static isc_result_t value_fromwire(isccc_region_t *source, isccc_sexpr_t **valuep) { unsigned int msgtype; isc_uint32_t len; isccc_sexpr_t *value; isccc_region_t active; isc_result_t result; if (REGION_SIZE(*source) < 1 + 4) return (ISC_R_UNEXPECTEDEND); GET8(msgtype, source->rstart); GET32(len, source->rstart); if (REGION_SIZE(*source) < len) return (ISC_R_UNEXPECTEDEND); active.rstart = source->rstart; active.rend = active.rstart + len; source->rstart = active.rend; if (msgtype == ISCCC_CCMSGTYPE_BINARYDATA) { value = isccc_sexpr_frombinary(&active); if (value != NULL) { *valuep = value; result = ISC_R_SUCCESS; } else result = ISC_R_NOMEMORY; } else if (msgtype == ISCCC_CCMSGTYPE_TABLE) result = table_fromwire(&active, NULL, valuep); else if (msgtype == ISCCC_CCMSGTYPE_LIST) result = list_fromwire(&active, valuep); else result = ISCCC_R_SYNTAX; return (result); }
isc_result_t isccc_cc_towire(isccc_sexpr_t *alist, isccc_region_t *target, isc_uint32_t algorithm, isccc_region_t *secret) { unsigned char *hmac_rstart, *signed_rstart; isc_result_t result; if (algorithm == ISCCC_ALG_HMACMD5) { if (REGION_SIZE(*target) < 4 + sizeof(auth_hmd5)) return (ISC_R_NOSPACE); } else { if (REGION_SIZE(*target) < 4 + sizeof(auth_hsha)) return (ISC_R_NOSPACE); } /* * Emit protocol version. */ PUT32(1, target->rstart); if (secret != NULL) { /* * Emit _auth section with zeroed HMAC signature. * We'll replace the zeros with the real signature once * we know what it is. */ if (algorithm == ISCCC_ALG_HMACMD5) { hmac_rstart = target->rstart + HMD5_OFFSET; PUT_MEM(auth_hmd5, sizeof(auth_hmd5), target->rstart); } else { unsigned char *hmac_alg; hmac_rstart = target->rstart + HSHA_OFFSET; hmac_alg = hmac_rstart - 1; PUT_MEM(auth_hsha, sizeof(auth_hsha), target->rstart); PUT8(algorithm, hmac_alg); } } else hmac_rstart = NULL; signed_rstart = target->rstart; /* * Delete any existing _auth section so that we don't try * to encode it. */ isccc_alist_delete(alist, "_auth"); /* * Emit the message. */ result = table_towire(alist, target); if (result != ISC_R_SUCCESS) return (result); if (secret != NULL) return (sign(signed_rstart, (unsigned int)(target->rstart - signed_rstart), hmac_rstart, algorithm, secret)); return (ISC_R_SUCCESS); }
void sdm845_mmu_init(void) { mmu_init(); mmu_config_range((void *)(4 * KiB), ((4UL * GiB) - (4 * KiB)), DEV_MEM); mmu_config_range((void *)_ssram, REGION_SIZE(ssram), CACHED_RAM); mmu_config_range((void *)_bsram, REGION_SIZE(bsram), CACHED_RAM); mmu_config_range((void *)_dma_coherent, REGION_SIZE(dma_coherent), UNCACHED_RAM); mmu_enable(); }
static isc_result_t table_towire(isccc_sexpr_t *alist, isccc_region_t *target) { isccc_sexpr_t *kv, *elt, *k, *v; char *ks; isc_result_t result; size_t len; for (elt = isccc_alist_first(alist); elt != NULL; elt = ISCCC_SEXPR_CDR(elt)) { kv = ISCCC_SEXPR_CAR(elt); k = ISCCC_SEXPR_CAR(kv); ks = isccc_sexpr_tostring(k); v = ISCCC_SEXPR_CDR(kv); len = strlen(ks); INSIST(len <= 255U); /* * Emit the key name. */ if (REGION_SIZE(*target) < 1 + len) return (ISC_R_NOSPACE); PUT8(len, target->rstart); PUT_MEM(ks, len, target->rstart); /* * Emit the value. */ result = value_towire(v, target); if (result != ISC_R_SUCCESS) return (result); } return (ISC_R_SUCCESS); }
