Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 1 | // SPDX-License-Identifier: GPL-2.0+ |
| 2 | /* Copyright (C) 2024 Linaro Ltd. */ |
| 3 | |
| 4 | #include <command.h> |
| 5 | #include <console.h> |
| 6 | #include <display_options.h> |
| 7 | #include <efi_loader.h> |
Tom Rini | c31301c | 2025-05-15 17:31:50 -0600 | [diff] [blame^] | 8 | #include <env.h> |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 9 | #include <image.h> |
| 10 | #include <lwip/apps/http_client.h> |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 11 | #include "lwip/altcp_tls.h" |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 12 | #include <lwip/timeouts.h> |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 13 | #include <rng.h> |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 14 | #include <mapmem.h> |
| 15 | #include <net.h> |
| 16 | #include <time.h> |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 17 | #include <dm/uclass.h> |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 18 | |
Heinrich Schuchardt | d064fc9 | 2024-11-08 18:45:26 +0100 | [diff] [blame] | 19 | #define SERVER_NAME_SIZE 254 |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 20 | #define HTTP_PORT_DEFAULT 80 |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 21 | #define HTTPS_PORT_DEFAULT 443 |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 22 | #define PROGRESS_PRINT_STEP_BYTES (100 * 1024) |
| 23 | |
| 24 | enum done_state { |
Jerome Forissier | 9708350 | 2024-11-07 12:27:57 +0100 | [diff] [blame] | 25 | NOT_DONE = 0, |
| 26 | SUCCESS = 1, |
| 27 | FAILURE = 2 |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 28 | }; |
| 29 | |
| 30 | struct wget_ctx { |
Adriano Cordova | a8a8d5c6 | 2024-11-11 18:09:00 -0300 | [diff] [blame] | 31 | char server_name[SERVER_NAME_SIZE]; |
| 32 | u16 port; |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 33 | char *path; |
| 34 | ulong daddr; |
| 35 | ulong saved_daddr; |
| 36 | ulong size; |
| 37 | ulong prevsize; |
| 38 | ulong start_time; |
| 39 | enum done_state done; |
| 40 | }; |
| 41 | |
Adriano Cordova | 25e8841 | 2024-11-11 18:09:01 -0300 | [diff] [blame] | 42 | static void wget_lwip_fill_info(struct pbuf *hdr, u16_t hdr_len, u32_t hdr_cont_len) |
| 43 | { |
Adriano Cordova | 50a2a0b | 2024-11-26 13:19:21 -0300 | [diff] [blame] | 44 | if (wget_info->headers) { |
| 45 | if (hdr_len < MAX_HTTP_HEADERS_SIZE) |
| 46 | pbuf_copy_partial(hdr, (void *)wget_info->headers, hdr_len, 0); |
| 47 | else |
| 48 | hdr_len = 0; |
| 49 | wget_info->headers[hdr_len] = 0; |
| 50 | } |
Adriano Cordova | 25e8841 | 2024-11-11 18:09:01 -0300 | [diff] [blame] | 51 | wget_info->hdr_cont_len = (u32)hdr_cont_len; |
| 52 | } |
| 53 | |
| 54 | static void wget_lwip_set_file_size(u32_t rx_content_len) |
| 55 | { |
| 56 | wget_info->file_size = (ulong)rx_content_len; |
| 57 | } |
| 58 | |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 59 | bool wget_validate_uri(char *uri); |
| 60 | |
| 61 | int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, |
| 62 | size_t *olen) |
| 63 | { |
| 64 | struct udevice *dev; |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 65 | int ret; |
