2019-06-10 01:22:49 +03:00
|
|
|
#include <stdint.h>
|
2023-08-30 02:23:24 +03:00
|
|
|
#include <signal.h>
|
|
|
|
|
#include <stdlib.h>
|
2019-06-10 01:22:49 +03:00
|
|
|
#include <assert.h>
|
2023-08-30 02:23:24 +03:00
|
|
|
#include "pauth.h"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void sigill(int sig, siginfo_t *info, void *vuc)
|
|
|
|
|
{
|
|
|
|
|
ucontext_t *uc = vuc;
|
|
|
|
|
uint64_t test;
|
|
|
|
|
|
|
|
|
|
/* There is only one insn below that is allowed to fault. */
|
|
|
|
|
asm volatile("adr %0, auth2_insn" : "=r"(test));
|
|
|
|
|
assert(test == uc->uc_mcontext.pc);
|
|
|
|
|
exit(0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int pac_feature;
|
2019-06-10 01:22:49 +03:00
|
|
|
|
|
|
|
|
void do_test(uint64_t value)
|
|
|
|
|
{
|
|
|
|
|
uint64_t salt1, salt2;
|
|
|
|
|
uint64_t encode, decode;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* With TBI enabled and a 48-bit VA, there are 7 bits of auth,
|
|
|
|
|
* and so a 1/128 chance of encode = pac(value,key,salt) producing
|
|
|
|
|
* an auth for which leaves value unchanged.
|
|
|
|
|
* Iterate until we find a salt for which encode != value.
|
|
|
|
|
*/
|
|
|
|
|
for (salt1 = 1; ; salt1++) {
|
|
|
|
|
asm volatile("pacda %0, %2" : "=r"(encode) : "0"(value), "r"(salt1));
|
|
|
|
|
if (encode != value) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* A valid salt must produce a valid authorization. */
|
|
|
|
|
asm volatile("autda %0, %2" : "=r"(decode) : "0"(encode), "r"(salt1));
|
|
|
|
|
assert(decode == value);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* An invalid salt usually fails authorization, but again there
|
|
|
|
|
* is a chance of choosing another salt that works.
|
|
|
|
|
* Iterate until we find another salt which does fail.
|
2023-08-30 02:23:24 +03:00
|
|
|
*
|
|
|
|
|
* With FEAT_FPAC, this will SIGILL instead of producing a result.
|
2019-06-10 01:22:49 +03:00
|
|
|
*/
|
|
|
|
|
for (salt2 = salt1 + 1; ; salt2++) {
|
2023-08-30 02:23:24 +03:00
|
|
|
asm volatile("auth2_insn: autda %0, %2"
|
|
|
|
|
: "=r"(decode) : "0"(encode), "r"(salt2));
|
2019-06-10 01:22:49 +03:00
|
|
|
if (decode != value) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-30 02:23:24 +03:00
|
|
|
assert(pac_feature < 4); /* No FEAT_FPAC */
|
|
|
|
|
|
2019-06-10 01:22:49 +03:00
|
|
|
/* The VA bits, bit 55, and the TBI bits, should be unchanged. */
|
|
|
|
|
assert(((decode ^ value) & 0xff80ffffffffffffull) == 0);
|
|
|
|
|
|
|
|
|
|
/*
|
2023-08-30 02:23:24 +03:00
|
|
|
* Without FEAT_Pauth2, bits [54:53] are an error indicator based on
|
|
|
|
|
* the key used; the DA key above is keynumber 0, so error == 0b01.
|
|
|
|
|
* Otherwise, bit 55 of the original is sign-extended into the rest
|
|
|
|
|
* of the auth.
|
2019-06-10 01:22:49 +03:00
|
|
|
*/
|
2023-08-30 02:23:24 +03:00
|
|
|
if (pac_feature < 3) {
|
|
|
|
|
if ((value >> 55) & 1) {
|
|
|
|
|
assert(((decode >> 48) & 0xff) == 0b10111111);
|
|
|
|
|
} else {
|
|
|
|
|
assert(((decode >> 48) & 0xff) == 0b00100000);
|
|
|
|
|
}
|
2019-06-10 01:22:49 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int main()
|
|
|
|
|
{
|
2023-08-30 02:23:24 +03:00
|
|
|
static const struct sigaction sa = {
|
|
|
|
|
.sa_sigaction = sigill,
|
|
|
|
|
.sa_flags = SA_SIGINFO
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
pac_feature = get_pac_feature();
|
|
|
|
|
assert(pac_feature != 0);
|
|
|
|
|
|
|
|
|
|
if (pac_feature >= 4) {
|
|
|
|
|
/* FEAT_FPAC */
|
|
|
|
|
sigaction(SIGILL, &sa, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-10 01:22:49 +03:00
|
|
|
do_test(0);
|
|
|
|
|
do_test(0xda004acedeadbeefull);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
