Crypto++  8.2
Free C++ class library of cryptographic schemes
ppc_power8.cpp
1 // ppc_power8.cpp - written and placed in the public domain by
2 // Jeffrey Walton, Uri Blumenthal and Marcel Raad.
3 //
4 // This source file uses intrinsics and built-ins to gain access to
5 // Power8 instructions. A separate source file is needed because
6 // additional CXXFLAGS are required to enable the appropriate
7 // instructions sets in some build configurations.
8 
9 #include "pch.h"
10 #include "config.h"
11 
12 #ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
13 # include <signal.h>
14 # include <setjmp.h>
15 #endif
16 
17 #if defined(_ARCH_PWR8) || defined(__CRYPTO__)
18 # include "ppc_simd.h"
19 #endif
20 
21 // Squash MS LNK4221 and libtool warnings
22 extern const char PPC_POWER8_FNAME[] = __FILE__;
23 
24 NAMESPACE_BEGIN(CryptoPP)
25 
26 // ************************* Feature Probes ************************* //
27 
28 #ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
29 extern "C" {
30  typedef void (*SigHandler)(int);
31 
32  static jmp_buf s_jmpSIGILL;
33  static void SigIllHandler(int)
34  {
35  longjmp(s_jmpSIGILL, 1);
36  }
37 }
38 #endif // CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
39 
40 #if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64)
41 
42 bool CPU_ProbePower8()
43 {
44 #if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
45  return false;
46 #elif (_ARCH_PWR8) && defined(CRYPTOPP_POWER8_AVAILABLE)
47 # if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
48 
49  // longjmp and clobber warnings. Volatile is required.
50  // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
51  volatile int result = true;
52 
53  volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
54  if (oldHandler == SIG_ERR)
55  return false;
56 
57  volatile sigset_t oldMask;
58  if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
59  return false;
60 
61  if (setjmp(s_jmpSIGILL))
62  result = false;
63  else
64  {
65  // POWER8 added 64-bit SIMD operations
66  const word64 x = W64LIT(0xffffffffffffffff);
67  word64 w1[2] = {x, x}, w2[2] = {4, 6}, w3[2];
68 
69  // Specifically call the VSX loads and stores with 64-bit types
70  #if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__))
71  const uint64x2_p v1 = vec_xl(0, (unsigned long long*)w1);
72  const uint64x2_p v2 = vec_xl(0, (unsigned long long*)w2);
73  const uint64x2_p v3 = vec_add(v1, v2); // 64-bit add
74  vec_xst(v3, 0, (unsigned long long*)w3);
75  #else
76  const uint64x2_p v1 = (uint64x2_p)vec_vsx_ld(0, (const byte*)w1);
77  const uint64x2_p v2 = (uint64x2_p)vec_vsx_ld(0, (const byte*)w2);
78  const uint64x2_p v3 = vec_add(v1, v2); // 64-bit add
79  vec_vsx_st((uint8x16_p)v3, 0, (byte*)w3);
80  #endif
81 
82  // Relies on integer wrap
83  result = (w3[0] == 3 && w3[1] == 5);
84  }
85 
86  sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
87  signal(SIGILL, oldHandler);
88  return result;
89 # endif
90 #else
91  return false;
92 #endif // _ARCH_PWR8
93 }
94 
95 bool CPU_ProbeAES()
96 {
97 #if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
98  return false;
99 #elif (__CRYPTO__) && defined(CRYPTOPP_POWER8_AES_AVAILABLE)
100 # if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
101 
102  // longjmp and clobber warnings. Volatile is required.
