[mirror_qemu.git] / target / arm / pauth_helper.c

/*
 * ARM v8.3-PAuth Operations
 *
 * Copyright (c) 2019 Linaro, Ltd.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
 */

#include "qemu/osdep.h"
#include "cpu.h"
#include "internals.h"
#include "exec/exec-all.h"
#include "exec/cpu_ldst.h"
#include "exec/helper-proto.h"
#include "tcg/tcg-gvec-desc.h"


static uint64_t pac_cell_shuffle(uint64_t i)
{
    uint64_t o = 0;

    o |= extract64(i, 52, 4);
    o |= extract64(i, 24, 4) << 4;
    o |= extract64(i, 44, 4) << 8;
    o |= extract64(i,  0, 4) << 12;

    o |= extract64(i, 28, 4) << 16;
    o |= extract64(i, 48, 4) << 20;
    o |= extract64(i,  4, 4) << 24;
    o |= extract64(i, 40, 4) << 28;

    o |= extract64(i, 32, 4) << 32;
    o |= extract64(i, 12, 4) << 36;
    o |= extract64(i, 56, 4) << 40;
    o |= extract64(i, 20, 4) << 44;

    o |= extract64(i,  8, 4) << 48;
    o |= extract64(i, 36, 4) << 52;
    o |= extract64(i, 16, 4) << 56;
    o |= extract64(i, 60, 4) << 60;

    return o;
}

static uint64_t pac_cell_inv_shuffle(uint64_t i)
{
    uint64_t o = 0;

    o |= extract64(i, 12, 4);
    o |= extract64(i, 24, 4) << 4;
    o |= extract64(i, 48, 4) << 8;
    o |= extract64(i, 36, 4) << 12;

    o |= extract64(i, 56, 4) << 16;
    o |= extract64(i, 44, 4) << 20;
    o |= extract64(i,  4, 4) << 24;
    o |= extract64(i, 16, 4) << 28;

    o |= i & MAKE_64BIT_MASK(32, 4);
    o |= extract64(i, 52, 4) << 36;
    o |= extract64(i, 28, 4) << 40;
    o |= extract64(i,  8, 4) << 44;

    o |= extract64(i, 20, 4) << 48;
    o |= extract64(i,  0, 4) << 52;
    o |= extract64(i, 40, 4) << 56;
    o |= i & MAKE_64BIT_MASK(60, 4);

    return o;
}

static uint64_t pac_sub(uint64_t i)
{
    static const uint8_t sub[16] = {
        0xb, 0x6, 0x8, 0xf, 0xc, 0x0, 0x9, 0xe,
        0x3, 0x7, 0x4, 0x5, 0xd, 0x2, 0x1, 0xa,
    };
    uint64_t o = 0;
    int b;

    for (b = 0; b < 64; b += 4) {
        o |= (uint64_t)sub[(i >> b) & 0xf] << b;
    }
    return o;
}

static uint64_t pac_inv_sub(uint64_t i)
{
    static const uint8_t inv_sub[16] = {
        0x5, 0xe, 0xd, 0x8, 0xa, 0xb, 0x1, 0x9,
        0x2, 0x6, 0xf, 0x0, 0x4, 0xc, 0x7, 0x3,
    };
    uint64_t o = 0;
    int b;

    for (b = 0; b < 64; b += 4) {
        o |= (uint64_t)inv_sub[(i >> b) & 0xf] << b;
    }
    return o;
}

static int rot_cell(int cell, int n)
{
    /* 4-bit rotate left by n.  */
    cell |= cell << 4;
    return extract32(cell, 4 - n, 4);
}

static uint64_t pac_mult(uint64_t i)
{
    uint64_t o = 0;
    int b;

    for (b = 0; b < 4 * 4; b += 4) {
        int i0, i4, i8, ic, t0, t1, t2, t3;

        i0 = extract64(i, b, 4);
        i4 = extract64(i, b + 4 * 4, 4);
        i8 = extract64(i, b + 8 * 4, 4);
        ic = extract64(i, b + 12 * 4, 4);

        t0 = rot_cell(i8, 1) ^ rot_cell(i4, 2) ^ rot_cell(i0, 1);
        t1 = rot_cell(ic, 1) ^ rot_cell(i4, 1) ^ rot_cell(i0, 2);
        t2 = rot_cell(ic, 2) ^ rot_cell(i8, 1) ^ rot_cell(i0, 1);
        t3 = rot_cell(ic, 1) ^ rot_cell(i8, 2) ^ rot_cell(i4, 1);

        o |= (uint64_t)t3 << b;
        o |= (uint64_t)t2 << (b + 4 * 4);
        o |= (uint64_t)t1 << (b + 8 * 4);
        o |= (uint64_t)t0 << (b + 12 * 4);
    }
    return o;
}

static uint64_t tweak_cell_rot(uint64_t cell)
{
    return (cell >> 1) | (((cell ^ (cell >> 1)) & 1) << 3);
}

