tests/tcg/aarch64: Add pauth-3

This is the test vector from the QARMA paper, run through PACGA.

Suggested-by: Vincent Dehors <vincent.dehors@smile.fr>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200116230809.19078-4-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

tests/tcg/aarch64/Makefile.softmmu-target

@@ -61,4 +61,7 @@ run-memory-replay: memory-replay run-memory-record
 	   	  $(QEMU_OPTS) memory, \
 	  "$< on $(TARGET_NAME)")
 
-EXTRA_TESTS+=memory-record memory-replay
+run-pauth-3: pauth-3
+pauth-3: CFLAGS += -march=armv8.3-a
+
+EXTRA_TESTS+=memory-record memory-replay pauth-3

tests/tcg/aarch64/system/pauth-3.c

@@ -0,0 +1,40 @@
+#include <inttypes.h>
+#include <minilib.h>
+
+int main()
+{
+    /*
+     * Test vector from QARMA paper (https://eprint.iacr.org/2016/444.pdf)
+     * to verify one computation of the pauth_computepac() function,
+     * which uses sbox2.
+     *
+     * Use PACGA, because it returns the most bits from ComputePAC.
+     * We still only get the most significant 32-bits of the result.
+     */
+
+    static const uint64_t d[5] = {
+        0xfb623599da6e8127ull,
+        0x477d469dec0b8762ull,
+        0x84be85ce9804e94bull,
+        0xec2802d4e0a488e9ull,
+        0xc003b93999b33765ull & 0xffffffff00000000ull
+    };
+    uint64_t r;
+
+    asm("msr apgakeyhi_el1, %[w0]\n\t"
+        "msr apgakeylo_el1, %[k0]\n\t"
+        "pacga %[r], %[P], %[T]"
+        : [r] "=r"(r)
+        : [P] "r" (d[0]),
+          [T] "r" (d[1]),
+          [w0] "r" (d[2]),
+          [k0] "r" (d[3]));
+
+    if (r == d[4]) {
+        ml_printf("OK\n");
+        return 0;
+    } else {
+        ml_printf("FAIL: %lx != %lx\n", r, d[4]);
+        return 1;
+    }
+}