1*0Sstevel@tonic-gate /*
2*0Sstevel@tonic-gate * CDDL HEADER START
3*0Sstevel@tonic-gate *
4*0Sstevel@tonic-gate * The contents of this file are subject to the terms of the
5*0Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only
6*0Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance
7*0Sstevel@tonic-gate * with the License.
8*0Sstevel@tonic-gate *
9*0Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10*0Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
11*0Sstevel@tonic-gate * See the License for the specific language governing permissions
12*0Sstevel@tonic-gate * and limitations under the License.
13*0Sstevel@tonic-gate *
14*0Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
15*0Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16*0Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
17*0Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
18*0Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
19*0Sstevel@tonic-gate *
20*0Sstevel@tonic-gate * CDDL HEADER END
21*0Sstevel@tonic-gate */
22*0Sstevel@tonic-gate /*
23*0Sstevel@tonic-gate * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved.
24*0Sstevel@tonic-gate * Use is subject to license terms.
25*0Sstevel@tonic-gate */
26*0Sstevel@tonic-gate
27*0Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI"
28*0Sstevel@tonic-gate
29*0Sstevel@tonic-gate /*
30*0Sstevel@tonic-gate * This provides the interface to store a named key in stable local
31*0Sstevel@tonic-gate * storage. These keys are retrieved and used by OBP and WAN boot
32*0Sstevel@tonic-gate * to do decryption and HMAC verification of network-downloaded data.
33*0Sstevel@tonic-gate */
34*0Sstevel@tonic-gate
35*0Sstevel@tonic-gate #include <sys/promimpl.h>
36*0Sstevel@tonic-gate #ifdef PROM_32BIT_ADDRS
37*0Sstevel@tonic-gate #include <sys/sunddi.h>
38*0Sstevel@tonic-gate #endif /* PROM_32BIT_ADDRS */
39*0Sstevel@tonic-gate
40*0Sstevel@tonic-gate int
prom_set_security_key(char * keyname,caddr_t buf,int buflen,int * reslen,int * status)41*0Sstevel@tonic-gate prom_set_security_key(char *keyname, caddr_t buf, int buflen, int *reslen,
42*0Sstevel@tonic-gate int *status)
43*0Sstevel@tonic-gate {
44*0Sstevel@tonic-gate int rv;
45*0Sstevel@tonic-gate cell_t ci[7];
46*0Sstevel@tonic-gate int result;
47*0Sstevel@tonic-gate #ifdef PROM_32BIT_ADDRS
48*0Sstevel@tonic-gate char *okeyname = NULL;
49*0Sstevel@tonic-gate char *obuf = NULL;
50*0Sstevel@tonic-gate size_t keynamelen;
51*0Sstevel@tonic-gate
52*0Sstevel@tonic-gate if ((uintptr_t)keyname > (uint32_t)-1) {
53*0Sstevel@tonic-gate okeyname = keyname;
54*0Sstevel@tonic-gate keynamelen = prom_strlen(okeyname) + 1; /* include '\0' */
55*0Sstevel@tonic-gate keyname = promplat_alloc(keynamelen);
56*0Sstevel@tonic-gate if (keyname == NULL)
57*0Sstevel@tonic-gate return (-1);
58*0Sstevel@tonic-gate (void) prom_strcpy(keyname, okeyname);
59*0Sstevel@tonic-gate }
60*0Sstevel@tonic-gate
61*0Sstevel@tonic-gate /*
62*0Sstevel@tonic-gate * A key length of zero is used to delete the named key.
63*0Sstevel@tonic-gate * No need to reallocate and copy buf[] in this case.
