Fri, 10 Jul 2015 11:31:49 -0700
8130341: GHASH 32bit intrinsics has AEADBadTagException
Reviewed-by: kvn, mcberg
Contributed-by: ygaevsky@azul.com
1.1 --- a/src/cpu/x86/vm/stubGenerator_x86_32.cpp Wed Jun 17 17:48:25 2015 -0700 1.2 +++ b/src/cpu/x86/vm/stubGenerator_x86_32.cpp Fri Jul 10 11:31:49 2015 -0700 1.3 @@ -2772,6 +2772,7 @@ 1.4 const XMMRegister xmm_temp7 = xmm7; 1.5 1.6 __ enter(); 1.7 + handleSOERegisters(true); // Save registers 1.8 1.9 __ movptr(state, state_param); 1.10 __ movptr(subkeyH, subkeyH_param); 1.11 @@ -2875,6 +2876,7 @@ 1.12 __ pshufb(xmm_temp6, ExternalAddress(StubRoutines::x86::ghash_long_swap_mask_addr())); 1.13 __ movdqu(Address(state, 0), xmm_temp6); // store the result 1.14 1.15 + handleSOERegisters(false); // restore registers 1.16 __ leave(); 1.17 __ ret(0); 1.18 return start;
2.1 --- a/test/compiler/7184394/TestAESBase.java Wed Jun 17 17:48:25 2015 -0700 2.2 +++ b/test/compiler/7184394/TestAESBase.java Fri Jul 10 11:31:49 2015 -0700 2.3 @@ -63,12 +63,12 @@ 2.4 Random random = new Random(0); 2.5 Cipher cipher; 2.6 Cipher dCipher; 2.7 - AlgorithmParameters algParams; 2.8 + AlgorithmParameters algParams = null; 2.9 SecretKey key; 2.10 GCMParameterSpec gcm_spec; 2.11 - byte[] aad; 2.12 + byte[] aad = { 0x11, 0x22, 0x33, 0x44, 0x55 }; 2.13 int tlen = 12; 2.14 - byte[] iv; 2.15 + byte[] iv = new byte[16]; 2.16 2.17 static int numThreads = 0; 2.18 int threadId; 2.19 @@ -82,7 +82,10 @@ 2.20 2.21 public void prepare() { 2.22 try { 2.23 - System.out.println("\nalgorithm=" + algorithm + ", mode=" + mode + ", paddingStr=" + paddingStr + ", msgSize=" + msgSize + ", keySize=" + keySize + ", noReinit=" + noReinit + ", checkOutput=" + checkOutput + ", encInputOffset=" + encInputOffset + ", encOutputOffset=" + encOutputOffset + ", decOutputOffset=" + decOutputOffset + ", lastChunkSize=" +lastChunkSize ); 2.24 + System.out.println("\nalgorithm=" + algorithm + ", mode=" + mode + ", paddingStr=" + paddingStr + 2.25 + ", msgSize=" + msgSize + ", keySize=" + keySize + ", noReinit=" + noReinit + 2.26 + ", checkOutput=" + checkOutput + ", encInputOffset=" + encInputOffset + ", encOutputOffset=" + 2.27 + encOutputOffset + ", decOutputOffset=" + decOutputOffset + ", lastChunkSize=" +lastChunkSize ); 2.28 2.29 if (encInputOffset % ALIGN != 0 || encOutputOffset % ALIGN != 0 || decOutputOffset % ALIGN !=0 ) 2.30 testingMisalignment = true; 2.31 @@ -103,22 +106,24 @@ 2.32 cipher = Cipher.getInstance(algorithm + "/" + mode + "/" + paddingStr, "SunJCE"); 2.33 dCipher = Cipher.getInstance(algorithm + "/" + mode + "/" + paddingStr, "SunJCE"); 2.34 2.35 + // CBC init 2.36 if (mode.equals("CBC")) { 2.37 - int ivLen = (algorithm.equals("AES") ? 16 : algorithm.equals("DES") ? 