/*-
 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
 *
 * Copyright (c) 2020, 2021 Rubicon Communications, LLC (Netgate)
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");

#include <sys/param.h>
#include <sys/bus.h>
#include <sys/counter.h>
#include <sys/endian.h>
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/module.h>
#include <sys/mutex.h>
#include <sys/rman.h>
#include <sys/smp.h>
#include <sys/sglist.h>
#include <sys/sysctl.h>

#include <machine/atomic.h>
#include <machine/bus.h>

#include <crypto/rijndael/rijndael.h>
#include <opencrypto/cryptodev.h>
#include <opencrypto/xform.h>

#include <dev/ofw/ofw_bus.h>
#include <dev/ofw/ofw_bus_subr.h>

#include "cryptodev_if.h"

#include "safexcel_reg.h"
#include "safexcel_var.h"

/*
 * We only support the EIP97 for now.
 */
static struct ofw_compat_data safexcel_compat[] = {
	{ "inside-secure,safexcel-eip97ies",	(uintptr_t)97 },
	{ "inside-secure,safexcel-eip97",	(uintptr_t)97 },
	{ NULL,					0 }
};

const struct safexcel_reg_offsets eip97_regs_offset = {
	.hia_aic	= SAFEXCEL_EIP97_HIA_AIC_BASE,
	.hia_aic_g	= SAFEXCEL_EIP97_HIA_AIC_G_BASE,
	.hia_aic_r	= SAFEXCEL_EIP97_HIA_AIC_R_BASE,
	.hia_aic_xdr	= SAFEXCEL_EIP97_HIA_AIC_xDR_BASE,
	.hia_dfe	= SAFEXCEL_EIP97_HIA_DFE_BASE,
	.hia_dfe_thr	= SAFEXCEL_EIP97_HIA_DFE_THR_BASE,
	.hia_dse	= SAFEXCEL_EIP97_HIA_DSE_BASE,
	.hia_dse_thr	= SAFEXCEL_EIP97_HIA_DSE_THR_BASE,
	.hia_gen_cfg	= SAFEXCEL_EIP97_HIA_GEN_CFG_BASE,
	.pe		= SAFEXCEL_EIP97_PE_BASE,
};

const struct safexcel_reg_offsets eip197_regs_offset = {
	.hia_aic	= SAFEXCEL_EIP197_HIA_AIC_BASE,
	.hia_aic_g	= SAFEXCEL_EIP197_HIA_AIC_G_BASE,
	.hia_aic_r	= SAFEXCEL_EIP197_HIA_AIC_R_BASE,
	.hia_aic_xdr	= SAFEXCEL_EIP197_HIA_AIC_xDR_BASE,
	.hia_dfe	= SAFEXCEL_EIP197_HIA_DFE_BASE,
	.hia_dfe_thr	= SAFEXCEL_EIP197_HIA_DFE_THR_BASE,
	.hia_dse	= SAFEXCEL_EIP197_HIA_DSE_BASE,
	.hia_dse_thr	= SAFEXCEL_EIP197_HIA_DSE_THR_BASE,
	.hia_gen_cfg	= SAFEXCEL_EIP197_HIA_GEN_CFG_BASE,
	.pe		= SAFEXCEL_EIP197_PE_BASE,
};

static struct safexcel_request *
safexcel_next_request(struct safexcel_ring *ring)
{
	int i;

	i = ring->cdr.read;
	KASSERT(i >= 0 && i < SAFEXCEL_RING_SIZE,
	    ("%s: out of bounds request index %d", __func__, i));
	return (&ring->requests[i]);
}

static struct safexcel_cmd_descr *
safexcel_cmd_descr_next(struct safexcel_cmd_descr_ring *ring)
{
	struct safexcel_cmd_descr *cdesc;

	if (ring->write == ring->read)
		return (NULL);
	cdesc = &ring->desc[ring->read];
	ring->read = (ring->read + 1) % SAFEXCEL_RING_SIZE;
	return (cdesc);
}

static struct safexcel_res_descr *
safexcel_res_descr_next(struct safexcel_res_descr_ring *ring)
{
	struct safexcel_res_descr *rdesc;

	if (ring->write == ring->read)
		return (NULL);
	rdesc = &ring->desc[ring->read];
	ring->read = (ring->read + 1) % SAFEXCEL_RING_SIZE;
	return (rdesc);
}

static struct safexcel_request *
safexcel_alloc_request(struct safexcel_softc *sc, struct safexcel_ring *ring)
{
	int i;

	mtx_assert(&ring->mtx, MA_OWNED);

	i = ring->cdr.write;
	if ((i + 1) % SAFEXCEL_RING_SIZE == ring->cdr.read)
		return (NULL);
	return (&ring->requests[i]);
}

static void
safexcel_free_request(struct safexcel_ring *ring, struct safexcel_request *req)
{
	struct safexcel_context_record *ctx;

	mtx_assert(&ring->mtx, MA_OWNED);

	if (req->dmap_loaded) {
		bus_dmamap_unload(ring->data_dtag, req->dmap);
		req->dmap_loaded = false;
	}
	ctx = (struct safexcel_context_record *)req->ctx.vaddr;
	explicit_bzero(ctx->data, sizeof(ctx->data));
	explicit_bzero(req->iv, sizeof(req->iv));
}

static void
safexcel_rdr_intr(struct safexcel_softc *sc, int ringidx)
{
	TAILQ_HEAD(, cryptop) cq;
	struct cryptop *crp, *tmp;
	struct safexcel_cmd_descr *cdesc;
	struct safexcel_res_descr *rdesc;
	struct safexcel_request *req;
	struct safexcel_ring *ring;
	uint32_t blocked, error, i, ncdescs, nrdescs, nreqs;

	blocked = 0;
	ring = &sc->sc_ring[ringidx];

	nreqs = SAFEXCEL_READ(sc,
	    SAFEXCEL_HIA_RDR(sc, ringidx) + SAFEXCEL_HIA_xDR_PROC_COUNT);
	nreqs >>= SAFEXCEL_xDR_PROC_xD_PKT_OFFSET;
	nreqs &= SAFEXCEL_xDR_PROC_xD_PKT_MASK;
	if (nreqs == 0) {
		SAFEXCEL_DPRINTF(sc, 1,
		    "zero pending requests on ring %d\n", ringidx);
		mtx_lock(&ring->mtx);
		goto out;
	}

	TAILQ_INIT(&cq);

	ring = &sc->sc_ring[ringidx];
	bus_dmamap_sync(ring->rdr.dma.tag, ring->rdr.dma.map,
	    BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
	bus_dmamap_sync(ring->cdr.dma.tag, ring->cdr.dma.map,
	    BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
	bus_dmamap_sync(ring->dma_atok.tag, ring->dma_atok.map,
	    BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);

	ncdescs = nrdescs = 0;
	for (i = 0; i < nreqs; i++) {
		req = safexcel_next_request(ring);

		bus_dmamap_sync(req->ctx.tag, req->ctx.map,
		    BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
		bus_dmamap_sync(ring->data_dtag, req->dmap,
		    BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);

		ncdescs += req->cdescs;
		while (req->cdescs-- > 0) {
			cdesc = safexcel_cmd_descr_next(&ring->cdr);
			KASSERT(cdesc != NULL,
			    ("%s: missing control descriptor", __func__));
			if (req->cdescs == 0)
				KASSERT(cdesc->last_seg,
				    ("%s: chain is not terminated", __func__));
		}
		nrdescs += req->rdescs;
		while (req->rdescs-- > 0) {
			rdesc = safexcel_res_descr_next(&ring->rdr);
			error = rdesc->result_data.error_code;
			if (error != 0) {
				if (error == SAFEXCEL_RESULT_ERR_AUTH_FAILED &&
				    req->crp->crp_etype == 0) {
					req->crp->crp_etype = EBADMSG;
				} else {
					SAFEXCEL_DPRINTF(sc, 1,
					    "error code %#x\n", error);
					req->crp->crp_etype = EIO;
				}
			}
		}

		TAILQ_INSERT_TAIL(&cq, req->crp, crp_next);
	}

	mtx_lock(&ring->mtx);
	if (nreqs != 0) {
		KASSERT(ring->queued >= nreqs,
		    ("%s: request count underflow, %d queued %d completed",
		    __func__, ring->queued, nreqs));
		ring->queued -= nreqs;

		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, ringidx) + SAFEXCEL_HIA_xDR_PROC_COUNT,
		    SAFEXCEL_xDR_PROC_xD_PKT(nreqs) |
		    (sc->sc_config.rd_offset * nrdescs * sizeof(uint32_t)));
		blocked = ring->blocked;
		ring->blocked = 0;
	}
out:
	if (ring->queued != 0) {
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, ringidx) + SAFEXCEL_HIA_xDR_THRESH,
		    SAFEXCEL_HIA_CDR_THRESH_PKT_MODE | imin(ring->queued, 16));
	}
	mtx_unlock(&ring->mtx);

	if (blocked)
		crypto_unblock(sc->sc_cid, blocked);

	TAILQ_FOREACH_SAFE(crp, &cq, crp_next, tmp)
		crypto_done(crp);
}

static void
safexcel_ring_intr(void *arg)
{
	struct safexcel_softc *sc;
	struct safexcel_intr_handle *ih;
	uint32_t status, stat;
	int ring;
	bool rdrpending;

	ih = arg;
	sc = ih->sc;
	ring = ih->ring;

	status = SAFEXCEL_READ(sc, SAFEXCEL_HIA_AIC_R(sc) +
	    SAFEXCEL_HIA_AIC_R_ENABLED_STAT(ring));
	/* CDR interrupts */
	if (status & SAFEXCEL_CDR_IRQ(ring)) {
		stat = SAFEXCEL_READ(sc,
		    SAFEXCEL_HIA_CDR(sc, ring) + SAFEXCEL_HIA_xDR_STAT);
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_CDR(sc, ring) + SAFEXCEL_HIA_xDR_STAT,
		    stat & SAFEXCEL_CDR_INTR_MASK);
	}
	/* RDR interrupts */
	rdrpending = false;
	if (status & SAFEXCEL_RDR_IRQ(ring)) {
		stat = SAFEXCEL_READ(sc,
		    SAFEXCEL_HIA_RDR(sc, ring) + SAFEXCEL_HIA_xDR_STAT);
		if ((stat & SAFEXCEL_xDR_ERR) == 0)
			rdrpending = true;
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, ring) + SAFEXCEL_HIA_xDR_STAT,
		    stat & SAFEXCEL_RDR_INTR_MASK);
	}
	SAFEXCEL_WRITE(sc,
	    SAFEXCEL_HIA_AIC_R(sc) + SAFEXCEL_HIA_AIC_R_ACK(ring),
	    status);

	if (rdrpending)
		safexcel_rdr_intr(sc, ring);
}

static int
safexcel_configure(struct safexcel_softc *sc)
{
	uint32_t i, mask, pemask, reg;
	device_t dev;

	if (sc->sc_type == 197) {
		sc->sc_offsets = eip197_regs_offset;
		pemask = SAFEXCEL_N_PES_MASK;
	} else {
		sc->sc_offsets = eip97_regs_offset;
		pemask = EIP97_N_PES_MASK;
	}

	dev = sc->sc_dev;

	/* Scan for valid ring interrupt controllers. */
	for (i = 0; i < SAFEXCEL_MAX_RING_AIC; i++) {
		reg = SAFEXCEL_READ(sc, SAFEXCEL_HIA_AIC_R(sc) +
		    SAFEXCEL_HIA_AIC_R_VERSION(i));
		if (SAFEXCEL_REG_LO16(reg) != EIP201_VERSION_LE)
			break;
	}
	sc->sc_config.aic_rings = i;
	if (sc->sc_config.aic_rings == 0)
		return (-1);

	reg = SAFEXCEL_READ(sc, SAFEXCEL_HIA_AIC_G(sc) + SAFEXCEL_HIA_OPTIONS);
	/* Check for 64bit addressing. */
	if ((reg & SAFEXCEL_OPT_ADDR_64) == 0)
		return (-1);
	/* Check alignment constraints (which we do not support). */
	if (((reg & SAFEXCEL_OPT_TGT_ALIGN_MASK) >>
	    SAFEXCEL_OPT_TGT_ALIGN_OFFSET) != 0)
		return (-1);

	sc->sc_config.hdw =
	    (reg & SAFEXCEL_xDR_HDW_MASK) >> SAFEXCEL_xDR_HDW_OFFSET;
	mask = (1 << sc->sc_config.hdw) - 1;

	sc->sc_config.rings = reg & SAFEXCEL_N_RINGS_MASK;
	/* Limit the number of rings to the number of the AIC Rings. */
	sc->sc_config.rings = MIN(sc->sc_config.rings, sc->sc_config.aic_rings);

	sc->sc_config.pes = (reg & pemask) >> SAFEXCEL_N_PES_OFFSET;

	sc->sc_config.cd_size =
	    sizeof(struct safexcel_cmd_descr) / sizeof(uint32_t);
	sc->sc_config.cd_offset = (sc->sc_config.cd_size + mask) & ~mask;

	sc->sc_config.rd_size =
	    sizeof(struct safexcel_res_descr) / sizeof(uint32_t);
	sc->sc_config.rd_offset = (sc->sc_config.rd_size + mask) & ~mask;

	sc->sc_config.atok_offset =
	    (SAFEXCEL_MAX_ATOKENS * sizeof(struct safexcel_instr) + mask) &
	    ~mask;

	return (0);
}

static void
safexcel_init_hia_bus_access(struct safexcel_softc *sc)
{
	uint32_t version, val;

