kernel-include/sys/cprotect.h at vchroot

overby.me / darling-nix
fork
this repo has no description
fork
darling-nix / kernel-include / sys / cprotect.h
at vchroot 206 lines 7.0 kB view raw
wrap content
Lubos Dolezel Initial commit, some libc modules building 11y ago
1fc33bec
  1/*
  2 * Copyright (c) 2009 Apple Inc. All rights reserved.
  3 *
  4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  5 * 
  6 * This file contains Original Code and/or Modifications of Original Code
  7 * as defined in and that are subject to the Apple Public Source License
  8 * Version 2.0 (the 'License'). You may not use this file except in
  9 * compliance with the License. The rights granted to you under the License
 10 * may not be used to create, or enable the creation or redistribution of,
 11 * unlawful or unlicensed copies of an Apple operating system, or to
 12 * circumvent, violate, or enable the circumvention or violation of, any
 13 * terms of an Apple operating system software license agreement.
 14 * 
 15 * Please obtain a copy of the License at
 16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
 17 * 
 18 * The Original Code and all software distributed under the License are
 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 23 * Please see the License for the specific language governing rights and
 24 * limitations under the License.
 25 * 
 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
 27 */
 28
 29#ifndef _SYS_CPROTECT_H_
 30#define	_SYS_CPROTECT_H_
 31
 32#ifdef __cplusplus
 33extern "C" {
 34#endif
 35
 36#if KERNEL_PRIVATE
 37
 38#include <sys/cdefs.h>
 39#include <sys/content_protection.h>
 40#include <sys/kernel_types.h>
 41#include <crypto/aes.h>
 42
 43#define CP_IV_KEYSIZE 20			/* 16x8 = 128, but SHA1 pushes 20 bytes so keep space for that */
 44#define CP_MAX_KEYSIZE 32		/* 8x4 = 32, 32x8 = 256 */
 45#define CP_MAX_WRAPPEDKEYSIZE  128	/* The size of the largest allowed key */
 46#define CP_INITIAL_WRAPPEDKEYSIZE 40
 47#define CP_V2_WRAPPEDKEYSIZE 40		/* Size of the wrapped key in a v2 EA */
 48
 49/* lock events from AppleKeyStore */
 50#define CP_LOCKED_STATE 0		/* Device is locked */
 51#define CP_UNLOCKED_STATE 1		/* Device is unlocked */
 52
 53#define CP_LOCKED_KEYCHAIN 0	
 54#define CP_UNLOCKED_KEYCHAIN 1
 55
 56/* For struct cprotect: cp_flags */
 57#define CP_NEEDS_KEYS		0x1		/* File needs persistent keys */
 58#define CP_KEY_FLUSHED		0x2		/* File's unwrapped key has been purged from memory */
 59#define CP_NO_XATTR			0x4		/* Key info has not been saved as EA to the FS */
 60#define CP_OFF_IV_ENABLED  	0x8		/* Only go down relative IV route if this flag is set */
 61
 62#define CP_RELOCATION_INFLIGHT 0x10	/* File with offset IVs is in the process of being relocated. */
 63
 64/* Content Protection VNOP Operation flags */
 65#define CP_READ_ACCESS 	0x1
 66#define CP_WRITE_ACCESS 0x2
 67
 68/* 
 69 * Check for this version when deciding to enable features
 70 * For Apex, CP_CURRENT_MAJOR_VERS = 2.0
 71 * For Telluride, CP_CURRENT_MAJOR_VERS = 4.0
 72 */
 73#define CONTENT_PROTECTION_XATTR_NAME	"com.apple.system.cprotect"
 74#define CP_NEW_MAJOR_VERS 4
 75#define CP_PREV_MAJOR_VERS 2
 76#define CP_MINOR_VERS 0
 77
 78typedef struct cprotect *cprotect_t;
 79typedef struct cp_wrap_func *cp_wrap_func_t;
 80typedef struct cp_global_state *cp_global_state_t;
 81typedef struct cp_xattr *cp_xattr_t;
 82
 83typedef struct cnode * cnode_ptr_t;
 84//forward declare the struct.
