1 /* 2 * Copyright (c) 2017 Apple Computer, Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 29 #ifndef _KERN_CODESIGN_H_ 30 #define _KERN_CODESIGN_H_ 31 32 #include <stdint.h> 33 34 /* code signing attributes of a process */ 35 #define CS_VALID 0x00000001 /* dynamically valid */ 36 #define CS_ADHOC 0x00000002 /* ad hoc signed */ 37 #define CS_GET_TASK_ALLOW 0x00000004 /* has get-task-allow entitlement */ 38 #define CS_INSTALLER 0x00000008 /* has installer entitlement */ 39 40 #define CS_FORCED_LV 0x00000010 /* Library Validation required by Hardened System Policy */ 41 #define CS_INVALID_ALLOWED 0x00000020 /* (macOS Only) Page invalidation allowed by task port policy */ 42 43 #define CS_HARD 0x00000100 /* don't load invalid pages */ 44 #define CS_KILL 0x00000200 /* kill process if it becomes invalid */ 45 #define CS_CHECK_EXPIRATION 0x00000400 /* force expiration checking */ 46 #define CS_RESTRICT 0x00000800 /* tell dyld to treat restricted */ 47 48 #define CS_ENFORCEMENT 0x00001000 /* require enforcement */ 49 #define CS_REQUIRE_LV 0x00002000 /* require library validation */ 50 #define CS_ENTITLEMENTS_VALIDATED 0x00004000 /* code signature permits restricted entitlements */ 51 #define CS_NVRAM_UNRESTRICTED 0x00008000 /* has com.apple.rootless.restricted-nvram-variables.heritable entitlement */ 52 53 #define CS_RUNTIME 0x00010000 /* Apply hardened runtime policies */ 54 #define CS_LINKER_SIGNED 0x00020000 /* Automatically signed by the linker */ 55 56 #define CS_ALLOWED_MACHO (CS_ADHOC | CS_HARD | CS_KILL | CS_CHECK_EXPIRATION | \ 57 CS_RESTRICT | CS_ENFORCEMENT | CS_REQUIRE_LV | CS_RUNTIME | CS_LINKER_SIGNED) 58 59 #define CS_EXEC_SET_HARD 0x00100000 /* set CS_HARD on any exec'ed process */ 60 #define CS_EXEC_SET_KILL 0x00200000 /* set CS_KILL on any exec'ed process */ 61 #define CS_EXEC_SET_ENFORCEMENT 0x00400000 /* set CS_ENFORCEMENT on any exec'ed process */ 62 #define CS_EXEC_INHERIT_SIP 0x00800000 /* set CS_INSTALLER on any exec'ed process */ 63 64 #define CS_KILLED 0x01000000 /* was killed by kernel for invalidity */ 65 #define CS_NO_UNTRUSTED_HELPERS 0x02000000 /* kernel did not load a non-platform-binary dyld or Rosetta runtime */ 66 #define CS_DYLD_PLATFORM CS_NO_UNTRUSTED_HELPERS /* old name */ 67 #define CS_PLATFORM_BINARY 0x04000000 /* this is a platform binary */ 68 #define CS_PLATFORM_PATH 0x08000000 /* platform binary by the fact of path (osx only) */ 69 70 #define CS_DEBUGGED 0x10000000 /* process is currently or has previously been debugged and allowed to run with invalid pages */ 71 #define CS_SIGNED 0x20000000 /* process has a signature (may have gone invalid) */ 72 #define CS_DEV_CODE 0x40000000 /* code is dev signed, cannot be loaded into prod signed code (will go away with rdar://problem/28322552) */ 73 #define CS_DATAVAULT_CONTROLLER 0x80000000 /* has Data Vault controller entitlement */ 74 75 #define CS_ENTITLEMENT_FLAGS (CS_GET_TASK_ALLOW | CS_INSTALLER | CS_DATAVAULT_CONTROLLER | CS_NVRAM_UNRESTRICTED) 76 77 /* executable segment flags */ 78 79 #define CS_EXECSEG_MAIN_BINARY 0x1 /* executable segment denotes main binary */ 80 #define CS_EXECSEG_ALLOW_UNSIGNED 0x10 /* allow