f6167a262c7fa5bbb51d2dd107f71f9356578a96
[dragonfly.git] / sys / dev / crypto / glxsb / glxsb.c
1 /* $OpenBSD: glxsb.c,v 1.7 2007/02/12 14:31:45 tom Exp $ */
2
3 /*
4  * Copyright (c) 2006 Tom Cosgrove <tom@openbsd.org>
5  * Copyright (c) 2003, 2004 Theo de Raadt
6  * Copyright (c) 2003 Jason Wright
7  *
8  * Permission to use, copy, modify, and distribute this software for any
9  * purpose with or without fee is hereby granted, provided that the above
10  * copyright notice and this permission notice appear in all copies.
11  *
12  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19  */
20
21 /*
22  * Driver for the security block on the AMD Geode LX processors
23  * http://www.amd.com/files/connectivitysolutions/geode/geode_lx/33234d_lx_ds.pdf
24  */
25
26 #include <sys/cdefs.h>
27
28 #include <sys/param.h>
29 #include <sys/systm.h>
30 #include <sys/bus.h>
31 #include <sys/errno.h>
32 #include <sys/kernel.h>
33 #include <sys/lock.h>
34 #include <sys/malloc.h>
35 #include <sys/mbuf.h>
36 #include <sys/module.h>
37 #include <sys/spinlock2.h>
38 #include <sys/proc.h>
39 #include <sys/random.h>
40 #include <sys/rman.h>
41 #include <sys/sysctl.h>
42 #include <sys/taskqueue.h>
43
44 #include <sys/bus.h>
45 #include <sys/bus_dma.h>
46 #include <machine/cpufunc.h>
47 #include <sys/resource.h>
48
49 #include <bus/pci/pcivar.h>
50 #include <bus/pci/pcireg.h>
51
52 #include <opencrypto/cryptodev.h>
53 #include <opencrypto/cryptosoft.h>
54 #include <opencrypto/xform.h>
55
56 #include "cryptodev_if.h"
57 #include "crypto_if.h"
58 #include "glxsb.h"
59
60 #define PCI_VENDOR_AMD                  0x1022  /* AMD */
61 #define PCI_PRODUCT_AMD_GEODE_LX_CRYPTO 0x2082  /* Geode LX Crypto */
62
63 #define SB_GLD_MSR_CAP          0x58002000      /* RO - Capabilities */
64 #define SB_GLD_MSR_CONFIG       0x58002001      /* RW - Master Config */
65 #define SB_GLD_MSR_SMI          0x58002002      /* RW - SMI */
66 #define SB_GLD_MSR_ERROR        0x58002003      /* RW - Error */
67 #define SB_GLD_MSR_PM           0x58002004      /* RW - Power Mgmt */
68 #define SB_GLD_MSR_DIAG         0x58002005      /* RW - Diagnostic */
69 #define SB_GLD_MSR_CTRL         0x58002006      /* RW - Security Block Cntrl */
70
71                                                 /* For GLD_MSR_CTRL: */
72 #define SB_GMC_DIV0             0x0000          /* AES update divisor values */
73 #define SB_GMC_DIV1             0x0001
74 #define SB_GMC_DIV2             0x0002
75 #define SB_GMC_DIV3             0x0003
76 #define SB_GMC_DIV_MASK         0x0003
77 #define SB_GMC_SBI              0x0004          /* AES swap bits */
78 #define SB_GMC_SBY              0x0008          /* AES swap bytes */
79 #define SB_GMC_TW               0x0010          /* Time write (EEPROM) */
80 #define SB_GMC_T_SEL0           0x0000          /* RNG post-proc: none */
81 #define SB_GMC_T_SEL1           0x0100          /* RNG post-proc: LFSR */
82 #define SB_GMC_T_SEL2           0x0200          /* RNG post-proc: whitener */
83 #define SB_GMC_T_SEL3           0x0300          /* RNG LFSR+whitener */
84 #define SB_GMC_T_SEL_MASK       0x0300
85 #define SB_GMC_T_NE             0x0400          /* Noise (generator) Enable */
86 #define SB_GMC_T_TM             0x0800          /* RNG test mode */
87                                                 /*     (deterministic) */
88
89 /* Security Block configuration/control registers (offsets from base) */
90 #define SB_CTL_A                0x0000          /* RW - SB Control A */
91 #define SB_CTL_B                0x0004          /* RW - SB Control B */
92 #define SB_AES_INT              0x0008          /* RW - SB AES Interrupt */
93 #define SB_SOURCE_A             0x0010          /* RW - Source A */
94 #define SB_DEST_A               0x0014          /* RW - Destination A */
95 #define SB_LENGTH_A             0x0018          /* RW - Length A */
96 #define SB_SOURCE_B             0x0020          /* RW - Source B */
