[prev in list] [next in list] [prev in thread] [next in thread]
List: bouncycastle-crypto-dev
Subject: Re: [dev-crypto] Re: BCFIPS provider perfromance issues with aes encryption
From: David Hook <dgh () cryptoworkshop ! com>
Date: 2022-04-12 16:52:15
Message-ID: a563c521-bc73-1a58-3ea0-0991c3ac9a49 () cryptoworkshop ! com
[Download RAW message or body]
You'll find the ratio varies depending on how much data the benchmark is
trying to process and what AES mode is used. For such a small data size
the difference is dominated by constant rebuilding of the key schedule
as the benchmark shows.
The SunJCE is usually faster, at least these days, as it's able to use
the AES-NI instruction set on the CPU - the FIPS module on the other
hand is using a byte-code implementation which also erases intermediate
data in memory after processing. It is possible to certify a module
using AES-NI as well, but at that point the certification starts to
directly include the underlying hardware and operating system, as native
code has to be included as well, meaning the module can't just be moved
from JVM to JVM and remain compliant as described in the module's
security policy.
Regards,
David
On 12/4/22 18:15, Chavdar Chernashki wrote:
>
>
> Hi team,
>
> My company is planning to use bouncy castle to enforce fips
> compliance for encryption. I've used a simple jmh
> benchmark that is running in a loop with a lot of encryptions/
> decryption using java cipher for AES.
> I ran the attached benchmark on my machine(mac) and on our
> local bamboo server(linux) and got the following results
> *`mvn clean -B verify --file pom.xml exec:java`
> *
> |Benchmark Mode Cnt Score Error Units|
> |EncryptionBenchmark.fipsBcProviderEncryption thrpt 25
> 32008.062 ± 3524.149 ops/s|
> |EncryptionBenchmark.nonfipsEncryption thrpt 25 3235114.417 ±
> 136671.753 ops/s|
>
> where nonfipsEncryption is using SunJCE version 16 security
> provider and fipsBcProviderEncryption is using BCFIPS version
> 1.000203
>
> so it looks like BCFIPS is about 100x slower than the
> standard SunJCE.
>
> I also did some profiling on the same test and it looks like
> the hotspot is in
> |org.bouncycastle.cryptor.fips.AESEngine.generateWorkingKey
> |where 62 % of the cpu time is spent.
>
> Do you have any suggestions/reccomendations on how to improve
> the performance of the BCFips?
>
> ----
> public class BenchmarkRunner {
> public static void main(String[] args) throws Exception {
> org.openjdk.jmh.Main.main(args);
> }
> } -----
> @State(Scope.Benchmark)
> public class BcFipsExecutionPlan {
> public Cipher cipher;
> public KeyGenerator keyGen;
> public SecretKey aesKey;
> @Setup(Level.Trial)
> public void setUp() throws NoSuchPaddingException,
> NoSuchAlgorithmException, InvalidKeyException {
> Security.insertProviderAt(new BouncyCastleFipsProvider(), 1);
> keyGen = KeyGenerator.getInstance("AES");
> keyGen.init(256);
> System.out.println("key gen provider " + keyGen.getProvider());
> aesKey = new SecretKeySpec(keyGen.generateKey().getEncoded(), "AES");
> cipher = Cipher.getInstance("AES");
> System.out.println("cipher provider " + cipher.getProvider());
> }
> @TearDown(Level.Trial)
> public void tearDown() {
> Security.removeProvider(BouncyCastleFipsProvider.PROVIDER_NAME);
> }
> public byte[] encryptData(byte[] data) throws InvalidKeyException,
> IllegalBlockSizeException, BadPaddingException {
> cipher.init(Cipher.ENCRYPT_MODE, aesKey);
> return cipher.doFinal(data);
> }
> public String decryptData(byte[] encryptedData) throws
> IllegalBlockSizeException, BadPaddingException, InvalidKeyException {
> cipher.init(Cipher.DECRYPT_MODE, aesKey);
> return new String(cipher.doFinal(encryptedData));
