[apple/xnu.git] / libkern / ptrauth_utils.c

/*
 * Copyright (c) 2020 Apple Inc. All rights reserved.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. The rights granted to you under the License
 * may not be used to create, or enable the creation or redistribution of,
 * unlawful or unlicensed copies of an Apple operating system, or to
 * circumvent, violate, or enable the circumvention or violation of, any
 * terms of an Apple operating system software license agreement.
 *
 * Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
 */

#include <IOKit/IOLib.h>
#include <kern/debug.h> // for panic()

#include <libkern/ptrauth_utils.h>


#if __has_feature(ptrauth_calls)

/*
 * ptrauth_utils_sign_blob_generic
 *
 * Sign a blob of data with the GA key
 *
 */
ptrauth_generic_signature_t
ptrauth_utils_sign_blob_generic(void * ptr, size_t len_bytes, uint64_t data, int flags)
{
	ptrauth_generic_signature_t sig = 0;

	uint64_t rounds = len_bytes / sizeof(uintptr_t);
	size_t ntrailing = len_bytes % sizeof(uintptr_t);
	uintptr_t trailing = 0;

	if (ptr == NULL) {
		return 0;
	}

	/* If address diversification is requested, mix the blob address with the salt */
	if (flags & PTRAUTH_ADDR_DIVERSIFY) {
		data ^= (uint64_t)ptr;
	}

	/* First round adds salt */
	sig = ptrauth_sign_generic_data(sig, data);

	/* Calculate an additive signature of the buffer */
	for (uint64_t i = 0; i < rounds; i++) {
		sig = ptrauth_sign_generic_data(*(uintptr_t *)ptr, sig);
		ptr += sizeof(uintptr_t);
	}

	/* ptrauth_sign_generic_data operates on pointer-sized values only,
	 * so we need to handle trailing bytes for the non-pointer-aligned case */
	if (ntrailing) {
		memcpy(&trailing, ptr, ntrailing);
		sig = ptrauth_sign_generic_data(trailing, sig);
	}

	return sig;
}

/*
 * ptrauth_utils_auth_blob_generic
 *
 * Authenticate signature produced by ptrauth_utils_sign_blob_generic
 */
void
ptrauth_utils_auth_blob_generic(void * ptr, size_t len_bytes, uint64_t data, int flags, ptrauth_generic_signature_t signature)
{
	ptrauth_generic_signature_t calculated_signature = 0;

	if (ptr == NULL) {
		if (flags & PTRAUTH_NON_NULL) {
			panic("ptrauth_utils_auth_blob_generic: ptr must not be NULL");
		} else {
			return;
		}
	}

	if ((calculated_signature = ptrauth_utils_sign_blob_generic(ptr, len_bytes, data, flags)) == signature) {
		return;
	} else {
		panic("signature mismatch for %lu bytes at %p, calculated %lx vs %lx", len_bytes,
		    ptr,
		    calculated_signature,
		    signature);
	}
}

#endif //!ptrauth_calls
Commit	Line	Data
f427ee49 A	1	/*
	2	* Copyright (c) 2020 Apple Inc. All rights reserved.
	3	*
	4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. The rights granted to you under the License
	10	* may not be used to create, or enable the creation or redistribution of,
	11	* unlawful or unlicensed copies of an Apple operating system, or to
	12	* circumvent, violate, or enable the circumvention or violation of, any
	13	* terms of an Apple operating system software license agreement.
	14	*
	15	* Please obtain a copy of the License at
	16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
	17	*
	18	* The Original Code and all software distributed under the License are
	19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	23	* Please see the License for the specific language governing rights and
	24	* limitations under the License.
	25	*
	26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
	27	*/
	28
	29	#include <IOKit/IOLib.h>
	30	#include <kern/debug.h> // for panic()
	31
	32	#include <libkern/ptrauth_utils.h>
	33
	34
	35	#if __has_feature(ptrauth_calls)
	36
	37	/*
	38	* ptrauth_utils_sign_blob_generic
	39	*
	40	* Sign a blob of data with the GA key
	41	*
	42	*/
	43	ptrauth_generic_signature_t
	44	ptrauth_utils_sign_blob_generic(void * ptr, size_t len_bytes, uint64_t data, int flags)
	45	{
	46	ptrauth_generic_signature_t sig = 0;
	47
	48	uint64_t rounds = len_bytes / sizeof(uintptr_t);
	49	size_t ntrailing = len_bytes % sizeof(uintptr_t);
	50	uintptr_t trailing = 0;
	51
	52	if (ptr == NULL) {
	53	return 0;
	54	}
	55
	56	/* If address diversification is requested, mix the blob address with the salt */
	57	if (flags & PTRAUTH_ADDR_DIVERSIFY) {
	58	data ^= (uint64_t)ptr;
	59	}
	60
	61	/* First round adds salt */
	62	sig = ptrauth_sign_generic_data(sig, data);
	63
	64	/* Calculate an additive signature of the buffer */
65	for (uint64_t i = 0; i < rounds; i++) {
66	sig = ptrauth_sign_generic_data((uintptr_t )ptr, sig);
67	ptr += sizeof(uintptr_t);
68	}
69
70	/* ptrauth_sign_generic_data operates on pointer-sized values only,
71	* so we need to handle trailing bytes for the non-pointer-aligned case */
72	if (ntrailing) {
73	memcpy(&trailing, ptr, ntrailing);
74	sig = ptrauth_sign_generic_data(trailing, sig);
75	}
76
77	return sig;
78	}
79
80	/*
81	* ptrauth_utils_auth_blob_generic
82	*
83	* Authenticate signature produced by ptrauth_utils_sign_blob_generic
84	*/
85	void
86	ptrauth_utils_auth_blob_generic(void * ptr, size_t len_bytes, uint64_t data, int flags, ptrauth_generic_signature_t signature)
87	{
88	ptrauth_generic_signature_t calculated_signature = 0;
89
90	if (ptr == NULL) {
91	if (flags & PTRAUTH_NON_NULL) {
92	panic("ptrauth_utils_auth_blob_generic: ptr must not be NULL");
93	} else {
94	return;
95	}
96	}
97
98	if ((calculated_signature = ptrauth_utils_sign_blob_generic(ptr, len_bytes, data, flags)) == signature) {
99	return;
100	} else {
101	panic("signature mismatch for %lu bytes at %p, calculated %lx vs %lx", len_bytes,
102	ptr,
103	calculated_signature,
104	signature);
105	}
106	}
107
108	#endif //!ptrauth_calls