64*0Sstevel@tonic-gate */
65*0Sstevel@tonic-gate if (buflen > 0 && ((uintptr_t)buf > (uint32_t)-1)) {
66*0Sstevel@tonic-gate obuf = buf;
67*0Sstevel@tonic-gate buf = promplat_alloc(buflen);
68*0Sstevel@tonic-gate if ((buf == NULL) && (okeyname != NULL)) {
69*0Sstevel@tonic-gate promplat_free(keyname, keynamelen);
70*0Sstevel@tonic-gate return (-1);
71*0Sstevel@tonic-gate }
72*0Sstevel@tonic-gate promplat_bcopy(obuf, buf, buflen);
73*0Sstevel@tonic-gate }
74*0Sstevel@tonic-gate #endif /* PROM_32BIT_ADDRS */
75*0Sstevel@tonic-gate
76*0Sstevel@tonic-gate /*
77*0Sstevel@tonic-gate * The arguments to the SUNW,set-security-key service
78*0Sstevel@tonic-gate * that stores a key are
79*0Sstevel@tonic-gate * ci[0] the service name
80*0Sstevel@tonic-gate * ci[1] the number of ``in'' arguments
81*0Sstevel@tonic-gate * ci[2] the number of ``out'' arguments
82*0Sstevel@tonic-gate * ci[3] the key's name, as a string
83*0Sstevel@tonic-gate * ci[4] the key buffer itself
84*0Sstevel@tonic-gate * ci[5] the length of the key buffer
85*0Sstevel@tonic-gate *
86*0Sstevel@tonic-gate * When p1275_cif_handler() returns, the return value is
87*0Sstevel@tonic-gate * ci[6] the length of the key stored, or (if
88*0Sstevel@tonic-gate * negative) an error code.
89*0Sstevel@tonic-gate */
90*0Sstevel@tonic-gate ci[0] = p1275_ptr2cell("SUNW,set-security-key");
91*0Sstevel@tonic-gate ci[1] = 3;
92*0Sstevel@tonic-gate ci[2] = 1;
93*0Sstevel@tonic-gate ci[3] = p1275_ptr2cell(keyname);
94*0Sstevel@tonic-gate ci[4] = p1275_ptr2cell(buf);
95*0Sstevel@tonic-gate ci[5] = p1275_uint2cell(buflen);
96*0Sstevel@tonic-gate
97*0Sstevel@tonic-gate promif_preprom();
98*0Sstevel@tonic-gate rv = p1275_cif_handler(ci);
99*0Sstevel@tonic-gate promif_postprom();
100*0Sstevel@tonic-gate
101*0Sstevel@tonic-gate #ifdef PROM_32BIT_ADDRS
102*0Sstevel@tonic-gate if (okeyname != NULL)
103*0Sstevel@tonic-gate promplat_free(keyname, keynamelen);
104*0Sstevel@tonic-gate if (obuf != NULL)
105*0Sstevel@tonic-gate promplat_free(buf, buflen);
106*0Sstevel@tonic-gate #endif /* PROM_32BIT_ADDRS */
107*0Sstevel@tonic-gate
108*0Sstevel@tonic-gate if (rv != 0)
109*0Sstevel@tonic-gate return (-1);
110*0Sstevel@tonic-gate
111*0Sstevel@tonic-gate result = p1275_cell2int(ci[6]);
112*0Sstevel@tonic-gate if (result >= 0) {
113*0Sstevel@tonic-gate *reslen = result;
114*0Sstevel@tonic-gate *status = 0;
115*0Sstevel@tonic-gate } else {
116*0Sstevel@tonic-gate *reslen = 0;
117*0Sstevel@tonic-gate *status = result;
118*0Sstevel@tonic-gate }
119*0Sstevel@tonic-gate return (0);
120*0Sstevel@tonic-gate }
121*0Sstevel@tonic-gate
122*0Sstevel@tonic-gate int
prom_get_security_key(char * keyname,caddr_t buf,int buflen,int * keylen,int * status)123*0Sstevel@tonic-gate prom_get_security_key(char *keyname, caddr_t buf, int buflen, int *keylen,
124*0Sstevel@tonic-gate int *status)
125*0Sstevel@tonic-gate {
126*0Sstevel@tonic-gate int rv;
127*0Sstevel@tonic-gate cell_t ci[7];
128*0Sstevel@tonic-gate int result;
129*0Sstevel@tonic-gate #ifdef PROM_32BIT_ADDRS
130*0Sstevel@tonic-gate char *okeyname = NULL;
131*0Sstevel@tonic-gate char *obuf = NULL;
132*0Sstevel@tonic-gate size_t keynamelen;
133*0Sstevel@tonic-gate
134*0Sstevel@tonic-gate if ((uintptr_t)keyname > (uint32_t)-1) {
135*0Sstevel@tonic-gate okeyname = keyname;
136*0Sstevel@tonic-gate keynamelen = prom_strlen(okeyname) + 1; /* include '\0' */
137*0Sstevel@tonic-gate keyname = promplat_alloc(keynamelen);
138*0Sstevel@tonic-gate if (keyname == NULL)
139*0Sstevel@tonic-gate return (-1);
140*0Sstevel@tonic-gate (void) prom_strcpy(keyname, okeyname);
141*0Sstevel@tonic-gate }
142*0Sstevel@tonic-gate if ((uintptr_t)buf > (uint32_t)-1) {
143*0Sstevel@tonic-gate obuf = buf;
144*0Sstevel@tonic-gate buf = promplat_alloc(buflen);
145*0Sstevel@tonic-gate if ((buf == NULL) && (okeyname != NULL)) {
146*0Sstevel@tonic-gate promplat_free(keyname, keynamelen);
147*0Sstevel@tonic-gate return (-1);
148*0Sstevel@tonic-gate }
149*0Sstevel@tonic-gate }
150*0Sstevel@tonic-gate #endif /* PROM_32BIT_ADDRS */
151*0Sstevel@tonic-gate
152*0Sstevel@tonic-gate /*
153*0Sstevel@tonic-gate * The arguments to the SUNW,get-security-key service
154*0Sstevel@tonic-gate * that stores a key are
155*0Sstevel@tonic-gate * ci[0] the service name
156*0Sstevel@tonic-gate * ci[1] the number of ``in'' arguments
157*0Sstevel@tonic-gate * ci[2] the number of ``out'' arguments
158*0Sstevel@tonic-gate * ci[3] the key's name, as a string
159*0Sstevel@tonic-gate * ci[4] the key buffer itself
160*0Sstevel@tonic-gate * ci[5] the length of the key buffer
161*0Sstevel@tonic-gate *
162*0Sstevel@tonic-gate * When p1275_cif_handler() returns, the return value is
163*0Sstevel@tonic-gate * ci[6] the length of the key, or (if
164*0Sstevel@tonic-gate * negative) an error code.
165*0Sstevel@tonic-gate */
166*0Sstevel@tonic-gate ci[0] = p1275_ptr2cell("SUNW,get-security-key");
167*0Sstevel@tonic-gate ci[1] = 3;
168*0Sstevel@tonic-gate ci[2] = 1;
169*0Sstevel@tonic-gate ci[3] = p1275_ptr2cell(keyname);
170*0Sstevel@tonic-gate ci[4] = p1275_ptr2cell(buf);
171*0Sstevel@tonic-gate ci[5] = p1275_uint2cell(buflen);
172*0Sstevel@tonic-gate
173*0Sstevel@tonic-gate promif_preprom();
174*0Sstevel@tonic-gate rv = p1275_cif_handler(ci);
175*0Sstevel@tonic-gate promif_postprom();
176*0Sstevel@tonic-gate
177*0Sstevel@tonic-gate #ifdef PROM_32BIT_ADDRS
178*0Sstevel@tonic-gate if (okeyname != NULL)
179*0Sstevel@tonic-gate promplat_free(keyname, keynamelen);
180*0Sstevel@tonic-gate if (obuf != NULL) {
181*0Sstevel@tonic-gate promplat_bcopy(buf, obuf, buflen);
182*0Sstevel@tonic-gate promplat_free(buf, buflen);
183*0Sstevel@tonic-gate }
184*0Sstevel@tonic-gate #endif /* PROM_32BIT_ADDRS */
185*0Sstevel@tonic-gate
186*0Sstevel@tonic-gate if (rv != 0)
187*0Sstevel@tonic-gate return (-1);
188*0Sstevel@tonic-gate
189*0Sstevel@tonic-gate result = p1275_cell2int(ci[6]);
190*0Sstevel@tonic-gate if (result > 0) {
191*0Sstevel@tonic-gate *keylen = result;
192*0Sstevel@tonic-gate *status = 0;
193*0Sstevel@tonic-gate } else {
194*0Sstevel@tonic-gate *keylen = 0;
195*0Sstevel@tonic-gate *status = result;
196*0Sstevel@tonic-gate }
197*0Sstevel@tonic-gate return (0);
198*0Sstevel@tonic-gate }
199