sys/dev/crypto/ubsec/ubsec.c

   1 /* $FreeBSD: src/sys/dev/ubsec/ubsec.c,v 1.6.2.12 2003/06/04 17:56:59 sam Exp $ */
   2 /* $DragonFly: src/sys/dev/crypto/ubsec/ubsec.c,v 1.6 2004/06/02 14:42:49 eirikn Exp $ */
   3 /*      $OpenBSD: ubsec.c,v 1.115 2002/09/24 18:33:26 jason Exp $       */
   4
   5 /*
   6  * Copyright (c) 2000 Jason L. Wright (jason@thought.net)
   7  * Copyright (c) 2000 Theo de Raadt (deraadt@openbsd.org)
   8  * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com)
   9  *
  10  * All rights reserved.
  11  *
  12  * Redistribution and use in source and binary forms, with or without
  13  * modification, are permitted provided that the following conditions
  14  * are met:
  15  * 1. Redistributions of source code must retain the above copyright
  16  *    notice, this list of conditions and the following disclaimer.
  17  * 2. Redistributions in binary form must reproduce the above copyright
  18  *    notice, this list of conditions and the following disclaimer in the
  19  *    documentation and/or other materials provided with the distribution.
  20  * 3. All advertising materials mentioning features or use of this software
  21  *    must display the following acknowledgement:
  22  *      This product includes software developed by Jason L. Wright
  23  * 4. The name of the author may not be used to endorse or promote products
  24  *    derived from this software without specific prior written permission.
  25  *
  26  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  27  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  28  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  29  * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
  30  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  31  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  32  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  33  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  34  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
  35  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  36  * POSSIBILITY OF SUCH DAMAGE.
  37  *
  38  * Effort sponsored in part by the Defense Advanced Research Projects
  39  * Agency (DARPA) and Air Force Research Laboratory, Air Force
  40  * Materiel Command, USAF, under agreement number F30602-01-2-0537.
  41  *
  42  */
  43
  44 /*
  45  * uBsec 5[56]01, 58xx hardware crypto accelerator
  46  */
  47
  48 #include "opt_ubsec.h"
  49
  50 #include <sys/param.h>
  51 #include <sys/systm.h>
  52 #include <sys/proc.h>
  53 #include <sys/errno.h>
  54 #include <sys/malloc.h>
  55 #include <sys/kernel.h>
  56 #include <sys/mbuf.h>
  57 #include <sys/sysctl.h>
  58 #include <sys/endian.h>
  59
  60 #include <vm/vm.h>
  61 #include <vm/pmap.h>
  62
  63 #include <machine/clock.h>
  64 #include <machine/bus.h>
  65 #include <machine/resource.h>
  66 #include <sys/bus.h>
  67 #include <sys/rman.h>
  68
  69 #include <crypto/sha1.h>
  70 #include <opencrypto/cryptodev.h>
  71 #include <opencrypto/cryptosoft.h>
  72 #include <sys/md5.h>
  73 #include <sys/random.h>
  74
  75 #include <bus/pci/pcivar.h>
  76 #include <bus/pci/pcireg.h>
  77
  78 /* grr, #defines for gratuitous incompatibility in queue.h */
  79 #define SIMPLEQ_HEAD            STAILQ_HEAD
  80 #define SIMPLEQ_ENTRY           STAILQ_ENTRY
  81 #define SIMPLEQ_INIT            STAILQ_INIT
  82 #define SIMPLEQ_INSERT_TAIL     STAILQ_INSERT_TAIL
  83 #define SIMPLEQ_EMPTY           STAILQ_EMPTY
  84 #define SIMPLEQ_FIRST           STAILQ_FIRST
  85 #define SIMPLEQ_REMOVE_HEAD     STAILQ_REMOVE_HEAD_UNTIL
  86 #define SIMPLEQ_FOREACH         STAILQ_FOREACH
  87 /* ditto for endian.h */
  88 #define letoh16(x)              le16toh(x)
  89 #define letoh32(x)              le32toh(x)
  90
  91 #ifdef UBSEC_RNDTEST
  92 #include "../rndtest/rndtest.h"
  93 #endif
  94 #include "ubsecreg.h"
  95 #include "ubsecvar.h"
  96
  97 /*
  98  * Prototypes and count for the pci_device structure
  99  */
 100 static  int ubsec_probe(device_t);
 101 static  int ubsec_attach(device_t);
 102 static  int ubsec_detach(device_t);
 103 static  int ubsec_suspend(device_t);
 104 static  int ubsec_resume(device_t);
 105 static  void ubsec_shutdown(device_t);
 106
 107 static device_method_t ubsec_methods[] = {
 108         /* Device interface */
 109         DEVMETHOD(device_probe,         ubsec_probe),
 110         DEVMETHOD(device_attach,        ubsec_attach),
 111         DEVMETHOD(device_detach,        ubsec_detach),
 112         DEVMETHOD(device_suspend,       ubsec_suspend),
 113         DEVMETHOD(device_resume,        ubsec_resume),
 114         DEVMETHOD(device_shutdown,      ubsec_shutdown),
 115
 116         /* bus interface */
 117         DEVMETHOD(bus_print_child,      bus_generic_print_child),
 118         DEVMETHOD(bus_driver_added,     bus_generic_driver_added),
 119
 120         { 0, 0 }
 121 };
 122 static driver_t ubsec_driver = {
 123         "ubsec",
 124         ubsec_methods,
 125         sizeof (struct ubsec_softc)
 126 };
 127 static devclass_t ubsec_devclass;
 128
 129 DECLARE_DUMMY_MODULE(ubsec);
 130 DRIVER_MODULE(ubsec, pci, ubsec_driver, ubsec_devclass, 0, 0);
 131 MODULE_DEPEND(ubsec, crypto, 1, 1, 1);
 132 #ifdef UBSEC_RNDTEST
 133 MODULE_DEPEND(ubsec, rndtest, 1, 1, 1);
 134 #endif
 135
 136 static  void ubsec_intr(void *);
 137 static  int ubsec_newsession(void *, u_int32_t *, struct cryptoini *);
 138 static  int ubsec_freesession(void *, u_int64_t);
 139 static  int ubsec_process(void *, struct cryptop *, int);
 140 static  void ubsec_callback(struct ubsec_softc *, struct ubsec_q *);
 141 static  void ubsec_feed(struct ubsec_softc *);
 142 static  void ubsec_mcopy(struct mbuf *, struct mbuf *, int, int);
 143 static  void ubsec_callback2(struct ubsec_softc *, struct ubsec_q2 *);
 144 static  int ubsec_feed2(struct ubsec_softc *);
 145 static  void ubsec_rng(void *);
 146 static  int ubsec_dma_malloc(struct ubsec_softc *, bus_size_t,
 147                              struct ubsec_dma_alloc *, int);
 148 #define ubsec_dma_sync(_dma, _flags) \
 149         bus_dmamap_sync((_dma)->dma_tag, (_dma)->dma_map, (_flags))
 150 static  void ubsec_dma_free(struct ubsec_softc *, struct ubsec_dma_alloc *);
 151 static  int ubsec_dmamap_aligned(struct ubsec_operand *op);
 152
 153 static  void ubsec_reset_board(struct ubsec_softc *sc);
 154 static  void ubsec_init_board(struct ubsec_softc *sc);
 155 static  void ubsec_init_pciregs(device_t dev);
 156 static  void ubsec_totalreset(struct ubsec_softc *sc);
 157
 158 static  int ubsec_free_q(struct ubsec_softc *sc, struct ubsec_q *q);
 159
 160 static  int ubsec_kprocess(void*, struct cryptkop *, int);
 161 static  int ubsec_kprocess_modexp_hw(struct ubsec_softc *, struct cryptkop *, int);
 162 static  int ubsec_kprocess_modexp_sw(struct ubsec_softc *, struct cryptkop *, int);
 163 static  int ubsec_kprocess_rsapriv(struct ubsec_softc *, struct cryptkop *, int);
 164 static  void ubsec_kfree(struct ubsec_softc *, struct ubsec_q2 *);
 165 static  int ubsec_ksigbits(struct crparam *);
 166 static  void ubsec_kshift_r(u_int, u_int8_t *, u_int, u_int8_t *, u_int);
 167 static  void ubsec_kshift_l(u_int, u_int8_t *, u_int, u_int8_t *, u_int);
 168
 169 SYSCTL_NODE(_hw, OID_AUTO, ubsec, CTLFLAG_RD, 0, "Broadcom driver parameters");
 170
 171 #ifdef UBSEC_DEBUG
 172 static  void ubsec_dump_pb(volatile struct ubsec_pktbuf *);
 173 static  void ubsec_dump_mcr(struct ubsec_mcr *);
 174 static  void ubsec_dump_ctx2(struct ubsec_ctx_keyop *);
 175
 176 static  int ubsec_debug = 0;
 177 SYSCTL_INT(_hw_ubsec, OID_AUTO, debug, CTLFLAG_RW, &ubsec_debug,
 178             0, "control debugging msgs");
 179 #endif
 180
 181 #define READ_REG(sc,r) \
 182         bus_space_read_4((sc)->sc_st, (sc)->sc_sh, (r))
 183
 184 #define WRITE_REG(sc,reg,val) \
 185         bus_space_write_4((sc)->sc_st, (sc)->sc_sh, reg, val)
 186
 187 #define SWAP32(x) (x) = htole32(ntohl((x)))
 188 #define HTOLE32(x) (x) = htole32(x)
 189
 190
 191 struct ubsec_stats ubsecstats;
 192 SYSCTL_STRUCT(_hw_ubsec, OID_AUTO, stats, CTLFLAG_RD, &ubsecstats,
 193             ubsec_stats, "driver statistics");
 194
 195 static int
 196 ubsec_probe(device_t dev)
 197 {
 198         if (pci_get_vendor(dev) == PCI_VENDOR_SUN &&
 199             (pci_get_device(dev) == PCI_PRODUCT_SUN_5821 ||
 200              pci_get_device(dev) == PCI_PRODUCT_SUN_SCA1K))
 201                 return (0);
 202         if (pci_get_vendor(dev) == PCI_VENDOR_BLUESTEEL &&
 203             (pci_get_device(dev) == PCI_PRODUCT_BLUESTEEL_5501 ||
 204              pci_get_device(dev) == PCI_PRODUCT_BLUESTEEL_5601))
 205                 return (0);
 206         if (pci_get_vendor(dev) == PCI_VENDOR_BROADCOM &&
 207             (pci_get_device(dev) == PCI_PRODUCT_BROADCOM_5801 ||
 208              pci_get_device(dev) == PCI_PRODUCT_BROADCOM_5802 ||
 209              pci_get_device(dev) == PCI_PRODUCT_BROADCOM_5805 ||
 210              pci_get_device(dev) == PCI_PRODUCT_BROADCOM_5820 ||
 211              pci_get_device(dev) == PCI_PRODUCT_BROADCOM_5821 ||
 212              pci_get_device(dev) == PCI_PRODUCT_BROADCOM_5822 ||
 213              pci_get_device(dev) == PCI_PRODUCT_BROADCOM_5823
 214              ))
 215                 return (0);
 216         return (ENXIO);
 217 }
 218
 219 static const char*
 220 ubsec_partname(struct ubsec_softc *sc)
 221 {
 222         /* XXX sprintf numbers when not decoded */
 223         switch (pci_get_vendor(sc->sc_dev)) {
 224         case PCI_VENDOR_BROADCOM:
 225                 switch (pci_get_device(sc->sc_dev)) {
 226                 case PCI_PRODUCT_BROADCOM_5801: return "Broadcom 5801";
 227                 case PCI_PRODUCT_BROADCOM_5802: return "Broadcom 5802";
 228                 case PCI_PRODUCT_BROADCOM_5805: return "Broadcom 5805";
 229                 case PCI_PRODUCT_BROADCOM_5820: return "Broadcom 5820";
 230                 case PCI_PRODUCT_BROADCOM_5821: return "Broadcom 5821";
 231                 case PCI_PRODUCT_BROADCOM_5822: return "Broadcom 5822";
 232                 case PCI_PRODUCT_BROADCOM_5823: return "Broadcom 5823";
 233                 }
 234                 return "Broadcom unknown-part";
 235         case PCI_VENDOR_BLUESTEEL:
 236                 switch (pci_get_device(sc->sc_dev)) {
 237                 case PCI_PRODUCT_BLUESTEEL_5601: return "Bluesteel 5601";
 238                 }
 239                 return "Bluesteel unknown-part";
 240         case PCI_VENDOR_SUN:
 241                 switch (pci_get_device(sc->sc_dev)) {
 242                 case PCI_PRODUCT_SUN_5821: return "Sun Crypto 5821";
 243                 case PCI_PRODUCT_SUN_SCA1K: return "Sun Crypto 1K";
 244                 }
 245                 return "Sun unknown-part";
 246         }
 247         return "Unknown-vendor unknown-part";
 248 }
 249
 250 static void
 251 default_harvest(struct rndtest_state *rsp, void *buf, u_int count)
 252 {
 253         u_int32_t *p = (u_int32_t *)buf;
 254         for (count /= sizeof (u_int32_t); count; count--)
 255                 add_true_randomness(*p++);
 256 }
 257
 258 static int
 259 ubsec_attach(device_t dev)
 260 {
 261         struct ubsec_softc *sc = device_get_softc(dev);
 262         struct ubsec_dma *dmap;
 263         u_int32_t cmd, i;
 264         int rid;
 265
 266         KASSERT(sc != NULL, ("ubsec_attach: null software carrier!"));
 267         bzero(sc, sizeof (*sc));
 268         sc->sc_dev = dev;
 269
 270         SIMPLEQ_INIT(&sc->sc_queue);
 271         SIMPLEQ_INIT(&sc->sc_qchip);
 272         SIMPLEQ_INIT(&sc->sc_queue2);
 273         SIMPLEQ_INIT(&sc->sc_qchip2);
 274         SIMPLEQ_INIT(&sc->sc_q2free);
 275
 276         /* XXX handle power management */
 277
 278         sc->sc_statmask = BS_STAT_MCR1_DONE | BS_STAT_DMAERR;
 279
 280         if (pci_get_vendor(dev) == PCI_VENDOR_BLUESTEEL &&
 281             pci_get_device(dev) == PCI_PRODUCT_BLUESTEEL_5601)
 282                 sc->sc_flags |= UBS_FLAGS_KEY | UBS_FLAGS_RNG;
 283
 284         if (pci_get_vendor(dev) == PCI_VENDOR_BROADCOM &&
 285             (pci_get_device(dev) == PCI_PRODUCT_BROADCOM_5802 ||
 286              pci_get_device(dev) == PCI_PRODUCT_BROADCOM_5805))
 287                 sc->sc_flags |= UBS_FLAGS_KEY | UBS_FLAGS_RNG;
 288
 289         if (pci_get_vendor(dev) == PCI_VENDOR_BROADCOM &&
 290             pci_get_device(dev) == PCI_PRODUCT_BROADCOM_5820)
 291                 sc->sc_flags |= UBS_FLAGS_KEY | UBS_FLAGS_RNG |
 292                     UBS_FLAGS_LONGCTX | UBS_FLAGS_HWNORM | UBS_FLAGS_BIGKEY;
 293
 294         if ((pci_get_vendor(dev) == PCI_VENDOR_BROADCOM &&
 295              (pci_get_device(dev) == PCI_PRODUCT_BROADCOM_5821 ||
 296               pci_get_device(dev) == PCI_PRODUCT_BROADCOM_5822 ||
 297               pci_get_device(dev) == PCI_PRODUCT_BROADCOM_5823)) ||
 298             (pci_get_vendor(dev) == PCI_VENDOR_SUN &&
 299              (pci_get_device(dev) == PCI_PRODUCT_SUN_SCA1K ||
 300               pci_get_device(dev) == PCI_PRODUCT_SUN_5821))) {
 301                 /* NB: the 5821/5822 defines some additional status bits */
 302                 sc->sc_statmask |= BS_STAT_MCR1_ALLEMPTY |
 303                     BS_STAT_MCR2_ALLEMPTY;
 304                 sc->sc_flags |= UBS_FLAGS_KEY | UBS_FLAGS_RNG |
 305                     UBS_FLAGS_LONGCTX | UBS_FLAGS_HWNORM | UBS_FLAGS_BIGKEY;
 306         }
 307
 308         cmd = pci_read_config(dev, PCIR_COMMAND, 4);
 309         cmd |= PCIM_CMD_MEMEN | PCIM_CMD_BUSMASTEREN;
 310         pci_write_config(dev, PCIR_COMMAND, cmd, 4);
 311         cmd = pci_read_config(dev, PCIR_COMMAND, 4);
 312
 313         if (!(cmd & PCIM_CMD_MEMEN)) {
 314                 device_printf(dev, "failed to enable memory mapping\n");
 315                 goto bad;
 316         }
 317
 318         if (!(cmd & PCIM_CMD_BUSMASTEREN)) {
 319                 device_printf(dev, "failed to enable bus mastering\n");
 320                 goto bad;
 321         }
 322
 323         /*
 324          * Setup memory-mapping of PCI registers.