static uint64_t tweak_shuffle(uint64_t i)
{
    uint64_t o = 0;

    o |= extract64(i, 16, 4) << 0;
    o |= extract64(i, 20, 4) << 4;
    o |= tweak_cell_rot(extract64(i, 24, 4)) << 8;
    o |= extract64(i, 28, 4) << 12;

    o |= tweak_cell_rot(extract64(i, 44, 4)) << 16;
    o |= extract64(i,  8, 4) << 20;
    o |= extract64(i, 12, 4) << 24;
    o |= tweak_cell_rot(extract64(i, 32, 4)) << 28;

    o |= extract64(i, 48, 4) << 32;
    o |= extract64(i, 52, 4) << 36;
    o |= extract64(i, 56, 4) << 40;
    o |= tweak_cell_rot(extract64(i, 60, 4)) << 44;

    o |= tweak_cell_rot(extract64(i,  0, 4)) << 48;
    o |= extract64(i,  4, 4) << 52;
    o |= tweak_cell_rot(extract64(i, 40, 4)) << 56;
    o |= tweak_cell_rot(extract64(i, 36, 4)) << 60;

    return o;
}

static uint64_t tweak_cell_inv_rot(uint64_t cell)
{
    return ((cell << 1) & 0xf) | ((cell & 1) ^ (cell >> 3));
}

static uint64_t tweak_inv_shuffle(uint64_t i)
{
    uint64_t o = 0;

    o |= tweak_cell_inv_rot(extract64(i, 48, 4));
    o |= extract64(i, 52, 4) << 4;
    o |= extract64(i, 20, 4) << 8;
    o |= extract64(i, 24, 4) << 12;

    o |= extract64(i,  0, 4) << 16;
    o |= extract64(i,  4, 4) << 20;
    o |= tweak_cell_inv_rot(extract64(i,  8, 4)) << 24;
    o |= extract64(i, 12, 4) << 28;

    o |= tweak_cell_inv_rot(extract64(i, 28, 4)) << 32;
    o |= tweak_cell_inv_rot(extract64(i, 60, 4)) << 36;
    o |= tweak_cell_inv_rot(extract64(i, 56, 4)) << 40;
    o |= tweak_cell_inv_rot(extract64(i, 16, 4)) << 44;

    o |= extract64(i, 32, 4) << 48;
    o |= extract64(i, 36, 4) << 52;
    o |= extract64(i, 40, 4) << 56;
    o |= tweak_cell_inv_rot(extract64(i, 44, 4)) << 60;

    return o;
}

static uint64_t pauth_computepac(uint64_t data, uint64_t modifier,
                                 ARMPACKey key)
{
    static const uint64_t RC[5] = {
        0x0000000000000000ull,
        0x13198A2E03707344ull,
        0xA4093822299F31D0ull,
        0x082EFA98EC4E6C89ull,
        0x452821E638D01377ull,
    };
    const uint64_t alpha = 0xC0AC29B7C97C50DDull;
    /*
     * Note that in the ARM pseudocode, key0 contains bits <127:64>
     * and key1 contains bits <63:0> of the 128-bit key.
     */
    uint64_t key0 = key.hi, key1 = key.lo;
    uint64_t workingval, runningmod, roundkey, modk0;
    int i;

    modk0 = (key0 << 63) | ((key0 >> 1) ^ (key0 >> 63));
    runningmod = modifier;
    workingval = data ^ key0;

    for (i = 0; i <= 4; ++i) {
        roundkey = key1 ^ runningmod;
        workingval ^= roundkey;
        workingval ^= RC[i];
        if (i > 0) {
            workingval = pac_cell_shuffle(workingval);
            workingval = pac_mult(workingval);
        }
        workingval = pac_sub(workingval);
        runningmod = tweak_shuffle(runningmod);
    }
    roundkey = modk0 ^ runningmod;
    workingval ^= roundkey;
    workingval = pac_cell_shuffle(workingval);
    workingval = pac_mult(workingval);
    workingval = pac_sub(workingval);
    workingval = pac_cell_shuffle(workingval);
    workingval = pac_mult(workingval);
    workingval ^= key1;
    workingval = pac_cell_inv_shuffle(workingval);
    workingval = pac_inv_sub(workingval);
    workingval = pac_mult(workingval);
    workingval = pac_cell_inv_shuffle(workingval);
    workingval ^= key0;
    workingval ^= runningmod;
    for (i = 0; i <= 4; ++i) {
        workingval = pac_inv_sub(workingval);
        if (i < 4) {
            workingval = pac_mult(workingval);
            workingval = pac_cell_inv_shuffle(workingval);
        }
        runningmod = tweak_inv_shuffle(runningmod);
        roundkey = key1 ^ runningmod;
        workingval ^= RC[4 - i];
        workingval ^= roundkey;
        workingval ^= alpha;
    }
    workingval ^= modk0;

    return workingval;
}

static uint64_t pauth_addpac(CPUARMState *env, uint64_t ptr, uint64_t modifier,
                             ARMPACKey *key, bool data)
{
    ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
    ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
    uint64_t pac, ext_ptr, ext, test;
    int bot_bit, top_bit;

