1 /* 2 * Copyright (c) 2009-2014 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 29 #ifndef _SYS_CPROTECT_H_ 30 #define _SYS_CPROTECT_H_ 31 32 #ifdef KERNEL_PRIVATE 33 34 #include <sys/cdefs.h> 35 #include <sys/param.h> 36 #include <sys/buf.h> 37 #include <sys/kdebug.h> 38 #include <crypto/aes.h> 39 #include <stdbool.h> 40 #include <uuid/uuid.h> 41 #include <libkern/crypto/sha1.h> 42 43 __BEGIN_DECLS 44 45 #define CP_CODE(code) FSDBG_CODE(DBG_CONTENT_PROT, code) 46 /* 47 * Class DBG_FSYSTEM == 0x03 48 * Subclass DBG_CONTENT_PROT == 0xCF 49 * These debug codes are of the form 0x03CFzzzz 50 */ 51 52 enum { 53 CPDBG_OFFSET_IO = CP_CODE(0), /* 0x03CF0000 */ 54 }; 55 56 /* normally the debug events are no-ops */ 57 #define CP_DEBUG(x, a, b, c, d, e) do {} while (0); 58 59 /* dev kernels only! */ 60 #if !SECURE_KERNEL 61 62 /* KDEBUG events used by content protection subsystem */ 63 #if 0 64 #undef CP_DEBUG 65 #define CP_DEBUG KERNEL_DEBUG_CONSTANT 66 #endif 67 68 #endif 69 70 #define CP_MAX_WRAPPEDKEYSIZE 128 /* The size of the largest allowed key */ 71 #define VFS_CP_MAX_CACHEBUFLEN 64 /* Maximum size of the cached key */ 72 73 /* lock events from AppleKeyStore */ 74 enum { 75 CP_ACTION_LOCKED = 0, 76 CP_ACTION_UNLOCKED = 1, 77 }; 78 /* 79 * Ideally, cp_key_store_action_t would be an enum, but we cannot fix 80 * that until AppleKeyStore is updated. 81 */ 82 typedef int cp_key_store_action_t; 83 84 /* 85 * It was once the case (and it may still be the case) where the lock 86 * state got conflated with the possible actions/events that 87 * AppleKeyStore can send. For that reason, the locked states below 88 * should numerically match their corresponding actions above. 89 */ 90 typedef unsigned char cp_lock_state_t; 91 enum { 92 CP_LOCKED_STATE = 0, 93 CP_UNLOCKED_STATE = 1, 94 }; 95 96 typedef uint32_t cp_key_class_t; 97 typedef uint32_t cp_key_os_version_t; 98 typedef uint16_t cp_key_revision_t; 99 typedef uint64_t cp_crypto_id_t; 100 101 typedef struct cprotect *cprotect_t; 102 typedef struct cpx *cpx_t; 103 104 #ifdef BSD_KERNEL_PRIVATE 105 /* Not for consumption outside of XNU */ 106 typedef uint32_t cpx_flags_t; 107 /* 108 * This is a CPX structure with a fixed-length key buffer. We need this defined in a header 109 * so that we can use this structure to allocate the memory for the zone(s) properly. 110 */ 111 typedef struct fcpx { 112 #ifdef DEBUG 113 uint32_t cpx_magic1; 114 #endif // DEBUG 115 aes_encrypt_ctx *cpx_iv_aes_ctx_ptr;// Context used for generating the IV 116 cpx_flags_t cpx_flags; 117 uint16_t cpx_max_key_len; 118 uint16_t cpx_key_len; 119 uint8_t cpx_cached_key[VFS_CP_MAX_CACHEBUFLEN]; 120 //Fixed length all the way through 121 } fcpx_t; 122 123 #endif // BSD_KERNEL_PRIVATE 124 125 typedef struct cp_key { 126 uint8_t len; 127 void *key; 128 } cp_key_t; 129 130 /* Interface to AKS kext */ 131 typedef struct { 132 void *key; 133 unsigned key_len; 134 void *iv_key; 135 unsigned iv_key_len; 136 uint32_t flags; 137 } cp_raw_key_s; 138 139 typedef cp_raw_key_s* cp_raw_key_t; 140 141 typedef struct { 142 void *key; 143 unsigned key_len; 144 cp_key_class_t dp_class; 145 } cp_wrapped_key_s; 146 147 typedef