97 #define SB_DEST_B               0x0024          /* RW - Destination B */
98 #define SB_LENGTH_B             0x0028          /* RW - Length B */
99 #define SB_WKEY                 0x0030          /* WO - Writable Key 0-3 */
100 #define SB_WKEY_0               0x0030          /* WO - Writable Key 0 */
101 #define SB_WKEY_1               0x0034          /* WO - Writable Key 1 */
102 #define SB_WKEY_2               0x0038          /* WO - Writable Key 2 */
103 #define SB_WKEY_3               0x003C          /* WO - Writable Key 3 */
104 #define SB_CBC_IV               0x0040          /* RW - CBC IV 0-3 */
105 #define SB_CBC_IV_0             0x0040          /* RW - CBC IV 0 */
106 #define SB_CBC_IV_1             0x0044          /* RW - CBC IV 1 */
107 #define SB_CBC_IV_2             0x0048          /* RW - CBC IV 2 */
108 #define SB_CBC_IV_3             0x004C          /* RW - CBC IV 3 */
109 #define SB_RANDOM_NUM           0x0050          /* RW - Random Number */
110 #define SB_RANDOM_NUM_STATUS    0x0054          /* RW - Random Number Status */
111 #define SB_EEPROM_COMM          0x0800          /* RW - EEPROM Command */
112 #define SB_EEPROM_ADDR          0x0804          /* RW - EEPROM Address */
113 #define SB_EEPROM_DATA          0x0808          /* RW - EEPROM Data */
114 #define SB_EEPROM_SEC_STATE     0x080C          /* RW - EEPROM Security State */
115
116                                                 /* For SB_CTL_A and _B */
117 #define SB_CTL_ST               0x0001          /* Start operation (enc/dec) */
118 #define SB_CTL_ENC              0x0002          /* Encrypt (0 is decrypt) */
119 #define SB_CTL_DEC              0x0000          /* Decrypt */
120 #define SB_CTL_WK               0x0004          /* Use writable key (we set) */
121 #define SB_CTL_DC               0x0008          /* Destination coherent */
122 #define SB_CTL_SC               0x0010          /* Source coherent */
123 #define SB_CTL_CBC              0x0020          /* CBC (0 is ECB) */
124
125                                                 /* For SB_AES_INT */
126 #define SB_AI_DISABLE_AES_A     0x0001          /* Disable AES A compl int */
127 #define SB_AI_ENABLE_AES_A      0x0000          /* Enable AES A compl int */
128 #define SB_AI_DISABLE_AES_B     0x0002          /* Disable AES B compl int */
129 #define SB_AI_ENABLE_AES_B      0x0000          /* Enable AES B compl int */
130 #define SB_AI_DISABLE_EEPROM    0x0004          /* Disable EEPROM op comp int */
131 #define SB_AI_ENABLE_EEPROM     0x0000          /* Enable EEPROM op compl int */
132 #define SB_AI_AES_A_COMPLETE   0x10000          /* AES A operation complete */
133 #define SB_AI_AES_B_COMPLETE   0x20000          /* AES B operation complete */
134 #define SB_AI_EEPROM_COMPLETE  0x40000          /* EEPROM operation complete */
135
136 #define SB_AI_CLEAR_INTR \
137         (SB_AI_DISABLE_AES_A | SB_AI_DISABLE_AES_B |\
138         SB_AI_DISABLE_EEPROM | SB_AI_AES_A_COMPLETE |\
139         SB_AI_AES_B_COMPLETE | SB_AI_EEPROM_COMPLETE)
140
141 #define SB_RNS_TRNG_VALID       0x0001          /* in SB_RANDOM_NUM_STATUS */
142
143 #define SB_MEM_SIZE             0x0810          /* Size of memory block */
144
145 #define SB_AES_ALIGN            0x0010          /* Source and dest buffers */
146                                                 /* must be 16-byte aligned */
147 #define SB_AES_BLOCK_SIZE       0x0010
148
149 /*
150  * The Geode LX security block AES acceleration doesn't perform scatter-
151  * gather: it just takes source and destination addresses.  Therefore the
152  * plain- and ciphertexts need to be contiguous.  To this end, we allocate
153  * a buffer for both, and accept the overhead of copying in and out.  If
154  * the number of bytes in one operation is bigger than allowed for by the
155  * buffer (buffer is twice the size of the max length, as it has both input
156  * and output) then we have to perform multiple encryptions/decryptions.
