(pulsar) branch branch-3.0 updated: [improve][misc] Improve AES-GCM cipher performance (#23122)

Mon, 05 Aug 2024 22:45:53 -0700 

This is an automated email from the ASF dual-hosted git repository.

technoboy pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-3.0 by this push:
     new 354a9f02aa0 [improve][misc] Improve AES-GCM cipher performance (#23122)
354a9f02aa0 is described below

commit 354a9f02aa00feab370c48070896df1729582b83
Author: Okada Haruki <[email protected]>
AuthorDate: Mon Aug 5 17:41:54 2024 +0900

    [improve][misc] Improve AES-GCM cipher performance (#23122)
---
 .../pulsar/client/impl/crypto/MessageCryptoBc.java      | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git 
a/pulsar-client-messagecrypto-bc/src/main/java/org/apache/pulsar/client/impl/crypto/MessageCryptoBc.java
 
b/pulsar-client-messagecrypto-bc/src/main/java/org/apache/pulsar/client/impl/crypto/MessageCryptoBc.java
index 146f066ae2c..a47d19c2833 100644
--- 
a/pulsar-client-messagecrypto-bc/src/main/java/org/apache/pulsar/client/impl/crypto/MessageCryptoBc.java
+++ 
b/pulsar-client-messagecrypto-bc/src/main/java/org/apache/pulsar/client/impl/crypto/MessageCryptoBc.java
@@ -89,9 +89,9 @@ public class MessageCryptoBc implements 
MessageCrypto<MessageMetadata, MessageMe
 
     // Ideally the transformation should also be part of the message property. 
This will prevent client
     // from assuming hardcoded value. However, it will increase the size of 
the message even further.
-    private static final String RSA_TRANS = 
"RSA/NONE/OAEPWithSHA1AndMGF1Padding";
-    private static final String AESGCM = "AES/GCM/NoPadding";
-
+    public static final String RSA_TRANS = 
"RSA/NONE/OAEPWithSHA1AndMGF1Padding";
+    public static final String AESGCM = "AES/GCM/NoPadding";
+    private static final String AESGCM_PROVIDER_NAME;
     private static KeyGenerator keyGenerator;
     private static final int tagLen = 16 * 8;
     private byte[] iv = new byte[IV_LEN];
@@ -121,6 +121,15 @@ public class MessageCryptoBc implements 
MessageCrypto<MessageMetadata, MessageMe
         // Initial seed
         secureRandom.nextBytes(new byte[IV_LEN]);
 
+        // Prefer SunJCE provider for AES-GCM for performance reason.
+        // For cases where SunJCE is not available (e.g. non-hotspot JVM), use 
BouncyCastle as fallback.
+        String sunJceProviderName = "SunJCE";
+        if (Security.getProvider(sunJceProviderName) != null) {
+            AESGCM_PROVIDER_NAME = sunJceProviderName;
+        } else {
+            AESGCM_PROVIDER_NAME = BouncyCastleProvider.PROVIDER_NAME;
+        }
+
         // Add provider only if it's not in the JVM
         if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
             Security.addProvider(new BouncyCastleProvider());
@@ -143,7 +152,7 @@ public class MessageCryptoBc implements 
MessageCrypto<MessageMetadata, MessageMe
 
         try {
 
-            cipher = Cipher.getInstance(AESGCM, 
BouncyCastleProvider.PROVIDER_NAME);
+            cipher = Cipher.getInstance(AESGCM, AESGCM_PROVIDER_NAME);
             // If keygen is not needed(e.g: consumer), data key will be 
decrypted from the message
             if (!keyGenNeeded) {

Reply via email to