unsigned pages (for debugging) */ 81 #define CS_EXECSEG_DEBUGGER 0x20 /* main binary is debugger */ 82 #define CS_EXECSEG_JIT 0x40 /* JIT enabled */ 83 #define CS_EXECSEG_SKIP_LV 0x80 /* OBSOLETE: skip library validation */ 84 #define CS_EXECSEG_CAN_LOAD_CDHASH 0x100 /* can bless cdhash for execution */ 85 #define CS_EXECSEG_CAN_EXEC_CDHASH 0x200 /* can execute blessed cdhash */ 86 87 /* 88 * Magic numbers used by Code Signing 89 */ 90 enum { 91 CSMAGIC_REQUIREMENT = 0xfade0c00, /* single Requirement blob */ 92 CSMAGIC_REQUIREMENTS = 0xfade0c01, /* Requirements vector (internal requirements) */ 93 CSMAGIC_CODEDIRECTORY = 0xfade0c02, /* CodeDirectory blob */ 94 CSMAGIC_EMBEDDED_SIGNATURE = 0xfade0cc0, /* embedded form of signature data */ 95 CSMAGIC_EMBEDDED_SIGNATURE_OLD = 0xfade0b02, /* XXX */ 96 CSMAGIC_EMBEDDED_ENTITLEMENTS = 0xfade7171, /* embedded entitlements */ 97 CSMAGIC_EMBEDDED_DER_ENTITLEMENTS = 0xfade7172, /* embedded DER encoded entitlements */ 98 CSMAGIC_DETACHED_SIGNATURE = 0xfade0cc1, /* multi-arch collection of embedded signatures */ 99 CSMAGIC_BLOBWRAPPER = 0xfade0b01, /* CMS Signature, among other things */ 100 101 CS_SUPPORTSSCATTER = 0x20100, 102 CS_SUPPORTSTEAMID = 0x20200, 103 CS_SUPPORTSCODELIMIT64 = 0x20300, 104 CS_SUPPORTSEXECSEG = 0x20400, 105 CS_SUPPORTSRUNTIME = 0x20500, 106 CS_SUPPORTSLINKAGE = 0x20600, 107 108 CSSLOT_CODEDIRECTORY = 0, /* slot index for CodeDirectory */ 109 CSSLOT_INFOSLOT = 1, 110 CSSLOT_REQUIREMENTS = 2, 111 CSSLOT_RESOURCEDIR = 3, 112 CSSLOT_APPLICATION = 4, 113 CSSLOT_ENTITLEMENTS = 5, 114 CSSLOT_DER_ENTITLEMENTS = 7, 115 116 CSSLOT_ALTERNATE_CODEDIRECTORIES = 0x1000, /* first alternate CodeDirectory, if any */ 117 CSSLOT_ALTERNATE_CODEDIRECTORY_MAX = 5, /* max number of alternate CD slots */ 118 CSSLOT_ALTERNATE_CODEDIRECTORY_LIMIT = CSSLOT_ALTERNATE_CODEDIRECTORIES + CSSLOT_ALTERNATE_CODEDIRECTORY_MAX, /* one past the last */ 119 120 CSSLOT_SIGNATURESLOT = 0x10000, /* CMS Signature */ 121 CSSLOT_IDENTIFICATIONSLOT = 0x10001, 122 CSSLOT_TICKETSLOT = 0x10002, 123 124 CSTYPE_INDEX_REQUIREMENTS = 0x00000002, /* compat with amfi */ 125 CSTYPE_INDEX_ENTITLEMENTS = 0x00000005, /* compat with amfi */ 126 127 CS_HASHTYPE_SHA1 = 1, 128 CS_HASHTYPE_SHA256 = 2, 129 CS_HASHTYPE_SHA256_TRUNCATED = 3, 130 CS_HASHTYPE_SHA384 = 4, 131 132 CS_SHA1_LEN = 20, 133 CS_SHA256_LEN = 32, 134 CS_SHA256_TRUNCATED_LEN = 20, 135 136 CS_CDHASH_LEN = 20, /* always - larger hashes are truncated */ 137 CS_HASH_MAX_SIZE = 48, /* max size of the hash we'll support */ 138 139 /* 140 * Currently only to support Legacy VPN plugins, and Mac App Store 141 * but intended to replace all the various platform code, dev code etc. bits. 142 */ 143 CS_SIGNER_TYPE_UNKNOWN = 0, 144 CS_SIGNER_TYPE_LEGACYVPN = 5, 145 CS_SIGNER_TYPE_MAC_APP_STORE = 6, 146 147 CS_SUPPL_SIGNER_TYPE_UNKNOWN = 0, 148 CS_SUPPL_SIGNER_TYPE_TRUSTCACHE = 7, 149 CS_SUPPL_SIGNER_TYPE_LOCAL = 8, 150 }; 151 152 #define KERNEL_HAVE_CS_CODEDIRECTORY 1 153 #define KERNEL_CS_CODEDIRECTORY_HAVE_PLATFORM 1 154 155 /* 156 * C form of a CodeDirectory. 