157  */
158
159 #define GLXSB_MAX_AES_LEN       16384
160
161 MALLOC_DEFINE(M_GLXSB, "glxsb_data", "Glxsb Data");
162
163 struct glxsb_dma_map {
164         bus_dmamap_t            dma_map;        /* DMA map */
165         bus_dma_segment_t       dma_seg;        /* segments */
166         int                     dma_nsegs;      /* #segments */
167         int                     dma_size;       /* size */
168         caddr_t                 dma_vaddr;      /* virtual address */
169         bus_addr_t              dma_paddr;      /* physical address */
170 };
171
172 struct glxsb_taskop {
173         struct glxsb_session    *to_ses;        /* crypto session */
174         struct cryptop          *to_crp;        /* cryptop to perfom */
175         struct cryptodesc       *to_enccrd;     /* enccrd to perform */
176         struct cryptodesc       *to_maccrd;     /* maccrd to perform */
177 };
178
179 struct glxsb_softc {
180         device_t                sc_dev;         /* device backpointer */
181         struct resource         *sc_sr;         /* resource */
182         int                     sc_rid;         /* resource rid */
183         struct callout          sc_rngco;       /* RNG callout */
184         int                     sc_rnghz;       /* RNG callout ticks */
185         bus_dma_tag_t           sc_dmat;        /* DMA tag */
186         struct glxsb_dma_map    sc_dma;         /* DMA map */
187         int32_t                 sc_cid;         /* crypto tag */
188         uint32_t                sc_sid;         /* session id */
189         TAILQ_HEAD(ses_head, glxsb_session)
190                                 sc_sessions;    /* crypto sessions */
191         struct spinlock         sc_sessions_lock;/* sessions lock */
192         struct spinlock         sc_task_mtx;    /* task mutex */
193         struct taskqueue        *sc_tq;         /* task queue */
194         struct task             sc_cryptotask;  /* task */
195         struct glxsb_taskop     sc_to;          /* task's crypto operation */
196         int                     sc_task_count;  /* tasks count */
197 };
198
199 static int glxsb_probe(device_t);
200 static int glxsb_attach(device_t);
201 static int glxsb_detach(device_t);
202
203 static void glxsb_dmamap_cb(void *, bus_dma_segment_t *, int, int);
204 static int  glxsb_dma_alloc(struct glxsb_softc *);
205 static void glxsb_dma_pre_op(struct glxsb_softc *, struct glxsb_dma_map *);
206 static void glxsb_dma_post_op(struct glxsb_softc *, struct glxsb_dma_map *);
207 static void glxsb_dma_free(struct glxsb_softc *, struct glxsb_dma_map *);
208
209 static void glxsb_rnd(void *);
210 static int  glxsb_crypto_setup(struct glxsb_softc *);
211 static int  glxsb_crypto_newsession(device_t, uint32_t *, struct cryptoini *);
212 static int  glxsb_crypto_freesession(device_t, uint64_t);
213 static int  glxsb_aes(struct glxsb_softc *, uint32_t, uint32_t,
214         uint32_t, void *, int, void *);
215
216 static int  glxsb_crypto_encdec(struct cryptop *, struct cryptodesc *,
217         struct glxsb_session *, struct glxsb_softc *);
218
219 static void glxsb_crypto_task(void *, int);
220 static int  glxsb_crypto_process(device_t, struct cryptop *, int);
221
222 static device_method_t glxsb_methods[] = {
223         /* device interface */
224         DEVMETHOD(device_probe,         glxsb_probe),
225         DEVMETHOD(device_attach,        glxsb_attach),
226         DEVMETHOD(device_detach,        glxsb_detach),
227
228         /* crypto device methods */
229         DEVMETHOD(cryptodev_newsession,         glxsb_crypto_newsession),
230         DEVMETHOD(cryptodev_freesession,        glxsb_crypto_freesession),
231         DEVMETHOD(cryptodev_process,            glxsb_crypto_process),
232
233         {0,0}
234 };
235
236 static driver_t glxsb_driver = {
237         "glxsb",
238         glxsb_methods,
239         sizeof(struct glxsb_softc)
240 };
241
242 static devclass_t glxsb_devclass;
243
244 DRIVER_MODULE(glxsb, pci, glxsb_driver, glxsb_devclass, 0, 0);
245 MODULE_VERSION(glxsb, 1);
246 MODULE_DEPEND(glxsb, crypto, 1, 1, 1);
247
248 static int
249 glxsb_probe(device_t dev)
250 {
251
252         if (pci_get_vendor(dev) == PCI_VENDOR_AMD &&
253             pci_get_device(dev) == PCI_PRODUCT_AMD_GEODE_LX_CRYPTO) {
254                 device_set_desc(dev,
255                     "AMD Geode LX Security Block (AES-128-CBC, RNG)");
256                 return (BUS_PROBE_DEFAULT);
257         }
258
259         return (ENXIO);
260 }
261
262 static int
263 glxsb_attach(device_t dev)
264 {
265         struct glxsb_softc *sc = device_get_softc(dev);
266         uint64_t msr;
267
268         sc->sc_dev = dev;
269         msr = rdmsr(SB_GLD_MSR_CAP);
270
271         if ((msr & 0xFFFF00) != 0x130400) {
272                 device_printf(dev, "unknown ID 0x%x\n",
273                     (int)((msr & 0xFFFF00) >> 16));
274                 return (ENXIO);
275         }
276
277         pci_enable_busmaster(dev);
278
279         /* Map in the security block configuration/control registers */
280         sc->sc_rid = PCIR_BAR(0);
281         sc->sc_sr = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->sc_rid,
282             RF_ACTIVE);
283         if (sc->sc_sr == NULL) {
284                 device_printf(dev, "cannot map register space\n");
285                 return (ENXIO);
286         }
287
288         /*
289          * Configure the Security Block.
290          *
291          * We want to enable the noise generator (T_NE), and enable the
292          * linear feedback shift register and whitener post-processing
293          * (T_SEL = 3).  Also ensure that test mode (deterministic values)
294          * is disabled.
