diff options
Diffstat (limited to 'src/include/gpxe')
| -rw-r--r-- | src/include/gpxe/abft.h | 35 | ||||
| -rw-r--r-- | src/include/gpxe/aoe.h | 25 | ||||
| -rw-r--r-- | src/include/gpxe/ata.h | 3 | ||||
| -rw-r--r-- | src/include/gpxe/dhcp.h | 29 | ||||
| -rw-r--r-- | src/include/gpxe/errfile.h | 2 | ||||
| -rw-r--r-- | src/include/gpxe/filter.h | 75 | ||||
| -rw-r--r-- | src/include/gpxe/hmac.h | 30 | ||||
| -rw-r--r-- | src/include/gpxe/http.h | 5 | ||||
| -rw-r--r-- | src/include/gpxe/iscsi.h | 9 | ||||
| -rw-r--r-- | src/include/gpxe/open.h | 1 | ||||
| -rw-r--r-- | src/include/gpxe/tls.h | 169 |
11 files changed, 355 insertions, 28 deletions
diff --git a/src/include/gpxe/abft.h b/src/include/gpxe/abft.h new file mode 100644 index 000000000..1c651ef11 --- /dev/null +++ b/src/include/gpxe/abft.h @@ -0,0 +1,35 @@ +#ifndef _GPXE_ABFT_H +#define _GPXE_ABFT_H + +/** @file + * + * AoE boot firmware table + * + */ + +#include <stdint.h> +#include <gpxe/acpi.h> +#include <gpxe/if_ether.h> + +/** AoE boot firmware table signature */ +#define ABFT_SIG "aBFT" + +/** + * AoE Boot Firmware Table (aBFT) + */ +struct abft_table { + /** ACPI header */ + struct acpi_description_header acpi; + /** AoE shelf */ + uint16_t shelf; + /** AoE slot */ + uint8_t slot; + /** Reserved */ + uint8_t reserved_a; + /** MAC address */ + uint8_t mac[ETH_ALEN]; +} __attribute__ (( packed )); + +extern void abft_fill_data ( struct aoe_session *aoe ); + +#endif /* _GPXE_ABFT_H */ diff --git a/src/include/gpxe/aoe.h b/src/include/gpxe/aoe.h index eb5e11337..856833841 100644 --- a/src/include/gpxe/aoe.h +++ b/src/include/gpxe/aoe.h @@ -81,6 +81,9 @@ struct aoehdr { /** An AoE session */ struct aoe_session { + /** Reference counter */ + struct refcnt refcnt; + /** List of all AoE sessions */ struct list_head list; @@ -103,8 +106,8 @@ struct aoe_session { unsigned int status; /** Byte offset within command's data buffer */ unsigned int command_offset; - /** Asynchronous operation for this command */ - struct async async; + /** Return status code for command */ + int rc; /** Retransmission timer */ struct retry_timer timer; @@ -116,20 +119,8 @@ struct aoe_session { /** Maximum number of sectors per packet */ #define AOE_MAX_COUNT 2 -extern void aoe_open ( struct aoe_session *aoe ); -extern void aoe_close ( struct aoe_session *aoe ); -extern int aoe_issue ( struct aoe_session *aoe, - struct ata_command *command, - struct async *parent ); - -/** An AoE device */ -struct aoe_device { - /** ATA device interface */ - struct ata_device ata; - /** AoE protocol instance */ - struct aoe_session aoe; -}; - -extern int init_aoedev ( struct aoe_device *aoedev ); +extern void aoe_detach ( struct ata_device *ata ); +extern int aoe_attach ( struct ata_device *ata, struct net_device *netdev, + const char *root_path ); #endif /* _GPXE_AOE_H */ diff --git a/src/include/gpxe/ata.h b/src/include/gpxe/ata.h index e0fca7afe..b6da39302 100644 --- a/src/include/gpxe/ata.h +++ b/src/include/gpxe/ata.h @@ -4,6 +4,7 @@ #include <stdint.h> #include <gpxe/blockdev.h> #include <gpxe/uaccess.h> +#include <gpxe/refcnt.h> /** @file * @@ -195,6 +196,8 @@ struct ata_device { */ int ( * command ) ( struct ata_device *ata, struct ata_command *command ); + /** Backing device */ + struct refcnt *backend; }; extern int init_atadev ( struct ata_device *ata ); diff --git a/src/include/gpxe/dhcp.h b/src/include/gpxe/dhcp.h index 645756522..863227867 100644 --- a/src/include/gpxe/dhcp.h +++ b/src/include/gpxe/dhcp.h @@ -168,6 +168,19 @@ struct job_interface; */ #define DHCP_EB_SIADDR DHCP_ENCAP_OPT ( DHCP_EB_ENCAP, 3 ) +/** Network device descriptor + * + * Byte 0 is the bus type ID; remaining bytes depend on the bus type. + * + * PCI devices: + * Byte 0 : 1 (PCI) + * Byte 1 : PCI vendor ID MSB + * Byte 2 : PCI vendor ID LSB + * Byte 3 : PCI device ID MSB + * Byte 4 : PCI device ID LSB + */ +#define DHCP_EB_BUS_ID DHCP_ENCAP_OPT ( DHCP_EB_ENCAP, 0xb1 ) + /** BIOS drive number * * This is the drive number for a drive emulated via INT 13. 