crypto/ccp/ccp_hardware.c

*844d9543SConrad Meyer/*-
*844d9543SConrad Meyer * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * Copyright (c) 2017 Chelsio Communications, Inc.
*844d9543SConrad Meyer * Copyright (c) 2017 Conrad Meyer <cem@FreeBSD.org>
*844d9543SConrad Meyer * All rights reserved.
*844d9543SConrad Meyer * Largely borrowed from ccr(4), Written by: John Baldwin <jhb@FreeBSD.org>
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * Redistribution and use in source and binary forms, with or without
*844d9543SConrad Meyer * modification, are permitted provided that the following conditions
*844d9543SConrad Meyer * are met:
*844d9543SConrad Meyer * 1. Redistributions of source code must retain the above copyright
*844d9543SConrad Meyer *    notice, this list of conditions and the following disclaimer.
*844d9543SConrad Meyer * 2. Redistributions in binary form must reproduce the above copyright
*844d9543SConrad Meyer *    notice, this list of conditions and the following disclaimer in the
*844d9543SConrad Meyer *    documentation and/or other materials provided with the distribution.
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
*844d9543SConrad Meyer * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
*844d9543SConrad Meyer * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
*844d9543SConrad Meyer * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
*844d9543SConrad Meyer * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
*844d9543SConrad Meyer * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
*844d9543SConrad Meyer * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
*844d9543SConrad Meyer * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
*844d9543SConrad Meyer * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
*844d9543SConrad Meyer * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
*844d9543SConrad Meyer * SUCH DAMAGE.
*844d9543SConrad Meyer */
*844d9543SConrad Meyer
*844d9543SConrad Meyer#include <sys/cdefs.h>
*844d9543SConrad Meyer__FBSDID("$FreeBSD$");
*844d9543SConrad Meyer
*844d9543SConrad Meyer#include "opt_ddb.h"
*844d9543SConrad Meyer
*844d9543SConrad Meyer#include <sys/types.h>
*844d9543SConrad Meyer#include <sys/bus.h>
*844d9543SConrad Meyer#include <sys/lock.h>
*844d9543SConrad Meyer#include <sys/kernel.h>
*844d9543SConrad Meyer#include <sys/malloc.h>
*844d9543SConrad Meyer#include <sys/mutex.h>
*844d9543SConrad Meyer#include <sys/module.h>
*844d9543SConrad Meyer#include <sys/rman.h>
*844d9543SConrad Meyer#include <sys/sglist.h>
*844d9543SConrad Meyer#include <sys/sysctl.h>
*844d9543SConrad Meyer
*844d9543SConrad Meyer#ifdef DDB
*844d9543SConrad Meyer#include <ddb/ddb.h>
*844d9543SConrad Meyer#endif
*844d9543SConrad Meyer
*844d9543SConrad Meyer#include <dev/pci/pcireg.h>
*844d9543SConrad Meyer#include <dev/pci/pcivar.h>
*844d9543SConrad Meyer
*844d9543SConrad Meyer#include <machine/bus.h>
*844d9543SConrad Meyer#include <machine/resource.h>
*844d9543SConrad Meyer#include <machine/vmparam.h>
*844d9543SConrad Meyer
*844d9543SConrad Meyer#include <opencrypto/cryptodev.h>
*844d9543SConrad Meyer#include <opencrypto/xform.h>
*844d9543SConrad Meyer
*844d9543SConrad Meyer#include <vm/vm.h>
*844d9543SConrad Meyer#include <vm/pmap.h>
*844d9543SConrad Meyer
*844d9543SConrad Meyer#include "cryptodev_if.h"
*844d9543SConrad Meyer
*844d9543SConrad Meyer#include "ccp.h"
*844d9543SConrad Meyer#include "ccp_hardware.h"
*844d9543SConrad Meyer#include "ccp_lsb.h"
*844d9543SConrad Meyer
*844d9543SConrad MeyerCTASSERT(sizeof(struct ccp_desc) == 32);
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic struct ccp_xts_unitsize_map_entry {
*844d9543SConrad Meyer	enum ccp_xts_unitsize cxu_id;
*844d9543SConrad Meyer	unsigned cxu_size;
*844d9543SConrad Meyer} ccp_xts_unitsize_map[] = {
*844d9543SConrad Meyer	{ CCP_XTS_AES_UNIT_SIZE_16, 16 },
*844d9543SConrad Meyer	{ CCP_XTS_AES_UNIT_SIZE_512, 512 },
*844d9543SConrad Meyer	{ CCP_XTS_AES_UNIT_SIZE_1024, 1024 },
*844d9543SConrad Meyer	{ CCP_XTS_AES_UNIT_SIZE_2048, 2048 },
*844d9543SConrad Meyer	{ CCP_XTS_AES_UNIT_SIZE_4096, 4096 },
*844d9543SConrad Meyer};
*844d9543SConrad Meyer
*844d9543SConrad MeyerSYSCTL_NODE(_hw, OID_AUTO, ccp, CTLFLAG_RD, 0, "ccp node");
*844d9543SConrad Meyer
*844d9543SConrad Meyerunsigned g_ccp_ring_order = 11;
*844d9543SConrad MeyerSYSCTL_UINT(_hw_ccp, OID_AUTO, ring_order, CTLFLAG_RDTUN, &g_ccp_ring_order,
*844d9543SConrad Meyer    0, "Set CCP ring order.  (1 << this) == ring size.  Min: 6, Max: 16");
*844d9543SConrad Meyer
*844d9543SConrad Meyer/*
*844d9543SConrad Meyer * Zero buffer, sufficient for padding LSB entries, that does not span a page
*844d9543SConrad Meyer * boundary
*844d9543SConrad Meyer */
*844d9543SConrad Meyerstatic const char g_zeroes[32] __aligned(32);
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic inline uint32_t
*844d9543SConrad Meyerccp_read_4(struct ccp_softc *sc, uint32_t offset)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	return (bus_space_read_4(sc->pci_bus_tag, sc->pci_bus_handle, offset));
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic inline void
*844d9543SConrad Meyerccp_write_4(struct ccp_softc *sc, uint32_t offset, uint32_t value)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	bus_space_write_4(sc->pci_bus_tag, sc->pci_bus_handle, offset, value);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic inline uint32_t
*844d9543SConrad Meyerccp_read_queue_4(struct ccp_softc *sc, unsigned queue, uint32_t offset)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	/*
*844d9543SConrad Meyer	 * Each queue gets its own 4kB register space.  Queue 0 is at 0x1000.
*844d9543SConrad Meyer	 */
*844d9543SConrad Meyer	return (ccp_read_4(sc, (CMD_Q_STATUS_INCR * (1 + queue)) + offset));
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic inline void
*844d9543SConrad Meyerccp_write_queue_4(struct ccp_softc *sc, unsigned queue, uint32_t offset,
*844d9543SConrad Meyer    uint32_t value)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	ccp_write_4(sc, (CMD_Q_STATUS_INCR * (1 + queue)) + offset, value);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyervoid
*844d9543SConrad Meyerccp_queue_write_tail(struct ccp_queue *qp)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	ccp_write_queue_4(qp->cq_softc, qp->cq_qindex, CMD_Q_TAIL_LO_BASE,
*844d9543SConrad Meyer	    ((uint32_t)qp->desc_ring_bus_addr) + (Q_DESC_SIZE * qp->cq_tail));
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyer/*
*844d9543SConrad Meyer * Given a queue and a reserved LSB entry index, compute the LSB *entry id* of
*844d9543SConrad Meyer * that entry for the queue's private LSB region.
*844d9543SConrad Meyer */
*844d9543SConrad Meyerstatic inline uint8_t
*844d9543SConrad Meyerccp_queue_lsb_entry(struct ccp_queue *qp, unsigned lsb_entry)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	return ((qp->private_lsb * LSB_REGION_LENGTH + lsb_entry));
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyer/*
*844d9543SConrad Meyer * Given a queue and a reserved LSB entry index, compute the LSB *address* of
*844d9543SConrad Meyer * that entry for the queue's private LSB region.
*844d9543SConrad Meyer */
*844d9543SConrad Meyerstatic inline uint32_t
*844d9543SConrad Meyerccp_queue_lsb_address(struct ccp_queue *qp, unsigned lsb_entry)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	return (ccp_queue_lsb_entry(qp, lsb_entry) * LSB_ENTRY_SIZE);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyer/*
*844d9543SConrad Meyer * Some terminology:
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * LSB - Local Storage Block
*844d9543SConrad Meyer * =========================
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * 8 segments/regions, each containing 16 entries.
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * Each entry contains 256 bits (32 bytes).
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * Segments are virtually addressed in commands, but accesses cannot cross
*844d9543SConrad Meyer * segment boundaries.  Virtual map uses an identity mapping by default
*844d9543SConrad Meyer * (virtual segment N corresponds to physical segment N).
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * Access to a physical region can be restricted to any subset of all five
*844d9543SConrad Meyer * queues.
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * "Pass-through" mode
*844d9543SConrad Meyer * ===================
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * Pass-through is a generic DMA engine, much like ioat(4).  Some nice
*844d9543SConrad Meyer * features:
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * - Supports byte-swapping for endian conversion (32- or 256-bit words)
*844d9543SConrad Meyer * - AND, OR, XOR with fixed 256-bit mask
*844d9543SConrad Meyer * - CRC32 of data (may be used in tandem with bswap, but not bit operations)
*844d9543SConrad Meyer * - Read/write of LSB
*844d9543SConrad Meyer * - Memset
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * If bit manipulation mode is enabled, input must be a multiple of 256 bits
*844d9543SConrad Meyer * (32 bytes).
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * If byte-swapping is enabled, input must be a multiple of the word size.
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * Zlib mode -- only usable from one queue at a time, single job at a time.
*844d9543SConrad Meyer * ========================================================================
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * Only usable from private host, aka PSP?  Not host processor?
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * RNG.
*844d9543SConrad Meyer * ====
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * Raw bits are conditioned with AES and fed through CTR_DRBG.  Output goes in
*844d9543SConrad Meyer * a ring buffer readable by software.
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * NIST SP 800-90B Repetition Count and Adaptive Proportion health checks are
*844d9543SConrad Meyer * implemented on the raw input stream and may be enabled to verify min-entropy
*844d9543SConrad Meyer * of 0.5 bits per bit.
*844d9543SConrad Meyer */
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic void
*844d9543SConrad Meyerccp_dmamap_cb(void *arg, bus_dma_segment_t *segs, int nseg, int error)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	bus_addr_t *baddr;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	KASSERT(error == 0, ("%s: error:%d", __func__, error));
*844d9543SConrad Meyer	baddr = arg;
*844d9543SConrad Meyer	*baddr = segs->ds_addr;
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic int
*844d9543SConrad Meyerccp_hw_attach_queue(device_t dev, uint64_t lsbmask, unsigned queue)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_softc *sc;
*844d9543SConrad Meyer	struct ccp_queue *qp;
*844d9543SConrad Meyer	void *desc;
*844d9543SConrad Meyer	size_t ringsz, num_descriptors;
*844d9543SConrad Meyer	int error;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc = NULL;
*844d9543SConrad Meyer	sc = device_get_softc(dev);
*844d9543SConrad Meyer	qp = &sc->queues[queue];
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/*
*844d9543SConrad Meyer	 * Don't bother allocating a ring for queues the host isn't allowed to
*844d9543SConrad Meyer	 * drive.
*844d9543SConrad Meyer	 */
*844d9543SConrad Meyer	if ((sc->valid_queues & (1 << queue)) == 0)
*844d9543SConrad Meyer		return (0);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	ccp_queue_decode_lsb_regions(sc, lsbmask, queue);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Ignore queues that do not have any LSB access. */
*844d9543SConrad Meyer	if (qp->lsb_mask == 0) {
*844d9543SConrad Meyer		device_printf(dev, "Ignoring queue %u with no LSB access\n",
*844d9543SConrad Meyer		    queue);
*844d9543SConrad Meyer		sc->valid_queues &= ~(1 << queue);
*844d9543SConrad Meyer		return (0);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	num_descriptors = 1 << sc->ring_size_order;
*844d9543SConrad Meyer	ringsz = sizeof(struct ccp_desc) * num_descriptors;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/*
*844d9543SConrad Meyer	 * "Queue_Size" is order - 1.
*844d9543SConrad Meyer	 *
*844d9543SConrad Meyer	 * Queue must be aligned to 5+Queue_Size+1 == 5 + order bits.
*844d9543SConrad Meyer	 */
*844d9543SConrad Meyer	error = bus_dma_tag_create(bus_get_dma_tag(dev),
*844d9543SConrad Meyer	    1 << (5 + sc->ring_size_order),
*844d9543SConrad Meyer#if defined(__i386__) && !defined(PAE)
*844d9543SConrad Meyer	    0, BUS_SPACE_MAXADDR,
*844d9543SConrad Meyer#else
*844d9543SConrad Meyer	    (bus_addr_t)1 << 32, BUS_SPACE_MAXADDR_48BIT,
*844d9543SConrad Meyer#endif
*844d9543SConrad Meyer	    BUS_SPACE_MAXADDR, NULL, NULL, ringsz, 1,
*844d9543SConrad Meyer	    ringsz, 0, NULL, NULL, &qp->ring_desc_tag);
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		goto out;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	error = bus_dmamem_alloc(qp->ring_desc_tag, &desc,
*844d9543SConrad Meyer	    BUS_DMA_ZERO | BUS_DMA_WAITOK, &qp->ring_desc_map);
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		goto out;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	error = bus_dmamap_load(qp->ring_desc_tag, qp->ring_desc_map, desc,
*844d9543SConrad Meyer	    ringsz, ccp_dmamap_cb, &qp->desc_ring_bus_addr, BUS_DMA_WAITOK);
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		goto out;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	qp->desc_ring = desc;
*844d9543SConrad Meyer	qp->completions_ring = malloc(num_descriptors *
*844d9543SConrad Meyer	    sizeof(*qp->completions_ring), M_CCP, M_ZERO | M_WAITOK);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Zero control register; among other things, clears the RUN flag. */
*844d9543SConrad Meyer	qp->qcontrol = 0;
*844d9543SConrad Meyer	ccp_write_queue_4(sc, queue, CMD_Q_CONTROL_BASE, qp->qcontrol);
*844d9543SConrad Meyer	ccp_write_queue_4(sc, queue, CMD_Q_INT_ENABLE_BASE, 0);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Clear any leftover interrupt status flags */
*844d9543SConrad Meyer	ccp_write_queue_4(sc, queue, CMD_Q_INTERRUPT_STATUS_BASE,
*844d9543SConrad Meyer	    ALL_INTERRUPTS);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	qp->qcontrol |= (sc->ring_size_order - 1) << CMD_Q_SIZE_SHIFT;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	ccp_write_queue_4(sc, queue, CMD_Q_TAIL_LO_BASE,
*844d9543SConrad Meyer	    (uint32_t)qp->desc_ring_bus_addr);
*844d9543SConrad Meyer	ccp_write_queue_4(sc, queue, CMD_Q_HEAD_LO_BASE,
*844d9543SConrad Meyer	    (uint32_t)qp->desc_ring_bus_addr);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/*
*844d9543SConrad Meyer	 * Enable completion interrupts, as well as error or administrative
*844d9543SConrad Meyer	 * halt interrupts.  We don't use administrative halts, but they
*844d9543SConrad Meyer	 * shouldn't trip unless we do, so it ought to be harmless.
