問題描述

Oracle 在 AES-NI 方面對 Java 8 有這樣的看法:

Oracle has this to say about Java 8 with regards to AES-NI:

添加了硬件內部函數以使用高級加密標準(AES).UseAES 和 UseAESIntrinsics 標志可用于啟用英特爾硬件的基于硬件的 AES 內在函數.硬件必須是 2010 年或更新的 Westmere 硬件.例如，要啟用硬件 AES，使用以下標志:

Hardware intrinsics were added to use Advanced Encryption Standard (AES). The UseAES and UseAESIntrinsics flags are available to enable the hardware-based AES intrinsics for Intel hardware. The hardware must be 2010 or newer Westmere hardware. For example, to enable hardware AES, use the following flags:

-XX:+UseAES -XX:+UseAESIntrinsics

要禁用硬件 AES，請使用以下標志:

To disable hardware AES use the following flags:

-XX:-UseAES -XX:-UseAESIntrinsics

但它并不表示默認情況下是否啟用 AES 內在函數(對于支持它的處理器).所以問題很簡單:如果處理器支持 AES-NI，是否使用 AES 內部函數?

But it does not indicate if AES intrinsics are enabled by default (for processors that support it). So the question is simple: if the processor supports AES-NI, are AES intrinsics used?

額外問題:有什么方法可以測試是否使用了 AES-NI?我想您可以根據性能進行猜測，但這不是最佳或肯定的測試方式.

Bonus question: is there any way to test if AES-NI is being used? I guess you can guess based on performance, but that's not an optimal or sure fire way of testing.

對于不熟悉 AES-NI 內在函數的讀者:它使用 AES-NI 指令集將字節碼替換為預編譯的機器代碼.這是由 JVM 發生的，因此它不會出現在 Java 運行時的 API 或字節碼中.

For readerS that are not familiar with AES-NI intrinsics: it's replacing byte code with pre-compiled machine code, using the AES-NI instruction set. This happens by the JVM, so it does not show up in the API of the Java runtime or bytecode.

推薦答案

該標志默認為true，如果檢測失敗將設置為false，因此可以簡單地使用+PrintFlagsFinal來查看是否使用:

The flag has a default of true and it will be set to false if the detection fails, so you can simply use +PrintFlagsFinal to see if it is used:

我的筆記本電腦沒有 AES-NI:

My Laptop without AES-NI:

C:>"C:Program FilesJavajdk1.7.0_51injava" -XX:+PrintFlagsFinal -version | find "UseAES"
     bool UseAES                                    = false           {product}
     bool UseAESIntrinsics                          = false           {product}
java version "1.7.0_51"
Java(TM) SE Runtime Environment (build 1.7.0_51-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.51-b03, mixed mode)

在桌面上相同使用 AES-NI:

Same on Desktop with AES-NI:

C:>"C:Program FilesJavajdk7injava" -XX:+PrintFlagsFinal -version | find "AES"
     bool UseAES                                    = true            {product}
     bool UseAESIntrinsics                          = true            {product}

java version "1.7.0_51"
Java(TM) SE Runtime Environment (build 1.7.0_51-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.51-b03, mixed mode)

C:>"C:Program Files (x86)Javajre7injava" -XX:+PrintFlagsFinal -version | find "AES"
     bool UseAES                                    = true            {product}
     bool UseAESIntrinsics                          = true            {product}

java version "1.7.0_51"
Java(TM) SE Runtime Environment (build 1.7.0_51-b13)
Java HotSpot(TM) Client VM (build 24.51-b03, mixed mode, sharing)

因此，它適用于最新 Java 7 的 x64 和 i686 (WOW64).該功能是通過 https://bugs.openjdk.java.net/browse/JDK-7184394 并向后移植到 7u40 和 7u45.

So, it works for both x64 and i686 (WOW64) with recent Java 7. The feature was introduced with https://bugs.openjdk.java.net/browse/JDK-7184394 and backported to 7u40 and 7u45.

重要提示:AES-NI 可能僅在服務器虛擬機上可用.

Important: AES-NI may only be available on the server VM.

在提交錯誤報告后，Oracle 承認了這一點.當他們創建引入它的 Java 8 的功能列表時，這條重要的信息丟失了(后來它也被向后移植到 7).服務器 VM 可以通過在 java 或 javaw 命令行上提供 -server 選項來顯式選擇.

This was acknowledged by Oracle after a bug report was filed. This vital piece of information was missing when they created the featues list of Java 8 where it was introduced (it later got backported to 7 as well). The server VM can be explicitly choosen by providing the -server option on the java or javaw command line.

這篇關于默認情況下啟用 AES-NI 內在函數?的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！