cp_wrapped_key_s* cp_wrapped_key_t; 148 149 typedef struct { 150 union { 151 ino64_t inode; 152 cp_crypto_id_t crypto_id; 153 }; 154 uint32_t volume; 155 pid_t pid; 156 uid_t uid; 157 cp_key_revision_t key_revision; 158 } cp_cred_s; 159 160 typedef cp_cred_s* cp_cred_t; 161 162 /* The wrappers are invoked on the AKS kext */ 163 typedef int unwrapper_t(cp_cred_t access, const cp_wrapped_key_t wrapped_key_in, cp_raw_key_t key_out); 164 typedef int rewrapper_t(cp_cred_t access, cp_key_class_t dp_class, const cp_wrapped_key_t wrapped_key_in, cp_wrapped_key_t wrapped_key_out); 165 typedef int new_key_t(cp_cred_t access, cp_key_class_t dp_class, cp_raw_key_t key_out, cp_wrapped_key_t wrapped_key_out); 166 typedef int invalidater_t(cp_cred_t access); /* invalidates keys */ 167 typedef int backup_key_t(cp_cred_t access, const cp_wrapped_key_t wrapped_key_in, cp_wrapped_key_t wrapped_key_out); 168 169 /* 170 * Flags for Interaction between AKS / Kernel 171 * These are twiddled via the input/output structs in the above 172 * wrapper/unwrapper functions. 173 */ 174 #define CP_RAW_KEY_WRAPPEDKEY 0x00000001 175 176 /* 177 * Function prototypes for kexts to interface with our internal cprotect 178 * fields; cpx provides opacity and allows us to modify behavior internally 179 * without requiring kext changes. 180 */ 181 cpx_t cpx_alloc(size_t key_size, bool needs_ctx); 182 int cpx_alloc_ctx(cpx_t cpx); 183 void cpx_free_ctx(cpx_t cpx); 184 void cpx_init(cpx_t, size_t key_len); 185 void cpx_init_ctx_ptr(cpx_t cpx); 186 void cpx_free(cpx_t); 187 void cpx_writeprotect(cpx_t cpx); 188 __attribute__((const)) size_t cpx_size(size_t key_len); 189 __attribute__((pure)) bool cpx_is_sep_wrapped_key(const struct cpx *); 190 void cpx_set_is_sep_wrapped_key(struct cpx *, bool); 191 __attribute__((pure)) bool cpx_is_composite_key(const struct cpx *); 192 void cpx_set_is_composite_key(struct cpx *, bool); 193 __attribute__((pure)) bool cpx_use_offset_for_iv(const struct cpx *); 194 void cpx_set_use_offset_for_iv(struct cpx *, bool); 195 __attribute__((pure)) bool cpx_synthetic_offset_for_iv(const struct cpx *); 196 void cpx_set_synthetic_offset_for_iv(struct cpx *, bool); 197 __attribute__((pure)) uint16_t cpx_key_len(const struct cpx *); 198 void cpx_set_key_len(struct cpx *, uint16_t key_len); 199 __attribute__((pure)) void *cpx_key(const struct cpx *); 200 aes_encrypt_ctx *cpx_iv_aes_ctx(struct cpx *); 201 void cpx_flush(cpx_t cpx); 202 bool cpx_can_copy(const struct cpx *src, const struct cpx *dst); 203 void cpx_copy(const struct cpx *src, cpx_t dst); 204 uint16_t cpx_max_key_len(const struct cpx *cpx); 205 bool cpx_has_key(const struct cpx *cpx); 206 size_t cpx_sizex(const struct cpx *cpx); 207 void cpx_set_aes_iv_key(struct cpx *cpx, void *iv_key); 208 209 int cp_key_store_action(cp_key_store_action_t); 210 int cp_key_store_action_for_volume(uuid_t volume_uuid, cp_key_store_action_t action); 211 cp_key_os_version_t cp_os_version(void); 212 // Should be cp_key_class_t but HFS has a conflicting definition 213 int cp_is_valid_class(int isdir, int32_t protectionclass); 214 215 __END_DECLS 216 217 #endif /* KERNEL_PRIVATE */ 218 #endif /* !_SYS_CPROTECT_H_ */ 219