xnu-7195.101.1

Imported from https://opensource.apple.com/tarballs/xnu/xnu-7195.101.1.tar.gz
kkpan11 · May 17, 2021 · a1babec · a1babec
1 parent 8f02f2a
commit a1babec
Show file tree

Hide file tree

Showing 703 changed files with 35,695 additions and 20,944 deletions.
diff --git a/EXTERNAL_HEADERS/corecrypto/cckprng.h b/EXTERNAL_HEADERS/corecrypto/cckprng.h
@@ -310,7 +310,6 @@ struct cckprng_funcs {
   @param seed_nbytes Length of the seed in bytes
   @param seed Pointer to a high-entropy seed
   @param nonce_nbytes Length of the nonce in bytes
-  @param seed Pointer to a single-use nonce
 
   @discussion @p max_ngens should be set based on an upper bound of CPUs available on the device. The entropy buffer should be managed outside the PRNG and updated continuously (e.g. by an interrupt handler). The count of samples in the entropy buffer needn't be better than a rough estimate.
 */

diff --git a/EXTERNAL_HEADERS/coretrust/CTEvaluate.h b/EXTERNAL_HEADERS/coretrust/CTEvaluate.h
@@ -0,0 +1,215 @@
+//
+//  CoreTrust.h
+//  CoreTrust
+//
+//  Copyright © 2017-2020 Apple Inc. All rights reserved.
+//
+
+#ifndef _CORETRUST_EVALUATE_H_
+#define _CORETRUST_EVALUATE_H_
+
+#include <stdint.h>
+#include <stdbool.h>
+
+__BEGIN_DECLS
+
+typedef struct x509_octet_string {
+    const uint8_t *data;
+    size_t length;
+} CTAsn1Item;
+
+int CTParseCertificateSet(const uint8_t *der, const uint8_t *der_end,       // Input: binary representation of concatenated DER-encoded certs
+                          CTAsn1Item *certStorage, size_t certStorageLen,   // Output: An array of certStorageLen CTAsn1Items that will be populated with the
+                                                                            //    CTAsn1Item for each parsed cert (in the same order as input)
+                          size_t *numParsedCerts);                          // Output: number of successfully parsed certs
+
+int CTEvaluateSavageCerts(const uint8_t *certsData, size_t certsLen,
+                          const uint8_t *rootKeyData, size_t rootKeyLen,
+                          const uint8_t **leafKeyData, size_t *leafKeyLen,
+                          bool *isProdCert);
+
+int CTEvaluateSavageCertsWithUID(const uint8_t *certsData, size_t certsLen,
+                                 const uint8_t *rootKeyData, size_t rootKeyLen,
+                                 const uint8_t **leafKeyData, size_t *leafKeyLen, // Output: points to the leaf key data in the input certsData
+                                 uint8_t *UIDData, size_t UIDLen,                 // Output: a pre-allocated buffer of UIDLen
+                                 bool *isProdCert);
+
+int CTEvaluateYonkersCerts(const uint8_t *certsData, size_t certsLen,
+                           const uint8_t *rootKeyData, size_t rootKeyLen,
+                           const uint8_t **leafKeyData, size_t *leafKeyLen, // Output: points to the leaf key data in the input certsData
+                           uint8_t *UIDData, size_t UIDLen,                 // Output: a pre-allocated buffer of UIDLen
+                           bool *isProdCert);
+
+int CTEvaluateAcrt(const uint8_t *certsData, size_t certsLen,         // Input: binary representation of at most 3 concatenated certs
+                                                                      //         with leaf first (root may be omitted)
+                   const uint8_t **leafKeyData, size_t *leafKeyLen);  // Output: points to the leaf key data in the input certsData
+
+int CTEvaluateUcrt(const uint8_t *certsData, size_t certsLen,         // Input: binary representation of exactly 3 concatenated
+                                                                      //        DER-encoded certs, with leaf first
+                   const uint8_t **leafKeyData, size_t *leafKeyLen);  // Output: points to the leaf key data in the input certsData)
+
+int CTEvaluateUcrtTestRoot(const uint8_t *certsData, size_t certsLen,         // Input: binary representation of exactly 3 concatenated
+                                                                              //        DER-encoded certs, with leaf first
+                           const uint8_t *rootKeyData, size_t rootKeyLen,     // Input: Root public key, if not specified production root will be used
+                           const uint8_t **leafKeyData, size_t *leafKeyLen);  // Output: points to the leaf key data in the input certsData)
+
+int CTEvaluateBAASystem(const uint8_t *certsData, size_t certsLen,         // Input: binary representation of exactly 3 concatenated
+                                                                           //        DER-encoded certs, with leaf first
+                        const uint8_t **leafKeyData, size_t *leafKeyLen);  // Output: points to the leaf key data in the input certsData
+
+typedef struct baa_identity {
+    uint32_t chipId;
+    uint64_t ecid;
+    bool productionStatus;
+    bool securityMode;
+    uint8_t securityDomain;
+    CTAsn1Item img4;
+} CTBAAIdentity;
+
+int CTEvaluateBAASystemWithId(const uint8_t *certsData, size_t certsLen,        // Input: binary representation of exactly 3 concatenated
+                                                                                //        DER-encoded certs, with leaf first
+                              const uint8_t **leafKeyData, size_t *leafKeyLen,  // Output: points to the leaf key data in the input certsData
+                              CTBAAIdentity *identity);                         // Output from identity field in leaf certificate
+
