1*73fc0798SRichard Henderson #include <inttypes.h> 2*73fc0798SRichard Henderson #include <minilib.h> 3*73fc0798SRichard Henderson 4*73fc0798SRichard Henderson int main() 5*73fc0798SRichard Henderson { 6*73fc0798SRichard Henderson /* 7*73fc0798SRichard Henderson * Test vector from QARMA paper (https://eprint.iacr.org/2016/444.pdf) 8*73fc0798SRichard Henderson * to verify one computation of the pauth_computepac() function, 9*73fc0798SRichard Henderson * which uses sbox2. 10*73fc0798SRichard Henderson * 11*73fc0798SRichard Henderson * Use PACGA, because it returns the most bits from ComputePAC. 12*73fc0798SRichard Henderson * We still only get the most significant 32-bits of the result. 13*73fc0798SRichard Henderson */ 14*73fc0798SRichard Henderson 15*73fc0798SRichard Henderson static const uint64_t d[5] = { 16*73fc0798SRichard Henderson 0xfb623599da6e8127ull, 17*73fc0798SRichard Henderson 0x477d469dec0b8762ull, 18*73fc0798SRichard Henderson 0x84be85ce9804e94bull, 19*73fc0798SRichard Henderson 0xec2802d4e0a488e9ull, 20*73fc0798SRichard Henderson 0xc003b93999b33765ull & 0xffffffff00000000ull 21*73fc0798SRichard Henderson }; 22*73fc0798SRichard Henderson uint64_t r; 23*73fc0798SRichard Henderson 24*73fc0798SRichard Henderson asm("msr apgakeyhi_el1, %[w0]\n\t" 25*73fc0798SRichard Henderson "msr apgakeylo_el1, %[k0]\n\t" 26*73fc0798SRichard Henderson "pacga %[r], %[P], %[T]" 27*73fc0798SRichard Henderson : [r] "=r"(r) 28*73fc0798SRichard Henderson : [P] "r" (d[0]), 29*73fc0798SRichard Henderson [T] "r" (d[1]), 30*73fc0798SRichard Henderson [w0] "r" (d[2]), 31*73fc0798SRichard Henderson [k0] "r" (d[3])); 32*73fc0798SRichard Henderson 33*73fc0798SRichard Henderson if (r == d[4]) { 34*73fc0798SRichard Henderson ml_printf("OK\n"); 35*73fc0798SRichard Henderson return 0; 36*73fc0798SRichard Henderson } else { 37*73fc0798SRichard Henderson ml_printf("FAIL: %lx != %lx\n", r, d[4]); 38*73fc0798SRichard Henderson return 1; 39*73fc0798SRichard Henderson } 40*73fc0798SRichard Henderson } 41