1 /*
2 * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23 package org.graalvm.compiler.hotspot.replacements;
24
25 import static org.graalvm.compiler.hotspot.HotSpotBackend.DECRYPT_BLOCK;
26 import static org.graalvm.compiler.hotspot.HotSpotBackend.DECRYPT_BLOCK_WITH_ORIGINAL_KEY;
27 import static org.graalvm.compiler.hotspot.HotSpotBackend.ENCRYPT_BLOCK;
28 import static org.graalvm.compiler.nodes.extended.BranchProbabilityNode.VERY_SLOW_PATH_PROBABILITY;
29 import static org.graalvm.compiler.nodes.extended.BranchProbabilityNode.probability;
30 import static jdk.vm.ci.hotspot.HotSpotJVMCIRuntimeProvider.getArrayBaseOffset;
31
32 import org.graalvm.compiler.api.replacements.ClassSubstitution;
33 import org.graalvm.compiler.api.replacements.MethodSubstitution;
34 import org.graalvm.compiler.core.common.LocationIdentity;
35 import org.graalvm.compiler.core.common.spi.ForeignCallDescriptor;
36 import org.graalvm.compiler.debug.GraalError;
37 import org.graalvm.compiler.graph.Node.ConstantNodeParameter;
38 import org.graalvm.compiler.graph.Node.NodeIntrinsic;
39 import org.graalvm.compiler.hotspot.nodes.ComputeObjectAddressNode;
40 import org.graalvm.compiler.nodes.DeoptimizeNode;
41 import org.graalvm.compiler.nodes.PiNode;
42 import org.graalvm.compiler.nodes.extended.ForeignCallNode;
43 import org.graalvm.compiler.nodes.extended.UnsafeLoadNode;
44 import org.graalvm.compiler.word.Pointer;
45 import org.graalvm.compiler.word.Word;
46
47 import jdk.vm.ci.meta.DeoptimizationAction;
48 import jdk.vm.ci.meta.DeoptimizationReason;
49 import jdk.vm.ci.meta.JavaKind;
50
51 // JaCoCo Exclude
52
53 /**
54 * Substitutions for {@code com.sun.crypto.provider.AESCrypt} methods.
55 */
56 @ClassSubstitution(className = "com.sun.crypto.provider.AESCrypt", optional = true)
57 public class AESCryptSubstitutions {
58
59 static final long kOffset;
60 static final long lastKeyOffset;
61 static final Class<?> AESCryptClass;
62 static final int AES_BLOCK_SIZE_IN_BYTES;
63
64 static {
65 try {
66 // Need to use the system class loader as com.sun.crypto.provider.AESCrypt
67 // is normally loaded by the extension class loader which is not delegated
68 // to by the JVMCI class loader.
69 ClassLoader cl = ClassLoader.getSystemClassLoader();
70 AESCryptClass = Class.forName("com.sun.crypto.provider.AESCrypt", true, cl);
71 kOffset = UnsafeAccess.UNSAFE.objectFieldOffset(AESCryptClass.getDeclaredField("K"));
72 lastKeyOffset = UnsafeAccess.UNSAFE.objectFieldOffset(AESCryptClass.getDeclaredField("lastKey"));
73 // Thankfully the AES block size is a constant (128 bits) and so we don't need to
74 // reflect on com.sun.crypto.provider.AESConstants.AES_BLOCK_SIZE.
75 AES_BLOCK_SIZE_IN_BYTES = 16;
76 } catch (Exception ex) {
77 throw new GraalError(ex);
78 }
79 }
80
81 @MethodSubstitution(isStatic = false)
82 static void encryptBlock(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset) {
83 crypt(rcvr, in, inOffset, out, outOffset, true, false);
84 }
85
86 @MethodSubstitution(isStatic = false)
87 static void implEncryptBlock(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset) {
88 crypt(rcvr, in, inOffset, out, outOffset, true, false);
89 }
90
91 @MethodSubstitution(isStatic = false)
92 static void decryptBlock(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset) {
93 crypt(rcvr, in, inOffset, out, outOffset, false, false);
94 }
95
96 @MethodSubstitution(isStatic = false)
97 static void implDecryptBlock(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset) {
98 crypt(rcvr, in, inOffset, out, outOffset, false, false);
99 }
100
101 /**
102 * Variation for platforms (e.g. SPARC) that need do key expansion in stubs due to compatibility
103 * issues between Java key expansion and hardware crypto instructions.
