|
|
|
// Copyright 2017 The Abseil Authors.
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the"License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// https://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an"AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
// HERMETIC NOTE: The randen_hwaes target must not introduce duplicate
|
|
|
|
// symbols from arbitrary system and other headers, since it may be built
|
|
|
|
// with different flags from other targets, using different levels of
|
|
|
|
// optimization, potentially introducing ODR violations.
|
|
|
|
|
|
|
|
#include "absl/random/internal/randen_detect.h"
|
|
|
|
|
|
|
|
#include <cstdint>
|
|
|
|
#include <cstring>
|
|
|
|
|
|
|
|
#include "absl/random/internal/platform.h"
|
|
|
|
|
|
|
|
#if defined(ABSL_ARCH_X86_64)
|
|
|
|
#define ABSL_INTERNAL_USE_X86_CPUID
|
|
|
|
#elif defined(ABSL_ARCH_PPC) || defined(ABSL_ARCH_ARM) || \
|
|
|
|
defined(ABSL_ARCH_AARCH64)
|
|
|
|
#if defined(__ANDROID__)
|
|
|
|
#define ABSL_INTERNAL_USE_ANDROID_GETAUXVAL
|
|
|
|
#define ABSL_INTERNAL_USE_GETAUXVAL
|
|
|
|
#elif defined(__linux__)
|
|
|
|
#define ABSL_INTERNAL_USE_LINUX_GETAUXVAL
|
|
|
|
#define ABSL_INTERNAL_USE_GETAUXVAL
|
|
|
|
#endif
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#if defined(ABSL_INTERNAL_USE_X86_CPUID)
|
|
|
|
#if defined(_WIN32) || defined(_WIN64)
|
|
|
|
#include <intrin.h> // NOLINT(build/include_order)
|
|
|
|
#pragma intrinsic(__cpuid)
|
|
|
|
#else
|
|
|
|
// MSVC-equivalent __cpuid intrinsic function.
|
|
|
|
static void __cpuid(int cpu_info[4], int info_type) {
|
|
|
|
__asm__ volatile("cpuid \n\t"
|
|
|
|
: "=a"(cpu_info[0]), "=b"(cpu_info[1]), "=c"(cpu_info[2]),
|
|
|
|
"=d"(cpu_info[3])
|
|
|
|
: "a"(info_type), "c"(0));
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
#endif // ABSL_INTERNAL_USE_X86_CPUID
|
|
|
|
|
|
|
|
// On linux, just use the c-library getauxval call.
|
|
|
|
#if defined(ABSL_INTERNAL_USE_LINUX_GETAUXVAL)
|
|
|
|
|
|
|
|
extern "C" unsigned long getauxval(unsigned long type); // NOLINT(runtime/int)
|
|
|
|
|
|
|
|
static uint32_t GetAuxval(uint32_t hwcap_type) {
|
|
|
|
return static_cast<uint32_t>(getauxval(hwcap_type));
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
// On android, probe the system's C library for getauxval().
|
|
|
|
// This is the same technique used by the android NDK cpu features library
|
|
|
|
// as well as the google open-source cpu_features library.
|
|
|
|
//
|
|
|
|
// TODO(absl-team): Consider implementing a fallback of directly reading
|
|
|
|
// /proc/self/auxval.
|
|
|
|
#if defined(ABSL_INTERNAL_USE_ANDROID_GETAUXVAL)
|
|
|
|
#include <dlfcn.h>
|
|
|
|
|
|
|
|
static uint32_t GetAuxval(uint32_t hwcap_type) {
|
|
|
|
// NOLINTNEXTLINE(runtime/int)
|
|
|
|
typedef unsigned long (*getauxval_func_t)(unsigned long);
|
|
|
|
|
|
|
|
dlerror(); // Cleaning error state before calling dlopen.
