xref: /freebsd/sys/dev/glxsb/glxsb.c (revision a0ee8cc636cd5c2374ec44ca71226564ea0bca95)
1 /* $OpenBSD: glxsb.c,v 1.7 2007/02/12 14:31:45 tom Exp $ */
2 
3 /*
4  * Copyright (c) 2006 Tom Cosgrove <tom@openbsd.org>
5  * Copyright (c) 2003, 2004 Theo de Raadt
6  * Copyright (c) 2003 Jason Wright
7  *
8  * Permission to use, copy, modify, and distribute this software for any
9  * purpose with or without fee is hereby granted, provided that the above
10  * copyright notice and this permission notice appear in all copies.
11  *
12  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19  */
20 
21 /*
22  * Driver for the security block on the AMD Geode LX processors
23  * http://www.amd.com/files/connectivitysolutions/geode/geode_lx/33234d_lx_ds.pdf
24  */
25 
26 #include <sys/cdefs.h>
27 __FBSDID("$FreeBSD$");
28 
29 #include <sys/param.h>
30 #include <sys/systm.h>
31 #include <sys/bus.h>
32 #include <sys/errno.h>
33 #include <sys/kernel.h>
34 #include <sys/lock.h>
35 #include <sys/malloc.h>
36 #include <sys/mbuf.h>
37 #include <sys/module.h>
38 #include <sys/mutex.h>
39 #include <sys/proc.h>
40 #include <sys/random.h>
41 #include <sys/rman.h>
42 #include <sys/rwlock.h>
43 #include <sys/sysctl.h>
44 #include <sys/taskqueue.h>
45 
46 #include <machine/bus.h>
47 #include <machine/cpufunc.h>
48 #include <machine/resource.h>
49 
50 #include <dev/pci/pcivar.h>
51 #include <dev/pci/pcireg.h>
52 
53 #include <opencrypto/cryptodev.h>
54 #include <opencrypto/cryptosoft.h>
55 #include <opencrypto/xform.h>
56 
57 #include "cryptodev_if.h"
58 #include "glxsb.h"
59 
60 #define PCI_VENDOR_AMD			0x1022	/* AMD */
61 #define PCI_PRODUCT_AMD_GEODE_LX_CRYPTO	0x2082	/* Geode LX Crypto */
62 
63 #define SB_GLD_MSR_CAP		0x58002000	/* RO - Capabilities */
64 #define SB_GLD_MSR_CONFIG	0x58002001	/* RW - Master Config */
65 #define SB_GLD_MSR_SMI		0x58002002	/* RW - SMI */
66 #define SB_GLD_MSR_ERROR	0x58002003	/* RW - Error */
67 #define SB_GLD_MSR_PM		0x58002004	/* RW - Power Mgmt */
68 #define SB_GLD_MSR_DIAG		0x58002005	/* RW - Diagnostic */
69 #define SB_GLD_MSR_CTRL		0x58002006	/* RW - Security Block Cntrl */
70 
71 						/* For GLD_MSR_CTRL: */
72 #define SB_GMC_DIV0		0x0000		/* AES update divisor values */
73 #define SB_GMC_DIV1		0x0001
74 #define SB_GMC_DIV2		0x0002
75 #define SB_GMC_DIV3		0x0003
76 #define SB_GMC_DIV_MASK		0x0003
77 #define SB_GMC_SBI		0x0004		/* AES swap bits */
78 #define SB_GMC_SBY		0x0008		/* AES swap bytes */
79 #define SB_GMC_TW		0x0010		/* Time write (EEPROM) */
80 #define SB_GMC_T_SEL0		0x0000		/* RNG post-proc: none */
81 #define SB_GMC_T_SEL1		0x0100		/* RNG post-proc: LFSR */
82 #define SB_GMC_T_SEL2		0x0200		/* RNG post-proc: whitener */
83 #define SB_GMC_T_SEL3		0x0300		/* RNG LFSR+whitener */
84 #define SB_GMC_T_SEL_MASK	0x0300
85 #define SB_GMC_T_NE		0x0400		/* Noise (generator) Enable */
86 #define SB_GMC_T_TM		0x0800		/* RNG test mode */
87 						/*     (deterministic) */
88 
89 /* Security Block configuration/control registers (offsets from base) */
90 #define SB_CTL_A		0x0000		/* RW - SB Control A */
91 #define SB_CTL_B		0x0004		/* RW - SB Control B */
92 #define SB_AES_INT		0x0008		/* RW - SB AES Interrupt */
93 #define SB_SOURCE_A		0x0010		/* RW - Source A */
94 #define SB_DEST_A		0x0014		/* RW - Destination A */
