Switch sparc64 boot code to libsa MI softraid.

5 files changed, 16 insertions, 214 deletions

diff --git a/sys/arch/sparc64/stand/ofwboot/Locore.c b/sys/arch/sparc64/stand/ofwboot/Locore.c
index 270b425dd08..7b7bfc5aa1b 100644
--- a/sys/arch/sparc64/stand/ofwboot/Locore.c
+++ b/sys/arch/sparc64/stand/ofwboot/Locore.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: Locore.c,v 1.13 2014/12/11 10:52:07 stsp Exp $	*/
+/*	$OpenBSD: Locore.c,v 1.14 2016/09/11 17:53:26 jsing Exp $	*/
 /*	$NetBSD: Locore.c,v 1.1 2000/08/20 14:58:36 mrg Exp $	*/
 
 /*
@@ -33,6 +33,7 @@
  */
 
 #include <lib/libsa/stand.h>
+
 #include "openfirm.h"
 
 #include <machine/cpu.h>
@@ -667,3 +668,9 @@ getchar(void)
 			return -1;
 	return ch;
 }
+
+int
+cngetc(void)
+{
+	return getchar();
+}
diff --git a/sys/arch/sparc64/stand/ofwboot/Makefile b/sys/arch/sparc64/stand/ofwboot/Makefile
index fb8674e624c..e4fc22f2238 100644
--- a/sys/arch/sparc64/stand/ofwboot/Makefile
+++ b/sys/arch/sparc64/stand/ofwboot/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.22 2016/09/11 15:54:11 jsing Exp $
+#	$OpenBSD: Makefile,v 1.23 2016/09/11 17:53:26 jsing Exp $
 #	$NetBSD: Makefile,v 1.2 2001/03/04 14:50:05 mrg Exp $
 
 CURDIR=	${.CURDIR}
@@ -31,8 +31,8 @@ SRCS+=		strlcpy.c strcmp.c strlcat.c strlen.c
 
 .if ${SOFTRAID:L} == "yes"
 .PATH:		${S}/lib/libsa
-SRCS+=		aes_xts.c explicit_bzero.c hmac_sha1.c sha1.c pkcs5_pbkdf2.c \
-		rijndael.c
+SRCS+=		aes_xts.c explicit_bzero.c hmac_sha1.c pkcs5_pbkdf2.c \
+		rijndael.c sha1.c softraid.c
 .endif
 
 CWARNFLAGS+=	-Wno-main
diff --git a/sys/arch/sparc64/stand/ofwboot/boot.c b/sys/arch/sparc64/stand/ofwboot/boot.c
index 2904208f77e..5a22dc658e0 100644
--- a/sys/arch/sparc64/stand/ofwboot/boot.c
+++ b/sys/arch/sparc64/stand/ofwboot/boot.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: boot.c,v 1.26 2016/09/11 15:54:11 jsing Exp $	*/
+/*	$OpenBSD: boot.c,v 1.27 2016/09/11 17:53:26 jsing Exp $	*/
 /*	$NetBSD: boot.c,v 1.3 2001/05/31 08:55:19 mrg Exp $	*/
 /*
  * Copyright (c) 1997, 1999 Eduardo E. Horvath.  All rights reserved.
@@ -61,6 +61,7 @@
 #include <sys/queue.h>
 #include <dev/biovar.h>
 #include <dev/softraidvar.h>
+#include <lib/libsa/softraid.h>
 
 #include "disk.h"
 #include "softraid_sparc64.h"
diff --git a/sys/arch/sparc64/stand/ofwboot/softraid_sparc64.c b/sys/arch/sparc64/stand/ofwboot/softraid_sparc64.c
index d123cc195f4..49c6eee737e 100644
--- a/sys/arch/sparc64/stand/ofwboot/softraid_sparc64.c
+++ b/sys/arch/sparc64/stand/ofwboot/softraid_sparc64.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: softraid_sparc64.c,v 1.1 2016/09/11 15:54:11 jsing Exp $	*/
+/*	$OpenBSD: softraid_sparc64.c,v 1.2 2016/09/11 17:53:26 jsing Exp $	*/
 
 /*
  * Copyright (c) 2012 Joel Sing <jsing@openbsd.org>
@@ -26,26 +26,12 @@
 
 #include <lib/libsa/stand.h>
 #include <lib/libsa/aes_xts.h>
-#include <lib/libsa/hmac_sha1.h>
-#include <lib/libsa/pkcs5_pbkdf2.h>
-#include <lib/libsa/rijndael.h>
+#include <lib/libsa/softraid.h>
 
 #include "disk.h"
 #include "ofdev.h"
 #include "softraid_sparc64.h"
 
