X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/3903760236c30e3b5ace7a4eefac3a269d68957c..eb6b6ca394357805f2bdba989abae309f718b4d8:/bsd/sys/cprotect.h

diff --git a/bsd/sys/cprotect.h b/bsd/sys/cprotect.h
index 97cb5a7c1..bfb333614 100644
--- a/bsd/sys/cprotect.h
+++ b/bsd/sys/cprotect.h
@@ -27,9 +27,9 @@
  */
 
 #ifndef _SYS_CPROTECT_H_
-#define	_SYS_CPROTECT_H_
+#define _SYS_CPROTECT_H_
 
-#if KERNEL_PRIVATE
+#ifdef KERNEL_PRIVATE
 
 #include <sys/cdefs.h>
 #include <sys/param.h>
@@ -37,25 +37,26 @@
 #include <sys/kdebug.h>
 #include <crypto/aes.h>
 #include <stdbool.h>
+#include <uuid/uuid.h>
 
 __BEGIN_DECLS
 
 #define CP_CODE(code) FSDBG_CODE(DBG_CONTENT_PROT, code)
-/* 
+/*
  * Class DBG_FSYSTEM == 0x03
  * Subclass DBG_CONTENT_PROT == 0xCF
  * These debug codes are of the form 0x03CFzzzz
  */
 
 enum {
-	CPDBG_OFFSET_IO = CP_CODE(0),	/* 0x03CF0000 */
+	CPDBG_OFFSET_IO = CP_CODE(0),   /* 0x03CF0000 */
 };
 
 /* normally the debug events are no-ops */
-#define CP_DEBUG(x,a,b,c,d,e) do {} while (0);
+#define CP_DEBUG(x, a, b, c, d, e) do {} while (0);
 
 /* dev kernels only! */
-#if !SECURE_KERNEL 
+#if !SECURE_KERNEL
 
 /* KDEBUG events used by content protection subsystem */
 #if 0
@@ -65,12 +66,12 @@ enum {
 
 #endif
 
-#define CP_MAX_WRAPPEDKEYSIZE     128	/* The size of the largest allowed key */
+#define CP_MAX_WRAPPEDKEYSIZE     128   /* The size of the largest allowed key */
 
 /* lock events from AppleKeyStore */
 enum {
-	CP_ACTION_LOCKED	= 0,
-	CP_ACTION_UNLOCKED	= 1,
+	CP_ACTION_LOCKED        = 0,
+	CP_ACTION_UNLOCKED      = 1,
 };
 /*
  * Ideally, cp_key_store_action_t would be an enum, but we cannot fix
@@ -86,8 +87,8 @@ typedef int cp_key_store_action_t;
  */
 typedef unsigned char cp_lock_state_t;
 enum {
-	CP_LOCKED_STATE		= 0,
-	CP_UNLOCKED_STATE	= 1,
+	CP_LOCKED_STATE         = 0,
+	CP_UNLOCKED_STATE       = 1,
 };
 
 typedef uint32_t cp_key_class_t;
@@ -96,7 +97,6 @@ typedef uint16_t cp_key_revision_t;
 typedef uint64_t cp_crypto_id_t;
 
 typedef struct cprotect *cprotect_t;
-typedef struct cp_wrap_func *cp_wrap_func_t;
 typedef struct cpx *cpx_t;
 
 typedef struct cp_key {
@@ -125,13 +125,13 @@ typedef cp_wrapped_key_s* cp_wrapped_key_t;
 
 typedef struct {
 	union {
-		ino64_t			inode;
-		cp_crypto_id_t	crypto_id;
+		ino64_t                 inode;
+		cp_crypto_id_t  crypto_id;
 	};
-	uint32_t			volume;
-	pid_t				pid;
-	uid_t				uid;
-	cp_key_revision_t	key_revision;
+	uint32_t                        volume;
+	pid_t                           pid;
+	uid_t                           uid;
+	cp_key_revision_t       key_revision;
 } cp_cred_s;
 
 typedef cp_cred_s* cp_cred_t;
@@ -143,12 +143,12 @@ typedef int new_key_t(cp_cred_t access, cp_key_class_t dp_class, cp_raw_key_t ke
 typedef int invalidater_t(cp_cred_t access); /* invalidates keys */
 typedef int backup_key_t(cp_cred_t access, const cp_wrapped_key_t wrapped_key_in, cp_wrapped_key_t wrapped_key_out);
 
-/* 
- * Flags for Interaction between AKS / Kernel 
+/*
+ * Flags for Interaction between AKS / Kernel
  * These are twiddled via the input/output structs in the above
  * wrapper/unwrapper functions.
  */
-#define CP_RAW_KEY_WRAPPEDKEY	0x00000001
+#define CP_RAW_KEY_WRAPPEDKEY   0x00000001
 
 /*
  * Function prototypes for kexts to interface with our internal cprotect
@@ -158,9 +158,12 @@ typedef int backup_key_t(cp_cred_t access, const cp_wrapped_key_t wrapped_key_in
 cpx_t cpx_alloc(size_t key_size);
 void cpx_init(cpx_t, size_t key_len);
 void cpx_free(cpx_t);
+void cpx_writeprotect(cpx_t cpx);
 __attribute__((const)) size_t cpx_size(size_t key_size);
 __attribute__((pure)) bool cpx_is_sep_wrapped_key(const struct cpx *);
 void cpx_set_is_sep_wrapped_key(struct cpx *, bool);
+__attribute__((pure)) bool cpx_is_composite_key(const struct cpx *);
+void cpx_set_is_composite_key(struct cpx *, bool);
 __attribute__((pure)) bool cpx_use_offset_for_iv(const struct cpx *);
 void cpx_set_use_offset_for_iv(struct cpx *, bool);
 __attribute__((pure)) bool cpx_synthetic_offset_for_iv(const struct cpx *);
@@ -177,29 +180,11 @@ bool cpx_has_key(const struct cpx *cpx);
 size_t cpx_sizex(const struct cpx *cpx);
 void cpx_set_aes_iv_key(struct cpx *cpx, void *iv_key);
 
-/* Structure to store pointers for AKS functions */
-struct cp_wrap_func {
-	new_key_t       *new_key;
-	unwrapper_t     *unwrapper;
-	rewrapper_t     *rewrapper;
-	invalidater_t	*invalidater;
-	backup_key_t	*backup_key;
-};
-
 int cp_key_store_action(cp_key_store_action_t);
-int cp_register_wraps(cp_wrap_func_t);
-int cp_rewrap_key(cp_cred_t access, cp_key_class_t dp_class,
-				  const cp_wrapped_key_t wrapped_key_in,
-				  cp_wrapped_key_t wrapped_key_out);
-int cp_new_key(cp_cred_t access, cp_key_class_t dp_class, cp_raw_key_t key_out,
-			   cp_wrapped_key_t wrapped_key_out);
-int cp_unwrap_key(cp_cred_t access, const cp_wrapped_key_t wrapped_key_in,
-				  cp_raw_key_t key_out);
-int cp_get_backup_key(cp_cred_t access, const cp_wrapped_key_t wrapped_key_in,
-					  cp_wrapped_key_t wrapped_key_out);
+int cp_key_store_action_for_volume(uuid_t volume_uuid, cp_key_store_action_t action);
 cp_key_os_version_t cp_os_version(void);
 // Should be cp_key_class_t but HFS has a conflicting definition
-int cp_is_valid_class (int isdir, int32_t protectionclass);
+int cp_is_valid_class(int isdir, int32_t protectionclass);
 
 __END_DECLS