295          */
296         msr = rdmsr(SB_GLD_MSR_CTRL);
297         msr &= ~(SB_GMC_T_TM | SB_GMC_T_SEL_MASK);
298         msr |= SB_GMC_T_NE | SB_GMC_T_SEL3;
299 #if 0
300         msr |= SB_GMC_SBI | SB_GMC_SBY;         /* for AES, if necessary */
301 #endif
302         wrmsr(SB_GLD_MSR_CTRL, msr);
303
304         /* Disable interrupts */
305         bus_write_4(sc->sc_sr, SB_AES_INT, SB_AI_CLEAR_INTR);
306
307         /* Allocate a contiguous DMA-able buffer to work in */
308         if (glxsb_dma_alloc(sc) != 0)
309                 goto fail0;
310
311
312         /* XXX: thread taskqueues ? */
313         /* Initialize our task queue */
314         sc->sc_tq = taskqueue_create("glxsb_taskq", M_NOWAIT | M_ZERO,
315             taskqueue_thread_enqueue, &sc->sc_tq);
316         if (sc->sc_tq == NULL) {
317                 device_printf(dev, "cannot create task queue\n");
318                 goto fail0;
319         }
320         if (taskqueue_start_threads(&sc->sc_tq, 1, TDPRI_KERN_DAEMON, "%s taskq",
321             device_get_nameunit(dev)) != 0) {
322                 device_printf(dev, "cannot start task queue\n");
323                 goto fail1;
324         }
325
326         TASK_INIT(&sc->sc_cryptotask, 0, glxsb_crypto_task, sc);
327
328         /* Initialize crypto */
329         if (glxsb_crypto_setup(sc) != 0)
330                 goto fail1;
331
332         /* Install a periodic collector for the "true" (AMD's word) RNG */
333         if (hz > 100)
334                 sc->sc_rnghz = hz / 100;
335         else
336                 sc->sc_rnghz = 1;
337         callout_init_mp(&sc->sc_rngco);
338         glxsb_rnd(sc);
339
340         return (0);
341
342 fail1:
343
344         /* XXX: thread taskqueues ? */
345         taskqueue_free(sc->sc_tq);
346
347 fail0:
348         bus_release_resource(dev, SYS_RES_MEMORY, sc->sc_rid, sc->sc_sr);
349         return (ENXIO);
350 }
351
352 static int
353 glxsb_detach(device_t dev)
354 {
355         struct glxsb_softc *sc = device_get_softc(dev);
356         struct glxsb_session *ses;
357
358         spin_lock_wr(&sc->sc_sessions_lock);
359         TAILQ_FOREACH(ses, &sc->sc_sessions, ses_next) {
360                 if (ses->ses_used) {
361                         spin_unlock_wr(&sc->sc_sessions_lock);
362                         device_printf(dev,
363                                 "cannot detach, sessions still active.\n");
364                         return (EBUSY);
365                 }
366         }
367         while (!TAILQ_EMPTY(&sc->sc_sessions)) {
368                 ses = TAILQ_FIRST(&sc->sc_sessions);
369                 TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
370                 kfree(ses, M_GLXSB);
371         }
372         spin_unlock_wr(&sc->sc_sessions_lock);
373         crypto_unregister_all(sc->sc_cid);
374 #if 0
375         /* XXX: need implementation of callout_drain or workaround */
376         callout_drain(&sc->sc_rngco);
377 #endif
378
379         /* XXX: thread taskqueues ? */
380         /* XXX: need implementation of taskqueue_drain or workaround */
381         taskqueue_drain(sc->sc_tq, &sc->sc_cryptotask);
382
383         bus_generic_detach(dev);
384         glxsb_dma_free(sc, &sc->sc_dma);
385         bus_release_resource(dev, SYS_RES_MEMORY, sc->sc_rid, sc->sc_sr);
386
387         /* XXX: thread taskqueues ? */
388         taskqueue_free(sc->sc_tq);
389
390         spin_uninit(&sc->sc_sessions_lock);
391         spin_uninit(&sc->sc_task_mtx);
392         return (0);
393 }
394
395 /*
396  *      callback for bus_dmamap_load()
397  */
398 static void
399 glxsb_dmamap_cb(void *arg, bus_dma_segment_t *seg, int nseg, int error)
400 {
401
402         bus_addr_t *paddr = (bus_addr_t*) arg;
403         *paddr = seg[0].ds_addr;
404 }
405
406 static int
407 glxsb_dma_alloc(struct glxsb_softc *sc)
408 {
409         struct glxsb_dma_map *dma = &sc->sc_dma;
410         int rc;
411
412         dma->dma_nsegs = 1;
413         dma->dma_size = GLXSB_MAX_AES_LEN * 2;
414
415         /* Setup DMA descriptor area */
416         rc = bus_dma_tag_create(NULL,                   /* parent */
417                                 SB_AES_ALIGN, 0,        /* alignments, bounds */
418                                 BUS_SPACE_MAXADDR_32BIT,/* lowaddr */
419                                 BUS_SPACE_MAXADDR,      /* highaddr */
420                                 NULL, NULL,             /* filter, filterarg */
421                                 dma->dma_size,          /* maxsize */
422                                 dma->dma_nsegs,         /* nsegments */
423                                 dma->dma_size,          /* maxsegsize */
424                                 BUS_DMA_ALLOCNOW,       /* flags */
425                                 &sc->sc_dmat);
426         if (rc != 0) {
427                 device_printf(sc->sc_dev,
428                     "cannot allocate DMA tag (%d)\n", rc);
429                 return (rc);
430         }
431
432         rc = bus_dmamem_alloc(sc->sc_dmat, (void **)&dma->dma_vaddr,
433             BUS_DMA_NOWAIT, &dma->dma_map);
434         if (rc != 0) {
435                 device_printf(sc->sc_dev,
436                     "cannot allocate DMA memory of %d bytes (%d)\n",
