branch Attitude Adjustment

git-svn-id: svn://svn.openwrt.org/openwrt/branches/attitude_adjustment@33625 3c298f89-4303-0410-b956-a3cf2f4a3e73

11 files changed, 2865 insertions, 0 deletions

diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/Makefile b/target/linux/ubicom32/files/arch/ubicom32/crypto/Makefile
new file mode 100644
index 000000000..2d8e5863c
--- /dev/null
+++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/Makefile
@@ -0,0 +1,36 @@
+#
+# arch/ubicom32/crypto/Makefile
+#	<TODO: Replace with short file description>
+#
+# (C) Copyright 2009, Ubicom, Inc.
+#
+# This file is part of the Ubicom32 Linux Kernel Port.
+#
+# The Ubicom32 Linux Kernel Port is free software: you can redistribute
+# it and/or modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation, either version 2 of the
+# License, or (at your option) any later version.
+#
+# The Ubicom32 Linux Kernel Port is distributed in the hope that it
+# will be useful, but WITHOUT ANY WARRANTY; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+# the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with the Ubicom32 Linux Kernel Port.  If not,
+# see <http://www.gnu.org/licenses/>.
+#
+# Ubicom32 implementation derived from (with many thanks):
+#   arch/m68knommu
+#   arch/blackfin
+#   arch/parisc
+#
+obj-$(CONFIG_CRYPTO_UBICOM32) += crypto_ubicom32.o
+obj-$(CONFIG_CRYPTO_AES_UBICOM32) += aes_ubicom32.o
+obj-$(CONFIG_CRYPTO_DES_UBICOM32) += des.o
+obj-$(CONFIG_CRYPTO_MD5_UBICOM32) += md5.o
+obj-$(CONFIG_CRYPTO_SHA1_UBICOM32) += sha1.o
+
+des-y := des_ubicom32.o des_check_key.o
+md5-y := md5_ubicom32.o md5_ubicom32_asm.o
+sha1-y := sha1_ubicom32.o
diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/aes_ubicom32.c b/target/linux/ubicom32/files/arch/ubicom32/crypto/aes_ubicom32.c
new file mode 100644
index 000000000..f0b9f86bc
--- /dev/null
+++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/aes_ubicom32.c
@@ -0,0 +1,458 @@
+/*
+ * arch/ubicom32/crypto/aes_ubicom32.c
+ *   Ubicom32 implementation of the AES Cipher Algorithm.
+ *
+ * (C) Copyright 2009, Ubicom, Inc.
+ *
+ * This file is part of the Ubicom32 Linux Kernel Port.
+ *
+ * The Ubicom32 Linux Kernel Port is free software: you can redistribute
+ * it and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * The Ubicom32 Linux Kernel Port is distributed in the hope that it
+ * will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ * the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with the Ubicom32 Linux Kernel Port.  If not,
+ * see <http://www.gnu.org/licenses/>.
+ *
+ * Ubicom32 implementation derived from (with many thanks):
+ *   arch/m68knommu
+ *   arch/blackfin
+ *   arch/parisc
+ */
+#include <crypto/aes.h>
+#include <crypto/algapi.h>
+#include <linux/err.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/spinlock.h>
+#include "crypto_ubicom32.h"
+#include <asm/linkage.h>
+
+struct ubicom32_aes_ctx {
+	u8 key[AES_MAX_KEY_SIZE];
+	u32 ctrl;
+	int key_len;
+};
+
+static inline void aes_hw_set_key(const u8 *key, u8 key_len)
+{
+	/*
+	 * switch case has more overhead than 4 move.4 instructions, so just copy 256 bits
+	 */
+	SEC_SET_KEY_256(key);
+}
+
+static inline void aes_hw_set_iv(const u8 *iv)
+{
+	SEC_SET_IV_4W(iv);
+}
+
+static inline void aes_hw_cipher(u8 *out, const u8 *in)
+{
+	SEC_SET_INPUT_4W(in);
+
+	asm volatile (
+	"	; start AES by writing 0x40(SECURITY_BASE)	\n\t"
+	"	move.4 0x40(%0), #0x01				\n\t"
+	"	pipe_flush 0                                    \n\t"
+	"							\n\t"
+	"	; wait for the module to calculate the output	\n\t"
+	"	btst 0x04(%0), #0				\n\t"
+	"	jmpne.f .-4					\n\t"
+		:
+		: "a" (SEC_BASE)
+		: "cc"
+	);
+
+	SEC_GET_OUTPUT_4W(out);
+}
+
+static int __ocm_text aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
+		       unsigned int key_len)
+{
+	struct ubicom32_aes_ctx *uctx = crypto_tfm_ctx(tfm);
+
+	uctx->key_len = key_len;
+	memcpy(uctx->key, in_key, key_len);
+
+	/*
+	 * leave out HASH_ALG (none = 0), CBC (no = 0), DIR (unknown) yet
+	 */
+	switch (uctx->key_len) {
+	case 16:
+		uctx->ctrl = SEC_KEY_128_BITS | SEC_ALG_AES;
+		break;
+	case 24:
+		uctx->ctrl = SEC_KEY_192_BITS | SEC_ALG_AES;
+		break;
+	case 32:
+		uctx->ctrl = SEC_KEY_256_BITS | SEC_ALG_AES;
+		break;
+	}
+
+	return 0;
+}
+
+static inline void aes_cipher(struct crypto_tfm *tfm, u8 *out, const u8 *in, u32 extra_flags)
+{
+	const struct ubicom32_aes_ctx *uctx = crypto_tfm_ctx(tfm);
+
+	hw_crypto_lock();
+	hw_crypto_check();
+	hw_crypto_set_ctrl(uctx->ctrl | extra_flags);
+
+	aes_hw_set_key(uctx->key, uctx->key_len);
+	aes_hw_cipher(out, in);
+
+	hw_crypto_unlock();
+}
+
+static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
+{
+	aes_cipher(tfm, out, in, SEC_DIR_ENCRYPT);
+}
+
+static void aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
+{
+	aes_cipher(tfm, out, in, SEC_DIR_DECRYPT);
+}
+
+static struct crypto_alg aes_alg = {
+	.cra_name		=	"aes",
+	.cra_driver_name	=	"aes-ubicom32",
+	.cra_priority		=	CRYPTO_UBICOM32_PRIORITY,
+	.cra_flags		=	CRYPTO_ALG_TYPE_CIPHER,
+	.cra_blocksize		=	AES_BLOCK_SIZE,
+	.cra_ctxsize		=	sizeof(struct ubicom32_aes_ctx),
+	.cra_alignmask		=	CRYPTO_UBICOM32_ALIGNMENT - 1,
+	.cra_module		=	THIS_MODULE,
+	.cra_list		=	LIST_HEAD_INIT(aes_alg.cra_list),
+	.cra_u			=	{
+		.cipher = {
+			.cia_min_keysize	=	AES_MIN_KEY_SIZE,
+			.cia_max_keysize	=	AES_MAX_KEY_SIZE,
+			.cia_setkey		=	aes_set_key,
+			.cia_encrypt		=	aes_encrypt,
+			.cia_decrypt		=	aes_decrypt,
+		}
+	}
+};
+
+static void __ocm_text ecb_aes_crypt_loop(u8 *out, u8 *in, unsigned int n)
+{
+	while (likely(n)) {
+		aes_hw_cipher(out, in);
+		out += AES_BLOCK_SIZE;
+		in += AES_BLOCK_SIZE;
+		n -= AES_BLOCK_SIZE;
+	}
+}
+
+static int __ocm_text ecb_aes_crypt(struct blkcipher_desc *desc, struct scatterlist *dst,
+			 struct scatterlist *src, unsigned int nbytes, u32 extra_flags)
+{
+	const struct ubicom32_aes_ctx *uctx = crypto_blkcipher_ctx(desc->tfm);
+	int ret;
+
+	struct blkcipher_walk walk;
+	blkcipher_walk_init(&walk, dst, src, nbytes);
+	ret = blkcipher_walk_virt(desc, &walk);
+        if (ret) {
+                return ret;
+        }
+
+	hw_crypto_lock();
+	hw_crypto_check();
+
+        hw_crypto_set_ctrl(uctx->ctrl | extra_flags);
+        aes_hw_set_key(uctx->key, uctx->key_len);
+
+	while (likely((nbytes = walk.nbytes))) {
+		/* only use complete blocks */
+		unsigned int n = nbytes & ~(AES_BLOCK_SIZE - 1);
+		u8 *out = walk.dst.virt.addr;
+		u8 *in = walk.src.virt.addr;
+
+		/* finish n/16 blocks */
+		ecb_aes_crypt_loop(out, in, n);
+
+		nbytes &= AES_BLOCK_SIZE - 1;
+		ret = blkcipher_walk_done(desc, &walk, nbytes);
+	}
+
+	hw_crypto_unlock();
+	return ret;
+}
+
+static int ecb_aes_encrypt(struct blkcipher_desc *desc,
+			   struct scatterlist *dst, struct scatterlist *src,
+			   unsigned int nbytes)
+{
+	return ecb_aes_crypt(desc, dst, src, nbytes, SEC_DIR_ENCRYPT);
+}
+
+static int ecb_aes_decrypt(struct blkcipher_desc *desc,
+			   struct scatterlist *dst, struct scatterlist *src,
+			   unsigned int nbytes)
+{
+	return ecb_aes_crypt(desc, dst, src, nbytes, SEC_DIR_DECRYPT);
+}
+
+static struct crypto_alg ecb_aes_alg = {
+	.cra_name		=	"ecb(aes)",
+	.cra_driver_name	=	"ecb-aes-ubicom32",
+	.cra_priority		=	CRYPTO_UBICOM32_COMPOSITE_PRIORITY,
+	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER,
+	.cra_blocksize		=	AES_BLOCK_SIZE,
+	.cra_ctxsize		=	sizeof(struct ubicom32_aes_ctx),
+	.cra_alignmask          =       CRYPTO_UBICOM32_ALIGNMENT - 1,
+	.cra_type		=	&crypto_blkcipher_type,
+	.cra_module		=	THIS_MODULE,
+	.cra_list		=	LIST_HEAD_INIT(ecb_aes_alg.cra_list),
+	.cra_u			=	{
+		.blkcipher = {
+			.min_keysize		=	AES_MIN_KEY_SIZE,
+			.max_keysize		=	AES_MAX_KEY_SIZE,
+			.setkey			=	aes_set_key,
+			.encrypt		=	ecb_aes_encrypt,
+			.decrypt		=	ecb_aes_decrypt,
+		}
+	}
+};
+
+#if CRYPTO_UBICOM32_LOOP_ASM
+void __ocm_text cbc_aes_encrypt_loop(u8 *out, u8 *in, u8 *iv, unsigned int n)
+{
+	asm volatile (
+	"; set init. iv 4w			\n\t"
+	"	move.4 0x50(%0), 0x0(%3)	\n\t"
+	"	move.4 0x54(%0), 0x4(%3)	\n\t"
+	"	move.4 0x58(%0), 0x8(%3)	\n\t"
+	"	move.4 0x5c(%0), 0xc(%3)	\n\t"
+	"					\n\t"
+	"; we know n > 0, so we can always	\n\t"
+	"; load the first block			\n\t"
+	"; set input 4w				\n\t"
+	"	move.4 0x30(%0), 0x0(%2)	\n\t"
+	"	move.4 0x34(%0), 0x4(%2)	\n\t"
+	"	move.4 0x38(%0), 0x8(%2)	\n\t"
+	"	move.4 0x3c(%0), 0xc(%2)	\n\t"
+	"					\n\t"
+	"; kickoff hw				\n\t"
+	"	move.4 0x40(%0), %2		\n\t"
+	"					\n\t"
+	"; update n & flush			\n\t"
+	"	add.4 %4, #-16, %4		\n\t"
+	"	pipe_flush 0			\n\t"
+	"					\n\t"
+	"; while (n):  work on 2nd block	\n\t"
+	" 1:	lsl.4 d15, %4, #0x0		\n\t"
+	"	jmpeq.f 5f			\n\t"
+	"					\n\t"
+	"; set input 4w	(2nd)			\n\t"
+	"	move.4 0x30(%0), 0x10(%2)	\n\t"
+	"	move.4 0x34(%0), 0x14(%2)	\n\t"
+	"	move.4 0x38(%0), 0x18(%2)	\n\t"
+	"	move.4 0x3c(%0), 0x1c(%2)	\n\t"
+	"					\n\t"
+	"; update n/in asap while waiting	\n\t"
+	"	add.4 %4, #-16, %4		\n\t"
+	"	move.4 d15, 16(%2)++		\n\t"