	/* Determine endianness and configure byte swap. */
	version = SAFEXCEL_READ(sc,
	    SAFEXCEL_HIA_AIC(sc) + SAFEXCEL_HIA_VERSION);
	val = SAFEXCEL_READ(sc, SAFEXCEL_HIA_AIC(sc) + SAFEXCEL_HIA_MST_CTRL);
	if (SAFEXCEL_REG_HI16(version) == SAFEXCEL_HIA_VERSION_BE) {
		val = SAFEXCEL_READ(sc,
		    SAFEXCEL_HIA_AIC(sc) + SAFEXCEL_HIA_MST_CTRL);
		val = val ^ (SAFEXCEL_MST_CTRL_NO_BYTE_SWAP >> 24);
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_AIC(sc) + SAFEXCEL_HIA_MST_CTRL,
		    val);
	}

	/* Configure wr/rd cache values. */
	SAFEXCEL_WRITE(sc, SAFEXCEL_HIA_GEN_CFG(sc) + SAFEXCEL_HIA_MST_CTRL,
	    SAFEXCEL_MST_CTRL_RD_CACHE(RD_CACHE_4BITS) |
	    SAFEXCEL_MST_CTRL_WD_CACHE(WR_CACHE_4BITS));
}

static void
safexcel_disable_global_interrupts(struct safexcel_softc *sc)
{
	/* Disable and clear pending interrupts. */
	SAFEXCEL_WRITE(sc,
	    SAFEXCEL_HIA_AIC_G(sc) + SAFEXCEL_HIA_AIC_G_ENABLE_CTRL, 0);
	SAFEXCEL_WRITE(sc,
	    SAFEXCEL_HIA_AIC_G(sc) + SAFEXCEL_HIA_AIC_G_ACK,
	    SAFEXCEL_AIC_G_ACK_ALL_MASK);
}

/*
 * Configure the data fetch engine.  This component parses command descriptors
 * and sets up DMA transfers from host memory to the corresponding processing
 * engine.
 */
static void
safexcel_configure_dfe_engine(struct safexcel_softc *sc, int pe)
{
	/* Reset all DFE threads. */
	SAFEXCEL_WRITE(sc,
	    SAFEXCEL_HIA_DFE_THR(sc) + SAFEXCEL_HIA_DFE_THR_CTRL(pe),
	    SAFEXCEL_DxE_THR_CTRL_RESET_PE);

	/* Deassert the DFE reset. */
	SAFEXCEL_WRITE(sc,
	    SAFEXCEL_HIA_DFE_THR(sc) + SAFEXCEL_HIA_DFE_THR_CTRL(pe), 0);

	/* DMA transfer size to use. */
	SAFEXCEL_WRITE(sc, SAFEXCEL_HIA_DFE(sc) + SAFEXCEL_HIA_DFE_CFG(pe),
	    SAFEXCEL_HIA_DFE_CFG_DIS_DEBUG |
	    SAFEXCEL_HIA_DxE_CFG_MIN_DATA_SIZE(6) |
	    SAFEXCEL_HIA_DxE_CFG_MAX_DATA_SIZE(9) |
	    SAFEXCEL_HIA_DxE_CFG_MIN_CTRL_SIZE(6) |
	    SAFEXCEL_HIA_DxE_CFG_MAX_CTRL_SIZE(7) |
	    SAFEXCEL_HIA_DxE_CFG_DATA_CACHE_CTRL(RD_CACHE_3BITS) |
	    SAFEXCEL_HIA_DxE_CFG_CTRL_CACHE_CTRL(RD_CACHE_3BITS));

	/* Configure the PE DMA transfer thresholds. */
	SAFEXCEL_WRITE(sc, SAFEXCEL_PE(sc) + SAFEXCEL_PE_IN_DBUF_THRES(pe),
	    SAFEXCEL_PE_IN_xBUF_THRES_MIN(6) |
	    SAFEXCEL_PE_IN_xBUF_THRES_MAX(9));
	SAFEXCEL_WRITE(sc, SAFEXCEL_PE(sc) + SAFEXCEL_PE_IN_TBUF_THRES(pe),
	    SAFEXCEL_PE_IN_xBUF_THRES_MIN(6) |
	    SAFEXCEL_PE_IN_xBUF_THRES_MAX(7));
}

/*
 * Configure the data store engine.  This component parses result descriptors
 * and sets up DMA transfers from the processing engine to host memory.
 */
static int
safexcel_configure_dse(struct safexcel_softc *sc, int pe)
{
	uint32_t val;
	int count;

	/* Disable and reset all DSE threads. */
	SAFEXCEL_WRITE(sc,
	    SAFEXCEL_HIA_DSE_THR(sc) + SAFEXCEL_HIA_DSE_THR_CTRL(pe),
	    SAFEXCEL_DxE_THR_CTRL_RESET_PE);

	/* Wait for a second for threads to go idle. */
	for (count = 0;;) {
		val = SAFEXCEL_READ(sc,
		    SAFEXCEL_HIA_DSE_THR(sc) + SAFEXCEL_HIA_DSE_THR_STAT(pe));
		if ((val & SAFEXCEL_DSE_THR_RDR_ID_MASK) ==
		    SAFEXCEL_DSE_THR_RDR_ID_MASK)
			break;
		if (count++ > 10000) {
			device_printf(sc->sc_dev, "DSE reset timeout\n");
			return (-1);
		}
		DELAY(100);
	}

	/* Exit the reset state. */
	SAFEXCEL_WRITE(sc,
	    SAFEXCEL_HIA_DSE_THR(sc) + SAFEXCEL_HIA_DSE_THR_CTRL(pe), 0);

	/* DMA transfer size to use */
	SAFEXCEL_WRITE(sc, SAFEXCEL_HIA_DSE(sc) + SAFEXCEL_HIA_DSE_CFG(pe),
	    SAFEXCEL_HIA_DSE_CFG_DIS_DEBUG |
	    SAFEXCEL_HIA_DxE_CFG_MIN_DATA_SIZE(7) |
	    SAFEXCEL_HIA_DxE_CFG_MAX_DATA_SIZE(8) |
	    SAFEXCEL_HIA_DxE_CFG_DATA_CACHE_CTRL(WR_CACHE_3BITS) |
	    SAFEXCEL_HIA_DSE_CFG_ALLWAYS_BUFFERABLE);

	/* Configure the procesing engine thresholds */
	SAFEXCEL_WRITE(sc,
	    SAFEXCEL_PE(sc) + SAFEXCEL_PE_OUT_DBUF_THRES(pe),
	    SAFEXCEL_PE_OUT_DBUF_THRES_MIN(7) |
	    SAFEXCEL_PE_OUT_DBUF_THRES_MAX(8));

	return (0);
}

static void
safexcel_hw_prepare_rings(struct safexcel_softc *sc)
{
	int i;

	for (i = 0; i < sc->sc_config.rings; i++) {
		/*
		 * Command descriptors.
		 */

		/* Clear interrupts for this ring. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_AIC_R(sc) + SAFEXCEL_HIA_AIC_R_ENABLE_CLR(i),
		    SAFEXCEL_HIA_AIC_R_ENABLE_CLR_ALL_MASK);

		/* Disable external triggering. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_CDR(sc, i) + SAFEXCEL_HIA_xDR_CFG, 0);

		/* Clear the pending prepared counter. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_CDR(sc, i) + SAFEXCEL_HIA_xDR_PREP_COUNT,
		    SAFEXCEL_xDR_PREP_CLR_COUNT);

		/* Clear the pending processed counter. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_CDR(sc, i) + SAFEXCEL_HIA_xDR_PROC_COUNT,
		    SAFEXCEL_xDR_PROC_CLR_COUNT);

		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_CDR(sc, i) + SAFEXCEL_HIA_xDR_PREP_PNTR, 0);
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_CDR(sc, i) + SAFEXCEL_HIA_xDR_PROC_PNTR, 0);

		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_CDR(sc, i) + SAFEXCEL_HIA_xDR_RING_SIZE,
		    SAFEXCEL_RING_SIZE * sc->sc_config.cd_offset *
		    sizeof(uint32_t));

		/*
		 * Result descriptors.
		 */

		/* Disable external triggering. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, i) + SAFEXCEL_HIA_xDR_CFG, 0);

		/* Clear the pending prepared counter. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, i) + SAFEXCEL_HIA_xDR_PREP_COUNT,
		    SAFEXCEL_xDR_PREP_CLR_COUNT);

		/* Clear the pending processed counter. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, i) + SAFEXCEL_HIA_xDR_PROC_COUNT,
		    SAFEXCEL_xDR_PROC_CLR_COUNT);

		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, i) + SAFEXCEL_HIA_xDR_PREP_PNTR, 0);
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, i) + SAFEXCEL_HIA_xDR_PROC_PNTR, 0);

		/* Ring size. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, i) + SAFEXCEL_HIA_xDR_RING_SIZE,
		    SAFEXCEL_RING_SIZE * sc->sc_config.rd_offset *
		    sizeof(uint32_t));
	}
}

static void
safexcel_hw_setup_rings(struct safexcel_softc *sc)
{
	struct safexcel_ring *ring;
	uint32_t cd_size_rnd, mask, rd_size_rnd, val;
	int i;

	mask = (1 << sc->sc_config.hdw) - 1;
	cd_size_rnd = (sc->sc_config.cd_size + mask) >> sc->sc_config.hdw;
	val = (sizeof(struct safexcel_res_descr) -
	    sizeof(struct safexcel_res_data)) / sizeof(uint32_t);
	rd_size_rnd = (val + mask) >> sc->sc_config.hdw;

	for (i = 0; i < sc->sc_config.rings; i++) {
		ring = &sc->sc_ring[i];

		/*
		 * Command descriptors.
		 */

		/* Ring base address. */
		SAFEXCEL_WRITE(sc, SAFEXCEL_HIA_CDR(sc, i) +
		    SAFEXCEL_HIA_xDR_RING_BASE_ADDR_LO,
		    SAFEXCEL_ADDR_LO(ring->cdr.dma.paddr));
		SAFEXCEL_WRITE(sc, SAFEXCEL_HIA_CDR(sc, i) +
		    SAFEXCEL_HIA_xDR_RING_BASE_ADDR_HI,
		    SAFEXCEL_ADDR_HI(ring->cdr.dma.paddr));

		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_CDR(sc, i) + SAFEXCEL_HIA_xDR_DESC_SIZE,
		    SAFEXCEL_xDR_DESC_MODE_64BIT | SAFEXCEL_CDR_DESC_MODE_ADCP |
		    (sc->sc_config.cd_offset << SAFEXCEL_xDR_DESC_xD_OFFSET) |
		    sc->sc_config.cd_size);

		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_CDR(sc, i) + SAFEXCEL_HIA_xDR_CFG,
		    ((SAFEXCEL_FETCH_COUNT * (cd_size_rnd << sc->sc_config.hdw)) <<
		      SAFEXCEL_xDR_xD_FETCH_THRESH) |
		    (SAFEXCEL_FETCH_COUNT * sc->sc_config.cd_offset));

		/* Configure DMA tx control. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_CDR(sc, i) + SAFEXCEL_HIA_xDR_DMA_CFG,
		    SAFEXCEL_HIA_xDR_CFG_WR_CACHE(WR_CACHE_3BITS) |
		    SAFEXCEL_HIA_xDR_CFG_RD_CACHE(RD_CACHE_3BITS));

		/* Clear any pending interrupt. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_CDR(sc, i) + SAFEXCEL_HIA_xDR_STAT,
		    SAFEXCEL_CDR_INTR_MASK);

		/*
		 * Result descriptors.
		 */

		/* Ring base address. */
		SAFEXCEL_WRITE(sc, SAFEXCEL_HIA_RDR(sc, i) +
		    SAFEXCEL_HIA_xDR_RING_BASE_ADDR_LO,
		    SAFEXCEL_ADDR_LO(ring->rdr.dma.paddr));
		SAFEXCEL_WRITE(sc, SAFEXCEL_HIA_RDR(sc, i) +
		    SAFEXCEL_HIA_xDR_RING_BASE_ADDR_HI,
		    SAFEXCEL_ADDR_HI(ring->rdr.dma.paddr));

