1 /* $NetBSD: verified_exec.h,v 1.4 2003/07/08 06:49:23 itojun Exp $ */
2
3 /*-
4 * Copyright (c) 1998-1999 Brett Lymn
5 * (blymn@baea.com.au, brett_lymn@yahoo.com.au)
6 * All rights reserved.
7 *
8 * This code has been donated to The NetBSD Foundation by the Author.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. The name of the author may not be used to endorse or promote products
16 * derived from this software withough specific prior written permission
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 *
29 *
30 */
31
32 /*
33 *
34 * Definitions for the Verified Executables kernel function.
35 *
36 */
37 #include <sys/param.h>
38
39 #ifndef V_EXEC_H
40 #define V_EXEC_H 1
41
42 #define MAXFINGERPRINTLEN 20 /* enough room for largest signature... */
43
44 struct verified_exec_params {
45 unsigned char type;
46 unsigned char fp_type; /* type of fingerprint this is */
47 char file[MAXPATHLEN];
48 unsigned char fingerprint[MAXFINGERPRINTLEN];
49 };
50
51 /*
52 * Types of veriexec inodes we can have
53 */
54 #define VERIEXEC_DIRECT 0 /* Allow direct execution */
55 #define VERIEXEC_INDIRECT 1 /* Only allow indirect execution */
56 #define VERIEXEC_FILE 2 /* Fingerprint of a plain file */
57
58 /*
59 * Types of fingerprints we support.
60 */
61 #define FINGERPRINT_TYPE_MD5 1 /* MD5 hash */
62 #define MD5_FINGERPRINTLEN 16 /* and it's length in chars */
63 #define FINGERPRINT_TYPE_SHA1 2 /* SHA1 hash */
64 #define SHA1_FINGERPRINTLEN 20 /* and it's length in chars */
65
66 #define VERIEXECLOAD _IOW('S', 0x1, struct verified_exec_params)
67
68 #ifdef _KERNEL
69 void verifiedexecattach __P((struct device *, struct device *, void *));
70 int verifiedexecopen __P((dev_t, int, int, struct proc *));
71 int verifiedexecclose __P((dev_t, int, int, struct proc *));
72 int verifiedexecioctl __P((dev_t, u_long, caddr_t, int, struct proc *));
73 /*
74 * list structure definitions - needed in kern_exec.c
75 */
76
77 struct veriexec_devhead veriexec_dev_head;
78 struct veriexec_devhead veriexec_file_dev_head;
79
80 struct veriexec_dev_list {
81 unsigned long id;
82 LIST_HEAD(inodehead, veriexec_inode_list) inode_head;
83 LIST_ENTRY(veriexec_dev_list) entries;
84 };
85
86 struct veriexec_inode_list
87 {
88 unsigned char type;
89 unsigned char fp_type;
90 unsigned long inode;
91 unsigned char fingerprint[MAXFINGERPRINTLEN];
92 LIST_ENTRY(veriexec_inode_list) entries;
93 };
94
95 struct veriexec_inode_list *get_veriexec_inode(struct veriexec_devhead *,
96 long, long, char *);
97 int evaluate_fingerprint(struct vnode *, struct veriexec_inode_list *,
98 struct proc *, u_quad_t, char *);
99 int fingerprintcmp(struct veriexec_inode_list *, unsigned char *);
100
101 #endif
102 #endif
Cache object: d06e6b1db8ef9a6d3b38feb9e18f49e2
|