Home | History | Annotate | Line # | Download | only in sys
verified_exec.h revision 1.1 
      1  1.1  blymn /*	$NetBSD: verified_exec.h,v 1.1 2002/10/29 12:31:25 blymn Exp $	*/
      2  1.1  blymn 
      3  1.1  blymn /*-
      4  1.1  blymn  * Copyright (c) 1998-1999 Brett Lymn
      5  1.1  blymn  *                         (blymn (at) baea.com.au, brett_lymn (at) yahoo.com.au)
      6  1.1  blymn  * All rights reserved.
      7  1.1  blymn  *
      8  1.1  blymn  * This code has been donated to The NetBSD Foundation by the Author.
      9  1.1  blymn  *
     10  1.1  blymn  * Redistribution and use in source and binary forms, with or without
     11  1.1  blymn  * modification, are permitted provided that the following conditions
     12  1.1  blymn  * are met:
     13  1.1  blymn  * 1. Redistributions of source code must retain the above copyright
     14  1.1  blymn  *    notice, this list of conditions and the following disclaimer.
     15  1.1  blymn  * 2. The name of the author may not be used to endorse or promote products
     16  1.1  blymn  *    derived from this software withough specific prior written permission
     17  1.1  blymn  *
     18  1.1  blymn  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
     19  1.1  blymn  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
     20  1.1  blymn  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
     21  1.1  blymn  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
     22  1.1  blymn  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     23  1.1  blymn  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     24  1.1  blymn  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     25  1.1  blymn  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     26  1.1  blymn  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
     27  1.1  blymn  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     28  1.1  blymn  *
     29  1.1  blymn  *
     30  1.1  blymn  */
     31  1.1  blymn 
     32  1.1  blymn /*
     33  1.1  blymn  *
     34  1.1  blymn  * Definitions for the Verified Executables kernel function.
     35  1.1  blymn  *
     36  1.1  blymn  */
     37  1.1  blymn #include <sys/param.h>
     38  1.1  blymn 
     39  1.1  blymn #ifndef V_EXEC_H
     40  1.1  blymn #define V_EXEC_H 1
     41  1.1  blymn 
     42  1.1  blymn #define MAXFINGERPRINTLEN 20  /* enough room for largest signature... */
     43  1.1  blymn 
     44  1.1  blymn struct verified_exec_params  {
     45  1.1  blymn 	unsigned char type;
     46  1.1  blymn 	unsigned char fp_type;  /* type of fingerprint this is */
     47  1.1  blymn 	char file[MAXPATHLEN];
     48  1.1  blymn 	unsigned char fingerprint[MAXFINGERPRINTLEN];
     49  1.1  blymn };
     50  1.1  blymn 
     51  1.1  blymn /*
     52  1.1  blymn  * Types of veriexec inodes we can have
     53  1.1  blymn  */
     54  1.1  blymn #define VERIEXEC_DIRECT   0  /* Allow direct execution */
     55  1.1  blymn #define VERIEXEC_INDIRECT 1  /* Only allow indirect execution */
     56  1.1  blymn #define VERIEXEC_FILE     2  /* Fingerprint of a plain file */
     57  1.1  blymn 
     58  1.1  blymn /*
     59  1.1  blymn  * Types of fingerprints we support.
     60  1.1  blymn  */
     61  1.1  blymn #define FINGERPRINT_TYPE_MD5 1 /* MD5 hash */
     62  1.1  blymn #define MD5_FINGERPRINTLEN 16  /* and it's length in chars */
     63  1.1  blymn #define FINGERPRINT_TYPE_SHA1 2 /* SHA1 hash */
     64  1.1  blymn #define SHA1_FINGERPRINTLEN 20  /* and it's length in chars */
     65  1.1  blymn 
     66  1.1  blymn #define VERIEXECLOAD _IOW('S', 0x1, struct verified_exec_params)
     67  1.1  blymn 
     68  1.1  blymn #ifdef _KERNEL
     69  1.1  blymn void	verifiedexecattach __P((struct device *, struct device *, void *));
     70  1.1  blymn int     verifiedexecopen __P((dev_t, int, int, struct proc *));
     71  1.1  blymn int     verifiedexecclose __P((dev_t, int, int, struct proc *));
     72  1.1  blymn int     verifiedexecioctl __P((dev_t, u_long, caddr_t, int, struct proc *));
     73  1.1  blymn /*
     74  1.1  blymn  * list structure definitions - needed in kern_exec.c
     75  1.1  blymn  */
     76  1.1  blymn 
     77  1.1  blymn struct veriexec_devhead veriexec_dev_head;
     78  1.1  blymn struct veriexec_devhead veriexec_file_dev_head;
     79  1.1  blymn 
     80  1.1  blymn struct veriexec_dev_list {
     81  1.1  blymn 	unsigned long id;
     82  1.1  blymn 	LIST_HEAD(inodehead, veriexec_inode_list) inode_head;
     83  1.1  blymn 	LIST_ENTRY(veriexec_dev_list) entries;
     84  1.1  blymn };
     85  1.1  blymn 
     86  1.1  blymn struct veriexec_inode_list
     87  1.1  blymn {
     88  1.1  blymn 	unsigned char type;
     89  1.1  blymn 	unsigned char fp_type;
     90  1.1  blymn 	unsigned long inode;
     91  1.1  blymn 	unsigned char fingerprint[MAXFINGERPRINTLEN];
     92  1.1  blymn 	LIST_ENTRY(veriexec_inode_list) entries;
     93  1.1  blymn };
     94  1.1  blymn 
     95  1.1  blymn struct veriexec_inode_list *
     96  1.1  blymn get_veriexec_inode(struct veriexec_devhead *head, long fsid, long fileid,
     97  1.1  blymn 		char *found_dev);
     98  1.1  blymn int
     99  1.1  blymn evaluate_fingerprint(struct vnode *vp, struct veriexec_inode_list *ip,
    100  1.1  blymn 		     struct proc *p, u_quad_t file_size, char *fingerprint);
    101  1.1  blymn int
    102  1.1  blymn fingerprintcmp(struct veriexec_inode_list *ip, unsigned char *digest);
    103  1.1  blymn 
    104  1.1  blymn #endif
    105  1.1  blymn #endif
    106