95 #define SB_LENGTH_A		0x0018		/* RW - Length A */
96 #define SB_SOURCE_B		0x0020		/* RW - Source B */
97 #define SB_DEST_B		0x0024		/* RW - Destination B */
98 #define SB_LENGTH_B		0x0028		/* RW - Length B */
99 #define SB_WKEY			0x0030		/* WO - Writable Key 0-3 */
100 #define SB_WKEY_0		0x0030		/* WO - Writable Key 0 */
101 #define SB_WKEY_1		0x0034		/* WO - Writable Key 1 */
102 #define SB_WKEY_2		0x0038		/* WO - Writable Key 2 */
103 #define SB_WKEY_3		0x003C		/* WO - Writable Key 3 */
104 #define SB_CBC_IV		0x0040		/* RW - CBC IV 0-3 */
105 #define SB_CBC_IV_0		0x0040		/* RW - CBC IV 0 */
106 #define SB_CBC_IV_1		0x0044		/* RW - CBC IV 1 */
107 #define SB_CBC_IV_2		0x0048		/* RW - CBC IV 2 */
108 #define SB_CBC_IV_3		0x004C		/* RW - CBC IV 3 */
109 #define SB_RANDOM_NUM		0x0050		/* RW - Random Number */
110 #define SB_RANDOM_NUM_STATUS	0x0054		/* RW - Random Number Status */
111 #define SB_EEPROM_COMM		0x0800		/* RW - EEPROM Command */
112 #define SB_EEPROM_ADDR		0x0804		/* RW - EEPROM Address */
113 #define SB_EEPROM_DATA		0x0808		/* RW - EEPROM Data */
114 #define SB_EEPROM_SEC_STATE	0x080C		/* RW - EEPROM Security State */
115 
116 						/* For SB_CTL_A and _B */
117 #define SB_CTL_ST		0x0001		/* Start operation (enc/dec) */
118 #define SB_CTL_ENC		0x0002		/* Encrypt (0 is decrypt) */
119 #define SB_CTL_DEC		0x0000		/* Decrypt */
120 #define SB_CTL_WK		0x0004		/* Use writable key (we set) */
121 #define SB_CTL_DC		0x0008		/* Destination coherent */
122 #define SB_CTL_SC		0x0010		/* Source coherent */
123 #define SB_CTL_CBC		0x0020		/* CBC (0 is ECB) */
124 
125 						/* For SB_AES_INT */
126 #define SB_AI_DISABLE_AES_A	0x0001		/* Disable AES A compl int */
127 #define SB_AI_ENABLE_AES_A	0x0000		/* Enable AES A compl int */
128 #define SB_AI_DISABLE_AES_B	0x0002		/* Disable AES B compl int */
129 #define SB_AI_ENABLE_AES_B	0x0000		/* Enable AES B compl int */
130 #define SB_AI_DISABLE_EEPROM	0x0004		/* Disable EEPROM op comp int */
131 #define SB_AI_ENABLE_EEPROM	0x0000		/* Enable EEPROM op compl int */
132 #define SB_AI_AES_A_COMPLETE   0x10000		/* AES A operation complete */
133 #define SB_AI_AES_B_COMPLETE   0x20000		/* AES B operation complete */
134 #define SB_AI_EEPROM_COMPLETE  0x40000		/* EEPROM operation complete */
135 
136 #define SB_AI_CLEAR_INTR \
137 	(SB_AI_DISABLE_AES_A | SB_AI_DISABLE_AES_B |\
138 	SB_AI_DISABLE_EEPROM | SB_AI_AES_A_COMPLETE |\
139 	SB_AI_AES_B_COMPLETE | SB_AI_EEPROM_COMPLETE)
140 
141 #define SB_RNS_TRNG_VALID	0x0001		/* in SB_RANDOM_NUM_STATUS */
142 
143 #define SB_MEM_SIZE		0x0810		/* Size of memory block */
144 
145 #define SB_AES_ALIGN		0x0010		/* Source and dest buffers */
146 						/* must be 16-byte aligned */
147 #define SB_AES_BLOCK_SIZE	0x0010
148 
149 /*
150  * The Geode LX security block AES acceleration doesn't perform scatter-
151  * gather: it just takes source and destination addresses.  Therefore the
152  * plain- and ciphertexts need to be contiguous.  To this end, we allocate
153  * a buffer for both, and accept the overhead of copying in and out.  If
154  * the number of bytes in one operation is bigger than allowed for by the
155  * buffer (buffer is twice the size of the max length, as it has both input
156  * and output) then we have to perform multiple encryptions/decryptions.
