1*7c478bd9Sstevel@tonic-gate /*
2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START
3*7c478bd9Sstevel@tonic-gate *
4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only
6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance
7*7c478bd9Sstevel@tonic-gate * with the License.
8*7c478bd9Sstevel@tonic-gate *
9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
12*7c478bd9Sstevel@tonic-gate * and limitations under the License.
13*7c478bd9Sstevel@tonic-gate *
14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
19*7c478bd9Sstevel@tonic-gate *
20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END
21*7c478bd9Sstevel@tonic-gate */
22*7c478bd9Sstevel@tonic-gate /*
23*7c478bd9Sstevel@tonic-gate * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved.
24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms.
25*7c478bd9Sstevel@tonic-gate */
26*7c478bd9Sstevel@tonic-gate
27*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI"
28*7c478bd9Sstevel@tonic-gate
29*7c478bd9Sstevel@tonic-gate /*
30*7c478bd9Sstevel@tonic-gate * This provides the interface to store a named key in stable local
31*7c478bd9Sstevel@tonic-gate * storage. These keys are retrieved and used by OBP and WAN boot
32*7c478bd9Sstevel@tonic-gate * to do decryption and HMAC verification of network-downloaded data.
33*7c478bd9Sstevel@tonic-gate */
34*7c478bd9Sstevel@tonic-gate
35*7c478bd9Sstevel@tonic-gate #include <sys/promimpl.h>
36*7c478bd9Sstevel@tonic-gate #ifdef PROM_32BIT_ADDRS
37*7c478bd9Sstevel@tonic-gate #include <sys/sunddi.h>
38*7c478bd9Sstevel@tonic-gate #endif /* PROM_32BIT_ADDRS */
39*7c478bd9Sstevel@tonic-gate
40*7c478bd9Sstevel@tonic-gate int
prom_set_security_key(char * keyname,caddr_t buf,int buflen,int * reslen,int * status)41*7c478bd9Sstevel@tonic-gate prom_set_security_key(char *keyname, caddr_t buf, int buflen, int *reslen,
42*7c478bd9Sstevel@tonic-gate int *status)
43*7c478bd9Sstevel@tonic-gate {
44*7c478bd9Sstevel@tonic-gate int rv;
45*7c478bd9Sstevel@tonic-gate cell_t ci[7];
46*7c478bd9Sstevel@tonic-gate int result;
47*7c478bd9Sstevel@tonic-gate #ifdef PROM_32BIT_ADDRS
48*7c478bd9Sstevel@tonic-gate char *okeyname = NULL;
49*7c478bd9Sstevel@tonic-gate char *obuf = NULL;
50*7c478bd9Sstevel@tonic-gate size_t keynamelen;
51*7c478bd9Sstevel@tonic-gate
52*7c478bd9Sstevel@tonic-gate if ((uintptr_t)keyname > (uint32_t)-1) {
53*7c478bd9Sstevel@tonic-gate okeyname = keyname;
54*7c478bd9Sstevel@tonic-gate keynamelen = prom_strlen(okeyname) + 1; /* include '\0' */
55*7c478bd9Sstevel@tonic-gate keyname = promplat_alloc(keynamelen);
56*7c478bd9Sstevel@tonic-gate if (keyname == NULL)
57*7c478bd9Sstevel@tonic-gate return (-1);
58*7c478bd9Sstevel@tonic-gate (void) prom_strcpy(keyname, okeyname);
59*7c478bd9Sstevel@tonic-gate }
60*7c478bd9Sstevel@tonic-gate
61*7c478bd9Sstevel@tonic-gate /*
62*7c478bd9Sstevel@tonic-gate * A key length of zero is used to delete the named key.
63*7c478bd9Sstevel@tonic-gate * No need to reallocate and copy buf[] in this case.
64*7c478bd9Sstevel@tonic-gate */
65*7c478bd9Sstevel@tonic-gate if (buflen > 0 && ((uintptr_t)buf > (uint32_t)-1)) {
66*7c478bd9Sstevel@tonic-gate obuf = buf;
67*7c478bd9Sstevel@tonic-gate buf = promplat_alloc(buflen);
68*7c478bd9Sstevel@tonic-gate if ((buf == NULL) && (okeyname != NULL)) {
69*7c478bd9Sstevel@tonic-gate promplat_free(keyname, keynamelen);
70*7c478bd9Sstevel@tonic-gate return (-1);
71*7c478bd9Sstevel@tonic-gate }
72*7c478bd9Sstevel@tonic-gate promplat_bcopy(obuf, buf, buflen);
73*7c478bd9Sstevel@tonic-gate }
74*7c478bd9Sstevel@tonic-gate #endif /* PROM_32BIT_ADDRS */
75*7c478bd9Sstevel@tonic-gate
76*7c478bd9Sstevel@tonic-gate /*
77*7c478bd9Sstevel@tonic-gate * The arguments to the SUNW,set-security-key service
78*7c478bd9Sstevel@tonic-gate * that stores a key are
79*7c478bd9Sstevel@tonic-gate * ci[0] the service name
80*7c478bd9Sstevel@tonic-gate * ci[1] the number of ``in'' arguments
81*7c478bd9Sstevel@tonic-gate * ci[2] the number of ``out'' arguments
82*7c478bd9Sstevel@tonic-gate * ci[3] the key's name, as a string
83*7c478bd9Sstevel@tonic-gate * ci[4] the key buffer itself
84*7c478bd9Sstevel@tonic-gate * ci[5] the length of the key buffer
85*7c478bd9Sstevel@tonic-gate *
86*7c478bd9Sstevel@tonic-gate * When p1275_cif_handler() returns, the return value is
87*7c478bd9Sstevel@tonic-gate * ci[6] the length of the key stored, or (if
88*7c478bd9Sstevel@tonic-gate * negative) an error code.
