Crypto++ 8.2
Free C&
ppc_power8.cpp
1// ppc_power8.cpp - written and placed in the public domain by
2// Jeffrey Walton, Uri Blumenthal and Marcel Raad.
3//
4// This source file uses intrinsics and built-ins to gain access to
5// Power8 instructions. A separate source file is needed because
6// additional CXXFLAGS are required to enable the appropriate
7// instructions sets in some build configurations.
8
9#include "pch.h"
10#include "config.h"
11
12#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
13# include <signal.h>
14# include <setjmp.h>
15#endif
16
17#if defined(_ARCH_PWR8) || defined(__CRYPTO__)
18# include "ppc_simd.h"
19#endif
20
21// Squash MS LNK4221 and libtool warnings
22extern const char PPC_POWER8_FNAME[] = __FILE__;
23
24NAMESPACE_BEGIN(CryptoPP)
25
26// ************************* Feature Probes ************************* //
27
28#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
29extern "C" {
30 typedef void (*SigHandler)(int);
31
32 static jmp_buf s_jmpSIGILL;
33 static void SigIllHandler(int)
34 {
35 longjmp(s_jmpSIGILL, 1);
36 }
37}
38#endif // CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
39
40#if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64)
41
42bool CPU_ProbePower8()
43{
44#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
45 return false;
46#elif (_ARCH_PWR8) && defined(CRYPTOPP_POWER8_AVAILABLE)
47# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
48
49 // longjmp and clobber warnings. Volatile is required.
50 // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
51 volatile int result = true;
52
53 volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
54 if (oldHandler == SIG_ERR)
55 return false;
56
57 volatile sigset_t oldMask;
58 if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
59 return false;
60
61 if (setjmp(s_jmpSIGILL))
62 result = false;
63 else
64 {
65 // POWER8 added 64-bit SIMD operations
66 const word64 x = W64LIT(0xffffffffffffffff);
67 word64 w1[2] = {x, x}, w2[2] = {4, 6}, w3[2];
68
69 // Specifically call the VSX loads and stores with 64-bit types
70 #if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__))
71 const uint64x2_p v1 = vec_xl(0, (unsigned long long*)w1);
72 const uint64x2_p v2 = vec_xl(0, (unsigned long long*)w2);
73 const uint64x2_p v3 = vec_add(v1, v2); // 64-bit add
74 vec_xst(v3, 0, (unsigned long long*)w3);
75 #else
76 const uint64x2_p v1 = (uint64x2_p)vec_vsx_ld(0, (const byte*)w1);
77 const uint64x2_p v2 = (uint64x2_p)vec_vsx_ld(0, (const byte*)w2);
78 const uint64x2_p v3 = vec_add(v1, v2); // 64-bit add
79 vec_vsx_st((uint8x16_p)v3, 0, (byte*)w3);
80 #endif
81
82 // Relies on integer wrap
83 result = (w3[0] == 3 && w3[1] == 5);
84 }
85
86 sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
87 signal(SIGILL, oldHandler);
88 return result;
89# endif
90#else
91 return false;
92#endif // _ARCH_PWR8
93}
94
95bool CPU_ProbeAES()
96{
97#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
98 return false;
99#elif (__CRYPTO__) && defined(CRYPTOPP_POWER8_AES_AVAILABLE)
100# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
101
102 // longjmp and clobber warnings. Volatile is required.
