eh); - break; - case ENCR_AES: - aes_fini(eh); - break; - default: - break; - } -} - -/* - * This routine is called by process_wanbootfs() to decrypt the encrypted - * file system from ramdisk in place. The method of decryption - * (algorithm) will have already been determined by process_wanbootfs() - * and the cbc_handle passed to this routine will already have been - * initialized appropriately. - * - * Returns: - * -1 = Non-recoverable error - * 0 = Success - */ -static int -decrypt_wanbootfs(caddr_t addr, cbc_handle_t *ch, uint8_t *iv, - size_t wanbootfs_size) -{ - if (!cbc_decrypt(ch, (uint8_t *)addr, wanbootfs_size, iv)) { - bootlog("wanboot", BOOTLOG_CRIT, - "%s: cbc decrypt error", WANBOOTFS); - return (-1); - } - return (0); -} - -/* - * This routine is called by get_wanbootfs() to receive the reply to - * the request for the wanboot file system. The reply is a multipart message. - * The first part of the message is the file system (which may or may - * not be encrypted). If encrypted, then the first block of the message - * part is the CBC IV value used by the server to encrypt the remaining - * part of the message part and is used by the client to decrypt it. The - * second message part is a hash digest of the first part (the file - * system) as computed by the server. If no hash key is configured - * for the client, then the hash digest simply contains all zeros. This - * routine receives both message parts. The file system is written to ramdisk - * as it is received and simultaneously computes a hash digest (if a hash - * key exists). Once the entire part is received, if the file system is - * encrypted, it is read from ramdisk, decrypted and rewritten back to - * ramdisk. The server computed hash digest is then read and along with the - * ramdisk device path and the client computed hash digest is returned to the - * caller. - * - * Notes: - * In order to decrypt the file system and to compute the client - * hash digest, an encryption key and a hash key is retrieved from - * the PROM (or the wanboot interpreter). The non-existence of these - * keys has implications on how the message response is processed and - * it is assumed that the server is configured identically. - * - * Any HTTP errors encountered in downloading or processing the message - * are not deemed unrecoverable errors. That is, get_wanbootfs() will - * try re-requesting the message and will try processing it again. - * - * Returns: - * -1 = Non-recoverable error - * 0 = Success - * 1 = HTTP download error - */ -static int -process_wanbootfs(http_handle_t handle, char **devpath, - unsigned char *cdigest, unsigned char *sdigest) -{ - /* iv[] must be sized to store the largest possible encryption block */ - uint8_t iv[WANBOOT_MAXBLOCKLEN]; - cbc_handle_t ch; - void *eh; - SHA1_CTX sha; - char *lenstr; - size_t wanbootfs_size; - size_t block_size; - off_t offset; - static caddr_t bootfs_vaddr = NULL; - int ret; - - switch (hash_type) { - case HASH_HMAC_SHA1: - bootlog("wanboot", BOOTLOG_INFO, - "%s: Authentication will use HMAC-SHA1", WANBOOTFS); - HMACInit(&sha, g_hash_key, WANBOOT_HMAC_KEY_SIZE); - break; - case HASH_NONE: - break; - default: - bootlog("wanboot", BOOTLOG_CRIT, - "%s: unrecognized hash type", WANBOOTFS); - return (-1); - } - - switch (encr_type) { - case ENCR_3DES: - bootlog("wanboot", - BOOTLOG_INFO, "%s: Decryption will use 3DES", WANBOOTFS); - if (des3_init(&eh) != 0) { - return (-1); - } - block_size = DES3_BLOCK_SIZE; - des3_key(eh, g_encr_key); - cbc_makehandle(&ch, eh, DES3_KEY_SIZE, block_size, - DES3_IV_SIZE, des3_encrypt, des3_decrypt); - - break; - case ENCR_AES: - bootlog("wanboot", - BOOTLOG_INFO, "%s: Decryption will use AES", WANBOOTFS); - if (aes_init(&eh) != 0) { - return (-1); - } - block_size = AES_BLOCK_SIZE; - aes_key(eh, g_encr_key, AES_128_KEY_SIZE); - cbc_makehandle(&ch, eh, AES_128_KEY_SIZE, block_size, - AES_IV_SIZE, aes_encrypt, aes_decrypt); - break; - case ENCR_NONE: - break; - default: - bootlog("wanboot", BOOTLOG_CRIT, - "%s: unrecognized encryption type", WANBOOTFS); - return (-1); - } - - /* - * Process the header. - */ - if (http_process_part_headers(handle, NULL) != 0) { - print_errors("http_process_part_headers", handle); - return (1); - } - lenstr = http_get_header_value(handle, CONTENT_LENGTH); - if (lenstr == NULL) { - bootlog("wanboot", BOOTLOG_ALERT, "%s: error getting length " - "of first part of multipart message", WANBOOTFS); - return (1); - } - wanbootfs_size = (size_t)strtol(lenstr, NULL, 10); - free(lenstr); - if (wanbootfs_size == 0) { - bootlog("wanboot", BOOTLOG_ALERT, "%s: length of first part " - "of multipart message not a legal size", WANBOOTFS); - return (1); - } - - /* - * If encrypted, then read the iv. - */ - if (encr_type != ENCR_NONE) { - if (read_bytes(handle, (char *)iv, block_size) != 0) { - bootlog("wanboot", BOOTLOG_ALERT, - "%s: error reading hash iv", WANBOOTFS); - return (1); - } - wanbootfs_size -= block_size; - if (hash_type != HASH_NONE) { - HMACUpdate(&sha, (uchar_t *)iv, block_size); - } - } - - /* - * We can only create the ramdisk once. So, if we've - * already created it, then it means we've re-entered - * this routine from an earlier partial failure. Use - * the already existing ramdisk and seek back to the - * beginning of the file. - */ - if (bootfs_vaddr == NULL) { - bootfs_vaddr = create_ramdisk(RD_BOOTFS, wanbootfs_size, - devpath); - } - - offset = 0; - - if ((ret = write_msg_to_ramdisk(WANBOOTFS, bootfs_vaddr, handle, - wanbootfs_size, &offset, (hash_type == HASH_NONE) ? NULL : &sha)) - != 0) { - return (ret); - } - - if (hash_type != HASH_NONE) { - HMACFinal(&sha, g_hash_key, WANBOOT_HMAC_KEY_SIZE, cdigest); - } - - /* - * If encrypted, then decrypt it. - */ - if (encr_type != ENCR_NONE) { - ret = decrypt_wanbootfs(bootfs_vaddr, &ch, iv, wanbootfs_size); - if (ret != 0) { - encr_fini(encr_type, eh); - return (-1); - } - encr_fini(encr_type, eh); - } - - return (read_digest(WANBOOTFS, handle, sdigest)); -} - -/* - * This routine sends an HTTP GET request to the webserver to - * request the wanboot file system for the client. The server - * will reply by sending a multipart message. This routine will rely - * on process_wanbootfs() to receive the multipart message, process it - * and ultimately return to it a device path to a ramdisk containing - * the wanboot file system, a client computed hash digest and a - * server computed hash digest. This routine will verify that the - * client computed hash digest matches the one sent by the server. This - * routine will also verify that the nonce received in the reply matches - * the one sent in the request. - * - * If an error occurs in the transfer of the message from the server - * to the client, then the client re-requests the download in its - * entirety. Errors not related to the actual message download are - * deemed unrecoverable. - * - * Returns: - * -1 = Non-recoverable error - * 0 = Success - */ -int -get_wanbootfs(const url_t *server_url) -{ - http_handle_t handle; - unsigned char cdigest[HMAC_DIGEST_LEN]; - unsigned char sdigest[HMAC_DIGEST_LEN]; - url_t req_url; - char *devpath; - int ret; - int fd; - char buf[NONCELEN + 1]; - int retry_cnt = 0; - int retry_max = WANBOOT_RETRY_MAX; - - /* - * Build the URL to request the wanboot file system. This URL - * will include the CGI script name and the IP, CID, and - * NONCE parameters. - */ - if (build_request_url(&req_url, URLtype_wanbootfs, server_url) == -1) { - bootlog("wanboot", BOOTLOG_CRIT, - "Can't build the URL to make the %s request", - CGIcontent(URLtype_wanbootfs)); - return (-1); - } - - /* - * Go get the wanboot file system. If we fail reading the - * response we re-request the entire file system. - */ - bootlog("wanboot", BOOTLOG_VERBOSE, "Downloading wanboot file system"); - - bzero(cdigest, sizeof (cdigest)); - do { - if ((ret = establish_http_connection(WANBOOTFS, &handle, - &req_url, 0)) < 0) { - break; - } else if (ret > 0) { - if (wanboot_retry(++retry_cnt, retry_max)) { - continue; - } else { - break; - } - } - - if ((ret = process_wanbootfs(handle, &devpath, - cdigest, sdigest)) > 0) { - if (!wanboot_retry(++retry_cnt, retry_max)) { - (void) http_srv_close(handle); - break; - } - } - - (void) http_srv_close(handle); - - } while (ret > 0); - - /* - * Validate the computed digest against the one received. - */ - if (ret != 0 || - !verify_digests(WANBOOTFS, cdigest, sdigest)) { - bootlog("wanboot", BOOTLOG_CRIT, - "The wanboot file system download aborted"); - return (-1); - } - - /* - * Mount the wanboot file system. - */ - if (determine_fstype_and_mountroot(devpath) != VFS_SUCCESS) { - bootlog("wanboot", BOOTLOG_CRIT, - "Could not mount the wanboot filesystem."); - bootlog("wanboot", BOOTLOG_CRIT, - "This may signify a client/server key mismatch"); - if (encr_type != ENCR_NONE) { - bootlog("wanboot", BOOTLOG_CRIT, - "(client has key but wrong encryption_type?)"); - } else { - bootlog("wanboot", BOOTLOG_CRIT, - "(encryption_type specified but no client key?)"); - } - return (-1); - } - bootlog("wanboot", BOOTLOG_VERBOSE, - "The wanboot file system has been mounted"); - - /* - * The wanboot file system should contain a nonce. Read it - * and compare it against the nonce sent in the request. - */ - if ((fd = open(WANBOOTFS_NONCE_FILE, O_RDONLY)) == -1) { - bootlog("wanboot", BOOTLOG_CRIT, - "No nonce found in the wanboot file system"); - bootlog("wanboot", BOOTLOG_CRIT, - "The wanboot file system download aborted"); - return (-1); - } - - if (read(fd, buf, NONCELEN) != NONCELEN || - bcmp(nonce, buf, NONCELEN) != 0) { - (void) close(fd); - bootlog("wanboot", BOOTLOG_CRIT, - "Invalid nonce found in the wanboot file system"); - bootlog("wanboot", BOOTLOG_CRIT, - "The wanboot file system download aborted"); - return (-1); - } - - (void) close(fd); - - bootlog("wanboot", BOOTLOG_VERBOSE, - "The wanboot file system download was successful"); - return (0); -} - -static boolean_t -init_netdev(char *bpath) -{ - pnode_t anode; - int proplen; - char netalias[OBP_MAXPATHLEN]; - static char devpath[OBP_MAXPATHLEN]; - char *p; - - bzero(netalias, sizeof (netalias)); - bzero(devpath, sizeof (devpath)); - - /* - * Wanboot will either have loaded over the network (in which case - * bpath will name a network device), or from CD-ROM or disk. In - * either case ensure that the 'net' alias corresponds to a network - * device, and that if a network boot was performed that it is - * identical to bpath. This is so that the interface name can always - * be determined for CD-ROM or disk boots, and for manually-configured - * network boots. The latter restriction may be relaxed in the future. - */ - anode = prom_alias_node(); - if ((proplen = prom_getproplen(anode, "net")) <= 0 || - proplen > sizeof (netalias)) { - goto error; - } - (void) prom_getprop(anode, "net", (caddr_t)netalias); - - /* - * Strip boot arguments from the net device to form - * the boot device path, returned as netdev_path. - */ - if (strlcpy(devpath, netalias, sizeof (devpath)) >= sizeof (devpath)) - goto error; - if ((p = strchr(devpath, ':')) != NULL) { - *p = '\0'; - } - - if (!is_netdev(netalias)) { - bootlog("wanboot", BOOTLOG_CRIT, "'net'=%s\n", netalias); - goto error; - } - - if (is_netdev(bpath)) { - /* - * If bpath is a network device path, then v2path - * will be a copy of this sans device arguments. - */ - if (strcmp(v2path, devpath) != 0) { - bootlog("wanboot", BOOTLOG_CRIT, - "'net'=%s\n", netalias); - bootlog("wanboot", BOOTLOG_CRIT, - "wanboot requires that the 'net' alias refers to "); - bootlog("wanboot", BOOTLOG_CRIT, - "the network device path from which it loaded"); - return (B_FALSE); - } - } else { - bpath = netalias; - } - - /* - * Configure the network and return the network device. - */ - bootlog("wanboot", BOOTLOG_INFO, "configuring %s\n", bpath); - netdev_path = devpath; - mac_init(bpath); - return (B_TRUE); - -error: - /* - * If we haven't established a device path for a network interface, - * then we're doomed. - */ - bootlog("wanboot", BOOTLOG_CRIT, - "No network device available for wanboot!"); - bootlog("wanboot", BOOTLOG_CRIT, - "(Ensure that the 'net' alias is set correctly)"); - return (B_FALSE); -} - -/* - * This implementation of bootprog() is used solely by wanboot. - * - * The basic algorithm is as follows: - * - * - The wanboot options (those specified using the "-o" flag) are processed, - * and if necessary the wanboot interpreter is invoked to collect other - * options. - * - * - The wanboot filesystem (containing certificates, wanboot.conf file, etc.) - * is then downloaded into the bootfs ramdisk, which is mounted for use - * by OpenSSL, access to wanboot.conf, etc. - * - * - The wanboot miniroot is downloaded over http/https into the rootfs - * ramdisk. The bootfs filesystem is unmounted, and the rootfs filesystem - * is booted. - */ -/*ARGSUSED*/ -int -bootprog(char *bpath, char *bargs, boolean_t user_specified_filename) -{ - char *miniroot_path; - url_t server_url; - int ret; - - if (!init_netdev(bpath)) { - return (-1); - } - - if (!bootinfo_init()) { - bootlog("wanboot", BOOTLOG_CRIT, "Cannot initialize bootinfo"); - return (-1); - } - - /* - * Get default values from PROM, etc., process any boot arguments - * (specified with the "-o" option), and initialize the interface. - */ - if (!wanboot_init_interface(wanboot_arguments)) { - return (-1); - } - - /* - * Determine which encryption and hashing algorithms the client - * is configured to use. - */ - init_encryption(); - init_hashing(); - - /* - * Get the bootserver value. Should be of the form: - * http://host[:port]/abspath. - */ - ret = get_url(BI_BOOTSERVER, &server_url); - if (ret != 0) { - bootlog("wanboot", BOOTLOG_CRIT, - "Unable to retrieve the bootserver URL"); - return (-1); - } - - /* - * Get the wanboot file system and mount it. Contains metdata - * needed by wanboot. - */ - if (get_wanbootfs(&server_url) != 0) { - return (-1); - } - - /* - * Check that there is a valid wanboot.conf file in the wanboot - * file system. - */ - if (bootconf_init(&bc_handle, NULL) != BC_E_NOERROR) { - bootlog("wanboot", BOOTLOG_CRIT, - "wanboot.conf error (code=%d)", bc_handle.bc_error_code); - return (-1); - } - - /* - * Set the time - */ - init_boot_time(); - - /* - * Verify that URLs in wanboot.conf can be reached, etc. - */ - if (!wanboot_verify_config()) { - return (-1); - } - - /* - * Retrieve the miniroot. - */ - if (get_miniroot(&miniroot_path) != 0) { - return (-1); - } - - /* - * We don't need the wanboot file system mounted anymore and - * should unmount it so that we can mount the miniroot. - */ - (void) unmountroot(); - - boot_ramdisk(RD_ROOTFS); - - return (0); -} diff --git a/usr/src/psm/stand/boot/sparc/common/wbcli.c b/usr/src/psm/stand/boot/sparc/common/wbcli.c deleted file mode 100644 index 07667701ce..0000000000 --- a/usr/src/psm/stand/boot/sparc/common/wbcli.c +++ /dev/null @@ -1,1416 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2007 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/salib.h> -#include <sys/promif.h> -#include <sys/wanboot_impl.h> -#include <netinet/in.h> -#include <parseURL.h> -#include <bootlog.h> -#include <sys/socket.h> -#include <netinet/inetutil.h> -#include <netinet/dhcp.h> -#include <dhcp_impl.h> -#include <lib/inet/mac.h> -#include <lib/inet/ipv4.h> -#include <lib/inet/dhcpv4.h> -#include <lib/sock/sock_test.h> -#include <sys/sunos_dhcp_class.h> -#include <aes.h> -#include <des3.h> -#include <hmac_sha1.h> -#include <netdb.h> -#include <wanboot_conf.h> -#include <bootinfo.h> - -#include "wbcli.h" - -#define skipspace(p) while (isspace(*(p))) ++p - -#define skiptext(p) while (*(p) != '\0' && !isspace(*(p)) && \ - *(p) != '=' && *(p) != ',') ++p - -#define PROMPT "boot> " -#define TEST_PROMPT "boot-test> " - -#define CLI_SET 0 -#define CLI_FAIL (-1) -#define CLI_EXIT (-2) -#define CLI_CONT (-3) - -#define CLF_CMD 0x00000001 /* builtin command */ -#define CLF_ARG 0x00000002 /* boot argument directive */ - -#define CLF_IF 0x00000100 /* interface parameter */ -#define CLF_BM 0x00000200 /* bootmisc parameter */ - -#define CLF_VALSET 0x00010000 /* value set, may be null */ -#define CLF_HIDDEN 0x00020000 /* don't show its value (key) */ -#define CLF_VALMOD 0x00040000 /* value modified by the user */ - -/* - * Macros for use in managing the flags in the cli_list[]. - * The conventions we follow are: - * - * CLF_VALSET is cleared if a value is removed from varptr - * CLF_VALSET is set if a value has been placed in varptr - * (that value need not be vetted) - * CLF_HIDDEN is set if a value must not be exposed to the user - * CLF_HIDDEN is cleared if a value can be exposed to the user - * CLF_VALMOD is cleared if a value in varptr has not been modified - * CLF_VALMOD is set if a value in varptr has been modified by - * the user - */ -#ifdef DEBUG -#define CLF_SETVAL(var) { \ - (((var)->flags) |= CLF_VALSET); \ - printf("set %s\n", var->varname);\ - } - -#define CLF_ISSET(var) (printf("%s\n", \ - (((var)->flags) & CLF_VALSET) != 0 \ - ? "is set" : "not set"), \ - ((((var)->flags) & CLF_VALSET) != 0)) - -#define CLF_CLRHIDDEN(var) { \ - (((var)->flags) &= ~CLF_HIDDEN); \ - printf("unhide %s\n", var->varname); \ - } - -#define CLF_ISHIDDEN(var) (printf("%s\n", \ - (((var)->flags) & CLF_HIDDEN) != 0 \ - ? "is hidden" : "not hidden"), \ - ((((var)->flags) & CLF_HIDDEN) != 0)) - -#define CLF_MODVAL(var) { \ - (((var)->flags) |= \ - (CLF_VALMOD | CLF_VALSET)); \ - printf("modified %s\n", var->varname);\ - } - -#define CLF_ISMOD(var) (printf("%s\n", \ - (((var)->flags) & CLF_VALMOD) != 0 \ - ? "is set" : "not set"), \ - ((((var)->flags) & CLF_VALMOD) != 0)) -#else /* DEBUG */ - -#define CLF_SETVAL(var) (((var)->flags) |= CLF_VALSET) -#define CLF_ISSET(var) ((((var)->flags) & CLF_VALSET) != 0) -#define CLF_CLRHIDDEN(var) (((var)->flags) &= ~CLF_HIDDEN) -#define CLF_ISHIDDEN(var) ((((var)->flags) & CLF_HIDDEN) != 0) -#define CLF_MODVAL(var) (((var)->flags) |= (CLF_VALMOD | CLF_VALSET)) -#define CLF_ISMOD(var) ((((var)->flags) & CLF_VALMOD) != 0) - -#endif /* DEBUG */ - -/* - * The width of the widest varname below - currently "subnet_mask". - */ -#define VAR_MAXWIDTH strlen(BI_SUBNET_MASK) - -struct cli_ent; -typedef int claction_t(struct cli_ent *, char *, boolean_t); - -typedef struct cli_ent { - char *varname; - claction_t *action; - int flags; - void *varptr; - uint_t varlen; - uint_t varmax; -} cli_ent_t; - -static cli_ent_t *find_cli_ent(char *varstr); - -static char cmdbuf[2048]; /* interpreter buffer */ -static char hostip[INET_ADDRSTRLEN]; -static char subnet[INET_ADDRSTRLEN]; -static char router[INET_ADDRSTRLEN]; -static char hostname[MAXHOSTNAMELEN]; -static char httpproxy[INET_ADDRSTRLEN + 5]; /* a.b.c.d:p */ -static char bootserverURL[URL_MAX_STRLEN + 1]; -static unsigned char clientid[WB_MAX_CID_LEN]; -static unsigned char aeskey[AES_128_KEY_SIZE]; -static unsigned char des3key[DES3_KEY_SIZE]; -static unsigned char sha1key[WANBOOT_HMAC_KEY_SIZE]; -static boolean_t args_specified_prompt = B_FALSE; - -extern bc_handle_t bc_handle; -extern int getchar(void); - -static claction_t clcid, clkey, clip, clstr, clurl, clhp; -static claction_t clhelp, cllist, clprompt, cldhcp, cltest, clgo, clexit; - -static cli_ent_t cli_list[] = { - /* - * Commands/bootargs: - */ - { "test", cltest, CLF_ARG, - NULL, 0, 0 }, - { "dhcp", cldhcp, CLF_ARG, - NULL, 0, 0 }, - { "prompt", clprompt, CLF_CMD | CLF_ARG, - NULL, 0, 0 }, - { "list", cllist, CLF_CMD, - NULL, 0, 0 }, - { "help", clhelp, CLF_CMD, - NULL, 0, 0 }, - { "go", clgo, CLF_CMD, - NULL, 0, 0 }, - { "exit", clexit, CLF_CMD, - NULL, 0, 0 }, - - /* - * Interface: - */ - { BI_HOST_IP, clip, CLF_IF, - hostip, 0, sizeof (hostip) }, - { BI_SUBNET_MASK, clip, CLF_IF, - subnet, 0, sizeof (subnet) }, - { BI_ROUTER_IP, clip, CLF_IF, - router, 0, sizeof (router) }, - { BI_HOSTNAME, clstr, CLF_IF, - hostname, 0, sizeof (hostname) }, - { BI_HTTP_PROXY, clhp, CLF_IF, - httpproxy, 0, sizeof (httpproxy) }, - { BI_CLIENT_ID, clcid, CLF_IF, - clientid, 0, sizeof (clientid) }, - - /* - * Bootmisc: - */ - { BI_AES_KEY, clkey, CLF_BM | CLF_HIDDEN, - aeskey, 0, sizeof (aeskey) }, - { BI_3DES_KEY, clkey, CLF_BM | CLF_HIDDEN, - des3key, 0, sizeof (des3key) }, - { BI_SHA1_KEY, clkey, CLF_BM | CLF_HIDDEN, - sha1key, 0, sizeof (sha1key) }, - { BI_BOOTSERVER, clurl, CLF_BM, - bootserverURL, 0, sizeof (bootserverURL) }, -}; - -static int num_cli_ent = (sizeof (cli_list) / sizeof (cli_ent_t)); - -/* - * Fetch a line from the user, handling backspace appropriately. - */ -static int -editline(char *buf, int count) -{ - int i = 0; - char c; - - while (i < count - 1) { - c = getchar(); - if (c == '\n') { - break; - } else if (c == '\b') { - /* Clear for backspace. */ - if (i > 0) - i--; - continue; - } else { - buf[i++] = c; - } - } - buf[i] = '\0'; - return (i); -} - -/* - * Assign a client-id to cliptr, or output cliptr's value as a client-id. - * On assignment the value is specified in valstr, either in hexascii or - * as a quoted string; on output its value is printed in hexascii. - */ -static int -clcid(cli_ent_t *cliptr, char *valstr, boolean_t out) -{ - uint_t len, vmax; - boolean_t hexascii = B_TRUE; - char buffer[2 * WB_MAX_CID_LEN + 1]; - - if (out) { - len = cliptr->varlen * 2 + 1; - (void) octet_to_hexascii(cliptr->varptr, cliptr->varlen, - buffer, &len); - printf("%s", buffer); - return (CLI_CONT); - } else { - len = strlen(valstr); - vmax = cliptr->varmax - 1; /* space for the prefix */ - - /* - * Check whether the value is a quoted string; if so, strip - * the quotes and note that it's not in hexascii. - */ - if ((valstr[0] == '"' || valstr[0] == '\'') && - valstr[len-1] == valstr[0]) { - hexascii = B_FALSE; - ++valstr; - len -= 2; - valstr[len] = '\0'; - } else { - /* - * If the value contains any non-hex digits assume - * that it's not in hexascii. - */ - char *p; - - for (p = valstr; *p != '\0'; ++p) { - if (!isxdigit(*p)) { - hexascii = B_FALSE; - break; - } - } - } - - if (hexascii) { - if (len > vmax * 2 || - hexascii_to_octet(valstr, len, - (char *)(cliptr->varptr), &vmax) != 0) { - return (CLI_FAIL); - } - cliptr->varlen = vmax; - } else { - if (len > vmax) { - return (CLI_FAIL); - } - bcopy(valstr, cliptr->varptr, len); - cliptr->varlen = len; - } - - return (CLI_SET); - } -} - -/* - * Assign a key to cliptr, or output cliptr's value as a key. - * On assignment the value is specified in valstr in hexascii; - * on output its value is printed in hexascii, provided the key - * was entered at the interpreter (not obtained from OBP and - * thus hidden). - */ -static int -clkey(cli_ent_t *cliptr, char *valstr, boolean_t out) -{ - uint_t len, vmax; - - if (out) { - char buffer[2 * WANBOOT_MAXKEYLEN + 1]; - - if (!CLF_ISHIDDEN(cliptr)) { - len = cliptr->varlen * 2 + 