+int CTEvaluateBAASystemTestRoot(const uint8_t *certsData, size_t certsLen,      // Input: binary representation of exactly 3 concatenated
+                                                                                //        DER-encoded certs, with leaf first
+                                const uint8_t *rootKeyData, size_t rootKeyLen,  // Input: Root public key, if not specified production root will be used
+                                const uint8_t **leafKeyData, size_t *leafKeyLen,// Output: points to the leaf key data in the input certsData
+                                CTBAAIdentity *identity);                       // Output from identity field in leaf certificate
+
+int CTEvaluateBAAUser(const uint8_t *certsData, size_t certsLen,        // Input: binary representation of exactly 3 concatenated
+                                                                        //        DER-encoded certs, with leaf first
+                      const uint8_t **leafKeyData, size_t *leafKeyLen,  // Output: points to the leaf key data in the input certsData
+                      CTBAAIdentity *identity);                         // Output from identity field in leaf certificate
+
+int CTEvaluateBAAUserTestRoot(const uint8_t *certsData, size_t certsLen,        // Input: binary representation of exactly 3 concatenated
+                                                                                //        DER-encoded certs, with leaf first
+                              const uint8_t *rootKeyData, size_t rootKeyLen,    // Input: Root public key, if not specified production root will be used
+                              const uint8_t **leafKeyData, size_t *leafKeyLen,  // Output: points to the leaf key data in the input certsData
+                              CTBAAIdentity *identity);                         // Output from identity field in leaf certificate
+
+int CTEvaluateSatori(const uint8_t *certsData, size_t certsLen,         // Input: binary (DER) representation of 3 concatenated certs
+                                                                        //        with leaf first
+                     bool allowTestRoot,                                // Input: whether to allow the Test Apple Roots
+                     const uint8_t **leafKeyData, size_t *leafKeyLen);  // Output: points to the leaf key data in the input certsData
+
+int CTEvaluatePragueSignatureCMS(const uint8_t *cmsData, size_t cmsLen,                 // Input: CMS signature blob
+                                 const uint8_t *detachedData, size_t detachedDataLen,   // Input: data signed by CMS blob
+                                 bool allowTestRoot,                                    // Input: permit use of test hierarchy
+                                 const uint8_t **leafKeyData, size_t *leafKeyLen);      // Output: points to leaf key data in input cmsData
+
+int CTEvaluateKDLSignatureCMS(const uint8_t *cmsData, size_t cmsLen,                    // Input: CMS signature blob
+                              const uint8_t *detachedData, size_t detachedDataLen,      // Input: data signed by CMS blob
+                              bool allowTestRoot,                                       // Input: permit use of test hierarchy
+                              const uint8_t **leafKeyData, size_t *leafKeyLen);         // Output: points to leaf key data in input cmsData
+
+typedef uint64_t CoreTrustPolicyFlags;
+enum {
+    CORETRUST_POLICY_BASIC =                0,
+    CORETRUST_POLICY_SAVAGE_DEV =           1 << 0,
+    CORETRUST_POLICY_SAVAGE_PROD =          1 << 1,
+    CORETRUST_POLICY_MFI_AUTHV3 =           1 << 2,
+    CORETRUST_POLICY_MAC_PLATFORM =         1 << 3,
+    CORETRUST_POLICY_MAC_DEVELOPER =        1 << 4,
+    CORETRUST_POLICY_DEVELOPER_ID =         1 << 5,
+    CORETRUST_POLICY_MAC_APP_STORE =        1 << 6,
+    CORETRUST_POLICY_IPHONE_DEVELOPER =     1 << 7,
+    CORETRUST_POLICY_IPHONE_APP_PROD =      1 << 8,
+    CORETRUST_POLICY_IPHONE_APP_DEV =       1 << 9,
+    CORETRUST_POLICY_IPHONE_VPN_PROD =      1 << 10,
+    CORETRUST_POLICY_IPHONE_VPN_DEV =       1 << 11,
+    CORETRUST_POLICY_TVOS_APP_PROD =        1 << 12,
+    CORETRUST_POLICY_TVOS_APP_DEV =         1 << 13,
+    CORETRUST_POLICY_TEST_FLIGHT_PROD =     1 << 14,
+    CORETRUST_POLICY_TEST_FLIGHT_DEV =      1 << 15,
+    CORETRUST_POLICY_IPHONE_DISTRIBUTION =  1 << 16,
+    CORETRUST_POLICY_MAC_SUBMISSION =       1 << 17,
+    CORETRUST_POLICY_YONKERS_DEV =          1 << 18,
+    CORETRUST_POLICY_YONKERS_PROD =         1 << 19,
+    CORETRUST_POLICY_MAC_PLATFORM_G2 =      1 << 20,
+    CORETRUST_POLICY_ACRT =                 1 << 21,
+    CORETRUST_POLICY_SATORI =               1 << 22,
+    CORETRUST_POLICY_BAA =                  1 << 23,
+    CORETRUST_POLICY_UCRT =                 1 << 24,
+    CORETRUST_POLICY_PRAGUE =               1 << 25,
+    CORETRUST_POLICY_KDL =                  1 << 26,
+    CORETRUST_POLICY_MFI_AUTHV2 =           1 << 27,
+    CORETRUST_POLICY_MFI_SW_AUTH_PROD =     1 << 28,
+    CORETRUST_POLICY_MFI_SW_AUTH_DEV =      1 << 29,
+    CORETRUST_POLICY_COMPONENT =            1 << 30,
+    CORETRUST_POLICY_IMG4 =                 1ULL << 31,
+    CORETRUST_POLICY_SERVER_AUTH =          1ULL << 32,
+    CORETRUST_POLICY_SERVER_AUTH_STRING =   1ULL << 33,
+};
+
+typedef uint32_t CoreTrustDigestType;
+enum {
+    CORETRUST_DIGEST_TYPE_SHA1 = 1,
+    CORETRUST_DIGEST_TYPE_SHA224 = 2,
+    CORETRUST_DIGEST_TYPE_SHA256 = 4,
+    CORETRUST_DIGEST_TYPE_SHA384 = 8,
+    CORETRUST_DIGEST_TYPE_SHA512 = 16
+};
+
+int CTEvaluateAMFICodeSignatureCMS(const uint8_t *cmsData, size_t cmsLen,                   // Input: CMS blob