		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, i) + SAFEXCEL_HIA_xDR_DESC_SIZE,
		    SAFEXCEL_xDR_DESC_MODE_64BIT |
		    (sc->sc_config.rd_offset << SAFEXCEL_xDR_DESC_xD_OFFSET) |
		    sc->sc_config.rd_size);

		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, i) + SAFEXCEL_HIA_xDR_CFG,
		    ((SAFEXCEL_FETCH_COUNT * (rd_size_rnd << sc->sc_config.hdw)) <<
		    SAFEXCEL_xDR_xD_FETCH_THRESH) |
		    (SAFEXCEL_FETCH_COUNT * sc->sc_config.rd_offset));

		/* Configure DMA tx control. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, i) + SAFEXCEL_HIA_xDR_DMA_CFG,
		    SAFEXCEL_HIA_xDR_CFG_WR_CACHE(WR_CACHE_3BITS) |
		    SAFEXCEL_HIA_xDR_CFG_RD_CACHE(RD_CACHE_3BITS) |
		    SAFEXCEL_HIA_xDR_WR_RES_BUF | SAFEXCEL_HIA_xDR_WR_CTRL_BUF);

		/* Clear any pending interrupt. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, i) + SAFEXCEL_HIA_xDR_STAT,
		    SAFEXCEL_RDR_INTR_MASK);

		/* Enable ring interrupt. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_AIC_R(sc) + SAFEXCEL_HIA_AIC_R_ENABLE_CTRL(i),
		    SAFEXCEL_RDR_IRQ(i));
	}
}

/* Reset the command and result descriptor rings. */
static void
safexcel_hw_reset_rings(struct safexcel_softc *sc)
{
	int i;

	for (i = 0; i < sc->sc_config.rings; i++) {
		/*
		 * Result descriptor ring operations.
		 */

		/* Reset ring base address. */
		SAFEXCEL_WRITE(sc, SAFEXCEL_HIA_RDR(sc, i) +
		    SAFEXCEL_HIA_xDR_RING_BASE_ADDR_LO, 0);
		SAFEXCEL_WRITE(sc, SAFEXCEL_HIA_RDR(sc, i) +
		    SAFEXCEL_HIA_xDR_RING_BASE_ADDR_HI, 0);

		/* Clear the pending prepared counter. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, i) + SAFEXCEL_HIA_xDR_PREP_COUNT,
		    SAFEXCEL_xDR_PREP_CLR_COUNT);

		/* Clear the pending processed counter. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, i) + SAFEXCEL_HIA_xDR_PROC_COUNT,
		    SAFEXCEL_xDR_PROC_CLR_COUNT);

		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, i) + SAFEXCEL_HIA_xDR_PREP_PNTR, 0);
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, i) + SAFEXCEL_HIA_xDR_PROC_PNTR, 0);

		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, i) + SAFEXCEL_HIA_xDR_RING_SIZE, 0);

		/* Clear any pending interrupt. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, i) + SAFEXCEL_HIA_xDR_STAT,
		    SAFEXCEL_RDR_INTR_MASK);

		/* Disable ring interrupt. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_AIC_R(sc) + SAFEXCEL_HIA_AIC_R_ENABLE_CLR(i),
		    SAFEXCEL_RDR_IRQ(i));

		/*
		 * Command descriptor ring operations.
		 */

		/* Reset ring base address. */
		SAFEXCEL_WRITE(sc, SAFEXCEL_HIA_CDR(sc, i) +
		    SAFEXCEL_HIA_xDR_RING_BASE_ADDR_LO, 0);
		SAFEXCEL_WRITE(sc, SAFEXCEL_HIA_CDR(sc, i) +
		    SAFEXCEL_HIA_xDR_RING_BASE_ADDR_HI, 0);

		/* Clear the pending prepared counter. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_CDR(sc, i) + SAFEXCEL_HIA_xDR_PREP_COUNT,
		    SAFEXCEL_xDR_PREP_CLR_COUNT);

		/* Clear the pending processed counter. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_CDR(sc, i) + SAFEXCEL_HIA_xDR_PROC_COUNT,
		    SAFEXCEL_xDR_PROC_CLR_COUNT);

		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_CDR(sc, i) + SAFEXCEL_HIA_xDR_PREP_PNTR, 0);
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_CDR(sc, i) + SAFEXCEL_HIA_xDR_PROC_PNTR, 0);

		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_CDR(sc, i) + SAFEXCEL_HIA_xDR_RING_SIZE, 0);

		/* Clear any pending interrupt. */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_CDR(sc, i) + SAFEXCEL_HIA_xDR_STAT,
		    SAFEXCEL_CDR_INTR_MASK);
	}
}

static void
safexcel_enable_pe_engine(struct safexcel_softc *sc, int pe)
{
	int i, ring_mask;

	for (ring_mask = 0, i = 0; i < sc->sc_config.rings; i++) {
		ring_mask <<= 1;
		ring_mask |= 1;
	}

	/* Enable command descriptor rings. */
	SAFEXCEL_WRITE(sc, SAFEXCEL_HIA_DFE_THR(sc) + SAFEXCEL_HIA_DFE_THR_CTRL(pe),
	    SAFEXCEL_DxE_THR_CTRL_EN | ring_mask);

	/* Enable result descriptor rings. */
	SAFEXCEL_WRITE(sc, SAFEXCEL_HIA_DSE_THR(sc) + SAFEXCEL_HIA_DSE_THR_CTRL(pe),
	    SAFEXCEL_DxE_THR_CTRL_EN | ring_mask);

	/* Clear any HIA interrupt. */
	SAFEXCEL_WRITE(sc, SAFEXCEL_HIA_AIC_G(sc) + SAFEXCEL_HIA_AIC_G_ACK,
	    SAFEXCEL_AIC_G_ACK_HIA_MASK);
}

static void
safexcel_execute(struct safexcel_softc *sc, struct safexcel_ring *ring,
    struct safexcel_request *req, int hint)
{
	int ringidx, ncdesc, nrdesc;
	bool busy;

	mtx_assert(&ring->mtx, MA_OWNED);

	if ((hint & CRYPTO_HINT_MORE) != 0) {
		ring->pending++;
		ring->pending_cdesc += req->cdescs;
		ring->pending_rdesc += req->rdescs;
		return;
	}

	ringidx = req->ringidx;

	busy = ring->queued != 0;
	ncdesc = ring->pending_cdesc + req->cdescs;
	nrdesc = ring->pending_rdesc + req->rdescs;
	ring->queued += ring->pending + 1;

	if (!busy) {
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_HIA_RDR(sc, ringidx) + SAFEXCEL_HIA_xDR_THRESH,
		    SAFEXCEL_HIA_CDR_THRESH_PKT_MODE | ring->queued);
	}
	SAFEXCEL_WRITE(sc,
	    SAFEXCEL_HIA_RDR(sc, ringidx) + SAFEXCEL_HIA_xDR_PREP_COUNT,
	    nrdesc * sc->sc_config.rd_offset * sizeof(uint32_t));
	SAFEXCEL_WRITE(sc,
	    SAFEXCEL_HIA_CDR(sc, ringidx) + SAFEXCEL_HIA_xDR_PREP_COUNT,
	    ncdesc * sc->sc_config.cd_offset * sizeof(uint32_t));

	ring->pending = ring->pending_cdesc = ring->pending_rdesc = 0;
}

static void
safexcel_init_rings(struct safexcel_softc *sc)
{
	struct safexcel_cmd_descr *cdesc;
	struct safexcel_ring *ring;
	uint64_t atok;
	int i, j;

	for (i = 0; i < sc->sc_config.rings; i++) {
		ring = &sc->sc_ring[i];

		snprintf(ring->lockname, sizeof(ring->lockname),
		    "safexcel_ring%d", i);
		mtx_init(&ring->mtx, ring->lockname, NULL, MTX_DEF);

		ring->pending = ring->pending_cdesc = ring->pending_rdesc = 0;
		ring->queued = 0;
		ring->cdr.read = ring->cdr.write = 0;
		ring->rdr.read = ring->rdr.write = 0;
		for (j = 0; j < SAFEXCEL_RING_SIZE; j++) {
			cdesc = &ring->cdr.desc[j];
			atok = ring->dma_atok.paddr +
			    sc->sc_config.atok_offset * j;
			cdesc->atok_lo = SAFEXCEL_ADDR_LO(atok);
			cdesc->atok_hi = SAFEXCEL_ADDR_HI(atok);
		}
	}
}

static void
safexcel_dma_alloc_mem_cb(void *arg, bus_dma_segment_t *segs, int nseg,
    int error)
{
	struct safexcel_dma_mem *sdm;

	if (error != 0)
		return;

	KASSERT(nseg == 1, ("%s: nsegs is %d", __func__, nseg));
	sdm = arg;
	sdm->paddr = segs->ds_addr;
}

static int
safexcel_dma_alloc_mem(struct safexcel_softc *sc, struct safexcel_dma_mem *sdm,
    bus_size_t size)
{
	int error;

	KASSERT(sdm->vaddr == NULL,
	    ("%s: DMA memory descriptor in use.", __func__));

	error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), /* parent */
	    PAGE_SIZE, 0,		/* alignment, boundary */
	    BUS_SPACE_MAXADDR_32BIT,	/* lowaddr */
	    BUS_SPACE_MAXADDR,		/* highaddr */
	    NULL, NULL,			/* filtfunc, filtfuncarg */
	    size, 1,			/* maxsize, nsegments */
	    size, BUS_DMA_COHERENT,	/* maxsegsz, flags */
	    NULL, NULL,			/* lockfunc, lockfuncarg */
	    &sdm->tag);			/* dmat */
	if (error != 0) {
		device_printf(sc->sc_dev,
		    "failed to allocate busdma tag, error %d\n", error);
		goto err1;
	}

	error = bus_dmamem_alloc(sdm->tag, (void **)&sdm->vaddr,
	    BUS_DMA_WAITOK | BUS_DMA_ZERO | BUS_DMA_COHERENT, &sdm->map);
	if (error != 0) {
		device_printf(sc->sc_dev,
		    "failed to allocate DMA safe memory, error %d\n", error);
		goto err2;
	}

	error = bus_dmamap_load(sdm->tag, sdm->map, sdm->vaddr, size,
	    safexcel_dma_alloc_mem_cb, sdm, BUS_DMA_NOWAIT);
	if (error != 0) {
		device_printf(sc->sc_dev,
		    "cannot get address of the DMA memory, error %d\n", error);
		goto err3;
	}

	return (0);
err3:
	bus_dmamem_free(sdm->tag, sdm->vaddr, sdm->map);
err2:
	bus_dma_tag_destroy(sdm->tag);
err1:
	sdm->vaddr = NULL;

	return (error);
}

static void
safexcel_dma_free_mem(struct safexcel_dma_mem *sdm)
{
	bus_dmamap_unload(sdm->tag, sdm->map);
	bus_dmamem_free(sdm->tag, sdm->vaddr, sdm->map);
	bus_dma_tag_destroy(sdm->tag);
}

static void
safexcel_dma_free_rings(struct safexcel_softc *sc)
{
	struct safexcel_ring *ring;
	int i;

	for (i = 0; i < sc->sc_config.rings; i++) {
		ring = &sc->sc_ring[i];
		safexcel_dma_free_mem(&ring->cdr.dma);
		safexcel_dma_free_mem(&ring->dma_atok);
		safexcel_dma_free_mem(&ring->rdr.dma);
		bus_dma_tag_destroy(ring->data_dtag);
		mtx_destroy(&ring->mtx);
	}
}

static int
safexcel_dma_init(struct safexcel_softc *sc)
{
	struct safexcel_ring *ring;
	bus_size_t size;
	int error, i;

	for (i = 0; i < sc->sc_config.rings; i++) {
		ring = &sc->sc_ring[i];

		error = bus_dma_tag_create(
		    bus_get_dma_tag(sc->sc_dev),/* parent */
		    1, 0,			/* alignment, boundary */
		    BUS_SPACE_MAXADDR_32BIT,	/* lowaddr */
		    BUS_SPACE_MAXADDR,		/* highaddr */
		    NULL, NULL,			/* filtfunc, filtfuncarg */
		    SAFEXCEL_MAX_REQUEST_SIZE,	/* maxsize */
		    SAFEXCEL_MAX_FRAGMENTS,	/* nsegments */
		    SAFEXCEL_MAX_REQUEST_SIZE,	/* maxsegsz */
		    BUS_DMA_COHERENT,		/* flags */
		    NULL, NULL,			/* lockfunc, lockfuncarg */
		    &ring->data_dtag);		/* dmat */
		if (error != 0) {
			device_printf(sc->sc_dev,
			    "bus_dma_tag_create main failed; error %d\n", error);
			return (error);
		}

		size = sizeof(uint32_t) * sc->sc_config.cd_offset *
		    SAFEXCEL_RING_SIZE;
		error = safexcel_dma_alloc_mem(sc, &ring->cdr.dma, size);
		if (error != 0) {
			device_printf(sc->sc_dev,
			    "failed to allocate CDR DMA memory, error %d\n",
			    error);
			goto err;
		}
		ring->cdr.desc =
		    (struct safexcel_cmd_descr *)ring->cdr.dma.vaddr;

