xref: /illumos-gate/usr/src/uts/common/sys/crypto/elfsign.h (revision 2dea4eed7ad1c66ae4770263aa2911815a8b86eb) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef _SYS_CRYPTO_ELFSIGN_H
27 #define	_SYS_CRYPTO_ELFSIGN_H
28 
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32 
33 /*
34  * Consolidation Private Interface for elfsign/libpkcs11/kcfd
35  */
36 
37 #include <sys/types.h>
38 #include <sys/param.h>
39 
40 /*
41  * Project Private structures and types used for communication between kcfd
42  * and KCF over the door.
43  */
44 
45 typedef enum ELFsign_status_e {
46 	ELFSIGN_UNKNOWN,
47 	ELFSIGN_SUCCESS,
48 	ELFSIGN_FAILED,
49 	ELFSIGN_NOTSIGNED,
50 	ELFSIGN_INVALID_CERTPATH,
51 	ELFSIGN_INVALID_ELFOBJ,
52 	ELFSIGN_RESTRICTED,
53 	ELFSIGN_UNAVAILABLE
54 } ELFsign_status_t;
55 
56 
57 /* Version values for da_version in kcf_door_args_t */
58 #define	KCF_KCFD_VERSION1	1
59 #define	KCFD_FIPS140_INTCHECK	2
60 
61 #define	SIG_MAX_LENGTH		1024
62 
63 #define	ELF_SIGNATURE_SECTION	".SUNW_signature"
64 
65 typedef struct kcf_door_arg_s {
66 	short		da_version;
67 	boolean_t	da_iskernel;
68 
69 	union {
70 		char filename[MAXPATHLEN];	/* For request */
71 
72 		struct kcf_door_result_s {	/* For response */
73 			ELFsign_status_t	status;
74 			uint32_t		siglen;
75 			uchar_t			signature[1];
76 		} result;
77 	} da_u;
78 } kcf_door_arg_t;
79 
80 typedef uint32_t	filesig_vers_t;
81 
82 /*
83  * File Signature Structure
84  *	Applicable to ELF and other file formats
85  */
86 struct filesignatures {
87 	uint32_t	filesig_cnt;	/* count of signatures */
88 	uint32_t	filesig_pad;	/* unused */
89 	union {
90 		char	filesig_data[1];
91 		struct filesig {	/* one of these for each signature */
92 			uint32_t	filesig_size;
93 			filesig_vers_t	filesig_version;
94 			union {
95 				struct filesig_version1 {
96 					uint32_t	filesig_v1_dnsize;
97 					uint32_t	filesig_v1_sigsize;
98 					uint32_t	filesig_v1_oidsize;
99 					char	filesig_v1_data[1];
100 				} filesig_v1;
101 				struct filesig_version3 {
102 					uint64_t	filesig_v3_time;
103 					uint32_t	filesig_v3_dnsize;
104 					uint32_t	filesig_v3_sigsize;
105 					uint32_t	filesig_v3_oidsize;
106 					char	filesig_v3_data[1];
107 				} filesig_v3;
108 			} _u2;
109 		} filesig_sig;
110 		uint64_t filesig_align;
111 	} _u1;
112 };
113 #define	filesig_sig		_u1.filesig_sig
114 
115 #define	filesig_v1_dnsize	_u2.filesig_v1.filesig_v1_dnsize
116 #define	filesig_v1_sigsize	_u2.filesig_v1.filesig_v1_sigsize
117 #define	filesig_v1_oidsize	_u2.filesig_v1.filesig_v1_oidsize
118 #define	filesig_v1_data		_u2.filesig_v1.filesig_v1_data
119 
120 #define	filesig_v3_time		_u2.filesig_v3.filesig_v3_time
121 #define	filesig_v3_dnsize	_u2.filesig_v3.filesig_v3_dnsize
122 #define	filesig_v3_sigsize	_u2.filesig_v3.filesig_v3_sigsize
123 #define	filesig_v3_oidsize	_u2.filesig_v3.filesig_v3_oidsize
124 #define	filesig_v3_data		_u2.filesig_v3.filesig_v3_data
125 
126 #define	filesig_ALIGN(s)	(((s) + sizeof (uint64_t) - 1) & \
127 				    (-sizeof (uint64_t)))
128 #define	filesig_next(ptr)	(struct filesig *)((void *)((char *)(ptr) + \
129 				    filesig_ALIGN((ptr)->filesig_size)))
130 
131 #define	FILESIG_UNKNOWN		0	/* unrecognized version */
132 #define	FILESIG_VERSION1	1	/* version1, all but sig section */
133 #define	FILESIG_VERSION2	2	/* version1 format, SHF_ALLOC only */
134 #define	FILESIG_VERSION3	3	/* version3, all but sig section */
135 #define	FILESIG_VERSION4	4	/* version3 format, SHF_ALLOC only */
136 
137 #ifndef	_KERNEL
138 
139 #define	_PATH_KCFD_DOOR	"/etc/svc/volatile/kcfd_door"
140 
141 #endif	/* _KERNEL */
142 
143 #ifdef __cplusplus
144 }
145 #endif
146 
147 #endif /* _SYS_CRYPTO_ELFSIGN_H */
148