> }
> } ---------
> @State(Scope.Benchmark)
> public class NonFipsExecutionPlan {
> public Cipher cipher;
> public KeyGenerator keyGen;
> public SecretKey aesKey;
> @Setup(Level.Trial)
> public void setUp() throws NoSuchPaddingException,
> NoSuchAlgorithmException {
> keyGen = KeyGenerator.getInstance("AES");
> keyGen.init(256);
> System.out.println("key gen provider " + keyGen.getProvider());
> aesKey = new SecretKeySpec(keyGen.generateKey().getEncoded(), "AES");
> cipher = Cipher.getInstance("AES");
> System.out.println("cipher provider " + cipher.getProvider());
> }
> public byte[] encryptData(byte[] data) throws InvalidKeyException,
> IllegalBlockSizeException, BadPaddingException {
> cipher.init(Cipher.ENCRYPT_MODE, aesKey);
> return cipher.doFinal(data);
> }
> public String decryptData(byte[] encryptedData) throws
> IllegalBlockSizeException, BadPaddingException, InvalidKeyException {
> cipher.init(Cipher.DECRYPT_MODE, aesKey);
> return new String(cipher.doFinal(encryptedData));
> }
> }
> ------
> public class EncryptionBenchmark {
> @Benchmark
> @BenchmarkMode(Mode.Throughput)
> public void fipsBcProviderEncryption(BcFipsExecutionPlan plan)
> throws IllegalBlockSizeException, BadPaddingException,
> InvalidKeyException {
> String sampleText = "sample text to encrypt";
> byte[] encrypted =
> plan.encryptData(sampleText.getBytes(StandardCharsets.UTF_8));
> String decrypted = plan.decryptData(encrypted);
> if(!sampleText.equals(decrypted)) {
> throw new RuntimeException("decryption failure " + decrypted);
> }
> }
> @Benchmark
> @BenchmarkMode(Mode.Throughput)
> public void nonfipsEncryption(NonFipsExecutionPlan plan) throws
> IllegalBlockSizeException, BadPaddingException, InvalidKeyException {
> String sampleText = "sample text to encrypt";
> byte[] encrypted =
> plan.encryptData(sampleText.getBytes(StandardCharsets.UTF_8));
> String decrypted = plan.decryptData(encrypted);
> if(!sampleText.equals(decrypted)) {
> throw new RuntimeException("decryption failure " + decrypted);
> }
> }
> }
>
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">You'll find the ratio varies depending
on how much data the benchmark is trying to process and what AES
mode is used. For such a small data size the difference is
dominated by constant rebuilding of the key schedule as the
benchmark shows.<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">The SunJCE is usually faster, at least
these days, as it's able to use the AES-NI instruction set on the
CPU - the FIPS module on the other hand is using a byte-code
implementation which also erases intermediate data in memory after
processing. It is possible to certify a module using AES-NI as
well, but at that point the certification starts to directly
include the underlying hardware and operating system, as native
code has to be included as well, meaning the module can't just be
moved from JVM to JVM and remain compliant as described in the
module's security policy.<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Regards,</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">David<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 12/4/22 18:15, Chavdar Chernashki
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAHQhmeqP2hU8JEfjaYtZOjH=sbfcr+fdqjch66z+DBH7He24ag@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr"><br>
Hi team,<br>
<br>
My company is planning to use bouncy castle to
enforce fips compliance for encryption. I've used a
simple jmh benchmark that is running in a loop with
a lot of encryptions/ decryption using java cipher
for AES.<br>
I ran the attached benchmark on my machine(mac) and
on our local bamboo server(linux) and got the
following results<br>
