Merge branch 'master' into strings

11 files changed, 355 insertions, 28 deletions

diff --git a/src/include/gpxe/abft.h b/src/include/gpxe/abft.h
new file mode 100644
index 000000000..1c651ef11
--- /dev/null
+++ b/src/include/gpxe/abft.h
@@ -0,0 +1,35 @@
+#ifndef _GPXE_ABFT_H
+#define _GPXE_ABFT_H
+
+/** @file
+ *
+ * AoE boot firmware table
+ *
+ */
+
+#include <stdint.h>
+#include <gpxe/acpi.h>
+#include <gpxe/if_ether.h>
+
+/** AoE boot firmware table signature */
+#define ABFT_SIG "aBFT"
+
+/**
+ * AoE Boot Firmware Table (aBFT)
+ */
+struct abft_table {
+	/** ACPI header */
+	struct acpi_description_header acpi;
+	/** AoE shelf */
+	uint16_t shelf;
+	/** AoE slot */
+	uint8_t slot;
+	/** Reserved */
+	uint8_t reserved_a;
+	/** MAC address */
+	uint8_t mac[ETH_ALEN];
+} __attribute__ (( packed ));
+
+extern void abft_fill_data ( struct aoe_session *aoe );
+
+#endif /* _GPXE_ABFT_H */
diff --git a/src/include/gpxe/aoe.h b/src/include/gpxe/aoe.h
index eb5e11337..856833841 100644
--- a/src/include/gpxe/aoe.h
+++ b/src/include/gpxe/aoe.h
@@ -81,6 +81,9 @@ struct aoehdr {
 
 /** An AoE session */
 struct aoe_session {
+	/** Reference counter */
+	struct refcnt refcnt;
+
 	/** List of all AoE sessions */
 	struct list_head list;
 
@@ -103,8 +106,8 @@ struct aoe_session {
 	unsigned int status;
 	/** Byte offset within command's data buffer */
 	unsigned int command_offset;
-	/** Asynchronous operation for this command */
-	struct async async;
+	/** Return status code for command */
+	int rc;
 
 	/** Retransmission timer */
 	struct retry_timer timer;
@@ -116,20 +119,8 @@ struct aoe_session {
 /** Maximum number of sectors per packet */
 #define AOE_MAX_COUNT 2
 
-extern void aoe_open ( struct aoe_session *aoe );
-extern void aoe_close ( struct aoe_session *aoe );
-extern int aoe_issue ( struct aoe_session *aoe,
-		       struct ata_command *command,
-		       struct async *parent );
-
-/** An AoE device */
-struct aoe_device {
-	/** ATA device interface */
-	struct ata_device ata;
-	/** AoE protocol instance */
-	struct aoe_session aoe;
-};
-
-extern int init_aoedev ( struct aoe_device *aoedev );
+extern void aoe_detach ( struct ata_device *ata );
+extern int aoe_attach ( struct ata_device *ata, struct net_device *netdev,
+			const char *root_path );
 
 #endif /* _GPXE_AOE_H */
diff --git a/src/include/gpxe/ata.h b/src/include/gpxe/ata.h
index e0fca7afe..b6da39302 100644
--- a/src/include/gpxe/ata.h
+++ b/src/include/gpxe/ata.h
@@ -4,6 +4,7 @@
 #include <stdint.h>
 #include <gpxe/blockdev.h>
 #include <gpxe/uaccess.h>
+#include <gpxe/refcnt.h>
 
 /** @file
  *
@@ -195,6 +196,8 @@ struct ata_device {
 	 */
 	int ( * command ) ( struct ata_device *ata,
 			    struct ata_command *command );
+	/** Backing device */
+	struct refcnt *backend;
 };
 
 extern int init_atadev ( struct ata_device *ata );
diff --git a/src/include/gpxe/dhcp.h b/src/include/gpxe/dhcp.h
index 645756522..863227867 100644
--- a/src/include/gpxe/dhcp.h
+++ b/src/include/gpxe/dhcp.h
@@ -168,6 +168,19 @@ struct job_interface;
  */
 #define DHCP_EB_SIADDR DHCP_ENCAP_OPT ( DHCP_EB_ENCAP, 3 )
 
