RFR: 8267125: AES Galois CounterMode (GCM) interleaved implementation using AVX512 + VAES instructions [v4]

Valerie Peng valeriep at openjdk.java.net
Fri Jul 30 20:19:38 UTC 2021


On Thu, 22 Jul 2021 22:52:14 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:

>> Yes, I know. Basically, we are trying to optimize performance by trying to write into the supplied buffers (out) as much as we can. But then when tag verification failed, the "written" bytes are erased w/ 0. Ideal case would be not to touch the output buffer until after the tag verification succeeds. Isn't this the previous approach? Verify the tag first and then write out the plain text afterwards.
>
> With this new intrinsic doing both ghash and gctr at the same time, I cannot do the that ghash check first before the gctr op.  I wish I could

Oh-well, ok.

-------------

PR: https://git.openjdk.java.net/jdk/pull/4019



More information about the security-dev mailing list