summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2016-09-11 17:52:48 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2016-09-11 17:52:48 +0000
commit6ec9bb6fde9450387f7a9d50735304f6423ec9c2 (patch)
tree994ccb9b143737fc3507268b2d6b7b0d897f78db
parent608e35dec6b06512cc2078e43f2b622fe55a6894 (diff)
Switch i386 boot code to libsa MI softraid.
-rw-r--r--sys/arch/i386/stand/boot/Makefile5
-rw-r--r--sys/arch/i386/stand/cdboot/Makefile5
-rw-r--r--sys/arch/i386/stand/libsa/biosdev.c3
-rw-r--r--sys/arch/i386/stand/libsa/dev_i386.c3
-rw-r--r--sys/arch/i386/stand/libsa/exec_i386.c3
-rw-r--r--sys/arch/i386/stand/libsa/softraid_i386.c204
-rw-r--r--sys/arch/i386/stand/libsa/softraid_i386.h8
-rw-r--r--sys/arch/i386/stand/pxeboot/Makefile5
8 files changed, 18 insertions, 218 deletions
diff --git a/sys/arch/i386/stand/boot/Makefile b/sys/arch/i386/stand/boot/Makefile
index fe16556ad45..1cd16b18a89 100644
--- a/sys/arch/i386/stand/boot/Makefile
+++ b/sys/arch/i386/stand/boot/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.62 2016/09/11 15:54:11 jsing Exp $
+# $OpenBSD: Makefile,v 1.63 2016/09/11 17:52:47 jsing Exp $
COPTS?=
MAN?= boot.8
@@ -44,7 +44,8 @@ SRCS+= close.c closeall.c cons.c cread.c dev.c disklabel.c dkcksum.c fstat.c \
SRCS+= elf32.c elf64.c loadfile.c
SRCS+= ufs.c
.if ${SOFTRAID:L} == "yes"
-SRCS+= aes_xts.c explicit_bzero.c hmac_sha1.c pkcs5_pbkdf2.c rijndael.c sha1.c
+SRCS+= aes_xts.c explicit_bzero.c hmac_sha1.c pkcs5_pbkdf2.c rijndael.c \
+ sha1.c softraid.c
.endif
.PATH: ${S}/lib/libkern
diff --git a/sys/arch/i386/stand/cdboot/Makefile b/sys/arch/i386/stand/cdboot/Makefile
index 25c85b45000..3964fecb2b6 100644
--- a/sys/arch/i386/stand/cdboot/Makefile
+++ b/sys/arch/i386/stand/cdboot/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.27 2016/09/11 15:54:11 jsing Exp $
+# $OpenBSD: Makefile,v 1.28 2016/09/11 17:52:47 jsing Exp $
MAN= cdboot.8
@@ -34,7 +34,8 @@ SRCS+= close.c closeall.c cons.c cread.c dev.c disklabel.c dkcksum.c fstat.c \
lseek.c open.c read.c readdir.c stat.c
SRCS+= elf32.c elf64.c loadfile.c
SRCS+= cd9660.c ufs.c
-SRCS+= aes_xts.c explicit_bzero.c hmac_sha1.c pkcs5_pbkdf2.c rijndael.c sha1.c
+SRCS+= aes_xts.c explicit_bzero.c hmac_sha1.c pkcs5_pbkdf2.c rijndael.c \
+ sha1.c softraid.c
.PATH: ${S}/lib/libkern/arch/i386
SRCS+= moddi3.c divdi3.c qdivrem.c
diff --git a/sys/arch/i386/stand/libsa/biosdev.c b/sys/arch/i386/stand/libsa/biosdev.c
index e2f06b28986..b7b4e3a48fd 100644
--- a/sys/arch/i386/stand/libsa/biosdev.c
+++ b/sys/arch/i386/stand/libsa/biosdev.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: biosdev.c,v 1.93 2016/09/11 15:54:11 jsing Exp $ */
+/* $OpenBSD: biosdev.c,v 1.94 2016/09/11 17:52:47 jsing Exp $ */
/*
* Copyright (c) 1996 Michael Shalayeff
@@ -43,6 +43,7 @@
#ifdef SOFTRAID
#include <dev/softraidvar.h>
+#include <lib/libsa/softraid.h>
#include "softraid_i386.h"
#endif
