1 /* $OpenBSD: glxsb.c,v 1.7 2007/02/12 14:31:45 tom Exp $ */ 2 3 /* 4 * Copyright (c) 2006 Tom Cosgrove <tom@openbsd.org> 5 * Copyright (c) 2003, 2004 Theo de Raadt 6 * Copyright (c) 2003 Jason Wright 7 * 8 * Permission to use, copy, modify, and distribute this software for any 9 * purpose with or without fee is hereby granted, provided that the above 10 * copyright notice and this permission notice appear in all copies. 11 * 12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 */ 20 21 /* 22 * Driver for the security block on the AMD Geode LX processors 23 * http://www.amd.com/files/connectivitysolutions/geode/geode_lx/33234d_lx_ds.pdf 24 */ 25 26 #include <sys/cdefs.h> 27 __FBSDID("$FreeBSD$"); 28 29 #include <sys/param.h> 30 #include <sys/systm.h> 31 #include <sys/bus.h> 32 #include <sys/errno.h> 33 #include <sys/kernel.h> 34 #include <sys/lock.h> 35 #include <sys/malloc.h> 36 #include <sys/mbuf.h> 37 #include <sys/module.h> 38 #include <sys/mutex.h> 39 #include <sys/proc.h> 40 #include <sys/random.h> 41 #include <sys/rman.h> 42 #include <sys/rwlock.h> 43 #include <sys/sysctl.h> 44 #include <sys/taskqueue.h> 45 46 #include <machine/bus.h> 47 #include <machine/cpufunc.h> 48 #include <machine/resource.h> 49 50 #include <dev/pci/pcivar.h> 51 #include <dev/pci/pcireg.h> 52 53 #include <opencrypto/cryptodev.h> 54 #include <opencrypto/xform.h> 55 56 #include "cryptodev_if.h" 57 #include "glxsb.h" 58 59 #define PCI_VENDOR_AMD 0x1022 /* AMD */ 60 #define PCI_PRODUCT_AMD_GEODE_LX_CRYPTO 0x2082 /* Geode LX Crypto */ 61 62 #define SB_GLD_MSR_CAP 0x58002000 /* RO - Capabilities */ 63 #define SB_GLD_MSR_CONFIG 0x58002001 /* RW - Master Config */ 64 #define SB_GLD_MSR_SMI 0x58002002 /* RW - SMI */ 65 #define SB_GLD_MSR_ERROR 0x58002003 /* RW - Error */ 66 #define SB_GLD_MSR_PM 0x58002004 /* RW - Power Mgmt */ 67 #define SB_GLD_MSR_DIAG 0x58002005 /* RW - Diagnostic */ 68 #define SB_GLD_MSR_CTRL 0x58002006 /* RW - Security Block Cntrl */ 69 70 /* For GLD_MSR_CTRL: */ 71 #define SB_GMC_DIV0 0x0000 /* AES update divisor values */ 72 #define SB_GMC_DIV1 0x0001 73 #define SB_GMC_DIV2 0x0002 74 #define SB_GMC_DIV3 0x0003 75 #define SB_GMC_DIV_MASK 0x0003 76 #define SB_GMC_SBI 0x0004 /* AES swap bits */ 77 #define SB_GMC_SBY 0x0008 /* AES swap bytes */ 78 #define SB_GMC_TW 0x0010 /* Time write (EEPROM) */ 79 #define SB_GMC_T_SEL0 0x0000 /* RNG post-proc: none */ 80 #define SB_GMC_T_SEL1 0x0100 /* RNG post-proc: LFSR */ 81 #define SB_GMC_T_SEL2 0x0200 /* RNG post-proc: whitener */ 82 #define SB_GMC_T_SEL3 0x0300 /* RNG LFSR+whitener */ 83 #define SB_GMC_T_SEL_MASK 0x0300 84 #define SB_GMC_T_NE 0x0400 /* Noise (generator) Enable */ 85 #define SB_GMC_T_TM 0x0800 /* RNG test mode */ 86 /* (deterministic) */ 87 88 /* Security Block configuration/control registers (offsets from base) */ 89 #define SB_CTL_A 0x0000 /* RW - SB Control A */ 90 #define SB_CTL_B 0x0004 /* RW - SB Control B */ 