1 /*-
2 * Copyright (c) 2003 Sam Leffler, Errno Consulting
3 * Copyright (c) 2003 Global Technology Associates, Inc.
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 *
27 * $FreeBSD: src/sys/dev/safe/safe.c,v 1.22 2011/06/12 23:33:08 delphij Exp $
28 */
29
30 /*
31 * SafeNet SafeXcel-1141 hardware crypto accelerator
32 */
33 #include "opt_safe.h"
34
35 #include <sys/param.h>
36 #include <sys/systm.h>
37 #include <sys/proc.h>
38 #include <sys/errno.h>
39 #include <sys/malloc.h>
40 #include <sys/kernel.h>
41 #include <sys/mbuf.h>
42 #include <sys/module.h>
43 #include <sys/lock.h>
44 #include <sys/sysctl.h>
45 #include <sys/endian.h>
46
47 #include <vm/vm.h>
48 #include <vm/pmap.h>
49
50 #include <sys/bus.h>
51 #include <sys/rman.h>
52
53 #include <crypto/sha1.h>
54 #include <opencrypto/cryptodev.h>
55 #include <opencrypto/cryptosoft.h>
56 #include <sys/md5.h>
57 #include <sys/random.h>
58 #include <sys/kobj.h>
59
60 #include "cryptodev_if.h"
61
62 #include <bus/pci/pcivar.h>
63 #include <bus/pci/pcireg.h>
64
65 #ifdef SAFE_RNDTEST
66 #include <dev/crypto/rndtest/rndtest.h>
67 #endif
68 #include <dev/crypto/safe/safereg.h>
69 #include <dev/crypto/safe/safevar.h>
70
71 #ifndef bswap32
72 #define bswap32 NTOHL
73 #endif
74
75 /*
76 * Prototypes and count for the pci_device structure
77 */
78 static int safe_probe(device_t);
79 static int safe_attach(device_t);
80 static int safe_detach(device_t);
81 static int safe_suspend(device_t);
82 static int safe_resume(device_t);
83 static int safe_shutdown(device_t);
84
85 static int safe_newsession(device_t, u_int32_t *, struct cryptoini *);
86 static int safe_freesession(device_t, u_int64_t);
87 static int safe_process(device_t, struct cryptop *, int);
88
89 static device_method_t safe_methods[] = {
90 /* Device interface */
91 DEVMETHOD(device_probe, safe_probe),
92 DEVMETHOD(device_attach, safe_attach),
93 DEVMETHOD(device_detach, safe_detach),
94 DEVMETHOD(device_suspend, safe_suspend),
95 DEVMETHOD(device_resume, safe_resume),
96 DEVMETHOD(device_shutdown, safe_shutdown),
97
98 /* bus interface */
99 DEVMETHOD(bus_print_child, bus_generic_print_child),
100 DEVMETHOD(bus_driver_added, bus_generic_driver_added),
101
102 /* crypto device methods */
103 DEVMETHOD(cryptodev_newsession, safe_newsession),
104 DEVMETHOD(cryptodev_freesession,safe_freesession),
105 DEVMETHOD(cryptodev_process, safe_process),
106
107 DEVMETHOD_END
108 };
109 static driver_t safe_driver = {
110 "safe",
111 safe_methods,
112 sizeof (struct safe_softc)
113 };
114 static devclass_t safe_devclass;
115
116 DRIVER_MODULE(safe, pci, safe_driver, safe_devclass, NULL, NULL);
117 MODULE_DEPEND(safe, crypto, 1, 1, 1);
118 #ifdef SAFE_RNDTEST
119 MODULE_DEPEND(safe, rndtest, 1, 1, 1);
120 #endif
121
122 static void safe_intr(void *);
123 static void safe_callback(struct safe_softc *, struct safe_ringentry *);
124 static void safe_feed(struct safe_softc *, struct safe_ringentry *);
125 static void safe_mcopy(struct mbuf *, struct mbuf *, u_int);
126 #ifndef SAFE_NO_RNG
127 static void safe_rng_init(struct safe_softc *);
128 static void safe_rng(void *);
129 #endif /* SAFE_NO_RNG */
130 static int safe_dma_malloc(struct safe_softc *, bus_size_t,
131 struct safe_dma_alloc *, int);
132 #define safe_dma_sync(_dma, _flags) \
133 bus_dmamap_sync((_dma)->dma_tag, (_dma)->dma_map, (_flags))
134 static void safe_dma_free(struct safe_softc *, struct safe_dma_alloc *);
135 static int safe_dmamap_aligned(const struct safe_operand *);
136 static int safe_dmamap_uniform(const struct safe_operand *);
137
138 static void safe_reset_board(struct safe_softc *);
139 static void safe_init_board(struct safe_softc *);
140 static void safe_init_pciregs(device_t dev);
141 static void safe_cleanchip(struct safe_softc *);
142 static void safe_totalreset(struct safe_softc *);
143
144 static int safe_free_entry(struct safe_softc *, struct safe_ringentry *);
145
146 SYSCTL_NODE(_hw, OID_AUTO, safe, CTLFLAG_RD, 0, "SafeNet driver parameters");
147
148 #ifdef SAFE_DEBUG
149 static void safe_dump_dmastatus(struct safe_softc *, const char *);
150 static void safe_dump_ringstate(struct safe_softc *, const char *);
151 static void safe_dump_intrstate(struct safe_softc *, const char *);
152 static void safe_dump_request(struct safe_softc *, const char *,
153 struct safe_ringentry *);
154
155 static struct safe_softc *safec; /* for use by hw.safe.dump */
156
157 static int safe_debug = 0;
158 SYSCTL_INT(_hw_safe, OID_AUTO, debug, CTLFLAG_RW, &safe_debug,
159 0, "control debugging msgs");
160 #define DPRINTF(_x) if (safe_debug) kprintf _x
161 #else
162 #define DPRINTF(_x)
163 #endif
164
165 #define READ_REG(sc,r) \
166 bus_space_read_4((sc)->sc_st, (sc)->sc_sh, (r))
167
168 #define WRITE_REG(sc,reg,val) \
169 bus_space_write_4((sc)->sc_st, (sc)->sc_sh, reg, val)
170
171 struct safe_stats safestats;
172 SYSCTL_STRUCT(_hw_safe, OID_AUTO, stats, CTLFLAG_RD, &safestats,
173 safe_stats, "driver statistics");
174 #ifndef SAFE_NO_RNG
175 static int safe_rnginterval = 1; /* poll once a second */
176 SYSCTL_INT(_hw_safe, OID_AUTO, rnginterval, CTLFLAG_RW, &safe_rnginterval,
177 0, "RNG polling interval (secs)");
178 static int safe_rngbufsize = 16; /* 64 bytes each poll */
179 SYSCTL_INT(_hw_safe, OID_AUTO, rngbufsize, CTLFLAG_RW, &safe_rngbufsize,
180 0, "RNG polling buffer size (32-bit words)");
181 static int safe_rngmaxalarm = 8; /* max alarms before reset */
182 SYSCTL_INT(_hw_safe, OID_AUTO, rngmaxalarm, CTLFLAG_RW, &safe_rngmaxalarm,
183 0, "RNG max alarms before reset");
184 #endif /* SAFE_NO_RNG */
185
186 static int
safe_probe(device_t dev)187 safe_probe(device_t dev)
188 {
189 if (pci_get_vendor(dev) == PCI_VENDOR_SAFENET &&
190 pci_get_device(dev) == PCI_PRODUCT_SAFEXCEL)
191 return (BUS_PROBE_DEFAULT);
192 return (ENXIO);
193 }
194
195 static const char*
safe_partname(struct safe_softc * sc)196 safe_partname(struct safe_softc *sc)
197 {
198 /* XXX sprintf numbers when not decoded */
199 switch (pci_get_vendor(sc->sc_dev)) {
200 case PCI_VENDOR_SAFENET:
201 switch (pci_get_device(sc->sc_dev)) {
202 case PCI_PRODUCT_SAFEXCEL: return "SafeNet SafeXcel-1141";
203 }
204 return "SafeNet unknown-part";
205 }
206 return "Unknown-vendor unknown-part";
207 }
208
209 #ifndef SAFE_NO_RNG
210 static void
default_harvest(struct rndtest_state * rsp,void * buf,u_int count)211 default_harvest(struct rndtest_state *rsp, void *buf, u_int count)
212 {
213 add_buffer_randomness_src(buf, count, RAND_SRC_SAFE);
214 }
215 #endif /* SAFE_NO_RNG */
216
217 static int
safe_attach(device_t dev)218 safe_attach(device_t dev)
219 {
220 struct safe_softc *sc = device_get_softc(dev);
221 u_int32_t raddr;
222 u_int32_t cmd, i, devinfo;
223 int rid;
224
225 bzero(sc, sizeof (*sc));
226 sc->sc_dev = dev;
227
228 /* XXX handle power management */
229
230 cmd = pci_read_config(dev, PCIR_COMMAND, 4);
231 cmd |= PCIM_CMD_MEMEN | PCIM_CMD_BUSMASTEREN;
232 pci_write_config(dev, PCIR_COMMAND, cmd, 4);
233 cmd = pci_read_config(dev, PCIR_COMMAND, 4);
234
235 if (!(cmd & PCIM_CMD_MEMEN)) {
236 device_printf(dev, "failed to enable memory mapping\n");
237 goto bad;
238 }
239
240 if (!(cmd & PCIM_CMD_BUSMASTEREN)) {
241 device_printf(dev, "failed to enable bus mastering\n");
242 goto bad;
243 }
244
245 /*
246 * Setup memory-mapping of PCI registers.
247 */
248 rid = BS_BAR;
249 sc->sc_sr = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid,
250 RF_ACTIVE);
251 if (sc->sc_sr == NULL) {
252 device_printf(dev, "cannot map register space\n");
253 goto bad;
254 }
255 sc->sc_st = rman_get_bustag(sc->sc_sr);
256 sc->sc_sh = rman_get_bushandle(sc->sc_sr);
257
258 /*
259 * Arrange interrupt line.
260 */
261 rid = 0;
262 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid,
263 RF_SHAREABLE|RF_ACTIVE);
264 if (sc->sc_irq == NULL) {
265 device_printf(dev, "could not map interrupt\n");
266 goto bad1;
267 }
268 /*
269 * NB: Network code assumes we are blocked with splimp()
270 * so make sure the IRQ is mapped appropriately.
271 */
272 if (bus_setup_intr(dev, sc->sc_irq, INTR_MPSAFE,
273 safe_intr, sc, &sc->sc_ih, NULL)) {
274 device_printf(dev, "could not establish interrupt\n");
275 goto bad2;
276 }
277
278 sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
279 if (sc->sc_cid < 0) {
280 device_printf(dev, "could not get crypto driver id\n");
281 goto bad3;
282 }
283
284 sc->sc_chiprev = READ_REG(sc, SAFE_DEVINFO) &
285 (SAFE_DEVINFO_REV_MAJ | SAFE_DEVINFO_REV_MIN);
286
287 /*
288 * Setup DMA descriptor area.
289 */
290 if (bus_dma_tag_create(NULL, /* parent */
291 1, /* alignment */
292 SAFE_DMA_BOUNDARY, /* boundary */
293 BUS_SPACE_MAXADDR_32BIT, /* lowaddr */
294 BUS_SPACE_MAXADDR, /* highaddr */
295 SAFE_MAX_DMA, /* maxsize */
296 SAFE_MAX_PART, /* nsegments */
297 SAFE_MAX_SSIZE, /* maxsegsize */
298 BUS_DMA_ALLOCNOW, /* flags */
299 &sc->sc_srcdmat)) {
300 device_printf(dev, "cannot allocate DMA tag\n");
301 goto bad4;
302 }
303 if (bus_dma_tag_create(NULL, /* parent */
304 1, /* alignment */
305 SAFE_MAX_DSIZE, /* boundary */
306 BUS_SPACE_MAXADDR_32BIT, /* lowaddr */
307 BUS_SPACE_MAXADDR, /* highaddr */
308 SAFE_MAX_DMA, /* maxsize */
309 SAFE_MAX_PART, /* nsegments */
310 SAFE_MAX_DSIZE, /* maxsegsize */
311 BUS_DMA_ALLOCNOW, /* flags */
312 &sc->sc_dstdmat)) {
313 device_printf(dev, "cannot allocate DMA tag\n");
314 goto bad4;
315 }
316
317 /*
318 * Allocate packet engine descriptors.
