xref: /freebsd/usr.sbin/uefisign/uefisign.h (revision 79ac3c12a714bcd3f2354c52d948aed9575c46d6)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2014 The FreeBSD Foundation
5  *
6  * This software was developed by Edward Tomasz Napierala under sponsorship
7  * from the FreeBSD Foundation.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28  * SUCH DAMAGE.
29  *
30  * $FreeBSD$
31  */
32 
33 #ifndef EFISIGN_H
34 #define	EFISIGN_H
35 
36 #include <stdbool.h>
37 #include <openssl/evp.h>
38 
39 #define	DIGEST		"SHA256"
40 #define	MAX_SECTIONS	128
41 
42 struct executable {
43 	const char	*x_path;
44 	FILE		*x_fp;
45 
46 	char		*x_buf;
47 	size_t		x_len;
48 
49 	/*
50 	 * Set by pe_parse(), used by digest().
51 	 */
52 	size_t		x_headers_len;
53 
54 	off_t		x_checksum_off;
55 	size_t		x_checksum_len;
56 
57 	off_t		x_certificate_entry_off;
58 	size_t		x_certificate_entry_len;
59 
60 	int		x_nsections;
61 	off_t		x_section_off[MAX_SECTIONS];
62 	size_t		x_section_len[MAX_SECTIONS];
63 
64 	/*
65 	 * Computed by digest().
66 	 */
67 	unsigned char	x_digest[EVP_MAX_MD_SIZE];
68 	unsigned int	x_digest_len;
69 
70 	/*
71 	 * Received from the parent process, which computes it in sign().
72 	 */
73 	void		*x_signature;
74 	size_t		x_signature_len;
75 };
76 
77 
78 FILE	*checked_fopen(const char *path, const char *mode);
79 void	send_chunk(const void *buf, size_t len, int pipefd);
80 void	receive_chunk(void **bufp, size_t *lenp, int pipefd);
81 
82 int	child(const char *inpath, const char *outpath, int pipefd,
83 	    bool Vflag, bool vflag);
84 
85 void	parse(struct executable *x);
86 void	update(struct executable *x);
87 size_t	signature_size(const struct executable *x);
88 void	show_certificate(const struct executable *x);
89 void	range_check(const struct executable *x,
90 	    off_t off, size_t len, const char *name);
91 
92 #endif /* !EFISIGN_H */
93