+/** Network device descriptor
+ *
+ * Byte 0 is the bus type ID; remaining bytes depend on the bus type.
+ *
+ * PCI devices:
+ * Byte 0 : 1 (PCI)
+ * Byte 1 : PCI vendor ID MSB
+ * Byte 2 : PCI vendor ID LSB
+ * Byte 3 : PCI device ID MSB
+ * Byte 4 : PCI device ID LSB
+ */
+#define DHCP_EB_BUS_ID DHCP_ENCAP_OPT ( DHCP_EB_ENCAP, 0xb1 )
+
 /** BIOS drive number
  *
  * This is the drive number for a drive emulated via INT 13.  0x80 is
@@ -503,15 +516,19 @@ extern void find_global_dhcp_ipv4_option ( unsigned int tag,
 					   struct in_addr *inp );
 extern void delete_dhcp_option ( struct dhcp_option_block *options,
 				 unsigned int tag );
+
 extern int apply_dhcp_options ( struct dhcp_option_block *options );
 extern int apply_global_dhcp_options ( void );
 
-extern struct dhcp_option_block dhcp_request_options;
-extern int create_dhcp_packet ( struct net_device *netdev, uint8_t msgtype,
-				void *data, size_t max_len,
-				struct dhcp_packet *dhcppkt );
-extern int copy_dhcp_packet_options ( struct dhcp_packet *dhcppkt,
-				      struct dhcp_option_block *options );
+extern int create_dhcp_request ( struct net_device *netdev, int msgtype,
+				 struct dhcp_option_block *options,
+				 void *data, size_t max_len,
+				 struct dhcp_packet *dhcppkt );
+extern int create_dhcp_response ( struct net_device *netdev, int msgtype,
+				  struct dhcp_option_block *options,
+				  void *data, size_t max_len,
+				  struct dhcp_packet *dhcppkt );
+
 extern int start_dhcp ( struct job_interface *job, struct net_device *netdev,
 			int (*register_options) ( struct net_device *,
 						  struct dhcp_option_block * ));
diff --git a/src/include/gpxe/errfile.h b/src/include/gpxe/errfile.h
index 0615818f1..48db1dc19 100644
--- a/src/include/gpxe/errfile.h
+++ b/src/include/gpxe/errfile.h
@@ -115,6 +115,8 @@
 #define ERRFILE_cipher		      ( ERRFILE_OTHER | 0x00090000 )
 #define ERRFILE_image_cmd	      ( ERRFILE_OTHER | 0x000a0000 )
 #define ERRFILE_uri_test	      ( ERRFILE_OTHER | 0x000b0000 )
+#define ERRFILE_ibft		      ( ERRFILE_OTHER | 0x000c0000 )
+#define ERRFILE_tls		      ( ERRFILE_OTHER | 0x000d0000 )
 