diff --git a/sys/arch/i386/stand/libsa/dev_i386.c b/sys/arch/i386/stand/libsa/dev_i386.c
index 7d37b7d898d..fdb0311abec 100644
--- a/sys/arch/i386/stand/libsa/dev_i386.c
+++ b/sys/arch/i386/stand/libsa/dev_i386.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dev_i386.c,v 1.42 2016/09/11 15:54:11 jsing Exp $ */
+/* $OpenBSD: dev_i386.c,v 1.43 2016/09/11 17:52:47 jsing Exp $ */
/*
* Copyright (c) 1996-1999 Michael Shalayeff
@@ -38,6 +38,7 @@
#ifdef SOFTRAID
#include <dev/biovar.h>
#include <dev/softraidvar.h>
+#include <lib/libsa/softraid.h>
#include "softraid_i386.h"
#endif
diff --git a/sys/arch/i386/stand/libsa/exec_i386.c b/sys/arch/i386/stand/libsa/exec_i386.c
index 157902d49d4..4364a3c0295 100644
--- a/sys/arch/i386/stand/libsa/exec_i386.c
+++ b/sys/arch/i386/stand/libsa/exec_i386.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: exec_i386.c,v 1.43 2016/09/11 15:54:11 jsing Exp $ */
+/* $OpenBSD: exec_i386.c,v 1.44 2016/09/11 17:52:47 jsing Exp $ */
/*
* Copyright (c) 1997-1998 Michael Shalayeff
@@ -40,6 +40,7 @@
#ifdef SOFTRAID
#include <dev/softraidvar.h>
+#include <lib/libsa/softraid.h>
#include "softraid_i386.h"
#endif
diff --git a/sys/arch/i386/stand/libsa/softraid_i386.c b/sys/arch/i386/stand/libsa/softraid_i386.c
index 82f0985f593..25182119eac 100644
--- a/sys/arch/i386/stand/libsa/softraid_i386.c
+++ b/sys/arch/i386/stand/libsa/softraid_i386.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: softraid_i386.c,v 1.1 2016/09/11 15:54:11 jsing Exp $ */
+/* $OpenBSD: softraid_i386.c,v 1.2 2016/09/11 17:52:47 jsing Exp $ */
/*
* Copyright (c) 2012 Joel Sing <jsing@openbsd.org>
@@ -25,26 +25,12 @@
#include <dev/softraidvar.h>
#include <lib/libsa/aes_xts.h>
-#include <lib/libsa/hmac_sha1.h>
-#include <lib/libsa/pkcs5_pbkdf2.h>
-#include <lib/libsa/rijndael.h>
+#include <lib/libsa/softraid.h>
#include "libsa.h"
#include "disk.h"
#include "softraid_i386.h"
-/* List of softraid volumes. */
-struct sr_boot_volume_head sr_volumes;
-
-/* Metadata from keydisks. */
-struct sr_boot_keydisk {
- struct sr_uuid kd_uuid;
- u_int8_t kd_key[SR_CRYPTO_MAXKEYBYTES];
- SLIST_ENTRY(sr_boot_keydisk) kd_link;
-};
-SLIST_HEAD(sr_boot_keydisk_head, sr_boot_keydisk);
-struct sr_boot_keydisk_head sr_keydisks;
-
void
srprobe_meta_opt_load(struct sr_metadata *sm, struct sr_meta_opt_head *som)
{
@@ -437,189 +423,3 @@ sr_getdisklabel(struct sr_boot_volume *bv, struct disklabel *label)
/* Fill in disklabel */
return (getdisklabel(buf, label));
}
-
-
-#define RIJNDAEL128_BLOCK_LEN 16
-#define PASSPHRASE_LENGTH 1024
-
-#define SR_CRYPTO_KEYBLOCK_BYTES SR_CRYPTO_MAXKEYS * SR_CRYPTO_KEYBYTES
-
-#ifdef BIOS_DEBUG
-void
-printhex(const char *s, const u_int8_t *buf, size_t len)
-{
- u_int8_t n1, n2;
- size_t i;
-
- printf("%s: ", s);
- for (i = 0; i < len; i++) {
- n1 = buf[i] & 0x0f;
- n2 = buf[i] >> 4;
- printf("%c", n2 > 9 ? n2 + 'a' - 10 : n2 + '0');
- printf("%c", n1 > 9 ? n1 + 'a' - 10 : n1 + '0');
