define KernelPackage/crypto-hw-eip93
TITLE:=MTK EIP93 crypto module
- DEPENDS:=@TARGET_ramips_mt7621 \
+ DEPENDS:=@(TARGET_ramips_mt7621||TARGET_airoha) \
+kmod-crypto-authenc \
+kmod-crypto-des \
+kmod-crypto-md5 \
KCONFIG:= \
CONFIG_CRYPTO_HW=y \
CONFIG_CRYPTO_DEV_EIP93 \
- CONFIG_CRYPTO_DEV_EIP93_AES=y \
- CONFIG_CRYPTO_DEV_EIP93_DES=y \
- CONFIG_CRYPTO_DEV_EIP93_AEAD=y \
+ CONFIG_CRYPTO_DEV_EIP93_AES=y@lt6.18 \
+ CONFIG_CRYPTO_DEV_EIP93_DES=y@lt6.18 \
+ CONFIG_CRYPTO_DEV_EIP93_AEAD=y@lt6.18 \
CONFIG_CRYPTO_DEV_EIP93_GENERIC_SW_MAX_LEN=256 \
CONFIG_CRYPTO_DEV_EIP93_AES_128_SW_MAX_LEN=512
- FILES:=$(LINUX_DIR)/drivers/crypto/mtk-eip93/crypto-hw-eip93.ko
+ FILES:=$(LINUX_DIR)/drivers/crypto/mtk-eip93/crypto-hw-eip93.ko@lt6.18 \
+ $(LINUX_DIR)/drivers/crypto/inside-secure/eip93/crypto-hw-eip93.ko@ge6.18
AUTOLOAD:=$(call AutoLoad,09,crypto-hw-eip93)
$(call AddDepends/crypto)
endef
define KernelPackage/crypto-hw-eip93/description
Kernel module to enable EIP-93 Crypto engine as found
-in the Mediatek MT7621 SoC.
+in Mediatek MT7621 and Airoha SoCs.
It enables DES/3DES/AES ECB/CBC/CTR and
IPSEC offload with authenc(hmac(sha1/sha256), aes/cbc/rfc3686)
endef
+define KernelPackage/crypto-hw-eip93/airoha
+ FILES:=$(LINUX_DIR)/drivers/crypto/inside-secure/eip93/crypto-hw-eip93.ko
+endef
+
$(eval $(call KernelPackage,crypto-hw-eip93))
define KernelPackage/crypto-kpp
--- /dev/null
+From 46d673033b7f6974d0bf5696ff8365fd412cd646 Mon Sep 17 00:00:00 2001
+From: Aviana Cruz <gwencroft@proton.me>
+Date: Mon, 20 Jun 2022 21:55:45 +0800
+Subject: [PATCH] crypto: eip93 - use AES fallback for small requests
+
+For data blocks smaller than 1024, software crypto is faster.
+
+Signed-off-by: Aviana Cruz <gwencroft@proton.me>
+---
+
+--- a/drivers/crypto/inside-secure/eip93/Kconfig
++++ b/drivers/crypto/inside-secure/eip93/Kconfig
+@@ -18,3 +18,19 @@ config CRYPTO_DEV_EIP93
+ CTR crypto. Also provide DES and 3DES ECB and CBC.
+
+ Also provide AEAD authenc(hmac(x), cipher(y)) for supported algo.
++
++config CRYPTO_DEV_EIP93_GENERIC_SW_MAX_LEN
++ int "Max skcipher software fallback length"
++ depends on CRYPTO_DEV_EIP93
++ default 256
++ help
++ Max length of crypt request which
++ will fallback to software crypt of skcipher *except* AES-128.
++
++config CRYPTO_DEV_EIP93_AES_128_SW_MAX_LEN
++ int "Max AES-128 skcipher software fallback length"
++ depends on CRYPTO_DEV_EIP93
++ default 512
++ help
++ Max length of crypt request which
++ will fallback to software crypt of AES-128 skcipher.
+--- a/drivers/crypto/inside-secure/eip93/eip93-cipher.c
++++ b/drivers/crypto/inside-secure/eip93/eip93-cipher.c
+@@ -30,6 +30,13 @@ void eip93_skcipher_handle_result(struct
+ skcipher_request_complete(req, err);
+ }
+
++static inline bool eip93_skcipher_is_fallback(const struct crypto_tfm *tfm,
++ u32 flags)
++{
++ return (tfm->__crt_alg->cra_flags & CRYPTO_ALG_NEED_FALLBACK) &&
++ !IS_RFC3686(flags);
++}
++
+ static int eip93_skcipher_send_req(struct crypto_async_request *async)
+ {
+ struct skcipher_request *req = skcipher_request_cast(async);
+@@ -52,12 +59,21 @@ static int eip93_skcipher_cra_init(struc
+ struct eip93_crypto_ctx *ctx = crypto_tfm_ctx(tfm);
+ struct eip93_alg_template *tmpl = container_of(tfm->__crt_alg,
+ struct eip93_alg_template, alg.skcipher.base);
+-
+- crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm),
+- sizeof(struct eip93_cipher_reqctx));
++ bool fallback = eip93_skcipher_is_fallback(tfm, tmpl->flags);
+
+ memset(ctx, 0, sizeof(*ctx));
+
++ if (fallback) {
++ ctx->fallback = crypto_alloc_skcipher(
++ crypto_tfm_alg_name(tfm), 0, CRYPTO_ALG_NEED_FALLBACK);
++ if (IS_ERR(ctx->fallback))
++ return PTR_ERR(ctx->fallback);
++ }
++
++ crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm),
++ sizeof(struct eip93_cipher_reqctx) + (fallback ?