    /* If tagged pointers are in use, use ptr<55>, otherwise ptr<63>.  */
    if (param.tbi) {
        ext = sextract64(ptr, 55, 1);
    } else {
        ext = sextract64(ptr, 63, 1);
    }

    /* Build a pointer with known good extension bits.  */
    top_bit = 64 - 8 * param.tbi;
    bot_bit = 64 - param.tsz;
    ext_ptr = deposit64(ptr, bot_bit, top_bit - bot_bit, ext);

    pac = pauth_computepac(ext_ptr, modifier, *key);

    /*
     * Check if the ptr has good extension bits and corrupt the
     * pointer authentication code if not.
     */
    test = sextract64(ptr, bot_bit, top_bit - bot_bit);
    if (test != 0 && test != -1) {
        pac ^= MAKE_64BIT_MASK(top_bit - 1, 1);
    }

    /*
     * Preserve the determination between upper and lower at bit 55,
     * and insert pointer authentication code.
     */
    if (param.tbi) {
        ptr &= ~MAKE_64BIT_MASK(bot_bit, 55 - bot_bit + 1);
        pac &= MAKE_64BIT_MASK(bot_bit, 54 - bot_bit + 1);
    } else {
        ptr &= MAKE_64BIT_MASK(0, bot_bit);
        pac &= ~(MAKE_64BIT_MASK(55, 1) | MAKE_64BIT_MASK(0, bot_bit));
    }
    ext &= MAKE_64BIT_MASK(55, 1);
    return pac | ext | ptr;
}

static uint64_t pauth_original_ptr(uint64_t ptr, ARMVAParameters param)
{
    /* Note that bit 55 is used whether or not the regime has 2 ranges. */
    uint64_t extfield = sextract64(ptr, 55, 1);
    int bot_pac_bit = 64 - param.tsz;
    int top_pac_bit = 64 - 8 * param.tbi;

    return deposit64(ptr, bot_pac_bit, top_pac_bit - bot_pac_bit, extfield);
}

static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
                           ARMPACKey *key, bool data, int keynumber)
{
    ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
    ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
    int bot_bit, top_bit;
    uint64_t pac, orig_ptr, test;

    orig_ptr = pauth_original_ptr(ptr, param);
    pac = pauth_computepac(orig_ptr, modifier, *key);
    bot_bit = 64 - param.tsz;
    top_bit = 64 - 8 * param.tbi;

    test = (pac ^ ptr) & ~MAKE_64BIT_MASK(55, 1);
    if (unlikely(extract64(test, bot_bit, top_bit - bot_bit))) {
        int error_code = (keynumber << 1) | (keynumber ^ 1);
        if (param.tbi) {
            return deposit64(orig_ptr, 53, 2, error_code);
        } else {
            return deposit64(orig_ptr, 61, 2, error_code);
        }
    }
    return orig_ptr;
}

static uint64_t pauth_strip(CPUARMState *env, uint64_t ptr, bool data)
{
    ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
    ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);

    return pauth_original_ptr(ptr, param);
}

static void QEMU_NORETURN pauth_trap(CPUARMState *env, int target_el,
                                     uintptr_t ra)
{
    raise_exception_ra(env, EXCP_UDEF, syn_pactrap(), target_el, ra);
}

static void pauth_check_trap(CPUARMState *env, int el, uintptr_t ra)
{
    if (el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
        uint64_t hcr = arm_hcr_el2_eff(env);
        bool trap = !(hcr & HCR_API);
        if (el == 0) {
            /* Trap only applies to EL1&0 regime.  */
            trap &= (hcr & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE);
        }
        /* FIXME: ARMv8.3-NV: HCR_NV trap takes precedence for ERETA[AB].  */
        if (trap) {
            pauth_trap(env, 2, ra);
        }
    }
    if (el < 3 && arm_feature(env, ARM_FEATURE_EL3)) {
        if (!(env->cp15.scr_el3 & SCR_API)) {
            pauth_trap(env, 3, ra);
        }
    }
}

static bool pauth_key_enabled(CPUARMState *env, int el, uint32_t bit)
{
    return (arm_sctlr(env, el) & bit) != 0;
}

uint64_t HELPER(pacia)(CPUARMState *env, uint64_t x, uint64_t y)
{
    int el = arm_current_el(env);
    if (!pauth_key_enabled(env, el, SCTLR_EnIA)) {
        return x;
    }
    pauth_check_trap(env, el, GETPC());
    return pauth_addpac(env, x, y, &env->keys.apia, false);
}

uint64_t HELPER(pacib)(CPUARMState *env, uint64_t x, uint64_t y)
{
    int el = arm_current_el(env);
    if (!pauth_key_enabled(env, el, SCTLR_EnIB)) {
        return x;
    }
    pauth_check_trap(env, el, GETPC());
    return pauth_addpac(env, x, y, &env->keys.apib, false);
}