319 */
320 if (safe_dma_malloc(sc,
321 SAFE_MAX_NQUEUE * sizeof (struct safe_ringentry),
322 &sc->sc_ringalloc, 0)) {
323 device_printf(dev, "cannot allocate PE descriptor ring\n");
324 bus_dma_tag_destroy(sc->sc_srcdmat);
325 goto bad4;
326 }
327 /*
328 * Hookup the static portion of all our data structures.
329 */
330 sc->sc_ring = (struct safe_ringentry *) sc->sc_ringalloc.dma_vaddr;
331 sc->sc_ringtop = sc->sc_ring + SAFE_MAX_NQUEUE;
332 sc->sc_front = sc->sc_ring;
333 sc->sc_back = sc->sc_ring;
334 raddr = sc->sc_ringalloc.dma_paddr;
335 bzero(sc->sc_ring, SAFE_MAX_NQUEUE * sizeof(struct safe_ringentry));
336 for (i = 0; i < SAFE_MAX_NQUEUE; i++) {
337 struct safe_ringentry *re = &sc->sc_ring[i];
338
339 re->re_desc.d_sa = raddr +
340 offsetof(struct safe_ringentry, re_sa);
341 re->re_sa.sa_staterec = raddr +
342 offsetof(struct safe_ringentry, re_sastate);
343
344 raddr += sizeof (struct safe_ringentry);
345 }
346 lockinit(&sc->sc_ringlock, "packet engine ring", 0, LK_CANRECURSE);
347
348 /*
349 * Allocate scatter and gather particle descriptors.
350 */
351 if (safe_dma_malloc(sc, SAFE_TOTAL_SPART * sizeof (struct safe_pdesc),
352 &sc->sc_spalloc, 0)) {
353 device_printf(dev, "cannot allocate source particle "
354 "descriptor ring\n");
355 lockuninit(&sc->sc_ringlock);
356 safe_dma_free(sc, &sc->sc_ringalloc);
357 bus_dma_tag_destroy(sc->sc_srcdmat);
358 goto bad4;
359 }
360 sc->sc_spring = (struct safe_pdesc *) sc->sc_spalloc.dma_vaddr;
361 sc->sc_springtop = sc->sc_spring + SAFE_TOTAL_SPART;
362 sc->sc_spfree = sc->sc_spring;
363 bzero(sc->sc_spring, SAFE_TOTAL_SPART * sizeof(struct safe_pdesc));
364
365 if (safe_dma_malloc(sc, SAFE_TOTAL_DPART * sizeof (struct safe_pdesc),
366 &sc->sc_dpalloc, 0)) {
367 device_printf(dev, "cannot allocate destination particle "
368 "descriptor ring\n");
369 lockuninit(&sc->sc_ringlock);
370 safe_dma_free(sc, &sc->sc_spalloc);
371 safe_dma_free(sc, &sc->sc_ringalloc);
372 bus_dma_tag_destroy(sc->sc_dstdmat);
373 goto bad4;
374 }
375 sc->sc_dpring = (struct safe_pdesc *) sc->sc_dpalloc.dma_vaddr;
376 sc->sc_dpringtop = sc->sc_dpring + SAFE_TOTAL_DPART;
377 sc->sc_dpfree = sc->sc_dpring;
378 bzero(sc->sc_dpring, SAFE_TOTAL_DPART * sizeof(struct safe_pdesc));
379
380 device_printf(sc->sc_dev, "%s", safe_partname(sc));
381
382 devinfo = READ_REG(sc, SAFE_DEVINFO);
383 if (devinfo & SAFE_DEVINFO_RNG) {
384 sc->sc_flags |= SAFE_FLAGS_RNG;
385 kprintf(" rng");
386 }
387 if (devinfo & SAFE_DEVINFO_PKEY) {
388 #if 0
389 kprintf(" key");
390 sc->sc_flags |= SAFE_FLAGS_KEY;
391 crypto_kregister(sc->sc_cid, CRK_MOD_EXP, 0);
392 crypto_kregister(sc->sc_cid, CRK_MOD_EXP_CRT, 0);
393 #endif
394 }
395 if (devinfo & SAFE_DEVINFO_DES) {
396 kprintf(" des/3des");
397 crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0);
398 crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0);
399 }
400 if (devinfo & SAFE_DEVINFO_AES) {
401 kprintf(" aes");
402 crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0);
403 }
404 if (devinfo & SAFE_DEVINFO_MD5) {
405 kprintf(" md5");
406 crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0);
407 }
408 if (devinfo & SAFE_DEVINFO_SHA1) {
409 kprintf(" sha1");
410 crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0);
411 }
412 kprintf(" null");
413 crypto_register(sc->sc_cid, CRYPTO_NULL_CBC, 0, 0);
414 crypto_register(sc->sc_cid, CRYPTO_NULL_HMAC, 0, 0);
415 /* XXX other supported algorithms */
416 kprintf("\n");
417
418 safe_reset_board(sc); /* reset h/w */
419 safe_init_pciregs(dev); /* init pci settings */
420 safe_init_board(sc); /* init h/w */
421
422 #ifndef SAFE_NO_RNG
423 if (sc->sc_flags & SAFE_FLAGS_RNG) {
424 #ifdef SAFE_RNDTEST
425 sc->sc_rndtest = rndtest_attach(dev);
426 if (sc->sc_rndtest)
427 sc->sc_harvest = rndtest_harvest;
428 else
429 sc->sc_harvest = default_harvest;
430 #else
431 sc->sc_harvest = default_harvest;
432 #endif
433 safe_rng_init(sc);
434
435 callout_init_mp(&sc->sc_rngto);
436 callout_reset(&sc->sc_rngto, hz*safe_rnginterval, safe_rng, sc);
437 }
438 #endif /* SAFE_NO_RNG */
439 #ifdef SAFE_DEBUG
440 safec = sc; /* for use by hw.safe.dump */
441 #endif
442 return (0);
443 bad4:
444 crypto_unregister_all(sc->sc_cid);
445 bad3:
446 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih);
447 bad2:
448 bus_release_resource(dev, SYS_RES_IRQ, 0, sc->sc_irq);
449 bad1:
450 bus_release_resource(dev, SYS_RES_MEMORY, BS_BAR, sc->sc_sr);
451 bad:
452 return (ENXIO);
453 }
454
455 /*
456 * Detach a device that successfully probed.
457 */
458 static int
safe_detach(device_t dev)459 safe_detach(device_t dev)
460 {
461 struct safe_softc *sc = device_get_softc(dev);
462
463 /* XXX wait/abort active ops */
464
465 WRITE_REG(sc, SAFE_HI_MASK, 0); /* disable interrupts */
466
467 callout_stop(&sc->sc_rngto);
468
469 crypto_unregister_all(sc->sc_cid);
470
471 #ifdef SAFE_RNDTEST
472 if (sc->sc_rndtest)
473 rndtest_detach(sc->sc_rndtest);
474 #endif
475
476 safe_cleanchip(sc);
477 safe_dma_free(sc, &sc->sc_dpalloc);
478 safe_dma_free(sc, &sc->sc_spalloc);
479 lockuninit(&sc->sc_ringlock);
480 safe_dma_free(sc, &sc->sc_ringalloc);
481
482 bus_generic_detach(dev);
483 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih);
484 bus_release_resource(dev, SYS_RES_IRQ, 0, sc->sc_irq);
485
486 bus_dma_tag_destroy(sc->sc_srcdmat);
487 bus_dma_tag_destroy(sc->sc_dstdmat);
488 bus_release_resource(dev, SYS_RES_MEMORY, BS_BAR, sc->sc_sr);
489
490 return (0);
491 }
492
493 /*
494 * Stop all chip i/o so that the kernel's probe routines don't
495 * get confused by errant DMAs when rebooting.
496 */
497 static int
safe_shutdown(device_t dev)498 safe_shutdown(device_t dev)
499 {
500 #ifdef notyet
501 safe_stop(device_get_softc(dev));
502 #endif
503 return (0);
504 }
505
506 /*
507 * Device suspend routine.
508 */
509 static int
safe_suspend(device_t dev)510 safe_suspend(device_t dev)
511 {
512 struct safe_softc *sc = device_get_softc(dev);
513
514 #ifdef notyet
515 /* XXX stop the device and save PCI settings */
516 #endif
517 sc->sc_suspended = 1;
518
519 return (0);
520 }
521
522 static int
safe_resume(device_t dev)523 safe_resume(device_t dev)
524 {
525 struct safe_softc *sc = device_get_softc(dev);
526
527 #ifdef notyet
528 /* XXX retore PCI settings and start the device */
529 #endif
530 sc->sc_suspended = 0;
531 return (0);
532 }
533
534 /*
535 * SafeXcel Interrupt routine
536 */
537 static void
safe_intr(void * arg)538 safe_intr(void *arg)
539 {
540 struct safe_softc *sc = arg;
541 volatile u_int32_t stat;
542
543 stat = READ_REG(sc, SAFE_HM_STAT);
544 if (stat == 0) /* shared irq, not for us */
545 return;
546
547 WRITE_REG(sc, SAFE_HI_CLR, stat); /* IACK */
548
549 if ((stat & SAFE_INT_PE_DDONE)) {
550 /*
551 * Descriptor(s) done; scan the ring and
552 * process completed operations.
553 */
554 lockmgr(&sc->sc_ringlock, LK_EXCLUSIVE);
555 while (sc->sc_back != sc->sc_front) {
556 struct safe_ringentry *re = sc->sc_back;
557 #ifdef SAFE_DEBUG
558 if (safe_debug) {
559 safe_dump_ringstate(sc, __func__);
560 safe_dump_request(sc, __func__, re);
561 }
562 #endif
563 /*
564 * safe_process marks ring entries that were allocated
565 * but not used with a csr of zero. This insures the
566 * ring front pointer never needs to be set backwards
567 * in the event that an entry is allocated but not used
568 * because of a setup error.