103  // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
104  volatile int result = true;
105 
106  volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
107  if (oldHandler == SIG_ERR)
108  return false;
109 
110  volatile sigset_t oldMask;
111  if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
112  return false;
113 
114  if (setjmp(s_jmpSIGILL))
115  result = false;
116  else
117  {
118  byte key[16] = {0xA0, 0xFA, 0xFE, 0x17, 0x88, 0x54, 0x2c, 0xb1,
119  0x23, 0xa3, 0x39, 0x39, 0x2a, 0x6c, 0x76, 0x05};
120  byte state[16] = {0x19, 0x3d, 0xe3, 0xb3, 0xa0, 0xf4, 0xe2, 0x2b,
121  0x9a, 0xc6, 0x8d, 0x2a, 0xe9, 0xf8, 0x48, 0x08};
122  byte r[16] = {255}, z[16] = {};
123 
124  uint8x16_p k = (uint8x16_p)VecLoad(0, key);
125  uint8x16_p s = (uint8x16_p)VecLoad(0, state);
126  s = VecEncrypt(s, k);
127  s = VecEncryptLast(s, k);
128  s = VecDecrypt(s, k);
129  s = VecDecryptLast(s, k);
130  VecStore(s, r);
131 
132  result = (0 != std::memcmp(r, z, 16));
133  }
134 
135  sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
136  signal(SIGILL, oldHandler);
137  return result;
138 # endif
139 #else
140  return false;
141 #endif // __CRYPTO__
142 }
143 
144 bool CPU_ProbeSHA256()
145 {
146 #if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
147  return false;
148 #elif (__CRYPTO__) && defined(CRYPTOPP_POWER8_SHA_AVAILABLE)
149 # if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
150 
151  // longjmp and clobber warnings. Volatile is required.
152  // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
153  volatile int result = false;
154 
155  volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
156  if (oldHandler == SIG_ERR)
157  return false;
158 
159  volatile sigset_t oldMask;
160  if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
161  return false;
162 
163  if (setjmp(s_jmpSIGILL))
164  result = false;
165  else
166  {
167  byte r[16], z[16] = {0};
168  uint8x16_p x = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
169 
170  x = VecSHA256<0,0>(x);
171  x = VecSHA256<0,0xf>(x);
172  x = VecSHA256<1,0>(x);
173  x = VecSHA256<1,0xf>(x);
174  VecStore(x, r);
175 
176  result = (0 == std::memcmp(r, z, 16));
177  }
178 
179  sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
180  signal(SIGILL, oldHandler);
181  return result;
182 # endif
183 #else
184  return false;
185 #endif // CRYPTOPP_ALTIVEC_AVAILABLE
186 }
187 
188 bool CPU_ProbeSHA512()
189 {
190 #if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
191  return false;
192 #elif (__CRYPTO__) && defined(CRYPTOPP_POWER8_SHA_AVAILABLE)
193 # if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
194 
195  // longjmp and clobber warnings. Volatile is required.
196  // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
197  volatile int result = false;
198 
199  volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
200  if (oldHandler == SIG_ERR)
201  return false;
202 
203  volatile sigset_t oldMask;
204  if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
205  return false;
206 
207  if (setjmp(s_jmpSIGILL))
208  result = false;
209  else
210  {
211  byte r[16], z[16] = {0};
212  uint8x16_p x = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
213 
214  x = VecSHA512<0,0>(x);
215  x = VecSHA512<0,0xf>(x);
216  x = VecSHA512<1,0>(x);
217  x = VecSHA512<1,0xf>(x);
218  VecStore(x, r);
219 
220  result = (0 == std::memcmp(r, z, 16));
221  }
222 
223  sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
224  signal(SIGILL, oldHandler);
225  return result;
226 # endif
227 #else
228  return false;
229 #endif // CRYPTOPP_POWER8_AVAILABLE
230 }
231 
232 #endif // PPC32 or PPC64
233 
234 NAMESPACE_END
T1 VecDecryptLast(const T1 state, const T2 key)
Final round of AES decryption.
Definition: ppc_simd.h:1668
Library configuration file.
Support functions for PowerPC and vector operations.
Precompiled header file.
void VecStore(const T data, byte dest[16])
Stores a vector to a byte array.
Definition: ppc_simd.h:605
__vector unsigned long long uint64x2_p
Vector of 64-bit elements.
Definition: ppc_simd.h:139
T1 VecEncryptLast(const T1 state, const T2 key)
Final round of AES encryption.
Definition: ppc_simd.h:1618
Crypto++ library namespace.
T1 VecDecrypt(const T1 state, const T2 key)
One round of AES decryption.
Definition: ppc_simd.h:1643
uint32x4_p VecLoad(const byte src[16])
Loads a vector from a byte array.
Definition: ppc_simd.h:253
__vector unsigned char uint8x16_p
Vector of 8-bit elements.
Definition: ppc_simd.h:119
T1 VecEncrypt(const T1 state, const T2 key)
One round of AES encryption.
Definition: ppc_simd.h:1593