*844d9543SConrad Meyer	 */
*844d9543SConrad Meyer	ccp_write_queue_4(sc, queue, CMD_Q_INT_ENABLE_BASE,
*844d9543SConrad Meyer	    INT_COMPLETION | INT_ERROR | INT_QUEUE_STOPPED);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	qp->qcontrol |= (qp->desc_ring_bus_addr >> 32) << CMD_Q_PTR_HI_SHIFT;
*844d9543SConrad Meyer	qp->qcontrol |= CMD_Q_RUN;
*844d9543SConrad Meyer	ccp_write_queue_4(sc, queue, CMD_Q_CONTROL_BASE, qp->qcontrol);
*844d9543SConrad Meyer
*844d9543SConrad Meyerout:
*844d9543SConrad Meyer	if (error != 0) {
*844d9543SConrad Meyer		if (qp->desc_ring != NULL)
*844d9543SConrad Meyer			bus_dmamap_unload(qp->ring_desc_tag,
*844d9543SConrad Meyer			    qp->ring_desc_map);
*844d9543SConrad Meyer		if (desc != NULL)
*844d9543SConrad Meyer			bus_dmamem_free(qp->ring_desc_tag, desc,
*844d9543SConrad Meyer			    qp->ring_desc_map);
*844d9543SConrad Meyer		if (qp->ring_desc_tag != NULL)
*844d9543SConrad Meyer			bus_dma_tag_destroy(qp->ring_desc_tag);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer	return (error);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic void
*844d9543SConrad Meyerccp_hw_detach_queue(device_t dev, unsigned queue)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_softc *sc;
*844d9543SConrad Meyer	struct ccp_queue *qp;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	sc = device_get_softc(dev);
*844d9543SConrad Meyer	qp = &sc->queues[queue];
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/*
*844d9543SConrad Meyer	 * Don't bother allocating a ring for queues the host isn't allowed to
*844d9543SConrad Meyer	 * drive.
*844d9543SConrad Meyer	 */
*844d9543SConrad Meyer	if ((sc->valid_queues & (1 << queue)) == 0)
*844d9543SConrad Meyer		return;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	free(qp->completions_ring, M_CCP);
*844d9543SConrad Meyer	bus_dmamap_unload(qp->ring_desc_tag, qp->ring_desc_map);
*844d9543SConrad Meyer	bus_dmamem_free(qp->ring_desc_tag, qp->desc_ring, qp->ring_desc_map);
*844d9543SConrad Meyer	bus_dma_tag_destroy(qp->ring_desc_tag);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic int
*844d9543SConrad Meyerccp_map_pci_bar(device_t dev)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_softc *sc;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	sc = device_get_softc(dev);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	sc->pci_resource_id = PCIR_BAR(2);
*844d9543SConrad Meyer	sc->pci_resource = bus_alloc_resource_any(dev, SYS_RES_MEMORY,
*844d9543SConrad Meyer	    &sc->pci_resource_id, RF_ACTIVE);
*844d9543SConrad Meyer	if (sc->pci_resource == NULL) {
*844d9543SConrad Meyer		device_printf(dev, "unable to allocate pci resource\n");
*844d9543SConrad Meyer		return (ENODEV);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	sc->pci_resource_id_msix = PCIR_BAR(5);
*844d9543SConrad Meyer	sc->pci_resource_msix = bus_alloc_resource_any(dev, SYS_RES_MEMORY,
*844d9543SConrad Meyer	    &sc->pci_resource_id_msix, RF_ACTIVE);
*844d9543SConrad Meyer	if (sc->pci_resource_msix == NULL) {
*844d9543SConrad Meyer		device_printf(dev, "unable to allocate pci resource msix\n");
*844d9543SConrad Meyer		bus_release_resource(dev, SYS_RES_MEMORY, sc->pci_resource_id,
*844d9543SConrad Meyer		    sc->pci_resource);
*844d9543SConrad Meyer		return (ENODEV);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	sc->pci_bus_tag = rman_get_bustag(sc->pci_resource);
*844d9543SConrad Meyer	sc->pci_bus_handle = rman_get_bushandle(sc->pci_resource);
*844d9543SConrad Meyer	return (0);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic void
*844d9543SConrad Meyerccp_unmap_pci_bar(device_t dev)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_softc *sc;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	sc = device_get_softc(dev);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	bus_release_resource(dev, SYS_RES_MEMORY, sc->pci_resource_id_msix,
*844d9543SConrad Meyer	    sc->pci_resource_msix);
*844d9543SConrad Meyer	bus_release_resource(dev, SYS_RES_MEMORY, sc->pci_resource_id,
*844d9543SConrad Meyer	    sc->pci_resource);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerconst static struct ccp_error_code {
*844d9543SConrad Meyer	uint8_t		ce_code;
*844d9543SConrad Meyer	const char	*ce_name;
*844d9543SConrad Meyer	int		ce_errno;
*844d9543SConrad Meyer	const char	*ce_desc;
*844d9543SConrad Meyer} ccp_error_codes[] = {
*844d9543SConrad Meyer	{ 0x01, "ILLEGAL_ENGINE", EIO, "Requested engine was invalid" },
*844d9543SConrad Meyer	{ 0x03, "ILLEGAL_FUNCTION_TYPE", EIO,
*844d9543SConrad Meyer	    "A non-supported function type was specified" },
*844d9543SConrad Meyer	{ 0x04, "ILLEGAL_FUNCTION_MODE", EIO,
*844d9543SConrad Meyer	    "A non-supported function mode was specified" },
*844d9543SConrad Meyer	{ 0x05, "ILLEGAL_FUNCTION_ENCRYPT", EIO,
*844d9543SConrad Meyer	    "A CMAC type was specified when ENCRYPT was not specified" },
*844d9543SConrad Meyer	{ 0x06, "ILLEGAL_FUNCTION_SIZE", EIO,
*844d9543SConrad Meyer	    "A non-supported function size was specified.\n"
*844d9543SConrad Meyer	    "AES-CFB: Size was not 127 or 7;\n"
*844d9543SConrad Meyer	    "3DES-CFB: Size was not 7;\n"
*844d9543SConrad Meyer	    "RSA: See supported size table (7.4.2);\n"
*844d9543SConrad Meyer	    "ECC: Size was greater than 576 bits." },
*844d9543SConrad Meyer	{ 0x07, "Zlib_MISSING_INIT_EOM", EIO,
*844d9543SConrad Meyer	    "Zlib command does not have INIT and EOM set" },
*844d9543SConrad Meyer	{ 0x08, "ILLEGAL_FUNCTION_RSVD", EIO,
*844d9543SConrad Meyer	    "Reserved bits in a function specification were not 0" },
*844d9543SConrad Meyer	{ 0x09, "ILLEGAL_BUFFER_LENGTH", EIO,
*844d9543SConrad Meyer	    "The buffer length specified was not correct for the selected engine"
*844d9543SConrad Meyer	},
*844d9543SConrad Meyer	{ 0x0A, "VLSB_FAULT", EIO, "Illegal VLSB segment mapping:\n"
*844d9543SConrad Meyer	    "Undefined VLSB segment mapping or\n"
*844d9543SConrad Meyer	    "mapping to unsupported LSB segment id" },
*844d9543SConrad Meyer	{ 0x0B, "ILLEGAL_MEM_ADDR", EFAULT,
*844d9543SConrad Meyer	    "The specified source/destination buffer access was illegal:\n"
*844d9543SConrad Meyer	    "Data buffer located in a LSB location disallowed by the LSB protection masks; or\n"
*844d9543SConrad Meyer	    "Data buffer not completely contained within a single segment; or\n"
*844d9543SConrad Meyer	    "Pointer with Fixed=1 is not 32-bit aligned; or\n"
*844d9543SConrad Meyer	    "Pointer with Fixed=1 attempted to reference non-AXI1 (local) memory."
*844d9543SConrad Meyer	},
*844d9543SConrad Meyer	{ 0x0C, "ILLEGAL_MEM_SEL", EIO,
*844d9543SConrad Meyer	    "A src_mem, dst_mem, or key_mem field was illegal:\n"
*844d9543SConrad Meyer	    "A field was set to a reserved value; or\n"
*844d9543SConrad Meyer	    "A public command attempted to reference AXI1 (local) or GART memory; or\n"
*844d9543SConrad Meyer	    "A Zlib command attmpted to use the LSB." },
*844d9543SConrad Meyer	{ 0x0D, "ILLEGAL_CONTEXT_ADDR", EIO,
*844d9543SConrad Meyer	    "The specified context location was illegal:\n"
*844d9543SConrad Meyer	    "Context located in a LSB location disallowed by the LSB protection masks; or\n"
*844d9543SConrad Meyer	    "Context not completely contained within a single segment." },
*844d9543SConrad Meyer	{ 0x0E, "ILLEGAL_KEY_ADDR", EIO,
*844d9543SConrad Meyer	    "The specified key location was illegal:\n"
*844d9543SConrad Meyer	    "Key located in a LSB location disallowed by the LSB protection masks; or\n"
*844d9543SConrad Meyer	    "Key not completely contained within a single segment." },
*844d9543SConrad Meyer	{ 0x12, "CMD_TIMEOUT", EIO, "A command timeout violation occurred" },
*844d9543SConrad Meyer	/* XXX Could fill out these descriptions too */
*844d9543SConrad Meyer	{ 0x13, "IDMA0_AXI_SLVERR", EIO, "" },
*844d9543SConrad Meyer	{ 0x14, "IDMA0_AXI_DECERR", EIO, "" },
*844d9543SConrad Meyer	{ 0x16, "IDMA1_AXI_SLVERR", EIO, "" },
*844d9543SConrad Meyer	{ 0x17, "IDMA1_AXI_DECERR", EIO, "" },
*844d9543SConrad Meyer	{ 0x19, "ZLIBVHB_AXI_SLVERR", EIO, "" },
*844d9543SConrad Meyer	{ 0x1A, "ZLIBVHB_AXI_DECERR", EIO, "" },
*844d9543SConrad Meyer	{ 0x1C, "ZLIB_UNEXPECTED_EOM", EIO, "" },
*844d9543SConrad Meyer	{ 0x1D, "ZLIB_EXTRA_DATA", EIO, "" },
*844d9543SConrad Meyer	{ 0x1E, "ZLIB_BTYPE", EIO, "" },
*844d9543SConrad Meyer	{ 0x20, "ZLIB_UNDEFINED_DISTANCE_SYMBOL", EIO, "" },
*844d9543SConrad Meyer	{ 0x21, "ZLIB_CODE_LENGTH_SYMBOL", EIO, "" },
*844d9543SConrad Meyer	{ 0x22, "ZLIB_VHB_ILLEGAL_FETCH", EIO, "" },
*844d9543SConrad Meyer	{ 0x23, "ZLIB_UNCOMPRESSED_LEN", EIO, "" },
*844d9543SConrad Meyer	{ 0x24, "ZLIB_LIMIT_REACHED", EIO, "" },
*844d9543SConrad Meyer	{ 0x25, "ZLIB_CHECKSUM_MISMATCH", EIO, "" },
*844d9543SConrad Meyer	{ 0x26, "ODMA0_AXI_SLVERR", EIO, "" },
*844d9543SConrad Meyer	{ 0x27, "ODMA0_AXI_DECERR", EIO, "" },
*844d9543SConrad Meyer	{ 0x29, "ODMA1_AXI_SLVERR", EIO, "" },
*844d9543SConrad Meyer	{ 0x2A, "ODMA1_AXI_DECERR", EIO, "" },
*844d9543SConrad Meyer	{ 0x2B, "LSB_PARITY_ERR", EIO,
*844d9543SConrad Meyer	    "A read from the LSB encountered a parity error" },
*844d9543SConrad Meyer};
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic void
*844d9543SConrad Meyerccp_intr_handle_error(struct ccp_queue *qp, const struct ccp_desc *desc)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_completion_ctx *cctx;
*844d9543SConrad Meyer	const struct ccp_error_code *ec;
*844d9543SConrad Meyer	struct ccp_softc *sc;
*844d9543SConrad Meyer	uint32_t status, error, esource, faultblock;
*844d9543SConrad Meyer	unsigned q, idx;
*844d9543SConrad Meyer	int errno;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	sc = qp->cq_softc;
*844d9543SConrad Meyer	q = qp->cq_qindex;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	status = ccp_read_queue_4(sc, q, CMD_Q_STATUS_BASE);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	error = status & STATUS_ERROR_MASK;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Decode error status */
*844d9543SConrad Meyer	ec = NULL;
*844d9543SConrad Meyer	for (idx = 0; idx < nitems(ccp_error_codes); idx++)
*844d9543SConrad Meyer		if (ccp_error_codes[idx].ce_code == error) {
*844d9543SConrad Meyer			ec = &ccp_error_codes[idx];
*844d9543SConrad Meyer			break;
*844d9543SConrad Meyer		}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	esource = (status >> STATUS_ERRORSOURCE_SHIFT) &
*844d9543SConrad Meyer	    STATUS_ERRORSOURCE_MASK;
*844d9543SConrad Meyer	faultblock = (status >> STATUS_VLSB_FAULTBLOCK_SHIFT) &
*844d9543SConrad Meyer	    STATUS_VLSB_FAULTBLOCK_MASK;
*844d9543SConrad Meyer	device_printf(sc->dev, "Error: %s (%u) Source: %u Faulting LSB block: %u\n",
*844d9543SConrad Meyer	    (ec != NULL) ? ec->ce_name : "(reserved)", error, esource,
*844d9543SConrad Meyer	    faultblock);
*844d9543SConrad Meyer	if (ec != NULL)
*844d9543SConrad Meyer		device_printf(sc->dev, "Error description: %s\n", ec->ce_desc);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* TODO Could format the desc nicely here */
*844d9543SConrad Meyer	idx = desc - qp->desc_ring;
*844d9543SConrad Meyer	DPRINTF(sc->dev, "Bad descriptor index: %u contents: %32D\n", idx,
*844d9543SConrad Meyer	    (const void *)desc, " ");
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/*
*844d9543SConrad Meyer	 * TODO Per § 14.4 "Error Handling," DMA_Status, DMA_Read/Write_Status,
*844d9543SConrad Meyer	 * Zlib Decompress status may be interesting.
*844d9543SConrad Meyer	 */
*844d9543SConrad Meyer
*844d9543SConrad Meyer	while (true) {
*844d9543SConrad Meyer		/* Keep unused descriptors zero for next use. */
*844d9543SConrad Meyer		memset(&qp->desc_ring[idx], 0, sizeof(qp->desc_ring[idx]));
*844d9543SConrad Meyer
*844d9543SConrad Meyer		cctx = &qp->completions_ring[idx];
*844d9543SConrad Meyer
*844d9543SConrad Meyer		/*
*844d9543SConrad Meyer		 * Restart procedure described in § 14.2.5.  Could be used by HoC if we
*844d9543SConrad Meyer		 * used that.
*844d9543SConrad Meyer		 *
*844d9543SConrad Meyer		 * Advance HEAD_LO past bad descriptor + any remaining in
*844d9543SConrad Meyer		 * transaction manually, then restart queue.
