JDK-6591117 : Poor preformance of PKCS#11 security provider compared to Sun default provider
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Affected Version: 1.4.2,5.0u15
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: solaris_10
  • CPU: generic,sparc
  • Submitted: 2007-08-09
  • Updated: 2010-12-03
  • Resolved: 2010-04-14
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other JDK 6 JDK 7 Other
5.0u18Fixed 6u18-revFixed 7 b89Fixed OpenJDK6Fixed
Related Reports
Relates :  
Description
Poor performance of random number generation when  using PKCS#11 security provider compared to Sun default security provider. See testcase below :

% cat RandomTest.java
import java.security.SecureRandom;
import java.util.Random;
import java.security.Security;
import java.security.Provider;

public class RandomTest
{
    private static final char SESSION_CHARS[] = {
        'Q', 'B', 'C', 'D', 'G', 'F', 'G', 'H', 'L', 'J', 
        'K', 'L', 'M', 'N', 'T', 'P', 'Q', 'R', 'S', 'T', 
        'J', 'V', 'W', 'X', 'Y', 'Z', 'h', 'b', 'c', 'd', 
        'p', 'f', 'g', 'h', 'v', 'j', 'k', 'l', 'm', 'n', 
        'y', 'p', 'q', 'r', 's', 't', 'n', 'v', 'w', 'x', 
        'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', 
        '8', '9', '2', '1'
    };
    
    private static int ID_LENGTH = 48;
    private static int COUNT = 10000;
    
    private SecureRandom securerandom;
    
    public static void main( String args[] )  throws Exception
    {
        RandomTest randomTest = new RandomTest();

        randomTest.printInfo();
        
        System.out.println( "Starting test...." );
        
        long startTime = System.currentTimeMillis();
        
        for( int i=0; i<COUNT; i++ )
        {
            randomTest.getNextId();
        }
        
        long endTime = System.currentTimeMillis();
        
        System.out.println( "Test completed." );
        System.out.println( "Total time millis: " + (endTime - startTime) );
        System.out.println( "Average ID generation time millis: " + ((double)(endTime - startTime))/COUNT );
    }

    protected void printInfo() throws Exception
    {
      //securerandom = SecureRandom.getInstance("SHA1PRNG", "SUN");
      //securerandom = SecureRandom.getInstance("NativePRNG", "SUN");
      securerandom = new SecureRandom();

        System.out.println( "Used provider:" );
        System.out.println( securerandom.getProvider() );
        System.out.println( "Used algorithm:" );
        System.out.println( securerandom.getAlgorithm() );
    }

    private String getNextId()
    {
        char ac[] = new char[ID_LENGTH];
        int i = (int)(System.currentTimeMillis() / 1000L);
        
        //SecureRandom securerandom = LocalRJVM.getLocalRJVM().getSecureRandom();
        for(int j = 0; j < ID_LENGTH; j++)
            if(j <= 3 || j >= 8)
                ac[j] = SESSION_CHARS[securerandom.nextInt(SESSION_CHARS.length)];

        ac[4] = SESSION_CHARS[i >> 24 & 0x3f];
        ac[5] = SESSION_CHARS[i >> 16 & 0x3f];
        ac[6] = SESSION_CHARS[i >> 8 & 0x3f];
        ac[7] = SESSION_CHARS[i & 0x1f];
        
        return new String(ac);
    }    
}


% uname -a
SunOS xxx 5.10 Generic_118833-36 sun4u sparc SUNW,Sun-Blade-100
% java -version
java version "1.5.0_11"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_11-b03)
Java HotSpot(TM) Client VM (build 1.5.0_11-b03, mixed mode, sharing)
% javac RandomTest.java
% java RandomTest
Used provider:
SUN version 1.5
Used algorithm:
SHA1PRNG
Starting test....
Test completed.
Total time millis: 1617
Average ID generation time millis: 0.1617
% javac RandomTest.java
% java RandomTest
Used provider:
SUN version 1.5
Used algorithm:
NativePRNG
Starting test....
Test completed.
Total time millis: 3633
Average ID generation time millis: 0.3633
% javac RandomTest.java
% java RandomTest
Used provider:
SunPKCS11-Solaris version 1.5
Used algorithm:
PKCS11
Starting test....
Test completed.
Total time millis: 8539
Average ID generation time millis: 0.8539

Comments
EVALUATION Will fix by adding internal buffer so to avoid making native calls for every java call.
02-04-2009