1 /* 2 * Copyright (c) 2020 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 29 #ifndef __PTRAUTH_UTILS_H 30 #define __PTRAUTH_UTILS_H 31 32 #include <ptrauth.h> 33 #include <sys/cdefs.h> 34 __BEGIN_DECLS 35 36 /* ptrauth_utils flags */ 37 #define PTRAUTH_ADDR_DIVERSIFY 0x0001 /* Mix storage address in to signature */ 38 #define PTRAUTH_NON_NULL 0x0002 /* ptr must not be NULL */ 39 40 /* ptrauth_utils_sign_blob_generic 41 * 42 * Description: Sign a blob of data with the GA key and extra data, optionally 43 * diversified by its storage address. 44 * 45 * Caveat: A race window exists between the blob being written to memory and its signature being 46 * calculated by this function. In normal operation, standard thread safety semantics prevent this being 47 * an issue, however in the malicious case it should be acknowledged that an attacker may be able to accurately 48 * time overwriting parts/all of the blob and we would generate a signature for that modified data. It is 49 * therefore important that users of this API minimise that window by calculating signatures immediately 50 * after modification to the blob. 51 * 52 * 53 * Parameters: ptr Address of data to sign 54 * len_bytes Length in bytes of data to sign 55 * data Salt to mix in signature when signing 56 * flags Signing options 57 * 58 * Returns: ptrauth_generic_signature_t Signature of blob 59 * 60 */ 61 ptrauth_generic_signature_t 62 ptrauth_utils_sign_blob_generic(const void * ptr, size_t len_bytes, uint64_t data, int flags); 63 64 65 /* ptrauth_utils_auth_blob_generic 66 * 67 * Description: Authenticates a signature for a blob of data 68 * 69 * Caveat: As with ptrauth_utils_sign_blob_generic, an attacker who is able to accurately time access between 70 * authenticating blobs and its use may be able to modify its contents. Failure to time this correctly will 71 * result in a panic. Care should be taken to authenticate immediately before reading data from the blob to 72 * minimise this window. 73 * 74 * Parameters: ptr Address of data being authenticated 75 * len_bytes Length of data being authenticated 76 * data Salt to mix with digest when authenticating 77 * flags Signing options 78 * signature The signature to verify 79 * 80 * Returns: void If the function returns, the authentication succeeded, 81 * else we panic as something's gone awry 82 * 83 */ 84 void 85 ptrauth_utils_auth_blob_generic(const void * ptr, size_t len_bytes, uint64_t data, int flags, ptrauth_generic_signature_t signature); 86 87 __END_DECLS 88 #endif // __PTRAUTH_UTILS_H 89