157  */
158 
159 #define GLXSB_MAX_AES_LEN	16384
160 
161 MALLOC_DEFINE(M_GLXSB, "glxsb_data", "Glxsb Data");
162 
163 struct glxsb_dma_map {
164 	bus_dmamap_t		dma_map;	/* DMA map */
165 	bus_dma_segment_t	dma_seg;	/* segments */
166 	int			dma_nsegs;	/* #segments */
167 	int			dma_size;	/* size */
168 	caddr_t			dma_vaddr;	/* virtual address */
169 	bus_addr_t		dma_paddr;	/* physical address */
170 };
171 
172 struct glxsb_taskop {
173 	struct glxsb_session	*to_ses;	/* crypto session */
174 	struct cryptop		*to_crp;	/* cryptop to perfom */
175 	struct cryptodesc	*to_enccrd;	/* enccrd to perform */
176 	struct cryptodesc	*to_maccrd;	/* maccrd to perform */
177 };
178 
179 struct glxsb_softc {
180 	device_t		sc_dev;		/* device backpointer */
181 	struct resource		*sc_sr;		/* resource */
182 	int			sc_rid;		/* resource rid */
183 	struct callout		sc_rngco;	/* RNG callout */
184 	int			sc_rnghz;	/* RNG callout ticks */
185 	bus_dma_tag_t		sc_dmat;	/* DMA tag */
186 	struct glxsb_dma_map	sc_dma;		/* DMA map */
187 	int32_t			sc_cid;		/* crypto tag */
188 	uint32_t		sc_sid;		/* session id */
189 	TAILQ_HEAD(ses_head, glxsb_session)
190 				sc_sessions;	/* crypto sessions */
191 	struct rwlock		sc_sessions_lock;/* sessions lock */
192 	struct mtx		sc_task_mtx;	/* task mutex */
193 	struct taskqueue	*sc_tq;		/* task queue */
194 	struct task		sc_cryptotask;	/* task */
195 	struct glxsb_taskop	sc_to;		/* task's crypto operation */
196 	int			sc_task_count;	/* tasks count */
197 };
198 
199 static int glxsb_probe(device_t);
200 static int glxsb_attach(device_t);
201 static int glxsb_detach(device_t);
202 
203 static void glxsb_dmamap_cb(void *, bus_dma_segment_t *, int, int);
204 static int  glxsb_dma_alloc(struct glxsb_softc *);
205 static void glxsb_dma_pre_op(struct glxsb_softc *, struct glxsb_dma_map *);
206 static void glxsb_dma_post_op(struct glxsb_softc *, struct glxsb_dma_map *);
207 static void glxsb_dma_free(struct glxsb_softc *, struct glxsb_dma_map *);
208 
209 static void glxsb_rnd(void *);
210 static int  glxsb_crypto_setup(struct glxsb_softc *);
211 static int  glxsb_crypto_newsession(device_t, uint32_t *, struct cryptoini *);
212 static int  glxsb_crypto_freesession(device_t, uint64_t);
213 static int  glxsb_aes(struct glxsb_softc *, uint32_t, uint32_t,
214 	uint32_t, void *, int, void *);
215 
216 static int  glxsb_crypto_encdec(struct cryptop *, struct cryptodesc *,
217 	struct glxsb_session *, struct glxsb_softc *);
218 
219 static void glxsb_crypto_task(void *, int);
220 static int  glxsb_crypto_process(device_t, struct cryptop *, int);
221 
222 static device_method_t glxsb_methods[] = {
223 	/* device interface */
224 	DEVMETHOD(device_probe,		glxsb_probe),
225 	DEVMETHOD(device_attach,	glxsb_attach),
226 	DEVMETHOD(device_detach,	glxsb_detach),
227 
228 	/* crypto device methods */
229 	DEVMETHOD(cryptodev_newsession,		glxsb_crypto_newsession),
230 	DEVMETHOD(cryptodev_freesession,	glxsb_crypto_freesession),
231 	DEVMETHOD(cryptodev_process,		glxsb_crypto_process),
232 
233 	{0,0}
234 };
235 
236 static driver_t glxsb_driver = {
237 	"glxsb",
238 	glxsb_methods,
239 	sizeof(struct glxsb_softc)
240 };
241 
242 static devclass_t glxsb_devclass;
243 
244 DRIVER_MODULE(glxsb, pci, glxsb_driver, glxsb_devclass, 0, 0);
245 MODULE_VERSION(glxsb, 1);
246 MODULE_DEPEND(glxsb, crypto, 1, 1, 1);
247 
248 static int
249 glxsb_probe(device_t dev)
250 {
251 
252 	if (pci_get_vendor(dev) == PCI_VENDOR_AMD &&
253 	    pci_get_device(dev) == PCI_PRODUCT_AMD_GEODE_LX_CRYPTO) {
254 		device_set_desc(dev,
255 		    "AMD Geode LX Security Block (AES-128-CBC, RNG)");
256 		return (BUS_PROBE_DEFAULT);
257 	}
258 
259 	return (ENXIO);
260 }
261 
262 static int
263 glxsb_attach(device_t dev)
264 {
265 	struct glxsb_softc *sc = device_get_softc(dev);
266 	uint64_t msr;
267 
268 	sc->sc_dev = dev;
269 	msr = rdmsr(SB_GLD_MSR_CAP);
270 
271 	if ((msr & 0xFFFF00) != 0x130400) {
272 		device_printf(dev, "unknown ID 0x%x\n",
273 		    (int)((msr & 0xFFFF00) >> 16));
274 		return (ENXIO);
275 	}
276 
277 	pci_enable_busmaster(dev);
278 
279 	/* Map in the security block configuration/control registers */
280 	sc->sc_rid = PCIR_BAR(0);
281 	sc->sc_sr = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->sc_rid,
282 	    RF_ACTIVE);
283 	if (sc->sc_sr == NULL) {
284 		device_printf(dev, "cannot map register space\n");
285 		return (ENXIO);
286 	}
287 
288 	/*
289 	 * Configure the Security Block.
290 	 *
291 	 * We want to enable the noise generator (T_NE), and enable the
292 	 * linear feedback shift register and whitener post-processing
293 	 * (T_SEL = 3).  Also ensure that test mode (deterministic values)
294 	 * is disabled.
