1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 28*7c478bd9Sstevel@tonic-gate 29*7c478bd9Sstevel@tonic-gate /* 30*7c478bd9Sstevel@tonic-gate * This provides the interface to store a named key in stable local 31*7c478bd9Sstevel@tonic-gate * storage. These keys are retrieved and used by OBP and WAN boot 32*7c478bd9Sstevel@tonic-gate * to do decryption and HMAC verification of network-downloaded data. 33*7c478bd9Sstevel@tonic-gate */ 34*7c478bd9Sstevel@tonic-gate 35*7c478bd9Sstevel@tonic-gate #include <sys/promimpl.h> 36*7c478bd9Sstevel@tonic-gate #ifdef PROM_32BIT_ADDRS 37*7c478bd9Sstevel@tonic-gate #include <sys/sunddi.h> 38*7c478bd9Sstevel@tonic-gate #endif /* PROM_32BIT_ADDRS */ 39*7c478bd9Sstevel@tonic-gate 40*7c478bd9Sstevel@tonic-gate int 41*7c478bd9Sstevel@tonic-gate prom_set_security_key(char *keyname, caddr_t buf, int buflen, int *reslen, 42*7c478bd9Sstevel@tonic-gate int *status) 43*7c478bd9Sstevel@tonic-gate { 44*7c478bd9Sstevel@tonic-gate int rv; 45*7c478bd9Sstevel@tonic-gate cell_t ci[7]; 46*7c478bd9Sstevel@tonic-gate int result; 47*7c478bd9Sstevel@tonic-gate #ifdef PROM_32BIT_ADDRS 48*7c478bd9Sstevel@tonic-gate char *okeyname = NULL; 49*7c478bd9Sstevel@tonic-gate char *obuf = NULL; 50*7c478bd9Sstevel@tonic-gate size_t keynamelen; 51*7c478bd9Sstevel@tonic-gate 52*7c478bd9Sstevel@tonic-gate if ((uintptr_t)keyname > (uint32_t)-1) { 53*7c478bd9Sstevel@tonic-gate okeyname = keyname; 54*7c478bd9Sstevel@tonic-gate keynamelen = prom_strlen(okeyname) + 1; /* include '\0' */ 55*7c478bd9Sstevel@tonic-gate keyname = promplat_alloc(keynamelen); 56*7c478bd9Sstevel@tonic-gate if (keyname == NULL) 57*7c478bd9Sstevel@tonic-gate return (-1); 58*7c478bd9Sstevel@tonic-gate (void) prom_strcpy(keyname, okeyname); 59*7c478bd9Sstevel@tonic-gate } 60*7c478bd9Sstevel@tonic-gate 61*7c478bd9Sstevel@tonic-gate /* 62*7c478bd9Sstevel@tonic-gate * A key length of zero is used to delete the named key. 63*7c478bd9Sstevel@tonic-gate * No need to reallocate and copy buf[] in this case. 64*7c478bd9Sstevel@tonic-gate */ 65*7c478bd9Sstevel@tonic-gate if (buflen > 0 && ((uintptr_t)buf > (uint32_t)-1)) { 66*7c478bd9Sstevel@tonic-gate obuf = buf; 67*7c478bd9Sstevel@tonic-gate buf = promplat_alloc(buflen); 68*7c478bd9Sstevel@tonic-gate if ((buf == NULL) && (okeyname != NULL)) { 69*7c478bd9Sstevel@tonic-gate promplat_free(keyname, keynamelen); 70*7c478bd9Sstevel@tonic-gate return (-1); 71*7c478bd9Sstevel@tonic-gate } 72*7c478bd9Sstevel@tonic-gate promplat_bcopy(obuf, buf, buflen); 73*7c478bd9Sstevel@tonic-gate } 74*7c478bd9Sstevel@tonic-gate #endif /* PROM_32BIT_ADDRS */ 75*7c478bd9Sstevel@tonic-gate 76*7c478bd9Sstevel@tonic-gate /* 77*7c478bd9Sstevel@tonic-gate * The arguments to the SUNW,set-security-key service 78*7c478bd9Sstevel@tonic-gate * that stores a key are 79*7c478bd9Sstevel@tonic-gate * ci[0] the service name 80*7c478bd9Sstevel@tonic-gate * ci[1] the number of ``in'' arguments 81*7c478bd9Sstevel@tonic-gate * ci[2] the number of ``out'' arguments 82*7c478bd9Sstevel@tonic-gate * ci[3] the key's name, as a string 83*7c478bd9Sstevel@tonic-gate * ci[4] the key buffer itself 84*7c478bd9Sstevel@tonic-gate * ci[5] the length of the key buffer 85*7c478bd9Sstevel@tonic-gate * 86*7c478bd9Sstevel@tonic-gate * When p1275_cif_handler() returns, the return value is 87*7c478bd9Sstevel@tonic-gate * ci[6] the length of the key stored, or (if 88*7c478bd9Sstevel@tonic-gate * negative) an error code. 89*7c478bd9Sstevel@tonic-gate */ 90*7c478bd9Sstevel@tonic-gate ci[0] = p1275_ptr2cell("SUNW,set-security-key"); 91*7c478bd9Sstevel@tonic-gate ci[1] = 3; 92*7c478bd9Sstevel@tonic-gate ci[2] = 1; 93*7c478bd9Sstevel@tonic-gate ci[3] = p1275_ptr2cell(keyname); 94*7c478bd9Sstevel@tonic-gate ci[4] = p1275_ptr2cell(buf); 95*7c478bd9Sstevel@tonic-gate ci[5] = p1275_uint2cell(buflen); 96*7c478bd9Sstevel@tonic-gate 97*7c478bd9Sstevel@tonic-gate promif_preprom(); 98*7c478bd9Sstevel@tonic-gate rv = p1275_cif_handler(ci); 99*7c478bd9Sstevel@tonic-gate promif_postprom(); 100*7c478bd9Sstevel@tonic-gate 101*7c478bd9Sstevel@tonic-gate #ifdef PROM_32BIT_ADDRS 102*7c478bd9Sstevel@tonic-gate if (okeyname != NULL) 103*7c478bd9Sstevel@tonic-gate promplat_free(keyname, keynamelen); 104*7c478bd9Sstevel@tonic-gate if (obuf != NULL) 105*7c478bd9Sstevel@tonic-gate promplat_free(buf, buflen); 106*7c478bd9Sstevel@tonic-gate #endif /* PROM_32BIT_ADDRS */ 107*7c478bd9Sstevel@tonic-gate 108*7c478bd9Sstevel@tonic-gate if (rv != 0) 109*7c478bd9Sstevel@tonic-gate return (-1); 110*7c478bd9Sstevel@tonic-gate 111*7c478bd9Sstevel@tonic-gate result = p1275_cell2int(ci[6]); 112*7c478bd9Sstevel@tonic-gate if (result >= 0) { 113*7c478bd9Sstevel@tonic-gate *reslen = result; 114*7c478bd9Sstevel@tonic-gate *status = 0; 115*7c478bd9Sstevel@tonic-gate } else { 116*7c478bd9Sstevel@tonic-gate *reslen = 0; 117*7c478bd9Sstevel@tonic-gate *status = result; 118*7c478bd9Sstevel@tonic-gate } 119*7c478bd9Sstevel@tonic-gate return (0); 120*7c478bd9Sstevel@tonic-gate } 121*7c478bd9Sstevel@tonic-gate 122*7c478bd9Sstevel@tonic-gate int 123*7c478bd9Sstevel@tonic-gate prom_get_security_key(char *keyname, caddr_t buf, int buflen, int *keylen, 124*7c478bd9Sstevel@tonic-gate int *status) 125*7c478bd9Sstevel@tonic-gate { 126*7c478bd9Sstevel@tonic-gate int rv; 127*7c478bd9Sstevel@tonic-gate cell_t ci[7]; 128*7c478bd9Sstevel@tonic-gate int result; 129*7c478bd9Sstevel@tonic-gate #ifdef PROM_32BIT_ADDRS 130*7c478bd9Sstevel@tonic-gate char *okeyname = NULL; 131*7c478bd9Sstevel@tonic-gate char *obuf = NULL; 132*7c478bd9Sstevel@tonic-gate size_t keynamelen; 133*7c478bd9Sstevel@tonic-gate 134*7c478bd9Sstevel@tonic-gate if ((uintptr_t)keyname > (uint32_t)-1) { 135*7c478bd9Sstevel@tonic-gate okeyname = keyname; 136*7c478bd9Sstevel@tonic-gate keynamelen = prom_strlen(okeyname) + 1; /* include '\0' */ 137*7c478bd9Sstevel@tonic-gate keyname = promplat_alloc(keynamelen); 138*7c478bd9Sstevel@tonic-gate if (keyname == NULL) 139*7c478bd9Sstevel@tonic-gate return (-1); 140*7c478bd9Sstevel@tonic-gate (void) prom_strcpy(keyname, okeyname); 