1 #include <stdint.h>
2 #include <assert.h>
3
do_test(uint64_t value)4 void do_test(uint64_t value)
5 {
6 uint64_t salt1, salt2;
7 uint64_t encode, decode;
8
9 /*
10 * With TBI enabled and a 48-bit VA, there are 7 bits of auth,
11 * and so a 1/128 chance of encode = pac(value,key,salt) producing
12 * an auth for which leaves value unchanged.
13 * Iterate until we find a salt for which encode != value.
14 */
15 for (salt1 = 1; ; salt1++) {
16 asm volatile("pacda %0, %2" : "=r"(encode) : "0"(value), "r"(salt1));
17 if (encode != value) {
18 break;
19 }
20 }
21
22 /* A valid salt must produce a valid authorization. */
23 asm volatile("autda %0, %2" : "=r"(decode) : "0"(encode), "r"(salt1));
24 assert(decode == value);
25
26 /*
27 * An invalid salt usually fails authorization, but again there
28 * is a chance of choosing another salt that works.
29 * Iterate until we find another salt which does fail.
30 */
31 for (salt2 = salt1 + 1; ; salt2++) {
32 asm volatile("autda %0, %2" : "=r"(decode) : "0"(encode), "r"(salt2));
33 if (decode != value) {
34 break;
35 }
36 }
37
38 /* The VA bits, bit 55, and the TBI bits, should be unchanged. */
39 assert(((decode ^ value) & 0xff80ffffffffffffull) == 0);
40
41 /*
42 * Bits [54:53] are an error indicator based on the key used;
43 * the DA key above is keynumber 0, so error == 0b01. Otherwise
44 * bit 55 of the original is sign-extended into the rest of the auth.
45 */
46 if ((value >> 55) & 1) {
47 assert(((decode >> 48) & 0xff) == 0b10111111);
48 } else {
49 assert(((decode >> 48) & 0xff) == 0b00100000);
50 }
51 }
52
main()53 int main()
54 {
55 do_test(0);
56 do_test(-1);
57 do_test(0xda004acedeadbeefull);
58 return 0;
59 }
60