uint64_t HELPER(pacda)(CPUARMState *env, uint64_t x, uint64_t y)
{
    int el = arm_current_el(env);
    if (!pauth_key_enabled(env, el, SCTLR_EnDA)) {
        return x;
    }
    pauth_check_trap(env, el, GETPC());
    return pauth_addpac(env, x, y, &env->keys.apda, true);
}

uint64_t HELPER(pacdb)(CPUARMState *env, uint64_t x, uint64_t y)
{
    int el = arm_current_el(env);
    if (!pauth_key_enabled(env, el, SCTLR_EnDB)) {
        return x;
    }
    pauth_check_trap(env, el, GETPC());
    return pauth_addpac(env, x, y, &env->keys.apdb, true);
}

uint64_t HELPER(pacga)(CPUARMState *env, uint64_t x, uint64_t y)
{
    uint64_t pac;

    pauth_check_trap(env, arm_current_el(env), GETPC());
    pac = pauth_computepac(x, y, env->keys.apga);

    return pac & 0xffffffff00000000ull;
}

uint64_t HELPER(autia)(CPUARMState *env, uint64_t x, uint64_t y)
{
    int el = arm_current_el(env);
    if (!pauth_key_enabled(env, el, SCTLR_EnIA)) {
        return x;
    }
    pauth_check_trap(env, el, GETPC());
    return pauth_auth(env, x, y, &env->keys.apia, false, 0);
}

uint64_t HELPER(autib)(CPUARMState *env, uint64_t x, uint64_t y)
{
    int el = arm_current_el(env);
    if (!pauth_key_enabled(env, el, SCTLR_EnIB)) {
        return x;
    }
    pauth_check_trap(env, el, GETPC());
    return pauth_auth(env, x, y, &env->keys.apib, false, 1);
}

uint64_t HELPER(autda)(CPUARMState *env, uint64_t x, uint64_t y)
{
    int el = arm_current_el(env);
    if (!pauth_key_enabled(env, el, SCTLR_EnDA)) {
        return x;
    }
    pauth_check_trap(env, el, GETPC());
    return pauth_auth(env, x, y, &env->keys.apda, true, 0);
}

uint64_t HELPER(autdb)(CPUARMState *env, uint64_t x, uint64_t y)
{
    int el = arm_current_el(env);
    if (!pauth_key_enabled(env, el, SCTLR_EnDB)) {
        return x;
    }
    pauth_check_trap(env, el, GETPC());
    return pauth_auth(env, x, y, &env->keys.apdb, true, 1);
}

uint64_t HELPER(xpaci)(CPUARMState *env, uint64_t a)
{
    return pauth_strip(env, a, false);
}

