Page MenuHomeFreeBSD

armv8crypto: add AES-XTS support

Authored by on Jul 21 2019, 7:19 PM.
Referenced Files
Unknown Object (File)
Oct 29 2023, 5:31 PM
Unknown Object (File)
Oct 29 2023, 5:31 PM
Unknown Object (File)
Oct 29 2023, 5:31 PM
Unknown Object (File)
Oct 29 2023, 5:30 PM
Unknown Object (File)
Oct 28 2023, 8:32 AM
Unknown Object (File)
Oct 19 2023, 5:24 PM
Unknown Object (File)
Sep 20 2023, 4:44 AM
Unknown Object (File)
Sep 17 2023, 10:54 AM



Straightforward(ish) port from aesni, without unrolling (block8).

Quick speed test: dd if=/dev/zero of=/dev/md0.eli bs=1m reports ~385 MB/s instead of ~60 MB/s on a Cortex-A72 @ 2GHz (Marvell Armada8k).

Test Plan

Tested with opencrypto tests. (D21018 enables them on aarch64)

Diff Detail

rG FreeBSD src repository
Lint Not Applicable
Tests Not Applicable

Event Timeline

manu added inline comments.

Why did you change the argument here ?
You have the key and the key length in the struct cryptoini


Look at the calls — in the CRD_F_KEY_EXPLICIT case, instead of cryptoini, we have cryptodesc. This is how aesni deals with this. edited the summary of this revision. (Show Details)

Rebased on top of the crypto rework that just landed (D23677). Implemented crp->crp_cipher_key handling.

I'm sorry that this is taking a while to get reviewed. I'd like to help get it in. Would be willing to rebase the patch and re-upload? It doesn't apply for me.

Looks fine. You should look at unrolling the loop to 3 or 4 rounds. Looking at the A72 optimization guide, it shows that there is a 3 cycle latency, but throughput of 1. Section 4.10 gives example showing three pairs to achieve max perf.

A72 opt guide:

It would also be good to test with 'cryptocheck -a all -d armv8crypto0 -z' though the NIST KAT are probably sufficient coverage already for XTS.


I was able to rebase this patch with some very minor tweaks, and verify the results using both cryptocheck and

Are there any remaining concerns with the patch? I would like to see this committed in the near future.

I haven't reviewed the actual XTS bits in armv8_crypto_wrap.c, but the rest all looks good to me.

This revision was not accepted when it landed; it landed in state Needs Review.Jan 7 2021, 7:37 PM
This revision was automatically updated to reflect the committed changes.