| 66 | |
| 67 | *olen = 0; |
| 68 | |
| 69 | ret = uclass_get_device(UCLASS_RNG, 0, &dev); |
| 70 | if (ret) { |
| 71 | log_err("Failed to get an rng: %d\n", ret); |
| 72 | return ret; |
| 73 | } |
Ilias Apalodimas | 4276a3c | 2024-11-14 16:29:15 +0200 | [diff] [blame] | 74 | ret = dm_rng_read(dev, output, len); |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 75 | if (ret) |
| 76 | return ret; |
| 77 | |
Ilias Apalodimas | 4276a3c | 2024-11-14 16:29:15 +0200 | [diff] [blame] | 78 | *olen = len; |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 79 | |
| 80 | return 0; |
| 81 | } |
| 82 | |
| 83 | static int parse_url(char *url, char *host, u16 *port, char **path, |
| 84 | bool *is_https) |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 85 | { |
| 86 | char *p, *pp; |
| 87 | long lport; |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 88 | size_t prefix_len = 0; |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 89 | |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 90 | if (!wget_validate_uri(url)) { |
| 91 | log_err("Invalid URL. Use http(s)://\n"); |
| 92 | return -EINVAL; |
| 93 | } |
| 94 | |
| 95 | *is_https = false; |
| 96 | *port = HTTP_PORT_DEFAULT; |
| 97 | prefix_len = strlen("http://"); |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 98 | p = strstr(url, "http://"); |
| 99 | if (!p) { |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 100 | p = strstr(url, "https://"); |
| 101 | prefix_len = strlen("https://"); |
| 102 | *port = HTTPS_PORT_DEFAULT; |
| 103 | *is_https = true; |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 104 | } |
| 105 | |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 106 | p += prefix_len; |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 107 | |
| 108 | /* Parse hostname */ |
| 109 | pp = strchr(p, ':'); |
| 110 | if (!pp) |
| 111 | pp = strchr(p, '/'); |
| 112 | if (!pp) |
| 113 | return -EINVAL; |
| 114 | |
| 115 | if (p + SERVER_NAME_SIZE <= pp) |
| 116 | return -EINVAL; |
| 117 | |
| 118 | memcpy(host, p, pp - p); |
| 119 | host[pp - p] = '\0'; |
| 120 | |
| 121 | if (*pp == ':') { |
| 122 | /* Parse port number */ |
| 123 | p = pp + 1; |
| 124 | lport = simple_strtol(p, &pp, 10); |
| 125 | if (pp && *pp != '/') |
| 126 | return -EINVAL; |
| 127 | if (lport > 65535) |
| 128 | return -EINVAL; |
| 129 | *port = (u16)lport; |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 130 | } |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 131 | |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 132 | if (*pp != '/') |
| 133 | return -EINVAL; |
| 134 | *path = pp; |
| 135 | |
| 136 | return 0; |
| 137 | } |
| 138 | |
| 139 | /* |
| 140 | * Legacy syntax support |
| 141 | * Convert [<server_name_or_ip>:]filename into a URL if needed |
| 142 | */ |
| 143 | static int parse_legacy_arg(char *arg, char *nurl, size_t rem) |
| 144 | { |
| 145 | char *p = nurl; |
| 146 | size_t n; |
| 147 | char *col = strchr(arg, ':'); |
| 148 | char *env; |
| 149 | char *server; |
| 150 | char *path; |
| 151 | |
| 152 | if (strstr(arg, "http") == arg) { |