		/* Allocate additional CDR token memory. */
		size = (bus_size_t)sc->sc_config.atok_offset *
		    SAFEXCEL_RING_SIZE;
		error = safexcel_dma_alloc_mem(sc, &ring->dma_atok, size);
		if (error != 0) {
			device_printf(sc->sc_dev,
			    "failed to allocate atoken DMA memory, error %d\n",
			    error);
			goto err;
		}

		size = sizeof(uint32_t) * sc->sc_config.rd_offset *
		    SAFEXCEL_RING_SIZE;
		error = safexcel_dma_alloc_mem(sc, &ring->rdr.dma, size);
		if (error) {
			device_printf(sc->sc_dev,
			    "failed to allocate RDR DMA memory, error %d\n",
			    error);
			goto err;
		}
		ring->rdr.desc =
		    (struct safexcel_res_descr *)ring->rdr.dma.vaddr;
	}

	return (0);
err:
	safexcel_dma_free_rings(sc);
	return (error);
}

static void
safexcel_deinit_hw(struct safexcel_softc *sc)
{
	safexcel_hw_reset_rings(sc);
	safexcel_dma_free_rings(sc);
}

static int
safexcel_init_hw(struct safexcel_softc *sc)
{
	int pe;

	/* 23.3.7 Initialization */
	if (safexcel_configure(sc) != 0)
		return (EINVAL);

	if (safexcel_dma_init(sc) != 0)
		return (ENOMEM);

	safexcel_init_rings(sc);

	safexcel_init_hia_bus_access(sc);

	/* 23.3.7.2 Disable EIP-97 global Interrupts */
	safexcel_disable_global_interrupts(sc);

	for (pe = 0; pe < sc->sc_config.pes; pe++) {
		/* 23.3.7.3 Configure Data Fetch Engine */
		safexcel_configure_dfe_engine(sc, pe);

		/* 23.3.7.4 Configure Data Store Engine */
		if (safexcel_configure_dse(sc, pe)) {
			safexcel_deinit_hw(sc);
			return (-1);
		}

		/* 23.3.7.5 1. Protocol enables */
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_PE(sc) + SAFEXCEL_PE_EIP96_FUNCTION_EN(pe),
		    0xffffffff);
		SAFEXCEL_WRITE(sc,
		    SAFEXCEL_PE(sc) + SAFEXCEL_PE_EIP96_FUNCTION2_EN(pe),
		    0xffffffff);
	}

	safexcel_hw_prepare_rings(sc);

	/* 23.3.7.5 Configure the Processing Engine(s). */
	for (pe = 0; pe < sc->sc_config.pes; pe++)
		safexcel_enable_pe_engine(sc, pe);

	safexcel_hw_setup_rings(sc);

	return (0);
}

static int
safexcel_setup_dev_interrupts(struct safexcel_softc *sc)
{
	int error, i, j;

	for (i = 0; i < SAFEXCEL_MAX_RINGS && sc->sc_intr[i] != NULL; i++) {
		sc->sc_ih[i].sc = sc;
		sc->sc_ih[i].ring = i;

		if (bus_setup_intr(sc->sc_dev, sc->sc_intr[i],
		    INTR_TYPE_NET | INTR_MPSAFE, NULL, safexcel_ring_intr,
		    &sc->sc_ih[i], &sc->sc_ih[i].handle)) {
			device_printf(sc->sc_dev,
			    "couldn't setup interrupt %d\n", i);
			goto err;
		}

		error = bus_bind_intr(sc->sc_dev, sc->sc_intr[i], i % mp_ncpus);
		if (error != 0)
			device_printf(sc->sc_dev,
			    "failed to bind ring %d\n", error);
	}

	return (0);

err:
	for (j = 0; j < i; j++)
		bus_teardown_intr(sc->sc_dev, sc->sc_intr[j],
		    sc->sc_ih[j].handle);

	return (ENXIO);
}

static void
safexcel_teardown_dev_interrupts(struct safexcel_softc *sc)
{
	int i;

	for (i = 0; i < SAFEXCEL_MAX_RINGS; i++)
		bus_teardown_intr(sc->sc_dev, sc->sc_intr[i],
		    sc->sc_ih[i].handle);
}

static int
safexcel_alloc_dev_resources(struct safexcel_softc *sc)
{
	char name[16];
	device_t dev;
	phandle_t node;
	int error, i, rid;

	dev = sc->sc_dev;
	node = ofw_bus_get_node(dev);

	rid = 0;
	sc->sc_res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid,
	    RF_ACTIVE);
	if (sc->sc_res == NULL) {
		device_printf(dev, "couldn't allocate memory resources\n");
		return (ENXIO);
	}

	for (i = 0; i < SAFEXCEL_MAX_RINGS; i++) {
		(void)snprintf(name, sizeof(name), "ring%d", i);
		error = ofw_bus_find_string_index(node, "interrupt-names", name,
		    &rid);
		if (error != 0)
			break;

		sc->sc_intr[i] = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid,
		    RF_ACTIVE | RF_SHAREABLE);
		if (sc->sc_intr[i] == NULL) {
			error = ENXIO;
			goto out;
		}
	}
	if (i == 0) {
		device_printf(dev, "couldn't allocate interrupt resources\n");
		error = ENXIO;
		goto out;
	}

	return (0);

out:
	for (i = 0; i < SAFEXCEL_MAX_RINGS && sc->sc_intr[i] != NULL; i++)
		bus_release_resource(dev, SYS_RES_IRQ,
		    rman_get_rid(sc->sc_intr[i]), sc->sc_intr[i]);
	bus_release_resource(dev, SYS_RES_MEMORY, rman_get_rid(sc->sc_res),
	    sc->sc_res);
	return (error);
}

static void
safexcel_free_dev_resources(struct safexcel_softc *sc)
{
	int i;

	for (i = 0; i < SAFEXCEL_MAX_RINGS && sc->sc_intr[i] != NULL; i++)
		bus_release_resource(sc->sc_dev, SYS_RES_IRQ,
		    rman_get_rid(sc->sc_intr[i]), sc->sc_intr[i]);
	if (sc->sc_res != NULL)
		bus_release_resource(sc->sc_dev, SYS_RES_MEMORY,
		    rman_get_rid(sc->sc_res), sc->sc_res);
}

static int
safexcel_probe(device_t dev)
{
	struct safexcel_softc *sc;

	if (!ofw_bus_status_okay(dev))
		return (ENXIO);

	sc = device_get_softc(dev);
	sc->sc_type = ofw_bus_search_compatible(dev, safexcel_compat)->ocd_data;
	if (sc->sc_type == 0)
		return (ENXIO);

	device_set_desc(dev, "SafeXcel EIP-97 crypto accelerator");

	return (BUS_PROBE_DEFAULT);
}

static int
safexcel_attach(device_t dev)
{
	struct sysctl_ctx_list *ctx;
	struct sysctl_oid *oid;
	struct sysctl_oid_list *children;
	struct safexcel_softc *sc;
	struct safexcel_request *req;
	struct safexcel_ring *ring;
	int i, j, ringidx;

	sc = device_get_softc(dev);
	sc->sc_dev = dev;
	sc->sc_cid = -1;

	if (safexcel_alloc_dev_resources(sc))
		goto err;

	if (safexcel_setup_dev_interrupts(sc))
		goto err1;

	if (safexcel_init_hw(sc))
		goto err2;

	for (ringidx = 0; ringidx < sc->sc_config.rings; ringidx++) {
		ring = &sc->sc_ring[ringidx];

		ring->cmd_data = sglist_alloc(SAFEXCEL_MAX_FRAGMENTS, M_WAITOK);
		ring->res_data = sglist_alloc(SAFEXCEL_MAX_FRAGMENTS, M_WAITOK);

		for (i = 0; i < SAFEXCEL_RING_SIZE; i++) {
			req = &ring->requests[i];
			req->sc = sc;
			req->ringidx = ringidx;
			if (bus_dmamap_create(ring->data_dtag,
			    BUS_DMA_COHERENT, &req->dmap) != 0) {
				for (j = 0; j < i; j++)
					bus_dmamap_destroy(ring->data_dtag,
					    ring->requests[j].dmap);
				goto err2;
			}
			if (safexcel_dma_alloc_mem(sc, &req->ctx,
			    sizeof(struct safexcel_context_record)) != 0) {
				for (j = 0; j < i; j++) {
					bus_dmamap_destroy(ring->data_dtag,
					    ring->requests[j].dmap);
					safexcel_dma_free_mem(
					    &ring->requests[j].ctx);
				}
				goto err2;
			}
		}
	}

	ctx = device_get_sysctl_ctx(dev);
	SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(device_get_sysctl_tree(dev)),
	    OID_AUTO, "debug", CTLFLAG_RWTUN, &sc->sc_debug, 0,
	    "Debug message verbosity");

	oid = device_get_sysctl_tree(sc->sc_dev);
	children = SYSCTL_CHILDREN(oid);
	oid = SYSCTL_ADD_NODE(ctx, children, OID_AUTO, "stats",
	    CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, "statistics");
	children = SYSCTL_CHILDREN(oid);

	sc->sc_req_alloc_failures = counter_u64_alloc(M_WAITOK);
	SYSCTL_ADD_COUNTER_U64(ctx, children, OID_AUTO, "req_alloc_failures",
	    CTLFLAG_RD, &sc->sc_req_alloc_failures,
	    "Number of request allocation failures");
	sc->sc_cdesc_alloc_failures = counter_u64_alloc(M_WAITOK);
	SYSCTL_ADD_COUNTER_U64(ctx, children, OID_AUTO, "cdesc_alloc_failures",
	    CTLFLAG_RD, &sc->sc_cdesc_alloc_failures,
	    "Number of command descriptor ring overflows");
	sc->sc_rdesc_alloc_failures = counter_u64_alloc(M_WAITOK);
	SYSCTL_ADD_COUNTER_U64(ctx, children, OID_AUTO, "rdesc_alloc_failures",
	    CTLFLAG_RD, &sc->sc_rdesc_alloc_failures,
	    "Number of result descriptor ring overflows");

	sc->sc_cid = crypto_get_driverid(dev, sizeof(struct safexcel_session),
	    CRYPTOCAP_F_HARDWARE);
	if (sc->sc_cid < 0)
		goto err2;

	return (0);

err2:
	safexcel_teardown_dev_interrupts(sc);
err1:
	safexcel_free_dev_resources(sc);
err:
	return (ENXIO);
}

static int
safexcel_detach(device_t dev)
{
	struct safexcel_ring *ring;
	struct safexcel_softc *sc;
	int i, ringidx;

	sc = device_get_softc(dev);

	if (sc->sc_cid >= 0)
		crypto_unregister_all(sc->sc_cid);

	counter_u64_free(sc->sc_req_alloc_failures);
	counter_u64_free(sc->sc_cdesc_alloc_failures);
	counter_u64_free(sc->sc_rdesc_alloc_failures);

	for (ringidx = 0; ringidx < sc->sc_config.rings; ringidx++) {
		ring = &sc->sc_ring[ringidx];
		for (i = 0; i < SAFEXCEL_RING_SIZE; i++) {
			bus_dmamap_destroy(ring->data_dtag,
			    ring->requests[i].dmap);
			safexcel_dma_free_mem(&ring->requests[i].ctx);
		}
		sglist_free(ring->cmd_data);
		sglist_free(ring->res_data);
	}
	safexcel_deinit_hw(sc);
	safexcel_teardown_dev_interrupts(sc);
	safexcel_free_dev_resources(sc);

	return (0);
}

/*
 * Pre-compute the hash key used in GHASH, which is a block of zeroes encrypted
 * using the cipher key.
 */
static void
safexcel_setkey_ghash(const uint8_t *key, int klen, uint32_t *hashkey)
{
	uint32_t ks[4 * (RIJNDAEL_MAXNR + 1)];
	uint8_t zeros[AES_BLOCK_LEN];
	int i, rounds;

	memset(zeros, 0, sizeof(zeros));

	rounds = rijndaelKeySetupEnc(ks, key, klen * NBBY);
	rijndaelEncrypt(ks, rounds, zeros, (uint8_t *)hashkey);
	for (i = 0; i < GMAC_BLOCK_LEN / sizeof(uint32_t); i++)
		hashkey[i] = htobe32(hashkey[i]);