1; - (void) octet_to_hexascii(cliptr->varptr, - cliptr->varlen, buffer, &len); - printf("%s", buffer); - } else { - printf("*HIDDEN*"); - } - return (CLI_CONT); - } else { - len = strlen(valstr); - vmax = cliptr->varmax; - if (len != vmax * 2 || hexascii_to_octet(valstr, len, - cliptr->varptr, &vmax) != 0) { - return (CLI_FAIL); - } - cliptr->varlen = vmax; - CLF_CLRHIDDEN(cliptr); - return (CLI_SET); - } -} - -/* - * Assign an IP address to cliptr, or output cliptr's value as an - * IP address. On assignment the value is specified in valstr in - * dotted-decimal format; on output its value is printed in dotted- - * decimal format. - */ -static int -clip(cli_ent_t *cliptr, char *valstr, boolean_t out) -{ - uint_t len; - - if (out) { - printf("%s", (char *)cliptr->varptr); - return (CLI_CONT); - } - - if (inet_addr(valstr) == (in_addr_t)-1 || - (len = strlen(valstr)) >= cliptr->varmax) { - return (CLI_FAIL); - } - - (void) strcpy(cliptr->varptr, valstr); - cliptr->varlen = len + 1; - return (CLI_SET); -} - -/* - * Assign an arbitrary string to cliptr, or output cliptr's value as a string. - */ -static int -clstr(cli_ent_t *cliptr, char *valstr, boolean_t out) -{ - uint_t len; - - if (out) { - printf("%s", (char *)cliptr->varptr); - return (CLI_CONT); - } else { - if ((len = strlen(valstr)) >= cliptr->varmax) { - return (CLI_FAIL); - } else { - (void) strcpy(cliptr->varptr, valstr); - cliptr->varlen = len + 1; - return (CLI_SET); - } - } -} - -/* - * Assign a URL to cliptr (having verified the format), or output cliptr's - * value as a URL. The host must be specified in dotted-decimal, and the - * scheme must not be https. - */ -static int -clurl(cli_ent_t *cliptr, char *valstr, boolean_t out) -{ - url_t u; - uint_t len; - - if (out) { - printf("%s", (char *)cliptr->varptr); - return (CLI_CONT); - } - - if (url_parse(valstr, &u) != URL_PARSE_SUCCESS || - u.https || inet_addr(u.hport.hostname) == (in_addr_t)-1 || - (len = strlen(valstr)) >= cliptr->varmax) { - return (CLI_FAIL); - } - - (void) strcpy(cliptr->varptr, valstr); - cliptr->varlen = len + 1; - return (CLI_SET); -} - -/* - * Assign a hostport to cliptr (having verified the format), or output cliptr's - * value as a hostport. The host must be specified in dotted-decimal. - */ -static int -clhp(cli_ent_t *cliptr, char *valstr, boolean_t out) -{ - url_hport_t u; - uint_t len; - - if (out) { - printf("%s", (char *)cliptr->varptr); - return (CLI_CONT); - } - - if (url_parse_hostport(valstr, &u, URL_DFLT_PROXY_PORT) != - URL_PARSE_SUCCESS || - inet_addr(u.hostname) == (in_addr_t)-1 || - (len = strlen(valstr)) >= cliptr->varmax) { - return (CLI_FAIL); - } - - (void) strcpy(cliptr->varptr, valstr); - cliptr->varlen = len + 1; - return (CLI_SET); -} - -/* - * Exit the interpreter and return to the booter. - */ -/*ARGSUSED*/ -static int -clgo(cli_ent_t *cliptr, char *valstr, boolean_t out) -{ - return (CLI_EXIT); -} - -/* - * Exit the interpreter and return to OBP. - */ -/*ARGSUSED*/ -static int -clexit(cli_ent_t *cliptr, char *valstr, boolean_t out) -{ - prom_exit_to_mon(); - /*NOTREACHED*/ - return (CLI_EXIT); -} - -/* - * Provide simple help information. - */ -/*ARGSUSED*/ -static int -clhelp(cli_ent_t *cliptr, char *valstr, boolean_t out) -{ - printf("var=val - set variable\n"); - printf("var= - unset variable\n"); - printf("var - print variable\n"); - printf("list - list variables and their values\n"); - printf("prompt - prompt for unset variables\n"); - printf("go - continue booting\n"); - printf("exit - quit boot interpreter and return to OBP\n"); - - return (CLI_CONT); -} - -/* - * List variables and their current values. - */ -/*ARGSUSED*/ -static int -cllist(cli_ent_t *cliptr, char *valstr, boolean_t out) -{ - int wanted = (int)(uintptr_t)valstr; /* use uintptr_t for gcc */ - int i; - - wanted &= ~(CLF_CMD | CLF_ARG); - - for (cliptr = cli_list; cliptr < &cli_list[num_cli_ent]; cliptr++) { - if ((cliptr->flags & (CLF_CMD | CLF_ARG)) != 0 || - (cliptr->flags & wanted) == 0) { - continue; - } - printf("%s: ", cliptr->varname); - /* - * Line the values up - space to the width of the widest - * varname + 1 for the ':'. - */ - for (i = VAR_MAXWIDTH + 1 - strlen(cliptr->varname); - i > 0; --i) { - printf(" "); - } - - if (CLF_ISSET(cliptr) || CLF_ISHIDDEN(cliptr)) { - (void) cliptr->action(cliptr, NULL, B_TRUE); - printf("\n"); - } else { - printf("UNSET\n"); - } - } - - return (CLI_CONT); -} - -/* - * Prompt for wanted values. - */ -/*ARGSUSED*/ -static int -clprompt(cli_ent_t *cliptr, char *valstr, boolean_t out) -{ - char *p; - int wanted = (int)(uintptr_t)valstr; /* use uintrptr_t for gcc */ - - /* - * If processing boot arguments, simply note the fact that clprompt() - * should be invoked later when other parameters may be supplied. - */ - if ((wanted & CLF_ARG) != 0) { - args_specified_prompt = B_TRUE; - return (CLI_CONT); - } - wanted &= ~(CLF_CMD | CLF_ARG); - - for (cliptr = cli_list; cliptr < &cli_list[num_cli_ent]; ++cliptr) { - if ((cliptr->flags & wanted) == 0) { - continue; - } - - printf("%s", cliptr->varname); - if (CLF_ISSET(cliptr)) { - printf(" ["); - (void) cliptr->action(cliptr, NULL, B_TRUE); - printf("]"); - } - printf("? "); - (void) editline(cmdbuf, sizeof (cmdbuf)); - printf("\n"); - - p = cmdbuf; - skipspace(p); - if (*p == '\0') { /* nothing there */ - continue; - } - - /* Get valstr and nul terminate */ - valstr = p; - ++p; - skiptext(p); - *p = '\0'; - - /* If empty value, do nothing */ - if (strlen(valstr) == 0) { - continue; - } - - switch (cliptr->action(cliptr, valstr, B_FALSE)) { - case CLI_SET: - CLF_MODVAL(cliptr); - break; - case CLI_FAIL: - printf("Incorrect format, parameter unchanged!\n"); - break; - case CLI_EXIT: - return (CLI_EXIT); - case CLI_CONT: - break; - } - } - - return (CLI_CONT); -} - -/* - * If the PROM has done DHCP, bind the interface; otherwise do the full - * DHCP packet exchange. - */ -/*ARGSUSED*/ -static int -cldhcp(cli_ent_t *cliptr, char *valstr, boolean_t out) -{ - static boolean_t first_time = B_TRUE; - static int ret = CLI_CONT; - - if (first_time) { - /* - * Set DHCP's idea of the client_id from our cached value. - */ - cliptr = find_cli_ent(BI_CLIENT_ID); - if (CLF_ISMOD(cliptr)) { - dhcp_set_client_id(cliptr->varptr, cliptr->varlen); - } - - bootlog("wanboot", BOOTLOG_INFO, "Starting DHCP configuration"); - - (void) ipv4_setpromiscuous(B_TRUE); - if (dhcp() == 0) { - bootlog("wanboot", BOOTLOG_INFO, - "DHCP configuration succeeded"); - } else { - bootlog("wanboot", BOOTLOG_CRIT, - "DHCP configuration failed"); - ret = CLI_FAIL; - } - (void) ipv4_setpromiscuous(B_FALSE); - - first_time = B_FALSE; - } - - return (ret); -} - -/* - * Invoke the socket test interpreter (for testing purposes only). - */ -/*ARGSUSED*/ -static int -cltest(cli_ent_t *cliptr, char *valstr, boolean_t out) -{ - (void) ipv4_setpromiscuous(B_FALSE); - printf("\n"); - for (;;) { - printf(TEST_PROMPT); - if (editline(cmdbuf, sizeof (cmdbuf)) > 0) { - printf("\n"); - (void) st_interpret(cmdbuf); - } else { - prom_exit_to_mon(); - /* NOTREACHED */ - } - } - - /* NOTREACHED */ - return (CLI_CONT); -} - -/* - * Return the cliptr corresponding to the named variable. - */ -static cli_ent_t * -find_cli_ent(char *varstr) -{ - cli_ent_t *cliptr; - - for (cliptr = cli_list; cliptr < &cli_list[num_cli_ent]; ++cliptr) { - if (strcmp(varstr, cliptr->varname) == 0) { - return (cliptr); - } - } - - return (NULL); -} - -/* - * Evaluate the commands provided by the user (either as "-o" boot arguments - * or interactively at the boot interpreter). - */ -static int -cli_eval_buf(char *inbuf, int wanted) -{ - char *p, *varstr, *end_varstr, *valstr, *end_valstr; - boolean_t assign; - cli_ent_t *cliptr; - - for (p = inbuf; *p != '\0'; ) { - skipspace(p); - - /* If nothing more on line, go get the next one */ - if (*p == '\0') { - break; - } else if (*p == ',') { /* orphan ',' ? */ - ++p; - continue; - } - - /* Get ptrs to start & end of variable */ - varstr = p; - ++p; - skiptext(p); - end_varstr = p; - skipspace(p); - - /* See if we're doing an assignment */ - valstr = NULL; - if (*p != '=') { /* nope, just printing */ - assign = B_FALSE; - } else { - assign = B_TRUE; - ++p; /* past '=' */ - skipspace(p); - - /* Assigning something? (else clear variable) */ - if (*p != '\0' && *p != ',') { - /* Get ptrs to start & end of valstr */ - valstr = p; - ++p; - skiptext(p); - end_valstr = p; - skipspace(p); - } - } - - /* Skip ',' delimiter if present */ - if (*p == ',') { - ++p; - } - - /* Nul-terminate varstr and valstr (if appropriate) */ - *end_varstr = '\0'; - if (valstr != NULL) { - *end_valstr = '\0'; - } - - if ((cliptr = find_cli_ent(varstr)) == NULL) { - printf("Unknown variable '%s'; ignored\n", varstr); - continue; - } - - /* - * It's an error to specify a parameter which can only be a - * boot argument (and not a command) when not processing the - * boot arguments. - */ - if ((cliptr->flags & (CLF_CMD | CLF_ARG)) == CLF_ARG && - (wanted & CLF_ARG) == 0) { - printf("'%s' may only be specified as a " - "boot argument; ignored\n", varstr); - continue; - } - - /* - * When doing an assignment, verify that it's not a command - * or argument name, and that it is permissible in the current - * context. An 'empty' assignment (var=) is treated the same - * as a null assignment (var=""). - * - * If processing the boot arguments, it is an error to not - * assign a value to a non-argument parameter. - */ - if (assign) { - if ((cliptr->flags & (CLF_CMD | CLF_ARG)) != 0) { - printf("'%s' is a command and cannot " - "be assigned\n", varstr); - return (CLI_FAIL); - } - if ((cliptr->flags & wanted) == 0) { - printf("'%s' cannot be assigned\n", varstr); - return (CLI_FAIL); - } - - if (valstr == NULL) { - cliptr->varlen = 0; - CLF_MODVAL(cliptr); - continue; - } - } else if ((wanted & CLF_ARG) != 0 && - (cliptr->flags & (CLF_CMD | CLF_ARG)) == 0) { - printf("'%s' must be assigned when specified in " - " the boot arguments\n", varstr); - return (CLI_FAIL); - } - - /* - * Pass 'wanted' to command-handling functions, in particular - * clprompt() and cllist(). - */ - if ((cliptr->flags & CLF_CMD) != 0) { - /* use uintptr_t to suppress the gcc warning */ - valstr = (char *)(uintptr_t)wanted; - } - - /* - * Call the parameter's action function. - */ - switch (cliptr->action(cliptr, valstr, !assign)) { - case CLI_SET: - CLF_MODVAL(cliptr); - break; - case CLI_FAIL: - printf("Incorrect format: variable '%s' not set\n", - cliptr->varname); - break; - case CLI_EXIT: - return (CLI_EXIT); - case CLI_CONT: - if (!assign) { - printf("\n"); - } - break; - } - } - - return (CLI_CONT); -} - -static void -cli_interpret(int wanted) -{ - printf("\n"); - do { - printf(PROMPT); - (void) editline(cmdbuf, sizeof (cmdbuf)); - printf("\n"); - - } while (cli_eval_buf(cmdbuf, wanted) != CLI_EXIT); -} - -#if defined(__sparcv9) -/* - * This routine queries the PROM to see what encryption keys exist. - */ -static void -get_prom_encr_keys() -{ - cli_ent_t *cliptr; - char encr_key[WANBOOT_MAXKEYLEN]; - int keylen; - int status; - int ret; - - /* - * At the top of the priority list, we have AES. - */ - ret = prom_get_security_key(WANBOOT_AES_128_KEY_NAME, encr_key, - WANBOOT_MAXKEYLEN, &keylen, &status); - if ((ret == 0) && (status == 0) && (keylen == AES_128_KEY_SIZE)) { - cliptr = find_cli_ent(BI_AES_KEY); - bcopy(encr_key, cliptr->varptr, AES_128_KEY_SIZE); - cliptr->varlen = AES_128_KEY_SIZE; - CLF_MODVAL(cliptr); - } - - /* - * Next, 3DES. - */ - ret = prom_get_security_key(WANBOOT_DES3_KEY_NAME, encr_key, - WANBOOT_MAXKEYLEN, &keylen, &status); - if ((ret == 0) && (status == 0) && (keylen == DES3_KEY_SIZE)) { - cliptr = find_cli_ent(BI_3DES_KEY); - bcopy(encr_key, cliptr->varptr, DES3_KEY_SIZE); - cliptr->varlen = DES3_KEY_SIZE; - CLF_MODVAL(cliptr); - } -} - -/* - * This routine queries the PROM to see what hashing keys exist. - */ -static void -get_prom_hash_keys() -{ - cli_ent_t *cliptr; - char hash_key[WANBOOT_HMAC_KEY_SIZE]; - int keylen; - int status; - int ret; - - /* - * The only supported key thus far is SHA1. - */ - ret = prom_get_security_key(WANBOOT_HMAC_SHA1_KEY_NAME, hash_key, - WANBOOT_HMAC_KEY_SIZE, &keylen, &status); - if ((ret == 0) && (status == 0) && (keylen == WANBOOT_HMAC_KEY_SIZE)) { - cliptr = find_cli_ent(BI_SHA1_KEY); - bcopy(hash_key, cliptr->varptr, WANBOOT_HMAC_KEY_SIZE); - cliptr->varlen = WANBOOT_HMAC_KEY_SIZE; - CLF_MODVAL(cliptr); - } -} -#endif /* defined(__sparcv9) */ - -/* - * For the given parameter type(s), get values from bootinfo and cache in - * the local variables used by the "boot>" interpreter. - */ -static void -bootinfo_defaults(int which) -{ - cli_ent_t *cliptr; - - for (cliptr = cli_list; cliptr < &cli_list[num_cli_ent]; ++cliptr) { - if ((cliptr->flags & which) != 0 && !CLF_ISSET(cliptr)) { - size_t len = cliptr->varmax; - - if (bootinfo_get(cliptr->varname, cliptr->varptr, - &len, NULL) == BI_E_SUCCESS) { - cliptr->varlen = len; - CLF_SETVAL(cliptr); - } - } - } -} - -/* - * For the given parameter type(s), store values entered at the "boot>" - * interpreter back into bootinfo. - */ -static void -update_bootinfo(int which) -{ - cli_ent_t *cliptr; - - for (cliptr = cli_list; cliptr < &cli_list[num_cli_ent]; ++cliptr) { - if ((cliptr->flags & which) != 0 && CLF_ISMOD(cliptr)) { - (void) bootinfo_put(cliptr->varname, - cliptr->varptr, cliptr->varlen, 0); - } - } -} - -/* - * Return the net-config-strategy: "dhcp", "manual" or "rarp" - */ -static char * -net_config_strategy(void) -{ - static char ncs[8]; /* "dhcp" or "manual" */ - size_t len = sizeof (ncs); - - if (ncs[0] == '\0' && - bootinfo_get(BI_NET_CONFIG_STRATEGY, ncs, &len, NULL) != - BI_E_SUCCESS) { - /* - * Support for old PROMs: create the net-config-strategy - * property under /chosen with an appropriate value. If we - * have a bootp-response (not interested in its value, just - * its presence) then we did DHCP; otherwise configuration - * is manual. - */ - if (bootinfo_get(BI_BOOTP_RESPONSE, NULL, NULL, - NULL) == BI_E_BUF2SMALL) { - (void) strcpy(ncs, "dhcp"); - } else { - (void) strcpy(ncs, "manual"); - } - (void) bootinfo_put(BI_NET_CONFIG_STRATEGY, ncs, strlen(ncs), - BI_R_CHOSEN); - - bootlog("wanboot", BOOTLOG_INFO, - "Default net-config-strategy: %s", ncs); - } - - return (ncs); -} - -/* - * If there is no client-id property published in /chosen (by the PROM or the - * boot interpreter) provide a default client-id based on the MAC address of - * the client. - * As specified in RFC2132 (section 9.14), this is prefixed with a byte - * which specifies the ARP hardware type defined in RFC1700 (for Ethernet, - * this should be 1). - */ -static void -generate_default_clientid(void) -{ - char clid[WB_MAX_CID_LEN]; - size_t len = sizeof (clid); - - if (bootinfo_get(BI_CLIENT_ID, clid, &len, NULL) != BI_E_SUCCESS) { - len = mac_get_addr_len() + 1; /* include hwtype */ - - if (len > sizeof (clid)) { - return; - } - - clid[0] = mac_arp_type(mac_get_type()); - bcopy(mac_get_addr_buf(), &clid[1], len - 1); - - (void) bootinfo_put(BI_CLIENT_ID, clid, len, 0); - } -} - -/* - * Determine the URL of the boot server from the 'file' parameter to OBP, - * the SbootURI or BootFile DHCP options, or the 'bootserver' value entered - * either as a "-o" argument or at the interpreter. - */ -static void -determine_bootserver_url(void) -{ - char bs[URL_MAX_STRLEN + 1]; - size_t len; - url_t url; - - if (bootinfo_get(BI_BOOTSERVER, bs, &len, NULL) != BI_E_SUCCESS) { - /* - * If OBP has published a network-boot-file property in - * /chosen (or there is a DHCP BootFile or SbootURI vendor - * option) and it's a URL, construct the bootserver URL - * from it. - */ - len = URL_MAX_STRLEN; - if (bootinfo_get(BI_NETWORK_BOOT_FILE, bs, &len, NULL) != - BI_E_SUCCESS) { - len = URL_MAX_STRLEN; - if (bootinfo_get(BI_BOOTFILE, bs, &len, NULL) != - BI_E_SUCCESS) { - return; - } - } - if (url_parse(bs, &url) == URL_PARSE_SUCCESS) { - (void) bootinfo_put(BI_BOOTSERVER, bs, len, 0); - } - } -} - -/* - * Provide a classful subnet mask based on the client's IP address. - */ -static in_addr_t -generate_classful_subnet(in_addr_t client_ipaddr) -{ - struct in_addr subnetmask; - char *netstr; - - if (IN_CLASSA(client_ipaddr)) { - subnetmask.s_addr = IN_CLASSA_NET; - } else if (IN_CLASSB(client_ipaddr)) { - subnetmask.s_addr = IN_CLASSB_NET; - } else if (IN_CLASSC(client_ipaddr)) { - subnetmask.s_addr = IN_CLASSC_NET; - } else { - subnetmask.s_addr = IN_CLASSE_NET; - } - - netstr = inet_ntoa(subnetmask); - (void) bootinfo_put(BI_SUBNET_MASK, netstr, strlen(netstr) + 1, 0); - - return (subnetmask.s_addr); -} - -/* - * Informational output to the user (if interactive) or the bootlogger. - */ -static void -info(const char *msg, boolean_t interactive) -{ - if (interactive) { - printf("%s\n", msg); - } else { - bootlog("wanboot", BOOTLOG_INFO, "%s", msg); - } -} - -/* - * Determine whether we have sufficient information to proceed with booting, - * either for configuring the interface and downloading the bootconf file, - * or for downloading the miniroot. - */ -static int -config_incomplete(int why, boolean_t interactive) -{ - boolean_t error = B_FALSE; - char buf[URL_MAX_STRLEN + 1]; - size_t len; - char *urlstr; - url_t u; - struct hostent *hp; - in_addr_t client_ipaddr, ipaddr, bsnet, pxnet; - static in_addr_t subnetmask, clnet; - static boolean_t have_router = B_FALSE; - static boolean_t have_proxy = B_FALSE; - boolean_t have_root_server = B_FALSE; - boolean_t have_boot_logger = B_FALSE; - in_addr_t rsnet, blnet; - - /* - * Note that 'have_router', 'have_proxy', 'subnetmask', and 'clnet' - * are static, so that their values (gathered when checking the - * interface configuration) may be used again when checking the boot - * configuration. - */ - if (why == CLF_IF) { - /* - * A valid host IP address is an absolute requirement. - */ - len = sizeof (buf); - if (bootinfo_get(BI_HOST_IP, buf, &len, NULL) == BI_E_SUCCESS) { - if ((client_ipaddr = inet_addr(buf)) == (in_addr_t)-1) { - info("host-ip invalid!", interactive); - error = B_TRUE; - } - } else { - info("host-ip not set!", interactive); - error = B_TRUE; - } - - /* - * If a subnet mask was provided, use it; otherwise infer it. - */ - len = sizeof (buf); - if (bootinfo_get(BI_SUBNET_MASK, buf, &len, NULL) == - BI_E_SUCCESS) { - if ((subnetmask = inet_addr(buf)) == (in_addr_t)-1) { - info("subnet-mask invalid!", interactive); - error = B_TRUE; - } - } else { - info("Defaulting to classful subnetting", interactive); - - subnetmask = generate_classful_subnet(client_ipaddr); - } - clnet = client_ipaddr & subnetmask; - - /* - * A legal bootserver URL is also an absolute requirement. - */ - len = sizeof (buf); - if (bootinfo_get(BI_BOOTSERVER, buf, &len, NULL) == - BI_E_SUCCESS) { - if (url_parse(buf, &u) != URL_PARSE_SUCCESS || - u.https || - (ipaddr = inet_addr(u.hport.hostname)) == - (in_addr_t)-1) { - info("bootserver not legal URL!", interactive); - error = B_TRUE; - } else { - bsnet = ipaddr & subnetmask; - } - } else { - info("bootserver not specified!", interactive); - error = B_TRUE; - } - - /* - * Is there a correctly-defined router? - */ - len = sizeof (buf); - if (bootinfo_get(BI_ROUTER_IP, buf, &len, NULL) == - BI_E_SUCCESS) { - if ((ipaddr = inet_addr(buf)) == (in_addr_t)-1) { - info("router-ip invalid!", interactive); - error = B_TRUE; - } else if (clnet != (ipaddr & subnetmask)) { - info("router not on local subnet!", - interactive); - error = B_TRUE; - } else { - have_router = B_TRUE; - } - } - - /* - * Is there a correctly-defined proxy? - */ - len = sizeof (buf); - if (bootinfo_get(BI_HTTP_PROXY, buf, &len, NULL) == - BI_E_SUCCESS) { - url_hport_t u; - - if (url_parse_hostport(buf, &u, URL_DFLT_PROXY_PORT) != - URL_PARSE_SUCCESS || - (ipaddr = inet_addr(u.hostname)) == (in_addr_t)-1) { - info("http-proxy port invalid!", interactive); - error = B_TRUE; - } else { - /* - * The proxy is only of use to us if it's on - * our local subnet, or if a router has been - * specified (which should hopefully allow us - * to access the proxy). - */ - pxnet = ipaddr & subnetmask; - have_proxy = (have_router || pxnet == clnet); - } - } - - /* - * If there is no router and no proxy (either on the local - * subnet or reachable via a router), then the bootserver - * URL must be on the local net. - */ - if (!error && !have_router && !have_proxy && bsnet != clnet) { - info("bootserver URL not on local subnet", - interactive); - error = B_TRUE; - } - } else { - /* - * There must be a correctly-defined root_server URL. - */ - if ((urlstr = bootconf_get(&bc_handle, - BC_ROOT_SERVER)) == NULL) { - info("no root_server URL!", interactive); - error = B_TRUE; - } else if (url_parse(urlstr, &u) != URL_PARSE_SUCCESS) { - info("root_server not legal URL!", interactive); - error = B_TRUE; - } else if ((hp = gethostbyname(u.hport.hostname)) == NULL) { - info("cannot resolve root_server hostname!", - interactive); - error = B_TRUE; - } else { - rsnet = *(in_addr_t *)hp->h_addr & subnetmask; - have_root_server = B_TRUE; - } - - /* - * Is there a correctly-defined (non-empty) boot_logger URL? - */ - if ((urlstr = bootconf_get(&bc_handle, - BC_BOOT_LOGGER)) != NULL) { - if (url_parse(urlstr, &u) != URL_PARSE_SUCCESS) { - info("boot_logger not legal URL!", interactive); - error = B_TRUE; - } else if ((hp = gethostbyname(u.hport.hostname)) == - NULL) { - info("cannot resolve boot_logger hostname!", - interactive); - error = B_TRUE; - } else { - blnet = *(in_addr_t *)hp->h_addr & subnetmask; - have_boot_logger = B_TRUE; - } - } - - /* - * If there is no router and no proxy (either on the local - * subnet or reachable via a router), then the root_server - * URL (and the boot_logger URL if specified) must be on the - * local net. - */ - if (!error && !have_router && !have_proxy) { - if (have_root_server && rsnet != clnet) { - info("root_server URL not on local subnet", - interactive); - error = B_TRUE; - } - if (have_boot_logger && blnet != clnet) { - info("boot_logger URL not on local subnet", - interactive); - error = B_TRUE; - } - } - } - - return (error); -} - -/* - * Actually setup our network interface with the values derived from the - * PROM, DHCP or interactively from the user. - */ -static void -setup_interface() -{ - char str[MAXHOSTNAMELEN]; /* will accomodate an IP too */ - size_t len; - struct in_addr in_addr; - - len = sizeof (str); - if (bootinfo_get(BI_HOST_IP, str, &len, NULL) == BI_E_SUCCESS && - (in_addr.s_addr = inet_addr(str)) != (in_addr_t)-1) { - in_addr.s_addr = htonl(in_addr.s_addr); - ipv4_setipaddr(&in_addr); - } - - len = sizeof (str); - if (bootinfo_get(BI_SUBNET_MASK, str, &len, NULL) == BI_E_SUCCESS && - (in_addr.s_addr = inet_addr(str)) != (in_addr_t)-1) { - in_addr.s_addr = htonl(in_addr.s_addr); - ipv4_setnetmask(&in_addr); - } - - len = sizeof (str); - if (bootinfo_get(BI_ROUTER_IP, str, &len, NULL) == BI_E_SUCCESS && - (in_addr.s_addr = inet_addr(str)) != (in_addr_t)-1) { - in_addr.s_addr = htonl(in_addr.s_addr); - ipv4_setdefaultrouter(&in_addr); - (void) ipv4_route(IPV4_ADD_ROUTE, RT_DEFAULT, NULL, &in_addr); - } - - len = sizeof (str); - if (bootinfo_get(BI_HOSTNAME, str, &len, NULL) == BI_E_SUCCESS) { - (void) sethostname(str, len); - } -} - -boolean_t -wanboot_init_interface(char *boot_arguments) -{ - boolean_t interactive; - int which; - -#if defined(__sparcv9) - /* - * Get the keys from PROM before we allow the user - * to override them from the CLI. - */ - get_prom_encr_keys(); - get_prom_hash_keys(); -#endif /* defined(__sparcv9) */ - - /* - * If there is already a bootp-response property under - * /chosen then the PROM must have done DHCP for us; - * invoke dhcp() to 'bind' the interface. - */ - if (bootinfo_get(BI_BOOTP_RESPONSE, NULL, NULL, NULL) == - BI_E_BUF2SMALL) { - (void) cldhcp(NULL, NULL, 0); - } - - /* - * Obtain default interface values from bootinfo. - */ - bootinfo_defaults(CLF_IF); - - /* - * Process the boot arguments (following the "-o" option). - */ - if (boot_arguments != NULL) { - (void) cli_eval_buf(boot_arguments, - (CLF_ARG | CLF_IF | CLF_BM)); - } - - /* - * Stash away any interface/bootmisc parameter values we got - * from either the PROM or the boot arguments. - */ - update_bootinfo(CLF_IF | CLF_BM); - - /* - * If we don't already have a value for bootserver, try to - * deduce one. Refresh wbcli's idea of these values. - */ - determine_bootserver_url(); - bootinfo_defaults(CLF_BM); - - /* - * Check that the information we have collected thus far is sufficient. - */ - interactive = args_specified_prompt; - - if (interactive) { - /* - * Drop into the boot interpreter to allow the input - * of keys, bootserver and bootmisc, and in the case - * that net-config-strategy == "manual" the interface - * parameters. - */ - which = CLF_BM | CLF_CMD; - if (strcmp(net_config_strategy(), "manual") == 0) - which |= CLF_IF; - - do { - cli_interpret(which); - update_bootinfo(CLF_IF | CLF_BM); - } while (config_incomplete(CLF_IF, interactive)); - } else { - /* - * The user is not to be given the opportunity to - * enter further values; fail. - */ - if (config_incomplete(CLF_IF, interactive)) { - bootlog("wanboot", BOOTLOG_CRIT, - "interface incorrectly configured"); - return (B_FALSE); - } - } - - /* - * If a wanboot-enabled PROM hasn't processed client-id in - * network-boot-arguments, or no value for client-id has been - * specified to the boot interpreter, then provide a default - * client-id based on our MAC address. - */ - generate_default_clientid(); - - /* - * If net-config-strategy == "manual" then we must setup - * the interface now; if "dhcp" then it will already have - * been setup. - */ - if (strcmp(net_config_strategy(), "manual") == 0) - setup_interface(); - return (B_TRUE); -} - -boolean_t -wanboot_verify_config(void) -{ - /* - * Check that the wanboot.conf file defines a valid root_server - * URL, and check that, if given, the boot_logger URL is valid. - */ - if (config_incomplete(0, B_FALSE)) { - bootlog("wanboot", BOOTLOG_CRIT, - "incomplete boot configuration"); - return (B_FALSE); - } - return (B_TRUE); -} diff --git a/usr/src/psm/stand/boot/sparc/common/wbcli.h b/usr/src/psm/stand/boot/sparc/common/wbcli.h deleted file mode 100644 index ddec3db215..0000000000 --- a/usr/src/psm/stand/boot/sparc/common/wbcli.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -/* wanboot booter specific definitions */ - -#ifndef _WBCLI_H -#define _WBCLI_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/types.h> -#include <sys/wanboot_impl.h> -#include <dhcp_impl.h> - -#ifdef __cplusplus -extern "C" { -#endif - -#define WB_MAX_CID_LEN DHCP_MAX_CID_LEN - -extern boolean_t wanboot_init_interface(char *); -extern boolean_t wanboot_verify_config(void); - -#ifdef __cplusplus -} -#endif - -#endif /* _WBCLI_H */ diff --git a/usr/src/psm/stand/boot/sparc/common/wbfsconf.c b/usr/src/psm/stand/boot/sparc/common/wbfsconf.c deleted file mode 100644 index fe558b5bc2..0000000000 --- a/usr/src/psm/stand/boot/sparc/common/wbfsconf.c +++ /dev/null @@ -1,62 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/param.h> -#include <sys/boothsfs.h> -#include <sys/bootufs.h> -#include <sys/bootvfs.h> - -struct boot_fs_ops *boot_fsw[] = { - &boot_ufs_ops, - &boot_hsfs_ops -}; - -int boot_nfsw = sizeof (boot_fsw) / sizeof (boot_fsw[0]); - -char *systype; - -static char *ufsname = "ufs"; -static char *hsfsname = "hsfs"; - -int -determine_fstype_and_mountroot(char *path) -{ - set_default_fs(ufsname); - if (mountroot(path) == VFS_SUCCESS) { - systype = ufsname; - return (VFS_SUCCESS); - } - - set_default_fs(hsfsname); - if (mountroot(path) == VFS_SUCCESS) { - systype = hsfsname; - return (VFS_SUCCESS); - } - clr_default_fs(); - - return (VFS_FAILURE); -} diff --git a/usr/src/psm/stand/boot/sparcv9/Makefile.com b/usr/src/psm/stand/boot/sparcv9/Makefile.com index 0ce0b30093..977df470d7 100644 --- a/usr/src/psm/stand/boot/sparcv9/Makefile.com +++ b/usr/src/psm/stand/boot/sparcv9/Makefile.com @@ -36,13 +36,11 @@ MACH_DIR = ../../sparc/common PLAT_DIR = sun4 BOOT_DIR = $(SRC)/psm/stand/boot -WANBOOT = wanboot NFSBOOT = inetboot -WANBOOT_SRC = $(WANBOOT).c NFSBOOT_SRC = $(NFSBOOT).c -CONF_SRC = nfsconf.c wbfsconf.c wbcli.c +CONF_SRC = nfsconf.c TOP_CMN_C_SRC = getoptstr.c @@ -54,9 +52,6 @@ MACH_C_SRC = boot_plat.c bootops.c bootprop.c bootflags.c MACH_C_SRC += machdep.c sun4u_machdep.c sun4v_machdep.c MACH_C_SRC += get.c -WANBOOT_OBJS = $(WANBOOT_SRC:%.c=%.o) -WANBOOT_L_OBJS = $(WANBOOT_OBJS:%.o=%.ln) - NFSBOOT_OBJS = $(NFSBOOT_SRC:%.c=%.o) NFSBOOT_L_OBJS = $(NFSBOOT_OBJS:%.o=%.ln) @@ -86,8 +81,6 @@ CPPINCS += -I$(SRC)/uts/$(PLATFORM) CPPINCS += -I$(SRC)/uts/sparc/$(ARCHVERS) CPPINCS += -I$(SRC)/uts/sparc CPPINCS += -I$(SRC)/uts/$(ARCHMMU) -CPPINCS += -I$(SRC)/common/net/wanboot -CPPINCS += -I$(SRC)/common/net/wanboot/crypt CPPINCS += -I$(ROOT)/usr/platform/$(PLATFORM)/include CPPINCS += -I$(ROOT)/usr/include/$(ARCHVERS) CPPINCS += -I$(PSMSYSHDRDIR) @@ -110,9 +103,6 @@ PSMPROMLIBDIR = $(PSMSTANDDIR)/lib/promif/$(TARG_MACH) # # Install targets # -ROOT_PLAT_SUN4U_WANBOOT= $(ROOT_PLAT_DIR)/sun4u/$(WANBOOT) -ROOT_PLAT_SUN4V_WANBOOT= $(ROOT_PLAT_DIR)/sun4v/$(WANBOOT) - USR_PLAT_SUN4U_LIB=$(USR_PLAT_DIR)/sun4u/lib USR_PLAT_SUN4U_LIB_FS=$(USR_PLAT_SUN4U_LIB)/fs USR_PLAT_SUN4U_LIB_FS_NFS=$(USR_PLAT_SUN4U_LIB_FS)/nfs @@ -144,10 +134,10 @@ LIBSYS_DIR += $(SYSLIBDIR) # .PARALLEL: $(OBJS) $(CONF_OBJS) $(MISC_OBJS) $(SRT0_OBJ) \ - $(WANBOOT_OBJS) $(NFSBOOT_OBJS) + $(NFSBOOT_OBJS) .PARALLEL: $(L_OBJS) $(CONF_L_OBJS) $(MISC_L_OBJS) $(SRT0_L_OBJ) \ - $(WANBOOT_L_OBJS) $(NFSBOOT_L_OBJS) -.PARALLEL: $(NFSBOOT) $(WANBOOT) + $(NFSBOOT_L_OBJS) +.PARALLEL: $(NFSBOOT) # # Note that the presumption is that someone has already done a `make diff --git a/usr/src/stand/sys/bootsyms.h b/usr/src/stand/sys/bootsyms.h index 70fa1063c2..9f8b6c636f 100644 --- a/usr/src/stand/sys/bootsyms.h +++ b/usr/src/stand/sys/bootsyms.h @@ -26,8 +26,6 @@ #ifndef _SYS_BOOTSYMS_H #define _SYS_BOOTSYMS_H -#pragma ident "%Z%%M% %I% %E% SMI" - /* * This header file should not exist. * @@ -117,11 +115,6 @@ extern int global_pages; * From psm/stand/boot/sparc/common/fsconf.c: */ extern char *bootp_response; - -/* - * From psm/stand/boot/sparc/common/wanboot.c: - */ -extern char *bootcfg; #endif /* __sparc */ #ifdef __cplusplus diff --git a/usr/src/tools/chk4ubin/chk4ubin.c b/usr/src/tools/chk4ubin/chk4ubin.c index 9c53cec670..752e2013f0 100644 --- a/usr/src/tools/chk4ubin/chk4ubin.c +++ b/usr/src/tools/chk4ubin/chk4ubin.c @@ -37,7 +37,6 @@ #include <memory.h> #include <libelf.h> #include <gelf.h> -#include <utility.h> /* * Tool to inspect a sun4u bootable module for a symbol table size @@ -83,8 +82,8 @@ * included this bug. The bug only occurs for allocations * pagesize or greater, and the only such OBP allocation is for a * module's symbol table, for the sum of the SYMTAB and STRTAB - * sections. The wanboot and inetboot binaries do not include - * these sections and are therefore also unaffected. + * sections. The inetboot binary does not include these sections + * and is therefore also unaffected. */ static char *whoami; diff --git a/usr/src/uts/common/io/ib/ibnex/ibnex_hca.c b/usr/src/uts/common/io/ib/ibnex/ibnex_hca.c index bc08108c6e..a314f9cc5d 100644 --- a/usr/src/uts/common/io/ib/ibnex/ibnex_hca.c +++ b/usr/src/uts/common/io/ib/ibnex/ibnex_hca.c @@ -299,7 +299,7 @@ ibnex_hca_bus_unconfig(dev_info_t *parent, * Configures a particular port node for a IP over IB communication * service. * The format of the input string "devname" is - * port=x,pkey=y,protocol=ip,<wanboot options> + * port=x,pkey=y,protocol=ip * Thr format of the node name created here is * ibport@<Port#>,<pkey>,<service name> * where pkey = 0 for port communication service nodes @@ -469,7 +469,7 @@ ibnex_get_cdip_info(dev_info_t *parent, static int ibnex_hca_bus_config_one(dev_info_t *parent, void *devname, -ddi_bus_config_op_t op, uint_t *flag, dev_info_t **child) + ddi_bus_config_op_t op, uint_t *flag, dev_info_t **child) { int ret = IBNEX_SUCCESS, len, circ, need_bus_config; char *device_name, *caddr, *cname; diff --git a/usr/src/uts/common/io/openprom.c b/usr/src/uts/common/io/openprom.c index f541037450..1b2ef95f51 100644 --- a/usr/src/uts/common/io/openprom.c +++ b/usr/src/uts/common/io/openprom.c @@ -53,7 +53,6 @@ #include <sys/promif.h> #include <sys/sysmacros.h> /* offsetof */ #include <sys/nvpair.h> -#include <sys/wanboot_impl.h> #include <sys/zone.h> #include <sys/consplat.h> #include <sys/bootconf.h> @@ -498,13 +497,6 @@ opromioctl_cb(void *avp, int has_changed) } break; -#if !defined(__i386) && !defined(__amd64) - case WANBOOT_SETKEY: - if (!(mode & FWRITE)) - return (EPERM); - break; -#endif /* !__i386 && !defined(__amd64) */ - default: return (EINVAL); } @@ -1017,68 +1009,6 @@ opromioctl_cb(void *avp, int has_changed) break; } /* case OPROMREADY64 */ - - case WANBOOT_SETKEY: { - struct wankeyio *wp; - int reslen; - int status; - int rv; - int i; - - /* - * The argument is a struct wankeyio. Validate it as best - * we can. - */ - if (userbufsize != (sizeof (struct wankeyio))) { - error = EINVAL; - break; - } - if (copyin(((caddr_t)arg + sizeof (uint_t)), - opp->oprom_array, sizeof (struct wankeyio)) != 0) { - error = EFAULT; - break; - } - wp = (struct wankeyio *)opp->oprom_array; - - /* check for key name and key size overflow */ - for (i = 0; i < WANBOOT_MAXKEYNAMELEN; i++) - if (wp->wk_keyname[i] == '\0') - break; - if ((i == WANBOOT_MAXKEYNAMELEN) || - (wp->wk_keysize > WANBOOT_MAXKEYLEN)) { - error = EINVAL; - break; - } - - rv = prom_set_security_key(wp->wk_keyname, wp->wk_u.key, - wp->wk_keysize, &reslen, &status); - if (rv) - error = EIO; - else - switch (status) { - case 0: - error = 0; - break; - - case -2: /* out of key storage space */ - error = ENOSPC; - break; - - case -3: /* key name or value too long */ - error = EINVAL; - break; - - case -4: /* can't delete: no such key */ - error = ENOENT; - break; - - case -1: /* unspecified error */ - default: /* this should not happen */ - error = EIO; - break; - } - break; - } /* case WANBOOT_SETKEY */ #endif /* !__i386 && !__amd64 */ } /* switch (cmd) */ @@ -1089,7 +1019,7 @@ opromioctl_cb(void *avp, int has_changed) /*ARGSUSED*/ static int opromioctl(dev_t dev, int cmd, intptr_t arg, int mode, - cred_t *credp, int *rvalp) + cred_t *credp, int *rvalp) { struct oprom_state *st; struct opromioctl_args arg_block; diff --git a/usr/src/uts/common/krtld/kobj_bootflags.c b/usr/src/uts/common/krtld/kobj_bootflags.c index f94096539a..699f0a1114 100644 --- a/usr/src/uts/common/krtld/kobj_bootflags.c +++ b/usr/src/uts/common/krtld/kobj_bootflags.c @@ -151,7 +151,7 @@ bootflags(struct bootops *ops) (void) strlcat(initargs, " ", sizeof (initargs)); break; #if defined(_OBP) - /* Ignore argument meant for wanboot standalone */ + /* Ignore legacy wanboot argument meant for standalone */ case 'o': break; #endif diff --git a/usr/src/uts/common/sys/Makefile b/usr/src/uts/common/sys/Makefile index 7ce40a658a..368e5fd180 100644 --- a/usr/src/uts/common/sys/Makefile +++ b/usr/src/uts/common/sys/Makefile @@ -669,7 +669,6 @@ CHKHDRS= \ vuid_store.h \ wait.h \ waitq.h \ - wanboot_impl.h \ watchpoint.h \ winlockio.h \ zcons.h \ diff --git a/usr/src/uts/common/sys/wanboot_impl.h b/usr/src/uts/common/sys/wanboot_impl.h deleted file mode 100644 index b953593fa1..0000000000 --- a/usr/src/uts/common/sys/wanboot_impl.h +++ /dev/null @@ -1,78 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _SYS_WANBOOT_IMPL_H -#define _SYS_WANBOOT_IMPL_H - -#include <sys/types.h> -#include <aes.h> -#include <des3.h> -#include <hmac_sha1.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * PKCS12 passphrase used by WAN boot - */ -#define WANBOOT_PASSPHRASE "boy with goldfish" - -/* - * Key names used by OBP. - */ -#define WANBOOT_DES3_KEY_NAME "wanboot-3des" -#define WANBOOT_AES_128_KEY_NAME "wanboot-aes" -#define WANBOOT_HMAC_SHA1_KEY_NAME "wanboot-hmac-sha1" -#define WANBOOT_MAXKEYNAMELEN sizeof (WANBOOT_HMAC_SHA1_KEY_NAME) - -#define WANBOOT_MAXKEYLEN 1024 /* sized for RSA */ - -#define WANBOOT_MAXBLOCKLEN AES_BLOCK_SIZE -#define WANBOOT_HMAC_KEY_SIZE 20 /* size of key we use for HMAC SHA-1 */ - -struct wankeyio { - char wk_keyname[WANBOOT_MAXKEYNAMELEN]; - uint_t wk_keysize; - union { - char hmac_sha1_key[WANBOOT_HMAC_KEY_SIZE]; - char des3key[DES3_KEY_SIZE]; - char aeskey[AES_128_KEY_SIZE]; - char key[WANBOOT_MAXKEYLEN]; - } wk_u; -}; - -#define wk_hmac_sha1_key wk_u.hmac_sha1_key -#define wk_3des_key wk_u.3des_key -#define wk_aes_key wk_u.aeskey - -#define WANBOOT_SETKEY (('W' << 24) | ('A' << 16) | ('N' << 8) | 0) - -#ifdef __cplusplus -} -#endif - -#endif /* _SYS_WANBOOT_IMPL_H */ diff --git a/usr/src/uts/intel/openeepr/Makefile b/usr/src/uts/intel/openeepr/Makefile index 7ab3ee4210..762cd55a0c 100644 --- a/usr/src/uts/intel/openeepr/Makefile +++ b/usr/src/uts/intel/openeepr/Makefile @@ -56,7 +56,6 @@ ALL_TARGET = $(BINARY) $(SRC_CONFILE) LINT_TARGET = $(MODULE).lint INSTALL_TARGET = $(BINARY) $(ROOTMODULE) $(ROOT_CONFFILE) -CPPFLAGS += -I$(SRC)/common/net/wanboot/crypt LDFLAGS += -dy -Ndacf/consconfig_dacf # diff --git a/usr/src/uts/req.flg b/usr/src/uts/req.flg index 46824053d2..ffbaa3f643 100644 --- a/usr/src/uts/req.flg +++ b/usr/src/uts/req.flg @@ -49,7 +49,6 @@ find_files "s.*" usr/src/common/exacct find_files "s.*" usr/src/common/fs find_files "s.*" usr/src/common/mapfiles find_files "s.*" usr/src/common/mdesc -find_files "s.*" usr/src/common/net/wanboot/crypt find_files "s.*" usr/src/common/nvpair find_files "s.*" usr/src/common/pci find_files "s.*" usr/src/common/secflags diff --git a/usr/src/uts/sparc/openeepr/Makefile b/usr/src/uts/sparc/openeepr/Makefile index 8019dccfab..80214c9e68 100644 --- a/usr/src/uts/sparc/openeepr/Makefile +++ b/usr/src/uts/sparc/openeepr/Makefile @@ -56,11 +56,6 @@ ALL_TARGET = $(BINARY) $(SRC_CONFILE) LINT_TARGET = $(MODULE).lint INSTALL_TARGET = $(BINARY) $(ROOTMODULE) $(ROOT_CONFFILE) -# -# lint pass one enforcement -# -CPPFLAGS += -I$(SRC)/common/net/wanboot/crypt - CFLAGS += $(CCVERBOSE) LDFLAGS += -dy -Ndacf/consconfig_dacf |