uint64_t HELPER(xpacd)(CPUARMState *env, uint64_t a)
{
    return pauth_strip(env, a, true);
}
Commit	Line	Data
0d43e1a2 RH	1	/*
	2	* ARM v8.3-PAuth Operations
	3	*
	4	* Copyright (c) 2019 Linaro, Ltd.
	5	*
	6	* This library is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU Lesser General Public
	8	* License as published by the Free Software Foundation; either
	9	* version 2 of the License, or (at your option) any later version.
	10	*
	11	* This library is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	* Lesser General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU Lesser General Public
	17	* License along with this library; if not, see <http://www.gnu.org/licenses/>.
	18	*/
	19
	20	#include "qemu/osdep.h"
	21	#include "cpu.h"
	22	#include "internals.h"
	23	#include "exec/exec-all.h"
	24	#include "exec/cpu_ldst.h"
	25	#include "exec/helper-proto.h"
	26	#include "tcg/tcg-gvec-desc.h"
	27
	28
990870b2 RH	29	static uint64_t pac_cell_shuffle(uint64_t i)
	30	{
	31	uint64_t o = 0;
	32
	33	o \|= extract64(i, 52, 4);
	34	o \|= extract64(i, 24, 4) << 4;
	35	o \|= extract64(i, 44, 4) << 8;
	36	o \|= extract64(i, 0, 4) << 12;
	37
	38	o \|= extract64(i, 28, 4) << 16;
	39	o \|= extract64(i, 48, 4) << 20;
	40	o \|= extract64(i, 4, 4) << 24;
	41	o \|= extract64(i, 40, 4) << 28;
	42
	43	o \|= extract64(i, 32, 4) << 32;
	44	o \|= extract64(i, 12, 4) << 36;
	45	o \|= extract64(i, 56, 4) << 40;
	46	o \|= extract64(i, 20, 4) << 44;
	47
	48	o \|= extract64(i, 8, 4) << 48;
	49	o \|= extract64(i, 36, 4) << 52;
	50	o \|= extract64(i, 16, 4) << 56;
	51	o \|= extract64(i, 60, 4) << 60;
	52
	53	return o;
	54	}
	55
	56	static uint64_t pac_cell_inv_shuffle(uint64_t i)
	57	{
	58	uint64_t o = 0;
	59
	60	o \|= extract64(i, 12, 4);
	61	o \|= extract64(i, 24, 4) << 4;
	62	o \|= extract64(i, 48, 4) << 8;
	63	o \|= extract64(i, 36, 4) << 12;
	64
	65	o \|= extract64(i, 56, 4) << 16;
	66	o \|= extract64(i, 44, 4) << 20;
	67	o \|= extract64(i, 4, 4) << 24;
	68	o \|= extract64(i, 16, 4) << 28;
	69
	70	o \|= i & MAKE_64BIT_MASK(32, 4);
	71	o \|= extract64(i, 52, 4) << 36;
	72	o \|= extract64(i, 28, 4) << 40;
	73	o \|= extract64(i, 8, 4) << 44;
	74
	75	o \|= extract64(i, 20, 4) << 48;
	76	o \|= extract64(i, 0, 4) << 52;
	77	o \|= extract64(i, 40, 4) << 56;
	78	o \|= i & MAKE_64BIT_MASK(60, 4);
	79
	80	return o;
	81	}
	82
	83	static uint64_t pac_sub(uint64_t i)
	84	{
	85	static const uint8_t sub[16] = {
	86	0xb, 0x6, 0x8, 0xf, 0xc, 0x0, 0x9, 0xe,
	87	0x3, 0x7, 0x4, 0x5, 0xd, 0x2, 0x1, 0xa,
	88	};
	89	uint64_t o = 0;
	90	int b;
	91
de0b1bae	92	for (b = 0; b < 64; b += 4) {
990870b2 RH	93	o \|= (uint64_t)sub[(i >> b) & 0xf] << b;
	94	}
	95	return o;
	96	}
	97
	98	static uint64_t pac_inv_sub(uint64_t i)
	99	{
	100	static const uint8_t inv_sub[16] = {
	101	0x5, 0xe, 0xd, 0x8, 0xa, 0xb, 0x1, 0x9,
	102	0x2, 0x6, 0xf, 0x0, 0x4, 0xc, 0x7, 0x3,
	103	};
	104	uint64_t o = 0;
	105	int b;
	106
de0b1bae	107	for (b = 0; b < 64; b += 4) {
990870b2 RH	108	o \|= (uint64_t)inv_sub[(i >> b) & 0xf] << b;
	109	}
	110	return o;
	111	}
	112
	113	static int rot_cell(int cell, int n)
	114	{
	115	/* 4-bit rotate left by n. */
	116	cell \|= cell << 4;
	117	return extract32(cell, 4 - n, 4);
	118	}
	119
	120	static uint64_t pac_mult(uint64_t i)
	121	{
	122	uint64_t o = 0;
	123	int b;
	124
	125	for (b = 0; b < 4 * 4; b += 4) {
	126	int i0, i4, i8, ic, t0, t1, t2, t3;
	127
	128	i0 = extract64(i, b, 4);
	129	i4 = extract64(i, b + 4 * 4, 4);
	130	i8 = extract64(i, b + 8 * 4, 4);
	131	ic = extract64(i, b + 12 * 4, 4);
	132
	133	t0 = rot_cell(i8, 1) ^ rot_cell(i4, 2) ^ rot_cell(i0, 1);
	134	t1 = rot_cell(ic, 1) ^ rot_cell(i4, 1) ^ rot_cell(i0, 2);
	135	t2 = rot_cell(ic, 2) ^ rot_cell(i8, 1) ^ rot_cell(i0, 1);
	136	t3 = rot_cell(ic, 1) ^ rot_cell(i8, 2) ^ rot_cell(i4, 1);
	137
	138	o \|= (uint64_t)t3 << b;
