crypto: eip93: use in-tree driver for kernel 6.18

This patch set introduces support for using the in-tree (mainline) EIP93 crypto driver for kernel 6.18 and later, along with additional improvements and fixes: - Conditional Kconfig/Makefile handling for crypto-hw-eip93 to enable use of the mainline driver with kernel 6.18+. - Patch 926: Use software AES fallback for small requests in the EIP93 driver. - Patch 927: Add `mediatek,mtk-eip93` compatible string for upstream kernel device trees. Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com> Link: https://github.com/openwrt/openwrt/pull/21078 Signed-off-by: Robert Marko <robimarko@gmail.com>
2026-05-05 01:46:11 +02:00 · 2026-01-15 09:08:05 +01:00 · 2026-01-15 09:08:05 +01:00 · 354a26b094
commit 354a26b094
parent 2569a339ed
3 changed files with 201 additions and 6 deletions
--- a/package/kernel/linux/modules/crypto.mk
+++ b/package/kernel/linux/modules/crypto.mk
@ -521,7 +521,7 @@ $(eval $(call KernelPackage,crypto-hw-talitos))

 define KernelPackage/crypto-hw-eip93
  TITLE:=MTK EIP93 crypto module
-  DEPENDS:=@TARGET_ramips_mt7621 \
+  DEPENDS:=@(TARGET_ramips_mt7621||TARGET_airoha) \
 	+kmod-crypto-authenc \
 	+kmod-crypto-des \
 	+kmod-crypto-md5 \
@ -530,23 +530,28 @@ define KernelPackage/crypto-hw-eip93
  KCONFIG:= \
 	CONFIG_CRYPTO_HW=y \
 	CONFIG_CRYPTO_DEV_EIP93 \
-	CONFIG_CRYPTO_DEV_EIP93_AES=y \
-	CONFIG_CRYPTO_DEV_EIP93_DES=y \
-	CONFIG_CRYPTO_DEV_EIP93_AEAD=y \
+	CONFIG_CRYPTO_DEV_EIP93_AES=y@lt6.18 \
+	CONFIG_CRYPTO_DEV_EIP93_DES=y@lt6.18 \
+	CONFIG_CRYPTO_DEV_EIP93_AEAD=y@lt6.18 \
 	CONFIG_CRYPTO_DEV_EIP93_GENERIC_SW_MAX_LEN=256 \
 	CONFIG_CRYPTO_DEV_EIP93_AES_128_SW_MAX_LEN=512
-  FILES:=$(LINUX_DIR)/drivers/crypto/mtk-eip93/crypto-hw-eip93.ko
+  FILES:=$(LINUX_DIR)/drivers/crypto/mtk-eip93/crypto-hw-eip93.ko@lt6.18 \
+    $(LINUX_DIR)/drivers/crypto/inside-secure/eip93/crypto-hw-eip93.ko@ge6.18
  AUTOLOAD:=$(call AutoLoad,09,crypto-hw-eip93)
  $(call AddDepends/crypto)
 endef

 define KernelPackage/crypto-hw-eip93/description
 Kernel module to enable EIP-93 Crypto engine as found
-in the Mediatek MT7621 SoC.
+in Mediatek MT7621 and Airoha SoCs.
 It enables DES/3DES/AES ECB/CBC/CTR and
 IPSEC offload with authenc(hmac(sha1/sha256), aes/cbc/rfc3686)
 endef

+define KernelPackage/crypto-hw-eip93/airoha
+  FILES:=$(LINUX_DIR)/drivers/crypto/inside-secure/eip93/crypto-hw-eip93.ko
+endef
+
 $(eval $(call KernelPackage,crypto-hw-eip93))