569 */
570 if (re->re_desc.d_csr != 0) {
571 if (!SAFE_PE_CSR_IS_DONE(re->re_desc.d_csr))
572 break;
573 if (!SAFE_PE_LEN_IS_DONE(re->re_desc.d_len))
574 break;
575 sc->sc_nqchip--;
576 safe_callback(sc, re);
577 }
578 if (++(sc->sc_back) == sc->sc_ringtop)
579 sc->sc_back = sc->sc_ring;
580 }
581 lockmgr(&sc->sc_ringlock, LK_RELEASE);
582 }
583
584 /*
585 * Check to see if we got any DMA Error
586 */
587 if (stat & SAFE_INT_PE_ERROR) {
588 DPRINTF(("dmaerr dmastat %08x\n",
589 READ_REG(sc, SAFE_PE_DMASTAT)));
590 safestats.st_dmaerr++;
591 safe_totalreset(sc);
592 #if 0
593 safe_feed(sc);
594 #endif
595 }
596
597 if (sc->sc_needwakeup) { /* XXX check high watermark */
598 int wakeup = sc->sc_needwakeup & (CRYPTO_SYMQ|CRYPTO_ASYMQ);
599 DPRINTF(("%s: wakeup crypto %x\n", __func__,
600 sc->sc_needwakeup));
601 sc->sc_needwakeup &= ~wakeup;
602 crypto_unblock(sc->sc_cid, wakeup);
603 }
604 }
605
606 /*
607 * safe_feed() - post a request to chip
608 */
609 static void
safe_feed(struct safe_softc * sc,struct safe_ringentry * re)610 safe_feed(struct safe_softc *sc, struct safe_ringentry *re)
611 {
612 bus_dmamap_sync(sc->sc_srcdmat, re->re_src_map, BUS_DMASYNC_PREWRITE);
613 if (re->re_dst_map != NULL)
614 bus_dmamap_sync(sc->sc_dstdmat, re->re_dst_map,
615 BUS_DMASYNC_PREREAD);
616 /* XXX have no smaller granularity */
617 safe_dma_sync(&sc->sc_ringalloc,
618 BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
619 safe_dma_sync(&sc->sc_spalloc, BUS_DMASYNC_PREWRITE);
620 safe_dma_sync(&sc->sc_dpalloc, BUS_DMASYNC_PREWRITE);
621
622 #ifdef SAFE_DEBUG
623 if (safe_debug) {
624 safe_dump_ringstate(sc, __func__);
625 safe_dump_request(sc, __func__, re);
626 }
627 #endif
628 sc->sc_nqchip++;
629 if (sc->sc_nqchip > safestats.st_maxqchip)
630 safestats.st_maxqchip = sc->sc_nqchip;
631 /* poke h/w to check descriptor ring, any value can be written */
632 WRITE_REG(sc, SAFE_HI_RD_DESCR, 0);
633 }
634
635 static void
safe_setup_enckey(struct safe_session * ses,caddr_t key)636 safe_setup_enckey(struct safe_session *ses, caddr_t key)
637 {
638 int i;
639
640 bcopy(key, ses->ses_key, ses->ses_klen / 8);
641
642 /* PE is little-endian, insure proper byte order */
643 for (i = 0; i < nitems(ses->ses_key); i++)
644 ses->ses_key[i] = htole32(ses->ses_key[i]);
645 }
646
647 static void
safe_setup_mackey(struct safe_session * ses,int algo,caddr_t key,int klen)648 safe_setup_mackey(struct safe_session *ses, int algo, caddr_t key, int klen)
649 {
650 MD5_CTX md5ctx;
651 SHA1_CTX sha1ctx;
652 int i;
653
654
655 for (i = 0; i < klen; i++)
656 key[i] ^= HMAC_IPAD_VAL;
657
658 if (algo == CRYPTO_MD5_HMAC) {
659 MD5Init(&md5ctx);
660 MD5Update(&md5ctx, key, klen);
661 MD5Update(&md5ctx, hmac_ipad_buffer, MD5_HMAC_BLOCK_LEN - klen);
662 /* gcc8 craps out on -Warray-bounds w/ optimized bcopy */
663 _bcopy(&md5ctx.A, ses->ses_hminner, sizeof(md5ctx.A) * 4);
664 } else {
665 SHA1Init(&sha1ctx);
666 SHA1Update(&sha1ctx, key, klen);
667 SHA1Update(&sha1ctx, hmac_ipad_buffer,
668 SHA1_HMAC_BLOCK_LEN - klen);
669 bcopy(sha1ctx.h.b32, ses->ses_hminner, sizeof(sha1ctx.h.b32));
670 }
671
672 for (i = 0; i < klen; i++)
673 key[i] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
674
675 if (algo == CRYPTO_MD5_HMAC) {
676 MD5Init(&md5ctx);
677 MD5Update(&md5ctx, key, klen);
678 MD5Update(&md5ctx, hmac_opad_buffer, MD5_HMAC_BLOCK_LEN - klen);
679 /* gcc8 craps out on -Warray-bounds w/ optimized bcopy */
680 _bcopy(&md5ctx.A, ses->ses_hmouter, sizeof(md5ctx.A) * 4);
681 } else {
682 SHA1Init(&sha1ctx);
683 SHA1Update(&sha1ctx, key, klen);
684 SHA1Update(&sha1ctx, hmac_opad_buffer,
685 SHA1_HMAC_BLOCK_LEN - klen);
686 bcopy(sha1ctx.h.b32, ses->ses_hmouter, sizeof(sha1ctx.h.b32));
687 }
688
689 for (i = 0; i < klen; i++)
690 key[i] ^= HMAC_OPAD_VAL;
691
692 /* PE is little-endian, insure proper byte order */
693 for (i = 0; i < nitems(ses->ses_hminner); i++) {
694 ses->ses_hminner[i] = htole32(ses->ses_hminner[i]);
695 ses->ses_hmouter[i] = htole32(ses->ses_hmouter[i]);
696 }
697 }
698
699 /*
700 * Allocate a new 'session' and return an encoded session id. 'sidp'
701 * contains our registration id, and should contain an encoded session
702 * id on successful allocation.
703 */
704 static int
safe_newsession(device_t dev,u_int32_t * sidp,struct cryptoini * cri)705 safe_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
706 {
707 struct safe_softc *sc = device_get_softc(dev);
708 struct cryptoini *c, *encini = NULL, *macini = NULL;
709 struct safe_session *ses = NULL;
710 int sesn;
711
712 if (sidp == NULL || cri == NULL || sc == NULL)
713 return (EINVAL);
714
715 for (c = cri; c != NULL; c = c->cri_next) {
716 if (c->cri_alg == CRYPTO_MD5_HMAC ||
717 c->cri_alg == CRYPTO_SHA1_HMAC ||
718 c->cri_alg == CRYPTO_NULL_HMAC) {
719 if (macini)
720 return (EINVAL);
721 macini = c;
722 } else if (c->cri_alg == CRYPTO_DES_CBC ||
723 c->cri_alg == CRYPTO_3DES_CBC ||
724 c->cri_alg == CRYPTO_AES_CBC ||
725 c->cri_alg == CRYPTO_NULL_CBC) {
726 if (encini)
727 return (EINVAL);
728 encini = c;
729 } else
730 return (EINVAL);
731 }
732 if (encini == NULL && macini == NULL)
733 return (EINVAL);
734 if (encini) { /* validate key length */
735 switch (encini->cri_alg) {
736 case CRYPTO_DES_CBC:
737 if (encini->cri_klen != 64)
738 return (EINVAL);
739 break;
740 case CRYPTO_3DES_CBC:
741 if (encini->cri_klen != 192)
742 return (EINVAL);
743 break;
744 case CRYPTO_AES_CBC:
745 if (encini->cri_klen != 128 &&
746 encini->cri_klen != 192 &&
747 encini->cri_klen != 256)
748 return (EINVAL);
749 break;
750 }
751 }
752
753 if (sc->sc_sessions == NULL) {
754 ses = sc->sc_sessions = (struct safe_session *)kmalloc(
755 sizeof(struct safe_session), M_DEVBUF, M_NOWAIT);
756 if (ses == NULL)
757 return (ENOMEM);
758 sesn = 0;
759 sc->sc_nsessions = 1;
760 } else {
761 for (sesn = 0; sesn < sc->sc_nsessions; sesn++) {
762 if (sc->sc_sessions[sesn].ses_used == 0) {
763 ses = &sc->sc_sessions[sesn];
764 break;
765 }
766 }
767
768 if (ses == NULL) {
769 sesn = sc->sc_nsessions;
770 ses = (struct safe_session *)kmalloc((sesn + 1) *
771 sizeof(struct safe_session), M_DEVBUF, M_NOWAIT);
772 if (ses == NULL)
773 return (ENOMEM);
774 bcopy(sc->sc_sessions, ses, sesn *
775 sizeof(struct safe_session));
776 bzero(sc->sc_sessions, sesn *
777 sizeof(struct safe_session));
778 kfree(sc->sc_sessions, M_DEVBUF);
779 sc->sc_sessions = ses;
780 ses = &sc->sc_sessions[sesn];
781 sc->sc_nsessions++;
782 }
783 }
784
785 bzero(ses, sizeof(struct safe_session));
786 ses->ses_used = 1;
787
788 if (encini) {
789 /* get an IV */
790 /* XXX may read fewer than requested */
791 read_random(ses->ses_iv, sizeof(ses->ses_iv), 0);
792
793 ses->ses_klen = encini->cri_klen;
794 if (encini->cri_key != NULL)
795 safe_setup_enckey(ses, encini->cri_key);
796 }
797
798 if (macini) {
799 ses->ses_mlen = macini->cri_mlen;
800 if (ses->ses_mlen == 0) {
801 if (macini->cri_alg == CRYPTO_MD5_HMAC)
802 ses->ses_mlen = MD5_HASH_LEN;
803 else
804 ses->ses_mlen = SHA1_HASH_LEN;
805 }
806
807 if (macini->cri_key != NULL) {
808 safe_setup_mackey(ses, macini->cri_alg, macini->cri_key,
809 macini->cri_klen / 8);
810 }
811 }
812
813 *sidp = SAFE_SID(device_get_unit(sc->sc_dev), sesn);
814 return (0);
815 }
816
817 /*
818 * Deallocate a session.
