59 lines
1.7 KiB
C
59 lines
1.7 KiB
C
|
#include <stdint.h>
|
||
|
#include <assert.h>
|
||
|
|
||
|
void do_test(uint64_t value)
|
||
|
{
|
||
|
uint64_t salt1, salt2;
|
||
|
uint64_t encode, decode;
|
||
|
|
||
|
/*
|
||
|
* With TBI enabled and a 48-bit VA, there are 7 bits of auth,
|
||
|
* and so a 1/128 chance of encode = pac(value,key,salt) producing
|
||
|
* an auth for which leaves value unchanged.
|
||
|
* Iterate until we find a salt for which encode != value.
|
||
|
*/
|
||
|
for (salt1 = 1; ; salt1++) {
|
||
|
asm volatile("pacda %0, %2" : "=r"(encode) : "0"(value), "r"(salt1));
|
||
|
if (encode != value) {
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/* A valid salt must produce a valid authorization. */
|
||
|
asm volatile("autda %0, %2" : "=r"(decode) : "0"(encode), "r"(salt1));
|
||
|
assert(decode == value);
|
||
|
|
||
|
/*
|
||
|
* An invalid salt usually fails authorization, but again there
|
||
|
* is a chance of choosing another salt that works.
|
||
|
* Iterate until we find another salt which does fail.
|
||
|
*/
|
||
|
for (salt2 = salt1 + 1; ; salt2++) {
|
||
|
asm volatile("autda %0, %2" : "=r"(decode) : "0"(encode), "r"(salt2));
|
||
|
if (decode != value) {
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/* The VA bits, bit 55, and the TBI bits, should be unchanged. */
|
||
|
assert(((decode ^ value) & 0xff80ffffffffffffull) == 0);
|
||
|
|
||
|
/*
|
||
|
* Bits [54:53] are an error indicator based on the key used;
|
||
|
* the DA key above is keynumber 0, so error == 0b01. Otherwise
|
||
|
* bit 55 of the original is sign-extended into the rest of the auth.
|
||
|
*/
|
||
|
if ((value >> 55) & 1) {
|
||
|
assert(((decode >> 48) & 0xff) == 0b10111111);
|
||
|
} else {
|
||
|
assert(((decode >> 48) & 0xff) == 0b00100000);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
int main()
|
||
|
{
|
||
|
do_test(0);
|
||
|
do_test(0xda004acedeadbeefull);
|
||
|
return 0;
|
||
|
}
|