ramips: add Mediatek EIP93 Crypto driver for MT7621

2025-04-15 18:03:30 +00:00 · 2022-07-08 11:07:52 +08:00 · 2022-07-08 11:07:52 +08:00 · 82118ca885
commit 82118ca885
parent 4e0fd76789
5 changed files with 221 additions and 28 deletions
--- a/package/kernel/mtk-eip93/Config.in
+++ b/package/kernel/mtk-eip93/Config.in
@ -0,0 +1,17 @@
+if PACKAGE_kmod-crypto-hw-eip93
+
+config MTK_EIP93_GENERIC_SW_MAX_LEN
+	int "Max skcipher software fallback length"
+	default 256
+	help
+		Max length of crypt request which
+		will fallback to software crypt of skcipher *except* AES-128.
+
+config MTK_EIP93_AES_128_SW_MAX_LEN
+	int "Max AES-128 skcipher software fallback length"
+	default 512
+	help
+		Max length of crypt request which
+		will fallback to software crypt of AES-128 skcipher.
+
+endif
--- a/package/kernel/mtk-eip93/Makefile
+++ b/package/kernel/mtk-eip93/Makefile
@ -1,15 +1,9 @@
-#
-# Copyright (C) 2006-2019 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
 include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=mtk-eip93
-PKG_RELEASE:=1.3
+PKG_RELEASE:=1
+
+PKG_LICENSE:=GPLv2

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/vschagen/mtk-eip93.git
@ -18,6 +12,7 @@ PKG_MIRROR_HASH:=4505ee2a175a6cf77a1a3b4fa7bf188da8f8b47894e5afa62c8cb008fbfa15e

 MAKE_PATH:=crypto/mtk-eip93

+include $(INCLUDE_DIR)/kernel.mk
 include $(INCLUDE_DIR)/package.mk

 define KernelPackage/crypto-hw-eip93
@ -32,8 +27,9 @@ define KernelPackage/crypto-hw-eip93
 	+kmod-crypto-sha1 \
 	+kmod-crypto-sha256
  TITLE:=MTK EIP93 crypto module.
-  FILES:=$(PKG_BUILD_DIR)/crypto/mtk-eip93/crypto-hw-eip93.ko
+  FILES:=$(PKG_BUILD_DIR)/$(MAKE_PATH)/crypto-hw-eip93.ko
  AUTOLOAD:=$(call AutoProbe,crypto-hw-eip93)
+  MENU:=1
 endef

 define KernelPackage/crypto-hw-eip93/description
@ -43,26 +39,29 @@ It enables DES/3DES/AES ECB/CBC/CTR and
 IPSEC offload with authenc(hmac(sha1/sha256), aes/cbc/rfc3686)
 endef

-PKG_EXTRA_KCONFIG:= \
+define KernelPackage/crypto-hw-eip93/config
+	source "$(SOURCE)/Config.in"
+endef
+
+EIP93_EXTRA_CFLAGS:= \
+	-D CONFIG_CRYPTO_DEV_EIP93_SKCIPHER=1 \
+	-D CONFIG_CRYPTO_DEV_EIP93_HMAC=1 \
+	-D CONFIG_CRYPTO_DEV_EIP93_AES=1 \
+	-D CONFIG_CRYPTO_DEV_EIP93_DES=1 \
+	-D CONFIG_CRYPTO_DEV_EIP93_AEAD=1 \
+	-D CONFIG_MTK_EIP93_GENERIC_SW_MAX_LEN=$(CONFIG_MTK_EIP93_GENERIC_SW_MAX_LEN) \
+	-D CONFIG_MTK_EIP93_AES_128_SW_MAX_LEN=$(CONFIG_MTK_EIP93_AES_128_SW_MAX_LEN)
+EIP93_MAKE_FLAGS:= \
+	EXTRA_CFLAGS="$(EIP93_EXTRA_CFLAGS)" \
 	CONFIG_CRYPTO_DEV_EIP93=m \
-	CONFIG_CRYPTO_DEV_EIP93_AEAD=y \
-	CONFIG_CRYPTO_DEV_EIP93_AES=y \
-	CONFIG_CRYPTO_DEV_EIP93_DES=y \
-	CONFIG_CRYPTO_DEV_EIP93_HMAC=y \
-	CONFIG_CRYPTO_DEV_EIP93_SKCIPHER=y
-
-PKG_EXTRA_CFLAGS:= \
-	$(patsubst CONFIG_%, -DCONFIG_%=1, $(patsubst %=y,%,$(filter %=y,$(PKG_EXTRA_KCONFIG))))
-
-MAKE_OPTS:= \
-	$(KERNEL_MAKE_FLAGS) \
-	M="$(PKG_BUILD_DIR)/crypto/mtk-eip93" \
-	$(PKG_EXTRA_KCONFIG) \
-	EXTRA_CFLAGS="$(PKG_EXTRA_CFLAGS)"
+	CONFIG_CRYPTO_DEV_EIP93_SKCIPHER=y \
+	CONFIG_CRYPTO_DEV_EIP93_AEAD=y

 define Build/Compile
-	$(MAKE) -C "$(LINUX_DIR)" \
-		$(MAKE_OPTS) \
+	$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \
+		$(KERNEL_MAKE_FLAGS) \
+		$(EIP93_MAKE_FLAGS) \
+		M="$(PKG_BUILD_DIR)/$(MAKE_PATH)" \
 		modules
 endef