819 */
820 static int
safe_freesession(device_t dev,u_int64_t tid)821 safe_freesession(device_t dev, u_int64_t tid)
822 {
823 struct safe_softc *sc = device_get_softc(dev);
824 int session, ret;
825 u_int32_t sid = ((u_int32_t) tid) & 0xffffffff;
826
827 if (sc == NULL)
828 return (EINVAL);
829
830 session = SAFE_SESSION(sid);
831 if (session < sc->sc_nsessions) {
832 bzero(&sc->sc_sessions[session], sizeof(sc->sc_sessions[session]));
833 ret = 0;
834 } else
835 ret = EINVAL;
836 return (ret);
837 }
838
839 static void
safe_op_cb(void * arg,bus_dma_segment_t * seg,int nsegs,bus_size_t mapsize,int error)840 safe_op_cb(void *arg, bus_dma_segment_t *seg, int nsegs, bus_size_t mapsize, int error)
841 {
842 struct safe_operand *op = arg;
843
844 DPRINTF(("%s: mapsize %u nsegs %d error %d\n", __func__,
845 (u_int) mapsize, nsegs, error));
846 if (error != 0)
847 return;
848 op->mapsize = mapsize;
849 op->nsegs = nsegs;
850 bcopy(seg, op->segs, nsegs * sizeof (seg[0]));
851 }
852
853 static int
safe_process(device_t dev,struct cryptop * crp,int hint)854 safe_process(device_t dev, struct cryptop *crp, int hint)
855 {
856 struct safe_softc *sc = device_get_softc(dev);
857 int err = 0, i, nicealign, uniform;
858 struct cryptodesc *crd1, *crd2, *maccrd, *enccrd;
859 int bypass, oplen, ivsize;
860 caddr_t iv;
861 int16_t coffset;
862 struct safe_session *ses;
863 struct safe_ringentry *re;
864 struct safe_sarec *sa;
865 struct safe_pdesc *pd;
866 u_int32_t cmd0, cmd1, staterec;
867
868 if (crp == NULL || crp->crp_callback == NULL || sc == NULL) {
869 safestats.st_invalid++;
870 return (EINVAL);
871 }
872 if (SAFE_SESSION(crp->crp_sid) >= sc->sc_nsessions) {
873 safestats.st_badsession++;
874 return (EINVAL);
875 }
876
877 lockmgr(&sc->sc_ringlock, LK_EXCLUSIVE);
878 if (sc->sc_front == sc->sc_back && sc->sc_nqchip != 0) {
879 safestats.st_ringfull++;
880 sc->sc_needwakeup |= CRYPTO_SYMQ;
881 lockmgr(&sc->sc_ringlock, LK_RELEASE);
882 return (ERESTART);
883 }
884 re = sc->sc_front;
885
886 staterec = re->re_sa.sa_staterec; /* save */
887 /* NB: zero everything but the PE descriptor */
888 bzero(&re->re_sa, sizeof(struct safe_ringentry) - sizeof(re->re_desc));
889 re->re_sa.sa_staterec = staterec; /* restore */
890
891 re->re_crp = crp;
892 re->re_sesn = SAFE_SESSION(crp->crp_sid);
893
894 if (crp->crp_flags & CRYPTO_F_IMBUF) {
895 re->re_src_m = (struct mbuf *)crp->crp_buf;
896 re->re_dst_m = (struct mbuf *)crp->crp_buf;
897 } else if (crp->crp_flags & CRYPTO_F_IOV) {
898 re->re_src_io = (struct uio *)crp->crp_buf;
899 re->re_dst_io = (struct uio *)crp->crp_buf;
900 } else {
901 safestats.st_badflags++;
902 err = EINVAL;
903 goto errout; /* XXX we don't handle contiguous blocks! */
904 }
905
906 sa = &re->re_sa;
907 ses = &sc->sc_sessions[re->re_sesn];
908
909 crd1 = crp->crp_desc;
910 if (crd1 == NULL) {
911 safestats.st_nodesc++;
912 err = EINVAL;
913 goto errout;
914 }
915 crd2 = crd1->crd_next;
916
917 cmd0 = SAFE_SA_CMD0_BASIC; /* basic group operation */
918 cmd1 = 0;
919 if (crd2 == NULL) {
920 if (crd1->crd_alg == CRYPTO_MD5_HMAC ||
921 crd1->crd_alg == CRYPTO_SHA1_HMAC ||
922 crd1->crd_alg == CRYPTO_NULL_HMAC) {
923 maccrd = crd1;
924 enccrd = NULL;
925 cmd0 |= SAFE_SA_CMD0_OP_HASH;
926 } else if (crd1->crd_alg == CRYPTO_DES_CBC ||
927 crd1->crd_alg == CRYPTO_3DES_CBC ||
928 crd1->crd_alg == CRYPTO_AES_CBC ||
929 crd1->crd_alg == CRYPTO_NULL_CBC) {
930 maccrd = NULL;
931 enccrd = crd1;
932 cmd0 |= SAFE_SA_CMD0_OP_CRYPT;
933 } else {
934 safestats.st_badalg++;
935 err = EINVAL;
936 goto errout;
937 }
938 } else {
939 if ((crd1->crd_alg == CRYPTO_MD5_HMAC ||
940 crd1->crd_alg == CRYPTO_SHA1_HMAC ||
941 crd1->crd_alg == CRYPTO_NULL_HMAC) &&
942 (crd2->crd_alg == CRYPTO_DES_CBC ||
943 crd2->crd_alg == CRYPTO_3DES_CBC ||
944 crd2->crd_alg == CRYPTO_AES_CBC ||
945 crd2->crd_alg == CRYPTO_NULL_CBC) &&
946 ((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) {
947 maccrd = crd1;
948 enccrd = crd2;
949 } else if ((crd1->crd_alg == CRYPTO_DES_CBC ||
950 crd1->crd_alg == CRYPTO_3DES_CBC ||
951 crd1->crd_alg == CRYPTO_AES_CBC ||
952 crd1->crd_alg == CRYPTO_NULL_CBC) &&
953 (crd2->crd_alg == CRYPTO_MD5_HMAC ||
954 crd2->crd_alg == CRYPTO_SHA1_HMAC ||
955 crd2->crd_alg == CRYPTO_NULL_HMAC) &&
956 (crd1->crd_flags & CRD_F_ENCRYPT)) {
957 enccrd = crd1;
958 maccrd = crd2;
959 } else {
960 safestats.st_badalg++;
961 err = EINVAL;
962 goto errout;
963 }
964 cmd0 |= SAFE_SA_CMD0_OP_BOTH;
965 }
966
967 if (enccrd) {
968 if (enccrd->crd_flags & CRD_F_KEY_EXPLICIT)
969 safe_setup_enckey(ses, enccrd->crd_key);
970
971 if (enccrd->crd_alg == CRYPTO_DES_CBC) {
972 cmd0 |= SAFE_SA_CMD0_DES;
973 cmd1 |= SAFE_SA_CMD1_CBC;
974 ivsize = 2*sizeof(u_int32_t);
975 } else if (enccrd->crd_alg == CRYPTO_3DES_CBC) {
976 cmd0 |= SAFE_SA_CMD0_3DES;
977 cmd1 |= SAFE_SA_CMD1_CBC;
978 ivsize = 2*sizeof(u_int32_t);
979 } else if (enccrd->crd_alg == CRYPTO_AES_CBC) {
980 cmd0 |= SAFE_SA_CMD0_AES;
981 cmd1 |= SAFE_SA_CMD1_CBC;
982 if (ses->ses_klen == 128)
983 cmd1 |= SAFE_SA_CMD1_AES128;
984 else if (ses->ses_klen == 192)
985 cmd1 |= SAFE_SA_CMD1_AES192;
986 else
987 cmd1 |= SAFE_SA_CMD1_AES256;
988 ivsize = 4*sizeof(u_int32_t);
989 } else {
990 cmd0 |= SAFE_SA_CMD0_CRYPT_NULL;
991 ivsize = 0;
992 }
993
994 /*
995 * Setup encrypt/decrypt state. When using basic ops
996 * we can't use an inline IV because hash/crypt offset
997 * must be from the end of the IV to the start of the
998 * crypt data and this leaves out the preceding header
999 * from the hash calculation. Instead we place the IV
1000 * in the state record and set the hash/crypt offset to
1001 * copy both the header+IV.
1002 */
1003 if (enccrd->crd_flags & CRD_F_ENCRYPT) {
1004 cmd0 |= SAFE_SA_CMD0_OUTBOUND;
1005
1006 if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
1007 iv = enccrd->crd_iv;
1008 else
1009 iv = (caddr_t) ses->ses_iv;
1010 if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) {
1011 crypto_copyback(crp->crp_flags, crp->crp_buf,
1012 enccrd->crd_inject, ivsize, iv);
1013 }
1014 bcopy(iv, re->re_sastate.sa_saved_iv, ivsize);
1015 cmd0 |= SAFE_SA_CMD0_IVLD_STATE | SAFE_SA_CMD0_SAVEIV;
1016 re->re_flags |= SAFE_QFLAGS_COPYOUTIV;
1017 } else {
1018 cmd0 |= SAFE_SA_CMD0_INBOUND;
1019
1020 if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) {
1021 bcopy(enccrd->crd_iv,
1022 re->re_sastate.sa_saved_iv, ivsize);
1023 } else {
1024 crypto_copydata(crp->crp_flags, crp->crp_buf,
1025 enccrd->crd_inject, ivsize,
1026 (caddr_t)re->re_sastate.sa_saved_iv);
1027 }
1028 cmd0 |= SAFE_SA_CMD0_IVLD_STATE;
1029 }
1030 /*
1031 * For basic encryption use the zero pad algorithm.
1032 * This pads results to an 8-byte boundary and
1033 * suppresses padding verification for inbound (i.e.
1034 * decrypt) operations.
1035 *
1036 * NB: Not sure if the 8-byte pad boundary is a problem.
1037 */
1038 cmd0 |= SAFE_SA_CMD0_PAD_ZERO;
1039
1040 /* XXX assert key bufs have the same size */
1041 bcopy(ses->ses_key, sa->sa_key, sizeof(sa->sa_key));
1042 }
1043
1044 if (maccrd) {
1045 if (maccrd->crd_flags & CRD_F_KEY_EXPLICIT) {
1046 safe_setup_mackey(ses, maccrd->crd_alg,
1047 maccrd->crd_key, maccrd->crd_klen / 8);
1048 }
1049
1050 if (maccrd->crd_alg == CRYPTO_MD5_HMAC) {
1051 cmd0 |= SAFE_SA_CMD0_MD5;
1052 cmd1 |= SAFE_SA_CMD1_HMAC; /* NB: enable HMAC */
1053 } else if (maccrd->crd_alg == CRYPTO_SHA1_HMAC) {
1054 cmd0 |= SAFE_SA_CMD0_SHA1;
1055 cmd1 |= SAFE_SA_CMD1_HMAC; /* NB: enable HMAC */
1056 } else {
1057 cmd0 |= SAFE_SA_CMD0_HASH_NULL;
1058 }
1059 /*
1060 * Digest data is loaded from the SA and the hash
1061 * result is saved to the state block where we
1062 * retrieve it for return to the caller.
1063 */
1064 /* XXX assert digest bufs have the same size */
1065 bcopy(ses->ses_hminner, sa->sa_indigest,
1066 sizeof(sa->sa_indigest));
1067 bcopy(ses->ses_hmouter, sa->sa_outdigest,
1068 sizeof(sa->sa_outdigest));
1069
1070 cmd0 |= SAFE_SA_CMD0_HSLD_SA | SAFE_SA_CMD0_SAVEHASH;
1071 re->re_flags |= SAFE_QFLAGS_COPYOUTICV;
1072 }
1073
1074 if (enccrd && maccrd) {
1075 /*
1076 * The offset from hash data to the start of
1077 * crypt data is the difference in the skips.
1078 */
1079 bypass = maccrd->crd_skip;
1080 coffset = enccrd->crd_skip - maccrd->crd_skip;
1081 if (coffset < 0) {
1082 DPRINTF(("%s: hash does not precede crypt; "
1083 "mac skip %u enc skip %u\n",
1084 __func__, maccrd->crd_skip, enccrd->crd_skip));
1085 safestats.st_skipmismatch++;
1086 err = EINVAL;
1087 goto errout;
1088 }
1089 oplen = enccrd->crd_skip + enccrd->crd_len;
1090 if (maccrd->crd_skip + maccrd->crd_len != oplen) {
1091 DPRINTF(("%s: hash amount %u != crypt amount %u\n",
1092 __func__, maccrd->crd_skip + maccrd->crd_len,
1093 oplen));
1094 safestats.st_lenmismatch++;
1095 err = EINVAL;
1096 goto errout;
1097 }
1098 #ifdef SAFE_DEBUG
1099 if (safe_debug) {
1100 kprintf("mac: skip %d, len %d, inject %d\n",
1101 maccrd->crd_skip, maccrd->crd_len,
1102 maccrd->crd_inject);
1103 kprintf("enc: skip %d, len %d, inject %d\n",
1104 enccrd->crd_skip, enccrd->crd_len,
1105 enccrd->crd_inject);
1106 kprintf("bypass %d coffset %d oplen %d\n",
1107 bypass, coffset, oplen);
1108 }
1109 #endif
1110 if (coffset & 3) { /* offset must be 32-bit aligned */
1111 DPRINTF(("%s: coffset %u misaligned\n",
1112 __func__, coffset));
1113 safestats.st_coffmisaligned++;
1114 err = EINVAL;
1115 goto errout;
1116 }
1117 coffset >>= 2;
1118 if (coffset > 255) { /* offset must be <256 dwords */
1119 DPRINTF(("%s: coffset %u too big\n",
1120 __func__, coffset));
1121 safestats.st_cofftoobig++;
1122 err = EINVAL;
1123 goto errout;
1124 }
1125 /*
1126 * Tell the hardware to copy the header to the output.
1127 * The header is defined as the data from the end of
1128 * the bypass to the start of data to be encrypted.
1129 * Typically this is the inline IV. Note that you need
1130 * to do this even if src+dst are the same; it appears
1131 * that w/o this bit the crypted data is written
1132 * immediately after the bypass data.
1133 */
1134 cmd1 |= SAFE_SA_CMD1_HDRCOPY;
1135 /*
1136 * Disable IP header mutable bit handling. This is
1137 * needed to get correct HMAC calculations.
