1/*
2 * Copyright (c) 2020 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29#ifndef __PTRAUTH_UTILS_H
30#define __PTRAUTH_UTILS_H
31
32#include <ptrauth.h>
33#include <sys/cdefs.h>
34__BEGIN_DECLS
35
36/* ptrauth_utils flags */
37#define PTRAUTH_ADDR_DIVERSIFY 0x0001 /* Mix storage address in to signature */
38#define PTRAUTH_NON_NULL 0x0002 /* ptr must not be NULL */
39
40/* ptrauth_utils_sign_blob_generic
41 *
42 * Description: Sign a blob of data with the GA key and extra data, optionally
43 * diversified by its storage address.
44 *
45 * WARNING: Lower 32 bits are always zeroes.
46 *
47 * Caveat: A race window exists between the blob being written to memory and its signature being
48 * calculated by this function. In normal operation, standard thread safety semantics prevent this being
49 * an issue, however in the malicious case it should be acknowledged that an attacker may be able to accurately
50 * time overwriting parts/all of the blob and we would generate a signature for that modified data. It is
51 * therefore important that users of this API minimise that window by calculating signatures immediately
52 * after modification to the blob.
53 *
54 *
55 * Parameters: ptr Address of data to sign
56 * len_bytes Length in bytes of data to sign
57 * data Salt to mix in signature when signing
58 * flags Signing options
59 *
60 * Returns: ptrauth_generic_signature_t Signature of blob
61 *
62 */
63ptrauth_generic_signature_t
64ptrauth_utils_sign_blob_generic(const void * ptr, size_t len_bytes, uint64_t data, int flags);
65
66
67/* ptrauth_utils_auth_blob_generic
68 *
69 * Description: Authenticates a signature for a blob of data
70 *
71 * Caveat: As with ptrauth_utils_sign_blob_generic, an attacker who is able to accurately time access between
72 * authenticating blobs and its use may be able to modify its contents. Failure to time this correctly will
73 * result in a panic. Care should be taken to authenticate immediately before reading data from the blob to
74 * minimise this window.
75 *
76 * Parameters: ptr Address of data being authenticated
77 * len_bytes Length of data being authenticated
78 * data Salt to mix with digest when authenticating
79 * flags Signing options
80 * signature The signature to verify
81 *
82 * Returns: void If the function returns, the authentication succeeded,
83 * else we panic as something's gone awry
84 *
85 */
86void
87ptrauth_utils_auth_blob_generic(const void * ptr, size_t len_bytes, uint64_t data, int flags, ptrauth_generic_signature_t signature);
88
89__END_DECLS
90#endif // __PTRAUTH_UTILS_H
91