 325          */
 326         rid = BS_BAR;
 327         sc->sc_sr = bus_alloc_resource(dev, SYS_RES_MEMORY, &rid,
 328                                        0, ~0, 1, RF_ACTIVE);
 329         if (sc->sc_sr == NULL) {
 330                 device_printf(dev, "cannot map register space\n");
 331                 goto bad;
 332         }
 333         sc->sc_st = rman_get_bustag(sc->sc_sr);
 334         sc->sc_sh = rman_get_bushandle(sc->sc_sr);
 335
 336         /*
 337          * Arrange interrupt line.
 338          */
 339         rid = 0;
 340         sc->sc_irq = bus_alloc_resource(dev, SYS_RES_IRQ, &rid,
 341                                         0, ~0, 1, RF_SHAREABLE|RF_ACTIVE);
 342         if (sc->sc_irq == NULL) {
 343                 device_printf(dev, "could not map interrupt\n");
 344                 goto bad1;
 345         }
 346         /*
 347          * NB: Network code assumes we are blocked with splimp()
 348          *     so make sure the IRQ is mapped appropriately.
 349          */
 350         if (bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET,
 351                            ubsec_intr, sc, &sc->sc_ih)) {
 352                 device_printf(dev, "could not establish interrupt\n");
 353                 goto bad2;
 354         }
 355
 356         sc->sc_cid = crypto_get_driverid(0);
 357         if (sc->sc_cid < 0) {
 358                 device_printf(dev, "could not get crypto driver id\n");
 359                 goto bad3;
 360         }
 361
 362         /*
 363          * Setup DMA descriptor area.
 364          */
 365         if (bus_dma_tag_create(NULL,                    /* parent */
 366                                1, 0,                    /* alignment, bounds */
 367                                BUS_SPACE_MAXADDR_32BIT, /* lowaddr */
 368                                BUS_SPACE_MAXADDR,       /* highaddr */
 369                                NULL, NULL,              /* filter, filterarg */
 370                                0x3ffff,                 /* maxsize */
 371                                UBS_MAX_SCATTER,         /* nsegments */
 372                                0xffff,                  /* maxsegsize */
 373                                BUS_DMA_ALLOCNOW,        /* flags */
 374                                &sc->sc_dmat)) {
 375                 device_printf(dev, "cannot allocate DMA tag\n");
 376                 goto bad4;
 377         }
 378         SIMPLEQ_INIT(&sc->sc_freequeue);
 379         dmap = sc->sc_dmaa;
 380         for (i = 0; i < UBS_MAX_NQUEUE; i++, dmap++) {
 381                 struct ubsec_q *q;
 382
 383                 q = malloc(sizeof(struct ubsec_q), M_DEVBUF, M_WAITOK);
 384                 if (ubsec_dma_malloc(sc, sizeof(struct ubsec_dmachunk),
 385                     &dmap->d_alloc, 0)) {
 386                         device_printf(dev, "cannot allocate dma buffers\n");
 387                         free(q, M_DEVBUF);
 388                         break;
 389                 }
 390                 dmap->d_dma = (struct ubsec_dmachunk *)dmap->d_alloc.dma_vaddr;
 391
 392                 q->q_dma = dmap;
 393                 sc->sc_queuea[i] = q;
 394
 395                 SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next);
 396         }
 397
 398         device_printf(sc->sc_dev, "%s\n", ubsec_partname(sc));
 399
 400         crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0,
 401             ubsec_newsession, ubsec_freesession, ubsec_process, sc);
 402         crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0,
 403              ubsec_newsession, ubsec_freesession, ubsec_process, sc);
 404         crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0,
 405              ubsec_newsession, ubsec_freesession, ubsec_process, sc);
 406         crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0,
 407              ubsec_newsession, ubsec_freesession, ubsec_process, sc);
 408
 409         /*
 410          * Reset Broadcom chip
 411          */
 412         ubsec_reset_board(sc);
 413
 414         /*
 415          * Init Broadcom specific PCI settings
 416          */
 417         ubsec_init_pciregs(dev);
 418
 419         /*
 420          * Init Broadcom chip
 421          */
 422         ubsec_init_board(sc);
 423
 424 #ifndef UBSEC_NO_RNG
 425         if (sc->sc_flags & UBS_FLAGS_RNG) {
 426                 sc->sc_statmask |= BS_STAT_MCR2_DONE;
 427 #ifdef UBSEC_RNDTEST
 428                 sc->sc_rndtest = rndtest_attach(dev);
 429                 if (sc->sc_rndtest)
 430                         sc->sc_harvest = rndtest_harvest;
 431                 else
 432                         sc->sc_harvest = default_harvest;
 433 #else
 434                 sc->sc_harvest = default_harvest;
 435 #endif
 436
 437                 if (ubsec_dma_malloc(sc, sizeof(struct ubsec_mcr),
 438                     &sc->sc_rng.rng_q.q_mcr, 0))
 439                         goto skip_rng;
 440
 441                 if (ubsec_dma_malloc(sc, sizeof(struct ubsec_ctx_rngbypass),
 442                     &sc->sc_rng.rng_q.q_ctx, 0)) {
 443                         ubsec_dma_free(sc, &sc->sc_rng.rng_q.q_mcr);
 444                         goto skip_rng;
 445                 }
 446
 447                 if (ubsec_dma_malloc(sc, sizeof(u_int32_t) *
 448                     UBSEC_RNG_BUFSIZ, &sc->sc_rng.rng_buf, 0)) {
 449                         ubsec_dma_free(sc, &sc->sc_rng.rng_q.q_ctx);
 450                         ubsec_dma_free(sc, &sc->sc_rng.rng_q.q_mcr);
 451                         goto skip_rng;
 452                 }
 453
 454                 if (hz >= 100)
 455                         sc->sc_rnghz = hz / 100;
 456                 else
 457                         sc->sc_rnghz = 1;
 458                 callout_init(&sc->sc_rngto);
 459                 callout_reset(&sc->sc_rngto, sc->sc_rnghz, ubsec_rng, sc);
 460 skip_rng:
 461         ;
 462         }
 463 #endif /* UBSEC_NO_RNG */
 464
 465         if (sc->sc_flags & UBS_FLAGS_KEY) {
 466                 sc->sc_statmask |= BS_STAT_MCR2_DONE;
 467
 468                 crypto_kregister(sc->sc_cid, CRK_MOD_EXP, 0,
 469                         ubsec_kprocess, sc);
 470 #if 0
 471                 crypto_kregister(sc->sc_cid, CRK_MOD_EXP_CRT, 0,
 472                         ubsec_kprocess, sc);
 473 #endif
 474         }
 475         return (0);
 476 bad4:
 477         crypto_unregister_all(sc->sc_cid);
 478 bad3:
 479         bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih);
 480 bad2:
 481         bus_release_resource(dev, SYS_RES_IRQ, 0, sc->sc_irq);
 482 bad1:
 483         bus_release_resource(dev, SYS_RES_MEMORY, BS_BAR, sc->sc_sr);
 484 bad:
 485         return (ENXIO);
 486 }
 487
 488 /*
 489  * Detach a device that successfully probed.
 490  */
 491 static int
 492 ubsec_detach(device_t dev)
 493 {
 494         struct ubsec_softc *sc = device_get_softc(dev);
 495         int s;
 496
 497         KASSERT(sc != NULL, ("ubsec_detach: null software carrier"));
 498
 499         /* XXX wait/abort active ops */
 500
 501         s = splimp();
 502
 503         callout_stop(&sc->sc_rngto);
 504
 505         crypto_unregister_all(sc->sc_cid);
 506
 507 #ifdef UBSEC_RNDTEST
 508         if (sc->sc_rndtest)
 509                 rndtest_detach(sc->sc_rndtest);
 510 #endif
 511
 512         while (!SIMPLEQ_EMPTY(&sc->sc_freequeue)) {
 513                 struct ubsec_q *q;
 514
 515                 q = SIMPLEQ_FIRST(&sc->sc_freequeue);
 516                 SIMPLEQ_REMOVE_HEAD(&sc->sc_freequeue, q, q_next);
 517                 ubsec_dma_free(sc, &q->q_dma->d_alloc);
 518                 free(q, M_DEVBUF);
 519         }
 520 #ifndef UBSEC_NO_RNG
 521         if (sc->sc_flags & UBS_FLAGS_RNG) {
 522                 ubsec_dma_free(sc, &sc->sc_rng.rng_q.q_mcr);
 523                 ubsec_dma_free(sc, &sc->sc_rng.rng_q.q_ctx);
 524                 ubsec_dma_free(sc, &sc->sc_rng.rng_buf);
 525         }
 526 #endif /* UBSEC_NO_RNG */
 527
 528         bus_generic_detach(dev);
 529         bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih);
 530         bus_release_resource(dev, SYS_RES_IRQ, 0, sc->sc_irq);
 531
 532         bus_dma_tag_destroy(sc->sc_dmat);
 533         bus_release_resource(dev, SYS_RES_MEMORY, BS_BAR, sc->sc_sr);
 534
 535         splx(s);
 536
 537         return (0);
 538 }
 539
 540 /*
 541  * Stop all chip i/o so that the kernel's probe routines don't
 542  * get confused by errant DMAs when rebooting.
 543  */
 544 static void
 545 ubsec_shutdown(device_t dev)
 546 {
 547 #ifdef notyet
 548         ubsec_stop(device_get_softc(dev));
 549 #endif
 550 }
 551
 552 /*
 553  * Device suspend routine.
 554  */
 555 static int
 556 ubsec_suspend(device_t dev)
 557 {
 558         struct ubsec_softc *sc = device_get_softc(dev);
 559
 560         KASSERT(sc != NULL, ("ubsec_suspend: null software carrier"));
 561 #ifdef notyet
 562         /* XXX stop the device and save PCI settings */
 563 #endif
 564         sc->sc_suspended = 1;
 565
 566         return (0);
 567 }
 568
 569 static int
 570 ubsec_resume(device_t dev)
 571 {
 572         struct ubsec_softc *sc = device_get_softc(dev);
 573
 574         KASSERT(sc != NULL, ("ubsec_resume: null software carrier"));
 575 #ifdef notyet
 576         /* XXX retore PCI settings and start the device */
 577 #endif
 578         sc->sc_suspended = 0;
 579         return (0);
 580 }
 581
 582 /*
 583  * UBSEC Interrupt routine
 584  */
 585 static void
 586 ubsec_intr(void *arg)
 587 {
 588         struct ubsec_softc *sc = arg;
 589         volatile u_int32_t stat;
 590         struct ubsec_q *q;
 591         struct ubsec_dma *dmap;
 592         int npkts = 0, i;
 593
 594         stat = READ_REG(sc, BS_STAT);
 595         stat &= sc->sc_statmask;
 596         if (stat == 0) {
 597                 return;
 598         }
 599
 600         WRITE_REG(sc, BS_STAT, stat);           /* IACK */
 601
 602         /*
 603          * Check to see if we have any packets waiting for us
 604          */
 605         if ((stat & BS_STAT_MCR1_DONE)) {
 606                 while (!SIMPLEQ_EMPTY(&sc->sc_qchip)) {
 607                         q = SIMPLEQ_FIRST(&sc->sc_qchip);
 608                         dmap = q->q_dma;
 609
 610                         if ((dmap->d_dma->d_mcr.mcr_flags & htole16(UBS_MCR_DONE)) == 0)
 611                                 break;
 612
 613                         SIMPLEQ_REMOVE_HEAD(&sc->sc_qchip, q, q_next);
 614
 615                         npkts = q->q_nstacked_mcrs;
 616                         sc->sc_nqchip -= 1+npkts;
 617                         /*
 618                          * search for further sc_qchip ubsec_q's that share
 619                          * the same MCR, and complete them too, they must be
 620                          * at the top.
 621                          */
 622                         for (i = 0; i < npkts; i++) {
 623                                 if(q->q_stacked_mcr[i]) {
 624                                         ubsec_callback(sc, q->q_stacked_mcr[i]);
 625                                 } else {
 626                                         break;
 627                                 }
 628                         }
 629                         ubsec_callback(sc, q);
 630                 }
 631
 632                 /*
 633                  * Don't send any more packet to chip if there has been
 634                  * a DMAERR.
 635                  */
 636                 if (!(stat & BS_STAT_DMAERR))
 637                         ubsec_feed(sc);
 638         }
 639
 640         /*
 641          * Check to see if we have any key setups/rng's waiting for us
 642          */
 643         if ((sc->sc_flags & (UBS_FLAGS_KEY|UBS_FLAGS_RNG)) &&
 644             (stat & BS_STAT_MCR2_DONE)) {
 645                 struct ubsec_q2 *q2;
 646                 struct ubsec_mcr *mcr;
 647
 648                 while (!SIMPLEQ_EMPTY(&sc->sc_qchip2)) {
 649                         q2 = SIMPLEQ_FIRST(&sc->sc_qchip2);
 650
 651                         ubsec_dma_sync(&q2->q_mcr,
 652                             BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE);
 653
 654                         mcr = (struct ubsec_mcr *)q2->q_mcr.dma_vaddr;
 655                         if ((mcr->mcr_flags & htole16(UBS_MCR_DONE)) == 0) {
 656                                 ubsec_dma_sync(&q2->q_mcr,
 657                                     BUS_DMASYNC_PREREAD|BUS_DMASYNC_PREWRITE);
 658                                 break;
 659                         }
 660                         SIMPLEQ_REMOVE_HEAD(&sc->sc_qchip2, q2, q_next);
 661                         ubsec_callback2(sc, q2);
 662                         /*
 663                          * Don't send any more packet to chip if there has been
 664                          * a DMAERR.
 665                          */
 666                         if (!(stat & BS_STAT_DMAERR))
 667                                 ubsec_feed2(sc);
 668                 }
 669         }
 670
 671         /*
 672          * Check to see if we got any DMA Error
 673          */
 674         if (stat & BS_STAT_DMAERR) {
 675 #ifdef UBSEC_DEBUG
 676                 if (ubsec_debug) {
 677                         volatile u_int32_t a = READ_REG(sc, BS_ERR);
 678
 679                         printf("dmaerr %s@%08x\n",
 680                             (a & BS_ERR_READ) ? "read" : "write",
 681                             a & BS_ERR_ADDR);
 682                 }
 683 #endif /* UBSEC_DEBUG */
 684                 ubsecstats.hst_dmaerr++;
 685                 ubsec_totalreset(sc);
 686                 ubsec_feed(sc);
 687         }
 688
 689         if (sc->sc_needwakeup) {                /* XXX check high watermark */
 690                 int wakeup = sc->sc_needwakeup & (CRYPTO_SYMQ|CRYPTO_ASYMQ);
 691 #ifdef UBSEC_DEBUG
 692                 if (ubsec_debug)
 693                         device_printf(sc->sc_dev, "wakeup crypto (%x)\n",
 694                                 sc->sc_needwakeup);
 695 #endif /* UBSEC_DEBUG */
 696                 sc->sc_needwakeup &= ~wakeup;
 697                 crypto_unblock(sc->sc_cid, wakeup);
 698         }
 699 }
 700
 701 /*
 702  * ubsec_feed() - aggregate and post requests to chip
 703  */
 704 static void
 705 ubsec_feed(struct ubsec_softc *sc)
 706 {
 707         struct ubsec_q *q, *q2;
 708         int npkts, i;
 709         void *v;
 710         u_int32_t stat;
 711
 712         /*
 713          * Decide how many ops to combine in a single MCR.  We cannot
 714          * aggregate more than UBS_MAX_AGGR because this is the number
 715          * of slots defined in the data structure.  Note that
 716          * aggregation only happens if ops are marked batch'able.
