Skip to content

Commit

Permalink
AArch64 assembly pack: authenticate return addresses.
Browse files Browse the repository at this point in the history 
ARMv8.3 adds pointer authentication extension, which in this case allows
to ensure that, when offloaded to stack, return address is same at return
as at entry to the subroutine. The new instructions are nops on processors
that don't implement the extension, so that the vetification is backward
compatible.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #8205)

(cherry picked from commit 9a18aae)
  • Loading branch information
@levitte
Andy Polyakov authored and levitte committed Feb 13, 2019
1 parent af250b3 commit 2cf7fd6
Show file tree
Hide file tree
Showing 8 changed files with 77 additions and 1 deletion.
2 changes: 2 additions & 0 deletions crypto/aes/asm/aesv8-armx.pl
View file
Expand Up @@ -262,6 +262,7 @@
${prefix}_set_decrypt_key:
___
$code.=<<___ if ($flavour =~ /64/);
.inst 0xd503233f // paciasp
stp x29,x30,[sp,#-16]!
add x29,sp,#0
___
Expand Down Expand Up @@ -305,6 +306,7 @@
___
$code.=<<___ if ($flavour =~ /64/);
ldp x29,x30,[sp],#16
.inst 0xd50323bf // autiasp
ret
___
$code.=<<___;
Expand Down
18 changes: 18 additions & 0 deletions crypto/aes/asm/vpaes-armv8.pl
View file
Expand Up @@ -255,6 +255,7 @@
.type vpaes_encrypt,%function
.align 4
vpaes_encrypt:
.inst 0xd503233f // paciasp
stp x29,x30,[sp,#-16]!
add x29,sp,#0
Expand All @@ -264,6 +265,7 @@
st1 {v0.16b}, [$out]
ldp x29,x30,[sp],#16
.inst 0xd50323bf // autiasp
ret
.size vpaes_encrypt,.-vpaes_encrypt
Expand Down Expand Up @@ -486,6 +488,7 @@
.type vpaes_decrypt,%function
.align 4
vpaes_decrypt:
.inst 0xd503233f // paciasp
stp x29,x30,[sp,#-16]!
add x29,sp,#0
Expand All @@ -495,6 +498,7 @@
st1 {v0.16b}, [$out]
ldp x29,x30,[sp],#16
.inst 0xd50323bf // autiasp
ret
.size vpaes_decrypt,.-vpaes_decrypt
Expand Down Expand Up @@ -665,6 +669,7 @@
.type _vpaes_schedule_core,%function
.align 4
_vpaes_schedule_core:
.inst 0xd503233f // paciasp
stp x29, x30, [sp,#-16]!
add x29,sp,#0
Expand Down Expand Up @@ -829,6 +834,7 @@
eor v6.16b, v6.16b, v6.16b // vpxor %xmm6, %xmm6, %xmm6
eor v7.16b, v7.16b, v7.16b // vpxor %xmm7, %xmm7, %xmm7
ldp x29, x30, [sp],#16
.inst 0xd50323bf // autiasp
ret
.size _vpaes_schedule_core,.-_vpaes_schedule_core
Expand Down Expand Up @@ -1041,6 +1047,7 @@
.type vpaes_set_encrypt_key,%function
.align 4
vpaes_set_encrypt_key:
.inst 0xd503233f // paciasp
stp x29,x30,[sp,#-16]!
add x29,sp,#0
stp d8,d9,[sp,#-16]! // ABI spec says so
Expand All @@ -1056,13 +1063,15 @@
ldp d8,d9,[sp],#16
ldp x29,x30,[sp],#16
.inst 0xd50323bf // autiasp
ret
.size vpaes_set_encrypt_key,.-vpaes_set_encrypt_key
.globl vpaes_set_decrypt_key
.type vpaes_set_decrypt_key,%function
.align 4
vpaes_set_decrypt_key:
.inst 0xd503233f // paciasp
stp x29,x30,[sp,#-16]!
add x29,sp,#0
stp d8,d9,[sp,#-16]! // ABI spec says so
Expand All @@ -1082,6 +1091,7 @@
ldp d8,d9,[sp],#16
ldp x29,x30,[sp],#16
.inst 0xd50323bf // autiasp
ret
.size vpaes_set_decrypt_key,.-vpaes_set_decrypt_key
___
Expand All @@ -1098,6 +1108,7 @@
cmp w5, #0 // check direction
b.eq vpaes_cbc_decrypt
.inst 0xd503233f // paciasp
stp x29,x30,[sp,#-16]!
add x29,sp,#0
Expand All @@ -1120,13 +1131,15 @@
st1 {v0.16b}, [$ivec] // write ivec
ldp x29,x30,[sp],#16
.inst 0xd50323bf // autiasp
.Lcbc_abort:
ret
.size vpaes_cbc_encrypt,.-vpaes_cbc_encrypt
.type vpaes_cbc_decrypt,%function
.align 4
vpaes_cbc_decrypt:
