1 /* $OpenBSD: glxsb.c,v 1.7 2007/02/12 14:31:45 tom Exp $ */ 2 3 /* 4 * Copyright (c) 2006 Tom Cosgrove <tom@openbsd.org> 5 * Copyright (c) 2003, 2004 Theo de Raadt 6 * Copyright (c) 2003 Jason Wright 7 * 8 * Permission to use, copy, modify, and distribute this software for any 9 * purpose with or without fee is hereby granted, provided that the above 10 * copyright notice and this permission notice appear in all copies. 11 * 12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 */ 20 21 /* 22 * Driver for the security block on the AMD Geode LX processors 23 * http://www.amd.com/files/connectivitysolutions/geode/geode_lx/33234d_lx_ds.pdf 24 */ 25 26 #include <sys/cdefs.h> 27 __FBSDID("$FreeBSD$"); 28 29 #include <sys/param.h> 30 #include <sys/systm.h> 31 #include <sys/bus.h> 32 #include <sys/errno.h> 33 #include <sys/kernel.h> 34 #include <sys/lock.h> 35 #include <sys/malloc.h> 36 #include <sys/mbuf.h> 37 #include <sys/module.h> 38 #include <sys/mutex.h> 39 #include <sys/proc.h> 40 #include <sys/random.h> 41 #include <sys/rman.h> 42 #include <sys/rwlock.h> 43 #include <sys/sysctl.h> 44 #include <sys/taskqueue.h> 45 46 #include <machine/bus.h> 47 #include <machine/cpufunc.h> 48 #include <machine/resource.h> 49 50 #include <dev/pci/pcivar.h> 51 #include <dev/pci/pcireg.h> 52 53 #include <opencrypto/cryptodev.h> 54 #include <opencrypto/cryptosoft.h> 55 #include <opencrypto/xform.h> 56 57 #include "cryptodev_if.h" 58 #include "glxsb.h" 59 60 #define PCI_VENDOR_AMD 0x1022 /* AMD */ 61 #define PCI_PRODUCT_AMD_GEODE_LX_CRYPTO 0x2082 /* Geode LX Crypto */ 62 63 #define SB_GLD_MSR_CAP 0x58002000 /* RO - Capabilities */ 64 #define SB_GLD_MSR_CONFIG 0x58002001 /* RW - Master Config */ 65 #define SB_GLD_MSR_SMI 0x58002002 /* RW - SMI */ 66 #define SB_GLD_MSR_ERROR 0x58002003 /* RW - Error */ 67 #define SB_GLD_MSR_PM 0x58002004 /* RW - Power Mgmt */ 68 #define SB_GLD_MSR_DIAG 0x58002005 /* RW - Diagnostic */ 69 #define SB_GLD_MSR_CTRL 0x58002006 /* RW - Security Block Cntrl */ 70 71 /* For GLD_MSR_CTRL: */ 72 #define SB_GMC_DIV0 0x0000 /* AES update divisor values */ 73 #define SB_GMC_DIV1 0x0001 74 #define SB_GMC_DIV2 0x0002 75 #define SB_GMC_DIV3 0x0003 76 #define SB_GMC_DIV_MASK 0x0003 77 #define SB_GMC_SBI 0x0004 /* AES swap bits */ 78 #define SB_GMC_SBY 0x0008 /* AES swap bytes */ 79 #define SB_GMC_TW 0x0010 /* Time write (EEPROM) */ 80 #define SB_GMC_T_SEL0 0x0000 /* RNG post-proc: none */ 81 #define SB_GMC_T_SEL1 0x0100 /* RNG post-proc: LFSR */ 82 #define SB_GMC_T_SEL2 0x0200 /* RNG post-proc: whitener */ 83 #define SB_GMC_T_SEL3 0x0300 /* RNG LFSR+whitener */ 84 #define SB_GMC_T_SEL_MASK 0x0300 85 #define SB_GMC_T_NE 0x0400 /* Noise (generator) Enable */ 86 #define SB_GMC_T_TM 0x0800 /* RNG test mode */ 87 /* (deterministic) */ 88 89 /* Security Block configuration/control registers (offsets from base) */ 90 #define SB_CTL_A 0x0000 /* RW - SB Control A */ 91 #define SB_CTL_B 0x0004 /* RW - SB Control B */ 92 #define SB_AES_INT 0x0008 /* RW - SB AES Interrupt */ 93 #define SB_SOURCE_A 0x0010 /* RW - Source A */ 94 #define SB_DEST_A 0x0014 /* RW - Destination A */ 95 #define SB_LENGTH_A 0x0018 /* RW - Length A */ 96 #define SB_SOURCE_B 0x0020 /* RW - Source