xref: /freebsd/sys/crypto/via/padlock.c (revision bb15ca603fa442c72dde3f3cb8b46db6970e3950)
1 /*-
2  * Copyright (c) 2005-2008 Pawel Jakub Dawidek <pjd@FreeBSD.org>
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  */
26 
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
29 
30 #include <sys/param.h>
31 #include <sys/systm.h>
32 #include <sys/kernel.h>
33 #include <sys/module.h>
34 #include <sys/lock.h>
35 #include <sys/rwlock.h>
36 #include <sys/malloc.h>
37 #include <sys/libkern.h>
38 #if defined(__amd64__) || (defined(__i386__) && !defined(PC98))
39 #include <machine/cpufunc.h>
40 #include <machine/cputypes.h>
41 #include <machine/md_var.h>
42 #include <machine/specialreg.h>
43 #endif
44 
45 #include <opencrypto/cryptodev.h>
46 
47 #include <crypto/via/padlock.h>
48 
49 #include <sys/kobj.h>
50 #include <sys/bus.h>
51 #include "cryptodev_if.h"
52 
53 /*
54  * Technical documentation about the PadLock engine can be found here:
55  *
56  * http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/programming_guide.pdf
57  */
58 
59 struct padlock_softc {
60 	int32_t		sc_cid;
61 	uint32_t	sc_sid;
62 	TAILQ_HEAD(padlock_sessions_head, padlock_session) sc_sessions;
63 	struct rwlock	sc_sessions_lock;
64 };
65 
66 static int padlock_newsession(device_t, uint32_t *sidp, struct cryptoini *cri);
67 static int padlock_freesession(device_t, uint64_t tid);
68 static void padlock_freesession_one(struct padlock_softc *sc,
69     struct padlock_session *ses, int locked);
70 static int padlock_process(device_t, struct cryptop *crp, int hint __unused);
71 
72 MALLOC_DEFINE(M_PADLOCK, "padlock_data", "PadLock Data");
73 
74 static void
75 padlock_identify(driver_t *drv, device_t parent)
76 {
77 	/* NB: order 10 is so we get attached after h/w devices */
78 	if (device_find_child(parent, "padlock", -1) == NULL &&
79 	    BUS_ADD_CHILD(parent, 10, "padlock", -1) == 0)
80 		panic("padlock: could not attach");
81 }
82 
83 static int
84 padlock_probe(device_t dev)
85 {
86 	char capp[256];
87 
88 #if defined(__amd64__) || (defined(__i386__) && !defined(PC98))
89 	/* If there is no AES support, we has nothing to do here. */
90 	if (!(via_feature_xcrypt & VIA_HAS_AES)) {
91 		device_printf(dev, "No ACE support.\n");
92 		return (EINVAL);
93 	}
94 	strlcpy(capp, "AES-CBC", sizeof(capp));
95 #if 0
96 	strlcat(capp, ",AES-EBC", sizeof(capp));
97 	strlcat(capp, ",AES-CFB", sizeof(capp));
98 	strlcat(capp, ",AES-OFB", sizeof(capp));
99 #endif
100 	if (via_feature_xcrypt & VIA_HAS_SHA) {
101 		strlcat(capp, ",SHA1", sizeof(capp));
102 		strlcat(capp, ",SHA256", sizeof(capp));
103 	}
104 #if 0
105 	if (via_feature_xcrypt & VIA_HAS_AESCTR)
106 		strlcat(capp, ",AES-CTR", sizeof(capp));
107 	if (via_feature_xcrypt & VIA_HAS_MM)
108 		strlcat(capp, ",RSA", sizeof(capp));
109 #endif
110 	device_set_desc_copy(dev, capp);
111 	return (0);
112 #else
113 	return (EINVAL);
114 #endif
115 }
116 
117 static int
118 padlock_attach(device_t dev)
119 {
120 	struct padlock_softc *sc = device_get_softc(dev);
121 
122 	TAILQ_INIT(&sc->sc_sessions);
123 	sc->sc_sid = 1;
124 
125 	sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
126 	if (sc->sc_cid < 0) {
127 		device_printf(dev, "Could not get crypto driver id.\n");
128 		return (ENOMEM);
129 	}
130 
131 	rw_init(&sc->sc_sessions_lock, "padlock_lock");
132 	crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0);
133 	crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0);
134 	crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0);
135 	crypto_register(sc->sc_cid, CRYPTO_RIPEMD160_HMAC, 0, 0);
136 	crypto_register(sc->sc_cid, CRYPTO_SHA2_256_HMAC, 0, 0);
137 	crypto_register(sc->sc_cid, CRYPTO_SHA2_384_HMAC, 0, 0);
138 	crypto_register(sc->sc_cid, CRYPTO_SHA2_512_HMAC, 0, 0);
139 	return (0);
140 }
141 
142 static int
143 padlock_detach(device_t dev)
144 {