 define KernelPackage/crypto-kpp
--- a/target/linux/generic/hack-6.18/926-crypto-eip93-use-AES-fallback-for-small-requests.patch
+++ b/target/linux/generic/hack-6.18/926-crypto-eip93-use-AES-fallback-for-small-requests.patch
@ -0,0 +1,170 @@
+From 46d673033b7f6974d0bf5696ff8365fd412cd646 Mon Sep 17 00:00:00 2001
+From: Aviana Cruz <gwencroft@proton.me>
+Date: Mon, 20 Jun 2022 21:55:45 +0800
+Subject: [PATCH] crypto: eip93 - use AES fallback for small requests
+
+For data blocks smaller than 1024, software crypto is faster.
+
+Signed-off-by: Aviana Cruz <gwencroft@proton.me>
+---
+
+--- a/drivers/crypto/inside-secure/eip93/Kconfig
+++ b/drivers/crypto/inside-secure/eip93/Kconfig
+@@ -18,3 +18,19 @@ config CRYPTO_DEV_EIP93
+ 	  CTR crypto. Also provide DES and 3DES ECB and CBC.
+ 
+ 	  Also provide AEAD authenc(hmac(x), cipher(y)) for supported algo.
+
+config CRYPTO_DEV_EIP93_GENERIC_SW_MAX_LEN
+	int "Max skcipher software fallback length"
+	depends on CRYPTO_DEV_EIP93
+	default 256
+	help
+	  Max length of crypt request which
+	  will fallback to software crypt of skcipher *except* AES-128.
+
+config CRYPTO_DEV_EIP93_AES_128_SW_MAX_LEN
+	int "Max AES-128 skcipher software fallback length"
+	depends on CRYPTO_DEV_EIP93
+	default 512
+	help
+	  Max length of crypt request which
+	  will fallback to software crypt of AES-128 skcipher.
+--- a/drivers/crypto/inside-secure/eip93/eip93-cipher.c
+++ b/drivers/crypto/inside-secure/eip93/eip93-cipher.c
+@@ -30,6 +30,13 @@ void eip93_skcipher_handle_result(struct
+ 	skcipher_request_complete(req, err);
+ }
+ 
+static inline bool eip93_skcipher_is_fallback(const struct crypto_tfm *tfm,
+					      u32 flags)
+{
+	return (tfm->__crt_alg->cra_flags & CRYPTO_ALG_NEED_FALLBACK) &&
+		!IS_RFC3686(flags);
+}
+
+ static int eip93_skcipher_send_req(struct crypto_async_request *async)
+ {
+ 	struct skcipher_request *req = skcipher_request_cast(async);
+@@ -52,12 +59,21 @@ static int eip93_skcipher_cra_init(struc
+ 	struct eip93_crypto_ctx *ctx = crypto_tfm_ctx(tfm);
+ 	struct eip93_alg_template *tmpl = container_of(tfm->__crt_alg,
+ 				struct eip93_alg_template, alg.skcipher.base);
+-
+-	crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm),
+-				    sizeof(struct eip93_cipher_reqctx));
+	bool fallback = eip93_skcipher_is_fallback(tfm, tmpl->flags);
+ 
+ 	memset(ctx, 0, sizeof(*ctx));
+ 
+	if (fallback) {
+		ctx->fallback = crypto_alloc_skcipher(
+			crypto_tfm_alg_name(tfm), 0, CRYPTO_ALG_NEED_FALLBACK);
+		if (IS_ERR(ctx->fallback))
+			return PTR_ERR(ctx->fallback);
+	}
+
+	crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm),
+				    sizeof(struct eip93_cipher_reqctx) + (fallback ?
+				    crypto_skcipher_reqsize(ctx->fallback) : 0));
+
+ 	ctx->eip93 = tmpl->eip93;
+ 	ctx->type = tmpl->type;
+ 
+@@ -75,6 +91,8 @@ static void eip93_skcipher_cra_exit(stru
+ 	dma_unmap_single(ctx->eip93->dev, ctx->sa_record_base,
+ 			 sizeof(*ctx->sa_record), DMA_TO_DEVICE);
+ 	kfree(ctx->sa_record);
+
+	crypto_free_skcipher(ctx->fallback);
+ }
+ 
+ static int eip93_skcipher_setkey(struct crypto_skcipher *ctfm, const u8 *key,
+@@ -117,6 +135,14 @@ static int eip93_skcipher_setkey(struct
+ 
+ 	if (flags & EIP93_ALG_AES) {
+ 		struct crypto_aes_ctx aes;
+		bool fallback = eip93_skcipher_is_fallback(tfm, flags);
+
+		if (fallback && !IS_RFC3686(flags)) {
+			ret = crypto_skcipher_setkey(ctx->fallback, key,
+						     keylen);
+			if (ret)
+				return ret;
+		}
+ 
+ 		ctx->blksize = AES_BLOCK_SIZE;
+ 		ret = aes_expandkey(&aes, key, keylen);
+@@ -133,12 +159,13 @@ static int eip93_skcipher_setkey(struct
