Add ABI tests for aesni-gcm-x86_64.pl.

Change-Id: Ic23fc5fbec2c4f8df5d06f807c6bd2c5e1f0e99c
Reviewed-on: https://boringssl-review.googlesource.com/c/34865
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/fipsmodule/modes/gcm_test.cc b/crypto/fipsmodule/modes/gcm_test.cc
index 7110f1c..47ecd29 100644
--- a/crypto/fipsmodule/modes/gcm_test.cc
+++ b/crypto/fipsmodule/modes/gcm_test.cc
@@ -56,10 +56,11 @@
 #include <openssl/aes.h>
 #include <openssl/cpu.h>
 
-#include "internal.h"
 #include "../../test/abi_test.h"
 #include "../../test/file_test.h"
 #include "../../test/test_util.h"
+#include "../aes/internal.h"
+#include "internal.h"
 
 
 TEST(GCMTest, TestVectors) {
@@ -172,6 +173,34 @@
       for (size_t blocks : kBlockCounts) {
         CHECK_ABI_SEH(gcm_ghash_avx, X, Htable, buf, 16 * blocks);
       }
+
+      if (hwaes_capable()) {
+        AES_KEY aes_key;
+        static const uint8_t kKey[16] = {0};
+
+        // aesni_gcm_* makes assumptions about |GCM128_CONTEXT|'s layout.
+        GCM128_CONTEXT gcm;
+        memset(&gcm, 0, sizeof(gcm));
+        memcpy(&gcm.gcm_key.H, kH, sizeof(kH));
+        memcpy(&gcm.gcm_key.Htable, Htable, sizeof(Htable));
+        memcpy(&gcm.Xi, X, sizeof(X));
+        uint8_t iv[16] = {0};
+
+        aes_hw_set_encrypt_key(kKey, 128, &aes_key);
+        for (size_t blocks : kBlockCounts) {
+          CHECK_ABI(aesni_gcm_encrypt, buf, buf, blocks * 16, &aes_key, iv,
+                    gcm.Xi.u);
+          CHECK_ABI(aesni_gcm_encrypt, buf, buf, blocks * 16 + 7, &aes_key, iv,
+                    gcm.Xi.u);
+        }
+        aes_hw_set_decrypt_key(kKey, 128, &aes_key);
+        for (size_t blocks : kBlockCounts) {
+          CHECK_ABI(aesni_gcm_decrypt, buf, buf, blocks * 16, &aes_key, iv,
+                    gcm.Xi.u);
+          CHECK_ABI(aesni_gcm_decrypt, buf, buf, blocks * 16 + 7, &aes_key, iv,
+                    gcm.Xi.u);
+        }
+      }
     }
 #endif  // GHASH_ASM_X86_64
   }