91 #define SB_AES_INT 0x0008 /* RW - SB AES Interrupt */ 92 #define SB_SOURCE_A 0x0010 /* RW - Source A */ 93 #define SB_DEST_A 0x0014 /* RW - Destination A */ 94 #define SB_LENGTH_A 0x0018 /* RW - Length A */ 95 #define SB_SOURCE_B 0x0020 /* RW - Source B */ 96 #define SB_DEST_B 0x0024 /* RW - Destination B */ 97 #define SB_LENGTH_B 0x0028 /* RW - Length B */ 98 #define SB_WKEY 0x0030 /* WO - Writable Key 0-3 */ 99 #define SB_WKEY_0 0x0030 /* WO - Writable Key 0 */ 100 #define SB_WKEY_1 0x0034 /* WO - Writable Key 1 */ 101 #define SB_WKEY_2 0x0038 /* WO - Writable Key 2 */ 102 #define SB_WKEY_3 0x003C /* WO - Writable Key 3 */ 103 #define SB_CBC_IV 0x0040 /* RW - CBC IV 0-3 */ 104 #define SB_CBC_IV_0 0x0040 /* RW - CBC IV 0 */ 105 #define SB_CBC_IV_1 0x0044 /* RW - CBC IV 1 */ 106 #define SB_CBC_IV_2 0x0048 /* RW - CBC IV 2 */ 107 #define SB_CBC_IV_3 0x004C /* RW - CBC IV 3 */ 108 #define SB_RANDOM_NUM 0x0050 /* RW - Random Number */ 109 #define SB_RANDOM_NUM_STATUS 0x0054 /* RW - Random Number Status */ 110 #define SB_EEPROM_COMM 0x0800 /* RW - EEPROM Command */ 111 #define SB_EEPROM_ADDR 0x0804 /* RW - EEPROM Address */ 112 #define SB_EEPROM_DATA 0x0808 /* RW - EEPROM Data */ 113 #define SB_EEPROM_SEC_STATE 0x080C /* RW - EEPROM Security State */ 114 115 /* For SB_CTL_A and _B */ 116 #define SB_CTL_ST 0x0001 /* Start operation (enc/dec) */ 117 #define SB_CTL_ENC 0x0002 /* Encrypt (0 is decrypt) */ 118 #define SB_CTL_DEC 0x0000 /* Decrypt */ 119 #define SB_CTL_WK 0x0004 /* Use writable key (we set) */ 120 #define SB_CTL_DC 0x0008 /* Destination coherent */ 121 #define SB_CTL_SC 0x0010 /* Source coherent */ 122 #define SB_CTL_CBC 0x0020 /* CBC (0 is ECB) */ 123 124 /* For SB_AES_INT */ 125 #define SB_AI_DISABLE_AES_A 0x0001 /* Disable AES A compl int */ 126 #define SB_AI_ENABLE_AES_A 0x0000 /* Enable AES A compl int */ 127 #define SB_AI_DISABLE_AES_B 0x0002 /* Disable AES B compl int */ 128 #define SB_AI_ENABLE_AES_B 0x0000 /* Enable AES B compl int */ 129 #define SB_AI_DISABLE_EEPROM 0x0004 /* Disable EEPROM op comp int */ 130 #define SB_AI_ENABLE_EEPROM 0x0000 /* Enable EEPROM op compl int */ 131 #define SB_AI_AES_A_COMPLETE 0x10000 /* AES A operation complete */ 132 #define SB_AI_AES_B_COMPLETE 0x20000 /* AES B operation complete */ 133 #define SB_AI_EEPROM_COMPLETE 0x40000 /* EEPROM operation complete */ 134 135 #define SB_AI_CLEAR_INTR \ 136 (SB_AI_DISABLE_AES_A | SB_AI_DISABLE_AES_B |\ 137 SB_AI_DISABLE_EEPROM | SB_AI_AES_A_COMPLETE |\ 138 SB_AI_AES_B_COMPLETE | SB_AI_EEPROM_COMPLETE) 139 140 #define SB_RNS_TRNG_VALID 0x0001 /* in SB_RANDOM_NUM_STATUS */ 141 142 #define SB_MEM_SIZE 0x0810 /* Size of memory block */ 143 144 #define SB_AES_ALIGN 0x0010 /* Source and dest buffers */ 145 /* must be 16-byte aligned */ 146 #define SB_AES_BLOCK_SIZE 0x0010 147 148 /* 149 * The Geode LX security block AES acceleration doesn't perform scatter- 150 * gather: it just takes source and destination addresses. Therefore the 151 * plain- and ciphertexts need to be contiguous. To this end, we allocate 152 * a buffer for both, and accept the overhead of copying in and out. If 153 * the number of bytes in one operation is bigger than allowed for by the 154 * buffer (buffer is twice the size of the max length, as it has both input 155 * and output) then we have to perform multiple encryptions/decryptions. 