 717          * Aggregating ops reduces the number of interrupts to the host
 718          * but also (potentially) increases the latency for processing
 719          * completed ops as we only get an interrupt when all aggregated
 720          * ops have completed.
 721          */
 722         if (sc->sc_nqueue == 0)
 723                 return;
 724         if (sc->sc_nqueue > 1) {
 725                 npkts = 0;
 726                 SIMPLEQ_FOREACH(q, &sc->sc_queue, q_next) {
 727                         npkts++;
 728                         if ((q->q_crp->crp_flags & CRYPTO_F_BATCH) == 0)
 729                                 break;
 730                 }
 731         } else
 732                 npkts = 1;
 733         /*
 734          * Check device status before going any further.
 735          */
 736         if ((stat = READ_REG(sc, BS_STAT)) & (BS_STAT_MCR1_FULL | BS_STAT_DMAERR)) {
 737                 if (stat & BS_STAT_DMAERR) {
 738                         ubsec_totalreset(sc);
 739                         ubsecstats.hst_dmaerr++;
 740                 } else
 741                         ubsecstats.hst_mcr1full++;
 742                 return;
 743         }
 744         if (sc->sc_nqueue > ubsecstats.hst_maxqueue)
 745                 ubsecstats.hst_maxqueue = sc->sc_nqueue;
 746         if (npkts > UBS_MAX_AGGR)
 747                 npkts = UBS_MAX_AGGR;
 748         if (npkts < 2)                          /* special case 1 op */
 749                 goto feed1;
 750
 751         ubsecstats.hst_totbatch += npkts-1;
 752 #ifdef UBSEC_DEBUG
 753         if (ubsec_debug)
 754                 printf("merging %d records\n", npkts);
 755 #endif /* UBSEC_DEBUG */
 756
 757         q = SIMPLEQ_FIRST(&sc->sc_queue);
 758         SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q, q_next);
 759         --sc->sc_nqueue;
 760
 761         bus_dmamap_sync(sc->sc_dmat, q->q_src_map, BUS_DMASYNC_PREWRITE);
 762         if (q->q_dst_map != NULL)
 763                 bus_dmamap_sync(sc->sc_dmat, q->q_dst_map, BUS_DMASYNC_PREREAD);
 764
 765         q->q_nstacked_mcrs = npkts - 1;         /* Number of packets stacked */
 766
 767         for (i = 0; i < q->q_nstacked_mcrs; i++) {
 768                 q2 = SIMPLEQ_FIRST(&sc->sc_queue);
 769                 bus_dmamap_sync(sc->sc_dmat, q2->q_src_map,
 770                     BUS_DMASYNC_PREWRITE);
 771                 if (q2->q_dst_map != NULL)
 772                         bus_dmamap_sync(sc->sc_dmat, q2->q_dst_map,
 773                             BUS_DMASYNC_PREREAD);
 774                 SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q2, q_next);
 775                 --sc->sc_nqueue;
 776
 777                 v = (void*)(((char *)&q2->q_dma->d_dma->d_mcr) + sizeof(struct ubsec_mcr) -
 778                     sizeof(struct ubsec_mcr_add));
 779                 bcopy(v, &q->q_dma->d_dma->d_mcradd[i], sizeof(struct ubsec_mcr_add));
 780                 q->q_stacked_mcr[i] = q2;
 781         }
 782         q->q_dma->d_dma->d_mcr.mcr_pkts = htole16(npkts);
 783         SIMPLEQ_INSERT_TAIL(&sc->sc_qchip, q, q_next);
 784         sc->sc_nqchip += npkts;
 785         if (sc->sc_nqchip > ubsecstats.hst_maxqchip)
 786                 ubsecstats.hst_maxqchip = sc->sc_nqchip;
 787         ubsec_dma_sync(&q->q_dma->d_alloc,
 788             BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
 789         WRITE_REG(sc, BS_MCR1, q->q_dma->d_alloc.dma_paddr +
 790             offsetof(struct ubsec_dmachunk, d_mcr));
 791         return;
 792
 793 feed1:
 794         q = SIMPLEQ_FIRST(&sc->sc_queue);
 795
 796         bus_dmamap_sync(sc->sc_dmat, q->q_src_map, BUS_DMASYNC_PREWRITE);
 797         if (q->q_dst_map != NULL)
 798                 bus_dmamap_sync(sc->sc_dmat, q->q_dst_map, BUS_DMASYNC_PREREAD);
 799         ubsec_dma_sync(&q->q_dma->d_alloc,
 800             BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
 801
 802         WRITE_REG(sc, BS_MCR1, q->q_dma->d_alloc.dma_paddr +
 803             offsetof(struct ubsec_dmachunk, d_mcr));
 804 #ifdef UBSEC_DEBUG
 805         if (ubsec_debug)
 806                 printf("feed1: q->chip %p %08x stat %08x\n",
 807                       q, (u_int32_t)vtophys(&q->q_dma->d_dma->d_mcr),
 808                       stat);
 809 #endif /* UBSEC_DEBUG */
 810         SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q, q_next);
 811         --sc->sc_nqueue;
 812         SIMPLEQ_INSERT_TAIL(&sc->sc_qchip, q, q_next);
 813         sc->sc_nqchip++;
 814         if (sc->sc_nqchip > ubsecstats.hst_maxqchip)
 815                 ubsecstats.hst_maxqchip = sc->sc_nqchip;
 816         return;
 817 }
 818
 819 /*
 820  * Allocate a new 'session' and return an encoded session id.  'sidp'
 821  * contains our registration id, and should contain an encoded session
 822  * id on successful allocation.
 823  */
 824 static int
 825 ubsec_newsession(void *arg, u_int32_t *sidp, struct cryptoini *cri)
 826 {
 827         struct cryptoini *c, *encini = NULL, *macini = NULL;
 828         struct ubsec_softc *sc = arg;
 829         struct ubsec_session *ses = NULL;
 830         MD5_CTX md5ctx;
 831         SHA1_CTX sha1ctx;
 832         int i, sesn;
 833
 834         KASSERT(sc != NULL, ("ubsec_newsession: null softc"));
 835         if (sidp == NULL || cri == NULL || sc == NULL)
 836                 return (EINVAL);
 837
 838         for (c = cri; c != NULL; c = c->cri_next) {
 839                 if (c->cri_alg == CRYPTO_MD5_HMAC ||
 840                     c->cri_alg == CRYPTO_SHA1_HMAC) {
 841                         if (macini)
 842                                 return (EINVAL);
 843                         macini = c;
 844                 } else if (c->cri_alg == CRYPTO_DES_CBC ||
 845                     c->cri_alg == CRYPTO_3DES_CBC) {
 846                         if (encini)
 847                                 return (EINVAL);
 848                         encini = c;
 849                 } else
 850                         return (EINVAL);
 851         }
 852         if (encini == NULL && macini == NULL)
 853                 return (EINVAL);
 854
 855         if (sc->sc_sessions == NULL) {
 856                 ses = sc->sc_sessions = malloc(sizeof(struct ubsec_session),
 857                                                 M_DEVBUF, M_INTWAIT);
 858                 sesn = 0;
 859                 sc->sc_nsessions = 1;
 860         } else {
 861                 for (sesn = 0; sesn < sc->sc_nsessions; sesn++) {
 862                         if (sc->sc_sessions[sesn].ses_used == 0) {
 863                                 ses = &sc->sc_sessions[sesn];
 864                                 break;
 865                         }
 866                 }
 867
 868                 if (ses == NULL) {
 869                         sesn = sc->sc_nsessions;
 870                         ses = malloc((sesn + 1) * sizeof(struct ubsec_session),
 871                                         M_DEVBUF, M_INTWAIT);
 872                         bcopy(sc->sc_sessions, ses, sesn *
 873                             sizeof(struct ubsec_session));
 874                         bzero(sc->sc_sessions, sesn *
 875                             sizeof(struct ubsec_session));
 876                         free(sc->sc_sessions, M_DEVBUF);
 877                         sc->sc_sessions = ses;
 878                         ses = &sc->sc_sessions[sesn];
 879                         sc->sc_nsessions++;
 880                 }
 881         }
 882
 883         bzero(ses, sizeof(struct ubsec_session));
 884         ses->ses_used = 1;
 885         if (encini) {
 886                 /* get an IV, network byte order */
 887                 /* XXX may read fewer than requested */
 888                 read_random(ses->ses_iv, sizeof(ses->ses_iv));
 889
 890                 /* Go ahead and compute key in ubsec's byte order */
 891                 if (encini->cri_alg == CRYPTO_DES_CBC) {
 892                         bcopy(encini->cri_key, &ses->ses_deskey[0], 8);
 893                         bcopy(encini->cri_key, &ses->ses_deskey[2], 8);
 894                         bcopy(encini->cri_key, &ses->ses_deskey[4], 8);
 895                 } else
 896                         bcopy(encini->cri_key, ses->ses_deskey, 24);
 897
 898                 SWAP32(ses->ses_deskey[0]);
 899                 SWAP32(ses->ses_deskey[1]);
 900                 SWAP32(ses->ses_deskey[2]);
 901                 SWAP32(ses->ses_deskey[3]);
 902                 SWAP32(ses->ses_deskey[4]);
 903                 SWAP32(ses->ses_deskey[5]);
 904         }
 905
 906         if (macini) {
 907                 for (i = 0; i < macini->cri_klen / 8; i++)
 908                         macini->cri_key[i] ^= HMAC_IPAD_VAL;
 909
 910                 if (macini->cri_alg == CRYPTO_MD5_HMAC) {
 911                         MD5Init(&md5ctx);
 912                         MD5Update(&md5ctx, macini->cri_key,
 913                             macini->cri_klen / 8);
 914                         MD5Update(&md5ctx, hmac_ipad_buffer,
 915                             HMAC_BLOCK_LEN - (macini->cri_klen / 8));
 916                         bcopy(md5ctx.state, ses->ses_hminner,
 917                             sizeof(md5ctx.state));
 918                 } else {
 919                         SHA1Init(&sha1ctx);
 920                         SHA1Update(&sha1ctx, macini->cri_key,
 921                             macini->cri_klen / 8);
 922                         SHA1Update(&sha1ctx, hmac_ipad_buffer,
 923                             HMAC_BLOCK_LEN - (macini->cri_klen / 8));
 924                         bcopy(sha1ctx.h.b32, ses->ses_hminner,
 925                             sizeof(sha1ctx.h.b32));
 926                 }
 927
 928                 for (i = 0; i < macini->cri_klen / 8; i++)
 929                         macini->cri_key[i] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
 930
 931                 if (macini->cri_alg == CRYPTO_MD5_HMAC) {
 932                         MD5Init(&md5ctx);
 933                         MD5Update(&md5ctx, macini->cri_key,
 934                             macini->cri_klen / 8);
 935                         MD5Update(&md5ctx, hmac_opad_buffer,
 936                             HMAC_BLOCK_LEN - (macini->cri_klen / 8));
 937                         bcopy(md5ctx.state, ses->ses_hmouter,
 938                             sizeof(md5ctx.state));
 939                 } else {
 940                         SHA1Init(&sha1ctx);
 941                         SHA1Update(&sha1ctx, macini->cri_key,
 942                             macini->cri_klen / 8);
 943                         SHA1Update(&sha1ctx, hmac_opad_buffer,
 944                             HMAC_BLOCK_LEN - (macini->cri_klen / 8));
 945                         bcopy(sha1ctx.h.b32, ses->ses_hmouter,
 946                             sizeof(sha1ctx.h.b32));
 947                 }
 948
 949                 for (i = 0; i < macini->cri_klen / 8; i++)
 950                         macini->cri_key[i] ^= HMAC_OPAD_VAL;
 951         }
 952
 953         *sidp = UBSEC_SID(device_get_unit(sc->sc_dev), sesn);
 954         return (0);
 955 }
 956
 957 /*
 958  * Deallocate a session.
