RFR: 8253821: Improve ByteBuffer performance with GCM [v4]

Anthony Scarpino ascarpino at openjdk.java.net
Tue Nov 17 22:58:12 UTC 2020 

On Thu, 12 Nov 2020 20:17:39 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> checkOutputCapacity:  Yes.. The method includes the offsets for the output buffer, which I believe would verify that the output area in the buffer with offsets is large enough.
>> 
>> outWithPadding:  I understand the situation and I am assuming there are tests that cover this case.  Given it's a generic situation.
>
> Have you tested the outWithPadding situation? Given that the existing impl only write out the final result, I don't think you can assume that existing tests cover it. I have wrote a simple test to check it if you have not done so, can you try it out to be sure?
> 
> import java.io.PrintStream;
> import java.util.*;
> import java.security.*;
> import java.security.spec.*;
> 
> import javax.crypto.*;
> import javax.crypto.spec.*;
> 
> public class TestDoFinal {
> 
>     private static String ALGO = "AES";
>     private static int BLK_SIZE = 16;
> 
>     public static void main(String args[]) throws Exception {
> 
>         byte[] in = new byte[32];
>         Arrays.fill(in, (byte)8);
>         KeyGenerator kg = KeyGenerator.getInstance(ALGO, "SunJCE");
>         SecretKey skey = kg.generateKey();
>         Cipher ci = Cipher.getInstance(ALGO + "/CBC/PKCS5Padding", "SunJCE");
>         ci.init(Cipher.ENCRYPT_MODE, skey);
>         int inLen = in.length - BLK_SIZE;
>         byte[] out = ci.doFinal(in, 0, inLen);
>         System.out.println("=> enc " + inLen + " bytes, ret " +
>                 (out == null? "null":(out.length + " byte")));
> 
>         AlgorithmParameters param = ci.getParameters();
>         ci.init(Cipher.DECRYPT_MODE, skey, param);
>         int rLen = ci.doFinal(out, 0, out.length, in);
>         System.out.println("=> dec " + out.length + " bytes, ret " +
>                 rLen + " byte");
>         // check if more than rLen bytes are written into 'in'
>         for (int j = rLen; j < in.length; j++) {
>             if (in[j] != (byte)8) {
>                 throw new Exception("Value check failed at index " + j);
>             }
>         }
>         System.out.println("Test Passed");
>     }
> }

I tried to fix this, and I did for this test, but there other situations with update() that weren't working.  It would take some reworking of a few common methods during the doFinal process to handle this right.  I'm going to put an 'if()" so non-GCM modes create a new buffer like it did before.  It was a "nice to have' for this rfe that can be done with future work for other mode optimizations.

-------------

PR: https://git.openjdk.java.net/jdk/pull/411

More information about the security-dev mailing list