--- a/package/kernel/mtk-eip93/patches/002-crypto-use-AES-fallback-for-small-requests.patch
+++ b/package/kernel/mtk-eip93/patches/002-crypto-use-AES-fallback-for-small-requests.patch
@ -0,0 +1,177 @@
+From f39ee05bedc68cf80e76c69692f87b96bf5a3b51 Mon Sep 17 00:00:00 2001
+From: Aviana Cruz <gwencroft@proton.me>
+Date: Tue, 21 Jun 2022 10:47:10 +0800
+Subject: [PATCH] crypto: use AES fallback for small requests
+
+Signed-off-by: Aviana Cruz <gwencroft@proton.me>
+---
+ crypto/mtk-eip93/eip93-aead.c   |  2 -
+ crypto/mtk-eip93/eip93-cipher.c | 66 ++++++++++++++++++++++++++++++---
+ crypto/mtk-eip93/eip93-cipher.h |  3 ++
+ 3 files changed, 63 insertions(+), 8 deletions(-)
+
+--- a/crypto/mtk-eip93/eip93-aead.c
+++ b/crypto/mtk-eip93/eip93-aead.c
+@@ -77,8 +77,6 @@ static int mtk_aead_cra_init(struct cryp
+ 	u32 flags = tmpl->flags;
+ 	char *alg_base;
+ 
+-	memset(ctx, 0, sizeof(*ctx));
+-
+ 	crypto_aead_set_reqsize(__crypto_aead_cast(tfm),
+ 			sizeof(struct mtk_cipher_reqctx));
+ 
+--- a/crypto/mtk-eip93/eip93-cipher.c
+++ b/crypto/mtk-eip93/eip93-cipher.c
+@@ -31,6 +31,13 @@ void mtk_skcipher_handle_result(struct c
+ 	skcipher_request_complete(req, err);
+ }
+ 
+static inline bool mtk_skcipher_is_fallback(const struct crypto_tfm *tfm,
+					    u32 flags)
+{
+	return (tfm->__crt_alg->cra_flags & CRYPTO_ALG_NEED_FALLBACK) &&
+	       !IS_RFC3686(flags);
+}
+
+ static int mtk_skcipher_send_req(struct crypto_async_request *async)
+ {
+ 	struct skcipher_request *req = skcipher_request_cast(async);
+@@ -53,11 +60,21 @@ static int mtk_skcipher_cra_init(struct
+ 	struct mtk_crypto_ctx *ctx = crypto_tfm_ctx(tfm);
+ 	struct mtk_alg_template *tmpl = container_of(tfm->__crt_alg,
+ 				struct mtk_alg_template, alg.skcipher.base);
+	bool fallback = mtk_skcipher_is_fallback(tfm, tmpl->flags);
+
+	if (fallback) {
+		ctx->fallback = crypto_alloc_skcipher(
+			crypto_tfm_alg_name(tfm), 0, CRYPTO_ALG_NEED_FALLBACK);
+		if (IS_ERR(ctx->fallback))
+			return PTR_ERR(ctx->fallback);
+	}
+ 
+-	crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm),
+-					sizeof(struct mtk_cipher_reqctx));
+	crypto_skcipher_set_reqsize(
+		__crypto_skcipher_cast(tfm),
+		sizeof(struct mtk_cipher_reqctx) +
+			(fallback ? crypto_skcipher_reqsize(ctx->fallback) :
+					  0));
+ 
+-	memset(ctx, 0, sizeof(*ctx));
+ 	ctx->mtk = tmpl->mtk;
+ 
+ 	ctx->sa_in = kzalloc(sizeof(struct saRecord_s), GFP_KERNEL);
+@@ -86,6 +103,8 @@ static void mtk_skcipher_cra_exit(struct
+ 			sizeof(struct saRecord_s), DMA_TO_DEVICE);
+ 	kfree(ctx->sa_in);
+ 	kfree(ctx->sa_out);
+
+	crypto_free_skcipher(ctx->fallback);
+ }
+ 
+ static int mtk_skcipher_setkey(struct crypto_skcipher *ctfm, const u8 *key,
+@@ -105,6 +124,8 @@ static int mtk_skcipher_setkey(struct cr
+ 	if (!key || !keylen)
+ 		return err;
+ 
+	ctx->keylen = keylen;
+
+ #if IS_ENABLED(CONFIG_CRYPTO_DEV_EIP93_AES)
+ 	if (IS_RFC3686(flags)) {
+ 		if (len < CTR_RFC3686_NONCE_SIZE)
+@@ -128,6 +149,14 @@ static int mtk_skcipher_setkey(struct cr
+ #if IS_ENABLED(CONFIG_CRYPTO_DEV_EIP93_AES)
+ 	if (flags & MTK_ALG_AES) {
+ 		struct crypto_aes_ctx aes;
+		bool fallback = mtk_skcipher_is_fallback(tfm, flags);
+
+		if (fallback && !IS_RFC3686(flags)) {
+			err = crypto_skcipher_setkey(ctx->fallback, key,
+						     keylen);
+			if (err)
