git.saurik.com Git - apple/xnu.git/blame_incremental

... / ...

Commit	Line	Data
	1	/*
	2	* Copyright (c) 2009-2014 Apple Inc. All rights reserved.
	3	*
	4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. The rights granted to you under the License
	10	* may not be used to create, or enable the creation or redistribution of,
	11	* unlawful or unlicensed copies of an Apple operating system, or to
	12	* circumvent, violate, or enable the circumvention or violation of, any
	13	* terms of an Apple operating system software license agreement.
	14	*
	15	* Please obtain a copy of the License at
	16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
	17	*
	18	* The Original Code and all software distributed under the License are
	19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	23	* Please see the License for the specific language governing rights and
	24	* limitations under the License.
	25	*
	26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
	27	*/
	28
	29	#ifndef _SYS_CPROTECT_H_
	30	#define _SYS_CPROTECT_H_
	31
	32	#ifdef KERNEL_PRIVATE
	33
	34	#include <sys/cdefs.h>
	35	#include <sys/param.h>
	36	#include <sys/buf.h>
	37	#include <sys/kdebug.h>
	38	#include <crypto/aes.h>
	39	#include <stdbool.h>
	40	#include <uuid/uuid.h>
	41	#include <libkern/crypto/sha1.h>
	42
	43	__BEGIN_DECLS
	44
	45	#define CP_CODE(code) FSDBG_CODE(DBG_CONTENT_PROT, code)
	46	/*
	47	* Class DBG_FSYSTEM == 0x03
	48	* Subclass DBG_CONTENT_PROT == 0xCF
	49	* These debug codes are of the form 0x03CFzzzz
	50	*/
	51
	52	enum {
	53	CPDBG_OFFSET_IO = CP_CODE(0), /* 0x03CF0000 */
	54	};
	55
	56	/* normally the debug events are no-ops */
	57	#define CP_DEBUG(x, a, b, c, d, e) do {} while (0);
	58
	59	/* dev kernels only! */
	60	#if !SECURE_KERNEL
	61
	62	/* KDEBUG events used by content protection subsystem */
	63	#if 0
	64	#undef CP_DEBUG
	65	#define CP_DEBUG KERNEL_DEBUG_CONSTANT
	66	#endif
	67
	68	#endif
	69
	70	#define CP_MAX_WRAPPEDKEYSIZE 128 /* The size of the largest allowed key */
	71	#define VFS_CP_MAX_CACHEBUFLEN 64 /* Maximum size of the cached key */
	72
	73	/* lock events from AppleKeyStore */
	74	enum {
	75	CP_ACTION_LOCKED = 0,
	76	CP_ACTION_UNLOCKED = 1,
	77	};
	78	/*
	79	* Ideally, cp_key_store_action_t would be an enum, but we cannot fix
	80	* that until AppleKeyStore is updated.
	81	*/
	82	typedef int cp_key_store_action_t;
	83
	84	/*
	85	* It was once the case (and it may still be the case) where the lock
	86	* state got conflated with the possible actions/events that
	87	* AppleKeyStore can send. For that reason, the locked states below
	88	* should numerically match their corresponding actions above.
	89	*/
	90	typedef unsigned char cp_lock_state_t;
	91	enum {
	92	CP_LOCKED_STATE = 0,
	93	CP_UNLOCKED_STATE = 1,
	94	};
	95
	96	typedef uint32_t cp_key_class_t;
	97	typedef uint32_t cp_key_os_version_t;
	98	typedef uint16_t cp_key_revision_t;
	99	typedef uint64_t cp_crypto_id_t;
	100
	101	typedef struct cprotect *cprotect_t;
	102	typedef struct cpx *cpx_t;
	103
	104	#ifdef BSD_KERNEL_PRIVATE
	105	/* Not for consumption outside of XNU */
	106	typedef uint32_t cpx_flags_t;
	107	/*
	108	* This is a CPX structure with a fixed-length key buffer. We need this defined in a header
	109	* so that we can use this structure to allocate the memory for the zone(s) properly.