<b>`mvn clean -B verify --file pom.xml exec:java` <br>
</b><br>
<div
style="margin:0px;padding:0px;color:rgb(220,229,245);font-family:monospace;font-size:14px;letter-spacing:-0.07px;background-color:rgb(27,38,56)"><code \
style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:1.5;font-family:Monaco,Consolas,"Andale \
Mono WT","Andale Mono","Lucida Console","Lucida Sans \
Typewriter","DejaVu Sans Mono","Bitstream Vera Sans \
Mono","Liberation Mono","Nimbus Mono L","Courier \
New",Courier,monospace;display:block;height:18px;white-space:pre-wrap;padding:0px \
0px 0px 31px;box-sizing:border-box"><span>Benchmark \
Mode Cnt Score Error Units</span></code></div> <div
style="margin:0px;padding:0px;color:rgb(220,229,245);font-family:monospace;font-size:14px;letter-spacing:-0.07px;background-color:rgb(27,38,56)"><code \
style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:1.5;font-family:Monaco,Consolas,"Andale \
Mono WT","Andale Mono","Lucida Console","Lucida Sans \
Typewriter","DejaVu Sans Mono","Bitstream Vera Sans \
Mono","Liberation Mono","Nimbus Mono L","Courier \
New",Courier,monospace;display:block;height:18px;white-space:pre-wrap;padding:0px \
0px 0px 31px;box-sizing:border-box"><span>EncryptionBenchmark.fipsBcProviderEncryption \
thrpt 25 32008.062 ± 3524.149 ops/s</span></code></div> <div
style="margin:0px;padding:0px;color:rgb(220,229,245);font-family:monospace;font-size:14px;letter-spacing:-0.07px;background-color:rgb(27,38,56)"><code \
style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:1.5;font-family:Monaco,Consolas,"Andale \
Mono WT","Andale Mono","Lucida Console","Lucida Sans \
Typewriter","DejaVu Sans Mono","Bitstream Vera Sans \
Mono","Liberation Mono","Nimbus Mono L","Courier \
New",Courier,monospace;display:block;height:18px;white-space:pre-wrap;padding:0px \
0px 0px 31px;box-sizing:border-box"><span>EncryptionBenchmark.nonfipsEncryption \
thrpt 25 3235114.417 ± 136671.753 ops/s</span></code></div> <br>
where <span \
style="color:rgb(220,229,245);font-family:Monaco,Consolas,"Andale Mono \
WT","Andale Mono","Lucida Console","Lucida Sans \
Typewriter","DejaVu Sans Mono","Bitstream Vera Sans \
Mono","Liberation Mono","Nimbus Mono L","Courier \
New",Courier,monospace;font-size:12px;letter-spacing:-0.07px;white-space:pre-wrap;background-color:rgb(27,38,56)">nonfipsEncryption \
is using </span><span \
style="color:rgb(220,229,245);font-family:Monaco,Consolas,"Andale Mono \
WT","Andale Mono","Lucida Console","Lucida Sans \
Typewriter","DejaVu Sans Mono","Bitstream Vera Sans \
Mono","Liberation Mono","Nimbus Mono L","Courier \
New",Courier,monospace;font-size:12px;letter-spacing:-0.07px;white-space:pre-wrap;background-color:rgb(27,38,56)">SunJCE \
version 16 security provider </span>and <span \
style="color:rgb(220,229,245);font-family:Monaco,Consolas,"Andale Mono \
WT","Andale Mono","Lucida Console","Lucida Sans \
Typewriter","DejaVu Sans Mono","Bitstream Vera Sans \
Mono","Liberation Mono","Nimbus Mono L","Courier \
New",Courier,monospace;font-size:12px;letter-spacing:-0.07px;white-space:pre-wrap;background-color:rgb(27,38,56)">fipsBcProviderEncryption \
is using </span><span \
style="color:rgb(220,229,245);font-family:Monaco,Consolas,"Andale Mono \
WT","Andale Mono","Lucida Console","Lucida Sans \
Typewriter","DejaVu Sans Mono","Bitstream Vera Sans \
Mono","Liberation Mono","Nimbus Mono L","Courier \
New",Courier,monospace;font-size:12px;letter-spacing:-0.07px;white-space:pre-wrap;background-color:rgb(27,38,56)">BCFIPS \
version 1.000203</span><br> <br>
so it looks like BCFIPS is about 100x slower than
the standard SunJCE.<br>
<br>
I also did some profiling on the same test and it
