| 1 | /* |
|---|---|
| 2 | * Copyright (c) 2009-2014 Apple Inc. All rights reserved. |
| 3 | * |
| 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
| 5 | * |
| 6 | * This file contains Original Code and/or Modifications of Original Code |
| 7 | * as defined in and that are subject to the Apple Public Source License |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in |
| 9 | * compliance with the License. The rights granted to you under the License |
| 10 | * may not be used to create, or enable the creation or redistribution of, |
| 11 | * unlawful or unlicensed copies of an Apple operating system, or to |
| 12 | * circumvent, violate, or enable the circumvention or violation of, any |
| 13 | * terms of an Apple operating system software license agreement. |
| 14 | * |
| 15 | * Please obtain a copy of the License at |
| 16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
| 17 | * |
| 18 | * The Original Code and all software distributed under the License are |
| 19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
| 20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
| 21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
| 22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
| 23 | * Please see the License for the specific language governing rights and |
| 24 | * limitations under the License. |
| 25 | * |
| 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
| 27 | */ |
| 28 | |
| 29 | #ifndef _SYS_CPROTECT_H_ |
| 30 | #define _SYS_CPROTECT_H_ |
| 31 | |
| 32 | #ifdef KERNEL_PRIVATE |
| 33 | |
| 34 | #include <sys/cdefs.h> |
| 35 | #include <sys/param.h> |
| 36 | #include <sys/buf.h> |
| 37 | #include <sys/kdebug.h> |
| 38 | #include <crypto/aes.h> |
| 39 | #include <stdbool.h> |
| 40 | #include <uuid/uuid.h> |
| 41 | |
| 42 | __BEGIN_DECLS |
| 43 | |
| 44 | #define CP_CODE(code) FSDBG_CODE(DBG_CONTENT_PROT, code) |
| 45 | /* |
| 46 | * Class DBG_FSYSTEM == 0x03 |
| 47 | * Subclass DBG_CONTENT_PROT == 0xCF |
| 48 | * These debug codes are of the form 0x03CFzzzz |
| 49 | */ |
| 50 | |
| 51 | enum { |
| 52 | CPDBG_OFFSET_IO = CP_CODE(0), /* 0x03CF0000 */ |
| 53 | }; |
| 54 | |
| 55 | /* normally the debug events are no-ops */ |
| 56 | #define CP_DEBUG(x,a,b,c,d,e) do {} while (0); |
| 57 | |
| 58 | /* dev kernels only! */ |
| 59 | #if !SECURE_KERNEL |
| 60 | |
| 61 | /* KDEBUG events used by content protection subsystem */ |
| 62 | #if 0 |
| 63 | #undef CP_DEBUG |
| 64 | #define CP_DEBUG KERNEL_DEBUG_CONSTANT |
| 65 | #endif |
| 66 | |
| 67 | #endif |
| 68 | |
| 69 | #define CP_MAX_WRAPPEDKEYSIZE 128 /* The size of the largest allowed key */ |
| 70 | |
| 71 | /* lock events from AppleKeyStore */ |
| 72 | enum { |
| 73 | CP_ACTION_LOCKED = 0, |
| 74 | CP_ACTION_UNLOCKED = 1, |
| 75 | }; |
| 76 | /* |
| 77 | * Ideally, cp_key_store_action_t would be an enum, but we cannot fix |
| 78 | * that until AppleKeyStore is updated. |
| 79 | */ |
| 80 | typedef int cp_key_store_action_t; |
| 81 | |
| 82 | /* |
| 83 | * It was once the case (and it may still be the case) where the lock |
| 84 | * state got conflated with the possible actions/events that |
| 85 | * AppleKeyStore can send. For that reason, the locked states below |
| 86 | * should numerically match their corresponding actions above. |
| 87 | */ |
| 88 | typedef unsigned char cp_lock_state_t; |
| 89 | enum { |
| 90 | CP_LOCKED_STATE = 0, |
| 91 | CP_UNLOCKED_STATE = 1, |
| 92 | }; |
| 93 | |
| 94 | typedef uint32_t cp_key_class_t; |
| 95 | typedef uint32_t cp_key_os_version_t; |
| 96 | typedef uint16_t cp_key_revision_t; |
| 97 | typedef uint64_t cp_crypto_id_t; |
| 98 | |
| 99 | typedef struct cprotect *cprotect_t; |
| 100 | typedef struct cpx *cpx_t; |
| 101 | |
| 102 | typedef struct cp_key { |
| 103 | uint8_t len; |
| 104 | void *key; |
| 105 | } cp_key_t; |
| 106 | |
| 107 | /* Interface to AKS kext */ |
| 108 | typedef struct { |
| 109 | void *key; |
| 110 | unsigned key_len; |
| 111 | void *iv_key; |
| 112 | unsigned iv_key_len; |
