1 /*
2 * Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24
25 package org.graalvm.compiler.hotspot.replacements;
26
27 import static org.graalvm.compiler.hotspot.GraalHotSpotVMConfigBase.INJECTED_INTRINSIC_CONTEXT;
28 import static org.graalvm.compiler.hotspot.GraalHotSpotVMConfigBase.INJECTED_METAACCESS;
29 import static org.graalvm.compiler.hotspot.HotSpotBackend.DECRYPT_BLOCK;
30 import static org.graalvm.compiler.hotspot.HotSpotBackend.DECRYPT_BLOCK_WITH_ORIGINAL_KEY;
31 import static org.graalvm.compiler.hotspot.HotSpotBackend.ENCRYPT_BLOCK;
32 import static org.graalvm.compiler.hotspot.replacements.CipherBlockChainingSubstitutions.aesCryptType;
33 import static org.graalvm.compiler.nodes.extended.BranchProbabilityNode.VERY_SLOW_PATH_PROBABILITY;
34 import static org.graalvm.compiler.nodes.extended.BranchProbabilityNode.probability;
35 import static org.graalvm.compiler.replacements.ReplacementsUtil.getArrayBaseOffset;
36
37 import org.graalvm.compiler.api.replacements.ClassSubstitution;
38 import org.graalvm.compiler.api.replacements.Fold;
39 import org.graalvm.compiler.api.replacements.MethodSubstitution;
40 import org.graalvm.compiler.core.common.spi.ForeignCallDescriptor;
41 import org.graalvm.compiler.graph.Node.ConstantNodeParameter;
42 import org.graalvm.compiler.graph.Node.NodeIntrinsic;
43 import org.graalvm.compiler.nodes.ComputeObjectAddressNode;
44 import org.graalvm.compiler.nodes.DeoptimizeNode;
45 import org.graalvm.compiler.nodes.PiNode;
46 import org.graalvm.compiler.nodes.extended.ForeignCallNode;
47 import org.graalvm.compiler.nodes.extended.RawLoadNode;
48 import org.graalvm.compiler.nodes.graphbuilderconf.IntrinsicContext;
49 import org.graalvm.compiler.word.Word;
50 import jdk.internal.vm.compiler.word.LocationIdentity;
51 import jdk.internal.vm.compiler.word.Pointer;
52 import jdk.internal.vm.compiler.word.WordFactory;
53
54 import jdk.vm.ci.meta.DeoptimizationAction;
55 import jdk.vm.ci.meta.DeoptimizationReason;
56 import jdk.vm.ci.meta.JavaKind;
57
58 // JaCoCo Exclude
59
60 /**
61 * Substitutions for {@code com.sun.crypto.provider.AESCrypt} methods.
62 */
63 @ClassSubstitution(className = "com.sun.crypto.provider.AESCrypt", optional = true)
64 public class AESCryptSubstitutions {
65
66 /**
67 * The AES block size is a constant 128 bits as defined by the
68 * <a href="http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf">standard<a/>.
69 */
70 static final int AES_BLOCK_SIZE_IN_BYTES = 16;
71
72 @Fold
73 static long kOffset(@Fold.InjectedParameter IntrinsicContext context) {
74 return HotSpotReplacementsUtil.getFieldOffset(aesCryptType(context), "K");
75 }
76
77 @Fold
78 static long lastKeyOffset(@Fold.InjectedParameter IntrinsicContext context) {
79 return HotSpotReplacementsUtil.getFieldOffset(aesCryptType(context), "lastKey");
80 }
81
82 @MethodSubstitution(isStatic = false)
83 static void encryptBlock(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset) {
84 crypt(rcvr, in, inOffset, out, outOffset, true, false);
85 }
86
87 @MethodSubstitution(isStatic = false)
88 static void implEncryptBlock(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset) {
89 crypt(rcvr, in, inOffset, out, outOffset, true, false);
90 }
91
92 @MethodSubstitution(isStatic = false)
93 static void decryptBlock(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset) {
94 crypt(rcvr, in, inOffset, out, outOffset, false, false);
95 }
96
97 @MethodSubstitution(isStatic = false)
98 static void implDecryptBlock(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset) {
99 crypt(rcvr, in, inOffset, out, outOffset, false, false);
100 }
101
102 /**
103 * Variation for platforms (e.g. SPARC) that need do key expansion in stubs due to compatibility
104 * issues between Java key expansion and hardware crypto instructions.