	139	o \|= (uint64_t)t2 << (b + 4 * 4);
	140	o \|= (uint64_t)t1 << (b + 8 * 4);
	141	o \|= (uint64_t)t0 << (b + 12 * 4);
	142	}
	143	return o;
	144	}
	145
	146	static uint64_t tweak_cell_rot(uint64_t cell)
	147	{
	148	return (cell >> 1) \| (((cell ^ (cell >> 1)) & 1) << 3);
	149	}
	150
	151	static uint64_t tweak_shuffle(uint64_t i)
	152	{
	153	uint64_t o = 0;
	154
	155	o \|= extract64(i, 16, 4) << 0;
	156	o \|= extract64(i, 20, 4) << 4;
	157	o \|= tweak_cell_rot(extract64(i, 24, 4)) << 8;
	158	o \|= extract64(i, 28, 4) << 12;
	159
	160	o \|= tweak_cell_rot(extract64(i, 44, 4)) << 16;
	161	o \|= extract64(i, 8, 4) << 20;
	162	o \|= extract64(i, 12, 4) << 24;
	163	o \|= tweak_cell_rot(extract64(i, 32, 4)) << 28;
	164
	165	o \|= extract64(i, 48, 4) << 32;
	166	o \|= extract64(i, 52, 4) << 36;
	167	o \|= extract64(i, 56, 4) << 40;
	168	o \|= tweak_cell_rot(extract64(i, 60, 4)) << 44;
	169
	170	o \|= tweak_cell_rot(extract64(i, 0, 4)) << 48;
	171	o \|= extract64(i, 4, 4) << 52;
172	o \|= tweak_cell_rot(extract64(i, 40, 4)) << 56;
173	o \|= tweak_cell_rot(extract64(i, 36, 4)) << 60;
174
175	return o;
176	}
177
178	static uint64_t tweak_cell_inv_rot(uint64_t cell)
179	{
180	return ((cell << 1) & 0xf) \| ((cell & 1) ^ (cell >> 3));
181	}
182
183	static uint64_t tweak_inv_shuffle(uint64_t i)
184	{
185	uint64_t o = 0;
186
187	o \|= tweak_cell_inv_rot(extract64(i, 48, 4));
188	o \|= extract64(i, 52, 4) << 4;
189	o \|= extract64(i, 20, 4) << 8;
190	o \|= extract64(i, 24, 4) << 12;
191
192	o \|= extract64(i, 0, 4) << 16;
193	o \|= extract64(i, 4, 4) << 20;
194	o \|= tweak_cell_inv_rot(extract64(i, 8, 4)) << 24;
195	o \|= extract64(i, 12, 4) << 28;
196
197	o \|= tweak_cell_inv_rot(extract64(i, 28, 4)) << 32;
198	o \|= tweak_cell_inv_rot(extract64(i, 60, 4)) << 36;
199	o \|= tweak_cell_inv_rot(extract64(i, 56, 4)) << 40;
200	o \|= tweak_cell_inv_rot(extract64(i, 16, 4)) << 44;
201
202	o \|= extract64(i, 32, 4) << 48;
203	o \|= extract64(i, 36, 4) << 52;
204	o \|= extract64(i, 40, 4) << 56;
205	o \|= tweak_cell_inv_rot(extract64(i, 44, 4)) << 60;
206
207	return o;
208	}
209
0d43e1a2 RH	210	static uint64_t pauth_computepac(uint64_t data, uint64_t modifier,
	211	ARMPACKey key)
	212	{
990870b2 RH	213	static const uint64_t RC[5] = {
	214	0x0000000000000000ull,
	215	0x13198A2E03707344ull,
	216	0xA4093822299F31D0ull,
	217	0x082EFA98EC4E6C89ull,
	218	0x452821E638D01377ull,
	219	};
	220	const uint64_t alpha = 0xC0AC29B7C97C50DDull;
	221	/*
	222	* Note that in the ARM pseudocode, key0 contains bits <127:64>
	223	* and key1 contains bits <63:0> of the 128-bit key.
	224	*/
	225	uint64_t key0 = key.hi, key1 = key.lo;
	226	uint64_t workingval, runningmod, roundkey, modk0;
	227	int i;
	228
	229	modk0 = (key0 << 63) \| ((key0 >> 1) ^ (key0 >> 63));
	230	runningmod = modifier;
	231	workingval = data ^ key0;
	232
	233	for (i = 0; i <= 4; ++i) {
	234	roundkey = key1 ^ runningmod;
	235	workingval ^= roundkey;
	236	workingval ^= RC[i];
	237	if (i > 0) {
	238	workingval = pac_cell_shuffle(workingval);
	239	workingval = pac_mult(workingval);
	240	}
	241	workingval = pac_sub(workingval);
	242	runningmod = tweak_shuffle(runningmod);
	243	}
	244	roundkey = modk0 ^ runningmod;
	245	workingval ^= roundkey;
	246	workingval = pac_cell_shuffle(workingval);
	247	workingval = pac_mult(workingval);
	248	workingval = pac_sub(workingval);
	249	workingval = pac_cell_shuffle(workingval);
	250	workingval = pac_mult(workingval);
	251	workingval ^= key1;
	252	workingval = pac_cell_inv_shuffle(workingval);
	253	workingval = pac_inv_sub(workingval);
	254	workingval = pac_mult(workingval);
	255	workingval = pac_cell_inv_shuffle(workingval);
	256	workingval ^= key0;
	257	workingval ^= runningmod;
	258	for (i = 0; i <= 4; ++i) {
	259	workingval = pac_inv_sub(workingval);
	260	if (i < 4) {