| 153 | n = snprintf(nurl, rem, "%s", arg); |
| 154 | if (n < 0 || n > rem) |
| 155 | return -1; |
| 156 | return 0; |
| 157 | } |
| 158 | |
| 159 | n = snprintf(p, rem, "%s", "http://"); |
| 160 | if (n < 0 || n > rem) |
| 161 | return -1; |
| 162 | p += n; |
| 163 | rem -= n; |
| 164 | |
| 165 | if (col) { |
| 166 | n = col - arg; |
| 167 | server = arg; |
| 168 | path = col + 1; |
| 169 | } else { |
| 170 | env = env_get("httpserverip"); |
| 171 | if (!env) |
| 172 | env = env_get("serverip"); |
| 173 | if (!env) { |
| 174 | log_err("error: httpserver/serverip has to be set\n"); |
| 175 | return -1; |
| 176 | } |
| 177 | n = strlen(env); |
| 178 | server = env; |
| 179 | path = arg; |
| 180 | } |
| 181 | |
| 182 | if (rem < n) |
| 183 | return -1; |
Jerome Forissier | c715732 | 2024-11-26 15:45:06 +0100 | [diff] [blame] | 184 | strncpy(p, server, n); |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 185 | p += n; |
| 186 | rem -= n; |
| 187 | if (rem < 1) |
| 188 | return -1; |
| 189 | *p = '/'; |
| 190 | p++; |
| 191 | rem--; |
| 192 | n = strlen(path); |
| 193 | if (rem < n) |
| 194 | return -1; |
Jerome Forissier | c715732 | 2024-11-26 15:45:06 +0100 | [diff] [blame] | 195 | strncpy(p, path, n); |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 196 | p += n; |
| 197 | rem -= n; |
| 198 | if (rem < 1) |
| 199 | return -1; |
| 200 | *p = '\0'; |
| 201 | |
| 202 | return 0; |
| 203 | } |
| 204 | |
| 205 | static err_t httpc_recv_cb(void *arg, struct altcp_pcb *pcb, struct pbuf *pbuf, |
| 206 | err_t err) |
| 207 | { |
| 208 | struct wget_ctx *ctx = arg; |
| 209 | struct pbuf *buf; |
| 210 | |
| 211 | if (!pbuf) |
| 212 | return ERR_BUF; |
| 213 | |
| 214 | if (!ctx->start_time) |
| 215 | ctx->start_time = get_timer(0); |
| 216 | |
| 217 | for (buf = pbuf; buf; buf = buf->next) { |
| 218 | memcpy((void *)ctx->daddr, buf->payload, buf->len); |
| 219 | ctx->daddr += buf->len; |
| 220 | ctx->size += buf->len; |
| 221 | if (ctx->size - ctx->prevsize > PROGRESS_PRINT_STEP_BYTES) { |
| 222 | printf("#"); |
| 223 | ctx->prevsize = ctx->size; |
| 224 | } |
| 225 | } |
| 226 | |
| 227 | altcp_recved(pcb, pbuf->tot_len); |
| 228 | pbuf_free(pbuf); |
| 229 | return ERR_OK; |
| 230 | } |
| 231 | |
| 232 | static void httpc_result_cb(void *arg, httpc_result_t httpc_result, |
| 233 | u32_t rx_content_len, u32_t srv_res, err_t err) |
| 234 | { |
| 235 | struct wget_ctx *ctx = arg; |
| 236 | ulong elapsed; |
| 237 | |
Adriano Cordova | 25e8841 | 2024-11-11 18:09:01 -0300 | [diff] [blame] | 238 | wget_info->status_code = (u32)srv_res; |
| 239 | |
| 240 | if (err == ERR_BUF) { |
| 241 | ctx->done = FAILURE; |
| 242 | return; |
| 243 | } |
| 244 | |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 245 | if (httpc_result != HTTPC_RESULT_OK) { |
| 246 | log_err("\nHTTP client error %d\n", httpc_result); |
| 247 | ctx->done = FAILURE; |
| 248 | return; |
| 249 | } |
| 250 | if (srv_res != 200) { |
| 251 | log_err("\nHTTP server error %d\n", srv_res); |
| 252 | ctx->done = FAILURE; |
| 253 | return; |
| 254 | } |
| 255 | |
| 256 | elapsed = get_timer(ctx->start_time); |
