RFR: 8344144: AES/CBC slow at big payloads

Kevin Driver kdriver at openjdk.org
Wed Nov 13 21:37:44 UTC 2024 

On Wed, 13 Nov 2024 21:14:58 GMT, Volodymyr Paprotski <vpaprotski at openjdk.org> wrote:

> Measuring throughput with JMH parameters `-f 1 -i 2 -wi 3 -r 20 -w 30  -p algorithm=AES/CBC/NoPadding -p dataSize=30000000 -p provider=SunJCE -p keyLength=128 org.openjdk.bench.javax.crypto.full.AESBench`
> 
> Before:
> 
> Benchmark                (algorithm)  (dataSize)  (keyLength)  (provider)   Mode  Cnt   Score   Error  Units
> AESBench.decrypt   AES/CBC/NoPadding    30000000          128      SunJCE  thrpt    2  25.383          ops/s
> AESBench.decrypt2  AES/CBC/NoPadding    30000000          128      SunJCE  thrpt    2  32.230          ops/s
> AESBench.encrypt   AES/CBC/NoPadding    30000000          128      SunJCE  thrpt    2  20.489          ops/s
> AESBench.encrypt2  AES/CBC/NoPadding    30000000          128      SunJCE  thrpt    2  21.383          ops/s
> 
> 
> After:
> 
> Benchmark                (algorithm)  (dataSize)  (keyLength)  (provider)   Mode  Cnt    Score   Error  Units
> AESBench.decrypt   AES/CBC/NoPadding    30000000          128      SunJCE  thrpt    2  215.144          ops/s
> AESBench.decrypt2  AES/CBC/NoPadding    30000000          128      SunJCE  thrpt    2  411.265          ops/s
> AESBench.encrypt   AES/CBC/NoPadding    30000000          128      SunJCE  thrpt    2   64.341          ops/s
> AESBench.encrypt2  AES/CBC/NoPadding    30000000          128      SunJCE  thrpt    2   73.114          ops/s
> 
> 
> I have not deterministically proven why chunking works: before the change, the CBC intrinsic is not being used; and after chunking, it is. There is quite a bit of GC activity in the default AESBench, so `encrypt2/decrypt2` versions isolate just crypto (see comment below).

src/java.base/share/classes/com/sun/crypto/provider/CipherBlockChaining.java line 153:

> 151:         // chunkSize is multiple of block size, but otherwise fairly arbitrary
> 152:         // Should be large enough to provide intrinsic with optimization
> 153:         // oportunities

nit: type-o -> opportunities

src/java.base/share/classes/com/sun/crypto/provider/CipherBlockChaining.java line 155:

> 153:         // oportunities
> 154:         int processed = 0;
> 155:         final int chunkSize = 1024*100;

should probably be a constant -- maybe even a system property

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/22086#discussion_r1841201401
PR Review Comment: https://git.openjdk.org/jdk/pull/22086#discussion_r1841201127

More information about the security-dev mailing list