437                         dma->dma_size, rc);
438                 goto fail0;
439         }
440
441         rc = bus_dmamap_load(sc->sc_dmat, dma->dma_map, dma->dma_vaddr,
442             dma->dma_size, glxsb_dmamap_cb, &dma->dma_paddr, BUS_DMA_NOWAIT);
443         if (rc != 0) {
444                 device_printf(sc->sc_dev,
445                     "cannot load DMA memory for %d bytes (%d)\n",
446                    dma->dma_size, rc);
447                 goto fail1;
448         }
449
450         return (0);
451
452 fail1:
453         bus_dmamem_free(sc->sc_dmat, dma->dma_vaddr, dma->dma_map);
454 fail0:
455         bus_dma_tag_destroy(sc->sc_dmat);
456         return (rc);
457 }
458
459 static void
460 glxsb_dma_pre_op(struct glxsb_softc *sc, struct glxsb_dma_map *dma)
461 {
462
463         bus_dmamap_sync(sc->sc_dmat, dma->dma_map,
464             BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
465 }
466
467 static void
468 glxsb_dma_post_op(struct glxsb_softc *sc, struct glxsb_dma_map *dma)
469 {
470
471         bus_dmamap_sync(sc->sc_dmat, dma->dma_map,
472             BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
473 }
474
475 static void
476 glxsb_dma_free(struct glxsb_softc *sc, struct glxsb_dma_map *dma)
477 {
478
479         bus_dmamap_unload(sc->sc_dmat, dma->dma_map);
480         bus_dmamem_free(sc->sc_dmat, dma->dma_vaddr, dma->dma_map);
481         bus_dma_tag_destroy(sc->sc_dmat);
482 }
483
484 static void
485 glxsb_rnd(void *v)
486 {
487         struct glxsb_softc *sc = v;
488         uint32_t status;
489         int32_t value;
490
491         status = bus_read_4(sc->sc_sr, SB_RANDOM_NUM_STATUS);
492         if (status & SB_RNS_TRNG_VALID) {
493                 value = bus_read_4(sc->sc_sr, SB_RANDOM_NUM);
494                 /* feed with one uint32 */
495                 add_true_randomness(value);
496         }
497
498         callout_reset(&sc->sc_rngco, sc->sc_rnghz, glxsb_rnd, sc);
499 }
500
501 static int
502 glxsb_crypto_setup(struct glxsb_softc *sc)
503 {
504
505         sc->sc_cid = crypto_get_driverid(sc->sc_dev, CRYPTOCAP_F_HARDWARE);
506
507         if (sc->sc_cid < 0) {
508                 device_printf(sc->sc_dev, "cannot get crypto driver id\n");
509                 return (ENOMEM);
510         }
511
512         TAILQ_INIT(&sc->sc_sessions);
513         sc->sc_sid = 1;
514         spin_init(&sc->sc_sessions_lock);
515         spin_init(&sc->sc_task_mtx);
516
517         if (crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0) != 0)
518                 goto crypto_fail;
519         if (crypto_register(sc->sc_cid, CRYPTO_NULL_HMAC, 0, 0) != 0)
520                 goto crypto_fail;
521         if (crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0) != 0)
522                 goto crypto_fail;
523         if (crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0) != 0)
524                 goto crypto_fail;
525         if (crypto_register(sc->sc_cid, CRYPTO_RIPEMD160_HMAC, 0, 0) != 0)
526                 goto crypto_fail;
527         if (crypto_register(sc->sc_cid, CRYPTO_SHA2_256_HMAC, 0, 0) != 0)
528                 goto crypto_fail;
529         if (crypto_register(sc->sc_cid, CRYPTO_SHA2_384_HMAC, 0, 0) != 0)
530                 goto crypto_fail;
531         if (crypto_register(sc->sc_cid, CRYPTO_SHA2_512_HMAC, 0, 0) != 0)
532                 goto crypto_fail;
533
534         return (0);
535
536 crypto_fail:
537         device_printf(sc->sc_dev, "cannot register crypto\n");
538         crypto_unregister_all(sc->sc_cid);
539         spin_uninit(&sc->sc_sessions_lock);
540         spin_uninit(&sc->sc_task_mtx);
541         return (ENOMEM);
542 }
543
544 static int
545 glxsb_crypto_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
546 {
547         struct glxsb_softc *sc = device_get_softc(dev);
548         struct glxsb_session *ses = NULL;
549         struct cryptoini *encini, *macini;
550         int error;
551
552         if (sc == NULL || sidp == NULL || cri == NULL)
553                 return (EINVAL);
554
555         encini = macini = NULL;
556         for (; cri != NULL; cri = cri->cri_next) {
557                 switch(cri->cri_alg) {
558                 case CRYPTO_NULL_HMAC:
559                 case CRYPTO_MD5_HMAC:
560                 case CRYPTO_SHA1_HMAC:
561                 case CRYPTO_RIPEMD160_HMAC:
562                 case CRYPTO_SHA2_256_HMAC:
563                 case CRYPTO_SHA2_384_HMAC:
564                 case CRYPTO_SHA2_512_HMAC:
565                         if (macini != NULL)
566                                 return (EINVAL);
567                         macini = cri;
568                         break;
569                 case CRYPTO_AES_CBC:
570                         if (encini != NULL)
571                                 return (EINVAL);
572                         encini = cri;
573                         break;
574                 default:
575                         return (EINVAL);
576                 }
577         }
578
579         /*
580          * We only support HMAC algorithms to be able to work with
581          * ipsec(4), so if we are asked only for authentication without
582          * encryption, don't pretend we can accellerate it.
