tests/tcg/aarch64/system/pauth-3.c - qemu - Git at Google

 #include <stdint.h>
 #include <minilib.h>

 int main()
 {
     /*
      * Test vector from QARMA paper (https://eprint.iacr.org/2016/444.pdf)
      * to verify one computation of the pauth_computepac() function,
      * which uses sbox2.
      *
      * Use PACGA, because it returns the most bits from ComputePAC.
      * We still only get the most significant 32-bits of the result.
      */

     static const uint64_t d[5] = {
         0xfb623599da6e8127ull,
         0x477d469dec0b8762ull,
         0x84be85ce9804e94bull,
         0xec2802d4e0a488e9ull,
         0xc003b93999b33765ull & 0xffffffff00000000ull
     };
     uint64_t r;

     asm("msr apgakeyhi_el1, %[w0]\n\t"
         "msr apgakeylo_el1, %[k0]\n\t"
         "pacga %[r], %[P], %[T]"
         : [r] "=r"(r)
         : [P] "r" (d[0]),
           [T] "r" (d[1]),
           [w0] "r" (d[2]),
           [k0] "r" (d[3]));

     if (r == d[4]) {
         ml_printf("OK\n");
         return 0;
     } else {
         ml_printf("FAIL: %lx != %lx\n", r, d[4]);
         return 1;
     }
 }
	#include <stdint.h>
	#include <minilib.h>

	int main()
	{
	/*
	* Test vector from QARMA paper (https://eprint.iacr.org/2016/444.pdf)
	* to verify one computation of the pauth_computepac() function,
	* which uses sbox2.
	*
	* Use PACGA, because it returns the most bits from ComputePAC.
	* We still only get the most significant 32-bits of the result.
	*/

	static const uint64_t d[5] = {
	0xfb623599da6e8127ull,
	0x477d469dec0b8762ull,
	0x84be85ce9804e94bull,
	0xec2802d4e0a488e9ull,
	0xc003b93999b33765ull & 0xffffffff00000000ull
	};
	uint64_t r;

	asm("msr apgakeyhi_el1, %[w0]\n\t"
	"msr apgakeylo_el1, %[k0]\n\t"
	"pacga %[r], %[P], %[T]"
	: [r] "=r"(r)
	: [P] "r" (d[0]),
	[T] "r" (d[1]),
	[w0] "r" (d[2]),
	[k0] "r" (d[3]));

	if (r == d[4]) {
	ml_printf("OK\n");
	return 0;
	} else {
	ml_printf("FAIL: %lx != %lx\n", r, d[4]);
	return 1;
	}
	}