RFR: 8318756 Create better internal buffer for AEADs

Eirik Bjorsnos duke at openjdk.org
Fri Dec 8 21:36:30 UTC 2023 

On Thu, 23 Nov 2023 01:04:15 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:

>> Hi,
>> 
>> I need a review for a new internal buffer class called AEADBufferStream.  AEADBufferStream extends ByteArrayOutputStream, but eliminates some data checking and copying that are not necessary for what GaloisCounterMode.java and ChaCha20Cipher.java need.  
>> 
>> The changes greatest benefit is with decryption operations.  ChaCha20-Poly1305 had larger performance gains by adopting similar techniques that AES/GCM already uses. 
>> 
>> The new buffer shows up to 21% bytes/sec performance increase for decryption for ChaCha20-Poly1305 and 12% for AES/GCM.  16K data sizes saw a memory usage reduction of 46% with and 83% with ChaCha20-Poly1305.  These results come from the JMH tests updated in this request and memory usage using the JMH gc profile gc.alloc.rate.norm entry
>> 
>> thanks
>> 
>> Tony
>
> Noteworthy perf data (ops/sec)
> <html xmlns:v="urn:schemas-microsoft-com:vml"
> xmlns:o="urn:schemas-microsoft-com:office:office"
> xmlns:x="urn:schemas-microsoft-com:office:excel"
> xmlns="http://www.w3.org/TR/REC-html40">
> 
> <head>
> 
> <meta name=ProgId content=Excel.Sheet>
> <meta name=Generator content="Microsoft Excel 15">
> <link id=Main-File rel=Main-File
> href="file:////Users/ascarpin/Library/Group%20Containers/UBF8T346G9.Office/TemporaryItems/msohtmlclip/clip.htm">
> <link rel=File-List
> href="file:////Users/ascarpin/Library/Group%20Containers/UBF8T346G9.Office/TemporaryItems/msohtmlclip/clip_filelist.xml">
> 
> 
> 
> </head>
> 
> <body link="#0563C1" vlink="#954F72">
> 
> 
> Benchmark | dataMethod | dataSize | AEADBuffer | jdk-dev |  Diff
> -- | -- | -- | -- | -- | --
> CC20P1305ByteBuffer.decrypt | direct | 1024 | 577804.81 | 549630.383 | 105.13%
> CC20P1305ByteBuffer.decrypt | direct | 1500 | 424441.663 | 401452.037 | 105.73%
> CC20P1305ByteBuffer.decrypt | direct | 4096 | 186333.196 | 152909.993 | 121.86%
> CC20P1305ByteBuffer.decrypt | direct | 16384 | 49698.562 | 41966.387 | 118.42%
> CC20P1305ByteBuffer.decrypt | heap | 1024 | 586145.31 | 514277.384 | 113.97%
> CC20P1305ByteBuffer.decrypt | heap | 1500 | 429055.718 | 380859.773 | 112.65%
> CC20P1305ByteBuffer.decrypt | heap | 4096 | 179807.069 | 179241.327 | 100.32%
> CC20P1305ByteBuffer.decrypt | heap | 16384 | 51096.478 | 51097.68 | 100.00%
> CC20P1305ByteBuffer.decryptMultiPart | direct | 1024 | 553804.884 | 506750.657 | 109.29%
> CC20P1305ByteBuffer.decryptMultiPart | direct | 1500 | 399307.809 | 365691.011 | 109.19%
> CC20P1305ByteBuffer.decryptMultiPart | direct | 4096 | 180940.646 | 165152.892 | 109.56%
> CC20P1305ByteBuffer.decryptMultiPart | direct | 16384 | 49117.754 | 40808.57 | 120.36%
> CC20P1305ByteBuffer.decryptMultiPart | heap | 1024 | 567976.828 | 539087.765 | 105.36%
> CC20P1305ByteBuffer.decryptMultiPart | heap | 1500 | 415070.529 | 400061.343 | 103.75%
> CC20P1305ByteBuffer.decryptMultiPart | heap | 4096 | 180878.684 | 178758.204 | 101.19%
> CC20P1305ByteBuffer.decryptMultiPart | heap | 16384 | 48541.737 | 46645.72 | 104.06%
> AESGCMByteBuffer.decrypt | heap | 1024 | 1826361.53 | 1796033.97 | 101.69%
> AESGCMByteBuffer.decrypt | heap | 1500 | 1245406.42 | 1109318.44 | 112.27%
> AESGCMByteBuffer.decrypt | heap | 4096 | 641359.437 | 617315.646 | 103.89%
> AESGCMByteBuffer.decrypt | heap | 16384 | 247719.061 | 238448.044 | 103.89%
> AESGCMByteBuffer.decryptMultiPart | direct | 1024 | 1574668.85 | 1483599.15 | 106.14%
> AESGCMByteBuffer.decryptMultiPart | d...

@ascarpino I'm seeing GHA test failures on `linux-x86` for `AEADBufferTest.java` after the integration of this change [1]


build/run-test-prebuilt/test-support/jtreg_test_jdk_tier1_part3/com/sun/crypto/provider/Cipher/AEAD/AEADBufferTest/hs_err_pid4225.log:

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00000000, pid=4225, tid=10054
#
# JRE version: OpenJDK Runtime Environment (23.0) (build 23-internal-eirbjo-f6a00f0cfe870a555c559063d7eab53366fa6d70)
# Java VM: OpenJDK Server VM (23-internal-eirbjo-f6a00f0cfe870a555c559063d7eab53366fa6d70, mixed mode, tiered, g1 gc, linux-x86)
# Problematic frame:
# J 6617 c2 com.sun.crypto.provider.ChaCha20Cipher.chaCha20Transform([BII[BI)V java.base at 23-internal (193 bytes) @ 0xef6677bd [0xef667440+0x0000037d]
#
# CreateCoredumpOnCrash turned off, no core file dumped
#
# If you would like to submit a bug report, please visit:
#   https://bugreport.java.com/bugreport/crash.jsp
#

---------------  S U M M A R Y ------------

Command Line: -Xmx768m -XX:MaxRAMPercentage=12.5 -Dtest.boot.jdk=/home/runner/work/jdk/jdk/bootjdk/jdk -Djava.io.tmpdir=/home/runner/work/jdk/jdk/build/run-test-prebuilt/test-support/jtreg_test_jdk_tier1_part3/tmp -ea -esa -XX:-CreateCoredumpOnCrash -Djava.library.path=/home/runner/work/jdk/jdk/bundles/tests/jdk/jtreg/native --patch-module=java.base=/home/runner/work/jdk/jdk/build/run-test-prebuilt/test-support/jtreg_test_jdk_tier1_part3/patches/java.base -Djava.security.policy=file:/home/runner/work/jdk/jdk/build/run-test-prebuilt/test-support/jtreg_test_jdk_tier1_part3/jtreg.policy com.sun.javatest.regtest.agent.AgentServer -id 7 -logfile /home/runner/work/jdk/jdk/build/run-test-prebuilt/test-support/jtreg_test_jdk_tier1_part3/jtData/agentServer.7.trace -allowSetSecurityManager -port 35137 -timeoutFactor 4.0

Host: AMD EPYC 7763 64-Core Processor, 4 cores, 15G, Ubuntu 22.04.3 LTS
Time: Fri Dec  8 21:03:25 2023 UTC elapsed time: 82.102203 seconds (0d 0h 1m 22s)

---------------  T H R E A D  ---------------

Current thread (0xb3ff0ea0):  JavaThread "AgentVMThread"            [_thread_in_Java, id=10054, stack(0xb50b0000,0xb5100000) (320K)]