 959  */
 960 static int
 961 ubsec_freesession(void *arg, u_int64_t tid)
 962 {
 963         struct ubsec_softc *sc = arg;
 964         int session;
 965         u_int32_t sid = ((u_int32_t) tid) & 0xffffffff;
 966
 967         KASSERT(sc != NULL, ("ubsec_freesession: null softc"));
 968         if (sc == NULL)
 969                 return (EINVAL);
 970
 971         session = UBSEC_SESSION(sid);
 972         if (session >= sc->sc_nsessions)
 973                 return (EINVAL);
 974
 975         bzero(&sc->sc_sessions[session], sizeof(sc->sc_sessions[session]));
 976         return (0);
 977 }
 978
 979 static void
 980 ubsec_op_cb(void *arg, bus_dma_segment_t *seg, int nsegs, bus_size_t mapsize, int error)
 981 {
 982         struct ubsec_operand *op = arg;
 983
 984         KASSERT(nsegs <= UBS_MAX_SCATTER,
 985                 ("Too many DMA segments returned when mapping operand"));
 986 #ifdef UBSEC_DEBUG
 987         if (ubsec_debug)
 988                 printf("ubsec_op_cb: mapsize %u nsegs %d\n",
 989                         (u_int) mapsize, nsegs);
 990 #endif
 991         op->mapsize = mapsize;
 992         op->nsegs = nsegs;
 993         bcopy(seg, op->segs, nsegs * sizeof (seg[0]));
 994 }
 995
 996 static int
 997 ubsec_process(void *arg, struct cryptop *crp, int hint)
 998 {
 999         struct ubsec_q *q = NULL;
1000         int err = 0, i, j, s, nicealign;
1001         struct ubsec_softc *sc = arg;
1002         struct cryptodesc *crd1, *crd2, *maccrd, *enccrd;
1003         int encoffset = 0, macoffset = 0, cpskip, cpoffset;
1004         int sskip, dskip, stheend, dtheend;
1005         int16_t coffset;
1006         struct ubsec_session *ses;
1007         struct ubsec_pktctx ctx;
1008         struct ubsec_dma *dmap = NULL;
1009
1010         if (crp == NULL || crp->crp_callback == NULL || sc == NULL) {
1011                 ubsecstats.hst_invalid++;
1012                 return (EINVAL);
1013         }
1014         if (UBSEC_SESSION(crp->crp_sid) >= sc->sc_nsessions) {
1015                 ubsecstats.hst_badsession++;
1016                 return (EINVAL);
1017         }
1018
1019         s = splimp();
1020
1021         if (SIMPLEQ_EMPTY(&sc->sc_freequeue)) {
1022                 ubsecstats.hst_queuefull++;
1023                 sc->sc_needwakeup |= CRYPTO_SYMQ;
1024                 splx(s);
1025                 return (ERESTART);
1026         }
1027         q = SIMPLEQ_FIRST(&sc->sc_freequeue);
1028         SIMPLEQ_REMOVE_HEAD(&sc->sc_freequeue, q, q_next);
1029         splx(s);
1030
1031         dmap = q->q_dma; /* Save dma pointer */
1032         bzero(q, sizeof(struct ubsec_q));
1033         bzero(&ctx, sizeof(ctx));
1034
1035         q->q_sesn = UBSEC_SESSION(crp->crp_sid);
1036         q->q_dma = dmap;
1037         ses = &sc->sc_sessions[q->q_sesn];
1038
1039         if (crp->crp_flags & CRYPTO_F_IMBUF) {
1040                 q->q_src_m = (struct mbuf *)crp->crp_buf;
1041                 q->q_dst_m = (struct mbuf *)crp->crp_buf;
1042         } else if (crp->crp_flags & CRYPTO_F_IOV) {
1043                 q->q_src_io = (struct uio *)crp->crp_buf;
1044                 q->q_dst_io = (struct uio *)crp->crp_buf;
1045         } else {
1046                 ubsecstats.hst_badflags++;
1047                 err = EINVAL;
1048                 goto errout;    /* XXX we don't handle contiguous blocks! */
1049         }
1050
1051         bzero(&dmap->d_dma->d_mcr, sizeof(struct ubsec_mcr));
1052
1053         dmap->d_dma->d_mcr.mcr_pkts = htole16(1);
1054         dmap->d_dma->d_mcr.mcr_flags = 0;
1055         q->q_crp = crp;
1056
1057         crd1 = crp->crp_desc;
1058         if (crd1 == NULL) {
1059                 ubsecstats.hst_nodesc++;
1060                 err = EINVAL;
1061                 goto errout;
1062         }
1063         crd2 = crd1->crd_next;
1064
1065         if (crd2 == NULL) {
1066                 if (crd1->crd_alg == CRYPTO_MD5_HMAC ||
1067                     crd1->crd_alg == CRYPTO_SHA1_HMAC) {
1068                         maccrd = crd1;
1069                         enccrd = NULL;
1070                 } else if (crd1->crd_alg == CRYPTO_DES_CBC ||
1071                     crd1->crd_alg == CRYPTO_3DES_CBC) {
1072                         maccrd = NULL;
1073                         enccrd = crd1;
1074                 } else {
1075                         ubsecstats.hst_badalg++;
1076                         err = EINVAL;
1077                         goto errout;
1078                 }
1079         } else {
1080                 if ((crd1->crd_alg == CRYPTO_MD5_HMAC ||
1081                     crd1->crd_alg == CRYPTO_SHA1_HMAC) &&
1082                     (crd2->crd_alg == CRYPTO_DES_CBC ||
1083                         crd2->crd_alg == CRYPTO_3DES_CBC) &&
1084                     ((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) {
1085                         maccrd = crd1;
1086                         enccrd = crd2;
1087                 } else if ((crd1->crd_alg == CRYPTO_DES_CBC ||
1088                     crd1->crd_alg == CRYPTO_3DES_CBC) &&
1089                     (crd2->crd_alg == CRYPTO_MD5_HMAC ||
1090                         crd2->crd_alg == CRYPTO_SHA1_HMAC) &&
1091                     (crd1->crd_flags & CRD_F_ENCRYPT)) {
1092                         enccrd = crd1;
1093                         maccrd = crd2;
1094                 } else {
1095                         /*
1096                          * We cannot order the ubsec as requested
1097                          */
1098                         ubsecstats.hst_badalg++;
1099                         err = EINVAL;
1100                         goto errout;
1101                 }
1102         }
1103
1104         if (enccrd) {
1105                 encoffset = enccrd->crd_skip;
1106                 ctx.pc_flags |= htole16(UBS_PKTCTX_ENC_3DES);
1107
1108                 if (enccrd->crd_flags & CRD_F_ENCRYPT) {
1109                         q->q_flags |= UBSEC_QFLAGS_COPYOUTIV;
1110
1111                         if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
1112                                 bcopy(enccrd->crd_iv, ctx.pc_iv, 8);
1113                         else {
1114                                 ctx.pc_iv[0] = ses->ses_iv[0];
1115                                 ctx.pc_iv[1] = ses->ses_iv[1];
1116                         }
1117
1118                         if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) {
1119                                 if (crp->crp_flags & CRYPTO_F_IMBUF)
1120                                         m_copyback(q->q_src_m,
1121                                             enccrd->crd_inject,
1122                                             8, (caddr_t)ctx.pc_iv);
1123                                 else if (crp->crp_flags & CRYPTO_F_IOV)
1124                                         cuio_copyback(q->q_src_io,
1125                                             enccrd->crd_inject,
1126                                             8, (caddr_t)ctx.pc_iv);
1127                         }
1128                 } else {
1129                         ctx.pc_flags |= htole16(UBS_PKTCTX_INBOUND);
1130
1131                         if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
1132                                 bcopy(enccrd->crd_iv, ctx.pc_iv, 8);
1133                         else if (crp->crp_flags & CRYPTO_F_IMBUF)
1134                                 m_copydata(q->q_src_m, enccrd->crd_inject,
1135                                     8, (caddr_t)ctx.pc_iv);
1136                         else if (crp->crp_flags & CRYPTO_F_IOV)
1137                                 cuio_copydata(q->q_src_io,
1138                                     enccrd->crd_inject, 8,
1139                                     (caddr_t)ctx.pc_iv);
1140                 }
1141
1142                 ctx.pc_deskey[0] = ses->ses_deskey[0];
1143                 ctx.pc_deskey[1] = ses->ses_deskey[1];
1144                 ctx.pc_deskey[2] = ses->ses_deskey[2];
1145                 ctx.pc_deskey[3] = ses->ses_deskey[3];
1146                 ctx.pc_deskey[4] = ses->ses_deskey[4];
1147                 ctx.pc_deskey[5] = ses->ses_deskey[5];
1148                 SWAP32(ctx.pc_iv[0]);
1149                 SWAP32(ctx.pc_iv[1]);
1150         }
1151
1152         if (maccrd) {
1153                 macoffset = maccrd->crd_skip;
1154
1155                 if (maccrd->crd_alg == CRYPTO_MD5_HMAC)
1156                         ctx.pc_flags |= htole16(UBS_PKTCTX_AUTH_MD5);
1157                 else
1158                         ctx.pc_flags |= htole16(UBS_PKTCTX_AUTH_SHA1);
1159
1160                 for (i = 0; i < 5; i++) {
1161                         ctx.pc_hminner[i] = ses->ses_hminner[i];
1162                         ctx.pc_hmouter[i] = ses->ses_hmouter[i];
1163
1164                         HTOLE32(ctx.pc_hminner[i]);
1165                         HTOLE32(ctx.pc_hmouter[i]);
1166                 }
1167         }
1168
1169         if (enccrd && maccrd) {
1170                 /*
1171                  * ubsec cannot handle packets where the end of encryption
1172                  * and authentication are not the same, or where the
1173                  * encrypted part begins before the authenticated part.
1174                  */
1175                 if ((encoffset + enccrd->crd_len) !=
1176                     (macoffset + maccrd->crd_len)) {
1177                         ubsecstats.hst_lenmismatch++;
1178                         err = EINVAL;
1179                         goto errout;
1180                 }
1181                 if (enccrd->crd_skip < maccrd->crd_skip) {
1182                         ubsecstats.hst_skipmismatch++;
1183                         err = EINVAL;
1184                         goto errout;
1185                 }
1186                 sskip = maccrd->crd_skip;
1187                 cpskip = dskip = enccrd->crd_skip;
1188                 stheend = maccrd->crd_len;
1189                 dtheend = enccrd->crd_len;
1190                 coffset = enccrd->crd_skip - maccrd->crd_skip;
1191                 cpoffset = cpskip + dtheend;
1192 #ifdef UBSEC_DEBUG
1193                 if (ubsec_debug) {
1194                         printf("mac: skip %d, len %d, inject %d\n",
1195                             maccrd->crd_skip, maccrd->crd_len, maccrd->crd_inject);
1196                         printf("enc: skip %d, len %d, inject %d\n",
1197                             enccrd->crd_skip, enccrd->crd_len, enccrd->crd_inject);
1198                         printf("src: skip %d, len %d\n", sskip, stheend);
1199                         printf("dst: skip %d, len %d\n", dskip, dtheend);
1200                         printf("ubs: coffset %d, pktlen %d, cpskip %d, cpoffset %d\n",
1201                             coffset, stheend, cpskip, cpoffset);
1202                 }
1203 #endif
1204         } else {
1205                 cpskip = dskip = sskip = macoffset + encoffset;
1206                 dtheend = stheend = (enccrd)?enccrd->crd_len:maccrd->crd_len;
1207                 cpoffset = cpskip + dtheend;
1208                 coffset = 0;
1209         }
1210         ctx.pc_offset = htole16(coffset >> 2);
1211
1212         if (bus_dmamap_create(sc->sc_dmat, BUS_DMA_NOWAIT, &q->q_src_map)) {
1213                 ubsecstats.hst_nomap++;
1214                 err = ENOMEM;
1215                 goto errout;
1216         }
1217         if (crp->crp_flags & CRYPTO_F_IMBUF) {
1218                 if (bus_dmamap_load_mbuf(sc->sc_dmat, q->q_src_map,
1219                     q->q_src_m, ubsec_op_cb, &q->q_src, BUS_DMA_NOWAIT) != 0) {
1220                         bus_dmamap_destroy(sc->sc_dmat, q->q_src_map);
1221                         q->q_src_map = NULL;
1222                         ubsecstats.hst_noload++;
1223                         err = ENOMEM;
1224                         goto errout;
1225                 }
1226         } else if (crp->crp_flags & CRYPTO_F_IOV) {
1227                 if (bus_dmamap_load_uio(sc->sc_dmat, q->q_src_map,
1228                     q->q_src_io, ubsec_op_cb, &q->q_src, BUS_DMA_NOWAIT) != 0) {
1229                         bus_dmamap_destroy(sc->sc_dmat, q->q_src_map);
1230                         q->q_src_map = NULL;
1231                         ubsecstats.hst_noload++;
1232                         err = ENOMEM;
1233                         goto errout;
1234                 }
1235         }
1236         nicealign = ubsec_dmamap_aligned(&q->q_src);
1237
1238         dmap->d_dma->d_mcr.mcr_pktlen = htole16(stheend);
1239
1240 #ifdef UBSEC_DEBUG
1241         if (ubsec_debug)
1242                 printf("src skip: %d nicealign: %u\n", sskip, nicealign);
1243 #endif
1244         for (i = j = 0; i < q->q_src_nsegs; i++) {
1245                 struct ubsec_pktbuf *pb;
1246                 bus_size_t packl = q->q_src_segs[i].ds_len;
1247                 bus_addr_t packp = q->q_src_segs[i].ds_addr;
1248
1249                 if (sskip >= packl) {
1250                         sskip -= packl;
1251                         continue;
1252                 }
1253
1254                 packl -= sskip;
1255                 packp += sskip;
1256                 sskip = 0;
1257
1258                 if (packl > 0xfffc) {
1259                         err = EIO;
1260                         goto errout;
1261                 }
1262
1263                 if (j == 0)
1264                         pb = &dmap->d_dma->d_mcr.mcr_ipktbuf;
1265                 else
1266                         pb = &dmap->d_dma->d_sbuf[j - 1];
1267
1268                 pb->pb_addr = htole32(packp);
1269
1270                 if (stheend) {
1271                         if (packl > stheend) {
1272                                 pb->pb_len = htole32(stheend);
1273                                 stheend = 0;
1274                         } else {
1275                                 pb->pb_len = htole32(packl);
1276                                 stheend -= packl;
1277                         }
1278                 } else
1279                         pb->pb_len = htole32(packl);
1280
1281                 if ((i + 1) == q->q_src_nsegs)
1282                         pb->pb_next = 0;
1283                 else
1284                         pb->pb_next = htole32(dmap->d_alloc.dma_paddr +
1285                             offsetof(struct ubsec_dmachunk, d_sbuf[j]));
1286                 j++;
1287         }
1288
1289         if (enccrd == NULL && maccrd != NULL) {
1290                 dmap->d_dma->d_mcr.mcr_opktbuf.pb_addr = 0;
1291                 dmap->d_dma->d_mcr.mcr_opktbuf.pb_len = 0;
1292                 dmap->d_dma->d_mcr.mcr_opktbuf.pb_next = htole32(dmap->d_alloc.dma_paddr +
1293                     offsetof(struct ubsec_dmachunk, d_macbuf[0]));
1294 #ifdef UBSEC_DEBUG
1295                 if (ubsec_debug)
1296                         printf("opkt: %x %x %x\n",
1297                             dmap->d_dma->d_mcr.mcr_opktbuf.pb_addr,
1298                             dmap->d_dma->d_mcr.mcr_opktbuf.pb_len,
1299                             dmap->d_dma->d_mcr.mcr_opktbuf.pb_next);
1300 #endif
1301         } else {
1302                 if (crp->crp_flags & CRYPTO_F_IOV) {
1303                         if (!nicealign) {
1304                                 ubsecstats.hst_iovmisaligned++;
1305                                 err = EINVAL;
1306                                 goto errout;
1307                         }
1308                         if (bus_dmamap_create(sc->sc_dmat, BUS_DMA_NOWAIT,
1309                              &q->q_dst_map)) {
1310                                 ubsecstats.hst_nomap++;
1311                                 err = ENOMEM;
1312                                 goto errout;
1313                         }
1314                         if (bus_dmamap_load_uio(sc->sc_dmat, q->q_dst_map,
1315                             q->q_dst_io, ubsec_op_cb, &q->q_dst, BUS_DMA_NOWAIT) != 0) {
1316                                 bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map);
1317                                 q->q_dst_map = NULL;
1318                                 ubsecstats.hst_noload++;
1319                                 err = ENOMEM;
1320                                 goto errout;
1321                         }
1322                 } else if (crp->crp_flags & CRYPTO_F_IMBUF) {
1323                         if (nicealign) {
1324                                 q->q_dst = q->q_src;
1325                         } else {
1326                                 int totlen, len;
1327                                 struct mbuf *m, *top, **mp;
1328
1329                                 ubsecstats.hst_unaligned++;
1330                                 totlen = q->q_src_mapsize;
1331                                 if (q->q_src_m->m_flags & M_PKTHDR) {
1332                                         len = MHLEN;
1333                                         MGETHDR(m, MB_DONTWAIT, MT_DATA);
1334                                         if (m && !m_dup_pkthdr(m, q->q_src_m, MB_DONTWAIT)) {
1335                                                 m_free(m);
1336                                                 m = NULL;
1337                                         }
1338                                 } else {
1339                                         len = MLEN;
1340                                         MGET(m, MB_DONTWAIT, MT_DATA);
1341                                 }
1342                                 if (m == NULL) {
1343                                         ubsecstats.hst_nombuf++;
1344                                         err = sc->sc_nqueue ? ERESTART : ENOMEM;
1345                                         goto errout;
1346                                 }
1347                                 if (totlen >= MINCLSIZE) {
1348                                         MCLGET(m, MB_DONTWAIT);
1349                                         if ((m->m_flags & M_EXT) == 0) {
1350                                                 m_free(m);
1351                                                 ubsecstats.hst_nomcl++;
1352                                                 err = sc->sc_nqueue ? ERESTART : ENOMEM;
1353                                                 goto errout;
1354                                         }
1355                                         len = MCLBYTES;
1356                                 }
1357                                 m->m_len = len;
1358                                 top = NULL;
1359                                 mp = &top;
1360
1361                                 while (totlen > 0) {
1362                                         if (top) {
1363                                                 MGET(m, MB_DONTWAIT, MT_DATA);
1364                                                 if (m == NULL) {
1365                                                         m_freem(top);
1366                                                         ubsecstats.hst_nombuf++;
1367                                                         err = sc->sc_nqueue ? ERESTART : ENOMEM;
1368                                                         goto errout;
1369                                                 }
1370                                                 len = MLEN;
1371                                         }
1372                                         if (top && totlen >= MINCLSIZE) {
1373                                                 MCLGET(m, MB_DONTWAIT);
