1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
|
// Copyright 2017 The Abseil Authors.
//
// Licensed under the Apache License, Version 2.0 (the"License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an"AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// HERMETIC NOTE: The randen_hwaes target must not introduce duplicate
// symbols from arbitrary system and other headers, since it may be built
// with different flags from other targets, using different levels of
// optimization, potentially introducing ODR violations.
#include "absl/random/internal/randen_detect.h"
#include <cstdint>
#include <cstring>
#include "absl/random/internal/platform.h"
#if defined(ABSL_ARCH_X86_64)
#define ABSL_INTERNAL_USE_X86_CPUID
#elif defined(ABSL_ARCH_PPC) || defined(ABSL_ARCH_ARM) || \
defined(ABSL_ARCH_AARCH64)
#if defined(__ANDROID__)
#define ABSL_INTERNAL_USE_ANDROID_GETAUXVAL
#define ABSL_INTERNAL_USE_GETAUXVAL
#elif defined(__linux__)
#define ABSL_INTERNAL_USE_LINUX_GETAUXVAL
#define ABSL_INTERNAL_USE_GETAUXVAL
#endif
#endif
#if defined(ABSL_INTERNAL_USE_X86_CPUID)
#if defined(_WIN32) || defined(_WIN64)
#include <intrin.h> // NOLINT(build/include_order)
#pragma intrinsic(__cpuid)
#else
// MSVC-equivalent __cpuid intrinsic function.
static void __cpuid(int cpu_info[4], int info_type) {
__asm__ volatile("cpuid \n\t"
: "=a"(cpu_info[0]), "=b"(cpu_info[1]), "=c"(cpu_info[2]),
"=d"(cpu_info[3])
: "a"(info_type), "c"(0));
}
#endif
#endif // ABSL_INTERNAL_USE_X86_CPUID
// On linux, just use the c-library getauxval call.
#if defined(ABSL_INTERNAL_USE_LINUX_GETAUXVAL)
extern "C" unsigned long getauxval(unsigned long type); // NOLINT(runtime/int)
static uint32_t GetAuxval(uint32_t hwcap_type) {
return static_cast<uint32_t>(getauxval(hwcap_type));
}
#endif
// On android, probe the system's C library for getauxval().
// This is the same technique used by the android NDK cpu features library
// as well as the google open-source cpu_features library.
//
// TODO(absl-team): Consider implementing a fallback of directly reading
// /proc/self/auxval.
#if defined(ABSL_INTERNAL_USE_ANDROID_GETAUXVAL)
#include <dlfcn.h>
static uint32_t GetAuxval(uint32_t hwcap_type) {
// NOLINTNEXTLINE(runtime/int)
typedef unsigned long (*getauxval_func_t)(unsigned long);
dlerror(); // Cleaning error state before calling dlopen.
void* libc_handle = dlopen("libc.so", RTLD_NOW);
if (!libc_handle) {
return 0;
}
uint32_t result = 0;
void* sym = dlsym(libc_handle, "getauxval");
if (sym) {
getauxval_func_t func;
memcpy(&func, &sym, sizeof(func));
result = static_cast<uint32_t>((*func)(hwcap_type));
}
dlclose(libc_handle);
return result;
}
#endif
namespace absl {
namespace random_internal {
// The default return at the end of the function might be unreachable depending
// on the configuration. Ignore that warning.
#if defined(__clang__)
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wunreachable-code-return"
#endif
// CPUSupportsRandenHwAes returns whether the CPU is a microarchitecture
// which supports the crpyto/aes instructions or extensions necessary to use the
// accelerated RandenHwAes implementation.
//
// 1. For x86 it is sufficient to use the CPUID instruction to detect whether
// the cpu supports AES instructions. Done.
//
// Fon non-x86 it is much more complicated.
//
// 2. When ABSL_INTERNAL_USE_GETAUXVAL is defined, use getauxval() (either
// the direct c-library version, or the android probing version which loads
// libc), and read the hardware capability bits.
// This is based on the technique used by boringssl uses to detect
// cpu capabilities, and should allow us to enable crypto in the android
// builds where it is supported.