104 */
105 @MethodSubstitution(value = "decryptBlock", isStatic = false)
106 static void decryptBlockWithOriginalKey(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset) {
107 crypt(rcvr, in, inOffset, out, outOffset, false, true);
108 }
109
110 /**
111 * @see #decryptBlockWithOriginalKey(Object, byte[], int, byte[], int)
112 */
113 @MethodSubstitution(value = "implDecryptBlock", isStatic = false)
114 static void implDecryptBlockWithOriginalKey(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset) {
115 crypt(rcvr, in, inOffset, out, outOffset, false, true);
116 }
117
118 private static void crypt(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset, boolean encrypt, boolean withOriginalKey) {
119 checkArgs(in, inOffset, out, outOffset);
120 Object realReceiver = PiNode.piCastNonNull(rcvr, AESCryptClass);
121 Object kObject = UnsafeLoadNode.load(realReceiver, kOffset, JavaKind.Object, LocationIdentity.any());
122 Pointer kAddr = Word.objectToTrackedPointer(kObject).add(getArrayBaseOffset(JavaKind.Int));
123 Word inAddr = Word.unsigned(ComputeObjectAddressNode.get(in, getArrayBaseOffset(JavaKind.Byte) + inOffset));
124 Word outAddr = Word.unsigned(ComputeObjectAddressNode.get(out, getArrayBaseOffset(JavaKind.Byte) + outOffset));
125 if (encrypt) {
126 encryptBlockStub(ENCRYPT_BLOCK, inAddr, outAddr, kAddr);
127 } else {
128 if (withOriginalKey) {
129 Object lastKeyObject = UnsafeLoadNode.load(realReceiver, lastKeyOffset, JavaKind.Object, LocationIdentity.any());
130 Pointer lastKeyAddr = Word.objectToTrackedPointer(lastKeyObject).add(getArrayBaseOffset(JavaKind.Byte));
131 decryptBlockWithOriginalKeyStub(DECRYPT_BLOCK_WITH_ORIGINAL_KEY, inAddr, outAddr, kAddr, lastKeyAddr);
132 } else {
133 decryptBlockStub(DECRYPT_BLOCK, inAddr, outAddr, kAddr);
134 }
135 }
136 }
137
138 /**
139 * Perform null and array bounds checks for arguments to a cipher operation.
140 */
141 static void checkArgs(byte[] in, int inOffset, byte[] out, int outOffset) {
142 if (probability(VERY_SLOW_PATH_PROBABILITY, inOffset < 0 || in.length - AES_BLOCK_SIZE_IN_BYTES < inOffset || outOffset < 0 || out.length - AES_BLOCK_SIZE_IN_BYTES < outOffset)) {
143 DeoptimizeNode.deopt(DeoptimizationAction.None, DeoptimizationReason.RuntimeConstraint);
144 }
145 }
146
147 @NodeIntrinsic(ForeignCallNode.class)
148 public static native void encryptBlockStub(@ConstantNodeParameter ForeignCallDescriptor descriptor, Word in, Word out, Pointer key);
149
150 @NodeIntrinsic(ForeignCallNode.class)
151 public static native void decryptBlockStub(@ConstantNodeParameter ForeignCallDescriptor descriptor, Word in, Word out, Pointer key);
152
153 @NodeIntrinsic(ForeignCallNode.class)
154 public static native void decryptBlockWithOriginalKeyStub(@ConstantNodeParameter ForeignCallDescriptor descriptor, Word in, Word out, Pointer key, Pointer originalKey);
155 }