 /** @} */
 
diff --git a/src/include/gpxe/filter.h b/src/include/gpxe/filter.h
new file mode 100644
index 000000000..3943a9e14
--- /dev/null
+++ b/src/include/gpxe/filter.h
@@ -0,0 +1,75 @@
+#ifndef _GPXE_FILTER_H
+#define _GPXE_FILTER_H
+
+/** @file
+ *
+ * Data transfer filters
+ *
+ */
+
+#include <stddef.h>
+#include <gpxe/xfer.h>
+
+/**
+ * Half of a data transfer filter
+ *
+ * Embed two of these structures within a structure implementing a
+ * data transfer filter, and intialise with filter_init().  You can
+ * then use the filter_xxx() methods as the data transfer interface
+ * methods as required.
+ */
+struct xfer_filter_half {
+	/** Data transfer interface */
+	struct xfer_interface xfer;
+	/** Other half of the data transfer filter */
+	struct xfer_filter_half *other;
+};
+
+/**
+ * Get data transfer interface for the other half of a data transfer filter
+ *
+ * @v xfer		Data transfer interface
+ * @ret other		Other half's data transfer interface
+ */
+static inline __attribute__ (( always_inline )) struct xfer_interface *
+filter_other_half ( struct xfer_interface *xfer ) {
+	struct xfer_filter_half *half = 
+		container_of ( xfer, struct xfer_filter_half, xfer );
+	return &half->other->xfer;
+}
+
+extern void filter_close ( struct xfer_interface *xfer, int rc );
+extern int filter_vredirect ( struct xfer_interface *xfer, int type,
+			      va_list args );
+extern int filter_seek ( struct xfer_interface *xfer, off_t offset,
+			 int whence );
+extern size_t filter_window ( struct xfer_interface *xfer );
+extern struct io_buffer * filter_alloc_iob ( struct xfer_interface *xfer,
+					     size_t len );
+extern int filter_deliver_iob ( struct xfer_interface *xfer,
+				struct io_buffer *iobuf,
+				struct xfer_metadata *meta );
+extern int filter_deliver_raw ( struct xfer_interface *xfer, const void *data,
+				size_t len );
+
+/**
+ * Initialise a data transfer filter
+ *
+ * @v left		"Left" half of the filter
+ * @v left_op		Data transfer interface operations for "left" half
+ * @v right		"Right" half of the filter
+ * @v right_op		Data transfer interface operations for "right" half
+ * @v refcnt		Containing object reference counter, or NULL
+ */
+static inline void filter_init ( struct xfer_filter_half *left,
+				 struct xfer_interface_operations *left_op,
+				 struct xfer_filter_half *right,
+				 struct xfer_interface_operations *right_op,
+				 struct refcnt *refcnt ) {
+	xfer_init ( &left->xfer, left_op, refcnt );
+	xfer_init ( &right->xfer, right_op, refcnt );
+	left->other = right;
+	right->other = left;
+}
+
+#endif /* _GPXE_FILTER_H */
diff --git a/src/include/gpxe/hmac.h b/src/include/gpxe/hmac.h
new file mode 100644
index 000000000..fd34db04a
--- /dev/null
+++ b/src/include/gpxe/hmac.h
@@ -0,0 +1,30 @@
+#ifndef _GPXE_HMAC_H
+#define _GPXE_HMAC_H
+
+/** @file
+ *
+ * Keyed-Hashing for Message Authentication
+ */
+
+#include <gpxe/crypto.h>
+
+/**
+ * Update HMAC
+ *
+ * @v digest		Digest algorithm to use
+ * @v digest_ctx	Digest context
+ * @v data		Data
+ * @v len		Length of data
+ */
+static inline void hmac_update ( struct crypto_algorithm *digest,
+				 void *digest_ctx, const void *data,
+				 size_t len ) {
+	digest_update ( digest, digest_ctx, data, len );
+}
+
+extern void hmac_init ( struct crypto_algorithm *digest, void *digest_ctx,
+			void *key, size_t *key_len );
+extern void hmac_final ( struct crypto_algorithm *digest, void *digest_ctx,
+			 void *key, size_t *key_len, void *hmac );
+
+#endif /* _GPXE_HMAC_H */
diff --git a/src/include/gpxe/http.h b/src/include/gpxe/http.h
index a2abec1dc..fa92a9505 100644
--- a/src/include/gpxe/http.h
+++ b/src/include/gpxe/http.h
@@ -13,4 +13,9 @@
 /** HTTPS default port */
 #define HTTPS_PORT 443
 
+extern int http_open_filter ( struct xfer_interface *xfer, struct uri *uri,
+			      unsigned int default_port,
+			      int ( * filter ) ( struct xfer_interface *,
+						 struct xfer_interface ** ) );
+
 #endif /* _GPXE_HTTP_H */
diff --git a/src/include/gpxe/iscsi.h b/src/include/gpxe/iscsi.h
index d9dd43079..e4df68494 100644
--- a/src/include/gpxe/iscsi.h
+++ b/src/include/gpxe/iscsi.h
@@ -8,6 +8,7 @@
  */
 