//
// 3. Use the default for the compiler architecture.
//
bool CPUSupportsRandenHwAes() {
#if defined(ABSL_INTERNAL_USE_X86_CPUID)
// 1. For x86: Use CPUID to detect the required AES instruction set.
int regs[4];
__cpuid(reinterpret_cast<int*>(regs), 1);
return regs[2] & (1 << 25); // AES
#elif defined(ABSL_INTERNAL_USE_GETAUXVAL)
// 2. Use getauxval() to read the hardware bits and determine
// cpu capabilities.
#define AT_HWCAP 16
#define AT_HWCAP2 26
#if defined(ABSL_ARCH_PPC)
// For Power / PPC: Expect that the cpu supports VCRYPTO
// See https://members.openpowerfoundation.org/document/dl/576
// VCRYPTO should be present in POWER8 >= 2.07.
// Uses Linux kernel constants from arch/powerpc/include/uapi/asm/cputable.h
static const uint32_t kVCRYPTO = 0x02000000;
const uint32_t hwcap = GetAuxval(AT_HWCAP2);
return (hwcap & kVCRYPTO) != 0;
#elif defined(ABSL_ARCH_ARM)
// For ARM: Require crypto+neon
// http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0500f/CIHBIBBA.html
// Uses Linux kernel constants from arch/arm64/include/asm/hwcap.h
static const uint32_t kNEON = 1 << 12;
uint32_t hwcap = GetAuxval(AT_HWCAP);
if ((hwcap & kNEON) == 0) {
return false;
}
// And use it again to detect AES.
static const uint32_t kAES = 1 << 0;
const uint32_t hwcap2 = GetAuxval(AT_HWCAP2);
return (hwcap2 & kAES) != 0;
#elif defined(ABSL_ARCH_AARCH64)
// For AARCH64: Require crypto+neon
// http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0500f/CIHBIBBA.html
static const uint32_t kNEON = 1 << 1;
static const uint32_t kAES = 1 << 3;
const uint32_t hwcap = GetAuxval(AT_HWCAP);
return ((hwcap & kNEON) != 0) && ((hwcap & kAES) != 0);
#endif
#else // ABSL_INTERNAL_USE_GETAUXVAL
// 3. By default, assume that the compiler default.
return ABSL_HAVE_ACCELERATED_AES ? true : false;
#endif
// NOTE: There are some other techniques that may be worth trying:
//
// * Use an environment variable: ABSL_RANDOM_USE_HWAES
//
// * Rely on compiler-generated target-based dispatch.
// Using x86/gcc it might look something like this:
//
// int __attribute__((target("aes"))) HasAes() { return 1; }
// int __attribute__((target("default"))) HasAes() { return 0; }
//
// This does not work on all architecture/compiler combinations.
//
// * On Linux consider reading /proc/cpuinfo and/or /proc/self/auxv.
// These files have lines which are easy to parse; for ARM/AARCH64 it is quite
// easy to find the Features: line and extract aes / neon. Likewise for
// PPC.
//
// * Fork a process and test for SIGILL:
//
// * Many architectures have instructions to read the ISA. Unfortunately
// most of those require that the code is running in ring 0 /
// protected-mode.
//
// There are several examples. e.g. Valgrind detects PPC ISA 2.07:
// https://github.com/lu-zero/valgrind/blob/master/none/tests/ppc64/test_isa_2_07_part1.c
//
// MRS <Xt>, ID_AA64ISAR0_EL1 ; Read ID_AA64ISAR0_EL1 into Xt
//
// uint64_t val;
// __asm __volatile("mrs %0, id_aa64isar0_el1" :"=&r" (val));
//
// * Use a CPUID-style heuristic database.
//
// * On Apple (__APPLE__), AES is available on Arm v8.
// https://stackoverflow.com/questions/45637888/how-to-determine-armv8-features-at-runtime-on-ios
}
#if defined(__clang__)
#pragma clang diagnostic pop
#endif
} // namespace random_internal
} // namespace absl
|