|
|
|
|
void* libc_handle = dlopen("libc.so", RTLD_NOW);
|
|
|
|
if (!libc_handle) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
uint32_t result = 0;
|
|
|
|
void* sym = dlsym(libc_handle, "getauxval");
|
|
|
|
if (sym) {
|
|
|
|
getauxval_func_t func;
|
|
|
|
memcpy(&func, &sym, sizeof(func));
|
|
|
|
result = static_cast<uint32_t>((*func)(hwcap_type));
|
|
|
|
}
|
|
|
|
dlclose(libc_handle);
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
namespace absl {
|
|
|
|
ABSL_NAMESPACE_BEGIN
|
|
|
|
namespace random_internal {
|
|
|
|
|
|
|
|
// The default return at the end of the function might be unreachable depending
|
|
|
|
// on the configuration. Ignore that warning.
|
|
|
|
#if defined(__clang__)
|
|
|
|
#pragma clang diagnostic push
|
|
|
|
#pragma clang diagnostic ignored "-Wunreachable-code-return"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
// CPUSupportsRandenHwAes returns whether the CPU is a microarchitecture
|
|
|
|
// which supports the crpyto/aes instructions or extensions necessary to use the
|
|
|
|
// accelerated RandenHwAes implementation.
|
|
|
|
//
|
|
|
|
// 1. For x86 it is sufficient to use the CPUID instruction to detect whether
|
|
|
|
// the cpu supports AES instructions. Done.
|
|
|
|
//
|
|
|
|
// Fon non-x86 it is much more complicated.
|
|
|
|
//
|
|
|
|
// 2. When ABSL_INTERNAL_USE_GETAUXVAL is defined, use getauxval() (either
|
|
|
|
// the direct c-library version, or the android probing version which loads
|
|
|
|
// libc), and read the hardware capability bits.
|
|
|
|
// This is based on the technique used by boringssl uses to detect
|
|
|
|
// cpu capabilities, and should allow us to enable crypto in the android
|
|
|
|
// builds where it is supported.
|
|
|
|
//
|
|
|
|
// 3. Use the default for the compiler architecture.
|
|
|
|
//
|
|
|
|
|
|
|
|
bool CPUSupportsRandenHwAes() {
|
|
|
|
#if defined(ABSL_INTERNAL_USE_X86_CPUID)
|
|
|
|
// 1. For x86: Use CPUID to detect the required AES instruction set.
|
|
|
|
int regs[4];
|
|
|
|
__cpuid(reinterpret_cast<int*>(regs), 1);
|
|
|
|
return regs[2] & (1 << 25); // AES
|
|
|
|
|
|
|
|
#elif defined(ABSL_INTERNAL_USE_GETAUXVAL)
|
|
|
|
// 2. Use getauxval() to read the hardware bits and determine
|
|
|
|
// cpu capabilities.
|
|
|
|
|
|
|
|
#define AT_HWCAP 16
|
|
|
|
#define AT_HWCAP2 26
|
|
|
|
#if defined(ABSL_ARCH_PPC)
|
|
|
|
// For Power / PPC: Expect that the cpu supports VCRYPTO
|
|
|
|
// See https://members.openpowerfoundation.org/document/dl/576
|
|
|
|
// VCRYPTO should be present in POWER8 >= 2.07.
|
|
|
|
// Uses Linux kernel constants from arch/powerpc/include/uapi/asm/cputable.h
|
|
|
|
static const uint32_t kVCRYPTO = 0x02000000;
|
|
|
|
const uint32_t hwcap = GetAuxval(AT_HWCAP2);
|
|
|
|
return (hwcap & kVCRYPTO) != 0;
|
|
|
|
|
|
|
|
#elif defined(ABSL_ARCH_ARM)
|
|
|
|
// For ARM: Require crypto+neon
|
|
|
|
// http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0500f/CIHBIBBA.html
|
|
|
|
// Uses Linux kernel constants from arch/arm64/include/asm/hwcap.h
|
|
|
|
static const uint32_t kNEON = 1 << 12;
|
|
|
|
uint32_t hwcap = GetAuxval(AT_HWCAP);
|
|
|
|
if ((hwcap & kNEON) == 0) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// And use it again to detect AES.