isccc_sexpr_t * isccc_sexpr_frombinary(const isccc_region_t *region) { isccc_sexpr_t *sexpr; unsigned int region_size; sexpr = malloc(sizeof(*sexpr)); if (sexpr == NULL) return (NULL); sexpr->type = ISCCC_SEXPRTYPE_BINARY; region_size = REGION_SIZE(*region); /* * We add an extra byte when we malloc so we can NUL terminate * the binary data. This allows the caller to use it as a C * string. It's up to the caller to ensure this is safe. We don't * add 1 to the length of the binary region, because the NUL is * not part of the binary data. */ sexpr->value.as_region.rstart = malloc(region_size + 1); if (sexpr->value.as_region.rstart == NULL) { free(sexpr); return (NULL); } sexpr->value.as_region.rend = sexpr->value.as_region.rstart + region_size; memmove(sexpr->value.as_region.rstart, region->rstart, region_size); /* * NUL terminate. */ sexpr->value.as_region.rstart[region_size] = '\0'; return (sexpr); }
void main(void) { timestamp_add_now(TS_START_ROMSTAGE); console_init(); exception_init(); configure_l2ctlr(); tsadc_init(); /* vdd_log 1200mv is enough for ddr run 666Mhz */ regulate_vdd_log(1200); timestamp_add_now(TS_BEFORE_INITRAM); sdram_init(get_sdram_config()); timestamp_add_now(TS_AFTER_INITRAM); /* Now that DRAM is up, add mappings for it and DMA coherency buffer. */ mmu_config_range((uintptr_t)_dram/MiB, sdram_size_mb(), DCACHE_WRITEBACK); mmu_config_range((uintptr_t)_dma_coherent/MiB, REGION_SIZE(dma_coherent)/MiB, DCACHE_OFF); cbmem_initialize_empty(); run_ramstage(); }
static void rndc_connected(isc_task_t *task, isc_event_t *event) { char socktext[ISC_SOCKADDR_FORMATSIZE]; isc_socketevent_t *sevent = (isc_socketevent_t *)event; isccc_sexpr_t *request = NULL; isccc_sexpr_t *data; isccc_time_t now; isccc_region_t message; isc_region_t r; isc_uint32_t len; isc_buffer_t b; isc_result_t result; connects--; if (sevent->result != ISC_R_SUCCESS) { isc_sockaddr_format(&serveraddrs[currentaddr], socktext, sizeof(socktext)); if (sevent->result != ISC_R_CANCELED && ++currentaddr < nserveraddrs) { notify("connection failed: %s: %s", socktext, isc_result_totext(sevent->result)); isc_socket_detach(&sock); isc_event_free(&event); rndc_startconnect(&serveraddrs[currentaddr], task); return; } else fatal("connect failed: %s: %s", socktext, isc_result_totext(sevent->result)); } isc_stdtime_get(&now); DO("create message", isccc_cc_createmessage(1, NULL, NULL, ++serial, now, now + 60, &request)); data = isccc_alist_lookup(request, "_data"); if (data == NULL) fatal("_data section missing"); if (isccc_cc_definestring(data, "type", "null") == NULL) fatal("out of memory"); message.rstart = databuf + 4; message.rend = databuf + sizeof(databuf); DO("render message", isccc_cc_towire(request, &message, &secret)); len = sizeof(databuf) - REGION_SIZE(message); isc_buffer_init(&b, databuf, 4); isc_buffer_putuint32(&b, len - 4); r.length = len; r.base = databuf; isccc_ccmsg_init(mctx, sock, &ccmsg); isccc_ccmsg_setmaxsize(&ccmsg, 1024 * 1024); DO("schedule recv", isccc_ccmsg_readmessage(&ccmsg, task, rndc_recvnonce, NULL)); recvs++; DO("send message", isc_socket_send(sock, &r, task, rndc_senddone, NULL)); sends++; isc_event_free(&event); }