+ 	return 0;
+ }
+ 
+-static int eip93_skcipher_crypt(struct skcipher_request *req)
+static int eip93_skcipher_crypt(struct skcipher_request *req, bool encrypt)
+ {
+ 	struct eip93_cipher_reqctx *rctx = skcipher_request_ctx(req);
+ 	struct crypto_async_request *async = &req->base;
+ 	struct eip93_crypto_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
+ 	struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
+	bool fallback = eip93_skcipher_is_fallback(req->base.tfm, rctx->flags);
+ 	int ret;
+ 
+ 	if (!req->cryptlen)
+@@ -153,6 +180,21 @@ static int eip93_skcipher_crypt(struct s
+ 				crypto_skcipher_blocksize(skcipher)))
+ 			return -EINVAL;
+ 
+	if (fallback &&
+	    req->cryptlen <= (AES_KEYSIZE_128 ?
+			      CONFIG_CRYPTO_DEV_EIP93_AES_128_SW_MAX_LEN :
+			      CONFIG_CRYPTO_DEV_EIP93_GENERIC_SW_MAX_LEN)) {
+		skcipher_request_set_tfm(&rctx->fallback_req, ctx->fallback);
+		skcipher_request_set_callback(&rctx->fallback_req,
+					      req->base.flags,
+					      req->base.complete,
+					      req->base.data);
+		skcipher_request_set_crypt(&rctx->fallback_req, req->src,
+					   req->dst, req->cryptlen, req->iv);
+		return encrypt ? crypto_skcipher_encrypt(&rctx->fallback_req) :
+				 crypto_skcipher_decrypt(&rctx->fallback_req);
+	}
+
+ 	ctx->sa_record_base = dma_map_single(ctx->eip93->dev, ctx->sa_record,
+ 					     sizeof(*ctx->sa_record), DMA_TO_DEVICE);
+ 	ret = dma_mapping_error(ctx->eip93->dev, ctx->sa_record_base);
+@@ -181,7 +223,7 @@ static int eip93_skcipher_encrypt(struct
+ 	rctx->flags = tmpl->flags;
+ 	rctx->flags |= EIP93_ENCRYPT;
+ 
+-	return eip93_skcipher_crypt(req);
+	return eip93_skcipher_crypt(req, true);
+ }
+ 
+ static int eip93_skcipher_decrypt(struct skcipher_request *req)
+@@ -196,7 +238,7 @@ static int eip93_skcipher_decrypt(struct
+ 	rctx->flags = tmpl->flags;
+ 	rctx->flags |= EIP93_DECRYPT;
+ 
+-	return eip93_skcipher_crypt(req);
+	return eip93_skcipher_crypt(req, false);
+ }
+ 
+ /* Available algorithms in this module */
+--- a/drivers/crypto/inside-secure/eip93/eip93-cipher.h
+++ b/drivers/crypto/inside-secure/eip93/eip93-cipher.h
+@@ -22,6 +22,7 @@ struct eip93_crypto_ctx {
+ 	unsigned int			assoclen;
+ 	bool				set_assoc;
+ 	enum eip93_alg_type		type;
+	struct crypto_skcipher		*fallback;
+ };
+ 
+ struct eip93_cipher_reqctx {
+@@ -42,6 +43,7 @@ struct eip93_cipher_reqctx {
+ 	int				dst_nents;
+ 	struct sa_state			*sa_state_ctr;
+ 	dma_addr_t			sa_state_ctr_base;
+	struct skcipher_request		fallback_req;
+ };
+ 
+ int check_valid_request(struct eip93_cipher_reqctx *rctx);
--- a/target/linux/generic/hack-6.18/927-crypto-eip93-add-mediatek-mtk-eip93-compatible-string.patch
+++ b/target/linux/generic/hack-6.18/927-crypto-eip93-add-mediatek-mtk-eip93-compatible-string.patch
@ -0,0 +1,20 @@
+From: Mieczyslaw Nalewaj <namiltd@yahoo.com>
+Date: Tue, 13 Jan 2026 10:31:12 +0100
+Subject: [PATCH] crypto: eip93: add mediatek,mtk-eip93 compatible string
+
+Add mediatek,mtk-eip93 compatible string for compatibility
+with kernel 6.12 dts files.
+
+Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
+---
+
+--- a/drivers/crypto/inside-secure/eip93/eip93-main.c
+++ b/drivers/crypto/inside-secure/eip93/eip93-main.c
+@@ -489,6 +489,7 @@ static void eip93_crypto_remove(struct p
+ }
+ 
+ static const struct of_device_id eip93_crypto_of_match[] = {
+	{ .compatible = "mediatek,mtk-eip93", },
+ 	{ .compatible = "inside-secure,safexcel-eip93i", },
+ 	{ .compatible = "inside-secure,safexcel-eip93ie", },
+ 	{ .compatible = "inside-secure,safexcel-eip93is", },