diff options
author | Florian Fainelli <florian@openwrt.org> | 2008-07-15 17:12:30 +0000 |
---|---|---|
committer | Florian Fainelli <florian@openwrt.org> | 2008-07-15 17:12:30 +0000 |
commit | af8c1e826916c9f91a9cfe0e097e1b035f079501 (patch) | |
tree | 1622af31c6045b2fcbd02119525404c902e6eb75 /package/ubsec_ssb | |
parent | abb0f6763ecd1d0b7633c14b4ed3a83793472a70 (diff) | |
download | upstream-af8c1e826916c9f91a9cfe0e097e1b035f079501.tar.gz upstream-af8c1e826916c9f91a9cfe0e097e1b035f079501.tar.bz2 upstream-af8c1e826916c9f91a9cfe0e097e1b035f079501.zip |
Add ubsec ssb from Daniel Mueller <daniel@danm.de> (#2417)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@11841 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/ubsec_ssb')
-rw-r--r-- | package/ubsec_ssb/Makefile | 47 | ||||
-rw-r--r-- | package/ubsec_ssb/src/Makefile | 20 | ||||
-rw-r--r-- | package/ubsec_ssb/src/bsdqueue.h | 527 | ||||
-rw-r--r-- | package/ubsec_ssb/src/cryptodev.h | 478 | ||||
-rw-r--r-- | package/ubsec_ssb/src/hmachack.h | 38 | ||||
-rw-r--r-- | package/ubsec_ssb/src/md5.c | 308 | ||||
-rw-r--r-- | package/ubsec_ssb/src/md5.h | 76 | ||||
-rw-r--r-- | package/ubsec_ssb/src/ocf-compat.h | 268 | ||||
-rw-r--r-- | package/ubsec_ssb/src/openbsd/ubsec.c | 2511 | ||||
-rw-r--r-- | package/ubsec_ssb/src/openbsd/ubsecreg.h | 193 | ||||
-rw-r--r-- | package/ubsec_ssb/src/openbsd/ubsecvar.h | 195 | ||||
-rw-r--r-- | package/ubsec_ssb/src/sha1.c | 279 | ||||
-rw-r--r-- | package/ubsec_ssb/src/sha1.h | 72 | ||||
-rw-r--r-- | package/ubsec_ssb/src/ubsec_ssb.c | 2214 | ||||
-rw-r--r-- | package/ubsec_ssb/src/ubsecreg.h | 234 | ||||
-rw-r--r-- | package/ubsec_ssb/src/ubsecvar.h | 229 | ||||
-rw-r--r-- | package/ubsec_ssb/src/uio.h | 54 |
17 files changed, 7743 insertions, 0 deletions
diff --git a/package/ubsec_ssb/Makefile b/package/ubsec_ssb/Makefile new file mode 100644 index 0000000000..8c2c98423b --- /dev/null +++ b/package/ubsec_ssb/Makefile @@ -0,0 +1,47 @@ +# +# Copyright (C) 2008 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +# $Id: $ + +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=ubsec-ssb + +CRYPTO_MENU:=OCF Configuration + +include $(INCLUDE_DIR)/package.mk + +define KernelPackage/ocf-ubsec-ssb + SUBMENU:=$(CRYPTO_MENU) + DEPENDS:=@LINUX_2_6 + TITLE:=BCM5365P IPSec Core driver + FILES:=$(PKG_BUILD_DIR)/src/ubsec_ssb.$(LINUX_KMOD_SUFFIX) + AUTOLOAD:=$(call AutoLoad,09,ubsec_ssb) +endef + +define KernelPackage/ocf-ubsec-ssb/description + This package contains the OCF driver for the BCM5365p IPSec Core +endef + +define Build/Prepare + mkdir -p $(PKG_BUILD_DIR) + $(CP) -r ./src $(PKG_BUILD_DIR)/ +endef + +LINUX_PATCHLEVEL:=$(shell echo "$(LINUX_VERSION)" | cut -d. -f2) + +define Build/Compile + $(MAKE) -C $(LINUX_DIR) \ + ARCH="$(LINUX_KARCH)" \ + CROSS_COMPILE="$(TARGET_CROSS)" \ + PATCHLEVEL="$(LINUX_PATCHLEVEL)" \ + KERNDIR="$(LINUX_DIR)" \ + SUBDIRS="$(PKG_BUILD_DIR)/src" \ + modules +endef + +$(eval $(call KernelPackage,ocf-ubsec-ssb)) diff --git a/package/ubsec_ssb/src/Makefile b/package/ubsec_ssb/src/Makefile new file mode 100644 index 0000000000..9b973e1fc4 --- /dev/null +++ b/package/ubsec_ssb/src/Makefile @@ -0,0 +1,20 @@ +# $Id$ +# +# Makefile for b5365ips driver +# +# Copyright (C) 2007 Daniel Mueller <daniel@danm.de> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version +# 2 of the License, or (at your option) any later version. +# + +obj-m := ubsec_ssb.o + +obj ?= . + +ifeq ($(MAKING_MODULES),1) + +-include $(TOPDIR)/Rules.make +endif diff --git a/package/ubsec_ssb/src/bsdqueue.h b/package/ubsec_ssb/src/bsdqueue.h new file mode 100644 index 0000000000..601055267d --- /dev/null +++ b/package/ubsec_ssb/src/bsdqueue.h @@ -0,0 +1,527 @@ +/* $OpenBSD: queue.h,v 1.32 2007/04/30 18:42:34 pedro Exp $ */ +/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */ + +/* + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)queue.h 8.5 (Berkeley) 8/20/94 + */ + +#ifndef _BSD_SYS_QUEUE_H_ +#define _BSD_SYS_QUEUE_H_ + +/* + * This file defines five types of data structures: singly-linked lists, + * lists, simple queues, tail queues, and circular queues. + * + * + * A singly-linked list is headed by a single forward pointer. The elements + * are singly linked for minimum space and pointer manipulation overhead at + * the expense of O(n) removal for arbitrary elements. New elements can be + * added to the list after an existing element or at the head of the list. + * Elements being removed from the head of the list should use the explicit + * macro for this purpose for optimum efficiency. A singly-linked list may + * only be traversed in the forward direction. Singly-linked lists are ideal + * for applications with large datasets and few or no removals or for + * implementing a LIFO queue. + * + * A list is headed by a single forward pointer (or an array of forward + * pointers for a hash table header). The elements are doubly linked + * so that an arbitrary element can be removed without a need to + * traverse the list. New elements can be added to the list before + * or after an existing element or at the head of the list. A list + * may only be traversed in the forward direction. + * + * A simple queue is headed by a pair of pointers, one the head of the + * list and the other to the tail of the list. The elements are singly + * linked to save space, so elements can only be removed from the + * head of the list. New elements can be added to the list before or after + * an existing element, at the head of the list, or at the end of the + * list. A simple queue may only be traversed in the forward direction. + * + * A tail queue is headed by a pair of pointers, one to the head of the + * list and the other to the tail of the list. The elements are doubly + * linked so that an arbitrary element can be removed without a need to + * traverse the list. New elements can be added to the list before or + * after an existing element, at the head of the list, or at the end of + * the list. A tail queue may be traversed in either direction. + * + * A circle queue is headed by a pair of pointers, one to the head of the + * list and the other to the tail of the list. The elements are doubly + * linked so that an arbitrary element can be removed without a need to + * traverse the list. New elements can be added to the list before or after + * an existing element, at the head of the list, or at the end of the list. + * A circle queue may be traversed in either direction, but has a more + * complex end of list detection. + * + * For details on the use of these macros, see the queue(3) manual page. + */ + +#if defined(QUEUE_MACRO_DEBUG) || (defined(_KERNEL) && defined(DIAGNOSTIC)) +#define _Q_INVALIDATE(a) (a) = ((void *)-1) +#else +#define _Q_INVALIDATE(a) +#endif + +/* + * Singly-linked List definitions. + */ +#define BSD_SLIST_HEAD(name, type) \ +struct name { \ + struct type *slh_first; /* first element */ \ +} + +#define BSD_SLIST_HEAD_INITIALIZER(head) \ + { NULL } + +#define BSD_SLIST_ENTRY(type) \ +struct { \ + struct type *sle_next; /* next element */ \ +} + +/* + * Singly-linked List access methods. + */ +#define BSD_SLIST_FIRST(head) ((head)->slh_first) +#define BSD_SLIST_END(head) NULL +#define BSD_SLIST_EMPTY(head) (BSD_SLIST_FIRST(head) == BSD_SLIST_END(head)) +#define BSD_SLIST_NEXT(elm, field) ((elm)->field.sle_next) + +#define BSD_SLIST_FOREACH(var, head, field) \ + for((var) = BSD_SLIST_FIRST(head); \ + (var) != BSD_SLIST_END(head); \ + (var) = BSD_SLIST_NEXT(var, field)) + +#define BSD_SLIST_FOREACH_PREVPTR(var, varp, head, field) \ + for ((varp) = &BSD_SLIST_FIRST((head)); \ + ((var) = *(varp)) != BSD_SLIST_END(head); \ + (varp) = &BSD_SLIST_NEXT((var), field)) + +/* + * Singly-linked List functions. + */ +#define BSD_SLIST_INIT(head) { \ + BSD_SLIST_FIRST(head) = BSD_SLIST_END(head); \ +} + +#define BSD_SLIST_INSERT_AFTER(slistelm, elm, field) do { \ + (elm)->field.sle_next = (slistelm)->field.sle_next; \ + (slistelm)->field.sle_next = (elm); \ +} while (0) + +#define BSD_SLIST_INSERT_HEAD(head, elm, field) do { \ + (elm)->field.sle_next = (head)->slh_first; \ + (head)->slh_first = (elm); \ +} while (0) + +#define BSD_SLIST_REMOVE_NEXT(head, elm, field) do { \ + (elm)->field.sle_next = (elm)->field.sle_next->field.sle_next; \ +} while (0) + +#define BSD_SLIST_REMOVE_HEAD(head, field) do { \ + (head)->slh_first = (head)->slh_first->field.sle_next; \ +} while (0) + +#define BSD_SLIST_REMOVE(head, elm, type, field) do { \ + if ((head)->slh_first == (elm)) { \ + BSD_SLIST_REMOVE_HEAD((head), field); \ + } else { \ + struct type *curelm = (head)->slh_first; \ + \ + while (curelm->field.sle_next != (elm)) \ + curelm = curelm->field.sle_next; \ + curelm->field.sle_next = \ + curelm->field.sle_next->field.sle_next; \ + _Q_INVALIDATE((elm)->field.sle_next); \ + } \ +} while (0) + +/* + * List definitions. + */ +#define BSD_LIST_HEAD(name, type) \ +struct name { \ + struct type *lh_first; /* first element */ \ +} + +#define BSD_LIST_HEAD_INITIALIZER(head) \ + { NULL } + +#define BSD_LIST_ENTRY(type) \ +struct { \ + struct type *le_next; /* next element */ \ + struct type **le_prev; /* address of previous next element */ \ +} + +/* + * List access methods + */ +#define BSD_LIST_FIRST(head) ((head)->lh_first) +#define BSD_LIST_END(head) NULL +#define BSD_LIST_EMPTY(head) (BSD_LIST_FIRST(head) == BSD_LIST_END(head)) +#define BSD_LIST_NEXT(elm, field) ((elm)->field.le_next) + +#define BSD_LIST_FOREACH(var, head, field) \ + for((var) = BSD_LIST_FIRST(head); \ + (var)!= BSD_LIST_END(head); \ + (var) = BSD_LIST_NEXT(var, field)) + +/* + * List functions. + */ +#define BSD_LIST_INIT(head) do { \ + BSD_LIST_FIRST(head) = BSD_LIST_END(head); \ +} while (0) + +#define BSD_LIST_INSERT_AFTER(listelm, elm, field) do { \ + if (((elm)->field.le_next = (listelm)->field.le_next) != NULL) \ + (listelm)->field.le_next->field.le_prev = \ + &(elm)->field.le_next; \ + (listelm)->field.le_next = (elm); \ + (elm)->field.le_prev = &(listelm)->field.le_next; \ +} while (0) + +#define BSD_LIST_INSERT_BEFORE(listelm, elm, field) do { \ + (elm)->field.le_prev = (listelm)->field.le_prev; \ + (elm)->field.le_next = (listelm); \ + *(listelm)->field.le_prev = (elm); \ + (listelm)->field.le_prev = &(elm)->field.le_next; \ +} while (0) + +#define BSD_LIST_INSERT_HEAD(head, elm, field) do { \ + if (((elm)->field.le_next = (head)->lh_first) != NULL) \ + (head)->lh_first->field.le_prev = &(elm)->field.le_next;\ + (head)->lh_first = (elm); \ + (elm)->field.le_prev = &(head)->lh_first; \ +} while (0) + +#define BSD_LIST_REMOVE(elm, field) do { \ + if ((elm)->field.le_next != NULL) \ + (elm)->field.le_next->field.le_prev = \ + (elm)->field.le_prev; \ + *(elm)->field.le_prev = (elm)->field.le_next; \ + _Q_INVALIDATE((elm)->field.le_prev); \ + _Q_INVALIDATE((elm)->field.le_next); \ +} while (0) + +#define BSD_LIST_REPLACE(elm, elm2, field) do { \ + if (((elm2)->field.le_next = (elm)->field.le_next) != NULL) \ + (elm2)->field.le_next->field.le_prev = \ + &(elm2)->field.le_next; \ + (elm2)->field.le_prev = (elm)->field.le_prev; \ + *(elm2)->field.le_prev = (elm2); \ + _Q_INVALIDATE((elm)->field.le_prev); \ + _Q_INVALIDATE((elm)->field.le_next); \ +} while (0) + +/* + * Simple queue definitions. + */ +#define BSD_SIMPLEQ_HEAD(name, type) \ +struct name { \ + struct type *sqh_first; /* first element */ \ + struct type **sqh_last; /* addr of last next element */ \ +} + +#define BSD_SIMPLEQ_HEAD_INITIALIZER(head) \ + { NULL, &(head).sqh_first } + +#define BSD_SIMPLEQ_ENTRY(type) \ +struct { \ + struct type *sqe_next; /* next element */ \ +} + +/* + * Simple queue access methods. + */ +#define BSD_SIMPLEQ_FIRST(head) ((head)->sqh_first) +#define BSD_SIMPLEQ_END(head) NULL +#define BSD_SIMPLEQ_EMPTY(head) (BSD_SIMPLEQ_FIRST(head) == BSD_SIMPLEQ_END(head)) +#define BSD_SIMPLEQ_NEXT(elm, field) ((elm)->field.sqe_next) + +#define BSD_SIMPLEQ_FOREACH(var, head, field) \ + for((var) = BSD_SIMPLEQ_FIRST(head); \ + (var) != BSD_SIMPLEQ_END(head); \ + (var) = BSD_SIMPLEQ_NEXT(var, field)) + +/* + * Simple queue functions. + */ +#define BSD_SIMPLEQ_INIT(head) do { \ + (head)->sqh_first = NULL; \ + (head)->sqh_last = &(head)->sqh_first; \ +} while (0) + +#define BSD_SIMPLEQ_INSERT_HEAD(head, elm, field) do { \ + if (((elm)->field.sqe_next = (head)->sqh_first) == NULL) \ + (head)->sqh_last = &(elm)->field.sqe_next; \ + (head)->sqh_first = (elm); \ +} while (0) + +#define BSD_SIMPLEQ_INSERT_TAIL(head, elm, field) do { \ + (elm)->field.sqe_next = NULL; \ + *(head)->sqh_last = (elm); \ + (head)->sqh_last = &(elm)->field.sqe_next; \ +} while (0) + +#define BSD_SIMPLEQ_INSERT_AFTER(head, listelm, elm, field) do { \ + if (((elm)->field.sqe_next = (listelm)->field.sqe_next) == NULL)\ + (head)->sqh_last = &(elm)->field.sqe_next; \ + (listelm)->field.sqe_next = (elm); \ +} while (0) + +#define BSD_SIMPLEQ_REMOVE_HEAD(head, field) do { \ + if (((head)->sqh_first = (head)->sqh_first->field.sqe_next) == NULL) \ + (head)->sqh_last = &(head)->sqh_first; \ +} while (0) + +/* + * Tail queue definitions. + */ +#define BSD_TAILQ_HEAD(name, type) \ +struct name { \ + struct type *tqh_first; /* first element */ \ + struct type **tqh_last; /* addr of last next element */ \ +} + +#define BSD_TAILQ_HEAD_INITIALIZER(head) \ + { NULL, &(head).tqh_first } + +#define BSD_TAILQ_ENTRY(type) \ +struct { \ + struct type *tqe_next; /* next element */ \ + struct type **tqe_prev; /* address of previous next element */ \ +} + +/* + * tail queue access methods + */ +#define BSD_TAILQ_FIRST(head) ((head)->tqh_first) +#define BSD_TAILQ_END(head) NULL +#define BSD_TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) +#define BSD_TAILQ_LAST(head, headname) \ + (*(((struct headname *)((head)->tqh_last))->tqh_last)) +/* XXX */ +#define BSD_TAILQ_PREV(elm, headname, field) \ + (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) +#define BSD_TAILQ_EMPTY(head) \ + (BSD_TAILQ_FIRST(head) == BSD_TAILQ_END(head)) + +#define BSD_TAILQ_FOREACH(var, head, field) \ + for((var) = BSD_TAILQ_FIRST(head); \ + (var) != BSD_TAILQ_END(head); \ + (var) = BSD_TAILQ_NEXT(var, field)) + +#define BSD_TAILQ_FOREACH_REVERSE(var, head, headname, field) \ + for((var) = BSD_TAILQ_LAST(head, headname); \ + (var) != BSD_TAILQ_END(head); \ + (var) = BSD_TAILQ_PREV(var, headname, field)) + +/* + * Tail queue functions. + */ +#define BSD_TAILQ_INIT(head) do { \ + (head)->tqh_first = NULL; \ + (head)->tqh_last = &(head)->tqh_first; \ +} while (0) + +#define BSD_TAILQ_INSERT_HEAD(head, elm, field) do { \ + if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \ + (head)->tqh_first->field.tqe_prev = \ + &(elm)->field.tqe_next; \ + else \ + (head)->tqh_last = &(elm)->field.tqe_next; \ + (head)->tqh_first = (elm); \ + (elm)->field.tqe_prev = &(head)->tqh_first; \ +} while (0) + +#define BSD_TAILQ_INSERT_TAIL(head, elm, field) do { \ + (elm)->field.tqe_next = NULL; \ + (elm)->field.tqe_prev = (head)->tqh_last; \ + *(head)->tqh_last = (elm); \ + (head)->tqh_last = &(elm)->field.tqe_next; \ +} while (0) + +#define BSD_TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ + if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\ + (elm)->field.tqe_next->field.tqe_prev = \ + &(elm)->field.tqe_next; \ + else \ + (head)->tqh_last = &(elm)->field.tqe_next; \ + (listelm)->field.tqe_next = (elm); \ + (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \ +} while (0) + +#define BSD_TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ + (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ + (elm)->field.tqe_next = (listelm); \ + *(listelm)->field.tqe_prev = (elm); \ + (listelm)->field.tqe_prev = &(elm)->field.tqe_next; \ +} while (0) + +#define BSD_TAILQ_REMOVE(head, elm, field) do { \ + if (((elm)->field.tqe_next) != NULL) \ + (elm)->field.tqe_next->field.tqe_prev = \ + (elm)->field.tqe_prev; \ + else \ + (head)->tqh_last = (elm)->field.tqe_prev; \ + *(elm)->field.tqe_prev = (elm)->field.tqe_next; \ + _Q_INVALIDATE((elm)->field.tqe_prev); \ + _Q_INVALIDATE((elm)->field.tqe_next); \ +} while (0) + +#define BSD_TAILQ_REPLACE(head, elm, elm2, field) do { \ + if (((elm2)->field.tqe_next = (elm)->field.tqe_next) != NULL) \ + (elm2)->field.tqe_next->field.tqe_prev = \ + &(elm2)->field.tqe_next; \ + else \ + (head)->tqh_last = &(elm2)->field.tqe_next; \ + (elm2)->field.tqe_prev = (elm)->field.tqe_prev; \ + *(elm2)->field.tqe_prev = (elm2); \ + _Q_INVALIDATE((elm)->field.tqe_prev); \ + _Q_INVALIDATE((elm)->field.tqe_next); \ +} while (0) + +/* + * Circular queue definitions. + */ +#define BSD_CIRCLEQ_HEAD(name, type) \ +struct name { \ + struct type *cqh_first; /* first element */ \ + struct type *cqh_last; /* last element */ \ +} + +#define BSD_CIRCLEQ_HEAD_INITIALIZER(head) \ + { BSD_CIRCLEQ_END(&head), BSD_CIRCLEQ_END(&head) } + +#define BSD_CIRCLEQ_ENTRY(type) \ +struct { \ + struct type *cqe_next; /* next element */ \ + struct type *cqe_prev; /* previous element */ \ +} + +/* + * Circular queue access methods + */ +#define BSD_CIRCLEQ_FIRST(head) ((head)->cqh_first) +#define BSD_CIRCLEQ_LAST(head) ((head)->cqh_last) +#define BSD_CIRCLEQ_END(head) ((void *)(head)) +#define BSD_CIRCLEQ_NEXT(elm, field) ((elm)->field.cqe_next) +#define BSD_CIRCLEQ_PREV(elm, field) ((elm)->field.cqe_prev) +#define BSD_CIRCLEQ_EMPTY(head) \ + (BSD_CIRCLEQ_FIRST(head) == BSD_CIRCLEQ_END(head)) + +#define BSD_CIRCLEQ_FOREACH(var, head, field) \ + for((var) = BSD_CIRCLEQ_FIRST(head); \ + (var) != BSD_CIRCLEQ_END(head); \ + (var) = BSD_CIRCLEQ_NEXT(var, field)) + +#define BSD_CIRCLEQ_FOREACH_REVERSE(var, head, field) \ + for((var) = BSD_CIRCLEQ_LAST(head); \ + (var) != BSD_CIRCLEQ_END(head); \ + (var) = BSD_CIRCLEQ_PREV(var, field)) + +/* + * Circular queue functions. + */ +#define BSD_CIRCLEQ_INIT(head) do { \ + (head)->cqh_first = BSD_CIRCLEQ_END(head); \ + (head)->cqh_last = BSD_CIRCLEQ_END(head); \ +} while (0) + +#define BSD_CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do { \ + (elm)->field.cqe_next = (listelm)->field.cqe_next; \ + (elm)->field.cqe_prev = (listelm); \ + if ((listelm)->field.cqe_next == BSD_CIRCLEQ_END(head)) \ + (head)->cqh_last = (elm); \ + else \ + (listelm)->field.cqe_next->field.cqe_prev = (elm); \ + (listelm)->field.cqe_next = (elm); \ +} while (0) + +#define BSD_CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) do { \ + (elm)->field.cqe_next = (listelm); \ + (elm)->field.cqe_prev = (listelm)->field.cqe_prev; \ + if ((listelm)->field.cqe_prev == BSD_CIRCLEQ_END(head)) \ + (head)->cqh_first = (elm); \ + else \ + (listelm)->field.cqe_prev->field.cqe_next = (elm); \ + (listelm)->field.cqe_prev = (elm); \ +} while (0) + +#define BSD_CIRCLEQ_INSERT_HEAD(head, elm, field) do { \ + (elm)->field.cqe_next = (head)->cqh_first; \ + (elm)->field.cqe_prev = BSD_CIRCLEQ_END(head); \ + if ((head)->cqh_last == BSD_CIRCLEQ_END(head)) \ + (head)->cqh_last = (elm); \ + else \ + (head)->cqh_first->field.cqe_prev = (elm); \ + (head)->cqh_first = (elm); \ +} while (0) + +#define BSD_CIRCLEQ_INSERT_TAIL(head, elm, field) do { \ + (elm)->field.cqe_next = BSD_CIRCLEQ_END(head); \ + (elm)->field.cqe_prev = (head)->cqh_last; \ + if ((head)->cqh_first == BSD_CIRCLEQ_END(head)) \ + (head)->cqh_first = (elm); \ + else \ + (head)->cqh_last->field.cqe_next = (elm); \ + (head)->cqh_last = (elm); \ +} while (0) + +#define BSD_CIRCLEQ_REMOVE(head, elm, field) do { \ + if ((elm)->field.cqe_next == BSD_CIRCLEQ_END(head)) \ + (head)->cqh_last = (elm)->field.cqe_prev; \ + else \ + (elm)->field.cqe_next->field.cqe_prev = \ + (elm)->field.cqe_prev; \ + if ((elm)->field.cqe_prev == BSD_CIRCLEQ_END(head)) \ + (head)->cqh_first = (elm)->field.cqe_next; \ + else \ + (elm)->field.cqe_prev->field.cqe_next = \ + (elm)->field.cqe_next; \ + _Q_INVALIDATE((elm)->field.cqe_prev); \ + _Q_INVALIDATE((elm)->field.cqe_next); \ +} while (0) + +#define BSD_CIRCLEQ_REPLACE(head, elm, elm2, field) do { \ + if (((elm2)->field.cqe_next = (elm)->field.cqe_next) == \ + BSD_CIRCLEQ_END(head)) \ + (head).cqh_last = (elm2); \ + else \ + (elm2)->field.cqe_next->field.cqe_prev = (elm2); \ + if (((elm2)->field.cqe_prev = (elm)->field.cqe_prev) == \ + BSD_CIRCLEQ_END(head)) \ + (head).cqh_first = (elm2); \ + else \ + (elm2)->field.cqe_prev->field.cqe_next = (elm2); \ + _Q_INVALIDATE((elm)->field.cqe_prev); \ + _Q_INVALIDATE((elm)->field.cqe_next); \ +} while (0) + +#endif /* !_BSD_SYS_QUEUE_H_ */ diff --git a/package/ubsec_ssb/src/cryptodev.h b/package/ubsec_ssb/src/cryptodev.h new file mode 100644 index 0000000000..4ab5d7eb79 --- /dev/null +++ b/package/ubsec_ssb/src/cryptodev.h @@ -0,0 +1,478 @@ +/* $FreeBSD: src/sys/opencrypto/cryptodev.h,v 1.25 2007/05/09 19:37:02 gnn Exp $ */ +/* $OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $ */ + +/*- + * Linux port done by David McCullough <david_mccullough@securecomputing.com> + * Copyright (C) 2006-2007 David McCullough + * Copyright (C) 2004-2005 Intel Corporation. + * The license and original author are listed below. + * + * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) + * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting + * + * This code was written by Angelos D. Keromytis in Athens, Greece, in + * February 2000. Network Security Technologies Inc. (NSTI) kindly + * supported the development of this code. + * + * Copyright (c) 2000 Angelos D. Keromytis + * + * Permission to use, copy, and modify this software with or without fee + * is hereby granted, provided that this entire notice is included in + * all source code copies of any software which is or includes a copy or + * modification of this software. + * + * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY + * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE + * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR + * PURPOSE. + * + * Copyright (c) 2001 Theo de Raadt + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * + */ + +#ifndef _CRYPTO_CRYPTO_H_ +#define _CRYPTO_CRYPTO_H_ + +/* Some initial values */ +#define CRYPTO_DRIVERS_INITIAL 4 +#define CRYPTO_SW_SESSIONS 32 + +/* Hash values */ +#define NULL_HASH_LEN 0 +#define MD5_HASH_LEN 16 +#define SHA1_HASH_LEN 20 +#define RIPEMD160_HASH_LEN 20 +#define SHA2_256_HASH_LEN 32 +#define SHA2_384_HASH_LEN 48 +#define SHA2_512_HASH_LEN 64 +#define MD5_KPDK_HASH_LEN 16 +#define SHA1_KPDK_HASH_LEN 20 +/* Maximum hash algorithm result length */ +#define HASH_MAX_LEN SHA2_512_HASH_LEN /* Keep this updated */ + +/* HMAC values */ +#define NULL_HMAC_BLOCK_LEN 1 +#define MD5_HMAC_BLOCK_LEN 64 +#define SHA1_HMAC_BLOCK_LEN 64 +#define RIPEMD160_HMAC_BLOCK_LEN 64 +#define SHA2_256_HMAC_BLOCK_LEN 64 +#define SHA2_384_HMAC_BLOCK_LEN 128 +#define SHA2_512_HMAC_BLOCK_LEN 128 +/* Maximum HMAC block length */ +#define HMAC_MAX_BLOCK_LEN SHA2_512_HMAC_BLOCK_LEN /* Keep this updated */ +#define HMAC_IPAD_VAL 0x36 +#define HMAC_OPAD_VAL 0x5C + +/* Encryption algorithm block sizes */ +#define NULL_BLOCK_LEN 1 +#define DES_BLOCK_LEN 8 +#define DES3_BLOCK_LEN 8 +#define BLOWFISH_BLOCK_LEN 8 +#define SKIPJACK_BLOCK_LEN 8 +#define CAST128_BLOCK_LEN 8 +#define RIJNDAEL128_BLOCK_LEN 16 +#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN +#define CAMELLIA_BLOCK_LEN 16 +#define ARC4_BLOCK_LEN 1 +#define EALG_MAX_BLOCK_LEN AES_BLOCK_LEN /* Keep this updated */ + +/* Encryption algorithm min and max key sizes */ +#define NULL_MIN_KEY_LEN 0 +#define NULL_MAX_KEY_LEN 0 +#define DES_MIN_KEY_LEN 8 +#define DES_MAX_KEY_LEN 8 +#define DES3_MIN_KEY_LEN 24 +#define DES3_MAX_KEY_LEN 24 +#define BLOWFISH_MIN_KEY_LEN 4 +#define BLOWFISH_MAX_KEY_LEN 56 +#define SKIPJACK_MIN_KEY_LEN 10 +#define SKIPJACK_MAX_KEY_LEN 10 +#define CAST128_MIN_KEY_LEN 5 +#define CAST128_MAX_KEY_LEN 16 +#define RIJNDAEL128_MIN_KEY_LEN 16 +#define RIJNDAEL128_MAX_KEY_LEN 32 +#define AES_MIN_KEY_LEN RIJNDAEL128_MIN_KEY_LEN +#define AES_MAX_KEY_LEN RIJNDAEL128_MAX_KEY_LEN +#define CAMELLIA_MIN_KEY_LEN 16 +#define CAMELLIA_MAX_KEY_LEN 32 +#define ARC4_MIN_KEY_LEN 1 +#define ARC4_MAX_KEY_LEN 256 + +/* Max size of data that can be processed */ +#define CRYPTO_MAX_DATA_LEN 64*1024 - 1 + +#define CRYPTO_ALGORITHM_MIN 1 +#define CRYPTO_DES_CBC 1 +#define CRYPTO_3DES_CBC 2 +#define CRYPTO_BLF_CBC 3 +#define CRYPTO_CAST_CBC 4 +#define CRYPTO_SKIPJACK_CBC 5 +#define CRYPTO_MD5_HMAC 6 +#define CRYPTO_SHA1_HMAC 7 +#define CRYPTO_RIPEMD160_HMAC 8 +#define CRYPTO_MD5_KPDK 9 +#define CRYPTO_SHA1_KPDK 10 +#define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */ +#define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */ +#define CRYPTO_ARC4 12 +#define CRYPTO_MD5 13 +#define CRYPTO_SHA1 14 +#define CRYPTO_NULL_HMAC 15 +#define CRYPTO_NULL_CBC 16 +#define CRYPTO_DEFLATE_COMP 17 /* Deflate compression algorithm */ +#define CRYPTO_SHA2_256_HMAC 18 +#define CRYPTO_SHA2_384_HMAC 19 +#define CRYPTO_SHA2_512_HMAC 20 +#define CRYPTO_CAMELLIA_CBC 21 +#define CRYPTO_SHA2_256 22 +#define CRYPTO_SHA2_384 23 +#define CRYPTO_SHA2_512 24 +#define CRYPTO_RIPEMD160 25 +#define CRYPTO_ALGORITHM_MAX 25 /* Keep updated - see below */ + +/* Algorithm flags */ +#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */ +#define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */ +#define CRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */ + +/* + * Crypto driver/device flags. They can set in the crid + * parameter when creating a session or submitting a key + * op to affect the device/driver assigned. If neither + * of these are specified then the crid is assumed to hold + * the driver id of an existing (and suitable) device that + * must be used to satisfy the request. + */ +#define CRYPTO_FLAG_HARDWARE 0x01000000 /* hardware accelerated */ +#define CRYPTO_FLAG_SOFTWARE 0x02000000 /* software implementation */ + +/* NB: deprecated */ +struct session_op { + u_int32_t cipher; /* ie. CRYPTO_DES_CBC */ + u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */ + + u_int32_t keylen; /* cipher key */ + caddr_t key; + int mackeylen; /* mac key */ + caddr_t mackey; + + u_int32_t ses; /* returns: session # */ +}; + +struct session2_op { + u_int32_t cipher; /* ie. CRYPTO_DES_CBC */ + u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */ + + u_int32_t keylen; /* cipher key */ + caddr_t key; + int mackeylen; /* mac key */ + caddr_t mackey; + + u_int32_t ses; /* returns: session # */ + int crid; /* driver id + flags (rw) */ + int pad[4]; /* for future expansion */ +}; + +struct crypt_op { + u_int32_t ses; + u_int16_t op; /* i.e. COP_ENCRYPT */ +#define COP_NONE 0 +#define COP_ENCRYPT 1 +#define COP_DECRYPT 2 + u_int16_t flags; +#define COP_F_BATCH 0x0008 /* Batch op if possible */ + u_int len; + caddr_t src, dst; /* become iov[] inside kernel */ + caddr_t mac; /* must be big enough for chosen MAC */ + caddr_t iv; +}; + +/* + * Parameters for looking up a crypto driver/device by + * device name or by id. The latter are returned for + * created sessions (crid) and completed key operations. + */ +struct crypt_find_op { + int crid; /* driver id + flags */ + char name[32]; /* device/driver name */ +}; + +/* bignum parameter, in packed bytes, ... */ +struct crparam { + caddr_t crp_p; + u_int crp_nbits; +}; + +#define CRK_MAXPARAM 8 + +struct crypt_kop { + u_int crk_op; /* ie. CRK_MOD_EXP or other */ + u_int crk_status; /* return status */ + u_short crk_iparams; /* # of input parameters */ + u_short crk_oparams; /* # of output parameters */ + u_int crk_crid; /* NB: only used by CIOCKEY2 (rw) */ + struct crparam crk_param[CRK_MAXPARAM]; +}; +#define CRK_ALGORITM_MIN 0 +#define CRK_MOD_EXP 0 +#define CRK_MOD_EXP_CRT 1 +#define CRK_DSA_SIGN 2 +#define CRK_DSA_VERIFY 3 +#define CRK_DH_COMPUTE_KEY 4 +#define CRK_ALGORITHM_MAX 4 /* Keep updated - see below */ + +#define CRF_MOD_EXP (1 << CRK_MOD_EXP) +#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) +#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) +#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) +#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) + +/* + * done against open of /dev/crypto, to get a cloned descriptor. + * Please use F_SETFD against the cloned descriptor. + */ +#define CRIOGET _IOWR('c', 100, u_int32_t) +#define CRIOASYMFEAT CIOCASYMFEAT +#define CRIOFINDDEV CIOCFINDDEV + +/* the following are done against the cloned descriptor */ +#define CIOCGSESSION _IOWR('c', 101, struct session_op) +#define CIOCFSESSION _IOW('c', 102, u_int32_t) +#define CIOCCRYPT _IOWR('c', 103, struct crypt_op) +#define CIOCKEY _IOWR('c', 104, struct crypt_kop) +#define CIOCASYMFEAT _IOR('c', 105, u_int32_t) +#define CIOCGSESSION2 _IOWR('c', 106, struct session2_op) +#define CIOCKEY2 _IOWR('c', 107, struct crypt_kop) +#define CIOCFINDDEV _IOWR('c', 108, struct crypt_find_op) + +struct cryptotstat { + struct timespec acc; /* total accumulated time */ + struct timespec min; /* min time */ + struct timespec max; /* max time */ + u_int32_t count; /* number of observations */ +}; + +struct cryptostats { + u_int32_t cs_ops; /* symmetric crypto ops submitted */ + u_int32_t cs_errs; /* symmetric crypto ops that failed */ + u_int32_t cs_kops; /* asymetric/key ops submitted */ + u_int32_t cs_kerrs; /* asymetric/key ops that failed */ + u_int32_t cs_intrs; /* crypto swi thread activations */ + u_int32_t cs_rets; /* crypto return thread activations */ + u_int32_t cs_blocks; /* symmetric op driver block */ + u_int32_t cs_kblocks; /* symmetric op driver block */ + /* + * When CRYPTO_TIMING is defined at compile time and the + * sysctl debug.crypto is set to 1, the crypto system will + * accumulate statistics about how long it takes to process + * crypto requests at various points during processing. + */ + struct cryptotstat cs_invoke; /* crypto_dipsatch -> crypto_invoke */ + struct cryptotstat cs_done; /* crypto_invoke -> crypto_done */ + struct cryptotstat cs_cb; /* crypto_done -> callback */ + struct cryptotstat cs_finis; /* callback -> callback return */ + + u_int32_t cs_drops; /* crypto ops dropped due to congestion */ +}; + +#ifdef __KERNEL__ + +/* Standard initialization structure beginning */ +struct cryptoini { + int cri_alg; /* Algorithm to use */ + int cri_klen; /* Key length, in bits */ + int cri_mlen; /* Number of bytes we want from the + entire hash. 0 means all. */ + caddr_t cri_key; /* key to use */ + u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */ + struct cryptoini *cri_next; +}; + +/* Describe boundaries of a single crypto operation */ +struct cryptodesc { + int crd_skip; /* How many bytes to ignore from start */ + int crd_len; /* How many bytes to process */ + int crd_inject; /* Where to inject results, if applicable */ + int crd_flags; + +#define CRD_F_ENCRYPT 0x01 /* Set when doing encryption */ +#define CRD_F_IV_PRESENT 0x02 /* When encrypting, IV is already in + place, so don't copy. */ +#define CRD_F_IV_EXPLICIT 0x04 /* IV explicitly provided */ +#define CRD_F_DSA_SHA_NEEDED 0x08 /* Compute SHA-1 of buffer for DSA */ +#define CRD_F_KEY_EXPLICIT 0x10 /* Key explicitly provided */ +#define CRD_F_COMP 0x0f /* Set when doing compression */ + + struct cryptoini CRD_INI; /* Initialization/context data */ +#define crd_iv CRD_INI.cri_iv +#define crd_key CRD_INI.cri_key +#define crd_alg CRD_INI.cri_alg +#define crd_klen CRD_INI.cri_klen + + struct cryptodesc *crd_next; +}; + +/* Structure describing complete operation */ +struct cryptop { + struct list_head crp_next; + wait_queue_head_t crp_waitq; + + u_int64_t crp_sid; /* Session ID */ + int crp_ilen; /* Input data total length */ + int crp_olen; /* Result total length */ + + int crp_etype; /* + * Error type (zero means no error). + * All error codes except EAGAIN + * indicate possible data corruption (as in, + * the data have been touched). On all + * errors, the crp_sid may have changed + * (reset to a new one), so the caller + * should always check and use the new + * value on future requests. + */ + int crp_flags; + +#define CRYPTO_F_SKBUF 0x0001 /* Input/output are skbuf chains */ +#define CRYPTO_F_IOV 0x0002 /* Input/output are uio */ +#define CRYPTO_F_REL 0x0004 /* Must return data in same place */ +#define CRYPTO_F_BATCH 0x0008 /* Batch op if possible */ +#define CRYPTO_F_CBIMM 0x0010 /* Do callback immediately */ +#define CRYPTO_F_DONE 0x0020 /* Operation completed */ +#define CRYPTO_F_CBIFSYNC 0x0040 /* Do CBIMM if op is synchronous */ + + caddr_t crp_buf; /* Data to be processed */ + caddr_t crp_opaque; /* Opaque pointer, passed along */ + struct cryptodesc *crp_desc; /* Linked list of processing descriptors */ + + int (*crp_callback)(struct cryptop *); /* Callback function */ +}; + +#define CRYPTO_BUF_CONTIG 0x0 +#define CRYPTO_BUF_IOV 0x1 +#define CRYPTO_BUF_SKBUF 0x2 + +#define CRYPTO_OP_DECRYPT 0x0 +#define CRYPTO_OP_ENCRYPT 0x1 + +/* + * Hints passed to process methods. + */ +#define CRYPTO_HINT_MORE 0x1 /* more ops coming shortly */ + +struct cryptkop { + struct list_head krp_next; + wait_queue_head_t krp_waitq; + + int krp_flags; +#define CRYPTO_KF_DONE 0x0001 /* Operation completed */ +#define CRYPTO_KF_CBIMM 0x0002 /* Do callback immediately */ + + u_int krp_op; /* ie. CRK_MOD_EXP or other */ + u_int krp_status; /* return status */ + u_short krp_iparams; /* # of input parameters */ + u_short krp_oparams; /* # of output parameters */ + u_int krp_crid; /* desired device, etc. */ + u_int32_t krp_hid; + struct crparam krp_param[CRK_MAXPARAM]; /* kvm */ + int (*krp_callback)(struct cryptkop *); +}; + +#include "ocf-compat.h" + +/* + * Session ids are 64 bits. The lower 32 bits contain a "local id" which + * is a driver-private session identifier. The upper 32 bits contain a + * "hardware id" used by the core crypto code to identify the driver and + * a copy of the driver's capabilities that can be used by client code to + * optimize operation. + */ +#define CRYPTO_SESID2HID(_sid) (((_sid) >> 32) & 0x00ffffff) +#define CRYPTO_SESID2CAPS(_sid) (((_sid) >> 32) & 0xff000000) +#define CRYPTO_SESID2LID(_sid) (((u_int32_t) (_sid)) & 0xffffffff) + +extern int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard); +extern int crypto_freesession(u_int64_t sid); +#define CRYPTOCAP_F_HARDWARE CRYPTO_FLAG_HARDWARE +#define CRYPTOCAP_F_SOFTWARE CRYPTO_FLAG_SOFTWARE +#define CRYPTOCAP_F_SYNC 0x04000000 /* operates synchronously */ +extern int32_t crypto_get_driverid(device_t dev, int flags); +extern int crypto_find_driver(const char *); +extern device_t crypto_find_device_byhid(int hid); +extern int crypto_getcaps(int hid); +extern int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen, + u_int32_t flags); +extern int crypto_kregister(u_int32_t, int, u_int32_t); +extern int crypto_unregister(u_int32_t driverid, int alg); +extern int crypto_unregister_all(u_int32_t driverid); +extern int crypto_dispatch(struct cryptop *crp); +extern int crypto_kdispatch(struct cryptkop *); +#define CRYPTO_SYMQ 0x1 +#define CRYPTO_ASYMQ 0x2 +extern int crypto_unblock(u_int32_t, int); +extern void crypto_done(struct cryptop *crp); +extern void crypto_kdone(struct cryptkop *); +extern int crypto_getfeat(int *); + +extern void crypto_freereq(struct cryptop *crp); +extern struct cryptop *crypto_getreq(int num); + +extern int crypto_usercrypto; /* userland may do crypto requests */ +extern int crypto_userasymcrypto; /* userland may do asym crypto reqs */ +extern int crypto_devallowsoft; /* only use hardware crypto */ + +/* + * random number support, crypto_unregister_all will unregister + */ +extern int crypto_rregister(u_int32_t driverid, + int (*read_random)(void *arg, u_int32_t *buf, int len), void *arg); +extern int crypto_runregister_all(u_int32_t driverid); + +/* + * Crypto-related utility routines used mainly by drivers. + * + * XXX these don't really belong here; but for now they're + * kept apart from the rest of the system. + */ +struct uio; +extern void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp); +extern void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp); +extern struct iovec *cuio_getptr(struct uio *uio, int loc, int *off); + +extern void crypto_copyback(int flags, caddr_t buf, int off, int size, + caddr_t in); +extern void crypto_copydata(int flags, caddr_t buf, int off, int size, + caddr_t out); +extern int crypto_apply(int flags, caddr_t buf, int off, int len, + int (*f)(void *, void *, u_int), void *arg); + +#endif /* __KERNEL__ */ +#endif /* _CRYPTO_CRYPTO_H_ */ diff --git a/package/ubsec_ssb/src/hmachack.h b/package/ubsec_ssb/src/hmachack.h new file mode 100644 index 0000000000..f567958aba --- /dev/null +++ b/package/ubsec_ssb/src/hmachack.h @@ -0,0 +1,38 @@ +/* + * until we find a cleaner way, include the BSD md5/sha1 code + * here + */ +#define HMAC_HACK 1 +#ifdef HMAC_HACK +#define LITTLE_ENDIAN 1234 +#define BIG_ENDIAN 4321 +#ifdef __LITTLE_ENDIAN +#define BYTE_ORDER LITTLE_ENDIAN +#endif +#ifdef __BIG_ENDIAN +#define BYTE_ORDER BIG_ENDIAN +#endif + +u_int8_t hmac_ipad_buffer[64] = { + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 +}; + +u_int8_t hmac_opad_buffer[64] = { + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C +}; +#endif /* HMAC_HACK */ + diff --git a/package/ubsec_ssb/src/md5.c b/package/ubsec_ssb/src/md5.c new file mode 100644 index 0000000000..077c42e787 --- /dev/null +++ b/package/ubsec_ssb/src/md5.c @@ -0,0 +1,308 @@ +/* $KAME: md5.c,v 1.5 2000/11/08 06:13:08 itojun Exp $ */ +/* + * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#if 0 +#include <sys/cdefs.h> +__FBSDID("$FreeBSD: src/sys/crypto/md5.c,v 1.9 2004/01/27 19:49:19 des Exp $"); + +#include <sys/types.h> +#include <sys/cdefs.h> +#include <sys/time.h> +#include <sys/systm.h> +#include <crypto/md5.h> +#endif + +#define SHIFT(X, s) (((X) << (s)) | ((X) >> (32 - (s)))) + +#define F(X, Y, Z) (((X) & (Y)) | ((~X) & (Z))) +#define G(X, Y, Z) (((X) & (Z)) | ((Y) & (~Z))) +#define H(X, Y, Z) ((X) ^ (Y) ^ (Z)) +#define I(X, Y, Z) ((Y) ^ ((X) | (~Z))) + +#define ROUND1(a, b, c, d, k, s, i) { \ + (a) = (a) + F((b), (c), (d)) + X[(k)] + T[(i)]; \ + (a) = SHIFT((a), (s)); \ + (a) = (b) + (a); \ +} + +#define ROUND2(a, b, c, d, k, s, i) { \ + (a) = (a) + G((b), (c), (d)) + X[(k)] + T[(i)]; \ + (a) = SHIFT((a), (s)); \ + (a) = (b) + (a); \ +} + +#define ROUND3(a, b, c, d, k, s, i) { \ + (a) = (a) + H((b), (c), (d)) + X[(k)] + T[(i)]; \ + (a) = SHIFT((a), (s)); \ + (a) = (b) + (a); \ +} + +#define ROUND4(a, b, c, d, k, s, i) { \ + (a) = (a) + I((b), (c), (d)) + X[(k)] + T[(i)]; \ + (a) = SHIFT((a), (s)); \ + (a) = (b) + (a); \ +} + +#define Sa 7 +#define Sb 12 +#define Sc 17 +#define Sd 22 + +#define Se 5 +#define Sf 9 +#define Sg 14 +#define Sh 20 + +#define Si 4 +#define Sj 11 +#define Sk 16 +#define Sl 23 + +#define Sm 6 +#define Sn 10 +#define So 15 +#define Sp 21 + +#define MD5_A0 0x67452301 +#define MD5_B0 0xefcdab89 +#define MD5_C0 0x98badcfe +#define MD5_D0 0x10325476 + +/* Integer part of 4294967296 times abs(sin(i)), where i is in radians. */ +static const u_int32_t T[65] = { + 0, + 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, + 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501, + 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be, + 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821, + + 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa, + 0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8, + 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed, + 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a, + + 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c, + 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70, + 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05, + 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665, + + 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039, + 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1, + 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1, + 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391, +}; + +static const u_int8_t md5_paddat[MD5_BUFLEN] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, +}; + +static void md5_calc(u_int8_t *, md5_ctxt *); + +void md5_init(ctxt) + md5_ctxt *ctxt; +{ + ctxt->md5_n = 0; + ctxt->md5_i = 0; + ctxt->md5_sta = MD5_A0; + ctxt->md5_stb = MD5_B0; + ctxt->md5_stc = MD5_C0; + ctxt->md5_std = MD5_D0; + bzero(ctxt->md5_buf, sizeof(ctxt->md5_buf)); +} + +void md5_loop(ctxt, input, len) + md5_ctxt *ctxt; + u_int8_t *input; + u_int len; /* number of bytes */ +{ + u_int gap, i; + + ctxt->md5_n += len * 8; /* byte to bit */ + gap = MD5_BUFLEN - ctxt->md5_i; + + if (len >= gap) { + bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i), + gap); + md5_calc(ctxt->md5_buf, ctxt); + + for (i = gap; i + MD5_BUFLEN <= len; i += MD5_BUFLEN) { + md5_calc((u_int8_t *)(input + i), ctxt); + } + + ctxt->md5_i = len - i; + bcopy((void *)(input + i), (void *)ctxt->md5_buf, ctxt->md5_i); + } else { + bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i), + len); + ctxt->md5_i += len; + } +} + +void md5_pad(ctxt) + md5_ctxt *ctxt; +{ + u_int gap; + + /* Don't count up padding. Keep md5_n. */ + gap = MD5_BUFLEN - ctxt->md5_i; + if (gap > 8) { + bcopy(md5_paddat, + (void *)(ctxt->md5_buf + ctxt->md5_i), + gap - sizeof(ctxt->md5_n)); + } else { + /* including gap == 8 */ + bcopy(md5_paddat, (void *)(ctxt->md5_buf + ctxt->md5_i), + gap); + md5_calc(ctxt->md5_buf, ctxt); + bcopy((md5_paddat + gap), + (void *)ctxt->md5_buf, + MD5_BUFLEN - sizeof(ctxt->md5_n)); + } + + /* 8 byte word */ +#if BYTE_ORDER == LITTLE_ENDIAN + bcopy(&ctxt->md5_n8[0], &ctxt->md5_buf[56], 8); +#endif +#if BYTE_ORDER == BIG_ENDIAN + ctxt->md5_buf[56] = ctxt->md5_n8[7]; + ctxt->md5_buf[57] = ctxt->md5_n8[6]; + ctxt->md5_buf[58] = ctxt->md5_n8[5]; + ctxt->md5_buf[59] = ctxt->md5_n8[4]; + ctxt->md5_buf[60] = ctxt->md5_n8[3]; + ctxt->md5_buf[61] = ctxt->md5_n8[2]; + ctxt->md5_buf[62] = ctxt->md5_n8[1]; + ctxt->md5_buf[63] = ctxt->md5_n8[0]; +#endif + + md5_calc(ctxt->md5_buf, ctxt); +} + +void md5_result(digest, ctxt) + u_int8_t *digest; + md5_ctxt *ctxt; +{ + /* 4 byte words */ +#if BYTE_ORDER == LITTLE_ENDIAN + bcopy(&ctxt->md5_st8[0], digest, 16); +#endif +#if BYTE_ORDER == BIG_ENDIAN + digest[ 0] = ctxt->md5_st8[ 3]; digest[ 1] = ctxt->md5_st8[ 2]; + digest[ 2] = ctxt->md5_st8[ 1]; digest[ 3] = ctxt->md5_st8[ 0]; + digest[ 4] = ctxt->md5_st8[ 7]; digest[ 5] = ctxt->md5_st8[ 6]; + digest[ 6] = ctxt->md5_st8[ 5]; digest[ 7] = ctxt->md5_st8[ 4]; + digest[ 8] = ctxt->md5_st8[11]; digest[ 9] = ctxt->md5_st8[10]; + digest[10] = ctxt->md5_st8[ 9]; digest[11] = ctxt->md5_st8[ 8]; + digest[12] = ctxt->md5_st8[15]; digest[13] = ctxt->md5_st8[14]; + digest[14] = ctxt->md5_st8[13]; digest[15] = ctxt->md5_st8[12]; +#endif +} + +static void md5_calc(b64, ctxt) + u_int8_t *b64; + md5_ctxt *ctxt; +{ + u_int32_t A = ctxt->md5_sta; + u_int32_t B = ctxt->md5_stb; + u_int32_t C = ctxt->md5_stc; + u_int32_t D = ctxt->md5_std; +#if BYTE_ORDER == LITTLE_ENDIAN + u_int32_t *X = (u_int32_t *)b64; +#endif +#if BYTE_ORDER == BIG_ENDIAN + /* 4 byte words */ + /* what a brute force but fast! */ + u_int32_t X[16]; + u_int8_t *y = (u_int8_t *)X; + y[ 0] = b64[ 3]; y[ 1] = b64[ 2]; y[ 2] = b64[ 1]; y[ 3] = b64[ 0]; + y[ 4] = b64[ 7]; y[ 5] = b64[ 6]; y[ 6] = b64[ 5]; y[ 7] = b64[ 4]; + y[ 8] = b64[11]; y[ 9] = b64[10]; y[10] = b64[ 9]; y[11] = b64[ 8]; + y[12] = b64[15]; y[13] = b64[14]; y[14] = b64[13]; y[15] = b64[12]; + y[16] = b64[19]; y[17] = b64[18]; y[18] = b64[17]; y[19] = b64[16]; + y[20] = b64[23]; y[21] = b64[22]; y[22] = b64[21]; y[23] = b64[20]; + y[24] = b64[27]; y[25] = b64[26]; y[26] = b64[25]; y[27] = b64[24]; + y[28] = b64[31]; y[29] = b64[30]; y[30] = b64[29]; y[31] = b64[28]; + y[32] = b64[35]; y[33] = b64[34]; y[34] = b64[33]; y[35] = b64[32]; + y[36] = b64[39]; y[37] = b64[38]; y[38] = b64[37]; y[39] = b64[36]; + y[40] = b64[43]; y[41] = b64[42]; y[42] = b64[41]; y[43] = b64[40]; + y[44] = b64[47]; y[45] = b64[46]; y[46] = b64[45]; y[47] = b64[44]; + y[48] = b64[51]; y[49] = b64[50]; y[50] = b64[49]; y[51] = b64[48]; + y[52] = b64[55]; y[53] = b64[54]; y[54] = b64[53]; y[55] = b64[52]; + y[56] = b64[59]; y[57] = b64[58]; y[58] = b64[57]; y[59] = b64[56]; + y[60] = b64[63]; y[61] = b64[62]; y[62] = b64[61]; y[63] = b64[60]; +#endif + + ROUND1(A, B, C, D, 0, Sa, 1); ROUND1(D, A, B, C, 1, Sb, 2); + ROUND1(C, D, A, B, 2, Sc, 3); ROUND1(B, C, D, A, 3, Sd, 4); + ROUND1(A, B, C, D, 4, Sa, 5); ROUND1(D, A, B, C, 5, Sb, 6); + ROUND1(C, D, A, B, 6, Sc, 7); ROUND1(B, C, D, A, 7, Sd, 8); + ROUND1(A, B, C, D, 8, Sa, 9); ROUND1(D, A, B, C, 9, Sb, 10); + ROUND1(C, D, A, B, 10, Sc, 11); ROUND1(B, C, D, A, 11, Sd, 12); + ROUND1(A, B, C, D, 12, Sa, 13); ROUND1(D, A, B, C, 13, Sb, 14); + ROUND1(C, D, A, B, 14, Sc, 15); ROUND1(B, C, D, A, 15, Sd, 16); + + ROUND2(A, B, C, D, 1, Se, 17); ROUND2(D, A, B, C, 6, Sf, 18); + ROUND2(C, D, A, B, 11, Sg, 19); ROUND2(B, C, D, A, 0, Sh, 20); + ROUND2(A, B, C, D, 5, Se, 21); ROUND2(D, A, B, C, 10, Sf, 22); + ROUND2(C, D, A, B, 15, Sg, 23); ROUND2(B, C, D, A, 4, Sh, 24); + ROUND2(A, B, C, D, 9, Se, 25); ROUND2(D, A, B, C, 14, Sf, 26); + ROUND2(C, D, A, B, 3, Sg, 27); ROUND2(B, C, D, A, 8, Sh, 28); + ROUND2(A, B, C, D, 13, Se, 29); ROUND2(D, A, B, C, 2, Sf, 30); + ROUND2(C, D, A, B, 7, Sg, 31); ROUND2(B, C, D, A, 12, Sh, 32); + + ROUND3(A, B, C, D, 5, Si, 33); ROUND3(D, A, B, C, 8, Sj, 34); + ROUND3(C, D, A, B, 11, Sk, 35); ROUND3(B, C, D, A, 14, Sl, 36); + ROUND3(A, B, C, D, 1, Si, 37); ROUND3(D, A, B, C, 4, Sj, 38); + ROUND3(C, D, A, B, 7, Sk, 39); ROUND3(B, C, D, A, 10, Sl, 40); + ROUND3(A, B, C, D, 13, Si, 41); ROUND3(D, A, B, C, 0, Sj, 42); + ROUND3(C, D, A, B, 3, Sk, 43); ROUND3(B, C, D, A, 6, Sl, 44); + ROUND3(A, B, C, D, 9, Si, 45); ROUND3(D, A, B, C, 12, Sj, 46); + ROUND3(C, D, A, B, 15, Sk, 47); ROUND3(B, C, D, A, 2, Sl, 48); + + ROUND4(A, B, C, D, 0, Sm, 49); ROUND4(D, A, B, C, 7, Sn, 50); + ROUND4(C, D, A, B, 14, So, 51); ROUND4(B, C, D, A, 5, Sp, 52); + ROUND4(A, B, C, D, 12, Sm, 53); ROUND4(D, A, B, C, 3, Sn, 54); + ROUND4(C, D, A, B, 10, So, 55); ROUND4(B, C, D, A, 1, Sp, 56); + ROUND4(A, B, C, D, 8, Sm, 57); ROUND4(D, A, B, C, 15, Sn, 58); + ROUND4(C, D, A, B, 6, So, 59); ROUND4(B, C, D, A, 13, Sp, 60); + ROUND4(A, B, C, D, 4, Sm, 61); ROUND4(D, A, B, C, 11, Sn, 62); + ROUND4(C, D, A, B, 2, So, 63); ROUND4(B, C, D, A, 9, Sp, 64); + + ctxt->md5_sta += A; + ctxt->md5_stb += B; + ctxt->md5_stc += C; + ctxt->md5_std += D; +} diff --git a/package/ubsec_ssb/src/md5.h b/package/ubsec_ssb/src/md5.h new file mode 100644 index 0000000000..690f5bfc11 --- /dev/null +++ b/package/ubsec_ssb/src/md5.h @@ -0,0 +1,76 @@ +/* $FreeBSD: src/sys/crypto/md5.h,v 1.4 2002/03/20 05:13:50 alfred Exp $ */ +/* $KAME: md5.h,v 1.4 2000/03/27 04:36:22 sumikawa Exp $ */ + +/* + * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef _NETINET6_MD5_H_ +#define _NETINET6_MD5_H_ + +#define MD5_BUFLEN 64 + +typedef struct { + union { + u_int32_t md5_state32[4]; + u_int8_t md5_state8[16]; + } md5_st; + +#define md5_sta md5_st.md5_state32[0] +#define md5_stb md5_st.md5_state32[1] +#define md5_stc md5_st.md5_state32[2] +#define md5_std md5_st.md5_state32[3] +#define md5_st8 md5_st.md5_state8 + + union { + u_int64_t md5_count64; + u_int8_t md5_count8[8]; + } md5_count; +#define md5_n md5_count.md5_count64 +#define md5_n8 md5_count.md5_count8 + + u_int md5_i; + u_int8_t md5_buf[MD5_BUFLEN]; +} md5_ctxt; + +extern void md5_init(md5_ctxt *); +extern void md5_loop(md5_ctxt *, u_int8_t *, u_int); +extern void md5_pad(md5_ctxt *); +extern void md5_result(u_int8_t *, md5_ctxt *); + +/* compatibility */ +#define MD5_CTX md5_ctxt +#define MD5Init(x) md5_init((x)) +#define MD5Update(x, y, z) md5_loop((x), (y), (z)) +#define MD5Final(x, y) \ +do { \ + md5_pad((y)); \ + md5_result((x), (y)); \ +} while (0) + +#endif /* ! _NETINET6_MD5_H_*/ diff --git a/package/ubsec_ssb/src/ocf-compat.h b/package/ubsec_ssb/src/ocf-compat.h new file mode 100644 index 0000000000..2974b6c878 --- /dev/null +++ b/package/ubsec_ssb/src/ocf-compat.h @@ -0,0 +1,268 @@ +#ifndef _BSD_COMPAT_H_ +#define _BSD_COMPAT_H_ 1 +/****************************************************************************/ +/* + * Provide compat routines for older linux kernels and BSD kernels + * + * Written by David McCullough <david_mccullough@securecomputing.com> + * Copyright (C) 2007 David McCullough <david_mccullough@securecomputing.com> + * + * LICENSE TERMS + * + * The free distribution and use of this software in both source and binary + * form is allowed (with or without changes) provided that: + * + * 1. distributions of this source code include the above copyright + * notice, this list of conditions and the following disclaimer; + * + * 2. distributions in binary form include the above copyright + * notice, this list of conditions and the following disclaimer + * in the documentation and/or other associated materials; + * + * 3. the copyright holder's name is not used to endorse products + * built using this software without specific written permission. + * + * ALTERNATIVELY, provided that this notice is retained in full, this file + * may be distributed under the terms of the GNU General Public License (GPL), + * in which case the provisions of the GPL apply INSTEAD OF those given above. + * + * DISCLAIMER + * + * This software is provided 'as is' with no explicit or implied warranties + * in respect of its properties, including, but not limited to, correctness + * and/or fitness for purpose. + */ +/****************************************************************************/ +#ifdef __KERNEL__ +/* + * fake some BSD driver interface stuff specifically for OCF use + */ + +typedef struct ocf_device *device_t; + +typedef struct { + int (*cryptodev_newsession)(device_t dev, u_int32_t *sidp, struct cryptoini *cri); + int (*cryptodev_freesession)(device_t dev, u_int64_t tid); + int (*cryptodev_process)(device_t dev, struct cryptop *crp, int hint); + int (*cryptodev_kprocess)(device_t dev, struct cryptkop *krp, int hint); +} device_method_t; +#define DEVMETHOD(id, func) id: func + +struct ocf_device { + char name[32]; /* the driver name */ + char nameunit[32]; /* the driver name + HW instance */ + int unit; + device_method_t methods; + void *softc; +}; + +#define CRYPTODEV_NEWSESSION(dev, sid, cri) \ + ((*(dev)->methods.cryptodev_newsession)(dev,sid,cri)) +#define CRYPTODEV_FREESESSION(dev, sid) \ + ((*(dev)->methods.cryptodev_freesession)(dev, sid)) +#define CRYPTODEV_PROCESS(dev, crp, hint) \ + ((*(dev)->methods.cryptodev_process)(dev, crp, hint)) +#define CRYPTODEV_KPROCESS(dev, krp, hint) \ + ((*(dev)->methods.cryptodev_kprocess)(dev, krp, hint)) + +#define device_get_name(dev) ((dev)->name) +#define device_get_nameunit(dev) ((dev)->nameunit) +#define device_get_unit(dev) ((dev)->unit) +#define device_get_softc(dev) ((dev)->softc) + +#define softc_device_decl \ + struct ocf_device _device; \ + device_t + +#define softc_device_init(_sc, _name, _unit, _methods) \ + if (1) {\ + strncpy((_sc)->_device.name, _name, sizeof((_sc)->_device.name) - 1); \ + snprintf((_sc)->_device.nameunit, sizeof((_sc)->_device.name), "%s%d", _name, _unit); \ + (_sc)->_device.unit = _unit; \ + (_sc)->_device.methods = _methods; \ + (_sc)->_device.softc = (void *) _sc; \ + *(device_t *)((softc_get_device(_sc))+1) = &(_sc)->_device; \ + } else + +#define softc_get_device(_sc) (&(_sc)->_device) + +/* + * iomem support for 2.4 and 2.6 kernels + */ +#include <linux/version.h> +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) +#define ocf_iomem_t unsigned long + +/* + * implement simple workqueue like support for older kernels + */ + +#include <linux/tqueue.h> + +#define work_struct tq_struct + +#define INIT_WORK(wp, fp, ap) \ + do { \ + (wp)->sync = 0; \ + (wp)->routine = (fp); \ + (wp)->data = (ap); \ + } while (0) + +#define schedule_work(wp) \ + do { \ + queue_task((wp), &tq_immediate); \ + mark_bh(IMMEDIATE_BH); \ + } while (0) + +#define flush_scheduled_work() run_task_queue(&tq_immediate) + +#else +#define ocf_iomem_t void __iomem * + +#include <linux/workqueue.h> + +#endif + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,11) +#define files_fdtable(files) (files) +#endif + +#ifdef MODULE_PARM +#undef module_param /* just in case */ +#define module_param(a,b,c) MODULE_PARM(a,"i") +#endif + +#define bzero(s,l) memset(s,0,l) +#define bcopy(s,d,l) memcpy(d,s,l) +#define bcmp(x, y, l) memcmp(x,y,l) + +#define MIN(x,y) ((x) < (y) ? (x) : (y)) + +#define device_printf(dev, a...) ({ \ + printk("%s: ", device_get_nameunit(dev)); printk(a); \ + }) + +#undef printf +#define printf(fmt...) printk(fmt) + +#define KASSERT(c,p) if (!