B */ 97 #define SB_DEST_B 0x0024 /* RW - Destination B */ 98 #define SB_LENGTH_B 0x0028 /* RW - Length B */ 99 #define SB_WKEY 0x0030 /* WO - Writable Key 0-3 */ 100 #define SB_WKEY_0 0x0030 /* WO - Writable Key 0 */ 101 #define SB_WKEY_1 0x0034 /* WO - Writable Key 1 */ 102 #define SB_WKEY_2 0x0038 /* WO - Writable Key 2 */ 103 #define SB_WKEY_3 0x003C /* WO - Writable Key 3 */ 104 #define SB_CBC_IV 0x0040 /* RW - CBC IV 0-3 */ 105 #define SB_CBC_IV_0 0x0040 /* RW - CBC IV 0 */ 106 #define SB_CBC_IV_1 0x0044 /* RW - CBC IV 1 */ 107 #define SB_CBC_IV_2 0x0048 /* RW - CBC IV 2 */ 108 #define SB_CBC_IV_3 0x004C /* RW - CBC IV 3 */ 109 #define SB_RANDOM_NUM 0x0050 /* RW - Random Number */ 110 #define SB_RANDOM_NUM_STATUS 0x0054 /* RW - Random Number Status */ 111 #define SB_EEPROM_COMM 0x0800 /* RW - EEPROM Command */ 112 #define SB_EEPROM_ADDR 0x0804 /* RW - EEPROM Address */ 113 #define SB_EEPROM_DATA 0x0808 /* RW - EEPROM Data */ 114 #define SB_EEPROM_SEC_STATE 0x080C /* RW - EEPROM Security State */ 115 116 /* For SB_CTL_A and _B */ 117 #define SB_CTL_ST 0x0001 /* Start operation (enc/dec) */ 118 #define SB_CTL_ENC 0x0002 /* Encrypt (0 is decrypt) */ 119 #define SB_CTL_DEC 0x0000 /* Decrypt */ 120 #define SB_CTL_WK 0x0004 /* Use writable key (we set) */ 121 #define SB_CTL_DC 0x0008 /* Destination coherent */ 122 #define SB_CTL_SC 0x0010 /* Source coherent */ 123 #define SB_CTL_CBC 0x0020 /* CBC (0 is ECB) */ 124 125 /* For SB_AES_INT */ 126 #define SB_AI_DISABLE_AES_A 0x0001 /* Disable AES A compl int */ 127 #define SB_AI_ENABLE_AES_A 0x0000 /* Enable AES A compl int */ 128 #define SB_AI_DISABLE_AES_B 0x0002 /* Disable AES B compl int */ 129 #define SB_AI_ENABLE_AES_B 0x0000 /* Enable AES B compl int */ 130 #define SB_AI_DISABLE_EEPROM 0x0004 /* Disable EEPROM op comp int */ 131 #define SB_AI_ENABLE_EEPROM 0x0000 /* Enable EEPROM op compl int */ 132 #define SB_AI_AES_A_COMPLETE 0x10000 /* AES A operation complete */ 133 #define SB_AI_AES_B_COMPLETE 0x20000 /* AES B operation complete */ 134 #define SB_AI_EEPROM_COMPLETE 0x40000 /* EEPROM operation complete */ 135 136 #define SB_AI_CLEAR_INTR \ 137 (SB_AI_DISABLE_AES_A | SB_AI_DISABLE_AES_B |\ 138 SB_AI_DISABLE_EEPROM | SB_AI_AES_A_COMPLETE |\ 139 SB_AI_AES_B_COMPLETE | SB_AI_EEPROM_COMPLETE) 140 141 #define SB_RNS_TRNG_VALID 0x0001 /* in SB_RANDOM_NUM_STATUS */ 142 143 #define SB_MEM_SIZE 0x0810 /* Size of memory block */ 144 145 #define SB_AES_ALIGN 0x0010 /* Source and dest buffers */ 146 /* must be 16-byte aligned */ 147 #define SB_AES_BLOCK_SIZE 0x0010 148 149 /* 150 * The Geode LX security block AES acceleration doesn't perform scatter- 151 * gather: it just takes source and destination addresses. Therefore the 152 * plain- and ciphertexts need to be contiguous. To this end, we allocate 153 * a buffer for both, and accept the overhead of copying in and out. If 154 * the number of bytes in one operation is bigger than allowed for by the 155 * buffer (buffer is twice the size of the max length, as it has both input 156 * and output) then we have to perform multiple encryptions/decryptions. 