static isc_result_t table_fromwire(isccc_region_t *source, isccc_region_t *secret, isc_uint32_t algorithm, isccc_sexpr_t **alistp) { char key[256]; isc_uint32_t len; isc_result_t result; isccc_sexpr_t *alist, *value; isc_boolean_t first_tag; unsigned char *checksum_rstart; REQUIRE(alistp != NULL && *alistp == NULL); checksum_rstart = NULL; first_tag = ISC_TRUE; alist = isccc_alist_create(); if (alist == NULL) return (ISC_R_NOMEMORY); while (!REGION_EMPTY(*source)) { GET8(len, source->rstart); if (REGION_SIZE(*source) < len) { result = ISC_R_UNEXPECTEDEND; goto bad; } GET_MEM(key, len, source->rstart); key[len] = '\0'; /* Ensure NUL termination. */ value = NULL; result = value_fromwire(source, &value); if (result != ISC_R_SUCCESS) goto bad; if (isccc_alist_define(alist, key, value) == NULL) { result = ISC_R_NOMEMORY; goto bad; } if (first_tag && secret != NULL && strcmp(key, "_auth") == 0) checksum_rstart = source->rstart; first_tag = ISC_FALSE; } if (secret != NULL) { if (checksum_rstart != NULL) result = verify(alist, checksum_rstart, (unsigned int) (source->rend - checksum_rstart), algorithm, secret); else result = ISCCC_R_BADAUTH; } else result = ISC_R_SUCCESS; bad: if (result == ISC_R_SUCCESS) *alistp = alist; else isccc_sexpr_free(&alist); return (result); }
/* Let's prepare the ACPI S3 Resume area now already, so we can rely on * it being there during reboot time. If this fails, ACPI resume will * be disabled. We assume that ramstage does not change while in suspend, * so base and size of the currently running ramstage are used * for allocation. */ void acpi_prepare_resume_backup(void) { if (!acpi_s3_resume_allowed()) return; if (CONFIG(RELOCATABLE_RAMSTAGE)) return; backup_create_or_update(NULL, (uintptr_t)_program, REGION_SIZE(program)); }
void isccc_sexpr_print(isccc_sexpr_t *sexpr, FILE *stream) { isccc_sexpr_t *cdr; unsigned int size, i; unsigned char *curr; if (sexpr == NULL) { fprintf(stream, "nil"); return; } switch (sexpr->type) { case ISCCC_SEXPRTYPE_T: fprintf(stream, "t"); break; case ISCCC_SEXPRTYPE_STRING: fprintf(stream, "\"%s\"", sexpr->value.as_string); break; case ISCCC_SEXPRTYPE_DOTTEDPAIR: fprintf(stream, "("); do { isccc_sexpr_print(CAR(sexpr), stream); cdr = CDR(sexpr); if (cdr != NULL) { fprintf(stream, " "); if (cdr->type != ISCCC_SEXPRTYPE_DOTTEDPAIR) { fprintf(stream, ". "); isccc_sexpr_print(cdr, stream); cdr = NULL; } } sexpr = cdr; } while (sexpr != NULL); fprintf(stream, ")"); break; case ISCCC_SEXPRTYPE_BINARY: size = REGION_SIZE(sexpr->value.as_region); curr = sexpr->value.as_region.rstart; if (printable(&sexpr->value.as_region)) { fprintf(stream, "'%.*s'", (int)size, curr); } else { fprintf(stream, "0x"); for (i = 0; i < size; i++) fprintf(stream, "%02x", *curr++); } break; default: INSIST(0); } }
isc_result_t isccc_cc_fromwire(isccc_region_t *source, isccc_sexpr_t **alistp, isccc_region_t *secret) { unsigned int size; isc_uint32_t version; size = REGION_SIZE(*source); if (size < 4) return (ISC_R_UNEXPECTEDEND); GET32(version, source->rstart); if (version != 1) return (ISCCC_R_UNKNOWNVERSION); return (table_fromwire(source, secret, alistp)); }
static isc_result_t verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length, isccc_region_t *secret) { isc_hmacmd5_t ctx; isccc_region_t source; isccc_region_t target; isc_result_t result; isccc_sexpr_t *_auth, *hmd5; unsigned char digest[ISC_MD5_DIGESTLENGTH]; unsigned char digestb64[ISC_MD5_DIGESTLENGTH * 4]; /* * Extract digest. */ _auth = isccc_alist_lookup(alist, "_auth"); if (_auth == NULL) return (ISC_R_FAILURE); hmd5 = isccc_alist_lookup(_auth, "hmd5"); if (hmd5 == NULL) return (ISC_R_FAILURE); /* * Compute digest. */ isc_hmacmd5_init(&ctx, secret->rstart, REGION_SIZE(*secret)); isc_hmacmd5_update(&ctx, data, length); isc_hmacmd5_sign(&ctx, digest); source.rstart = digest; source.rend = digest + ISC_MD5_DIGESTLENGTH; target.rstart = digestb64; target.rend = digestb64 + ISC_MD5_DIGESTLENGTH * 4; result = isccc_base64_encode(&source, 64, "", &target); if (result != ISC_R_SUCCESS) return (result); /* * Strip trailing == and NUL terminate target. */ target.rstart -= 2; *target.rstart++ = '\0'; /* * Verify. */ if (strcmp((char *)digestb64, isccc_sexpr_tostring(hmd5)) != 0) return (ISCCC_R_BADAUTH); return (ISC_R_SUCCESS); }
