diff -Naur linux-3.0.68.i686-orig/crypto/ocf/c7108/aes-7108.c linux-3.0.68.i686/crypto/ocf/c7108/aes-7108.c --- linux-3.0.68.i686-orig/crypto/ocf/c7108/aes-7108.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/c7108/aes-7108.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,841 @@ +/* + * Copyright (C) 2006 Micronas USA + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * + */ + +//#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +//#include +#include +#include +#include +#include +#include +#include + +/* Runtime mode */ +static int c7108_crypto_mode = C7108_AES_CTRL_MODE_CTR; +//static int c7108_crypto_mode = C7108_AES_CTRL_MODE_CBC; + +static int32_t c7108_id = -1; +static struct cipher_7108 **c7108_sessions = NULL; +static u_int32_t c7108_sesnum = 0; +static unsigned long iobar; + +/* Crypto entry points */ +static int c7108_process(void *, struct cryptop *, int); +static int c7108_newsession(void *, u_int32_t *, struct cryptoini *); +static int c7108_freesession(void *, u_int64_t); + +/* Globals */ +static int debug = 0; +static spinlock_t csr_mutex; + +/* Generic controller-based lock */ +#define AES_LOCK()\ + spin_lock(&csr_mutex) +#define AES_UNLOCK()\ + spin_unlock(&csr_mutex) + +/* 7108 AES register access */ +#define c7108_reg_wr8(a,d) iowrite8(d, (void*)(iobar+(a))) +#define c7108_reg_wr16(a,d) iowrite16(d, (void*)(iobar+(a))) +#define c7108_reg_wr32(a,d) iowrite32(d, (void*)(iobar+(a))) +#define c7108_reg_rd8(a) ioread8((void*)(iobar+(a))) +#define c7108_reg_rd16(a) ioread16((void*)(iobar+(a))) +#define c7108_reg_rd32(a) ioread32((void*)(iobar+(a))) + +static int +c7108_xlate_key(int klen, u8* k8ptr, u32* k32ptr) +{ + int i, nw=0; + nw = ((klen >= 256) ? 8 : (klen >= 192) ? 6 : 4); + for ( i = 0; i < nw; i++) { + k32ptr[i] = (k8ptr[i+3] << 24) | (k8ptr[i+2] << 16) | + (k8ptr[i+1] << 8) | k8ptr[i]; + + } + return 0; +} + +static int +c7108_cache_key(int klen, u32* k32ptr, u8* k8ptr) +{ + int i, nb=0; + u8* ptr = (u8*)k32ptr; + nb = ((klen >= 256) ? 32 : (klen >= 192) ? 24 : 16); + for ( i = 0; i < nb; i++) + k8ptr[i] = ptr[i]; + return 0; +} + +static int +c7108_aes_setup_dma(u32 src, u32 dst, u32 len) +{ + if (len < 16) { + printk("len < 16\n"); + return -10; + } + if (len % 16) { + printk("len not multiple of 16\n"); + return -11; + } + c7108_reg_wr16(C7108_AES_DMA_SRC0_LO, (u16) src); + c7108_reg_wr16(C7108_AES_DMA_SRC0_HI, (u16)((src & 0xffff0000) >> 16)); + c7108_reg_wr16(C7108_AES_DMA_DST0_LO, (u16) dst); + c7108_reg_wr16(C7108_AES_DMA_DST0_HI, (u16)((dst & 0xffff0000) >> 16)); + c7108_reg_wr16(C7108_AES_DMA_LEN, (u16) ((len / 16) - 1)); + + return 0; +} + +static int +c7108_aes_set_hw_iv(u8 iv[16]) +{ + c7108_reg_wr16(C7108_AES_IV0_LO, (u16) ((iv[1] << 8) | iv[0])); + c7108_reg_wr16(C7108_AES_IV0_HI, (u16) ((iv[3] << 8) | iv[2])); + c7108_reg_wr16(C7108_AES_IV1_LO, (u16) ((iv[5] << 8) | iv[4])); + c7108_reg_wr16(C7108_AES_IV1_HI, (u16) ((iv[7] << 8) | iv[6])); + c7108_reg_wr16(C7108_AES_IV2_LO, (u16) ((iv[9] << 8) | iv[8])); + c7108_reg_wr16(C7108_AES_IV2_HI, (u16) ((iv[11] << 8) | iv[10])); + c7108_reg_wr16(C7108_AES_IV3_LO, (u16) ((iv[13] << 8) | iv[12])); + c7108_reg_wr16(C7108_AES_IV3_HI, (u16) ((iv[15] << 8) | iv[14])); + + return 0; +} + +static void +c7108_aes_read_dkey(u32 * dkey) +{ + dkey[0] = (c7108_reg_rd16(C7108_AES_EKEY0_HI) << 16) | + c7108_reg_rd16(C7108_AES_EKEY0_LO); + dkey[1] = (c7108_reg_rd16(C7108_AES_EKEY1_HI) << 16) | + c7108_reg_rd16(C7108_AES_EKEY1_LO); + dkey[2] = (c7108_reg_rd16(C7108_AES_EKEY2_HI) << 16) | + c7108_reg_rd16(C7108_AES_EKEY2_LO); + dkey[3] = (c7108_reg_rd16(C7108_AES_EKEY3_HI) << 16) | + c7108_reg_rd16(C7108_AES_EKEY3_LO); + dkey[4] = (c7108_reg_rd16(C7108_AES_EKEY4_HI) << 16) | + c7108_reg_rd16(C7108_AES_EKEY4_LO); + dkey[5] = (c7108_reg_rd16(C7108_AES_EKEY5_HI) << 16) | + c7108_reg_rd16(C7108_AES_EKEY5_LO); + dkey[6] = (c7108_reg_rd16(C7108_AES_EKEY6_HI) << 16) | + c7108_reg_rd16(C7108_AES_EKEY6_LO); + dkey[7] = (c7108_reg_rd16(C7108_AES_EKEY7_HI) << 16) | + c7108_reg_rd16(C7108_AES_EKEY7_LO); +} + +static int +c7108_aes_cipher(int op, + u32 dst, + u32 src, + u32 len, + int klen, + u16 mode, + u32 key[8], + u8 iv[16]) +{ + int rv = 0, cnt=0; + u16 ctrl = 0, stat = 0; + + AES_LOCK(); + + /* Setup key length */ + if (klen == 128) { + ctrl |= C7108_AES_KEY_LEN_128; + } else if (klen == 192) { + ctrl |= C7108_AES_KEY_LEN_192; + } else if (klen == 256) { + ctrl |= C7108_AES_KEY_LEN_256; + } else { + AES_UNLOCK(); + return -3; + } + + /* Check opcode */ + if (C7108_AES_ENCRYPT == op) { + ctrl |= C7108_AES_ENCRYPT; + } else if (C7108_AES_DECRYPT == op) { + ctrl |= C7108_AES_DECRYPT; + } else { + AES_UNLOCK(); + return -4; + } + + /* check mode */ + if ( (mode != C7108_AES_CTRL_MODE_CBC) && + (mode != C7108_AES_CTRL_MODE_CFB) && + (mode != C7108_AES_CTRL_MODE_OFB) && + (mode != C7108_AES_CTRL_MODE_CTR) && + (mode != C7108_AES_CTRL_MODE_ECB) ) { + AES_UNLOCK(); + return -5; + } + + /* Now set mode */ + ctrl |= mode; + + /* For CFB, OFB, and CTR, neither backward key + * expansion nor key inversion is required. + */ + if ( (C7108_AES_DECRYPT == op) && + (C7108_AES_CTRL_MODE_CBC == mode || + C7108_AES_CTRL_MODE_ECB == mode ) ){ + + /* Program Key */ + c7108_reg_wr16(C7108_AES_KEY0_LO, (u16) key[4]); + c7108_reg_wr16(C7108_AES_KEY0_HI, (u16) (key[4] >> 16)); + c7108_reg_wr16(C7108_AES_KEY1_LO, (u16) key[5]); + c7108_reg_wr16(C7108_AES_KEY1_HI, (u16) (key[5] >> 16)); + c7108_reg_wr16(C7108_AES_KEY2_LO, (u16) key[6]); + c7108_reg_wr16(C7108_AES_KEY2_HI, (u16) (key[6] >> 16)); + c7108_reg_wr16(C7108_AES_KEY3_LO, (u16) key[7]); + c7108_reg_wr16(C7108_AES_KEY3_HI, (u16) (key[7] >> 16)); + c7108_reg_wr16(C7108_AES_KEY6_LO, (u16) key[2]); + c7108_reg_wr16(C7108_AES_KEY6_HI, (u16) (key[2] >> 16)); + c7108_reg_wr16(C7108_AES_KEY7_LO, (u16) key[3]); + c7108_reg_wr16(C7108_AES_KEY7_HI, (u16) (key[3] >> 16)); + + + if (192 == klen) { + c7108_reg_wr16(C7108_AES_KEY4_LO, (u16) key[7]); + c7108_reg_wr16(C7108_AES_KEY4_HI, (u16) (key[7] >> 16)); + c7108_reg_wr16(C7108_AES_KEY5_LO, (u16) key[7]); + c7108_reg_wr16(C7108_AES_KEY5_HI, (u16) (key[7] >> 16)); + + } else if (256 == klen) { + /* 256 */ + c7108_reg_wr16(C7108_AES_KEY4_LO, (u16) key[0]); + c7108_reg_wr16(C7108_AES_KEY4_HI, (u16) (key[0] >> 16)); + c7108_reg_wr16(C7108_AES_KEY5_LO, (u16) key[1]); + c7108_reg_wr16(C7108_AES_KEY5_HI, (u16) (key[1] >> 16)); + + } + + } else { + /* Program Key */ + c7108_reg_wr16(C7108_AES_KEY0_LO, (u16) key[0]); + c7108_reg_wr16(C7108_AES_KEY0_HI, (u16) (key[0] >> 16)); + c7108_reg_wr16(C7108_AES_KEY1_LO, (u16) key[1]); + c7108_reg_wr16(C7108_AES_KEY1_HI, (u16) (key[1] >> 16)); + c7108_reg_wr16(C7108_AES_KEY2_LO, (u16) key[2]); + c7108_reg_wr16(C7108_AES_KEY2_HI, (u16) (key[2] >> 16)); + c7108_reg_wr16(C7108_AES_KEY3_LO, (u16) key[3]); + c7108_reg_wr16(C7108_AES_KEY3_HI, (u16) (key[3] >> 16)); + c7108_reg_wr16(C7108_AES_KEY4_LO, (u16) key[4]); + c7108_reg_wr16(C7108_AES_KEY4_HI, (u16) (key[4] >> 16)); + c7108_reg_wr16(C7108_AES_KEY5_LO, (u16) key[5]); + c7108_reg_wr16(C7108_AES_KEY5_HI, (u16) (key[5] >> 16)); + c7108_reg_wr16(C7108_AES_KEY6_LO, (u16) key[6]); + c7108_reg_wr16(C7108_AES_KEY6_HI, (u16) (key[6] >> 16)); + c7108_reg_wr16(C7108_AES_KEY7_LO, (u16) key[7]); + c7108_reg_wr16(C7108_AES_KEY7_HI, (u16) (key[7] >> 16)); + + } + + /* Set IV always */ + c7108_aes_set_hw_iv(iv); + + /* Program DMA addresses */ + if ((rv = c7108_aes_setup_dma(src, dst, len)) < 0) { + AES_UNLOCK(); + return rv; + } + + + /* Start AES cipher */ + c7108_reg_wr16(C7108_AES_CTRL, ctrl | C7108_AES_GO); + + //printk("Ctrl: 0x%x\n", ctrl | C7108_AES_GO); + do { + /* TODO: interrupt mode */ + // printk("aes_stat=0x%x\n", stat); + //udelay(100); + } while ((cnt++ < 1000000) && + !((stat=c7108_reg_rd16(C7108_AES_CTRL))&C7108_AES_OP_DONE)); + + + if ((mode == C7108_AES_CTRL_MODE_ECB)|| + (mode == C7108_AES_CTRL_MODE_CBC)) { + /* Save out key when the lock is held ... */ + c7108_aes_read_dkey(key); + } + + AES_UNLOCK(); + return 0; + +} + +/* + * Generate a new crypto device session. + */ +static int +c7108_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri) +{ + struct cipher_7108 **swd; + u_int32_t i; + char *algo; + int mode, xfm_type; + + dprintk("%s()\n", __FUNCTION__); + if (sid == NULL || cri == NULL) { + dprintk("%s,%d - EINVAL\n", __FILE__, __LINE__); + return EINVAL; + } + + if (c7108_sessions) { + for (i = 1; i < c7108_sesnum; i++) + if (c7108_sessions[i] == NULL) + break; + } else + i = 1; /* NB: to silence compiler warning */ + + if (c7108_sessions == NULL || i == c7108_sesnum) { + if (c7108_sessions == NULL) { + i = 1; /* We leave c7108_sessions[0] empty */ + c7108_sesnum = CRYPTO_SW_SESSIONS; + } else + c7108_sesnum *= 2; + + swd = kmalloc(c7108_sesnum * sizeof(struct cipher_7108 *), + GFP_ATOMIC); + if (swd == NULL) { + /* Reset session number */ + if (c7108_sesnum == CRYPTO_SW_SESSIONS) + c7108_sesnum = 0; + else + c7108_sesnum /= 2; + dprintk("%s,%d: ENOBUFS\n", __FILE__, __LINE__); + return ENOBUFS; + } + memset(swd, 0, c7108_sesnum * sizeof(struct cipher_7108 *)); + + /* Copy existing sessions */ + if (c7108_sessions) { + memcpy(swd, c7108_sessions, + (c7108_sesnum / 2) * sizeof(struct cipher_7108 *)); + kfree(c7108_sessions); + } + + c7108_sessions = swd; + + } + + swd = &c7108_sessions[i]; + *sid = i; + + while (cri) { + *swd = (struct cipher_7108 *) + kmalloc(sizeof(struct cipher_7108), GFP_ATOMIC); + if (*swd == NULL) { + c7108_freesession(NULL, i); + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + return ENOBUFS; + } + memset(*swd, 0, sizeof(struct cipher_7108)); + + algo = NULL; + mode = 0; + xfm_type = HW_TYPE_CIPHER; + + switch (cri->cri_alg) { + + case CRYPTO_AES_CBC: + algo = "aes"; + mode = CRYPTO_TFM_MODE_CBC; + c7108_crypto_mode = C7108_AES_CTRL_MODE_CBC; + break; +#if 0 + case CRYPTO_AES_CTR: + algo = "aes_ctr"; + mode = CRYPTO_TFM_MODE_CBC; + c7108_crypto_mode = C7108_AES_CTRL_MODE_CTR; + break; + case CRYPTO_AES_ECB: + algo = "aes_ecb"; + mode = CRYPTO_TFM_MODE_CBC; + c7108_crypto_mode = C7108_AES_CTRL_MODE_ECB; + break; + case CRYPTO_AES_OFB: + algo = "aes_ofb"; + mode = CRYPTO_TFM_MODE_CBC; + c7108_crypto_mode = C7108_AES_CTRL_MODE_OFB; + break; + case CRYPTO_AES_CFB: + algo = "aes_cfb"; + mode = CRYPTO_TFM_MODE_CBC; + c7108_crypto_mode = C7108_AES_CTRL_MODE_CFB; + break; +#endif + default: + printk("unsupported crypto algorithm: %d\n", + cri->cri_alg); + return -EINVAL; + break; + } + + + if (!algo || !*algo) { + printk("cypher_7108_crypto: Unknown algo 0x%x\n", + cri->cri_alg); + c7108_freesession(NULL, i); + return EINVAL; + } + + if (xfm_type == HW_TYPE_CIPHER) { + if (debug) { + dprintk("%s key:", __FUNCTION__); + for (i = 0; i < (cri->cri_klen + 7) / 8; i++) + dprintk("%s0x%02x", (i % 8) ? " " : "\n ", + cri->cri_key[i]); + dprintk("\n"); + } + + } else if (xfm_type == SW_TYPE_HMAC || + xfm_type == SW_TYPE_HASH) { + printk("cypher_7108_crypto: HMAC unsupported!\n"); + return -EINVAL; + c7108_freesession(NULL, i); + } else { + printk("cypher_7108_crypto: " + "Unhandled xfm_type %d\n", xfm_type); + c7108_freesession(NULL, i); + return EINVAL; + } + + (*swd)->cri_alg = cri->cri_alg; + (*swd)->xfm_type = xfm_type; + + cri = cri->cri_next; + swd = &((*swd)->next); + } + return 0; +} + +/* + * Free a session. + */ +static int +c7108_freesession(void *arg, u_int64_t tid) +{ + struct cipher_7108 *swd; + u_int32_t sid = CRYPTO_SESID2LID(tid); + + dprintk("%s()\n", __FUNCTION__); + if (sid > c7108_sesnum || c7108_sessions == NULL || + c7108_sessions[sid] == NULL) { + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + return(EINVAL); + } + + /* Silently accept and return */ + if (sid == 0) + return(0); + + while ((swd = c7108_sessions[sid]) != NULL) { + c7108_sessions[sid] = swd->next; + kfree(swd); + } + return 0; +} + +/* + * Process a hardware request. + */ +static int +c7108_process(void *arg, struct cryptop *crp, int hint) +{ + struct cryptodesc *crd; + struct cipher_7108 *sw; + u_int32_t lid; + int type; + u32 hwkey[8]; + +#define SCATTERLIST_MAX 16 + struct scatterlist sg[SCATTERLIST_MAX]; + int sg_num, sg_len, skip; + struct sk_buff *skb = NULL; + struct uio *uiop = NULL; + + dprintk("%s()\n", __FUNCTION__); + /* Sanity check */ + if (crp == NULL) { + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + return EINVAL; + } + + crp->crp_etype = 0; + + if (crp->crp_desc == NULL || crp->crp_buf == NULL) { + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + crp->crp_etype = EINVAL; + goto done; + } + + lid = crp->crp_sid & 0xffffffff; + if (lid >= c7108_sesnum || lid == 0 || c7108_sessions == NULL || + c7108_sessions[lid] == NULL) { + crp->crp_etype = ENOENT; + dprintk("%s,%d: ENOENT\n", __FILE__, __LINE__); + goto done; + } + + /* + * do some error checking outside of the loop for SKB and IOV + * processing this leaves us with valid skb or uiop pointers + * for later + */ + if (crp->crp_flags & CRYPTO_F_SKBUF) { + skb = (struct sk_buff *) crp->crp_buf; + if (skb_shinfo(skb)->nr_frags >= SCATTERLIST_MAX) { + printk("%s,%d: %d nr_frags > SCATTERLIST_MAX", + __FILE__, __LINE__, + skb_shinfo(skb)->nr_frags); + goto done; + } + } else if (crp->crp_flags & CRYPTO_F_IOV) { + uiop = (struct uio *) crp->crp_buf; + if (uiop->uio_iovcnt > SCATTERLIST_MAX) { + printk("%s,%d: %d uio_iovcnt > SCATTERLIST_MAX", + __FILE__, __LINE__, + uiop->uio_iovcnt); + goto done; + } + } + + /* Go through crypto descriptors, processing as we go */ + for (crd = crp->crp_desc; crd; crd = crd->crd_next) { + /* + * Find the crypto context. + * + * XXX Note that the logic here prevents us from having + * XXX the same algorithm multiple times in a session + * XXX (or rather, we can but it won't give us the right + * XXX results). To do that, we'd need some way of differentiating + * XXX between the various instances of an algorithm (so we can + * XXX locate the correct crypto context). + */ + for (sw = c7108_sessions[lid]; + sw && sw->cri_alg != crd->crd_alg; + sw = sw->next) + ; + + /* No such context ? */ + if (sw == NULL) { + crp->crp_etype = EINVAL; + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + goto done; + } + + skip = crd->crd_skip; + + /* + * setup the SG list skip from the start of the buffer + */ + memset(sg, 0, sizeof(sg)); + if (crp->crp_flags & CRYPTO_F_SKBUF) { + int i, len; + type = CRYPTO_BUF_SKBUF; + + sg_num = 0; + sg_len = 0; + + if (skip < skb_headlen(skb)) { + //sg[sg_num].page = virt_to_page(skb->data + skip); + //sg[sg_num].offset = offset_in_page(skb->data + skip); + len = skb_headlen(skb) - skip; + if (len + sg_len > crd->crd_len) + len = crd->crd_len - sg_len; + //sg[sg_num].length = len; + sg_set_page(&sg[sg_num], virt_to_page(skb->data + skip), len, offset_in_page(skb->data + skip)); + sg_len += sg[sg_num].length; + sg_num++; + skip = 0; + } else + skip -= skb_headlen(skb); + + for (i = 0; sg_len < crd->crd_len && + i < skb_shinfo(skb)->nr_frags && + sg_num < SCATTERLIST_MAX; i++) { + if (skip < skb_shinfo(skb)->frags[i].size) { + //sg[sg_num].page = skb_frag_page(&skb_shinfo(skb)->frags[i]); + //sg[sg_num].offset = skb_shinfo(skb)->frags[i].page_offset + skip; + len = skb_shinfo(skb)->frags[i].size - skip; + if (len + sg_len > crd->crd_len) + len = crd->crd_len - sg_len; + //sg[sg_num].length = len; + sg_set_page(&sg[sg_num], skb_frag_page(&skb_shinfo(skb)->frags[i]), len, skb_shinfo(skb)->frags[i].page_offset + skip); + sg_len += sg[sg_num].length; + sg_num++; + skip = 0; + } else + skip -= skb_shinfo(skb)->frags[i].size; + } + } else if (crp->crp_flags & CRYPTO_F_IOV) { + int len; + type = CRYPTO_BUF_IOV; + sg_len = 0; + for (sg_num = 0; sg_len < crd->crd_len && + sg_num < uiop->uio_iovcnt && + sg_num < SCATTERLIST_MAX; sg_num++) { + if (skip < uiop->uio_iov[sg_num].iov_len) { + //sg[sg_num].page = virt_to_page(uiop->uio_iov[sg_num].iov_base+skip); + //sg[sg_num].offset = offset_in_page(uiop->uio_iov[sg_num].iov_base+skip); + len = uiop->uio_iov[sg_num].iov_len - skip; + if (len + sg_len > crd->crd_len) + len = crd->crd_len - sg_len; + //sg[sg_num].length = len; + sg_set_page(&sg[sg_num], virt_to_page(uiop->uio_iov[sg_num].iov_base+skip), len, offset_in_page(uiop->uio_iov[sg_num].iov_base+skip)); + sg_len += sg[sg_num].length; + skip = 0; + } else + skip -= uiop->uio_iov[sg_num].iov_len; + } + } else { + type = CRYPTO_BUF_CONTIG; + //sg[0].page = virt_to_page(crp->crp_buf + skip); + //sg[0].offset = offset_in_page(crp->crp_buf + skip); + sg_len = (crp->crp_ilen - skip); + if (sg_len > crd->crd_len) + sg_len = crd->crd_len; + //sg[0].length = sg_len; + sg_set_page(&sg[0], virt_to_page(crp->crp_buf + skip), sg_len, offset_in_page(crp->crp_buf + skip)); + sg_num = 1; + } + if (sg_num > 0) + sg_mark_end(&sg[sg_num-1]); + + + switch (sw->xfm_type) { + + case HW_TYPE_CIPHER: { + + unsigned char iv[64]; + unsigned char *ivp = iv; + int i; + int ivsize = 16; /* fixed for AES */ + int blocksize = 16; /* fixed for AES */ + + if (sg_len < blocksize) { + crp->crp_etype = EINVAL; + dprintk("%s,%d: EINVAL len %d < %d\n", + __FILE__, __LINE__, + sg_len, + blocksize); + goto done; + } + + if (ivsize > sizeof(iv)) { + crp->crp_etype = EINVAL; + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + goto done; + } + + if (crd->crd_flags & CRD_F_ENCRYPT) { /* encrypt */ + + if (crd->crd_flags & CRD_F_IV_EXPLICIT) { + ivp = crd->crd_iv; + } else { + get_random_bytes(ivp, ivsize); + } + /* + * do we have to copy the IV back to the buffer ? + */ + if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) { + crypto_copyback(crp->crp_buf, + crd->crd_inject, + ivsize, + (caddr_t)ivp); + } + + c7108_xlate_key(crd->crd_klen, + (u8*)crd->crd_key, (u32*)hwkey); + + /* Encrypt SG list */ + for (i = 0; i < sg_num; i++) { + sg[i].dma_address = + dma_map_single(NULL, + kmap(sg_page(&sg[i])) + sg[i].offset, sg_len, DMA_BIDIRECTIONAL); +#if 0 + printk("sg[%d]:0x%08x, off 0x%08x " + "kmap 0x%08x phys 0x%08x\n", + i, sg[i].page, sg[i].offset, + kmap(sg[i].page) + sg[i].offset, + sg[i].dma_address); +#endif + c7108_aes_cipher(C7108_AES_ENCRYPT, + sg[i].dma_address, + sg[i].dma_address, + sg_len, + crd->crd_klen, + c7108_crypto_mode, + hwkey, + ivp); + + if ((c7108_crypto_mode == C7108_AES_CTRL_MODE_CBC)|| + (c7108_crypto_mode == C7108_AES_CTRL_MODE_ECB)) { + /* Read back expanded key and cache it in key + * context. + * NOTE: for ECB/CBC modes only (not CTR, CFB, OFB) + * where you set the key once. + */ + c7108_cache_key(crd->crd_klen, + (u32*)hwkey, (u8*)crd->crd_key); +#if 0 + printk("%s expanded key:", __FUNCTION__); + for (i = 0; i < (crd->crd_klen + 7) / 8; i++) + printk("%s0x%02x", (i % 8) ? " " : "\n ", + crd->crd_key[i]); + printk("\n"); +#endif + } + } + } + else { /*decrypt */ + + if (crd->crd_flags & CRD_F_IV_EXPLICIT) { + ivp = crd->crd_iv; + } else { + crypto_copydata(crp->crp_buf, crd->crd_inject, + ivsize, (caddr_t)ivp); + } + + c7108_xlate_key(crd->crd_klen, + (u8*)crd->crd_key, (u32*)hwkey); + + /* Decrypt SG list */ + for (i = 0; i < sg_num; i++) { + sg[i].dma_address = + dma_map_single(NULL, + kmap(sg_page(&sg[i])) + sg[i].offset, + sg_len, DMA_BIDIRECTIONAL); + +#if 0 + printk("sg[%d]:0x%08x, off 0x%08x " + "kmap 0x%08x phys 0x%08x\n", + i, sg[i].page, sg[i].offset, + kmap(sg[i].page) + sg[i].offset, + sg[i].dma_address); +#endif + c7108_aes_cipher(C7108_AES_DECRYPT, + sg[i].dma_address, + sg[i].dma_address, + sg_len, + crd->crd_klen, + c7108_crypto_mode, + hwkey, + ivp); + } + } + } break; + case SW_TYPE_HMAC: + case SW_TYPE_HASH: + crp->crp_etype = EINVAL; + goto done; + break; + + case SW_TYPE_COMP: + crp->crp_etype = EINVAL; + goto done; + break; + + default: + /* Unknown/unsupported algorithm */ + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + crp->crp_etype = EINVAL; + goto done; + } + } + +done: + crypto_done(crp); + return 0; +} + +static struct { + softc_device_decl sc_dev; +} a7108dev; + +static device_method_t a7108_methods = { +/* crypto device methods */ + DEVMETHOD(cryptodev_newsession, c7108_newsession), + DEVMETHOD(cryptodev_freesession, c7108_freesession), + DEVMETHOD(cryptodev_process, c7108_process), + DEVMETHOD(cryptodev_kprocess, NULL) +}; + +static int +cypher_7108_crypto_init(void) +{ + dprintk("%s(%p)\n", __FUNCTION__, cypher_7108_crypto_init); + + iobar = (unsigned long)ioremap(CCU_AES_REG_BASE, 0x4000); + printk("7108: AES @ 0x%08x (0x%08x phys) %s mode\n", + iobar, CCU_AES_REG_BASE, + c7108_crypto_mode & C7108_AES_CTRL_MODE_CBC ? "CBC" : + c7108_crypto_mode & C7108_AES_CTRL_MODE_ECB ? "ECB" : + c7108_crypto_mode & C7108_AES_CTRL_MODE_CTR ? "CTR" : + c7108_crypto_mode & C7108_AES_CTRL_MODE_CFB ? "CFB" : + c7108_crypto_mode & C7108_AES_CTRL_MODE_OFB ? "OFB" : "???"); + csr_mutex = SPIN_LOCK_UNLOCKED; + + memset(&a7108dev, 0, sizeof(a7108dev)); + softc_device_init(&a7108dev, "aes7108", 0, a7108_methods); + + c7108_id = crypto_get_driverid(softc_get_device(&a7108dev), CRYPTOCAP_F_HARDWARE); + if (c7108_id < 0) + panic("7108: crypto device cannot initialize!"); + +// crypto_register(c7108_id, CRYPTO_AES_CBC, 0, 0, c7108_newsession, c7108_freesession, c7108_process, NULL); + crypto_register(c7108_id, CRYPTO_AES_CBC, 0, 0); + + return(0); +} + +static void +cypher_7108_crypto_exit(void) +{ + dprintk("%s()\n", __FUNCTION__); + crypto_unregister_all(c7108_id); + c7108_id = -1; +} + +module_init(cypher_7108_crypto_init); +module_exit(cypher_7108_crypto_exit); + +MODULE_LICENSE("Dual BSD/GPL"); +MODULE_DESCRIPTION("Cypher 7108 Crypto (OCF module for kernel crypto)"); diff -Naur linux-3.0.68.i686-orig/crypto/ocf/c7108/aes-7108.h linux-3.0.68.i686/crypto/ocf/c7108/aes-7108.h --- linux-3.0.68.i686-orig/crypto/ocf/c7108/aes-7108.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/c7108/aes-7108.h 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,134 @@ +/* + * Copyright (C) 2006 Micronas USA + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * + */ + +#ifndef __AES_7108_H__ +#define __AES_7108_H__ + +/* Cypher 7108 AES Controller Hardware */ +#define CCU_REG_BASE 0x1b500000 +#define CCU_AES_REG_BASE (CCU_REG_BASE + 0x100) +#define C7108_AES_KEY0_LO (0x0000) +#define C7108_AES_KEY0_HI (0x0004) +#define C7108_AES_KEY1_LO (0x0008) +#define C7108_AES_KEY1_HI (0x000c) +#define C7108_AES_KEY2_LO (0x0010) +#define C7108_AES_KEY2_HI (0x0014) +#define C7108_AES_KEY3_LO (0x0018) +#define C7108_AES_KEY3_HI (0x001c) +#define C7108_AES_KEY4_LO (0x0020) +#define C7108_AES_KEY4_HI (0x0024) +#define C7108_AES_KEY5_LO (0x0028) +#define C7108_AES_KEY5_HI (0x002c) +#define C7108_AES_KEY6_LO (0x0030) +#define C7108_AES_KEY6_HI (0x0034) +#define C7108_AES_KEY7_LO (0x0038) +#define C7108_AES_KEY7_HI (0x003c) +#define C7108_AES_IV0_LO (0x0040) +#define C7108_AES_IV0_HI (0x0044) +#define C7108_AES_IV1_LO (0x0048) +#define C7108_AES_IV1_HI (0x004c) +#define C7108_AES_IV2_LO (0x0050) +#define C7108_AES_IV2_HI (0x0054) +#define C7108_AES_IV3_LO (0x0058) +#define C7108_AES_IV3_HI (0x005c) + +#define C7108_AES_DMA_SRC0_LO (0x0068) /* Bits 0:15 */ +#define C7108_AES_DMA_SRC0_HI (0x006c) /* Bits 27:16 */ +#define C7108_AES_DMA_DST0_LO (0x0070) /* Bits 0:15 */ +#define C7108_AES_DMA_DST0_HI (0x0074) /* Bits 27:16 */ +#define C7108_AES_DMA_LEN (0x0078) /*Bytes:(Count+1)x16 */ + +/* AES/Copy engine control register */ +#define C7108_AES_CTRL (0x007c) /* AES control */ +#define C7108_AES_CTRL_RS (1<<0) /* Which set of src/dst to use */ + +/* AES Cipher mode, controlled by setting Bits 2:0 */ +#define C7108_AES_CTRL_MODE_CBC 0 +#define C7108_AES_CTRL_MODE_CFB (1<<0) +#define C7108_AES_CTRL_MODE_OFB (1<<1) +#define C7108_AES_CTRL_MODE_CTR ((1<<0)|(1<<1)) +#define C7108_AES_CTRL_MODE_ECB (1<<2) + +/* AES Key length , Bits 5:4 */ +#define C7108_AES_KEY_LEN_128 0 /* 00 */ +#define C7108_AES_KEY_LEN_192 (1<<4) /* 01 */ +#define C7108_AES_KEY_LEN_256 (1<<5) /* 10 */ + +/* AES Operation (crypt/decrypt), Bit 3 */ +#define C7108_AES_DECRYPT (1<<3) /* Clear for encrypt */ +#define C7108_AES_ENCRYPT 0 +#define C7108_AES_INTR (1<<13) /* Set on done trans from 0->1*/ +#define C7108_AES_GO (1<<14) /* Run */ +#define C7108_AES_OP_DONE (1<<15) /* Set when complete */ + + +/* Expanded key registers */ +#define C7108_AES_EKEY0_LO (0x0080) +#define C7108_AES_EKEY0_HI (0x0084) +#define C7108_AES_EKEY1_LO (0x0088) +#define C7108_AES_EKEY1_HI (0x008c) +#define C7108_AES_EKEY2_LO (0x0090) +#define C7108_AES_EKEY2_HI (0x0094) +#define C7108_AES_EKEY3_LO (0x0098) +#define C7108_AES_EKEY3_HI (0x009c) +#define C7108_AES_EKEY4_LO (0x00a0) +#define C7108_AES_EKEY4_HI (0x00a4) +#define C7108_AES_EKEY5_LO (0x00a8) +#define C7108_AES_EKEY5_HI (0x00ac) +#define C7108_AES_EKEY6_LO (0x00b0) +#define C7108_AES_EKEY6_HI (0x00b4) +#define C7108_AES_EKEY7_LO (0x00b8) +#define C7108_AES_EKEY7_HI (0x00bc) +#define C7108_AES_OK (0x00fc) /* Reset: "OK" */ + +#define offset_in_page(p) ((unsigned long)(p) & ~PAGE_MASK) + +/* Software session entry */ + +#define HW_TYPE_CIPHER 0 +#define SW_TYPE_HMAC 1 +#define SW_TYPE_AUTH2 2 +#define SW_TYPE_HASH 3 +#define SW_TYPE_COMP 4 + +struct cipher_7108 { + int xfm_type; + int cri_alg; + union { + struct { + char sw_key[HMAC_BLOCK_LEN]; + int sw_klen; + int sw_authlen; + } hmac; + } u; + struct cipher_7108 *next; +}; + + + +#endif /* __C7108_AES_7108_H__ */ diff -Naur linux-3.0.68.i686-orig/crypto/ocf/c7108/Makefile linux-3.0.68.i686/crypto/ocf/c7108/Makefile --- linux-3.0.68.i686-orig/crypto/ocf/c7108/Makefile 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/c7108/Makefile 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,12 @@ +# for SGlinux builds +-include $(ROOTDIR)/modules/.config + +obj-$(CONFIG_OCF_C7108) += aes-7108.o + +obj ?= . +EXTRA_CFLAGS += -I$(obj)/.. -I$(obj)/ + +ifdef TOPDIR +-include $(TOPDIR)/Rules.make +endif + diff -Naur linux-3.0.68.i686-orig/crypto/ocf/Config.in linux-3.0.68.i686/crypto/ocf/Config.in --- linux-3.0.68.i686-orig/crypto/ocf/Config.in 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/Config.in 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,38 @@ +############################################################################# + +mainmenu_option next_comment +comment 'OCF Configuration' +tristate 'OCF (Open Cryptograhic Framework)' CONFIG_OCF_OCF +dep_mbool ' enable fips RNG checks (fips check on RNG data before use)' \ + CONFIG_OCF_FIPS $CONFIG_OCF_OCF +dep_mbool ' enable harvesting entropy for /dev/random' \ + CONFIG_OCF_RANDOMHARVEST $CONFIG_OCF_OCF +dep_tristate ' cryptodev (user space support)' \ + CONFIG_OCF_CRYPTODEV $CONFIG_OCF_OCF +dep_tristate ' cryptosoft (software crypto engine)' \ + CONFIG_OCF_CRYPTOSOFT $CONFIG_OCF_OCF +dep_tristate ' safenet (HW crypto engine)' \ + CONFIG_OCF_SAFE $CONFIG_OCF_OCF +dep_tristate ' IXP4xx (HW crypto engine)' \ + CONFIG_OCF_IXP4XX $CONFIG_OCF_OCF +dep_mbool ' Enable IXP4xx HW to perform SHA1 and MD5 hashing (very slow)' \ + CONFIG_OCF_IXP4XX_SHA1_MD5 $CONFIG_OCF_IXP4XX +dep_tristate ' hifn (HW crypto engine)' \ + CONFIG_OCF_HIFN $CONFIG_OCF_OCF +dep_tristate ' talitos (HW crypto engine)' \ + CONFIG_OCF_TALITOS $CONFIG_OCF_OCF +dep_tristate ' pasemi (HW crypto engine)' \ + CONFIG_OCF_PASEMI $CONFIG_OCF_OCF +dep_tristate ' ep80579 (HW crypto engine)' \ + CONFIG_OCF_EP80579 $CONFIG_OCF_OCF +dep_tristate ' Micronas c7108 (HW crypto engine)' \ + CONFIG_OCF_C7108 $CONFIG_OCF_OCF +dep_tristate ' uBsec BCM5365 (HW crypto engine)' + CONFIG_OCF_UBSEC_SSB $CONFIG_OCF_OCF +dep_tristate ' ocfnull (does no crypto)' \ + CONFIG_OCF_OCFNULL $CONFIG_OCF_OCF +dep_tristate ' ocf-bench (HW crypto in-kernel benchmark)' \ + CONFIG_OCF_BENCH $CONFIG_OCF_OCF +endmenu + +############################################################################# diff -Naur linux-3.0.68.i686-orig/crypto/ocf/criov.c linux-3.0.68.i686/crypto/ocf/criov.c --- linux-3.0.68.i686-orig/crypto/ocf/criov.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/criov.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,215 @@ +/* $OpenBSD: criov.c,v 1.9 2002/01/29 15:48:29 jason Exp $ */ + +/* + * Linux port done by David McCullough + * Copyright (C) 2006-2010 David McCullough + * Copyright (C) 2004-2005 Intel Corporation. + * The license and original author are listed below. + * + * Copyright (c) 1999 Theo de Raadt + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * +__FBSDID("$FreeBSD: src/sys/opencrypto/criov.c,v 1.5 2006/06/04 22:15:13 pjd Exp $"); + */ + +#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +/* + * This macro is only for avoiding code duplication, as we need to skip + * given number of bytes in the same way in three functions below. + */ +#define CUIO_SKIP() do { \ + KASSERT(off >= 0, ("%s: off %d < 0", __func__, off)); \ + KASSERT(len >= 0, ("%s: len %d < 0", __func__, len)); \ + while (off > 0) { \ + KASSERT(iol >= 0, ("%s: empty in skip", __func__)); \ + if (off < iov->iov_len) \ + break; \ + off -= iov->iov_len; \ + iol--; \ + iov++; \ + } \ +} while (0) + +void +cuio_copydata(struct uio* uio, int off, int len, caddr_t cp) +{ + struct iovec *iov = uio->uio_iov; + int iol = uio->uio_iovcnt; + unsigned count; + + CUIO_SKIP(); + while (len > 0) { + KASSERT(iol >= 0, ("%s: empty", __func__)); + count = min((int)(iov->iov_len - off), len); + memcpy(cp, ((caddr_t)iov->iov_base) + off, count); + len -= count; + cp += count; + off = 0; + iol--; + iov++; + } +} + +void +cuio_copyback(struct uio* uio, int off, int len, caddr_t cp) +{ + struct iovec *iov = uio->uio_iov; + int iol = uio->uio_iovcnt; + unsigned count; + + CUIO_SKIP(); + while (len > 0) { + KASSERT(iol >= 0, ("%s: empty", __func__)); + count = min((int)(iov->iov_len - off), len); + memcpy(((caddr_t)iov->iov_base) + off, cp, count); + len -= count; + cp += count; + off = 0; + iol--; + iov++; + } +} + +/* + * Return a pointer to iov/offset of location in iovec list. + */ +struct iovec * +cuio_getptr(struct uio *uio, int loc, int *off) +{ + struct iovec *iov = uio->uio_iov; + int iol = uio->uio_iovcnt; + + while (loc >= 0) { + /* Normal end of search */ + if (loc < iov->iov_len) { + *off = loc; + return (iov); + } + + loc -= iov->iov_len; + if (iol == 0) { + if (loc == 0) { + /* Point at the end of valid data */ + *off = iov->iov_len; + return (iov); + } else + return (NULL); + } else { + iov++, iol--; + } + } + + return (NULL); +} + +EXPORT_SYMBOL(cuio_copyback); +EXPORT_SYMBOL(cuio_copydata); +EXPORT_SYMBOL(cuio_getptr); + +static void +skb_copy_bits_back(struct sk_buff *skb, int offset, caddr_t cp, int len) +{ + int i; + if (offset < skb_headlen(skb)) { + memcpy(skb->data + offset, cp, min_t(int, skb_headlen(skb), len)); + len -= skb_headlen(skb); + cp += skb_headlen(skb); + } + offset -= skb_headlen(skb); + for (i = 0; len > 0 && i < skb_shinfo(skb)->nr_frags; i++) { + if (offset < skb_shinfo(skb)->frags[i].size) { + memcpy(page_address(skb_frag_page(&skb_shinfo(skb)->frags[i])) + + skb_shinfo(skb)->frags[i].page_offset, + cp, min_t(int, skb_shinfo(skb)->frags[i].size, len)); + len -= skb_shinfo(skb)->frags[i].size; + cp += skb_shinfo(skb)->frags[i].size; + } + offset -= skb_shinfo(skb)->frags[i].size; + } +} + +void +crypto_copyback(int flags, caddr_t buf, int off, int size, caddr_t in) +{ + + if ((flags & CRYPTO_F_SKBUF) != 0) + skb_copy_bits_back((struct sk_buff *)buf, off, in, size); + else if ((flags & CRYPTO_F_IOV) != 0) + cuio_copyback((struct uio *)buf, off, size, in); + else + bcopy(in, buf + off, size); +} + +void +crypto_copydata(int flags, caddr_t buf, int off, int size, caddr_t out) +{ + + if ((flags & CRYPTO_F_SKBUF) != 0) + skb_copy_bits((struct sk_buff *)buf, off, out, size); + else if ((flags & CRYPTO_F_IOV) != 0) + cuio_copydata((struct uio *)buf, off, size, out); + else + bcopy(buf + off, out, size); +} + +int +crypto_apply(int flags, caddr_t buf, int off, int len, + int (*f)(void *, void *, u_int), void *arg) +{ +#if 0 + int error; + + if ((flags & CRYPTO_F_SKBUF) != 0) + error = XXXXXX((struct mbuf *)buf, off, len, f, arg); + else if ((flags & CRYPTO_F_IOV) != 0) + error = cuio_apply((struct uio *)buf, off, len, f, arg); + else + error = (*f)(arg, buf + off, len); + return (error); +#else + KASSERT(0, ("crypto_apply not implemented!\n")); +#endif + return 0; +} + +EXPORT_SYMBOL(crypto_copyback); +EXPORT_SYMBOL(crypto_copydata); +EXPORT_SYMBOL(crypto_apply); + diff -Naur linux-3.0.68.i686-orig/crypto/ocf/crypto.c linux-3.0.68.i686/crypto/ocf/crypto.c --- linux-3.0.68.i686-orig/crypto/ocf/crypto.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/crypto.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,1766 @@ +/*- + * Linux port done by David McCullough + * Copyright (C) 2006-2010 David McCullough + * Copyright (C) 2004-2005 Intel Corporation. + * The license and original author are listed below. + * + * Redistribution and use in source and binary forms, with or without + * Copyright (c) 2002-2006 Sam Leffler. All rights reserved. + * + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#if 0 +#include +__FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.27 2007/03/21 03:42:51 sam Exp $"); +#endif + +/* + * Cryptographic Subsystem. + * + * This code is derived from the Openbsd Cryptographic Framework (OCF) + * that has the copyright shown below. Very little of the original + * code remains. + */ +/*- + * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) + * + * This code was written by Angelos D. Keromytis in Athens, Greece, in + * February 2000. Network Security Technologies Inc. (NSTI) kindly + * supported the development of this code. + * + * Copyright (c) 2000, 2001 Angelos D. Keromytis + * + * Permission to use, copy, and modify this software with or without fee + * is hereby granted, provided that this entire notice is included in + * all source code copies of any software which is or includes a copy or + * modification of this software. + * + * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY + * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE + * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR + * PURPOSE. + * +__FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.16 2005/01/07 02:29:16 imp Exp $"); + */ + + +#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,4) +#include +#endif +#include + +/* + * keep track of whether or not we have been initialised, a big + * issue if we are linked into the kernel and a driver gets started before + * us + */ +static int crypto_initted = 0; + +/* + * Crypto drivers register themselves by allocating a slot in the + * crypto_drivers table with crypto_get_driverid() and then registering + * each algorithm they support with crypto_register() and crypto_kregister(). + */ + +/* + * lock on driver table + * we track its state as spin_is_locked does not do anything on non-SMP boxes + */ +static spinlock_t crypto_drivers_lock; +static int crypto_drivers_locked; /* for non-SMP boxes */ + +#define CRYPTO_DRIVER_LOCK() \ + ({ \ + spin_lock_irqsave(&crypto_drivers_lock, d_flags); \ + crypto_drivers_locked = 1; \ + dprintk("%s,%d: DRIVER_LOCK()\n", __FILE__, __LINE__); \ + }) +#define CRYPTO_DRIVER_UNLOCK() \ + ({ \ + dprintk("%s,%d: DRIVER_UNLOCK()\n", __FILE__, __LINE__); \ + crypto_drivers_locked = 0; \ + spin_unlock_irqrestore(&crypto_drivers_lock, d_flags); \ + }) +#define CRYPTO_DRIVER_ASSERT() \ + ({ \ + if (!crypto_drivers_locked) { \ + dprintk("%s,%d: DRIVER_ASSERT!\n", __FILE__, __LINE__); \ + } \ + }) + +/* + * Crypto device/driver capabilities structure. + * + * Synchronization: + * (d) - protected by CRYPTO_DRIVER_LOCK() + * (q) - protected by CRYPTO_Q_LOCK() + * Not tagged fields are read-only. + */ +struct cryptocap { + device_t cc_dev; /* (d) device/driver */ + u_int32_t cc_sessions; /* (d) # of sessions */ + u_int32_t cc_koperations; /* (d) # os asym operations */ + /* + * Largest possible operator length (in bits) for each type of + * encryption algorithm. XXX not used + */ + u_int16_t cc_max_op_len[CRYPTO_ALGORITHM_MAX + 1]; + u_int8_t cc_alg[CRYPTO_ALGORITHM_MAX + 1]; + u_int8_t cc_kalg[CRK_ALGORITHM_MAX + 1]; + + int cc_flags; /* (d) flags */ +#define CRYPTOCAP_F_CLEANUP 0x80000000 /* needs resource cleanup */ + int cc_qblocked; /* (q) symmetric q blocked */ + int cc_kqblocked; /* (q) asymmetric q blocked */ + + int cc_unqblocked; /* (q) symmetric q blocked */ + int cc_unkqblocked; /* (q) asymmetric q blocked */ +}; +static struct cryptocap *crypto_drivers = NULL; +static int crypto_drivers_num = 0; + +/* + * There are two queues for crypto requests; one for symmetric (e.g. + * cipher) operations and one for asymmetric (e.g. MOD)operations. + * A single mutex is used to lock access to both queues. We could + * have one per-queue but having one simplifies handling of block/unblock + * operations. + */ +static LIST_HEAD(crp_q); /* crypto request queue */ +static LIST_HEAD(crp_kq); /* asym request queue */ + +static spinlock_t crypto_q_lock; + +int crypto_all_qblocked = 0; /* protect with Q_LOCK */ +module_param(crypto_all_qblocked, int, 0444); +MODULE_PARM_DESC(crypto_all_qblocked, "Are all crypto queues blocked"); + +int crypto_all_kqblocked = 0; /* protect with Q_LOCK */ +module_param(crypto_all_kqblocked, int, 0444); +MODULE_PARM_DESC(crypto_all_kqblocked, "Are all asym crypto queues blocked"); + +#define CRYPTO_Q_LOCK() \ + ({ \ + spin_lock_irqsave(&crypto_q_lock, q_flags); \ + dprintk("%s,%d: Q_LOCK()\n", __FILE__, __LINE__); \ + }) +#define CRYPTO_Q_UNLOCK() \ + ({ \ + dprintk("%s,%d: Q_UNLOCK()\n", __FILE__, __LINE__); \ + spin_unlock_irqrestore(&crypto_q_lock, q_flags); \ + }) + +/* + * There are two queues for processing completed crypto requests; one + * for the symmetric and one for the asymmetric ops. We only need one + * but have two to avoid type futzing (cryptop vs. cryptkop). A single + * mutex is used to lock access to both queues. Note that this lock + * must be separate from the lock on request queues to insure driver + * callbacks don't generate lock order reversals. + */ +static LIST_HEAD(crp_ret_q); /* callback queues */ +static LIST_HEAD(crp_ret_kq); + +static spinlock_t crypto_ret_q_lock; +#define CRYPTO_RETQ_LOCK() \ + ({ \ + spin_lock_irqsave(&crypto_ret_q_lock, r_flags); \ + dprintk("%s,%d: RETQ_LOCK\n", __FILE__, __LINE__); \ + }) +#define CRYPTO_RETQ_UNLOCK() \ + ({ \ + dprintk("%s,%d: RETQ_UNLOCK\n", __FILE__, __LINE__); \ + spin_unlock_irqrestore(&crypto_ret_q_lock, r_flags); \ + }) +#define CRYPTO_RETQ_EMPTY() (list_empty(&crp_ret_q) && list_empty(&crp_ret_kq)) + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20) +static kmem_cache_t *cryptop_zone; +static kmem_cache_t *cryptodesc_zone; +#else +static struct kmem_cache *cryptop_zone; +static struct kmem_cache *cryptodesc_zone; +#endif + +#define debug crypto_debug +int crypto_debug = 0; +module_param(crypto_debug, int, 0644); +MODULE_PARM_DESC(crypto_debug, "Enable debug"); +EXPORT_SYMBOL(crypto_debug); + +/* + * Maximum number of outstanding crypto requests before we start + * failing requests. We need this to prevent DOS when too many + * requests are arriving for us to keep up. Otherwise we will + * run the system out of memory. Since crypto is slow, we are + * usually the bottleneck that needs to say, enough is enough. + * + * We cannot print errors when this condition occurs, we are already too + * slow, printing anything will just kill us + */ + +static int crypto_q_cnt = 0; +module_param(crypto_q_cnt, int, 0444); +MODULE_PARM_DESC(crypto_q_cnt, + "Current number of outstanding crypto requests"); + +static int crypto_q_max = 1000; +module_param(crypto_q_max, int, 0644); +MODULE_PARM_DESC(crypto_q_max, + "Maximum number of outstanding crypto requests"); + +#define bootverbose crypto_verbose +static int crypto_verbose = 0; +module_param(crypto_verbose, int, 0644); +MODULE_PARM_DESC(crypto_verbose, + "Enable verbose crypto startup"); + +int crypto_usercrypto = 1; /* userland may do crypto reqs */ +module_param(crypto_usercrypto, int, 0644); +MODULE_PARM_DESC(crypto_usercrypto, + "Enable/disable user-mode access to crypto support"); + +int crypto_userasymcrypto = 1; /* userland may do asym crypto reqs */ +module_param(crypto_userasymcrypto, int, 0644); +MODULE_PARM_DESC(crypto_userasymcrypto, + "Enable/disable user-mode access to asymmetric crypto support"); + +int crypto_devallowsoft = 0; /* only use hardware crypto */ +module_param(crypto_devallowsoft, int, 0644); +MODULE_PARM_DESC(crypto_devallowsoft, + "Enable/disable use of software crypto support"); + +/* + * This parameter controls the maximum number of crypto operations to + * do consecutively in the crypto kernel thread before scheduling to allow + * other processes to run. Without it, it is possible to get into a + * situation where the crypto thread never allows any other processes to run. + * Default to 1000 which should be less than one second. + */ +static int crypto_max_loopcount = 1000; +module_param(crypto_max_loopcount, int, 0644); +MODULE_PARM_DESC(crypto_max_loopcount, + "Maximum number of crypto ops to do before yielding to other processes"); + +#ifndef CONFIG_NR_CPUS +#define CONFIG_NR_CPUS 1 +#endif + +static struct task_struct *cryptoproc[CONFIG_NR_CPUS]; +static struct task_struct *cryptoretproc[CONFIG_NR_CPUS]; +static DECLARE_WAIT_QUEUE_HEAD(cryptoproc_wait); +static DECLARE_WAIT_QUEUE_HEAD(cryptoretproc_wait); + +static int crypto_proc(void *arg); +static int crypto_ret_proc(void *arg); +static int crypto_invoke(struct cryptocap *cap, struct cryptop *crp, int hint); +static int crypto_kinvoke(struct cryptkop *krp, int flags); +static void crypto_exit(void); +static int crypto_init(void); + +static struct cryptostats cryptostats; + +static struct cryptocap * +crypto_checkdriver(u_int32_t hid) +{ + if (crypto_drivers == NULL) + return NULL; + return (hid >= crypto_drivers_num ? NULL : &crypto_drivers[hid]); +} + +/* + * Compare a driver's list of supported algorithms against another + * list; return non-zero if all algorithms are supported. + */ +static int +driver_suitable(const struct cryptocap *cap, const struct cryptoini *cri) +{ + const struct cryptoini *cr; + + /* See if all the algorithms are supported. */ + for (cr = cri; cr; cr = cr->cri_next) + if (cap->cc_alg[cr->cri_alg] == 0) + return 0; + return 1; +} + + +/* + * Select a driver for a new session that supports the specified + * algorithms and, optionally, is constrained according to the flags. + * The algorithm we use here is pretty stupid; just use the + * first driver that supports all the algorithms we need. If there + * are multiple drivers we choose the driver with the fewest active + * sessions. We prefer hardware-backed drivers to software ones. + * + * XXX We need more smarts here (in real life too, but that's + * XXX another story altogether). + */ +static struct cryptocap * +crypto_select_driver(const struct cryptoini *cri, int flags) +{ + struct cryptocap *cap, *best; + int match, hid; + + CRYPTO_DRIVER_ASSERT(); + + /* + * Look first for hardware crypto devices if permitted. + */ + if (flags & CRYPTOCAP_F_HARDWARE) + match = CRYPTOCAP_F_HARDWARE; + else + match = CRYPTOCAP_F_SOFTWARE; + best = NULL; +again: + for (hid = 0; hid < crypto_drivers_num; hid++) { + cap = &crypto_drivers[hid]; + /* + * If it's not initialized, is in the process of + * going away, or is not appropriate (hardware + * or software based on match), then skip. + */ + if (cap->cc_dev == NULL || + (cap->cc_flags & CRYPTOCAP_F_CLEANUP) || + (cap->cc_flags & match) == 0) + continue; + + /* verify all the algorithms are supported. */ + if (driver_suitable(cap, cri)) { + if (best == NULL || + cap->cc_sessions < best->cc_sessions) + best = cap; + } + } + if (best != NULL) + return best; + if (match == CRYPTOCAP_F_HARDWARE && (flags & CRYPTOCAP_F_SOFTWARE)) { + /* sort of an Algol 68-style for loop */ + match = CRYPTOCAP_F_SOFTWARE; + goto again; + } + return best; +} + +/* + * Create a new session. The crid argument specifies a crypto + * driver to use or constraints on a driver to select (hardware + * only, software only, either). Whatever driver is selected + * must be capable of the requested crypto algorithms. + */ +int +crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int crid) +{ + struct cryptocap *cap; + u_int32_t hid, lid; + int err; + unsigned long d_flags; + + CRYPTO_DRIVER_LOCK(); + if ((crid & (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE)) == 0) { + /* + * Use specified driver; verify it is capable. + */ + cap = crypto_checkdriver(crid); + if (cap != NULL && !driver_suitable(cap, cri)) + cap = NULL; + } else { + /* + * No requested driver; select based on crid flags. + */ + cap = crypto_select_driver(cri, crid); + /* + * if NULL then can't do everything in one session. + * XXX Fix this. We need to inject a "virtual" session + * XXX layer right about here. + */ + } + if (cap != NULL) { + /* Call the driver initialization routine. */ + hid = cap - crypto_drivers; + lid = hid; /* Pass the driver ID. */ + cap->cc_sessions++; + CRYPTO_DRIVER_UNLOCK(); + err = CRYPTODEV_NEWSESSION(cap->cc_dev, &lid, cri); + CRYPTO_DRIVER_LOCK(); + if (err == 0) { + (*sid) = (cap->cc_flags & 0xff000000) + | (hid & 0x00ffffff); + (*sid) <<= 32; + (*sid) |= (lid & 0xffffffff); + } else + cap->cc_sessions--; + } else + err = EINVAL; + CRYPTO_DRIVER_UNLOCK(); + return err; +} + +static void +crypto_remove(struct cryptocap *cap) +{ + CRYPTO_DRIVER_ASSERT(); + if (cap->cc_sessions == 0 && cap->cc_koperations == 0) + bzero(cap, sizeof(*cap)); +} + +/* + * Delete an existing session (or a reserved session on an unregistered + * driver). + */ +int +crypto_freesession(u_int64_t sid) +{ + struct cryptocap *cap; + u_int32_t hid; + int err = 0; + unsigned long d_flags; + + dprintk("%s()\n", __FUNCTION__); + CRYPTO_DRIVER_LOCK(); + + if (crypto_drivers == NULL) { + err = EINVAL; + goto done; + } + + /* Determine two IDs. */ + hid = CRYPTO_SESID2HID(sid); + + if (hid >= crypto_drivers_num) { + dprintk("%s - INVALID DRIVER NUM %d\n", __FUNCTION__, hid); + err = ENOENT; + goto done; + } + cap = &crypto_drivers[hid]; + + if (cap->cc_dev) { + CRYPTO_DRIVER_UNLOCK(); + /* Call the driver cleanup routine, if available, unlocked. */ + err = CRYPTODEV_FREESESSION(cap->cc_dev, sid); + CRYPTO_DRIVER_LOCK(); + } + + if (cap->cc_sessions) + cap->cc_sessions--; + + if (cap->cc_flags & CRYPTOCAP_F_CLEANUP) + crypto_remove(cap); + +done: + CRYPTO_DRIVER_UNLOCK(); + return err; +} + +/* + * Return an unused driver id. Used by drivers prior to registering + * support for the algorithms they handle. + */ +int32_t +crypto_get_driverid(device_t dev, int flags) +{ + struct cryptocap *newdrv; + int i; + unsigned long d_flags; + + if ((flags & (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE)) == 0) { + printf("%s: no flags specified when registering driver\n", + device_get_nameunit(dev)); + return -1; + } + + CRYPTO_DRIVER_LOCK(); + + for (i = 0; i < crypto_drivers_num; i++) { + if (crypto_drivers[i].cc_dev == NULL && + (crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP) == 0) { + break; + } + } + + /* Out of entries, allocate some more. */ + if (i == crypto_drivers_num) { + /* Be careful about wrap-around. */ + if (2 * crypto_drivers_num <= crypto_drivers_num) { + CRYPTO_DRIVER_UNLOCK(); + printk("crypto: driver count wraparound!\n"); + return -1; + } + + newdrv = kmalloc(2 * crypto_drivers_num * sizeof(struct cryptocap), + GFP_KERNEL); + if (newdrv == NULL) { + CRYPTO_DRIVER_UNLOCK(); + printk("crypto: no space to expand driver table!\n"); + return -1; + } + + memcpy(newdrv, crypto_drivers, + crypto_drivers_num * sizeof(struct cryptocap)); + memset(&newdrv[crypto_drivers_num], 0, + crypto_drivers_num * sizeof(struct cryptocap)); + + crypto_drivers_num *= 2; + + kfree(crypto_drivers); + crypto_drivers = newdrv; + } + + /* NB: state is zero'd on free */ + crypto_drivers[i].cc_sessions = 1; /* Mark */ + crypto_drivers[i].cc_dev = dev; + crypto_drivers[i].cc_flags = flags; + if (bootverbose) + printf("crypto: assign %s driver id %u, flags %u\n", + device_get_nameunit(dev), i, flags); + + CRYPTO_DRIVER_UNLOCK(); + + return i; +} + +/* + * Lookup a driver by name. We match against the full device + * name and unit, and against just the name. The latter gives + * us a simple widlcarding by device name. On success return the + * driver/hardware identifier; otherwise return -1. + */ +int +crypto_find_driver(const char *match) +{ + int i, len = strlen(match); + unsigned long d_flags; + + CRYPTO_DRIVER_LOCK(); + for (i = 0; i < crypto_drivers_num; i++) { + device_t dev = crypto_drivers[i].cc_dev; + if (dev == NULL || + (crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP)) + continue; + if (strncmp(match, device_get_nameunit(dev), len) == 0 || + strncmp(match, device_get_name(dev), len) == 0) + break; + } + CRYPTO_DRIVER_UNLOCK(); + return i < crypto_drivers_num ? i : -1; +} + +/* + * Return the device_t for the specified driver or NULL + * if the driver identifier is invalid. + */ +device_t +crypto_find_device_byhid(int hid) +{ + struct cryptocap *cap = crypto_checkdriver(hid); + return cap != NULL ? cap->cc_dev : NULL; +} + +/* + * Return the device/driver capabilities. + */ +int +crypto_getcaps(int hid) +{ + struct cryptocap *cap = crypto_checkdriver(hid); + return cap != NULL ? cap->cc_flags : 0; +} + +/* + * Register support for a key-related algorithm. This routine + * is called once for each algorithm supported a driver. + */ +int +crypto_kregister(u_int32_t driverid, int kalg, u_int32_t flags) +{ + struct cryptocap *cap; + int err; + unsigned long d_flags; + + dprintk("%s()\n", __FUNCTION__); + CRYPTO_DRIVER_LOCK(); + + cap = crypto_checkdriver(driverid); + if (cap != NULL && + (CRK_ALGORITM_MIN <= kalg && kalg <= CRK_ALGORITHM_MAX)) { + /* + * XXX Do some performance testing to determine placing. + * XXX We probably need an auxiliary data structure that + * XXX describes relative performances. + */ + + cap->cc_kalg[kalg] = flags | CRYPTO_ALG_FLAG_SUPPORTED; + if (bootverbose) + printf("crypto: %s registers key alg %u flags %u\n" + , device_get_nameunit(cap->cc_dev) + , kalg + , flags + ); + err = 0; + } else + err = EINVAL; + + CRYPTO_DRIVER_UNLOCK(); + return err; +} + +/* + * Register support for a non-key-related algorithm. This routine + * is called once for each such algorithm supported by a driver. + */ +int +crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen, + u_int32_t flags) +{ + struct cryptocap *cap; + int err; + unsigned long d_flags; + + dprintk("%s(id=0x%x, alg=%d, maxoplen=%d, flags=0x%x)\n", __FUNCTION__, + driverid, alg, maxoplen, flags); + + CRYPTO_DRIVER_LOCK(); + + cap = crypto_checkdriver(driverid); + /* NB: algorithms are in the range [1..max] */ + if (cap != NULL && + (CRYPTO_ALGORITHM_MIN <= alg && alg <= CRYPTO_ALGORITHM_MAX)) { + /* + * XXX Do some performance testing to determine placing. + * XXX We probably need an auxiliary data structure that + * XXX describes relative performances. + */ + + cap->cc_alg[alg] = flags | CRYPTO_ALG_FLAG_SUPPORTED; + cap->cc_max_op_len[alg] = maxoplen; + if (bootverbose) + printf("crypto: %s registers alg %u flags %u maxoplen %u\n" + , device_get_nameunit(cap->cc_dev) + , alg + , flags + , maxoplen + ); + cap->cc_sessions = 0; /* Unmark */ + err = 0; + } else + err = EINVAL; + + CRYPTO_DRIVER_UNLOCK(); + return err; +} + +static void +driver_finis(struct cryptocap *cap) +{ + u_int32_t ses, kops; + + CRYPTO_DRIVER_ASSERT(); + + ses = cap->cc_sessions; + kops = cap->cc_koperations; + bzero(cap, sizeof(*cap)); + if (ses != 0 || kops != 0) { + /* + * If there are pending sessions, + * just mark as invalid. + */ + cap->cc_flags |= CRYPTOCAP_F_CLEANUP; + cap->cc_sessions = ses; + cap->cc_koperations = kops; + } +} + +/* + * Unregister a crypto driver. If there are pending sessions using it, + * leave enough information around so that subsequent calls using those + * sessions will correctly detect the driver has been unregistered and + * reroute requests. + */ +int +crypto_unregister(u_int32_t driverid, int alg) +{ + struct cryptocap *cap; + int i, err; + unsigned long d_flags; + + dprintk("%s()\n", __FUNCTION__); + CRYPTO_DRIVER_LOCK(); + + cap = crypto_checkdriver(driverid); + if (cap != NULL && + (CRYPTO_ALGORITHM_MIN <= alg && alg <= CRYPTO_ALGORITHM_MAX) && + cap->cc_alg[alg] != 0) { + cap->cc_alg[alg] = 0; + cap->cc_max_op_len[alg] = 0; + + /* Was this the last algorithm ? */ + for (i = 1; i <= CRYPTO_ALGORITHM_MAX; i++) + if (cap->cc_alg[i] != 0) + break; + + if (i == CRYPTO_ALGORITHM_MAX + 1) + driver_finis(cap); + err = 0; + } else + err = EINVAL; + CRYPTO_DRIVER_UNLOCK(); + return err; +} + +/* + * Unregister all algorithms associated with a crypto driver. + * If there are pending sessions using it, leave enough information + * around so that subsequent calls using those sessions will + * correctly detect the driver has been unregistered and reroute + * requests. + */ +int +crypto_unregister_all(u_int32_t driverid) +{ + struct cryptocap *cap; + int err; + unsigned long d_flags; + + dprintk("%s()\n", __FUNCTION__); + CRYPTO_DRIVER_LOCK(); + cap = crypto_checkdriver(driverid); + if (cap != NULL) { + driver_finis(cap); + err = 0; + } else + err = EINVAL; + CRYPTO_DRIVER_UNLOCK(); + + return err; +} + +/* + * Clear blockage on a driver. The what parameter indicates whether + * the driver is now ready for cryptop's and/or cryptokop's. + */ +int +crypto_unblock(u_int32_t driverid, int what) +{ + struct cryptocap *cap; + int err; + unsigned long q_flags; + + CRYPTO_Q_LOCK(); + cap = crypto_checkdriver(driverid); + if (cap != NULL) { + if (what & CRYPTO_SYMQ) { + cap->cc_qblocked = 0; + cap->cc_unqblocked = 0; + crypto_all_qblocked = 0; + } + if (what & CRYPTO_ASYMQ) { + cap->cc_kqblocked = 0; + cap->cc_unkqblocked = 0; + crypto_all_kqblocked = 0; + } + wake_up_interruptible(&cryptoproc_wait); + err = 0; + } else + err = EINVAL; + CRYPTO_Q_UNLOCK(); //DAVIDM should this be a driver lock + + return err; +} + +/* + * Add a crypto request to a queue, to be processed by the kernel thread. + */ +int +crypto_dispatch(struct cryptop *crp) +{ + struct cryptocap *cap; + int result = -1; + unsigned long q_flags; + + dprintk("%s()\n", __FUNCTION__); + + cryptostats.cs_ops++; + + CRYPTO_Q_LOCK(); + if (crypto_q_cnt >= crypto_q_max) { + cryptostats.cs_drops++; + CRYPTO_Q_UNLOCK(); + return ENOMEM; + } + crypto_q_cnt++; + + /* make sure we are starting a fresh run on this crp. */ + crp->crp_flags &= ~CRYPTO_F_DONE; + crp->crp_etype = 0; + + /* + * Caller marked the request to be processed immediately; dispatch + * it directly to the driver unless the driver is currently blocked. + */ + if ((crp->crp_flags & CRYPTO_F_BATCH) == 0) { + int hid = CRYPTO_SESID2HID(crp->crp_sid); + cap = crypto_checkdriver(hid); + /* Driver cannot disappear when there is an active session. */ + KASSERT(cap != NULL, ("%s: Driver disappeared.", __func__)); + if (!cap->cc_qblocked) { + crypto_all_qblocked = 0; + crypto_drivers[hid].cc_unqblocked = 1; + CRYPTO_Q_UNLOCK(); + result = crypto_invoke(cap, crp, 0); + CRYPTO_Q_LOCK(); + if (result == ERESTART) + if (crypto_drivers[hid].cc_unqblocked) + crypto_drivers[hid].cc_qblocked = 1; + crypto_drivers[hid].cc_unqblocked = 0; + } + } + if (result == ERESTART) { + /* + * The driver ran out of resources, mark the + * driver ``blocked'' for cryptop's and put + * the request back in the queue. It would + * best to put the request back where we got + * it but that's hard so for now we put it + * at the front. This should be ok; putting + * it at the end does not work. + */ + list_add(&crp->crp_next, &crp_q); + cryptostats.cs_blocks++; + result = 0; + } else if (result == -1) { + TAILQ_INSERT_TAIL(&crp_q, crp, crp_next); + result = 0; + } + wake_up_interruptible(&cryptoproc_wait); + CRYPTO_Q_UNLOCK(); + return result; +} + +/* + * Add an asymetric crypto request to a queue, + * to be processed by the kernel thread. + */ +int +crypto_kdispatch(struct cryptkop *krp) +{ + int error; + unsigned long q_flags; + + cryptostats.cs_kops++; + + error = crypto_kinvoke(krp, krp->krp_crid); + if (error == ERESTART) { + CRYPTO_Q_LOCK(); + TAILQ_INSERT_TAIL(&crp_kq, krp, krp_next); + wake_up_interruptible(&cryptoproc_wait); + CRYPTO_Q_UNLOCK(); + error = 0; + } + return error; +} + +/* + * Verify a driver is suitable for the specified operation. + */ +static __inline int +kdriver_suitable(const struct cryptocap *cap, const struct cryptkop *krp) +{ + return (cap->cc_kalg[krp->krp_op] & CRYPTO_ALG_FLAG_SUPPORTED) != 0; +} + +/* + * Select a driver for an asym operation. The driver must + * support the necessary algorithm. The caller can constrain + * which device is selected with the flags parameter. The + * algorithm we use here is pretty stupid; just use the first + * driver that supports the algorithms we need. If there are + * multiple suitable drivers we choose the driver with the + * fewest active operations. We prefer hardware-backed + * drivers to software ones when either may be used. + */ +static struct cryptocap * +crypto_select_kdriver(const struct cryptkop *krp, int flags) +{ + struct cryptocap *cap, *best, *blocked; + int match, hid; + + CRYPTO_DRIVER_ASSERT(); + + /* + * Look first for hardware crypto devices if permitted. + */ + if (flags & CRYPTOCAP_F_HARDWARE) + match = CRYPTOCAP_F_HARDWARE; + else + match = CRYPTOCAP_F_SOFTWARE; + best = NULL; + blocked = NULL; +again: + for (hid = 0; hid < crypto_drivers_num; hid++) { + cap = &crypto_drivers[hid]; + /* + * If it's not initialized, is in the process of + * going away, or is not appropriate (hardware + * or software based on match), then skip. + */ + if (cap->cc_dev == NULL || + (cap->cc_flags & CRYPTOCAP_F_CLEANUP) || + (cap->cc_flags & match) == 0) + continue; + + /* verify all the algorithms are supported. */ + if (kdriver_suitable(cap, krp)) { + if (best == NULL || + cap->cc_koperations < best->cc_koperations) + best = cap; + } + } + if (best != NULL) + return best; + if (match == CRYPTOCAP_F_HARDWARE && (flags & CRYPTOCAP_F_SOFTWARE)) { + /* sort of an Algol 68-style for loop */ + match = CRYPTOCAP_F_SOFTWARE; + goto again; + } + return best; +} + +/* + * Dispatch an assymetric crypto request. + */ +static int +crypto_kinvoke(struct cryptkop *krp, int crid) +{ + struct cryptocap *cap = NULL; + int error; + unsigned long d_flags; + + KASSERT(krp != NULL, ("%s: krp == NULL", __func__)); + KASSERT(krp->krp_callback != NULL, + ("%s: krp->crp_callback == NULL", __func__)); + + CRYPTO_DRIVER_LOCK(); + if ((crid & (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE)) == 0) { + cap = crypto_checkdriver(crid); + if (cap != NULL) { + /* + * Driver present, it must support the necessary + * algorithm and, if s/w drivers are excluded, + * it must be registered as hardware-backed. + */ + if (!kdriver_suitable(cap, krp) || + (!crypto_devallowsoft && + (cap->cc_flags & CRYPTOCAP_F_HARDWARE) == 0)) + cap = NULL; + } + } else { + /* + * No requested driver; select based on crid flags. + */ + if (!crypto_devallowsoft) /* NB: disallow s/w drivers */ + crid &= ~CRYPTOCAP_F_SOFTWARE; + cap = crypto_select_kdriver(krp, crid); + } + if (cap != NULL && !cap->cc_kqblocked) { + krp->krp_hid = cap - crypto_drivers; + cap->cc_koperations++; + CRYPTO_DRIVER_UNLOCK(); + error = CRYPTODEV_KPROCESS(cap->cc_dev, krp, 0); + CRYPTO_DRIVER_LOCK(); + if (error == ERESTART) { + cap->cc_koperations--; + CRYPTO_DRIVER_UNLOCK(); + return (error); + } + /* return the actual device used */ + krp->krp_crid = krp->krp_hid; + } else { + /* + * NB: cap is !NULL if device is blocked; in + * that case return ERESTART so the operation + * is resubmitted if possible. + */ + error = (cap == NULL) ? ENODEV : ERESTART; + } + CRYPTO_DRIVER_UNLOCK(); + + if (error) { + krp->krp_status = error; + crypto_kdone(krp); + } + return 0; +} + + +/* + * Dispatch a crypto request to the appropriate crypto devices. + */ +static int +crypto_invoke(struct cryptocap *cap, struct cryptop *crp, int hint) +{ + KASSERT(crp != NULL, ("%s: crp == NULL", __func__)); + KASSERT(crp->crp_callback != NULL, + ("%s: crp->crp_callback == NULL", __func__)); + KASSERT(crp->crp_desc != NULL, ("%s: crp->crp_desc == NULL", __func__)); + + dprintk("%s()\n", __FUNCTION__); + +#ifdef CRYPTO_TIMING + if (crypto_timing) + crypto_tstat(&cryptostats.cs_invoke, &crp->crp_tstamp); +#endif + if (cap->cc_flags & CRYPTOCAP_F_CLEANUP) { + struct cryptodesc *crd; + u_int64_t nid; + + /* + * Driver has unregistered; migrate the session and return + * an error to the caller so they'll resubmit the op. + * + * XXX: What if there are more already queued requests for this + * session? + */ + crypto_freesession(crp->crp_sid); + + for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next) + crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI); + + /* XXX propagate flags from initial session? */ + if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI), + CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE) == 0) + crp->crp_sid = nid; + + crp->crp_etype = EAGAIN; + crypto_done(crp); + return 0; + } else { + /* + * Invoke the driver to process the request. + */ + return CRYPTODEV_PROCESS(cap->cc_dev, crp, hint); + } +} + +/* + * Release a set of crypto descriptors. + */ +void +crypto_freereq(struct cryptop *crp) +{ + struct cryptodesc *crd; + + if (crp == NULL) + return; + +#ifdef DIAGNOSTIC + { + struct cryptop *crp2; + unsigned long q_flags; + + CRYPTO_Q_LOCK(); + TAILQ_FOREACH(crp2, &crp_q, crp_next) { + KASSERT(crp2 != crp, + ("Freeing cryptop from the crypto queue (%p).", + crp)); + } + CRYPTO_Q_UNLOCK(); + CRYPTO_RETQ_LOCK(); + TAILQ_FOREACH(crp2, &crp_ret_q, crp_next) { + KASSERT(crp2 != crp, + ("Freeing cryptop from the return queue (%p).", + crp)); + } + CRYPTO_RETQ_UNLOCK(); + } +#endif + + while ((crd = crp->crp_desc) != NULL) { + crp->crp_desc = crd->crd_next; + kmem_cache_free(cryptodesc_zone, crd); + } + kmem_cache_free(cryptop_zone, crp); +} + +/* + * Acquire a set of crypto descriptors. + */ +struct cryptop * +crypto_getreq(int num) +{ + struct cryptodesc *crd; + struct cryptop *crp; + + crp = kmem_cache_alloc(cryptop_zone, SLAB_ATOMIC); + if (crp != NULL) { + memset(crp, 0, sizeof(*crp)); + INIT_LIST_HEAD(&crp->crp_next); + init_waitqueue_head(&crp->crp_waitq); + while (num--) { + crd = kmem_cache_alloc(cryptodesc_zone, SLAB_ATOMIC); + if (crd == NULL) { + crypto_freereq(crp); + return NULL; + } + memset(crd, 0, sizeof(*crd)); + crd->crd_next = crp->crp_desc; + crp->crp_desc = crd; + } + } + return crp; +} + +/* + * Invoke the callback on behalf of the driver. + */ +void +crypto_done(struct cryptop *crp) +{ + unsigned long q_flags; + + dprintk("%s()\n", __FUNCTION__); + if ((crp->crp_flags & CRYPTO_F_DONE) == 0) { + crp->crp_flags |= CRYPTO_F_DONE; + CRYPTO_Q_LOCK(); + crypto_q_cnt--; + CRYPTO_Q_UNLOCK(); + } else + printk("crypto: crypto_done op already done, flags 0x%x", + crp->crp_flags); + if (crp->crp_etype != 0) + cryptostats.cs_errs++; + /* + * CBIMM means unconditionally do the callback immediately; + * CBIFSYNC means do the callback immediately only if the + * operation was done synchronously. Both are used to avoid + * doing extraneous context switches; the latter is mostly + * used with the software crypto driver. + */ + if ((crp->crp_flags & CRYPTO_F_CBIMM) || + ((crp->crp_flags & CRYPTO_F_CBIFSYNC) && + (CRYPTO_SESID2CAPS(crp->crp_sid) & CRYPTOCAP_F_SYNC))) { + /* + * Do the callback directly. This is ok when the + * callback routine does very little (e.g. the + * /dev/crypto callback method just does a wakeup). + */ + crp->crp_callback(crp); + } else { + unsigned long r_flags; + /* + * Normal case; queue the callback for the thread. + */ + CRYPTO_RETQ_LOCK(); + wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */ + TAILQ_INSERT_TAIL(&crp_ret_q, crp, crp_next); + CRYPTO_RETQ_UNLOCK(); + } +} + +/* + * Invoke the callback on behalf of the driver. + */ +void +crypto_kdone(struct cryptkop *krp) +{ + struct cryptocap *cap; + unsigned long d_flags; + + if ((krp->krp_flags & CRYPTO_KF_DONE) != 0) + printk("crypto: crypto_kdone op already done, flags 0x%x", + krp->krp_flags); + krp->krp_flags |= CRYPTO_KF_DONE; + if (krp->krp_status != 0) + cryptostats.cs_kerrs++; + + CRYPTO_DRIVER_LOCK(); + /* XXX: What if driver is loaded in the meantime? */ + if (krp->krp_hid < crypto_drivers_num) { + cap = &crypto_drivers[krp->krp_hid]; + cap->cc_koperations--; + KASSERT(cap->cc_koperations >= 0, ("cc_koperations < 0")); + if (cap->cc_flags & CRYPTOCAP_F_CLEANUP) + crypto_remove(cap); + } + CRYPTO_DRIVER_UNLOCK(); + + /* + * CBIMM means unconditionally do the callback immediately; + * This is used to avoid doing extraneous context switches + */ + if ((krp->krp_flags & CRYPTO_KF_CBIMM)) { + /* + * Do the callback directly. This is ok when the + * callback routine does very little (e.g. the + * /dev/crypto callback method just does a wakeup). + */ + krp->krp_callback(krp); + } else { + unsigned long r_flags; + /* + * Normal case; queue the callback for the thread. + */ + CRYPTO_RETQ_LOCK(); + wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */ + TAILQ_INSERT_TAIL(&crp_ret_kq, krp, krp_next); + CRYPTO_RETQ_UNLOCK(); + } +} + +int +crypto_getfeat(int *featp) +{ + int hid, kalg, feat = 0; + unsigned long d_flags; + + CRYPTO_DRIVER_LOCK(); + for (hid = 0; hid < crypto_drivers_num; hid++) { + const struct cryptocap *cap = &crypto_drivers[hid]; + + if ((cap->cc_flags & CRYPTOCAP_F_SOFTWARE) && + !crypto_devallowsoft) { + continue; + } + for (kalg = 0; kalg < CRK_ALGORITHM_MAX; kalg++) + if (cap->cc_kalg[kalg] & CRYPTO_ALG_FLAG_SUPPORTED) + feat |= 1 << kalg; + } + CRYPTO_DRIVER_UNLOCK(); + *featp = feat; + return (0); +} + +/* + * Crypto thread, dispatches crypto requests. + */ +static int +crypto_proc(void *arg) +{ + struct cryptop *crp, *submit; + struct cryptkop *krp, *krpp; + struct cryptocap *cap; + u_int32_t hid; + int result, hint; + unsigned long q_flags; + int loopcount = 0; + + set_current_state(TASK_INTERRUPTIBLE); + + CRYPTO_Q_LOCK(); + for (;;) { + /* + * we need to make sure we don't get into a busy loop with nothing + * to do, the two crypto_all_*blocked vars help us find out when + * we are all full and can do nothing on any driver or Q. If so we + * wait for an unblock. + */ + crypto_all_qblocked = !list_empty(&crp_q); + + /* + * Find the first element in the queue that can be + * processed and look-ahead to see if multiple ops + * are ready for the same driver. + */ + submit = NULL; + hint = 0; + list_for_each_entry(crp, &crp_q, crp_next) { + hid = CRYPTO_SESID2HID(crp->crp_sid); + cap = crypto_checkdriver(hid); + /* + * Driver cannot disappear when there is an active + * session. + */ + KASSERT(cap != NULL, ("%s:%u Driver disappeared.", + __func__, __LINE__)); + if (cap == NULL || cap->cc_dev == NULL) { + /* Op needs to be migrated, process it. */ + if (submit == NULL) + submit = crp; + break; + } + if (!cap->cc_qblocked) { + if (submit != NULL) { + /* + * We stop on finding another op, + * regardless whether its for the same + * driver or not. We could keep + * searching the queue but it might be + * better to just use a per-driver + * queue instead. + */ + if (CRYPTO_SESID2HID(submit->crp_sid) == hid) + hint = CRYPTO_HINT_MORE; + break; + } else { + submit = crp; + if ((submit->crp_flags & CRYPTO_F_BATCH) == 0) + break; + /* keep scanning for more are q'd */ + } + } + } + if (submit != NULL) { + hid = CRYPTO_SESID2HID(submit->crp_sid); + crypto_all_qblocked = 0; + list_del(&submit->crp_next); + crypto_drivers[hid].cc_unqblocked = 1; + cap = crypto_checkdriver(hid); + CRYPTO_Q_UNLOCK(); + KASSERT(cap != NULL, ("%s:%u Driver disappeared.", + __func__, __LINE__)); + result = crypto_invoke(cap, submit, hint); + CRYPTO_Q_LOCK(); + if (result == ERESTART) { + /* + * The driver ran out of resources, mark the + * driver ``blocked'' for cryptop's and put + * the request back in the queue. It would + * best to put the request back where we got + * it but that's hard so for now we put it + * at the front. This should be ok; putting + * it at the end does not work. + */ + /* XXX validate sid again? */ + list_add(&submit->crp_next, &crp_q); + cryptostats.cs_blocks++; + if (crypto_drivers[hid].cc_unqblocked) + crypto_drivers[hid].cc_qblocked=0; + crypto_drivers[hid].cc_unqblocked=0; + } + crypto_drivers[hid].cc_unqblocked = 0; + } + + crypto_all_kqblocked = !list_empty(&crp_kq); + + /* As above, but for key ops */ + krp = NULL; + list_for_each_entry(krpp, &crp_kq, krp_next) { + cap = crypto_checkdriver(krpp->krp_hid); + if (cap == NULL || cap->cc_dev == NULL) { + /* + * Operation needs to be migrated, invalidate + * the assigned device so it will reselect a + * new one below. Propagate the original + * crid selection flags if supplied. + */ + krp->krp_hid = krp->krp_crid & + (CRYPTOCAP_F_SOFTWARE|CRYPTOCAP_F_HARDWARE); + if (krp->krp_hid == 0) + krp->krp_hid = + CRYPTOCAP_F_SOFTWARE|CRYPTOCAP_F_HARDWARE; + break; + } + if (!cap->cc_kqblocked) { + krp = krpp; + break; + } + } + if (krp != NULL) { + crypto_all_kqblocked = 0; + list_del(&krp->krp_next); + crypto_drivers[krp->krp_hid].cc_kqblocked = 1; + CRYPTO_Q_UNLOCK(); + result = crypto_kinvoke(krp, krp->krp_hid); + CRYPTO_Q_LOCK(); + if (result == ERESTART) { + /* + * The driver ran out of resources, mark the + * driver ``blocked'' for cryptkop's and put + * the request back in the queue. It would + * best to put the request back where we got + * it but that's hard so for now we put it + * at the front. This should be ok; putting + * it at the end does not work. + */ + /* XXX validate sid again? */ + list_add(&krp->krp_next, &crp_kq); + cryptostats.cs_kblocks++; + } else + crypto_drivers[krp->krp_hid].cc_kqblocked = 0; + } + + if (submit == NULL && krp == NULL) { + /* + * Nothing more to be processed. Sleep until we're + * woken because there are more ops to process. + * This happens either by submission or by a driver + * becoming unblocked and notifying us through + * crypto_unblock. Note that when we wakeup we + * start processing each queue again from the + * front. It's not clear that it's important to + * preserve this ordering since ops may finish + * out of order if dispatched to different devices + * and some become blocked while others do not. + */ + dprintk("%s - sleeping (qe=%d qb=%d kqe=%d kqb=%d)\n", + __FUNCTION__, + list_empty(&crp_q), crypto_all_qblocked, + list_empty(&crp_kq), crypto_all_kqblocked); + loopcount = 0; + CRYPTO_Q_UNLOCK(); + wait_event_interruptible(cryptoproc_wait, + !(list_empty(&crp_q) || crypto_all_qblocked) || + !(list_empty(&crp_kq) || crypto_all_kqblocked) || + kthread_should_stop()); + if (signal_pending (current)) { +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) + spin_lock_irq(¤t->sigmask_lock); +#endif + flush_signals(current); +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) + spin_unlock_irq(¤t->sigmask_lock); +#endif + } + CRYPTO_Q_LOCK(); + dprintk("%s - awake\n", __FUNCTION__); + if (kthread_should_stop()) + break; + cryptostats.cs_intrs++; + } else if (loopcount > crypto_max_loopcount) { + /* + * Give other processes a chance to run if we've + * been using the CPU exclusively for a while. + */ + loopcount = 0; + CRYPTO_Q_UNLOCK(); + schedule(); + CRYPTO_Q_LOCK(); + } + loopcount++; + } + CRYPTO_Q_UNLOCK(); + return 0; +} + +/* + * Crypto returns thread, does callbacks for processed crypto requests. + * Callbacks are done here, rather than in the crypto drivers, because + * callbacks typically are expensive and would slow interrupt handling. + */ +static int +crypto_ret_proc(void *arg) +{ + struct cryptop *crpt; + struct cryptkop *krpt; + unsigned long r_flags; + + set_current_state(TASK_INTERRUPTIBLE); + + CRYPTO_RETQ_LOCK(); + for (;;) { + /* Harvest return q's for completed ops */ + crpt = NULL; + if (!list_empty(&crp_ret_q)) + crpt = list_entry(crp_ret_q.next, typeof(*crpt), crp_next); + if (crpt != NULL) + list_del(&crpt->crp_next); + + krpt = NULL; + if (!list_empty(&crp_ret_kq)) + krpt = list_entry(crp_ret_kq.next, typeof(*krpt), krp_next); + if (krpt != NULL) + list_del(&krpt->krp_next); + + if (crpt != NULL || krpt != NULL) { + CRYPTO_RETQ_UNLOCK(); + /* + * Run callbacks unlocked. + */ + if (crpt != NULL) + crpt->crp_callback(crpt); + if (krpt != NULL) + krpt->krp_callback(krpt); + CRYPTO_RETQ_LOCK(); + } else { + /* + * Nothing more to be processed. Sleep until we're + * woken because there are more returns to process. + */ + dprintk("%s - sleeping\n", __FUNCTION__); + CRYPTO_RETQ_UNLOCK(); + wait_event_interruptible(cryptoretproc_wait, + !list_empty(&crp_ret_q) || + !list_empty(&crp_ret_kq) || + kthread_should_stop()); + if (signal_pending (current)) { +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) + spin_lock_irq(¤t->sigmask_lock); +#endif + flush_signals(current); +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) + spin_unlock_irq(¤t->sigmask_lock); +#endif + } + CRYPTO_RETQ_LOCK(); + dprintk("%s - awake\n", __FUNCTION__); + if (kthread_should_stop()) { + dprintk("%s - EXITING!\n", __FUNCTION__); + break; + } + cryptostats.cs_rets++; + } + } + CRYPTO_RETQ_UNLOCK(); + return 0; +} + + +#if 0 /* should put this into /proc or something */ +static void +db_show_drivers(void) +{ + int hid; + + db_printf("%12s %4s %4s %8s %2s %2s\n" + , "Device" + , "Ses" + , "Kops" + , "Flags" + , "QB" + , "KB" + ); + for (hid = 0; hid < crypto_drivers_num; hid++) { + const struct cryptocap *cap = &crypto_drivers[hid]; + if (cap->cc_dev == NULL) + continue; + db_printf("%-12s %4u %4u %08x %2u %2u\n" + , device_get_nameunit(cap->cc_dev) + , cap->cc_sessions + , cap->cc_koperations + , cap->cc_flags + , cap->cc_qblocked + , cap->cc_kqblocked + ); + } +} + +DB_SHOW_COMMAND(crypto, db_show_crypto) +{ + struct cryptop *crp; + + db_show_drivers(); + db_printf("\n"); + + db_printf("%4s %8s %4s %4s %4s %4s %8s %8s\n", + "HID", "Caps", "Ilen", "Olen", "Etype", "Flags", + "Desc", "Callback"); + TAILQ_FOREACH(crp, &crp_q, crp_next) { + db_printf("%4u %08x %4u %4u %4u %04x %8p %8p\n" + , (int) CRYPTO_SESID2HID(crp->crp_sid) + , (int) CRYPTO_SESID2CAPS(crp->crp_sid) + , crp->crp_ilen, crp->crp_olen + , crp->crp_etype + , crp->crp_flags + , crp->crp_desc + , crp->crp_callback + ); + } + if (!TAILQ_EMPTY(&crp_ret_q)) { + db_printf("\n%4s %4s %4s %8s\n", + "HID", "Etype", "Flags", "Callback"); + TAILQ_FOREACH(crp, &crp_ret_q, crp_next) { + db_printf("%4u %4u %04x %8p\n" + , (int) CRYPTO_SESID2HID(crp->crp_sid) + , crp->crp_etype + , crp->crp_flags + , crp->crp_callback + ); + } + } +} + +DB_SHOW_COMMAND(kcrypto, db_show_kcrypto) +{ + struct cryptkop *krp; + + db_show_drivers(); + db_printf("\n"); + + db_printf("%4s %5s %4s %4s %8s %4s %8s\n", + "Op", "Status", "#IP", "#OP", "CRID", "HID", "Callback"); + TAILQ_FOREACH(krp, &crp_kq, krp_next) { + db_printf("%4u %5u %4u %4u %08x %4u %8p\n" + , krp->krp_op + , krp->krp_status + , krp->krp_iparams, krp->krp_oparams + , krp->krp_crid, krp->krp_hid + , krp->krp_callback + ); + } + if (!TAILQ_EMPTY(&crp_ret_q)) { + db_printf("%4s %5s %8s %4s %8s\n", + "Op", "Status", "CRID", "HID", "Callback"); + TAILQ_FOREACH(krp, &crp_ret_kq, krp_next) { + db_printf("%4u %5u %08x %4u %8p\n" + , krp->krp_op + , krp->krp_status + , krp->krp_crid, krp->krp_hid + , krp->krp_callback + ); + } + } +} +#endif + + +static int +crypto_init(void) +{ + int error; + unsigned long cpu; + + dprintk("%s(%p)\n", __FUNCTION__, (void *) crypto_init); + + if (crypto_initted) + return 0; + crypto_initted = 1; + + spin_lock_init(&crypto_drivers_lock); + spin_lock_init(&crypto_q_lock); + spin_lock_init(&crypto_ret_q_lock); + + cryptop_zone = kmem_cache_create("cryptop", sizeof(struct cryptop), + 0, SLAB_HWCACHE_ALIGN, NULL +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) + , NULL +#endif + ); + + cryptodesc_zone = kmem_cache_create("cryptodesc", sizeof(struct cryptodesc), + 0, SLAB_HWCACHE_ALIGN, NULL +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) + , NULL +#endif + ); + + if (cryptodesc_zone == NULL || cryptop_zone == NULL) { + printk("crypto: crypto_init cannot setup crypto zones\n"); + error = ENOMEM; + goto bad; + } + + crypto_drivers_num = CRYPTO_DRIVERS_INITIAL; + crypto_drivers = kmalloc(crypto_drivers_num * sizeof(struct cryptocap), + GFP_KERNEL); + if (crypto_drivers == NULL) { + printk("crypto: crypto_init cannot setup crypto drivers\n"); + error = ENOMEM; + goto bad; + } + + memset(crypto_drivers, 0, crypto_drivers_num * sizeof(struct cryptocap)); + + ocf_for_each_cpu(cpu) { + cryptoproc[cpu] = kthread_create(crypto_proc, (void *) cpu, + "ocf_%d", (int) cpu); + if (IS_ERR(cryptoproc[cpu])) { + error = PTR_ERR(cryptoproc[cpu]); + printk("crypto: crypto_init cannot start crypto thread; error %d", + error); + goto bad; + } + kthread_bind(cryptoproc[cpu], cpu); + wake_up_process(cryptoproc[cpu]); + + cryptoretproc[cpu] = kthread_create(crypto_ret_proc, (void *) cpu, + "ocf_ret_%d", (int) cpu); + if (IS_ERR(cryptoretproc[cpu])) { + error = PTR_ERR(cryptoretproc[cpu]); + printk("crypto: crypto_init cannot start cryptoret thread; error %d", + error); + goto bad; + } + kthread_bind(cryptoretproc[cpu], cpu); + wake_up_process(cryptoretproc[cpu]); + } + + return 0; +bad: + crypto_exit(); + return error; +} + + +static void +crypto_exit(void) +{ + int cpu; + + dprintk("%s()\n", __FUNCTION__); + + /* + * Terminate any crypto threads. + */ + ocf_for_each_cpu(cpu) { + kthread_stop(cryptoproc[cpu]); + kthread_stop(cryptoretproc[cpu]); + } + + /* + * Reclaim dynamically allocated resources. + */ + if (crypto_drivers != NULL) + kfree(crypto_drivers); + + if (cryptodesc_zone != NULL) + kmem_cache_destroy(cryptodesc_zone); + if (cryptop_zone != NULL) + kmem_cache_destroy(cryptop_zone); +} + + +EXPORT_SYMBOL(crypto_newsession); +EXPORT_SYMBOL(crypto_freesession); +EXPORT_SYMBOL(crypto_get_driverid); +EXPORT_SYMBOL(crypto_kregister); +EXPORT_SYMBOL(crypto_register); +EXPORT_SYMBOL(crypto_unregister); +EXPORT_SYMBOL(crypto_unregister_all); +EXPORT_SYMBOL(crypto_unblock); +EXPORT_SYMBOL(crypto_dispatch); +EXPORT_SYMBOL(crypto_kdispatch); +EXPORT_SYMBOL(crypto_freereq); +EXPORT_SYMBOL(crypto_getreq); +EXPORT_SYMBOL(crypto_done); +EXPORT_SYMBOL(crypto_kdone); +EXPORT_SYMBOL(crypto_getfeat); +EXPORT_SYMBOL(crypto_userasymcrypto); +EXPORT_SYMBOL(crypto_getcaps); +EXPORT_SYMBOL(crypto_find_driver); +EXPORT_SYMBOL(crypto_find_device_byhid); + +module_init(crypto_init); +module_exit(crypto_exit); + +MODULE_LICENSE("BSD"); +MODULE_AUTHOR("David McCullough "); +MODULE_DESCRIPTION("OCF (OpenBSD Cryptographic Framework)"); diff -Naur linux-3.0.68.i686-orig/crypto/ocf/cryptocteon/cavium_crypto.c linux-3.0.68.i686/crypto/ocf/cryptocteon/cavium_crypto.c --- linux-3.0.68.i686-orig/crypto/ocf/cryptocteon/cavium_crypto.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/cryptocteon/cavium_crypto.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,2283 @@ +/* + * Copyright (c) 2009 David McCullough + * + * Copyright (c) 2003-2007 Cavium Networks (support@cavium.com). All rights + * reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Cavium Networks + * 4. Cavium Networks' name may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * This Software, including technical data, may be subject to U.S. export + * control laws, including the U.S. Export Administration Act and its + * associated regulations, and may be subject to export or import regulations + * in other countries. You warrant that You will comply strictly in all + * respects with all such regulations and acknowledge that you have the + * responsibility to obtain licenses to export, re-export or import the + * Software. + * + * TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SOFTWARE IS PROVIDED "AS IS" AND + * WITH ALL FAULTS AND CAVIUM MAKES NO PROMISES, REPRESENTATIONS OR WARRANTIES, + * EITHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, WITH RESPECT TO THE + * SOFTWARE, INCLUDING ITS CONDITION, ITS CONFORMITY TO ANY REPRESENTATION OR + * DESCRIPTION, OR THE EXISTENCE OF ANY LATENT OR PATENT DEFECTS, AND CAVIUM + * SPECIFICALLY DISCLAIMS ALL IMPLIED (IF ANY) WARRANTIES OF TITLE, + * MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR A PARTICULAR PURPOSE, LACK OF + * VIRUSES, ACCURACY OR COMPLETENESS, QUIET ENJOYMENT, QUIET POSSESSION OR + * CORRESPONDENCE TO DESCRIPTION. THE ENTIRE RISK ARISING OUT OF USE OR + * PERFORMANCE OF THE SOFTWARE LIES WITH YOU. +*/ +/****************************************************************************/ + +#include +#include +#include "octeon-asm.h" + +/****************************************************************************/ + +extern unsigned long octeon_crypto_enable(struct octeon_cop2_state *); +extern void octeon_crypto_disable(struct octeon_cop2_state *, unsigned long); + +#define SG_INIT(s, p, i, l) \ + { \ + (i) = 0; \ + (l) = (s)[0].length; \ + (p) = (typeof(p)) sg_virt((s)); \ + CVMX_PREFETCH0((p)); \ + } + +#define SG_CONSUME(s, p, i, l) \ + { \ + (p)++; \ + (l) -= sizeof(*(p)); \ + if ((l) < 0) { \ + dprintk("%s, %d: l = %d\n", __FILE__, __LINE__, l); \ + } else if ((l) == 0) { \ + (i)++; \ + (l) = (s)[0].length; \ + (p) = (typeof(p)) sg_virt(s); \ + CVMX_PREFETCH0((p)); \ + } \ + } + +#define ESP_HEADER_LENGTH 8 +#define DES_CBC_IV_LENGTH 8 +#define AES_CBC_IV_LENGTH 16 +#define ESP_HMAC_LEN 12 + +#define ESP_HEADER_LENGTH 8 +#define DES_CBC_IV_LENGTH 8 + +/****************************************************************************/ + +#define CVM_LOAD_SHA_UNIT(dat, next) { \ + if (next == 0) { \ + next = 1; \ + CVMX_MT_HSH_DAT (dat, 0); \ + } else if (next == 1) { \ + next = 2; \ + CVMX_MT_HSH_DAT (dat, 1); \ + } else if (next == 2) { \ + next = 3; \ + CVMX_MT_HSH_DAT (dat, 2); \ + } else if (next == 3) { \ + next = 4; \ + CVMX_MT_HSH_DAT (dat, 3); \ + } else if (next == 4) { \ + next = 5; \ + CVMX_MT_HSH_DAT (dat, 4); \ + } else if (next == 5) { \ + next = 6; \ + CVMX_MT_HSH_DAT (dat, 5); \ + } else if (next == 6) { \ + next = 7; \ + CVMX_MT_HSH_DAT (dat, 6); \ + } else { \ + CVMX_MT_HSH_STARTSHA (dat); \ + next = 0; \ + } \ +} + +#define CVM_LOAD2_SHA_UNIT(dat1, dat2, next) { \ + if (next == 0) { \ + CVMX_MT_HSH_DAT (dat1, 0); \ + CVMX_MT_HSH_DAT (dat2, 1); \ + next = 2; \ + } else if (next == 1) { \ + CVMX_MT_HSH_DAT (dat1, 1); \ + CVMX_MT_HSH_DAT (dat2, 2); \ + next = 3; \ + } else if (next == 2) { \ + CVMX_MT_HSH_DAT (dat1, 2); \ + CVMX_MT_HSH_DAT (dat2, 3); \ + next = 4; \ + } else if (next == 3) { \ + CVMX_MT_HSH_DAT (dat1, 3); \ + CVMX_MT_HSH_DAT (dat2, 4); \ + next = 5; \ + } else if (next == 4) { \ + CVMX_MT_HSH_DAT (dat1, 4); \ + CVMX_MT_HSH_DAT (dat2, 5); \ + next = 6; \ + } else if (next == 5) { \ + CVMX_MT_HSH_DAT (dat1, 5); \ + CVMX_MT_HSH_DAT (dat2, 6); \ + next = 7; \ + } else if (next == 6) { \ + CVMX_MT_HSH_DAT (dat1, 6); \ + CVMX_MT_HSH_STARTSHA (dat2); \ + next = 0; \ + } else { \ + CVMX_MT_HSH_STARTSHA (dat1); \ + CVMX_MT_HSH_DAT (dat2, 0); \ + next = 1; \ + } \ +} + +/****************************************************************************/ + +#define CVM_LOAD_MD5_UNIT(dat, next) { \ + if (next == 0) { \ + next = 1; \ + CVMX_MT_HSH_DAT (dat, 0); \ + } else if (next == 1) { \ + next = 2; \ + CVMX_MT_HSH_DAT (dat, 1); \ + } else if (next == 2) { \ + next = 3; \ + CVMX_MT_HSH_DAT (dat, 2); \ + } else if (next == 3) { \ + next = 4; \ + CVMX_MT_HSH_DAT (dat, 3); \ + } else if (next == 4) { \ + next = 5; \ + CVMX_MT_HSH_DAT (dat, 4); \ + } else if (next == 5) { \ + next = 6; \ + CVMX_MT_HSH_DAT (dat, 5); \ + } else if (next == 6) { \ + next = 7; \ + CVMX_MT_HSH_DAT (dat, 6); \ + } else { \ + CVMX_MT_HSH_STARTMD5 (dat); \ + next = 0; \ + } \ +} + +#define CVM_LOAD2_MD5_UNIT(dat1, dat2, next) { \ + if (next == 0) { \ + CVMX_MT_HSH_DAT (dat1, 0); \ + CVMX_MT_HSH_DAT (dat2, 1); \ + next = 2; \ + } else if (next == 1) { \ + CVMX_MT_HSH_DAT (dat1, 1); \ + CVMX_MT_HSH_DAT (dat2, 2); \ + next = 3; \ + } else if (next == 2) { \ + CVMX_MT_HSH_DAT (dat1, 2); \ + CVMX_MT_HSH_DAT (dat2, 3); \ + next = 4; \ + } else if (next == 3) { \ + CVMX_MT_HSH_DAT (dat1, 3); \ + CVMX_MT_HSH_DAT (dat2, 4); \ + next = 5; \ + } else if (next == 4) { \ + CVMX_MT_HSH_DAT (dat1, 4); \ + CVMX_MT_HSH_DAT (dat2, 5); \ + next = 6; \ + } else if (next == 5) { \ + CVMX_MT_HSH_DAT (dat1, 5); \ + CVMX_MT_HSH_DAT (dat2, 6); \ + next = 7; \ + } else if (next == 6) { \ + CVMX_MT_HSH_DAT (dat1, 6); \ + CVMX_MT_HSH_STARTMD5 (dat2); \ + next = 0; \ + } else { \ + CVMX_MT_HSH_STARTMD5 (dat1); \ + CVMX_MT_HSH_DAT (dat2, 0); \ + next = 1; \ + } \ +} + +/****************************************************************************/ + +static inline uint64_t +swap64(uint64_t a) +{ + return ((a >> 56) | + (((a >> 48) & 0xfful) << 8) | + (((a >> 40) & 0xfful) << 16) | + (((a >> 32) & 0xfful) << 24) | + (((a >> 24) & 0xfful) << 32) | + (((a >> 16) & 0xfful) << 40) | + (((a >> 8) & 0xfful) << 48) | (((a >> 0) & 0xfful) << 56)); +} + +/****************************************************************************/ + +void +octo_calc_hash(__u8 auth, unsigned char *key, uint64_t *inner, uint64_t *outer) +{ + uint8_t hash_key[64]; + uint64_t *key1; + register uint64_t xor1 = 0x3636363636363636ULL; + register uint64_t xor2 = 0x5c5c5c5c5c5c5c5cULL; + struct octeon_cop2_state state; + unsigned long flags; + + dprintk("%s()\n", __FUNCTION__); + + memset(hash_key, 0, sizeof(hash_key)); + memcpy(hash_key, (uint8_t *) key, (auth ? 20 : 16)); + key1 = (uint64_t *) hash_key; + flags = octeon_crypto_enable(&state); + if (auth) { + CVMX_MT_HSH_IV(0x67452301EFCDAB89ULL, 0); + CVMX_MT_HSH_IV(0x98BADCFE10325476ULL, 1); + CVMX_MT_HSH_IV(0xC3D2E1F000000000ULL, 2); + } else { + CVMX_MT_HSH_IV(0x0123456789ABCDEFULL, 0); + CVMX_MT_HSH_IV(0xFEDCBA9876543210ULL, 1); + } + + CVMX_MT_HSH_DAT((*key1 ^ xor1), 0); + key1++; + CVMX_MT_HSH_DAT((*key1 ^ xor1), 1); + key1++; + CVMX_MT_HSH_DAT((*key1 ^ xor1), 2); + key1++; + CVMX_MT_HSH_DAT((*key1 ^ xor1), 3); + key1++; + CVMX_MT_HSH_DAT((*key1 ^ xor1), 4); + key1++; + CVMX_MT_HSH_DAT((*key1 ^ xor1), 5); + key1++; + CVMX_MT_HSH_DAT((*key1 ^ xor1), 6); + key1++; + if (auth) + CVMX_MT_HSH_STARTSHA((*key1 ^ xor1)); + else + CVMX_MT_HSH_STARTMD5((*key1 ^ xor1)); + + CVMX_MF_HSH_IV(inner[0], 0); + CVMX_MF_HSH_IV(inner[1], 1); + if (auth) { + inner[2] = 0; + CVMX_MF_HSH_IV(((uint64_t *) inner)[2], 2); + } + + memset(hash_key, 0, sizeof(hash_key)); + memcpy(hash_key, (uint8_t *) key, (auth ? 20 : 16)); + key1 = (uint64_t *) hash_key; + if (auth) { + CVMX_MT_HSH_IV(0x67452301EFCDAB89ULL, 0); + CVMX_MT_HSH_IV(0x98BADCFE10325476ULL, 1); + CVMX_MT_HSH_IV(0xC3D2E1F000000000ULL, 2); + } else { + CVMX_MT_HSH_IV(0x0123456789ABCDEFULL, 0); + CVMX_MT_HSH_IV(0xFEDCBA9876543210ULL, 1); + } + + CVMX_MT_HSH_DAT((*key1 ^ xor2), 0); + key1++; + CVMX_MT_HSH_DAT((*key1 ^ xor2), 1); + key1++; + CVMX_MT_HSH_DAT((*key1 ^ xor2), 2); + key1++; + CVMX_MT_HSH_DAT((*key1 ^ xor2), 3); + key1++; + CVMX_MT_HSH_DAT((*key1 ^ xor2), 4); + key1++; + CVMX_MT_HSH_DAT((*key1 ^ xor2), 5); + key1++; + CVMX_MT_HSH_DAT((*key1 ^ xor2), 6); + key1++; + if (auth) + CVMX_MT_HSH_STARTSHA((*key1 ^ xor2)); + else + CVMX_MT_HSH_STARTMD5((*key1 ^ xor2)); + + CVMX_MF_HSH_IV(outer[0], 0); + CVMX_MF_HSH_IV(outer[1], 1); + if (auth) { + outer[2] = 0; + CVMX_MF_HSH_IV(outer[2], 2); + } + octeon_crypto_disable(&state, flags); + return; +} + +/****************************************************************************/ +/* DES functions */ + +int +octo_des_cbc_encrypt( + struct octo_sess *od, + struct scatterlist *sg, int sg_len, + int auth_off, int auth_len, + int crypt_off, int crypt_len, + int icv_off, uint8_t *ivp) +{ + uint64_t *data; + int data_i, data_l; + struct octeon_cop2_state state; + unsigned long flags; + + dprintk("%s()\n", __FUNCTION__); + + if (unlikely(od == NULL || sg==NULL || sg_len==0 || ivp==NULL || + (crypt_off & 0x7) || (crypt_off + crypt_len > sg_len))) { + dprintk("%s: Bad parameters od=%p sg=%p sg_len=%d " + "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " + "icv_off=%d ivp=%p\n", __FUNCTION__, od, sg, sg_len, + auth_off, auth_len, crypt_off, crypt_len, icv_off, ivp); + return -EINVAL; + } + + SG_INIT(sg, data, data_i, data_l); + + CVMX_PREFETCH0(ivp); + CVMX_PREFETCH0(od->octo_enckey); + + flags = octeon_crypto_enable(&state); + + /* load 3DES Key */ + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0); + if (od->octo_encklen == 24) { + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1); + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2); + } else if (od->octo_encklen == 8) { + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1); + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2); + } else { + octeon_crypto_disable(&state, flags); + dprintk("%s: Bad key length %d\n", __FUNCTION__, od->octo_encklen); + return -EINVAL; + } + + CVMX_MT_3DES_IV(* (uint64_t *) ivp); + + while (crypt_off > 0) { + SG_CONSUME(sg, data, data_i, data_l); + crypt_off -= 8; + } + + while (crypt_len > 0) { + CVMX_MT_3DES_ENC_CBC(*data); + CVMX_MF_3DES_RESULT(*data); + SG_CONSUME(sg, data, data_i, data_l); + crypt_len -= 8; + } + + octeon_crypto_disable(&state, flags); + return 0; +} + + +int +octo_des_cbc_decrypt( + struct octo_sess *od, + struct scatterlist *sg, int sg_len, + int auth_off, int auth_len, + int crypt_off, int crypt_len, + int icv_off, uint8_t *ivp) +{ + uint64_t *data; + int data_i, data_l; + struct octeon_cop2_state state; + unsigned long flags; + + dprintk("%s()\n", __FUNCTION__); + + if (unlikely(od == NULL || sg==NULL || sg_len==0 || ivp==NULL || + (crypt_off & 0x7) || (crypt_off + crypt_len > sg_len))) { + dprintk("%s: Bad parameters od=%p sg=%p sg_len=%d " + "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " + "icv_off=%d ivp=%p\n", __FUNCTION__, od, sg, sg_len, + auth_off, auth_len, crypt_off, crypt_len, icv_off, ivp); + return -EINVAL; + } + + SG_INIT(sg, data, data_i, data_l); + + CVMX_PREFETCH0(ivp); + CVMX_PREFETCH0(od->octo_enckey); + + flags = octeon_crypto_enable(&state); + + /* load 3DES Key */ + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0); + if (od->octo_encklen == 24) { + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1); + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2); + } else if (od->octo_encklen == 8) { + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1); + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2); + } else { + octeon_crypto_disable(&state, flags); + dprintk("%s: Bad key length %d\n", __FUNCTION__, od->octo_encklen); + return -EINVAL; + } + + CVMX_MT_3DES_IV(* (uint64_t *) ivp); + + while (crypt_off > 0) { + SG_CONSUME(sg, data, data_i, data_l); + crypt_off -= 8; + } + + while (crypt_len > 0) { + CVMX_MT_3DES_DEC_CBC(*data); + CVMX_MF_3DES_RESULT(*data); + SG_CONSUME(sg, data, data_i, data_l); + crypt_len -= 8; + } + + octeon_crypto_disable(&state, flags); + return 0; +} + +/****************************************************************************/ +/* AES functions */ + +int +octo_aes_cbc_encrypt( + struct octo_sess *od, + struct scatterlist *sg, int sg_len, + int auth_off, int auth_len, + int crypt_off, int crypt_len, + int icv_off, uint8_t *ivp) +{ + uint64_t *data, *pdata; + int data_i, data_l; + struct octeon_cop2_state state; + unsigned long flags; + + dprintk("%s()\n", __FUNCTION__); + + if (unlikely(od == NULL || sg==NULL || sg_len==0 || ivp==NULL || + (crypt_off & 0x7) || (crypt_off + crypt_len > sg_len))) { + dprintk("%s: Bad parameters od=%p sg=%p sg_len=%d " + "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " + "icv_off=%d ivp=%p\n", __FUNCTION__, od, sg, sg_len, + auth_off, auth_len, crypt_off, crypt_len, icv_off, ivp); + return -EINVAL; + } + + SG_INIT(sg, data, data_i, data_l); + + CVMX_PREFETCH0(ivp); + CVMX_PREFETCH0(od->octo_enckey); + + flags = octeon_crypto_enable(&state); + + /* load AES Key */ + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[0], 0); + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[1], 1); + + if (od->octo_encklen == 16) { + CVMX_MT_AES_KEY(0x0, 2); + CVMX_MT_AES_KEY(0x0, 3); + } else if (od->octo_encklen == 24) { + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2); + CVMX_MT_AES_KEY(0x0, 3); + } else if (od->octo_encklen == 32) { + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2); + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[3], 3); + } else { + octeon_crypto_disable(&state, flags); + dprintk("%s: Bad key length %d\n", __FUNCTION__, od->octo_encklen); + return -EINVAL; + } + CVMX_MT_AES_KEYLENGTH(od->octo_encklen / 8 - 1); + + CVMX_MT_AES_IV(((uint64_t *) ivp)[0], 0); + CVMX_MT_AES_IV(((uint64_t *) ivp)[1], 1); + + while (crypt_off > 0) { + SG_CONSUME(sg, data, data_i, data_l); + crypt_off -= 8; + } + + while (crypt_len > 0) { + pdata = data; + CVMX_MT_AES_ENC_CBC0(*data); + SG_CONSUME(sg, data, data_i, data_l); + CVMX_MT_AES_ENC_CBC1(*data); + CVMX_MF_AES_RESULT(*pdata, 0); + CVMX_MF_AES_RESULT(*data, 1); + SG_CONSUME(sg, data, data_i, data_l); + crypt_len -= 16; + } + + octeon_crypto_disable(&state, flags); + return 0; +} + + +int +octo_aes_cbc_decrypt( + struct octo_sess *od, + struct scatterlist *sg, int sg_len, + int auth_off, int auth_len, + int crypt_off, int crypt_len, + int icv_off, uint8_t *ivp) +{ + uint64_t *data, *pdata; + int data_i, data_l; + struct octeon_cop2_state state; + unsigned long flags; + + dprintk("%s()\n", __FUNCTION__); + + if (unlikely(od == NULL || sg==NULL || sg_len==0 || ivp==NULL || + (crypt_off & 0x7) || (crypt_off + crypt_len > sg_len))) { + dprintk("%s: Bad parameters od=%p sg=%p sg_len=%d " + "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " + "icv_off=%d ivp=%p\n", __FUNCTION__, od, sg, sg_len, + auth_off, auth_len, crypt_off, crypt_len, icv_off, ivp); + return -EINVAL; + } + + SG_INIT(sg, data, data_i, data_l); + + CVMX_PREFETCH0(ivp); + CVMX_PREFETCH0(od->octo_enckey); + + flags = octeon_crypto_enable(&state); + + /* load AES Key */ + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[0], 0); + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[1], 1); + + if (od->octo_encklen == 16) { + CVMX_MT_AES_KEY(0x0, 2); + CVMX_MT_AES_KEY(0x0, 3); + } else if (od->octo_encklen == 24) { + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2); + CVMX_MT_AES_KEY(0x0, 3); + } else if (od->octo_encklen == 32) { + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2); + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[3], 3); + } else { + octeon_crypto_disable(&state, flags); + dprintk("%s: Bad key length %d\n", __FUNCTION__, od->octo_encklen); + return -EINVAL; + } + CVMX_MT_AES_KEYLENGTH(od->octo_encklen / 8 - 1); + + CVMX_MT_AES_IV(((uint64_t *) ivp)[0], 0); + CVMX_MT_AES_IV(((uint64_t *) ivp)[1], 1); + + while (crypt_off > 0) { + SG_CONSUME(sg, data, data_i, data_l); + crypt_off -= 8; + } + + while (crypt_len > 0) { + pdata = data; + CVMX_MT_AES_DEC_CBC0(*data); + SG_CONSUME(sg, data, data_i, data_l); + CVMX_MT_AES_DEC_CBC1(*data); + CVMX_MF_AES_RESULT(*pdata, 0); + CVMX_MF_AES_RESULT(*data, 1); + SG_CONSUME(sg, data, data_i, data_l); + crypt_len -= 16; + } + + octeon_crypto_disable(&state, flags); + return 0; +} + +/****************************************************************************/ +/* MD5 */ + +int +octo_null_md5_encrypt( + struct octo_sess *od, + struct scatterlist *sg, int sg_len, + int auth_off, int auth_len, + int crypt_off, int crypt_len, + int icv_off, uint8_t *ivp) +{ + register int next = 0; + uint64_t *data; + uint64_t tmp1, tmp2; + int data_i, data_l, alen = auth_len; + struct octeon_cop2_state state; + unsigned long flags; + + dprintk("%s()\n", __FUNCTION__); + + if (unlikely(od == NULL || sg==NULL || sg_len==0 || + (auth_off & 0x7) || (auth_off + auth_len > sg_len))) { + dprintk("%s: Bad parameters od=%p sg=%p sg_len=%d " + "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " + "icv_off=%d ivp=%p\n", __FUNCTION__, od, sg, sg_len, + auth_off, auth_len, crypt_off, crypt_len, icv_off, ivp); + return -EINVAL; + } + + SG_INIT(sg, data, data_i, data_l); + + flags = octeon_crypto_enable(&state); + + /* Load MD5 IV */ + CVMX_MT_HSH_IV(od->octo_hminner[0], 0); + CVMX_MT_HSH_IV(od->octo_hminner[1], 1); + + while (auth_off > 0) { + SG_CONSUME(sg, data, data_i, data_l); + auth_off -= 8; + } + + while (auth_len > 0) { + CVM_LOAD_MD5_UNIT(*data, next); + auth_len -= 8; + SG_CONSUME(sg, data, data_i, data_l); + } + + /* finish the hash */ + CVMX_PREFETCH0(od->octo_hmouter); +#if 0 + if (unlikely(inplen)) { + uint64_t tmp = 0; + uint8_t *p = (uint8_t *) & tmp; + p[inplen] = 0x80; + do { + inplen--; + p[inplen] = ((uint8_t *) data)[inplen]; + } while (inplen); + CVM_LOAD_MD5_UNIT(tmp, next); + } else { + CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); + } +#else + CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); +#endif + + /* Finish Inner hash */ + while (next != 7) { + CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next); + } + CVMX_ES64(tmp1, ((alen + 64) << 3)); + CVM_LOAD_MD5_UNIT(tmp1, next); + + /* Get the inner hash of HMAC */ + CVMX_MF_HSH_IV(tmp1, 0); + CVMX_MF_HSH_IV(tmp2, 1); + + /* Initialize hash unit */ + CVMX_MT_HSH_IV(od->octo_hmouter[0], 0); + CVMX_MT_HSH_IV(od->octo_hmouter[1], 1); + + CVMX_MT_HSH_DAT(tmp1, 0); + CVMX_MT_HSH_DAT(tmp2, 1); + CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2); + CVMX_MT_HSH_DATZ(3); + CVMX_MT_HSH_DATZ(4); + CVMX_MT_HSH_DATZ(5); + CVMX_MT_HSH_DATZ(6); + CVMX_ES64(tmp1, ((64 + 16) << 3)); + CVMX_MT_HSH_STARTMD5(tmp1); + + /* save the HMAC */ + SG_INIT(sg, data, data_i, data_l); + while (icv_off > 0) { + SG_CONSUME(sg, data, data_i, data_l); + icv_off -= 8; + } + CVMX_MF_HSH_IV(*data, 0); + SG_CONSUME(sg, data, data_i, data_l); + CVMX_MF_HSH_IV(tmp1, 1); + *(uint32_t *)data = (uint32_t) (tmp1 >> 32); + + octeon_crypto_disable(&state, flags); + return 0; +} + +/****************************************************************************/ +/* SHA1 */ + +int +octo_null_sha1_encrypt( + struct octo_sess *od, + struct scatterlist *sg, int sg_len, + int auth_off, int auth_len, + int crypt_off, int crypt_len, + int icv_off, uint8_t *ivp) +{ + register int next = 0; + uint64_t *data; + uint64_t tmp1, tmp2, tmp3; + int data_i, data_l, alen = auth_len; + struct octeon_cop2_state state; + unsigned long flags; + + dprintk("%s()\n", __FUNCTION__); + + if (unlikely(od == NULL || sg==NULL || sg_len==0 || + (auth_off & 0x7) || (auth_off + auth_len > sg_len))) { + dprintk("%s: Bad parameters od=%p sg=%p sg_len=%d " + "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " + "icv_off=%d ivp=%p\n", __FUNCTION__, od, sg, sg_len, + auth_off, auth_len, crypt_off, crypt_len, icv_off, ivp); + return -EINVAL; + } + + SG_INIT(sg, data, data_i, data_l); + + flags = octeon_crypto_enable(&state); + + /* Load SHA1 IV */ + CVMX_MT_HSH_IV(od->octo_hminner[0], 0); + CVMX_MT_HSH_IV(od->octo_hminner[1], 1); + CVMX_MT_HSH_IV(od->octo_hminner[2], 2); + + while (auth_off > 0) { + SG_CONSUME(sg, data, data_i, data_l); + auth_off -= 8; + } + + while (auth_len > 0) { + CVM_LOAD_SHA_UNIT(*data, next); + auth_len -= 8; + SG_CONSUME(sg, data, data_i, data_l); + } + + /* finish the hash */ + CVMX_PREFETCH0(od->octo_hmouter); +#if 0 + if (unlikely(inplen)) { + uint64_t tmp = 0; + uint8_t *p = (uint8_t *) & tmp; + p[inplen] = 0x80; + do { + inplen--; + p[inplen] = ((uint8_t *) data)[inplen]; + } while (inplen); + CVM_LOAD_MD5_UNIT(tmp, next); + } else { + CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); + } +#else + CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next); +#endif + + /* Finish Inner hash */ + while (next != 7) { + CVM_LOAD_SHA_UNIT(((uint64_t) 0x0ULL), next); + } + CVM_LOAD_SHA_UNIT((uint64_t) ((alen + 64) << 3), next); + + /* Get the inner hash of HMAC */ + CVMX_MF_HSH_IV(tmp1, 0); + CVMX_MF_HSH_IV(tmp2, 1); + tmp3 = 0; + CVMX_MF_HSH_IV(tmp3, 2); + + /* Initialize hash unit */ + CVMX_MT_HSH_IV(od->octo_hmouter[0], 0); + CVMX_MT_HSH_IV(od->octo_hmouter[1], 1); + CVMX_MT_HSH_IV(od->octo_hmouter[2], 2); + + CVMX_MT_HSH_DAT(tmp1, 0); + CVMX_MT_HSH_DAT(tmp2, 1); + tmp3 |= 0x0000000080000000; + CVMX_MT_HSH_DAT(tmp3, 2); + CVMX_MT_HSH_DATZ(3); + CVMX_MT_HSH_DATZ(4); + CVMX_MT_HSH_DATZ(5); + CVMX_MT_HSH_DATZ(6); + CVMX_MT_HSH_STARTSHA((uint64_t) ((64 + 20) << 3)); + + /* save the HMAC */ + SG_INIT(sg, data, data_i, data_l); + while (icv_off > 0) { + SG_CONSUME(sg, data, data_i, data_l); + icv_off -= 8; + } + CVMX_MF_HSH_IV(*data, 0); + SG_CONSUME(sg, data, data_i, data_l); + CVMX_MF_HSH_IV(tmp1, 1); + *(uint32_t *)data = (uint32_t) (tmp1 >> 32); + + octeon_crypto_disable(&state, flags); + return 0; +} + +/****************************************************************************/ +/* DES MD5 */ + +int +octo_des_cbc_md5_encrypt( + struct octo_sess *od, + struct scatterlist *sg, int sg_len, + int auth_off, int auth_len, + int crypt_off, int crypt_len, + int icv_off, uint8_t *ivp) +{ + register int next = 0; + union { + uint32_t data32[2]; + uint64_t data64[1]; + } mydata; + uint64_t *data = &mydata.data64[0]; + uint32_t *data32; + uint64_t tmp1, tmp2; + int data_i, data_l, alen = auth_len; + struct octeon_cop2_state state; + unsigned long flags; + + dprintk("%s()\n", __FUNCTION__); + + if (unlikely(od == NULL || sg==NULL || sg_len==0 || ivp==NULL || + (crypt_off & 0x3) || (crypt_off + crypt_len > sg_len) || + (crypt_len & 0x7) || + (auth_len & 0x7) || + (auth_off & 0x3) || (auth_off + auth_len > sg_len))) { + dprintk("%s: Bad parameters od=%p sg=%p sg_len=%d " + "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " + "icv_off=%d ivp=%p\n", __FUNCTION__, od, sg, sg_len, + auth_off, auth_len, crypt_off, crypt_len, icv_off, ivp); + return -EINVAL; + } + + SG_INIT(sg, data32, data_i, data_l); + + CVMX_PREFETCH0(ivp); + CVMX_PREFETCH0(od->octo_enckey); + + flags = octeon_crypto_enable(&state); + + /* load 3DES Key */ + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0); + if (od->octo_encklen == 24) { + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1); + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2); + } else if (od->octo_encklen == 8) { + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1); + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2); + } else { + octeon_crypto_disable(&state, flags); + dprintk("%s: Bad key length %d\n", __FUNCTION__, od->octo_encklen); + return -EINVAL; + } + + CVMX_MT_3DES_IV(* (uint64_t *) ivp); + + /* Load MD5 IV */ + CVMX_MT_HSH_IV(od->octo_hminner[0], 0); + CVMX_MT_HSH_IV(od->octo_hminner[1], 1); + + while (crypt_off > 0 && auth_off > 0) { + SG_CONSUME(sg, data32, data_i, data_l); + crypt_off -= 4; + auth_off -= 4; + } + + while (crypt_len > 0 || auth_len > 0) { + uint32_t *first = data32; + mydata.data32[0] = *first; + SG_CONSUME(sg, data32, data_i, data_l); + mydata.data32[1] = *data32; + if (crypt_off <= 0) { + if (crypt_len > 0) { + CVMX_MT_3DES_ENC_CBC(*data); + CVMX_MF_3DES_RESULT(*data); + crypt_len -= 8; + } + } else + crypt_off -= 8; + if (auth_off <= 0) { + if (auth_len > 0) { + CVM_LOAD_MD5_UNIT(*data, next); + auth_len -= 8; + } + } else + auth_off -= 8; + *first = mydata.data32[0]; + *data32 = mydata.data32[1]; + SG_CONSUME(sg, data32, data_i, data_l); + } + + /* finish the hash */ + CVMX_PREFETCH0(od->octo_hmouter); +#if 0 + if (unlikely(inplen)) { + uint64_t tmp = 0; + uint8_t *p = (uint8_t *) & tmp; + p[inplen] = 0x80; + do { + inplen--; + p[inplen] = ((uint8_t *) data)[inplen]; + } while (inplen); + CVM_LOAD_MD5_UNIT(tmp, next); + } else { + CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); + } +#else + CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); +#endif + + /* Finish Inner hash */ + while (next != 7) { + CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next); + } + CVMX_ES64(tmp1, ((alen + 64) << 3)); + CVM_LOAD_MD5_UNIT(tmp1, next); + + /* Get the inner hash of HMAC */ + CVMX_MF_HSH_IV(tmp1, 0); + CVMX_MF_HSH_IV(tmp2, 1); + + /* Initialize hash unit */ + CVMX_MT_HSH_IV(od->octo_hmouter[0], 0); + CVMX_MT_HSH_IV(od->octo_hmouter[1], 1); + + CVMX_MT_HSH_DAT(tmp1, 0); + CVMX_MT_HSH_DAT(tmp2, 1); + CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2); + CVMX_MT_HSH_DATZ(3); + CVMX_MT_HSH_DATZ(4); + CVMX_MT_HSH_DATZ(5); + CVMX_MT_HSH_DATZ(6); + CVMX_ES64(tmp1, ((64 + 16) << 3)); + CVMX_MT_HSH_STARTMD5(tmp1); + + /* save the HMAC */ + SG_INIT(sg, data32, data_i, data_l); + while (icv_off > 0) { + SG_CONSUME(sg, data32, data_i, data_l); + icv_off -= 4; + } + CVMX_MF_HSH_IV(tmp1, 0); + *data32 = (uint32_t) (tmp1 >> 32); + SG_CONSUME(sg, data32, data_i, data_l); + *data32 = (uint32_t) tmp1; + SG_CONSUME(sg, data32, data_i, data_l); + CVMX_MF_HSH_IV(tmp1, 1); + *data32 = (uint32_t) (tmp1 >> 32); + + octeon_crypto_disable(&state, flags); + return 0; +} + +int +octo_des_cbc_md5_decrypt( + struct octo_sess *od, + struct scatterlist *sg, int sg_len, + int auth_off, int auth_len, + int crypt_off, int crypt_len, + int icv_off, uint8_t *ivp) +{ + register int next = 0; + union { + uint32_t data32[2]; + uint64_t data64[1]; + } mydata; + uint64_t *data = &mydata.data64[0]; + uint32_t *data32; + uint64_t tmp1, tmp2; + int data_i, data_l, alen = auth_len; + struct octeon_cop2_state state; + unsigned long flags; + + dprintk("%s()\n", __FUNCTION__); + + if (unlikely(od == NULL || sg==NULL || sg_len==0 || ivp==NULL || + (crypt_off & 0x3) || (crypt_off + crypt_len > sg_len) || + (crypt_len & 0x7) || + (auth_len & 0x7) || + (auth_off & 0x3) || (auth_off + auth_len > sg_len))) { + dprintk("%s: Bad parameters od=%p sg=%p sg_len=%d " + "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " + "icv_off=%d ivp=%p\n", __FUNCTION__, od, sg, sg_len, + auth_off, auth_len, crypt_off, crypt_len, icv_off, ivp); + return -EINVAL; + } + + SG_INIT(sg, data32, data_i, data_l); + + CVMX_PREFETCH0(ivp); + CVMX_PREFETCH0(od->octo_enckey); + + flags = octeon_crypto_enable(&state); + + /* load 3DES Key */ + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0); + if (od->octo_encklen == 24) { + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1); + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2); + } else if (od->octo_encklen == 8) { + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1); + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2); + } else { + octeon_crypto_disable(&state, flags); + dprintk("%s: Bad key length %d\n", __FUNCTION__, od->octo_encklen); + return -EINVAL; + } + + CVMX_MT_3DES_IV(* (uint64_t *) ivp); + + /* Load MD5 IV */ + CVMX_MT_HSH_IV(od->octo_hminner[0], 0); + CVMX_MT_HSH_IV(od->octo_hminner[1], 1); + + while (crypt_off > 0 && auth_off > 0) { + SG_CONSUME(sg, data32, data_i, data_l); + crypt_off -= 4; + auth_off -= 4; + } + + while (crypt_len > 0 || auth_len > 0) { + uint32_t *first = data32; + mydata.data32[0] = *first; + SG_CONSUME(sg, data32, data_i, data_l); + mydata.data32[1] = *data32; + if (auth_off <= 0) { + if (auth_len > 0) { + CVM_LOAD_MD5_UNIT(*data, next); + auth_len -= 8; + } + } else + auth_off -= 8; + if (crypt_off <= 0) { + if (crypt_len > 0) { + CVMX_MT_3DES_DEC_CBC(*data); + CVMX_MF_3DES_RESULT(*data); + crypt_len -= 8; + } + } else + crypt_off -= 8; + *first = mydata.data32[0]; + *data32 = mydata.data32[1]; + SG_CONSUME(sg, data32, data_i, data_l); + } + + /* finish the hash */ + CVMX_PREFETCH0(od->octo_hmouter); +#if 0 + if (unlikely(inplen)) { + uint64_t tmp = 0; + uint8_t *p = (uint8_t *) & tmp; + p[inplen] = 0x80; + do { + inplen--; + p[inplen] = ((uint8_t *) data)[inplen]; + } while (inplen); + CVM_LOAD_MD5_UNIT(tmp, next); + } else { + CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); + } +#else + CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); +#endif + + /* Finish Inner hash */ + while (next != 7) { + CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next); + } + CVMX_ES64(tmp1, ((alen + 64) << 3)); + CVM_LOAD_MD5_UNIT(tmp1, next); + + /* Get the inner hash of HMAC */ + CVMX_MF_HSH_IV(tmp1, 0); + CVMX_MF_HSH_IV(tmp2, 1); + + /* Initialize hash unit */ + CVMX_MT_HSH_IV(od->octo_hmouter[0], 0); + CVMX_MT_HSH_IV(od->octo_hmouter[1], 1); + + CVMX_MT_HSH_DAT(tmp1, 0); + CVMX_MT_HSH_DAT(tmp2, 1); + CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2); + CVMX_MT_HSH_DATZ(3); + CVMX_MT_HSH_DATZ(4); + CVMX_MT_HSH_DATZ(5); + CVMX_MT_HSH_DATZ(6); + CVMX_ES64(tmp1, ((64 + 16) << 3)); + CVMX_MT_HSH_STARTMD5(tmp1); + + /* save the HMAC */ + SG_INIT(sg, data32, data_i, data_l); + while (icv_off > 0) { + SG_CONSUME(sg, data32, data_i, data_l); + icv_off -= 4; + } + CVMX_MF_HSH_IV(tmp1, 0); + *data32 = (uint32_t) (tmp1 >> 32); + SG_CONSUME(sg, data32, data_i, data_l); + *data32 = (uint32_t) tmp1; + SG_CONSUME(sg, data32, data_i, data_l); + CVMX_MF_HSH_IV(tmp1, 1); + *data32 = (uint32_t) (tmp1 >> 32); + + octeon_crypto_disable(&state, flags); + return 0; +} + +/****************************************************************************/ +/* DES SHA */ + +int +octo_des_cbc_sha1_encrypt( + struct octo_sess *od, + struct scatterlist *sg, int sg_len, + int auth_off, int auth_len, + int crypt_off, int crypt_len, + int icv_off, uint8_t *ivp) +{ + register int next = 0; + union { + uint32_t data32[2]; + uint64_t data64[1]; + } mydata; + uint64_t *data = &mydata.data64[0]; + uint32_t *data32; + uint64_t tmp1, tmp2, tmp3; + int data_i, data_l, alen = auth_len; + struct octeon_cop2_state state; + unsigned long flags; + + dprintk("%s()\n", __FUNCTION__); + + if (unlikely(od == NULL || sg==NULL || sg_len==0 || ivp==NULL || + (crypt_off & 0x3) || (crypt_off + crypt_len > sg_len) || + (crypt_len & 0x7) || + (auth_len & 0x7) || + (auth_off & 0x3) || (auth_off + auth_len > sg_len))) { + dprintk("%s: Bad parameters od=%p sg=%p sg_len=%d " + "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " + "icv_off=%d ivp=%p\n", __FUNCTION__, od, sg, sg_len, + auth_off, auth_len, crypt_off, crypt_len, icv_off, ivp); + return -EINVAL; + } + + SG_INIT(sg, data32, data_i, data_l); + + CVMX_PREFETCH0(ivp); + CVMX_PREFETCH0(od->octo_enckey); + + flags = octeon_crypto_enable(&state); + + /* load 3DES Key */ + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0); + if (od->octo_encklen == 24) { + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1); + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2); + } else if (od->octo_encklen == 8) { + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1); + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2); + } else { + octeon_crypto_disable(&state, flags); + dprintk("%s: Bad key length %d\n", __FUNCTION__, od->octo_encklen); + return -EINVAL; + } + + CVMX_MT_3DES_IV(* (uint64_t *) ivp); + + /* Load SHA1 IV */ + CVMX_MT_HSH_IV(od->octo_hminner[0], 0); + CVMX_MT_HSH_IV(od->octo_hminner[1], 1); + CVMX_MT_HSH_IV(od->octo_hminner[2], 2); + + while (crypt_off > 0 && auth_off > 0) { + SG_CONSUME(sg, data32, data_i, data_l); + crypt_off -= 4; + auth_off -= 4; + } + + while (crypt_len > 0 || auth_len > 0) { + uint32_t *first = data32; + mydata.data32[0] = *first; + SG_CONSUME(sg, data32, data_i, data_l); + mydata.data32[1] = *data32; + if (crypt_off <= 0) { + if (crypt_len > 0) { + CVMX_MT_3DES_ENC_CBC(*data); + CVMX_MF_3DES_RESULT(*data); + crypt_len -= 8; + } + } else + crypt_off -= 8; + if (auth_off <= 0) { + if (auth_len > 0) { + CVM_LOAD_SHA_UNIT(*data, next); + auth_len -= 8; + } + } else + auth_off -= 8; + *first = mydata.data32[0]; + *data32 = mydata.data32[1]; + SG_CONSUME(sg, data32, data_i, data_l); + } + + /* finish the hash */ + CVMX_PREFETCH0(od->octo_hmouter); +#if 0 + if (unlikely(inplen)) { + uint64_t tmp = 0; + uint8_t *p = (uint8_t *) & tmp; + p[inplen] = 0x80; + do { + inplen--; + p[inplen] = ((uint8_t *) data)[inplen]; + } while (inplen); + CVM_LOAD_SHA_UNIT(tmp, next); + } else { + CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next); + } +#else + CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next); +#endif + + /* Finish Inner hash */ + while (next != 7) { + CVM_LOAD_SHA_UNIT(((uint64_t) 0x0ULL), next); + } + CVM_LOAD_SHA_UNIT((uint64_t) ((alen + 64) << 3), next); + + /* Get the inner hash of HMAC */ + CVMX_MF_HSH_IV(tmp1, 0); + CVMX_MF_HSH_IV(tmp2, 1); + tmp3 = 0; + CVMX_MF_HSH_IV(tmp3, 2); + + /* Initialize hash unit */ + CVMX_MT_HSH_IV(od->octo_hmouter[0], 0); + CVMX_MT_HSH_IV(od->octo_hmouter[1], 1); + CVMX_MT_HSH_IV(od->octo_hmouter[2], 2); + + CVMX_MT_HSH_DAT(tmp1, 0); + CVMX_MT_HSH_DAT(tmp2, 1); + tmp3 |= 0x0000000080000000; + CVMX_MT_HSH_DAT(tmp3, 2); + CVMX_MT_HSH_DATZ(3); + CVMX_MT_HSH_DATZ(4); + CVMX_MT_HSH_DATZ(5); + CVMX_MT_HSH_DATZ(6); + CVMX_MT_HSH_STARTSHA((uint64_t) ((64 + 20) << 3)); + + /* save the HMAC */ + SG_INIT(sg, data32, data_i, data_l); + while (icv_off > 0) { + SG_CONSUME(sg, data32, data_i, data_l); + icv_off -= 4; + } + CVMX_MF_HSH_IV(tmp1, 0); + *data32 = (uint32_t) (tmp1 >> 32); + SG_CONSUME(sg, data32, data_i, data_l); + *data32 = (uint32_t) tmp1; + SG_CONSUME(sg, data32, data_i, data_l); + CVMX_MF_HSH_IV(tmp1, 1); + *data32 = (uint32_t) (tmp1 >> 32); + + octeon_crypto_disable(&state, flags); + return 0; +} + +int +octo_des_cbc_sha1_decrypt( + struct octo_sess *od, + struct scatterlist *sg, int sg_len, + int auth_off, int auth_len, + int crypt_off, int crypt_len, + int icv_off, uint8_t *ivp) +{ + register int next = 0; + union { + uint32_t data32[2]; + uint64_t data64[1]; + } mydata; + uint64_t *data = &mydata.data64[0]; + uint32_t *data32; + uint64_t tmp1, tmp2, tmp3; + int data_i, data_l, alen = auth_len; + struct octeon_cop2_state state; + unsigned long flags; + + dprintk("%s()\n", __FUNCTION__); + + if (unlikely(od == NULL || sg==NULL || sg_len==0 || ivp==NULL || + (crypt_off & 0x3) || (crypt_off + crypt_len > sg_len) || + (crypt_len & 0x7) || + (auth_len & 0x7) || + (auth_off & 0x3) || (auth_off + auth_len > sg_len))) { + dprintk("%s: Bad parameters od=%p sg=%p sg_len=%d " + "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " + "icv_off=%d ivp=%p\n", __FUNCTION__, od, sg, sg_len, + auth_off, auth_len, crypt_off, crypt_len, icv_off, ivp); + return -EINVAL; + } + + SG_INIT(sg, data32, data_i, data_l); + + CVMX_PREFETCH0(ivp); + CVMX_PREFETCH0(od->octo_enckey); + + flags = octeon_crypto_enable(&state); + + /* load 3DES Key */ + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0); + if (od->octo_encklen == 24) { + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1); + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2); + } else if (od->octo_encklen == 8) { + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1); + CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2); + } else { + octeon_crypto_disable(&state, flags); + dprintk("%s: Bad key length %d\n", __FUNCTION__, od->octo_encklen); + return -EINVAL; + } + + CVMX_MT_3DES_IV(* (uint64_t *) ivp); + + /* Load SHA1 IV */ + CVMX_MT_HSH_IV(od->octo_hminner[0], 0); + CVMX_MT_HSH_IV(od->octo_hminner[1], 1); + CVMX_MT_HSH_IV(od->octo_hminner[2], 2); + + while (crypt_off > 0 && auth_off > 0) { + SG_CONSUME(sg, data32, data_i, data_l); + crypt_off -= 4; + auth_off -= 4; + } + + while (crypt_len > 0 || auth_len > 0) { + uint32_t *first = data32; + mydata.data32[0] = *first; + SG_CONSUME(sg, data32, data_i, data_l); + mydata.data32[1] = *data32; + if (auth_off <= 0) { + if (auth_len > 0) { + CVM_LOAD_SHA_UNIT(*data, next); + auth_len -= 8; + } + } else + auth_off -= 8; + if (crypt_off <= 0) { + if (crypt_len > 0) { + CVMX_MT_3DES_DEC_CBC(*data); + CVMX_MF_3DES_RESULT(*data); + crypt_len -= 8; + } + } else + crypt_off -= 8; + *first = mydata.data32[0]; + *data32 = mydata.data32[1]; + SG_CONSUME(sg, data32, data_i, data_l); + } + + /* finish the hash */ + CVMX_PREFETCH0(od->octo_hmouter); +#if 0 + if (unlikely(inplen)) { + uint64_t tmp = 0; + uint8_t *p = (uint8_t *) & tmp; + p[inplen] = 0x80; + do { + inplen--; + p[inplen] = ((uint8_t *) data)[inplen]; + } while (inplen); + CVM_LOAD_SHA_UNIT(tmp, next); + } else { + CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next); + } +#else + CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next); +#endif + + /* Finish Inner hash */ + while (next != 7) { + CVM_LOAD_SHA_UNIT(((uint64_t) 0x0ULL), next); + } + CVM_LOAD_SHA_UNIT((uint64_t) ((alen + 64) << 3), next); + + /* Get the inner hash of HMAC */ + CVMX_MF_HSH_IV(tmp1, 0); + CVMX_MF_HSH_IV(tmp2, 1); + tmp3 = 0; + CVMX_MF_HSH_IV(tmp3, 2); + + /* Initialize hash unit */ + CVMX_MT_HSH_IV(od->octo_hmouter[0], 0); + CVMX_MT_HSH_IV(od->octo_hmouter[1], 1); + CVMX_MT_HSH_IV(od->octo_hmouter[2], 2); + + CVMX_MT_HSH_DAT(tmp1, 0); + CVMX_MT_HSH_DAT(tmp2, 1); + tmp3 |= 0x0000000080000000; + CVMX_MT_HSH_DAT(tmp3, 2); + CVMX_MT_HSH_DATZ(3); + CVMX_MT_HSH_DATZ(4); + CVMX_MT_HSH_DATZ(5); + CVMX_MT_HSH_DATZ(6); + CVMX_MT_HSH_STARTSHA((uint64_t) ((64 + 20) << 3)); + /* save the HMAC */ + SG_INIT(sg, data32, data_i, data_l); + while (icv_off > 0) { + SG_CONSUME(sg, data32, data_i, data_l); + icv_off -= 4; + } + CVMX_MF_HSH_IV(tmp1, 0); + *data32 = (uint32_t) (tmp1 >> 32); + SG_CONSUME(sg, data32, data_i, data_l); + *data32 = (uint32_t) tmp1; + SG_CONSUME(sg, data32, data_i, data_l); + CVMX_MF_HSH_IV(tmp1, 1); + *data32 = (uint32_t) (tmp1 >> 32); + + octeon_crypto_disable(&state, flags); + return 0; +} + +/****************************************************************************/ +/* AES MD5 */ + +int +octo_aes_cbc_md5_encrypt( + struct octo_sess *od, + struct scatterlist *sg, int sg_len, + int auth_off, int auth_len, + int crypt_off, int crypt_len, + int icv_off, uint8_t *ivp) +{ + register int next = 0; + union { + uint32_t data32[2]; + uint64_t data64[1]; + } mydata[2]; + uint64_t *pdata = &mydata[0].data64[0]; + uint64_t *data = &mydata[1].data64[0]; + uint32_t *data32; + uint64_t tmp1, tmp2; + int data_i, data_l, alen = auth_len; + struct octeon_cop2_state state; + unsigned long flags; + + dprintk("%s()\n", __FUNCTION__); + + if (unlikely(od == NULL || sg==NULL || sg_len==0 || ivp==NULL || + (crypt_off & 0x3) || (crypt_off + crypt_len > sg_len) || + (crypt_len & 0x7) || + (auth_len & 0x7) || + (auth_off & 0x3) || (auth_off + auth_len > sg_len))) { + dprintk("%s: Bad parameters od=%p sg=%p sg_len=%d " + "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " + "icv_off=%d ivp=%p\n", __FUNCTION__, od, sg, sg_len, + auth_off, auth_len, crypt_off, crypt_len, icv_off, ivp); + return -EINVAL; + } + + SG_INIT(sg, data32, data_i, data_l); + + CVMX_PREFETCH0(ivp); + CVMX_PREFETCH0(od->octo_enckey); + + flags = octeon_crypto_enable(&state); + + /* load AES Key */ + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[0], 0); + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[1], 1); + + if (od->octo_encklen == 16) { + CVMX_MT_AES_KEY(0x0, 2); + CVMX_MT_AES_KEY(0x0, 3); + } else if (od->octo_encklen == 24) { + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2); + CVMX_MT_AES_KEY(0x0, 3); + } else if (od->octo_encklen == 32) { + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2); + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[3], 3); + } else { + octeon_crypto_disable(&state, flags); + dprintk("%s: Bad key length %d\n", __FUNCTION__, od->octo_encklen); + return -EINVAL; + } + CVMX_MT_AES_KEYLENGTH(od->octo_encklen / 8 - 1); + + CVMX_MT_AES_IV(((uint64_t *) ivp)[0], 0); + CVMX_MT_AES_IV(((uint64_t *) ivp)[1], 1); + + /* Load MD5 IV */ + CVMX_MT_HSH_IV(od->octo_hminner[0], 0); + CVMX_MT_HSH_IV(od->octo_hminner[1], 1); + + while (crypt_off > 0 && auth_off > 0) { + SG_CONSUME(sg, data32, data_i, data_l); + crypt_off -= 4; + auth_off -= 4; + } + + /* align auth and crypt */ + while (crypt_off > 0 && auth_len > 0) { + mydata[0].data32[0] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + mydata[0].data32[1] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + CVM_LOAD_MD5_UNIT(*pdata, next); + crypt_off -= 8; + auth_len -= 8; + } + + while (crypt_len > 0) { + uint32_t *pdata32[3]; + + pdata32[0] = data32; + mydata[0].data32[0] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + + pdata32[1] = data32; + mydata[0].data32[1] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + + pdata32[2] = data32; + mydata[1].data32[0] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + + mydata[1].data32[1] = *data32; + + CVMX_MT_AES_ENC_CBC0(*pdata); + CVMX_MT_AES_ENC_CBC1(*data); + CVMX_MF_AES_RESULT(*pdata, 0); + CVMX_MF_AES_RESULT(*data, 1); + crypt_len -= 16; + + if (auth_len > 0) { + CVM_LOAD_MD5_UNIT(*pdata, next); + auth_len -= 8; + } + if (auth_len > 0) { + CVM_LOAD_MD5_UNIT(*data, next); + auth_len -= 8; + } + + *pdata32[0] = mydata[0].data32[0]; + *pdata32[1] = mydata[0].data32[1]; + *pdata32[2] = mydata[1].data32[0]; + *data32 = mydata[1].data32[1]; + + SG_CONSUME(sg, data32, data_i, data_l); + } + + /* finish any left over hashing */ + while (auth_len > 0) { + mydata[0].data32[0] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + mydata[0].data32[1] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + CVM_LOAD_MD5_UNIT(*pdata, next); + auth_len -= 8; + } + + /* finish the hash */ + CVMX_PREFETCH0(od->octo_hmouter); +#if 0 + if (unlikely(inplen)) { + uint64_t tmp = 0; + uint8_t *p = (uint8_t *) & tmp; + p[inplen] = 0x80; + do { + inplen--; + p[inplen] = ((uint8_t *) data)[inplen]; + } while (inplen); + CVM_LOAD_MD5_UNIT(tmp, next); + } else { + CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); + } +#else + CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); +#endif + + /* Finish Inner hash */ + while (next != 7) { + CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next); + } + CVMX_ES64(tmp1, ((alen + 64) << 3)); + CVM_LOAD_MD5_UNIT(tmp1, next); + + /* Get the inner hash of HMAC */ + CVMX_MF_HSH_IV(tmp1, 0); + CVMX_MF_HSH_IV(tmp2, 1); + + /* Initialize hash unit */ + CVMX_MT_HSH_IV(od->octo_hmouter[0], 0); + CVMX_MT_HSH_IV(od->octo_hmouter[1], 1); + + CVMX_MT_HSH_DAT(tmp1, 0); + CVMX_MT_HSH_DAT(tmp2, 1); + CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2); + CVMX_MT_HSH_DATZ(3); + CVMX_MT_HSH_DATZ(4); + CVMX_MT_HSH_DATZ(5); + CVMX_MT_HSH_DATZ(6); + CVMX_ES64(tmp1, ((64 + 16) << 3)); + CVMX_MT_HSH_STARTMD5(tmp1); + + /* save the HMAC */ + SG_INIT(sg, data32, data_i, data_l); + while (icv_off > 0) { + SG_CONSUME(sg, data32, data_i, data_l); + icv_off -= 4; + } + CVMX_MF_HSH_IV(tmp1, 0); + *data32 = (uint32_t) (tmp1 >> 32); + SG_CONSUME(sg, data32, data_i, data_l); + *data32 = (uint32_t) tmp1; + SG_CONSUME(sg, data32, data_i, data_l); + CVMX_MF_HSH_IV(tmp1, 1); + *data32 = (uint32_t) (tmp1 >> 32); + + octeon_crypto_disable(&state, flags); + return 0; +} + +int +octo_aes_cbc_md5_decrypt( + struct octo_sess *od, + struct scatterlist *sg, int sg_len, + int auth_off, int auth_len, + int crypt_off, int crypt_len, + int icv_off, uint8_t *ivp) +{ + register int next = 0; + union { + uint32_t data32[2]; + uint64_t data64[1]; + } mydata[2]; + uint64_t *pdata = &mydata[0].data64[0]; + uint64_t *data = &mydata[1].data64[0]; + uint32_t *data32; + uint64_t tmp1, tmp2; + int data_i, data_l, alen = auth_len; + struct octeon_cop2_state state; + unsigned long flags; + + dprintk("%s()\n", __FUNCTION__); + + if (unlikely(od == NULL || sg==NULL || sg_len==0 || ivp==NULL || + (crypt_off & 0x3) || (crypt_off + crypt_len > sg_len) || + (crypt_len & 0x7) || + (auth_len & 0x7) || + (auth_off & 0x3) || (auth_off + auth_len > sg_len))) { + dprintk("%s: Bad parameters od=%p sg=%p sg_len=%d " + "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " + "icv_off=%d ivp=%p\n", __FUNCTION__, od, sg, sg_len, + auth_off, auth_len, crypt_off, crypt_len, icv_off, ivp); + return -EINVAL; + } + + SG_INIT(sg, data32, data_i, data_l); + + CVMX_PREFETCH0(ivp); + CVMX_PREFETCH0(od->octo_enckey); + + flags = octeon_crypto_enable(&state); + + /* load AES Key */ + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[0], 0); + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[1], 1); + + if (od->octo_encklen == 16) { + CVMX_MT_AES_KEY(0x0, 2); + CVMX_MT_AES_KEY(0x0, 3); + } else if (od->octo_encklen == 24) { + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2); + CVMX_MT_AES_KEY(0x0, 3); + } else if (od->octo_encklen == 32) { + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2); + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[3], 3); + } else { + octeon_crypto_disable(&state, flags); + dprintk("%s: Bad key length %d\n", __FUNCTION__, od->octo_encklen); + return -EINVAL; + } + CVMX_MT_AES_KEYLENGTH(od->octo_encklen / 8 - 1); + + CVMX_MT_AES_IV(((uint64_t *) ivp)[0], 0); + CVMX_MT_AES_IV(((uint64_t *) ivp)[1], 1); + + /* Load MD5 IV */ + CVMX_MT_HSH_IV(od->octo_hminner[0], 0); + CVMX_MT_HSH_IV(od->octo_hminner[1], 1); + + while (crypt_off > 0 && auth_off > 0) { + SG_CONSUME(sg, data32, data_i, data_l); + crypt_off -= 4; + auth_off -= 4; + } + + /* align auth and crypt */ + while (crypt_off > 0 && auth_len > 0) { + mydata[0].data32[0] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + mydata[0].data32[1] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + CVM_LOAD_MD5_UNIT(*pdata, next); + crypt_off -= 8; + auth_len -= 8; + } + + while (crypt_len > 0) { + uint32_t *pdata32[3]; + + pdata32[0] = data32; + mydata[0].data32[0] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + pdata32[1] = data32; + mydata[0].data32[1] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + pdata32[2] = data32; + mydata[1].data32[0] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + mydata[1].data32[1] = *data32; + + if (auth_len > 0) { + CVM_LOAD_MD5_UNIT(*pdata, next); + auth_len -= 8; + } + + if (auth_len > 0) { + CVM_LOAD_MD5_UNIT(*data, next); + auth_len -= 8; + } + + CVMX_MT_AES_DEC_CBC0(*pdata); + CVMX_MT_AES_DEC_CBC1(*data); + CVMX_MF_AES_RESULT(*pdata, 0); + CVMX_MF_AES_RESULT(*data, 1); + crypt_len -= 16; + + *pdata32[0] = mydata[0].data32[0]; + *pdata32[1] = mydata[0].data32[1]; + *pdata32[2] = mydata[1].data32[0]; + *data32 = mydata[1].data32[1]; + + SG_CONSUME(sg, data32, data_i, data_l); + } + + /* finish left over hash if any */ + while (auth_len > 0) { + mydata[0].data32[0] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + mydata[0].data32[1] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + CVM_LOAD_MD5_UNIT(*pdata, next); + auth_len -= 8; + } + + + /* finish the hash */ + CVMX_PREFETCH0(od->octo_hmouter); +#if 0 + if (unlikely(inplen)) { + uint64_t tmp = 0; + uint8_t *p = (uint8_t *) & tmp; + p[inplen] = 0x80; + do { + inplen--; + p[inplen] = ((uint8_t *) data)[inplen]; + } while (inplen); + CVM_LOAD_MD5_UNIT(tmp, next); + } else { + CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); + } +#else + CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); +#endif + + /* Finish Inner hash */ + while (next != 7) { + CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next); + } + CVMX_ES64(tmp1, ((alen + 64) << 3)); + CVM_LOAD_MD5_UNIT(tmp1, next); + + /* Get the inner hash of HMAC */ + CVMX_MF_HSH_IV(tmp1, 0); + CVMX_MF_HSH_IV(tmp2, 1); + + /* Initialize hash unit */ + CVMX_MT_HSH_IV(od->octo_hmouter[0], 0); + CVMX_MT_HSH_IV(od->octo_hmouter[1], 1); + + CVMX_MT_HSH_DAT(tmp1, 0); + CVMX_MT_HSH_DAT(tmp2, 1); + CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2); + CVMX_MT_HSH_DATZ(3); + CVMX_MT_HSH_DATZ(4); + CVMX_MT_HSH_DATZ(5); + CVMX_MT_HSH_DATZ(6); + CVMX_ES64(tmp1, ((64 + 16) << 3)); + CVMX_MT_HSH_STARTMD5(tmp1); + + /* save the HMAC */ + SG_INIT(sg, data32, data_i, data_l); + while (icv_off > 0) { + SG_CONSUME(sg, data32, data_i, data_l); + icv_off -= 4; + } + CVMX_MF_HSH_IV(tmp1, 0); + *data32 = (uint32_t) (tmp1 >> 32); + SG_CONSUME(sg, data32, data_i, data_l); + *data32 = (uint32_t) tmp1; + SG_CONSUME(sg, data32, data_i, data_l); + CVMX_MF_HSH_IV(tmp1, 1); + *data32 = (uint32_t) (tmp1 >> 32); + + octeon_crypto_disable(&state, flags); + return 0; +} + +/****************************************************************************/ +/* AES SHA1 */ + +int +octo_aes_cbc_sha1_encrypt( + struct octo_sess *od, + struct scatterlist *sg, int sg_len, + int auth_off, int auth_len, + int crypt_off, int crypt_len, + int icv_off, uint8_t *ivp) +{ + register int next = 0; + union { + uint32_t data32[2]; + uint64_t data64[1]; + } mydata[2]; + uint64_t *pdata = &mydata[0].data64[0]; + uint64_t *data = &mydata[1].data64[0]; + uint32_t *data32; + uint64_t tmp1, tmp2, tmp3; + int data_i, data_l, alen = auth_len; + struct octeon_cop2_state state; + unsigned long flags; + + dprintk("%s(a_off=%d a_len=%d c_off=%d c_len=%d icv_off=%d)\n", + __FUNCTION__, auth_off, auth_len, crypt_off, crypt_len, icv_off); + + if (unlikely(od == NULL || sg==NULL || sg_len==0 || ivp==NULL || + (crypt_off & 0x3) || (crypt_off + crypt_len > sg_len) || + (crypt_len & 0x7) || + (auth_len & 0x7) || + (auth_off & 0x3) || (auth_off + auth_len > sg_len))) { + dprintk("%s: Bad parameters od=%p sg=%p sg_len=%d " + "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " + "icv_off=%d ivp=%p\n", __FUNCTION__, od, sg, sg_len, + auth_off, auth_len, crypt_off, crypt_len, icv_off, ivp); + return -EINVAL; + } + + SG_INIT(sg, data32, data_i, data_l); + + CVMX_PREFETCH0(ivp); + CVMX_PREFETCH0(od->octo_enckey); + + flags = octeon_crypto_enable(&state); + + /* load AES Key */ + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[0], 0); + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[1], 1); + + if (od->octo_encklen == 16) { + CVMX_MT_AES_KEY(0x0, 2); + CVMX_MT_AES_KEY(0x0, 3); + } else if (od->octo_encklen == 24) { + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2); + CVMX_MT_AES_KEY(0x0, 3); + } else if (od->octo_encklen == 32) { + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2); + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[3], 3); + } else { + octeon_crypto_disable(&state, flags); + dprintk("%s: Bad key length %d\n", __FUNCTION__, od->octo_encklen); + return -EINVAL; + } + CVMX_MT_AES_KEYLENGTH(od->octo_encklen / 8 - 1); + + CVMX_MT_AES_IV(((uint64_t *) ivp)[0], 0); + CVMX_MT_AES_IV(((uint64_t *) ivp)[1], 1); + + /* Load SHA IV */ + CVMX_MT_HSH_IV(od->octo_hminner[0], 0); + CVMX_MT_HSH_IV(od->octo_hminner[1], 1); + CVMX_MT_HSH_IV(od->octo_hminner[2], 2); + + while (crypt_off > 0 && auth_off > 0) { + SG_CONSUME(sg, data32, data_i, data_l); + crypt_off -= 4; + auth_off -= 4; + } + + /* align auth and crypt */ + while (crypt_off > 0 && auth_len > 0) { + mydata[0].data32[0] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + mydata[0].data32[1] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + CVM_LOAD_SHA_UNIT(*pdata, next); + crypt_off -= 8; + auth_len -= 8; + } + + while (crypt_len > 0) { + uint32_t *pdata32[3]; + + pdata32[0] = data32; + mydata[0].data32[0] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + pdata32[1] = data32; + mydata[0].data32[1] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + pdata32[2] = data32; + mydata[1].data32[0] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + mydata[1].data32[1] = *data32; + + CVMX_MT_AES_ENC_CBC0(*pdata); + CVMX_MT_AES_ENC_CBC1(*data); + CVMX_MF_AES_RESULT(*pdata, 0); + CVMX_MF_AES_RESULT(*data, 1); + crypt_len -= 16; + + if (auth_len > 0) { + CVM_LOAD_SHA_UNIT(*pdata, next); + auth_len -= 8; + } + if (auth_len > 0) { + CVM_LOAD_SHA_UNIT(*data, next); + auth_len -= 8; + } + + *pdata32[0] = mydata[0].data32[0]; + *pdata32[1] = mydata[0].data32[1]; + *pdata32[2] = mydata[1].data32[0]; + *data32 = mydata[1].data32[1]; + + SG_CONSUME(sg, data32, data_i, data_l); + } + + /* finish and hashing */ + while (auth_len > 0) { + mydata[0].data32[0] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + mydata[0].data32[1] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + CVM_LOAD_SHA_UNIT(*pdata, next); + auth_len -= 8; + } + + /* finish the hash */ + CVMX_PREFETCH0(od->octo_hmouter); +#if 0 + if (unlikely(inplen)) { + uint64_t tmp = 0; + uint8_t *p = (uint8_t *) & tmp; + p[inplen] = 0x80; + do { + inplen--; + p[inplen] = ((uint8_t *) data)[inplen]; + } while (inplen); + CVM_LOAD_SHA_UNIT(tmp, next); + } else { + CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next); + } +#else + CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next); +#endif + + /* Finish Inner hash */ + while (next != 7) { + CVM_LOAD_SHA_UNIT(((uint64_t) 0x0ULL), next); + } + CVM_LOAD_SHA_UNIT((uint64_t) ((alen + 64) << 3), next); + + /* Get the inner hash of HMAC */ + CVMX_MF_HSH_IV(tmp1, 0); + CVMX_MF_HSH_IV(tmp2, 1); + tmp3 = 0; + CVMX_MF_HSH_IV(tmp3, 2); + + /* Initialize hash unit */ + CVMX_MT_HSH_IV(od->octo_hmouter[0], 0); + CVMX_MT_HSH_IV(od->octo_hmouter[1], 1); + CVMX_MT_HSH_IV(od->octo_hmouter[2], 2); + + CVMX_MT_HSH_DAT(tmp1, 0); + CVMX_MT_HSH_DAT(tmp2, 1); + tmp3 |= 0x0000000080000000; + CVMX_MT_HSH_DAT(tmp3, 2); + CVMX_MT_HSH_DATZ(3); + CVMX_MT_HSH_DATZ(4); + CVMX_MT_HSH_DATZ(5); + CVMX_MT_HSH_DATZ(6); + CVMX_MT_HSH_STARTSHA((uint64_t) ((64 + 20) << 3)); + + /* finish the hash */ + CVMX_PREFETCH0(od->octo_hmouter); +#if 0 + if (unlikely(inplen)) { + uint64_t tmp = 0; + uint8_t *p = (uint8_t *) & tmp; + p[inplen] = 0x80; + do { + inplen--; + p[inplen] = ((uint8_t *) data)[inplen]; + } while (inplen); + CVM_LOAD_MD5_UNIT(tmp, next); + } else { + CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); + } +#else + CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); +#endif + + /* save the HMAC */ + SG_INIT(sg, data32, data_i, data_l); + while (icv_off > 0) { + SG_CONSUME(sg, data32, data_i, data_l); + icv_off -= 4; + } + CVMX_MF_HSH_IV(tmp1, 0); + *data32 = (uint32_t) (tmp1 >> 32); + SG_CONSUME(sg, data32, data_i, data_l); + *data32 = (uint32_t) tmp1; + SG_CONSUME(sg, data32, data_i, data_l); + CVMX_MF_HSH_IV(tmp1, 1); + *data32 = (uint32_t) (tmp1 >> 32); + + octeon_crypto_disable(&state, flags); + return 0; +} + +int +octo_aes_cbc_sha1_decrypt( + struct octo_sess *od, + struct scatterlist *sg, int sg_len, + int auth_off, int auth_len, + int crypt_off, int crypt_len, + int icv_off, uint8_t *ivp) +{ + register int next = 0; + union { + uint32_t data32[2]; + uint64_t data64[1]; + } mydata[2]; + uint64_t *pdata = &mydata[0].data64[0]; + uint64_t *data = &mydata[1].data64[0]; + uint32_t *data32; + uint64_t tmp1, tmp2, tmp3; + int data_i, data_l, alen = auth_len; + struct octeon_cop2_state state; + unsigned long flags; + + dprintk("%s(a_off=%d a_len=%d c_off=%d c_len=%d icv_off=%d)\n", + __FUNCTION__, auth_off, auth_len, crypt_off, crypt_len, icv_off); + + if (unlikely(od == NULL || sg==NULL || sg_len==0 || ivp==NULL || + (crypt_off & 0x3) || (crypt_off + crypt_len > sg_len) || + (crypt_len & 0x7) || + (auth_len & 0x7) || + (auth_off & 0x3) || (auth_off + auth_len > sg_len))) { + dprintk("%s: Bad parameters od=%p sg=%p sg_len=%d " + "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " + "icv_off=%d ivp=%p\n", __FUNCTION__, od, sg, sg_len, + auth_off, auth_len, crypt_off, crypt_len, icv_off, ivp); + return -EINVAL; + } + + SG_INIT(sg, data32, data_i, data_l); + + CVMX_PREFETCH0(ivp); + CVMX_PREFETCH0(od->octo_enckey); + + flags = octeon_crypto_enable(&state); + + /* load AES Key */ + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[0], 0); + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[1], 1); + + if (od->octo_encklen == 16) { + CVMX_MT_AES_KEY(0x0, 2); + CVMX_MT_AES_KEY(0x0, 3); + } else if (od->octo_encklen == 24) { + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2); + CVMX_MT_AES_KEY(0x0, 3); + } else if (od->octo_encklen == 32) { + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2); + CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[3], 3); + } else { + octeon_crypto_disable(&state, flags); + dprintk("%s: Bad key length %d\n", __FUNCTION__, od->octo_encklen); + return -EINVAL; + } + CVMX_MT_AES_KEYLENGTH(od->octo_encklen / 8 - 1); + + CVMX_MT_AES_IV(((uint64_t *) ivp)[0], 0); + CVMX_MT_AES_IV(((uint64_t *) ivp)[1], 1); + + /* Load SHA1 IV */ + CVMX_MT_HSH_IV(od->octo_hminner[0], 0); + CVMX_MT_HSH_IV(od->octo_hminner[1], 1); + CVMX_MT_HSH_IV(od->octo_hminner[2], 2); + + while (crypt_off > 0 && auth_off > 0) { + SG_CONSUME(sg, data32, data_i, data_l); + crypt_off -= 4; + auth_off -= 4; + } + + /* align auth and crypt */ + while (crypt_off > 0 && auth_len > 0) { + mydata[0].data32[0] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + mydata[0].data32[1] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + CVM_LOAD_SHA_UNIT(*pdata, next); + crypt_off -= 8; + auth_len -= 8; + } + + while (crypt_len > 0) { + uint32_t *pdata32[3]; + + pdata32[0] = data32; + mydata[0].data32[0] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + pdata32[1] = data32; + mydata[0].data32[1] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + pdata32[2] = data32; + mydata[1].data32[0] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + mydata[1].data32[1] = *data32; + + if (auth_len > 0) { + CVM_LOAD_SHA_UNIT(*pdata, next); + auth_len -= 8; + } + if (auth_len > 0) { + CVM_LOAD_SHA_UNIT(*data, next); + auth_len -= 8; + } + + CVMX_MT_AES_DEC_CBC0(*pdata); + CVMX_MT_AES_DEC_CBC1(*data); + CVMX_MF_AES_RESULT(*pdata, 0); + CVMX_MF_AES_RESULT(*data, 1); + crypt_len -= 16; + + *pdata32[0] = mydata[0].data32[0]; + *pdata32[1] = mydata[0].data32[1]; + *pdata32[2] = mydata[1].data32[0]; + *data32 = mydata[1].data32[1]; + + SG_CONSUME(sg, data32, data_i, data_l); + } + + /* finish and leftover hashing */ + while (auth_len > 0) { + mydata[0].data32[0] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + mydata[0].data32[1] = *data32; + SG_CONSUME(sg, data32, data_i, data_l); + CVM_LOAD_SHA_UNIT(*pdata, next); + auth_len -= 8; + } + + /* finish the hash */ + CVMX_PREFETCH0(od->octo_hmouter); +#if 0 + if (unlikely(inplen)) { + uint64_t tmp = 0; + uint8_t *p = (uint8_t *) & tmp; + p[inplen] = 0x80; + do { + inplen--; + p[inplen] = ((uint8_t *) data)[inplen]; + } while (inplen); + CVM_LOAD_SHA_UNIT(tmp, next); + } else { + CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next); + } +#else + CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next); +#endif + + /* Finish Inner hash */ + while (next != 7) { + CVM_LOAD_SHA_UNIT(((uint64_t) 0x0ULL), next); + } + CVM_LOAD_SHA_UNIT((uint64_t) ((alen + 64) << 3), next); + + /* Get the inner hash of HMAC */ + CVMX_MF_HSH_IV(tmp1, 0); + CVMX_MF_HSH_IV(tmp2, 1); + tmp3 = 0; + CVMX_MF_HSH_IV(tmp3, 2); + + /* Initialize hash unit */ + CVMX_MT_HSH_IV(od->octo_hmouter[0], 0); + CVMX_MT_HSH_IV(od->octo_hmouter[1], 1); + CVMX_MT_HSH_IV(od->octo_hmouter[2], 2); + + CVMX_MT_HSH_DAT(tmp1, 0); + CVMX_MT_HSH_DAT(tmp2, 1); + tmp3 |= 0x0000000080000000; + CVMX_MT_HSH_DAT(tmp3, 2); + CVMX_MT_HSH_DATZ(3); + CVMX_MT_HSH_DATZ(4); + CVMX_MT_HSH_DATZ(5); + CVMX_MT_HSH_DATZ(6); + CVMX_MT_HSH_STARTSHA((uint64_t) ((64 + 20) << 3)); + + /* finish the hash */ + CVMX_PREFETCH0(od->octo_hmouter); +#if 0 + if (unlikely(inplen)) { + uint64_t tmp = 0; + uint8_t *p = (uint8_t *) & tmp; + p[inplen] = 0x80; + do { + inplen--; + p[inplen] = ((uint8_t *) data)[inplen]; + } while (inplen); + CVM_LOAD_MD5_UNIT(tmp, next); + } else { + CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); + } +#else + CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); +#endif + + /* save the HMAC */ + SG_INIT(sg, data32, data_i, data_l); + while (icv_off > 0) { + SG_CONSUME(sg, data32, data_i, data_l); + icv_off -= 4; + } + CVMX_MF_HSH_IV(tmp1, 0); + *data32 = (uint32_t) (tmp1 >> 32); + SG_CONSUME(sg, data32, data_i, data_l); + *data32 = (uint32_t) tmp1; + SG_CONSUME(sg, data32, data_i, data_l); + CVMX_MF_HSH_IV(tmp1, 1); + *data32 = (uint32_t) (tmp1 >> 32); + + octeon_crypto_disable(&state, flags); + return 0; +} + +/****************************************************************************/ diff -Naur linux-3.0.68.i686-orig/crypto/ocf/cryptocteon/cryptocteon.c linux-3.0.68.i686/crypto/ocf/cryptocteon/cryptocteon.c --- linux-3.0.68.i686-orig/crypto/ocf/cryptocteon/cryptocteon.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/cryptocteon/cryptocteon.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,576 @@ +/* + * Octeon Crypto for OCF + * + * Written by David McCullough + * Copyright (C) 2009-2010 David McCullough + * + * LICENSE TERMS + * + * The free distribution and use of this software in both source and binary + * form is allowed (with or without changes) provided that: + * + * 1. distributions of this source code include the above copyright + * notice, this list of conditions and the following disclaimer; + * + * 2. distributions in binary form include the above copyright + * notice, this list of conditions and the following disclaimer + * in the documentation and/or other associated materials; + * + * 3. the copyright holder's name is not used to endorse products + * built using this software without specific written permission. + * + * DISCLAIMER + * + * This software is provided 'as is' with no explicit or implied warranties + * in respect of its properties, including, but not limited to, correctness + * and/or fitness for purpose. + * --------------------------------------------------------------------------- + */ + +#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +struct { + softc_device_decl sc_dev; +} octo_softc; + +#define offset_in_page(p) ((unsigned long)(p) & ~PAGE_MASK) + +struct octo_sess { + int octo_encalg; + #define MAX_CIPHER_KEYLEN 64 + char octo_enckey[MAX_CIPHER_KEYLEN]; + int octo_encklen; + + int octo_macalg; + #define MAX_HASH_KEYLEN 64 + char octo_mackey[MAX_HASH_KEYLEN]; + int octo_macklen; + int octo_mackey_set; + + int octo_mlen; + int octo_ivsize; + + int (*octo_encrypt)(struct octo_sess *od, + struct scatterlist *sg, int sg_len, + int auth_off, int auth_len, + int crypt_off, int crypt_len, + int icv_off, uint8_t *ivp); + int (*octo_decrypt)(struct octo_sess *od, + struct scatterlist *sg, int sg_len, + int auth_off, int auth_len, + int crypt_off, int crypt_len, + int icv_off, uint8_t *ivp); + + uint64_t octo_hminner[3]; + uint64_t octo_hmouter[3]; +}; + +int32_t octo_id = -1; +module_param(octo_id, int, 0444); +MODULE_PARM_DESC(octo_id, "Read-Only OCF ID for cryptocteon driver"); + +static struct octo_sess **octo_sessions = NULL; +static u_int32_t octo_sesnum = 0; + +static int octo_process(device_t, struct cryptop *, int); +static int octo_newsession(device_t, u_int32_t *, struct cryptoini *); +static int octo_freesession(device_t, u_int64_t); + +static device_method_t octo_methods = { + /* crypto device methods */ + DEVMETHOD(cryptodev_newsession, octo_newsession), + DEVMETHOD(cryptodev_freesession,octo_freesession), + DEVMETHOD(cryptodev_process, octo_process), +}; + +#define debug octo_debug +int octo_debug = 0; +module_param(octo_debug, int, 0644); +MODULE_PARM_DESC(octo_debug, "Enable debug"); + + +#include "cavium_crypto.c" + + +/* + * Generate a new octo session. We artifically limit it to a single + * hash/cipher or hash-cipher combo just to make it easier, most callers + * do not expect more than this anyway. + */ +static int +octo_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri) +{ + struct cryptoini *c, *encini = NULL, *macini = NULL; + struct octo_sess **ocd; + int i; + + dprintk("%s()\n", __FUNCTION__); + if (sid == NULL || cri == NULL) { + dprintk("%s,%d - EINVAL\n", __FILE__, __LINE__); + return EINVAL; + } + + /* + * To keep it simple, we only handle hash, cipher or hash/cipher in a + * session, you cannot currently do multiple ciphers/hashes in one + * session even though it would be possibel to code this driver to + * handle it. + */ + for (i = 0, c = cri; c && i < 2; i++) { + if (c->cri_alg == CRYPTO_MD5_HMAC || + c->cri_alg == CRYPTO_SHA1_HMAC || + c->cri_alg == CRYPTO_NULL_HMAC) { + if (macini) { + break; + } + macini = c; + } + if (c->cri_alg == CRYPTO_DES_CBC || + c->cri_alg == CRYPTO_3DES_CBC || + c->cri_alg == CRYPTO_AES_CBC || + c->cri_alg == CRYPTO_NULL_CBC) { + if (encini) { + break; + } + encini = c; + } + c = c->cri_next; + } + if (!macini && !encini) { + dprintk("%s,%d - EINVAL bad cipher/hash or combination\n", + __FILE__, __LINE__); + return EINVAL; + } + if (c) { + dprintk("%s,%d - EINVAL cannot handle chained cipher/hash combos\n", + __FILE__, __LINE__); + return EINVAL; + } + + /* + * So we have something we can do, lets setup the session + */ + + if (octo_sessions) { + for (i = 1; i < octo_sesnum; i++) + if (octo_sessions[i] == NULL) + break; + } else + i = 1; /* NB: to silence compiler warning */ + + if (octo_sessions == NULL || i == octo_sesnum) { + if (octo_sessions == NULL) { + i = 1; /* We leave octo_sessions[0] empty */ + octo_sesnum = CRYPTO_SW_SESSIONS; + } else + octo_sesnum *= 2; + + ocd = kmalloc(octo_sesnum * sizeof(struct octo_sess *), SLAB_ATOMIC); + if (ocd == NULL) { + /* Reset session number */ + if (octo_sesnum == CRYPTO_SW_SESSIONS) + octo_sesnum = 0; + else + octo_sesnum /= 2; + dprintk("%s,%d: ENOBUFS\n", __FILE__, __LINE__); + return ENOBUFS; + } + memset(ocd, 0, octo_sesnum * sizeof(struct octo_sess *)); + + /* Copy existing sessions */ + if (octo_sessions) { + memcpy(ocd, octo_sessions, + (octo_sesnum / 2) * sizeof(struct octo_sess *)); + kfree(octo_sessions); + } + + octo_sessions = ocd; + } + + ocd = &octo_sessions[i]; + *sid = i; + + + *ocd = (struct octo_sess *) kmalloc(sizeof(struct octo_sess), SLAB_ATOMIC); + if (*ocd == NULL) { + octo_freesession(NULL, i); + dprintk("%s,%d: ENOBUFS\n", __FILE__, __LINE__); + return ENOBUFS; + } + memset(*ocd, 0, sizeof(struct octo_sess)); + + if (encini && encini->cri_key) { + (*ocd)->octo_encklen = (encini->cri_klen + 7) / 8; + memcpy((*ocd)->octo_enckey, encini->cri_key, (*ocd)->octo_encklen); + } + + if (macini && macini->cri_key) { + (*ocd)->octo_macklen = (macini->cri_klen + 7) / 8; + memcpy((*ocd)->octo_mackey, macini->cri_key, (*ocd)->octo_macklen); + } + + (*ocd)->octo_mlen = 0; + if (encini && encini->cri_mlen) + (*ocd)->octo_mlen = encini->cri_mlen; + else if (macini && macini->cri_mlen) + (*ocd)->octo_mlen = macini->cri_mlen; + else + (*ocd)->octo_mlen = 12; + + /* + * point c at the enc if it exists, otherwise the mac + */ + c = encini ? encini : macini; + + switch (c->cri_alg) { + case CRYPTO_DES_CBC: + case CRYPTO_3DES_CBC: + (*ocd)->octo_ivsize = 8; + switch (macini ? macini->cri_alg : -1) { + case CRYPTO_MD5_HMAC: + (*ocd)->octo_encrypt = octo_des_cbc_md5_encrypt; + (*ocd)->octo_decrypt = octo_des_cbc_md5_decrypt; + octo_calc_hash(0, macini->cri_key, (*ocd)->octo_hminner, + (*ocd)->octo_hmouter); + break; + case CRYPTO_SHA1_HMAC: + (*ocd)->octo_encrypt = octo_des_cbc_sha1_encrypt; + (*ocd)->octo_decrypt = octo_des_cbc_sha1_decrypt; + octo_calc_hash(1, macini->cri_key, (*ocd)->octo_hminner, + (*ocd)->octo_hmouter); + break; + case -1: + (*ocd)->octo_encrypt = octo_des_cbc_encrypt; + (*ocd)->octo_decrypt = octo_des_cbc_decrypt; + break; + default: + octo_freesession(NULL, i); + dprintk("%s,%d: EINVALn", __FILE__, __LINE__); + return EINVAL; + } + break; + case CRYPTO_AES_CBC: + (*ocd)->octo_ivsize = 16; + switch (macini ? macini->cri_alg : -1) { + case CRYPTO_MD5_HMAC: + (*ocd)->octo_encrypt = octo_aes_cbc_md5_encrypt; + (*ocd)->octo_decrypt = octo_aes_cbc_md5_decrypt; + octo_calc_hash(0, macini->cri_key, (*ocd)->octo_hminner, + (*ocd)->octo_hmouter); + break; + case CRYPTO_SHA1_HMAC: + (*ocd)->octo_encrypt = octo_aes_cbc_sha1_encrypt; + (*ocd)->octo_decrypt = octo_aes_cbc_sha1_decrypt; + octo_calc_hash(1, macini->cri_key, (*ocd)->octo_hminner, + (*ocd)->octo_hmouter); + break; + case -1: + (*ocd)->octo_encrypt = octo_aes_cbc_encrypt; + (*ocd)->octo_decrypt = octo_aes_cbc_decrypt; + break; + default: + octo_freesession(NULL, i); + dprintk("%s,%d: EINVALn", __FILE__, __LINE__); + return EINVAL; + } + break; + case CRYPTO_MD5_HMAC: + (*ocd)->octo_encrypt = octo_null_md5_encrypt; + (*ocd)->octo_decrypt = octo_null_md5_encrypt; /* encrypt == decrypt */ + octo_calc_hash(0, macini->cri_key, (*ocd)->octo_hminner, + (*ocd)->octo_hmouter); + break; + case CRYPTO_SHA1_HMAC: + (*ocd)->octo_encrypt = octo_null_sha1_encrypt; + (*ocd)->octo_decrypt = octo_null_sha1_encrypt; /* encrypt == decrypt */ + octo_calc_hash(1, macini->cri_key, (*ocd)->octo_hminner, + (*ocd)->octo_hmouter); + break; + default: + octo_freesession(NULL, i); + dprintk("%s,%d: EINVALn", __FILE__, __LINE__); + return EINVAL; + } + + (*ocd)->octo_encalg = encini ? encini->cri_alg : -1; + (*ocd)->octo_macalg = macini ? macini->cri_alg : -1; + + return 0; +} + +/* + * Free a session. + */ +static int +octo_freesession(device_t dev, u_int64_t tid) +{ + u_int32_t sid = CRYPTO_SESID2LID(tid); + + dprintk("%s()\n", __FUNCTION__); + if (sid > octo_sesnum || octo_sessions == NULL || + octo_sessions[sid] == NULL) { + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + return(EINVAL); + } + + /* Silently accept and return */ + if (sid == 0) + return(0); + + if (octo_sessions[sid]) + kfree(octo_sessions[sid]); + octo_sessions[sid] = NULL; + return 0; +} + +/* + * Process a request. + */ +static int +octo_process(device_t dev, struct cryptop *crp, int hint) +{ + struct cryptodesc *crd; + struct octo_sess *od; + u_int32_t lid; +#define SCATTERLIST_MAX 16 + struct scatterlist sg[SCATTERLIST_MAX]; + int sg_num, sg_len; + struct sk_buff *skb = NULL; + struct uio *uiop = NULL; + struct cryptodesc *enccrd = NULL, *maccrd = NULL; + unsigned char *ivp = NULL; + unsigned char iv_data[HASH_MAX_LEN]; + int auth_off = 0, auth_len = 0, crypt_off = 0, crypt_len = 0, icv_off = 0; + + dprintk("%s()\n", __FUNCTION__); + /* Sanity check */ + if (crp == NULL) { + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + return EINVAL; + } + + crp->crp_etype = 0; + + if (crp->crp_desc == NULL || crp->crp_buf == NULL) { + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + crp->crp_etype = EINVAL; + goto done; + } + + lid = crp->crp_sid & 0xffffffff; + if (lid >= octo_sesnum || lid == 0 || octo_sessions == NULL || + octo_sessions[lid] == NULL) { + crp->crp_etype = ENOENT; + dprintk("%s,%d: ENOENT\n", __FILE__, __LINE__); + goto done; + } + od = octo_sessions[lid]; + + /* + * do some error checking outside of the loop for SKB and IOV processing + * this leaves us with valid skb or uiop pointers for later + */ + if (crp->crp_flags & CRYPTO_F_SKBUF) { + skb = (struct sk_buff *) crp->crp_buf; + if (skb_shinfo(skb)->nr_frags >= SCATTERLIST_MAX) { + printk("%s,%d: %d nr_frags > SCATTERLIST_MAX", __FILE__, __LINE__, + skb_shinfo(skb)->nr_frags); + goto done; + } + } else if (crp->crp_flags & CRYPTO_F_IOV) { + uiop = (struct uio *) crp->crp_buf; + if (uiop->uio_iovcnt > SCATTERLIST_MAX) { + printk("%s,%d: %d uio_iovcnt > SCATTERLIST_MAX", __FILE__, __LINE__, + uiop->uio_iovcnt); + goto done; + } + } + + /* point our enccrd and maccrd appropriately */ + crd = crp->crp_desc; + if (crd->crd_alg == od->octo_encalg) enccrd = crd; + if (crd->crd_alg == od->octo_macalg) maccrd = crd; + crd = crd->crd_next; + if (crd) { + if (crd->crd_alg == od->octo_encalg) enccrd = crd; + if (crd->crd_alg == od->octo_macalg) maccrd = crd; + crd = crd->crd_next; + } + if (crd) { + crp->crp_etype = EINVAL; + dprintk("%s,%d: ENOENT - descriptors do not match session\n", + __FILE__, __LINE__); + goto done; + } + + if (enccrd) { + if (enccrd->crd_flags & CRD_F_ENCRYPT) { + if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) + ivp = enccrd->crd_iv; + else + read_random((ivp = iv_data), od->octo_ivsize); + if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) + crypto_copyback(crp->crp_flags, crp->crp_buf, + enccrd->crd_inject, od->octo_ivsize, ivp); + } else { + if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) { + ivp = enccrd->crd_iv; + } else { + ivp = iv_data; + crypto_copydata(crp->crp_flags, crp->crp_buf, + enccrd->crd_inject, od->octo_ivsize, (caddr_t) ivp); + } + } + + if (maccrd) { + auth_off = maccrd->crd_skip; + auth_len = maccrd->crd_len; + icv_off = maccrd->crd_inject; + } + + crypt_off = enccrd->crd_skip; + crypt_len = enccrd->crd_len; + } else { /* if (maccrd) */ + auth_off = maccrd->crd_skip; + auth_len = maccrd->crd_len; + icv_off = maccrd->crd_inject; + } + + + /* + * setup the SG list to cover the buffer + */ + memset(sg, 0, sizeof(sg)); + if (crp->crp_flags & CRYPTO_F_SKBUF) { + int i, len; + + sg_num = 0; + sg_len = 0; + + len = skb_headlen(skb); + sg_set_page(&sg[sg_num], virt_to_page(skb->data), len, + offset_in_page(skb->data)); + sg_len += len; + sg_num++; + + for (i = 0; i < skb_shinfo(skb)->nr_frags && sg_num < SCATTERLIST_MAX; + i++) { + len = skb_shinfo(skb)->frags[i].size; + sg_set_page(&sg[sg_num], skb_frag_page(&skb_shinfo(skb)->frags[i]), + len, skb_shinfo(skb)->frags[i].page_offset); + sg_len += len; + sg_num++; + } + } else if (crp->crp_flags & CRYPTO_F_IOV) { + int len; + + sg_len = 0; + for (sg_num = 0; sg_len < crp->crp_ilen && + sg_num < uiop->uio_iovcnt && + sg_num < SCATTERLIST_MAX; sg_num++) { + len = uiop->uio_iov[sg_num].iov_len; + sg_set_page(&sg[sg_num], + virt_to_page(uiop->uio_iov[sg_num].iov_base), len, + offset_in_page(uiop->uio_iov[sg_num].iov_base)); + sg_len += len; + } + } else { + sg_len = crp->crp_ilen; + sg_set_page(&sg[0], virt_to_page(crp->crp_buf), sg_len, + offset_in_page(crp->crp_buf)); + sg_num = 1; + } + if (sg_num > 0) + sg_mark_end(&sg[sg_num-1]); + + /* + * setup a new explicit key + */ + if (enccrd) { + if (enccrd->crd_flags & CRD_F_KEY_EXPLICIT) { + od->octo_encklen = (enccrd->crd_klen + 7) / 8; + memcpy(od->octo_enckey, enccrd->crd_key, od->octo_encklen); + } + } + if (maccrd) { + if (maccrd->crd_flags & CRD_F_KEY_EXPLICIT) { + od->octo_macklen = (maccrd->crd_klen + 7) / 8; + memcpy(od->octo_mackey, maccrd->crd_key, od->octo_macklen); + od->octo_mackey_set = 0; + } + if (!od->octo_mackey_set) { + octo_calc_hash(maccrd->crd_alg == CRYPTO_MD5_HMAC ? 0 : 1, + maccrd->crd_key, od->octo_hminner, od->octo_hmouter); + od->octo_mackey_set = 1; + } + } + + + if (!enccrd || (enccrd->crd_flags & CRD_F_ENCRYPT)) + (*od->octo_encrypt)(od, sg, sg_len, + auth_off, auth_len, crypt_off, crypt_len, icv_off, ivp); + else + (*od->octo_decrypt)(od, sg, sg_len, + auth_off, auth_len, crypt_off, crypt_len, icv_off, ivp); + +done: + crypto_done(crp); + return 0; +} + +static int +cryptocteon_init(void) +{ + dprintk("%s(%p)\n", __FUNCTION__, cryptocteon_init); + + softc_device_init(&octo_softc, "cryptocteon", 0, octo_methods); + + octo_id = crypto_get_driverid(softc_get_device(&octo_softc), + CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SYNC); + if (octo_id < 0) { + printk("Cryptocteon device cannot initialize!"); + return -ENODEV; + } + + crypto_register(octo_id, CRYPTO_MD5_HMAC, 0,0); + crypto_register(octo_id, CRYPTO_SHA1_HMAC, 0,0); + //crypto_register(octo_id, CRYPTO_MD5, 0,0); + //crypto_register(octo_id, CRYPTO_SHA1, 0,0); + crypto_register(octo_id, CRYPTO_DES_CBC, 0,0); + crypto_register(octo_id, CRYPTO_3DES_CBC, 0,0); + crypto_register(octo_id, CRYPTO_AES_CBC, 0,0); + + return(0); +} + +static void +cryptocteon_exit(void) +{ + dprintk("%s()\n", __FUNCTION__); + crypto_unregister_all(octo_id); + octo_id = -1; +} + +module_init(cryptocteon_init); +module_exit(cryptocteon_exit); + +MODULE_LICENSE("BSD"); +MODULE_AUTHOR("David McCullough "); +MODULE_DESCRIPTION("Cryptocteon (OCF module for Cavium OCTEON crypto)"); diff -Naur linux-3.0.68.i686-orig/crypto/ocf/cryptocteon/Makefile linux-3.0.68.i686/crypto/ocf/cryptocteon/Makefile --- linux-3.0.68.i686-orig/crypto/ocf/cryptocteon/Makefile 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/cryptocteon/Makefile 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,17 @@ +# for SGlinux builds +-include $(ROOTDIR)/modules/.config + +obj-$(CONFIG_OCF_CRYPTOCTEON) += cryptocteon.o + +obj ?= . +EXTRA_CFLAGS += -I$(obj)/.. -I$(obj)/ + +ifdef CONFIG_OCF_CRYPTOCTEON +# you need the cavium crypto component installed +EXTRA_CFLAGS += -I$(ROOTDIR)/prop/include +endif + +ifdef TOPDIR +-include $(TOPDIR)/Rules.make +endif + diff -Naur linux-3.0.68.i686-orig/crypto/ocf/cryptocteon/README.txt linux-3.0.68.i686/crypto/ocf/cryptocteon/README.txt --- linux-3.0.68.i686-orig/crypto/ocf/cryptocteon/README.txt 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/cryptocteon/README.txt 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,11 @@ + +You will need the CRYPTO package installed to build this driver, and +potentially the ADK. + +cavium_crypto sourced from: + + adk/components/source/cavium_ipsec_kame/cavium_ipsec.c + +and significantly modified to suit use with OCF. All original +copyright/ownership headers retained. + diff -Naur linux-3.0.68.i686-orig/crypto/ocf/cryptodev.c linux-3.0.68.i686/crypto/ocf/cryptodev.c --- linux-3.0.68.i686-orig/crypto/ocf/cryptodev.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/cryptodev.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,1069 @@ +/* $OpenBSD: cryptodev.c,v 1.52 2002/06/19 07:22:46 deraadt Exp $ */ + +/*- + * Linux port done by David McCullough + * Copyright (C) 2006-2010 David McCullough + * Copyright (C) 2004-2005 Intel Corporation. + * The license and original author are listed below. + * + * Copyright (c) 2001 Theo de Raadt + * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * +__FBSDID("$FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.34 2007/05/09 19:37:02 gnn Exp $"); + */ + +#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +extern asmlinkage long sys_dup(unsigned int fildes); + +#define debug cryptodev_debug +int cryptodev_debug = 0; +module_param(cryptodev_debug, int, 0644); +MODULE_PARM_DESC(cryptodev_debug, "Enable cryptodev debug"); + +struct csession_info { + u_int16_t blocksize; + u_int16_t minkey, maxkey; + + u_int16_t keysize; + /* u_int16_t hashsize; */ + u_int16_t authsize; + u_int16_t authkey; + /* u_int16_t ctxsize; */ +}; + +struct csession { + struct list_head list; + u_int64_t sid; + u_int32_t ses; + + wait_queue_head_t waitq; + + u_int32_t cipher; + + u_int32_t mac; + + caddr_t key; + int keylen; + u_char tmp_iv[EALG_MAX_BLOCK_LEN]; + + caddr_t mackey; + int mackeylen; + + struct csession_info info; + + struct iovec iovec; + struct uio uio; + int error; +}; + +struct fcrypt { + struct list_head csessions; + int sesn; +}; + +static struct csession *csefind(struct fcrypt *, u_int); +static int csedelete(struct fcrypt *, struct csession *); +static struct csession *cseadd(struct fcrypt *, struct csession *); +static struct csession *csecreate(struct fcrypt *, u_int64_t, + struct cryptoini *crie, struct cryptoini *cria, struct csession_info *); +static int csefree(struct csession *); + +static int cryptodev_op(struct csession *, struct crypt_op *); +static int cryptodev_key(struct crypt_kop *); +static int cryptodev_find(struct crypt_find_op *); + +static int cryptodev_cb(void *); +static int cryptodev_open(struct inode *inode, struct file *filp); + +/* + * Check a crypto identifier to see if it requested + * a valid crid and it's capabilities match. + */ +static int +checkcrid(int crid) +{ + int hid = crid & ~(CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE); + int typ = crid & (CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE); + int caps = 0; + + /* if the user hasn't selected a driver, then just call newsession */ + if (hid == 0 && typ != 0) + return 0; + + caps = crypto_getcaps(hid); + + /* didn't find anything with capabilities */ + if (caps == 0) { + dprintk("%s: hid=%x typ=%x not matched\n", __FUNCTION__, hid, typ); + return EINVAL; + } + + /* the user didn't specify SW or HW, so the driver is ok */ + if (typ == 0) + return 0; + + /* if the type specified didn't match */ + if (typ != (caps & (CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE))) { + dprintk("%s: hid=%x typ=%x caps=%x not matched\n", __FUNCTION__, + hid, typ, caps); + return EINVAL; + } + + return 0; +} + +static int +cryptodev_op(struct csession *cse, struct crypt_op *cop) +{ + struct cryptop *crp = NULL; + struct cryptodesc *crde = NULL, *crda = NULL; + int error = 0; + + dprintk("%s()\n", __FUNCTION__); + if (cop->len > CRYPTO_MAX_DATA_LEN) { + dprintk("%s: %d > %d\n", __FUNCTION__, cop->len, CRYPTO_MAX_DATA_LEN); + return (E2BIG); + } + + if (cse->info.blocksize && (cop->len % cse->info.blocksize) != 0) { + dprintk("%s: blocksize=%d len=%d\n", __FUNCTION__, cse->info.blocksize, + cop->len); + return (EINVAL); + } + + cse->uio.uio_iov = &cse->iovec; + cse->uio.uio_iovcnt = 1; + cse->uio.uio_offset = 0; +#if 0 + cse->uio.uio_resid = cop->len; + cse->uio.uio_segflg = UIO_SYSSPACE; + cse->uio.uio_rw = UIO_WRITE; + cse->uio.uio_td = td; +#endif + cse->uio.uio_iov[0].iov_len = cop->len; + if (cse->info.authsize) + cse->uio.uio_iov[0].iov_len += cse->info.authsize; + cse->uio.uio_iov[0].iov_base = kmalloc(cse->uio.uio_iov[0].iov_len, + GFP_KERNEL); + + if (cse->uio.uio_iov[0].iov_base == NULL) { + dprintk("%s: iov_base kmalloc(%d) failed\n", __FUNCTION__, + (int)cse->uio.uio_iov[0].iov_len); + return (ENOMEM); + } + + crp = crypto_getreq((cse->info.blocksize != 0) + (cse->info.authsize != 0)); + if (crp == NULL) { + dprintk("%s: ENOMEM\n", __FUNCTION__); + error = ENOMEM; + goto bail; + } + + if (cse->info.authsize && cse->info.blocksize) { + if (cop->op == COP_ENCRYPT) { + crde = crp->crp_desc; + crda = crde->crd_next; + } else { + crda = crp->crp_desc; + crde = crda->crd_next; + } + } else if (cse->info.authsize) { + crda = crp->crp_desc; + } else if (cse->info.blocksize) { + crde = crp->crp_desc; + } else { + dprintk("%s: bad request\n", __FUNCTION__); + error = EINVAL; + goto bail; + } + + if ((error = copy_from_user(cse->uio.uio_iov[0].iov_base, cop->src, + cop->len))) { + dprintk("%s: bad copy\n", __FUNCTION__); + goto bail; + } + + if (crda) { + crda->crd_skip = 0; + crda->crd_len = cop->len; + crda->crd_inject = cop->len; + + crda->crd_alg = cse->mac; + crda->crd_key = cse->mackey; + crda->crd_klen = cse->mackeylen * 8; + } + + if (crde) { + if (cop->op == COP_ENCRYPT) + crde->crd_flags |= CRD_F_ENCRYPT; + else + crde->crd_flags &= ~CRD_F_ENCRYPT; + crde->crd_len = cop->len; + crde->crd_inject = 0; + + crde->crd_alg = cse->cipher; + crde->crd_key = cse->key; + crde->crd_klen = cse->keylen * 8; + } + + crp->crp_ilen = cse->uio.uio_iov[0].iov_len; + crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIMM + | (cop->flags & COP_F_BATCH); + crp->crp_buf = (caddr_t)&cse->uio; + crp->crp_callback = (int (*) (struct cryptop *)) cryptodev_cb; + crp->crp_sid = cse->sid; + crp->crp_opaque = (void *)cse; + + if (cop->iv) { + if (crde == NULL) { + error = EINVAL; + dprintk("%s no crde\n", __FUNCTION__); + goto bail; + } + if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ + error = EINVAL; + dprintk("%s arc4 with IV\n", __FUNCTION__); + goto bail; + } + if ((error = copy_from_user(cse->tmp_iv, cop->iv, + cse->info.blocksize))) { + dprintk("%s bad iv copy\n", __FUNCTION__); + goto bail; + } + memcpy(crde->crd_iv, cse->tmp_iv, cse->info.blocksize); + crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT; + crde->crd_skip = 0; + } else if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ + crde->crd_skip = 0; + } else if (crde) { + crde->crd_flags |= CRD_F_IV_PRESENT; + crde->crd_skip = cse->info.blocksize; + crde->crd_len -= cse->info.blocksize; + } + + if (cop->mac && crda == NULL) { + error = EINVAL; + dprintk("%s no crda\n", __FUNCTION__); + goto bail; + } + + /* + * Let the dispatch run unlocked, then, interlock against the + * callback before checking if the operation completed and going + * to sleep. This insures drivers don't inherit our lock which + * results in a lock order reversal between crypto_dispatch forced + * entry and the crypto_done callback into us. + */ + error = crypto_dispatch(crp); + if (error) { + dprintk("%s error in crypto_dispatch\n", __FUNCTION__); + goto bail; + } + + dprintk("%s about to WAIT\n", __FUNCTION__); + /* + * we really need to wait for driver to complete to maintain + * state, luckily interrupts will be remembered + */ + do { + error = wait_event_interruptible(crp->crp_waitq, + ((crp->crp_flags & CRYPTO_F_DONE) != 0)); + /* + * we can't break out of this loop or we will leave behind + * a huge mess, however, staying here means if your driver + * is broken user applications can hang and not be killed. + * The solution, fix your driver :-) + */ + if (error) { + schedule(); + error = 0; + } + } while ((crp->crp_flags & CRYPTO_F_DONE) == 0); + dprintk("%s finished WAITING error=%d\n", __FUNCTION__, error); + + if (crp->crp_etype != 0) { + error = crp->crp_etype; + dprintk("%s error in crp processing\n", __FUNCTION__); + goto bail; + } + + if (cse->error) { + error = cse->error; + dprintk("%s error in cse processing\n", __FUNCTION__); + goto bail; + } + + if (cop->dst && (error = copy_to_user(cop->dst, + cse->uio.uio_iov[0].iov_base, cop->len))) { + dprintk("%s bad dst copy\n", __FUNCTION__); + goto bail; + } + + if (cop->mac && + (error=copy_to_user(cop->mac, + (caddr_t)cse->uio.uio_iov[0].iov_base + cop->len, + cse->info.authsize))) { + dprintk("%s bad mac copy\n", __FUNCTION__); + goto bail; + } + +bail: + if (crp) + crypto_freereq(crp); + if (cse->uio.uio_iov[0].iov_base) + kfree(cse->uio.uio_iov[0].iov_base); + + return (error); +} + +static int +cryptodev_cb(void *op) +{ + struct cryptop *crp = (struct cryptop *) op; + struct csession *cse = (struct csession *)crp->crp_opaque; + int error; + + dprintk("%s()\n", __FUNCTION__); + error = crp->crp_etype; + if (error == EAGAIN) { + crp->crp_flags &= ~CRYPTO_F_DONE; +#ifdef NOTYET + /* + * DAVIDM I am fairly sure that we should turn this into a batch + * request to stop bad karma/lockup, revisit + */ + crp->crp_flags |= CRYPTO_F_BATCH; +#endif + return crypto_dispatch(crp); + } + if (error != 0 || (crp->crp_flags & CRYPTO_F_DONE)) { + cse->error = error; + wake_up_interruptible(&crp->crp_waitq); + } + return (0); +} + +static int +cryptodevkey_cb(void *op) +{ + struct cryptkop *krp = (struct cryptkop *) op; + dprintk("%s()\n", __FUNCTION__); + wake_up_interruptible(&krp->krp_waitq); + return (0); +} + +static int +cryptodev_key(struct crypt_kop *kop) +{ + struct cryptkop *krp = NULL; + int error = EINVAL; + int in, out, size, i; + + dprintk("%s()\n", __FUNCTION__); + if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) { + dprintk("%s params too big\n", __FUNCTION__); + return (EFBIG); + } + + in = kop->crk_iparams; + out = kop->crk_oparams; + switch (kop->crk_op) { + case CRK_MOD_EXP: + if (in == 3 && out == 1) + break; + return (EINVAL); + case CRK_MOD_EXP_CRT: + if (in == 6 && out == 1) + break; + return (EINVAL); + case CRK_DSA_SIGN: + if (in == 5 && out == 2) + break; + return (EINVAL); + case CRK_DSA_VERIFY: + if (in == 7 && out == 0) + break; + return (EINVAL); + case CRK_DH_COMPUTE_KEY: + if (in == 3 && out == 1) + break; + return (EINVAL); + default: + return (EINVAL); + } + + krp = (struct cryptkop *)kmalloc(sizeof *krp, GFP_KERNEL); + if (!krp) + return (ENOMEM); + bzero(krp, sizeof *krp); + krp->krp_op = kop->crk_op; + krp->krp_status = kop->crk_status; + krp->krp_iparams = kop->crk_iparams; + krp->krp_oparams = kop->crk_oparams; + krp->krp_crid = kop->crk_crid; + krp->krp_status = 0; + krp->krp_flags = CRYPTO_KF_CBIMM; + krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb; + init_waitqueue_head(&krp->krp_waitq); + + for (i = 0; i < CRK_MAXPARAM; i++) + krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits; + for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) { + size = (krp->krp_param[i].crp_nbits + 7) / 8; + if (size == 0) + continue; + krp->krp_param[i].crp_p = (caddr_t) kmalloc(size, GFP_KERNEL); + if (i >= krp->krp_iparams) + continue; + error = copy_from_user(krp->krp_param[i].crp_p, + kop->crk_param[i].crp_p, size); + if (error) + goto fail; + } + + error = crypto_kdispatch(krp); + if (error) + goto fail; + + do { + error = wait_event_interruptible(krp->krp_waitq, + ((krp->krp_flags & CRYPTO_KF_DONE) != 0)); + /* + * we can't break out of this loop or we will leave behind + * a huge mess, however, staying here means if your driver + * is broken user applications can hang and not be killed. + * The solution, fix your driver :-) + */ + if (error) { + schedule(); + error = 0; + } + } while ((krp->krp_flags & CRYPTO_KF_DONE) == 0); + + dprintk("%s finished WAITING error=%d\n", __FUNCTION__, error); + + kop->crk_crid = krp->krp_crid; /* device that did the work */ + if (krp->krp_status != 0) { + error = krp->krp_status; + goto fail; + } + + for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) { + size = (krp->krp_param[i].crp_nbits + 7) / 8; + if (size == 0) + continue; + error = copy_to_user(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, + size); + if (error) + goto fail; + } + +fail: + if (krp) { + kop->crk_status = krp->krp_status; + for (i = 0; i < CRK_MAXPARAM; i++) { + if (krp->krp_param[i].crp_p) + kfree(krp->krp_param[i].crp_p); + } + kfree(krp); + } + return (error); +} + +static int +cryptodev_find(struct crypt_find_op *find) +{ + device_t dev; + + if (find->crid != -1) { + dev = crypto_find_device_byhid(find->crid); + if (dev == NULL) + return (ENOENT); + strlcpy(find->name, device_get_nameunit(dev), + sizeof(find->name)); + } else { + find->crid = crypto_find_driver(find->name); + if (find->crid == -1) + return (ENOENT); + } + return (0); +} + +static struct csession * +csefind(struct fcrypt *fcr, u_int ses) +{ + struct csession *cse; + + dprintk("%s()\n", __FUNCTION__); + list_for_each_entry(cse, &fcr->csessions, list) + if (cse->ses == ses) + return (cse); + return (NULL); +} + +static int +csedelete(struct fcrypt *fcr, struct csession *cse_del) +{ + struct csession *cse; + + dprintk("%s()\n", __FUNCTION__); + list_for_each_entry(cse, &fcr->csessions, list) { + if (cse == cse_del) { + list_del(&cse->list); + return (1); + } + } + return (0); +} + +static struct csession * +cseadd(struct fcrypt *fcr, struct csession *cse) +{ + dprintk("%s()\n", __FUNCTION__); + list_add_tail(&cse->list, &fcr->csessions); + cse->ses = fcr->sesn++; + return (cse); +} + +static struct csession * +csecreate(struct fcrypt *fcr, u_int64_t sid, struct cryptoini *crie, + struct cryptoini *cria, struct csession_info *info) +{ + struct csession *cse; + + dprintk("%s()\n", __FUNCTION__); + cse = (struct csession *) kmalloc(sizeof(struct csession), GFP_KERNEL); + if (cse == NULL) + return NULL; + memset(cse, 0, sizeof(struct csession)); + + INIT_LIST_HEAD(&cse->list); + init_waitqueue_head(&cse->waitq); + + cse->key = crie->cri_key; + cse->keylen = crie->cri_klen/8; + cse->mackey = cria->cri_key; + cse->mackeylen = cria->cri_klen/8; + cse->sid = sid; + cse->cipher = crie->cri_alg; + cse->mac = cria->cri_alg; + cse->info = *info; + cseadd(fcr, cse); + return (cse); +} + +static int +csefree(struct csession *cse) +{ + int error; + + dprintk("%s()\n", __FUNCTION__); + error = crypto_freesession(cse->sid); + if (cse->key) + kfree(cse->key); + if (cse->mackey) + kfree(cse->mackey); + kfree(cse); + return(error); +} + +static int +cryptodev_ioctl( + struct inode *inode, + struct file *filp, + unsigned int cmd, + unsigned long arg) +{ + struct cryptoini cria, crie; + struct fcrypt *fcr = filp->private_data; + struct csession *cse; + struct csession_info info; + struct session2_op sop; + struct crypt_op cop; + struct crypt_kop kop; + struct crypt_find_op fop; + u_int64_t sid; + u_int32_t ses = 0; + int feat, fd, error = 0, crid; + mm_segment_t fs; + + dprintk("%s(cmd=%x arg=%lx)\n", __FUNCTION__, cmd, arg); + + switch (cmd) { + + case CRIOGET: { + dprintk("%s(CRIOGET)\n", __FUNCTION__); + fs = get_fs(); + set_fs(get_ds()); + for (fd = 0; fd < files_fdtable(current->files)->max_fds; fd++) + if (files_fdtable(current->files)->fd[fd] == filp) + break; + fd = sys_dup(fd); + set_fs(fs); + put_user(fd, (int *) arg); + return IS_ERR_VALUE(fd) ? fd : 0; + } + +#define CIOCGSESSSTR (cmd == CIOCGSESSION ? "CIOCGSESSION" : "CIOCGSESSION2") + case CIOCGSESSION: + case CIOCGSESSION2: + dprintk("%s(%s)\n", __FUNCTION__, CIOCGSESSSTR); + memset(&crie, 0, sizeof(crie)); + memset(&cria, 0, sizeof(cria)); + memset(&info, 0, sizeof(info)); + memset(&sop, 0, sizeof(sop)); + + if (copy_from_user(&sop, (void*)arg, (cmd == CIOCGSESSION) ? + sizeof(struct session_op) : sizeof(sop))) { + dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR); + error = EFAULT; + goto bail; + } + + switch (sop.cipher) { + case 0: + dprintk("%s(%s) - no cipher\n", __FUNCTION__, CIOCGSESSSTR); + break; + case CRYPTO_NULL_CBC: + info.blocksize = NULL_BLOCK_LEN; + info.minkey = NULL_MIN_KEY_LEN; + info.maxkey = NULL_MAX_KEY_LEN; + break; + case CRYPTO_DES_CBC: + info.blocksize = DES_BLOCK_LEN; + info.minkey = DES_MIN_KEY_LEN; + info.maxkey = DES_MAX_KEY_LEN; + break; + case CRYPTO_3DES_CBC: + info.blocksize = DES3_BLOCK_LEN; + info.minkey = DES3_MIN_KEY_LEN; + info.maxkey = DES3_MAX_KEY_LEN; + break; + case CRYPTO_BLF_CBC: + info.blocksize = BLOWFISH_BLOCK_LEN; + info.minkey = BLOWFISH_MIN_KEY_LEN; + info.maxkey = BLOWFISH_MAX_KEY_LEN; + break; + case CRYPTO_CAST_CBC: + info.blocksize = CAST128_BLOCK_LEN; + info.minkey = CAST128_MIN_KEY_LEN; + info.maxkey = CAST128_MAX_KEY_LEN; + break; + case CRYPTO_SKIPJACK_CBC: + info.blocksize = SKIPJACK_BLOCK_LEN; + info.minkey = SKIPJACK_MIN_KEY_LEN; + info.maxkey = SKIPJACK_MAX_KEY_LEN; + break; + case CRYPTO_AES_CBC: + info.blocksize = AES_BLOCK_LEN; + info.minkey = AES_MIN_KEY_LEN; + info.maxkey = AES_MAX_KEY_LEN; + break; + case CRYPTO_ARC4: + info.blocksize = ARC4_BLOCK_LEN; + info.minkey = ARC4_MIN_KEY_LEN; + info.maxkey = ARC4_MAX_KEY_LEN; + break; + case CRYPTO_CAMELLIA_CBC: + info.blocksize = CAMELLIA_BLOCK_LEN; + info.minkey = CAMELLIA_MIN_KEY_LEN; + info.maxkey = CAMELLIA_MAX_KEY_LEN; + break; + default: + dprintk("%s(%s) - bad cipher\n", __FUNCTION__, CIOCGSESSSTR); + error = EINVAL; + goto bail; + } + + switch (sop.mac) { + case 0: + dprintk("%s(%s) - no mac\n", __FUNCTION__, CIOCGSESSSTR); + break; + case CRYPTO_NULL_HMAC: + info.authsize = NULL_HASH_LEN; + break; + case CRYPTO_MD5: + info.authsize = MD5_HASH_LEN; + break; + case CRYPTO_SHA1: + info.authsize = SHA1_HASH_LEN; + break; + case CRYPTO_SHA2_256: + info.authsize = SHA2_256_HASH_LEN; + break; + case CRYPTO_SHA2_384: + info.authsize = SHA2_384_HASH_LEN; + break; + case CRYPTO_SHA2_512: + info.authsize = SHA2_512_HASH_LEN; + break; + case CRYPTO_RIPEMD160: + info.authsize = RIPEMD160_HASH_LEN; + break; + case CRYPTO_MD5_HMAC: + info.authsize = MD5_HASH_LEN; + info.authkey = 16; + break; + case CRYPTO_SHA1_HMAC: + info.authsize = SHA1_HASH_LEN; + info.authkey = 20; + break; + case CRYPTO_SHA2_256_HMAC: + info.authsize = SHA2_256_HASH_LEN; + info.authkey = 32; + break; + case CRYPTO_SHA2_384_HMAC: + info.authsize = SHA2_384_HASH_LEN; + info.authkey = 48; + break; + case CRYPTO_SHA2_512_HMAC: + info.authsize = SHA2_512_HASH_LEN; + info.authkey = 64; + break; + case CRYPTO_RIPEMD160_HMAC: + info.authsize = RIPEMD160_HASH_LEN; + info.authkey = 20; + break; + default: + dprintk("%s(%s) - bad mac\n", __FUNCTION__, CIOCGSESSSTR); + error = EINVAL; + goto bail; + } + + if (info.blocksize) { + crie.cri_alg = sop.cipher; + crie.cri_klen = sop.keylen * 8; + if ((info.maxkey && sop.keylen > info.maxkey) || + sop.keylen < info.minkey) { + dprintk("%s(%s) - bad key\n", __FUNCTION__, CIOCGSESSSTR); + error = EINVAL; + goto bail; + } + + crie.cri_key = (u_int8_t *) kmalloc(crie.cri_klen/8+1, GFP_KERNEL); + if (copy_from_user(crie.cri_key, sop.key, + crie.cri_klen/8)) { + dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR); + error = EFAULT; + goto bail; + } + if (info.authsize) + crie.cri_next = &cria; + } + + if (info.authsize) { + cria.cri_alg = sop.mac; + cria.cri_klen = sop.mackeylen * 8; + if (info.authkey && sop.mackeylen != info.authkey) { + dprintk("%s(%s) - mackeylen %d != %d\n", __FUNCTION__, + CIOCGSESSSTR, sop.mackeylen, info.authkey); + error = EINVAL; + goto bail; + } + + if (cria.cri_klen) { + cria.cri_key = (u_int8_t *) kmalloc(cria.cri_klen/8,GFP_KERNEL); + if (copy_from_user(cria.cri_key, sop.mackey, + cria.cri_klen / 8)) { + dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR); + error = EFAULT; + goto bail; + } + } + } + + /* NB: CIOGSESSION2 has the crid */ + if (cmd == CIOCGSESSION2) { + crid = sop.crid; + error = checkcrid(crid); + if (error) { + dprintk("%s(%s) - checkcrid %x\n", __FUNCTION__, + CIOCGSESSSTR, error); + goto bail; + } + } else { + /* allow either HW or SW to be used */ + crid = CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE; + } + error = crypto_newsession(&sid, (info.blocksize ? &crie : &cria), crid); + if (error) { + dprintk("%s(%s) - newsession %d\n",__FUNCTION__,CIOCGSESSSTR,error); + goto bail; + } + + cse = csecreate(fcr, sid, &crie, &cria, &info); + if (cse == NULL) { + crypto_freesession(sid); + error = EINVAL; + dprintk("%s(%s) - csecreate failed\n", __FUNCTION__, CIOCGSESSSTR); + goto bail; + } + sop.ses = cse->ses; + + if (cmd == CIOCGSESSION2) { + /* return hardware/driver id */ + sop.crid = CRYPTO_SESID2HID(cse->sid); + } + + if (copy_to_user((void*)arg, &sop, (cmd == CIOCGSESSION) ? + sizeof(struct session_op) : sizeof(sop))) { + dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR); + error = EFAULT; + } +bail: + if (error) { + dprintk("%s(%s) - bail %d\n", __FUNCTION__, CIOCGSESSSTR, error); + if (crie.cri_key) + kfree(crie.cri_key); + if (cria.cri_key) + kfree(cria.cri_key); + } + break; + case CIOCFSESSION: + dprintk("%s(CIOCFSESSION)\n", __FUNCTION__); + get_user(ses, (uint32_t*)arg); + cse = csefind(fcr, ses); + if (cse == NULL) { + error = EINVAL; + dprintk("%s(CIOCFSESSION) - Fail %d\n", __FUNCTION__, error); + break; + } + csedelete(fcr, cse); + error = csefree(cse); + break; + case CIOCCRYPT: + dprintk("%s(CIOCCRYPT)\n", __FUNCTION__); + if(copy_from_user(&cop, (void*)arg, sizeof(cop))) { + dprintk("%s(CIOCCRYPT) - bad copy\n", __FUNCTION__); + error = EFAULT; + goto bail; + } + cse = csefind(fcr, cop.ses); + if (cse == NULL) { + error = EINVAL; + dprintk("%s(CIOCCRYPT) - Fail %d\n", __FUNCTION__, error); + break; + } + error = cryptodev_op(cse, &cop); + if(copy_to_user((void*)arg, &cop, sizeof(cop))) { + dprintk("%s(CIOCCRYPT) - bad return copy\n", __FUNCTION__); + error = EFAULT; + goto bail; + } + break; + case CIOCKEY: + case CIOCKEY2: + dprintk("%s(CIOCKEY)\n", __FUNCTION__); + if (!crypto_userasymcrypto) + return (EPERM); /* XXX compat? */ + if(copy_from_user(&kop, (void*)arg, sizeof(kop))) { + dprintk("%s(CIOCKEY) - bad copy\n", __FUNCTION__); + error = EFAULT; + goto bail; + } + if (cmd == CIOCKEY) { + /* NB: crypto core enforces s/w driver use */ + kop.crk_crid = + CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE; + } + error = cryptodev_key(&kop); + if(copy_to_user((void*)arg, &kop, sizeof(kop))) { + dprintk("%s(CIOCGKEY) - bad return copy\n", __FUNCTION__); + error = EFAULT; + goto bail; + } + break; + case CIOCASYMFEAT: + dprintk("%s(CIOCASYMFEAT)\n", __FUNCTION__); + if (!crypto_userasymcrypto) { + /* + * NB: if user asym crypto operations are + * not permitted return "no algorithms" + * so well-behaved applications will just + * fallback to doing them in software. + */ + feat = 0; + } else + error = crypto_getfeat(&feat); + if (!error) { + error = copy_to_user((void*)arg, &feat, sizeof(feat)); + } + break; + case CIOCFINDDEV: + if (copy_from_user(&fop, (void*)arg, sizeof(fop))) { + dprintk("%s(CIOCFINDDEV) - bad copy\n", __FUNCTION__); + error = EFAULT; + goto bail; + } + error = cryptodev_find(&fop); + if (copy_to_user((void*)arg, &fop, sizeof(fop))) { + dprintk("%s(CIOCFINDDEV) - bad return copy\n", __FUNCTION__); + error = EFAULT; + goto bail; + } + break; + default: + dprintk("%s(unknown ioctl 0x%x)\n", __FUNCTION__, cmd); + error = EINVAL; + break; + } + return(-error); +} + +#ifdef HAVE_UNLOCKED_IOCTL +static long +cryptodev_unlocked_ioctl( + struct file *filp, + unsigned int cmd, + unsigned long arg) +{ + return cryptodev_ioctl(NULL, filp, cmd, arg); +} +#endif + +static int +cryptodev_open(struct inode *inode, struct file *filp) +{ + struct fcrypt *fcr; + + dprintk("%s()\n", __FUNCTION__); +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35) + /* + * on 2.6.35 private_data points to a miscdevice structure, we override + * it, which is currently safe to do. + */ + if (filp->private_data) { + printk("cryptodev: Private data already exists - %p!\n", filp->private_data); + return(-ENODEV); + } +#endif + + fcr = kmalloc(sizeof(*fcr), GFP_KERNEL); + if (!fcr) { + dprintk("%s() - malloc failed\n", __FUNCTION__); + return(-ENOMEM); + } + memset(fcr, 0, sizeof(*fcr)); + + INIT_LIST_HEAD(&fcr->csessions); + filp->private_data = fcr; + return(0); +} + +static int +cryptodev_release(struct inode *inode, struct file *filp) +{ + struct fcrypt *fcr = filp->private_data; + struct csession *cse, *tmp; + + dprintk("%s()\n", __FUNCTION__); + if (!filp) { + printk("cryptodev: No private data on release\n"); + return(0); + } + + list_for_each_entry_safe(cse, tmp, &fcr->csessions, list) { + list_del(&cse->list); + (void)csefree(cse); + } + filp->private_data = NULL; + kfree(fcr); + return(0); +} + +static struct file_operations cryptodev_fops = { + .owner = THIS_MODULE, + .open = cryptodev_open, + .release = cryptodev_release, +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,36) + .ioctl = cryptodev_ioctl, +#endif +#ifdef HAVE_UNLOCKED_IOCTL + .unlocked_ioctl = cryptodev_unlocked_ioctl, +#endif +}; + +static struct miscdevice cryptodev = { + .minor = CRYPTODEV_MINOR, + .name = "crypto", + .fops = &cryptodev_fops, +}; + +static int __init +cryptodev_init(void) +{ + int rc; + + dprintk("%s(%p)\n", __FUNCTION__, cryptodev_init); + rc = misc_register(&cryptodev); + if (rc) { + printk(KERN_ERR "cryptodev: registration of /dev/crypto failed\n"); + return(rc); + } + + return(0); +} + +static void __exit +cryptodev_exit(void) +{ + dprintk("%s()\n", __FUNCTION__); + misc_deregister(&cryptodev); +} + +module_init(cryptodev_init); +module_exit(cryptodev_exit); + +MODULE_LICENSE("BSD"); +MODULE_AUTHOR("David McCullough "); +MODULE_DESCRIPTION("Cryptodev (user interface to OCF)"); diff -Naur linux-3.0.68.i686-orig/crypto/ocf/cryptodev.h linux-3.0.68.i686/crypto/ocf/cryptodev.h --- linux-3.0.68.i686-orig/crypto/ocf/cryptodev.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/cryptodev.h 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,480 @@ +/* $FreeBSD: src/sys/opencrypto/cryptodev.h,v 1.25 2007/05/09 19:37:02 gnn Exp $ */ +/* $OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $ */ + +/*- + * Linux port done by David McCullough + * Copyright (C) 2006-2010 David McCullough + * Copyright (C) 2004-2005 Intel Corporation. + * The license and original author are listed below. + * + * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) + * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting + * + * This code was written by Angelos D. Keromytis in Athens, Greece, in + * February 2000. Network Security Technologies Inc. (NSTI) kindly + * supported the development of this code. + * + * Copyright (c) 2000 Angelos D. Keromytis + * + * Permission to use, copy, and modify this software with or without fee + * is hereby granted, provided that this entire notice is included in + * all source code copies of any software which is or includes a copy or + * modification of this software. + * + * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY + * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE + * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR + * PURPOSE. + * + * Copyright (c) 2001 Theo de Raadt + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * + */ + +#ifndef _CRYPTO_CRYPTO_H_ +#define _CRYPTO_CRYPTO_H_ + +/* Some initial values */ +#define CRYPTO_DRIVERS_INITIAL 4 +#define CRYPTO_SW_SESSIONS 32 + +/* Hash values */ +#define NULL_HASH_LEN 0 +#define MD5_HASH_LEN 16 +#define SHA1_HASH_LEN 20 +#define RIPEMD160_HASH_LEN 20 +#define SHA2_256_HASH_LEN 32 +#define SHA2_384_HASH_LEN 48 +#define SHA2_512_HASH_LEN 64 +#define MD5_KPDK_HASH_LEN 16 +#define SHA1_KPDK_HASH_LEN 20 +/* Maximum hash algorithm result length */ +#define HASH_MAX_LEN SHA2_512_HASH_LEN /* Keep this updated */ + +/* HMAC values */ +#define NULL_HMAC_BLOCK_LEN 1 +#define MD5_HMAC_BLOCK_LEN 64 +#define SHA1_HMAC_BLOCK_LEN 64 +#define RIPEMD160_HMAC_BLOCK_LEN 64 +#define SHA2_256_HMAC_BLOCK_LEN 64 +#define SHA2_384_HMAC_BLOCK_LEN 128 +#define SHA2_512_HMAC_BLOCK_LEN 128 +/* Maximum HMAC block length */ +#define HMAC_MAX_BLOCK_LEN SHA2_512_HMAC_BLOCK_LEN /* Keep this updated */ +#define HMAC_IPAD_VAL 0x36 +#define HMAC_OPAD_VAL 0x5C + +/* Encryption algorithm block sizes */ +#define NULL_BLOCK_LEN 1 +#define DES_BLOCK_LEN 8 +#define DES3_BLOCK_LEN 8 +#define BLOWFISH_BLOCK_LEN 8 +#define SKIPJACK_BLOCK_LEN 8 +#define CAST128_BLOCK_LEN 8 +#define RIJNDAEL128_BLOCK_LEN 16 +#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN +#define CAMELLIA_BLOCK_LEN 16 +#define ARC4_BLOCK_LEN 1 +#define EALG_MAX_BLOCK_LEN AES_BLOCK_LEN /* Keep this updated */ + +/* Encryption algorithm min and max key sizes */ +#define NULL_MIN_KEY_LEN 0 +#define NULL_MAX_KEY_LEN 0 +#define DES_MIN_KEY_LEN 8 +#define DES_MAX_KEY_LEN 8 +#define DES3_MIN_KEY_LEN 24 +#define DES3_MAX_KEY_LEN 24 +#define BLOWFISH_MIN_KEY_LEN 4 +#define BLOWFISH_MAX_KEY_LEN 56 +#define SKIPJACK_MIN_KEY_LEN 10 +#define SKIPJACK_MAX_KEY_LEN 10 +#define CAST128_MIN_KEY_LEN 5 +#define CAST128_MAX_KEY_LEN 16 +#define RIJNDAEL128_MIN_KEY_LEN 16 +#define RIJNDAEL128_MAX_KEY_LEN 32 +#define AES_MIN_KEY_LEN RIJNDAEL128_MIN_KEY_LEN +#define AES_MAX_KEY_LEN RIJNDAEL128_MAX_KEY_LEN +#define CAMELLIA_MIN_KEY_LEN 16 +#define CAMELLIA_MAX_KEY_LEN 32 +#define ARC4_MIN_KEY_LEN 1 +#define ARC4_MAX_KEY_LEN 256 + +/* Max size of data that can be processed */ +#define CRYPTO_MAX_DATA_LEN 64*1024 - 1 + +#define CRYPTO_ALGORITHM_MIN 1 +#define CRYPTO_DES_CBC 1 +#define CRYPTO_3DES_CBC 2 +#define CRYPTO_BLF_CBC 3 +#define CRYPTO_CAST_CBC 4 +#define CRYPTO_SKIPJACK_CBC 5 +#define CRYPTO_MD5_HMAC 6 +#define CRYPTO_SHA1_HMAC 7 +#define CRYPTO_RIPEMD160_HMAC 8 +#define CRYPTO_MD5_KPDK 9 +#define CRYPTO_SHA1_KPDK 10 +#define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */ +#define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */ +#define CRYPTO_ARC4 12 +#define CRYPTO_MD5 13 +#define CRYPTO_SHA1 14 +#define CRYPTO_NULL_HMAC 15 +#define CRYPTO_NULL_CBC 16 +#define CRYPTO_DEFLATE_COMP 17 /* Deflate compression algorithm */ +#define CRYPTO_SHA2_256_HMAC 18 +#define CRYPTO_SHA2_384_HMAC 19 +#define CRYPTO_SHA2_512_HMAC 20 +#define CRYPTO_CAMELLIA_CBC 21 +#define CRYPTO_SHA2_256 22 +#define CRYPTO_SHA2_384 23 +#define CRYPTO_SHA2_512 24 +#define CRYPTO_RIPEMD160 25 +#define CRYPTO_LZS_COMP 26 +#define CRYPTO_ALGORITHM_MAX 26 /* Keep updated - see above */ + +/* Algorithm flags */ +#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */ +#define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */ +#define CRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */ + +/* + * Crypto driver/device flags. They can set in the crid + * parameter when creating a session or submitting a key + * op to affect the device/driver assigned. If neither + * of these are specified then the crid is assumed to hold + * the driver id of an existing (and suitable) device that + * must be used to satisfy the request. + */ +#define CRYPTO_FLAG_HARDWARE 0x01000000 /* hardware accelerated */ +#define CRYPTO_FLAG_SOFTWARE 0x02000000 /* software implementation */ + +/* NB: deprecated */ +struct session_op { + u_int32_t cipher; /* ie. CRYPTO_DES_CBC */ + u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */ + + u_int32_t keylen; /* cipher key */ + caddr_t key; + int mackeylen; /* mac key */ + caddr_t mackey; + + u_int32_t ses; /* returns: session # */ +}; + +struct session2_op { + u_int32_t cipher; /* ie. CRYPTO_DES_CBC */ + u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */ + + u_int32_t keylen; /* cipher key */ + caddr_t key; + int mackeylen; /* mac key */ + caddr_t mackey; + + u_int32_t ses; /* returns: session # */ + int crid; /* driver id + flags (rw) */ + int pad[4]; /* for future expansion */ +}; + +struct crypt_op { + u_int32_t ses; + u_int16_t op; /* i.e. COP_ENCRYPT */ +#define COP_NONE 0 +#define COP_ENCRYPT 1 +#define COP_DECRYPT 2 + u_int16_t flags; +#define COP_F_BATCH 0x0008 /* Batch op if possible */ + u_int len; + caddr_t src, dst; /* become iov[] inside kernel */ + caddr_t mac; /* must be big enough for chosen MAC */ + caddr_t iv; +}; + +/* + * Parameters for looking up a crypto driver/device by + * device name or by id. The latter are returned for + * created sessions (crid) and completed key operations. + */ +struct crypt_find_op { + int crid; /* driver id + flags */ + char name[32]; /* device/driver name */ +}; + +/* bignum parameter, in packed bytes, ... */ +struct crparam { + caddr_t crp_p; + u_int crp_nbits; +}; + +#define CRK_MAXPARAM 8 + +struct crypt_kop { + u_int crk_op; /* ie. CRK_MOD_EXP or other */ + u_int crk_status; /* return status */ + u_short crk_iparams; /* # of input parameters */ + u_short crk_oparams; /* # of output parameters */ + u_int crk_crid; /* NB: only used by CIOCKEY2 (rw) */ + struct crparam crk_param[CRK_MAXPARAM]; +}; +#define CRK_ALGORITM_MIN 0 +#define CRK_MOD_EXP 0 +#define CRK_MOD_EXP_CRT 1 +#define CRK_DSA_SIGN 2 +#define CRK_DSA_VERIFY 3 +#define CRK_DH_COMPUTE_KEY 4 +#define CRK_ALGORITHM_MAX 4 /* Keep updated - see below */ + +#define CRF_MOD_EXP (1 << CRK_MOD_EXP) +#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) +#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) +#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) +#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) + +/* + * done against open of /dev/crypto, to get a cloned descriptor. + * Please use F_SETFD against the cloned descriptor. + */ +#define CRIOGET _IOWR('c', 100, u_int32_t) +#define CRIOASYMFEAT CIOCASYMFEAT +#define CRIOFINDDEV CIOCFINDDEV + +/* the following are done against the cloned descriptor */ +#define CIOCGSESSION _IOWR('c', 101, struct session_op) +#define CIOCFSESSION _IOW('c', 102, u_int32_t) +#define CIOCCRYPT _IOWR('c', 103, struct crypt_op) +#define CIOCKEY _IOWR('c', 104, struct crypt_kop) +#define CIOCASYMFEAT _IOR('c', 105, u_int32_t) +#define CIOCGSESSION2 _IOWR('c', 106, struct session2_op) +#define CIOCKEY2 _IOWR('c', 107, struct crypt_kop) +#define CIOCFINDDEV _IOWR('c', 108, struct crypt_find_op) + +struct cryptotstat { + struct timespec acc; /* total accumulated time */ + struct timespec min; /* min time */ + struct timespec max; /* max time */ + u_int32_t count; /* number of observations */ +}; + +struct cryptostats { + u_int32_t cs_ops; /* symmetric crypto ops submitted */ + u_int32_t cs_errs; /* symmetric crypto ops that failed */ + u_int32_t cs_kops; /* asymetric/key ops submitted */ + u_int32_t cs_kerrs; /* asymetric/key ops that failed */ + u_int32_t cs_intrs; /* crypto swi thread activations */ + u_int32_t cs_rets; /* crypto return thread activations */ + u_int32_t cs_blocks; /* symmetric op driver block */ + u_int32_t cs_kblocks; /* symmetric op driver block */ + /* + * When CRYPTO_TIMING is defined at compile time and the + * sysctl debug.crypto is set to 1, the crypto system will + * accumulate statistics about how long it takes to process + * crypto requests at various points during processing. + */ + struct cryptotstat cs_invoke; /* crypto_dipsatch -> crypto_invoke */ + struct cryptotstat cs_done; /* crypto_invoke -> crypto_done */ + struct cryptotstat cs_cb; /* crypto_done -> callback */ + struct cryptotstat cs_finis; /* callback -> callback return */ + + u_int32_t cs_drops; /* crypto ops dropped due to congestion */ +}; + +#ifdef __KERNEL__ + +/* Standard initialization structure beginning */ +struct cryptoini { + int cri_alg; /* Algorithm to use */ + int cri_klen; /* Key length, in bits */ + int cri_mlen; /* Number of bytes we want from the + entire hash. 0 means all. */ + caddr_t cri_key; /* key to use */ + u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */ + struct cryptoini *cri_next; +}; + +/* Describe boundaries of a single crypto operation */ +struct cryptodesc { + int crd_skip; /* How many bytes to ignore from start */ + int crd_len; /* How many bytes to process */ + int crd_inject; /* Where to inject results, if applicable */ + int crd_flags; + +#define CRD_F_ENCRYPT 0x01 /* Set when doing encryption */ +#define CRD_F_IV_PRESENT 0x02 /* When encrypting, IV is already in + place, so don't copy. */ +#define CRD_F_IV_EXPLICIT 0x04 /* IV explicitly provided */ +#define CRD_F_DSA_SHA_NEEDED 0x08 /* Compute SHA-1 of buffer for DSA */ +#define CRD_F_KEY_EXPLICIT 0x10 /* Key explicitly provided */ +#define CRD_F_COMP 0x0f /* Set when doing compression */ + + struct cryptoini CRD_INI; /* Initialization/context data */ +#define crd_iv CRD_INI.cri_iv +#define crd_key CRD_INI.cri_key +#define crd_alg CRD_INI.cri_alg +#define crd_klen CRD_INI.cri_klen +#define crd_mlen CRD_INI.cri_mlen + + struct cryptodesc *crd_next; +}; + +/* Structure describing complete operation */ +struct cryptop { + struct list_head crp_next; + wait_queue_head_t crp_waitq; + + u_int64_t crp_sid; /* Session ID */ + int crp_ilen; /* Input data total length */ + int crp_olen; /* Result total length */ + + int crp_etype; /* + * Error type (zero means no error). + * All error codes except EAGAIN + * indicate possible data corruption (as in, + * the data have been touched). On all + * errors, the crp_sid may have changed + * (reset to a new one), so the caller + * should always check and use the new + * value on future requests. + */ + int crp_flags; + +#define CRYPTO_F_SKBUF 0x0001 /* Input/output are skbuf chains */ +#define CRYPTO_F_IOV 0x0002 /* Input/output are uio */ +#define CRYPTO_F_REL 0x0004 /* Must return data in same place */ +#define CRYPTO_F_BATCH 0x0008 /* Batch op if possible */ +#define CRYPTO_F_CBIMM 0x0010 /* Do callback immediately */ +#define CRYPTO_F_DONE 0x0020 /* Operation completed */ +#define CRYPTO_F_CBIFSYNC 0x0040 /* Do CBIMM if op is synchronous */ + + caddr_t crp_buf; /* Data to be processed */ + caddr_t crp_opaque; /* Opaque pointer, passed along */ + struct cryptodesc *crp_desc; /* Linked list of processing descriptors */ + + int (*crp_callback)(struct cryptop *); /* Callback function */ +}; + +#define CRYPTO_BUF_CONTIG 0x0 +#define CRYPTO_BUF_IOV 0x1 +#define CRYPTO_BUF_SKBUF 0x2 + +#define CRYPTO_OP_DECRYPT 0x0 +#define CRYPTO_OP_ENCRYPT 0x1 + +/* + * Hints passed to process methods. + */ +#define CRYPTO_HINT_MORE 0x1 /* more ops coming shortly */ + +struct cryptkop { + struct list_head krp_next; + wait_queue_head_t krp_waitq; + + int krp_flags; +#define CRYPTO_KF_DONE 0x0001 /* Operation completed */ +#define CRYPTO_KF_CBIMM 0x0002 /* Do callback immediately */ + + u_int krp_op; /* ie. CRK_MOD_EXP or other */ + u_int krp_status; /* return status */ + u_short krp_iparams; /* # of input parameters */ + u_short krp_oparams; /* # of output parameters */ + u_int krp_crid; /* desired device, etc. */ + u_int32_t krp_hid; + struct crparam krp_param[CRK_MAXPARAM]; /* kvm */ + int (*krp_callback)(struct cryptkop *); +}; + +#include + +/* + * Session ids are 64 bits. The lower 32 bits contain a "local id" which + * is a driver-private session identifier. The upper 32 bits contain a + * "hardware id" used by the core crypto code to identify the driver and + * a copy of the driver's capabilities that can be used by client code to + * optimize operation. + */ +#define CRYPTO_SESID2HID(_sid) (((_sid) >> 32) & 0x00ffffff) +#define CRYPTO_SESID2CAPS(_sid) (((_sid) >> 32) & 0xff000000) +#define CRYPTO_SESID2LID(_sid) (((u_int32_t) (_sid)) & 0xffffffff) + +extern int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard); +extern int crypto_freesession(u_int64_t sid); +#define CRYPTOCAP_F_HARDWARE CRYPTO_FLAG_HARDWARE +#define CRYPTOCAP_F_SOFTWARE CRYPTO_FLAG_SOFTWARE +#define CRYPTOCAP_F_SYNC 0x04000000 /* operates synchronously */ +extern int32_t crypto_get_driverid(device_t dev, int flags); +extern int crypto_find_driver(const char *); +extern device_t crypto_find_device_byhid(int hid); +extern int crypto_getcaps(int hid); +extern int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen, + u_int32_t flags); +extern int crypto_kregister(u_int32_t, int, u_int32_t); +extern int crypto_unregister(u_int32_t driverid, int alg); +extern int crypto_unregister_all(u_int32_t driverid); +extern int crypto_dispatch(struct cryptop *crp); +extern int crypto_kdispatch(struct cryptkop *); +#define CRYPTO_SYMQ 0x1 +#define CRYPTO_ASYMQ 0x2 +extern int crypto_unblock(u_int32_t, int); +extern void crypto_done(struct cryptop *crp); +extern void crypto_kdone(struct cryptkop *); +extern int crypto_getfeat(int *); + +extern void crypto_freereq(struct cryptop *crp); +extern struct cryptop *crypto_getreq(int num); + +extern int crypto_usercrypto; /* userland may do crypto requests */ +extern int crypto_userasymcrypto; /* userland may do asym crypto reqs */ +extern int crypto_devallowsoft; /* only use hardware crypto */ + +/* + * random number support, crypto_unregister_all will unregister + */ +extern int crypto_rregister(u_int32_t driverid, + int (*read_random)(void *arg, u_int32_t *buf, int len), void *arg); +extern int crypto_runregister_all(u_int32_t driverid); + +/* + * Crypto-related utility routines used mainly by drivers. + * + * XXX these don't really belong here; but for now they're + * kept apart from the rest of the system. + */ +struct uio; +extern void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp); +extern void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp); +extern struct iovec *cuio_getptr(struct uio *uio, int loc, int *off); + +extern void crypto_copyback(int flags, caddr_t buf, int off, int size, + caddr_t in); +extern void crypto_copydata(int flags, caddr_t buf, int off, int size, + caddr_t out); +extern int crypto_apply(int flags, caddr_t buf, int off, int len, + int (*f)(void *, void *, u_int), void *arg); + +#endif /* __KERNEL__ */ +#endif /* _CRYPTO_CRYPTO_H_ */ diff -Naur linux-3.0.68.i686-orig/crypto/ocf/cryptosoft.c linux-3.0.68.i686/crypto/ocf/cryptosoft.c --- linux-3.0.68.i686-orig/crypto/ocf/cryptosoft.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/cryptosoft.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,1322 @@ +/* + * An OCF module that uses the linux kernel cryptoapi, based on the + * original cryptosoft for BSD by Angelos D. Keromytis (angelos@cis.upenn.edu) + * but is mostly unrecognisable, + * + * Written by David McCullough + * Copyright (C) 2004-2011 David McCullough + * Copyright (C) 2004-2005 Intel Corporation. + * + * LICENSE TERMS + * + * The free distribution and use of this software in both source and binary + * form is allowed (with or without changes) provided that: + * + * 1. distributions of this source code include the above copyright + * notice, this list of conditions and the following disclaimer; + * + * 2. distributions in binary form include the above copyright + * notice, this list of conditions and the following disclaimer + * in the documentation and/or other associated materials; + * + * 3. the copyright holder's name is not used to endorse products + * built using this software without specific written permission. + * + * ALTERNATIVELY, provided that this notice is retained in full, this product + * may be distributed under the terms of the GNU General Public License (GPL), + * in which case the provisions of the GPL apply INSTEAD OF those given above. + * + * DISCLAIMER + * + * This software is provided 'as is' with no explicit or implied warranties + * in respect of its properties, including, but not limited to, correctness + * and/or fitness for purpose. + * --------------------------------------------------------------------------- + */ + +#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10) +#include +#endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,29) +#include +#endif + +#include +#include + +struct { + softc_device_decl sc_dev; +} swcr_softc; + +#define offset_in_page(p) ((unsigned long)(p) & ~PAGE_MASK) + +#define SW_TYPE_CIPHER 0x01 +#define SW_TYPE_HMAC 0x02 +#define SW_TYPE_HASH 0x04 +#define SW_TYPE_COMP 0x08 +#define SW_TYPE_BLKCIPHER 0x10 +#define SW_TYPE_ALG_MASK 0x1f + +#define SW_TYPE_ASYNC 0x8000 + +#define SW_TYPE_INUSE 0x10000000 + +/* We change some of the above if we have an async interface */ + +#define SW_TYPE_ALG_AMASK (SW_TYPE_ALG_MASK | SW_TYPE_ASYNC) + +#define SW_TYPE_ABLKCIPHER (SW_TYPE_BLKCIPHER | SW_TYPE_ASYNC) +#define SW_TYPE_AHASH (SW_TYPE_HASH | SW_TYPE_ASYNC) +#define SW_TYPE_AHMAC (SW_TYPE_HMAC | SW_TYPE_ASYNC) + +#define SCATTERLIST_MAX 16 + +struct swcr_data { + struct work_struct workq; + int sw_type; + int sw_alg; + struct crypto_tfm *sw_tfm; + spinlock_t sw_tfm_lock; + union { + struct { + char *sw_key; + int sw_klen; + int sw_mlen; + } hmac; + void *sw_comp_buf; + } u; + struct swcr_data *sw_next; +}; + +struct swcr_req { + struct swcr_data *sw_head; + struct swcr_data *sw; + struct cryptop *crp; + struct cryptodesc *crd; + struct scatterlist sg[SCATTERLIST_MAX]; + unsigned char iv[EALG_MAX_BLOCK_LEN]; + char result[HASH_MAX_LEN]; + void *crypto_req; +}; + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20) +static kmem_cache_t *swcr_req_cache; +#else +static struct kmem_cache *swcr_req_cache; +#endif + +#ifndef CRYPTO_TFM_MODE_CBC +/* + * As of linux-2.6.21 this is no longer defined, and presumably no longer + * needed to be passed into the crypto core code. + */ +#define CRYPTO_TFM_MODE_CBC 0 +#define CRYPTO_TFM_MODE_ECB 0 +#endif + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) + /* + * Linux 2.6.19 introduced a new Crypto API, setup macro's to convert new + * API into old API. + */ + + /* Symmetric/Block Cipher */ + struct blkcipher_desc + { + struct crypto_tfm *tfm; + void *info; + }; + #define ecb(X) #X , CRYPTO_TFM_MODE_ECB + #define cbc(X) #X , CRYPTO_TFM_MODE_CBC + #define crypto_has_blkcipher(X, Y, Z) crypto_alg_available(X, 0) + #define crypto_blkcipher_cast(X) X + #define crypto_blkcipher_tfm(X) X + #define crypto_alloc_blkcipher(X, Y, Z) crypto_alloc_tfm(X, mode) + #define crypto_blkcipher_ivsize(X) crypto_tfm_alg_ivsize(X) + #define crypto_blkcipher_blocksize(X) crypto_tfm_alg_blocksize(X) + #define crypto_blkcipher_setkey(X, Y, Z) crypto_cipher_setkey(X, Y, Z) + #define crypto_blkcipher_encrypt_iv(W, X, Y, Z) \ + crypto_cipher_encrypt_iv((W)->tfm, X, Y, Z, (u8 *)((W)->info)) + #define crypto_blkcipher_decrypt_iv(W, X, Y, Z) \ + crypto_cipher_decrypt_iv((W)->tfm, X, Y, Z, (u8 *)((W)->info)) + #define crypto_blkcipher_set_flags(x, y) /* nop */ + #define crypto_free_blkcipher(x) crypto_free_tfm(x) + #define crypto_free_comp crypto_free_tfm + #define crypto_free_hash crypto_free_tfm + + /* Hash/HMAC/Digest */ + struct hash_desc + { + struct crypto_tfm *tfm; + }; + #define hmac(X) #X , 0 + #define crypto_has_hash(X, Y, Z) crypto_alg_available(X, 0) + #define crypto_hash_cast(X) X + #define crypto_hash_tfm(X) X + #define crypto_alloc_hash(X, Y, Z) crypto_alloc_tfm(X, mode) + #define crypto_hash_digestsize(X) crypto_tfm_alg_digestsize(X) + #define crypto_hash_digest(W, X, Y, Z) \ + crypto_digest_digest((W)->tfm, X, sg_num, Z) + + /* Asymmetric Cipher */ + #define crypto_has_cipher(X, Y, Z) crypto_alg_available(X, 0) + + /* Compression */ + #define crypto_has_comp(X, Y, Z) crypto_alg_available(X, 0) + #define crypto_comp_tfm(X) X + #define crypto_comp_cast(X) X + #define crypto_alloc_comp(X, Y, Z) crypto_alloc_tfm(X, mode) + #define plain(X) #X , 0 +#else + #define ecb(X) "ecb(" #X ")" , 0 + #define cbc(X) "cbc(" #X ")" , 0 + #define hmac(X) "hmac(" #X ")" , 0 + #define plain(X) #X , 0 +#endif /* if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) */ + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22) +/* no ablkcipher in older kernels */ +#define crypto_alloc_ablkcipher(a,b,c) (NULL) +#define crypto_ablkcipher_tfm(x) ((struct crypto_tfm *)(x)) +#define crypto_ablkcipher_set_flags(a, b) /* nop */ +#define crypto_ablkcipher_setkey(x, y, z) (-EINVAL) +#define crypto_has_ablkcipher(a,b,c) (0) +#else +#define HAVE_ABLKCIPHER +#endif + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,32) +/* no ahash in older kernels */ +#define crypto_ahash_tfm(x) ((struct crypto_tfm *)(x)) +#define crypto_alloc_ahash(a,b,c) (NULL) +#define crypto_ahash_digestsize(x) 0 +#else +#define HAVE_AHASH +#endif + +struct crypto_details { + char *alg_name; + int mode; + int sw_type; +}; + +static struct crypto_details crypto_details[] = { + [CRYPTO_DES_CBC] = { cbc(des), SW_TYPE_BLKCIPHER, }, + [CRYPTO_3DES_CBC] = { cbc(des3_ede), SW_TYPE_BLKCIPHER, }, + [CRYPTO_BLF_CBC] = { cbc(blowfish), SW_TYPE_BLKCIPHER, }, + [CRYPTO_CAST_CBC] = { cbc(cast5), SW_TYPE_BLKCIPHER, }, + [CRYPTO_SKIPJACK_CBC] = { cbc(skipjack), SW_TYPE_BLKCIPHER, }, + [CRYPTO_MD5_HMAC] = { hmac(md5), SW_TYPE_HMAC, }, + [CRYPTO_SHA1_HMAC] = { hmac(sha1), SW_TYPE_HMAC, }, + [CRYPTO_RIPEMD160_HMAC] = { hmac(ripemd160), SW_TYPE_HMAC, }, + [CRYPTO_MD5_KPDK] = { plain(md5-kpdk), SW_TYPE_HASH, }, + [CRYPTO_SHA1_KPDK] = { plain(sha1-kpdk), SW_TYPE_HASH, }, + [CRYPTO_AES_CBC] = { cbc(aes), SW_TYPE_BLKCIPHER, }, + [CRYPTO_ARC4] = { ecb(arc4), SW_TYPE_BLKCIPHER, }, + [CRYPTO_MD5] = { plain(md5), SW_TYPE_HASH, }, + [CRYPTO_SHA1] = { plain(sha1), SW_TYPE_HASH, }, + [CRYPTO_NULL_HMAC] = { hmac(digest_null), SW_TYPE_HMAC, }, + [CRYPTO_NULL_CBC] = { cbc(cipher_null), SW_TYPE_BLKCIPHER, }, + [CRYPTO_DEFLATE_COMP] = { plain(deflate), SW_TYPE_COMP, }, + [CRYPTO_SHA2_256_HMAC] = { hmac(sha256), SW_TYPE_HMAC, }, + [CRYPTO_SHA2_384_HMAC] = { hmac(sha384), SW_TYPE_HMAC, }, + [CRYPTO_SHA2_512_HMAC] = { hmac(sha512), SW_TYPE_HMAC, }, + [CRYPTO_CAMELLIA_CBC] = { cbc(camellia), SW_TYPE_BLKCIPHER, }, + [CRYPTO_SHA2_256] = { plain(sha256), SW_TYPE_HASH, }, + [CRYPTO_SHA2_384] = { plain(sha384), SW_TYPE_HASH, }, + [CRYPTO_SHA2_512] = { plain(sha512), SW_TYPE_HASH, }, + [CRYPTO_RIPEMD160] = { plain(ripemd160), SW_TYPE_HASH, }, +}; + +int32_t swcr_id = -1; +module_param(swcr_id, int, 0444); +MODULE_PARM_DESC(swcr_id, "Read-Only OCF ID for cryptosoft driver"); + +int swcr_fail_if_compression_grows = 1; +module_param(swcr_fail_if_compression_grows, int, 0644); +MODULE_PARM_DESC(swcr_fail_if_compression_grows, + "Treat compression that results in more data as a failure"); + +int swcr_no_ahash = 0; +module_param(swcr_no_ahash, int, 0644); +MODULE_PARM_DESC(swcr_no_ahash, + "Do not use async hash/hmac even if available"); + +int swcr_no_ablk = 0; +module_param(swcr_no_ablk, int, 0644); +MODULE_PARM_DESC(swcr_no_ablk, + "Do not use async blk ciphers even if available"); + +static struct swcr_data **swcr_sessions = NULL; +static u_int32_t swcr_sesnum = 0; + +static int swcr_process(device_t, struct cryptop *, int); +static int swcr_newsession(device_t, u_int32_t *, struct cryptoini *); +static int swcr_freesession(device_t, u_int64_t); + +static device_method_t swcr_methods = { + /* crypto device methods */ + DEVMETHOD(cryptodev_newsession, swcr_newsession), + DEVMETHOD(cryptodev_freesession,swcr_freesession), + DEVMETHOD(cryptodev_process, swcr_process), +}; + +#define debug swcr_debug +int swcr_debug = 0; +module_param(swcr_debug, int, 0644); +MODULE_PARM_DESC(swcr_debug, "Enable debug"); + +static void swcr_process_req(struct swcr_req *req); + +/* + * somethings just need to be run with user context no matter whether + * the kernel compression libs use vmalloc/vfree for example. + */ + +typedef struct { + struct work_struct wq; + void (*func)(void *arg); + void *arg; +} execute_later_t; + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) +static void +doing_it_now(struct work_struct *wq) +{ + execute_later_t *w = container_of(wq, execute_later_t, wq); + (w->func)(w->arg); + kfree(w); +} +#else +static void +doing_it_now(void *arg) +{ + execute_later_t *w = (execute_later_t *) arg; + (w->func)(w->arg); + kfree(w); +} +#endif + +static void +execute_later(void (fn)(void *), void *arg) +{ + execute_later_t *w; + + w = (execute_later_t *) kmalloc(sizeof(execute_later_t), SLAB_ATOMIC); + if (w) { + memset(w, '\0', sizeof(w)); + w->func = fn; + w->arg = arg; +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) + INIT_WORK(&w->wq, doing_it_now); +#else + INIT_WORK(&w->wq, doing_it_now, w); +#endif + schedule_work(&w->wq); + } +} + +/* + * Generate a new software session. + */ +static int +swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri) +{ + struct swcr_data **swd; + u_int32_t i; + int error; + char *algo; + int mode; + + dprintk("%s()\n", __FUNCTION__); + if (sid == NULL || cri == NULL) { + dprintk("%s,%d - EINVAL\n", __FILE__, __LINE__); + return EINVAL; + } + + if (swcr_sessions) { + for (i = 1; i < swcr_sesnum; i++) + if (swcr_sessions[i] == NULL) + break; + } else + i = 1; /* NB: to silence compiler warning */ + + if (swcr_sessions == NULL || i == swcr_sesnum) { + if (swcr_sessions == NULL) { + i = 1; /* We leave swcr_sessions[0] empty */ + swcr_sesnum = CRYPTO_SW_SESSIONS; + } else + swcr_sesnum *= 2; + + swd = kmalloc(swcr_sesnum * sizeof(struct swcr_data *), SLAB_ATOMIC); + if (swd == NULL) { + /* Reset session number */ + if (swcr_sesnum == CRYPTO_SW_SESSIONS) + swcr_sesnum = 0; + else + swcr_sesnum /= 2; + dprintk("%s,%d: ENOBUFS\n", __FILE__, __LINE__); + return ENOBUFS; + } + memset(swd, 0, swcr_sesnum * sizeof(struct swcr_data *)); + + /* Copy existing sessions */ + if (swcr_sessions) { + memcpy(swd, swcr_sessions, + (swcr_sesnum / 2) * sizeof(struct swcr_data *)); + kfree(swcr_sessions); + } + + swcr_sessions = swd; + } + + swd = &swcr_sessions[i]; + *sid = i; + + while (cri) { + *swd = (struct swcr_data *) kmalloc(sizeof(struct swcr_data), + SLAB_ATOMIC); + if (*swd == NULL) { + swcr_freesession(NULL, i); + dprintk("%s,%d: ENOBUFS\n", __FILE__, __LINE__); + return ENOBUFS; + } + memset(*swd, 0, sizeof(struct swcr_data)); + + if (cri->cri_alg < 0 || + cri->cri_alg>=sizeof(crypto_details)/sizeof(crypto_details[0])){ + printk("cryptosoft: Unknown algorithm 0x%x\n", cri->cri_alg); + swcr_freesession(NULL, i); + return EINVAL; + } + + algo = crypto_details[cri->cri_alg].alg_name; + if (!algo || !