	explicit_bzero(ks, sizeof(ks));
}

/*
 * Pre-compute the combined CBC-MAC key, which consists of three keys K1, K2, K3
 * in the hardware implementation.  K1 is the cipher key and comes last in the
 * buffer since K2 and K3 have a fixed size of AES_BLOCK_LEN.  For now XCBC-MAC
 * is not implemented so K2 and K3 are fixed.
 */
static void
safexcel_setkey_xcbcmac(const uint8_t *key, int klen, uint32_t *hashkey)
{
	int i, off;

	memset(hashkey, 0, 2 * AES_BLOCK_LEN);
	off = 2 * AES_BLOCK_LEN / sizeof(uint32_t);
	for (i = 0; i < klen / sizeof(uint32_t); i++, key += 4)
		hashkey[i + off] = htobe32(le32dec(key));
}

static void
safexcel_setkey_hmac_digest(struct auth_hash *ahash, union authctx *ctx,
    char *buf)
{
	int hashwords, i;

	switch (ahash->type) {
	case CRYPTO_SHA1_HMAC:
		hashwords = ahash->hashsize / sizeof(uint32_t);
		for (i = 0; i < hashwords; i++)
			((uint32_t *)buf)[i] = htobe32(ctx->sha1ctx.h.b32[i]);
		break;
	case CRYPTO_SHA2_224_HMAC:
		hashwords = auth_hash_hmac_sha2_256.hashsize / sizeof(uint32_t);
		for (i = 0; i < hashwords; i++)
			((uint32_t *)buf)[i] = htobe32(ctx->sha224ctx.state[i]);
		break;
	case CRYPTO_SHA2_256_HMAC:
		hashwords = ahash->hashsize / sizeof(uint32_t);
		for (i = 0; i < hashwords; i++)
			((uint32_t *)buf)[i] = htobe32(ctx->sha256ctx.state[i]);
		break;
	case CRYPTO_SHA2_384_HMAC:
		hashwords = auth_hash_hmac_sha2_512.hashsize / sizeof(uint64_t);
		for (i = 0; i < hashwords; i++)
			((uint64_t *)buf)[i] = htobe64(ctx->sha384ctx.state[i]);
		break;
	case CRYPTO_SHA2_512_HMAC:
		hashwords = ahash->hashsize / sizeof(uint64_t);
		for (i = 0; i < hashwords; i++)
			((uint64_t *)buf)[i] = htobe64(ctx->sha512ctx.state[i]);
		break;
	}
}

/*
 * Pre-compute the inner and outer digests used in the HMAC algorithm.
 */
static void
safexcel_setkey_hmac(const struct crypto_session_params *csp,
    const uint8_t *key, int klen, uint8_t *ipad, uint8_t *opad)
{
	union authctx ctx;
	struct auth_hash *ahash;

	ahash = crypto_auth_hash(csp);
	hmac_init_ipad(ahash, key, klen, &ctx);
	safexcel_setkey_hmac_digest(ahash, &ctx, ipad);
	hmac_init_opad(ahash, key, klen, &ctx);
	safexcel_setkey_hmac_digest(ahash, &ctx, opad);
	explicit_bzero(&ctx, ahash->ctxsize);
}

static void
safexcel_setkey_xts(const uint8_t *key, int klen, uint8_t *tweakkey)
{
	memcpy(tweakkey, key + klen, klen);
}

/*
 * Populate a context record with paramters from a session.  Some consumers
 * specify per-request keys, in which case the context must be re-initialized
 * for each request.
 */
static int
safexcel_set_context(struct safexcel_context_record *ctx, int op,
    const uint8_t *ckey, const uint8_t *akey, struct safexcel_session *sess)
{
	const struct crypto_session_params *csp;
	uint8_t *data;
	uint32_t ctrl0, ctrl1;
	int aklen, alg, cklen, off;

	csp = crypto_get_params(sess->cses);
	aklen = csp->csp_auth_klen;
	cklen = csp->csp_cipher_klen;
	if (csp->csp_cipher_alg == CRYPTO_AES_XTS)
		cklen /= 2;

	ctrl0 = sess->alg | sess->digest | sess->hash;
	ctrl1 = sess->mode;

	data = (uint8_t *)ctx->data;
	if (csp->csp_cipher_alg != 0) {
		memcpy(data, ckey, cklen);
		off = cklen;
	} else if (csp->csp_auth_alg == CRYPTO_AES_NIST_GMAC) {
		memcpy(data, akey, aklen);
		off = aklen;
	} else {
		off = 0;
	}

	switch (csp->csp_cipher_alg) {
	case CRYPTO_AES_NIST_GCM_16:
		safexcel_setkey_ghash(ckey, cklen, (uint32_t *)(data + off));
		off += GMAC_BLOCK_LEN;
		break;
	case CRYPTO_AES_CCM_16:
		safexcel_setkey_xcbcmac(ckey, cklen, (uint32_t *)(data + off));
		off += AES_BLOCK_LEN * 2 + cklen;
		break;
	case CRYPTO_AES_XTS:
		safexcel_setkey_xts(ckey, cklen, data + off);
		off += cklen;
		break;
	}
	switch (csp->csp_auth_alg) {
	case CRYPTO_AES_NIST_GMAC:
		safexcel_setkey_ghash(akey, aklen, (uint32_t *)(data + off));
		off += GMAC_BLOCK_LEN;
		break;
	case CRYPTO_SHA1_HMAC:
	case CRYPTO_SHA2_224_HMAC:
	case CRYPTO_SHA2_256_HMAC:
	case CRYPTO_SHA2_384_HMAC:
	case CRYPTO_SHA2_512_HMAC:
		safexcel_setkey_hmac(csp, akey, aklen,
		    data + off, data + off + sess->statelen);
		off += sess->statelen * 2;
		break;
	}
	ctrl0 |= SAFEXCEL_CONTROL0_SIZE(off / sizeof(uint32_t));

	alg = csp->csp_cipher_alg;
	if (alg == 0)
		alg = csp->csp_auth_alg;

	switch (alg) {
	case CRYPTO_AES_CCM_16:
		if (CRYPTO_OP_IS_ENCRYPT(op)) {
			ctrl0 |= SAFEXCEL_CONTROL0_TYPE_HASH_ENCRYPT_OUT |
			    SAFEXCEL_CONTROL0_KEY_EN;
		} else {
			ctrl0 |= SAFEXCEL_CONTROL0_TYPE_DECRYPT_HASH_IN |
			    SAFEXCEL_CONTROL0_KEY_EN;
		}
		ctrl1 |= SAFEXCEL_CONTROL1_IV0 | SAFEXCEL_CONTROL1_IV1 |
		    SAFEXCEL_CONTROL1_IV2 | SAFEXCEL_CONTROL1_IV3;
		break;
	case CRYPTO_AES_CBC:
	case CRYPTO_AES_ICM:
	case CRYPTO_AES_XTS:
		if (CRYPTO_OP_IS_ENCRYPT(op)) {
			ctrl0 |= SAFEXCEL_CONTROL0_TYPE_CRYPTO_OUT |
			    SAFEXCEL_CONTROL0_KEY_EN;
			if (csp->csp_auth_alg != 0)
				ctrl0 |=
				    SAFEXCEL_CONTROL0_TYPE_ENCRYPT_HASH_OUT;
		} else {
			ctrl0 |= SAFEXCEL_CONTROL0_TYPE_CRYPTO_IN |
			    SAFEXCEL_CONTROL0_KEY_EN;
			if (csp->csp_auth_alg != 0)
				ctrl0 |= SAFEXCEL_CONTROL0_TYPE_HASH_DECRYPT_IN;
		}
		break;
	case CRYPTO_AES_NIST_GCM_16:
	case CRYPTO_AES_NIST_GMAC:
		if (CRYPTO_OP_IS_ENCRYPT(op) || csp->csp_auth_alg != 0) {
			ctrl0 |= SAFEXCEL_CONTROL0_TYPE_CRYPTO_OUT |
			    SAFEXCEL_CONTROL0_KEY_EN |
			    SAFEXCEL_CONTROL0_TYPE_HASH_OUT;
		} else {
			ctrl0 |= SAFEXCEL_CONTROL0_TYPE_CRYPTO_IN |
			    SAFEXCEL_CONTROL0_KEY_EN |
			    SAFEXCEL_CONTROL0_TYPE_HASH_DECRYPT_IN;
		}
		if (csp->csp_cipher_alg == CRYPTO_AES_NIST_GCM_16) {
			ctrl1 |= SAFEXCEL_CONTROL1_COUNTER_MODE |
			    SAFEXCEL_CONTROL1_IV0 | SAFEXCEL_CONTROL1_IV1 |
			    SAFEXCEL_CONTROL1_IV2;
		}
		break;
	case CRYPTO_SHA1:
	case CRYPTO_SHA2_224:
	case CRYPTO_SHA2_256:
	case CRYPTO_SHA2_384:
	case CRYPTO_SHA2_512:
		ctrl0 |= SAFEXCEL_CONTROL0_RESTART_HASH;
		/* FALLTHROUGH */
	case CRYPTO_SHA1_HMAC:
	case CRYPTO_SHA2_224_HMAC:
	case CRYPTO_SHA2_256_HMAC:
	case CRYPTO_SHA2_384_HMAC:
	case CRYPTO_SHA2_512_HMAC:
		ctrl0 |= SAFEXCEL_CONTROL0_TYPE_HASH_OUT;
		break;
	}

	ctx->control0 = ctrl0;
	ctx->control1 = ctrl1;

	return (off);
}

/*
 * Construct a no-op instruction, used to pad input tokens.
 */
static void
safexcel_instr_nop(struct safexcel_instr **instrp)
{
	struct safexcel_instr *instr;

	instr = *instrp;
	instr->opcode = SAFEXCEL_INSTR_OPCODE_INSERT;
	instr->length = (1 << 2);
	instr->status = 0;
	instr->instructions = 0;

	*instrp = instr + 1;
}

/*
 * Insert the digest of the input payload.  This is typically the last
 * instruction of a sequence.
 */
static void
safexcel_instr_insert_digest(struct safexcel_instr **instrp, int len)
{
	struct safexcel_instr *instr;

	instr = *instrp;
	instr->opcode = SAFEXCEL_INSTR_OPCODE_INSERT;
	instr->length = len;
	instr->status = SAFEXCEL_INSTR_STATUS_LAST_HASH |
	    SAFEXCEL_INSTR_STATUS_LAST_PACKET;
	instr->instructions = SAFEXCEL_INSTR_DEST_OUTPUT |
	    SAFEXCEL_INSTR_INSERT_HASH_DIGEST;

	*instrp = instr + 1;
}

/*
 * Retrieve and verify a digest.
 */
static void
safexcel_instr_retrieve_digest(struct safexcel_instr **instrp, int len)
{
	struct safexcel_instr *instr;

	instr = *instrp;
	instr->opcode = SAFEXCEL_INSTR_OPCODE_RETRIEVE;
	instr->length = len;
	instr->status = SAFEXCEL_INSTR_STATUS_LAST_HASH |
	    SAFEXCEL_INSTR_STATUS_LAST_PACKET;
	instr->instructions = SAFEXCEL_INSTR_INSERT_HASH_DIGEST;
	instr++;

	instr->opcode = SAFEXCEL_INSTR_OPCODE_VERIFY_FIELDS;
	instr->length = len | SAFEXCEL_INSTR_VERIFY_HASH;
	instr->status = SAFEXCEL_INSTR_STATUS_LAST_HASH |
	    SAFEXCEL_INSTR_STATUS_LAST_PACKET;
	instr->instructions = SAFEXCEL_INSTR_VERIFY_PADDING;

	*instrp = instr + 1;
}

static void
safexcel_instr_temp_aes_block(struct safexcel_instr **instrp)
{
	struct safexcel_instr *instr;

	instr = *instrp;
	instr->opcode = SAFEXCEL_INSTR_OPCODE_INSERT_REMOVE_RESULT;
	instr->length = 0;
	instr->status = 0;
	instr->instructions = AES_BLOCK_LEN;
	instr++;

	instr->opcode = SAFEXCEL_INSTR_OPCODE_INSERT;
	instr->length = AES_BLOCK_LEN;
	instr->status = 0;
	instr->instructions = SAFEXCEL_INSTR_DEST_OUTPUT |
	    SAFEXCEL_INSTR_DEST_CRYPTO;

	*instrp = instr + 1;
}

/*
 * Handle a request for an unauthenticated block cipher.
 */
static void
safexcel_instr_cipher(struct safexcel_request *req,
    struct safexcel_instr *instr, struct safexcel_cmd_descr *cdesc)
{
	struct cryptop *crp;

	crp = req->crp;

