Loader: Implement RandomUtils (for ASLR)

This commit is contained in:
Michael Scire 2018-04-24 05:05:04 -06:00
parent b11c2fe755
commit d09c48c6c7
3 changed files with 62 additions and 4 deletions

View file

@ -2,6 +2,7 @@
#include <algorithm> #include <algorithm>
#include <cstdio> #include <cstdio>
#include "ldr_nso.hpp" #include "ldr_nso.hpp"
#include "ldr_random.hpp"
static NsoUtils::NsoHeader g_nso_headers[NSO_NUM_MAX] = {0}; static NsoUtils::NsoHeader g_nso_headers[NSO_NUM_MAX] = {0};
static bool g_nso_present[NSO_NUM_MAX] = {0}; static bool g_nso_present[NSO_NUM_MAX] = {0};
@ -118,7 +119,7 @@ Result NsoUtils::CalculateNsoLoadExtents(u32 addspace_type, u32 args_size, NsoLo
} }
/* Calculate ASLR extents for address space type. */ /* Calculate ASLR extents for address space type. */
u64 addspace_start, addspace_size, addspace_end; u64 addspace_start, addspace_size;
if (kernelAbove200()) { if (kernelAbove200()) {
switch (addspace_type & 0xE) { switch (addspace_type & 0xE) {
case 0: case 0:
@ -147,14 +148,13 @@ Result NsoUtils::CalculateNsoLoadExtents(u32 addspace_type, u32 args_size, NsoLo
addspace_size = 0x3FE00000ULL; addspace_size = 0x3FE00000ULL;
} }
} }
addspace_end = addspace_start + addspace_size; if (extents->total_size > addspace_size) {
if (addspace_start + extents->total_size > addspace_end) {
return 0xD001; return 0xD001;
} }
u64 aslr_slide = 0; u64 aslr_slide = 0;
if (addspace_type & 0x20) { if (addspace_type & 0x20) {
/* TODO: Apply a random ASLR slide. */ aslr_slide = RandomUtils::GetRandomU64((addspace_size - extents->total_size) >> 21) << 21;
} }
extents->base_address = addspace_start + aslr_slide; extents->base_address = addspace_start + aslr_slide;

View file

@ -0,0 +1,49 @@
#include <switch.h>
#include "ldr_random.hpp"
/* Official HOS uses TinyMT. This is high effort. Let's just use XorShift. */
/* https://en.wikipedia.org/wiki/Xorshift */
static u32 g_random_state[4] = {0};
static bool g_has_initialized = false;
static void EnsureRandomState() {
if (g_has_initialized) {
return;
}
/* Retrieve process entropy with svcGetInfo. */
u64 val = 0;
for (unsigned int i = 0; i < 4; i++) {
if (R_FAILED(svcGetInfo(&val, 0xB, 0, i))) {
/* TODO: Panic? */
}
g_random_state[i] = val & 0xFFFFFFFF;
}
g_has_initialized = true;
}
u32 RandomUtils::GetNext() {
EnsureRandomState();
u32 s, t = g_random_state[3];
t ^= t << 11;
t ^= t >> 8;
g_random_state[3] = g_random_state[2]; g_random_state[2] = g_random_state[1]; g_random_state[1] = (s = g_random_state[0]);
t ^= s;
t ^= s >> 19;
g_random_state[0] = t;
return t;
}
/* These are slightly biased, but I think that's totally okay. */
u32 RandomUtils::GetRandomU32(u32 max) {
return GetNext() % max;
}
u32 RandomUtils::GetRandomU64(u64 max) {
u64 val = GetNext();
val |= ((u64)GetNext()) << 32;
return val % max;
}

View file

@ -0,0 +1,9 @@
#pragma once
#include <switch.h>
class RandomUtils {
public:
static u32 GetNext();
static u32 GetRandomU32(u32 max);
static u32 GetRandomU64(u64 max);
};