cs_blobs.h
1 /* 2 * Copyright (c) 2017 Apple Computer, Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 29 #ifndef _KERN_CODESIGN_H_ 30 #define _KERN_CODESIGN_H_ 31 32 #include <stdint.h> 33 34 /* code signing attributes of a process */ 35 #define CS_VALID 0x00000001 /* dynamically valid */ 36 #define CS_ADHOC 0x00000002 /* ad hoc signed */ 37 #define CS_GET_TASK_ALLOW 0x00000004 /* has get-task-allow entitlement */ 38 #define CS_INSTALLER 0x00000008 /* has installer entitlement */ 39 40 #define CS_FORCED_LV 0x00000010 /* Library Validation required by Hardened System Policy */ 41 #define CS_INVALID_ALLOWED 0x00000020 /* (macOS Only) Page invalidation allowed by task port policy */ 42 43 #define CS_HARD 0x00000100 /* don't load invalid pages */ 44 #define CS_KILL 0x00000200 /* kill process if it becomes invalid */ 45 #define CS_CHECK_EXPIRATION 0x00000400 /* force expiration checking */ 46 #define CS_RESTRICT 0x00000800 /* tell dyld to treat restricted */ 47 48 #define CS_ENFORCEMENT 0x00001000 /* require enforcement */ 49 #define CS_REQUIRE_LV 0x00002000 /* require library validation */ 50 #define CS_ENTITLEMENTS_VALIDATED 0x00004000 /* code signature permits restricted entitlements */ 51 #define CS_NVRAM_UNRESTRICTED 0x00008000 /* has com.apple.rootless.restricted-nvram-variables.heritable entitlement */ 52 53 #define CS_RUNTIME 0x00010000 /* Apply hardened runtime policies */ 54 #define CS_LINKER_SIGNED 0x00020000 /* Automatically signed by the linker */ 55 56 #define CS_ALLOWED_MACHO (CS_ADHOC | CS_HARD | CS_KILL | CS_CHECK_EXPIRATION | \ 57 CS_RESTRICT | CS_ENFORCEMENT | CS_REQUIRE_LV | CS_RUNTIME | CS_LINKER_SIGNED) 58 59 #define CS_EXEC_SET_HARD 0x00100000 /* set CS_HARD on any exec'ed process */ 60 #define CS_EXEC_SET_KILL 0x00200000 /* set CS_KILL on any exec'ed process */ 61 #define CS_EXEC_SET_ENFORCEMENT 0x00400000 /* set CS_ENFORCEMENT on any exec'ed process */ 62 #define CS_EXEC_INHERIT_SIP 0x00800000 /* set CS_INSTALLER on any exec'ed process */ 63 64 #define CS_KILLED 0x01000000 /* was killed by kernel for invalidity */ 65 #define CS_DYLD_PLATFORM 0x02000000 /* dyld used to load this is a platform binary */ 66 #define CS_PLATFORM_BINARY 0x04000000 /* this is a platform binary */ 67 #define CS_PLATFORM_PATH 0x08000000 /* platform binary by the fact of path (osx only) */ 68 69 #define CS_DEBUGGED 0x10000000 /* process is currently or has previously been debugged and allowed to run with invalid pages */ 70 #define CS_SIGNED 0x20000000 /* process has a signature (may have gone invalid) */ 71 #define CS_DEV_CODE 0x40000000 /* code is dev signed, cannot be loaded into prod signed code (will go away with rdar://problem/28322552) */ 72 #define CS_DATAVAULT_CONTROLLER 0x80000000 /* has Data Vault controller entitlement */ 73 74 #define CS_ENTITLEMENT_FLAGS (CS_GET_TASK_ALLOW | CS_INSTALLER | CS_DATAVAULT_CONTROLLER | CS_NVRAM_UNRESTRICTED) 75 76 /* executable segment flags */ 77 78 #define CS_EXECSEG_MAIN_BINARY 0x1 /* executable segment denotes main binary */ 79 #define CS_EXECSEG_ALLOW_UNSIGNED 0x10 /* allow unsigned