583          */
584         if (encini == NULL)
585                 return (EINVAL);
586
587         /*
588          * Look for a free session
589          *
590          * Free sessions goes first, so if first session is used, we need to
591          * allocate one.
592          */
593
594         spin_lock_wr(&sc->sc_sessions_lock);
595         ses = TAILQ_FIRST(&sc->sc_sessions);
596         if (ses == NULL || ses->ses_used) {
597                 ses = kmalloc(sizeof(*ses), M_GLXSB, M_NOWAIT | M_ZERO);
598                 if (ses == NULL) {
599                         spin_unlock_wr(&sc->sc_sessions_lock);
600                         return (ENOMEM);
601                 }
602                 ses->ses_id = sc->sc_sid++;
603         } else {
604                 TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
605         }
606         ses->ses_used = 1;
607         TAILQ_INSERT_TAIL(&sc->sc_sessions, ses, ses_next);
608         spin_unlock_wr(&sc->sc_sessions_lock);
609
610         if (encini->cri_alg == CRYPTO_AES_CBC) {
611                 if (encini->cri_klen != 128) {
612                         glxsb_crypto_freesession(sc->sc_dev, ses->ses_id);
613                         return (EINVAL);
614                 }
615
616                 karc4rand(ses->ses_iv, sizeof(ses->ses_iv));
617                 ses->ses_klen = encini->cri_klen;
618
619                 /* Copy the key (Geode LX wants the primary key only) */
620                 bcopy(encini->cri_key, ses->ses_key, sizeof(ses->ses_key));
621         }
622
623         if (macini != NULL) {
624                 error = glxsb_hash_setup(ses, macini);
625                 if (error != 0) {
626                         glxsb_crypto_freesession(sc->sc_dev, ses->ses_id);
627                         return (error);
628                 }
629         }
630
631         *sidp = ses->ses_id;
632         return (0);
633 }
634
635 static int
636 glxsb_crypto_freesession(device_t dev, uint64_t tid)
637 {
638         struct glxsb_softc *sc = device_get_softc(dev);
639         struct glxsb_session *ses = NULL;
640         uint32_t sid = ((uint32_t)tid) & 0xffffffff;
641
642         if (sc == NULL)
643                 return (EINVAL);
644
645         spin_lock_wr(&sc->sc_sessions_lock);
646         TAILQ_FOREACH_REVERSE(ses, &sc->sc_sessions, ses_head, ses_next) {
647                 if (ses->ses_id == sid)
648                         break;
649         }
650         if (ses == NULL) {
651                 spin_unlock_wr(&sc->sc_sessions_lock);
652                 return (EINVAL);
653         }
654         TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
655         glxsb_hash_free(ses);
656         bzero(ses, sizeof(*ses));
657         ses->ses_used = 0;
658         ses->ses_id = sid;
659         TAILQ_INSERT_HEAD(&sc->sc_sessions, ses, ses_next);
660         spin_unlock_wr(&sc->sc_sessions_lock);
661
662         return (0);
663 }
664
665 static int
666 glxsb_aes(struct glxsb_softc *sc, uint32_t control, uint32_t psrc,
667     uint32_t pdst, void *key, int len, void *iv)
668 {
669         uint32_t status;
670         int i;
671
672         if (len & 0xF) {
673                 device_printf(sc->sc_dev,
674                     "len must be a multiple of 16 (not %d)\n", len);
675                 return (EINVAL);
676         }
677
678         /* Set the source */
679         bus_write_4(sc->sc_sr, SB_SOURCE_A, psrc);
680
681         /* Set the destination address */
682         bus_write_4(sc->sc_sr, SB_DEST_A, pdst);
683
684         /* Set the data length */
685         bus_write_4(sc->sc_sr, SB_LENGTH_A, len);
686
687         /* Set the IV */
688         if (iv != NULL) {
689                 bus_write_region_4(sc->sc_sr, SB_CBC_IV, iv, 4);
690                 control |= SB_CTL_CBC;
691         }
692
693         /* Set the key */
694         bus_write_region_4(sc->sc_sr, SB_WKEY, key, 4);
695
696         /* Ask the security block to do it */
697         bus_write_4(sc->sc_sr, SB_CTL_A,
698             control | SB_CTL_WK | SB_CTL_DC | SB_CTL_SC | SB_CTL_ST);
699
700         /*
701          * Now wait until it is done.
