1 /* $NetBSD: verified_exec.h,v 1.1 2002/10/29 12:31:25 blymn Exp $ */ 2 3 /*- 4 * Copyright (c) 1998-1999 Brett Lymn 5 * (blymn@baea.com.au, brett_lymn@yahoo.com.au) 6 * All rights reserved. 7 * 8 * This code has been donated to The NetBSD Foundation by the Author. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. The name of the author may not be used to endorse or promote products 16 * derived from this software withough specific prior written permission 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * 29 * 30 */ 31 32 /* 33 * 34 * Definitions for the Verified Executables kernel function. 35 * 36 */ 37 #include <sys/param.h> 38 39 #ifndef V_EXEC_H 40 #define V_EXEC_H 1 41 42 #define MAXFINGERPRINTLEN 20 /* enough room for largest signature... */ 43 44 struct verified_exec_params { 45 unsigned char type; 46 unsigned char fp_type; /* type of fingerprint this is */ 47 char file[MAXPATHLEN]; 48 unsigned char fingerprint[MAXFINGERPRINTLEN]; 49 }; 50 51 /* 52 * Types of veriexec inodes we can have 53 */ 54 #define VERIEXEC_DIRECT 0 /* Allow direct execution */ 55 #define VERIEXEC_INDIRECT 1 /* Only allow indirect execution */ 56 #define VERIEXEC_FILE 2 /* Fingerprint of a plain file */ 57 58 /* 59 * Types of fingerprints we support. 60 */ 61 #define FINGERPRINT_TYPE_MD5 1 /* MD5 hash */ 62 #define MD5_FINGERPRINTLEN 16 /* and it's length in chars */ 63 #define FINGERPRINT_TYPE_SHA1 2 /* SHA1 hash */ 64 #define SHA1_FINGERPRINTLEN 20 /* and it's length in chars */ 65 66 #define VERIEXECLOAD _IOW('S', 0x1, struct verified_exec_params) 67 68 #ifdef _KERNEL 69 void verifiedexecattach __P((struct device *, struct device *, void *)); 70 int verifiedexecopen __P((dev_t, int, int, struct proc *)); 71 int verifiedexecclose __P((dev_t, int, int, struct proc *)); 72 int verifiedexecioctl __P((dev_t, u_long, caddr_t, int, struct proc *)); 73 /* 74 * list structure definitions - needed in kern_exec.c 75 */ 76 77 struct veriexec_devhead veriexec_dev_head; 78 struct veriexec_devhead veriexec_file_dev_head; 79 80 struct veriexec_dev_list { 81 unsigned long id; 82 LIST_HEAD(inodehead, veriexec_inode_list) inode_head; 83 LIST_ENTRY(veriexec_dev_list) entries; 84 }; 85 86 struct veriexec_inode_list 87 { 88 unsigned char type; 89 unsigned char fp_type; 90 unsigned long inode; 91 unsigned char fingerprint[MAXFINGERPRINTLEN]; 92 LIST_ENTRY(veriexec_inode_list) entries; 93 }; 94 95 struct veriexec_inode_list * 96 get_veriexec_inode(struct veriexec_devhead *head, long fsid, long fileid, 97 char *found_dev); 98 int 99 evaluate_fingerprint(struct vnode *vp, struct veriexec_inode_list *ip, 100 struct proc *p, u_quad_t file_size, char *fingerprint); 101 int 102 fingerprintcmp(struct veriexec_inode_list *ip, unsigned char *digest); 103 104 #endif 105 #endif 106