pages (for debugging) */ 80 #define CS_EXECSEG_DEBUGGER 0x20 /* main binary is debugger */ 81 #define CS_EXECSEG_JIT 0x40 /* JIT enabled */ 82 #define CS_EXECSEG_SKIP_LV 0x80 /* OBSOLETE: skip library validation */ 83 #define CS_EXECSEG_CAN_LOAD_CDHASH 0x100 /* can bless cdhash for execution */ 84 #define CS_EXECSEG_CAN_EXEC_CDHASH 0x200 /* can execute blessed cdhash */ 85 86 /* 87 * Magic numbers used by Code Signing 88 */ 89 enum { 90 CSMAGIC_REQUIREMENT = 0xfade0c00, /* single Requirement blob */ 91 CSMAGIC_REQUIREMENTS = 0xfade0c01, /* Requirements vector (internal requirements) */ 92 CSMAGIC_CODEDIRECTORY = 0xfade0c02, /* CodeDirectory blob */ 93 CSMAGIC_EMBEDDED_SIGNATURE = 0xfade0cc0, /* embedded form of signature data */ 94 CSMAGIC_EMBEDDED_SIGNATURE_OLD = 0xfade0b02, /* XXX */ 95 CSMAGIC_EMBEDDED_ENTITLEMENTS = 0xfade7171, /* embedded entitlements */ 96 CSMAGIC_DETACHED_SIGNATURE = 0xfade0cc1, /* multi-arch collection of embedded signatures */ 97 CSMAGIC_BLOBWRAPPER = 0xfade0b01, /* CMS Signature, among other things */ 98 99 CS_SUPPORTSSCATTER = 0x20100, 100 CS_SUPPORTSTEAMID = 0x20200, 101 CS_SUPPORTSCODELIMIT64 = 0x20300, 102 CS_SUPPORTSEXECSEG = 0x20400, 103 CS_SUPPORTSRUNTIME = 0x20500, 104 CS_SUPPORTSLINKAGE = 0x20600, 105 106 CSSLOT_CODEDIRECTORY = 0, /* slot index for CodeDirectory */ 107 CSSLOT_INFOSLOT = 1, 108 CSSLOT_REQUIREMENTS = 2, 109 CSSLOT_RESOURCEDIR = 3, 110 CSSLOT_APPLICATION = 4, 111 CSSLOT_ENTITLEMENTS = 5, 112 113 CSSLOT_ALTERNATE_CODEDIRECTORIES = 0x1000, /* first alternate CodeDirectory, if any */ 114 CSSLOT_ALTERNATE_CODEDIRECTORY_MAX = 5, /* max number of alternate CD slots */ 115 CSSLOT_ALTERNATE_CODEDIRECTORY_LIMIT = CSSLOT_ALTERNATE_CODEDIRECTORIES + CSSLOT_ALTERNATE_CODEDIRECTORY_MAX, /* one past the last */ 116 117 CSSLOT_SIGNATURESLOT = 0x10000, /* CMS Signature */ 118 CSSLOT_IDENTIFICATIONSLOT = 0x10001, 119 CSSLOT_TICKETSLOT = 0x10002, 120 121 CSTYPE_INDEX_REQUIREMENTS = 0x00000002, /* compat with amfi */ 122 CSTYPE_INDEX_ENTITLEMENTS = 0x00000005, /* compat with amfi */ 123 124 CS_HASHTYPE_SHA1 = 1, 125 CS_HASHTYPE_SHA256 = 2, 126 CS_HASHTYPE_SHA256_TRUNCATED = 3, 127 CS_HASHTYPE_SHA384 = 4, 128 129 CS_SHA1_LEN = 20, 130 CS_SHA256_LEN = 32, 131 CS_SHA256_TRUNCATED_LEN = 20, 132 133 CS_CDHASH_LEN = 20, /* always - larger hashes are truncated */ 134 CS_HASH_MAX_SIZE = 48, /* max size of the hash we'll support */ 135 136 /* 137 * Currently only to support Legacy VPN plugins, and Mac App Store 138 * but intended to replace all the various platform code, dev code etc. bits. 139 */ 140 CS_SIGNER_TYPE_UNKNOWN = 0, 141 CS_SIGNER_TYPE_LEGACYVPN = 5, 142 CS_SIGNER_TYPE_MAC_APP_STORE = 6, 143 144 CS_SUPPL_SIGNER_TYPE_UNKNOWN = 0, 145 CS_SUPPL_SIGNER_TYPE_TRUSTCACHE = 7, 146 CS_SUPPL_SIGNER_TYPE_LOCAL = 8, 147 }; 148 149 #define KERNEL_HAVE_CS_CODEDIRECTORY 1 150 #define KERNEL_CS_CODEDIRECTORY_HAVE_PLATFORM 1 151 152 /* 153 * C form of a CodeDirectory. 