Stack: [0xb50b0000,0xb5100000],  sp=0xb50fe910,  free space=314k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
J 6617 c2 com.sun.crypto.provider.ChaCha20Cipher.chaCha20Transform([BII[BI)V java.base at 23-internal (193 bytes) @ 0xef6677bd [0xef667440+0x0000037d]
J 6559 c1 com.sun.crypto.provider.ChaCha20Cipher$EngineAEADEnc.doUpdate([BII[BI)I java.base at 23-internal (148 bytes) @ 0xe82a5d64 [0xe82a5a40+0x00000324]
J 6598 c1 com.sun.crypto.provider.ChaCha20Cipher$EngineAEADEnc.doFinal([BII[BI)I java.base at 23-internal (64 bytes) @ 0xe82b55c0 [0xe82b54e0+0x000000e0]
J 6601 c1 com.sun.crypto.provider.ChaCha20Cipher.engineDoFinal([BII[BI)I java.base at 23-internal (52 bytes) @ 0xe82b6a98 [0xe82b6980+0x00000118]
J 6252 c1 javax.crypto.Cipher.doFinal([BII[BI)I java.base at 23-internal (59 bytes) @ 0xe8208878 [0xe8208600+0x00000278]
J 6218 c1 AEADBufferTest.crypto(ZLAEADBufferTest$Data;[B[B)V (1208 bytes) @ 0xe81eee40 [0xe81ebac0+0x00003380]
J 6277 c1 AEADBufferTest.encrypt(LAEADBufferTest$Data;)V (119 bytes) @ 0xe821a01c [0xe8218be0+0x0000143c]
j  AEADBufferTest.test()V+181
j  AEADBufferTest.main([Ljava/lang/String;)V+1458
j  java.lang.invoke.LambdaForm$DMH+0xb4402a58.invokeStatic(Ljava/lang/Object;Ljava/lang/Object;)V+10 java.base at 23-internal
j  java.lang.invoke.LambdaForm$MH+0xb0672280.invoke(Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;+33 java.base at 23-internal
J 4739 c2 jdk.internal.reflect.DirectMethodHandleAccessor.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; java.base at 23-internal (92 bytes) @ 0xef4d8dbc [0xef4d8ae0+0x000002dc]
J 2103 c1 java.lang.reflect.Method.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; java.base at 23-internal (108 bytes) @ 0xe796bb34 [0xe796b740+0x000003f4]
j  com.sun.javatest.regtest.agent.MainActionHelper$AgentVMRunnable.run()V+10
j  java.lang.Thread.runWith(Ljava/lang/Object;Ljava/lang/Runnable;)V+5 java.base at 23-internal
j  java.lang.Thread.run()V+19 java.base at 23-internal
v  ~StubRoutines::call_stub 0xeebe1c7c
V  [libjvm.so+0x6e58d2]  JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*)+0x232  (javaCalls.cpp:415)
V  [libjvm.so+0x6e64e5]  JavaCalls::call_virtual(JavaValue*, Handle, Klass*, Symbol*, Symbol*, JavaThread*)+0x195  (javaCalls.cpp:329)
V  [libjvm.so+0x7c5e7b]  thread_entry(JavaThread*, JavaThread*)+0x8b  (jvm.cpp:2937)
V  [libjvm.so+0x6ff668]  JavaThread::thread_main_inner() [clone .part.0]+0xb8  (javaThread.cpp:720)
V  [libjvm.so+0xc487e3]  Thread::call_run()+0xa3  (thread.cpp:220)
V  [libjvm.so+0xa34859]  thread_native_entry(Thread*)+0xf9  (os_linux.cpp:789)
C  [libc.so.6+0x86071]



[1] https://github.com/eirbjo/jdk/actions/runs/7145974602#user-content-com_sun_crypto_provider_cipher_aead_aeadbuffertest

-------------

PR Comment: https://git.openjdk.org/jdk/pull/16487#issuecomment-1847867767

More information about the security-dev mailing list