89*7c478bd9Sstevel@tonic-gate */
90*7c478bd9Sstevel@tonic-gate ci[0] = p1275_ptr2cell("SUNW,set-security-key");
91*7c478bd9Sstevel@tonic-gate ci[1] = 3;
92*7c478bd9Sstevel@tonic-gate ci[2] = 1;
93*7c478bd9Sstevel@tonic-gate ci[3] = p1275_ptr2cell(keyname);
94*7c478bd9Sstevel@tonic-gate ci[4] = p1275_ptr2cell(buf);
95*7c478bd9Sstevel@tonic-gate ci[5] = p1275_uint2cell(buflen);
96*7c478bd9Sstevel@tonic-gate
97*7c478bd9Sstevel@tonic-gate promif_preprom();
98*7c478bd9Sstevel@tonic-gate rv = p1275_cif_handler(ci);
99*7c478bd9Sstevel@tonic-gate promif_postprom();
100*7c478bd9Sstevel@tonic-gate
101*7c478bd9Sstevel@tonic-gate #ifdef PROM_32BIT_ADDRS
102*7c478bd9Sstevel@tonic-gate if (okeyname != NULL)
103*7c478bd9Sstevel@tonic-gate promplat_free(keyname, keynamelen);
104*7c478bd9Sstevel@tonic-gate if (obuf != NULL)
105*7c478bd9Sstevel@tonic-gate promplat_free(buf, buflen);
106*7c478bd9Sstevel@tonic-gate #endif /* PROM_32BIT_ADDRS */
107*7c478bd9Sstevel@tonic-gate
108*7c478bd9Sstevel@tonic-gate if (rv != 0)
109*7c478bd9Sstevel@tonic-gate return (-1);
110*7c478bd9Sstevel@tonic-gate
111*7c478bd9Sstevel@tonic-gate result = p1275_cell2int(ci[6]);
112*7c478bd9Sstevel@tonic-gate if (result >= 0) {
113*7c478bd9Sstevel@tonic-gate *reslen = result;
114*7c478bd9Sstevel@tonic-gate *status = 0;
115*7c478bd9Sstevel@tonic-gate } else {
116*7c478bd9Sstevel@tonic-gate *reslen = 0;
117*7c478bd9Sstevel@tonic-gate *status = result;
118*7c478bd9Sstevel@tonic-gate }
119*7c478bd9Sstevel@tonic-gate return (0);
120*7c478bd9Sstevel@tonic-gate }
121*7c478bd9Sstevel@tonic-gate
122*7c478bd9Sstevel@tonic-gate int
prom_get_security_key(char * keyname,caddr_t buf,int buflen,int * keylen,int * status)123*7c478bd9Sstevel@tonic-gate prom_get_security_key(char *keyname, caddr_t buf, int buflen, int *keylen,
124*7c478bd9Sstevel@tonic-gate int *status)
125*7c478bd9Sstevel@tonic-gate {
126*7c478bd9Sstevel@tonic-gate int rv;
127*7c478bd9Sstevel@tonic-gate cell_t ci[7];
128*7c478bd9Sstevel@tonic-gate int result;
129*7c478bd9Sstevel@tonic-gate #ifdef PROM_32BIT_ADDRS
130*7c478bd9Sstevel@tonic-gate char *okeyname = NULL;
131*7c478bd9Sstevel@tonic-gate char *obuf = NULL;
132*7c478bd9Sstevel@tonic-gate size_t keynamelen;
133*7c478bd9Sstevel@tonic-gate
134*7c478bd9Sstevel@tonic-gate if ((uintptr_t)keyname > (uint32_t)-1) {
135*7c478bd9Sstevel@tonic-gate okeyname = keyname;
136*7c478bd9Sstevel@tonic-gate keynamelen = prom_strlen(okeyname) + 1; /* include '\0' */
137*7c478bd9Sstevel@tonic-gate keyname = promplat_alloc(keynamelen);
138*7c478bd9Sstevel@tonic-gate if (keyname == NULL)
139*7c478bd9Sstevel@tonic-gate return (-1);
140*7c478bd9Sstevel@tonic-gate (void) prom_strcpy(keyname, okeyname);
141*7c478bd9Sstevel@tonic-gate }
142*7c478bd9Sstevel@tonic-gate if ((uintptr_t)buf > (uint32_t)-1) {
143*7c478bd9Sstevel@tonic-gate obuf = buf;
