| 1 | /* |
|---|---|
| 2 | * Copyright (c) 2009-2023 Apple Inc. All rights reserved. |
| 3 | * |
| 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
| 5 | * |
| 6 | * This file contains Original Code and/or Modifications of Original Code |
| 7 | * as defined in and that are subject to the Apple Public Source License |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in |
| 9 | * compliance with the License. The rights granted to you under the License |
| 10 | * may not be used to create, or enable the creation or redistribution of, |
| 11 | * unlawful or unlicensed copies of an Apple operating system, or to |
| 12 | * circumvent, violate, or enable the circumvention or violation of, any |
| 13 | * terms of an Apple operating system software license agreement. |
| 14 | * |
| 15 | * Please obtain a copy of the License at |
| 16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
| 17 | * |
| 18 | * The Original Code and all software distributed under the License are |
| 19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
| 20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
| 21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
| 22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
| 23 | * Please see the License for the specific language governing rights and |
| 24 | * limitations under the License. |
| 25 | * |
| 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
| 27 | */ |
| 28 | |
| 29 | #ifndef _SYS_CPROTECT_H_ |
| 30 | #define _SYS_CPROTECT_H_ |
| 31 | |
| 32 | #ifdef KERNEL_PRIVATE |
| 33 | |
| 34 | #include <sys/cdefs.h> |
| 35 | #include <sys/param.h> |
| 36 | #include <sys/buf.h> |
| 37 | #include <sys/kdebug.h> |
| 38 | #include <crypto/aes.h> |
| 39 | #include <stdbool.h> |
| 40 | #include <uuid/uuid.h> |
| 41 | #include <libkern/crypto/sha1.h> |
| 42 | |
| 43 | __BEGIN_DECLS |
| 44 | |
| 45 | #define CP_CODE(code) FSDBG_CODE(DBG_CONTENT_PROT, code) |
| 46 | /* |
| 47 | * Class DBG_FSYSTEM == 0x03 |
| 48 | * Subclass DBG_CONTENT_PROT == 0xCF |
| 49 | * These debug codes are of the form 0x03CFzzzz |
| 50 | */ |
| 51 | |
| 52 | enum { |
| 53 | CPDBG_OFFSET_IO = CP_CODE(0), /* 0x03CF0000 */ |
| 54 | }; |
| 55 | |
| 56 | /* normally the debug events are no-ops */ |
| 57 | #define CP_DEBUG(x, a, b, c, d, e) do {} while (0); |
| 58 | |
| 59 | /* dev kernels only! */ |
| 60 | #if !SECURE_KERNEL |
| 61 | |
| 62 | /* KDEBUG events used by content protection subsystem */ |
| 63 | #if 0 |
| 64 | #undef CP_DEBUG |
| 65 | #define CP_DEBUG KERNEL_DEBUG_CONSTANT |
| 66 | #endif |
| 67 | |
| 68 | #endif |
| 69 | |
| 70 | #define CP_MAX_WRAPPEDKEYSIZE 128 /* The size of the largest allowed key */ |
| 71 | #define VFS_CP_MAX_CACHEBUFLEN 64 /* Maximum size of the cached key */ |
| 72 | |
| 73 | /* lock events from AppleKeyStore */ |
| 74 | enum { |
| 75 | CP_ACTION_LOCKED = 0, |
| 76 | CP_ACTION_UNLOCKED = 1, |
| 77 | CP_ACTION_EP_INVALIDATED = 2, |
| 78 | CP_ACTION_CX_EXPIRED = 3, |
| 79 | }; |
| 80 | /* |
| 81 | * Ideally, cp_key_store_action_t would be an enum, but we cannot fix |
| 82 | * that until AppleKeyStore is updated. |
| 83 | */ |
