xnu-6153.141.1.tar.gz

[apple/xnu.git] / bsd / sys / cprotect.h

diff --git a/bsd/sys/cprotect.h b/bsd/sys/cprotect.h
index 97cb5a7c11339f7bb7a5e7e1d5fe43e38b79f23d..bfb333614c4f468eff9cf1ecc1e64097dca6b084 100644 (file)
--- a/bsd/sys/cprotect.h
+++ b/bsd/sys/cprotect.h
@@ -27,9 +27,9 @@
  */
 
 #ifndef _SYS_CPROTECT_H_
-#define        _SYS_CPROTECT_H_
+#define _SYS_CPROTECT_H_
 
-#if KERNEL_PRIVATE
+#ifdef KERNEL_PRIVATE
 
 #include <sys/cdefs.h>
 #include <sys/param.h>
@@ -37,25 +37,26 @@
 #include <sys/kdebug.h>
 #include <crypto/aes.h>
 #include <stdbool.h>
+#include <uuid/uuid.h>
 
 __BEGIN_DECLS
 
 #define CP_CODE(code) FSDBG_CODE(DBG_CONTENT_PROT, code)
-/* 
+/*
  * Class DBG_FSYSTEM == 0x03
  * Subclass DBG_CONTENT_PROT == 0xCF
  * These debug codes are of the form 0x03CFzzzz
  */
 
 enum {
-       CPDBG_OFFSET_IO = CP_CODE(0),   /* 0x03CF0000 */
+       CPDBG_OFFSET_IO = CP_CODE(0),   /* 0x03CF0000 */
 };
 
 /* normally the debug events are no-ops */
-#define CP_DEBUG(x,a,b,c,d,e) do {} while (0);
+#define CP_DEBUG(x, a, b, c, d, e) do {} while (0);
 
 /* dev kernels only! */
-#if !SECURE_KERNEL 
+#if !SECURE_KERNEL
 
 /* KDEBUG events used by content protection subsystem */
 #if 0
@@ -65,12 +66,12 @@ enum {
 
 #endif
 
-#define CP_MAX_WRAPPEDKEYSIZE     128  /* The size of the largest allowed key */
+#define CP_MAX_WRAPPEDKEYSIZE     128   /* The size of the largest allowed key */
 
 /* lock events from AppleKeyStore */
 enum {
-       CP_ACTION_LOCKED        = 0,
-       CP_ACTION_UNLOCKED      = 1,
+       CP_ACTION_LOCKED        = 0,
+       CP_ACTION_UNLOCKED      = 1,
 };
 /*
  * Ideally, cp_key_store_action_t would be an enum, but we cannot fix
@@ -86,8 +87,8 @@ typedef int cp_key_store_action_t;
  */
 typedef unsigned char cp_lock_state_t;
 enum {
-       CP_LOCKED_STATE         = 0,
-       CP_UNLOCKED_STATE       = 1,
+       CP_LOCKED_STATE         = 0,
+       CP_UNLOCKED_STATE       = 1,
 };
 
 typedef uint32_t cp_key_class_t;
@@ -96,7 +97,6 @@ typedef uint16_t cp_key_revision_t;
 typedef uint64_t cp_crypto_id_t;
 
 typedef struct cprotect *cprotect_t;
-typedef struct cp_wrap_func *cp_wrap_func_t;
 typedef struct cpx *cpx_t;
 
 typedef struct cp_key {
@@ -125,13 +125,13 @@ typedef cp_wrapped_key_s* cp_wrapped_key_t;
 
 typedef struct {
        union {
-               ino64_t                 inode;
-               cp_crypto_id_t  crypto_id;
+               ino64_t                 inode;
+               cp_crypto_id_t  crypto_id;
        };
-       uint32_t                        volume;
-       pid_t                           pid;
-       uid_t                           uid;
-       cp_key_revision_t       key_revision;
+       uint32_t                        volume;
+       pid_t                           pid;
+       uid_t                           uid;
+       cp_key_revision_t       key_revision;
 } cp_cred_s;
 
 typedef cp_cred_s* cp_cred_t;
@@ -143,12 +143,12 @@ typedef int new_key_t(cp_cred_t access, cp_key_class_t dp_class, cp_raw_key_t ke
 typedef int invalidater_t(cp_cred_t access); /* invalidates keys */
 typedef int backup_key_t(cp_cred_t access, const cp_wrapped_key_t wrapped_key_in, cp_wrapped_key_t wrapped_key_out);
 
-/* 
- * Flags for Interaction between AKS / Kernel 
+/*
+ * Flags for Interaction between AKS / Kernel
  * These are twiddled via the input/output structs in the above
  * wrapper/unwrapper functions.
  */
-#define CP_RAW_KEY_WRAPPEDKEY  0x00000001
+#define CP_RAW_KEY_WRAPPEDKEY   0x00000001
 
 /*
  * Function prototypes for kexts to interface with our internal cprotect
@@ -158,9 +158,12 @@ typedef int backup_key_t(cp_cred_t access, const cp_wrapped_key_t wrapped_key_in
 cpx_t cpx_alloc(size_t key_size);
 void cpx_init(cpx_t, size_t key_len);
 void cpx_free(cpx_t);
+void cpx_writeprotect(cpx_t cpx);
 __attribute__((const)) size_t cpx_size(size_t key_size);
 __attribute__((pure)) bool cpx_is_sep_wrapped_key(const struct cpx *);
 void cpx_set_is_sep_wrapped_key(struct cpx *, bool);
+__attribute__((pure)) bool cpx_is_composite_key(const struct cpx *);
+void cpx_set_is_composite_key(struct cpx *, bool);
 __attribute__((pure)) bool cpx_use_offset_for_iv(const struct cpx *);
 void cpx_set_use_offset_for_iv(struct cpx *, bool);
 __attribute__((pure)) bool cpx_synthetic_offset_for_iv(const struct cpx *);
@@ -177,29 +180,11 @@ bool cpx_has_key(const struct cpx *cpx);
 size_t cpx_sizex(const struct cpx *cpx);
 void cpx_set_aes_iv_key(struct cpx *cpx, void *iv_key);
 
-/* Structure to store pointers for AKS functions */
-struct cp_wrap_func {
-       new_key_t       *new_key;
-       unwrapper_t     *unwrapper;
-       rewrapper_t     *rewrapper;
-       invalidater_t   *invalidater;
-       backup_key_t    *backup_key;
-};
-
 int cp_key_store_action(cp_key_store_action_t);
-int cp_register_wraps(cp_wrap_func_t);
-int cp_rewrap_key(cp_cred_t access, cp_key_class_t dp_class,
-                                 const cp_wrapped_key_t wrapped_key_in,
-                                 cp_wrapped_key_t wrapped_key_out);
-int cp_new_key(cp_cred_t access, cp_key_class_t dp_class, cp_raw_key_t key_out,
-                          cp_wrapped_key_t wrapped_key_out);
-int cp_unwrap_key(cp_cred_t access, const cp_wrapped_key_t wrapped_key_in,
-                                 cp_raw_key_t key_out);
-int cp_get_backup_key(cp_cred_t access, const cp_wrapped_key_t wrapped_key_in,
-                                         cp_wrapped_key_t wrapped_key_out);
+int cp_key_store_action_for_volume(uuid_t volume_uuid, cp_key_store_action_t action);
 cp_key_os_version_t cp_os_version(void);
 // Should be cp_key_class_t but HFS has a conflicting definition
-int cp_is_valid_class (int isdir, int32_t protectionclass);
+int cp_is_valid_class(int isdir, int32_t protectionclass);
 
 __END_DECLS