1374                                                 if ((m->m_flags & M_EXT) == 0) {
1375                                                         *mp = m;
1376                                                         m_freem(top);
1377                                                         ubsecstats.hst_nomcl++;
1378                                                         err = sc->sc_nqueue ? ERESTART : ENOMEM;
1379                                                         goto errout;
1380                                                 }
1381                                                 len = MCLBYTES;
1382                                         }
1383                                         m->m_len = len = min(totlen, len);
1384                                         totlen -= len;
1385                                         *mp = m;
1386                                         mp = &m->m_next;
1387                                 }
1388                                 q->q_dst_m = top;
1389                                 ubsec_mcopy(q->q_src_m, q->q_dst_m,
1390                                     cpskip, cpoffset);
1391                                 if (bus_dmamap_create(sc->sc_dmat,
1392                                     BUS_DMA_NOWAIT, &q->q_dst_map) != 0) {
1393                                         ubsecstats.hst_nomap++;
1394                                         err = ENOMEM;
1395                                         goto errout;
1396                                 }
1397                                 if (bus_dmamap_load_mbuf(sc->sc_dmat,
1398                                     q->q_dst_map, q->q_dst_m,
1399                                     ubsec_op_cb, &q->q_dst,
1400                                     BUS_DMA_NOWAIT) != 0) {
1401                                         bus_dmamap_destroy(sc->sc_dmat,
1402                                         q->q_dst_map);
1403                                         q->q_dst_map = NULL;
1404                                         ubsecstats.hst_noload++;
1405                                         err = ENOMEM;
1406                                         goto errout;
1407                                 }
1408                         }
1409                 } else {
1410                         ubsecstats.hst_badflags++;
1411                         err = EINVAL;
1412                         goto errout;
1413                 }
1414
1415 #ifdef UBSEC_DEBUG
1416                 if (ubsec_debug)
1417                         printf("dst skip: %d\n", dskip);
1418 #endif
1419                 for (i = j = 0; i < q->q_dst_nsegs; i++) {
1420                         struct ubsec_pktbuf *pb;
1421                         bus_size_t packl = q->q_dst_segs[i].ds_len;
1422                         bus_addr_t packp = q->q_dst_segs[i].ds_addr;
1423
1424                         if (dskip >= packl) {
1425                                 dskip -= packl;
1426                                 continue;
1427                         }
1428
1429                         packl -= dskip;
1430                         packp += dskip;
1431                         dskip = 0;
1432
1433                         if (packl > 0xfffc) {
1434                                 err = EIO;
1435                                 goto errout;
1436                         }
1437
1438                         if (j == 0)
1439                                 pb = &dmap->d_dma->d_mcr.mcr_opktbuf;
1440                         else
1441                                 pb = &dmap->d_dma->d_dbuf[j - 1];
1442
1443                         pb->pb_addr = htole32(packp);
1444
1445                         if (dtheend) {
1446                                 if (packl > dtheend) {
1447                                         pb->pb_len = htole32(dtheend);
1448                                         dtheend = 0;
1449                                 } else {
1450                                         pb->pb_len = htole32(packl);
1451                                         dtheend -= packl;
1452                                 }
1453                         } else
1454                                 pb->pb_len = htole32(packl);
1455
1456                         if ((i + 1) == q->q_dst_nsegs) {
1457                                 if (maccrd)
1458                                         pb->pb_next = htole32(dmap->d_alloc.dma_paddr +
1459                                             offsetof(struct ubsec_dmachunk, d_macbuf[0]));
1460                                 else
1461                                         pb->pb_next = 0;
1462                         } else
1463                                 pb->pb_next = htole32(dmap->d_alloc.dma_paddr +
1464                                     offsetof(struct ubsec_dmachunk, d_dbuf[j]));
1465                         j++;
1466                 }
1467         }
1468
1469         dmap->d_dma->d_mcr.mcr_cmdctxp = htole32(dmap->d_alloc.dma_paddr +
1470             offsetof(struct ubsec_dmachunk, d_ctx));
1471
1472         if (sc->sc_flags & UBS_FLAGS_LONGCTX) {
1473                 struct ubsec_pktctx_long *ctxl;
1474
1475                 ctxl = (struct ubsec_pktctx_long *)(dmap->d_alloc.dma_vaddr +
1476                     offsetof(struct ubsec_dmachunk, d_ctx));
1477
1478                 /* transform small context into long context */
1479                 ctxl->pc_len = htole16(sizeof(struct ubsec_pktctx_long));
1480                 ctxl->pc_type = htole16(UBS_PKTCTX_TYPE_IPSEC);
1481                 ctxl->pc_flags = ctx.pc_flags;
1482                 ctxl->pc_offset = ctx.pc_offset;
1483                 for (i = 0; i < 6; i++)
1484                         ctxl->pc_deskey[i] = ctx.pc_deskey[i];
1485                 for (i = 0; i < 5; i++)
1486                         ctxl->pc_hminner[i] = ctx.pc_hminner[i];
1487                 for (i = 0; i < 5; i++)
1488                         ctxl->pc_hmouter[i] = ctx.pc_hmouter[i];
1489                 ctxl->pc_iv[0] = ctx.pc_iv[0];
1490                 ctxl->pc_iv[1] = ctx.pc_iv[1];
1491         } else
1492                 bcopy(&ctx, dmap->d_alloc.dma_vaddr +
1493                     offsetof(struct ubsec_dmachunk, d_ctx),
1494                     sizeof(struct ubsec_pktctx));
1495
1496         s = splimp();
1497         SIMPLEQ_INSERT_TAIL(&sc->sc_queue, q, q_next);
1498         sc->sc_nqueue++;
1499         ubsecstats.hst_ipackets++;
1500         ubsecstats.hst_ibytes += dmap->d_alloc.dma_size;
1501         if ((hint & CRYPTO_HINT_MORE) == 0 || sc->sc_nqueue >= UBS_MAX_AGGR)
1502                 ubsec_feed(sc);
1503         splx(s);
1504         return (0);
1505
1506 errout:
1507         if (q != NULL) {
1508                 if ((q->q_dst_m != NULL) && (q->q_src_m != q->q_dst_m))
1509                         m_freem(q->q_dst_m);
1510
1511                 if (q->q_dst_map != NULL && q->q_dst_map != q->q_src_map) {
1512                         bus_dmamap_unload(sc->sc_dmat, q->q_dst_map);
1513                         bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map);
1514                 }
1515                 if (q->q_src_map != NULL) {
1516                         bus_dmamap_unload(sc->sc_dmat, q->q_src_map);
1517                         bus_dmamap_destroy(sc->sc_dmat, q->q_src_map);
1518                 }
1519
1520                 s = splimp();
1521                 SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next);
1522                 splx(s);
1523         }
1524         if (err != ERESTART) {
1525                 crp->crp_etype = err;
1526                 crypto_done(crp);
1527         } else {
1528                 sc->sc_needwakeup |= CRYPTO_SYMQ;
1529         }
1530         return (err);
1531 }
1532
1533 static void
1534 ubsec_callback(struct ubsec_softc *sc, struct ubsec_q *q)
1535 {
1536         struct cryptop *crp = (struct cryptop *)q->q_crp;
1537         struct cryptodesc *crd;
1538         struct ubsec_dma *dmap = q->q_dma;
1539
1540         ubsecstats.hst_opackets++;
1541         ubsecstats.hst_obytes += dmap->d_alloc.dma_size;
1542
1543         ubsec_dma_sync(&dmap->d_alloc,
1544             BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE);
1545         if (q->q_dst_map != NULL && q->q_dst_map != q->q_src_map) {
1546                 bus_dmamap_sync(sc->sc_dmat, q->q_dst_map,
1547                     BUS_DMASYNC_POSTREAD);
1548                 bus_dmamap_unload(sc->sc_dmat, q->q_dst_map);
1549                 bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map);
1550         }
1551         bus_dmamap_sync(sc->sc_dmat, q->q_src_map, BUS_DMASYNC_POSTWRITE);
1552         bus_dmamap_unload(sc->sc_dmat, q->q_src_map);
1553         bus_dmamap_destroy(sc->sc_dmat, q->q_src_map);
1554
1555         if ((crp->crp_flags & CRYPTO_F_IMBUF) && (q->q_src_m != q->q_dst_m)) {
1556                 m_freem(q->q_src_m);
1557                 crp->crp_buf = (caddr_t)q->q_dst_m;
1558         }
1559         ubsecstats.hst_obytes += ((struct mbuf *)crp->crp_buf)->m_len;
1560
1561         /* copy out IV for future use */
1562         if (q->q_flags & UBSEC_QFLAGS_COPYOUTIV) {
1563                 for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
1564                         if (crd->crd_alg != CRYPTO_DES_CBC &&
1565                             crd->crd_alg != CRYPTO_3DES_CBC)
1566                                 continue;
1567                         if (crp->crp_flags & CRYPTO_F_IMBUF)
1568                                 m_copydata((struct mbuf *)crp->crp_buf,
1569                                     crd->crd_skip + crd->crd_len - 8, 8,
1570                                     (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv);
1571                         else if (crp->crp_flags & CRYPTO_F_IOV) {
1572                                 cuio_copydata((struct uio *)crp->crp_buf,
1573                                     crd->crd_skip + crd->crd_len - 8, 8,
1574                                     (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv);
1575                         }
1576                         break;
1577                 }
1578         }
1579
1580         for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
1581                 if (crd->crd_alg != CRYPTO_MD5_HMAC &&
1582                     crd->crd_alg != CRYPTO_SHA1_HMAC)
1583                         continue;
1584                 if (crp->crp_flags & CRYPTO_F_IMBUF)
1585                         m_copyback((struct mbuf *)crp->crp_buf,
1586                             crd->crd_inject, 12,
1587                             (caddr_t)dmap->d_dma->d_macbuf);
1588                 else if (crp->crp_flags & CRYPTO_F_IOV && crp->crp_mac)
1589                         bcopy((caddr_t)dmap->d_dma->d_macbuf,
1590                             crp->crp_mac, 12);
1591                 break;
1592         }
1593         SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next);
1594         crypto_done(crp);
1595 }
1596
1597 static void
1598 ubsec_mcopy(struct mbuf *srcm, struct mbuf *dstm, int hoffset, int toffset)
1599 {
1600         int i, j, dlen, slen;
1601         caddr_t dptr, sptr;
1602
1603         j = 0;
1604         sptr = srcm->m_data;
1605         slen = srcm->m_len;
1606         dptr = dstm->m_data;
1607         dlen = dstm->m_len;
1608
1609         while (1) {
1610                 for (i = 0; i < min(slen, dlen); i++) {
1611                         if (j < hoffset || j >= toffset)
1612                                 *dptr++ = *sptr++;
1613                         slen--;
1614                         dlen--;
1615                         j++;
1616                 }
1617                 if (slen == 0) {
1618                         srcm = srcm->m_next;
1619                         if (srcm == NULL)
1620                                 return;
1621                         sptr = srcm->m_data;
1622                         slen = srcm->m_len;
1623                 }
1624                 if (dlen == 0) {
1625                         dstm = dstm->m_next;
1626                         if (dstm == NULL)
1627                                 return;
1628                         dptr = dstm->m_data;
1629                         dlen = dstm->m_len;
1630                 }
1631         }
1632 }
1633
1634 /*
1635  * feed the key generator, must be called at splimp() or higher.
1636  */
1637 static int
1638 ubsec_feed2(struct ubsec_softc *sc)
1639 {
1640         struct ubsec_q2 *q;
1641
1642         while (!SIMPLEQ_EMPTY(&sc->sc_queue2)) {
1643                 if (READ_REG(sc, BS_STAT) & BS_STAT_MCR2_FULL)
1644                         break;
1645                 q = SIMPLEQ_FIRST(&sc->sc_queue2);
1646
1647                 ubsec_dma_sync(&q->q_mcr,
1648                     BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
1649                 ubsec_dma_sync(&q->q_ctx, BUS_DMASYNC_PREWRITE);
1650
1651                 WRITE_REG(sc, BS_MCR2, q->q_mcr.dma_paddr);
1652                 SIMPLEQ_REMOVE_HEAD(&sc->sc_queue2, q, q_next);
1653                 --sc->sc_nqueue2;
1654                 SIMPLEQ_INSERT_TAIL(&sc->sc_qchip2, q, q_next);
1655         }
1656         return (0);
1657 }
1658
1659 /*
1660  * Callback for handling random numbers
1661  */
1662 static void
1663 ubsec_callback2(struct ubsec_softc *sc, struct ubsec_q2 *q)
1664 {
1665         struct cryptkop *krp;
1666         struct ubsec_ctx_keyop *ctx;
1667
1668         ctx = (struct ubsec_ctx_keyop *)q->q_ctx.dma_vaddr;
1669         ubsec_dma_sync(&q->q_ctx, BUS_DMASYNC_POSTWRITE);
1670
1671         switch (q->q_type) {
1672 #ifndef UBSEC_NO_RNG
1673         case UBS_CTXOP_RNGBYPASS: {
1674                 struct ubsec_q2_rng *rng = (struct ubsec_q2_rng *)q;
1675
1676                 ubsec_dma_sync(&rng->rng_buf, BUS_DMASYNC_POSTREAD);
1677                 (*sc->sc_harvest)(sc->sc_rndtest,
1678                         rng->rng_buf.dma_vaddr,
1679                         UBSEC_RNG_BUFSIZ*sizeof (u_int32_t));
1680                 rng->rng_used = 0;
1681                 callout_reset(&sc->sc_rngto, sc->sc_rnghz, ubsec_rng, sc);
1682                 break;
1683         }
1684 #endif
1685         case UBS_CTXOP_MODEXP: {
1686                 struct ubsec_q2_modexp *me = (struct ubsec_q2_modexp *)q;
1687                 u_int rlen, clen;
1688
1689                 krp = me->me_krp;
1690                 rlen = (me->me_modbits + 7) / 8;
1691                 clen = (krp->krp_param[krp->krp_iparams].crp_nbits + 7) / 8;
1692
1693                 ubsec_dma_sync(&me->me_M, BUS_DMASYNC_POSTWRITE);
1694                 ubsec_dma_sync(&me->me_E, BUS_DMASYNC_POSTWRITE);
1695                 ubsec_dma_sync(&me->me_C, BUS_DMASYNC_POSTREAD);
1696                 ubsec_dma_sync(&me->me_epb, BUS_DMASYNC_POSTWRITE);
1697
1698                 if (clen < rlen)
1699                         krp->krp_status = E2BIG;
1700                 else {
1701                         if (sc->sc_flags & UBS_FLAGS_HWNORM) {
1702                                 bzero(krp->krp_param[krp->krp_iparams].crp_p,
1703                                     (krp->krp_param[krp->krp_iparams].crp_nbits
1704                                         + 7) / 8);
1705                                 bcopy(me->me_C.dma_vaddr,
1706                                     krp->krp_param[krp->krp_iparams].crp_p,
1707                                     (me->me_modbits + 7) / 8);
1708                         } else
1709                                 ubsec_kshift_l(me->me_shiftbits,
1710                                     me->me_C.dma_vaddr, me->me_normbits,
1711                                     krp->krp_param[krp->krp_iparams].crp_p,
1712                                     krp->krp_param[krp->krp_iparams].crp_nbits);
1713                 }
1714
1715                 crypto_kdone(krp);
1716
1717                 /* bzero all potentially sensitive data */
1718                 bzero(me->me_E.dma_vaddr, me->me_E.dma_size);
1719                 bzero(me->me_M.dma_vaddr, me->me_M.dma_size);
1720                 bzero(me->me_C.dma_vaddr, me->me_C.dma_size);
1721                 bzero(me->me_q.q_ctx.dma_vaddr, me->me_q.q_ctx.dma_size);
1722
1723                 /* Can't free here, so put us on the free list. */
1724                 SIMPLEQ_INSERT_TAIL(&sc->sc_q2free, &me->me_q, q_next);
1725                 break;
1726         }
1727         case UBS_CTXOP_RSAPRIV: {
1728                 struct ubsec_q2_rsapriv *rp = (struct ubsec_q2_rsapriv *)q;
1729                 u_int len;
1730
1731                 krp = rp->rpr_krp;
1732                 ubsec_dma_sync(&rp->rpr_msgin, BUS_DMASYNC_POSTWRITE);
1733                 ubsec_dma_sync(&rp->rpr_msgout, BUS_DMASYNC_POSTREAD);
1734
1735                 len = (krp->krp_param[UBS_RSAPRIV_PAR_MSGOUT].crp_nbits + 7) / 8;
1736                 bcopy(rp->rpr_msgout.dma_vaddr,
1737                     krp->krp_param[UBS_RSAPRIV_PAR_MSGOUT].crp_p, len);
1738
1739                 crypto_kdone(krp);
1740
1741                 bzero(rp->rpr_msgin.dma_vaddr, rp->rpr_msgin.dma_size);
1742                 bzero(rp->rpr_msgout.dma_vaddr, rp->rpr_msgout.dma_size);
1743                 bzero(rp->rpr_q.q_ctx.dma_vaddr, rp->rpr_q.q_ctx.dma_size);
1744
1745                 /* Can't free here, so put us on the free list. */
1746                 SIMPLEQ_INSERT_TAIL(&sc->sc_q2free, &rp->rpr_q, q_next);
1747                 break;
1748         }
1749         default:
1750                 device_printf(sc->sc_dev, "unknown ctx op: %x\n",
1751                     letoh16(ctx->ctx_op));
1752                 break;
1753         }
1754 }
1755
1756 #ifndef UBSEC_NO_RNG
1757 static void
1758 ubsec_rng(void *vsc)
1759 {
1760         struct ubsec_softc *sc = vsc;
1761         struct ubsec_q2_rng *rng = &sc->sc_rng;
1762         struct ubsec_mcr *mcr;
1763         struct ubsec_ctx_rngbypass *ctx;
1764         int s;
1765
1766         s = splimp();
1767         if (rng->rng_used) {
1768                 splx(s);
1769                 return;
1770         }
1771         sc->sc_nqueue2++;
1772         if (sc->sc_nqueue2 >= UBS_MAX_NQUEUE)
1773                 goto out;
1774
1775         mcr = (struct ubsec_mcr *)rng->rng_q.q_mcr.dma_vaddr;
1776         ctx = (struct ubsec_ctx_rngbypass *)rng->rng_q.q_ctx.dma_vaddr;
1777
1778         mcr->mcr_pkts = htole16(1);
1779         mcr->mcr_flags = 0;
1780         mcr->mcr_cmdctxp = htole32(rng->rng_q.q_ctx.dma_paddr);
1781         mcr->mcr_ipktbuf.pb_addr = mcr->mcr_ipktbuf.pb_next = 0;
1782         mcr->mcr_ipktbuf.pb_len = 0;
1783         mcr->mcr_reserved = mcr->mcr_pktlen = 0;
1784         mcr->mcr_opktbuf.pb_addr = htole32(rng->rng_buf.dma_paddr);
1785         mcr->mcr_opktbuf.pb_len = htole32(((sizeof(u_int32_t) * UBSEC_RNG_BUFSIZ)) &
1786             UBS_PKTBUF_LEN);
1787         mcr->mcr_opktbuf.pb_next = 0;
1788
1789         ctx->rbp_len = htole16(sizeof(struct ubsec_ctx_rngbypass));
1790         ctx->rbp_op = htole16(UBS_CTXOP_RNGBYPASS);
1791         rng->rng_q.q_type = UBS_CTXOP_RNGBYPASS;
1792
1793         ubsec_dma_sync(&rng->rng_buf, BUS_DMASYNC_PREREAD);
1794
1795         SIMPLEQ_INSERT_TAIL(&sc->sc_queue2, &rng->rng_q, q_next);
1796         rng->rng_used = 1;
1797         ubsec_feed2(sc);
1798         ubsecstats.hst_rng++;
1799         splx(s);
1800
1801         return;
1802
1803 out:
1804         /*
1805          * Something weird happened, generate our own call back.
1806          */
1807         sc->sc_nqueue2--;
1808         splx(s);
1809         callout_reset(&sc->sc_rngto, sc->sc_rnghz, ubsec_rng, sc);
1810 }
1811 #endif /* UBSEC_NO_RNG */
1812
1813 static void
1814 ubsec_dmamap_cb(void *arg, bus_dma_segment_t *segs, int nseg, int error)
1815 {
1816         bus_addr_t *paddr = (bus_addr_t*) arg;
1817         *paddr = segs->ds_addr;
1818 }
1819
1820 static int
1821 ubsec_dma_malloc(
1822         struct ubsec_softc *sc,
1823         bus_size_t size,
1824         struct ubsec_dma_alloc *dma,
1825         int mapflags
1826 )
1827 {
1828         int r;
1829
1830         /* XXX could specify sc_dmat as parent but that just adds overhead */
1831         r = bus_dma_tag_create(NULL,                    /* parent */
1832                                1, 0,                    /* alignment, bounds */
1833                                BUS_SPACE_MAXADDR_32BIT, /* lowaddr */
1834                                BUS_SPACE_MAXADDR,       /* highaddr */
1835                                NULL, NULL,              /* filter, filterarg */
1836                                size,                    /* maxsize */
1837                                1,                       /* nsegments */
1838                                size,                    /* maxsegsize */
1839                                BUS_DMA_ALLOCNOW,        /* flags */
1840                                &dma->dma_tag);
1841         if (r != 0) {
1842                 device_printf(sc->sc_dev, "ubsec_dma_malloc: "
1843                         "bus_dma_tag_create failed; error %u\n", r);
1844                 goto fail_0;
1845         }
1846
1847         r = bus_dmamap_create(dma->dma_tag, BUS_DMA_NOWAIT, &dma->dma_map);
1848         if (r != 0) {
1849                 device_printf(sc->sc_dev, "ubsec_dma_malloc: "
1850                         "bus_dmamap_create failed; error %u\n", r);
1851                 goto fail_1;
1852         }
1853
1854         r = bus_dmamem_alloc(dma->dma_tag, (void**) &dma->dma_vaddr,
1855                              BUS_DMA_NOWAIT, &dma->dma_map);
1856         if (r != 0) {
1857                 device_printf(sc->sc_dev, "ubsec_dma_malloc: "
1858                         "bus_dmammem_alloc failed; size %u, error %u\n",
1859                         size, r);
1860                 goto fail_2;
1861         }
1862
1863         r = bus_dmamap_load(dma->dma_tag, dma->dma_map, dma->dma_vaddr,
1864                             size,
1865                             ubsec_dmamap_cb,
1866                             &dma->dma_paddr,
1867                             mapflags | BUS_DMA_NOWAIT);
1868         if (r != 0) {
1869                 device_printf(sc->sc_dev, "ubsec_dma_malloc: "
1870                         "bus_dmamap_load failed; error %u\n", r);
1871                 goto fail_3;
1872         }
1873
1874         dma->dma_size = size;
1875         return (0);
1876
1877 fail_3:
1878         bus_dmamap_unload(dma->dma_tag, dma->dma_map);
1879 fail_2:
1880         bus_dmamem_free(dma->dma_tag, dma->dma_vaddr, dma->dma_map);
1881 fail_1:
1882         bus_dmamap_destroy(dma->dma_tag, dma->dma_map);
1883         bus_dma_tag_destroy(dma->dma_tag);
1884 fail_0:
1885         dma->dma_map = NULL;
1886         dma->dma_tag = NULL;
1887         return (r);
1888 }
1889
1890 static void
1891 ubsec_dma_free(struct ubsec_softc *sc, struct ubsec_dma_alloc *dma)
1892 {
1893         bus_dmamap_unload(dma->dma_tag, dma->dma_map);
1894         bus_dmamem_free(dma->dma_tag, dma->dma_vaddr, dma->dma_map);
1895         bus_dmamap_destroy(dma->dma_tag, dma->dma_map);
1896         bus_dma_tag_destroy(dma->dma_tag);
1897 }
1898
1899 /*
1900  * Resets the board.  Values in the regesters are left as is
1901  * from the reset (i.e. initial values are assigned elsewhere).
1902  */
1903 static void
1904 ubsec_reset_board(struct ubsec_softc *sc)
1905 {
1906     volatile u_int32_t ctrl;
1907
1908     ctrl = READ_REG(sc, BS_CTRL);
1909     ctrl |= BS_CTRL_RESET;
1910     WRITE_REG(sc, BS_CTRL, ctrl);
1911
1912     /*
1913      * Wait aprox. 30 PCI clocks = 900 ns = 0.9 us
1914      */
1915     DELAY(10);
1916 }
1917
1918 /*
1919  * Init Broadcom registers
1920  */
1921 static void
1922 ubsec_init_board(struct ubsec_softc *sc)
1923 {
1924         u_int32_t ctrl;
1925
1926         ctrl = READ_REG(sc, BS_CTRL);
1927         ctrl &= ~(BS_CTRL_BE32 | BS_CTRL_BE64);
1928         ctrl |= BS_CTRL_LITTLE_ENDIAN | BS_CTRL_MCR1INT;
1929
1930         if (sc->sc_flags & (UBS_FLAGS_KEY|UBS_FLAGS_RNG))
1931                 ctrl |= BS_CTRL_MCR2INT;
1932         else
1933                 ctrl &= ~BS_CTRL_MCR2INT;
1934
1935         if (sc->sc_flags & UBS_FLAGS_HWNORM)
1936                 ctrl &= ~BS_CTRL_SWNORM;
1937
1938         WRITE_REG(sc, BS_CTRL, ctrl);
1939 }
1940
1941 /*
1942  * Init Broadcom PCI registers
1943  */
1944 static void
1945 ubsec_init_pciregs(device_t dev)
1946 {
1947 #if 0
1948         u_int32_t misc;
1949
1950         misc = pci_conf_read(pc, pa->pa_tag, BS_RTY_TOUT);
1951         misc = (misc & ~(UBS_PCI_RTY_MASK << UBS_PCI_RTY_SHIFT))
1952             | ((UBS_DEF_RTY & 0xff) << UBS_PCI_RTY_SHIFT);
1953         misc = (misc & ~(UBS_PCI_TOUT_MASK << UBS_PCI_TOUT_SHIFT))
1954             | ((UBS_DEF_TOUT & 0xff) << UBS_PCI_TOUT_SHIFT);
1955         pci_conf_write(pc, pa->pa_tag, BS_RTY_TOUT, misc);
1956 #endif
1957
1958         /*
1959          * This will set the cache line size to 1, this will
1960          * force the BCM58xx chip just to do burst read/writes.
1961          * Cache line read/writes are to slow
1962          */
1963         pci_write_config(dev, PCIR_CACHELNSZ, UBS_DEF_CACHELINE, 1);
1964 }
1965
1966 /*
1967  * Clean up after a chip crash.
1968  * It is assumed that the caller in splimp()
1969  */
1970 static void
1971 ubsec_cleanchip(struct ubsec_softc *sc)
1972 {
1973         struct ubsec_q *q;
1974
1975         while (!SIMPLEQ_EMPTY(&sc->sc_qchip)) {
1976                 q = SIMPLEQ_FIRST(&sc->sc_qchip);
1977                 SIMPLEQ_REMOVE_HEAD(&sc->sc_qchip, q, q_next);
1978                 ubsec_free_q(sc, q);
1979         }
1980         sc->sc_nqchip = 0;
1981 }
1982
1983 /*
1984  * free a ubsec_q
1985  * It is assumed that the caller is within spimp()
1986  */
1987 static int
1988 ubsec_free_q(struct ubsec_softc *sc, struct ubsec_q *q)
1989 {
1990         struct ubsec_q *q2;
1991         struct cryptop *crp;
1992         int npkts;
1993         int i;
1994
1995         npkts = q->q_nstacked_mcrs;
1996
1997         for (i = 0; i < npkts; i++) {
1998                 if(q->q_stacked_mcr[i]) {
1999                         q2 = q->q_stacked_mcr[i];
2000
2001                         if ((q2->q_dst_m != NULL) && (q2->q_src_m != q2->q_dst_m))
2002                                 m_freem(q2->q_dst_m);
2003
2004                         crp = (struct cryptop *)q2->q_crp;
2005
2006                         SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q2, q_next);
2007
2008                         crp->crp_etype = EFAULT;
2009                         crypto_done(crp);
2010                 } else {
2011                         break;
2012                 }
2013         }
2014
2015         /*
2016          * Free header MCR
2017          */
2018         if ((q->q_dst_m != NULL) && (q->q_src_m != q->q_dst_m))
2019                 m_freem(q->q_dst_m);
2020
2021         crp = (struct cryptop *)q->q_crp;
2022
2023         SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next);
2024
2025         crp->crp_etype = EFAULT;
2026         crypto_done(crp);
2027         return(0);
2028 }
2029
2030 /*
2031  * Routine to reset the chip and clean up.