156 */ 157 158 #define GLXSB_MAX_AES_LEN 16384 159 160 MALLOC_DEFINE(M_GLXSB, "glxsb_data", "Glxsb Data"); 161 162 struct glxsb_dma_map { 163 bus_dmamap_t dma_map; /* DMA map */ 164 bus_dma_segment_t dma_seg; /* segments */ 165 int dma_nsegs; /* #segments */ 166 int dma_size; /* size */ 167 caddr_t dma_vaddr; /* virtual address */ 168 bus_addr_t dma_paddr; /* physical address */ 169 }; 170 171 struct glxsb_taskop { 172 struct glxsb_session *to_ses; /* crypto session */ 173 struct cryptop *to_crp; /* cryptop to perfom */ 174 }; 175 176 struct glxsb_softc { 177 device_t sc_dev; /* device backpointer */ 178 struct resource *sc_sr; /* resource */ 179 int sc_rid; /* resource rid */ 180 struct callout sc_rngco; /* RNG callout */ 181 int sc_rnghz; /* RNG callout ticks */ 182 bus_dma_tag_t sc_dmat; /* DMA tag */ 183 struct glxsb_dma_map sc_dma; /* DMA map */ 184 int32_t sc_cid; /* crypto tag */ 185 struct mtx sc_task_mtx; /* task mutex */ 186 struct taskqueue *sc_tq; /* task queue */ 187 struct task sc_cryptotask; /* task */ 188 struct glxsb_taskop sc_to; /* task's crypto operation */ 189 int sc_task_count; /* tasks count */ 190 }; 191 192 static int glxsb_probe(device_t); 193 static int glxsb_attach(device_t); 194 static int glxsb_detach(device_t); 195 196 static void glxsb_dmamap_cb(void *, bus_dma_segment_t *, int, int); 197 static int glxsb_dma_alloc(struct glxsb_softc *); 198 static void glxsb_dma_pre_op(struct glxsb_softc *, struct glxsb_dma_map *); 199 static void glxsb_dma_post_op(struct glxsb_softc *, struct glxsb_dma_map *); 200 static void glxsb_dma_free(struct glxsb_softc *, struct glxsb_dma_map *); 201 202 static void glxsb_rnd(void *); 203 static int glxsb_crypto_setup(struct glxsb_softc *); 204 static int glxsb_crypto_probesession(device_t, 205 const struct crypto_session_params *); 206 static int glxsb_crypto_newsession(device_t, crypto_session_t, 207 const struct crypto_session_params *); 208 static void glxsb_crypto_freesession(device_t, crypto_session_t); 209 static int glxsb_aes(struct glxsb_softc *, uint32_t, uint32_t, 210 uint32_t, const void *, int, const void *); 211 212 static int glxsb_crypto_encdec(struct cryptop *, struct glxsb_session *, 213 struct glxsb_softc *); 214 215 static void glxsb_crypto_task(void *, int); 216 static int glxsb_crypto_process(device_t, struct cryptop *, int); 217 218 static device_method_t glxsb_methods[] = { 219 /* device interface */ 220 DEVMETHOD(device_probe, glxsb_probe), 221 DEVMETHOD(device_attach, glxsb_attach), 