void platform_romstage_main(void) { tsadc_init(TSHUT_POL_HIGH); /* Init DVS to conservative values. */ init_dvs_outputs(); prepare_sdmmc(); prepare_usb(); sdram_init(get_sdram_config()); mmu_config_range((void *)0, (uintptr_t)sdram_size_mb() * MiB, CACHED_MEM); mmu_config_range(_dma_coherent, REGION_SIZE(dma_coherent), UNCACHED_MEM); }
void fsp_memory_init(bool s3wake) { struct fsp_header hdr; enum cb_err status; struct cbfsf file_desc; struct region_device file_data; const char *name = CONFIG_FSP_M_CBFS; struct memranges memmap; struct range_entry freeranges[2]; if (CONFIG(ELOG_BOOT_COUNT) && !s3wake) boot_count_increment(); if (cbfs_boot_locate(&file_desc, name, NULL)) { printk(BIOS_CRIT, "Could not locate %s in CBFS\n", name); die("FSPM not available!\n"); } cbfs_file_data(&file_data, &file_desc); /* Build up memory map of romstage address space including CAR. */ memranges_init_empty(&memmap, &freeranges[0], ARRAY_SIZE(freeranges)); memranges_insert(&memmap, (uintptr_t)_car_region_start, _car_relocatable_data_end - _car_region_start, 0); memranges_insert(&memmap, (uintptr_t)_program, REGION_SIZE(program), 0); if (!CONFIG(FSP_M_XIP)) status = load_fspm_mem(&hdr, &file_data, &memmap); else status = load_fspm_xip(&hdr, &file_data); if (status != CB_SUCCESS) die("Loading FSPM failed!\n"); /* Signal that FSP component has been loaded. */ prog_segment_loaded(hdr.image_base, hdr.image_size, SEG_FINAL); do_fsp_memory_init(&hdr, s3wake, &memmap); }
static isc_result_t sign(unsigned char *data, unsigned int length, unsigned char *hmd5, isccc_region_t *secret) { isc_hmacmd5_t ctx; isc_result_t result; isccc_region_t source, target; unsigned char digest[ISC_MD5_DIGESTLENGTH]; unsigned char digestb64[ISC_MD5_DIGESTLENGTH * 4]; isc_hmacmd5_init(&ctx, secret->rstart, REGION_SIZE(*secret)); isc_hmacmd5_update(&ctx, data, length); isc_hmacmd5_sign(&ctx, digest); source.rstart = digest; source.rend = digest + ISC_MD5_DIGESTLENGTH; target.rstart = digestb64; target.rend = digestb64 + ISC_MD5_DIGESTLENGTH * 4; result = isccc_base64_encode(&source, 64, "", &target); if (result != ISC_R_SUCCESS) return (result); PUT_MEM(digestb64, HMD5_LENGTH, hmd5); return (ISC_R_SUCCESS); }
static void control_recvmessage(isc_task_t *task, isc_event_t *event) { controlconnection_t *conn; controllistener_t *listener; controlkey_t *key; isccc_sexpr_t *request = NULL; isccc_sexpr_t *response = NULL; isc_uint32_t algorithm; isccc_region_t secret; isc_stdtime_t now; isc_buffer_t b; isc_region_t r; isc_buffer_t *text; isc_result_t result; isc_result_t eresult; isccc_sexpr_t *_ctrl; isccc_time_t sent; isccc_time_t exp; isc_uint32_t nonce; isccc_sexpr_t *data; REQUIRE(event->ev_type == ISCCC_EVENT_CCMSG); conn = event->ev_arg; listener = conn->listener; algorithm = DST_ALG_UNKNOWN; secret.rstart = NULL; text = NULL; /* Is the server shutting down? */ if (listener->controls->shuttingdown) goto cleanup; if (conn->ccmsg.result != ISC_R_SUCCESS) { if (conn->ccmsg.result != ISC_R_CANCELED && conn->ccmsg.result != ISC_R_EOF) log_invalid(&conn->ccmsg, conn->ccmsg.result); goto cleanup; } request = NULL; for (key = ISC_LIST_HEAD(listener->keys); key != NULL; key = ISC_LIST_NEXT(key, link)) { isccc_region_t ccregion; ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer); ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer); secret.rstart = isc_mem_get(listener->mctx, key->secret.length); if (secret.rstart == NULL) goto cleanup; memmove(secret.rstart, key->secret.base, key->secret.length); secret.rend = secret.rstart + key->secret.length; algorithm = key->algorithm; result = isccc_cc_fromwire(&ccregion, &request, algorithm, &secret); if (result == ISC_R_SUCCESS) break; isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); if (result != ISCCC_R_BADAUTH) { log_invalid(&conn->ccmsg, result); goto cleanup; } } if (key == NULL) { log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH); goto cleanup; } /* We shouldn't be getting a reply. */ if (isccc_cc_isreply(request)) { log_invalid(&conn->ccmsg, ISC_R_FAILURE); goto cleanup_request; } isc_stdtime_get(&now); /* * Limit exposure to replay attacks. */ _ctrl = isccc_alist_lookup(request, "_ctrl"); if (_ctrl == NULL) { log_invalid(&conn->ccmsg, ISC_R_FAILURE); goto cleanup_request; } if (isccc_cc_lookupuint32(_ctrl, "_tim", &sent) == ISC_R_SUCCESS) { if ((sent + CLOCKSKEW) < now || (sent - CLOCKSKEW) > now) { log_invalid(&conn->ccmsg, ISCCC_R_CLOCKSKEW); goto cleanup_request; } } else { log_invalid(&conn->ccmsg, ISC_R_FAILURE); goto cleanup_request; } /* * Expire messages that are too old. */ if (isccc_cc_lookupuint32(_ctrl, "_exp", &exp) == ISC_R_SUCCESS && now > exp) { log_invalid(&conn->ccmsg, ISCCC_R_EXPIRED); goto cleanup_request; } /* * Duplicate suppression (required for UDP). */ isccc_cc_cleansymtab(listener->controls->symtab, now); result = isccc_cc_checkdup(listener->controls->symtab, request, now); if (result != ISC_R_SUCCESS) { if (result == ISC_R_EXISTS) result = ISCCC_R_DUPLICATE; log_invalid(&conn->ccmsg, result); goto cleanup_request; } if (conn->nonce != 0 && (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS || conn->nonce != nonce)) { log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH); goto cleanup_request; } result = isc_buffer_allocate(listener->mctx, &text, 2 * 2048); if (result != ISC_R_SUCCESS) goto cleanup_request; /* * Establish nonce. */ if (conn->nonce == 0) { while (conn->nonce == 0) isc_random_get(&conn->nonce); eresult = ISC_R_SUCCESS; } else eresult = ns_control_docommand(request, &text); result = isccc_cc_createresponse(request, now, now + 60, &response); if (result != ISC_R_SUCCESS) goto cleanup_request; data = isccc_alist_lookup(response, "_data"); if (data != NULL) { if (isccc_cc_defineuint32(data, "result", eresult) == NULL) goto cleanup_response; } if (eresult != ISC_R_SUCCESS) { if (data != NULL) { const char *estr = isc_result_totext(eresult); if (isccc_cc_definestring(data, "err", estr) == NULL) goto cleanup_response; } } if (isc_buffer_usedlength(text) > 0) { if (data != NULL) { char *str = (char *)isc_buffer_base(text); if (isccc_cc_definestring(data, "text", str) == NULL) goto cleanup_response; } } _ctrl = isccc_alist_lookup(response, "_ctrl"); if (_ctrl == NULL || isccc_cc_defineuint32(_ctrl, "_nonce", conn->nonce) == NULL) goto cleanup_response; if (conn->buffer == NULL) { result = isc_buffer_allocate(listener->mctx, &conn->buffer, 