295 	 */
296 	msr = rdmsr(SB_GLD_MSR_CTRL);
297 	msr &= ~(SB_GMC_T_TM | SB_GMC_T_SEL_MASK);
298 	msr |= SB_GMC_T_NE | SB_GMC_T_SEL3;
299 #if 0
300 	msr |= SB_GMC_SBI | SB_GMC_SBY;		/* for AES, if necessary */
301 #endif
302 	wrmsr(SB_GLD_MSR_CTRL, msr);
303 
304 	/* Disable interrupts */
305 	bus_write_4(sc->sc_sr, SB_AES_INT, SB_AI_CLEAR_INTR);
306 
307 	/* Allocate a contiguous DMA-able buffer to work in */
308 	if (glxsb_dma_alloc(sc) != 0)
309 		goto fail0;
310 
311 	/* Initialize our task queue */
312 	sc->sc_tq = taskqueue_create("glxsb_taskq", M_NOWAIT | M_ZERO,
313 	    taskqueue_thread_enqueue, &sc->sc_tq);
314 	if (sc->sc_tq == NULL) {
315 		device_printf(dev, "cannot create task queue\n");
316 		goto fail0;
317 	}
318 	if (taskqueue_start_threads(&sc->sc_tq, 1, PI_NET, "%s taskq",
319 	    device_get_nameunit(dev)) != 0) {
320 		device_printf(dev, "cannot start task queue\n");
321 		goto fail1;
322 	}
323 	TASK_INIT(&sc->sc_cryptotask, 0, glxsb_crypto_task, sc);
324 
325 	/* Initialize crypto */
326 	if (glxsb_crypto_setup(sc) != 0)
327 		goto fail1;
328 
329 	/* Install a periodic collector for the "true" (AMD's word) RNG */
330 	if (hz > 100)
331 		sc->sc_rnghz = hz / 100;
332 	else
333 		sc->sc_rnghz = 1;
334 	callout_init(&sc->sc_rngco, 1);
335 	glxsb_rnd(sc);
336 
337 	return (0);
338 
339 fail1:
340 	taskqueue_free(sc->sc_tq);
341 fail0:
342 	bus_release_resource(dev, SYS_RES_MEMORY, sc->sc_rid, sc->sc_sr);
343 	return (ENXIO);
344 }
345 
346 static int
347 glxsb_detach(device_t dev)
348 {
349 	struct glxsb_softc *sc = device_get_softc(dev);
350 	struct glxsb_session *ses;
351 
352 	rw_wlock(&sc->sc_sessions_lock);
353 	TAILQ_FOREACH(ses, &sc->sc_sessions, ses_next) {
354 		if (ses->ses_used) {
355 			rw_wunlock(&sc->sc_sessions_lock);
356 			device_printf(dev,
357 				"cannot detach, sessions still active.\n");
358 			return (EBUSY);
359 		}
360 	}
361 	while (!TAILQ_EMPTY(&sc->sc_sessions)) {
362 		ses = TAILQ_FIRST(&sc->sc_sessions);
363 		TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
364 		free(ses, M_GLXSB);
365 	}
366 	rw_wunlock(&sc->sc_sessions_lock);
367 	crypto_unregister_all(sc->sc_cid);
368 	callout_drain(&sc->sc_rngco);
369 	taskqueue_drain(sc->sc_tq, &sc->sc_cryptotask);
370 	bus_generic_detach(dev);
371 	glxsb_dma_free(sc, &sc->sc_dma);
372 	bus_release_resource(dev, SYS_RES_MEMORY, sc->sc_rid, sc->sc_sr);
373 	taskqueue_free(sc->sc_tq);
374 	rw_destroy(&sc->sc_sessions_lock);
375 	mtx_destroy(&sc->sc_task_mtx);
376 	return (0);
377 }
378 
379 /*
380  *	callback for bus_dmamap_load()
381  */
382 static void
383 glxsb_dmamap_cb(void *arg, bus_dma_segment_t *seg, int nseg, int error)
384 {
385 
386 	bus_addr_t *paddr = (bus_addr_t*) arg;
387 	*paddr = seg[0].ds_addr;
388 }
389 
390 static int
391 glxsb_dma_alloc(struct glxsb_softc *sc)
392 {
393 	struct glxsb_dma_map *dma = &sc->sc_dma;
394 	int rc;
395 
396 	dma->dma_nsegs = 1;
397 	dma->dma_size = GLXSB_MAX_AES_LEN * 2;
398 
399 	/* Setup DMA descriptor area */
400 	rc = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev),	/* parent */
401 				SB_AES_ALIGN, 0,	/* alignments, bounds */
402 				BUS_SPACE_MAXADDR_32BIT,/* lowaddr */
403 				BUS_SPACE_MAXADDR,	/* highaddr */
404 				NULL, NULL,		/* filter, filterarg */
405 				dma->dma_size,		/* maxsize */
406 				dma->dma_nsegs,		/* nsegments */
407 				dma->dma_size,		/* maxsegsize */
408 				BUS_DMA_ALLOCNOW,	/* flags */
409 				NULL, NULL,		/* lockfunc, lockarg */
410 				&sc->sc_dmat);
411 	if (rc != 0) {
412 		device_printf(sc->sc_dev,
413 		    "cannot allocate DMA tag (%d)\n", rc);
414 		return (rc);
415 	}
416 
417 	rc = bus_dmamem_alloc(sc->sc_dmat, (void **)&dma->dma_vaddr,
418 	    BUS_DMA_NOWAIT, &dma->dma_map);
419 	if (rc != 0) {
420 		device_printf(sc->sc_dev,
421 		    "cannot allocate DMA memory of %d bytes (%d)\n",
422 			dma->dma_size, rc);
423 		goto fail0;
424 	}
425 
426 	rc = bus_dmamap_load(sc->sc_dmat, dma->dma_map, dma->dma_vaddr,
427 	    dma->dma_size, glxsb_dmamap_cb, &dma->dma_paddr, BUS_DMA_NOWAIT);
428 	if (rc != 0) {
429 		device_printf(sc->sc_dev,