145 	struct padlock_softc *sc = device_get_softc(dev);
146 	struct padlock_session *ses;
147 
148 	rw_wlock(&sc->sc_sessions_lock);
149 	TAILQ_FOREACH(ses, &sc->sc_sessions, ses_next) {
150 		if (ses->ses_used) {
151 			rw_wunlock(&sc->sc_sessions_lock);
152 			device_printf(dev,
153 			    "Cannot detach, sessions still active.\n");
154 			return (EBUSY);
155 		}
156 	}
157 	while ((ses = TAILQ_FIRST(&sc->sc_sessions)) != NULL) {
158 		TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
159 		free(ses, M_PADLOCK);
160 	}
161 	rw_destroy(&sc->sc_sessions_lock);
162 	crypto_unregister_all(sc->sc_cid);
163 	return (0);
164 }
165 
166 static int
167 padlock_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
168 {
169 	struct padlock_softc *sc = device_get_softc(dev);
170 	struct padlock_session *ses = NULL;
171 	struct cryptoini *encini, *macini;
172 	struct thread *td;
173 	int error, saved_ctx;
174 
175 	if (sidp == NULL || cri == NULL)
176 		return (EINVAL);
177 
178 	encini = macini = NULL;
179 	for (; cri != NULL; cri = cri->cri_next) {
180 		switch (cri->cri_alg) {
181 		case CRYPTO_NULL_HMAC:
182 		case CRYPTO_MD5_HMAC:
183 		case CRYPTO_SHA1_HMAC:
184 		case CRYPTO_RIPEMD160_HMAC:
185 		case CRYPTO_SHA2_256_HMAC:
186 		case CRYPTO_SHA2_384_HMAC:
187 		case CRYPTO_SHA2_512_HMAC:
188 			if (macini != NULL)
189 				return (EINVAL);
190 			macini = cri;
191 			break;
192 		case CRYPTO_AES_CBC:
193 			if (encini != NULL)
194 				return (EINVAL);
195 			encini = cri;
196 			break;
197 		default:
198 			return (EINVAL);
199 		}
200 	}
201 
202 	/*
203 	 * We only support HMAC algorithms to be able to work with
204 	 * ipsec(4), so if we are asked only for authentication without
205 	 * encryption, don't pretend we can accellerate it.
206 	 */
207 	if (encini == NULL)
208 		return (EINVAL);
209 
210 	/*
211 	 * Let's look for a free session structure.
212 	 */
213 	rw_wlock(&sc->sc_sessions_lock);
214 	/*
215 	 * Free sessions goes first, so if first session is used, we need to
216 	 * allocate one.
217 	 */
218 	ses = TAILQ_FIRST(&sc->sc_sessions);
219 	if (ses == NULL || ses->ses_used) {
220 		ses = malloc(sizeof(*ses), M_PADLOCK, M_NOWAIT | M_ZERO);
221 		if (ses == NULL) {
222 			rw_wunlock(&sc->sc_sessions_lock);
223 			return (ENOMEM);
224 		}
225 		ses->ses_id = sc->sc_sid++;
226 	} else {
227 		TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
228 	}
229 	ses->ses_used = 1;
230 	TAILQ_INSERT_TAIL(&sc->sc_sessions, ses, ses_next);
231 	rw_wunlock(&sc->sc_sessions_lock);
232 
233 	error = padlock_cipher_setup(ses, encini);
234 	if (error != 0) {
235 		padlock_freesession_one(sc, ses, 0);
236 		return (error);
237 	}
238 
239 	if (macini != NULL) {
240 		td = curthread;
241 		if (!is_fpu_kern_thread(0)) {
242 			error = fpu_kern_enter(td, &ses->ses_fpu_ctx,
243 			    FPU_KERN_NORMAL);
244 			saved_ctx = 1;
245 		} else {
246 			error = 0;
247 			saved_ctx = 0;
248 		}
249 		if (error == 0) {
250 			error = padlock_hash_setup(ses, macini);
251 			if (saved_ctx)
252 				fpu_kern_leave(td, &ses->ses_fpu_ctx);
253 		}
254 		if (error != 0) {
255 			padlock_freesession_one(sc, ses, 0);
256 			return (error);
257 		}
258 	}
259 
260 	*sidp = ses->ses_id;
261 	return (0);
262 }
263 
264 static void
265 padlock_freesession_one(struct padlock_softc *sc, struct padlock_session *ses,
266     int locked)
267 {
268 	uint32_t sid = ses->ses_id;
269 
270 	if (!locked)
271 		rw_wlock(&sc->sc_sessions_lock);
272 	TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
273 	padlock_hash_free(ses);
274 	bzero(ses, sizeof(*ses));
275 	ses->ses_used = 0;
276 	ses->ses_id = sid;
277 	TAILQ_INSERT_HEAD(&sc->sc_sessions, ses, ses_next);
278 	if (!locked)
279 		rw_wunlock(&sc->sc_sessions_lock);
280 }
281 
282 static int
283 padlock_freesession(device_t dev, uint64_t tid)
284 {
285 	struct padlock_softc *sc = device_get_softc(dev);
