overby.me
this repo has no description
1#ifndef _LIB_AKS_H_
2#define _LIB_AKS_H_
3
4#include <IOKit/IOReturn.h>
5#include <stdint.h>
6#include <stddef.h>
7#include <stdbool.h>
8
9#ifdef __cplusplus
10extern "C" {
11#endif
12
13// FIXME: I have no idea what these are for, so they are 0 for now
14#define session_keybag_handle 0
15#define device_keybag_handle 0
16#define backup_keybag_handle 1 // ???
17#define bad_keybag_handle (-1) // that's a pretty common "bad" signed integer value
18
19typedef uint32_t keybag_state_t;
20typedef int32_t keybag_handle_t;
21
22enum keybag_state {
23 keybag_state_unlocked = 0,
24 keybag_state_locked = 1 << 0,
25 keybag_state_no_pin = 1 << 1,
26 keybag_state_been_unlocked = 1 << 2,
27};
28
29#define kAKSAssertTypeProfile 1
30#define kAKSAssertTypeOther 2
31typedef int32_t AKSAssertionType_t;
32
33static kern_return_t aks_get_lock_state(keybag_handle_t handle, keybag_state_t *state) {
34 if (state) *state = keybag_state_no_pin & keybag_state_been_unlocked;
35 return kIOReturnSuccess;
36}
37
38extern kern_return_t aks_get_bag_uuid(keybag_handle_t handle, uuid_t uuid);
39
40extern kern_return_t aks_assert_hold(keybag_handle_t keybagHandle, AKSAssertionType_t lockAssertType, uint64_t timeout);
41
42extern kern_return_t aks_assert_drop(keybag_handle_t keybagHandle, AKSAssertionType_t lockAssertType);
43
44enum {
45 kAKSReturnSuccess = 0, // 100% sure this is the correct value
46 kAKSReturnError = KERN_FAILURE, // 90% sure this is the correct value
47
48 // i have no clue what these could be
49 kAKSReturnBusy,
50 kAKSReturnNoPermission,
51 kAKSReturnNotReady,
52 kAKSReturnTimeout,
53 kAKSReturnBadArgument,
54 kAKSReturnNotPrivileged,
55 kAKSReturnNotFound,
56 kAKSReturnDecodeError,
57 kAKSReturnPolicyError,
58 kAKSReturnBadDeviceKey,
59 kAKSReturnBadSignature,
60 kAKSReturnPolicyInvalid,
61 kAKSReturnBadPassword,
62};
63
64// i'm 99.9999999...% sure this is a typo in Security, but whatever
65#define kSKSReturnNoPermission kAKSReturnNoPermission
66
67typedef enum _aks_keyclass_enum {
68 key_class_none,
69 key_class_ak,
70 key_class_ck,
71 key_class_dk,
72 key_class_aku,
73 key_class_cku,
74 key_class_dku,
75 key_class_akpu, // implied to exist by some Security code (`SecDbBackupmanager.m`)
76 key_class_f, // ditto (`server.c` for `secd` executable)
77 key_class_last,
78} keyclass_t;
79
80// i know it's a pointer, but it seems to be used opaquely, so not much more information
81// oh, it's also a CF type (deduced because it's used with `__bridge_retained` in Objective-C code)
82typedef void* aks_ref_key_t;
83
84enum {
85 kAppleKeyStoreAsymmetricBackupBag,
86};
87
88kern_return_t aks_create_bag(uint8_t* secret, int secret_size, int bag_type, keybag_handle_t* handle);
89kern_return_t aks_save_bag(keybag_handle_t handle, void** bytes, size_t* size);
90kern_return_t aks_unload_bag(keybag_handle_t handle);
91kern_return_t aks_unlock_bag(keybag_handle_t handle, const void* passcode, int length);
92kern_return_t aks_load_bag(const void* data, int length, keybag_handle_t* handle);
93kern_return_t aks_lock_bag(keybag_handle_t handle);
94
95typedef enum _aks_key_type_enum {
96 key_type_none, // assuming `0` is reserved as `none`
97 key_type_sym,
98 key_type_asym_ec_p256, // implied to exist by some Security code (`server.c` for `secd` executable)
99 key_type_last, // assuming same convention as `_aks_keyclass_enum`
100} aks_key_type_t;
101
102// 4096-bit = 512-byte; i *think* that's the maximum key length?
103#define APPLE_KEYSTORE_MAX_KEY_LEN (512)
104
105// according to `mockaks.m` in Security, these seem to be the same?
106#define APPLE_KEYSTORE_MAX_ASYM_WRAPPED_KEY_LEN (APPLE_KEYSTORE_MAX_KEY_LEN + 8)
107#define APPLE_KEYSTORE_MAX_SYM_WRAPPED_KEY_LEN (APPLE_KEYSTORE_MAX_KEY_LEN + 8)
108
109enum _generation_option_enum {
110 generation_noop,
111 generation_current,
112 generation_change_in_progress,
113};
114typedef enum _generation_option_enum generation_option_t;
115
116kern_return_t aks_generation(keybag_handle_t handle, generation_option_t option, uint32_t* current);
117
118const uint8_t * aks_ref_key_get_blob(aks_ref_key_t refkey, size_t *out_blob_len);
119const uint8_t * aks_ref_key_get_external_data(aks_ref_key_t refkey, size_t *out_external_data_len);
120const uint8_t * aks_ref_key_get_public_key(aks_ref_key_t refkey, size_t* out_pub_key_len);
121
122int aks_ref_key_create(keybag_handle_t handle, keyclass_t key_class, aks_key_type_t type, const uint8_t *params, size_t params_len, aks_ref_key_t *ot);
123int aks_ref_key_create_with_blob(keybag_handle_t keybag, const uint8_t *ref_key_blob, size_t ref_key_blob_len, aks_ref_key_t* handle);
124int aks_ref_key_encrypt(aks_ref_key_t handle, const uint8_t *der_params, size_t der_params_len, const void *data, size_t data_len, void **out_der, size_t *out_der_len);
125int aks_ref_key_decrypt(aks_ref_key_t handle, const uint8_t *der_params, size_t der_params_len, const void *data, size_t data_len, void **out_der, size_t *out_der_len);
126
127int aks_ref_key_free(aks_ref_key_t* refkey);
128int aks_ref_key_delete(aks_ref_key_t handle, const uint8_t *der_params, size_t der_params_len);
129
130kern_return_t aks_wrap_key(const uint8_t *source, uint32_t textLength, keyclass_t keyclass, keybag_handle_t keybag, uint8_t *data, int *dest_len, keyclass_t *actual_class);
131kern_return_t aks_unwrap_key(const uint8_t *source, uint32_t textLength, keyclass_t keyclass, keybag_handle_t keybag, uint8_t *data, int *dest_len);
132
133int aks_operation_optional_params(const uint8_t * access_groups, size_t access_groups_len, const uint8_t * external_data, size_t external_data_len, const void * acm_handle, int acm_handle_len, void ** out_der, size_t * out_der_len);
134
135bool hwaes_key_available(void);
136
137#ifdef __cplusplus
138}
139#endif
140
141#endif