 #include <stdint.h>
+#include <gpxe/socket.h>
 #include <gpxe/scsi.h>
 #include <gpxe/chap.h>
 #include <gpxe/refcnt.h>
@@ -501,6 +502,8 @@ struct iscsi_session {
 	char *target_iqn;
 	/** Logical Unit Number (LUN) */
 	uint64_t lun;
+	/** Target socket address (recorded only for iBFT) */
+	struct sockaddr target_sockaddr;
 
 	/** Session status
 	 *
@@ -514,6 +517,11 @@ struct iscsi_session {
 	 * Reset upon a successful connection.
 	 */
 	int retry_count;
+
+	/** Username (if any) */
+	char *username;
+	/** Password (if any) */
+	char *password;
 	/** CHAP challenge/response */
 	struct chap_challenge chap;
 
@@ -641,5 +649,6 @@ struct iscsi_session {
 
 extern int iscsi_attach ( struct scsi_device *scsi, const char *root_path );
 extern void iscsi_detach ( struct scsi_device *scsi );
+extern const char * iscsi_initiator_iqn ( void );
 
 #endif /* _GPXE_ISCSI_H */
diff --git a/src/include/gpxe/open.h b/src/include/gpxe/open.h
index abba29c4c..beab0a1f7 100644
--- a/src/include/gpxe/open.h
+++ b/src/include/gpxe/open.h
@@ -7,6 +7,7 @@
  *
  */
 
+#include <stdarg.h>
 #include <gpxe/tables.h>
 
 struct xfer_interface;
diff --git a/src/include/gpxe/tls.h b/src/include/gpxe/tls.h
index 19ab9801e..a8cf16ef3 100644
--- a/src/include/gpxe/tls.h
+++ b/src/include/gpxe/tls.h
@@ -1,12 +1,171 @@
 #ifndef _GPXE_TLS_H
 #define _GPXE_TLS_H
 
-#include <errno.h>
+/**
+ * @file
+ *
+ * Transport Layer Security Protocol
+ */
 
-struct stream_application;
+#include <stdint.h>
+#include <gpxe/refcnt.h>
+#include <gpxe/filter.h>
+#include <gpxe/process.h>
+#include <gpxe/crypto.h>
+#include <gpxe/md5.h>
+#include <gpxe/sha1.h>
 
-static inline int add_tls ( struct stream_application *app __unused ) {
-	return -ENOTSUP;
-}
+/** A TLS header */
+struct tls_header {
+	/** Content type
+	 *
+	 * This is a TLS_TYPE_XXX constant
+	 */
+	uint8_t type;
+	/** Protocol version
+	 *
+	 * This is a TLS_VERSION_XXX constant
+	 */
+	uint16_t version;
+	/** Length of payload */
+	uint16_t length;
+} __attribute__ (( packed ));
+
+/** TLS version 1.0 */
+#define TLS_VERSION_TLS_1_0 0x0301
+
+/** TLS version 1.1 */
+#define TLS_VERSION_TLS_1_1 0x0302
+
+/** Change cipher content type */
+#define TLS_TYPE_CHANGE_CIPHER 20
+
+/** Alert content type */
+#define TLS_TYPE_ALERT 21
+
+/** Handshake content type */
+#define TLS_TYPE_HANDSHAKE 22
+
+/** Application data content type */
+#define TLS_TYPE_DATA 23
+
+/* Handshake message types */
+#define TLS_HELLO_REQUEST 0
+#define TLS_CLIENT_HELLO 1
+#define TLS_SERVER_HELLO 2
+#define TLS_CERTIFICATE 11
+#define TLS_SERVER_KEY_EXCHANGE 12
+#define TLS_CERTIFICATE_REQUEST 13
+#define TLS_SERVER_HELLO_DONE 14
+#define TLS_CERTIFICATE_VERIFY 15
+#define TLS_CLIENT_KEY_EXCHANGE 16
+#define TLS_FINISHED 20
+
+/* TLS alert levels */
+#define TLS_ALERT_WARNING 1
+#define TLS_ALERT_FATAL 2
+
+/* TLS cipher specifications */
+#define TLS_RSA_WITH_NULL_MD5 0x0001
+#define TLS_RSA_WITH_NULL_SHA 0x0002
+#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002f
+#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
+
+/** TLS RX state machine state */
+enum tls_rx_state {
+	TLS_RX_HEADER = 0,
+	TLS_RX_DATA,
+};
+
+/** TLS TX state machine state */
+enum tls_tx_state {
+	TLS_TX_NONE = 0,
+	TLS_TX_CLIENT_HELLO,
+	TLS_TX_CLIENT_KEY_EXCHANGE,
+	TLS_TX_CHANGE_CIPHER,
+	TLS_TX_FINISHED,
+	TLS_TX_DATA
+};
+
+/** A TLS cipher specification */
+struct tls_cipherspec {
+	/** Public-key encryption algorithm */
+	struct crypto_algorithm *pubkey;
+	/** Bulk encryption cipher algorithm */
+	struct crypto_algorithm *cipher;
+	/** MAC digest algorithm */
+	struct crypto_algorithm *digest;
+	/** Key length */
+	size_t key_len;
+	/** Dynamically-allocated storage */
+	void *dynamic;
+	/** Public key encryption context */
+	void *pubkey_ctx;
+	/** Bulk encryption cipher context */
+	void *cipher_ctx;
+	/** Next bulk encryption cipher context (TX only) */
+	void *cipher_next_ctx;
+	/** MAC secret */
+	void *mac_secret;
+};
+
+/** A TLS session */
+struct tls_session {
+	/** Reference counter */
+	struct refcnt refcnt;
+
+	/** Plaintext stream */
+	struct xfer_filter_half plainstream;
+	/** Ciphertext stream */
+	struct xfer_filter_half cipherstream;
+
+	/** Current TX cipher specification */
+	struct tls_cipherspec tx_cipherspec;
+	/** Next TX cipher specification */
+	struct tls_cipherspec tx_cipherspec_pending;
+	/** Current RX cipher specification */
+	struct tls_cipherspec rx_cipherspec;
+	/** Next RX cipher specification */
+	struct tls_cipherspec rx_cipherspec_pending;
+	/** Premaster secret */
+	uint8_t pre_master_secret[48];
+	/** Master secret */
+	uint8_t master_secret[48];
+	/** Server random bytes */
+	uint8_t server_random[32];
+	/** Client random bytes */
+	uint8_t client_random[32];
+	/** MD5 context for handshake verification */
+	uint8_t handshake_md5_ctx[MD5_CTX_SIZE];
+	/** SHA1 context for handshake verification */
+	uint8_t handshake_sha1_ctx[SHA1_CTX_SIZE];
+
+	/** Hack: server RSA public key */
+	uint8_t *rsa_mod;
+	size_t rsa_mod_len;
+	uint8_t *rsa_pub_exp;
+	size_t rsa_pub_exp_len;
+
+	/** TX sequence number */
+	uint64_t tx_seq;
+	/** TX state */
+	enum tls_tx_state tx_state;
+	/** TX process */
+	struct process process;
+
+	/** RX sequence number */
+	uint64_t rx_seq;
+	/** RX state */
+	enum tls_rx_state rx_state;
+	/** Offset within current RX state */
+	size_t rx_rcvd;
+	/** Current received record header */
+	struct tls_header rx_header;
+	/** Current received raw data buffer */
+	void *rx_data;
+};
+
+extern int add_tls ( struct xfer_interface *xfer,
+		     struct xfer_interface **next );
 
 #endif /* _GPXE_TLS_H */