1 /* 2 * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 package org.graalvm.compiler.hotspot.replacements; 24 25 import static org.graalvm.compiler.hotspot.HotSpotBackend.DECRYPT_BLOCK; 26 import static org.graalvm.compiler.hotspot.HotSpotBackend.DECRYPT_BLOCK_WITH_ORIGINAL_KEY; 27 import static org.graalvm.compiler.hotspot.HotSpotBackend.ENCRYPT_BLOCK; 28 import static org.graalvm.compiler.nodes.extended.BranchProbabilityNode.VERY_SLOW_PATH_PROBABILITY; 29 import static org.graalvm.compiler.nodes.extended.BranchProbabilityNode.probability; 30 import static jdk.vm.ci.hotspot.HotSpotJVMCIRuntimeProvider.getArrayBaseOffset; 31 32 import org.graalvm.compiler.api.replacements.ClassSubstitution; 33 import org.graalvm.compiler.api.replacements.MethodSubstitution; 34 import org.graalvm.compiler.core.common.LocationIdentity; 35 import org.graalvm.compiler.core.common.spi.ForeignCallDescriptor; 36 import org.graalvm.compiler.debug.GraalError; 37 import org.graalvm.compiler.graph.Node.ConstantNodeParameter; 38 import org.graalvm.compiler.graph.Node.NodeIntrinsic; 39 import org.graalvm.compiler.hotspot.nodes.ComputeObjectAddressNode; 40 import org.graalvm.compiler.nodes.DeoptimizeNode; 41 import org.graalvm.compiler.nodes.PiNode; 42 import org.graalvm.compiler.nodes.extended.ForeignCallNode; 43 import org.graalvm.compiler.nodes.extended.UnsafeLoadNode; 44 import org.graalvm.compiler.word.Pointer; 45 import org.graalvm.compiler.word.Word; 46 47 import jdk.vm.ci.meta.DeoptimizationAction; 48 import jdk.vm.ci.meta.DeoptimizationReason; 49 import jdk.vm.ci.meta.JavaKind; 50 51 // JaCoCo Exclude 52 53 /** 54 * Substitutions for {@code com.sun.crypto.provider.AESCrypt} methods. 55 */ 56 @ClassSubstitution(className = "com.sun.crypto.provider.AESCrypt", optional = true) 57 public class AESCryptSubstitutions { 58 59 static final long kOffset; 60 static final long lastKeyOffset; 61 static final Class<?> AESCryptClass; 62 static final int AES_BLOCK_SIZE_IN_BYTES; 63 64 static { 65 try { 66 // Need to use the system class loader as com.sun.crypto.provider.AESCrypt 67 // is normally loaded by the extension class loader which is not delegated 68 // to by the JVMCI class loader. 69 ClassLoader cl = ClassLoader.getSystemClassLoader(); 70 AESCryptClass = Class.forName("com.sun.crypto.provider.AESCrypt", true, cl); 71 kOffset = UnsafeAccess.UNSAFE.objectFieldOffset(AESCryptClass.getDeclaredField("K")); 72 lastKeyOffset = UnsafeAccess.UNSAFE.objectFieldOffset(AESCryptClass.getDeclaredField("lastKey")); 73 // Thankfully the AES block size is a constant (128 bits) and so we don't need to 74 // reflect on com.sun.crypto.provider.AESConstants.AES_BLOCK_SIZE. 75 AES_BLOCK_SIZE_IN_BYTES = 16; 76 } catch (Exception ex) { 77 throw new GraalError(ex); 78 } 79 } 80 81 @MethodSubstitution(isStatic = false) 82 static void encryptBlock(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset) { 83 crypt(rcvr, in, inOffset, out, outOffset, true, false); 84 } 85 86 @MethodSubstitution(isStatic = false) 87 static void implEncryptBlock(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset) { 88 crypt(rcvr, in, inOffset, out, outOffset, true, false); 89 } 90 91 @MethodSubstitution(isStatic = false) 92 static void decryptBlock(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset) { 93 crypt(rcvr, in, inOffset, out, outOffset, false, false); 94 } 95 96 @MethodSubstitution(isStatic = false) 97 static void implDecryptBlock(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset) { 98 crypt(rcvr, in, inOffset, out, outOffset, false, false); 99 } 100 101 /** 102 * Variation for platforms (e.g. SPARC) that need do key expansion in stubs due to compatibility 103 * issues between Java key expansion and hardware crypto instructions. 