430 		    "cannot load DMA memory for %d bytes (%d)\n",
431 		   dma->dma_size, rc);
432 		goto fail1;
433 	}
434 
435 	return (0);
436 
437 fail1:
438 	bus_dmamem_free(sc->sc_dmat, dma->dma_vaddr, dma->dma_map);
439 fail0:
440 	bus_dma_tag_destroy(sc->sc_dmat);
441 	return (rc);
442 }
443 
444 static void
445 glxsb_dma_pre_op(struct glxsb_softc *sc, struct glxsb_dma_map *dma)
446 {
447 
448 	bus_dmamap_sync(sc->sc_dmat, dma->dma_map,
449 	    BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
450 }
451 
452 static void
453 glxsb_dma_post_op(struct glxsb_softc *sc, struct glxsb_dma_map *dma)
454 {
455 
456 	bus_dmamap_sync(sc->sc_dmat, dma->dma_map,
457 	    BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
458 }
459 
460 static void
461 glxsb_dma_free(struct glxsb_softc *sc, struct glxsb_dma_map *dma)
462 {
463 
464 	bus_dmamap_unload(sc->sc_dmat, dma->dma_map);
465 	bus_dmamem_free(sc->sc_dmat, dma->dma_vaddr, dma->dma_map);
466 	bus_dma_tag_destroy(sc->sc_dmat);
467 }
468 
469 static void
470 glxsb_rnd(void *v)
471 {
472 	struct glxsb_softc *sc = v;
473 	uint32_t status, value;
474 
475 	status = bus_read_4(sc->sc_sr, SB_RANDOM_NUM_STATUS);
476 	if (status & SB_RNS_TRNG_VALID) {
477 		value = bus_read_4(sc->sc_sr, SB_RANDOM_NUM);
478 		/* feed with one uint32 */
479 		/* MarkM: FIX!! Check that this does not swamp the harvester! */
480 		random_harvest_queue(&value, sizeof(value), 32/2, RANDOM_PURE_GLXSB);
481 	}
482 
483 	callout_reset(&sc->sc_rngco, sc->sc_rnghz, glxsb_rnd, sc);
484 }
485 
486 static int
487 glxsb_crypto_setup(struct glxsb_softc *sc)
488 {
489 
490 	sc->sc_cid = crypto_get_driverid(sc->sc_dev, CRYPTOCAP_F_HARDWARE);
491 
492 	if (sc->sc_cid < 0) {
493 		device_printf(sc->sc_dev, "cannot get crypto driver id\n");
494 		return (ENOMEM);
495 	}
496 
497 	TAILQ_INIT(&sc->sc_sessions);
498 	sc->sc_sid = 1;
499 	rw_init(&sc->sc_sessions_lock, "glxsb_sessions_lock");
500 	mtx_init(&sc->sc_task_mtx, "glxsb_crypto_mtx", NULL, MTX_DEF);
501 
502 	if (crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0) != 0)
503 		goto crypto_fail;
504 	if (crypto_register(sc->sc_cid, CRYPTO_NULL_HMAC, 0, 0) != 0)
505 		goto crypto_fail;
506 	if (crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0) != 0)
507 		goto crypto_fail;
508 	if (crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0) != 0)
509 		goto crypto_fail;
510 	if (crypto_register(sc->sc_cid, CRYPTO_RIPEMD160_HMAC, 0, 0) != 0)
511 		goto crypto_fail;
512 	if (crypto_register(sc->sc_cid, CRYPTO_SHA2_256_HMAC, 0, 0) != 0)
513 		goto crypto_fail;
514 	if (crypto_register(sc->sc_cid, CRYPTO_SHA2_384_HMAC, 0, 0) != 0)
515 		goto crypto_fail;
516 	if (crypto_register(sc->sc_cid, CRYPTO_SHA2_512_HMAC, 0, 0) != 0)
517 		goto crypto_fail;
518 
519 	return (0);
520 
521 crypto_fail:
522 	device_printf(sc->sc_dev, "cannot register crypto\n");
523 	crypto_unregister_all(sc->sc_cid);
524 	rw_destroy(&sc->sc_sessions_lock);
525 	mtx_destroy(&sc->sc_task_mtx);
526 	return (ENOMEM);
527 }
528 
529 static int
530 glxsb_crypto_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
531 {
532 	struct glxsb_softc *sc = device_get_softc(dev);
533 	struct glxsb_session *ses = NULL;
534 	struct cryptoini *encini, *macini;
535 	int error;
536 
537 	if (sc == NULL || sidp == NULL || cri == NULL)
538 		return (EINVAL);
539 
540 	encini = macini = NULL;
541 	for (; cri != NULL; cri = cri->cri_next) {
542 		switch(cri->cri_alg) {
543 		case CRYPTO_NULL_HMAC:
544 		case CRYPTO_MD5_HMAC:
545 		case CRYPTO_SHA1_HMAC:
546 		case CRYPTO_RIPEMD160_HMAC:
547 		case CRYPTO_SHA2_256_HMAC:
548 		case CRYPTO_SHA2_384_HMAC:
549 		case CRYPTO_SHA2_512_HMAC:
550 			if (macini != NULL)
551 				return (EINVAL);
552 			macini = cri;
553 			break;
554 		case CRYPTO_AES_CBC:
555 			if (encini != NULL)
556 				return (EINVAL);
557 			encini = cri;
558 			break;
559 		default:
560 			return (EINVAL);
561 		}
562 	}
563 
564 	/*
565 	 * We only support HMAC algorithms to be able to work with
566 	 * ipsec(4), so if we are asked only for authentication without
567 	 * encryption, don't pretend we can accellerate it.
