RFR: 8326609: AES implementation with updates specified in FIPS 197
Weijun Wang
weijun at openjdk.org
Tue Oct 7 21:53:11 UTC 2025
On Sat, 23 Aug 2025 06:55:14 GMT, Shawn M Emery <duke at openjdk.org> wrote:
> This is a draft PR for early review with the following intent:
>
> i) This work is to replace the existing AES cipher under the Cryptix license with an Oracle version.
>
> ii) The lookup tables are employed for performance, but also for operating in constant time.
>
> iii) Several blocks statements are flattened for optimization purposes.
>
> Note: I have not seen the original Cryptix code, so please don't refer to the deltas, but rather provide references based on the new AESCrypt.java code itself.
>
> Updates in this delta:
> Phase 2: Optimization - SW
> Phase 3: Optimization - HW
> Fix round key ordering for inverse
> Cleanup comments and style
> Remove extraneous code
> Create constant-time execution - including inverse multiplication Remove sensitive information - including temporary round key attributes
1. I noticed some instance fields are passed into instance methods (for example, `rounds` into `genRKeys())`. Have you considered letting the methods access those fields directly, or make the methods static instead?
2. I remember you used to have methods to generate the large constant arrays. Are they still useful?
3. There is an ongoing discussion about expanding AES to a larger block size. Does the rewrite have this in mind?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/26912#issuecomment-3224599283
More information about the security-dev
mailing list