Commit | Line | Data |
---|---|---|
920dae64 AT |
1 | \ ========== Copyright Header Begin ========================================== |
2 | \ | |
3 | \ Hypervisor Software File: wanboot.fth | |
4 | \ | |
5 | \ Copyright (c) 2006 Sun Microsystems, Inc. All Rights Reserved. | |
6 | \ | |
7 | \ - Do no alter or remove copyright notices | |
8 | \ | |
9 | \ - Redistribution and use of this software in source and binary forms, with | |
10 | \ or without modification, are permitted provided that the following | |
11 | \ conditions are met: | |
12 | \ | |
13 | \ - Redistribution of source code must retain the above copyright notice, | |
14 | \ this list of conditions and the following disclaimer. | |
15 | \ | |
16 | \ - Redistribution in binary form must reproduce the above copyright notice, | |
17 | \ this list of conditions and the following disclaimer in the | |
18 | \ documentation and/or other materials provided with the distribution. | |
19 | \ | |
20 | \ Neither the name of Sun Microsystems, Inc. or the names of contributors | |
21 | \ may be used to endorse or promote products derived from this software | |
22 | \ without specific prior written permission. | |
23 | \ | |
24 | \ This software is provided "AS IS," without a warranty of any kind. | |
25 | \ ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, | |
26 | \ INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A | |
27 | \ PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN | |
28 | \ MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS SHALL NOT BE LIABLE FOR | |
29 | \ ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR | |
30 | \ DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN | |
31 | \ OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR | |
32 | \ FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE | |
33 | \ DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, | |
34 | \ ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF | |
35 | \ SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. | |
36 | \ | |
37 | \ You acknowledge that this software is not designed, licensed or | |
38 | \ intended for use in the design, construction, operation or maintenance of | |
39 | \ any nuclear facility. | |
40 | \ | |
41 | \ ========== Copyright Header End ============================================ | |
42 | id: @(#)wanboot.fth 1.1 04/09/07 | |
43 | purpose: WANboot support | |
44 | copyright: Copyright 2004 Sun Microsystems, Inc. All Rights Reserved | |
45 | copyright: Use is subject to license terms. | |
46 | ||
47 | headerless | |
48 | ||
49 | \ WANboot URLs are of the form | |
50 | \ http://hostport/path/wanbootCGI | |
51 | \ which specifies the server and the location of the CGI script which | |
52 | \ will deliver WANboot datastreams to the client. | |
53 | \ | |
54 | \ To request the bootfile, we construct a query URL of the form | |
55 | \ http://hostport/path/wanbootCGI/?CONTENT=bootfile&IP=a.b.c.d&CID=cid | |
56 | \ where, a.b.c.d is the client's network number, and cid is the client | |
57 | \ identifier. | |
58 | \ | |
59 | \ If a client identifier is not in use, a default client identifier | |
60 | \ is constructed by concatenating the ARP hardware type and the | |
61 | \ client's hardware address. | |
62 | ||
63 | : set-wanboot-clientid ( buf -- ) | |
64 | if-htype@ over 1+ c! ( buf ) | |
65 | if-hwaddr if-addrlen@ 2 pick 2+ swap move ( buf ) | |
66 | if-addrlen@ 1+ swap c! ( ) | |
67 | ; | |
68 | ||
69 | : wanboot-clientid ( -- $ ) | |
70 | client-id count dup 0= if | |
71 | 2drop client-id set-wanboot-clientid client-id count | |
72 | then | |
73 | octet-to-hexascii | |
74 | ; | |
75 | ||
76 | : build-wanboot-requrl$ ( url$ buf$ -- requrl$ ) | |
77 | 2swap strcat ( buf$' ) | |
78 | " /?CONTENT=bootfile" strcat | |
79 | " &IP=" strcat | |
80 | ni-netnum inet-ntoa strcat | |
81 | " &CID=" strcat | |
