8130341: GHASH 32bit intrinsics has AEADBadTagException

Reviewed-by: kvn, mcberg Contributed-by: ygaevsky@azul.com

8130341: GHASH 32bit intrinsics has AEADBadTagException
Reviewed-by: kvn, mcberg Contributed-by: ygaevsky@azul.com
63018017 · ascarpino · 7672a6d1 · 63018017 · 63018017 · 63018017
4 changed file
--- a/src/cpu/x86/vm/stubGenerator_x86_32.cpp
+++ b/src/cpu/x86/vm/stubGenerator_x86_32.cpp
@@ -2772,6 +2772,7 @@ class StubGenerator: public StubCodeGenerator {
    const XMMRegister xmm_temp7 = xmm7;
    __ enter();
+    handleSOERegisters(true);  // Save registers
    __ movptr(state, state_param);
    __ movptr(subkeyH, subkeyH_param);
@@ -2875,6 +2876,7 @@ class StubGenerator: public StubCodeGenerator {
    __ pshufb(xmm_temp6, ExternalAddress(StubRoutines::x86::ghash_long_swap_mask_addr()));
    __ movdqu(Address(state, 0), xmm_temp6);   // store the result
+    handleSOERegisters(false);  // restore registers
    __ leave();
    __ ret(0);
    return start;

--- a/test/compiler/7184394/TestAESBase.java
+++ b/test/compiler/7184394/TestAESBase.java
@@ -63,12 +63,12 @@ abstract public class TestAESBase {
  Random random = new Random(0);
  Cipher cipher;
  Cipher dCipher;
-  AlgorithmParameters algParams;
+  AlgorithmParameters algParams = null;
  SecretKey key;
  GCMParameterSpec gcm_spec;
-  byte[] aad;
+  byte[] aad = { 0x11, 0x22, 0x33, 0x44, 0x55 };
  int tlen = 12;
-  byte[] iv;
+  byte[] iv = new byte[16];
  static int numThreads = 0;
  int  threadId;
@@ -82,7 +82,10 @@ abstract public class TestAESBase {
  public void prepare() {
    try {
-    System.out.println("\nalgorithm=" + algorithm + ", mode=" + mode + ", paddingStr=" + paddingStr + ", msgSize=" + msgSize + ", keySize=" + keySize + ", noReinit=" + noReinit + ", checkOutput=" + checkOutput + ", encInputOffset=" + encInputOffset + ", encOutputOffset=" + encOutputOffset + ", decOutputOffset=" + decOutputOffset + ", lastChunkSize=" +lastChunkSize );
+      System.out.println("\nalgorithm=" + algorithm + ", mode=" + mode + ", paddingStr=" + paddingStr +
+              ", msgSize=" + msgSize + ", keySize=" + keySize + ", noReinit=" + noReinit +
+              ", checkOutput=" + checkOutput + ", encInputOffset=" + encInputOffset + ", encOutputOffset=" +
+              encOutputOffset + ", decOutputOffset=" + decOutputOffset + ", lastChunkSize=" +lastChunkSize );
      if (encInputOffset % ALIGN != 0 || encOutputOffset % ALIGN != 0 || decOutputOffset % ALIGN !=0 )
        testingMisalignment = true;
@@ -103,22 +106,24 @@ abstract public class TestAESBase {
      cipher = Cipher.getInstance(algorithm + "/" + mode + "/" + paddingStr, "SunJCE");
      dCipher = Cipher.getInstance(algorithm + "/" + mode + "/" + paddingStr, "SunJCE");
+      // CBC init
      if (mode.equals("CBC")) {
-        int ivLen = (algorithm.equals("AES") ? 16 : algorithm.equals("DES") ? 8 : 0);
+        IvParameterSpec initVector = new IvParameterSpec(iv);
-        IvParameterSpec initVector = new IvParameterSpec(new byte[ivLen]);
        cipher.init(Cipher.ENCRYPT_MODE, key, initVector);
+        algParams = cipher.getParameters();
+        dCipher.init(Cipher.DECRYPT_MODE, key, initVector);
+      // GCM init
      } else if (mode.equals("GCM")) {
-          iv = new byte[64];
+        gcm_init(true);
-          random.nextBytes(iv);
+        gcm_init(false);
-          aad = new byte[5];
-          random.nextBytes(aad);
+      // ECB init
-          gcm_init();
      } else {
-        algParams = cipher.getParameters();
        cipher.init(Cipher.ENCRYPT_MODE, key, algParams);
-      }
-      algParams = cipher.getParameters();
        dCipher.init(Cipher.DECRYPT_MODE, key, algParams);
+      }
      if (threadId == 0) {
        childShowCipher();
      }
@@ -200,11 +205,18 @@ abstract public class TestAESBase {
  abstract void childShowCipher();
-  void gcm_init() throws Exception {
+  void gcm_init(boolean encrypt) throws Exception {
-    tlen = 12;
    gcm_spec = new GCMParameterSpec(tlen * 8, iv);
+    if (encrypt) {
+      // Get a new instance everytime because of reuse IV restrictions
      cipher = Cipher.getInstance(algorithm + "/" + mode + "/" + paddingStr, "SunJCE");
      cipher.init(Cipher.ENCRYPT_MODE, key, gcm_spec);
-    cipher.update(aad);
+      cipher.updateAAD(aad);
+    } else {
+      dCipher.init(Cipher.DECRYPT_MODE, key, gcm_spec);
+      dCipher.updateAAD(aad);
+    }
  }
 }
--- a/test/compiler/7184394/TestAESDecode.java
+++ b/test/compiler/7184394/TestAESDecode.java
@@ -32,7 +32,11 @@ public class TestAESDecode extends TestAESBase {
  @Override
  public void run() {
    try {
-      if (!noReinit) dCipher.init(Cipher.DECRYPT_MODE, key, algParams);
+      if (mode.equals("GCM")) {
+        gcm_init(false);
+      } else if (!noReinit) {
+        dCipher.init(Cipher.DECRYPT_MODE, key, algParams);
+      }
      decode = new byte[decodeLength];
      if (testingMisalignment) {
        int tempSize = dCipher.update(encode, encOutputOffset, (decodeMsgSize - lastChunkSize), decode, decOutputOffset);

--- a/test/compiler/7184394/TestAESEncode.java
+++ b/test/compiler/7184394/TestAESEncode.java
@@ -33,7 +33,7 @@ public class TestAESEncode extends TestAESBase {
  public void run() {
    try {
      if (mode.equals("GCM")) {
-        gcm_init();
+        gcm_init(true);
      } else if (!noReinit) {
        cipher.init(Cipher.ENCRYPT_MODE, key, algParams);
      }