*844d9543SConrad Meyer		 */
*844d9543SConrad Meyer		idx = (idx + 1) % (1 << sc->ring_size_order);
*844d9543SConrad Meyer
*844d9543SConrad Meyer		/* Callback function signals end of transaction */
*844d9543SConrad Meyer		if (cctx->callback_fn != NULL) {
*844d9543SConrad Meyer			if (ec == NULL)
*844d9543SConrad Meyer				errno = EIO;
*844d9543SConrad Meyer			else
*844d9543SConrad Meyer				errno = ec->ce_errno;
*844d9543SConrad Meyer			/* TODO More specific error code */
*844d9543SConrad Meyer			cctx->callback_fn(qp, cctx->session, cctx->callback_arg, errno);
*844d9543SConrad Meyer			cctx->callback_fn = NULL;
*844d9543SConrad Meyer			break;
*844d9543SConrad Meyer		}
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	qp->cq_head = idx;
*844d9543SConrad Meyer	qp->cq_waiting = false;
*844d9543SConrad Meyer	wakeup(&qp->cq_tail);
*844d9543SConrad Meyer	DPRINTF(sc->dev, "%s: wrote sw head:%u\n", __func__, qp->cq_head);
*844d9543SConrad Meyer	ccp_write_queue_4(sc, q, CMD_Q_HEAD_LO_BASE,
*844d9543SConrad Meyer	    (uint32_t)qp->desc_ring_bus_addr + (idx * Q_DESC_SIZE));
*844d9543SConrad Meyer	ccp_write_queue_4(sc, q, CMD_Q_CONTROL_BASE, qp->qcontrol);
*844d9543SConrad Meyer	DPRINTF(sc->dev, "%s: Restarted queue\n", __func__);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic void
*844d9543SConrad Meyerccp_intr_run_completions(struct ccp_queue *qp, uint32_t ints)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_completion_ctx *cctx;
*844d9543SConrad Meyer	struct ccp_softc *sc;
*844d9543SConrad Meyer	const struct ccp_desc *desc;
*844d9543SConrad Meyer	uint32_t headlo, idx;
*844d9543SConrad Meyer	unsigned q, completed;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	sc = qp->cq_softc;
*844d9543SConrad Meyer	q = qp->cq_qindex;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	mtx_lock(&qp->cq_lock);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/*
*844d9543SConrad Meyer	 * Hardware HEAD_LO points to the first incomplete descriptor.  Process
*844d9543SConrad Meyer	 * any submitted and completed descriptors, up to but not including
*844d9543SConrad Meyer	 * HEAD_LO.
*844d9543SConrad Meyer	 */
*844d9543SConrad Meyer	headlo = ccp_read_queue_4(sc, q, CMD_Q_HEAD_LO_BASE);
*844d9543SConrad Meyer	idx = (headlo - (uint32_t)qp->desc_ring_bus_addr) / Q_DESC_SIZE;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	DPRINTF(sc->dev, "%s: hw head:%u sw head:%u\n", __func__, idx,
*844d9543SConrad Meyer	    qp->cq_head);
*844d9543SConrad Meyer	completed = 0;
*844d9543SConrad Meyer	while (qp->cq_head != idx) {
*844d9543SConrad Meyer		DPRINTF(sc->dev, "%s: completing:%u\n", __func__, qp->cq_head);
*844d9543SConrad Meyer
*844d9543SConrad Meyer		cctx = &qp->completions_ring[qp->cq_head];
*844d9543SConrad Meyer		if (cctx->callback_fn != NULL) {
*844d9543SConrad Meyer			cctx->callback_fn(qp, cctx->session,
*844d9543SConrad Meyer			    cctx->callback_arg, 0);
*844d9543SConrad Meyer			cctx->callback_fn = NULL;
*844d9543SConrad Meyer		}
*844d9543SConrad Meyer
*844d9543SConrad Meyer		/* Keep unused descriptors zero for next use. */
*844d9543SConrad Meyer		memset(&qp->desc_ring[qp->cq_head], 0,
*844d9543SConrad Meyer		    sizeof(qp->desc_ring[qp->cq_head]));
*844d9543SConrad Meyer
*844d9543SConrad Meyer		qp->cq_head = (qp->cq_head + 1) % (1 << sc->ring_size_order);
*844d9543SConrad Meyer		completed++;
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer	if (completed > 0) {
*844d9543SConrad Meyer		qp->cq_waiting = false;
*844d9543SConrad Meyer		wakeup(&qp->cq_tail);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	DPRINTF(sc->dev, "%s: wrote sw head:%u\n", __func__, qp->cq_head);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/*
*844d9543SConrad Meyer	 * Desc points to the first incomplete descriptor, at the time we read
*844d9543SConrad Meyer	 * HEAD_LO.  If there was an error flagged in interrupt status, the HW
*844d9543SConrad Meyer	 * will not proceed past the erroneous descriptor by itself.
*844d9543SConrad Meyer	 */
*844d9543SConrad Meyer	desc = &qp->desc_ring[idx];
*844d9543SConrad Meyer	if ((ints & INT_ERROR) != 0)
*844d9543SConrad Meyer		ccp_intr_handle_error(qp, desc);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	mtx_unlock(&qp->cq_lock);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic void
*844d9543SConrad Meyerccp_intr_handler(void *arg)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_softc *sc = arg;
*844d9543SConrad Meyer	size_t i;
*844d9543SConrad Meyer	uint32_t ints;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	DPRINTF(sc->dev, "%s: interrupt\n", __func__);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/*
*844d9543SConrad Meyer	 * We get one global interrupt per PCI device, shared over all of
*844d9543SConrad Meyer	 * its queues.  Scan each valid queue on interrupt for flags indicating
*844d9543SConrad Meyer	 * activity.
*844d9543SConrad Meyer	 */
*844d9543SConrad Meyer	for (i = 0; i < nitems(sc->queues); i++) {
*844d9543SConrad Meyer		if ((sc->valid_queues & (1 << i)) == 0)
*844d9543SConrad Meyer			continue;
*844d9543SConrad Meyer
*844d9543SConrad Meyer		ints = ccp_read_queue_4(sc, i, CMD_Q_INTERRUPT_STATUS_BASE);
*844d9543SConrad Meyer		if (ints == 0)
*844d9543SConrad Meyer			continue;
*844d9543SConrad Meyer
*844d9543SConrad Meyer#if 0
*844d9543SConrad Meyer		DPRINTF(sc->dev, "%s: %x interrupts on queue %zu\n", __func__,
*844d9543SConrad Meyer		    (unsigned)ints, i);
*844d9543SConrad Meyer#endif
*844d9543SConrad Meyer		/* Write back 1s to clear interrupt status bits. */
*844d9543SConrad Meyer		ccp_write_queue_4(sc, i, CMD_Q_INTERRUPT_STATUS_BASE, ints);
*844d9543SConrad Meyer
*844d9543SConrad Meyer		/*
*844d9543SConrad Meyer		 * If there was an error, we still need to run completions on
*844d9543SConrad Meyer		 * any descriptors prior to the error.  The completions handler
*844d9543SConrad Meyer		 * invoked below will also handle the error descriptor.
*844d9543SConrad Meyer		 */
*844d9543SConrad Meyer		if ((ints & (INT_COMPLETION | INT_ERROR)) != 0)
*844d9543SConrad Meyer			ccp_intr_run_completions(&sc->queues[i], ints);
*844d9543SConrad Meyer
*844d9543SConrad Meyer		if ((ints & INT_QUEUE_STOPPED) != 0)
*844d9543SConrad Meyer			device_printf(sc->dev, "%s: queue %zu stopped\n",
*844d9543SConrad Meyer			    __func__, i);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Re-enable interrupts after processing */
*844d9543SConrad Meyer	for (i = 0; i < nitems(sc->queues); i++) {
*844d9543SConrad Meyer		if ((sc->valid_queues & (1 << i)) == 0)
*844d9543SConrad Meyer			continue;
*844d9543SConrad Meyer		ccp_write_queue_4(sc, i, CMD_Q_INT_ENABLE_BASE,
*844d9543SConrad Meyer		    INT_COMPLETION | INT_ERROR | INT_QUEUE_STOPPED);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic int
*844d9543SConrad Meyerccp_intr_filter(void *arg)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_softc *sc = arg;
*844d9543SConrad Meyer	size_t i;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* TODO: Split individual queues into separate taskqueues? */
*844d9543SConrad Meyer	for (i = 0; i < nitems(sc->queues); i++) {
*844d9543SConrad Meyer		if ((sc->valid_queues & (1 << i)) == 0)
*844d9543SConrad Meyer			continue;
*844d9543SConrad Meyer
*844d9543SConrad Meyer		/* Mask interrupt until task completes */
*844d9543SConrad Meyer		ccp_write_queue_4(sc, i, CMD_Q_INT_ENABLE_BASE, 0);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	return (FILTER_SCHEDULE_THREAD);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic int
*844d9543SConrad Meyerccp_setup_interrupts(struct ccp_softc *sc)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	uint32_t nvec;
*844d9543SConrad Meyer	int rid, error, n, ridcopy;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	n = pci_msix_count(sc->dev);
*844d9543SConrad Meyer	if (n < 1) {
*844d9543SConrad Meyer		device_printf(sc->dev, "%s: msix_count: %d\n", __func__, n);
*844d9543SConrad Meyer		return (ENXIO);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	nvec = n;
*844d9543SConrad Meyer	error = pci_alloc_msix(sc->dev, &nvec);
*844d9543SConrad Meyer	if (error != 0) {
*844d9543SConrad Meyer		device_printf(sc->dev, "%s: alloc_msix error: %d\n", __func__,
*844d9543SConrad Meyer		    error);
*844d9543SConrad Meyer		return (error);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer	if (nvec < 1) {
*844d9543SConrad Meyer		device_printf(sc->dev, "%s: alloc_msix: 0 vectors\n",
*844d9543SConrad Meyer		    __func__);
*844d9543SConrad Meyer		return (ENXIO);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer	if (nvec > nitems(sc->intr_res)) {
*844d9543SConrad Meyer		device_printf(sc->dev, "%s: too many vectors: %u\n", __func__,
*844d9543SConrad Meyer		    nvec);
*844d9543SConrad Meyer		nvec = nitems(sc->intr_res);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	for (rid = 1; rid < 1 + nvec; rid++) {
*844d9543SConrad Meyer		ridcopy = rid;
*844d9543SConrad Meyer		sc->intr_res[rid - 1] = bus_alloc_resource_any(sc->dev,
*844d9543SConrad Meyer		    SYS_RES_IRQ, &ridcopy, RF_ACTIVE);
*844d9543SConrad Meyer		if (sc->intr_res[rid - 1] == NULL) {
*844d9543SConrad Meyer			device_printf(sc->dev, "%s: Failed to alloc IRQ resource\n",
*844d9543SConrad Meyer			    __func__);
*844d9543SConrad Meyer			return (ENXIO);
*844d9543SConrad Meyer		}
*844d9543SConrad Meyer
*844d9543SConrad Meyer		sc->intr_tag[rid - 1] = NULL;
*844d9543SConrad Meyer		error = bus_setup_intr(sc->dev, sc->intr_res[rid - 1],
*844d9543SConrad Meyer		    INTR_MPSAFE | INTR_TYPE_MISC, ccp_intr_filter,
*844d9543SConrad Meyer		    ccp_intr_handler, sc, &sc->intr_tag[rid - 1]);
*844d9543SConrad Meyer		if (error != 0)
*844d9543SConrad Meyer			device_printf(sc->dev, "%s: setup_intr: %d\n",
*844d9543SConrad Meyer			    __func__, error);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer	sc->intr_count = nvec;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	return (error);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic void
*844d9543SConrad Meyerccp_release_interrupts(struct ccp_softc *sc)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	unsigned i;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	for (i = 0; i < sc->intr_count; i++) {
*844d9543SConrad Meyer		if (sc->intr_tag[i] != NULL)
*844d9543SConrad Meyer			bus_teardown_intr(sc->dev, sc->intr_res[i],
*844d9543SConrad Meyer			    sc->intr_tag[i]);
*844d9543SConrad Meyer		if (sc->intr_res[i] != NULL)
*844d9543SConrad Meyer			bus_release_resource(sc->dev, SYS_RES_IRQ,
*844d9543SConrad Meyer			    rman_get_rid(sc->intr_res[i]), sc->intr_res[i]);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	pci_release_msi(sc->dev);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerint
*844d9543SConrad Meyerccp_hw_attach(device_t dev)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_softc *sc;
*844d9543SConrad Meyer	uint64_t lsbmask;
*844d9543SConrad Meyer	uint32_t version, lsbmasklo, lsbmaskhi;
*844d9543SConrad Meyer	unsigned queue_idx, j;
*844d9543SConrad Meyer	int error;
*844d9543SConrad Meyer	bool bars_mapped, interrupts_setup;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	queue_idx = 0;
*844d9543SConrad Meyer	bars_mapped = interrupts_setup = false;
*844d9543SConrad Meyer	sc = device_get_softc(dev);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	error = ccp_map_pci_bar(dev);
*844d9543SConrad Meyer	if (error != 0) {
*844d9543SConrad Meyer		device_printf(dev, "%s: couldn't map BAR(s)\n", __func__);
*844d9543SConrad Meyer		goto out;
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer	bars_mapped = true;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	error = pci_enable_busmaster(dev);
*844d9543SConrad Meyer	if (error != 0) {
*844d9543SConrad Meyer		device_printf(dev, "%s: couldn't enable busmaster\n",
*844d9543SConrad Meyer		    __func__);
*844d9543SConrad Meyer		goto out;
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	sc->ring_size_order = g_ccp_ring_order;
*844d9543SConrad Meyer	if (sc->ring_size_order < 6 || sc->ring_size_order > 16) {
*844d9543SConrad Meyer		device_printf(dev, "bogus hw.ccp.ring_order\n");
*844d9543SConrad Meyer		error = EINVAL;
*844d9543SConrad Meyer		goto out;
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer	sc->valid_queues = ccp_read_4(sc, CMD_QUEUE_MASK_OFFSET);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	version = ccp_read_4(sc, VERSION_REG);
*844d9543SConrad Meyer	if ((version & VERSION_NUM_MASK) < 5) {
*844d9543SConrad Meyer		device_printf(dev,
*844d9543SConrad Meyer		    "driver supports version 5 and later hardware\n");
*844d9543SConrad Meyer		error = ENXIO;
*844d9543SConrad Meyer		goto out;
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	error = ccp_setup_interrupts(sc);
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		goto out;
*844d9543SConrad Meyer	interrupts_setup = true;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	sc->hw_version = version & VERSION_NUM_MASK;
*844d9543SConrad Meyer	sc->num_queues = (version >> VERSION_NUMVQM_SHIFT) &
*844d9543SConrad Meyer	    VERSION_NUMVQM_MASK;
*844d9543SConrad Meyer	sc->num_lsb_entries = (version >> VERSION_LSBSIZE_SHIFT) &
*844d9543SConrad Meyer	    VERSION_LSBSIZE_MASK;
*844d9543SConrad Meyer	sc->hw_features = version & VERSION_CAP_MASK;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/*
*844d9543SConrad Meyer	 * Copy private LSB mask to public registers to enable access to LSB
*844d9543SConrad Meyer	 * from all queues allowed by BIOS.