	/* Insert the payload. */
	instr->opcode = SAFEXCEL_INSTR_OPCODE_DIRECTION;
	instr->length = crp->crp_payload_length;
	instr->status = SAFEXCEL_INSTR_STATUS_LAST_PACKET |
	    SAFEXCEL_INSTR_STATUS_LAST_HASH;
	instr->instructions = SAFEXCEL_INSTR_INS_LAST |
	    SAFEXCEL_INSTR_DEST_CRYPTO | SAFEXCEL_INSTR_DEST_OUTPUT;

	cdesc->additional_cdata_size = 1;
}

static void
safexcel_instr_eta(struct safexcel_request *req, struct safexcel_instr *instr,
    struct safexcel_cmd_descr *cdesc)
{
	const struct crypto_session_params *csp;
	struct cryptop *crp;
	struct safexcel_instr *start;

	crp = req->crp;
	csp = crypto_get_params(crp->crp_session);
	start = instr;

	/* Insert the AAD. */
	instr->opcode = SAFEXCEL_INSTR_OPCODE_DIRECTION;
	instr->length = crp->crp_aad_length;
	instr->status = crp->crp_payload_length == 0 ?
	    SAFEXCEL_INSTR_STATUS_LAST_HASH : 0;
	instr->instructions = SAFEXCEL_INSTR_INS_LAST |
	    SAFEXCEL_INSTR_DEST_HASH;
	instr++;

	/* Encrypt any data left in the request. */
	if (crp->crp_payload_length > 0) {
		instr->opcode = SAFEXCEL_INSTR_OPCODE_DIRECTION;
		instr->length = crp->crp_payload_length;
		instr->status = SAFEXCEL_INSTR_STATUS_LAST_HASH;
		instr->instructions = SAFEXCEL_INSTR_INS_LAST |
		    SAFEXCEL_INSTR_DEST_CRYPTO |
		    SAFEXCEL_INSTR_DEST_HASH |
		    SAFEXCEL_INSTR_DEST_OUTPUT;
		instr++;
	}

	/*
	 * Compute the digest, or extract it and place it in the output stream.
	 */
	if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op))
		safexcel_instr_insert_digest(&instr, req->sess->digestlen);
	else
		safexcel_instr_retrieve_digest(&instr, req->sess->digestlen);
	cdesc->additional_cdata_size = instr - start;
}

static void
safexcel_instr_sha_hash(struct safexcel_request *req,
    struct safexcel_instr *instr)
{
	struct cryptop *crp;
	struct safexcel_instr *start;

	crp = req->crp;
	start = instr;

	/* Pass the input data to the hash engine. */
	instr->opcode = SAFEXCEL_INSTR_OPCODE_DIRECTION;
	instr->length = crp->crp_payload_length;
	instr->status = SAFEXCEL_INSTR_STATUS_LAST_HASH;
	instr->instructions = SAFEXCEL_INSTR_DEST_HASH;
	instr++;

	/* Insert the hash result into the output stream. */
	safexcel_instr_insert_digest(&instr, req->sess->digestlen);

	/* Pad the rest of the inline instruction space. */
	while (instr != start + SAFEXCEL_MAX_ITOKENS)
		safexcel_instr_nop(&instr);
}

static void
safexcel_instr_ccm(struct safexcel_request *req, struct safexcel_instr *instr,
    struct safexcel_cmd_descr *cdesc)
{
	struct cryptop *crp;
	struct safexcel_instr *start;
	uint8_t *a0, *b0, *alenp, L;
	int aalign, blen;

	crp = req->crp;
	start = instr;

	/*
	 * Construct two blocks, A0 and B0, used in encryption and
	 * authentication, respectively.  A0 is embedded in the token
	 * descriptor, and B0 is inserted directly into the data stream using
	 * instructions below.
	 *
	 * OCF seems to assume a 12-byte IV, fixing L (the payload length size)
	 * at 3 bytes due to the layout of B0.  This is fine since the driver
	 * has a maximum of 65535 bytes anyway.
	 */
	blen = AES_BLOCK_LEN;
	L = 3;

	a0 = (uint8_t *)&cdesc->control_data.token[0];
	memset(a0, 0, blen);
	a0[0] = L - 1;
	memcpy(&a0[1], req->iv, AES_CCM_IV_LEN);

	/*
	 * Insert B0 and the AAD length into the input stream.
	 */
	instr->opcode = SAFEXCEL_INSTR_OPCODE_INSERT;
	instr->length = blen + (crp->crp_aad_length > 0 ? 2 : 0);
	instr->status = 0;
	instr->instructions = SAFEXCEL_INSTR_DEST_HASH |
	    SAFEXCEL_INSTR_INSERT_IMMEDIATE;
	instr++;

	b0 = (uint8_t *)instr;
	memset(b0, 0, blen);
	b0[0] =
	    (L - 1) | /* payload length size */
	    ((CCM_CBC_MAX_DIGEST_LEN - 2) / 2) << 3 /* digest length */ |
	    (crp->crp_aad_length > 0 ? 1 : 0) << 6 /* AAD present bit */;
	memcpy(&b0[1], req->iv, AES_CCM_IV_LEN);
	b0[14] = crp->crp_payload_length >> 8;
	b0[15] = crp->crp_payload_length & 0xff;
	instr += blen / sizeof(*instr);

	/* Insert the AAD length and data into the input stream. */
	if (crp->crp_aad_length > 0) {
		alenp = (uint8_t *)instr;
		alenp[0] = crp->crp_aad_length >> 8;
		alenp[1] = crp->crp_aad_length & 0xff;
		alenp[2] = 0;
		alenp[3] = 0;
		instr++;

		instr->opcode = SAFEXCEL_INSTR_OPCODE_DIRECTION;
		instr->length = crp->crp_aad_length;
		instr->status = 0;
		instr->instructions = SAFEXCEL_INSTR_DEST_HASH;
		instr++;

		/* Insert zero padding. */
		aalign = (crp->crp_aad_length + 2) & (blen - 1);
		instr->opcode = SAFEXCEL_INSTR_OPCODE_INSERT;
		instr->length = aalign == 0 ? 0 :
		    blen - ((crp->crp_aad_length + 2) & (blen - 1));
		instr->status = crp->crp_payload_length == 0 ?
		    SAFEXCEL_INSTR_STATUS_LAST_HASH : 0;
		instr->instructions = SAFEXCEL_INSTR_DEST_HASH;
		instr++;
	}

	safexcel_instr_temp_aes_block(&instr);

	/* Insert the cipher payload into the input stream. */
	if (crp->crp_payload_length > 0) {
		instr->opcode = SAFEXCEL_INSTR_OPCODE_DIRECTION;
		instr->length = crp->crp_payload_length;
		instr->status = (crp->crp_payload_length & (blen - 1)) == 0 ?
		    SAFEXCEL_INSTR_STATUS_LAST_HASH : 0;
		instr->instructions = SAFEXCEL_INSTR_DEST_OUTPUT |
		    SAFEXCEL_INSTR_DEST_CRYPTO |
		    SAFEXCEL_INSTR_DEST_HASH |
		    SAFEXCEL_INSTR_INS_LAST;
		instr++;

		/* Insert zero padding. */
		if (crp->crp_payload_length & (blen - 1)) {
			instr->opcode = SAFEXCEL_INSTR_OPCODE_INSERT;
			instr->length = blen -
			    (crp->crp_payload_length & (blen - 1));
			instr->status = SAFEXCEL_INSTR_STATUS_LAST_HASH;
			instr->instructions = SAFEXCEL_INSTR_DEST_HASH;
			instr++;
		}
	}

	/*
	 * Compute the digest, or extract it and place it in the output stream.
	 */
	if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op))
		safexcel_instr_insert_digest(&instr, req->sess->digestlen);
	else
		safexcel_instr_retrieve_digest(&instr, req->sess->digestlen);

	cdesc->additional_cdata_size = instr - start;
}

static void
safexcel_instr_gcm(struct safexcel_request *req, struct safexcel_instr *instr,
    struct safexcel_cmd_descr *cdesc)
{
	struct cryptop *crp;
	struct safexcel_instr *start;

	memcpy(cdesc->control_data.token, req->iv, AES_GCM_IV_LEN);
	cdesc->control_data.token[3] = htobe32(1);

	crp = req->crp;
	start = instr;

	/* Insert the AAD into the input stream. */
	instr->opcode = SAFEXCEL_INSTR_OPCODE_DIRECTION;
	instr->length = crp->crp_aad_length;
	instr->status = crp->crp_payload_length == 0 ?
	    SAFEXCEL_INSTR_STATUS_LAST_HASH : 0;
	instr->instructions = SAFEXCEL_INSTR_INS_LAST |
	    SAFEXCEL_INSTR_DEST_HASH;
	instr++;

	safexcel_instr_temp_aes_block(&instr);

	/* Insert the cipher payload into the input stream. */
	if (crp->crp_payload_length > 0) {
		instr->opcode = SAFEXCEL_INSTR_OPCODE_DIRECTION;
		instr->length = crp->crp_payload_length;
		instr->status = SAFEXCEL_INSTR_STATUS_LAST_HASH;
		instr->instructions = SAFEXCEL_INSTR_DEST_OUTPUT |
		    SAFEXCEL_INSTR_DEST_CRYPTO | SAFEXCEL_INSTR_DEST_HASH |
		    SAFEXCEL_INSTR_INS_LAST;
		instr++;
	}

	/*
	 * Compute the digest, or extract it and place it in the output stream.
	 */
	if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op))
		safexcel_instr_insert_digest(&instr, req->sess->digestlen);
	else
		safexcel_instr_retrieve_digest(&instr, req->sess->digestlen);

	cdesc->additional_cdata_size = instr - start;
}

static void
safexcel_instr_gmac(struct safexcel_request *req, struct safexcel_instr *instr,
    struct safexcel_cmd_descr *cdesc)
{
	struct cryptop *crp;
	struct safexcel_instr *start;

	memcpy(cdesc->control_data.token, req->iv, AES_GCM_IV_LEN);
	cdesc->control_data.token[3] = htobe32(1);

	crp = req->crp;
	start = instr;

	instr->opcode = SAFEXCEL_INSTR_OPCODE_DIRECTION;
	instr->length = crp->crp_payload_length;
	instr->status = SAFEXCEL_INSTR_STATUS_LAST_HASH;
	instr->instructions = SAFEXCEL_INSTR_INS_LAST |
	    SAFEXCEL_INSTR_DEST_HASH;
	instr++;

	safexcel_instr_temp_aes_block(&instr);

	safexcel_instr_insert_digest(&instr, req->sess->digestlen);

	cdesc->additional_cdata_size = instr - start;
}

static void
safexcel_set_token(struct safexcel_request *req)
{
	const struct crypto_session_params *csp;
	struct cryptop *crp;
	struct safexcel_cmd_descr *cdesc;
	struct safexcel_context_record *ctx;
	struct safexcel_context_template *ctxtmp;
	struct safexcel_instr *instr;
	struct safexcel_softc *sc;
	const uint8_t *akey, *ckey;
	int ringidx;

	crp = req->crp;
	csp = crypto_get_params(crp->crp_session);
	cdesc = req->cdesc;
	sc = req->sc;
	ringidx = req->ringidx;

	akey = crp->crp_auth_key;
	ckey = crp->crp_cipher_key;
	if (akey != NULL || ckey != NULL) {
		/*
		 * If we have a per-request key we have to generate the context
		 * record on the fly.
		 */
		if (akey == NULL)
			akey = csp->csp_auth_key;
		if (ckey == NULL)
			ckey = csp->csp_cipher_key;
		ctx = (struct safexcel_context_record *)req->ctx.vaddr;
		(void)safexcel_set_context(ctx, crp->crp_op, ckey, akey,
		    req->sess);
	} else {
		/*
		 * Use the context record template computed at session
		 * initialization time.
		 */
		ctxtmp = CRYPTO_OP_IS_ENCRYPT(crp->crp_op) ?
		    &req->sess->encctx : &req->sess->decctx;
		ctx = &ctxtmp->ctx;
		memcpy(req->ctx.vaddr + 2 * sizeof(uint32_t), ctx->data,
		    ctxtmp->len);
	}
	cdesc->control_data.control0 = ctx->control0;
	cdesc->control_data.control1 = ctx->control1;