222 DEVMETHOD(device_detach, glxsb_detach), 223 224 /* crypto device methods */ 225 DEVMETHOD(cryptodev_probesession, glxsb_crypto_probesession), 226 DEVMETHOD(cryptodev_newsession, glxsb_crypto_newsession), 227 DEVMETHOD(cryptodev_freesession, glxsb_crypto_freesession), 228 DEVMETHOD(cryptodev_process, glxsb_crypto_process), 229 230 {0,0} 231 }; 232 233 static driver_t glxsb_driver = { 234 "glxsb", 235 glxsb_methods, 236 sizeof(struct glxsb_softc) 237 }; 238 239 DRIVER_MODULE(glxsb, pci, glxsb_driver, 0, 0); 240 MODULE_VERSION(glxsb, 1); 241 MODULE_DEPEND(glxsb, crypto, 1, 1, 1); 242 243 static int 244 glxsb_probe(device_t dev) 245 { 246 247 if (pci_get_vendor(dev) == PCI_VENDOR_AMD && 248 pci_get_device(dev) == PCI_PRODUCT_AMD_GEODE_LX_CRYPTO) { 249 device_set_desc(dev, 250 "AMD Geode LX Security Block (AES-128-CBC, RNG)"); 251 return (BUS_PROBE_DEFAULT); 252 } 253 254 return (ENXIO); 255 } 256 257 static int 258 glxsb_attach(device_t dev) 259 { 260 struct glxsb_softc *sc = device_get_softc(dev); 261 uint64_t msr; 262 263 sc->sc_dev = dev; 264 msr = rdmsr(SB_GLD_MSR_CAP); 265 266 if ((msr & 0xFFFF00) != 0x130400) { 267 device_printf(dev, "unknown ID 0x%x\n", 268 (int)((msr & 0xFFFF00) >> 16)); 269 return (ENXIO); 270 } 271 272 pci_enable_busmaster(dev); 273 274 /* Map in the security block configuration/control registers */ 275 sc->sc_rid = PCIR_BAR(0); 276 sc->sc_sr = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->sc_rid, 277 RF_ACTIVE); 278 if (sc->sc_sr == NULL) { 279 device_printf(dev, "cannot map register space\n"); 280 return (ENXIO); 281 } 282 283 /* 284 * Configure the Security Block. 285 * 286 * We want to enable the noise generator (T_NE), and enable the 287 * linear feedback shift register and whitener post-processing 288 * (T_SEL = 3). Also ensure that test mode (deterministic values) 289 * is disabled. 290 */ 291 msr = rdmsr(SB_GLD_MSR_CTRL); 292 msr &= ~(SB_GMC_T_TM | SB_GMC_T_SEL_MASK); 293 msr |= SB_GMC_T_NE | SB_GMC_T_SEL3; 294 #if 0 295 msr |= SB_GMC_SBI | SB_GMC_SBY; /* for AES, if necessary */ 296 #endif 297 wrmsr(SB_GLD_MSR_CTRL, msr); 298 299 /* Disable interrupts */ 300 bus_write_4(sc->sc_sr, SB_AES_INT, SB_AI_CLEAR_INTR); 301 302 /* Allocate a contiguous DMA-able buffer to work in */ 303 if (glxsb_dma_alloc(sc) != 0) 304 goto fail0; 305 306 /* Initialize our task queue */ 307 sc->sc_tq = taskqueue_create("glxsb_taskq", M_NOWAIT | M_ZERO, 308 taskqueue_thread_enqueue, &sc->sc_tq); 309 if (sc->sc_tq == NULL) { 310 device_printf(dev, "cannot create task queue\n"); 311 goto fail0; 312 } 313 if (taskqueue_start_threads(&sc->sc_tq, 1, PI_NET, "%s taskq", 314 device_get_nameunit(dev)) != 0) { 315 device_printf(dev, "cannot start task queue\n"); 316 goto fail1; 317 } 318 TASK_INIT(&sc->sc_cryptotask, 0, glxsb_crypto_task, sc); 319 320 /* Initialize crypto */ 321 if (glxsb_crypto_setup(sc) != 0) 322 goto fail1; 323 324 /* Install