Google Git
Sign in
opensecura/3p/cheriot-rtos/e8d3881ceb8f6eb638ef5d50b23153ebc0591fe7^!/.
commit
e8d3881ceb8f6eb638ef5d50b23153ebc0591fe7
[log]
author
Nathaniel Wesley Filardo <wes.filardo@scisemi.com>
Thu Nov 14 16:02:51 2024 +0000
committer
Nathaniel Wesley Filardo <VP331RHQ115POU58JFRLKB7OPA0L18E3@cmx.ietfng.org>
Thu Nov 14 16:35:47 2024 +0000
tree
a464cdc74eff9136692037637c9b0c7e00ec904a
parent
3fb572f1a9617426ca38712cd007f84bfa46cb52 [diff]
token_unseal: leave scalar in temporary register

It doesn't hurt to leave a caller-provided capability in a dead
temporary register, but it hurts even less to leave a scalar instead.

Co-authored-by: David Chisnall <github@theravensnest.org>

diff --git a/sdk/core/token_library/token_unseal.S b/sdk/core/token_library/token_unseal.S
index 62eaece..39cfc2e 100644
--- a/sdk/core/token_library/token_unseal.S
+++ b/sdk/core/token_library/token_unseal.S

@@ -36,9 +36,9 @@
    *
    *  - a2 contains the expected sealing type.
    *
-   *  - t0/ct0 holds a copy of the user key
+   *  - t0 holds a copy of the user key's address field (authorized type)
    *
-   *  - t1/ct1 is used within each local computation and never holds secrets
+   *  - t1 is used within each local computation and never holds secrets
    */
 
   /* Verify key tag */
@@ -56,8 +56,8 @@
   andi     t1, t1, CHERI_PERM_UNSEAL
   beqz     t1, .Lexit_failure
 
-  /* Copy key capability to scratch register */
-  cmove ct0, ca0
+  /* Copy key type to scratch register */
+  cgetaddr t0, ca0
 
   /*
    * Load unsealing root capability, to be clobbered by return value
@@ -82,10 +82,7 @@
    */
   clw t1, TokenSObj_offset_type(ca0)
 
-  /*
-   * Verify that the loaded value matches the address of the key (via as-integer
-   * access to capability register ct0).
-   */
+  /* Verify that the loaded value matches the address of the key. */
   bne t0, t1, .Lexit_failure
 
   /* Subset bounds to ->data */