157 */ 158 typedef struct __CodeDirectory { 159 uint32_t magic; /* magic number (CSMAGIC_CODEDIRECTORY) */ 160 uint32_t length; /* total length of CodeDirectory blob */ 161 uint32_t version; /* compatibility version */ 162 uint32_t flags; /* setup and mode flags */ 163 uint32_t hashOffset; /* offset of hash slot element at index zero */ 164 uint32_t identOffset; /* offset of identifier string */ 165 uint32_t nSpecialSlots; /* number of special hash slots */ 166 uint32_t nCodeSlots; /* number of ordinary (code) hash slots */ 167 uint32_t codeLimit; /* limit to main image signature range */ 168 uint8_t hashSize; /* size of each hash in bytes */ 169 uint8_t hashType; /* type of hash (cdHashType* constants) */ 170 uint8_t platform; /* platform identifier; zero if not platform binary */ 171 uint8_t pageSize; /* log2(page size in bytes); 0 => infinite */ 172 uint32_t spare2; /* unused (must be zero) */ 173 174 char end_earliest[0]; 175 176 /* Version 0x20100 */ 177 uint32_t scatterOffset; /* offset of optional scatter vector */ 178 char end_withScatter[0]; 179 180 /* Version 0x20200 */ 181 uint32_t teamOffset; /* offset of optional team identifier */ 182 char end_withTeam[0]; 183 184 /* Version 0x20300 */ 185 uint32_t spare3; /* unused (must be zero) */ 186 uint64_t codeLimit64; /* limit to main image signature range, 64 bits */ 187 char end_withCodeLimit64[0]; 188 189 /* Version 0x20400 */ 190 uint64_t execSegBase; /* offset of executable segment */ 191 uint64_t execSegLimit; /* limit of executable segment */ 192 uint64_t execSegFlags; /* executable segment flags */ 193 char end_withExecSeg[0]; 194 /* Version 0x20500 */ 195 uint32_t runtime; 196 uint32_t preEncryptOffset; 197 char end_withPreEncryptOffset[0]; 198 199 /* Version 0x20600 */ 200 uint8_t linkageHashType; 201 uint8_t linkageTruncated; 202 uint16_t spare4; 203 uint32_t linkageOffset; 204 uint32_t linkageSize; 205 char end_withLinkage[0]; 206 207 208 /* followed by dynamic content as located by offset fields above */ 209 } CS_CodeDirectory 210 __attribute__ ((aligned(1))); 211 212 /* 213 * Structure of an embedded-signature SuperBlob 214 */ 215 216 typedef struct __BlobIndex { 217 uint32_t type; /* type of entry */ 218 uint32_t offset; /* offset of entry */ 219 } CS_BlobIndex 220 __attribute__ ((aligned(1))); 221 222 typedef struct __SC_SuperBlob { 223 uint32_t magic; /* magic number */ 224 uint32_t length; /* total length of SuperBlob */ 225 uint32_t count; /* number of index entries following */ 226 CS_BlobIndex index[]; /* (count) entries */ 227 /* followed by Blobs in no particular order as indicated by offsets in index */ 228 } CS_SuperBlob 229 __attribute__ ((aligned(1))); 230 231 #define KERNEL_HAVE_CS_GENERICBLOB 1 232 typedef struct __SC_GenericBlob { 233 uint32_t magic; /* magic number */ 234 uint32_t length; /* total length of blob */ 235 char data[]; 236 } CS_GenericBlob 237 __attribute__ ((aligned(1))); 238 239 typedef struct __SC_Scatter { 240 uint32_t count; // number of pages; zero for sentinel (only) 241 uint32_t base; // first page number 242 uint64_t targetOffset; // offset in target 243 uint64_t spare; // reserved 244 } SC_Scatter 245 __attribute__ ((aligned(1))); 246 247 248 #endif /* _KERN_CODESIGN_H */ 249