pauth-5.c - cachepc-qemu - Fork of AMDESE/qemu with changes for cachepc side-channel attack

	cachepc-qemu Fork of AMDESE/qemu with changes for cachepc side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-qemu
	Log \| Files \| Refs \| Submodules \| LICENSE \| sfeed.txt

pauth-5.c (901B)

      1#include <assert.h>
      2
      3static int x;
      4
      5int main()
      6{
      7    int *p0 = &x, *p1, *p2, *p3;
      8    unsigned long salt = 0;
      9
     10    /*
     11     * With TBI enabled and a 48-bit VA, there are 7 bits of auth, and so
     12     * a 1/128 chance of auth = pac(ptr,key,salt) producing zero.
     13     * Find a salt that creates auth != 0.
     14     */
     15    do {
     16        salt++;
     17        asm("pacda %0, %1" : "=r"(p1) : "r"(salt), "0"(p0));
     18    } while (p0 == p1);
     19
     20    /*
     21     * This pac must fail, because the input pointer bears an encryption,
     22     * and so is not properly extended within bits [55:47].  This will
     23     * toggle bit 54 in the output...
     24     */
     25    asm("pacda %0, %1" : "=r"(p2) : "r"(salt), "0"(p1));
     26
     27    /* ... so that the aut must fail, setting bit 53 in the output ... */
     28    asm("autda %0, %1" : "=r"(p3) : "r"(salt), "0"(p2));
     29
     30    /* ... which means this equality must not hold. */
     31    assert(p3 != p0);
     32    return 0;
     33}