Location>code7788 >text

Understanding the ARM 64 Series in One Article: PACISB

Popularity:166 ℃/2024-11-13 01:39:26

1 PAC

AMR64offersPAC(Pointer Authentication Code) mechanism.

what is calledPACTo put it simply, the key stored on the chip hardware, a "context", and the "pointer address" are encrypted, resulting in a "signature", which is then written to the pointer's high value.bitUp.

image

The reason why the computed 'signature' can be written to the pointer's highbitThis is because in practice, not all pointer64bitare used, usually highbitAll will be reserved for other uses.

image

If someone maliciously modifies the pointer address while the program is running, and the signed pointer address is used later, acting on the verify instruction, an error will be reported.

The verification process is the same as the signature calculation process, except that it compares whether the signature values calculated before and after are the same. If the validation is successful, the signature will be retrieved from the highbitRemoved from the top.

image

2 Command Syntax

PACIBSP

3 Command Semantics

The above instruction performs the function return addressPACThat is to say, to theX30value ofPACor to theLRThe value of the registers for thePAC

existPACThe process has2One kind of key, one kind of keyAThe other is the keyB

directivesPACIBSPhit the nail on the headBmeans to use the keyBat the same timeSPIndicates that "context" uses theSPThe value of the register.

Here is a runPACIBSPLater.X30Example of a change in the value of.

// PAC ahead
(lldb) p/x $x30
(unsigned long) 0x000000010817f7bc

// PAC empress
(lldb) p/x $x30
(unsigned long) 0x3f57fc010817f7bc

As you can see from the output above, theX30highbitexistPACChanges have occurred since then.

4 Similar directives

4.1 PACIB

PACIB <Xd>, <Xn|SP>

keys: KeyB

(textual) context: XnThe value of the register or theSPThe value of the register.

pointer address: XdThe value of the register

4.2 PACIB1716

PACIB1716

keys: KeyB

(textual) context:: RegistersX16The value of the

pointer address:: RegistersX17The value of the

4.3 PACIBZ

PACIBZ

keys: KeyB

(textual) context: 0

pointer address: X30Registers orLRThe value of the register.

4.4 PACIZB

PACIZB <Xd>

keys: KeyB

(textual) context: 0

pointer address:: RegistersXdThe value of the

4.5 Key A Command

directivesPACIASP PACIA PACIA1716 PACIAZ PACIZAIn addition to using the keyAcarry outPACOther than that, everything else is the same as the correspondingPACIB*The instructions are the same.