JDK-8143925 : enhancing CounterMode.crypt() for AESCrypt.implEncryptBlock()
  • Type: Enhancement
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 8,9
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: x86
  • Submitted: 2015-11-24
  • Updated: 2021-05-31
  • Resolved: 2015-12-29
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8u241Fixed 9 b103Fixed
Related Reports
Relates :  
JDK-8146581 - Minor corrections to the patch submitted for earlier bug id - 8143925
Relates :  
JDK-8135250 - Replace custom crypto check/range functionality with check index/range methods in java.util.Objects
Relates :  
JDK-8267993 - [aarch64] Implement intrinsic for CounterMode::implCrypt()
Description
The request is to leverage the parallel nature of AES in Counter (CTR) Mode. In a single threaded implementation, this can be achieved by issuing independent x86 AES-NI instructions.
Presently, there is an intrinsic for AESCrypt.implEncryptBlock(), which is called by CounterMode.crypt() method. However, the intrinsic works on one block at a time. The x86 AES-NI instructions have a latency of 6 or 7 clocks depending on the architecture. Since every AESENC instructions issued by this intrinsic is dependent on the earlier one, it does not take advantage of the CPU pipeline.
We can optimize the performance of CounterMode.crypt() method by 4x-6x by issuing independent instructions from up to 6 blocks in parallel.
Comments
Updated webrev.01 http://cr.openjdk.java.net/~vdeshpande/8143925/webrev.01/
29-12-2015
Updated webrev.00 http://cr.openjdk.java.net/~vdeshpande/8143925/webrev.00/
24-12-2015
Hotspot and jdk code contributed by Kishor Kharbas, hotspot: http://cr.openjdk.java.net/~mcberg/8143925/hotspot/webrev.04/ Note: webrev.05 was malformed - need an update 12/9/15 jdk: http://cr.openjdk.java.net/~mcberg/8143925/jdk/webrev.02/
09-12-2015
COPE OF THE INTRINSIC-----------------------------------------------------When creating a cipher the application specifies a "transformation" consisting of "algorithm/mode/padding". For more details see http://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.htmlThis intrinsic kicks in only when the mode is "CTR" and algorithm is "AES". The predicate for this intrinsic checks whether the 'embeddedCipher' field of 'CounterMode' object is an instance of 'AESCrypt' class.SUMMARY OF CHANGES-----------------------------------------------------1. Correction to the instruction encoding of pextrd and pextrq by existing functions. src/cpu/x86/vm/assembler_x86.cpp src/cpu/x86/vm/assembler_x86.hpp2. Declaration of hotspot Intrinsics: src/share/vm/classfile/vmSymbols.cpp src/share/vm/classfile/vmSymbols.hpp src/share/vm/opto/c2compiler.cpp3. The main logic for building up the calls to the stubs at compile (C2) time. src/share/vm/opto/library_call.cpp src/share/vm/opto/runtime.cpp src/share/vm/opto/runtime.hpp src/share/vm/opto/escape.cpp4. Generate the stub routines. The CTR mode logic is implemented here. src/cpu/x86/vm/stubGenerator_x86_32.cpp src/cpu/x86/vm/stubGenerator_x86_64.cpp5. Definition of the new stubs src/cpu/x86/vm/stubRoutines_x86.cpp src/cpu/x86/vm/stubRoutines_x86.hpp src/cpu/x86/vm/stubRoutines_x86_64.hpp src/cpu/x86/vm/stubRoutines_x86_32.hpp src/share/vm/runtime/stubRoutines.cpp src/share/vm/runtime/stubRoutines.hppTESTING-----------------------------------------------------The implementation is tested using example vectors provided by "NIST Special Publication 800-38A" (http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf)The included "AES.java" was used for testing.PERFORMANCE-----------------------------------------------------For performance we use the micro benchmark "CTRBenchMark.java" provided herewith.Following is the observed speedupArchitecture CounterMode encryption Counter decryption================================================================================ Sandy Bridge 5.75x
24-11-2015