(c)) { printk p ; } else + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) +#define ocf_daemonize(str) \ + daemonize(); \ + spin_lock_irq(¤t->sigmask_lock); \ + sigemptyset(¤t->blocked); \ + recalc_sigpending(current); \ + spin_unlock_irq(¤t->sigmask_lock); \ + sprintf(current->comm, str); +#else +#define ocf_daemonize(str) daemonize(str); +#endif + +#define TAILQ_INSERT_TAIL(q,d,m) list_add_tail(&(d)->m, (q)) +#define TAILQ_EMPTY(q) list_empty(q) +#define TAILQ_FOREACH(v, q, m) list_for_each_entry(v, q, m) + +#define read_random(p,l) get_random_bytes(p,l) + +#define DELAY(x) ((x) > 2000 ? mdelay((x)/1000) : udelay(x)) +#define strtoul simple_strtoul + +#define pci_get_vendor(dev) ((dev)->vendor) +#define pci_get_device(dev) ((dev)->device) + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) +#define pci_set_consistent_dma_mask(dev, mask) (0) +#endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,10) +#define pci_dma_sync_single_for_cpu pci_dma_sync_single +#endif + +#ifndef DMA_32BIT_MASK +#define DMA_32BIT_MASK 0x00000000ffffffffULL +#endif + +#define htole32(x) cpu_to_le32(x) +#define htobe32(x) cpu_to_be32(x) +#define htole16(x) cpu_to_le16(x) +#define htobe16(x) cpu_to_be16(x) + +/* older kernels don't have these */ + +#ifndef IRQ_NONE +#define IRQ_NONE +#define IRQ_HANDLED +#define irqreturn_t void +#endif +#ifndef IRQF_SHARED +#define IRQF_SHARED SA_SHIRQ +#endif + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0) +# define strlcpy(dest,src,len) \ + ({strncpy(dest,src,(len)-1); ((char *)dest)[(len)-1] = '\0'; }) +#endif + +#ifndef MAX_ERRNO +#define MAX_ERRNO 4095 +#endif +#ifndef IS_ERR_VALUE +#define IS_ERR_VALUE(x) ((unsigned long)(x) >= (unsigned long)-MAX_ERRNO) +#endif + +/* + * common debug for all + */ +#if 1 +#define dprintk(a...) do { if (debug) printk(a); } while(0) +#else +#define dprintk(a...) +#endif + +#ifndef SLAB_ATOMIC +/* Changed in 2.6.20, must use GFP_ATOMIC now */ +#define SLAB_ATOMIC GFP_ATOMIC +#endif + +/* + * need some additional support for older kernels */ +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,2) +#define pci_register_driver_compat(driver, rc) \ + do { \ + if ((rc) > 0) { \ + (rc) = 0; \ + } else if (rc == 0) { \ + (rc) = -ENODEV; \ + } else { \ + pci_unregister_driver(driver); \ + } \ + } while (0) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,10) +#define pci_register_driver_compat(driver,rc) ((rc) = (rc) < 0 ? (rc) : 0) +#else +#define pci_register_driver_compat(driver,rc) +#endif + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24) + +#include <asm/scatterlist.h> + +static inline void sg_set_page(struct scatterlist *sg, struct page *page, + unsigned int len, unsigned int offset) +{ + sg->page = page; + sg->offset = offset; + sg->length = len; +} + +static inline void *sg_virt(struct scatterlist *sg) +{ + return page_address(sg->page) + sg->offset; +} + +#endif + +#endif /* __KERNEL__ */ + +/****************************************************************************/ +#endif /* _BSD_COMPAT_H_ */ diff --git a/package/ubsec_ssb/src/openbsd/ubsec.c b/package/ubsec_ssb/src/openbsd/ubsec.c new file mode 100644 index 0000000000..f0716d8dd3 --- /dev/null +++ b/package/ubsec_ssb/src/openbsd/ubsec.c @@ -0,0 +1,2511 @@ +/* $OpenBSD: ubsec.c,v 1.140 2007/10/01 15:34:48 krw Exp $ */ + +/* + * Copyright (c) 2000 Jason L. Wright (jason@thought.net) + * Copyright (c) 2000 Theo de Raadt (deraadt@openbsd.org) + * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com) + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * + */ + +#undef UBSEC_DEBUG + +/* + * uBsec 5[56]01, 58xx hardware crypto accelerator + */ + +#include <sys/param.h> +#include <sys/systm.h> +#include <sys/proc.h> +#include <sys/errno.h> +#include <sys/malloc.h> +#include <sys/kernel.h> +#include <sys/mbuf.h> +#include <sys/device.h> +#include <sys/queue.h> + +#include <crypto/cryptodev.h> +#include <crypto/cryptosoft.h> +#include <dev/rndvar.h> +#include <crypto/md5.h> +#include <crypto/sha1.h> + +#include <dev/pci/pcireg.h> +#include <dev/pci/pcivar.h> +#include <dev/pci/pcidevs.h> + +#include <dev/pci/ubsecreg.h> +#include <dev/pci/ubsecvar.h> + +/* + * Prototypes and count for the pci_device structure + */ +int ubsec_probe(struct device *, void *, void *); +void ubsec_attach(struct device *, struct device *, void *); +void ubsec_reset_board(struct ubsec_softc *); +void ubsec_init_board(struct ubsec_softc *); +void ubsec_init_pciregs(struct pci_attach_args *pa); +void ubsec_cleanchip(struct ubsec_softc *); +void ubsec_totalreset(struct ubsec_softc *); +int ubsec_free_q(struct ubsec_softc*, struct ubsec_q *); + +struct cfattach ubsec_ca = { + sizeof(struct ubsec_softc), ubsec_probe, ubsec_attach, +}; + +struct cfdriver ubsec_cd = { + 0, "ubsec", DV_DULL +}; + +int ubsec_intr(void *); +int ubsec_newsession(u_int32_t *, struct cryptoini *); +int ubsec_freesession(u_int64_t); +int ubsec_process(struct cryptop *); +void ubsec_callback(struct ubsec_softc *, struct ubsec_q *); +void ubsec_feed(struct ubsec_softc *); +void ubsec_mcopy(struct mbuf *, struct mbuf *, int, int); +void ubsec_callback2(struct ubsec_softc *, struct ubsec_q2 *); +void ubsec_feed2(struct ubsec_softc *); +void ubsec_rng(void *); +int ubsec_dma_malloc(struct ubsec_softc *, bus_size_t, + struct ubsec_dma_alloc *, int); +void ubsec_dma_free(struct ubsec_softc *, struct ubsec_dma_alloc *); +int ubsec_dmamap_aligned(bus_dmamap_t); + +int ubsec_kprocess(struct cryptkop *); +struct ubsec_softc *ubsec_kfind(struct cryptkop *); +int ubsec_kprocess_modexp_sw(struct ubsec_softc *, struct cryptkop *); +int ubsec_kprocess_modexp_hw(struct ubsec_softc *, struct cryptkop *); +int ubsec_kprocess_rsapriv(struct ubsec_softc *, struct cryptkop *); +void ubsec_kfree(struct ubsec_softc *, struct ubsec_q2 *); +int ubsec_ksigbits(struct crparam *); +void ubsec_kshift_r(u_int, u_int8_t *, u_int, u_int8_t *, u_int); +void ubsec_kshift_l(u_int, u_int8_t *, u_int, u_int8_t *, u_int); + +/* DEBUG crap... */ +void ubsec_dump_pb(struct ubsec_pktbuf *); +void ubsec_dump_mcr(struct ubsec_mcr *); +void ubsec_dump_ctx2(struct ubsec_ctx_keyop *); + +#define READ_REG(sc,r) \ + bus_space_read_4((sc)->sc_st, (sc)->sc_sh, (r)) + +#define WRITE_REG(sc,reg,val) \ + bus_space_write_4((sc)->sc_st, (sc)->sc_sh, reg, val) + +#define SWAP32(x) (x) = htole32(ntohl((x))) +#define HTOLE32(x) (x) = htole32(x) + + +struct ubsec_stats ubsecstats; + +const struct pci_matchid ubsec_devices[] = { + { PCI_VENDOR_BLUESTEEL, PCI_PRODUCT_BLUESTEEL_5501 }, + { PCI_VENDOR_BLUESTEEL, PCI_PRODUCT_BLUESTEEL_5601 }, + { PCI_VENDOR_BROADCOM, PCI_PRODUCT_BROADCOM_5801 }, + { PCI_VENDOR_BROADCOM, PCI_PRODUCT_BROADCOM_5802 }, + { PCI_VENDOR_BROADCOM, PCI_PRODUCT_BROADCOM_5805 }, + { PCI_VENDOR_BROADCOM, PCI_PRODUCT_BROADCOM_5820 }, + { PCI_VENDOR_BROADCOM, PCI_PRODUCT_BROADCOM_5821 }, + { PCI_VENDOR_BROADCOM, PCI_PRODUCT_BROADCOM_5822 }, + { PCI_VENDOR_BROADCOM, PCI_PRODUCT_BROADCOM_5823 }, + { PCI_VENDOR_SUN, PCI_PRODUCT_SUN_SCA1K }, + { PCI_VENDOR_SUN, PCI_PRODUCT_SUN_5821 }, +}; + +int +ubsec_probe(struct device *parent, void *match, void *aux) +{ + return (pci_matchbyid((struct pci_attach_args *)aux, ubsec_devices, + sizeof(ubsec_devices)/sizeof(ubsec_devices[0]))); +} + +void +ubsec_attach(struct device *parent, struct device *self, void *aux) +{ + struct ubsec_softc *sc = (struct ubsec_softc *)self; + struct pci_attach_args *pa = aux; + pci_chipset_tag_t pc = pa->pa_pc; + pci_intr_handle_t ih; + const char *intrstr = NULL; + struct ubsec_dma *dmap; + bus_size_t iosize; + u_int32_t i; + int algs[CRYPTO_ALGORITHM_MAX + 1]; + int kalgs[CRK_ALGORITHM_MAX + 1]; + + SIMPLEQ_INIT(&sc->sc_queue); + SIMPLEQ_INIT(&sc->sc_qchip); + SIMPLEQ_INIT(&sc->sc_queue2); + SIMPLEQ_INIT(&sc->sc_qchip2); + SIMPLEQ_INIT(&sc->sc_q2free); + + sc->sc_statmask = BS_STAT_MCR1_DONE | BS_STAT_DMAERR; + + if (PCI_VENDOR(pa->pa_id) == PCI_VENDOR_BLUESTEEL && + PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_BLUESTEEL_5601) + sc->sc_flags |= UBS_FLAGS_KEY | UBS_FLAGS_RNG; + + if (PCI_VENDOR(pa->pa_id) == PCI_VENDOR_BROADCOM && + (PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_BROADCOM_5802 || + PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_BROADCOM_5805)) + sc->sc_flags |= UBS_FLAGS_KEY | UBS_FLAGS_RNG; + + if (PCI_VENDOR(pa->pa_id) == PCI_VENDOR_BROADCOM && + (PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_BROADCOM_5820 || + PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_BROADCOM_5822 || + PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_BROADCOM_5823)) + sc->sc_flags |= UBS_FLAGS_KEY | UBS_FLAGS_RNG | + UBS_FLAGS_LONGCTX | UBS_FLAGS_HWNORM | UBS_FLAGS_BIGKEY; + + if ((PCI_VENDOR(pa->pa_id) == PCI_VENDOR_BROADCOM && + PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_BROADCOM_5821) || + (PCI_VENDOR(pa->pa_id) == PCI_VENDOR_SUN && + (PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_SUN_SCA1K || + PCI_PRODUCT(pa->pa_id) == PCI_PRODUCT_SUN_5821))) { + sc->sc_statmask |= BS_STAT_MCR1_ALLEMPTY | + BS_STAT_MCR2_ALLEMPTY; + sc->sc_flags |= UBS_FLAGS_KEY | UBS_FLAGS_RNG | + UBS_FLAGS_LONGCTX | UBS_FLAGS_HWNORM | UBS_FLAGS_BIGKEY; + } + + if (pci_mapreg_map(pa, BS_BAR, PCI_MAPREG_TYPE_MEM, 0, + &sc->sc_st, &sc->sc_sh, NULL, &iosize, 0)) { + printf(": can't find mem space\n"); + return; + } + sc->sc_dmat = pa->pa_dmat; + + if (pci_intr_map(pa, &ih)) { + printf(": couldn't map interrupt\n"); + bus_space_unmap(sc->sc_st, sc->sc_sh, iosize); + return; + } + intrstr = pci_intr_string(pc, ih); + sc->sc_ih = pci_intr_establish(pc, ih, IPL_NET, ubsec_intr, sc, + self->dv_xname); + if (sc->sc_ih == NULL) { + printf(": couldn't establish interrupt"); + if (intrstr != NULL) + printf(" at %s", intrstr); + printf("\n"); + bus_space_unmap(sc->sc_st, sc->sc_sh, iosize); + return; + } + + sc->sc_cid = crypto_get_driverid(0); + if (sc->sc_cid < 0) { + pci_intr_disestablish(pc, sc->sc_ih); + bus_space_unmap(sc->sc_st, sc->sc_sh, iosize); + return; + } + + SIMPLEQ_INIT(&sc->sc_freequeue); + dmap = sc->sc_dmaa; + for (i = 0; i < UBS_MAX_NQUEUE; i++, dmap++) { + struct ubsec_q *q; + + q = (struct ubsec_q *)malloc(sizeof(struct ubsec_q), + M_DEVBUF, M_NOWAIT); + if (q == NULL) { + printf(": can't allocate queue buffers\n"); + break; + } + + if (ubsec_dma_malloc(sc, sizeof(struct ubsec_dmachunk), + &dmap->d_alloc, 0)) { + printf(": can't allocate dma buffers\n"); + free(q, M_DEVBUF); + break; + } + dmap->d_dma = (struct ubsec_dmachunk *)dmap->d_alloc.dma_vaddr; + + q->q_dma = dmap; + sc->sc_queuea[i] = q; + + SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next); + } + + bzero(algs, sizeof(algs)); + algs[CRYPTO_3DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; + algs[CRYPTO_DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; + algs[CRYPTO_MD5_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED; + algs[CRYPTO_SHA1_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED; + crypto_register(sc->sc_cid, algs, ubsec_newsession, + ubsec_freesession, ubsec_process); + + /* + * Reset Broadcom chip + */ + ubsec_reset_board(sc); + + /* + * Init Broadcom specific PCI settings + */ + ubsec_init_pciregs(pa); + + /* + * Init Broadcom chip + */ + ubsec_init_board(sc); + + printf(": 3DES MD5 SHA1"); + +#ifndef UBSEC_NO_RNG + if (sc->sc_flags & UBS_FLAGS_RNG) { + sc->sc_statmask |= BS_STAT_MCR2_DONE; + + if (ubsec_dma_malloc(sc, sizeof(struct ubsec_mcr), + &sc->sc_rng.rng_q.q_mcr, 0)) + goto skip_rng; + + if (ubsec_dma_malloc(sc, sizeof(struct ubsec_ctx_rngbypass), + &sc->sc_rng.rng_q.q_ctx, 0)) { + ubsec_dma_free(sc, &sc->sc_rng.rng_q.q_mcr); + goto skip_rng; + } + + if (ubsec_dma_malloc(sc, sizeof(u_int32_t) * + UBSEC_RNG_BUFSIZ, &sc->sc_rng.rng_buf, 0)) { + ubsec_dma_free(sc, &sc->sc_rng.rng_q.q_ctx); + ubsec_dma_free(sc, &sc->sc_rng.rng_q.q_mcr); + goto skip_rng; + } + + timeout_set(&sc->sc_rngto, ubsec_rng, sc); + if (hz >= 100) + sc->sc_rnghz = hz / 100; + else + sc->sc_rnghz = 1; + timeout_add(&sc->sc_rngto, sc->sc_rnghz); + printf(" RNG"); +skip_rng: + ; + } +#endif /* UBSEC_NO_RNG */ + + if (sc->sc_flags & UBS_FLAGS_KEY) { + sc->sc_statmask |= BS_STAT_MCR2_DONE; + + bzero(kalgs, sizeof(kalgs)); + kalgs[CRK_MOD_EXP] = CRYPTO_ALG_FLAG_SUPPORTED; +#if 0 + kalgs[CRK_MOD_EXP_CRT] = CRYPTO_ALG_FLAG_SUPPORTED; +#endif + + crypto_kregister(sc->sc_cid, kalgs, ubsec_kprocess); + printf(" PK"); + } + + printf(", %s\n", intrstr); +} + +/* + * UBSEC Interrupt routine + */ +int +ubsec_intr(void *arg) +{ + struct ubsec_softc *sc = arg; + volatile u_int32_t stat; + struct ubsec_q *q; + struct ubsec_dma *dmap; + int npkts = 0, i; + + stat = READ_REG(sc, BS_STAT); + + stat &= sc->sc_statmask; + if (stat == 0) + return (0); + + WRITE_REG(sc, BS_STAT, stat); /* IACK */ + + /* + * Check to see if we have any packets waiting for us + */ + if ((stat & BS_STAT_MCR1_DONE)) { + while (!SIMPLEQ_EMPTY(&sc->sc_qchip)) { + q = SIMPLEQ_FIRST(&sc->sc_qchip); + dmap = q->q_dma; + + if ((dmap->d_dma->d_mcr.mcr_flags & htole16(UBS_MCR_DONE)) == 0) + break; + + SIMPLEQ_REMOVE_HEAD(&sc->sc_qchip, q_next); + + npkts = q->q_nstacked_mcrs; + /* + * search for further sc_qchip ubsec_q's that share + * the same MCR, and complete them too, they must be + * at the top. + */ + for (i = 0; i < npkts; i++) { + if(q->q_stacked_mcr[i]) + ubsec_callback(sc, q->q_stacked_mcr[i]); + else + break; + } + ubsec_callback(sc, q); + } + + /* + * Don't send any more packet to chip if there has been + * a DMAERR. + */ + if (!(stat & BS_STAT_DMAERR)) + ubsec_feed(sc); + } + + /* + * Check to see if we have any key setups/rng's waiting for us + */ + if ((sc->sc_flags & (UBS_FLAGS_KEY|UBS_FLAGS_RNG)) && + (stat & BS_STAT_MCR2_DONE)) { + struct ubsec_q2 *q2; + struct ubsec_mcr *mcr; + + while (!SIMPLEQ_EMPTY(&sc->sc_qchip2)) { + q2 = SIMPLEQ_FIRST(&sc->sc_qchip2); + + bus_dmamap_sync(sc->sc_dmat, q2->q_mcr.dma_map, + 0, q2->q_mcr.dma_map->dm_mapsize, + BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE); + + mcr = (struct ubsec_mcr *)q2->q_mcr.dma_vaddr; + if ((mcr->mcr_flags & htole16(UBS_MCR_DONE)) == 0) { + bus_dmamap_sync(sc->sc_dmat, + q2->q_mcr.dma_map, 0, + q2->q_mcr.dma_map->dm_mapsize, + BUS_DMASYNC_PREREAD|BUS_DMASYNC_PREWRITE); + break; + } + SIMPLEQ_REMOVE_HEAD(&sc->sc_qchip2, q_next); + ubsec_callback2(sc, q2); + /* + * Don't send any more packet to chip if there has been + * a DMAERR. + */ + if (!(stat & BS_STAT_DMAERR)) + ubsec_feed2(sc); + } + } + + /* + * Check to see if we got any DMA Error + */ + if (stat & BS_STAT_DMAERR) { +#ifdef UBSEC_DEBUG + volatile u_int32_t a = READ_REG(sc, BS_ERR); + + printf("%s: dmaerr %s@%08x\n", sc->sc_dv.dv_xname, + (a & BS_ERR_READ) ? "read" : "write", a & BS_ERR_ADDR); +#endif /* UBSEC_DEBUG */ + ubsecstats.hst_dmaerr++; + ubsec_totalreset(sc); + ubsec_feed(sc); + } + + return (1); +} + +/* + * ubsec_feed() - aggregate and post requests to chip + * It is assumed that the caller set splnet() + */ +void +ubsec_feed(struct ubsec_softc *sc) +{ +#ifdef UBSEC_DEBUG + static int max; +#endif /* UBSEC_DEBUG */ + struct ubsec_q *q, *q2; + int npkts, i; + void *v; + u_int32_t stat; + + npkts = sc->sc_nqueue; + if (npkts > UBS_MAX_AGGR) + npkts = UBS_MAX_AGGR; + if (npkts < 2) + goto feed1; + + if ((stat = READ_REG(sc, BS_STAT)) & (BS_STAT_MCR1_FULL | BS_STAT_DMAERR)) { + if(stat & BS_STAT_DMAERR) { + ubsec_totalreset(sc); + ubsecstats.hst_dmaerr++; + } + return; + } + +#ifdef UBSEC_DEBUG + printf("merging %d records\n", npkts); + + /* XXX temporary aggregation statistics reporting code */ + if (max < npkts) { + max = npkts; + printf("%s: new max aggregate %d\n", sc->sc_dv.dv_xname, max); + } +#endif /* UBSEC_DEBUG */ + + q = SIMPLEQ_FIRST(&sc->sc_queue); + SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q_next); + --sc->sc_nqueue; + + bus_dmamap_sync(sc->sc_dmat, q->q_src_map, + 0, q->q_src_map->dm_mapsize, BUS_DMASYNC_PREWRITE); + if (q->q_dst_map != NULL) + bus_dmamap_sync(sc->sc_dmat, q->q_dst_map, + 0, q->q_dst_map->dm_mapsize, BUS_DMASYNC_PREREAD); + + q->q_nstacked_mcrs = npkts - 1; /* Number of packets stacked */ + + for (i = 0; i < q->q_nstacked_mcrs; i++) { + q2 = SIMPLEQ_FIRST(&sc->sc_queue); + bus_dmamap_sync(sc->sc_dmat, q2->q_src_map, + 0, q2->q_src_map->dm_mapsize, BUS_DMASYNC_PREWRITE); + if (q2->q_dst_map != NULL) + bus_dmamap_sync(sc->sc_dmat, q2->q_dst_map, + 0, q2->q_dst_map->dm_mapsize, BUS_DMASYNC_PREREAD); + SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q_next); + --sc->sc_nqueue; + + v = ((char *)&q2->q_dma->d_dma->d_mcr) + sizeof(struct ubsec_mcr) - + sizeof(struct ubsec_mcr_add); + bcopy(v, &q->q_dma->d_dma->d_mcradd[i], sizeof(struct ubsec_mcr_add)); + q->q_stacked_mcr[i] = q2; + } + q->q_dma->d_dma->d_mcr.mcr_pkts = htole16(npkts); + SIMPLEQ_INSERT_TAIL(&sc->sc_qchip, q, q_next); + bus_dmamap_sync(sc->sc_dmat, q->q_dma->d_alloc.dma_map, + 0, q->q_dma->d_alloc.dma_map->dm_mapsize, + BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); + WRITE_REG(sc, BS_MCR1, q->q_dma->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_mcr)); + return; + +feed1: + while (!SIMPLEQ_EMPTY(&sc->sc_queue)) { + if ((stat = READ_REG(sc, BS_STAT)) & + (BS_STAT_MCR1_FULL | BS_STAT_DMAERR)) { + if(stat & BS_STAT_DMAERR) { + ubsec_totalreset(sc); + ubsecstats.hst_dmaerr++; + } + break; + } + + q = SIMPLEQ_FIRST(&sc->sc_queue); + + bus_dmamap_sync(sc->sc_dmat, q->q_src_map, + 0, q->q_src_map->dm_mapsize, BUS_DMASYNC_PREWRITE); + if (q->q_dst_map != NULL) + bus_dmamap_sync(sc->sc_dmat, q->q_dst_map, + 0, q->q_dst_map->dm_mapsize, BUS_DMASYNC_PREREAD); + bus_dmamap_sync(sc->sc_dmat, q->q_dma->d_alloc.dma_map, + 0, q->q_dma->d_alloc.dma_map->dm_mapsize, + BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); + + WRITE_REG(sc, BS_MCR1, q->q_dma->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_mcr)); +#ifdef UBSEC_DEBUG + printf("feed: q->chip %p %08x\n", q, + (u_int32_t)q->q_dma->d_alloc.dma_paddr); +#endif /* UBSEC_DEBUG */ + SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q_next); + --sc->sc_nqueue; + SIMPLEQ_INSERT_TAIL(&sc->sc_qchip, q, q_next); + } +} + +/* + * Allocate a new 'session' and return an encoded session id. 'sidp' + * contains our registration id, and should contain an encoded session + * id on successful allocation. + */ +int +ubsec_newsession(u_int32_t *sidp, struct cryptoini *cri) +{ + struct cryptoini *c, *encini = NULL, *macini = NULL; + struct ubsec_softc *sc = NULL; + struct ubsec_session *ses = NULL; + MD5_CTX md5ctx; + SHA1_CTX sha1ctx; + int i, sesn; + + if (sidp == NULL || cri == NULL) + return (EINVAL); + + for (i = 0; i < ubsec_cd.cd_ndevs; i++) { + sc = ubsec_cd.cd_devs[i]; + if (sc == NULL || sc->sc_cid == (*sidp)) + break; + } + if (sc == NULL) + return (EINVAL); + + for (c = cri; c != NULL; c = c->cri_next) { + if (c->cri_alg == CRYPTO_MD5_HMAC || + c->cri_alg == CRYPTO_SHA1_HMAC) { + if (macini) + return (EINVAL); + macini = c; + } else if (c->cri_alg == CRYPTO_DES_CBC || + c->cri_alg == CRYPTO_3DES_CBC) { + if (encini) + return (EINVAL); + encini = c; + } else + return (EINVAL); + } + if (encini == NULL && macini == NULL) + return (EINVAL); + + if (sc->sc_sessions == NULL) { + ses = sc->sc_sessions = (struct ubsec_session *)malloc( + sizeof(struct ubsec_session), M_DEVBUF, M_NOWAIT); + if (ses == NULL) + return (ENOMEM); + sesn = 0; + sc->sc_nsessions = 1; + } else { + for (sesn = 0; sesn < sc->sc_nsessions; sesn++) { + if (sc->sc_sessions[sesn].ses_used == 0) { + ses = &sc->sc_sessions[sesn]; + break; + } + } + + if (ses == NULL) { + sesn = sc->sc_nsessions; + ses = (struct ubsec_session *)malloc((sesn + 1) * + sizeof(struct ubsec_session), M_DEVBUF, M_NOWAIT); + if (ses == NULL) + return (ENOMEM); + bcopy(sc->sc_sessions, ses, sesn * + sizeof(struct ubsec_session)); + bzero(sc->sc_sessions, sesn * + sizeof(struct ubsec_session)); + free(sc->sc_sessions, M_DEVBUF); + sc->sc_sessions = ses; + ses = &sc->sc_sessions[sesn]; + sc->sc_nsessions++; + } + } + + bzero(ses, sizeof(struct ubsec_session)); + ses->ses_used = 1; + if (encini) { + /* get an IV, network byte order */ + arc4random_bytes(ses->ses_iv, sizeof(ses->ses_iv)); + + /* Go ahead and compute key in ubsec's byte order */ + if (encini->cri_alg == CRYPTO_DES_CBC) { + bcopy(encini->cri_key, &ses->ses_deskey[0], 8); + bcopy(encini->cri_key, &ses->ses_deskey[2], 8); + bcopy(encini->cri_key, &ses->ses_deskey[4], 8); + } else + bcopy(encini->cri_key, ses->ses_deskey, 24); + + SWAP32(ses->ses_deskey[0]); + SWAP32(ses->ses_deskey[1]); + SWAP32(ses->ses_deskey[2]); + SWAP32(ses->ses_deskey[3]); + SWAP32(ses->ses_deskey[4]); + SWAP32(ses->ses_deskey[5]); + } + + if (macini) { + for (i = 0; i < macini->cri_klen / 8; i++) + macini->cri_key[i] ^= HMAC_IPAD_VAL; + + if (macini->cri_alg == CRYPTO_MD5_HMAC) { + MD5Init(&md5ctx); + MD5Update(&md5ctx, macini->cri_key, + macini->cri_klen / 8); + MD5Update(&md5ctx, hmac_ipad_buffer, + HMAC_BLOCK_LEN - (macini->cri_klen / 8)); + bcopy(md5ctx.state, ses->ses_hminner, + sizeof(md5ctx.state)); + } else { + SHA1Init(&sha1ctx); + SHA1Update(&sha1ctx, macini->cri_key, + macini->cri_klen / 8); + SHA1Update(&sha1ctx, hmac_ipad_buffer, + HMAC_BLOCK_LEN - (macini->cri_klen / 8)); + bcopy(sha1ctx.state, ses->ses_hminner, + sizeof(sha1ctx.state)); + } + + for (i = 0; i < macini->cri_klen / 8; i++) + macini->cri_key[i] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); + + if (macini->cri_alg == CRYPTO_MD5_HMAC) { + MD5Init(&md5ctx); + MD5Update(&md5ctx, macini->cri_key, + macini->cri_klen / 8); + MD5Update(&md5ctx, hmac_opad_buffer, + HMAC_BLOCK_LEN - (macini->cri_klen / 8)); + bcopy(md5ctx.state, ses->ses_hmouter, + sizeof(md5ctx.state)); + } else { + SHA1Init(&sha1ctx); + SHA1Update(&sha1ctx, macini->cri_key, + macini->cri_klen / 8); + SHA1Update(&sha1ctx, hmac_opad_buffer, + HMAC_BLOCK_LEN - (macini->cri_klen / 8)); + bcopy(sha1ctx.state, ses->ses_hmouter, + sizeof(sha1ctx.state)); + } + + for (i = 0; i < macini->cri_klen / 8; i++) + macini->cri_key[i] ^= HMAC_OPAD_VAL; + } + + *sidp = UBSEC_SID(sc->sc_dv.dv_unit, sesn); + return (0); +} + +/* + * Deallocate a session. + */ +int +ubsec_freesession(u_int64_t tid) +{ + struct ubsec_softc *sc; + int card, session; + u_int32_t sid = ((u_int32_t)tid) & 0xffffffff; + + card = UBSEC_CARD(sid); + if (card >= ubsec_cd.cd_ndevs || ubsec_cd.cd_devs[card] == NULL) + return (EINVAL); + sc = ubsec_cd.cd_devs[card]; + session = UBSEC_SESSION(sid); + bzero(&sc->sc_sessions[session], sizeof(sc->sc_sessions[session])); + return (0); +} + +int +ubsec_process(struct cryptop *crp) +{ + struct ubsec_q *q = NULL; + int card, err = 0, i, j, s, nicealign; + struct ubsec_softc *sc; + struct cryptodesc *crd1, *crd2, *maccrd, *enccrd; + int encoffset = 0, macoffset = 0, cpskip, cpoffset; + int sskip, dskip, stheend, dtheend; + int16_t coffset; + struct ubsec_session *ses; + struct ubsec_pktctx ctx; + struct ubsec_dma *dmap = NULL; + + if (crp == NULL || crp->crp_callback == NULL) { + ubsecstats.hst_invalid++; + return (EINVAL); + } + card = UBSEC_CARD(crp->crp_sid); + if (card >= ubsec_cd.cd_ndevs || ubsec_cd.cd_devs[card] == NULL) { + ubsecstats.hst_invalid++; + return (EINVAL); + } + + sc = ubsec_cd.cd_devs[card]; + + s = splnet(); + + if (SIMPLEQ_EMPTY(&sc->sc_freequeue)) { + ubsecstats.hst_queuefull++; + splx(s); + err = ENOMEM; + goto errout2; + } + + q = SIMPLEQ_FIRST(&sc->sc_freequeue); + SIMPLEQ_REMOVE_HEAD(&sc->sc_freequeue, q_next); + splx(s); + + dmap = q->q_dma; /* Save dma pointer */ + bzero(q, sizeof(struct ubsec_q)); + bzero(&ctx, sizeof(ctx)); + + q->q_sesn = UBSEC_SESSION(crp->crp_sid); + q->q_dma = dmap; + ses = &sc->sc_sessions[q->q_sesn]; + + if (crp->crp_flags & CRYPTO_F_IMBUF) { + q->q_src_m = (struct mbuf *)crp->crp_buf; + q->q_dst_m = (struct mbuf *)crp->crp_buf; + } else if (crp->crp_flags & CRYPTO_F_IOV) { + q->q_src_io = (struct uio *)crp->crp_buf; + q->q_dst_io = (struct uio *)crp->crp_buf; + } else { + err = EINVAL; + goto errout; /* XXX we don't handle contiguous blocks! */ + } + + bzero(&dmap->d_dma->d_mcr, sizeof(struct ubsec_mcr)); + + dmap->d_dma->d_mcr.mcr_pkts = htole16(1); + dmap->d_dma->d_mcr.mcr_flags = 0; + q->q_crp = crp; + + crd1 = crp->crp_desc; + if (crd1 == NULL) { + err = EINVAL; + goto errout; + } + crd2 = crd1->crd_next; + + if (crd2 == NULL) { + if (crd1->crd_alg == CRYPTO_MD5_HMAC || + crd1->crd_alg == CRYPTO_SHA1_HMAC) { + maccrd = crd1; + enccrd = NULL; + } else if (crd1->crd_alg == CRYPTO_DES_CBC || + crd1->crd_alg == CRYPTO_3DES_CBC) { + maccrd = NULL; + enccrd = crd1; + } else { + err = EINVAL; + goto errout; + } + } else { + if ((crd1->crd_alg == CRYPTO_MD5_HMAC || + crd1->crd_alg == CRYPTO_SHA1_HMAC) && + (crd2->crd_alg == CRYPTO_DES_CBC || + crd2->crd_alg == CRYPTO_3DES_CBC) && + ((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) { + maccrd = crd1; + enccrd = crd2; + } else if ((crd1->crd_alg == CRYPTO_DES_CBC || + crd1->crd_alg == CRYPTO_3DES_CBC) && + (crd2->crd_alg == CRYPTO_MD5_HMAC || + crd2->crd_alg == CRYPTO_SHA1_HMAC) && + (crd1->crd_flags & CRD_F_ENCRYPT)) { + enccrd = crd1; + maccrd = crd2; + } else { + /* + * We cannot order the ubsec as requested + */ + err = EINVAL; + goto errout; + } + } + + if (enccrd) { + encoffset = enccrd->crd_skip; + ctx.pc_flags |= htole16(UBS_PKTCTX_ENC_3DES); + + if (enccrd->crd_flags & CRD_F_ENCRYPT) { + q->q_flags |= UBSEC_QFLAGS_COPYOUTIV; + + if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) + bcopy(enccrd->crd_iv, ctx.pc_iv, 8); + else { + ctx.pc_iv[0] = ses->ses_iv[0]; + ctx.pc_iv[1] = ses->ses_iv[1]; + } + + if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) { + if (crp->crp_flags & CRYPTO_F_IMBUF) + m_copyback(q->q_src_m, + enccrd->crd_inject, + 8, ctx.pc_iv); + else if (crp->crp_flags & CRYPTO_F_IOV) + cuio_copyback(q->q_src_io, + enccrd->crd_inject, + 8, ctx.pc_iv); + } + } else { + ctx.pc_flags |= htole16(UBS_PKTCTX_INBOUND); + + if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) + bcopy(enccrd->crd_iv, ctx.pc_iv, 8); + else if (crp->crp_flags & CRYPTO_F_IMBUF) + m_copydata(q->q_src_m, enccrd->crd_inject, + 8, (caddr_t)ctx.pc_iv); + else if (crp->crp_flags & CRYPTO_F_IOV) + cuio_copydata(q->q_src_io, + enccrd->crd_inject, 8, + (caddr_t)ctx.pc_iv); + } + + ctx.pc_deskey[0] = ses->ses_deskey[0]; + ctx.pc_deskey[1] = ses->ses_deskey[1]; + ctx.pc_deskey[2] = ses->ses_deskey[2]; + ctx.pc_deskey[3] = ses->ses_deskey[3]; + ctx.pc_deskey[4] = ses->ses_deskey[4]; + ctx.pc_deskey[5] = ses->ses_deskey[5]; + SWAP32(ctx.pc_iv[0]); + SWAP32(ctx.pc_iv[1]); + } + + if (maccrd) { + macoffset = maccrd->crd_skip; + + if (maccrd->crd_alg == CRYPTO_MD5_HMAC) + ctx.pc_flags |= htole16(UBS_PKTCTX_AUTH_MD5); + else + ctx.pc_flags |= htole16(UBS_PKTCTX_AUTH_SHA1); + + for (i = 0; i < 5; i++) { + ctx.pc_hminner[i] = ses->ses_hminner[i]; + ctx.pc_hmouter[i] = ses->ses_hmouter[i]; + + HTOLE32(ctx.pc_hminner[i]); + HTOLE32(ctx.pc_hmouter[i]); + } + } + + if (enccrd && maccrd) { + /* + * ubsec cannot handle packets where the end of encryption + * and authentication are not the same, or where the + * encrypted part begins before the authenticated part. + */ + if (((encoffset + enccrd->crd_len) != + (macoffset + maccrd->crd_len)) || + (enccrd->crd_skip < maccrd->crd_skip)) { + err = EINVAL; + goto errout; + } + sskip = maccrd->crd_skip; + cpskip = dskip = enccrd->crd_skip; + stheend = maccrd->crd_len; + dtheend = enccrd->crd_len; + coffset = enccrd->crd_skip - maccrd->crd_skip; + cpoffset = cpskip + dtheend; +#ifdef UBSEC_DEBUG + printf("mac: skip %d, len %d, inject %d\n", + maccrd->crd_skip, maccrd->crd_len, maccrd->crd_inject); + printf("enc: skip %d, len %d, inject %d\n", + enccrd->crd_skip, enccrd->crd_len, enccrd->crd_inject); + printf("src: skip %d, len %d\n", sskip, stheend); + printf("dst: skip %d, len %d\n", dskip, dtheend); + printf("ubs: coffset %d, pktlen %d, cpskip %d, cpoffset %d\n", + coffset, stheend, cpskip, cpoffset); +#endif + } else { + cpskip = dskip = sskip = macoffset + encoffset; + dtheend = stheend = (enccrd)?enccrd->crd_len:maccrd->crd_len; + cpoffset = cpskip + dtheend; + coffset = 0; + } + ctx.pc_offset = htole16(coffset >> 2); + + if (bus_dmamap_create(sc->sc_dmat, 0xfff0, UBS_MAX_SCATTER, + 0xfff0, 0, BUS_DMA_NOWAIT, &q->q_src_map) != 0) { + err = ENOMEM; + goto errout; + } + if (crp->crp_flags & CRYPTO_F_IMBUF) { + if (bus_dmamap_load_mbuf(sc->sc_dmat, q->q_src_map, + q->q_src_m, BUS_DMA_NOWAIT) != 0) { + bus_dmamap_destroy(sc->sc_dmat, q->q_src_map); + q->q_src_map = NULL; + err = ENOMEM; + goto errout; + } + } else if (crp->crp_flags & CRYPTO_F_IOV) { + if (bus_dmamap_load_uio(sc->sc_dmat, q->q_src_map, + q->q_src_io, BUS_DMA_NOWAIT) != 0) { + bus_dmamap_destroy(sc->sc_dmat, q->q_src_map); + q->q_src_map = NULL; + err = ENOMEM; + goto errout; + } + } + nicealign = ubsec_dmamap_aligned(q->q_src_map); + + dmap->d_dma->d_mcr.mcr_pktlen = htole16(stheend); + +#ifdef UBSEC_DEBUG + printf("src skip: %d\n", sskip); +#endif + for (i = j = 0; i < q->q_src_map->dm_nsegs; i++) { + struct ubsec_pktbuf *pb; + bus_size_t packl = q->q_src_map->dm_segs[i].ds_len; + bus_addr_t packp = q->q_src_map->dm_segs[i].ds_addr; + + if (sskip >= packl) { + sskip -= packl; + continue; + } + + packl -= sskip; + packp += sskip; + sskip = 0; + + if (packl > 0xfffc) { + err = EIO; + goto errout; + } + + if (j == 0) + pb = &dmap->d_dma->d_mcr.mcr_ipktbuf; + else + pb = &dmap->d_dma->d_sbuf[j - 1]; + + pb->pb_addr = htole32(packp); + + if (stheend) { + if (packl > stheend) { + pb->pb_len = htole32(stheend); + stheend = 0; + } else { + pb->pb_len = htole32(packl); + stheend -= packl; + } + } else + pb->pb_len = htole32(packl); + + if ((i + 1) == q->q_src_map->dm_nsegs) + pb->pb_next = 0; + else + pb->pb_next = htole32(dmap->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_sbuf[j])); + j++; + } + + if (enccrd == NULL && maccrd != NULL) { + dmap->d_dma->d_mcr.mcr_opktbuf.pb_addr = 0; + dmap->d_dma->d_mcr.mcr_opktbuf.pb_len = 0; + dmap->d_dma->d_mcr.mcr_opktbuf.pb_next = + htole32(dmap->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_macbuf[0])); +#ifdef UBSEC_DEBUG + printf("opkt: %x %x %x\n", + dmap->d_dma->d_mcr.mcr_opktbuf.pb_addr, + dmap->d_dma->d_mcr.mcr_opktbuf.pb_len, + dmap->d_dma->d_mcr.mcr_opktbuf.pb_next); +#endif + } else { + if (crp->crp_flags & CRYPTO_F_IOV) { + if (!nicealign) { + err = EINVAL; + goto errout; + } + if (bus_dmamap_create(sc->sc_dmat, 0xfff0, + UBS_MAX_SCATTER, 0xfff0, 0, BUS_DMA_NOWAIT, + &q->q_dst_map) != 0) { + err = ENOMEM; + goto errout; + } + if (bus_dmamap_load_uio(sc->sc_dmat, q->q_dst_map, + q->q_dst_io, BUS_DMA_NOWAIT) != 0) { + bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map); + q->q_dst_map = NULL; + goto errout; + } + } else if (crp->crp_flags & CRYPTO_F_IMBUF) { + if (nicealign) { + q->q_dst_m = q->q_src_m; + q->q_dst_map = q->q_src_map; + } else { + int totlen, len; + struct mbuf *m, *top, **mp; + + totlen = q->q_src_map->dm_mapsize; + if (q->q_src_m->m_flags & M_PKTHDR) { + len = MHLEN; + MGETHDR(m, M_DONTWAIT, MT_DATA); + } else { + len = MLEN; + MGET(m, M_DONTWAIT, MT_DATA); + } + if (m == NULL) { + err = ENOMEM; + goto errout; + } + if (len == MHLEN) + M_DUP_PKTHDR(m, q->q_src_m); + if (totlen >= MINCLSIZE) { + MCLGET(m, M_DONTWAIT); + if (m->m_flags & M_EXT) + len = MCLBYTES; + } + m->m_len = len; + top = NULL; + mp = ⊤ + + while (totlen > 0) { + if (top) { + MGET(m, M_DONTWAIT, MT_DATA); + if (m == NULL) { + m_freem(top); + err = ENOMEM; + goto errout; + } + len = MLEN; + } + if (top && totlen >= MINCLSIZE) { + MCLGET(m, M_DONTWAIT); + if (m->m_flags & M_EXT) + len = MCLBYTES; + } + m->m_len = len = min(totlen, len); + totlen -= len; + *mp = m; + mp = &m->m_next; + } + q->q_dst_m = top; + ubsec_mcopy(q->q_src_m, q->q_dst_m, + cpskip, cpoffset); + if (bus_dmamap_create(sc->sc_dmat, 0xfff0, + UBS_MAX_SCATTER, 0xfff0, 0, BUS_DMA_NOWAIT, + &q->q_dst_map) != 0) { + err = ENOMEM; + goto errout; + } + if (bus_dmamap_load_mbuf(sc->sc_dmat, + q->q_dst_map, q->q_dst_m, + BUS_DMA_NOWAIT) != 0) { + bus_dmamap_destroy(sc->sc_dmat, + q->q_dst_map); + q->q_dst_map = NULL; + err = ENOMEM; + goto errout; + } + } + } else { + err = EINVAL; + goto errout; + } + +#ifdef UBSEC_DEBUG + printf("dst skip: %d\n", dskip); +#endif + for (i = j = 0; i < q->q_dst_map->dm_nsegs; i++) { + struct ubsec_pktbuf *pb; + bus_size_t packl = q->q_dst_map->dm_segs[i].ds_len; + bus_addr_t packp = q->q_dst_map->dm_segs[i].ds_addr; + + if (dskip >= packl) { + dskip -= packl; + continue; + } + + packl -= dskip; + packp += dskip; + dskip = 0; + + if (packl > 0xfffc) { + err = EIO; + goto errout; + } + + if (j == 0) + pb = &dmap->d_dma->d_mcr.mcr_opktbuf; + else + pb = &dmap->d_dma->d_dbuf[j - 1]; + + pb->pb_addr = htole32(packp); + + if (dtheend) { + if (packl > dtheend) { + pb->pb_len = htole32(dtheend); + dtheend = 0; + } else { + pb->pb_len = htole32(packl); + dtheend -= packl; + } + } else + pb->pb_len = htole32(packl); + + if ((i + 1) == q->q_dst_map->dm_nsegs) { + if (maccrd) + pb->pb_next = htole32(dmap->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_macbuf[0])); + else + pb->pb_next = 0; + } else + pb->pb_next = htole32(dmap->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_dbuf[j])); + j++; + } + } + + dmap->d_dma->d_mcr.mcr_cmdctxp = htole32(dmap->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_ctx)); + + if (sc->sc_flags & UBS_FLAGS_LONGCTX) { + struct ubsec_pktctx_long *ctxl; + + ctxl = (struct ubsec_pktctx_long *)(dmap->d_alloc.dma_vaddr + + offsetof(struct ubsec_dmachunk, d_ctx)); + + /* transform small context into long context */ + ctxl->pc_len = htole16(sizeof(struct ubsec_pktctx_long)); + ctxl->pc_type = htole16(UBS_PKTCTX_TYPE_IPSEC); + ctxl->pc_flags = ctx.pc_flags; + ctxl->pc_offset = ctx.pc_offset; + for (i = 0; i < 6; i++) + ctxl->pc_deskey[i] = ctx.pc_deskey[i]; + for (i = 0; i < 5; i++) + ctxl->pc_hminner[i] = ctx.pc_hminner[i]; + for (i = 0; i < 5; i++) + ctxl->pc_hmouter[i] = ctx.pc_hmouter[i]; + ctxl->pc_iv[0] = ctx.pc_iv[0]; + ctxl->pc_iv[1] = ctx.pc_iv[1]; + } else + bcopy(&ctx, dmap->d_alloc.dma_vaddr + + offsetof(struct ubsec_dmachunk, d_ctx), + sizeof(struct ubsec_pktctx)); + + s = splnet(); + SIMPLEQ_INSERT_TAIL(&sc->sc_queue, q, q_next); + sc->sc_nqueue++; + ubsecstats.hst_ipackets++; + ubsecstats.hst_ibytes += dmap->d_alloc.dma_map->dm_mapsize; + ubsec_feed(sc); + splx(s); + return (0); + +errout: + if (q != NULL) { + if ((q->q_dst_m != NULL) && (q->q_src_m != q->q_dst_m)) + m_freem(q->q_dst_m); + + if (q->q_dst_map != NULL && q->q_dst_map != q->q_src_map) { + bus_dmamap_unload(sc->sc_dmat, q->q_dst_map); + bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map); + } + if (q->q_src_map != NULL) { + bus_dmamap_unload(sc->sc_dmat, q->q_src_map); + bus_dmamap_destroy(sc->sc_dmat, q->q_src_map); + } + + s = splnet(); + SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next); + splx(s); + } + if (err == EINVAL) + ubsecstats.hst_invalid++; + else + ubsecstats.hst_nomem++; +errout2: + crp->crp_etype = err; + crypto_done(crp); + return (0); +} + +void +ubsec_callback(struct ubsec_softc *sc, struct ubsec_q *q) +{ + struct cryptop *crp = (struct cryptop *)q->q_crp; + struct cryptodesc *crd; + struct ubsec_dma *dmap = q->q_dma; + + ubsecstats.hst_opackets++; + ubsecstats.hst_obytes += dmap->d_alloc.dma_size; + + bus_dmamap_sync(sc->sc_dmat, dmap->d_alloc.dma_map, 0, + dmap->d_alloc.dma_map->dm_mapsize, + BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE); + if (q->q_dst_map != NULL && q->q_dst_map != q->q_src_map) { + bus_dmamap_sync(sc->sc_dmat, q->q_dst_map, + 0, q->q_dst_map->dm_mapsize, BUS_DMASYNC_POSTREAD); + bus_dmamap_unload(sc->sc_dmat, q->q_dst_map); + bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map); + } + bus_dmamap_sync(sc->sc_dmat, q->q_src_map, + 0, q->q_src_map->dm_mapsize, BUS_DMASYNC_POSTWRITE); + bus_dmamap_unload(sc->sc_dmat, q->q_src_map); + bus_dmamap_destroy(sc->sc_dmat, q->q_src_map); + + if ((crp->crp_flags & CRYPTO_F_IMBUF) && (q->q_src_m != q->q_dst_m)) { + m_freem(q->q_src_m); + crp->crp_buf = (caddr_t)q->q_dst_m; + } + + /* copy out IV for future use */ + if (q->q_flags & UBSEC_QFLAGS_COPYOUTIV) { + for (crd = crp->crp_desc; crd; crd = crd->crd_next) { + if (crd->crd_alg != CRYPTO_DES_CBC && + crd->crd_alg != CRYPTO_3DES_CBC) + continue; + if (crp->crp_flags & CRYPTO_F_IMBUF) + m_copydata((struct mbuf *)crp->crp_buf, + crd->crd_skip + crd->crd_len - 8, 8, + (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv); + else if (crp->crp_flags & CRYPTO_F_IOV) { + cuio_copydata((struct uio *)crp->crp_buf, + crd->crd_skip + crd->crd_len - 8, 8, + (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv); + } + break; + } + } + + for (crd = crp->crp_desc; crd; crd = crd->crd_next) { + if (crd->crd_alg != CRYPTO_MD5_HMAC && + crd->crd_alg != CRYPTO_SHA1_HMAC) + continue; + if (crp->crp_flags & CRYPTO_F_IMBUF) + m_copyback((struct mbuf *)crp->crp_buf, + crd->crd_inject, 12, + dmap->d_dma->d_macbuf); + else if (crp->crp_flags & CRYPTO_F_IOV && crp->crp_mac) + bcopy((caddr_t)dmap->d_dma->d_macbuf, + crp->crp_mac, 12); + break; + } + SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next); + crypto_done(crp); +} + +void +ubsec_mcopy(struct mbuf *srcm, struct mbuf *dstm, int hoffset, int toffset) +{ + int i, j, dlen, slen; + caddr_t dptr, sptr; + + j = 0; + sptr = srcm->m_data; + slen = srcm->m_len; + dptr = dstm->m_data; + dlen = dstm->m_len; + + while (1) { + for (i = 0; i < min(slen, dlen); i++) { + if (j < hoffset || j >= toffset) + *dptr++ = *sptr++; + slen--; + dlen--; + j++; + } + if (slen == 0) { + srcm = srcm->m_next; + if (srcm == NULL) + return; + sptr = srcm->m_data; + slen = srcm->m_len; + } + if (dlen == 0) { + dstm = dstm->m_next; + if (dstm == NULL) + return; + dptr = dstm->m_data; + dlen = dstm->m_len; + } + } +} + +/* + * feed the key generator, must be called at splnet() or higher. + */ +void +ubsec_feed2(struct ubsec_softc *sc) +{ + struct ubsec_q2 *q; + + while (!SIMPLEQ_EMPTY(&sc->sc_queue2)) { + if (READ_REG(sc, BS_STAT) & BS_STAT_MCR2_FULL) + break; + q = SIMPLEQ_FIRST(&sc->sc_queue2); + + bus_dmamap_sync(sc->sc_dmat, q->q_mcr.dma_map, 0, + q->q_mcr.dma_map->dm_mapsize, + BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); + bus_dmamap_sync(sc->sc_dmat, q->q_ctx.dma_map, 0, + q->q_ctx.dma_map->dm_mapsize, + BUS_DMASYNC_PREWRITE); + + WRITE_REG(sc, BS_MCR2, q->q_mcr.dma_paddr); + SIMPLEQ_REMOVE_HEAD(&sc->sc_queue2, q_next); + --sc->sc_nqueue2; + SIMPLEQ_INSERT_TAIL(&sc->sc_qchip2, q, q_next); + } +} + +/* + * Callback for handling random numbers + */ +void +ubsec_callback2(struct ubsec_softc *sc, struct ubsec_q2 *q) +{ + struct cryptkop *krp; + struct ubsec_ctx_keyop *ctx; + + ctx = (struct ubsec_ctx_keyop *)q->q_ctx.dma_vaddr; + bus_dmamap_sync(sc->sc_dmat, q->q_ctx.dma_map, 0, + q->q_ctx.dma_map->dm_mapsize, BUS_DMASYNC_POSTWRITE); + + switch (q->q_type) { +#ifndef UBSEC_NO_RNG + case UBS_CTXOP_RNGSHA1: + case UBS_CTXOP_RNGBYPASS: { + struct ubsec_q2_rng *rng = (struct ubsec_q2_rng *)q; + u_int32_t *p; + int i; + + bus_dmamap_sync(sc->sc_dmat, rng->rng_buf.dma_map, 0, + rng->rng_buf.dma_map->dm_mapsize, BUS_DMASYNC_POSTREAD); + p = (u_int32_t *)rng->rng_buf.dma_vaddr; + for (i = 0; i < UBSEC_RNG_BUFSIZ; p++, i++) + add_true_randomness(*p); + rng->rng_used = 0; + timeout_add(&sc->sc_rngto, sc->sc_rnghz); + break; + } +#endif + case UBS_CTXOP_MODEXP: { + struct ubsec_q2_modexp *me = (struct ubsec_q2_modexp *)q; + u_int rlen, clen; + + krp = me->me_krp; + rlen = (me->me_modbits + 7) / 8; + clen = (krp->krp_param[krp->krp_iparams].crp_nbits + 7) / 8; + + bus_dmamap_sync(sc->sc_dmat, me->me_M.dma_map, + 0, me->me_M.dma_map->dm_mapsize, BUS_DMASYNC_POSTWRITE); + bus_dmamap_sync(sc->sc_dmat, me->me_E.dma_map, + 0, me->me_E.dma_map->dm_mapsize, BUS_DMASYNC_POSTWRITE); + bus_dmamap_sync(sc->sc_dmat, me->me_C.dma_map, + 0, me->me_C.dma_map->dm_mapsize, BUS_DMASYNC_POSTREAD); + bus_dmamap_sync(sc->sc_dmat, me->me_epb.dma_map, + 0, me->me_epb.dma_map->dm_mapsize, BUS_DMASYNC_POSTWRITE); + + if (clen < rlen) + krp->krp_status = E2BIG; + else { + if (sc->sc_flags & UBS_FLAGS_HWNORM) { + bzero(krp->krp_param[krp->krp_iparams].crp_p, + (krp->krp_param[krp->krp_iparams].crp_nbits + + 7) / 8); + bcopy(me->me_C.dma_vaddr, + krp->krp_param[krp->krp_iparams].crp_p, + (me->me_modbits + 7) / 8); + } else + ubsec_kshift_l(me->me_shiftbits, + me->me_C.dma_vaddr, me->me_normbits, + krp->krp_param[krp->krp_iparams].crp_p, + krp->krp_param[krp->krp_iparams].crp_nbits); + } + crypto_kdone(krp); + + /* bzero all potentially sensitive data */ + bzero(me->me_E.dma_vaddr, me->me_E.dma_size); + bzero(me->me_M.dma_vaddr, me->me_M.dma_size); + bzero(me->me_C.dma_vaddr, me->me_C.dma_size); + bzero(me->me_q.q_ctx.dma_vaddr, me->me_q.q_ctx.dma_size); + + /* Can't free here, so put us on the free list. */ + SIMPLEQ_INSERT_TAIL(&sc->sc_q2free, &me->me_q, q_next); + break; + } + case UBS_CTXOP_RSAPRIV: { + struct ubsec_q2_rsapriv *rp = (struct ubsec_q2_rsapriv *)q; + u_int len; + + krp = rp->rpr_krp; + bus_dmamap_sync(sc->sc_dmat, rp->rpr_msgin.dma_map, 0, + rp->rpr_msgin.dma_map->dm_mapsize, BUS_DMASYNC_POSTWRITE); + bus_dmamap_sync(sc->sc_dmat, rp->rpr_msgout.dma_map, 0, + rp->rpr_msgout.dma_map->dm_mapsize, BUS_DMASYNC_POSTREAD); + + len = (krp->krp_param[UBS_RSAPRIV_PAR_MSGOUT].crp_nbits + 7) / 8; + bcopy(rp->rpr_msgout.dma_vaddr, + krp->krp_param[UBS_RSAPRIV_PAR_MSGOUT].crp_p, len); + + crypto_kdone(krp); + + bzero(rp->rpr_msgin.dma_vaddr, rp->rpr_msgin.dma_size); + bzero(rp->rpr_msgout.dma_vaddr, rp->rpr_msgout.dma_size); + bzero(rp->rpr_q.q_ctx.dma_vaddr, rp->rpr_q.q_ctx.dma_size); + + /* Can't free here, so put us on the free list. */ + SIMPLEQ_INSERT_TAIL(&sc->sc_q2free, &rp->rpr_q, q_next); + break; + } + default: + printf("%s: unknown ctx op: %x\n", sc->sc_dv.dv_xname, + letoh16(ctx->ctx_op)); + break; + } +} + +#ifndef UBSEC_NO_RNG +void +ubsec_rng(void *vsc) +{ + struct ubsec_softc *sc = vsc; + struct ubsec_q2_rng *rng = &sc->sc_rng; + struct ubsec_mcr *mcr; + struct ubsec_ctx_rngbypass *ctx; + int s; + + s = splnet(); + if (rng->rng_used) { + splx(s); + return; + } + sc->sc_nqueue2++; + if (sc->sc_nqueue2 >= UBS_MAX_NQUEUE) + goto out; + + mcr = (struct ubsec_mcr *)rng->rng_q.q_mcr.dma_vaddr; + ctx = (struct ubsec_ctx_rngbypass *)rng->rng_q.q_ctx.dma_vaddr; + + mcr->mcr_pkts = htole16(1); + mcr->mcr_flags = 0; + mcr->mcr_cmdctxp = htole32(rng->rng_q.q_ctx.dma_paddr); + mcr->mcr_ipktbuf.pb_addr = mcr->mcr_ipktbuf.pb_next = 0; + mcr->mcr_ipktbuf.pb_len = 0; + mcr->mcr_reserved = mcr->mcr_pktlen = 0; + mcr->mcr_opktbuf.pb_addr = htole32(rng->rng_buf.dma_paddr); + mcr->mcr_opktbuf.pb_len = htole32(((sizeof(u_int32_t) * UBSEC_RNG_BUFSIZ)) & + UBS_PKTBUF_LEN); + mcr->mcr_opktbuf.pb_next = 0; + + ctx->rbp_len = htole16(sizeof(struct ubsec_ctx_rngbypass)); + ctx->rbp_op = htole16(UBS_CTXOP_RNGSHA1); + rng->rng_q.q_type = UBS_CTXOP_RNGSHA1; + + bus_dmamap_sync(sc->sc_dmat, rng->rng_buf.dma_map, 0, + rng->rng_buf.dma_map->dm_mapsize, BUS_DMASYNC_PREREAD); + + SIMPLEQ_INSERT_TAIL(&sc->sc_queue2, &rng->rng_q, q_next); + rng->rng_used = 1; + ubsec_feed2(sc); + splx(s); + + return; + +out: + /* + * Something weird happened, generate our own call back. + */ + sc->sc_nqueue2--; + splx(s); + timeout_add(&sc->sc_rngto, sc->sc_rnghz); +} +#endif /* UBSEC_NO_RNG */ + +int +ubsec_dma_malloc(struct ubsec_softc *sc, bus_size_t size, + struct ubsec_dma_alloc *dma, int mapflags) +{ + int r; + + if ((r = bus_dmamem_alloc(sc->sc_dmat, size, PAGE_SIZE, 0, + &dma->dma_seg, 1, &dma->dma_nseg, BUS_DMA_NOWAIT)) != 0) + goto fail_0; + + if ((r = bus_dmamem_map(sc->sc_dmat, &dma->dma_seg, dma->dma_nseg, + size, &dma->dma_vaddr, mapflags | BUS_DMA_NOWAIT)) != 0) + goto fail_1; + + if ((r = bus_dmamap_create(sc->sc_dmat, size, 1, size, 0, + BUS_DMA_NOWAIT, &dma->dma_map)) != 0) + goto fail_2; + + if ((r = bus_dmamap_load(sc->sc_dmat, dma->dma_map, dma->dma_vaddr, + size, NULL, BUS_DMA_NOWAIT)) != 0) + goto fail_3; + + dma->dma_paddr = dma->dma_map->dm_segs[0].ds_addr; + dma->dma_size = size; + return (0); + +fail_3: + bus_dmamap_destroy(sc->sc_dmat, dma->dma_map); +fail_2: + bus_dmamem_unmap(sc->sc_dmat, dma->dma_vaddr, size); +fail_1: + bus_dmamem_free(sc->sc_dmat, &dma->dma_seg, dma->dma_nseg); +fail_0: + dma->dma_map = NULL; + return (r); +} + +void +ubsec_dma_free(struct ubsec_softc *sc, struct ubsec_dma_alloc *dma) +{ + bus_dmamap_unload(sc->sc_dmat, dma->dma_map); + bus_dmamem_unmap(sc->sc_dmat, dma->dma_vaddr, dma->dma_size); + bus_dmamem_free(sc->sc_dmat, &dma->dma_seg, dma->dma_nseg); + bus_dmamap_destroy(sc->sc_dmat, dma->dma_map); +} + +/* + * Resets the board. Values in the regesters are left as is + * from the reset (i.e. initial values are assigned elsewhere). + */ +void +ubsec_reset_board(struct ubsec_softc *sc) +{ + volatile u_int32_t ctrl; + + ctrl = READ_REG(sc, BS_CTRL); + ctrl |= BS_CTRL_RESET; + WRITE_REG(sc, BS_CTRL, ctrl); + + /* + * Wait aprox. 30 PCI clocks = 900 ns = 0.9 us + */ + DELAY(10); +} + +/* + * Init Broadcom registers + */ +void +ubsec_init_board(struct ubsec_softc *sc) +{ + u_int32_t ctrl; + + ctrl = READ_REG(sc, BS_CTRL); + ctrl &= ~(BS_CTRL_BE32 | BS_CTRL_BE64); + ctrl |= BS_CTRL_LITTLE_ENDIAN | BS_CTRL_MCR1INT; + + if (sc->sc_flags & UBS_FLAGS_KEY) + ctrl |= BS_CTRL_MCR2INT; + else + ctrl &= ~BS_CTRL_MCR2INT; + + if (sc->sc_flags & UBS_FLAGS_HWNORM) + ctrl &= ~BS_CTRL_SWNORM; + + WRITE_REG(sc, BS_CTRL, ctrl); +} + +/* + * Init Broadcom PCI registers + */ +void +ubsec_init_pciregs(struct pci_attach_args *pa) +{ + pci_chipset_tag_t pc = pa->pa_pc; + u_int32_t misc; + + /* + * This will set the cache line size to 1, this will + * force the BCM58xx chip just to do burst read/writes. + * Cache line read/writes are to slow + */ + misc = pci_conf_read(pc, pa->pa_tag, PCI_BHLC_REG); + misc = (misc & ~(PCI_CACHELINE_MASK << PCI_CACHELINE_SHIFT)) + | ((UBS_DEF_CACHELINE & 0xff) << PCI_CACHELINE_SHIFT); + pci_conf_write(pc, pa->pa_tag, PCI_BHLC_REG, misc); +} + +/* + * Clean up after a chip crash. + * It is assumed that the caller is in splnet() + */ +void +ubsec_cleanchip(struct ubsec_softc *sc) +{ + struct ubsec_q *q; + + while (!SIMPLEQ_EMPTY(&sc->sc_qchip)) { + q = SIMPLEQ_FIRST(&sc->sc_qchip); + SIMPLEQ_REMOVE_HEAD(&sc->sc_qchip, q_next); + ubsec_free_q(sc, q); + } +} + +/* + * free a ubsec_q + * It is assumed that the caller is within splnet() + */ +int +ubsec_free_q(struct ubsec_softc *sc, struct ubsec_q *q) +{ + struct ubsec_q *q2; + struct cryptop *crp; + int npkts; + int i; + + npkts = q->q_nstacked_mcrs; + + for (i = 0; i < npkts; i++) { + if(q->q_stacked_mcr[i]) { + q2 = q->q_stacked_mcr[i]; + + if ((q2->q_dst_m != NULL) && (q2->q_src_m != q2->q_dst_m)) + m_freem(q2->q_dst_m); + + crp = (struct cryptop *)q2->q_crp; + + SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q2, q_next); + + crp->crp_etype = EFAULT; + crypto_done(crp); + } else { + break; + } + } + + /* + * Free header MCR + */ + if ((q->q_dst_m != NULL) && (q->q_src_m != q->q_dst_m)) + m_freem(q->q_dst_m); + + crp = (struct cryptop *)q->q_crp; + + SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next); + + crp->crp_etype = EFAULT; + crypto_done(crp); + return(0); +} + +/* + * Routine to reset the chip and clean up. + * It is assumed that the caller is in splnet() + */ +void +ubsec_totalreset(struct ubsec_softc *sc) +{ + ubsec_reset_board(sc); + ubsec_init_board(sc); + ubsec_cleanchip(sc); +} + +int +ubsec_dmamap_aligned(bus_dmamap_t map) +{ + int i; + + for (i = 0; i < map->dm_nsegs; i++) { + if (map->dm_segs[i].ds_addr & 3) + return (0); + if ((i != (map->dm_nsegs - 1)) && + (map->dm_segs[i].ds_len & 3)) + return (0); + } + return (1); +} + +struct ubsec_softc * +ubsec_kfind(struct cryptkop *krp) +{ + struct ubsec_softc *sc; + int i; + + for (i = 0; i < ubsec_cd.cd_ndevs; i++) { + sc = ubsec_cd.cd_devs[i]; + if (sc == NULL) + continue; + if (sc->sc_cid == krp->krp_hid) + return (sc); + } + return (NULL); +} + +void +ubsec_kfree(struct ubsec_softc *sc, struct ubsec_q2 *q) +{ + switch (q->q_type) { + case UBS_CTXOP_MODEXP: { + struct ubsec_q2_modexp *me = (struct ubsec_q2_modexp *)q; + + ubsec_dma_free(sc, &me->me_q.q_mcr); + ubsec_dma_free(sc, &me->me_q.q_ctx); + ubsec_dma_free(sc, &me->me_M); + ubsec_dma_free(sc, &me->me_E); + ubsec_dma_free(sc, &me->me_C); + ubsec_dma_free(sc, &me->me_epb); + free(me, M_DEVBUF); + break; + } + case UBS_CTXOP_RSAPRIV: { + struct ubsec_q2_rsapriv *rp = (struct ubsec_q2_rsapriv *)q; + + ubsec_dma_free(sc, &rp->rpr_q.q_mcr); + ubsec_dma_free(sc, &rp->rpr_q.q_ctx); + ubsec_dma_free(sc, &rp->rpr_msgin); + ubsec_dma_free(sc, &rp->rpr_msgout); + free(rp, M_DEVBUF); + break; + } + default: + printf("%s: invalid kfree 0x%x\n", sc->sc_dv.dv_xname, + q->q_type); + break; + } +} + +int +ubsec_kprocess(struct cryptkop *krp) +{ + struct ubsec_softc *sc; + int r; + + if (krp == NULL || krp->krp_callback == NULL) + return (EINVAL); + if ((sc = ubsec_kfind(krp)) == NULL) + return (EINVAL); + + while (!SIMPLEQ_EMPTY(&sc->sc_q2free)) { + struct ubsec_q2 *q; + + q = SIMPLEQ_FIRST(&sc->sc_q2free); + SIMPLEQ_REMOVE_HEAD(&sc->sc_q2free, q_next); + ubsec_kfree(sc, q); + } + + switch (krp->krp_op) { + case CRK_MOD_EXP: + if (sc->sc_flags & UBS_FLAGS_HWNORM) + r = ubsec_kprocess_modexp_hw(sc, krp); + else + r = ubsec_kprocess_modexp_sw(sc, krp); + break; + case CRK_MOD_EXP_CRT: + r = ubsec_kprocess_rsapriv(sc, krp); + break; + default: + printf("%s: kprocess: invalid op 0x%x\n", + sc->sc_dv.dv_xname, krp->krp_op); + krp->krp_status = EOPNOTSUPP; + crypto_kdone(krp); + r = 0; + } + return (r); +} + +/* + * Start computation of cr[C] = (cr[M] ^ cr[E]) mod cr[N] (sw normalization) + */ +int +ubsec_kprocess_modexp_sw(struct ubsec_softc *sc, struct cryptkop *krp) +{ + struct ubsec_q2_modexp *me; + struct ubsec_mcr *mcr; + struct ubsec_ctx_modexp *ctx; + struct ubsec_pktbuf *epb; + int err = 0, s; + u_int nbits, normbits, mbits, shiftbits, ebits; + + me = malloc(sizeof *me, M_DEVBUF, M_NOWAIT | M_ZERO); + if (me == NULL) { + err = ENOMEM; + goto errout; + } + me->me_krp = krp; + me->me_q.q_type = UBS_CTXOP_MODEXP; + + nbits = ubsec_ksigbits(&krp->krp_param[UBS_MODEXP_PAR_N]); + if (nbits <= 512) + normbits = 512; + else if (nbits <= 768) + normbits = 768; + else if (nbits <= 1024) + normbits = 1024; + else if (sc->sc_flags & UBS_FLAGS_BIGKEY && nbits <= 1536) + normbits = 1536; + else if (sc->sc_flags & UBS_FLAGS_BIGKEY && nbits <= 2048) + normbits = 2048; + else { + err = E2BIG; + goto errout; + } + + shiftbits = normbits - nbits; + + me->me_modbits = nbits; + me->me_shiftbits = shiftbits; + me->me_normbits = normbits; + + /* Sanity check: result bits must be >= true modulus bits. */ + if (krp->krp_param[krp->krp_iparams].crp_nbits < nbits) { + err = ERANGE; + goto errout; + } + + if (ubsec_dma_malloc(sc, sizeof(struct ubsec_mcr), + &me->me_q.q_mcr, 0)) { + err = ENOMEM; + goto errout; + } + mcr = (struct ubsec_mcr *)me->me_q.q_mcr.dma_vaddr; + + if (ubsec_dma_malloc(sc, sizeof(struct ubsec_ctx_modexp), + &me->me_q.q_ctx, 0)) { + err = ENOMEM; + goto errout; + } + + mbits = ubsec_ksigbits(&krp->krp_param[UBS_MODEXP_PAR_M]); + if (mbits > nbits) { + err = E2BIG; + goto errout; + } + if (ubsec_dma_malloc(sc, normbits / 8, &me->me_M, 0)) { + err = ENOMEM; + goto errout; + } + ubsec_kshift_r(shiftbits, + krp->krp_param[UBS_MODEXP_PAR_M].crp_p, mbits, + me->me_M.dma_vaddr, normbits); + + if (ubsec_dma_malloc(sc, normbits / 8, &me->me_C, 0)) { + err = ENOMEM; + goto errout; + } + bzero(me->me_C.dma_vaddr, me->me_C.dma_size); + + ebits = ubsec_ksigbits(&krp->krp_param[UBS_MODEXP_PAR_E]); + if (ebits > nbits) { + err = E2BIG; + goto errout; + } + if (ubsec_dma_malloc(sc, normbits / 8, &me->me_E, 0)) { + err = ENOMEM; + goto errout; + } + ubsec_kshift_r(shiftbits, + krp->krp_param[UBS_MODEXP_PAR_E].crp_p, ebits, + me->me_E.dma_vaddr, normbits); + + if (ubsec_dma_malloc(sc, sizeof(struct ubsec_pktbuf), + &me->me_epb, 0)) { + err = ENOMEM; + goto errout; + } + epb = (struct ubsec_pktbuf *)me->me_epb.dma_vaddr; + epb->pb_addr = htole32(me->me_E.dma_paddr); + epb->pb_next = 0; + epb->pb_len = htole32(normbits / 8); + +#ifdef UBSEC_DEBUG + printf("Epb "); + ubsec_dump_pb(epb); +#endif + + mcr->mcr_pkts = htole16(1); + mcr->mcr_flags = 0; + mcr->mcr_cmdctxp = htole32(me->me_q.q_ctx.dma_paddr); + mcr->mcr_reserved = 0; + mcr->mcr_pktlen = 0; + + mcr->mcr_ipktbuf.pb_addr = htole32(me->me_M.dma_paddr); + mcr->mcr_ipktbuf.pb_len = htole32(normbits / 8); + mcr->mcr_ipktbuf.pb_next = htole32(me->me_epb.dma_paddr); + + mcr->mcr_opktbuf.pb_addr = htole32(me->me_C.dma_paddr); + mcr->mcr_opktbuf.pb_next = 0; + mcr->mcr_opktbuf.pb_len = htole32(normbits / 8); + +#ifdef DIAGNOSTIC + /* Misaligned output buffer will hang the chip. */ + if ((letoh32(mcr->mcr_opktbuf.pb_addr) & 3) != 0) + panic("%s: modexp invalid addr 0x%x", + sc->sc_dv.dv_xname, letoh32(mcr->mcr_opktbuf.pb_addr)); + if ((letoh32(mcr->mcr_opktbuf.pb_len) & 3) != 0) + panic("%s: modexp invalid len 0x%x", + sc->sc_dv.dv_xname, letoh32(mcr->mcr_opktbuf.pb_len)); +#endif + + ctx = (struct ubsec_ctx_modexp *)me->me_q.q_ctx.dma_vaddr; + bzero(ctx, sizeof(*ctx)); + ubsec_kshift_r(shiftbits, + krp->krp_param[UBS_MODEXP_PAR_N].crp_p, nbits, + ctx->me_N, normbits); + ctx->me_len = htole16((normbits / 8) + (4 * sizeof(u_int16_t))); + ctx->me_op = htole16(UBS_CTXOP_MODEXP); + ctx->me_E_len = htole16(nbits); + ctx->me_N_len = htole16(nbits); + +#ifdef UBSEC_DEBUG + ubsec_dump_mcr(mcr); + ubsec_dump_ctx2((struct ubsec_ctx_keyop *)ctx); +#endif + + /* + * ubsec_feed2 will sync mcr and ctx, we just need to sync + * everything else. + */ + bus_dmamap_sync(sc->sc_dmat, me->me_M.dma_map, + 0, me->me_M.dma_map->dm_mapsize, BUS_DMASYNC_PREWRITE); + bus_dmamap_sync(sc->sc_dmat, me->me_E.dma_map, + 0, me->me_E.dma_map->dm_mapsize, BUS_DMASYNC_PREWRITE); + bus_dmamap_sync(sc->sc_dmat, me->me_C.dma_map, + 0, me->me_C.dma_map->dm_mapsize, BUS_DMASYNC_PREREAD); + bus_dmamap_sync(sc->sc_dmat, me->me_epb.dma_map, + 0, me->me_epb.dma_map->dm_mapsize, BUS_DMASYNC_PREWRITE); + + /* Enqueue and we're done... */ + s = splnet(); + SIMPLEQ_INSERT_TAIL(&sc->sc_queue2, &me->me_q, q_next); + ubsec_feed2(sc); + splx(s); + + return (0); + +errout: + if (me != NULL) { + if (me->me_q.q_mcr.dma_map != NULL) + ubsec_dma_free(sc, &me->me_q.q_mcr); + if (me->me_q.q_ctx.dma_map != NULL) { + bzero(me->me_q.q_ctx.dma_vaddr, me->me_q.q_ctx.dma_size); + ubsec_dma_free(sc, &me->me_q.q_ctx); + } + if (me->me_M.dma_map != NULL) { + bzero(me->me_M.dma_vaddr, me->me_M.dma_size); + ubsec_dma_free(sc, &me->me_M); + } + if (me->me_E.dma_map != NULL) { + bzero(me->me_E.dma_vaddr, me->me_E.dma_size); + ubsec_dma_free(sc, &me->me_E); + } + if (me->me_C.dma_map != NULL) { + bzero(me->me_C.dma_vaddr, me->me_C.dma_size); + ubsec_dma_free(sc, &me->me_C); + } + if (me->me_epb.dma_map != NULL) + ubsec_dma_free(sc, &me->me_epb); + free(me, M_DEVBUF); + } + krp->krp_status = err; + crypto_kdone(krp); + return (0); +} + +/* + * Start computation of cr[C] = (cr[M] ^ cr[E]) mod cr[N] (hw normalization) + */ +int +ubsec_kprocess_modexp_hw(struct ubsec_softc *sc, struct cryptkop *krp) +{ + struct ubsec_q2_modexp *me; + struct ubsec_mcr *mcr; + struct ubsec_ctx_modexp *ctx; + struct ubsec_pktbuf *epb; + int err = 0, s; + u_int nbits, normbits, mbits, shiftbits, ebits; + + me = malloc(sizeof *me, M_DEVBUF, M_NOWAIT | M_ZERO); + if (me == NULL) { + err = ENOMEM; + goto errout; + } + me->me_krp = krp; + me->me_q.q_type = UBS_CTXOP_MODEXP; + + nbits = ubsec_ksigbits(&krp->krp_param[UBS_MODEXP_PAR_N]); + if (nbits <= 512) + normbits = 512; + else if (nbits <= 768) + normbits = 768; + else if (nbits <= 1024) + normbits = 1024; + else if (sc->sc_flags & UBS_FLAGS_BIGKEY && nbits <= 1536) + normbits = 1536; + else if (sc->sc_flags & UBS_FLAGS_BIGKEY && nbits <= 2048) + normbits = 2048; + else { + err = E2BIG; + goto errout; + } + + shiftbits = normbits - nbits; + + /* XXX ??? */ + me->me_modbits = nbits; + me->me_shiftbits = shiftbits; + me->me_normbits = normbits; + + /* Sanity check: result bits must be >= true modulus bits. */ + if (krp->krp_param[krp->krp_iparams].crp_nbits < nbits) { + err = ERANGE; + goto errout; + } + + if (ubsec_dma_malloc(sc, sizeof(struct ubsec_mcr), + &me->me_q.q_mcr, 0)) { + err = ENOMEM; + goto errout; + } + mcr = (struct ubsec_mcr *)me->me_q.q_mcr.dma_vaddr; + + if (ubsec_dma_malloc(sc, sizeof(struct ubsec_ctx_modexp), + &me->me_q.q_ctx, 0)) { + err = ENOMEM; + goto errout; + } + + mbits = ubsec_ksigbits(&krp->krp_param[UBS_MODEXP_PAR_M]); + if (mbits > nbits) { + err = E2BIG; + goto errout; + } + if (ubsec_dma_malloc(sc, normbits / 8, &me->me_M, 0)) { + err = ENOMEM; + goto errout; + } + bzero(me->me_M.dma_vaddr, normbits / 8); + bcopy(krp->krp_param[UBS_MODEXP_PAR_M].crp_p, + me->me_M.dma_vaddr, (mbits + 7) / 8); + + if (ubsec_dma_malloc(sc, normbits / 8, &me->me_C, 0)) { + err = ENOMEM; + goto errout; + } + bzero(me->me_C.dma_vaddr, me->me_C.dma_size); + + ebits = ubsec_ksigbits(&krp->krp_param[UBS_MODEXP_PAR_E]); + if (ebits > nbits) { + err = E2BIG; + goto errout; + } + if (ubsec_dma_malloc(sc, normbits / 8, &me->me_E, 0)) { + err = ENOMEM; + goto errout; + } + bzero(me->me_E.dma_vaddr, normbits / 8); + bcopy(krp->krp_param[UBS_MODEXP_PAR_E].crp_p, + me->me_E.dma_vaddr, (ebits + 7) / 8); + + if (ubsec_dma_malloc(sc, sizeof(struct ubsec_pktbuf), + &me->me_epb, 0)) { + err = ENOMEM; + goto errout; + } + epb = (struct ubsec_pktbuf *)me->me_epb.dma_vaddr; + epb->pb_addr = htole32(me->me_E.dma_paddr); + epb->pb_next = 0; + epb->pb_len = htole32((ebits + 7) / 8); + +#ifdef UBSEC_DEBUG + printf("Epb "); + ubsec_dump_pb(epb); +#endif + + mcr->mcr_pkts = htole16(1); + mcr->mcr_flags = 0; + mcr->mcr_cmdctxp = htole32(me->me_q.q_ctx.dma_paddr); + mcr->mcr_reserved = 0; + mcr->mcr_pktlen = 0; + + mcr->mcr_ipktbuf.pb_addr = htole32(me->me_M.dma_paddr); + mcr->mcr_ipktbuf.pb_len = htole32(normbits / 8); + mcr->mcr_ipktbuf.pb_next = htole32(me->me_epb.dma_paddr); + + mcr->mcr_opktbuf.pb_addr = htole32(me->me_C.dma_paddr); + mcr->mcr_opktbuf.pb_next = 0; + mcr->mcr_opktbuf.pb_len = htole32(normbits / 8); + +#ifdef DIAGNOSTIC + /* Misaligned output buffer will hang the chip. */ + if ((letoh32(mcr->mcr_opktbuf.pb_addr) & 3) != 0) + panic("%s: modexp invalid addr 0x%x", + sc->sc_dv.dv_xname, letoh32(mcr->mcr_opktbuf.pb_addr)); + if ((letoh32(mcr->mcr_opktbuf.pb_len) & 3) != 0) + panic("%s: modexp invalid len 0x%x", + sc->sc_dv.dv_xname, letoh32(mcr->mcr_opktbuf.pb_len)); +#endif + + ctx = (struct ubsec_ctx_modexp *)me->me_q.q_ctx.dma_vaddr; + bzero(ctx, sizeof(*ctx)); + bcopy(krp->krp_param[UBS_MODEXP_PAR_N].crp_p, ctx->me_N, + (nbits + 7) / 8); + ctx->me_len = htole16((normbits / 8) + (4 * sizeof(u_int16_t))); + ctx->me_op = htole16(UBS_CTXOP_MODEXP); + ctx->me_E_len = htole16(ebits); + ctx->me_N_len = htole16(nbits); + +#ifdef UBSEC_DEBUG + ubsec_dump_mcr(mcr); + ubsec_dump_ctx2((struct ubsec_ctx_keyop *)ctx); +#endif + + /* + * ubsec_feed2 will sync mcr and ctx, we just need to sync + * everything else. + */ + bus_dmamap_sync(sc->sc_dmat, me->me_M.dma_map, + 0, me->me_M.dma_map->dm_mapsize, BUS_DMASYNC_PREWRITE); + bus_dmamap_sync(sc->sc_dmat, me->me_E.dma_map, + 0, me->me_E.dma_map->dm_mapsize, BUS_DMASYNC_PREWRITE); + bus_dmamap_sync(sc->sc_dmat, me->me_C.dma_map, + 0, me->me_C.dma_map->dm_mapsize, BUS_DMASYNC_PREREAD); + bus_dmamap_sync(sc->sc_dmat, me->me_epb.dma_map, + 0, me->me_epb.dma_map->dm_mapsize, BUS_DMASYNC_PREWRITE); + + /* Enqueue and we're done... */ + s = splnet(); + SIMPLEQ_INSERT_TAIL(&sc->sc_queue2, &me->me_q, q_next); + ubsec_feed2(sc); + splx(s); + + return (0); + +errout: + if (me != NULL) { + if (me->me_q.q_mcr.dma_map != NULL) + ubsec_dma_free(sc, &me->me_q.q_mcr); + if (me->me_q.q_ctx.dma_map != NULL) { + bzero(me->me_q.q_ctx.dma_vaddr, me->me_q.q_ctx.dma_size); + ubsec_dma_free(sc, &me->me_q.q_ctx); + } + if (me->me_M.dma_map != NULL) { + bzero(me->me_M.dma_vaddr, me->me_M.dma_size); + ubsec_dma_free(sc, &me->me_M); + } + if (me->me_E.dma_map != NULL) { + bzero(me->me_E.dma_vaddr, me->me_E.dma_size); + ubsec_dma_free(sc, &me->me_E); + } + if (me->me_C.dma_map != NULL) { + bzero(me->me_C.dma_vaddr, me->me_C.dma_size); + ubsec_dma_free(sc, &me->me_C); + } + if (me->me_epb.dma_map != NULL) + ubsec_dma_free(sc, &me->me_epb); + free(me, M_DEVBUF); + } + krp->krp_status = err; + crypto_kdone(krp); + return (0); +} + +int +ubsec_kprocess_rsapriv(struct ubsec_softc *sc, struct cryptkop *krp) +{ + struct ubsec_q2_rsapriv *rp = NULL; + struct ubsec_mcr *mcr; + struct ubsec_ctx_rsapriv *ctx; + int err = 0, s; + u_int padlen, msglen; + + msglen = ubsec_ksigbits(&krp->krp_param[UBS_RSAPRIV_PAR_P]); + padlen = ubsec_ksigbits(&krp->krp_param[UBS_RSAPRIV_PAR_Q]); + if (msglen > padlen) + padlen = msglen; + + if (padlen <= 256) + padlen = 256; + else if (padlen <= 384) + padlen = 384; + else if (padlen <= 512) + padlen = 512; + else if (sc->sc_flags & UBS_FLAGS_BIGKEY && padlen <= 768) + padlen = 768; + else if (sc->sc_flags & UBS_FLAGS_BIGKEY && padlen <= 1024) + padlen = 1024; + else { + err = E2BIG; + goto errout; + } + + if (ubsec_ksigbits(&krp->krp_param[UBS_RSAPRIV_PAR_DP]) > padlen) { + err = E2BIG; + goto errout; + } + + if (ubsec_ksigbits(&krp->krp_param[UBS_RSAPRIV_PAR_DQ]) > padlen) { + err = E2BIG; + goto errout; + } + + if (ubsec_ksigbits(&krp->krp_param[UBS_RSAPRIV_PAR_PINV]) > padlen) { + err = E2BIG; + goto errout; + } + + rp = malloc(sizeof *rp, M_DEVBUF, M_NOWAIT | M_ZERO); + if (rp == NULL) + return (ENOMEM); + rp->rpr_krp = krp; + rp->rpr_q.q_type = UBS_CTXOP_RSAPRIV; + + if (ubsec_dma_malloc(sc, sizeof(struct ubsec_mcr), + &rp->rpr_q.q_mcr, 0)) { + err = ENOMEM; + goto errout; + } + mcr = (struct ubsec_mcr *)rp->rpr_q.q_mcr.dma_vaddr; + + if (ubsec_dma_malloc(sc, sizeof(struct ubsec_ctx_rsapriv), + &rp->rpr_q.q_ctx, 0)) { + err = ENOMEM; + goto errout; + } + ctx = (struct ubsec_ctx_rsapriv *)rp->rpr_q.q_ctx.dma_vaddr; + bzero(ctx, sizeof *ctx); + + /* Copy in p */ + bcopy(krp->krp_param[UBS_RSAPRIV_PAR_P].crp_p, + &ctx->rpr_buf[0 * (padlen / 8)], + (krp->krp_param[UBS_RSAPRIV_PAR_P].crp_nbits + 7) / 8); + + /* Copy in q */ + bcopy(krp->krp_param[UBS_RSAPRIV_PAR_Q].crp_p, + &ctx->rpr_buf[1 * (padlen / 8)], + (krp->krp_param[UBS_RSAPRIV_PAR_Q].crp_nbits + 7) / 8); + + /* Copy in dp */ + bcopy(krp->krp_param[UBS_RSAPRIV_PAR_DP].crp_p, + &ctx->rpr_buf[2 * (padlen / 8)], + (krp->krp_param[UBS_RSAPRIV_PAR_DP].crp_nbits + 7) / 8); + + /* Copy in dq */ + bcopy(krp->krp_param[UBS_RSAPRIV_PAR_DQ].crp_p, + &ctx->rpr_buf[3 * (padlen / 8)], + (krp->krp_param[UBS_RSAPRIV_PAR_DQ].crp_nbits + 7) / 8); + + /* Copy in pinv */ + bcopy(krp->krp_param[UBS_RSAPRIV_PAR_PINV].crp_p, + &ctx->rpr_buf[4 * (padlen / 8)], + (krp->krp_param[UBS_RSAPRIV_PAR_PINV].crp_nbits + 7) / 8); + + msglen = padlen * 2; + + /* Copy in input message (aligned buffer/length). */ + if (ubsec_ksigbits(&krp->krp_param[UBS_RSAPRIV_PAR_MSGIN]) > msglen) { + /* Is this likely? */ + err = E2BIG; + goto errout; + } + if (ubsec_dma_malloc(sc, (msglen + 7) / 8, &rp->rpr_msgin, 0)) { + err = ENOMEM; + goto errout; + } + bzero(rp->rpr_msgin.dma_vaddr, (msglen + 7) / 8); + bcopy(krp->krp_param[UBS_RSAPRIV_PAR_MSGIN].crp_p, + rp->rpr_msgin.dma_vaddr, + (krp->krp_param[UBS_RSAPRIV_PAR_MSGIN].crp_nbits + 7) / 8); + + /* Prepare space for output message (aligned buffer/length). */ + if (ubsec_ksigbits(&krp->krp_param[UBS_RSAPRIV_PAR_MSGOUT]) < msglen) { + /* Is this likely? */ + err = E2BIG; + goto errout; + } + if (ubsec_dma_malloc(sc, (msglen + 7) / 8, &rp->rpr_msgout, 0)) { + err = ENOMEM; + goto errout; + } + bzero(rp->rpr_msgout.dma_vaddr, (msglen + 7) / 8); + + mcr->mcr_pkts = htole16(1); + mcr->mcr_flags = 0; + mcr->mcr_cmdctxp = htole32(rp->rpr_q.q_ctx.dma_paddr); + mcr->mcr_ipktbuf.pb_addr = htole32(rp->rpr_msgin.dma_paddr); + mcr->mcr_ipktbuf.pb_next = 0; + mcr->mcr_ipktbuf.pb_len = htole32(rp->rpr_msgin.dma_size); + mcr->mcr_reserved = 0; + mcr->mcr_pktlen = htole16(msglen); + mcr->mcr_opktbuf.pb_addr = htole32(rp->rpr_msgout.dma_paddr); + mcr->mcr_opktbuf.pb_next = 0; + mcr->mcr_opktbuf.pb_len = htole32(rp->rpr_msgout.dma_size); + +#ifdef DIAGNOSTIC + if (rp->rpr_msgin.dma_paddr & 3 || rp->rpr_msgin.dma_size & 3) { + panic("%s: rsapriv: invalid msgin %p(0x%x)", + sc->sc_dv.dv_xname, rp->rpr_msgin.dma_paddr, + rp->rpr_msgin.dma_size); + } + if (rp->rpr_msgout.dma_paddr & 3 || rp->rpr_msgout.dma_size & 3) { + panic("%s: rsapriv: invalid msgout %p(0x%x)", + sc->sc_dv.dv_xname, rp->rpr_msgout.dma_paddr, + rp->rpr_msgout.dma_size); + } +#endif + + ctx->rpr_len = (sizeof(u_int16_t) * 4) + (5 * (padlen / 8)); + ctx->rpr_op = htole16(UBS_CTXOP_RSAPRIV); + ctx->rpr_q_len = htole16(padlen); + ctx->rpr_p_len = htole16(padlen); + + /* + * ubsec_feed2 will sync mcr and ctx, we just need to sync + * everything else. + */ + bus_dmamap_sync(sc->sc_dmat, rp->rpr_msgin.dma_map, + 0, rp->rpr_msgin.dma_map->dm_mapsize, BUS_DMASYNC_PREWRITE); + bus_dmamap_sync(sc->sc_dmat, rp->rpr_msgout.dma_map, + 0, rp->rpr_msgout.dma_map->dm_mapsize, BUS_DMASYNC_PREREAD); + + /* Enqueue and we're done... */ + s = splnet(); + SIMPLEQ_INSERT_TAIL(&sc->sc_queue2, &rp->rpr_q, q_next); + ubsec_feed2(sc); + splx(s); + return (0); + +errout: + if (rp != NULL) { + if (rp->rpr_q.q_mcr.dma_map != NULL) + ubsec_dma_free(sc, &rp->rpr_q.q_mcr); + if (rp->rpr_msgin.dma_map != NULL) { + bzero(rp->rpr_msgin.dma_vaddr, rp->rpr_msgin.dma_size); + ubsec_dma_free(sc, &rp->rpr_msgin); + } + if (rp->rpr_msgout.dma_map != NULL) { + bzero(rp->rpr_msgout.dma_vaddr, rp->rpr_msgout.dma_size); + ubsec_dma_free(sc, &rp->rpr_msgout); + } + free(rp, M_DEVBUF); + } + krp->krp_status = err; + crypto_kdone(krp); + return (0); +} + +void +ubsec_dump_pb(struct ubsec_pktbuf *pb) +{ + printf("addr 0x%x (0x%x) next 0x%x\n", + pb->pb_addr, pb->pb_len, pb->pb_next); +} + +void +ubsec_dump_ctx2(struct ubsec_ctx_keyop *c) +{ + printf("CTX (0x%x):\n", c->ctx_len); + switch (letoh16(c->ctx_op)) { + case UBS_CTXOP_RNGBYPASS: + case UBS_CTXOP_RNGSHA1: + break; + case UBS_CTXOP_MODEXP: + { + struct ubsec_ctx_modexp *cx = (void *)c; + int i, len; + + printf(" Elen %u, Nlen %u\n", + letoh16(cx->me_E_len), letoh16(cx->me_N_len)); + len = (cx->me_N_len + 7)/8; + for (i = 0; i < len; i++) + printf("%s%02x", (i == 0) ? " N: " : ":", cx->me_N[i]); + printf("\n"); + break; + } + default: + printf("unknown context: %x\n", c->ctx_op); + } + printf("END CTX\n"); +} + +void +ubsec_dump_mcr(struct ubsec_mcr *mcr) +{ + struct ubsec_mcr_add *ma; + int i; + + printf("MCR:\n"); + printf(" pkts: %u, flags 0x%x\n", + letoh16(mcr->mcr_pkts), letoh16(mcr->mcr_flags)); + ma = (struct ubsec_mcr_add *)&mcr->mcr_cmdctxp; + for (i = 0; i < letoh16(mcr->mcr_pkts); i++) { + printf(" %d: ctx 0x%x len 0x%x rsvd 0x%x\n", i, + letoh32(ma->mcr_cmdctxp), letoh16(ma->mcr_pktlen), + letoh16(ma->mcr_reserved)); + printf(" %d: ipkt ", i); + ubsec_dump_pb(&ma->mcr_ipktbuf); + printf(" %d: opkt ", i); + ubsec_dump_pb(&ma->mcr_opktbuf); + ma++; + } + printf("END MCR\n"); +} + +/* + * Return the number of significant bits of a big number. + */ +int +ubsec_ksigbits(struct crparam *cr) +{ + u_int plen = (cr->crp_nbits + 7) / 8; + int i, sig = plen * 8; + u_int8_t c, *p = cr->crp_p; + + for (i = plen - 1; i >= 0; i--) { + c = p[i]; + if (c != 0) { + while ((c & 0x80) == 0) { + sig--; + c <<= 1; + } + break; + } + sig -= 8; + } + return (sig); +} + +void +ubsec_kshift_r(u_int shiftbits, u_int8_t *src, u_int srcbits, + u_int8_t *dst, u_int dstbits) +{ + u_int slen, dlen; + int i, si, di, n; + + slen = (srcbits + 7) / 8; + dlen = (dstbits + 7) / 8; + + for (i = 0; i < slen; i++) + dst[i] = src[i]; + for (i = 0; i < dlen - slen; i++) + dst[slen + i] = 0; + + n = shiftbits / 8; + if (n != 0) { + si = dlen - n - 1; + di = dlen - 1; + while (si >= 0) + dst[di--] = dst[si--]; + while (di >= 0) + dst[di--] = 0; + } + + n = shiftbits % 8; + if (n != 0) { + for (i = dlen - 1; i > 0; i--) + dst[i] = (dst[i] << n) | + (dst[i - 1] >> (8 - n)); + dst[0] = dst[0] << n; + } +} + +void +ubsec_kshift_l(u_int shiftbits, u_int8_t *src, u_int srcbits, + u_int8_t *dst, u_int dstbits) +{ + int slen, dlen, i, n; + + slen = (srcbits + 7) / 8; + dlen = (dstbits + 7) / 8; + + n = shiftbits / 8; + for (i = 0; i < slen; i++) + dst[i] = src[i + n]; + for (i = 0; i < dlen - slen; i++) + dst[slen + i] = 0; + + n = shiftbits % 8; + if (n != 0) { + for (i = 0; i < (dlen - 1); i++) + dst[i] = (dst[i] >> n) | (dst[i + 1] << (8 - n)); + dst[dlen - 1] = dst[dlen - 1] >> n; + } +} diff --git a/package/ubsec_ssb/src/openbsd/ubsecreg.h b/package/ubsec_ssb/src/openbsd/ubsecreg.h new file mode 100644 index 0000000000..bcd0ad859a --- /dev/null +++ b/package/ubsec_ssb/src/openbsd/ubsecreg.h @@ -0,0 +1,193 @@ +/* $OpenBSD: ubsecreg.h,v 1.11.2.6 2003/06/07 11:02:31 ho Exp $ */ + +/* + * Copyright (c) 2000 Theo de Raadt + * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com) + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * + */ + +/* + * Register definitions for 5601 BlueSteel Networks Ubiquitous Broadband + * Security "uBSec" chip. Definitions from revision 2.8 of the product + * datasheet. + */ + +#define BS_BAR 0x10 /* DMA base address register */ +#define BS_TRDY_TIMEOUT 0x40 /* TRDY timeout */ +#define BS_RETRY_TIMEOUT 0x41 /* DMA retry timeout */ + +#define UBS_PCI_RTY_SHIFT 8 +#define UBS_PCI_RTY_MASK 0xff +#define UBS_PCI_RTY(misc) \ + (((misc) >> UBS_PCI_RTY_SHIFT) & UBS_PCI_RTY_MASK) + +#define UBS_PCI_TOUT_SHIFT 0 +#define UBS_PCI_TOUT_MASK 0xff +#define UBS_PCI_TOUT(misc) \ + (((misc) >> PCI_TOUT_SHIFT) & PCI_TOUT_MASK) + +/* + * DMA Control & Status Registers (offset from BS_BAR) + */ +#define BS_MCR1 0x00 /* DMA Master Command Record 1 */ +#define BS_CTRL 0x04 /* DMA Control */ +#define BS_STAT 0x08 /* DMA Status */ +#define BS_ERR 0x0c /* DMA Error Address */ +#define BS_MCR2 0x10 /* DMA Master Command Record 2 */ + +/* BS_CTRL - DMA Control */ +#define BS_CTRL_RESET 0x80000000 /* hardware reset, 5805/5820 */ +#define BS_CTRL_MCR2INT 0x40000000 /* enable intr MCR for MCR2 */ +#define BS_CTRL_MCR1INT 0x20000000 /* enable intr MCR for MCR1 */ +#define BS_CTRL_OFM 0x10000000 /* Output fragment mode */ +#define BS_CTRL_BE32 0x08000000 /* big-endian, 32bit bytes */ +#define BS_CTRL_BE64 0x04000000 /* big-endian, 64bit bytes */ +#define BS_CTRL_DMAERR 0x02000000 /* enable intr DMA error */ +#define BS_CTRL_RNG_M 0x01800000 /* RNG mode */ +#define BS_CTRL_RNG_1 0x00000000 /* 1bit rn/one slow clock */ +#define BS_CTRL_RNG_4 0x00800000 /* 1bit rn/four slow clocks */ +#define BS_CTRL_RNG_8 0x01000000 /* 1bit rn/eight slow clocks */ +#define BS_CTRL_RNG_16 0x01800000 /* 1bit rn/16 slow clocks */ +#define BS_CTRL_SWNORM 0x00400000 /* 582[01], sw normalization */ +#define BS_CTRL_FRAG_M 0x0000ffff /* output fragment size mask */ +#define BS_CTRL_LITTLE_ENDIAN (BS_CTRL_BE32 | BS_CTRL_BE64) + +/* BS_STAT - DMA Status */ +#define BS_STAT_MCR1_BUSY 0x80000000 /* MCR1 is busy */ +#define BS_STAT_MCR1_FULL 0x40000000 /* MCR1 is full */ +#define BS_STAT_MCR1_DONE 0x20000000 /* MCR1 is done */ +#define BS_STAT_DMAERR 0x10000000 /* DMA error */ +#define BS_STAT_MCR2_FULL 0x08000000 /* MCR2 is full */ +#define BS_STAT_MCR2_DONE 0x04000000 /* MCR2 is done */ +#define BS_STAT_MCR1_ALLEMPTY 0x02000000 /* 5821, MCR1 is empty */ +#define BS_STAT_MCR2_ALLEMPTY 0x01000000 /* 5821, MCR2 is empty */ + +/* BS_ERR - DMA Error Address */ +#define BS_ERR_ADDR 0xfffffffc /* error address mask */ +#define BS_ERR_READ 0x00000002 /* fault was on read */ + +struct ubsec_pktctx { + u_int32_t pc_deskey[6]; /* 3DES key */ + u_int32_t pc_hminner[5]; /* hmac inner state */ + u_int32_t pc_hmouter[5]; /* hmac outer state */ + u_int32_t pc_iv[2]; /* [3]DES iv */ + u_int16_t pc_flags; /* flags, below */ + u_int16_t pc_offset; /* crypto offset */ +}; +#define UBS_PKTCTX_ENC_3DES 0x8000 /* use 3des */ +#define UBS_PKTCTX_ENC_NONE 0x0000 /* no encryption */ +#define UBS_PKTCTX_INBOUND 0x4000 /* inbound packet */ +#define UBS_PKTCTX_AUTH 0x3000 /* authentication mask */ +#define UBS_PKTCTX_AUTH_NONE 0x0000 /* no authentication */ +#define UBS_PKTCTX_AUTH_MD5 0x1000 /* use hmac-md5 */ +#define UBS_PKTCTX_AUTH_SHA1 0x2000 /* use hmac-sha1 */ + +struct ubsec_pktctx_long { + volatile u_int16_t pc_len; /* length of ctx struct */ + volatile u_int16_t pc_type; /* context type, 0 */ + volatile u_int16_t pc_flags; /* flags, same as above */ + volatile u_int16_t pc_offset; /* crypto/auth offset */ + volatile u_int32_t pc_deskey[6]; /* 3DES key */ + volatile u_int32_t pc_iv[2]; /* [3]DES iv */ + volatile u_int32_t pc_hminner[5]; /* hmac inner state */ + volatile u_int32_t pc_hmouter[5]; /* hmac outer state */ +}; +#define UBS_PKTCTX_TYPE_IPSEC 0x0000 + +struct ubsec_pktbuf { + volatile u_int32_t pb_addr; /* address of buffer start */ + volatile u_int32_t pb_next; /* pointer to next pktbuf */ + volatile u_int32_t pb_len; /* packet length */ +}; +#define UBS_PKTBUF_LEN 0x0000ffff /* length mask */ + +struct ubsec_mcr { + volatile u_int16_t mcr_pkts; /* #pkts in this mcr */ + volatile u_int16_t mcr_flags; /* mcr flags (below) */ + volatile u_int32_t mcr_cmdctxp; /* command ctx pointer */ + struct ubsec_pktbuf mcr_ipktbuf; /* input chain header */ + volatile u_int16_t mcr_reserved; + volatile u_int16_t mcr_pktlen; + struct ubsec_pktbuf mcr_opktbuf; /* output chain header */ +}; + +struct ubsec_mcr_add { + volatile u_int32_t mcr_cmdctxp; /* command ctx pointer */ + struct ubsec_pktbuf mcr_ipktbuf; /* input chain header */ + volatile u_int16_t mcr_reserved; + volatile u_int16_t mcr_pktlen; + struct ubsec_pktbuf mcr_opktbuf; /* output chain header */ +}; + +#define UBS_MCR_DONE 0x0001 /* mcr has been processed */ +#define UBS_MCR_ERROR 0x0002 /* error in processing */ +#define UBS_MCR_ERRORCODE 0xff00 /* error type */ + +struct ubsec_ctx_keyop { + volatile u_int16_t ctx_len; /* command length */ + volatile u_int16_t ctx_op; /* operation code */ + volatile u_int8_t ctx_pad[60]; /* padding */ +}; +#define UBS_CTXOP_DHPKGEN 0x01 /* dh public key generation */ +#define UBS_CTXOP_DHSSGEN 0x02 /* dh shared secret gen. */ +#define UBS_CTXOP_RSAPUB 0x03 /* rsa public key op */ +#define UBS_CTXOP_RSAPRIV 0x04 /* rsa private key op */ +#define UBS_CTXOP_DSASIGN 0x05 /* dsa signing op */ +#define UBS_CTXOP_DSAVRFY 0x06 /* dsa verification */ +#define UBS_CTXOP_RNGBYPASS 0x41 /* rng direct test mode */ +#define UBS_CTXOP_RNGSHA1 0x42 /* rng sha1 test mode */ +#define UBS_CTXOP_MODADD 0x43 /* modular addition */ +#define UBS_CTXOP_MODSUB 0x44 /* modular subtraction */ +#define UBS_CTXOP_MODMUL 0x45 /* modular multiplication */ +#define UBS_CTXOP_MODRED 0x46 /* modular reduction */ +#define UBS_CTXOP_MODEXP 0x47 /* modular exponentiation */ +#define UBS_CTXOP_MODINV 0x48 /* modular inverse */ + +struct ubsec_ctx_rngbypass { + volatile u_int16_t rbp_len; /* command length, 64 */ + volatile u_int16_t rbp_op; /* rng bypass, 0x41 */ + volatile u_int8_t rbp_pad[60]; /* padding */ +}; + +/* modexp: C = (M ^ E) mod N */ +struct ubsec_ctx_modexp { + volatile u_int16_t me_len; /* command length */ + volatile u_int16_t me_op; /* modexp, 0x47 */ + volatile u_int16_t me_E_len; /* E (bits) */ + volatile u_int16_t me_N_len; /* N (bits) */ + u_int8_t me_N[2048/8]; /* N */ +}; + +struct ubsec_ctx_rsapriv { + volatile u_int16_t rpr_len; /* command length */ + volatile u_int16_t rpr_op; /* rsaprivate, 0x04 */ + volatile u_int16_t rpr_q_len; /* q (bits) */ + volatile u_int16_t rpr_p_len; /* p (bits) */ + u_int8_t rpr_buf[5 * 1024 / 8]; /* parameters: */ + /* p, q, dp, dq, pinv */ +}; diff --git a/package/ubsec_ssb/src/openbsd/ubsecvar.h b/package/ubsec_ssb/src/openbsd/ubsecvar.h new file mode 100644 index 0000000000..2c8160bfaf --- /dev/null +++ b/package/ubsec_ssb/src/openbsd/ubsecvar.h @@ -0,0 +1,195 @@ +/* $OpenBSD: ubsecvar.h,v 1.15.2.5 2003/06/07 11:02:31 ho Exp $ */ + +/* + * Copyright (c) 2000 Theo de Raadt + * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com) + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * + */ + +/* Maximum queue length */ +#ifndef UBS_MAX_NQUEUE +#define UBS_MAX_NQUEUE 60 +#endif + +#define UBS_MAX_SCATTER 64 /* Maximum scatter/gather depth */ + +#ifndef UBS_MAX_AGGR +#define UBS_MAX_AGGR 5 /* Maximum aggregation count */ +#endif + +#define UBSEC_CARD(sid) (((sid) & 0xf0000000) >> 28) +#define UBSEC_SESSION(sid) ( (sid) & 0x0fffffff) +#define UBSEC_SID(crd, sesn) (((crd) << 28) | ((sesn) & 0x0fffffff)) + +#define UBS_DEF_RTY 0xff /* PCI Retry Timeout */ +#define UBS_DEF_TOUT 0xff /* PCI TRDY Timeout */ +#define UBS_DEF_CACHELINE 0x01 /* Cache Line setting */ + +struct ubsec_dma_alloc { + u_int32_t dma_paddr; + caddr_t dma_vaddr; + bus_dmamap_t dma_map; + bus_dma_segment_t dma_seg; + bus_size_t dma_size; + int dma_nseg; +}; + +struct ubsec_q2 { + SIMPLEQ_ENTRY(ubsec_q2) q_next; + struct ubsec_dma_alloc q_mcr; + struct ubsec_dma_alloc q_ctx; + u_int q_type; +}; + +struct ubsec_q2_rng { + struct ubsec_q2 rng_q; + struct ubsec_dma_alloc rng_buf; + int rng_used; +}; + +/* C = (M ^ E) mod N */ +#define UBS_MODEXP_PAR_M 0 +#define UBS_MODEXP_PAR_E 1 +#define UBS_MODEXP_PAR_N 2 +struct ubsec_q2_modexp { + struct ubsec_q2 me_q; + struct cryptkop * me_krp; + struct ubsec_dma_alloc me_M; + struct ubsec_dma_alloc me_E; + struct ubsec_dma_alloc me_C; + struct ubsec_dma_alloc me_epb; + int me_modbits; + int me_shiftbits; + int me_normbits; +}; + +#define UBS_RSAPRIV_PAR_P 0 +#define UBS_RSAPRIV_PAR_Q 1 +#define UBS_RSAPRIV_PAR_DP 2 +#define UBS_RSAPRIV_PAR_DQ 3 +#define UBS_RSAPRIV_PAR_PINV 4 +#define UBS_RSAPRIV_PAR_MSGIN 5 +#define UBS_RSAPRIV_PAR_MSGOUT 6 +struct ubsec_q2_rsapriv { + struct ubsec_q2 rpr_q; + struct cryptkop * rpr_krp; + struct ubsec_dma_alloc rpr_msgin; + struct ubsec_dma_alloc rpr_msgout; +}; + +#define UBSEC_RNG_BUFSIZ 16 /* measured in 32bit words */ + +struct ubsec_dmachunk { + struct ubsec_mcr d_mcr; + struct ubsec_mcr_add d_mcradd[UBS_MAX_AGGR-1]; + struct ubsec_pktbuf d_sbuf[UBS_MAX_SCATTER-1]; + struct ubsec_pktbuf d_dbuf[UBS_MAX_SCATTER-1]; + u_int32_t d_macbuf[5]; + union { + struct ubsec_pktctx_long ctxl; + struct ubsec_pktctx ctx; + } d_ctx; +}; + +struct ubsec_dma { + SIMPLEQ_ENTRY(ubsec_dma) d_next; + struct ubsec_dmachunk *d_dma; + struct ubsec_dma_alloc d_alloc; +}; + +#define UBS_FLAGS_KEY 0x01 /* has key accelerator */ +#define UBS_FLAGS_LONGCTX 0x02 /* uses long ipsec ctx */ +#define UBS_FLAGS_BIGKEY 0x04 /* 2048bit keys */ +#define UBS_FLAGS_HWNORM 0x08 /* hardware normalization */ +#define UBS_FLAGS_RNG 0x10 /* hardware rng */ + +struct ubsec_q { + SIMPLEQ_ENTRY(ubsec_q) q_next; + int q_nstacked_mcrs; + struct ubsec_q *q_stacked_mcr[UBS_MAX_AGGR-1]; + struct cryptop *q_crp; + struct ubsec_dma *q_dma; + + struct mbuf *q_src_m, *q_dst_m; + struct uio *q_src_io, *q_dst_io; + + bus_dmamap_t q_src_map; + bus_dmamap_t q_dst_map; + + int q_sesn; + int q_flags; +}; + +struct ubsec_softc { + struct device sc_dv; /* generic device */ + void *sc_ih; /* interrupt handler cookie */ + bus_space_handle_t sc_sh; /* memory handle */ + bus_space_tag_t sc_st; /* memory tag */ + bus_dma_tag_t sc_dmat; /* dma tag */ + int sc_flags; /* device specific flags */ + u_int32_t sc_statmask; /* interrupt status mask */ + int32_t sc_cid; /* crypto tag */ + SIMPLEQ_HEAD(,ubsec_q) sc_queue; /* packet queue, mcr1 */ + int sc_nqueue; /* count enqueued, mcr1 */ + SIMPLEQ_HEAD(,ubsec_q) sc_qchip; /* on chip, mcr1 */ + SIMPLEQ_HEAD(,ubsec_q) sc_freequeue; /* list of free queue elements */ + SIMPLEQ_HEAD(,ubsec_q2) sc_queue2; /* packet queue, mcr2 */ + int sc_nqueue2; /* count enqueued, mcr2 */ + SIMPLEQ_HEAD(,ubsec_q2) sc_qchip2; /* on chip, mcr2 */ + int sc_nsessions; /* # of sessions */ + struct ubsec_session *sc_sessions; /* sessions */ + struct timeout sc_rngto; /* rng timeout */ + int sc_rnghz; /* rng poll time */ + struct ubsec_q2_rng sc_rng; + struct ubsec_dma sc_dmaa[UBS_MAX_NQUEUE]; + struct ubsec_q *sc_queuea[UBS_MAX_NQUEUE]; + SIMPLEQ_HEAD(,ubsec_q2) sc_q2free; /* free list */ +}; + +#define UBSEC_QFLAGS_COPYOUTIV 0x1 + +struct ubsec_session { + u_int32_t ses_used; + u_int32_t ses_deskey[6]; /* 3DES key */ + u_int32_t ses_hminner[5]; /* hmac inner state */ + u_int32_t ses_hmouter[5]; /* hmac outer state */ + u_int32_t ses_iv[2]; /* [3]DES iv */ +}; + +struct ubsec_stats { + u_int64_t hst_ibytes; + u_int64_t hst_obytes; + u_int32_t hst_ipackets; + u_int32_t hst_opackets; + u_int32_t hst_invalid; + u_int32_t hst_nomem; + u_int32_t hst_queuefull; + u_int32_t hst_dmaerr; + u_int32_t hst_mcrerr; + u_int32_t hst_nodmafree; +}; diff --git a/package/ubsec_ssb/src/sha1.c b/package/ubsec_ssb/src/sha1.c new file mode 100644 index 0000000000..4e360e20db --- /dev/null +++ b/package/ubsec_ssb/src/sha1.c @@ -0,0 +1,279 @@ +/* $KAME: sha1.c,v 1.5 2000/11/08 06:13:08 itojun Exp $ */ +/* + * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * FIPS