looks like the hotspot is in <code \
style="font-family:SFMono-Medium,"SF Mono","Segoe UI \
Mono","Roboto Mono","Ubuntu \
Mono",Menlo,Consolas,Courier,monospace;font-size:0.875em;color:rgb(23,43,77);border-style:none;border-radius:3px;display:inline;padding:2px \
0.5ch 2px 0.5ch;white-space:pre-wrap;overflow:auto;letter-spacing:-0.08px">org.bouncycastle.cryptor.fips.AESEngine.generateWorkingKey
</code>where 62 % of the cpu time is spent.<br>
<br>
Do you have any suggestions/reccomendations on how
to improve the performance of the BCFips?<br>
</div>
</blockquote>
<div>----<br>
<div \
style="color:rgb(0,0,0);background-color:rgb(255,255,254);font-family:SFMono-Medium,"SF \
Mono","Segoe UI Mono","Roboto Mono","Ubuntu \
Mono",Menlo,monospace;font-size:13px;line-height:20px;white-space:pre-wrap"><div><span \
style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(9,30,66);font-weight:bold">class</span> <span \
style="color:rgb(32,32,32)">BenchmarkRunner</span> {</div><div> <span \
style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(9,30,66);font-weight:bold">static</span> <span \
style="color:rgb(9,30,66);font-weight:bold">void</span> <span \
style="color:rgb(32,32,32)">main</span>(<span \
style="color:rgb(32,32,32)">String</span>[] <span \
style="color:rgb(32,32,32)">args</span>) <span \
style="color:rgb(9,30,66);font-weight:bold">throws</span> <span \
style="color:rgb(32,32,32)">Exception</span> {</div><div> <span \
style="color:rgb(32,32,32)">org</span>.<span \
style="color:rgb(32,32,32)">openjdk</span>.<span \
style="color:rgb(32,32,32)">jmh</span>.<span \
style="color:rgb(32,32,32)">Main</span>.<span \
style="color:rgb(32,32,32)">main</span>(<span \
style="color:rgb(32,32,32)">args</span>);</div><div> }</div><div>}
-----
<div style="line-height:20px"><div><span \
style="color:rgb(128,128,128)">@State</span>(<span \
style="color:rgb(32,32,32)">Scope</span>.<span \
style="color:rgb(32,32,32)">Benchmark</span>)</div><div><span \
style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(9,30,66);font-weight:bold">class</span> <span \
style="color:rgb(32,32,32)">BcFipsExecutionPlan</span> {</div><div> <span \
style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(32,32,32)">Cipher</span> <span \
style="color:rgb(32,32,32)">cipher</span>;</div> <div> <span \
style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(32,32,32)">KeyGenerator</span> <span \
style="color:rgb(32,32,32)">keyGen</span>;</div> <div> <span \
style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(32,32,32)">SecretKey</span> <span \
style="color:rgb(32,32,32)">aesKey</span>;</div> <div> <span \
style="color:rgb(128,128,128)">@Setup</span>(<span \
style="color:rgb(32,32,32)">Level</span>.<span \
style="color:rgb(32,32,32)">Trial</span>)</div><div> <span \
style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(9,30,66);font-weight:bold">void</span> <span \
style="color:rgb(32,32,32)">setUp</span>() <span \
style="color:rgb(9,30,66);font-weight:bold">throws</span> <span \
style="color:rgb(32,32,32)">NoSuchPaddingException</span>, <span \
style="color:rgb(32,32,32)">NoSuchAlgorithmException</span>, <span \
style="color:rgb(32,32,32)">InvalidKeyException</span> {</div><div> <span \
style="color:rgb(32,32,32)">Security</span>.<span \
style="color:rgb(32,32,32)">insertProviderAt</span>(<span \
style="color:rgb(9,30,66);font-weight:bold">new</span> <span \
style="color:rgb(32,32,32)">BouncyCastleFipsProvider</span>(), <span \
style="color:rgb(101,84,192)">1</span>);</div><div> <span \
style="color:rgb(32,32,32)">keyGen</span> = <span \
style="color:rgb(32,32,32)">KeyGenerator</span>.<span \
style="color:rgb(32,32,32)">getInstance</span>(<span \