a periodic collector for the "true" (AMD's word) RNG */ 325 if (hz > 100) 326 sc->sc_rnghz = hz / 100; 327 else 328 sc->sc_rnghz = 1; 329 callout_init(&sc->sc_rngco, 1); 330 glxsb_rnd(sc); 331 332 return (0); 333 334 fail1: 335 taskqueue_free(sc->sc_tq); 336 fail0: 337 bus_release_resource(dev, SYS_RES_MEMORY, sc->sc_rid, sc->sc_sr); 338 return (ENXIO); 339 } 340 341 static int 342 glxsb_detach(device_t dev) 343 { 344 struct glxsb_softc *sc = device_get_softc(dev); 345 346 crypto_unregister_all(sc->sc_cid); 347 348 callout_drain(&sc->sc_rngco); 349 taskqueue_drain(sc->sc_tq, &sc->sc_cryptotask); 350 bus_generic_detach(dev); 351 glxsb_dma_free(sc, &sc->sc_dma); 352 bus_release_resource(dev, SYS_RES_MEMORY, sc->sc_rid, sc->sc_sr); 353 taskqueue_free(sc->sc_tq); 354 mtx_destroy(&sc->sc_task_mtx); 355 return (0); 356 } 357 358 /* 359 * callback for bus_dmamap_load() 360 */ 361 static void 362 glxsb_dmamap_cb(void *arg, bus_dma_segment_t *seg, int nseg, int error) 363 { 364 365 bus_addr_t *paddr = (bus_addr_t*) arg; 366 *paddr = seg[0].ds_addr; 367 } 368 369 static int 370 glxsb_dma_alloc(struct glxsb_softc *sc) 371 { 372 struct glxsb_dma_map *dma = &sc->sc_dma; 373 int rc; 374 375 dma->dma_nsegs = 1; 376 dma->dma_size = GLXSB_MAX_AES_LEN * 2; 377 378 /* Setup DMA descriptor area */ 379 rc = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), /* parent */ 380 SB_AES_ALIGN, 0, /* alignments, bounds */ 381 BUS_SPACE_MAXADDR_32BIT,/* lowaddr */ 382 BUS_SPACE_MAXADDR, /* highaddr */ 383 NULL, NULL, /* filter, filterarg */ 384 dma->dma_size, /* maxsize */ 385 dma->dma_nsegs, /* nsegments */ 386 dma->dma_size, /* maxsegsize */ 387 BUS_DMA_ALLOCNOW, /* flags */ 388 NULL, NULL, /* lockfunc, lockarg */ 389 &sc->sc_dmat); 390 if (rc != 0) { 391 device_printf(sc->sc_dev, 392 "cannot allocate DMA tag (%d)\n", rc); 393 return (rc); 394 } 395 396 rc = bus_dmamem_alloc(sc->sc_dmat, (void **)&dma->dma_vaddr, 397 BUS_DMA_NOWAIT, &dma->dma_map); 398 if (rc != 0) { 399 device_printf(sc->sc_dev, 400 "cannot allocate DMA memory of %d bytes (%d)\n", 401 dma->dma_size, rc); 402 goto fail0; 403 } 404 405 rc = bus_dmamap_load(sc->sc_dmat, dma->dma_map, dma->dma_vaddr, 406 dma->dma_size, glxsb_dmamap_cb, &dma->dma_paddr, BUS_DMA_NOWAIT); 407 if (rc != 0) { 408 device_printf(sc->sc_dev, 409 "cannot load DMA memory for %d bytes (%d)\n", 410 dma->dma_size, rc); 411 goto fail1; 412 } 413 414 return (0); 415 416 fail1: 417 bus_dmamem_free(sc->sc_dmat, dma->dma_vaddr, dma->dma_map); 418 fail0: 419 bus_dma_tag_destroy(sc->sc_dmat); 420 return (rc); 421 } 422 423 static void 424 glxsb_dma_pre_op(struct glxsb_softc *sc, struct glxsb_dma_map *dma) 425 { 426 427 bus_dmamap_sync(sc->sc_dmat, dma->dma_map, 428 BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); 429 } 430 431 static void 432 glxsb_dma_post_op(struct glxsb_softc *sc, struct glxsb_dma_map *dma) 433 { 434 435 bus_dmamap_sync(sc->sc_dmat, dma->dma_map, 