568 	 */
569 	if (encini == NULL)
570 		return (EINVAL);
571 
572 	/*
573 	 * Look for a free session
574 	 *
575 	 * Free sessions goes first, so if first session is used, we need to
576 	 * allocate one.
577 	 */
578 
579 	rw_wlock(&sc->sc_sessions_lock);
580 	ses = TAILQ_FIRST(&sc->sc_sessions);
581 	if (ses == NULL || ses->ses_used) {
582 		ses = malloc(sizeof(*ses), M_GLXSB, M_NOWAIT | M_ZERO);
583 		if (ses == NULL) {
584 			rw_wunlock(&sc->sc_sessions_lock);
585 			return (ENOMEM);
586 		}
587 		ses->ses_id = sc->sc_sid++;
588 	} else {
589 		TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
590 	}
591 	ses->ses_used = 1;
592 	TAILQ_INSERT_TAIL(&sc->sc_sessions, ses, ses_next);
593 	rw_wunlock(&sc->sc_sessions_lock);
594 
595 	if (encini->cri_alg == CRYPTO_AES_CBC) {
596 		if (encini->cri_klen != 128) {
597 			glxsb_crypto_freesession(sc->sc_dev, ses->ses_id);
598 			return (EINVAL);
599 		}
600 		arc4rand(ses->ses_iv, sizeof(ses->ses_iv), 0);
601 		ses->ses_klen = encini->cri_klen;
602 
603 		/* Copy the key (Geode LX wants the primary key only) */
604 		bcopy(encini->cri_key, ses->ses_key, sizeof(ses->ses_key));
605 	}
606 
607 	if (macini != NULL) {
608 		error = glxsb_hash_setup(ses, macini);
609 		if (error != 0) {
610 			glxsb_crypto_freesession(sc->sc_dev, ses->ses_id);
611 			return (error);
612 		}
613 	}
614 
615 	*sidp = ses->ses_id;
616 	return (0);
617 }
618 
619 static int
620 glxsb_crypto_freesession(device_t dev, uint64_t tid)
621 {
622 	struct glxsb_softc *sc = device_get_softc(dev);
623 	struct glxsb_session *ses = NULL;
624 	uint32_t sid = ((uint32_t)tid) & 0xffffffff;
625 
626 	if (sc == NULL)
627 		return (EINVAL);
628 
629 	rw_wlock(&sc->sc_sessions_lock);
630 	TAILQ_FOREACH_REVERSE(ses, &sc->sc_sessions, ses_head, ses_next) {
631 		if (ses->ses_id == sid)
632 			break;
633 	}
634 	if (ses == NULL) {
635 		rw_wunlock(&sc->sc_sessions_lock);
636 		return (EINVAL);
637 	}
638 	TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
639 	glxsb_hash_free(ses);
640 	bzero(ses, sizeof(*ses));
641 	ses->ses_used = 0;
642 	ses->ses_id = sid;
643 	TAILQ_INSERT_HEAD(&sc->sc_sessions, ses, ses_next);
644 	rw_wunlock(&sc->sc_sessions_lock);
645 
646 	return (0);
647 }
648 
649 static int
650 glxsb_aes(struct glxsb_softc *sc, uint32_t control, uint32_t psrc,
651     uint32_t pdst, void *key, int len, void *iv)
652 {
653 	uint32_t status;
654 	int i;
655 
656 	if (len & 0xF) {
657 		device_printf(sc->sc_dev,
658 		    "len must be a multiple of 16 (not %d)\n", len);
659 		return (EINVAL);
660 	}
661 
662 	/* Set the source */
663 	bus_write_4(sc->sc_sr, SB_SOURCE_A, psrc);
664 
665 	/* Set the destination address */
666 	bus_write_4(sc->sc_sr, SB_DEST_A, pdst);
667 
668 	/* Set the data length */
669 	bus_write_4(sc->sc_sr, SB_LENGTH_A, len);
670 
671 	/* Set the IV */
672 	if (iv != NULL) {
673 		bus_write_region_4(sc->sc_sr, SB_CBC_IV, iv, 4);
674 		control |= SB_CTL_CBC;
675 	}
676 
677 	/* Set the key */
678 	bus_write_region_4(sc->sc_sr, SB_WKEY, key, 4);
679 
680 	/* Ask the security block to do it */
681 	bus_write_4(sc->sc_sr, SB_CTL_A,
682 	    control | SB_CTL_WK | SB_CTL_DC | SB_CTL_SC | SB_CTL_ST);
683 
684 	/*
685 	 * Now wait until it is done.