*algo) { + printk("cryptosoft: Unsupported algorithm 0x%x\n", cri->cri_alg); + swcr_freesession(NULL, i); + return EINVAL; + } + + mode = crypto_details[cri->cri_alg].mode; + (*swd)->sw_type = crypto_details[cri->cri_alg].sw_type; + (*swd)->sw_alg = cri->cri_alg; + + spin_lock_init(&(*swd)->sw_tfm_lock); + + /* Algorithm specific configuration */ + switch (cri->cri_alg) { + case CRYPTO_NULL_CBC: + cri->cri_klen = 0; /* make it work with crypto API */ + break; + default: + break; + } + + if ((*swd)->sw_type & SW_TYPE_BLKCIPHER) { + dprintk("%s crypto_alloc_*blkcipher(%s, 0x%x)\n", __FUNCTION__, + algo, mode); + + /* try async first */ + (*swd)->sw_tfm = swcr_no_ablk ? NULL : + crypto_ablkcipher_tfm(crypto_alloc_ablkcipher(algo, 0, 0)); + if ((*swd)->sw_tfm && !IS_ERR((*swd)->sw_tfm)) { + dprintk("%s %s cipher is async\n", __FUNCTION__, algo); + (*swd)->sw_type |= SW_TYPE_ASYNC; + } else { + (*swd)->sw_tfm = crypto_blkcipher_tfm( + crypto_alloc_blkcipher(algo, 0, CRYPTO_ALG_ASYNC)); + if ((*swd)->sw_tfm && !IS_ERR((*swd)->sw_tfm)) + dprintk("%s %s cipher is sync\n", __FUNCTION__, algo); + } + if (!(*swd)->sw_tfm || IS_ERR((*swd)->sw_tfm)) { + int err; + dprintk("cryptosoft: crypto_alloc_blkcipher failed(%s, 0x%x)\n", + algo,mode); + err = IS_ERR((*swd)->sw_tfm) ? -(PTR_ERR((*swd)->sw_tfm)) : EINVAL; + (*swd)->sw_tfm = NULL; /* ensure NULL */ + swcr_freesession(NULL, i); + return err; + } + + if (debug) { + dprintk("%s key:cri->cri_klen=%d,(cri->cri_klen + 7)/8=%d", + __FUNCTION__, cri->cri_klen, (cri->cri_klen + 7) / 8); + for (i = 0; i < (cri->cri_klen + 7) / 8; i++) + dprintk("%s0x%x", (i % 8) ? " " : "\n ", + cri->cri_key[i] & 0xff); + dprintk("\n"); + } + if ((*swd)->sw_type & SW_TYPE_ASYNC) { + /* OCF doesn't enforce keys */ + crypto_ablkcipher_set_flags( + __crypto_ablkcipher_cast((*swd)->sw_tfm), + CRYPTO_TFM_REQ_WEAK_KEY); + error = crypto_ablkcipher_setkey( + __crypto_ablkcipher_cast((*swd)->sw_tfm), + cri->cri_key, (cri->cri_klen + 7) / 8); + } else { + /* OCF doesn't enforce keys */ + crypto_blkcipher_set_flags( + crypto_blkcipher_cast((*swd)->sw_tfm), + CRYPTO_TFM_REQ_WEAK_KEY); + error = crypto_blkcipher_setkey( + crypto_blkcipher_cast((*swd)->sw_tfm), + cri->cri_key, (cri->cri_klen + 7) / 8); + } + if (error) { + printk("cryptosoft: setkey failed %d (crt_flags=0x%x)\n", error, + (*swd)->sw_tfm->crt_flags); + swcr_freesession(NULL, i); + return error; + } + } else if ((*swd)->sw_type & (SW_TYPE_HMAC | SW_TYPE_HASH)) { + dprintk("%s crypto_alloc_*hash(%s, 0x%x)\n", __FUNCTION__, + algo, mode); + + /* try async first */ + (*swd)->sw_tfm = swcr_no_ahash ? NULL : + crypto_ahash_tfm(crypto_alloc_ahash(algo, 0, 0)); + if ((*swd)->sw_tfm) { + dprintk("%s %s hash is async\n", __FUNCTION__, algo); + (*swd)->sw_type |= SW_TYPE_ASYNC; + } else { + dprintk("%s %s hash is sync\n", __FUNCTION__, algo); + (*swd)->sw_tfm = crypto_hash_tfm( + crypto_alloc_hash(algo, 0, CRYPTO_ALG_ASYNC)); + } + + if (!(*swd)->sw_tfm) { + dprintk("cryptosoft: crypto_alloc_hash failed(%s,0x%x)\n", + algo, mode); + swcr_freesession(NULL, i); + return EINVAL; + } + + (*swd)->u.hmac.sw_klen = (cri->cri_klen + 7) / 8; + (*swd)->u.hmac.sw_key = (char *)kmalloc((*swd)->u.hmac.sw_klen, + SLAB_ATOMIC); + if ((*swd)->u.hmac.sw_key == NULL) { + swcr_freesession(NULL, i); + dprintk("%s,%d: ENOBUFS\n", __FILE__, __LINE__); + return ENOBUFS; + } + memcpy((*swd)->u.hmac.sw_key, cri->cri_key, (*swd)->u.hmac.sw_klen); + if (cri->cri_mlen) { + (*swd)->u.hmac.sw_mlen = cri->cri_mlen; + } else if ((*swd)->sw_type & SW_TYPE_ASYNC) { + (*swd)->u.hmac.sw_mlen = crypto_ahash_digestsize( + __crypto_ahash_cast((*swd)->sw_tfm)); + } else { + (*swd)->u.hmac.sw_mlen = crypto_hash_digestsize( + crypto_hash_cast((*swd)->sw_tfm)); + } + } else if ((*swd)->sw_type & SW_TYPE_COMP) { + (*swd)->sw_tfm = crypto_comp_tfm( + crypto_alloc_comp(algo, 0, CRYPTO_ALG_ASYNC)); + if (!(*swd)->sw_tfm) { + dprintk("cryptosoft: crypto_alloc_comp failed(%s,0x%x)\n", + algo, mode); + swcr_freesession(NULL, i); + return EINVAL; + } + (*swd)->u.sw_comp_buf = kmalloc(CRYPTO_MAX_DATA_LEN, SLAB_ATOMIC); + if ((*swd)->u.sw_comp_buf == NULL) { + swcr_freesession(NULL, i); + dprintk("%s,%d: ENOBUFS\n", __FILE__, __LINE__); + return ENOBUFS; + } + } else { + printk("cryptosoft: Unhandled sw_type %d\n", (*swd)->sw_type); + swcr_freesession(NULL, i); + return EINVAL; + } + + cri = cri->cri_next; + swd = &((*swd)->sw_next); + } + return 0; +} + +/* + * Free a session. + */ +static int +swcr_freesession(device_t dev, u_int64_t tid) +{ + struct swcr_data *swd; + u_int32_t sid = CRYPTO_SESID2LID(tid); + + dprintk("%s()\n", __FUNCTION__); + if (sid > swcr_sesnum || swcr_sessions == NULL || + swcr_sessions[sid] == NULL) { + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + return(EINVAL); + } + + /* Silently accept and return */ + if (sid == 0) + return(0); + + while ((swd = swcr_sessions[sid]) != NULL) { + swcr_sessions[sid] = swd->sw_next; + if (swd->sw_tfm) { + switch (swd->sw_type & SW_TYPE_ALG_AMASK) { +#ifdef HAVE_AHASH + case SW_TYPE_AHMAC: + case SW_TYPE_AHASH: + crypto_free_ahash(__crypto_ahash_cast(swd->sw_tfm)); + break; +#endif +#ifdef HAVE_ABLKCIPHER + case SW_TYPE_ABLKCIPHER: + crypto_free_ablkcipher(__crypto_ablkcipher_cast(swd->sw_tfm)); + break; +#endif + case SW_TYPE_BLKCIPHER: + crypto_free_blkcipher(crypto_blkcipher_cast(swd->sw_tfm)); + break; + case SW_TYPE_HMAC: + case SW_TYPE_HASH: + crypto_free_hash(crypto_hash_cast(swd->sw_tfm)); + break; + case SW_TYPE_COMP: + if (in_interrupt()) + execute_later((void (*)(void *))crypto_free_comp, (void *)crypto_comp_cast(swd->sw_tfm)); + else + crypto_free_comp(crypto_comp_cast(swd->sw_tfm)); + break; + default: + crypto_free_tfm(swd->sw_tfm); + break; + } + swd->sw_tfm = NULL; + } + if (swd->sw_type & SW_TYPE_COMP) { + if (swd->u.sw_comp_buf) + kfree(swd->u.sw_comp_buf); + } else { + if (swd->u.hmac.sw_key) + kfree(swd->u.hmac.sw_key); + } + kfree(swd); + } + return 0; +} + +static void swcr_process_req_complete(struct swcr_req *req) +{ + dprintk("%s()\n", __FUNCTION__); + + if (req->sw->sw_type & SW_TYPE_INUSE) { + unsigned long flags; + spin_lock_irqsave(&req->sw->sw_tfm_lock, flags); + req->sw->sw_type &= ~SW_TYPE_INUSE; + spin_unlock_irqrestore(&req->sw->sw_tfm_lock, flags); + } + + if (req->crp->crp_etype) + goto done; + + switch (req->sw->sw_type & SW_TYPE_ALG_AMASK) { +#if defined(HAVE_AHASH) + case SW_TYPE_AHMAC: + case SW_TYPE_AHASH: + crypto_copyback(req->crp->crp_flags, req->crp->crp_buf, + req->crd->crd_inject, req->sw->u.hmac.sw_mlen, req->result); + ahash_request_free(req->crypto_req); + break; +#endif +#if defined(HAVE_ABLKCIPHER) + case SW_TYPE_ABLKCIPHER: + ablkcipher_request_free(req->crypto_req); + break; +#endif + case SW_TYPE_CIPHER: + case SW_TYPE_HMAC: + case SW_TYPE_HASH: + case SW_TYPE_COMP: + case SW_TYPE_BLKCIPHER: + break; + default: + req->crp->crp_etype = EINVAL; + goto done; + } + + req->crd = req->crd->crd_next; + if (req->crd) { + swcr_process_req(req); + return; + } + +done: + dprintk("%s crypto_done %p\n", __FUNCTION__, req); + crypto_done(req->crp); + kmem_cache_free(swcr_req_cache, req); +} + +#if defined(HAVE_ABLKCIPHER) || defined(HAVE_AHASH) +static void swcr_process_callback(struct crypto_async_request *creq, int err) +{ + struct swcr_req *req = creq->data; + + dprintk("%s()\n", __FUNCTION__); + if (err) { + if (err == -EINPROGRESS) + return; + dprintk("%s() fail %d\n", __FUNCTION__, -err); + req->crp->crp_etype = -err; + } + + swcr_process_req_complete(req); +} +#endif /* defined(HAVE_ABLKCIPHER) || defined(HAVE_AHASH) */ + + +static void swcr_process_req(struct swcr_req *req) +{ + struct swcr_data *sw; + struct cryptop *crp = req->crp; + struct cryptodesc *crd = req->crd; + struct sk_buff *skb = (struct sk_buff *) crp->crp_buf; + struct uio *uiop = (struct uio *) crp->crp_buf; + int sg_num, sg_len, skip; + + dprintk("%s()\n", __FUNCTION__); + + /* + * Find the crypto context. + * + * XXX Note that the logic here prevents us from having + * XXX the same algorithm multiple times in a session + * XXX (or rather, we can but it won't give us the right + * XXX results). To do that, we'd need some way of differentiating + * XXX between the various instances of an algorithm (so we can + * XXX locate the correct crypto context). + */ + for (sw = req->sw_head; sw && sw->sw_alg != crd->crd_alg; sw = sw->sw_next) + ; + + /* No such context ? */ + if (sw == NULL) { + crp->crp_etype = EINVAL; + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + goto done; + } + + /* + * for some types we need to ensure only one user as info is stored in + * the tfm during an operation that can get corrupted + */ + switch (sw->sw_type & SW_TYPE_ALG_AMASK) { +#ifdef HAVE_AHASH + case SW_TYPE_AHMAC: + case SW_TYPE_AHASH: +#endif + case SW_TYPE_HMAC: + case SW_TYPE_HASH: { + unsigned long flags; + spin_lock_irqsave(&sw->sw_tfm_lock, flags); + if (sw->sw_type & SW_TYPE_INUSE) { + spin_unlock_irqrestore(&sw->sw_tfm_lock, flags); + execute_later((void (*)(void *))swcr_process_req, (void *)req); + return; + } + sw->sw_type |= SW_TYPE_INUSE; + spin_unlock_irqrestore(&sw->sw_tfm_lock, flags); + } break; + } + + req->sw = sw; + skip = crd->crd_skip; + + /* + * setup the SG list skip from the start of the buffer + */ + memset(req->sg, 0, sizeof(req->sg)); + sg_init_table(req->sg, SCATTERLIST_MAX); + if (crp->crp_flags & CRYPTO_F_SKBUF) { + int i, len; + + sg_num = 0; + sg_len = 0; + + if (skip < skb_headlen(skb)) { + len = skb_headlen(skb) - skip; + if (len + sg_len > crd->crd_len) + len = crd->crd_len - sg_len; + sg_set_page(&req->sg[sg_num], + virt_to_page(skb->data + skip), len, + offset_in_page(skb->data + skip)); + sg_len += len; + sg_num++; + skip = 0; + } else + skip -= skb_headlen(skb); + + for (i = 0; sg_len < crd->crd_len && + i < skb_shinfo(skb)->nr_frags && + sg_num < SCATTERLIST_MAX; i++) { + if (skip < skb_shinfo(skb)->frags[i].size) { + len = skb_shinfo(skb)->frags[i].size - skip; + if (len + sg_len > crd->crd_len) + len = crd->crd_len - sg_len; + sg_set_page(&req->sg[sg_num], + skb_frag_page(&skb_shinfo(skb)->frags[i]), + len, + skb_shinfo(skb)->frags[i].page_offset + skip); + sg_len += len; + sg_num++; + skip = 0; + } else + skip -= skb_shinfo(skb)->frags[i].size; + } + } else if (crp->crp_flags & CRYPTO_F_IOV) { + int len; + + sg_len = 0; + for (sg_num = 0; sg_len < crd->crd_len && + sg_num < uiop->uio_iovcnt && + sg_num < SCATTERLIST_MAX; sg_num++) { + if (skip <= uiop->uio_iov[sg_num].iov_len) { + len = uiop->uio_iov[sg_num].iov_len - skip; + if (len + sg_len > crd->crd_len) + len = crd->crd_len - sg_len; + sg_set_page(&req->sg[sg_num], + virt_to_page(uiop->uio_iov[sg_num].iov_base+skip), + len, + offset_in_page(uiop->uio_iov[sg_num].iov_base+skip)); + sg_len += len; + skip = 0; + } else + skip -= uiop->uio_iov[sg_num].iov_len; + } + } else { + sg_len = (crp->crp_ilen - skip); + if (sg_len > crd->crd_len) + sg_len = crd->crd_len; + sg_set_page(&req->sg[0], virt_to_page(crp->crp_buf + skip), + sg_len, offset_in_page(crp->crp_buf + skip)); + sg_num = 1; + } + if (sg_num > 0) + sg_mark_end(&req->sg[sg_num-1]); + + switch (sw->sw_type & SW_TYPE_ALG_AMASK) { + +#ifdef HAVE_AHASH + case SW_TYPE_AHMAC: + case SW_TYPE_AHASH: + { + int ret; + + /* check we have room for the result */ + if (crp->crp_ilen - crd->crd_inject < sw->u.hmac.sw_mlen) { + dprintk("cryptosoft: EINVAL crp_ilen=%d, len=%d, inject=%d " + "digestsize=%d\n", crp->crp_ilen, crd->crd_skip + sg_len, + crd->crd_inject, sw->u.hmac.sw_mlen); + crp->crp_etype = EINVAL; + goto done; + } + + req->crypto_req = + ahash_request_alloc(__crypto_ahash_cast(sw->sw_tfm),GFP_ATOMIC); + if (!req->crypto_req) { + crp->crp_etype = ENOMEM; + dprintk("%s,%d: ENOMEM ahash_request_alloc", __FILE__, __LINE__); + goto done; + } + + ahash_request_set_callback(req->crypto_req, + CRYPTO_TFM_REQ_MAY_BACKLOG, swcr_process_callback, req); + + memset(req->result, 0, sizeof(req->result)); + + if (sw->sw_type & SW_TYPE_AHMAC) + crypto_ahash_setkey(__crypto_ahash_cast(sw->sw_tfm), + sw->u.hmac.sw_key, sw->u.hmac.sw_klen); + ahash_request_set_crypt(req->crypto_req, req->sg, req->result, sg_len); + ret = crypto_ahash_digest(req->crypto_req); + switch (ret) { + case -EINPROGRESS: + case -EBUSY: + return; + default: + case 0: + dprintk("hash OP %s %d\n", ret ? "failed" : "success", ret); + crp->crp_etype = ret; + goto done; + } + } break; +#endif /* HAVE_AHASH */ + +#ifdef HAVE_ABLKCIPHER + case SW_TYPE_ABLKCIPHER: { + int ret; + unsigned char *ivp = req->iv; + int ivsize = + crypto_ablkcipher_ivsize(__crypto_ablkcipher_cast(sw->sw_tfm)); + + if (sg_len < crypto_ablkcipher_blocksize( + __crypto_ablkcipher_cast(sw->sw_tfm))) { + crp->crp_etype = EINVAL; + dprintk("%s,%d: EINVAL len %d < %d\n", __FILE__, __LINE__, + sg_len, crypto_ablkcipher_blocksize( + __crypto_ablkcipher_cast(sw->sw_tfm))); + goto done; + } + + if (ivsize > sizeof(req->iv)) { + crp->crp_etype = EINVAL; + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + goto done; + } + + req->crypto_req = ablkcipher_request_alloc( + __crypto_ablkcipher_cast(sw->sw_tfm), GFP_ATOMIC); + if (!req->crypto_req) { + crp->crp_etype = ENOMEM; + dprintk("%s,%d: ENOMEM ablkcipher_request_alloc", + __FILE__, __LINE__); + goto done; + } + + ablkcipher_request_set_callback(req->crypto_req, + CRYPTO_TFM_REQ_MAY_BACKLOG, swcr_process_callback, req); + + if (crd->crd_flags & CRD_F_KEY_EXPLICIT) { + int i, error; + + if (debug) { + dprintk("%s key:", __FUNCTION__); + for (i = 0; i < (crd->crd_klen + 7) / 8; i++) + dprintk("%s0x%x", (i % 8) ? " " : "\n ", + crd->crd_key[i] & 0xff); + dprintk("\n"); + } + /* OCF doesn't enforce keys */ + crypto_ablkcipher_set_flags(__crypto_ablkcipher_cast(sw->sw_tfm), + CRYPTO_TFM_REQ_WEAK_KEY); + error = crypto_ablkcipher_setkey( + __crypto_ablkcipher_cast(sw->sw_tfm), crd->crd_key, + (crd->crd_klen + 7) / 8); + if (error) { + dprintk("cryptosoft: setkey failed %d (crt_flags=0x%x)\n", + error, sw->sw_tfm->crt_flags); + crp->crp_etype = -error; + } + } + + if (crd->crd_flags & CRD_F_ENCRYPT) { /* encrypt */ + + if (crd->crd_flags & CRD_F_IV_EXPLICIT) + ivp = crd->crd_iv; + else + get_random_bytes(ivp, ivsize); + /* + * do we have to copy the IV back to the buffer ? + */ + if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) { + crypto_copyback(crp->crp_flags, crp->crp_buf, + crd->crd_inject, ivsize, (caddr_t)ivp); + } + ablkcipher_request_set_crypt(req->crypto_req, req->sg, req->sg, + sg_len, ivp); + ret = crypto_ablkcipher_encrypt(req->crypto_req); + + } else { /*decrypt */ + + if (crd->crd_flags & CRD_F_IV_EXPLICIT) + ivp = crd->crd_iv; + else + crypto_copydata(crp->crp_flags, crp->crp_buf, + crd->crd_inject, ivsize, (caddr_t)ivp); + ablkcipher_request_set_crypt(req->crypto_req, req->sg, req->sg, + sg_len, ivp); + ret = crypto_ablkcipher_decrypt(req->crypto_req); + } + + switch (ret) { + case -EINPROGRESS: + case -EBUSY: + return; + default: + case 0: + dprintk("crypto OP %s %d\n", ret ? "failed" : "success", ret); + crp->crp_etype = ret; + goto done; + } + } break; +#endif /* HAVE_ABLKCIPHER */ + + case SW_TYPE_BLKCIPHER: { + unsigned char iv[EALG_MAX_BLOCK_LEN]; + unsigned char *ivp = iv; + struct blkcipher_desc desc; + int ivsize = crypto_blkcipher_ivsize(crypto_blkcipher_cast(sw->sw_tfm)); + + if (sg_len < crypto_blkcipher_blocksize( + crypto_blkcipher_cast(sw->sw_tfm))) { + crp->crp_etype = EINVAL; + dprintk("%s,%d: EINVAL len %d < %d\n", __FILE__, __LINE__, + sg_len, crypto_blkcipher_blocksize( + crypto_blkcipher_cast(sw->sw_tfm))); + goto done; + } + + if (ivsize > sizeof(iv)) { + crp->crp_etype = EINVAL; + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + goto done; + } + + if (crd->crd_flags & CRD_F_KEY_EXPLICIT) { + int i, error; + + if (debug) { + dprintk("%s key:", __FUNCTION__); + for (i = 0; i < (crd->crd_klen + 7) / 8; i++) + dprintk("%s0x%x", (i % 8) ? " " : "\n ", + crd->crd_key[i] & 0xff); + dprintk("\n"); + } + /* OCF doesn't enforce keys */ + crypto_blkcipher_set_flags(crypto_blkcipher_cast(sw->sw_tfm), + CRYPTO_TFM_REQ_WEAK_KEY); + error = crypto_blkcipher_setkey( + crypto_blkcipher_cast(sw->sw_tfm), crd->crd_key, + (crd->crd_klen + 7) / 8); + if (error) { + dprintk("cryptosoft: setkey failed %d (crt_flags=0x%x)\n", + error, sw->sw_tfm->crt_flags); + crp->crp_etype = -error; + } + } + + memset(&desc, 0, sizeof(desc)); + desc.tfm = crypto_blkcipher_cast(sw->sw_tfm); + + if (crd->crd_flags & CRD_F_ENCRYPT) { /* encrypt */ + + if (crd->crd_flags & CRD_F_IV_EXPLICIT) { + ivp = crd->crd_iv; + } else { + get_random_bytes(ivp, ivsize); + } + /* + * do we have to copy the IV back to the buffer ? + */ + if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) { + crypto_copyback(crp->crp_flags, crp->crp_buf, + crd->crd_inject, ivsize, (caddr_t)ivp); + } + desc.info = ivp; + crypto_blkcipher_encrypt_iv(&desc, req->sg, req->sg, sg_len); + + } else { /*decrypt */ + + if (crd->crd_flags & CRD_F_IV_EXPLICIT) { + ivp = crd->crd_iv; + } else { + crypto_copydata(crp->crp_flags, crp->crp_buf, + crd->crd_inject, ivsize, (caddr_t)ivp); + } + desc.info = ivp; + crypto_blkcipher_decrypt_iv(&desc, req->sg, req->sg, sg_len); + } + } break; + + case SW_TYPE_HMAC: + case SW_TYPE_HASH: + { + char result[HASH_MAX_LEN]; + struct hash_desc desc; + + /* check we have room for the result */ + if (crp->crp_ilen - crd->crd_inject < sw->u.hmac.sw_mlen) { + dprintk("cryptosoft: EINVAL crp_ilen=%d, len=%d, inject=%d " + "digestsize=%d\n", crp->crp_ilen, crd->crd_skip + sg_len, + crd->crd_inject, sw->u.hmac.sw_mlen); + crp->crp_etype = EINVAL; + goto done; + } + + memset(&desc, 0, sizeof(desc)); + desc.tfm = crypto_hash_cast(sw->sw_tfm); + + memset(result, 0, sizeof(result)); + + if (sw->sw_type & SW_TYPE_HMAC) { +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) + crypto_hmac(sw->sw_tfm, sw->u.hmac.sw_key, &sw->u.hmac.sw_klen, + req->sg, sg_num, result); +#else + crypto_hash_setkey(desc.tfm, sw->u.hmac.sw_key, + sw->u.hmac.sw_klen); + crypto_hash_digest(&desc, req->sg, sg_len, result); +#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) */ + + } else { /* SW_TYPE_HASH */ + crypto_hash_digest(&desc, req->sg, sg_len, result); + } + + crypto_copyback(crp->crp_flags, crp->crp_buf, + crd->crd_inject, sw->u.hmac.sw_mlen, result); + } + break; + + case SW_TYPE_COMP: { + void *ibuf = NULL; + void *obuf = sw->u.sw_comp_buf; + int ilen = sg_len, olen = CRYPTO_MAX_DATA_LEN; + int ret = 0; + + /* + * we need to use an additional copy if there is more than one + * input chunk since the kernel comp routines do not handle + * SG yet. Otherwise we just use the input buffer as is. + * Rather than allocate another buffer we just split the tmp + * buffer we already have. + * Perhaps we should just use zlib directly ? + */ + if (sg_num > 1) { + int blk; + + ibuf = obuf; + for (blk = 0; blk < sg_num; blk++) { + memcpy(obuf, sg_virt(&req->sg[blk]), + req->sg[blk].length); + obuf += req->sg[blk].length; + } + olen -= sg_len; + } else + ibuf = sg_virt(&req->sg[0]); + + if (crd->crd_flags & CRD_F_ENCRYPT) { /* compress */ + ret = crypto_comp_compress(crypto_comp_cast(sw->sw_tfm), + ibuf, ilen, obuf, &olen); + if (!ret && olen > crd->crd_len) { + dprintk("cryptosoft: ERANGE compress %d into %d\n", + crd->crd_len, olen); + if (swcr_fail_if_compression_grows) + ret = ERANGE; + } + } else { /* decompress */ + ret = crypto_comp_decompress(crypto_comp_cast(sw->sw_tfm), + ibuf, ilen, obuf, &olen); + if (!ret && (olen + crd->crd_inject) > crp->crp_olen) { + dprintk("cryptosoft: ETOOSMALL decompress %d into %d, " + "space for %d,at offset %d\n", + crd->crd_len, olen, crp->crp_olen, crd->crd_inject); + ret = ETOOSMALL; + } + } + if (ret) + dprintk("%s,%d: ret = %d\n", __FILE__, __LINE__, ret); + + /* + * on success copy result back, + * linux crpyto API returns -errno, we need to fix that + */ + crp->crp_etype = ret < 0 ? -ret : ret; + if (ret == 0) { + /* copy back the result and return it's size */ + crypto_copyback(crp->crp_flags, crp->crp_buf, + crd->crd_inject, olen, obuf); + crp->crp_olen = olen; + } + } break; + + default: + /* Unknown/unsupported algorithm */ + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + crp->crp_etype = EINVAL; + goto done; + } + +done: + swcr_process_req_complete(req); +} + + +/* + * Process a crypto request. + */ +static int +swcr_process(device_t dev, struct cryptop *crp, int hint) +{ + struct swcr_req *req = NULL; + u_int32_t lid; + + dprintk("%s()\n", __FUNCTION__); + /* Sanity check */ + if (crp == NULL) { + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + return EINVAL; + } + + crp->crp_etype = 0; + + if (crp->crp_desc == NULL || crp->crp_buf == NULL) { + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + crp->crp_etype = EINVAL; + goto done; + } + + lid = crp->crp_sid & 0xffffffff; + if (lid >= swcr_sesnum || lid == 0 || swcr_sessions == NULL || + swcr_sessions[lid] == NULL) { + crp->crp_etype = ENOENT; + dprintk("%s,%d: ENOENT\n", __FILE__, __LINE__); + goto done; + } + + /* + * do some error checking outside of the loop for SKB and IOV processing + * this leaves us with valid skb or uiop pointers for later + */ + if (crp->crp_flags & CRYPTO_F_SKBUF) { + struct sk_buff *skb = (struct sk_buff *) crp->crp_buf; + if (skb_shinfo(skb)->nr_frags >= SCATTERLIST_MAX) { + printk("%s,%d: %d nr_frags > SCATTERLIST_MAX", __FILE__, __LINE__, + skb_shinfo(skb)->nr_frags); + goto done; + } + } else if (crp->crp_flags & CRYPTO_F_IOV) { + struct uio *uiop = (struct uio *) crp->crp_buf; + if (uiop->uio_iovcnt > SCATTERLIST_MAX) { + printk("%s,%d: %d uio_iovcnt > SCATTERLIST_MAX", __FILE__, __LINE__, + uiop->uio_iovcnt); + goto done; + } + } + + /* + * setup a new request ready for queuing + */ + req = kmem_cache_alloc(swcr_req_cache, SLAB_ATOMIC); + if (req == NULL) { + dprintk("%s,%d: ENOMEM\n", __FILE__, __LINE__); + crp->crp_etype = ENOMEM; + goto done; + } + memset(req, 0, sizeof(*req)); + + req->sw_head = swcr_sessions[lid]; + req->crp = crp; + req->crd = crp->crp_desc; + + swcr_process_req(req); + return 0; + +done: + crypto_done(crp); + if (req) + kmem_cache_free(swcr_req_cache, req); + return 0; +} + + +static int +cryptosoft_init(void) +{ + int i, sw_type, mode; + char *algo; + + dprintk("%s(%p)\n", __FUNCTION__, cryptosoft_init); + + swcr_req_cache = kmem_cache_create("cryptosoft_req", + sizeof(struct swcr_req), 0, SLAB_HWCACHE_ALIGN, NULL +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) + , NULL +#endif + ); + if (!swcr_req_cache) { + printk("cryptosoft: failed to create request cache\n"); + return -ENOENT; + } + + softc_device_init(&swcr_softc, "cryptosoft", 0, swcr_methods); + + swcr_id = crypto_get_driverid(softc_get_device(&swcr_softc), + CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_SYNC); + if (swcr_id < 0) { + printk("cryptosoft: Software crypto device cannot initialize!"); + return -ENODEV; + } + +#define REGISTER(alg) \ + crypto_register(swcr_id, alg, 0,0) + + for (i = 0; i < sizeof(crypto_details)/sizeof(crypto_details[0]); i++) { + int found; + + algo = crypto_details[i].alg_name; + if (!algo || !*algo) { + dprintk("%s:Algorithm %d not supported\n", __FUNCTION__, i); + continue; + } + + mode = crypto_details[i].mode; + sw_type = crypto_details[i].sw_type; + + found = 0; + switch (sw_type & SW_TYPE_ALG_MASK) { + case SW_TYPE_CIPHER: + found = crypto_has_cipher(algo, 0, CRYPTO_ALG_ASYNC); + break; + case SW_TYPE_HMAC: + found = crypto_has_hash(algo, 0, swcr_no_ahash?CRYPTO_ALG_ASYNC:0); + break; + case SW_TYPE_HASH: + found = crypto_has_hash(algo, 0, swcr_no_ahash?CRYPTO_ALG_ASYNC:0); + break; + case SW_TYPE_COMP: + found = crypto_has_comp(algo, 0, CRYPTO_ALG_ASYNC); + break; + case SW_TYPE_BLKCIPHER: + found = crypto_has_blkcipher(algo, 0, CRYPTO_ALG_ASYNC); + if (!found && !swcr_no_ablk) + found = crypto_has_ablkcipher(algo, 0, 0); + break; + } + if (found) { + REGISTER(i); + } else { + dprintk("%s:Algorithm Type %d not supported (algorithm %d:'%s')\n", + __FUNCTION__, sw_type, i, algo); + } + } + return 0; +} + +static void +cryptosoft_exit(void) +{ + dprintk("%s()\n", __FUNCTION__); + crypto_unregister_all(swcr_id); + swcr_id = -1; + kmem_cache_destroy(swcr_req_cache); +} + +late_initcall(cryptosoft_init); +module_exit(cryptosoft_exit); + +MODULE_LICENSE("Dual BSD/GPL"); +MODULE_AUTHOR("David McCullough "); +MODULE_DESCRIPTION("Cryptosoft (OCF module for kernel crypto)"); diff -Naur linux-3.0.68.i686-orig/crypto/ocf/ep80579/environment.mk linux-3.0.68.i686/crypto/ocf/ep80579/environment.mk --- linux-3.0.68.i686-orig/crypto/ocf/ep80579/environment.mk 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/ep80579/environment.mk 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,78 @@ + ########################################################################### + # +# This file is provided under a dual BSD/GPLv2 license. When using or +# redistributing this file, you may do so under either license. +# +# GPL LICENSE SUMMARY +# +# Copyright(c) 2007,2008 Intel Corporation. All rights reserved. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of version 2 of the GNU General Public License as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. +# The full GNU General Public License is included in this distribution +# in the file called LICENSE.GPL. +# +# Contact Information: +# Intel Corporation +# +# BSD LICENSE +# +# Copyright(c) 2007,2008 Intel Corporation. All rights reserved. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# +# version: Security.L.1.0.130 + # + ########################################################################### + + +ICP_LAC_API=$(ICP_ROOT)/Acceleration/include/lac +ICP_BTR_API=$(ICP_ROOT)/Acceleration/include/btr +ICP_API_DIR=$(ICP_ROOT)/Acceleration/include +ICP_OCF_SHIM_DIR?=$(KERNEL_SOURCE_ROOT)/crypto/ocf/ +ifeq ($(wildcard $(ICP_OCF_SHIM_DIR)),) +ICP_OCF_SHIM_DIR?=$(ROOTDIR)/modules/ocf/ +endif + +ICP_OS_LEVEL?=kernel_space + +ICP_OS?=linux_2.6 + +ICP_CORE?=ia + diff -Naur linux-3.0.68.i686-orig/crypto/ocf/ep80579/icp_asym.c linux-3.0.68.i686/crypto/ocf/ep80579/icp_asym.c --- linux-3.0.68.i686-orig/crypto/ocf/ep80579/icp_asym.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/ep80579/icp_asym.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,1334 @@ +/*************************************************************************** + * + * This file is provided under a dual BSD/GPLv2 license. When using or + * redistributing this file, you may do so under either license. + * + * GPL LICENSE SUMMARY + * + * Copyright(c) 2007,2008,2009 Intel Corporation. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. + * The full GNU General Public License is included in this distribution + * in the file called LICENSE.GPL. + * + * Contact Information: + * Intel Corporation + * + * BSD LICENSE + * + * Copyright(c) 2007,2008,2009 Intel Corporation. All rights reserved. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * + * version: Security.L.1.0.2-229 + * + ***************************************************************************/ + +#include "icp_ocf.h" + +/*The following define values (containing the word 'INDEX') are used to find +the index of each input buffer of the crypto_kop struct (see OCF cryptodev.h). +These values were found through analysis of the OCF OpenSSL patch. If the +calling program uses different input buffer positions, these defines will have +to be changed.*/ + +/*DIFFIE HELLMAN buffer index values*/ +#define ICP_DH_KRP_PARAM_PRIME_INDEX (0) +#define ICP_DH_KRP_PARAM_BASE_INDEX (1) +#define ICP_DH_KRP_PARAM_PRIVATE_VALUE_INDEX (2) +#define ICP_DH_KRP_PARAM_RESULT_INDEX (3) + +/*MOD EXP buffer index values*/ +#define ICP_MOD_EXP_KRP_PARAM_BASE_INDEX (0) +#define ICP_MOD_EXP_KRP_PARAM_EXPONENT_INDEX (1) +#define ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX (2) +#define ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX (3) + +/*MOD EXP CRT buffer index values*/ +#define ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_P_INDEX (0) +#define ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_Q_INDEX (1) +#define ICP_MOD_EXP_CRT_KRP_PARAM_I_INDEX (2) +#define ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DP_INDEX (3) +#define ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DQ_INDEX (4) +#define ICP_MOD_EXP_CRT_KRP_PARAM_COEFF_QINV_INDEX (5) +#define ICP_MOD_EXP_CRT_KRP_PARAM_RESULT_INDEX (6) + +/*DSA sign buffer index values*/ +#define ICP_DSA_SIGN_KRP_PARAM_DGST_INDEX (0) +#define ICP_DSA_SIGN_KRP_PARAM_PRIME_P_INDEX (1) +#define ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX (2) +#define ICP_DSA_SIGN_KRP_PARAM_G_INDEX (3) +#define ICP_DSA_SIGN_KRP_PARAM_X_INDEX (4) +#define ICP_DSA_SIGN_KRP_PARAM_R_RESULT_INDEX (5) +#define ICP_DSA_SIGN_KRP_PARAM_S_RESULT_INDEX (6) + +/*DSA verify buffer index values*/ +#define ICP_DSA_VERIFY_KRP_PARAM_DGST_INDEX (0) +#define ICP_DSA_VERIFY_KRP_PARAM_PRIME_P_INDEX (1) +#define ICP_DSA_VERIFY_KRP_PARAM_PRIME_Q_INDEX (2) +#define ICP_DSA_VERIFY_KRP_PARAM_G_INDEX (3) +#define ICP_DSA_VERIFY_KRP_PARAM_PUBKEY_INDEX (4) +#define ICP_DSA_VERIFY_KRP_PARAM_SIG_R_INDEX (5) +#define ICP_DSA_VERIFY_KRP_PARAM_SIG_S_INDEX (6) + +/*DSA sign prime Q vs random number K size check values*/ +#define DONT_RUN_LESS_THAN_CHECK (0) +#define FAIL_A_IS_GREATER_THAN_B (1) +#define FAIL_A_IS_EQUAL_TO_B (1) +#define SUCCESS_A_IS_LESS_THAN_B (0) +#define DSA_SIGN_RAND_GEN_VAL_CHECK_MAX_ITERATIONS (500) + +/* We need to set a cryptokp success value just in case it is set or allocated + and not set to zero outside of this module */ +#define CRYPTO_OP_SUCCESS (0) + +/*Function to compute Diffie Hellman (DH) phase 1 or phase 2 key values*/ +static int icp_ocfDrvDHComputeKey(struct cryptkop *krp); + +/*Function to compute a Modular Exponentiation (Mod Exp)*/ +static int icp_ocfDrvModExp(struct cryptkop *krp); + +/*Function to compute a Mod Exp using the Chinease Remainder Theorem*/ +static int icp_ocfDrvModExpCRT(struct cryptkop *krp); + +/*Helper function to compute whether the first big number argument is less than + the second big number argument */ +static int +icp_ocfDrvCheckALessThanB(CpaFlatBuffer * pK, CpaFlatBuffer * pQ, int *doCheck); + +/*Function to sign an input with DSA R and S keys*/ +static int icp_ocfDrvDsaSign(struct cryptkop *krp); + +/*Function to Verify a DSA buffer signature*/ +static int icp_ocfDrvDsaVerify(struct cryptkop *krp); + +/*Callback function for DH operation*/ +static void +icp_ocfDrvDhP1CallBack(void *callbackTag, + CpaStatus status, + void *pOpData, CpaFlatBuffer * pLocalOctetStringPV); + +/*Callback function for ME operation*/ +static void +icp_ocfDrvModExpCallBack(void *callbackTag, + CpaStatus status, + void *pOpData, CpaFlatBuffer * pResult); + +/*Callback function for ME CRT operation*/ +static void +icp_ocfDrvModExpCRTCallBack(void *callbackTag, + CpaStatus status, + void *pOpData, CpaFlatBuffer * pOutputData); + +/*Callback function for DSA sign operation*/ +static void +icp_ocfDrvDsaRSSignCallBack(void *callbackTag, + CpaStatus status, + void *pOpData, + CpaBoolean protocolStatus, + CpaFlatBuffer * pR, CpaFlatBuffer * pS); + +/*Callback function for DSA Verify operation*/ +static void +icp_ocfDrvDsaVerifyCallBack(void *callbackTag, + CpaStatus status, + void *pOpData, CpaBoolean verifyStatus); + +/* Name : icp_ocfDrvPkeProcess + * + * Description : This function will choose which PKE process to follow + * based on the input arguments + */ +int icp_ocfDrvPkeProcess(icp_device_t dev, struct cryptkop *krp, int hint) +{ + CpaStatus lacStatus = CPA_STATUS_SUCCESS; + + if (NULL == krp) { + DPRINTK("%s(): Invalid input parameters, cryptkop = %p\n", + __FUNCTION__, krp); + return EINVAL; + } + + if (CPA_TRUE == icp_atomic_read(&icp_ocfDrvIsExiting)) { + krp->krp_status = ECANCELED; + return ECANCELED; + } + + switch (krp->krp_op) { + case CRK_DH_COMPUTE_KEY: + DPRINTK("%s() doing DH_COMPUTE_KEY\n", __FUNCTION__); + lacStatus = icp_ocfDrvDHComputeKey(krp); + if (CPA_STATUS_SUCCESS != lacStatus) { + EPRINTK("%s(): icp_ocfDrvDHComputeKey failed " + "(%d).\n", __FUNCTION__, lacStatus); + krp->krp_status = ECANCELED; + return ECANCELED; + } + + break; + + case CRK_MOD_EXP: + DPRINTK("%s() doing MOD_EXP \n", __FUNCTION__); + lacStatus = icp_ocfDrvModExp(krp); + if (CPA_STATUS_SUCCESS != lacStatus) { + EPRINTK("%s(): icp_ocfDrvModExp failed (%d).\n", + __FUNCTION__, lacStatus); + krp->krp_status = ECANCELED; + return ECANCELED; + } + + break; + + case CRK_MOD_EXP_CRT: + DPRINTK("%s() doing MOD_EXP_CRT \n", __FUNCTION__); + lacStatus = icp_ocfDrvModExpCRT(krp); + if (CPA_STATUS_SUCCESS != lacStatus) { + EPRINTK("%s(): icp_ocfDrvModExpCRT " + "failed (%d).\n", __FUNCTION__, lacStatus); + krp->krp_status = ECANCELED; + return ECANCELED; + } + + break; + + case CRK_DSA_SIGN: + DPRINTK("%s() doing DSA_SIGN \n", __FUNCTION__); + lacStatus = icp_ocfDrvDsaSign(krp); + if (CPA_STATUS_SUCCESS != lacStatus) { + EPRINTK("%s(): icp_ocfDrvDsaSign " + "failed (%d).\n", __FUNCTION__, lacStatus); + krp->krp_status = ECANCELED; + return ECANCELED; + } + + break; + + case CRK_DSA_VERIFY: + DPRINTK("%s() doing DSA_VERIFY \n", __FUNCTION__); + lacStatus = icp_ocfDrvDsaVerify(krp); + if (CPA_STATUS_SUCCESS != lacStatus) { + EPRINTK("%s(): icp_ocfDrvDsaVerify " + "failed (%d).\n", __FUNCTION__, lacStatus); + krp->krp_status = ECANCELED; + return ECANCELED; + } + + break; + + default: + EPRINTK("%s(): Asymettric function not " + "supported (%d).\n", __FUNCTION__, krp->krp_op); + krp->krp_status = EOPNOTSUPP; + return EOPNOTSUPP; + } + + return ICP_OCF_DRV_STATUS_SUCCESS; +} + +/* Name : icp_ocfDrvSwapBytes + * + * Description : This function is used to swap the byte order of a buffer. + * It has been seen that in general we are passed little endian byte order + * buffers, but LAC only accepts big endian byte order buffers. + */ +static void inline icp_ocfDrvSwapBytes(u_int8_t * num, u_int32_t buff_len_bytes) +{ + + int i; + u_int8_t *end_ptr; + u_int8_t hold_val; + + end_ptr = num + (buff_len_bytes - 1); + buff_len_bytes = buff_len_bytes >> 1; + for (i = 0; i < buff_len_bytes; i++) { + hold_val = *num; + *num = *end_ptr; + num++; + *end_ptr = hold_val; + end_ptr--; + } +} + +/* Name : icp_ocfDrvDHComputeKey + * + * Description : This function will map Diffie Hellman calls from OCF + * to the LAC API. OCF uses this function for Diffie Hellman Phase1 and + * Phase2. LAC has a separate Diffie Hellman Phase2 call, however both phases + * break down to a modular exponentiation. + */ +static int icp_ocfDrvDHComputeKey(struct cryptkop *krp) +{ + CpaStatus lacStatus = CPA_STATUS_SUCCESS; + void *callbackTag = NULL; + CpaCyDhPhase1KeyGenOpData *pPhase1OpData = NULL; + CpaFlatBuffer *pLocalOctetStringPV = NULL; + uint32_t dh_prime_len_bytes = 0, dh_prime_len_bits = 0; + + /* Input checks - check prime is a multiple of 8 bits to allow for + allocation later */ + dh_prime_len_bits = + (krp->krp_param[ICP_DH_KRP_PARAM_PRIME_INDEX].crp_nbits); + + /* LAC can reject prime lengths based on prime key sizes, we just + need to make sure we can allocate space for the base and + exponent buffers correctly */ + if ((dh_prime_len_bits % NUM_BITS_IN_BYTE) != 0) { + APRINTK("%s(): Warning Prime number buffer size is not a " + "multiple of 8 bits\n", __FUNCTION__); + } + + /* Result storage space should be the same size as the prime as this + value can take up the same amount of storage space */ + if (dh_prime_len_bits != + krp->krp_param[ICP_DH_KRP_PARAM_RESULT_INDEX].crp_nbits) { + DPRINTK("%s(): Return Buffer must be the same size " + "as the Prime buffer\n", __FUNCTION__); + krp->krp_status = EINVAL; + return EINVAL; + } + /* Switch to size in bytes */ + BITS_TO_BYTES(dh_prime_len_bytes, dh_prime_len_bits); + + callbackTag = krp; + +/*All allocations are set to ICP_M_NOWAIT due to the possibility of getting +called in interrupt context*/ + pPhase1OpData = icp_kmem_cache_zalloc(drvDH_zone, ICP_M_NOWAIT); + if (NULL == pPhase1OpData) { + APRINTK("%s():Failed to get memory for key gen data\n", + __FUNCTION__); + krp->krp_status = ENOMEM; + return ENOMEM; + } + + pLocalOctetStringPV = + icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT); + if (NULL == pLocalOctetStringPV) { + APRINTK("%s():Failed to get memory for pLocalOctetStringPV\n", + __FUNCTION__); + ICP_CACHE_FREE(drvDH_zone, pPhase1OpData); + krp->krp_status = ENOMEM; + return ENOMEM; + } + + /* Link parameters */ + pPhase1OpData->primeP.pData = + krp->krp_param[ICP_DH_KRP_PARAM_PRIME_INDEX].crp_p; + + pPhase1OpData->primeP.dataLenInBytes = dh_prime_len_bytes; + + icp_ocfDrvSwapBytes(pPhase1OpData->primeP.pData, dh_prime_len_bytes); + + pPhase1OpData->baseG.pData = + krp->krp_param[ICP_DH_KRP_PARAM_BASE_INDEX].crp_p; + + BITS_TO_BYTES(pPhase1OpData->baseG.dataLenInBytes, + krp->krp_param[ICP_DH_KRP_PARAM_BASE_INDEX].crp_nbits); + + icp_ocfDrvSwapBytes(pPhase1OpData->baseG.pData, + pPhase1OpData->baseG.dataLenInBytes); + + pPhase1OpData->privateValueX.pData = + krp->krp_param[ICP_DH_KRP_PARAM_PRIVATE_VALUE_INDEX].crp_p; + + BITS_TO_BYTES(pPhase1OpData->privateValueX.dataLenInBytes, + krp->krp_param[ICP_DH_KRP_PARAM_PRIVATE_VALUE_INDEX]. + crp_nbits); + + icp_ocfDrvSwapBytes(pPhase1OpData->privateValueX.pData, + pPhase1OpData->privateValueX.dataLenInBytes); + + /* Output parameters */ + pLocalOctetStringPV->pData = + krp->krp_param[ICP_DH_KRP_PARAM_RESULT_INDEX].crp_p; + + BITS_TO_BYTES(pLocalOctetStringPV->dataLenInBytes, + krp->krp_param[ICP_DH_KRP_PARAM_RESULT_INDEX].crp_nbits); + + lacStatus = cpaCyDhKeyGenPhase1(CPA_INSTANCE_HANDLE_SINGLE, + icp_ocfDrvDhP1CallBack, + callbackTag, pPhase1OpData, + pLocalOctetStringPV); + + if (CPA_STATUS_SUCCESS != lacStatus) { + EPRINTK("%s(): DH Phase 1 Key Gen failed (%d).\n", + __FUNCTION__, lacStatus); + icp_ocfDrvFreeFlatBuffer(pLocalOctetStringPV); + ICP_CACHE_FREE(drvDH_zone, pPhase1OpData); + } + + return lacStatus; +} + +/* Name : icp_ocfDrvModExp + * + * Description : This function will map ordinary Modular Exponentiation calls + * from OCF to the LAC API. + * + */ +static int icp_ocfDrvModExp(struct cryptkop *krp) +{ + CpaStatus lacStatus = CPA_STATUS_SUCCESS; + void *callbackTag = NULL; + CpaCyLnModExpOpData *pModExpOpData = NULL; + CpaFlatBuffer *pResult = NULL; + + if ((krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].crp_nbits % + NUM_BITS_IN_BYTE) != 0) { + DPRINTK("%s(): Warning - modulus buffer size (%d) is not a " + "multiple of 8 bits\n", __FUNCTION__, + krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX]. + crp_nbits); + } + + /* Result storage space should be the same size as the prime as this + value can take up the same amount of storage space */ + if (krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].crp_nbits > + krp->krp_param[ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX].crp_nbits) { + APRINTK("%s(): Return Buffer size must be the same or" + " greater than the Modulus buffer\n", __FUNCTION__); + krp->krp_status = EINVAL; + return EINVAL; + } + + callbackTag = krp; + + pModExpOpData = icp_kmem_cache_zalloc(drvLnModExp_zone, ICP_M_NOWAIT); + if (NULL == pModExpOpData) { + APRINTK("%s():Failed to get memory for key gen data\n", + __FUNCTION__); + krp->krp_status = ENOMEM; + return ENOMEM; + } + + pResult = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT); + if (NULL == pResult) { + APRINTK("%s():Failed to get memory for ModExp result\n", + __FUNCTION__); + ICP_CACHE_FREE(drvLnModExp_zone, pModExpOpData); + krp->krp_status = ENOMEM; + return ENOMEM; + } + + /* Link parameters */ + pModExpOpData->modulus.pData = + krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].crp_p; + BITS_TO_BYTES(pModExpOpData->modulus.dataLenInBytes, + krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX]. + crp_nbits); + + icp_ocfDrvSwapBytes(pModExpOpData->modulus.pData, + pModExpOpData->modulus.dataLenInBytes); + + DPRINTK("%s : base (%d)\n", __FUNCTION__, krp-> + krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX].crp_nbits); + pModExpOpData->base.pData = + krp->krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX].crp_p; + BITS_TO_BYTES(pModExpOpData->base.dataLenInBytes, + krp->krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX]. + crp_nbits); + icp_ocfDrvSwapBytes(pModExpOpData->base.pData, + pModExpOpData->base.dataLenInBytes); + + pModExpOpData->exponent.pData = + krp->krp_param[ICP_MOD_EXP_KRP_PARAM_EXPONENT_INDEX].crp_p; + BITS_TO_BYTES(pModExpOpData->exponent.dataLenInBytes, + krp->krp_param[ICP_MOD_EXP_KRP_PARAM_EXPONENT_INDEX]. + crp_nbits); + + icp_ocfDrvSwapBytes(pModExpOpData->exponent.pData, + pModExpOpData->exponent.dataLenInBytes); + /* Output parameters */ + pResult->pData = + krp->krp_param[ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX].crp_p, + BITS_TO_BYTES(pResult->dataLenInBytes, + krp->krp_param[ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX]. + crp_nbits); + + lacStatus = cpaCyLnModExp(CPA_INSTANCE_HANDLE_SINGLE, + icp_ocfDrvModExpCallBack, + callbackTag, pModExpOpData, pResult); + + if (CPA_STATUS_SUCCESS != lacStatus) { + EPRINTK("%s(): Mod Exp Operation failed (%d).\n", + __FUNCTION__, lacStatus); + krp->krp_status = ECANCELED; + icp_ocfDrvFreeFlatBuffer(pResult); + ICP_CACHE_FREE(drvLnModExp_zone, pModExpOpData); + } + + return lacStatus; +} + +/* Name : icp_ocfDrvModExpCRT + * + * Description : This function will map ordinary Modular Exponentiation Chinese + * Remainder Theorem implementaion calls from OCF to the LAC API. + * + * Note : Mod Exp CRT for this driver is accelerated through LAC RSA type 2 + * decrypt operation. Therefore P and Q input values must always be prime + * numbers. Although basic primality checks are done in LAC, it is up to the + * user to do any correct prime number checking before passing the inputs. + */ +static int icp_ocfDrvModExpCRT(struct cryptkop *krp) +{ + CpaStatus lacStatus = CPA_STATUS_SUCCESS; + CpaCyRsaDecryptOpData *rsaDecryptOpData = NULL; + void *callbackTag = NULL; + CpaFlatBuffer *pOutputData = NULL; + + /*Parameter input checks are all done by LAC, no need to repeat + them here. */ + callbackTag = krp; + + rsaDecryptOpData = + icp_kmem_cache_zalloc(drvRSADecrypt_zone, ICP_M_NOWAIT); + if (NULL == rsaDecryptOpData) { + APRINTK("%s():Failed to get memory" + " for MOD EXP CRT Op data struct\n", __FUNCTION__); + krp->krp_status = ENOMEM; + return ENOMEM; + } + + rsaDecryptOpData->pRecipientPrivateKey + = icp_kmem_cache_zalloc(drvRSAPrivateKey_zone, ICP_M_NOWAIT); + if (NULL == rsaDecryptOpData->pRecipientPrivateKey) { + APRINTK("%s():Failed to get memory for MOD EXP CRT" + " private key values struct\n", __FUNCTION__); + ICP_CACHE_FREE(drvRSADecrypt_zone, rsaDecryptOpData); + krp->krp_status = ENOMEM; + return ENOMEM; + } + + rsaDecryptOpData->pRecipientPrivateKey-> + version = CPA_CY_RSA_VERSION_TWO_PRIME; + rsaDecryptOpData->pRecipientPrivateKey-> + privateKeyRepType = CPA_CY_RSA_PRIVATE_KEY_REP_TYPE_2; + + pOutputData = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT); + if (NULL == pOutputData) { + APRINTK("%s():Failed to get memory" + " for MOD EXP CRT output data\n", __FUNCTION__); + ICP_CACHE_FREE(drvRSAPrivateKey_zone, + rsaDecryptOpData->pRecipientPrivateKey); + ICP_CACHE_FREE(drvRSADecrypt_zone, rsaDecryptOpData); + krp->krp_status = ENOMEM; + return ENOMEM; + } + + rsaDecryptOpData->pRecipientPrivateKey-> + version = CPA_CY_RSA_VERSION_TWO_PRIME; + rsaDecryptOpData->pRecipientPrivateKey-> + privateKeyRepType = CPA_CY_RSA_PRIVATE_KEY_REP_TYPE_2; + + /* Link parameters */ + rsaDecryptOpData->inputData.pData = + krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_I_INDEX].crp_p; + BITS_TO_BYTES(rsaDecryptOpData->inputData.dataLenInBytes, + krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_I_INDEX]. + crp_nbits); + + icp_ocfDrvSwapBytes(rsaDecryptOpData->inputData.pData, + rsaDecryptOpData->inputData.dataLenInBytes); + + rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.prime1P.pData = + krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_P_INDEX].crp_p; + BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2. + prime1P.dataLenInBytes, + krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_P_INDEX]. + crp_nbits); + + icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey-> + privateKeyRep2.prime1P.pData, + rsaDecryptOpData->pRecipientPrivateKey-> + privateKeyRep2.prime1P.dataLenInBytes); + + rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.prime2Q.pData = + krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_Q_INDEX].crp_p; + BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2. + prime2Q.dataLenInBytes, + krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_Q_INDEX]. + crp_nbits); + + icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey-> + privateKeyRep2.prime2Q.pData, + rsaDecryptOpData->pRecipientPrivateKey-> + privateKeyRep2.prime2Q.dataLenInBytes); + + rsaDecryptOpData->pRecipientPrivateKey-> + privateKeyRep2.exponent1Dp.pData = + krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DP_INDEX].crp_p; + BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2. + exponent1Dp.dataLenInBytes, + krp-> + krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DP_INDEX]. + crp_nbits); + + icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey-> + privateKeyRep2.exponent1Dp.pData, + rsaDecryptOpData->pRecipientPrivateKey-> + privateKeyRep2.exponent1Dp.dataLenInBytes); + + rsaDecryptOpData->pRecipientPrivateKey-> + privateKeyRep2.exponent2Dq.pData = + krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DQ_INDEX].crp_p; + BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey-> + privateKeyRep2.exponent2Dq.dataLenInBytes, + krp-> + krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DQ_INDEX]. + crp_nbits); + + icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey-> + privateKeyRep2.exponent2Dq.pData, + rsaDecryptOpData->pRecipientPrivateKey-> + privateKeyRep2.exponent2Dq.dataLenInBytes); + + rsaDecryptOpData->pRecipientPrivateKey-> + privateKeyRep2.coefficientQInv.pData = + krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_COEFF_QINV_INDEX].crp_p; + BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey-> + privateKeyRep2.coefficientQInv.dataLenInBytes, + krp-> + krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_COEFF_QINV_INDEX]. + crp_nbits); + + icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey-> + privateKeyRep2.coefficientQInv.pData, + rsaDecryptOpData->pRecipientPrivateKey-> + privateKeyRep2.coefficientQInv.dataLenInBytes); + + /* Output Parameter */ + pOutputData->pData = + krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_RESULT_INDEX].crp_p; + BITS_TO_BYTES(pOutputData->dataLenInBytes, + krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_RESULT_INDEX]. + crp_nbits); + + lacStatus = cpaCyRsaDecrypt(CPA_INSTANCE_HANDLE_SINGLE, + icp_ocfDrvModExpCRTCallBack, + callbackTag, rsaDecryptOpData, pOutputData); + + if (CPA_STATUS_SUCCESS != lacStatus) { + EPRINTK("%s(): Mod Exp CRT Operation failed (%d).\n", + __FUNCTION__, lacStatus); + krp->krp_status = ECANCELED; + icp_ocfDrvFreeFlatBuffer(pOutputData); + ICP_CACHE_FREE(drvRSAPrivateKey_zone, + rsaDecryptOpData->pRecipientPrivateKey); + ICP_CACHE_FREE(drvRSADecrypt_zone, rsaDecryptOpData); + } + + return lacStatus; +} + +/* Name : icp_ocfDrvCheckALessThanB + * + * Description : This function will check whether the first argument is less + * than the second. It is used to check whether the DSA RS sign Random K + * value is less than the Prime Q value (as defined in the specification) + * + */ +static int +icp_ocfDrvCheckALessThanB(CpaFlatBuffer * pK, CpaFlatBuffer * pQ, int *doCheck) +{ + + uint8_t *MSB_K = pK->pData; + uint8_t *MSB_Q = pQ->pData; + uint32_t buffer_lengths_in_bytes = pQ->dataLenInBytes; + + if (DONT_RUN_LESS_THAN_CHECK == *doCheck) { + return FAIL_A_IS_GREATER_THAN_B; + } + +/*Check MSBs +if A == B, check next MSB +if A > B, return A_IS_GREATER_THAN_B +if A < B, return A_IS_LESS_THAN_B (success) +*/ + while (*MSB_K == *MSB_Q) { + MSB_K++; + MSB_Q++; + + buffer_lengths_in_bytes--; + if (0 == buffer_lengths_in_bytes) { + DPRINTK("%s() Buffers have equal value!!\n", + __FUNCTION__); + return FAIL_A_IS_EQUAL_TO_B; + } + + } + + if (*MSB_K < *MSB_Q) { + return SUCCESS_A_IS_LESS_THAN_B; + } else { + return FAIL_A_IS_GREATER_THAN_B; + } + +} + +/* Name : icp_ocfDrvDsaSign + * + * Description : This function will map DSA RS Sign from OCF to the LAC API. + * + * NOTE: From looking at OCF patch to OpenSSL and even the number of input + * parameters, OCF expects us to generate the random seed value. This value + * is generated and passed to LAC, however the number is discared in the + * callback and not returned to the user. + */ +static int icp_ocfDrvDsaSign(struct cryptkop *krp) +{ + CpaStatus lacStatus = CPA_STATUS_SUCCESS; + CpaCyDsaRSSignOpData *dsaRsSignOpData = NULL; + void *callbackTag = NULL; + CpaCyRandGenOpData randGenOpData; + int primeQSizeInBytes = 0; + int doCheck = 0; + CpaFlatBuffer randData; + CpaBoolean protocolStatus = CPA_FALSE; + CpaFlatBuffer *pR = NULL; + CpaFlatBuffer *pS = NULL; + + callbackTag = krp; + + BITS_TO_BYTES(primeQSizeInBytes, + krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX]. + crp_nbits); + + if (DSA_RS_SIGN_PRIMEQ_SIZE_IN_BYTES != primeQSizeInBytes) { + APRINTK("%s(): DSA PRIME Q size not equal to the " + "FIPS defined 20bytes, = %d\n", + __FUNCTION__, primeQSizeInBytes); + krp->krp_status = EDOM; + return EDOM; + } + + dsaRsSignOpData = + icp_kmem_cache_zalloc(drvDSARSSign_zone, ICP_M_NOWAIT); + if (NULL == dsaRsSignOpData) { + APRINTK("%s():Failed to get memory" + " for DSA RS Sign Op data struct\n", __FUNCTION__); + krp->krp_status = ENOMEM; + return ENOMEM; + } + + dsaRsSignOpData->K.pData = + icp_kmem_cache_alloc(drvDSARSSignKValue_zone, ICP_M_NOWAIT); + + if (NULL == dsaRsSignOpData->K.pData) { + APRINTK("%s():Failed to get memory" + " for DSA RS Sign Op Random value\n", __FUNCTION__); + ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData); + krp->krp_status = ENOMEM; + return ENOMEM; + } + + pR = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT); + if (NULL == pR) { + APRINTK("%s():Failed to get memory" + " for DSA signature R\n", __FUNCTION__); + ICP_CACHE_FREE(drvDSARSSignKValue_zone, + dsaRsSignOpData->K.pData); + ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData); + krp->krp_status = ENOMEM; + return ENOMEM; + } + + pS = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT); + if (NULL == pS) { + APRINTK("%s():Failed to get memory" + " for DSA signature S\n", __FUNCTION__); + icp_ocfDrvFreeFlatBuffer(pR); + ICP_CACHE_FREE(drvDSARSSignKValue_zone, + dsaRsSignOpData->K.pData); + ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData); + krp->krp_status = ENOMEM; + return ENOMEM; + } + + /*link prime number parameter for ease of processing */ + dsaRsSignOpData->P.pData = + krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_P_INDEX].crp_p; + BITS_TO_BYTES(dsaRsSignOpData->P.dataLenInBytes, + krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_P_INDEX]. + crp_nbits); + + icp_ocfDrvSwapBytes(dsaRsSignOpData->P.pData, + dsaRsSignOpData->P.dataLenInBytes); + + dsaRsSignOpData->Q.pData = + krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX].crp_p; + BITS_TO_BYTES(dsaRsSignOpData->Q.dataLenInBytes, + krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX]. + crp_nbits); + + icp_ocfDrvSwapBytes(dsaRsSignOpData->Q.pData, + dsaRsSignOpData->Q.dataLenInBytes); + + /*generate random number with equal buffer size to Prime value Q, + but value less than Q */ + dsaRsSignOpData->K.dataLenInBytes = dsaRsSignOpData->Q.dataLenInBytes; + + randGenOpData.generateBits = CPA_TRUE; + randGenOpData.lenInBytes = dsaRsSignOpData->K.dataLenInBytes; + + icp_ocfDrvPtrAndLenToFlatBuffer(dsaRsSignOpData->K.pData, + dsaRsSignOpData->K.dataLenInBytes, + &randData); + + doCheck = 0; + while (icp_ocfDrvCheckALessThanB(&(dsaRsSignOpData->K), + &(dsaRsSignOpData->Q), &doCheck)) { + + if (CPA_STATUS_SUCCESS + != cpaCyRandGen(CPA_INSTANCE_HANDLE_SINGLE, + NULL, NULL, &randGenOpData, &randData)) { + APRINTK("%s(): ERROR - Failed to generate DSA RS Sign K" + "value\n", __FUNCTION__); + icp_ocfDrvFreeFlatBuffer(pS); + icp_ocfDrvFreeFlatBuffer(pR); + ICP_CACHE_FREE(drvDSARSSignKValue_zone, + dsaRsSignOpData->K.pData); + ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData); + krp->krp_status = EAGAIN; + return EAGAIN; + } + + doCheck++; + if (DSA_SIGN_RAND_GEN_VAL_CHECK_MAX_ITERATIONS == doCheck) { + APRINTK("%s(): ERROR - Failed to find DSA RS Sign K " + "value less than Q value\n", __FUNCTION__); + icp_ocfDrvFreeFlatBuffer(pS); + icp_ocfDrvFreeFlatBuffer(pR); + ICP_CACHE_FREE(drvDSARSSignKValue_zone, + dsaRsSignOpData->K.pData); + ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData); + krp->krp_status = EAGAIN; + return EAGAIN; + } + + } + /*Rand Data - no need to swap bytes for pK */ + + /* Link parameters */ + dsaRsSignOpData->G.pData = + krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_G_INDEX].crp_p; + BITS_TO_BYTES(dsaRsSignOpData->G.dataLenInBytes, + krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_G_INDEX].crp_nbits); + + icp_ocfDrvSwapBytes(dsaRsSignOpData->G.pData, + dsaRsSignOpData->G.dataLenInBytes); + + dsaRsSignOpData->X.pData = + krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_X_INDEX].crp_p; + BITS_TO_BYTES(dsaRsSignOpData->X.dataLenInBytes, + krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_X_INDEX].crp_nbits); + icp_ocfDrvSwapBytes(dsaRsSignOpData->X.pData, + dsaRsSignOpData->X.dataLenInBytes); + + /*OpenSSL dgst parameter is left in big endian byte order, + therefore no byte swap is required */ + dsaRsSignOpData->M.pData = + krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_DGST_INDEX].crp_p; + BITS_TO_BYTES(dsaRsSignOpData->M.dataLenInBytes, + krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_DGST_INDEX]. + crp_nbits); + + /* Output Parameters */ + pS->pData = krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_S_RESULT_INDEX].crp_p; + BITS_TO_BYTES(pS->dataLenInBytes, + krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_S_RESULT_INDEX]. + crp_nbits); + + pR->pData = krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_R_RESULT_INDEX].crp_p; + BITS_TO_BYTES(pR->dataLenInBytes, + krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_R_RESULT_INDEX]. + crp_nbits); + + lacStatus = cpaCyDsaSignRS(CPA_INSTANCE_HANDLE_SINGLE, + icp_ocfDrvDsaRSSignCallBack, + callbackTag, dsaRsSignOpData, + &protocolStatus, pR, pS); + + if (CPA_STATUS_SUCCESS != lacStatus) { + EPRINTK("%s(): DSA RS Sign Operation failed (%d).\n", + __FUNCTION__, lacStatus); + krp->krp_status = ECANCELED; + icp_ocfDrvFreeFlatBuffer(pS); + icp_ocfDrvFreeFlatBuffer(pR); + ICP_CACHE_FREE(drvDSARSSignKValue_zone, + dsaRsSignOpData->K.pData); + ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData); + } + + return lacStatus; +} + +/* Name : icp_ocfDrvDsaVerify + * + * Description : This function will map DSA RS Verify from OCF to the LAC API. + * + */ +static int icp_ocfDrvDsaVerify(struct cryptkop *krp) +{ + CpaStatus lacStatus = CPA_STATUS_SUCCESS; + CpaCyDsaVerifyOpData *dsaVerifyOpData = NULL; + void *callbackTag = NULL; + CpaBoolean verifyStatus = CPA_FALSE; + + callbackTag = krp; + + dsaVerifyOpData = + icp_kmem_cache_zalloc(drvDSAVerify_zone, ICP_M_NOWAIT); + if (NULL == dsaVerifyOpData) { + APRINTK("%s():Failed to get memory" + " for DSA Verify Op data struct\n", __FUNCTION__); + krp->krp_status = ENOMEM; + return ENOMEM; + } + + /* Link parameters */ + dsaVerifyOpData->P.pData = + krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_P_INDEX].crp_p; + BITS_TO_BYTES(dsaVerifyOpData->P.dataLenInBytes, + krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_P_INDEX]. + crp_nbits); + icp_ocfDrvSwapBytes(dsaVerifyOpData->P.pData, + dsaVerifyOpData->P.dataLenInBytes); + + dsaVerifyOpData->Q.pData = + krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_Q_INDEX].crp_p; + BITS_TO_BYTES(dsaVerifyOpData->Q.dataLenInBytes, + krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_Q_INDEX]. + crp_nbits); + icp_ocfDrvSwapBytes(dsaVerifyOpData->Q.pData, + dsaVerifyOpData->Q.dataLenInBytes); + + dsaVerifyOpData->G.pData = + krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_G_INDEX].crp_p; + BITS_TO_BYTES(dsaVerifyOpData->G.dataLenInBytes, + krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_G_INDEX]. + crp_nbits); + icp_ocfDrvSwapBytes(dsaVerifyOpData->G.pData, + dsaVerifyOpData->G.dataLenInBytes); + + dsaVerifyOpData->Y.pData = + krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PUBKEY_INDEX].crp_p; + BITS_TO_BYTES(dsaVerifyOpData->Y.dataLenInBytes, + krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PUBKEY_INDEX]. + crp_nbits); + icp_ocfDrvSwapBytes(dsaVerifyOpData->Y.pData, + dsaVerifyOpData->Y.dataLenInBytes); + + /*OpenSSL dgst parameter is left in big endian byte order, + therefore no byte swap is required */ + dsaVerifyOpData->M.pData = + krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_DGST_INDEX].crp_p; + BITS_TO_BYTES(dsaVerifyOpData->M.dataLenInBytes, + krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_DGST_INDEX]. + crp_nbits); + + dsaVerifyOpData->R.pData = + krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_R_INDEX].crp_p; + BITS_TO_BYTES(dsaVerifyOpData->R.dataLenInBytes, + krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_R_INDEX]. + crp_nbits); + icp_ocfDrvSwapBytes(dsaVerifyOpData->R.pData, + dsaVerifyOpData->R.dataLenInBytes); + + dsaVerifyOpData->S.pData = + krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_S_INDEX].crp_p; + BITS_TO_BYTES(dsaVerifyOpData->S.dataLenInBytes, + krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_S_INDEX]. + crp_nbits); + icp_ocfDrvSwapBytes(dsaVerifyOpData->S.pData, + dsaVerifyOpData->S.dataLenInBytes); + + lacStatus = cpaCyDsaVerify(CPA_INSTANCE_HANDLE_SINGLE, + icp_ocfDrvDsaVerifyCallBack, + callbackTag, dsaVerifyOpData, &verifyStatus); + + if (CPA_STATUS_SUCCESS != lacStatus) { + EPRINTK("%s(): DSA Verify Operation failed (%d).\n", + __FUNCTION__, lacStatus); + ICP_CACHE_FREE(drvDSAVerify_zone, dsaVerifyOpData); + krp->krp_status = ECANCELED; + } + + return lacStatus; +} + +/* Name : icp_ocfDrvDhP1Callback + * + * Description : When this function returns it signifies that the LAC + * component has completed the DH operation. + */ +static void +icp_ocfDrvDhP1CallBack(void *callbackTag, + CpaStatus status, + void *pOpData, CpaFlatBuffer * pLocalOctetStringPV) +{ + struct cryptkop *krp = NULL; + CpaCyDhPhase1KeyGenOpData *pPhase1OpData = NULL; + + if (NULL == callbackTag) { + DPRINTK("%s(): Invalid input parameters - " + "callbackTag data is NULL\n", __FUNCTION__); + return; + } + krp = (struct cryptkop *)callbackTag; + + if (NULL == pOpData) { + DPRINTK("%s(): Invalid input parameters - " + "Operation Data is NULL\n", __FUNCTION__); + krp->krp_status = ECANCELED; + crypto_kdone(krp); + return; + } + pPhase1OpData = (CpaCyDhPhase1KeyGenOpData *) pOpData; + + if (NULL == pLocalOctetStringPV) { + DPRINTK("%s(): Invalid input parameters - " + "pLocalOctetStringPV Data is NULL\n", __FUNCTION__); + memset(pPhase1OpData, 0, sizeof(CpaCyDhPhase1KeyGenOpData)); + ICP_CACHE_FREE(drvDH_zone, pPhase1OpData); + krp->krp_status = ECANCELED; + crypto_kdone(krp); + return; + } + + if (CPA_STATUS_SUCCESS == status) { + krp->krp_status = CRYPTO_OP_SUCCESS; + } else { + APRINTK("%s(): Diffie Hellman Phase1 Key Gen failed - " + "Operation Status = %d\n", __FUNCTION__, status); + krp->krp_status = ECANCELED; + } + + icp_ocfDrvSwapBytes(pLocalOctetStringPV->pData, + pLocalOctetStringPV->dataLenInBytes); + + icp_ocfDrvFreeFlatBuffer(pLocalOctetStringPV); + memset(pPhase1OpData, 0, sizeof(CpaCyDhPhase1KeyGenOpData)); + ICP_CACHE_FREE(drvDH_zone, pPhase1OpData); + + crypto_kdone(krp); + + return; +} + +/* Name : icp_ocfDrvModExpCallBack + * + * Description : When this function returns it signifies that the LAC + * component has completed the Mod Exp operation. + */ +static void +icp_ocfDrvModExpCallBack(void *callbackTag, + CpaStatus status, + void *pOpdata, CpaFlatBuffer * pResult) +{ + struct cryptkop *krp = NULL; + CpaCyLnModExpOpData *pLnModExpOpData = NULL; + + if (NULL == callbackTag) { + DPRINTK("%s(): Invalid input parameters - " + "callbackTag data is NULL\n", __FUNCTION__); + return; + } + krp = (struct cryptkop *)callbackTag; + + if (NULL == pOpdata) { + DPRINTK("%s(): Invalid Mod Exp input parameters - " + "Operation Data is NULL\n", __FUNCTION__); + krp->krp_status = ECANCELED; + crypto_kdone(krp); + return; + } + pLnModExpOpData = (CpaCyLnModExpOpData *) pOpdata; + + if (NULL == pResult) { + DPRINTK("%s(): Invalid input parameters - " + "pResult data is NULL\n", __FUNCTION__); + krp->krp_status = ECANCELED; + memset(pLnModExpOpData, 0, sizeof(CpaCyLnModExpOpData)); + ICP_CACHE_FREE(drvLnModExp_zone, pLnModExpOpData); + crypto_kdone(krp); + return; + } + + if (CPA_STATUS_SUCCESS == status) { + krp->krp_status = CRYPTO_OP_SUCCESS; + } else { + APRINTK("%s(): LAC Mod Exp Operation failed - " + "Operation Status = %d\n", __FUNCTION__, status); + krp->krp_status = ECANCELED; + } + + icp_ocfDrvSwapBytes(pResult->pData, pResult->dataLenInBytes); + + /*switch base size value back to original */ + if (pLnModExpOpData->base.pData == + (uint8_t *) & (krp-> + krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX]. + crp_nbits)) { + *((uint32_t *) pLnModExpOpData->base.pData) = + ntohl(*((uint32_t *) pLnModExpOpData->base.pData)); + } + icp_ocfDrvFreeFlatBuffer(pResult); + memset(pLnModExpOpData, 0, sizeof(CpaCyLnModExpOpData)); + ICP_CACHE_FREE(drvLnModExp_zone, pLnModExpOpData); + + crypto_kdone(krp); + + return; + +} + +/* Name : icp_ocfDrvModExpCRTCallBack + * + * Description : When this function returns it signifies that the LAC + * component has completed the Mod Exp CRT operation. + */ +static void +icp_ocfDrvModExpCRTCallBack(void *callbackTag, + CpaStatus status, + void *pOpData, CpaFlatBuffer * pOutputData) +{ + struct cryptkop *krp = NULL; + CpaCyRsaDecryptOpData *pDecryptData = NULL; + + if (NULL == callbackTag) { + DPRINTK("%s(): Invalid input parameters - " + "callbackTag data is NULL\n", __FUNCTION__); + return; + } + + krp = (struct cryptkop *)callbackTag; + + if (NULL == pOpData) { + DPRINTK("%s(): Invalid input parameters - " + "Operation Data is NULL\n", __FUNCTION__); + krp->krp_status = ECANCELED; + crypto_kdone(krp); + return; + } + pDecryptData = (CpaCyRsaDecryptOpData *) pOpData; + + if (NULL == pOutputData) { + DPRINTK("%s(): Invalid input parameter - " + "pOutputData is NULL\n", __FUNCTION__); + memset(pDecryptData->pRecipientPrivateKey, 0, + sizeof(CpaCyRsaPrivateKey)); + ICP_CACHE_FREE(drvRSAPrivateKey_zone, + pDecryptData->pRecipientPrivateKey); + memset(pDecryptData, 0, sizeof(CpaCyRsaDecryptOpData)); + ICP_CACHE_FREE(drvRSADecrypt_zone, pDecryptData); + krp->krp_status = ECANCELED; + crypto_kdone(krp); + return; + } + + if (CPA_STATUS_SUCCESS == status) { + krp->krp_status = CRYPTO_OP_SUCCESS; + } else { + APRINTK("%s(): LAC Mod Exp CRT operation failed - " + "Operation Status = %d\n", __FUNCTION__, status); + krp->krp_status = ECANCELED; + } + + icp_ocfDrvSwapBytes(pOutputData->pData, pOutputData->dataLenInBytes); + + icp_ocfDrvFreeFlatBuffer(pOutputData); + memset(pDecryptData->pRecipientPrivateKey, 0, + sizeof(CpaCyRsaPrivateKey)); + ICP_CACHE_FREE(drvRSAPrivateKey_zone, + pDecryptData->pRecipientPrivateKey); + memset(pDecryptData, 0, sizeof(CpaCyRsaDecryptOpData)); + ICP_CACHE_FREE(drvRSADecrypt_zone, pDecryptData); + + crypto_kdone(krp); + + return; +} + +/* Name : icp_ocfDrvDsaRSSignCallBack + * + * Description : When this function returns it signifies that the LAC + * component has completed the DSA RS sign operation. + */ +static void +icp_ocfDrvDsaRSSignCallBack(void *callbackTag, + CpaStatus status, + void *pOpData, + CpaBoolean protocolStatus, + CpaFlatBuffer * pR, CpaFlatBuffer * pS) +{ + struct cryptkop *krp = NULL; + CpaCyDsaRSSignOpData *pSignData = NULL; + + if (NULL == callbackTag) { + DPRINTK("%s(): Invalid input parameters - " + "callbackTag data is NULL\n", __FUNCTION__); + return; + } + + krp = (struct cryptkop *)callbackTag; + + if (NULL == pOpData) { + DPRINTK("%s(): Invalid input parameters - " + "Operation Data is NULL\n", __FUNCTION__); + krp->krp_status = ECANCELED; + crypto_kdone(krp); + return; + } + pSignData = (CpaCyDsaRSSignOpData *) pOpData; + + if (NULL == pR) { + DPRINTK("%s(): Invalid input parameter - " + "pR sign is NULL\n", __FUNCTION__); + icp_ocfDrvFreeFlatBuffer(pS); + ICP_CACHE_FREE(drvDSARSSign_zone, pSignData); + krp->krp_status = ECANCELED; + crypto_kdone(krp); + return; + } + + if (NULL == pS) { + DPRINTK("%s(): Invalid input parameter - " + "pS sign is NULL\n", __FUNCTION__); + icp_ocfDrvFreeFlatBuffer(pR); + ICP_CACHE_FREE(drvDSARSSign_zone, pSignData); + krp->krp_status = ECANCELED; + crypto_kdone(krp); + return; + } + + if (CPA_STATUS_SUCCESS != status) { + APRINTK("%s(): LAC DSA RS Sign operation failed - " + "Operation Status = %d\n", __FUNCTION__, status); + krp->krp_status = ECANCELED; + } else { + krp->krp_status = CRYPTO_OP_SUCCESS; + + if (CPA_TRUE != protocolStatus) { + DPRINTK("%s(): LAC DSA RS Sign operation failed due " + "to protocol error\n", __FUNCTION__); + krp->krp_status = EIO; + } + } + + /* Swap bytes only when the callback status is successful and + protocolStatus is set to true */ + if (CPA_STATUS_SUCCESS == status && CPA_TRUE == protocolStatus) { + icp_ocfDrvSwapBytes(pR->pData, pR->dataLenInBytes); + icp_ocfDrvSwapBytes(pS->pData, pS->dataLenInBytes); + } + + icp_ocfDrvFreeFlatBuffer(pR); + icp_ocfDrvFreeFlatBuffer(pS); + memset(pSignData->K.pData, 0, pSignData->K.dataLenInBytes); + ICP_CACHE_FREE(drvDSARSSignKValue_zone, pSignData->K.pData); + memset(pSignData, 0, sizeof(CpaCyDsaRSSignOpData)); + ICP_CACHE_FREE(drvDSARSSign_zone, pSignData); + crypto_kdone(krp); + + return; +} + +/* Name : icp_ocfDrvDsaVerifyCallback + * + * Description : When this function returns it signifies that the LAC + * component has completed the DSA Verify operation. + */ +static void +icp_ocfDrvDsaVerifyCallBack(void *callbackTag, + CpaStatus status, + void *pOpData, CpaBoolean verifyStatus) +{ + + struct cryptkop *krp = NULL; + CpaCyDsaVerifyOpData *pVerData = NULL; + + if (NULL == callbackTag) { + DPRINTK("%s(): Invalid input parameters - " + "callbackTag data is NULL\n", __FUNCTION__); + return; + } + + krp = (struct cryptkop *)callbackTag; + + if (NULL == pOpData) { + DPRINTK("%s(): Invalid input parameters - " + "Operation Data is NULL\n", __FUNCTION__); + krp->krp_status = ECANCELED; + crypto_kdone(krp); + return; + } + pVerData = (CpaCyDsaVerifyOpData *) pOpData; + + if (CPA_STATUS_SUCCESS != status) { + APRINTK("%s(): LAC DSA Verify operation failed - " + "Operation Status = %d\n", __FUNCTION__, status); + krp->krp_status = ECANCELED; + } else { + krp->krp_status = CRYPTO_OP_SUCCESS; + + if (CPA_TRUE != verifyStatus) { + DPRINTK("%s(): DSA signature invalid\n", __FUNCTION__); + krp->krp_status = EIO; + } + } + + /* Swap bytes only when the callback status is successful and + verifyStatus is set to true */ + /*Just swapping back the key values for now. Possibly all + swapped buffers need to be reverted */ + if (CPA_STATUS_SUCCESS == status && CPA_TRUE == verifyStatus) { + icp_ocfDrvSwapBytes(pVerData->R.pData, + pVerData->R.dataLenInBytes); + icp_ocfDrvSwapBytes(pVerData->S.pData, + pVerData->S.dataLenInBytes); + } + + memset(pVerData, 0, sizeof(CpaCyDsaVerifyOpData)); + ICP_CACHE_FREE(drvDSAVerify_zone, pVerData); + crypto_kdone(krp); + + return; +} diff -Naur linux-3.0.68.i686-orig/crypto/ocf/ep80579/icp_common.c linux-3.0.68.i686/crypto/ocf/ep80579/icp_common.c --- linux-3.0.68.i686-orig/crypto/ocf/ep80579/icp_common.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/ep80579/icp_common.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,773 @@ +/************************************************************************* + * + * This file is provided under a dual BSD/GPLv2 license. When using or + * redistributing this file, you may do so under either license. + * + * GPL LICENSE SUMMARY + * + * Copyright(c) 2007,2008,2009 Intel Corporation. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. + * The full GNU General Public License is included in this distribution + * in the file called LICENSE.GPL. + * + * Contact Information: + * Intel Corporation + * + * BSD LICENSE + * + * Copyright(c) 2007,2008,2009 Intel Corporation. All rights reserved. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * + * version: Security.L.1.0.2-229 + * + ***************************************************************************/ + +/* + * An OCF module that uses Intel® QuickAssist Integrated Accelerator to do the + * crypto. + * + * This driver requires the ICP Access Library that is available from Intel in + * order to operate. + */ + +#include "icp_ocf.h" + +#define ICP_OCF_COMP_NAME "ICP_OCF" +#define ICP_OCF_VER_MAIN (2) +#define ICP_OCF_VER_MJR (1) +#define ICP_OCF_VER_MNR (0) + +#define MAX_DEREG_RETRIES (100) +#define DEFAULT_DEREG_RETRIES (10) +#define DEFAULT_DEREG_DELAY_IN_JIFFIES (10) + +/* This defines the maximum number of sessions possible between OCF + and the OCF EP80579 Driver. If set to zero, there is no limit. */ +#define DEFAULT_OCF_TO_DRV_MAX_SESSION_COUNT (0) +#define NUM_SUPPORTED_CAPABILITIES (21) + +/*Slab zone names*/ +#define ICP_SESSION_DATA_NAME "icp_ocf.SesDat" +#define ICP_OP_DATA_NAME "icp_ocf.OpDat" +#define ICP_DH_NAME "icp_ocf.DH" +#define ICP_MODEXP_NAME "icp_ocf.ModExp" +#define ICP_RSA_DECRYPT_NAME "icp_ocf.RSAdec" +#define ICP_RSA_PKEY_NAME "icp_ocf.RSApk" +#define ICP_DSA_SIGN_NAME "icp_ocf.DSAsg" +#define ICP_DSA_VER_NAME "icp_ocf.DSAver" +#define ICP_RAND_VAL_NAME "icp_ocf.DSArnd" +#define ICP_FLAT_BUFF_NAME "icp_ocf.FB" + +/*Slabs zones*/ +icp_kmem_cache drvSessionData_zone = NULL; +icp_kmem_cache drvOpData_zone = NULL; +icp_kmem_cache drvDH_zone = NULL; +icp_kmem_cache drvLnModExp_zone = NULL; +icp_kmem_cache drvRSADecrypt_zone = NULL; +icp_kmem_cache drvRSAPrivateKey_zone = NULL; +icp_kmem_cache drvDSARSSign_zone = NULL; +icp_kmem_cache drvDSARSSignKValue_zone = NULL; +icp_kmem_cache drvDSAVerify_zone = NULL; + +/*Slab zones for flatbuffers and bufferlist*/ +icp_kmem_cache drvFlatBuffer_zone = NULL; + +static inline int icp_cache_null_check(void) +{ + return (drvSessionData_zone && drvOpData_zone + && drvDH_zone && drvLnModExp_zone && drvRSADecrypt_zone + && drvRSAPrivateKey_zone && drvDSARSSign_zone + && drvDSARSSign_zone && drvDSARSSignKValue_zone + && drvDSAVerify_zone && drvFlatBuffer_zone); +} + +/*Function to free all allocated slab caches before exiting the module*/ +static void icp_ocfDrvFreeCaches(void); + +int32_t icp_ocfDrvDriverId = INVALID_DRIVER_ID; + +/* Module parameter - gives the number of times LAC deregistration shall be + re-tried */ +int num_dereg_retries = DEFAULT_DEREG_RETRIES; + +/* Module parameter - gives the delay time in jiffies before a LAC session + shall be attempted to be deregistered again */ +int dereg_retry_delay_in_jiffies = DEFAULT_DEREG_DELAY_IN_JIFFIES; + +/* Module parameter - gives the maximum number of sessions possible between + OCF and the OCF EP80579 Driver. If set to zero, there is no limit.*/ +int max_sessions = DEFAULT_OCF_TO_DRV_MAX_SESSION_COUNT; + +/* This is set when the module is removed from the system, no further + processing can take place if this is set */ +icp_atomic_t icp_ocfDrvIsExiting = ICP_ATOMIC_INIT(0); + +/* This is used to show how many lac sessions were not deregistered*/ +icp_atomic_t lac_session_failed_dereg_count = ICP_ATOMIC_INIT(0); + +/* This is used to track the number of registered sessions between OCF and + * and the OCF EP80579 driver, when max_session is set to value other than + * zero. This ensures that the max_session set for the OCF and the driver + * is equal to the LAC registered sessions */ +icp_atomic_t num_ocf_to_drv_registered_sessions = ICP_ATOMIC_INIT(0); + +/* Head of linked list used to store session data */ +icp_drvSessionListHead_t icp_ocfDrvGlobalSymListHead; +icp_drvSessionListHead_t icp_ocfDrvGlobalSymListHead_FreeMemList; + +icp_spinlock_t icp_ocfDrvSymSessInfoListSpinlock; + +/*Below pointer is only used in linux, FreeBSD uses the name to +create its own variable name*/ +icp_workqueue *icp_ocfDrvFreeLacSessionWorkQ = NULL; +ICP_WORKQUEUE_DEFINE_THREAD(icp_ocfDrvFreeLacSessionWorkQ); + +struct icp_drvBuffListInfo defBuffListInfo; + +/* Name : icp_ocfDrvInit + * + * Description : This function will register all the symmetric and asymmetric + * functionality that will be accelerated by the hardware. It will also + * get a unique driver ID from the OCF and initialise all slab caches + */ +ICP_MODULE_INIT_FUNC(icp_ocfDrvInit) +{ + int ocfStatus = 0; + + IPRINTK("=== %s ver %d.%d.%d ===\n", ICP_OCF_COMP_NAME, + ICP_OCF_VER_MAIN, ICP_OCF_VER_MJR, ICP_OCF_VER_MNR); + + if (MAX_DEREG_RETRIES < num_dereg_retries) { + EPRINTK("Session deregistration retry count set to greater " + "than %d", MAX_DEREG_RETRIES); + icp_module_return_code(EINVAL); + } + + /* Initialize and Start the Cryptographic component */ + if (CPA_STATUS_SUCCESS != + cpaCyStartInstance(CPA_INSTANCE_HANDLE_SINGLE)) { + EPRINTK("Failed to initialize and start the instance " + "of the Cryptographic component.\n"); + return icp_module_return_code(EINVAL); + } + + icp_spin_lock_init(&icp_ocfDrvSymSessInfoListSpinlock); + + /* Set the default size of BufferList to allocate */ + memset(&defBuffListInfo, 0, sizeof(struct icp_drvBuffListInfo)); + if (ICP_OCF_DRV_STATUS_SUCCESS != + icp_ocfDrvBufferListMemInfo(ICP_OCF_DRV_DEFAULT_BUFFLIST_ARRAYS, + &defBuffListInfo)) { + EPRINTK("Failed to get bufferlist memory info.\n"); + return icp_module_return_code(ENOMEM); + } + + /*Register OCF EP80579 Driver with OCF */ + icp_ocfDrvDriverId = ICP_CRYPTO_GET_DRIVERID(); + + if (icp_ocfDrvDriverId < 0) { + EPRINTK("%s : ICP driver failed to register with OCF!\n", + __FUNCTION__); + return icp_module_return_code(ENODEV); + } + + /*Create all the slab caches used by the OCF EP80579 Driver */ + drvSessionData_zone = + ICP_CACHE_CREATE(ICP_SESSION_DATA_NAME, struct icp_drvSessionData); + + /* + * Allocation of the OpData includes the allocation space for meta data. + * The memory after the opData structure is reserved for this meta data. + */ + drvOpData_zone = + icp_kmem_cache_create(ICP_OP_DATA_NAME, + sizeof(struct icp_drvOpData) + + defBuffListInfo.metaSize, + ICP_KERNEL_CACHE_ALIGN, + ICP_KERNEL_CACHE_NOINIT); + + drvDH_zone = ICP_CACHE_CREATE(ICP_DH_NAME, CpaCyDhPhase1KeyGenOpData); + + drvLnModExp_zone = + ICP_CACHE_CREATE(ICP_MODEXP_NAME, CpaCyLnModExpOpData); + + drvRSADecrypt_zone = + ICP_CACHE_CREATE(ICP_RSA_DECRYPT_NAME, CpaCyRsaDecryptOpData); + + drvRSAPrivateKey_zone = + ICP_CACHE_CREATE(ICP_RSA_PKEY_NAME, CpaCyRsaPrivateKey); + + drvDSARSSign_zone = + ICP_CACHE_CREATE(ICP_DSA_SIGN_NAME, CpaCyDsaRSSignOpData); + + /*too awkward to use a macro here */ + drvDSARSSignKValue_zone = + ICP_CACHE_CREATE(ICP_RAND_VAL_NAME, + DSA_RS_SIGN_PRIMEQ_SIZE_IN_BYTES); + + drvDSAVerify_zone = + ICP_CACHE_CREATE(ICP_DSA_VER_NAME, CpaCyDsaVerifyOpData); + + drvFlatBuffer_zone = + ICP_CACHE_CREATE(ICP_FLAT_BUFF_NAME, CpaFlatBuffer); + + if (0 == icp_cache_null_check()) { + icp_ocfDrvFreeCaches(); + EPRINTK("%s() line %d: Not enough memory!\n", + __FUNCTION__, __LINE__); + return ENOMEM; + } + + /* Register the ICP symmetric crypto support. */ + ICP_REG_SYM_WITH_OCF(icp_ocfDrvDriverId, CRYPTO_NULL_CBC, ocfStatus); + ICP_REG_SYM_WITH_OCF(icp_ocfDrvDriverId, CRYPTO_DES_CBC, ocfStatus); + ICP_REG_SYM_WITH_OCF(icp_ocfDrvDriverId, CRYPTO_3DES_CBC, ocfStatus); + ICP_REG_SYM_WITH_OCF(icp_ocfDrvDriverId, CRYPTO_AES_CBC, ocfStatus); + ICP_REG_SYM_WITH_OCF(icp_ocfDrvDriverId, CRYPTO_ARC4, ocfStatus); + ICP_REG_SYM_WITH_OCF(icp_ocfDrvDriverId, CRYPTO_MD5, ocfStatus); + ICP_REG_SYM_WITH_OCF(icp_ocfDrvDriverId, CRYPTO_MD5_HMAC, ocfStatus); + ICP_REG_SYM_WITH_OCF(icp_ocfDrvDriverId, CRYPTO_SHA1, ocfStatus); + ICP_REG_SYM_WITH_OCF(icp_ocfDrvDriverId, CRYPTO_SHA1_HMAC, ocfStatus); + ICP_REG_SYM_WITH_OCF(icp_ocfDrvDriverId, CRYPTO_SHA2_256, ocfStatus); + ICP_REG_SYM_WITH_OCF(icp_ocfDrvDriverId, CRYPTO_SHA2_256_HMAC, + ocfStatus); + ICP_REG_SYM_WITH_OCF(icp_ocfDrvDriverId, CRYPTO_SHA2_384, ocfStatus); + ICP_REG_SYM_WITH_OCF(icp_ocfDrvDriverId, CRYPTO_SHA2_384_HMAC, + ocfStatus); + ICP_REG_SYM_WITH_OCF(icp_ocfDrvDriverId, CRYPTO_SHA2_512, ocfStatus); + ICP_REG_SYM_WITH_OCF(icp_ocfDrvDriverId, CRYPTO_SHA2_512_HMAC, + ocfStatus); + + /* Register the ICP asymmetric algorithm support */ + ICP_REG_ASYM_WITH_OCF(icp_ocfDrvDriverId, CRK_DH_COMPUTE_KEY, + ocfStatus); + ICP_REG_ASYM_WITH_OCF(icp_ocfDrvDriverId, CRK_MOD_EXP, ocfStatus); + ICP_REG_ASYM_WITH_OCF(icp_ocfDrvDriverId, CRK_MOD_EXP_CRT, ocfStatus); + ICP_REG_ASYM_WITH_OCF(icp_ocfDrvDriverId, CRK_DSA_SIGN, ocfStatus); + ICP_REG_ASYM_WITH_OCF(icp_ocfDrvDriverId, CRK_DSA_VERIFY, ocfStatus); + + /* Register the ICP random number generator support */ + ICP_REG_RAND_WITH_OCF(icp_ocfDrvDriverId, + icp_ocfDrvReadRandom, NULL, ocfStatus); + + if (OCF_ZERO_FUNCTIONALITY_REGISTERED == ocfStatus) { + DPRINTK("%s: Failed to register any device capabilities\n", + __FUNCTION__); + icp_ocfDrvFreeCaches(); + icp_ocfDrvDriverId = INVALID_DRIVER_ID; + return icp_module_return_code(ECANCELED); + } + + DPRINTK("%s: Registered %d of %d device capabilities\n", + __FUNCTION__, ocfStatus, NUM_SUPPORTED_CAPABILITIES); + + /*Session data linked list used during module exit */ + ICP_INIT_LIST_HEAD(&icp_ocfDrvGlobalSymListHead); + ICP_INIT_LIST_HEAD(&icp_ocfDrvGlobalSymListHead_FreeMemList); + + ICP_WORKQUEUE_CREATE(icp_ocfDrvFreeLacSessionWorkQ, "icpwq"); + if (ICP_WORKQUEUE_NULL_CHECK(icp_ocfDrvFreeLacSessionWorkQ)) { + EPRINTK("%s: Failed to create single " + "thread workqueue\n", __FUNCTION__); + icp_ocfDrvFreeCaches(); + icp_ocfDrvDriverId = INVALID_DRIVER_ID; + return icp_module_return_code(ENOMEM); + } + + return icp_module_return_code(0); +} + +/* Name : icp_ocfDrvExit + * + * Description : This function will deregister all the symmetric sessions + * registered with the LAC component. It will also deregister all symmetric + * and asymmetric functionality that can be accelerated by the hardware via OCF + * and random number generation if it is enabled. + */ +ICP_MODULE_EXIT_FUNC(icp_ocfDrvExit) +{ + CpaStatus lacStatus = CPA_STATUS_SUCCESS; + struct icp_drvSessionData *sessionData = NULL; + struct icp_drvSessionData *tempSessionData = NULL; + int i, remaining_delay_time_in_jiffies = 0; + + /* For FreeBSD the invariant macro below makes function to return */ + /* with EBUSY value in the case of any session which has been regi- */ + /* stered with LAC not being deregistered. */ + /* The Linux implementation is empty since it is purely to compensate */ + /* for a limitation of the FreeBSD 7.1 Opencrypto framework. */ + + ICP_MODULE_EXIT_INV(); + + /* There is a possibility of a process or new session command being */ + /* sent before this variable is incremented. The aim of this variable */ + /* is to stop a loop of calls creating a deadlock situation which */ + /* would prevent the driver from exiting. */ + icp_atomic_set(&icp_ocfDrvIsExiting, 1); + + /*Existing sessions will be routed to another driver after these calls */ + crypto_unregister_all(icp_ocfDrvDriverId); + crypto_runregister_all(icp_ocfDrvDriverId); + + if (ICP_WORKQUEUE_NULL_CHECK(icp_ocfDrvFreeLacSessionWorkQ)) { + DPRINTK("%s: workqueue already " + "destroyed, therefore module exit " + " function already called. Exiting.\n", __FUNCTION__); + return ICP_MODULE_EXIT_FUNC_RETURN_VAL; + } + /*If any sessions are waiting to be deregistered, do that. This also + flushes the work queue */ + ICP_WORKQUEUE_DESTROY(icp_ocfDrvFreeLacSessionWorkQ); + + /*ENTER CRITICAL SECTION */ + icp_spin_lockbh_lock(&icp_ocfDrvSymSessInfoListSpinlock); + + ICP_LIST_FOR_EACH_ENTRY_SAFE(tempSessionData, sessionData, + &icp_ocfDrvGlobalSymListHead, listNode) { + for (i = 0; i < num_dereg_retries; i++) { + /*No harm if bad input - LAC will handle error cases */ + if (ICP_SESSION_RUNNING == tempSessionData->inUse) { + lacStatus = + cpaCySymRemoveSession + (CPA_INSTANCE_HANDLE_SINGLE, + tempSessionData->sessHandle); + if (CPA_STATUS_SUCCESS == lacStatus) { + /* Succesfully deregistered */ + break; + } else if (CPA_STATUS_RETRY != lacStatus) { + icp_atomic_inc + (&lac_session_failed_dereg_count); + break; + } + + /*schedule_timout returns the time left for completion if + * this task is set to TASK_INTERRUPTIBLE */ + remaining_delay_time_in_jiffies = + dereg_retry_delay_in_jiffies; + while (0 > remaining_delay_time_in_jiffies) { + remaining_delay_time_in_jiffies = + icp_schedule_timeout + (&icp_ocfDrvSymSessInfoListSpinlock, + remaining_delay_time_in_jiffies); + } + + DPRINTK + ("%s(): Retry %d to deregistrate the session\n", + __FUNCTION__, i); + } + } + + /*remove from current list */ + ICP_LIST_DEL(tempSessionData, listNode); + /*add to free mem linked list */ + ICP_LIST_ADD(tempSessionData, + &icp_ocfDrvGlobalSymListHead_FreeMemList, + listNode); + + } + + /*EXIT CRITICAL SECTION */ + icp_spin_lockbh_unlock(&icp_ocfDrvSymSessInfoListSpinlock); + + /*set back to initial values */ + sessionData = NULL; + /*still have a reference in our list! */ + tempSessionData = NULL; + /*free memory */ + + ICP_LIST_FOR_EACH_ENTRY_SAFE(tempSessionData, sessionData, + &icp_ocfDrvGlobalSymListHead_FreeMemList, + listNode) { + + ICP_LIST_DEL(tempSessionData, listNode); + /* Free allocated CpaCySymSessionCtx */ + if (NULL != tempSessionData->sessHandle) { + icp_kfree(tempSessionData->sessHandle); + } + memset(tempSessionData, 0, sizeof(struct icp_drvSessionData)); + ICP_CACHE_FREE(drvSessionData_zone, tempSessionData); + } + + if (0 != icp_atomic_read(&lac_session_failed_dereg_count)) { + DPRINTK("%s(): %d LAC sessions were not deregistered " + "correctly. This is not a clean exit! \n", + __FUNCTION__, + icp_atomic_read(&lac_session_failed_dereg_count)); + } + + icp_ocfDrvFreeCaches(); + icp_ocfDrvDriverId = INVALID_DRIVER_ID; + + icp_spin_lock_destroy(&icp_ocfDrvSymSessInfoListSpinlock); + + /* Shutdown the Cryptographic component */ + lacStatus = cpaCyStopInstance(CPA_INSTANCE_HANDLE_SINGLE); + if (CPA_STATUS_SUCCESS != lacStatus) { + DPRINTK("%s(): Failed to stop instance of the " + "Cryptographic component.(status == %d)\n", + __FUNCTION__, lacStatus); + } + + return ICP_MODULE_EXIT_FUNC_RETURN_VAL; +} + +/* Name : icp_ocfDrvFreeCaches + * + * Description : This function deregisters all slab caches + */ +static void icp_ocfDrvFreeCaches(void) +{ + icp_atomic_set(&icp_ocfDrvIsExiting, 1); + + /*Sym Zones */ + ICP_CACHE_DESTROY(drvSessionData_zone); + ICP_CACHE_DESTROY(drvOpData_zone); + + /*Asym zones */ + ICP_CACHE_DESTROY(drvDH_zone); + ICP_CACHE_DESTROY(drvLnModExp_zone); + ICP_CACHE_DESTROY(drvRSADecrypt_zone); + ICP_CACHE_DESTROY(drvRSAPrivateKey_zone); + ICP_CACHE_DESTROY(drvDSARSSignKValue_zone); + ICP_CACHE_DESTROY(drvDSARSSign_zone); + ICP_CACHE_DESTROY(drvDSAVerify_zone); + + /*FlatBuffer and BufferList Zones */ + ICP_CACHE_DESTROY(drvFlatBuffer_zone); + +} + +/* Name : icp_ocfDrvDeregRetry + * + * Description : This function will try to farm the session deregistration + * off to a work queue. If it fails, nothing more can be done and it + * returns an error + */ +int icp_ocfDrvDeregRetry(CpaCySymSessionCtx sessionToDeregister) +{ + struct icp_ocfDrvFreeLacSession *workstore = NULL; + + DPRINTK("%s(): Retry - Deregistering session (%p)\n", + __FUNCTION__, sessionToDeregister); + + /*make sure the session is not available to be allocated during this + process */ + icp_atomic_inc(&lac_session_failed_dereg_count); + + /*Farm off to work queue */ + workstore = + icp_kmalloc(sizeof(struct icp_ocfDrvFreeLacSession), ICP_M_NOWAIT); + if (NULL == workstore) { + DPRINTK("%s(): unable to free session - no memory available " + "for work queue\n", __FUNCTION__); + return ENOMEM; + } + + workstore->sessionToDeregister = sessionToDeregister; + + icp_init_work(&(workstore->work), + icp_ocfDrvDeferedFreeLacSessionTaskFn, workstore); + + ICP_WORKQUEUE_ENQUEUE(icp_ocfDrvFreeLacSessionWorkQ, + &(workstore->work)); + + return ICP_OCF_DRV_STATUS_SUCCESS; + +} + +/* Name : icp_ocfDrvDeferedFreeLacSessionProcess + * + * Description : This function will retry (module input parameter) + * 'num_dereg_retries' times to deregister any symmetric session that recieves a + * CPA_STATUS_RETRY message from the LAC component. This function is run in + * Thread context because it is called from a worker thread + */ +void icp_ocfDrvDeferedFreeLacSessionProcess(void *arg) +{ + struct icp_ocfDrvFreeLacSession *workstore = NULL; + CpaCySymSessionCtx sessionToDeregister = NULL; + int i = 0; + int remaining_delay_time_in_jiffies = 0; + CpaStatus lacStatus = CPA_STATUS_SUCCESS; + + workstore = (struct icp_ocfDrvFreeLacSession *)arg; + if (NULL == workstore) { + DPRINTK("%s() function called with null parameter \n", + __FUNCTION__); + return; + } + + sessionToDeregister = workstore->sessionToDeregister; + icp_kfree(workstore); + + /*if exiting, give deregistration one more blast only */ + if (icp_atomic_read(&icp_ocfDrvIsExiting) == CPA_TRUE) { + lacStatus = cpaCySymRemoveSession(CPA_INSTANCE_HANDLE_SINGLE, + sessionToDeregister); + + if (lacStatus != CPA_STATUS_SUCCESS) { + DPRINTK("%s() Failed to Dereg LAC session %p " + "during module exit\n", __FUNCTION__, + sessionToDeregister); + return; + } + + icp_atomic_dec(&lac_session_failed_dereg_count); + return; + } + + for (i = 0; i <= num_dereg_retries; i++) { + lacStatus = cpaCySymRemoveSession(CPA_INSTANCE_HANDLE_SINGLE, + sessionToDeregister); + + if (lacStatus == CPA_STATUS_SUCCESS) { + icp_atomic_dec(&lac_session_failed_dereg_count); + return; + } + if (lacStatus != CPA_STATUS_RETRY) { + DPRINTK("%s() Failed to deregister session - lacStatus " + " = %d", __FUNCTION__, lacStatus); + break; + } + + /*schedule_timout returns the time left for completion if this + task is set to TASK_INTERRUPTIBLE */ + remaining_delay_time_in_jiffies = dereg_retry_delay_in_jiffies; + while (0 < remaining_delay_time_in_jiffies) { + remaining_delay_time_in_jiffies = + icp_schedule_timeout(NULL, + remaining_delay_time_in_jiffies); + } + + } + + DPRINTK("%s(): Unable to deregister session\n", __FUNCTION__); + DPRINTK("%s(): Number of unavailable LAC sessions = %d\n", __FUNCTION__, + icp_atomic_read(&lac_session_failed_dereg_count)); +} + +/* Name : icp_ocfDrvPtrAndLenToFlatBuffer + * + * Description : This function converts a "pointer and length" buffer + * structure to Fredericksburg Flat Buffer (CpaFlatBuffer) format. + * + * This function assumes that the data passed in are valid. + */ +inline void +icp_ocfDrvPtrAndLenToFlatBuffer(void *pData, uint32_t len, + CpaFlatBuffer * pFlatBuffer) +{ + pFlatBuffer->pData = pData; + pFlatBuffer->dataLenInBytes = len; +} + +/* Name : icp_ocfDrvPtrAndLenToBufferList + * + * Description : This function converts a "pointer and length" buffer + * structure to Fredericksburg Scatter/Gather Buffer (CpaBufferList) format. + * + * This function assumes that the data passed in are valid. + */ +inline void +icp_ocfDrvPtrAndLenToBufferList(void *pDataIn, uint32_t length, + CpaBufferList * pBufferList) +{ + pBufferList->numBuffers = 1; + pBufferList->pBuffers->pData = pDataIn; + pBufferList->pBuffers->dataLenInBytes = length; +} + +/* Name : icp_ocfDrvBufferListToPtrAndLen + * + * Description : This function converts Fredericksburg Scatter/Gather Buffer + * (CpaBufferList) format to a "pointer and length" buffer structure. + * + * This function assumes that the data passed in are valid. + */ +inline void +icp_ocfDrvBufferListToPtrAndLen(CpaBufferList * pBufferList, + void **ppDataOut, uint32_t * pLength) +{ + *ppDataOut = pBufferList->pBuffers->pData; + *pLength = pBufferList->pBuffers->dataLenInBytes; +} + +/* Name : icp_ocfDrvBufferListMemInfo + * + * Description : This function will set the number of flat buffers in + * bufferlist, the size of memory to allocate for the pPrivateMetaData + * member of the CpaBufferList. + */ +int +icp_ocfDrvBufferListMemInfo(uint16_t numBuffers, + struct icp_drvBuffListInfo *buffListInfo) +{ + buffListInfo->numBuffers = numBuffers; + + if (CPA_STATUS_SUCCESS != + cpaCyBufferListGetMetaSize(CPA_INSTANCE_HANDLE_SINGLE, + buffListInfo->numBuffers, + &(buffListInfo->metaSize))) { + EPRINTK("%s() Failed to get buffer list meta size.\n", + __FUNCTION__); + return ICP_OCF_DRV_STATUS_FAIL; + } + + return ICP_OCF_DRV_STATUS_SUCCESS; +} + +/* Name : icp_ocfDrvFreeFlatBuffer + * + * Description : This function will deallocate flat buffer. + */ +inline void icp_ocfDrvFreeFlatBuffer(CpaFlatBuffer * pFlatBuffer) +{ + if (pFlatBuffer != NULL) { + memset(pFlatBuffer, 0, sizeof(CpaFlatBuffer)); + ICP_CACHE_FREE(drvFlatBuffer_zone, pFlatBuffer); + } +} + +/* Name : icp_ocfDrvAllocMetaData + * + * Description : This function will allocate memory for the + * pPrivateMetaData member of CpaBufferList. + */ +inline int +icp_ocfDrvAllocMetaData(CpaBufferList * pBufferList, + struct icp_drvOpData *pOpData) +{ + Cpa32U metaSize = 0; + + if (pBufferList->numBuffers <= ICP_OCF_DRV_DEFAULT_BUFFLIST_ARRAYS) { + uint8_t *pOpDataStartAddr = (uint8_t *) pOpData; + + if (0 == defBuffListInfo.metaSize) { + pBufferList->pPrivateMetaData = NULL; + return ICP_OCF_DRV_STATUS_SUCCESS; + } + /* + * The meta data allocation has been included as part of the + * op data. It has been pre-allocated in memory just after the + * icp_drvOpData structure. + */ + pBufferList->pPrivateMetaData = (void *)(pOpDataStartAddr + + sizeof(struct + icp_drvOpData)); + } else { + if (CPA_STATUS_SUCCESS != + cpaCyBufferListGetMetaSize(CPA_INSTANCE_HANDLE_SINGLE, + pBufferList->numBuffers, + &metaSize)) { + EPRINTK("%s() Failed to get buffer list meta size.\n", + __FUNCTION__); + return ICP_OCF_DRV_STATUS_FAIL; + } + + if (0 == metaSize) { + pBufferList->pPrivateMetaData = NULL; + return ICP_OCF_DRV_STATUS_SUCCESS; + } + + pBufferList->pPrivateMetaData = + icp_kmalloc(metaSize, ICP_M_NOWAIT); + } + if (NULL == pBufferList->pPrivateMetaData) { + EPRINTK("%s() Failed to allocate pPrivateMetaData.\n", + __FUNCTION__); + return ICP_OCF_DRV_STATUS_FAIL; + } + + return ICP_OCF_DRV_STATUS_SUCCESS; +} + +/* Name : icp_ocfDrvFreeMetaData + * + * Description : This function will deallocate pPrivateMetaData memory. + */ +inline void icp_ocfDrvFreeMetaData(CpaBufferList * pBufferList) +{ + if (NULL == pBufferList->pPrivateMetaData) { + return; + } + + /* + * Only free the meta data if the BufferList has more than + * ICP_OCF_DRV_DEFAULT_BUFFLIST_ARRAYS number of buffers. + * Otherwise, the meta data shall be freed when the icp_drvOpData is + * freed. + */ + if (ICP_OCF_DRV_DEFAULT_BUFFLIST_ARRAYS < pBufferList->numBuffers) { + icp_kfree(pBufferList->pPrivateMetaData); + } +} + +/* Module declaration, init and exit functions */ +ICP_DECLARE_MODULE(icp_ocf, icp_ocfDrvInit, icp_ocfDrvExit); +ICP_MODULE_DESCRIPTION("OCF Driver for Intel Quick Assist crypto acceleration"); +ICP_MODULE_VERSION(icp_ocf, ICP_OCF_VER_MJR); +ICP_MODULE_LICENSE("Dual BSD/GPL"); +ICP_MODULE_AUTHOR("Intel"); + +/* Module parameters */ +ICP_MODULE_PARAM_INT(icp_ocf, num_dereg_retries, + "Number of times to retry LAC Sym Session Deregistration. " + "Default 10, Max 100"); +ICP_MODULE_PARAM_INT(icp_ocf, dereg_retry_delay_in_jiffies, "Delay in jiffies " + "(added to a schedule() function call) before a LAC Sym " + "Session Dereg is retried. Default 10"); +ICP_MODULE_PARAM_INT(icp_ocf, max_sessions, + "This sets the maximum number of sessions " + "between OCF and this driver. If this value is set to zero," + "max session count checking is disabled. Default is zero(0)"); + +/* Module dependencies */ +#define MODULE_MIN_VER 1 +#define CRYPTO_MAX_VER 3 +#define LAC_MAX_VER 2 + +ICP_MODULE_DEPEND(icp_ocf, crypto, MODULE_MIN_VER, MODULE_MIN_VER, + CRYPTO_MAX_VER); +ICP_MODULE_DEPEND(icp_ocf, cryptodev, MODULE_MIN_VER, MODULE_MIN_VER, + CRYPTO_MAX_VER); +ICP_MODULE_DEPEND(icp_ocf, icp_crypto, MODULE_MIN_VER, MODULE_MIN_VER, + LAC_MAX_VER); diff -Naur linux-3.0.68.i686-orig/crypto/ocf/ep80579/icp_ocf.h linux-3.0.68.i686/crypto/ocf/ep80579/icp_ocf.h --- linux-3.0.68.i686-orig/crypto/ocf/ep80579/icp_ocf.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/ep80579/icp_ocf.h 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,376 @@ +/*************************************************************************** + * + * This file is provided under a dual BSD/GPLv2 license. When using or + * redistributing this file, you may do so under either license. + * + * GPL LICENSE SUMMARY + * + * Copyright(c) 2007,2008,2009 Intel Corporation. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. + * The full GNU General Public License is included in this distribution + * in the file called LICENSE.GPL. + * + * Contact Information: + * Intel Corporation + * + * BSD LICENSE + * + * Copyright(c) 2007,2008,2009 Intel Corporation. All rights reserved. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * + * version: Security.L.1.0.2-229 + * + ***************************************************************************/ + +/* + * OCF driver header file for the Intel ICP processor. + */ + +#ifndef ICP_OCF_H_ +#define ICP_OCF_H_ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "icp_os.h" + +#define NUM_BITS_IN_BYTE (8) +#define NUM_BITS_IN_BYTE_MINUS_ONE (NUM_BITS_IN_BYTE -1) +#define INVALID_DRIVER_ID (-1) +#define RETURN_RAND_NUM_GEN_FAILED (-1) + +/*This is the max block cipher initialisation vector*/ +#define MAX_IV_LEN_IN_BYTES (20) +/*This is used to check whether the OCF to this driver session limit has + been disabled*/ +#define NO_OCF_TO_DRV_MAX_SESSIONS (0) + +/*OCF values mapped here*/ +#define ICP_SHA1_DIGEST_SIZE_IN_BYTES (SHA1_HASH_LEN) +#define ICP_SHA256_DIGEST_SIZE_IN_BYTES (SHA2_256_HASH_LEN) +#define ICP_SHA384_DIGEST_SIZE_IN_BYTES (SHA2_384_HASH_LEN) +#define ICP_SHA512_DIGEST_SIZE_IN_BYTES (SHA2_512_HASH_LEN) +#define ICP_MD5_DIGEST_SIZE_IN_BYTES (MD5_HASH_LEN) +#define ARC4_COUNTER_LEN (ARC4_BLOCK_LEN) + +#define OCF_REGISTRATION_STATUS_SUCCESS (0) +#define OCF_ZERO_FUNCTIONALITY_REGISTERED (0) +#define ICP_OCF_DRV_NO_CRYPTO_PROCESS_ERROR (0) +#define ICP_OCF_DRV_STATUS_SUCCESS (0) +#define ICP_OCF_DRV_STATUS_FAIL (1) + +/*Turn on/off debug options*/ +#define ICP_OCF_PRINT_DEBUG_MESSAGES (0) +#define ICP_OCF_PRINT_KERN_ALERT (1) +#define ICP_OCF_PRINT_KERN_ERRS (1) + +#if ICP_OCF_PRINT_DEBUG_MESSAGES == 1 +#define DPRINTK(args...) \ +{ \ + ICP_IPRINTK(args); \ +} + +#else //ICP_OCF_PRINT_DEBUG_MESSAGES == 1 + +#define DPRINTK(args...) + +#endif //ICP_OCF_PRINT_DEBUG_MESSAGES == 1 + +#if ICP_OCF_PRINT_KERN_ALERT == 1 +#define APRINTK(args...) \ +{ \ + ICP_APRINTK(args); \ +} + +#else //ICP_OCF_PRINT_KERN_ALERT == 1 + +#define APRINTK(args...) + +#endif //ICP_OCF_PRINT_KERN_ALERT == 1 + +#if ICP_OCF_PRINT_KERN_ERRS == 1 +#define EPRINTK(args...) \ +{ \ + ICP_EPRINTK(args); \ +} + +#else //ICP_OCF_PRINT_KERN_ERRS == 1 + +#define EPRINTK(args...) + +#endif //ICP_OCF_PRINT_KERN_ERRS == 1 + +#define IPRINTK(args...) \ +{ \ + ICP_IPRINTK(args); \ +} + +/*DSA Prime Q size in bytes (as defined in the standard) */ +#define DSA_RS_SIGN_PRIMEQ_SIZE_IN_BYTES (20) + +#define BITS_TO_BYTES(bytes, bits) \ + bytes = (bits + NUM_BITS_IN_BYTE_MINUS_ONE) / NUM_BITS_IN_BYTE + +typedef enum { + ICP_OCF_DRV_ALG_CIPHER = 0, + ICP_OCF_DRV_ALG_HASH +} icp_ocf_drv_alg_type_t; + +typedef ICP_LIST_HEAD(icp_drvSessionListHead_s, + icp_drvSessionData) icp_drvSessionListHead_t; + +/*Values used to derisk chances of performs being called against +deregistered sessions (for which the slab page has been reclaimed) +This is not a fix - since page frames are reclaimed from a slab, one cannot +rely on that memory not being re-used by another app.*/ +typedef enum { + ICP_SESSION_INITIALISED = 0x5C5C5C, + ICP_SESSION_RUNNING = 0x005C00, + ICP_SESSION_DEREGISTERED = 0xC5C5C5 +} usage_derisk; + +/* This struct is required for deferred session + deregistration as a work queue function can + only have one argument*/ +struct icp_ocfDrvFreeLacSession { + CpaCySymSessionCtx sessionToDeregister; + icp_workstruct work; +}; + +/* +This is the OCF<->OCF_DRV session object: + +1.listNode + The first member is a listNode. These session objects are added to a linked + list in order to make it easier to remove them all at session exit time. + +2.inUse + The second member is used to give the session object state and derisk the + possibility of OCF batch calls executing against a deregistered session (as + described above). + +3.sessHandle + The third member is a LAC<->OCF_DRV session handle (initialised with the first + perform request for that session). + +4.lacSessCtx + The fourth is the LAC session context. All the parameters for this structure + are only known when the first perform request for this session occurs. That is + why the OCF EP80579 Driver only registers a new LAC session at perform time +*/ +struct icp_drvSessionData { + ICP_LIST_ENTRY(icp_drvSessionData) listNode; + usage_derisk inUse; + CpaCySymSessionCtx sessHandle; + CpaCySymSessionSetupData lacSessCtx; +}; + +/* These are all defined in icp_common.c */ +extern icp_atomic_t lac_session_failed_dereg_count; +extern icp_atomic_t icp_ocfDrvIsExiting; +extern icp_atomic_t num_ocf_to_drv_registered_sessions; + +extern int32_t icp_ocfDrvDriverId; + +extern icp_drvSessionListHead_t icp_ocfDrvGlobalSymListHead; +extern icp_drvSessionListHead_t icp_ocfDrvGlobalSymListHead_FreeMemList; +extern icp_workqueue *icp_ocfDrvFreeLacSessionWorkQ; +extern icp_spinlock_t icp_ocfDrvSymSessInfoListSpinlock; + +/*Slab zones for symettric functionality, instantiated in icp_common.c*/ +extern icp_kmem_cache drvSessionData_zone; +extern icp_kmem_cache drvOpData_zone; + +/*Slabs zones for asymettric functionality, instantiated in icp_common.c*/ +extern icp_kmem_cache drvDH_zone; +extern icp_kmem_cache drvLnModExp_zone; +extern icp_kmem_cache drvRSADecrypt_zone; +extern icp_kmem_cache drvRSAPrivateKey_zone; +extern icp_kmem_cache drvDSARSSign_zone; +extern icp_kmem_cache drvDSARSSignKValue_zone; +extern icp_kmem_cache drvDSAVerify_zone; + +/* Module parameters defined in icp_cpmmon.c*/ + +/* Module parameters - gives the number of times LAC deregistration shall be + re-tried */ +extern int num_dereg_retries; + +/* Module parameter - gives the delay time in jiffies before a LAC session + shall be attempted to be deregistered again */ +extern int dereg_retry_delay_in_jiffies; + +/* Module parameter - gives the maximum number of sessions possible between + OCF and the OCF EP80579 Driver. If set to zero, there is no limit.*/ +extern int max_sessions; + +/*Slab zones for flatbuffers and bufferlist*/ +extern icp_kmem_cache drvFlatBuffer_zone; + +#define ICP_OCF_DRV_DEFAULT_BUFFLIST_ARRAYS (16) + +struct icp_drvBuffListInfo { + Cpa16U numBuffers; + Cpa32U metaSize; + Cpa32U metaOffset; + Cpa32U buffListSize; +}; + +extern struct icp_drvBuffListInfo defBuffListInfo; + +/* This struct is used to keep a reference to the relevant node in the list + of sessionData structs, to the buffer type required by OCF and to the OCF + provided crp struct that needs to be returned. All this info is needed in + the callback function.*/ +struct icp_drvOpData { + CpaCySymOpData lacOpData; + uint32_t digestSizeInBytes; + struct cryptop *crp; + uint8_t bufferType; + uint8_t ivData[MAX_IV_LEN_IN_BYTES]; + uint16_t numBufferListArray; + CpaBufferList srcBuffer; + CpaFlatBuffer bufferListArray[ICP_OCF_DRV_DEFAULT_BUFFLIST_ARRAYS]; + CpaBoolean verifyResult; +}; + +/* Create a new session between OCF and this driver*/ +int icp_ocfDrvNewSession(icp_device_t dev, uint32_t * sild, + struct cryptoini *cri); + +/* Free a session between this driver and the Quick Assist Framework*/ +int icp_ocfDrvFreeLACSession(icp_device_t dev, uint64_t sid); + +/* Defer freeing a Quick Assist session*/ +void icp_ocfDrvDeferedFreeLacSessionProcess(void *arg); + +/* Process OCF cryptographic request for a symmetric algorithm*/ +int icp_ocfDrvSymProcess(icp_device_t dev, struct cryptop *crp, int hint); + +/* Process OCF cryptographic request for an asymmetric algorithm*/ +int icp_ocfDrvPkeProcess(icp_device_t dev, struct cryptkop *krp, int hint); + +/* Populate a buffer with random data*/ +int icp_ocfDrvReadRandom(void *arg, uint32_t * buf, int maxwords); + +/* Retry Quick Assist session deregistration*/ +int icp_ocfDrvDeregRetry(CpaCySymSessionCtx sessionToDeregister); + +/* Convert an OS scatter gather list to a CPA buffer list*/ +int icp_ocfDrvPacketBuffToBufferList(icp_packet_buffer_t * pPacketBuffer, + CpaBufferList * bufferList); + +/* Convert a CPA buffer list to an OS scatter gather list*/ +int icp_ocfDrvBufferListToPacketBuff(CpaBufferList * bufferList, + icp_packet_buffer_t ** pPacketBuffer); + +/* Get the number of buffers in an OS scatter gather list*/ +uint16_t icp_ocfDrvGetPacketBuffFrags(icp_packet_buffer_t * pPacketBuffer); + +/* Convert a single OS buffer to a CPA Flat Buffer*/ +void icp_ocfDrvSinglePacketBuffToFlatBuffer(icp_packet_buffer_t * pPacketBuffer, + CpaFlatBuffer * pFlatBuffer); + +/* Add pointer and length to a CPA Flat Buffer structure*/ +void icp_ocfDrvPtrAndLenToFlatBuffer(void *pData, uint32_t len, + CpaFlatBuffer * pFlatBuffer); + +/* Convert pointer and length values to a CPA buffer list*/ +void icp_ocfDrvPtrAndLenToBufferList(void *pDataIn, uint32_t length, + CpaBufferList * pBufferList); + +/* Convert a CPA buffer list to pointer and length values*/ +void icp_ocfDrvBufferListToPtrAndLen(CpaBufferList * pBufferList, + void **ppDataOut, uint32_t * pLength); + +/* Set the number of flat buffers in bufferlist and the size of memory + to allocate for the pPrivateMetaData member of the CpaBufferList.*/ +int icp_ocfDrvBufferListMemInfo(uint16_t numBuffers, + struct icp_drvBuffListInfo *buffListInfo); + +/* Find pointer position of the digest within an OS scatter gather list*/ +uint8_t *icp_ocfDrvPacketBufferDigestPointerFind(struct icp_drvOpData + *drvOpData, + int offsetInBytes, + uint32_t digestSizeInBytes); + +/*This top level function is used to find a pointer to where a digest is + stored/needs to be inserted. */ +uint8_t *icp_ocfDrvDigestPointerFind(struct icp_drvOpData *drvOpData, + struct cryptodesc *crp_desc); + +/* Free a CPA flat buffer*/ +void icp_ocfDrvFreeFlatBuffer(CpaFlatBuffer * pFlatBuffer); + +/* This function will allocate memory for the pPrivateMetaData + member of CpaBufferList. */ +int icp_ocfDrvAllocMetaData(CpaBufferList * pBufferList, + struct icp_drvOpData *pOpData); + +/* Free data allocated for the pPrivateMetaData + member of CpaBufferList.*/ +void icp_ocfDrvFreeMetaData(CpaBufferList * pBufferList); + +#define ICP_CACHE_CREATE(cache_ID, cache_name) \ + icp_kmem_cache_create(cache_ID, sizeof(cache_name),ICP_KERNEL_CACHE_ALIGN,\ + ICP_KERNEL_CACHE_NOINIT) + +#define ICP_CACHE_FREE(args...) \ + icp_kmem_cache_free (args) + +#define ICP_CACHE_DESTROY(slab_zone)\ +{\ + if(NULL != slab_zone){\ + icp_kmem_cache_destroy(slab_zone);\ + slab_zone = NULL;\ + }\ +} + +#endif +/* ICP_OCF_H_ */ diff -Naur linux-3.0.68.i686-orig/crypto/ocf/ep80579/icp_sym.c linux-3.0.68.i686/crypto/ocf/ep80579/icp_sym.c --- linux-3.0.68.i686-orig/crypto/ocf/ep80579/icp_sym.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/ep80579/icp_sym.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,1153 @@ +/*************************************************************************** + * + * This file is provided under a dual BSD/GPLv2 license. When using or + * redistributing this file, you may do so under either license. + * + * GPL LICENSE SUMMARY + * + * Copyright(c) 2007,2008,2009 Intel Corporation. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. + * The full GNU General Public License is included in this distribution + * in the file called LICENSE.GPL. + * + * Contact Information: + * Intel Corporation + * + * BSD LICENSE + * + * Copyright(c) 2007,2008,2009 Intel Corporation. All rights reserved. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * + * version: Security.L.1.0.2-229 + * + ***************************************************************************/ +/* + * An OCF module that uses the API for Intel® QuickAssist Technology to do the + * cryptography. + * + * This driver requires the ICP Access Library that is available from Intel in + * order to operate. + */ + +#include "icp_ocf.h" + +/*This is the call back function for all symmetric cryptographic processes. + Its main functionality is to free driver crypto operation structure and to + call back to OCF*/ +static void +icp_ocfDrvSymCallBack(void *callbackTag, + CpaStatus status, + const CpaCySymOp operationType, + void *pOpData, + CpaBufferList * pDstBuffer, CpaBoolean verifyResult); + +/*This function is used to extract crypto processing information from the OCF + inputs, so as that it may be passed onto LAC*/ +static int +icp_ocfDrvProcessDataSetup(struct icp_drvOpData *drvOpData, + struct cryptodesc *crp_desc); + +/*This function checks whether the crp_desc argument pertains to a digest or a + cipher operation*/ +static int icp_ocfDrvAlgCheck(struct cryptodesc *crp_desc); + +/*This function copies all the passed in session context information and stores + it in a LAC context structure*/ +static int +icp_ocfDrvAlgorithmSetup(struct cryptoini *cri, + CpaCySymSessionSetupData * lacSessCtx); + +/*This function is used to free an OCF->OCF_DRV session object*/ +static void icp_ocfDrvFreeOCFSession(struct icp_drvSessionData *sessionData); + +/*max IOV buffs supported in a UIO structure*/ +#define NUM_IOV_SUPPORTED (1) + +/* Name : icp_ocfDrvSymCallBack + * + * Description : When this function returns it signifies that the LAC + * component has completed the relevant symmetric operation. + * + * Notes : The callbackTag is a pointer to an icp_drvOpData. This memory + * object was passed to LAC for the cryptographic processing and contains all + * the relevant information for cleaning up buffer handles etc. so that the + * OCF EP80579 Driver portion of this crypto operation can be fully completed. + */ +static void +icp_ocfDrvSymCallBack(void *callbackTag, + CpaStatus status, + const CpaCySymOp operationType, + void *pOpData, + CpaBufferList * pDstBuffer, CpaBoolean verifyResult) +{ + struct cryptop *crp = NULL; + struct icp_drvOpData *temp_drvOpData = + (struct icp_drvOpData *)callbackTag; + uint64_t *tempBasePtr = NULL; + uint32_t tempLen = 0; + + if (NULL == temp_drvOpData) { + DPRINTK("%s(): The callback from the LAC component" + " has failed due to Null userOpaque data" + "(status == %d).\n", __FUNCTION__, status); + DPRINTK("%s(): Unable to call OCF back! \n", __FUNCTION__); + return; + } + + crp = temp_drvOpData->crp; + crp->crp_etype = ICP_OCF_DRV_NO_CRYPTO_PROCESS_ERROR; + + if (NULL == pOpData) { + DPRINTK("%s(): The callback from the LAC component" + " has failed due to Null Symmetric Op data" + "(status == %d).\n", __FUNCTION__, status); + crp->crp_etype = ECANCELED; + crypto_done(crp); + return; + } + + if (NULL == pDstBuffer) { + DPRINTK("%s(): The callback from the LAC component" + " has failed due to Null Dst Bufferlist data" + "(status == %d).\n", __FUNCTION__, status); + crp->crp_etype = ECANCELED; + crypto_done(crp); + return; + } + + if (CPA_STATUS_SUCCESS == status) { + + if (temp_drvOpData->bufferType == ICP_CRYPTO_F_PACKET_BUF) { + if (ICP_OCF_DRV_STATUS_SUCCESS != + icp_ocfDrvBufferListToPacketBuff(pDstBuffer, + (icp_packet_buffer_t + **) + & (crp->crp_buf))) { + EPRINTK("%s(): BufferList to SkBuff " + "conversion error.\n", __FUNCTION__); + crp->crp_etype = EPERM; + } + } else { + icp_ocfDrvBufferListToPtrAndLen(pDstBuffer, + (void **)&tempBasePtr, + &tempLen); + crp->crp_olen = (int)tempLen; + } + + } else { + DPRINTK("%s(): The callback from the LAC component has failed" + "(status == %d).\n", __FUNCTION__, status); + + crp->crp_etype = ECANCELED; + } + + if (temp_drvOpData->numBufferListArray > + ICP_OCF_DRV_DEFAULT_BUFFLIST_ARRAYS) { + icp_kfree(pDstBuffer->pBuffers); + } + icp_ocfDrvFreeMetaData(pDstBuffer); + ICP_CACHE_FREE(drvOpData_zone, temp_drvOpData); + + /* Invoke the OCF callback function */ + crypto_done(crp); + + return; +} + +/* Name : icp_ocfDrvNewSession + * + * Description : This function will create a new Driver<->OCF session + * + * Notes : LAC session registration happens during the first perform call. + * That is the first time we know all information about a given session. + */ +int icp_ocfDrvNewSession(icp_device_t dev, uint32_t * sid, + struct cryptoini *cri) +{ + struct icp_drvSessionData *sessionData = NULL; + uint32_t delete_session = 0; + + /* The SID passed in should be our driver ID. We can return the */ + /* local ID (LID) which is a unique identifier which we can use */ + /* to differentiate between the encrypt/decrypt LAC session handles */ + if (NULL == sid) { + EPRINTK("%s(): Invalid input parameters - NULL sid.\n", + __FUNCTION__); + return EINVAL; + } + + if (NULL == cri) { + EPRINTK("%s(): Invalid input parameters - NULL cryptoini.\n", + __FUNCTION__); + return EINVAL; + } + + if (icp_ocfDrvDriverId != *sid) { + EPRINTK("%s(): Invalid input parameters - bad driver ID\n", + __FUNCTION__); + EPRINTK("\t sid = 0x08%p \n \t cri = 0x08%p \n", sid, cri); + return EINVAL; + } + + sessionData = icp_kmem_cache_zalloc(drvSessionData_zone, ICP_M_NOWAIT); + if (NULL == sessionData) { + DPRINTK("%s():No memory for Session Data\n", __FUNCTION__); + return ENOMEM; + } + + /*ENTER CRITICAL SECTION */ + icp_spin_lockbh_lock(&icp_ocfDrvSymSessInfoListSpinlock); + /*put this check in the spinlock so no new sessions can be added to the + linked list when we are exiting */ + if (CPA_TRUE == icp_atomic_read(&icp_ocfDrvIsExiting)) { + delete_session++; + + } else if (NO_OCF_TO_DRV_MAX_SESSIONS != max_sessions) { + if (icp_atomic_read(&num_ocf_to_drv_registered_sessions) >= + (max_sessions - + icp_atomic_read(&lac_session_failed_dereg_count))) { + delete_session++; + } else { + icp_atomic_inc(&num_ocf_to_drv_registered_sessions); + /* Add to session data linked list */ + ICP_LIST_ADD(sessionData, &icp_ocfDrvGlobalSymListHead, + listNode); + } + + } else if (NO_OCF_TO_DRV_MAX_SESSIONS == max_sessions) { + ICP_LIST_ADD(sessionData, &icp_ocfDrvGlobalSymListHead, + listNode); + } + + sessionData->inUse = ICP_SESSION_INITIALISED; + + /*EXIT CRITICAL SECTION */ + icp_spin_lockbh_unlock(&icp_ocfDrvSymSessInfoListSpinlock); + + if (delete_session) { + DPRINTK("%s():No Session handles available\n", __FUNCTION__); + ICP_CACHE_FREE(drvSessionData_zone, sessionData); + return EPERM; + } + + if (ICP_OCF_DRV_STATUS_SUCCESS != + icp_ocfDrvAlgorithmSetup(cri, &(sessionData->lacSessCtx))) { + DPRINTK("%s():algorithm not supported\n", __FUNCTION__); + icp_ocfDrvFreeOCFSession(sessionData); + return EINVAL; + } + + if (cri->cri_next) { + if (cri->cri_next->cri_next != NULL) { + DPRINTK("%s():only two chained algorithms supported\n", + __FUNCTION__); + icp_ocfDrvFreeOCFSession(sessionData); + return EPERM; + } + + if (ICP_OCF_DRV_STATUS_SUCCESS != + icp_ocfDrvAlgorithmSetup(cri->cri_next, + &(sessionData->lacSessCtx))) { + DPRINTK("%s():second algorithm not supported\n", + __FUNCTION__); + icp_ocfDrvFreeOCFSession(sessionData); + return EINVAL; + } + + sessionData->lacSessCtx.symOperation = + CPA_CY_SYM_OP_ALGORITHM_CHAINING; + } + + *sid = (uint32_t) sessionData; + + return ICP_OCF_DRV_STATUS_SUCCESS; +} + +/* Name : icp_ocfDrvAlgorithmSetup + * + * Description : This function builds the session context data from the + * information supplied through OCF. Algorithm chain order and whether the + * session is Encrypt/Decrypt can only be found out at perform time however, so + * the session is registered with LAC at that time. + */ +static int +icp_ocfDrvAlgorithmSetup(struct cryptoini *cri, + CpaCySymSessionSetupData * lacSessCtx) +{ + + lacSessCtx->sessionPriority = CPA_CY_PRIORITY_NORMAL; + + switch (cri->cri_alg) { + + case CRYPTO_NULL_CBC: + DPRINTK("%s(): NULL CBC\n", __FUNCTION__); + lacSessCtx->symOperation = CPA_CY_SYM_OP_CIPHER; + lacSessCtx->cipherSetupData.cipherAlgorithm = + CPA_CY_SYM_CIPHER_NULL; + lacSessCtx->cipherSetupData.cipherKeyLenInBytes = + cri->cri_klen / NUM_BITS_IN_BYTE; + lacSessCtx->cipherSetupData.pCipherKey = cri->cri_key; + break; + + case CRYPTO_DES_CBC: + DPRINTK("%s(): DES CBC\n", __FUNCTION__); + lacSessCtx->symOperation = CPA_CY_SYM_OP_CIPHER; + lacSessCtx->cipherSetupData.cipherAlgorithm = + CPA_CY_SYM_CIPHER_DES_CBC; + lacSessCtx->cipherSetupData.cipherKeyLenInBytes = + cri->cri_klen / NUM_BITS_IN_BYTE; + lacSessCtx->cipherSetupData.pCipherKey = cri->cri_key; + break; + + case CRYPTO_3DES_CBC: + DPRINTK("%s(): 3DES CBC\n", __FUNCTION__); + lacSessCtx->symOperation = CPA_CY_SYM_OP_CIPHER; + lacSessCtx->cipherSetupData.cipherAlgorithm = + CPA_CY_SYM_CIPHER_3DES_CBC; + lacSessCtx->cipherSetupData.cipherKeyLenInBytes = + cri->cri_klen / NUM_BITS_IN_BYTE; + lacSessCtx->cipherSetupData.pCipherKey = cri->cri_key; + break; + + case CRYPTO_AES_CBC: + DPRINTK("%s(): AES CBC\n", __FUNCTION__); + lacSessCtx->symOperation = CPA_CY_SYM_OP_CIPHER; + lacSessCtx->cipherSetupData.cipherAlgorithm = + CPA_CY_SYM_CIPHER_AES_CBC; + lacSessCtx->cipherSetupData.cipherKeyLenInBytes = + cri->cri_klen / NUM_BITS_IN_BYTE; + lacSessCtx->cipherSetupData.pCipherKey = cri->cri_key; + break; + + case CRYPTO_ARC4: + DPRINTK("%s(): ARC4\n", __FUNCTION__); + lacSessCtx->symOperation = CPA_CY_SYM_OP_CIPHER; + lacSessCtx->cipherSetupData.cipherAlgorithm = + CPA_CY_SYM_CIPHER_ARC4; + lacSessCtx->cipherSetupData.cipherKeyLenInBytes = + cri->cri_klen / NUM_BITS_IN_BYTE; + lacSessCtx->cipherSetupData.pCipherKey = cri->cri_key; + break; + + case CRYPTO_SHA1: + DPRINTK("%s(): SHA1\n", __FUNCTION__); + lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH; + lacSessCtx->hashSetupData.hashAlgorithm = CPA_CY_SYM_HASH_SHA1; + lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_PLAIN; + lacSessCtx->hashSetupData.digestResultLenInBytes = + (cri->cri_mlen ? + cri->cri_mlen : ICP_SHA1_DIGEST_SIZE_IN_BYTES); + + break; + + case CRYPTO_SHA1_HMAC: + DPRINTK("%s(): SHA1_HMAC\n", __FUNCTION__); + lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH; + lacSessCtx->hashSetupData.hashAlgorithm = CPA_CY_SYM_HASH_SHA1; + lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_AUTH; + lacSessCtx->hashSetupData.digestResultLenInBytes = + (cri->cri_mlen ? + cri->cri_mlen : ICP_SHA1_DIGEST_SIZE_IN_BYTES); + lacSessCtx->hashSetupData.authModeSetupData.authKey = + cri->cri_key; + lacSessCtx->hashSetupData.authModeSetupData.authKeyLenInBytes = + cri->cri_klen / NUM_BITS_IN_BYTE; + lacSessCtx->hashSetupData.authModeSetupData.aadLenInBytes = 0; + + break; + + case CRYPTO_SHA2_256: + DPRINTK("%s(): SHA256\n", __FUNCTION__); + lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH; + lacSessCtx->hashSetupData.hashAlgorithm = + CPA_CY_SYM_HASH_SHA256; + lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_PLAIN; + lacSessCtx->hashSetupData.digestResultLenInBytes = + (cri->cri_mlen ? + cri->cri_mlen : ICP_SHA256_DIGEST_SIZE_IN_BYTES); + + break; + + case CRYPTO_SHA2_256_HMAC: + DPRINTK("%s(): SHA256_HMAC\n", __FUNCTION__); + lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH; + lacSessCtx->hashSetupData.hashAlgorithm = + CPA_CY_SYM_HASH_SHA256; + lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_AUTH; + lacSessCtx->hashSetupData.digestResultLenInBytes = + (cri->cri_mlen ? + cri->cri_mlen : ICP_SHA256_DIGEST_SIZE_IN_BYTES); + lacSessCtx->hashSetupData.authModeSetupData.authKey = + cri->cri_key; + lacSessCtx->hashSetupData.authModeSetupData.authKeyLenInBytes = + cri->cri_klen / NUM_BITS_IN_BYTE; + lacSessCtx->hashSetupData.authModeSetupData.aadLenInBytes = 0; + + break; + + case CRYPTO_SHA2_384: + DPRINTK("%s(): SHA384\n", __FUNCTION__); + lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH; + lacSessCtx->hashSetupData.hashAlgorithm = + CPA_CY_SYM_HASH_SHA384; + lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_PLAIN; + lacSessCtx->hashSetupData.digestResultLenInBytes = + (cri->cri_mlen ? + cri->cri_mlen : ICP_SHA384_DIGEST_SIZE_IN_BYTES); + + break; + + case CRYPTO_SHA2_384_HMAC: + DPRINTK("%s(): SHA384_HMAC\n", __FUNCTION__); + lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH; + lacSessCtx->hashSetupData.hashAlgorithm = + CPA_CY_SYM_HASH_SHA384; + lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_AUTH; + lacSessCtx->hashSetupData.digestResultLenInBytes = + (cri->cri_mlen ? + cri->cri_mlen : ICP_SHA384_DIGEST_SIZE_IN_BYTES); + lacSessCtx->hashSetupData.authModeSetupData.authKey = + cri->cri_key; + lacSessCtx->hashSetupData.authModeSetupData.authKeyLenInBytes = + cri->cri_klen / NUM_BITS_IN_BYTE; + lacSessCtx->hashSetupData.authModeSetupData.aadLenInBytes = 0; + + break; + + case CRYPTO_SHA2_512: + DPRINTK("%s(): SHA512\n", __FUNCTION__); + lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH; + lacSessCtx->hashSetupData.hashAlgorithm = + CPA_CY_SYM_HASH_SHA512; + lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_PLAIN; + lacSessCtx->hashSetupData.digestResultLenInBytes = + (cri->cri_mlen ? + cri->cri_mlen : ICP_SHA512_DIGEST_SIZE_IN_BYTES); + + break; + + case CRYPTO_SHA2_512_HMAC: + DPRINTK("%s(): SHA512_HMAC\n", __FUNCTION__); + lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH; + lacSessCtx->hashSetupData.hashAlgorithm = + CPA_CY_SYM_HASH_SHA512; + lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_AUTH; + lacSessCtx->hashSetupData.digestResultLenInBytes = + (cri->cri_mlen ? + cri->cri_mlen : ICP_SHA512_DIGEST_SIZE_IN_BYTES); + lacSessCtx->hashSetupData.authModeSetupData.authKey = + cri->cri_key; + lacSessCtx->hashSetupData.authModeSetupData.authKeyLenInBytes = + cri->cri_klen / NUM_BITS_IN_BYTE; + lacSessCtx->hashSetupData.authModeSetupData.aadLenInBytes = 0; + + break; + + case CRYPTO_MD5: + DPRINTK("%s(): MD5\n", __FUNCTION__); + lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH; + lacSessCtx->hashSetupData.hashAlgorithm = CPA_CY_SYM_HASH_MD5; + lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_PLAIN; + lacSessCtx->hashSetupData.digestResultLenInBytes = + (cri->cri_mlen ? + cri->cri_mlen : ICP_MD5_DIGEST_SIZE_IN_BYTES); + + break; + + case CRYPTO_MD5_HMAC: + DPRINTK("%s(): MD5_HMAC\n", __FUNCTION__); + lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH; + lacSessCtx->hashSetupData.hashAlgorithm = CPA_CY_SYM_HASH_MD5; + lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_AUTH; + lacSessCtx->hashSetupData.digestResultLenInBytes = + (cri->cri_mlen ? + cri->cri_mlen : ICP_MD5_DIGEST_SIZE_IN_BYTES); + lacSessCtx->hashSetupData.authModeSetupData.authKey = + cri->cri_key; + lacSessCtx->hashSetupData.authModeSetupData.authKeyLenInBytes = + cri->cri_klen / NUM_BITS_IN_BYTE; + lacSessCtx->hashSetupData.authModeSetupData.aadLenInBytes = 0; + + break; + + default: + DPRINTK("%s(): ALG Setup FAIL\n", __FUNCTION__); + return ICP_OCF_DRV_STATUS_FAIL; + } + + return ICP_OCF_DRV_STATUS_SUCCESS; +} + +/* Name : icp_ocfDrvFreeOCFSession + * + * Description : This function deletes all existing Session data representing + * the Cryptographic session established between OCF and this driver. This + * also includes freeing the memory allocated for the session context. The + * session object is also removed from the session linked list. + */ +static void icp_ocfDrvFreeOCFSession(struct icp_drvSessionData *sessionData) +{ + + sessionData->inUse = ICP_SESSION_DEREGISTERED; + + /*ENTER CRITICAL SECTION */ + icp_spin_lockbh_lock(&icp_ocfDrvSymSessInfoListSpinlock); + + if (CPA_TRUE == icp_atomic_read(&icp_ocfDrvIsExiting)) { + /*If the Driver is exiting, allow that process to + handle any deletions */ + /*EXIT CRITICAL SECTION */ + icp_spin_lockbh_unlock(&icp_ocfDrvSymSessInfoListSpinlock); + return; + } + + icp_atomic_dec(&num_ocf_to_drv_registered_sessions); + + ICP_LIST_DEL(sessionData, listNode); + + /*EXIT CRITICAL SECTION */ + icp_spin_lockbh_unlock(&icp_ocfDrvSymSessInfoListSpinlock); + + if (NULL != sessionData->sessHandle) { + icp_kfree(sessionData->sessHandle); + } + ICP_CACHE_FREE(drvSessionData_zone, sessionData); +} + +/* Name : icp_ocfDrvFreeLACSession + * + * Description : This attempts to deregister a LAC session. If it fails, the + * deregistation retry function is called. + */ +int icp_ocfDrvFreeLACSession(icp_device_t dev, uint64_t sid) +{ + CpaCySymSessionCtx sessionToDeregister = NULL; + struct icp_drvSessionData *sessionData = NULL; + CpaStatus lacStatus = CPA_STATUS_SUCCESS; + int retval = 0; + + sessionData = (struct icp_drvSessionData *)CRYPTO_SESID2LID(sid); + if (NULL == sessionData) { + EPRINTK("%s(): OCF Free session called with Null Session ID.\n", + __FUNCTION__); + return EINVAL; + } + + sessionToDeregister = sessionData->sessHandle; + + if ((ICP_SESSION_INITIALISED != sessionData->inUse) && + (ICP_SESSION_RUNNING != sessionData->inUse) && + (ICP_SESSION_DEREGISTERED != sessionData->inUse)) { + DPRINTK("%s() Session not initialised.\n", __FUNCTION__); + return EINVAL; + } + + if (ICP_SESSION_RUNNING == sessionData->inUse) { + lacStatus = cpaCySymRemoveSession(CPA_INSTANCE_HANDLE_SINGLE, + sessionToDeregister); + if (CPA_STATUS_RETRY == lacStatus) { + if (ICP_OCF_DRV_STATUS_SUCCESS != + icp_ocfDrvDeregRetry(&sessionToDeregister)) { + /* the retry function increments the + dereg failed count */ + DPRINTK("%s(): LAC failed to deregister the " + "session. (localSessionId= %p)\n", + __FUNCTION__, sessionToDeregister); + retval = EPERM; + } + + } else if (CPA_STATUS_SUCCESS != lacStatus) { + DPRINTK("%s(): LAC failed to deregister the session. " + "localSessionId= %p, lacStatus = %d\n", + __FUNCTION__, sessionToDeregister, lacStatus); + icp_atomic_inc(&lac_session_failed_dereg_count); + retval = EPERM; + } + } else { + DPRINTK("%s() Session not registered with LAC.\n", + __FUNCTION__); + } + + icp_ocfDrvFreeOCFSession(sessionData); + return retval; + +} + +/* Name : icp_ocfDrvAlgCheck + * + * Description : This function checks whether the cryptodesc argument pertains + * to a sym or hash function + */ +static int icp_ocfDrvAlgCheck(struct cryptodesc *crp_desc) +{ + + if (crp_desc->crd_alg == CRYPTO_3DES_CBC || + crp_desc->crd_alg == CRYPTO_AES_CBC || + crp_desc->crd_alg == CRYPTO_DES_CBC || + crp_desc->crd_alg == CRYPTO_NULL_CBC || + crp_desc->crd_alg == CRYPTO_ARC4) { + return ICP_OCF_DRV_ALG_CIPHER; + } + + return ICP_OCF_DRV_ALG_HASH; +} + +/* Name : icp_ocfDrvSymProcess + * + * Description : This function will map symmetric functionality calls from OCF + * to the LAC API. It will also allocate memory to store the session context. + * + * Notes: If it is the first perform call for a given session, then a LAC + * session is registered. After the session is registered, no checks as + * to whether session paramaters have changed (e.g. alg chain order) are + * done. + */ +int icp_ocfDrvSymProcess(icp_device_t dev, struct cryptop *crp, int hint) +{ + struct icp_drvSessionData *sessionData = NULL; + struct icp_drvOpData *drvOpData = NULL; + CpaStatus lacStatus = CPA_STATUS_SUCCESS; + Cpa32U sessionCtxSizeInBytes = 0; + + if (NULL == crp) { + DPRINTK("%s(): Invalid input parameters, cryptop is NULL\n", + __FUNCTION__); + return EINVAL; + } + + if (NULL == crp->crp_desc) { + DPRINTK("%s(): Invalid input parameters, no crp_desc attached " + "to crp\n", __FUNCTION__); + crp->crp_etype = EINVAL; + return EINVAL; + } + + if (NULL == crp->crp_buf) { + DPRINTK("%s(): Invalid input parameters, no buffer attached " + "to crp\n", __FUNCTION__); + crp->crp_etype = EINVAL; + return EINVAL; + } + + if (CPA_TRUE == icp_atomic_read(&icp_ocfDrvIsExiting)) { + crp->crp_etype = EFAULT; + return EFAULT; + } + + sessionData = (struct icp_drvSessionData *) + (CRYPTO_SESID2LID(crp->crp_sid)); + if (NULL == sessionData) { + DPRINTK("%s(): Invalid input parameters, Null Session ID \n", + __FUNCTION__); + crp->crp_etype = EINVAL; + return EINVAL; + } + +/*If we get a request against a deregisted session, cancel operation*/ + if (ICP_SESSION_DEREGISTERED == sessionData->inUse) { + DPRINTK("%s(): Session ID %d was deregistered \n", + __FUNCTION__, (int)(CRYPTO_SESID2LID(crp->crp_sid))); + crp->crp_etype = EFAULT; + return EFAULT; + } + +/*If none of the session states are set, then the session structure was either + not initialised properly or we are reading from a freed memory area (possible + due to OCF batch mode not removing queued requests against deregistered + sessions*/ + if (ICP_SESSION_INITIALISED != sessionData->inUse && + ICP_SESSION_RUNNING != sessionData->inUse) { + DPRINTK("%s(): Session - ID %d - not properly initialised or " + "memory freed back to the kernel \n", + __FUNCTION__, (int)(CRYPTO_SESID2LID(crp->crp_sid))); + crp->crp_etype = EINVAL; + return EINVAL; + } + + /*For the below checks, remember error checking is already done in LAC. + We're not validating inputs subsequent to registration */ + if (sessionData->inUse == ICP_SESSION_INITIALISED) { + DPRINTK("%s(): Initialising session\n", __FUNCTION__); + + if (NULL != crp->crp_desc->crd_next) { + if (ICP_OCF_DRV_ALG_CIPHER == + icp_ocfDrvAlgCheck(crp->crp_desc)) { + + sessionData->lacSessCtx.algChainOrder = + CPA_CY_SYM_ALG_CHAIN_ORDER_CIPHER_THEN_HASH; + + if (crp->crp_desc->crd_flags & CRD_F_ENCRYPT) { + sessionData->lacSessCtx.cipherSetupData. + cipherDirection = + CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT; + } else { + sessionData->lacSessCtx.cipherSetupData. + cipherDirection = + CPA_CY_SYM_CIPHER_DIRECTION_DECRYPT; + } + } else { + sessionData->lacSessCtx.algChainOrder = + CPA_CY_SYM_ALG_CHAIN_ORDER_HASH_THEN_CIPHER; + + if (crp->crp_desc->crd_next->crd_flags & + CRD_F_ENCRYPT) { + sessionData->lacSessCtx.cipherSetupData. + cipherDirection = + CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT; + } else { + sessionData->lacSessCtx.cipherSetupData. + cipherDirection = + CPA_CY_SYM_CIPHER_DIRECTION_DECRYPT; + } + + } + + } else if (ICP_OCF_DRV_ALG_CIPHER == + icp_ocfDrvAlgCheck(crp->crp_desc)) { + if (crp->crp_desc->crd_flags & CRD_F_ENCRYPT) { + sessionData->lacSessCtx.cipherSetupData. + cipherDirection = + CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT; + } else { + sessionData->lacSessCtx.cipherSetupData. + cipherDirection = + CPA_CY_SYM_CIPHER_DIRECTION_DECRYPT; + } + + } + + /*No action required for standalone Auth here */ + + /* Allocate memory for SymSessionCtx before the Session Registration */ + lacStatus = + cpaCySymSessionCtxGetSize(CPA_INSTANCE_HANDLE_SINGLE, + &(sessionData->lacSessCtx), + &sessionCtxSizeInBytes); + if (CPA_STATUS_SUCCESS != lacStatus) { + EPRINTK("%s(): cpaCySymSessionCtxGetSize failed - %d\n", + __FUNCTION__, lacStatus); + crp->crp_etype = EINVAL; + return EINVAL; + } + sessionData->sessHandle = + icp_kmalloc(sessionCtxSizeInBytes, ICP_M_NOWAIT); + if (NULL == sessionData->sessHandle) { + EPRINTK + ("%s(): Failed to get memory for SymSessionCtx\n", + __FUNCTION__); + crp->crp_etype = ENOMEM; + return ENOMEM; + } + + lacStatus = cpaCySymInitSession(CPA_INSTANCE_HANDLE_SINGLE, + icp_ocfDrvSymCallBack, + &(sessionData->lacSessCtx), + sessionData->sessHandle); + + if (CPA_STATUS_SUCCESS != lacStatus) { + EPRINTK("%s(): cpaCySymInitSession failed -%d \n", + __FUNCTION__, lacStatus); + crp->crp_etype = EFAULT; + return EFAULT; + } + + sessionData->inUse = ICP_SESSION_RUNNING; + } + + drvOpData = icp_kmem_cache_zalloc(drvOpData_zone, ICP_M_NOWAIT); + if (NULL == drvOpData) { + EPRINTK("%s():Failed to get memory for drvOpData\n", + __FUNCTION__); + crp->crp_etype = ENOMEM; + return ENOMEM; + } + + drvOpData->lacOpData.pSessionCtx = sessionData->sessHandle; + drvOpData->digestSizeInBytes = sessionData->lacSessCtx.hashSetupData. + digestResultLenInBytes; + drvOpData->crp = crp; + + /* Set the default buffer list array memory allocation */ + drvOpData->srcBuffer.pBuffers = drvOpData->bufferListArray; + drvOpData->numBufferListArray = ICP_OCF_DRV_DEFAULT_BUFFLIST_ARRAYS; + + if (ICP_OCF_DRV_STATUS_SUCCESS != + icp_ocfDrvProcessDataSetup(drvOpData, drvOpData->crp->crp_desc)) { + crp->crp_etype = EINVAL; + goto err; + } + + if (drvOpData->crp->crp_desc->crd_next != NULL) { + if (icp_ocfDrvProcessDataSetup(drvOpData, drvOpData->crp-> + crp_desc->crd_next)) { + crp->crp_etype = EINVAL; + goto err; + } + + } + + /* + * Allocate buffer list array memory if the data fragment is more than + * the default number (ICP_OCF_DRV_DEFAULT_BUFFLIST_ARRAYS) and not + * calculated already + */ + if (crp->crp_flags & ICP_CRYPTO_F_PACKET_BUF) { + if (NULL == drvOpData->lacOpData.pDigestResult) { + drvOpData->numBufferListArray = + icp_ocfDrvGetPacketBuffFrags((icp_packet_buffer_t *) + crp->crp_buf); + } + + if (ICP_OCF_DRV_DEFAULT_BUFFLIST_ARRAYS < + drvOpData->numBufferListArray) { + DPRINTK("%s() numBufferListArray more than default\n", + __FUNCTION__); + drvOpData->srcBuffer.pBuffers = NULL; + drvOpData->srcBuffer.pBuffers = + icp_kmalloc(drvOpData->numBufferListArray * + sizeof(CpaFlatBuffer), ICP_M_NOWAIT); + if (NULL == drvOpData->srcBuffer.pBuffers) { + EPRINTK("%s() Failed to get memory for " + "pBuffers\n", __FUNCTION__); + ICP_CACHE_FREE(drvOpData_zone, drvOpData); + crp->crp_etype = ENOMEM; + return ENOMEM; + } + } + } + + /* + * Check the type of buffer structure we got and convert it into + * CpaBufferList format. + */ + if (crp->crp_flags & ICP_CRYPTO_F_PACKET_BUF) { + if (ICP_OCF_DRV_STATUS_SUCCESS != + icp_ocfDrvPacketBuffToBufferList((icp_packet_buffer_t *) + crp->crp_buf, + &(drvOpData->srcBuffer))) { + EPRINTK("%s():Failed to translate from packet buffer " + "to bufferlist\n", __FUNCTION__); + crp->crp_etype = EINVAL; + goto err; + } + + drvOpData->bufferType = ICP_CRYPTO_F_PACKET_BUF; + } else if (crp->crp_flags & CRYPTO_F_IOV) { + /* OCF only supports IOV of one entry. */ + if (NUM_IOV_SUPPORTED == + ((struct uio *)(crp->crp_buf))->uio_iovcnt) { + + icp_ocfDrvPtrAndLenToBufferList(((struct uio *)(crp-> + crp_buf))-> + uio_iov[0].iov_base, + ((struct uio *)(crp-> + crp_buf))-> + uio_iov[0].iov_len, + &(drvOpData-> + srcBuffer)); + + drvOpData->bufferType = CRYPTO_F_IOV; + + } else { + DPRINTK("%s():Unable to handle IOVs with lengths of " + "greater than one!\n", __FUNCTION__); + crp->crp_etype = EINVAL; + goto err; + } + + } else { + icp_ocfDrvPtrAndLenToBufferList(crp->crp_buf, + crp->crp_ilen, + &(drvOpData->srcBuffer)); + + drvOpData->bufferType = CRYPTO_BUF_CONTIG; + } + + /* Allocate srcBuffer's private meta data */ + if (ICP_OCF_DRV_STATUS_SUCCESS != + icp_ocfDrvAllocMetaData(&(drvOpData->srcBuffer), drvOpData)) { + EPRINTK("%s() icp_ocfDrvAllocMetaData failed\n", __FUNCTION__); + memset(&(drvOpData->lacOpData), 0, sizeof(CpaCySymOpData)); + crp->crp_etype = EINVAL; + goto err; + } + + /* Perform "in-place" crypto operation */ + lacStatus = cpaCySymPerformOp(CPA_INSTANCE_HANDLE_SINGLE, + (void *)drvOpData, + &(drvOpData->lacOpData), + &(drvOpData->srcBuffer), + &(drvOpData->srcBuffer), + &(drvOpData->verifyResult)); + if (CPA_STATUS_RETRY == lacStatus) { + DPRINTK("%s(): cpaCySymPerformOp retry, lacStatus = %d\n", + __FUNCTION__, lacStatus); + memset(&(drvOpData->lacOpData), 0, sizeof(CpaCySymOpData)); + crp->crp_etype = ERESTART; + goto err; + } + if (CPA_STATUS_SUCCESS != lacStatus) { + EPRINTK("%s(): cpaCySymPerformOp failed, lacStatus = %d\n", + __FUNCTION__, lacStatus); + memset(&(drvOpData->lacOpData), 0, sizeof(CpaCySymOpData)); + crp->crp_etype = EINVAL; + goto err; + } + + return 0; //OCF success status value + + err: + if (drvOpData->numBufferListArray > ICP_OCF_DRV_DEFAULT_BUFFLIST_ARRAYS) { + icp_kfree(drvOpData->srcBuffer.pBuffers); + } + icp_ocfDrvFreeMetaData(&(drvOpData->srcBuffer)); + ICP_CACHE_FREE(drvOpData_zone, drvOpData); + + return crp->crp_etype; +} + +/* Name : icp_ocfDrvProcessDataSetup + * + * Description : This function will setup all the cryptographic operation data + * that is required by LAC to execute the operation. + */ +static int icp_ocfDrvProcessDataSetup(struct icp_drvOpData *drvOpData, + struct cryptodesc *crp_desc) +{ + CpaCyRandGenOpData randGenOpData; + CpaFlatBuffer randData; + + drvOpData->lacOpData.packetType = CPA_CY_SYM_PACKET_TYPE_FULL; + + /* Convert from the cryptop to the ICP LAC crypto parameters */ + switch (crp_desc->crd_alg) { + case CRYPTO_NULL_CBC: + drvOpData->lacOpData. + cryptoStartSrcOffsetInBytes = crp_desc->crd_skip; + drvOpData->lacOpData. + messageLenToCipherInBytes = crp_desc->crd_len; + drvOpData->verifyResult = CPA_FALSE; + drvOpData->lacOpData.ivLenInBytes = NULL_BLOCK_LEN; + break; + case CRYPTO_DES_CBC: + drvOpData->lacOpData. + cryptoStartSrcOffsetInBytes = crp_desc->crd_skip; + drvOpData->lacOpData. + messageLenToCipherInBytes = crp_desc->crd_len; + drvOpData->verifyResult = CPA_FALSE; + drvOpData->lacOpData.ivLenInBytes = DES_BLOCK_LEN; + break; + case CRYPTO_3DES_CBC: + drvOpData->lacOpData. + cryptoStartSrcOffsetInBytes = crp_desc->crd_skip; + drvOpData->lacOpData. + messageLenToCipherInBytes = crp_desc->crd_len; + drvOpData->verifyResult = CPA_FALSE; + drvOpData->lacOpData.ivLenInBytes = DES3_BLOCK_LEN; + break; + case CRYPTO_ARC4: + drvOpData->lacOpData. + cryptoStartSrcOffsetInBytes = crp_desc->crd_skip; + drvOpData->lacOpData. + messageLenToCipherInBytes = crp_desc->crd_len; + drvOpData->verifyResult = CPA_FALSE; + drvOpData->lacOpData.ivLenInBytes = ARC4_COUNTER_LEN; + break; + case CRYPTO_AES_CBC: + drvOpData->lacOpData. + cryptoStartSrcOffsetInBytes = crp_desc->crd_skip; + drvOpData->lacOpData. + messageLenToCipherInBytes = crp_desc->crd_len; + drvOpData->verifyResult = CPA_FALSE; + drvOpData->lacOpData.ivLenInBytes = RIJNDAEL128_BLOCK_LEN; + break; + case CRYPTO_SHA1: + case CRYPTO_SHA1_HMAC: + case CRYPTO_SHA2_256: + case CRYPTO_SHA2_256_HMAC: + case CRYPTO_SHA2_384: + case CRYPTO_SHA2_384_HMAC: + case CRYPTO_SHA2_512: + case CRYPTO_SHA2_512_HMAC: + case CRYPTO_MD5: + case CRYPTO_MD5_HMAC: + drvOpData->lacOpData. + hashStartSrcOffsetInBytes = crp_desc->crd_skip; + drvOpData->lacOpData. + messageLenToHashInBytes = crp_desc->crd_len; + drvOpData->lacOpData. + pDigestResult = + icp_ocfDrvDigestPointerFind(drvOpData, crp_desc); + + if (NULL == drvOpData->lacOpData.pDigestResult) { + DPRINTK("%s(): ERROR - could not calculate " + "Digest Result memory address\n", __FUNCTION__); + return ICP_OCF_DRV_STATUS_FAIL; + } + + drvOpData->lacOpData.digestVerify = CPA_FALSE; + break; + default: + DPRINTK("%s(): Crypto process error - algorithm not " + "found \n", __FUNCTION__); + return ICP_OCF_DRV_STATUS_FAIL; + } + + /* Figure out what the IV is supposed to be */ + if ((crp_desc->crd_alg == CRYPTO_DES_CBC) || + (crp_desc->crd_alg == CRYPTO_3DES_CBC) || + (crp_desc->crd_alg == CRYPTO_AES_CBC)) { + /*ARC4 doesn't use an IV */ + if (crp_desc->crd_flags & CRD_F_IV_EXPLICIT) { + /* Explicit IV provided to OCF */ + drvOpData->lacOpData.pIv = crp_desc->crd_iv; + } else { + /* IV is not explicitly provided to OCF */ + + /* Point the LAC OP Data IV pointer to our allocated + storage location for this session. */ + drvOpData->lacOpData.pIv = drvOpData->ivData; + + if ((crp_desc->crd_flags & CRD_F_ENCRYPT) && + ((crp_desc->crd_flags & CRD_F_IV_PRESENT) == 0)) { + + /* Encrypting - need to create IV */ + randGenOpData.generateBits = CPA_TRUE; + randGenOpData.lenInBytes = MAX_IV_LEN_IN_BYTES; + + icp_ocfDrvPtrAndLenToFlatBuffer((Cpa8U *) + drvOpData-> + ivData, + MAX_IV_LEN_IN_BYTES, + &randData); + + if (CPA_STATUS_SUCCESS != + cpaCyRandGen(CPA_INSTANCE_HANDLE_SINGLE, + NULL, NULL, + &randGenOpData, &randData)) { + DPRINTK("%s(): ERROR - Failed to" + " generate" + " Initialisation Vector\n", + __FUNCTION__); + return ICP_OCF_DRV_STATUS_FAIL; + } + + crypto_copyback(drvOpData->crp-> + crp_flags, + drvOpData->crp->crp_buf, + crp_desc->crd_inject, + drvOpData->lacOpData. + ivLenInBytes, + (caddr_t) (drvOpData->lacOpData. + pIv)); + } else { + /* Reading IV from buffer */ + crypto_copydata(drvOpData->crp-> + crp_flags, + drvOpData->crp->crp_buf, + crp_desc->crd_inject, + drvOpData->lacOpData. + ivLenInBytes, + (caddr_t) (drvOpData->lacOpData. + pIv)); + } + + } + + } + + return ICP_OCF_DRV_STATUS_SUCCESS; +} + +/* Name : icp_ocfDrvDigestPointerFind + * + * Description : This function is used to find the memory address of where the + * digest information shall be stored in. Input buffer types are an skbuff, iov + * or flat buffer. The address is found using the buffer data start address and + * an offset. + * + * Note: In the case of a linux skbuff, the digest address may exist within + * a memory space linked to from the start buffer. These linked memory spaces + * must be traversed by the data length offset in order to find the digest start + * address. Whether there is enough space for the digest must also be checked. + */ +uint8_t *icp_ocfDrvDigestPointerFind(struct icp_drvOpData * drvOpData, + struct cryptodesc * crp_desc) +{ + + int offsetInBytes = crp_desc->crd_inject; + uint32_t digestSizeInBytes = drvOpData->digestSizeInBytes; + uint8_t *flat_buffer_base = NULL; + int flat_buffer_length = 0; + + if (drvOpData->crp->crp_flags & ICP_CRYPTO_F_PACKET_BUF) { + + return icp_ocfDrvPacketBufferDigestPointerFind(drvOpData, + offsetInBytes, + digestSizeInBytes); + + } else { + /* IOV or flat buffer */ + if (drvOpData->crp->crp_flags & CRYPTO_F_IOV) { + /*single IOV check has already been done */ + flat_buffer_base = ((struct uio *) + (drvOpData->crp->crp_buf))-> + uio_iov[0].iov_base; + flat_buffer_length = ((struct uio *) + (drvOpData->crp->crp_buf))-> + uio_iov[0].iov_len; + } else { + flat_buffer_base = (uint8_t *) drvOpData->crp->crp_buf; + flat_buffer_length = drvOpData->crp->crp_ilen; + } + + if (flat_buffer_length < (offsetInBytes + digestSizeInBytes)) { + DPRINTK("%s() Not enough space for Digest " + "(IOV/Flat Buffer) \n", __FUNCTION__); + return NULL; + } else { + return (uint8_t *) (flat_buffer_base + offsetInBytes); + } + } + DPRINTK("%s() Should not reach this point\n", __FUNCTION__); + return NULL; +} diff -Naur linux-3.0.68.i686-orig/crypto/ocf/ep80579/linux_2.6_kernel_space.mk linux-3.0.68.i686/crypto/ocf/ep80579/linux_2.6_kernel_space.mk --- linux-3.0.68.i686-orig/crypto/ocf/ep80579/linux_2.6_kernel_space.mk 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/ep80579/linux_2.6_kernel_space.mk 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,69 @@ +################### +# @par +# This file is provided under a dual BSD/GPLv2 license. When using or +# redistributing this file, you may do so under either license. +# +# GPL LICENSE SUMMARY +# +# Copyright(c) 2007,2008 Intel Corporation. All rights reserved. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of version 2 of the GNU General Public License as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. +# The full GNU General Public License is included in this distribution +# in the file called LICENSE.GPL. +# +# Contact Information: +# Intel Corporation +# +# BSD LICENSE +# +# Copyright(c) 2007,2008 Intel Corporation. All rights reserved. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# +# version: Security.L.1.0.130 +################### + +#specific include directories in kernel space +INCLUDES+=#e.g. -I$(OSAL_DIR)/include \ + +#Extra Flags Specific in kernel space e.g. include path or debug flags etc. e.g to add an include path EXTRA_CFLAGS += -I$(src)/../include +EXTRA_CFLAGS += $(INCLUDES) -O2 -Wall +EXTRA_LDFLAGS +=-whole-archive + diff -Naur linux-3.0.68.i686-orig/crypto/ocf/ep80579/Makefile linux-3.0.68.i686/crypto/ocf/ep80579/Makefile --- linux-3.0.68.i686-orig/crypto/ocf/ep80579/Makefile 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/ep80579/Makefile 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,119 @@ +######################################################################### +# +# Targets supported +# all - builds everything and installs +# install - identical to all +# depend - build dependencies +# clean - clears derived objects except the .depend files +# distclean- clears all derived objects and the .depend file +# +# @par +# This file is provided under a dual BSD/GPLv2 license. When using or +# redistributing this file, you may do so under either license. +# +# GPL LICENSE SUMMARY +# +# Copyright(c) 2007,2008,2009 Intel Corporation. All rights reserved. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of version 2 of the GNU General Public License as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. +# The full GNU General Public License is included in this distribution +# in the file called LICENSE.GPL. +# +# Contact Information: +# Intel Corporation +# +# BSD LICENSE +# +# Copyright(c) 2007,2008,2009 Intel Corporation. All rights reserved. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# +# version: Security.L.1.0.2-229 +############################################################################ + + +####################Common variables and definitions######################## + +ifndef ICP_ROOT +$(warning ICP_ROOT is undefined. Please set the path to EP80579 release package directory \ + "-> setenv ICP_ROOT ") +all fastdep: + : +else + +ifndef KERNEL_SOURCE_ROOT +$(error KERNEL_SOURCE_ROOT is undefined. Please set the path to the kernel source directory \ + "-> setenv KERNEL_SOURCE_ROOT ") +endif + +# Ensure The ENV_DIR environmental var is defined. +ifndef ICP_ENV_DIR +$(error ICP_ENV_DIR is undefined. Please set the path to EP80579 driver environment.mk file \ + "-> setenv ICP_ENV_DIR ") +endif + +#Add your project environment Makefile +include ${ICP_ENV_DIR}/environment.mk + +#include the makefile with all the default and common Make variable definitions +include ${ICP_BUILDSYSTEM_PATH}/build_files/common.mk + +#Add the name for the executable, Library or Module output definitions +OUTPUT_NAME= icp_ocf + +# List of Source Files to be compiled +SOURCES= icp_common.c icp_sym.c icp_asym.c icp_ocf_linux.c + +#common includes between all supported OSes +INCLUDES= -I ${ICP_API_DIR} -I${ICP_LAC_API} \ +-I${ICP_OCF_SRC_DIR} + +# The location of the os level makefile needs to be changed. +include ${ICP_ENV_DIR}/${ICP_OS}_${ICP_OS_LEVEL}.mk + +# On the line directly below list the outputs you wish to build for, +# e.g "lib_static lib_shared exe module" as shown below +install: module + +###################Include rules makefiles######################## +include ${ICP_BUILDSYSTEM_PATH}/build_files/rules.mk +###################End of Rules inclusion######################### + +endif diff -Naur linux-3.0.68.i686-orig/crypto/ocf/hifn/hifn7751.c linux-3.0.68.i686/crypto/ocf/hifn/hifn7751.c --- linux-3.0.68.i686-orig/crypto/ocf/hifn/hifn7751.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/hifn/hifn7751.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,2954 @@ +/* $OpenBSD: hifn7751.c,v 1.120 2002/05/17 00:33:34 deraadt Exp $ */ + +/*- + * Invertex AEON / Hifn 7751 driver + * Copyright (c) 1999 Invertex Inc. All rights reserved. + * Copyright (c) 1999 Theo de Raadt + * Copyright (c) 2000-2001 Network Security Technologies, Inc. + * http://www.netsec.net + * Copyright (c) 2003 Hifn Inc. + * + * This driver is based on a previous driver by Invertex, for which they + * requested: Please send any comments, feedback, bug-fixes, or feature + * requests to software@invertex.com. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * + * +__FBSDID("$FreeBSD: src/sys/dev/hifn/hifn7751.c,v 1.40 2007/03/21 03:42:49 sam Exp $"); + */ + +/* + * Driver for various Hifn encryption processors. + */ +#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#if 1 +#define DPRINTF(a...) if (hifn_debug) { \ + printk("%s: ", sc ? \ + device_get_nameunit(sc->sc_dev) : "hifn"); \ + printk(a); \ + } else +#else +#define DPRINTF(a...) +#endif + +static inline int +pci_get_revid(struct pci_dev *dev) +{ + u8 rid = 0; + pci_read_config_byte(dev, PCI_REVISION_ID, &rid); + return rid; +} + +static struct hifn_stats hifnstats; + +#define debug hifn_debug +int hifn_debug = 0; +module_param(hifn_debug, int, 0644); +MODULE_PARM_DESC(hifn_debug, "Enable debug"); + +int hifn_maxbatch = 1; +module_param(hifn_maxbatch, int, 0644); +MODULE_PARM_DESC(hifn_maxbatch, "max ops to batch w/o interrupt"); + +int hifn_cache_linesize = 0x10; +module_param(hifn_cache_linesize, int, 0444); +MODULE_PARM_DESC(hifn_cache_linesize, "PCI config cache line size"); + +#ifdef MODULE_PARM +char *hifn_pllconfig = NULL; +MODULE_PARM(hifn_pllconfig, "s"); +#else +char hifn_pllconfig[32]; /* This setting is RO after loading */ +module_param_string(hifn_pllconfig, hifn_pllconfig, 32, 0444); +#endif +MODULE_PARM_DESC(hifn_pllconfig, "PLL config, ie., pci66, ext33, ..."); + +#ifdef HIFN_VULCANDEV +#include +#include + +static struct cdevsw vulcanpk_cdevsw; /* forward declaration */ +#endif + +/* + * Prototypes and count for the pci_device structure + */ +static int hifn_probe(struct pci_dev *dev, const struct pci_device_id *ent); +static void hifn_remove(struct pci_dev *dev); + +static int hifn_newsession(device_t, u_int32_t *, struct cryptoini *); +static int hifn_freesession(device_t, u_int64_t); +static int hifn_process(device_t, struct cryptop *, int); + +static device_method_t hifn_methods = { + /* crypto device methods */ + DEVMETHOD(cryptodev_newsession, hifn_newsession), + DEVMETHOD(cryptodev_freesession,hifn_freesession), + DEVMETHOD(cryptodev_process, hifn_process), +}; + +static void hifn_reset_board(struct hifn_softc *, int); +static void hifn_reset_puc(struct hifn_softc *); +static void hifn_puc_wait(struct hifn_softc *); +static int hifn_enable_crypto(struct hifn_softc *); +static void hifn_set_retry(struct hifn_softc *sc); +static void hifn_init_dma(struct hifn_softc *); +static void hifn_init_pci_registers(struct hifn_softc *); +static int hifn_sramsize(struct hifn_softc *); +static int hifn_dramsize(struct hifn_softc *); +static int hifn_ramtype(struct hifn_softc *); +static void hifn_sessions(struct hifn_softc *); +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) +static irqreturn_t hifn_intr(int irq, void *arg); +#else +static irqreturn_t hifn_intr(int irq, void *arg, struct pt_regs *regs); +#endif +static u_int hifn_write_command(struct hifn_command *, u_int8_t *); +static u_int32_t hifn_next_signature(u_int32_t a, u_int cnt); +static void hifn_callback(struct hifn_softc *, struct hifn_command *, u_int8_t *); +static int hifn_crypto(struct hifn_softc *, struct hifn_command *, struct cryptop *, int); +static int hifn_readramaddr(struct hifn_softc *, int, u_int8_t *); +static int hifn_writeramaddr(struct hifn_softc *, int, u_int8_t *); +static int hifn_dmamap_load_src(struct hifn_softc *, struct hifn_command *); +static int hifn_dmamap_load_dst(struct hifn_softc *, struct hifn_command *); +static int hifn_init_pubrng(struct hifn_softc *); +static void hifn_tick(unsigned long arg); +static void hifn_abort(struct hifn_softc *); +static void hifn_alloc_slot(struct hifn_softc *, int *, int *, int *, int *); + +static void hifn_write_reg_0(struct hifn_softc *, bus_size_t, u_int32_t); +static void hifn_write_reg_1(struct hifn_softc *, bus_size_t, u_int32_t); + +#ifdef CONFIG_OCF_RANDOMHARVEST +static int hifn_read_random(void *arg, u_int32_t *buf, int len); +#endif + +#define HIFN_MAX_CHIPS 8 +static struct hifn_softc *hifn_chip_idx[HIFN_MAX_CHIPS]; + +static __inline u_int32_t +READ_REG_0(struct hifn_softc *sc, bus_size_t reg) +{ + u_int32_t v = readl(sc->sc_bar0 + reg); + sc->sc_bar0_lastreg = (bus_size_t) -1; + return (v); +} +#define WRITE_REG_0(sc, reg, val) hifn_write_reg_0(sc, reg, val) + +static __inline u_int32_t +READ_REG_1(struct hifn_softc *sc, bus_size_t reg) +{ + u_int32_t v = readl(sc->sc_bar1 + reg); + sc->sc_bar1_lastreg = (bus_size_t) -1; + return (v); +} +#define WRITE_REG_1(sc, reg, val) hifn_write_reg_1(sc, reg, val) + +/* + * map in a given buffer (great on some arches :-) + */ + +static int +pci_map_uio(struct hifn_softc *sc, struct hifn_operand *buf, struct uio *uio) +{ + struct iovec *iov = uio->uio_iov; + + DPRINTF("%s()\n", __FUNCTION__); + + buf->mapsize = 0; + for (buf->nsegs = 0; buf->nsegs < uio->uio_iovcnt; ) { + buf->segs[buf->nsegs].ds_addr = pci_map_single(sc->sc_pcidev, + iov->iov_base, iov->iov_len, + PCI_DMA_BIDIRECTIONAL); + buf->segs[buf->nsegs].ds_len = iov->iov_len; + buf->mapsize += iov->iov_len; + iov++; + buf->nsegs++; + } + /* identify this buffer by the first segment */ + buf->map = (void *) buf->segs[0].ds_addr; + return(0); +} + +/* + * map in a given sk_buff + */ + +static int +pci_map_skb(struct hifn_softc *sc,struct hifn_operand *buf,struct sk_buff *skb) +{ + int i; + + DPRINTF("%s()\n", __FUNCTION__); + + buf->mapsize = 0; + + buf->segs[0].ds_addr = pci_map_single(sc->sc_pcidev, + skb->data, skb_headlen(skb), PCI_DMA_BIDIRECTIONAL); + buf->segs[0].ds_len = skb_headlen(skb); + buf->mapsize += buf->segs[0].ds_len; + + buf->nsegs = 1; + + for (i = 0; i < skb_shinfo(skb)->nr_frags; ) { + buf->segs[buf->nsegs].ds_len = skb_shinfo(skb)->frags[i].size; + buf->segs[buf->nsegs].ds_addr = pci_map_single(sc->sc_pcidev, + page_address(skb_frag_page(&skb_shinfo(skb)->frags[i])) + + skb_shinfo(skb)->frags[i].page_offset, + buf->segs[buf->nsegs].ds_len, PCI_DMA_BIDIRECTIONAL); + buf->mapsize += buf->segs[buf->nsegs].ds_len; + buf->nsegs++; + } + + /* identify this buffer by the first segment */ + buf->map = (void *) buf->segs[0].ds_addr; + return(0); +} + +/* + * map in a given contiguous buffer + */ + +static int +pci_map_buf(struct hifn_softc *sc,struct hifn_operand *buf, void *b, int len) +{ + DPRINTF("%s()\n", __FUNCTION__); + + buf->mapsize = 0; + buf->segs[0].ds_addr = pci_map_single(sc->sc_pcidev, + b, len, PCI_DMA_BIDIRECTIONAL); + buf->segs[0].ds_len = len; + buf->mapsize += buf->segs[0].ds_len; + buf->nsegs = 1; + + /* identify this buffer by the first segment */ + buf->map = (void *) buf->segs[0].ds_addr; + return(0); +} + +#if 0 /* not needed at this time */ +static void +pci_sync_iov(struct hifn_softc *sc, struct hifn_operand *buf) +{ + int i; + + DPRINTF("%s()\n", __FUNCTION__); + for (i = 0; i < buf->nsegs; i++) + pci_dma_sync_single_for_cpu(sc->sc_pcidev, buf->segs[i].ds_addr, + buf->segs[i].ds_len, PCI_DMA_BIDIRECTIONAL); +} +#endif + +static void +pci_unmap_buf(struct hifn_softc *sc, struct hifn_operand *buf) +{ + int i; + DPRINTF("%s()\n", __FUNCTION__); + for (i = 0; i < buf->nsegs; i++) { + pci_unmap_single(sc->sc_pcidev, buf->segs[i].ds_addr, + buf->segs[i].ds_len, PCI_DMA_BIDIRECTIONAL); + buf->segs[i].ds_addr = 0; + buf->segs[i].ds_len = 0; + } + buf->nsegs = 0; + buf->mapsize = 0; + buf->map = 0; +} + +static const char* +hifn_partname(struct hifn_softc *sc) +{ + /* XXX sprintf numbers when not decoded */ + switch (pci_get_vendor(sc->sc_pcidev)) { + case PCI_VENDOR_HIFN: + switch (pci_get_device(sc->sc_pcidev)) { + case PCI_PRODUCT_HIFN_6500: return "Hifn 6500"; + case PCI_PRODUCT_HIFN_7751: return "Hifn 7751"; + case PCI_PRODUCT_HIFN_7811: return "Hifn 7811"; + case PCI_PRODUCT_HIFN_7951: return "Hifn 7951"; + case PCI_PRODUCT_HIFN_7955: return "Hifn 7955"; + case PCI_PRODUCT_HIFN_7956: return "Hifn 7956"; + } + return "Hifn unknown-part"; + case PCI_VENDOR_INVERTEX: + switch (pci_get_device(sc->sc_pcidev)) { + case PCI_PRODUCT_INVERTEX_AEON: return "Invertex AEON"; + } + return "Invertex unknown-part"; + case PCI_VENDOR_NETSEC: + switch (pci_get_device(sc->sc_pcidev)) { + case PCI_PRODUCT_NETSEC_7751: return "NetSec 7751"; + } + return "NetSec unknown-part"; + } + return "Unknown-vendor unknown-part"; +} + +static u_int +checkmaxmin(struct pci_dev *dev, const char *what, u_int v, u_int min, u_int max) +{ + struct hifn_softc *sc = pci_get_drvdata(dev); + if (v > max) { + device_printf(sc->sc_dev, "Warning, %s %u out of range, " + "using max %u\n", what, v, max); + v = max; + } else if (v < min) { + device_printf(sc->sc_dev, "Warning, %s %u out of range, " + "using min %u\n", what, v, min); + v = min; + } + return v; +} + +/* + * Select PLL configuration for 795x parts. This is complicated in + * that we cannot determine the optimal parameters without user input. + * The reference clock is derived from an external clock through a + * multiplier. The external clock is either the host bus (i.e. PCI) + * or an external clock generator. When using the PCI bus we assume + * the clock is either 33 or 66 MHz; for an external source we cannot + * tell the speed. + * + * PLL configuration is done with a string: "pci" for PCI bus, or "ext" + * for an external source, followed by the frequency. We calculate + * the appropriate multiplier and PLL register contents accordingly. + * When no configuration is given we default to "pci66" since that + * always will allow the card to work. If a card is using the PCI + * bus clock and in a 33MHz slot then it will be operating at half + * speed until the correct information is provided. + * + * We use a default setting of "ext66" because according to Mike Ham + * of HiFn, almost every board in existence has an external crystal + * populated at 66Mhz. Using PCI can be a problem on modern motherboards, + * because PCI33 can have clocks from 0 to 33Mhz, and some have + * non-PCI-compliant spread-spectrum clocks, which can confuse the pll. + */ +static void +hifn_getpllconfig(struct pci_dev *dev, u_int *pll) +{ + const char *pllspec = hifn_pllconfig; + u_int freq, mul, fl, fh; + u_int32_t pllconfig; + char *nxt; + + if (pllspec == NULL) + pllspec = "ext66"; + fl = 33, fh = 66; + pllconfig = 0; + if (strncmp(pllspec, "ext", 3) == 0) { + pllspec += 3; + pllconfig |= HIFN_PLL_REF_SEL; + switch (pci_get_device(dev)) { + case PCI_PRODUCT_HIFN_7955: + case PCI_PRODUCT_HIFN_7956: + fl = 20, fh = 100; + break; +#ifdef notyet + case PCI_PRODUCT_HIFN_7954: + fl = 20, fh = 66; + break; +#endif + } + } else if (strncmp(pllspec, "pci", 3) == 0) + pllspec += 3; + freq = strtoul(pllspec, &nxt, 10); + if (nxt == pllspec) + freq = 66; + else + freq = checkmaxmin(dev, "frequency", freq, fl, fh); + /* + * Calculate multiplier. We target a Fck of 266 MHz, + * allowing only even values, possibly rounded down. + * Multipliers > 8 must set the charge pump current. + */ + mul = checkmaxmin(dev, "PLL divisor", (266 / freq) &~ 1, 2, 12); + pllconfig |= (mul / 2 - 1) << HIFN_PLL_ND_SHIFT; + if (mul > 8) + pllconfig |= HIFN_PLL_IS; + *pll = pllconfig; +} + +/* + * Attach an interface that successfully probed. + */ +static int +hifn_probe(struct pci_dev *dev, const struct pci_device_id *ent) +{ + struct hifn_softc *sc = NULL; + char rbase; + u_int16_t ena, rev; + int rseg, rc; + unsigned long mem_start, mem_len; + static int num_chips = 0; + + DPRINTF("%s()\n", __FUNCTION__); + + if (pci_enable_device(dev) < 0) + return(-ENODEV); + + if (pci_set_mwi(dev)) + return(-ENODEV); + + if (!dev->irq) { + printk("hifn: found device with no IRQ assigned. check BIOS settings!"); + pci_disable_device(dev); + return(-ENODEV); + } + + sc = (struct hifn_softc *) kmalloc(sizeof(*sc), GFP_KERNEL); + if (!sc) + return(-ENOMEM); + memset(sc, 0, sizeof(*sc)); + + softc_device_init(sc, "hifn", num_chips, hifn_methods); + + sc->sc_pcidev = dev; + sc->sc_irq = -1; + sc->sc_cid = -1; + sc->sc_num = num_chips++; + if (sc->sc_num < HIFN_MAX_CHIPS) + hifn_chip_idx[sc->sc_num] = sc; + + pci_set_drvdata(sc->sc_pcidev, sc); + + spin_lock_init(&sc->sc_mtx); + + /* XXX handle power management */ + + /* + * The 7951 and 795x have a random number generator and + * public key support; note this. + */ + if (pci_get_vendor(dev) == PCI_VENDOR_HIFN && + (pci_get_device(dev) == PCI_PRODUCT_HIFN_7951 || + pci_get_device(dev) == PCI_PRODUCT_HIFN_7955 || + pci_get_device(dev) == PCI_PRODUCT_HIFN_7956)) + sc->sc_flags = HIFN_HAS_RNG | HIFN_HAS_PUBLIC; + /* + * The 7811 has a random number generator and + * we also note it's identity 'cuz of some quirks. + */ + if (pci_get_vendor(dev) == PCI_VENDOR_HIFN && + pci_get_device(dev) == PCI_PRODUCT_HIFN_7811) + sc->sc_flags |= HIFN_IS_7811 | HIFN_HAS_RNG; + + /* + * The 795x parts support AES. + */ + if (pci_get_vendor(dev) == PCI_VENDOR_HIFN && + (pci_get_device(dev) == PCI_PRODUCT_HIFN_7955 || + pci_get_device(dev) == PCI_PRODUCT_HIFN_7956)) { + sc->sc_flags |= HIFN_IS_7956 | HIFN_HAS_AES; + /* + * Select PLL configuration. This depends on the + * bus and board design and must be manually configured + * if the default setting is unacceptable. + */ + hifn_getpllconfig(dev, &sc->sc_pllconfig); + } + + /* + * Setup PCI resources. Note that we record the bus + * tag and handle for each register mapping, this is + * used by the READ_REG_0, WRITE_REG_0, READ_REG_1, + * and WRITE_REG_1 macros throughout the driver. + */ + mem_start = pci_resource_start(sc->sc_pcidev, 0); + mem_len = pci_resource_len(sc->sc_pcidev, 0); + sc->sc_bar0 = (ocf_iomem_t) ioremap(mem_start, mem_len); + if (!sc->sc_bar0) { + device_printf(sc->sc_dev, "cannot map bar%d register space\n", 0); + goto fail; + } + sc->sc_bar0_lastreg = (bus_size_t) -1; + + mem_start = pci_resource_start(sc->sc_pcidev, 1); + mem_len = pci_resource_len(sc->sc_pcidev, 1); + sc->sc_bar1 = (ocf_iomem_t) ioremap(mem_start, mem_len); + if (!sc->sc_bar1) { + device_printf(sc->sc_dev, "cannot map bar%d register space\n", 1); + goto fail; + } + sc->sc_bar1_lastreg = (bus_size_t) -1; + + /* fix up the bus size */ + if (pci_set_dma_mask(dev, DMA_32BIT_MASK)) { + device_printf(sc->sc_dev, "No usable DMA configuration, aborting.\n"); + goto fail; + } + if (pci_set_consistent_dma_mask(dev, DMA_32BIT_MASK)) { + device_printf(sc->sc_dev, + "No usable consistent DMA configuration, aborting.\n"); + goto fail; + } + + hifn_set_retry(sc); + + /* + * Setup the area where the Hifn DMA's descriptors + * and associated data structures. + */ + sc->sc_dma = (struct hifn_dma *) pci_alloc_consistent(dev, + sizeof(*sc->sc_dma), + &sc->sc_dma_physaddr); + if (!sc->sc_dma) { + device_printf(sc->sc_dev, "cannot alloc sc_dma\n"); + goto fail; + } + bzero(sc->sc_dma, sizeof(*sc->sc_dma)); + + /* + * Reset the board and do the ``secret handshake'' + * to enable the crypto support. Then complete the + * initialization procedure by setting up the interrupt + * and hooking in to the system crypto support so we'll + * get used for system services like the crypto device, + * IPsec, RNG device, etc. + */ + hifn_reset_board(sc, 0); + + if (hifn_enable_crypto(sc) != 0) { + device_printf(sc->sc_dev, "crypto enabling failed\n"); + goto fail; + } + hifn_reset_puc(sc); + + hifn_init_dma(sc); + hifn_init_pci_registers(sc); + + pci_set_master(sc->sc_pcidev); + + /* XXX can't dynamically determine ram type for 795x; force dram */ + if (sc->sc_flags & HIFN_IS_7956) + sc->sc_drammodel = 1; + else if (hifn_ramtype(sc)) + goto fail; + + if (sc->sc_drammodel == 0) + hifn_sramsize(sc); + else + hifn_dramsize(sc); + + /* + * Workaround for NetSec 7751 rev A: half ram size because two + * of the address lines were left floating + */ + if (pci_get_vendor(dev) == PCI_VENDOR_NETSEC && + pci_get_device(dev) == PCI_PRODUCT_NETSEC_7751 && + pci_get_revid(dev) == 0x61) /*XXX???*/ + sc->sc_ramsize >>= 1; + + /* + * Arrange the interrupt line. + */ + rc = request_irq(dev->irq, hifn_intr, IRQF_SHARED, "hifn", sc); + if (rc) { + device_printf(sc->sc_dev, "could not map interrupt: %d\n", rc); + goto fail; + } + sc->sc_irq = dev->irq; + + hifn_sessions(sc); + + /* + * NB: Keep only the low 16 bits; this masks the chip id + * from the 7951. + */ + rev = READ_REG_1(sc, HIFN_1_REVID) & 0xffff; + + rseg = sc->sc_ramsize / 1024; + rbase = 'K'; + if (sc->sc_ramsize >= (1024 * 1024)) { + rbase = 'M'; + rseg /= 1024; + } + device_printf(sc->sc_dev, "%s, rev %u, %d%cB %cram", + hifn_partname(sc), rev, + rseg, rbase, sc->sc_drammodel ? 'd' : 's'); + if (sc->sc_flags & HIFN_IS_7956) + printf(", pll=0x%x<%s clk, %ux mult>", + sc->sc_pllconfig, + sc->sc_pllconfig & HIFN_PLL_REF_SEL ? "ext" : "pci", + 2 + 2*((sc->sc_pllconfig & HIFN_PLL_ND) >> 11)); + printf("\n"); + + sc->sc_cid = crypto_get_driverid(softc_get_device(sc),CRYPTOCAP_F_HARDWARE); + if (sc->sc_cid < 0) { + device_printf(sc->sc_dev, "could not get crypto driver id\n"); + goto fail; + } + + WRITE_REG_0(sc, HIFN_0_PUCNFG, + READ_REG_0(sc, HIFN_0_PUCNFG) | HIFN_PUCNFG_CHIPID); + ena = READ_REG_0(sc, HIFN_0_PUSTAT) & HIFN_PUSTAT_CHIPENA; + + switch (ena) { + case HIFN_PUSTAT_ENA_2: + crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_ARC4, 0, 0); + if (sc->sc_flags & HIFN_HAS_AES) + crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0); + /*FALLTHROUGH*/ + case HIFN_PUSTAT_ENA_1: + crypto_register(sc->sc_cid, CRYPTO_MD5, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_SHA1, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0); + break; + } + + if (sc->sc_flags & (HIFN_HAS_PUBLIC | HIFN_HAS_RNG)) + hifn_init_pubrng(sc); + + init_timer(&sc->sc_tickto); + sc->sc_tickto.function = hifn_tick; + sc->sc_tickto.data = (unsigned long) sc->sc_num; + mod_timer(&sc->sc_tickto, jiffies + HZ); + + return (0); + +fail: + if (sc->sc_cid >= 0) + crypto_unregister_all(sc->sc_cid); + if (sc->sc_irq != -1) + free_irq(sc->sc_irq, sc); + if (sc->sc_dma) { + /* Turn off DMA polling */ + WRITE_REG_1(sc, HIFN_1_DMA_CNFG, HIFN_DMACNFG_MSTRESET | + HIFN_DMACNFG_DMARESET | HIFN_DMACNFG_MODE); + + pci_free_consistent(sc->sc_pcidev, + sizeof(*sc->sc_dma), + sc->sc_dma, sc->sc_dma_physaddr); + } + kfree(sc); + return (-ENXIO); +} + +/* + * Detach an interface that successfully probed. + */ +static void +hifn_remove(struct pci_dev *dev) +{ + struct hifn_softc *sc = pci_get_drvdata(dev); + unsigned long l_flags; + + DPRINTF("%s()\n", __FUNCTION__); + + KASSERT(sc != NULL, ("hifn_detach: null software carrier!")); + + /* disable interrupts */ + HIFN_LOCK(sc); + WRITE_REG_1(sc, HIFN_1_DMA_IER, 0); + HIFN_UNLOCK(sc); + + /*XXX other resources */ + del_timer_sync(&sc->sc_tickto); + + /* Turn off DMA polling */ + WRITE_REG_1(sc, HIFN_1_DMA_CNFG, HIFN_DMACNFG_MSTRESET | + HIFN_DMACNFG_DMARESET | HIFN_DMACNFG_MODE); + + crypto_unregister_all(sc->sc_cid); + + free_irq(sc->sc_irq, sc); + + pci_free_consistent(sc->sc_pcidev, sizeof(*sc->sc_dma), + sc->sc_dma, sc->sc_dma_physaddr); +} + + +static int +hifn_init_pubrng(struct hifn_softc *sc) +{ + int i; + + DPRINTF("%s()\n", __FUNCTION__); + + if ((sc->sc_flags & HIFN_IS_7811) == 0) { + /* Reset 7951 public key/rng engine */ + WRITE_REG_1(sc, HIFN_1_PUB_RESET, + READ_REG_1(sc, HIFN_1_PUB_RESET) | HIFN_PUBRST_RESET); + + for (i = 0; i < 100; i++) { + DELAY(1000); + if ((READ_REG_1(sc, HIFN_1_PUB_RESET) & + HIFN_PUBRST_RESET) == 0) + break; + } + + if (i == 100) { + device_printf(sc->sc_dev, "public key init failed\n"); + return (1); + } + } + + /* Enable the rng, if available */ +#ifdef CONFIG_OCF_RANDOMHARVEST + if (sc->sc_flags & HIFN_HAS_RNG) { + if (sc->sc_flags & HIFN_IS_7811) { + u_int32_t r; + r = READ_REG_1(sc, HIFN_1_7811_RNGENA); + if (r & HIFN_7811_RNGENA_ENA) { + r &= ~HIFN_7811_RNGENA_ENA; + WRITE_REG_1(sc, HIFN_1_7811_RNGENA, r); + } + WRITE_REG_1(sc, HIFN_1_7811_RNGCFG, + HIFN_7811_RNGCFG_DEFL); + r |= HIFN_7811_RNGENA_ENA; + WRITE_REG_1(sc, HIFN_1_7811_RNGENA, r); + } else + WRITE_REG_1(sc, HIFN_1_RNG_CONFIG, + READ_REG_1(sc, HIFN_1_RNG_CONFIG) | + HIFN_RNGCFG_ENA); + + sc->sc_rngfirst = 1; + crypto_rregister(sc->sc_cid, hifn_read_random, sc); + } +#endif + + /* Enable public key engine, if available */ + if (sc->sc_flags & HIFN_HAS_PUBLIC) { + WRITE_REG_1(sc, HIFN_1_PUB_IEN, HIFN_PUBIEN_DONE); + sc->sc_dmaier |= HIFN_DMAIER_PUBDONE; + WRITE_REG_1(sc, HIFN_1_DMA_IER, sc->sc_dmaier); +#ifdef HIFN_VULCANDEV + sc->sc_pkdev = make_dev(&vulcanpk_cdevsw, 0, + UID_ROOT, GID_WHEEL, 0666, + "vulcanpk"); + sc->sc_pkdev->si_drv1 = sc; +#endif + } + + return (0); +} + +#ifdef CONFIG_OCF_RANDOMHARVEST +static int +hifn_read_random(void *arg, u_int32_t *buf, int len) +{ + struct hifn_softc *sc = (struct hifn_softc *) arg; + u_int32_t sts; + int i, rc = 0; + + if (len <= 0) + return rc; + + if (sc->sc_flags & HIFN_IS_7811) { + /* ONLY VALID ON 7811!!!! */ + for (i = 0; i < 5; i++) { + sts = READ_REG_1(sc, HIFN_1_7811_RNGSTS); + if (sts & HIFN_7811_RNGSTS_UFL) { + device_printf(sc->sc_dev, + "RNG underflow: disabling\n"); + /* DAVIDM perhaps return -1 */ + break; + } + if ((sts & HIFN_7811_RNGSTS_RDY) == 0) + break; + + /* + * There are at least two words in the RNG FIFO + * at this point. + */ + if (rc < len) + buf[rc++] = READ_REG_1(sc, HIFN_1_7811_RNGDAT); + if (rc < len) + buf[rc++] = READ_REG_1(sc, HIFN_1_7811_RNGDAT); + } + } else + buf[rc++] = READ_REG_1(sc, HIFN_1_RNG_DATA); + + /* NB: discard first data read */ + if (sc->sc_rngfirst) { + sc->sc_rngfirst = 0; + rc = 0; + } + + return(rc); +} +#endif /* CONFIG_OCF_RANDOMHARVEST */ + +static void +hifn_puc_wait(struct hifn_softc *sc) +{ + int i; + int reg = HIFN_0_PUCTRL; + + if (sc->sc_flags & HIFN_IS_7956) { + reg = HIFN_0_PUCTRL2; + } + + for (i = 5000; i > 0; i--) { + DELAY(1); + if (!(READ_REG_0(sc, reg) & HIFN_PUCTRL_RESET)) + break; + } + if (!i) + device_printf(sc->sc_dev, "proc unit did not reset(0x%x)\n", + READ_REG_0(sc, HIFN_0_PUCTRL)); +} + +/* + * Reset the processing unit. + */ +static void +hifn_reset_puc(struct hifn_softc *sc) +{ + /* Reset processing unit */ + int reg = HIFN_0_PUCTRL; + + if (sc->sc_flags & HIFN_IS_7956) { + reg = HIFN_0_PUCTRL2; + } + WRITE_REG_0(sc, reg, HIFN_PUCTRL_DMAENA); + + hifn_puc_wait(sc); +} + +/* + * Set the Retry and TRDY registers; note that we set them to + * zero because the 7811 locks up when forced to retry (section + * 3.6 of "Specification Update SU-0014-04". Not clear if we + * should do this for all Hifn parts, but it doesn't seem to hurt. + */ +static void +hifn_set_retry(struct hifn_softc *sc) +{ + DPRINTF("%s()\n", __FUNCTION__); + /* NB: RETRY only responds to 8-bit reads/writes */ + pci_write_config_byte(sc->sc_pcidev, HIFN_RETRY_TIMEOUT, 0); + pci_write_config_byte(sc->sc_pcidev, HIFN_TRDY_TIMEOUT, 0); + /* piggy back the cache line setting here */ + pci_write_config_byte(sc->sc_pcidev, PCI_CACHE_LINE_SIZE, hifn_cache_linesize); +} + +/* + * Resets the board. Values in the regesters are left as is + * from the reset (i.e. initial values are assigned elsewhere). + */ +static void +hifn_reset_board(struct hifn_softc *sc, int full) +{ + u_int32_t reg; + + DPRINTF("%s()\n", __FUNCTION__); + /* + * Set polling in the DMA configuration register to zero. 0x7 avoids + * resetting the board and zeros out the other fields. + */ + WRITE_REG_1(sc, HIFN_1_DMA_CNFG, HIFN_DMACNFG_MSTRESET | + HIFN_DMACNFG_DMARESET | HIFN_DMACNFG_MODE); + + /* + * Now that polling has been disabled, we have to wait 1 ms + * before resetting the board. + */ + DELAY(1000); + + /* Reset the DMA unit */ + if (full) { + WRITE_REG_1(sc, HIFN_1_DMA_CNFG, HIFN_DMACNFG_MODE); + DELAY(1000); + } else { + WRITE_REG_1(sc, HIFN_1_DMA_CNFG, + HIFN_DMACNFG_MODE | HIFN_DMACNFG_MSTRESET); + hifn_reset_puc(sc); + } + + KASSERT(sc->sc_dma != NULL, ("hifn_reset_board: null DMA tag!")); + bzero(sc->sc_dma, sizeof(*sc->sc_dma)); + + /* Bring dma unit out of reset */ + WRITE_REG_1(sc, HIFN_1_DMA_CNFG, HIFN_DMACNFG_MSTRESET | + HIFN_DMACNFG_DMARESET | HIFN_DMACNFG_MODE); + + hifn_puc_wait(sc); + hifn_set_retry(sc); + + if (sc->sc_flags & HIFN_IS_7811) { + for (reg = 0; reg < 1000; reg++) { + if (READ_REG_1(sc, HIFN_1_7811_MIPSRST) & + HIFN_MIPSRST_CRAMINIT) + break; + DELAY(1000); + } + if (reg == 1000) + device_printf(sc->sc_dev, ": cram init timeout\n"); + } else { + /* set up DMA configuration register #2 */ + /* turn off all PK and BAR0 swaps */ + WRITE_REG_1(sc, HIFN_1_DMA_CNFG2, + (3 << HIFN_DMACNFG2_INIT_WRITE_BURST_SHIFT)| + (3 << HIFN_DMACNFG2_INIT_READ_BURST_SHIFT)| + (2 << HIFN_DMACNFG2_TGT_WRITE_BURST_SHIFT)| + (2 << HIFN_DMACNFG2_TGT_READ_BURST_SHIFT)); + } +} + +static u_int32_t +hifn_next_signature(u_int32_t a, u_int cnt) +{ + int i; + u_int32_t v; + + for (i = 0; i < cnt; i++) { + + /* get the parity */ + v = a & 0x80080125; + v ^= v >> 16; + v ^= v >> 8; + v ^= v >> 4; + v ^= v >> 2; + v ^= v >> 1; + + a = (v & 1) ^ (a << 1); + } + + return a; +} + + +/* + * Checks to see if crypto is already enabled. If crypto isn't enable, + * "hifn_enable_crypto" is called to enable it. The check is important, + * as enabling crypto twice will lock the board. + */ +static int +hifn_enable_crypto(struct hifn_softc *sc) +{ + u_int32_t dmacfg, ramcfg, encl, addr, i; + char offtbl[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 }; + + DPRINTF("%s()\n", __FUNCTION__); + + ramcfg = READ_REG_0(sc, HIFN_0_PUCNFG); + dmacfg = READ_REG_1(sc, HIFN_1_DMA_CNFG); + + /* + * The RAM config register's encrypt level bit needs to be set before + * every read performed on the encryption level register. + */ + WRITE_REG_0(sc, HIFN_0_PUCNFG, ramcfg | HIFN_PUCNFG_CHIPID); + + encl = READ_REG_0(sc, HIFN_0_PUSTAT) & HIFN_PUSTAT_CHIPENA; + + /* + * Make sure we don't re-unlock. Two unlocks kills chip until the + * next reboot. + */ + if (encl == HIFN_PUSTAT_ENA_1 || encl == HIFN_PUSTAT_ENA_2) { +#ifdef HIFN_DEBUG + if (hifn_debug) + device_printf(sc->sc_dev, + "Strong crypto already enabled!\n"); +#endif + goto report; + } + + if (encl != 0 && encl != HIFN_PUSTAT_ENA_0) { +#ifdef HIFN_DEBUG + if (hifn_debug) + device_printf(sc->sc_dev, + "Unknown encryption level 0x%x\n", encl); +#endif + return 1; + } + + WRITE_REG_1(sc, HIFN_1_DMA_CNFG, HIFN_DMACNFG_UNLOCK | + HIFN_DMACNFG_MSTRESET | HIFN_DMACNFG_DMARESET | HIFN_DMACNFG_MODE); + DELAY(1000); + addr = READ_REG_1(sc, HIFN_UNLOCK_SECRET1); + DELAY(1000); + WRITE_REG_1(sc, HIFN_UNLOCK_SECRET2, 0); + DELAY(1000); + + for (i = 0; i <= 12; i++) { + addr = hifn_next_signature(addr, offtbl[i] + 0x101); + WRITE_REG_1(sc, HIFN_UNLOCK_SECRET2, addr); + + DELAY(1000); + } + + WRITE_REG_0(sc, HIFN_0_PUCNFG, ramcfg | HIFN_PUCNFG_CHIPID); + encl = READ_REG_0(sc, HIFN_0_PUSTAT) & HIFN_PUSTAT_CHIPENA; + +#ifdef HIFN_DEBUG + if (hifn_debug) { + if (encl != HIFN_PUSTAT_ENA_1 && encl != HIFN_PUSTAT_ENA_2) + device_printf(sc->sc_dev, "Engine is permanently " + "locked until next system reset!\n"); + else + device_printf(sc->sc_dev, "Engine enabled " + "successfully!\n"); + } +#endif + +report: + WRITE_REG_0(sc, HIFN_0_PUCNFG, ramcfg); + WRITE_REG_1(sc, HIFN_1_DMA_CNFG, dmacfg); + + switch (encl) { + case HIFN_PUSTAT_ENA_1: + case HIFN_PUSTAT_ENA_2: + break; + case HIFN_PUSTAT_ENA_0: + default: + device_printf(sc->sc_dev, "disabled\n"); + break; + } + + return 0; +} + +/* + * Give initial values to the registers listed in the "Register Space" + * section of the HIFN Software Development reference manual. + */ +static void +hifn_init_pci_registers(struct hifn_softc *sc) +{ + DPRINTF("%s()\n", __FUNCTION__); + + /* write fixed values needed by the Initialization registers */ + WRITE_REG_0(sc, HIFN_0_PUCTRL, HIFN_PUCTRL_DMAENA); + WRITE_REG_0(sc, HIFN_0_FIFOCNFG, HIFN_FIFOCNFG_THRESHOLD); + WRITE_REG_0(sc, HIFN_0_PUIER, HIFN_PUIER_DSTOVER); + + /* write all 4 ring address registers */ + WRITE_REG_1(sc, HIFN_1_DMA_CRAR, sc->sc_dma_physaddr + + offsetof(struct hifn_dma, cmdr[0])); + WRITE_REG_1(sc, HIFN_1_DMA_SRAR, sc->sc_dma_physaddr + + offsetof(struct hifn_dma, srcr[0])); + WRITE_REG_1(sc, HIFN_1_DMA_DRAR, sc->sc_dma_physaddr + + offsetof(struct hifn_dma, dstr[0])); + WRITE_REG_1(sc, HIFN_1_DMA_RRAR, sc->sc_dma_physaddr + + offsetof(struct hifn_dma, resr[0])); + + DELAY(2000); + + /* write status register */ + WRITE_REG_1(sc, HIFN_1_DMA_CSR, + HIFN_DMACSR_D_CTRL_DIS | HIFN_DMACSR_R_CTRL_DIS | + HIFN_DMACSR_S_CTRL_DIS | HIFN_DMACSR_C_CTRL_DIS | + HIFN_DMACSR_D_ABORT | HIFN_DMACSR_D_DONE | HIFN_DMACSR_D_LAST | + HIFN_DMACSR_D_WAIT | HIFN_DMACSR_D_OVER | + HIFN_DMACSR_R_ABORT | HIFN_DMACSR_R_DONE | HIFN_DMACSR_R_LAST | + HIFN_DMACSR_R_WAIT | HIFN_DMACSR_R_OVER | + HIFN_DMACSR_S_ABORT | HIFN_DMACSR_S_DONE | HIFN_DMACSR_S_LAST | + HIFN_DMACSR_S_WAIT | + HIFN_DMACSR_C_ABORT | HIFN_DMACSR_C_DONE | HIFN_DMACSR_C_LAST | + HIFN_DMACSR_C_WAIT | + HIFN_DMACSR_ENGINE | + ((sc->sc_flags & HIFN_HAS_PUBLIC) ? + HIFN_DMACSR_PUBDONE : 0) | + ((sc->sc_flags & HIFN_IS_7811) ? + HIFN_DMACSR_ILLW | HIFN_DMACSR_ILLR : 0)); + + sc->sc_d_busy = sc->sc_r_busy = sc->sc_s_busy = sc->sc_c_busy = 0; + sc->sc_dmaier |= HIFN_DMAIER_R_DONE | HIFN_DMAIER_C_ABORT | + HIFN_DMAIER_D_OVER | HIFN_DMAIER_R_OVER | + HIFN_DMAIER_S_ABORT | HIFN_DMAIER_D_ABORT | HIFN_DMAIER_R_ABORT | + ((sc->sc_flags & HIFN_IS_7811) ? + HIFN_DMAIER_ILLW | HIFN_DMAIER_ILLR : 0); + sc->sc_dmaier &= ~HIFN_DMAIER_C_WAIT; + WRITE_REG_1(sc, HIFN_1_DMA_IER, sc->sc_dmaier); + + + if (sc->sc_flags & HIFN_IS_7956) { + u_int32_t pll; + + WRITE_REG_0(sc, HIFN_0_PUCNFG, HIFN_PUCNFG_COMPSING | + HIFN_PUCNFG_TCALLPHASES | + HIFN_PUCNFG_TCDRVTOTEM | HIFN_PUCNFG_BUS32); + + /* turn off the clocks and insure bypass is set */ + pll = READ_REG_1(sc, HIFN_1_PLL); + pll = (pll &~ (HIFN_PLL_PK_CLK_SEL | HIFN_PLL_PE_CLK_SEL)) + | HIFN_PLL_BP | HIFN_PLL_MBSET; + WRITE_REG_1(sc, HIFN_1_PLL, pll); + DELAY(10*1000); /* 10ms */ + + /* change configuration */ + pll = (pll &~ HIFN_PLL_CONFIG) | sc->sc_pllconfig; + WRITE_REG_1(sc, HIFN_1_PLL, pll); + DELAY(10*1000); /* 10ms */ + + /* disable bypass */ + pll &= ~HIFN_PLL_BP; + WRITE_REG_1(sc, HIFN_1_PLL, pll); + /* enable clocks with new configuration */ + pll |= HIFN_PLL_PK_CLK_SEL | HIFN_PLL_PE_CLK_SEL; + WRITE_REG_1(sc, HIFN_1_PLL, pll); + } else { + WRITE_REG_0(sc, HIFN_0_PUCNFG, HIFN_PUCNFG_COMPSING | + HIFN_PUCNFG_DRFR_128 | HIFN_PUCNFG_TCALLPHASES | + HIFN_PUCNFG_TCDRVTOTEM | HIFN_PUCNFG_BUS32 | + (sc->sc_drammodel ? HIFN_PUCNFG_DRAM : HIFN_PUCNFG_SRAM)); + } + + WRITE_REG_0(sc, HIFN_0_PUISR, HIFN_PUISR_DSTOVER); + WRITE_REG_1(sc, HIFN_1_DMA_CNFG, HIFN_DMACNFG_MSTRESET | + HIFN_DMACNFG_DMARESET | HIFN_DMACNFG_MODE | HIFN_DMACNFG_LAST | + ((HIFN_POLL_FREQUENCY << 16 ) & HIFN_DMACNFG_POLLFREQ) | + ((HIFN_POLL_SCALAR << 8) & HIFN_DMACNFG_POLLINVAL)); +} + +/* + * The maximum number of sessions supported by the card + * is dependent on the amount of context ram, which + * encryption algorithms are enabled, and how compression + * is configured. This should be configured before this + * routine is called. + */ +static void +hifn_sessions(struct hifn_softc *sc) +{ + u_int32_t pucnfg; + int ctxsize; + + DPRINTF("%s()\n", __FUNCTION__); + + pucnfg = READ_REG_0(sc, HIFN_0_PUCNFG); + + if (pucnfg & HIFN_PUCNFG_COMPSING) { + if (pucnfg & HIFN_PUCNFG_ENCCNFG) + ctxsize = 128; + else + ctxsize = 512; + /* + * 7955/7956 has internal context memory of 32K + */ + if (sc->sc_flags & HIFN_IS_7956) + sc->sc_maxses = 32768 / ctxsize; + else + sc->sc_maxses = 1 + + ((sc->sc_ramsize - 32768) / ctxsize); + } else + sc->sc_maxses = sc->sc_ramsize / 16384; + + if (sc->sc_maxses > 2048) + sc->sc_maxses = 2048; +} + +/* + * Determine ram type (sram or dram). Board should be just out of a reset + * state when this is called. + */ +static int +hifn_ramtype(struct hifn_softc *sc) +{ + u_int8_t data[8], dataexpect[8]; + int i; + + for (i = 0; i < sizeof(data); i++) + data[i] = dataexpect[i] = 0x55; + if (hifn_writeramaddr(sc, 0, data)) + return (-1); + if (hifn_readramaddr(sc, 0, data)) + return (-1); + if (bcmp(data, dataexpect, sizeof(data)) != 0) { + sc->sc_drammodel = 1; + return (0); + } + + for (i = 0; i < sizeof(data); i++) + data[i] = dataexpect[i] = 0xaa; + if (hifn_writeramaddr(sc, 0, data)) + return (-1); + if (hifn_readramaddr(sc, 0, data)) + return (-1); + if (bcmp(data, dataexpect, sizeof(data)) != 0) { + sc->sc_drammodel = 1; + return (0); + } + + return (0); +} + +#define HIFN_SRAM_MAX (32 << 20) +#define HIFN_SRAM_STEP_SIZE 16384 +#define HIFN_SRAM_GRANULARITY (HIFN_SRAM_MAX / HIFN_SRAM_STEP_SIZE) + +static int +hifn_sramsize(struct hifn_softc *sc) +{ + u_int32_t a; + u_int8_t data[8]; + u_int8_t dataexpect[sizeof(data)]; + int32_t i; + + for (i = 0; i < sizeof(data); i++) + data[i] = dataexpect[i] = i ^ 0x5a; + + for (i = HIFN_SRAM_GRANULARITY - 1; i >= 0; i--) { + a = i * HIFN_SRAM_STEP_SIZE; + bcopy(&i, data, sizeof(i)); + hifn_writeramaddr(sc, a, data); + } + + for (i = 0; i < HIFN_SRAM_GRANULARITY; i++) { + a = i * HIFN_SRAM_STEP_SIZE; + bcopy(&i, dataexpect, sizeof(i)); + if (hifn_readramaddr(sc, a, data) < 0) + return (0); + if (bcmp(data, dataexpect, sizeof(data)) != 0) + return (0); + sc->sc_ramsize = a + HIFN_SRAM_STEP_SIZE; + } + + return (0); +} + +/* + * XXX For dram boards, one should really try all of the + * HIFN_PUCNFG_DSZ_*'s. This just assumes that PUCNFG + * is already set up correctly. + */ +static int +hifn_dramsize(struct hifn_softc *sc) +{ + u_int32_t cnfg; + + if (sc->sc_flags & HIFN_IS_7956) { + /* + * 7955/7956 have a fixed internal ram of only 32K. + */ + sc->sc_ramsize = 32768; + } else { + cnfg = READ_REG_0(sc, HIFN_0_PUCNFG) & + HIFN_PUCNFG_DRAMMASK; + sc->sc_ramsize = 1 << ((cnfg >> 13) + 18); + } + return (0); +} + +static void +hifn_alloc_slot(struct hifn_softc *sc, int *cmdp, int *srcp, int *dstp, int *resp) +{ + struct hifn_dma *dma = sc->sc_dma; + + DPRINTF("%s()\n", __FUNCTION__); + + if (dma->cmdi == HIFN_D_CMD_RSIZE) { + dma->cmdi = 0; + dma->cmdr[HIFN_D_CMD_RSIZE].l = htole32(HIFN_D_JUMP|HIFN_D_MASKDONEIRQ); + wmb(); + dma->cmdr[HIFN_D_CMD_RSIZE].l |= htole32(HIFN_D_VALID); + HIFN_CMDR_SYNC(sc, HIFN_D_CMD_RSIZE, + BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); + } + *cmdp = dma->cmdi++; + dma->cmdk = dma->cmdi; + + if (dma->srci == HIFN_D_SRC_RSIZE) { + dma->srci = 0; + dma->srcr[HIFN_D_SRC_RSIZE].l = htole32(HIFN_D_JUMP|HIFN_D_MASKDONEIRQ); + wmb(); + dma->srcr[HIFN_D_SRC_RSIZE].l |= htole32(HIFN_D_VALID); + HIFN_SRCR_SYNC(sc, HIFN_D_SRC_RSIZE, + BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); + } + *srcp = dma->srci++; + dma->srck = dma->srci; + + if (dma->dsti == HIFN_D_DST_RSIZE) { + dma->dsti = 0; + dma->dstr[HIFN_D_DST_RSIZE].l = htole32(HIFN_D_JUMP|HIFN_D_MASKDONEIRQ); + wmb(); + dma->dstr[HIFN_D_DST_RSIZE].l |= htole32(HIFN_D_VALID); + HIFN_DSTR_SYNC(sc, HIFN_D_DST_RSIZE, + BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); + } + *dstp = dma->dsti++; + dma->dstk = dma->dsti; + + if (dma->resi == HIFN_D_RES_RSIZE) { + dma->resi = 0; + dma->resr[HIFN_D_RES_RSIZE].l = htole32(HIFN_D_JUMP|HIFN_D_MASKDONEIRQ); + wmb(); + dma->resr[HIFN_D_RES_RSIZE].l |= htole32(HIFN_D_VALID); + HIFN_RESR_SYNC(sc, HIFN_D_RES_RSIZE, + BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); + } + *resp = dma->resi++; + dma->resk = dma->resi; +} + +static int +hifn_writeramaddr(struct hifn_softc *sc, int addr, u_int8_t *data) +{ + struct hifn_dma *dma = sc->sc_dma; + hifn_base_command_t wc; + const u_int32_t masks = HIFN_D_VALID | HIFN_D_LAST | HIFN_D_MASKDONEIRQ; + int r, cmdi, resi, srci, dsti; + + DPRINTF("%s()\n", __FUNCTION__); + + wc.masks = htole16(3 << 13); + wc.session_num = htole16(addr >> 14); + wc.total_source_count = htole16(8); + wc.total_dest_count = htole16(addr & 0x3fff); + + hifn_alloc_slot(sc, &cmdi, &srci, &dsti, &resi); + + WRITE_REG_1(sc, HIFN_1_DMA_CSR, + HIFN_DMACSR_C_CTRL_ENA | HIFN_DMACSR_S_CTRL_ENA | + HIFN_DMACSR_D_CTRL_ENA | HIFN_DMACSR_R_CTRL_ENA); + + /* build write command */ + bzero(dma->command_bufs[cmdi], HIFN_MAX_COMMAND); + *(hifn_base_command_t *)dma->command_bufs[cmdi] = wc; + bcopy(data, &dma->test_src, sizeof(dma->test_src)); + + dma->srcr[srci].p = htole32(sc->sc_dma_physaddr + + offsetof(struct hifn_dma, test_src)); + dma->dstr[dsti].p = htole32(sc->sc_dma_physaddr + + offsetof(struct hifn_dma, test_dst)); + + dma->cmdr[cmdi].l = htole32(16 | masks); + dma->srcr[srci].l = htole32(8 | masks); + dma->dstr[dsti].l = htole32(4 | masks); + dma->resr[resi].l = htole32(4 | masks); + + for (r = 10000; r >= 0; r--) { + DELAY(10); + if ((dma->resr[resi].l & htole32(HIFN_D_VALID)) == 0) + break; + } + if (r == 0) { + device_printf(sc->sc_dev, "writeramaddr -- " + "result[%d](addr %d) still valid\n", resi, addr); + r = -1; + return (-1); + } else + r = 0; + + WRITE_REG_1(sc, HIFN_1_DMA_CSR, + HIFN_DMACSR_C_CTRL_DIS | HIFN_DMACSR_S_CTRL_DIS | + HIFN_DMACSR_D_CTRL_DIS | HIFN_DMACSR_R_CTRL_DIS); + + return (r); +} + +static int +hifn_readramaddr(struct hifn_softc *sc, int addr, u_int8_t *data) +{ + struct hifn_dma *dma = sc->sc_dma; + hifn_base_command_t rc; + const u_int32_t masks = HIFN_D_VALID | HIFN_D_LAST | HIFN_D_MASKDONEIRQ; + int r, cmdi, srci, dsti, resi; + + DPRINTF("%s()\n", __FUNCTION__); + + rc.masks = htole16(2 << 13); + rc.session_num = htole16(addr >> 14); + rc.total_source_count = htole16(addr & 0x3fff); + rc.total_dest_count = htole16(8); + + hifn_alloc_slot(sc, &cmdi, &srci, &dsti, &resi); + + WRITE_REG_1(sc, HIFN_1_DMA_CSR, + HIFN_DMACSR_C_CTRL_ENA | HIFN_DMACSR_S_CTRL_ENA | + HIFN_DMACSR_D_CTRL_ENA | HIFN_DMACSR_R_CTRL_ENA); + + bzero(dma->command_bufs[cmdi], HIFN_MAX_COMMAND); + *(hifn_base_command_t *)dma->command_bufs[cmdi] = rc; + + dma->srcr[srci].p = htole32(sc->sc_dma_physaddr + + offsetof(struct hifn_dma, test_src)); + dma->test_src = 0; + dma->dstr[dsti].p = htole32(sc->sc_dma_physaddr + + offsetof(struct hifn_dma, test_dst)); + dma->test_dst = 0; + dma->cmdr[cmdi].l = htole32(8 | masks); + dma->srcr[srci].l = htole32(8 | masks); + dma->dstr[dsti].l = htole32(8 | masks); + dma->resr[resi].l = htole32(HIFN_MAX_RESULT | masks); + + for (r = 10000; r >= 0; r--) { + DELAY(10); + if ((dma->resr[resi].l & htole32(HIFN_D_VALID)) == 0) + break; + } + if (r == 0) { + device_printf(sc->sc_dev, "readramaddr -- " + "result[%d](addr %d) still valid\n", resi, addr); + r = -1; + } else { + r = 0; + bcopy(&dma->test_dst, data, sizeof(dma->test_dst)); + } + + WRITE_REG_1(sc, HIFN_1_DMA_CSR, + HIFN_DMACSR_C_CTRL_DIS | HIFN_DMACSR_S_CTRL_DIS | + HIFN_DMACSR_D_CTRL_DIS | HIFN_DMACSR_R_CTRL_DIS); + + return (r); +} + +/* + * Initialize the descriptor rings. + */ +static void +hifn_init_dma(struct hifn_softc *sc) +{ + struct hifn_dma *dma = sc->sc_dma; + int i; + + DPRINTF("%s()\n", __FUNCTION__); + + hifn_set_retry(sc); + + /* initialize static pointer values */ + for (i = 0; i < HIFN_D_CMD_RSIZE; i++) + dma->cmdr[i].p = htole32(sc->sc_dma_physaddr + + offsetof(struct hifn_dma, command_bufs[i][0])); + for (i = 0; i < HIFN_D_RES_RSIZE; i++) + dma->resr[i].p = htole32(sc->sc_dma_physaddr + + offsetof(struct hifn_dma, result_bufs[i][0])); + + dma->cmdr[HIFN_D_CMD_RSIZE].p = + htole32(sc->sc_dma_physaddr + offsetof(struct hifn_dma, cmdr[0])); + dma->srcr[HIFN_D_SRC_RSIZE].p = + htole32(sc->sc_dma_physaddr + offsetof(struct hifn_dma, srcr[0])); + dma->dstr[HIFN_D_DST_RSIZE].p = + htole32(sc->sc_dma_physaddr + offsetof(struct hifn_dma, dstr[0])); + dma->resr[HIFN_D_RES_RSIZE].p = + htole32(sc->sc_dma_physaddr + offsetof(struct hifn_dma, resr[0])); + + dma->cmdu = dma->srcu = dma->dstu = dma->resu = 0; + dma->cmdi = dma->srci = dma->dsti = dma->resi = 0; + dma->cmdk = dma->srck = dma->dstk = dma->resk = 0; +} + +/* + * Writes out the raw command buffer space. Returns the + * command buffer size. + */ +static u_int +hifn_write_command(struct hifn_command *cmd, u_int8_t *buf) +{ + struct hifn_softc *sc = NULL; + u_int8_t *buf_pos; + hifn_base_command_t *base_cmd; + hifn_mac_command_t *mac_cmd; + hifn_crypt_command_t *cry_cmd; + int using_mac, using_crypt, len, ivlen; + u_int32_t dlen, slen; + + DPRINTF("%s()\n", __FUNCTION__); + + buf_pos = buf; + using_mac = cmd->base_masks & HIFN_BASE_CMD_MAC; + using_crypt = cmd->base_masks & HIFN_BASE_CMD_CRYPT; + + base_cmd = (hifn_base_command_t *)buf_pos; + base_cmd->masks = htole16(cmd->base_masks); + slen = cmd->src_mapsize; + if (cmd->sloplen) + dlen = cmd->dst_mapsize - cmd->sloplen + sizeof(u_int32_t); + else + dlen = cmd->dst_mapsize; + base_cmd->total_source_count = htole16(slen & HIFN_BASE_CMD_LENMASK_LO); + base_cmd->total_dest_count = htole16(dlen & HIFN_BASE_CMD_LENMASK_LO); + dlen >>= 16; + slen >>= 16; + base_cmd->session_num = htole16( + ((slen << HIFN_BASE_CMD_SRCLEN_S) & HIFN_BASE_CMD_SRCLEN_M) | + ((dlen << HIFN_BASE_CMD_DSTLEN_S) & HIFN_BASE_CMD_DSTLEN_M)); + buf_pos += sizeof(hifn_base_command_t); + + if (using_mac) { + mac_cmd = (hifn_mac_command_t *)buf_pos; + dlen = cmd->maccrd->crd_len; + mac_cmd->source_count = htole16(dlen & 0xffff); + dlen >>= 16; + mac_cmd->masks = htole16(cmd->mac_masks | + ((dlen << HIFN_MAC_CMD_SRCLEN_S) & HIFN_MAC_CMD_SRCLEN_M)); + mac_cmd->header_skip = htole16(cmd->maccrd->crd_skip); + mac_cmd->reserved = 0; + buf_pos += sizeof(hifn_mac_command_t); + } + + if (using_crypt) { + cry_cmd = (hifn_crypt_command_t *)buf_pos; + dlen = cmd->enccrd->crd_len; + cry_cmd->source_count = htole16(dlen & 0xffff); + dlen >>= 16; + cry_cmd->masks = htole16(cmd->cry_masks | + ((dlen << HIFN_CRYPT_CMD_SRCLEN_S) & HIFN_CRYPT_CMD_SRCLEN_M)); + cry_cmd->header_skip = htole16(cmd->enccrd->crd_skip); + cry_cmd->reserved = 0; + buf_pos += sizeof(hifn_crypt_command_t); + } + + if (using_mac && cmd->mac_masks & HIFN_MAC_CMD_NEW_KEY) { + bcopy(cmd->mac, buf_pos, HIFN_MAC_KEY_LENGTH); + buf_pos += HIFN_MAC_KEY_LENGTH; + } + + if (using_crypt && cmd->cry_masks & HIFN_CRYPT_CMD_NEW_KEY) { + switch (cmd->cry_masks & HIFN_CRYPT_CMD_ALG_MASK) { + case HIFN_CRYPT_CMD_ALG_3DES: + bcopy(cmd->ck, buf_pos, HIFN_3DES_KEY_LENGTH); + buf_pos += HIFN_3DES_KEY_LENGTH; + break; + case HIFN_CRYPT_CMD_ALG_DES: + bcopy(cmd->ck, buf_pos, HIFN_DES_KEY_LENGTH); + buf_pos += HIFN_DES_KEY_LENGTH; + break; + case HIFN_CRYPT_CMD_ALG_RC4: + len = 256; + do { + int clen; + + clen = MIN(cmd->cklen, len); + bcopy(cmd->ck, buf_pos, clen); + len -= clen; + buf_pos += clen; + } while (len > 0); + bzero(buf_pos, 4); + buf_pos += 4; + break; + case HIFN_CRYPT_CMD_ALG_AES: + /* + * AES keys are variable 128, 192 and + * 256 bits (16, 24 and 32 bytes). + */ + bcopy(cmd->ck, buf_pos, cmd->cklen); + buf_pos += cmd->cklen; + break; + } + } + + if (using_crypt && cmd->cry_masks & HIFN_CRYPT_CMD_NEW_IV) { + switch (cmd->cry_masks & HIFN_CRYPT_CMD_ALG_MASK) { + case HIFN_CRYPT_CMD_ALG_AES: + ivlen = HIFN_AES_IV_LENGTH; + break; + default: + ivlen = HIFN_IV_LENGTH; + break; + } + bcopy(cmd->iv, buf_pos, ivlen); + buf_pos += ivlen; + } + + if ((cmd->base_masks & (HIFN_BASE_CMD_MAC|HIFN_BASE_CMD_CRYPT)) == 0) { + bzero(buf_pos, 8); + buf_pos += 8; + } + + return (buf_pos - buf); +} + +static int +hifn_dmamap_aligned(struct hifn_operand *op) +{ + struct hifn_softc *sc = NULL; + int i; + + DPRINTF("%s()\n", __FUNCTION__); + + for (i = 0; i < op->nsegs; i++) { + if (op->segs[i].ds_addr & 3) + return (0); + if ((i != (op->nsegs - 1)) && (op->segs[i].ds_len & 3)) + return (0); + } + return (1); +} + +static __inline int +hifn_dmamap_dstwrap(struct hifn_softc *sc, int idx) +{ + struct hifn_dma *dma = sc->sc_dma; + + if (++idx == HIFN_D_DST_RSIZE) { + dma->dstr[idx].l = htole32(HIFN_D_VALID | HIFN_D_JUMP | + HIFN_D_MASKDONEIRQ); + HIFN_DSTR_SYNC(sc, idx, + BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); + idx = 0; + } + return (idx); +} + +static int +hifn_dmamap_load_dst(struct hifn_softc *sc, struct hifn_command *cmd) +{ + struct hifn_dma *dma = sc->sc_dma; + struct hifn_operand *dst = &cmd->dst; + u_int32_t p, l; + int idx, used = 0, i; + + DPRINTF("%s()\n", __FUNCTION__); + + idx = dma->dsti; + for (i = 0; i < dst->nsegs - 1; i++) { + dma->dstr[idx].p = htole32(dst->segs[i].ds_addr); + dma->dstr[idx].l = htole32(HIFN_D_MASKDONEIRQ | dst->segs[i].ds_len); + wmb(); + dma->dstr[idx].l |= htole32(HIFN_D_VALID); + HIFN_DSTR_SYNC(sc, idx, + BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); + used++; + + idx = hifn_dmamap_dstwrap(sc, idx); + } + + if (cmd->sloplen == 0) { + p = dst->segs[i].ds_addr; + l = HIFN_D_MASKDONEIRQ | HIFN_D_LAST | + dst->segs[i].ds_len; + } else { + p = sc->sc_dma_physaddr + + offsetof(struct hifn_dma, slop[cmd->slopidx]); + l = HIFN_D_MASKDONEIRQ | HIFN_D_LAST | + sizeof(u_int32_t); + + if ((dst->segs[i].ds_len - cmd->sloplen) != 0) { + dma->dstr[idx].p = htole32(dst->segs[i].ds_addr); + dma->dstr[idx].l = htole32(HIFN_D_MASKDONEIRQ | + (dst->segs[i].ds_len - cmd->sloplen)); + wmb(); + dma->dstr[idx].l |= htole32(HIFN_D_VALID); + HIFN_DSTR_SYNC(sc, idx, + BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); + used++; + + idx = hifn_dmamap_dstwrap(sc, idx); + } + } + dma->dstr[idx].p = htole32(p); + dma->dstr[idx].l = htole32(l); + wmb(); + dma->dstr[idx].l |= htole32(HIFN_D_VALID); + HIFN_DSTR_SYNC(sc, idx, BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); + used++; + + idx = hifn_dmamap_dstwrap(sc, idx); + + dma->dsti = idx; + dma->dstu += used; + return (idx); +} + +static __inline int +hifn_dmamap_srcwrap(struct hifn_softc *sc, int idx) +{ + struct hifn_dma *dma = sc->sc_dma; + + if (++idx == HIFN_D_SRC_RSIZE) { + dma->srcr[idx].l = htole32(HIFN_D_VALID | + HIFN_D_JUMP | HIFN_D_MASKDONEIRQ); + HIFN_SRCR_SYNC(sc, HIFN_D_SRC_RSIZE, + BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); + idx = 0; + } + return (idx); +} + +static int +hifn_dmamap_load_src(struct hifn_softc *sc, struct hifn_command *cmd) +{ + struct hifn_dma *dma = sc->sc_dma; + struct hifn_operand *src = &cmd->src; + int idx, i; + u_int32_t last = 0; + + DPRINTF("%s()\n", __FUNCTION__); + + idx = dma->srci; + for (i = 0; i < src->nsegs; i++) { + if (i == src->nsegs - 1) + last = HIFN_D_LAST; + + dma->srcr[idx].p = htole32(src->segs[i].ds_addr); + dma->srcr[idx].l = htole32(src->segs[i].ds_len | + HIFN_D_MASKDONEIRQ | last); + wmb(); + dma->srcr[idx].l |= htole32(HIFN_D_VALID); + HIFN_SRCR_SYNC(sc, idx, + BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); + + idx = hifn_dmamap_srcwrap(sc, idx); + } + dma->srci = idx; + dma->srcu += src->nsegs; + return (idx); +} + + +static int +hifn_crypto( + struct hifn_softc *sc, + struct hifn_command *cmd, + struct cryptop *crp, + int hint) +{ + struct hifn_dma *dma = sc->sc_dma; + u_int32_t cmdlen, csr; + int cmdi, resi, err = 0; + unsigned long l_flags; + + DPRINTF("%s()\n", __FUNCTION__); + + /* + * need 1 cmd, and 1 res + * + * NB: check this first since it's easy. + */ + HIFN_LOCK(sc); + if ((dma->cmdu + 1) > HIFN_D_CMD_RSIZE || + (dma->resu + 1) > HIFN_D_RES_RSIZE) { +#ifdef HIFN_DEBUG + if (hifn_debug) { + device_printf(sc->sc_dev, + "cmd/result exhaustion, cmdu %u resu %u\n", + dma->cmdu, dma->resu); + } +#endif + hifnstats.hst_nomem_cr++; + sc->sc_needwakeup |= CRYPTO_SYMQ; + HIFN_UNLOCK(sc); + return (ERESTART); + } + + if (crp->crp_flags & CRYPTO_F_SKBUF) { + if (pci_map_skb(sc, &cmd->src, cmd->src_skb)) { + hifnstats.hst_nomem_load++; + err = ENOMEM; + goto err_srcmap1; + } + } else if (crp->crp_flags & CRYPTO_F_IOV) { + if (pci_map_uio(sc, &cmd->src, cmd->src_io)) { + hifnstats.hst_nomem_load++; + err = ENOMEM; + goto err_srcmap1; + } + } else { + if (pci_map_buf(sc, &cmd->src, cmd->src_buf, crp->crp_ilen)) { + hifnstats.hst_nomem_load++; + err = ENOMEM; + goto err_srcmap1; + } + } + + if (hifn_dmamap_aligned(&cmd->src)) { + cmd->sloplen = cmd->src_mapsize & 3; + cmd->dst = cmd->src; + } else { + if (crp->crp_flags & CRYPTO_F_IOV) { + DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); + err = EINVAL; + goto err_srcmap; + } else if (crp->crp_flags & CRYPTO_F_SKBUF) { +#ifdef NOTYET + int totlen, len; + struct mbuf *m, *m0, *mlast; + + KASSERT(cmd->dst_m == cmd->src_m, + ("hifn_crypto: dst_m initialized improperly")); + hifnstats.hst_unaligned++; + /* + * Source is not aligned on a longword boundary. + * Copy the data to insure alignment. If we fail + * to allocate mbufs or clusters while doing this + * we return ERESTART so the operation is requeued + * at the crypto later, but only if there are + * ops already posted to the hardware; otherwise we + * have no guarantee that we'll be re-entered. + */ + totlen = cmd->src_mapsize; + if (cmd->src_m->m_flags & M_PKTHDR) { + len = MHLEN; + MGETHDR(m0, M_DONTWAIT, MT_DATA); + if (m0 && !m_dup_pkthdr(m0, cmd->src_m, M_DONTWAIT)) { + m_free(m0); + m0 = NULL; + } + } else { + len = MLEN; + MGET(m0, M_DONTWAIT, MT_DATA); + } + if (m0 == NULL) { + hifnstats.hst_nomem_mbuf++; + err = dma->cmdu ? ERESTART : ENOMEM; + goto err_srcmap; + } + if (totlen >= MINCLSIZE) { + MCLGET(m0, M_DONTWAIT); + if ((m0->m_flags & M_EXT) == 0) { + hifnstats.hst_nomem_mcl++; + err = dma->cmdu ? ERESTART : ENOMEM; + m_freem(m0); + goto err_srcmap; + } + len = MCLBYTES; + } + totlen -= len; + m0->m_pkthdr.len = m0->m_len = len; + mlast = m0; + + while (totlen > 0) { + MGET(m, M_DONTWAIT, MT_DATA); + if (m == NULL) { + hifnstats.hst_nomem_mbuf++; + err = dma->cmdu ? ERESTART : ENOMEM; + m_freem(m0); + goto err_srcmap; + } + len = MLEN; + if (totlen >= MINCLSIZE) { + MCLGET(m, M_DONTWAIT); + if ((m->m_flags & M_EXT) == 0) { + hifnstats.hst_nomem_mcl++; + err = dma->cmdu ? ERESTART : ENOMEM; + mlast->m_next = m; + m_freem(m0); + goto err_srcmap; + } + len = MCLBYTES; + } + + m->m_len = len; + m0->m_pkthdr.len += len; + totlen -= len; + + mlast->m_next = m; + mlast = m; + } + cmd->dst_m = m0; +#else + device_printf(sc->sc_dev, + "%s,%d: CRYPTO_F_SKBUF unaligned not implemented\n", + __FILE__, __LINE__); + err = EINVAL; + goto err_srcmap; +#endif + } else { + device_printf(sc->sc_dev, + "%s,%d: unaligned contig buffers not implemented\n", + __FILE__, __LINE__); + err = EINVAL; + goto err_srcmap; + } + } + + if (cmd->dst_map == NULL) { + if (crp->crp_flags & CRYPTO_F_SKBUF) { + if (pci_map_skb(sc, &cmd->dst, cmd->dst_skb)) { + hifnstats.hst_nomem_map++; + err = ENOMEM; + goto err_dstmap1; + } + } else if (crp->crp_flags & CRYPTO_F_IOV) { + if (pci_map_uio(sc, &cmd->dst, cmd->dst_io)) { + hifnstats.hst_nomem_load++; + err = ENOMEM; + goto err_dstmap1; + } + } else { + if (pci_map_buf(sc, &cmd->dst, cmd->dst_buf, crp->crp_ilen)) { + hifnstats.hst_nomem_load++; + err = ENOMEM; + goto err_dstmap1; + } + } + } + +#ifdef HIFN_DEBUG + if (hifn_debug) { + device_printf(sc->sc_dev, + "Entering cmd: stat %8x ien %8x u %d/%d/%d/%d n %d/%d\n", + READ_REG_1(sc, HIFN_1_DMA_CSR), + READ_REG_1(sc, HIFN_1_DMA_IER), + dma->cmdu, dma->srcu, dma->dstu, dma->resu, + cmd->src_nsegs, cmd->dst_nsegs); + } +#endif + +#if 0 + if (cmd->src_map == cmd->dst_map) { + bus_dmamap_sync(sc->sc_dmat, cmd->src_map, + BUS_DMASYNC_PREWRITE|BUS_DMASYNC_PREREAD); + } else { + bus_dmamap_sync(sc->sc_dmat, cmd->src_map, + BUS_DMASYNC_PREWRITE); + bus_dmamap_sync(sc->sc_dmat, cmd->dst_map, + BUS_DMASYNC_PREREAD); + } +#endif + + /* + * need N src, and N dst + */ + if ((dma->srcu + cmd->src_nsegs) > HIFN_D_SRC_RSIZE || + (dma->dstu + cmd->dst_nsegs + 1) > HIFN_D_DST_RSIZE) { +#ifdef HIFN_DEBUG + if (hifn_debug) { + device_printf(sc->sc_dev, + "src/dst exhaustion, srcu %u+%u dstu %u+%u\n", + dma->srcu, cmd->src_nsegs, + dma->dstu, cmd->dst_nsegs); + } +#endif + hifnstats.hst_nomem_sd++; + err = ERESTART; + goto err_dstmap; + } + + if (dma->cmdi == HIFN_D_CMD_RSIZE) { + dma->cmdi = 0; + dma->cmdr[HIFN_D_CMD_RSIZE].l = htole32(HIFN_D_JUMP|HIFN_D_MASKDONEIRQ); + wmb(); + dma->cmdr[HIFN_D_CMD_RSIZE].l |= htole32(HIFN_D_VALID); + HIFN_CMDR_SYNC(sc, HIFN_D_CMD_RSIZE, + BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); + } + cmdi = dma->cmdi++; + cmdlen = hifn_write_command(cmd, dma->command_bufs[cmdi]); + HIFN_CMD_SYNC(sc, cmdi, BUS_DMASYNC_PREWRITE); + + /* .p for command/result already set */ + dma->cmdr[cmdi].l = htole32(cmdlen | HIFN_D_LAST | + HIFN_D_MASKDONEIRQ); + wmb(); + dma->cmdr[cmdi].l |= htole32(HIFN_D_VALID); + HIFN_CMDR_SYNC(sc, cmdi, + BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); + dma->cmdu++; + + /* + * We don't worry about missing an interrupt (which a "command wait" + * interrupt salvages us from), unless there is more than one command + * in the queue. + */ + if (dma->cmdu > 1) { + sc->sc_dmaier |= HIFN_DMAIER_C_WAIT; + WRITE_REG_1(sc, HIFN_1_DMA_IER, sc->sc_dmaier); + } + + hifnstats.hst_ipackets++; + hifnstats.hst_ibytes += cmd->src_mapsize; + + hifn_dmamap_load_src(sc, cmd); + + /* + * Unlike other descriptors, we don't mask done interrupt from + * result descriptor. + */ +#ifdef HIFN_DEBUG + if (hifn_debug) + device_printf(sc->sc_dev, "load res\n"); +#endif + if (dma->resi == HIFN_D_RES_RSIZE) { + dma->resi = 0; + dma->resr[HIFN_D_RES_RSIZE].l = htole32(HIFN_D_JUMP|HIFN_D_MASKDONEIRQ); + wmb(); + dma->resr[HIFN_D_RES_RSIZE].l |= htole32(HIFN_D_VALID); + HIFN_RESR_SYNC(sc, HIFN_D_RES_RSIZE, + BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); + } + resi = dma->resi++; + KASSERT(dma->hifn_commands[resi] == NULL, + ("hifn_crypto: command slot %u busy", resi)); + dma->hifn_commands[resi] = cmd; + HIFN_RES_SYNC(sc, resi, BUS_DMASYNC_PREREAD); + if ((hint & CRYPTO_HINT_MORE) && sc->sc_curbatch < hifn_maxbatch) { + dma->resr[resi].l = htole32(HIFN_MAX_RESULT | + HIFN_D_LAST | HIFN_D_MASKDONEIRQ); + wmb(); + dma->resr[resi].l |= htole32(HIFN_D_VALID); + sc->sc_curbatch++; + if (sc->sc_curbatch > hifnstats.hst_maxbatch) + hifnstats.hst_maxbatch = sc->sc_curbatch; + hifnstats.hst_totbatch++; + } else { + dma->resr[resi].l = htole32(HIFN_MAX_RESULT | HIFN_D_LAST); + wmb(); + dma->resr[resi].l |= htole32(HIFN_D_VALID); + sc->sc_curbatch = 0; + } + HIFN_RESR_SYNC(sc, resi, + BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); + dma->resu++; + + if (cmd->sloplen) + cmd->slopidx = resi; + + hifn_dmamap_load_dst(sc, cmd); + + csr = 0; + if (sc->sc_c_busy == 0) { + csr |= HIFN_DMACSR_C_CTRL_ENA; + sc->sc_c_busy = 1; + } + if (sc->sc_s_busy == 0) { + csr |= HIFN_DMACSR_S_CTRL_ENA; + sc->sc_s_busy = 1; + } + if (sc->sc_r_busy == 0) { + csr |= HIFN_DMACSR_R_CTRL_ENA; + sc->sc_r_busy = 1; + } + if (sc->sc_d_busy == 0) { + csr |= HIFN_DMACSR_D_CTRL_ENA; + sc->sc_d_busy = 1; + } + if (csr) + WRITE_REG_1(sc, HIFN_1_DMA_CSR, csr); + +#ifdef HIFN_DEBUG + if (hifn_debug) { + device_printf(sc->sc_dev, "command: stat %8x ier %8x\n", + READ_REG_1(sc, HIFN_1_DMA_CSR), + READ_REG_1(sc, HIFN_1_DMA_IER)); + } +#endif + + sc->sc_active = 5; + HIFN_UNLOCK(sc); + KASSERT(err == 0, ("hifn_crypto: success with error %u", err)); + return (err); /* success */ + +err_dstmap: + if (cmd->src_map != cmd->dst_map) + pci_unmap_buf(sc, &cmd->dst); +err_dstmap1: +err_srcmap: + if (crp->crp_flags & CRYPTO_F_SKBUF) { + if (cmd->src_skb != cmd->dst_skb) +#ifdef NOTYET + m_freem(cmd->dst_m); +#else + device_printf(sc->sc_dev, + "%s,%d: CRYPTO_F_SKBUF src != dst not implemented\n", + __FILE__, __LINE__); +#endif + } + pci_unmap_buf(sc, &cmd->src); +err_srcmap1: + HIFN_UNLOCK(sc); + return (err); +} + +static void +hifn_tick(unsigned long arg) +{ + struct hifn_softc *sc; + unsigned long l_flags; + + if (arg >= HIFN_MAX_CHIPS) + return; + sc = hifn_chip_idx[arg]; + if (!sc) + return; + + HIFN_LOCK(sc); + if (sc->sc_active == 0) { + struct hifn_dma *dma = sc->sc_dma; + u_int32_t r = 0; + + if (dma->cmdu == 0 && sc->sc_c_busy) { + sc->sc_c_busy = 0; + r |= HIFN_DMACSR_C_CTRL_DIS; + } + if (dma->srcu == 0 && sc->sc_s_busy) { + sc->sc_s_busy = 0; + r |= HIFN_DMACSR_S_CTRL_DIS; + } + if (dma->dstu == 0 && sc->sc_d_busy) { + sc->sc_d_busy = 0; + r |= HIFN_DMACSR_D_CTRL_DIS; + } + if (dma->resu == 0 && sc->sc_r_busy) { + sc->sc_r_busy = 0; + r |= HIFN_DMACSR_R_CTRL_DIS; + } + if (r) + WRITE_REG_1(sc, HIFN_1_DMA_CSR, r); + } else + sc->sc_active--; + HIFN_UNLOCK(sc); + mod_timer(&sc->sc_tickto, jiffies + HZ); +} + +static irqreturn_t +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) +hifn_intr(int irq, void *arg) +#else +hifn_intr(int irq, void *arg, struct pt_regs *regs) +#endif +{ + struct hifn_softc *sc = arg; + struct hifn_dma *dma; + u_int32_t dmacsr, restart; + int i, u; + unsigned long l_flags; + + dmacsr = READ_REG_1(sc, HIFN_1_DMA_CSR); + + /* Nothing in the DMA unit interrupted */ + if ((dmacsr & sc->sc_dmaier) == 0) + return IRQ_NONE; + + HIFN_LOCK(sc); + + dma = sc->sc_dma; + +#ifdef HIFN_DEBUG + if (hifn_debug) { + device_printf(sc->sc_dev, + "irq: stat %08x ien %08x damier %08x i %d/%d/%d/%d k %d/%d/%d/%d u %d/%d/%d/%d\n", + dmacsr, READ_REG_1(sc, HIFN_1_DMA_IER), sc->sc_dmaier, + dma->cmdi, dma->srci, dma->dsti, dma->resi, + dma->cmdk, dma->srck, dma->dstk, dma->resk, + dma->cmdu, dma->srcu, dma->dstu, dma->resu); + } +#endif + + WRITE_REG_1(sc, HIFN_1_DMA_CSR, dmacsr & sc->sc_dmaier); + + if ((sc->sc_flags & HIFN_HAS_PUBLIC) && + (dmacsr & HIFN_DMACSR_PUBDONE)) + WRITE_REG_1(sc, HIFN_1_PUB_STATUS, + READ_REG_1(sc, HIFN_1_PUB_STATUS) | HIFN_PUBSTS_DONE); + + restart = dmacsr & (HIFN_DMACSR_D_OVER | HIFN_DMACSR_R_OVER); + if (restart) + device_printf(sc->sc_dev, "overrun %x\n", dmacsr); + + if (sc->sc_flags & HIFN_IS_7811) { + if (dmacsr & HIFN_DMACSR_ILLR) + device_printf(sc->sc_dev, "illegal read\n"); + if (dmacsr & HIFN_DMACSR_ILLW) + device_printf(sc->sc_dev, "illegal write\n"); + } + + restart = dmacsr & (HIFN_DMACSR_C_ABORT | HIFN_DMACSR_S_ABORT | + HIFN_DMACSR_D_ABORT | HIFN_DMACSR_R_ABORT); + if (restart) { + device_printf(sc->sc_dev, "abort, resetting.\n"); + hifnstats.hst_abort++; + hifn_abort(sc); + HIFN_UNLOCK(sc); + return IRQ_HANDLED; + } + + if ((dmacsr & HIFN_DMACSR_C_WAIT) && (dma->cmdu == 0)) { + /* + * If no slots to process and we receive a "waiting on + * command" interrupt, we disable the "waiting on command" + * (by clearing it). + */ + sc->sc_dmaier &= ~HIFN_DMAIER_C_WAIT; + WRITE_REG_1(sc, HIFN_1_DMA_IER, sc->sc_dmaier); + } + + /* clear the rings */ + i = dma->resk; u = dma->resu; + while (u != 0) { + HIFN_RESR_SYNC(sc, i, + BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); + if (dma->resr[i].l & htole32(HIFN_D_VALID)) { + HIFN_RESR_SYNC(sc, i, + BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); + break; + } + + if (i != HIFN_D_RES_RSIZE) { + struct hifn_command *cmd; + u_int8_t *macbuf = NULL; + + HIFN_RES_SYNC(sc, i, BUS_DMASYNC_POSTREAD); + cmd = dma->hifn_commands[i]; + KASSERT(cmd != NULL, + ("hifn_intr: null command slot %u", i)); + dma->hifn_commands[i] = NULL; + + if (cmd->base_masks & HIFN_BASE_CMD_MAC) { + macbuf = dma->result_bufs[i]; + macbuf += 12; + } + + hifn_callback(sc, cmd, macbuf); + hifnstats.hst_opackets++; + u--; + } + + if (++i == (HIFN_D_RES_RSIZE + 1)) + i = 0; + } + dma->resk = i; dma->resu = u; + + i = dma->srck; u = dma->srcu; + while (u != 0) { + if (i == HIFN_D_SRC_RSIZE) + i = 0; + HIFN_SRCR_SYNC(sc, i, + BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); + if (dma->srcr[i].l & htole32(HIFN_D_VALID)) { + HIFN_SRCR_SYNC(sc, i, + BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); + break; + } + i++, u--; + } + dma->srck = i; dma->srcu = u; + + i = dma->cmdk; u = dma->cmdu; + while (u != 0) { + HIFN_CMDR_SYNC(sc, i, + BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); + if (dma->cmdr[i].l & htole32(HIFN_D_VALID)) { + HIFN_CMDR_SYNC(sc, i, + BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); + break; + } + if (i != HIFN_D_CMD_RSIZE) { + u--; + HIFN_CMD_SYNC(sc, i, BUS_DMASYNC_POSTWRITE); + } + if (++i == (HIFN_D_CMD_RSIZE + 1)) + i = 0; + } + dma->cmdk = i; dma->cmdu = u; + + HIFN_UNLOCK(sc); + + if (sc->sc_needwakeup) { /* XXX check high watermark */ + int wakeup = sc->sc_needwakeup & (CRYPTO_SYMQ|CRYPTO_ASYMQ); +#ifdef HIFN_DEBUG + if (hifn_debug) + device_printf(sc->sc_dev, + "wakeup crypto (%x) u %d/%d/%d/%d\n", + sc->sc_needwakeup, + dma->cmdu, dma->srcu, dma->dstu, dma->resu); +#endif + sc->sc_needwakeup &= ~wakeup; + crypto_unblock(sc->sc_cid, wakeup); + } + + return IRQ_HANDLED; +} + +/* + * Allocate a new 'session' and return an encoded session id. 