| 113 | uint32_t flags; |
| 114 | } cp_raw_key_s; |
| 115 | |
| 116 | typedef cp_raw_key_s* cp_raw_key_t; |
| 117 | |
| 118 | typedef struct { |
| 119 | void *key; |
| 120 | unsigned key_len; |
| 121 | cp_key_class_t dp_class; |
| 122 | } cp_wrapped_key_s; |
| 123 | |
| 124 | typedef cp_wrapped_key_s* cp_wrapped_key_t; |
| 125 | |
| 126 | typedef struct { |
| 127 | union { |
| 128 | ino64_t inode; |
| 129 | cp_crypto_id_t crypto_id; |
| 130 | }; |
| 131 | uint32_t volume; |
| 132 | pid_t pid; |
| 133 | uid_t uid; |
| 134 | cp_key_revision_t key_revision; |
| 135 | } cp_cred_s; |
| 136 | |
| 137 | typedef cp_cred_s* cp_cred_t; |
| 138 | |
| 139 | /* The wrappers are invoked on the AKS kext */ |
| 140 | typedef int unwrapper_t(cp_cred_t access, const cp_wrapped_key_t wrapped_key_in, cp_raw_key_t key_out); |
| 141 | typedef int rewrapper_t(cp_cred_t access, cp_key_class_t dp_class, const cp_wrapped_key_t wrapped_key_in, cp_wrapped_key_t wrapped_key_out); |
| 142 | typedef int new_key_t(cp_cred_t access, cp_key_class_t dp_class, cp_raw_key_t key_out, cp_wrapped_key_t wrapped_key_out); |
| 143 | typedef int invalidater_t(cp_cred_t access); /* invalidates keys */ |
| 144 | typedef int backup_key_t(cp_cred_t access, const cp_wrapped_key_t wrapped_key_in, cp_wrapped_key_t wrapped_key_out); |
| 145 | |
| 146 | /* |
| 147 | * Flags for Interaction between AKS / Kernel |
| 148 | * These are twiddled via the input/output structs in the above |
| 149 | * wrapper/unwrapper functions. |
| 150 | */ |
| 151 | #define CP_RAW_KEY_WRAPPEDKEY 0x00000001 |
| 152 | |
| 153 | /* |
| 154 | * Function prototypes for kexts to interface with our internal cprotect |
| 155 | * fields; cpx provides opacity and allows us to modify behavior internally |
| 156 | * without requiring kext changes. |
| 157 | */ |
| 158 | cpx_t cpx_alloc(size_t key_size); |
| 159 | void cpx_init(cpx_t, size_t key_len); |
| 160 | void cpx_free(cpx_t); |
| 161 | void cpx_writeprotect(cpx_t cpx); |
| 162 | __attribute__((const)) size_t cpx_size(size_t key_size); |
| 163 | __attribute__((pure)) bool cpx_is_sep_wrapped_key(const struct cpx *); |
| 164 | void cpx_set_is_sep_wrapped_key(struct cpx *, bool); |
| 165 | __attribute__((pure)) bool cpx_is_composite_key(const struct cpx *); |
| 166 | void cpx_set_is_composite_key(struct cpx *, bool); |
| 167 | __attribute__((pure)) bool cpx_use_offset_for_iv(const struct cpx *); |
| 168 | void cpx_set_use_offset_for_iv(struct cpx *, bool); |
| 169 | __attribute__((pure)) bool cpx_synthetic_offset_for_iv(const struct cpx *); |
| 170 | void cpx_set_synthetic_offset_for_iv(struct cpx *, bool); |
| 171 | __attribute__((pure)) uint16_t cpx_key_len(const struct cpx *); |
| 172 | void cpx_set_key_len(struct cpx *, uint16_t key_len); |
| 173 | __attribute__((pure)) void *cpx_key(const struct cpx *); |
| 174 | aes_encrypt_ctx *cpx_iv_aes_ctx(struct cpx *); |
| 175 | void cpx_flush(cpx_t cpx); |
| 176 | bool cpx_can_copy(const struct cpx *src, const struct cpx *dst); |
| 177 | void cpx_copy(const struct cpx *src, cpx_t dst); |
| 178 | uint16_t cpx_max_key_len(const struct cpx *cpx); |
| 179 | bool cpx_has_key(const struct cpx *cpx); |
| 180 | size_t cpx_sizex(const struct cpx *cpx); |
| 181 | void cpx_set_aes_iv_key(struct cpx *cpx, void *iv_key); |
| 182 | |
| 183 | int cp_key_store_action(cp_key_store_action_t); |
| 184 | int cp_key_store_action_for_volume(uuid_t volume_uuid, cp_key_store_action_t action); |
| 185 | cp_key_os_version_t cp_os_version(void); |
| 186 | // Should be cp_key_class_t but HFS has a conflicting definition |
| 187 | int cp_is_valid_class (int isdir, int32_t protectionclass); |
| 188 | |
| 189 | __END_DECLS |
| 190 | |
| 191 | #endif /* KERNEL_PRIVATE */ |
| 192 | #endif /* !_SYS_CPROTECT_H_ */ |
| 193 |
Generated while processing codebrowser/bsd/dev/unix_startup.c
Generated on 2019-Apr-09 from project codebrowser revision 4903.221.2
Powered by 
Code Browser 2.1
Generator usage only permitted with license.