0x80 is @@ -503,15 +516,19 @@ extern void find_global_dhcp_ipv4_option ( unsigned int tag, struct in_addr *inp ); extern void delete_dhcp_option ( struct dhcp_option_block *options, unsigned int tag ); + extern int apply_dhcp_options ( struct dhcp_option_block *options ); extern int apply_global_dhcp_options ( void ); -extern struct dhcp_option_block dhcp_request_options; -extern int create_dhcp_packet ( struct net_device *netdev, uint8_t msgtype, - void *data, size_t max_len, - struct dhcp_packet *dhcppkt ); -extern int copy_dhcp_packet_options ( struct dhcp_packet *dhcppkt, - struct dhcp_option_block *options ); +extern int create_dhcp_request ( struct net_device *netdev, int msgtype, + struct dhcp_option_block *options, + void *data, size_t max_len, + struct dhcp_packet *dhcppkt ); +extern int create_dhcp_response ( struct net_device *netdev, int msgtype, + struct dhcp_option_block *options, + void *data, size_t max_len, + struct dhcp_packet *dhcppkt ); + extern int start_dhcp ( struct job_interface *job, struct net_device *netdev, int (*register_options) ( struct net_device *, struct dhcp_option_block * )); diff --git a/src/include/gpxe/errfile.h b/src/include/gpxe/errfile.h index 0615818f1..48db1dc19 100644 --- a/src/include/gpxe/errfile.h +++ b/src/include/gpxe/errfile.h @@ -115,6 +115,8 @@ #define ERRFILE_cipher ( ERRFILE_OTHER | 0x00090000 ) #define ERRFILE_image_cmd ( ERRFILE_OTHER | 0x000a0000 ) #define ERRFILE_uri_test ( ERRFILE_OTHER | 0x000b0000 ) +#define ERRFILE_ibft ( ERRFILE_OTHER | 0x000c0000 ) +#define ERRFILE_tls ( ERRFILE_OTHER | 0x000d0000 ) /** @} */ diff --git a/src/include/gpxe/filter.h b/src/include/gpxe/filter.h new file mode 100644 index 000000000..3943a9e14 --- /dev/null +++ b/src/include/gpxe/filter.h @@ -0,0 +1,75 @@ +#ifndef _GPXE_FILTER_H +#define _GPXE_FILTER_H + +/** @file + * + * Data transfer filters + * + */ + +#include <stddef.h> +#include <gpxe/xfer.h> + +/** + * Half of a data transfer filter + * + * Embed two of these structures within a structure implementing a + * data transfer filter, and intialise with filter_init(). You can + * then use the filter_xxx() methods as the data transfer interface + * methods as required. + */ +struct xfer_filter_half { + /** Data transfer interface */ + struct xfer_interface xfer; + /** Other half of the data transfer filter */ + struct xfer_filter_half *other; +}; + +/** + * Get data transfer interface for the other half of a data transfer filter + * + * @v xfer Data transfer interface + * @ret other Other half's data transfer interface + */ +static inline __attribute__ (( always_inline )) struct xfer_interface * +filter_other_half ( struct xfer_interface *xfer ) { + struct xfer_filter_half *half = + container_of ( xfer, struct xfer_filter_half, xfer ); + return &half->other->xfer; +} + +extern void filter_close ( struct xfer_interface *xfer, int rc ); +extern int filter_vredirect ( struct xfer_interface *xfer, int type, + va_list args ); +extern int filter_seek ( struct xfer_interface *xfer, off_t offset, + int whence ); +extern size_t filter_window ( struct xfer_interface *xfer ); +extern struct io_buffer * filter_alloc_iob ( struct xfer_interface *xfer, + size_t len ); +extern int filter_deliver_iob ( struct xfer_interface *xfer, + struct io_buffer *iobuf, + struct xfer_metadata *meta ); +extern int filter_deliver_raw ( struct xfer_interface *xfer, const void *data, + size_t len ); + +/** + * Initialise a data transfer filter + * + * @v left "Left" half of the filter + * @v left_op Data transfer interface operations for "left" half + * @v right "Right" half of the filter + * @v right_op Data transfer interface operations for "right" half + * @v refcnt Containing object reference counter, or NULL + */ +static inline void filter_init ( struct xfer_filter_half *left, + struct xfer_interface_operations *left_op, + struct xfer_filter_half *right, + struct xfer_interface_operations *right_op, + struct refcnt *refcnt ) { + xfer_init ( &left->xfer, left_op, refcnt ); + xfer_init ( &right->xfer, right_op, refcnt ); + left->other = right; + right->other = left; +} + +#endif /* _GPXE_FILTER_H */ diff --git a/src/include/gpxe/hmac.h b/src/include/gpxe/hmac.h new file mode 100644 index 000000000..fd34db04a --- /dev/null +++ b/src/include/gpxe/hmac.h @@ -0,0 +1,30 @@ +#ifndef _GPXE_HMAC_H +#define _GPXE_HMAC_H + +/** @file + * + * Keyed-Hashing for Message Authentication + */ + +#include <gpxe/crypto.h> + +/** + * Update HMAC + * + * @v digest Digest algorithm to use + * @v digest_ctx Digest context + * @v data Data + * @v len Length of data + */ +static inline void hmac_update ( struct crypto_algorithm *digest, + void *digest_ctx, const void *data, + size_t len ) { + digest_update ( digest, digest_ctx, data, len ); +} + +extern void hmac_init ( struct crypto_algorithm *digest, void *digest_ctx, + void *key, size_t *key_len ); +extern void hmac_final ( struct crypto_algorithm *digest, void *digest_ctx, + void *key, size_t *key_len, void *hmac ); + +#endif /* _GPXE_HMAC_H */ diff --git a/src/include/gpxe/http.h b/src/include/gpxe/http.h index a2abec1dc..fa92a9505 100644 --- a/src/include/gpxe/http.h +++ b/src/include/gpxe/http.h @@ -13,4 +13,9 @@ /** HTTPS default port */ #define HTTPS_PORT 443 +extern int http_open_filter ( struct xfer_interface *xfer, struct uri *uri, + unsigned int default_port, + int ( * filter ) ( struct xfer_interface *, + struct xfer_interface ** ) ); + #endif /* _GPXE_HTTP_H */ diff --git a/src/include/gpxe/iscsi.h b/src/include/gpxe/iscsi.h index d9dd43079..e4df68494 100644 --- a/src/include/gpxe/iscsi.h +++ b/src/include/gpxe/iscsi.h @@ -8,6 +8,7 @@ */ #include <stdint.h> +#include <gpxe/socket.h> #include <gpxe/scsi.h> #include <gpxe/chap.h> #include <gpxe/refcnt.h> @@ -501,6 +502,8 @@ struct iscsi_session { char *target_iqn; /** Logical Unit Number (LUN) */ uint64_t lun; + /** Target socket address (recorded only for iBFT) */ + struct sockaddr target_sockaddr; /** Session status * @@ -514,6 +517,11 @@ struct iscsi_session { * Reset upon a successful connection. */ int retry_count; + + /** Username (if any) */ + char *username; + /** Password (if any) */ + char *password; /** CHAP challenge/response */ struct chap_challenge chap; @@ -641,5 +649,6 @@ struct iscsi_session { extern int iscsi_attach ( struct scsi_device *scsi, const char *root_path ); extern void iscsi_detach ( struct scsi_device *scsi ); +extern const char * iscsi_initiator_iqn ( void ); #endif /* _GPXE_ISCSI_H */ diff --git a/src/include/gpxe/open.h b/src/include/gpxe/open.h index abba29c4c..beab0a1f7 100644 --- a/src/include/gpxe/open.h +++ b/src/include/gpxe/open.h @@ -7,6 +7,7 @@ * */ +#include <stdarg.h> #include <gpxe/tables.h> struct xfer_interface; diff --git a/src/include/gpxe/tls.h b/src/include/gpxe/tls.h index 19ab9801e..a8cf16ef3 100644 --- a/src/include/gpxe/tls.h +++ b/src/include/gpxe/tls.h @@ -1,12 +1,171 @@ #ifndef _GPXE_TLS_H #define _GPXE_TLS_H -#include <errno.h> +/** + * @file + * + * Transport Layer Security Protocol + */ -struct stream_application; +#include <stdint.h> +#include <gpxe/refcnt.h> +#include <gpxe/filter.h> +#include <gpxe/process.h> +#include <gpxe/crypto.h> +#include <gpxe/md5.h> +#include <gpxe/sha1.h> -static inline int add_tls ( struct stream_application *app __unused ) { - return -ENOTSUP; -} +/** A TLS header */ +struct tls_header { + /** Content type + * + * This