8371820: Further AES performance improvements for key schedule generation

Author: TheRealMDoerr

src/hotspot/share/opto/library_call.cpp

@@ -7479,13 +7479,8 @@ Node * LibraryCallKit::get_key_start_from_aescrypt_object(Node *aescrypt_object)
   // MixColumns for decryption can be reduced by preprocessing MixColumns with round keys.
   // Intel's extension is based on this optimization and AESCrypt generates round keys by preprocessing MixColumns.
   // However, ppc64 vncipher processes MixColumns and requires the same round keys with encryption.
-  // The ppc64 and riscv64 stubs of encryption and decryption use the same round keys (sessionK[0]).
-  Node* objSessionK = load_field_from_object(aescrypt_object, "sessionK", "[[I");
-  assert (objSessionK != nullptr, "wrong version of com.sun.crypto.provider.AES_Crypt");
-  if (objSessionK == nullptr) {
-    return (Node *) nullptr;
-  }
-  Node* objAESCryptKey = load_array_element(objSessionK, intcon(0), TypeAryPtr::OOPS, /* set_ctrl */ true);
+  // The ppc64, s390 and riscv64 stubs of encryption and decryption use the same round keys.
+  Node* objAESCryptKey = load_field_from_object(aescrypt_object, "sessionKe", "[I");
 #else
   Node* objAESCryptKey = load_field_from_object(aescrypt_object, "K", "[I");
 #endif // PPC64

src/java.base/share/classes/com/sun/crypto/provider/AES_Crypt.java

@@ -54,11 +54,12 @@ final class AES_Crypt extends SymmetricCipher {
     private int rounds;
     private byte[] prevKey = null;
 
-    // Following two attributes are specific to Intrinsics where sessionK is
-    // used for PPC64, S390, and RISCV64 architectures, whereas K is used for
-    // everything else.
-    private int[][] sessionK = null;
-    private int[] K = null;
+    // Following attribute is specific to Intrinsics where the unprocessed
+    // key is used for PPC64, S390, and RISCV64 architectures, whereas K is
+    // used for everything else.
+    private int[] sessionKe = null; // key for encryption
+    private int[] sessionKd = null; // preprocessed key for decryption
+    private int[] K = null; // preprocessed key in case of decryption
 
     // Round constant
     private static final int[] RCON = {
@@ -904,7 +905,6 @@ static boolean isKeySizeValid(int len) {
      */
     void init(boolean decrypting, String algorithm, byte[] key)
             throws InvalidKeyException {
-        int decrypt = decrypting ? 1 : 0;
 
         if (!algorithm.equalsIgnoreCase("AES")
                 && !algorithm.equalsIgnoreCase("Rijndael")) {
@@ -920,21 +920,30 @@ void init(boolean decrypting, String algorithm, byte[] key)
             throw new InvalidKeyException("Invalid key length (" + key.length
                     + ").");
         }
+
         if (!MessageDigest.isEqual(prevKey, key)) {
-            if (sessionK == null) {
-                sessionK = new int[2][];
-            } else {
-                Arrays.fill(sessionK[0], 0);
-                Arrays.fill(sessionK[1], 0);
+            if (sessionKe != null) {
+                Arrays.fill(sessionKe, 0);
+            }
+            sessionKe = genRoundKeys(key, rounds);
+            if (sessionKd != null) {
+                Arrays.fill(sessionKd, 0);
+                sessionKd = null;
             }
-            sessionK[0] = genRoundKeys(key, rounds);
-            sessionK[1] = genInvRoundKeys(sessionK[0], rounds);
             if (prevKey != null) {
                 Arrays.fill(prevKey, (byte) 0);
             }
             prevKey = key.clone();
         }
-        K = sessionK[decrypt];
+
+        if (decrypting) {
+            if (sessionKd == null) {
+                sessionKd = genInvRoundKeys(sessionKe, rounds);
+            }
+            K = sessionKd;
+        } else {
+            K = sessionKe;
+        }
     }
 
     /**