*844d9543SConrad Meyer	 */
*844d9543SConrad Meyer	lsbmasklo = ccp_read_4(sc, LSB_PRIVATE_MASK_LO_OFFSET);
*844d9543SConrad Meyer	lsbmaskhi = ccp_read_4(sc, LSB_PRIVATE_MASK_HI_OFFSET);
*844d9543SConrad Meyer	ccp_write_4(sc, LSB_PUBLIC_MASK_LO_OFFSET, lsbmasklo);
*844d9543SConrad Meyer	ccp_write_4(sc, LSB_PUBLIC_MASK_HI_OFFSET, lsbmaskhi);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	lsbmask = ((uint64_t)lsbmaskhi << 30) | lsbmasklo;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	for (; queue_idx < nitems(sc->queues); queue_idx++) {
*844d9543SConrad Meyer		error = ccp_hw_attach_queue(dev, lsbmask, queue_idx);
*844d9543SConrad Meyer		if (error != 0) {
*844d9543SConrad Meyer			device_printf(dev, "%s: couldn't attach queue %u\n",
*844d9543SConrad Meyer			    __func__, queue_idx);
*844d9543SConrad Meyer			goto out;
*844d9543SConrad Meyer		}
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer	ccp_assign_lsb_regions(sc, lsbmask);
*844d9543SConrad Meyer
*844d9543SConrad Meyerout:
*844d9543SConrad Meyer	if (error != 0) {
*844d9543SConrad Meyer		if (interrupts_setup)
*844d9543SConrad Meyer			ccp_release_interrupts(sc);
*844d9543SConrad Meyer		for (j = 0; j < queue_idx; j++)
*844d9543SConrad Meyer			ccp_hw_detach_queue(dev, j);
*844d9543SConrad Meyer		if (sc->ring_size_order != 0)
*844d9543SConrad Meyer			pci_disable_busmaster(dev);
*844d9543SConrad Meyer		if (bars_mapped)
*844d9543SConrad Meyer			ccp_unmap_pci_bar(dev);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer	return (error);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyervoid
*844d9543SConrad Meyerccp_hw_detach(device_t dev)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_softc *sc;
*844d9543SConrad Meyer	unsigned i;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	sc = device_get_softc(dev);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	for (i = 0; i < nitems(sc->queues); i++)
*844d9543SConrad Meyer		ccp_hw_detach_queue(dev, i);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	ccp_release_interrupts(sc);
*844d9543SConrad Meyer	pci_disable_busmaster(dev);
*844d9543SConrad Meyer	ccp_unmap_pci_bar(dev);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic int __must_check
*844d9543SConrad Meyerccp_passthrough(struct ccp_queue *qp, bus_addr_t dst,
*844d9543SConrad Meyer    enum ccp_memtype dst_type, bus_addr_t src, enum ccp_memtype src_type,
*844d9543SConrad Meyer    bus_size_t len, enum ccp_passthru_byteswap swapmode,
*844d9543SConrad Meyer    enum ccp_passthru_bitwise bitmode, bool interrupt,
*844d9543SConrad Meyer    const struct ccp_completion_ctx *cctx)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_desc *desc;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if (ccp_queue_get_ring_space(qp) == 0)
*844d9543SConrad Meyer		return (EAGAIN);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc = &qp->desc_ring[qp->cq_tail];
*844d9543SConrad Meyer
*844d9543SConrad Meyer	memset(desc, 0, sizeof(*desc));
*844d9543SConrad Meyer	desc->engine = CCP_ENGINE_PASSTHRU;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc->pt.ioc = interrupt;
*844d9543SConrad Meyer	desc->pt.byteswap = swapmode;
*844d9543SConrad Meyer	desc->pt.bitwise = bitmode;
*844d9543SConrad Meyer	desc->length = len;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc->src_lo = (uint32_t)src;
*844d9543SConrad Meyer	desc->src_hi = src >> 32;
*844d9543SConrad Meyer	desc->src_mem = src_type;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc->dst_lo = (uint32_t)dst;
*844d9543SConrad Meyer	desc->dst_hi = dst >> 32;
*844d9543SConrad Meyer	desc->dst_mem = dst_type;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if (bitmode != CCP_PASSTHRU_BITWISE_NOOP)
*844d9543SConrad Meyer		desc->lsb_ctx_id = ccp_queue_lsb_entry(qp, LSB_ENTRY_KEY);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if (cctx != NULL)
*844d9543SConrad Meyer		memcpy(&qp->completions_ring[qp->cq_tail], cctx, sizeof(*cctx));
*844d9543SConrad Meyer
*844d9543SConrad Meyer	qp->cq_tail = (qp->cq_tail + 1) % (1 << qp->cq_softc->ring_size_order);
*844d9543SConrad Meyer	return (0);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic int __must_check
*844d9543SConrad Meyerccp_passthrough_sgl(struct ccp_queue *qp, bus_addr_t lsb_addr, bool tolsb,
*844d9543SConrad Meyer    struct sglist *sgl, bus_size_t len, bool interrupt,
*844d9543SConrad Meyer    const struct ccp_completion_ctx *cctx)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct sglist_seg *seg;
*844d9543SConrad Meyer	size_t i, remain, nb;
*844d9543SConrad Meyer	int error;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	remain = len;
*844d9543SConrad Meyer	for (i = 0; i < sgl->sg_nseg && remain != 0; i++) {
*844d9543SConrad Meyer		seg = &sgl->sg_segs[i];
*844d9543SConrad Meyer		/* crd_len is int, so 32-bit min() is ok. */
*844d9543SConrad Meyer		nb = min(remain, seg->ss_len);
*844d9543SConrad Meyer
*844d9543SConrad Meyer		if (tolsb)
*844d9543SConrad Meyer			error = ccp_passthrough(qp, lsb_addr, CCP_MEMTYPE_SB,
*844d9543SConrad Meyer			    seg->ss_paddr, CCP_MEMTYPE_SYSTEM, nb,
*844d9543SConrad Meyer			    CCP_PASSTHRU_BYTESWAP_NOOP,
*844d9543SConrad Meyer			    CCP_PASSTHRU_BITWISE_NOOP,
*844d9543SConrad Meyer			    (nb == remain) && interrupt, cctx);
*844d9543SConrad Meyer		else
*844d9543SConrad Meyer			error = ccp_passthrough(qp, seg->ss_paddr,
*844d9543SConrad Meyer			    CCP_MEMTYPE_SYSTEM, lsb_addr, CCP_MEMTYPE_SB, nb,
*844d9543SConrad Meyer			    CCP_PASSTHRU_BYTESWAP_NOOP,
*844d9543SConrad Meyer			    CCP_PASSTHRU_BITWISE_NOOP,
*844d9543SConrad Meyer			    (nb == remain) && interrupt, cctx);
*844d9543SConrad Meyer		if (error != 0)
*844d9543SConrad Meyer			return (error);
*844d9543SConrad Meyer
*844d9543SConrad Meyer		remain -= nb;
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer	return (0);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyer/*
*844d9543SConrad Meyer * Note that these vectors are in reverse of the usual order.
*844d9543SConrad Meyer */
*844d9543SConrad Meyerconst struct SHA_vectors {
*844d9543SConrad Meyer	uint32_t SHA1[8];
*844d9543SConrad Meyer	uint32_t SHA224[8];
*844d9543SConrad Meyer	uint32_t SHA256[8];
*844d9543SConrad Meyer	uint64_t SHA384[8];
*844d9543SConrad Meyer	uint64_t SHA512[8];
*844d9543SConrad Meyer} SHA_H __aligned(PAGE_SIZE) = {
*844d9543SConrad Meyer	.SHA1 = {
*844d9543SConrad Meyer		0xc3d2e1f0ul,
*844d9543SConrad Meyer		0x10325476ul,
*844d9543SConrad Meyer		0x98badcfeul,
*844d9543SConrad Meyer		0xefcdab89ul,
*844d9543SConrad Meyer		0x67452301ul,
*844d9543SConrad Meyer		0,
*844d9543SConrad Meyer		0,
*844d9543SConrad Meyer		0,
*844d9543SConrad Meyer	},
*844d9543SConrad Meyer	.SHA224 = {
*844d9543SConrad Meyer		0xbefa4fa4ul,
*844d9543SConrad Meyer		0x64f98fa7ul,
*844d9543SConrad Meyer		0x68581511ul,
*844d9543SConrad Meyer		0xffc00b31ul,
*844d9543SConrad Meyer		0xf70e5939ul,
*844d9543SConrad Meyer		0x3070dd17ul,
*844d9543SConrad Meyer		0x367cd507ul,
*844d9543SConrad Meyer		0xc1059ed8ul,
*844d9543SConrad Meyer	},
*844d9543SConrad Meyer	.SHA256 = {
*844d9543SConrad Meyer		0x5be0cd19ul,
*844d9543SConrad Meyer		0x1f83d9abul,
*844d9543SConrad Meyer		0x9b05688cul,
*844d9543SConrad Meyer		0x510e527ful,
*844d9543SConrad Meyer		0xa54ff53aul,
*844d9543SConrad Meyer		0x3c6ef372ul,
*844d9543SConrad Meyer		0xbb67ae85ul,
*844d9543SConrad Meyer		0x6a09e667ul,
*844d9543SConrad Meyer	},
*844d9543SConrad Meyer	.SHA384 = {
*844d9543SConrad Meyer		0x47b5481dbefa4fa4ull,
*844d9543SConrad Meyer		0xdb0c2e0d64f98fa7ull,
*844d9543SConrad Meyer		0x8eb44a8768581511ull,
*844d9543SConrad Meyer		0x67332667ffc00b31ull,
*844d9543SConrad Meyer		0x152fecd8f70e5939ull,
*844d9543SConrad Meyer		0x9159015a3070dd17ull,
*844d9543SConrad Meyer		0x629a292a367cd507ull,
*844d9543SConrad Meyer		0xcbbb9d5dc1059ed8ull,
*844d9543SConrad Meyer	},
*844d9543SConrad Meyer	.SHA512 = {
*844d9543SConrad Meyer		0x5be0cd19137e2179ull,
*844d9543SConrad Meyer		0x1f83d9abfb41bd6bull,
*844d9543SConrad Meyer		0x9b05688c2b3e6c1full,
*844d9543SConrad Meyer		0x510e527fade682d1ull,
*844d9543SConrad Meyer		0xa54ff53a5f1d36f1ull,
*844d9543SConrad Meyer		0x3c6ef372fe94f82bull,
*844d9543SConrad Meyer		0xbb67ae8584caa73bull,
*844d9543SConrad Meyer		0x6a09e667f3bcc908ull,
*844d9543SConrad Meyer	},
*844d9543SConrad Meyer};
*844d9543SConrad Meyer/*
*844d9543SConrad Meyer * Ensure vectors do not cross a page boundary.
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * Disabled due to a new Clang error:  "expression is not an integral constant
*844d9543SConrad Meyer * expression."  GCC (cross toolchain) seems to handle this assertion with
*844d9543SConrad Meyer * _Static_assert just fine.
*844d9543SConrad Meyer */
*844d9543SConrad Meyer#if 0
*844d9543SConrad MeyerCTASSERT(PAGE_SIZE - ((uintptr_t)&SHA_H % PAGE_SIZE) >= sizeof(SHA_H));
*844d9543SConrad Meyer#endif
*844d9543SConrad Meyer
*844d9543SConrad Meyerconst struct SHA_Defn {
*844d9543SConrad Meyer	enum sha_version version;
*844d9543SConrad Meyer	const void *H_vectors;
*844d9543SConrad Meyer	size_t H_size;
*844d9543SConrad Meyer	struct auth_hash *axf;
*844d9543SConrad Meyer	enum ccp_sha_type engine_type;
*844d9543SConrad Meyer} SHA_definitions[] = {
*844d9543SConrad Meyer	{
*844d9543SConrad Meyer		.version = SHA1,
*844d9543SConrad Meyer		.H_vectors = SHA_H.SHA1,
*844d9543SConrad Meyer		.H_size = sizeof(SHA_H.SHA1),
*844d9543SConrad Meyer		.axf = &auth_hash_hmac_sha1,
*844d9543SConrad Meyer		.engine_type = CCP_SHA_TYPE_1,
*844d9543SConrad Meyer	},
*844d9543SConrad Meyer#if 0
*844d9543SConrad Meyer	{
*844d9543SConrad Meyer		.version = SHA2_224,
*844d9543SConrad Meyer		.H_vectors = SHA_H.SHA224,
*844d9543SConrad Meyer		.H_size = sizeof(SHA_H.SHA224),
*844d9543SConrad Meyer		.axf = &auth_hash_hmac_sha2_224,
*844d9543SConrad Meyer		.engine_type = CCP_SHA_TYPE_224,
*844d9543SConrad Meyer	},
*844d9543SConrad Meyer#endif
*844d9543SConrad Meyer	{
*844d9543SConrad Meyer		.version = SHA2_256,
*844d9543SConrad Meyer		.H_vectors = SHA_H.SHA256,
*844d9543SConrad Meyer		.H_size = sizeof(SHA_H.SHA256),
*844d9543SConrad Meyer		.axf = &auth_hash_hmac_sha2_256,
*844d9543SConrad Meyer		.engine_type = CCP_SHA_TYPE_256,
*844d9543SConrad Meyer	},
*844d9543SConrad Meyer	{
*844d9543SConrad Meyer		.version = SHA2_384,
*844d9543SConrad Meyer		.H_vectors = SHA_H.SHA384,
*844d9543SConrad Meyer		.H_size = sizeof(SHA_H.SHA384),
*844d9543SConrad Meyer		.axf = &auth_hash_hmac_sha2_384,
*844d9543SConrad Meyer		.engine_type = CCP_SHA_TYPE_384,
*844d9543SConrad Meyer	},
*844d9543SConrad Meyer	{
*844d9543SConrad Meyer		.version = SHA2_512,
*844d9543SConrad Meyer		.H_vectors = SHA_H.SHA512,
*844d9543SConrad Meyer		.H_size = sizeof(SHA_H.SHA512),
*844d9543SConrad Meyer		.axf = &auth_hash_hmac_sha2_512,
*844d9543SConrad Meyer		.engine_type = CCP_SHA_TYPE_512,
*844d9543SConrad Meyer	},
*844d9543SConrad Meyer};
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic int __must_check
*844d9543SConrad Meyerccp_sha_single_desc(struct ccp_queue *qp, const struct SHA_Defn *defn,
*844d9543SConrad Meyer    vm_paddr_t addr, size_t len, bool start, bool end, uint64_t msgbits)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_desc *desc;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if (ccp_queue_get_ring_space(qp) == 0)
*844d9543SConrad Meyer		return (EAGAIN);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc = &qp->desc_ring[qp->cq_tail];
*844d9543SConrad Meyer
*844d9543SConrad Meyer	memset(desc, 0, sizeof(*desc));
*844d9543SConrad Meyer	desc->engine = CCP_ENGINE_SHA;
*844d9543SConrad Meyer	desc->som = start;
*844d9543SConrad Meyer	desc->eom = end;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc->sha.type = defn->engine_type;
*844d9543SConrad Meyer	desc->length = len;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if (end) {
*844d9543SConrad Meyer		desc->sha_len_lo = (uint32_t)msgbits;
*844d9543SConrad Meyer		desc->sha_len_hi = msgbits >> 32;
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc->src_lo = (uint32_t)addr;
*844d9543SConrad Meyer	desc->src_hi = addr >> 32;
*844d9543SConrad Meyer	desc->src_mem = CCP_MEMTYPE_SYSTEM;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc->lsb_ctx_id = ccp_queue_lsb_entry(qp, LSB_ENTRY_SHA);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	qp->cq_tail = (qp->cq_tail + 1) % (1 << qp->cq_softc->ring_size_order);
*844d9543SConrad Meyer	return (0);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic int __must_check
*844d9543SConrad Meyerccp_sha(struct ccp_queue *qp, enum sha_version version, struct sglist *sgl_src,
*844d9543SConrad Meyer    struct sglist *sgl_dst, const struct ccp_completion_ctx *cctx)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	const struct SHA_Defn *defn;
*844d9543SConrad Meyer	struct sglist_seg *seg;
*844d9543SConrad Meyer	size_t i, msgsize, remaining, nb;
*844d9543SConrad Meyer	uint32_t lsbaddr;
*844d9543SConrad Meyer	int error;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	for (i = 0; i < nitems(SHA_definitions); i++)
*844d9543SConrad Meyer		if (SHA_definitions[i].version == version)
*844d9543SConrad Meyer			break;
*844d9543SConrad Meyer	if (i == nitems(SHA_definitions))
*844d9543SConrad Meyer		return (EINVAL);
*844d9543SConrad Meyer	defn = &SHA_definitions[i];
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* XXX validate input ??? */
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Load initial SHA state into LSB */
*844d9543SConrad Meyer	/* XXX ensure H_vectors don't span page boundaries */
*844d9543SConrad Meyer	error = ccp_passthrough(qp, ccp_queue_lsb_address(qp, LSB_ENTRY_SHA),
*844d9543SConrad Meyer	    CCP_MEMTYPE_SB, pmap_kextract((vm_offset_t)defn->H_vectors),
*844d9543SConrad Meyer	    CCP_MEMTYPE_SYSTEM, roundup2(defn->H_size, LSB_ENTRY_SIZE),
*844d9543SConrad Meyer	    CCP_PASSTHRU_BYTESWAP_NOOP, CCP_PASSTHRU_BITWISE_NOOP, false,
*844d9543SConrad Meyer	    NULL);
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		return (error);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Execute series of SHA updates on correctly sized buffers */
*844d9543SConrad Meyer	msgsize = 0;
*844d9543SConrad Meyer	for (i = 0; i < sgl_src->sg_nseg; i++) {
*844d9543SConrad Meyer		seg = &sgl_src->sg_segs[i];
*844d9543SConrad Meyer		msgsize += seg->ss_len;
*844d9543SConrad Meyer		error = ccp_sha_single_desc(qp, defn, seg->ss_paddr,
*844d9543SConrad Meyer		    seg->ss_len, i == 0, i == sgl_src->sg_nseg - 1,
*844d9543SConrad Meyer		    msgsize << 3);
*844d9543SConrad Meyer		if (error != 0)
*844d9543SConrad Meyer			return (error);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Copy result out to sgl_dst */
*844d9543SConrad Meyer	remaining = roundup2(defn->H_size, LSB_ENTRY_SIZE);
*844d9543SConrad Meyer	lsbaddr = ccp_queue_lsb_address(qp, LSB_ENTRY_SHA);
*844d9543SConrad Meyer	for (i = 0; i < sgl_dst->sg_nseg; i++) {
*844d9543SConrad Meyer		seg = &sgl_dst->sg_segs[i];
*844d9543SConrad Meyer		/* crd_len is int, so 32-bit min() is ok. */
*844d9543SConrad Meyer		nb = min(remaining, seg->ss_len);
*844d9543SConrad Meyer
*844d9543SConrad Meyer		error = ccp_passthrough(qp, seg->ss_paddr, CCP_MEMTYPE_SYSTEM,
*844d9543SConrad Meyer		    lsbaddr, CCP_MEMTYPE_SB, nb, CCP_PASSTHRU_BYTESWAP_NOOP,
*844d9543SConrad Meyer		    CCP_PASSTHRU_BITWISE_NOOP,
*844d9543SConrad Meyer		    (cctx != NULL) ? (nb == remaining) : false,
*844d9543SConrad Meyer		    (nb == remaining) ? cctx : NULL);
*844d9543SConrad Meyer		if (error != 0)
*844d9543SConrad Meyer			return (error);
*844d9543SConrad Meyer
*844d9543SConrad Meyer		remaining -= nb;
*844d9543SConrad Meyer		lsbaddr += nb;
*844d9543SConrad Meyer		if (remaining == 0)
*844d9543SConrad Meyer			break;
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	return (0);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic void
*844d9543SConrad Meyerbyteswap256(uint64_t *buffer)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	uint64_t t;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	t = bswap64(buffer[3]);
*844d9543SConrad Meyer	buffer[3] = bswap64(buffer[0]);
*844d9543SConrad Meyer	buffer[0] = t;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	t = bswap64(buffer[2]);
*844d9543SConrad Meyer	buffer[2] = bswap64(buffer[1]);
*844d9543SConrad Meyer	buffer[1] = t;
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyer/*
*844d9543SConrad Meyer * Translate CCP internal LSB hash format into a standard hash ouput.