+                                   const uint8_t *detachedData, size_t detachedDataLen,     // Input: data signed by CMS blob
+                                   bool allow_test_hierarchy,                               // Input: permit use of test hierarchy
+                                   const uint8_t **leafCert, size_t *leafCertLen,           // Output: signing certificate
+                                   CoreTrustPolicyFlags *policyFlags,                       // Output: policy met by signing certificate
+                                   CoreTrustDigestType *cmsDigestType,                      // Output: digest used to sign the CMS blob
+                                   CoreTrustDigestType *hashAgilityDigestType,              // Output: highest stregth digest type
+                                                                                            //          from hash agility attribute
+                                   const uint8_t **digestData, size_t *digestLen);          // Output: pointer to hash agility value
+                                                                                            //          in CMS blob (with digest type above)
+/* Returns non-zero if there's a standards-based problem with the CMS or certificates.
+ * Policy matching of the certificates is only reflected in the policyFlags output. Namely, if the only problem is that
+ * the certificates don't match a policy, the returned integer will be 0 (success) and the policyFlags will be 0 (no matching policies).
+ * Some notes about hash agility outputs:
+ *  - hashAgilityDigestType is only non-zero for HashAgilityV2
+ *  - If hashAgilityDigestType is non-zero, digestData/Len provides the digest value
+ *  - If hashAgilityDigestType is zero, digestData/Len provides the content of the HashAgilityV1 attribute (if present)
+ *  - If neither HashAgilityV1 nor HashAgilityV2 attributes are found, these outputs will all be NULL.
+ */
+
+int CTParseAccessoryCerts(const uint8_t *certsData, size_t certsLen,                    // Input: CMS or binary representation of DER-encoded certs
+                                  const uint8_t **leafCertData, size_t *leafCertLen,    // Output: points to leaf cert data in input certsData
+                                  const uint8_t **subCACertData, size_t *subCACertLen,  // Output: points to subCA cert data (1st of 2) in input certsData, if present. Is set to NULL if only one cert present in input.
+                                  CoreTrustPolicyFlags *flags);                         // Output: policy flags set by this leaf
+
+
+int CTEvaluateAccessoryCert(const uint8_t *leafCertData, size_t leafCertLen,            // Input: binary representation of DER-encoded leaf cert
+                            const uint8_t *subCACertData, size_t subCACertLen,          // Input: (optional) binary representation of DER-encoded subCA cert
+                            const uint8_t *anchorCertData, size_t anchorCertLen,        // Input: binary representation of DER-encoded anchor cert
+                            CoreTrustPolicyFlags policy,                                // Input: policy to use when evaluating chain
+                            const uint8_t **leafKeyData, size_t *leafKeyLen,            // Output: points to the leaf key data in the input leafCertData
+                            const uint8_t **extensionValueData, size_t *extensionValueLen); // Output: points to the extension value in the input leafCertData
+/* Which extension value is returned is based on which policy the cert was verified against:
+ *  - For MFI AuthV3, this is the value of the extension with OID 1.2.840.113635.100.6.36
+ *  - For SW Auth, this is the value of the extension with OID 1.2.840.113635.100.6.59.1 (GeneralCapabilities extension)
+ *  - For Component certs, this si the value of the extension with OID 1.2.840.113635.100.11.1 (Component Type)
+ *
+ * The following CoreTrustPolicyFlags are accepted:
+ *  - CORETRUST_POLICY_BASIC
+ *  - CORETRUST_POLICY_MFI_AUTHV2
+ *  - CORETRUST_POLICY_MFI_AUTHV3
+ *  - CORETRUST_POLICY_MFI_SW_AUTH_DEV
+ *  - CORETRUST_POLICY_MFI_SW_AUTH_PROD
+ *  - CORETRUST_POLICY_COMPONENT
+ */
+
+int CTEvaluateAppleSSL(const uint8_t *certsData, size_t certsLen,           // Input: binary representation of up to 3 concatenated
+                                                                            //        DER-encoded certificates, with leaf first
+                       const uint8_t *hostnameData, size_t hostnameLen,     // Input: The hostname of the TLS server being connected to
+                       uint64_t leafMarker,                                 // Input: The last decimal of the marker OID for this project
+                                                                            //        (e.g. 32 for 1.2.840.113635.100.6.27.32
+                       bool allowTestRoots);                                // Input: permit use of test hierarchy
+
+int CTEvaluateAppleSSLWithOptionalTemporalCheck(const uint8_t *certsData, size_t certsLen,
+                                                 const uint8_t *hostnameData, size_t hostnameLen,
+                                                 uint64_t leafMarker,
+                                                 bool allowTestRoots,
+                                                 bool checkTemporalValidity);
+
+__END_DECLS
+
+#endif /* _CORETRUST_EVALUATE_H_ */
diff --git a/EXTERNAL_HEADERS/stdint.h b/EXTERNAL_HEADERS/stdint.h
@@ -60,12 +60,51 @@ typedef uint64_t        uint_fast64_t;
 