++ crypto_skcipher_reqsize(ctx->fallback) : 0));
++
+ ctx->eip93 = tmpl->eip93;
+ ctx->type = tmpl->type;
+
+@@ -75,6 +91,8 @@ static void eip93_skcipher_cra_exit(stru
+ dma_unmap_single(ctx->eip93->dev, ctx->sa_record_base,
+ sizeof(*ctx->sa_record), DMA_TO_DEVICE);
+ kfree(ctx->sa_record);
++
++ crypto_free_skcipher(ctx->fallback);
+ }
+
+ static int eip93_skcipher_setkey(struct crypto_skcipher *ctfm, const u8 *key,
+@@ -117,6 +135,14 @@ static int eip93_skcipher_setkey(struct
+
+ if (flags & EIP93_ALG_AES) {
+ struct crypto_aes_ctx aes;
++ bool fallback = eip93_skcipher_is_fallback(tfm, flags);
++
++ if (fallback && !IS_RFC3686(flags)) {
++ ret = crypto_skcipher_setkey(ctx->fallback, key,
++ keylen);
++ if (ret)
++ return ret;
++ }
+
+ ctx->blksize = AES_BLOCK_SIZE;
+ ret = aes_expandkey(&aes, key, keylen);
+@@ -133,12 +159,13 @@ static int eip93_skcipher_setkey(struct
+ return 0;
+ }
+
+-static int eip93_skcipher_crypt(struct skcipher_request *req)
++static int eip93_skcipher_crypt(struct skcipher_request *req, bool encrypt)
+ {
+ struct eip93_cipher_reqctx *rctx = skcipher_request_ctx(req);
+ struct crypto_async_request *async = &req->base;
+ struct eip93_crypto_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
+ struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
++ bool fallback = eip93_skcipher_is_fallback(req->base.tfm, rctx->flags);
+ int ret;
+
+ if (!req->cryptlen)
+@@ -153,6 +180,21 @@ static int eip93_skcipher_crypt(struct s
+ crypto_skcipher_blocksize(skcipher)))
+ return -EINVAL;
+
++ if (fallback &&
++ req->cryptlen <= (AES_KEYSIZE_128 ?
++ CONFIG_CRYPTO_DEV_EIP93_AES_128_SW_MAX_LEN :
++ CONFIG_CRYPTO_DEV_EIP93_GENERIC_SW_MAX_LEN)) {
++ skcipher_request_set_tfm(&rctx->fallback_req, ctx->fallback);
++ skcipher_request_set_callback(&rctx->fallback_req,
++ req->base.flags,
++ req->base.complete,
++ req->base.data);
++ skcipher_request_set_crypt(&rctx->fallback_req, req->src,
++ req->dst, req->cryptlen, req->iv);
++ return encrypt ? crypto_skcipher_encrypt(&rctx->fallback_req) :
++ crypto_skcipher_decrypt(&rctx->fallback_req);
++ }
++
+ ctx->sa_record_base = dma_map_single(ctx->eip93->dev, ctx->sa_record,
+ sizeof(*ctx->sa_record), DMA_TO_DEVICE);
+ ret = dma_mapping_error(ctx->eip93->dev, ctx->sa_record_base);
+@@ -181,7 +223,7 @@ static int eip93_skcipher_encrypt(struct
+ rctx->flags = tmpl->flags;
+ rctx->flags |= EIP93_ENCRYPT;
+
+- return eip93_skcipher_crypt(req);
++ return eip93_skcipher_crypt(req, true);
+ }
+
+ static int eip93_skcipher_decrypt(struct skcipher_request *req)
+@@ -196,7 +238,7 @@ static int eip93_skcipher_decrypt(struct
+ rctx->flags = tmpl->flags;
+ rctx->flags |= EIP93_DECRYPT;
+
+- return eip93_skcipher_crypt(req);
++ return eip93_skcipher_crypt(req, false);
+ }
+
+ /* Available algorithms in this module */
+--- a/drivers/crypto/inside-secure/eip93/eip93-cipher.h
++++ b/drivers/crypto/inside-secure/eip93/eip93-cipher.h
+@@ -22,6 +22,7 @@ struct eip93_crypto_ctx {
+ unsigned int assoclen;
+ bool set_assoc;
+ enum eip93_alg_type type;
++ struct crypto_skcipher *fallback;
+ };
+
+ struct eip93_cipher_reqctx {
+@@ -42,6 +43,7 @@ struct eip93_cipher_reqctx {
+ int dst_nents;
+ struct sa_state *sa_state_ctr;
+ dma_addr_t sa_state_ctr_base;
++ struct skcipher_request fallback_req;
+ };
+
+ int check_valid_request(struct eip93_cipher_reqctx *rctx);
projects / thirdparty / openwrt.git / commitdiff
