[OpenSPARC-T2-SAM] / obp / obp / pkg / netinet / wanboot.fth

\ ========== Copyright Header Begin ==========================================
\ 
\ Hypervisor Software File: wanboot.fth
\ 
\ Copyright (c) 2006 Sun Microsystems, Inc. All Rights Reserved.
\ 
\  - Do no alter or remove copyright notices
\ 
\  - Redistribution and use of this software in source and binary forms, with 
\    or without modification, are permitted provided that the following 
\    conditions are met: 
\ 
\  - Redistribution of source code must retain the above copyright notice, 
\    this list of conditions and the following disclaimer.
\ 
\  - Redistribution in binary form must reproduce the above copyright notice,
\    this list of conditions and the following disclaimer in the
\    documentation and/or other materials provided with the distribution. 
\ 
\    Neither the name of Sun Microsystems, Inc. or the names of contributors 
\ may be used to endorse or promote products derived from this software 
\ without specific prior written permission. 
\ 
\     This software is provided "AS IS," without a warranty of any kind. 
\ ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, 
\ INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A 
\ PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN 
\ MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS SHALL NOT BE LIABLE FOR 
\ ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR 
\ DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN 
\ OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR 
\ FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE 
\ DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, 
\ ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF 
\ SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
\ 
\ You acknowledge that this software is not designed, licensed or
\ intended for use in the design, construction, operation or maintenance of
\ any nuclear facility. 
\ 
\ ========== Copyright Header End ============================================
id: @(#)wanboot.fth 1.1 04/09/07
purpose: WANboot support
copyright: Copyright 2004 Sun Microsystems, Inc.  All Rights Reserved
copyright: Use is subject to license terms.

headerless

\ WANboot URLs are of the form 
\	http://hostport/path/wanbootCGI
\ which specifies the server and the location of the CGI script which
\ will deliver WANboot datastreams to the client. 
\
\ To request the bootfile, we construct a query URL of the form
\	http://hostport/path/wanbootCGI/?CONTENT=bootfile&IP=a.b.c.d&CID=cid
\ where, a.b.c.d is the client's network number, and cid is the client 
\ identifier.
\
\ If a client identifier is not in use, a default client identifier
\ is constructed by concatenating the ARP hardware type and the 
\ client's hardware address.

: set-wanboot-clientid ( buf -- )
   if-htype@              over 1+         c!		( buf )
   if-hwaddr if-addrlen@  2 pick 2+ swap  move		( buf )
   if-addrlen@ 1+         swap            c!		( )
;

: wanboot-clientid ( -- $ )
   client-id count  dup 0=  if
      2drop  client-id set-wanboot-clientid  client-id count
   then
   octet-to-hexascii
;

: build-wanboot-requrl$ ( url$ buf$ -- requrl$ )
   2swap                  strcat			( buf$' )
   " /?CONTENT=bootfile"  strcat
   " &IP="                strcat
   ni-netnum inet-ntoa    strcat
   " &CID="               strcat
   wanboot-clientid       strcat			( requrl$ )
;

\ The WANboot datastream comprises of the boot file binary and the 
\ (20 byte) HMAC SHA-1 signature of that file generated using the shared
\ secret key. In the absence of a hashing key ("wanboot-hmac-sha1"), 
\ the signature field contains zeroes.

create wanboot-hmac-keyname  " wanboot-hmac-sha1" cstring,

d# 20  constant  WANBOOT_HMAC_KEYLEN	\ Size of key we use for HMAC SHA-1
d# 32  constant  MAX_KEYLEN		\ Maximum key data length in keystore

MAX_KEYLEN           instance buffer:  hmac-keydata
HMAC_SHA1_DIGEST_LEN instance buffer:  hmac-sha1-digest

: read-hmac-sha1-key ( -- key keylen true | false )
   hmac-keydata MAX_KEYLEN over wanboot-hmac-keyname
   " SUNW,get-security-key" call-cif-method  dup 0<  if
      2drop false
   else
      dup WANBOOT_HMAC_KEYLEN <>  if
         ." Invalid Hash Key Size " .d cr  -1 throw
      then  true
   then
;

: verify-hmac-digest ( adr size digest len -- ok? )
   read-hmac-sha1-key  if			( adr size digest,len key,len )
      2rot 2swap hmac-sha1 digest=		( ok? )
   else						( adr size digest,len )
      2swap 2drop true -rot  bounds do
         i c@ 0<>  if  drop false leave  then 
      loop
   then						( ok? )
;

\ The HTTP payload appears as a multipart-MIME message, the format
\ of which is as follows:
\
\	Content-Length: M
\	Content-Type: multipart/mixed; boundary="Part_Boundary"
\
\	--Part_Boundary
\	Content-Length: N
\	Content-Type: application/octet-stream
\
\	boot file binary goes here
\
\	--Part_Boundary
\	Content-Length: 20
\	Content-Type: application/octet-stream
\
\	keyed hash data goes here
\	--Part_Boundary--