| 84 | typedef int cp_key_store_action_t; |
| 85 | |
| 86 | /* |
| 87 | * It was once the case (and it may still be the case) where the lock |
| 88 | * state got conflated with the possible actions/events that |
| 89 | * AppleKeyStore can send. For that reason, the locked states below |
| 90 | * should numerically match their corresponding actions above. |
| 91 | */ |
| 92 | typedef unsigned char cp_lock_state_t; |
| 93 | enum { |
| 94 | CP_LOCKED_STATE = 0, |
| 95 | CP_UNLOCKED_STATE = 1, |
| 96 | }; |
| 97 | |
| 98 | typedef unsigned char cp_ep_state_t; |
| 99 | enum { |
| 100 | CP_EP_INVALIDATED = 0, |
| 101 | }; |
| 102 | |
| 103 | typedef unsigned char cp_cx_state_t; |
| 104 | enum { |
| 105 | CP_CX_EXPIRED = 0, |
| 106 | }; |
| 107 | |
| 108 | typedef uint32_t cp_key_class_t; |
| 109 | typedef uint32_t cp_key_os_version_t; |
| 110 | typedef uint16_t cp_key_revision_t; |
| 111 | typedef uint64_t cp_crypto_id_t; |
| 112 | |
| 113 | typedef struct cprotect *cprotect_t; |
| 114 | typedef struct cpx *cpx_t; |
| 115 | |
| 116 | #ifdef BSD_KERNEL_PRIVATE |
| 117 | /* Not for consumption outside of XNU */ |
| 118 | typedef uint32_t cpx_flags_t; |
| 119 | /* |
| 120 | * This is a CPX structure with a fixed-length key buffer. We need this defined in a header |
| 121 | * so that we can use this structure to allocate the memory for the zone(s) properly. |
| 122 | */ |
| 123 | typedef struct fcpx { |
| 124 | #ifdef DEBUG |
| 125 | uint32_t cpx_magic1; |
| 126 | #endif // DEBUG |
| 127 | aes_encrypt_ctx *cpx_iv_aes_ctx_ptr;// Context used for generating the IV |
| 128 | cpx_flags_t cpx_flags; |
| 129 | uint16_t cpx_max_key_len; |
| 130 | uint16_t cpx_key_len; |
| 131 | uint8_t cpx_cached_key[VFS_CP_MAX_CACHEBUFLEN]; |
| 132 | //Fixed length all the way through |
| 133 | } fcpx_t; |
| 134 | |
| 135 | #endif // BSD_KERNEL_PRIVATE |
| 136 | |
| 137 | typedef struct cp_key { |
| 138 | uint8_t len; |
| 139 | void *key; |
| 140 | } cp_key_t; |
| 141 | |
| 142 | /* Interface to AKS kext */ |
| 143 | typedef struct { |
| 144 | void *key; |
| 145 | unsigned key_len; |
| 146 | void *iv_key; |
| 147 | unsigned iv_key_len; |
| 148 | uint32_t flags; |
| 149 | } cp_raw_key_s; |
| 150 | |
| 151 | typedef cp_raw_key_s* cp_raw_key_t; |
| 152 | |
| 153 | typedef struct { |
| 154 | void *key; |
| 155 | unsigned key_len; |
| 156 | cp_key_class_t dp_class; |
| 157 | } cp_wrapped_key_s; |
| 158 | |
| 159 | typedef cp_wrapped_key_s* cp_wrapped_key_t; |
| 160 | |
| 161 | typedef struct { |
| 162 | union { |
| 163 | ino64_t inode; |
| 164 | cp_crypto_id_t crypto_id; |
| 165 | }; |
| 166 | uint32_t volume; |
| 167 | pid_t pid; |
| 168 | uid_t uid; |
| 169 | cp_key_revision_t key_revision; |
| 170 | } cp_cred_s; |
| 171 | |
| 172 | typedef cp_cred_s* cp_cred_t; |
| 173 | |
| 174 | /* The wrappers are invoked on the AKS kext */ |
| 175 | typedef int unwrapper_t(cp_cred_t access, const cp_wrapped_key_t wrapped_key_in, cp_raw_key_t key_out); |
| 176 | typedef int rewrapper_t(cp_cred_t access, cp_key_class_t dp_class, const cp_wrapped_key_t wrapped_key_in, cp_wrapped_key_t wrapped_key_out); |
