Loading...
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 | /* * Copyright (c) 2009-2023 Apple Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. The rights granted to you under the License * may not be used to create, or enable the creation or redistribution of, * unlawful or unlicensed copies of an Apple operating system, or to * circumvent, violate, or enable the circumvention or violation of, any * terms of an Apple operating system software license agreement. * * Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ #ifndef _SYS_CPROTECT_H_ #define _SYS_CPROTECT_H_ #ifdef KERNEL_PRIVATE #include <sys/cdefs.h> #include <sys/param.h> #include <sys/buf.h> #include <sys/kdebug.h> #include <crypto/aes.h> #include <stdbool.h> #include <uuid/uuid.h> #include <libkern/crypto/sha1.h> __BEGIN_DECLS #define CP_CODE(code) FSDBG_CODE(DBG_CONTENT_PROT, code) /* * Class DBG_FSYSTEM == 0x03 * Subclass DBG_CONTENT_PROT == 0xCF * These debug codes are of the form 0x03CFzzzz */ enum { CPDBG_OFFSET_IO = CP_CODE(0), /* 0x03CF0000 */ }; /* normally the debug events are no-ops */ #define CP_DEBUG(x, a, b, c, d, e) do {} while (0); /* dev kernels only! */ #if !SECURE_KERNEL /* KDEBUG events used by content protection subsystem */ #if 0 #undef CP_DEBUG #define CP_DEBUG KERNEL_DEBUG_CONSTANT #endif #endif #define CP_MAX_WRAPPEDKEYSIZE 128 /* The size of the largest allowed key */ #define VFS_CP_MAX_CACHEBUFLEN 64 /* Maximum size of the cached key */ /* lock events from AppleKeyStore */ enum { CP_ACTION_LOCKED = 0, CP_ACTION_UNLOCKED = 1, CP_ACTION_EP_INVALIDATED = 2, CP_ACTION_CX_EXPIRED = 3, }; /* * Ideally, cp_key_store_action_t would be an enum, but we cannot fix * that until AppleKeyStore is updated. */ typedef int cp_key_store_action_t; /* * It was once the case (and it may still be the case) where the lock * state got conflated with the possible actions/events that * AppleKeyStore can send. For that reason, the locked states below * should numerically match their corresponding actions above. */ typedef unsigned char cp_lock_state_t; enum { CP_LOCKED_STATE = 0, CP_UNLOCKED_STATE = 1, }; typedef unsigned char cp_ep_state_t; enum { CP_EP_INVALIDATED = 0, }; typedef unsigned char cp_cx_state_t; enum { CP_CX_EXPIRED = 0, }; typedef uint32_t cp_key_class_t; typedef uint32_t cp_key_os_version_t; typedef uint16_t cp_key_revision_t; typedef uint64_t cp_crypto_id_t; typedef struct cprotect *cprotect_t; typedef struct cpx *cpx_t; #ifdef BSD_KERNEL_PRIVATE /* Not for consumption outside of XNU */ typedef uint32_t cpx_flags_t; /* * This is a CPX structure with a fixed-length key buffer. We need this defined in a header * so that we can use this structure to allocate the memory for the zone(s) properly. */ typedef struct fcpx { #ifdef DEBUG uint32_t cpx_magic1; #endif // DEBUG aes_encrypt_ctx *cpx_iv_aes_ctx_ptr;// Context used for generating the IV cpx_flags_t cpx_flags; uint16_t cpx_max_key_len; uint16_t cpx_key_len; uint8_t cpx_cached_key[VFS_CP_MAX_CACHEBUFLEN]; //Fixed length all the way through } fcpx_t; #endif // BSD_KERNEL_PRIVATE typedef struct cp_key { uint8_t len; void *key; } cp_key_t; /* Interface to AKS kext */ typedef struct { void *key; unsigned key_len; void *iv_key; unsigned iv_key_len; uint32_t flags; } cp_raw_key_s; typedef cp_raw_key_s* cp_raw_key_t; typedef struct { void *key; unsigned key_len; cp_key_class_t dp_class; } cp_wrapped_key_s; typedef cp_wrapped_key_s* cp_wrapped_key_t; typedef struct { union { ino64_t inode; cp_crypto_id_t crypto_id; }; uint32_t volume; pid_t pid; uid_t uid; cp_key_revision_t key_revision; } cp_cred_s; typedef cp_cred_s* cp_cred_t; /* The wrappers are invoked on the AKS kext */ typedef int unwrapper_t(cp_cred_t access, const cp_wrapped_key_t wrapped_key_in, cp_raw_key_t key_out); typedef int rewrapper_t(cp_cred_t access, cp_key_class_t dp_class, const cp_wrapped_key_t wrapped_key_in, cp_wrapped_key_t wrapped_key_out); typedef int new_key_t(cp_cred_t access, cp_key_class_t dp_class, cp_raw_key_t key_out, cp_wrapped_key_t wrapped_key_out); typedef int invalidater_t(cp_cred_t access); /* invalidates keys */ typedef int backup_key_t(cp_cred_t access, const cp_wrapped_key_t wrapped_key_in, cp_wrapped_key_t wrapped_key_out); /* * Flags for Interaction between AKS / Kernel * These are twiddled via the input/output structs in the above * wrapper/unwrapper functions. */ #define CP_RAW_KEY_WRAPPEDKEY 0x00000001 /* * Function prototypes for kexts to interface with our internal cprotect * fields; cpx provides opacity and allows us to modify behavior internally * without requiring kext changes. */ cpx_t cpx_alloc(size_t key_size, bool needs_ctx); int cpx_alloc_ctx(cpx_t cpx); void cpx_free_ctx(cpx_t cpx); void cpx_init(cpx_t, size_t key_len); void cpx_init_ctx_ptr(cpx_t cpx); void cpx_free(cpx_t); void cpx_writeprotect(cpx_t cpx); __attribute__((const)) size_t cpx_size(size_t key_len); __attribute__((pure)) bool cpx_is_sep_wrapped_key(const struct cpx *); void cpx_set_is_sep_wrapped_key(struct cpx *, bool); __attribute__((pure)) bool cpx_is_composite_key(const struct cpx *); void cpx_set_is_composite_key(struct cpx *, bool); __attribute__((pure)) bool cpx_use_offset_for_iv(const struct cpx *); void cpx_set_use_offset_for_iv(struct cpx *, bool); __attribute__((pure)) bool cpx_synthetic_offset_for_iv(const struct cpx *); void cpx_set_synthetic_offset_for_iv(struct cpx *, bool); __attribute__((pure)) uint16_t cpx_key_len(const struct cpx *); void cpx_set_key_len(struct cpx *, uint16_t key_len); __attribute__((pure)) void *cpx_key(const struct cpx *); aes_encrypt_ctx *cpx_iv_aes_ctx(struct cpx *); void cpx_flush(cpx_t cpx); bool cpx_can_copy(const struct cpx *src, const struct cpx *dst); void cpx_copy(const struct cpx *src, cpx_t dst); uint16_t cpx_max_key_len(const struct cpx *cpx); bool cpx_has_key(const struct cpx *cpx); size_t cpx_sizex(const struct cpx *cpx); void cpx_set_aes_iv_key(struct cpx *cpx, void *iv_key); int cp_key_store_action(cp_key_store_action_t); int cp_key_store_action_for_volume(uuid_t volume_uuid, cp_key_store_action_t action); cp_key_os_version_t cp_os_version(void); // Should be cp_key_class_t but HFS has a conflicting definition int cp_is_valid_class(int isdir, int32_t protectionclass); __END_DECLS #endif /* KERNEL_PRIVATE */ #endif /* !_SYS_CPROTECT_H_ */ |