	/*
	 * For keyless hash operations, the token instructions can be embedded
	 * in the token itself.  Otherwise we use an additional token descriptor
	 * and the embedded instruction space is used to store the IV.
	 */
	if (csp->csp_cipher_alg == 0 &&
	    csp->csp_auth_alg != CRYPTO_AES_NIST_GMAC) {
		instr = (void *)cdesc->control_data.token;
	} else {
		instr = (void *)(sc->sc_ring[ringidx].dma_atok.vaddr +
		    sc->sc_config.atok_offset *
		    (cdesc - sc->sc_ring[ringidx].cdr.desc));
		cdesc->control_data.options |= SAFEXCEL_OPTION_4_TOKEN_IV_CMD;
	}

	switch (csp->csp_cipher_alg) {
	case CRYPTO_AES_NIST_GCM_16:
		safexcel_instr_gcm(req, instr, cdesc);
		break;
	case CRYPTO_AES_CCM_16:
		safexcel_instr_ccm(req, instr, cdesc);
		break;
	case CRYPTO_AES_XTS:
		memcpy(cdesc->control_data.token, req->iv, AES_XTS_IV_LEN);
		memset(cdesc->control_data.token +
		    AES_XTS_IV_LEN / sizeof(uint32_t), 0, AES_XTS_IV_LEN);

		safexcel_instr_cipher(req, instr, cdesc);
		break;
	case CRYPTO_AES_CBC:
	case CRYPTO_AES_ICM:
		memcpy(cdesc->control_data.token, req->iv, AES_BLOCK_LEN);
		if (csp->csp_auth_alg != 0)
			safexcel_instr_eta(req, instr, cdesc);
		else
			safexcel_instr_cipher(req, instr, cdesc);
		break;
	default:
		switch (csp->csp_auth_alg) {
		case CRYPTO_SHA1:
		case CRYPTO_SHA1_HMAC:
		case CRYPTO_SHA2_224:
		case CRYPTO_SHA2_224_HMAC:
		case CRYPTO_SHA2_256:
		case CRYPTO_SHA2_256_HMAC:
		case CRYPTO_SHA2_384:
		case CRYPTO_SHA2_384_HMAC:
		case CRYPTO_SHA2_512:
		case CRYPTO_SHA2_512_HMAC:
			safexcel_instr_sha_hash(req, instr);
			break;
		case CRYPTO_AES_NIST_GMAC:
			safexcel_instr_gmac(req, instr, cdesc);
			break;
		default:
			panic("unhandled auth request %d", csp->csp_auth_alg);
		}
		break;
	}
}

static struct safexcel_res_descr *
safexcel_res_descr_add(struct safexcel_ring *ring, bool first, bool last,
    bus_addr_t data, uint32_t len)
{
	struct safexcel_res_descr *rdesc;
	struct safexcel_res_descr_ring *rring;

	mtx_assert(&ring->mtx, MA_OWNED);

	rring = &ring->rdr;
	if ((rring->write + 1) % SAFEXCEL_RING_SIZE == rring->read)
		return (NULL);

	rdesc = &rring->desc[rring->write];
	rring->write = (rring->write + 1) % SAFEXCEL_RING_SIZE;

	rdesc->particle_size = len;
	rdesc->rsvd0 = 0;
	rdesc->descriptor_overflow = 0;
	rdesc->buffer_overflow = 0;
	rdesc->last_seg = last;
	rdesc->first_seg = first;
	rdesc->result_size =
	    sizeof(struct safexcel_res_data) / sizeof(uint32_t);
	rdesc->rsvd1 = 0;
	rdesc->data_lo = SAFEXCEL_ADDR_LO(data);
	rdesc->data_hi = SAFEXCEL_ADDR_HI(data);

	if (first) {
		rdesc->result_data.packet_length = 0;
		rdesc->result_data.error_code = 0;
	}

	return (rdesc);
}

static struct safexcel_cmd_descr *
safexcel_cmd_descr_add(struct safexcel_ring *ring, bool first, bool last,
    bus_addr_t data, uint32_t seglen, uint32_t reqlen, bus_addr_t context)
{
	struct safexcel_cmd_descr *cdesc;
	struct safexcel_cmd_descr_ring *cring;

	KASSERT(reqlen <= SAFEXCEL_MAX_REQUEST_SIZE,
	    ("%s: request length %u too long", __func__, reqlen));
	mtx_assert(&ring->mtx, MA_OWNED);

	cring = &ring->cdr;
	if ((cring->write + 1) % SAFEXCEL_RING_SIZE == cring->read)
		return (NULL);

	cdesc = &cring->desc[cring->write];
	cring->write = (cring->write + 1) % SAFEXCEL_RING_SIZE;

	cdesc->particle_size = seglen;
	cdesc->rsvd0 = 0;
	cdesc->last_seg = last;
	cdesc->first_seg = first;
	cdesc->additional_cdata_size = 0;
	cdesc->rsvd1 = 0;
	cdesc->data_lo = SAFEXCEL_ADDR_LO(data);
	cdesc->data_hi = SAFEXCEL_ADDR_HI(data);
	if (first) {
		cdesc->control_data.packet_length = reqlen;
		cdesc->control_data.options = SAFEXCEL_OPTION_IP |
		    SAFEXCEL_OPTION_CP | SAFEXCEL_OPTION_CTX_CTRL_IN_CMD |
		    SAFEXCEL_OPTION_RC_AUTO;
		cdesc->control_data.type = SAFEXCEL_TOKEN_TYPE_BYPASS;
		cdesc->control_data.context_lo = SAFEXCEL_ADDR_LO(context) |
		    SAFEXCEL_CONTEXT_SMALL;
		cdesc->control_data.context_hi = SAFEXCEL_ADDR_HI(context);
	}

	return (cdesc);
}

static void
safexcel_cmd_descr_rollback(struct safexcel_ring *ring, int count)
{
	struct safexcel_cmd_descr_ring *cring;

	mtx_assert(&ring->mtx, MA_OWNED);

	cring = &ring->cdr;
	cring->write -= count;
	if (cring->write < 0)
		cring->write += SAFEXCEL_RING_SIZE;
}

static void
safexcel_res_descr_rollback(struct safexcel_ring *ring, int count)
{
	struct safexcel_res_descr_ring *rring;

	mtx_assert(&ring->mtx, MA_OWNED);

	rring = &ring->rdr;
	rring->write -= count;
	if (rring->write < 0)
		rring->write += SAFEXCEL_RING_SIZE;
}

static void
safexcel_append_segs(bus_dma_segment_t *segs, int nseg, struct sglist *sg,
    int start, int len)
{
	bus_dma_segment_t *seg;
	size_t seglen;
	int error, i;

	for (i = 0; i < nseg && len > 0; i++) {
		seg = &segs[i];

		if (seg->ds_len <= start) {
			start -= seg->ds_len;
			continue;
		}

		seglen = MIN(len, seg->ds_len - start);
		error = sglist_append_phys(sg, seg->ds_addr + start, seglen);
		if (error != 0)
			panic("%s: ran out of segments: %d", __func__, error);
		len -= seglen;
		start = 0;
	}
}

static void
safexcel_create_chain_cb(void *arg, bus_dma_segment_t *segs, int nseg,
    int error)
{
	const struct crypto_session_params *csp;
	struct cryptop *crp;
	struct safexcel_cmd_descr *cdesc;
	struct safexcel_request *req;
	struct safexcel_ring *ring;
	struct safexcel_session *sess;
	struct sglist *sg;
	size_t inlen;
	int i;
	bool first, last;

	req = arg;
	if (error != 0) {
		req->error = error;
		return;
	}

	crp = req->crp;
	csp = crypto_get_params(crp->crp_session);
	sess = req->sess;
	ring = &req->sc->sc_ring[req->ringidx];

	mtx_assert(&ring->mtx, MA_OWNED);

	/*
	 * Set up descriptors for input and output data.
	 *
	 * The processing engine programs require that any AAD comes first,
	 * followed by the cipher plaintext, followed by the digest.  Some
	 * consumers place the digest first in the input buffer, in which case
	 * we have to create an extra descriptor.
	 *
	 * As an optimization, unmodified data is not passed to the output
	 * stream.
	 */
	sglist_reset(ring->cmd_data);
	sglist_reset(ring->res_data);
	if (crp->crp_aad_length != 0) {
		safexcel_append_segs(segs, nseg, ring->cmd_data,
		    crp->crp_aad_start, crp->crp_aad_length);
	}
	safexcel_append_segs(segs, nseg, ring->cmd_data,
	    crp->crp_payload_start, crp->crp_payload_length);
	if (csp->csp_cipher_alg != 0) {
		safexcel_append_segs(segs, nseg, ring->res_data,
		    crp->crp_payload_start, crp->crp_payload_length);
	}
	if (sess->digestlen > 0) {
		if ((crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) != 0) {
			safexcel_append_segs(segs, nseg, ring->cmd_data,
			    crp->crp_digest_start, sess->digestlen);
		} else {
			safexcel_append_segs(segs, nseg, ring->res_data,
			    crp->crp_digest_start, sess->digestlen);
		}
	}

	sg = ring->cmd_data;
	if (sg->sg_nseg == 0) {
		/*
		 * Fake a segment for the command descriptor if the input has
		 * length zero.  The EIP97 apparently does not handle
		 * zero-length packets properly since subsequent requests return
		 * bogus errors, so provide a dummy segment using the context
		 * descriptor.  Also, we must allocate at least one command ring
		 * entry per request to keep the request shadow ring in sync.
		 */
		(void)sglist_append_phys(sg, req->ctx.paddr, 1);
	}
	for (i = 0, inlen = 0; i < sg->sg_nseg; i++)
		inlen += sg->sg_segs[i].ss_len;
	for (i = 0; i < sg->sg_nseg; i++) {
		first = i == 0;
		last = i == sg->sg_nseg - 1;

		cdesc = safexcel_cmd_descr_add(ring, first, last,
		    sg->sg_segs[i].ss_paddr, sg->sg_segs[i].ss_len,
		    (uint32_t)inlen, req->ctx.paddr);
		if (cdesc == NULL) {
			safexcel_cmd_descr_rollback(ring, i);
			counter_u64_add(req->sc->sc_cdesc_alloc_failures, 1);
			req->error = ERESTART;
			return;
		}
		if (i == 0)
			req->cdesc = cdesc;
	}
	req->cdescs = sg->sg_nseg;

	sg = ring->res_data;
	if (sg->sg_nseg == 0) {
		/*
		 * We need a result descriptor even if the output stream will be
		 * empty, for example when verifying an AAD digest.
		 */
		sg->sg_segs[0].ss_paddr = 0;
		sg->sg_segs[0].ss_len = 0;
		sg->sg_nseg = 1;
	}
	for (i = 0; i < sg->sg_nseg; i++) {
		first = i == 0;
		last = i == sg->sg_nseg - 1;

		if (safexcel_res_descr_add(ring, first, last,
		    sg->sg_segs[i].ss_paddr, sg->sg_segs[i].ss_len) == NULL) {
			safexcel_cmd_descr_rollback(ring,
			    ring->cmd_data->sg_nseg);
			safexcel_res_descr_rollback(ring, i);
			counter_u64_add(req->sc->sc_rdesc_alloc_failures, 1);
			req->error = ERESTART;
			return;
		}
	}
	req->rdescs = sg->sg_nseg;
}

static int
safexcel_create_chain(struct safexcel_ring *ring, struct safexcel_request *req)
{
	int error;

	req->error = 0;
	req->cdescs = req->rdescs = 0;

	error = bus_dmamap_load_crp(ring->data_dtag, req->dmap, req->crp,
	    safexcel_create_chain_cb, req, BUS_DMA_NOWAIT);
	if (error == 0)
		req->dmap_loaded = true;

	if (req->error != 0)
		error = req->error;

	return (error);
}

static bool
safexcel_probe_cipher(const struct crypto_session_params *csp)
{
	switch (csp->csp_cipher_alg) {
	case CRYPTO_AES_CBC:
	case CRYPTO_AES_ICM:
		if (csp->csp_ivlen != AES_BLOCK_LEN)
			return (false);
		break;
	case CRYPTO_AES_XTS:
		if (csp->csp_ivlen != AES_XTS_IV_LEN)
			return (false);
		break;
	default:
		return (false);
	}

	return (true);
}

/*
 * Determine whether the driver can implement a session with the requested
 * parameters.
 */
static int
safexcel_probesession(device_t dev, const struct crypto_session_params *csp)
{
	if (csp->csp_flags != 0)
		return (EINVAL);

