xref: /freebsd/usr.sbin/uefisign/uefisign.h (revision b3e7694832e81d7a904a10f525f8797b753bf0d3) 
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 2014 The FreeBSD Foundation
5  *
6  * This software was developed by Edward Tomasz Napierala under sponsorship
7  * from the FreeBSD Foundation.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28  * SUCH DAMAGE.
29  */
30 
31 #ifndef EFISIGN_H
32 #define	EFISIGN_H
33 
34 #include <stdbool.h>
35 #include <openssl/evp.h>
36 
37 #define	DIGEST		"SHA256"
38 #define	MAX_SECTIONS	128
39 
40 struct executable {
41 	const char	*x_path;
42 	FILE		*x_fp;
43 
44 	char		*x_buf;
45 	size_t		x_len;
46 
47 	/*
48 	 * Set by pe_parse(), used by digest().
49 	 */
50 	size_t		x_headers_len;
51 
52 	off_t		x_checksum_off;
53 	size_t		x_checksum_len;
54 
55 	off_t		x_certificate_entry_off;
56 	size_t		x_certificate_entry_len;
57 
58 	int		x_nsections;
59 	off_t		x_section_off[MAX_SECTIONS];
60 	size_t		x_section_len[MAX_SECTIONS];
61 
62 	/*
63 	 * Computed by digest().
64 	 */
65 	unsigned char	x_digest[EVP_MAX_MD_SIZE];
66 	unsigned int	x_digest_len;
67 
68 	/*
69 	 * Received from the parent process, which computes it in sign().
70 	 */
71 	void		*x_signature;
72 	size_t		x_signature_len;
73 };
74 
75 
76 FILE	*checked_fopen(const char *path, const char *mode);
77 void	send_chunk(const void *buf, size_t len, int pipefd);
78 void	receive_chunk(void **bufp, size_t *lenp, int pipefd);
79 
80 int	child(const char *inpath, const char *outpath, int pipefd,
81 	    bool Vflag, bool vflag);
82 
83 void	parse(struct executable *x);
84 void	update(struct executable *x);
85 size_t	signature_size(const struct executable *x);
86 void	show_certificate(const struct executable *x);
87 void	range_check(const struct executable *x,
88 	    off_t off, size_t len, const char *name);
89 
90 #endif /* !EFISIGN_H */
91