im a brain genious
Quote Tweet
Replying to @NoraDotCodes
what if the FFI structs were cryptographically signed with a proof that the C code didnβt mess with them
3
28
Conversation
It steals precious bits in the pointers from other use cases to stick an ~16-bit MAC there. Actual size varies quite a bit based on address space size / page table depth, pointer tagging, etc. They had to come up with faster cryptography for generating tiny little MACs for it.
1
1
There are a few different keys (not directly accessible) and they sign a pair of values: pointer and a value chosen by the code to differentiate between different pointers based on something like their own address, a type hash, etc. It doesn't actually need to be a real pointer.
1
If you want to use it to implement *signed* integers, that should work fine as long as you don't mind having some of their bits missing and some awkwardness.
Hasn't really worked out that well so far as a security feature since it protects exploitation targets, not the sources.