pub 180-1: Secure Hash Algorithm (SHA-1) + * based on: http://csrc.nist.gov/fips/fip180-1.txt + * implemented by Jun-ichiro itojun Itoh <itojun@itojun.org> + */ + +#if 0 +#include <sys/cdefs.h> +__FBSDID("$FreeBSD: src/sys/crypto/sha1.c,v 1.9 2003/06/10 21:36:57 obrien Exp $"); + +#include <sys/types.h> +#include <sys/cdefs.h> +#include <sys/time.h> +#include <sys/systm.h> + +#include <crypto/sha1.h> +#endif + +/* sanity check */ +#if BYTE_ORDER != BIG_ENDIAN +# if BYTE_ORDER != LITTLE_ENDIAN +# define unsupported 1 +# endif +#endif + +#ifndef unsupported + +/* constant table */ +static u_int32_t _K[] = { 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6 }; +#define K(t) _K[(t) / 20] + +#define F0(b, c, d) (((b) & (c)) | ((~(b)) & (d))) +#define F1(b, c, d) (((b) ^ (c)) ^ (d)) +#define F2(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d))) +#define F3(b, c, d) (((b) ^ (c)) ^ (d)) + +#define S(n, x) (((x) << (n)) | ((x) >> (32 - n))) + +#undef H +#define H(n) (ctxt->h.b32[(n)]) +#define COUNT (ctxt->count) +#define BCOUNT (ctxt->c.b64[0] / 8) +#define W(n) (ctxt->m.b32[(n)]) + +#define PUTBYTE(x) { \ + ctxt->m.b8[(COUNT % 64)] = (x); \ + COUNT++; \ + COUNT %= 64; \ + ctxt->c.b64[0] += 8; \ + if (COUNT % 64 == 0) \ + sha1_step(ctxt); \ + } + +#define PUTPAD(x) { \ + ctxt->m.b8[(COUNT % 64)] = (x); \ + COUNT++; \ + COUNT %= 64; \ + if (COUNT % 64 == 0) \ + sha1_step(ctxt); \ + } + +static void sha1_step(struct sha1_ctxt *); + +static void +sha1_step(ctxt) + struct sha1_ctxt *ctxt; +{ + u_int32_t a, b, c, d, e; + size_t t, s; + u_int32_t tmp; + +#if BYTE_ORDER == LITTLE_ENDIAN + struct sha1_ctxt tctxt; + bcopy(&ctxt->m.b8[0], &tctxt.m.b8[0], 64); + ctxt->m.b8[0] = tctxt.m.b8[3]; ctxt->m.b8[1] = tctxt.m.b8[2]; + ctxt->m.b8[2] = tctxt.m.b8[1]; ctxt->m.b8[3] = tctxt.m.b8[0]; + ctxt->m.b8[4] = tctxt.m.b8[7]; ctxt->m.b8[5] = tctxt.m.b8[6]; + ctxt->m.b8[6] = tctxt.m.b8[5]; ctxt->m.b8[7] = tctxt.m.b8[4]; + ctxt->m.b8[8] = tctxt.m.b8[11]; ctxt->m.b8[9] = tctxt.m.b8[10]; + ctxt->m.b8[10] = tctxt.m.b8[9]; ctxt->m.b8[11] = tctxt.m.b8[8]; + ctxt->m.b8[12] = tctxt.m.b8[15]; ctxt->m.b8[13] = tctxt.m.b8[14]; + ctxt->m.b8[14] = tctxt.m.b8[13]; ctxt->m.b8[15] = tctxt.m.b8[12]; + ctxt->m.b8[16] = tctxt.m.b8[19]; ctxt->m.b8[17] = tctxt.m.b8[18]; + ctxt->m.b8[18] = tctxt.m.b8[17]; ctxt->m.b8[19] = tctxt.m.b8[16]; + ctxt->m.b8[20] = tctxt.m.b8[23]; ctxt->m.b8[21] = tctxt.m.b8[22]; + ctxt->m.b8[22] = tctxt.m.b8[21]; ctxt->m.b8[23] = tctxt.m.b8[20]; + ctxt->m.b8[24] = tctxt.m.b8[27]; ctxt->m.b8[25] = tctxt.m.b8[26]; + ctxt->m.b8[26] = tctxt.m.b8[25]; ctxt->m.b8[27] = tctxt.m.b8[24]; + ctxt->m.b8[28] = tctxt.m.b8[31]; ctxt->m.b8[29] = tctxt.m.b8[30]; + ctxt->m.b8[30] = tctxt.m.b8[29]; ctxt->m.b8[31] = tctxt.m.b8[28]; + ctxt->m.b8[32] = tctxt.m.b8[35]; ctxt->m.b8[33] = tctxt.m.b8[34]; + ctxt->m.b8[34] = tctxt.m.b8[33]; ctxt->m.b8[35] = tctxt.m.b8[32]; + ctxt->m.b8[36] = tctxt.m.b8[39]; ctxt->m.b8[37] = tctxt.m.b8[38]; + ctxt->m.b8[38] = tctxt.m.b8[37]; ctxt->m.b8[39] = tctxt.m.b8[36]; + ctxt->m.b8[40] = tctxt.m.b8[43]; ctxt->m.b8[41] = tctxt.m.b8[42]; + ctxt->m.b8[42] = tctxt.m.b8[41]; ctxt->m.b8[43] = tctxt.m.b8[40]; + ctxt->m.b8[44] = tctxt.m.b8[47]; ctxt->m.b8[45] = tctxt.m.b8[46]; + ctxt->m.b8[46] = tctxt.m.b8[45]; ctxt->m.b8[47] = tctxt.m.b8[44]; + ctxt->m.b8[48] = tctxt.m.b8[51]; ctxt->m.b8[49] = tctxt.m.b8[50]; + ctxt->m.b8[50] = tctxt.m.b8[49]; ctxt->m.b8[51] = tctxt.m.b8[48]; + ctxt->m.b8[52] = tctxt.m.b8[55]; ctxt->m.b8[53] = tctxt.m.b8[54]; + ctxt->m.b8[54] = tctxt.m.b8[53]; ctxt->m.b8[55] = tctxt.m.b8[52]; + ctxt->m.b8[56] = tctxt.m.b8[59]; ctxt->m.b8[57] = tctxt.m.b8[58]; + ctxt->m.b8[58] = tctxt.m.b8[57]; ctxt->m.b8[59] = tctxt.m.b8[56]; + ctxt->m.b8[60] = tctxt.m.b8[63]; ctxt->m.b8[61] = tctxt.m.b8[62]; + ctxt->m.b8[62] = tctxt.m.b8[61]; ctxt->m.b8[63] = tctxt.m.b8[60]; +#endif + + a = H(0); b = H(1); c = H(2); d = H(3); e = H(4); + + for (t = 0; t < 20; t++) { + s = t & 0x0f; + if (t >= 16) { + W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s)); + } + tmp = S(5, a) + F0(b, c, d) + e + W(s) + K(t); + e = d; d = c; c = S(30, b); b = a; a = tmp; + } + for (t = 20; t < 40; t++) { + s = t & 0x0f; + W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s)); + tmp = S(5, a) + F1(b, c, d) + e + W(s) + K(t); + e = d; d = c; c = S(30, b); b = a; a = tmp; + } + for (t = 40; t < 60; t++) { + s = t & 0x0f; + W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s)); + tmp = S(5, a) + F2(b, c, d) + e + W(s) + K(t); + e = d; d = c; c = S(30, b); b = a; a = tmp; + } + for (t = 60; t < 80; t++) { + s = t & 0x0f; + W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s)); + tmp = S(5, a) + F3(b, c, d) + e + W(s) + K(t); + e = d; d = c; c = S(30, b); b = a; a = tmp; + } + + H(0) = H(0) + a; + H(1) = H(1) + b; + H(2) = H(2) + c; + H(3) = H(3) + d; + H(4) = H(4) + e; + + bzero(&ctxt->m.b8[0], 64); +} + +/*------------------------------------------------------------*/ + +void +sha1_init(ctxt) + struct sha1_ctxt *ctxt; +{ + bzero(ctxt, sizeof(struct sha1_ctxt)); + H(0) = 0x67452301; + H(1) = 0xefcdab89; + H(2) = 0x98badcfe; + H(3) = 0x10325476; + H(4) = 0xc3d2e1f0; +} + +void +sha1_pad(ctxt) + struct sha1_ctxt *ctxt; +{ + size_t padlen; /*pad length in bytes*/ + size_t padstart; + + PUTPAD(0x80); + + padstart = COUNT % 64; + padlen = 64 - padstart; + if (padlen < 8) { + bzero(&ctxt->m.b8[padstart], padlen); + COUNT += padlen; + COUNT %= 64; + sha1_step(ctxt); + padstart = COUNT % 64; /* should be 0 */ + padlen = 64 - padstart; /* should be 64 */ + } + bzero(&ctxt->m.b8[padstart], padlen - 8); + COUNT += (padlen - 8); + COUNT %= 64; +#if BYTE_ORDER == BIG_ENDIAN + PUTPAD(ctxt->c.b8[0]); PUTPAD(ctxt->c.b8[1]); + PUTPAD(ctxt->c.b8[2]); PUTPAD(ctxt->c.b8[3]); + PUTPAD(ctxt->c.b8[4]); PUTPAD(ctxt->c.b8[5]); + PUTPAD(ctxt->c.b8[6]); PUTPAD(ctxt->c.b8[7]); +#else + PUTPAD(ctxt->c.b8[7]); PUTPAD(ctxt->c.b8[6]); + PUTPAD(ctxt->c.b8[5]); PUTPAD(ctxt->c.b8[4]); + PUTPAD(ctxt->c.b8[3]); PUTPAD(ctxt->c.b8[2]); + PUTPAD(ctxt->c.b8[1]); PUTPAD(ctxt->c.b8[0]); +#endif +} + +void +sha1_loop(ctxt, input, len) + struct sha1_ctxt *ctxt; + const u_int8_t *input; + size_t len; +{ + size_t gaplen; + size_t gapstart; + size_t off; + size_t copysiz; + + off = 0; + + while (off < len) { + gapstart = COUNT % 64; + gaplen = 64 - gapstart; + + copysiz = (gaplen < len - off) ? gaplen : len - off; + bcopy(&input[off], &ctxt->m.b8[gapstart], copysiz); + COUNT += copysiz; + COUNT %= 64; + ctxt->c.b64[0] += copysiz * 8; + if (COUNT % 64 == 0) + sha1_step(ctxt); + off += copysiz; + } +} + +void +sha1_result(ctxt, digest0) + struct sha1_ctxt *ctxt; + caddr_t digest0; +{ + u_int8_t *digest; + + digest = (u_int8_t *)digest0; + sha1_pad(ctxt); +#if BYTE_ORDER == BIG_ENDIAN + bcopy(&ctxt->h.b8[0], digest, 20); +#else + digest[0] = ctxt->h.b8[3]; digest[1] = ctxt->h.b8[2]; + digest[2] = ctxt->h.b8[1]; digest[3] = ctxt->h.b8[0]; + digest[4] = ctxt->h.b8[7]; digest[5] = ctxt->h.b8[6]; + digest[6] = ctxt->h.b8[5]; digest[7] = ctxt->h.b8[4]; + digest[8] = ctxt->h.b8[11]; digest[9] = ctxt->h.b8[10]; + digest[10] = ctxt->h.b8[9]; digest[11] = ctxt->h.b8[8]; + digest[12] = ctxt->h.b8[15]; digest[13] = ctxt->h.b8[14]; + digest[14] = ctxt->h.b8[13]; digest[15] = ctxt->h.b8[12]; + digest[16] = ctxt->h.b8[19]; digest[17] = ctxt->h.b8[18]; + digest[18] = ctxt->h.b8[17]; digest[19] = ctxt->h.b8[16]; +#endif +} + +#endif /*unsupported*/ diff --git a/package/ubsec_ssb/src/sha1.h b/package/ubsec_ssb/src/sha1.h new file mode 100644 index 0000000000..0e19d9071f --- /dev/null +++ b/package/ubsec_ssb/src/sha1.h @@ -0,0 +1,72 @@ +/* $FreeBSD: src/sys/crypto/sha1.h,v 1.8 2002/03/20 05:13:50 alfred Exp $ */ +/* $KAME: sha1.h,v 1.5 2000/03/27 04:36:23 sumikawa Exp $ */ + +/* + * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +/* + * FIPS pub 180-1: Secure Hash Algorithm (SHA-1) + * based on: http://csrc.nist.gov/fips/fip180-1.txt + * implemented by Jun-ichiro itojun Itoh <itojun@itojun.org> + */ + +#ifndef _NETINET6_SHA1_H_ +#define _NETINET6_SHA1_H_ + +struct sha1_ctxt { + union { + u_int8_t b8[20]; + u_int32_t b32[5]; + } h; + union { + u_int8_t b8[8]; + u_int64_t b64[1]; + } c; + union { + u_int8_t b8[64]; + u_int32_t b32[16]; + } m; + u_int8_t count; +}; + +#ifdef __KERNEL__ +extern void sha1_init(struct sha1_ctxt *); +extern void sha1_pad(struct sha1_ctxt *); +extern void sha1_loop(struct sha1_ctxt *, const u_int8_t *, size_t); +extern void sha1_result(struct sha1_ctxt *, caddr_t); + +/* compatibilty with other SHA1 source codes */ +typedef struct sha1_ctxt SHA1_CTX; +#define SHA1Init(x) sha1_init((x)) +#define SHA1Update(x, y, z) sha1_loop((x), (y), (z)) +#define SHA1Final(x, y) sha1_result((y), (x)) +#endif /* __KERNEL__ */ + +#define SHA1_RESULTLEN (160/8) + +#endif /*_NETINET6_SHA1_H_*/ diff --git a/package/ubsec_ssb/src/ubsec_ssb.c b/package/ubsec_ssb/src/ubsec_ssb.c new file mode 100644 index 0000000000..b57439218d --- /dev/null +++ b/package/ubsec_ssb/src/ubsec_ssb.c @@ -0,0 +1,2214 @@ +/* $Id: $ */ + +/* + * Copyright (c) 2008 Daniel Mueller (daniel@danm.de) + * Copyright (c) 2007 David McCullough (david_mccullough@securecomputing.com) + * Copyright (c) 2000 Jason L. Wright (jason@thought.net) + * Copyright (c) 2000 Theo de Raadt (deraadt@openbsd.org) + * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com) + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * + */ +#undef UBSEC_DEBUG +#undef UBSEC_VERBOSE_DEBUG + +#ifdef UBSEC_VERBOSE_DEBUG +#define UBSEC_DEBUG +#endif + +/* + * uBsec BCM5365 hardware crypto accelerator + */ + +#include <linux/kernel.h> +#include <linux/byteorder/swab.h> +#include <linux/byteorder/generic.h> +#include <linux/module.h> +#include <linux/moduleparam.h> +#include <linux/proc_fs.h> +#include <linux/types.h> +#include <linux/init.h> +#include <linux/delay.h> +#include <linux/interrupt.h> +#include <linux/fs.h> +#include <linux/random.h> +#include <linux/skbuff.h> +#include <linux/stat.h> +#include <asm/io.h> + +#include <linux/ssb/ssb.h> + +/* + * BSD queue + */ +#include "bsdqueue.h" + +/* + * OCF + */ +#include "cryptodev.h" +#include "uio.h" + +#define HMAC_HACK 1 + +#ifdef HMAC_HACK +#include "hmachack.h" +#include "md5.h" +#include "md5.c" +#include "sha1.h" +#include "sha1.c" +#endif + +#include "ubsecreg.h" +#include "ubsecvar.h" + +#define DRV_MODULE_NAME "ubsec_ssb" +#define PFX DRV_MODULE_NAME ": " +#define DRV_MODULE_VERSION "0.01" +#define DRV_MODULE_RELDATE "Jan 1, 2008" + +#if 1 +#define DPRINTF(a...) \ + if (debug) \ + { \ + printk(DRV_MODULE_NAME ": " a); \ + } +#else +#define DPRINTF(a...) +#endif + +/* + * Prototypes + */ +static irqreturn_t ubsec_ssb_isr(int, void *, struct pt_regs *); +static int __devinit ubsec_ssb_probe(struct ssb_device *sdev, + const struct ssb_device_id *ent); +static void __devexit ubsec_ssb_remove(struct ssb_device *sdev); +int ubsec_attach(struct ssb_device *sdev, const struct ssb_device_id *ent, + struct device *self); +static void ubsec_setup_mackey(struct ubsec_session *ses, int algo, + caddr_t key, int klen); +static int dma_map_skb(struct ubsec_softc *sc, + struct ubsec_dma_alloc* q_map, struct sk_buff *skb, int *mlen); +static int dma_map_uio(struct ubsec_softc *sc, + struct ubsec_dma_alloc *q_map, struct uio *uio, int *mlen); +static void dma_unmap(struct ubsec_softc *sc, + struct ubsec_dma_alloc *q_map, int mlen); +static int ubsec_dmamap_aligned(struct ubsec_softc *sc, + const struct ubsec_dma_alloc *q_map, int mlen); + +#ifdef UBSEC_DEBUG +static int proc_read(char *buf, char **start, off_t offset, + int size, int *peof, void *data); +#endif + +void ubsec_reset_board(struct ubsec_softc *); +void ubsec_init_board(struct ubsec_softc *); +void ubsec_cleanchip(struct ubsec_softc *); +void ubsec_totalreset(struct ubsec_softc *); +int ubsec_free_q(struct ubsec_softc*, struct ubsec_q *); + +static int ubsec_newsession(device_t, u_int32_t *, struct cryptoini *); +static int ubsec_freesession(device_t, u_int64_t); +static int ubsec_process(device_t, struct cryptop *, int); + +void ubsec_callback(struct ubsec_softc *, struct ubsec_q *); +void ubsec_feed(struct ubsec_softc *); +void ubsec_mcopy(struct sk_buff *, struct sk_buff *, int, int); +void ubsec_dma_free(struct ubsec_softc *, struct ubsec_dma_alloc *); +int ubsec_dma_malloc(struct ubsec_softc *, struct ubsec_dma_alloc *, + size_t, int); + +/* DEBUG crap... */ +void ubsec_dump_pb(struct ubsec_pktbuf *); +void ubsec_dump_mcr(struct ubsec_mcr *); + +#define READ_REG(sc,r) \ + ssb_read32((sc)->sdev, (r)); +#define WRITE_REG(sc,r,val) \ + ssb_write32((sc)->sdev, (r), (val)); +#define READ_REG_SDEV(sdev,r) \ + ssb_read32((sdev), (r)); +#define WRITE_REG_SDEV(sdev,r,val) \ + ssb_write32((sdev), (r), (val)); + +#define SWAP32(x) (x) = htole32(ntohl((x))) +#define HTOLE32(x) (x) = htole32(x) + +#ifdef __LITTLE_ENDIAN +#define letoh16(x) (x) +#define letoh32(x) (x) +#endif + +static int debug; +module_param(debug, int, 0644); +MODULE_PARM_DESC(debug, "Enable debug output"); + +#define UBSEC_SSB_MAX_CHIPS 1 +static struct ubsec_softc *ubsec_chip_idx[UBSEC_SSB_MAX_CHIPS]; +static struct ubsec_stats ubsecstats; + +#ifdef UBSEC_DEBUG +static struct proc_dir_entry *procdebug; +#endif + +static struct ssb_device_id ubsec_ssb_tbl[] = { + /* Broadcom BCM5365P IPSec Core */ + SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_IPSEC, SSB_ANY_REV), + SSB_DEVTABLE_END +}; + +static struct ssb_driver ubsec_ssb_driver = { + .name = DRV_MODULE_NAME, + .id_table = ubsec_ssb_tbl, + .probe = ubsec_ssb_probe, + .remove = __devexit_p(ubsec_ssb_remove), + /* + .suspend = ubsec_ssb_suspend, + .resume = ubsec_ssb_resume + */ +}; + +static device_method_t ubsec_ssb_methods = { + /* crypto device methods */ + DEVMETHOD(cryptodev_newsession, ubsec_newsession), + DEVMETHOD(cryptodev_freesession,ubsec_freesession), + DEVMETHOD(cryptodev_process, ubsec_process), +}; + +#ifdef UBSEC_DEBUG +static int +proc_read(char *buf, char **start, off_t offset, + int size, int *peof, void *data) +{ + int i = 0, byteswritten = 0, ret; + unsigned int stat, ctrl; +#ifdef UBSEC_VERBOSE_DEBUG + struct ubsec_q *q; + struct ubsec_dma *dmap; +#endif + + while ((i < UBSEC_SSB_MAX_CHIPS) && (ubsec_chip_idx[i] != NULL)) + { + struct ubsec_softc *sc = ubsec_chip_idx[i]; + + stat = READ_REG(sc, BS_STAT); + ctrl = READ_REG(sc, BS_CTRL); + ret = snprintf((buf + byteswritten), + (size - byteswritten) , + "DEV %d, DMASTAT %08x, DMACTRL %08x\n", i, stat, ctrl); + + byteswritten += ret; + +#ifdef UBSEC_VERBOSE_DEBUG + printf("DEV %d, DMASTAT %08x, DMACTRL %08x\n", i, stat, ctrl); + + /* Dump all queues MCRs */ + if (!BSD_SIMPLEQ_EMPTY(&sc->sc_qchip)) { + BSD_SIMPLEQ_FOREACH(q, &sc->sc_qchip, q_next) + { + dmap = q->q_dma; + ubsec_dump_mcr(&dmap->d_dma->d_mcr); + } + } +#endif + + i++; + } + + *peof = 1; + + return byteswritten; +} +#endif + +/* + * map in a given sk_buff + */ +static int +dma_map_skb(struct ubsec_softc *sc, struct ubsec_dma_alloc* q_map, struct sk_buff *skb, int *mlen) +{ + int i = 0; + dma_addr_t tmp; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + /* + * We support only a limited number of fragments. + */ + if (unlikely((skb_shinfo(skb)->nr_frags + 1) >= UBS_MAX_SCATTER)) + { + printk(KERN_ERR "Only %d scatter fragments are supported.\n", UBS_MAX_SCATTER); + return (-ENOMEM); + } + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("%s - map %d 0x%x %d\n", __FUNCTION__, 0, (unsigned int)skb->data, skb_headlen(skb)); +#endif + + /* first data package */ + tmp = dma_map_single(sc->sc_dv, + skb->data, + skb_headlen(skb), + DMA_BIDIRECTIONAL); + + q_map[i].dma_paddr = tmp; + q_map[i].dma_vaddr = skb->data; + q_map[i].dma_size = skb_headlen(skb); + + if (unlikely(tmp == 0)) + { + printk(KERN_ERR "Could not map memory region for dma.\n"); + return (-EINVAL); + } + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("%s - map %d done physical addr 0x%x\n", __FUNCTION__, 0, (unsigned int)tmp); +#endif + + + /* all other data packages */ + for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("%s - map %d 0x%x %d\n", __FUNCTION__, i + 1, + (unsigned int)page_address(skb_shinfo(skb)->frags[i].page) + + skb_shinfo(skb)->frags[i].page_offset, skb_shinfo(skb)->frags[i].size); +#endif + + tmp = dma_map_single(sc->sc_dv, + page_address(skb_shinfo(skb)->frags[i].page) + + skb_shinfo(skb)->frags[i].page_offset, + skb_shinfo(skb)->frags[i].size, + DMA_BIDIRECTIONAL); + + q_map[i + 1].dma_paddr = tmp; + q_map[i + 1].dma_vaddr = (void*)(page_address(skb_shinfo(skb)->frags[i].page) + + skb_shinfo(skb)->frags[i].page_offset); + q_map[i + 1].dma_size = skb_shinfo(skb)->frags[i].size; + + if (unlikely(tmp == 0)) + { + printk(KERN_ERR "Could not map memory region for dma.\n"); + return (-EINVAL); + } + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("%s - map %d done physical addr 0x%x\n", __FUNCTION__, i + 1, (unsigned int)tmp); +#endif + + } + *mlen = i + 1; + + return(0); +} + +/* + * map in a given uio buffer + */ + +static int +dma_map_uio(struct ubsec_softc *sc, struct ubsec_dma_alloc *q_map, struct uio *uio, int *mlen) +{ + struct iovec *iov = uio->uio_iov; + int n; + dma_addr_t tmp; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + /* + * We support only a limited number of fragments. + */ + if (unlikely(uio->uio_iovcnt >= UBS_MAX_SCATTER)) + { + printk(KERN_ERR "Only %d scatter fragments are supported.\n", UBS_MAX_SCATTER); + return (-ENOMEM); + } + + for (n = 0; n < uio->uio_iovcnt; n++) { +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("%s - map %d 0x%x %d\n", __FUNCTION__, n, (unsigned int)iov->iov_base, iov->iov_len); +#endif + tmp = dma_map_single(sc->sc_dv, + iov->iov_base, + iov->iov_len, + DMA_BIDIRECTIONAL); + + q_map[n].dma_paddr = tmp; + q_map[n].dma_vaddr = iov->iov_base; + q_map[n].dma_size = iov->iov_len; + + if (unlikely(tmp == 0)) + { + printk(KERN_ERR "Could not map memory region for dma.\n"); + return (-EINVAL); + } + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("%s - map %d done physical addr 0x%x\n", __FUNCTION__, n, (unsigned int)tmp); +#endif + + iov++; + } + *mlen = n; + + return(0); +} + +static void +dma_unmap(struct ubsec_softc *sc, struct ubsec_dma_alloc *q_map, int mlen) +{ + int i; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + for(i = 0; i < mlen; i++) + { +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("%s - unmap %d 0x%x %d\n", __FUNCTION__, i, (unsigned int)q_map[i].dma_paddr, q_map[i].dma_size); +#endif + dma_unmap_single(sc->sc_dv, + q_map[i].dma_paddr, + q_map[i].dma_size, + DMA_BIDIRECTIONAL); + } + return; +} + +/* + * Is the operand suitable aligned for direct DMA. Each + * segment must be aligned on a 32-bit boundary and all + * but the last segment must be a multiple of 4 bytes. + */ +static int +ubsec_dmamap_aligned(struct ubsec_softc *sc, const struct ubsec_dma_alloc *q_map, int mlen) +{ + int i; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + for (i = 0; i < mlen; i++) { + if (q_map[i].dma_paddr & 3) + return (0); + if (i != (mlen - 1) && (q_map[i].dma_size & 3)) + return (0); + } + return (1); +} + + +#define N(a) (sizeof(a) / sizeof (a[0])) +static void +ubsec_setup_mackey(struct ubsec_session *ses, int algo, caddr_t key, int klen) +{ +#ifdef HMAC_HACK + MD5_CTX md5ctx; + SHA1_CTX sha1ctx; + int i; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + for (i = 0; i < klen; i++) + key[i] ^= HMAC_IPAD_VAL; + + if (algo == CRYPTO_MD5_HMAC) { + MD5Init(&md5ctx); + MD5Update(&md5ctx, key, klen); + MD5Update(&md5ctx, hmac_ipad_buffer, MD5_HMAC_BLOCK_LEN - klen); + bcopy(md5ctx.md5_st8, ses->ses_hminner, sizeof(md5ctx.md5_st8)); + } else { + SHA1Init(&sha1ctx); + SHA1Update(&sha1ctx, key, klen); + SHA1Update(&sha1ctx, hmac_ipad_buffer, + SHA1_HMAC_BLOCK_LEN - klen); + bcopy(sha1ctx.h.b32, ses->ses_hminner, sizeof(sha1ctx.h.b32)); + } + + for (i = 0; i < klen; i++) + key[i] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); + + if (algo == CRYPTO_MD5_HMAC) { + MD5Init(&md5ctx); + MD5Update(&md5ctx, key, klen); + MD5Update(&md5ctx, hmac_opad_buffer, MD5_HMAC_BLOCK_LEN - klen); + bcopy(md5ctx.md5_st8, ses->ses_hmouter, sizeof(md5ctx.md5_st8)); + } else { + SHA1Init(&sha1ctx); + SHA1Update(&sha1ctx, key, klen); + SHA1Update(&sha1ctx, hmac_opad_buffer, + SHA1_HMAC_BLOCK_LEN - klen); + bcopy(sha1ctx.h.b32, ses->ses_hmouter, sizeof(sha1ctx.h.b32)); + } + + for (i = 0; i < klen; i++) + key[i] ^= HMAC_OPAD_VAL; + +#else /* HMAC_HACK */ + DPRINTF("md5/sha not implemented\n"); +#endif /* HMAC_HACK */ +} +#undef N + +static int +__devinit ubsec_ssb_probe(struct ssb_device *sdev, + const struct ssb_device_id *ent) +{ + int err; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + err = ssb_bus_powerup(sdev->bus, 0); + if (err) { + dev_err(sdev->dev, "Failed to powerup the bus\n"); + goto err_powerup; + } + + err = request_irq(sdev->irq, (irq_handler_t)ubsec_ssb_isr, + IRQF_DISABLED | IRQF_SHARED, DRV_MODULE_NAME, sdev); + if (err) { + dev_err(sdev->dev, "Could not request irq\n"); + goto err_out_powerdown; + } + + err = ssb_dma_set_mask(sdev, DMA_32BIT_MASK); + if (err) { + dev_err(sdev->dev, + "Required 32BIT DMA mask unsupported by the system.\n"); + goto err_out_powerdown; + } + + printk(KERN_INFO "Sentry5(tm) ROBOGateway(tm) IPSec Core at IRQ %u\n", + sdev->irq); + + DPRINTF("Vendor: %x, core id: %x, revision: %x\n", + sdev->id.vendor, sdev->id.coreid, sdev->id.revision); + + ssb_device_enable(sdev, 0); + + if (ubsec_attach(sdev, ent, sdev->dev) != 0) + goto err_disable_interrupt; + +#ifdef UBSEC_DEBUG + procdebug = create_proc_entry(DRV_MODULE_NAME, S_IRUSR, NULL); + if (procdebug) + { + procdebug->read_proc = proc_read; + procdebug->data = NULL; + } else + DPRINTF("Unable to create proc file.\n"); +#endif + + return 0; + +err_disable_interrupt: + free_irq(sdev->irq, sdev); + +err_out_powerdown: + ssb_bus_may_powerdown(sdev->bus); + +err_powerup: + ssb_device_disable(sdev, 0); + return err; +} + +static void __devexit ubsec_ssb_remove(struct ssb_device *sdev) { + + struct ubsec_softc *sc; + unsigned int ctrlflgs; + struct ubsec_dma *dmap; + u_int32_t i; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + ctrlflgs = READ_REG_SDEV(sdev, BS_CTRL); + /* disable all IPSec Core interrupts globally */ + ctrlflgs ^= (BS_CTRL_MCR1INT | BS_CTRL_MCR2INT | + BS_CTRL_DMAERR); + WRITE_REG_SDEV(sdev, BS_CTRL, ctrlflgs); + + free_irq(sdev->irq, sdev); + + sc = (struct ubsec_softc *)ssb_get_drvdata(sdev); + + /* unregister all crypto algorithms */ + crypto_unregister_all(sc->sc_cid); + + /* Free queue / dma memory */ + for (i = 0; i < UBS_MAX_NQUEUE; i++) { + struct ubsec_q *q; + + q = sc->sc_queuea[i]; + if (q != NULL) + { + dmap = q->q_dma; + if (dmap != NULL) + { + ubsec_dma_free(sc, &dmap->d_alloc); + q->q_dma = NULL; + } + kfree(q); + } + sc->sc_queuea[i] = NULL; + } + + ssb_bus_may_powerdown(sdev->bus); + ssb_device_disable(sdev, 0); + ssb_set_drvdata(sdev, NULL); + +#ifdef UBSEC_DEBUG + if (procdebug) + remove_proc_entry(DRV_MODULE_NAME, NULL); +#endif + +} + + +int +ubsec_attach(struct ssb_device *sdev, const struct ssb_device_id *ent, + struct device *self) +{ + struct ubsec_softc *sc = NULL; + struct ubsec_dma *dmap; + u_int32_t i; + static int num_chips = 0; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + sc = (struct ubsec_softc *) kmalloc(sizeof(*sc), GFP_KERNEL); + if (!sc) + return(-ENOMEM); + memset(sc, 0, sizeof(*sc)); + + sc->sc_dv = sdev->dev; + sc->sdev = sdev; + + spin_lock_init(&sc->sc_ringmtx); + + softc_device_init(sc, "ubsec_ssb", num_chips, ubsec_ssb_methods); + + /* Maybe someday there are boards with more than one chip available */ + if (num_chips < UBSEC_SSB_MAX_CHIPS) { + ubsec_chip_idx[device_get_unit(sc->sc_dev)] = sc; + num_chips++; + } + + ssb_set_drvdata(sdev, sc); + + BSD_SIMPLEQ_INIT(&sc->sc_queue); + BSD_SIMPLEQ_INIT(&sc->sc_qchip); + BSD_SIMPLEQ_INIT(&sc->sc_queue2); + BSD_SIMPLEQ_INIT(&sc->sc_qchip2); + BSD_SIMPLEQ_INIT(&sc->sc_q2free); + + sc->sc_statmask = BS_STAT_MCR1_DONE | BS_STAT_DMAERR; + + sc->sc_cid = crypto_get_driverid(softc_get_device(sc), CRYPTOCAP_F_HARDWARE); + if (sc->sc_cid < 0) { + device_printf(sc->sc_dev, "could not get crypto driver id\n"); + return -1; + } + + BSD_SIMPLEQ_INIT(&sc->sc_freequeue); + dmap = sc->sc_dmaa; + for (i = 0; i < UBS_MAX_NQUEUE; i++, dmap++) { + struct ubsec_q *q; + + q = (struct ubsec_q *)kmalloc(sizeof(struct ubsec_q), GFP_KERNEL); + if (q == NULL) { + printf(": can't allocate queue buffers\n"); + break; + } + + if (ubsec_dma_malloc(sc, &dmap->d_alloc, sizeof(struct ubsec_dmachunk),0)) { + printf(": can't allocate dma buffers\n"); + kfree(q); + break; + } + dmap->d_dma = (struct ubsec_dmachunk *)dmap->d_alloc.dma_vaddr; + + q->q_dma = dmap; + sc->sc_queuea[i] = q; + + BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next); + } + + /* + * Reset Broadcom chip + */ + ubsec_reset_board(sc); + + /* + * Init Broadcom chip + */ + ubsec_init_board(sc); + + /* supported crypto algorithms */ + crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0); + + if (sc->sc_flags & UBS_FLAGS_AES) { + crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0); + printf(KERN_INFO DRV_MODULE_NAME ": DES 3DES AES128 AES192 AES256 MD5_HMAC SHA1_HMAC\n"); + } + else + printf(KERN_INFO DRV_MODULE_NAME ": DES 3DES MD5_HMAC SHA1_HMAC\n"); + + crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0); + + return 0; +} + +/* + * UBSEC Interrupt routine + */ +static irqreturn_t +ubsec_ssb_isr(int irq, void *arg, struct pt_regs *regs) +{ + struct ubsec_softc *sc = NULL; + volatile u_int32_t stat; + struct ubsec_q *q; + struct ubsec_dma *dmap; + int npkts = 0, i; + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + sc = (struct ubsec_softc *)ssb_get_drvdata(arg); + + stat = READ_REG(sc, BS_STAT); + + stat &= sc->sc_statmask; + if (stat == 0) + return IRQ_NONE; + + WRITE_REG(sc, BS_STAT, stat); /* IACK */ + + /* + * Check to see if we have any packets waiting for us + */ + if ((stat & BS_STAT_MCR1_DONE)) { + while (!BSD_SIMPLEQ_EMPTY(&sc->sc_qchip)) { + q = BSD_SIMPLEQ_FIRST(&sc->sc_qchip); + dmap = q->q_dma; + + if ((dmap->d_dma->d_mcr.mcr_flags & htole16(UBS_MCR_DONE)) == 0) + { + DPRINTF("error while processing MCR. Flags = %x\n", dmap->d_dma->d_mcr.mcr_flags); + break; + } + + BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_qchip, q_next); + + npkts = q->q_nstacked_mcrs; + /* + * search for further sc_qchip ubsec_q's that share + * the same MCR, and complete them too, they must be + * at the top. + */ + for (i = 0; i < npkts; i++) { + if(q->q_stacked_mcr[i]) + ubsec_callback(sc, q->q_stacked_mcr[i]); + else + break; + } + ubsec_callback(sc, q); + } + + /* + * Don't send any more packet to chip if there has been + * a DMAERR. + */ + if (likely(!