 
 /* 7.18.1.5 Greatest-width integer types */
-typedef long long                intmax_t;
-typedef unsigned long long      uintmax_t;
+#ifdef __INTMAX_TYPE__
+typedef __INTMAX_TYPE__ intmax_t;
+#else
+#ifdef __LP64__
+typedef long int intmax_t;
+#else
+typedef long long int intmax_t;
+#endif /* __LP64__ */
+#endif /* __INTMAX_TYPE__ */
+#ifdef __UINTMAX_TYPE__
+typedef __UINTMAX_TYPE__ uintmax_t;
+#else
+#ifdef __LP64__
+typedef long unsigned int uintmax_t;
+#else
+typedef long long unsigned int uintmax_t;
+#endif /* __LP64__ */
+#endif /* __UINTMAX_TYPE__ */
+
+/* 7.18.4 Macros for integer constants */
+#define INT8_C(v)    (v)
+#define INT16_C(v)   (v)
+#define INT32_C(v)   (v)
+#define INT64_C(v)   (v ## LL)
+
+#define UINT8_C(v)   (v)
+#define UINT16_C(v)  (v)
+#define UINT32_C(v)  (v ## U)
+#define UINT64_C(v)  (v ## ULL)
+
+#ifdef __LP64__
+#define INTMAX_C(v)  (v ## L)
+#define UINTMAX_C(v) (v ## UL)
+#else
+#define INTMAX_C(v)  (v ## LL)
+#define UINTMAX_C(v) (v ## ULL)
+#endif
 