702          *
703          * We do a busy wait.  Obviously the number of iterations of
704          * the loop required to perform the AES operation depends upon
705          * the number of bytes to process.
706          *
707          * On a 500 MHz Geode LX we see
708          *
709          *      length (bytes)  typical max iterations
710          *          16             12
711          *          64             22
712          *         256             59
713          *        1024            212
714          *        8192          1,537
715          *
716          * Since we have a maximum size of operation defined in
717          * GLXSB_MAX_AES_LEN, we use this constant to decide how long
718          * to wait.  Allow an order of magnitude longer than it should
719          * really take, just in case.
720          */
721
722         for (i = 0; i < GLXSB_MAX_AES_LEN * 10; i++) {
723                 status = bus_read_4(sc->sc_sr, SB_CTL_A);
724                 if ((status & SB_CTL_ST) == 0)          /* Done */
725                         return (0);
726         }
727
728         device_printf(sc->sc_dev, "operation failed to complete\n");
729         return (EIO);
730 }
731
732 static int
733 glxsb_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd,
734     struct glxsb_session *ses, struct glxsb_softc *sc)
735 {
736         char *op_src, *op_dst;
737         uint32_t op_psrc, op_pdst;
738         uint8_t op_iv[SB_AES_BLOCK_SIZE], *piv;
739         int error;
740         int len, tlen, xlen;
741         int offset;
742         uint32_t control;
743
744         if (crd == NULL || (crd->crd_len % SB_AES_BLOCK_SIZE) != 0)
745                 return (EINVAL);
746
747         /* How much of our buffer will we need to use? */
748         xlen = crd->crd_len > GLXSB_MAX_AES_LEN ?
749             GLXSB_MAX_AES_LEN : crd->crd_len;
750
751         /*
752          * XXX Check if we can have input == output on Geode LX.
753          * XXX In the meantime, use two separate (adjacent) buffers.
754          */
755         op_src = sc->sc_dma.dma_vaddr;
756         op_dst = (char *)sc->sc_dma.dma_vaddr + xlen;
757
758         op_psrc = sc->sc_dma.dma_paddr;
759         op_pdst = sc->sc_dma.dma_paddr + xlen;
760
761         if (crd->crd_flags & CRD_F_ENCRYPT) {
762                 control = SB_CTL_ENC;
763                 if (crd->crd_flags & CRD_F_IV_EXPLICIT)
764                         bcopy(crd->crd_iv, op_iv, sizeof(op_iv));
765                 else
766                         bcopy(ses->ses_iv, op_iv, sizeof(op_iv));
767
768                 if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) {
769                         crypto_copyback(crp->crp_flags, crp->crp_buf,
770                             crd->crd_inject, sizeof(op_iv), op_iv);
771                 }
772         } else {
773                 control = SB_CTL_DEC;
774                 if (crd->crd_flags & CRD_F_IV_EXPLICIT)
775                         bcopy(crd->crd_iv, op_iv, sizeof(op_iv));
776                 else {
777                         crypto_copydata(crp->crp_flags, crp->crp_buf,
778                             crd->crd_inject, sizeof(op_iv), op_iv);
779                 }
780         }
781
782         offset = 0;
783         tlen = crd->crd_len;
784         piv = op_iv;
785
786         /* Process the data in GLXSB_MAX_AES_LEN chunks */
787         while (tlen > 0) {
788                 len = (tlen > GLXSB_MAX_AES_LEN) ? GLXSB_MAX_AES_LEN : tlen;
789                 crypto_copydata(crp->crp_flags, crp->crp_buf,
790                     crd->crd_skip + offset, len, op_src);
791
792                 glxsb_dma_pre_op(sc, &sc->sc_dma);
793
794                 error = glxsb_aes(sc, control, op_psrc, op_pdst, ses->ses_key,
795                     len, op_iv);
796
797                 glxsb_dma_post_op(sc, &sc->sc_dma);
798                 if (error != 0)
799                         return (error);
800
801                 crypto_copyback(crp->crp_flags, crp->crp_buf,
802                     crd->crd_skip + offset, len, op_dst);
803
804                 offset += len;
805                 tlen -= len;
806
807                 if (tlen <= 0) {        /* Ideally, just == 0 */
808                         /* Finished - put the IV in session IV */
809                         piv = ses->ses_iv;
810                 }
811
812                 /*
813                  * Copy out last block for use as next iteration/session IV.
814                  *
815                  * piv is set to op_iv[] before the loop starts, but is
816                  * set to ses->ses_iv if we're going to exit the loop this
817                  * time.