1138 */
1139 cmd1 |= SAFE_SA_CMD1_MUTABLE;
1140 } else {
1141 if (enccrd) {
1142 bypass = enccrd->crd_skip;
1143 oplen = bypass + enccrd->crd_len;
1144 } else {
1145 bypass = maccrd->crd_skip;
1146 oplen = bypass + maccrd->crd_len;
1147 }
1148 coffset = 0;
1149 }
1150 /* XXX verify multiple of 4 when using s/g */
1151 if (bypass > 96) { /* bypass offset must be <= 96 bytes */
1152 DPRINTF(("%s: bypass %u too big\n", __func__, bypass));
1153 safestats.st_bypasstoobig++;
1154 err = EINVAL;
1155 goto errout;
1156 }
1157
1158 if (bus_dmamap_create(sc->sc_srcdmat, BUS_DMA_NOWAIT, &re->re_src_map)) {
1159 safestats.st_nomap++;
1160 err = ENOMEM;
1161 goto errout;
1162 }
1163 if (crp->crp_flags & CRYPTO_F_IMBUF) {
1164 if (bus_dmamap_load_mbuf(sc->sc_srcdmat, re->re_src_map,
1165 re->re_src_m, safe_op_cb,
1166 &re->re_src, BUS_DMA_NOWAIT) != 0) {
1167 bus_dmamap_destroy(sc->sc_srcdmat, re->re_src_map);
1168 re->re_src_map = NULL;
1169 safestats.st_noload++;
1170 err = ENOMEM;
1171 goto errout;
1172 }
1173 } else if (crp->crp_flags & CRYPTO_F_IOV) {
1174 if (bus_dmamap_load_uio(sc->sc_srcdmat, re->re_src_map,
1175 re->re_src_io, safe_op_cb,
1176 &re->re_src, BUS_DMA_NOWAIT) != 0) {
1177 bus_dmamap_destroy(sc->sc_srcdmat, re->re_src_map);
1178 re->re_src_map = NULL;
1179 safestats.st_noload++;
1180 err = ENOMEM;
1181 goto errout;
1182 }
1183 }
1184 nicealign = safe_dmamap_aligned(&re->re_src);
1185 uniform = safe_dmamap_uniform(&re->re_src);
1186
1187 DPRINTF(("src nicealign %u uniform %u nsegs %u\n",
1188 nicealign, uniform, re->re_src.nsegs));
1189 if (re->re_src.nsegs > 1) {
1190 re->re_desc.d_src = sc->sc_spalloc.dma_paddr +
1191 ((caddr_t) sc->sc_spfree - (caddr_t) sc->sc_spring);
1192 for (i = 0; i < re->re_src_nsegs; i++) {
1193 /* NB: no need to check if there's space */
1194 pd = sc->sc_spfree;
1195 if (++(sc->sc_spfree) == sc->sc_springtop)
1196 sc->sc_spfree = sc->sc_spring;
1197
1198 KASSERT((pd->pd_flags&3) == 0 ||
1199 (pd->pd_flags&3) == SAFE_PD_DONE,
1200 ("bogus source particle descriptor; flags %x",
1201 pd->pd_flags));
1202 pd->pd_addr = re->re_src_segs[i].ds_addr;
1203 pd->pd_size = re->re_src_segs[i].ds_len;
1204 pd->pd_flags = SAFE_PD_READY;
1205 }
1206 cmd0 |= SAFE_SA_CMD0_IGATHER;
1207 } else {
1208 /*
1209 * No need for gather, reference the operand directly.
1210 */
1211 re->re_desc.d_src = re->re_src_segs[0].ds_addr;
1212 }
1213
1214 if (enccrd == NULL && maccrd != NULL) {
1215 /*
1216 * Hash op; no destination needed.
1217 */
1218 } else {
1219 if (crp->crp_flags & CRYPTO_F_IOV) {
1220 if (!nicealign) {
1221 safestats.st_iovmisaligned++;
1222 err = EINVAL;
1223 goto errout;
1224 }
1225 if (uniform != 1) {
1226 /*
1227 * Source is not suitable for direct use as
1228 * the destination. Create a new scatter/gather
1229 * list based on the destination requirements
1230 * and check if that's ok.
1231 */
1232 if (bus_dmamap_create(sc->sc_dstdmat,
1233 BUS_DMA_NOWAIT, &re->re_dst_map)) {
1234 safestats.st_nomap++;
1235 err = ENOMEM;
1236 goto errout;
1237 }
1238 if (bus_dmamap_load_uio(sc->sc_dstdmat,
1239 re->re_dst_map, re->re_dst_io,
1240 safe_op_cb, &re->re_dst,
1241 BUS_DMA_NOWAIT) != 0) {
1242 bus_dmamap_destroy(sc->sc_dstdmat,
1243 re->re_dst_map);
1244 re->re_dst_map = NULL;
1245 safestats.st_noload++;
1246 err = ENOMEM;
1247 goto errout;
1248 }
1249 uniform = safe_dmamap_uniform(&re->re_dst);
1250 if (!uniform) {
1251 /*
1252 * There's no way to handle the DMA
1253 * requirements with this uio. We
1254 * could create a separate DMA area for
1255 * the result and then copy it back,
1256 * but for now we just bail and return
1257 * an error. Note that uio requests
1258 * > SAFE_MAX_DSIZE are handled because
1259 * the DMA map and segment list for the
1260 * destination wil result in a
1261 * destination particle list that does
1262 * the necessary scatter DMA.
1263 */
1264 safestats.st_iovnotuniform++;
1265 err = EINVAL;
1266 goto errout;
1267 }
1268 } else
1269 re->re_dst = re->re_src;
1270 } else if (crp->crp_flags & CRYPTO_F_IMBUF) {
1271 if (nicealign && uniform == 1) {
1272 /*
1273 * Source layout is suitable for direct
1274 * sharing of the DMA map and segment list.
1275 */
1276 re->re_dst = re->re_src;
1277 } else if (nicealign && uniform == 2) {
1278 /*
1279 * The source is properly aligned but requires a
1280 * different particle list to handle DMA of the
1281 * result. Create a new map and do the load to
1282 * create the segment list. The particle
1283 * descriptor setup code below will handle the
1284 * rest.
1285 */
1286 if (bus_dmamap_create(sc->sc_dstdmat,
1287 BUS_DMA_NOWAIT, &re->re_dst_map)) {
1288 safestats.st_nomap++;
1289 err = ENOMEM;
1290 goto errout;
1291 }
1292 if (bus_dmamap_load_mbuf(sc->sc_dstdmat,
1293 re->re_dst_map, re->re_dst_m,
1294 safe_op_cb, &re->re_dst,
1295 BUS_DMA_NOWAIT) != 0) {
1296 bus_dmamap_destroy(sc->sc_dstdmat,
1297 re->re_dst_map);
1298 re->re_dst_map = NULL;
1299 safestats.st_noload++;
1300 err = ENOMEM;
1301 goto errout;
1302 }
1303 } else { /* !(aligned and/or uniform) */
1304 int totlen, len;
1305 struct mbuf *m, *top, **mp;
1306
1307 /*
1308 * DMA constraints require that we allocate a
1309 * new mbuf chain for the destination. We
1310 * allocate an entire new set of mbufs of
1311 * optimal/required size and then tell the
1312 * hardware to copy any bits that are not
1313 * created as a byproduct of the operation.
1314 */
1315 if (!nicealign)
1316 safestats.st_unaligned++;
1317 if (!uniform)
1318 safestats.st_notuniform++;
1319 totlen = re->re_src_mapsize;
1320 if (re->re_src_m->m_flags & M_PKTHDR) {
1321 len = MHLEN;
1322 MGETHDR(m, M_NOWAIT, MT_DATA);
1323 if (m && !m_dup_pkthdr(m, re->re_src_m,
1324 M_NOWAIT)) {
1325 m_free(m);
1326 m = NULL;
1327 }
1328 } else {
1329 len = MLEN;
1330 MGET(m, M_NOWAIT, MT_DATA);
1331 }
1332 if (m == NULL) {
1333 safestats.st_nombuf++;
1334 err = sc->sc_nqchip ? ERESTART : ENOMEM;
1335 goto errout;
1336 }
1337 if (totlen >= MINCLSIZE) {
1338 MCLGET(m, M_NOWAIT);
1339 if ((m->m_flags & M_EXT) == 0) {
1340 m_free(m);
1341 safestats.st_nomcl++;
1342 err = sc->sc_nqchip ?
1343 ERESTART : ENOMEM;
1344 goto errout;
1345 }
1346 len = MCLBYTES;
1347 }
1348 m->m_len = len;
1349 top = NULL;
1350 mp = ⊤
1351
1352 while (totlen > 0) {
1353 if (top) {
1354 MGET(m, M_NOWAIT, MT_DATA);
1355 if (m == NULL) {
1356 m_freem(top);
1357 safestats.st_nombuf++;
1358 err = sc->sc_nqchip ?
1359 ERESTART : ENOMEM;
1360 goto errout;
1361 }
1362 len = MLEN;
1363 }
1364 if (top && totlen >= MINCLSIZE) {
1365 MCLGET(m, M_NOWAIT);
1366 if ((m->m_flags & M_EXT) == 0) {
1367 *mp = m;
1368 m_freem(top);
1369 safestats.st_nomcl++;
1370 err = sc->sc_nqchip ?
1371 ERESTART : ENOMEM;
1372 goto errout;
1373 }
1374 len = MCLBYTES;
1375 }
1376 m->m_len = len = min(totlen, len);
1377 totlen -= len;
1378 *mp = m;
1379 mp = &m->m_next;
1380 }
1381 re->re_dst_m = top;
1382 if (bus_dmamap_create(sc->sc_dstdmat,
1383 BUS_DMA_NOWAIT, &re->re_dst_map) != 0) {
1384 safestats.st_nomap++;
1385 err = ENOMEM;
1386 goto errout;
1387 }
1388 if (bus_dmamap_load_mbuf(sc->sc_dstdmat,
1389 re->re_dst_map, re->re_dst_m,
1390 safe_op_cb, &re->re_dst,
1391 BUS_DMA_NOWAIT) != 0) {
1392 bus_dmamap_destroy(sc->sc_dstdmat,
1393 re->re_dst_map);
1394 re->re_dst_map = NULL;
1395 safestats.st_noload++;
1396 err = ENOMEM;
1397 goto errout;
1398 }
1399 if (re->re_src.mapsize > oplen) {
1400 /*
1401 * There's data following what the
1402 * hardware will copy for us. If this
1403 * isn't just the ICV (that's going to
1404 * be written on completion), copy it
1405 * to the new mbufs
1406 */
1407 if (!(maccrd &&
1408 (re->re_src.mapsize-oplen) == 12 &&
1409 maccrd->crd_inject == oplen))
1410 safe_mcopy(re->re_src_m,
1411 re->re_dst_m,
1412 oplen);
1413 else
1414 safestats.st_noicvcopy++;
1415 }
1416 }
1417 } else {
1418 safestats.st_badflags++;
1419 err = EINVAL;
1420 goto errout;
1421 }
1422
1423 if (re->re_dst.nsegs > 1) {
1424 re->re_desc.d_dst = sc->sc_dpalloc.dma_paddr +
1425 ((caddr_t) sc->sc_dpfree - (caddr_t) sc->sc_dpring);
1426 for (i = 0; i < re->re_dst_nsegs; i++) {
1427 pd = sc->sc_dpfree;
1428 KASSERT((pd->pd_flags&3) == 0 ||
1429 (pd->pd_flags&3) == SAFE_PD_DONE,
1430 ("bogus dest particle descriptor; flags %x",
1431 pd->pd_flags));
1432 if (++(sc->sc_dpfree) == sc->sc_dpringtop)
1433 sc->sc_dpfree = sc->sc_dpring;
1434 pd->pd_addr = re->re_dst_segs[i].ds_addr;
1435 pd->pd_flags = SAFE_PD_READY;
1436 }
1437 cmd0 |= SAFE_SA_CMD0_OSCATTER;
1438 } else {
1439 /*
1440 * No need for scatter, reference the operand directly.
1441 */
1442 re->re_desc.d_dst = re->re_dst_segs[0].ds_addr;
1443 }
1444 }
1445
1446 /*
1447 * All done with setup; fillin the SA command words
1448 * and the packet engine descriptor. The operation
1449 * is now ready for submission to the hardware.