144*7c478bd9Sstevel@tonic-gate buf = promplat_alloc(buflen);
145*7c478bd9Sstevel@tonic-gate if ((buf == NULL) && (okeyname != NULL)) {
146*7c478bd9Sstevel@tonic-gate promplat_free(keyname, keynamelen);
147*7c478bd9Sstevel@tonic-gate return (-1);
148*7c478bd9Sstevel@tonic-gate }
149*7c478bd9Sstevel@tonic-gate }
150*7c478bd9Sstevel@tonic-gate #endif /* PROM_32BIT_ADDRS */
151*7c478bd9Sstevel@tonic-gate
152*7c478bd9Sstevel@tonic-gate /*
153*7c478bd9Sstevel@tonic-gate * The arguments to the SUNW,get-security-key service
154*7c478bd9Sstevel@tonic-gate * that stores a key are
155*7c478bd9Sstevel@tonic-gate * ci[0] the service name
156*7c478bd9Sstevel@tonic-gate * ci[1] the number of ``in'' arguments
157*7c478bd9Sstevel@tonic-gate * ci[2] the number of ``out'' arguments
158*7c478bd9Sstevel@tonic-gate * ci[3] the key's name, as a string
159*7c478bd9Sstevel@tonic-gate * ci[4] the key buffer itself
160*7c478bd9Sstevel@tonic-gate * ci[5] the length of the key buffer
161*7c478bd9Sstevel@tonic-gate *
162*7c478bd9Sstevel@tonic-gate * When p1275_cif_handler() returns, the return value is
163*7c478bd9Sstevel@tonic-gate * ci[6] the length of the key, or (if
164*7c478bd9Sstevel@tonic-gate * negative) an error code.
165*7c478bd9Sstevel@tonic-gate */
166*7c478bd9Sstevel@tonic-gate ci[0] = p1275_ptr2cell("SUNW,get-security-key");
167*7c478bd9Sstevel@tonic-gate ci[1] = 3;
168*7c478bd9Sstevel@tonic-gate ci[2] = 1;
169*7c478bd9Sstevel@tonic-gate ci[3] = p1275_ptr2cell(keyname);
170*7c478bd9Sstevel@tonic-gate ci[4] = p1275_ptr2cell(buf);
171*7c478bd9Sstevel@tonic-gate ci[5] = p1275_uint2cell(buflen);
172*7c478bd9Sstevel@tonic-gate
173*7c478bd9Sstevel@tonic-gate promif_preprom();
174*7c478bd9Sstevel@tonic-gate rv = p1275_cif_handler(ci);
175*7c478bd9Sstevel@tonic-gate promif_postprom();
176*7c478bd9Sstevel@tonic-gate
177*7c478bd9Sstevel@tonic-gate #ifdef PROM_32BIT_ADDRS
178*7c478bd9Sstevel@tonic-gate if (okeyname != NULL)
179*7c478bd9Sstevel@tonic-gate promplat_free(keyname, keynamelen);
180*7c478bd9Sstevel@tonic-gate if (obuf != NULL) {
181*7c478bd9Sstevel@tonic-gate promplat_bcopy(buf, obuf, buflen);
182*7c478bd9Sstevel@tonic-gate promplat_free(buf, buflen);
183*7c478bd9Sstevel@tonic-gate }
184*7c478bd9Sstevel@tonic-gate #endif /* PROM_32BIT_ADDRS */
185*7c478bd9Sstevel@tonic-gate
186*7c478bd9Sstevel@tonic-gate if (rv != 0)
187*7c478bd9Sstevel@tonic-gate return (-1);
188*7c478bd9Sstevel@tonic-gate
189*7c478bd9Sstevel@tonic-gate result = p1275_cell2int(ci[6]);
190*7c478bd9Sstevel@tonic-gate if (result > 0) {
191*7c478bd9Sstevel@tonic-gate *keylen = result;
192*7c478bd9Sstevel@tonic-gate *status = 0;
193*7c478bd9Sstevel@tonic-gate } else {
194*7c478bd9Sstevel@tonic-gate *keylen = 0;
195*7c478bd9Sstevel@tonic-gate *status = result;
196*7c478bd9Sstevel@tonic-gate }
197*7c478bd9Sstevel@tonic-gate return (0);
198*7c478bd9Sstevel@tonic-gate }
199