82 | wanboot-clientid strcat ( requrl$ ) | |
83 | ; | |
84 | ||
85 | \ The WANboot datastream comprises of the boot file binary and the | |
86 | \ (20 byte) HMAC SHA-1 signature of that file generated using the shared | |
87 | \ secret key. In the absence of a hashing key ("wanboot-hmac-sha1"), | |
88 | \ the signature field contains zeroes. | |
89 | ||
90 | create wanboot-hmac-keyname " wanboot-hmac-sha1" cstring, | |
91 | ||
92 | d# 20 constant WANBOOT_HMAC_KEYLEN \ Size of key we use for HMAC SHA-1 | |
93 | d# 32 constant MAX_KEYLEN \ Maximum key data length in keystore | |
94 | ||
95 | MAX_KEYLEN instance buffer: hmac-keydata | |
96 | HMAC_SHA1_DIGEST_LEN instance buffer: hmac-sha1-digest | |
97 | ||
98 | : read-hmac-sha1-key ( -- key keylen true | false ) | |
99 | hmac-keydata MAX_KEYLEN over wanboot-hmac-keyname | |
100 | " SUNW,get-security-key" call-cif-method dup 0< if | |
101 | 2drop false | |
102 | else | |
103 | dup WANBOOT_HMAC_KEYLEN <> if | |
104 | ." Invalid Hash Key Size " .d cr -1 throw | |
105 | then true | |
106 | then | |
107 | ; | |
108 | ||
109 | : verify-hmac-digest ( adr size digest len -- ok? ) | |
110 | read-hmac-sha1-key if ( adr size digest,len key,len ) | |
111 | 2rot 2swap hmac-sha1 digest= ( ok? ) | |
112 | else ( adr size digest,len ) | |
113 | 2swap 2drop true -rot bounds do | |
114 | i c@ 0<> if drop false leave then | |
115 | loop | |
116 | then ( ok? ) | |
117 | ; | |
118 | ||
119 | \ The HTTP payload appears as a multipart-MIME message, the format | |
120 | \ of which is as follows: | |
121 | \ | |
122 | \ Content-Length: M | |
123 | \ Content-Type: multipart/mixed; boundary="Part_Boundary" | |
124 | \ | |
125 | \ --Part_Boundary | |
126 | \ Content-Length: N | |
127 | \ Content-Type: application/octet-stream | |
128 | \ | |
129 | \ boot file binary goes here | |
130 | \ | |
131 | \ --Part_Boundary | |
132 | \ Content-Length: 20 | |
133 | \ Content-Type: application/octet-stream | |
134 | \ | |
135 | \ keyed hash data goes here | |
136 | \ --Part_Boundary-- | |
137 | ||
138 | : process-wanboot-response ( adr -- size ) | |
139 | http-process-headers ( adr ) | |
140 | http-is-multipart? 0= if ( adr ) | |
141 | ." Response is not a multipart message" -1 throw | |
142 | then ( adr ) | |
143 | ||
144 | http-process-part-headers ( adr ) | |
145 | http-bodypart-length 2dup tuck http-read-body <> if ( adr size ) | |
146 | ." Error reading bootfile" cr -1 throw | |
147 | then nip ( size ) | |
148 | ||
149 | http-process-part-headers ( size ) | |
150 | http-bodypart-length dup HMAC_SHA1_DIGEST_LEN <> if ( size diglen ) | |
151 | ." Invalid Digest Size " .d cr -1 throw | |
152 | then ( size diglen ) | |
153 | hmac-sha1-digest over http-read-body <> if ( size ) | |
154 | ." Error reading digest" cr -1 throw | |
155 | then ( size ) | |
156 | ||
157 | http-process-part-headers ( size ) | |
158 | http-bodypart-length 0<> if ( size ) | |
159 | ." Multipart response has more than 2 parts" -1 throw | |
160 | then ( size ) | |
161 | ; | |
162 | ||
163 | \ Load the bootfile from the HTTP server and verify its authenticity. | |
164 | \ The server is accessed through a proxy if one was specified. | |
165 | ||
166 | : wanboot-load ( adr url$ proxy$ -- size ) | |
167 | ||
168 | 2over 2swap http-init ( adr url$ ) | |
169 | ||
170 | d# 512 dup alloc-mem swap >r >r ( adr url$ ) ( r: len,va ) | |
171 | r@ 0 build-wanboot-requrl$ ( adr requrl$ ) | |
172 | http-send-request ( adr ) | |
173 | r> r> free-mem ( adr ) ( r: ) | |
174 | ||
175 | dup ['] process-wanboot-response catch if ( adr adr ) | |
176 | http-close -1 throw | |
177 | then ( adr size ) | |
178 | ||
179 | http-close ( adr size ) | |
180 | ||
181 | tuck hmac-sha1-digest HMAC_SHA1_DIGEST_LEN ( size adr size digest,len ) | |
182 | verify-hmac-digest 0= if ( size ) | |
183 | ." Invalid Hash Digest" cr -1 throw | |
184 | then ( size ) | |
185 | ; | |
186 | ||
187 | headers |