xref: /xnu-8020.121.3/libkern/libkern/coretrust/coretrust.h (revision fdd8201d7b966f0c3ea610489d29bd841d358941) 
1 /*
2  * Copyright (c) 2020 Apple Inc. All rights reserved.
3  *
4  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5  *
6  * This file contains Original Code and/or Modifications of Original Code
7  * as defined in and that are subject to the Apple Public Source License
8  * Version 2.0 (the 'License'). You may not use this file except in
9  * compliance with the License. The rights granted to you under the License
10  * may not be used to create, or enable the creation or redistribution of,
11  * unlawful or unlicensed copies of an Apple operating system, or to
12  * circumvent, violate, or enable the circumvention or violation of, any
13  * terms of an Apple operating system software license agreement.
14  *
15  * Please obtain a copy of the License at
16  * http://www.opensource.apple.com/apsl/ and read it before using this file.
17  *
18  * The Original Code and all software distributed under the License are
19  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23  * Please see the License for the specific language governing rights and
24  * limitations under the License.
25  *
26  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27  */
28 
29 #ifndef __CORETRUST_H
30 #define __CORETRUST_H
31 
32 #include <os/base.h>
33 #include <sys/cdefs.h>
34 #include <sys/types.h>
35 
36 #if XNU_KERNEL_PRIVATE
37 /*
38  * Only include this when building for XNU. CoreTrust will include its local copy
39  * of the header.
40  */
41 #include <coretrust/CTEvaluate.h>
42 #endif
43 
44 #define XNU_SUPPORTS_CORETRUST_AMFI 1
45 typedef int (*coretrust_CTEvaluateAMFICodeSignatureCMS_t)(
46 	const uint8_t *cms_data,
47 	size_t cms_data_length,
48 	const uint8_t *detached_data,
49 	size_t detached_data_length,
50 	bool allow_test_hierarchy,
51 	const uint8_t **leaf_certificate,
52 	size_t *leaf_certificate_length,
53 	CoreTrustPolicyFlags *policy_flags,
54 	CoreTrustDigestType *cms_digest_type,
55 	CoreTrustDigestType *hash_agility_digest_type,
56 	const uint8_t **digest_data,
57 	size_t *digest_length
58 	);
59 
60 #define XNU_SUPPORTS_CORETRUST_LOCAL_SIGNING 1
61 typedef int (*coretrust_CTEvaluateAMFICodeSignatureCMSPubKey_t)(
62 	const uint8_t *cms_data,
63 	size_t cms_data_length,
64 	const uint8_t *detached_data,
65 	size_t detached_data_length,
66 	const uint8_t *anchor_public_key,
67 	size_t anchor_public_key_length,
68 	CoreTrustDigestType *cms_digest_type,
69 	CoreTrustDigestType *hash_agility_digest_type,
70 	const uint8_t **digest_data,
71 	size_t *digest_length
72 	);
73 
74 #define XNU_SUPPORTS_CORETRUST_PROVISIONING_PROFILE 1
75 typedef int (*coretrust_CTEvaluateProvisioningProfile_t)(
76 	const uint8_t *provisioning_profile_data,
77 	size_t provisioning_profile_length,
78 	bool allow_test_roots,
79 	const uint8_t **profile_content,
80 	size_t *profile_content_length
81 	);
82 
83 typedef struct _coretrust {
84 	coretrust_CTEvaluateAMFICodeSignatureCMS_t CTEvaluateAMFICodeSignatureCMS;
85 	coretrust_CTEvaluateAMFICodeSignatureCMSPubKey_t CTEvaluateAMFICodeSignatureCMSPubKey;
86 	coretrust_CTEvaluateProvisioningProfile_t CTEvaluateProvisioningProfile;
87 } coretrust_t;
88 
89 __BEGIN_DECLS
90 
91 /*!
92  * @const coretrust_appstore_policy
93  * The CoreTrust policy flags which collectively map an applications
94  * signature to the App Store certificate chain.
95  */
96 static const CoreTrustPolicyFlags coretrust_appstore_policy =
97     CORETRUST_POLICY_IPHONE_APP_PROD  | CORETRUST_POLICY_IPHONE_APP_DEV |
98     CORETRUST_POLICY_TVOS_APP_PROD    | CORETRUST_POLICY_TVOS_APP_DEV   |
99     CORETRUST_POLICY_TEST_FLIGHT_PROD | CORETRUST_POLICY_TEST_FLIGHT_DEV;
100 
101 /*!
102  * @const coretrust_profile_validated_policy
103  * The CoreTrust policy flags which collectively map an applications
104  * signature to the profile validated certificate chain.
105  */
106 static const CoreTrustPolicyFlags coretrust_profile_validated_policy =
107     CORETRUST_POLICY_IPHONE_DEVELOPER | CORETRUST_POLICY_IPHONE_DISTRIBUTION;
108 
109 /*!
110  * @const coretrust_local_signing_policy
111  * The CoreTrust policy which maps an application's signature to the locally
112  * signed key.
113  */
114 static const CoreTrustPolicyFlags coretrust_local_signing_policy =
115     CORETRUST_POLICY_BASIC;
116 
117 /*!
118  * @const coretrust_provisioning_profile_policy
119  * The CoreTrust policy which maps a profile's signature to the provisioning
120  * profile WWDR certificate chain.
121  */
122 static const CoreTrustPolicyFlags coretrust_provisioning_profile_policy =
123     CORETRUST_POLICY_PROVISIONING_PROFILE;
124 
125 /*!
126  * @const coretrust
127  * The CoreTrust interface that was registered.
128  */
129 extern const coretrust_t *coretrust;
130 
131 /*!
132  * @function coretrust_interface_register
133  * Registers the CoreTrust kext interface for use within the kernel proper.
134  *
135  * @param ct
136  * The interface to register.
137  *
138  * @discussion
139  * This routine may only be called once and must be called before late-const has
140  * been applied to kernel memory.
141  */
142 OS_EXPORT OS_NONNULL1
143 void
144 coretrust_interface_register(const coretrust_t *ct);
145 
146 __END_DECLS
147 
148 #endif // __CORETRUST_H
149