104 */ 105 @MethodSubstitution(value = "decryptBlock", isStatic = false) 106 static void decryptBlockWithOriginalKey(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset) { 107 crypt(rcvr, in, inOffset, out, outOffset, false, true); 108 } 109 110 /** 111 * @see #decryptBlockWithOriginalKey(Object, byte[], int, byte[], int) 112 */ 113 @MethodSubstitution(value = "implDecryptBlock", isStatic = false) 114 static void implDecryptBlockWithOriginalKey(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset) { 115 crypt(rcvr, in, inOffset, out, outOffset, false, true); 116 } 117 118 private static void crypt(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset, boolean encrypt, boolean withOriginalKey) { 119 checkArgs(in, inOffset, out, outOffset); 120 Object realReceiver = PiNode.piCastNonNull(rcvr, AESCryptClass); 121 Object kObject = UnsafeLoadNode.load(realReceiver, kOffset, JavaKind.Object, LocationIdentity.any()); 122 Pointer kAddr = Word.objectToTrackedPointer(kObject).add(getArrayBaseOffset(JavaKind.Int)); 123 Word inAddr = Word.unsigned(ComputeObjectAddressNode.get(in, getArrayBaseOffset(JavaKind.Byte) + inOffset)); 124 Word outAddr = Word.unsigned(ComputeObjectAddressNode.get(out, getArrayBaseOffset(JavaKind.Byte) + outOffset)); 125 if (encrypt) { 126 encryptBlockStub(ENCRYPT_BLOCK, inAddr, outAddr, kAddr); 127 } else { 128 if (withOriginalKey) { 129 Object lastKeyObject = UnsafeLoadNode.load(realReceiver, lastKeyOffset, JavaKind.Object, LocationIdentity.any()); 130 Pointer lastKeyAddr = Word.objectToTrackedPointer(lastKeyObject).add(getArrayBaseOffset(JavaKind.Byte)); 131 decryptBlockWithOriginalKeyStub(DECRYPT_BLOCK_WITH_ORIGINAL_KEY, inAddr, outAddr, kAddr, lastKeyAddr); 132 } else { 133 decryptBlockStub(DECRYPT_BLOCK, inAddr, outAddr, kAddr); 134 } 135 } 136 } 137 138 /** 139 * Perform null and array bounds checks for arguments to a cipher operation. 140 */ 141 static void checkArgs(byte[] in, int inOffset, byte[] out, int outOffset) { 142 if (probability(VERY_SLOW_PATH_PROBABILITY, inOffset < 0 || in.length - AES_BLOCK_SIZE_IN_BYTES < inOffset || outOffset < 0 || out.length - AES_BLOCK_SIZE_IN_BYTES < outOffset)) { 143 DeoptimizeNode.deopt(DeoptimizationAction.None, DeoptimizationReason.RuntimeConstraint); 144 } 145 } 146 147 @NodeIntrinsic(ForeignCallNode.class) 148 public static native void encryptBlockStub(@ConstantNodeParameter ForeignCallDescriptor descriptor, Word in, Word out, Pointer key); 149 150 @NodeIntrinsic(ForeignCallNode.class) 151 public static native void decryptBlockStub(@ConstantNodeParameter ForeignCallDescriptor descriptor, Word in, Word out, Pointer key); 152 153 @NodeIntrinsic(ForeignCallNode.class) 154 public static native void decryptBlockWithOriginalKeyStub(@ConstantNodeParameter ForeignCallDescriptor descriptor, Word in, Word out, Pointer key, Pointer originalKey); 155 }