+	"					\n\t"
+	"; wait for the previous output		\n\t"
+	"	btst 0x04(%0), #0		\n\t"
+	"	jmpne.f -4			\n\t"
+	"					\n\t"
+	"; read previous output			\n\t"
+	"	move.4 0x0(%1), 0x50(%0)	\n\t"
+	"	move.4 0x4(%1), 0x54(%0)	\n\t"
+	"	move.4 0x8(%1), 0x58(%0)	\n\t"
+	"	move.4 0xc(%1), 0x5c(%0)	\n\t"
+	"					\n\t"
+	"; kick off hw for 2nd input		\n\t"
+	"	move.4 0x40(%0), %2		\n\t"
+	"					\n\t"
+	"; update out asap			\n\t"
+	"	move.4 d15, 16(%1)++		\n\t"
+	"					\n\t"
+	"; go back to loop			\n\t"
+	"	jmpt 1b				\n\t"
+	"					\n\t"
+	"; wait for last output			\n\t"
+	" 5:	btst 0x04(%0), #0               \n\t"
+        "       jmpne.f -4                      \n\t"
+        "                                       \n\t"
+	"; read last output			\n\t"
+	"	move.4 0x0(%1), 0x50(%0)	\n\t"
+	"	move.4 0x4(%1), 0x54(%0)	\n\t"
+	"	move.4 0x8(%1), 0x58(%0)	\n\t"
+	"	move.4 0xc(%1), 0x5c(%0)	\n\t"
+        "                                       \n\t"
+	"; copy out iv				\n\t"
+	"	move.4 0x0(%3), 0x50(%0)	\n\t"
+	"	move.4 0x4(%3), 0x54(%0)	\n\t"
+	"	move.4 0x8(%3), 0x58(%0)	\n\t"
+	"	move.4 0xc(%3), 0x5c(%0)	\n\t"
+        "                                       \n\t"
+		:
+		: "a" (SEC_BASE), "a" (out), "a" (in), "a" (iv), "d" (n)
+		: "d15", "cc"
+	);
+}
+
+#else
+
+static void __ocm_text cbc_aes_encrypt_loop(u8 *out, u8 *in, u8 *iv, unsigned int n)
+{
+	aes_hw_set_iv(iv);
+	while (likely(n)) {
+		aes_hw_cipher(out, in);
+		out += AES_BLOCK_SIZE;
+		in += AES_BLOCK_SIZE;
+		n -= AES_BLOCK_SIZE;
+	}
+	SEC_COPY_4W(iv, out - AES_BLOCK_SIZE);
+}
+
+#endif
+
+static void __ocm_text cbc_aes_decrypt_loop(u8 *out, u8 *in, u8 *iv, unsigned int n)
+{
+        while (likely(n)) {
+                aes_hw_set_iv(iv);
+		SEC_COPY_4W(iv, in);
+                aes_hw_cipher(out, in);
+                out += AES_BLOCK_SIZE;
+                in += AES_BLOCK_SIZE;
+                n -= AES_BLOCK_SIZE;
+        }
+}
+
+static int __ocm_text cbc_aes_crypt(struct blkcipher_desc *desc,
+                           struct scatterlist *dst, struct scatterlist *src,
+                           unsigned int nbytes, u32 extra_flags)
+{
+	struct ubicom32_aes_ctx *uctx = crypto_blkcipher_ctx(desc->tfm);
+	int ret;
+
+        struct blkcipher_walk walk;
+        blkcipher_walk_init(&walk, dst, src, nbytes);
+	ret = blkcipher_walk_virt(desc, &walk);
+	if (unlikely(ret)) {
+		return ret;
+	}
+
+        hw_crypto_lock();
+	hw_crypto_check();
+
+        hw_crypto_set_ctrl(uctx->ctrl | extra_flags);
+        aes_hw_set_key(uctx->key, uctx->key_len);
+
+	while (likely((nbytes = walk.nbytes))) {
+                /* only use complete blocks */
+                unsigned int n = nbytes & ~(AES_BLOCK_SIZE - 1);
+		if (likely(n)) {
+	                u8 *out = walk.dst.virt.addr;
+		        u8 *in = walk.src.virt.addr;
+
+			if (extra_flags & SEC_DIR_ENCRYPT) {
+				cbc_aes_encrypt_loop(out, in, walk.iv, n);
+			} else {
+				cbc_aes_decrypt_loop(out, in, walk.iv, n);
+			}
+		}
+
+		nbytes &= AES_BLOCK_SIZE - 1;
+                ret = blkcipher_walk_done(desc, &walk, nbytes);
+	}
+	hw_crypto_unlock();
+
+	return ret;
+}
+
+static int __ocm_text cbc_aes_encrypt(struct blkcipher_desc *desc,
+			   struct scatterlist *dst, struct scatterlist *src,
+			   unsigned int nbytes)
+{
+	return cbc_aes_crypt(desc, dst, src, nbytes, SEC_DIR_ENCRYPT | SEC_CBC_SET);
+}
+
+static int __ocm_text cbc_aes_decrypt(struct blkcipher_desc *desc,
+			   struct scatterlist *dst, struct scatterlist *src,
+			   unsigned int nbytes)
+{
+	return cbc_aes_crypt(desc, dst, src, nbytes, SEC_DIR_DECRYPT | SEC_CBC_SET);
+}
+
+static struct crypto_alg cbc_aes_alg = {
+	.cra_name		=	"cbc(aes)",
+	.cra_driver_name	=	"cbc-aes-ubicom32",
+	.cra_priority		=	CRYPTO_UBICOM32_COMPOSITE_PRIORITY,
+	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER,
+	.cra_blocksize		=	AES_BLOCK_SIZE,
+	.cra_ctxsize		=	sizeof(struct ubicom32_aes_ctx),
+	.cra_alignmask          =       CRYPTO_UBICOM32_ALIGNMENT - 1,
+	.cra_type		=	&crypto_blkcipher_type,
+	.cra_module		=	THIS_MODULE,
+	.cra_list		=	LIST_HEAD_INIT(cbc_aes_alg.cra_list),
+	.cra_u			=	{
+		.blkcipher = {
+			.min_keysize		=	AES_MIN_KEY_SIZE,
+			.max_keysize		=	AES_MAX_KEY_SIZE,
+			.ivsize			=	AES_BLOCK_SIZE,
+			.setkey			=	aes_set_key,
+			.encrypt		=	cbc_aes_encrypt,
+			.decrypt		=	cbc_aes_decrypt,
+		}
+	}
+};
+
+static int __init aes_init(void)
+{
+	int ret;
+
+	hw_crypto_init();
+
+	ret = crypto_register_alg(&aes_alg);
+	if (ret)
+		goto aes_err;
+
+	ret = crypto_register_alg(&ecb_aes_alg);
+	if (ret)
+		goto ecb_aes_err;
+
+	ret = crypto_register_alg(&cbc_aes_alg);
+	if (ret)
+		goto cbc_aes_err;
+
+out:
+	return ret;
+
+cbc_aes_err:
+	crypto_unregister_alg(&ecb_aes_alg);
+ecb_aes_err:
+	crypto_unregister_alg(&aes_alg);
+aes_err:
+	goto out;
+}
+
+static void __exit aes_fini(void)
+{
+	crypto_unregister_alg(&cbc_aes_alg);
+	crypto_unregister_alg(&ecb_aes_alg);
+	crypto_unregister_alg(&aes_alg);
+}
+
+module_init(aes_init);
+module_exit(aes_fini);
+
+MODULE_ALIAS("aes");
+
+MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm");
+MODULE_LICENSE("GPL");
diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/crypto_des.h b/target/linux/ubicom32/files/arch/ubicom32/crypto/crypto_des.h
new file mode 100644
index 000000000..3fc0ac361
--- /dev/null
+++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/crypto_des.h
@@ -0,0 +1,34 @@
+/*
+ * arch/ubicom32/crypto/crypto_des.h
+ *   Function for checking keys for the DES and Triple DES Encryption
+ *   algorithms.
+ *
+ * (C) Copyright 2009, Ubicom, Inc.
+ *
+ * This file is part of the Ubicom32 Linux Kernel Port.
+ *
+ * The Ubicom32 Linux Kernel Port is free software: you can redistribute
+ * it and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * The Ubicom32 Linux Kernel Port is distributed in the hope that it
+ * will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ * the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with the Ubicom32 Linux Kernel Port.  If not,
+ * see <http://www.gnu.org/licenses/>.
+ *
+ * Ubicom32 implementation derived from (with many thanks):
+ *   arch/m68knommu
+ *   arch/blackfin
+ *   arch/parisc
+ */
+#ifndef __CRYPTO_DES_H__
+#define __CRYPTO_DES_H__
+
+extern int crypto_des_check_key(const u8*, unsigned int, u32*);
+
+#endif /* __CRYPTO_DES_H__ */
diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/crypto_ubicom32.c b/target/linux/ubicom32/files/arch/ubicom32/crypto/crypto_ubicom32.c
new file mode 100644
index 000000000..237ebbd9f
--- /dev/null
+++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/crypto_ubicom32.c
@@ -0,0 +1,50 @@
+/*
+ * arch/ubicom32/crypto/crypto_ubicom32.c
+ *   Generic code to support ubicom32 hardware crypto accelerator
+ *
+ * (C) Copyright 2009, Ubicom, Inc.
+ *
+ * This file is part of the Ubicom32 Linux Kernel Port.
+ *
+ * The Ubicom32 Linux Kernel Port is free software: you can redistribute
+ * it and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * The Ubicom32 Linux Kernel Port is distributed in the hope that it
+ * will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ * the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with the Ubicom32 Linux Kernel Port.  If not,
+ * see <http://www.gnu.org/licenses/>.
+ *
+ * Ubicom32 implementation derived from (with many thanks):
+ *   arch/m68knommu
+ *   arch/blackfin
+ *   arch/parisc
+ */
+#include "crypto_ubicom32.h"
+
+spinlock_t crypto_ubicom32_lock;
+bool crypto_ubicom32_inited = false;
+volatile bool crypto_ubicom32_on = false;
+volatile unsigned long crypto_ubicom32_last_use;
+
+struct timer_list crypto_ubicom32_ps_timer;
+void crypto_ubicom32_ps_check(unsigned long data)
+{
+	unsigned long idle_time = msecs_to_jiffies(HW_CRYPTO_PS_MAX_IDLE_MS);
+
+	BUG_ON(!crypto_ubicom32_on);
+
+	if (((jiffies - crypto_ubicom32_last_use) > idle_time) && spin_trylock_bh(&crypto_ubicom32_lock)) {
+                hw_crypto_turn_off();
+                spin_unlock_bh(&crypto_ubicom32_lock);
+		return;
+	}
+
+	/* keep monitoring */
+	hw_crypto_ps_start();
+}
diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/crypto_ubicom32.h b/target/linux/ubicom32/files/arch/ubicom32/crypto/crypto_ubicom32.h
new file mode 100644
index 000000000..e754c19b9
--- /dev/null
+++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/crypto_ubicom32.h
@@ -0,0 +1,346 @@
+/*
+ * arch/ubicom32/crypto/crypto_ubicom32.h
+ *   Support for Ubicom32 cryptographic instructions.
+ *
+ * (C) Copyright 2009, Ubicom, Inc.
+ *
+ * This file is part of the Ubicom32 Linux Kernel Port.
+ *
+ * The Ubicom32 Linux Kernel Port is free software: you can redistribute
+ * it and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * The Ubicom32 Linux Kernel Port is distributed in the hope that it
+ * will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ * the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with the Ubicom32 Linux Kernel Port.  If not,
+ * see <http://www.gnu.org/licenses/>.
+ *
+ * Ubicom32 implementation derived from (with many thanks):
+ *   arch/m68knommu
+ *   arch/blackfin
+ *   arch/parisc
+ */
+#ifndef _CRYPTO_ARCH_UBICOM32_CRYPT_H
+#define _CRYPTO_ARCH_UBICOM32_CRYPT_H
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/jiffies.h>
+#include <linux/timer.h>
+#include <linux/spinlock.h>
+#include <asm/errno.h>
+#include <asm/io.h>
+#include <asm/ip5000.h>
+
+#define CRYPTO_UBICOM32_LOOP_ASM 1
+#define CRYPTO_UBICOM32_ALIGNMENT 4
+#define SEC_ALIGNED(p) (((u32)p & 3) == 0)
+
+#define SEC_BASE		SECURITY_BASE
+#define SEC_KEY_OFFSET		SECURITY_KEY_VALUE(0)
+#define SEC_INPUT_OFFSET	SECURITY_KEY_IN(0)
+#define SEC_OUTPUT_OFFSET	SECURITY_KEY_OUT(0)
+#define SEC_HASH_OFFSET		SECURITY_KEY_HASH(0)
+
+#define SEC_KEY_128_BITS	SECURITY_CTRL_KEY_SIZE(0)
+#define SEC_KEY_192_BITS	SECURITY_CTRL_KEY_SIZE(1)
+#define SEC_KEY_256_BITS	SECURITY_CTRL_KEY_SIZE(2)
+
+#define SEC_HASH_NONE		SECURITY_CTRL_HASH_ALG_NONE
+#define SEC_HASH_MD5		SECURITY_CTRL_HASH_ALG_MD5
+#define SEC_HASH_SHA1		SECURITY_CTRL_HASH_ALG_SHA1
+
+#define SEC_CBC_SET		SECURITY_CTRL_CBC
+#define SEC_CBC_NONE		0
+
+#define SEC_ALG_AES		SECURITY_CTRL_CIPHER_ALG_AES
+#define SEC_ALG_NONE		SECURITY_CTRL_CIPHER_ALG_NONE
+#define SEC_ALG_DES		SECURITY_CTRL_CIPHER_ALG_DES
+#define SEC_ALG_3DES		SECURITY_CTRL_CIPHER_ALG_3DES
+
+#define SEC_DIR_ENCRYPT		SECURITY_CTRL_ENCIPHER
+#define SEC_DIR_DECRYPT		0
+
+#define CRYPTO_UBICOM32_PRIORITY 300
+#define CRYPTO_UBICOM32_COMPOSITE_PRIORITY 400
+
+#define HW_CRYPTO_PS_MAX_IDLE_MS 100    /* idle time (ms) before shuting down sm */
+
+extern spinlock_t crypto_ubicom32_lock;
+extern bool crypto_ubicom32_inited;
+extern volatile bool crypto_ubicom32_on;
+extern volatile unsigned long crypto_ubicom32_last_use;
+extern struct timer_list crypto_ubicom32_ps_timer;
+extern void crypto_ubicom32_ps_check(unsigned long data);
+
+#define SEC_COPY_2W(t, s)				\
+	asm volatile (					\
+	"	move.4 0(%0), 0(%1)		\n\t"	\
+	"	move.4 4(%0), 4(%1)		\n\t"	\
+							\
+		:					\
+		: "a" (t), "a" (s)			\
+	)
+
+#define SEC_COPY_4W(t, s)				\
+	asm volatile (					\
+	"	move.4 0(%0), 0(%1)		\n\t"	\
+	"	move.4 4(%0), 4(%1)		\n\t"	\
+	"	move.4 8(%0), 8(%1)		\n\t"	\
+	"	move.4 12(%0), 12(%1)		\n\t"	\
+		:					\
+		: "a" (t), "a" (s)			\
+	)
+
+#define SEC_COPY_5W(t, s)				\
+	asm volatile (					\
+	"	move.4 0(%0), 0(%1)		\n\t"	\
+	"	move.4 4(%0), 4(%1)		\n\t"	\
+	"	move.4 8(%0), 8(%1)		\n\t"	\
+	"	move.4 12(%0), 12(%1)		\n\t"	\
+	"	move.4 16(%0), 16(%1)		\n\t"	\
+		:					\
+		: "a" (t), "a" (s)			\
+	)
+
+#define SEC_SET_KEY_2W(x)				\
+	asm volatile (					\
+	"	; write key to Security Keyblock \n\t"	\
+	"	move.4 0x10(%0), 0(%1)		\n\t"	\
+	"	move.4 0x14(%0), 4(%1)		\n\t"	\
+		:					\
+		: "a" (SECURITY_BASE), "a" (x)		\
+	)
+
+#define SEC_SET_KEY_4W(x) \
+	asm volatile ( \
+	"	; write key to Security Keyblock \n\t"	\
+	"	move.4 0x10(%0), 0(%1)		\n\t"	\
+	"	move.4 0x14(%0), 4(%1)		\n\t"	\
+	"	move.4 0x18(%0), 8(%1)		\n\t"	\
+	"	move.4 0x1c(%0), 12(%1)		\n\t"	\
+		:					\
+		: "a"(SECURITY_BASE), "a"(x)		\
+	)
+
+#define SEC_SET_KEY_6W(x)				\
+	asm volatile (					\
+	"	; write key to Security Keyblock \n\t"	\
+	"	move.4 0x10(%0), 0(%1)		\n\t"	\
+	"	move.4 0x14(%0), 4(%1)		\n\t"	\
+	"	move.4 0x18(%0), 8(%1)		\n\t"	\
+	"	move.4 0x1c(%0), 12(%1)		\n\t"	\
+	"	move.4 0x20(%0), 16(%1)		\n\t"	\
+	"	move.4 0x24(%0), 20(%1)		\n\t"	\
+		:					\
+		: "a" (SECURITY_BASE), "a" (x)		\
+	)
+
+#define SEC_SET_KEY_8W(x)				\
+	asm volatile (					\
+	"	; write key to Security Keyblock \n\t"	\
+	"	move.4 0x10(%0), 0(%1)		\n\t"	\
+	"	move.4 0x14(%0), 4(%1)		\n\t"	\
+	"	move.4 0x18(%0), 8(%1)		\n\t"	\
+	"	move.4 0x1c(%0), 12(%1)		\n\t"	\
+	"	move.4 0x20(%0), 16(%1)		\n\t"	\
+	"	move.4 0x24(%0), 20(%1)		\n\t"	\
+	"	move.4 0x28(%0), 24(%1)		\n\t"	\
+	"	move.4 0x2c(%0), 28(%1)		\n\t"	\
+		:					\
+		: "a" (SECURITY_BASE), "a" (x)		\
+	)
+
+#define SEC_SET_KEY_64(k)	SEC_SET_KEY_2W(k)
+#define SEC_SET_KEY_128(k)	SEC_SET_KEY_4W(k)
+#define SEC_SET_KEY_192(k)	SEC_SET_KEY_6W(k)
+#define SEC_SET_KEY_256(k)	SEC_SET_KEY_8W(k)
+
+#define DES_SET_KEY(x) 		SEC_SET_KEY_64(x)
+#define DES3_SET_KEY(x) 	SEC_SET_KEY_192(x)
+
+#define SEC_SET_INPUT_2W(x)				\
+	asm volatile (					\
+	"	; write key to Security Keyblock \n\t"	\
+	"	move.4 0x30(%0), 0(%1)		\n\t"	\
+	"	move.4 0x34(%0), 4(%1)		\n\t"	\
+		:					\
+		: "a" (SECURITY_BASE), "a" (x)		\
+	)
+
+#define SEC_GET_OUTPUT_2W(x)				\
+	asm volatile (					\
+	"	; write key to Security Keyblock \n\t"	\
+	"	move.4 0(%1), 0x50(%0)		\n\t"	\
+	"	move.4 4(%1), 0x54(%0)		\n\t"	\
+		:					\
+		: "a" (SECURITY_BASE), "a" (x)		\
+	)
+
+#define SEC_SET_INPUT_4W(x) \
+	asm volatile ( \
+	"	; write key to Security Keyblock \n\t"	\
+	"	move.4 0x30(%0), 0(%1)		\n\t"	\
+	"	move.4 0x34(%0), 4(%1)		\n\t"	\
+	"	move.4 0x38(%0), 8(%1)		\n\t"	\
+	"	move.4 0x3c(%0), 12(%1)		\n\t"	\
+		:					\
+		: "a" (SECURITY_BASE), "a" (x)		\
+	)
+
+#define SEC_GET_OUTPUT_4W(x)				\
+	asm volatile (					\
+	"	; read output from Security Keyblock \n\t" \
+	"	move.4 0(%1), 0x50(%0)		\n\t"	\
+	"	move.4 4(%1), 0x54(%0)		\n\t"	\
+	"	move.4 8(%1), 0x58(%0)		\n\t"	\
+	"	move.4 12(%1), 0x5c(%0)		\n\t"	\
+		:					\
+		: "a" (SECURITY_BASE), "a" (x)		\
+	)
+
+#define SEC_SET_IV_4W(x)				\
+	asm volatile (					\
+	"	; write IV to Security Keyblock  \n\t"	\
+	"	move.4 0x50(%0), 0(%1)		\n\t"	\
+	"	move.4 0x54(%0), 4(%1)		\n\t"	\
+	"	move.4 0x58(%0), 8(%1)		\n\t"	\
+	"	move.4 0x5c(%0), 12(%1)		\n\t"	\
+		:					\
+		: "a" (SECURITY_BASE), "a" (x)		\
+	)
+
+#define SEC_PIPE_FLUSH() asm volatile ( " pipe_flush 0 \n\t" )
+
+static inline void hw_crypto_set_ctrl(uint32_t c)
+{
+	asm volatile (
+	"	move.4	0(%0), %1		\n\t"
+		:
+		: "a" (SECURITY_BASE + SECURITY_CTRL), "d" (c)
+	);
+}
+
+static inline void hw_crypto_ps_start(void)
+{
+	crypto_ubicom32_ps_timer.expires = jiffies + msecs_to_jiffies(HW_CRYPTO_PS_MAX_IDLE_MS >> 1);
+	add_timer(&crypto_ubicom32_ps_timer);
+}
+
+static inline void hw_crypto_turn_on(void)
+{
+	asm volatile (
+	"	moveai  A4, %0			\n\t"
+	"	bset    0x0(A4), 0x0(A4), %1	\n\t"
+	"	cycles 11			\n\t"
+		:
+		: "i" (OCP_BASE >> 7), "i" (GEN_CLK_PLL_SECURITY_BIT_NO)
+		: "a4", "cc"
+	);
+	crypto_ubicom32_on = true;
+}
+
+static inline void hw_crypto_turn_off(void)
+{
+	asm volatile (
+	"	moveai  A4, %0			\n\t"
+	"	bclr    0x0(A4), 0x0(A4), %1	\n\t"
+		:
+		: "i" (OCP_BASE >> 7), "i" (GEN_CLK_PLL_SECURITY_BIT_NO)
+		: "a4", "cc"
+	);
+	crypto_ubicom32_on = false;
+}
+
+/*
+ * hw_crypto_check
+ * 	Most probably hw crypto is called in clusters and it makes no sense to turn it off
+ * 	and on and waster 13 cycles every time.
+ */
+static inline void hw_crypto_check(void)
+{
+	if (likely(crypto_ubicom32_on)) {
+		return;
+	}
+	crypto_ubicom32_last_use = jiffies;
+	hw_crypto_turn_on();
+	hw_crypto_ps_start();
+}
+
+/*
+ * hw_crypto_ps_init
+ * 	Init power save timer
+ */
+static inline void hw_crypto_ps_init(void)
+{
+	init_timer_deferrable(&crypto_ubicom32_ps_timer);
+	crypto_ubicom32_ps_timer.function = crypto_ubicom32_ps_check;
+	crypto_ubicom32_ps_timer.data = 0;
+}
+
+/*
+ * hw_crypto_init()
+ *      Initialize OCP security module lock and disables its clock.
+ */
+static inline void hw_crypto_init(void)
+{
+	if (!crypto_ubicom32_inited) {
+		crypto_ubicom32_inited = true;
+		spin_lock_init(&crypto_ubicom32_lock);
+		hw_crypto_ps_init();
+		hw_crypto_turn_off();
+	}
+}
+
+/*
+ * hw_crypto_lock()
+ *      Locks the OCP security module and enables its clock.
+ */
+static inline void hw_crypto_lock(void)
+{
+	spin_lock_bh(&crypto_ubicom32_lock);
+}
+
+/*
+ * hw_crypto_unlock()
+ *      Unlocks the OCP security module and disables its clock.
+ */
+static inline void hw_crypto_unlock(void)
+{
+	crypto_ubicom32_last_use = jiffies;
+	spin_unlock_bh(&crypto_ubicom32_lock);
+}
+
+#define CONFIG_CRYPTO_UBICOM32_DEBUG 1
+
+#ifdef CONFIG_CRYPTO_UBICOM32_DEBUG
+static inline void hex_dump(void *buf, int b_size, const char *msg)
+{
+	u8 *b = (u8 *)buf;
+	int i;
+	if (msg) {
+		printk("%s:\t", msg);
+	}
+
+	for (i=0; i < b_size; i++) {
+		printk("%02x ", b[i]);
+		if ((i & 3) == 3) {
+			printk(" ");
+		}
+		if ((i & 31) == 31) {
+			printk("\n");
+		}
+	}
+	printk("\n");
+}
+#define UBICOM32_SEC_DUMP(a, b, c) hex_dump(a, b, c)
+#else
+#define UBICOM32_SEC_DUMP(a, b, c)
+#endif
+
+#endif	/* _CRYPTO_ARCH_UBICOM32_CRYPT_H */
diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/des_check_key.c b/target/linux/ubicom32/files/arch/ubicom32/crypto/des_check_key.c
new file mode 100644
index 000000000..162e52477
--- /dev/null
+++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/des_check_key.c
@@ -0,0 +1,148 @@
+/*
+ * arch/ubicom32/crypto/des_check_key.c
+ *   Ubicom32 architecture function for checking keys for the DES and
+ *   Tripple DES Encryption algorithms.
+ *
+ * (C) Copyright 2009, Ubicom, Inc.
+ *
+ * Originally released as descore by Dana L. How <how@isl.stanford.edu>.
+ * Modified by Raimar Falke <rf13@inf.tu-dresden.de> for the Linux-Kernel.
+ * Derived from Cryptoapi and Nettle implementations, adapted for in-place
+ * scatterlist interface.  Changed LGPL to GPL per section 3 of the LGPL.
+ *
+ * s390 Version:
+ *   Copyright IBM Corp. 2003
+ *   Author(s): Thomas Spatzier
+ *		Jan Glauber (jan.glauber@de.ibm.com)
+ *
+ * Derived from "crypto/des.c"
+ *   Copyright (c) 1992 Dana L. How.
+ *   Copyright (c) Raimar Falke <rf13@inf.tu-dresden.de>
+ *   Copyright (c) Gisle Sflensminde <gisle@ii.uib.no>
+ *   Copyright (C) 2001 Niels Mvller.
+ *   Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
+ *
+ * This file is part of the Ubicom32 Linux Kernel Port.
+ *
+ * The Ubicom32 Linux Kernel Port is free software: you can redistribute
+ * it and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * The Ubicom32 Linux Kernel Port is distributed in the hope that it
+ * will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ * the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with the Ubicom32 Linux Kernel Port.  If not,
+ * see <http://www.gnu.org/licenses/>.
+ *
+ * Ubicom32 implementation derived from (with many thanks):
+ *   arch/m68knommu
+ *   arch/blackfin
+ *   arch/parisc
+ */
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/errno.h>
+#include <linux/crypto.h>
+#include "crypto_des.h"
+
+#define ROR(d,c,o)	((d) = (d) >> (c) | (d) << (o))
+
+static const u8 parity[] = {
+	8,1,0,8,0,8,8,0,0,8,8,0,8,0,2,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,3,
+	0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,
+	0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,
+	8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,
+	0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,
+	8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,
+	8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,
+	4,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,5,0,8,0,8,8,0,0,8,8,0,8,0,6,8,
+};
+
+/*
+ * RFC2451: Weak key checks SHOULD be performed.