 /* 7.18.2 Limits of specified-width integer types:
  *   These #defines specify the minimum and maximum limits
  *   of each of the types declared above.
+ *
+ *   They must have "the same type as would an expression that is an
+ *   object of the corresponding type converted according to the integer
+ *   promotion".
  */
 
 
@@ -126,43 +165,33 @@ typedef unsigned long long      uintmax_t;
 /* 7.18.2.4 Limits of integer types capable of holding object pointers */
 
 #if __WORDSIZE == 64
-#define INTPTR_MIN	  INT64_MIN
-#define INTPTR_MAX	  INT64_MAX
+#define INTPTR_MAX        9223372036854775807L
 #else
-#define INTPTR_MIN        INT32_MIN
-#define INTPTR_MAX        INT32_MAX
+#define INTPTR_MAX        2147483647L
 #endif
+#define INTPTR_MIN        (-INTPTR_MAX-1)
 
 #if __WORDSIZE == 64
-#define UINTPTR_MAX	  UINT64_MAX
+#define UINTPTR_MAX       18446744073709551615UL
 #else
-#define UINTPTR_MAX       UINT32_MAX
+#define UINTPTR_MAX       4294967295UL
 #endif
 
 /* 7.18.2.5 Limits of greatest-width integer types */
-#define INTMAX_MIN        INT64_MIN
-#define INTMAX_MAX        INT64_MAX
-
-#define UINTMAX_MAX       UINT64_MAX
+#define INTMAX_MAX        INTMAX_C(9223372036854775807)
+#define UINTMAX_MAX       UINTMAX_C(18446744073709551615)
+#define INTMAX_MIN        (-INTMAX_MAX-1)
 
 /* 7.18.3 "Other" */
 #if __WORDSIZE == 64
-#define PTRDIFF_MIN	  INT64_MIN
-#define PTRDIFF_MAX	  INT64_MAX
+#define PTRDIFF_MIN	  INTMAX_MIN
+#define PTRDIFF_MAX	  INTMAX_MAX
 #else
 #define PTRDIFF_MIN       INT32_MIN
 #define PTRDIFF_MAX       INT32_MAX
 #endif
 
-/* We have no sig_atomic_t yet, so no SIG_ATOMIC_{MIN,MAX}.
-   Should end up being {-127,127} or {0,255} ... or bigger.
-   My bet would be on one of {U}INT32_{MIN,MAX}. */
-
-#if __WORDSIZE == 64
-#define SIZE_MAX	  UINT64_MAX
-#else
-#define SIZE_MAX          UINT32_MAX
-#endif
+#define SIZE_MAX          UINTPTR_MAX
 
 #if defined(__STDC_WANT_LIB_EXT1__) && __STDC_WANT_LIB_EXT1__ >= 1
 #define RSIZE_MAX         (SIZE_MAX >> 1)
@@ -194,20 +223,6 @@ typedef unsigned long long      uintmax_t;
 #define SIG_ATOMIC_MIN	  INT32_MIN
 #define SIG_ATOMIC_MAX	  INT32_MAX
 
-/* 7.18.4 Macros for integer constants */
-#define INT8_C(v)    (v)
-#define INT16_C(v)   (v)
-#define INT32_C(v)   (v)
-#define INT64_C(v)   (v ## LL)
-
-#define UINT8_C(v)   (v ## U)
-#define UINT16_C(v)  (v ## U)
-#define UINT32_C(v)  (v ## U)
-#define UINT64_C(v)  (v ## ULL)
-
-#define INTMAX_C(v)  (v ## LL)
-#define UINTMAX_C(v) (v ## ULL)
-
 #endif /* KERNEL */
 
 #endif /* _KERNEL_STDINT_H_ */