1 // Copyright 2018 The BoringSSL Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include <openssl/base.h>
16
17 #if defined(BORINGSSL_DISPATCH_TEST) && !defined(BORINGSSL_SHARED_LIBRARY)
18
19 #include <functional>
20 #include <utility>
21 #include <vector>
22
23 #include <openssl/aead.h>
24 #include <openssl/aes.h>
25 #include <openssl/mem.h>
26
27 #include <gtest/gtest.h>
28
29 #include "internal.h"
30
31
32 class ImplDispatchTest : public ::testing::Test {
33 public:
SetUp()34 void SetUp() override {
35 #if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
36 aesni_ = CRYPTO_is_AESNI_capable();
37 avx_movbe_ = CRYPTO_is_AVX_capable() && CRYPTO_is_MOVBE_capable();
38 ssse3_ = CRYPTO_is_SSSE3_capable();
39 vaes_ = CRYPTO_is_VAES_capable() && CRYPTO_is_VPCLMULQDQ_capable() &&
40 CRYPTO_is_AVX2_capable();
41 avx512_ = CRYPTO_is_AVX512BW_capable() && CRYPTO_is_AVX512VL_capable() &&
42 CRYPTO_is_BMI2_capable();
43 avoid_zmm_ = CRYPTO_cpu_avoid_zmm_registers();
44 is_x86_64_ =
45 #if defined(OPENSSL_X86_64)
46 true;
47 #else
48 false;
49 #endif
50 #endif // X86 || X86_64
51 }
52
53 protected:
54 // AssertFunctionsHit takes a list of pairs (flag index, boolean), and a
55 // function to test. It runs the given function and asserts, for each flag
56 // index, that the boolean reflects whether that flag index was written or
57 // not, and that no other flagged functions were triggered.
AssertFunctionsHit(std::vector<std::pair<size_t,bool>> flags,std::function<void ()> f)58 void AssertFunctionsHit(std::vector<std::pair<size_t, bool>> flags,
59 std::function<void()> f) {
60 OPENSSL_memset(BORINGSSL_function_hit, 0, sizeof(BORINGSSL_function_hit));
61
62 f();
63
64 for (const auto& flag : flags) {
65 SCOPED_TRACE(flag.first);
66
67 ASSERT_LT(flag.first, sizeof(BORINGSSL_function_hit));
68 EXPECT_EQ(flag.second, BORINGSSL_function_hit[flag.first] == 1);
69 BORINGSSL_function_hit[flag.first] = 0;
70 }
71
72 for (size_t i = 0; i < sizeof(BORINGSSL_function_hit); i++) {
73 EXPECT_EQ(0u, BORINGSSL_function_hit[i])
74 << "Flag " << i << " unexpectedly hit";
75 }
76 }
77
78 #if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
79 bool aesni_ = false;
80 bool avx_movbe_ = false;
81 bool ssse3_ = false;
82 bool is_x86_64_ = false;
83 bool vaes_ = false;
84 bool avx512_ = false;
85 bool avoid_zmm_ = false;
86 #endif
87 };
88
89 #if !defined(OPENSSL_NO_ASM) && \
90 (defined(OPENSSL_X86) || defined(OPENSSL_X86_64))
91
92 constexpr size_t kFlag_aes_hw_ctr32_encrypt_blocks = 0;
93 constexpr size_t kFlag_aes_hw_encrypt = 1;
94 constexpr size_t kFlag_aesni_gcm_encrypt = 2;
95 constexpr size_t kFlag_aes_hw_set_encrypt_key = 3;
96 constexpr size_t kFlag_vpaes_encrypt = 4;
97 constexpr size_t kFlag_vpaes_set_encrypt_key = 5;
98 constexpr size_t kFlag_aes_gcm_enc_update_vaes_avx2 = 6;
99 constexpr size_t kFlag_aes_gcm_enc_update_vaes_avx512 = 7;
100
TEST_F(ImplDispatchTest,AEAD_AES_GCM)101 TEST_F(ImplDispatchTest, AEAD_AES_GCM) {
102 AssertFunctionsHit(
103 {
104 {kFlag_aes_hw_ctr32_encrypt_blocks, aesni_ && !(is_x86_64_ && vaes_)},
105 {kFlag_aes_hw_encrypt, aesni_},
106 {kFlag_aes_hw_set_encrypt_key, aesni_},
107 {kFlag_aesni_gcm_encrypt,
108 is_x86_64_ && aesni_ && avx_movbe_ && !vaes_},
109 {kFlag_vpaes_encrypt, ssse3_ && !aesni_},
110 {kFlag_vpaes_set_encrypt_key, ssse3_ && !aesni_},
111 {kFlag_aes_gcm_enc_update_vaes_avx2,
112 is_x86_64_ && vaes_ && !(avx512_ && !avoid_zmm_)},
113 {kFlag_aes_gcm_enc_update_vaes_avx512,
114 is_x86_64_ && vaes_ && avx512_ && !avoid_zmm_},
115 },
116 [] {
117 const uint8_t kZeros[16] = {0};
118 const uint8_t kPlaintext[40] = {1, 2, 3, 4, 0};
119 uint8_t ciphertext[sizeof(kPlaintext) + 16];
120 size_t ciphertext_len;
121 bssl::ScopedEVP_AEAD_CTX ctx;
122 ASSERT_TRUE(EVP_AEAD_CTX_init(ctx.get(), EVP_aead_aes_128_gcm(), kZeros,
123 sizeof(kZeros),
124 EVP_AEAD_DEFAULT_TAG_LENGTH, nullptr));
125 ASSERT_TRUE(EVP_AEAD_CTX_seal(
126 ctx.get(), ciphertext, &ciphertext_len, sizeof(ciphertext), kZeros,
127 EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()), kPlaintext,
128 sizeof(kPlaintext), nullptr, 0));
129 });
130 }
131
TEST_F(ImplDispatchTest,AES_set_encrypt_key)132 TEST_F(ImplDispatchTest, AES_set_encrypt_key) {
133 AssertFunctionsHit(
134 {
135 {kFlag_aes_hw_set_encrypt_key, aesni_},
136 {kFlag_vpaes_set_encrypt_key, ssse3_ && !aesni_},
137 },
138 [] {
139 AES_KEY key;
140 static const uint8_t kZeros[16] = {0};
141 AES_set_encrypt_key(kZeros, sizeof(kZeros) * 8, &key);
142 });
143 }
144
TEST_F(ImplDispatchTest,AES_single_block)145 TEST_F(ImplDispatchTest, AES_single_block) {
146 AES_KEY key;
147 static const uint8_t kZeros[16] = {0};
148 AES_set_encrypt_key(kZeros, sizeof(kZeros) * 8, &key);
149
150 AssertFunctionsHit(
151 {
152 {kFlag_aes_hw_encrypt, aesni_},
153 {kFlag_vpaes_encrypt, ssse3_ && !aesni_},
154 },
155 [&key] {
156 uint8_t in[AES_BLOCK_SIZE] = {0};
157 uint8_t out[AES_BLOCK_SIZE];
158 AES_encrypt(in, out, &key);
159 });
160 }
161
162 #endif // X86 || X86_64
163
164 #endif // DISPATCH_TEST && !SHARED_LIBRARY
165