436 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 437 } 438 439 static void 440 glxsb_dma_free(struct glxsb_softc *sc, struct glxsb_dma_map *dma) 441 { 442 443 bus_dmamap_unload(sc->sc_dmat, dma->dma_map); 444 bus_dmamem_free(sc->sc_dmat, dma->dma_vaddr, dma->dma_map); 445 bus_dma_tag_destroy(sc->sc_dmat); 446 } 447 448 static void 449 glxsb_rnd(void *v) 450 { 451 struct glxsb_softc *sc = v; 452 uint32_t status, value; 453 454 status = bus_read_4(sc->sc_sr, SB_RANDOM_NUM_STATUS); 455 if (status & SB_RNS_TRNG_VALID) { 456 value = bus_read_4(sc->sc_sr, SB_RANDOM_NUM); 457 /* feed with one uint32 */ 458 /* MarkM: FIX!! Check that this does not swamp the harvester! */ 459 random_harvest_queue(&value, sizeof(value), RANDOM_PURE_GLXSB); 460 } 461 462 callout_reset(&sc->sc_rngco, sc->sc_rnghz, glxsb_rnd, sc); 463 } 464 465 static int 466 glxsb_crypto_setup(struct glxsb_softc *sc) 467 { 468 469 sc->sc_cid = crypto_get_driverid(sc->sc_dev, 470 sizeof(struct glxsb_session), CRYPTOCAP_F_HARDWARE); 471 472 if (sc->sc_cid < 0) { 473 device_printf(sc->sc_dev, "cannot get crypto driver id\n"); 474 return (ENOMEM); 475 } 476 477 mtx_init(&sc->sc_task_mtx, "glxsb_crypto_mtx", NULL, MTX_DEF); 478 479 return (0); 480 } 481 482 static int 483 glxsb_crypto_probesession(device_t dev, const struct crypto_session_params *csp) 484 { 485 486 if (csp->csp_flags != 0) 487 return (EINVAL); 488 489 /* 490 * We only support HMAC algorithms to be able to work with 491 * ipsec(4), so if we are asked only for authentication without 492 * encryption, don't pretend we can accelerate it. 493 */ 494 switch (csp->csp_mode) { 495 case CSP_MODE_ETA: 496 switch (csp->csp_auth_alg) { 497 case CRYPTO_NULL_HMAC: 498 case CRYPTO_SHA1_HMAC: 499 case CRYPTO_RIPEMD160_HMAC: 500 case CRYPTO_SHA2_256_HMAC: 501 case CRYPTO_SHA2_384_HMAC: 502 case CRYPTO_SHA2_512_HMAC: 503 break; 504 default: 505 return (EINVAL); 506 } 507 /* FALLTHROUGH */ 508 case CSP_MODE_CIPHER: 509 switch (csp->csp_cipher_alg) { 510 case CRYPTO_AES_CBC: 511 if (csp->csp_cipher_klen * 8 != 128) 512 return (EINVAL); 513 break; 514 default: 515 return (EINVAL); 516 } 517 default: 518 return (EINVAL); 519 } 520 return (CRYPTODEV_PROBE_HARDWARE); 521 } 522 523 static int 524 glxsb_crypto_newsession(device_t dev, crypto_session_t cses, 525 const struct crypto_session_params *csp) 526 { 527 struct glxsb_softc *sc = device_get_softc(dev); 528 struct glxsb_session *ses; 529 int error; 530 531 ses = crypto_get_driver_session(cses); 532 533 /* Copy the key (Geode LX wants the primary key only) */ 534 if (csp->csp_cipher_key != NULL) 535 bcopy(csp->csp_cipher_key, ses->ses_key, sizeof(ses->ses_key)); 536 537 if (csp->csp_auth_alg != 0) { 538 error = glxsb_hash_setup(ses, csp); 539 if (error != 0) { 540 glxsb_crypto_freesession(sc->sc_dev, cses); 541 return (error); 542 } 543 } 544 545 return (0); 546 } 547 548 static void 549 