| 177 | typedef int new_key_t(cp_cred_t access, cp_key_class_t dp_class, cp_raw_key_t key_out, cp_wrapped_key_t wrapped_key_out); |
| 178 | typedef int invalidater_t(cp_cred_t access); /* invalidates keys */ |
| 179 | typedef int backup_key_t(cp_cred_t access, const cp_wrapped_key_t wrapped_key_in, cp_wrapped_key_t wrapped_key_out); |
| 180 | |
| 181 | /* |
| 182 | * Flags for Interaction between AKS / Kernel |
| 183 | * These are twiddled via the input/output structs in the above |
| 184 | * wrapper/unwrapper functions. |
| 185 | */ |
| 186 | #define CP_RAW_KEY_WRAPPEDKEY 0x00000001 |
| 187 | |
| 188 | /* |
| 189 | * Function prototypes for kexts to interface with our internal cprotect |
| 190 | * fields; cpx provides opacity and allows us to modify behavior internally |
| 191 | * without requiring kext changes. |
| 192 | */ |
| 193 | cpx_t cpx_alloc(size_t key_size, bool needs_ctx); |
| 194 | int cpx_alloc_ctx(cpx_t cpx); |
| 195 | void cpx_free_ctx(cpx_t cpx); |
| 196 | void cpx_init(cpx_t, size_t key_len); |
| 197 | void cpx_init_ctx_ptr(cpx_t cpx); |
| 198 | void cpx_free(cpx_t); |
| 199 | void cpx_writeprotect(cpx_t cpx); |
| 200 | __attribute__((const)) size_t cpx_size(size_t key_len); |
| 201 | __attribute__((pure)) bool cpx_is_sep_wrapped_key(const struct cpx *); |
| 202 | void cpx_set_is_sep_wrapped_key(struct cpx *, bool); |
| 203 | __attribute__((pure)) bool cpx_is_composite_key(const struct cpx *); |
| 204 | void cpx_set_is_composite_key(struct cpx *, bool); |
| 205 | __attribute__((pure)) bool cpx_use_offset_for_iv(const struct cpx *); |
| 206 | void cpx_set_use_offset_for_iv(struct cpx *, bool); |
| 207 | __attribute__((pure)) bool cpx_synthetic_offset_for_iv(const struct cpx *); |
| 208 | void cpx_set_synthetic_offset_for_iv(struct cpx *, bool); |
| 209 | __attribute__((pure)) uint16_t cpx_key_len(const struct cpx *); |
| 210 | void cpx_set_key_len(struct cpx *, uint16_t key_len); |
| 211 | __attribute__((pure)) void *cpx_key(const struct cpx *); |
| 212 | aes_encrypt_ctx *cpx_iv_aes_ctx(struct cpx *); |
| 213 | void cpx_flush(cpx_t cpx); |
| 214 | bool cpx_can_copy(const struct cpx *src, const struct cpx *dst); |
| 215 | void cpx_copy(const struct cpx *src, cpx_t dst); |
| 216 | uint16_t cpx_max_key_len(const struct cpx *cpx); |
| 217 | bool cpx_has_key(const struct cpx *cpx); |
| 218 | size_t cpx_sizex(const struct cpx *cpx); |
| 219 | void cpx_set_aes_iv_key(struct cpx *cpx, void *iv_key); |
| 220 | |
| 221 | int cp_key_store_action(cp_key_store_action_t); |
| 222 | int cp_key_store_action_for_volume(uuid_t volume_uuid, cp_key_store_action_t action); |
| 223 | cp_key_os_version_t cp_os_version(void); |
| 224 | // Should be cp_key_class_t but HFS has a conflicting definition |
| 225 | int cp_is_valid_class(int isdir, int32_t protectionclass); |
| 226 | |
| 227 | __END_DECLS |
| 228 | |
| 229 | #endif /* KERNEL_PRIVATE */ |
| 230 | #endif /* !_SYS_CPROTECT_H_ */ |
| 231 |
Generated while processing xnu/bsd/dev/unix_startup.c
Generated on 2024-Jun-06 from project xnu revision 10063.121.3
Powered by 
Code Browser 2.1
Generator usage only permitted with license.