154 */ 155 typedef struct __CodeDirectory { 156 uint32_t magic; /* magic number (CSMAGIC_CODEDIRECTORY) */ 157 uint32_t length; /* total length of CodeDirectory blob */ 158 uint32_t version; /* compatibility version */ 159 uint32_t flags; /* setup and mode flags */ 160 uint32_t hashOffset; /* offset of hash slot element at index zero */ 161 uint32_t identOffset; /* offset of identifier string */ 162 uint32_t nSpecialSlots; /* number of special hash slots */ 163 uint32_t nCodeSlots; /* number of ordinary (code) hash slots */ 164 uint32_t codeLimit; /* limit to main image signature range */ 165 uint8_t hashSize; /* size of each hash in bytes */ 166 uint8_t hashType; /* type of hash (cdHashType* constants) */ 167 uint8_t platform; /* platform identifier; zero if not platform binary */ 168 uint8_t pageSize; /* log2(page size in bytes); 0 => infinite */ 169 uint32_t spare2; /* unused (must be zero) */ 170 171 char end_earliest[0]; 172 173 /* Version 0x20100 */ 174 uint32_t scatterOffset; /* offset of optional scatter vector */ 175 char end_withScatter[0]; 176 177 /* Version 0x20200 */ 178 uint32_t teamOffset; /* offset of optional team identifier */ 179 char end_withTeam[0]; 180 181 /* Version 0x20300 */ 182 uint32_t spare3; /* unused (must be zero) */ 183 uint64_t codeLimit64; /* limit to main image signature range, 64 bits */ 184 char end_withCodeLimit64[0]; 185 186 /* Version 0x20400 */ 187 uint64_t execSegBase; /* offset of executable segment */ 188 uint64_t execSegLimit; /* limit of executable segment */ 189 uint64_t execSegFlags; /* executable segment flags */ 190 char end_withExecSeg[0]; 191 /* Version 0x20500 */ 192 uint32_t runtime; 193 uint32_t preEncryptOffset; 194 char end_withPreEncryptOffset[0]; 195 196 /* Version 0x20600 */ 197 uint8_t linkageHashType; 198 uint8_t linkageTruncated; 199 uint16_t spare4; 200 uint32_t linkageOffset; 201 uint32_t linkageSize; 202 char end_withLinkage[0]; 203 204 205 /* followed by dynamic content as located by offset fields above */ 206 } CS_CodeDirectory 207 __attribute__ ((aligned(1))); 208 209 /* 210 * Structure of an embedded-signature SuperBlob 211 */ 212 213 typedef struct __BlobIndex { 214 uint32_t type; /* type of entry */ 215 uint32_t offset; /* offset of entry */ 216 } CS_BlobIndex 217 __attribute__ ((aligned(1))); 218 219 typedef struct __SC_SuperBlob { 220 uint32_t magic; /* magic number */ 221 uint32_t length; /* total length of SuperBlob */ 222 uint32_t count; /* number of index entries following */ 223 CS_BlobIndex index[]; /* (count) entries */ 224 /* followed by Blobs in no particular order as indicated by offsets in index */ 225 } CS_SuperBlob 226 __attribute__ ((aligned(1))); 227 228 #define KERNEL_HAVE_CS_GENERICBLOB 1 229 typedef struct __SC_GenericBlob { 230 uint32_t magic; /* magic number */ 231 uint32_t length; /* total length of blob */ 232 char data[]; 233 } CS_GenericBlob 234 __attribute__ ((aligned(1))); 235 236 typedef struct __SC_Scatter { 237 uint32_t count; // number of pages; zero for sentinel (only) 238 uint32_t base; // first page number 239 uint64_t targetOffset; // offset in target 240 uint64_t spare; // reserved 241 } SC_Scatter 242 __attribute__ ((aligned(1))); 243 244 245 #endif /* _KERN_CODESIGN_H */