1450 */
1451 sa->sa_cmd0 = cmd0 | SAFE_SA_CMD0_IPCI | SAFE_SA_CMD0_OPCI;
1452 sa->sa_cmd1 = cmd1
1453 | (coffset << SAFE_SA_CMD1_OFFSET_S)
1454 | SAFE_SA_CMD1_SAREV1 /* Rev 1 SA data structure */
1455 | SAFE_SA_CMD1_SRPCI
1456 ;
1457 /*
1458 * NB: the order of writes is important here. In case the
1459 * chip is scanning the ring because of an outstanding request
1460 * it might nab this one too. In that case we need to make
1461 * sure the setup is complete before we write the length
1462 * field of the descriptor as it signals the descriptor is
1463 * ready for processing.
1464 */
1465 re->re_desc.d_csr = SAFE_PE_CSR_READY | SAFE_PE_CSR_SAPCI;
1466 if (maccrd)
1467 re->re_desc.d_csr |= SAFE_PE_CSR_LOADSA | SAFE_PE_CSR_HASHFINAL;
1468 re->re_desc.d_len = oplen
1469 | SAFE_PE_LEN_READY
1470 | (bypass << SAFE_PE_LEN_BYPASS_S)
1471 ;
1472
1473 safestats.st_ipackets++;
1474 safestats.st_ibytes += oplen;
1475
1476 if (++(sc->sc_front) == sc->sc_ringtop)
1477 sc->sc_front = sc->sc_ring;
1478
1479 /* XXX honor batching */
1480 safe_feed(sc, re);
1481 lockmgr(&sc->sc_ringlock, LK_RELEASE);
1482 return (0);
1483
1484 errout:
1485 if ((re->re_dst_m != NULL) && (re->re_src_m != re->re_dst_m))
1486 m_freem(re->re_dst_m);
1487
1488 if (re->re_dst_map != NULL && re->re_dst_map != re->re_src_map) {
1489 bus_dmamap_unload(sc->sc_dstdmat, re->re_dst_map);
1490 bus_dmamap_destroy(sc->sc_dstdmat, re->re_dst_map);
1491 }
1492 if (re->re_src_map != NULL) {
1493 bus_dmamap_unload(sc->sc_srcdmat, re->re_src_map);
1494 bus_dmamap_destroy(sc->sc_srcdmat, re->re_src_map);
1495 }
1496 lockmgr(&sc->sc_ringlock, LK_RELEASE);
1497 if (err != ERESTART) {
1498 crp->crp_etype = err;
1499 crypto_done(crp);
1500 } else {
1501 sc->sc_needwakeup |= CRYPTO_SYMQ;
1502 }
1503 return (err);
1504 }
1505
1506 static void
safe_callback(struct safe_softc * sc,struct safe_ringentry * re)1507 safe_callback(struct safe_softc *sc, struct safe_ringentry *re)
1508 {
1509 struct cryptop *crp = (struct cryptop *)re->re_crp;
1510 struct cryptodesc *crd;
1511
1512 safestats.st_opackets++;
1513 safestats.st_obytes += re->re_dst.mapsize;
1514
1515 safe_dma_sync(&sc->sc_ringalloc,
1516 BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE);
1517 if (re->re_desc.d_csr & SAFE_PE_CSR_STATUS) {
1518 device_printf(sc->sc_dev, "csr 0x%x cmd0 0x%x cmd1 0x%x\n",
1519 re->re_desc.d_csr,
1520 re->re_sa.sa_cmd0, re->re_sa.sa_cmd1);
1521 safestats.st_peoperr++;
1522 crp->crp_etype = EIO; /* something more meaningful? */
1523 }
1524 if (re->re_dst_map != NULL && re->re_dst_map != re->re_src_map) {
1525 bus_dmamap_sync(sc->sc_dstdmat, re->re_dst_map,
1526 BUS_DMASYNC_POSTREAD);
1527 bus_dmamap_unload(sc->sc_dstdmat, re->re_dst_map);
1528 bus_dmamap_destroy(sc->sc_dstdmat, re->re_dst_map);
1529 }
1530 bus_dmamap_sync(sc->sc_srcdmat, re->re_src_map, BUS_DMASYNC_POSTWRITE);
1531 bus_dmamap_unload(sc->sc_srcdmat, re->re_src_map);
1532 bus_dmamap_destroy(sc->sc_srcdmat, re->re_src_map);
1533
1534 /*
1535 * If result was written to a differet mbuf chain, swap
1536 * it in as the return value and reclaim the original.
1537 */
1538 if ((crp->crp_flags & CRYPTO_F_IMBUF) && re->re_src_m != re->re_dst_m) {
1539 m_freem(re->re_src_m);
1540 crp->crp_buf = (caddr_t)re->re_dst_m;
1541 }
1542
1543 if (re->re_flags & SAFE_QFLAGS_COPYOUTIV) {
1544 /* copy out IV for future use */
1545 for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
1546 int ivsize;
1547
1548 if (crd->crd_alg == CRYPTO_DES_CBC ||
1549 crd->crd_alg == CRYPTO_3DES_CBC) {
1550 ivsize = 2*sizeof(u_int32_t);
1551 } else if (crd->crd_alg == CRYPTO_AES_CBC) {
1552 ivsize = 4*sizeof(u_int32_t);
1553 } else
1554 continue;
1555 crypto_copydata(crp->crp_flags, crp->crp_buf,
1556 crd->crd_skip + crd->crd_len - ivsize, ivsize,
1557 (caddr_t)sc->sc_sessions[re->re_sesn].ses_iv);
1558 break;
1559 }
1560 }
1561
1562 if (re->re_flags & SAFE_QFLAGS_COPYOUTICV) {
1563 /* copy out ICV result */
1564 for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
1565 if (!(crd->crd_alg == CRYPTO_MD5_HMAC ||
1566 crd->crd_alg == CRYPTO_SHA1_HMAC ||
1567 crd->crd_alg == CRYPTO_NULL_HMAC))
1568 continue;
1569 if (crd->crd_alg == CRYPTO_SHA1_HMAC) {
1570 /*
1571 * SHA-1 ICV's are byte-swapped; fix 'em up
1572 * before copy them to their destination.
1573 */
1574 re->re_sastate.sa_saved_indigest[0] =
1575 bswap32(re->re_sastate.sa_saved_indigest[0]);
1576 re->re_sastate.sa_saved_indigest[1] =
1577 bswap32(re->re_sastate.sa_saved_indigest[1]);
1578 re->re_sastate.sa_saved_indigest[2] =
1579 bswap32(re->re_sastate.sa_saved_indigest[2]);
1580 }
1581 crypto_copyback(crp->crp_flags, crp->crp_buf,
1582 crd->crd_inject,
1583 sc->sc_sessions[re->re_sesn].ses_mlen,
1584 (caddr_t)re->re_sastate.sa_saved_indigest);
1585 break;
1586 }
1587 }
1588 crypto_done(crp);
1589 }
1590
1591 /*
1592 * Copy all data past offset from srcm to dstm.
1593 */
1594 static void
safe_mcopy(struct mbuf * srcm,struct mbuf * dstm,u_int offset)1595 safe_mcopy(struct mbuf *srcm, struct mbuf *dstm, u_int offset)
1596 {
1597 u_int j, dlen, slen;
1598 caddr_t dptr, sptr;
1599
1600 /*
1601 * Advance src and dst to offset.
1602 */
1603 j = offset;
1604 while (j >= 0) {
1605 if (srcm->m_len > j)
1606 break;
1607 j -= srcm->m_len;
1608 srcm = srcm->m_next;
1609 if (srcm == NULL)
1610 return;
1611 }
1612 sptr = mtod(srcm, caddr_t) + j;
1613 slen = srcm->m_len - j;
1614
1615 j = offset;
1616 while (j >= 0) {
1617 if (dstm->m_len > j)
1618 break;
1619 j -= dstm->m_len;
1620 dstm = dstm->m_next;
1621 if (dstm == NULL)
1622 return;
1623 }
1624 dptr = mtod(dstm, caddr_t) + j;
1625 dlen = dstm->m_len - j;
1626
1627 /*
1628 * Copy everything that remains.
1629 */
1630 for (;;) {
1631 j = min(slen, dlen);
1632 bcopy(sptr, dptr, j);
1633 if (slen == j) {
1634 srcm = srcm->m_next;
1635 if (srcm == NULL)
1636 return;
1637 sptr = srcm->m_data;
1638 slen = srcm->m_len;
1639 } else
1640 sptr += j, slen -= j;
1641 if (dlen == j) {
1642 dstm = dstm->m_next;
1643 if (dstm == NULL)
1644 return;
1645 dptr = dstm->m_data;
1646 dlen = dstm->m_len;
1647 } else
1648 dptr += j, dlen -= j;
1649 }
1650 }
1651
1652 #ifndef SAFE_NO_RNG
1653 #define SAFE_RNG_MAXWAIT 1000
1654
1655 static void
safe_rng_init(struct safe_softc * sc)1656 safe_rng_init(struct safe_softc *sc)
1657 {
1658 u_int32_t w, v;
1659 int i;
1660
1661 WRITE_REG(sc, SAFE_RNG_CTRL, 0);
1662 /* use default value according to the manual */
1663 WRITE_REG(sc, SAFE_RNG_CNFG, 0x834); /* magic from SafeNet */
1664 WRITE_REG(sc, SAFE_RNG_ALM_CNT, 0);
1665
1666 /*
1667 * There is a bug in rev 1.0 of the 1140 that when the RNG
1668 * is brought out of reset the ready status flag does not
1669 * work until the RNG has finished its internal initialization.
1670 *
1671 * So in order to determine the device is through its
1672 * initialization we must read the data register, using the
1673 * status reg in the read in case it is initialized. Then read
1674 * the data register until it changes from the first read.
1675 * Once it changes read the data register until it changes
1676 * again. At this time the RNG is considered initialized.
1677 * This could take between 750ms - 1000ms in time.
1678 */
1679 i = 0;
1680 w = READ_REG(sc, SAFE_RNG_OUT);
1681 do {
1682 v = READ_REG(sc, SAFE_RNG_OUT);
1683 if (v != w) {
1684 w = v;
1685 break;
1686 }
1687 DELAY(10);
1688 } while (++i < SAFE_RNG_MAXWAIT);
1689
1690 /* Wait Until data changes again */
1691 i = 0;
1692 do {
1693 v = READ_REG(sc, SAFE_RNG_OUT);
1694 if (v != w)
1695 break;
1696 DELAY(10);
1697 } while (++i < SAFE_RNG_MAXWAIT);
1698 }
1699
1700 static __inline void
safe_rng_disable_short_cycle(struct safe_softc * sc)1701 safe_rng_disable_short_cycle(struct safe_softc *sc)
1702 {
1703 WRITE_REG(sc, SAFE_RNG_CTRL,
1704 READ_REG(sc, SAFE_RNG_CTRL) &~ SAFE_RNG_CTRL_SHORTEN);
1705 }
1706
1707 static __inline void
safe_rng_enable_short_cycle(struct safe_softc * sc)1708 safe_rng_enable_short_cycle(struct safe_softc *sc)
1709 {
1710 WRITE_REG(sc, SAFE_RNG_CTRL,
1711 READ_REG(sc, SAFE_RNG_CTRL) | SAFE_RNG_CTRL_SHORTEN);
1712 }
1713
1714 static __inline u_int32_t
safe_rng_read(struct safe_softc * sc)1715 safe_rng_read(struct safe_softc *sc)
1716 {
1717 int i;
1718
1719 i = 0;
1720 while (READ_REG(sc, SAFE_RNG_STAT) != 0 && ++i < SAFE_RNG_MAXWAIT)
1721 ;
1722 return READ_REG(sc, SAFE_RNG_OUT);
1723 }
1724
1725 static void
safe_rng(void * arg)1726 safe_rng(void *arg)
1727 {
1728 struct safe_softc *sc = arg;
1729 u_int32_t buf[SAFE_RNG_MAXBUFSIZ]; /* NB: maybe move to softc */
1730 u_int maxwords;
1731 int i;
1732
1733 safestats.st_rng++;
1734 /*
1735 * Fetch the next block of data.