is a TLS_TYPE_XXX constant + */ + uint8_t type; + /** Protocol version + * + * This is a TLS_VERSION_XXX constant + */ + uint16_t version; + /** Length of payload */ + uint16_t length; +} __attribute__ (( packed )); + +/** TLS version 1.0 */ +#define TLS_VERSION_TLS_1_0 0x0301 + +/** TLS version 1.1 */ +#define TLS_VERSION_TLS_1_1 0x0302 + +/** Change cipher content type */ +#define TLS_TYPE_CHANGE_CIPHER 20 + +/** Alert content type */ +#define TLS_TYPE_ALERT 21 + +/** Handshake content type */ +#define TLS_TYPE_HANDSHAKE 22 + +/** Application data content type */ +#define TLS_TYPE_DATA 23 + +/* Handshake message types */ +#define TLS_HELLO_REQUEST 0 +#define TLS_CLIENT_HELLO 1 +#define TLS_SERVER_HELLO 2 +#define TLS_CERTIFICATE 11 +#define TLS_SERVER_KEY_EXCHANGE 12 +#define TLS_CERTIFICATE_REQUEST 13 +#define TLS_SERVER_HELLO_DONE 14 +#define TLS_CERTIFICATE_VERIFY 15 +#define TLS_CLIENT_KEY_EXCHANGE 16 +#define TLS_FINISHED 20 + +/* TLS alert levels */ +#define TLS_ALERT_WARNING 1 +#define TLS_ALERT_FATAL 2 + +/* TLS cipher specifications */ +#define TLS_RSA_WITH_NULL_MD5 0x0001 +#define TLS_RSA_WITH_NULL_SHA 0x0002 +#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002f +#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 + +/** TLS RX state machine state */ +enum tls_rx_state { + TLS_RX_HEADER = 0, + TLS_RX_DATA, +}; + +/** TLS TX state machine state */ +enum tls_tx_state { + TLS_TX_NONE = 0, + TLS_TX_CLIENT_HELLO, + TLS_TX_CLIENT_KEY_EXCHANGE, + TLS_TX_CHANGE_CIPHER, + TLS_TX_FINISHED, + TLS_TX_DATA +}; + +/** A TLS cipher specification */ +struct tls_cipherspec { + /** Public-key encryption algorithm */ + struct crypto_algorithm *pubkey; + /** Bulk encryption cipher algorithm */ + struct crypto_algorithm *cipher; + /** MAC digest algorithm */ + struct crypto_algorithm *digest; + /** Key length */ + size_t key_len; + /** Dynamically-allocated storage */ + void *dynamic; + /** Public key encryption context */ + void *pubkey_ctx; + /** Bulk encryption cipher context */ + void *cipher_ctx; + /** Next bulk encryption cipher context (TX only) */ + void *cipher_next_ctx; + /** MAC secret */ + void *mac_secret; +}; + +/** A TLS session */ +struct tls_session { + /** Reference counter */ + struct refcnt refcnt; + + /** Plaintext stream */ + struct xfer_filter_half plainstream; + /** Ciphertext stream */ + struct xfer_filter_half cipherstream; + + /** Current TX cipher specification */ + struct tls_cipherspec tx_cipherspec; + /** Next TX cipher specification */ + struct tls_cipherspec tx_cipherspec_pending; + /** Current RX cipher specification */ + struct tls_cipherspec rx_cipherspec; + /** Next RX cipher specification */ + struct tls_cipherspec rx_cipherspec_pending; + /** Premaster secret */ + uint8_t pre_master_secret[48]; + /** Master secret */ + uint8_t master_secret[48]; + /** Server random bytes */ + uint8_t server_random[32]; + /** Client random bytes */ + uint8_t client_random[32]; + /** MD5 context for handshake verification */ + uint8_t handshake_md5_ctx[MD5_CTX_SIZE]; + /** SHA1 context for handshake verification */ + uint8_t handshake_sha1_ctx[SHA1_CTX_SIZE]; + + /** Hack: server RSA public key */ + uint8_t *rsa_mod; + size_t rsa_mod_len; + uint8_t *rsa_pub_exp; + size_t rsa_pub_exp_len; + + /** TX sequence number */ + uint64_t tx_seq; + /** TX state */ + enum tls_tx_state tx_state; + /** TX process */ + struct process process; + + /** RX sequence number */ + uint64_t rx_seq; + /** RX state */ + enum tls_rx_state rx_state; + /** Offset within current RX state */ + size_t rx_rcvd; + /** Current received record header */ + struct tls_header rx_header; + /** Current received raw data buffer */ + void *rx_data; +}; + +extern int add_tls ( struct xfer_interface *xfer, + struct xfer_interface **next ); #endif /* _GPXE_TLS_H */ |