157 */ 158 159 #define GLXSB_MAX_AES_LEN 16384 160 161 MALLOC_DEFINE(M_GLXSB, "glxsb_data", "Glxsb Data"); 162 163 struct glxsb_dma_map { 164 bus_dmamap_t dma_map; /* DMA map */ 165 bus_dma_segment_t dma_seg; /* segments */ 166 int dma_nsegs; /* #segments */ 167 int dma_size; /* size */ 168 caddr_t dma_vaddr; /* virtual address */ 169 bus_addr_t dma_paddr; /* physical address */ 170 }; 171 172 struct glxsb_taskop { 173 struct glxsb_session *to_ses; /* crypto session */ 174 struct cryptop *to_crp; /* cryptop to perfom */ 175 struct cryptodesc *to_enccrd; /* enccrd to perform */ 176 struct cryptodesc *to_maccrd; /* maccrd to perform */ 177 }; 178 179 struct glxsb_softc { 180 device_t sc_dev; /* device backpointer */ 181 struct resource *sc_sr; /* resource */ 182 int sc_rid; /* resource rid */ 183 struct callout sc_rngco; /* RNG callout */ 184 int sc_rnghz; /* RNG callout ticks */ 185 bus_dma_tag_t sc_dmat; /* DMA tag */ 186 struct glxsb_dma_map sc_dma; /* DMA map */ 187 int32_t sc_cid; /* crypto tag */ 188 uint32_t sc_sid; /* session id */ 189 TAILQ_HEAD(ses_head, glxsb_session) 190 sc_sessions; /* crypto sessions */ 191 struct rwlock sc_sessions_lock;/* sessions lock */ 192 struct mtx sc_task_mtx; /* task mutex */ 193 struct taskqueue *sc_tq; /* task queue */ 194 struct task sc_cryptotask; /* task */ 195 struct glxsb_taskop sc_to; /* task's crypto operation */ 196 int sc_task_count; /* tasks count */ 197 }; 198 199 static int glxsb_probe(device_t); 200 static int glxsb_attach(device_t); 201 static int glxsb_detach(device_t); 202 203 static void glxsb_dmamap_cb(void *, bus_dma_segment_t *, int, int); 204 static int glxsb_dma_alloc(struct glxsb_softc *); 205 static void glxsb_dma_pre_op(struct glxsb_softc *, struct glxsb_dma_map *); 206 static void glxsb_dma_post_op(struct glxsb_softc *, struct glxsb_dma_map *); 207 static void glxsb_dma_free(struct glxsb_softc *, struct glxsb_dma_map *); 208 209 static void glxsb_rnd(void *); 210 static int glxsb_crypto_setup(struct glxsb_softc *); 211 static int glxsb_crypto_newsession(device_t, uint32_t *, struct cryptoini *); 212 static int glxsb_crypto_freesession(device_t, uint64_t); 213 static int glxsb_aes(struct glxsb_softc *, uint32_t, uint32_t, 214 uint32_t, void *, int, void *); 215 216 static int glxsb_crypto_encdec(struct cryptop *, struct cryptodesc *, 217 struct glxsb_session *, struct glxsb_softc *); 218 219 static void glxsb_crypto_task(void *, int); 220 static int glxsb_crypto_process(device_t, struct cryptop *, int); 221 222 static device_method_t glxsb_methods[] = { 223 /* device interface */ 224 DEVMETHOD(device_probe, glxsb_probe), 225 DEVMETHOD(device_attach, glxsb_attach), 226 DEVMETHOD(device_detach, glxsb_detach), 227 228 /* crypto device methods */ 229 DEVMETHOD(cryptodev_newsession, glxsb_crypto_newsession), 230 DEVMETHOD(cryptodev_freesession, glxsb_crypto_freesession), 231 DEVMETHOD(cryptodev_process, glxsb_crypto_process), 232 233 {0,0} 234 }; 235 236 static driver_t glxsb_driver = { 237 "glxsb", 238 glxsb_methods, 239 sizeof(struct glxsb_softc) 240 }; 241 242 static devclass_t glxsb_devclass; 243 244 DRIVER_MODULE(glxsb, pci, glxsb_driver, glxsb_devclass, 0, 0); 245 MODULE_VERSION(glxsb, 1); 246 MODULE_DEPEND(glxsb, crypto, 1, 1, 1); 247 248 static int 249 glxsb_probe(device_t dev) 250 { 251 252 if (pci_get_vendor(dev) == PCI_VENDOR_AMD && 253 pci_get_device(dev) == PCI_PRODUCT_AMD_GEODE_LX_CRYPTO) { 254 device_set_desc(dev, 255 "AMD Geode LX Security Block (AES-128-CBC, RNG)"); 256 return (BUS_PROBE_DEFAULT); 257 } 258 259 return (ENXIO); 260 } 261 262 static int 263 glxsb_attach(device_t dev) 264 { 265 struct glxsb_softc *sc = device_get_softc(dev); 266 uint64_t msr; 267 268 sc->sc_dev = dev; 269 msr = rdmsr(SB_GLD_MSR_CAP); 270 271 if ((msr & 0xFFFF00) != 0x130400) { 272 device_printf(dev, "unknown ID 0x%x\n", 273 (int)((msr & 0xFFFF00) >> 16)); 274 return (ENXIO); 275 } 276 277 pci_enable_busmaster(dev); 278 279 /* Map in the security block configuration/control registers */ 280 sc->sc_rid = PCIR_BAR(0); 281 sc->sc_sr = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->sc_rid, 282 RF_ACTIVE); 283 if (sc->sc_sr == NULL) { 284 device_printf(dev, "cannot map register space\n"); 285 return (ENXIO); 286 } 287 288 /* 289 * Configure the Security Block. 290 * 291 * We want to enable the noise generator (T_NE), and enable the 292 * linear feedback shift register and whitener post-processing 293 * (T_SEL = 3). Also ensure that test mode (deterministic values) 294 * is disabled. 295 */ 296 msr = rdmsr(SB_GLD_MSR_CTRL); 297 msr &= ~(SB_GMC_T_TM | SB_GMC_T_SEL_MASK); 298 msr |= SB_GMC_T_NE | SB_GMC_T_SEL3; 299 #if 0 300 msr |= SB_GMC_SBI | SB_GMC_SBY; /* for AES, if necessary */ 301 #endif 302 wrmsr(SB_GLD_MSR_CTRL, msr); 303 304 /* Disable interrupts */ 305 bus_write_4(sc->sc_sr, SB_AES_INT, SB_AI_CLEAR_INTR); 306 307 /* Allocate a contiguous DMA-able buffer to work in */ 308 if (glxsb_dma_alloc(sc) != 0) 309 goto fail0; 310 311 /* Initialize our task queue */ 312 sc->sc_tq = taskqueue_create("glxsb_taskq", M_NOWAIT | M_ZERO, 313 taskqueue_thread_enqueue, &sc->sc_tq); 314 if (sc->sc_tq == NULL) { 315 device_printf(dev, "cannot create task queue\n"); 316 goto fail0; 317 } 318 if (taskqueue_start_threads(&sc->sc_tq, 1, PI_NET, "%s taskq", 319 device_get_nameunit(dev)) != 0) { 320 device_printf(dev, "cannot start task queue\n"); 321 goto fail1; 322 } 323 TASK_INIT(&sc->sc_cryptotask, 0, glxsb_crypto_task, sc); 324 325 /* Initialize crypto */ 326 if (glxsb_crypto_setup(sc) != 0) 327 goto fail1; 328 329 /* Install a periodic collector for the "true" (AMD's word) RNG */ 330 if (hz > 100) 331 sc->sc_rnghz = hz / 100; 332 else 333 sc->sc_rnghz = 1; 334 callout_init(&sc->sc_rngco, 1); 335 glxsb_rnd(sc); 336 337 return (0); 338 339 fail1: 340 taskqueue_free(sc->sc_tq); 341 fail0: 342 bus_release_resource(dev, SYS_RES_MEMORY, sc->sc_rid, sc->sc_sr); 343 return (ENXIO); 344 } 345 346 static int 347 glxsb_detach(device_t dev) 348 { 349 struct glxsb_softc *sc = device_get_softc(dev); 350 struct glxsb_session *ses; 351 352 rw_wlock(&sc->sc_sessions_lock); 353 TAILQ_FOREACH(ses, &sc->sc_sessions, ses_next) { 354 if (ses->ses_used) { 355 rw_wunlock(&sc->sc_sessions_lock); 356 device_printf(dev, 357 "cannot detach, sessions still active.