*844d9543SConrad Meyer *
*844d9543SConrad Meyer * Manipulates input buffer with byteswap256 operation.
*844d9543SConrad Meyer */
*844d9543SConrad Meyerstatic void
*844d9543SConrad Meyerccp_sha_copy_result(char *output, char *buffer, enum sha_version version)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	const struct SHA_Defn *defn;
*844d9543SConrad Meyer	size_t i;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	for (i = 0; i < nitems(SHA_definitions); i++)
*844d9543SConrad Meyer		if (SHA_definitions[i].version == version)
*844d9543SConrad Meyer			break;
*844d9543SConrad Meyer	if (i == nitems(SHA_definitions))
*844d9543SConrad Meyer		panic("bogus sha version auth_mode %u\n", (unsigned)version);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	defn = &SHA_definitions[i];
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Swap 256bit manually -- DMA engine can, but with limitations */
*844d9543SConrad Meyer	byteswap256((void *)buffer);
*844d9543SConrad Meyer	if (defn->axf->hashsize > LSB_ENTRY_SIZE)
*844d9543SConrad Meyer		byteswap256((void *)(buffer + LSB_ENTRY_SIZE));
*844d9543SConrad Meyer
*844d9543SConrad Meyer	switch (defn->version) {
*844d9543SConrad Meyer	case SHA1:
*844d9543SConrad Meyer		memcpy(output, buffer + 12, defn->axf->hashsize);
*844d9543SConrad Meyer		break;
*844d9543SConrad Meyer#if 0
*844d9543SConrad Meyer	case SHA2_224:
*844d9543SConrad Meyer		memcpy(output, buffer + XXX, defn->axf->hashsize);
*844d9543SConrad Meyer		break;
*844d9543SConrad Meyer#endif
*844d9543SConrad Meyer	case SHA2_256:
*844d9543SConrad Meyer		memcpy(output, buffer, defn->axf->hashsize);
*844d9543SConrad Meyer		break;
*844d9543SConrad Meyer	case SHA2_384:
*844d9543SConrad Meyer		memcpy(output,
*844d9543SConrad Meyer		    buffer + LSB_ENTRY_SIZE * 3 - defn->axf->hashsize,
*844d9543SConrad Meyer		    defn->axf->hashsize - LSB_ENTRY_SIZE);
*844d9543SConrad Meyer		memcpy(output + defn->axf->hashsize - LSB_ENTRY_SIZE, buffer,
*844d9543SConrad Meyer		    LSB_ENTRY_SIZE);
*844d9543SConrad Meyer		break;
*844d9543SConrad Meyer	case SHA2_512:
*844d9543SConrad Meyer		memcpy(output, buffer + LSB_ENTRY_SIZE, LSB_ENTRY_SIZE);
*844d9543SConrad Meyer		memcpy(output + LSB_ENTRY_SIZE, buffer, LSB_ENTRY_SIZE);
*844d9543SConrad Meyer		break;
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic void
*844d9543SConrad Meyerccp_do_hmac_done(struct ccp_queue *qp, struct ccp_session *s,
*844d9543SConrad Meyer    struct cryptop *crp, struct cryptodesc *crd, int error)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	char ihash[SHA2_512_HASH_LEN /* max hash len */];
*844d9543SConrad Meyer	union authctx auth_ctx;
*844d9543SConrad Meyer	struct auth_hash *axf;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	axf = s->hmac.auth_hash;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	s->pending--;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if (error != 0) {
*844d9543SConrad Meyer		crp->crp_etype = error;
*844d9543SConrad Meyer		goto out;
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Do remaining outer hash over small inner hash in software */
*844d9543SConrad Meyer	axf->Init(&auth_ctx);
*844d9543SConrad Meyer	axf->Update(&auth_ctx, s->hmac.opad, axf->blocksize);
*844d9543SConrad Meyer	ccp_sha_copy_result(ihash, s->hmac.ipad, s->hmac.auth_mode);
*844d9543SConrad Meyer#if 0
*844d9543SConrad Meyer	INSECURE_DEBUG(dev, "%s sha intermediate=%64D\n", __func__,
*844d9543SConrad Meyer	    (u_char *)ihash, " ");
*844d9543SConrad Meyer#endif
*844d9543SConrad Meyer	axf->Update(&auth_ctx, ihash, axf->hashsize);
*844d9543SConrad Meyer	axf->Final(s->hmac.ipad, &auth_ctx);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	crypto_copyback(crp->crp_flags, crp->crp_buf, crd->crd_inject,
*844d9543SConrad Meyer	    s->hmac.hash_len, s->hmac.ipad);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Avoid leaking key material */
*844d9543SConrad Meyer	explicit_bzero(&auth_ctx, sizeof(auth_ctx));
*844d9543SConrad Meyer	explicit_bzero(s->hmac.ipad, sizeof(s->hmac.ipad));
*844d9543SConrad Meyer	explicit_bzero(s->hmac.opad, sizeof(s->hmac.opad));
*844d9543SConrad Meyer
*844d9543SConrad Meyerout:
*844d9543SConrad Meyer	crypto_done(crp);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic void
*844d9543SConrad Meyerccp_hmac_done(struct ccp_queue *qp, struct ccp_session *s, void *vcrp,
*844d9543SConrad Meyer    int error)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct cryptodesc *crd;
*844d9543SConrad Meyer	struct cryptop *crp;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	crp = vcrp;
*844d9543SConrad Meyer	crd = crp->crp_desc;
*844d9543SConrad Meyer	ccp_do_hmac_done(qp, s, crp, crd, error);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic int __must_check
*844d9543SConrad Meyerccp_do_hmac(struct ccp_queue *qp, struct ccp_session *s, struct cryptop *crp,
*844d9543SConrad Meyer    struct cryptodesc *crd, const struct ccp_completion_ctx *cctx)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	device_t dev;
*844d9543SConrad Meyer	struct auth_hash *axf;
*844d9543SConrad Meyer	int error;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	dev = qp->cq_softc->dev;
*844d9543SConrad Meyer	axf = s->hmac.auth_hash;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/*
*844d9543SConrad Meyer	 * Populate the SGL describing inside hash contents.  We want to hash
*844d9543SConrad Meyer	 * the ipad (key XOR fixed bit pattern) concatenated with the user
*844d9543SConrad Meyer	 * data.
*844d9543SConrad Meyer	 */
*844d9543SConrad Meyer	sglist_reset(qp->cq_sg_ulptx);
*844d9543SConrad Meyer	error = sglist_append(qp->cq_sg_ulptx, s->hmac.ipad, axf->blocksize);
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		return (error);
*844d9543SConrad Meyer	error = sglist_append_sglist(qp->cq_sg_ulptx, qp->cq_sg_crp,
*844d9543SConrad Meyer	    crd->crd_skip, crd->crd_len);
*844d9543SConrad Meyer	if (error != 0) {
*844d9543SConrad Meyer		DPRINTF(dev, "%s: sglist too short\n", __func__);
*844d9543SConrad Meyer		return (error);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer	/* Populate SGL for output -- just reuse hmac.ipad buffer. */
*844d9543SConrad Meyer	sglist_reset(qp->cq_sg_dst);
*844d9543SConrad Meyer	error = sglist_append(qp->cq_sg_dst, s->hmac.ipad,
*844d9543SConrad Meyer	    roundup2(axf->hashsize, LSB_ENTRY_SIZE));
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		return (error);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	error = ccp_sha(qp, s->hmac.auth_mode, qp->cq_sg_ulptx, qp->cq_sg_dst,
*844d9543SConrad Meyer	    cctx);
*844d9543SConrad Meyer	if (error != 0) {
*844d9543SConrad Meyer		DPRINTF(dev, "%s: ccp_sha error\n", __func__);
*844d9543SConrad Meyer		return (error);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer	return (0);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerint __must_check
*844d9543SConrad Meyerccp_hmac(struct ccp_queue *qp, struct ccp_session *s, struct cryptop *crp)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_completion_ctx ctx;
*844d9543SConrad Meyer	struct cryptodesc *crd;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	crd = crp->crp_desc;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	ctx.callback_fn = ccp_hmac_done;
*844d9543SConrad Meyer	ctx.callback_arg = crp;
*844d9543SConrad Meyer	ctx.session = s;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	return (ccp_do_hmac(qp, s, crp, crd, &ctx));
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic void
*844d9543SConrad Meyerccp_byteswap(char *data, size_t len)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	size_t i;
*844d9543SConrad Meyer	char t;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	len--;
*844d9543SConrad Meyer	for (i = 0; i < len; i++, len--) {
*844d9543SConrad Meyer		t = data[i];
*844d9543SConrad Meyer		data[i] = data[len];
*844d9543SConrad Meyer		data[len] = t;
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic void
*844d9543SConrad Meyerccp_blkcipher_done(struct ccp_queue *qp, struct ccp_session *s, void *vcrp,
*844d9543SConrad Meyer    int error)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct cryptop *crp;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	explicit_bzero(&s->blkcipher, sizeof(s->blkcipher));
*844d9543SConrad Meyer
*844d9543SConrad Meyer	crp = vcrp;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	s->pending--;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		crp->crp_etype = error;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	DPRINTF(qp->cq_softc->dev, "%s: qp=%p crp=%p\n", __func__, qp, crp);
*844d9543SConrad Meyer	crypto_done(crp);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic void
*844d9543SConrad Meyerccp_collect_iv(struct ccp_session *s, struct cryptop *crp,
*844d9543SConrad Meyer    struct cryptodesc *crd)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if (crd->crd_flags & CRD_F_ENCRYPT) {
*844d9543SConrad Meyer		if (crd->crd_flags & CRD_F_IV_EXPLICIT)
*844d9543SConrad Meyer			memcpy(s->blkcipher.iv, crd->crd_iv,
*844d9543SConrad Meyer			    s->blkcipher.iv_len);
*844d9543SConrad Meyer		else
*844d9543SConrad Meyer			arc4rand(s->blkcipher.iv, s->blkcipher.iv_len, 0);
*844d9543SConrad Meyer		if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0)
*844d9543SConrad Meyer			crypto_copyback(crp->crp_flags, crp->crp_buf,
*844d9543SConrad Meyer			    crd->crd_inject, s->blkcipher.iv_len,
*844d9543SConrad Meyer			    s->blkcipher.iv);
*844d9543SConrad Meyer	} else {
*844d9543SConrad Meyer		if (crd->crd_flags & CRD_F_IV_EXPLICIT)
*844d9543SConrad Meyer			memcpy(s->blkcipher.iv, crd->crd_iv,
*844d9543SConrad Meyer			    s->blkcipher.iv_len);
*844d9543SConrad Meyer		else
*844d9543SConrad Meyer			crypto_copydata(crp->crp_flags, crp->crp_buf,
*844d9543SConrad Meyer			    crd->crd_inject, s->blkcipher.iv_len,
*844d9543SConrad Meyer			    s->blkcipher.iv);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/*
*844d9543SConrad Meyer	 * If the input IV is 12 bytes, append an explicit counter of 1.