686 	 *
687 	 * We do a busy wait.  Obviously the number of iterations of
688 	 * the loop required to perform the AES operation depends upon
689 	 * the number of bytes to process.
690 	 *
691 	 * On a 500 MHz Geode LX we see
692 	 *
693 	 *	length (bytes)	typical max iterations
694 	 *	    16		   12
695 	 *	    64		   22
696 	 *	   256		   59
697 	 *	  1024		  212
698 	 *	  8192		1,537
699 	 *
700 	 * Since we have a maximum size of operation defined in
701 	 * GLXSB_MAX_AES_LEN, we use this constant to decide how long
702 	 * to wait.  Allow an order of magnitude longer than it should
703 	 * really take, just in case.
704 	 */
705 
706 	for (i = 0; i < GLXSB_MAX_AES_LEN * 10; i++) {
707 		status = bus_read_4(sc->sc_sr, SB_CTL_A);
708 		if ((status & SB_CTL_ST) == 0)		/* Done */
709 			return (0);
710 	}
711 
712 	device_printf(sc->sc_dev, "operation failed to complete\n");
713 	return (EIO);
714 }
715 
716 static int
717 glxsb_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd,
718     struct glxsb_session *ses, struct glxsb_softc *sc)
719 {
720 	char *op_src, *op_dst;
721 	uint32_t op_psrc, op_pdst;
722 	uint8_t op_iv[SB_AES_BLOCK_SIZE], *piv;
723 	int error;
724 	int len, tlen, xlen;
725 	int offset;
726 	uint32_t control;
727 
728 	if (crd == NULL || (crd->crd_len % SB_AES_BLOCK_SIZE) != 0)
729 		return (EINVAL);
730 
731 	/* How much of our buffer will we need to use? */
732 	xlen = crd->crd_len > GLXSB_MAX_AES_LEN ?
733 	    GLXSB_MAX_AES_LEN : crd->crd_len;
734 
735 	/*
736 	 * XXX Check if we can have input == output on Geode LX.
737 	 * XXX In the meantime, use two separate (adjacent) buffers.
738 	 */
739 	op_src = sc->sc_dma.dma_vaddr;
740 	op_dst = (char *)sc->sc_dma.dma_vaddr + xlen;
741 
742 	op_psrc = sc->sc_dma.dma_paddr;
743 	op_pdst = sc->sc_dma.dma_paddr + xlen;
744 
745 	if (crd->crd_flags & CRD_F_ENCRYPT) {
746 		control = SB_CTL_ENC;
747 		if (crd->crd_flags & CRD_F_IV_EXPLICIT)
748 			bcopy(crd->crd_iv, op_iv, sizeof(op_iv));
749 		else
750 			bcopy(ses->ses_iv, op_iv, sizeof(op_iv));
751 
752 		if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) {
753 			crypto_copyback(crp->crp_flags, crp->crp_buf,
754 			    crd->crd_inject, sizeof(op_iv), op_iv);
755 		}
756 	} else {
757 		control = SB_CTL_DEC;
758 		if (crd->crd_flags & CRD_F_IV_EXPLICIT)
759 			bcopy(crd->crd_iv, op_iv, sizeof(op_iv));
760 		else {
761 			crypto_copydata(crp->crp_flags, crp->crp_buf,
762 			    crd->crd_inject, sizeof(op_iv), op_iv);
763 		}
764 	}
765 
766 	offset = 0;
767 	tlen = crd->crd_len;
768 	piv = op_iv;
769 
770 	/* Process the data in GLXSB_MAX_AES_LEN chunks */
771 	while (tlen > 0) {
772 		len = (tlen > GLXSB_MAX_AES_LEN) ? GLXSB_MAX_AES_LEN : tlen;
773 		crypto_copydata(crp->crp_flags, crp->crp_buf,
774 		    crd->crd_skip + offset, len, op_src);
775 
776 		glxsb_dma_pre_op(sc, &sc->sc_dma);
777 
778 		error = glxsb_aes(sc, control, op_psrc, op_pdst, ses->ses_key,
779 		    len, op_iv);
780 
781 		glxsb_dma_post_op(sc, &sc->sc_dma);
782 		if (error != 0)
783 			return (error);
784 
785 		crypto_copyback(crp->crp_flags, crp->crp_buf,
786 		    crd->crd_skip + offset, len, op_dst);
787 
788 		offset += len;
789 		tlen -= len;
790 
791 		if (tlen <= 0) {	/* Ideally, just == 0 */
792 			/* Finished - put the IV in session IV */
793 			piv = ses->ses_iv;
794 		}
795 
796 		/*
797 		 * Copy out last block for use as next iteration/session IV.
798 		 *
799 		 * piv is set to op_iv[] before the loop starts, but is
800 		 * set to ses->ses_iv if we're going to exit the loop this
801 		 * time.