	261	workingval = pac_mult(workingval);
	262	workingval = pac_cell_inv_shuffle(workingval);
	263	}
	264	runningmod = tweak_inv_shuffle(runningmod);
	265	roundkey = key1 ^ runningmod;
	266	workingval ^= RC[4 - i];
	267	workingval ^= roundkey;
	268	workingval ^= alpha;
	269	}
	270	workingval ^= modk0;
	271
	272	return workingval;
0d43e1a2 RH	273	}
	274
	275	static uint64_t pauth_addpac(CPUARMState *env, uint64_t ptr, uint64_t modifier,
	276	ARMPACKey *key, bool data)
	277	{
63ff0ca9 RH	278	ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
	279	ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
	280	uint64_t pac, ext_ptr, ext, test;
	281	int bot_bit, top_bit;
	282
	283	/* If tagged pointers are in use, use ptr<55>, otherwise ptr<63>. */
	284	if (param.tbi) {
	285	ext = sextract64(ptr, 55, 1);
	286	} else {
	287	ext = sextract64(ptr, 63, 1);
	288	}
	289
	290	/* Build a pointer with known good extension bits. */
	291	top_bit = 64 - 8 * param.tbi;
	292	bot_bit = 64 - param.tsz;
	293	ext_ptr = deposit64(ptr, bot_bit, top_bit - bot_bit, ext);
	294
	295	pac = pauth_computepac(ext_ptr, modifier, *key);
	296
	297	/*
	298	* Check if the ptr has good extension bits and corrupt the
	299	* pointer authentication code if not.
	300	*/
	301	test = sextract64(ptr, bot_bit, top_bit - bot_bit);
	302	if (test != 0 && test != -1) {
	303	pac ^= MAKE_64BIT_MASK(top_bit - 1, 1);
	304	}
	305
	306	/*
	307	* Preserve the determination between upper and lower at bit 55,
	308	* and insert pointer authentication code.
	309	*/
	310	if (param.tbi) {
	311	ptr &= ~MAKE_64BIT_MASK(bot_bit, 55 - bot_bit + 1);
	312	pac &= MAKE_64BIT_MASK(bot_bit, 54 - bot_bit + 1);
	313	} else {
	314	ptr &= MAKE_64BIT_MASK(0, bot_bit);
	315	pac &= ~(MAKE_64BIT_MASK(55, 1) \| MAKE_64BIT_MASK(0, bot_bit));
	316	}
	317	ext &= MAKE_64BIT_MASK(55, 1);
	318	return pac \| ext \| ptr;
0d43e1a2 RH	319	}
0d43e1a2 RH	320
04d13549 RH	321	static uint64_t pauth_original_ptr(uint64_t ptr, ARMVAParameters param)
04d13549 RH	322	{
7eeb4c2c RH	323	/* Note that bit 55 is used whether or not the regime has 2 ranges. */
7eeb4c2c RH	324	uint64_t extfield = sextract64(ptr, 55, 1);
04d13549 RH	325	int bot_pac_bit = 64 - param.tsz;
	326	int top_pac_bit = 64 - 8 * param.tbi;
	327
	328	return deposit64(ptr, bot_pac_bit, top_pac_bit - bot_pac_bit, extfield);
	329	}
	330
0d43e1a2 RH	331	static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
	332	ARMPACKey *key, bool data, int keynumber)
	333	{
a7bfa086 RH	334	ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
	335	ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
	336	int bot_bit, top_bit;
	337	uint64_t pac, orig_ptr, test;
	338
	339	orig_ptr = pauth_original_ptr(ptr, param);
	340	pac = pauth_computepac(orig_ptr, modifier, *key);
	341	bot_bit = 64 - param.tsz;
	342	top_bit = 64 - 8 * param.tbi;
	343
	344	test = (pac ^ ptr) & ~MAKE_64BIT_MASK(55, 1);
	345	if (unlikely(extract64(test, bot_bit, top_bit - bot_bit))) {
	346	int error_code = (keynumber << 1) \| (keynumber ^ 1);
	347	if (param.tbi) {
d67ebada	348	return deposit64(orig_ptr, 53, 2, error_code);
a7bfa086	349	} else {
d67ebada	350	return deposit64(orig_ptr, 61, 2, error_code);
a7bfa086 RH	351	}
	352	}
	353	return orig_ptr;
0d43e1a2 RH	354	}
	355
	356	static uint64_t pauth_strip(CPUARMState *env, uint64_t ptr, bool data)
	357	{
04d13549 RH	358	ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
	359	ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
	360
	361	return pauth_original_ptr(ptr, param);
0d43e1a2 RH	362	}
	363
	364	static void QEMU_NORETURN pauth_trap(CPUARMState *env, int target_el,
	365	uintptr_t ra)
	366	{
	367	raise_exception_ra(env, EXCP_UDEF, syn_pactrap(), target_el, ra);
	368	}
	369
	370	static void pauth_check_trap(CPUARMState *env, int el, uintptr_t ra)
	371	{
