libelfsign.h revision df8bdeb362277e8d95a74d6c097341fe97409948
2N/A/*
2N/A * CDDL HEADER START
2N/A *
2N/A * The contents of this file are subject to the terms of the
2N/A * Common Development and Distribution License (the "License").
2N/A * You may not use this file except in compliance with the License.
2N/A *
2N/A * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2N/A * or http://www.opensolaris.org/os/licensing.
2N/A * See the License for the specific language governing permissions
2N/A * and limitations under the License.
2N/A *
2N/A * When distributing Covered Code, include this CDDL HEADER in each
2N/A * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2N/A * If applicable, add the following below this CDDL HEADER, with the
2N/A * fields enclosed by brackets "[]" replaced with your own identifying
2N/A * information: Portions Copyright [yyyy] [name of copyright owner]
2N/A *
2N/A * CDDL HEADER END
2N/A */
2N/A
2N/A/*
2N/A * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
2N/A * Use is subject to license terms.
2N/A */
2N/A
2N/A#ifndef _LIBELFSIGN_H
2N/A#define _LIBELFSIGN_H
2N/A
2N/A#pragma ident "%Z%%M% %I% %E% SMI"
2N/A
2N/A#ifdef __cplusplus
2N/Aextern "C" {
2N/A#endif
2N/A
2N/A/*
2N/A * libelfsign Private Interfaces
2N/A * This Header file should not be shipped as part of Solaris binary or
2N/A * source products.
2N/A */
2N/A
2N/A#include <sys/crypto/elfsign.h>
2N/A#include <libelf.h>
2N/A#include <fcntl.h>
2N/A#include <md5.h>
2N/A#include <sha1.h>
2N/A#include <kmfapi.h>
2N/A
2N/A/*
2N/A * Certificate-related definitions
2N/A */
2N/A#define ELFSIGN_CRYPTO "Solaris Cryptographic Framework"
2N/A#define USAGELIMITED "OU=UsageLimited"
2N/A#define ESA ".esa"
2N/A#define ESA_LEN sizeof (".esa")
typedef enum ELFCert_VStatus_e {
E_UNCHECKED,
E_OK,
E_IS_TA,
E_FAILED
} ELFCert_VStatus_t;
typedef struct ELFCert_s {
ELFCert_VStatus_t c_verified;
char *c_subject;
char *c_issuer;
KMF_X509_DER_CERT c_cert;
KMF_KEY_HANDLE c_privatekey;
} *ELFCert_t;
#define CRYPTO_CERTS_DIR "/etc/crypto/certs"
#define ETC_CERTS_DIR "/etc/certs"
/*
* libelfsign actions
*/
enum ES_ACTION {
ES_GET,
ES_GET_CRYPTO,
ES_UPDATE,
ES_UPDATE_RSA_MD5_SHA1,
ES_UPDATE_RSA_SHA1
};
#define ES_ACTISUPDATE(a) ((a) >= ES_UPDATE)
/*
* Context for elfsign operation
*/
struct ELFsign_s {
Elf *es_elf;
char *es_pathname;
char *es_certpath;
int es_fd;
size_t es_shstrndx;
enum ES_ACTION es_action;
KMF_KEY_HANDLE es_privatekey;
filesig_vers_t es_version;
boolean_t es_same_endian;
boolean_t es_has_phdr;
char es_ei_class;
struct flock es_flock;
KMF_HANDLE_T es_kmfhandle;
void *es_callbackctx;
void (*es_sigvercallback)(void *, void *, size_t, ELFCert_t);
void (*es_certCAcallback)(void *, ELFCert_t, char *);
void (*es_certvercallback)(void *, ELFCert_t, ELFCert_t);
};
#define ES_FMT_RSA_MD5_SHA1 "rsa_md5_sha1"
#define ES_FMT_RSA_SHA1 "rsa_sha1"
/*
* ELF signature handling
*/
typedef struct ELFsign_s *ELFsign_t;