*844d9543SConrad Meyer	 */
*844d9543SConrad Meyer	if (crd->crd_alg == CRYPTO_AES_NIST_GCM_16 &&
*844d9543SConrad Meyer	    s->blkcipher.iv_len == 12) {
*844d9543SConrad Meyer		*(uint32_t *)&s->blkcipher.iv[12] = htobe32(1);
*844d9543SConrad Meyer		s->blkcipher.iv_len = AES_BLOCK_LEN;
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if (crd->crd_alg == CRYPTO_AES_XTS && s->blkcipher.iv_len != AES_BLOCK_LEN) {
*844d9543SConrad Meyer		DPRINTF(NULL, "got ivlen != 16: %u\n", s->blkcipher.iv_len);
*844d9543SConrad Meyer		if (s->blkcipher.iv_len < AES_BLOCK_LEN)
*844d9543SConrad Meyer			memset(&s->blkcipher.iv[s->blkcipher.iv_len], 0,
*844d9543SConrad Meyer			    AES_BLOCK_LEN - s->blkcipher.iv_len);
*844d9543SConrad Meyer		s->blkcipher.iv_len = AES_BLOCK_LEN;
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Reverse order of IV material for HW */
*844d9543SConrad Meyer	INSECURE_DEBUG(NULL, "%s: IV: %16D len: %u\n", __func__,
*844d9543SConrad Meyer	    s->blkcipher.iv, " ", s->blkcipher.iv_len);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/*
*844d9543SConrad Meyer	 * For unknown reasons, XTS mode expects the IV in the reverse byte
*844d9543SConrad Meyer	 * order to every other AES mode.
*844d9543SConrad Meyer	 */
*844d9543SConrad Meyer	if (crd->crd_alg != CRYPTO_AES_XTS)
*844d9543SConrad Meyer		ccp_byteswap(s->blkcipher.iv, s->blkcipher.iv_len);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic int __must_check
*844d9543SConrad Meyerccp_do_pst_to_lsb(struct ccp_queue *qp, uint32_t lsbaddr, const void *src,
*844d9543SConrad Meyer    size_t len)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	int error;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	sglist_reset(qp->cq_sg_ulptx);
*844d9543SConrad Meyer	error = sglist_append(qp->cq_sg_ulptx, __DECONST(void *, src), len);
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		return (error);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	error = ccp_passthrough_sgl(qp, lsbaddr, true, qp->cq_sg_ulptx, len,
*844d9543SConrad Meyer	    false, NULL);
*844d9543SConrad Meyer	return (error);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic int __must_check
*844d9543SConrad Meyerccp_do_xts(struct ccp_queue *qp, struct ccp_session *s, struct cryptop *crp,
*844d9543SConrad Meyer    struct cryptodesc *crd, enum ccp_cipher_dir dir,
*844d9543SConrad Meyer    const struct ccp_completion_ctx *cctx)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_desc *desc;
*844d9543SConrad Meyer	device_t dev;
*844d9543SConrad Meyer	unsigned i;
*844d9543SConrad Meyer	enum ccp_xts_unitsize usize;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* IV and Key data are already loaded */
*844d9543SConrad Meyer
*844d9543SConrad Meyer	dev = qp->cq_softc->dev;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	for (i = 0; i < nitems(ccp_xts_unitsize_map); i++)
*844d9543SConrad Meyer		if (ccp_xts_unitsize_map[i].cxu_size == crd->crd_len) {
*844d9543SConrad Meyer			usize = ccp_xts_unitsize_map[i].cxu_id;
*844d9543SConrad Meyer			break;
*844d9543SConrad Meyer		}
*844d9543SConrad Meyer	if (i >= nitems(ccp_xts_unitsize_map))
*844d9543SConrad Meyer		return (EINVAL);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	for (i = 0; i < qp->cq_sg_ulptx->sg_nseg; i++) {
*844d9543SConrad Meyer		struct sglist_seg *seg;
*844d9543SConrad Meyer
*844d9543SConrad Meyer		seg = &qp->cq_sg_ulptx->sg_segs[i];
*844d9543SConrad Meyer
*844d9543SConrad Meyer		desc = &qp->desc_ring[qp->cq_tail];
*844d9543SConrad Meyer		desc->engine = CCP_ENGINE_XTS_AES;
*844d9543SConrad Meyer		desc->som = (i == 0);
*844d9543SConrad Meyer		desc->eom = (i == qp->cq_sg_ulptx->sg_nseg - 1);
*844d9543SConrad Meyer		desc->ioc = (desc->eom && cctx != NULL);
*844d9543SConrad Meyer		DPRINTF(dev, "%s: XTS %u: som:%d eom:%d ioc:%d dir:%d\n",
*844d9543SConrad Meyer		    __func__, qp->cq_tail, (int)desc->som, (int)desc->eom,
*844d9543SConrad Meyer		    (int)desc->ioc, (int)dir);
*844d9543SConrad Meyer
*844d9543SConrad Meyer		if (desc->ioc)
*844d9543SConrad Meyer			memcpy(&qp->completions_ring[qp->cq_tail], cctx,
*844d9543SConrad Meyer			    sizeof(*cctx));
*844d9543SConrad Meyer
*844d9543SConrad Meyer		desc->aes_xts.encrypt = dir;
*844d9543SConrad Meyer		desc->aes_xts.type = s->blkcipher.cipher_type;
*844d9543SConrad Meyer		desc->aes_xts.size = usize;
*844d9543SConrad Meyer
*844d9543SConrad Meyer		DPRINTF(dev, "XXX %s: XTS %u: type:%u size:%u\n", __func__,
*844d9543SConrad Meyer		    qp->cq_tail, (unsigned)desc->aes_xts.type,
*844d9543SConrad Meyer		    (unsigned)desc->aes_xts.size);
*844d9543SConrad Meyer
*844d9543SConrad Meyer		desc->length = seg->ss_len;
*844d9543SConrad Meyer		desc->src_lo = (uint32_t)seg->ss_paddr;
*844d9543SConrad Meyer		desc->src_hi = (seg->ss_paddr >> 32);
*844d9543SConrad Meyer		desc->src_mem = CCP_MEMTYPE_SYSTEM;
*844d9543SConrad Meyer
*844d9543SConrad Meyer		/* Crypt in-place */
*844d9543SConrad Meyer		desc->dst_lo = desc->src_lo;
*844d9543SConrad Meyer		desc->dst_hi = desc->src_hi;
*844d9543SConrad Meyer		desc->dst_mem = desc->src_mem;
*844d9543SConrad Meyer
*844d9543SConrad Meyer		desc->key_lo = ccp_queue_lsb_address(qp, LSB_ENTRY_KEY);
*844d9543SConrad Meyer		desc->key_hi = 0;
*844d9543SConrad Meyer		desc->key_mem = CCP_MEMTYPE_SB;
*844d9543SConrad Meyer
*844d9543SConrad Meyer		desc->lsb_ctx_id = ccp_queue_lsb_entry(qp, LSB_ENTRY_IV);
*844d9543SConrad Meyer
*844d9543SConrad Meyer		qp->cq_tail = (qp->cq_tail + 1) %
*844d9543SConrad Meyer		    (1 << qp->cq_softc->ring_size_order);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer	return (0);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic int __must_check
*844d9543SConrad Meyerccp_do_blkcipher(struct ccp_queue *qp, struct ccp_session *s,
*844d9543SConrad Meyer    struct cryptop *crp, struct cryptodesc *crd,
*844d9543SConrad Meyer    const struct ccp_completion_ctx *cctx)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_desc *desc;
*844d9543SConrad Meyer	char *keydata;
*844d9543SConrad Meyer	device_t dev;
*844d9543SConrad Meyer	enum ccp_cipher_dir dir;
*844d9543SConrad Meyer	int error;
*844d9543SConrad Meyer	size_t keydata_len;
*844d9543SConrad Meyer	unsigned i, j;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	dev = qp->cq_softc->dev;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if (s->blkcipher.key_len == 0 || crd->crd_len == 0) {
*844d9543SConrad Meyer		DPRINTF(dev, "%s: empty\n", __func__);
*844d9543SConrad Meyer		return (EINVAL);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer	if ((crd->crd_len % AES_BLOCK_LEN) != 0) {
*844d9543SConrad Meyer		DPRINTF(dev, "%s: len modulo: %d\n", __func__, crd->crd_len);
*844d9543SConrad Meyer		return (EINVAL);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/*
*844d9543SConrad Meyer	 * Individual segments must be multiples of AES block size for the HW
*844d9543SConrad Meyer	 * to process it.  Non-compliant inputs aren't bogus, just not doable
*844d9543SConrad Meyer	 * on this hardware.
*844d9543SConrad Meyer	 */
*844d9543SConrad Meyer	for (i = 0; i < qp->cq_sg_crp->sg_nseg; i++)
*844d9543SConrad Meyer		if ((qp->cq_sg_crp->sg_segs[i].ss_len % AES_BLOCK_LEN) != 0) {
*844d9543SConrad Meyer			DPRINTF(dev, "%s: seg modulo: %zu\n", __func__,
*844d9543SConrad Meyer			    qp->cq_sg_crp->sg_segs[i].ss_len);
*844d9543SConrad Meyer			return (EINVAL);
*844d9543SConrad Meyer		}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Gather IV/nonce data */
*844d9543SConrad Meyer	ccp_collect_iv(s, crp, crd);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if ((crd->crd_flags & CRD_F_ENCRYPT) != 0)
*844d9543SConrad Meyer		dir = CCP_CIPHER_DIR_ENCRYPT;
*844d9543SConrad Meyer	else
*844d9543SConrad Meyer		dir = CCP_CIPHER_DIR_DECRYPT;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Set up passthrough op(s) to copy IV into LSB */
*844d9543SConrad Meyer	error = ccp_do_pst_to_lsb(qp, ccp_queue_lsb_address(qp, LSB_ENTRY_IV),
*844d9543SConrad Meyer	    s->blkcipher.iv, s->blkcipher.iv_len);
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		return (error);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/*
*844d9543SConrad Meyer	 * Initialize keydata and keydata_len for GCC.  The default case of the
*844d9543SConrad Meyer	 * following switch is impossible to reach, but GCC doesn't know that.
*844d9543SConrad Meyer	 */
*844d9543SConrad Meyer	keydata_len = 0;
*844d9543SConrad Meyer	keydata = NULL;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	switch (crd->crd_alg) {
*844d9543SConrad Meyer	case CRYPTO_AES_XTS:
*844d9543SConrad Meyer		for (j = 0; j < nitems(ccp_xts_unitsize_map); j++)
*844d9543SConrad Meyer			if (ccp_xts_unitsize_map[j].cxu_size == crd->crd_len)
*844d9543SConrad Meyer				break;
*844d9543SConrad Meyer		/* Input buffer must be a supported UnitSize */
*844d9543SConrad Meyer		if (j >= nitems(ccp_xts_unitsize_map)) {
*844d9543SConrad Meyer			device_printf(dev, "%s: rejected block size: %u\n",
*844d9543SConrad Meyer			    __func__, crd->crd_len);
*844d9543SConrad Meyer			return (EOPNOTSUPP);
*844d9543SConrad Meyer		}
*844d9543SConrad Meyer		/* FALLTHROUGH */
*844d9543SConrad Meyer	case CRYPTO_AES_CBC:
*844d9543SConrad Meyer	case CRYPTO_AES_ICM:
*844d9543SConrad Meyer		keydata = s->blkcipher.enckey;
*844d9543SConrad Meyer		keydata_len = s->blkcipher.key_len;
*844d9543SConrad Meyer		break;
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	INSECURE_DEBUG(dev, "%s: KEY(%zu): %16D\n", __func__, keydata_len,
*844d9543SConrad Meyer	    keydata, " ");
*844d9543SConrad Meyer	if (crd->crd_alg == CRYPTO_AES_XTS)
*844d9543SConrad Meyer		INSECURE_DEBUG(dev, "%s: KEY(XTS): %64D\n", __func__, keydata, " ");
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Reverse order of key material for HW */
*844d9543SConrad Meyer	ccp_byteswap(keydata, keydata_len);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Store key material into LSB to avoid page boundaries */
*844d9543SConrad Meyer	if (crd->crd_alg == CRYPTO_AES_XTS) {
*844d9543SConrad Meyer		/*
*844d9543SConrad Meyer		 * XTS mode uses 2 256-bit vectors for the primary key and the
*844d9543SConrad Meyer		 * tweak key.  For 128-bit keys, the vectors are zero-padded.
*844d9543SConrad Meyer		 *
*844d9543SConrad Meyer		 * After byteswapping the combined OCF-provided K1:K2 vector
*844d9543SConrad Meyer		 * above, we need to reverse the order again so the hardware
*844d9543SConrad Meyer		 * gets the swapped keys in the order K1':K2'.
*844d9543SConrad Meyer		 */
*844d9543SConrad Meyer		error = ccp_do_pst_to_lsb(qp,
*844d9543SConrad Meyer		    ccp_queue_lsb_address(qp, LSB_ENTRY_KEY + 1), keydata,
*844d9543SConrad Meyer		    keydata_len / 2);
*844d9543SConrad Meyer		if (error != 0)
*844d9543SConrad Meyer			return (error);
*844d9543SConrad Meyer		error = ccp_do_pst_to_lsb(qp,
*844d9543SConrad Meyer		    ccp_queue_lsb_address(qp, LSB_ENTRY_KEY),
*844d9543SConrad Meyer		    keydata + (keydata_len / 2), keydata_len / 2);
*844d9543SConrad Meyer
*844d9543SConrad Meyer		/* Zero-pad 128 bit keys */
*844d9543SConrad Meyer		if (keydata_len == 32) {
*844d9543SConrad Meyer			if (error != 0)
*844d9543SConrad Meyer				return (error);
*844d9543SConrad Meyer			error = ccp_do_pst_to_lsb(qp,
*844d9543SConrad Meyer			    ccp_queue_lsb_address(qp, LSB_ENTRY_KEY) +
*844d9543SConrad Meyer			    keydata_len / 2, g_zeroes, keydata_len / 2);
*844d9543SConrad Meyer			if (error != 0)
*844d9543SConrad Meyer				return (error);
*844d9543SConrad Meyer			error = ccp_do_pst_to_lsb(qp,
*844d9543SConrad Meyer			    ccp_queue_lsb_address(qp, LSB_ENTRY_KEY + 1) +
*844d9543SConrad Meyer			    keydata_len / 2, g_zeroes, keydata_len / 2);
*844d9543SConrad Meyer		}
*844d9543SConrad Meyer	} else
*844d9543SConrad Meyer		error = ccp_do_pst_to_lsb(qp,
*844d9543SConrad Meyer		    ccp_queue_lsb_address(qp, LSB_ENTRY_KEY), keydata,
*844d9543SConrad Meyer		    keydata_len);
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		return (error);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/*
*844d9543SConrad Meyer	 * Point SGLs at the subset of cryptop buffer contents representing the
*844d9543SConrad Meyer	 * data.