(stat & BS_STAT_DMAERR))) + ubsec_feed(sc); + else + DPRINTF("DMA error occurred. Stop feeding crypto chip.\n"); + } + + /* + * Check to see if we got any DMA Error + */ + if (stat & BS_STAT_DMAERR) { + volatile u_int32_t a = READ_REG(sc, BS_ERR); + + printf(KERN_ERR "%s: dmaerr %s@%08x\n", DRV_MODULE_NAME, + (a & BS_ERR_READ) ? "read" : "write", a & BS_ERR_ADDR); + + ubsecstats.hst_dmaerr++; + ubsec_totalreset(sc); + ubsec_feed(sc); + } + + return IRQ_HANDLED; +} + +/* + * ubsec_feed() - aggregate and post requests to chip + * It is assumed that the caller set splnet() + */ +void +ubsec_feed(struct ubsec_softc *sc) +{ +#ifdef UBSEC_VERBOSE_DEBUG + static int max; +#endif + struct ubsec_q *q, *q2; + int npkts, i; + void *v; + u_int32_t stat; + + npkts = sc->sc_nqueue; + if (npkts > UBS_MAX_AGGR) + npkts = UBS_MAX_AGGR; + if (npkts < 2) + goto feed1; + + stat = READ_REG(sc, BS_STAT); + + if (stat & (BS_STAT_MCR1_FULL | BS_STAT_DMAERR)) { + if(stat & BS_STAT_DMAERR) { + ubsec_totalreset(sc); + ubsecstats.hst_dmaerr++; + } + return; + } + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("merging %d records\n", npkts); + + /* XXX temporary aggregation statistics reporting code */ + if (max < npkts) { + max = npkts; + DPRINTF("%s: new max aggregate %d\n", DRV_MODULE_NAME, max); + } +#endif /* UBSEC_VERBOSE_DEBUG */ + + q = BSD_SIMPLEQ_FIRST(&sc->sc_queue); + BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q_next); + --sc->sc_nqueue; + +#if 0 + /* + * XXX + * We use dma_map_single() - no sync required! + */ + + bus_dmamap_sync(sc->sc_dmat, q->q_src_map, + 0, q->q_src_map->dm_mapsize, BUS_DMASYNC_PREWRITE); + if (q->q_dst_map != NULL) + bus_dmamap_sync(sc->sc_dmat, q->q_dst_map, + 0, q->q_dst_map->dm_mapsize, BUS_DMASYNC_PREREAD); +#endif + + q->q_nstacked_mcrs = npkts - 1; /* Number of packets stacked */ + + for (i = 0; i < q->q_nstacked_mcrs; i++) { + q2 = BSD_SIMPLEQ_FIRST(&sc->sc_queue); + +#if 0 + bus_dmamap_sync(sc->sc_dmat, q2->q_src_map, + 0, q2->q_src_map->dm_mapsize, BUS_DMASYNC_PREWRITE); + if (q2->q_dst_map != NULL) + bus_dmamap_sync(sc->sc_dmat, q2->q_dst_map, + 0, q2->q_dst_map->dm_mapsize, BUS_DMASYNC_PREREAD); +#endif + BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q_next); + --sc->sc_nqueue; + + v = ((char *)&q2->q_dma->d_dma->d_mcr) + sizeof(struct ubsec_mcr) - + sizeof(struct ubsec_mcr_add); + bcopy(v, &q->q_dma->d_dma->d_mcradd[i], sizeof(struct ubsec_mcr_add)); + q->q_stacked_mcr[i] = q2; + } + q->q_dma->d_dma->d_mcr.mcr_pkts = htole16(npkts); + BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_qchip, q, q_next); +#if 0 + bus_dmamap_sync(sc->sc_dmat, q->q_dma->d_alloc.dma_map, + 0, q->q_dma->d_alloc.dma_map->dm_mapsize, + BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); +#endif + WRITE_REG(sc, BS_MCR1, q->q_dma->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_mcr)); +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("feed (1): q->chip %p %08x %08x\n", q, + (u_int32_t)q->q_dma->d_alloc.dma_paddr, + (u_int32_t)(q->q_dma->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_mcr))); +#endif /* UBSEC_DEBUG */ + return; + +feed1: + while (!BSD_SIMPLEQ_EMPTY(&sc->sc_queue)) { + stat = READ_REG(sc, BS_STAT); + + if (stat & (BS_STAT_MCR1_FULL | BS_STAT_DMAERR)) { + if(stat & BS_STAT_DMAERR) { + ubsec_totalreset(sc); + ubsecstats.hst_dmaerr++; + } + break; + } + + q = BSD_SIMPLEQ_FIRST(&sc->sc_queue); + +#if 0 + bus_dmamap_sync(sc->sc_dmat, q->q_src_map, + 0, q->q_src_map->dm_mapsize, BUS_DMASYNC_PREWRITE); + if (q->q_dst_map != NULL) + bus_dmamap_sync(sc->sc_dmat, q->q_dst_map, + 0, q->q_dst_map->dm_mapsize, BUS_DMASYNC_PREREAD); + bus_dmamap_sync(sc->sc_dmat, q->q_dma->d_alloc.dma_map, + 0, q->q_dma->d_alloc.dma_map->dm_mapsize, + BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); +#endif + + WRITE_REG(sc, BS_MCR1, q->q_dma->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_mcr)); +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("feed (2): q->chip %p %08x %08x\n", q, + (u_int32_t)q->q_dma->d_alloc.dma_paddr, + (u_int32_t)(q->q_dma->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_mcr))); +#endif /* UBSEC_DEBUG */ + BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q_next); + --sc->sc_nqueue; + BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_qchip, q, q_next); + } +} + +/* + * Allocate a new 'session' and return an encoded session id. 'sidp' + * contains our registration id, and should contain an encoded session + * id on successful allocation. + */ +static int +ubsec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri) +{ + struct cryptoini *c, *encini = NULL, *macini = NULL; + struct ubsec_softc *sc = NULL; + struct ubsec_session *ses = NULL; + int sesn, i; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + if (sidp == NULL || cri == NULL) + return (EINVAL); + + sc = device_get_softc(dev); + + if (sc == NULL) + return (EINVAL); + + for (c = cri; c != NULL; c = c->cri_next) { + if (c->cri_alg == CRYPTO_MD5_HMAC || + c->cri_alg == CRYPTO_SHA1_HMAC) { + if (macini) + return (EINVAL); + macini = c; + } else if (c->cri_alg == CRYPTO_DES_CBC || + c->cri_alg == CRYPTO_3DES_CBC || + c->cri_alg == CRYPTO_AES_CBC) { + if (encini) + return (EINVAL); + encini = c; + } else + return (EINVAL); + } + if (encini == NULL && macini == NULL) + return (EINVAL); + + if (sc->sc_sessions == NULL) { + ses = sc->sc_sessions = (struct ubsec_session *)kmalloc( + sizeof(struct ubsec_session), SLAB_ATOMIC); + if (ses == NULL) + return (ENOMEM); + memset(ses, 0, sizeof(struct ubsec_session)); + sesn = 0; + sc->sc_nsessions = 1; + } else { + for (sesn = 0; sesn < sc->sc_nsessions; sesn++) { + if (sc->sc_sessions[sesn].ses_used == 0) { + ses = &sc->sc_sessions[sesn]; + break; + } + } + + if (ses == NULL) { + sesn = sc->sc_nsessions; + ses = (struct ubsec_session *)kmalloc((sesn + 1) * + sizeof(struct ubsec_session), SLAB_ATOMIC); + if (ses == NULL) + return (ENOMEM); + memset(ses, 0, (sesn + 1) * sizeof(struct ubsec_session)); + bcopy(sc->sc_sessions, ses, sesn * + sizeof(struct ubsec_session)); + bzero(sc->sc_sessions, sesn * + sizeof(struct ubsec_session)); + kfree(sc->sc_sessions); + sc->sc_sessions = ses; + ses = &sc->sc_sessions[sesn]; + sc->sc_nsessions++; + } + } + + bzero(ses, sizeof(struct ubsec_session)); + ses->ses_used = 1; + if (encini) { + /* get an IV */ + /* XXX may read fewer than requested */ + read_random(ses->ses_iv, sizeof(ses->ses_iv)); + + /* Go ahead and compute key in ubsec's byte order */ + if (encini->cri_alg == CRYPTO_DES_CBC) { + /* DES uses the same key three times: + * 1st encrypt -> 2nd decrypt -> 3nd encrypt */ + bcopy(encini->cri_key, &ses->ses_key[0], 8); + bcopy(encini->cri_key, &ses->ses_key[2], 8); + bcopy(encini->cri_key, &ses->ses_key[4], 8); + ses->ses_keysize = 192; /* Fake! Actually its only 64bits .. + oh no it is even less: 54bits. */ + } else if(encini->cri_alg == CRYPTO_3DES_CBC) { + bcopy(encini->cri_key, ses->ses_key, 24); + ses->ses_keysize = 192; + } else if(encini->cri_alg == CRYPTO_AES_CBC) { + ses->ses_keysize = encini->cri_klen; + + if (ses->ses_keysize != 128 && + ses->ses_keysize != 192 && + ses->ses_keysize != 256) + { + DPRINTF("unsupported AES key size: %d\n", ses->ses_keysize); + return (EINVAL); + } + bcopy(encini->cri_key, ses->ses_key, (ses->ses_keysize / 8)); + } + + /* Hardware requires the keys in little endian byte order */ + for (i=0; i < (ses->ses_keysize / 32); i++) + SWAP32(ses->ses_key[i]); + } + + if (macini) { + ses->ses_mlen = macini->cri_mlen; + + if (ses->ses_mlen == 0 || + ses->ses_mlen > SHA1_HASH_LEN) { + + if (macini->cri_alg == CRYPTO_MD5_HMAC || + macini->cri_alg == CRYPTO_SHA1_HMAC) + { + ses->ses_mlen = DEFAULT_HMAC_LEN; + } else + { + /* + * Reserved for future usage. MD5/SHA1 calculations have + * different hash sizes. + */ + printk(KERN_ERR DRV_MODULE_NAME ": unsupported hash operation with mac/hash len: %d\n", ses->ses_mlen); + return (EINVAL); + } + + } + + if (macini->cri_key != NULL) { + ubsec_setup_mackey(ses, macini->cri_alg, macini->cri_key, + macini->cri_klen / 8); + } + } + + *sidp = UBSEC_SID(device_get_unit(sc->sc_dev), sesn); + return (0); +} + +/* + * Deallocate a session. + */ +static int +ubsec_freesession(device_t dev, u_int64_t tid) +{ + struct ubsec_softc *sc = device_get_softc(dev); + int session; + u_int32_t sid = ((u_int32_t)tid) & 0xffffffff; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + if (sc == NULL) + return (EINVAL); + + session = UBSEC_SESSION(sid); + if (session < sc->sc_nsessions) { + bzero(&sc->sc_sessions[session], sizeof(sc->sc_sessions[session])); + return (0); + } else + return (EINVAL); +} + +static int +ubsec_process(device_t dev, struct cryptop *crp, int hint) +{ + struct ubsec_q *q = NULL; + int err = 0, i, j, nicealign; + struct ubsec_softc *sc = device_get_softc(dev); + struct cryptodesc *crd1, *crd2, *maccrd, *enccrd; + int encoffset = 0, macoffset = 0, cpskip, cpoffset; + int sskip, dskip, stheend, dtheend, ivsize = 8; + int16_t coffset; + struct ubsec_session *ses; + struct ubsec_generic_ctx ctx; + struct ubsec_dma *dmap = NULL; + unsigned long flags; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + if (unlikely(crp == NULL || crp->crp_callback == NULL)) { + ubsecstats.hst_invalid++; + return (EINVAL); + } + + if (unlikely(sc == NULL)) + return (EINVAL); + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("spin_lock_irqsave\n"); +#endif + spin_lock_irqsave(&sc->sc_ringmtx, flags); + //spin_lock_irq(&sc->sc_ringmtx); + + if (BSD_SIMPLEQ_EMPTY(&sc->sc_freequeue)) { + ubsecstats.hst_queuefull++; +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("spin_unlock_irqrestore\n"); +#endif + spin_unlock_irqrestore(&sc->sc_ringmtx, flags); + //spin_unlock_irq(&sc->sc_ringmtx); + err = ENOMEM; + goto errout2; + } + + q = BSD_SIMPLEQ_FIRST(&sc->sc_freequeue); + BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_freequeue, q_next); +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("spin_unlock_irqrestore\n"); +#endif + spin_unlock_irqrestore(&sc->sc_ringmtx, flags); + //spin_unlock_irq(&sc->sc_ringmtx); + + dmap = q->q_dma; /* Save dma pointer */ + bzero(q, sizeof(struct ubsec_q)); + bzero(&ctx, sizeof(ctx)); + + q->q_sesn = UBSEC_SESSION(crp->crp_sid); + q->q_dma = dmap; + ses = &sc->sc_sessions[q->q_sesn]; + + if (crp->crp_flags & CRYPTO_F_SKBUF) { + q->q_src_m = (struct sk_buff *)crp->crp_buf; + q->q_dst_m = (struct sk_buff *)crp->crp_buf; + } else if (crp->crp_flags & CRYPTO_F_IOV) { + q->q_src_io = (struct uio *)crp->crp_buf; + q->q_dst_io = (struct uio *)crp->crp_buf; + } else { + err = EINVAL; + goto errout; /* XXX we don't handle contiguous blocks! */ + } + + bzero(&dmap->d_dma->d_mcr, sizeof(struct ubsec_mcr)); + + dmap->d_dma->d_mcr.mcr_pkts = htole16(1); + dmap->d_dma->d_mcr.mcr_flags = 0; + q->q_crp = crp; + + crd1 = crp->crp_desc; + if (crd1 == NULL) { + err = EINVAL; + goto errout; + } + crd2 = crd1->crd_next; + + if (crd2 == NULL) { + if (crd1->crd_alg == CRYPTO_MD5_HMAC || + crd1->crd_alg == CRYPTO_SHA1_HMAC) { + maccrd = crd1; + enccrd = NULL; + } else if (crd1->crd_alg == CRYPTO_DES_CBC || + crd1->crd_alg == CRYPTO_3DES_CBC || + crd1->crd_alg == CRYPTO_AES_CBC) { + maccrd = NULL; + enccrd = crd1; + } else { + err = EINVAL; + goto errout; + } + } else { + if ((crd1->crd_alg == CRYPTO_MD5_HMAC || + crd1->crd_alg == CRYPTO_SHA1_HMAC) && + (crd2->crd_alg == CRYPTO_DES_CBC || + crd2->crd_alg == CRYPTO_3DES_CBC || + crd2->crd_alg == CRYPTO_AES_CBC) && + ((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) { + maccrd = crd1; + enccrd = crd2; + } else if ((crd1->crd_alg == CRYPTO_DES_CBC || + crd1->crd_alg == CRYPTO_3DES_CBC || + crd1->crd_alg == CRYPTO_AES_CBC) && + (crd2->crd_alg == CRYPTO_MD5_HMAC || + crd2->crd_alg == CRYPTO_SHA1_HMAC) && + (crd1->crd_flags & CRD_F_ENCRYPT)) { + enccrd = crd1; + maccrd = crd2; + } else { + /* + * We cannot order the ubsec as requested + */ + printk(KERN_ERR DRV_MODULE_NAME ": got wrong algorithm/signature order.\n"); + err = EINVAL; + goto errout; + } + } + + /* Encryption/Decryption requested */ + if (enccrd) { + encoffset = enccrd->crd_skip; + + if (enccrd->crd_alg == CRYPTO_DES_CBC || + enccrd->crd_alg == CRYPTO_3DES_CBC) + { + ctx.pc_flags |= htole16(UBS_PKTCTX_ENC_3DES); + ctx.pc_type = htole16(UBS_PKTCTX_TYPE_IPSEC_DES); + ivsize = 8; /* [3]DES uses 64bit IVs */ + } else { + ctx.pc_flags |= htole16(UBS_PKTCTX_ENC_AES); + ctx.pc_type = htole16(UBS_PKTCTX_TYPE_IPSEC_AES); + ivsize = 16; /* AES uses 128bit IVs / [3]DES 64bit IVs */ + + switch(ses->ses_keysize) + { + case 128: + ctx.pc_flags |= htole16(UBS_PKTCTX_AES128); + break; + case 192: + ctx.pc_flags |= htole16(UBS_PKTCTX_AES192); + break; + case 256: + ctx.pc_flags |= htole16(UBS_PKTCTX_AES256); + break; + default: + DPRINTF("invalid AES key size: %d\n", ses->ses_keysize); + err = EINVAL; + goto errout; + } + } + + if (enccrd->crd_flags & CRD_F_ENCRYPT) { + /* Direction: Outbound */ + + q->q_flags |= UBSEC_QFLAGS_COPYOUTIV; + + if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) { + bcopy(enccrd->crd_iv, ctx.pc_iv, ivsize); + } else { + for(i=0; i < (ivsize / 4); i++) + ctx.pc_iv[i] = ses->ses_iv[i]; + } + + /* If there is no IV in the buffer -> copy it here */ + if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) { + if (crp->crp_flags & CRYPTO_F_SKBUF) + /* + m_copyback(q->q_src_m, + enccrd->crd_inject, + 8, ctx.pc_iv); + */ + crypto_copyback(crp->crp_flags, (caddr_t)q->q_src_m, + enccrd->crd_inject, ivsize, (caddr_t)ctx.pc_iv); + else if (crp->crp_flags & CRYPTO_F_IOV) + /* + cuio_copyback(q->q_src_io, + enccrd->crd_inject, + 8, ctx.pc_iv); + */ + crypto_copyback(crp->crp_flags, (caddr_t)q->q_src_io, + enccrd->crd_inject, ivsize, (caddr_t)ctx.pc_iv); + } + } else { + /* Direction: Inbound */ + + ctx.pc_flags |= htole16(UBS_PKTCTX_INBOUND); + + if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) + bcopy(enccrd->crd_iv, ctx.pc_iv, ivsize); + else if (crp->crp_flags & CRYPTO_F_SKBUF) + /* + m_copydata(q->q_src_m, enccrd->crd_inject, + 8, (caddr_t)ctx.pc_iv); + */ + crypto_copydata(crp->crp_flags, (caddr_t)q->q_src_m, + enccrd->crd_inject, ivsize, + (caddr_t)ctx.pc_iv); + else if (crp->crp_flags & CRYPTO_F_IOV) + /* + cuio_copydata(q->q_src_io, + enccrd->crd_inject, 8, + (caddr_t)ctx.pc_iv); + */ + crypto_copydata(crp->crp_flags, (caddr_t)q->q_src_io, + enccrd->crd_inject, ivsize, + (caddr_t)ctx.pc_iv); + + } + + /* Even though key & IV sizes differ from cipher to cipher + * copy / swap the full array lengths. Let the compiler unroll + * the loop to increase the cpu pipeline performance... */ + for(i=0; i < 8; i++) + ctx.pc_key[i] = ses->ses_key[i]; + for(i=0; i < 4; i++) + SWAP32(ctx.pc_iv[i]); + } + + /* Authentication requested */ + if (maccrd) { + macoffset = maccrd->crd_skip; + + if (maccrd->crd_alg == CRYPTO_MD5_HMAC) + ctx.pc_flags |= htole16(UBS_PKTCTX_AUTH_MD5); + else + ctx.pc_flags |= htole16(UBS_PKTCTX_AUTH_SHA1); + + for (i = 0; i < 5; i++) { + ctx.pc_hminner[i] = ses->ses_hminner[i]; + ctx.pc_hmouter[i] = ses->ses_hmouter[i]; + + HTOLE32(ctx.pc_hminner[i]); + HTOLE32(ctx.pc_hmouter[i]); + } + } + + if (enccrd && maccrd) { + /* + * ubsec cannot handle packets where the end of encryption + * and authentication are not the same, or where the + * encrypted part begins before the authenticated part. + */ + if (((encoffset + enccrd->crd_len) != + (macoffset + maccrd->crd_len)) || + (enccrd->crd_skip < maccrd->crd_skip)) { + err = EINVAL; + goto errout; + } + sskip = maccrd->crd_skip; + cpskip = dskip = enccrd->crd_skip; + stheend = maccrd->crd_len; + dtheend = enccrd->crd_len; + coffset = enccrd->crd_skip - maccrd->crd_skip; + cpoffset = cpskip + dtheend; +#ifdef UBSEC_DEBUG + DPRINTF("mac: skip %d, len %d, inject %d\n", + maccrd->crd_skip, maccrd->crd_len, maccrd->crd_inject); + DPRINTF("enc: skip %d, len %d, inject %d\n", + enccrd->crd_skip, enccrd->crd_len, enccrd->crd_inject); + DPRINTF("src: skip %d, len %d\n", sskip, stheend); + DPRINTF("dst: skip %d, len %d\n", dskip, dtheend); + DPRINTF("ubs: coffset %d, pktlen %d, cpskip %d, cpoffset %d\n", + coffset, stheend, cpskip, cpoffset); +#endif + } else { + cpskip = dskip = sskip = macoffset + encoffset; + dtheend = stheend = (enccrd)?enccrd->crd_len:maccrd->crd_len; + cpoffset = cpskip + dtheend; + coffset = 0; + } + ctx.pc_offset = htole16(coffset >> 2); + +#if 0 + if (bus_dmamap_create(sc->sc_dmat, 0xfff0, UBS_MAX_SCATTER, + 0xfff0, 0, BUS_DMA_NOWAIT, &q->q_src_map) != 0) { + err = ENOMEM; + goto errout; + } +#endif + + if (crp->crp_flags & CRYPTO_F_SKBUF) { +#if 0 + if (bus_dmamap_load_mbuf(sc->sc_dmat, q->q_src_map, + q->q_src_m, BUS_DMA_NOWAIT) != 0) { + bus_dmamap_destroy(sc->sc_dmat, q->q_src_map); + q->q_src_map = NULL; + err = ENOMEM; + goto errout; + } +#endif + err = dma_map_skb(sc, q->q_src_map, q->q_src_m, &q->q_src_len); + if (unlikely(err != 0)) + goto errout; + + } else if (crp->crp_flags & CRYPTO_F_IOV) { +#if 0 + if (bus_dmamap_load_uio(sc->sc_dmat, q->q_src_map, + q->q_src_io, BUS_DMA_NOWAIT) != 0) { + bus_dmamap_destroy(sc->sc_dmat, q->q_src_map); + q->q_src_map = NULL; + err = ENOMEM; + goto errout; + } +#endif + err = dma_map_uio(sc, q->q_src_map, q->q_src_io, &q->q_src_len); + if (unlikely(err != 0)) + goto errout; + } + + /* + * Check alignment + */ + nicealign = ubsec_dmamap_aligned(sc, q->q_src_map, q->q_src_len); + + dmap->d_dma->d_mcr.mcr_pktlen = htole16(stheend); + +#ifdef UBSEC_DEBUG + DPRINTF("src skip: %d\n", sskip); +#endif + for (i = j = 0; i < q->q_src_len; i++) { + struct ubsec_pktbuf *pb; + size_t packl = q->q_src_map[i].dma_size; + dma_addr_t packp = q->q_src_map[i].dma_paddr; + + if (sskip >= packl) { + sskip -= packl; + continue; + } + + packl -= sskip; + packp += sskip; + sskip = 0; + + /* maximum fragment size is 0xfffc */ + if (packl > 0xfffc) { + DPRINTF("Error: fragment size is bigger than 0xfffc.\n"); + err = EIO; + goto errout; + } + + if (j == 0) + pb = &dmap->d_dma->d_mcr.mcr_ipktbuf; + else + pb = &dmap->d_dma->d_sbuf[j - 1]; + + pb->pb_addr = htole32(packp); + + if (stheend) { + if (packl > stheend) { + pb->pb_len = htole32(stheend); + stheend = 0; + } else { + pb->pb_len = htole32(packl); + stheend -= packl; + } + } else + pb->pb_len = htole32(packl); + + if ((i + 1) == q->q_src_len) + pb->pb_next = 0; + else + pb->pb_next = htole32(dmap->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_sbuf[j])); + j++; + } + + if (enccrd == NULL && maccrd != NULL) { + /* Authentication only */ + dmap->d_dma->d_mcr.mcr_opktbuf.pb_addr = 0; + dmap->d_dma->d_mcr.mcr_opktbuf.pb_len = 0; + dmap->d_dma->d_mcr.mcr_opktbuf.pb_next = + htole32(dmap->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_macbuf[0])); +#ifdef UBSEC_DEBUG + DPRINTF("opkt: %x %x %x\n", + dmap->d_dma->d_mcr.mcr_opktbuf.pb_addr, + dmap->d_dma->d_mcr.mcr_opktbuf.pb_len, + dmap->d_dma->d_mcr.mcr_opktbuf.pb_next); +#endif + } else { + if (crp->crp_flags & CRYPTO_F_IOV) { + if (!nicealign) { + err = EINVAL; + goto errout; + } +#if 0 + if (bus_dmamap_create(sc->sc_dmat, 0xfff0, + UBS_MAX_SCATTER, 0xfff0, 0, BUS_DMA_NOWAIT, + &q->q_dst_map) != 0) { + err = ENOMEM; + goto errout; + } + if (bus_dmamap_load_uio(sc->sc_dmat, q->q_dst_map, + q->q_dst_io, BUS_DMA_NOWAIT) != 0) { + bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map); + q->q_dst_map = NULL; + goto errout; + } +#endif + + /* HW shall copy the result into the source memory */ + for(i = 0; i < q->q_src_len; i++) + q->q_dst_map[i] = q->q_src_map[i]; + + q->q_dst_len = q->q_src_len; + q->q_has_dst = 0; + + } else if (crp->crp_flags & CRYPTO_F_SKBUF) { + if (nicealign) { + + /* HW shall copy the result into the source memory */ + q->q_dst_m = q->q_src_m; + for(i = 0; i < q->q_src_len; i++) + q->q_dst_map[i] = q->q_src_map[i]; + + q->q_dst_len = q->q_src_len; + q->q_has_dst = 0; + + } else { +#ifdef NOTYET + int totlen, len; + struct sk_buff *m, *top, **mp; + + totlen = q->q_src_map->dm_mapsize; + if (q->q_src_m->m_flags & M_PKTHDR) { + len = MHLEN; + MGETHDR(m, M_DONTWAIT, MT_DATA); + } else { + len = MLEN; + MGET(m, M_DONTWAIT, MT_DATA); + } + if (m == NULL) { + err = ENOMEM; + goto errout; + } + if (len == MHLEN) + M_DUP_PKTHDR(m, q->q_src_m); + if (totlen >= MINCLSIZE) { + MCLGET(m, M_DONTWAIT); + if (m->m_flags & M_EXT) + len = MCLBYTES; + } + m->m_len = len; + top = NULL; + mp = ⊤ + + while (totlen > 0) { + if (top) { + MGET(m, M_DONTWAIT, MT_DATA); + if (m == NULL) { + m_freem(top); + err = ENOMEM; + goto errout; + } + len = MLEN; + } + if (top && totlen >= MINCLSIZE) { + MCLGET(m, M_DONTWAIT); + if (m->m_flags & M_EXT) + len = MCLBYTES; + } + m->m_len = len = min(totlen, len); + totlen -= len; + *mp = m; + mp = &m->m_next; + } + q->q_dst_m = top; + ubsec_mcopy(q->q_src_m, q->q_dst_m, + cpskip, cpoffset); + if (bus_dmamap_create(sc->sc_dmat, 0xfff0, + UBS_MAX_SCATTER, 0xfff0, 0, BUS_DMA_NOWAIT, + &q->q_dst_map) != 0) { + err = ENOMEM; + goto errout; + } + if (bus_dmamap_load_mbuf(sc->sc_dmat, + q->q_dst_map, q->q_dst_m, + BUS_DMA_NOWAIT) != 0) { + bus_dmamap_destroy(sc->sc_dmat, + q->q_dst_map); + q->q_dst_map = NULL; + err = ENOMEM; + goto errout; + } +#else + device_printf(sc->sc_dev, + "%s,%d: CRYPTO_F_SKBUF unaligned not implemented\n", + __FILE__, __LINE__); + err = EINVAL; + goto errout; +#endif + } + } else { + err = EINVAL; + goto errout; + } + +#ifdef UBSEC_DEBUG + DPRINTF("dst skip: %d\n", dskip); +#endif + for (i = j = 0; i < q->q_dst_len; i++) { + struct ubsec_pktbuf *pb; + size_t packl = q->q_dst_map[i].dma_size; + dma_addr_t packp = q->q_dst_map[i].dma_paddr; + + if (dskip >= packl) { + dskip -= packl; + continue; + } + + packl -= dskip; + packp += dskip; + dskip = 0; + + if (packl > 0xfffc) { + DPRINTF("Error: fragment size is bigger than 0xfffc.\n"); + err = EIO; + goto errout; + } + + if (j == 0) + pb = &dmap->d_dma->d_mcr.mcr_opktbuf; + else + pb = &dmap->d_dma->d_dbuf[j - 1]; + + pb->pb_addr = htole32(packp); + + if (dtheend) { + if (packl > dtheend) { + pb->pb_len = htole32(dtheend); + dtheend = 0; + } else { + pb->pb_len = htole32(packl); + dtheend -= packl; + } + } else + pb->pb_len = htole32(packl); + + if ((i + 1) == q->q_dst_len) { + if (maccrd) + /* Authentication: + * The last fragment of the output buffer + * contains the HMAC. */ + pb->pb_next = htole32(dmap->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_macbuf[0])); + else + pb->pb_next = 0; + } else + pb->pb_next = htole32(dmap->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_dbuf[j])); + j++; + } + } + + dmap->d_dma->d_mcr.mcr_cmdctxp = htole32(dmap->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_ctx)); + + if (sc->sc_flags & UBS_FLAGS_LONGCTX) { + /* new Broadcom cards with dynamic long command context structure */ + + if (enccrd != NULL && + enccrd->crd_alg == CRYPTO_AES_CBC) + { + struct ubsec_pktctx_aes128 *ctxaes128; + struct ubsec_pktctx_aes192 *ctxaes192; + struct ubsec_pktctx_aes256 *ctxaes256; + + switch(ses->ses_keysize) + { + /* AES 128bit */ + case 128: + ctxaes128 = (struct ubsec_pktctx_aes128 *) + (dmap->d_alloc.dma_vaddr + + offsetof(struct ubsec_dmachunk, d_ctx)); + + ctxaes128->pc_len = htole16(sizeof(struct ubsec_pktctx_aes128)); + ctxaes128->pc_type = ctx.pc_type; + ctxaes128->pc_flags = ctx.pc_flags; + ctxaes128->pc_offset = ctx.pc_offset; + for (i = 0; i < 4; i++) + ctxaes128->pc_aeskey[i] = ctx.pc_key[i]; + for (i = 0; i < 5; i++) + ctxaes128->pc_hminner[i] = ctx.pc_hminner[i]; + for (i = 0; i < 5; i++) + ctxaes128->pc_hmouter[i] = ctx.pc_hmouter[i]; + for (i = 0; i < 4; i++) + ctxaes128->pc_iv[i] = ctx.pc_iv[i]; + break; + + /* AES 192bit */ + case 192: + ctxaes192 = (struct ubsec_pktctx_aes192 *) + (dmap->d_alloc.dma_vaddr + + offsetof(struct ubsec_dmachunk, d_ctx)); + + ctxaes192->pc_len = htole16(sizeof(struct ubsec_pktctx_aes192)); + ctxaes192->pc_type = ctx.pc_type; + ctxaes192->pc_flags = ctx.pc_flags; + ctxaes192->pc_offset = ctx.pc_offset; + for (i = 0; i < 6; i++) + ctxaes192->pc_aeskey[i] = ctx.pc_key[i]; + for (i = 0; i < 5; i++) + ctxaes192->pc_hminner[i] = ctx.pc_hminner[i]; + for (i = 0; i < 5; i++) + ctxaes192->pc_hmouter[i] = ctx.pc_hmouter[i]; + for (i = 0; i < 4; i++) + ctxaes192->pc_iv[i] = ctx.pc_iv[i]; + break; + + /* AES 256bit */ + case 256: + ctxaes256 = (struct ubsec_pktctx_aes256 *) + (dmap->d_alloc.dma_vaddr + + offsetof(struct ubsec_dmachunk, d_ctx)); + + ctxaes256->pc_len = htole16(sizeof(struct ubsec_pktctx_aes256)); + ctxaes256->pc_type = ctx.pc_type; + ctxaes256->pc_flags = ctx.pc_flags; + ctxaes256->pc_offset = ctx.pc_offset; + for (i = 0; i < 8; i++) + ctxaes256->pc_aeskey[i] = ctx.pc_key[i]; + for (i = 0; i < 5; i++) + ctxaes256->pc_hminner[i] = ctx.pc_hminner[i]; + for (i = 0; i < 5; i++) + ctxaes256->pc_hmouter[i] = ctx.pc_hmouter[i]; + for (i = 0; i < 4; i++) + ctxaes256->pc_iv[i] = ctx.pc_iv[i]; + break; + + } + } else { + /* + * [3]DES / MD5_HMAC / SHA1_HMAC + * + * MD5_HMAC / SHA1_HMAC can use the IPSEC 3DES operation without + * encryption. + */ + struct ubsec_pktctx_des *ctxdes; + + ctxdes = (struct ubsec_pktctx_des *)(dmap->d_alloc.dma_vaddr + + offsetof(struct ubsec_dmachunk, d_ctx)); + + ctxdes->pc_len = htole16(sizeof(struct ubsec_pktctx_des)); + ctxdes->pc_type = ctx.pc_type; + ctxdes->pc_flags = ctx.pc_flags; + ctxdes->pc_offset = ctx.pc_offset; + for (i = 0; i < 6; i++) + ctxdes->pc_deskey[i] = ctx.pc_key[i]; + for (i = 0; i < 5; i++) + ctxdes->pc_hminner[i] = ctx.pc_hminner[i]; + for (i = 0; i < 5; i++) + ctxdes->pc_hmouter[i] = ctx.pc_hmouter[i]; + ctxdes->pc_iv[0] = ctx.pc_iv[0]; + ctxdes->pc_iv[1] = ctx.pc_iv[1]; + } + } else + { + /* old Broadcom card with fixed small command context structure */ + + /* + * [3]DES / MD5_HMAC / SHA1_HMAC + */ + struct ubsec_pktctx *ctxs; + + ctxs = (struct ubsec_pktctx *)(dmap->d_alloc.dma_vaddr + + offsetof(struct ubsec_dmachunk, d_ctx)); + + /* transform generic context into small context */ + for (i = 0; i < 6; i++) + ctxs->pc_deskey[i] = ctx.pc_key[i]; + for (i = 0; i < 5; i++) + ctxs->pc_hminner[i] = ctx.pc_hminner[i]; + for (i = 0; i < 5; i++) + ctxs->pc_hmouter[i] = ctx.pc_hmouter[i]; + ctxs->pc_iv[0] = ctx.pc_iv[0]; + ctxs->pc_iv[1] = ctx.pc_iv[1]; + ctxs->pc_flags = ctx.pc_flags; + ctxs->pc_offset = ctx.pc_offset; + } + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("spin_lock_irqsave\n"); +#endif + spin_lock_irqsave(&sc->sc_ringmtx, flags); + //spin_lock_irq(&sc->sc_ringmtx); + + BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_queue, q, q_next); + sc->sc_nqueue++; + ubsecstats.hst_ipackets++; + ubsecstats.hst_ibytes += stheend; + ubsec_feed(sc); + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("spin_unlock_irqrestore\n"); +#endif + spin_unlock_irqrestore(&sc->sc_ringmtx, flags); + //spin_unlock_irq(&sc->sc_ringmtx); + + return (0); + +errout: + if (q != NULL) { +#ifdef NOTYET + if ((q->q_dst_m != NULL) && (q->q_src_m != q->q_dst_m)) + m_freem(q->q_dst_m); +#endif + + if ((q->q_has_dst == 1) && q->q_dst_len > 0) { +#if 0 + bus_dmamap_unload(sc->sc_dmat, q->q_dst_map); + bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map); +#endif + dma_unmap(sc, q->q_dst_map, q->q_dst_len); + } + if (q->q_src_len > 0) { +#if 0 + bus_dmamap_unload(sc->sc_dmat, q->q_src_map); + bus_dmamap_destroy(sc->sc_dmat, q->q_src_map); +#endif + dma_unmap(sc, q->q_src_map, q->q_src_len); + } + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("spin_lock_irqsave\n"); +#endif + spin_lock_irqsave(&sc->sc_ringmtx, flags); + //spin_lock_irq(&sc->sc_ringmtx); + + BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next); + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("spin_unlock_irqrestore\n"); +#endif + spin_unlock_irqrestore(&sc->sc_ringmtx, flags); + //spin_unlock_irq(&sc->sc_ringmtx); + + } + if (err == EINVAL) + ubsecstats.hst_invalid++; + else + ubsecstats.hst_nomem++; +errout2: + crp->crp_etype = err; + crypto_done(crp); + +#ifdef UBSEC_DEBUG + DPRINTF("%s() err = %x\n", __FUNCTION__, err); +#endif + + return (0); +} + +void +ubsec_callback(struct ubsec_softc *sc, struct ubsec_q *q) +{ + struct cryptop *crp = (struct cryptop *)q->q_crp; + struct cryptodesc *crd; + struct ubsec_dma *dmap = q->q_dma; + int ivsize = 8; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + ubsecstats.hst_opackets++; + ubsecstats.hst_obytes += dmap->d_alloc.dma_size; + +#if 0 + bus_dmamap_sync(sc->sc_dmat, dmap->d_alloc.dma_map, 0, + dmap->d_alloc.dma_map->dm_mapsize, + BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE); + if (q->q_dst_map != NULL && q->q_dst_map != q->q_src_map) { + bus_dmamap_sync(sc->sc_dmat, q->q_dst_map, + 0, q->q_dst_map->dm_mapsize, BUS_DMASYNC_POSTREAD); + bus_dmamap_unload(sc->sc_dmat, q->q_dst_map); + bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map); + } + bus_dmamap_sync(sc->sc_dmat, q->q_src_map, + 0, q->q_src_map->dm_mapsize, BUS_DMASYNC_POSTWRITE); + bus_dmamap_unload(sc->sc_dmat, q->q_src_map); + bus_dmamap_destroy(sc->sc_dmat, q->q_src_map); +#endif + + if ((q->q_has_dst == 1) && q->q_dst_len > 0) + dma_unmap(sc, q->q_dst_map, q->q_dst_len); + + dma_unmap(sc, q->q_src_map, q->q_src_len); + +#ifdef NOTYET + if ((crp->crp_flags & CRYPTO_F_SKBUF) && (q->q_src_m != q->q_dst_m)) { + m_freem(q->q_src_m); + crp->crp_buf = (caddr_t)q->q_dst_m; + } +#endif + + /* copy out IV for future use */ + if (q->q_flags & UBSEC_QFLAGS_COPYOUTIV) { + for (crd = crp->crp_desc; crd; crd = crd->crd_next) { + if (crd->crd_alg != CRYPTO_DES_CBC && + crd->crd_alg != CRYPTO_3DES_CBC && + crd->crd_alg != CRYPTO_AES_CBC) + continue; + + if (crd->crd_alg == CRYPTO_AES_CBC) + ivsize = 16; + else + ivsize = 8; + + if (crp->crp_flags & CRYPTO_F_SKBUF) +#if 0 + m_copydata((struct sk_buff *)crp->crp_buf, + crd->crd_skip + crd->crd_len - 8, 8, + (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv); +#endif + crypto_copydata(crp->crp_flags, (caddr_t)crp->crp_buf, + crd->crd_skip + crd->crd_len - ivsize, ivsize, + (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv); + + else if (crp->crp_flags & CRYPTO_F_IOV) { +#if 0 + cuio_copydata((struct uio *)crp->crp_buf, + crd->crd_skip + crd->crd_len - 8, 8, + (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv); +#endif + crypto_copydata(crp->crp_flags, (caddr_t)crp->crp_buf, + crd->crd_skip + crd->crd_len - ivsize, ivsize, + (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv); + + } + break; + } + } + + for (crd = crp->crp_desc; crd; crd = crd->crd_next) { + if (crd->crd_alg != CRYPTO_MD5_HMAC && + crd->crd_alg != CRYPTO_SHA1_HMAC) + continue; +#if 0 + if (crp->crp_flags & CRYPTO_F_SKBUF) + m_copyback((struct sk_buff *)crp->crp_buf, + crd->crd_inject, 12, + dmap->d_dma->d_macbuf); +#endif +#if 0 + /* BUG? it does not honor the mac len.. */ + crypto_copyback(crp->crp_flags, crp->crp_buf, + crd->crd_inject, 12, + (caddr_t)dmap->d_dma->d_macbuf); +#endif + crypto_copyback(crp->crp_flags, crp->crp_buf, + crd->crd_inject, + sc->sc_sessions[q->q_sesn].ses_mlen, + (caddr_t)dmap->d_dma->d_macbuf); +#if 0 + else if (crp->crp_flags & CRYPTO_F_IOV && crp->crp_mac) + bcopy((caddr_t)dmap->d_dma->d_macbuf, + crp->crp_mac, 12); +#endif + break; + } + BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next); + crypto_done(crp); +} + +void +ubsec_mcopy(struct sk_buff *srcm, struct sk_buff *dstm, int hoffset, int toffset) +{ + int i, j, dlen, slen; + caddr_t dptr, sptr; + + j = 0; + sptr = srcm->data; + slen = srcm->len; + dptr = dstm->data; + dlen = dstm->len; + + while (1) { + for (i = 0; i < min(slen, dlen); i++) { + if (j < hoffset || j >= toffset) + *dptr++ = *sptr++; + slen--; + dlen--; + j++; + } + if (slen == 0) { + srcm = srcm->next; + if (srcm == NULL) + return; + sptr = srcm->data; + slen = srcm->len; + } + if (dlen == 0) { + dstm = dstm->next; + if (dstm == NULL) + return; + dptr = dstm->data; + dlen = dstm->len; + } + } +} + +int +ubsec_dma_malloc(struct ubsec_softc *sc, struct ubsec_dma_alloc *dma, + size_t size, int mapflags) +{ + dma->dma_vaddr = dma_alloc_coherent(sc->sc_dv, + size, &dma->dma_paddr, GFP_KERNEL); + + if (likely(dma->dma_vaddr)) + { + dma->dma_size = size; + return (0); + } + + DPRINTF("could not allocate %d bytes of coherent memory.\n", size); + + return (1); +} + +void +ubsec_dma_free(struct ubsec_softc *sc, struct ubsec_dma_alloc *dma) +{ + dma_free_coherent(sc->sc_dv, dma->dma_size, dma->dma_vaddr, + dma->dma_paddr); +} + +/* + * Resets the board. Values in the regesters are left as is + * from the reset (i.e. initial values are assigned elsewhere). + */ +void +ubsec_reset_board(struct ubsec_softc *sc) +{ + volatile u_int32_t ctrl; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + DPRINTF("Send reset signal to chip.\n"); + + ctrl = READ_REG(sc, BS_CTRL); + ctrl |= BS_CTRL_RESET; + WRITE_REG(sc, BS_CTRL, ctrl); + + /* + * Wait aprox. 30 PCI clocks = 900 ns = 0.9 us + */ + DELAY(10); +} + +/* + * Init Broadcom registers + */ +void +ubsec_init_board(struct ubsec_softc *sc) +{ + u_int32_t ctrl; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + DPRINTF("Initialize chip.\n"); + + ctrl = READ_REG(sc, BS_CTRL); + ctrl &= ~(BS_CTRL_BE32 | BS_CTRL_BE64); + ctrl |= BS_CTRL_LITTLE_ENDIAN | BS_CTRL_MCR1INT | BS_CTRL_DMAERR; + + WRITE_REG(sc, BS_CTRL, ctrl); + + /* Set chip capabilities (BCM5365P) */ + sc->sc_flags |= UBS_FLAGS_LONGCTX | UBS_FLAGS_AES; +} + +/* + * Clean up after a chip crash. + * It is assumed that the caller has spin_lock_irq(sc_ringmtx). + */ +void +ubsec_cleanchip(struct ubsec_softc *sc) +{ + struct ubsec_q *q; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + DPRINTF("Clean up queues after chip crash.\n"); + + while (!BSD_SIMPLEQ_EMPTY(&sc->sc_qchip)) { + q = BSD_SIMPLEQ_FIRST(&sc->sc_qchip); + BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_qchip, q_next); + ubsec_free_q(sc, q); + } +} + +/* + * free a ubsec_q + * It is assumed that the caller has spin_lock_irq(sc_ringmtx). + */ +int +ubsec_free_q(struct ubsec_softc *sc, struct ubsec_q *q) +{ + struct ubsec_q *q2; + struct cryptop *crp; + int npkts; + int i; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + npkts = q->q_nstacked_mcrs; + + for (i = 0; i < npkts; i++) { + if(q->q_stacked_mcr[i]) { + q2 = q->q_stacked_mcr[i]; + + if ((q2->q_dst_m != NULL) && (q2->q_src_m != q2->q_dst_m)) +#ifdef NOTYET + m_freem(q2->q_dst_m); +#else + printk(KERN_ERR "%s,%d: SKB not supported\n", __FILE__, __LINE__); +#endif + + crp = (struct cryptop *)q2->q_crp; + + BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q2, q_next); + + crp->crp_etype = EFAULT; + crypto_done(crp); + } else { + break; + } + } + + /* + * Free header MCR + */ + if ((q->q_dst_m != NULL) && (q->q_src_m != q->q_dst_m)) +#ifdef NOTYET + m_freem(q->q_dst_m); +#else + printk(KERN_ERR "%s,%d: SKB not supported\n", __FILE__, __LINE__); +#endif + + crp = (struct cryptop *)q->q_crp; + + BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next); + + crp->crp_etype = EFAULT; + crypto_done(crp); + return(0); +} + +/* + * Routine to reset the chip and clean up. + * It is assumed that the caller has spin_lock_irq(sc_ringmtx). + */ +void +ubsec_totalreset(struct ubsec_softc *sc) +{ + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + DPRINTF("initiate total chip reset.. \n"); + ubsec_reset_board(sc); + ubsec_init_board(sc); + ubsec_cleanchip(sc); +} + +void +ubsec_dump_pb(struct ubsec_pktbuf *pb) +{ + printf("addr 0x%x (0x%x) next 0x%x\n", + pb->pb_addr, pb->pb_len, pb->pb_next); +} + +void +ubsec_dump_mcr(struct ubsec_mcr *mcr) +{ + struct ubsec_mcr_add *ma; + int i; + + printf("MCR:\n"); + printf(" pkts: %u, flags 0x%x\n", + letoh16(mcr->mcr_pkts), letoh16(mcr->mcr_flags)); + ma = (struct ubsec_mcr_add *)&mcr->mcr_cmdctxp; + for (i = 0; i < letoh16(mcr->mcr_pkts); i++) { + printf(" %d: ctx 0x%x len 0x%x rsvd 0x%x\n", i, + letoh32(ma->mcr_cmdctxp), letoh16(ma->mcr_pktlen), + letoh16(ma->mcr_reserved)); + printf(" %d: ipkt ", i); + ubsec_dump_pb(&ma->mcr_ipktbuf); + printf(" %d: opkt ", i); + ubsec_dump_pb(&ma->mcr_opktbuf); + ma++; + } + printf("END MCR\n"); +} + +static int __init mod_init(void) { + return ssb_driver_register(&ubsec_ssb_driver); +} + +static void __exit mod_exit(void) { + ssb_driver_unregister(&ubsec_ssb_driver); +} + +module_init(mod_init); +module_exit(mod_exit); + +// Meta information +MODULE_AUTHOR("Daniel Mueller <daniel@danm.de>"); +MODULE_LICENSE("BSD"); +MODULE_DESCRIPTION("OCF driver for BCM5365P IPSec Core"); +MODULE_VERSION(DRV_MODULE_VERSION); + diff --git a/package/ubsec_ssb/src/ubsecreg.h b/package/ubsec_ssb/src/ubsecreg.h new file mode 100644 index 0000000000..7cd870f66b --- /dev/null +++ b/package/ubsec_ssb/src/ubsecreg.h @@ -0,0 +1,234 @@ +/* $Id: $ */ + +/* + * Copyright (c) 2008 Daniel Mueller (daniel@danm.de) + * Copyright (c) 2000 Theo de Raadt + * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com) + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * + */ + +/* + * Register definitions for 5601 BlueSteel Networks Ubiquitous Broadband + * Security "uBSec" chip. Definitions from revision 2.8 of the product + * datasheet. + */ + +#define BS_BAR 0x10 /* DMA base address register */ +#define BS_TRDY_TIMEOUT 0x40 /* TRDY timeout */ +#define BS_RETRY_TIMEOUT 0x41 /* DMA retry timeout */ + +#define UBS_PCI_RTY_SHIFT 8 +#define UBS_PCI_RTY_MASK 0xff +#define UBS_PCI_RTY(misc) \ + (((misc) >> UBS_PCI_RTY_SHIFT) & UBS_PCI_RTY_MASK) + +#define UBS_PCI_TOUT_SHIFT 0 +#define UBS_PCI_TOUT_MASK 0xff +#define UBS_PCI_TOUT(misc) \ + (((misc) >> PCI_TOUT_SHIFT) & PCI_TOUT_MASK) + +/* + * DMA Control & Status Registers (offset from BS_BAR) + */ +#define BS_MCR1 0x20 /* DMA Master Command Record 1 */ +#define BS_CTRL 0x24 /* DMA Control */ +#define BS_STAT 0x28 /* DMA Status */ +#define BS_ERR 0x2c /* DMA Error Address */ +#define BS_DEV_ID 0x34 /* IPSec Device ID */ + +/* BS_CTRL - DMA Control */ +#define BS_CTRL_RESET 0x80000000 /* hardware reset, 5805/5820 */ +#define BS_CTRL_MCR2INT 0x40000000 /* enable intr MCR for MCR2 */ +#define BS_CTRL_MCR1INT 0x20000000 /* enable intr MCR for MCR1 */ +#define BS_CTRL_OFM 0x10000000 /* Output fragment mode */ +#define BS_CTRL_BE32 0x08000000 /* big-endian, 32bit bytes */ +#define BS_CTRL_BE64 0x04000000 /* big-endian, 64bit bytes */ +#define BS_CTRL_DMAERR 0x02000000 /* enable intr DMA error */ +#define BS_CTRL_RNG_M 0x01800000 /* RNG mode */ +#define BS_CTRL_RNG_1 0x00000000 /* 1bit rn/one slow clock */ +#define BS_CTRL_RNG_4 0x00800000 /* 1bit rn/four slow clocks */ +#define BS_CTRL_RNG_8 0x01000000 /* 1bit rn/eight slow clocks */ +#define BS_CTRL_RNG_16 0x01800000 /* 1bit rn/16 slow clocks */ +#define BS_CTRL_SWNORM 0x00400000 /* 582[01], sw normalization */ +#define BS_CTRL_FRAG_M 0x0000ffff /* output fragment size mask */ +#define BS_CTRL_LITTLE_ENDIAN (BS_CTRL_BE32 | BS_CTRL_BE64) + +/* BS_STAT - DMA Status */ +#define BS_STAT_MCR1_BUSY 0x80000000 /* MCR1 is busy */ +#define BS_STAT_MCR1_FULL 0x40000000 /* MCR1 is full */ +#define BS_STAT_MCR1_DONE 0x20000000 /* MCR1 is done */ +#define BS_STAT_DMAERR 0x10000000 /* DMA error */ +#define BS_STAT_MCR2_FULL 0x08000000 /* MCR2 is full */ +#define BS_STAT_MCR2_DONE 0x04000000 /* MCR2 is done */ +#define BS_STAT_MCR1_ALLEMPTY 0x02000000 /* 5821, MCR1 is empty */ +#define BS_STAT_MCR2_ALLEMPTY 0x01000000 /* 5821, MCR2 is empty */ + +/* BS_ERR - DMA Error Address */ +#define BS_ERR_ADDR 0xfffffffc /* error address mask */ +#define BS_ERR_READ 0x00000002 /* fault was on read */ + +struct ubsec_pktctx { + u_int32_t pc_deskey[6]; /* 3DES key */ + u_int32_t pc_hminner[5]; /* hmac inner state */ + u_int32_t pc_hmouter[5]; /* hmac outer state */ + u_int32_t pc_iv[2]; /* [3]DES iv */ + u_int16_t pc_flags; /* flags, below */ + u_int16_t pc_offset; /* crypto offset */ +} __attribute__ ((packed)); + +#define UBS_PKTCTX_ENC_3DES 0x8000 /* use 3des */ +#define UBS_PKTCTX_ENC_AES 0x8000 /* use aes */ +#define UBS_PKTCTX_ENC_NONE 0x0000 /* no encryption */ +#define UBS_PKTCTX_INBOUND 0x4000 /* inbound packet */ +#define UBS_PKTCTX_AUTH 0x3000 /* authentication mask */ +#define UBS_PKTCTX_AUTH_NONE 0x0000 /* no authentication */ +#define UBS_PKTCTX_AUTH_MD5 0x1000 /* use hmac-md5 */ +#define UBS_PKTCTX_AUTH_SHA1 0x2000 /* use hmac-sha1 */ +#define UBS_PKTCTX_AES128 0x0 /* AES 128bit keys */ +#define UBS_PKTCTX_AES192 0x100 /* AES 192bit keys */ +#define UBS_PKTCTX_AES256 0x200 /* AES 256bit keys */ + +struct ubsec_pktctx_des { + volatile u_int16_t pc_len; /* length of ctx struct */ + volatile u_int16_t pc_type; /* context type */ + volatile u_int16_t pc_flags; /* flags, same as above */ + volatile u_int16_t pc_offset; /* crypto/auth offset */ + volatile u_int32_t pc_deskey[6]; /* 3DES key */ + volatile u_int32_t pc_iv[2]; /* [3]DES iv */ + volatile u_int32_t pc_hminner[5]; /* hmac inner state */ + volatile u_int32_t pc_hmouter[5]; /* hmac outer state */ +} __attribute__ ((packed)); + +struct ubsec_pktctx_aes128 { + volatile u_int16_t pc_len; /* length of ctx struct */ + volatile u_int16_t pc_type; /* context type */ + volatile u_int16_t pc_flags; /* flags, same as above */ + volatile u_int16_t pc_offset; /* crypto/auth offset */ + volatile u_int32_t pc_aeskey[4]; /* AES 128bit key */ + volatile u_int32_t pc_iv[4]; /* AES iv */ + volatile u_int32_t pc_hminner[5]; /* hmac inner state */ + volatile u_int32_t pc_hmouter[5]; /* hmac outer state */ +} __attribute__ ((packed)); + +struct ubsec_pktctx_aes192 { + volatile u_int16_t pc_len; /* length of ctx struct */ + volatile u_int16_t pc_type; /* context type */ + volatile u_int16_t pc_flags; /* flags, same as above */ + volatile u_int16_t pc_offset; /* crypto/auth offset */ + volatile u_int32_t pc_aeskey[6]; /* AES 192bit key */ + volatile u_int32_t pc_iv[4]; /* AES iv */ + volatile u_int32_t pc_hminner[5]; /* hmac inner state */ + volatile u_int32_t pc_hmouter[5]; /* hmac outer state */ +} __attribute__ ((packed)); + +struct ubsec_pktctx_aes256 { + volatile u_int16_t pc_len; /* length of ctx struct */ + volatile u_int16_t pc_type; /* context type */ + volatile u_int16_t pc_flags; /* flags, same as above */ + volatile u_int16_t pc_offset; /* crypto/auth offset */ + volatile u_int32_t pc_aeskey[8]; /* AES 256bit key */ + volatile u_int32_t pc_iv[4]; /* AES iv */ + volatile u_int32_t pc_hminner[5]; /* hmac inner state */ + volatile u_int32_t pc_hmouter[5]; /* hmac outer state */ +} __attribute__ ((packed)); + +#define UBS_PKTCTX_TYPE_IPSEC_DES 0x0000 +#define UBS_PKTCTX_TYPE_IPSEC_AES 0x0040 + +struct ubsec_pktbuf { + volatile u_int32_t pb_addr; /* address of buffer start */ + volatile u_int32_t pb_next; /* pointer to next pktbuf */ + volatile u_int32_t pb_len; /* packet length */ +} __attribute__ ((packed)); +#define UBS_PKTBUF_LEN 0x0000ffff /* length mask */ + +struct ubsec_mcr { + volatile u_int16_t mcr_pkts; /* #pkts in this mcr */ + volatile u_int16_t mcr_flags; /* mcr flags (below) */ + volatile u_int32_t mcr_cmdctxp; /* command ctx pointer */ + struct ubsec_pktbuf mcr_ipktbuf; /* input chain header */ + volatile u_int16_t mcr_reserved; + volatile u_int16_t mcr_pktlen; + struct ubsec_pktbuf mcr_opktbuf; /* output chain header */ +} __attribute__ ((packed)); + +struct ubsec_mcr_add { + volatile u_int32_t mcr_cmdctxp; /* command ctx pointer */ + struct ubsec_pktbuf mcr_ipktbuf; /* input chain header */ + volatile u_int16_t mcr_reserved; + volatile u_int16_t mcr_pktlen; + struct ubsec_pktbuf mcr_opktbuf; /* output chain header */ +} __attribute__ ((packed)); + +#define UBS_MCR_DONE 0x0001 /* mcr has been processed */ +#define UBS_MCR_ERROR 0x0002 /* error in processing */ +#define UBS_MCR_ERRORCODE 0xff00 /* error type */ + +struct ubsec_ctx_keyop { + volatile u_int16_t ctx_len; /* command length */ + volatile u_int16_t ctx_op; /* operation code */ + volatile u_int8_t ctx_pad[60]; /* padding */ +} __attribute__ ((packed)); +#define UBS_CTXOP_DHPKGEN 0x01 /* dh public key generation */ +#define UBS_CTXOP_DHSSGEN 0x02 /* dh shared secret gen. */ +#define UBS_CTXOP_RSAPUB 0x03 /* rsa public key op */ +#define UBS_CTXOP_RSAPRIV 0x04 /* rsa private key op */ +#define UBS_CTXOP_DSASIGN 0x05 /* dsa signing op */ +#define UBS_CTXOP_DSAVRFY 0x06 /* dsa verification */ +#define UBS_CTXOP_RNGBYPASS 0x41 /* rng direct test mode */ +#define UBS_CTXOP_RNGSHA1 0x42 /* rng sha1 test mode */ +#define UBS_CTXOP_MODADD 0x43 /* modular addition */ +#define UBS_CTXOP_MODSUB 0x44 /* modular subtraction */ +#define UBS_CTXOP_MODMUL 0x45 /* modular multiplication */ +#define UBS_CTXOP_MODRED 0x46 /* modular reduction */ +#define UBS_CTXOP_MODEXP 0x47 /* modular exponentiation */ +#define UBS_CTXOP_MODINV 0x48 /* modular inverse */ + +struct ubsec_ctx_rngbypass { + volatile u_int16_t rbp_len; /* command length, 64 */ + volatile u_int16_t rbp_op; /* rng bypass, 0x41 */ + volatile u_int8_t rbp_pad[60]; /* padding */ +} __attribute__ ((packed)); + +/* modexp: C = (M ^ E) mod N */ +struct ubsec_ctx_modexp { + volatile u_int16_t me_len; /* command length */ + volatile u_int16_t me_op; /* modexp, 0x47 */ + volatile u_int16_t me_E_len; /* E (bits) */ + volatile u_int16_t me_N_len; /* N (bits) */ + u_int8_t me_N[2048/8]; /* N */ +} __attribute__ ((packed)); + +struct ubsec_ctx_rsapriv { + volatile u_int16_t rpr_len; /* command length */ + volatile u_int16_t rpr_op; /* rsaprivate, 0x04 */ + volatile u_int16_t rpr_q_len; /* q (bits) */ + volatile u_int16_t rpr_p_len; /* p (bits) */ + u_int8_t rpr_buf[5 * 1024 / 8]; /* parameters: */ + /* p, q, dp, dq, pinv */ +} __attribute__ ((packed)); diff --git a/package/ubsec_ssb/src/ubsecvar.h b/package/ubsec_ssb/src/ubsecvar.h new file mode 100644 index 0000000000..d218ea31f3 --- /dev/null +++ b/package/ubsec_ssb/src/ubsecvar.h @@ -0,0 +1,229 @@ +/* $Id: $ */ + +/* + * Copyright (c) 2008 Daniel Mueller (daniel@danm.de) + * Copyright (c) 2000 Theo de Raadt + * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com) + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * + */ + +/* Maximum queue length */ +#ifndef UBS_MAX_NQUEUE +#define UBS_MAX_NQUEUE 60 +#endif + +#define UBS_MAX_SCATTER 64 /* Maximum scatter/gather depth */ + +#ifndef UBS_MAX_AGGR +#define UBS_MAX_AGGR 5 /* Maximum aggregation count */ +#endif + +#define UBSEC_CARD(sid) (((sid) & 0xf0000000) >> 28) +#define UBSEC_SESSION(sid) ( (sid) & 0x0fffffff) +#define UBSEC_SID(crd, sesn) (((crd) << 28) | ((sesn) & 0x0fffffff)) + +#define UBS_DEF_RTY 0xff /* PCI Retry Timeout */ +#define UBS_DEF_TOUT 0xff /* PCI TRDY Timeout */ +#define UBS_DEF_CACHELINE 0x01 /* Cache Line setting */ + +#define DEFAULT_HMAC_LEN 12 + +struct ubsec_dma_alloc { + dma_addr_t dma_paddr; + void *dma_vaddr; + /* + bus_dmamap_t dma_map; + bus_dma_segment_t dma_seg; + */ + size_t dma_size; + /* + int dma_nseg; + */ +}; + +struct ubsec_q2 { + BSD_SIMPLEQ_ENTRY(ubsec_q2) q_next; + struct ubsec_dma_alloc q_mcr; + struct ubsec_dma_alloc q_ctx; + u_int q_type; +}; + +struct ubsec_q2_rng { + struct ubsec_q2 rng_q; + struct ubsec_dma_alloc rng_buf; + int rng_used; +}; + +/* C = (M ^ E) mod N */ +#define UBS_MODEXP_PAR_M 0 +#define UBS_MODEXP_PAR_E 1 +#define UBS_MODEXP_PAR_N 2 +struct ubsec_q2_modexp { + struct ubsec_q2 me_q; + struct cryptkop * me_krp; + struct ubsec_dma_alloc me_M; + struct ubsec_dma_alloc me_E; + struct ubsec_dma_alloc me_C; + struct ubsec_dma_alloc me_epb; + int me_modbits; + int me_shiftbits; + int me_normbits; +}; + +#define UBS_RSAPRIV_PAR_P 0 +#define UBS_RSAPRIV_PAR_Q 1 +#define UBS_RSAPRIV_PAR_DP 2 +#define UBS_RSAPRIV_PAR_DQ 3 +#define UBS_RSAPRIV_PAR_PINV 4 +#define UBS_RSAPRIV_PAR_MSGIN 5 +#define UBS_RSAPRIV_PAR_MSGOUT 6 +struct ubsec_q2_rsapriv { + struct ubsec_q2 rpr_q; + struct cryptkop * rpr_krp; + struct ubsec_dma_alloc rpr_msgin; + struct ubsec_dma_alloc rpr_msgout; +}; + +#define UBSEC_RNG_BUFSIZ 16 /* measured in 32bit words */ + +struct ubsec_dmachunk { + struct ubsec_mcr d_mcr; + struct ubsec_mcr_add d_mcradd[UBS_MAX_AGGR-1]; + struct ubsec_pktbuf d_sbuf[UBS_MAX_SCATTER-1]; + struct ubsec_pktbuf d_dbuf[UBS_MAX_SCATTER-1]; + u_int32_t d_macbuf[5]; + union { + struct ubsec_pktctx_aes256 ctxaes256; + struct ubsec_pktctx_aes192 ctxaes192; + struct ubsec_pktctx_des ctxdes; + struct ubsec_pktctx_aes128 ctxaes128; + struct ubsec_pktctx ctx; + } d_ctx; +}; + +struct ubsec_dma { + BSD_SIMPLEQ_ENTRY(ubsec_dma) d_next; + struct ubsec_dmachunk *d_dma; + struct ubsec_dma_alloc d_alloc; +}; + +#define UBS_FLAGS_KEY 0x01 /* has key accelerator */ +#define UBS_FLAGS_LONGCTX 0x02 /* uses long ipsec ctx */ +#define UBS_FLAGS_BIGKEY 0x04 /* 2048bit keys */ +#define UBS_FLAGS_HWNORM 0x08 /* hardware normalization */ +#define UBS_FLAGS_RNG 0x10 /* hardware rng */ +#define UBS_FLAGS_AES 0x20 /* hardware AES support */ + +struct ubsec_q { + BSD_SIMPLEQ_ENTRY(ubsec_q) q_next; + int q_nstacked_mcrs; + struct ubsec_q *q_stacked_mcr[UBS_MAX_AGGR-1]; + struct cryptop *q_crp; + struct ubsec_dma *q_dma; + + //struct mbuf *q_src_m, *q_dst_m; + struct sk_buff *q_src_m, *q_dst_m; + struct uio *q_src_io, *q_dst_io; + + /* + bus_dmamap_t q_src_map; + bus_dmamap_t q_dst_map; + */ + + /* DMA addresses for In-/Out packages */ + int q_src_len; + int q_dst_len; + struct ubsec_dma_alloc q_src_map[UBS_MAX_SCATTER]; + struct ubsec_dma_alloc q_dst_map[UBS_MAX_SCATTER]; + int q_has_dst; + + int q_sesn; + int q_flags; +}; + +struct ubsec_softc { + softc_device_decl sc_dev; + struct ssb_device *sdev; /* device backpointer */ + + struct device *sc_dv; /* generic device */ + void *sc_ih; /* interrupt handler cookie */ + int sc_flags; /* device specific flags */ + u_int32_t sc_statmask; /* interrupt status mask */ + int32_t sc_cid; /* crypto tag */ + BSD_SIMPLEQ_HEAD(,ubsec_q) sc_queue; /* packet queue, mcr1 */ + int sc_nqueue; /* count enqueued, mcr1 */ + BSD_SIMPLEQ_HEAD(,ubsec_q) sc_qchip; /* on chip, mcr1 */ + BSD_SIMPLEQ_HEAD(,ubsec_q) sc_freequeue; /* list of free queue elements */ + BSD_SIMPLEQ_HEAD(,ubsec_q2) sc_queue2; /* packet queue, mcr2 */ + int sc_nqueue2; /* count enqueued, mcr2 */ + BSD_SIMPLEQ_HEAD(,ubsec_q2) sc_qchip2; /* on chip, mcr2 */ + int sc_nsessions; /* # of sessions */ + struct ubsec_session *sc_sessions; /* sessions */ + int sc_rnghz; /* rng poll time */ + struct ubsec_q2_rng sc_rng; + struct ubsec_dma sc_dmaa[UBS_MAX_NQUEUE]; + struct ubsec_q *sc_queuea[UBS_MAX_NQUEUE]; + BSD_SIMPLEQ_HEAD(,ubsec_q2) sc_q2free; /* free list */ + spinlock_t sc_ringmtx; /* PE ring lock */ +}; + +#define UBSEC_QFLAGS_COPYOUTIV 0x1 + +struct ubsec_session { + u_int32_t ses_used; + u_int32_t ses_key[8]; /* 3DES/AES key */ + u_int32_t ses_hminner[5]; /* hmac inner state */ + u_int32_t ses_hmouter[5]; /* hmac outer state */ + u_int32_t ses_iv[4]; /* [3]DES/AES iv */ + u_int32_t ses_keysize; /* AES key size */ + u_int32_t ses_mlen; /* hmac/hash length */ +}; + +struct ubsec_stats { + u_int64_t hst_ibytes; + u_int64_t hst_obytes; + u_int32_t hst_ipackets; + u_int32_t hst_opackets; + u_int32_t hst_invalid; + u_int32_t hst_nomem; + u_int32_t hst_queuefull; + u_int32_t hst_dmaerr; + u_int32_t hst_mcrerr; + u_int32_t hst_nodmafree; +}; + +struct ubsec_generic_ctx { + u_int32_t pc_key[8]; /* [3]DES/AES key */ + u_int32_t pc_hminner[5]; /* hmac inner state */ + u_int32_t pc_hmouter[5]; /* hmac outer state */ + u_int32_t pc_iv[4]; /* [3]DES/AES iv */ + u_int16_t pc_flags; /* flags, below */ + u_int16_t pc_offset; /* crypto offset */ + u_int16_t pc_type; /* Cryptographic operation */ +}; + diff --git a/package/ubsec_ssb/src/uio.h b/package/ubsec_ssb/src/uio.h new file mode 100644 index 0000000000..e82e46cbad --- /dev/null +++ b/package/ubsec_ssb/src/uio.h @@ -0,0 +1,54 @@ +#ifndef _OCF_UIO_H_ +#define _OCF_UIO_H_ + +#include <linux/uio.h> + +/* + * The linux uio.h doesn't have all we need. To be fully api compatible + * with the BSD cryptodev, we need to keep this around. Perhaps this can + * be moved back into the linux/uio.h + * + * Linux port done by David McCullough <david_mccullough@securecomputing.com> + * Copyright (C) 2006-2007 David McCullough + * Copyright (C) 2004-2005 Intel Corporation. + * + * LICENSE TERMS + * + * The free distribution and use of this software in both source and binary + * form is allowed (with or without changes) provided that: + * + * 1. distributions of this source code include the above copyright + * notice, this list of conditions and the following disclaimer; + * + * 2. distributions in binary form include the above copyright + * notice, this list of conditions and the following disclaimer + * in the documentation and/or other associated materials; + * + * 3. the copyright holder's name is not used to endorse products + * built using this software without specific written permission. + * + * ALTERNATIVELY, provided that this notice is retained in full, this product + * may be distributed under the terms of the GNU General Public License (GPL), + * in which case the provisions of the GPL apply INSTEAD OF those given above. + * + * DISCLAIMER + * + * This software is provided 'as is' with no explicit or implied warranties + * in respect of its properties, including, but not limited to, correctness + * and/or fitness for purpose. + * --------------------------------------------------------------------------- + */ + +struct uio { + struct iovec *uio_iov; + int uio_iovcnt; + off_t uio_offset; + int uio_resid; +#if 0 + enum uio_seg uio_segflg; + enum uio_rw uio_rw; + struct thread *uio_td; +#endif +}; + +#endif |