struct ELFsign_sig_info {
char *esi_format;
char *esi_signer;
time_t esi_time;
};
extern struct filesignatures *elfsign_insert_dso(ELFsign_t ess,
struct filesignatures *fsp, const char *dn, int dn_len,
const uchar_t *sig, int sig_len, const char *oid, int oid_len);
extern filesig_vers_t elfsign_extract_sig(ELFsign_t ess,
struct filesignatures *fsp, uchar_t *sig, size_t *sig_len);
extern ELFsign_status_t elfsign_begin(const char *,
enum ES_ACTION, ELFsign_t *);
extern void elfsign_end(ELFsign_t ess);
extern ELFsign_status_t elfsign_setcertpath(ELFsign_t ess, const char *path);
extern ELFsign_status_t elfsign_verify_signature(ELFsign_t ess,
struct ELFsign_sig_info **esipp);
extern ELFsign_status_t elfsign_hash(ELFsign_t ess, uchar_t *hash,
size_t *hash_len);
extern ELFsign_status_t elfsign_hash_mem_resident(ELFsign_t ess,
uchar_t *hash, size_t *hash_len);
extern ELFsign_status_t elfsign_hash_esa(ELFsign_t ess,
uchar_t *esa_buf, size_t esa_buf_len, uchar_t **hash, size_t *hash_len);
extern void elfsign_buffer_len(ELFsign_t ess, size_t *ip, uchar_t *cp,
enum ES_ACTION action);
extern void elfsign_setcallbackctx(ELFsign_t ess, void *ctx);
extern void elfsign_setsigvercallback(ELFsign_t ess,
void (*cb)(void *, void *, size_t, ELFCert_t));
extern ELFsign_status_t elfsign_signatures(ELFsign_t ess,
struct filesignatures **fspp, size_t *fs_len, enum ES_ACTION action);
extern char const *elfsign_strerror(ELFsign_status_t);
extern boolean_t elfsign_sig_info(struct filesignatures *fssp,
struct ELFsign_sig_info **esipp);
extern void elfsign_sig_info_free(struct ELFsign_sig_info *);
/*
* ELF "Certificate Library"
*/
extern const char _PATH_ELFSIGN_CERTS[];
#define ELFCERT_MAX_DN_LEN 255
extern boolean_t elfcertlib_init(ELFsign_t);
extern void elfcertlib_fini(ELFsign_t);
extern boolean_t elfcertlib_settoken(ELFsign_t, char *);
extern void elfcertlib_setcertCAcallback(ELFsign_t ess,
void (*cb)(void *, ELFCert_t, char *));
extern void elfcertlib_setcertvercallback(ELFsign_t ess,
void (*cb)(void *, ELFCert_t, ELFCert_t));
extern boolean_t elfcertlib_getcert(ELFsign_t ess, char *cert_pathname,
char *signer_DN, ELFCert_t *certp, enum ES_ACTION action);
extern void elfcertlib_releasecert(ELFsign_t, ELFCert_t);
extern char *elfcertlib_getdn(ELFCert_t cert);
extern char *elfcertlib_getissuer(ELFCert_t cert);
extern boolean_t elfcertlib_loadprivatekey(ELFsign_t ess, ELFCert_t cert,
const char *path);
extern boolean_t elfcertlib_loadtokenkey(ELFsign_t ess, ELFCert_t cert,
const char *token_id, const char *pin);
extern boolean_t elfcertlib_sign(ELFsign_t ess, ELFCert_t cert,
const uchar_t *data, size_t data_len, uchar_t *sig,
size_t *sig_len);
extern boolean_t elfcertlib_verifycert(ELFsign_t ess, ELFCert_t cert);
extern boolean_t elfcertlib_verifysig(ELFsign_t ess, ELFCert_t cert,
const uchar_t *sig, size_t sig_len,
const uchar_t *data, size_t data_len);
#ifdef __cplusplus
}
#endif
#endif /* _LIBELFSIGN_H */