: process-wanboot-response ( adr -- size )
   http-process-headers						( adr )
   http-is-multipart? 0=  if                            	( adr )
      ." Response is not a multipart message" -1 throw
   then                                                 	( adr )

   http-process-part-headers					( adr )
   http-bodypart-length 2dup tuck http-read-body <> if		( adr size )
      ." Error reading bootfile" cr -1 throw
   then  nip							( size )

   http-process-part-headers					( size )
   http-bodypart-length dup HMAC_SHA1_DIGEST_LEN <> if		( size diglen )
      ." Invalid Digest Size " .d cr  -1 throw
   then								( size diglen )
   hmac-sha1-digest over http-read-body  <>  if			( size )
      ." Error reading digest" cr  -1 throw
   then								( size )

   http-process-part-headers					( size )
   http-bodypart-length 0<>  if					( size )
      ." Multipart response has more than 2 parts" -1 throw
   then								( size )
;

\ Load the bootfile from the HTTP server and verify its authenticity. 
\ The server is accessed through a proxy if one was specified. 

: wanboot-load ( adr url$ proxy$ -- size )

   2over 2swap http-init			( adr url$ )

   d# 512 dup alloc-mem  swap >r >r		( adr url$ ) ( r: len,va )
   r@ 0  build-wanboot-requrl$			( adr requrl$ )
   http-send-request				( adr )
   r> r> free-mem				( adr ) ( r: )

   dup ['] process-wanboot-response catch  if	( adr adr )
      http-close -1 throw
   then						( adr size )

   http-close					( adr size )

   tuck hmac-sha1-digest HMAC_SHA1_DIGEST_LEN	( size adr size digest,len )
   verify-hmac-digest 0=  if			( size )
      ." Invalid Hash Digest" cr  -1 throw
   then						( size )
;

