| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
| 1 | /* $NetBSD: verified_exec.h,v 1.58 2010/11/19 06:44:34 dholland Exp $ */ | | 1 | /* $NetBSD: verified_exec.h,v 1.59 2018/12/24 16:04:14 maxv Exp $ */ |
| 2 | | | 2 | |
| 3 | /*- | | 3 | /*- |
| 4 | * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> | | 4 | * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> |
| 5 | * Copyright (c) 2005, 2006 Brett Lymn <blymn@NetBSD.org> | | 5 | * Copyright (c) 2005, 2006 Brett Lymn <blymn@NetBSD.org> |
| 6 | * All rights reserved. | | 6 | * All rights reserved. |
| 7 | * | | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | | 9 | * modification, are permitted provided that the following conditions |
| 10 | * are met: | | 10 | * are met: |
| 11 | * 1. Redistributions of source code must retain the above copyright | | 11 | * 1. Redistributions of source code must retain the above copyright |
| 12 | * notice, this list of conditions and the following disclaimer. | | 12 | * notice, this list of conditions and the following disclaimer. |
| 13 | * 2. Redistributions in binary form must reproduce the above copyright | | 13 | * 2. Redistributions in binary form must reproduce the above copyright |
| 14 | * notice, this list of conditions and the following disclaimer in the | | 14 | * notice, this list of conditions and the following disclaimer in the |
| @@ -67,46 +67,26 @@ struct vm_page; | | | @@ -67,46 +67,26 @@ struct vm_page; |
| 67 | | | 67 | |
| 68 | /* Valid status field values. */ | | 68 | /* Valid status field values. */ |
| 69 | #define FINGERPRINT_NOTEVAL 0 /* fingerprint has not been evaluated */ | | 69 | #define FINGERPRINT_NOTEVAL 0 /* fingerprint has not been evaluated */ |
| 70 | #define FINGERPRINT_VALID 1 /* fingerprint evaluated and matches list */ | | 70 | #define FINGERPRINT_VALID 1 /* fingerprint evaluated and matches list */ |
| 71 | #define FINGERPRINT_NOMATCH 2 /* fingerprint evaluated but does not match */ | | 71 | #define FINGERPRINT_NOMATCH 2 /* fingerprint evaluated but does not match */ |
| 72 | | | 72 | |
| 73 | /* Per-page fingerprint status. */ | | 73 | /* Per-page fingerprint status. */ |
| 74 | #define PAGE_FP_NONE 0 /* no per-page fingerprints. */ | | 74 | #define PAGE_FP_NONE 0 /* no per-page fingerprints. */ |
| 75 | #define PAGE_FP_READY 1 /* per-page fingerprints ready for use. */ | | 75 | #define PAGE_FP_READY 1 /* per-page fingerprints ready for use. */ |
| 76 | #define PAGE_FP_FAIL 2 /* mismatch in per-page fingerprints. */ | | 76 | #define PAGE_FP_FAIL 2 /* mismatch in per-page fingerprints. */ |
| 77 | | | 77 | |
| 78 | #if defined(_KERNEL) && !defined(HAVE_NBTOOL_CONFIG_H) | | 78 | #if defined(_KERNEL) && !defined(HAVE_NBTOOL_CONFIG_H) |
| 79 | | | 79 | |
| 80 | #if NVERIEXEC > 0 | | | |
| 81 | /* FUTURE: remove this macro entirely - dholland 20100215 */ | | | |
| 82 | #define VERIEXEC_PATH_GET(from, cto, to) \ | | | |
| 83 | do { \ | | | |
| 84 | to = NULL; \ | | | |
| 85 | cto = from; \ | | | |
| 86 | } \ | | | |
| 87 | } while (/*CONSTCOND*/0) | | | |
| 88 | #define VERIEXEC_PATH_PUT(to) \ | | | |
| 89 | do { \ | | | |
| 90 | (void)(to); \ | | | |
| 91 | } while (/*CONSTCOND*/0) | | | |
| 92 | #else | | | |
| 93 | #define VERIEXEC_PATH_GET(from, cto, to) \ | | | |
| 94 | cto = from | | | |
| 95 | #define VERIEXEC_PATH_PUT(to) \ | | | |
| 96 | (void)to | | | |
| 97 | | | | |
| 98 | #endif | | | |
| 99 | | | | |
| 100 | /* | | 80 | /* |
| 101 | * Fingerprint operations vector for Veriexec. | | 81 | * Fingerprint operations vector for Veriexec. |
| 102 | * Function types: init, update, final. | | 82 | * Function types: init, update, final. |
| 103 | */ | | 83 | */ |
| 104 | typedef void (*veriexec_fpop_init_t)(void *); | | 84 | typedef void (*veriexec_fpop_init_t)(void *); |
| 105 | typedef void (*veriexec_fpop_update_t)(void *, u_char *, u_int); | | 85 | typedef void (*veriexec_fpop_update_t)(void *, u_char *, u_int); |
| 106 | typedef void (*veriexec_fpop_final_t)(u_char *, void *); | | 86 | typedef void (*veriexec_fpop_final_t)(u_char *, void *); |
| 107 | | | 87 | |
| 108 | void veriexec_init(void); | | 88 | void veriexec_init(void); |
| 109 | int veriexec_fpops_add(const char *, size_t, size_t, veriexec_fpop_init_t, | | 89 | int veriexec_fpops_add(const char *, size_t, size_t, veriexec_fpop_init_t, |
| 110 | veriexec_fpop_update_t, veriexec_fpop_final_t); | | 90 | veriexec_fpop_update_t, veriexec_fpop_final_t); |
| 111 | int veriexec_file_add(struct lwp *, prop_dictionary_t); | | 91 | int veriexec_file_add(struct lwp *, prop_dictionary_t); |
| 112 | int veriexec_verify(struct lwp *, struct vnode *, const u_char *, int, | | 92 | int veriexec_verify(struct lwp *, struct vnode *, const u_char *, int, |