'sidp' + * contains our registration id, and should contain an encoded session + * id on successful allocation. + */ +static int +hifn_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri) +{ + struct hifn_softc *sc = device_get_softc(dev); + struct cryptoini *c; + int mac = 0, cry = 0, sesn; + struct hifn_session *ses = NULL; + unsigned long l_flags; + + DPRINTF("%s()\n", __FUNCTION__); + + KASSERT(sc != NULL, ("hifn_newsession: null softc")); + if (sidp == NULL || cri == NULL || sc == NULL) { + DPRINTF("%s,%d: %s - EINVAL\n", __FILE__, __LINE__, __FUNCTION__); + return (EINVAL); + } + + HIFN_LOCK(sc); + if (sc->sc_sessions == NULL) { + ses = sc->sc_sessions = (struct hifn_session *)kmalloc(sizeof(*ses), + SLAB_ATOMIC); + if (ses == NULL) { + HIFN_UNLOCK(sc); + return (ENOMEM); + } + sesn = 0; + sc->sc_nsessions = 1; + } else { + for (sesn = 0; sesn < sc->sc_nsessions; sesn++) { + if (!sc->sc_sessions[sesn].hs_used) { + ses = &sc->sc_sessions[sesn]; + break; + } + } + + if (ses == NULL) { + sesn = sc->sc_nsessions; + ses = (struct hifn_session *)kmalloc((sesn + 1) * sizeof(*ses), + SLAB_ATOMIC); + if (ses == NULL) { + HIFN_UNLOCK(sc); + return (ENOMEM); + } + bcopy(sc->sc_sessions, ses, sesn * sizeof(*ses)); + bzero(sc->sc_sessions, sesn * sizeof(*ses)); + kfree(sc->sc_sessions); + sc->sc_sessions = ses; + ses = &sc->sc_sessions[sesn]; + sc->sc_nsessions++; + } + } + HIFN_UNLOCK(sc); + + bzero(ses, sizeof(*ses)); + ses->hs_used = 1; + + for (c = cri; c != NULL; c = c->cri_next) { + switch (c->cri_alg) { + case CRYPTO_MD5: + case CRYPTO_SHA1: + case CRYPTO_MD5_HMAC: + case CRYPTO_SHA1_HMAC: + if (mac) { + DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); + return (EINVAL); + } + mac = 1; + ses->hs_mlen = c->cri_mlen; + if (ses->hs_mlen == 0) { + switch (c->cri_alg) { + case CRYPTO_MD5: + case CRYPTO_MD5_HMAC: + ses->hs_mlen = 16; + break; + case CRYPTO_SHA1: + case CRYPTO_SHA1_HMAC: + ses->hs_mlen = 20; + break; + } + } + break; + case CRYPTO_DES_CBC: + case CRYPTO_3DES_CBC: + case CRYPTO_AES_CBC: + case CRYPTO_ARC4: + if (cry) { + DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); + return (EINVAL); + } + cry = 1; + break; + default: + DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); + return (EINVAL); + } + } + if (mac == 0 && cry == 0) { + DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); + return (EINVAL); + } + + *sidp = HIFN_SID(device_get_unit(sc->sc_dev), sesn); + + return (0); +} + +/* + * Deallocate a session. + * XXX this routine should run a zero'd mac/encrypt key into context ram. + * XXX to blow away any keys already stored there. + */ +static int +hifn_freesession(device_t dev, u_int64_t tid) +{ + struct hifn_softc *sc = device_get_softc(dev); + int session, error; + u_int32_t sid = CRYPTO_SESID2LID(tid); + unsigned long l_flags; + + DPRINTF("%s()\n", __FUNCTION__); + + KASSERT(sc != NULL, ("hifn_freesession: null softc")); + if (sc == NULL) { + DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); + return (EINVAL); + } + + HIFN_LOCK(sc); + session = HIFN_SESSION(sid); + if (session < sc->sc_nsessions) { + bzero(&sc->sc_sessions[session], sizeof(struct hifn_session)); + error = 0; + } else { + DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); + error = EINVAL; + } + HIFN_UNLOCK(sc); + + return (error); +} + +static int +hifn_process(device_t dev, struct cryptop *crp, int hint) +{ + struct hifn_softc *sc = device_get_softc(dev); + struct hifn_command *cmd = NULL; + int session, err, ivlen; + struct cryptodesc *crd1, *crd2, *maccrd, *enccrd; + + DPRINTF("%s()\n", __FUNCTION__); + + if (crp == NULL || crp->crp_callback == NULL) { + hifnstats.hst_invalid++; + DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); + return (EINVAL); + } + session = HIFN_SESSION(crp->crp_sid); + + if (sc == NULL || session >= sc->sc_nsessions) { + DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); + err = EINVAL; + goto errout; + } + + cmd = kmalloc(sizeof(struct hifn_command), SLAB_ATOMIC); + if (cmd == NULL) { + hifnstats.hst_nomem++; + err = ENOMEM; + goto errout; + } + memset(cmd, 0, sizeof(*cmd)); + + if (crp->crp_flags & CRYPTO_F_SKBUF) { + cmd->src_skb = (struct sk_buff *)crp->crp_buf; + cmd->dst_skb = (struct sk_buff *)crp->crp_buf; + } else if (crp->crp_flags & CRYPTO_F_IOV) { + cmd->src_io = (struct uio *)crp->crp_buf; + cmd->dst_io = (struct uio *)crp->crp_buf; + } else { + cmd->src_buf = crp->crp_buf; + cmd->dst_buf = crp->crp_buf; + } + + crd1 = crp->crp_desc; + if (crd1 == NULL) { + DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); + err = EINVAL; + goto errout; + } + crd2 = crd1->crd_next; + + if (crd2 == NULL) { + if (crd1->crd_alg == CRYPTO_MD5_HMAC || + crd1->crd_alg == CRYPTO_SHA1_HMAC || + crd1->crd_alg == CRYPTO_SHA1 || + crd1->crd_alg == CRYPTO_MD5) { + maccrd = crd1; + enccrd = NULL; + } else if (crd1->crd_alg == CRYPTO_DES_CBC || + crd1->crd_alg == CRYPTO_3DES_CBC || + crd1->crd_alg == CRYPTO_AES_CBC || + crd1->crd_alg == CRYPTO_ARC4) { + if ((crd1->crd_flags & CRD_F_ENCRYPT) == 0) + cmd->base_masks |= HIFN_BASE_CMD_DECODE; + maccrd = NULL; + enccrd = crd1; + } else { + DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); + err = EINVAL; + goto errout; + } + } else { + if ((crd1->crd_alg == CRYPTO_MD5_HMAC || + crd1->crd_alg == CRYPTO_SHA1_HMAC || + crd1->crd_alg == CRYPTO_MD5 || + crd1->crd_alg == CRYPTO_SHA1) && + (crd2->crd_alg == CRYPTO_DES_CBC || + crd2->crd_alg == CRYPTO_3DES_CBC || + crd2->crd_alg == CRYPTO_AES_CBC || + crd2->crd_alg == CRYPTO_ARC4) && + ((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) { + cmd->base_masks = HIFN_BASE_CMD_DECODE; + maccrd = crd1; + enccrd = crd2; + } else if ((crd1->crd_alg == CRYPTO_DES_CBC || + crd1->crd_alg == CRYPTO_ARC4 || + crd1->crd_alg == CRYPTO_3DES_CBC || + crd1->crd_alg == CRYPTO_AES_CBC) && + (crd2->crd_alg == CRYPTO_MD5_HMAC || + crd2->crd_alg == CRYPTO_SHA1_HMAC || + crd2->crd_alg == CRYPTO_MD5 || + crd2->crd_alg == CRYPTO_SHA1) && + (crd1->crd_flags & CRD_F_ENCRYPT)) { + enccrd = crd1; + maccrd = crd2; + } else { + /* + * We cannot order the 7751 as requested + */ + DPRINTF("%s,%d: %s %d,%d,%d - EINVAL\n",__FILE__,__LINE__,__FUNCTION__, crd1->crd_alg, crd2->crd_alg, crd1->crd_flags & CRD_F_ENCRYPT); + err = EINVAL; + goto errout; + } + } + + if (enccrd) { + cmd->enccrd = enccrd; + cmd->base_masks |= HIFN_BASE_CMD_CRYPT; + switch (enccrd->crd_alg) { + case CRYPTO_ARC4: + cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_RC4; + break; + case CRYPTO_DES_CBC: + cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_DES | + HIFN_CRYPT_CMD_MODE_CBC | + HIFN_CRYPT_CMD_NEW_IV; + break; + case CRYPTO_3DES_CBC: + cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_3DES | + HIFN_CRYPT_CMD_MODE_CBC | + HIFN_CRYPT_CMD_NEW_IV; + break; + case CRYPTO_AES_CBC: + cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_AES | + HIFN_CRYPT_CMD_MODE_CBC | + HIFN_CRYPT_CMD_NEW_IV; + break; + default: + DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); + err = EINVAL; + goto errout; + } + if (enccrd->crd_alg != CRYPTO_ARC4) { + ivlen = ((enccrd->crd_alg == CRYPTO_AES_CBC) ? + HIFN_AES_IV_LENGTH : HIFN_IV_LENGTH); + if (enccrd->crd_flags & CRD_F_ENCRYPT) { + if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) + bcopy(enccrd->crd_iv, cmd->iv, ivlen); + else + read_random(cmd->iv, ivlen); + + if ((enccrd->crd_flags & CRD_F_IV_PRESENT) + == 0) { + crypto_copyback(crp->crp_flags, + crp->crp_buf, enccrd->crd_inject, + ivlen, cmd->iv); + } + } else { + if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) + bcopy(enccrd->crd_iv, cmd->iv, ivlen); + else { + crypto_copydata(crp->crp_flags, + crp->crp_buf, enccrd->crd_inject, + ivlen, cmd->iv); + } + } + } + + if (enccrd->crd_flags & CRD_F_KEY_EXPLICIT) + cmd->cry_masks |= HIFN_CRYPT_CMD_NEW_KEY; + cmd->ck = enccrd->crd_key; + cmd->cklen = enccrd->crd_klen >> 3; + cmd->cry_masks |= HIFN_CRYPT_CMD_NEW_KEY; + + /* + * Need to specify the size for the AES key in the masks. + */ + if ((cmd->cry_masks & HIFN_CRYPT_CMD_ALG_MASK) == + HIFN_CRYPT_CMD_ALG_AES) { + switch (cmd->cklen) { + case 16: + cmd->cry_masks |= HIFN_CRYPT_CMD_KSZ_128; + break; + case 24: + cmd->cry_masks |= HIFN_CRYPT_CMD_KSZ_192; + break; + case 32: + cmd->cry_masks |= HIFN_CRYPT_CMD_KSZ_256; + break; + default: + DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); + err = EINVAL; + goto errout; + } + } + } + + if (maccrd) { + cmd->maccrd = maccrd; + cmd->base_masks |= HIFN_BASE_CMD_MAC; + + switch (maccrd->crd_alg) { + case CRYPTO_MD5: + cmd->mac_masks |= HIFN_MAC_CMD_ALG_MD5 | + HIFN_MAC_CMD_RESULT | HIFN_MAC_CMD_MODE_HASH | + HIFN_MAC_CMD_POS_IPSEC; + break; + case CRYPTO_MD5_HMAC: + cmd->mac_masks |= HIFN_MAC_CMD_ALG_MD5 | + HIFN_MAC_CMD_RESULT | HIFN_MAC_CMD_MODE_HMAC | + HIFN_MAC_CMD_POS_IPSEC | HIFN_MAC_CMD_TRUNC; + break; + case CRYPTO_SHA1: + cmd->mac_masks |= HIFN_MAC_CMD_ALG_SHA1 | + HIFN_MAC_CMD_RESULT | HIFN_MAC_CMD_MODE_HASH | + HIFN_MAC_CMD_POS_IPSEC; + break; + case CRYPTO_SHA1_HMAC: + cmd->mac_masks |= HIFN_MAC_CMD_ALG_SHA1 | + HIFN_MAC_CMD_RESULT | HIFN_MAC_CMD_MODE_HMAC | + HIFN_MAC_CMD_POS_IPSEC | HIFN_MAC_CMD_TRUNC; + break; + } + + if (maccrd->crd_alg == CRYPTO_SHA1_HMAC || + maccrd->crd_alg == CRYPTO_MD5_HMAC) { + cmd->mac_masks |= HIFN_MAC_CMD_NEW_KEY; + bcopy(maccrd->crd_key, cmd->mac, maccrd->crd_klen >> 3); + bzero(cmd->mac + (maccrd->crd_klen >> 3), + HIFN_MAC_KEY_LENGTH - (maccrd->crd_klen >> 3)); + } + } + + cmd->crp = crp; + cmd->session_num = session; + cmd->softc = sc; + + err = hifn_crypto(sc, cmd, crp, hint); + if (!err) { + return 0; + } else if (err == ERESTART) { + /* + * There weren't enough resources to dispatch the request + * to the part. Notify the caller so they'll requeue this + * request and resubmit it again soon. + */ +#ifdef HIFN_DEBUG + if (hifn_debug) + device_printf(sc->sc_dev, "requeue request\n"); +#endif + kfree(cmd); + sc->sc_needwakeup |= CRYPTO_SYMQ; + return (err); + } + +errout: + if (cmd != NULL) + kfree(cmd); + if (err == EINVAL) + hifnstats.hst_invalid++; + else + hifnstats.hst_nomem++; + crp->crp_etype = err; + crypto_done(crp); + return (err); +} + +static void +hifn_abort(struct hifn_softc *sc) +{ + struct hifn_dma *dma = sc->sc_dma; + struct hifn_command *cmd; + struct cryptop *crp; + int i, u; + + DPRINTF("%s()\n", __FUNCTION__); + + i = dma->resk; u = dma->resu; + while (u != 0) { + cmd = dma->hifn_commands[i]; + KASSERT(cmd != NULL, ("hifn_abort: null command slot %u", i)); + dma->hifn_commands[i] = NULL; + crp = cmd->crp; + + if ((dma->resr[i].l & htole32(HIFN_D_VALID)) == 0) { + /* Salvage what we can. */ + u_int8_t *macbuf; + + if (cmd->base_masks & HIFN_BASE_CMD_MAC) { + macbuf = dma->result_bufs[i]; + macbuf += 12; + } else + macbuf = NULL; + hifnstats.hst_opackets++; + hifn_callback(sc, cmd, macbuf); + } else { +#if 0 + if (cmd->src_map == cmd->dst_map) { + bus_dmamap_sync(sc->sc_dmat, cmd->src_map, + BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE); + } else { + bus_dmamap_sync(sc->sc_dmat, cmd->src_map, + BUS_DMASYNC_POSTWRITE); + bus_dmamap_sync(sc->sc_dmat, cmd->dst_map, + BUS_DMASYNC_POSTREAD); + } +#endif + + if (cmd->src_skb != cmd->dst_skb) { +#ifdef NOTYET + m_freem(cmd->src_m); + crp->crp_buf = (caddr_t)cmd->dst_m; +#else + device_printf(sc->sc_dev, + "%s,%d: CRYPTO_F_SKBUF src != dst not implemented\n", + __FILE__, __LINE__); +#endif + } + + /* non-shared buffers cannot be restarted */ + if (cmd->src_map != cmd->dst_map) { + /* + * XXX should be EAGAIN, delayed until + * after the reset. + */ + crp->crp_etype = ENOMEM; + pci_unmap_buf(sc, &cmd->dst); + } else + crp->crp_etype = ENOMEM; + + pci_unmap_buf(sc, &cmd->src); + + kfree(cmd); + if (crp->crp_etype != EAGAIN) + crypto_done(crp); + } + + if (++i == HIFN_D_RES_RSIZE) + i = 0; + u--; + } + dma->resk = i; dma->resu = u; + + hifn_reset_board(sc, 1); + hifn_init_dma(sc); + hifn_init_pci_registers(sc); +} + +static void +hifn_callback(struct hifn_softc *sc, struct hifn_command *cmd, u_int8_t *macbuf) +{ + struct hifn_dma *dma = sc->sc_dma; + struct cryptop *crp = cmd->crp; + struct cryptodesc *crd; + int i, u; + + DPRINTF("%s()\n", __FUNCTION__); + +#if 0 + if (cmd->src_map == cmd->dst_map) { + bus_dmamap_sync(sc->sc_dmat, cmd->src_map, + BUS_DMASYNC_POSTWRITE | BUS_DMASYNC_POSTREAD); + } else { + bus_dmamap_sync(sc->sc_dmat, cmd->src_map, + BUS_DMASYNC_POSTWRITE); + bus_dmamap_sync(sc->sc_dmat, cmd->dst_map, + BUS_DMASYNC_POSTREAD); + } +#endif + + if (crp->crp_flags & CRYPTO_F_SKBUF) { + if (cmd->src_skb != cmd->dst_skb) { +#ifdef NOTYET + crp->crp_buf = (caddr_t)cmd->dst_m; + totlen = cmd->src_mapsize; + for (m = cmd->dst_m; m != NULL; m = m->m_next) { + if (totlen < m->m_len) { + m->m_len = totlen; + totlen = 0; + } else + totlen -= m->m_len; + } + cmd->dst_m->m_pkthdr.len = cmd->src_m->m_pkthdr.len; + m_freem(cmd->src_m); +#else + device_printf(sc->sc_dev, + "%s,%d: CRYPTO_F_SKBUF src != dst not implemented\n", + __FILE__, __LINE__); +#endif + } + } + + if (cmd->sloplen != 0) { + crypto_copyback(crp->crp_flags, crp->crp_buf, + cmd->src_mapsize - cmd->sloplen, cmd->sloplen, + (caddr_t)&dma->slop[cmd->slopidx]); + } + + i = dma->dstk; u = dma->dstu; + while (u != 0) { + if (i == HIFN_D_DST_RSIZE) + i = 0; +#if 0 + bus_dmamap_sync(sc->sc_dmat, sc->sc_dmamap, + BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); +#endif + if (dma->dstr[i].l & htole32(HIFN_D_VALID)) { +#if 0 + bus_dmamap_sync(sc->sc_dmat, sc->sc_dmamap, + BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); +#endif + break; + } + i++, u--; + } + dma->dstk = i; dma->dstu = u; + + hifnstats.hst_obytes += cmd->dst_mapsize; + + if (macbuf != NULL) { + for (crd = crp->crp_desc; crd; crd = crd->crd_next) { + int len; + + if (crd->crd_alg != CRYPTO_MD5 && + crd->crd_alg != CRYPTO_SHA1 && + crd->crd_alg != CRYPTO_MD5_HMAC && + crd->crd_alg != CRYPTO_SHA1_HMAC) { + continue; + } + len = cmd->softc->sc_sessions[cmd->session_num].hs_mlen; + crypto_copyback(crp->crp_flags, crp->crp_buf, + crd->crd_inject, len, macbuf); + break; + } + } + + if (cmd->src_map != cmd->dst_map) + pci_unmap_buf(sc, &cmd->dst); + pci_unmap_buf(sc, &cmd->src); + kfree(cmd); + crypto_done(crp); +} + +/* + * 7811 PB3 rev/2 parts lock-up on burst writes to Group 0 + * and Group 1 registers; avoid conditions that could create + * burst writes by doing a read in between the writes. + * + * NB: The read we interpose is always to the same register; + * we do this because reading from an arbitrary (e.g. last) + * register may not always work. + */ +static void +hifn_write_reg_0(struct hifn_softc *sc, bus_size_t reg, u_int32_t val) +{ + if (sc->sc_flags & HIFN_IS_7811) { + if (sc->sc_bar0_lastreg == reg - 4) + readl(sc->sc_bar0 + HIFN_0_PUCNFG); + sc->sc_bar0_lastreg = reg; + } + writel(val, sc->sc_bar0 + reg); +} + +static void +hifn_write_reg_1(struct hifn_softc *sc, bus_size_t reg, u_int32_t val) +{ + if (sc->sc_flags & HIFN_IS_7811) { + if (sc->sc_bar1_lastreg == reg - 4) + readl(sc->sc_bar1 + HIFN_1_REVID); + sc->sc_bar1_lastreg = reg; + } + writel(val, sc->sc_bar1 + reg); +} + + +static struct pci_device_id hifn_pci_tbl[] = { + { PCI_VENDOR_HIFN, PCI_PRODUCT_HIFN_7951, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, + { PCI_VENDOR_HIFN, PCI_PRODUCT_HIFN_7955, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, + { PCI_VENDOR_HIFN, PCI_PRODUCT_HIFN_7956, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, + { PCI_VENDOR_NETSEC, PCI_PRODUCT_NETSEC_7751, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, + { PCI_VENDOR_INVERTEX, PCI_PRODUCT_INVERTEX_AEON, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, + { PCI_VENDOR_HIFN, PCI_PRODUCT_HIFN_7811, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, + /* + * Other vendors share this PCI ID as well, such as + * http://www.powercrypt.com, and obviously they also + * use the same key. + */ + { PCI_VENDOR_HIFN, PCI_PRODUCT_HIFN_7751, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, + { 0, 0, 0, 0, 0, 0, } +}; +MODULE_DEVICE_TABLE(pci, hifn_pci_tbl); + +static struct pci_driver hifn_driver = { + .name = "hifn", + .id_table = hifn_pci_tbl, + .probe = hifn_probe, + .remove = hifn_remove, + /* add PM stuff here one day */ +}; + +static int __init hifn_init (void) +{ + struct hifn_softc *sc = NULL; + int rc; + + DPRINTF("%s(%p)\n", __FUNCTION__, hifn_init); + + rc = pci_register_driver(&hifn_driver); + pci_register_driver_compat(&hifn_driver, rc); + + return rc; +} + +static void __exit hifn_exit (void) +{ + pci_unregister_driver(&hifn_driver); +} + +module_init(hifn_init); +module_exit(hifn_exit); + +MODULE_LICENSE("BSD"); +MODULE_AUTHOR("David McCullough "); +MODULE_DESCRIPTION("OCF driver for hifn PCI crypto devices"); diff -Naur linux-3.0.68.i686-orig/crypto/ocf/hifn/hifn7751reg.h linux-3.0.68.i686/crypto/ocf/hifn/hifn7751reg.h --- linux-3.0.68.i686-orig/crypto/ocf/hifn/hifn7751reg.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/hifn/hifn7751reg.h 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,540 @@ +/* $FreeBSD: src/sys/dev/hifn/hifn7751reg.h,v 1.7 2007/03/21 03:42:49 sam Exp $ */ +/* $OpenBSD: hifn7751reg.h,v 1.35 2002/04/08 17:49:42 jason Exp $ */ + +/*- + * Invertex AEON / Hifn 7751 driver + * Copyright (c) 1999 Invertex Inc. All rights reserved. + * Copyright (c) 1999 Theo de Raadt + * Copyright (c) 2000-2001 Network Security Technologies, Inc. + * http://www.netsec.net + * + * Please send any comments, feedback, bug-fixes, or feature requests to + * software@invertex.com. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * + */ +#ifndef __HIFN_H__ +#define __HIFN_H__ + +/* + * Some PCI configuration space offset defines. The names were made + * identical to the names used by the Linux kernel. + */ +#define HIFN_BAR0 PCIR_BAR(0) /* PUC register map */ +#define HIFN_BAR1 PCIR_BAR(1) /* DMA register map */ +#define HIFN_TRDY_TIMEOUT 0x40 +#define HIFN_RETRY_TIMEOUT 0x41 + +/* + * PCI vendor and device identifiers + * (the names are preserved from their OpenBSD source). + */ +#define PCI_VENDOR_HIFN 0x13a3 /* Hifn */ +#define PCI_PRODUCT_HIFN_7751 0x0005 /* 7751 */ +#define PCI_PRODUCT_HIFN_6500 0x0006 /* 6500 */ +#define PCI_PRODUCT_HIFN_7811 0x0007 /* 7811 */ +#define PCI_PRODUCT_HIFN_7855 0x001f /* 7855 */ +#define PCI_PRODUCT_HIFN_7951 0x0012 /* 7951 */ +#define PCI_PRODUCT_HIFN_7955 0x0020 /* 7954/7955 */ +#define PCI_PRODUCT_HIFN_7956 0x001d /* 7956 */ + +#define PCI_VENDOR_INVERTEX 0x14e1 /* Invertex */ +#define PCI_PRODUCT_INVERTEX_AEON 0x0005 /* AEON */ + +#define PCI_VENDOR_NETSEC 0x1660 /* NetSec */ +#define PCI_PRODUCT_NETSEC_7751 0x7751 /* 7751 */ + +/* + * The values below should multiple of 4 -- and be large enough to handle + * any command the driver implements. + * + * MAX_COMMAND = base command + mac command + encrypt command + + * mac-key + rc4-key + * MAX_RESULT = base result + mac result + mac + encrypt result + * + * + */ +#define HIFN_MAX_COMMAND (8 + 8 + 8 + 64 + 260) +#define HIFN_MAX_RESULT (8 + 4 + 20 + 4) + +/* + * hifn_desc_t + * + * Holds an individual descriptor for any of the rings. + */ +typedef struct hifn_desc { + volatile u_int32_t l; /* length and status bits */ + volatile u_int32_t p; +} hifn_desc_t; + +/* + * Masks for the "length" field of struct hifn_desc. + */ +#define HIFN_D_LENGTH 0x0000ffff /* length bit mask */ +#define HIFN_D_MASKDONEIRQ 0x02000000 /* mask the done interrupt */ +#define HIFN_D_DESTOVER 0x04000000 /* destination overflow */ +#define HIFN_D_OVER 0x08000000 /* overflow */ +#define HIFN_D_LAST 0x20000000 /* last descriptor in chain */ +#define HIFN_D_JUMP 0x40000000 /* jump descriptor */ +#define HIFN_D_VALID 0x80000000 /* valid bit */ + + +/* + * Processing Unit Registers (offset from BASEREG0) + */ +#define HIFN_0_PUDATA 0x00 /* Processing Unit Data */ +#define HIFN_0_PUCTRL 0x04 /* Processing Unit Control */ +#define HIFN_0_PUISR 0x08 /* Processing Unit Interrupt Status */ +#define HIFN_0_PUCNFG 0x0c /* Processing Unit Configuration */ +#define HIFN_0_PUIER 0x10 /* Processing Unit Interrupt Enable */ +#define HIFN_0_PUSTAT 0x14 /* Processing Unit Status/Chip ID */ +#define HIFN_0_FIFOSTAT 0x18 /* FIFO Status */ +#define HIFN_0_FIFOCNFG 0x1c /* FIFO Configuration */ +#define HIFN_0_PUCTRL2 0x28 /* Processing Unit Control (2nd map) */ +#define HIFN_0_MUTE1 0x80 +#define HIFN_0_MUTE2 0x90 +#define HIFN_0_SPACESIZE 0x100 /* Register space size */ + +/* Processing Unit Control Register (HIFN_0_PUCTRL) */ +#define HIFN_PUCTRL_CLRSRCFIFO 0x0010 /* clear source fifo */ +#define HIFN_PUCTRL_STOP 0x0008 /* stop pu */ +#define HIFN_PUCTRL_LOCKRAM 0x0004 /* lock ram */ +#define HIFN_PUCTRL_DMAENA 0x0002 /* enable dma */ +#define HIFN_PUCTRL_RESET 0x0001 /* Reset processing unit */ + +/* Processing Unit Interrupt Status Register (HIFN_0_PUISR) */ +#define HIFN_PUISR_CMDINVAL 0x8000 /* Invalid command interrupt */ +#define HIFN_PUISR_DATAERR 0x4000 /* Data error interrupt */ +#define HIFN_PUISR_SRCFIFO 0x2000 /* Source FIFO ready interrupt */ +#define HIFN_PUISR_DSTFIFO 0x1000 /* Destination FIFO ready interrupt */ +#define HIFN_PUISR_DSTOVER 0x0200 /* Destination overrun interrupt */ +#define HIFN_PUISR_SRCCMD 0x0080 /* Source command interrupt */ +#define HIFN_PUISR_SRCCTX 0x0040 /* Source context interrupt */ +#define HIFN_PUISR_SRCDATA 0x0020 /* Source data interrupt */ +#define HIFN_PUISR_DSTDATA 0x0010 /* Destination data interrupt */ +#define HIFN_PUISR_DSTRESULT 0x0004 /* Destination result interrupt */ + +/* Processing Unit Configuration Register (HIFN_0_PUCNFG) */ +#define HIFN_PUCNFG_DRAMMASK 0xe000 /* DRAM size mask */ +#define HIFN_PUCNFG_DSZ_256K 0x0000 /* 256k dram */ +#define HIFN_PUCNFG_DSZ_512K 0x2000 /* 512k dram */ +#define HIFN_PUCNFG_DSZ_1M 0x4000 /* 1m dram */ +#define HIFN_PUCNFG_DSZ_2M 0x6000 /* 2m dram */ +#define HIFN_PUCNFG_DSZ_4M 0x8000 /* 4m dram */ +#define HIFN_PUCNFG_DSZ_8M 0xa000 /* 8m dram */ +#define HIFN_PUNCFG_DSZ_16M 0xc000 /* 16m dram */ +#define HIFN_PUCNFG_DSZ_32M 0xe000 /* 32m dram */ +#define HIFN_PUCNFG_DRAMREFRESH 0x1800 /* DRAM refresh rate mask */ +#define HIFN_PUCNFG_DRFR_512 0x0000 /* 512 divisor of ECLK */ +#define HIFN_PUCNFG_DRFR_256 0x0800 /* 256 divisor of ECLK */ +#define HIFN_PUCNFG_DRFR_128 0x1000 /* 128 divisor of ECLK */ +#define HIFN_PUCNFG_TCALLPHASES 0x0200 /* your guess is as good as mine... */ +#define HIFN_PUCNFG_TCDRVTOTEM 0x0100 /* your guess is as good as mine... */ +#define HIFN_PUCNFG_BIGENDIAN 0x0080 /* DMA big endian mode */ +#define HIFN_PUCNFG_BUS32 0x0040 /* Bus width 32bits */ +#define HIFN_PUCNFG_BUS16 0x0000 /* Bus width 16 bits */ +#define HIFN_PUCNFG_CHIPID 0x0020 /* Allow chipid from PUSTAT */ +#define HIFN_PUCNFG_DRAM 0x0010 /* Context RAM is DRAM */ +#define HIFN_PUCNFG_SRAM 0x0000 /* Context RAM is SRAM */ +#define HIFN_PUCNFG_COMPSING 0x0004 /* Enable single compression context */ +#define HIFN_PUCNFG_ENCCNFG 0x0002 /* Encryption configuration */ + +/* Processing Unit Interrupt Enable Register (HIFN_0_PUIER) */ +#define HIFN_PUIER_CMDINVAL 0x8000 /* Invalid command interrupt */ +#define HIFN_PUIER_DATAERR 0x4000 /* Data error interrupt */ +#define HIFN_PUIER_SRCFIFO 0x2000 /* Source FIFO ready interrupt */ +#define HIFN_PUIER_DSTFIFO 0x1000 /* Destination FIFO ready interrupt */ +#define HIFN_PUIER_DSTOVER 0x0200 /* Destination overrun interrupt */ +#define HIFN_PUIER_SRCCMD 0x0080 /* Source command interrupt */ +#define HIFN_PUIER_SRCCTX 0x0040 /* Source context interrupt */ +#define HIFN_PUIER_SRCDATA 0x0020 /* Source data interrupt */ +#define HIFN_PUIER_DSTDATA 0x0010 /* Destination data interrupt */ +#define HIFN_PUIER_DSTRESULT 0x0004 /* Destination result interrupt */ + +/* Processing Unit Status Register/Chip ID (HIFN_0_PUSTAT) */ +#define HIFN_PUSTAT_CMDINVAL 0x8000 /* Invalid command interrupt */ +#define HIFN_PUSTAT_DATAERR 0x4000 /* Data error interrupt */ +#define HIFN_PUSTAT_SRCFIFO 0x2000 /* Source FIFO ready interrupt */ +#define HIFN_PUSTAT_DSTFIFO 0x1000 /* Destination FIFO ready interrupt */ +#define HIFN_PUSTAT_DSTOVER 0x0200 /* Destination overrun interrupt */ +#define HIFN_PUSTAT_SRCCMD 0x0080 /* Source command interrupt */ +#define HIFN_PUSTAT_SRCCTX 0x0040 /* Source context interrupt */ +#define HIFN_PUSTAT_SRCDATA 0x0020 /* Source data interrupt */ +#define HIFN_PUSTAT_DSTDATA 0x0010 /* Destination data interrupt */ +#define HIFN_PUSTAT_DSTRESULT 0x0004 /* Destination result interrupt */ +#define HIFN_PUSTAT_CHIPREV 0x00ff /* Chip revision mask */ +#define HIFN_PUSTAT_CHIPENA 0xff00 /* Chip enabled mask */ +#define HIFN_PUSTAT_ENA_2 0x1100 /* Level 2 enabled */ +#define HIFN_PUSTAT_ENA_1 0x1000 /* Level 1 enabled */ +#define HIFN_PUSTAT_ENA_0 0x3000 /* Level 0 enabled */ +#define HIFN_PUSTAT_REV_2 0x0020 /* 7751 PT6/2 */ +#define HIFN_PUSTAT_REV_3 0x0030 /* 7751 PT6/3 */ + +/* FIFO Status Register (HIFN_0_FIFOSTAT) */ +#define HIFN_FIFOSTAT_SRC 0x7f00 /* Source FIFO available */ +#define HIFN_FIFOSTAT_DST 0x007f /* Destination FIFO available */ + +/* FIFO Configuration Register (HIFN_0_FIFOCNFG) */ +#define HIFN_FIFOCNFG_THRESHOLD 0x0400 /* must be written as this value */ + +/* + * DMA Interface Registers (offset from BASEREG1) + */ +#define HIFN_1_DMA_CRAR 0x0c /* DMA Command Ring Address */ +#define HIFN_1_DMA_SRAR 0x1c /* DMA Source Ring Address */ +#define HIFN_1_DMA_RRAR 0x2c /* DMA Result Ring Address */ +#define HIFN_1_DMA_DRAR 0x3c /* DMA Destination Ring Address */ +#define HIFN_1_DMA_CSR 0x40 /* DMA Status and Control */ +#define HIFN_1_DMA_IER 0x44 /* DMA Interrupt Enable */ +#define HIFN_1_DMA_CNFG 0x48 /* DMA Configuration */ +#define HIFN_1_PLL 0x4c /* 7955/7956: PLL config */ +#define HIFN_1_7811_RNGENA 0x60 /* 7811: rng enable */ +#define HIFN_1_7811_RNGCFG 0x64 /* 7811: rng config */ +#define HIFN_1_7811_RNGDAT 0x68 /* 7811: rng data */ +#define HIFN_1_7811_RNGSTS 0x6c /* 7811: rng status */ +#define HIFN_1_DMA_CNFG2 0x6c /* 7955/7956: dma config #2 */ +#define HIFN_1_7811_MIPSRST 0x94 /* 7811: MIPS reset */ +#define HIFN_1_REVID 0x98 /* Revision ID */ + +#define HIFN_1_PUB_RESET 0x204 /* Public/RNG Reset */ +#define HIFN_1_PUB_BASE 0x300 /* Public Base Address */ +#define HIFN_1_PUB_OPLEN 0x304 /* 7951-compat Public Operand Length */ +#define HIFN_1_PUB_OP 0x308 /* 7951-compat Public Operand */ +#define HIFN_1_PUB_STATUS 0x30c /* 7951-compat Public Status */ +#define HIFN_1_PUB_IEN 0x310 /* Public Interrupt enable */ +#define HIFN_1_RNG_CONFIG 0x314 /* RNG config */ +#define HIFN_1_RNG_DATA 0x318 /* RNG data */ +#define HIFN_1_PUB_MODE 0x320 /* PK mode */ +#define HIFN_1_PUB_FIFO_OPLEN 0x380 /* first element of oplen fifo */ +#define HIFN_1_PUB_FIFO_OP 0x384 /* first element of op fifo */ +#define HIFN_1_PUB_MEM 0x400 /* start of Public key memory */ +#define HIFN_1_PUB_MEMEND 0xbff /* end of Public key memory */ + +/* DMA Status and Control Register (HIFN_1_DMA_CSR) */ +#define HIFN_DMACSR_D_CTRLMASK 0xc0000000 /* Destinition Ring Control */ +#define HIFN_DMACSR_D_CTRL_NOP 0x00000000 /* Dest. Control: no-op */ +#define HIFN_DMACSR_D_CTRL_DIS 0x40000000 /* Dest. Control: disable */ +#define HIFN_DMACSR_D_CTRL_ENA 0x80000000 /* Dest. Control: enable */ +#define HIFN_DMACSR_D_ABORT 0x20000000 /* Destinition Ring PCIAbort */ +#define HIFN_DMACSR_D_DONE 0x10000000 /* Destinition Ring Done */ +#define HIFN_DMACSR_D_LAST 0x08000000 /* Destinition Ring Last */ +#define HIFN_DMACSR_D_WAIT 0x04000000 /* Destinition Ring Waiting */ +#define HIFN_DMACSR_D_OVER 0x02000000 /* Destinition Ring Overflow */ +#define HIFN_DMACSR_R_CTRL 0x00c00000 /* Result Ring Control */ +#define HIFN_DMACSR_R_CTRL_NOP 0x00000000 /* Result Control: no-op */ +#define HIFN_DMACSR_R_CTRL_DIS 0x00400000 /* Result Control: disable */ +#define HIFN_DMACSR_R_CTRL_ENA 0x00800000 /* Result Control: enable */ +#define HIFN_DMACSR_R_ABORT 0x00200000 /* Result Ring PCI Abort */ +#define HIFN_DMACSR_R_DONE 0x00100000 /* Result Ring Done */ +#define HIFN_DMACSR_R_LAST 0x00080000 /* Result Ring Last */ +#define HIFN_DMACSR_R_WAIT 0x00040000 /* Result Ring Waiting */ +#define HIFN_DMACSR_R_OVER 0x00020000 /* Result Ring Overflow */ +#define HIFN_DMACSR_S_CTRL 0x0000c000 /* Source Ring Control */ +#define HIFN_DMACSR_S_CTRL_NOP 0x00000000 /* Source Control: no-op */ +#define HIFN_DMACSR_S_CTRL_DIS 0x00004000 /* Source Control: disable */ +#define HIFN_DMACSR_S_CTRL_ENA 0x00008000 /* Source Control: enable */ +#define HIFN_DMACSR_S_ABORT 0x00002000 /* Source Ring PCI Abort */ +#define HIFN_DMACSR_S_DONE 0x00001000 /* Source Ring Done */ +#define HIFN_DMACSR_S_LAST 0x00000800 /* Source Ring Last */ +#define HIFN_DMACSR_S_WAIT 0x00000400 /* Source Ring Waiting */ +#define HIFN_DMACSR_ILLW 0x00000200 /* Illegal write (7811 only) */ +#define HIFN_DMACSR_ILLR 0x00000100 /* Illegal read (7811 only) */ +#define HIFN_DMACSR_C_CTRL 0x000000c0 /* Command Ring Control */ +#define HIFN_DMACSR_C_CTRL_NOP 0x00000000 /* Command Control: no-op */ +#define HIFN_DMACSR_C_CTRL_DIS 0x00000040 /* Command Control: disable */ +#define HIFN_DMACSR_C_CTRL_ENA 0x00000080 /* Command Control: enable */ +#define HIFN_DMACSR_C_ABORT 0x00000020 /* Command Ring PCI Abort */ +#define HIFN_DMACSR_C_DONE 0x00000010 /* Command Ring Done */ +#define HIFN_DMACSR_C_LAST 0x00000008 /* Command Ring Last */ +#define HIFN_DMACSR_C_WAIT 0x00000004 /* Command Ring Waiting */ +#define HIFN_DMACSR_PUBDONE 0x00000002 /* Public op done (7951 only) */ +#define HIFN_DMACSR_ENGINE 0x00000001 /* Command Ring Engine IRQ */ + +/* DMA Interrupt Enable Register (HIFN_1_DMA_IER) */ +#define HIFN_DMAIER_D_ABORT 0x20000000 /* Destination Ring PCIAbort */ +#define HIFN_DMAIER_D_DONE 0x10000000 /* Destination Ring Done */ +#define HIFN_DMAIER_D_LAST 0x08000000 /* Destination Ring Last */ +#define HIFN_DMAIER_D_WAIT 0x04000000 /* Destination Ring Waiting */ +#define HIFN_DMAIER_D_OVER 0x02000000 /* Destination Ring Overflow */ +#define HIFN_DMAIER_R_ABORT 0x00200000 /* Result Ring PCI Abort */ +#define HIFN_DMAIER_R_DONE 0x00100000 /* Result Ring Done */ +#define HIFN_DMAIER_R_LAST 0x00080000 /* Result Ring Last */ +#define HIFN_DMAIER_R_WAIT 0x00040000 /* Result Ring Waiting */ +#define HIFN_DMAIER_R_OVER 0x00020000 /* Result Ring Overflow */ +#define HIFN_DMAIER_S_ABORT 0x00002000 /* Source Ring PCI Abort */ +#define HIFN_DMAIER_S_DONE 0x00001000 /* Source Ring Done */ +#define HIFN_DMAIER_S_LAST 0x00000800 /* Source Ring Last */ +#define HIFN_DMAIER_S_WAIT 0x00000400 /* Source Ring Waiting */ +#define HIFN_DMAIER_ILLW 0x00000200 /* Illegal write (7811 only) */ +#define HIFN_DMAIER_ILLR 0x00000100 /* Illegal read (7811 only) */ +#define HIFN_DMAIER_C_ABORT 0x00000020 /* Command Ring PCI Abort */ +#define HIFN_DMAIER_C_DONE 0x00000010 /* Command Ring Done */ +#define HIFN_DMAIER_C_LAST 0x00000008 /* Command Ring Last */ +#define HIFN_DMAIER_C_WAIT 0x00000004 /* Command Ring Waiting */ +#define HIFN_DMAIER_PUBDONE 0x00000002 /* public op done (7951 only) */ +#define HIFN_DMAIER_ENGINE 0x00000001 /* Engine IRQ */ + +/* DMA Configuration Register (HIFN_1_DMA_CNFG) */ +#define HIFN_DMACNFG_BIGENDIAN 0x10000000 /* big endian mode */ +#define HIFN_DMACNFG_POLLFREQ 0x00ff0000 /* Poll frequency mask */ +#define HIFN_DMACNFG_UNLOCK 0x00000800 +#define HIFN_DMACNFG_POLLINVAL 0x00000700 /* Invalid Poll Scalar */ +#define HIFN_DMACNFG_LAST 0x00000010 /* Host control LAST bit */ +#define HIFN_DMACNFG_MODE 0x00000004 /* DMA mode */ +#define HIFN_DMACNFG_DMARESET 0x00000002 /* DMA Reset # */ +#define HIFN_DMACNFG_MSTRESET 0x00000001 /* Master Reset # */ + +/* DMA Configuration Register (HIFN_1_DMA_CNFG2) */ +#define HIFN_DMACNFG2_PKSWAP32 (1 << 19) /* swap the OPLEN/OP reg */ +#define HIFN_DMACNFG2_PKSWAP8 (1 << 18) /* swap the bits of OPLEN/OP */ +#define HIFN_DMACNFG2_BAR0_SWAP32 (1<<17) /* swap the bytes of BAR0 */ +#define HIFN_DMACNFG2_BAR1_SWAP8 (1<<16) /* swap the bits of BAR0 */ +#define HIFN_DMACNFG2_INIT_WRITE_BURST_SHIFT 12 +#define HIFN_DMACNFG2_INIT_READ_BURST_SHIFT 8 +#define HIFN_DMACNFG2_TGT_WRITE_BURST_SHIFT 4 +#define HIFN_DMACNFG2_TGT_READ_BURST_SHIFT 0 + +/* 7811 RNG Enable Register (HIFN_1_7811_RNGENA) */ +#define HIFN_7811_RNGENA_ENA 0x00000001 /* enable RNG */ + +/* 7811 RNG Config Register (HIFN_1_7811_RNGCFG) */ +#define HIFN_7811_RNGCFG_PRE1 0x00000f00 /* first prescalar */ +#define HIFN_7811_RNGCFG_OPRE 0x00000080 /* output prescalar */ +#define HIFN_7811_RNGCFG_DEFL 0x00000f80 /* 2 words/ 1/100 sec */ + +/* 7811 RNG Status Register (HIFN_1_7811_RNGSTS) */ +#define HIFN_7811_RNGSTS_RDY 0x00004000 /* two numbers in FIFO */ +#define HIFN_7811_RNGSTS_UFL 0x00001000 /* rng underflow */ + +/* 7811 MIPS Reset Register (HIFN_1_7811_MIPSRST) */ +#define HIFN_MIPSRST_BAR2SIZE 0xffff0000 /* sdram size */ +#define HIFN_MIPSRST_GPRAMINIT 0x00008000 /* gpram can be accessed */ +#define HIFN_MIPSRST_CRAMINIT 0x00004000 /* ctxram can be accessed */ +#define HIFN_MIPSRST_LED2 0x00000400 /* external LED2 */ +#define HIFN_MIPSRST_LED1 0x00000200 /* external LED1 */ +#define HIFN_MIPSRST_LED0 0x00000100 /* external LED0 */ +#define HIFN_MIPSRST_MIPSDIS 0x00000004 /* disable MIPS */ +#define HIFN_MIPSRST_MIPSRST 0x00000002 /* warm reset MIPS */ +#define HIFN_MIPSRST_MIPSCOLD 0x00000001 /* cold reset MIPS */ + +/* Public key reset register (HIFN_1_PUB_RESET) */ +#define HIFN_PUBRST_RESET 0x00000001 /* reset public/rng unit */ + +/* Public operation register (HIFN_1_PUB_OP) */ +#define HIFN_PUBOP_AOFFSET 0x0000003e /* A offset */ +#define HIFN_PUBOP_BOFFSET 0x00000fc0 /* B offset */ +#define HIFN_PUBOP_MOFFSET 0x0003f000 /* M offset */ +#define HIFN_PUBOP_OP_MASK 0x003c0000 /* Opcode: */ +#define HIFN_PUBOP_OP_NOP 0x00000000 /* NOP */ +#define HIFN_PUBOP_OP_ADD 0x00040000 /* ADD */ +#define HIFN_PUBOP_OP_ADDC 0x00080000 /* ADD w/carry */ +#define HIFN_PUBOP_OP_SUB 0x000c0000 /* SUB */ +#define HIFN_PUBOP_OP_SUBC 0x00100000 /* SUB w/carry */ +#define HIFN_PUBOP_OP_MODADD 0x00140000 /* Modular ADD */ +#define HIFN_PUBOP_OP_MODSUB 0x00180000 /* Modular SUB */ +#define HIFN_PUBOP_OP_INCA 0x001c0000 /* INC A */ +#define HIFN_PUBOP_OP_DECA 0x00200000 /* DEC A */ +#define HIFN_PUBOP_OP_MULT 0x00240000 /* MULT */ +#define HIFN_PUBOP_OP_MODMULT 0x00280000 /* Modular MULT */ +#define HIFN_PUBOP_OP_MODRED 0x002c0000 /* Modular Red */ +#define HIFN_PUBOP_OP_MODEXP 0x00300000 /* Modular Exp */ + +/* Public operand length register (HIFN_1_PUB_OPLEN) */ +#define HIFN_PUBOPLEN_MODLEN 0x0000007f +#define HIFN_PUBOPLEN_EXPLEN 0x0003ff80 +#define HIFN_PUBOPLEN_REDLEN 0x003c0000 + +/* Public status register (HIFN_1_PUB_STATUS) */ +#define HIFN_PUBSTS_DONE 0x00000001 /* operation done */ +#define HIFN_PUBSTS_CARRY 0x00000002 /* carry */ +#define HIFN_PUBSTS_FIFO_EMPTY 0x00000100 /* fifo empty */ +#define HIFN_PUBSTS_FIFO_FULL 0x00000200 /* fifo full */ +#define HIFN_PUBSTS_FIFO_OVFL 0x00000400 /* fifo overflow */ +#define HIFN_PUBSTS_FIFO_WRITE 0x000f0000 /* fifo write */ +#define HIFN_PUBSTS_FIFO_READ 0x0f000000 /* fifo read */ + +/* Public interrupt enable register (HIFN_1_PUB_IEN) */ +#define HIFN_PUBIEN_DONE 0x00000001 /* operation done interrupt */ + +/* Random number generator config register (HIFN_1_RNG_CONFIG) */ +#define HIFN_RNGCFG_ENA 0x00000001 /* enable rng */ + +/* + * Register offsets in register set 1 + */ + +#define HIFN_UNLOCK_SECRET1 0xf4 +#define HIFN_UNLOCK_SECRET2 0xfc + +/* + * PLL config register + * + * This register is present only on 7954/7955/7956 parts. It must be + * programmed according to the bus interface method used by the h/w. + * Note that the parts require a stable clock. Since the PCI clock + * may vary the reference clock must usually be used. To avoid + * overclocking the core logic, setup must be done carefully, refer + * to the driver for details. The exact multiplier required varies + * by part and system configuration; refer to the Hifn documentation. + */ +#define HIFN_PLL_REF_SEL 0x00000001 /* REF/HBI clk selection */ +#define HIFN_PLL_BP 0x00000002 /* bypass (used during setup) */ +/* bit 2 reserved */ +#define HIFN_PLL_PK_CLK_SEL 0x00000008 /* public key clk select */ +#define HIFN_PLL_PE_CLK_SEL 0x00000010 /* packet engine clk select */ +/* bits 5-9 reserved */ +#define HIFN_PLL_MBSET 0x00000400 /* must be set to 1 */ +#define HIFN_PLL_ND 0x00003800 /* Fpll_ref multiplier select */ +#define HIFN_PLL_ND_SHIFT 11 +#define HIFN_PLL_ND_2 0x00000000 /* 2x */ +#define HIFN_PLL_ND_4 0x00000800 /* 4x */ +#define HIFN_PLL_ND_6 0x00001000 /* 6x */ +#define HIFN_PLL_ND_8 0x00001800 /* 8x */ +#define HIFN_PLL_ND_10 0x00002000 /* 10x */ +#define HIFN_PLL_ND_12 0x00002800 /* 12x */ +/* bits 14-15 reserved */ +#define HIFN_PLL_IS 0x00010000 /* charge pump current select */ +/* bits 17-31 reserved */ + +/* + * Board configuration specifies only these bits. + */ +#define HIFN_PLL_CONFIG (HIFN_PLL_IS|HIFN_PLL_ND|HIFN_PLL_REF_SEL) + +/* + * Public Key Engine Mode Register + */ +#define HIFN_PKMODE_HOSTINVERT (1 << 0) /* HOST INVERT */ +#define HIFN_PKMODE_ENHANCED (1 << 1) /* Enable enhanced mode */ + + +/********************************************************************* + * Structs for board commands + * + *********************************************************************/ + +/* + * Structure to help build up the command data structure. + */ +typedef struct hifn_base_command { + volatile u_int16_t masks; + volatile u_int16_t session_num; + volatile u_int16_t total_source_count; + volatile u_int16_t total_dest_count; +} hifn_base_command_t; + +#define HIFN_BASE_CMD_MAC 0x0400 +#define HIFN_BASE_CMD_CRYPT 0x0800 +#define HIFN_BASE_CMD_DECODE 0x2000 +#define HIFN_BASE_CMD_SRCLEN_M 0xc000 +#define HIFN_BASE_CMD_SRCLEN_S 14 +#define HIFN_BASE_CMD_DSTLEN_M 0x3000 +#define HIFN_BASE_CMD_DSTLEN_S 12 +#define HIFN_BASE_CMD_LENMASK_HI 0x30000 +#define HIFN_BASE_CMD_LENMASK_LO 0x0ffff + +/* + * Structure to help build up the command data structure. + */ +typedef struct hifn_crypt_command { + volatile u_int16_t masks; + volatile u_int16_t header_skip; + volatile u_int16_t source_count; + volatile u_int16_t reserved; +} hifn_crypt_command_t; + +#define HIFN_CRYPT_CMD_ALG_MASK 0x0003 /* algorithm: */ +#define HIFN_CRYPT_CMD_ALG_DES 0x0000 /* DES */ +#define HIFN_CRYPT_CMD_ALG_3DES 0x0001 /* 3DES */ +#define HIFN_CRYPT_CMD_ALG_RC4 0x0002 /* RC4 */ +#define HIFN_CRYPT_CMD_ALG_AES 0x0003 /* AES */ +#define HIFN_CRYPT_CMD_MODE_MASK 0x0018 /* Encrypt mode: */ +#define HIFN_CRYPT_CMD_MODE_ECB 0x0000 /* ECB */ +#define HIFN_CRYPT_CMD_MODE_CBC 0x0008 /* CBC */ +#define HIFN_CRYPT_CMD_MODE_CFB 0x0010 /* CFB */ +#define HIFN_CRYPT_CMD_MODE_OFB 0x0018 /* OFB */ +#define HIFN_CRYPT_CMD_CLR_CTX 0x0040 /* clear context */ +#define HIFN_CRYPT_CMD_NEW_KEY 0x0800 /* expect new key */ +#define HIFN_CRYPT_CMD_NEW_IV 0x1000 /* expect new iv */ + +#define HIFN_CRYPT_CMD_SRCLEN_M 0xc000 +#define HIFN_CRYPT_CMD_SRCLEN_S 14 + +#define HIFN_CRYPT_CMD_KSZ_MASK 0x0600 /* AES key size: */ +#define HIFN_CRYPT_CMD_KSZ_128 0x0000 /* 128 bit */ +#define HIFN_CRYPT_CMD_KSZ_192 0x0200 /* 192 bit */ +#define HIFN_CRYPT_CMD_KSZ_256 0x0400 /* 256 bit */ + +/* + * Structure to help build up the command data structure. + */ +typedef struct hifn_mac_command { + volatile u_int16_t masks; + volatile u_int16_t header_skip; + volatile u_int16_t source_count; + volatile u_int16_t reserved; +} hifn_mac_command_t; + +#define HIFN_MAC_CMD_ALG_MASK 0x0001 +#define HIFN_MAC_CMD_ALG_SHA1 0x0000 +#define HIFN_MAC_CMD_ALG_MD5 0x0001 +#define HIFN_MAC_CMD_MODE_MASK 0x000c +#define HIFN_MAC_CMD_MODE_HMAC 0x0000 +#define HIFN_MAC_CMD_MODE_SSL_MAC 0x0004 +#define HIFN_MAC_CMD_MODE_HASH 0x0008 +#define HIFN_MAC_CMD_MODE_FULL 0x0004 +#define HIFN_MAC_CMD_TRUNC 0x0010 +#define HIFN_MAC_CMD_RESULT 0x0020 +#define HIFN_MAC_CMD_APPEND 0x0040 +#define HIFN_MAC_CMD_SRCLEN_M 0xc000 +#define HIFN_MAC_CMD_SRCLEN_S 14 + +/* + * MAC POS IPsec initiates authentication after encryption on encodes + * and before decryption on decodes. + */ +#define HIFN_MAC_CMD_POS_IPSEC 0x0200 +#define HIFN_MAC_CMD_NEW_KEY 0x0800 + +/* + * The poll frequency and poll scalar defines are unshifted values used + * to set fields in the DMA Configuration Register. + */ +#ifndef HIFN_POLL_FREQUENCY +#define HIFN_POLL_FREQUENCY 0x1 +#endif + +#ifndef HIFN_POLL_SCALAR +#define HIFN_POLL_SCALAR 0x0 +#endif + +#define HIFN_MAX_SEGLEN 0xffff /* maximum dma segment len */ +#define HIFN_MAX_DMALEN 0x3ffff /* maximum dma length */ +#endif /* __HIFN_H__ */ diff -Naur linux-3.0.68.i686-orig/crypto/ocf/hifn/hifn7751var.h linux-3.0.68.i686/crypto/ocf/hifn/hifn7751var.h --- linux-3.0.68.i686-orig/crypto/ocf/hifn/hifn7751var.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/hifn/hifn7751var.h 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,368 @@ +/* $FreeBSD: src/sys/dev/hifn/hifn7751var.h,v 1.9 2007/03/21 03:42:49 sam Exp $ */ +/* $OpenBSD: hifn7751var.h,v 1.42 2002/04/08 17:49:42 jason Exp $ */ + +/*- + * Invertex AEON / Hifn 7751 driver + * Copyright (c) 1999 Invertex Inc. All rights reserved. + * Copyright (c) 1999 Theo de Raadt + * Copyright (c) 2000-2001 Network Security Technologies, Inc. + * http://www.netsec.net + * + * Please send any comments, feedback, bug-fixes, or feature requests to + * software@invertex.com. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * + */ + +#ifndef __HIFN7751VAR_H__ +#define __HIFN7751VAR_H__ + +#ifdef __KERNEL__ + +/* + * Some configurable values for the driver. By default command+result + * descriptor rings are the same size. The src+dst descriptor rings + * are sized at 3.5x the number of potential commands. Slower parts + * (e.g. 7951) tend to run out of src descriptors; faster parts (7811) + * src+cmd/result descriptors. It's not clear that increasing the size + * of the descriptor rings helps performance significantly as other + * factors tend to come into play (e.g. copying misaligned packets). + */ +#define HIFN_D_CMD_RSIZE 24 /* command descriptors */ +#define HIFN_D_SRC_RSIZE ((HIFN_D_CMD_RSIZE * 7) / 2) /* source descriptors */ +#define HIFN_D_RES_RSIZE HIFN_D_CMD_RSIZE /* result descriptors */ +#define HIFN_D_DST_RSIZE HIFN_D_SRC_RSIZE /* destination descriptors */ + +/* + * Length values for cryptography + */ +#define HIFN_DES_KEY_LENGTH 8 +#define HIFN_3DES_KEY_LENGTH 24 +#define HIFN_MAX_CRYPT_KEY_LENGTH HIFN_3DES_KEY_LENGTH +#define HIFN_IV_LENGTH 8 +#define HIFN_AES_IV_LENGTH 16 +#define HIFN_MAX_IV_LENGTH HIFN_AES_IV_LENGTH + +/* + * Length values for authentication + */ +#define HIFN_MAC_KEY_LENGTH 64 +#define HIFN_MD5_LENGTH 16 +#define HIFN_SHA1_LENGTH 20 +#define HIFN_MAC_TRUNC_LENGTH 12 + +#define MAX_SCATTER 64 + +/* + * Data structure to hold all 4 rings and any other ring related data. + */ +struct hifn_dma { + /* + * Descriptor rings. We add +1 to the size to accomidate the + * jump descriptor. + */ + struct hifn_desc cmdr[HIFN_D_CMD_RSIZE+1]; + struct hifn_desc srcr[HIFN_D_SRC_RSIZE+1]; + struct hifn_desc dstr[HIFN_D_DST_RSIZE+1]; + struct hifn_desc resr[HIFN_D_RES_RSIZE+1]; + + struct hifn_command *hifn_commands[HIFN_D_RES_RSIZE]; + + u_char command_bufs[HIFN_D_CMD_RSIZE][HIFN_MAX_COMMAND]; + u_char result_bufs[HIFN_D_CMD_RSIZE][HIFN_MAX_RESULT]; + u_int32_t slop[HIFN_D_CMD_RSIZE]; + + u_int64_t test_src, test_dst; + + /* + * Our current positions for insertion and removal from the desriptor + * rings. + */ + int cmdi, srci, dsti, resi; + volatile int cmdu, srcu, dstu, resu; + int cmdk, srck, dstk, resk; +}; + +struct hifn_session { + int hs_used; + int hs_mlen; +}; + +#define HIFN_RING_SYNC(sc, r, i, f) \ + /* DAVIDM bus_dmamap_sync((sc)->sc_dmat, (sc)->sc_dmamap, (f)) */ + +#define HIFN_CMDR_SYNC(sc, i, f) HIFN_RING_SYNC((sc), cmdr, (i), (f)) +#define HIFN_RESR_SYNC(sc, i, f) HIFN_RING_SYNC((sc), resr, (i), (f)) +#define HIFN_SRCR_SYNC(sc, i, f) HIFN_RING_SYNC((sc), srcr, (i), (f)) +#define HIFN_DSTR_SYNC(sc, i, f) HIFN_RING_SYNC((sc), dstr, (i), (f)) + +#define HIFN_CMD_SYNC(sc, i, f) \ + /* DAVIDM bus_dmamap_sync((sc)->sc_dmat, (sc)->sc_dmamap, (f)) */ + +#define HIFN_RES_SYNC(sc, i, f) \ + /* DAVIDM bus_dmamap_sync((sc)->sc_dmat, (sc)->sc_dmamap, (f)) */ + +typedef int bus_size_t; + +/* + * Holds data specific to a single HIFN board. + */ +struct hifn_softc { + softc_device_decl sc_dev; + + struct pci_dev *sc_pcidev; /* PCI device pointer */ + spinlock_t sc_mtx; /* per-instance lock */ + + int sc_num; /* for multiple devs */ + + ocf_iomem_t sc_bar0; + bus_size_t sc_bar0_lastreg;/* bar0 last reg written */ + ocf_iomem_t sc_bar1; + bus_size_t sc_bar1_lastreg;/* bar1 last reg written */ + + int sc_irq; + + u_int32_t sc_dmaier; + u_int32_t sc_drammodel; /* 1=dram, 0=sram */ + u_int32_t sc_pllconfig; /* 7954/7955/7956 PLL config */ + + struct hifn_dma *sc_dma; + dma_addr_t sc_dma_physaddr;/* physical address of sc_dma */ + + int sc_dmansegs; + int32_t sc_cid; + int sc_maxses; + int sc_nsessions; + struct hifn_session *sc_sessions; + int sc_ramsize; + int sc_flags; +#define HIFN_HAS_RNG 0x1 /* includes random number generator */ +#define HIFN_HAS_PUBLIC 0x2 /* includes public key support */ +#define HIFN_HAS_AES 0x4 /* includes AES support */ +#define HIFN_IS_7811 0x8 /* Hifn 7811 part */ +#define HIFN_IS_7956 0x10 /* Hifn 7956/7955 don't have SDRAM */ + + struct timer_list sc_tickto; /* for managing DMA */ + + int sc_rngfirst; + int sc_rnghz; /* RNG polling frequency */ + + int sc_c_busy; /* command ring busy */ + int sc_s_busy; /* source data ring busy */ + int sc_d_busy; /* destination data ring busy */ + int sc_r_busy; /* result ring busy */ + int sc_active; /* for initial countdown */ + int sc_needwakeup; /* ops q'd wating on resources */ + int sc_curbatch; /* # ops submitted w/o int */ + int sc_suspended; +#ifdef HIFN_VULCANDEV + struct cdev *sc_pkdev; +#endif +}; + +#define HIFN_LOCK(_sc) spin_lock_irqsave(&(_sc)->sc_mtx, l_flags) +#define HIFN_UNLOCK(_sc) spin_unlock_irqrestore(&(_sc)->sc_mtx, l_flags) + +/* + * hifn_command_t + * + * This is the control structure used to pass commands to hifn_encrypt(). + * + * flags + * ----- + * Flags is the bitwise "or" values for command configuration. A single + * encrypt direction needs to be set: + * + * HIFN_ENCODE or HIFN_DECODE + * + * To use cryptography, a single crypto algorithm must be included: + * + * HIFN_CRYPT_3DES or HIFN_CRYPT_DES + * + * To use authentication is used, a single MAC algorithm must be included: + * + * HIFN_MAC_MD5 or HIFN_MAC_SHA1 + * + * By default MD5 uses a 16 byte hash and SHA-1 uses a 20 byte hash. + * If the value below is set, hash values are truncated or assumed + * truncated to 12 bytes: + * + * HIFN_MAC_TRUNC + * + * Keys for encryption and authentication can be sent as part of a command, + * or the last key value used with a particular session can be retrieved + * and used again if either of these flags are not specified. + * + * HIFN_CRYPT_NEW_KEY, HIFN_MAC_NEW_KEY + * + * session_num + * ----------- + * A number between 0 and 2048 (for DRAM models) or a number between + * 0 and 768 (for SRAM models). Those who don't want to use session + * numbers should leave value at zero and send a new crypt key and/or + * new MAC key on every command. If you use session numbers and + * don't send a key with a command, the last key sent for that same + * session number will be used. + * + * Warning: Using session numbers and multiboard at the same time + * is currently broken. + * + * mbuf + * ---- + * Either fill in the mbuf pointer and npa=0 or + * fill packp[] and packl[] and set npa to > 0 + * + * mac_header_skip + * --------------- + * The number of bytes of the source_buf that are skipped over before + * authentication begins. This must be a number between 0 and 2^16-1 + * and can be used by IPsec implementers to skip over IP headers. + * *** Value ignored if authentication not used *** + * + * crypt_header_skip + * ----------------- + * The number of bytes of the source_buf that are skipped over before + * the cryptographic operation begins. This must be a number between 0 + * and 2^16-1. For IPsec, this number will always be 8 bytes larger + * than the auth_header_skip (to skip over the ESP header). + * *** Value ignored if cryptography not used *** + * + */ +struct hifn_operand { + union { + struct sk_buff *skb; + struct uio *io; + unsigned char *buf; + } u; + void *map; + bus_size_t mapsize; + int nsegs; + struct { + dma_addr_t ds_addr; + int ds_len; + } segs[MAX_SCATTER]; +}; + +struct hifn_command { + u_int16_t session_num; + u_int16_t base_masks, cry_masks, mac_masks; + u_int8_t iv[HIFN_MAX_IV_LENGTH], *ck, mac[HIFN_MAC_KEY_LENGTH]; + int cklen; + int sloplen, slopidx; + + struct hifn_operand src; + struct hifn_operand dst; + + struct hifn_softc *softc; + struct cryptop *crp; + struct cryptodesc *enccrd, *maccrd; +}; + +#define src_skb src.u.skb +#define src_io src.u.io +#define src_map src.map +#define src_mapsize src.mapsize +#define src_segs src.segs +#define src_nsegs src.nsegs +#define src_buf src.u.buf + +#define dst_skb dst.u.skb +#define dst_io dst.u.io +#define dst_map dst.map +#define dst_mapsize dst.mapsize +#define dst_segs dst.segs +#define dst_nsegs dst.nsegs +#define dst_buf dst.u.buf + +/* + * Return values for hifn_crypto() + */ +#define HIFN_CRYPTO_SUCCESS 0 +#define HIFN_CRYPTO_BAD_INPUT (-1) +#define HIFN_CRYPTO_RINGS_FULL (-2) + +/************************************************************************** + * + * Function: hifn_crypto + * + * Purpose: Called by external drivers to begin an encryption on the + * HIFN board. + * + * Blocking/Non-blocking Issues + * ============================ + * The driver cannot block in hifn_crypto (no calls to tsleep) currently. + * hifn_crypto() returns HIFN_CRYPTO_RINGS_FULL if there is not enough + * room in any of the rings for the request to proceed. + * + * Return Values + * ============= + * 0 for success, negative values on error + * + * Defines for negative error codes are: + * + * HIFN_CRYPTO_BAD_INPUT : The passed in command had invalid settings. + * HIFN_CRYPTO_RINGS_FULL : All DMA rings were full and non-blocking + * behaviour was requested. + * + *************************************************************************/ + +/* + * Convert back and forth from 'sid' to 'card' and 'session' + */ +#define HIFN_CARD(sid) (((sid) & 0xf0000000) >> 28) +#define HIFN_SESSION(sid) ((sid) & 0x000007ff) +#define HIFN_SID(crd,ses) (((crd) << 28) | ((ses) & 0x7ff)) + +#endif /* _KERNEL */ + +struct hifn_stats { + u_int64_t hst_ibytes; + u_int64_t hst_obytes; + u_int32_t hst_ipackets; + u_int32_t hst_opackets; + u_int32_t hst_invalid; + u_int32_t hst_nomem; /* malloc or one of hst_nomem_* */ + u_int32_t hst_abort; + u_int32_t hst_noirq; /* IRQ for no reason */ + u_int32_t hst_totbatch; /* ops submitted w/o interrupt */ + u_int32_t hst_maxbatch; /* max ops submitted together */ + u_int32_t hst_unaligned; /* unaligned src caused copy */ + /* + * The following divides hst_nomem into more specific buckets. + */ + u_int32_t hst_nomem_map; /* bus_dmamap_create failed */ + u_int32_t hst_nomem_load; /* bus_dmamap_load_* failed */ + u_int32_t hst_nomem_mbuf; /* MGET* failed */ + u_int32_t hst_nomem_mcl; /* MCLGET* failed */ + u_int32_t hst_nomem_cr; /* out of command/result descriptor */ + u_int32_t hst_nomem_sd; /* out of src/dst descriptors */ +}; + +#endif /* __HIFN7751VAR_H__ */ diff -Naur linux-3.0.68.i686-orig/crypto/ocf/hifn/hifnHIPP.c linux-3.0.68.i686/crypto/ocf/hifn/hifnHIPP.c --- linux-3.0.68.i686-orig/crypto/ocf/hifn/hifnHIPP.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/hifn/hifnHIPP.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,420 @@ +/*- + * Driver for Hifn HIPP-I/II chipset + * Copyright (c) 2006 Michael Richardson + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored by Hifn Inc. + * + */ + +/* + * Driver for various Hifn encryption processors. + */ +#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "hifnHIPPreg.h" +#include "hifnHIPPvar.h" + +#if 1 +#define DPRINTF(a...) if (hipp_debug) { \ + printk("%s: ", sc ? \ + device_get_nameunit(sc->sc_dev) : "hifn"); \ + printk(a); \ + } else +#else +#define DPRINTF(a...) +#endif + +typedef int bus_size_t; + +static inline int +pci_get_revid(struct pci_dev *dev) +{ + u8 rid = 0; + pci_read_config_byte(dev, PCI_REVISION_ID, &rid); + return rid; +} + +#define debug hipp_debug +int hipp_debug = 0; +module_param(hipp_debug, int, 0644); +MODULE_PARM_DESC(hipp_debug, "Enable debug"); + +int hipp_maxbatch = 1; +module_param(hipp_maxbatch, int, 0644); +MODULE_PARM_DESC(hipp_maxbatch, "max ops to batch w/o interrupt"); + +static int hipp_probe(struct pci_dev *dev, const struct pci_device_id *ent); +static void hipp_remove(struct pci_dev *dev); +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) +static irqreturn_t hipp_intr(int irq, void *arg); +#else +static irqreturn_t hipp_intr(int irq, void *arg, struct pt_regs *regs); +#endif + +static int hipp_num_chips = 0; +static struct hipp_softc *hipp_chip_idx[HIPP_MAX_CHIPS]; + +static int hipp_newsession(device_t, u_int32_t *, struct cryptoini *); +static int hipp_freesession(device_t, u_int64_t); +static int hipp_process(device_t, struct cryptop *, int); + +static device_method_t hipp_methods = { + /* crypto device methods */ + DEVMETHOD(cryptodev_newsession, hipp_newsession), + DEVMETHOD(cryptodev_freesession,hipp_freesession), + DEVMETHOD(cryptodev_process, hipp_process), +}; + +static __inline u_int32_t +READ_REG(struct hipp_softc *sc, unsigned int barno, bus_size_t reg) +{ + u_int32_t v = readl(sc->sc_bar[barno] + reg); + //sc->sc_bar0_lastreg = (bus_size_t) -1; + return (v); +} +static __inline void +WRITE_REG(struct hipp_softc *sc, unsigned int barno, bus_size_t reg, u_int32_t val) +{ + writel(val, sc->sc_bar[barno] + reg); +} + +#define READ_REG_0(sc, reg) READ_REG(sc, 0, reg) +#define WRITE_REG_0(sc, reg, val) WRITE_REG(sc,0, reg, val) +#define READ_REG_1(sc, reg) READ_REG(sc, 1, reg) +#define WRITE_REG_1(sc, reg, val) WRITE_REG(sc,1, reg, val) + +static int +hipp_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri) +{ + return EINVAL; +} + +static int +hipp_freesession(device_t dev, u_int64_t tid) +{ + return EINVAL; +} + +static int +hipp_process(device_t dev, struct cryptop *crp, int hint) +{ + return EINVAL; +} + +static const char* +hipp_partname(struct hipp_softc *sc, char buf[128], size_t blen) +{ + char *n = NULL; + + switch (pci_get_vendor(sc->sc_pcidev)) { + case PCI_VENDOR_HIFN: + switch (pci_get_device(sc->sc_pcidev)) { + case PCI_PRODUCT_HIFN_7855: n = "Hifn 7855"; + case PCI_PRODUCT_HIFN_8155: n = "Hifn 8155"; + case PCI_PRODUCT_HIFN_6500: n = "Hifn 6500"; + } + } + + if(n==NULL) { + snprintf(buf, blen, "VID=%02x,PID=%02x", + pci_get_vendor(sc->sc_pcidev), + pci_get_device(sc->sc_pcidev)); + } else { + buf[0]='\0'; + strncat(buf, n, blen); + } + return buf; +} + +struct hipp_fs_entry { + struct attribute attr; + /* other stuff */ +}; + + +static ssize_t +cryptoid_show(struct device *dev, + struct device_attribute *attr, + char *buf) +{ + struct hipp_softc *sc; + + sc = pci_get_drvdata(to_pci_dev (dev)); + return sprintf (buf, "%d\n", sc->sc_cid); +} + +struct device_attribute hipp_dev_cryptoid = __ATTR_RO(cryptoid); + +/* + * Attach an interface that successfully probed. + */ +static int +hipp_probe(struct pci_dev *dev, const struct pci_device_id *ent) +{ + struct hipp_softc *sc = NULL; + int i; + //char rbase; + //u_int16_t ena; + int rev; + //int rseg; + int rc; + + DPRINTF("%s()\n", __FUNCTION__); + + if (pci_enable_device(dev) < 0) + return(-ENODEV); + + if (pci_set_mwi(dev)) + return(-ENODEV); + + if (!dev->irq) { + printk("hifn: found device with no IRQ assigned. check BIOS settings!"); + pci_disable_device(dev); + return(-ENODEV); + } + + sc = (struct hipp_softc *) kmalloc(sizeof(*sc), GFP_KERNEL); + if (!sc) + return(-ENOMEM); + memset(sc, 0, sizeof(*sc)); + + softc_device_init(sc, "hifn-hipp", hipp_num_chips, hipp_methods); + + sc->sc_pcidev = dev; + sc->sc_irq = -1; + sc->sc_cid = -1; + sc->sc_num = hipp_num_chips++; + + if (sc->sc_num < HIPP_MAX_CHIPS) + hipp_chip_idx[sc->sc_num] = sc; + + pci_set_drvdata(sc->sc_pcidev, sc); + + spin_lock_init(&sc->sc_mtx); + + /* + * Setup PCI resources. + * The READ_REG_0, WRITE_REG_0, READ_REG_1, + * and WRITE_REG_1 macros throughout the driver are used + * to permit better debugging. + */ + for(i=0; i<4; i++) { + unsigned long mem_start, mem_len; + mem_start = pci_resource_start(sc->sc_pcidev, i); + mem_len = pci_resource_len(sc->sc_pcidev, i); + sc->sc_barphy[i] = (caddr_t)mem_start; + sc->sc_bar[i] = (ocf_iomem_t) ioremap(mem_start, mem_len); + if (!sc->sc_bar[i]) { + device_printf(sc->sc_dev, "cannot map bar%d register space\n", i); + goto fail; + } + } + + //hipp_reset_board(sc, 0); + pci_set_master(sc->sc_pcidev); + + /* + * Arrange the interrupt line. + */ + rc = request_irq(dev->irq, hipp_intr, IRQF_SHARED, "hifn", sc); + if (rc) { + device_printf(sc->sc_dev, "could not map interrupt: %d\n", rc); + goto fail; + } + sc->sc_irq = dev->irq; + + rev = READ_REG_1(sc, HIPP_1_REVID) & 0xffff; + + { + char b[32]; + device_printf(sc->sc_dev, "%s, rev %u", + hipp_partname(sc, b, sizeof(b)), rev); + } + +#if 0 + if (sc->sc_flags & HIFN_IS_7956) + printf(", pll=0x%x<%s clk, %ux mult>", + sc->sc_pllconfig, + sc->sc_pllconfig & HIFN_PLL_REF_SEL ? "ext" : "pci", + 2 + 2*((sc->sc_pllconfig & HIFN_PLL_ND) >> 11)); +#endif + printf("\n"); + + sc->sc_cid = crypto_get_driverid(softc_get_device(sc),CRYPTOCAP_F_HARDWARE); + if (sc->sc_cid < 0) { + device_printf(sc->sc_dev, "could not get crypto driver id\n"); + goto fail; + } + +#if 0 /* cannot work with a non-GPL module */ + /* make a sysfs entry to let the world know what entry we got */ + sysfs_create_file(&sc->sc_pcidev->dev.kobj, &hipp_dev_cryptoid.attr); +#endif + +#if 0 + init_timer(&sc->sc_tickto); + sc->sc_tickto.function = hifn_tick; + sc->sc_tickto.data = (unsigned long) sc->sc_num; + mod_timer(&sc->sc_tickto, jiffies + HZ); +#endif + +#if 0 /* no code here yet ?? */ + crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0); +#endif + + return (0); + +fail: + if (sc->sc_cid >= 0) + crypto_unregister_all(sc->sc_cid); + if (sc->sc_irq != -1) + free_irq(sc->sc_irq, sc); + +#if 0 + if (sc->sc_dma) { + /* Turn off DMA polling */ + WRITE_REG_1(sc, HIFN_1_DMA_CNFG, HIFN_DMACNFG_MSTRESET | + HIFN_DMACNFG_DMARESET | HIFN_DMACNFG_MODE); + + pci_free_consistent(sc->sc_pcidev, + sizeof(*sc->sc_dma), + sc->sc_dma, sc->sc_dma_physaddr); + } +#endif + kfree(sc); + return (-ENXIO); +} + +/* + * Detach an interface that successfully probed. + */ +static void +hipp_remove(struct pci_dev *dev) +{ + struct hipp_softc *sc = pci_get_drvdata(dev); + unsigned long l_flags; + + DPRINTF("%s()\n", __FUNCTION__); + + /* disable interrupts */ + HIPP_LOCK(sc); + +#if 0 + WRITE_REG_1(sc, HIFN_1_DMA_IER, 0); + HIFN_UNLOCK(sc); + + /*XXX other resources */ + del_timer_sync(&sc->sc_tickto); + + /* Turn off DMA polling */ + WRITE_REG_1(sc, HIFN_1_DMA_CNFG, HIFN_DMACNFG_MSTRESET | + HIFN_DMACNFG_DMARESET | HIFN_DMACNFG_MODE); +#endif + + crypto_unregister_all(sc->sc_cid); + + free_irq(sc->sc_irq, sc); + +#if 0 + pci_free_consistent(sc->sc_pcidev, sizeof(*sc->sc_dma), + sc->sc_dma, sc->sc_dma_physaddr); +#endif +} + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) +static irqreturn_t hipp_intr(int irq, void *arg) +#else +static irqreturn_t hipp_intr(int irq, void *arg, struct pt_regs *regs) +#endif +{ + struct hipp_softc *sc = arg; + + sc = sc; /* shut up compiler */ + + return IRQ_HANDLED; +} + +static struct pci_device_id hipp_pci_tbl[] = { + { PCI_VENDOR_HIFN, PCI_PRODUCT_HIFN_7855, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, + { PCI_VENDOR_HIFN, PCI_PRODUCT_HIFN_8155, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, +}; +MODULE_DEVICE_TABLE(pci, hipp_pci_tbl); + +static struct pci_driver hipp_driver = { + .name = "hipp", + .id_table = hipp_pci_tbl, + .probe = hipp_probe, + .remove = hipp_remove, + /* add PM stuff here one day */ +}; + +static int __init hipp_init (void) +{ + struct hipp_softc *sc = NULL; + int rc; + + DPRINTF("%s(%p)\n", __FUNCTION__, hipp_init); + + rc = pci_register_driver(&hipp_driver); + pci_register_driver_compat(&hipp_driver, rc); + + return rc; +} + +static void __exit hipp_exit (void) +{ + pci_unregister_driver(&hipp_driver); +} + +module_init(hipp_init); +module_exit(hipp_exit); + +MODULE_LICENSE("BSD"); +MODULE_AUTHOR("Michael Richardson "); +MODULE_DESCRIPTION("OCF driver for hifn HIPP-I/II PCI crypto devices"); diff -Naur linux-3.0.68.i686-orig/crypto/ocf/hifn/hifnHIPPreg.h linux-3.0.68.i686/crypto/ocf/hifn/hifnHIPPreg.h --- linux-3.0.68.i686-orig/crypto/ocf/hifn/hifnHIPPreg.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/hifn/hifnHIPPreg.h 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,46 @@ +/*- + * Hifn HIPP-I/HIPP-II (7855/8155) driver. + * Copyright (c) 2006 Michael Richardson + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored by Hifn inc. + * + */ + +#ifndef __HIFNHIPP_H__ +#define __HIFNHIPP_H__ + +/* + * PCI vendor and device identifiers + */ +#define PCI_VENDOR_HIFN 0x13a3 /* Hifn */ +#define PCI_PRODUCT_HIFN_6500 0x0006 /* 6500 */ +#define PCI_PRODUCT_HIFN_7855 0x001f /* 7855 */ +#define PCI_PRODUCT_HIFN_8155 0x999 /* XXX 8155 */ + +#define HIPP_1_REVID 0x01 /* BOGUS */ + +#endif /* __HIPP_H__ */ diff -Naur linux-3.0.68.i686-orig/crypto/ocf/hifn/hifnHIPPvar.h linux-3.0.68.i686/crypto/ocf/hifn/hifnHIPPvar.h --- linux-3.0.68.i686-orig/crypto/ocf/hifn/hifnHIPPvar.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/hifn/hifnHIPPvar.h 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,93 @@ +/* + * Hifn HIPP-I/HIPP-II (7855/8155) driver. + * Copyright (c) 2006 Michael Richardson * + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored by Hifn inc. + * + */ + +#ifndef __HIFNHIPPVAR_H__ +#define __HIFNHIPPVAR_H__ + +#define HIPP_MAX_CHIPS 8 + +/* + * Holds data specific to a single Hifn HIPP-I board. + */ +struct hipp_softc { + softc_device_decl sc_dev; + + struct pci_dev *sc_pcidev; /* device backpointer */ + ocf_iomem_t sc_bar[5]; + caddr_t sc_barphy[5]; /* physical address */ + int sc_num; /* for multiple devs */ + spinlock_t sc_mtx; /* per-instance lock */ + int32_t sc_cid; + int sc_irq; + +#if 0 + + u_int32_t sc_dmaier; + u_int32_t sc_drammodel; /* 1=dram, 0=sram */ + u_int32_t sc_pllconfig; /* 7954/7955/7956 PLL config */ + + struct hifn_dma *sc_dma; + dma_addr_t sc_dma_physaddr;/* physical address of sc_dma */ + + int sc_dmansegs; + int sc_maxses; + int sc_nsessions; + struct hifn_session *sc_sessions; + int sc_ramsize; + int sc_flags; +#define HIFN_HAS_RNG 0x1 /* includes random number generator */ +#define HIFN_HAS_PUBLIC 0x2 /* includes public key support */ +#define HIFN_HAS_AES 0x4 /* includes AES support */ +#define HIFN_IS_7811 0x8 /* Hifn 7811 part */ +#define HIFN_IS_7956 0x10 /* Hifn 7956/7955 don't have SDRAM */ + + struct timer_list sc_tickto; /* for managing DMA */ + + int sc_rngfirst; + int sc_rnghz; /* RNG polling frequency */ + + int sc_c_busy; /* command ring busy */ + int sc_s_busy; /* source data ring busy */ + int sc_d_busy; /* destination data ring busy */ + int sc_r_busy; /* result ring busy */ + int sc_active; /* for initial countdown */ + int sc_needwakeup; /* ops q'd wating on resources */ + int sc_curbatch; /* # ops submitted w/o int */ + int sc_suspended; + struct miscdevice sc_miscdev; +#endif +}; + +#define HIPP_LOCK(_sc) spin_lock_irqsave(&(_sc)->sc_mtx, l_flags) +#define HIPP_UNLOCK(_sc) spin_unlock_irqrestore(&(_sc)->sc_mtx, l_flags) + +#endif /* __HIFNHIPPVAR_H__ */ diff -Naur linux-3.0.68.i686-orig/crypto/ocf/hifn/Makefile linux-3.0.68.i686/crypto/ocf/hifn/Makefile --- linux-3.0.68.i686-orig/crypto/ocf/hifn/Makefile 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/hifn/Makefile 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,13 @@ +# for SGlinux builds +-include $(ROOTDIR)/modules/.config + +obj-$(CONFIG_OCF_HIFN) += hifn7751.o +obj-$(CONFIG_OCF_HIFNHIPP) += hifnHIPP.o + +obj ?= . +EXTRA_CFLAGS += -I$(obj)/.. -I$(obj)/ + +ifdef TOPDIR +-include $(TOPDIR)/Rules.make +endif + diff -Naur linux-3.0.68.i686-orig/crypto/ocf/ixp4xx/ixp4xx.c linux-3.0.68.i686/crypto/ocf/ixp4xx/ixp4xx.c --- linux-3.0.68.i686-orig/crypto/ocf/ixp4xx/ixp4xx.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/ixp4xx/ixp4xx.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,1339 @@ +/* + * An OCF module that uses Intels IXP CryptACC API to do the crypto. + * This driver requires the IXP400 Access Library that is available + * from Intel in order to operate (or compile). + * + * Written by David McCullough + * Copyright (C) 2006-2011 David McCullough + * Copyright (C) 2004-2005 Intel Corporation. + * + * LICENSE TERMS + * + * The free distribution and use of this software in both source and binary + * form is allowed (with or without changes) provided that: + * + * 1. distributions of this source code include the above copyright + * notice, this list of conditions and the following disclaimer; + * + * 2. distributions in binary form include the above copyright + * notice, this list of conditions and the following disclaimer + * in the documentation and/or other associated materials; + * + * 3. the copyright holder's name is not used to endorse products + * built using this software without specific written permission. + * + * ALTERNATIVELY, provided that this notice is retained in full, this product + * may be distributed under the terms of the GNU General Public License (GPL), + * in which case the provisions of the GPL apply INSTEAD OF those given above. + * + * DISCLAIMER + * + * This software is provided 'as is' with no explicit or implied warranties + * in respect of its properties, including, but not limited to, correctness + * and/or fitness for purpose. + */ + +#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#ifndef IX_MBUF_PRIV +#define IX_MBUF_PRIV(x) ((x)->priv) +#endif + +struct ixp_data; + +struct ixp_q { + struct list_head ixp_q_list; + struct ixp_data *ixp_q_data; + struct cryptop *ixp_q_crp; + struct cryptodesc *ixp_q_ccrd; + struct cryptodesc *ixp_q_acrd; + IX_MBUF ixp_q_mbuf; + UINT8 *ixp_hash_dest; /* Location for hash in client buffer */ + UINT8 *ixp_hash_src; /* Location of hash in internal buffer */ + unsigned char ixp_q_iv_data[IX_CRYPTO_ACC_MAX_CIPHER_IV_LENGTH]; + unsigned char *ixp_q_iv; +}; + +struct ixp_data { + int ixp_registered; /* is the context registered */ + int ixp_crd_flags; /* detect direction changes */ + + int ixp_cipher_alg; + int ixp_auth_alg; + + UINT32 ixp_ctx_id; + UINT32 ixp_hash_key_id; /* used when hashing */ + IxCryptoAccCtx ixp_ctx; + IX_MBUF ixp_pri_mbuf; + IX_MBUF ixp_sec_mbuf; + + struct work_struct ixp_pending_work; + struct work_struct ixp_registration_work; + struct list_head ixp_q; /* unprocessed requests */ +}; + +#ifdef __ixp46X + +#define MAX_IOP_SIZE 64 /* words */ +#define MAX_OOP_SIZE 128 + +#define MAX_PARAMS 3 + +struct ixp_pkq { + struct list_head pkq_list; + struct cryptkop *pkq_krp; + + IxCryptoAccPkeEauInOperands pkq_op; + IxCryptoAccPkeEauOpResult pkq_result; + + UINT32 pkq_ibuf0[MAX_IOP_SIZE]; + UINT32 pkq_ibuf1[MAX_IOP_SIZE]; + UINT32 pkq_ibuf2[MAX_IOP_SIZE]; + UINT32 pkq_obuf[MAX_OOP_SIZE]; +}; + +static LIST_HEAD(ixp_pkq); /* current PK wait list */ +static struct ixp_pkq *ixp_pk_cur; +static spinlock_t ixp_pkq_lock; + +#endif /* __ixp46X */ + +static int ixp_blocked = 0; + +static int32_t ixp_id = -1; +static struct ixp_data **ixp_sessions = NULL; +static u_int32_t ixp_sesnum = 0; + +static int ixp_process(device_t, struct cryptop *, int); +static int ixp_newsession(device_t, u_int32_t *, struct cryptoini *); +static int ixp_freesession(device_t, u_int64_t); +#ifdef __ixp46X +static int ixp_kprocess(device_t, struct cryptkop *krp, int hint); +#endif + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20) +static kmem_cache_t *qcache; +#else +static struct kmem_cache *qcache; +#endif + +#define debug ixp_debug +static int ixp_debug = 0; +module_param(ixp_debug, int, 0644); +MODULE_PARM_DESC(ixp_debug, "Enable debug"); + +static int ixp_init_crypto = 1; +module_param(ixp_init_crypto, int, 0444); /* RO after load/boot */ +MODULE_PARM_DESC(ixp_init_crypto, "Call ixCryptoAccInit (default is 1)"); + +static void ixp_process_pending(void *arg); +static void ixp_registration(void *arg); +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) +static void ixp_process_pending_wq(struct work_struct *work); +static void ixp_registration_wq(struct work_struct *work); +#endif + +/* + * dummy device structure + */ + +static struct { + softc_device_decl sc_dev; +} ixpdev; + +static device_method_t ixp_methods = { + /* crypto device methods */ + DEVMETHOD(cryptodev_newsession, ixp_newsession), + DEVMETHOD(cryptodev_freesession,ixp_freesession), + DEVMETHOD(cryptodev_process, ixp_process), +#ifdef __ixp46X + DEVMETHOD(cryptodev_kprocess, ixp_kprocess), +#endif +}; + +/* + * Generate a new software session. + */ +static int +ixp_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri) +{ + struct ixp_data *ixp; + u_int32_t i; +#define AUTH_LEN(cri, def) \ + (cri->cri_mlen ? cri->cri_mlen : (def)) + + dprintk("%s():alg %d\n", __FUNCTION__,cri->cri_alg); + if (sid == NULL || cri == NULL) { + dprintk("%s,%d - EINVAL\n", __FILE__, __LINE__); + return EINVAL; + } + + if (ixp_sessions) { + for (i = 1; i < ixp_sesnum; i++) + if (ixp_sessions[i] == NULL) + break; + } else + i = 1; /* NB: to silence compiler warning */ + + if (ixp_sessions == NULL || i == ixp_sesnum) { + struct ixp_data **ixpd; + + if (ixp_sessions == NULL) { + i = 1; /* We leave ixp_sessions[0] empty */ + ixp_sesnum = CRYPTO_SW_SESSIONS; + } else + ixp_sesnum *= 2; + + ixpd = kmalloc(ixp_sesnum * sizeof(struct ixp_data *), SLAB_ATOMIC); + if (ixpd == NULL) { + /* Reset session number */ + if (ixp_sesnum == CRYPTO_SW_SESSIONS) + ixp_sesnum = 0; + else + ixp_sesnum /= 2; + dprintk("%s,%d: ENOBUFS\n", __FILE__, __LINE__); + return ENOBUFS; + } + memset(ixpd, 0, ixp_sesnum * sizeof(struct ixp_data *)); + + /* Copy existing sessions */ + if (ixp_sessions) { + memcpy(ixpd, ixp_sessions, + (ixp_sesnum / 2) * sizeof(struct ixp_data *)); + kfree(ixp_sessions); + } + + ixp_sessions = ixpd; + } + + ixp_sessions[i] = (struct ixp_data *) kmalloc(sizeof(struct ixp_data), + SLAB_ATOMIC); + if (ixp_sessions[i] == NULL) { + ixp_freesession(NULL, i); + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + return ENOBUFS; + } + + *sid = i; + + ixp = ixp_sessions[i]; + memset(ixp, 0, sizeof(*ixp)); + + ixp->ixp_cipher_alg = -1; + ixp->ixp_auth_alg = -1; + ixp->ixp_ctx_id = -1; + INIT_LIST_HEAD(&ixp->ixp_q); + + ixp->ixp_ctx.useDifferentSrcAndDestMbufs = 0; + + while (cri) { + switch (cri->cri_alg) { + case CRYPTO_DES_CBC: + ixp->ixp_cipher_alg = cri->cri_alg; + ixp->ixp_ctx.cipherCtx.cipherAlgo = IX_CRYPTO_ACC_CIPHER_DES; + ixp->ixp_ctx.cipherCtx.cipherMode = IX_CRYPTO_ACC_MODE_CBC; + ixp->ixp_ctx.cipherCtx.cipherKeyLen = (cri->cri_klen + 7) / 8; + ixp->ixp_ctx.cipherCtx.cipherBlockLen = IX_CRYPTO_ACC_DES_BLOCK_64; + ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen = + IX_CRYPTO_ACC_DES_IV_64; + memcpy(ixp->ixp_ctx.cipherCtx.key.cipherKey, + cri->cri_key, (cri->cri_klen + 7) / 8); + break; + + case CRYPTO_3DES_CBC: + ixp->ixp_cipher_alg = cri->cri_alg; + ixp->ixp_ctx.cipherCtx.cipherAlgo = IX_CRYPTO_ACC_CIPHER_3DES; + ixp->ixp_ctx.cipherCtx.cipherMode = IX_CRYPTO_ACC_MODE_CBC; + ixp->ixp_ctx.cipherCtx.cipherKeyLen = (cri->cri_klen + 7) / 8; + ixp->ixp_ctx.cipherCtx.cipherBlockLen = IX_CRYPTO_ACC_DES_BLOCK_64; + ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen = + IX_CRYPTO_ACC_DES_IV_64; + memcpy(ixp->ixp_ctx.cipherCtx.key.cipherKey, + cri->cri_key, (cri->cri_klen + 7) / 8); + break; + + case CRYPTO_RIJNDAEL128_CBC: + ixp->ixp_cipher_alg = cri->cri_alg; + ixp->ixp_ctx.cipherCtx.cipherAlgo = IX_CRYPTO_ACC_CIPHER_AES; + ixp->ixp_ctx.cipherCtx.cipherMode = IX_CRYPTO_ACC_MODE_CBC; + ixp->ixp_ctx.cipherCtx.cipherKeyLen = (cri->cri_klen + 7) / 8; + ixp->ixp_ctx.cipherCtx.cipherBlockLen = 16; + ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen = 16; + memcpy(ixp->ixp_ctx.cipherCtx.key.cipherKey, + cri->cri_key, (cri->cri_klen + 7) / 8); + break; + + case CRYPTO_MD5: + case CRYPTO_MD5_HMAC: + ixp->ixp_auth_alg = cri->cri_alg; + ixp->ixp_ctx.authCtx.authAlgo = IX_CRYPTO_ACC_AUTH_MD5; + ixp->ixp_ctx.authCtx.authDigestLen = AUTH_LEN(cri, MD5_HASH_LEN); + ixp->ixp_ctx.authCtx.aadLen = 0; + /* Only MD5_HMAC needs a key */ + if (cri->cri_alg == CRYPTO_MD5_HMAC) { + ixp->ixp_ctx.authCtx.authKeyLen = (cri->cri_klen + 7) / 8; + if (ixp->ixp_ctx.authCtx.authKeyLen > + sizeof(ixp->ixp_ctx.authCtx.key.authKey)) { + printk( + "ixp4xx: Invalid key length for MD5_HMAC - %d bits\n", + cri->cri_klen); + ixp_freesession(NULL, i); + return EINVAL; + } + memcpy(ixp->ixp_ctx.authCtx.key.authKey, + cri->cri_key, (cri->cri_klen + 7) / 8); + } + break; + + case CRYPTO_SHA1: + case CRYPTO_SHA1_HMAC: + ixp->ixp_auth_alg = cri->cri_alg; + ixp->ixp_ctx.authCtx.authAlgo = IX_CRYPTO_ACC_AUTH_SHA1; + ixp->ixp_ctx.authCtx.authDigestLen = AUTH_LEN(cri, SHA1_HASH_LEN); + ixp->ixp_ctx.authCtx.aadLen = 0; + /* Only SHA1_HMAC needs a key */ + if (cri->cri_alg == CRYPTO_SHA1_HMAC) { + ixp->ixp_ctx.authCtx.authKeyLen = (cri->cri_klen + 7) / 8; + if (ixp->ixp_ctx.authCtx.authKeyLen > + sizeof(ixp->ixp_ctx.authCtx.key.authKey)) { + printk( + "ixp4xx: Invalid key length for SHA1_HMAC - %d bits\n", + cri->cri_klen); + ixp_freesession(NULL, i); + return EINVAL; + } + memcpy(ixp->ixp_ctx.authCtx.key.authKey, + cri->cri_key, (cri->cri_klen + 7) / 8); + } + break; + + default: + printk("ixp: unknown algo 0x%x\n", cri->cri_alg); + ixp_freesession(NULL, i); + return EINVAL; + } + cri = cri->cri_next; + } + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) + INIT_WORK(&ixp->ixp_pending_work, ixp_process_pending_wq); + INIT_WORK(&ixp->ixp_registration_work, ixp_registration_wq); +#else + INIT_WORK(&ixp->ixp_pending_work, ixp_process_pending, ixp); + INIT_WORK(&ixp->ixp_registration_work, ixp_registration, ixp); +#endif + + return 0; +} + + +/* + * Free a session. + */ +static int +ixp_freesession(device_t dev, u_int64_t tid) +{ + u_int32_t sid = CRYPTO_SESID2LID(tid); + + dprintk("%s()\n", __FUNCTION__); + if (sid > ixp_sesnum || ixp_sessions == NULL || + ixp_sessions[sid] == NULL) { + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + return EINVAL; + } + + /* Silently accept and return */ + if (sid == 0) + return 0; + + if (ixp_sessions[sid]) { + if (ixp_sessions[sid]->ixp_ctx_id != -1) { + ixCryptoAccCtxUnregister(ixp_sessions[sid]->ixp_ctx_id); + ixp_sessions[sid]->ixp_ctx_id = -1; + } + kfree(ixp_sessions[sid]); + } + ixp_sessions[sid] = NULL; + if (ixp_blocked) { + ixp_blocked = 0; + crypto_unblock(ixp_id, CRYPTO_SYMQ); + } + return 0; +} + + +/* + * callback for when hash processing is complete + */ + +static void +ixp_hash_perform_cb( + UINT32 hash_key_id, + IX_MBUF *bufp, + IxCryptoAccStatus status) +{ + struct ixp_q *q; + + dprintk("%s(%u, %p, 0x%x)\n", __FUNCTION__, hash_key_id, bufp, status); + + if (bufp == NULL) { + printk("ixp: NULL buf in %s\n", __FUNCTION__); + return; + } + + q = IX_MBUF_PRIV(bufp); + if (q == NULL) { + printk("ixp: NULL priv in %s\n", __FUNCTION__); + return; + } + + if (status == IX_CRYPTO_ACC_STATUS_SUCCESS) { + /* On success, need to copy hash back into original client buffer */ + memcpy(q->ixp_hash_dest, q->ixp_hash_src, + (q->ixp_q_data->ixp_auth_alg == CRYPTO_SHA1) ? + SHA1_HASH_LEN : MD5_HASH_LEN); + } + else { + printk("ixp: hash perform failed status=%d\n", status); + q->ixp_q_crp->crp_etype = EINVAL; + } + + /* Free internal buffer used for hashing */ + kfree(IX_MBUF_MDATA(&q->ixp_q_mbuf)); + + crypto_done(q->ixp_q_crp); + kmem_cache_free(qcache, q); +} + +/* + * setup a request and perform it + */ +static void +ixp_q_process(struct ixp_q *q) +{ + IxCryptoAccStatus status; + struct ixp_data *ixp = q->ixp_q_data; + int auth_off = 0; + int auth_len = 0; + int crypt_off = 0; + int crypt_len = 0; + int icv_off = 0; + char *crypt_func; + + dprintk("%s(%p)\n", __FUNCTION__, q); + + if (q->ixp_q_ccrd) { + if (q->ixp_q_ccrd->crd_flags & CRD_F_ENCRYPT) { + if (q->ixp_q_ccrd->crd_flags & CRD_F_IV_EXPLICIT) { + q->ixp_q_iv = q->ixp_q_ccrd->crd_iv; + } else { + q->ixp_q_iv = q->ixp_q_iv_data; + read_random(q->ixp_q_iv, ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen); + } + if ((q->ixp_q_ccrd->crd_flags & CRD_F_IV_PRESENT) == 0) + crypto_copyback(q->ixp_q_crp->crp_flags, q->ixp_q_crp->crp_buf, + q->ixp_q_ccrd->crd_inject, + ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen, + (caddr_t) q->ixp_q_iv); + } else { + if (q->ixp_q_ccrd->crd_flags & CRD_F_IV_EXPLICIT) + q->ixp_q_iv = q->ixp_q_ccrd->crd_iv; + else { + q->ixp_q_iv = q->ixp_q_iv_data; + crypto_copydata(q->ixp_q_crp->crp_flags, q->ixp_q_crp->crp_buf, + q->ixp_q_ccrd->crd_inject, + ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen, + (caddr_t) q->ixp_q_iv); + } + } + + if (q->ixp_q_acrd) { + auth_off = q->ixp_q_acrd->crd_skip; + auth_len = q->ixp_q_acrd->crd_len; + icv_off = q->ixp_q_acrd->crd_inject; + } + + crypt_off = q->ixp_q_ccrd->crd_skip; + crypt_len = q->ixp_q_ccrd->crd_len; + } else { /* if (q->ixp_q_acrd) */ + auth_off = q->ixp_q_acrd->crd_skip; + auth_len = q->ixp_q_acrd->crd_len; + icv_off = q->ixp_q_acrd->crd_inject; + } + + if (q->ixp_q_crp->crp_flags & CRYPTO_F_SKBUF) { + struct sk_buff *skb = (struct sk_buff *) q->ixp_q_crp->crp_buf; + if (skb_shinfo(skb)->nr_frags) { + /* + * DAVIDM fix this limitation one day by using + * a buffer pool and chaining, it is not currently + * needed for current user/kernel space acceleration + */ + printk("ixp: Cannot handle fragmented skb's yet !\n"); + q->ixp_q_crp->crp_etype = ENOENT; + goto done; + } + IX_MBUF_MLEN(&q->ixp_q_mbuf) = + IX_MBUF_PKT_LEN(&q->ixp_q_mbuf) = skb->len; + IX_MBUF_MDATA(&q->ixp_q_mbuf) = skb->data; + } else if (q->ixp_q_crp->crp_flags & CRYPTO_F_IOV) { + struct uio *uiop = (struct uio *) q->ixp_q_crp->crp_buf; + if (uiop->uio_iovcnt != 1) { + /* + * DAVIDM fix this limitation one day by using + * a buffer pool and chaining, it is not currently + * needed for current user/kernel space acceleration + */ + printk("ixp: Cannot handle more than 1 iovec yet !\n"); + q->ixp_q_crp->crp_etype = ENOENT; + goto done; + } + IX_MBUF_MLEN(&q->ixp_q_mbuf) = + IX_MBUF_PKT_LEN(&q->ixp_q_mbuf) = uiop->uio_iov[0].iov_len; + IX_MBUF_MDATA(&q->ixp_q_mbuf) = uiop->uio_iov[0].iov_base; + } else /* contig buffer */ { + IX_MBUF_MLEN(&q->ixp_q_mbuf) = + IX_MBUF_PKT_LEN(&q->ixp_q_mbuf) = q->ixp_q_crp->crp_ilen; + IX_MBUF_MDATA(&q->ixp_q_mbuf) = q->ixp_q_crp->crp_buf; + } + + IX_MBUF_PRIV(&q->ixp_q_mbuf) = q; + + if (ixp->ixp_auth_alg == CRYPTO_SHA1 || ixp->ixp_auth_alg == CRYPTO_MD5) { + /* + * For SHA1 and MD5 hash, need to create an internal buffer that is big + * enough to hold the original data + the appropriate padding for the + * hash algorithm. + */ + UINT8 *tbuf = NULL; + + IX_MBUF_MLEN(&q->ixp_q_mbuf) = IX_MBUF_PKT_LEN(&q->ixp_q_mbuf) = + ((IX_MBUF_MLEN(&q->ixp_q_mbuf) * 8) + 72 + 511) / 8; + tbuf = kmalloc(IX_MBUF_MLEN(&q->ixp_q_mbuf), SLAB_ATOMIC); + + if (IX_MBUF_MDATA(&q->ixp_q_mbuf) == NULL) { + printk("ixp: kmalloc(%u, SLAB_ATOMIC) failed\n", + IX_MBUF_MLEN(&q->ixp_q_mbuf)); + q->ixp_q_crp->crp_etype = ENOMEM; + goto done; + } + memcpy(tbuf, &(IX_MBUF_MDATA(&q->ixp_q_mbuf))[auth_off], auth_len); + + /* Set location in client buffer to copy hash into */ + q->ixp_hash_dest = + &(IX_MBUF_MDATA(&q->ixp_q_mbuf))[auth_off + auth_len]; + + IX_MBUF_MDATA(&q->ixp_q_mbuf) = tbuf; + + /* Set location in internal buffer for where hash starts */ + q->ixp_hash_src = &(IX_MBUF_MDATA(&q->ixp_q_mbuf))[auth_len]; + + crypt_func = "ixCryptoAccHashPerform"; + status = ixCryptoAccHashPerform(ixp->ixp_ctx.authCtx.authAlgo, + &q->ixp_q_mbuf, ixp_hash_perform_cb, 0, auth_len, auth_len, + &ixp->ixp_hash_key_id); + } + else { + crypt_func = "ixCryptoAccAuthCryptPerform"; + status = ixCryptoAccAuthCryptPerform(ixp->ixp_ctx_id, &q->ixp_q_mbuf, + NULL, auth_off, auth_len, crypt_off, crypt_len, icv_off, + q->ixp_q_iv); + } + + if (IX_CRYPTO_ACC_STATUS_SUCCESS == status) + return; + + if (IX_CRYPTO_ACC_STATUS_QUEUE_FULL == status) { + q->ixp_q_crp->crp_etype = ENOMEM; + goto done; + } + + printk("ixp: %s failed %u\n", crypt_func, status); + q->ixp_q_crp->crp_etype = EINVAL; + +done: + crypto_done(q->ixp_q_crp); + kmem_cache_free(qcache, q); +} + + +/* + * because we cannot process the Q from the Register callback + * we do it here on a task Q. + */ + +static void +ixp_process_pending(void *arg) +{ + struct ixp_data *ixp = arg; + struct ixp_q *q = NULL; + + dprintk("%s(%p)\n", __FUNCTION__, arg); + + if (!ixp) + return; + + while (!list_empty(&ixp->ixp_q)) { + q = list_entry(ixp->ixp_q.next, struct ixp_q, ixp_q_list); + list_del(&q->ixp_q_list); + ixp_q_process(q); + } +} + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) +static void +ixp_process_pending_wq(struct work_struct *work) +{ + struct ixp_data *ixp = container_of(work, struct ixp_data, ixp_pending_work); + ixp_process_pending(ixp); +} +#endif + +/* + * callback for when context registration is complete + */ + +static void +ixp_register_cb(UINT32 ctx_id, IX_MBUF *bufp, IxCryptoAccStatus status) +{ + int i; + struct ixp_data *ixp; + struct ixp_q *q; + + dprintk("%s(%d, %p, %d)\n", __FUNCTION__, ctx_id, bufp, status); + + /* + * free any buffer passed in to this routine + */ + if (bufp) { + IX_MBUF_MLEN(bufp) = IX_MBUF_PKT_LEN(bufp) = 0; + kfree(IX_MBUF_MDATA(bufp)); + IX_MBUF_MDATA(bufp) = NULL; + } + + for (i = 0; i < ixp_sesnum; i++) { + ixp = ixp_sessions[i]; + if (ixp && ixp->ixp_ctx_id == ctx_id) + break; + } + if (i >= ixp_sesnum) { + printk("ixp: invalid context id %d\n", ctx_id); + return; + } + + if (IX_CRYPTO_ACC_STATUS_WAIT == status) { + /* this is normal to free the first of two buffers */ + dprintk("ixp: register not finished yet.\n"); + return; + } + + if (IX_CRYPTO_ACC_STATUS_SUCCESS != status) { + printk("ixp: register failed 0x%x\n", status); + while (!list_empty(&ixp->ixp_q)) { + q = list_entry(ixp->ixp_q.next, struct ixp_q, ixp_q_list); + list_del(&q->ixp_q_list); + q->ixp_q_crp->crp_etype = EINVAL; + crypto_done(q->ixp_q_crp); + kmem_cache_free(qcache, q); + } + return; + } + + /* + * we are now registered, we cannot start processing the Q here + * or we get strange errors with AES (DES/3DES seem to be ok). + */ + ixp->ixp_registered = 1; + schedule_work(&ixp->ixp_pending_work); +} + + +/* + * callback for when data processing is complete + */ + +static void +ixp_perform_cb( + UINT32 ctx_id, + IX_MBUF *sbufp, + IX_MBUF *dbufp, + IxCryptoAccStatus status) +{ + struct ixp_q *q; + + dprintk("%s(%d, %p, %p, 0x%x)\n", __FUNCTION__, ctx_id, sbufp, + dbufp, status); + + if (sbufp == NULL) { + printk("ixp: NULL sbuf in ixp_perform_cb\n"); + return; + } + + q = IX_MBUF_PRIV(sbufp); + if (q == NULL) { + printk("ixp: NULL priv in ixp_perform_cb\n"); + return; + } + + if (status != IX_CRYPTO_ACC_STATUS_SUCCESS) { + printk("ixp: perform failed status=%d\n", status); + q->ixp_q_crp->crp_etype = EINVAL; + } + + crypto_done(q->ixp_q_crp); + kmem_cache_free(qcache, q); +} + + +/* + * registration is not callable at IRQ time, so we defer + * to a task queue, this routines completes the registration for us + * when the task queue runs + * + * Unfortunately this means we cannot tell OCF that the driver is blocked, + * we do that on the next request. + */ + +static void +ixp_registration(void *arg) +{ + struct ixp_data *ixp = arg; + struct ixp_q *q = NULL; + IX_MBUF *pri = NULL, *sec = NULL; + int status = IX_CRYPTO_ACC_STATUS_SUCCESS; + + if (!ixp) { + printk("ixp: ixp_registration with no arg\n"); + return; + } + + if (ixp->ixp_ctx_id != -1) { + ixCryptoAccCtxUnregister(ixp->ixp_ctx_id); + ixp->ixp_ctx_id = -1; + } + + if (list_empty(&ixp->ixp_q)) { + printk("ixp: ixp_registration with no Q\n"); + return; + } + + /* + * setup the primary and secondary buffers + */ + q = list_entry(ixp->ixp_q.next, struct ixp_q, ixp_q_list); + if (q->ixp_q_acrd) { + pri = &ixp->ixp_pri_mbuf; + sec = &ixp->ixp_sec_mbuf; + IX_MBUF_MLEN(pri) = IX_MBUF_PKT_LEN(pri) = 128; + IX_MBUF_MDATA(pri) = (unsigned char *) kmalloc(128, SLAB_ATOMIC); + IX_MBUF_MLEN(sec) = IX_MBUF_PKT_LEN(sec) = 128; + IX_MBUF_MDATA(sec) = (unsigned char *) kmalloc(128, SLAB_ATOMIC); + } + + /* Only need to register if a crypt op or HMAC op */ + if (!(ixp->ixp_auth_alg == CRYPTO_SHA1 || + ixp->ixp_auth_alg == CRYPTO_MD5)) { + status = ixCryptoAccCtxRegister( + &ixp->ixp_ctx, + pri, sec, + ixp_register_cb, + ixp_perform_cb, + &ixp->ixp_ctx_id); + } + else { + /* Otherwise we start processing pending q */ + schedule_work(&ixp->ixp_pending_work); + } + + if (IX_CRYPTO_ACC_STATUS_SUCCESS == status) + return; + + if (IX_CRYPTO_ACC_STATUS_EXCEED_MAX_TUNNELS == status) { + printk("ixp: ixCryptoAccCtxRegister failed (out of tunnels)\n"); + ixp_blocked = 1; + /* perhaps we should return EGAIN on queued ops ? */ + return; + } + + printk("ixp: ixCryptoAccCtxRegister failed %d\n", status); + ixp->ixp_ctx_id = -1; + + /* + * everything waiting is toasted + */ + while (!list_empty(&ixp->ixp_q)) { + q = list_entry(ixp->ixp_q.next, struct ixp_q, ixp_q_list); + list_del(&q->ixp_q_list); + q->ixp_q_crp->crp_etype = ENOENT; + crypto_done(q->ixp_q_crp); + kmem_cache_free(qcache, q); + } +} + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) +static void +ixp_registration_wq(struct work_struct *work) +{ + struct ixp_data *ixp = container_of(work, struct ixp_data, + ixp_registration_work); + ixp_registration(ixp); +} +#endif + +/* + * Process a request. + */ +static int +ixp_process(device_t dev, struct cryptop *crp, int hint) +{ + struct ixp_data *ixp; + unsigned int lid; + struct ixp_q *q = NULL; + int status; + + dprintk("%s()\n", __FUNCTION__); + + /* Sanity check */ + if (crp == NULL) { + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + return EINVAL; + } + + crp->crp_etype = 0; + + if (ixp_blocked) + return ERESTART; + + if (crp->crp_desc == NULL || crp->crp_buf == NULL) { + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + crp->crp_etype = EINVAL; + goto done; + } + + /* + * find the session we are using + */ + + lid = crp->crp_sid & 0xffffffff; + if (lid >= ixp_sesnum || lid == 0 || ixp_sessions == NULL || + ixp_sessions[lid] == NULL) { + crp->crp_etype = ENOENT; + dprintk("%s,%d: ENOENT\n", __FILE__, __LINE__); + goto done; + } + ixp = ixp_sessions[lid]; + + /* + * setup a new request ready for queuing + */ + q = kmem_cache_alloc(qcache, SLAB_ATOMIC); + if (q == NULL) { + dprintk("%s,%d: ENOMEM\n", __FILE__, __LINE__); + crp->crp_etype = ENOMEM; + goto done; + } + /* + * save some cycles by only zeroing the important bits + */ + memset(&q->ixp_q_mbuf, 0, sizeof(q->ixp_q_mbuf)); + q->ixp_q_ccrd = NULL; + q->ixp_q_acrd = NULL; + q->ixp_q_crp = crp; + q->ixp_q_data = ixp; + + /* + * point the cipher and auth descriptors appropriately + * check that we have something to do + */ + if (crp->crp_desc->crd_alg == ixp->ixp_cipher_alg) + q->ixp_q_ccrd = crp->crp_desc; + else if (crp->crp_desc->crd_alg == ixp->ixp_auth_alg) + q->ixp_q_acrd = crp->crp_desc; + else { + crp->crp_etype = ENOENT; + dprintk("%s,%d: bad desc match: ENOENT\n", __FILE__, __LINE__); + goto done; + } + if (crp->crp_desc->crd_next) { + if (crp->crp_desc->crd_next->crd_alg == ixp->ixp_cipher_alg) + q->ixp_q_ccrd = crp->crp_desc->crd_next; + else if (crp->crp_desc->crd_next->crd_alg == ixp->ixp_auth_alg) + q->ixp_q_acrd = crp->crp_desc->crd_next; + else { + crp->crp_etype = ENOENT; + dprintk("%s,%d: bad desc match: ENOENT\n", __FILE__, __LINE__); + goto done; + } + } + + /* + * If there is a direction change for this context then we mark it as + * unregistered and re-register is for the new direction. This is not + * a very expensive operation and currently only tends to happen when + * user-space application are doing benchmarks + * + * DM - we should be checking for pending requests before unregistering. + */ + if (q->ixp_q_ccrd && ixp->ixp_registered && + ixp->ixp_crd_flags != (q->ixp_q_ccrd->crd_flags & CRD_F_ENCRYPT)) { + dprintk("%s - detected direction change on session\n", __FUNCTION__); + ixp->ixp_registered = 0; + } + + /* + * if we are registered, call straight into the perform code + */ + if (ixp->ixp_registered) { + ixp_q_process(q); + return 0; + } + + /* + * the only part of the context not set in newsession is the direction + * dependent parts + */ + if (q->ixp_q_ccrd) { + ixp->ixp_crd_flags = (q->ixp_q_ccrd->crd_flags & CRD_F_ENCRYPT); + if (q->ixp_q_ccrd->crd_flags & CRD_F_ENCRYPT) { + ixp->ixp_ctx.operation = q->ixp_q_acrd ? + IX_CRYPTO_ACC_OP_ENCRYPT_AUTH : IX_CRYPTO_ACC_OP_ENCRYPT; + } else { + ixp->ixp_ctx.operation = q->ixp_q_acrd ? + IX_CRYPTO_ACC_OP_AUTH_DECRYPT : IX_CRYPTO_ACC_OP_DECRYPT; + } + } else { + /* q->ixp_q_acrd must be set if we are here */ + ixp->ixp_ctx.operation = IX_CRYPTO_ACC_OP_AUTH_CALC; + } + + status = list_empty(&ixp->ixp_q); + list_add_tail(&q->ixp_q_list, &ixp->ixp_q); + if (status) + schedule_work(&ixp->ixp_registration_work); + return 0; + +done: + if (q) + kmem_cache_free(qcache, q); + crypto_done(crp); + return 0; +} + + +#ifdef __ixp46X +/* + * key processing support for the ixp465 + */ + + +/* + * copy a BN (LE) into a buffer (BE) an fill out the op appropriately + * assume zeroed and only copy bits that are significant + */ + +static int +ixp_copy_ibuf(struct crparam *p, IxCryptoAccPkeEauOperand *op, UINT32 *buf) +{ + unsigned char *src = (unsigned char *) p->crp_p; + unsigned char *dst; + int len, bits = p->crp_nbits; + + dprintk("%s()\n", __FUNCTION__); + + if (bits > MAX_IOP_SIZE * sizeof(UINT32) * 8) { + dprintk("%s - ibuf too big (%d > %d)\n", __FUNCTION__, + bits, MAX_IOP_SIZE * sizeof(UINT32) * 8); + return -1; + } + + len = (bits + 31) / 32; /* the number UINT32's needed */ + + dst = (unsigned char *) &buf[len]; + dst--; + + while (bits > 0) { + *dst-- = *src++; + bits -= 8; + } + +#if 0 /* no need to zero remaining bits as it is done during request alloc */ + while (dst > (unsigned char *) buf) + *dst-- = '\0'; +#endif + + op->pData = buf; + op->dataLen = len; + return 0; +} + +/* + * copy out the result, be as forgiving as we can about small output buffers + */ + +static int +ixp_copy_obuf(struct crparam *p, IxCryptoAccPkeEauOpResult *op, UINT32 *buf) +{ + unsigned char *dst = (unsigned char *) p->crp_p; + unsigned char *src = (unsigned char *) buf; + int len, z, bits = p->crp_nbits; + + dprintk("%s()\n", __FUNCTION__); + + len = op->dataLen * sizeof(UINT32); + + /* skip leading zeroes to be small buffer friendly */ + z = 0; + while (z < len && src[z] == '\0') + z++; + + src += len; + src--; + len -= z; + + while (len > 0 && bits > 0) { + *dst++ = *src--; + len--; + bits -= 8; + } + + while (bits > 0) { + *dst++ = '\0'; + bits -= 8; + } + + if (len > 0) { + dprintk("%s - obuf is %d (z=%d, ob=%d) bytes too small\n", + __FUNCTION__, len, z, p->crp_nbits / 8); + return -1; + } + + return 0; +} + + +/* + * the parameter offsets for exp_mod + */ + +#define IXP_PARAM_BASE 0 +#define IXP_PARAM_EXP 1 +#define IXP_PARAM_MOD 2 +#define IXP_PARAM_RES 3 + +/* + * key processing complete callback, is also used to start processing + * by passing a NULL for pResult + */ + +static void +ixp_kperform_cb( + IxCryptoAccPkeEauOperation operation, + IxCryptoAccPkeEauOpResult *pResult, + BOOL carryOrBorrow, + IxCryptoAccStatus status) +{ + struct ixp_pkq *q, *tmp; + unsigned long flags; + + dprintk("%s(0x%x, %p, %d, 0x%x)\n", __FUNCTION__, operation, pResult, + carryOrBorrow, status); + + /* handle a completed request */ + if (pResult) { + if (ixp_pk_cur && &ixp_pk_cur->pkq_result == pResult) { + q = ixp_pk_cur; + if (status != IX_CRYPTO_ACC_STATUS_SUCCESS) { + dprintk("%s() - op failed 0x%x\n", __FUNCTION__, status); + q->pkq_krp->krp_status = ERANGE; /* could do better */ + } else { + /* copy out the result */ + if (ixp_copy_obuf(&q->pkq_krp->krp_param[IXP_PARAM_RES], + &q->pkq_result, q->pkq_obuf)) + q->pkq_krp->krp_status = ERANGE; + } + crypto_kdone(q->pkq_krp); + kfree(q); + ixp_pk_cur = NULL; + } else + printk("%s - callback with invalid result pointer\n", __FUNCTION__); + } + + spin_lock_irqsave(&ixp_pkq_lock, flags); + if (ixp_pk_cur || list_empty(&ixp_pkq)) { + spin_unlock_irqrestore(&ixp_pkq_lock, flags); + return; + } + + list_for_each_entry_safe(q, tmp, &ixp_pkq, pkq_list) { + + list_del(&q->pkq_list); + ixp_pk_cur = q; + + spin_unlock_irqrestore(&ixp_pkq_lock, flags); + + status = ixCryptoAccPkeEauPerform( + IX_CRYPTO_ACC_OP_EAU_MOD_EXP, + &q->pkq_op, + ixp_kperform_cb, + &q->pkq_result); + + if (status == IX_CRYPTO_ACC_STATUS_SUCCESS) { + dprintk("%s() - ixCryptoAccPkeEauPerform SUCCESS\n", __FUNCTION__); + return; /* callback will return here for callback */ + } else if (status == IX_CRYPTO_ACC_STATUS_RETRY) { + printk("%s() - ixCryptoAccPkeEauPerform RETRY\n", __FUNCTION__); + } else { + printk("%s() - ixCryptoAccPkeEauPerform failed %d\n", + __FUNCTION__, status); + } + q->pkq_krp->krp_status = ERANGE; /* could do better */ + crypto_kdone(q->pkq_krp); + kfree(q); + spin_lock_irqsave(&ixp_pkq_lock, flags); + } + spin_unlock_irqrestore(&ixp_pkq_lock, flags); +} + + +static int +ixp_kprocess(device_t dev, struct cryptkop *krp, int hint) +{ + struct ixp_pkq *q; + int rc = 0; + unsigned long flags; + + dprintk("%s l1=%d l2=%d l3=%d l4=%d\n", __FUNCTION__, + krp->krp_param[IXP_PARAM_BASE].crp_nbits, + krp->krp_param[IXP_PARAM_EXP].crp_nbits, + krp->krp_param[IXP_PARAM_MOD].crp_nbits, + krp->krp_param[IXP_PARAM_RES].crp_nbits); + + + if (krp->krp_op != CRK_MOD_EXP) { + krp->krp_status = EOPNOTSUPP; + goto err; + } + + q = (struct ixp_pkq *) kmalloc(sizeof(*q), GFP_KERNEL); + if (q == NULL) { + krp->krp_status = ENOMEM; + goto err; + } + + /* + * The PKE engine does not appear to zero the output buffer + * appropriately, so we need to do it all here. + */ + memset(q, 0, sizeof(*q)); + + q->pkq_krp = krp; + INIT_LIST_HEAD(&q->pkq_list); + + if (ixp_copy_ibuf(&krp->krp_param[IXP_PARAM_BASE], &q->pkq_op.modExpOpr.M, + q->pkq_ibuf0)) + rc = 1; + if (!rc && ixp_copy_ibuf(&krp->krp_param[IXP_PARAM_EXP], + &q->pkq_op.modExpOpr.e, q->pkq_ibuf1)) + rc = 2; + if (!rc && ixp_copy_ibuf(&krp->krp_param[IXP_PARAM_MOD], + &q->pkq_op.modExpOpr.N, q->pkq_ibuf2)) + rc = 3; + + if (rc) { + kfree(q); + krp->krp_status = ERANGE; + goto err; + } + + q->pkq_result.pData = q->pkq_obuf; + q->pkq_result.dataLen = + (krp->krp_param[IXP_PARAM_RES].crp_nbits + 31) / 32; + + spin_lock_irqsave(&ixp_pkq_lock, flags); + list_add_tail(&q->pkq_list, &ixp_pkq); + spin_unlock_irqrestore(&ixp_pkq_lock, flags); + + if (!ixp_pk_cur) + ixp_kperform_cb(0, NULL, 0, 0); + return (0); + +err: + crypto_kdone(krp); + return (0); +} + + + +#ifdef CONFIG_OCF_RANDOMHARVEST +/* + * We run the random number generator output through SHA so that it + * is FIPS compliant. + */ + +static volatile int sha_done = 0; +static unsigned char sha_digest[20]; + +static void +ixp_hash_cb(UINT8 *digest, IxCryptoAccStatus status) +{ + dprintk("%s(%p, %d)\n", __FUNCTION__, digest, status); + if (sha_digest != digest) + printk("digest error\n"); + if (IX_CRYPTO_ACC_STATUS_SUCCESS == status) + sha_done = 1; + else + sha_done = -status; +} + +static int +ixp_read_random(void *arg, u_int32_t *buf, int maxwords) +{ + IxCryptoAccStatus status; + int i, n, rc; + + dprintk("%s(%p, %d)\n", __FUNCTION__, buf, maxwords); + memset(buf, 0, maxwords * sizeof(*buf)); + status = ixCryptoAccPkePseudoRandomNumberGet(maxwords, buf); + if (status != IX_CRYPTO_ACC_STATUS_SUCCESS) { + dprintk("%s: ixCryptoAccPkePseudoRandomNumberGet failed %d\n", + __FUNCTION__, status); + return 0; + } + + /* + * run the random data through SHA to make it look more random + */ + + n = sizeof(sha_digest); /* process digest bytes at a time */ + + rc = 0; + for (i = 0; i < maxwords; i += n / sizeof(*buf)) { + if ((maxwords - i) * sizeof(*buf) < n) + n = (maxwords - i) * sizeof(*buf); + sha_done = 0; + status = ixCryptoAccPkeHashPerform(IX_CRYPTO_ACC_AUTH_SHA1, + (UINT8 *) &buf[i], n, ixp_hash_cb, sha_digest); + if (status != IX_CRYPTO_ACC_STATUS_SUCCESS) { + dprintk("ixCryptoAccPkeHashPerform failed %d\n", status); + return -EIO; + } + while (!sha_done) + schedule(); + if (sha_done < 0) { + dprintk("ixCryptoAccPkeHashPerform failed CB %d\n", -sha_done); + return 0; + } + memcpy(&buf[i], sha_digest, n); + rc += n / sizeof(*buf);; + } + + return rc; +} +#endif /* CONFIG_OCF_RANDOMHARVEST */ + +#endif /* __ixp46X */ + + + +/* + * our driver startup and shutdown routines + */ + +static int +ixp_init(void) +{ + dprintk("%s(%p)\n", __FUNCTION__, ixp_init); + + if (ixp_init_crypto && ixCryptoAccInit() != IX_CRYPTO_ACC_STATUS_SUCCESS) + printk("ixCryptoAccInit failed, assuming already initialised!\n"); + + qcache = kmem_cache_create("ixp4xx_q", sizeof(struct ixp_q), 0, + SLAB_HWCACHE_ALIGN, NULL +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) + , NULL +#endif + ); + if (!qcache) { + printk("failed to create Qcache\n"); + return -ENOENT; + } + + memset(&ixpdev, 0, sizeof(ixpdev)); + softc_device_init(&ixpdev, "ixp4xx", 0, ixp_methods); + + ixp_id = crypto_get_driverid(softc_get_device(&ixpdev), + CRYPTOCAP_F_HARDWARE); + if (ixp_id < 0) + panic("IXP/OCF crypto device cannot initialize!"); + +#define REGISTER(alg) \ + crypto_register(ixp_id,alg,0,0) + + REGISTER(CRYPTO_DES_CBC); + REGISTER(CRYPTO_3DES_CBC); + REGISTER(CRYPTO_RIJNDAEL128_CBC); +#ifdef CONFIG_OCF_IXP4XX_SHA1_MD5 + REGISTER(CRYPTO_MD5); + REGISTER(CRYPTO_SHA1); +#endif + REGISTER(CRYPTO_MD5_HMAC); + REGISTER(CRYPTO_SHA1_HMAC); +#undef REGISTER + +#ifdef __ixp46X + spin_lock_init(&ixp_pkq_lock); + /* + * we do not enable the go fast options here as they can potentially + * allow timing based attacks + * + * http://www.openssl.org/news/secadv_20030219.txt + */ + ixCryptoAccPkeEauExpConfig(0, 0); + crypto_kregister(ixp_id, CRK_MOD_EXP, 0); +#ifdef CONFIG_OCF_RANDOMHARVEST + crypto_rregister(ixp_id, ixp_read_random, NULL); +#endif +#endif + + return 0; +} + +static void +ixp_exit(void) +{ + dprintk("%s()\n", __FUNCTION__); + crypto_unregister_all(ixp_id); + ixp_id = -1; + kmem_cache_destroy(qcache); + qcache = NULL; +} + +module_init(ixp_init); +module_exit(ixp_exit); + +MODULE_LICENSE("Dual BSD/GPL"); +MODULE_AUTHOR("David McCullough "); +MODULE_DESCRIPTION("ixp (OCF module for IXP4xx crypto)"); diff -Naur linux-3.0.68.i686-orig/crypto/ocf/ixp4xx/.#ixp4xx.c.1.46 linux-3.0.68.i686/crypto/ocf/ixp4xx/.#ixp4xx.c.1.46 --- linux-3.0.68.i686-orig/crypto/ocf/ixp4xx/.#ixp4xx.c.1.46 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/ixp4xx/.#ixp4xx.c.1.46 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,1323 @@ +/* + * An OCF module that uses Intels IXP CryptACC API to do the crypto. + * This driver requires the IXP400 Access Library that is available + * from Intel in order to operate (or compile). + * + * Written by David McCullough + * Copyright (C) 2006-2007 David McCullough + * Copyright (C) 2004-2005 Intel Corporation. + * + * LICENSE TERMS + * + * The free distribution and use of this software in both source and binary + * form is allowed (with or without changes) provided that: + * + * 1. distributions of this source code include the above copyright + * notice, this list of conditions and the following disclaimer; + * + * 2. distributions in binary form include the above copyright + * notice, this list of conditions and the following disclaimer + * in the documentation and/or other associated materials; + * + * 3. the copyright holder's name is not used to endorse products + * built using this software without specific written permission. + * + * ALTERNATIVELY, provided that this notice is retained in full, this product + * may be distributed under the terms of the GNU General Public License (GPL), + * in which case the provisions of the GPL apply INSTEAD OF those given above. + * + * DISCLAIMER + * + * This software is provided 'as is' with no explicit or implied warranties + * in respect of its properties, including, but not limited to, correctness + * and/or fitness for purpose. + */ + +#ifndef AUTOCONF_INCLUDED +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#ifndef IX_MBUF_PRIV +#define IX_MBUF_PRIV(x) ((x)->priv) +#endif + +struct ixp_data; + +struct ixp_q { + struct list_head ixp_q_list; + struct ixp_data *ixp_q_data; + struct cryptop *ixp_q_crp; + struct cryptodesc *ixp_q_ccrd; + struct cryptodesc *ixp_q_acrd; + IX_MBUF ixp_q_mbuf; + UINT8 *ixp_hash_dest; /* Location for hash in client buffer */ + UINT8 *ixp_hash_src; /* Location of hash in internal buffer */ + unsigned char ixp_q_iv_data[IX_CRYPTO_ACC_MAX_CIPHER_IV_LENGTH]; + unsigned char *ixp_q_iv; +}; + +struct ixp_data { + int ixp_registered; /* is the context registered */ + int ixp_crd_flags; /* detect direction changes */ + + int ixp_cipher_alg; + int ixp_auth_alg; + + UINT32 ixp_ctx_id; + UINT32 ixp_hash_key_id; /* used when hashing */ + IxCryptoAccCtx ixp_ctx; + IX_MBUF ixp_pri_mbuf; + IX_MBUF ixp_sec_mbuf; + + struct work_struct ixp_pending_work; + struct work_struct ixp_registration_work; + struct list_head ixp_q; /* unprocessed requests */ +}; + +#ifdef __ixp46X + +#define MAX_IOP_SIZE 64 /* words */ +#define MAX_OOP_SIZE 128 + +#define MAX_PARAMS 3 + +struct ixp_pkq { + struct list_head pkq_list; + struct cryptkop *pkq_krp; + + IxCryptoAccPkeEauInOperands pkq_op; + IxCryptoAccPkeEauOpResult pkq_result; + + UINT32 pkq_ibuf0[MAX_IOP_SIZE]; + UINT32 pkq_ibuf1[MAX_IOP_SIZE]; + UINT32 pkq_ibuf2[MAX_IOP_SIZE]; + UINT32 pkq_obuf[MAX_OOP_SIZE]; +}; + +static LIST_HEAD(ixp_pkq); /* current PK wait list */ +static struct ixp_pkq *ixp_pk_cur; +static spinlock_t ixp_pkq_lock; + +#endif /* __ixp46X */ + +static int ixp_blocked = 0; + +static int32_t ixp_id = -1; +static struct ixp_data **ixp_sessions = NULL; +static u_int32_t ixp_sesnum = 0; + +static int ixp_process(device_t, struct cryptop *, int); +static int ixp_newsession(device_t, u_int32_t *, struct cryptoini *); +static int ixp_freesession(device_t, u_int64_t); +#ifdef __ixp46X +static int ixp_kprocess(device_t, struct cryptkop *krp, int hint); +#endif + +static struct kmem_cache *qcache; + +#define debug ixp_debug +static int ixp_debug = 0; +module_param(ixp_debug, int, 0644); +MODULE_PARM_DESC(ixp_debug, "Enable debug"); + +static int ixp_init_crypto = 1; +module_param(ixp_init_crypto, int, 0444); /* RO after load/boot */ +MODULE_PARM_DESC(ixp_init_crypto, "Call ixCryptoAccInit (default is 1)"); + +static void ixp_process_pending(void *arg); +static void ixp_registration(void *arg); +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) +static void ixp_process_pending_wq(struct work_struct *work); +static void ixp_registration_wq(struct work_struct *work); +#endif + +/* + * dummy device structure + */ + +static struct { + softc_device_decl sc_dev; +} ixpdev; + +static device_method_t ixp_methods = { + /* crypto device methods */ + DEVMETHOD(cryptodev_newsession, ixp_newsession), + DEVMETHOD(cryptodev_freesession,ixp_freesession), + DEVMETHOD(cryptodev_process, ixp_process), +#ifdef __ixp46X + DEVMETHOD(cryptodev_kprocess, ixp_kprocess), +#endif +}; + +/* + * Generate a new software session. + */ +static int +ixp_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri) +{ + struct ixp_data *ixp; + u_int32_t i; +#define AUTH_LEN(cri, def) \ + (cri->cri_mlen ? cri->cri_mlen : (def)) + + dprintk("%s():alg %d\n", __FUNCTION__,cri->cri_alg); + if (sid == NULL || cri == NULL) { + dprintk("%s,%d - EINVAL\n", __FILE__, __LINE__); + return EINVAL; + } + + if (ixp_sessions) { + for (i = 1; i < ixp_sesnum; i++) + if (ixp_sessions[i] == NULL) + break; + } else + i = 1; /* NB: to silence compiler warning */ + + if (ixp_sessions == NULL || i == ixp_sesnum) { + struct ixp_data **ixpd; + + if (ixp_sessions == NULL) { + i = 1; /* We leave ixp_sessions[0] empty */ + ixp_sesnum = CRYPTO_SW_SESSIONS; + } else + ixp_sesnum *= 2; + + ixpd = kmalloc(ixp_sesnum * sizeof(struct ixp_data *), SLAB_ATOMIC); + if (ixpd == NULL) { + /* Reset session number */ + if (ixp_sesnum == CRYPTO_SW_SESSIONS) + ixp_sesnum = 0; + else + ixp_sesnum /= 2; + dprintk("%s,%d: ENOBUFS\n", __FILE__, __LINE__); + return ENOBUFS; + } + memset(ixpd, 0, ixp_sesnum * sizeof(struct ixp_data *)); + + /* Copy existing sessions */ + if (ixp_sessions) { + memcpy(ixpd, ixp_sessions, + (ixp_sesnum / 2) * sizeof(struct ixp_data *)); + kfree(ixp_sessions); + } + + ixp_sessions = ixpd; + } + + ixp_sessions[i] = (struct ixp_data *) kmalloc(sizeof(struct ixp_data), + SLAB_ATOMIC); + if (ixp_sessions[i] == NULL) { + ixp_freesession(NULL, i); + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + return ENOBUFS; + } + + *sid = i; + + ixp = ixp_sessions[i]; + memset(ixp, 0, sizeof(*ixp)); + + ixp->ixp_cipher_alg = -1; + ixp->ixp_auth_alg = -1; + ixp->ixp_ctx_id = -1; + INIT_LIST_HEAD(&ixp->ixp_q); + + ixp->ixp_ctx.useDifferentSrcAndDestMbufs = 0; + + while (cri) { + switch (cri->cri_alg) { + case CRYPTO_DES_CBC: + ixp->ixp_cipher_alg = cri->cri_alg; + ixp->ixp_ctx.cipherCtx.cipherAlgo = IX_CRYPTO_ACC_CIPHER_DES; + ixp->ixp_ctx.cipherCtx.cipherMode = IX_CRYPTO_ACC_MODE_CBC; + ixp->ixp_ctx.cipherCtx.cipherKeyLen = (cri->cri_klen + 7) / 8; + ixp->ixp_ctx.cipherCtx.cipherBlockLen = IX_CRYPTO_ACC_DES_BLOCK_64; + ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen = + IX_CRYPTO_ACC_DES_IV_64; + memcpy(ixp->ixp_ctx.cipherCtx.key.cipherKey, + cri->cri_key, (cri->cri_klen + 7) / 8); + break; + + case CRYPTO_3DES_CBC: + ixp->ixp_cipher_alg = cri->cri_alg; + ixp->ixp_ctx.cipherCtx.cipherAlgo = IX_CRYPTO_ACC_CIPHER_3DES; + ixp->ixp_ctx.cipherCtx.cipherMode = IX_CRYPTO_ACC_MODE_CBC; + ixp->ixp_ctx.cipherCtx.cipherKeyLen = (cri->cri_klen + 7) / 8; + ixp->ixp_ctx.cipherCtx.cipherBlockLen = IX_CRYPTO_ACC_DES_BLOCK_64; + ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen = + IX_CRYPTO_ACC_DES_IV_64; + memcpy(ixp->ixp_ctx.cipherCtx.key.cipherKey, + cri->cri_key, (cri->cri_klen + 7) / 8); + break; + + case CRYPTO_RIJNDAEL128_CBC: + ixp->ixp_cipher_alg = cri->cri_alg; + ixp->ixp_ctx.cipherCtx.cipherAlgo = IX_CRYPTO_ACC_CIPHER_AES; + ixp->ixp_ctx.cipherCtx.cipherMode = IX_CRYPTO_ACC_MODE_CBC; + ixp->ixp_ctx.cipherCtx.cipherKeyLen = (cri->cri_klen + 7) / 8; + ixp->ixp_ctx.cipherCtx.cipherBlockLen = 16; + ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen = 16; + memcpy(ixp->ixp_ctx.cipherCtx.key.cipherKey, + cri->cri_key, (cri->cri_klen + 7) / 8); + break; + + case CRYPTO_MD5: + case CRYPTO_MD5_HMAC: + ixp->ixp_auth_alg = cri->cri_alg; + ixp->ixp_ctx.authCtx.authAlgo = IX_CRYPTO_ACC_AUTH_MD5; + ixp->ixp_ctx.authCtx.authDigestLen = AUTH_LEN(cri, MD5_HASH_LEN); + ixp->ixp_ctx.authCtx.aadLen = 0; + /* Only MD5_HMAC needs a key */ + if (cri->cri_alg == CRYPTO_MD5_HMAC) { + ixp->ixp_ctx.authCtx.authKeyLen = (cri->cri_klen + 7) / 8; + if (ixp->ixp_ctx.authCtx.authKeyLen > + sizeof(ixp->ixp_ctx.authCtx.key.authKey)) { + printk( + "ixp4xx: Invalid key length for MD5_HMAC - %d bits\n", + cri->cri_klen); + ixp_freesession(NULL, i); + return EINVAL; + } + memcpy(ixp->ixp_ctx.authCtx.key.authKey, + cri->cri_key, (cri->cri_klen + 7) / 8); + } + break; + + case CRYPTO_SHA1: + case CRYPTO_SHA1_HMAC: + ixp->ixp_auth_alg = cri->cri_alg; + ixp->ixp_ctx.authCtx.authAlgo = IX_CRYPTO_ACC_AUTH_SHA1; + ixp->ixp_ctx.authCtx.authDigestLen = AUTH_LEN(cri, SHA1_HASH_LEN); + ixp->ixp_ctx.authCtx.aadLen = 0; + /* Only SHA1_HMAC needs a key */ + if (cri->cri_alg == CRYPTO_SHA1_HMAC) { + ixp->ixp_ctx.authCtx.authKeyLen = (cri->cri_klen + 7) / 8; + if (ixp->ixp_ctx.authCtx.authKeyLen > + sizeof(ixp->ixp_ctx.authCtx.key.authKey)) { + printk( + "ixp4xx: Invalid key length for SHA1_HMAC - %d bits\n", + cri->cri_klen); + ixp_freesession(NULL, i); + return EINVAL; + } + memcpy(ixp->ixp_ctx.authCtx.key.authKey, + cri->cri_key, (cri->cri_klen + 7) / 8); + } + break; + + default: + printk("ixp: unknown algo 0x%x\n", cri->cri_alg); + ixp_freesession(NULL, i); + return EINVAL; + } + cri = cri->cri_next; + } + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) + INIT_WORK(&ixp->ixp_pending_work, ixp_process_pending_wq); + INIT_WORK(&ixp->ixp_registration_work, ixp_registration_wq); +#else + INIT_WORK(&ixp->ixp_pending_work, ixp_process_pending, ixp); + INIT_WORK(&ixp->ixp_registration_work, ixp_registration, ixp); +#endif + + return 0; +} + + +/* + * Free a session. + */ +static int +ixp_freesession(device_t dev, u_int64_t tid) +{ + u_int32_t sid = CRYPTO_SESID2LID(tid); + + dprintk("%s()\n", __FUNCTION__); + if (sid > ixp_sesnum || ixp_sessions == NULL || + ixp_sessions[sid] == NULL) { + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + return EINVAL; + } + + /* Silently accept and return */ + if (sid == 0) + return 0; + + if (ixp_sessions[sid]) { + if (ixp_sessions[sid]->ixp_ctx_id != -1) { + ixCryptoAccCtxUnregister(ixp_sessions[sid]->ixp_ctx_id); + ixp_sessions[sid]->ixp_ctx_id = -1; + } + + flush_scheduled_work(); + + kfree(ixp_sessions[sid]); + } + ixp_sessions[sid] = NULL; + if (ixp_blocked) { + ixp_blocked = 0; + crypto_unblock(ixp_id, CRYPTO_SYMQ); + } + return 0; +} + + +/* + * callback for when hash processing is complete + */ + +static void +ixp_hash_perform_cb( + UINT32 hash_key_id, + IX_MBUF *bufp, + IxCryptoAccStatus status) +{ + struct ixp_q *q; + + dprintk("%s(%u, %p, 0x%x)\n", __FUNCTION__, hash_key_id, bufp, status); + + if (bufp == NULL) { + printk("ixp: NULL buf in %s\n", __FUNCTION__); + return; + } + + q = IX_MBUF_PRIV(bufp); + if (q == NULL) { + printk("ixp: NULL priv in %s\n", __FUNCTION__); + return; + } + + if (status == IX_CRYPTO_ACC_STATUS_SUCCESS) { + /* On success, need to copy hash back into original client buffer */ + memcpy(q->ixp_hash_dest, q->ixp_hash_src, + (q->ixp_q_data->ixp_auth_alg == CRYPTO_SHA1) ? + SHA1_HASH_LEN : MD5_HASH_LEN); + } + else { + printk("ixp: hash perform failed status=%d\n", status); + q->ixp_q_crp->crp_etype = EINVAL; + } + + /* Free internal buffer used for hashing */ + kfree(IX_MBUF_MDATA(&q->ixp_q_mbuf)); + + crypto_done(q->ixp_q_crp); + kmem_cache_free(qcache, q); +} + +/* + * setup a request and perform it + */ +static void +ixp_q_process(struct ixp_q *q) +{ + IxCryptoAccStatus status; + struct ixp_data *ixp = q->ixp_q_data; + int auth_off = 0; + int auth_len = 0; + int crypt_off = 0; + int crypt_len = 0; + int icv_off = 0; + char *crypt_func; + + dprintk("%s(%p)\n", __FUNCTION__, q); + + if (q->ixp_q_ccrd) { + if (q->ixp_q_ccrd->crd_flags & CRD_F_IV_EXPLICIT) { + q->ixp_q_iv = q->ixp_q_ccrd->crd_iv; + } else { + q->ixp_q_iv = q->ixp_q_iv_data; + crypto_copydata(q->ixp_q_crp->crp_flags, q->ixp_q_crp->crp_buf, + q->ixp_q_ccrd->crd_inject, + ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen, + (caddr_t) q->ixp_q_iv); + } + + if (q->ixp_q_acrd) { + auth_off = q->ixp_q_acrd->crd_skip; + auth_len = q->ixp_q_acrd->crd_len; + icv_off = q->ixp_q_acrd->crd_inject; + } + + crypt_off = q->ixp_q_ccrd->crd_skip; + crypt_len = q->ixp_q_ccrd->crd_len; + } else { /* if (q->ixp_q_acrd) */ + auth_off = q->ixp_q_acrd->crd_skip; + auth_len = q->ixp_q_acrd->crd_len; + icv_off = q->ixp_q_acrd->crd_inject; + } + + if (q->ixp_q_crp->crp_flags & CRYPTO_F_SKBUF) { + struct sk_buff *skb = (struct sk_buff *) q->ixp_q_crp->crp_buf; + if (skb_shinfo(skb)->nr_frags) { + /* + * DAVIDM fix this limitation one day by using + * a buffer pool and chaining, it is not currently + * needed for current user/kernel space acceleration + */ + printk("ixp: Cannot handle fragmented skb's yet !\n"); + q->ixp_q_crp->crp_etype = ENOENT; + goto done; + } + IX_MBUF_MLEN(&q->ixp_q_mbuf) = + IX_MBUF_PKT_LEN(&q->ixp_q_mbuf) = skb->len; + IX_MBUF_MDATA(&q->ixp_q_mbuf) = skb->data; + } else if (q->ixp_q_crp->crp_flags & CRYPTO_F_IOV) { + struct uio *uiop = (struct uio *) q->ixp_q_crp->crp_buf; + if (uiop->uio_iovcnt != 1) { + /* + * DAVIDM fix this limitation one day by using + * a buffer pool and chaining, it is not currently + * needed for current user/kernel space acceleration + */ + printk("ixp: Cannot handle more than 1 iovec yet !\n"); + q->ixp_q_crp->crp_etype = ENOENT; + goto done; + } + IX_MBUF_MLEN(&q->ixp_q_mbuf) = + IX_MBUF_PKT_LEN(&q->ixp_q_mbuf) = uiop->uio_iov[0].iov_len; + IX_MBUF_MDATA(&q->ixp_q_mbuf) = uiop->uio_iov[0].iov_base; + } else /* contig buffer */ { + IX_MBUF_MLEN(&q->ixp_q_mbuf) = + IX_MBUF_PKT_LEN(&q->ixp_q_mbuf) = q->ixp_q_crp->crp_ilen; + IX_MBUF_MDATA(&q->ixp_q_mbuf) = q->ixp_q_crp->crp_buf; + } + + IX_MBUF_PRIV(&q->ixp_q_mbuf) = q; + + if (ixp->ixp_auth_alg == CRYPTO_SHA1 || ixp->ixp_auth_alg == CRYPTO_MD5) { + /* + * For SHA1 and MD5 hash, need to create an internal buffer that is big + * enough to hold the original data + the appropriate padding for the + * hash algorithm. + */ + UINT8 *tbuf = NULL; + + IX_MBUF_MLEN(&q->ixp_q_mbuf) = IX_MBUF_PKT_LEN(&q->ixp_q_mbuf) = + ((IX_MBUF_MLEN(&q->ixp_q_mbuf) * 8) + 72 + 511) / 8; + tbuf = kmalloc(IX_MBUF_MLEN(&q->ixp_q_mbuf), SLAB_ATOMIC); + + if (IX_MBUF_MDATA(&q->ixp_q_mbuf) == NULL) { + printk("ixp: kmalloc(%u, SLAB_ATOMIC) failed\n", + IX_MBUF_MLEN(&q->ixp_q_mbuf)); + q->ixp_q_crp->crp_etype = ENOMEM; + goto done; + } + memcpy(tbuf, &(IX_MBUF_MDATA(&q->ixp_q_mbuf))[auth_off], auth_len); + + /* Set location in client buffer to copy hash into */ + q->ixp_hash_dest = + &(IX_MBUF_MDATA(&q->ixp_q_mbuf))[auth_off + auth_len]; + + IX_MBUF_MDATA(&q->ixp_q_mbuf) = tbuf; + + /* Set location in internal buffer for where hash starts */ + q->ixp_hash_src = &(IX_MBUF_MDATA(&q->ixp_q_mbuf))[auth_len]; + + crypt_func = "ixCryptoAccHashPerform"; + status = ixCryptoAccHashPerform(ixp->ixp_ctx.authCtx.authAlgo, + &q->ixp_q_mbuf, ixp_hash_perform_cb, 0, auth_len, auth_len, + &ixp->ixp_hash_key_id); + } + else { + crypt_func = "ixCryptoAccAuthCryptPerform"; + status = ixCryptoAccAuthCryptPerform(ixp->ixp_ctx_id, &q->ixp_q_mbuf, + NULL, auth_off, auth_len, crypt_off, crypt_len, icv_off, + q->ixp_q_iv); + } + + if (IX_CRYPTO_ACC_STATUS_QUEUE_FULL == status) { + q->ixp_q_crp->crp_etype = ENOMEM; + goto done; + } + + if (IX_CRYPTO_ACC_STATUS_SUCCESS != status) { + printk("ixp: %s failed %u\n", crypt_func, status); + q->ixp_q_crp->crp_etype = EINVAL; + } + +done: + crypto_done(q->ixp_q_crp); + kmem_cache_free(qcache, q); +} + + +/* + * because we cannot process the Q from the Register callback + * we do it here on a task Q. + */ + +static void +ixp_process_pending(void *arg) +{ + struct ixp_data *ixp = arg; + struct ixp_q *q = NULL; + + dprintk("%s(%p)\n", __FUNCTION__, arg); + + if (!ixp) + return; + + while (!list_empty(&ixp->ixp_q)) { + q = list_entry(ixp->ixp_q.next, struct ixp_q, ixp_q_list); + list_del(&q->ixp_q_list); + ixp_q_process(q); + } +} + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) +static void +ixp_process_pending_wq(struct work_struct *work) +{ + struct ixp_data *ixp = container_of(work, struct ixp_data, + ixp_pending_work); + ixp_process_pending(ixp); +} +#endif + +/* + * callback for when context registration is complete + */ + +static void +ixp_register_cb(UINT32 ctx_id, IX_MBUF *bufp, IxCryptoAccStatus status) +{ + int i; + struct ixp_data *ixp; + struct ixp_q *q; + + dprintk("%s(%d, %p, %d)\n", __FUNCTION__, ctx_id, bufp, status); + + /* + * free any buffer passed in to this routine + */ + if (bufp) { + IX_MBUF_MLEN(bufp) = IX_MBUF_PKT_LEN(bufp) = 0; + kfree(IX_MBUF_MDATA(bufp)); + IX_MBUF_MDATA(bufp) = NULL; + } + + for (i = 0; i < ixp_sesnum; i++) { + ixp = ixp_sessions[i]; + if (ixp && ixp->ixp_ctx_id == ctx_id) + break; + } + if (i >= ixp_sesnum) { + printk("ixp: invalid context id %d\n", ctx_id); + return; + } + + if (IX_CRYPTO_ACC_STATUS_WAIT == status) { + /* this is normal to free the first of two buffers */ + dprintk("ixp: register not finished yet.\n"); + return; + } + + if (IX_CRYPTO_ACC_STATUS_SUCCESS != status) { + printk("ixp: register failed 0x%x\n", status); + while (!list_empty(&ixp->ixp_q)) { + q = list_entry(ixp->ixp_q.next, struct ixp_q, ixp_q_list); + list_del(&q->ixp_q_list); + q->ixp_q_crp->crp_etype = EINVAL; + crypto_done(q->ixp_q_crp); + kmem_cache_free(qcache, q); + } + return; + } + + /* + * we are now registered, we cannot start processing the Q here + * or we get strange errors with AES (DES/3DES seem to be ok). + */ + ixp->ixp_registered = 1; + schedule_work(&ixp->ixp_pending_work); +} + + +/* + * callback for when data processing is complete + */ + +static void +ixp_perform_cb( + UINT32 ctx_id, + IX_MBUF *sbufp, + IX_MBUF *dbufp, + IxCryptoAccStatus status) +{ + struct ixp_q *q; + + dprintk("%s(%d, %p, %p, 0x%x)\n", __FUNCTION__, ctx_id, sbufp, + dbufp, status); + + if (sbufp == NULL) { + printk("ixp: NULL sbuf in ixp_perform_cb\n"); + return; + } + + q = IX_MBUF_PRIV(sbufp); + if (q == NULL) { + printk("ixp: NULL priv in ixp_perform_cb\n"); + return; + } + + if (status != IX_CRYPTO_ACC_STATUS_SUCCESS) { + printk("ixp: perform failed status=%d\n", status); + q->ixp_q_crp->crp_etype = EINVAL; + } + + crypto_done(q->ixp_q_crp); + kmem_cache_free(qcache, q); +} + + +/* + * registration is not callable at IRQ time, so we defer + * to a task queue, this routines completes the registration for us + * when the task queue runs + * + * Unfortunately this means we cannot tell OCF that the driver is blocked, + * we do that on the next request. + */ + +static void +ixp_registration(void *arg) +{ + struct ixp_data *ixp = arg; + struct ixp_q *q = NULL; + IX_MBUF *pri = NULL, *sec = NULL; + int status = IX_CRYPTO_ACC_STATUS_SUCCESS; + + if (!ixp) { + printk("ixp: ixp_registration with no arg\n"); + return; + } + + if (ixp->ixp_ctx_id != -1) { + ixCryptoAccCtxUnregister(ixp->ixp_ctx_id); + ixp->ixp_ctx_id = -1; + } + + if (list_empty(&ixp->ixp_q)) { + printk("ixp: ixp_registration with no Q\n"); + return; + } + + /* + * setup the primary and secondary buffers + */ + q = list_entry(ixp->ixp_q.next, struct ixp_q, ixp_q_list); + if (q->ixp_q_acrd) { + pri = &ixp->ixp_pri_mbuf; + sec = &ixp->ixp_sec_mbuf; + IX_MBUF_MLEN(pri) = IX_MBUF_PKT_LEN(pri) = 128; + IX_MBUF_MDATA(pri) = (unsigned char *) kmalloc(128, SLAB_ATOMIC); + IX_MBUF_MLEN(sec) = IX_MBUF_PKT_LEN(sec) = 128; + IX_MBUF_MDATA(sec) = (unsigned char *) kmalloc(128, SLAB_ATOMIC); + } + + /* Only need to register if a crypt op or HMAC op */ + if (!(ixp->ixp_auth_alg == CRYPTO_SHA1 || + ixp->ixp_auth_alg == CRYPTO_MD5)) { + status = ixCryptoAccCtxRegister( + &ixp->ixp_ctx, + pri, sec, + ixp_register_cb, + ixp_perform_cb, + &ixp->ixp_ctx_id); + } + else { + /* Otherwise we start processing pending q */ + schedule_work(&ixp->ixp_pending_work); + } + + if (IX_CRYPTO_ACC_STATUS_SUCCESS == status) + return; + + if (IX_CRYPTO_ACC_STATUS_EXCEED_MAX_TUNNELS == status) { + printk("ixp: ixCryptoAccCtxRegister failed (out of tunnels)\n"); + ixp_blocked = 1; + /* perhaps we should return EGAIN on queued ops ? */ + return; + } + + printk("ixp: ixCryptoAccCtxRegister failed %d\n", status); + ixp->ixp_ctx_id = -1; + + /* + * everything waiting is toasted + */ + while (!list_empty(&ixp->ixp_q)) { + q = list_entry(ixp->ixp_q.next, struct ixp_q, ixp_q_list); + list_del(&q->ixp_q_list); + q->ixp_q_crp->crp_etype = ENOENT; + crypto_done(q->ixp_q_crp); + kmem_cache_free(qcache, q); + } +} + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) +static void +ixp_registration_wq(struct work_struct *work) +{ + struct ixp_data *ixp = container_of(work, struct ixp_data, + ixp_registration_work); + ixp_registration(ixp); +} +#endif + +/* + * Process a request. + */ +static int +ixp_process(device_t dev, struct cryptop *crp, int hint) +{ + struct ixp_data *ixp; + unsigned int lid; + struct ixp_q *q = NULL; + int status; + + dprintk("%s()\n", __FUNCTION__); + + /* Sanity check */ + if (crp == NULL) { + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + return EINVAL; + } + + crp->crp_etype = 0; + + if (ixp_blocked) + return ERESTART; + + if (crp->crp_desc == NULL || crp->crp_buf == NULL) { + dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); + crp->crp_etype = EINVAL; + goto done; + } + + /* + * find the session we are using + */ + + lid = crp->crp_sid & 0xffffffff; + if (lid >= ixp_sesnum || lid == 0 || ixp_sessions == NULL || + ixp_sessions[lid] == NULL) { + crp->crp_etype = ENOENT; + dprintk("%s,%d: ENOENT\n", __FILE__, __LINE__); + goto done; + } + ixp = ixp_sessions[lid]; + + /* + * setup a new request ready for queuing + */ + q = kmem_cache_alloc(qcache, SLAB_ATOMIC); + if (q == NULL) { + dprintk("%s,%d: ENOMEM\n", __FILE__, __LINE__); + crp->crp_etype = ENOMEM; + goto done; + } + /* + * save some cycles by only zeroing the important bits + */ + memset(&q->ixp_q_mbuf, 0, sizeof(q->ixp_q_mbuf)); + q->ixp_q_ccrd = NULL; + q->ixp_q_acrd = NULL; + q->ixp_q_crp = crp; + q->ixp_q_data = ixp; + + /* + * point the cipher and auth descriptors appropriately + * check that we have something to do + */ + if (crp->crp_desc->crd_alg == ixp->ixp_cipher_alg) + q->ixp_q_ccrd = crp->crp_desc; + else if (crp->crp_desc->crd_alg == ixp->ixp_auth_alg) + q->ixp_q_acrd = crp->crp_desc; + else { + crp->crp_etype = ENOENT; + dprintk("%s,%d: bad desc match: ENOENT\n", __FILE__, __LINE__); + goto done; + } + if (crp->crp_desc->crd_next) { + if (crp->crp_desc->crd_next->crd_alg == ixp->ixp_cipher_alg) + q->ixp_q_ccrd = crp->crp_desc->crd_next; + else if (crp->crp_desc->crd_next->crd_alg == ixp->ixp_auth_alg) + q->ixp_q_acrd = crp->crp_desc->crd_next; + else { + crp->crp_etype = ENOENT; + dprintk("%s,%d: bad desc match: ENOENT\n", __FILE__, __LINE__); + goto done; + } + } + + /* + * If there is a direction change for this context then we mark it as + * unregistered and re-register is for the new direction. This is not + * a very expensive operation and currently only tends to happen when + * user-space application are doing benchmarks + * + * DM - we should be checking for pending requests before unregistering. + */ + if (q->ixp_q_ccrd && ixp->ixp_registered && + ixp->ixp_crd_flags != (q->ixp_q_ccrd->crd_flags & CRD_F_ENCRYPT)) { + dprintk("%s - detected direction change on session\n", __FUNCTION__); + ixp->ixp_registered = 0; + } + + /* + * if we are registered, call straight into the perform code + */ + if (ixp->ixp_registered) { + ixp_q_process(q); + return 0; + } + + /* + * the only part of the context not set in newsession is the direction + * dependent parts + */ + if (q->ixp_q_ccrd) { + ixp->ixp_crd_flags = (q->ixp_q_ccrd->crd_flags & CRD_F_ENCRYPT); + if (q->ixp_q_ccrd->crd_flags & CRD_F_ENCRYPT) { + ixp->ixp_ctx.operation = q->ixp_q_acrd ? + IX_CRYPTO_ACC_OP_ENCRYPT_AUTH : IX_CRYPTO_ACC_OP_ENCRYPT; + } else { + ixp->ixp_ctx.operation = q->ixp_q_acrd ? + IX_CRYPTO_ACC_OP_AUTH_DECRYPT : IX_CRYPTO_ACC_OP_DECRYPT; + } + } else { + /* q->ixp_q_acrd must be set if we are here */ + ixp->ixp_ctx.operation = IX_CRYPTO_ACC_OP_AUTH_CALC; + } + + status = list_empty(&ixp->ixp_q); + list_add_tail(&q->ixp_q_list, &ixp->ixp_q); + if (status) + schedule_work(&ixp->ixp_registration_work); + return 0; + +done: + if (q) + kmem_cache_free(qcache, q); + crypto_done(crp); + return 0; +} + + +#ifdef __ixp46X +/* + * key processing support for the ixp465 + */ + + +/* + * copy a BN (LE) into a buffer (BE) an fill out the op appropriately + * assume zeroed and only copy bits that are significant + */ + +static int +ixp_copy_ibuf(struct crparam *p, IxCryptoAccPkeEauOperand *op, UINT32 *buf) +{ + unsigned char *src = (unsigned char *) p->crp_p; + unsigned char *dst; + int len, bits = p->crp_nbits; + + dprintk("%s()\n", __FUNCTION__); + + if (bits > MAX_IOP_SIZE * sizeof(UINT32) * 8) { + dprintk("%s - ibuf too big (%d > %d)\n", __FUNCTION__, + bits, MAX_IOP_SIZE * sizeof(UINT32) * 8); + return -1; + } + + len = (bits + 31) / 32; /* the number UINT32's needed */ + + dst = (unsigned char *) &buf[len]; + dst--; + + while (bits > 0) { + *dst-- = *src++; + bits -= 8; + } + +#if 0 /* no need to zero remaining bits as it is done during request alloc */ + while (dst > (unsigned char *) buf) + *dst-- = '\0'; +#endif + + op->pData = buf; + op->dataLen = len; + return 0; +} + +/* + * copy out the result, be as forgiving as we can about small output buffers + */ + +static int +ixp_copy_obuf(struct crparam *p, IxCryptoAccPkeEauOpResult *op, UINT32 *buf) +{ + unsigned char *dst = (unsigned char *) p->crp_p; + unsigned char *src = (unsigned char *) buf; + int len, z, bits = p->crp_nbits; + + dprintk("%s()\n", __FUNCTION__); + + len = op->dataLen * sizeof(UINT32); + + /* skip leading zeroes to be small buffer friendly */ + z = 0; + while (z < len && src[z] == '\0') + z++; + + src += len; + src--; + len -= z; + + while (len > 0 && bits > 0) { + *dst++ = *src--; + len--; + bits -= 8; + } + + while (bits > 0) { + *dst++ = '\0'; + bits -= 8; + } + + if (len > 0) { + dprintk("%s - obuf is %d (z=%d, ob=%d) bytes too small\n", + __FUNCTION__, len, z, p->crp_nbits / 8); + return -1; + } + + return 0; +} + + +/* + * the parameter offsets for exp_mod + */ + +#define IXP_PARAM_BASE 0 +#define IXP_PARAM_EXP 1 +#define IXP_PARAM_MOD 2 +#define IXP_PARAM_RES 3 + +/* + * key processing complete callback, is also used to start processing + * by passing a NULL for pResult + */ + +static void +ixp_kperform_cb( + IxCryptoAccPkeEauOperation operation, + IxCryptoAccPkeEauOpResult *pResult, + BOOL carryOrBorrow, + IxCryptoAccStatus status) +{ + struct ixp_pkq *q, *tmp; + unsigned long flags; + + dprintk("%s(0x%x, %p, %d, 0x%x)\n", __FUNCTION__, operation, pResult, + carryOrBorrow, status); + + /* handle a completed request */ + if (pResult) { + if (ixp_pk_cur && &ixp_pk_cur->pkq_result == pResult) { + q = ixp_pk_cur; + if (status != IX_CRYPTO_ACC_STATUS_SUCCESS) { + dprintk("%s() - op failed 0x%x\n", __FUNCTION__, status); + q->pkq_krp->krp_status = ERANGE; /* could do better */ + } else { + /* copy out the result */ + if (ixp_copy_obuf(&q->pkq_krp->krp_param[IXP_PARAM_RES], + &q->pkq_result, q->pkq_obuf)) + q->pkq_krp->krp_status = ERANGE; + } + crypto_kdone(q->pkq_krp); + kfree(q); + ixp_pk_cur = NULL; + } else + printk("%s - callback with invalid result pointer\n", __FUNCTION__); + } + + spin_lock_irqsave(&ixp_pkq_lock, flags); + if (ixp_pk_cur || list_empty(&ixp_pkq)) { + spin_unlock_irqrestore(&ixp_pkq_lock, flags); + return; + } + + list_for_each_entry_safe(q, tmp, &ixp_pkq, pkq_list) { + + list_del(&q->pkq_list); + ixp_pk_cur = q; + + spin_unlock_irqrestore(&ixp_pkq_lock, flags); + + status = ixCryptoAccPkeEauPerform( + IX_CRYPTO_ACC_OP_EAU_MOD_EXP, + &q->pkq_op, + ixp_kperform_cb, + &q->pkq_result); + + if (status == IX_CRYPTO_ACC_STATUS_SUCCESS) { + dprintk("%s() - ixCryptoAccPkeEauPerform SUCCESS\n", __FUNCTION__); + return; /* callback will return here for callback */ + } else if (status == IX_CRYPTO_ACC_STATUS_RETRY) { + printk("%s() - ixCryptoAccPkeEauPerform RETRY\n", __FUNCTION__); + } else { + printk("%s() - ixCryptoAccPkeEauPerform failed %d\n", + __FUNCTION__, status); + } + q->pkq_krp->krp_status = ERANGE; /* could do better */ + crypto_kdone(q->pkq_krp); + kfree(q); + spin_lock_irqsave(&ixp_pkq_lock, flags); + } + spin_unlock_irqrestore(&ixp_pkq_lock, flags); +} + + +static int +ixp_kprocess(device_t dev, struct cryptkop *krp, int hint) +{ + struct ixp_pkq *q; + int rc = 0; + unsigned long flags; + + dprintk("%s l1=%d l2=%d l3=%d l4=%d\n", __FUNCTION__, + krp->krp_param[IXP_PARAM_BASE].crp_nbits, + krp->krp_param[IXP_PARAM_EXP].crp_nbits, + krp->krp_param[IXP_PARAM_MOD].crp_nbits, + krp->krp_param[IXP_PARAM_RES].crp_nbits); + + + if (krp->krp_op != CRK_MOD_EXP) { + krp->krp_status = EOPNOTSUPP; + goto err; + } + + q = (struct ixp_pkq *) kmalloc(sizeof(*q), GFP_KERNEL); + if (q == NULL) { + krp->krp_status = ENOMEM; + goto err; + } + + /* + * The PKE engine does not appear to zero the output buffer + * appropriately, so we need to do it all here. + */ + memset(q, 0, sizeof(*q)); + + q->pkq_krp = krp; + INIT_LIST_HEAD(&q->pkq_list); + + if (ixp_copy_ibuf(&krp->krp_param[IXP_PARAM_BASE], &q->pkq_op.modExpOpr.M, + q->pkq_ibuf0)) + rc = 1; + if (!rc && ixp_copy_ibuf(&krp->krp_param[IXP_PARAM_EXP], + &q->pkq_op.modExpOpr.e, q->pkq_ibuf1)) + rc = 2; + if (!rc && ixp_copy_ibuf(&krp->krp_param[IXP_PARAM_MOD], + &q->pkq_op.modExpOpr.N, q->pkq_ibuf2)) + rc = 3; + + if (rc) { + kfree(q); + krp->krp_status = ERANGE; + goto err; + } + + q->pkq_result.pData = q->pkq_obuf; + q->pkq_result.dataLen = + (krp->krp_param[IXP_PARAM_RES].crp_nbits + 31) / 32; + + spin_lock_irqsave(&ixp_pkq_lock, flags); + list_add_tail(&q->pkq_list, &ixp_pkq); + spin_unlock_irqrestore(&ixp_pkq_lock, flags); + + if (!ixp_pk_cur) + ixp_kperform_cb(0, NULL, 0, 0); + return (0); + +err: + crypto_kdone(krp); + return (0); +} + + + +#ifdef CONFIG_OCF_RANDOMHARVEST +/* + * We run the random number generator output through SHA so that it + * is FIPS compliant. + */ + +static volatile int sha_done = 0; +static unsigned char sha_digest[20]; + +static void +ixp_hash_cb(UINT8 *digest, IxCryptoAccStatus status) +{ + dprintk("%s(%p, %d)\n", __FUNCTION__, digest, status); + if (sha_digest != digest) + printk("digest error\n"); + if (IX_CRYPTO_ACC_STATUS_SUCCESS == status) + sha_done = 1; + else + sha_done = -status; +} + +static int +ixp_read_random(void *arg, u_int32_t *buf, int maxwords) +{ + IxCryptoAccStatus status; + int i, n, rc; + + dprintk("%s(%p, %d)\n", __FUNCTION__, buf, maxwords); + memset(buf, 0, maxwords * sizeof(*buf)); + status = ixCryptoAccPkePseudoRandomNumberGet(maxwords, buf); + if (status != IX_CRYPTO_ACC_STATUS_SUCCESS) { + dprintk("%s: ixCryptoAccPkePseudoRandomNumberGet failed %d\n", + __FUNCTION__, status); + return 0; + } + + /* + * run the random data through SHA to make it look more random + */ + + n = sizeof(sha_digest); /* process digest bytes at a time */ + + rc = 0; + for (i = 0; i < maxwords; i += n / sizeof(*buf)) { + if ((maxwords - i) * sizeof(*buf) < n) + n = (maxwords - i) * sizeof(*buf); + sha_done = 0; + status = ixCryptoAccPkeHashPerform(IX_CRYPTO_ACC_AUTH_SHA1, + (UINT8 *) &buf[i], n, ixp_hash_cb, sha_digest); + if (status != IX_CRYPTO_ACC_STATUS_SUCCESS) { + dprintk("ixCryptoAccPkeHashPerform failed %d\n", status); + return -EIO; + } + while (!sha_done) + schedule(); + if (sha_done < 0) { + dprintk("ixCryptoAccPkeHashPerform failed CB %d\n", -sha_done); + return 0; + } + memcpy(&buf[i], sha_digest, n); + rc += n / sizeof(*buf);; + } + + return rc; +} +#endif /* CONFIG_OCF_RANDOMHARVEST */ + +#endif /* __ixp46X */ + + + +/* + * our driver startup and shutdown routines + */ + +static int +ixp_init(void) +{ + dprintk("%s(%p)\n", __FUNCTION__, ixp_init); + + if (ixp_init_crypto && ixCryptoAccInit() != IX_CRYPTO_ACC_STATUS_SUCCESS) + printk("ixCryptoAccInit failed, assuming already initialised!\n"); + + qcache = kmem_cache_create("ixp4xx_q", sizeof(struct ixp_q), 0, + SLAB_HWCACHE_ALIGN, NULL +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) + , NULL +#endif + ); + if (!qcache) { + printk("failed to create Qcache\n"); + return -ENOENT; + } + + memset(&ixpdev, 0, sizeof(ixpdev)); + softc_device_init(&ixpdev, "ixp4xx", 0, ixp_methods); + + ixp_id = crypto_get_driverid(softc_get_device(&ixpdev), + CRYPTOCAP_F_HARDWARE); + if (ixp_id < 0) + panic("IXP/OCF crypto device cannot initialize!"); + +#define REGISTER(alg) \ + crypto_register(ixp_id,alg,0,0) + + REGISTER(CRYPTO_DES_CBC); + REGISTER(CRYPTO_3DES_CBC); + REGISTER(CRYPTO_RIJNDAEL128_CBC); +#ifdef CONFIG_OCF_IXP4XX_SHA1_MD5 + REGISTER(CRYPTO_MD5); + REGISTER(CRYPTO_SHA1); +#endif + REGISTER(CRYPTO_MD5_HMAC); + REGISTER(CRYPTO_SHA1_HMAC); +#undef REGISTER + +#ifdef __ixp46X + spin_lock_init(&ixp_pkq_lock); + /* + * we do not enable the go fast options here as they can potentially + * allow timing based attacks + * + * http://www.openssl.org/news/secadv_20030219.txt + */ + ixCryptoAccPkeEauExpConfig(0, 0); + crypto_kregister(ixp_id, CRK_MOD_EXP, 0); +#ifdef CONFIG_OCF_RANDOMHARVEST + crypto_rregister(ixp_id, ixp_read_random, NULL); +#endif +#endif + + return 0; +} + +static void +ixp_exit(void) +{ + dprintk("%s()\n", __FUNCTION__); + crypto_unregister_all(ixp_id); + ixp_id = -1; + kmem_cache_destroy(qcache); + qcache = NULL; +} + +module_init(ixp_init); +module_exit(ixp_exit); + +MODULE_LICENSE("Dual BSD/GPL"); +MODULE_AUTHOR("David McCullough "); +MODULE_DESCRIPTION("ixp (OCF module for IXP4xx crypto)"); diff -Naur linux-3.0.68.i686-orig/crypto/ocf/ixp4xx/Makefile linux-3.0.68.i686/crypto/ocf/ixp4xx/Makefile --- linux-3.0.68.i686-orig/crypto/ocf/ixp4xx/Makefile 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/ixp4xx/Makefile 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,104 @@ +# for SGlinux builds +-include $(ROOTDIR)/modules/.config + +# +# You will need to point this at your Intel ixp425 includes, this portion +# of the Makefile only really works under SGLinux with the appropriate libs +# installed. They can be downloaded from http://www.snapgear.org/ +# +ifeq ($(CONFIG_CPU_IXP46X),y) +IXPLATFORM = ixp46X +else +ifeq ($(CONFIG_CPU_IXP43X),y) +IXPLATFORM = ixp43X +else +IXPLATFORM = ixp42X +endif +endif + +ifdef CONFIG_IXP400_LIB_2_4 +IX_XSCALE_SW = $(ROOTDIR)/modules/ixp425/ixp400-2.4/ixp400_xscale_sw +OSAL_DIR = $(ROOTDIR)/modules/ixp425/ixp400-2.4/ixp_osal +endif +ifdef CONFIG_IXP400_LIB_2_1 +IX_XSCALE_SW = $(ROOTDIR)/modules/ixp425/ixp400-2.1/ixp400_xscale_sw +OSAL_DIR = $(ROOTDIR)/modules/ixp425/ixp400-2.1/ixp_osal +endif +ifdef CONFIG_IXP400_LIB_2_0 +IX_XSCALE_SW = $(ROOTDIR)/modules/ixp425/ixp400-2.0/ixp400_xscale_sw +OSAL_DIR = $(ROOTDIR)/modules/ixp425/ixp400-2.0/ixp_osal +endif +ifdef IX_XSCALE_SW +ifdef CONFIG_IXP400_LIB_2_4 +IXP_CFLAGS = \ + -I$(ROOTDIR)/. \ + -I$(IX_XSCALE_SW)/src/include \ + -I$(OSAL_DIR)/common/include/ \ + -I$(OSAL_DIR)/common/include/modules/ \ + -I$(OSAL_DIR)/common/include/modules/ddk/ \ + -I$(OSAL_DIR)/common/include/modules/bufferMgt/ \ + -I$(OSAL_DIR)/common/include/modules/ioMem/ \ + -I$(OSAL_DIR)/common/os/linux/include/ \ + -I$(OSAL_DIR)/common/os/linux/include/core/ \ + -I$(OSAL_DIR)/common/os/linux/include/modules/ \ + -I$(OSAL_DIR)/common/os/linux/include/modules/ddk/ \ + -I$(OSAL_DIR)/common/os/linux/include/modules/bufferMgt/ \ + -I$(OSAL_DIR)/common/os/linux/include/modules/ioMem/ \ + -I$(OSAL_DIR)/platforms/$(IXPLATFORM)/include/ \ + -I$(OSAL_DIR)/platforms/$(IXPLATFORM)/os/linux/include/ \ + -DENABLE_IOMEM -DENABLE_BUFFERMGT -DENABLE_DDK \ + -DUSE_IXP4XX_CRYPTO +else +IXP_CFLAGS = \ + -I$(ROOTDIR)/. \ + -I$(IX_XSCALE_SW)/src/include \ + -I$(OSAL_DIR)/ \ + -I$(OSAL_DIR)/os/linux/include/ \ + -I$(OSAL_DIR)/os/linux/include/modules/ \ + -I$(OSAL_DIR)/os/linux/include/modules/ioMem/ \ + -I$(OSAL_DIR)/os/linux/include/modules/bufferMgt/ \ + -I$(OSAL_DIR)/os/linux/include/core/ \ + -I$(OSAL_DIR)/os/linux/include/platforms/ \ + -I$(OSAL_DIR)/os/linux/include/platforms/ixp400/ \ + -I$(OSAL_DIR)/os/linux/include/platforms/ixp400/ixp425 \ + -I$(OSAL_DIR)/os/linux/include/platforms/ixp400/ixp465 \ + -I$(OSAL_DIR)/os/linux/include/core/ \ + -I$(OSAL_DIR)/include/ \ + -I$(OSAL_DIR)/include/modules/ \ + -I$(OSAL_DIR)/include/modules/bufferMgt/ \ + -I$(OSAL_DIR)/include/modules/ioMem/ \ + -I$(OSAL_DIR)/include/platforms/ \ + -I$(OSAL_DIR)/include/platforms/ixp400/ \ + -DUSE_IXP4XX_CRYPTO +endif +endif +ifdef CONFIG_IXP400_LIB_1_4 +IXP_CFLAGS = \ + -I$(ROOTDIR)/. \ + -I$(ROOTDIR)/modules/ixp425/ixp400-1.4/ixp400_xscale_sw/src/include \ + -I$(ROOTDIR)/modules/ixp425/ixp400-1.4/ixp400_xscale_sw/src/linux \ + -DUSE_IXP4XX_CRYPTO +endif +ifndef IXPDIR +IXPDIR = ixp-version-is-not-supported +endif + +ifeq ($(CONFIG_CPU_IXP46X),y) +IXP_CFLAGS += -D__ixp46X +else +ifeq ($(CONFIG_CPU_IXP43X),y) +IXP_CFLAGS += -D__ixp43X +else +IXP_CFLAGS += -D__ixp42X +endif +endif + +obj-$(CONFIG_OCF_IXP4XX) += ixp4xx.o + +obj ?= . +EXTRA_CFLAGS += $(IXP_CFLAGS) -I$(obj)/.. -I$(obj)/. + +ifdef TOPDIR +-include $(TOPDIR)/Rules.make +endif + diff -Naur linux-3.0.68.i686-orig/crypto/ocf/Kconfig linux-3.0.68.i686/crypto/ocf/Kconfig --- linux-3.0.68.i686-orig/crypto/ocf/Kconfig 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/Kconfig 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,125 @@ +menu "OCF Configuration" + +config OCF_OCF + tristate "OCF (Open Cryptograhic Framework)" + help + A linux port of the OpenBSD/FreeBSD crypto framework. + +config OCF_RANDOMHARVEST + bool "crypto random --- harvest entropy for /dev/random" + depends on OCF_OCF + help + Includes code to harvest random numbers from devices that support it. + +config OCF_FIPS + bool "enable fips RNG checks" + depends on OCF_OCF && OCF_RANDOMHARVEST + help + Run all RNG provided data through a fips check before + adding it /dev/random's entropy pool. + +config OCF_CRYPTODEV + tristate "cryptodev (user space support)" + depends on OCF_OCF + help + The user space API to access crypto hardware. + +config OCF_CRYPTOSOFT + tristate "cryptosoft (software crypto engine)" + depends on OCF_OCF + help + A software driver for the OCF framework that uses + the kernel CryptoAPI. + +config OCF_SAFE + tristate "safenet (HW crypto engine)" + depends on OCF_OCF + help + A driver for a number of the safenet Excel crypto accelerators. + Currently tested and working on the 1141 and 1741. + +config OCF_IXP4XX + tristate "IXP4xx (HW crypto engine)" + depends on OCF_OCF + help + XScale IXP4xx crypto accelerator driver. Requires the + Intel Access library. + +config OCF_IXP4XX_SHA1_MD5 + bool "IXP4xx SHA1 and MD5 Hashing" + depends on OCF_IXP4XX + help + Allows the IXP4xx crypto accelerator to perform SHA1 and MD5 hashing. + Note: this is MUCH slower than using cryptosoft (software crypto engine). + +config OCF_HIFN + tristate "hifn (HW crypto engine)" + depends on OCF_OCF + help + OCF driver for various HIFN based crypto accelerators. + (7951, 7955, 7956, 7751, 7811) + +config OCF_HIFNHIPP + tristate "Hifn HIPP (HW packet crypto engine)" + depends on OCF_OCF + help + OCF driver for various HIFN (HIPP) based crypto accelerators + (7855) + +config OCF_TALITOS + tristate "talitos (HW crypto engine)" + depends on OCF_OCF + help + OCF driver for Freescale's security engine (SEC/talitos). + +config OCF_PASEMI + tristate "pasemi (HW crypto engine)" + depends on OCF_OCF && PPC_PASEMI + help + OCF driver for the PA Semi PWRficient DMA Engine + +config OCF_EP80579 + tristate "ep80579 (HW crypto engine)" + depends on OCF_OCF + help + OCF driver for the Intel EP80579 Integrated Processor Product Line. + +config OCF_CRYPTOCTEON + tristate "cryptocteon (HW crypto engine)" + depends on OCF_OCF + help + OCF driver for the Cavium OCTEON Processors. + +config OCF_KIRKWOOD + tristate "kirkwood (HW crypto engine)" + depends on OCF_OCF + help + OCF driver for the Marvell Kirkwood (88F6xxx) Processors. + +config OCF_C7108 + tristate "Micronas 7108 (HW crypto engine)" + depends on OCF_OCF + help + OCF driver for the Microna 7108 Cipher processors. + +config OCF_UBSEC_SSB + tristate "uBsec BCM5365 (HW crypto engine)" + depends on OCF_OCF + help + OCF driver for uBsec BCM5365 hardware crypto accelerator. + +config OCF_OCFNULL + tristate "ocfnull (fake crypto engine)" + depends on OCF_OCF + help + OCF driver for measuring ipsec overheads (does no crypto) + +config OCF_BENCH + tristate "ocf-bench (HW crypto in-kernel benchmark)" + depends on OCF_OCF + help + A very simple encryption test for the in-kernel interface + of OCF. Also includes code to benchmark the IXP Access library + for comparison. + +endmenu diff -Naur linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/AES/mvAesAlg.c linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/AES/mvAesAlg.c --- linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/AES/mvAesAlg.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/AES/mvAesAlg.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,317 @@ +/* rijndael-alg-ref.c v2.0 August '99 + * Reference ANSI C code + * authors: Paulo Barreto + * Vincent Rijmen, K.U.Leuven + * + * This code is placed in the public domain. + */ + +#include "mvOs.h" + +#include "mvAesAlg.h" + +#include "mvAesBoxes.dat" + + +MV_U8 mul1(MV_U8 aa, MV_U8 bb); +void KeyAddition(MV_U8 a[4][MAXBC], MV_U8 rk[4][MAXBC], MV_U8 BC); +void ShiftRow128Enc(MV_U8 a[4][MAXBC]); +void ShiftRow128Dec(MV_U8 a[4][MAXBC]); +void Substitution(MV_U8 a[4][MAXBC], MV_U8 box[256]); +void MixColumn(MV_U8 a[4][MAXBC], MV_U8 rk[4][MAXBC]); +void InvMixColumn(MV_U8 a[4][MAXBC]); + + +#define mul(aa, bb) (mask[bb] & Alogtable[aa + Logtable[bb]]) + +MV_U8 mul1(MV_U8 aa, MV_U8 bb) +{ + return mask[bb] & Alogtable[aa + Logtable[bb]]; +} + + +void KeyAddition(MV_U8 a[4][MAXBC], MV_U8 rk[4][MAXBC], MV_U8 BC) +{ + /* Exor corresponding text input and round key input bytes + */ + ((MV_U32*)(&(a[0][0])))[0] ^= ((MV_U32*)(&(rk[0][0])))[0]; + ((MV_U32*)(&(a[1][0])))[0] ^= ((MV_U32*)(&(rk[1][0])))[0]; + ((MV_U32*)(&(a[2][0])))[0] ^= ((MV_U32*)(&(rk[2][0])))[0]; + ((MV_U32*)(&(a[3][0])))[0] ^= ((MV_U32*)(&(rk[3][0])))[0]; + +} + +void ShiftRow128Enc(MV_U8 a[4][MAXBC]) { + /* Row 0 remains unchanged + * The other three rows are shifted a variable amount + */ + MV_U8 tmp[MAXBC]; + + tmp[0] = a[1][1]; + tmp[1] = a[1][2]; + tmp[2] = a[1][3]; + tmp[3] = a[1][0]; + + ((MV_U32*)(&(a[1][0])))[0] = ((MV_U32*)(&(tmp[0])))[0]; + /* + a[1][0] = tmp[0]; + a[1][1] = tmp[1]; + a[1][2] = tmp[2]; + a[1][3] = tmp[3]; + */ + tmp[0] = a[2][2]; + tmp[1] = a[2][3]; + tmp[2] = a[2][0]; + tmp[3] = a[2][1]; + + ((MV_U32*)(&(a[2][0])))[0] = ((MV_U32*)(&(tmp[0])))[0]; + /* + a[2][0] = tmp[0]; + a[2][1] = tmp[1]; + a[2][2] = tmp[2]; + a[2][3] = tmp[3]; + */ + tmp[0] = a[3][3]; + tmp[1] = a[3][0]; + tmp[2] = a[3][1]; + tmp[3] = a[3][2]; + + ((MV_U32*)(&(a[3][0])))[0] = ((MV_U32*)(&(tmp[0])))[0]; + /* + a[3][0] = tmp[0]; + a[3][1] = tmp[1]; + a[3][2] = tmp[2]; + a[3][3] = tmp[3]; + */ +} + +void ShiftRow128Dec(MV_U8 a[4][MAXBC]) { + /* Row 0 remains unchanged + * The other three rows are shifted a variable amount + */ + MV_U8 tmp[MAXBC]; + + tmp[0] = a[1][3]; + tmp[1] = a[1][0]; + tmp[2] = a[1][1]; + tmp[3] = a[1][2]; + + ((MV_U32*)(&(a[1][0])))[0] = ((MV_U32*)(&(tmp[0])))[0]; + /* + a[1][0] = tmp[0]; + a[1][1] = tmp[1]; + a[1][2] = tmp[2]; + a[1][3] = tmp[3]; + */ + + tmp[0] = a[2][2]; + tmp[1] = a[2][3]; + tmp[2] = a[2][0]; + tmp[3] = a[2][1]; + + ((MV_U32*)(&(a[2][0])))[0] = ((MV_U32*)(&(tmp[0])))[0]; + /* + a[2][0] = tmp[0]; + a[2][1] = tmp[1]; + a[2][2] = tmp[2]; + a[2][3] = tmp[3]; + */ + + tmp[0] = a[3][1]; + tmp[1] = a[3][2]; + tmp[2] = a[3][3]; + tmp[3] = a[3][0]; + + ((MV_U32*)(&(a[3][0])))[0] = ((MV_U32*)(&(tmp[0])))[0]; + /* + a[3][0] = tmp[0]; + a[3][1] = tmp[1]; + a[3][2] = tmp[2]; + a[3][3] = tmp[3]; + */ +} + +void Substitution(MV_U8 a[4][MAXBC], MV_U8 box[256]) { + /* Replace every byte of the input by the byte at that place + * in the nonlinear S-box + */ + int i, j; + + for(i = 0; i < 4; i++) + for(j = 0; j < 4; j++) a[i][j] = box[a[i][j]] ; +} + +void MixColumn(MV_U8 a[4][MAXBC], MV_U8 rk[4][MAXBC]) { + /* Mix the four bytes of every column in a linear way + */ + MV_U8 b[4][MAXBC]; + int i, j; + + for(j = 0; j < 4; j++){ + b[0][j] = mul(25,a[0][j]) ^ mul(1,a[1][j]) ^ a[2][j] ^ a[3][j]; + b[1][j] = mul(25,a[1][j]) ^ mul(1,a[2][j]) ^ a[3][j] ^ a[0][j]; + b[2][j] = mul(25,a[2][j]) ^ mul(1,a[3][j]) ^ a[0][j] ^ a[1][j]; + b[3][j] = mul(25,a[3][j]) ^ mul(1,a[0][j]) ^ a[1][j] ^ a[2][j]; + } + for(i = 0; i < 4; i++) + /*for(j = 0; j < BC; j++) a[i][j] = b[i][j];*/ + ((MV_U32*)(&(a[i][0])))[0] = ((MV_U32*)(&(b[i][0])))[0] ^ ((MV_U32*)(&(rk[i][0])))[0];; +} + +void InvMixColumn(MV_U8 a[4][MAXBC]) { + /* Mix the four bytes of every column in a linear way + * This is the opposite operation of Mixcolumn + */ + MV_U8 b[4][MAXBC]; + int i, j; + + for(j = 0; j < 4; j++){ + b[0][j] = mul(223,a[0][j]) ^ mul(104,a[1][j]) ^ mul(238,a[2][j]) ^ mul(199,a[3][j]); + b[1][j] = mul(223,a[1][j]) ^ mul(104,a[2][j]) ^ mul(238,a[3][j]) ^ mul(199,a[0][j]); + b[2][j] = mul(223,a[2][j]) ^ mul(104,a[3][j]) ^ mul(238,a[0][j]) ^ mul(199,a[1][j]); + b[3][j] = mul(223,a[3][j]) ^ mul(104,a[0][j]) ^ mul(238,a[1][j]) ^ mul(199,a[2][j]); + } + for(i = 0; i < 4; i++) + /*for(j = 0; j < BC; j++) a[i][j] = b[i][j];*/ + ((MV_U32*)(&(a[i][0])))[0] = ((MV_U32*)(&(b[i][0])))[0]; +} + +int rijndaelKeySched (MV_U8 k[4][MAXKC], int keyBits, int blockBits, MV_U8 W[MAXROUNDS+1][4][MAXBC]) +{ + /* Calculate the necessary round keys + * The number of calculations depends on keyBits and blockBits + */ + int KC, BC, ROUNDS; + int i, j, t, rconpointer = 0; + MV_U8 tk[4][MAXKC]; + + switch (keyBits) { + case 128: KC = 4; break; + case 192: KC = 6; break; + case 256: KC = 8; break; + default : return (-1); + } + + switch (blockBits) { + case 128: BC = 4; break; + case 192: BC = 6; break; + case 256: BC = 8; break; + default : return (-2); + } + + switch (keyBits >= blockBits ? keyBits : blockBits) { + case 128: ROUNDS = 10; break; + case 192: ROUNDS = 12; break; + case 256: ROUNDS = 14; break; + default : return (-3); /* this cannot happen */ + } + + + for(j = 0; j < KC; j++) + for(i = 0; i < 4; i++) + tk[i][j] = k[i][j]; + t = 0; + /* copy values into round key array */ + for(j = 0; (j < KC) && (t < (ROUNDS+1)*BC); j++, t++) + for(i = 0; i < 4; i++) W[t / BC][i][t % BC] = tk[i][j]; + + while (t < (ROUNDS+1)*BC) { /* while not enough round key material calculated */ + /* calculate new values */ + for(i = 0; i < 4; i++) + tk[i][0] ^= S[tk[(i+1)%4][KC-1]]; + tk[0][0] ^= rcon[rconpointer++]; + + if (KC != 8) + for(j = 1; j < KC; j++) + for(i = 0; i < 4; i++) tk[i][j] ^= tk[i][j-1]; + else { + for(j = 1; j < KC/2; j++) + for(i = 0; i < 4; i++) tk[i][j] ^= tk[i][j-1]; + for(i = 0; i < 4; i++) tk[i][KC/2] ^= S[tk[i][KC/2 - 1]]; + for(j = KC/2 + 1; j < KC; j++) + for(i = 0; i < 4; i++) tk[i][j] ^= tk[i][j-1]; + } + /* copy values into round key array */ + for(j = 0; (j < KC) && (t < (ROUNDS+1)*BC); j++, t++) + for(i = 0; i < 4; i++) W[t / BC][i][t % BC] = tk[i][j]; + } + + return 0; +} + + + +int rijndaelEncrypt128(MV_U8 a[4][MAXBC], MV_U8 rk[MAXROUNDS+1][4][MAXBC], int rounds) +{ + /* Encryption of one block. + */ + int r, BC, ROUNDS; + + BC = 4; + ROUNDS = rounds; + + /* begin with a key addition + */ + + KeyAddition(a,rk[0],BC); + + /* ROUNDS-1 ordinary rounds + */ + for(r = 1; r < ROUNDS; r++) { + Substitution(a,S); + ShiftRow128Enc(a); + MixColumn(a, rk[r]); + /*KeyAddition(a,rk[r],BC);*/ + } + + /* Last round is special: there is no MixColumn + */ + Substitution(a,S); + ShiftRow128Enc(a); + KeyAddition(a,rk[ROUNDS],BC); + + return 0; +} + + +int rijndaelDecrypt128(MV_U8 a[4][MAXBC], MV_U8 rk[MAXROUNDS+1][4][MAXBC], int rounds) +{ + int r, BC, ROUNDS; + + BC = 4; + ROUNDS = rounds; + + /* To decrypt: apply the inverse operations of the encrypt routine, + * in opposite order + * + * (KeyAddition is an involution: it 's equal to its inverse) + * (the inverse of Substitution with table S is Substitution with the inverse table of S) + * (the inverse of Shiftrow is Shiftrow over a suitable distance) + */ + + /* First the special round: + * without InvMixColumn + * with extra KeyAddition + */ + KeyAddition(a,rk[ROUNDS],BC); + ShiftRow128Dec(a); + Substitution(a,Si); + + /* ROUNDS-1 ordinary rounds + */ + for(r = ROUNDS-1; r > 0; r--) { + KeyAddition(a,rk[r],BC); + InvMixColumn(a); + ShiftRow128Dec(a); + Substitution(a,Si); + + } + + /* End with the extra key addition + */ + + KeyAddition(a,rk[0],BC); + + return 0; +} + diff -Naur linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/AES/mvAesAlg.h linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/AES/mvAesAlg.h --- linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/AES/mvAesAlg.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/AES/mvAesAlg.h 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,19 @@ +/* rijndael-alg-ref.h v2.0 August '99 + * Reference ANSI C code + * authors: Paulo Barreto + * Vincent Rijmen, K.U.Leuven + */ +#ifndef __RIJNDAEL_ALG_H +#define __RIJNDAEL_ALG_H + +#define MAXBC (128/32) +#define MAXKC (256/32) +#define MAXROUNDS 14 + + +int rijndaelKeySched (MV_U8 k[4][MAXKC], int keyBits, int blockBits, MV_U8 rk[MAXROUNDS+1][4][MAXBC]); + +int rijndaelEncrypt128(MV_U8 a[4][MAXBC], MV_U8 rk[MAXROUNDS+1][4][MAXBC], int rounds); +int rijndaelDecrypt128(MV_U8 a[4][MAXBC], MV_U8 rk[MAXROUNDS+1][4][MAXBC], int rounds); + +#endif /* __RIJNDAEL_ALG_H */ diff -Naur linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/AES/mvAesApi.c linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/AES/mvAesApi.c --- linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/AES/mvAesApi.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/AES/mvAesApi.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,312 @@ +/* rijndael-api-ref.c v2.1 April 2000 + * Reference ANSI C code + * authors: v2.0 Paulo Barreto + * Vincent Rijmen, K.U.Leuven + * v2.1 Vincent Rijmen, K.U.Leuven + * + * This code is placed in the public domain. + */ +#include "mvOs.h" + +#include "mvAes.h" +#include "mvAesAlg.h" + + +/* Defines: + Add any additional defines you need +*/ + +#define MODE_ECB 1 /* Are we ciphering in ECB mode? */ +#define MODE_CBC 2 /* Are we ciphering in CBC mode? */ +#define MODE_CFB1 3 /* Are we ciphering in 1-bit CFB mode? */ + + +int aesMakeKey(MV_U8 *expandedKey, MV_U8 *keyMaterial, int keyLen, int blockLen) +{ + MV_U8 W[MAXROUNDS+1][4][MAXBC]; + MV_U8 k[4][MAXKC]; + MV_U8 j; + int i, rounds, KC; + + if (expandedKey == NULL) + { + return AES_BAD_KEY_INSTANCE; + } + + if (!((keyLen == 128) || (keyLen == 192) || (keyLen == 256))) + { + return AES_BAD_KEY_MAT; + } + + if (keyMaterial == NULL) + { + return AES_BAD_KEY_MAT; + } + + /* initialize key schedule: */ + for(i=0; i= 3) +MV_U32 cesaChainLength = 0; +int chainReqNum = 0; +MV_U32 chainIndex = 0; +MV_CESA_REQ* pNextActiveChain = 0; +MV_CESA_REQ* pEndCurrChain = 0; +MV_BOOL isFirstReq = MV_TRUE; +#endif + +static INLINE MV_U8* mvCesaSramAddrGet(void) +{ +#ifdef MV_CESA_NO_SRAM + return (MV_U8*)cesaSramVirtPtr; +#else + return (MV_U8*)cesaCryptEngBase; +#endif /* MV_CESA_NO_SRAM */ +} + +static INLINE MV_ULONG mvCesaSramVirtToPhys(void* pDev, MV_U8* pSramVirt) +{ +#ifdef MV_CESA_NO_SRAM + return (MV_ULONG)mvOsIoVirtToPhy(NULL, pSramVirt); +#else + return (MV_ULONG)pSramVirt; +#endif /* MV_CESA_NO_SRAM */ +} + +/* Internal Function prototypes */ + +static INLINE void mvCesaSramDescrBuild(MV_U32 config, int frag, + int cryptoOffset, int ivOffset, int cryptoLength, + int macOffset, int digestOffset, int macLength, int macTotalLen, + MV_CESA_REQ *pCesaReq, MV_DMA_DESC* pDmaDesc); + +static INLINE void mvCesaSramSaUpdate(short sid, MV_DMA_DESC *pDmaDesc); + +static INLINE int mvCesaDmaCopyPrepare(MV_CESA_MBUF* pMbuf, MV_U8* pSramBuf, + MV_DMA_DESC* pDmaDesc, MV_BOOL isToMbuf, + int offset, int copySize, MV_BOOL skipFlush); + +static void mvCesaHmacIvGet(MV_CESA_MAC_MODE macMode, unsigned char key[], int keyLength, + unsigned char innerIV[], unsigned char outerIV[]); + +static MV_STATUS mvCesaFragAuthComplete(MV_CESA_REQ* pReq, MV_CESA_SA* pSA, + int macDataSize); + +static MV_CESA_COMMAND* mvCesaCtrModeInit(void); + +static MV_STATUS mvCesaCtrModePrepare(MV_CESA_COMMAND *pCtrModeCmd, MV_CESA_COMMAND *pCmd); +static MV_STATUS mvCesaCtrModeComplete(MV_CESA_COMMAND *pOrgCmd, MV_CESA_COMMAND *pCmd); +static void mvCesaCtrModeFinish(MV_CESA_COMMAND *pCmd); + +static INLINE MV_STATUS mvCesaReqProcess(MV_CESA_REQ* pReq); +static MV_STATUS mvCesaFragReqProcess(MV_CESA_REQ* pReq, MV_U8 frag); + +static INLINE MV_STATUS mvCesaParamCheck(MV_CESA_SA* pSA, MV_CESA_COMMAND *pCmd, MV_U8* pFixOffset); +static INLINE MV_STATUS mvCesaFragParamCheck(MV_CESA_SA* pSA, MV_CESA_COMMAND *pCmd); + +static INLINE void mvCesaFragSizeFind(MV_CESA_SA* pSA, MV_CESA_REQ* pReq, + int cryptoOffset, int macOffset, + int* pCopySize, int* pCryptoDataSize, int* pMacDataSize); +static MV_STATUS mvCesaMbufCacheUnmap(MV_CESA_MBUF* pMbuf, int offset, int size); + + +/* Go to the next request in the request queue */ +static INLINE MV_CESA_REQ* MV_CESA_REQ_NEXT_PTR(MV_CESA_REQ* pReq) +{ + if(pReq == pCesaReqLast) + return pCesaReqFirst; + + return pReq+1; +} + +#if (MV_CESA_VERSION >= 3) +/* Go to the previous request in the request queue */ +static INLINE MV_CESA_REQ* MV_CESA_REQ_PREV_PTR(MV_CESA_REQ* pReq) +{ + if(pReq == pCesaReqFirst) + return pCesaReqLast; + + return pReq-1; +} + +#endif + + +static INLINE void mvCesaReqProcessStart(MV_CESA_REQ* pReq) +{ + int frag; + +#if (MV_CESA_VERSION >= 3) + pReq->state = MV_CESA_CHAIN; +#else + pReq->state = MV_CESA_PROCESS; +#endif + cesaStats.startCount++; + + if(pReq->fragMode == MV_CESA_FRAG_NONE) + { + frag = 0; + } + else + { + frag = pReq->frags.nextFrag; + pReq->frags.nextFrag++; + } +#if (MV_CESA_VERSION >= 2) + /* Enable TDMA engine */ + MV_REG_WRITE(MV_CESA_TDMA_CURR_DESC_PTR_REG, 0); + MV_REG_WRITE(MV_CESA_TDMA_NEXT_DESC_PTR_REG, + (MV_U32)mvCesaVirtToPhys(&pReq->dmaDescBuf, pReq->dma[frag].pDmaFirst)); +#else + /* Enable IDMA engine */ + MV_REG_WRITE(IDMA_CURR_DESC_PTR_REG(0), 0); + MV_REG_WRITE(IDMA_NEXT_DESC_PTR_REG(0), + (MV_U32)mvCesaVirtToPhys(&pReq->dmaDescBuf, pReq->dma[frag].pDmaFirst)); +#endif /* MV_CESA_VERSION >= 2 */ + +#if defined(MV_BRIDGE_SYNC_REORDER) + mvOsBridgeReorderWA(); +#endif + + /* Start Accelerator */ + MV_REG_WRITE(MV_CESA_CMD_REG, MV_CESA_CMD_CHAN_ENABLE_MASK); +} + + +/******************************************************************************* +* mvCesaHalInit - Initialize the CESA driver +* +* DESCRIPTION: +* This function initialize the CESA driver. +* 1) Session database +* 2) Request queue +* 4) DMA descriptor lists - one list per request. Each list +* has MV_CESA_MAX_DMA_DESC descriptors. +* +* INPUT: +* numOfSession - maximum number of supported sessions +* queueDepth - number of elements in the request queue. +* pSramBase - virtual address of Sram +* osHandle - A handle used by the OS to allocate memory for the +* module (Passed to the OS Services layer) +* +* RETURN: +* MV_OK - Success +* MV_NO_RESOURCE - Fail, can't allocate resources: +* Session database, request queue, +* DMA descriptors list, LRU cache database. +* MV_NOT_ALIGNED - Sram base address is not 8 byte aligned. +* +*******************************************************************************/ +MV_STATUS mvCesaHalInit (int numOfSession, int queueDepth, char* pSramBase, MV_U32 cryptEngBase, + void *osHandle) +{ + int i, req; + MV_U32 descOffsetReg, configReg; + MV_CESA_SRAM_SA *pSramSA; + + + mvOsPrintf("mvCesaInit: sessions=%d, queue=%d, pSram=%p\n", + numOfSession, queueDepth, pSramBase); + + cesaOsHandle = osHandle; + /* Create Session database */ + pCesaSAD = mvOsMalloc(sizeof(MV_CESA_SA)*numOfSession); + if(pCesaSAD == NULL) + { + mvOsPrintf("mvCesaInit: Can't allocate %u bytes for %d SAs\n", + sizeof(MV_CESA_SA)*numOfSession, numOfSession); + mvCesaFinish(); + return MV_NO_RESOURCE; + } + memset(pCesaSAD, 0, sizeof(MV_CESA_SA)*numOfSession); + cesaMaxSA = numOfSession; + + /* Allocate imag of sramSA in the DRAM */ + cesaSramSaBuf.bufSize = sizeof(MV_CESA_SRAM_SA)*numOfSession + + CPU_D_CACHE_LINE_SIZE; + + cesaSramSaBuf.bufVirtPtr = mvOsIoCachedMalloc(osHandle,cesaSramSaBuf.bufSize, + &cesaSramSaBuf.bufPhysAddr, + &cesaSramSaBuf.memHandle); + + if(cesaSramSaBuf.bufVirtPtr == NULL) + { + mvOsPrintf("mvCesaInit: Can't allocate %d bytes for sramSA structures\n", + cesaSramSaBuf.bufSize); + mvCesaFinish(); + return MV_NO_RESOURCE; + } + memset(cesaSramSaBuf.bufVirtPtr, 0, cesaSramSaBuf.bufSize); + pSramSA = (MV_CESA_SRAM_SA*)MV_ALIGN_UP((MV_ULONG)cesaSramSaBuf.bufVirtPtr, + CPU_D_CACHE_LINE_SIZE); + for(i=0; i= 3) + cesaChainLength = MAX_CESA_CHAIN_LENGTH; +#endif + /* pSramBase must be 8 byte aligned */ + if( MV_IS_NOT_ALIGN((MV_ULONG)pSramBase, 8) ) + { + mvOsPrintf("mvCesaInit: pSramBase (%p) must be 8 byte aligned\n", + pSramBase); + mvCesaFinish(); + return MV_NOT_ALIGNED; + } + cesaSramVirtPtr = (MV_CESA_SRAM_MAP*)pSramBase; + + cesaCryptEngBase = cryptEngBase; + + /*memset(cesaSramVirtPtr, 0, sizeof(MV_CESA_SRAM_MAP));*/ + + /* Clear registers */ + MV_REG_WRITE( MV_CESA_CFG_REG, 0); + MV_REG_WRITE( MV_CESA_ISR_CAUSE_REG, 0); + MV_REG_WRITE( MV_CESA_ISR_MASK_REG, 0); + + /* Initialize DMA descriptor lists for all requests in Request queue */ + descOffsetReg = configReg = 0; + for(req=0; reqcesaDescBuf.bufSize = sizeof(MV_CESA_DESC)*MV_CESA_MAX_REQ_FRAGS + + CPU_D_CACHE_LINE_SIZE; + + pReq->cesaDescBuf.bufVirtPtr = + mvOsIoCachedMalloc(osHandle,pReq->cesaDescBuf.bufSize, + &pReq->cesaDescBuf.bufPhysAddr, + &pReq->cesaDescBuf.memHandle); + + if(pReq->cesaDescBuf.bufVirtPtr == NULL) + { + mvOsPrintf("mvCesaInit: req=%d, Can't allocate %d bytes for CESA descriptors\n", + req, pReq->cesaDescBuf.bufSize); + mvCesaFinish(); + return MV_NO_RESOURCE; + } + memset(pReq->cesaDescBuf.bufVirtPtr, 0, pReq->cesaDescBuf.bufSize); + pReq->pCesaDesc = (MV_CESA_DESC*)MV_ALIGN_UP((MV_ULONG)pReq->cesaDescBuf.bufVirtPtr, + CPU_D_CACHE_LINE_SIZE); + + pReq->dmaDescBuf.bufSize = sizeof(MV_DMA_DESC)*MV_CESA_MAX_DMA_DESC*MV_CESA_MAX_REQ_FRAGS + + CPU_D_CACHE_LINE_SIZE; + + pReq->dmaDescBuf.bufVirtPtr = + mvOsIoCachedMalloc(osHandle,pReq->dmaDescBuf.bufSize, + &pReq->dmaDescBuf.bufPhysAddr, + &pReq->dmaDescBuf.memHandle); + + if(pReq->dmaDescBuf.bufVirtPtr == NULL) + { + mvOsPrintf("mvCesaInit: req=%d, Can't allocate %d bytes for DMA descriptor list\n", + req, pReq->dmaDescBuf.bufSize); + mvCesaFinish(); + return MV_NO_RESOURCE; + } + memset(pReq->dmaDescBuf.bufVirtPtr, 0, pReq->dmaDescBuf.bufSize); + pDmaDesc = (MV_DMA_DESC*)MV_ALIGN_UP((MV_ULONG)pReq->dmaDescBuf.bufVirtPtr, + CPU_D_CACHE_LINE_SIZE); + + for(frag=0; fragdma[frag]; + + pDma->pDmaFirst = pDmaDesc; + pDma->pDmaLast = NULL; + + for(i=0; ipDmaFirst[i].phyNextDescPtr = + MV_32BIT_LE(mvCesaVirtToPhys(&pReq->dmaDescBuf, &pDmaDesc[i+1])); + } + pDma->pDmaFirst[i].phyNextDescPtr = 0; + mvOsCacheFlush(NULL, &pDma->pDmaFirst[0], MV_CESA_MAX_DMA_DESC*sizeof(MV_DMA_DESC)); + + pDmaDesc += MV_CESA_MAX_DMA_DESC; + } + } + /*mvCesaCryptoIvSet(NULL, MV_CESA_MAX_IV_LENGTH);*/ + descOffsetReg = (MV_U16)((MV_U8*)&cesaSramVirtPtr->desc - mvCesaSramAddrGet()); + MV_REG_WRITE(MV_CESA_CHAN_DESC_OFFSET_REG, descOffsetReg); + + configReg |= (MV_CESA_CFG_WAIT_DMA_MASK | MV_CESA_CFG_ACT_DMA_MASK); +#if (MV_CESA_VERSION >= 3) + configReg |= MV_CESA_CFG_CHAIN_MODE_MASK; +#endif + +#if (MV_CESA_VERSION >= 2) + /* Initialize TDMA engine */ + MV_REG_WRITE(MV_CESA_TDMA_CTRL_REG, MV_CESA_TDMA_CTRL_VALUE); + MV_REG_WRITE(MV_CESA_TDMA_BYTE_COUNT_REG, 0); + MV_REG_WRITE(MV_CESA_TDMA_CURR_DESC_PTR_REG, 0); +#else + /* Initialize IDMA #0 engine */ + MV_REG_WRITE(IDMA_CTRL_LOW_REG(0), 0); + MV_REG_WRITE(IDMA_BYTE_COUNT_REG(0), 0); + MV_REG_WRITE(IDMA_CURR_DESC_PTR_REG(0), 0); + MV_REG_WRITE(IDMA_CTRL_HIGH_REG(0), ICCHR_ENDIAN_LITTLE +#ifdef MV_CPU_LE + | ICCHR_DESC_BYTE_SWAP_EN +#endif + ); + /* Clear Cause Byte of IDMA channel to be used */ + MV_REG_WRITE( IDMA_CAUSE_REG, ~ICICR_CAUSE_MASK_ALL(0)); + MV_REG_WRITE(IDMA_CTRL_LOW_REG(0), MV_CESA_IDMA_CTRL_LOW_VALUE); +#endif /* (MV_CESA_VERSION >= 2) */ + + /* Set CESA configuration registers */ + MV_REG_WRITE( MV_CESA_CFG_REG, configReg); + mvCesaDebugStatsClear(); + + return MV_OK; +} + +/******************************************************************************* +* mvCesaFinish - Shutdown the CESA driver +* +* DESCRIPTION: +* This function shutdown the CESA driver and free all allocted resources. +* +* INPUT: None +* +* RETURN: +* MV_OK - Success +* Other - Fail +* +*******************************************************************************/ +MV_STATUS mvCesaFinish (void) +{ + int req; + MV_CESA_REQ* pReq; + + mvOsPrintf("mvCesaFinish: \n"); + + cesaSramVirtPtr = NULL; + + /* Free all resources: DMA list, etc. */ + for(req=0; reqdmaDescBuf.bufVirtPtr != NULL) + { + mvOsIoCachedFree(cesaOsHandle,pReq->dmaDescBuf.bufSize, + pReq->dmaDescBuf.bufPhysAddr, + pReq->dmaDescBuf.bufVirtPtr, + pReq->dmaDescBuf.memHandle); + } + if(pReq->cesaDescBuf.bufVirtPtr != NULL) + { + mvOsIoCachedFree(cesaOsHandle,pReq->cesaDescBuf.bufSize, + pReq->cesaDescBuf.bufPhysAddr, + pReq->cesaDescBuf.bufVirtPtr, + pReq->cesaDescBuf.memHandle); + } + } +#if (MV_CESA_VERSION < 2) + MV_REG_WRITE(IDMA_CTRL_LOW_REG(0), 0); +#endif /* (MV_CESA_VERSION < 2) */ + + /* Free request queue */ + if(pCesaReqFirst != NULL) + { + mvOsFree(pCesaReqFirst); + pCesaReqFirst = pCesaReqLast = NULL; + pCesaReqEmpty = pCesaReqProcess = NULL; + cesaQueueDepth = cesaReqResources = 0; + } + /* Free SA database */ + if(pCesaSAD != NULL) + { + mvOsFree(pCesaSAD); + pCesaSAD = NULL; + cesaMaxSA = 0; + } + MV_REG_WRITE( MV_CESA_CFG_REG, 0); + MV_REG_WRITE( MV_CESA_ISR_CAUSE_REG, 0); + MV_REG_WRITE( MV_CESA_ISR_MASK_REG, 0); + + return MV_OK; +} + +/******************************************************************************* +* mvCesaCryptoIvSet - Set IV value for Crypto algorithm working in CBC mode +* +* DESCRIPTION: +* This function set IV value using by Crypto algorithms in CBC mode. +* Each channel has its own IV value. +* This function gets IV value from the caller. If no IV value passed from +* the caller or only part of IV passed, the function will init the rest part +* of IV value (or the whole IV) by random value. +* +* INPUT: +* MV_U8* pIV - Pointer to IV value supplied by user. If pIV==NULL +* the function will generate random IV value. +* int ivSize - size (in bytes) of IV provided by user. If ivSize is +* smaller than maximum IV size, the function will complete +* IV by random value. +* +* RETURN: +* MV_OK - Success +* Other - Fail +* +*******************************************************************************/ +MV_STATUS mvCesaCryptoIvSet(MV_U8* pIV, int ivSize) +{ + MV_U8* pSramIV; +#if defined(MV646xx) + mvOsPrintf("mvCesaCryptoIvSet: ERR. shouldn't use this call on MV64660\n"); +#endif + pSramIV = cesaSramVirtPtr->cryptoIV; + if(ivSize > MV_CESA_MAX_IV_LENGTH) + { + mvOsPrintf("mvCesaCryptoIvSet: ivSize (%d) is too large\n", ivSize); + ivSize = MV_CESA_MAX_IV_LENGTH; + } + if(pIV != NULL) + { + memcpy(pSramIV, pIV, ivSize); + ivSize = MV_CESA_MAX_IV_LENGTH - ivSize; + pSramIV += ivSize; + } + + while(ivSize > 0) + { + int size, mv_random = mvOsRand(); + + size = MV_MIN(ivSize, sizeof(mv_random)); + memcpy(pSramIV, (void*)&mv_random, size); + + pSramIV += size; + ivSize -= size; + } +/* + mvOsCacheFlush(NULL, cesaSramVirtPtr->cryptoIV, + MV_CESA_MAX_IV_LENGTH); + mvOsCacheInvalidate(NULL, cesaSramVirtPtr->cryptoIV, + MV_CESA_MAX_IV_LENGTH); +*/ + return MV_OK; +} + +/******************************************************************************* +* mvCesaSessionOpen - Open new uni-directional crypto session +* +* DESCRIPTION: +* This function open new session. +* +* INPUT: +* MV_CESA_OPEN_SESSION *pSession - pointer to new session input parameters +* +* OUTPUT: +* short *pSid - session ID, should be used for all future +* requests over this session. +* +* RETURN: +* MV_OK - Session opend successfully. +* MV_FULL - All sessions are in use, no free place in +* SA database. +* MV_BAD_PARAM - One of session input parameters is invalid. +* +*******************************************************************************/ +MV_STATUS mvCesaSessionOpen(MV_CESA_OPEN_SESSION *pSession, short* pSid) +{ + short sid; + MV_U32 config = 0; + int digestSize; + + cesaStats.openedCount++; + + /* Find free entry in SAD */ + for(sid=0; sidoperation >= MV_CESA_MAX_OPERATION) + { + mvOsPrintf("mvCesaSessionOpen: Unexpected operation %d\n", + pSession->operation); + return MV_BAD_PARAM; + } + config |= (pSession->operation << MV_CESA_OPERATION_OFFSET); + + if( (pSession->direction != MV_CESA_DIR_ENCODE) && + (pSession->direction != MV_CESA_DIR_DECODE) ) + { + mvOsPrintf("mvCesaSessionOpen: Unexpected direction %d\n", + pSession->direction); + return MV_BAD_PARAM; + } + config |= (pSession->direction << MV_CESA_DIRECTION_BIT); + /* Clear SA entry */ + /* memset(&pCesaSAD[sid], 0, sizeof(pCesaSAD[sid])); */ + + /* Check AUTH parameters and update SA entry */ + if(pSession->operation != MV_CESA_CRYPTO_ONLY) + { + /* For HMAC (MD5 and SHA1) - Maximum Key size is 64 bytes */ + if( (pSession->macMode == MV_CESA_MAC_HMAC_MD5) || + (pSession->macMode == MV_CESA_MAC_HMAC_SHA1) ) + { + if(pSession->macKeyLength > MV_CESA_MAX_MAC_KEY_LENGTH) + { + mvOsPrintf("mvCesaSessionOpen: macKeyLength %d is too large\n", + pSession->macKeyLength); + return MV_BAD_PARAM; + } + mvCesaHmacIvGet(pSession->macMode, pSession->macKey, pSession->macKeyLength, + pCesaSAD[sid].pSramSA->macInnerIV, + pCesaSAD[sid].pSramSA->macOuterIV); + pCesaSAD[sid].macKeyLength = pSession->macKeyLength; + } + switch(pSession->macMode) + { + case MV_CESA_MAC_MD5: + case MV_CESA_MAC_HMAC_MD5: + digestSize = MV_CESA_MD5_DIGEST_SIZE; + break; + + case MV_CESA_MAC_SHA1: + case MV_CESA_MAC_HMAC_SHA1: + digestSize = MV_CESA_SHA1_DIGEST_SIZE; + break; + + default: + mvOsPrintf("mvCesaSessionOpen: Unexpected macMode %d\n", + pSession->macMode); + return MV_BAD_PARAM; + } + config |= (pSession->macMode << MV_CESA_MAC_MODE_OFFSET); + + /* Supported digest sizes: MD5 - 16 bytes (128 bits), */ + /* SHA1 - 20 bytes (160 bits) or 12 bytes (96 bits) for both */ + if( (pSession->digestSize != digestSize) && (pSession->digestSize != 12)) + { + mvOsPrintf("mvCesaSessionOpen: Unexpected digest size %d\n", + pSession->digestSize); + mvOsPrintf("\t Valid values [bytes]: MD5-16, SHA1-20, Both-12\n"); + return MV_BAD_PARAM; + } + pCesaSAD[sid].digestSize = pSession->digestSize; + + if(pCesaSAD[sid].digestSize == 12) + { + /* Set MV_CESA_MAC_DIGEST_SIZE_BIT if digest size is 96 bits */ + config |= (MV_CESA_MAC_DIGEST_96B << MV_CESA_MAC_DIGEST_SIZE_BIT); + } + } + + /* Check CRYPTO parameters and update SA entry */ + if(pSession->operation != MV_CESA_MAC_ONLY) + { + switch(pSession->cryptoAlgorithm) + { + case MV_CESA_CRYPTO_DES: + pCesaSAD[sid].cryptoKeyLength = MV_CESA_DES_KEY_LENGTH; + pCesaSAD[sid].cryptoBlockSize = MV_CESA_DES_BLOCK_SIZE; + break; + + case MV_CESA_CRYPTO_3DES: + pCesaSAD[sid].cryptoKeyLength = MV_CESA_3DES_KEY_LENGTH; + pCesaSAD[sid].cryptoBlockSize = MV_CESA_DES_BLOCK_SIZE; + /* Only EDE mode is supported */ + config |= (MV_CESA_CRYPTO_3DES_EDE << + MV_CESA_CRYPTO_3DES_MODE_BIT); + break; + + case MV_CESA_CRYPTO_AES: + switch(pSession->cryptoKeyLength) + { + case 16: + pCesaSAD[sid].cryptoKeyLength = MV_CESA_AES_128_KEY_LENGTH; + config |= (MV_CESA_CRYPTO_AES_KEY_128 << + MV_CESA_CRYPTO_AES_KEY_LEN_OFFSET); + break; + + case 24: + pCesaSAD[sid].cryptoKeyLength = MV_CESA_AES_192_KEY_LENGTH; + config |= (MV_CESA_CRYPTO_AES_KEY_192 << + MV_CESA_CRYPTO_AES_KEY_LEN_OFFSET); + break; + + case 32: + default: + pCesaSAD[sid].cryptoKeyLength = MV_CESA_AES_256_KEY_LENGTH; + config |= (MV_CESA_CRYPTO_AES_KEY_256 << + MV_CESA_CRYPTO_AES_KEY_LEN_OFFSET); + break; + } + pCesaSAD[sid].cryptoBlockSize = MV_CESA_AES_BLOCK_SIZE; + break; + + default: + mvOsPrintf("mvCesaSessionOpen: Unexpected cryptoAlgorithm %d\n", + pSession->cryptoAlgorithm); + return MV_BAD_PARAM; + } + config |= (pSession->cryptoAlgorithm << MV_CESA_CRYPTO_ALG_OFFSET); + + if(pSession->cryptoKeyLength != pCesaSAD[sid].cryptoKeyLength) + { + mvOsPrintf("cesaSessionOpen: Wrong CryptoKeySize %d != %d\n", + pSession->cryptoKeyLength, pCesaSAD[sid].cryptoKeyLength); + return MV_BAD_PARAM; + } + + /* Copy Crypto key */ + if( (pSession->cryptoAlgorithm == MV_CESA_CRYPTO_AES) && + (pSession->direction == MV_CESA_DIR_DECODE)) + { + /* Crypto Key for AES decode is computed from original key material */ + /* and depend on cryptoKeyLength (128/192/256 bits) */ + aesMakeKey(pCesaSAD[sid].pSramSA->cryptoKey, pSession->cryptoKey, + pSession->cryptoKeyLength*8, MV_CESA_AES_BLOCK_SIZE*8); + } + else + { + /*panic("mvCesaSessionOpen2");*/ + memcpy(pCesaSAD[sid].pSramSA->cryptoKey, pSession->cryptoKey, + pCesaSAD[sid].cryptoKeyLength); + + } + + switch(pSession->cryptoMode) + { + case MV_CESA_CRYPTO_ECB: + pCesaSAD[sid].cryptoIvSize = 0; + break; + + case MV_CESA_CRYPTO_CBC: + pCesaSAD[sid].cryptoIvSize = pCesaSAD[sid].cryptoBlockSize; + break; + + case MV_CESA_CRYPTO_CTR: + /* Supported only for AES algorithm */ + if(pSession->cryptoAlgorithm != MV_CESA_CRYPTO_AES) + { + mvOsPrintf("mvCesaSessionOpen: CRYPTO CTR mode supported for AES only\n"); + return MV_BAD_PARAM; + } + pCesaSAD[sid].cryptoIvSize = 0; + pCesaSAD[sid].ctrMode = 1; + /* Replace to ECB mode for HW */ + pSession->cryptoMode = MV_CESA_CRYPTO_ECB; + break; + + default: + mvOsPrintf("mvCesaSessionOpen: Unexpected cryptoMode %d\n", + pSession->cryptoMode); + return MV_BAD_PARAM; + } + + config |= (pSession->cryptoMode << MV_CESA_CRYPTO_MODE_BIT); + } + pCesaSAD[sid].config = config; + + mvOsCacheFlush(NULL, pCesaSAD[sid].pSramSA, sizeof(MV_CESA_SRAM_SA)); + if(pSid != NULL) + *pSid = sid; + + pCesaSAD[sid].valid = 1; + return MV_OK; +} + +/******************************************************************************* +* mvCesaSessionClose - Close active crypto session +* +* DESCRIPTION: +* This function closes existing session +* +* INPUT: +* short sid - Unique identifier of the session to be closed +* +* RETURN: +* MV_OK - Session closed successfully. +* MV_BAD_PARAM - Session identifier is out of valid range. +* MV_NOT_FOUND - There is no active session with such ID. +* +*******************************************************************************/ +MV_STATUS mvCesaSessionClose(short sid) +{ + cesaStats.closedCount++; + + if(sid >= cesaMaxSA) + { + mvOsPrintf("CESA Error: sid (%d) is too big\n", sid); + return MV_BAD_PARAM; + } + if(pCesaSAD[sid].valid == 0) + { + mvOsPrintf("CESA Warning: Session (sid=%d) is invalid\n", sid); + return MV_NOT_FOUND; + } + if(cesaLastSid == sid) + cesaLastSid = -1; + + pCesaSAD[sid].valid = 0; + return MV_OK; +} + +/******************************************************************************* +* mvCesaAction - Perform crypto operation +* +* DESCRIPTION: +* This function set new CESA request FIFO queue for further HW processing. +* The function checks request parameters before set new request to the queue. +* If one of the CESA channels is ready for processing the request will be +* passed to HW. When request processing is finished the CESA interrupt will +* be generated by HW. The caller should call mvCesaReadyGet() function to +* complete request processing and get result. +* +* INPUT: +* MV_CESA_COMMAND *pCmd - pointer to new CESA request. +* It includes pointers to Source and Destination +* buffers, session identifier get from +* mvCesaSessionOpen() function, pointer to caller +* private data and all needed crypto parameters. +* +* RETURN: +* MV_OK - request successfully added to request queue +* and will be processed. +* MV_NO_MORE - request successfully added to request queue and will +* be processed, but request queue became Full and next +* request will not be accepted. +* MV_NO_RESOURCE - request queue is FULL and the request can not +* be processed. +* MV_OUT_OF_CPU_MEM - memory allocation needed for request processing is +* failed. Request can not be processed. +* MV_NOT_ALLOWED - This mixed request (CRYPTO+MAC) can not be processed +* as one request and should be splitted for two requests: +* CRYPTO_ONLY and MAC_ONLY. +* MV_BAD_PARAM - One of the request parameters is out of valid range. +* The request can not be processed. +* +*******************************************************************************/ +MV_STATUS mvCesaAction (MV_CESA_COMMAND *pCmd) +{ + MV_STATUS status; + MV_CESA_REQ* pReq = pCesaReqEmpty; + int sid = pCmd->sessionId; + MV_CESA_SA* pSA = &pCesaSAD[sid]; +#if (MV_CESA_VERSION >= 3) + MV_CESA_REQ* pFromReq; + MV_CESA_REQ* pToReq; +#endif + cesaStats.reqCount++; + + /* Check that the request queue is not FULL */ + if(cesaReqResources == 0) + return MV_NO_RESOURCE; + + if( (sid >= cesaMaxSA) || (!pSA->valid) ) + { + mvOsPrintf("CESA Action Error: Session sid=%d is INVALID\n", sid); + return MV_BAD_PARAM; + } + pSA->count++; + + if(pSA->ctrMode) + { + /* AES in CTR mode can't be mixed with Authentication */ + if( (pSA->config & MV_CESA_OPERATION_MASK) != + (MV_CESA_CRYPTO_ONLY << MV_CESA_OPERATION_OFFSET) ) + { + mvOsPrintf("mvCesaAction : CRYPTO CTR mode can't be mixed with AUTH\n"); + return MV_NOT_ALLOWED; + } + /* All other request parameters should not be checked because key stream */ + /* (not user data) processed by AES HW engine */ + pReq->pOrgCmd = pCmd; + /* Allocate temporary pCmd structure for Key stream */ + pCmd = mvCesaCtrModeInit(); + if(pCmd == NULL) + return MV_OUT_OF_CPU_MEM; + + /* Prepare Key stream */ + mvCesaCtrModePrepare(pCmd, pReq->pOrgCmd); + pReq->fixOffset = 0; + } + else + { + /* Check request parameters and calculae fixOffset */ + status = mvCesaParamCheck(pSA, pCmd, &pReq->fixOffset); + if(status != MV_OK) + { + return status; + } + } + pReq->pCmd = pCmd; + + /* Check if the packet need fragmentation */ + if(pCmd->pSrc->mbufSize <= sizeof(cesaSramVirtPtr->buf) ) + { + /* request size is smaller than single buffer size */ + pReq->fragMode = MV_CESA_FRAG_NONE; + + /* Prepare NOT fragmented packets */ + status = mvCesaReqProcess(pReq); + if(status != MV_OK) + { + mvOsPrintf("CesaReady: ReqProcess error: pReq=%p, status=0x%x\n", + pReq, status); + } +#if (MV_CESA_VERSION >= 3) + pReq->frags.numFrag = 1; +#endif + } + else + { + MV_U8 frag = 0; + + /* request size is larger than buffer size - needs fragmentation */ + + /* Check restrictions for processing fragmented packets */ + status = mvCesaFragParamCheck(pSA, pCmd); + if(status != MV_OK) + return status; + + pReq->fragMode = MV_CESA_FRAG_FIRST; + pReq->frags.nextFrag = 0; + + /* Prepare Process Fragmented packets */ + while(pReq->fragMode != MV_CESA_FRAG_LAST) + { + if(frag >= MV_CESA_MAX_REQ_FRAGS) + { + mvOsPrintf("mvCesaAction Error: Too large request frag=%d\n", frag); + return MV_OUT_OF_CPU_MEM; + } + status = mvCesaFragReqProcess(pReq, frag); + if(status == MV_OK) { +#if (MV_CESA_VERSION >= 3) + if(frag) { + pReq->dma[frag-1].pDmaLast->phyNextDescPtr = + MV_32BIT_LE(mvCesaVirtToPhys(&pReq->dmaDescBuf, pReq->dma[frag].pDmaFirst)); + mvOsCacheFlush(NULL, pReq->dma[frag-1].pDmaLast, sizeof(MV_DMA_DESC)); + } +#endif + frag++; + } + } + pReq->frags.numFrag = frag; +#if (MV_CESA_VERSION >= 3) + if(chainReqNum) { + chainReqNum += pReq->frags.numFrag; + if(chainReqNum >= MAX_CESA_CHAIN_LENGTH) + chainReqNum = MAX_CESA_CHAIN_LENGTH; + } +#endif + } + + pReq->state = MV_CESA_PENDING; + + pCesaReqEmpty = MV_CESA_REQ_NEXT_PTR(pReq); + cesaReqResources -= 1; + +/* #ifdef CESA_DEBUG */ + if( (cesaQueueDepth - cesaReqResources) > cesaStats.maxReqCount) + cesaStats.maxReqCount = (cesaQueueDepth - cesaReqResources); +/* #endif CESA_DEBUG */ + + cesaLastSid = sid; + +#if (MV_CESA_VERSION >= 3) + /* Are we within chain bounderies and follows the first request ? */ + if((chainReqNum > 0) && (chainReqNum < MAX_CESA_CHAIN_LENGTH)) { + if(chainIndex) { + pFromReq = MV_CESA_REQ_PREV_PTR(pReq); + pToReq = pReq; + pReq->state = MV_CESA_CHAIN; + /* assume concatenating is possible */ + pFromReq->dma[pFromReq->frags.numFrag-1].pDmaLast->phyNextDescPtr = + MV_32BIT_LE(mvCesaVirtToPhys(&pToReq->dmaDescBuf, pToReq->dma[0].pDmaFirst)); + mvOsCacheFlush(NULL, pFromReq->dma[pFromReq->frags.numFrag-1].pDmaLast, sizeof(MV_DMA_DESC)); + + /* align active & next pointers */ + if(pNextActiveChain->state != MV_CESA_PENDING) + pEndCurrChain = pNextActiveChain = MV_CESA_REQ_NEXT_PTR(pReq); + } + else { /* we have only one chain, start new one */ + chainReqNum = 0; + chainIndex++; + /* align active & next pointers */ + if(pNextActiveChain->state != MV_CESA_PENDING) + pEndCurrChain = pNextActiveChain = pReq; + } + } + else { + /* In case we concatenate full chain */ + if(chainReqNum == MAX_CESA_CHAIN_LENGTH) { + chainIndex++; + if(pNextActiveChain->state != MV_CESA_PENDING) + pEndCurrChain = pNextActiveChain = pReq; + chainReqNum = 0; + } + + pReq = pCesaReqProcess; + if(pReq->state == MV_CESA_PENDING) { + pNextActiveChain = pReq; + pEndCurrChain = MV_CESA_REQ_NEXT_PTR(pReq); + /* Start Process new request */ + mvCesaReqProcessStart(pReq); + } + } + + chainReqNum++; + + if((chainIndex < MAX_CESA_CHAIN_LENGTH) && (chainReqNum > cesaStats.maxChainUsage)) + cesaStats.maxChainUsage = chainReqNum; + +#else + + /* Check status of CESA channels and process requests if possible */ + pReq = pCesaReqProcess; + if(pReq->state == MV_CESA_PENDING) + { + /* Start Process new request */ + mvCesaReqProcessStart(pReq); + } +#endif + /* If request queue became FULL - return MV_NO_MORE */ + if(cesaReqResources == 0) + return MV_NO_MORE; + + return MV_OK; + +} + +/******************************************************************************* +* mvCesaReadyGet - Get crypto request that processing is finished +* +* DESCRIPTION: +* This function complete request processing and return ready request to +* caller. To don't miss interrupts the caller must call this function +* while MV_OK or MV_TERMINATE values returned. +* +* INPUT: +* MV_U32 chanMap - map of CESA channels finished thier job +* accordingly with CESA Cause register. +* MV_CESA_RESULT* pResult - pointer to structure contains information +* about ready request. It includes pointer to +* user private structure "pReqPrv", session identifier +* for this request "sessionId" and return code. +* Return code set to MV_FAIL if calculated digest value +* on decode direction is different than digest value +* in the packet. +* +* RETURN: +* MV_OK - Success, ready request is returned. +* MV_NOT_READY - Next request is not ready yet. New interrupt will +* be generated for futher request processing. +* MV_EMPTY - There is no more request for processing. +* MV_BUSY - Fragmented request is not ready yet. +* MV_TERMINATE - Call this function once more to complete processing +* of fragmented request. +* +*******************************************************************************/ +MV_STATUS mvCesaReadyGet(MV_CESA_RESULT* pResult) +{ + MV_STATUS status, readyStatus = MV_NOT_READY; + MV_U32 statusReg; + MV_CESA_REQ* pReq; + MV_CESA_SA* pSA; + +#if (MV_CESA_VERSION >= 3) + if(isFirstReq == MV_TRUE) { + if(chainIndex == 0) + chainReqNum = 0; + + isFirstReq = MV_FALSE; + + if(pNextActiveChain->state == MV_CESA_PENDING) { + /* Start request Process */ + mvCesaReqProcessStart(pNextActiveChain); + pEndCurrChain = pNextActiveChain; + if(chainIndex > 0) + chainIndex--; + /* Update pNextActiveChain to next chain head */ + while(pNextActiveChain->state == MV_CESA_CHAIN) + pNextActiveChain = MV_CESA_REQ_NEXT_PTR(pNextActiveChain); + } + } + + /* Check if there are more processed requests - can we remove pEndCurrChain ??? */ + if(pCesaReqProcess == pEndCurrChain) { + isFirstReq = MV_TRUE; + pEndCurrChain = pNextActiveChain; +#else + if(pCesaReqProcess->state != MV_CESA_PROCESS) { +#endif + return MV_EMPTY; + } + +#ifdef CESA_DEBUG + statusReg = MV_REG_READ(MV_CESA_STATUS_REG); + if( statusReg & MV_CESA_STATUS_ACTIVE_MASK ) + { + mvOsPrintf("mvCesaReadyGet: Not Ready, Status = 0x%x\n", statusReg); + cesaStats.notReadyCount++; + return MV_NOT_READY; + } +#endif /* CESA_DEBUG */ + + cesaStats.readyCount++; + + pReq = pCesaReqProcess; + pSA = &pCesaSAD[pReq->pCmd->sessionId]; + + pResult->retCode = MV_OK; + if(pReq->fragMode != MV_CESA_FRAG_NONE) + { + MV_U8* pNewDigest; + int frag; +#if (MV_CESA_VERSION >= 3) + pReq->frags.nextFrag = 1; + while(pReq->frags.nextFrag <= pReq->frags.numFrag) { +#endif + frag = (pReq->frags.nextFrag - 1); + + /* Restore DMA descriptor list */ + pReq->dma[frag].pDmaLast->phyNextDescPtr = + MV_32BIT_LE(mvCesaVirtToPhys(&pReq->dmaDescBuf, &pReq->dma[frag].pDmaLast[1])); + pReq->dma[frag].pDmaLast = NULL; + + /* Special processing for finished fragmented request */ + if(pReq->frags.nextFrag >= pReq->frags.numFrag) + { + mvCesaMbufCacheUnmap(pReq->pCmd->pDst, 0, pReq->pCmd->pDst->mbufSize); + + /* Fragmented packet is ready */ + if( (pSA->config & MV_CESA_OPERATION_MASK) != + (MV_CESA_CRYPTO_ONLY << MV_CESA_OPERATION_OFFSET) ) + { + int macDataSize = pReq->pCmd->macLength - pReq->frags.macSize; + + if(macDataSize != 0) + { + /* Calculate all other blocks by SW */ + mvCesaFragAuthComplete(pReq, pSA, macDataSize); + } + + /* Copy new digest from SRAM to the Destination buffer */ + pNewDigest = cesaSramVirtPtr->buf + pReq->frags.newDigestOffset; + status = mvCesaCopyToMbuf(pNewDigest, pReq->pCmd->pDst, + pReq->pCmd->digestOffset, pSA->digestSize); + + /* For decryption: Compare new digest value with original one */ + if((pSA->config & MV_CESA_DIRECTION_MASK) == + (MV_CESA_DIR_DECODE << MV_CESA_DIRECTION_BIT)) + { + if( memcmp(pNewDigest, pReq->frags.orgDigest, pSA->digestSize) != 0) + { +/* + mvOsPrintf("Digest error: chan=%d, newDigest=%p, orgDigest=%p, status = 0x%x\n", + chan, pNewDigest, pReq->frags.orgDigest, MV_REG_READ(MV_CESA_STATUS_REG)); +*/ + /* Signiture verification is failed */ + pResult->retCode = MV_FAIL; + } + } + } + readyStatus = MV_OK; + } +#if (MV_CESA_VERSION >= 3) + pReq->frags.nextFrag++; + } +#endif + } + else + { + mvCesaMbufCacheUnmap(pReq->pCmd->pDst, 0, pReq->pCmd->pDst->mbufSize); + + /* Restore DMA descriptor list */ + pReq->dma[0].pDmaLast->phyNextDescPtr = + MV_32BIT_LE(mvCesaVirtToPhys(&pReq->dmaDescBuf, &pReq->dma[0].pDmaLast[1])); + pReq->dma[0].pDmaLast = NULL; + if( ((pSA->config & MV_CESA_OPERATION_MASK) != + (MV_CESA_CRYPTO_ONLY << MV_CESA_OPERATION_OFFSET) ) && + ((pSA->config & MV_CESA_DIRECTION_MASK) == + (MV_CESA_DIR_DECODE << MV_CESA_DIRECTION_BIT)) ) + { + /* For AUTH on decode : Check Digest result in Status register */ + statusReg = MV_REG_READ(MV_CESA_STATUS_REG); + if(statusReg & MV_CESA_STATUS_DIGEST_ERR_MASK) + { +/* + mvOsPrintf("Digest error: chan=%d, status = 0x%x\n", + chan, statusReg); +*/ + /* Signiture verification is failed */ + pResult->retCode = MV_FAIL; + } + } + readyStatus = MV_OK; + } + + if(readyStatus == MV_OK) + { + /* If Request is ready - Prepare pResult structure */ + pResult->pReqPrv = pReq->pCmd->pReqPrv; + pResult->sessionId = pReq->pCmd->sessionId; + + pReq->state = MV_CESA_IDLE; + pCesaReqProcess = MV_CESA_REQ_NEXT_PTR(pReq); + cesaReqResources++; + + if(pSA->ctrMode) + { + /* For AES CTR mode - complete processing and free allocated resources */ + mvCesaCtrModeComplete(pReq->pOrgCmd, pReq->pCmd); + mvCesaCtrModeFinish(pReq->pCmd); + pReq->pOrgCmd = NULL; + } + } + +#if (MV_CESA_VERSION < 3) + if(pCesaReqProcess->state == MV_CESA_PROCESS) + { + /* Start request Process */ + mvCesaReqProcessStart(pCesaReqProcess); + if(readyStatus == MV_NOT_READY) + readyStatus = MV_BUSY; + } + else if(pCesaReqProcess != pCesaReqEmpty) + { + /* Start process new request from the queue */ + mvCesaReqProcessStart(pCesaReqProcess); + } +#endif + return readyStatus; +} + +/***************** Functions to work with CESA_MBUF structure ******************/ + +/******************************************************************************* +* mvCesaMbufOffset - Locate offset in the Mbuf structure +* +* DESCRIPTION: +* This function locates offset inside Multi-Bufeer structure. +* It get fragment number and place in the fragment where the offset +* is located. +* +* +* INPUT: +* MV_CESA_MBUF* pMbuf - Pointer to multi-buffer structure +* int offset - Offset from the beginning of the data presented by +* the Mbuf structure. +* +* OUTPUT: +* int* pBufOffset - Offset from the beginning of the fragment where +* the offset is located. +* +* RETURN: +* int - Number of fragment, where the offset is located\ +* +*******************************************************************************/ +int mvCesaMbufOffset(MV_CESA_MBUF* pMbuf, int offset, int* pBufOffset) +{ + int frag = 0; + + while(offset > 0) + { + if(frag >= pMbuf->numFrags) + { + mvOsPrintf("mvCesaMbufOffset: Error: frag (%d) > numFrags (%d)\n", + frag, pMbuf->numFrags); + return MV_INVALID; + } + if(offset < pMbuf->pFrags[frag].bufSize) + { + break; + } + offset -= pMbuf->pFrags[frag].bufSize; + frag++; + } + if(pBufOffset != NULL) + *pBufOffset = offset; + + return frag; +} + +/******************************************************************************* +* mvCesaCopyFromMbuf - Copy data from the Mbuf structure to continuous buffer +* +* DESCRIPTION: +* +* +* INPUT: +* MV_U8* pDstBuf - Pointer to continuous buffer, where data is +* copied to. +* MV_CESA_MBUF* pSrcMbuf - Pointer to multi-buffer structure where data is +* copied from. +* int offset - Offset in the Mbuf structure where located first +* byte of data should be copied. +* int size - Size of data should be copied +* +* RETURN: +* MV_OK - Success, all data is copied successfully. +* MV_OUT_OF_RANGE - Failed, offset is out of Multi-buffer data range. +* No data is copied. +* MV_EMPTY - Multi-buffer structure has not enough data to copy +* Data from the offset to end of Mbuf data is copied. +* +*******************************************************************************/ +MV_STATUS mvCesaCopyFromMbuf(MV_U8* pDstBuf, MV_CESA_MBUF* pSrcMbuf, + int offset, int size) +{ + int frag, fragOffset, bufSize; + MV_U8* pBuf; + + if(size == 0) + return MV_OK; + + frag = mvCesaMbufOffset(pSrcMbuf, offset, &fragOffset); + if(frag == MV_INVALID) + { + mvOsPrintf("CESA Mbuf Error: offset (%d) out of range\n", offset); + return MV_OUT_OF_RANGE; + } + + bufSize = pSrcMbuf->pFrags[frag].bufSize - fragOffset; + pBuf = pSrcMbuf->pFrags[frag].bufVirtPtr + fragOffset; + while(MV_TRUE) + { + if(size <= bufSize) + { + memcpy(pDstBuf, pBuf, size); + return MV_OK; + } + memcpy(pDstBuf, pBuf, bufSize); + size -= bufSize; + frag++; + pDstBuf += bufSize; + if(frag >= pSrcMbuf->numFrags) + break; + + bufSize = pSrcMbuf->pFrags[frag].bufSize; + pBuf = pSrcMbuf->pFrags[frag].bufVirtPtr; + } + mvOsPrintf("mvCesaCopyFromMbuf: Mbuf is EMPTY - %d bytes isn't copied\n", + size); + return MV_EMPTY; +} + +/******************************************************************************* +* mvCesaCopyToMbuf - Copy data from continuous buffer to the Mbuf structure +* +* DESCRIPTION: +* +* +* INPUT: +* MV_U8* pSrcBuf - Pointer to continuous buffer, where data is +* copied from. +* MV_CESA_MBUF* pDstMbuf - Pointer to multi-buffer structure where data is +* copied to. +* int offset - Offset in the Mbuf structure where located first +* byte of data should be copied. +* int size - Size of data should be copied +* +* RETURN: +* MV_OK - Success, all data is copied successfully. +* MV_OUT_OF_RANGE - Failed, offset is out of Multi-buffer data range. +* No data is copied. +* MV_FULL - Multi-buffer structure has not enough place to copy +* all data. Data from the offset to end of Mbuf data +* is copied. +* +*******************************************************************************/ +MV_STATUS mvCesaCopyToMbuf(MV_U8* pSrcBuf, MV_CESA_MBUF* pDstMbuf, + int offset, int size) +{ + int frag, fragOffset, bufSize; + MV_U8* pBuf; + + if(size == 0) + return MV_OK; + + frag = mvCesaMbufOffset(pDstMbuf, offset, &fragOffset); + if(frag == MV_INVALID) + { + mvOsPrintf("CESA Mbuf Error: offset (%d) out of range\n", offset); + return MV_OUT_OF_RANGE; + } + + bufSize = pDstMbuf->pFrags[frag].bufSize - fragOffset; + pBuf = pDstMbuf->pFrags[frag].bufVirtPtr + fragOffset; + while(MV_TRUE) + { + if(size <= bufSize) + { + memcpy(pBuf, pSrcBuf, size); + return MV_OK; + } + memcpy(pBuf, pSrcBuf, bufSize); + size -= bufSize; + frag++; + pSrcBuf += bufSize; + if(frag >= pDstMbuf->numFrags) + break; + + bufSize = pDstMbuf->pFrags[frag].bufSize; + pBuf = pDstMbuf->pFrags[frag].bufVirtPtr; + } + mvOsPrintf("mvCesaCopyToMbuf: Mbuf is FULL - %d bytes isn't copied\n", + size); + return MV_FULL; +} + +/******************************************************************************* +* mvCesaMbufCopy - Copy data from one Mbuf structure to the other Mbuf structure +* +* DESCRIPTION: +* +* +* INPUT: +* +* MV_CESA_MBUF* pDstMbuf - Pointer to multi-buffer structure where data is +* copied to. +* int dstMbufOffset - Offset in the dstMbuf structure where first byte +* of data should be copied to. +* MV_CESA_MBUF* pSrcMbuf - Pointer to multi-buffer structure where data is +* copied from. +* int srcMbufOffset - Offset in the srcMbuf structure where first byte +* of data should be copied from. +* int size - Size of data should be copied +* +* RETURN: +* MV_OK - Success, all data is copied successfully. +* MV_OUT_OF_RANGE - Failed, srcMbufOffset or dstMbufOffset is out of +* srcMbuf or dstMbuf structure correspondently. +* No data is copied. +* MV_BAD_SIZE - srcMbuf or dstMbuf structure is too small to copy +* all data. Partial data is copied +* +*******************************************************************************/ +MV_STATUS mvCesaMbufCopy(MV_CESA_MBUF* pMbufDst, int dstMbufOffset, + MV_CESA_MBUF* pMbufSrc, int srcMbufOffset, int size) +{ + int srcFrag, dstFrag, srcSize, dstSize, srcOffset, dstOffset; + int copySize; + MV_U8 *pSrc, *pDst; + + if(size == 0) + return MV_OK; + + srcFrag = mvCesaMbufOffset(pMbufSrc, srcMbufOffset, &srcOffset); + if(srcFrag == MV_INVALID) + { + mvOsPrintf("CESA srcMbuf Error: offset (%d) out of range\n", srcMbufOffset); + return MV_OUT_OF_RANGE; + } + pSrc = pMbufSrc->pFrags[srcFrag].bufVirtPtr + srcOffset; + srcSize = pMbufSrc->pFrags[srcFrag].bufSize - srcOffset; + + dstFrag = mvCesaMbufOffset(pMbufDst, dstMbufOffset, &dstOffset); + if(dstFrag == MV_INVALID) + { + mvOsPrintf("CESA dstMbuf Error: offset (%d) out of range\n", dstMbufOffset); + return MV_OUT_OF_RANGE; + } + pDst = pMbufDst->pFrags[dstFrag].bufVirtPtr + dstOffset; + dstSize = pMbufDst->pFrags[dstFrag].bufSize - dstOffset; + + while(size > 0) + { + copySize = MV_MIN(srcSize, dstSize); + if(size <= copySize) + { + memcpy(pDst, pSrc, size); + return MV_OK; + } + memcpy(pDst, pSrc, copySize); + size -= copySize; + srcSize -= copySize; + dstSize -= copySize; + + if(srcSize == 0) + { + srcFrag++; + if(srcFrag >= pMbufSrc->numFrags) + break; + + pSrc = pMbufSrc->pFrags[srcFrag].bufVirtPtr; + srcSize = pMbufSrc->pFrags[srcFrag].bufSize; + } + + if(dstSize == 0) + { + dstFrag++; + if(dstFrag >= pMbufDst->numFrags) + break; + + pDst = pMbufDst->pFrags[dstFrag].bufVirtPtr; + dstSize = pMbufDst->pFrags[dstFrag].bufSize; + } + } + mvOsPrintf("mvCesaMbufCopy: BAD size - %d bytes isn't copied\n", + size); + + return MV_BAD_SIZE; +} + +static MV_STATUS mvCesaMbufCacheUnmap(MV_CESA_MBUF* pMbuf, int offset, int size) +{ + int frag, fragOffset, bufSize; + MV_U8* pBuf; + + if(size == 0) + return MV_OK; + + frag = mvCesaMbufOffset(pMbuf, offset, &fragOffset); + if(frag == MV_INVALID) + { + mvOsPrintf("CESA Mbuf Error: offset (%d) out of range\n", offset); + return MV_OUT_OF_RANGE; + } + + bufSize = pMbuf->pFrags[frag].bufSize - fragOffset; + pBuf = pMbuf->pFrags[frag].bufVirtPtr + fragOffset; + while(MV_TRUE) + { + if(size <= bufSize) + { + mvOsCacheUnmap(NULL, mvOsIoVirtToPhy(NULL, pBuf), size); + return MV_OK; + } + + mvOsCacheUnmap(NULL, mvOsIoVirtToPhy(NULL, pBuf), bufSize); + size -= bufSize; + frag++; + if(frag >= pMbuf->numFrags) + break; + + bufSize = pMbuf->pFrags[frag].bufSize; + pBuf = pMbuf->pFrags[frag].bufVirtPtr; + } + mvOsPrintf("%s: Mbuf is FULL - %d bytes isn't Unmapped\n", + __FUNCTION__, size); + return MV_FULL; +} + + +/*************************************** Local Functions ******************************/ + +/******************************************************************************* +* mvCesaFragReqProcess - Process fragmented request +* +* DESCRIPTION: +* This function processes a fragment of fragmented request (First, Middle or Last) +* +* +* INPUT: +* MV_CESA_REQ* pReq - Pointer to the request in the request queue. +* +* RETURN: +* MV_OK - The fragment is successfully passed to HW for processing. +* MV_TERMINATE - Means, that HW finished its work on this packet and no more +* interrupts will be generated for this request. +* Function mvCesaReadyGet() must be called to complete request +* processing and get request result. +* +*******************************************************************************/ +static MV_STATUS mvCesaFragReqProcess(MV_CESA_REQ* pReq, MV_U8 frag) +{ + int i, copySize, cryptoDataSize, macDataSize, sid; + int cryptoIvOffset, digestOffset; + MV_U32 config; + MV_CESA_COMMAND* pCmd = pReq->pCmd; + MV_CESA_SA* pSA; + MV_CESA_MBUF* pMbuf; + MV_DMA_DESC* pDmaDesc = pReq->dma[frag].pDmaFirst; + MV_U8* pSramBuf = cesaSramVirtPtr->buf; + int macTotalLen = 0; + int fixOffset, cryptoOffset, macOffset; + + cesaStats.fragCount++; + + sid = pReq->pCmd->sessionId; + + pSA = &pCesaSAD[sid]; + + cryptoIvOffset = digestOffset = 0; + i = macDataSize = 0; + cryptoDataSize = 0; + + /* First fragment processing */ + if(pReq->fragMode == MV_CESA_FRAG_FIRST) + { + /* pReq->frags monitors processing of fragmented request between fragments */ + pReq->frags.bufOffset = 0; + pReq->frags.cryptoSize = 0; + pReq->frags.macSize = 0; + + config = pSA->config | (MV_CESA_FRAG_FIRST << MV_CESA_FRAG_MODE_OFFSET); + + /* fixOffset can be not equal to zero only for FIRST fragment */ + fixOffset = pReq->fixOffset; + /* For FIRST fragment crypto and mac offsets are taken from pCmd */ + cryptoOffset = pCmd->cryptoOffset; + macOffset = pCmd->macOffset; + + copySize = sizeof(cesaSramVirtPtr->buf) - pReq->fixOffset; + + /* Find fragment size: Must meet all requirements for CRYPTO and MAC + * cryptoDataSize - size of data will be encrypted/decrypted in this fragment + * macDataSize - size of data will be signed/verified in this fragment + * copySize - size of data will be copied from srcMbuf to SRAM and + * back to dstMbuf for this fragment + */ + mvCesaFragSizeFind(pSA, pReq, cryptoOffset, macOffset, + ©Size, &cryptoDataSize, &macDataSize); + + if( (pSA->config & MV_CESA_OPERATION_MASK) != + (MV_CESA_MAC_ONLY << MV_CESA_OPERATION_OFFSET)) + { + /* CryptoIV special processing */ + if( (pSA->config & MV_CESA_CRYPTO_MODE_MASK) == + (MV_CESA_CRYPTO_CBC << MV_CESA_CRYPTO_MODE_BIT) ) + { + /* In CBC mode for encode direction when IV from user */ + if( (pCmd->ivFromUser) && + ((pSA->config & MV_CESA_DIRECTION_MASK) == + (MV_CESA_DIR_ENCODE << MV_CESA_DIRECTION_BIT)) ) + { + + /* For Crypto Encode in CBC mode HW always takes IV from SRAM IVPointer, + * (not from IVBufPointer). So when ivFromUser==1, we should copy IV from user place + * in the buffer to SRAM IVPointer + */ + i += mvCesaDmaCopyPrepare(pCmd->pSrc, cesaSramVirtPtr->cryptoIV, &pDmaDesc[i], + MV_FALSE, pCmd->ivOffset, pSA->cryptoIvSize, pCmd->skipFlush); + } + + /* Special processing when IV is not located in the first fragment */ + if(pCmd->ivOffset > (copySize - pSA->cryptoIvSize)) + { + /* Prepare dummy place for cryptoIV in SRAM */ + cryptoIvOffset = cesaSramVirtPtr->tempCryptoIV - mvCesaSramAddrGet(); + + /* For Decryption: Copy IV value from pCmd->ivOffset to Special SRAM place */ + if((pSA->config & MV_CESA_DIRECTION_MASK) == + (MV_CESA_DIR_DECODE << MV_CESA_DIRECTION_BIT)) + { + i += mvCesaDmaCopyPrepare(pCmd->pSrc, cesaSramVirtPtr->tempCryptoIV, &pDmaDesc[i], + MV_FALSE, pCmd->ivOffset, pSA->cryptoIvSize, pCmd->skipFlush); + } + else + { + /* For Encryption when IV is NOT from User: */ + /* Copy IV from SRAM to buffer (pCmd->ivOffset) */ + if(pCmd->ivFromUser == 0) + { + /* copy IV value from cryptoIV to Buffer (pCmd->ivOffset) */ + i += mvCesaDmaCopyPrepare(pCmd->pSrc, cesaSramVirtPtr->cryptoIV, &pDmaDesc[i], + MV_TRUE, pCmd->ivOffset, pSA->cryptoIvSize, pCmd->skipFlush); + } + } + } + else + { + cryptoIvOffset = pCmd->ivOffset; + } + } + } + + if( (pSA->config & MV_CESA_OPERATION_MASK) != + (MV_CESA_CRYPTO_ONLY << MV_CESA_OPERATION_OFFSET) ) + { + /* MAC digest special processing on Decode direction */ + if((pSA->config & MV_CESA_DIRECTION_MASK) == + (MV_CESA_DIR_DECODE << MV_CESA_DIRECTION_BIT)) + { + /* Save digest from pCmd->digestOffset */ + mvCesaCopyFromMbuf(pReq->frags.orgDigest, + pCmd->pSrc, pCmd->digestOffset, pSA->digestSize); + + /* If pCmd->digestOffset is not located on the first */ + if(pCmd->digestOffset > (copySize - pSA->digestSize)) + { + MV_U8 digestZero[MV_CESA_MAX_DIGEST_SIZE]; + + /* Set zeros to pCmd->digestOffset (DRAM) */ + memset(digestZero, 0, MV_CESA_MAX_DIGEST_SIZE); + mvCesaCopyToMbuf(digestZero, pCmd->pSrc, pCmd->digestOffset, pSA->digestSize); + + /* Prepare dummy place for digest in SRAM */ + digestOffset = cesaSramVirtPtr->tempDigest - mvCesaSramAddrGet(); + } + else + { + digestOffset = pCmd->digestOffset; + } + } + } + /* Update SA in SRAM */ + if(cesaLastSid != sid) + { + mvCesaSramSaUpdate(sid, &pDmaDesc[i]); + i++; + } + + pReq->fragMode = MV_CESA_FRAG_MIDDLE; + } + else + { + /* Continue fragment */ + fixOffset = 0; + cryptoOffset = 0; + macOffset = 0; + if( (pCmd->pSrc->mbufSize - pReq->frags.bufOffset) <= sizeof(cesaSramVirtPtr->buf)) + { + /* Last fragment */ + config = pSA->config | (MV_CESA_FRAG_LAST << MV_CESA_FRAG_MODE_OFFSET); + pReq->fragMode = MV_CESA_FRAG_LAST; + copySize = pCmd->pSrc->mbufSize - pReq->frags.bufOffset; + + if( (pSA->config & MV_CESA_OPERATION_MASK) != + (MV_CESA_CRYPTO_ONLY << MV_CESA_OPERATION_OFFSET) ) + { + macDataSize = pCmd->macLength - pReq->frags.macSize; + + /* If pCmd->digestOffset is not located on last fragment */ + if(pCmd->digestOffset < pReq->frags.bufOffset) + { + /* Prepare dummy place for digest in SRAM */ + digestOffset = cesaSramVirtPtr->tempDigest - mvCesaSramAddrGet(); + } + else + { + digestOffset = pCmd->digestOffset - pReq->frags.bufOffset; + } + pReq->frags.newDigestOffset = digestOffset; + macTotalLen = pCmd->macLength; + + /* HW can't calculate the Digest correctly for fragmented packets + * in the following cases: + * - MV88F5182 || + * - MV88F5181L when total macLength more that 16 Kbytes || + * - total macLength more that 64 Kbytes + */ + if( (mvCtrlModelGet() == MV_5182_DEV_ID) || + ( (mvCtrlModelGet() == MV_5181_DEV_ID) && + (mvCtrlRevGet() >= MV_5181L_A0_REV) && + (pCmd->macLength >= (1 << 14)) ) ) + { + return MV_TERMINATE; + } + } + if( (pSA->config & MV_CESA_OPERATION_MASK) != + (MV_CESA_MAC_ONLY << MV_CESA_OPERATION_OFFSET) ) + { + cryptoDataSize = pCmd->cryptoLength - pReq->frags.cryptoSize; + } + + /* cryptoIvOffset - don't care */ + } + else + { + /* WA for MV88F5182 SHA1 and MD5 fragmentation mode */ + if( (mvCtrlModelGet() == MV_5182_DEV_ID) && + (((pSA->config & MV_CESA_MAC_MODE_MASK) == + (MV_CESA_MAC_MD5 << MV_CESA_MAC_MODE_OFFSET)) || + ((pSA->config & MV_CESA_MAC_MODE_MASK) == + (MV_CESA_MAC_SHA1 << MV_CESA_MAC_MODE_OFFSET))) ) + { + pReq->frags.newDigestOffset = cesaSramVirtPtr->tempDigest - mvCesaSramAddrGet(); + pReq->fragMode = MV_CESA_FRAG_LAST; + + return MV_TERMINATE; + } + /* Middle fragment */ + config = pSA->config | (MV_CESA_FRAG_MIDDLE << MV_CESA_FRAG_MODE_OFFSET); + copySize = sizeof(cesaSramVirtPtr->buf); + /* digestOffset and cryptoIvOffset - don't care */ + + /* Find fragment size */ + mvCesaFragSizeFind(pSA, pReq, cryptoOffset, macOffset, + ©Size, &cryptoDataSize, &macDataSize); + } + } + /********* Prepare DMA descriptors to copy from pSrc to SRAM *********/ + pMbuf = pCmd->pSrc; + i += mvCesaDmaCopyPrepare(pMbuf, pSramBuf + fixOffset, &pDmaDesc[i], + MV_FALSE, pReq->frags.bufOffset, copySize, pCmd->skipFlush); + + /* Prepare CESA descriptor to copy from DRAM to SRAM by DMA */ + mvCesaSramDescrBuild(config, frag, + cryptoOffset + fixOffset, cryptoIvOffset + fixOffset, + cryptoDataSize, macOffset + fixOffset, + digestOffset + fixOffset, macDataSize, macTotalLen, + pReq, &pDmaDesc[i]); + i++; + + /* Add special descriptor Ownership for CPU */ + pDmaDesc[i].byteCnt = 0; + pDmaDesc[i].phySrcAdd = 0; + pDmaDesc[i].phyDestAdd = 0; + i++; + + /********* Prepare DMA descriptors to copy from SRAM to pDst *********/ + pMbuf = pCmd->pDst; + i += mvCesaDmaCopyPrepare(pMbuf, pSramBuf + fixOffset, &pDmaDesc[i], + MV_TRUE, pReq->frags.bufOffset, copySize, pCmd->skipFlush); + + /* Next field of Last DMA descriptor must be NULL */ + pDmaDesc[i-1].phyNextDescPtr = 0; + pReq->dma[frag].pDmaLast = &pDmaDesc[i-1]; + mvOsCacheFlush(NULL, pReq->dma[frag].pDmaFirst, + i*sizeof(MV_DMA_DESC)); + + /*mvCesaDebugDescriptor(&cesaSramVirtPtr->desc[frag]);*/ + + pReq->frags.bufOffset += copySize; + pReq->frags.cryptoSize += cryptoDataSize; + pReq->frags.macSize += macDataSize; + + return MV_OK; +} + + +/******************************************************************************* +* mvCesaReqProcess - Process regular (Non-fragmented) request +* +* DESCRIPTION: +* This function processes the whole (not fragmented) request +* +* INPUT: +* MV_CESA_REQ* pReq - Pointer to the request in the request queue. +* +* RETURN: +* MV_OK - The request is successfully passed to HW for processing. +* Other - Failure. The request will not be processed +* +*******************************************************************************/ +static MV_STATUS mvCesaReqProcess(MV_CESA_REQ* pReq) +{ + MV_CESA_MBUF *pMbuf; + MV_DMA_DESC *pDmaDesc; + MV_U8 *pSramBuf; + int sid, i, fixOffset; + MV_CESA_SA *pSA; + MV_CESA_COMMAND *pCmd = pReq->pCmd; + + cesaStats.procCount++; + + sid = pCmd->sessionId; + pSA = &pCesaSAD[sid]; + pDmaDesc = pReq->dma[0].pDmaFirst; + pSramBuf = cesaSramVirtPtr->buf; + fixOffset = pReq->fixOffset; + +/* + mvOsPrintf("mvCesaReqProcess: sid=%d, pSA=%p, pDmaDesc=%p, pSramBuf=%p\n", + sid, pSA, pDmaDesc, pSramBuf); +*/ + i = 0; + + /* Crypto IV Special processing in CBC mode for Encryption direction */ + if( ((pSA->config & MV_CESA_OPERATION_MASK) != (MV_CESA_MAC_ONLY << MV_CESA_OPERATION_OFFSET)) && + ((pSA->config & MV_CESA_CRYPTO_MODE_MASK) == (MV_CESA_CRYPTO_CBC << MV_CESA_CRYPTO_MODE_BIT)) && + ((pSA->config & MV_CESA_DIRECTION_MASK) == (MV_CESA_DIR_ENCODE << MV_CESA_DIRECTION_BIT)) && + (pCmd->ivFromUser) ) + { + /* For Crypto Encode in CBC mode HW always takes IV from SRAM IVPointer, + * (not from IVBufPointer). So when ivFromUser==1, we should copy IV from user place + * in the buffer to SRAM IVPointer + */ + i += mvCesaDmaCopyPrepare(pCmd->pSrc, cesaSramVirtPtr->cryptoIV, &pDmaDesc[i], + MV_FALSE, pCmd->ivOffset, pSA->cryptoIvSize, pCmd->skipFlush); + } + + /* Update SA in SRAM */ + if(cesaLastSid != sid) + { + mvCesaSramSaUpdate(sid, &pDmaDesc[i]); + i++; + } + + /********* Prepare DMA descriptors to copy from pSrc to SRAM *********/ + pMbuf = pCmd->pSrc; + i += mvCesaDmaCopyPrepare(pMbuf, pSramBuf + fixOffset, &pDmaDesc[i], + MV_FALSE, 0, pMbuf->mbufSize, pCmd->skipFlush); + + /* Prepare Security Accelerator descriptor to SRAM words 0 - 7 */ + mvCesaSramDescrBuild(pSA->config, 0, pCmd->cryptoOffset + fixOffset, + pCmd->ivOffset + fixOffset, pCmd->cryptoLength, + pCmd->macOffset + fixOffset, pCmd->digestOffset + fixOffset, + pCmd->macLength, pCmd->macLength, pReq, &pDmaDesc[i]); + i++; + + /* Add special descriptor Ownership for CPU */ + pDmaDesc[i].byteCnt = 0; + pDmaDesc[i].phySrcAdd = 0; + pDmaDesc[i].phyDestAdd = 0; + i++; + + /********* Prepare DMA descriptors to copy from SRAM to pDst *********/ + pMbuf = pCmd->pDst; + i += mvCesaDmaCopyPrepare(pMbuf, pSramBuf + fixOffset, &pDmaDesc[i], + MV_TRUE, 0, pMbuf->mbufSize, pCmd->skipFlush); + + /* Next field of Last DMA descriptor must be NULL */ + pDmaDesc[i-1].phyNextDescPtr = 0; + pReq->dma[0].pDmaLast = &pDmaDesc[i-1]; + mvOsCacheFlush(NULL, pReq->dma[0].pDmaFirst, i*sizeof(MV_DMA_DESC)); + + return MV_OK; +} + + +/******************************************************************************* +* mvCesaSramDescrBuild - Set CESA descriptor in SRAM +* +* DESCRIPTION: +* This function builds CESA descriptor in SRAM from all Command parameters +* +* +* INPUT: +* int chan - CESA channel uses the descriptor +* MV_U32 config - 32 bits of WORD_0 in CESA descriptor structure +* int cryptoOffset - Offset from the beginning of SRAM buffer where +* data for encryption/decription is started. +* int ivOffset - Offset of crypto IV from the SRAM base. Valid only +* for first fragment. +* int cryptoLength - Size (in bytes) of data for encryption/descryption +* operation on this fragment. +* int macOffset - Offset from the beginning of SRAM buffer where +* data for Authentication is started +* int digestOffset - Offset from the beginning of SRAM buffer where +* digest is located. Valid for first and last fragments. +* int macLength - Size (in bytes) of data for Authentication +* operation on this fragment. +* int macTotalLen - Toatl size (in bytes) of data for Authentication +* operation on the whole request (packet). Valid for +* last fragment only. +* +* RETURN: None +* +*******************************************************************************/ +static void mvCesaSramDescrBuild(MV_U32 config, int frag, + int cryptoOffset, int ivOffset, int cryptoLength, + int macOffset, int digestOffset, int macLength, + int macTotalLen, MV_CESA_REQ* pReq, MV_DMA_DESC* pDmaDesc) +{ + MV_CESA_DESC* pCesaDesc = &pReq->pCesaDesc[frag]; + MV_CESA_DESC* pSramDesc = pSramDesc = &cesaSramVirtPtr->desc; + MV_U16 sramBufOffset = (MV_U16)((MV_U8*)cesaSramVirtPtr->buf - mvCesaSramAddrGet()); + + pCesaDesc->config = MV_32BIT_LE(config); + + if( (config & MV_CESA_OPERATION_MASK) != + (MV_CESA_MAC_ONLY << MV_CESA_OPERATION_OFFSET) ) + { + /* word 1 */ + pCesaDesc->cryptoSrcOffset = MV_16BIT_LE(sramBufOffset + cryptoOffset); + pCesaDesc->cryptoDstOffset = MV_16BIT_LE(sramBufOffset + cryptoOffset); + /* word 2 */ + pCesaDesc->cryptoDataLen = MV_16BIT_LE(cryptoLength); + /* word 3 */ + pCesaDesc->cryptoKeyOffset = MV_16BIT_LE((MV_U16)(cesaSramVirtPtr->sramSA.cryptoKey - + mvCesaSramAddrGet())); + /* word 4 */ + pCesaDesc->cryptoIvOffset = MV_16BIT_LE((MV_U16)(cesaSramVirtPtr->cryptoIV - + mvCesaSramAddrGet())); + pCesaDesc->cryptoIvBufOffset = MV_16BIT_LE(sramBufOffset + ivOffset); + } + + if( (config & MV_CESA_OPERATION_MASK) != + (MV_CESA_CRYPTO_ONLY << MV_CESA_OPERATION_OFFSET) ) + { + /* word 5 */ + pCesaDesc->macSrcOffset = MV_16BIT_LE(sramBufOffset + macOffset); + pCesaDesc->macTotalLen = MV_16BIT_LE(macTotalLen); + + /* word 6 */ + pCesaDesc->macDigestOffset = MV_16BIT_LE(sramBufOffset + digestOffset); + pCesaDesc->macDataLen = MV_16BIT_LE(macLength); + + /* word 7 */ + pCesaDesc->macInnerIvOffset = MV_16BIT_LE((MV_U16)(cesaSramVirtPtr->sramSA.macInnerIV - + mvCesaSramAddrGet())); + pCesaDesc->macOuterIvOffset = MV_16BIT_LE((MV_U16)(cesaSramVirtPtr->sramSA.macOuterIV - + mvCesaSramAddrGet())); + } + /* Prepare DMA descriptor to CESA descriptor from DRAM to SRAM */ + pDmaDesc->phySrcAdd = MV_32BIT_LE(mvCesaVirtToPhys(&pReq->cesaDescBuf, pCesaDesc)); + pDmaDesc->phyDestAdd = MV_32BIT_LE(mvCesaSramVirtToPhys(NULL, (MV_U8*)pSramDesc)); + pDmaDesc->byteCnt = MV_32BIT_LE(sizeof(MV_CESA_DESC) | BIT31); + + /* flush Source buffer */ + mvOsCacheFlush(NULL, pCesaDesc, sizeof(MV_CESA_DESC)); +} + +/******************************************************************************* +* mvCesaSramSaUpdate - Move required SA information to SRAM if needed. +* +* DESCRIPTION: +* Copy to SRAM values of the required SA. +* +* +* INPUT: +* short sid - Session ID needs SRAM Cache update +* MV_DMA_DESC *pDmaDesc - Pointer to DMA descriptor used to +* copy SA values from DRAM to SRAM. +* +* RETURN: +* MV_OK - Cache entry for this SA copied to SRAM. +* MV_NO_CHANGE - Cache entry for this SA already exist in SRAM +* +*******************************************************************************/ +static INLINE void mvCesaSramSaUpdate(short sid, MV_DMA_DESC *pDmaDesc) +{ + MV_CESA_SA *pSA = &pCesaSAD[sid]; + + /* Prepare DMA descriptor to Copy CACHE_SA from SA database in DRAM to SRAM */ + pDmaDesc->byteCnt = MV_32BIT_LE(sizeof(MV_CESA_SRAM_SA) | BIT31); + pDmaDesc->phySrcAdd = MV_32BIT_LE(mvCesaVirtToPhys(&cesaSramSaBuf, pSA->pSramSA)); + pDmaDesc->phyDestAdd = + MV_32BIT_LE(mvCesaSramVirtToPhys(NULL, (MV_U8*)&cesaSramVirtPtr->sramSA)); + + /* Source buffer is already flushed during OpenSession*/ + /*mvOsCacheFlush(NULL, &pSA->sramSA, sizeof(MV_CESA_SRAM_SA));*/ +} + +/******************************************************************************* +* mvCesaDmaCopyPrepare - prepare DMA descriptor list to copy data presented by +* Mbuf structure from DRAM to SRAM +* +* DESCRIPTION: +* +* +* INPUT: +* MV_CESA_MBUF* pMbuf - pointer to Mbuf structure contains request +* data in DRAM +* MV_U8* pSramBuf - pointer to buffer in SRAM where data should +* be copied to. +* MV_DMA_DESC* pDmaDesc - pointer to first DMA descriptor for this copy. +* The function set number of DMA descriptors needed +* to copy the copySize bytes from Mbuf. +* MV_BOOL isToMbuf - Copy direction. +* MV_TRUE means copy from SRAM buffer to Mbuf in DRAM. +* MV_FALSE means copy from Mbuf in DRAM to SRAM buffer. +* int offset - Offset in the Mbuf structure that copy should be +* started from. +* int copySize - Size of data should be copied. +* +* RETURN: +* int - number of DMA descriptors used for the copy. +* +*******************************************************************************/ +#ifndef MV_NETBSD +static INLINE int mvCesaDmaCopyPrepare(MV_CESA_MBUF* pMbuf, MV_U8* pSramBuf, + MV_DMA_DESC* pDmaDesc, MV_BOOL isToMbuf, + int offset, int copySize, MV_BOOL skipFlush) +{ + int bufOffset, bufSize, size, frag, i; + MV_U8* pBuf; + + i = 0; + + /* Calculate start place for copy: fragment number and offset in the fragment */ + frag = mvCesaMbufOffset(pMbuf, offset, &bufOffset); + bufSize = pMbuf->pFrags[frag].bufSize - bufOffset; + pBuf = pMbuf->pFrags[frag].bufVirtPtr + bufOffset; + + /* Size accumulate total copy size */ + size = 0; + + /* Create DMA lists to copy mBuf from pSrc to SRAM */ + while(size < copySize) + { + /* Find copy size for each DMA descriptor */ + bufSize = MV_MIN(bufSize, (copySize - size)); + pDmaDesc[i].byteCnt = MV_32BIT_LE(bufSize | BIT31); + if(isToMbuf) + { + pDmaDesc[i].phyDestAdd = MV_32BIT_LE(mvOsIoVirtToPhy(NULL, pBuf)); + pDmaDesc[i].phySrcAdd = + MV_32BIT_LE(mvCesaSramVirtToPhys(NULL, (pSramBuf + size))); + /* invalidate the buffer */ + if(skipFlush == MV_FALSE) + mvOsCacheInvalidate(NULL, pBuf, bufSize); + } + else + { + pDmaDesc[i].phySrcAdd = MV_32BIT_LE(mvOsIoVirtToPhy(NULL, pBuf)); + pDmaDesc[i].phyDestAdd = + MV_32BIT_LE(mvCesaSramVirtToPhys(NULL, (pSramBuf + size))); + /* flush the buffer */ + if(skipFlush == MV_FALSE) + mvOsCacheFlush(NULL, pBuf, bufSize); + } + + /* Count number of used DMA descriptors */ + i++; + size += bufSize; + + /* go to next fragment in the Mbuf */ + frag++; + pBuf = pMbuf->pFrags[frag].bufVirtPtr; + bufSize = pMbuf->pFrags[frag].bufSize; + } + return i; +} +#else /* MV_NETBSD */ +static int mvCesaDmaCopyPrepare(MV_CESA_MBUF* pMbuf, MV_U8* pSramBuf, + MV_DMA_DESC* pDmaDesc, MV_BOOL isToMbuf, + int offset, int copySize, MV_BOOL skipFlush) +{ + int bufOffset, bufSize, thisSize, size, frag, i; + MV_ULONG bufPhys, sramPhys; + MV_U8* pBuf; + + /* + * Calculate start place for copy: fragment number and offset in + * the fragment + */ + frag = mvCesaMbufOffset(pMbuf, offset, &bufOffset); + + /* + * Get SRAM physical address only once. We can update it in-place + * as we build the descriptor chain. + */ + sramPhys = mvCesaSramVirtToPhys(NULL, pSramBuf); + + /* + * 'size' accumulates total copy size, 'i' counts desccriptors. + */ + size = i = 0; + + /* Create DMA lists to copy mBuf from pSrc to SRAM */ + while (size < copySize) { + /* + * Calculate # of bytes to copy from the current fragment, + * and the pointer to the start of data + */ + bufSize = pMbuf->pFrags[frag].bufSize - bufOffset; + pBuf = pMbuf->pFrags[frag].bufVirtPtr + bufOffset; + bufOffset = 0; /* First frag may be non-zero */ + frag++; + + /* + * As long as there is data in the current fragment... + */ + while (bufSize > 0) { + /* + * Ensure we don't cross an MMU page boundary. + * XXX: This is NetBSD-specific, but it is a + * quick and dirty way to fix the problem. + * A true HAL would rely on the OS-specific + * driver to do this... + */ + thisSize = PAGE_SIZE - + (((MV_ULONG)pBuf) & (PAGE_SIZE - 1)); + thisSize = MV_MIN(bufSize, thisSize); + /* + * Make sure we don't copy more than requested + */ + if (thisSize > (copySize - size)) { + thisSize = copySize - size; + bufSize = 0; + } + + /* + * Physicall address of this fragment + */ + bufPhys = MV_32BIT_LE(mvOsIoVirtToPhy(NULL, pBuf)); + + /* + * Set up the descriptor + */ + pDmaDesc[i].byteCnt = MV_32BIT_LE(thisSize | BIT31); + if(isToMbuf) { + pDmaDesc[i].phyDestAdd = bufPhys; + pDmaDesc[i].phySrcAdd = MV_32BIT_LE(sramPhys); + /* invalidate the buffer */ + if(skipFlush == MV_FALSE) + mvOsCacheInvalidate(NULL, pBuf, thisSize); + } else { + pDmaDesc[i].phySrcAdd = bufPhys; + pDmaDesc[i].phyDestAdd = MV_32BIT_LE(sramPhys); + /* flush the buffer */ + if(skipFlush == MV_FALSE) + mvOsCacheFlush(NULL, pBuf, thisSize); + } + + pDmaDesc[i].phyNextDescPtr = + MV_32BIT_LE(mvOsIoVirtToPhy(NULL,(&pDmaDesc[i+1]))); + + /* flush the DMA desc */ + mvOsCacheFlush(NULL, &pDmaDesc[i], sizeof(MV_DMA_DESC)); + + /* Update state */ + bufSize -= thisSize; + sramPhys += thisSize; + pBuf += thisSize; + size += thisSize; + i++; + } + } + + return i; +} +#endif /* MV_NETBSD */ +/******************************************************************************* +* mvCesaHmacIvGet - Calculate Inner and Outter values from HMAC key +* +* DESCRIPTION: +* This function calculate Inner and Outer values used for HMAC algorithm. +* This operation allows improve performance fro the whole HMAC processing. +* +* INPUT: +* MV_CESA_MAC_MODE macMode - Authentication mode: HMAC_MD5 or HMAC_SHA1. +* unsigned char key[] - Pointer to HMAC key. +* int keyLength - Size of HMAC key (maximum 64 bytes) +* +* OUTPUT: +* unsigned char innerIV[] - HASH(key^inner) +* unsigned char outerIV[] - HASH(key^outter) +* +* RETURN: None +* +*******************************************************************************/ +static void mvCesaHmacIvGet(MV_CESA_MAC_MODE macMode, unsigned char key[], int keyLength, + unsigned char innerIV[], unsigned char outerIV[]) +{ + unsigned char inner[MV_CESA_MAX_MAC_KEY_LENGTH]; + unsigned char outer[MV_CESA_MAX_MAC_KEY_LENGTH]; + int i, digestSize = 0; +#if defined(MV_CPU_LE) || defined(MV_PPC) + MV_U32 swapped32, val32, *pVal32; +#endif + for(i=0; ipFrags[frag].bufVirtPtr + fragOffset; + size = pMbuf->pFrags[frag].bufSize - fragOffset; + + /* Complete Inner part */ + while(macLeftSize > 0) + { + if(macLeftSize <= size) + { + mvSHA1Update(&ctx, pData, macLeftSize); + break; + } + mvSHA1Update(&ctx, pData, size); + macLeftSize -= size; + frag++; + pData = pMbuf->pFrags[frag].bufVirtPtr; + size = pMbuf->pFrags[frag].bufSize; + } + mvSHA1Final(pDigest, &ctx); +/* + mvOsPrintf("mvCesaFragSha1Complete: pOuterIV=%p, macLeftSize=%d, macTotalSize=%d\n", + pOuterIV, macLeftSize, macTotalSize); + mvDebugMemDump(pDigest, MV_CESA_SHA1_DIGEST_SIZE, 1); +*/ + + if(pOuterIV != NULL) + { + /* If HMAC - Complete Outer part */ + for(i=0; ipFrags[frag].bufVirtPtr + fragOffset; + size = pMbuf->pFrags[frag].bufSize - fragOffset; + + /* Complete Inner part */ + while(macLeftSize > 0) + { + if(macLeftSize <= size) + { + mvMD5Update(&ctx, pData, macLeftSize); + break; + } + mvMD5Update(&ctx, pData, size); + macLeftSize -= size; + frag++; + pData = pMbuf->pFrags[frag].bufVirtPtr; + size = pMbuf->pFrags[frag].bufSize; + } + mvMD5Final(pDigest, &ctx); + +/* + mvOsPrintf("mvCesaFragMd5Complete: pOuterIV=%p, macLeftSize=%d, macTotalSize=%d\n", + pOuterIV, macLeftSize, macTotalSize); + mvDebugMemDump(pDigest, MV_CESA_MD5_DIGEST_SIZE, 1); +*/ + if(pOuterIV != NULL) + { + /* Complete Outer part */ + for(i=0; ipCmd; + MV_U8* pDigest; + MV_CESA_MAC_MODE macMode; + MV_U8* pOuterIV = NULL; + + /* Copy data from Source fragment to Destination */ + if(pCmd->pSrc != pCmd->pDst) + { + mvCesaMbufCopy(pCmd->pDst, pReq->frags.bufOffset, + pCmd->pSrc, pReq->frags.bufOffset, macDataSize); + } + +/* + mvCesaCopyFromMbuf(cesaSramVirtPtr->buf[0], pCmd->pSrc, pReq->frags.bufOffset, macDataSize); + mvCesaCopyToMbuf(cesaSramVirtPtr->buf[0], pCmd->pDst, pReq->frags.bufOffset, macDataSize); +*/ + pDigest = (mvCesaSramAddrGet() + pReq->frags.newDigestOffset); + + macMode = (pSA->config & MV_CESA_MAC_MODE_MASK) >> MV_CESA_MAC_MODE_OFFSET; +/* + mvOsPrintf("macDataSize=%d, macLength=%d, digestOffset=%d, macMode=%d\n", + macDataSize, pCmd->macLength, pCmd->digestOffset, macMode); +*/ + switch(macMode) + { + case MV_CESA_MAC_HMAC_MD5: + pOuterIV = pSA->pSramSA->macOuterIV; + + case MV_CESA_MAC_MD5: + mvCesaFragMd5Complete(pCmd->pDst, pReq->frags.bufOffset, pOuterIV, + macDataSize, pCmd->macLength, pDigest); + break; + + case MV_CESA_MAC_HMAC_SHA1: + pOuterIV = pSA->pSramSA->macOuterIV; + + case MV_CESA_MAC_SHA1: + mvCesaFragSha1Complete(pCmd->pDst, pReq->frags.bufOffset, pOuterIV, + macDataSize, pCmd->macLength, pDigest); + break; + + default: + mvOsPrintf("mvCesaFragAuthComplete: Unexpected macMode %d\n", macMode); + return MV_BAD_PARAM; + } + return MV_OK; +} + +/******************************************************************************* +* mvCesaCtrModeInit - +* +* DESCRIPTION: +* +* +* INPUT: NONE +* +* +* RETURN: +* MV_CESA_COMMAND* +* +*******************************************************************************/ +static MV_CESA_COMMAND* mvCesaCtrModeInit(void) +{ + MV_CESA_MBUF *pMbuf; + MV_U8 *pBuf; + MV_CESA_COMMAND *pCmd; + + pBuf = mvOsMalloc(sizeof(MV_CESA_COMMAND) + + sizeof(MV_CESA_MBUF) + sizeof(MV_BUF_INFO) + 100); + if(pBuf == NULL) + { + mvOsPrintf("mvCesaSessionOpen: Can't allocate %u bytes for CTR Mode\n", + sizeof(MV_CESA_COMMAND) + sizeof(MV_CESA_MBUF) + sizeof(MV_BUF_INFO) ); + return NULL; + } + pCmd = (MV_CESA_COMMAND*)pBuf; + pBuf += sizeof(MV_CESA_COMMAND); + + pMbuf = (MV_CESA_MBUF*)pBuf; + pBuf += sizeof(MV_CESA_MBUF); + + pMbuf->pFrags = (MV_BUF_INFO*)pBuf; + + pMbuf->numFrags = 1; + pCmd->pSrc = pMbuf; + pCmd->pDst = pMbuf; +/* + mvOsPrintf("CtrModeInit: pCmd=%p, pSrc=%p, pDst=%p, pFrags=%p\n", + pCmd, pCmd->pSrc, pCmd->pDst, + pMbuf->pFrags); +*/ + return pCmd; +} + +/******************************************************************************* +* mvCesaCtrModePrepare - +* +* DESCRIPTION: +* +* +* INPUT: +* MV_CESA_COMMAND *pCtrModeCmd, MV_CESA_COMMAND *pCmd +* +* RETURN: +* MV_STATUS +* +*******************************************************************************/ +static MV_STATUS mvCesaCtrModePrepare(MV_CESA_COMMAND *pCtrModeCmd, MV_CESA_COMMAND *pCmd) +{ + MV_CESA_MBUF *pMbuf; + MV_U8 *pBuf, *pIV; + MV_U32 counter, *pCounter; + int cryptoSize = MV_ALIGN_UP(pCmd->cryptoLength, MV_CESA_AES_BLOCK_SIZE); +/* + mvOsPrintf("CtrModePrepare: pCmd=%p, pCtrSrc=%p, pCtrDst=%p, pOrgCmd=%p, pOrgSrc=%p, pOrgDst=%p\n", + pCmd, pCmd->pSrc, pCmd->pDst, + pCtrModeCmd, pCtrModeCmd->pSrc, pCtrModeCmd->pDst); +*/ + pMbuf = pCtrModeCmd->pSrc; + + /* Allocate buffer for Key stream */ + pBuf = mvOsIoCachedMalloc(cesaOsHandle,cryptoSize, + &pMbuf->pFrags[0].bufPhysAddr, + &pMbuf->pFrags[0].memHandle); + if(pBuf == NULL) + { + mvOsPrintf("mvCesaCtrModePrepare: Can't allocate %d bytes\n", cryptoSize); + return MV_OUT_OF_CPU_MEM; + } + memset(pBuf, 0, cryptoSize); + mvOsCacheFlush(NULL, pBuf, cryptoSize); + + pMbuf->pFrags[0].bufVirtPtr = pBuf; + pMbuf->mbufSize = cryptoSize; + pMbuf->pFrags[0].bufSize = cryptoSize; + + pCtrModeCmd->pReqPrv = pCmd->pReqPrv; + pCtrModeCmd->sessionId = pCmd->sessionId; + + /* ivFromUser and ivOffset are don't care */ + pCtrModeCmd->cryptoOffset = 0; + pCtrModeCmd->cryptoLength = cryptoSize; + + /* digestOffset, macOffset and macLength are don't care */ + + mvCesaCopyFromMbuf(pBuf, pCmd->pSrc, pCmd->ivOffset, MV_CESA_AES_BLOCK_SIZE); + pCounter = (MV_U32*)(pBuf + (MV_CESA_AES_BLOCK_SIZE - sizeof(counter))); + counter = *pCounter; + counter = MV_32BIT_BE(counter); + pIV = pBuf; + cryptoSize -= MV_CESA_AES_BLOCK_SIZE; + + /* fill key stream */ + while(cryptoSize > 0) + { + pBuf += MV_CESA_AES_BLOCK_SIZE; + memcpy(pBuf, pIV, MV_CESA_AES_BLOCK_SIZE - sizeof(counter)); + pCounter = (MV_U32*)(pBuf + (MV_CESA_AES_BLOCK_SIZE - sizeof(counter))); + counter++; + *pCounter = MV_32BIT_BE(counter); + cryptoSize -= MV_CESA_AES_BLOCK_SIZE; + } + + return MV_OK; +} + +/******************************************************************************* +* mvCesaCtrModeComplete - +* +* DESCRIPTION: +* +* +* INPUT: +* MV_CESA_COMMAND *pOrgCmd, MV_CESA_COMMAND *pCmd +* +* RETURN: +* MV_STATUS +* +*******************************************************************************/ +static MV_STATUS mvCesaCtrModeComplete(MV_CESA_COMMAND *pOrgCmd, MV_CESA_COMMAND *pCmd) +{ + int srcFrag, dstFrag, srcOffset, dstOffset, keyOffset, srcSize, dstSize; + int cryptoSize = pCmd->cryptoLength; + MV_U8 *pSrc, *pDst, *pKey; + MV_STATUS status = MV_OK; +/* + mvOsPrintf("CtrModeComplete: pCmd=%p, pCtrSrc=%p, pCtrDst=%p, pOrgCmd=%p, pOrgSrc=%p, pOrgDst=%p\n", + pCmd, pCmd->pSrc, pCmd->pDst, + pOrgCmd, pOrgCmd->pSrc, pOrgCmd->pDst); +*/ + /* XOR source data with key stream to destination data */ + pKey = pCmd->pDst->pFrags[0].bufVirtPtr; + keyOffset = 0; + + if( (pOrgCmd->pSrc != pOrgCmd->pDst) && + (pOrgCmd->cryptoOffset > 0) ) + { + /* Copy Prefix from source buffer to destination buffer */ + + status = mvCesaMbufCopy(pOrgCmd->pDst, 0, + pOrgCmd->pSrc, 0, pOrgCmd->cryptoOffset); +/* + status = mvCesaCopyFromMbuf(tempBuf, pOrgCmd->pSrc, + 0, pOrgCmd->cryptoOffset); + status = mvCesaCopyToMbuf(tempBuf, pOrgCmd->pDst, + 0, pOrgCmd->cryptoOffset); +*/ + } + + srcFrag = mvCesaMbufOffset(pOrgCmd->pSrc, pOrgCmd->cryptoOffset, &srcOffset); + pSrc = pOrgCmd->pSrc->pFrags[srcFrag].bufVirtPtr; + srcSize = pOrgCmd->pSrc->pFrags[srcFrag].bufSize; + + dstFrag = mvCesaMbufOffset(pOrgCmd->pDst, pOrgCmd->cryptoOffset, &dstOffset); + pDst = pOrgCmd->pDst->pFrags[dstFrag].bufVirtPtr; + dstSize = pOrgCmd->pDst->pFrags[dstFrag].bufSize; + + while(cryptoSize > 0) + { + pDst[dstOffset] = (pSrc[srcOffset] ^ pKey[keyOffset]); + + cryptoSize--; + dstOffset++; + srcOffset++; + keyOffset++; + + if(srcOffset >= srcSize) + { + srcFrag++; + srcOffset = 0; + pSrc = pOrgCmd->pSrc->pFrags[srcFrag].bufVirtPtr; + srcSize = pOrgCmd->pSrc->pFrags[srcFrag].bufSize; + } + + if(dstOffset >= dstSize) + { + dstFrag++; + dstOffset = 0; + pDst = pOrgCmd->pDst->pFrags[dstFrag].bufVirtPtr; + dstSize = pOrgCmd->pDst->pFrags[dstFrag].bufSize; + } + } + + if(pOrgCmd->pSrc != pOrgCmd->pDst) + { + /* Copy Suffix from source buffer to destination buffer */ + srcOffset = pOrgCmd->cryptoOffset + pOrgCmd->cryptoLength; + + if( (pOrgCmd->pDst->mbufSize - srcOffset) > 0) + { + status = mvCesaMbufCopy(pOrgCmd->pDst, srcOffset, + pOrgCmd->pSrc, srcOffset, + pOrgCmd->pDst->mbufSize - srcOffset); + } + +/* + status = mvCesaCopyFromMbuf(tempBuf, pOrgCmd->pSrc, + srcOffset, pOrgCmd->pSrc->mbufSize - srcOffset); + status = mvCesaCopyToMbuf(tempBuf, pOrgCmd->pDst, + srcOffset, pOrgCmd->pDst->mbufSize - srcOffset); +*/ + } + + /* Free buffer used for Key stream */ + mvOsIoCachedFree(cesaOsHandle,pCmd->pDst->pFrags[0].bufSize, + pCmd->pDst->pFrags[0].bufPhysAddr, + pCmd->pDst->pFrags[0].bufVirtPtr, + pCmd->pDst->pFrags[0].memHandle); + + return MV_OK; +} + +/******************************************************************************* +* mvCesaCtrModeFinish - +* +* DESCRIPTION: +* +* +* INPUT: +* MV_CESA_COMMAND* pCmd +* +* RETURN: +* MV_STATUS +* +*******************************************************************************/ +static void mvCesaCtrModeFinish(MV_CESA_COMMAND* pCmd) +{ + mvOsFree(pCmd); +} + +/******************************************************************************* +* mvCesaParamCheck - +* +* DESCRIPTION: +* +* +* INPUT: +* MV_CESA_SA* pSA, MV_CESA_COMMAND *pCmd, MV_U8* pFixOffset +* +* RETURN: +* MV_STATUS +* +*******************************************************************************/ +static MV_STATUS mvCesaParamCheck(MV_CESA_SA* pSA, MV_CESA_COMMAND *pCmd, + MV_U8* pFixOffset) +{ + MV_U8 fixOffset = 0xFF; + + /* Check AUTH operation parameters */ + if( ((pSA->config & MV_CESA_OPERATION_MASK) != + (MV_CESA_CRYPTO_ONLY << MV_CESA_OPERATION_OFFSET)) ) + { + /* MAC offset should be at least 4 byte aligned */ + if( MV_IS_NOT_ALIGN(pCmd->macOffset, 4) ) + { + mvOsPrintf("mvCesaAction: macOffset %d must be 4 byte aligned\n", + pCmd->macOffset); + return MV_BAD_PARAM; + } + /* Digest offset must be 4 byte aligned */ + if( MV_IS_NOT_ALIGN(pCmd->digestOffset, 4) ) + { + mvOsPrintf("mvCesaAction: digestOffset %d must be 4 byte aligned\n", + pCmd->digestOffset); + return MV_BAD_PARAM; + } + /* In addition all offsets should be the same alignment: 8 or 4 */ + if(fixOffset == 0xFF) + { + fixOffset = (pCmd->macOffset % 8); + } + else + { + if( (pCmd->macOffset % 8) != fixOffset) + { + mvOsPrintf("mvCesaAction: macOffset %d mod 8 must be equal %d\n", + pCmd->macOffset, fixOffset); + return MV_BAD_PARAM; + } + } + if( (pCmd->digestOffset % 8) != fixOffset) + { + mvOsPrintf("mvCesaAction: digestOffset %d mod 8 must be equal %d\n", + pCmd->digestOffset, fixOffset); + return MV_BAD_PARAM; + } + } + /* Check CRYPTO operation parameters */ + if( ((pSA->config & MV_CESA_OPERATION_MASK) != + (MV_CESA_MAC_ONLY << MV_CESA_OPERATION_OFFSET)) ) + { + /* CryptoOffset should be at least 4 byte aligned */ + if( MV_IS_NOT_ALIGN(pCmd->cryptoOffset, 4) ) + { + mvOsPrintf("CesaAction: cryptoOffset=%d must be 4 byte aligned\n", + pCmd->cryptoOffset); + return MV_BAD_PARAM; + } + /* cryptoLength should be the whole number of blocks */ + if( MV_IS_NOT_ALIGN(pCmd->cryptoLength, pSA->cryptoBlockSize) ) + { + mvOsPrintf("mvCesaAction: cryptoLength=%d must be %d byte aligned\n", + pCmd->cryptoLength, pSA->cryptoBlockSize); + return MV_BAD_PARAM; + } + if(fixOffset == 0xFF) + { + fixOffset = (pCmd->cryptoOffset % 8); + } + else + { + /* In addition all offsets should be the same alignment: 8 or 4 */ + if( (pCmd->cryptoOffset % 8) != fixOffset) + { + mvOsPrintf("mvCesaAction: cryptoOffset %d mod 8 must be equal %d \n", + pCmd->cryptoOffset, fixOffset); + return MV_BAD_PARAM; + } + } + + /* check for CBC mode */ + if(pSA->cryptoIvSize > 0) + { + /* cryptoIV must not be part of CryptoLength */ + if( ((pCmd->ivOffset + pSA->cryptoIvSize) > pCmd->cryptoOffset) && + (pCmd->ivOffset < (pCmd->cryptoOffset + pCmd->cryptoLength)) ) + { + mvOsPrintf("mvCesaFragParamCheck: cryptoIvOffset (%d) is part of cryptoLength (%d+%d)\n", + pCmd->ivOffset, pCmd->macOffset, pCmd->macLength); + return MV_BAD_PARAM; + } + + /* ivOffset must be 4 byte aligned */ + if( MV_IS_NOT_ALIGN(pCmd->ivOffset, 4) ) + { + mvOsPrintf("CesaAction: ivOffset=%d must be 4 byte aligned\n", + pCmd->ivOffset); + return MV_BAD_PARAM; + } + /* In addition all offsets should be the same alignment: 8 or 4 */ + if( (pCmd->ivOffset % 8) != fixOffset) + { + mvOsPrintf("mvCesaAction: ivOffset %d mod 8 must be %d\n", + pCmd->ivOffset, fixOffset); + return MV_BAD_PARAM; + } + } + } + return MV_OK; +} + +/******************************************************************************* +* mvCesaFragParamCheck - +* +* DESCRIPTION: +* +* +* INPUT: +* MV_CESA_SA* pSA, MV_CESA_COMMAND *pCmd +* +* RETURN: +* MV_STATUS +* +*******************************************************************************/ +static MV_STATUS mvCesaFragParamCheck(MV_CESA_SA* pSA, MV_CESA_COMMAND *pCmd) +{ + int offset; + + if( ((pSA->config & MV_CESA_OPERATION_MASK) != + (MV_CESA_CRYPTO_ONLY << MV_CESA_OPERATION_OFFSET)) ) + { + /* macOffset must be less that SRAM buffer size */ + if(pCmd->macOffset > (sizeof(cesaSramVirtPtr->buf) - MV_CESA_AUTH_BLOCK_SIZE)) + { + mvOsPrintf("mvCesaFragParamCheck: macOffset is too large (%d)\n", + pCmd->macOffset); + return MV_BAD_PARAM; + } + /* macOffset+macSize must be more than mbufSize - SRAM buffer size */ + if( ((pCmd->macOffset + pCmd->macLength) > pCmd->pSrc->mbufSize) || + ((pCmd->pSrc->mbufSize - (pCmd->macOffset + pCmd->macLength)) >= + sizeof(cesaSramVirtPtr->buf)) ) + { + mvOsPrintf("mvCesaFragParamCheck: macLength is too large (%d), mbufSize=%d\n", + pCmd->macLength, pCmd->pSrc->mbufSize); + return MV_BAD_PARAM; + } + } + + if( ((pSA->config & MV_CESA_OPERATION_MASK) != + (MV_CESA_MAC_ONLY << MV_CESA_OPERATION_OFFSET)) ) + { + /* cryptoOffset must be less that SRAM buffer size */ + /* 4 for possible fixOffset */ + if( (pCmd->cryptoOffset + 4) > (sizeof(cesaSramVirtPtr->buf) - pSA->cryptoBlockSize)) + { + mvOsPrintf("mvCesaFragParamCheck: cryptoOffset is too large (%d)\n", + pCmd->cryptoOffset); + return MV_BAD_PARAM; + } + + /* cryptoOffset+cryptoSize must be more than mbufSize - SRAM buffer size */ + if( ((pCmd->cryptoOffset + pCmd->cryptoLength) > pCmd->pSrc->mbufSize) || + ((pCmd->pSrc->mbufSize - (pCmd->cryptoOffset + pCmd->cryptoLength)) >= + (sizeof(cesaSramVirtPtr->buf) - pSA->cryptoBlockSize)) ) + { + mvOsPrintf("mvCesaFragParamCheck: cryptoLength is too large (%d), mbufSize=%d\n", + pCmd->cryptoLength, pCmd->pSrc->mbufSize); + return MV_BAD_PARAM; + } + } + + /* When MAC_THEN_CRYPTO or CRYPTO_THEN_MAC */ + if( ((pSA->config & MV_CESA_OPERATION_MASK) == + (MV_CESA_MAC_THEN_CRYPTO << MV_CESA_OPERATION_OFFSET)) || + ((pSA->config & MV_CESA_OPERATION_MASK) == + (MV_CESA_CRYPTO_THEN_MAC << MV_CESA_OPERATION_OFFSET)) ) + { + if( (mvCtrlModelGet() == MV_5182_DEV_ID) || + ( (mvCtrlModelGet() == MV_5181_DEV_ID) && + (mvCtrlRevGet() >= MV_5181L_A0_REV) && + (pCmd->macLength >= (1 << 14)) ) ) + { + return MV_NOT_ALLOWED; + } + + /* abs(cryptoOffset-macOffset) must be aligned cryptoBlockSize */ + if(pCmd->cryptoOffset > pCmd->macOffset) + { + offset = pCmd->cryptoOffset - pCmd->macOffset; + } + else + { + offset = pCmd->macOffset - pCmd->cryptoOffset; + } + + if( MV_IS_NOT_ALIGN(offset, pSA->cryptoBlockSize) ) + { +/* + mvOsPrintf("mvCesaFragParamCheck: (cryptoOffset - macOffset) must be %d byte aligned\n", + pSA->cryptoBlockSize); +*/ + return MV_NOT_ALLOWED; + } + /* Digest must not be part of CryptoLength */ + if( ((pCmd->digestOffset + pSA->digestSize) > pCmd->cryptoOffset) && + (pCmd->digestOffset < (pCmd->cryptoOffset + pCmd->cryptoLength)) ) + { +/* + mvOsPrintf("mvCesaFragParamCheck: digestOffset (%d) is part of cryptoLength (%d+%d)\n", + pCmd->digestOffset, pCmd->cryptoOffset, pCmd->cryptoLength); +*/ + return MV_NOT_ALLOWED; + } + } + return MV_OK; +} + +/******************************************************************************* +* mvCesaFragSizeFind - +* +* DESCRIPTION: +* +* +* INPUT: +* MV_CESA_SA* pSA, MV_CESA_COMMAND *pCmd, +* int cryptoOffset, int macOffset, +* +* OUTPUT: +* int* pCopySize, int* pCryptoDataSize, int* pMacDataSize +* +* RETURN: +* MV_STATUS +* +*******************************************************************************/ +static void mvCesaFragSizeFind(MV_CESA_SA* pSA, MV_CESA_REQ* pReq, + int cryptoOffset, int macOffset, + int* pCopySize, int* pCryptoDataSize, int* pMacDataSize) +{ + MV_CESA_COMMAND *pCmd = pReq->pCmd; + int cryptoDataSize, macDataSize, copySize; + + cryptoDataSize = macDataSize = 0; + copySize = *pCopySize; + + if( (pSA->config & MV_CESA_OPERATION_MASK) != + (MV_CESA_MAC_ONLY << MV_CESA_OPERATION_OFFSET) ) + { + cryptoDataSize = MV_MIN( (copySize - cryptoOffset), + (pCmd->cryptoLength - (pReq->frags.cryptoSize + 1)) ); + + /* cryptoSize for each fragment must be the whole number of blocksSize */ + if( MV_IS_NOT_ALIGN(cryptoDataSize, pSA->cryptoBlockSize) ) + { + cryptoDataSize = MV_ALIGN_DOWN(cryptoDataSize, pSA->cryptoBlockSize); + copySize = cryptoOffset + cryptoDataSize; + } + } + if( (pSA->config & MV_CESA_OPERATION_MASK) != + (MV_CESA_CRYPTO_ONLY << MV_CESA_OPERATION_OFFSET) ) + { + macDataSize = MV_MIN( (copySize - macOffset), + (pCmd->macLength - (pReq->frags.macSize + 1))); + + /* macSize for each fragment (except last) must be the whole number of blocksSize */ + if( MV_IS_NOT_ALIGN(macDataSize, MV_CESA_AUTH_BLOCK_SIZE) ) + { + macDataSize = MV_ALIGN_DOWN(macDataSize, MV_CESA_AUTH_BLOCK_SIZE); + copySize = macOffset + macDataSize; + } + cryptoDataSize = copySize - cryptoOffset; + } + *pCopySize = copySize; + + if(pCryptoDataSize != NULL) + *pCryptoDataSize = cryptoDataSize; + + if(pMacDataSize != NULL) + *pMacDataSize = macDataSize; +} diff -Naur linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/mvCesaDebug.c linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/mvCesaDebug.c --- linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/mvCesaDebug.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/mvCesaDebug.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,484 @@ +/******************************************************************************* +Copyright (C) Marvell International Ltd. and its affiliates + +This software file (the "File") is owned and distributed by Marvell +International Ltd. and/or its affiliates ("Marvell") under the following +alternative licensing terms. Once you have made an election to distribute the +File under one of the following license alternatives, please (i) delete this +introductory statement regarding license alternatives, (ii) delete the two +license alternatives that you have not elected to use and (iii) preserve the +Marvell copyright notice above. + +******************************************************************************** +Marvell Commercial License Option + +If you received this File from Marvell and you have entered into a commercial +license agreement (a "Commercial License") with Marvell, the File is licensed +to you under the terms of the applicable Commercial License. + +******************************************************************************** +Marvell GPL License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File in accordance with the terms and conditions of the General +Public License Version 2, June 1991 (the "GPL License"), a copy of which is +available along with the File in the license.txt file or by writing to the Free +Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 or +on the worldwide web at http://www.gnu.org/licenses/gpl.txt. + +THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE IMPLIED +WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY +DISCLAIMED. The GPL License provides additional details about this warranty +disclaimer. +******************************************************************************** +Marvell BSD License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File under the following licensing terms. +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + * Neither the name of Marvell nor the names of its contributors may be + used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +*******************************************************************************/ + +#include "mvOs.h" +#include "mvDebug.h" + +#include "cesa/mvMD5.h" +#include "cesa/mvSHA1.h" + +#include "cesa/mvCesa.h" +#include "cesa/mvCesaRegs.h" +#include "cesa/AES/mvAes.h" + +static const char* mvCesaDebugStateStr(MV_CESA_STATE state) +{ + switch(state) + { + case MV_CESA_IDLE: + return "Idle"; + + case MV_CESA_PENDING: + return "Pend"; + + case MV_CESA_PROCESS: + return "Proc"; + + case MV_CESA_READY: + return "Ready"; + + default: + break; + } + return "Unknown"; +} + +static const char* mvCesaDebugOperStr(MV_CESA_OPERATION oper) +{ + switch(oper) + { + case MV_CESA_MAC_ONLY: + return "MacOnly"; + + case MV_CESA_CRYPTO_ONLY: + return "CryptoOnly"; + + case MV_CESA_MAC_THEN_CRYPTO: + return "MacCrypto"; + + case MV_CESA_CRYPTO_THEN_MAC: + return "CryptoMac"; + + default: + break; + } + return "Null"; +} + +static const char* mvCesaDebugCryptoAlgStr(MV_CESA_CRYPTO_ALG cryptoAlg) +{ + switch(cryptoAlg) + { + case MV_CESA_CRYPTO_DES: + return "DES"; + + case MV_CESA_CRYPTO_3DES: + return "3DES"; + + case MV_CESA_CRYPTO_AES: + return "AES"; + + default: + break; + } + return "Null"; +} + +static const char* mvCesaDebugMacModeStr(MV_CESA_MAC_MODE macMode) +{ + switch(macMode) + { + case MV_CESA_MAC_MD5: + return "MD5"; + + case MV_CESA_MAC_SHA1: + return "SHA1"; + + case MV_CESA_MAC_HMAC_MD5: + return "HMAC-MD5"; + + case MV_CESA_MAC_HMAC_SHA1: + return "HMAC_SHA1"; + + default: + break; + } + return "Null"; +} + +void mvCesaDebugCmd(MV_CESA_COMMAND* pCmd, int mode) +{ + mvOsPrintf("pCmd=%p, pReqPrv=%p, pSrc=%p, pDst=%p, pCB=%p, sid=%d\n", + pCmd, pCmd->pReqPrv, pCmd->pSrc, pCmd->pDst, + pCmd->pFuncCB, pCmd->sessionId); + mvOsPrintf("isUser=%d, ivOffs=%d, crOffs=%d, crLen=%d, digest=%d, macOffs=%d, macLen=%d\n", + pCmd->ivFromUser, pCmd->ivOffset, pCmd->cryptoOffset, pCmd->cryptoLength, + pCmd->digestOffset, pCmd->macOffset, pCmd->macLength); +} + +/* no need to use in tool */ +void mvCesaDebugMbuf(const char* str, MV_CESA_MBUF *pMbuf, int offset, int size) +{ + int frag, len, fragOffset; + + if(str != NULL) + mvOsPrintf("%s: pMbuf=%p, numFrags=%d, mbufSize=%d\n", + str, pMbuf, pMbuf->numFrags, pMbuf->mbufSize); + + frag = mvCesaMbufOffset(pMbuf, offset, &fragOffset); + if(frag == MV_INVALID) + { + mvOsPrintf("CESA Mbuf Error: offset (%d) out of range\n", offset); + return; + } + + for(; fragnumFrags; frag++) + { + mvOsPrintf("#%2d. bufVirt=%p, bufSize=%d\n", + frag, pMbuf->pFrags[frag].bufVirtPtr, + pMbuf->pFrags[frag].bufSize); + if(size > 0) + { + len = MV_MIN(pMbuf->pFrags[frag].bufSize, size); + mvDebugMemDump(pMbuf->pFrags[frag].bufVirtPtr+fragOffset, len, 1); + size -= len; + fragOffset = 0; + } + } +} + +void mvCesaDebugRegs(void) +{ + mvOsPrintf("\t CESA Registers:\n"); + + mvOsPrintf("MV_CESA_CMD_REG : 0x%X = 0x%08x\n", + MV_CESA_CMD_REG, + MV_REG_READ( MV_CESA_CMD_REG ) ); + + mvOsPrintf("MV_CESA_CHAN_DESC_OFFSET_REG : 0x%X = 0x%08x\n", + MV_CESA_CHAN_DESC_OFFSET_REG, + MV_REG_READ(MV_CESA_CHAN_DESC_OFFSET_REG) ); + + mvOsPrintf("MV_CESA_CFG_REG : 0x%X = 0x%08x\n", + MV_CESA_CFG_REG, + MV_REG_READ( MV_CESA_CFG_REG ) ); + + mvOsPrintf("MV_CESA_STATUS_REG : 0x%X = 0x%08x\n", + MV_CESA_STATUS_REG, + MV_REG_READ( MV_CESA_STATUS_REG ) ); + + mvOsPrintf("MV_CESA_ISR_CAUSE_REG : 0x%X = 0x%08x\n", + MV_CESA_ISR_CAUSE_REG, + MV_REG_READ( MV_CESA_ISR_CAUSE_REG ) ); + + mvOsPrintf("MV_CESA_ISR_MASK_REG : 0x%X = 0x%08x\n", + MV_CESA_ISR_MASK_REG, + MV_REG_READ( MV_CESA_ISR_MASK_REG ) ); +#if (MV_CESA_VERSION >= 2) + mvOsPrintf("MV_CESA_TDMA_CTRL_REG : 0x%X = 0x%08x\n", + MV_CESA_TDMA_CTRL_REG, + MV_REG_READ( MV_CESA_TDMA_CTRL_REG ) ); + + mvOsPrintf("MV_CESA_TDMA_BYTE_COUNT_REG : 0x%X = 0x%08x\n", + MV_CESA_TDMA_BYTE_COUNT_REG, + MV_REG_READ( MV_CESA_TDMA_BYTE_COUNT_REG ) ); + + mvOsPrintf("MV_CESA_TDMA_SRC_ADDR_REG : 0x%X = 0x%08x\n", + MV_CESA_TDMA_SRC_ADDR_REG, + MV_REG_READ( MV_CESA_TDMA_SRC_ADDR_REG ) ); + + mvOsPrintf("MV_CESA_TDMA_DST_ADDR_REG : 0x%X = 0x%08x\n", + MV_CESA_TDMA_DST_ADDR_REG, + MV_REG_READ( MV_CESA_TDMA_DST_ADDR_REG ) ); + + mvOsPrintf("MV_CESA_TDMA_NEXT_DESC_PTR_REG : 0x%X = 0x%08x\n", + MV_CESA_TDMA_NEXT_DESC_PTR_REG, + MV_REG_READ( MV_CESA_TDMA_NEXT_DESC_PTR_REG ) ); + + mvOsPrintf("MV_CESA_TDMA_CURR_DESC_PTR_REG : 0x%X = 0x%08x\n", + MV_CESA_TDMA_CURR_DESC_PTR_REG, + MV_REG_READ( MV_CESA_TDMA_CURR_DESC_PTR_REG ) ); + + mvOsPrintf("MV_CESA_TDMA_ERROR_CAUSE_REG : 0x%X = 0x%08x\n", + MV_CESA_TDMA_ERROR_CAUSE_REG, + MV_REG_READ( MV_CESA_TDMA_ERROR_CAUSE_REG ) ); + + mvOsPrintf("MV_CESA_TDMA_ERROR_MASK_REG : 0x%X = 0x%08x\n", + MV_CESA_TDMA_ERROR_MASK_REG, + MV_REG_READ( MV_CESA_TDMA_ERROR_CAUSE_REG ) ); + +#endif +} + +void mvCesaDebugStatus(void) +{ + mvOsPrintf("\n\t CESA Status\n\n"); + + mvOsPrintf("pReqQ=%p, qDepth=%d, reqSize=%ld bytes, qRes=%d, ", + pCesaReqFirst, cesaQueueDepth, sizeof(MV_CESA_REQ), + cesaReqResources); +#if (MV_CESA_VERSION >= 3) + mvOsPrintf("chainLength=%u\n",cesaChainLength); +#else + mvOsPrintf("\n"); +#endif + + mvOsPrintf("pSAD=%p, maxSA=%d, sizeSA=%ld bytes\n", + pCesaSAD, cesaMaxSA, sizeof(MV_CESA_SA)); + + mvOsPrintf("\n"); + + mvCesaDebugRegs(); + mvCesaDebugStats(); + mvCesaDebugStatsClear(); +} + +void mvCesaDebugDescriptor(MV_CESA_DESC* pDesc) +{ + mvOsPrintf("config=0x%08x, crSrcOffs=0x%04x, crDstOffs=0x%04x\n", + pDesc->config, pDesc->cryptoSrcOffset, pDesc->cryptoDstOffset); + + mvOsPrintf("crLen=0x%04x, crKeyOffs=0x%04x, ivOffs=0x%04x, ivBufOffs=0x%04x\n", + pDesc->cryptoDataLen, pDesc->cryptoKeyOffset, + pDesc->cryptoIvOffset, pDesc->cryptoIvBufOffset); + + mvOsPrintf("macSrc=0x%04x, digest=0x%04x, macLen=0x%04x, inIv=0x%04x, outIv=0x%04x\n", + pDesc->macSrcOffset, pDesc->macDigestOffset, pDesc->macDataLen, + pDesc->macInnerIvOffset, pDesc->macOuterIvOffset); +} + +void mvCesaDebugQueue(int mode) +{ + mvOsPrintf("\n\t CESA Request Queue:\n\n"); + + mvOsPrintf("pFirstReq=%p, pLastReq=%p, qDepth=%d, reqSize=%ld bytes\n", + pCesaReqFirst, pCesaReqLast, cesaQueueDepth, sizeof(MV_CESA_REQ)); + + mvOsPrintf("pEmpty=%p, pProcess=%p, qResources=%d\n", + pCesaReqEmpty, pCesaReqProcess, + cesaReqResources); + + if(mode != 0) + { + int count = 0; + MV_CESA_REQ* pReq = pCesaReqFirst; + + for(count=0; countstate), + pReq->fragMode, pReq->pCmd, pReq->dma[0].pDmaFirst, &pReq->pCesaDesc[0]); + if(pReq->fragMode != MV_CESA_FRAG_NONE) + { + int frag; + + mvOsPrintf("pFrags=%p, num=%d, next=%d, bufOffset=%d, cryptoSize=%d, macSize=%d\n", + &pReq->frags, pReq->frags.numFrag, pReq->frags.nextFrag, + pReq->frags.bufOffset, pReq->frags.cryptoSize, pReq->frags.macSize); + for(frag=0; fragfrags.numFrag; frag++) + { + mvOsPrintf("#%d: pDmaFirst=%p, pDesc=%p\n", frag, + pReq->dma[frag].pDmaFirst, &pReq->pCesaDesc[frag]); + } + } + if(mode > 1) + { + /* Print out Command */ + mvCesaDebugCmd(pReq->pCmd, mode); + + /* Print out Descriptor */ + mvCesaDebugDescriptor(&pReq->pCesaDesc[0]); + } + pReq++; + } + } +} + + +void mvCesaDebugSramSA(MV_CESA_SRAM_SA* pSramSA, int mode) +{ + if(pSramSA == NULL) + { + mvOsPrintf("cesaSramSA: Unexpected pSramSA=%p\n", pSramSA); + return; + } + mvOsPrintf("pSramSA=%p, sizeSramSA=%ld bytes\n", + pSramSA, sizeof(MV_CESA_SRAM_SA)); + + if(mode != 0) + { + mvOsPrintf("cryptoKey=%p, maxCryptoKey=%d bytes\n", + pSramSA->cryptoKey, MV_CESA_MAX_CRYPTO_KEY_LENGTH); + mvDebugMemDump(pSramSA->cryptoKey, MV_CESA_MAX_CRYPTO_KEY_LENGTH, 1); + + mvOsPrintf("macInnerIV=%p, maxInnerIV=%d bytes\n", + pSramSA->macInnerIV, MV_CESA_MAX_DIGEST_SIZE); + mvDebugMemDump(pSramSA->macInnerIV, MV_CESA_MAX_DIGEST_SIZE, 1); + + mvOsPrintf("macOuterIV=%p, maxOuterIV=%d bytes\n", + pSramSA->macOuterIV, MV_CESA_MAX_DIGEST_SIZE); + mvDebugMemDump(pSramSA->macOuterIV, MV_CESA_MAX_DIGEST_SIZE, 1); + } +} + +void mvCesaDebugSA(short sid, int mode) +{ + MV_CESA_OPERATION oper; + MV_CESA_DIRECTION dir; + MV_CESA_CRYPTO_ALG cryptoAlg; + MV_CESA_CRYPTO_MODE cryptoMode; + MV_CESA_MAC_MODE macMode; + MV_CESA_SA* pSA = &pCesaSAD[sid]; + + if( (pSA->valid) || ((pSA->count != 0) && (mode > 0)) || (mode >= 2) ) + { + mvOsPrintf("\n\nCESA SA Entry #%d (%p) - %s (count=%d)\n", + sid, pSA, + pSA->valid ? "Valid" : "Invalid", pSA->count); + + oper = (pSA->config & MV_CESA_OPERATION_MASK) >> MV_CESA_OPERATION_OFFSET; + dir = (pSA->config & MV_CESA_DIRECTION_MASK) >> MV_CESA_DIRECTION_BIT; + mvOsPrintf("%s - %s ", mvCesaDebugOperStr(oper), + (dir == MV_CESA_DIR_ENCODE) ? "Encode" : "Decode"); + if(oper != MV_CESA_MAC_ONLY) + { + cryptoAlg = (pSA->config & MV_CESA_CRYPTO_ALG_MASK) >> MV_CESA_CRYPTO_ALG_OFFSET; + cryptoMode = (pSA->config & MV_CESA_CRYPTO_MODE_MASK) >> MV_CESA_CRYPTO_MODE_BIT; + mvOsPrintf("- %s - %s ", mvCesaDebugCryptoAlgStr(cryptoAlg), + (cryptoMode == MV_CESA_CRYPTO_ECB) ? "ECB" : "CBC"); + } + if(oper != MV_CESA_CRYPTO_ONLY) + { + macMode = (pSA->config & MV_CESA_MAC_MODE_MASK) >> MV_CESA_MAC_MODE_OFFSET; + mvOsPrintf("- %s ", mvCesaDebugMacModeStr(macMode)); + } + mvOsPrintf("\n"); + + if(mode > 0) + { + mvOsPrintf("config=0x%08x, cryptoKeySize=%d, digestSize=%d\n", + pCesaSAD[sid].config, pCesaSAD[sid].cryptoKeyLength, + pCesaSAD[sid].digestSize); + + mvCesaDebugSramSA(pCesaSAD[sid].pSramSA, mode); + } + } +} + + +/**/ +void mvCesaDebugSram(int mode) +{ + mvOsPrintf("\n\t SRAM contents: size=%ld, pVirt=%p\n\n", + sizeof(MV_CESA_SRAM_MAP), cesaSramVirtPtr); + + mvOsPrintf("\n\t Sram buffer: size=%d, pVirt=%p\n", + MV_CESA_MAX_BUF_SIZE, cesaSramVirtPtr->buf); + if(mode != 0) + mvDebugMemDump(cesaSramVirtPtr->buf, 64, 1); + + mvOsPrintf("\n"); + mvOsPrintf("\n\t Sram descriptor: size=%ld, pVirt=%p\n", + sizeof(MV_CESA_DESC), &cesaSramVirtPtr->desc); + if(mode != 0) + { + mvOsPrintf("\n"); + mvCesaDebugDescriptor(&cesaSramVirtPtr->desc); + } + mvOsPrintf("\n\t Sram IV: size=%d, pVirt=%p\n", + MV_CESA_MAX_IV_LENGTH, &cesaSramVirtPtr->cryptoIV); + if(mode != 0) + { + mvOsPrintf("\n"); + mvDebugMemDump(cesaSramVirtPtr->cryptoIV, MV_CESA_MAX_IV_LENGTH, 1); + } + mvOsPrintf("\n"); + mvCesaDebugSramSA(&cesaSramVirtPtr->sramSA, 0); +} + +void mvCesaDebugSAD(int mode) +{ + int sid; + + mvOsPrintf("\n\t Cesa SAD status: pSAD=%p, maxSA=%d\n", + pCesaSAD, cesaMaxSA); + + for(sid=0; sid= 3) + mvOsPrintf("maxChainUsage=%u\n",cesaStats.maxChainUsage); +#endif + mvOsPrintf("\n"); + mvOsPrintf("proc=%u, ready=%u, notReady=%u\n", + cesaStats.procCount, cesaStats.readyCount, cesaStats.notReadyCount); +} + +void mvCesaDebugStatsClear(void) +{ + memset(&cesaStats, 0, sizeof(cesaStats)); +} diff -Naur linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/mvCesa.h linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/mvCesa.h --- linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/mvCesa.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/mvCesa.h 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,412 @@ +/******************************************************************************* +Copyright (C) Marvell International Ltd. and its affiliates + +This software file (the "File") is owned and distributed by Marvell +International Ltd. and/or its affiliates ("Marvell") under the following +alternative licensing terms. Once you have made an election to distribute the +File under one of the following license alternatives, please (i) delete this +introductory statement regarding license alternatives, (ii) delete the two +license alternatives that you have not elected to use and (iii) preserve the +Marvell copyright notice above. + +******************************************************************************** +Marvell Commercial License Option + +If you received this File from Marvell and you have entered into a commercial +license agreement (a "Commercial License") with Marvell, the File is licensed +to you under the terms of the applicable Commercial License. + +******************************************************************************** +Marvell GPL License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File in accordance with the terms and conditions of the General +Public License Version 2, June 1991 (the "GPL License"), a copy of which is +available along with the File in the license.txt file or by writing to the Free +Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 or +on the worldwide web at http://www.gnu.org/licenses/gpl.txt. + +THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE IMPLIED +WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY +DISCLAIMED. The GPL License provides additional details about this warranty +disclaimer. +******************************************************************************** +Marvell BSD License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File under the following licensing terms. +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + * Neither the name of Marvell nor the names of its contributors may be + used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +*******************************************************************************/ + +/******************************************************************************* +* mvCesa.h - Header File for Cryptographic Engines and Security Accelerator +* +* DESCRIPTION: +* This header file contains macros typedefs and function declaration for +* the Marvell Cryptographic Engines and Security Accelerator. +* +*******************************************************************************/ + +#ifndef __mvCesa_h__ +#define __mvCesa_h__ + +#include "mvOs.h" +#include "mvCommon.h" +#include "mvDebug.h" + +#include "ctrlEnv/mvCtrlEnvSpec.h" + +#include "cesa/mvMD5.h" +#include "cesa/mvSHA1.h" + +#include "cesa/mvCesa.h" +#include "cesa/AES/mvAes.h" +#include "mvSysHwConfig.h" + +#ifdef MV_INCLUDE_IDMA +#include "idma/mvIdma.h" +#include "idma/mvIdmaRegs.h" +#else +/* Redefine MV_DMA_DESC structure */ +typedef struct _mvDmaDesc +{ + MV_U32 byteCnt; /* The total number of bytes to transfer */ + MV_U32 phySrcAdd; /* The physical source address */ + MV_U32 phyDestAdd; /* The physical destination address */ + MV_U32 phyNextDescPtr; /* If we are using chain mode DMA transfer, */ + /* then this pointer should point to the */ + /* physical address of the next descriptor, */ + /* otherwise it should be NULL. */ +}MV_DMA_DESC; +#endif /* MV_INCLUDE_IDMA */ + +#include "cesa/mvCesaRegs.h" + +#define MV_CESA_AUTH_BLOCK_SIZE 64 /* bytes */ + +#define MV_CESA_MD5_DIGEST_SIZE 16 /* bytes */ +#define MV_CESA_SHA1_DIGEST_SIZE 20 /* bytes */ + +#define MV_CESA_MAX_DIGEST_SIZE MV_CESA_SHA1_DIGEST_SIZE + +#define MV_CESA_DES_KEY_LENGTH 8 /* bytes = 64 bits */ +#define MV_CESA_3DES_KEY_LENGTH 24 /* bytes = 192 bits */ +#define MV_CESA_AES_128_KEY_LENGTH 16 /* bytes = 128 bits */ +#define MV_CESA_AES_192_KEY_LENGTH 24 /* bytes = 192 bits */ +#define MV_CESA_AES_256_KEY_LENGTH 32 /* bytes = 256 bits */ + +#define MV_CESA_MAX_CRYPTO_KEY_LENGTH MV_CESA_AES_256_KEY_LENGTH + +#define MV_CESA_DES_BLOCK_SIZE 8 /* bytes = 64 bits */ +#define MV_CESA_3DES_BLOCK_SIZE 8 /* bytes = 64 bits */ + +#define MV_CESA_AES_BLOCK_SIZE 16 /* bytes = 128 bits */ + +#define MV_CESA_MAX_IV_LENGTH MV_CESA_AES_BLOCK_SIZE + +#define MV_CESA_MAX_MAC_KEY_LENGTH 64 /* bytes */ + +typedef struct +{ + MV_U8 cryptoKey[MV_CESA_MAX_CRYPTO_KEY_LENGTH]; + MV_U8 macKey[MV_CESA_MAX_MAC_KEY_LENGTH]; + MV_CESA_OPERATION operation; + MV_CESA_DIRECTION direction; + MV_CESA_CRYPTO_ALG cryptoAlgorithm; + MV_CESA_CRYPTO_MODE cryptoMode; + MV_U8 cryptoKeyLength; + MV_CESA_MAC_MODE macMode; + MV_U8 macKeyLength; + MV_U8 digestSize; + +} MV_CESA_OPEN_SESSION; + +typedef struct +{ + MV_BUF_INFO *pFrags; + MV_U16 numFrags; + MV_U16 mbufSize; + +} MV_CESA_MBUF; + +typedef struct +{ + void* pReqPrv; /* instead of reqId */ + MV_U32 retCode; + MV_16 sessionId; + +} MV_CESA_RESULT; + +typedef void (*MV_CESA_CALLBACK) (MV_CESA_RESULT* pResult); + + +typedef struct +{ + void* pReqPrv; /* instead of reqId */ + MV_CESA_MBUF* pSrc; + MV_CESA_MBUF* pDst; + MV_CESA_CALLBACK* pFuncCB; + MV_16 sessionId; + MV_U16 ivFromUser; + MV_U16 ivOffset; + MV_U16 cryptoOffset; + MV_U16 cryptoLength; + MV_U16 digestOffset; + MV_U16 macOffset; + MV_U16 macLength; + MV_BOOL skipFlush; +} MV_CESA_COMMAND; + + + +MV_STATUS mvCesaHalInit (int numOfSession, int queueDepth, char* pSramBase, MV_U32 cryptEngBase, void *osHandle); +MV_STATUS mvCesaFinish (void); +MV_STATUS mvCesaSessionOpen(MV_CESA_OPEN_SESSION *pSession, short* pSid); +MV_STATUS mvCesaSessionClose(short sid); +MV_STATUS mvCesaCryptoIvSet(MV_U8* pIV, int ivSize); + +MV_STATUS mvCesaAction (MV_CESA_COMMAND* pCmd); + +MV_U32 mvCesaInProcessGet(void); +MV_STATUS mvCesaReadyDispatch(void); +MV_STATUS mvCesaReadyGet(MV_CESA_RESULT* pResult); +MV_BOOL mvCesaIsReady(void); + +int mvCesaMbufOffset(MV_CESA_MBUF* pMbuf, int offset, int* pBufOffset); +MV_STATUS mvCesaCopyFromMbuf(MV_U8* pDst, MV_CESA_MBUF* pSrcMbuf, + int offset, int size); +MV_STATUS mvCesaCopyToMbuf(MV_U8* pSrc, MV_CESA_MBUF* pDstMbuf, + int offset, int size); +MV_STATUS mvCesaMbufCopy(MV_CESA_MBUF* pMbufDst, int dstMbufOffset, + MV_CESA_MBUF* pMbufSrc, int srcMbufOffset, int size); + +/********** Debug functions ********/ + +void mvCesaDebugMbuf(const char* str, MV_CESA_MBUF *pMbuf, int offset, int size); +void mvCesaDebugSA(short sid, int mode); +void mvCesaDebugStats(void); +void mvCesaDebugStatsClear(void); +void mvCesaDebugRegs(void); +void mvCesaDebugStatus(void); +void mvCesaDebugQueue(int mode); +void mvCesaDebugSram(int mode); +void mvCesaDebugSAD(int mode); + + +/******** CESA Private definitions ********/ +#if (MV_CESA_VERSION >= 2) +#if (MV_CACHE_COHERENCY == MV_CACHE_COHER_SW) +#define MV_CESA_TDMA_CTRL_VALUE MV_CESA_TDMA_DST_BURST_MASK(MV_CESA_TDMA_BURST_128B) \ + | MV_CESA_TDMA_SRC_BURST_MASK(MV_CESA_TDMA_BURST_128B) \ + | MV_CESA_TDMA_OUTSTAND_READ_EN_MASK \ + | MV_CESA_TDMA_NO_BYTE_SWAP_MASK \ + | MV_CESA_TDMA_ENABLE_MASK +#else +#define MV_CESA_TDMA_CTRL_VALUE MV_CESA_TDMA_DST_BURST_MASK(MV_CESA_TDMA_BURST_32B) \ + | MV_CESA_TDMA_SRC_BURST_MASK(MV_CESA_TDMA_BURST_128B) \ + /*| MV_CESA_TDMA_OUTSTAND_READ_EN_MASK */\ + | MV_CESA_TDMA_ENABLE_MASK + +#endif +#else +#define MV_CESA_IDMA_CTRL_LOW_VALUE ICCLR_DST_BURST_LIM_128BYTE \ + | ICCLR_SRC_BURST_LIM_128BYTE \ + | ICCLR_INT_MODE_MASK \ + | ICCLR_BLOCK_MODE \ + | ICCLR_CHAN_ENABLE \ + | ICCLR_DESC_MODE_16M +#endif /* MV_CESA_VERSION >= 2 */ + +#define MV_CESA_MAX_PKT_SIZE (64 * 1024) +#define MV_CESA_MAX_MBUF_FRAGS 20 + +#define MV_CESA_MAX_REQ_FRAGS ( (MV_CESA_MAX_PKT_SIZE / MV_CESA_MAX_BUF_SIZE) + 1) + +#define MV_CESA_MAX_DMA_DESC (MV_CESA_MAX_MBUF_FRAGS*2 + 5) + +#define MAX_CESA_CHAIN_LENGTH 20 + +typedef enum +{ + MV_CESA_IDLE = 0, + MV_CESA_PENDING, + MV_CESA_PROCESS, + MV_CESA_READY, +#if (MV_CESA_VERSION >= 3) + MV_CESA_CHAIN, +#endif +} MV_CESA_STATE; + + +/* Session database */ + +/* Map of Key materials of the session in SRAM. + * Each field must be 8 byte aligned + * Total size: 32 + 24 + 24 = 80 bytes + */ +typedef struct +{ + MV_U8 cryptoKey[MV_CESA_MAX_CRYPTO_KEY_LENGTH]; + MV_U8 macInnerIV[MV_CESA_MAX_DIGEST_SIZE]; + MV_U8 reservedInner[4]; + MV_U8 macOuterIV[MV_CESA_MAX_DIGEST_SIZE]; + MV_U8 reservedOuter[4]; + +} MV_CESA_SRAM_SA; + +typedef struct +{ + MV_CESA_SRAM_SA* pSramSA; + MV_U32 config; + MV_U8 cryptoKeyLength; + MV_U8 cryptoIvSize; + MV_U8 cryptoBlockSize; + MV_U8 digestSize; + MV_U8 macKeyLength; + MV_U8 valid; + MV_U8 ctrMode; + MV_U32 count; + +} MV_CESA_SA; + +/* DMA list management */ +typedef struct +{ + MV_DMA_DESC* pDmaFirst; + MV_DMA_DESC* pDmaLast; + +} MV_CESA_DMA; + + +typedef struct +{ + MV_U8 numFrag; + MV_U8 nextFrag; + int bufOffset; + int cryptoSize; + int macSize; + int newDigestOffset; + MV_U8 orgDigest[MV_CESA_MAX_DIGEST_SIZE]; + +} MV_CESA_FRAGS; + +/* Request queue */ +typedef struct +{ + MV_U8 state; + MV_U8 fragMode; + MV_U8 fixOffset; + MV_CESA_COMMAND* pCmd; + MV_CESA_COMMAND* pOrgCmd; + MV_BUF_INFO dmaDescBuf; + MV_CESA_DMA dma[MV_CESA_MAX_REQ_FRAGS]; + MV_BUF_INFO cesaDescBuf; + MV_CESA_DESC* pCesaDesc; + MV_CESA_FRAGS frags; + + +} MV_CESA_REQ; + + +/* SRAM map */ +/* Total SRAM size calculation */ +/* SRAM size = + * MV_CESA_MAX_BUF_SIZE + + * sizeof(MV_CESA_DESC) + + * MV_CESA_MAX_IV_LENGTH + + * MV_CESA_MAX_IV_LENGTH + + * MV_CESA_MAX_DIGEST_SIZE + + * sizeof(MV_CESA_SRAM_SA) + * = 1600 + 32 + 16 + 16 + 24 + 80 + 280 (reserved) = 2048 bytes + * = 3200 + 32 + 16 + 16 + 24 + 80 + 728 (reserved) = 4096 bytes + */ +typedef struct +{ + MV_U8 buf[MV_CESA_MAX_BUF_SIZE]; + MV_CESA_DESC desc; + MV_U8 cryptoIV[MV_CESA_MAX_IV_LENGTH]; + MV_U8 tempCryptoIV[MV_CESA_MAX_IV_LENGTH]; + MV_U8 tempDigest[MV_CESA_MAX_DIGEST_SIZE+4]; + MV_CESA_SRAM_SA sramSA; + +} MV_CESA_SRAM_MAP; + + +typedef struct +{ + MV_U32 openedCount; + MV_U32 closedCount; + MV_U32 fragCount; + MV_U32 reqCount; + MV_U32 maxReqCount; + MV_U32 procCount; + MV_U32 readyCount; + MV_U32 notReadyCount; + MV_U32 startCount; +#if (MV_CESA_VERSION >= 3) + MV_U32 maxChainUsage; +#endif + +} MV_CESA_STATS; + + +/* External variables */ + +extern MV_CESA_STATS cesaStats; +extern MV_CESA_FRAGS cesaFrags; + +extern MV_BUF_INFO cesaSramSaBuf; + +extern MV_CESA_SA* pCesaSAD; +extern MV_U16 cesaMaxSA; + +extern MV_CESA_REQ* pCesaReqFirst; +extern MV_CESA_REQ* pCesaReqLast; +extern MV_CESA_REQ* pCesaReqEmpty; +extern MV_CESA_REQ* pCesaReqProcess; +extern int cesaQueueDepth; +extern int cesaReqResources; +#if (MV_CESA_VERSION>= 3) +extern MV_U32 cesaChainLength; +#endif + +extern MV_CESA_SRAM_MAP* cesaSramVirtPtr; +extern MV_U32 cesaSramPhysAddr; + +static INLINE MV_ULONG mvCesaVirtToPhys(MV_BUF_INFO* pBufInfo, void* pVirt) +{ + return (pBufInfo->bufPhysAddr + ((MV_U8*)pVirt - pBufInfo->bufVirtPtr)); +} + +/* Additional DEBUG functions */ +void mvCesaDebugSramSA(MV_CESA_SRAM_SA* pSramSA, int mode); +void mvCesaDebugCmd(MV_CESA_COMMAND* pCmd, int mode); +void mvCesaDebugDescriptor(MV_CESA_DESC* pDesc); + + + +#endif /* __mvCesa_h__ */ diff -Naur linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/mvCesaRegs.h linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/mvCesaRegs.h --- linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/mvCesaRegs.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/mvCesaRegs.h 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,357 @@ +/******************************************************************************* +Copyright (C) Marvell International Ltd. and its affiliates + +This software file (the "File") is owned and distributed by Marvell +International Ltd. and/or its affiliates ("Marvell") under the following +alternative licensing terms. Once you have made an election to distribute the +File under one of the following license alternatives, please (i) delete this +introductory statement regarding license alternatives, (ii) delete the two +license alternatives that you have not elected to use and (iii) preserve the +Marvell copyright notice above. + +******************************************************************************** +Marvell Commercial License Option + +If you received this File from Marvell and you have entered into a commercial +license agreement (a "Commercial License") with Marvell, the File is licensed +to you under the terms of the applicable Commercial License. + +******************************************************************************** +Marvell GPL License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File in accordance with the terms and conditions of the General +Public License Version 2, June 1991 (the "GPL License"), a copy of which is +available along with the File in the license.txt file or by writing to the Free +Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 or +on the worldwide web at http://www.gnu.org/licenses/gpl.txt. + +THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE IMPLIED +WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY +DISCLAIMED. The GPL License provides additional details about this warranty +disclaimer. +******************************************************************************** +Marvell BSD License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File under the following licensing terms. +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + * Neither the name of Marvell nor the names of its contributors may be + used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +*******************************************************************************/ + +#ifndef __mvCesaRegs_h__ +#define __mvCesaRegs_h__ + +#include "mvTypes.h" + +typedef struct +{ + /* word 0 */ + MV_U32 config; + /* word 1 */ + MV_U16 cryptoSrcOffset; + MV_U16 cryptoDstOffset; + /* word 2 */ + MV_U16 cryptoDataLen; + MV_U16 reserved1; + /* word 3 */ + MV_U16 cryptoKeyOffset; + MV_U16 reserved2; + /* word 4 */ + MV_U16 cryptoIvOffset; + MV_U16 cryptoIvBufOffset; + /* word 5 */ + MV_U16 macSrcOffset; + MV_U16 macTotalLen; + /* word 6 */ + MV_U16 macDigestOffset; + MV_U16 macDataLen; + /* word 7 */ + MV_U16 macInnerIvOffset; + MV_U16 macOuterIvOffset; + +} MV_CESA_DESC; + +/* operation */ +typedef enum +{ + MV_CESA_MAC_ONLY = 0, + MV_CESA_CRYPTO_ONLY = 1, + MV_CESA_MAC_THEN_CRYPTO = 2, + MV_CESA_CRYPTO_THEN_MAC = 3, + + MV_CESA_MAX_OPERATION + +} MV_CESA_OPERATION; + +#define MV_CESA_OPERATION_OFFSET 0 +#define MV_CESA_OPERATION_MASK (0x3 << MV_CESA_OPERATION_OFFSET) + +/* mac algorithm */ +typedef enum +{ + MV_CESA_MAC_NULL = 0, + MV_CESA_MAC_MD5 = 4, + MV_CESA_MAC_SHA1 = 5, + MV_CESA_MAC_HMAC_MD5 = 6, + MV_CESA_MAC_HMAC_SHA1 = 7, + +} MV_CESA_MAC_MODE; + +#define MV_CESA_MAC_MODE_OFFSET 4 +#define MV_CESA_MAC_MODE_MASK (0x7 << MV_CESA_MAC_MODE_OFFSET) + +typedef enum +{ + MV_CESA_MAC_DIGEST_FULL = 0, + MV_CESA_MAC_DIGEST_96B = 1, + +} MV_CESA_MAC_DIGEST_SIZE; + +#define MV_CESA_MAC_DIGEST_SIZE_BIT 7 +#define MV_CESA_MAC_DIGEST_SIZE_MASK (1 << MV_CESA_MAC_DIGEST_SIZE_BIT) + + +typedef enum +{ + MV_CESA_CRYPTO_NULL = 0, + MV_CESA_CRYPTO_DES = 1, + MV_CESA_CRYPTO_3DES = 2, + MV_CESA_CRYPTO_AES = 3, + +} MV_CESA_CRYPTO_ALG; + +#define MV_CESA_CRYPTO_ALG_OFFSET 8 +#define MV_CESA_CRYPTO_ALG_MASK (0x3 << MV_CESA_CRYPTO_ALG_OFFSET) + + +/* direction */ +typedef enum +{ + MV_CESA_DIR_ENCODE = 0, + MV_CESA_DIR_DECODE = 1, + +} MV_CESA_DIRECTION; + +#define MV_CESA_DIRECTION_BIT 12 +#define MV_CESA_DIRECTION_MASK (1 << MV_CESA_DIRECTION_BIT) + +/* crypto IV mode */ +typedef enum +{ + MV_CESA_CRYPTO_ECB = 0, + MV_CESA_CRYPTO_CBC = 1, + + /* NO HW Support */ + MV_CESA_CRYPTO_CTR = 10, + +} MV_CESA_CRYPTO_MODE; + +#define MV_CESA_CRYPTO_MODE_BIT 16 +#define MV_CESA_CRYPTO_MODE_MASK (1 << MV_CESA_CRYPTO_MODE_BIT) + +/* 3DES mode */ +typedef enum +{ + MV_CESA_CRYPTO_3DES_EEE = 0, + MV_CESA_CRYPTO_3DES_EDE = 1, + +} MV_CESA_CRYPTO_3DES_MODE; + +#define MV_CESA_CRYPTO_3DES_MODE_BIT 20 +#define MV_CESA_CRYPTO_3DES_MODE_MASK (1 << MV_CESA_CRYPTO_3DES_MODE_BIT) + + +/* AES Key Length */ +typedef enum +{ + MV_CESA_CRYPTO_AES_KEY_128 = 0, + MV_CESA_CRYPTO_AES_KEY_192 = 1, + MV_CESA_CRYPTO_AES_KEY_256 = 2, + +} MV_CESA_CRYPTO_AES_KEY_LEN; + +#define MV_CESA_CRYPTO_AES_KEY_LEN_OFFSET 24 +#define MV_CESA_CRYPTO_AES_KEY_LEN_MASK (0x3 << MV_CESA_CRYPTO_AES_KEY_LEN_OFFSET) + +/* Fragmentation mode */ +typedef enum +{ + MV_CESA_FRAG_NONE = 0, + MV_CESA_FRAG_FIRST = 1, + MV_CESA_FRAG_LAST = 2, + MV_CESA_FRAG_MIDDLE = 3, + +} MV_CESA_FRAG_MODE; + +#define MV_CESA_FRAG_MODE_OFFSET 30 +#define MV_CESA_FRAG_MODE_MASK (0x3 << MV_CESA_FRAG_MODE_OFFSET) +/*---------------------------------------------------------------------------*/ + +/********** Security Accelerator Command Register **************/ +#define MV_CESA_CMD_REG (MV_CESA_REG_BASE + 0xE00) + +#define MV_CESA_CMD_CHAN_ENABLE_BIT 0 +#define MV_CESA_CMD_CHAN_ENABLE_MASK (1 << MV_CESA_CMD_CHAN_ENABLE_BIT) + +#define MV_CESA_CMD_CHAN_DISABLE_BIT 2 +#define MV_CESA_CMD_CHAN_DISABLE_MASK (1 << MV_CESA_CMD_CHAN_DISABLE_BIT) + +/********** Security Accelerator Descriptor Pointers Register **********/ +#define MV_CESA_CHAN_DESC_OFFSET_REG (MV_CESA_REG_BASE + 0xE04) + +/********** Security Accelerator Configuration Register **********/ +#define MV_CESA_CFG_REG (MV_CESA_REG_BASE + 0xE08) + +#define MV_CESA_CFG_STOP_DIGEST_ERR_BIT 0 +#define MV_CESA_CFG_STOP_DIGEST_ERR_MASK (1 << MV_CESA_CFG_STOP_DIGEST_ERR_BIT) + +#define MV_CESA_CFG_WAIT_DMA_BIT 7 +#define MV_CESA_CFG_WAIT_DMA_MASK (1 << MV_CESA_CFG_WAIT_DMA_BIT) + +#define MV_CESA_CFG_ACT_DMA_BIT 9 +#define MV_CESA_CFG_ACT_DMA_MASK (1 << MV_CESA_CFG_ACT_DMA_BIT) + +#define MV_CESA_CFG_CHAIN_MODE_BIT 11 +#define MV_CESA_CFG_CHAIN_MODE_MASK (1 << MV_CESA_CFG_CHAIN_MODE_BIT) + +/********** Security Accelerator Status Register ***********/ +#define MV_CESA_STATUS_REG (MV_CESA_REG_BASE + 0xE0C) + +#define MV_CESA_STATUS_ACTIVE_BIT 0 +#define MV_CESA_STATUS_ACTIVE_MASK (1 << MV_CESA_STATUS_ACTIVE_BIT) + +#define MV_CESA_STATUS_DIGEST_ERR_BIT 8 +#define MV_CESA_STATUS_DIGEST_ERR_MASK (1 << MV_CESA_STATUS_DIGEST_ERR_BIT) + + +/* Cryptographic Engines and Security Accelerator Interrupt Cause Register */ +#define MV_CESA_ISR_CAUSE_REG (MV_CESA_REG_BASE + 0xE20) + +/* Cryptographic Engines and Security Accelerator Interrupt Mask Register */ +#define MV_CESA_ISR_MASK_REG (MV_CESA_REG_BASE + 0xE24) + +#define MV_CESA_CAUSE_AUTH_MASK (1 << 0) +#define MV_CESA_CAUSE_DES_MASK (1 << 1) +#define MV_CESA_CAUSE_AES_ENCR_MASK (1 << 2) +#define MV_CESA_CAUSE_AES_DECR_MASK (1 << 3) +#define MV_CESA_CAUSE_DES_ALL_MASK (1 << 4) + +#define MV_CESA_CAUSE_ACC_BIT 5 +#define MV_CESA_CAUSE_ACC_MASK (1 << MV_CESA_CAUSE_ACC_BIT) + +#define MV_CESA_CAUSE_ACC_DMA_BIT 7 +#define MV_CESA_CAUSE_ACC_DMA_MASK (1 << MV_CESA_CAUSE_ACC_DMA_BIT) +#define MV_CESA_CAUSE_ACC_DMA_ALL_MASK (3 << MV_CESA_CAUSE_ACC_DMA_BIT) + +#define MV_CESA_CAUSE_DMA_COMPL_BIT 9 +#define MV_CESA_CAUSE_DMA_COMPL_MASK (1 << MV_CESA_CAUSE_DMA_COMPL_BIT) + +#define MV_CESA_CAUSE_DMA_OWN_ERR_BIT 10 +#define MV_CESA_CAUSE_DMA_OWN_ERR_MASK (1 < MV_CESA_CAUSE_DMA_OWN_ERR_BIT) + +#define MV_CESA_CAUSE_DMA_CHAIN_PKT_BIT 11 +#define MV_CESA_CAUSE_DMA_CHAIN_PKT_MASK (1 < MV_CESA_CAUSE_DMA_CHAIN_PKT_BIT) + + +#define MV_CESA_AUTH_DATA_IN_REG (MV_CESA_REG_BASE + 0xd38) +#define MV_CESA_AUTH_BIT_COUNT_LOW_REG (MV_CESA_REG_BASE + 0xd20) +#define MV_CESA_AUTH_BIT_COUNT_HIGH_REG (MV_CESA_REG_BASE + 0xd24) + +#define MV_CESA_AUTH_INIT_VAL_DIGEST_REG(i) (MV_CESA_REG_BASE + 0xd00 + (i<<2)) + +#define MV_CESA_AUTH_INIT_VAL_DIGEST_A_REG (MV_CESA_REG_BASE + 0xd00) +#define MV_CESA_AUTH_INIT_VAL_DIGEST_B_REG (MV_CESA_REG_BASE + 0xd04) +#define MV_CESA_AUTH_INIT_VAL_DIGEST_C_REG (MV_CESA_REG_BASE + 0xd08) +#define MV_CESA_AUTH_INIT_VAL_DIGEST_D_REG (MV_CESA_REG_BASE + 0xd0c) +#define MV_CESA_AUTH_INIT_VAL_DIGEST_E_REG (MV_CESA_REG_BASE + 0xd10) +#define MV_CESA_AUTH_COMMAND_REG (MV_CESA_REG_BASE + 0xd18) + +#define MV_CESA_AUTH_ALGORITHM_BIT 0 +#define MV_CESA_AUTH_ALGORITHM_MD5 (0< +wait_queue_head_t cesaTest_waitq; +spinlock_t cesaLock; + +#define CESA_TEST_LOCK(flags) spin_lock_irqsave( &cesaLock, flags) +#define CESA_TEST_UNLOCK(flags) spin_unlock_irqrestore( &cesaLock, flags); + +#define CESA_TEST_WAIT_INIT() init_waitqueue_head(&cesaTest_waitq) +#define CESA_TEST_WAKE_UP() wake_up(&cesaTest_waitq) +#define CESA_TEST_WAIT(cond, ms) wait_event_timeout(cesaTest_waitq, (cond), msecs_to_jiffies(ms)) + +#define CESA_TEST_TICK_GET() jiffies +#define CESA_TEST_TICK_TO_MS(tick) jiffies_to_msecs(tick) + +#elif defined(MV_NETBSD) + +#include +#include +static int cesaLock; + +#define CESA_TEST_LOCK(flags) flags = splnet() +#define CESA_TEST_UNLOCK(flags) splx(flags) + +#define CESA_TEST_WAIT_INIT() /* nothing */ +#define CESA_TEST_WAKE_UP() wakeup(&cesaLock) +#define CESA_TEST_WAIT(cond, ms) \ +do { \ + while (!(cond)) \ + tsleep(&cesaLock, PWAIT, "cesatest",mstohz(ms)); \ +} while (/*CONSTCOND*/0) + +#define CESA_TEST_TICK_GET() hardclock_ticks +#define CESA_TEST_TICK_TO_MS(tick) ((1000/hz)*(tick)) + +#define request_irq(i,h,t,n,a) \ + !mv_intr_establish((i),IPL_NET,(int(*)(void *))(h),(a)) + +#else +#error "Only Linux, VxWorks, or NetBSD OS are supported" +#endif + +#include "mvDebug.h" + +#include "mvSysHwConfig.h" +#include "boardEnv/mvBoardEnvLib.h" +#include "ctrlEnv/sys/mvCpuIf.h" +#include "cntmr/mvCntmr.h" +#include "cesa/mvCesa.h" +#include "cesa/mvCesaRegs.h" +#include "cesa/mvMD5.h" +#include "cesa/mvSHA1.h" + +#if defined(CONFIG_MV646xx) +#include "marvell_pic.h" +#endif + +#define MV_CESA_USE_TIMER_ID 0 +#define CESA_DEF_BUF_SIZE 1500 +#define CESA_DEF_BUF_NUM 1 +#define CESA_DEF_SESSION_NUM 32 + +#define CESA_DEF_ITER_NUM 100 + +#define CESA_DEF_REQ_SIZE 256 + + +/* CESA Tests Debug */ +#undef CESA_TEST_DEBUG + +#ifdef CESA_TEST_DEBUG + +# define CESA_TEST_DEBUG_PRINT(msg) mvOsPrintf msg +# define CESA_TEST_DEBUG_CODE(code) code + +typedef struct +{ + int type; /* 0 - isrEmpty, 1 - cesaReadyGet, 2 - cesaAction */ + MV_U32 timeStamp; + MV_U32 cause; + MV_U32 realCause; + MV_U32 dmaCause; + int resources; + MV_CESA_REQ* pReqReady; + MV_CESA_REQ* pReqEmpty; + MV_CESA_REQ* pReqProcess; +} MV_CESA_TEST_TRACE; + +#define MV_CESA_TEST_TRACE_SIZE 25 + +static int cesaTestTraceIdx = 0; +static MV_CESA_TEST_TRACE cesaTestTrace[MV_CESA_TEST_TRACE_SIZE]; + +static void cesaTestTraceAdd(int type, MV_U32 cause) +{ + cesaTestTrace[cesaTestTraceIdx].type = type; + cesaTestTrace[cesaTestTraceIdx].cause = cause; + cesaTestTrace[cesaTestTraceIdx].realCause = MV_REG_READ(MV_CESA_ISR_CAUSE_REG); + cesaTestTrace[cesaTestTraceIdx].dmaCause = MV_REG_READ(IDMA_CAUSE_REG); + cesaTestTrace[cesaTestTraceIdx].resources = cesaReqResources; + cesaTestTrace[cesaTestTraceIdx].pReqReady = pCesaReqReady; + cesaTestTrace[cesaTestTraceIdx].pReqEmpty = pCesaReqEmpty; + cesaTestTrace[cesaTestTraceIdx].pReqProcess = pCesaReqProcess; + cesaTestTrace[cesaTestTraceIdx].timeStamp = mvCntmrRead(MV_CESA_USE_TIMER_ID); + cesaTestTraceIdx++; + if(cesaTestTraceIdx == MV_CESA_TEST_TRACE_SIZE) + cesaTestTraceIdx = 0; +} + +#else + +# define CESA_TEST_DEBUG_PRINT(msg) +# define CESA_TEST_DEBUG_CODE(code) + +#endif /* CESA_TEST_DEBUG */ + +int cesaExpReqId=0; +int cesaCbIter=0; + +int cesaIdx; +int cesaIteration; +int cesaRateSize; +int cesaReqSize; +unsigned long cesaTaskId; +int cesaBufNum; +int cesaBufSize; +int cesaCheckOffset; +int cesaCheckSize; +int cesaCheckMode; +int cesaTestIdx; +int cesaCaseIdx; + + +MV_U32 cesaTestIsrCount = 0; +MV_U32 cesaTestIsrMissCount = 0; + +MV_U32 cesaCryptoError = 0; +MV_U32 cesaReqIdError = 0; +MV_U32 cesaError = 0; + +char* cesaHexBuffer = NULL; + +char* cesaBinBuffer = NULL; +char* cesaExpBinBuffer = NULL; + +char* cesaInputHexStr = NULL; +char* cesaOutputHexStr = NULL; + +MV_BUF_INFO cesaReqBufs[CESA_DEF_REQ_SIZE]; + +MV_CESA_COMMAND* cesaCmdRing; +MV_CESA_RESULT cesaResult; + +int cesaTestFull = 0; + +MV_BOOL cesaIsReady = MV_FALSE; +MV_U32 cesaCycles = 0; +MV_U32 cesaBeginTicks = 0; +MV_U32 cesaEndTicks = 0; +MV_U32 cesaRate = 0; +MV_U32 cesaRateAfterDot = 0; + +void *cesaTestOSHandle = NULL; + +enum +{ + CESA_FAST_CHECK_MODE = 0, + CESA_FULL_CHECK_MODE, + CESA_NULL_CHECK_MODE, + CESA_SHOW_CHECK_MODE, + CESA_SW_SHOW_CHECK_MODE, + CESA_SW_NULL_CHECK_MODE, + + CESA_MAX_CHECK_MODE +}; + +enum +{ + DES_TEST_TYPE = 0, + TRIPLE_DES_TEST_TYPE = 1, + AES_TEST_TYPE = 2, + MD5_TEST_TYPE = 3, + SHA_TEST_TYPE = 4, + COMBINED_TEST_TYPE = 5, + + MAX_TEST_TYPE +}; + +/* Tests data base */ +typedef struct +{ + short sid; + char cryptoAlgorithm; /* DES/3DES/AES */ + char cryptoMode; /* ECB or CBC */ + char macAlgorithm; /* MD5 / SHA1 */ + char operation; /* CRYPTO/HMAC/CRYPTO+HMAC/HMAC+CRYPTO */ + char direction; /* ENCODE(SIGN)/DECODE(VERIFY) */ + unsigned char* pCryptoKey; + int cryptoKeySize; + unsigned char* pMacKey; + int macKeySize; + const char* name; + +} MV_CESA_TEST_SESSION; + +typedef struct +{ + MV_CESA_TEST_SESSION* pSessions; + int numSessions; + +} MV_CESA_TEST_DB_ENTRY; + +typedef struct +{ + char* plainHexStr; + char* cipherHexStr; + unsigned char* pCryptoIV; + int cryptoLength; + int macLength; + int digestOffset; + +} MV_CESA_TEST_CASE; + +typedef struct +{ + int size; + const char* outputHexStr; + +} MV_CESA_SIZE_TEST; + +static unsigned char cryptoKey1[] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}; + +static unsigned char cryptoKey7[] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}; +static unsigned char iv1[] = {0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef}; + + +static unsigned char cryptoKey2[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}; + +static unsigned char cryptoKey3[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17}; + +static unsigned char cryptoKey4[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}; + +static unsigned char cryptoKey5[] = {0x56, 0xe4, 0x7a, 0x38, 0xc5, 0x59, 0x89, 0x74, + 0xbc, 0x46, 0x90, 0x3d, 0xba, 0x29, 0x03, 0x49}; + + +static unsigned char key3des1[] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, + 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, + 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23}; + +/* Input ASCII string: The quick brown fox jump */ +static char plain3des1[] = "54686520717566636B2062726F776E20666F78206A756D70"; +static char cipher3des1[] = "A826FD8CE53B855FCCE21C8112256FE668D5C05DD9B6B900"; + +static unsigned char key3des2[] = {0x62, 0x7f, 0x46, 0x0e, 0x08, 0x10, 0x4a, 0x10, + 0x43, 0xcd, 0x26, 0x5d, 0x58, 0x40, 0xea, 0xf1, + 0x31, 0x3e, 0xdf, 0x97, 0xdf, 0x2a, 0x8a, 0x8c}; + +static unsigned char iv3des2[] = {0x8e, 0x29, 0xf7, 0x5e, 0xa7, 0x7e, 0x54, 0x75}; + +static char plain3des2[] = "326a494cd33fe756"; + +static char cipher3desCbc2[] = "8e29f75ea77e5475" + "b22b8d66de970692"; + +static unsigned char key3des3[] = {0x37, 0xae, 0x5e, 0xbf, 0x46, 0xdf, 0xf2, 0xdc, + 0x07, 0x54, 0xb9, 0x4f, 0x31, 0xcb, 0xb3, 0x85, + 0x5e, 0x7f, 0xd3, 0x6d, 0xc8, 0x70, 0xbf, 0xae}; + +static unsigned char iv3des3[] = {0x3d, 0x1d, 0xe3, 0xcc, 0x13, 0x2e, 0x3b, 0x65}; + +static char plain3des3[] = "84401f78fe6c10876d8ea23094ea5309"; + +static char cipher3desCbc3[] = "3d1de3cc132e3b65" + "7b1f7c7e3b1c948ebd04a75ffba7d2f5"; + +static unsigned char iv5[] = {0x8c, 0xe8, 0x2e, 0xef, 0xbe, 0xa0, 0xda, 0x3c, + 0x44, 0x69, 0x9e, 0xd7, 0xdb, 0x51, 0xb7, 0xd9}; + +static unsigned char aesCtrKey[] = {0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8, + 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC}; + +static unsigned char mdKey1[] = {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}; + +static unsigned char mdKey2[] = {0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa}; + +static unsigned char shaKey1[] = {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b}; + +static unsigned char shaKey2[] = {0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa}; + +static unsigned char mdKey4[] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}; + +static unsigned char shaKey4[] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, + 0x11, 0x12, 0x13, 0x14}; + + +static MV_CESA_TEST_SESSION desTestSessions[] = +{ +/*000*/ {-1, MV_CESA_CRYPTO_DES, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_ENCODE, + cryptoKey7, sizeof(cryptoKey7)/sizeof(cryptoKey7[0]), + NULL, 0, + "DES ECB encode", + }, +/*001*/ {-1, MV_CESA_CRYPTO_DES, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_DECODE, + cryptoKey7, sizeof(cryptoKey7)/sizeof(cryptoKey7[0]), + NULL, 0, + "DES ECB decode", + }, +/*002*/ {-1, MV_CESA_CRYPTO_DES, MV_CESA_CRYPTO_CBC, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_ENCODE, + cryptoKey7, sizeof(cryptoKey7)/sizeof(cryptoKey7[0]), + NULL, 0, + "DES CBC encode" + }, +/*003*/ {-1, MV_CESA_CRYPTO_DES, MV_CESA_CRYPTO_CBC, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_DECODE, + cryptoKey7, sizeof(cryptoKey7)/sizeof(cryptoKey7[0]), + NULL, 0, + "DES CBC decode" + }, +/*004*/ {-1, MV_CESA_CRYPTO_NULL, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_ENCODE, + NULL, 0, NULL, 0, + "NULL Crypto Algorithm encode" + }, +}; + + +static MV_CESA_TEST_SESSION tripleDesTestSessions[] = +{ +/*100*/ {-1, MV_CESA_CRYPTO_3DES, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_ENCODE, + cryptoKey1, sizeof(cryptoKey1)/sizeof(cryptoKey1[0]), + NULL, 0, + "3DES ECB encode", + }, +/*101*/ {-1, MV_CESA_CRYPTO_3DES, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_DECODE, + cryptoKey1, sizeof(cryptoKey1)/sizeof(cryptoKey1[0]), + NULL, 0, + "3DES ECB decode", + }, +/*102*/ {-1, MV_CESA_CRYPTO_3DES, MV_CESA_CRYPTO_CBC, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_ENCODE, + cryptoKey1, sizeof(cryptoKey1)/sizeof(cryptoKey1[0]), + NULL, 0, + "3DES CBC encode" + }, +/*103*/ {-1, MV_CESA_CRYPTO_3DES, MV_CESA_CRYPTO_CBC, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_DECODE, + cryptoKey1, sizeof(cryptoKey1)/sizeof(cryptoKey1[0]), + NULL, 0, + "3DES CBC decode" + }, +/*104*/ {-1, MV_CESA_CRYPTO_3DES, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_ENCODE, + key3des1, sizeof(key3des1), + NULL, 0, + "3DES ECB encode" + }, +/*105*/ {-1, MV_CESA_CRYPTO_3DES, MV_CESA_CRYPTO_CBC, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_ENCODE, + key3des2, sizeof(key3des2), + NULL, 0, + "3DES ECB encode" + }, +/*106*/ {-1, MV_CESA_CRYPTO_3DES, MV_CESA_CRYPTO_CBC, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_ENCODE, + key3des3, sizeof(key3des3), + NULL, 0, + "3DES ECB encode" + }, +}; + + +static MV_CESA_TEST_SESSION aesTestSessions[] = +{ +/*200*/ {-1, MV_CESA_CRYPTO_AES, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_ENCODE, + cryptoKey2, sizeof(cryptoKey2)/sizeof(cryptoKey2[0]), + NULL, 0, + "AES-128 ECB encode" + }, +/*201*/ {-1, MV_CESA_CRYPTO_AES, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_DECODE, + cryptoKey2, sizeof(cryptoKey2)/sizeof(cryptoKey2[0]), + NULL, 0, + "AES-128 ECB decode" + }, +/*202*/ {-1, MV_CESA_CRYPTO_AES, MV_CESA_CRYPTO_CBC, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_ENCODE, + cryptoKey5, sizeof(cryptoKey5)/sizeof(cryptoKey5[0]), + NULL, 0, + "AES-128 CBC encode" + }, +/*203*/ {-1, MV_CESA_CRYPTO_AES, MV_CESA_CRYPTO_CBC, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_DECODE, + cryptoKey5, sizeof(cryptoKey5)/sizeof(cryptoKey5[0]), + NULL, 0, + "AES-128 CBC decode" + }, +/*204*/ {-1, MV_CESA_CRYPTO_AES, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_ENCODE, + cryptoKey3, sizeof(cryptoKey3)/sizeof(cryptoKey3[0]), + NULL, 0, + "AES-192 ECB encode" + }, +/*205*/ {-1, MV_CESA_CRYPTO_AES, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_DECODE, + cryptoKey3, sizeof(cryptoKey3)/sizeof(cryptoKey3[0]), + NULL, 0, + "AES-192 ECB decode" + }, +/*206*/ {-1, MV_CESA_CRYPTO_AES, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_ENCODE, + cryptoKey4, sizeof(cryptoKey4)/sizeof(cryptoKey4[0]), + NULL, 0, + "AES-256 ECB encode" + }, +/*207*/ {-1, MV_CESA_CRYPTO_AES, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_DECODE, + cryptoKey4, sizeof(cryptoKey4)/sizeof(cryptoKey4[0]), + NULL, 0, + "AES-256 ECB decode" + }, +/*208*/ {-1, MV_CESA_CRYPTO_AES, MV_CESA_CRYPTO_CTR, + MV_CESA_MAC_NULL, MV_CESA_CRYPTO_ONLY, + MV_CESA_DIR_ENCODE, + aesCtrKey, sizeof(aesCtrKey)/sizeof(aesCtrKey[0]), + NULL, 0, + "AES-128 CTR encode" + }, +}; + + +static MV_CESA_TEST_SESSION md5TestSessions[] = +{ +/*300*/ {-1, MV_CESA_CRYPTO_NULL, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_HMAC_MD5, MV_CESA_MAC_ONLY, + MV_CESA_DIR_ENCODE, + NULL, 0, + mdKey1, sizeof(mdKey1), + "HMAC-MD5 Generate Signature" + }, +/*301*/ {-1, MV_CESA_CRYPTO_NULL, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_HMAC_MD5, MV_CESA_MAC_ONLY, + MV_CESA_DIR_DECODE, + NULL, 0, + mdKey1, sizeof(mdKey1), + "HMAC-MD5 Verify Signature" + }, +/*302*/ {-1, MV_CESA_CRYPTO_NULL, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_HMAC_MD5, MV_CESA_MAC_ONLY, + MV_CESA_DIR_ENCODE, + NULL, 0, + mdKey2, sizeof(mdKey2), + "HMAC-MD5 Generate Signature" + }, +/*303*/ {-1, MV_CESA_CRYPTO_NULL, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_HMAC_MD5, MV_CESA_MAC_ONLY, + MV_CESA_DIR_DECODE, + NULL, 0, + mdKey2, sizeof(mdKey2), + "HMAC-MD5 Verify Signature" + }, +/*304*/ {-1, MV_CESA_CRYPTO_NULL, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_HMAC_MD5, MV_CESA_MAC_ONLY, + MV_CESA_DIR_ENCODE, + NULL, 0, + mdKey4, sizeof(mdKey4), + "HMAC-MD5 Generate Signature" + }, +/*305*/ {-1, MV_CESA_CRYPTO_NULL, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_MD5, MV_CESA_MAC_ONLY, + MV_CESA_DIR_ENCODE, + NULL, 0, + NULL, 0, + "HASH-MD5 Generate Signature" + }, +}; + + +static MV_CESA_TEST_SESSION shaTestSessions[] = +{ +/*400*/ {-1, MV_CESA_CRYPTO_NULL, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_HMAC_SHA1, MV_CESA_MAC_ONLY, + MV_CESA_DIR_ENCODE, + NULL, 0, + shaKey1, sizeof(shaKey1), + "HMAC-SHA1 Generate Signature" + }, +/*401*/ {-1, MV_CESA_CRYPTO_NULL, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_HMAC_SHA1, MV_CESA_MAC_ONLY, + MV_CESA_DIR_DECODE, + NULL, 0, + shaKey1, sizeof(shaKey1), + "HMAC-SHA1 Verify Signature" + }, +/*402*/ {-1, MV_CESA_CRYPTO_NULL, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_HMAC_SHA1, MV_CESA_MAC_ONLY, + MV_CESA_DIR_ENCODE, + NULL, 0, + shaKey2, sizeof(shaKey2), + "HMAC-SHA1 Generate Signature" + }, +/*403*/ {-1, MV_CESA_CRYPTO_NULL, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_HMAC_SHA1, MV_CESA_MAC_ONLY, + MV_CESA_DIR_DECODE, + NULL, 0, + shaKey2, sizeof(shaKey2), + "HMAC-SHA1 Verify Signature" + }, +/*404*/ {-1, MV_CESA_CRYPTO_NULL, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_HMAC_SHA1, MV_CESA_MAC_ONLY, + MV_CESA_DIR_ENCODE, + NULL, 0, + shaKey4, sizeof(shaKey4), + "HMAC-SHA1 Generate Signature" + }, +/*405*/ {-1, MV_CESA_CRYPTO_NULL, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_SHA1, MV_CESA_MAC_ONLY, + MV_CESA_DIR_ENCODE, + NULL, 0, + NULL, 0, + "HASH-SHA1 Generate Signature" + }, +}; + +static MV_CESA_TEST_SESSION combinedTestSessions[] = +{ +/*500*/ {-1, MV_CESA_CRYPTO_DES, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_HMAC_MD5, MV_CESA_CRYPTO_THEN_MAC, + MV_CESA_DIR_ENCODE, + cryptoKey1, MV_CESA_DES_KEY_LENGTH, + mdKey4, sizeof(mdKey4), + "DES + MD5 encode" + }, +/*501*/ {-1, MV_CESA_CRYPTO_DES, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_HMAC_SHA1, MV_CESA_CRYPTO_THEN_MAC, + MV_CESA_DIR_ENCODE, + cryptoKey1, MV_CESA_DES_KEY_LENGTH, + shaKey4, sizeof(shaKey4), + "DES + SHA1 encode" + }, +/*502*/ {-1, MV_CESA_CRYPTO_3DES, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_HMAC_MD5, MV_CESA_CRYPTO_THEN_MAC, + MV_CESA_DIR_ENCODE, + cryptoKey1, sizeof(cryptoKey1)/sizeof(cryptoKey1[0]), + mdKey4, sizeof(mdKey4), + "3DES + MD5 encode" + }, +/*503*/ {-1, MV_CESA_CRYPTO_3DES, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_HMAC_SHA1, MV_CESA_CRYPTO_THEN_MAC, + MV_CESA_DIR_ENCODE, + cryptoKey1, sizeof(cryptoKey1)/sizeof(cryptoKey1[0]), + shaKey4, sizeof(shaKey4), + "3DES + SHA1 encode" + }, +/*504*/ {-1, MV_CESA_CRYPTO_3DES, MV_CESA_CRYPTO_CBC, + MV_CESA_MAC_HMAC_MD5, MV_CESA_CRYPTO_THEN_MAC, + MV_CESA_DIR_ENCODE, + cryptoKey1, sizeof(cryptoKey1)/sizeof(cryptoKey1[0]), + mdKey4, sizeof(mdKey4), + "3DES CBC + MD5 encode" + }, +/*505*/ {-1, MV_CESA_CRYPTO_3DES, MV_CESA_CRYPTO_CBC, + MV_CESA_MAC_HMAC_SHA1, MV_CESA_CRYPTO_THEN_MAC, + MV_CESA_DIR_ENCODE, + cryptoKey1, sizeof(cryptoKey1)/sizeof(cryptoKey1[0]), + shaKey4, sizeof(shaKey4), + "3DES CBC + SHA1 encode" + }, +/*506*/ {-1, MV_CESA_CRYPTO_AES, MV_CESA_CRYPTO_CBC, + MV_CESA_MAC_HMAC_MD5, MV_CESA_CRYPTO_THEN_MAC, + MV_CESA_DIR_ENCODE, + cryptoKey5, sizeof(cryptoKey5)/sizeof(cryptoKey5[0]), + mdKey4, sizeof(mdKey4), + "AES-128 CBC + MD5 encode" + }, +/*507*/ {-1, MV_CESA_CRYPTO_AES, MV_CESA_CRYPTO_CBC, + MV_CESA_MAC_HMAC_SHA1, MV_CESA_CRYPTO_THEN_MAC, + MV_CESA_DIR_ENCODE, + cryptoKey5, sizeof(cryptoKey5)/sizeof(cryptoKey5[0]), + shaKey4, sizeof(shaKey4), + "AES-128 CBC + SHA1 encode" + }, +/*508*/ {-1, MV_CESA_CRYPTO_3DES, MV_CESA_CRYPTO_ECB, + MV_CESA_MAC_HMAC_MD5, MV_CESA_MAC_THEN_CRYPTO, + MV_CESA_DIR_DECODE, + cryptoKey1, sizeof(cryptoKey1)/sizeof(cryptoKey1[0]), + mdKey4, sizeof(mdKey4), + "HMAC-MD5 + 3DES decode" + }, +}; + + +static MV_CESA_TEST_DB_ENTRY cesaTestsDB[MAX_TEST_TYPE+1] = +{ + { desTestSessions, sizeof(desTestSessions)/sizeof(desTestSessions[0]) }, + { tripleDesTestSessions, sizeof(tripleDesTestSessions)/sizeof(tripleDesTestSessions[0]) }, + { aesTestSessions, sizeof(aesTestSessions)/sizeof(aesTestSessions[0]) }, + { md5TestSessions, sizeof(md5TestSessions)/sizeof(md5TestSessions[0]) }, + { shaTestSessions, sizeof(shaTestSessions)/sizeof(shaTestSessions[0]) }, + { combinedTestSessions, sizeof(combinedTestSessions)/sizeof(combinedTestSessions[0]) }, + { NULL, 0 } +}; + + +char cesaNullPlainHexText[] = "000000000000000000000000000000000000000000000000"; + +char cesaPlainAsciiText[] = "Now is the time for all "; +char cesaPlainHexEbc[] = "4e6f77206973207468652074696d6520666f7220616c6c20"; +char cesaCipherHexEcb[] = "3fa40e8a984d48156a271787ab8883f9893d51ec4b563b53"; +char cesaPlainHexCbc[] = "1234567890abcdef4e6f77206973207468652074696d6520666f7220616c6c20"; +char cesaCipherHexCbc[] = "1234567890abcdefe5c7cdde872bf27c43e934008c389c0f683788499a7c05f6"; + +char cesaAesPlainHexEcb[] = "000102030405060708090a0b0c0d0e0f"; +char cesaAes128cipherHexEcb[] = "0a940bb5416ef045f1c39458c653ea5a"; +char cesaAes192cipherHexEcb[] = "0060bffe46834bb8da5cf9a61ff220ae"; +char cesaAes256cipherHexEcb[] = "5a6e045708fb7196f02e553d02c3a692"; + +char cesaAsciiStr1[] = "Hi There"; +char cesaDataHexStr1[] = "4869205468657265"; +char cesaHmacMd5digestHex1[] = "9294727a3638bb1c13f48ef8158bfc9d"; +char cesaHmacSha1digestHex1[] = "b617318655057264e28bc0b6fb378c8ef146be00"; +char cesaDataAndMd5digest1[] = "48692054686572659294727a3638bb1c13f48ef8158bfc9d"; +char cesaDataAndSha1digest1[] = "4869205468657265b617318655057264e28bc0b6fb378c8ef146be00"; + +char cesaAesPlainText[] = "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf" + "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf" + "c0c1c2c3c4c5c6c7c8c9cacbcccdcecf" + "d0d1d2d3d4d5d6d7d8d9dadbdcdddedf"; + +char cesaAes128CipherCbc[] = "c30e32ffedc0774e6aff6af0869f71aa" + "0f3af07a9a31a9c684db207eb0ef8e4e" + "35907aa632c3ffdf868bb7b29d3d46ad" + "83ce9f9a102ee99d49a53e87f4c3da55"; + +char cesaAesIvPlainText[] = "8ce82eefbea0da3c44699ed7db51b7d9" + "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf" + "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf" + "c0c1c2c3c4c5c6c7c8c9cacbcccdcecf" + "d0d1d2d3d4d5d6d7d8d9dadbdcdddedf"; + +char cesaAes128IvCipherCbc[] = "8ce82eefbea0da3c44699ed7db51b7d9" + "c30e32ffedc0774e6aff6af0869f71aa" + "0f3af07a9a31a9c684db207eb0ef8e4e" + "35907aa632c3ffdf868bb7b29d3d46ad" + "83ce9f9a102ee99d49a53e87f4c3da55"; + +char cesaAesCtrPlain[] = "00E0017B27777F3F4A1786F000000001" + "000102030405060708090A0B0C0D0E0F" + "101112131415161718191A1B1C1D1E1F" + "20212223"; + +char cesaAesCtrCipher[] = "00E0017B27777F3F4A1786F000000001" + "C1CF48A89F2FFDD9CF4652E9EFDB72D7" + "4540A42BDE6D7836D59A5CEAAEF31053" + "25B2072F"; + + + +/* Input cesaHmacHex3 is '0xdd' repeated 50 times */ +char cesaHmacMd5digestHex3[] = "56be34521d144c88dbb8c733f0e8b3f6"; +char cesaHmacSha1digestHex3[] = "125d7342b9ac11cd91a39af48aa17b4f63f175d3"; +char cesaDataHexStr3[50*2+1] = ""; +char cesaDataAndMd5digest3[sizeof(cesaDataHexStr3)+sizeof(cesaHmacMd5digestHex3)+8*2+1] = ""; +char cesaDataAndSha1digest3[sizeof(cesaDataHexStr3)+sizeof(cesaHmacSha1digestHex3)+8*2+1] = ""; + +/* Ascii string is "abc" */ +char hashHexStr3[] = "616263"; +char hashMd5digest3[] = "900150983cd24fb0d6963f7d28e17f72"; +char hashSha1digest3[] = "a9993e364706816aba3e25717850c26c9cd0d89d"; + +char hashHexStr80[] = "31323334353637383930" + "31323334353637383930" + "31323334353637383930" + "31323334353637383930" + "31323334353637383930" + "31323334353637383930" + "31323334353637383930" + "31323334353637383930"; + +char hashMd5digest80[] = "57edf4a22be3c955ac49da2e2107b67a"; + +char tripleDesThenMd5digest80[] = "b7726a03aad490bd6c5a452a89a1b271"; +char tripleDesThenSha1digest80[] = "b2ddeaca91030eab5b95a234ef2c0f6e738ff883"; + +char cbc3desThenMd5digest80[] = "6f463057e1a90e0e91ae505b527bcec0"; +char cbc3desThenSha1digest80[] = "1b002ed050be743aa98860cf35659646bb8efcc0"; + +char cbcAes128ThenMd5digest80[] = "6b6e863ac5a71d15e3e9b1c86c9ba05f"; +char cbcAes128ThenSha1digest80[] = "13558472d1fc1c90dffec6e5136c7203452d509b"; + + +static MV_CESA_TEST_CASE cesaTestCases[] = +{ + /* plainHexStr cipherHexStr IV crypto mac digest */ + /* Length Length Offset */ + /*0*/ { NULL, NULL, NULL, 0, 0, -1 }, + /*1*/ { cesaPlainHexEbc, cesaCipherHexEcb, NULL, 24, 0, -1 }, + /*2*/ { cesaPlainHexCbc, cesaCipherHexCbc, NULL, 24, 0, -1 }, + /*3*/ { cesaAesPlainHexEcb, cesaAes128cipherHexEcb, NULL, 16, 0, -1 }, + /*4*/ { cesaAesPlainHexEcb, cesaAes192cipherHexEcb, NULL, 16, 0, -1 }, + /*5*/ { cesaAesPlainHexEcb, cesaAes256cipherHexEcb, NULL, 16, 0, -1 }, + /*6*/ { cesaDataHexStr1, cesaHmacMd5digestHex1, NULL, 0, 8, -1 }, + /*7*/ { NULL, cesaDataAndMd5digest1, NULL, 0, 8, -1 }, + /*8*/ { cesaDataHexStr3, cesaHmacMd5digestHex3, NULL, 0, 50, -1 }, + /*9*/ { NULL, cesaDataAndMd5digest3, NULL, 0, 50, -1 }, +/*10*/ { cesaAesPlainText, cesaAes128IvCipherCbc, iv5, 64, 0, -1 }, +/*11*/ { cesaDataHexStr1, cesaHmacSha1digestHex1, NULL, 0, 8, -1 }, +/*12*/ { NULL, cesaDataAndSha1digest1, NULL, 0, 8, -1 }, +/*13*/ { cesaDataHexStr3, cesaHmacSha1digestHex3, NULL, 0, 50, -1 }, +/*14*/ { NULL, cesaDataAndSha1digest3, NULL, 0, 50, -1 }, +/*15*/ { hashHexStr3, hashMd5digest3, NULL, 0, 3, -1 }, +/*16*/ { hashHexStr3, hashSha1digest3, NULL, 0, 3, -1 }, +/*17*/ { hashHexStr80, tripleDesThenMd5digest80, NULL, 80, 80, -1 }, +/*18*/ { hashHexStr80, tripleDesThenSha1digest80, NULL, 80, 80, -1 }, +/*19*/ { hashHexStr80, cbc3desThenMd5digest80, iv1, 80, 80, -1 }, +/*20*/ { hashHexStr80, cbc3desThenSha1digest80, iv1, 80, 80, -1 }, +/*21*/ { hashHexStr80, cbcAes128ThenMd5digest80, iv5, 80, 80, -1 }, +/*22*/ { hashHexStr80, cbcAes128ThenSha1digest80, iv5, 80, 80, -1 }, +/*23*/ { cesaAesCtrPlain, cesaAesCtrCipher, NULL, 36, 0, -1 }, +/*24*/ { cesaAesIvPlainText, cesaAes128IvCipherCbc, NULL, 64, 0, -1 }, +/*25*/ { plain3des1, cipher3des1, NULL, 0, 0, -1 }, +/*26*/ { plain3des2, cipher3desCbc2, iv3des2,0, 0, -1 }, +/*27*/ { plain3des3, cipher3desCbc3, iv3des3,0, 0, -1 }, +}; + + +/* Key = 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + * 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa + * Input 0xdd repeated "size" times + */ +static MV_CESA_SIZE_TEST mdMultiSizeTest302[] = +{ + { 80, "7a031a640c14a4872814930b1ef3a5b2" }, + { 512, "5488e6c5a14dc72a79f28312ca5b939b" }, + { 1000, "d00814f586a8b78a05724239d2531821" }, + { 1001, "bf07df7b7f49d3f5b5ecacd4e9e63281" }, + { 1002, "1ed4a1a802e87817a819d4e37bb4d0f7" }, + { 1003, "5972ab64a4f265ee371dac2f2f137f90" }, + { 1004, "71f95e7ec3aa7df2548e90898abdb28e" }, + { 1005, "e082790b4857fcfc266e92e59e608814" }, + { 1006, "9500f02fd8ac7fde8b10e4fece9a920d" }, + { 1336, "e42edcce57d0b75b01aa09d71427948b" }, + { 1344, "bb5454ada0deb49ba0a97ffd60f57071" }, + { 1399, "0f44d793e744b24d53f44f295082ee8c" }, + { 1400, "359de8a03a9b707928c6c60e0e8d79f1" }, + { 1401, "e913858b484cbe2b384099ea88d8855b" }, + { 1402, "d9848a164af53620e0540c1d7d87629e" }, + { 1403, "0c9ee1c2c9ef45e9b625c26cbaf3e822" }, + { 1404, "12edd4f609416e3c936170360561b064" }, + { 1405, "7fc912718a05446395345009132bf562" }, + { 1406, "882f17425e579ff0d85a91a59f308aa0" }, + { 1407, "005cae408630a2fb5db82ad9db7e59da" }, + { 1408, "64655f8b404b3fea7a3e3e609bc5088f" }, + { 1409, "4a145284a7f74e01b6bb1a0ec6a0dd80" }, + { 2048, "67caf64475650732def374ebb8bde3fd" }, + { 2049, "6c84f11f472825f7e6cd125c2981884b" }, + { 2050, "8999586754a73a99efbe4dbad2816d41" }, + { 2051, "ba6946b610e098d286bc81091659dfff" }, + { 2052, "d0afa01c92d4d13def2b024f36faed83" }, + { 3072, "61d8beac61806afa2585d74a9a0e6974" }, + { 3074, "f6501a28dcc24d1e4770505c51a87ed3" }, + { 3075, "ea4a6929be67e33e61ff475369248b73" }, + { 4048, "aa8c4d68f282a07e7385acdfa69f4bed" }, + { 4052, "afb5ed2c0e1d430ea59e59ed5ed6b18a" }, + { 4058, "9e8553f9bdd43aebe0bd729f0e600c99" }, + { 6144, "f628f3e5d183fe5cdd3a5abee39cf872" }, + { 6150, "89a3efcea9a2f25f919168ad4a1fd292" }, + { 6400, "cdd176b7fb747873efa4da5e32bdf88f" }, + { 6528, "b1d707b027354aca152c45ee559ccd3f" }, + { 8192, "c600ea4429ac47f9941f09182166e51a" }, + {16384, "16e8754bfbeb4c649218422792267a37" }, + {18432, "0fd0607521b0aa8b52219cfbe215f63e" }, + { 0, NULL }, +}; + +/* Key = 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + * 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 + * InputHexStr = "31323334353637383930" (ASCII = "1234567890") + */ +static MV_CESA_SIZE_TEST mdMultiSizeTest304[] = +{ + { 80, "a456c4723fee6068530af5a2afa71627" }, + { 512, "f85c2a2344f5de68b432208ad13e5794" }, + { 1000, "35464d6821fd4a293a41eb84e274c8c5" }, + { 1001, "c08eedbdce60cceb54bc2d732bb32c8b" }, + { 1002, "5664f71800c011cc311cb6943339c1b8" }, + { 1003, "779c723b044c585dc7802b13e8501bdc" }, + { 1004, "55e500766a2c307bc5c5fdd15e4cacd4" }, + { 1005, "d5f978954f5c38529d1679d2b714f068" }, + { 1006, "cd3efc827ce628b7281b72172693abf9" }, + { 1336, "6f04479910785878ae6335b8d1e87edf" }, + { 1344, "b6d27b50c2bce1ba2a8e1b5cc4324368" }, + { 1399, "65f70a1d4c86e5eaeb0704c8a7816795" }, + { 1400, "3394b5adc4cb3ff98843ca260a44a88a" }, + { 1401, "3a06f3582033a66a4e57e0603ce94e74" }, + { 1402, "e4d97f5ed51edc48abfa46eeb5c31752" }, + { 1403, "3d05e40b080ee3bedf293cb87b7140e7" }, + { 1404, "8cf294fc3cd153ab18dccb2a52cbf244" }, + { 1405, "d1487bd42f6edd9b4dab316631159221" }, + { 1406, "0527123b6bf6936cf5d369dc18c6c70f" }, + { 1407, "3224a06639db70212a0cd1ae1fcc570a" }, + { 1408, "a9e13335612c0356f5e2c27086e86c43" }, + { 1409, "a86d1f37d1ed8a3552e9a4f04dceea98" }, + { 2048, "396905c9b961cd0f6152abfb69c4449c" }, + { 2049, "49f39bff85d9dcf059fadb89efc4a70f" }, + { 2050, "3a2b4823bc4d0415656550226a63e34a" }, + { 2051, "dec60580d406c782540f398ad0bcc7e0" }, + { 2052, "32f76610a14310309eb748fe025081bf" }, + { 3072, "45edc1a42bf9d708a621076b63b774da" }, + { 3074, "9be1b333fe7c0c9f835fb369dc45f778" }, + { 3075, "8c06fcac7bd0e7b7a17fd6508c09a549" }, + { 4048, "0ddaef848184bf0ad98507a10f1e90e4" }, + { 4052, "81976bcaeb274223983996c137875cb8" }, + { 4058, "0b0a7a1c82bc7cbc64d8b7cd2dc2bb22" }, + { 6144, "1c24056f52725ede2dff0d7f9fc9855f" }, + { 6150, "b7f4b65681c4e43ee68ca466ca9ca4ec" }, + { 6400, "443bbaab9f7331ddd4bf11b659cd43c8" }, + { 6528, "216f44f23047cfee03a7a64f88f9a995" }, + { 8192, "ac7a993b2cad54879dba1bde63e39097" }, + { 8320, "55ed7be9682d6c0025b3221a62088d08" }, + {16384, "c6c722087653b62007aea668277175e5" }, + {18432, "f1faca8e907872c809e14ffbd85792d6" }, + { 0, NULL }, +}; + +/* HASH-MD5 + * InputHexStr = "31323334353637383930" (ASCII = "1234567890") + * repeated "size" times + */ +static MV_CESA_SIZE_TEST mdMultiSizeTest305[] = +{ + { 80, "57edf4a22be3c955ac49da2e2107b67a" }, + { 512, "c729ae8f0736cc377a9767a660eaa04e" }, + { 1000, "f1257a8659eb92d36fe14c6bf3852a6a" }, + { 1001, "f8a46fe8ea04fdc8c7de0e84042d3878" }, + { 1002, "da188dd67bff87d58aa3c02af2d0cc0f" }, + { 1003, "961753017feee04c9b93a8e51658a829" }, + { 1004, "dd68c4338608dcc87807a711636bf2af" }, + { 1005, "e338d567d3ce66bf69ada29658a8759b" }, + { 1006, "443c9811e8b92599b0b149e8d7ec700a" }, + { 1336, "89a98511706008ba4cbd0b4a24fa5646" }, + { 1344, "335a919805f370b9e402a62c6fe01739" }, + { 1399, "5d18d0eddcd84212fe28d812b5e80e3b" }, + { 1400, "6b695c240d2dffd0dffc99459ca76db6" }, + { 1401, "49590f61298a76719bc93a57a30136f5" }, + { 1402, "94c2999fa3ef1910a683d69b2b8476f2" }, + { 1403, "37073a02ab00ecba2645c57c228860db" }, + { 1404, "1bcd06994fce28b624f0c5fdc2dcdd2b" }, + { 1405, "11b93671a64c95079e8cf9e7cddc8b3d" }, + { 1406, "4b6695772a4c66313fa4871017d05f36" }, + { 1407, "d1539b97fbfda1c075624e958de19c5b" }, + { 1408, "b801b9b69920907cd018e8063092ede9" }, + { 1409, "b765f1406cfe78e238273ed01bbcaf7e" }, + { 2048, "1d7e2c64ac29e2b3fb4c272844ed31f5" }, + { 2049, "71d38fac49c6b1f4478d8d88447bcdd0" }, + { 2050, "141c34a5592b1bebfa731e0b23d0cdba" }, + { 2051, "c5e1853f21c59f5d6039bd13d4b380d8" }, + { 2052, "dd44a0d128b63d4b5cccd967906472d7" }, + { 3072, "37d158e33b21390822739d13db7b87fe" }, + { 3074, "aef3b209d01d39d0597fe03634bbf441" }, + { 3075, "335ffb428eabf210bada96d74d5a4012" }, + { 4048, "2434c2b43d798d2819487a886261fc64" }, + { 4052, "ac2fa84a8a33065b2e92e36432e861f8" }, + { 4058, "856781f85616c341c3533d090c1e1e84" }, + { 6144, "e5d134c652c18bf19833e115f7a82e9b" }, + { 6150, "a09a353be7795fac2401dac5601872e6" }, + { 6400, "08b9033ac6a1821398f50af75a2dbc83" }, + { 6528, "3d47aa193a8540c091e7e02f779e6751" }, + { 8192, "d3164e710c0626f6f395b38f20141cb7" }, + { 8320, "b727589d9183ff4e8491dd24466974a3" }, + {16384, "3f54d970793d2274d5b20d10a69938ac" }, + {18432, "f558511dcf81985b7a1bb57fad970531" }, + { 0, NULL }, +}; + + +/* Key = 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + * 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa + * 0xaa, 0xaa, 0xaa, 0xaa + * InputHexStr = "31323334353637383930" (ASCII = "1234567890") + */ +static MV_CESA_SIZE_TEST shaMultiSizeTest402[] = +{ + { 80, "e812f370e659705a1649940d1f78cd7af18affd3" }, + { 512, "e547f886b2c15d995ed76a8a924cb408c8080f66" }, + { 1000, "239443194409f1a5342ecde1a092c8f3a3ed790a" }, + { 1001, "f278ab9a102850a9f48dc4e9e6822afe2d0c52b5" }, + { 1002, "8bcc667df5ab6ece988b3af361d09747c77f4e72" }, + { 1003, "0fae6046c7dc1d3e356b25af836f6077a363f338" }, + { 1004, "0ea48401cc92ae6bc92ae76685269cb0167fbe1a" }, + { 1005, "ecbcd7c879b295bafcd8766cbeac58cc371e31d1" }, + { 1006, "eb4a4a3d07d1e9a15e6f1ab8a9c47f243e27324c" }, + { 1336, "f5950ee1d77c10e9011d2149699c9366fe52529c" }, + { 1344, "b04263604a63c351b0b3b9cf1785b4bdba6c8838" }, + { 1399, "8cb1cff61d5b784045974a2fc69386e3b8d24218" }, + { 1400, "9bb2f3fcbeddb2b90f0be797cd647334a2816d51" }, + { 1401, "23ae462a7a0cb440f7445791079a5d75a535dd33" }, + { 1402, "832974b524a4d3f9cc2f45a3cabf5ccef65cd2aa" }, + { 1403, "d1c683742fe404c3c20d5704a5430e7832a7ec95" }, + { 1404, "867c79042e64f310628e219d8b85594cd0c7adc3" }, + { 1405, "c9d81d49d13d94358f56ccfd61af02b36c69f7c3" }, + { 1406, "0df43daab2786172f9b8d07d61f14a070cf1287a" }, + { 1407, "0fd8f3ad7f169534b274d4c66bbddd89f759e391" }, + { 1408, "3987511182b18473a564436003139b808fa46343" }, + { 1409, "ef667e063c9e9f539a8987a8d0bd3066ee85d901" }, + { 2048, "921109c99f3fedaca21727156d5f2b4460175327" }, + { 2049, "47188600dd165eb45f27c27196d3c46f4f042c1b" }, + { 2050, "8831939904009338de10e7fa670847041387807d" }, + { 2051, "2f8ebb5db2997d614e767be1050366f3641e7520" }, + { 2052, "669e51cd730dae158d3bef8adba075bd95a0d011" }, + { 3072, "cfee66cfd83abc8451af3c96c6b35a41cc6c55f5" }, + { 3074, "216ea26f02976a261b7d21a4dd3085157bedfabd" }, + { 3075, "bd612ebba021fd8e012b14c3bd60c8c5161fabc0" }, + { 4048, "c2564c1fdf2d5e9d7dde7aace2643428e90662e8" }, + { 4052, "91ce61fe924b445dfe7b5a1dcd10a27caec16df6" }, + { 4058, "db2a9be5ee8124f091c7ebd699266c5de223c164" }, + { 6144, "855109903feae2ba3a7a05a326b8a171116eb368" }, + { 6150, "37520bb3a668294d9c7b073e7e3daf8fee248a78" }, + { 6400, "60a353c841b6d2b1a05890349dad2fa33c7536b7" }, + { 6528, "9e53a43a69bb42d7c8522ca8bd632e421d5edb36" }, + { 8192, "a918cb0da862eaea0a33ee0efea50243e6b4927c" }, + { 8320, "29a5dcf55d1db29cd113fcf0572ae414f1c71329" }, + {16384, "6fb27966138e0c8d5a0d65ace817ebd53633cee1" }, + {18432, "ca09900d891c7c9ae2a559b10f63a217003341c1" }, + { 0, NULL }, +}; + +/* Key = 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + * 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 + * 0x11, 0x12, 0x13, 0x14 + * InputHexStr = "31323334353637383930" (ASCII = "1234567890") + */ +static MV_CESA_SIZE_TEST shaMultiSizeTest404[] = +{ + { 80, "beaf20a34b06a87558d156c0949bc3957d40222e" }, + { 512, "3353955358d886bc2940a3c7f337ff7dafb59c7b" }, + { 1000, "8737a542c5e9b2b6244b757ebb69d5bd602a829f" }, + { 1001, "fd9e7582d8a5d3c9fe3b923e4e6a41b07a1eb4d4" }, + { 1002, "a146d14a6fc3c274ff600568f4d75b977989e00d" }, + { 1003, "be22601bbc027ddef2dec97d30b3dc424fd803c5" }, + { 1004, "3e71fe99b2fe2b7bfdf4dbf0c7f3da25d7ea35e7" }, + { 1005, "2c422735d7295408fddd76f5e8a83a2a8da13df3" }, + { 1006, "6d875319049314b61855101a647b9ba3313428e6" }, + { 1336, "c1631ea80bad9dc43a180712461b65a0598c711c" }, + { 1344, "816069bf91d34581005746e2e0283d0f9c7b7605" }, + { 1399, "4e139866dc61cfcb8b67ca2ebd637b3a538593af" }, + { 1400, "ff2a0f8dd2b02c5417910f6f55d33a78e081a723" }, + { 1401, "ab00c12be62336964cbce31ae97fe2a0002984d5" }, + { 1402, "61349e7f999f3a1acc56c3e9a5060a9c4a7b05b6" }, + { 1403, "3edbc0f61e435bc1317fa27d840076093fb79353" }, + { 1404, "d052c6dfdbe63d45dab23ef9893e2aa4636aca1e" }, + { 1405, "0cc16b7388d67bf0add15a31e6e6c753cfae4987" }, + { 1406, "c96ba7eaad74253c38c22101b558d2850b1d1b90" }, + { 1407, "3445428a40d2c6556e7c55797ad8d323b61a48d9" }, + { 1408, "8d6444f937a09317c89834187b8ea9b8d3a8c56b" }, + { 1409, "c700acd3ecd19014ea2bdb4d42510c467e088475" }, + { 2048, "ee27d2a0cb77470c2f496212dfd68b5bb7b04e4b" }, + { 2049, "683762d7a02983b26a6d046e6451d9cd82c25932" }, + { 2050, "0fd20f1d55a9ee18363c2a6fd54aa13aee69992f" }, + { 2051, "86c267d8cc4bc8d59090e4f8b303da960fd228b7" }, + { 2052, "452395ae05b3ec503eea34f86fc0832485ad97c1" }, + { 3072, "75198e3cfd0b9bcff2dabdf8e38e6fdaa33ca49a" }, + { 3074, "4e24785ef080141ce4aab4675986d9acea624d7c" }, + { 3075, "3a20c5978dd637ec0e809bf84f0d9ccf30bc65bf" }, + { 4048, "3c32da256be7a7554922bf5fed51b0d2d09e59ad" }, + { 4052, "fff898426ea16e54325ae391a32c6c9bce4c23c0" }, + { 4058, "c800b9e562e1c91e1310116341a3c91d37f848ec" }, + { 6144, "d91d509d0cc4376c2d05bf9a5097717a373530e6" }, + { 6150, "d957030e0f13c5df07d9eec298542d8f94a07f12" }, + { 6400, "bb745313c3d7dc17b3f955e5534ad500a1082613" }, + { 6528, "77905f80d9ca82080bbb3e5654896dabfcfd1bdb" }, + { 8192, "5237fd9a81830c974396f99f32047586612ff3c0" }, + { 8320, "57668e28d5f2dba0839518a11db0f6af3d7e08bf" }, + {16384, "62e093fde467f0748087beea32e9af97d5c61241" }, + {18432, "845fb33130c7d6ea554fd5aacb9c50cf7ccb5929" }, + { 0, NULL }, +}; + +/* HASH-SHA1 + * InputHexStr = "31323334353637383930" (ASCII = "1234567890") + * repeated "size" times + */ +static MV_CESA_SIZE_TEST shaMultiSizeTest405[] = +{ + { 80, "50abf5706a150990a08b2c5ea40fa0e585554732" }, + { 512, "f14516a08948fa27917a974d219741a697ba0087" }, + { 1000, "0bd18c378d5788817eb4f1e5dc07d867efa5cbf4" }, + { 1001, "ca29b85c35db1b8aef83c977893a11159d1b7aa2" }, + { 1002, "d83bc973eaaedb8a31437994dabbb3304b0be086" }, + { 1003, "2cf7bbef0acd6c00536b5c58ca470df9a3a90b6c" }, + { 1004, "e4375d09b1223385a8a393066f8209acfd936a80" }, + { 1005, "1029b38043e027745d019ce1d2d68e3d8b9d8f99" }, + { 1006, "deea16dcebbd8ac137e2b984deb639b9fb5e9680" }, + { 1336, "ea031b065fff63dcfb6a41956e4777520cdbc55d" }, + { 1344, "b52096c6445e6c0a8355995c70dc36ae186c863c" }, + { 1399, "cde2f6f8379870db4b32cf17471dc828a8dbff2b" }, + { 1400, "e53ff664064bc09fe5054c650806bd42d8179518" }, + { 1401, "d1156db5ddafcace64cdb510ff0d4af9b9a8ad64" }, + { 1402, "34ede0e9a909dd84a2ae291539105c0507b958e1" }, + { 1403, "a772ca3536da77e6ad3251e4f9e1234a4d7b87c0" }, + { 1404, "29740fd2b04e7a8bfd32242db6233156ad699948" }, + { 1405, "65b17397495b70ce4865dad93bf991b74c97cce1" }, + { 1406, "a7ee89cd0754061fdb91af7ea6abad2c69d542e3" }, + { 1407, "3eebf82f7420188e23d328b7ce93580b279a5715" }, + { 1408, "e08d3363a8b9a490dfb3a4c453452b8f114deeec" }, + { 1409, "95d74df739181a4ff30b8c39e28793a36598e924" }, + { 2048, "aa40262509c2abf84aab0197f83187fc90056d91" }, + { 2049, "7dec28ef105bc313bade8d9a7cdeac58b99de5ea" }, + { 2050, "d2e30f77ec81197de20f56588a156094ecb88450" }, + { 2051, "6b22ccc874833e96551a39da0c0edcaa0d969d92" }, + { 2052, "f843141e57875cd669af58744bc60aa9ea59549c" }, + { 3072, "09c5fedeaa62c132e673cc3c608a00142273d086" }, + { 3074, "b09e95eea9c7b1b007a58accec488301901a7f3d" }, + { 3075, "e6226b77b4ada287a8c9bbcf4ed71eec5ce632dc" }, + { 4048, "e99394894f855821951ddddf5bfc628547435f5c" }, + { 4052, "32d2f1af38be9cfba6cd03d55a254d0b3e1eb382" }, + { 4058, "d906552a4f2aca3a22e1fecccbcd183d7289d0ef" }, + { 6144, "2e7f62d35a860988e1224dc0543204af19316041" }, + { 6150, "d6b89698ee133df46fec9d552fadc328aa5a1b51" }, + { 6400, "dff50e90c46853988fa3a4b4ce5dda6945aae976" }, + { 6528, "9e63ec0430b96db02d38bc78357a2f63de2ab7f8" }, + { 8192, "971eb71ed60394d5ab5abb12e88420bdd41b5992" }, + { 8320, "91606a31b46afeaac965cecf87297e791b211013" }, + {16384, "547f830a5ec1f5f170ce818f156b1002cabc7569" }, + {18432, "f16f272787f3b8d539652e4dc315af6ab4fda0ef" }, + { 0, NULL }, +}; + +/* CryptoKey = 0x01234567, 0x89abcdef, + * 0x01234567, 0x89abcdef, + * 0x01234567, 0x89abcdef; + * MacKey = 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + * 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 + * InputHexStr = "31323334353637383930" (ASCII = "1234567890") + * Note: only sizes aligned to 3DES block size (8 bytes) allowed + */ +static MV_CESA_SIZE_TEST tripleDesMdMultiSizeTest502[] = +{ + { 64, "9586962a2aaaef28803dec2e17807a7f" }, + { 80, "b7726a03aad490bd6c5a452a89a1b271" }, + { 352, "f1ed9563aecc3c0d2766eb2bed3b4e4c" }, + { 512, "0f9decb11ab40fe86f4d4d9397bc020e" }, + { 1000, "3ba69deac12cab8ff9dff7dbd9669927" }, + { 1336, "6cf47bf1e80e03e2c1d0945bc50d37d2" }, + { 1344, "4be388dab21ceb3fa1b8d302e9b821f7" }, + { 1400, "a58b79fb21dd9bfc6ec93e3b99fb0ef1" }, + { 1408, "8bc97379fc2ac3237effcdd4f7a86528" }, + { 2048, "1339f03ab3076f25a20bc4cba16eb5bf" }, + { 3072, "731204d2d90c4b36ae41f5e1fb874288" }, + { 4048, "c028d998cfda5642547b7e1ed5ea16e4" }, + { 6144, "b1b19cd910cc51bd22992f1e59f1e068" }, + { 6400, "44e4613496ba622deb0e7cb768135a2f" }, + { 6528, "3b06b0a86f8db9cd67f9448dfcf10549" }, + { 8192, "d581780b7163138a0f412be681457d82" }, + {16384, "03b8ac05527faaf1bed03df149c65ccf" }, + {18432, "677c8a86a41dab6c5d81b85b8fb10ff6" }, + { 0, NULL }, +}; + + +/* CryptoKey = 0x01234567, 0x89abcdef, + * 0x01234567, 0x89abcdef, + * 0x01234567, 0x89abcdef; + * MacKey = 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + * 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 + * 0x11, 0x12, 0x13, 0x14 + * InputHexStr = "31323334353637383930" (ASCII = "1234567890") + * Note: only sizes aligned to 3DES block size (8 bytes) allowed + */ +static MV_CESA_SIZE_TEST tripleDesShaMultiSizeTest503[] = +{ + { 64, "44a1e9bcbfc1429630d9ea68b7a48b0427a684f2" }, + { 80, "b2ddeaca91030eab5b95a234ef2c0f6e738ff883" }, + { 352, "4b91864c7ff629bdff75d9726421f76705452aaf" }, + { 512, "6dd37faceeb2aa98ba74f4242ed6734a4d546af5" }, + { 1000, "463661c30300be512a9df40904f0757cde5f1141" }, + { 1336, "b931f831d9034fe59c65176400b039fe9c1f44a5" }, + { 1344, "af8866b1cd4a4887d6185bfe72470ffdfb3648e1" }, + { 1400, "49c6caf07296d5e31d2504d088bc5b20c3ee7cdb" }, + { 1408, "fcae8deedbc6ebf0763575dc7e9de075b448a0f4" }, + { 2048, "edece5012146c1faa0dd10f50b183ba5d2af58ac" }, + { 3072, "5b83625adb43a488b8d64fecf39bb766818547b7" }, + { 4048, "d2c533678d26c970293af60f14c8279dc708bfc9" }, + { 6144, "b8f67af4f991b08b725f969b049ebf813bfacc5c" }, + { 6400, "d9a6c7f746ac7a60ef2edbed2841cf851c25cfb0" }, + { 6528, "376792b8c8d18161d15579fb7829e6e3a27e9946" }, + { 8192, "d890eabdca195b34ef8724b28360cffa92ae5655" }, + {16384, "a167ee52639ec7bf19aee9c6e8f76667c14134b9" }, + {18432, "e4396ab56f67296b220985a12078f4a0e365d2cc" }, + { 0, NULL }, +}; + +/* CryptoKey = 0x01234567, 0x89abcdef, + * 0x01234567, 0x89abcdef, + * 0x01234567, 0x89abcdef + * IV = 0x12345678, 0x90abcdef + * MacKey = 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + * 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 + * InputHexStr = "31323334353637383930" (ASCII = "1234567890") + * Note: only sizes aligned to 3DES block size (8 bytes) allowed + */ +static MV_CESA_SIZE_TEST cbc3desMdMultiSizeTest504[] = +{ + { 64, "8d10e00802460ede0058c139ba48bd2d" }, + { 80, "6f463057e1a90e0e91ae505b527bcec0" }, + { 352, "4938d48bdf86aece2c6851e7c6079788" }, + { 512, "516705d59f3cf810ebf2a13a23a7d42e" }, + { 1000, "a5a000ee5c830e67ddc6a2d2e5644b31" }, + { 1336, "44af60087b74ed07950088efbe3b126a" }, + { 1344, "1f5b39e0577920af731dabbfcf6dfc2a" }, + { 1400, "6804ea640e29b9cd39e08bc37dbce734" }, + { 1408, "4fb436624b02516fc9d1535466574bf9" }, + { 2048, "c909b0985c423d8d86719f701e9e83db" }, + { 3072, "cfe0bc34ef97213ee3d3f8b10122db21" }, + { 4048, "03ea10b5ae4ddeb20aed6af373082ed1" }, + { 6144, "b9a0ff4f87fc14b3c2dc6f0ed0998fdf" }, + { 6400, "6995f85d9d4985dd99e974ec7dda9dd6" }, + { 6528, "bbbb548ce2fa3d58467f6a6a5168a0e6" }, + { 8192, "afe101fbe745bb449ae4f50d10801456" }, + {16384, "9741706d0b1c923340c4660ff97cacdf" }, + {18432, "b0217becb73cb8f61fd79c7ce9d023fb" }, + { 0, NULL }, +}; + + +/* CryptoKey = 0x01234567, 0x89abcdef, + * 0x01234567, 0x89abcdef, + * 0x01234567, 0x89abcdef; + * IV = 0x12345678, 0x90abcdef + * MacKey = 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + * 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 + * 0x11, 0x12, 0x13, 0x14 + * InputHexStr = "31323334353637383930" (ASCII = "1234567890") + * Note: only sizes aligned to 3DES block size (8 bytes) allowed + */ +static MV_CESA_SIZE_TEST cbc3desShaMultiSizeTest505[] = +{ + { 64, "409187e5bdb0be4a7754ca3747f7433dc4f01b98" }, + { 80, "1b002ed050be743aa98860cf35659646bb8efcc0" }, + { 352, "6cbf7ebe50fa4fa6eecc19eca23f9eae553ccfff" }, + { 512, "cfb5253fb4bf72b743320c30c7e48c54965853b0" }, + { 1000, "95e04e1ca2937e7c5a9aba9e42d2bcdb8a7af21f" }, + { 1336, "3b5c1f5eee5837ebf67b83ae01405542d77a6627" }, + { 1344, "2b3d42ab25615437f98a1ee310b81d07a02badc2" }, + { 1400, "7f8687df7c1af44e4baf3c934b6cca5ab6bc993e" }, + { 1408, "473a581c5f04f7527d50793c845471ac87e86430" }, + { 2048, "e41d20cae7ebe34e6e828ed62b1e5734019037bb" }, + { 3072, "275664afd7a561d804e6b0d204e53939cde653ae" }, + { 4048, "0d220cc5b34aeeb46bbbd637dde6290b5a8285a3" }, + { 6144, "cb393ddcc8b1c206060625b7d822ef9839e67bc5" }, + { 6400, "dd3317e2a627fc04800f74a4b05bfda00fab0347" }, + { 6528, "8a74c3b2441ab3f5a7e08895cc432566219a7c41" }, + { 8192, "b8e6ef3a549ed0e005bd5b8b1a5fe6689e9711a7" }, + {16384, "55f59404008276cdac0e2ba0d193af2d40eac5ce" }, + {18432, "86ae6c4fc72369a54cce39938e2d0296cd9c6ec5" }, + { 0, NULL }, +}; + + +/* CryptoKey = 0x01234567, 0x89abcdef, + * 0x01234567, 0x89abcdef, + * 0x01234567, 0x89abcdef + * IV = 0x12345678, 0x90abcdef + * MacKey = 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + * 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 + * InputHexStr = "31323334353637383930" (ASCII = "1234567890") + * Note: only sizes aligned to AES block size (16 bytes) allowed + */ +static MV_CESA_SIZE_TEST cbcAes128md5multiSizeTest506[] = +{ + { 16, "7ca4c2ba866751598720c5c4aa0d6786" }, + { 64, "7dba7fb988e80da609b1fea7254bced8" }, + { 80, "6b6e863ac5a71d15e3e9b1c86c9ba05f" }, + { 352, "a1ceb9c2e3021002400d525187a9f38c" }, + { 512, "596c055c1c55db748379223164075641" }, + { 1008, "f920989c02f3b3603f53c99d89492377" }, + { 1344, "2e496b73759d77ed32ea222dbd2e7b41" }, + { 1408, "7178c046b3a8d772efdb6a71c4991ea4" }, + { 2048, "a917f0099c69eb94079a8421714b6aad" }, + { 3072, "693cd5033d7f5391d3c958519fa9e934" }, + { 4048, "139dca91bcff65b3c40771749052906b" }, + { 6144, "428d9cef6df4fb70a6e9b6bbe4819e55" }, + { 6400, "9c0b909e76daa811e12b1fc17000a0c4" }, + { 6528, "ad876f6297186a7be1f1b907ed860eda" }, + { 8192, "479cbbaca37dd3191ea1f3e8134a0ef4" }, + {16384, "60fda559c74f91df538100c9842f2f15" }, + {18432, "4a3eb1cba1fa45f3981270953f720c42" }, + { 0, NULL }, +}; + + +/* CryptoKey = 0x01234567, 0x89abcdef, + * 0x01234567, 0x89abcdef, + * 0x01234567, 0x89abcdef; + * IV = 0x12345678, 0x90abcdef + * MacKey = 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + * 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 + * 0x11, 0x12, 0x13, 0x14 + * InputHexStr = "31323334353637383930" (ASCII = "1234567890") + * Note: only sizes aligned to AES block size (16 bytes) allowed + */ +static MV_CESA_SIZE_TEST cbcAes128sha1multiSizeTest507[] = +{ + { 16, "9aa8dc1c45f0946daf78057fa978759c625c1fee" }, + { 64, "9f588fc1ede851e5f8b20256abc9979465ae2189" }, + { 80, "13558472d1fc1c90dffec6e5136c7203452d509b" }, + { 352, "6b93518e006cfaa1f7adb24615e7291fb0a27e06" }, + { 512, "096874951a77fbbf333e49d80c096ee2016e09bd" }, + { 1008, "696fc203c2e4b5ae0ec5d1db3f623c490bc6dbac" }, + { 1344, "79bf77509935ccd3528caaac6a5eb6481f74029b" }, + { 1408, "627f9462b95fc188e8cfa7eec15119bdc5d4fcf1" }, + { 2048, "3d50d0c005feba92fe41502d609fced9c882b4d1" }, + { 3072, "758807e5b983e3a91c06fb218fe0f73f77111e94" }, + { 4048, "ca90e85242e33f005da3504416a52098d0d31fb2" }, + { 6144, "8044c1d4fd06642dfc46990b4f18b61ef1e972cf" }, + { 6400, "166f1f4ea57409f04feba9fb1e39af0e00bd6f43" }, + { 6528, "0389016a39485d6e330f8b4215ddf718b404f7e9" }, + { 8192, "6df7ee2a8b61d6f7f860ce8dbf778f0c2a5b508b" }, + {16384, "a70a6d8dfa1f91ded621c3dbaed34162bc48783f" }, + {18432, "8dfad627922ce15df1eed10bdbed49244efa57db" }, + { 0, NULL }, +}; + + +void cesaTestPrintStatus(void); + + +/*------------------------- LOCAL FUNCTIONs ---------------------------------*/ +MV_STATUS testCmd(int sid, int iter, MV_CESA_COMMAND* pCmd, + MV_CESA_TEST_SESSION* pTestSession, MV_U8* pIV, int ivSize); +MV_STATUS testClose(int idx); +MV_STATUS testOpen(int idx); +void close_session(int sid); +void cesaTestCheckReady(const MV_CESA_RESULT *r); +void cesaCheckReady(MV_CESA_RESULT* r); +void printTestResults(int idx, MV_STATUS status, int checkMode); +void cesaLastResult(void); +void cesaTestPrintReq(int req, int offset, int size); + +void cesaTestPrintStatus(void); +void cesaTestPrintSession(int idx); +void sizeTest(int testIdx, int iter, int checkMode); +void multiTest(int iter, int reqSize, int checkMode); +void oneTest(int testIdx, int caseIdx,int iter, int reqSize, int checkMode); +void multiSizeTest(int idx, int iter, int checkMode, char* inputData); +void cesaTest(int iter, int reqSize, int checkMode); +void cesaOneTest(int testIdx, int caseIdx,int iter, int reqSize, int checkMode); +void combiTest(int iter, int reqSize, int checkMode); +void shaTest(int iter, int reqSize, int checkMode); +void mdTest(int iter, int reqSize, int checkMode); +void aesTest(int iter, int reqSize, int checkMode); +void tripleDesTest(int iter, int reqSize, int checkMode); +void desTest(int iter, int reqSize, int checkMode); +void cesaTestStop(void); +MV_STATUS testRun(int idx, int caseIdx, int iter,int reqSize, int checkMode); +void cesaTestStart(int bufNum, int bufSize); + + +static MV_U32 getRate(MV_U32* remainder) +{ + MV_U32 kBits, milliSec, rate; + + milliSec = 0; + if( (cesaEndTicks - cesaBeginTicks) > 0) + { + milliSec = CESA_TEST_TICK_TO_MS(cesaEndTicks - cesaBeginTicks); + } + if(milliSec == 0) + { + if(remainder != NULL) + *remainder = 0; + return 0; + } + + kBits = (cesaIteration*cesaRateSize*8)/1000; + rate = kBits/milliSec; + if(remainder != NULL) + *remainder = ((kBits % milliSec)*10)/milliSec; + + return rate; +} + +static char* extractMbuf(MV_CESA_MBUF *pMbuf, + int offset, int size, char* hexStr) +{ + mvCesaCopyFromMbuf((MV_U8*)cesaBinBuffer, pMbuf, offset, size); + mvBinToHex((const MV_U8*)cesaBinBuffer, hexStr, size); + + return hexStr; +} + +static MV_BOOL cesaCheckMbuf(MV_CESA_MBUF *pMbuf, + const char* hexString, int offset, + int checkSize) +{ + MV_BOOL isFailed = MV_FALSE; + MV_STATUS status; + int size = strlen(hexString)/2; + int checkedSize = 0; +/* + mvOsPrintf("cesaCheckMbuf: pMbuf=%p, offset=%d, checkSize=%d, mBufSize=%d\n", + pMbuf, offset, checkSize, pMbuf->mbufSize); +*/ + if(pMbuf->mbufSize < (checkSize + offset)) + { + mvOsPrintf("checkSize (%d) is too large: offset=%d, mbufSize=%d\n", + checkSize, offset, pMbuf->mbufSize); + return MV_TRUE; + } + status = mvCesaCopyFromMbuf((MV_U8*)cesaBinBuffer, pMbuf, offset, checkSize); + if(status != MV_OK) + { + mvOsPrintf("CesaTest: Can't copy %d bytes from Mbuf=%p to checkBuf=%p\n", + checkSize, pMbuf, cesaBinBuffer); + return MV_TRUE; + } +/* + mvDebugMemDump(cesaBinBuffer, size, 1); +*/ + mvHexToBin(hexString, (MV_U8*)cesaExpBinBuffer, size); + + /* Compare buffers */ + while(checkSize > checkedSize) + { + size = MV_MIN(size, (checkSize - checkedSize)); + if(memcmp(cesaExpBinBuffer, &cesaBinBuffer[checkedSize], size) != 0) + { + mvOsPrintf("CheckMbuf failed: checkSize=%d, size=%d, checkedSize=%d\n", + checkSize, size, checkedSize); + mvDebugMemDump(&cesaBinBuffer[checkedSize], size, 1); + mvDebugMemDump(cesaExpBinBuffer, size, 1); + + isFailed = MV_TRUE; + break; + } + checkedSize += size; + } + + return isFailed; +} + +static MV_STATUS cesaSetMbuf(MV_CESA_MBUF *pMbuf, + const char* hexString, + int offset, int reqSize) +{ + MV_STATUS status = MV_OK; + int copySize, size = strlen(hexString)/2; + + mvHexToBin(hexString, (MV_U8*)cesaBinBuffer, size); + + copySize = 0; + while(reqSize > copySize) + { + size = MV_MIN(size, (reqSize - copySize)); + + status = mvCesaCopyToMbuf((MV_U8*)cesaBinBuffer, pMbuf, offset+copySize, size); + if(status != MV_OK) + { + mvOsPrintf("cesaSetMbuf Error: Copy %d of %d bytes to MBuf\n", + copySize, reqSize); + break; + } + copySize += size; + } + pMbuf->mbufSize = offset+copySize; + return status; +} + +static MV_CESA_TEST_SESSION* getTestSessionDb(int idx, int* pTestIdx) +{ + int testIdx, dbIdx = idx/100; + + if(dbIdx > MAX_TEST_TYPE) + { + mvOsPrintf("Wrong index %d - No such test type\n", idx); + return NULL; + } + testIdx = idx % 100; + + if(testIdx >= cesaTestsDB[dbIdx].numSessions) + { + mvOsPrintf("Wrong index %d - No such test\n", idx); + return NULL; + } + if(pTestIdx != NULL) + *pTestIdx = testIdx; + + return cesaTestsDB[dbIdx].pSessions; +} + +/* Debug */ +void cesaTestPrintReq(int req, int offset, int size) +{ + MV_CESA_MBUF* pMbuf; + + mvOsPrintf("cesaTestPrintReq: req=%d, offset=%d, size=%d\n", + req, offset, size); + mvDebugMemDump(cesaCmdRing, 128, 4); + + pMbuf = cesaCmdRing[req].pSrc; + mvCesaDebugMbuf("src", pMbuf, offset,size); + pMbuf = cesaCmdRing[req].pDst; + mvCesaDebugMbuf("dst", pMbuf, offset, size); + + cesaTestPrintStatus(); +} + +void cesaLastResult(void) +{ + mvOsPrintf("Last Result: ReqId = %d, SessionId = %d, rc = (%d)\n", + (MV_U32)cesaResult.pReqPrv, cesaResult.sessionId, + cesaResult.retCode); +} + +void printTestResults(int idx, MV_STATUS status, int checkMode) +{ + int testIdx; + MV_CESA_TEST_SESSION* pTestSessions = getTestSessionDb(idx, &testIdx); + + if(pTestSessions == NULL) + return; + + mvOsPrintf("%-35s %4dx%-4d : ", pTestSessions[testIdx].name, + cesaIteration, cesaReqSize); + if( (status == MV_OK) && + (cesaCryptoError == 0) && + (cesaError == 0) && + (cesaReqIdError == 0) ) + { + mvOsPrintf("Passed, Rate=%3u.