1736 */
1737 maxwords = safe_rngbufsize;
1738 if (maxwords > SAFE_RNG_MAXBUFSIZ)
1739 maxwords = SAFE_RNG_MAXBUFSIZ;
1740 retry:
1741 for (i = 0; i < maxwords; i++)
1742 buf[i] = safe_rng_read(sc);
1743 /*
1744 * Check the comparator alarm count and reset the h/w if
1745 * it exceeds our threshold. This guards against the
1746 * hardware oscillators resonating with external signals.
1747 */
1748 if (READ_REG(sc, SAFE_RNG_ALM_CNT) > safe_rngmaxalarm) {
1749 u_int32_t freq_inc, w;
1750
1751 DPRINTF(("%s: alarm count %u exceeds threshold %u\n", __func__,
1752 READ_REG(sc, SAFE_RNG_ALM_CNT), safe_rngmaxalarm));
1753 safestats.st_rngalarm++;
1754 safe_rng_enable_short_cycle(sc);
1755 freq_inc = 18;
1756 for (i = 0; i < 64; i++) {
1757 w = READ_REG(sc, SAFE_RNG_CNFG);
1758 freq_inc = ((w + freq_inc) & 0x3fL);
1759 w = ((w & ~0x3fL) | freq_inc);
1760 WRITE_REG(sc, SAFE_RNG_CNFG, w);
1761
1762 WRITE_REG(sc, SAFE_RNG_ALM_CNT, 0);
1763
1764 (void) safe_rng_read(sc);
1765 DELAY(25);
1766
1767 if (READ_REG(sc, SAFE_RNG_ALM_CNT) == 0) {
1768 safe_rng_disable_short_cycle(sc);
1769 goto retry;
1770 }
1771 freq_inc = 1;
1772 }
1773 safe_rng_disable_short_cycle(sc);
1774 } else
1775 WRITE_REG(sc, SAFE_RNG_ALM_CNT, 0);
1776
1777 (*sc->sc_harvest)(sc->sc_rndtest, buf, maxwords*sizeof (u_int32_t));
1778 callout_reset(&sc->sc_rngto,
1779 hz * (safe_rnginterval ? safe_rnginterval : 1), safe_rng, sc);
1780 }
1781 #endif /* SAFE_NO_RNG */
1782
1783 static void
safe_dmamap_cb(void * arg,bus_dma_segment_t * segs,int nseg,int error)1784 safe_dmamap_cb(void *arg, bus_dma_segment_t *segs, int nseg, int error)
1785 {
1786 bus_addr_t *paddr = (bus_addr_t*) arg;
1787 *paddr = segs->ds_addr;
1788 }
1789
1790 static int
safe_dma_malloc(struct safe_softc * sc,bus_size_t size,struct safe_dma_alloc * dma,int mapflags)1791 safe_dma_malloc(
1792 struct safe_softc *sc,
1793 bus_size_t size,
1794 struct safe_dma_alloc *dma,
1795 int mapflags
1796 )
1797 {
1798 int r;
1799
1800 r = bus_dma_tag_create(NULL, /* parent */
1801 sizeof(u_int32_t), 0, /* alignment, bounds */
1802 BUS_SPACE_MAXADDR_32BIT, /* lowaddr */
1803 BUS_SPACE_MAXADDR, /* highaddr */
1804 size, /* maxsize */
1805 1, /* nsegments */
1806 size, /* maxsegsize */
1807 BUS_DMA_ALLOCNOW, /* flags */
1808 &dma->dma_tag);
1809 if (r != 0) {
1810 device_printf(sc->sc_dev, "safe_dma_malloc: "
1811 "bus_dma_tag_create failed; error %u\n", r);
1812 goto fail_0;
1813 }
1814
1815 r = bus_dmamap_create(dma->dma_tag, BUS_DMA_NOWAIT, &dma->dma_map);
1816 if (r != 0) {
1817 device_printf(sc->sc_dev, "safe_dma_malloc: "
1818 "bus_dmamap_create failed; error %u\n", r);
1819 goto fail_1;
1820 }
1821
1822 r = bus_dmamem_alloc(dma->dma_tag, (void**) &dma->dma_vaddr,
1823 BUS_DMA_NOWAIT, &dma->dma_map);
1824 if (r != 0) {
1825 device_printf(sc->sc_dev, "safe_dma_malloc: "
1826 "bus_dmammem_alloc failed; size %zu, error %u\n",
1827 size, r);
1828 goto fail_2;
1829 }
1830
1831 r = bus_dmamap_load(dma->dma_tag, dma->dma_map, dma->dma_vaddr,
1832 size,
1833 safe_dmamap_cb,
1834 &dma->dma_paddr,
1835 mapflags | BUS_DMA_NOWAIT);
1836 if (r != 0) {
1837 device_printf(sc->sc_dev, "safe_dma_malloc: "
1838 "bus_dmamap_load failed; error %u\n", r);
1839 goto fail_3;
1840 }
1841
1842 dma->dma_size = size;
1843 return (0);
1844
1845 fail_3:
1846 bus_dmamap_unload(dma->dma_tag, dma->dma_map);
1847 fail_2:
1848 bus_dmamem_free(dma->dma_tag, dma->dma_vaddr, dma->dma_map);
1849 fail_1:
1850 bus_dmamap_destroy(dma->dma_tag, dma->dma_map);
1851 bus_dma_tag_destroy(dma->dma_tag);
1852 fail_0:
1853 dma->dma_map = NULL;
1854 dma->dma_tag = NULL;
1855 return (r);
1856 }
1857
1858 static void
safe_dma_free(struct safe_softc * sc,struct safe_dma_alloc * dma)1859 safe_dma_free(struct safe_softc *sc, struct safe_dma_alloc *dma)
1860 {
1861 bus_dmamap_unload(dma->dma_tag, dma->dma_map);
1862 bus_dmamem_free(dma->dma_tag, dma->dma_vaddr, dma->dma_map);
1863 bus_dmamap_destroy(dma->dma_tag, dma->dma_map);
1864 bus_dma_tag_destroy(dma->dma_tag);
1865 }
1866
1867 /*
1868 * Resets the board. Values in the regesters are left as is
1869 * from the reset (i.e. initial values are assigned elsewhere).
1870 */
1871 static void
safe_reset_board(struct safe_softc * sc)1872 safe_reset_board(struct safe_softc *sc)
1873 {
1874 u_int32_t v;
1875 /*
1876 * Reset the device. The manual says no delay
1877 * is needed between marking and clearing reset.
1878 */
1879 v = READ_REG(sc, SAFE_PE_DMACFG) &~
1880 (SAFE_PE_DMACFG_PERESET | SAFE_PE_DMACFG_PDRRESET |
1881 SAFE_PE_DMACFG_SGRESET);
1882 WRITE_REG(sc, SAFE_PE_DMACFG, v
1883 | SAFE_PE_DMACFG_PERESET
1884 | SAFE_PE_DMACFG_PDRRESET
1885 | SAFE_PE_DMACFG_SGRESET);
1886 WRITE_REG(sc, SAFE_PE_DMACFG, v);
1887 }
1888
1889 /*
1890 * Initialize registers we need to touch only once.
1891 */
1892 static void
safe_init_board(struct safe_softc * sc)1893 safe_init_board(struct safe_softc *sc)
1894 {
1895 u_int32_t v, dwords;
1896
1897 v = READ_REG(sc, SAFE_PE_DMACFG);
1898 v &=~ SAFE_PE_DMACFG_PEMODE;
1899 v |= SAFE_PE_DMACFG_FSENA /* failsafe enable */
1900 | SAFE_PE_DMACFG_GPRPCI /* gather ring on PCI */
1901 | SAFE_PE_DMACFG_SPRPCI /* scatter ring on PCI */
1902 | SAFE_PE_DMACFG_ESDESC /* endian-swap descriptors */
1903 | SAFE_PE_DMACFG_ESSA /* endian-swap SA's */
1904 | SAFE_PE_DMACFG_ESPDESC /* endian-swap part. desc's */
1905 ;
1906 WRITE_REG(sc, SAFE_PE_DMACFG, v);
1907 #if 0
1908 /* XXX select byte swap based on host byte order */
1909 WRITE_REG(sc, SAFE_ENDIAN, 0x1b);
1910 #endif
1911 if (sc->sc_chiprev == SAFE_REV(1,0)) {
1912 /*
1913 * Avoid large PCI DMA transfers. Rev 1.0 has a bug where
1914 * "target mode transfers" done while the chip is DMA'ing
1915 * >1020 bytes cause the hardware to lockup. To avoid this
1916 * we reduce the max PCI transfer size and use small source
1917 * particle descriptors (<= 256 bytes).
1918 */
1919 WRITE_REG(sc, SAFE_DMA_CFG, 256);
1920 device_printf(sc->sc_dev,
1921 "Reduce max DMA size to %u words for rev %u.%u WAR\n",
1922 (READ_REG(sc, SAFE_DMA_CFG)>>2) & 0xff,
1923 SAFE_REV_MAJ(sc->sc_chiprev),
1924 SAFE_REV_MIN(sc->sc_chiprev));
1925 }
1926
1927 /* NB: operands+results are overlaid */
1928 WRITE_REG(sc, SAFE_PE_PDRBASE, sc->sc_ringalloc.dma_paddr);
1929 WRITE_REG(sc, SAFE_PE_RDRBASE, sc->sc_ringalloc.dma_paddr);
1930 /*
1931 * Configure ring entry size and number of items in the ring.
1932 */
1933 KASSERT((sizeof(struct safe_ringentry) % sizeof(u_int32_t)) == 0,
1934 ("PE ring entry not 32-bit aligned!"));
1935 dwords = sizeof(struct safe_ringentry) / sizeof(u_int32_t);
1936 WRITE_REG(sc, SAFE_PE_RINGCFG,
1937 (dwords << SAFE_PE_RINGCFG_OFFSET_S) | SAFE_MAX_NQUEUE);
1938 WRITE_REG(sc, SAFE_PE_RINGPOLL, 0); /* disable polling */
1939
1940 WRITE_REG(sc, SAFE_PE_GRNGBASE, sc->sc_spalloc.dma_paddr);
1941 WRITE_REG(sc, SAFE_PE_SRNGBASE, sc->sc_dpalloc.dma_paddr);
1942 WRITE_REG(sc, SAFE_PE_PARTSIZE,
1943 (SAFE_TOTAL_DPART<<16) | SAFE_TOTAL_SPART);
1944 /*
1945 * NB: destination particles are fixed size. We use
1946 * an mbuf cluster and require all results go to
1947 * clusters or smaller.
1948 */
1949 WRITE_REG(sc, SAFE_PE_PARTCFG, SAFE_MAX_DSIZE);
1950
1951 /* it's now safe to enable PE mode, do it */
1952 WRITE_REG(sc, SAFE_PE_DMACFG, v | SAFE_PE_DMACFG_PEMODE);
1953
1954 /*
1955 * Configure hardware to use level-triggered interrupts and
1956 * to interrupt after each descriptor is processed.
1957 */
1958 WRITE_REG(sc, SAFE_HI_CFG, SAFE_HI_CFG_LEVEL);
1959 WRITE_REG(sc, SAFE_HI_DESC_CNT, 1);
1960 WRITE_REG(sc, SAFE_HI_MASK, SAFE_INT_PE_DDONE | SAFE_INT_PE_ERROR);
1961 }
1962
1963 /*
1964 * Init PCI registers
1965 */
1966 static void
safe_init_pciregs(device_t dev)1967 safe_init_pciregs(device_t dev)
1968 {
1969 }
1970
1971 /*
1972 * Clean up after a chip crash.
1973 * It is assumed that the caller in splimp()
1974 */
1975 static void
safe_cleanchip(struct safe_softc * sc)1976 safe_cleanchip(struct safe_softc *sc)
1977 {
1978
1979 if (sc->sc_nqchip != 0) {
1980 struct safe_ringentry *re = sc->sc_back;
1981
1982 while (re != sc->sc_front) {
1983 if (re->re_desc.d_csr != 0)
1984 safe_free_entry(sc, re);
1985 if (++re == sc->sc_ringtop)
1986 re = sc->sc_ring;
1987 }
1988 sc->sc_back = re;
1989 sc->sc_nqchip = 0;
1990 }
1991 }
1992
1993 /*
1994 * free a safe_q
1995 * It is assumed that the caller is within splimp().
1996 */
1997 static int
safe_free_entry(struct safe_softc * sc,struct safe_ringentry * re)1998 safe_free_entry(struct safe_softc *sc, struct safe_ringentry *re)
1999 {
2000 struct cryptop *crp;
2001
2002 /*
2003 * Free header MCR
2004 */
2005 if ((re->re_dst_m != NULL) && (re->re_src_m != re->re_dst_m))
2006 m_freem(re->re_dst_m);
2007
2008 crp = (struct cryptop *)re->re_crp;
2009
2010 re->re_desc.d_csr = 0;
2011
2012 crp->crp_etype = EFAULT;
2013 crypto_done(crp);
2014 return(0);
2015 }
2016
2017 /*
2018 * Routine to reset the chip and clean up.
2019 * It is assumed that the caller is in splimp()
2020 */
2021 static void
safe_totalreset(struct safe_softc * sc)2022 safe_totalreset(struct safe_softc *sc)
2023 {
2024 safe_reset_board(sc);
2025 safe_init_board(sc);
2026 safe_cleanchip(sc);
2027 }
2028
2029 /*
2030 * Is the operand suitable aligned for direct DMA. Each
2031 * segment must be aligned on a 32-bit boundary and all
2032 * but the last segment must be a multiple of 4 bytes.
2033 */
2034 static int
safe_dmamap_aligned(const struct safe_operand * op)2035 safe_dmamap_aligned(const struct safe_operand *op)
2036 {
2037 int i;
2038
2039 for (i = 0; i < op->nsegs; i++) {
2040 if (op->segs[i].ds_addr & 3)
2041 return (0);
2042 if (i != (op->nsegs - 1) && (op->segs[i].ds_len & 3))
2043 return (0);
2044 }
2045 return (1);
2046 }
2047
2048 /*
2049 * Is the operand suitable for direct DMA as the destination
2050 * of an operation. The hardware requires that each ``particle''
2051 * but the last in an operation result have the same size. We
2052 * fix that size at SAFE_MAX_DSIZE bytes. This routine returns
2053 * 0 if some segment is not a multiple of of this size, 1 if all
2054 * segments are exactly this size, or 2 if segments are at worst
2055 * a multple of this size.
2056 */
2057 static int
safe_dmamap_uniform(const struct safe_operand * op)2058 safe_dmamap_uniform(const struct safe_operand *op)
2059 {
2060 int result = 1;
2061
2062 if (op->nsegs > 0) {
2063 int i;
2064
2065 for (i = 0; i < op->nsegs-1; i++) {
2066 if (op->segs[i].ds_len % SAFE_MAX_DSIZE)
2067 return (0);
2068 if (op->segs[i].ds_len != SAFE_MAX_DSIZE)
2069 result = 2;
2070 }
2071 }
2072 return (result);
2073 }
2074
2075 #ifdef SAFE_DEBUG
2076 static void
safe_dump_dmastatus(struct safe_softc * sc,const char * tag)2077 safe_dump_dmastatus(struct safe_softc *sc, const char *tag)
2078 {
2079 kprintf("%s: ENDIAN 0x%x SRC 0x%x DST 0x%x STAT 0x%x\n"
2080 , tag
2081 , READ_REG(sc, SAFE_DMA_ENDIAN)
2082 , READ_REG(sc, SAFE_DMA_SRCADDR)
2083 , READ_REG(sc, SAFE_DMA_DSTADDR)
2084 , READ_REG(sc, SAFE_DMA_STAT)
2085 );
2086 }
2087
2088 static void
safe_dump_intrstate(struct safe_softc * sc,const char * tag)2089 safe_dump_intrstate(struct safe_softc *sc, const char *tag)
2090 {
2091 kprintf("%s: HI_CFG 0x%x HI_MASK 0x%x HI_DESC_CNT 0x%x HU_STAT 0x%x HM_STAT 0x%x\n"
2092 , tag
2093 , READ_REG(sc, SAFE_HI_CFG)
2094 , READ_REG(sc, SAFE_HI_MASK)
2095 , READ_REG(sc, SAFE_HI_DESC_CNT)
2096 , READ_REG(sc, SAFE_HU_STAT)
2097 , READ_REG(sc, SAFE_HM_STAT)
2098 );
2099 }
2100
2101 static void
safe_dump_ringstate(struct safe_softc * sc,const char * tag)2102 safe_dump_ringstate(struct safe_softc *sc, const char *tag)
2103 {
2104 u_int32_t estat = READ_REG(sc, SAFE_PE_ERNGSTAT);
2105
2106 /* NB: assume caller has lock on ring */
2107 kprintf("%s: ERNGSTAT %x (next %u) back %lu front %lu\n",
2108 tag,
2109 estat, (estat >> SAFE_PE_ERNGSTAT_NEXT_S),
2110 (unsigned long)(sc->sc_back - sc->sc_ring),
2111 (unsigned long)(sc->sc_front - sc->sc_ring));
2112 }
2113
2114 static void
safe_dump_request(struct safe_softc * sc,const char * tag,struct safe_ringentry * re)2115 safe_dump_request(struct safe_softc *sc, const char* tag, struct safe_ringentry *re)
2116 {
2117 int ix, nsegs;
2118
2119 ix = re - sc->sc_ring;
2120 kprintf("%s: %p (%u): csr %x src %x dst %x sa %x len %x\n"
2121 , tag
2122 , re, ix
2123 , re->re_desc.d_csr
2124 , re->re_desc.d_src
2125 , re->re_desc.d_dst
2126 , re->re_desc.d_sa
2127 , re->re_desc.d_len
2128 );
2129 if (re->re_src.nsegs > 1) {
2130 ix = (re->re_desc.d_src - sc->sc_spalloc.dma_paddr) /
2131 sizeof(struct safe_pdesc);
2132 for (nsegs = re->re_src.nsegs; nsegs; nsegs--) {
2133 kprintf(" spd[%u] %p: %p size %u flags %x"
2134 , ix, &sc->sc_spring[ix]
2135 , (caddr_t)(uintptr_t) sc->sc_spring[ix].pd_addr
2136 , sc->sc_spring[ix].pd_size
2137 , sc->sc_spring[ix].pd_flags
2138 );
2139 if (sc->sc_spring[ix].pd_size == 0)
2140 kprintf(" (zero!)");
2141 kprintf("\n");
2142 if (++ix == SAFE_TOTAL_SPART)
2143 ix = 0;
2144 }
2145 }
2146 if (re->re_dst.nsegs > 1) {
2147 ix = (re->re_desc.d_dst - sc->sc_dpalloc.dma_paddr) /
2148 sizeof(struct safe_pdesc);
2149 for (nsegs = re->re_dst.nsegs; nsegs; nsegs--) {
2150 kprintf(" dpd[%u] %p: %p flags %x\n"
2151 , ix, &sc->sc_dpring[ix]
2152 , (caddr_t)(uintptr_t) sc->sc_dpring[ix].pd_addr
2153 , sc->sc_dpring[ix].pd_flags
2154 );
2155 if (++ix == SAFE_TOTAL_DPART)
2156 ix = 0;
2157 }
2158 }
2159 kprintf("sa: cmd0 %08x cmd1 %08x staterec %x\n",
2160 re->re_sa.sa_cmd0, re->re_sa.sa_cmd1, re->re_sa.sa_staterec);
2161 kprintf("sa: key %x %x %x %x %x %x %x %x\n"
2162 , re->re_sa.sa_key[0]
2163 , re->re_sa.sa_key[1]
2164 , re->re_sa.sa_key[2]
2165 , re->re_sa.sa_key[3]
2166 , re->re_sa.sa_key[4]
2167 , re->re_sa.sa_key[5]
2168 , re->re_sa.sa_key[6]
2169 , re->re_sa.sa_key[7]
2170 );
2171 kprintf("sa: indigest %x %x %x %x %x\n"
2172 , re->re_sa.sa_indigest[0]
2173 , re->re_sa.sa_indigest[1]
2174 , re->re_sa.sa_indigest[2]
2175 , re->re_sa.sa_indigest[3]
2176 , re->re_sa.sa_indigest[4]
2177 );
2178 kprintf("sa: outdigest %x %x %x %x %x\n"
2179 , re->re_sa.sa_outdigest[0]
2180 , re->re_sa.sa_outdigest[1]
2181 , re->re_sa.sa_outdigest[2]
2182 , re->re_sa.sa_outdigest[3]
2183 , re->re_sa.sa_outdigest[4]
2184 );
2185 kprintf("sr: iv %x %x %x %x\n"
2186 , re->re_sastate.sa_saved_iv[0]
2187 , re->re_sastate.sa_saved_iv[1]
2188 , re->re_sastate.sa_saved_iv[2]
2189 , re->re_sastate.sa_saved_iv[3]
2190 );
2191 kprintf("sr: hashbc %u indigest %x %x %x %x %x\n"
2192 , re->re_sastate.sa_saved_hashbc
2193 , re->re_sastate.sa_saved_indigest[0]
2194 , re->re_sastate.sa_saved_indigest[1]
2195 , re->re_sastate.sa_saved_indigest[2]
2196 , re->re_sastate.sa_saved_indigest[3]
2197 , re->re_sastate.sa_saved_indigest[4]
2198 );
2199 }
2200
2201 static void
safe_dump_ring(struct safe_softc * sc,const char * tag)2202 safe_dump_ring(struct safe_softc *sc, const char *tag)
2203 {
2204 lockmgr(&sc->sc_ringlock, LK_EXCLUSIVE);
2205 kprintf("\nSafeNet Ring State:\n");
2206 safe_dump_intrstate(sc, tag);
2207 safe_dump_dmastatus(sc, tag);
2208 safe_dump_ringstate(sc, tag);
2209 if (sc->sc_nqchip) {
2210 struct safe_ringentry *re = sc->sc_back;
2211 do {
2212 safe_dump_request(sc, tag, re);
2213 if (++re == sc->sc_ringtop)
2214 re = sc->sc_ring;
2215 } while (re != sc->sc_front);
2216 }
2217 lockmgr(&sc->sc_ringlock, LK_RELEASE);
2218 }
2219
2220 static int
sysctl_hw_safe_dump(SYSCTL_HANDLER_ARGS)2221 sysctl_hw_safe_dump(SYSCTL_HANDLER_ARGS)
2222 {
2223 char dmode[64];
2224 int error;
2225
2226 strncpy(dmode, "", sizeof(dmode) - 1);
2227 dmode[sizeof(dmode) - 1] = '\0';
2228 error = sysctl_handle_string(oidp, &dmode[0], sizeof(dmode), req);
2229
2230 if (error == 0 && req->newptr != NULL) {
2231 struct safe_softc *sc = safec;
2232
2233 if (!sc)
2234 return EINVAL;
2235 if (strncmp(dmode, "dma", 3) == 0)
2236 safe_dump_dmastatus(sc, "safe0");
2237 else if (strncmp(dmode, "int", 3) == 0)
2238 safe_dump_intrstate(sc, "safe0");
2239 else if (strncmp(dmode, "ring", 4) == 0)
2240 safe_dump_ring(sc, "safe0");
2241 else
2242 return EINVAL;
2243 }
2244 return error;
2245 }
2246 SYSCTL_PROC(_hw_safe, OID_AUTO, dump, CTLTYPE_STRING | CTLFLAG_RW,
2247 0, 0, sysctl_hw_safe_dump, "A", "Dump driver state");
2248 #endif /* SAFE_DEBUG */
2249