Improve AesGcmSiv Aead performance by optimizing classpath check

[ks-yim]

Motivation:

Aead implementation for AesGcmSiv checks if GCMParameterSpec class exists in classpath by invoking Class#forName method whenever data gets encrypted or decrypted.

A benchmark on AesGcmSiv claims that Class#forName accounts for 4-5% of the total CPU cycles consumed for data en/decryption and 12% or more throughput gain can be obtained by optimizing away the Class#forName method invocation.

Modification:

Cache the result of the classpath check in AesGcmSiv

BM Results:

• BM Code

• Run on:

  • MacBook Pro (16-inch, 2021) Apple M1 Pro 32GB, MacOS Monterey version 12.6.2
  • Used Conscrypt custom build based on 3051cda to utilize AES-NI on Apple Silicon

• Before

  # JMH version: 1.35
  # VM version: JDK 11.0.17, OpenJDK 64-Bit Server VM, 11.0.17+8
  # VM invoker: /Users/ks-yim/.sdkman/candidates/java/11.0.17-tem/bin/java
  # VM options: -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/Users/ks-yim/IdeaProjects/tink-bm/build/tmp/jmh - 
  Duser.country=KR -Duser.language=en -Duser.variant
  # Blackhole mode: full + dont-inline hint (auto-detected, use -Djmh.blackhole.autoDetect=false to disable)
  # Warmup: 1 iterations, 10 s each
  # Measurement: 1 iterations, 10 s each
  # Timeout: 10 min per iteration
  # Threads: 8 threads, will synchronize iterations
  # Benchmark mode: Throughput, ops/time
  # Benchmark: com.example.tink.bm.AesGcmSivBenchmark.conscrypt_encrypt
  
  Benchmark                                             Mode  Cnt       Score   Error  Units
  AesGcmSivBenchmark.bc_decrypt                        thrpt       140397.856          ops/s
  AesGcmSivBenchmark.bc_encrypt                        thrpt       161178.303          ops/s
  AesGcmSivBenchmark.conscrypt_decrypt                 thrpt       487751.715          ops/s
  AesGcmSivBenchmark.conscrypt_encrypt                 thrpt       462492.430          ops/s
  

• After

  Benchmark                                             Mode  Cnt       Score   Error  Units
  AesGcmSivBenchmark.bc_decrypt                        thrpt       168118.773          ops/s
  AesGcmSivBenchmark.bc_encrypt                        thrpt       172307.366          ops/s
  AesGcmSivBenchmark.conscrypt_decrypt                 thrpt       546720.978          ops/s
  AesGcmSivBenchmark.conscrypt_encrypt                 thrpt       551282.859          ops/s
  

CPU Profiling Result:

• Encryption

  • Before
    

  • After
    

• Decryption

  • Before
    

  • After
    

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[tholenst]

I think this is slightly easier to understand if you just do:

private static final boolean HAS_GCM_PARAMETER_SPEC_CLASS = checkForGCMParameterSpec();

private static final boolean checkForGCMParameterSpec() {
try {
Class.forName("javax.crypto.spec.GCMParameterSpec");
} catch (ClassNotFoundException e) {
return false;
}
return true;
}

WDYT?

[ks-yim]

Sorry for the late response.

No objection to it. I will send a new commit!

[ks-yim]

Fixed it, PTAL 🙏.

[tholenst]

Thank you. I will try to merge this but still have to see if I figure out how we set this up. Please ping me if it didn't work.

[ks-yim]

@tholenst Thanks for reviewing this, but I didn't get you in the last sentence.
Should I do something and let you know the result if it doesn't work?

[tholenst]

Sorry for being unclear.

I am working on merging this, but the process works in some predefined way interacting with the Google-internal repository. I do not have experience with the process, so it might happen that it doesn't work and I forget about it.

It should be merged on Monday, if it didn't work I made a mistake and I would welcome a reminder.

[tholenst]

Hmm, it seems this was now merged, but it was not associated with this PR, see f7ba536

Nevertheless, it seems it's correctly associated with you -- at least the commit seems to show up on your stats. I guess like this it's no big deal? WDYT?

[ks-yim]

@tholenst thanks for working on this, I will close the PR, then.