style="color:rgb(191,38,0)">"AES"</span>);</div><div> <span \
style="color:rgb(32,32,32)">keyGen</span>.<span \
style="color:rgb(32,32,32)">init</span>(<span \
style="color:rgb(101,84,192)">256</span>);</div><div> <span \
style="color:rgb(32,32,32)">System</span>.<span \
style="color:rgb(32,32,32)">out</span>.<span \
style="color:rgb(32,32,32)">println</span>(<span style="color:rgb(191,38,0)">"key gen \
provider "</span> + <span style="color:rgb(32,32,32)">keyGen</span>.<span \
style="color:rgb(32,32,32)">getProvider</span>());</div> <div> <span \
style="color:rgb(32,32,32)">aesKey</span> = <span \
style="color:rgb(9,30,66);font-weight:bold">new</span> <span \
style="color:rgb(32,32,32)">SecretKeySpec</span>(<span \
style="color:rgb(32,32,32)">keyGen</span>.<span \
style="color:rgb(32,32,32)">generateKey</span>().<span \
style="color:rgb(32,32,32)">getEncoded</span>(), <span \
style="color:rgb(191,38,0)">"AES"</span>);</div><div> <span \
style="color:rgb(32,32,32)">cipher</span> = <span \
style="color:rgb(32,32,32)">Cipher</span>.<span \
style="color:rgb(32,32,32)">getInstance</span>(<span \
style="color:rgb(191,38,0)">"AES"</span>);</div><div> <span \
style="color:rgb(32,32,32)">System</span>.<span \
style="color:rgb(32,32,32)">out</span>.<span \
style="color:rgb(32,32,32)">println</span>(<span style="color:rgb(191,38,0)">"cipher \
provider "</span> + <span style="color:rgb(32,32,32)">cipher</span>.<span \
style="color:rgb(32,32,32)">getProvider</span>());</div><div> }</div> <div> \
<span style="color:rgb(128,128,128)">@TearDown</span>(<span \
style="color:rgb(32,32,32)">Level</span>.<span \
style="color:rgb(32,32,32)">Trial</span>)</div><div> <span \
style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(9,30,66);font-weight:bold">void</span> <span \
style="color:rgb(32,32,32)">tearDown</span>() {</div><div> <span \
style="color:rgb(32,32,32)">Security</span>.<span \
style="color:rgb(32,32,32)">removeProvider</span>(<span \
style="color:rgb(32,32,32)">BouncyCastleFipsProvider</span>.<span \
style="color:rgb(32,32,32)">PROVIDER_NAME</span>);</div><div> }</div> <div> \
<span style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(9,30,66);font-weight:bold">byte</span>[] <span \
style="color:rgb(32,32,32)">encryptData</span>(<span \
style="color:rgb(9,30,66);font-weight:bold">byte</span>[] <span \
style="color:rgb(32,32,32)">data</span>) <span \
style="color:rgb(9,30,66);font-weight:bold">throws</span> <span \
style="color:rgb(32,32,32)">InvalidKeyException</span>, <span \
style="color:rgb(32,32,32)">IllegalBlockSizeException</span>, <span \
style="color:rgb(32,32,32)">BadPaddingException</span> {</div><div> <span \
style="color:rgb(32,32,32)">cipher</span>.<span \
style="color:rgb(32,32,32)">init</span>(<span \
style="color:rgb(32,32,32)">Cipher</span>.<span \
style="color:rgb(32,32,32)">ENCRYPT_MODE</span>, <span \
style="color:rgb(32,32,32)">aesKey</span>);</div><div> <span \
style="color:rgb(9,30,66);font-weight:bold">return</span> <span \
style="color:rgb(32,32,32)">cipher</span>.<span \
style="color:rgb(32,32,32)">doFinal</span>(<span \
style="color:rgb(32,32,32)">data</span>);</div><div> }</div> <div> <span \
style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(32,32,32)">String</span> <span \
style="color:rgb(32,32,32)">decryptData</span>(<span \
style="color:rgb(9,30,66);font-weight:bold">byte</span>[] <span \
style="color:rgb(32,32,32)">encryptedData</span>) <span \
style="color:rgb(9,30,66);font-weight:bold">throws</span> <span \
style="color:rgb(32,32,32)">IllegalBlockSizeException</span>, <span \
style="color:rgb(32,32,32)">BadPaddingException</span>, <span \