2032  * It is assumed that the caller is in splimp()
2033  */
2034 static void
2035 ubsec_totalreset(struct ubsec_softc *sc)
2036 {
2037         ubsec_reset_board(sc);
2038         ubsec_init_board(sc);
2039         ubsec_cleanchip(sc);
2040 }
2041
2042 static int
2043 ubsec_dmamap_aligned(struct ubsec_operand *op)
2044 {
2045         int i;
2046
2047         for (i = 0; i < op->nsegs; i++) {
2048                 if (op->segs[i].ds_addr & 3)
2049                         return (0);
2050                 if ((i != (op->nsegs - 1)) &&
2051                     (op->segs[i].ds_len & 3))
2052                         return (0);
2053         }
2054         return (1);
2055 }
2056
2057 static void
2058 ubsec_kfree(struct ubsec_softc *sc, struct ubsec_q2 *q)
2059 {
2060         switch (q->q_type) {
2061         case UBS_CTXOP_MODEXP: {
2062                 struct ubsec_q2_modexp *me = (struct ubsec_q2_modexp *)q;
2063
2064                 ubsec_dma_free(sc, &me->me_q.q_mcr);
2065                 ubsec_dma_free(sc, &me->me_q.q_ctx);
2066                 ubsec_dma_free(sc, &me->me_M);
2067                 ubsec_dma_free(sc, &me->me_E);
2068                 ubsec_dma_free(sc, &me->me_C);
2069                 ubsec_dma_free(sc, &me->me_epb);
2070                 free(me, M_DEVBUF);
2071                 break;
2072         }
2073         case UBS_CTXOP_RSAPRIV: {
2074                 struct ubsec_q2_rsapriv *rp = (struct ubsec_q2_rsapriv *)q;
2075
2076                 ubsec_dma_free(sc, &rp->rpr_q.q_mcr);
2077                 ubsec_dma_free(sc, &rp->rpr_q.q_ctx);
2078                 ubsec_dma_free(sc, &rp->rpr_msgin);
2079                 ubsec_dma_free(sc, &rp->rpr_msgout);
2080                 free(rp, M_DEVBUF);
2081                 break;
2082         }
2083         default:
2084                 device_printf(sc->sc_dev, "invalid kfree 0x%x\n", q->q_type);
2085                 break;
2086         }
2087 }
2088
2089 static int
2090 ubsec_kprocess(void *arg, struct cryptkop *krp, int hint)
2091 {
2092         struct ubsec_softc *sc = arg;
2093         int r;
2094
2095         if (krp == NULL || krp->krp_callback == NULL)
2096                 return (EINVAL);
2097
2098         while (!SIMPLEQ_EMPTY(&sc->sc_q2free)) {
2099                 struct ubsec_q2 *q;
2100
2101                 q = SIMPLEQ_FIRST(&sc->sc_q2free);
2102                 SIMPLEQ_REMOVE_HEAD(&sc->sc_q2free, q, q_next);
2103                 ubsec_kfree(sc, q);
2104         }
2105
2106         switch (krp->krp_op) {
2107         case CRK_MOD_EXP:
2108                 if (sc->sc_flags & UBS_FLAGS_HWNORM)
2109                         r = ubsec_kprocess_modexp_hw(sc, krp, hint);
2110                 else
2111                         r = ubsec_kprocess_modexp_sw(sc, krp, hint);
2112                 break;
2113         case CRK_MOD_EXP_CRT:
2114                 return (ubsec_kprocess_rsapriv(sc, krp, hint));
2115         default:
2116                 device_printf(sc->sc_dev, "kprocess: invalid op 0x%x\n",
2117                     krp->krp_op);
2118                 krp->krp_status = EOPNOTSUPP;
2119                 crypto_kdone(krp);
2120                 return (0);
2121         }
2122         return (0);                     /* silence compiler */
2123 }
2124
2125 /*
2126  * Start computation of cr[C] = (cr[M] ^ cr[E]) mod cr[N] (sw normalization)
2127  */
2128 static int
2129 ubsec_kprocess_modexp_sw(struct ubsec_softc *sc, struct cryptkop *krp, int hint)
2130 {
2131         struct ubsec_q2_modexp *me;
2132         struct ubsec_mcr *mcr;
2133         struct ubsec_ctx_modexp *ctx;
2134         struct ubsec_pktbuf *epb;
2135         int s, err = 0;
2136         u_int nbits, normbits, mbits, shiftbits, ebits;
2137
2138         me = malloc(sizeof *me, M_DEVBUF, M_INTWAIT | M_ZERO);
2139         me->me_krp = krp;
2140         me->me_q.q_type = UBS_CTXOP_MODEXP;
2141
2142         nbits = ubsec_ksigbits(&krp->krp_param[UBS_MODEXP_PAR_N]);
2143         if (nbits <= 512)
2144                 normbits = 512;
2145         else if (nbits <= 768)
2146                 normbits = 768;
2147         else if (nbits <= 1024)
2148                 normbits = 1024;
2149         else if (sc->sc_flags & UBS_FLAGS_BIGKEY && nbits <= 1536)
2150                 normbits = 1536;
2151         else if (sc->sc_flags & UBS_FLAGS_BIGKEY && nbits <= 2048)
2152                 normbits = 2048;
2153         else {
2154                 err = E2BIG;
2155                 goto errout;
2156         }
2157
2158         shiftbits = normbits - nbits;
2159
2160         me->me_modbits = nbits;
2161         me->me_shiftbits = shiftbits;
2162         me->me_normbits = normbits;
2163
2164         /* Sanity check: result bits must be >= true modulus bits. */
2165         if (krp->krp_param[krp->krp_iparams].crp_nbits < nbits) {
2166                 err = ERANGE;
2167                 goto errout;
2168         }
2169
2170         if (ubsec_dma_malloc(sc, sizeof(struct ubsec_mcr),
2171             &me->me_q.q_mcr, 0)) {
2172                 err = ENOMEM;
2173                 goto errout;
2174         }
2175         mcr = (struct ubsec_mcr *)me->me_q.q_mcr.dma_vaddr;
2176
2177         if (ubsec_dma_malloc(sc, sizeof(struct ubsec_ctx_modexp),
2178             &me->me_q.q_ctx, 0)) {
2179                 err = ENOMEM;
2180                 goto errout;
2181         }
2182
2183         mbits = ubsec_ksigbits(&krp->krp_param[UBS_MODEXP_PAR_M]);
2184         if (mbits > nbits) {
2185                 err = E2BIG;
2186                 goto errout;
2187         }
2188         if (ubsec_dma_malloc(sc, normbits / 8, &me->me_M, 0)) {
2189                 err = ENOMEM;
2190                 goto errout;
2191         }
2192         ubsec_kshift_r(shiftbits,
2193             krp->krp_param[UBS_MODEXP_PAR_M].crp_p, mbits,
2194             me->me_M.dma_vaddr, normbits);
2195
2196         if (ubsec_dma_malloc(sc, normbits / 8, &me->me_C, 0)) {
2197                 err = ENOMEM;
2198                 goto errout;
2199         }
2200         bzero(me->me_C.dma_vaddr, me->me_C.dma_size);
2201
2202         ebits = ubsec_ksigbits(&krp->krp_param[UBS_MODEXP_PAR_E]);
2203         if (ebits > nbits) {
2204                 err = E2BIG;
2205                 goto errout;
2206         }
2207         if (ubsec_dma_malloc(sc, normbits / 8, &me->me_E, 0)) {
2208                 err = ENOMEM;
2209                 goto errout;
2210         }
2211         ubsec_kshift_r(shiftbits,
2212             krp->krp_param[UBS_MODEXP_PAR_E].crp_p, ebits,
2213             me->me_E.dma_vaddr, normbits);
2214
2215         if (ubsec_dma_malloc(sc, sizeof(struct ubsec_pktbuf),
2216             &me->me_epb, 0)) {
2217                 err = ENOMEM;
2218                 goto errout;
2219         }
2220         epb = (struct ubsec_pktbuf *)me->me_epb.dma_vaddr;
2221         epb->pb_addr = htole32(me->me_E.dma_paddr);
2222         epb->pb_next = 0;
2223         epb->pb_len = htole32(normbits / 8);
2224
2225 #ifdef UBSEC_DEBUG
2226         if (ubsec_debug) {
2227                 printf("Epb ");
2228                 ubsec_dump_pb(epb);
2229         }
2230 #endif
2231
2232         mcr->mcr_pkts = htole16(1);
2233         mcr->mcr_flags = 0;
2234         mcr->mcr_cmdctxp = htole32(me->me_q.q_ctx.dma_paddr);
2235         mcr->mcr_reserved = 0;
2236         mcr->mcr_pktlen = 0;
2237
2238         mcr->mcr_ipktbuf.pb_addr = htole32(me->me_M.dma_paddr);
2239         mcr->mcr_ipktbuf.pb_len = htole32(normbits / 8);
2240         mcr->mcr_ipktbuf.pb_next = htole32(me->me_epb.dma_paddr);
2241
2242         mcr->mcr_opktbuf.pb_addr = htole32(me->me_C.dma_paddr);
2243         mcr->mcr_opktbuf.pb_next = 0;
2244         mcr->mcr_opktbuf.pb_len = htole32(normbits / 8);
2245
2246 #ifdef DIAGNOSTIC
2247         /* Misaligned output buffer will hang the chip. */
2248         if ((letoh32(mcr->mcr_opktbuf.pb_addr) & 3) != 0)
2249                 panic("%s: modexp invalid addr 0x%x\n",
2250                     device_get_nameunit(sc->sc_dev),
2251                     letoh32(mcr->mcr_opktbuf.pb_addr));
2252         if ((letoh32(mcr->mcr_opktbuf.pb_len) & 3) != 0)
2253                 panic("%s: modexp invalid len 0x%x\n",
2254                     device_get_nameunit(sc->sc_dev),
2255                     letoh32(mcr->mcr_opktbuf.pb_len));
2256 #endif
2257
2258         ctx = (struct ubsec_ctx_modexp *)me->me_q.q_ctx.dma_vaddr;
2259         bzero(ctx, sizeof(*ctx));
2260         ubsec_kshift_r(shiftbits,
2261             krp->krp_param[UBS_MODEXP_PAR_N].crp_p, nbits,
2262             ctx->me_N, normbits);
2263         ctx->me_len = htole16((normbits / 8) + (4 * sizeof(u_int16_t)));
2264         ctx->me_op = htole16(UBS_CTXOP_MODEXP);
2265         ctx->me_E_len = htole16(nbits);
2266         ctx->me_N_len = htole16(nbits);
2267
2268 #ifdef UBSEC_DEBUG
2269         if (ubsec_debug) {
2270                 ubsec_dump_mcr(mcr);
2271                 ubsec_dump_ctx2((struct ubsec_ctx_keyop *)ctx);
2272         }
2273 #endif
2274
2275         /*
2276          * ubsec_feed2 will sync mcr and ctx, we just need to sync
2277          * everything else.
2278          */
2279         ubsec_dma_sync(&me->me_M, BUS_DMASYNC_PREWRITE);
2280         ubsec_dma_sync(&me->me_E, BUS_DMASYNC_PREWRITE);
2281         ubsec_dma_sync(&me->me_C, BUS_DMASYNC_PREREAD);
2282         ubsec_dma_sync(&me->me_epb, BUS_DMASYNC_PREWRITE);
2283
2284         /* Enqueue and we're done... */
2285         s = splimp();
2286         SIMPLEQ_INSERT_TAIL(&sc->sc_queue2, &me->me_q, q_next);
2287         ubsec_feed2(sc);
2288         ubsecstats.hst_modexp++;
2289         splx(s);
2290
2291         return (0);
2292
2293 errout:
2294         if (me != NULL) {
2295                 if (me->me_q.q_mcr.dma_map != NULL)
2296                         ubsec_dma_free(sc, &me->me_q.q_mcr);
2297                 if (me->me_q.q_ctx.dma_map != NULL) {
2298                         bzero(me->me_q.q_ctx.dma_vaddr, me->me_q.q_ctx.dma_size);
2299                         ubsec_dma_free(sc, &me->me_q.q_ctx);
2300                 }
2301                 if (me->me_M.dma_map != NULL) {
2302                         bzero(me->me_M.dma_vaddr, me->me_M.dma_size);
2303                         ubsec_dma_free(sc, &me->me_M);
2304                 }
2305                 if (me->me_E.dma_map != NULL) {
2306                         bzero(me->me_E.dma_vaddr, me->me_E.dma_size);
2307                         ubsec_dma_free(sc, &me->me_E);
2308                 }
2309                 if (me->me_C.dma_map != NULL) {
2310                         bzero(me->me_C.dma_vaddr, me->me_C.dma_size);
2311                         ubsec_dma_free(sc, &me->me_C);
2312                 }
2313                 if (me->me_epb.dma_map != NULL)
2314                         ubsec_dma_free(sc, &me->me_epb);
2315                 free(me, M_DEVBUF);
2316         }
2317         krp->krp_status = err;
2318         crypto_kdone(krp);
2319         return (0);
2320 }
2321
2322 /*
2323  * Start computation of cr[C] = (cr[M] ^ cr[E]) mod cr[N] (hw normalization)
2324  */
2325 static int
2326 ubsec_kprocess_modexp_hw(struct ubsec_softc *sc, struct cryptkop *krp, int hint)
2327 {
2328         struct ubsec_q2_modexp *me;
2329         struct ubsec_mcr *mcr;
2330         struct ubsec_ctx_modexp *ctx;
2331         struct ubsec_pktbuf *epb;
2332         int s, err = 0;
2333         u_int nbits, normbits, mbits, shiftbits, ebits;
2334
2335         me = malloc(sizeof *me, M_DEVBUF, M_INTWAIT | M_ZERO);
2336         me->me_krp = krp;
2337         me->me_q.q_type = UBS_CTXOP_MODEXP;
2338
2339         nbits = ubsec_ksigbits(&krp->krp_param[UBS_MODEXP_PAR_N]);
2340         if (nbits <= 512)
2341                 normbits = 512;
2342         else if (nbits <= 768)
2343                 normbits = 768;
2344         else if (nbits <= 1024)
2345                 normbits = 1024;
2346         else if (sc->sc_flags & UBS_FLAGS_BIGKEY && nbits <= 1536)
2347                 normbits = 1536;
2348         else if (sc->sc_flags & UBS_FLAGS_BIGKEY && nbits <= 2048)
2349                 normbits = 2048;
2350         else {
2351                 err = E2BIG;
2352                 goto errout;
2353         }
2354
2355         shiftbits = normbits - nbits;
2356
2357         /* XXX ??? */
2358         me->me_modbits = nbits;
2359         me->me_shiftbits = shiftbits;
2360         me->me_normbits = normbits;
2361
2362         /* Sanity check: result bits must be >= true modulus bits. */
2363         if (krp->krp_param[krp->krp_iparams].crp_nbits < nbits) {
2364                 err = ERANGE;
2365                 goto errout;
2366         }
2367
2368         if (ubsec_dma_malloc(sc, sizeof(struct ubsec_mcr),
2369             &me->me_q.q_mcr, 0)) {
2370                 err = ENOMEM;
2371                 goto errout;
2372         }
2373         mcr = (struct ubsec_mcr *)me->me_q.q_mcr.dma_vaddr;
2374
2375         if (ubsec_dma_malloc(sc, sizeof(struct ubsec_ctx_modexp),
2376             &me->me_q.q_ctx, 0)) {
2377                 err = ENOMEM;
2378                 goto errout;
2379         }
2380
2381         mbits = ubsec_ksigbits(&krp->krp_param[UBS_MODEXP_PAR_M]);
2382         if (mbits > nbits) {
2383                 err = E2BIG;
2384                 goto errout;
2385         }
2386         if (ubsec_dma_malloc(sc, normbits / 8, &me->me_M, 0)) {
2387                 err = ENOMEM;
2388                 goto errout;
2389         }
2390         bzero(me->me_M.dma_vaddr, normbits / 8);
2391         bcopy(krp->krp_param[UBS_MODEXP_PAR_M].crp_p,
2392             me->me_M.dma_vaddr, (mbits + 7) / 8);
2393
2394         if (ubsec_dma_malloc(sc, normbits / 8, &me->me_C, 0)) {
2395                 err = ENOMEM;
2396                 goto errout;
2397         }
2398         bzero(me->me_C.dma_vaddr, me->me_C.dma_size);
2399
2400         ebits = ubsec_ksigbits(&krp->krp_param[UBS_MODEXP_PAR_E]);
2401         if (ebits > nbits) {
2402                 err = E2BIG;
2403                 goto errout;
2404         }
2405         if (ubsec_dma_malloc(sc, normbits / 8, &me->me_E, 0)) {
2406                 err = ENOMEM;
2407                 goto errout;
2408         }
2409         bzero(me->me_E.dma_vaddr, normbits / 8);
2410         bcopy(krp->krp_param[UBS_MODEXP_PAR_E].crp_p,
2411             me->me_E.dma_vaddr, (ebits + 7) / 8);
2412
2413         if (ubsec_dma_malloc(sc, sizeof(struct ubsec_pktbuf),
2414             &me->me_epb, 0)) {
2415                 err = ENOMEM;
2416                 goto errout;
2417         }
2418         epb = (struct ubsec_pktbuf *)me->me_epb.dma_vaddr;
2419         epb->pb_addr = htole32(me->me_E.dma_paddr);
2420         epb->pb_next = 0;
2421         epb->pb_len = htole32((ebits + 7) / 8);
2422
2423 #ifdef UBSEC_DEBUG
2424         if (ubsec_debug) {
2425                 printf("Epb ");
2426                 ubsec_dump_pb(epb);
2427         }
2428 #endif
2429
2430         mcr->mcr_pkts = htole16(1);
2431         mcr->mcr_flags = 0;
2432         mcr->mcr_cmdctxp = htole32(me->me_q.q_ctx.dma_paddr);
2433         mcr->mcr_reserved = 0;
2434         mcr->mcr_pktlen = 0;
2435
2436         mcr->mcr_ipktbuf.pb_addr = htole32(me->me_M.dma_paddr);
2437         mcr->mcr_ipktbuf.pb_len = htole32(normbits / 8);
2438         mcr->mcr_ipktbuf.pb_next = htole32(me->me_epb.dma_paddr);
2439
2440         mcr->mcr_opktbuf.pb_addr = htole32(me->me_C.dma_paddr);
2441         mcr->mcr_opktbuf.pb_next = 0;
2442         mcr->mcr_opktbuf.pb_len = htole32(normbits / 8);
2443
2444 #ifdef DIAGNOSTIC
2445         /* Misaligned output buffer will hang the chip. */
2446         if ((letoh32(mcr->mcr_opktbuf.pb_addr) & 3) != 0)
2447                 panic("%s: modexp invalid addr 0x%x\n",
2448                     device_get_nameunit(sc->sc_dev),
2449                     letoh32(mcr->mcr_opktbuf.pb_addr));
2450         if ((letoh32(mcr->mcr_opktbuf.pb_len) & 3) != 0)
2451                 panic("%s: modexp invalid len 0x%x\n",
2452                     device_get_nameunit(sc->sc_dev),
2453                     letoh32(mcr->mcr_opktbuf.pb_len));
2454 #endif
2455
2456         ctx = (struct ubsec_ctx_modexp *)me->me_q.q_ctx.dma_vaddr;
2457         bzero(ctx, sizeof(*ctx));
2458         bcopy(krp->krp_param[UBS_MODEXP_PAR_N].crp_p, ctx->me_N,
2459             (nbits + 7) / 8);
2460         ctx->me_len = htole16((normbits / 8) + (4 * sizeof(u_int16_t)));
2461         ctx->me_op = htole16(UBS_CTXOP_MODEXP);
2462         ctx->me_E_len = htole16(ebits);
2463         ctx->me_N_len = htole16(nbits);
2464
2465 #ifdef UBSEC_DEBUG
2466         if (ubsec_debug) {
2467                 ubsec_dump_mcr(mcr);
2468                 ubsec_dump_ctx2((struct ubsec_ctx_keyop *)ctx);
2469         }
2470 #endif
2471
2472         /*
2473          * ubsec_feed2 will sync mcr and ctx, we just need to sync
2474          * everything else.
