module/icp/include/sys/crypto/elfsign.h

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25
  26 #ifndef _SYS_CRYPTO_ELFSIGN_H
  27 #define _SYS_CRYPTO_ELFSIGN_H
  28
  29 #ifdef __cplusplus
  30 extern "C" {
  31 #endif
  32
  33 /*
  34  * Consolidation Private Interface for elfsign/libpkcs11/kcfd
  35  */
  36
  37 #include <sys/zfs_context.h>
  38
  39 /*
  40  * Project Private structures and types used for communication between kcfd
  41  * and KCF over the door.
  42  */
  43
  44 typedef enum ELFsign_status_e {
  45         ELFSIGN_UNKNOWN,
  46         ELFSIGN_SUCCESS,
  47         ELFSIGN_FAILED,
  48         ELFSIGN_NOTSIGNED,
  49         ELFSIGN_INVALID_CERTPATH,
  50         ELFSIGN_INVALID_ELFOBJ,
  51         ELFSIGN_RESTRICTED
  52 } ELFsign_status_t;
  53
  54 #define KCF_KCFD_VERSION1       1
  55 #define SIG_MAX_LENGTH          1024
  56
  57 #define ELF_SIGNATURE_SECTION   ".SUNW_signature"
  58
  59 typedef struct kcf_door_arg_s {
  60         short           da_version;
  61         boolean_t       da_iskernel;
  62
  63         union {
  64                 char filename[MAXPATHLEN];      /* For request */
  65
  66                 struct kcf_door_result_s {      /* For response */
  67                         ELFsign_status_t        status;
  68                         uint32_t                siglen;
  69                         uchar_t                 signature[1];
  70                 } result;
  71         } da_u;
  72 } kcf_door_arg_t;
  73
  74 typedef uint32_t        filesig_vers_t;
  75
  76 /*
  77  * File Signature Structure
  78  *      Applicable to ELF and other file formats
  79  */
  80 struct filesignatures {
  81         uint32_t        filesig_cnt;    /* count of signatures */
  82         uint32_t        filesig_pad;    /* unused */
  83         union {
  84                 char    filesig_data[1];
  85                 struct filesig {        /* one of these for each signature */
  86                         uint32_t        filesig_size;
  87                         filesig_vers_t  filesig_version;
  88                         union {
  89                                 struct filesig_version1 {
  90                                         uint32_t        filesig_v1_dnsize;
  91                                         uint32_t        filesig_v1_sigsize;
  92                                         uint32_t        filesig_v1_oidsize;
  93                                         char    filesig_v1_data[1];
  94                                 } filesig_v1;
  95                                 struct filesig_version3 {
  96                                         uint64_t        filesig_v3_time;
  97                                         uint32_t        filesig_v3_dnsize;
  98                                         uint32_t        filesig_v3_sigsize;
  99                                         uint32_t        filesig_v3_oidsize;
 100                                         char    filesig_v3_data[1];
 101                                 } filesig_v3;
 102                         } _u2;
 103                 } filesig_sig;
 104                 uint64_t filesig_align;
 105         } _u1;
 106 };
 107 #define filesig_sig             _u1.filesig_sig
 108
 109 #define filesig_v1_dnsize       _u2.filesig_v1.filesig_v1_dnsize
 110 #define filesig_v1_sigsize      _u2.filesig_v1.filesig_v1_sigsize
 111 #define filesig_v1_oidsize      _u2.filesig_v1.filesig_v1_oidsize
 112 #define filesig_v1_data         _u2.filesig_v1.filesig_v1_data
 113
 114 #define filesig_v3_time         _u2.filesig_v3.filesig_v3_time
 115 #define filesig_v3_dnsize       _u2.filesig_v3.filesig_v3_dnsize
 116 #define filesig_v3_sigsize      _u2.filesig_v3.filesig_v3_sigsize
 117 #define filesig_v3_oidsize      _u2.filesig_v3.filesig_v3_oidsize
 118 #define filesig_v3_data         _u2.filesig_v3.filesig_v3_data
 119
 120 #define filesig_ALIGN(s)        (((s) + sizeof (uint64_t) - 1) & \
 121                                     (-sizeof (uint64_t)))
 122 #define filesig_next(ptr)       (struct filesig *)((void *)((char *)(ptr) + \
 123                                     filesig_ALIGN((ptr)->filesig_size)))
 124
 125 #define FILESIG_UNKNOWN         0       /* unrecognized version */
 126 #define FILESIG_VERSION1        1       /* version1, all but sig section */
 127 #define FILESIG_VERSION2        2       /* version1 format, SHF_ALLOC only */
 128 #define FILESIG_VERSION3        3       /* version3, all but sig section */
 129 #define FILESIG_VERSION4        4       /* version3 format, SHF_ALLOC only */
 130
 131 #define _PATH_KCFD_DOOR "/etc/svc/volatile/kcfd_door"
 132
 133 #ifdef __cplusplus
 134 }
 135 #endif
 136
 137 #endif /* _SYS_CRYPTO_ELFSIGN_H */