- }
- printf("\n");
-}
-#endif
-
-void
-sr_clear_keys(void)
-{
- struct sr_boot_volume *bv;
- struct sr_boot_keydisk *kd;
-
- SLIST_FOREACH(bv, &sr_volumes, sbv_link) {
- if (bv->sbv_level != 'C')
- continue;
- if (bv->sbv_keys != NULL) {
- explicit_bzero(bv->sbv_keys, SR_CRYPTO_KEYBLOCK_BYTES);
- free(bv->sbv_keys, 0);
- bv->sbv_keys = NULL;
- }
- if (bv->sbv_maskkey != NULL) {
- explicit_bzero(bv->sbv_maskkey, SR_CRYPTO_MAXKEYBYTES);
- free(bv->sbv_maskkey, 0);
- bv->sbv_maskkey = NULL;
- }
- }
- SLIST_FOREACH(kd, &sr_keydisks, kd_link) {
- explicit_bzero(kd, sizeof(*kd));
- free(kd, 0);
- }
-}
-
-void
-sr_crypto_calculate_check_hmac_sha1(u_int8_t *maskkey, int maskkey_size,
- u_int8_t *key, int key_size, u_char *check_digest)
-{
- u_int8_t check_key[SHA1_DIGEST_LENGTH];
- SHA1_CTX shactx;
-
- explicit_bzero(check_key, sizeof(check_key));
- explicit_bzero(&shactx, sizeof(shactx));
-
- /* k = SHA1(mask_key) */
- SHA1Init(&shactx);
- SHA1Update(&shactx, maskkey, maskkey_size);
- SHA1Final(check_key, &shactx);
-
- /* mac = HMAC_SHA1_k(unencrypted key) */
- hmac_sha1(key, key_size, check_key, sizeof(check_key), check_digest);
-
- explicit_bzero(check_key, sizeof(check_key));
- explicit_bzero(&shactx, sizeof(shactx));
-}
-
-int
-sr_crypto_decrypt_keys(struct sr_boot_volume *bv)
-{
- struct sr_meta_crypto *cm;
- struct sr_boot_keydisk *kd;
- struct sr_meta_opt_item *omi;
- struct sr_crypto_pbkdf *kdfhint;
- struct sr_crypto_kdfinfo kdfinfo;
- char passphrase[PASSPHRASE_LENGTH];
- u_int8_t digest[SHA1_DIGEST_LENGTH];
- u_int8_t *keys = NULL;
- u_int8_t *kp, *cp;
- rijndael_ctx ctx;
- int rv = -1;
- int c, i;
-
- SLIST_FOREACH(omi, &bv->sbv_meta_opt, omi_link)
- if (omi->omi_som->som_type == SR_OPT_CRYPTO)
- break;
-
- if (omi == NULL) {
- printf("Crypto metadata not found!\n");
- goto done;
- }
-
- cm = (struct sr_meta_crypto *)omi->omi_som;
- kdfhint = (struct sr_crypto_pbkdf *)&cm->scm_kdfhint;
-
- switch (cm->scm_mask_alg) {
- case SR_CRYPTOM_AES_ECB_256:
- break;
- default:
- printf("unsupported encryption algorithm %u\n",
- cm->scm_mask_alg);
- goto done;
- }
-
- SLIST_FOREACH(kd, &sr_keydisks, kd_link) {
- if (bcmp(&kd->kd_uuid, &bv->sbv_uuid, sizeof(kd->kd_uuid)) == 0)
- break;
- }
- if (kd) {
- bcopy(&kd->kd_key, &kdfinfo.maskkey, sizeof(kdfinfo.maskkey));
- } else {
- printf("Passphrase: ");
- for (i = 0; i < PASSPHRASE_LENGTH - 1; i++) {
- c = cngetc();
- if (c == '\r' || c == '\n')
- break;
- else if (c == '\b') {
- i = i > 0 ? i - 2 : -1;
- continue;
- }
- passphrase[i] = (c & 0xff);
- }
- passphrase[i] = 0;
- printf("\n");
-
-#ifdef BIOS_DEBUG
- printf("Got passphrase: %s with len %d\n",
- passphrase, strlen(passphrase));
-#endif
-
- if (pkcs5_pbkdf2(passphrase, strlen(passphrase), kdfhint->salt,
- sizeof(kdfhint->salt), kdfinfo.maskkey,
- sizeof(kdfinfo.maskkey), kdfhint->rounds) != 0) {
- printf("pbkdf2 failed\n");