	372	if (el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
	373	uint64_t hcr = arm_hcr_el2_eff(env);
	374	bool trap = !(hcr & HCR_API);
a7469a3c AB	375	if (el == 0) {
	376	/* Trap only applies to EL1&0 regime. */
	377	trap &= (hcr & (HCR_E2H \| HCR_TGE)) != (HCR_E2H \| HCR_TGE);
	378	}
0d43e1a2 RH	379	/* FIXME: ARMv8.3-NV: HCR_NV trap takes precedence for ERETA[AB]. */
	380	if (trap) {
	381	pauth_trap(env, 2, ra);
	382	}
	383	}
	384	if (el < 3 && arm_feature(env, ARM_FEATURE_EL3)) {
	385	if (!(env->cp15.scr_el3 & SCR_API)) {
	386	pauth_trap(env, 3, ra);
	387	}
	388	}
	389	}
	390
	391	static bool pauth_key_enabled(CPUARMState *env, int el, uint32_t bit)
	392	{
aaec1432	393	return (arm_sctlr(env, el) & bit) != 0;
0d43e1a2 RH	394	}
	395
	396	uint64_t HELPER(pacia)(CPUARMState *env, uint64_t x, uint64_t y)
	397	{
	398	int el = arm_current_el(env);
	399	if (!pauth_key_enabled(env, el, SCTLR_EnIA)) {
	400	return x;
	401	}
	402	pauth_check_trap(env, el, GETPC());
108b3ba8	403	return pauth_addpac(env, x, y, &env->keys.apia, false);
0d43e1a2 RH	404	}
	405
	406	uint64_t HELPER(pacib)(CPUARMState *env, uint64_t x, uint64_t y)
	407	{
	408	int el = arm_current_el(env);
	409	if (!pauth_key_enabled(env, el, SCTLR_EnIB)) {
	410	return x;
	411	}
	412	pauth_check_trap(env, el, GETPC());
108b3ba8	413	return pauth_addpac(env, x, y, &env->keys.apib, false);
0d43e1a2 RH	414	}
	415
	416	uint64_t HELPER(pacda)(CPUARMState *env, uint64_t x, uint64_t y)
	417	{
	418	int el = arm_current_el(env);
	419	if (!pauth_key_enabled(env, el, SCTLR_EnDA)) {
	420	return x;
	421	}
	422	pauth_check_trap(env, el, GETPC());
108b3ba8	423	return pauth_addpac(env, x, y, &env->keys.apda, true);
0d43e1a2 RH	424	}
	425
	426	uint64_t HELPER(pacdb)(CPUARMState *env, uint64_t x, uint64_t y)
	427	{
	428	int el = arm_current_el(env);
	429	if (!pauth_key_enabled(env, el, SCTLR_EnDB)) {
	430	return x;
	431	}
	432	pauth_check_trap(env, el, GETPC());
108b3ba8	433	return pauth_addpac(env, x, y, &env->keys.apdb, true);
0d43e1a2 RH	434	}
	435
	436	uint64_t HELPER(pacga)(CPUARMState *env, uint64_t x, uint64_t y)
	437	{
	438	uint64_t pac;
	439
	440	pauth_check_trap(env, arm_current_el(env), GETPC());
108b3ba8	441	pac = pauth_computepac(x, y, env->keys.apga);
0d43e1a2 RH	442
	443	return pac & 0xffffffff00000000ull;
	444	}
	445
	446	uint64_t HELPER(autia)(CPUARMState *env, uint64_t x, uint64_t y)
	447	{
	448	int el = arm_current_el(env);
	449	if (!pauth_key_enabled(env, el, SCTLR_EnIA)) {
	450	return x;
	451	}
	452	pauth_check_trap(env, el, GETPC());
108b3ba8	453	return pauth_auth(env, x, y, &env->keys.apia, false, 0);
0d43e1a2 RH	454	}
	455
	456	uint64_t HELPER(autib)(CPUARMState *env, uint64_t x, uint64_t y)
	457	{
	458	int el = arm_current_el(env);
	459	if (!pauth_key_enabled(env, el, SCTLR_EnIB)) {
	460	return x;
	461	}
	462	pauth_check_trap(env, el, GETPC());
108b3ba8	463	return pauth_auth(env, x, y, &env->keys.apib, false, 1);
0d43e1a2 RH	464	}
	465
	466	uint64_t HELPER(autda)(CPUARMState *env, uint64_t x, uint64_t y)
	467	{
	468	int el = arm_current_el(env);
	469	if (!pauth_key_enabled(env, el, SCTLR_EnDA)) {
	470	return x;
	471	}
	472	pauth_check_trap(env, el, GETPC());
108b3ba8	473	return pauth_auth(env, x, y, &env->keys.apda, true, 0);
0d43e1a2 RH	474	}
	475
	476	uint64_t HELPER(autdb)(CPUARMState *env, uint64_t x, uint64_t y)
	477	{
	478	int el = arm_current_el(env);
	479	if (!pauth_key_enabled(env, el, SCTLR_EnDB)) {
	480	return x;
	481	}
	482	pauth_check_trap(env, el, GETPC());
108b3ba8	483	return pauth_auth(env, x, y, &env->keys.apdb, true, 1);
0d43e1a2 RH	484	}
	485
	486	uint64_t HELPER(xpaci)(CPUARMState *env, uint64_t a)
	487	{
	488	return pauth_strip(env, a, false);
	489	}
	490
	491	uint64_t HELPER(xpacd)(CPUARMState *env, uint64_t a)
	492	{
	493	return pauth_strip(env, a, true);
	494	}