RFR: 8267125: AES Galois CounterMode (GCM) interleaved implementation using AVX512 + VAES instructions [v4]

Anthony Scarpino ascarpino at openjdk.java.net
Thu Jul 22 22:55:09 UTC 2021


On Thu, 22 Jul 2021 22:41:03 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> This is able in-place, not about two separate buffers.. zeroing happens somewhere else for all decryption bad buffers
>
> Yes, I know. Basically, we are trying to optimize performance by trying to write into the supplied buffers (out) as much as we can. But then when tag verification failed, the "written" bytes are erased w/ 0. Ideal case would be not to touch the output buffer until after the tag verification succeeds. Isn't this the previous approach? Verify the tag first and then write out the plain text afterwards.

With this new intrinsic doing both ghash and gctr at the same time, I cannot do the that ghash check first before the gctr op.  I wish I could

-------------

PR: https://git.openjdk.java.net/jdk/pull/4019



More information about the security-dev mailing list