style="color:rgb(32,32,32)">InvalidKeyException</span> {</div><div> <span \
style="color:rgb(32,32,32)">cipher</span>.<span \
style="color:rgb(32,32,32)">init</span>(<span \
style="color:rgb(32,32,32)">Cipher</span>.<span \
style="color:rgb(32,32,32)">DECRYPT_MODE</span>, <span \
style="color:rgb(32,32,32)">aesKey</span>);</div><div> <span \
style="color:rgb(9,30,66);font-weight:bold">return</span> <span \
style="color:rgb(9,30,66);font-weight:bold">new</span> <span \
style="color:rgb(32,32,32)">String</span>(<span \
style="color:rgb(32,32,32)">cipher</span>.<span \
style="color:rgb(32,32,32)">doFinal</span>(<span \
style="color:rgb(32,32,32)">encryptedData</span>));</div><div> \
}</div><div>}
---------
<div style="line-height:20px"><div><span \
style="color:rgb(128,128,128)">@State</span>(<span \
style="color:rgb(32,32,32)">Scope</span>.<span \
style="color:rgb(32,32,32)">Benchmark</span>)</div><div><span \
style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(9,30,66);font-weight:bold">class</span> <span \
style="color:rgb(32,32,32)">NonFipsExecutionPlan</span> {</div><div> <span \
style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(32,32,32)">Cipher</span> <span \
style="color:rgb(32,32,32)">cipher</span>;</div> <div> <span \
style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(32,32,32)">KeyGenerator</span> <span \
style="color:rgb(32,32,32)">keyGen</span>;</div> <div> <span \
style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(32,32,32)">SecretKey</span> <span \
style="color:rgb(32,32,32)">aesKey</span>;</div> <div> <span \
style="color:rgb(128,128,128)">@Setup</span>(<span \
style="color:rgb(32,32,32)">Level</span>.<span \
style="color:rgb(32,32,32)">Trial</span>)</div><div> <span \
style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(9,30,66);font-weight:bold">void</span> <span \
style="color:rgb(32,32,32)">setUp</span>() <span \
style="color:rgb(9,30,66);font-weight:bold">throws</span> <span \
style="color:rgb(32,32,32)">NoSuchPaddingException</span>, <span \
style="color:rgb(32,32,32)">NoSuchAlgorithmException</span> {</div><div> <span \
style="color:rgb(32,32,32)">keyGen</span> = <span \
style="color:rgb(32,32,32)">KeyGenerator</span>.<span \
style="color:rgb(32,32,32)">getInstance</span>(<span \
style="color:rgb(191,38,0)">"AES"</span>);</div><div> <span \
style="color:rgb(32,32,32)">keyGen</span>.<span \
style="color:rgb(32,32,32)">init</span>(<span \
style="color:rgb(101,84,192)">256</span>);</div><div> <span \
style="color:rgb(32,32,32)">System</span>.<span \
style="color:rgb(32,32,32)">out</span>.<span \
style="color:rgb(32,32,32)">println</span>(<span style="color:rgb(191,38,0)">"key gen \
provider "</span> + <span style="color:rgb(32,32,32)">keyGen</span>.<span \
style="color:rgb(32,32,32)">getProvider</span>());</div> <div> <span \
style="color:rgb(32,32,32)">aesKey</span> = <span \
style="color:rgb(9,30,66);font-weight:bold">new</span> <span \
style="color:rgb(32,32,32)">SecretKeySpec</span>(<span \
style="color:rgb(32,32,32)">keyGen</span>.<span \
style="color:rgb(32,32,32)">generateKey</span>().<span \
style="color:rgb(32,32,32)">getEncoded</span>(), <span \
style="color:rgb(191,38,0)">"AES"</span>);</div><div> <span \
style="color:rgb(32,32,32)">cipher</span> = <span \
style="color:rgb(32,32,32)">Cipher</span>.<span \
style="color:rgb(32,32,32)">getInstance</span>(<span \
style="color:rgb(191,38,0)">"AES"</span>);</div><div> <span \
style="color:rgb(32,32,32)">System</span>.<span \
style="color:rgb(32,32,32)">out</span>.<span \
style="color:rgb(32,32,32)">println</span>(<span style="color:rgb(191,38,0)">"cipher \
provider "</span> + <span style="color:rgb(32,32,32)">cipher</span>.<span \