| 257 | if (!elapsed) |
| 258 | elapsed = 1; |
| 259 | if (rx_content_len > PROGRESS_PRINT_STEP_BYTES) |
| 260 | printf("\n"); |
| 261 | printf("%u bytes transferred in %lu ms (", rx_content_len, elapsed); |
| 262 | print_size(rx_content_len / elapsed * 1000, "/s)\n"); |
| 263 | printf("Bytes transferred = %lu (%lx hex)\n", ctx->size, ctx->size); |
Adriano Cordova | 93cba0f | 2024-12-04 00:05:23 -0300 | [diff] [blame] | 264 | if (wget_info->set_bootdev) |
| 265 | efi_set_bootdev("Http", ctx->server_name, ctx->path, map_sysmem(ctx->saved_daddr, 0), |
Adriano Cordova | 25e8841 | 2024-11-11 18:09:01 -0300 | [diff] [blame] | 266 | rx_content_len); |
Adriano Cordova | 25e8841 | 2024-11-11 18:09:01 -0300 | [diff] [blame] | 267 | wget_lwip_set_file_size(rx_content_len); |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 268 | if (env_set_hex("filesize", rx_content_len) || |
| 269 | env_set_hex("fileaddr", ctx->saved_daddr)) { |
| 270 | log_err("Could not set filesize or fileaddr\n"); |
| 271 | ctx->done = FAILURE; |
| 272 | return; |
| 273 | } |
| 274 | |
| 275 | ctx->done = SUCCESS; |
| 276 | } |
| 277 | |
Adriano Cordova | 25e8841 | 2024-11-11 18:09:01 -0300 | [diff] [blame] | 278 | static err_t httpc_headers_done_cb(httpc_state_t *connection, void *arg, struct pbuf *hdr, |
| 279 | u16_t hdr_len, u32_t content_len) |
| 280 | { |
| 281 | wget_lwip_fill_info(hdr, hdr_len, content_len); |
| 282 | |
| 283 | if (wget_info->check_buffer_size && (ulong)content_len > wget_info->buffer_size) |
| 284 | return ERR_BUF; |
| 285 | |
| 286 | return ERR_OK; |
| 287 | } |
| 288 | |
Jerome Forissier | 8fa383d | 2025-03-05 15:26:42 +0100 | [diff] [blame] | 289 | #if CONFIG_IS_ENABLED(WGET_HTTPS) |
| 290 | enum auth_mode { |
| 291 | AUTH_NONE, |
| 292 | AUTH_OPTIONAL, |
| 293 | AUTH_REQUIRED, |
| 294 | }; |
| 295 | |
| 296 | static char *cacert; |
| 297 | static size_t cacert_size; |
| 298 | static enum auth_mode cacert_auth_mode = AUTH_OPTIONAL; |
| 299 | #endif |
| 300 | |
| 301 | #if CONFIG_IS_ENABLED(WGET_CACERT) |
| 302 | static int set_auth(enum auth_mode auth) |
| 303 | { |
| 304 | cacert_auth_mode = auth; |
| 305 | |
| 306 | return CMD_RET_SUCCESS; |
| 307 | } |
Jerome Forissier | 7231a69 | 2025-03-05 15:26:45 +0100 | [diff] [blame] | 308 | #endif |
Jerome Forissier | 8fa383d | 2025-03-05 15:26:42 +0100 | [diff] [blame] | 309 | |
Jerome Forissier | 7231a69 | 2025-03-05 15:26:45 +0100 | [diff] [blame] | 310 | #if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT) |
| 311 | extern const char builtin_cacert[]; |
| 312 | extern const size_t builtin_cacert_size; |
| 313 | static bool cacert_initialized; |
| 314 | #endif |
| 315 | |
| 316 | #if CONFIG_IS_ENABLED(WGET_CACERT) || CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT) |
| 317 | static int _set_cacert(const void *addr, size_t sz) |
Jerome Forissier | 8fa383d | 2025-03-05 15:26:42 +0100 | [diff] [blame] | 318 | { |
| 319 | mbedtls_x509_crt crt; |
Jerome Forissier | 7231a69 | 2025-03-05 15:26:45 +0100 | [diff] [blame] | 320 | void *p; |
Jerome Forissier | 8fa383d | 2025-03-05 15:26:42 +0100 | [diff] [blame] | 321 | int ret; |