+ */
+int
+crypto_des_check_key(const u8 *key, unsigned int keylen, u32 *flags)
+{
+	u32 n, w;
+
+	n  = parity[key[0]]; n <<= 4;
+	n |= parity[key[1]]; n <<= 4;
+	n |= parity[key[2]]; n <<= 4;
+	n |= parity[key[3]]; n <<= 4;
+	n |= parity[key[4]]; n <<= 4;
+	n |= parity[key[5]]; n <<= 4;
+	n |= parity[key[6]]; n <<= 4;
+	n |= parity[key[7]];
+	w = 0x88888888L;
+
+	if ((*flags & CRYPTO_TFM_REQ_WEAK_KEY)
+	    && !((n - (w >> 3)) & w)) {  /* 1 in 10^10 keys passes this test */
+		if (n < 0x41415151) {
+			if (n < 0x31312121) {
+				if (n < 0x14141515) {
+					/* 01 01 01 01 01 01 01 01 */
+					if (n == 0x11111111) goto weak;
+					/* 01 1F 01 1F 01 0E 01 0E */
+					if (n == 0x13131212) goto weak;
+				} else {
+					/* 01 E0 01 E0 01 F1 01 F1 */
+					if (n == 0x14141515) goto weak;
+					/* 01 FE 01 FE 01 FE 01 FE */
+					if (n == 0x16161616) goto weak;
+				}
+			} else {
+				if (n < 0x34342525) {
+					/* 1F 01 1F 01 0E 01 0E 01 */
+					if (n == 0x31312121) goto weak;
+					/* 1F 1F 1F 1F 0E 0E 0E 0E (?) */
+					if (n == 0x33332222) goto weak;
+				} else {
+					/* 1F E0 1F E0 0E F1 0E F1 */
+					if (n == 0x34342525) goto weak;
+					/* 1F FE 1F FE 0E FE 0E FE */
+					if (n == 0x36362626) goto weak;
+				}
+			}
+		} else {
+			if (n < 0x61616161) {
+				if (n < 0x44445555) {
+					/* E0 01 E0 01 F1 01 F1 01 */
+					if (n == 0x41415151) goto weak;
+					/* E0 1F E0 1F F1 0E F1 0E */
+					if (n == 0x43435252) goto weak;
+				} else {
+					/* E0 E0 E0 E0 F1 F1 F1 F1 (?) */
+					if (n == 0x44445555) goto weak;
+					/* E0 FE E0 FE F1 FE F1 FE */
+					if (n == 0x46465656) goto weak;
+				}
+			} else {
+				if (n < 0x64646565) {
+					/* FE 01 FE 01 FE 01 FE 01 */
+					if (n == 0x61616161) goto weak;
+					/* FE 1F FE 1F FE 0E FE 0E */
+					if (n == 0x63636262) goto weak;
+				} else {
+					/* FE E0 FE E0 FE F1 FE F1 */
+					if (n == 0x64646565) goto weak;
+					/* FE FE FE FE FE FE FE FE */
+					if (n == 0x66666666) goto weak;
+				}
+			}
+		}
+	}
+	return 0;
+weak:
+	*flags |= CRYPTO_TFM_RES_WEAK_KEY;
+	return -EINVAL;
+}
+
+EXPORT_SYMBOL(crypto_des_check_key);
+
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("Key Check function for DES &  DES3 Cipher Algorithms");
diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/des_ubicom32.c b/target/linux/ubicom32/files/arch/ubicom32/crypto/des_ubicom32.c
new file mode 100644
index 000000000..14e5fb24e
--- /dev/null
+++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/des_ubicom32.c
@@ -0,0 +1,761 @@
+/*
+ * arch/ubicom32/crypto/des_ubicom32.c
+ *   Ubicom32 implementation of the DES Cipher Algorithm.
+ *
+ * (C) Copyright 2009, Ubicom, Inc.
+ *
+ * This file is part of the Ubicom32 Linux Kernel Port.
+ *
+ * The Ubicom32 Linux Kernel Port is free software: you can redistribute
+ * it and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * The Ubicom32 Linux Kernel Port is distributed in the hope that it
+ * will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ * the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with the Ubicom32 Linux Kernel Port.  If not,
+ * see <http://www.gnu.org/licenses/>.
+ *
+ * Ubicom32 implementation derived from (with many thanks):
+ *   arch/m68knommu
+ *   arch/blackfin
+ *   arch/parisc
+ */
+#include <crypto/algapi.h>
+#include <linux/init.h>
+#include <linux/module.h>
+
+#include "crypto_ubicom32.h"
+extern int crypto_des_check_key(const u8 *key, unsigned int keylen, u32 *flags);
+
+#define DES_BLOCK_SIZE 8
+#define DES_KEY_SIZE 8
+
+#define DES3_192_KEY_SIZE	(3 * DES_KEY_SIZE)
+#define DES3_192_BLOCK_SIZE	DES_BLOCK_SIZE
+
+#define DES3_SUB_KEY(key, i) 	(((u8 *)key) + (i * DES_KEY_SIZE))
+
+enum des_ops {
+	DES_ENCRYPT,
+	DES_DECRYPT,
+
+	DES3_EDE_ENCRYPT,
+	DES3_EDE_DECRYPT,
+
+#ifdef DES3_EEE
+	DES3_EEE_ENCRYPT,
+	DES3_EEE_DECRYPT,
+#endif
+};
+
+struct ubicom32_des_ctx {
+	u8 key[3 * DES_KEY_SIZE];
+	u32 ctrl;
+	int key_len;
+};
+
+static inline void des_hw_set_key(const u8 *key, u8 key_len)
+{
+	/*
+	 * HW 3DES is not tested yet, use DES just as ipOS
+	 */
+	DES_SET_KEY(key);
+}
+
+static inline void des_hw_cipher(u8 *out, const u8 *in)
+{
+	SEC_SET_INPUT_2W(in);
+
+	asm volatile (
+	"	; start DES by writing 0x38(SECURITY_BASE)	\n\t"
+	"	move.4 0x38(%0), #0x01				\n\t"
+	"	pipe_flush 0					\n\t"
+	"							\n\t"
+	"	; wait for the module to calculate the output	\n\t"
+	"	btst 0x04(%0), #0				\n\t"
+	"	jmpne.f .-4					\n\t"
+		:
+		: "a" (SEC_BASE)
+		: "cc"
+	);
+
+	SEC_GET_OUTPUT_2W(out);
+}
+
+
+static void inline des3_hw_ede_encrypt(u8 *keys, u8 *out, const u8 *in)
+{
+	hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_ENCRYPT);
+	des_hw_set_key(DES3_SUB_KEY(keys, 0), DES_KEY_SIZE);
+	des_hw_cipher(out, in);
+
+	hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_DECRYPT);
+	des_hw_set_key(DES3_SUB_KEY(keys, 1), DES_KEY_SIZE);
+	des_hw_cipher(out, out);
+
+	hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_ENCRYPT);
+	des_hw_set_key(DES3_SUB_KEY(keys, 2), DES_KEY_SIZE);
+	des_hw_cipher(out, out);
+}
+
+static void inline des3_hw_ede_decrypt(u8 *keys, u8 *out, const u8 *in)
+{
+	hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_DECRYPT);
+	des_hw_set_key(DES3_SUB_KEY(keys, 2), DES_KEY_SIZE);
+	des_hw_cipher(out, in);
+
+	hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_ENCRYPT);
+	des_hw_set_key(DES3_SUB_KEY(keys, 1), DES_KEY_SIZE);
+	des_hw_cipher(out, out);
+
+	hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_DECRYPT);
+	des_hw_set_key(DES3_SUB_KEY(keys, 0), DES_KEY_SIZE);
+	des_hw_cipher(out, out);
+}
+
+#ifdef DES3_EEE
+static void inline des3_hw_eee_encrypt(u8 *keys, u8 *out, const u8 *in)
+{
+	hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_ENCRYPT);
+	des_hw_set_key(DES3_SUB_KEY(keys, 0), 2);
+	des_hw_cipher(out, in);
+
+	hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_ENCRYPT);
+	des_hw_set_key(DES3_SUB_KEY(keys, 1), 2);
+	des_hw_cipher(out, out);
+
+	hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_ENCRYPT);
+	des_hw_set_key(DES3_SUB_KEY(keys, 2), 2);
+	des_hw_cipher(out, out);
+}
+
+static void inline des3_hw_eee_decrypt(u8 *keys, u8 *out, const u8 *in)
+{
+	hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_DECRYPT);
+	des_hw_set_key(DES3_SUB_KEY(keys, 2), 2);
+	des_hw_cipher(out, in);
+
+	hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_DECRYPT);
+	des_hw_set_key(DES3_SUB_KEY(keys, 1), 2);
+	des_hw_cipher(out, out);
+
+	hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_DECRYPT);
+	des_hw_set_key(DES3_SUB_KEY(keys, 0), 2);
+	des_hw_cipher(out, out);
+}
+#endif
+
+static int des_setkey(struct crypto_tfm *tfm, const u8 *key,
+		      unsigned int keylen)
+{
+	struct ubicom32_des_ctx *dctx = crypto_tfm_ctx(tfm);
+	u32 *flags = &tfm->crt_flags;
+	int ret;
+
+	/* test if key is valid (not a weak key) */
+	ret = crypto_des_check_key(key, keylen, flags);
+	if (ret == 0) {
+		memcpy(dctx->key, key, keylen);
+		dctx->key_len = keylen;
+		//dctx->ctrl = (keylen == DES_KEY_SIZE) ? SEC_ALG_DES : SEC_ALG_3DES
+		/* 2DES and 3DES are both implemented with DES hw function */
+		dctx->ctrl = SEC_ALG_DES;
+	}
+	return ret;
+}
+
+static inline void des_cipher_1b(struct crypto_tfm *tfm, u8 *out, const u8 *in, u32 extra_flags)
+{
+	const struct ubicom32_des_ctx *uctx = crypto_tfm_ctx(tfm);
+
+	hw_crypto_lock();
+	hw_crypto_check();
+	hw_crypto_set_ctrl(uctx->ctrl | extra_flags);
+
+	des_hw_set_key(uctx->key, uctx->key_len);
+	des_hw_cipher(out, in);
+
+	hw_crypto_unlock();
+}
+
+static void des_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
+{
+	des_cipher_1b(tfm, out, in, SEC_DIR_ENCRYPT);
+}
+
+static void des_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
+{
+	des_cipher_1b(tfm, out, in, SEC_DIR_DECRYPT);
+}
+
+static struct crypto_alg des_alg = {
+	.cra_name		=	"des",
+	.cra_driver_name	=	"des-ubicom32",
+	.cra_priority		=	CRYPTO_UBICOM32_PRIORITY,
+	.cra_flags		=	CRYPTO_ALG_TYPE_CIPHER,
+	.cra_blocksize		=	DES_BLOCK_SIZE,
+	.cra_ctxsize		=	sizeof(struct ubicom32_des_ctx),
+	.cra_alignmask		=	CRYPTO_UBICOM32_ALIGNMENT - 1,
+	.cra_alignmask		=	CRYPTO_UBICOM32_ALIGNMENT - 1,
+	.cra_module		=	THIS_MODULE,
+	.cra_list		=	LIST_HEAD_INIT(des_alg.cra_list),
+	.cra_u			= {
+		.cipher = {
+			.cia_min_keysize	=	DES_KEY_SIZE,
+			.cia_max_keysize	=	DES_KEY_SIZE,
+			.cia_setkey		=	des_setkey,
+			.cia_encrypt		=	des_encrypt,
+			.cia_decrypt		=	des_decrypt,
+		}
+	}
+};
+
+static void ecb_des_ciper_loop(u8 *out, u8 *in, unsigned int n)
+{
+	while (likely(n)) {
+		des_hw_cipher(out, in);
+		out += DES_BLOCK_SIZE;
+		in += DES_BLOCK_SIZE;
+		n -= DES_BLOCK_SIZE;
+	}
+}
+
+static void ecb_des3_ede_encrypt_loop(u8 *keys, u8 *out, u8 *in, unsigned int n)
+{
+	while (likely(n)) {
+		des3_hw_ede_encrypt(keys, out, in);
+
+		out += DES_BLOCK_SIZE;
+		in += DES_BLOCK_SIZE;
+		n -= DES_BLOCK_SIZE;
+	}
+}
+
+static void ecb_des3_ede_decrypt_loop(u8 *keys, u8 *out, u8 *in, unsigned int n)
+{
+	while (likely(n)) {
+		des3_hw_ede_decrypt(keys, out, in);
+
+		out += DES_BLOCK_SIZE;
+		in += DES_BLOCK_SIZE;
+		n -= DES_BLOCK_SIZE;
+	}
+}
+
+#ifdef DES3_EEE
+static void ecb_des3_eee_encrypt_loop(u8 *keys, u8 *out, u8 *in, unsigned int n)
+{
+	while (likely(n)) {
+		des3_hw_eee_encrypt(keys, out, in);
+
+		out += DES_BLOCK_SIZE;
+		in += DES_BLOCK_SIZE;
+		n -= DES_BLOCK_SIZE;
+	}
+}
+
+static void ecb_des3_eee_decrypt_loop(u8 *keys, u8 *out, u8 *in, unsigned int n)
+{
+	while (likely(n)) {
+		des3_hw_eee_decrypt(keys, out, in);
+
+		out += DES_BLOCK_SIZE;
+		in += DES_BLOCK_SIZE;
+		n -= DES_BLOCK_SIZE;
+	}
+}
+#endif
+
+static inline void ecb_des_cipher_n(struct ubicom32_des_ctx *uctx, enum des_ops op, u8 *out, u8 *in, unsigned int n)
+{
+	switch (op) {
+	case DES_ENCRYPT:
+	case DES_DECRYPT:
+		/* set the right algo, direction and key once */
+		hw_crypto_set_ctrl(SEC_ALG_DES | (op == DES_ENCRYPT ? SEC_DIR_ENCRYPT : 0));
+		des_hw_set_key(uctx->key, uctx->key_len);
+		ecb_des_ciper_loop(out, in, n);
+		break;
+
+	case DES3_EDE_ENCRYPT:
+		ecb_des3_ede_encrypt_loop(uctx->key, out, in, n);
+		break;
+
+	case DES3_EDE_DECRYPT:
+		ecb_des3_ede_decrypt_loop(uctx->key, out, in, n);
+		break;
+
+#ifdef DES3_EEE
+	case DES3_EEE_ENCRYPT:
+		ecb_des3_eee_encrypt_loop(uctx->key, out, in, n);
+		break;
+
+	case DES3_EEE_DECRYPT:
+		ecb_des3_eee_decrypt_loop(uctx->key, out, in, n);
+		break;
+#endif
+	}
+}
+
+static inline void des_xor_2w(u32 *data, u32 *iv)
+{
+	data[0] ^= iv[0];
+	data[1] ^= iv[1];
+}
+
+static void cbc_des_encrypt_loop(u8 *out, u8 *in, u8 *iv, unsigned int n)
+{
+	while (likely(n)) {
+		des_xor_2w((u32 *)in, (u32 *)iv);
+		des_hw_cipher(out, in);
+		SEC_COPY_2W(iv, out);
+		out += DES_BLOCK_SIZE;
+		in += DES_BLOCK_SIZE;
+		n -= DES_BLOCK_SIZE;
+	}
+}
+
+static void cbc_des_decrypt_loop(u8 *out, u8 *in, u8 *iv, unsigned int n)
+{
+	u8 next_iv[DES_BLOCK_SIZE];
+	while (likely(n)) {
+		SEC_COPY_2W(next_iv, in);
+		des_hw_cipher(out, in);
+		des_xor_2w((u32 *)out, (u32 *)iv);
+		SEC_COPY_2W(iv, next_iv);
+
+		out += DES_BLOCK_SIZE;
+		in += DES_BLOCK_SIZE;
+		n -= DES_BLOCK_SIZE;
+	}
+}
+
+static void cbc_des3_ede_encrypt_loop(u8 *keys, u8 *out, u8 *in, u8 *iv, unsigned int n)
+{
+	while (likely(n)) {
+		des_xor_2w((u32 *)in, (u32 *)iv);
+		des3_hw_ede_encrypt(keys, out, in);
+		SEC_COPY_2W(iv, out);
+
+		out += DES_BLOCK_SIZE;
+		in += DES_BLOCK_SIZE;
+		n -= DES_BLOCK_SIZE;
+	}
+}
+
+static void cbc_des3_ede_decrypt_loop(u8 *keys, u8 *out, u8 *in, u8 *iv, unsigned int n)
+{
+	u8 next_iv[DES_BLOCK_SIZE];
+	while (likely(n)) {
+		SEC_COPY_2W(next_iv, in);
+		des3_hw_ede_decrypt(keys, out, in);
+		des_xor_2w((u32 *)out, (u32 *)iv);
+		SEC_COPY_2W(iv, next_iv);
+
+		out += DES_BLOCK_SIZE;
+		in += DES_BLOCK_SIZE;
+		n -= DES_BLOCK_SIZE;
+	}
+}
+
+#ifdef DES3_EEE
+static void cbc_des3_eee_encrypt_loop(u8 *keys, u8 *out, u8 *in, u8 *iv, unsigned int n)
+{
+	while (likely(n)) {
+		des_xor_2w((u32 *)in, (u32 *)iv);
+		des3_hw_eee_encrypt(keys, out, in);
+		SEC_COPY_2W(iv, out);
+
+		out += DES_BLOCK_SIZE;
+		in += DES_BLOCK_SIZE;
+		n -= DES_BLOCK_SIZE;
+	}
+}
+
+static void cbc_des3_eee_decrypt_loop(u8 *keys, u8 *out, u8 *in, u8 *iv, unsigned int n)
+{
+	u8 next_iv[DES_BLOCK_SIZE];
+	while (likely(n)) {
+		SEC_COPY_2W(next_iv, in);
+		des3_hw_eee_decrypt(keys, out, in);
+		des_xor_2w((u32 *)out, (u32 *)iv);
+		SEC_COPY_2W(iv, next_iv);
+
+		out += DES_BLOCK_SIZE;
+		in += DES_BLOCK_SIZE;
+		n -= DES_BLOCK_SIZE;
+	}
+}
+#endif
+
+static inline void cbc_des_cipher_n(struct ubicom32_des_ctx *uctx, enum des_ops op, u8 *out, u8 *in, u8 *iv, unsigned int n)
+{
+	switch (op) {
+	case DES_ENCRYPT:
+		hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_ENCRYPT);
+		des_hw_set_key(uctx->key, uctx->key_len);
+		cbc_des_encrypt_loop(out, in, iv, n);
+		break;
+
+	case DES_DECRYPT:
+		/* set the right algo, direction and key once */
+		hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_DECRYPT);
+		des_hw_set_key(uctx->key, uctx->key_len);
+		cbc_des_decrypt_loop(out, in, iv, n);
+		break;
+
+	case DES3_EDE_ENCRYPT:
+		cbc_des3_ede_encrypt_loop(uctx->key, out, in, iv, n);
+		break;
+
+	case DES3_EDE_DECRYPT:
+		cbc_des3_ede_decrypt_loop(uctx->key, out, in, iv, n);
+		break;
+
+#ifdef DES3_EEE
+	case DES3_EEE_ENCRYPT:
+		cbc_des3_eee_encrypt_loop(uctx->key, out, in, iv, n);
+		break;
+
+	case DES3_EEE_DECRYPT:
+		cbc_des3_eee_decrypt_loop(uctx->key, out, in, iv, n);
+		break;
+#endif
+	}
+}
+
+static int des_cipher(struct blkcipher_desc *desc, struct scatterlist *dst,
+		      struct scatterlist *src, unsigned int nbytes, u32 extra_flags, enum des_ops op)
+{
+	struct ubicom32_des_ctx *uctx = crypto_blkcipher_ctx(desc->tfm);
+	int ret;
+
+	struct blkcipher_walk walk;
+	blkcipher_walk_init(&walk, dst, src, nbytes);
+	ret = blkcipher_walk_virt(desc, &walk);
+	if (ret) {
+		return ret;
+	}
+
+	hw_crypto_lock();
+	hw_crypto_check();
+
+	while ((nbytes = walk.nbytes)) {
+		/* only use complete blocks */
+		unsigned int n = nbytes & ~(DES_BLOCK_SIZE - 1);
+		u8 *out = walk.dst.virt.addr;
+		u8 *in = walk.src.virt.addr;
+
+		/* finish n/16 blocks */
+		if (extra_flags & SEC_CBC_SET) {
+			cbc_des_cipher_n(uctx, op, out, in, walk.iv, n);
+		} else {
+			ecb_des_cipher_n(uctx, op, out, in, n);
+		}
+
+		nbytes &= DES_BLOCK_SIZE - 1;
+		ret = blkcipher_walk_done(desc, &walk, nbytes);
+	}
+
+	hw_crypto_unlock();
+	return ret;
+}
+
+static int ecb_des_encrypt(struct blkcipher_desc *desc,
+			   struct scatterlist *dst, struct scatterlist *src,
+			   unsigned int nbytes)
+{
+	return des_cipher(desc, dst, src, nbytes, SEC_CBC_NONE, DES_ENCRYPT);
+}
+
+static int ecb_des_decrypt(struct blkcipher_desc *desc,
+			   struct scatterlist *dst, struct scatterlist *src,
+			   unsigned int nbytes)
+{
+	return des_cipher(desc, dst, src, nbytes, SEC_CBC_NONE, DES_DECRYPT);
+}
+
+static struct crypto_alg ecb_des_alg = {
+	.cra_name		=	"ecb(des)",
+	.cra_driver_name	=	"ecb-des-ubicom32",
+	.cra_priority		=	CRYPTO_UBICOM32_COMPOSITE_PRIORITY,
+	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER,
+	.cra_blocksize		=	DES_BLOCK_SIZE,
+	.cra_ctxsize		=	sizeof(struct ubicom32_des_ctx),
+	.cra_alignmask		=	CRYPTO_UBICOM32_ALIGNMENT - 1,
+	.cra_type		=	&crypto_blkcipher_type,
+	.cra_module		=	THIS_MODULE,
+	.cra_list		=	LIST_HEAD_INIT(ecb_des_alg.cra_list),
+	.cra_u			= {
+		.blkcipher = {
+			.min_keysize		=	DES_KEY_SIZE,
+			.max_keysize		=	DES_KEY_SIZE,
+			.setkey			=	des_setkey,
+			.encrypt		=	ecb_des_encrypt,
+			.decrypt		=	ecb_des_decrypt,
+		}
+	}
+};
+
+static int cbc_des_encrypt(struct blkcipher_desc *desc,
+			   struct scatterlist *dst, struct scatterlist *src,
+			   unsigned int nbytes)
+{
+	return des_cipher(desc, dst, src, nbytes, SEC_CBC_SET, DES_ENCRYPT);
+}
+
+static int cbc_des_decrypt(struct blkcipher_desc *desc,
+			   struct scatterlist *dst, struct scatterlist *src,
+			   unsigned int nbytes)
+{
+	return des_cipher(desc, dst, src, nbytes, SEC_CBC_SET, DES_DECRYPT);
+}
+
+static struct crypto_alg cbc_des_alg = {
+	.cra_name		=	"cbc(des)",
+	.cra_driver_name	=	"cbc-des-ubicom32",
+	.cra_priority		=	CRYPTO_UBICOM32_COMPOSITE_PRIORITY,
+	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER,
+	.cra_blocksize		=	DES_BLOCK_SIZE,
+	.cra_ctxsize		=	sizeof(struct ubicom32_des_ctx),
+	.cra_alignmask		=	CRYPTO_UBICOM32_ALIGNMENT - 1,
+	.cra_type		=	&crypto_blkcipher_type,
+	.cra_module		=	THIS_MODULE,
+	.cra_list		=	LIST_HEAD_INIT(cbc_des_alg.cra_list),
+	.cra_u			= {
+		.blkcipher = {
+			.min_keysize		=	DES_KEY_SIZE,
+			.max_keysize		=	DES_KEY_SIZE,
+			.ivsize			=	DES_BLOCK_SIZE,
+			.setkey			=	des_setkey,
+			.encrypt		=	cbc_des_encrypt,
+			.decrypt		=	cbc_des_decrypt,
+		}
+	}
+};
+
+/*
+ * RFC2451:
+ *
+ *   For DES-EDE3, there is no known need to reject weak or
+ *   complementation keys.  Any weakness is obviated by the use of
+ *   multiple keys.
+ *
+ *   However, if the first two or last two independent 64-bit keys are
+ *   equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the
+ *   same as DES.  Implementers MUST reject keys that exhibit this
+ *   property.
+ *
+ */
+static int des3_192_setkey(struct crypto_tfm *tfm, const u8 *key,
+			   unsigned int keylen)
+{
+	int i, ret;
+	struct ubicom32_des_ctx *dctx = crypto_tfm_ctx(tfm);
+	const u8 *temp_key = key;
+	u32 *flags = &tfm->crt_flags;
+
+	if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE) &&
+	    memcmp(&key[DES_KEY_SIZE], &key[DES_KEY_SIZE * 2],
+		   DES_KEY_SIZE))) {
+
+		*flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED;
+		return -EINVAL;
+	}
+	for (i = 0; i < 3; i++, temp_key += DES_KEY_SIZE) {
+		ret = crypto_des_check_key(temp_key, DES_KEY_SIZE, flags);
+		if (ret < 0)
+			return ret;
+	}
+	memcpy(dctx->key, key, keylen);
+	dctx->ctrl = SEC_ALG_DES;	//hw 3DES not working yet
+	dctx->key_len = keylen;
+	return 0;
+}
+
+static void des3_192_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
+{
+	struct ubicom32_des_ctx *uctx = crypto_tfm_ctx(tfm);
+
+	hw_crypto_lock();
+	hw_crypto_check();
+
+	des3_hw_ede_encrypt(uctx->key, dst, src);
+
+	hw_crypto_unlock();
+}
+
+static void des3_192_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
+{
+	struct ubicom32_des_ctx *uctx = crypto_tfm_ctx(tfm);
+
+	hw_crypto_lock();
+	hw_crypto_check();
+
+	des3_hw_ede_decrypt(uctx->key, dst, src);
+
+	hw_crypto_unlock();
+}
+
+static struct crypto_alg des3_192_alg = {
+	.cra_name		=	"des3_ede",
+	.cra_driver_name	=	"des3_ede-ubicom32",
+	.cra_priority		=	CRYPTO_UBICOM32_PRIORITY,
+	.cra_flags		=	CRYPTO_ALG_TYPE_CIPHER,
+	.cra_blocksize		=	DES3_192_BLOCK_SIZE,
+	.cra_ctxsize		=	sizeof(struct ubicom32_des_ctx),
+	.cra_alignmask		=	CRYPTO_UBICOM32_ALIGNMENT - 1,
+	.cra_module		=	THIS_MODULE,
+	.cra_list		=	LIST_HEAD_INIT(des3_192_alg.cra_list),
+	.cra_u			= {
+		.cipher = {
+			.cia_min_keysize	=	DES3_192_KEY_SIZE,
+			.cia_max_keysize	=	DES3_192_KEY_SIZE,
+			.cia_setkey		=	des3_192_setkey,
+			.cia_encrypt		=	des3_192_encrypt,
+			.cia_decrypt		=	des3_192_decrypt,
+		}
+	}
+};
+
+static int ecb_des3_192_encrypt(struct blkcipher_desc *desc,
+				struct scatterlist *dst,
+				struct scatterlist *src, unsigned int nbytes)
+{
+	return des_cipher(desc, dst, src, nbytes, SEC_CBC_NONE, DES3_EDE_ENCRYPT);
+}
+
+static int ecb_des3_192_decrypt(struct blkcipher_desc *desc,
+				struct scatterlist *dst,
+				struct scatterlist *src, unsigned int nbytes)
+{
+	return des_cipher(desc, dst, src, nbytes, SEC_CBC_NONE, DES3_EDE_DECRYPT);
+}
+
+static struct crypto_alg ecb_des3_192_alg = {
+	.cra_name		=	"ecb(des3_ede)",
+	.cra_driver_name	=	"ecb-des3_ede-ubicom32",
+	.cra_priority		=	CRYPTO_UBICOM32_COMPOSITE_PRIORITY,
+	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER,
+	.cra_blocksize		=	DES3_192_BLOCK_SIZE,
+	.cra_ctxsize		=	sizeof(struct ubicom32_des_ctx),
+	.cra_alignmask		=	CRYPTO_UBICOM32_ALIGNMENT - 1,
+	.cra_type		=	&crypto_blkcipher_type,
+	.cra_module		=	THIS_MODULE,
+	.cra_list		=	LIST_HEAD_INIT(
+						ecb_des3_192_alg.cra_list),
+	.cra_u			= {
+		.blkcipher = {
+			.min_keysize		=	DES3_192_KEY_SIZE,
+			.max_keysize		=	DES3_192_KEY_SIZE,
+			.setkey			=	des3_192_setkey,
+			.encrypt		=	ecb_des3_192_encrypt,
+			.decrypt		=	ecb_des3_192_decrypt,
+		}
+	}
+};
+
+static int cbc_des3_192_encrypt(struct blkcipher_desc *desc,
+				struct scatterlist *dst,
+				struct scatterlist *src, unsigned int nbytes)
+{
+	return des_cipher(desc, dst, src, nbytes, SEC_CBC_SET, DES3_EDE_ENCRYPT);
+}
+
+static int cbc_des3_192_decrypt(struct blkcipher_desc *desc,
+				struct scatterlist *dst,
+				struct scatterlist *src, unsigned int nbytes)
+{
+	return des_cipher(desc, dst, src, nbytes, SEC_CBC_SET, DES3_EDE_DECRYPT);
+}
+
+static struct crypto_alg cbc_des3_192_alg = {
+	.cra_name		=	"cbc(des3_ede)",
+	.cra_driver_name	=	"cbc-des3_ede-ubicom32",
+	.cra_priority		=	CRYPTO_UBICOM32_COMPOSITE_PRIORITY,
+	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER,
+	.cra_blocksize		=	DES3_192_BLOCK_SIZE,
+	.cra_ctxsize		=	sizeof(struct ubicom32_des_ctx),
+	.cra_alignmask		=	CRYPTO_UBICOM32_ALIGNMENT - 1,
+	.cra_type		=	&crypto_blkcipher_type,
+	.cra_module		=	THIS_MODULE,
+	.cra_list		=	LIST_HEAD_INIT(
+						cbc_des3_192_alg.cra_list),
+	.cra_u			= {
+		.blkcipher = {
+			.min_keysize		=	DES3_192_KEY_SIZE,
+			.max_keysize		=	DES3_192_KEY_SIZE,
+			.ivsize			=	DES3_192_BLOCK_SIZE,
+			.setkey			=	des3_192_setkey,
+			.encrypt		=	cbc_des3_192_encrypt,
+			.decrypt		=	cbc_des3_192_decrypt,
+		}
+	}
+};
+
+static int init(void)
+{
+	int ret = 0;
+
+	hw_crypto_init();
+
+	ret = crypto_register_alg(&des_alg);
+	if (ret)
+		goto des_err;
+	ret = crypto_register_alg(&ecb_des_alg);
+	if (ret)
+		goto ecb_des_err;
+	ret = crypto_register_alg(&cbc_des_alg);
+	if (ret)
+		goto cbc_des_err;
+
+	ret = crypto_register_alg(&des3_192_alg);
+	if (ret)
+		goto des3_192_err;
+	ret = crypto_register_alg(&ecb_des3_192_alg);
+	if (ret)
+		goto ecb_des3_192_err;
+	ret = crypto_register_alg(&cbc_des3_192_alg);
+	if (ret)
+		goto cbc_des3_192_err;
+
+out:
+	return ret;
+
+cbc_des3_192_err:
+	crypto_unregister_alg(&ecb_des3_192_alg);
+ecb_des3_192_err:
+	crypto_unregister_alg(&des3_192_alg);
+des3_192_err:
+	crypto_unregister_alg(&cbc_des_alg);
+cbc_des_err:
+	crypto_unregister_alg(&ecb_des_alg);
+ecb_des_err:
+	crypto_unregister_alg(&des_alg);
+des_err:
+	goto out;
+}
+
+static void __exit fini(void)
+{
+	crypto_unregister_alg(&cbc_des3_192_alg);
+	crypto_unregister_alg(&ecb_des3_192_alg);
+	crypto_unregister_alg(&des3_192_alg);
+	crypto_unregister_alg(&cbc_des_alg);
+	crypto_unregister_alg(&ecb_des_alg);
+	crypto_unregister_alg(&des_alg);
+}
+
+module_init(init);
+module_exit(fini);
+
+MODULE_ALIAS("des");
+MODULE_ALIAS("des3_ede");
+
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms");
diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/md5_ubicom32.c b/target/linux/ubicom32/files/arch/ubicom32/crypto/md5_ubicom32.c
new file mode 100644
index 000000000..1f2b978ea
--- /dev/null
+++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/md5_ubicom32.c
@@ -0,0 +1,200 @@
+/*
+ * arch/ubicom32/crypto/md5_ubicom32.c
+ *   Ubicom32 implementation of the MD5 Secure Hash Algorithm
+ *
+ * (C) Copyright 2009, Ubicom, Inc.
+ *
+ * This file is part of the Ubicom32 Linux Kernel Port.
+ *
+ * The Ubicom32 Linux Kernel Port is free software: you can redistribute
+ * it and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * The Ubicom32 Linux Kernel Port is distributed in the hope that it
+ * will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ * the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with the Ubicom32 Linux Kernel Port.  If not,
+ * see <http://www.gnu.org/licenses/>.
+ *
+ * Ubicom32 implementation derived from (with many thanks):
+ *   arch/m68knommu
+ *   arch/blackfin
+ *   arch/parisc
+ */
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/crypto.h>
+
+#include "crypto_ubicom32.h"
+
+#define MD5_DIGEST_SIZE	16
+#define MD5_BLOCK_SIZE	64
+#define MD5_HASH_WORDS	4
+
+extern void _md5_ip5k_init_digest(u32_t *digest);
+extern void _md5_ip5k_transform(u32_t *data_input);
+extern void _md5_ip5k_get_digest(u32_t *digest);
+
+struct ubicom32_md5_ctx {
+	u64 count;		/* message length */
+	u32 state[MD5_HASH_WORDS];
+	u8 buf[2 * MD5_BLOCK_SIZE];
+};
+
+static void md5_init(struct crypto_tfm *tfm)
+{
+	struct ubicom32_md5_ctx *mctx = crypto_tfm_ctx(tfm);
+	mctx->state[0] = 0x01234567;
+	mctx->state[1] = 0x89abcdef;
+	mctx->state[2] = 0xfedcba98;
+	mctx->state[3] = 0x76543210;
+
+	mctx->count = 0;
+}
+
+static inline void _md5_process(u32 *digest, const u8 *data)
+{
+	_md5_ip5k_transform((u32 *)data);
+}
+
+static void md5_update(struct crypto_tfm *tfm, const u8 *data,
+			unsigned int len)
+{
+	struct ubicom32_md5_ctx *mctx = crypto_tfm_ctx(tfm);
+	int index, clen;
+
+	/* how much is already in the buffer? */
+	index = mctx->count & 0x3f;
+
+	mctx->count += len;
+
+	if (index + len < MD5_BLOCK_SIZE) {
+		goto store_only;
+	}
+
+	hw_crypto_lock();
+	hw_crypto_check();
+
+	/* init digest set ctrl register too */
+	_md5_ip5k_init_digest(mctx->state);
+
+	if (unlikely(index == 0 && SEC_ALIGNED(data))) {
+fast_process:
+		while (len >= MD5_BLOCK_SIZE) {
+			_md5_process(mctx->state, data);
+			data += MD5_BLOCK_SIZE;
+			len -= MD5_BLOCK_SIZE;
+		}
+		goto store;
+	}
+
+	/* process one stored block */
+	if (index) {
+		clen = MD5_BLOCK_SIZE - index;
+		memcpy(mctx->buf + index, data, clen);
+		_md5_process(mctx->state, mctx->buf);
+		data += clen;
+		len -= clen;
+		index = 0;
+	}
+
+	if (likely(SEC_ALIGNED(data))) {
+		goto fast_process;
+	}
+
+	/* process as many blocks as possible */
+	while (len >= MD5_BLOCK_SIZE) {
+		memcpy(mctx->buf, data, MD5_BLOCK_SIZE);
+		_md5_process(mctx->state, mctx->buf);
+		data += MD5_BLOCK_SIZE;
+		len -= MD5_BLOCK_SIZE;
+	}
+
+store:
+	_md5_ip5k_get_digest(mctx->state);
+	hw_crypto_unlock();
+
+store_only:
+	/* anything left? */
+	if (len)
+		memcpy(mctx->buf + index , data, len);
+}
+
+/* Add padding and return the message digest. */
+static void md5_final(struct crypto_tfm *tfm, u8 *out)
+{
+	struct ubicom32_md5_ctx *mctx = crypto_tfm_ctx(tfm);
+	u32 bits[2];
+	unsigned int index, end;
+
+	/* must perform manual padding */
+	index = mctx->count & 0x3f;
+	end =  (index < 56) ? MD5_BLOCK_SIZE : (2 * MD5_BLOCK_SIZE);
+
+	/* start pad with 1 */
+	mctx->buf[index] = 0x80;
+
+	/* pad with zeros */
+	index++;
+	memset(mctx->buf + index, 0x00, end - index - 8);
+
+	/* append message length */
+	bits[0] = mctx->count << 3;
+	bits[1] = mctx->count >> 29;
+	__cpu_to_le32s(bits);
+	__cpu_to_le32s(bits + 1);
+
+	memcpy(mctx->buf + end - 8, &bits, sizeof(bits));
+
+	/* force to use the mctx->buf and ignore the partial buf */
+	mctx->count = mctx->count & ~0x3f;
+	md5_update(tfm, mctx->buf, end);
+
+	/* copy digest to out */
+	memcpy(out, mctx->state, MD5_DIGEST_SIZE);
+
+	/* wipe context */
+	memset(mctx, 0, sizeof *mctx);
+}
+
+static struct crypto_alg alg = {
+	.cra_name	=	"md5",
+	.cra_driver_name=	"md5-ubicom32",
+	.cra_priority	=	CRYPTO_UBICOM32_PRIORITY,
+	.cra_flags	=	CRYPTO_ALG_TYPE_DIGEST,
+	.cra_blocksize	=	MD5_BLOCK_SIZE,
+	.cra_ctxsize	=	sizeof(struct ubicom32_md5_ctx),
+	.cra_module	=	THIS_MODULE,
+	.cra_list	=	LIST_HEAD_INIT(alg.cra_list),
+	.cra_u = {
+		.digest = {
+			.dia_digestsize =       MD5_DIGEST_SIZE,
+			.dia_init       =       md5_init,
+			.dia_update     =       md5_update,
+			.dia_final      =       md5_final,
+		}
+	}
+};
+
+static int __init init(void)
+{
+	hw_crypto_init();
+	return crypto_register_alg(&alg);
+}
+
+static void __exit fini(void)
+{
+	crypto_unregister_alg(&alg);
+}
+
+module_init(init);
+module_exit(fini);
+
+MODULE_ALIAS("md5");
+
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("MD5 Secure Hash Algorithm");
diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/md5_ubicom32_asm.S b/target/linux/ubicom32/files/arch/ubicom32/crypto/md5_ubicom32_asm.S
new file mode 100644
index 000000000..963a3579a
--- /dev/null
+++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/md5_ubicom32_asm.S
@@ -0,0 +1,234 @@
+/*
+ * arch/ubicom32/crypto/md5_ubicom32_asm.S
+ *	MD5 (Message Digest 5) support for Ubicom32 v3 architecture
+ *
+ * (C) Copyright 2009, Ubicom, Inc.
+ *
+ * This file is part of the Ubicom32 Linux Kernel Port.
+ *
+ * The Ubicom32 Linux Kernel Port is free software: you can redistribute
+ * it and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * The Ubicom32 Linux Kernel Port is distributed in the hope that it
+ * will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ * the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with the Ubicom32 Linux Kernel Port.  If not,
+ * see <http://www.gnu.org/licenses/>.
+ *
+ * Ubicom32 implementation derived from (with many thanks):
+ *   arch/m68knommu
+ *   arch/blackfin
+ *   arch/parisc
+ */
+
+#define __ASM__
+#include <asm/ip5000.h>
+
+#ifndef RP
+#define RP A5
+#endif
+
+;*****************************************************************************************
+; The function prototypes
+;*****************************************************************************************
+; void md5_ip5k_init(void)
+; void md5_ip5k_transform(u32_t *data_input)
+; void md5_get_digest(u32_t *digest)
+
+;*****************************************************************************************
+; Inputs
+;*****************************************************************************************;
+; data_input is the pointer to the block of data over which the digest will be calculated.
+;	It should be word aligned.
+;
+; digest is the pointer to the block of data into which the digest (the output) will be written.
+;	It should be word aligned.
+;
+
+;*****************************************************************************************
+; Outputs
+;*****************************************************************************************
+; None
+
+;*****************************************************************************************
+; An: Address Registers
+;*****************************************************************************************
+#define an_digest A3
+#define an_data_input A3
+#define an_security_block A4
+
+;*****************************************************************************************
+; Hash Constants
+;*****************************************************************************************
+#define HASH_MD5_IN0 0x01234567
+#define HASH_MD5_IN1 0x89abcdef
+#define HASH_MD5_IN2 0xfedcba98
+#define HASH_MD5_IN3 0x76543210
+
+#define HASH_SECURITY_BLOCK_CONTROL_INIT_NO_ENCYPTION 2
+#define HASH_SECURITY_BLOCK_CONTROL_INIT_MD5 ((1 << 4) | HASH_SECURITY_BLOCK_CONTROL_INIT_NO_ENCYPTION)
+
+;*****************************************************************************************
+; Hash related defines
+;*****************************************************************************************
+#define hash_control 0x00(an_security_block)
+#define hash_control_low 0x02(an_security_block)
+#define hash_status 0x04(an_security_block)
+
+#define hash_input_0 0x30(an_security_block)
+#define hash_input_1 0x34(an_security_block)
+#define hash_input_2 0x38(an_security_block)
+#define hash_input_3 0x3c(an_security_block)
+#define hash_input_4 0x40(an_security_block)
+
+#define hash_output_0 0x70(an_security_block)
+#define hash_output_0_low 0x72(an_security_block)
+#define hash_output_1 0x74(an_security_block)
+#define hash_output_1_low 0x76(an_security_block)
+#define hash_output_2 0x78(an_security_block)
+#define hash_output_2_low 0x7a(an_security_block)
+#define hash_output_3 0x7c(an_security_block)
+#define hash_output_3_low 0x7e(an_security_block)
+
+;*****************************************************************************************
+; Assembly macros
+;*****************************************************************************************
+	; C compiler reserves RP (A5) for return address during subroutine call.
+	; Use RP to return to caller
+.macro	call_return_macro
+	calli	RP, 0(RP)
+.endm
+
+#if 0
+;*****************************************************************************************
+;	void md5_ip5k_init(void)
+;		initialize the output registers of the hash module
+;
+	;.section .text.md5_ip5k_init,"ax",@progbits
+	.section .text
+	.global	_md5_ip5k_init
+	.func md5_ip5k_init, _md5_ip5k_init
+
+_md5_ip5k_init:
+	moveai an_security_block, #SECURITY_BASE_EFFECTIVE_ADDRESS
+
+	movei hash_control, #%hi(HASH_SECURITY_BLOCK_CONTROL_INIT_MD5)
+	movei hash_control_low, #%lo(HASH_SECURITY_BLOCK_CONTROL_INIT_MD5)
+
+	movei hash_output_0, #%hi(HASH_MD5_IN0)
+	movei hash_output_0_low, #%lo(HASH_MD5_IN0)
+
+	movei hash_output_1, #%hi(HASH_MD5_IN1)
+	movei hash_output_1_low, #%lo(HASH_MD5_IN1)
+
+	movei hash_output_2, #%hi(HASH_MD5_IN2)
+	movei hash_output_2_low, #%lo(HASH_MD5_IN2)
+
+	movei hash_output_3, #%hi(HASH_MD5_IN3)
+	movei hash_output_3_low, #%lo(HASH_MD5_IN3)
+
+	call_return_macro
+	.endfunc
+#endif
+
+;*****************************************************************************************
+;	void md5_ip5k_init_digest(u32_t *hash_input)
+;		initialize the output registers of the hash module
+
+	;.section .text.md5_ip5k_init_digest,"ax",@progbits
+	.section .text
+	.global	_md5_ip5k_init_digest
+	.func md5_ip5k_init_digest, _md5_ip5k_init_digest
+
+_md5_ip5k_init_digest:
+	movea an_data_input, D0
+
+	moveai an_security_block, #SECURITY_BASE_EFFECTIVE_ADDRESS
+
+	movei hash_control, #%hi(HASH_SECURITY_BLOCK_CONTROL_INIT_MD5)
+	movei hash_control_low, #%lo(HASH_SECURITY_BLOCK_CONTROL_INIT_MD5)
+
+	move.4 hash_output_0, (an_data_input)4++
+	move.4 hash_output_1, (an_data_input)4++
+	move.4 hash_output_2, (an_data_input)4++
+	move.4 hash_output_3, (an_data_input)4++
+
+	call_return_macro
+	.endfunc
+
+;*****************************************************************************************
+;	void md5_ip5k_transform(u32_t *data_input)
+;		performs intermediate transformation step for the hash calculation
+;
+	;.sect .text.md5_ip5k_transform,"ax",@progbits
+	.section .text
+	.global	_md5_ip5k_transform
+	.func md5_ip5k_transform, _md5_ip5k_transform
+
+_md5_ip5k_transform:
+	movea an_data_input, D0
+
+	moveai an_security_block, #SECURITY_BASE_EFFECTIVE_ADDRESS
+
+	; Write the first 128bits (16 bytes)
+	move.4 hash_input_0, (an_data_input)4++
+	move.4 hash_input_1, (an_data_input)4++
+	move.4 hash_input_2, (an_data_input)4++
+	move.4 hash_input_3, (an_data_input)4++
+	move.4 hash_input_4, D0
+
+	move.4 hash_input_0, (an_data_input)4++
+	move.4 hash_input_1, (an_data_input)4++
+	move.4 hash_input_2, (an_data_input)4++
+	move.4 hash_input_3, (an_data_input)4++
+	move.4 hash_input_4, D0
+
+	move.4 hash_input_0, (an_data_input)4++
+	move.4 hash_input_1, (an_data_input)4++
+	move.4 hash_input_2, (an_data_input)4++
+	move.4 hash_input_3, (an_data_input)4++
+	move.4 hash_input_4, D0
+
+	move.4 hash_input_0, (an_data_input)4++
+	move.4 hash_input_1, (an_data_input)4++
+	move.4 hash_input_2, (an_data_input)4++
+	move.4 hash_input_3, (an_data_input)4++
+	move.4 hash_input_4, D0
+
+	pipe_flush 0
+
+md5_ip5k_transform_wait:
+	; wait for the module to calculate the output hash
+	btst hash_status, #0
+	jmpne.f md5_ip5k_transform_wait
+
+	call_return_macro
+	.endfunc
+
+;*****************************************************************************************
+;	void md5_ip5k_get_digest(u32_t *digest)
+;		Return the hash of the input data
+;
+	;.sect .text.md5_get_digest,"ax",@progbits
+	.section .text
+	.global	_md5_ip5k_get_digest
+	.func md5_ip5k_get_digest, _md5_ip5k_get_digest
+
+_md5_ip5k_get_digest:
+	movea an_digest, D0
+
+	moveai an_security_block, #SECURITY_BASE_EFFECTIVE_ADDRESS
+
+	; we have finished
+	move.4 0(an_digest), hash_output_0
+	move.4 4(an_digest), hash_output_1
+	move.4 8(an_digest), hash_output_2
+	move.4 12(an_digest), hash_output_3
+
+	call_return_macro
+	.endfunc
diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/sha1_ubicom32.c b/target/linux/ubicom32/files/arch/ubicom32/crypto/sha1_ubicom32.c
new file mode 100644
index 000000000..2d0c870eb
--- /dev/null
+++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/sha1_ubicom32.c
@@ -0,0 +1,354 @@
+/*
+ * arch/ubicom32/crypto/sha1_ubicom32.c
+ *   Ubicom32 implementation of the SHA1 Secure Hash Algorithm.
+ *
+ * (C) Copyright 2009, Ubicom, Inc.
+ *
+ * This file is part of the Ubicom32 Linux Kernel Port.
+ *
+ * The Ubicom32 Linux Kernel Port is free software: you can redistribute
+ * it and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * The Ubicom32 Linux Kernel Port is distributed in the hope that it
+ * will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ * the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with the Ubicom32 Linux Kernel Port.  If not,
+ * see <http://www.gnu.org/licenses/>.
+ *
+ * Ubicom32 implementation derived from (with many thanks):
+ *   arch/m68knommu
+ *   arch/blackfin
+ *   arch/parisc
+ */
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/crypto.h>
+#include <crypto/sha.h>
+#include <asm/linkage.h>
+
+#include "crypto_ubicom32.h"
+#define HASH_SECURITY_BLOCK_CONTROL_INIT_NO_ENCYPTION 2
+#define HASH_SECURITY_BLOCK_CONTROL_INIT_SHA1 ((1 << 5) | HASH_SECURITY_BLOCK_CONTROL_INIT_NO_ENCYPTION)
+
+struct ubicom32_sha1_ctx {
+	u64 count;		/* message length */
+	u32 state[5];
+	u8 buf[2 * SHA1_BLOCK_SIZE];
+};
+
+static inline void sha1_clear_2ws(u8 *buf, int wc)
+{
+	asm volatile (
+	"1:	move.4	(%0)4++, #0		\n\t"
+	"	move.4	(%0)4++, #0		\n\t"
+	"	sub.4	%1, #2, %1		\n\t"
+	"	jmple.f	1b			\n\t"
+		:
+		: "a" (buf), "d" (wc)
+		: "cc"
+	);
+}
+
+/* only wipe out count, state, and 1st half of buf - 9 bytes at most */
+#define sha1_wipe_out(sctx) sha1_clear_2ws((u8 *)sctx, 2 + 5 + 16 - 2)
+
+static inline void sha1_init_digest(u32 *digest)
+{
+	hw_crypto_set_ctrl(HASH_SECURITY_BLOCK_CONTROL_INIT_SHA1);
+	asm volatile (
+	"	; move digests to hash_output regs	\n\t"
+	"	move.4	0x70(%0), 0x0(%1)		\n\t"
+	"	move.4	0x74(%0), 0x4(%1)		\n\t"
+	"	move.4	0x78(%0), 0x8(%1)		\n\t"
+	"	move.4	0x7c(%0), 0xc(%1)		\n\t"
+	"	move.4	0x80(%0), 0x10(%1)		\n\t"
+		:
+		: "a" (SEC_BASE), "a" (digest)
+	);
+}
+
+static inline void sha1_transform_feed(const u8 *in)
+{
+	asm volatile (
+	"	; write the 1st 16 bytes	\n\t"
+	"	move.4	0x30(%0), 0x0(%1)	\n\t"
+	"	move.4	0x34(%0), 0x4(%1)	\n\t"
+	"	move.4	0x38(%0), 0x8(%1)	\n\t"
+	"	move.4	0x3c(%0), 0xc(%1)	\n\t"
+	"	move.4	0x40(%0), %1		\n\t"
+	"	; write the 2nd 16 bytes	\n\t"
+	"	move.4	0x30(%0), 0x10(%1)	\n\t"
+	"	move.4	0x34(%0), 0x14(%1)	\n\t"
+	"	move.4	0x38(%0), 0x18(%1)	\n\t"
+	"	move.4	0x3c(%0), 0x1c(%1)	\n\t"
+	"	move.4	0x40(%0), %1		\n\t"
+	"	; write the 3rd 16 bytes	\n\t"
+	"	move.4	0x30(%0), 0x20(%1)	\n\t"
+	"	move.4	0x34(%0), 0x24(%1)	\n\t"
+	"	move.4	0x38(%0), 0x28(%1)	\n\t"
+	"	move.4	0x3c(%0), 0x2c(%1)	\n\t"
+	"	move.4	0x40(%0), %1		\n\t"
+	"	; write the 4th 16 bytes	\n\t"
+	"	move.4	0x30(%0), 0x30(%1)	\n\t"
+	"	move.4	0x34(%0), 0x34(%1)	\n\t"
+	"	move.4	0x38(%0), 0x38(%1)	\n\t"
+	"	move.4	0x3c(%0), 0x3c(%1)	\n\t"
+	"	move.4	0x40(%0), %1		\n\t"
+	"	pipe_flush 0			\n\t"
+		:
+		: "a"(SEC_BASE), "a"(in)
+	);
+}
+
+static inline void sha1_transform_wait(void)
+{
+	asm volatile (
+	"	btst	0x04(%0), #0		\n\t"
+	"	jmpne.f -4			\n\t"
+		:
+		: "a"(SEC_BASE)
+		: "cc"
+	);
+}
+
+static inline void sha1_output_digest(u32 *digest)
+{
+	asm volatile (
+	"	move.4	0x0(%1), 0x70(%0)		\n\t"
+	"	move.4	0x4(%1), 0x74(%0)		\n\t"
+	"	move.4	0x8(%1), 0x78(%0)		\n\t"
+	"	move.4	0xc(%1), 0x7c(%0)		\n\t"
+	"	move.4	0x10(%1), 0x80(%0)		\n\t"
+		:
+		: "a" (SEC_BASE), "a" (digest)
+	);
+}
+
+static __ocm_text void sha1_init(struct crypto_tfm *tfm)
+{
+	struct ubicom32_sha1_ctx *sctx = crypto_tfm_ctx(tfm);
+
+	sctx->state[0] = SHA1_H0;
+	sctx->state[1] = SHA1_H1;
+	sctx->state[2] = SHA1_H2;
+	sctx->state[3] = SHA1_H3;
+	sctx->state[4] = SHA1_H4;
+	sctx->count = 0;
+}
+
+static void __ocm_text sha1_update(struct crypto_tfm *tfm, const u8 *data,
+			unsigned int len)
+{
+	struct ubicom32_sha1_ctx *sctx = crypto_tfm_ctx(tfm);
+	int index, clen;
+
+	/* how much is already in the buffer? */
+	index = sctx->count & 0x3f;
+
+	sctx->count += len;
+
+	if (index + len < SHA1_BLOCK_SIZE) {
+		goto store_only;
+	}
+
+	hw_crypto_lock();
+	hw_crypto_check();
+
+	/* init digest set ctrl register too */
+	sha1_init_digest(sctx->state);
+
+	if (unlikely(index == 0 && SEC_ALIGNED(data))) {
+fast_process:
+#if CRYPTO_UBICOM32_LOOP_ASM
+		if (likely(len >= SHA1_BLOCK_SIZE)) {
+			register unsigned int cnt = len >> 6; 	// loop = len / 64;
+			sha1_transform_feed(data);
+			data += SHA1_BLOCK_SIZE;
+
+			/* cnt is pre-decremented in the loop */
+			asm volatile (
+			"; while (--loop):  work on 2nd block   \n\t"
+			"1:	add.4	%2, #-1, %2		\n\t"
+			"	jmpeq.f	5f			\n\t"
+			"					\n\t"
+			"	; write the 1st 16 bytes	\n\t"
+			"	move.4	0x30(%1), (%0)4++	\n\t"
+			"	move.4	0x34(%1), (%0)4++	\n\t"
+			"	move.4	0x38(%1), (%0)4++	\n\t"
+			"	move.4	0x3c(%1), (%0)4++	\n\t"
+			"	; can not kick off hw before it \n\t"
+			"	; is done with the prev block   \n\t"
+			"					\n\t"
+			"	btst	0x04(%1), #0		\n\t"
+			"	jmpne.f	-4			\n\t"
+			"					\n\t"
+			"	; tell hw to load 1st 16 bytes  \n\t"
+			"	move.4	0x40(%1), %2		\n\t"
+			"					\n\t"
+			"	; write the 2nd 16 bytes	\n\t"
+			"	move.4	0x30(%1), (%0)4++	\n\t"
+			"	move.4	0x34(%1), (%0)4++	\n\t"
+			"	move.4	0x38(%1), (%0)4++	\n\t"
+			"	move.4	0x3c(%1), (%0)4++	\n\t"
+			"	move.4	0x40(%1), %2		\n\t"
+			"					\n\t"
+			"	; write the 3rd 16 bytes	\n\t"
+			"	move.4	0x30(%1), (%0)4++	\n\t"
+			"	move.4	0x34(%1), (%0)4++	\n\t"
+			"	move.4	0x38(%1), (%0)4++	\n\t"
+			"	move.4	0x3c(%1), (%0)4++	\n\t"
+			"	move.4	0x40(%1), %2		\n\t"
+			"					\n\t"
+			"	; write the 4th 16 bytes	\n\t"
+			"	move.4	0x30(%1), (%0)4++	\n\t"
+			"	move.4	0x34(%1), (%0)4++	\n\t"
+			"	move.4	0x38(%1), (%0)4++	\n\t"
+			"	move.4	0x3c(%1), (%0)4++	\n\t"
+			"	move.4	0x40(%1), %2		\n\t"
+			"					\n\t"
+			"; no need flush, enough insts		\n\t"
+			"; before next hw wait			\n\t"
+			"					\n\t"
+			"; go back to loop			\n\t"
+			"	jmpt 1b				\n\t"
+			"					\n\t"
+			"; wait hw for last block		\n\t"
+			"5:	btst 0x04(%1), #0		\n\t"
+			"	jmpne.f -4			\n\t"
+			"					\n\t"
+				: "+a" (data)
+				: "a"( SEC_BASE), "d" (cnt)
+				: "cc"
+			);
+
+			len = len & (64 - 1);
+		}
+#else
+		while (likely(len >= SHA1_BLOCK_SIZE)) {
+			sha1_transform_feed(data);
+			data += SHA1_BLOCK_SIZE;
+			len -= SHA1_BLOCK_SIZE;
+			sha1_transform_wait();
+		}
+#endif
+		goto store;
+	}
+
+	/* process one stored block */
+	if (index) {
+		clen = SHA1_BLOCK_SIZE - index;
+		memcpy(sctx->buf + index, data, clen);
+		sha1_transform_feed(sctx->buf);
+		data += clen;
+		len -= clen;
+		index = 0;
+		sha1_transform_wait();
+	}
+
+	if (likely(SEC_ALIGNED(data))) {
+		goto fast_process;
+	}
+
+	/* process as many blocks as possible */
+	if (likely(len >= SHA1_BLOCK_SIZE)) {
+		memcpy(sctx->buf, data, SHA1_BLOCK_SIZE);
+		do {
+			sha1_transform_feed(sctx->buf);
+			data += SHA1_BLOCK_SIZE;
+			len -= SHA1_BLOCK_SIZE;
+			if (likely(len >= SHA1_BLOCK_SIZE)) {
+				memcpy(sctx->buf, data, SHA1_BLOCK_SIZE);
+				sha1_transform_wait();
+				continue;
+			}
+			/* it is the last block */
+			sha1_transform_wait();
+			break;
+		} while (1);
+	}
+
+store:
+	sha1_output_digest(sctx->state);
+	hw_crypto_unlock();
+
+store_only:
+	/* anything left? */
+	if (len)
+		memcpy(sctx->buf + index , data, len);
+}
+
+/* Add padding and return the message digest. */
+static void __ocm_text sha1_final(struct crypto_tfm *tfm, u8 *out)
+{
+	struct ubicom32_sha1_ctx *sctx = crypto_tfm_ctx(tfm);
+	u64 bits;
+	unsigned int index, end;
+
+	/* must perform manual padding */
+	index = sctx->count & 0x3f;
+	end =  (index < 56) ? SHA1_BLOCK_SIZE : (2 * SHA1_BLOCK_SIZE);
+
+	/* start pad with 1 */
+	sctx->buf[index] = 0x80;
+
+	/* pad with zeros */
+	index++;
+	memset(sctx->buf + index, 0x00, end - index - 8);
+
+	/* append message length */
+	bits = sctx->count << 3 ;
+	SEC_COPY_2W(sctx->buf + end - 8, &bits);
+
+	/* force to use the sctx->buf and ignore the partial buf */
+	sctx->count = sctx->count & ~0x3f;
+	sha1_update(tfm, sctx->buf, end);
+
+	/* copy digest to out */
+	SEC_COPY_5W(out, sctx->state);
+
+	/* wipe context */
+	sha1_wipe_out(sctx);
+}
+
+static struct crypto_alg alg = {
+	.cra_name	=	"sha1",
+	.cra_driver_name=	"sha1-ubicom32",
+	.cra_priority	=	CRYPTO_UBICOM32_PRIORITY,
+	.cra_flags	=	CRYPTO_ALG_TYPE_DIGEST,
+	.cra_blocksize	=	SHA1_BLOCK_SIZE,
+	.cra_ctxsize	=	sizeof(struct ubicom32_sha1_ctx),
+	.cra_module	=	THIS_MODULE,
+	.cra_list	=	LIST_HEAD_INIT(alg.cra_list),
+	.cra_u	  = {
+		.digest = {
+			.dia_digestsize =       SHA1_DIGEST_SIZE,
+			.dia_init       =       sha1_init,
+			.dia_update     =       sha1_update,
+			.dia_final      =       sha1_final,
+		}
+	}
+};
+
+static int __init init(void)
+{
+	hw_crypto_init();
+	return crypto_register_alg(&alg);
+}
+
+static void __exit fini(void)
+{
+	crypto_unregister_alg(&alg);
+}
+
+module_init(init);
+module_exit(fini);
+
+MODULE_ALIAS("sha1");
+
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm");
diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/sha1_ubicom32_asm.S b/target/linux/ubicom32/files/arch/ubicom32/crypto/sha1_ubicom32_asm.S
new file mode 100644
index 000000000..f610b7e9f
--- /dev/null
+++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/sha1_ubicom32_asm.S
@@ -0,0 +1,244 @@
+/*
+ * arch/ubicom32/crypto/sha1_ubicom32_asm.S
+ *	SHA1 hash support for Ubicom32 architecture V3.
+ *
+ * (C) Copyright 2009, Ubicom, Inc.
+ *
+ * This file is part of the Ubicom32 Linux Kernel Port.
+ *
+ * The Ubicom32 Linux Kernel Port is free software: you can redistribute
+ * it and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * The Ubicom32 Linux Kernel Port is distributed in the hope that it
+ * will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ * the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with the Ubicom32 Linux Kernel Port.  If not,
+ * see <http://www.gnu.org/licenses/>.
+ *
+ * Ubicom32 implementation derived from (with many thanks):
+ *   arch/m68knommu
+ *   arch/blackfin
+ *   arch/parisc
+ */
+
+#define __ASM__
+#include <asm/ip5000.h>
+
+#ifndef RP
+#define RP A5
+#endif
+
+;*****************************************************************************************
+; The function prototype
+;*****************************************************************************************
+; void sha1_ip5k_init(void)
+; void sha1_ip5k_transform(u32_t *data_input)
+; void sha1_ip5k_output(u32_t *digest)
+
+;*****************************************************************************************
+; Inputs
+;*****************************************************************************************
+; data_input is the pointer to the block of data over which the digest will be calculated.
+;	It should be word aligned.
+;
+; digest is the pointer to the block of data into which the digest (the output) will be written.
+;	It should be word aligned.
+;
+
+;*****************************************************************************************
+; Outputs
+;*****************************************************************************************
+; None
+
+;*****************************************************************************************
+; Hash Constants
+;*****************************************************************************************
+#define HASH_SHA1_IN0 0x67452301
+#define HASH_SHA1_IN1 0xefcdab89
+#define HASH_SHA1_IN2 0x98badcfe
+#define HASH_SHA1_IN3 0x10325476
+#define HASH_SHA1_IN4 0xc3d2e1f0
+
+#define HASH_SECURITY_BLOCK_CONTROL_INIT_NO_ENCYPTION 2
+#define HASH_SECURITY_BLOCK_CONTROL_INIT_SHA1 ((1 << 5) | HASH_SECURITY_BLOCK_CONTROL_INIT_NO_ENCYPTION)
+
+;*****************************************************************************************
+; An: Address Registers
+;*****************************************************************************************
+#define an_digest a4
+#define an_data_input a4
+#define an_security_block a3
+
+;*****************************************************************************************
+; Hash related defines
+;*****************************************************************************************
+#define hash_control 0x00(an_security_block)
+#define hash_control_low 0x02(an_security_block)
+#define hash_status 0x04(an_security_block)
+
+#define hash_input_0 0x30(an_security_block)
+#define hash_input_1 0x34(an_security_block)
+#define hash_input_2 0x38(an_security_block)
+#define hash_input_3 0x3c(an_security_block)
+#define hash_input_4 0x40(an_security_block)
+
+#define hash_output_0 0x70(an_security_block)
+#define hash_output_0_low 0x72(an_security_block)
+#define hash_output_1 0x74(an_security_block)
+#define hash_output_1_low 0x76(an_security_block)
+#define hash_output_2 0x78(an_security_block)
+#define hash_output_2_low 0x7a(an_security_block)
+#define hash_output_3 0x7c(an_security_block)
+#define hash_output_3_low 0x7e(an_security_block)
+#define hash_output_4 0x80(an_security_block)
+#define hash_output_4_low 0x82(an_security_block)
+
+;*****************************************************************************************
+; Assembly macros
+;*****************************************************************************************
+	; C compiler reserves RP (A5) for return address during subroutine call.
+	; Use RP to return to caller
+.macro	call_return_macro
+	calli	RP, 0(RP)
+.endm
+
+;*****************************************************************************************
+;	void sha1_ip5k_init(void)
+;		initialize the output registers of the hash module
+
+	;.section .text.sha1_ip5k_init,"ax",@progbits
+	.section .ocm_text,"ax",@progbits
+	.global	_sha1_ip5k_init
+	.func sha1_ip5k_init, _sha1_ip5k_init
+
+_sha1_ip5k_init:
+	moveai an_security_block, #SECURITY_BASE_EFFECTIVE_ADDRESS
+
+	movei hash_control, #%hi(HASH_SECURITY_BLOCK_CONTROL_INIT_SHA1)
+	movei hash_control_low, #%lo(HASH_SECURITY_BLOCK_CONTROL_INIT_SHA1)
+
+	movei hash_output_0, #%hi(HASH_SHA1_IN0)
+	movei hash_output_0_low, #%lo(HASH_SHA1_IN0)
+
+	movei hash_output_1, #%hi(HASH_SHA1_IN1)
+	movei hash_output_1_low, #%lo(HASH_SHA1_IN1)
+
+	movei hash_output_2, #%hi(HASH_SHA1_IN2)
+	movei hash_output_2_low, #%lo(HASH_SHA1_IN2)
+
+	movei hash_output_3, #%hi(HASH_SHA1_IN3)
+	movei hash_output_3_low, #%lo(HASH_SHA1_IN3)
+
+	movei hash_output_4, #%hi(HASH_SHA1_IN4)
+	movei hash_output_4_low, #%lo(HASH_SHA1_IN4)
+
+	call_return_macro
+	.endfunc
+
+;*****************************************************************************************
+;	void sha1_ip5k_init_digest(u32_t *hash_input)
+;		initialize the output registers of the hash module
+
+	;.section .text.sha1_ip5k_init_digest,"ax",@progbits
+	.section .ocm_text,"ax",@progbits
+	.global	_sha1_ip5k_init_digest
+	.func sha1_ip5k_init_digest, _sha1_ip5k_init_digest
+
+_sha1_ip5k_init_digest:
+	movea an_data_input, D0
+
+	moveai an_security_block, #SECURITY_BASE_EFFECTIVE_ADDRESS
+
+	movei hash_control, #%hi(HASH_SECURITY_BLOCK_CONTROL_INIT_SHA1)
+	movei hash_control_low, #%lo(HASH_SECURITY_BLOCK_CONTROL_INIT_SHA1)
+
+	move.4 hash_output_0, (an_data_input)4++
+	move.4 hash_output_1, (an_data_input)4++
+	move.4 hash_output_2, (an_data_input)4++
+	move.4 hash_output_3, (an_data_input)4++
+	move.4 hash_output_4, (an_data_input)4++
+
+	call_return_macro
+	.endfunc
+
+;*****************************************************************************************
+;	void sha1_ip5k_transform(u32_t *data_input)
+;		performs intermediate transformation step for the hash calculation
+
+	;.section .text.sha1_ip5k_transform,"ax",@progbits
+	.section .ocm_text,"ax",@progbits
+	.global	_sha1_ip5k_transform
+	.func sha1_ip5k_transform, _sha1_ip5k_transform
+
+_sha1_ip5k_transform:
+	movea an_data_input, D0
+
+	moveai an_security_block, #SECURITY_BASE_EFFECTIVE_ADDRESS
+
+	; Write the first 128bits (16 bytes)
+	move.4 hash_input_0, (an_data_input)4++
+	move.4 hash_input_1, (an_data_input)4++
+	move.4 hash_input_2, (an_data_input)4++
+	move.4 hash_input_3, (an_data_input)4++
+	move.4 hash_input_4, D0
+
+	move.4 hash_input_0, (an_data_input)4++
+	move.4 hash_input_1, (an_data_input)4++
+	move.4 hash_input_2, (an_data_input)4++
+	move.4 hash_input_3, (an_data_input)4++
+	move.4 hash_input_4, D0
+
+	move.4 hash_input_0, (an_data_input)4++
+	move.4 hash_input_1, (an_data_input)4++
+	move.4 hash_input_2, (an_data_input)4++
+	move.4 hash_input_3, (an_data_input)4++
+	move.4 hash_input_4, D0
+
+	move.4 hash_input_0, (an_data_input)4++
+	move.4 hash_input_1, (an_data_input)4++
+	move.4 hash_input_2, (an_data_input)4++
+	move.4 hash_input_3, (an_data_input)4++
+	move.4 hash_input_4, D0
+
+	pipe_flush 0
+
+sha1_ip5k_transform_wait:
+	; wait for the module to calculate the output hash
+	btst hash_status, #0
+	jmpne.f sha1_ip5k_transform_wait
+
+	call_return_macro
+	.endfunc
+
+;*****************************************************************************************
+;	void sha1_ip5k_output(u32_t *digest)
+;		Return the hash of the input data
+
+	;.section .text.sha1_ip5k_output,"ax",@progbits
+	.section .ocm_text,"ax",@progbits
+	.global	_sha1_ip5k_output
+	.func sha1_ip5k_output, _sha1_ip5k_output
+
+_sha1_ip5k_output:
+	movea an_digest, D0
+
+	moveai an_security_block, #SECURITY_BASE_EFFECTIVE_ADDRESS
+
+	; we have finished
+	move.4 0(an_digest), hash_output_0
+	move.4 4(an_digest), hash_output_1
+	move.4 8(an_digest), hash_output_2
+	move.4 12(an_digest), hash_output_3
+	move.4 16(an_digest), hash_output_4
+
+	call_return_macro
+	.endfunc
+
+;*****************************************************************************************
+;END			;End of program code
+;*****************************************************************************************