style="color:rgb(32,32,32)">getProvider</span>());</div><div> }</div> <div> \
<span style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(9,30,66);font-weight:bold">byte</span>[] <span \
style="color:rgb(32,32,32)">encryptData</span>(<span \
style="color:rgb(9,30,66);font-weight:bold">byte</span>[] <span \
style="color:rgb(32,32,32)">data</span>) <span \
style="color:rgb(9,30,66);font-weight:bold">throws</span> <span \
style="color:rgb(32,32,32)">InvalidKeyException</span>, <span \
style="color:rgb(32,32,32)">IllegalBlockSizeException</span>, <span \
style="color:rgb(32,32,32)">BadPaddingException</span> {</div><div> <span \
style="color:rgb(32,32,32)">cipher</span>.<span \
style="color:rgb(32,32,32)">init</span>(<span \
style="color:rgb(32,32,32)">Cipher</span>.<span \
style="color:rgb(32,32,32)">ENCRYPT_MODE</span>, <span \
style="color:rgb(32,32,32)">aesKey</span>);</div><div> <span \
style="color:rgb(9,30,66);font-weight:bold">return</span> <span \
style="color:rgb(32,32,32)">cipher</span>.<span \
style="color:rgb(32,32,32)">doFinal</span>(<span \
style="color:rgb(32,32,32)">data</span>);</div><div> }</div> <div> <span \
style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(32,32,32)">String</span> <span \
style="color:rgb(32,32,32)">decryptData</span>(<span \
style="color:rgb(9,30,66);font-weight:bold">byte</span>[] <span \
style="color:rgb(32,32,32)">encryptedData</span>) <span \
style="color:rgb(9,30,66);font-weight:bold">throws</span> <span \
style="color:rgb(32,32,32)">IllegalBlockSizeException</span>, <span \
style="color:rgb(32,32,32)">BadPaddingException</span>, <span \
style="color:rgb(32,32,32)">InvalidKeyException</span> {</div><div> <span \
style="color:rgb(32,32,32)">cipher</span>.<span \
style="color:rgb(32,32,32)">init</span>(<span \
style="color:rgb(32,32,32)">Cipher</span>.<span \
style="color:rgb(32,32,32)">DECRYPT_MODE</span>, <span \
style="color:rgb(32,32,32)">aesKey</span>);</div><div> <span \
style="color:rgb(9,30,66);font-weight:bold">return</span> <span \
style="color:rgb(9,30,66);font-weight:bold">new</span> <span \
style="color:rgb(32,32,32)">String</span>(<span \
style="color:rgb(32,32,32)">cipher</span>.<span \
style="color:rgb(32,32,32)">doFinal</span>(<span \
style="color:rgb(32,32,32)">encryptedData</span>));</div><div> \
}</div><div>}</div></div></div><div> </div><div>------
<div style="line-height:20px"><div><span \
style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(9,30,66);font-weight:bold">class</span> <span \
style="color:rgb(32,32,32)">EncryptionBenchmark</span> {</div> <div> <span \
style="color:rgb(128,128,128)">@Benchmark</span></div><div> <span \
style="color:rgb(128,128,128)">@BenchmarkMode</span>(<span \
style="color:rgb(32,32,32)">Mode</span>.<span \
style="color:rgb(32,32,32)">Throughput</span>)</div><div> <span \
style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(9,30,66);font-weight:bold">void</span> <span \
style="color:rgb(32,32,32)">fipsBcProviderEncryption</span>(<span \
style="color:rgb(32,32,32)">BcFipsExecutionPlan</span> <span \
style="color:rgb(32,32,32)">plan</span>) <span \
style="color:rgb(9,30,66);font-weight:bold">throws</span> <span \
style="color:rgb(32,32,32)">IllegalBlockSizeException</span>, <span \
style="color:rgb(32,32,32)">BadPaddingException</span>, <span \
style="color:rgb(32,32,32)">InvalidKeyException</span> {</div><div> <span \
style="color:rgb(32,32,32)">String</span> <span \
style="color:rgb(32,32,32)">sampleText</span> = <span \
style="color:rgb(191,38,0)">"sample text to encrypt"</span>;</div><div> <span \
style="color:rgb(9,30,66);font-weight:bold">byte</span>[] <span \
style="color:rgb(32,32,32)">encrypted</span> = <span \