| 322 | |
| 323 | if (cacert) |
| 324 | free(cacert); |
| 325 | |
Jerome Forissier | 8fa383d | 2025-03-05 15:26:42 +0100 | [diff] [blame] | 326 | if (!addr) { |
| 327 | cacert = NULL; |
| 328 | cacert_size = 0; |
| 329 | return CMD_RET_SUCCESS; |
| 330 | } |
| 331 | |
Jerome Forissier | 7231a69 | 2025-03-05 15:26:45 +0100 | [diff] [blame] | 332 | p = malloc(sz); |
| 333 | if (!p) |
Jerome Forissier | 8fa383d | 2025-03-05 15:26:42 +0100 | [diff] [blame] | 334 | return CMD_RET_FAILURE; |
Jerome Forissier | 7231a69 | 2025-03-05 15:26:45 +0100 | [diff] [blame] | 335 | cacert = p; |
Jerome Forissier | 8fa383d | 2025-03-05 15:26:42 +0100 | [diff] [blame] | 336 | cacert_size = sz; |
| 337 | |
| 338 | memcpy(cacert, (void *)addr, sz); |
| 339 | |
| 340 | mbedtls_x509_crt_init(&crt); |
| 341 | ret = mbedtls_x509_crt_parse(&crt, cacert, cacert_size); |
| 342 | if (ret) { |
| 343 | printf("Could not parse certificates (%d)\n", ret); |
| 344 | free(cacert); |
| 345 | cacert = NULL; |
| 346 | cacert_size = 0; |
| 347 | return CMD_RET_FAILURE; |
| 348 | } |
| 349 | |
Jerome Forissier | 7231a69 | 2025-03-05 15:26:45 +0100 | [diff] [blame] | 350 | #if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT) |
| 351 | cacert_initialized = true; |
| 352 | #endif |
Jerome Forissier | 8fa383d | 2025-03-05 15:26:42 +0100 | [diff] [blame] | 353 | return CMD_RET_SUCCESS; |
| 354 | } |
Jerome Forissier | 7231a69 | 2025-03-05 15:26:45 +0100 | [diff] [blame] | 355 | |
| 356 | #if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT) |
| 357 | static int set_cacert_builtin(void) |
| 358 | { |
| 359 | return _set_cacert(builtin_cacert, builtin_cacert_size); |
| 360 | } |
| 361 | #endif |
| 362 | |
| 363 | #if CONFIG_IS_ENABLED(WGET_CACERT) |
| 364 | static int set_cacert(char * const saddr, char * const ssz) |
| 365 | { |
| 366 | ulong addr, sz; |
| 367 | |
| 368 | addr = hextoul(saddr, NULL); |
| 369 | sz = hextoul(ssz, NULL); |
| 370 | |
| 371 | return _set_cacert((void *)addr, sz); |
| 372 | } |
Jerome Forissier | 8fa383d | 2025-03-05 15:26:42 +0100 | [diff] [blame] | 373 | #endif |
Jerome Forissier | 7231a69 | 2025-03-05 15:26:45 +0100 | [diff] [blame] | 374 | #endif /* CONFIG_WGET_CACERT || CONFIG_WGET_BUILTIN_CACERT */ |
Jerome Forissier | 8fa383d | 2025-03-05 15:26:42 +0100 | [diff] [blame] | 375 | |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 376 | static int wget_loop(struct udevice *udev, ulong dst_addr, char *uri) |
| 377 | { |
Jerome Forissier | 8fa383d | 2025-03-05 15:26:42 +0100 | [diff] [blame] | 378 | #if CONFIG_IS_ENABLED(WGET_HTTPS) |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 379 | altcp_allocator_t tls_allocator; |
| 380 | #endif |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 381 | httpc_connection_t conn; |
| 382 | httpc_state_t *state; |
| 383 | struct netif *netif; |
| 384 | struct wget_ctx ctx; |
| 385 | char *path; |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 386 | bool is_https; |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 387 | |
| 388 | ctx.daddr = dst_addr; |
| 389 | ctx.saved_daddr = dst_addr; |
| 390 | ctx.done = NOT_DONE; |
| 391 | ctx.size = 0; |
| 392 | ctx.prevsize = 0; |
| 393 | ctx.start_time = 0; |
| 394 | |
Adriano Cordova | 484ade3 | 2024-12-03 09:55:34 -0300 | [diff] [blame] | 395 | if (parse_url(uri, ctx.server_name, &ctx.port, &path, &is_https)) |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 396 | return CMD_RET_USAGE; |
| 397 | |
| 398 | netif = net_lwip_new_netif(udev); |
| 399 | if (!netif) |
| 400 | return -1; |
| 401 | |
| 402 | memset(&conn, 0, sizeof(conn)); |
Jerome Forissier | 8fa383d | 2025-03-05 15:26:42 +0100 | [diff] [blame] | 403 | #if CONFIG_IS_ENABLED(WGET_HTTPS) |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 404 | if (is_https) { |
Jerome Forissier | 7231a69 | 2025-03-05 15:26:45 +0100 | [diff] [blame] | 405 | char *ca; |
| 406 | size_t ca_sz; |
| 407 | |
| 408 | #if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT) |
| 409 | if (!cacert_initialized) |
| 410 | set_cacert_builtin(); |
| 411 | #endif |
| 412 | ca = cacert; |
| 413 | ca_sz = cacert_size; |
Jerome Forissier | 8fa383d | 2025-03-05 15:26:42 +0100 | [diff] [blame] | 414 | |
| 415 | if (cacert_auth_mode == AUTH_REQUIRED) { |
| 416 | if (!ca || !ca_sz) { |
| 417 | printf("Error: cacert authentication mode is " |
| 418 | "'required' but no CA certificates " |
| 419 | "given\n"); |
| 420 | return CMD_RET_FAILURE; |
| 421 | } |
| 422 | } else if (cacert_auth_mode == AUTH_NONE) { |
| 423 | ca = NULL; |
| 424 | ca_sz = 0; |
| 425 | } else if (cacert_auth_mode == AUTH_OPTIONAL) { |
| 426 | /* |
| 427 | * Nothing to do, this is the default behavior of |
| 428 | * altcp_tls to check server certificates against CA |
| 429 | * certificates when the latter are provided and proceed |
| 430 | * with no verification if not. |
| 431 | */ |
| 432 | } |
| 433 | |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 434 | tls_allocator.alloc = &altcp_tls_alloc; |
| 435 | tls_allocator.arg = |
Jerome Forissier | 8fa383d | 2025-03-05 15:26:42 +0100 | [diff] [blame] | 436 | altcp_tls_create_config_client(ca, ca_sz, |
| 437 | ctx.server_name); |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 438 | |
| 439 | if (!tls_allocator.arg) { |
| 440 | log_err("error: Cannot create a TLS connection\n"); |
| 441 | net_lwip_remove_netif(netif); |
| 442 | return -1; |
| 443 | } |
| 444 | |
| 445 | conn.altcp_allocator = &tls_allocator; |
| 446 | } |
| 447 | #endif |
| 448 | |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 449 | conn.result_fn = httpc_result_cb; |
Adriano Cordova | 25e8841 | 2024-11-11 18:09:01 -0300 | [diff] [blame] | 450 | conn.headers_done_fn = httpc_headers_done_cb; |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 451 | ctx.path = path; |
Adriano Cordova | a8a8d5c6 | 2024-11-11 18:09:00 -0300 | [diff] [blame] | 452 | if (httpc_get_file_dns(ctx.server_name, ctx.port, path, &conn, httpc_recv_cb, |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 453 | &ctx, &state)) { |
| 454 | net_lwip_remove_netif(netif); |
| 455 | return CMD_RET_FAILURE; |
| 456 | } |
| 457 | |
| 458 | while (!ctx.done) { |
| 459 | net_lwip_rx(udev, netif); |
| 460 | sys_check_timeouts(); |
| 461 | if (ctrlc()) |
| 462 | break; |
| 463 | } |
| 464 | |
| 465 | net_lwip_remove_netif(netif); |
| 466 | |
| 467 | if (ctx.done == SUCCESS) |
| 468 | return 0; |
| 469 | |
| 470 | return -1; |
| 471 | } |
| 472 | |
Adriano Cordova | b479fc4 | 2024-12-04 00:05:16 -0300 | [diff] [blame] | 473 | int wget_do_request(ulong dst_addr, char *uri) |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 474 | { |
Jerome Forissier | 86378a5 | 2025-04-15 23:17:36 +0200 | [diff] [blame] | 475 | int ret; |
| 476 | |
| 477 | ret = net_lwip_eth_start(); |
| 478 | if (ret < 0) |
| 479 | return ret; |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 480 | |
Adriano Cordova | 25e8841 | 2024-11-11 18:09:01 -0300 | [diff] [blame] | 481 | if (!wget_info) |
| 482 | wget_info = &default_wget_info; |
| 483 | |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 484 | return wget_loop(eth_get_dev(), dst_addr, uri); |
| 485 | } |
| 486 | |
| 487 | int do_wget(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[]) |
| 488 | { |
| 489 | char *end; |
| 490 | char *url; |
| 491 | ulong dst_addr; |
| 492 | char nurl[1024]; |
| 493 | |
Jerome Forissier | 8fa383d | 2025-03-05 15:26:42 +0100 | [diff] [blame] | 494 | #if CONFIG_IS_ENABLED(WGET_CACERT) |
| 495 | if (argc == 4 && !strncmp(argv[1], "cacert", strlen("cacert"))) |
| 496 | return set_cacert(argv[2], argv[3]); |
| 497 | if (argc == 3 && !strncmp(argv[1], "cacert", strlen("cacert"))) { |
Jerome Forissier | 7231a69 | 2025-03-05 15:26:45 +0100 | [diff] [blame] | 498 | #if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT) |
| 499 | if (!strncmp(argv[2], "builtin", strlen("builtin"))) |
| 500 | return set_cacert_builtin(); |
| 501 | #endif |
Jerome Forissier | 8fa383d | 2025-03-05 15:26:42 +0100 | [diff] [blame] | 502 | if (!strncmp(argv[2], "none", strlen("none"))) |
| 503 | return set_auth(AUTH_NONE); |
| 504 | if (!strncmp(argv[2], "optional", strlen("optional"))) |
| 505 | return set_auth(AUTH_OPTIONAL); |
| 506 | if (!strncmp(argv[2], "required", strlen("required"))) |
| 507 | return set_auth(AUTH_REQUIRED); |
| 508 | return CMD_RET_USAGE; |
| 509 | } |
| 510 | #endif |
| 511 | |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 512 | if (argc < 2 || argc > 3) |
| 513 | return CMD_RET_USAGE; |
| 514 | |
| 515 | dst_addr = hextoul(argv[1], &end); |
Jerome Forissier | 9708350 | 2024-11-07 12:27:57 +0100 | [diff] [blame] | 516 | if (end == (argv[1] + strlen(argv[1]))) { |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 517 | if (argc < 3) |
| 518 | return CMD_RET_USAGE; |
| 519 | url = argv[2]; |
| 520 | } else { |
| 521 | dst_addr = image_load_addr; |
| 522 | url = argv[1]; |
| 523 | } |
| 524 | |
| 525 | if (parse_legacy_arg(url, nurl, sizeof(nurl))) |
Jerome Forissier | 9708350 | 2024-11-07 12:27:57 +0100 | [diff] [blame] | 526 | return CMD_RET_FAILURE; |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 527 | |
Adriano Cordova | 25e8841 | 2024-11-11 18:09:01 -0300 | [diff] [blame] | 528 | wget_info = &default_wget_info; |