- goto done;
- }
- }
-
- /* kdfinfo->maskkey now has key. */
-
- /* Decrypt disk keys. */
- keys = alloc(SR_CRYPTO_KEYBLOCK_BYTES);
- bzero(keys, SR_CRYPTO_KEYBLOCK_BYTES);
-
- if (rijndael_set_key(&ctx, kdfinfo.maskkey, 256) != 0)
- goto done;
-
- cp = (u_int8_t *)cm->scm_key;
- kp = keys;
- for (i = 0; i < SR_CRYPTO_KEYBLOCK_BYTES; i += RIJNDAEL128_BLOCK_LEN)
- rijndael_decrypt(&ctx, (u_char *)(cp + i), (u_char *)(kp + i));
-
- /* Check that the key decrypted properly. */
- sr_crypto_calculate_check_hmac_sha1(kdfinfo.maskkey,
- sizeof(kdfinfo.maskkey), keys, SR_CRYPTO_KEYBLOCK_BYTES, digest);
-
- if (bcmp(digest, cm->chk_hmac_sha1.sch_mac, sizeof(digest))) {
- printf("incorrect passphrase or keydisk\n");
- goto done;
- }
-
- /* Keys and keydisks will be cleared before boot and from _rtt. */
- bv->sbv_keys = keys;
- bv->sbv_maskkey = alloc(sizeof(kdfinfo.maskkey));
- bcopy(&kdfinfo.maskkey, bv->sbv_maskkey, sizeof(kdfinfo.maskkey));
-
- rv = 0;
-
-done:
- explicit_bzero(passphrase, PASSPHRASE_LENGTH);
- explicit_bzero(&kdfinfo, sizeof(kdfinfo));
- explicit_bzero(digest, sizeof(digest));
-
- if (keys != NULL && rv != 0) {
- explicit_bzero(keys, SR_CRYPTO_KEYBLOCK_BYTES);
- free(keys, 0);
- }
-
- return (rv);
-}
diff --git a/sys/arch/i386/stand/libsa/softraid_i386.h b/sys/arch/i386/stand/libsa/softraid_i386.h
index 756d4ef3a45..9294e687e8a 100644
--- a/sys/arch/i386/stand/libsa/softraid_i386.h
+++ b/sys/arch/i386/stand/libsa/softraid_i386.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: softraid_i386.h,v 1.2 2016/09/11 16:02:04 jsing Exp $ */
+/* $OpenBSD: softraid_i386.h,v 1.3 2016/09/11 17:52:47 jsing Exp $ */
/*
* Copyright (c) 2012 Joel Sing <jsing@openbsd.org>
@@ -25,10 +25,4 @@ const char *sr_getdisklabel(struct sr_boot_volume *, struct disklabel *);
int sr_strategy(struct sr_boot_volume *, int, daddr32_t, size_t,
void *, size_t *);
-int sr_crypto_decrypt_keys(struct sr_boot_volume *);
-void sr_clear_keys(void);
-
-/* List of softraid volumes. */
-extern struct sr_boot_volume_head sr_volumes;
-
#endif /* _SOFTRAID_I386_H */
diff --git a/sys/arch/i386/stand/pxeboot/Makefile b/sys/arch/i386/stand/pxeboot/Makefile
index 68479a3740e..c0e7ac2cf0a 100644
--- a/sys/arch/i386/stand/pxeboot/Makefile
+++ b/sys/arch/i386/stand/pxeboot/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.24 2016/09/11 15:54:11 jsing Exp $
+# $OpenBSD: Makefile,v 1.25 2016/09/11 17:52:47 jsing Exp $
MAN= pxeboot.8
@@ -36,7 +36,8 @@ SRCS+= close.c closeall.c cons.c cread.c dev.c disklabel.c dkcksum.c fstat.c \
SRCS+= elf32.c elf64.c loadfile.c
SRCS+= nfs.c ufs.c tftp.c
SRCS+= bootp.c ether.c net.c netif.c rpc.c
-SRCS+= aes_xts.c explicit_bzero.c hmac_sha1.c pkcs5_pbkdf2.c rijndael.c sha1.c
+SRCS+= aes_xts.c explicit_bzero.c hmac_sha1.c pkcs5_pbkdf2.c rijndael.c \
+ sha1.c softraid.c
.PATH: ${S}/lib/libkern/arch/i386
SRCS+= divdi3.c moddi3.c qdivrem.c udivdi3.c umoddi3.c