armv8crypto: add AES-XTS support
ClosedPublic
Actions

Authored by val_packett.cool on Jul 21 2019, 7:19 PM.

Details

Reviewers

jmg
andrew
emaste
jhb

Group Reviewers

arm64
Contributor Reviews (src)

Commits

rG4979620ece98: armv8crypto: add AES-XTS support

Summary

Straightforward(ish) port from aesni, without unrolling (block8).

Quick speed test: dd if=/dev/zero of=/dev/md0.eli bs=1m reports ~385 MB/s instead of ~60 MB/s on a Cortex-A72 @ 2GHz (Marvell Armada8k).

Test Plan

Tested with opencrypto tests. (D21018 enables them on aarch64)

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

val_packett.cool created this revision.Jul 21 2019, 7:19 PM

Herald added a reviewer: jmg. · View Herald TranscriptJul 21 2019, 7:19 PM

Herald added subscribers: andrew, imp. · View Herald Transcript

val_packett.cool added a parent revision: D21012: armv8crypto: add missing unlock for session (fix "sleeping thread owns a non-sleepable lock").Jul 21 2019, 7:19 PM

val_packett.cool mentioned this in D21018: tests/sys/opencrypto: enable armv8crypto.Jul 21 2019, 7:28 PM

val_packett.cool edited the test plan for this revision. (Show Details)

val_packett.cool added a reviewer: andrew.

manu added a subscriber: manu.Jul 21 2019, 7:50 PM

manu added inline comments.

sys/crypto/armv8/armv8_crypto.c
188	Why did you change the argument here ? You have the key and the key length in the struct cryptoini

val_packett.cool added inline comments.Jul 21 2019, 7:55 PM

sys/crypto/armv8/armv8_crypto.c
188	Look at the calls — in the `CRD_F_KEY_EXPLICIT` case, instead of `cryptoini`, we have `cryptodesc`. This is how `aesni` deals with this.

lwhsu added a subscriber: lwhsu.Jul 22 2019, 2:13 PM

val_packett.cool added a reviewer: emaste.Sep 15 2019, 12:57 PM

Rebased on top of the crypto rework that just landed (D23677). Implemented crp->crp_cipher_key handling.

val_packett.cool edited the summary of this revision. (Show Details)Apr 1 2020, 10:45 AM

val_packett.cool added a subscriber: emaste.

ping

dan.kotowski_a9development.com added a subscriber: dan.kotowski_a9development.com.May 21 2020, 10:42 AM

I'm sorry that this is taking a while to get reviewed. I'd like to help get it in. Would be willing to rebase the patch and re-upload? It doesn't apply for me.

gbe added a subscriber: gbe.Jun 25 2020, 3:14 PM

Looks fine. You should look at unrolling the loop to 3 or 4 rounds. Looking at the A72 optimization guide, it shows that there is a 3 cycle latency, but throughput of 1. Section 4.10 gives example showing three pairs to achieve max perf.

A72 opt guide:
https://developer.arm.com/documentation/uan0016/a

allanjude added reviewers: cem, jhb.Jul 17 2020, 4:38 PM

cem resigned from this revision.Jul 17 2020, 4:41 PM

It would also be good to test with 'cryptocheck -a all -d armv8crypto0 -z' though the NIST KAT are probably sufficient coverage already for XTS.

cem removed a reviewer: cem.Jul 17 2020, 6:23 PM