2475          */
2476         ubsec_dma_sync(&me->me_M, BUS_DMASYNC_PREWRITE);
2477         ubsec_dma_sync(&me->me_E, BUS_DMASYNC_PREWRITE);
2478         ubsec_dma_sync(&me->me_C, BUS_DMASYNC_PREREAD);
2479         ubsec_dma_sync(&me->me_epb, BUS_DMASYNC_PREWRITE);
2480
2481         /* Enqueue and we're done... */
2482         s = splimp();
2483         SIMPLEQ_INSERT_TAIL(&sc->sc_queue2, &me->me_q, q_next);
2484         ubsec_feed2(sc);
2485         splx(s);
2486
2487         return (0);
2488
2489 errout:
2490         if (me != NULL) {
2491                 if (me->me_q.q_mcr.dma_map != NULL)
2492                         ubsec_dma_free(sc, &me->me_q.q_mcr);
2493                 if (me->me_q.q_ctx.dma_map != NULL) {
2494                         bzero(me->me_q.q_ctx.dma_vaddr, me->me_q.q_ctx.dma_size);
2495                         ubsec_dma_free(sc, &me->me_q.q_ctx);
2496                 }
2497                 if (me->me_M.dma_map != NULL) {
2498                         bzero(me->me_M.dma_vaddr, me->me_M.dma_size);
2499                         ubsec_dma_free(sc, &me->me_M);
2500                 }
2501                 if (me->me_E.dma_map != NULL) {
2502                         bzero(me->me_E.dma_vaddr, me->me_E.dma_size);
2503                         ubsec_dma_free(sc, &me->me_E);
2504                 }
2505                 if (me->me_C.dma_map != NULL) {
2506                         bzero(me->me_C.dma_vaddr, me->me_C.dma_size);
2507                         ubsec_dma_free(sc, &me->me_C);
2508                 }
2509                 if (me->me_epb.dma_map != NULL)
2510                         ubsec_dma_free(sc, &me->me_epb);
2511                 free(me, M_DEVBUF);
2512         }
2513         krp->krp_status = err;
2514         crypto_kdone(krp);
2515         return (0);
2516 }
2517
2518 static int
2519 ubsec_kprocess_rsapriv(struct ubsec_softc *sc, struct cryptkop *krp, int hint)
2520 {
2521         struct ubsec_q2_rsapriv *rp = NULL;
2522         struct ubsec_mcr *mcr;
2523         struct ubsec_ctx_rsapriv *ctx;
2524         int s, err = 0;
2525         u_int padlen, msglen;
2526
2527         msglen = ubsec_ksigbits(&krp->krp_param[UBS_RSAPRIV_PAR_P]);
2528         padlen = ubsec_ksigbits(&krp->krp_param[UBS_RSAPRIV_PAR_Q]);
2529         if (msglen > padlen)
2530                 padlen = msglen;
2531
2532         if (padlen <= 256)
2533                 padlen = 256;
2534         else if (padlen <= 384)
2535                 padlen = 384;
2536         else if (padlen <= 512)
2537                 padlen = 512;
2538         else if (sc->sc_flags & UBS_FLAGS_BIGKEY && padlen <= 768)
2539                 padlen = 768;
2540         else if (sc->sc_flags & UBS_FLAGS_BIGKEY && padlen <= 1024)
2541                 padlen = 1024;
2542         else {
2543                 err = E2BIG;
2544                 goto errout;
2545         }
2546
2547         if (ubsec_ksigbits(&krp->krp_param[UBS_RSAPRIV_PAR_DP]) > padlen) {
2548                 err = E2BIG;
2549                 goto errout;
2550         }
2551
2552         if (ubsec_ksigbits(&krp->krp_param[UBS_RSAPRIV_PAR_DQ]) > padlen) {
2553                 err = E2BIG;
2554                 goto errout;
2555         }
2556
2557         if (ubsec_ksigbits(&krp->krp_param[UBS_RSAPRIV_PAR_PINV]) > padlen) {
2558                 err = E2BIG;
2559                 goto errout;
2560         }
2561
2562         rp = malloc(sizeof *rp, M_DEVBUF, M_INTWAIT | M_ZERO);
2563         rp->rpr_krp = krp;
2564         rp->rpr_q.q_type = UBS_CTXOP_RSAPRIV;
2565
2566         if (ubsec_dma_malloc(sc, sizeof(struct ubsec_mcr),
2567             &rp->rpr_q.q_mcr, 0)) {
2568                 err = ENOMEM;
2569                 goto errout;
2570         }
2571         mcr = (struct ubsec_mcr *)rp->rpr_q.q_mcr.dma_vaddr;
2572
2573         if (ubsec_dma_malloc(sc, sizeof(struct ubsec_ctx_rsapriv),
2574             &rp->rpr_q.q_ctx, 0)) {
2575                 err = ENOMEM;
2576                 goto errout;
2577         }
2578         ctx = (struct ubsec_ctx_rsapriv *)rp->rpr_q.q_ctx.dma_vaddr;
2579         bzero(ctx, sizeof *ctx);
2580
2581         /* Copy in p */
2582         bcopy(krp->krp_param[UBS_RSAPRIV_PAR_P].crp_p,
2583             &ctx->rpr_buf[0 * (padlen / 8)],
2584             (krp->krp_param[UBS_RSAPRIV_PAR_P].crp_nbits + 7) / 8);
2585
2586         /* Copy in q */
2587         bcopy(krp->krp_param[UBS_RSAPRIV_PAR_Q].crp_p,
2588             &ctx->rpr_buf[1 * (padlen / 8)],
2589             (krp->krp_param[UBS_RSAPRIV_PAR_Q].crp_nbits + 7) / 8);
2590
2591         /* Copy in dp */
2592         bcopy(krp->krp_param[UBS_RSAPRIV_PAR_DP].crp_p,
2593             &ctx->rpr_buf[2 * (padlen / 8)],
2594             (krp->krp_param[UBS_RSAPRIV_PAR_DP].crp_nbits + 7) / 8);
2595
2596         /* Copy in dq */
2597         bcopy(krp->krp_param[UBS_RSAPRIV_PAR_DQ].crp_p,
2598             &ctx->rpr_buf[3 * (padlen / 8)],
2599             (krp->krp_param[UBS_RSAPRIV_PAR_DQ].crp_nbits + 7) / 8);
2600
2601         /* Copy in pinv */
2602         bcopy(krp->krp_param[UBS_RSAPRIV_PAR_PINV].crp_p,
2603             &ctx->rpr_buf[4 * (padlen / 8)],
2604             (krp->krp_param[UBS_RSAPRIV_PAR_PINV].crp_nbits + 7) / 8);
2605
2606         msglen = padlen * 2;
2607
2608         /* Copy in input message (aligned buffer/length). */
2609         if (ubsec_ksigbits(&krp->krp_param[UBS_RSAPRIV_PAR_MSGIN]) > msglen) {
2610                 /* Is this likely? */
2611                 err = E2BIG;
2612                 goto errout;
2613         }
2614         if (ubsec_dma_malloc(sc, (msglen + 7) / 8, &rp->rpr_msgin, 0)) {
2615                 err = ENOMEM;
2616                 goto errout;
2617         }
2618         bzero(rp->rpr_msgin.dma_vaddr, (msglen + 7) / 8);
2619         bcopy(krp->krp_param[UBS_RSAPRIV_PAR_MSGIN].crp_p,
2620             rp->rpr_msgin.dma_vaddr,
2621             (krp->krp_param[UBS_RSAPRIV_PAR_MSGIN].crp_nbits + 7) / 8);
2622
2623         /* Prepare space for output message (aligned buffer/length). */
2624         if (ubsec_ksigbits(&krp->krp_param[UBS_RSAPRIV_PAR_MSGOUT]) < msglen) {
2625                 /* Is this likely? */
2626                 err = E2BIG;
2627                 goto errout;
2628         }
2629         if (ubsec_dma_malloc(sc, (msglen + 7) / 8, &rp->rpr_msgout, 0)) {
2630                 err = ENOMEM;
2631                 goto errout;
2632         }
2633         bzero(rp->rpr_msgout.dma_vaddr, (msglen + 7) / 8);
2634
2635         mcr->mcr_pkts = htole16(1);
2636         mcr->mcr_flags = 0;
2637         mcr->mcr_cmdctxp = htole32(rp->rpr_q.q_ctx.dma_paddr);
2638         mcr->mcr_ipktbuf.pb_addr = htole32(rp->rpr_msgin.dma_paddr);
2639         mcr->mcr_ipktbuf.pb_next = 0;
2640         mcr->mcr_ipktbuf.pb_len = htole32(rp->rpr_msgin.dma_size);
2641         mcr->mcr_reserved = 0;
2642         mcr->mcr_pktlen = htole16(msglen);
2643         mcr->mcr_opktbuf.pb_addr = htole32(rp->rpr_msgout.dma_paddr);
2644         mcr->mcr_opktbuf.pb_next = 0;
2645         mcr->mcr_opktbuf.pb_len = htole32(rp->rpr_msgout.dma_size);
2646
2647 #ifdef DIAGNOSTIC
2648         if (rp->rpr_msgin.dma_paddr & 3 || rp->rpr_msgin.dma_size & 3) {
2649                 panic("%s: rsapriv: invalid msgin %x(0x%x)",
2650                     device_get_nameunit(sc->sc_dev),
2651                     rp->rpr_msgin.dma_paddr, rp->rpr_msgin.dma_size);
2652         }
2653         if (rp->rpr_msgout.dma_paddr & 3 || rp->rpr_msgout.dma_size & 3) {
2654                 panic("%s: rsapriv: invalid msgout %x(0x%x)",
2655                     device_get_nameunit(sc->sc_dev),
2656                     rp->rpr_msgout.dma_paddr, rp->rpr_msgout.dma_size);
2657         }
2658 #endif
2659
2660         ctx->rpr_len = (sizeof(u_int16_t) * 4) + (5 * (padlen / 8));
2661         ctx->rpr_op = htole16(UBS_CTXOP_RSAPRIV);
2662         ctx->rpr_q_len = htole16(padlen);
2663         ctx->rpr_p_len = htole16(padlen);
2664
2665         /*
2666          * ubsec_feed2 will sync mcr and ctx, we just need to sync
2667          * everything else.
2668          */
2669         ubsec_dma_sync(&rp->rpr_msgin, BUS_DMASYNC_PREWRITE);
2670         ubsec_dma_sync(&rp->rpr_msgout, BUS_DMASYNC_PREREAD);
2671
2672         /* Enqueue and we're done... */
2673         s = splimp();
2674         SIMPLEQ_INSERT_TAIL(&sc->sc_queue2, &rp->rpr_q, q_next);
2675         ubsec_feed2(sc);
2676         ubsecstats.hst_modexpcrt++;
2677         splx(s);
2678         return (0);
2679
2680 errout:
2681         if (rp != NULL) {
2682                 if (rp->rpr_q.q_mcr.dma_map != NULL)
2683                         ubsec_dma_free(sc, &rp->rpr_q.q_mcr);
2684                 if (rp->rpr_msgin.dma_map != NULL) {
2685                         bzero(rp->rpr_msgin.dma_vaddr, rp->rpr_msgin.dma_size);
2686                         ubsec_dma_free(sc, &rp->rpr_msgin);
2687                 }
2688                 if (rp->rpr_msgout.dma_map != NULL) {
2689                         bzero(rp->rpr_msgout.dma_vaddr, rp->rpr_msgout.dma_size);
2690                         ubsec_dma_free(sc, &rp->rpr_msgout);
2691                 }
2692                 free(rp, M_DEVBUF);
2693         }
2694         krp->krp_status = err;
2695         crypto_kdone(krp);
2696         return (0);
2697 }
2698
2699 #ifdef UBSEC_DEBUG
2700 static void
2701 ubsec_dump_pb(volatile struct ubsec_pktbuf *pb)
2702 {
2703         printf("addr 0x%x (0x%x) next 0x%x\n",
2704             pb->pb_addr, pb->pb_len, pb->pb_next);
2705 }
2706
2707 static void
2708 ubsec_dump_ctx2(struct ubsec_ctx_keyop *c)
2709 {
2710         printf("CTX (0x%x):\n", c->ctx_len);
2711         switch (letoh16(c->ctx_op)) {
2712         case UBS_CTXOP_RNGBYPASS:
2713         case UBS_CTXOP_RNGSHA1:
2714                 break;
2715         case UBS_CTXOP_MODEXP:
2716         {
2717                 struct ubsec_ctx_modexp *cx = (void *)c;
2718                 int i, len;
2719
2720                 printf(" Elen %u, Nlen %u\n",
2721                     letoh16(cx->me_E_len), letoh16(cx->me_N_len));
2722                 len = (cx->me_N_len + 7)/8;
2723                 for (i = 0; i < len; i++)
2724                         printf("%s%02x", (i == 0) ? " N: " : ":", cx->me_N[i]);
2725                 printf("\n");
2726                 break;
2727         }
2728         default:
2729                 printf("unknown context: %x\n", c->ctx_op);
2730         }
2731         printf("END CTX\n");
2732 }
2733
2734 static void
2735 ubsec_dump_mcr(struct ubsec_mcr *mcr)
2736 {
2737         volatile struct ubsec_mcr_add *ma;
2738         int i;
2739
2740         printf("MCR:\n");
2741         printf(" pkts: %u, flags 0x%x\n",
2742             letoh16(mcr->mcr_pkts), letoh16(mcr->mcr_flags));
2743         ma = (volatile struct ubsec_mcr_add *)&mcr->mcr_cmdctxp;
2744         for (i = 0; i < letoh16(mcr->mcr_pkts); i++) {
2745                 printf(" %d: ctx 0x%x len 0x%x rsvd 0x%x\n", i,
2746                     letoh32(ma->mcr_cmdctxp), letoh16(ma->mcr_pktlen),
2747                     letoh16(ma->mcr_reserved));
2748                 printf(" %d: ipkt ", i);
2749                 ubsec_dump_pb(&ma->mcr_ipktbuf);
2750                 printf(" %d: opkt ", i);
2751                 ubsec_dump_pb(&ma->mcr_opktbuf);
2752                 ma++;
2753         }
2754         printf("END MCR\n");
2755 }
2756 #endif /* UBSEC_DEBUG */
2757
2758 /*
2759  * Return the number of significant bits of a big number.
2760  */
2761 static int
2762 ubsec_ksigbits(struct crparam *cr)
2763 {
2764         u_int plen = (cr->crp_nbits + 7) / 8;
2765         int i, sig = plen * 8;
2766         u_int8_t c, *p = cr->crp_p;
2767
2768         for (i = plen - 1; i >= 0; i--) {
2769                 c = p[i];
2770                 if (c != 0) {
2771                         while ((c & 0x80) == 0) {
2772                                 sig--;
2773                                 c <<= 1;
2774                         }
2775                         break;
2776                 }
2777                 sig -= 8;
2778         }
2779         return (sig);
2780 }
2781
2782 static void
2783 ubsec_kshift_r(
2784         u_int shiftbits,
2785         u_int8_t *src, u_int srcbits,
2786         u_int8_t *dst, u_int dstbits)
2787 {
2788         u_int slen, dlen;
2789         int i, si, di, n;
2790
2791         slen = (srcbits + 7) / 8;
2792         dlen = (dstbits + 7) / 8;
2793
2794         for (i = 0; i < slen; i++)
2795                 dst[i] = src[i];
2796         for (i = 0; i < dlen - slen; i++)
2797                 dst[slen + i] = 0;
2798
2799         n = shiftbits / 8;
2800         if (n != 0) {
2801                 si = dlen - n - 1;
2802                 di = dlen - 1;
2803                 while (si >= 0)
2804                         dst[di--] = dst[si--];
2805                 while (di >= 0)
2806                         dst[di--] = 0;
2807         }
2808
2809         n = shiftbits % 8;
2810         if (n != 0) {
2811                 for (i = dlen - 1; i > 0; i--)
2812                         dst[i] = (dst[i] << n) |
2813                             (dst[i - 1] >> (8 - n));
2814                 dst[0] = dst[0] << n;
2815         }
2816 }
2817
2818 static void
2819 ubsec_kshift_l(
2820         u_int shiftbits,
2821         u_int8_t *src, u_int srcbits,
2822         u_int8_t *dst, u_int dstbits)
2823 {
2824         int slen, dlen, i, n;
2825
2826         slen = (srcbits + 7) / 8;
2827         dlen = (dstbits + 7) / 8;
2828
2829         n = shiftbits / 8;
2830         for (i = 0; i < slen; i++)
2831                 dst[i] = src[i + n];
2832         for (i = 0; i < dlen - slen; i++)
2833                 dst[slen + i] = 0;
2834
2835         n = shiftbits % 8;
2836         if (n != 0) {
2837                 for (i = 0; i < (dlen - 1); i++)
2838                         dst[i] = (dst[i] >> n) | (dst[i + 1] << (8 - n));
2839                 dst[dlen - 1] = dst[dlen - 1] >> n;
2840         }
2841 }