141*7c478bd9Sstevel@tonic-gate } 142*7c478bd9Sstevel@tonic-gate if ((uintptr_t)buf > (uint32_t)-1) { 143*7c478bd9Sstevel@tonic-gate obuf = buf; 144*7c478bd9Sstevel@tonic-gate buf = promplat_alloc(buflen); 145*7c478bd9Sstevel@tonic-gate if ((buf == NULL) && (okeyname != NULL)) { 146*7c478bd9Sstevel@tonic-gate promplat_free(keyname, keynamelen); 147*7c478bd9Sstevel@tonic-gate return (-1); 148*7c478bd9Sstevel@tonic-gate } 149*7c478bd9Sstevel@tonic-gate } 150*7c478bd9Sstevel@tonic-gate #endif /* PROM_32BIT_ADDRS */ 151*7c478bd9Sstevel@tonic-gate 152*7c478bd9Sstevel@tonic-gate /* 153*7c478bd9Sstevel@tonic-gate * The arguments to the SUNW,get-security-key service 154*7c478bd9Sstevel@tonic-gate * that stores a key are 155*7c478bd9Sstevel@tonic-gate * ci[0] the service name 156*7c478bd9Sstevel@tonic-gate * ci[1] the number of ``in'' arguments 157*7c478bd9Sstevel@tonic-gate * ci[2] the number of ``out'' arguments 158*7c478bd9Sstevel@tonic-gate * ci[3] the key's name, as a string 159*7c478bd9Sstevel@tonic-gate * ci[4] the key buffer itself 160*7c478bd9Sstevel@tonic-gate * ci[5] the length of the key buffer 161*7c478bd9Sstevel@tonic-gate * 162*7c478bd9Sstevel@tonic-gate * When p1275_cif_handler() returns, the return value is 163*7c478bd9Sstevel@tonic-gate * ci[6] the length of the key, or (if 164*7c478bd9Sstevel@tonic-gate * negative) an error code. 165*7c478bd9Sstevel@tonic-gate */ 166*7c478bd9Sstevel@tonic-gate ci[0] = p1275_ptr2cell("SUNW,get-security-key"); 167*7c478bd9Sstevel@tonic-gate ci[1] = 3; 168*7c478bd9Sstevel@tonic-gate ci[2] = 1; 169*7c478bd9Sstevel@tonic-gate ci[3] = p1275_ptr2cell(keyname); 170*7c478bd9Sstevel@tonic-gate ci[4] = p1275_ptr2cell(buf); 171*7c478bd9Sstevel@tonic-gate ci[5] = p1275_uint2cell(buflen); 172*7c478bd9Sstevel@tonic-gate 173*7c478bd9Sstevel@tonic-gate promif_preprom(); 174*7c478bd9Sstevel@tonic-gate rv = p1275_cif_handler(ci); 175*7c478bd9Sstevel@tonic-gate promif_postprom(); 176*7c478bd9Sstevel@tonic-gate 177*7c478bd9Sstevel@tonic-gate #ifdef PROM_32BIT_ADDRS 178*7c478bd9Sstevel@tonic-gate if (okeyname != NULL) 179*7c478bd9Sstevel@tonic-gate promplat_free(keyname, keynamelen); 180*7c478bd9Sstevel@tonic-gate if (obuf != NULL) { 181*7c478bd9Sstevel@tonic-gate promplat_bcopy(buf, obuf, buflen); 182*7c478bd9Sstevel@tonic-gate promplat_free(buf, buflen); 183*7c478bd9Sstevel@tonic-gate } 184*7c478bd9Sstevel@tonic-gate #endif /* PROM_32BIT_ADDRS */ 185*7c478bd9Sstevel@tonic-gate 186*7c478bd9Sstevel@tonic-gate if (rv != 0) 187*7c478bd9Sstevel@tonic-gate return (-1); 188*7c478bd9Sstevel@tonic-gate 189*7c478bd9Sstevel@tonic-gate result = p1275_cell2int(ci[6]); 190*7c478bd9Sstevel@tonic-gate if (result > 0) { 191*7c478bd9Sstevel@tonic-gate *keylen = result; 192*7c478bd9Sstevel@tonic-gate *status = 0; 193*7c478bd9Sstevel@tonic-gate } else { 194*7c478bd9Sstevel@tonic-gate *keylen = 0; 195*7c478bd9Sstevel@tonic-gate *status = result; 196*7c478bd9Sstevel@tonic-gate } 197*7c478bd9Sstevel@tonic-gate return (0); 198*7c478bd9Sstevel@tonic-gate } 199