105 */
106 @MethodSubstitution(value = "decryptBlock", isStatic = false)
107 static void decryptBlockWithOriginalKey(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset) {
108 crypt(rcvr, in, inOffset, out, outOffset, false, true);
109 }
110
111 /**
112 * @see #decryptBlockWithOriginalKey(Object, byte[], int, byte[], int)
113 */
114 @MethodSubstitution(value = "implDecryptBlock", isStatic = false)
115 static void implDecryptBlockWithOriginalKey(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset) {
116 crypt(rcvr, in, inOffset, out, outOffset, false, true);
117 }
118
119 private static void crypt(Object rcvr, byte[] in, int inOffset, byte[] out, int outOffset, boolean encrypt, boolean withOriginalKey) {
120 checkArgs(in, inOffset, out, outOffset);
121 Object realReceiver = PiNode.piCastNonNull(rcvr, aesCryptType(INJECTED_INTRINSIC_CONTEXT));
122 Object kObject = RawLoadNode.load(realReceiver, kOffset(INJECTED_INTRINSIC_CONTEXT), JavaKind.Object, LocationIdentity.any());
123 Pointer kAddr = Word.objectToTrackedPointer(kObject).add(getArrayBaseOffset(INJECTED_METAACCESS, JavaKind.Int));
124 Word inAddr = WordFactory.unsigned(ComputeObjectAddressNode.get(in, getArrayBaseOffset(INJECTED_METAACCESS, JavaKind.Byte) + inOffset));
125 Word outAddr = WordFactory.unsigned(ComputeObjectAddressNode.get(out, getArrayBaseOffset(INJECTED_METAACCESS, JavaKind.Byte) + outOffset));
126 if (encrypt) {
127 encryptBlockStub(ENCRYPT_BLOCK, inAddr, outAddr, kAddr);
128 } else {
129 if (withOriginalKey) {
130 Object lastKeyObject = RawLoadNode.load(realReceiver, lastKeyOffset(INJECTED_INTRINSIC_CONTEXT), JavaKind.Object, LocationIdentity.any());
131 Pointer lastKeyAddr = Word.objectToTrackedPointer(lastKeyObject).add(getArrayBaseOffset(INJECTED_METAACCESS, JavaKind.Byte));
132 decryptBlockWithOriginalKeyStub(DECRYPT_BLOCK_WITH_ORIGINAL_KEY, inAddr, outAddr, kAddr, lastKeyAddr);
133 } else {
134 decryptBlockStub(DECRYPT_BLOCK, inAddr, outAddr, kAddr);
135 }
136 }
137 }
138
139 /**
140 * Perform null and array bounds checks for arguments to a cipher operation.
141 */
142 static void checkArgs(byte[] in, int inOffset, byte[] out, int outOffset) {
143 if (probability(VERY_SLOW_PATH_PROBABILITY, inOffset < 0 || in.length - AES_BLOCK_SIZE_IN_BYTES < inOffset || outOffset < 0 || out.length - AES_BLOCK_SIZE_IN_BYTES < outOffset)) {
144 DeoptimizeNode.deopt(DeoptimizationAction.None, DeoptimizationReason.RuntimeConstraint);
145 }
146 }
147
148 @NodeIntrinsic(ForeignCallNode.class)
149 public static native void encryptBlockStub(@ConstantNodeParameter ForeignCallDescriptor descriptor, Word in, Word out, Pointer key);
150
151 @NodeIntrinsic(ForeignCallNode.class)
152 public static native void decryptBlockStub(@ConstantNodeParameter ForeignCallDescriptor descriptor, Word in, Word out, Pointer key);
153
154 @NodeIntrinsic(ForeignCallNode.class)
155 public static native void decryptBlockWithOriginalKeyStub(@ConstantNodeParameter ForeignCallDescriptor descriptor, Word in, Word out, Pointer key, Pointer originalKey);
156 }