 85struct hfsmount;
 86
 87/* The wrappers are invoked by the AKS kext */
 88typedef int wrapper_t(uint32_t properties, uint64_t file_id, void *key_bytes, size_t key_length, void *wrapped_data, size_t *wrapped_length);
 89typedef	int unwrapper_t(uint32_t properties, void *wrapped_data, size_t wrapped_data_length, void *key_bytes, size_t *key_length);
 90
 91/* 
 92 * Runtime-only structure containing the content protection status 
 93 * for the given file.  This is contained within the cnode 
 94 * This is passed down to IOStorageFamily via the bufattr struct
 95 *
 96 ******************************************************
 97 * Some Key calculation information for offset based IV
 98 ******************************************************
 99 * Kf  = original 256 bit per file key
100 * Kiv = SHA1(Kf), use full Kf, but truncate Kiv to 128 bits
101 * Kiv can be cached in the cprotect, so it only has to be calculated once for the file init
102 *
103 * IVb = Encrypt(Kiv, offset)
104 *
105 */
106struct cprotect {
107	uint32_t	cp_flags;
108	uint32_t	cp_pclass;
109	aes_encrypt_ctx	cp_cache_iv_ctx;
110	uint32_t	cp_cache_key_len;
111	uint8_t		cp_cache_key[CP_MAX_KEYSIZE];
112	uint32_t	cp_persistent_key_len;
113	uint8_t		cp_persistent_key[];
114};
115
116struct cp_wrap_func {
117	wrapper_t	*wrapper;
118	unwrapper_t	*unwrapper;
119};
120
121struct cp_global_state {
122	uint8_t	wrap_functions_set;
123	uint8_t	lock_state;
124	u_int16_t reserved;
125};
126
127/*
128 * On-disk structure written as the per-file EA payload 
129 * All on-disk multi-byte fields for the CP XATTR must be stored
130 * little-endian on-disk.  This means they must be endian swapped to
131 * L.E on getxattr() and converted to LE on setxattr().	
132 */
133struct cp_xattr_v2 {
134	u_int16_t xattr_major_version;
135	u_int16_t xattr_minor_version;
136	u_int32_t flags;
137	u_int32_t persistent_class;
138	u_int32_t key_size;
139	uint8_t   persistent_key[CP_V2_WRAPPEDKEYSIZE];
140};
141
142struct cp_xattr_v4 {
143	u_int16_t xattr_major_version;
144	u_int16_t xattr_minor_version;
145	u_int32_t flags;
146	u_int32_t persistent_class;
147	u_int32_t key_size;
148	u_int32_t reserved1;
149	u_int32_t reserved2;
150	u_int32_t reserved3;
151	u_int32_t reserved4;
152	u_int32_t reserved5;
153	uint8_t   persistent_key[CP_MAX_WRAPPEDKEYSIZE];
154};
155
156/* Same is true for the root EA, all fields must be written little endian. */
157struct cp_root_xattr {
158	u_int16_t major_version;
159	u_int16_t minor_version;
160	u_int64_t flags;
161	u_int32_t reserved1;
162	u_int32_t reserved2;
163	u_int32_t reserved3;
164	u_int32_t reserved4;
165};
166
167
168/* 
169 * Functions to check the status of a CP and to query 
170 * the containing filesystem to see if it is supported.
171 */
172int cp_vnode_getclass(vnode_t, int *);
173int cp_vnode_setclass(vnode_t, uint32_t);
174int cp_vnode_transcode(vnode_t);
175
176int cp_key_store_action(int);
177int cp_register_wraps(cp_wrap_func_t);
178
179int cp_entry_init(cnode_ptr_t, struct mount *);
180int cp_entry_create_keys(struct cprotect **entry_ptr, struct cnode *dcp, struct hfsmount *hfsmp, 
181		uint32_t input_class, uint32_t fileid, mode_t cmode);
182int cp_entry_gentempkeys(struct cprotect **entry_ptr, struct hfsmount *hfsmp);
183void cp_entry_destroy(struct cprotect **entry_ptr);
184
185cnode_ptr_t cp_get_protected_cnode(vnode_t);
186int cp_handle_vnop(vnode_t, int, int);
187int cp_fs_protected (mount_t);
188int cp_getrootxattr (struct hfsmount *hfsmp, struct cp_root_xattr *outxattr);
189int cp_setrootxattr (struct hfsmount *hfsmp, struct cp_root_xattr *newxattr);
190int cp_setxattr(struct cnode *cp, struct cprotect *entry, struct hfsmount *hfsmp, uint32_t fileid, int options);
191int cp_update_mkb (struct cprotect *entry, uint32_t fileid);
192int cp_handle_relocate (cnode_ptr_t cp, struct hfsmount *hfsmp);
193int cp_handle_open(struct vnode *vp, int mode);
194int cp_get_root_major_vers (struct vnode *vp, uint32_t *level);
195
196#if 0
197int cp_isdevice_locked (void);
198#endif
199
200#endif	/* KERNEL_PRIVATE */
201
202#ifdef __cplusplus
203};
204#endif
205
206#endif /* !_SYS_CPROTECT_H_ */
Configure Feed

Configure Feed