Adriano Cordova | b479fc4 | 2024-12-04 00:05:16 -0300 | [diff] [blame] | 529 | if (wget_do_request(dst_addr, nurl)) |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 530 | return CMD_RET_FAILURE; |
| 531 | |
| 532 | return CMD_RET_SUCCESS; |
| 533 | } |
| 534 | |
| 535 | /** |
| 536 | * wget_validate_uri() - validate the uri for wget |
| 537 | * |
| 538 | * @uri: uri string |
| 539 | * |
| 540 | * This function follows the current U-Boot wget implementation. |
| 541 | * scheme: only "http:" is supported |
| 542 | * authority: |
| 543 | * - user information: not supported |
| 544 | * - host: supported |
| 545 | * - port: not supported(always use the default port) |
| 546 | * |
| 547 | * Uri is expected to be correctly percent encoded. |
| 548 | * This is the minimum check, control codes(0x1-0x19, 0x7F, except '\0') |
| 549 | * and space character(0x20) are not allowed. |
| 550 | * |
| 551 | * TODO: stricter uri conformance check |
| 552 | * |
| 553 | * Return: true on success, false on failure |
| 554 | */ |
| 555 | bool wget_validate_uri(char *uri) |
| 556 | { |
| 557 | char c; |
| 558 | bool ret = true; |
| 559 | char *str_copy, *s, *authority; |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 560 | size_t prefix_len = 0; |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 561 | |
| 562 | for (c = 0x1; c < 0x21; c++) { |
| 563 | if (strchr(uri, c)) { |
| 564 | log_err("invalid character is used\n"); |
| 565 | return false; |
| 566 | } |
| 567 | } |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 568 | |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 569 | if (strchr(uri, 0x7f)) { |
| 570 | log_err("invalid character is used\n"); |
| 571 | return false; |
| 572 | } |
| 573 | |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 574 | if (!strncmp(uri, "http://", strlen("http://"))) { |
| 575 | prefix_len = strlen("http://"); |
Jerome Forissier | 4212954 | 2025-02-04 17:00:49 +0100 | [diff] [blame] | 576 | } else if (CONFIG_IS_ENABLED(WGET_HTTPS)) { |
| 577 | if (!strncmp(uri, "https://", strlen("https://"))) { |
| 578 | prefix_len = strlen("https://"); |
| 579 | } else { |
| 580 | log_err("only http(s):// is supported\n"); |
| 581 | return false; |
| 582 | } |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 583 | } else { |
Jerome Forissier | 4212954 | 2025-02-04 17:00:49 +0100 | [diff] [blame] | 584 | log_err("only http:// is supported\n"); |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 585 | return false; |
| 586 | } |
Ilias Apalodimas | 99618ca | 2024-11-10 10:28:40 +0200 | [diff] [blame] | 587 | |
Jerome Forissier | 359d4ed | 2024-10-16 12:04:09 +0200 | [diff] [blame] | 588 | str_copy = strdup(uri); |
| 589 | if (!str_copy) |
| 590 | return false; |
| 591 | |
| 592 | s = str_copy + strlen("http://"); |
| 593 | authority = strsep(&s, "/"); |
| 594 | if (!s) { |
| 595 | log_err("invalid uri, no file path\n"); |
| 596 | ret = false; |
| 597 | goto out; |
| 598 | } |
| 599 | s = strchr(authority, '@'); |
| 600 | if (s) { |
| 601 | log_err("user information is not supported\n"); |
| 602 | ret = false; |
| 603 | goto out; |
| 604 | } |
| 605 | |
| 606 | out: |
| 607 | free(str_copy); |
| 608 | |
| 609 | return ret; |
| 610 | } |