286 	struct padlock_session *ses;
287 	uint32_t sid = ((uint32_t)tid) & 0xffffffff;
288 
289 	rw_wlock(&sc->sc_sessions_lock);
290 	TAILQ_FOREACH_REVERSE(ses, &sc->sc_sessions, padlock_sessions_head,
291 	    ses_next) {
292 		if (ses->ses_id == sid)
293 			break;
294 	}
295 	if (ses == NULL) {
296 		rw_wunlock(&sc->sc_sessions_lock);
297 		return (EINVAL);
298 	}
299 	padlock_freesession_one(sc, ses, 1);
300 	rw_wunlock(&sc->sc_sessions_lock);
301 	return (0);
302 }
303 
304 static int
305 padlock_process(device_t dev, struct cryptop *crp, int hint __unused)
306 {
307 	struct padlock_softc *sc = device_get_softc(dev);
308 	struct padlock_session *ses = NULL;
309 	struct cryptodesc *crd, *enccrd, *maccrd;
310 	int error = 0;
311 
312 	enccrd = maccrd = NULL;
313 
314 	/* Sanity check. */
315 	if (crp == NULL)
316 		return (EINVAL);
317 
318 	if (crp->crp_callback == NULL || crp->crp_desc == NULL) {
319 		error = EINVAL;
320 		goto out;
321 	}
322 
323 	for (crd = crp->crp_desc; crd != NULL; crd = crd->crd_next) {
324 		switch (crd->crd_alg) {
325 		case CRYPTO_NULL_HMAC:
326 		case CRYPTO_MD5_HMAC:
327 		case CRYPTO_SHA1_HMAC:
328 		case CRYPTO_RIPEMD160_HMAC:
329 		case CRYPTO_SHA2_256_HMAC:
330 		case CRYPTO_SHA2_384_HMAC:
331 		case CRYPTO_SHA2_512_HMAC:
332 			if (maccrd != NULL) {
333 				error = EINVAL;
334 				goto out;
335 			}
336 			maccrd = crd;
337 			break;
338 		case CRYPTO_AES_CBC:
339 			if (enccrd != NULL) {
340 				error = EINVAL;
341 				goto out;
342 			}
343 			enccrd = crd;
344 			break;
345 		default:
346 			return (EINVAL);
347 		}
348 	}
349 	if (enccrd == NULL || (enccrd->crd_len % AES_BLOCK_LEN) != 0) {
350 		error = EINVAL;
351 		goto out;
352 	}
353 
354 	rw_rlock(&sc->sc_sessions_lock);
355 	TAILQ_FOREACH_REVERSE(ses, &sc->sc_sessions, padlock_sessions_head,
356 	    ses_next) {
357 		if (ses->ses_id == (crp->crp_sid & 0xffffffff))
358 			break;
359 	}
360 	rw_runlock(&sc->sc_sessions_lock);
361 	if (ses == NULL) {
362 		error = EINVAL;
363 		goto out;
364 	}
365 
366 	/* Perform data authentication if requested before encryption. */
367 	if (maccrd != NULL && maccrd->crd_next == enccrd) {
368 		error = padlock_hash_process(ses, maccrd, crp);
369 		if (error != 0)
370 			goto out;
371 	}
372 
373 	error = padlock_cipher_process(ses, enccrd, crp);
374 	if (error != 0)
375 		goto out;
376 
377 	/* Perform data authentication if requested after encryption. */
378 	if (maccrd != NULL && enccrd->crd_next == maccrd) {
379 		error = padlock_hash_process(ses, maccrd, crp);
380 		if (error != 0)
381 			goto out;
382 	}
383 
384 out:
385 #if 0
386 	/*
387 	 * This code is not necessary, because contexts will be freed on next
388 	 * padlock_setup_mackey() call or at padlock_freesession() call.
389 	 */
390 	if (ses != NULL && maccrd != NULL &&
391 	    (maccrd->crd_flags & CRD_F_KEY_EXPLICIT) != 0) {
392 		padlock_free_ctx(ses->ses_axf, ses->ses_ictx);
393 		padlock_free_ctx(ses->ses_axf, ses->ses_octx);
394 	}
395 #endif
396 	crp->crp_etype = error;
397 	crypto_done(crp);
398 	return (error);
399 }
400 
401 static device_method_t padlock_methods[] = {
402 	DEVMETHOD(device_identify,	padlock_identify),
403 	DEVMETHOD(device_probe,		padlock_probe),
404 	DEVMETHOD(device_attach,	padlock_attach),
405 	DEVMETHOD(device_detach,	padlock_detach),
406 
407 	DEVMETHOD(cryptodev_newsession,	padlock_newsession),
408 	DEVMETHOD(cryptodev_freesession,padlock_freesession),
409 	DEVMETHOD(cryptodev_process,	padlock_process),
410 
411 	{0, 0},
412 };
413 
414 static driver_t padlock_driver = {
415 	"padlock",
416 	padlock_methods,
417 	sizeof(struct padlock_softc),
418 };
419 static devclass_t padlock_devclass;
420 
421 /* XXX where to attach */
422 DRIVER_MODULE(padlock, nexus, padlock_driver, padlock_devclass, 0, 0);
423 MODULE_VERSION(padlock, 1);
424 MODULE_DEPEND(padlock, crypto, 1, 1, 1);
425