Set w19 earlier before cipher-stealing of 1 block + tail.

Author: nebeid

crypto/fipsmodule/modes/xts_test.cc

@@ -34,6 +34,50 @@ struct XTSTestCase {
 };
 
 static const XTSTestCase kXTSTestCases[] = {
+    // tests that were failing:
+    // ACCP test vector
+    // https://github.com/corretto/amazon-corretto-crypto-provider/blob/a4c4876cceb6b3b8209b2a5cb57a2f38622146b9/tst/com/amazon/corretto/crypto/provider/test/AesXtsTest.java#L415
+    // len = 24 bytes = 1 block + 8 bytes
+    {
+        "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
+        "202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F",
+        "000102030405060708090A0B0C0D0E0F",
+        "000102030405060708090A0B0C0D0E0F1011121314151617",
+        "770407bac58070c22a0d2b1c8b0ad644b82298441f93d2a0",
+    },
+    // other failing ones
+    {
+        "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
+        "202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F",
+        "000102030405060708090A0B0C0D0E0A",
+        "000102030405060708090A0B0C0D0E0F10111213141516",
+        "7ce0976476adfe592dd6a1815815781da3eabf2e5faa74",
+    },
+    {
+        "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
+        "202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E"
+        "35",
+        "000102030405060708090A0B0C0D0E0A",
+        "000102030405060708090A0B0C0D0E0F10111213141516",
+        "2f4de89842bb832dd96cf4293a2d1a4f740de1dccde3ab",
+    },
+    {
+        "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
+        "202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E"
+        "35",
+        "000102030405060708090A0B0C0D0E05",
+        "000102030405060708090A0B0C0D0E0F10111213141516",
+        "2aeae116c8f5fca3cd99cdd475b2e3e1a994639d8eb978",
+    },
+    {
+        "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
+        "202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E"
+        "35",
+        "000102030405060708090A0B0C0D0E0A",
+        "000102030405060708090A0B0C0D0E0F1011121314151617",
+        "ec639ea5987c576706713e36b05336ff740de1dccde3ab16",
+    },
+
     // Test vectors from OpenSSL 1.1.1d.
     // plaintext length = 32 blocks = 512 bytes
     {
@@ -238,6 +282,44 @@ static const XTSTestCase kXTSTestCases[] = {
         "000102030405060708090a0b0c0d0e0f101112131415",
         "75e8188bcce59ada939f57de2cb9a489c30ca8f2ed57",
     },
+    // additional tests that were passing, when trying to figure out why the other ones were failing
+    {
+        "fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0efeeedecebeae9e8e7e6e5e4e3e2e1e0"
+        "bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0afaeadacabaaa9a8a7a6a5a4a3a2a1a0",
+        "9a78563412000000000000000000000A",
+        "000102030405060708090a0b0c0d0e0f1011121314151617",
+        "57e8e7cde35c83b70fea50ec0129e25ab5bde4156e8ab6f5",
+    },
+    {
+        "fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0efeeedecebeae9e8e7e6e5e4e3e2e1e0"
+        "bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0afaeadacabaaa9a8a7a6a5a4a3a2a1a0",
+        "000102030405060708090A0B0C0D0E0A",
+        "000102030405060708090a0b0c0d0e0f1011121314151617",
+        "bb9b4595bd94766adc7ec2ba913c109aca30758281c77213",
+    },
+    {
+        "fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0efeeedecebeae9e8e7e6e5e4e3e2e1e0"
+        "bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0afaeadacabaaa9a8a7a6a5a4a3a2a1a0",
+        "000102030405060708090A0B0C0D0E0A",
+        "000102030405060708090a0b0c0d0e0f10111213141516",
+        "f2abc22f884f2a1d94570b4d43dc521aca30758281c772",
+    },
+
+    {
+        "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
+        "202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F",
+        "9a785634120000000000000000000000",
+        "000102030405060708090A0B0C0D0E0F1011121314151617",
+        "cd72ea12eeb4c85ca07a9366e66e9e491ad4aaecba8050a2",
+    },
+    {
+        "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
+        "202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F",
+        "000102030405060708090A0B0C0D0E07",
+        "000102030405060708090A0B0C0D0E0F1011121314151617",
+        "0462384df00d699e5637933a5aa90a23c423b54aa5ae47d1",
+    },
+
     // https://github.com/BrianGladman/modes/blob/master/testvals/xts.6#L433
     // VEC 45, len = 31 bytes = 1 block + 15 bytes
     {
@@ -290,6 +372,17 @@ static const XTSTestCase kXTSTestCases[] = {
         "6f229c1b60833e2a50a041b360d991814c6ec7f3199d8b2482f5b19b64c32013"
         "a679f1361a011bf37b2e1565"
     },
+
+    {
+        "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
+        "202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F",
+        "000102030405060708090A0B0C0D0E0F",
+        "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
+        "202122232425262F",
+        "b82298441f93d2a0ad34668c7df66e4c8544720992ae2ecc0462c41fa816109f"
+        "9ce4d6a936a41f0f",
+    },
+
     // len = 51 bytes = 3 blocks + 3 bytes
     {
         "fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0efeeedecebeae9e8e7e6e5e4e3e2e1e0"

third_party/s2n-bignum/s2n-bignum-to-be-imported/arm/aes/aes-xts-enc.S

@@ -104,6 +104,7 @@ S2N_BN_SYMBOL(aes_hw_xts_encrypt):
 
 // Encryption
 .Lxts_enc:
+        mov   w19, #0x87
         cmp x2, #0x20
         b.lo .Lxts_enc_tail1x   // when input = 1 with tail
 
@@ -112,7 +113,6 @@ S2N_BN_SYMBOL(aes_hw_xts_encrypt):
         // the five ivs stored into, v6.16b,v8.16b,v9.16b,v10.16b,v11.16b
         fmov  x9, d6
         fmov  x10, v6.d[1]
-        mov   w19, #0x87
         tweak(d8, v8.d[1])
 
         cmp x2, #0x30