The definition of top_bit used in this function is one higher
than that used in the Arm ARM psuedo-code, which put the error
indication at top_bit - 1 at the wrong place, which meant that
it wasn't visible to Auth.
Fixing the definition of top_bit requires more changes, because
its most common use is for the count of bits in top_bit:bot_bit,
which would then need to be computed as top_bit - bot_bit + 1.
For now, prefer the minimal fix to the error indication alone.
Fixes: 63ff0ca94cb
Backports commit 8796fe40dd30cd9ffd3c958906471715c923b341 from qemu
The psuedocode in aarch64/functions/pac/auth/Auth and
aarch64/functions/pac/strip/Strip always uses bit 55 for
extfield and do not consider if the current regime has 2 ranges.
Backports commit 7eeb4c2ce8dc0a5655526f3f39bd5d6cc02efb39 from qemu
Use the correct sctlr for EL2&0 regime. Due to header ordering,
and where arm_mmu_idx_el is declared, we need to move the function
out of line. Use the function in many more places in order to
select the correct control.
Backports commit aaec143212bb70ac9549cf73203d13100bd5c7c2 from qemu
In the PAC computation, sbox was applied over wrong bits.
As this is a 4-bit sbox, bit index should be incremented by 4 instead of 16.
Test vector from QARMA paper (https://eprint.iacr.org/2016/444.pdf) was
used to verify one computation of the pauth_computepac() function which
uses sbox2.
Launchpad: https://bugs.launchpad.net/bugs/1859713
Backports commit de0b1bae6461f67243282555475f88b2384a1eb9 from qemu
The ARM pseudocode installs the error_code into the original
pointer, not the encrypted pointer. The difference applies
within the 7 bits of pac data; the result should be the sign
extension of bit 55.
Add a testcase to that effect.
Backports commit d67ebada159148bfdfde84871338738e4465e985 from qemu
This is the main crypto routine, an implementation of QARMA.
This matches, as much as possible, ARM pseudocode.
Backports commit 990870b205ddfdba3fd3c1321e6083005ef59d1a from qemu
This is not really functional yet, because the crypto is not yet
implemented. This, however follows the AddPAC pseudo function.
Backports commit 63ff0ca94cb84764d2aee45b37c5502a54811dab from qemu
This is not really functional yet, because the crypto is not yet
implemented. This, however follows the Auth pseudo function.
Backports commit a7bfa086c973a51fc18116c9d2e22a0e0069edba from qemu
Stripping out the authentication data does not require any crypto,
it merely requires the virtual address parameters.
Backports commit 04d13549fa10bb9775a90701e4e6fd0a2cbf83cb from qemu
The cryptographic internals are stubbed out for now,
but the enable and trap bits are checked.
Backports commit 0d43e1a2d29a05f7b0d5629caaff18733cbdf3bb from qemu