	switch (csp->csp_mode) {
	case CSP_MODE_CIPHER:
		if (!safexcel_probe_cipher(csp))
			return (EINVAL);
		break;
	case CSP_MODE_DIGEST:
		switch (csp->csp_auth_alg) {
		case CRYPTO_AES_NIST_GMAC:
			if (csp->csp_ivlen != AES_GCM_IV_LEN)
				return (EINVAL);
			break;
		case CRYPTO_SHA1:
		case CRYPTO_SHA1_HMAC:
		case CRYPTO_SHA2_224:
		case CRYPTO_SHA2_224_HMAC:
		case CRYPTO_SHA2_256:
		case CRYPTO_SHA2_256_HMAC:
		case CRYPTO_SHA2_384:
		case CRYPTO_SHA2_384_HMAC:
		case CRYPTO_SHA2_512:
		case CRYPTO_SHA2_512_HMAC:
			break;
		default:
			return (EINVAL);
		}
		break;
	case CSP_MODE_AEAD:
		switch (csp->csp_cipher_alg) {
		case CRYPTO_AES_NIST_GCM_16:
			if (csp->csp_ivlen != AES_GCM_IV_LEN)
				return (EINVAL);
			break;
		case CRYPTO_AES_CCM_16:
			if (csp->csp_ivlen != AES_CCM_IV_LEN)
				return (EINVAL);
			break;
		default:
			return (EINVAL);
		}
		break;
	case CSP_MODE_ETA:
		if (!safexcel_probe_cipher(csp))
			return (EINVAL);
		switch (csp->csp_cipher_alg) {
		case CRYPTO_AES_CBC:
		case CRYPTO_AES_ICM:
			/*
			 * The EIP-97 does not support combining AES-XTS with
			 * hash operations.
			 */
			if (csp->csp_auth_alg != CRYPTO_SHA1_HMAC &&
			    csp->csp_auth_alg != CRYPTO_SHA2_224_HMAC &&
			    csp->csp_auth_alg != CRYPTO_SHA2_256_HMAC &&
			    csp->csp_auth_alg != CRYPTO_SHA2_384_HMAC &&
			    csp->csp_auth_alg != CRYPTO_SHA2_512_HMAC)
				return (EINVAL);
			break;
		default:
			return (EINVAL);
		}
		break;
	default:
		return (EINVAL);
	}

	return (CRYPTODEV_PROBE_HARDWARE);
}

static uint32_t
safexcel_aes_algid(int keylen)
{
	switch (keylen) {
	case 16:
		return (SAFEXCEL_CONTROL0_CRYPTO_ALG_AES128);
	case 24:
		return (SAFEXCEL_CONTROL0_CRYPTO_ALG_AES192);
	case 32:
		return (SAFEXCEL_CONTROL0_CRYPTO_ALG_AES256);
	default:
		panic("invalid AES key length %d", keylen);
	}
}

static uint32_t
safexcel_aes_ccm_hashid(int keylen)
{
	switch (keylen) {
	case 16:
		return (SAFEXCEL_CONTROL0_HASH_ALG_XCBC128);
	case 24:
		return (SAFEXCEL_CONTROL0_HASH_ALG_XCBC192);
	case 32:
		return (SAFEXCEL_CONTROL0_HASH_ALG_XCBC256);
	default:
		panic("invalid AES key length %d", keylen);
	}
}

static uint32_t
safexcel_sha_hashid(int alg)
{
	switch (alg) {
	case CRYPTO_SHA1:
	case CRYPTO_SHA1_HMAC:
		return (SAFEXCEL_CONTROL0_HASH_ALG_SHA1);
	case CRYPTO_SHA2_224:
	case CRYPTO_SHA2_224_HMAC:
		return (SAFEXCEL_CONTROL0_HASH_ALG_SHA224);
	case CRYPTO_SHA2_256:
	case CRYPTO_SHA2_256_HMAC:
		return (SAFEXCEL_CONTROL0_HASH_ALG_SHA256);
	case CRYPTO_SHA2_384:
	case CRYPTO_SHA2_384_HMAC:
		return (SAFEXCEL_CONTROL0_HASH_ALG_SHA384);
	case CRYPTO_SHA2_512:
	case CRYPTO_SHA2_512_HMAC:
		return (SAFEXCEL_CONTROL0_HASH_ALG_SHA512);
	default:
		__assert_unreachable();
	}
}

static int
safexcel_sha_hashlen(int alg)
{
	switch (alg) {
	case CRYPTO_SHA1:
	case CRYPTO_SHA1_HMAC:
		return (SHA1_HASH_LEN);
	case CRYPTO_SHA2_224:
	case CRYPTO_SHA2_224_HMAC:
		return (SHA2_224_HASH_LEN);
	case CRYPTO_SHA2_256:
	case CRYPTO_SHA2_256_HMAC:
		return (SHA2_256_HASH_LEN);
	case CRYPTO_SHA2_384:
	case CRYPTO_SHA2_384_HMAC:
		return (SHA2_384_HASH_LEN);
	case CRYPTO_SHA2_512:
	case CRYPTO_SHA2_512_HMAC:
		return (SHA2_512_HASH_LEN);
	default:
		__assert_unreachable();
	}
}

static int
safexcel_sha_statelen(int alg)
{
	switch (alg) {
	case CRYPTO_SHA1:
	case CRYPTO_SHA1_HMAC:
		return (SHA1_HASH_LEN);
	case CRYPTO_SHA2_224:
	case CRYPTO_SHA2_224_HMAC:
	case CRYPTO_SHA2_256:
	case CRYPTO_SHA2_256_HMAC:
		return (SHA2_256_HASH_LEN);
	case CRYPTO_SHA2_384:
	case CRYPTO_SHA2_384_HMAC:
	case CRYPTO_SHA2_512:
	case CRYPTO_SHA2_512_HMAC:
		return (SHA2_512_HASH_LEN);
	default:
		__assert_unreachable();
	}
}

static int
safexcel_newsession(device_t dev, crypto_session_t cses,
    const struct crypto_session_params *csp)
{
	struct safexcel_session *sess;
	struct safexcel_softc *sc;

	sc = device_get_softc(dev);
	sess = crypto_get_driver_session(cses);
	sess->cses = cses;

	switch (csp->csp_auth_alg) {
	case CRYPTO_SHA1:
	case CRYPTO_SHA2_224:
	case CRYPTO_SHA2_256:
	case CRYPTO_SHA2_384:
	case CRYPTO_SHA2_512:
		sess->digest = SAFEXCEL_CONTROL0_DIGEST_PRECOMPUTED;
		sess->hash = safexcel_sha_hashid(csp->csp_auth_alg);
		sess->digestlen = safexcel_sha_hashlen(csp->csp_auth_alg);
		sess->statelen = safexcel_sha_statelen(csp->csp_auth_alg);
		break;
	case CRYPTO_SHA1_HMAC:
	case CRYPTO_SHA2_224_HMAC:
	case CRYPTO_SHA2_256_HMAC:
	case CRYPTO_SHA2_384_HMAC:
	case CRYPTO_SHA2_512_HMAC:
		sess->digest = SAFEXCEL_CONTROL0_DIGEST_HMAC;
		sess->hash = safexcel_sha_hashid(csp->csp_auth_alg);
		sess->digestlen = safexcel_sha_hashlen(csp->csp_auth_alg);
		sess->statelen = safexcel_sha_statelen(csp->csp_auth_alg);
		break;
	case CRYPTO_AES_NIST_GMAC:
		sess->digest = SAFEXCEL_CONTROL0_DIGEST_GMAC;
		sess->digestlen = GMAC_DIGEST_LEN;
		sess->hash = SAFEXCEL_CONTROL0_HASH_ALG_GHASH;
		sess->alg = safexcel_aes_algid(csp->csp_auth_klen);
		sess->mode = SAFEXCEL_CONTROL1_CRYPTO_MODE_GCM;
		break;
	}

	switch (csp->csp_cipher_alg) {
	case CRYPTO_AES_NIST_GCM_16:
		sess->digest = SAFEXCEL_CONTROL0_DIGEST_GMAC;
		sess->digestlen = GMAC_DIGEST_LEN;
		sess->hash = SAFEXCEL_CONTROL0_HASH_ALG_GHASH;
		sess->alg = safexcel_aes_algid(csp->csp_cipher_klen);
		sess->mode = SAFEXCEL_CONTROL1_CRYPTO_MODE_GCM;
		break;
	case CRYPTO_AES_CCM_16:
		sess->hash = safexcel_aes_ccm_hashid(csp->csp_cipher_klen);
		sess->digest = SAFEXCEL_CONTROL0_DIGEST_CCM;
		sess->digestlen = CCM_CBC_MAX_DIGEST_LEN;
		sess->alg = safexcel_aes_algid(csp->csp_cipher_klen);
		sess->mode = SAFEXCEL_CONTROL1_CRYPTO_MODE_CCM;
		break;
	case CRYPTO_AES_CBC:
		sess->alg = safexcel_aes_algid(csp->csp_cipher_klen);
		sess->mode = SAFEXCEL_CONTROL1_CRYPTO_MODE_CBC;
		break;
	case CRYPTO_AES_ICM:
		sess->alg = safexcel_aes_algid(csp->csp_cipher_klen);
		sess->mode = SAFEXCEL_CONTROL1_CRYPTO_MODE_CTR;
		break;
	case CRYPTO_AES_XTS:
		sess->alg = safexcel_aes_algid(csp->csp_cipher_klen / 2);
		sess->mode = SAFEXCEL_CONTROL1_CRYPTO_MODE_XTS;
		break;
	}

	if (csp->csp_auth_mlen != 0)
		sess->digestlen = csp->csp_auth_mlen;

	if ((csp->csp_cipher_alg == 0 || csp->csp_cipher_key != NULL) &&
	    (csp->csp_auth_alg == 0 || csp->csp_auth_key != NULL)) {
		sess->encctx.len = safexcel_set_context(&sess->encctx.ctx,
		    CRYPTO_OP_ENCRYPT, csp->csp_cipher_key, csp->csp_auth_key,
		    sess);
		sess->decctx.len = safexcel_set_context(&sess->decctx.ctx,
		    CRYPTO_OP_DECRYPT, csp->csp_cipher_key, csp->csp_auth_key,
		    sess);
	}

	return (0);
}

static int
safexcel_process(device_t dev, struct cryptop *crp, int hint)
{
	const struct crypto_session_params *csp;
	struct safexcel_request *req;
	struct safexcel_ring *ring;
	struct safexcel_session *sess;
	struct safexcel_softc *sc;
	int error;

	sc = device_get_softc(dev);
	sess = crypto_get_driver_session(crp->crp_session);
	csp = crypto_get_params(crp->crp_session);

	if (__predict_false(crypto_buffer_len(&crp->crp_buf) >
	    SAFEXCEL_MAX_REQUEST_SIZE)) {
		crp->crp_etype = E2BIG;
		crypto_done(crp);
		return (0);
	}

	ring = &sc->sc_ring[curcpu % sc->sc_config.rings];
	mtx_lock(&ring->mtx);
	req = safexcel_alloc_request(sc, ring);
	if (__predict_false(req == NULL)) {
		ring->blocked = CRYPTO_SYMQ;
		mtx_unlock(&ring->mtx);
		counter_u64_add(sc->sc_req_alloc_failures, 1);
		return (ERESTART);
	}

	req->crp = crp;
	req->sess = sess;

	crypto_read_iv(crp, req->iv);

	error = safexcel_create_chain(ring, req);
	if (__predict_false(error != 0)) {
		safexcel_free_request(ring, req);
		if (error == ERESTART)
			ring->blocked = CRYPTO_SYMQ;
		mtx_unlock(&ring->mtx);
		if (error != ERESTART) {
			crp->crp_etype = error;
			crypto_done(crp);
			return (0);
		} else {
			return (ERESTART);
		}
	}

	safexcel_set_token(req);

	bus_dmamap_sync(ring->data_dtag, req->dmap,
	    BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
	bus_dmamap_sync(req->ctx.tag, req->ctx.map,
	    BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
	bus_dmamap_sync(ring->cdr.dma.tag, ring->cdr.dma.map,
	    BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
	bus_dmamap_sync(ring->dma_atok.tag, ring->dma_atok.map,
	    BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
	bus_dmamap_sync(ring->rdr.dma.tag, ring->rdr.dma.map,
	    BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);

	safexcel_execute(sc, ring, req, hint);

	mtx_unlock(&ring->mtx);

	return (0);
}

static device_method_t safexcel_methods[] = {
	/* Device interface */
	DEVMETHOD(device_probe,		safexcel_probe),
	DEVMETHOD(device_attach,	safexcel_attach),
	DEVMETHOD(device_detach,	safexcel_detach),

	/* Cryptodev interface */
	DEVMETHOD(cryptodev_probesession, safexcel_probesession),
	DEVMETHOD(cryptodev_newsession,	safexcel_newsession),
	DEVMETHOD(cryptodev_process,	safexcel_process),

	DEVMETHOD_END
};

static devclass_t safexcel_devclass;

static driver_t safexcel_driver = {
	.name 		= "safexcel",
	.methods 	= safexcel_methods,
	.size		= sizeof(struct safexcel_softc),
};

DRIVER_MODULE(safexcel, simplebus, safexcel_driver, safexcel_devclass, 0, 0);
MODULE_VERSION(safexcel, 1);
MODULE_DEPEND(safexcel, crypto, 1, 1, 1);