projects / apple / xnu.git / blame
| Commit | Line | Data |
|---|---|---|
| f427ee49 A |
1 | /* |
| 2 | * Copyright (c) 2020 Apple Inc. All rights reserved. | |
| 3 | * | |
| 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ | |
| 5 | * | |
| 6 | * This file contains Original Code and/or Modifications of Original Code | |
| 7 | * as defined in and that are subject to the Apple Public Source License | |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in | |
| 9 | * compliance with the License. The rights granted to you under the License | |
| 10 | * may not be used to create, or enable the creation or redistribution of, | |
| 11 | * unlawful or unlicensed copies of an Apple operating system, or to | |
| 12 | * circumvent, violate, or enable the circumvention or violation of, any | |
| 13 | * terms of an Apple operating system software license agreement. | |
| 14 | * | |
| 15 | * Please obtain a copy of the License at | |
| 16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. | |
| 17 | * | |
| 18 | * The Original Code and all software distributed under the License are | |
| 19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
| 20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
| 21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
| 22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
| 23 | * Please see the License for the specific language governing rights and | |
| 24 | * limitations under the License. | |
| 25 | * | |
| 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ | |
| 27 | */ | |
| 28 | ||
| 29 | #include <IOKit/IOLib.h> | |
| 30 | #include <kern/debug.h> // for panic() | |
| 31 | ||
| 32 | #include <libkern/ptrauth_utils.h> | |
| 33 | ||
| 34 | ||
| 35 | #if __has_feature(ptrauth_calls) | |
| 36 | ||
| 37 | /* | |
| 38 | * ptrauth_utils_sign_blob_generic | |
| 39 | * | |
| 40 | * Sign a blob of data with the GA key | |
| 41 | * | |
| 42 | */ | |
| c3c9b80d | 43 | __attribute__((noinline)) |
| f427ee49 | 44 | ptrauth_generic_signature_t |
| c3c9b80d | 45 | ptrauth_utils_sign_blob_generic(const void * ptr, size_t len_bytes, uint64_t data, int flags) |
| f427ee49 A |
46 | { |
| 47 | ptrauth_generic_signature_t sig = 0; | |
| 48 | ||
| 49 | uint64_t rounds = len_bytes / sizeof(uintptr_t); | |
| 50 | size_t ntrailing = len_bytes % sizeof(uintptr_t); | |
| 51 | uintptr_t trailing = 0; | |
| 52 | ||
| 53 | if (ptr == NULL) { | |
| 54 | return 0; | |
| 55 | } | |
| 56 | ||
| 57 | /* If address diversification is requested, mix the blob address with the salt */ | |
| 58 | if (flags & PTRAUTH_ADDR_DIVERSIFY) { | |
| 59 | data ^= (uint64_t)ptr; | |
| 60 | } | |
| 61 | ||
| c3c9b80d A |
62 | /* First round adds ptrauth_utils_sign_blob_generic discrimination. */ |
| 63 | sig = ptrauth_sign_generic_data(sig, ptrauth_string_discriminator("ptrauth_utils_sign_blob_generic-prologue") | 0x01); | |
| 64 | ||
| 65 | /* Second round adds salt */ | |
| f427ee49 A |
66 | sig = ptrauth_sign_generic_data(sig, data); |
| 67 | ||
| 68 | /* Calculate an additive signature of the buffer */ | |
| 69 | for (uint64_t i = 0; i < rounds; i++) { | |
| c3c9b80d | 70 | sig = ptrauth_sign_generic_data(*(const uintptr_t *)ptr, sig); |
| f427ee49 A |
71 | ptr += sizeof(uintptr_t); |
| 72 | } | |
| 73 | ||
| 74 | /* ptrauth_sign_generic_data operates on pointer-sized values only, | |
| 75 | * so we need to handle trailing bytes for the non-pointer-aligned case */ | |
| 76 | if (ntrailing) { | |
| c3c9b80d A |
77 | for (int i = 0; i < ntrailing; i++) { |
| 78 | ((uint8_t *)&trailing)[i] = ((const uint8_t *)ptr)[i]; | |
| 79 | } | |
| f427ee49 A |
80 | sig = ptrauth_sign_generic_data(trailing, sig); |
| 81 | } | |
| 82 | ||
| c3c9b80d A |
83 | |
| 84 | /* Final round to add an additional cookie */ | |
| 85 | sig = ptrauth_sign_generic_data(sig, ptrauth_string_discriminator("ptrauth_utils_sign_blob_generic-epilogue") | 0x01); | |
| 86 | ||
| f427ee49 A |
87 | return sig; |
| 88 | } | |
| 89 | ||
| 90 | /* | |
| 91 | * ptrauth_utils_auth_blob_generic | |
| 92 | * | |
| 93 | * Authenticate signature produced by ptrauth_utils_sign_blob_generic | |
| 94 | */ | |
| c3c9b80d | 95 | __attribute__((noinline)) |
| f427ee49 | 96 | void |
| c3c9b80d | 97 | ptrauth_utils_auth_blob_generic(const void * ptr, size_t len_bytes, uint64_t data, int flags, ptrauth_generic_signature_t signature) |
| f427ee49 A |
98 | { |
| 99 | ptrauth_generic_signature_t calculated_signature = 0; | |
| 100 | ||
| 101 | if (ptr == NULL) { | |
| 102 | if (flags & PTRAUTH_NON_NULL) { | |
| 103 | panic("ptrauth_utils_auth_blob_generic: ptr must not be NULL"); | |
| 104 | } else { | |
| 105 | return; | |
| 106 | } | |
| 107 | } | |
| 108 | ||
| 109 | if ((calculated_signature = ptrauth_utils_sign_blob_generic(ptr, len_bytes, data, flags)) == signature) { | |
| 110 | return; | |
| 111 | } else { | |
| 112 | panic("signature mismatch for %lu bytes at %p, calculated %lx vs %lx", len_bytes, | |
| 113 | ptr, | |
| 114 | calculated_signature, | |
| 115 | signature); | |
| 116 | } | |
| 117 | } | |
| 118 | ||
| 119 | #endif //!ptrauth_calls |