RFR: 8371450: AES performance improvements for key schedule generation [v3]
Ferenc Rakoczi
duke at openjdk.org
Sun Nov 9 19:45:08 UTC 2025
On Fri, 7 Nov 2025 22:45:33 GMT, Shawn M Emery <duke at openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/AES_Crypt.java line 1017:
>>
>>> 1015: | ((SBOX[(b1 & 0xF0) >> 4][b1 & 0x0F] & 0xFF) << 16)
>>> 1016: | ((SBOX[(b2 & 0xF0) >> 4][b2 & 0x0F] & 0xFF) << 8)
>>> 1017: | (SBOX[(word & 0xF0) >> 4][word & 0x0F] & 0xFF);
>>
>> I think there is no need for any of these bytes. Every index can be computed as "(word >> offset) & 0x0F". Actually, if you define SBOX as a 1-dim array, you can index into it with "(word >> offset) & 0xFF".
>
> Thank you for your review. The byte assignments were to avoid three redundant shift operations.
What were those "redundant shifts"?
What I am suggesting is:
return (SBOX(word >>>24] << 24) |
(SBOX[(word >> 16) & 0xFF] << 16) |
(SBOX[(word >> 8) & 0xFF] << 8) |
SBOX[word & 0xFF];
if you define SBOX as an int[256] array.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28188#discussion_r2508285414
More information about the security-dev
mailing list