-/* List of softraid volumes. */
-struct sr_boot_volume_head sr_volumes;
-
-/* Metadata from keydisks. */
-struct sr_boot_keydisk {
-	struct sr_uuid	kd_uuid;
-	u_int8_t	kd_key[SR_CRYPTO_MAXKEYBYTES];
-	SLIST_ENTRY(sr_boot_keydisk) kd_link;
-};
-SLIST_HEAD(sr_boot_keydisk_head, sr_boot_keydisk);
-struct sr_boot_keydisk_head sr_keydisks;
-
 void
 srprobe_meta_opt_load(struct sr_metadata *sm, struct sr_meta_opt_head *som)
 {
@@ -450,189 +436,3 @@ sr_getdisklabel(struct sr_boot_volume *bv, struct disklabel *label)
 
 	return (NULL);
 }
-
-
-#define RIJNDAEL128_BLOCK_LEN     16
-#define PASSPHRASE_LENGTH 1024
-
-#define SR_CRYPTO_KEYBLOCK_BYTES SR_CRYPTO_MAXKEYS * SR_CRYPTO_KEYBYTES
-
-#ifdef DEBUG
-void
-printhex(const char *s, const u_int8_t *buf, size_t len)
-{
-	u_int8_t n1, n2;
-	size_t i;
-
-	printf("%s: ", s);
-	for (i = 0; i < len; i++) {
-		n1 = buf[i] & 0x0f;
-		n2 = buf[i] >> 4;
-		printf("%c", n2 > 9 ? n2 + 'a' - 10 : n2 + '0');
-		printf("%c", n1 > 9 ? n1 + 'a' - 10 : n1 + '0');
-	}
-	printf("\n");
-}
-#endif
-
-void
-sr_clear_keys(void)
-{
-	struct sr_boot_volume *bv;
-	struct sr_boot_keydisk *kd;
-
-	SLIST_FOREACH(bv, &sr_volumes, sbv_link) {
-		if (bv->sbv_level != 'C')
-			continue;
-		if (bv->sbv_keys != NULL) {
-			explicit_bzero(bv->sbv_keys, SR_CRYPTO_KEYBLOCK_BYTES);
-			free(bv->sbv_keys, SR_CRYPTO_KEYBLOCK_BYTES);
-			bv->sbv_keys = NULL;
-		}
-		if (bv->sbv_maskkey != NULL) {
-			explicit_bzero(bv->sbv_maskkey, SR_CRYPTO_MAXKEYBYTES);
-			free(bv->sbv_maskkey, SR_CRYPTO_MAXKEYBYTES);
-			bv->sbv_maskkey = NULL;
-		}
-	}
-	SLIST_FOREACH(kd, &sr_keydisks, kd_link) {
-		explicit_bzero(kd, sizeof(*kd));
-		free(kd, sizeof(*kd));
-	}
-}
-
-void
-sr_crypto_calculate_check_hmac_sha1(u_int8_t *maskkey, int maskkey_size,
-    u_int8_t *key, int key_size, u_char *check_digest)
-{
-	u_int8_t check_key[SHA1_DIGEST_LENGTH];
-	SHA1_CTX shactx;
-
-	explicit_bzero(check_key, sizeof(check_key));
-	explicit_bzero(&shactx, sizeof(shactx));
-
-	/* k = SHA1(mask_key) */
-	SHA1Init(&shactx);
-	SHA1Update(&shactx, maskkey, maskkey_size);
-	SHA1Final(check_key, &shactx);
-
-	/* mac = HMAC_SHA1_k(unencrypted key) */
-	hmac_sha1(key, key_size, check_key, sizeof(check_key), check_digest);
-
-	explicit_bzero(check_key, sizeof(check_key));
-	explicit_bzero(&shactx, sizeof(shactx));
-}
-
-int
-sr_crypto_decrypt_keys(struct sr_boot_volume *bv)
-{
-	struct sr_meta_crypto *cm;
-	struct sr_boot_keydisk	*kd;
-	struct sr_meta_opt_item *omi;
-	struct sr_crypto_pbkdf *kdfhint;
-	struct sr_crypto_kdfinfo kdfinfo;
-	char passphrase[PASSPHRASE_LENGTH];
-	u_int8_t digest[SHA1_DIGEST_LENGTH];
-	u_int8_t *keys = NULL;
-	u_int8_t *kp, *cp;
-	rijndael_ctx ctx;
-	int rv = -1;
-	int c, i;
-
-	SLIST_FOREACH(omi, &bv->sbv_meta_opt, omi_link)
-		if (omi->omi_som->som_type == SR_OPT_CRYPTO)
-			break;
-
-	if (omi == NULL) {
-		printf("Crypto metadata not found!\n");
-		goto done;
-	}
-
-	cm = (struct sr_meta_crypto *)omi->omi_som;
-	kdfhint = (struct sr_crypto_pbkdf *)&cm->scm_kdfhint;
-
-	switch (cm->scm_mask_alg) {
-	case SR_CRYPTOM_AES_ECB_256:
-		break;