	110	*/
	111	typedef struct fcpx {
	112	#ifdef DEBUG
	113	uint32_t cpx_magic1;
	114	#endif // DEBUG
	115	aes_encrypt_ctx *cpx_iv_aes_ctx_ptr;// Context used for generating the IV
	116	cpx_flags_t cpx_flags;
	117	uint16_t cpx_max_key_len;
	118	uint16_t cpx_key_len;
	119	uint8_t cpx_cached_key[VFS_CP_MAX_CACHEBUFLEN];
	120	//Fixed length all the way through
	121	} fcpx_t;
	122
	123	#endif // BSD_KERNEL_PRIVATE
	124
	125	typedef struct cp_key {
	126	uint8_t len;
	127	void *key;
	128	} cp_key_t;
	129
	130	/* Interface to AKS kext */
	131	typedef struct {
	132	void *key;
	133	unsigned key_len;
	134	void *iv_key;
	135	unsigned iv_key_len;
	136	uint32_t flags;
	137	} cp_raw_key_s;
	138
	139	typedef cp_raw_key_s* cp_raw_key_t;
	140
	141	typedef struct {
	142	void *key;
	143	unsigned key_len;
	144	cp_key_class_t dp_class;
	145	} cp_wrapped_key_s;
	146
	147	typedef cp_wrapped_key_s* cp_wrapped_key_t;
	148
	149	typedef struct {
	150	union {
	151	ino64_t inode;
	152	cp_crypto_id_t crypto_id;
	153	};
	154	uint32_t volume;
	155	pid_t pid;
	156	uid_t uid;
	157	cp_key_revision_t key_revision;
	158	} cp_cred_s;
	159
	160	typedef cp_cred_s* cp_cred_t;
	161
	162	/* The wrappers are invoked on the AKS kext */
	163	typedef int unwrapper_t(cp_cred_t access, const cp_wrapped_key_t wrapped_key_in, cp_raw_key_t key_out);
	164	typedef int rewrapper_t(cp_cred_t access, cp_key_class_t dp_class, const cp_wrapped_key_t wrapped_key_in, cp_wrapped_key_t wrapped_key_out);
	165	typedef int new_key_t(cp_cred_t access, cp_key_class_t dp_class, cp_raw_key_t key_out, cp_wrapped_key_t wrapped_key_out);
	166	typedef int invalidater_t(cp_cred_t access); /* invalidates keys */
	167	typedef int backup_key_t(cp_cred_t access, const cp_wrapped_key_t wrapped_key_in, cp_wrapped_key_t wrapped_key_out);
	168
	169	/*
	170	* Flags for Interaction between AKS / Kernel
	171	* These are twiddled via the input/output structs in the above
	172	* wrapper/unwrapper functions.
	173	*/
	174	#define CP_RAW_KEY_WRAPPEDKEY 0x00000001
	175
	176	/*
	177	* Function prototypes for kexts to interface with our internal cprotect
	178	* fields; cpx provides opacity and allows us to modify behavior internally
	179	* without requiring kext changes.
	180	*/
	181	cpx_t cpx_alloc(size_t key_size, bool needs_ctx);
	182	int cpx_alloc_ctx(cpx_t cpx);
	183	void cpx_free_ctx(cpx_t cpx);
	184	void cpx_init(cpx_t, size_t key_len);
	185	void cpx_init_ctx_ptr(cpx_t cpx);
	186	void cpx_free(cpx_t);
	187	void cpx_writeprotect(cpx_t cpx);
	188	__attribute__((const)) size_t cpx_size(size_t key_len);
	189	__attribute__((pure)) bool cpx_is_sep_wrapped_key(const struct cpx *);
	190	void cpx_set_is_sep_wrapped_key(struct cpx *, bool);
	191	__attribute__((pure)) bool cpx_is_composite_key(const struct cpx *);
	192	void cpx_set_is_composite_key(struct cpx *, bool);
	193	__attribute__((pure)) bool cpx_use_offset_for_iv(const struct cpx *);
	194	void cpx_set_use_offset_for_iv(struct cpx *, bool);
	195	__attribute__((pure)) bool cpx_synthetic_offset_for_iv(const struct cpx *);
	196	void cpx_set_synthetic_offset_for_iv(struct cpx *, bool);
	197	__attribute__((pure)) uint16_t cpx_key_len(const struct cpx *);
	198	void cpx_set_key_len(struct cpx *, uint16_t key_len);
	199	__attribute__((pure)) void cpx_key(const struct cpx );
	200	aes_encrypt_ctx cpx_iv_aes_ctx(struct cpx );
	201	void cpx_flush(cpx_t cpx);
	202	bool cpx_can_copy(const struct cpx src, const struct cpx dst);
	203	void cpx_copy(const struct cpx *src, cpx_t dst);
	204	uint16_t cpx_max_key_len(const struct cpx *cpx);
	205	bool cpx_has_key(const struct cpx *cpx);
	206	size_t cpx_sizex(const struct cpx *cpx);
	207	void cpx_set_aes_iv_key(struct cpx cpx, void iv_key);
	208
	209	int cp_key_store_action(cp_key_store_action_t);
	210	int cp_key_store_action_for_volume(uuid_t volume_uuid, cp_key_store_action_t action);
	211	cp_key_os_version_t cp_os_version(void);
	212	// Should be cp_key_class_t but HFS has a conflicting definition
	213	int cp_is_valid_class(int isdir, int32_t protectionclass);
	214
	215	__END_DECLS
	216
	217	#endif /* KERNEL_PRIVATE */
	218	#endif /* !_SYS_CPROTECT_H_ */