|
|
|
|
static const uint32_t kAES = 1 << 0;
|
|
|
|
const uint32_t hwcap2 = GetAuxval(AT_HWCAP2);
|
|
|
|
return (hwcap2 & kAES) != 0;
|
|
|
|
|
|
|
|
#elif defined(ABSL_ARCH_AARCH64)
|
|
|
|
// For AARCH64: Require crypto+neon
|
|
|
|
// http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0500f/CIHBIBBA.html
|
|
|
|
static const uint32_t kNEON = 1 << 1;
|
|
|
|
static const uint32_t kAES = 1 << 3;
|
|
|
|
const uint32_t hwcap = GetAuxval(AT_HWCAP);
|
|
|
|
return ((hwcap & kNEON) != 0) && ((hwcap & kAES) != 0);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#else // ABSL_INTERNAL_USE_GETAUXVAL
|
|
|
|
// 3. By default, assume that the compiler default.
|
|
|
|
return ABSL_HAVE_ACCELERATED_AES ? true : false;
|
|
|
|
|
|
|
|
#endif
|
|
|
|
// NOTE: There are some other techniques that may be worth trying:
|
|
|
|
//
|
|
|
|
// * Use an environment variable: ABSL_RANDOM_USE_HWAES
|
|
|
|
//
|
|
|
|
// * Rely on compiler-generated target-based dispatch.
|
|
|
|
// Using x86/gcc it might look something like this:
|
|
|
|
//
|
|
|
|
// int __attribute__((target("aes"))) HasAes() { return 1; }
|
|
|
|
// int __attribute__((target("default"))) HasAes() { return 0; }
|
|
|
|
//
|
|
|
|
// This does not work on all architecture/compiler combinations.
|
|
|
|
//
|
|
|
|
// * On Linux consider reading /proc/cpuinfo and/or /proc/self/auxv.
|
|
|
|
// These files have lines which are easy to parse; for ARM/AARCH64 it is quite
|
|
|
|
// easy to find the Features: line and extract aes / neon. Likewise for
|
|
|
|
// PPC.
|
|
|
|
//
|
|
|
|
// * Fork a process and test for SIGILL:
|
|
|
|
//
|
|
|
|
// * Many architectures have instructions to read the ISA. Unfortunately
|
|
|
|
// most of those require that the code is running in ring 0 /
|
|
|
|
// protected-mode.
|
|
|
|
//
|
|
|
|
// There are several examples. e.g. Valgrind detects PPC ISA 2.07:
|
|
|
|
// https://github.com/lu-zero/valgrind/blob/master/none/tests/ppc64/test_isa_2_07_part1.c
|
|
|
|
//
|
|
|
|
// MRS <Xt>, ID_AA64ISAR0_EL1 ; Read ID_AA64ISAR0_EL1 into Xt
|
|
|
|
//
|
|
|
|
// uint64_t val;
|
|
|
|
// __asm __volatile("mrs %0, id_aa64isar0_el1" :"=&r" (val));
|
|
|
|
//
|
|
|
|
// * Use a CPUID-style heuristic database.
|
|
|
|
//
|
|
|
|
// * On Apple (__APPLE__), AES is available on Arm v8.
|
|
|
|
// https://stackoverflow.com/questions/45637888/how-to-determine-armv8-features-at-runtime-on-ios
|
|
|
|
}
|
|
|
|
|
|
|
|
#if defined(__clang__)
|
|
|
|
#pragma clang diagnostic pop
|
|
|
|
#endif
|
|
|
|
|
|
|
|
} // namespace random_internal
|
|
|
|
ABSL_NAMESPACE_END
|
|
|
|
} // namespace absl
|