glxsb_crypto_freesession(device_t dev, crypto_session_t cses) 550 { 551 struct glxsb_session *ses; 552 553 ses = crypto_get_driver_session(cses); 554 glxsb_hash_free(ses); 555 } 556 557 static int 558 glxsb_aes(struct glxsb_softc *sc, uint32_t control, uint32_t psrc, 559 uint32_t pdst, const void *key, int len, const void *iv) 560 { 561 uint32_t status; 562 int i; 563 564 if (len & 0xF) { 565 device_printf(sc->sc_dev, 566 "len must be a multiple of 16 (not %d)\n", len); 567 return (EINVAL); 568 } 569 570 /* Set the source */ 571 bus_write_4(sc->sc_sr, SB_SOURCE_A, psrc); 572 573 /* Set the destination address */ 574 bus_write_4(sc->sc_sr, SB_DEST_A, pdst); 575 576 /* Set the data length */ 577 bus_write_4(sc->sc_sr, SB_LENGTH_A, len); 578 579 /* Set the IV */ 580 if (iv != NULL) { 581 bus_write_region_4(sc->sc_sr, SB_CBC_IV, iv, 4); 582 control |= SB_CTL_CBC; 583 } 584 585 /* Set the key */ 586 bus_write_region_4(sc->sc_sr, SB_WKEY, key, 4); 587 588 /* Ask the security block to do it */ 589 bus_write_4(sc->sc_sr, SB_CTL_A, 590 control | SB_CTL_WK | SB_CTL_DC | SB_CTL_SC | SB_CTL_ST); 591 592 /* 593 * Now wait until it is done. 594 * 595 * We do a busy wait. Obviously the number of iterations of 596 * the loop required to perform the AES operation depends upon 597 * the number of bytes to process. 598 * 599 * On a 500 MHz Geode LX we see 600 * 601 * length (bytes) typical max iterations 602 * 16 12 603 * 64 22 604 * 256 59 605 * 1024 212 606 * 8192 1,537 607 * 608 * Since we have a maximum size of operation defined in 609 * GLXSB_MAX_AES_LEN, we use this constant to decide how long 610 * to wait. Allow an order of magnitude longer than it should 611 * really take, just in case. 612 */ 613 614 for (i = 0; i < GLXSB_MAX_AES_LEN * 10; i++) { 615 status = bus_read_4(sc->sc_sr, SB_CTL_A); 616 if ((status & SB_CTL_ST) == 0) /* Done */ 617 return (0); 618 } 619 620 device_printf(sc->sc_dev, "operation failed to complete\n"); 621 return (EIO); 622 } 623 624 static int 625 glxsb_crypto_encdec(struct cryptop *crp, struct glxsb_session *ses, 626 struct glxsb_softc *sc) 627 { 628 char *op_src, *op_dst; 629 const void *key; 630 uint32_t op_psrc, op_pdst; 631 uint8_t op_iv[SB_AES_BLOCK_SIZE]; 632 int error; 633 int len, tlen, xlen; 634 int offset; 635 uint32_t control; 636 637 if ((crp->crp_payload_length % SB_AES_BLOCK_SIZE) != 0) 638 return (EINVAL); 639 640 /* How much of our buffer will we need to use? */ 641 xlen = crp->crp_payload_length > GLXSB_MAX_AES_LEN ? 642 GLXSB_MAX_AES_LEN : crp->crp_payload_length; 643 644 /* 645 * XXX Check if we can have input == output on Geode LX. 646 * XXX In the meantime, use two separate (adjacent) buffers. 