+				return err;
+		}
+ 
+ 		ctx->blksize = AES_BLOCK_SIZE;
+ 		err = aes_expandkey(&aes, key, keylen);
+@@ -160,16 +189,41 @@ static int mtk_skcipher_setkey(struct cr
+ 	return err;
+ }
+ 
+-static int mtk_skcipher_crypt(struct skcipher_request *req)
+static int mtk_skcipher_crypt(struct skcipher_request *req, bool encrypt)
+ {
+ 	struct mtk_cipher_reqctx *rctx = skcipher_request_ctx(req);
+ 	struct crypto_async_request *async = &req->base;
+ 	struct mtk_crypto_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
+ 	struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
+	bool fallback = mtk_skcipher_is_fallback(req->base.tfm, rctx->flags);
+ 
+ 	if (!req->cryptlen)
+ 		return 0;
+ 
+	/*
+	 * ECB and CBC algorithms require message lengths to be
+	 * multiples of block size.
+	 */
+	if (IS_ECB(rctx->flags) || IS_CBC(rctx->flags))
+		if (!IS_ALIGNED(req->cryptlen,
+				crypto_skcipher_blocksize(skcipher)))
+			return -EINVAL;
+
+	if (fallback &&
+	    req->cryptlen <= (AES_KEYSIZE_128 ?
+				      CONFIG_MTK_EIP93_AES_128_SW_MAX_LEN :
+				      CONFIG_MTK_EIP93_GENERIC_SW_MAX_LEN)) {
+		skcipher_request_set_tfm(&rctx->fallback_req, ctx->fallback);
+		skcipher_request_set_callback(&rctx->fallback_req,
+					      req->base.flags,
+					      req->base.complete,
+					      req->base.data);
+		skcipher_request_set_crypt(&rctx->fallback_req, req->src,
+					   req->dst, req->cryptlen, req->iv);
+		return encrypt ? crypto_skcipher_encrypt(&rctx->fallback_req) :
+				 crypto_skcipher_decrypt(&rctx->fallback_req);
+	}
+
+ 	rctx->assoclen = 0;
+ 	rctx->textsize = req->cryptlen;
+ 	rctx->authsize = 0;
+@@ -195,7 +249,7 @@ static int mtk_skcipher_encrypt(struct s
+ 	rctx->flags |= MTK_ENCRYPT;
+ 	rctx->saRecord_base = ctx->sa_base_out;
+ 
+-	return mtk_skcipher_crypt(req);
+	return mtk_skcipher_crypt(req, true);
+ }
+ 
+ static int mtk_skcipher_decrypt(struct skcipher_request *req)
+@@ -209,7 +263,7 @@ static int mtk_skcipher_decrypt(struct s
+ 	rctx->flags |= MTK_DECRYPT;
+ 	rctx->saRecord_base = ctx->sa_base_in;
+ 
+-	return mtk_skcipher_crypt(req);
+	return mtk_skcipher_crypt(req, false);
+ }
+ 
+ /* Available algorithms in this module */
+--- a/crypto/mtk-eip93/eip93-cipher.h
+++ b/crypto/mtk-eip93/eip93-cipher.h
+@@ -24,6 +24,8 @@ struct mtk_crypto_ctx {
+ 	bool				in_first;
+ 	bool				out_first;
+ 	struct crypto_shash		*shash;
+	unsigned int keylen;
+	struct crypto_skcipher *fallback;
+ };
+ 
+ struct mtk_cipher_reqctx {
+@@ -45,6 +47,7 @@ struct mtk_cipher_reqctx {
+ 	struct saState_s		*saState_ctr;
+ 	dma_addr_t			saState_base_ctr;
+ 	uint32_t			saState_ctr_idx;
+	struct skcipher_request fallback_req; // keep at the end
+ };
+ 
+ int check_valid_request(struct mtk_cipher_reqctx *rctx);
--- a/package/kernel/mtk-eip93/patches/100-fix-build-on-kernel-5.4.patch
+++ b/package/kernel/mtk-eip93/patches/100-fix-build-on-kernel-5.4.patch
--- a/target/linux/ramips/mt7621/target.mk
+++ b/target/linux/ramips/mt7621/target.mk
@ -10,7 +10,7 @@ KERNELNAME:=vmlinux vmlinuz
 # make Kernel/CopyImage use $LINUX_DIR/vmlinuz
 IMAGES_DIR:=../../..

-DEFAULT_PACKAGES += kmod-mtk-hnat wpad-openssl swconfig
+DEFAULT_PACKAGES += kmod-mtk-hnat wpad-openssl swconfig kmod-crypto-hw-eip93

 define Target/Description
 	Build firmware images for Ralink MT7621 based boards.