103 // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
104 volatile int result = true;
105
106 volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
107 if (oldHandler == SIG_ERR)
108 return false;
109
110 volatile sigset_t oldMask;
111 if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
112 return false;
113
114 if (setjmp(s_jmpSIGILL))
115 result = false;
116 else
117 {
118 byte key[16] = {0xA0, 0xFA, 0xFE, 0x17, 0x88, 0x54, 0x2c, 0xb1,
119 0x23, 0xa3, 0x39, 0x39, 0x2a, 0x6c, 0x76, 0x05};
120 byte state[16] = {0x19, 0x3d, 0xe3, 0xb3, 0xa0, 0xf4, 0xe2, 0x2b,
121 0x9a, 0xc6, 0x8d, 0x2a, 0xe9, 0xf8, 0x48, 0x08};
122 byte r[16] = {255}, z[16] = {};
123
124 uint8x16_p k = (uint8x16_p)VecLoad(0, key);
125 uint8x16_p s = (uint8x16_p)VecLoad(0, state);
126 s = VecEncrypt(s, k);
127 s = VecEncryptLast(s, k);
128 s = VecDecrypt(s, k);
129 s = VecDecryptLast(s, k);
130 VecStore(s, r);
131
132 result = (0 != std::memcmp(r, z, 16));
133 }
134
135 sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
136 signal(SIGILL, oldHandler);
137 return result;
138# endif
139#else
140 return false;
141#endif // __CRYPTO__
142}
143
144bool CPU_ProbeSHA256()
145{
146#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
147 return false;
148#elif (__CRYPTO__) && defined(CRYPTOPP_POWER8_SHA_AVAILABLE)
149# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
150
151 // longjmp and clobber warnings. Volatile is required.
152 // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
153 volatile int result = false;
154
155 volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
156 if (oldHandler == SIG_ERR)
157 return false;
158
159 volatile sigset_t oldMask;
160 if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
161 return false;
162
163 if (setjmp(s_jmpSIGILL))
164 result = false;
165 else
166 {
167 byte r[16], z[16] = {0};
168 uint8x16_p x = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
169
170 x = VecSHA256<0,0>(x);
171 x = VecSHA256<0,0xf>(x);
172 x = VecSHA256<1,0>(x);
173 x = VecSHA256<1,0xf>(x);
174 VecStore(x, r);
175
176 result = (0 == std::memcmp(r, z, 16));
177 }
178
179 sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
180 signal(SIGILL, oldHandler);
181 return result;
182# endif
183#else
184 return false;
185#endif // CRYPTOPP_ALTIVEC_AVAILABLE
186}
187
188bool CPU_ProbeSHA512()
189{
190#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
191 return false;
192#elif (__CRYPTO__) && defined(CRYPTOPP_POWER8_SHA_AVAILABLE)
193# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
194
195 // longjmp and clobber warnings. Volatile is required.
196 // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
197 volatile int result = false;
198
199 volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
200 if (oldHandler == SIG_ERR)
201 return false;
202
203 volatile sigset_t oldMask;
204 if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
205 return false;
206
207 if (setjmp(s_jmpSIGILL))
208 result = false;
209 else
210 {
211 byte r[16], z[16] = {0};
212 uint8x16_p x = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
213
214 x = VecSHA512<0,0>(x);
215 x = VecSHA512<0,0xf>(x);
216 x = VecSHA512<1,0>(x);
217 x = VecSHA512<1,0xf>(x);
218 VecStore(x, r);
219
220 result = (0 == std::memcmp(r, z, 16));
221 }
222
223 sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
224 signal(SIGILL, oldHandler);
225 return result;
226# endif
227#else
228 return false;
229#endif // CRYPTOPP_POWER8_AVAILABLE
230}
231
232#endif // PPC32 or PPC64
233
234NAMESPACE_END
Library configuration file.
Crypto++ library namespace.
Precompiled header file.
Support functions for PowerPC and vector operations.
__vector unsigned char uint8x16_p
Vector of 8-bit elements.
Definition: ppc_simd.h:119
__vector unsigned long long uint64x2_p
Vector of 64-bit elements.
Definition: ppc_simd.h:139
T1 VecEncryptLast(const T1 state, const T2 key)
Final round of AES encryption.
Definition: ppc_simd.h:1618
T1 VecEncrypt(const T1 state, const T2 key)
One round of AES encryption.
Definition: ppc_simd.h:1593
T1 VecDecryptLast(const T1 state, const T2 key)
Final round of AES decryption.
Definition: ppc_simd.h:1668
T1 VecDecrypt(const T1 state, const T2 key)
One round of AES decryption.
Definition: ppc_simd.h:1643
void VecStore(const T data, byte dest[16])
Stores a vector to a byte array.
Definition: ppc_simd.h:605
uint32x4_p VecLoad(const byte src[16])
Loads a vector from a byte array.
Definition: ppc_simd.h:253