647 */ 648 op_src = sc->sc_dma.dma_vaddr; 649 op_dst = (char *)sc->sc_dma.dma_vaddr + xlen; 650 651 op_psrc = sc->sc_dma.dma_paddr; 652 op_pdst = sc->sc_dma.dma_paddr + xlen; 653 654 if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) 655 control = SB_CTL_ENC; 656 else 657 control = SB_CTL_DEC; 658 659 crypto_read_iv(crp, op_iv); 660 661 offset = 0; 662 tlen = crp->crp_payload_length; 663 664 if (crp->crp_cipher_key != NULL) 665 key = crp->crp_cipher_key; 666 else 667 key = ses->ses_key; 668 669 /* Process the data in GLXSB_MAX_AES_LEN chunks */ 670 while (tlen > 0) { 671 len = (tlen > GLXSB_MAX_AES_LEN) ? GLXSB_MAX_AES_LEN : tlen; 672 crypto_copydata(crp, crp->crp_payload_start + offset, len, 673 op_src); 674 675 glxsb_dma_pre_op(sc, &sc->sc_dma); 676 677 error = glxsb_aes(sc, control, op_psrc, op_pdst, key, len, 678 op_iv); 679 680 glxsb_dma_post_op(sc, &sc->sc_dma); 681 if (error != 0) 682 return (error); 683 684 crypto_copyback(crp, crp->crp_payload_start + offset, len, 685 op_dst); 686 687 offset += len; 688 tlen -= len; 689 690 /* 691 * Copy out last block for use as next iteration IV. 692 */ 693 if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) 694 bcopy(op_dst + len - sizeof(op_iv), op_iv, 695 sizeof(op_iv)); 696 else 697 bcopy(op_src + len - sizeof(op_iv), op_iv, 698 sizeof(op_iv)); 699 } /* while */ 700 701 /* All AES processing has now been done. */ 702 bzero(sc->sc_dma.dma_vaddr, xlen * 2); 703 704 return (0); 705 } 706 707 static void 708 glxsb_crypto_task(void *arg, int pending) 709 { 710 struct glxsb_softc *sc = arg; 711 const struct crypto_session_params *csp; 712 struct glxsb_session *ses; 713 struct cryptop *crp; 714 int error; 715 716 crp = sc->sc_to.to_crp; 717 ses = sc->sc_to.to_ses; 718 csp = crypto_get_params(crp->crp_session); 719 720 /* Perform data authentication if requested before encryption */ 721 if (csp->csp_mode == CSP_MODE_ETA && 722 !CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { 723 error = glxsb_hash_process(ses, csp, crp); 724 if (error != 0) 725 goto out; 726 } 727 728 error = glxsb_crypto_encdec(crp, ses, sc); 729 if (error != 0) 730 goto out; 731 732 /* Perform data authentication if requested after encryption */ 733 if (csp->csp_mode == CSP_MODE_ETA && 734 CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { 735 error = glxsb_hash_process(ses, csp, crp); 736 if (error != 0) 737 goto out; 738 } 739 out: 740 mtx_lock(&sc->sc_task_mtx); 741 sc->sc_task_count--; 742 mtx_unlock(&sc->sc_task_mtx); 743 744 crp->crp_etype = error; 745 crypto_unblock(sc->sc_cid, CRYPTO_SYMQ); 746 crypto_done(crp); 747 } 748 749 static int 750 glxsb_crypto_process(device_t dev, struct cryptop *crp, int hint) 751 { 752 struct glxsb_softc *sc = device_get_softc(dev); 753 struct glxsb_session *ses; 754 755 ses = crypto_get_driver_session(crp->crp_session); 756 757 mtx_lock(&sc->sc_task_mtx); 758 if (sc->sc_task_count != 0) { 759 mtx_unlock(&sc->sc_task_mtx); 760 return (ERESTART); 761 } 762 sc->sc_task_count++; 763 764 sc->sc_to.to_crp = crp; 765 sc->sc_to.to_ses = ses; 766 mtx_unlock(&sc->sc_task_mtx); 767 768 taskqueue_enqueue(sc->sc_tq, &sc->sc_cryptotask); 769 return(0); 770 } 771