-	default:
-		printf("unsupported encryption algorithm %u\n",
-		    cm->scm_mask_alg);
-		goto done;
-	}
-
-	SLIST_FOREACH(kd, &sr_keydisks, kd_link) {
-		if (bcmp(&kd->kd_uuid, &bv->sbv_uuid, sizeof(kd->kd_uuid)) == 0)
-			break;
-	}
-	if (kd) {
-		bcopy(&kd->kd_key, &kdfinfo.maskkey, sizeof(kdfinfo.maskkey));
-	} else {
-		printf("Passphrase: ");
-		for (i = 0; i < PASSPHRASE_LENGTH - 1; i++) {
-			c = getchar();
-			if (c == '\r' || c == '\n')
-				break;
-			else if (c == '\b') {
-				i = i > 0 ? i - 2 : -1;
-				continue;
-			}
-			passphrase[i] = (c & 0xff);
-		}
-		passphrase[i] = 0;
-		printf("\n");
-
-#ifdef DEBUG
-		printf("Got passphrase: %s with len %d\n",
-		    passphrase, strlen(passphrase));
-#endif
-
-		if (pkcs5_pbkdf2(passphrase, strlen(passphrase), kdfhint->salt,
-		    sizeof(kdfhint->salt), kdfinfo.maskkey,
-		    sizeof(kdfinfo.maskkey), kdfhint->rounds) != 0) {
-			printf("pbkdf2 failed\n");
-			goto done;
-		}
-	}
-
-	/* kdfinfo->maskkey now has key. */
-
-	/* Decrypt disk keys. */
-	keys = alloc(SR_CRYPTO_KEYBLOCK_BYTES);
-	bzero(keys, SR_CRYPTO_KEYBLOCK_BYTES);
-
-	if (rijndael_set_key(&ctx, kdfinfo.maskkey, 256) != 0)
-		goto done;
-
-	cp = (u_int8_t *)cm->scm_key;
-	kp = keys;
-	for (i = 0; i < SR_CRYPTO_KEYBLOCK_BYTES; i += RIJNDAEL128_BLOCK_LEN)
-		rijndael_decrypt(&ctx, (u_char *)(cp + i), (u_char *)(kp + i));
-
-	/* Check that the key decrypted properly. */
-	sr_crypto_calculate_check_hmac_sha1(kdfinfo.maskkey,
-	    sizeof(kdfinfo.maskkey), keys, SR_CRYPTO_KEYBLOCK_BYTES, digest);
-
-	if (bcmp(digest, cm->chk_hmac_sha1.sch_mac, sizeof(digest))) {
-		printf("incorrect passphrase or keydisk\n");
-		goto done;
-	}
-
-	/* Keys and keydisks will be cleared before boot and from _rtt. */
-	bv->sbv_keys = keys;
-	bv->sbv_maskkey = alloc(sizeof(kdfinfo.maskkey));
-	bcopy(&kdfinfo.maskkey, bv->sbv_maskkey, sizeof(kdfinfo.maskkey));
-
-	rv = 0;
-
-done:
-	explicit_bzero(passphrase, PASSPHRASE_LENGTH);
-	explicit_bzero(&kdfinfo, sizeof(kdfinfo));
-	explicit_bzero(digest, sizeof(digest));
-
-	if (keys != NULL && rv != 0) {
-		explicit_bzero(keys, SR_CRYPTO_KEYBLOCK_BYTES);
-		free(keys, SR_CRYPTO_KEYBLOCK_BYTES);
-	}
-
-	return (rv);
-}
diff --git a/sys/arch/sparc64/stand/ofwboot/softraid_sparc64.h b/sys/arch/sparc64/stand/ofwboot/softraid_sparc64.h
index 501ef0292bd..9189917047a 100644
--- a/sys/arch/sparc64/stand/ofwboot/softraid_sparc64.h
+++ b/sys/arch/sparc64/stand/ofwboot/softraid_sparc64.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: softraid_sparc64.h,v 1.2 2016/09/11 16:02:04 jsing Exp $	*/
+/*	$OpenBSD: softraid_sparc64.h,v 1.3 2016/09/11 17:53:26 jsing Exp $	*/
 
 /*
  * Copyright (c) 2012 Joel Sing <jsing@openbsd.org>
@@ -25,10 +25,4 @@ const char *sr_getdisklabel(struct sr_boot_volume *, struct disklabel *);
 int	sr_strategy(struct sr_boot_volume *, int, daddr32_t, size_t,
 	    void *, size_t *);
 
-int	sr_crypto_decrypt_keys(struct sr_boot_volume *);
-void	sr_clear_keys(void);
-
-/* List of softraid volumes. */
-extern struct sr_boot_volume_head sr_volumes;
-
 #endif /* _SOFTRAID_SPARC64_H */