8 : 0); 2.38 - IvParameterSpec initVector = new IvParameterSpec(new byte[ivLen]); 2.39 + IvParameterSpec initVector = new IvParameterSpec(iv); 2.40 cipher.init(Cipher.ENCRYPT_MODE, key, initVector); 2.41 + algParams = cipher.getParameters(); 2.42 + dCipher.init(Cipher.DECRYPT_MODE, key, initVector); 2.43 + 2.44 + // GCM init 2.45 } else if (mode.equals("GCM")) { 2.46 - iv = new byte[64]; 2.47 - random.nextBytes(iv); 2.48 - aad = new byte[5]; 2.49 - random.nextBytes(aad); 2.50 - gcm_init(); 2.51 + gcm_init(true); 2.52 + gcm_init(false); 2.53 + 2.54 + // ECB init 2.55 } else { 2.56 - algParams = cipher.getParameters(); 2.57 cipher.init(Cipher.ENCRYPT_MODE, key, algParams); 2.58 + dCipher.init(Cipher.DECRYPT_MODE, key, algParams); 2.59 } 2.60 - algParams = cipher.getParameters(); 2.61 - dCipher.init(Cipher.DECRYPT_MODE, key, algParams); 2.62 + 2.63 if (threadId == 0) { 2.64 childShowCipher(); 2.65 } 2.66 @@ -200,11 +205,18 @@ 2.67 2.68 abstract void childShowCipher(); 2.69 2.70 - void gcm_init() throws Exception { 2.71 - tlen = 12; 2.72 + void gcm_init(boolean encrypt) throws Exception { 2.73 gcm_spec = new GCMParameterSpec(tlen * 8, iv); 2.74 - cipher = Cipher.getInstance(algorithm + "/" + mode + "/" + paddingStr, "SunJCE"); 2.75 - cipher.init(Cipher.ENCRYPT_MODE, key, gcm_spec); 2.76 - cipher.update(aad); 2.77 + if (encrypt) { 2.78 + // Get a new instance everytime because of reuse IV restrictions 2.79 + cipher = Cipher.getInstance(algorithm + "/" + mode + "/" + paddingStr, "SunJCE"); 2.80 + cipher.init(Cipher.ENCRYPT_MODE, key, gcm_spec); 2.81 + cipher.updateAAD(aad); 2.82 + } else { 2.83 + dCipher.init(Cipher.DECRYPT_MODE, key, gcm_spec); 2.84 + dCipher.updateAAD(aad); 2.85 + 2.86 + 2.87 + } 2.88 } 2.89 }
3.1 --- a/test/compiler/7184394/TestAESDecode.java Wed Jun 17 17:48:25 2015 -0700 3.2 +++ b/test/compiler/7184394/TestAESDecode.java Fri Jul 10 11:31:49 2015 -0700 3.3 @@ -32,7 +32,11 @@ 3.4 @Override 3.5 public void run() { 3.6 try { 3.7 - if (!noReinit) dCipher.init(Cipher.DECRYPT_MODE, key, algParams); 3.8 + if (mode.equals("GCM")) { 3.9 + gcm_init(false); 3.10 + } else if (!noReinit) { 3.11 + dCipher.init(Cipher.DECRYPT_MODE, key, algParams); 3.12 + } 3.13 decode = new byte[decodeLength]; 3.14 if (testingMisalignment) { 3.15 int tempSize = dCipher.update(encode, encOutputOffset, (decodeMsgSize - lastChunkSize), decode, decOutputOffset);
4.1 --- a/test/compiler/7184394/TestAESEncode.java Wed Jun 17 17:48:25 2015 -0700 4.2 +++ b/test/compiler/7184394/TestAESEncode.java Fri Jul 10 11:31:49 2015 -0700 4.3 @@ -33,7 +33,7 @@ 4.4 public void run() { 4.5 try { 4.6 if (mode.equals("GCM")) { 4.7 - gcm_init(); 4.8 + gcm_init(true); 4.9 } else if (!noReinit) { 4.10 cipher.init(Cipher.ENCRYPT_MODE, key, algParams); 4.11 }