ARM v8.3a pauth not working
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| QEMU |
Fix Released
|
Undecided
|
Richard Henderson | ||
Bug Description
Host: Ubuntu 19.10 - x86_64 machine
QEMU version: 3a63b24a1bbf166
ARMV8.3 pauth is not working well.
With a test code containing two pauth instructions:
- paciasp that sign LR with A key and sp as context;
- autiasp that verify the signature.
Test:
- Run the program and corrupt LR just before autiasp (ex 0x3e00000400660 instead of 0x3e000000400664)
Expected:
- autiasp places an invalid pointer in LR
Result:
- autiasp successfully auth the pointer and places 0x0400660 in LR.
Further explanations:
Adding traces in qemu code shows that "pauth_computepac" is not robust enough against truncating.
With 0x31000000400664 as input of pauth_auth, we obtain "0x55b1d65b2c13
With 0x310040008743ec as input of pauth (with same key), we obtain "0x55b1d65b2c13
Values of top_bit and bottom_bit are strictly the same and it should not.
CVE References
| Changed in qemu: | |
| assignee: | nobody → Richard Henderson (rth) |
| status: | New → Confirmed |
| Vincent Dehors (vdehors) wrote | #1 |
| Richard Henderson (rth) wrote | #2 |
| Richard Henderson (rth) wrote | #3 |
| Richard Henderson (rth) wrote | #4 |
| Changed in qemu: | |
| status: | Confirmed → Fix Committed |
| Changed in qemu: | |
| status: | Fix Committed → Fix Released |
| Philippe Mathieu-Daudé (philmd) wrote | #5 |
Hi,
Here is a patch for this bug. The sbox function was using "b+=16" instead of "b+=4".
Also, you check test vector using :
```c
uint64_t P = 0xfb623599da6e8
uint64_t T = 0x477d469dec0b8
uint64_t w0 = 0x84be85ce9804e
uint64_t k0 = 0xec2802d4e0a48
ARMPACKey key = { .hi = w0, .lo = k0 };
uint64_t C5 = pauth_computepac(P, T, key);
/* C5 should be 0xc003b93999b33765 */
```