This is an automated email from the ASF dual-hosted git repository.
rduan pushed a commit to branch v2.0.0-preview
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-sgx-sdk.git
The following commit(s) were added to refs/heads/v2.0.0-preview by this push:
new 8d3bbe44 Fix IPP CPUID initialization to support some AVX512 advanced
instruction sets
8d3bbe44 is described below
commit 8d3bbe44077dc952de8892223fbc5bf051e67d40
Author: volcano <[email protected]>
AuthorDate: Wed Feb 7 11:23:08 2024 +0800
Fix IPP CPUID initialization to support some AVX512 advanced instruction
sets
---
.../sgx_crypto_sys/tcrypto/sgx_common_init_ipp.cpp | 24 +++++++++++++++++-----
sgx_protected_fs/tfs/src/sys/metadata.rs | 4 ++--
sgx_protected_fs/tfs/src/sys/node.rs | 4 ++--
3 files changed, 23 insertions(+), 9 deletions(-)
diff --git a/sgx_crypto/sgx_crypto_sys/tcrypto/sgx_common_init_ipp.cpp
b/sgx_crypto/sgx_crypto_sys/tcrypto/sgx_common_init_ipp.cpp
index b63a064e..24d66174 100644
--- a/sgx_crypto/sgx_crypto_sys/tcrypto/sgx_common_init_ipp.cpp
+++ b/sgx_crypto/sgx_crypto_sys/tcrypto/sgx_common_init_ipp.cpp
@@ -101,12 +101,12 @@ extern "C" sgx_status_t init_ipp_cpuid(uint64_t
cpu_feature_indicator)
{
ippCpuFeatures |= ippCPUID_RDSEED;
}
- if ((cpu_feature_indicator & CPU_FEATURE_SHA) == CPU_FEATURE_SHA)
+ if ((cpu_feature_indicator & CPU_FEATURE_SHA) == CPU_FEATURE_SHA)
{
ippCpuFeatures |= ippCPUID_SHA;
}
-
- // AVX512
+
+ // AVX512
if ((cpu_feature_indicator & CPU_FEATURE_AVX512F) ==
CPU_FEATURE_AVX512F)
{
ippCpuFeatures |= ippCPUID_AVX512F;
@@ -148,11 +148,26 @@ extern "C" sgx_status_t init_ipp_cpuid(uint64_t
cpu_feature_indicator)
{
ippCpuFeatures |= ippCPUID_AVX512_4FMADDPS;
}
-
+ if((cpu_feature_indicator & CPU_FEATURE_VAES) == CPU_FEATURE_VAES)
+ {
+ ippCpuFeatures |= ippCPUID_AVX512VAES;
+ }
if ((cpu_feature_indicator & CPU_FEATURE_AVX512IFMA52) ==
CPU_FEATURE_AVX512IFMA52)
{
ippCpuFeatures |= ippCPUID_AVX512IFMA;
}
+ if ((cpu_feature_indicator & CPU_FEATURE_GFNI) == CPU_FEATURE_GFNI)
+ {
+ ippCpuFeatures |= ippCPUID_AVX512GFNI;
+ }
+ if((cpu_feature_indicator & CPU_FEATURE_AVX512_VBMI2) ==
CPU_FEATURE_AVX512_VBMI2)
+ {
+ ippCpuFeatures |= ippCPUID_AVX512VBMI2;
+ }
+ if((cpu_feature_indicator & CPU_FEATURE_VPCLMULQDQ) ==
CPU_FEATURE_VPCLMULQDQ)
+ {
+ ippCpuFeatures |= ippCPUID_AVX512VCLMUL;
+ }
}
else
{
@@ -171,4 +186,3 @@ extern "C" sgx_status_t init_ipp_cpuid(uint64_t
cpu_feature_indicator)
}
return SGX_SUCCESS;
}
-
diff --git a/sgx_protected_fs/tfs/src/sys/metadata.rs
b/sgx_protected_fs/tfs/src/sys/metadata.rs
index 7f0e0f4a..01976539 100644
--- a/sgx_protected_fs/tfs/src/sys/metadata.rs
+++ b/sgx_protected_fs/tfs/src/sys/metadata.rs
@@ -248,7 +248,7 @@ impl MetadataInfo {
)?
} else {
let mut aes = AesGcm::new(key, Nonce::zeroed(),
Aad::from(&self.encrypted_plain))?;
- let mac = aes.encrypt(&[], &mut [])?;
+ let mac = aes.mac()?;
self.node
.metadata
.ciphertext
@@ -276,7 +276,7 @@ impl MetadataInfo {
Nonce::zeroed(),
Aad::from(&self.node.metadata.ciphertext),
)?;
- aes.decrypt(&[], &mut [], &self.node.metadata.plaintext.gmac)?;
+ aes.verify_mac(&self.node.metadata.plaintext.gmac)?;
self.encrypted_plain
.as_mut()
.copy_from_slice(self.node.metadata.ciphertext.as_ref());
diff --git a/sgx_protected_fs/tfs/src/sys/node.rs
b/sgx_protected_fs/tfs/src/sys/node.rs
index 813aca3e..853e5292 100644
--- a/sgx_protected_fs/tfs/src/sys/node.rs
+++ b/sgx_protected_fs/tfs/src/sys/node.rs
@@ -279,7 +279,7 @@ impl FileNode {
aes.encrypt(self.plaintext.as_ref(),
self.ciphertext.node_data.as_mut())?
} else {
let mut aes = AesGcm::new(key, Nonce::zeroed(),
Aad::from(&self.plaintext))?;
- let mac = aes.encrypt(&[], &mut [])?;
+ let mac = aes.mac()?;
self.ciphertext
.node_data
.as_mut()
@@ -312,7 +312,7 @@ impl FileNode {
)?
} else {
let mut aes = AesGcm::new(key, Nonce::zeroed(),
Aad::from(&self.ciphertext.node_data))?;
- aes.decrypt(&[], &mut [], mac)?;
+ aes.verify_mac(mac)?;
self.plaintext
.as_mut()
.copy_from_slice(self.ciphertext.node_data.as_ref());
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