*844d9543SConrad Meyer	 */
*844d9543SConrad Meyer	sglist_reset(qp->cq_sg_ulptx);
*844d9543SConrad Meyer	error = sglist_append_sglist(qp->cq_sg_ulptx, qp->cq_sg_crp,
*844d9543SConrad Meyer	    crd->crd_skip, crd->crd_len);
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		return (error);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	INSECURE_DEBUG(dev, "%s: Contents: %16D\n", __func__,
*844d9543SConrad Meyer	    (void *)PHYS_TO_DMAP(qp->cq_sg_ulptx->sg_segs[0].ss_paddr), " ");
*844d9543SConrad Meyer
*844d9543SConrad Meyer	DPRINTF(dev, "%s: starting AES ops @ %u\n", __func__, qp->cq_tail);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if (ccp_queue_get_ring_space(qp) < qp->cq_sg_ulptx->sg_nseg)
*844d9543SConrad Meyer		return (EAGAIN);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if (crd->crd_alg == CRYPTO_AES_XTS)
*844d9543SConrad Meyer		return (ccp_do_xts(qp, s, crp, crd, dir, cctx));
*844d9543SConrad Meyer
*844d9543SConrad Meyer	for (i = 0; i < qp->cq_sg_ulptx->sg_nseg; i++) {
*844d9543SConrad Meyer		struct sglist_seg *seg;
*844d9543SConrad Meyer
*844d9543SConrad Meyer		seg = &qp->cq_sg_ulptx->sg_segs[i];
*844d9543SConrad Meyer
*844d9543SConrad Meyer		desc = &qp->desc_ring[qp->cq_tail];
*844d9543SConrad Meyer		desc->engine = CCP_ENGINE_AES;
*844d9543SConrad Meyer		desc->som = (i == 0);
*844d9543SConrad Meyer		desc->eom = (i == qp->cq_sg_ulptx->sg_nseg - 1);
*844d9543SConrad Meyer		desc->ioc = (desc->eom && cctx != NULL);
*844d9543SConrad Meyer		DPRINTF(dev, "%s: AES %u: som:%d eom:%d ioc:%d dir:%d\n",
*844d9543SConrad Meyer		    __func__, qp->cq_tail, (int)desc->som, (int)desc->eom,
*844d9543SConrad Meyer		    (int)desc->ioc, (int)dir);
*844d9543SConrad Meyer
*844d9543SConrad Meyer		if (desc->ioc)
*844d9543SConrad Meyer			memcpy(&qp->completions_ring[qp->cq_tail], cctx,
*844d9543SConrad Meyer			    sizeof(*cctx));
*844d9543SConrad Meyer
*844d9543SConrad Meyer		desc->aes.encrypt = dir;
*844d9543SConrad Meyer		desc->aes.mode = s->blkcipher.cipher_mode;
*844d9543SConrad Meyer		desc->aes.type = s->blkcipher.cipher_type;
*844d9543SConrad Meyer		if (crd->crd_alg == CRYPTO_AES_ICM)
*844d9543SConrad Meyer			/*
*844d9543SConrad Meyer			 * Size of CTR value in bits, - 1.  ICM mode uses all
*844d9543SConrad Meyer			 * 128 bits as counter.
*844d9543SConrad Meyer			 */
*844d9543SConrad Meyer			desc->aes.size = 127;
*844d9543SConrad Meyer
*844d9543SConrad Meyer		DPRINTF(dev, "%s: AES %u: mode:%u type:%u size:%u\n", __func__,
*844d9543SConrad Meyer		    qp->cq_tail, (unsigned)desc->aes.mode,
*844d9543SConrad Meyer		    (unsigned)desc->aes.type, (unsigned)desc->aes.size);
*844d9543SConrad Meyer
*844d9543SConrad Meyer		desc->length = seg->ss_len;
*844d9543SConrad Meyer		desc->src_lo = (uint32_t)seg->ss_paddr;
*844d9543SConrad Meyer		desc->src_hi = (seg->ss_paddr >> 32);
*844d9543SConrad Meyer		desc->src_mem = CCP_MEMTYPE_SYSTEM;
*844d9543SConrad Meyer
*844d9543SConrad Meyer		/* Crypt in-place */
*844d9543SConrad Meyer		desc->dst_lo = desc->src_lo;
*844d9543SConrad Meyer		desc->dst_hi = desc->src_hi;
*844d9543SConrad Meyer		desc->dst_mem = desc->src_mem;
*844d9543SConrad Meyer
*844d9543SConrad Meyer		desc->key_lo = ccp_queue_lsb_address(qp, LSB_ENTRY_KEY);
*844d9543SConrad Meyer		desc->key_hi = 0;
*844d9543SConrad Meyer		desc->key_mem = CCP_MEMTYPE_SB;
*844d9543SConrad Meyer
*844d9543SConrad Meyer		desc->lsb_ctx_id = ccp_queue_lsb_entry(qp, LSB_ENTRY_IV);
*844d9543SConrad Meyer
*844d9543SConrad Meyer		qp->cq_tail = (qp->cq_tail + 1) %
*844d9543SConrad Meyer		    (1 << qp->cq_softc->ring_size_order);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer	return (0);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerint __must_check
*844d9543SConrad Meyerccp_blkcipher(struct ccp_queue *qp, struct ccp_session *s, struct cryptop *crp)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_completion_ctx ctx;
*844d9543SConrad Meyer	struct cryptodesc *crd;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	crd = crp->crp_desc;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	ctx.callback_fn = ccp_blkcipher_done;
*844d9543SConrad Meyer	ctx.session = s;
*844d9543SConrad Meyer	ctx.callback_arg = crp;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	return (ccp_do_blkcipher(qp, s, crp, crd, &ctx));
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic void
*844d9543SConrad Meyerccp_authenc_done(struct ccp_queue *qp, struct ccp_session *s, void *vcrp,
*844d9543SConrad Meyer    int error)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct cryptodesc *crda;
*844d9543SConrad Meyer	struct cryptop *crp;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	explicit_bzero(&s->blkcipher, sizeof(s->blkcipher));
*844d9543SConrad Meyer
*844d9543SConrad Meyer	crp = vcrp;
*844d9543SConrad Meyer	if (s->cipher_first)
*844d9543SConrad Meyer		crda = crp->crp_desc->crd_next;
*844d9543SConrad Meyer	else
*844d9543SConrad Meyer		crda = crp->crp_desc;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	ccp_do_hmac_done(qp, s, crp, crda, error);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerint __must_check
*844d9543SConrad Meyerccp_authenc(struct ccp_queue *qp, struct ccp_session *s, struct cryptop *crp,
*844d9543SConrad Meyer    struct cryptodesc *crda, struct cryptodesc *crde)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_completion_ctx ctx;
*844d9543SConrad Meyer	int error;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	ctx.callback_fn = ccp_authenc_done;
*844d9543SConrad Meyer	ctx.session = s;
*844d9543SConrad Meyer	ctx.callback_arg = crp;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Perform first operation */
*844d9543SConrad Meyer	if (s->cipher_first)
*844d9543SConrad Meyer		error = ccp_do_blkcipher(qp, s, crp, crde, NULL);
*844d9543SConrad Meyer	else
*844d9543SConrad Meyer		error = ccp_do_hmac(qp, s, crp, crda, NULL);
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		return (error);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Perform second operation */
*844d9543SConrad Meyer	if (s->cipher_first)
*844d9543SConrad Meyer		error = ccp_do_hmac(qp, s, crp, crda, &ctx);
*844d9543SConrad Meyer	else
*844d9543SConrad Meyer		error = ccp_do_blkcipher(qp, s, crp, crde, &ctx);
*844d9543SConrad Meyer	return (error);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic int __must_check
*844d9543SConrad Meyerccp_do_ghash_aad(struct ccp_queue *qp, struct ccp_session *s)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_desc *desc;
*844d9543SConrad Meyer	struct sglist_seg *seg;
*844d9543SConrad Meyer	unsigned i;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if (ccp_queue_get_ring_space(qp) < qp->cq_sg_ulptx->sg_nseg)
*844d9543SConrad Meyer		return (EAGAIN);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	for (i = 0; i < qp->cq_sg_ulptx->sg_nseg; i++) {
*844d9543SConrad Meyer		seg = &qp->cq_sg_ulptx->sg_segs[i];
*844d9543SConrad Meyer
*844d9543SConrad Meyer		desc = &qp->desc_ring[qp->cq_tail];
*844d9543SConrad Meyer
*844d9543SConrad Meyer		desc->engine = CCP_ENGINE_AES;
*844d9543SConrad Meyer		desc->aes.mode = CCP_AES_MODE_GHASH;
*844d9543SConrad Meyer		desc->aes.type = s->blkcipher.cipher_type;
*844d9543SConrad Meyer		desc->aes.encrypt = CCP_AES_MODE_GHASH_AAD;
*844d9543SConrad Meyer
*844d9543SConrad Meyer		desc->som = (i == 0);
*844d9543SConrad Meyer		desc->length = seg->ss_len;
*844d9543SConrad Meyer
*844d9543SConrad Meyer		desc->src_lo = (uint32_t)seg->ss_paddr;
*844d9543SConrad Meyer		desc->src_hi = (seg->ss_paddr >> 32);
*844d9543SConrad Meyer		desc->src_mem = CCP_MEMTYPE_SYSTEM;
*844d9543SConrad Meyer
*844d9543SConrad Meyer		desc->lsb_ctx_id = ccp_queue_lsb_entry(qp, LSB_ENTRY_IV);
*844d9543SConrad Meyer
*844d9543SConrad Meyer		desc->key_lo = ccp_queue_lsb_address(qp, LSB_ENTRY_KEY);
*844d9543SConrad Meyer		desc->key_mem = CCP_MEMTYPE_SB;
*844d9543SConrad Meyer
*844d9543SConrad Meyer		qp->cq_tail = (qp->cq_tail + 1) %
*844d9543SConrad Meyer		    (1 << qp->cq_softc->ring_size_order);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer	return (0);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic int __must_check
*844d9543SConrad Meyerccp_do_gctr(struct ccp_queue *qp, struct ccp_session *s,
*844d9543SConrad Meyer    enum ccp_cipher_dir dir, struct sglist_seg *seg, bool som, bool eom)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_desc *desc;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if (ccp_queue_get_ring_space(qp) == 0)
*844d9543SConrad Meyer		return (EAGAIN);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc = &qp->desc_ring[qp->cq_tail];
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc->engine = CCP_ENGINE_AES;
*844d9543SConrad Meyer	desc->aes.mode = CCP_AES_MODE_GCTR;
*844d9543SConrad Meyer	desc->aes.type = s->blkcipher.cipher_type;
*844d9543SConrad Meyer	desc->aes.encrypt = dir;
*844d9543SConrad Meyer	desc->aes.size = 8 * (seg->ss_len % GMAC_BLOCK_LEN) - 1;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc->som = som;
*844d9543SConrad Meyer	desc->eom = eom;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Trailing bytes will be masked off by aes.size above. */
*844d9543SConrad Meyer	desc->length = roundup2(seg->ss_len, GMAC_BLOCK_LEN);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc->dst_lo = desc->src_lo = (uint32_t)seg->ss_paddr;
*844d9543SConrad Meyer	desc->dst_hi = desc->src_hi = seg->ss_paddr >> 32;
*844d9543SConrad Meyer	desc->dst_mem = desc->src_mem = CCP_MEMTYPE_SYSTEM;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc->lsb_ctx_id = ccp_queue_lsb_entry(qp, LSB_ENTRY_IV);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc->key_lo = ccp_queue_lsb_address(qp, LSB_ENTRY_KEY);
*844d9543SConrad Meyer	desc->key_mem = CCP_MEMTYPE_SB;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	qp->cq_tail = (qp->cq_tail + 1) %
*844d9543SConrad Meyer	    (1 << qp->cq_softc->ring_size_order);
*844d9543SConrad Meyer	return (0);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic int __must_check
*844d9543SConrad Meyerccp_do_ghash_final(struct ccp_queue *qp, struct ccp_session *s)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_desc *desc;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if (ccp_queue_get_ring_space(qp) == 0)
*844d9543SConrad Meyer		return (EAGAIN);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc = &qp->desc_ring[qp->cq_tail];
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc->engine = CCP_ENGINE_AES;
*844d9543SConrad Meyer	desc->aes.mode = CCP_AES_MODE_GHASH;
*844d9543SConrad Meyer	desc->aes.type = s->blkcipher.cipher_type;
*844d9543SConrad Meyer	desc->aes.encrypt = CCP_AES_MODE_GHASH_FINAL;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc->length = GMAC_BLOCK_LEN;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc->src_lo = ccp_queue_lsb_address(qp, LSB_ENTRY_GHASH_IN);
*844d9543SConrad Meyer	desc->src_mem = CCP_MEMTYPE_SB;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc->lsb_ctx_id = ccp_queue_lsb_entry(qp, LSB_ENTRY_IV);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc->key_lo = ccp_queue_lsb_address(qp, LSB_ENTRY_KEY);
*844d9543SConrad Meyer	desc->key_mem = CCP_MEMTYPE_SB;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	desc->dst_lo = ccp_queue_lsb_address(qp, LSB_ENTRY_GHASH);
*844d9543SConrad Meyer	desc->dst_mem = CCP_MEMTYPE_SB;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	qp->cq_tail = (qp->cq_tail + 1) %
*844d9543SConrad Meyer	    (1 << qp->cq_softc->ring_size_order);
*844d9543SConrad Meyer	return (0);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerstatic void
*844d9543SConrad Meyerccp_gcm_done(struct ccp_queue *qp, struct ccp_session *s, void *vcrp,
*844d9543SConrad Meyer    int error)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	char tag[GMAC_DIGEST_LEN];
*844d9543SConrad Meyer	struct cryptodesc *crde, *crda;
*844d9543SConrad Meyer	struct cryptop *crp;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	crp = vcrp;
*844d9543SConrad Meyer	if (s->cipher_first) {
*844d9543SConrad Meyer		crde = crp->crp_desc;
*844d9543SConrad Meyer		crda = crp->crp_desc->crd_next;
*844d9543SConrad Meyer	} else {
*844d9543SConrad Meyer		crde = crp->crp_desc->crd_next;
*844d9543SConrad Meyer		crda = crp->crp_desc;
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	s->pending--;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if (error != 0) {
*844d9543SConrad Meyer		crp->crp_etype = error;
*844d9543SConrad Meyer		goto out;
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Encrypt is done.  Decrypt needs to verify tag. */
*844d9543SConrad Meyer	if ((crde->crd_flags & CRD_F_ENCRYPT) != 0)
*844d9543SConrad Meyer		goto out;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Copy in message tag. */
*844d9543SConrad Meyer	crypto_copydata(crp->crp_flags, crp->crp_buf, crda->crd_inject,
*844d9543SConrad Meyer	    sizeof(tag), tag);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Verify tag against computed GMAC */
*844d9543SConrad Meyer	if (timingsafe_bcmp(tag, s->gmac.final_block, s->gmac.hash_len) != 0)
*844d9543SConrad Meyer		crp->crp_etype = EBADMSG;
*844d9543SConrad Meyer
*844d9543SConrad Meyerout:
*844d9543SConrad Meyer	explicit_bzero(&s->blkcipher, sizeof(s->blkcipher));
*844d9543SConrad Meyer	explicit_bzero(&s->gmac, sizeof(s->gmac));
*844d9543SConrad Meyer	crypto_done(crp);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyerint __must_check
*844d9543SConrad Meyerccp_gcm(struct ccp_queue *qp, struct ccp_session *s, struct cryptop *crp,
*844d9543SConrad Meyer    struct cryptodesc *crda, struct cryptodesc *crde)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	struct ccp_completion_ctx ctx;
*844d9543SConrad Meyer	enum ccp_cipher_dir dir;
*844d9543SConrad Meyer	device_t dev;
*844d9543SConrad Meyer	unsigned i;
*844d9543SConrad Meyer	int error;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if (s->blkcipher.key_len == 0)
*844d9543SConrad Meyer		return (EINVAL);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/*
*844d9543SConrad Meyer	 * AAD is only permitted before the cipher/plain text, not
*844d9543SConrad Meyer	 * after.
