xref: /xnu-8020.140.41/osfmk/kern/trustcache.h (revision 27b03b360a988dfd3dfdf34262bb0042026747cc)

/*
 * Copyright (c) 2018 Apple Computer, Inc. All rights reserved.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. The rights granted to you under the License
 * may not be used to create, or enable the creation or redistribution of,
 * unlawful or unlicensed copies of an Apple operating system, or to
 * circumvent, violate, or enable the circumvention or violation of, any
 * terms of an Apple operating system software license agreement.
 *
 * Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
 */

#ifndef _KERN_TRUSTCACHE_H_
#define _KERN_TRUSTCACHE_H_

#include <stdint.h>

#include <kern/cs_blobs.h>

#include <uuid/uuid.h>

#ifdef PLATFORM_BridgeOS
/* Version 0 trust caches: No defined sorting order (thus only suitable for small trust caches).
 * Used for loadable trust caches only, until phasing out support. */
typedef uint8_t trust_cache_hash0[CS_CDHASH_LEN];
struct trust_cache_module0 {
	uint32_t version;
	uuid_t uuid;
	uint32_t num_hashes;
	trust_cache_hash0 hashes[];
} __attribute__((__packed__));
#endif


/* Version 1 trust caches: Always sorted by cdhash, added hash type and flags field.
 * Suitable for all trust caches. */

struct trust_cache_entry1 {
	uint8_t cdhash[CS_CDHASH_LEN];
	uint8_t hash_type;
	uint8_t flags;
} __attribute__((__packed__));

struct trust_cache_module1 {
	uint32_t version;
	uuid_t uuid;
	uint32_t num_entries;
	struct trust_cache_entry1 entries[];
} __attribute__((__packed__));

// Trust Cache Entry Flags
#define CS_TRUST_CACHE_AMFID    0x1                     // valid cdhash for amfid

/* Trust Cache lookup functions return their result as a 32bit value
 * comprised of subfields, for straightforward passing through layers.
 *
 * Format:
 *
 * 0xXXCCBBAA
 *
 * AA:  0-7: lookup result
 *  bit  0: TC_LOOKUP_FOUND: set if any entry found
 *  bit  1: (obsolete) TC_LOOKUP_FALLBACK: set if found in legacy static trust cache
 *  bit  2-7: reserved
 * BB:  8-15: entry flags pass-through, see "Trust Cache Entry Flags" above
 * CC: 16-23: code directory hash type of entry, see CS_HASHTYPE_* in cs_blobs.h
 * XX: 24-31: reserved
 */

#define TC_LOOKUP_HASH_TYPE_SHIFT               16
#define TC_LOOKUP_HASH_TYPE_MASK                0xff0000L;
#define TC_LOOKUP_FLAGS_SHIFT                   8
#define TC_LOOKUP_FLAGS_MASK                    0xff00L
#define TC_LOOKUP_RESULT_SHIFT                  0
#define TC_LOOKUP_RESULT_MASK                   0xffL

#define TC_LOOKUP_FOUND         1

#ifdef XNU_KERNEL_PRIVATE

// Serialized Trust Caches

/* This is how iBoot delivers them to us. */
struct serialized_trust_caches {
	uint32_t num_caches;
	uint32_t offsets[0];
} __attribute__((__packed__));


void trust_cache_init(void);

uint32_t lookup_in_static_trust_cache(const uint8_t cdhash[CS_CDHASH_LEN]);

bool lookup_in_trust_cache_module(struct trust_cache_module1 const * const module,
    uint8_t const cdhash[CS_CDHASH_LEN],
    uint8_t       * const hash_type,
    uint8_t       * const flags);

#endif

#endif /* _KERN_TRUSTCACHE_H */