[PATCH] D90868: [IR] Define @llvm.ptrauth intrinsics.

[John McCall via Phabricator via llvm-commits]

rjmccall added a comment.

Before we get too far into editorial review, I think we should step back and ask what actually needs to be in this document.  In particular, I'm not sure that the discussion of how pointer authentication can be used in an ABI is really appropriate for LLVM-level documentation.  We should discuss the formal model we want the intrinsics/constant to provide — secret key registers, well-formed pointers, arbitrary discriminators — and just link to other documentation (e.g. the much longer white paper in the clang docs) for the benefit of people who are curious about how this can be used.



================
Comment at: llvm/docs/PointerAuth.md:53-58
+* a key: one of a small, fixed set.  The value of the key itself is not
+  directly accessible, but is referenced by ptrauth operations via an
+  identifier.
+
+* salt, or extra diversity data: additional data mixed in with the value and
+  used by the ptrauth operations.
----------------
kristof.beyls wrote:
> Would it be helpful to refer to the key as being a cryptographic pepper (https://en.wikipedia.org/wiki/Pepper_(cryptography) ), since the discriminator is referred to as "salt"?
I think that's the best mapping onto the conventional terms, yeah.  The correct constant/address discriminator for a particular signing purpose is publicly known, but it's supposed to be as different as possible for different purposes; that's basically a salt.  The signing key is the same for all signatures (ignoring the different key registers), but it's secret and different for different "sites" (devices); that's basically a pepper.  The nature of the problem is a little different, but it's close enough.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D90868/new/

https://reviews.llvm.org/D90868