.inst 0xd503233f // paciasp
stp x29,x30,[sp,#-16]!
add x29,sp,#0
stp d8,d9,[sp,#-16]! // ABI spec says so
Expand Down Expand Up @@ -1168,6 +1181,7 @@
ldp d10,d11,[sp],#16
ldp d8,d9,[sp],#16
ldp x29,x30,[sp],#16
.inst 0xd50323bf // autiasp
ret
.size vpaes_cbc_decrypt,.-vpaes_cbc_decrypt
___
Expand All @@ -1177,6 +1191,7 @@
.type vpaes_ecb_encrypt,%function
.align 4
vpaes_ecb_encrypt:
.inst 0xd503233f // paciasp
stp x29,x30,[sp,#-16]!
add x29,sp,#0
stp d8,d9,[sp,#-16]! // ABI spec says so
Expand Down Expand Up @@ -1210,13 +1225,15 @@
ldp d10,d11,[sp],#16
ldp d8,d9,[sp],#16
ldp x29,x30,[sp],#16
.inst 0xd50323bf // autiasp
ret
.size vpaes_ecb_encrypt,.-vpaes_ecb_encrypt
.globl vpaes_ecb_decrypt
.type vpaes_ecb_decrypt,%function
.align 4
vpaes_ecb_decrypt:
.inst 0xd503233f // paciasp
stp x29,x30,[sp,#-16]!
add x29,sp,#0
stp d8,d9,[sp,#-16]! // ABI spec says so
Expand Down Expand Up @@ -1250,6 +1267,7 @@
ldp d10,d11,[sp],#16
ldp d8,d9,[sp],#16
ldp x29,x30,[sp],#16
.inst 0xd50323bf // autiasp
ret
.size vpaes_ecb_decrypt,.-vpaes_ecb_decrypt
___
Expand Down
4 changes: 4 additions & 0 deletions crypto/bn/asm/armv8-mont.pl
View file
Expand Up @@ -287,6 +287,7 @@
cmp $ap,$bp
b.ne __bn_mul4x_mont
.Lsqr8x_mont:
.inst 0xd503233f // paciasp
stp x29,x30,[sp,#-128]!
add x29,sp,#0
stp x19,x20,[sp,#16]
Expand Down Expand Up @@ -1040,6 +1041,7 @@
ldp x25,x26,[x29,#64]
ldp x27,x28,[x29,#80]
ldr x29,[sp],#128
.inst 0xd50323bf // autiasp
ret
.size __bn_sqr8x_mont,.-__bn_sqr8x_mont
___
Expand All @@ -1063,6 +1065,7 @@
.type __bn_mul4x_mont,%function
.align 5
__bn_mul4x_mont:
.inst 0xd503233f // paciasp
stp x29,x30,[sp,#-128]!
add x29,sp,#0
stp x19,x20,[sp,#16]
Expand Down Expand Up @@ -1496,6 +1499,7 @@
ldp x25,x26,[x29,#64]
ldp x27,x28,[x29,#80]
ldr x29,[sp],#128
.inst 0xd50323bf // autiasp
ret
.size __bn_mul4x_mont,.-__bn_mul4x_mont
___
Expand Down
8 changes: 8 additions & 0 deletions crypto/chacha/asm/chacha-armv8.pl
View file
Expand Up @@ -157,6 +157,7 @@ sub ROUND {
b.ne ChaCha20_neon
.Lshort:
.inst 0xd503233f // paciasp
stp x29,x30,[sp,#-96]!
add x29,sp,#0
Expand Down Expand Up @@ -276,6 +277,7 @@ sub ROUND {
ldp x25,x26,[x29,#64]
ldp x27,x28,[x29,#80]
ldp x29,x30,[sp],#96
.inst 0xd50323bf // autiasp
.Labort:
ret
Expand Down Expand Up @@ -332,6 +334,7 @@ sub ROUND {
ldp x25,x26,[x29,#64]
ldp x27,x28,[x29,#80]
ldp x29,x30,[sp],#96
.inst 0xd50323bf // autiasp
ret
.size ChaCha20_ctr32,.-ChaCha20_ctr32
___
Expand Down Expand Up @@ -377,6 +380,7 @@ sub NEONROUND {
.type ChaCha20_neon,%function
.align 5
ChaCha20_neon:
.inst 0xd503233f // paciasp
stp x29,x30,[sp,#-96]!
add x29,sp,#0
Expand Down Expand Up @@ -575,6 +579,7 @@ sub NEONROUND {
ldp x25,x26,[x29,#64]
ldp x27,x28,[x29,#80]
ldp x29,x30,[sp],#96
.inst 0xd50323bf // autiasp
ret
.Ltail_neon:
Expand Down Expand Up @@ -684,6 +689,7 @@ sub NEONROUND {
ldp x25,x26,[x29,#64]
ldp x27,x28,[x29,#80]
ldp x29,x30,[sp],#96
.inst 0xd50323bf // autiasp
ret
.size ChaCha20_neon,.-ChaCha20_neon
___
Expand All @@ -696,6 +702,7 @@ sub NEONROUND {
.type ChaCha20_512_neon,%function
.align 5
ChaCha20_512_neon:
.inst 0xd503233f // paciasp
stp x29,x30,[sp,#-96]!
add x29,sp,#0
Expand Down Expand Up @@ -1114,6 +1121,7 @@ sub NEONROUND {
ldp x25,x26,[x29,#64]
ldp x27,x28,[x29,#80]
ldp x29,x30,[sp],#96
.inst 0xd50323bf // autiasp
ret
.size ChaCha20_512_neon,.-ChaCha20_512_neon
___
Expand Down

0 comments on commit 2cf7fd6

Please sign in to comment.