RFR: 8326609: AES implementation with updates specified in FIPS 197

[Shawn M Emery]

On Tue, 26 Aug 2025 15:12:03 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> 1. I noticed some instance fields are passed into instance methods (for example, `rounds` into `genRKeys())`. Have you considered letting the methods access those fields directly, or make the methods static instead?

Good catch; I'll do the former and make updates in the next commit.  See commit 18acd27 for this change and for the method comments to declare mutable and immutable arguments.

> 2. I remember you used to have methods to generate the large constant arrays. Are they still useful?

In this case, the table generators were only meant to create the static lookup tables.  If we were concerned about constrained devices then dynamically generating the tables would be more appropriate, however I don't think that this was the goal with the original source code, given that the current size of AESCrypt is greater than my implementation.

> 3. There is an ongoing discussion about expanding AES to a larger block size. Does the rewrite have this in mind?

Good point; I believe the code is designed to be flexible in introducing a larger block size (i.e., Rijndael-256) given a couple of design elements; i) assigning 'len' to something like 'int WB2 = 8', ii) where there has been flattening for performance optimizations, the statements would be doubled (4->8), and iii) the proposed key size (256 bits) is already supported.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/26912#issuecomment-3226759891