818                  */
819                 if (crd->crd_flags & CRD_F_ENCRYPT)
820                         bcopy(op_dst + len - sizeof(op_iv), piv, sizeof(op_iv));
821                 else {
822                         /* Decryption, only need this if another iteration */
823                         if (tlen > 0) {
824                                 bcopy(op_src + len - sizeof(op_iv), piv,
825                                     sizeof(op_iv));
826                         }
827                 }
828         } /* while */
829
830         /* All AES processing has now been done. */
831         bzero(sc->sc_dma.dma_vaddr, xlen * 2);
832
833         return (0);
834 }
835
836 static void
837 glxsb_crypto_task(void *arg, int pending)
838 {
839         struct glxsb_softc *sc = arg;
840         struct glxsb_session *ses;
841         struct cryptop *crp;
842         struct cryptodesc *enccrd, *maccrd;
843         int error;
844
845         maccrd = sc->sc_to.to_maccrd;
846         enccrd = sc->sc_to.to_enccrd;
847         crp = sc->sc_to.to_crp;
848         ses = sc->sc_to.to_ses;
849
850         /* Perform data authentication if requested before encryption */
851         if (maccrd != NULL && maccrd->crd_next == enccrd) {
852                 error = glxsb_hash_process(ses, maccrd, crp);
853                 if (error != 0)
854                         goto out;
855         }
856
857         error = glxsb_crypto_encdec(crp, enccrd, ses, sc);
858         if (error != 0)
859                 goto out;
860
861         /* Perform data authentication if requested after encryption */
862         if (maccrd != NULL && enccrd->crd_next == maccrd) {
863                 error = glxsb_hash_process(ses, maccrd, crp);
864                 if (error != 0)
865                         goto out;
866         }
867 out:
868         spin_lock_wr(&sc->sc_task_mtx);
869         sc->sc_task_count--;
870         spin_unlock_wr(&sc->sc_task_mtx);
871
872         crp->crp_etype = error;
873         crypto_unblock(sc->sc_cid, CRYPTO_SYMQ);
874         crypto_done(crp);
875 }
876
877 static int
878 glxsb_crypto_process(device_t dev, struct cryptop *crp, int hint)
879 {
880         struct glxsb_softc *sc = device_get_softc(dev);
881         struct glxsb_session *ses;
882         struct cryptodesc *crd, *enccrd, *maccrd;
883         uint32_t sid;
884         int error = 0;
885
886         enccrd = maccrd = NULL;
887
888         /* Sanity check. */
889         if (crp == NULL)
890                 return (EINVAL);
891
892         if (crp->crp_callback == NULL || crp->crp_desc == NULL) {
893                 error = EINVAL;
894                 goto fail;
895         }
896
897         for (crd = crp->crp_desc; crd != NULL; crd = crd->crd_next) {
898                 switch (crd->crd_alg) {
899                 case CRYPTO_NULL_HMAC:
900                 case CRYPTO_MD5_HMAC:
901                 case CRYPTO_SHA1_HMAC:
902                 case CRYPTO_RIPEMD160_HMAC:
903                 case CRYPTO_SHA2_256_HMAC:
904                 case CRYPTO_SHA2_384_HMAC:
905                 case CRYPTO_SHA2_512_HMAC:
906                         if (maccrd != NULL) {
907                                 error = EINVAL;
908                                 goto fail;
909                         }
910                         maccrd = crd;
911                         break;
912                 case CRYPTO_AES_CBC:
913                         if (enccrd != NULL) {
914                                 error = EINVAL;
915                                 goto fail;
916                         }
917                         enccrd = crd;
918                         break;
919                 default:
920                         error = EINVAL;
921                         goto fail;
922                 }
923         }
924
925         if (enccrd == NULL || enccrd->crd_len % AES_BLOCK_LEN != 0) {
926                 error = EINVAL;
927                 goto fail;
928         }
929
930         sid = crp->crp_sid & 0xffffffff;
931         spin_lock_wr(&sc->sc_sessions_lock);
932         TAILQ_FOREACH_REVERSE(ses, &sc->sc_sessions, ses_head, ses_next) {
933                 if (ses->ses_id == sid)
934                         break;
935         }
936         spin_unlock_wr(&sc->sc_sessions_lock);
937         if (ses == NULL || !ses->ses_used) {
938                 error = EINVAL;
939                 goto fail;
940         }
941
942         spin_lock_wr(&sc->sc_task_mtx);
943         if (sc->sc_task_count != 0) {
944                 spin_unlock_wr(&sc->sc_task_mtx);
945                 return (ERESTART);
946         }
947         sc->sc_task_count++;
948
949         sc->sc_to.to_maccrd = maccrd;
950         sc->sc_to.to_enccrd = enccrd;
951         sc->sc_to.to_crp = crp;
952         sc->sc_to.to_ses = ses;
953         spin_unlock_wr(&sc->sc_task_mtx);
954         /* XXX: thread taskqueues ? */
955         taskqueue_enqueue(sc->sc_tq, &sc->sc_cryptotask);
956         return(0);
957
958 fail:
959         crp->crp_etype = error;
960         crypto_done(crp);
961         return (error);
962 }