| /* |
| * CDDL HEADER START |
| * |
| * The contents of this file are subject to the terms of the |
| * Common Development and Distribution License (the "License"). |
| * You may not use this file except in compliance with the License. |
| * |
| * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
| * or http://www.opensolaris.org/os/licensing. |
| * See the License for the specific language governing permissions |
| * and limitations under the License. |
| * |
| * When distributing Covered Code, include this CDDL HEADER in each |
| * file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
| * If applicable, add the following below this CDDL HEADER, with the |
| * fields enclosed by brackets "[]" replaced with your own identifying |
| * information: Portions Copyright [yyyy] [name of copyright owner] |
| * |
| * CDDL HEADER END |
| */ |
| /* |
| * Copyright 2008 Sun Microsystems, Inc. All rights reserved. |
| * Use is subject to license terms. |
| */ |
| |
| #ifndef _SYS_CRYPTO_ELFSIGN_H |
| #define _SYS_CRYPTO_ELFSIGN_H |
| |
| #ifdef __cplusplus |
| extern "C" { |
| #endif |
| |
| /* |
| * Consolidation Private Interface for elfsign/libpkcs11/kcfd |
| */ |
| |
| #include <sys/zfs_context.h> |
| |
| /* |
| * Project Private structures and types used for communication between kcfd |
| * and KCF over the door. |
| */ |
| |
| typedef enum ELFsign_status_e { |
| ELFSIGN_UNKNOWN, |
| ELFSIGN_SUCCESS, |
| ELFSIGN_FAILED, |
| ELFSIGN_NOTSIGNED, |
| ELFSIGN_INVALID_CERTPATH, |
| ELFSIGN_INVALID_ELFOBJ, |
| ELFSIGN_RESTRICTED |
| } ELFsign_status_t; |
| |
| #define KCF_KCFD_VERSION1 1 |
| #define SIG_MAX_LENGTH 1024 |
| |
| #define ELF_SIGNATURE_SECTION ".SUNW_signature" |
| |
| typedef struct kcf_door_arg_s { |
| short da_version; |
| boolean_t da_iskernel; |
| |
| union { |
| char filename[MAXPATHLEN]; /* For request */ |
| |
| struct kcf_door_result_s { /* For response */ |
| ELFsign_status_t status; |
| uint32_t siglen; |
| uchar_t signature[1]; |
| } result; |
| } da_u; |
| } kcf_door_arg_t; |
| |
| typedef uint32_t filesig_vers_t; |
| |
| /* |
| * File Signature Structure |
| * Applicable to ELF and other file formats |
| */ |
| struct filesignatures { |
| uint32_t filesig_cnt; /* count of signatures */ |
| uint32_t filesig_pad; /* unused */ |
| union { |
| char filesig_data[1]; |
| struct filesig { /* one of these for each signature */ |
| uint32_t filesig_size; |
| filesig_vers_t filesig_version; |
| union { |
| struct filesig_version1 { |
| uint32_t filesig_v1_dnsize; |
| uint32_t filesig_v1_sigsize; |
| uint32_t filesig_v1_oidsize; |
| char filesig_v1_data[1]; |
| } filesig_v1; |
| struct filesig_version3 { |
| uint64_t filesig_v3_time; |
| uint32_t filesig_v3_dnsize; |
| uint32_t filesig_v3_sigsize; |
| uint32_t filesig_v3_oidsize; |
| char filesig_v3_data[1]; |
| } filesig_v3; |
| } _u2; |
| } filesig_sig; |
| uint64_t filesig_align; |
| } _u1; |
| }; |
| #define filesig_sig _u1.filesig_sig |
| |
| #define filesig_v1_dnsize _u2.filesig_v1.filesig_v1_dnsize |
| #define filesig_v1_sigsize _u2.filesig_v1.filesig_v1_sigsize |
| #define filesig_v1_oidsize _u2.filesig_v1.filesig_v1_oidsize |
| #define filesig_v1_data _u2.filesig_v1.filesig_v1_data |
| |
| #define filesig_v3_time _u2.filesig_v3.filesig_v3_time |
| #define filesig_v3_dnsize _u2.filesig_v3.filesig_v3_dnsize |
| #define filesig_v3_sigsize _u2.filesig_v3.filesig_v3_sigsize |
| #define filesig_v3_oidsize _u2.filesig_v3.filesig_v3_oidsize |
| #define filesig_v3_data _u2.filesig_v3.filesig_v3_data |
| |
| #define filesig_ALIGN(s) (((s) + sizeof (uint64_t) - 1) & \ |
| (-sizeof (uint64_t))) |
| #define filesig_next(ptr) (struct filesig *)((void *)((char *)(ptr) + \ |
| filesig_ALIGN((ptr)->filesig_size))) |
| |
| #define FILESIG_UNKNOWN 0 /* unrecognized version */ |
| #define FILESIG_VERSION1 1 /* version1, all but sig section */ |
| #define FILESIG_VERSION2 2 /* version1 format, SHF_ALLOC only */ |
| #define FILESIG_VERSION3 3 /* version3, all but sig section */ |
| #define FILESIG_VERSION4 4 /* version3 format, SHF_ALLOC only */ |
| |
| #define _PATH_KCFD_DOOR "/etc/svc/volatile/kcfd_door" |
| |
| #ifdef __cplusplus |
| } |
| #endif |
| |
| #endif /* _SYS_CRYPTO_ELFSIGN_H */ |