xref: /titanic_41/usr/src/lib/libelfsign/common/libelfsign.h (revision 7800901e60d340b6af88e94a2149805dcfcaaf56)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef _LIBELFSIGN_H
28 #define	_LIBELFSIGN_H
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 #ifdef __cplusplus
33 extern "C" {
34 #endif
35 
36 /*
37  * libelfsign Private Interfaces
38  * This Header file should not be shipped as part of Solaris binary or
39  * source products.
40  */
41 
42 #include <sys/crypto/elfsign.h>
43 #include <libelf.h>
44 #include <fcntl.h>
45 #include <md5.h>
46 #include <sha1.h>
47 #include <kmfapi.h>
48 
49 /*
50  * Certificate-related definitions
51  */
52 #define	ELFSIGN_CRYPTO		"Solaris Cryptographic Framework"
53 #define	USAGELIMITED		"OU=UsageLimited"
54 #define	ESA			".esa"
55 #define	ESA_LEN			sizeof (".esa")
56 
57 typedef enum ELFCert_VStatus_e {
58 	E_UNCHECKED,
59 	E_OK,
60 	E_IS_TA,
61 	E_FAILED
62 } ELFCert_VStatus_t;
63 
64 typedef struct ELFCert_s {
65 	ELFCert_VStatus_t	c_verified;
66 	char			*c_subject;
67 	char			*c_issuer;
68 	KMF_X509_DER_CERT	c_cert;
69 	KMF_KEY_HANDLE		c_privatekey;
70 }	*ELFCert_t;
71 
72 #define	CRYPTO_CERTS_DIR	"/etc/crypto/certs"
73 #define	ETC_CERTS_DIR		"/etc/certs"
74 
75 /*
76  * libelfsign actions
77  */
78 enum ES_ACTION {
79 	ES_GET,
80 	ES_GET_CRYPTO,
81 	ES_UPDATE,
82 	ES_UPDATE_RSA_MD5_SHA1,
83 	ES_UPDATE_RSA_SHA1
84 };
85 #define	ES_ACTISUPDATE(a)	((a) >= ES_UPDATE)
86 
87 /*
88  * Context for elfsign operation
89  */
90 struct ELFsign_s {
91 	Elf	*es_elf;
92 	char	*es_pathname;
93 	char	*es_certpath;
94 	int	es_fd;
95 	size_t	es_shstrndx;
96 	enum ES_ACTION	es_action;
97 	KMF_KEY_HANDLE		es_privatekey;
98 	filesig_vers_t	es_version;
99 	boolean_t	es_same_endian;
100 	boolean_t	es_has_phdr;
101 	char		es_ei_class;
102 	struct flock	es_flock;
103 	KMF_HANDLE_T	es_kmfhandle;
104 	void		*es_callbackctx;
105 	void		(*es_sigvercallback)(void *, void *, size_t, ELFCert_t);
106 	void		(*es_certCAcallback)(void *, ELFCert_t, char *);
107 	void		(*es_certvercallback)(void *, ELFCert_t, ELFCert_t);
108 };
109 
110 #define	ES_FMT_RSA_MD5_SHA1	"rsa_md5_sha1"
111 #define	ES_FMT_RSA_SHA1		"rsa_sha1"
112 
113 /*
114  * ELF signature handling
115  */
116 typedef struct ELFsign_s *ELFsign_t;
117 struct ELFsign_sig_info {
118 	char	*esi_format;
119 	char	*esi_signer;
120 	time_t	esi_time;
121 };
122 
123 extern struct filesignatures *elfsign_insert_dso(ELFsign_t ess,
124     struct filesignatures *fsp, const char *dn, int dn_len,
125     const uchar_t *sig, int sig_len, const char *oid, int oid_len);
126 extern filesig_vers_t elfsign_extract_sig(ELFsign_t ess,
127     struct filesignatures *fsp, uchar_t *sig, size_t *sig_len);
128 extern ELFsign_status_t elfsign_begin(const char *,
129     enum ES_ACTION, ELFsign_t *);