802 		 */
803 		if (crd->crd_flags & CRD_F_ENCRYPT)
804 			bcopy(op_dst + len - sizeof(op_iv), piv, sizeof(op_iv));
805 		else {
806 			/* Decryption, only need this if another iteration */
807 			if (tlen > 0) {
808 				bcopy(op_src + len - sizeof(op_iv), piv,
809 				    sizeof(op_iv));
810 			}
811 		}
812 	} /* while */
813 
814 	/* All AES processing has now been done. */
815 	bzero(sc->sc_dma.dma_vaddr, xlen * 2);
816 
817 	return (0);
818 }
819 
820 static void
821 glxsb_crypto_task(void *arg, int pending)
822 {
823 	struct glxsb_softc *sc = arg;
824 	struct glxsb_session *ses;
825 	struct cryptop *crp;
826 	struct cryptodesc *enccrd, *maccrd;
827 	int error;
828 
829 	maccrd = sc->sc_to.to_maccrd;
830 	enccrd = sc->sc_to.to_enccrd;
831 	crp = sc->sc_to.to_crp;
832 	ses = sc->sc_to.to_ses;
833 
834 	/* Perform data authentication if requested before encryption */
835 	if (maccrd != NULL && maccrd->crd_next == enccrd) {
836 		error = glxsb_hash_process(ses, maccrd, crp);
837 		if (error != 0)
838 			goto out;
839 	}
840 
841 	error = glxsb_crypto_encdec(crp, enccrd, ses, sc);
842 	if (error != 0)
843 		goto out;
844 
845 	/* Perform data authentication if requested after encryption */
846 	if (maccrd != NULL && enccrd->crd_next == maccrd) {
847 		error = glxsb_hash_process(ses, maccrd, crp);
848 		if (error != 0)
849 			goto out;
850 	}
851 out:
852 	mtx_lock(&sc->sc_task_mtx);
853 	sc->sc_task_count--;
854 	mtx_unlock(&sc->sc_task_mtx);
855 
856 	crp->crp_etype = error;
857 	crypto_unblock(sc->sc_cid, CRYPTO_SYMQ);
858 	crypto_done(crp);
859 }
860 
861 static int
862 glxsb_crypto_process(device_t dev, struct cryptop *crp, int hint)
863 {
864 	struct glxsb_softc *sc = device_get_softc(dev);
865 	struct glxsb_session *ses;
866 	struct cryptodesc *crd, *enccrd, *maccrd;
867 	uint32_t sid;
868 	int error = 0;
869 
870 	enccrd = maccrd = NULL;
871 
872 	/* Sanity check. */
873 	if (crp == NULL)
874 		return (EINVAL);
875 
876 	if (crp->crp_callback == NULL || crp->crp_desc == NULL) {
877 		error = EINVAL;
878 		goto fail;
879 	}
880 
881 	for (crd = crp->crp_desc; crd != NULL; crd = crd->crd_next) {
882 		switch (crd->crd_alg) {
883 		case CRYPTO_NULL_HMAC:
884 		case CRYPTO_MD5_HMAC:
885 		case CRYPTO_SHA1_HMAC:
886 		case CRYPTO_RIPEMD160_HMAC:
887 		case CRYPTO_SHA2_256_HMAC:
888 		case CRYPTO_SHA2_384_HMAC:
889 		case CRYPTO_SHA2_512_HMAC:
890 			if (maccrd != NULL) {
891 				error = EINVAL;
892 				goto fail;
893 			}
894 			maccrd = crd;
895 			break;
896 		case CRYPTO_AES_CBC:
897 			if (enccrd != NULL) {
898 				error = EINVAL;
899 				goto fail;
900 			}
901 			enccrd = crd;
902 			break;
903 		default:
904 			error = EINVAL;
905 			goto fail;
906 		}
907 	}
908 
909 	if (enccrd == NULL || enccrd->crd_len % AES_BLOCK_LEN != 0) {
910 		error = EINVAL;
911 		goto fail;
912 	}
913 
914 	sid = crp->crp_sid & 0xffffffff;
915 	rw_rlock(&sc->sc_sessions_lock);
916 	TAILQ_FOREACH_REVERSE(ses, &sc->sc_sessions, ses_head, ses_next) {
917 		if (ses->ses_id == sid)
918 			break;
919 	}
920 	rw_runlock(&sc->sc_sessions_lock);
921 	if (ses == NULL || !ses->ses_used) {
922 		error = EINVAL;
923 		goto fail;
924 	}
925 
926 	mtx_lock(&sc->sc_task_mtx);
927 	if (sc->sc_task_count != 0) {
928 		mtx_unlock(&sc->sc_task_mtx);
929 		return (ERESTART);
930 	}
931 	sc->sc_task_count++;
932 
933 	sc->sc_to.to_maccrd = maccrd;
934 	sc->sc_to.to_enccrd = enccrd;
935 	sc->sc_to.to_crp = crp;
936 	sc->sc_to.to_ses = ses;
937 	mtx_unlock(&sc->sc_task_mtx);
938 
939 	taskqueue_enqueue(sc->sc_tq, &sc->sc_cryptotask);
940 	return(0);
941 
942 fail:
943 	crp->crp_etype = error;
944 	crypto_done(crp);
945 	return (error);
946 }
947