2 * 2048); if (result != ISC_R_SUCCESS) goto cleanup_response; } isc_buffer_clear(conn->buffer); /* Skip the length field (4 bytes) */ isc_buffer_add(conn->buffer, 4); result = isccc_cc_towire(response, &conn->buffer, algorithm, &secret); if (result != ISC_R_SUCCESS) goto cleanup_response; isc_buffer_init(&b, conn->buffer->base, 4); isc_buffer_putuint32(&b, conn->buffer->used - 4); r.base = conn->buffer->base; r.length = conn->buffer->used; result = isc_socket_send(conn->sock, &r, task, control_senddone, conn); if (result != ISC_R_SUCCESS) goto cleanup_response; conn->sending = ISC_TRUE; isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); isccc_sexpr_free(&request); isccc_sexpr_free(&response); isc_buffer_free(&text); return; cleanup_response: isccc_sexpr_free(&response); cleanup_request: isccc_sexpr_free(&request); isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); if (text != NULL) isc_buffer_free(&text); cleanup: isc_socket_detach(&conn->sock); isccc_ccmsg_invalidate(&conn->ccmsg); conn->ccmsg_valid = ISC_FALSE; maybe_free_connection(conn); maybe_free_listener(listener); }
static void rndc_recvnonce(isc_task_t *task, isc_event_t *event) { isccc_sexpr_t *response = NULL; isccc_sexpr_t *_ctrl; isccc_region_t source; isc_result_t result; isc_uint32_t nonce; isccc_sexpr_t *request = NULL; isccc_time_t now; isc_region_t r; isccc_sexpr_t *data; isccc_region_t message; isc_uint32_t len; isc_buffer_t b; recvs--; if (ccmsg.result == ISC_R_EOF) fatal("connection to remote host closed\n" "This may indicate that the remote server is using " "an older version of \n" "the command protocol, this host is not authorized " "to connect,\nor the key is invalid."); if (ccmsg.result != ISC_R_SUCCESS) fatal("recv failed: %s", isc_result_totext(ccmsg.result)); source.rstart = isc_buffer_base(&ccmsg.buffer); source.rend = isc_buffer_used(&ccmsg.buffer); DO("parse message", isccc_cc_fromwire(&source, &response, &secret)); _ctrl = isccc_alist_lookup(response, "_ctrl"); if (_ctrl == NULL) fatal("_ctrl section missing"); nonce = 0; if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS) nonce = 0; isc_stdtime_get(&now); DO("create message", isccc_cc_createmessage(1, NULL, NULL, ++serial, now, now + 60, &request)); data = isccc_alist_lookup(request, "_data"); if (data == NULL) fatal("_data section missing"); if (isccc_cc_definestring(data, "type", args) == NULL) fatal("out of memory"); if (nonce != 0) { _ctrl = isccc_alist_lookup(request, "_ctrl"); if (_ctrl == NULL) fatal("_ctrl section missing"); if (isccc_cc_defineuint32(_ctrl, "_nonce", nonce) == NULL) fatal("out of memory"); } message.rstart = databuf + 4; message.rend = databuf + sizeof(databuf); DO("render message", isccc_cc_towire(request, &message, &secret)); len = sizeof(databuf) - REGION_SIZE(message); isc_buffer_init(&b, databuf, 4); isc_buffer_putuint32(&b, len - 4); r.length = len; r.base = databuf; isccc_ccmsg_cancelread(&ccmsg); DO("schedule recv", isccc_ccmsg_readmessage(&ccmsg, task, rndc_recvdone, NULL)); recvs++; DO("send message", isc_socket_send(sock, &r, task, rndc_senddone, NULL)); sends++; isc_event_free(&event); isccc_sexpr_free(&response); return; }
static isc_result_t value_towire(isccc_sexpr_t *elt, isccc_region_t *target) { size_t len; unsigned char *lenp; isccc_region_t *vr; isc_result_t result; if (isccc_sexpr_binaryp(elt)) { vr = isccc_sexpr_tobinary(elt); len = REGION_SIZE(*vr); if (REGION_SIZE(*target) < 1 + 4 + len) return (ISC_R_NOSPACE); PUT8(ISCCC_CCMSGTYPE_BINARYDATA, target->rstart); PUT32(len, target->rstart); if (REGION_SIZE(*target) < len) return (ISC_R_NOSPACE); PUT_MEM(vr->rstart, len, target->rstart); } else if (isccc_alist_alistp(elt)) { if (REGION_SIZE(*target) < 1 + 4) return (ISC_R_NOSPACE); PUT8(ISCCC_CCMSGTYPE_TABLE, target->rstart); /* * Emit a placeholder length. */ lenp = target->rstart; PUT32(0, target->rstart); /* * Emit the table. */ result = table_towire(elt, target); if (result != ISC_R_SUCCESS) return (result); len = (size_t)(target->rstart - lenp); /* * 'len' is 4 bytes too big, since it counts * the placeholder length too. Adjust and * emit. */ INSIST(len >= 4U); len -= 4; PUT32(len, lenp); } else if (isccc_sexpr_listp(elt)) { if (REGION_SIZE(*target) < 1 + 4) return (ISC_R_NOSPACE); PUT8(ISCCC_CCMSGTYPE_LIST, target->rstart); /* * Emit a placeholder length and count. */ lenp = target->rstart; PUT32(0, target->rstart); /* * Emit the list. */ result = list_towire(elt, target); if (result != ISC_R_SUCCESS) return (result); len = (size_t)(target->rstart - lenp); /* * 'len' is 4 bytes too big, since it counts * the placeholder length. Adjust and emit. */ INSIST(len >= 4U); len -= 4; PUT32(len, lenp); } return (ISC_R_SUCCESS); }
static isc_result_t sign(unsigned char *data, unsigned int length, unsigned char *hmac, isc_uint32_t algorithm, isccc_region_t *secret) { union { isc_hmacmd5_t hmd5; isc_hmacsha1_t hsha; isc_hmacsha224_t h224; isc_hmacsha256_t h256; isc_hmacsha384_t h384; isc_hmacsha512_t h512; } ctx; isc_result_t result; isccc_region_t source, target; unsigned char digest[ISC_SHA512_DIGESTLENGTH]; unsigned char digestb64[HSHA_LENGTH + 4]; source.rstart = digest; switch (algorithm) { case ISCCC_ALG_HMACMD5: isc_hmacmd5_init(&ctx.hmd5, secret->rstart, REGION_SIZE(*secret)); isc_hmacmd5_update(&ctx.hmd5, data, length); isc_hmacmd5_sign(&ctx.hmd5, digest); source.rend = digest + ISC_MD5_DIGESTLENGTH; break; case ISCCC_ALG_HMACSHA1: isc_hmacsha1_init(&ctx.hsha, secret->rstart, REGION_SIZE(*secret)); isc_hmacsha1_update(&ctx.hsha, data, length); isc_hmacsha1_sign(&ctx.hsha, digest, ISC_SHA1_DIGESTLENGTH); source.rend = digest + ISC_SHA1_DIGESTLENGTH; break; case ISCCC_ALG_HMACSHA224: isc_hmacsha224_init(&ctx.h224, secret->rstart, REGION_SIZE(*secret)); isc_hmacsha224_update(&ctx.h224, data, length); isc_hmacsha224_sign(&ctx.h224, digest, ISC_SHA224_DIGESTLENGTH); source.rend = digest + ISC_SHA224_DIGESTLENGTH; break; case ISCCC_ALG_HMACSHA256: isc_hmacsha256_init(&ctx.h256, secret->rstart, REGION_SIZE(*secret)); isc_hmacsha256_update(&ctx.h256, data, length); isc_hmacsha256_sign(&ctx.h256, digest, ISC_SHA256_DIGESTLENGTH); source.rend = digest + ISC_SHA256_DIGESTLENGTH; break; case ISCCC_ALG_HMACSHA384: isc_hmacsha384_init(&ctx.h384, secret->rstart, REGION_SIZE(*secret)); isc_hmacsha384_update(&ctx.h384, data, length); isc_hmacsha384_sign(&ctx.h384, digest, ISC_SHA384_DIGESTLENGTH); source.rend = digest + ISC_SHA384_DIGESTLENGTH; break; case ISCCC_ALG_HMACSHA512: isc_hmacsha512_init(&ctx.h512, secret->rstart, REGION_SIZE(*secret)); isc_hmacsha512_update(&ctx.h512, data, length); isc_hmacsha512_sign(&ctx.h512, digest, ISC_SHA512_DIGESTLENGTH); source.rend = digest + ISC_SHA512_DIGESTLENGTH; break; default: return (ISC_R_FAILURE); } memset(digestb64, 0, sizeof(digestb64)); target.rstart = digestb64; target.rend = digestb64 + sizeof(digestb64); result = isccc_base64_encode(&source, 64, "", &target); if (result != ISC_R_SUCCESS) return (result); if (algorithm == ISCCC_ALG_HMACMD5) PUT_MEM(digestb64, HMD5_LENGTH, hmac); else PUT_MEM(digestb64, HSHA_LENGTH, hmac); return (ISC_R_SUCCESS); }