style="color:rgb(32,32,32)">plan</span>.<span \
style="color:rgb(32,32,32)">encryptData</span>(<span \
style="color:rgb(32,32,32)">sampleText</span>.<span \
style="color:rgb(32,32,32)">getBytes</span>(<span \
style="color:rgb(32,32,32)">StandardCharsets</span>.<span \
style="color:rgb(32,32,32)">UTF_8</span>));</div><div> <span \
style="color:rgb(32,32,32)">String</span> <span \
style="color:rgb(32,32,32)">decrypted</span> = <span \
style="color:rgb(32,32,32)">plan</span>.<span \
style="color:rgb(32,32,32)">decryptData</span>(<span \
style="color:rgb(32,32,32)">encrypted</span>);</div><div> <span \
style="color:rgb(9,30,66);font-weight:bold">if</span>(!<span \
style="color:rgb(32,32,32)">sampleText</span>.<span \
style="color:rgb(32,32,32)">equals</span>(<span \
style="color:rgb(32,32,32)">decrypted</span>)) {</div><div> <span \
style="color:rgb(9,30,66);font-weight:bold">throw</span> <span \
style="color:rgb(9,30,66);font-weight:bold">new</span> <span \
style="color:rgb(32,32,32)">RuntimeException</span>(<span \
style="color:rgb(191,38,0)">"decryption failure "</span> + <span \
style="color:rgb(32,32,32)">decrypted</span>);</div><div> }</div><div> \
}</div> <div> <span style="color:rgb(128,128,128)">@Benchmark</span></div><div> \
<span style="color:rgb(128,128,128)">@BenchmarkMode</span>(<span \
style="color:rgb(32,32,32)">Mode</span>.<span \
style="color:rgb(32,32,32)">Throughput</span>)</div><div> <span \
style="color:rgb(9,30,66);font-weight:bold">public</span> <span \
style="color:rgb(9,30,66);font-weight:bold">void</span> <span \
style="color:rgb(32,32,32)">nonfipsEncryption</span>(<span \
style="color:rgb(32,32,32)">NonFipsExecutionPlan</span> <span \
style="color:rgb(32,32,32)">plan</span>) <span \
style="color:rgb(9,30,66);font-weight:bold">throws</span> <span \
style="color:rgb(32,32,32)">IllegalBlockSizeException</span>, <span \
style="color:rgb(32,32,32)">BadPaddingException</span>, <span \
style="color:rgb(32,32,32)">InvalidKeyException</span> {</div><div> <span \
style="color:rgb(32,32,32)">String</span> <span \
style="color:rgb(32,32,32)">sampleText</span> = <span \
style="color:rgb(191,38,0)">"sample text to encrypt"</span>;</div><div> <span \
style="color:rgb(9,30,66);font-weight:bold">byte</span>[] <span \
style="color:rgb(32,32,32)">encrypted</span> = <span \
style="color:rgb(32,32,32)">plan</span>.<span \
style="color:rgb(32,32,32)">encryptData</span>(<span \
style="color:rgb(32,32,32)">sampleText</span>.<span \
style="color:rgb(32,32,32)">getBytes</span>(<span \
style="color:rgb(32,32,32)">StandardCharsets</span>.<span \
style="color:rgb(32,32,32)">UTF_8</span>));</div><div> <span \
style="color:rgb(32,32,32)">String</span> <span \
style="color:rgb(32,32,32)">decrypted</span> = <span \
style="color:rgb(32,32,32)">plan</span>.<span \
style="color:rgb(32,32,32)">decryptData</span>(<span \
style="color:rgb(32,32,32)">encrypted</span>);</div><div> <span \
style="color:rgb(9,30,66);font-weight:bold">if</span>(!<span \
style="color:rgb(32,32,32)">sampleText</span>.<span \
style="color:rgb(32,32,32)">equals</span>(<span \
style="color:rgb(32,32,32)">decrypted</span>)) {</div><div> <span \
style="color:rgb(9,30,66);font-weight:bold">throw</span> <span \
style="color:rgb(9,30,66);font-weight:bold">new</span> <span \
style="color:rgb(32,32,32)">RuntimeException</span>(<span \
style="color:rgb(191,38,0)">"decryption failure "</span> + <span \
style="color:rgb(32,32,32)">decrypted</span>);</div><div> }</div><div> \
}</div><div>}</div></div></div></div></div></div> </div>
</div>
</div>
</blockquote>
</div>
</div>
</blockquote>
<p><br>
</p>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic