2 * Copyright (C) 2008-2009 Semihalf, Piotr Ziecik
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN
17 * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
18 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
19 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
22 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
23 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 * Freescale integrated Security Engine (SEC) driver. Currently SEC 2.0 and
31 #include <sys/cdefs.h>
32 __FBSDID("$FreeBSD$");
34 #include <sys/param.h>
35 #include <sys/systm.h>
37 #include <sys/endian.h>
38 #include <sys/kernel.h>
40 #include <sys/malloc.h>
42 #include <sys/module.h>
43 #include <sys/mutex.h>
44 #include <sys/random.h>
47 #include <machine/bus.h>
48 #include <machine/ocpbus.h>
49 #include <machine/resource.h>
51 #include <opencrypto/cryptodev.h>
52 #include "cryptodev_if.h"
54 #include <dev/sec/sec.h>
56 static int sec_probe(device_t dev);
57 static int sec_attach(device_t dev);
58 static int sec_detach(device_t dev);
59 static int sec_suspend(device_t dev);
60 static int sec_resume(device_t dev);
61 static int sec_shutdown(device_t dev);
62 static void sec_primary_intr(void *arg);
63 static void sec_secondary_intr(void *arg);
64 static int sec_setup_intr(struct sec_softc *sc, struct resource **ires,
65 void **ihand, int *irid, driver_intr_t handler, const char *iname);
66 static void sec_release_intr(struct sec_softc *sc, struct resource *ires,
67 void *ihand, int irid, const char *iname);
68 static int sec_controller_reset(struct sec_softc *sc);
69 static int sec_channel_reset(struct sec_softc *sc, int channel, int full);
70 static int sec_init(struct sec_softc *sc);
71 static int sec_alloc_dma_mem(struct sec_softc *sc,
72 struct sec_dma_mem *dma_mem, bus_size_t size);
73 static int sec_desc_map_dma(struct sec_softc *sc,
74 struct sec_dma_mem *dma_mem, void *mem, bus_size_t size, int type,
75 struct sec_desc_map_info *sdmi);
76 static void sec_free_dma_mem(struct sec_dma_mem *dma_mem);
77 static void sec_enqueue(struct sec_softc *sc);
78 static int sec_enqueue_desc(struct sec_softc *sc, struct sec_desc *desc,
80 static int sec_eu_channel(struct sec_softc *sc, int eu);
81 static int sec_make_pointer(struct sec_softc *sc, struct sec_desc *desc,
82 u_int n, void *data, bus_size_t doffset, bus_size_t dsize, int dtype);
83 static int sec_make_pointer_direct(struct sec_softc *sc,
84 struct sec_desc *desc, u_int n, bus_addr_t data, bus_size_t dsize);
85 static int sec_alloc_session(struct sec_softc *sc);
86 static int sec_newsession(device_t dev, u_int32_t *sidp,
87 struct cryptoini *cri);
88 static int sec_freesession(device_t dev, uint64_t tid);
89 static int sec_process(device_t dev, struct cryptop *crp, int hint);
90 static int sec_split_cri(struct cryptoini *cri, struct cryptoini **enc,
91 struct cryptoini **mac);
92 static int sec_split_crp(struct cryptop *crp, struct cryptodesc **enc,
93 struct cryptodesc **mac);
94 static int sec_build_common_ns_desc(struct sec_softc *sc,
95 struct sec_desc *desc, struct sec_session *ses, struct cryptop *crp,
96 struct cryptodesc *enc, int buftype);
97 static int sec_build_common_s_desc(struct sec_softc *sc,
98 struct sec_desc *desc, struct sec_session *ses, struct cryptop *crp,
99 struct cryptodesc *enc, struct cryptodesc *mac, int buftype);
101 static struct sec_session *sec_get_session(struct sec_softc *sc, u_int sid);
102 static struct sec_desc *sec_find_desc(struct sec_softc *sc, bus_addr_t paddr);
105 static int sec_aesu_newsession(struct sec_softc *sc,
106 struct sec_session *ses, struct cryptoini *enc, struct cryptoini *mac);
107 static int sec_aesu_make_desc(struct sec_softc *sc,
108 struct sec_session *ses, struct sec_desc *desc, struct cryptop *crp,
112 static int sec_deu_newsession(struct sec_softc *sc,
113 struct sec_session *ses, struct cryptoini *enc, struct cryptoini *mac);
114 static int sec_deu_make_desc(struct sec_softc *sc,
115 struct sec_session *ses, struct sec_desc *desc, struct cryptop *crp,
119 static int sec_mdeu_can_handle(u_int alg);
120 static int sec_mdeu_config(struct cryptodesc *crd,
121 u_int *eu, u_int *mode, u_int *hashlen);
122 static int sec_mdeu_newsession(struct sec_softc *sc,
123 struct sec_session *ses, struct cryptoini *enc, struct cryptoini *mac);
124 static int sec_mdeu_make_desc(struct sec_softc *sc,
125 struct sec_session *ses, struct sec_desc *desc, struct cryptop *crp,
128 static device_method_t sec_methods[] = {
129 /* Device interface */
130 DEVMETHOD(device_probe, sec_probe),
131 DEVMETHOD(device_attach, sec_attach),
132 DEVMETHOD(device_detach, sec_detach),
134 DEVMETHOD(device_suspend, sec_suspend),
135 DEVMETHOD(device_resume, sec_resume),
136 DEVMETHOD(device_shutdown, sec_shutdown),
139 DEVMETHOD(bus_print_child, bus_generic_print_child),
140 DEVMETHOD(bus_driver_added, bus_generic_driver_added),
143 DEVMETHOD(cryptodev_newsession, sec_newsession),
144 DEVMETHOD(cryptodev_freesession,sec_freesession),
145 DEVMETHOD(cryptodev_process, sec_process),
149 static driver_t sec_driver = {
152 sizeof(struct sec_softc),
155 static devclass_t sec_devclass;
156 DRIVER_MODULE(sec, ocpbus, sec_driver, sec_devclass, 0, 0);
157 MODULE_DEPEND(sec, crypto, 1, 1, 1);
159 static struct sec_eu_methods sec_eus[] = {
176 sec_sync_dma_mem(struct sec_dma_mem *dma_mem, bus_dmasync_op_t op)
179 /* Sync only if dma memory is valid */
180 if (dma_mem->dma_vaddr != NULL)
181 bus_dmamap_sync(dma_mem->dma_tag, dma_mem->dma_map, op);
185 sec_free_session(struct sec_softc *sc, struct sec_session *ses)
188 SEC_LOCK(sc, sessions);
190 SEC_UNLOCK(sc, sessions);
194 sec_get_pointer_data(struct sec_desc *desc, u_int n)
197 return (desc->sd_ptr_dmem[n].dma_vaddr);
201 sec_probe(device_t dev)
203 struct sec_softc *sc;
209 parent = device_get_parent(dev);
210 error = BUS_READ_IVAR(parent, dev, OCPBUS_IVAR_DEVTYPE, &devtype);
214 if (devtype != OCPBUS_DEVTYPE_SEC)
217 sc = device_get_softc(dev);
220 sc->sc_rres = bus_alloc_resource(dev, SYS_RES_MEMORY, &sc->sc_rrid,
221 0ul, ~0ul, SEC_IO_SIZE, RF_ACTIVE);
223 if (sc->sc_rres == NULL)
226 sc->sc_bas.bsh = rman_get_bushandle(sc->sc_rres);
227 sc->sc_bas.bst = rman_get_bustag(sc->sc_rres);
229 id = SEC_READ(sc, SEC_ID);
231 bus_release_resource(dev, SYS_RES_MEMORY, sc->sc_rrid, sc->sc_rres);
235 device_set_desc(dev, "Freescale Security Engine 2.0");
239 device_set_desc(dev, "Freescale Security Engine 3.0");
243 device_printf(dev, "unknown SEC ID 0x%016llx!\n", id);
251 sec_attach(device_t dev)
253 struct sec_softc *sc;
254 struct sec_hw_lt *lt;
258 sc = device_get_softc(dev);
263 sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
264 if (sc->sc_cid < 0) {
265 device_printf(dev, "could not get crypto driver ID!\n");
270 mtx_init(&sc->sc_controller_lock, device_get_nameunit(dev),
271 "SEC Controller lock", MTX_DEF);
272 mtx_init(&sc->sc_descriptors_lock, device_get_nameunit(dev),
273 "SEC Descriptors lock", MTX_DEF);
274 mtx_init(&sc->sc_sessions_lock, device_get_nameunit(dev),
275 "SEC Sessions lock", MTX_DEF);
277 /* Allocate I/O memory for SEC registers */
279 sc->sc_rres = bus_alloc_resource(dev, SYS_RES_MEMORY, &sc->sc_rrid,
280 0ul, ~0ul, SEC_IO_SIZE, RF_ACTIVE);
282 if (sc->sc_rres == NULL) {
283 device_printf(dev, "could not allocate I/O memory!\n");
287 sc->sc_bas.bsh = rman_get_bushandle(sc->sc_rres);
288 sc->sc_bas.bst = rman_get_bustag(sc->sc_rres);
290 /* Setup interrupts */
292 error = sec_setup_intr(sc, &sc->sc_pri_ires, &sc->sc_pri_ihand,
293 &sc->sc_pri_irid, sec_primary_intr, "primary");
299 error = sec_setup_intr(sc, &sc->sc_sec_ires, &sc->sc_sec_ihand,
300 &sc->sc_sec_irid, sec_secondary_intr, "secondary");
305 /* Alloc DMA memory for descriptors and link tables */
306 error = sec_alloc_dma_mem(sc, &(sc->sc_desc_dmem),
307 SEC_DESCRIPTORS * sizeof(struct sec_hw_desc));
312 error = sec_alloc_dma_mem(sc, &(sc->sc_lt_dmem),
313 (SEC_LT_ENTRIES + 1) * sizeof(struct sec_hw_lt));
318 /* Fill in descriptors and link tables */
319 for (i = 0; i < SEC_DESCRIPTORS; i++) {
320 sc->sc_desc[i].sd_desc =
321 (struct sec_hw_desc*)(sc->sc_desc_dmem.dma_vaddr) + i;
322 sc->sc_desc[i].sd_desc_paddr = sc->sc_desc_dmem.dma_paddr +
323 (i * sizeof(struct sec_hw_desc));
326 for (i = 0; i < SEC_LT_ENTRIES + 1; i++) {
328 (struct sec_hw_lt*)(sc->sc_lt_dmem.dma_vaddr) + i;
329 sc->sc_lt[i].sl_lt_paddr = sc->sc_lt_dmem.dma_paddr +
330 (i * sizeof(struct sec_hw_lt));
333 /* Last entry in link table is used to create a circle */
334 lt = sc->sc_lt[SEC_LT_ENTRIES].sl_lt;
338 lt->shl_ptr = sc->sc_lt[0].sl_lt_paddr;
340 /* Init descriptor and link table queues pointers */
341 SEC_CNT_INIT(sc, sc_free_desc_get_cnt, SEC_DESCRIPTORS);
342 SEC_CNT_INIT(sc, sc_free_desc_put_cnt, SEC_DESCRIPTORS);
343 SEC_CNT_INIT(sc, sc_ready_desc_get_cnt, SEC_DESCRIPTORS);
344 SEC_CNT_INIT(sc, sc_ready_desc_put_cnt, SEC_DESCRIPTORS);
345 SEC_CNT_INIT(sc, sc_queued_desc_get_cnt, SEC_DESCRIPTORS);
346 SEC_CNT_INIT(sc, sc_queued_desc_put_cnt, SEC_DESCRIPTORS);
347 SEC_CNT_INIT(sc, sc_lt_alloc_cnt, SEC_LT_ENTRIES);
348 SEC_CNT_INIT(sc, sc_lt_free_cnt, SEC_LT_ENTRIES);
350 /* Create masks for fast checks */
351 sc->sc_int_error_mask = 0;
352 for (i = 0; i < SEC_CHANNELS; i++)
353 sc->sc_int_error_mask |= (~0ULL & SEC_INT_CH_ERR(i));
355 switch (sc->sc_version) {
357 sc->sc_channel_idle_mask =
358 (SEC_CHAN_CSR2_FFLVL_M << SEC_CHAN_CSR2_FFLVL_S) |
359 (SEC_CHAN_CSR2_MSTATE_M << SEC_CHAN_CSR2_MSTATE_S) |
360 (SEC_CHAN_CSR2_PSTATE_M << SEC_CHAN_CSR2_PSTATE_S) |
361 (SEC_CHAN_CSR2_GSTATE_M << SEC_CHAN_CSR2_GSTATE_S);
364 sc->sc_channel_idle_mask =
365 (SEC_CHAN_CSR3_FFLVL_M << SEC_CHAN_CSR3_FFLVL_S) |
366 (SEC_CHAN_CSR3_MSTATE_M << SEC_CHAN_CSR3_MSTATE_S) |
367 (SEC_CHAN_CSR3_PSTATE_M << SEC_CHAN_CSR3_PSTATE_S) |
368 (SEC_CHAN_CSR3_GSTATE_M << SEC_CHAN_CSR3_GSTATE_S);
373 error = sec_init(sc);
378 /* Register in OCF (AESU) */
379 crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0);
381 /* Register in OCF (DEU) */
382 crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0);
383 crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0);
385 /* Register in OCF (MDEU) */
386 crypto_register(sc->sc_cid, CRYPTO_MD5, 0, 0);
387 crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0);
388 crypto_register(sc->sc_cid, CRYPTO_SHA1, 0, 0);
389 crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0);
390 crypto_register(sc->sc_cid, CRYPTO_SHA2_256_HMAC, 0, 0);
391 if (sc->sc_version >= 3) {
392 crypto_register(sc->sc_cid, CRYPTO_SHA2_384_HMAC, 0, 0);
393 crypto_register(sc->sc_cid, CRYPTO_SHA2_512_HMAC, 0, 0);
399 sec_free_dma_mem(&(sc->sc_lt_dmem));
401 sec_free_dma_mem(&(sc->sc_desc_dmem));
403 sec_release_intr(sc, sc->sc_sec_ires, sc->sc_sec_ihand,
404 sc->sc_sec_irid, "secondary");
406 sec_release_intr(sc, sc->sc_pri_ires, sc->sc_pri_ihand,
407 sc->sc_pri_irid, "primary");
409 bus_release_resource(dev, SYS_RES_MEMORY, sc->sc_rrid, sc->sc_rres);
411 mtx_destroy(&sc->sc_controller_lock);
412 mtx_destroy(&sc->sc_descriptors_lock);
413 mtx_destroy(&sc->sc_sessions_lock);
419 sec_detach(device_t dev)
421 struct sec_softc *sc = device_get_softc(dev);
422 int i, error, timeout = SEC_TIMEOUT;
424 /* Prepare driver to shutdown */
425 SEC_LOCK(sc, descriptors);
427 SEC_UNLOCK(sc, descriptors);
429 /* Wait until all queued processing finishes */
431 SEC_LOCK(sc, descriptors);
432 i = SEC_READY_DESC_CNT(sc) + SEC_QUEUED_DESC_CNT(sc);
433 SEC_UNLOCK(sc, descriptors);
439 device_printf(dev, "queue flush timeout!\n");
441 /* DMA can be still active - stop it */
442 for (i = 0; i < SEC_CHANNELS; i++)
443 sec_channel_reset(sc, i, 1);
452 /* Disable interrupts */
453 SEC_WRITE(sc, SEC_IER, 0);
455 /* Unregister from OCF */
456 crypto_unregister_all(sc->sc_cid);
458 /* Free DMA memory */
459 for (i = 0; i < SEC_DESCRIPTORS; i++)
460 SEC_DESC_FREE_POINTERS(&(sc->sc_desc[i]));
462 sec_free_dma_mem(&(sc->sc_lt_dmem));
463 sec_free_dma_mem(&(sc->sc_desc_dmem));
465 /* Release interrupts */
466 sec_release_intr(sc, sc->sc_pri_ires, sc->sc_pri_ihand,
467 sc->sc_pri_irid, "primary");
468 sec_release_intr(sc, sc->sc_sec_ires, sc->sc_sec_ihand,
469 sc->sc_sec_irid, "secondary");
473 error = bus_release_resource(dev, SYS_RES_MEMORY, sc->sc_rrid,
476 device_printf(dev, "bus_release_resource() failed for"
477 " I/O memory, error %d\n", error);
482 mtx_destroy(&sc->sc_controller_lock);
483 mtx_destroy(&sc->sc_descriptors_lock);
484 mtx_destroy(&sc->sc_sessions_lock);
490 sec_suspend(device_t dev)
497 sec_resume(device_t dev)
504 sec_shutdown(device_t dev)
511 sec_setup_intr(struct sec_softc *sc, struct resource **ires, void **ihand,
512 int *irid, driver_intr_t handler, const char *iname)
516 (*ires) = bus_alloc_resource_any(sc->sc_dev, SYS_RES_IRQ, irid,
519 if ((*ires) == NULL) {
520 device_printf(sc->sc_dev, "could not allocate %s IRQ\n", iname);
524 error = bus_setup_intr(sc->sc_dev, *ires, INTR_MPSAFE | INTR_TYPE_NET,
525 NULL, handler, sc, ihand);
528 device_printf(sc->sc_dev, "failed to set up %s IRQ\n", iname);
529 if (bus_release_resource(sc->sc_dev, SYS_RES_IRQ, *irid, *ires))
530 device_printf(sc->sc_dev, "could not release %s IRQ\n",
541 sec_release_intr(struct sec_softc *sc, struct resource *ires, void *ihand,
542 int irid, const char *iname)
549 error = bus_teardown_intr(sc->sc_dev, ires, ihand);
551 device_printf(sc->sc_dev, "bus_teardown_intr() failed for %s"
552 " IRQ, error %d\n", iname, error);
554 error = bus_release_resource(sc->sc_dev, SYS_RES_IRQ, irid, ires);
556 device_printf(sc->sc_dev, "bus_release_resource() failed for %s"
557 " IRQ, error %d\n", iname, error);
561 sec_primary_intr(void *arg)
563 struct sec_softc *sc = arg;
564 struct sec_desc *desc;
568 SEC_LOCK(sc, controller);
570 /* Check for errors */
571 isr = SEC_READ(sc, SEC_ISR);
572 if (isr & sc->sc_int_error_mask) {
573 /* Check each channel for error */
574 for (i = 0; i < SEC_CHANNELS; i++) {
575 if ((isr & SEC_INT_CH_ERR(i)) == 0)
578 device_printf(sc->sc_dev,
579 "I/O error on channel %i!\n", i);
581 /* Find and mark problematic descriptor */
582 desc = sec_find_desc(sc, SEC_READ(sc,
586 desc->sd_error = EIO;
588 /* Do partial channel reset */
589 sec_channel_reset(sc, i, 0);
594 SEC_WRITE(sc, SEC_ICR, 0xFFFFFFFFFFFFFFFFULL);
596 SEC_UNLOCK(sc, controller);
597 SEC_LOCK(sc, descriptors);
599 /* Handle processed descriptors */
600 SEC_DESC_SYNC(sc, BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
602 while (SEC_QUEUED_DESC_CNT(sc) > 0) {
603 desc = SEC_GET_QUEUED_DESC(sc);
605 if (desc->sd_desc->shd_done != 0xFF && desc->sd_error == 0) {
606 SEC_PUT_BACK_QUEUED_DESC(sc);
610 SEC_DESC_SYNC_POINTERS(desc, BUS_DMASYNC_PREREAD |
611 BUS_DMASYNC_PREWRITE);
613 desc->sd_crp->crp_etype = desc->sd_error;
614 crypto_done(desc->sd_crp);
616 SEC_DESC_FREE_POINTERS(desc);
617 SEC_DESC_FREE_LT(sc, desc);
618 SEC_DESC_QUEUED2FREE(sc);
621 SEC_DESC_SYNC(sc, BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
623 if (!sc->sc_shutdown) {
624 wakeup = sc->sc_blocked;
628 SEC_UNLOCK(sc, descriptors);
630 /* Enqueue ready descriptors in hardware */
634 crypto_unblock(sc->sc_cid, wakeup);
638 sec_secondary_intr(void *arg)
640 struct sec_softc *sc = arg;
642 device_printf(sc->sc_dev, "spurious secondary interrupt!\n");
643 sec_primary_intr(arg);
647 sec_controller_reset(struct sec_softc *sc)
649 int timeout = SEC_TIMEOUT;
651 /* Reset Controller */
652 SEC_WRITE(sc, SEC_MCR, SEC_MCR_SWR);
654 while (SEC_READ(sc, SEC_MCR) & SEC_MCR_SWR) {
659 device_printf(sc->sc_dev, "timeout while waiting for "
669 sec_channel_reset(struct sec_softc *sc, int channel, int full)
671 int timeout = SEC_TIMEOUT;
672 uint64_t bit = (full) ? SEC_CHAN_CCR_R : SEC_CHAN_CCR_CON;
676 reg = SEC_READ(sc, SEC_CHAN_CCR(channel));
677 SEC_WRITE(sc, SEC_CHAN_CCR(channel), reg | bit);
679 while (SEC_READ(sc, SEC_CHAN_CCR(channel)) & bit) {
684 device_printf(sc->sc_dev, "timeout while waiting for "
691 reg = SEC_CHAN_CCR_CDIE | SEC_CHAN_CCR_NT | SEC_CHAN_CCR_BS;
693 switch(sc->sc_version) {
695 reg |= SEC_CHAN_CCR_CDWE;
698 reg |= SEC_CHAN_CCR_AWSE | SEC_CHAN_CCR_WGN;
702 SEC_WRITE(sc, SEC_CHAN_CCR(channel), reg);
709 sec_init(struct sec_softc *sc)
714 /* Reset controller twice to clear all pending interrupts */
715 error = sec_controller_reset(sc);
719 error = sec_controller_reset(sc);
724 for (i = 0; i < SEC_CHANNELS; i++) {
725 error = sec_channel_reset(sc, i, 1);
730 /* Enable Interrupts */
732 for (i = 0; i < SEC_CHANNELS; i++)
733 reg |= SEC_INT_CH_DN(i) | SEC_INT_CH_ERR(i);
735 SEC_WRITE(sc, SEC_IER, reg);
741 sec_alloc_dma_mem_cb(void *arg, bus_dma_segment_t *segs, int nseg, int error)
743 struct sec_dma_mem *dma_mem = arg;
748 KASSERT(nseg == 1, ("Wrong number of segments, should be 1"));
749 dma_mem->dma_paddr = segs->ds_addr;
753 sec_dma_map_desc_cb(void *arg, bus_dma_segment_t *segs, int nseg,
756 struct sec_desc_map_info *sdmi = arg;
757 struct sec_softc *sc = sdmi->sdmi_sc;
758 struct sec_lt *lt = NULL;
763 SEC_LOCK_ASSERT(sc, descriptors);
768 for (i = 0; i < nseg; i++) {
769 addr = segs[i].ds_addr;
770 size = segs[i].ds_len;
772 /* Skip requested offset */
773 if (sdmi->sdmi_offset >= size) {
774 sdmi->sdmi_offset -= size;
778 addr += sdmi->sdmi_offset;
779 size -= sdmi->sdmi_offset;
780 sdmi->sdmi_offset = 0;
782 /* Do not link more than requested */
783 if (sdmi->sdmi_size < size)
784 size = sdmi->sdmi_size;
786 lt = SEC_ALLOC_LT_ENTRY(sc);
787 lt->sl_lt->shl_length = size;
788 lt->sl_lt->shl_r = 0;
789 lt->sl_lt->shl_n = 0;
790 lt->sl_lt->shl_ptr = addr;
792 if (sdmi->sdmi_lt_first == NULL)
793 sdmi->sdmi_lt_first = lt;
795 sdmi->sdmi_lt_used += 1;
797 if ((sdmi->sdmi_size -= size) == 0)
801 sdmi->sdmi_lt_last = lt;
805 sec_dma_map_desc_cb2(void *arg, bus_dma_segment_t *segs, int nseg,
806 bus_size_t size, int error)
809 sec_dma_map_desc_cb(arg, segs, nseg, error);
813 sec_alloc_dma_mem(struct sec_softc *sc, struct sec_dma_mem *dma_mem,
818 if (dma_mem->dma_vaddr != NULL)
821 error = bus_dma_tag_create(NULL, /* parent */
822 SEC_DMA_ALIGNMENT, 0, /* alignment, boundary */
823 BUS_SPACE_MAXADDR_32BIT, /* lowaddr */
824 BUS_SPACE_MAXADDR, /* highaddr */
825 NULL, NULL, /* filtfunc, filtfuncarg */
826 size, 1, /* maxsize, nsegments */
827 size, 0, /* maxsegsz, flags */
828 NULL, NULL, /* lockfunc, lockfuncarg */
829 &(dma_mem->dma_tag)); /* dmat */
832 device_printf(sc->sc_dev, "failed to allocate busdma tag, error"
837 error = bus_dmamem_alloc(dma_mem->dma_tag, &(dma_mem->dma_vaddr),
838 BUS_DMA_NOWAIT | BUS_DMA_ZERO, &(dma_mem->dma_map));
841 device_printf(sc->sc_dev, "failed to allocate DMA safe"
842 " memory, error %i!\n", error);
846 error = bus_dmamap_load(dma_mem->dma_tag, dma_mem->dma_map,
847 dma_mem->dma_vaddr, size, sec_alloc_dma_mem_cb, dma_mem,
851 device_printf(sc->sc_dev, "cannot get address of the DMA"
852 " memory, error %i\n", error);
856 dma_mem->dma_is_map = 0;
860 bus_dmamem_free(dma_mem->dma_tag, dma_mem->dma_vaddr, dma_mem->dma_map);
862 bus_dma_tag_destroy(dma_mem->dma_tag);
864 dma_mem->dma_vaddr = NULL;
869 sec_desc_map_dma(struct sec_softc *sc, struct sec_dma_mem *dma_mem, void *mem,
870 bus_size_t size, int type, struct sec_desc_map_info *sdmi)
874 if (dma_mem->dma_vaddr != NULL)
881 size = SEC_FREE_LT_CNT(sc) * SEC_MAX_DMA_BLOCK_SIZE;
884 size = m_length((struct mbuf*)mem, NULL);
890 error = bus_dma_tag_create(NULL, /* parent */
891 SEC_DMA_ALIGNMENT, 0, /* alignment, boundary */
892 BUS_SPACE_MAXADDR_32BIT, /* lowaddr */
893 BUS_SPACE_MAXADDR, /* highaddr */
894 NULL, NULL, /* filtfunc, filtfuncarg */
896 SEC_FREE_LT_CNT(sc), /* nsegments */
897 SEC_MAX_DMA_BLOCK_SIZE, 0, /* maxsegsz, flags */
898 NULL, NULL, /* lockfunc, lockfuncarg */
899 &(dma_mem->dma_tag)); /* dmat */
902 device_printf(sc->sc_dev, "failed to allocate busdma tag, error"
904 dma_mem->dma_vaddr = NULL;
908 error = bus_dmamap_create(dma_mem->dma_tag, 0, &(dma_mem->dma_map));
911 device_printf(sc->sc_dev, "failed to create DMA map, error %i!"
913 bus_dma_tag_destroy(dma_mem->dma_tag);
919 error = bus_dmamap_load(dma_mem->dma_tag, dma_mem->dma_map,
920 mem, size, sec_dma_map_desc_cb, sdmi, BUS_DMA_NOWAIT);
923 error = bus_dmamap_load_uio(dma_mem->dma_tag, dma_mem->dma_map,
924 mem, sec_dma_map_desc_cb2, sdmi, BUS_DMA_NOWAIT);
927 error = bus_dmamap_load_mbuf(dma_mem->dma_tag, dma_mem->dma_map,
928 mem, sec_dma_map_desc_cb2, sdmi, BUS_DMA_NOWAIT);
933 device_printf(sc->sc_dev, "cannot get address of the DMA"
934 " memory, error %i!\n", error);
935 bus_dmamap_destroy(dma_mem->dma_tag, dma_mem->dma_map);
936 bus_dma_tag_destroy(dma_mem->dma_tag);
940 dma_mem->dma_is_map = 1;
941 dma_mem->dma_vaddr = mem;
947 sec_free_dma_mem(struct sec_dma_mem *dma_mem)
950 /* Check for double free */
951 if (dma_mem->dma_vaddr == NULL)
954 bus_dmamap_unload(dma_mem->dma_tag, dma_mem->dma_map);
956 if (dma_mem->dma_is_map)
957 bus_dmamap_destroy(dma_mem->dma_tag, dma_mem->dma_map);
959 bus_dmamem_free(dma_mem->dma_tag, dma_mem->dma_vaddr,
962 bus_dma_tag_destroy(dma_mem->dma_tag);
963 dma_mem->dma_vaddr = NULL;
967 sec_eu_channel(struct sec_softc *sc, int eu)
972 SEC_LOCK_ASSERT(sc, controller);
974 reg = SEC_READ(sc, SEC_EUASR);
978 channel = SEC_EUASR_AFEU(reg);
981 channel = SEC_EUASR_DEU(reg);
985 channel = SEC_EUASR_MDEU(reg);
988 channel = SEC_EUASR_RNGU(reg);
991 channel = SEC_EUASR_PKEU(reg);
994 channel = SEC_EUASR_AESU(reg);
997 channel = SEC_EUASR_KEU(reg);
1000 channel = SEC_EUASR_CRCU(reg);
1004 return (channel - 1);
1008 sec_enqueue_desc(struct sec_softc *sc, struct sec_desc *desc, int channel)
1010 u_int fflvl = SEC_MAX_FIFO_LEVEL;
1014 SEC_LOCK_ASSERT(sc, controller);
1016 /* Find free channel if have not got one */
1018 for (i = 0; i < SEC_CHANNELS; i++) {
1019 reg = SEC_READ(sc, SEC_CHAN_CSR(channel));
1021 if ((reg & sc->sc_channel_idle_mask) == 0) {
1028 /* There is no free channel */
1032 /* Check FIFO level on selected channel */
1033 reg = SEC_READ(sc, SEC_CHAN_CSR(channel));
1035 switch(sc->sc_version) {
1037 fflvl = (reg >> SEC_CHAN_CSR2_FFLVL_S) & SEC_CHAN_CSR2_FFLVL_M;
1040 fflvl = (reg >> SEC_CHAN_CSR3_FFLVL_S) & SEC_CHAN_CSR3_FFLVL_M;
1044 if (fflvl >= SEC_MAX_FIFO_LEVEL)
1047 /* Enqueue descriptor in channel */
1048 SEC_WRITE(sc, SEC_CHAN_FF(channel), desc->sd_desc_paddr);
1054 sec_enqueue(struct sec_softc *sc)
1056 struct sec_desc *desc;
1059 SEC_LOCK(sc, descriptors);
1060 SEC_LOCK(sc, controller);
1062 while (SEC_READY_DESC_CNT(sc) > 0) {
1063 desc = SEC_GET_READY_DESC(sc);
1065 ch0 = sec_eu_channel(sc, desc->sd_desc->shd_eu_sel0);
1066 ch1 = sec_eu_channel(sc, desc->sd_desc->shd_eu_sel1);
1069 * Both EU are used by the same channel.
1070 * Enqueue descriptor in channel used by busy EUs.
1072 if (ch0 >= 0 && ch0 == ch1) {
1073 if (sec_enqueue_desc(sc, desc, ch0) >= 0) {
1074 SEC_DESC_READY2QUEUED(sc);
1080 * Only one EU is free.
1081 * Enqueue descriptor in channel used by busy EU.
1083 if ((ch0 >= 0 && ch1 < 0) || (ch1 >= 0 && ch0 < 0)) {
1084 if (sec_enqueue_desc(sc, desc, (ch0 >= 0) ? ch0 : ch1)
1086 SEC_DESC_READY2QUEUED(sc);
1093 * Enqueue descriptor in first free channel.
1095 if (ch0 < 0 && ch1 < 0) {
1096 if (sec_enqueue_desc(sc, desc, -1) >= 0) {
1097 SEC_DESC_READY2QUEUED(sc);
1102 /* Current descriptor can not be queued at the moment */
1103 SEC_PUT_BACK_READY_DESC(sc);
1107 SEC_UNLOCK(sc, controller);
1108 SEC_UNLOCK(sc, descriptors);
1111 static struct sec_desc *
1112 sec_find_desc(struct sec_softc *sc, bus_addr_t paddr)
1114 struct sec_desc *desc = NULL;
1117 SEC_LOCK_ASSERT(sc, descriptors);
1119 for (i = 0; i < SEC_CHANNELS; i++) {
1120 if (sc->sc_desc[i].sd_desc_paddr == paddr) {
1121 desc = &(sc->sc_desc[i]);
1130 sec_make_pointer_direct(struct sec_softc *sc, struct sec_desc *desc, u_int n,
1131 bus_addr_t data, bus_size_t dsize)
1133 struct sec_hw_desc_ptr *ptr;
1135 SEC_LOCK_ASSERT(sc, descriptors);
1137 ptr = &(desc->sd_desc->shd_pointer[n]);
1138 ptr->shdp_length = dsize;
1139 ptr->shdp_extent = 0;
1141 ptr->shdp_ptr = data;
1147 sec_make_pointer(struct sec_softc *sc, struct sec_desc *desc,
1148 u_int n, void *data, bus_size_t doffset, bus_size_t dsize, int dtype)
1150 struct sec_desc_map_info sdmi = { sc, dsize, doffset, NULL, NULL, 0 };
1151 struct sec_hw_desc_ptr *ptr;
1154 SEC_LOCK_ASSERT(sc, descriptors);
1156 /* For flat memory map only requested region */
1157 if (dtype == SEC_MEMORY) {
1158 data = (uint8_t*)(data) + doffset;
1159 sdmi.sdmi_offset = 0;
1162 error = sec_desc_map_dma(sc, &(desc->sd_ptr_dmem[n]), data, dsize,
1168 sdmi.sdmi_lt_last->sl_lt->shl_r = 1;
1169 desc->sd_lt_used += sdmi.sdmi_lt_used;
1171 ptr = &(desc->sd_desc->shd_pointer[n]);
1172 ptr->shdp_length = dsize;
1173 ptr->shdp_extent = 0;
1175 ptr->shdp_ptr = sdmi.sdmi_lt_first->sl_lt_paddr;
1181 sec_split_cri(struct cryptoini *cri, struct cryptoini **enc,
1182 struct cryptoini **mac)
1184 struct cryptoini *e, *m;
1189 /* We can haldle only two operations */
1190 if (m && m->cri_next)
1193 if (sec_mdeu_can_handle(e->cri_alg)) {
1199 if (m && !sec_mdeu_can_handle(m->cri_alg))
1209 sec_split_crp(struct cryptop *crp, struct cryptodesc **enc,
1210 struct cryptodesc **mac)
1212 struct cryptodesc *e, *m, *t;
1217 /* We can haldle only two operations */
1218 if (m && m->crd_next)
1221 if (sec_mdeu_can_handle(e->crd_alg)) {
1227 if (m && !sec_mdeu_can_handle(m->crd_alg))
1237 sec_alloc_session(struct sec_softc *sc)
1239 struct sec_session *ses = NULL;
1243 SEC_LOCK(sc, sessions);
1245 for (i = 0; i < SEC_MAX_SESSIONS; i++) {
1246 if (sc->sc_sessions[i].ss_used == 0) {
1247 ses = &(sc->sc_sessions[i]);
1257 SEC_UNLOCK(sc, sessions);
1262 static struct sec_session *
1263 sec_get_session(struct sec_softc *sc, u_int sid)
1265 struct sec_session *ses;
1267 if (sid >= SEC_MAX_SESSIONS)
1270 SEC_LOCK(sc, sessions);
1272 ses = &(sc->sc_sessions[sid]);
1274 if (ses->ss_used == 0)
1277 SEC_UNLOCK(sc, sessions);
1283 sec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
1285 struct sec_softc *sc = device_get_softc(dev);
1286 struct sec_eu_methods *eu = sec_eus;
1287 struct cryptoini *enc = NULL;
1288 struct cryptoini *mac = NULL;
1289 struct sec_session *ses;
1293 error = sec_split_cri(cri, &enc, &mac);
1297 /* Check key lengths */
1298 if (enc && enc->cri_key && (enc->cri_klen / 8) > SEC_MAX_KEY_LEN)
1301 if (mac && mac->cri_key && (mac->cri_klen / 8) > SEC_MAX_KEY_LEN)
1304 /* Only SEC 3.0 supports digests larger than 256 bits */
1305 if (sc->sc_version < 3 && mac && mac->cri_klen > 256)
1308 sid = sec_alloc_session(sc);
1312 ses = sec_get_session(sc, sid);
1314 /* Find EU for this session */
1315 while (eu->sem_make_desc != NULL) {
1316 error = eu->sem_newsession(sc, ses, enc, mac);
1323 /* If not found, return EINVAL */
1325 sec_free_session(sc, ses);
1329 /* Save cipher key */
1330 if (enc && enc->cri_key) {
1331 ses->ss_klen = enc->cri_klen / 8;
1332 memcpy(ses->ss_key, enc->cri_key, ses->ss_klen);
1335 /* Save digest key */
1336 if (mac && mac->cri_key) {
1337 ses->ss_mklen = mac->cri_klen / 8;
1338 memcpy(ses->ss_mkey, mac->cri_key, ses->ss_mklen);
1348 sec_freesession(device_t dev, uint64_t tid)
1350 struct sec_softc *sc = device_get_softc(dev);
1351 struct sec_session *ses;
1354 ses = sec_get_session(sc, CRYPTO_SESID2LID(tid));
1358 sec_free_session(sc, ses);
1364 sec_process(device_t dev, struct cryptop *crp, int hint)
1366 struct sec_softc *sc = device_get_softc(dev);
1367 struct sec_desc *desc = NULL;
1368 struct cryptodesc *mac, *enc;
1369 struct sec_session *ses;
1370 int buftype, error = 0;
1372 /* Check Session ID */
1373 ses = sec_get_session(sc, CRYPTO_SESID2LID(crp->crp_sid));
1375 crp->crp_etype = EINVAL;
1380 /* Check for input length */
1381 if (crp->crp_ilen > SEC_MAX_DMA_BLOCK_SIZE) {
1382 crp->crp_etype = E2BIG;
1387 /* Get descriptors */
1388 if (sec_split_crp(crp, &enc, &mac)) {
1389 crp->crp_etype = EINVAL;
1394 SEC_LOCK(sc, descriptors);
1395 SEC_DESC_SYNC(sc, BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
1397 /* Block driver if there is no free descriptors or we are going down */
1398 if (SEC_FREE_DESC_CNT(sc) == 0 || sc->sc_shutdown) {
1399 sc->sc_blocked |= CRYPTO_SYMQ;
1400 SEC_UNLOCK(sc, descriptors);
1404 /* Prepare descriptor */
1405 desc = SEC_GET_FREE_DESC(sc);
1406 desc->sd_lt_used = 0;
1410 if (crp->crp_flags & CRYPTO_F_IOV)
1412 else if (crp->crp_flags & CRYPTO_F_IMBUF)
1415 buftype = SEC_MEMORY;
1417 if (enc && enc->crd_flags & CRD_F_ENCRYPT) {
1418 if (enc->crd_flags & CRD_F_IV_EXPLICIT)
1419 memcpy(desc->sd_desc->shd_iv, enc->crd_iv,
1422 arc4rand(desc->sd_desc->shd_iv, ses->ss_ivlen, 0);
1424 if ((enc->crd_flags & CRD_F_IV_PRESENT) == 0)
1425 crypto_copyback(crp->crp_flags, crp->crp_buf,
1426 enc->crd_inject, ses->ss_ivlen,
1427 desc->sd_desc->shd_iv);
1429 if (enc->crd_flags & CRD_F_IV_EXPLICIT)
1430 memcpy(desc->sd_desc->shd_iv, enc->crd_iv,
1433 crypto_copydata(crp->crp_flags, crp->crp_buf,
1434 enc->crd_inject, ses->ss_ivlen,
1435 desc->sd_desc->shd_iv);
1438 if (enc && enc->crd_flags & CRD_F_KEY_EXPLICIT) {
1439 if ((enc->crd_klen / 8) <= SEC_MAX_KEY_LEN) {
1440 ses->ss_klen = enc->crd_klen / 8;
1441 memcpy(ses->ss_key, enc->crd_key, ses->ss_klen);
1446 if (!error && mac && mac->crd_flags & CRD_F_KEY_EXPLICIT) {
1447 if ((mac->crd_klen / 8) <= SEC_MAX_KEY_LEN) {
1448 ses->ss_mklen = mac->crd_klen / 8;
1449 memcpy(ses->ss_mkey, mac->crd_key, ses->ss_mklen);
1455 memcpy(desc->sd_desc->shd_key, ses->ss_key, ses->ss_klen);
1456 memcpy(desc->sd_desc->shd_mkey, ses->ss_mkey, ses->ss_mklen);
1458 error = ses->ss_eu->sem_make_desc(sc, ses, desc, crp, buftype);
1462 SEC_DESC_FREE_POINTERS(desc);
1463 SEC_DESC_PUT_BACK_LT(sc, desc);
1464 SEC_PUT_BACK_FREE_DESC(sc);
1465 SEC_UNLOCK(sc, descriptors);
1466 crp->crp_etype = error;
1472 * Skip DONE interrupt if this is not last request in burst, but only
1473 * if we are running on SEC 3.X. On SEC 2.X we have to enable DONE
1474 * signaling on each descriptor.
1476 if ((hint & CRYPTO_HINT_MORE) && sc->sc_version == 3)
1477 desc->sd_desc->shd_dn = 0;
1479 desc->sd_desc->shd_dn = 1;
1481 SEC_DESC_SYNC(sc, BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
1482 SEC_DESC_SYNC_POINTERS(desc, BUS_DMASYNC_POSTREAD |
1483 BUS_DMASYNC_POSTWRITE);
1484 SEC_DESC_FREE2READY(sc);
1485 SEC_UNLOCK(sc, descriptors);
1487 /* Enqueue ready descriptors in hardware */
1494 sec_build_common_ns_desc(struct sec_softc *sc, struct sec_desc *desc,
1495 struct sec_session *ses, struct cryptop *crp, struct cryptodesc *enc,
1498 struct sec_hw_desc *hd = desc->sd_desc;
1501 hd->shd_desc_type = SEC_DT_COMMON_NONSNOOP;
1502 hd->shd_eu_sel1 = SEC_EU_NONE;
1505 /* Pointer 0: NULL */
1506 error = sec_make_pointer_direct(sc, desc, 0, 0, 0);
1510 /* Pointer 1: IV IN */
1511 error = sec_make_pointer_direct(sc, desc, 1, desc->sd_desc_paddr +
1512 offsetof(struct sec_hw_desc, shd_iv), ses->ss_ivlen);
1516 /* Pointer 2: Cipher Key */
1517 error = sec_make_pointer_direct(sc, desc, 2, desc->sd_desc_paddr +
1518 offsetof(struct sec_hw_desc, shd_key), ses->ss_klen);
1522 /* Pointer 3: Data IN */
1523 error = sec_make_pointer(sc, desc, 3, crp->crp_buf, enc->crd_skip,
1524 enc->crd_len, buftype);
1528 /* Pointer 4: Data OUT */
1529 error = sec_make_pointer(sc, desc, 4, crp->crp_buf, enc->crd_skip,
1530 enc->crd_len, buftype);
1534 /* Pointer 5: IV OUT (Not used: NULL) */
1535 error = sec_make_pointer_direct(sc, desc, 5, 0, 0);
1539 /* Pointer 6: NULL */
1540 error = sec_make_pointer_direct(sc, desc, 6, 0, 0);
1546 sec_build_common_s_desc(struct sec_softc *sc, struct sec_desc *desc,
1547 struct sec_session *ses, struct cryptop *crp, struct cryptodesc *enc,
1548 struct cryptodesc *mac, int buftype)
1550 struct sec_hw_desc *hd = desc->sd_desc;
1551 u_int eu, mode, hashlen;
1554 if (mac->crd_len < enc->crd_len)
1557 if (mac->crd_skip + mac->crd_len != enc->crd_skip + enc->crd_len)
1560 error = sec_mdeu_config(mac, &eu, &mode, &hashlen);
1564 hd->shd_desc_type = SEC_DT_HMAC_SNOOP;
1565 hd->shd_eu_sel1 = eu;
1566 hd->shd_mode1 = mode;
1568 /* Pointer 0: HMAC Key */
1569 error = sec_make_pointer_direct(sc, desc, 0, desc->sd_desc_paddr +
1570 offsetof(struct sec_hw_desc, shd_mkey), ses->ss_mklen);
1574 /* Pointer 1: HMAC-Only Data IN */
1575 error = sec_make_pointer(sc, desc, 1, crp->crp_buf, mac->crd_skip,
1576 mac->crd_len - enc->crd_len, buftype);
1580 /* Pointer 2: Cipher Key */
1581 error = sec_make_pointer_direct(sc, desc, 2, desc->sd_desc_paddr +
1582 offsetof(struct sec_hw_desc, shd_key), ses->ss_klen);
1586 /* Pointer 3: IV IN */
1587 error = sec_make_pointer_direct(sc, desc, 3, desc->sd_desc_paddr +
1588 offsetof(struct sec_hw_desc, shd_iv), ses->ss_ivlen);
1592 /* Pointer 4: Data IN */
1593 error = sec_make_pointer(sc, desc, 4, crp->crp_buf, enc->crd_skip,
1594 enc->crd_len, buftype);
1598 /* Pointer 5: Data OUT */
1599 error = sec_make_pointer(sc, desc, 5, crp->crp_buf, enc->crd_skip,
1600 enc->crd_len, buftype);
1604 /* Pointer 6: HMAC OUT */
1605 error = sec_make_pointer(sc, desc, 6, crp->crp_buf, mac->crd_inject,
1614 sec_aesu_newsession(struct sec_softc *sc, struct sec_session *ses,
1615 struct cryptoini *enc, struct cryptoini *mac)
1621 if (enc->cri_alg != CRYPTO_AES_CBC)
1624 ses->ss_ivlen = AES_BLOCK_LEN;
1630 sec_aesu_make_desc(struct sec_softc *sc, struct sec_session *ses,
1631 struct sec_desc *desc, struct cryptop *crp, int buftype)
1633 struct sec_hw_desc *hd = desc->sd_desc;
1634 struct cryptodesc *enc, *mac;
1637 error = sec_split_crp(crp, &enc, &mac);
1644 hd->shd_eu_sel0 = SEC_EU_AESU;
1645 hd->shd_mode0 = SEC_AESU_MODE_CBC;
1647 if (enc->crd_alg != CRYPTO_AES_CBC)
1650 if (enc->crd_flags & CRD_F_ENCRYPT) {
1651 hd->shd_mode0 |= SEC_AESU_MODE_ED;
1657 error = sec_build_common_s_desc(sc, desc, ses, crp, enc, mac,
1660 error = sec_build_common_ns_desc(sc, desc, ses, crp, enc,
1669 sec_deu_newsession(struct sec_softc *sc, struct sec_session *ses,
1670 struct cryptoini *enc, struct cryptoini *mac)
1676 switch (enc->cri_alg) {
1677 case CRYPTO_DES_CBC:
1678 case CRYPTO_3DES_CBC:
1684 ses->ss_ivlen = DES_BLOCK_LEN;
1690 sec_deu_make_desc(struct sec_softc *sc, struct sec_session *ses,
1691 struct sec_desc *desc, struct cryptop *crp, int buftype)
1693 struct sec_hw_desc *hd = desc->sd_desc;
1694 struct cryptodesc *enc, *mac;
1697 error = sec_split_crp(crp, &enc, &mac);
1704 hd->shd_eu_sel0 = SEC_EU_DEU;
1705 hd->shd_mode0 = SEC_DEU_MODE_CBC;
1707 switch (enc->crd_alg) {
1708 case CRYPTO_3DES_CBC:
1709 hd->shd_mode0 |= SEC_DEU_MODE_TS;
1711 case CRYPTO_DES_CBC:
1717 if (enc->crd_flags & CRD_F_ENCRYPT) {
1718 hd->shd_mode0 |= SEC_DEU_MODE_ED;
1724 error = sec_build_common_s_desc(sc, desc, ses, crp, enc, mac,
1727 error = sec_build_common_ns_desc(sc, desc, ses, crp, enc,
1736 sec_mdeu_can_handle(u_int alg)
1741 case CRYPTO_MD5_HMAC:
1742 case CRYPTO_SHA1_HMAC:
1743 case CRYPTO_SHA2_256_HMAC:
1744 case CRYPTO_SHA2_384_HMAC:
1745 case CRYPTO_SHA2_512_HMAC:
1753 sec_mdeu_config(struct cryptodesc *crd, u_int *eu, u_int *mode, u_int *hashlen)
1756 *mode = SEC_MDEU_MODE_PD | SEC_MDEU_MODE_INIT;
1759 switch (crd->crd_alg) {
1760 case CRYPTO_MD5_HMAC:
1761 *mode |= SEC_MDEU_MODE_HMAC;
1764 *eu = SEC_EU_MDEU_A;
1765 *mode |= SEC_MDEU_MODE_MD5;
1766 *hashlen = MD5_HASH_LEN;
1768 case CRYPTO_SHA1_HMAC:
1769 *mode |= SEC_MDEU_MODE_HMAC;
1772 *eu = SEC_EU_MDEU_A;
1773 *mode |= SEC_MDEU_MODE_SHA1;
1774 *hashlen = SHA1_HASH_LEN;
1776 case CRYPTO_SHA2_256_HMAC:
1777 *mode |= SEC_MDEU_MODE_HMAC | SEC_MDEU_MODE_SHA256;
1778 *eu = SEC_EU_MDEU_A;
1780 case CRYPTO_SHA2_384_HMAC:
1781 *mode |= SEC_MDEU_MODE_HMAC | SEC_MDEU_MODE_SHA384;
1782 *eu = SEC_EU_MDEU_B;
1784 case CRYPTO_SHA2_512_HMAC:
1785 *mode |= SEC_MDEU_MODE_HMAC | SEC_MDEU_MODE_SHA512;
1786 *eu = SEC_EU_MDEU_B;
1792 if (*mode & SEC_MDEU_MODE_HMAC)
1793 *hashlen = SEC_HMAC_HASH_LEN;
1799 sec_mdeu_newsession(struct sec_softc *sc, struct sec_session *ses,
1800 struct cryptoini *enc, struct cryptoini *mac)
1803 if (mac && sec_mdeu_can_handle(mac->cri_alg))
1810 sec_mdeu_make_desc(struct sec_softc *sc, struct sec_session *ses,
1811 struct sec_desc *desc, struct cryptop *crp, int buftype)
1813 struct cryptodesc *enc, *mac;
1814 struct sec_hw_desc *hd = desc->sd_desc;
1815 u_int eu, mode, hashlen;
1818 error = sec_split_crp(crp, &enc, &mac);
1825 error = sec_mdeu_config(mac, &eu, &mode, &hashlen);
1829 hd->shd_desc_type = SEC_DT_COMMON_NONSNOOP;
1830 hd->shd_eu_sel0 = eu;
1831 hd->shd_mode0 = mode;
1832 hd->shd_eu_sel1 = SEC_EU_NONE;
1835 /* Pointer 0: NULL */
1836 error = sec_make_pointer_direct(sc, desc, 0, 0, 0);
1840 /* Pointer 1: Context In (Not used: NULL) */
1841 error = sec_make_pointer_direct(sc, desc, 1, 0, 0);
1845 /* Pointer 2: HMAC Key (or NULL, depending on digest type) */
1846 if (hd->shd_mode0 & SEC_MDEU_MODE_HMAC)
1847 error = sec_make_pointer_direct(sc, desc, 2,
1848 desc->sd_desc_paddr + offsetof(struct sec_hw_desc,
1849 shd_mkey), ses->ss_mklen);
1851 error = sec_make_pointer_direct(sc, desc, 2, 0, 0);
1856 /* Pointer 3: Input Data */
1857 error = sec_make_pointer(sc, desc, 3, crp->crp_buf, mac->crd_skip,
1858 mac->crd_len, buftype);
1862 /* Pointer 4: NULL */
1863 error = sec_make_pointer_direct(sc, desc, 4, 0, 0);
1867 /* Pointer 5: Hash out */
1868 error = sec_make_pointer(sc, desc, 5, crp->crp_buf,
1869 mac->crd_inject, hashlen, buftype);
1873 /* Pointer 6: NULL */
1874 error = sec_make_pointer_direct(sc, desc, 6, 0, 0);