headers
Commit	Line	Data
920dae64 AT	1	\ ========== Copyright Header Begin ==========================================
	2	\
	3	\ Hypervisor Software File: wanboot.fth
	4	\
	5	\ Copyright (c) 2006 Sun Microsystems, Inc. All Rights Reserved.
	6	\
	7	\ - Do no alter or remove copyright notices
	8	\
	9	\ - Redistribution and use of this software in source and binary forms, with
	10	\ or without modification, are permitted provided that the following
	11	\ conditions are met:
	12	\
	13	\ - Redistribution of source code must retain the above copyright notice,
	14	\ this list of conditions and the following disclaimer.
	15	\
	16	\ - Redistribution in binary form must reproduce the above copyright notice,
	17	\ this list of conditions and the following disclaimer in the
	18	\ documentation and/or other materials provided with the distribution.
	19	\
	20	\ Neither the name of Sun Microsystems, Inc. or the names of contributors
	21	\ may be used to endorse or promote products derived from this software
	22	\ without specific prior written permission.
	23	\
	24	\ This software is provided "AS IS," without a warranty of any kind.
	25	\ ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
	26	\ INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A
	27	\ PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN
	28	\ MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS SHALL NOT BE LIABLE FOR
	29	\ ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR
	30	\ DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN
	31	\ OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR
	32	\ FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE
	33	\ DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY,
	34	\ ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF
	35	\ SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
	36	\
	37	\ You acknowledge that this software is not designed, licensed or
	38	\ intended for use in the design, construction, operation or maintenance of
	39	\ any nuclear facility.
	40	\
	41	\ ========== Copyright Header End ============================================
	42	id: @(#)wanboot.fth 1.1 04/09/07
	43	purpose: WANboot support
	44	copyright: Copyright 2004 Sun Microsystems, Inc. All Rights Reserved
	45	copyright: Use is subject to license terms.
	46
	47	headerless
	48
	49	\ WANboot URLs are of the form
	50	\ http://hostport/path/wanbootCGI
	51	\ which specifies the server and the location of the CGI script which
	52	\ will deliver WANboot datastreams to the client.
	53	\
	54	\ To request the bootfile, we construct a query URL of the form
	55	\ http://hostport/path/wanbootCGI/?CONTENT=bootfile&IP=a.b.c.d&CID=cid
	56	\ where, a.b.c.d is the client's network number, and cid is the client
	57	\ identifier.
	58	\
	59	\ If a client identifier is not in use, a default client identifier
	60	\ is constructed by concatenating the ARP hardware type and the
	61	\ client's hardware address.
	62
	63	: set-wanboot-clientid ( buf -- )
	64	if-htype@ over 1+ c! ( buf )
65	if-hwaddr if-addrlen@ 2 pick 2+ swap move ( buf )
66	if-addrlen@ 1+ swap c! ( )
67	;
68
69	: wanboot-clientid ( -- $ )
70	client-id count dup 0= if
71	2drop client-id set-wanboot-clientid client-id count
72	then
73	octet-to-hexascii
74	;
75
76	: build-wanboot-requrl$ ( url$ buf$ -- requrl$ )
77	2swap strcat ( buf$' )
78	" /?CONTENT=bootfile" strcat
79	" &IP=" strcat
80	ni-netnum inet-ntoa strcat
81	" &CID=" strcat
82	wanboot-clientid strcat ( requrl$ )
83	;
84
85	\ The WANboot datastream comprises of the boot file binary and the
86	\ (20 byte) HMAC SHA-1 signature of that file generated using the shared
87	\ secret key. In the absence of a hashing key ("wanboot-hmac-sha1"),
88	\ the signature field contains zeroes.
89
90	create wanboot-hmac-keyname " wanboot-hmac-sha1" cstring,
91
92	d# 20 constant WANBOOT_HMAC_KEYLEN \ Size of key we use for HMAC SHA-1
93	d# 32 constant MAX_KEYLEN \ Maximum key data length in keystore
94
95	MAX_KEYLEN instance buffer: hmac-keydata
96	HMAC_SHA1_DIGEST_LEN instance buffer: hmac-sha1-digest
97
98	: read-hmac-sha1-key ( -- key keylen true \| false )
99	hmac-keydata MAX_KEYLEN over wanboot-hmac-keyname
100	" SUNW,get-security-key" call-cif-method dup 0< if
101	2drop false
102	else
103	dup WANBOOT_HMAC_KEYLEN <> if
104	." Invalid Hash Key Size " .d cr -1 throw
105	then true
106	then
107	;
108
109	: verify-hmac-digest ( adr size digest len -- ok? )
110	read-hmac-sha1-key if ( adr size digest,len key,len )
111	2rot 2swap hmac-sha1 digest= ( ok? )
112	else ( adr size digest,len )
113	2swap 2drop true -rot bounds do
114	i c@ 0<> if drop false leave then
115	loop
116	then ( ok? )
117	;
118
119	\ The HTTP payload appears as a multipart-MIME message, the format
120	\ of which is as follows:
121	\
122	\ Content-Length: M
123	\ Content-Type: multipart/mixed; boundary="Part_Boundary"
124	\
125	\ --Part_Boundary
126	\ Content-Length: N
127	\ Content-Type: application/octet-stream
128	\
129	\ boot file binary goes here
130	\
131	\ --Part_Boundary
132	\ Content-Length: 20
133	\ Content-Type: application/octet-stream
134	\
135	\ keyed hash data goes here
136	\ --Part_Boundary--
137
138	: process-wanboot-response ( adr -- size )
139	http-process-headers ( adr )
140	http-is-multipart? 0= if ( adr )
141	." Response is not a multipart message" -1 throw
142	then ( adr )
143
144	http-process-part-headers ( adr )
145	http-bodypart-length 2dup tuck http-read-body <> if ( adr size )
146	." Error reading bootfile" cr -1 throw
147	then nip ( size )
148
149	http-process-part-headers ( size )
150	http-bodypart-length dup HMAC_SHA1_DIGEST_LEN <> if ( size diglen )
151	." Invalid Digest Size " .d cr -1 throw
152	then ( size diglen )
153	hmac-sha1-digest over http-read-body <> if ( size )
154	." Error reading digest" cr -1 throw
155	then ( size )
156
157	http-process-part-headers ( size )
158	http-bodypart-length 0<> if ( size )
159	." Multipart response has more than 2 parts" -1 throw
160	then ( size )
161	;
162
163	\ Load the bootfile from the HTTP server and verify its authenticity.
164	\ The server is accessed through a proxy if one was specified.
165
166	: wanboot-load ( adr url$ proxy$ -- size )
167
168	2over 2swap http-init ( adr url$ )
169
170	d# 512 dup alloc-mem swap >r >r ( adr url$ ) ( r: len,va )
171	r@ 0 build-wanboot-requrl$ ( adr requrl$ )
172	http-send-request ( adr )
173	r> r> free-mem ( adr ) ( r: )
174
175	dup ['] process-wanboot-response catch if ( adr adr )
176	http-close -1 throw
177	then ( adr size )
178
179	http-close ( adr size )
180
181	tuck hmac-sha1-digest HMAC_SHA1_DIGEST_LEN ( size adr size digest,len )
182	verify-hmac-digest 0= if ( size )
183	." Invalid Hash Digest" cr -1 throw
184	then ( size )
185	;
186
187	headers