%u Mbps (%5u cpp)\n", + cesaRate, cesaRateAfterDot, cesaEndTicks - cesaBeginTicks); + } + else + { + mvOsPrintf("Failed, Status = 0x%x\n", status); + if(cesaCryptoError > 0) + mvOsPrintf("cryptoError : %d\n", cesaCryptoError); + if(cesaReqIdError > 0) + mvOsPrintf("reqIdError : %d\n", cesaReqIdError); + if(cesaError > 0) + mvOsPrintf("cesaError : %d\n", cesaError); + } + if(cesaTestIsrMissCount > 0) + mvOsPrintf("cesaIsrMissed : %d\n", cesaTestIsrMissCount); +} + +void cesaCheckReady(MV_CESA_RESULT* r) +{ + int reqId; + MV_CESA_MBUF *pMbuf; + MV_BOOL isFailed; + + cesaResult = *r; + reqId = (int)cesaResult.pReqPrv; + pMbuf = cesaCmdRing[reqId].pDst; + +/* + mvOsPrintf("cesaCheckReady: reqId=%d, checkOffset=%d, checkSize=%d\n", + reqId, cesaCheckOffset, cesaCheckSize); +*/ + /* Check expected reqId */ + if(reqId != cesaExpReqId) + { + cesaReqIdError++; +/* + mvOsPrintf("CESA reqId Error: cbIter=%d (%d), reqId=%d, expReqId=%d\n", + cesaCbIter, cesaIteration, reqId, cesaExpReqId); +*/ + } + else + { + if( (cesaCheckMode == CESA_FULL_CHECK_MODE) || + (cesaCheckMode == CESA_FAST_CHECK_MODE) ) + { + if(cesaResult.retCode != MV_OK) + { + cesaError++; + + mvOsPrintf("CESA Error: cbIter=%d (%d), reqId=%d, rc=%d\n", + cesaCbIter, cesaIteration, reqId, cesaResult.retCode); + } + else + { + if( (cesaCheckSize > 0) && (cesaOutputHexStr != NULL) ) + { + /* Check expected output */ + + isFailed = cesaCheckMbuf(pMbuf, cesaOutputHexStr, cesaCheckOffset, cesaCheckSize); + if(isFailed) + { + mvOsPrintf("CESA Crypto Error: cbIter=%d (%d), reqId=%d\n", + cesaCbIter, cesaIteration, reqId); + + CESA_TEST_DEBUG_PRINT(("Error: reqId=%d, reqSize=%d, checkOffset=%d, checkSize=%d\n", + reqId, cesaReqSize, cesaCheckOffset, cesaCheckSize)); + + CESA_TEST_DEBUG_PRINT(("Output str: %s\n", cesaOutputHexStr)); + + CESA_TEST_DEBUG_CODE( mvCesaDebugMbuf("error", pMbuf, 0, cesaCheckOffset+cesaCheckSize) ); + + cesaCryptoError++; + } + } + } + } + } + if(cesaCheckMode == CESA_SHOW_CHECK_MODE) + { + extractMbuf(pMbuf, cesaCheckOffset, cesaCheckSize, cesaHexBuffer); + mvOsPrintf("%4d, %s\n", cesaCheckOffset, cesaHexBuffer); + } + + cesaCbIter++; + if(cesaCbIter >= cesaIteration) + { + cesaCbIter = 0; + cesaExpReqId = 0; + cesaIsReady = MV_TRUE; + + cesaEndTicks = CESA_TEST_TICK_GET(); + cesaRate = getRate(&cesaRateAfterDot); + } + else + { + cesaExpReqId = reqId + 1; + if(cesaExpReqId == CESA_DEF_REQ_SIZE) + cesaExpReqId = 0; + } +} + + +#ifdef MV_NETBSD +static int cesaTestReadyIsr(void *arg) +#else +#ifdef __KERNEL__ +static irqreturn_t cesaTestReadyIsr( int irq , void *dev_id) +#endif +#ifdef MV_VXWORKS +void cesaTestReadyIsr(void) +#endif +#endif +{ + MV_U32 cause; + MV_STATUS status; + MV_CESA_RESULT result; + + cesaTestIsrCount++; + /* Clear cause register */ + cause = MV_REG_READ(MV_CESA_ISR_CAUSE_REG); + if( (cause & MV_CESA_CAUSE_ACC_DMA_ALL_MASK) == 0) + { + mvOsPrintf("cesaTestReadyIsr: cause=0x%x\n", cause); +#ifdef MV_NETBSD + return 0; +#else +#ifdef __KERNEL__ + return 1; +#else + return; +#endif +#endif + } + + MV_REG_WRITE(MV_CESA_ISR_CAUSE_REG, 0); + + while(MV_TRUE) + { + /* Get Ready requests */ + status = mvCesaReadyGet(&result); + if(status == MV_OK) + cesaCheckReady(&result); + + break; + } + if( (cesaTestFull == 1) && (status != MV_BUSY) ) + { + cesaTestFull = 0; + CESA_TEST_WAKE_UP(); + } + +#ifdef __KERNEL__ + return 1; +#endif +} + +void +cesaTestCheckReady(const MV_CESA_RESULT *r) +{ + MV_CESA_RESULT result = *r; + + cesaCheckReady(&result); + + if (cesaTestFull == 1) { + cesaTestFull = 0; + CESA_TEST_WAKE_UP(); + } +} + +static INLINE int open_session(MV_CESA_OPEN_SESSION* pOs) +{ + MV_U16 sid; + MV_STATUS status; + + status = mvCesaSessionOpen(pOs, (short*)&sid); + if(status != MV_OK) + { + mvOsPrintf("CesaTest: Can't open new session - status = 0x%x\n", + status); + return -1; + } + + return (int)sid; +} + +void close_session(int sid) +{ + MV_STATUS status; + + status = mvCesaSessionClose(sid); + if(status != MV_OK) + { + mvOsPrintf("CesaTest: Can't close session %d - status = 0x%x\n", + sid, status); + } +} + +MV_STATUS testOpen(int idx) +{ + MV_CESA_OPEN_SESSION os; + int sid, i, testIdx; + MV_CESA_TEST_SESSION* pTestSession; + MV_U16 digestSize = 0; + + pTestSession = getTestSessionDb(idx, &testIdx); + if(pTestSession == NULL) + { + mvOsPrintf("Test %d is not exist\n", idx); + return MV_BAD_PARAM; + } + pTestSession = &pTestSession[testIdx]; + + if(pTestSession->sid != -1) + { + mvOsPrintf("Session for test %d already created: sid=%d\n", + idx, pTestSession->sid); + return MV_OK; + } + + os.cryptoAlgorithm = pTestSession->cryptoAlgorithm; + os.macMode = pTestSession->macAlgorithm; + switch(os.macMode) + { + case MV_CESA_MAC_MD5: + case MV_CESA_MAC_HMAC_MD5: + digestSize = MV_CESA_MD5_DIGEST_SIZE; + break; + + case MV_CESA_MAC_SHA1: + case MV_CESA_MAC_HMAC_SHA1: + digestSize = MV_CESA_SHA1_DIGEST_SIZE; + break; + + case MV_CESA_MAC_NULL: + digestSize = 0; + } + os.cryptoMode = pTestSession->cryptoMode; + os.direction = pTestSession->direction; + os.operation = pTestSession->operation; + + for(i=0; icryptoKeySize; i++) + os.cryptoKey[i] = pTestSession->pCryptoKey[i]; + + os.cryptoKeyLength = pTestSession->cryptoKeySize; + + for(i=0; imacKeySize; i++) + os.macKey[i] = pTestSession->pMacKey[i]; + + os.macKeyLength = pTestSession->macKeySize; + os.digestSize = digestSize; + + sid = open_session(&os); + if(sid == -1) + { + mvOsPrintf("Can't open session for test %d: rc=0x%x\n", + idx, cesaResult.retCode); + return cesaResult.retCode; + } + CESA_TEST_DEBUG_PRINT(("Opened session: sid = %d\n", sid)); + pTestSession->sid = sid; + return MV_OK; +} + +MV_STATUS testClose(int idx) +{ + int testIdx; + MV_CESA_TEST_SESSION* pTestSession; + + pTestSession = getTestSessionDb(idx, &testIdx); + if(pTestSession == NULL) + { + mvOsPrintf("Test %d is not exist\n", idx); + return MV_BAD_PARAM; + } + pTestSession = &pTestSession[testIdx]; + + if(pTestSession->sid == -1) + { + mvOsPrintf("Test session %d is not opened\n", idx); + return MV_NO_SUCH; + } + + close_session(pTestSession->sid); + pTestSession->sid = -1; + + return MV_OK; +} + +MV_STATUS testCmd(int sid, int iter, MV_CESA_COMMAND* pCmd, + MV_CESA_TEST_SESSION* pTestSession, MV_U8* pIV, int ivSize) +{ + int cmdReqId = 0; + int i; + MV_STATUS rc = MV_OK; + char ivZeroHex[] = "0000"; + + if(iter == 0) + iter = CESA_DEF_ITER_NUM; + + if(pCmd == NULL) + { + mvOsPrintf("testCmd failed: pCmd=NULL\n"); + return MV_BAD_PARAM; + } + pCmd->sessionId = sid; + + cesaCryptoError = 0; + cesaReqIdError = 0; + cesaError = 0; + cesaTestIsrMissCount = 0; + cesaIsReady = MV_FALSE; + cesaIteration = iter; + + if(cesaInputHexStr == NULL) + cesaInputHexStr = cesaPlainHexEbc; + + for(i=0; ipSrc = (MV_CESA_MBUF*)(cesaCmdRing[i].pSrc); + if(pIV != NULL) + { + /* If IV from SA - set IV in Source buffer to zeros */ + cesaSetMbuf(pCmd->pSrc, ivZeroHex, 0, pCmd->cryptoOffset); + cesaSetMbuf(pCmd->pSrc, cesaInputHexStr, pCmd->cryptoOffset, + (cesaReqSize - pCmd->cryptoOffset)); + } + else + { + cesaSetMbuf(pCmd->pSrc, cesaInputHexStr, 0, cesaReqSize); + } + pCmd->pDst = (MV_CESA_MBUF*)(cesaCmdRing[i].pDst); + cesaSetMbuf(pCmd->pDst, cesaNullPlainHexText, 0, cesaReqSize); + + memcpy(&cesaCmdRing[i], pCmd, sizeof(*pCmd)); + } + + if(cesaCheckMode == CESA_SW_SHOW_CHECK_MODE) + { + MV_U8 pDigest[MV_CESA_MAX_DIGEST_SIZE]; + + if(pTestSession->macAlgorithm == MV_CESA_MAC_MD5) + { + mvMD5(pCmd->pSrc->pFrags[0].bufVirtPtr, pCmd->macLength, pDigest); + mvOsPrintf("SW HASH_MD5: reqSize=%d, macLength=%d\n", + cesaReqSize, pCmd->macLength); + mvDebugMemDump(pDigest, MV_CESA_MD5_DIGEST_SIZE, 1); + return MV_OK; + } + if(pTestSession->macAlgorithm == MV_CESA_MAC_SHA1) + { + mvSHA1(pCmd->pSrc->pFrags[0].bufVirtPtr, pCmd->macLength, pDigest); + mvOsPrintf("SW HASH_SHA1: reqSize=%d, macLength=%d\n", + cesaReqSize, pCmd->macLength); + mvDebugMemDump(pDigest, MV_CESA_SHA1_DIGEST_SIZE, 1); + return MV_OK; + } + } + + cesaBeginTicks = CESA_TEST_TICK_GET(); + CESA_TEST_DEBUG_CODE( memset(cesaTestTrace, 0, sizeof(cesaTestTrace)); + cesaTestTraceIdx = 0; + ); + + if(cesaCheckMode == CESA_SW_NULL_CHECK_MODE) + { + volatile MV_U8 pDigest[MV_CESA_MAX_DIGEST_SIZE]; + + for(i=0; imacAlgorithm == MV_CESA_MAC_MD5) + { + mvMD5(pCmd->pSrc->pFrags[0].bufVirtPtr, pCmd->macLength, (unsigned char*)pDigest); + } + if(pTestSession->macAlgorithm == MV_CESA_MAC_SHA1) + { + mvSHA1(pCmd->pSrc->pFrags[0].bufVirtPtr, pCmd->macLength, (MV_U8 *)pDigest); + } + } + cesaEndTicks = CESA_TEST_TICK_GET(); + cesaRate = getRate(&cesaRateAfterDot); + cesaIsReady = MV_TRUE; + + return MV_OK; + } + + /*cesaTestIsrCount = 0;*/ + /*mvCesaDebugStatsClear();*/ + +#ifndef MV_NETBSD + MV_REG_WRITE(MV_CESA_ISR_CAUSE_REG, 0); +#endif + + for(i=0; ipReqPrv = (void*)cmdReqId; + + CESA_TEST_LOCK(flags); + + rc = mvCesaAction(pCmd); + if(rc == MV_NO_RESOURCE) + cesaTestFull = 1; + + CESA_TEST_UNLOCK(flags); + + if(rc == MV_NO_RESOURCE) + { + CESA_TEST_LOCK(flags); + CESA_TEST_WAIT( (cesaTestFull == 0), 100); + CESA_TEST_UNLOCK(flags); + if(cesaTestFull == 1) + { + mvOsPrintf("CESA Test timeout: i=%d, iter=%d, cesaTestFull=%d\n", + i, iter, cesaTestFull); + cesaTestFull = 0; + return MV_TIMEOUT; + } + + CESA_TEST_LOCK(flags); + + rc = mvCesaAction(pCmd); + + CESA_TEST_UNLOCK(flags); + } + if( (rc != MV_OK) && (rc != MV_NO_MORE) ) + { + mvOsPrintf("mvCesaAction failed: rc=%d\n", rc); + return rc; + } + + cmdReqId++; + if(cmdReqId >= CESA_DEF_REQ_SIZE) + cmdReqId = 0; + +#ifdef MV_LINUX + /* Reschedule each 16 requests */ + if( (i & 0xF) == 0) + schedule(); +#endif + } + return MV_OK; +} + +void cesaTestStart(int bufNum, int bufSize) +{ + int i, j, idx; + MV_CESA_MBUF *pMbufSrc, *pMbufDst; + MV_BUF_INFO *pFragsSrc, *pFragsDst; + char *pBuf; +#ifndef MV_NETBSD + int numOfSessions, queueDepth; + char *pSram; + MV_STATUS status; + MV_CPU_DEC_WIN addrDecWin; +#endif + + cesaCmdRing = mvOsMalloc(sizeof(MV_CESA_COMMAND) * CESA_DEF_REQ_SIZE); + if(cesaCmdRing == NULL) + { + mvOsPrintf("testStart: Can't allocate %ld bytes of memory\n", + sizeof(MV_CESA_COMMAND) * CESA_DEF_REQ_SIZE); + return; + } + memset(cesaCmdRing, 0, sizeof(MV_CESA_COMMAND) * CESA_DEF_REQ_SIZE); + + if(bufNum == 0) + bufNum = CESA_DEF_BUF_NUM; + + if(bufSize == 0) + bufSize = CESA_DEF_BUF_SIZE; + + cesaBufNum = bufNum; + cesaBufSize = bufSize; + mvOsPrintf("CESA test started: bufNum = %d, bufSize = %d\n", + bufNum, bufSize); + + cesaHexBuffer = mvOsMalloc(2*bufNum*bufSize); + if(cesaHexBuffer == NULL) + { + mvOsPrintf("testStart: Can't malloc %d bytes for cesaHexBuffer.\n", + 2*bufNum*bufSize); + return; + } + memset(cesaHexBuffer, 0, (2*bufNum*bufSize)); + + cesaBinBuffer = mvOsMalloc(bufNum*bufSize); + if(cesaBinBuffer == NULL) + { + mvOsPrintf("testStart: Can't malloc %d bytes for cesaBinBuffer\n", + bufNum*bufSize); + return; + } + memset(cesaBinBuffer, 0, (bufNum*bufSize)); + + cesaExpBinBuffer = mvOsMalloc(bufNum*bufSize); + if(cesaExpBinBuffer == NULL) + { + mvOsPrintf("testStart: Can't malloc %d bytes for cesaExpBinBuffer\n", + bufNum*bufSize); + return; + } + memset(cesaExpBinBuffer, 0, (bufNum*bufSize)); + + CESA_TEST_WAIT_INIT(); + + pMbufSrc = mvOsMalloc(sizeof(MV_CESA_MBUF) * CESA_DEF_REQ_SIZE); + pFragsSrc = mvOsMalloc(sizeof(MV_BUF_INFO) * bufNum * CESA_DEF_REQ_SIZE); + + pMbufDst = mvOsMalloc(sizeof(MV_CESA_MBUF) * CESA_DEF_REQ_SIZE); + pFragsDst = mvOsMalloc(sizeof(MV_BUF_INFO) * bufNum * CESA_DEF_REQ_SIZE); + + if( (pMbufSrc == NULL) || (pFragsSrc == NULL) || + (pMbufDst == NULL) || (pFragsDst == NULL) ) + { + mvOsPrintf("testStart: Can't malloc Src and Dst pMbuf and pFrags structures.\n"); + /* !!!! Dima cesaTestCleanup();*/ + return; + } + + memset(pMbufSrc, 0, sizeof(MV_CESA_MBUF) * CESA_DEF_REQ_SIZE); + memset(pFragsSrc, 0, sizeof(MV_BUF_INFO) * bufNum * CESA_DEF_REQ_SIZE); + + memset(pMbufDst, 0, sizeof(MV_CESA_MBUF) * CESA_DEF_REQ_SIZE); + memset(pFragsDst, 0, sizeof(MV_BUF_INFO) * bufNum * CESA_DEF_REQ_SIZE); + + mvOsPrintf("Cesa Test Start: pMbufSrc=%p, pFragsSrc=%p, pMbufDst=%p, pFragsDst=%p\n", + pMbufSrc, pFragsSrc, pMbufDst, pFragsDst); + + idx = 0; + for(i=0; ipFrags = &pFragsSrc[idx]; + cesaCmdRing[i].pSrc->numFrags = bufNum; + cesaCmdRing[i].pSrc->mbufSize = 0; + + cesaCmdRing[i].pDst = &pMbufDst[i]; + cesaCmdRing[i].pDst->pFrags = &pFragsDst[idx]; + cesaCmdRing[i].pDst->numFrags = bufNum; + cesaCmdRing[i].pDst->mbufSize = 0; + + for(j=0; jpFrags[j].bufVirtPtr = (MV_U8*)pBuf; + cesaCmdRing[i].pSrc->pFrags[j].bufSize = bufSize; + pBuf += bufSize; + cesaCmdRing[i].pDst->pFrags[j].bufVirtPtr = (MV_U8*)pBuf; + cesaCmdRing[i].pDst->pFrags[j].bufSize = bufSize; + pBuf += bufSize; + } + idx += bufNum; + } + +#ifndef MV_NETBSD + if (mvCpuIfTargetWinGet(CRYPT_ENG, &addrDecWin) == MV_OK) + pSram = (char*)addrDecWin.addrWin.baseLow; + else + { + mvOsPrintf("mvCesaInit: ERR. mvCpuIfTargetWinGet failed\n"); + return; + } + +#ifdef MV_CESA_NO_SRAM + pSram = mvOsMalloc(4*1024+8); + if(pSram == NULL) + { + mvOsPrintf("CesaTest: can't allocate %d bytes for SRAM simulation\n", + 4*1024+8); + /* !!!! Dima cesaTestCleanup();*/ + return; + } + pSram = (MV_U8*)MV_ALIGN_UP((MV_U32)pSram, 8); +#endif /* MV_CESA_NO_SRAM */ + + numOfSessions = CESA_DEF_SESSION_NUM; + queueDepth = CESA_DEF_REQ_SIZE - MV_CESA_MAX_CHAN; + + status = mvCesaInit(numOfSessions, queueDepth, pSram, NULL); + if(status != MV_OK) + { + mvOsPrintf("mvCesaInit is Failed: status = 0x%x\n", status); + /* !!!! Dima cesaTestCleanup();*/ + return; + } +#endif /* !MV_NETBSD */ + + /* Prepare data for tests */ + for(i=0; i<50; i++) + strcat((char*)cesaDataHexStr3, "dd"); + + strcpy((char*)cesaDataAndMd5digest3, cesaDataHexStr3); + strcpy((char*)cesaDataAndSha1digest3, cesaDataHexStr3); + + /* Digest must be 8 byte aligned */ + for(; i<56; i++) + { + strcat((char*)cesaDataAndMd5digest3, "00"); + strcat((char*)cesaDataAndSha1digest3, "00"); + } + strcat((char*)cesaDataAndMd5digest3, cesaHmacMd5digestHex3); + strcat((char*)cesaDataAndSha1digest3, cesaHmacSha1digestHex3); + +#ifndef MV_NETBSD + MV_REG_WRITE( MV_CESA_ISR_CAUSE_REG, 0); + MV_REG_WRITE( MV_CESA_ISR_MASK_REG, MV_CESA_CAUSE_ACC_DMA_MASK); +#endif + +#ifdef MV_VXWORKS + { + MV_STATUS status; + + status = intConnect((VOIDFUNCPTR *)INT_LVL_CESA, cesaTestReadyIsr, (int)NULL); + if (status != OK) + { + mvOsPrintf("CESA: Can't connect CESA (%d) interrupt, status=0x%x \n", + INT_LVL_CESA, status); + /* !!!! Dima cesaTestCleanup();*/ + return; + } + cesaSemId = semMCreate(SEM_Q_PRIORITY | SEM_INVERSION_SAFE | SEM_DELETE_SAFE); + if(cesaSemId == NULL) + { + mvOsPrintf("cesaTestStart: Can't create semaphore\n"); + return; + } + intEnable(INT_LVL_CESA); + } +#endif /* MV_VXWORKS */ + +#if !defined(MV_NETBSD) && defined(__KERNEL__) + if( request_irq(CESA_IRQ, cesaTestReadyIsr, (SA_INTERRUPT) , "cesa_test", NULL ) ) + { + mvOsPrintf( "cannot assign irq\n" ); + /* !!!! Dima cesaTestCleanup();*/ + return; + } + spin_lock_init( &cesaLock ); +#endif +} + +MV_STATUS testRun(int idx, int caseIdx, int iter, + int reqSize, int checkMode) +{ + int testIdx, count, sid, digestSize; + int blockSize; + MV_CESA_TEST_SESSION* pTestSession; + MV_CESA_COMMAND cmd; + MV_STATUS status; + + memset(&cmd, 0, sizeof(cmd)); + + pTestSession = getTestSessionDb(idx, &testIdx); + if(pTestSession == NULL) + { + mvOsPrintf("Test %d is not exist\n", idx); + return MV_BAD_PARAM; + } + pTestSession = &pTestSession[testIdx]; + + sid = pTestSession->sid; + if(sid == -1) + { + mvOsPrintf("Test %d is not opened\n", idx); + return MV_BAD_STATE; + } + switch(pTestSession->cryptoAlgorithm) + { + case MV_CESA_CRYPTO_DES: + case MV_CESA_CRYPTO_3DES: + blockSize = MV_CESA_DES_BLOCK_SIZE; + break; + + case MV_CESA_CRYPTO_AES: + blockSize = MV_CESA_AES_BLOCK_SIZE; + break; + + case MV_CESA_CRYPTO_NULL: + blockSize = 0; + break; + + default: + mvOsPrintf("cesaTestRun: Bad CryptoAlgorithm=%d\n", + pTestSession->cryptoAlgorithm); + return MV_BAD_PARAM; + } + switch(pTestSession->macAlgorithm) + { + case MV_CESA_MAC_MD5: + case MV_CESA_MAC_HMAC_MD5: + digestSize = MV_CESA_MD5_DIGEST_SIZE; + break; + + case MV_CESA_MAC_SHA1: + case MV_CESA_MAC_HMAC_SHA1: + digestSize = MV_CESA_SHA1_DIGEST_SIZE; + break; + default: + digestSize = 0; + } + + if(iter == 0) + iter = CESA_DEF_ITER_NUM; + + if(pTestSession->direction == MV_CESA_DIR_ENCODE) + { + cesaOutputHexStr = cesaTestCases[caseIdx].cipherHexStr; + cesaInputHexStr = cesaTestCases[caseIdx].plainHexStr; + } + else + { + cesaOutputHexStr = cesaTestCases[caseIdx].plainHexStr; + cesaInputHexStr = cesaTestCases[caseIdx].cipherHexStr; + } + + cmd.sessionId = sid; + if(checkMode == CESA_FAST_CHECK_MODE) + { + cmd.cryptoLength = cesaTestCases[caseIdx].cryptoLength; + cmd.macLength = cesaTestCases[caseIdx].macLength; + } + else + { + cmd.cryptoLength = reqSize; + cmd.macLength = reqSize; + } + cesaRateSize = cmd.cryptoLength; + cesaReqSize = cmd.cryptoLength; + cmd.cryptoOffset = 0; + if(pTestSession->operation != MV_CESA_MAC_ONLY) + { + if( (pTestSession->cryptoMode == MV_CESA_CRYPTO_CBC) || + (pTestSession->cryptoMode == MV_CESA_CRYPTO_CTR) ) + { + cmd.ivOffset = 0; + cmd.cryptoOffset = blockSize; + if(cesaTestCases[caseIdx].pCryptoIV == NULL) + { + cmd.ivFromUser = 1; + } + else + { + cmd.ivFromUser = 0; + mvCesaCryptoIvSet(cesaTestCases[caseIdx].pCryptoIV, blockSize); + } + cesaReqSize = cmd.cryptoOffset + cmd.cryptoLength; + } + } + +/* + mvOsPrintf("ivFromUser=%d, cryptoLength=%d, cesaReqSize=%d, cryptoOffset=%d\n", + cmd.ivFromUser, cmd.cryptoLength, cesaReqSize, cmd.cryptoOffset); +*/ + if(pTestSession->operation != MV_CESA_CRYPTO_ONLY) + { + cmd.macOffset = cmd.cryptoOffset; + + if(cesaTestCases[caseIdx].digestOffset == -1) + { + cmd.digestOffset = cmd.macOffset + cmd.macLength; + cmd.digestOffset = MV_ALIGN_UP(cmd.digestOffset, 8); + } + else + { + cmd.digestOffset = cesaTestCases[caseIdx].digestOffset; + } + if( (cmd.digestOffset + digestSize) > cesaReqSize) + cesaReqSize = cmd.digestOffset + digestSize; + } + + cesaCheckMode = checkMode; + + if(checkMode == CESA_NULL_CHECK_MODE) + { + cesaCheckSize = 0; + cesaCheckOffset = 0; + } + else + { + if(pTestSession->operation == MV_CESA_CRYPTO_ONLY) + { + cesaCheckOffset = 0; + cesaCheckSize = cmd.cryptoLength; + } + else + { + cesaCheckSize = digestSize; + cesaCheckOffset = cmd.digestOffset; + } + } +/* + mvOsPrintf("reqSize=%d, checkSize=%d, checkOffset=%d, checkMode=%d\n", + cesaReqSize, cesaCheckSize, cesaCheckOffset, cesaCheckMode); + + mvOsPrintf("blockSize=%d, ivOffset=%d, ivFromUser=%d, crOffset=%d, crLength=%d\n", + blockSize, cmd.ivOffset, cmd.ivFromUser, + cmd.cryptoOffset, cmd.cryptoLength); + + mvOsPrintf("macOffset=%d, digestOffset=%d, macLength=%d\n", + cmd.macOffset, cmd.digestOffset, cmd.macLength); +*/ + status = testCmd(sid, iter, &cmd, pTestSession, + cesaTestCases[caseIdx].pCryptoIV, blockSize); + + if(status != MV_OK) + return status; + + /* Wait when all callbacks is received */ + count = 0; + while(cesaIsReady == MV_FALSE) + { + mvOsSleep(10); + count++; + if(count > 100) + { + mvOsPrintf("testRun: Timeout occured\n"); + return MV_TIMEOUT; + } + } + + return MV_OK; +} + + +void cesaTestStop(void) +{ + MV_CESA_MBUF *pMbufSrc, *pMbufDst; + MV_BUF_INFO *pFragsSrc, *pFragsDst; + int i; + + /* Release all allocated memories */ + pMbufSrc = (MV_CESA_MBUF*)(cesaCmdRing[0].pSrc); + pFragsSrc = cesaCmdRing[0].pSrc->pFrags; + + pMbufDst = (MV_CESA_MBUF*)(cesaCmdRing[0].pDst); + pFragsDst = cesaCmdRing[0].pDst->pFrags; + + mvOsFree(pMbufSrc); + mvOsFree(pMbufDst); + mvOsFree(pFragsSrc); + mvOsFree(pFragsDst); + + for(i=0; i 0) + cryptoError++; + if(cesaReqIdError > 0) + reqIdError++; + + testClose(idx); + } + } + if(cryptoError > 0) + mvOsPrintf("cryptoError : %d\n", cryptoError); + if(reqIdError > 0) + mvOsPrintf("reqIdError : %d\n", reqIdError); + + if(openErrors > 0) + { + mvOsPrintf("Open Errors = %d\n", openErrors); + for(i=0; i<100; i++) + { + if(openErrDisp[i] != 0) + mvOsPrintf("Error %d - occurs %d times\n", i, openErrDisp[i]); + } + } +} + + +void loopback_test(int idx, int iter, int size, char* pPlainData) +{ +} + + +#if defined(MV_VXWORKS) +int testMode = 0; +unsigned __TASKCONV cesaTask(void* args) +{ + int reqSize = cesaReqSize; + + if(testMode == 0) + { + cesaOneTest(cesaTestIdx, cesaCaseIdx, cesaIteration, + reqSize, cesaCheckMode); + } + else + { + if(testMode == 1) + { + cesaTest(cesaIteration, reqSize, cesaCheckMode); + combiTest(cesaIteration, reqSize, cesaCheckMode); + } + else + { + multiSizeTest(cesaIdx, cesaIteration, cesaCheckMode, NULL); + } + } + return 0; +} + +void oneTest(int testIdx, int caseIdx, + int iter, int reqSize, int checkMode) +{ + long rc; + + cesaIteration = iter; + cesaReqSize = cesaRateSize = reqSize; + cesaCheckMode = checkMode; + testMode = 0; + cesaTestIdx = testIdx; + cesaCaseIdx = caseIdx; + rc = mvOsTaskCreate("CESA_T", 100, 4*1024, cesaTask, NULL, &cesaTaskId); + if (rc != MV_OK) + { + mvOsPrintf("hMW: Can't create CESA multiCmd test task, rc = %ld\n", rc); + } +} + +void multiTest(int iter, int reqSize, int checkMode) +{ + long rc; + + cesaIteration = iter; + cesaCheckMode = checkMode; + cesaReqSize = reqSize; + testMode = 1; + rc = mvOsTaskCreate("CESA_T", 100, 4*1024, cesaTask, NULL, &cesaTaskId); + if (rc != MV_OK) + { + mvOsPrintf("hMW: Can't create CESA multiCmd test task, rc = %ld\n", rc); + } +} + +void sizeTest(int testIdx, int iter, int checkMode) +{ + long rc; + + cesaIteration = iter; + cesaCheckMode = checkMode; + testMode = 2; + cesaIdx = testIdx; + rc = mvOsTaskCreate("CESA_T", 100, 4*1024, cesaTask, NULL, &cesaTaskId); + if (rc != MV_OK) + { + mvOsPrintf("hMW: Can't create CESA test task, rc = %ld\n", rc); + } +} + +#endif /* MV_VXWORKS */ + +extern void mvCesaDebugSA(short sid, int mode); +void cesaTestPrintSession(int idx) +{ + int testIdx; + MV_CESA_TEST_SESSION* pTestSession; + + pTestSession = getTestSessionDb(idx, &testIdx); + if(pTestSession == NULL) + { + mvOsPrintf("Test %d is not exist\n", idx); + return; + } + pTestSession = &pTestSession[testIdx]; + + if(pTestSession->sid == -1) + { + mvOsPrintf("Test session %d is not opened\n", idx); + return; + } + + mvCesaDebugSA(pTestSession->sid, 1); +} + +void cesaTestPrintStatus(void) +{ + mvOsPrintf("\n\t Cesa Test Status\n\n"); + + mvOsPrintf("isrCount=%d\n", + cesaTestIsrCount); + +#ifdef CESA_TEST_DEBUG + { + int i, j; + j = cesaTestTraceIdx; + mvOsPrintf("No Type Cause rCause iCause Res Time pReady pProc pEmpty\n"); + for(i=0; itable = mvOsMalloc(numOfEntries*sizeof(MV_LRU_ENTRY)); + if(pLruCache->table == NULL) + { + mvOsFree(pLruCache); + return NULL; + } + memset(pLruCache->table, 0, numOfEntries*sizeof(MV_LRU_ENTRY)); + pLruCache->tableSize = numOfEntries; + + for(i=0; itable[i].next = i+1; + pLruCache->table[i].prev = i-1; + } + pLruCache->least = 0; + pLruCache->most = numOfEntries-1; + + return pLruCache; +} + +void mvLruCacheFinish(MV_LRU_CACHE* pLruCache) +{ + mvOsFree(pLruCache->table); + mvOsFree(pLruCache); +} + +/* Update LRU cache database after using cache Index */ +void mvLruCacheIdxUpdate(MV_LRU_CACHE* pLruHndl, int cacheIdx) +{ + int prev, next; + + if(cacheIdx == pLruHndl->most) + return; + + next = pLruHndl->table[cacheIdx].next; + if(cacheIdx == pLruHndl->least) + { + pLruHndl->least = next; + } + else + { + prev = pLruHndl->table[cacheIdx].prev; + + pLruHndl->table[next].prev = prev; + pLruHndl->table[prev].next = next; + } + + pLruHndl->table[pLruHndl->most].next = cacheIdx; + pLruHndl->table[cacheIdx].prev = pLruHndl->most; + pLruHndl->most = cacheIdx; +} + +/* Delete LRU cache entry */ +void mvLruCacheIdxDelete(MV_LRU_CACHE* pLruHndl, int cacheIdx) +{ + int prev, next; + + if(cacheIdx == pLruHndl->least) + return; + + prev = pLruHndl->table[cacheIdx].prev; + if(cacheIdx == pLruHndl->most) + { + pLruHndl->most = prev; + } + else + { + next = pLruHndl->table[cacheIdx].next; + + pLruHndl->table[next].prev = prev; + pLruHndl->table[prev].next = next; + } + pLruHndl->table[pLruHndl->least].prev = cacheIdx; + pLruHndl->table[cacheIdx].next = pLruHndl->least; + pLruHndl->least = cacheIdx; +} diff -Naur linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/mvLru.h linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/mvLru.h --- linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/mvLru.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/mvLru.h 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,112 @@ +/******************************************************************************* +Copyright (C) Marvell International Ltd. and its affiliates + +This software file (the "File") is owned and distributed by Marvell +International Ltd. and/or its affiliates ("Marvell") under the following +alternative licensing terms. Once you have made an election to distribute the +File under one of the following license alternatives, please (i) delete this +introductory statement regarding license alternatives, (ii) delete the two +license alternatives that you have not elected to use and (iii) preserve the +Marvell copyright notice above. + +******************************************************************************** +Marvell Commercial License Option + +If you received this File from Marvell and you have entered into a commercial +license agreement (a "Commercial License") with Marvell, the File is licensed +to you under the terms of the applicable Commercial License. + +******************************************************************************** +Marvell GPL License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File in accordance with the terms and conditions of the General +Public License Version 2, June 1991 (the "GPL License"), a copy of which is +available along with the File in the license.txt file or by writing to the Free +Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 or +on the worldwide web at http://www.gnu.org/licenses/gpl.txt. + +THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE IMPLIED +WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY +DISCLAIMED. The GPL License provides additional details about this warranty +disclaimer. +******************************************************************************** +Marvell BSD License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File under the following licensing terms. +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + * Neither the name of Marvell nor the names of its contributors may be + used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +*******************************************************************************/ +/******************************************************************************* +* mvLru.h - Header File for Least Recently Used Cache algorithm +* +* DESCRIPTION: +* This header file contains macros typedefs and function declaration for +* the Least Recently Used Cache algorithm. +* +*******************************************************************************/ + +#ifndef __mvLru_h__ +#define __mvLru_h__ + + +typedef struct +{ + int next; + int prev; +} MV_LRU_ENTRY; + +typedef struct +{ + int least; + int most; + MV_LRU_ENTRY* table; + int tableSize; + +}MV_LRU_CACHE; + + +/* Find Cache index for replacement LRU */ +static INLINE int mvLruCacheIdxFind(MV_LRU_CACHE* pLruHndl) +{ + return pLruHndl->least; +} + +/* Init LRU cache module */ +MV_LRU_CACHE* mvLruCacheInit(int numOfEntries); + +/* Finish LRU cache module */ +void mvLruCacheFinish(MV_LRU_CACHE* pLruHndl); + +/* Update LRU cache database after using cache Index */ +void mvLruCacheIdxUpdate(MV_LRU_CACHE* pLruHndl, int cacheIdx); + +/* Delete LRU cache entry */ +void mvLruCacheIdxDelete(MV_LRU_CACHE* pLruHndl, int cacheIdx); + + +#endif /* __mvLru_h__ */ diff -Naur linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/mvMD5.c linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/mvMD5.c --- linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/mvMD5.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/mvMD5.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,349 @@ +/******************************************************************************* +Copyright (C) Marvell International Ltd. and its affiliates + +This software file (the "File") is owned and distributed by Marvell +International Ltd. and/or its affiliates ("Marvell") under the following +alternative licensing terms. Once you have made an election to distribute the +File under one of the following license alternatives, please (i) delete this +introductory statement regarding license alternatives, (ii) delete the two +license alternatives that you have not elected to use and (iii) preserve the +Marvell copyright notice above. + +******************************************************************************** +Marvell Commercial License Option + +If you received this File from Marvell and you have entered into a commercial +license agreement (a "Commercial License") with Marvell, the File is licensed +to you under the terms of the applicable Commercial License. + +******************************************************************************** +Marvell GPL License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File in accordance with the terms and conditions of the General +Public License Version 2, June 1991 (the "GPL License"), a copy of which is +available along with the File in the license.txt file or by writing to the Free +Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 or +on the worldwide web at http://www.gnu.org/licenses/gpl.txt. + +THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE IMPLIED +WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY +DISCLAIMED. The GPL License provides additional details about this warranty +disclaimer. +******************************************************************************** +Marvell BSD License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File under the following licensing terms. +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + * Neither the name of Marvell nor the names of its contributors may be + used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +*******************************************************************************/ + +#include "mvOs.h" +#include "mvMD5.h" + +static void mvMD5Transform(MV_U32 buf[4], MV_U32 const in[MV_MD5_MAC_LEN]); + +#ifdef MV_CPU_LE +#define mvByteReverse(buf, len) /* Nothing */ +#else +static void mvByteReverse(unsigned char *buf, unsigned longs); + +/* + * Note: this code is harmless on little-endian machines. + */ +static void mvByteReverse(unsigned char *buf, unsigned longs) +{ + MV_U32 t; + + do + { + t = (MV_U32) ((unsigned) buf[3] << 8 | buf[2]) << 16 | + ((unsigned) buf[1] << 8 | buf[0]); + *(MV_U32 *) buf = t; + buf += 4; + } while (--longs); +} +#endif + +/* + * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious + * initialization constants. + */ +void mvMD5Init(MV_MD5_CONTEXT *ctx) +{ + ctx->buf[0] = 0x67452301; + ctx->buf[1] = 0xefcdab89; + ctx->buf[2] = 0x98badcfe; + ctx->buf[3] = 0x10325476; + + ctx->bits[0] = 0; + ctx->bits[1] = 0; +} + +/* + * Update context to reflect the concatenation of another buffer full + * of bytes. + */ +void mvMD5Update(MV_MD5_CONTEXT *ctx, unsigned char const *buf, unsigned len) +{ + MV_U32 t; + + /* Update bitcount */ + + t = ctx->bits[0]; + if ((ctx->bits[0] = t + ((MV_U32) len << 3)) < t) + ctx->bits[1]++; /* Carry from low to high */ + ctx->bits[1] += len >> 29; + + t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ + + /* Handle any leading odd-sized chunks */ + + if (t) + { + unsigned char *p = (unsigned char *) ctx->in + t; + + t = 64 - t; + if (len < t) + { + memcpy(p, buf, len); + return; + } + memcpy(p, buf, t); + mvByteReverse(ctx->in, MV_MD5_MAC_LEN); + mvMD5Transform(ctx->buf, (MV_U32 *) ctx->in); + buf += t; + len -= t; + } + /* Process data in 64-byte chunks */ + + while (len >= 64) + { + memcpy(ctx->in, buf, 64); + mvByteReverse(ctx->in, MV_MD5_MAC_LEN); + mvMD5Transform(ctx->buf, (MV_U32 *) ctx->in); + buf += 64; + len -= 64; + } + + /* Handle any remaining bytes of data. */ + + memcpy(ctx->in, buf, len); +} + +/* + * Final wrapup - pad to 64-byte boundary with the bit pattern + * 1 0* (64-bit count of bits processed, MSB-first) + */ +void mvMD5Final(unsigned char digest[MV_MD5_MAC_LEN], MV_MD5_CONTEXT *ctx) +{ + unsigned count; + unsigned char *p; + + /* Compute number of bytes mod 64 */ + count = (ctx->bits[0] >> 3) & 0x3F; + + /* Set the first char of padding to 0x80. This is safe since there is + always at least one byte free */ + p = ctx->in + count; + *p++ = 0x80; + + /* Bytes of padding needed to make 64 bytes */ + count = 64 - 1 - count; + + /* Pad out to 56 mod 64 */ + if (count < 8) + { + /* Two lots of padding: Pad the first block to 64 bytes */ + memset(p, 0, count); + mvByteReverse(ctx->in, MV_MD5_MAC_LEN); + mvMD5Transform(ctx->buf, (MV_U32 *) ctx->in); + + /* Now fill the next block with 56 bytes */ + memset(ctx->in, 0, 56); + } + else + { + /* Pad block to 56 bytes */ + memset(p, 0, count - 8); + } + mvByteReverse(ctx->in, 14); + + /* Append length in bits and transform */ + ((MV_U32 *) ctx->in)[14] = ctx->bits[0]; + ((MV_U32 *) ctx->in)[15] = ctx->bits[1]; + + mvMD5Transform(ctx->buf, (MV_U32 *) ctx->in); + mvByteReverse((unsigned char *) ctx->buf, 4); + memcpy(digest, ctx->buf, MV_MD5_MAC_LEN); + memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ +} + +/* The four core functions - F1 is optimized somewhat */ + +/* #define F1(x, y, z) (x & y | ~x & z) */ +#define F1(x, y, z) (z ^ (x & (y ^ z))) +#define F2(x, y, z) F1(z, x, y) +#define F3(x, y, z) (x ^ y ^ z) +#define F4(x, y, z) (y ^ (x | ~z)) + +/* This is the central step in the MD5 algorithm. */ +#define MD5STEP(f, w, x, y, z, data, s) \ + ( w += f(x, y, z) + data, w = w<>(32-s), w += x ) + +/* + * The core of the MD5 algorithm, this alters an existing MD5 hash to + * reflect the addition of 16 longwords of new data. MD5Update blocks + * the data and converts bytes into longwords for this routine. + */ +static void mvMD5Transform(MV_U32 buf[4], MV_U32 const in[MV_MD5_MAC_LEN]) +{ + register MV_U32 a, b, c, d; + + a = buf[0]; + b = buf[1]; + c = buf[2]; + d = buf[3]; + + MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); + MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); + MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); + MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); + MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); + MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); + MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); + MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); + MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); + MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); + MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); + MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); + MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); + MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); + MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); + MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); + + MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); + MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); + MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); + MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); + MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); + MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); + MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); + MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); + MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); + MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); + MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); + MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); + MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); + MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); + MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); + MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); + + MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); + MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); + MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); + MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); + MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); + MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); + MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); + MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); + MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); + MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); + MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); + MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); + MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); + MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); + MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); + MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); + + MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); + MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); + MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); + MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); + MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); + MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); + MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); + MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); + MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); + MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); + MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); + MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); + MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); + MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); + MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); + MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); + + buf[0] += a; + buf[1] += b; + buf[2] += c; + buf[3] += d; +} + +void mvMD5(unsigned char const *buf, unsigned len, unsigned char* digest) +{ + MV_MD5_CONTEXT ctx; + + mvMD5Init(&ctx); + mvMD5Update(&ctx, buf, len); + mvMD5Final(digest, &ctx); +} + + +void mvHmacMd5(unsigned char const* text, int text_len, + unsigned char const* key, int key_len, + unsigned char* digest) +{ + int i; + MV_MD5_CONTEXT ctx; + unsigned char k_ipad[64+1]; /* inner padding - key XORd with ipad */ + unsigned char k_opad[64+1]; /* outer padding - key XORd with opad */ + + /* start out by storing key in pads */ + memset(k_ipad, 0, 64); + memcpy(k_ipad, key, key_len); + memset(k_opad, 0, 64); + memcpy(k_opad, key, key_len); + + /* XOR key with ipad and opad values */ + for (i=0; i<64; i++) + { + k_ipad[i] ^= 0x36; + k_opad[i] ^= 0x5c; + } + + /* perform inner MD5 */ + mvMD5Init(&ctx); /* init ctx for 1st pass */ + mvMD5Update(&ctx, k_ipad, 64); /* start with inner pad */ + mvMD5Update(&ctx, text, text_len); /* then text of datagram */ + mvMD5Final(digest, &ctx); /* finish up 1st pass */ + + /* perform outer MD5 */ + mvMD5Init(&ctx); /* init ctx for 2nd pass */ + mvMD5Update(&ctx, k_opad, 64); /* start with outer pad */ + mvMD5Update(&ctx, digest, 16); /* then results of 1st hash */ + mvMD5Final(digest, &ctx); /* finish up 2nd pass */ +} diff -Naur linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/mvMD5.h linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/mvMD5.h --- linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/mvMD5.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/mvMD5.h 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,93 @@ +/******************************************************************************* +Copyright (C) Marvell International Ltd. and its affiliates + +This software file (the "File") is owned and distributed by Marvell +International Ltd. and/or its affiliates ("Marvell") under the following +alternative licensing terms. Once you have made an election to distribute the +File under one of the following license alternatives, please (i) delete this +introductory statement regarding license alternatives, (ii) delete the two +license alternatives that you have not elected to use and (iii) preserve the +Marvell copyright notice above. + +******************************************************************************** +Marvell Commercial License Option + +If you received this File from Marvell and you have entered into a commercial +license agreement (a "Commercial License") with Marvell, the File is licensed +to you under the terms of the applicable Commercial License. + +******************************************************************************** +Marvell GPL License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File in accordance with the terms and conditions of the General +Public License Version 2, June 1991 (the "GPL License"), a copy of which is +available along with the File in the license.txt file or by writing to the Free +Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 or +on the worldwide web at http://www.gnu.org/licenses/gpl.txt. + +THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE IMPLIED +WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY +DISCLAIMED. The GPL License provides additional details about this warranty +disclaimer. +******************************************************************************** +Marvell BSD License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File under the following licensing terms. +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + * Neither the name of Marvell nor the names of its contributors may be + used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +*******************************************************************************/ + +#ifndef __mvMD5_h__ +#define __mvMD5_h__ + +#include "mvMD5.h" + +#define MV_MD5_MAC_LEN 16 + + +typedef struct +{ + MV_U32 buf[4]; + MV_U32 bits[2]; + MV_U8 in[64]; + +} MV_MD5_CONTEXT; + +void mvMD5Init(MV_MD5_CONTEXT *context); +void mvMD5Update(MV_MD5_CONTEXT *context, unsigned char const *buf, + unsigned len); +void mvMD5Final(unsigned char digest[16], MV_MD5_CONTEXT *context); + +void mvMD5(unsigned char const *buf, unsigned len, unsigned char* digest); + +void mvHmacMd5(unsigned char const* text, int text_len, + unsigned char const* key, int key_len, + unsigned char* digest); + + +#endif /* __mvMD5_h__ */ diff -Naur linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/mvSHA1.c linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/mvSHA1.c --- linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/mvSHA1.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/mvSHA1.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,239 @@ +/******************************************************************************* +Copyright (C) Marvell International Ltd. and its affiliates + +This software file (the "File") is owned and distributed by Marvell +International Ltd. and/or its affiliates ("Marvell") under the following +alternative licensing terms. Once you have made an election to distribute the +File under one of the following license alternatives, please (i) delete this +introductory statement regarding license alternatives, (ii) delete the two +license alternatives that you have not elected to use and (iii) preserve the +Marvell copyright notice above. + +******************************************************************************** +Marvell Commercial License Option + +If you received this File from Marvell and you have entered into a commercial +license agreement (a "Commercial License") with Marvell, the File is licensed +to you under the terms of the applicable Commercial License. + +******************************************************************************** +Marvell GPL License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File in accordance with the terms and conditions of the General +Public License Version 2, June 1991 (the "GPL License"), a copy of which is +available along with the File in the license.txt file or by writing to the Free +Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 or +on the worldwide web at http://www.gnu.org/licenses/gpl.txt. + +THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE IMPLIED +WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY +DISCLAIMED. The GPL License provides additional details about this warranty +disclaimer. +******************************************************************************** +Marvell BSD License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File under the following licensing terms. +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + * Neither the name of Marvell nor the names of its contributors may be + used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +*******************************************************************************/ + +#include "mvOs.h" +#include "mvSHA1.h" + +#define SHA1HANDSOFF + +typedef union +{ + MV_U8 c[64]; + MV_U32 l[16]; + +} CHAR64LONG16; + +static void mvSHA1Transform(MV_U32 state[5], const MV_U8 *buffer); + +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) + + +#ifdef MV_CPU_LE +#define blk0(i) (block->l[i] = (rol(block->l[i], 24) & 0xFF00FF00) | \ + (rol(block->l[i], 8) & 0x00FF00FF)) +#else +#define blk0(i) block->l[i] +#endif +#define blk(i) (block->l[i & 15] = rol(block->l[(i + 13) & 15] ^ \ + block->l[(i + 8) & 15] ^ block->l[(i + 2) & 15] ^ block->l[i & 15], 1)) + +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ +#define R0(v,w,x,y,z,i) \ + z += ((w & (x ^ y)) ^ y) + blk0(i) + 0x5A827999 + rol(v, 5); \ + w = rol(w, 30); +#define R1(v,w,x,y,z,i) \ + z += ((w & (x ^ y)) ^ y) + blk(i) + 0x5A827999 + rol(v, 5); \ + w = rol(w, 30); +#define R2(v,w,x,y,z,i) \ + z += (w ^ x ^ y) + blk(i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30); +#define R3(v,w,x,y,z,i) \ + z += (((w | x) & y) | (w & x)) + blk(i) + 0x8F1BBCDC + rol(v, 5); \ + w = rol(w, 30); +#define R4(v,w,x,y,z,i) \ + z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \ + w=rol(w, 30); + +/* Hash a single 512-bit block. This is the core of the algorithm. */ +static void mvSHA1Transform(MV_U32 state[5], const MV_U8 *buffer) +{ + MV_U32 a, b, c, d, e; + CHAR64LONG16* block; + +#ifdef SHA1HANDSOFF + static MV_U32 workspace[16]; + + block = (CHAR64LONG16 *) workspace; + memcpy(block, buffer, 64); +#else + block = (CHAR64LONG16 *) buffer; +#endif + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + /* Wipe variables */ + a = b = c = d = e = 0; +} + +void mvSHA1Init(MV_SHA1_CTX* context) +{ + /* SHA1 initialization constants */ + context->state[0] = 0x67452301; + context->state[1] = 0xEFCDAB89; + context->state[2] = 0x98BADCFE; + context->state[3] = 0x10325476; + context->state[4] = 0xC3D2E1F0; + context->count[0] = context->count[1] = 0; +} + + +/* Run your data through this. */ +void mvSHA1Update(MV_SHA1_CTX *context, MV_U8 const *data, + unsigned int len) +{ + MV_U32 i, j; + + j = (context->count[0] >> 3) & 63; + if ((context->count[0] += len << 3) < (len << 3)) + context->count[1]++; + context->count[1] += (len >> 29); + if ((j + len) > 63) + { + memcpy(&context->buffer[j], data, (i = 64-j)); + mvSHA1Transform(context->state, context->buffer); + for ( ; i + 63 < len; i += 64) + { + mvSHA1Transform(context->state, &data[i]); + } + j = 0; + } + else + { + i = 0; + } + memcpy(&context->buffer[j], &data[i], len - i); +} + +void mvSHA1Final(MV_U8* digest, MV_SHA1_CTX* context) +{ + MV_U32 i; + MV_U8 finalcount[8]; + + for (i = 0; i < 8; i++) + { + finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] >> + ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ + } + mvSHA1Update(context, (const unsigned char *) "\200", 1); + while ((context->count[0] & 504) != 448) + { + mvSHA1Update(context, (const unsigned char *) "\0", 1); + } + mvSHA1Update(context, finalcount, 8); /* Should cause a mvSHA1Transform() + */ + for (i = 0; i < 20; i++) + { + digest[i] = (unsigned char) + ((context->state[i >> 2] >> ((3 - (i & 3)) * 8)) & 255); + } + /* Wipe variables */ + i = 0; + memset(context->buffer, 0, 64); + memset(context->state, 0, 20); + memset(context->count, 0, 8); + memset(finalcount, 0, 8); + +#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */ + mvSHA1Transform(context->state, context->buffer); +#endif +} + + +void mvSHA1(MV_U8 const *buf, unsigned int len, MV_U8* digest) +{ + MV_SHA1_CTX ctx; + + mvSHA1Init(&ctx); + mvSHA1Update(&ctx, buf, len); + mvSHA1Final(digest, &ctx); +} diff -Naur linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/mvSHA1.h linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/mvSHA1.h --- linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa/mvSHA1.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/kirkwood/cesa/mvSHA1.h 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,88 @@ +/******************************************************************************* +Copyright (C) Marvell International Ltd. and its affiliates + +This software file (the "File") is owned and distributed by Marvell +International Ltd. and/or its affiliates ("Marvell") under the following +alternative licensing terms. Once you have made an election to distribute the +File under one of the following license alternatives, please (i) delete this +introductory statement regarding license alternatives, (ii) delete the two +license alternatives that you have not elected to use and (iii) preserve the +Marvell copyright notice above. + +******************************************************************************** +Marvell Commercial License Option + +If you received this File from Marvell and you have entered into a commercial +license agreement (a "Commercial License") with Marvell, the File is licensed +to you under the terms of the applicable Commercial License. + +******************************************************************************** +Marvell GPL License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File in accordance with the terms and conditions of the General +Public License Version 2, June 1991 (the "GPL License"), a copy of which is +available along with the File in the license.txt file or by writing to the Free +Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 or +on the worldwide web at http://www.gnu.org/licenses/gpl.txt. + +THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE IMPLIED +WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY +DISCLAIMED. The GPL License provides additional details about this warranty +disclaimer. +******************************************************************************** +Marvell BSD License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File under the following licensing terms. +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + * Neither the name of Marvell nor the names of its contributors may be + used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +*******************************************************************************/ + +#ifndef __mvSHA1_h__ +#define __mvSHA1_h__ + +#include "mvSHA1.h" + +#define MV_SHA1_MAC_LEN 20 + + +typedef struct +{ + MV_U32 state[5]; + MV_U32 count[2]; + MV_U8 buffer[64]; + +} MV_SHA1_CTX; + +void mvSHA1Init(MV_SHA1_CTX *context); +void mvSHA1Update(MV_SHA1_CTX *context, MV_U8 const *buf, unsigned int len); +void mvSHA1Final(MV_U8* digest, MV_SHA1_CTX *context); + +void mvSHA1(MV_U8 const *buf, unsigned int len, MV_U8* digest); + + +#endif /* __mvSHA1_h__ */ diff -Naur linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa_ocf_drv.c linux-3.0.68.i686/crypto/ocf/kirkwood/cesa_ocf_drv.c --- linux-3.0.68.i686-orig/crypto/ocf/kirkwood/cesa_ocf_drv.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/kirkwood/cesa_ocf_drv.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,1302 @@ +/******************************************************************************* +Copyright (C) Marvell International Ltd. and its affiliates + +This software file (the "File") is owned and distributed by Marvell +International Ltd. and/or its affiliates ("Marvell") under the following +alternative licensing terms. Once you have made an election to distribute the +File under one of the following license alternatives, please (i) delete this +introductory statement regarding license alternatives, (ii) delete the two +license alternatives that you have not elected to use and (iii) preserve the +Marvell copyright notice above. + + +******************************************************************************** +Marvell GPL License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File in accordance with the terms and conditions of the General +Public License Version 2, June 1991 (the "GPL License"), a copy of which is +available along with the File in the license.txt file or by writing to the Free +Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 or +on the worldwide web at http://www.gnu.org/licenses/gpl.txt. + +THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE IMPLIED +WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY +DISCLAIMED. The GPL License provides additional details about this warranty +disclaimer. +*******************************************************************************/ + +#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "ctrlEnv/sys/mvSysCesa.h" +#include "cesa/mvCesa.h" /* moved here before cryptodev.h due to include dependencies */ +#include +#include +#include +#include +#include "mvDebug.h" + +#include "cesa/mvMD5.h" +#include "cesa/mvSHA1.h" + +#include "cesa/mvCesaRegs.h" +#include "cesa/AES/mvAes.h" +#include "cesa/mvLru.h" + +#undef RT_DEBUG +#ifdef RT_DEBUG +static int debug = 1; +module_param(debug, int, 1); +MODULE_PARM_DESC(debug, "Enable debug"); +#undef dprintk +#define dprintk(a...) if (debug) { printk(a); } else +#else +static int debug = 0; +#undef dprintk +#define dprintk(a...) +#endif + + +/* TDMA Regs */ +#define WINDOW_BASE(i) 0xA00 + (i << 3) +#define WINDOW_CTRL(i) 0xA04 + (i << 3) + +/* interrupt handling */ +#undef CESA_OCF_POLLING +#undef CESA_OCF_TASKLET + +#if defined(CESA_OCF_POLLING) && defined(CESA_OCF_TASKLET) +#error "don't use both tasklet and polling mode" +#endif + +extern int cesaReqResources; +/* support for spliting action into 2 actions */ +#define CESA_OCF_SPLIT + +/* general defines */ +#define CESA_OCF_MAX_SES 128 +#define CESA_Q_SIZE 64 + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,0) +#define FRAG_PAGE(f) (f).p +#else +#define FRAG_PAGE(f) (f) +#endif + +/* data structures */ +struct cesa_ocf_data { + int cipher_alg; + int auth_alg; + int encrypt_tn_auth; +#define auth_tn_decrypt encrypt_tn_auth + int ivlen; + int digestlen; + short sid_encrypt; + short sid_decrypt; + /* fragment workaround sessions */ + short frag_wa_encrypt; + short frag_wa_decrypt; + short frag_wa_auth; +}; + +/* CESA device data */ +struct cesa_dev { + void __iomem *sram; + void __iomem *reg; + struct mv_cesa_platform_data *plat_data; + int irq; +}; + +#define DIGEST_BUF_SIZE 32 +struct cesa_ocf_process { + MV_CESA_COMMAND cesa_cmd; + MV_CESA_MBUF cesa_mbuf; + MV_BUF_INFO cesa_bufs[MV_CESA_MAX_MBUF_FRAGS]; + char digest[DIGEST_BUF_SIZE]; + int digest_len; + struct cryptop *crp; + int need_cb; +}; + +/* global variables */ +static int32_t cesa_ocf_id = -1; +static struct cesa_ocf_data *cesa_ocf_sessions[CESA_OCF_MAX_SES]; +static spinlock_t cesa_lock; +static struct cesa_dev cesa_device; + +/* static APIs */ +static int cesa_ocf_process (device_t, struct cryptop *, int); +static int cesa_ocf_newsession (device_t, u_int32_t *, struct cryptoini *); +static int cesa_ocf_freesession (device_t, u_int64_t); +static void cesa_callback (unsigned long); +static irqreturn_t cesa_interrupt_handler (int, void *); +#ifdef CESA_OCF_POLLING +static void cesa_interrupt_polling(void); +#endif +#ifdef CESA_OCF_TASKLET +static struct tasklet_struct cesa_ocf_tasklet; +#endif + +static struct timeval tt_start; +static struct timeval tt_end; + +/* + * dummy device structure + */ + +static struct { + softc_device_decl sc_dev; +} mv_cesa_dev; + +static device_method_t mv_cesa_methods = { + /* crypto device methods */ + DEVMETHOD(cryptodev_newsession, cesa_ocf_newsession), + DEVMETHOD(cryptodev_freesession,cesa_ocf_freesession), + DEVMETHOD(cryptodev_process, cesa_ocf_process), + DEVMETHOD(cryptodev_kprocess, NULL), +}; + + + +/* Add debug Trace */ +#undef CESA_OCF_TRACE_DEBUG +#ifdef CESA_OCF_TRACE_DEBUG + +#define MV_CESA_USE_TIMER_ID 0 + +typedef struct +{ + int type; /* 0 - isrEmpty, 1 - cesaReadyGet, 2 - cesaAction */ + MV_U32 timeStamp; + MV_U32 cause; + MV_U32 realCause; + MV_U32 dmaCause; + int resources; + MV_CESA_REQ* pReqReady; + MV_CESA_REQ* pReqEmpty; + MV_CESA_REQ* pReqProcess; +} MV_CESA_TEST_TRACE; + +#define MV_CESA_TEST_TRACE_SIZE 50 + +static int cesaTestTraceIdx = 0; +static MV_CESA_TEST_TRACE cesaTestTrace[MV_CESA_TEST_TRACE_SIZE]; + +static void cesaTestTraceAdd(int type) +{ + cesaTestTrace[cesaTestTraceIdx].type = type; + cesaTestTrace[cesaTestTraceIdx].realCause = MV_REG_READ(MV_CESA_ISR_CAUSE_REG); + //cesaTestTrace[cesaTestTraceIdx].idmaCause = MV_REG_READ(IDMA_CAUSE_REG); + cesaTestTrace[cesaTestTraceIdx].resources = cesaReqResources; + cesaTestTrace[cesaTestTraceIdx].pReqReady = pCesaReqReady; + cesaTestTrace[cesaTestTraceIdx].pReqEmpty = pCesaReqEmpty; + cesaTestTrace[cesaTestTraceIdx].pReqProcess = pCesaReqProcess; + cesaTestTrace[cesaTestTraceIdx].timeStamp = mvCntmrRead(MV_CESA_USE_TIMER_ID); + cesaTestTraceIdx++; + if(cesaTestTraceIdx == MV_CESA_TEST_TRACE_SIZE) + cesaTestTraceIdx = 0; +} + +#else /* CESA_OCF_TRACE_DEBUG */ + +#define cesaTestTraceAdd(x) + +#endif /* CESA_OCF_TRACE_DEBUG */ + +unsigned int +get_usec(unsigned int start) +{ + if(start) { + do_gettimeofday (&tt_start); + return 0; + } + else { + do_gettimeofday (&tt_end); + tt_end.tv_sec -= tt_start.tv_sec; + tt_end.tv_usec -= tt_start.tv_usec; + if (tt_end.tv_usec < 0) { + tt_end.tv_usec += 1000 * 1000; + tt_end.tv_sec -= 1; + } + } + printk("time taken is %d\n", (unsigned int)(tt_end.tv_usec + tt_end.tv_sec * 1000000)); + return (tt_end.tv_usec + tt_end.tv_sec * 1000000); +} + +#ifdef RT_DEBUG +/* + * check that the crp action match the current session + */ +static int +ocf_check_action(struct cryptop *crp, struct cesa_ocf_data *cesa_ocf_cur_ses) { + int count = 0; + int encrypt = 0, decrypt = 0, auth = 0; + struct cryptodesc *crd; + + /* Go through crypto descriptors, processing as we go */ + for (crd = crp->crp_desc; crd; crd = crd->crd_next, count++) { + if(count > 2) { + printk("%s,%d: session mode is not supported.\n", __FILE__, __LINE__); + return 1; + } + + /* Encryption /Decryption */ + if(crd->crd_alg == cesa_ocf_cur_ses->cipher_alg) { + /* check that the action is compatible with session */ + if(encrypt || decrypt) { + printk("%s,%d: session mode is not supported.\n", __FILE__, __LINE__); + return 1; + } + + if(crd->crd_flags & CRD_F_ENCRYPT) { /* encrypt */ + if( (count == 2) && (cesa_ocf_cur_ses->encrypt_tn_auth) ) { + printk("%s,%d: sequence isn't supported by this session.\n", __FILE__, __LINE__); + return 1; + } + encrypt++; + } + else { /* decrypt */ + if( (count == 2) && !(cesa_ocf_cur_ses->auth_tn_decrypt) ) { + printk("%s,%d: sequence isn't supported by this session.\n", __FILE__, __LINE__); + return 1; + } + decrypt++; + } + + } + /* Authentication */ + else if(crd->crd_alg == cesa_ocf_cur_ses->auth_alg) { + /* check that the action is compatible with session */ + if(auth) { + printk("%s,%d: session mode is not supported.\n", __FILE__, __LINE__); + return 1; + } + if( (count == 2) && (decrypt) && (cesa_ocf_cur_ses->auth_tn_decrypt)) { + printk("%s,%d: sequence isn't supported by this session.\n", __FILE__, __LINE__); + return 1; + } + if( (count == 2) && (encrypt) && !(cesa_ocf_cur_ses->encrypt_tn_auth)) { + printk("%s,%d: sequence isn't supported by this session.\n", __FILE__, __LINE__); + return 1; + } + auth++; + } + else { + printk("%s,%d: Alg isn't supported by this session.\n", __FILE__, __LINE__); + return 1; + } + } + return 0; + +} +#endif + +/* + * Process a request. + */ +static int +cesa_ocf_process(device_t dev, struct cryptop *crp, int hint) +{ + struct cesa_ocf_process *cesa_ocf_cmd = NULL; + struct cesa_ocf_process *cesa_ocf_cmd_wa = NULL; + MV_CESA_COMMAND *cesa_cmd; + struct cryptodesc *crd; + struct cesa_ocf_data *cesa_ocf_cur_ses; + int sid = 0, temp_len = 0, i; + int encrypt = 0, decrypt = 0, auth = 0; + int status; + struct sk_buff *skb = NULL; + struct uio *uiop = NULL; + unsigned char *ivp; + MV_BUF_INFO *p_buf_info; + MV_CESA_MBUF *p_mbuf_info; + unsigned long flags; + + dprintk("%s()\n", __FUNCTION__); + + if( cesaReqResources <= 1 ) { + dprintk("%s,%d: ERESTART\n", __FILE__, __LINE__); + return ERESTART; + } + +#ifdef RT_DEBUG + /* Sanity check */ + if (crp == NULL) { + printk("%s,%d: EINVAL\n", __FILE__, __LINE__); + return EINVAL; + } + + if (crp->crp_desc == NULL || crp->crp_buf == NULL ) { + printk("%s,%d: EINVAL\n", __FILE__, __LINE__); + crp->crp_etype = EINVAL; + return EINVAL; + } + + sid = crp->crp_sid & 0xffffffff; + if ((sid >= CESA_OCF_MAX_SES) || (cesa_ocf_sessions[sid] == NULL)) { + crp->crp_etype = ENOENT; + printk("%s,%d: ENOENT session %d \n", __FILE__, __LINE__, sid); + return EINVAL; + } +#endif + + sid = crp->crp_sid & 0xffffffff; + crp->crp_etype = 0; + cesa_ocf_cur_ses = cesa_ocf_sessions[sid]; + +#ifdef RT_DEBUG + if(ocf_check_action(crp, cesa_ocf_cur_ses)){ + goto p_error; + } +#endif + + /* malloc a new cesa process */ + cesa_ocf_cmd = kmalloc(sizeof(struct cesa_ocf_process), GFP_ATOMIC); + + if (cesa_ocf_cmd == NULL) { + printk("%s,%d: ENOBUFS \n", __FILE__, __LINE__); + goto p_error; + } + memset(cesa_ocf_cmd, 0, sizeof(struct cesa_ocf_process)); + + /* init cesa_process */ + cesa_ocf_cmd->crp = crp; + /* always call callback */ + cesa_ocf_cmd->need_cb = 1; + + /* init cesa_cmd for usage of the HALs */ + cesa_cmd = &cesa_ocf_cmd->cesa_cmd; + cesa_cmd->pReqPrv = (void *)cesa_ocf_cmd; + cesa_cmd->sessionId = cesa_ocf_cur_ses->sid_encrypt; /* defualt use encrypt */ + + /* prepare src buffer */ + /* we send the entire buffer to the HAL, even if only part of it should be encrypt/auth. */ + /* if not using seesions for both encrypt and auth, then it will be wiser to to copy only */ + /* from skip to crd_len. */ + p_buf_info = cesa_ocf_cmd->cesa_bufs; + p_mbuf_info = &cesa_ocf_cmd->cesa_mbuf; + + p_buf_info += 2; /* save 2 first buffers for IV and digest - + we won't append them to the end since, they + might be places in an unaligned addresses. */ + + p_mbuf_info->pFrags = p_buf_info; + temp_len = 0; + + /* handle SKB */ + if (crp->crp_flags & CRYPTO_F_SKBUF) { + + dprintk("%s,%d: handle SKB.\n", __FILE__, __LINE__); + skb = (struct sk_buff *) crp->crp_buf; + + if (skb_shinfo(skb)->nr_frags >= (MV_CESA_MAX_MBUF_FRAGS - 1)) { + printk("%s,%d: %d nr_frags > MV_CESA_MAX_MBUF_FRAGS", __FILE__, __LINE__, skb_shinfo(skb)->nr_frags); + goto p_error; + } + + p_mbuf_info->mbufSize = skb->len; + temp_len = skb->len; + /* first skb fragment */ + p_buf_info->bufSize = skb_headlen(skb); + p_buf_info->bufVirtPtr = skb->data; + p_buf_info++; + + /* now handle all other skb fragments */ + for ( i = 0; i < skb_shinfo(skb)->nr_frags; i++ ) { + skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; + p_buf_info->bufSize = frag->size; + p_buf_info->bufVirtPtr = page_address(FRAG_PAGE(frag->page)) + frag->page_offset; + p_buf_info++; + } + p_mbuf_info->numFrags = skb_shinfo(skb)->nr_frags + 1; + } + /* handle UIO */ + else if(crp->crp_flags & CRYPTO_F_IOV) { + + dprintk("%s,%d: handle UIO.\n", __FILE__, __LINE__); + uiop = (struct uio *) crp->crp_buf; + + if (uiop->uio_iovcnt > (MV_CESA_MAX_MBUF_FRAGS - 1)) { + printk("%s,%d: %d uio_iovcnt > MV_CESA_MAX_MBUF_FRAGS \n", __FILE__, __LINE__, uiop->uio_iovcnt); + goto p_error; + } + + p_mbuf_info->mbufSize = crp->crp_ilen; + p_mbuf_info->numFrags = uiop->uio_iovcnt; + for(i = 0; i < uiop->uio_iovcnt; i++) { + p_buf_info->bufVirtPtr = uiop->uio_iov[i].iov_base; + p_buf_info->bufSize = uiop->uio_iov[i].iov_len; + temp_len += p_buf_info->bufSize; + dprintk("%s,%d: buf %x-> addr %x, size %x \n" + , __FILE__, __LINE__, i, (unsigned int)p_buf_info->bufVirtPtr, p_buf_info->bufSize); + p_buf_info++; + } + + } + /* handle CONTIG */ + else { + dprintk("%s,%d: handle CONTIG.\n", __FILE__, __LINE__); + p_mbuf_info->numFrags = 1; + p_mbuf_info->mbufSize = crp->crp_ilen; + p_buf_info->bufVirtPtr = crp->crp_buf; + p_buf_info->bufSize = crp->crp_ilen; + temp_len = crp->crp_ilen; + p_buf_info++; + } + + /* Support up to 64K why? cause! */ + if(crp->crp_ilen > 64*1024) { + printk("%s,%d: buf too big %x \n", __FILE__, __LINE__, crp->crp_ilen); + goto p_error; + } + + if( temp_len != crp->crp_ilen ) { + printk("%s,%d: warning size don't match.(%x %x) \n", __FILE__, __LINE__, temp_len, crp->crp_ilen); + } + + cesa_cmd->pSrc = p_mbuf_info; + cesa_cmd->pDst = p_mbuf_info; + + /* restore p_buf_info to point to first available buf */ + p_buf_info = cesa_ocf_cmd->cesa_bufs; + p_buf_info += 1; + + + /* Go through crypto descriptors, processing as we go */ + for (crd = crp->crp_desc; crd; crd = crd->crd_next) { + + /* Encryption /Decryption */ + if(crd->crd_alg == cesa_ocf_cur_ses->cipher_alg) { + + dprintk("%s,%d: cipher", __FILE__, __LINE__); + + cesa_cmd->cryptoOffset = crd->crd_skip; + cesa_cmd->cryptoLength = crd->crd_len; + + if(crd->crd_flags & CRD_F_ENCRYPT) { /* encrypt */ + dprintk(" encrypt \n"); + encrypt++; + + /* handle IV */ + if (crd->crd_flags & CRD_F_IV_EXPLICIT) { /* IV from USER */ + dprintk("%s,%d: IV from USER (offset %x) \n", __FILE__, __LINE__, crd->crd_inject); + cesa_cmd->ivFromUser = 1; + ivp = crd->crd_iv; + + /* + * do we have to copy the IV back to the buffer ? + */ + if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) { + dprintk("%s,%d: copy the IV back to the buffer\n", __FILE__, __LINE__); + cesa_cmd->ivOffset = crd->crd_inject; + crypto_copyback(crp->crp_flags, crp->crp_buf, crd->crd_inject, cesa_ocf_cur_ses->ivlen, ivp); + } + else { + dprintk("%s,%d: don't copy the IV back to the buffer \n", __FILE__, __LINE__); + p_mbuf_info->numFrags++; + p_mbuf_info->mbufSize += cesa_ocf_cur_ses->ivlen; + p_mbuf_info->pFrags = p_buf_info; + + p_buf_info->bufVirtPtr = ivp; + p_buf_info->bufSize = cesa_ocf_cur_ses->ivlen; + p_buf_info--; + + /* offsets */ + cesa_cmd->ivOffset = 0; + cesa_cmd->cryptoOffset += cesa_ocf_cur_ses->ivlen; + if(auth) { + cesa_cmd->macOffset += cesa_ocf_cur_ses->ivlen; + cesa_cmd->digestOffset += cesa_ocf_cur_ses->ivlen; + } + } + } + else { /* random IV */ + dprintk("%s,%d: random IV \n", __FILE__, __LINE__); + cesa_cmd->ivFromUser = 0; + + /* + * do we have to copy the IV back to the buffer ? + */ + /* in this mode the HAL will always copy the IV */ + /* given by the session to the ivOffset */ + if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) { + cesa_cmd->ivOffset = crd->crd_inject; + } + else { + /* if IV isn't copy, then how will the user know which IV did we use??? */ + printk("%s,%d: EINVAL\n", __FILE__, __LINE__); + goto p_error; + } + } + } + else { /* decrypt */ + dprintk(" decrypt \n"); + decrypt++; + cesa_cmd->sessionId = cesa_ocf_cur_ses->sid_decrypt; + + /* handle IV */ + if (crd->crd_flags & CRD_F_IV_EXPLICIT) { + dprintk("%s,%d: IV from USER \n", __FILE__, __LINE__); + /* append the IV buf to the mbuf */ + cesa_cmd->ivFromUser = 1; + p_mbuf_info->numFrags++; + p_mbuf_info->mbufSize += cesa_ocf_cur_ses->ivlen; + p_mbuf_info->pFrags = p_buf_info; + + p_buf_info->bufVirtPtr = crd->crd_iv; + p_buf_info->bufSize = cesa_ocf_cur_ses->ivlen; + p_buf_info--; + + /* offsets */ + cesa_cmd->ivOffset = 0; + cesa_cmd->cryptoOffset += cesa_ocf_cur_ses->ivlen; + if(auth) { + cesa_cmd->macOffset += cesa_ocf_cur_ses->ivlen; + cesa_cmd->digestOffset += cesa_ocf_cur_ses->ivlen; + } + } + else { + dprintk("%s,%d: IV inside the buffer \n", __FILE__, __LINE__); + cesa_cmd->ivFromUser = 0; + cesa_cmd->ivOffset = crd->crd_inject; + } + } + + } + /* Authentication */ + else if(crd->crd_alg == cesa_ocf_cur_ses->auth_alg) { + dprintk("%s,%d: Authentication \n", __FILE__, __LINE__); + auth++; + cesa_cmd->macOffset = crd->crd_skip; + cesa_cmd->macLength = crd->crd_len; + + /* digest + mac */ + cesa_cmd->digestOffset = crd->crd_inject; + } + else { + printk("%s,%d: Alg isn't supported by this session.\n", __FILE__, __LINE__); + goto p_error; + } + } + + dprintk("\n"); + dprintk("%s,%d: Sending Action: \n", __FILE__, __LINE__); + dprintk("%s,%d: IV from user: %d. IV offset %x \n", __FILE__, __LINE__, cesa_cmd->ivFromUser, cesa_cmd->ivOffset); + dprintk("%s,%d: crypt offset %x len %x \n", __FILE__, __LINE__, cesa_cmd->cryptoOffset, cesa_cmd->cryptoLength); + dprintk("%s,%d: Auth offset %x len %x \n", __FILE__, __LINE__, cesa_cmd->macOffset, cesa_cmd->macLength); + dprintk("%s,%d: set digest in offset %x . \n", __FILE__, __LINE__, cesa_cmd->digestOffset); + if(debug) { + mvCesaDebugMbuf("SRC BUFFER", cesa_cmd->pSrc, 0, cesa_cmd->pSrc->mbufSize); + } + + + /* send action to HAL */ + spin_lock_irqsave(&cesa_lock, flags); + status = mvCesaAction(cesa_cmd); + spin_unlock_irqrestore(&cesa_lock, flags); + + /* action not allowed */ + if(status == MV_NOT_ALLOWED) { +#ifdef CESA_OCF_SPLIT + /* if both encrypt and auth try to split */ + if(auth && (encrypt || decrypt)) { + MV_CESA_COMMAND *cesa_cmd_wa; + + /* malloc a new cesa process and init it */ + cesa_ocf_cmd_wa = kmalloc(sizeof(struct cesa_ocf_process), GFP_ATOMIC); + + if (cesa_ocf_cmd_wa == NULL) { + printk("%s,%d: ENOBUFS \n", __FILE__, __LINE__); + goto p_error; + } + memcpy(cesa_ocf_cmd_wa, cesa_ocf_cmd, sizeof(struct cesa_ocf_process)); + cesa_cmd_wa = &cesa_ocf_cmd_wa->cesa_cmd; + cesa_cmd_wa->pReqPrv = (void *)cesa_ocf_cmd_wa; + cesa_ocf_cmd_wa->need_cb = 0; + + /* break requests to two operation, first operation completion won't call callback */ + if((decrypt) && (cesa_ocf_cur_ses->auth_tn_decrypt)) { + cesa_cmd_wa->sessionId = cesa_ocf_cur_ses->frag_wa_auth; + cesa_cmd->sessionId = cesa_ocf_cur_ses->frag_wa_decrypt; + } + else if((decrypt) && !(cesa_ocf_cur_ses->auth_tn_decrypt)) { + cesa_cmd_wa->sessionId = cesa_ocf_cur_ses->frag_wa_decrypt; + cesa_cmd->sessionId = cesa_ocf_cur_ses->frag_wa_auth; + } + else if((encrypt) && (cesa_ocf_cur_ses->encrypt_tn_auth)) { + cesa_cmd_wa->sessionId = cesa_ocf_cur_ses->frag_wa_encrypt; + cesa_cmd->sessionId = cesa_ocf_cur_ses->frag_wa_auth; + } + else if((encrypt) && !(cesa_ocf_cur_ses->encrypt_tn_auth)){ + cesa_cmd_wa->sessionId = cesa_ocf_cur_ses->frag_wa_auth; + cesa_cmd->sessionId = cesa_ocf_cur_ses->frag_wa_encrypt; + } + else { + printk("%s,%d: Unsupporterd fragment wa mode \n", __FILE__, __LINE__); + goto p_error; + } + + /* send the 2 actions to the HAL */ + spin_lock_irqsave(&cesa_lock, flags); + status = mvCesaAction(cesa_cmd_wa); + spin_unlock_irqrestore(&cesa_lock, flags); + + if((status != MV_NO_MORE) && (status != MV_OK)) { + printk("%s,%d: cesa action failed, status = 0x%x\n", __FILE__, __LINE__, status); + goto p_error; + } + spin_lock_irqsave(&cesa_lock, flags); + status = mvCesaAction(cesa_cmd); + spin_unlock_irqrestore(&cesa_lock, flags); + + } + /* action not allowed and can't split */ + else +#endif + { + goto p_error; + } + } + + /* Hal Q is full, send again. This should never happen */ + if(status == MV_NO_RESOURCE) { + printk("%s,%d: cesa no more resources \n", __FILE__, __LINE__); + if(cesa_ocf_cmd) + kfree(cesa_ocf_cmd); + if(cesa_ocf_cmd_wa) + kfree(cesa_ocf_cmd_wa); + return ERESTART; + } + else if((status != MV_NO_MORE) && (status != MV_OK)) { + printk("%s,%d: cesa action failed, status = 0x%x\n", __FILE__, __LINE__, status); + goto p_error; + } + + +#ifdef CESA_OCF_POLLING + cesa_interrupt_polling(); +#endif + cesaTestTraceAdd(5); + + return 0; +p_error: + crp->crp_etype = EINVAL; + if(cesa_ocf_cmd) + kfree(cesa_ocf_cmd); + if(cesa_ocf_cmd_wa) + kfree(cesa_ocf_cmd_wa); + return EINVAL; +} + +/* + * cesa callback. + */ +static void +cesa_callback(unsigned long dummy) +{ + struct cesa_ocf_process *cesa_ocf_cmd = NULL; + struct cryptop *crp = NULL; + MV_CESA_RESULT result[MV_CESA_MAX_CHAN]; + int res_idx = 0,i; + MV_STATUS status; + + dprintk("%s()\n", __FUNCTION__); + +#ifdef CESA_OCF_TASKLET + disable_irq(cesa_device.irq); +#endif + while(MV_TRUE) { + + /* Get Ready requests */ + spin_lock(&cesa_lock); + status = mvCesaReadyGet(&result[res_idx]); + spin_unlock(&cesa_lock); + + cesaTestTraceAdd(2); + + if(status != MV_OK) { +#ifdef CESA_OCF_POLLING + if(status == MV_BUSY) { /* Fragment */ + cesa_interrupt_polling(); + return; + } +#endif + break; + } + res_idx++; + break; + } + + for(i = 0; i < res_idx; i++) { + + if(!result[i].pReqPrv) { + printk("%s,%d: warning private is NULL\n", __FILE__, __LINE__); + break; + } + + cesa_ocf_cmd = result[i].pReqPrv; + crp = cesa_ocf_cmd->crp; + + // ignore HMAC error. + //if(result->retCode) + // crp->crp_etype = EIO; + +#if defined(CESA_OCF_POLLING) + if(!cesa_ocf_cmd->need_cb){ + cesa_interrupt_polling(); + } +#endif + if(cesa_ocf_cmd->need_cb) { + if(debug) { + mvCesaDebugMbuf("DST BUFFER", cesa_ocf_cmd->cesa_cmd.pDst, 0, cesa_ocf_cmd->cesa_cmd.pDst->mbufSize); + } + crypto_done(crp); + } + kfree(cesa_ocf_cmd); + } +#ifdef CESA_OCF_TASKLET + enable_irq(cesa_device.irq); +#endif + + cesaTestTraceAdd(3); + + return; +} + +#ifdef CESA_OCF_POLLING +static void +cesa_interrupt_polling(void) +{ + u32 cause; + + dprintk("%s()\n", __FUNCTION__); + + /* Read cause register */ + do { + cause = MV_REG_READ(MV_CESA_ISR_CAUSE_REG); + cause &= MV_CESA_CAUSE_ACC_DMA_ALL_MASK; + + } while (cause == 0); + + /* clear interrupts */ + MV_REG_WRITE(MV_CESA_ISR_CAUSE_REG, 0); + + cesa_callback(0); + + return; +} + +#endif + +/* + * cesa Interrupt polling routine. + */ +static irqreturn_t +cesa_interrupt_handler(int irq, void *arg) +{ + u32 cause; + + dprintk("%s()\n", __FUNCTION__); + + cesaTestTraceAdd(0); + + /* Read cause register */ + cause = MV_REG_READ(MV_CESA_ISR_CAUSE_REG); + + if( (cause & MV_CESA_CAUSE_ACC_DMA_ALL_MASK) == 0) + { + /* Empty interrupt */ + dprintk("%s,%d: cesaTestReadyIsr: cause=0x%x\n", __FILE__, __LINE__, cause); + return IRQ_HANDLED; + } + + /* clear interrupts */ + MV_REG_WRITE(MV_CESA_ISR_CAUSE_REG, 0); + + cesaTestTraceAdd(1); +#ifdef CESA_OCF_TASKLET + tasklet_hi_schedule(&cesa_ocf_tasklet); +#else + cesa_callback(0); +#endif + return IRQ_HANDLED; +} + +/* + * Open a session. + */ +static int +/*cesa_ocf_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri)*/ +cesa_ocf_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri) +{ + u32 status = 0, i; + u32 count = 0, auth = 0, encrypt =0; + struct cesa_ocf_data *cesa_ocf_cur_ses; + MV_CESA_OPEN_SESSION cesa_session; + MV_CESA_OPEN_SESSION *cesa_ses = &cesa_session; + + + dprintk("%s()\n", __FUNCTION__); + if (sid == NULL || cri == NULL) { + printk("%s,%d: EINVAL\n", __FILE__, __LINE__); + return EINVAL; + } + + /* leave first empty like in other implementations */ + for (i = 1; i < CESA_OCF_MAX_SES; i++) { + if (cesa_ocf_sessions[i] == NULL) + break; + } + + if(i >= CESA_OCF_MAX_SES) { + printk("%s,%d: no more sessions \n", __FILE__, __LINE__); + return EINVAL; + } + + cesa_ocf_sessions[i] = (struct cesa_ocf_data *) kmalloc(sizeof(struct cesa_ocf_data), GFP_ATOMIC); + if (cesa_ocf_sessions[i] == NULL) { + cesa_ocf_freesession(NULL, i); + printk("%s,%d: ENOBUFS \n", __FILE__, __LINE__); + return ENOBUFS; + } + dprintk("%s,%d: new session %d \n", __FILE__, __LINE__, i); + + *sid = i; + cesa_ocf_cur_ses = cesa_ocf_sessions[i]; + memset(cesa_ocf_cur_ses, 0, sizeof(struct cesa_ocf_data)); + cesa_ocf_cur_ses->sid_encrypt = -1; + cesa_ocf_cur_ses->sid_decrypt = -1; + cesa_ocf_cur_ses->frag_wa_encrypt = -1; + cesa_ocf_cur_ses->frag_wa_decrypt = -1; + cesa_ocf_cur_ses->frag_wa_auth = -1; + + /* init the session */ + memset(cesa_ses, 0, sizeof(MV_CESA_OPEN_SESSION)); + count = 1; + while (cri) { + if(count > 2) { + printk("%s,%d: don't support more then 2 operations\n", __FILE__, __LINE__); + goto error; + } + switch (cri->cri_alg) { + case CRYPTO_AES_CBC: + dprintk("%s,%d: (%d) AES CBC \n", __FILE__, __LINE__, count); + cesa_ocf_cur_ses->cipher_alg = cri->cri_alg; + cesa_ocf_cur_ses->ivlen = MV_CESA_AES_BLOCK_SIZE; + cesa_ses->cryptoAlgorithm = MV_CESA_CRYPTO_AES; + cesa_ses->cryptoMode = MV_CESA_CRYPTO_CBC; + if(cri->cri_klen/8 > MV_CESA_MAX_CRYPTO_KEY_LENGTH) { + printk("%s,%d: CRYPTO key too long.\n", __FILE__, __LINE__); + goto error; + } + memcpy(cesa_ses->cryptoKey, cri->cri_key, cri->cri_klen/8); + dprintk("%s,%d: key length %d \n", __FILE__, __LINE__, cri->cri_klen/8); + cesa_ses->cryptoKeyLength = cri->cri_klen/8; + encrypt += count; + break; + case CRYPTO_3DES_CBC: + dprintk("%s,%d: (%d) 3DES CBC \n", __FILE__, __LINE__, count); + cesa_ocf_cur_ses->cipher_alg = cri->cri_alg; + cesa_ocf_cur_ses->ivlen = MV_CESA_3DES_BLOCK_SIZE; + cesa_ses->cryptoAlgorithm = MV_CESA_CRYPTO_3DES; + cesa_ses->cryptoMode = MV_CESA_CRYPTO_CBC; + if(cri->cri_klen/8 > MV_CESA_MAX_CRYPTO_KEY_LENGTH) { + printk("%s,%d: CRYPTO key too long.\n", __FILE__, __LINE__); + goto error; + } + memcpy(cesa_ses->cryptoKey, cri->cri_key, cri->cri_klen/8); + cesa_ses->cryptoKeyLength = cri->cri_klen/8; + encrypt += count; + break; + case CRYPTO_DES_CBC: + dprintk("%s,%d: (%d) DES CBC \n", __FILE__, __LINE__, count); + cesa_ocf_cur_ses->cipher_alg = cri->cri_alg; + cesa_ocf_cur_ses->ivlen = MV_CESA_DES_BLOCK_SIZE; + cesa_ses->cryptoAlgorithm = MV_CESA_CRYPTO_DES; + cesa_ses->cryptoMode = MV_CESA_CRYPTO_CBC; + if(cri->cri_klen/8 > MV_CESA_MAX_CRYPTO_KEY_LENGTH) { + printk("%s,%d: CRYPTO key too long.\n", __FILE__, __LINE__); + goto error; + } + memcpy(cesa_ses->cryptoKey, cri->cri_key, cri->cri_klen/8); + cesa_ses->cryptoKeyLength = cri->cri_klen/8; + encrypt += count; + break; + case CRYPTO_MD5: + case CRYPTO_MD5_HMAC: + dprintk("%s,%d: (%d) %sMD5 CBC \n", __FILE__, __LINE__, count, (cri->cri_alg != CRYPTO_MD5)? "H-":" "); + cesa_ocf_cur_ses->auth_alg = cri->cri_alg; + cesa_ocf_cur_ses->digestlen = (cri->cri_alg == CRYPTO_MD5)? MV_CESA_MD5_DIGEST_SIZE : 12; + cesa_ses->macMode = (cri->cri_alg == CRYPTO_MD5)? MV_CESA_MAC_MD5 : MV_CESA_MAC_HMAC_MD5; + if(cri->cri_klen/8 > MV_CESA_MAX_CRYPTO_KEY_LENGTH) { + printk("%s,%d: MAC key too long. \n", __FILE__, __LINE__); + goto error; + } + cesa_ses->macKeyLength = cri->cri_klen/8; + memcpy(cesa_ses->macKey, cri->cri_key, cri->cri_klen/8); + cesa_ses->digestSize = cesa_ocf_cur_ses->digestlen; + auth += count; + break; + case CRYPTO_SHA1: + case CRYPTO_SHA1_HMAC: + dprintk("%s,%d: (%d) %sSHA1 CBC \n", __FILE__, __LINE__, count, (cri->cri_alg != CRYPTO_SHA1)? "H-":" "); + cesa_ocf_cur_ses->auth_alg = cri->cri_alg; + cesa_ocf_cur_ses->digestlen = (cri->cri_alg == CRYPTO_SHA1)? MV_CESA_SHA1_DIGEST_SIZE : 12; + cesa_ses->macMode = (cri->cri_alg == CRYPTO_SHA1)? MV_CESA_MAC_SHA1 : MV_CESA_MAC_HMAC_SHA1; + if(cri->cri_klen/8 > MV_CESA_MAX_CRYPTO_KEY_LENGTH) { + printk("%s,%d: MAC key too long. \n", __FILE__, __LINE__); + goto error; + } + cesa_ses->macKeyLength = cri->cri_klen/8; + memcpy(cesa_ses->macKey, cri->cri_key, cri->cri_klen/8); + cesa_ses->digestSize = cesa_ocf_cur_ses->digestlen; + auth += count; + break; + default: + printk("%s,%d: unknown algo 0x%x\n", __FILE__, __LINE__, cri->cri_alg); + goto error; + } + cri = cri->cri_next; + count++; + } + + if((encrypt > 2) || (auth > 2)) { + printk("%s,%d: session mode is not supported.\n", __FILE__, __LINE__); + goto error; + } + /* create new sessions in HAL */ + if(encrypt) { + cesa_ses->operation = MV_CESA_CRYPTO_ONLY; + /* encrypt session */ + if(auth == 1) { + cesa_ses->operation = MV_CESA_MAC_THEN_CRYPTO; + } + else if(auth == 2) { + cesa_ses->operation = MV_CESA_CRYPTO_THEN_MAC; + cesa_ocf_cur_ses->encrypt_tn_auth = 1; + } + else { + cesa_ses->operation = MV_CESA_CRYPTO_ONLY; + } + cesa_ses->direction = MV_CESA_DIR_ENCODE; + status = mvCesaSessionOpen(cesa_ses, &cesa_ocf_cur_ses->sid_encrypt); + if(status != MV_OK) { + printk("%s,%d: Can't open new session - status = 0x%x\n", __FILE__, __LINE__, status); + goto error; + } + /* decrypt session */ + if( cesa_ses->operation == MV_CESA_MAC_THEN_CRYPTO ) { + cesa_ses->operation = MV_CESA_CRYPTO_THEN_MAC; + } + else if( cesa_ses->operation == MV_CESA_CRYPTO_THEN_MAC ) { + cesa_ses->operation = MV_CESA_MAC_THEN_CRYPTO; + } + cesa_ses->direction = MV_CESA_DIR_DECODE; + status = mvCesaSessionOpen(cesa_ses, &cesa_ocf_cur_ses->sid_decrypt); + if(status != MV_OK) { + printk("%s,%d: Can't open new session - status = 0x%x\n", __FILE__, __LINE__, status); + goto error; + } + + /* preapre one action sessions for case we will need to split an action */ +#ifdef CESA_OCF_SPLIT + if(( cesa_ses->operation == MV_CESA_MAC_THEN_CRYPTO ) || + ( cesa_ses->operation == MV_CESA_CRYPTO_THEN_MAC )) { + /* open one session for encode and one for decode */ + cesa_ses->operation = MV_CESA_CRYPTO_ONLY; + cesa_ses->direction = MV_CESA_DIR_ENCODE; + status = mvCesaSessionOpen(cesa_ses, &cesa_ocf_cur_ses->frag_wa_encrypt); + if(status != MV_OK) { + printk("%s,%d: Can't open new session - status = 0x%x\n", __FILE__, __LINE__, status); + goto error; + } + + cesa_ses->direction = MV_CESA_DIR_DECODE; + status = mvCesaSessionOpen(cesa_ses, &cesa_ocf_cur_ses->frag_wa_decrypt); + if(status != MV_OK) { + printk("%s,%d: Can't open new session - status = 0x%x\n", __FILE__, __LINE__, status); + goto error; + } + /* open one session for auth */ + cesa_ses->operation = MV_CESA_MAC_ONLY; + cesa_ses->direction = MV_CESA_DIR_ENCODE; + status = mvCesaSessionOpen(cesa_ses, &cesa_ocf_cur_ses->frag_wa_auth); + if(status != MV_OK) { + printk("%s,%d: Can't open new session - status = 0x%x\n", __FILE__, __LINE__, status); + goto error; + } + } +#endif + } + else { /* only auth */ + cesa_ses->operation = MV_CESA_MAC_ONLY; + cesa_ses->direction = MV_CESA_DIR_ENCODE; + status = mvCesaSessionOpen(cesa_ses, &cesa_ocf_cur_ses->sid_encrypt); + if(status != MV_OK) { + printk("%s,%d: Can't open new session - status = 0x%x\n", __FILE__, __LINE__, status); + goto error; + } + } + + return 0; +error: + cesa_ocf_freesession(NULL, *sid); + return EINVAL; + +} + + +/* + * Free a session. + */ +static int +cesa_ocf_freesession(device_t dev, u_int64_t tid) +{ + struct cesa_ocf_data *cesa_ocf_cur_ses; + u_int32_t sid = CRYPTO_SESID2LID(tid); + //unsigned long flags; + + dprintk("%s() %d \n", __FUNCTION__, sid); + if ( (sid >= CESA_OCF_MAX_SES) || (cesa_ocf_sessions[sid] == NULL) ) { + printk("%s,%d: EINVAL can't free session %d \n", __FILE__, __LINE__, sid); + return(EINVAL); + } + + /* Silently accept and return */ + if (sid == 0) + return(0); + + /* release session from HAL */ + cesa_ocf_cur_ses = cesa_ocf_sessions[sid]; + if (cesa_ocf_cur_ses->sid_encrypt != -1) { + mvCesaSessionClose(cesa_ocf_cur_ses->sid_encrypt); + } + if (cesa_ocf_cur_ses->sid_decrypt != -1) { + mvCesaSessionClose(cesa_ocf_cur_ses->sid_decrypt); + } + if (cesa_ocf_cur_ses->frag_wa_encrypt != -1) { + mvCesaSessionClose(cesa_ocf_cur_ses->frag_wa_encrypt); + } + if (cesa_ocf_cur_ses->frag_wa_decrypt != -1) { + mvCesaSessionClose(cesa_ocf_cur_ses->frag_wa_decrypt); + } + if (cesa_ocf_cur_ses->frag_wa_auth != -1) { + mvCesaSessionClose(cesa_ocf_cur_ses->frag_wa_auth); + } + + kfree(cesa_ocf_cur_ses); + cesa_ocf_sessions[sid] = NULL; + + return 0; +} + + +/* TDMA Window setup */ + +static void __init +setup_tdma_mbus_windows(struct cesa_dev *dev) +{ + int i; + + for (i = 0; i < 4; i++) { + writel(0, dev->reg + WINDOW_BASE(i)); + writel(0, dev->reg + WINDOW_CTRL(i)); + } + + for (i = 0; i < dev->plat_data->dram->num_cs; i++) { + struct mbus_dram_window *cs = dev->plat_data->dram->cs + i; + writel( + ((cs->size - 1) & 0xffff0000) | + (cs->mbus_attr << 8) | + (dev->plat_data->dram->mbus_dram_target_id << 4) | 1, + dev->reg + WINDOW_CTRL(i) + ); + writel(cs->base, dev->reg + WINDOW_BASE(i)); + } +} + +/* + * our driver startup and shutdown routines + */ +static int +mv_cesa_ocf_init(struct platform_device *pdev) +{ +#if defined(CONFIG_MV78200) || defined(CONFIG_MV632X) + if (MV_FALSE == mvSocUnitIsMappedToThisCpu(CESA)) + { + dprintk("CESA is not mapped to this CPU\n"); + return -ENODEV; + } +#endif + + dprintk("%s\n", __FUNCTION__); + memset(&mv_cesa_dev, 0, sizeof(mv_cesa_dev)); + softc_device_init(&mv_cesa_dev, "MV CESA", 0, mv_cesa_methods); + cesa_ocf_id = crypto_get_driverid(softc_get_device(&mv_cesa_dev),CRYPTOCAP_F_HARDWARE); + + if (cesa_ocf_id < 0) + panic("MV CESA crypto device cannot initialize!"); + + dprintk("%s,%d: cesa ocf device id is %d \n", __FILE__, __LINE__, cesa_ocf_id); + + /* CESA unit is auto power on off */ +#if 0 + if (MV_FALSE == mvCtrlPwrClckGet(CESA_UNIT_ID,0)) + { + printk("\nWarning CESA %d is Powered Off\n",0); + return EINVAL; + } +#endif + + memset(&cesa_device, 0, sizeof(struct cesa_dev)); + /* Get the IRQ, and crypto memory regions */ + { + struct resource *res; + res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "sram"); + + if (!res) + return -ENXIO; + + cesa_device.sram = ioremap(res->start, res->end - res->start + 1); + res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "regs"); + + if (!res) { + iounmap(cesa_device.sram); + return -ENXIO; + } + cesa_device.reg = ioremap(res->start, res->end - res->start + 1); + cesa_device.irq = platform_get_irq(pdev, 0); + cesa_device.plat_data = pdev->dev.platform_data; + setup_tdma_mbus_windows(&cesa_device); + + } + + + if( MV_OK != mvCesaInit(CESA_OCF_MAX_SES*5, CESA_Q_SIZE, cesa_device.reg, + NULL) ) { + printk("%s,%d: mvCesaInit Failed. \n", __FILE__, __LINE__); + return EINVAL; + } + + /* clear and unmask Int */ + MV_REG_WRITE( MV_CESA_ISR_CAUSE_REG, 0); +#ifndef CESA_OCF_POLLING + MV_REG_WRITE( MV_CESA_ISR_MASK_REG, MV_CESA_CAUSE_ACC_DMA_MASK); +#endif +#ifdef CESA_OCF_TASKLET + tasklet_init(&cesa_ocf_tasklet, cesa_callback, (unsigned int) 0); +#endif + /* register interrupt */ + if( request_irq( cesa_device.irq, cesa_interrupt_handler, + (IRQF_DISABLED) , "cesa", &cesa_ocf_id) < 0) { + printk("%s,%d: cannot assign irq %x\n", __FILE__, __LINE__, cesa_device.reg); + return EINVAL; + } + + + memset(cesa_ocf_sessions, 0, sizeof(struct cesa_ocf_data *) * CESA_OCF_MAX_SES); + +#define REGISTER(alg) \ + crypto_register(cesa_ocf_id, alg, 0,0) + REGISTER(CRYPTO_AES_CBC); + REGISTER(CRYPTO_DES_CBC); + REGISTER(CRYPTO_3DES_CBC); + REGISTER(CRYPTO_MD5); + REGISTER(CRYPTO_MD5_HMAC); + REGISTER(CRYPTO_SHA1); + REGISTER(CRYPTO_SHA1_HMAC); +#undef REGISTER + + return 0; +} + +static void +mv_cesa_ocf_exit(struct platform_device *pdev) +{ + dprintk("%s()\n", __FUNCTION__); + + crypto_unregister_all(cesa_ocf_id); + cesa_ocf_id = -1; + iounmap(cesa_device.reg); + iounmap(cesa_device.sram); + free_irq(cesa_device.irq, NULL); + + /* mask and clear Int */ + MV_REG_WRITE( MV_CESA_ISR_MASK_REG, 0); + MV_REG_WRITE( MV_CESA_ISR_CAUSE_REG, 0); + + + if( MV_OK != mvCesaFinish() ) { + printk("%s,%d: mvCesaFinish Failed. \n", __FILE__, __LINE__); + return; + } +} + + +void cesa_ocf_debug(void) +{ + +#ifdef CESA_OCF_TRACE_DEBUG + { + int i, j; + j = cesaTestTraceIdx; + mvOsPrintf("No Type rCause iCause Proc Isr Res Time pReady pProc pEmpty\n"); + for(i=0; i= _1G) + { + mvOsOutput("%3dGB ", size / _1G); + size %= _1G; + if(size) + mvOsOutput("+"); + } + if(size >= _1M ) + { + mvOsOutput("%3dMB ", size / _1M); + size %= _1M; + if(size) + mvOsOutput("+"); + } + if(size >= _1K) + { + mvOsOutput("%3dKB ", size / _1K); + size %= _1K; + if(size) + mvOsOutput("+"); + } + if(size > 0) + { + mvOsOutput("%3dB ", size); + } +} + +/******************************************************************************* +* mvHexToBin - Convert hex to binary +* +* DESCRIPTION: +* This function Convert hex to binary. +* +* INPUT: +* pHexStr - hex buffer pointer. +* size - Size to convert. +* +* OUTPUT: +* pBin - Binary buffer pointer. +* +* RETURN: +* None. +* +*******************************************************************************/ +MV_VOID mvHexToBin(const char* pHexStr, MV_U8* pBin, int size) +{ + int j, i; + char tmp[3]; + MV_U8 byte; + + for(j=0, i=0; j> 1; + result++; + } + return result; +} + + diff -Naur linux-3.0.68.i686-orig/crypto/ocf/kirkwood/mvHal/common/mvCommon.h linux-3.0.68.i686/crypto/ocf/kirkwood/mvHal/common/mvCommon.h --- linux-3.0.68.i686-orig/crypto/ocf/kirkwood/mvHal/common/mvCommon.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/kirkwood/mvHal/common/mvCommon.h 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,308 @@ +/******************************************************************************* +Copyright (C) Marvell International Ltd. and its affiliates + +This software file (the "File") is owned and distributed by Marvell +International Ltd. and/or its affiliates ("Marvell") under the following +alternative licensing terms. Once you have made an election to distribute the +File under one of the following license alternatives, please (i) delete this +introductory statement regarding license alternatives, (ii) delete the two +license alternatives that you have not elected to use and (iii) preserve the +Marvell copyright notice above. + +******************************************************************************** +Marvell Commercial License Option + +If you received this File from Marvell and you have entered into a commercial +license agreement (a "Commercial License") with Marvell, the File is licensed +to you under the terms of the applicable Commercial License. + +******************************************************************************** +Marvell GPL License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File in accordance with the terms and conditions of the General +Public License Version 2, June 1991 (the "GPL License"), a copy of which is +available along with the File in the license.txt file or by writing to the Free +Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 or +on the worldwide web at http://www.gnu.org/licenses/gpl.txt. + +THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE IMPLIED +WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY +DISCLAIMED. The GPL License provides additional details about this warranty +disclaimer. +******************************************************************************** +Marvell BSD License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File under the following licensing terms. +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + * Neither the name of Marvell nor the names of its contributors may be + used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +*******************************************************************************/ + + + +#ifndef __INCmvCommonh +#define __INCmvCommonh + +#include "mvTypes.h" + +/* Swap tool */ + +/* 16bit nibble swap. For example 0x1234 -> 0x2143 */ +#define MV_NIBBLE_SWAP_16BIT(X) (((X&0xf) << 4) | \ + ((X&0xf0) >> 4) | \ + ((X&0xf00) << 4) | \ + ((X&0xf000) >> 4)) + +/* 32bit nibble swap. For example 0x12345678 -> 0x21436587 */ +#define MV_NIBBLE_SWAP_32BIT(X) (((X&0xf) << 4) | \ + ((X&0xf0) >> 4) | \ + ((X&0xf00) << 4) | \ + ((X&0xf000) >> 4) | \ + ((X&0xf0000) << 4) | \ + ((X&0xf00000) >> 4) | \ + ((X&0xf000000) << 4) | \ + ((X&0xf0000000) >> 4)) + +/* 16bit byte swap. For example 0x1122 -> 0x2211 */ +#define MV_BYTE_SWAP_16BIT(X) ((((X)&0xff)<<8) | (((X)&0xff00)>>8)) + +/* 32bit byte swap. For example 0x11223344 -> 0x44332211 */ +#define MV_BYTE_SWAP_32BIT(X) ((((X)&0xff)<<24) | \ + (((X)&0xff00)<<8) | \ + (((X)&0xff0000)>>8) | \ + (((X)&0xff000000)>>24)) + +/* 64bit byte swap. For example 0x11223344.55667788 -> 0x88776655.44332211 */ +#define MV_BYTE_SWAP_64BIT(X) ((l64) ((((X)&0xffULL)<<56) | \ + (((X)&0xff00ULL)<<40) | \ + (((X)&0xff0000ULL)<<24) | \ + (((X)&0xff000000ULL)<<8) | \ + (((X)&0xff00000000ULL)>>8) | \ + (((X)&0xff0000000000ULL)>>24) | \ + (((X)&0xff000000000000ULL)>>40) | \ + (((X)&0xff00000000000000ULL)>>56))) + +/* Endianess macros. */ +#if defined(MV_CPU_LE) + #define MV_16BIT_LE(X) (X) + #define MV_32BIT_LE(X) (X) + #define MV_64BIT_LE(X) (X) + #define MV_16BIT_BE(X) MV_BYTE_SWAP_16BIT(X) + #define MV_32BIT_BE(X) MV_BYTE_SWAP_32BIT(X) + #define MV_64BIT_BE(X) MV_BYTE_SWAP_64BIT(X) +#elif defined(MV_CPU_BE) + #define MV_16BIT_LE(X) MV_BYTE_SWAP_16BIT(X) + #define MV_32BIT_LE(X) MV_BYTE_SWAP_32BIT(X) + #define MV_64BIT_LE(X) MV_BYTE_SWAP_64BIT(X) + #define MV_16BIT_BE(X) (X) + #define MV_32BIT_BE(X) (X) + #define MV_64BIT_BE(X) (X) +#else + #error "CPU endianess isn't defined!\n" +#endif + + +/* Bit field definitions */ +#define NO_BIT 0x00000000 +#define BIT0 0x00000001 +#define BIT1 0x00000002 +#define BIT2 0x00000004 +#define BIT3 0x00000008 +#define BIT4 0x00000010 +#define BIT5 0x00000020 +#define BIT6 0x00000040 +#define BIT7 0x00000080 +#define BIT8 0x00000100 +#define BIT9 0x00000200 +#define BIT10 0x00000400 +#define BIT11 0x00000800 +#define BIT12 0x00001000 +#define BIT13 0x00002000 +#define BIT14 0x00004000 +#define BIT15 0x00008000 +#define BIT16 0x00010000 +#define BIT17 0x00020000 +#define BIT18 0x00040000 +#define BIT19 0x00080000 +#define BIT20 0x00100000 +#define BIT21 0x00200000 +#define BIT22 0x00400000 +#define BIT23 0x00800000 +#define BIT24 0x01000000 +#define BIT25 0x02000000 +#define BIT26 0x04000000 +#define BIT27 0x08000000 +#define BIT28 0x10000000 +#define BIT29 0x20000000 +#define BIT30 0x40000000 +#define BIT31 0x80000000 + +/* Handy sizes */ +#define _1K 0x00000400 +#define _2K 0x00000800 +#define _4K 0x00001000 +#define _8K 0x00002000 +#define _16K 0x00004000 +#define _32K 0x00008000 +#define _64K 0x00010000 +#define _128K 0x00020000 +#define _256K 0x00040000 +#define _512K 0x00080000 + +#define _1M 0x00100000 +#define _2M 0x00200000 +#define _4M 0x00400000 +#define _8M 0x00800000 +#define _16M 0x01000000 +#define _32M 0x02000000 +#define _64M 0x04000000 +#define _128M 0x08000000 +#define _256M 0x10000000 +#define _512M 0x20000000 + +#define _1G 0x40000000 +#define _2G 0x80000000 + +/* Tclock and Sys clock define */ +#define _100MHz 100000000 +#define _125MHz 125000000 +#define _133MHz 133333334 +#define _150MHz 150000000 +#define _160MHz 160000000 +#define _166MHz 166666667 +#define _175MHz 175000000 +#define _178MHz 178000000 +#define _183MHz 183333334 +#define _187MHz 187000000 +#define _192MHz 192000000 +#define _194MHz 194000000 +#define _200MHz 200000000 +#define _233MHz 233333334 +#define _250MHz 250000000 +#define _266MHz 266666667 +#define _300MHz 300000000 + +/* For better address window table readability */ +#define EN MV_TRUE +#define DIS MV_FALSE +#define N_A -1 /* Not applicable */ + +/* Cache configuration options for memory (DRAM, SRAM, ... ) */ + +/* Memory uncached, HW or SW cache coherency is not needed */ +#define MV_UNCACHED 0 +/* Memory cached, HW cache coherency supported in WriteThrough mode */ +#define MV_CACHE_COHER_HW_WT 1 +/* Memory cached, HW cache coherency supported in WriteBack mode */ +#define MV_CACHE_COHER_HW_WB 2 +/* Memory cached, No HW cache coherency, Cache coherency must be in SW */ +#define MV_CACHE_COHER_SW 3 + + +/* Macro for testing aligment. Positive if number is NOT aligned */ +#define MV_IS_NOT_ALIGN(number, align) ((number) & ((align) - 1)) + +/* Macro for alignment up. For example, MV_ALIGN_UP(0x0330, 0x20) = 0x0340 */ +#define MV_ALIGN_UP(number, align) \ +(((number) & ((align) - 1)) ? (((number) + (align)) & ~((align)-1)) : (number)) + +/* Macro for alignment down. For example, MV_ALIGN_UP(0x0330, 0x20) = 0x0320 */ +#define MV_ALIGN_DOWN(number, align) ((number) & ~((align)-1)) + +/* This macro returns absolute value */ +#define MV_ABS(number) (((int)(number) < 0) ? -(int)(number) : (int)(number)) + + +/* Bit fields manipulation macros */ + +/* An integer word which its 'x' bit is set */ +#define MV_BIT_MASK(bitNum) (1 << (bitNum) ) + +/* Checks wheter bit 'x' in integer word is set */ +#define MV_BIT_CHECK(word, bitNum) ( (word) & MV_BIT_MASK(bitNum) ) + +/* Clear (reset) bit 'x' in integer word (RMW - Read-Modify-Write) */ +#define MV_BIT_CLEAR(word, bitNum) ( (word) &= ~(MV_BIT_MASK(bitNum)) ) + +/* Set bit 'x' in integer word (RMW) */ +#define MV_BIT_SET(word, bitNum) ( (word) |= MV_BIT_MASK(bitNum) ) + +/* Invert bit 'x' in integer word (RMW) */ +#define MV_BIT_INV(word, bitNum) ( (word) ^= MV_BIT_MASK(bitNum) ) + +/* Get the min between 'a' or 'b' */ +#define MV_MIN(a,b) (((a) < (b)) ? (a) : (b)) + +/* Get the max between 'a' or 'b' */ +#define MV_MAX(a,b) (((a) < (b)) ? (b) : (a)) + +/* Temporary */ +#define mvOsDivide(num, div) \ +({ \ + int i=0, rem=(num); \ + \ + while(rem >= (div)) \ + { \ + rem -= (div); \ + i++; \ + } \ + (i); \ +}) + +/* Temporary */ +#define mvOsReminder(num, div) \ +({ \ + int rem = (num); \ + \ + while(rem >= (div)) \ + rem -= (div); \ + (rem); \ +}) + +#define MV_IP_QUAD(ipAddr) ((ipAddr >> 24) & 0xFF), ((ipAddr >> 16) & 0xFF), \ + ((ipAddr >> 8) & 0xFF), ((ipAddr >> 0) & 0xFF) + +#define MV_IS_POWER_OF_2(num) ((num != 0) && ((num & (num - 1)) == 0)) + +#ifndef MV_ASMLANGUAGE +/* mvCommon API list */ + +MV_VOID mvHexToBin(const char* pHexStr, MV_U8* pBin, int size); +void mvAsciiToHex(const char* asciiStr, char* hexStr); +void mvBinToHex(const MV_U8* bin, char* hexStr, int size); +void mvBinToAscii(const MV_U8* bin, char* asciiStr, int size); + +MV_STATUS mvMacStrToHex(const char* macStr, MV_U8* macHex); +MV_STATUS mvMacHexToStr(MV_U8* macHex, char* macStr); +void mvSizePrint(MV_U32); + +MV_U32 mvLog2(MV_U32 num); + +#endif /* MV_ASMLANGUAGE */ + + +#endif /* __INCmvCommonh */ diff -Naur linux-3.0.68.i686-orig/crypto/ocf/kirkwood/mvHal/common/mvCompVer.txt linux-3.0.68.i686/crypto/ocf/kirkwood/mvHal/common/mvCompVer.txt --- linux-3.0.68.i686-orig/crypto/ocf/kirkwood/mvHal/common/mvCompVer.txt 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/kirkwood/mvHal/common/mvCompVer.txt 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,4 @@ +Global HAL Version: FEROCEON_HAL_3_1_7 +Unit HAL Version: 3.1.4 +Description: This component includes an implementation of the unit HAL drivers + diff -Naur linux-3.0.68.i686-orig/crypto/ocf/kirkwood/mvHal/common/mvDebug.c linux-3.0.68.i686/crypto/ocf/kirkwood/mvHal/common/mvDebug.c --- linux-3.0.68.i686-orig/crypto/ocf/kirkwood/mvHal/common/mvDebug.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/kirkwood/mvHal/common/mvDebug.c 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,326 @@ +/******************************************************************************* +Copyright (C) Marvell International Ltd. and its affiliates + +This software file (the "File") is owned and distributed by Marvell +International Ltd. and/or its affiliates ("Marvell") under the following +alternative licensing terms. Once you have made an election to distribute the +File under one of the following license alternatives, please (i) delete this +introductory statement regarding license alternatives, (ii) delete the two +license alternatives that you have not elected to use and (iii) preserve the +Marvell copyright notice above. + +******************************************************************************** +Marvell Commercial License Option + +If you received this File from Marvell and you have entered into a commercial +license agreement (a "Commercial License") with Marvell, the File is licensed +to you under the terms of the applicable Commercial License. + +******************************************************************************** +Marvell GPL License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File in accordance with the terms and conditions of the General +Public License Version 2, June 1991 (the "GPL License"), a copy of which is +available along with the File in the license.txt file or by writing to the Free +Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 or +on the worldwide web at http://www.gnu.org/licenses/gpl.txt. + +THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE IMPLIED +WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY +DISCLAIMED. The GPL License provides additional details about this warranty +disclaimer. +******************************************************************************** +Marvell BSD License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File under the following licensing terms. +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + * Neither the name of Marvell nor the names of its contributors may be + used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +*******************************************************************************/ + + + +/* includes */ +#include "mvOs.h" +#include "mv802_3.h" +#include "mvCommon.h" +#include "mvDebug.h" + +/* Global variables effect on behave MV_DEBUG_PRINT and MV_DEBUG_CODE macros + * mvDebug - map of bits (one for each module) bit=1 means enable + * debug code and messages for this module + * mvModuleDebug - array of 32 bits varables one for each module + */ +MV_U32 mvDebug = 0; +MV_U32 mvDebugModules[MV_MODULE_MAX]; + +/* Init mvModuleDebug array to default values */ +void mvDebugInit(void) +{ + int bit; + + mvDebug = 0; + for(bit=0; bit 0) + { + mvOsPrintf("%08x: ", memAddr); + i = 0; + /* 32 bytes in the line */ + while(i < 32) + { + if(memAddr >= (MV_U32)addr) + { + switch(access) + { + case 1: + if( memAddr == CPU_PHY_MEM(memAddr) ) + { + mvOsPrintf("%02x ", MV_MEMIO8_READ(memAddr)); + } + else + { + mvOsPrintf("%02x ", *((MV_U8*)memAddr)); + } + break; + + case 2: + if( memAddr == CPU_PHY_MEM(memAddr) ) + { + mvOsPrintf("%04x ", MV_MEMIO16_READ(memAddr)); + } + else + { + mvOsPrintf("%04x ", *((MV_U16*)memAddr)); + } + break; + + case 4: + if( memAddr == CPU_PHY_MEM(memAddr) ) + { + mvOsPrintf("%08x ", MV_MEMIO32_READ(memAddr)); + } + else + { + mvOsPrintf("%08x ", *((MV_U32*)memAddr)); + } + break; + } + } + else + { + for(j=0; j<(access*2+1); j++) + mvOsPrintf(" "); + } + i += access; + memAddr += access; + size -= access; + if(size <= 0) + break; + } + mvOsPrintf("\n"); + } +} + +void mvDebugPrintBufInfo(BUF_INFO* pBufInfo, int size, int access) +{ + if(pBufInfo == NULL) + { + mvOsPrintf("\n!!! pBufInfo = NULL\n"); + return; + } + mvOsPrintf("\n*** pBufInfo=0x%x, cmdSts=0x%08x, pBuf=0x%x, bufSize=%d\n", + (unsigned int)pBufInfo, + (unsigned int)pBufInfo->cmdSts, + (unsigned int)pBufInfo->pBuff, + (unsigned int)pBufInfo->bufSize); + mvOsPrintf("pData=0x%x, byteCnt=%d, pNext=0x%x, uInfo1=0x%x, uInfo2=0x%x\n", + (unsigned int)pBufInfo->pData, + (unsigned int)pBufInfo->byteCnt, + (unsigned int)pBufInfo->pNextBufInfo, + (unsigned int)pBufInfo->userInfo1, + (unsigned int)pBufInfo->userInfo2); + if(pBufInfo->pData != NULL) + { + if(size > pBufInfo->byteCnt) + size = pBufInfo->byteCnt; + mvDebugMemDump(pBufInfo->pData, size, access); + } +} + +void mvDebugPrintPktInfo(MV_PKT_INFO* pPktInfo, int size, int access) +{ + int frag, len; + + if(pPktInfo == NULL) + { + mvOsPrintf("\n!!! pPktInfo = NULL\n"); + return; + } + mvOsPrintf("\npPkt=%p, stat=0x%08x, numFr=%d, size=%d, pFr=%p, osInfo=0x%lx\n", + pPktInfo, pPktInfo->status, pPktInfo->numFrags, pPktInfo->pktSize, + pPktInfo->pFrags, pPktInfo->osInfo); + + for(frag=0; fragnumFrags; frag++) + { + mvOsPrintf("#%2d. bufVirt=%p, bufSize=%d\n", + frag, pPktInfo->pFrags[frag].bufVirtPtr, + pPktInfo->pFrags[frag].bufSize); + if(size > 0) + { + len = MV_MIN((int)pPktInfo->pFrags[frag].bufSize, size); + mvDebugMemDump(pPktInfo->pFrags[frag].bufVirtPtr, len, access); + size -= len; + } + } + +} + +void mvDebugPrintIpAddr(MV_U32 ipAddr) +{ + mvOsPrintf("%d.%d.%d.%d", ((ipAddr >> 24) & 0xFF), ((ipAddr >> 16) & 0xFF), + ((ipAddr >> 8) & 0xFF), ((ipAddr >> 0) & 0xFF)); +} + +void mvDebugPrintMacAddr(const MV_U8* pMacAddr) +{ + int i; + + mvOsPrintf("%02x", (unsigned int)pMacAddr[0]); + for(i=1; ibegin = 0; + pTimeEntry->count = count; + pTimeEntry->end = 0; + pTimeEntry->left = pTimeEntry->count; + pTimeEntry->total = 0; + pTimeEntry->min = 0xFFFFFFFF; + pTimeEntry->max = 0x0; + strncpy(pTimeEntry->name, pName, sizeof(pTimeEntry->name)-1); + pTimeEntry->name[sizeof(pTimeEntry->name)-1] = '\0'; +} + +/* Print out MV_DEBUG_TIMES entry */ +void mvDebugPrintTimeEntry(MV_DEBUG_TIMES* pTimeEntry, MV_BOOL isTitle) +{ + int num; + + if(isTitle == MV_TRUE) + mvOsPrintf("Event NumOfEvents TotalTime Average Min Max\n"); + + num = pTimeEntry->count-pTimeEntry->left; + if(num > 0) + { + mvOsPrintf("%-11s %6u 0x%08lx %6lu %6lu %6lu\n", + pTimeEntry->name, num, pTimeEntry->total, pTimeEntry->total/num, + pTimeEntry->min, pTimeEntry->max); + } +} + +/* Update MV_DEBUG_TIMES entry */ +void mvDebugUpdateTimeEntry(MV_DEBUG_TIMES* pTimeEntry) +{ + MV_U32 delta; + + if(pTimeEntry->left > 0) + { + if(pTimeEntry->end <= pTimeEntry->begin) + { + delta = pTimeEntry->begin - pTimeEntry->end; + } + else + { + delta = ((MV_U32)0x10000 - pTimeEntry->end) + pTimeEntry->begin; + } + pTimeEntry->total += delta; + + if(delta < pTimeEntry->min) + pTimeEntry->min = delta; + + if(delta > pTimeEntry->max) + pTimeEntry->max = delta; + + pTimeEntry->left--; + } +} + diff -Naur linux-3.0.68.i686-orig/crypto/ocf/kirkwood/mvHal/common/mvDebug.h linux-3.0.68.i686/crypto/ocf/kirkwood/mvHal/common/mvDebug.h --- linux-3.0.68.i686-orig/crypto/ocf/kirkwood/mvHal/common/mvDebug.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-3.0.68.i686/crypto/ocf/kirkwood/mvHal/common/mvDebug.h 2012-01-26 20:04:28.000000000 -0500 @@ -0,0 +1,178 @@ +/******************************************************************************* +Copyright (C) Marvell International Ltd. and its affiliates + +This software file (the "File") is owned and distributed by Marvell +International Ltd. and/or its affiliates ("Marvell") under the following +alternative licensing terms. Once you have made an election to distribute the +File under one of the following license alternatives, please (i) delete this +introductory statement regarding license alternatives, (ii) delete the two +license alternatives that you have not elected to use and (iii) preserve the +Marvell copyright notice above. + +******************************************************************************** +Marvell Commercial License Option + +If you received this File from Marvell and you have entered into a commercial +license agreement (a "Commercial License") with Marvell, the File is licensed +to you under the terms of the applicable Commercial License. + +******************************************************************************** +Marvell GPL License Option + +If you received this File from Marvell, you may opt to use, redistribute and/or +modify this File in accordance with the ter