pauth-2.c (1721B)
1#include <stdint.h> 2#include <assert.h> 3 4void do_test(uint64_t value) 5{ 6 uint64_t salt1, salt2; 7 uint64_t encode, decode; 8 9 /* 10 * With TBI enabled and a 48-bit VA, there are 7 bits of auth, 11 * and so a 1/128 chance of encode = pac(value,key,salt) producing 12 * an auth for which leaves value unchanged. 13 * Iterate until we find a salt for which encode != value. 14 */ 15 for (salt1 = 1; ; salt1++) { 16 asm volatile("pacda %0, %2" : "=r"(encode) : "0"(value), "r"(salt1)); 17 if (encode != value) { 18 break; 19 } 20 } 21 22 /* A valid salt must produce a valid authorization. */ 23 asm volatile("autda %0, %2" : "=r"(decode) : "0"(encode), "r"(salt1)); 24 assert(decode == value); 25 26 /* 27 * An invalid salt usually fails authorization, but again there 28 * is a chance of choosing another salt that works. 29 * Iterate until we find another salt which does fail. 30 */ 31 for (salt2 = salt1 + 1; ; salt2++) { 32 asm volatile("autda %0, %2" : "=r"(decode) : "0"(encode), "r"(salt2)); 33 if (decode != value) { 34 break; 35 } 36 } 37 38 /* The VA bits, bit 55, and the TBI bits, should be unchanged. */ 39 assert(((decode ^ value) & 0xff80ffffffffffffull) == 0); 40 41 /* 42 * Bits [54:53] are an error indicator based on the key used; 43 * the DA key above is keynumber 0, so error == 0b01. Otherwise 44 * bit 55 of the original is sign-extended into the rest of the auth. 45 */ 46 if ((value >> 55) & 1) { 47 assert(((decode >> 48) & 0xff) == 0b10111111); 48 } else { 49 assert(((decode >> 48) & 0xff) == 0b00100000); 50 } 51} 52 53int main() 54{ 55 do_test(0); 56 do_test(0xda004acedeadbeefull); 57 return 0; 58}