*844d9543SConrad Meyer	 */
*844d9543SConrad Meyer	if (crda->crd_len + crda->crd_skip > crde->crd_len + crde->crd_skip)
*844d9543SConrad Meyer		return (EINVAL);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	dev = qp->cq_softc->dev;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	if ((crde->crd_flags & CRD_F_ENCRYPT) != 0)
*844d9543SConrad Meyer		dir = CCP_CIPHER_DIR_ENCRYPT;
*844d9543SConrad Meyer	else
*844d9543SConrad Meyer		dir = CCP_CIPHER_DIR_DECRYPT;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Zero initial GHASH portion of context */
*844d9543SConrad Meyer	memset(s->blkcipher.iv, 0, sizeof(s->blkcipher.iv));
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Gather IV data */
*844d9543SConrad Meyer	ccp_collect_iv(s, crp, crde);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Reverse order of key material for HW */
*844d9543SConrad Meyer	ccp_byteswap(s->blkcipher.enckey, s->blkcipher.key_len);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Prepare input buffer of concatenated lengths for final GHASH */
*844d9543SConrad Meyer	be64enc(s->gmac.final_block, (uint64_t)crda->crd_len * 8);
*844d9543SConrad Meyer	be64enc(&s->gmac.final_block[8], (uint64_t)crde->crd_len * 8);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Send IV + initial zero GHASH, key data, and lengths buffer to LSB */
*844d9543SConrad Meyer	error = ccp_do_pst_to_lsb(qp, ccp_queue_lsb_address(qp, LSB_ENTRY_IV),
*844d9543SConrad Meyer	    s->blkcipher.iv, 32);
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		return (error);
*844d9543SConrad Meyer	error = ccp_do_pst_to_lsb(qp, ccp_queue_lsb_address(qp, LSB_ENTRY_KEY),
*844d9543SConrad Meyer	    s->blkcipher.enckey, s->blkcipher.key_len);
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		return (error);
*844d9543SConrad Meyer	error = ccp_do_pst_to_lsb(qp,
*844d9543SConrad Meyer	    ccp_queue_lsb_address(qp, LSB_ENTRY_GHASH_IN), s->gmac.final_block,
*844d9543SConrad Meyer	    GMAC_BLOCK_LEN);
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		return (error);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* First step - compute GHASH over AAD */
*844d9543SConrad Meyer	if (crda->crd_len != 0) {
*844d9543SConrad Meyer		sglist_reset(qp->cq_sg_ulptx);
*844d9543SConrad Meyer		error = sglist_append_sglist(qp->cq_sg_ulptx, qp->cq_sg_crp,
*844d9543SConrad Meyer		    crda->crd_skip, crda->crd_len);
*844d9543SConrad Meyer		if (error != 0)
*844d9543SConrad Meyer			return (error);
*844d9543SConrad Meyer
*844d9543SConrad Meyer		/* This engine cannot process non-block multiple AAD data. */
*844d9543SConrad Meyer		for (i = 0; i < qp->cq_sg_ulptx->sg_nseg; i++)
*844d9543SConrad Meyer			if ((qp->cq_sg_ulptx->sg_segs[i].ss_len %
*844d9543SConrad Meyer			    GMAC_BLOCK_LEN) != 0) {
*844d9543SConrad Meyer				DPRINTF(dev, "%s: AD seg modulo: %zu\n",
*844d9543SConrad Meyer				    __func__,
*844d9543SConrad Meyer				    qp->cq_sg_ulptx->sg_segs[i].ss_len);
*844d9543SConrad Meyer				return (EINVAL);
*844d9543SConrad Meyer			}
*844d9543SConrad Meyer
*844d9543SConrad Meyer		error = ccp_do_ghash_aad(qp, s);
*844d9543SConrad Meyer		if (error != 0)
*844d9543SConrad Meyer			return (error);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Feed data piece by piece into GCTR */
*844d9543SConrad Meyer	sglist_reset(qp->cq_sg_ulptx);
*844d9543SConrad Meyer	error = sglist_append_sglist(qp->cq_sg_ulptx, qp->cq_sg_crp,
*844d9543SConrad Meyer	    crde->crd_skip, crde->crd_len);
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		return (error);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/*
*844d9543SConrad Meyer	 * All segments except the last must be even multiples of AES block
*844d9543SConrad Meyer	 * size for the HW to process it.  Non-compliant inputs aren't bogus,
*844d9543SConrad Meyer	 * just not doable on this hardware.
*844d9543SConrad Meyer	 *
*844d9543SConrad Meyer	 * XXX: Well, the hardware will produce a valid tag for shorter final
*844d9543SConrad Meyer	 * segment inputs, but it will still write out a block-sized plaintext
*844d9543SConrad Meyer	 * or ciphertext chunk.  For a typical CRP this tramples trailing data,
*844d9543SConrad Meyer	 * including the provided message tag.  So, reject such inputs for now.
*844d9543SConrad Meyer	 */
*844d9543SConrad Meyer	for (i = 0; i < qp->cq_sg_ulptx->sg_nseg; i++)
*844d9543SConrad Meyer		if ((qp->cq_sg_ulptx->sg_segs[i].ss_len % AES_BLOCK_LEN) != 0) {
*844d9543SConrad Meyer			DPRINTF(dev, "%s: seg modulo: %zu\n", __func__,
*844d9543SConrad Meyer			    qp->cq_sg_ulptx->sg_segs[i].ss_len);
*844d9543SConrad Meyer			return (EINVAL);
*844d9543SConrad Meyer		}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	for (i = 0; i < qp->cq_sg_ulptx->sg_nseg; i++) {
*844d9543SConrad Meyer		struct sglist_seg *seg;
*844d9543SConrad Meyer
*844d9543SConrad Meyer		seg = &qp->cq_sg_ulptx->sg_segs[i];
*844d9543SConrad Meyer		error = ccp_do_gctr(qp, s, dir, seg,
*844d9543SConrad Meyer		    (i == 0 && crda->crd_len == 0),
*844d9543SConrad Meyer		    i == (qp->cq_sg_ulptx->sg_nseg - 1));
*844d9543SConrad Meyer		if (error != 0)
*844d9543SConrad Meyer			return (error);
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Send just initial IV (not GHASH!) to LSB again */
*844d9543SConrad Meyer	error = ccp_do_pst_to_lsb(qp, ccp_queue_lsb_address(qp, LSB_ENTRY_IV),
*844d9543SConrad Meyer	    s->blkcipher.iv, s->blkcipher.iv_len);
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		return (error);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	ctx.callback_fn = ccp_gcm_done;
*844d9543SConrad Meyer	ctx.session = s;
*844d9543SConrad Meyer	ctx.callback_arg = crp;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* Compute final hash and copy result back */
*844d9543SConrad Meyer	error = ccp_do_ghash_final(qp, s);
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		return (error);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	/* When encrypting, copy computed tag out to caller buffer. */
*844d9543SConrad Meyer	sglist_reset(qp->cq_sg_ulptx);
*844d9543SConrad Meyer	if (dir == CCP_CIPHER_DIR_ENCRYPT)
*844d9543SConrad Meyer		error = sglist_append_sglist(qp->cq_sg_ulptx, qp->cq_sg_crp,
*844d9543SConrad Meyer		    crda->crd_inject, s->gmac.hash_len);
*844d9543SConrad Meyer	else
*844d9543SConrad Meyer		/*
*844d9543SConrad Meyer		 * For decrypting, copy the computed tag out to our session
*844d9543SConrad Meyer		 * buffer to verify in our callback.
*844d9543SConrad Meyer		 */
*844d9543SConrad Meyer		error = sglist_append(qp->cq_sg_ulptx, s->gmac.final_block,
*844d9543SConrad Meyer		    s->gmac.hash_len);
*844d9543SConrad Meyer	if (error != 0)
*844d9543SConrad Meyer		return (error);
*844d9543SConrad Meyer	error = ccp_passthrough_sgl(qp,
*844d9543SConrad Meyer	    ccp_queue_lsb_address(qp, LSB_ENTRY_GHASH), false, qp->cq_sg_ulptx,
*844d9543SConrad Meyer	    s->gmac.hash_len, true, &ctx);
*844d9543SConrad Meyer	return (error);
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyer#define MAX_TRNG_RETRIES	10
*844d9543SConrad Meyeru_int
*844d9543SConrad Meyerrandom_ccp_read(void *v, u_int c)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	uint32_t *buf;
*844d9543SConrad Meyer	u_int i, j;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	KASSERT(c % sizeof(*buf) == 0, ("%u not multiple of u_long", c));
*844d9543SConrad Meyer
*844d9543SConrad Meyer	buf = v;
*844d9543SConrad Meyer	for (i = c; i > 0; i -= sizeof(*buf)) {
*844d9543SConrad Meyer		for (j = 0; j < MAX_TRNG_RETRIES; j++) {
*844d9543SConrad Meyer			*buf = ccp_read_4(g_ccp_softc, TRNG_OUT_OFFSET);
*844d9543SConrad Meyer			if (*buf != 0)
*844d9543SConrad Meyer				break;
*844d9543SConrad Meyer		}
*844d9543SConrad Meyer		if (j == MAX_TRNG_RETRIES)
*844d9543SConrad Meyer			return (0);
*844d9543SConrad Meyer		buf++;
*844d9543SConrad Meyer	}
*844d9543SConrad Meyer	return (c);
*844d9543SConrad Meyer
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyer#ifdef DDB
*844d9543SConrad Meyervoid
*844d9543SConrad Meyerdb_ccp_show_hw(struct ccp_softc *sc)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer
*844d9543SConrad Meyer	db_printf("  queue mask: 0x%x\n",
*844d9543SConrad Meyer	    ccp_read_4(sc, CMD_QUEUE_MASK_OFFSET));
*844d9543SConrad Meyer	db_printf("  queue prio: 0x%x\n",
*844d9543SConrad Meyer	    ccp_read_4(sc, CMD_QUEUE_PRIO_OFFSET));
*844d9543SConrad Meyer	db_printf("  reqid: 0x%x\n", ccp_read_4(sc, CMD_REQID_CONFIG_OFFSET));
*844d9543SConrad Meyer	db_printf("  trng output: 0x%x\n", ccp_read_4(sc, TRNG_OUT_OFFSET));
*844d9543SConrad Meyer	db_printf("  cmd timeout: 0x%x\n",
*844d9543SConrad Meyer	    ccp_read_4(sc, CMD_CMD_TIMEOUT_OFFSET));
*844d9543SConrad Meyer	db_printf("  lsb public mask lo: 0x%x\n",
*844d9543SConrad Meyer	    ccp_read_4(sc, LSB_PUBLIC_MASK_LO_OFFSET));
*844d9543SConrad Meyer	db_printf("  lsb public mask hi: 0x%x\n",
*844d9543SConrad Meyer	    ccp_read_4(sc, LSB_PUBLIC_MASK_HI_OFFSET));
*844d9543SConrad Meyer	db_printf("  lsb private mask lo: 0x%x\n",
*844d9543SConrad Meyer	    ccp_read_4(sc, LSB_PRIVATE_MASK_LO_OFFSET));
*844d9543SConrad Meyer	db_printf("  lsb private mask hi: 0x%x\n",
*844d9543SConrad Meyer	    ccp_read_4(sc, LSB_PRIVATE_MASK_HI_OFFSET));
*844d9543SConrad Meyer	db_printf("  version: 0x%x\n", ccp_read_4(sc, VERSION_REG));
*844d9543SConrad Meyer}
*844d9543SConrad Meyer
*844d9543SConrad Meyervoid
*844d9543SConrad Meyerdb_ccp_show_queue_hw(struct ccp_queue *qp)
*844d9543SConrad Meyer{
*844d9543SConrad Meyer	const struct ccp_error_code *ec;
*844d9543SConrad Meyer	struct ccp_softc *sc;
*844d9543SConrad Meyer	uint32_t status, error, esource, faultblock, headlo, qcontrol;
*844d9543SConrad Meyer	unsigned q, i;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	sc = qp->cq_softc;
*844d9543SConrad Meyer	q = qp->cq_qindex;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	qcontrol = ccp_read_queue_4(sc, q, CMD_Q_CONTROL_BASE);
*844d9543SConrad Meyer	db_printf("  qcontrol: 0x%x%s%s\n", qcontrol,
*844d9543SConrad Meyer	    (qcontrol & CMD_Q_RUN) ? " RUN" : "",
*844d9543SConrad Meyer	    (qcontrol & CMD_Q_HALTED) ? " HALTED" : "");
*844d9543SConrad Meyer	db_printf("  tail_lo: 0x%x\n",
*844d9543SConrad Meyer	    ccp_read_queue_4(sc, q, CMD_Q_TAIL_LO_BASE));
*844d9543SConrad Meyer	headlo = ccp_read_queue_4(sc, q, CMD_Q_HEAD_LO_BASE);
*844d9543SConrad Meyer	db_printf("  head_lo: 0x%x\n", headlo);
*844d9543SConrad Meyer	db_printf("  int enable: 0x%x\n",
*844d9543SConrad Meyer	    ccp_read_queue_4(sc, q, CMD_Q_INT_ENABLE_BASE));
*844d9543SConrad Meyer	db_printf("  interrupt status: 0x%x\n",
*844d9543SConrad Meyer	    ccp_read_queue_4(sc, q, CMD_Q_INTERRUPT_STATUS_BASE));
*844d9543SConrad Meyer	status = ccp_read_queue_4(sc, q, CMD_Q_STATUS_BASE);
*844d9543SConrad Meyer	db_printf("  status: 0x%x\n", status);
*844d9543SConrad Meyer	db_printf("  int stats: 0x%x\n",
*844d9543SConrad Meyer	    ccp_read_queue_4(sc, q, CMD_Q_INT_STATUS_BASE));
*844d9543SConrad Meyer
*844d9543SConrad Meyer	error = status & STATUS_ERROR_MASK;
*844d9543SConrad Meyer	if (error == 0)
*844d9543SConrad Meyer		return;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	esource = (status >> STATUS_ERRORSOURCE_SHIFT) &
*844d9543SConrad Meyer	    STATUS_ERRORSOURCE_MASK;
*844d9543SConrad Meyer	faultblock = (status >> STATUS_VLSB_FAULTBLOCK_SHIFT) &
*844d9543SConrad Meyer	    STATUS_VLSB_FAULTBLOCK_MASK;
*844d9543SConrad Meyer
*844d9543SConrad Meyer	ec = NULL;
*844d9543SConrad Meyer	for (i = 0; i < nitems(ccp_error_codes); i++)
*844d9543SConrad Meyer		if (ccp_error_codes[i].ce_code == error)
*844d9543SConrad Meyer			break;
*844d9543SConrad Meyer	if (i < nitems(ccp_error_codes))
*844d9543SConrad Meyer		ec = &ccp_error_codes[i];
*844d9543SConrad Meyer
*844d9543SConrad Meyer	db_printf("  Error: %s (%u) Source: %u Faulting LSB block: %u\n",
*844d9543SConrad Meyer	    (ec != NULL) ? ec->ce_name : "(reserved)", error, esource,
*844d9543SConrad Meyer	    faultblock);
*844d9543SConrad Meyer	if (ec != NULL)
*844d9543SConrad Meyer		db_printf("  Error description: %s\n", ec->ce_desc);
*844d9543SConrad Meyer
*844d9543SConrad Meyer	i = (headlo - (uint32_t)qp->desc_ring_bus_addr) / Q_DESC_SIZE;
*844d9543SConrad Meyer	db_printf("  Bad descriptor idx: %u contents:\n  %32D\n", i,
*844d9543SConrad Meyer	    (void *)&qp->desc_ring[i], " ");
*844d9543SConrad Meyer}
*844d9543SConrad Meyer#endif