Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8046154

JEP 164: Leverage CPU Instructions for AES Cryptography

XMLWordPrintable

    • Icon: JEP JEP
    • Resolution: Delivered
    • Icon: P4 P4
    • 8
    • None
    • None
    • Vladimir Kozlov
    • Feature
    • Open
    • Implementation
    • hotspot dash compiler dash dev at openjdk dot java dot net
    • XS
    • XS
    • 164

      Summary

      Improve the out-of-box AES Crypto performance by using x86 AES instructions when available, and by avoiding unnecessary re-expansion of the AES key.

      Motivation

      AES encryption is common in applications and such applications expect good performance. We should make it easy to get that good performance out of the box for processors that support AES instructions in hardware.

      Description

      The intent of this change is to improve the out-of-the-box performance of applications that use AES cryptography. The hotspot compiler change (7184394) and the security library change (7185471) are actually completely independent except for the fact that they are both related to AES performance.

      The hotspot compiler AES instruction generation happens automatically if the x86 processor supports such instructions (there is a flag to turn this off if desired). These instructions can be generated on either 64-bit or 32-bit x86 systems. Other CPU types are not affected.

      The library change helps applications which use the same key but re-initialize the Cipher object, switching between encrypting and decrypting. Avoiding re-expansion of the key (7185471) changes only private variables within the com.sun.crypto.provider.AESCrypt class. No other classes are affected.

      Testing

      This change can be tested by standard benchmarks and application server test suites, either on systems that support x86 AES instructions or on systems that do not support x86 AES instructions to ensure there are no unintended side effects.

      Impact

      • Security: No impact, the changes are only improving performance
      • Performance/scalability: Need to verify performance of new implementation

            kvn Vladimir Kozlov
            kvn Vladimir Kozlov
            Vladimir Kozlov Vladimir Kozlov
            Mikael Vidstedt
            Mikael Vidstedt
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: