blob: 872bf6ff66c58dd1424cb90be3f60c1045af0cba [file] [log] [blame]
// Copyright Microsoft and CHERIoT Contributors.
// SPDX-License-Identifier: MIT
#define TEST_NAME "Static sealing (inner compartment)"
#include "static_sealing.h"
#include "tests.hh"
using namespace CHERI;
void test_static_sealed_object(Sealed<TestType> obj)
{
// Get our static sealing key.
SKey key = STATIC_SEALING_TYPE(SealingType);
Capability keyCap{key};
debug_log("Static sealing key: {}", key);
// Make sure the sealing key has sensible permissions
TEST((check_pointer<PermissionSet{Permission::Seal,
Permission::Unseal,
Permission::Global,
Permission::User0}>(key, 1)),
"Incorrect permissions on static sealing key {}",
key);
// Make sure it's in the right range.
TEST(
keyCap.address() >= 16,
"Software sealing key has an address in the hardware-reserved range: {}",
keyCap.address());
TEST(keyCap.address() < 0x10000,
"Software sealing key has an address too large: {}",
keyCap.address());
// Make sure that it's a single sealing type
TEST(keyCap.bounds() == 1, "Invalid bounds on {}", key);
// Try to use it
Capability unsealed = token_unseal(key, obj);
debug_log("Unsealed object: {}", unsealed);
// Make sure that the unsealed allocation is the right everything.
TEST(unsealed->value == 42, "Unexpected value in static sealed object");
TEST(unsealed.length() == sizeof(TestType),
"Incorrect length on unsealed capability {}",
unsealed);
TEST((check_pointer<PermissionSet{Permission::Load,
Permission::Store,
Permission::LoadStoreCapability,
Permission::LoadMutable,
Permission::LoadGlobal,
Permission::Global}>(unsealed, 1)),
"Incorrect permissions on unsealed statically sealed object {}",
unsealed);
}