130 extern void elfsign_end(ELFsign_t ess);
131 extern ELFsign_status_t elfsign_setcertpath(ELFsign_t ess, const char *path);
132 extern ELFsign_status_t elfsign_verify_signature(ELFsign_t ess,
133     struct ELFsign_sig_info **esipp);
134 extern ELFsign_status_t elfsign_hash(ELFsign_t ess, uchar_t *hash,
135     size_t *hash_len);
136 extern ELFsign_status_t elfsign_hash_mem_resident(ELFsign_t ess,
137     uchar_t *hash, size_t *hash_len);
138 extern ELFsign_status_t elfsign_hash_esa(ELFsign_t ess,
139     uchar_t *esa_buf, size_t esa_buf_len, uchar_t **hash, size_t *hash_len);
140 extern void elfsign_buffer_len(ELFsign_t ess, size_t *ip, uchar_t *cp,
141     enum ES_ACTION action);
142 
143 extern void elfsign_setcallbackctx(ELFsign_t ess, void *ctx);
144 extern void elfsign_setsigvercallback(ELFsign_t ess,
145     void (*cb)(void *, void *, size_t, ELFCert_t));
146 extern ELFsign_status_t elfsign_signatures(ELFsign_t ess,
147     struct filesignatures **fspp, size_t *fs_len, enum ES_ACTION action);
148 
149 extern char const *elfsign_strerror(ELFsign_status_t);
150 extern boolean_t elfsign_sig_info(struct filesignatures *fssp,
151     struct ELFsign_sig_info **esipp);
152 extern void elfsign_sig_info_free(struct ELFsign_sig_info *);
153 
154 /*
155  * ELF "Certificate Library"
156  */
157 
158 extern const char _PATH_ELFSIGN_CERTS[];
159 
160 #define	ELFCERT_MAX_DN_LEN	255
161 
162 extern boolean_t elfcertlib_init(ELFsign_t);
163 extern void elfcertlib_fini(ELFsign_t);
164 extern boolean_t elfcertlib_settoken(ELFsign_t, char *);
165 extern void elfcertlib_setcertCAcallback(ELFsign_t ess,
166     void (*cb)(void *, ELFCert_t, char *));
167 extern void elfcertlib_setcertvercallback(ELFsign_t ess,
168     void (*cb)(void *, ELFCert_t, ELFCert_t));
169 
170 extern boolean_t elfcertlib_getcert(ELFsign_t ess, char *cert_pathname,
171 	char *signer_DN, ELFCert_t *certp, enum ES_ACTION action);
172 extern void elfcertlib_releasecert(ELFsign_t, ELFCert_t);
173 extern char *elfcertlib_getdn(ELFCert_t cert);
174 extern char *elfcertlib_getissuer(ELFCert_t cert);
175 
176 extern boolean_t elfcertlib_loadprivatekey(ELFsign_t ess, ELFCert_t cert,
177 	const char *path);
178 extern boolean_t elfcertlib_loadtokenkey(ELFsign_t ess, ELFCert_t cert,
179 	const char *token_id, const char *pin);
180 
181 extern boolean_t elfcertlib_sign(ELFsign_t ess, ELFCert_t cert,
182 	const uchar_t *data, size_t data_len, uchar_t *sig,
183 	size_t *sig_len);
184 
185 extern boolean_t elfcertlib_verifycert(ELFsign_t ess, ELFCert_t cert);
186 extern boolean_t elfcertlib_verifysig(ELFsign_t ess, ELFCert_t cert,
187 	const uchar_t *sig, size_t sig_len,
188 	const uchar_t *data, size_t data_len);
189 
190 #ifdef __cplusplus
191 }
192 #endif
193 
194 #endif /* _LIBELFSIGN_H */
195