static isc_result_t verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length, isc_uint32_t algorithm, isccc_region_t *secret) { union { isc_hmacmd5_t hmd5; isc_hmacsha1_t hsha; isc_hmacsha224_t h224; isc_hmacsha256_t h256; isc_hmacsha384_t h384; isc_hmacsha512_t h512; } ctx; isccc_region_t source; isccc_region_t target; isc_result_t result; isccc_sexpr_t *_auth, *hmac; unsigned char digest[ISC_SHA512_DIGESTLENGTH]; unsigned char digestb64[HSHA_LENGTH * 4]; /* * Extract digest. */ _auth = isccc_alist_lookup(alist, "_auth"); if (!isccc_alist_alistp(_auth)) return (ISC_R_FAILURE); if (algorithm == ISCCC_ALG_HMACMD5) hmac = isccc_alist_lookup(_auth, "hmd5"); else hmac = isccc_alist_lookup(_auth, "hsha"); if (!isccc_sexpr_binaryp(hmac)) return (ISC_R_FAILURE); /* * Compute digest. */ source.rstart = digest; target.rstart = digestb64; switch (algorithm) { case ISCCC_ALG_HMACMD5: isc_hmacmd5_init(&ctx.hmd5, secret->rstart, REGION_SIZE(*secret)); isc_hmacmd5_update(&ctx.hmd5, data, length); isc_hmacmd5_sign(&ctx.hmd5, digest); source.rend = digest + ISC_MD5_DIGESTLENGTH; break; case ISCCC_ALG_HMACSHA1: isc_hmacsha1_init(&ctx.hsha, secret->rstart, REGION_SIZE(*secret)); isc_hmacsha1_update(&ctx.hsha, data, length); isc_hmacsha1_sign(&ctx.hsha, digest, ISC_SHA1_DIGESTLENGTH); source.rend = digest + ISC_SHA1_DIGESTLENGTH; break; case ISCCC_ALG_HMACSHA224: isc_hmacsha224_init(&ctx.h224, secret->rstart, REGION_SIZE(*secret)); isc_hmacsha224_update(&ctx.h224, data, length); isc_hmacsha224_sign(&ctx.h224, digest, ISC_SHA224_DIGESTLENGTH); source.rend = digest + ISC_SHA224_DIGESTLENGTH; break; case ISCCC_ALG_HMACSHA256: isc_hmacsha256_init(&ctx.h256, secret->rstart, REGION_SIZE(*secret)); isc_hmacsha256_update(&ctx.h256, data, length); isc_hmacsha256_sign(&ctx.h256, digest, ISC_SHA256_DIGESTLENGTH); source.rend = digest + ISC_SHA256_DIGESTLENGTH; break; case ISCCC_ALG_HMACSHA384: isc_hmacsha384_init(&ctx.h384, secret->rstart, REGION_SIZE(*secret)); isc_hmacsha384_update(&ctx.h384, data, length); isc_hmacsha384_sign(&ctx.h384, digest, ISC_SHA384_DIGESTLENGTH); source.rend = digest + ISC_SHA384_DIGESTLENGTH; break; case ISCCC_ALG_HMACSHA512: isc_hmacsha512_init(&ctx.h512, secret->rstart, REGION_SIZE(*secret)); isc_hmacsha512_update(&ctx.h512, data, length); isc_hmacsha512_sign(&ctx.h512, digest, ISC_SHA512_DIGESTLENGTH); source.rend = digest + ISC_SHA512_DIGESTLENGTH; break; default: return (ISC_R_FAILURE); } target.rstart = digestb64; target.rend = digestb64 + sizeof(digestb64); memset(digestb64, 0, sizeof(digestb64)); result = isccc_base64_encode(&source, 64, "", &target); if (result != ISC_R_SUCCESS) return (result); /* * Verify. */ if (algorithm == ISCCC_ALG_HMACMD5) { unsigned char *value; value = (unsigned char *) isccc_sexpr_tostring(hmac); if (!isc_safe_memequal(value, digestb64, HMD5_LENGTH)) return (ISCCC_R_BADAUTH); } else { unsigned char *value; isc_uint32_t valalg; value = (unsigned char *) isccc_sexpr_tostring(hmac); GET8(valalg, value); if ((valalg != algorithm) || !isc_safe_memequal(value, digestb64, HSHA_LENGTH)) return (ISCCC_R_BADAUTH); } return (ISC_R_SUCCESS); }