OpenSolaris_b135/lib/libelfsign/common/libelfsign.h
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _LIBELFSIGN_H
#define _LIBELFSIGN_H
#ifdef __cplusplus
extern "C" {
#endif
/*
* libelfsign Private Interfaces
* This Header file should not be shipped as part of Solaris binary or
* source products.
*/
#include <sys/crypto/elfsign.h>
#include <libelf.h>
#include <fcntl.h>
#include <md5.h>
#include <sha1.h>
#include <kmfapi.h>
/*
* Certificate-related definitions
*/
#define ELFSIGN_CRYPTO "Solaris Cryptographic Framework"
#define USAGELIMITED "OU=UsageLimited"
#define ESA ".esa"
#define ESA_LEN sizeof (".esa")
typedef enum ELFCert_VStatus_e {
E_UNCHECKED,
E_OK,
E_IS_TA,
E_FAILED
} ELFCert_VStatus_t;
typedef struct ELFCert_s {
ELFCert_VStatus_t c_verified;
char *c_subject;
char *c_issuer;
KMF_X509_DER_CERT c_cert;
KMF_KEY_HANDLE c_privatekey;
} *ELFCert_t;
#define CRYPTO_CERTS_DIR "/etc/crypto/certs"
#define ETC_CERTS_DIR "/etc/certs"
/*
* libelfsign actions
*/
enum ES_ACTION {
ES_GET,
ES_GET_CRYPTO,
ES_GET_FIPS140,
ES_UPDATE,
ES_UPDATE_RSA_MD5_SHA1,
ES_UPDATE_RSA_SHA1
};
#define ES_ACTISUPDATE(a) ((a) >= ES_UPDATE)
/*
* Context for elfsign operation
*/
struct ELFsign_s {
Elf *es_elf;
char *es_pathname;
char *es_certpath;
int es_fd;
size_t es_shstrndx;
enum ES_ACTION es_action;
KMF_KEY_HANDLE es_privatekey;
filesig_vers_t es_version;
boolean_t es_same_endian;
boolean_t es_has_phdr;
char es_ei_class;
struct flock es_flock;
KMF_HANDLE_T es_kmfhandle;
void *es_callbackctx;
void (*es_sigvercallback)(void *, void *, size_t, ELFCert_t);
void (*es_certCAcallback)(void *, ELFCert_t, char *);
void (*es_certvercallback)(void *, ELFCert_t, ELFCert_t);
};
#define ES_FMT_RSA_MD5_SHA1 "rsa_md5_sha1"
#define ES_FMT_RSA_SHA1 "rsa_sha1"
/*
* ELF signature handling
*/
typedef struct ELFsign_s *ELFsign_t;
struct ELFsign_sig_info {
char *esi_format;
char *esi_signer;
time_t esi_time;
};
extern struct filesignatures *elfsign_insert_dso(ELFsign_t ess,
struct filesignatures *fsp, const char *dn, int dn_len,
const uchar_t *sig, int sig_len, const char *oid, int oid_len);
extern filesig_vers_t elfsign_extract_sig(ELFsign_t ess,
struct filesignatures *fsp, uchar_t *sig, size_t *sig_len);
extern ELFsign_status_t elfsign_begin(const char *,
enum ES_ACTION, ELFsign_t *);
extern void elfsign_end(ELFsign_t ess);
extern ELFsign_status_t elfsign_setcertpath(ELFsign_t ess, const char *path);
extern ELFsign_status_t elfsign_verify_signature(ELFsign_t ess,
struct ELFsign_sig_info **esipp);
extern ELFsign_status_t elfsign_hash(ELFsign_t ess, uchar_t *hash,
size_t *hash_len);
extern ELFsign_status_t elfsign_hash_mem_resident(ELFsign_t ess,
uchar_t *hash, size_t *hash_len);
extern ELFsign_status_t elfsign_hash_esa(ELFsign_t ess,
uchar_t *esa_buf, size_t esa_buf_len, uchar_t **hash, size_t *hash_len);
extern void elfsign_buffer_len(ELFsign_t ess, size_t *ip, uchar_t *cp,
enum ES_ACTION action);
extern void elfsign_setcallbackctx(ELFsign_t ess, void *ctx);
extern void elfsign_setsigvercallback(ELFsign_t ess,
void (*cb)(void *, void *, size_t, ELFCert_t));
extern ELFsign_status_t elfsign_signatures(ELFsign_t ess,
struct filesignatures **fspp, size_t *fs_len, enum ES_ACTION action);
extern char const *elfsign_strerror(ELFsign_status_t);
extern boolean_t elfsign_sig_info(struct filesignatures *fssp,
struct ELFsign_sig_info **esipp);
extern void elfsign_sig_info_free(struct ELFsign_sig_info *);
/*
* ELF "Certificate Library"
*/
extern const char _PATH_ELFSIGN_CERTS[];
#define ELFCERT_MAX_DN_LEN 255
extern boolean_t elfcertlib_init(ELFsign_t);
extern void elfcertlib_fini(ELFsign_t);
extern boolean_t elfcertlib_settoken(ELFsign_t, char *);
extern void elfcertlib_setcertCAcallback(ELFsign_t ess,
void (*cb)(void *, ELFCert_t, char *));
extern void elfcertlib_setcertvercallback(ELFsign_t ess,
void (*cb)(void *, ELFCert_t, ELFCert_t));
extern boolean_t elfcertlib_getcert(ELFsign_t ess, char *cert_pathname,
char *signer_DN, ELFCert_t *certp, enum ES_ACTION action);
extern void elfcertlib_releasecert(ELFsign_t, ELFCert_t);
extern char *elfcertlib_getdn(ELFCert_t cert);
extern char *elfcertlib_getissuer(ELFCert_t cert);
extern boolean_t elfcertlib_loadprivatekey(ELFsign_t ess, ELFCert_t cert,
const char *path);
extern boolean_t elfcertlib_loadtokenkey(ELFsign_t ess, ELFCert_t cert,
const char *token_id, const char *pin);
extern boolean_t elfcertlib_sign(ELFsign_t ess, ELFCert_t cert,
const uchar_t *data, size_t data_len, uchar_t *sig,
size_t *sig_len);
extern boolean_t elfcertlib_verifycert(ELFsign_t ess, ELFCert_t cert);
extern boolean_t elfcertlib_verifysig(ELFsign_t ess, ELFCert_t cert,
const uchar_t *sig, size_t sig_len,
const uchar_t *data, size_t data_len);
#ifdef __cplusplus
}
#endif
#endif /* _LIBELFSIGN_H */