tests/tcg/aarch64/pauth-2.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

#include <stdint.h>
#include <signal.h>
#include <stdlib.h>
#include <assert.h>
#include "pauth.h"


static void sigill(int sig, siginfo_t *info, void *vuc)
{
    ucontext_t *uc = vuc;
    uint64_t test;

    /* There is only one insn below that is allowed to fault. */
    asm volatile("adr %0, auth2_insn" : "=r"(test));
    assert(test == uc->uc_mcontext.pc);
    exit(0);
}

static int pac_feature;

void do_test(uint64_t value)
{
    uint64_t salt1, salt2;
    uint64_t encode, decode;

    /*
     * With TBI enabled and a 48-bit VA, there are 7 bits of auth,
     * and so a 1/128 chance of encode = pac(value,key,salt) producing
     * an auth for which leaves value unchanged.
     * Iterate until we find a salt for which encode != value.
     */
    for (salt1 = 1; ; salt1++) {
        asm volatile("pacda %0, %2" : "=r"(encode) : "0"(value), "r"(salt1));
        if (encode != value) {
            break;
        }
    }

    /* A valid salt must produce a valid authorization.  */
    asm volatile("autda %0, %2" : "=r"(decode) : "0"(encode), "r"(salt1));
    assert(decode == value);

    /*
     * An invalid salt usually fails authorization, but again there
     * is a chance of choosing another salt that works.
     * Iterate until we find another salt which does fail.
     *
     * With FEAT_FPAC, this will SIGILL instead of producing a result.
     */
    for (salt2 = salt1 + 1; ; salt2++) {
        asm volatile("auth2_insn: autda %0, %2"
                     : "=r"(decode) : "0"(encode), "r"(salt2));
        if (decode != value) {
            break;
        }
    }

    assert(pac_feature < 4);  /* No FEAT_FPAC */

    /* The VA bits, bit 55, and the TBI bits, should be unchanged.  */
    assert(((decode ^ value) & 0xff80ffffffffffffull) == 0);

    /*
     * Without FEAT_Pauth2, bits [54:53] are an error indicator based on
     * the key used; the DA key above is keynumber 0, so error == 0b01.
     * Otherwise, bit 55 of the original is sign-extended into the rest
     * of the auth.
     */
    if (pac_feature < 3) {
        if ((value >> 55) & 1) {
            assert(((decode >> 48) & 0xff) == 0b10111111);
        } else {
            assert(((decode >> 48) & 0xff) == 0b00100000);
        }
    }
}

int main()
{
    static const struct sigaction sa = {
        .sa_sigaction = sigill,
        .sa_flags = SA_SIGINFO
    };

    pac_feature = get_pac_feature();
    assert(pac_feature != 0);

    if (pac_feature >= 4) {
        /* FEAT_FPAC */
        sigaction(SIGILL, &sa, NULL);
    }

    do_test(0);
    do_test(0xda004acedeadbeefull);
    return 0;
}