\n"); 358 return (EBUSY); 359 } 360 } 361 while (!TAILQ_EMPTY(&sc->sc_sessions)) { 362 ses = TAILQ_FIRST(&sc->sc_sessions); 363 TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next); 364 free(ses, M_GLXSB); 365 } 366 rw_wunlock(&sc->sc_sessions_lock); 367 crypto_unregister_all(sc->sc_cid); 368 callout_drain(&sc->sc_rngco); 369 taskqueue_drain(sc->sc_tq, &sc->sc_cryptotask); 370 bus_generic_detach(dev); 371 glxsb_dma_free(sc, &sc->sc_dma); 372 bus_release_resource(dev, SYS_RES_MEMORY, sc->sc_rid, sc->sc_sr); 373 taskqueue_free(sc->sc_tq); 374 rw_destroy(&sc->sc_sessions_lock); 375 mtx_destroy(&sc->sc_task_mtx); 376 return (0); 377 } 378 379 /* 380 * callback for bus_dmamap_load() 381 */ 382 static void 383 glxsb_dmamap_cb(void *arg, bus_dma_segment_t *seg, int nseg, int error) 384 { 385 386 bus_addr_t *paddr = (bus_addr_t*) arg; 387 *paddr = seg[0].ds_addr; 388 } 389 390 static int 391 glxsb_dma_alloc(struct glxsb_softc *sc) 392 { 393 struct glxsb_dma_map *dma = &sc->sc_dma; 394 int rc; 395 396 dma->dma_nsegs = 1; 397 dma->dma_size = GLXSB_MAX_AES_LEN * 2; 398 399 /* Setup DMA descriptor area */ 400 rc = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), /* parent */ 401 SB_AES_ALIGN, 0, /* alignments, bounds */ 402 BUS_SPACE_MAXADDR_32BIT,/* lowaddr */ 403 BUS_SPACE_MAXADDR, /* highaddr */ 404 NULL, NULL, /* filter, filterarg */ 405 dma->dma_size, /* maxsize */ 406 dma->dma_nsegs, /* nsegments */ 407 dma->dma_size, /* maxsegsize */ 408 BUS_DMA_ALLOCNOW, /* flags */ 409 NULL, NULL, /* lockfunc, lockarg */ 410 &sc->sc_dmat); 411 if (rc != 0) { 412 device_printf(sc->sc_dev, 413 "cannot allocate DMA tag (%d)\n", rc); 414 return (rc); 415 } 416 417 rc = bus_dmamem_alloc(sc->sc_dmat, (void **)&dma->dma_vaddr, 418 BUS_DMA_NOWAIT, &dma->dma_map); 419 if (rc != 0) { 420 device_printf(sc->sc_dev, 421 "cannot allocate DMA memory of %d bytes (%d)\n", 422 dma->dma_size, rc); 423 goto fail0; 424 } 425 426 rc = bus_dmamap_load(sc->sc_dmat, dma->dma_map, dma->dma_vaddr, 427 dma->dma_size, glxsb_dmamap_cb, &dma->dma_paddr, BUS_DMA_NOWAIT); 428 if (rc != 0) { 429 device_printf(sc->sc_dev, 430 "cannot load DMA memory for %d bytes (%d)\n", 431 dma->dma_size, rc); 432 goto fail1; 433 } 434 435 return (0); 436 437 fail1: 438 bus_dmamem_free(sc->sc_dmat, dma->dma_vaddr, dma->dma_map); 439 fail0: 440 bus_dma_tag_destroy(sc->sc_dmat); 441 return (rc); 442 } 443 444 static void 445 glxsb_dma_pre_op(struct glxsb_softc *sc, struct glxsb_dma_map *dma) 446 { 447 448 bus_dmamap_sync(sc->sc_dmat, dma->dma_map, 449 BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); 450 } 451 452 static void 453 glxsb_dma_post_op(struct glxsb_softc *sc, struct glxsb_dma_map *dma) 454 { 455 456 bus_dmamap_sync(sc->sc_dmat, dma->dma_map, 457 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 458 } 459 460 static void 461 glxsb_dma_free(struct glxsb_softc *sc, struct glxsb_dma_map *dma) 462 { 463 464 bus_dmamap_unload(sc->sc_dmat, dma->dma_map); 465 bus_dmamem_free(sc->sc_dmat, dma->dma_vaddr, dma->dma_map); 466 bus_dma_tag_destroy(sc->sc_dmat); 467 } 468 469 static void 470 glxsb_rnd(void *v) 471 { 472 struct glxsb_softc *sc = v; 473 uint32_t status, value; 474 475 status = bus_read_4(sc->sc_sr, SB_RANDOM_NUM_STATUS); 476 if (status & SB_RNS_TRNG_VALID) { 477 value = bus_read_4(sc->sc_sr, SB_RANDOM_NUM); 478 /* feed with one uint32 */ 479 /* MarkM: FIX!! Check that this does not swamp the harvester! */ 480 random_harvest_queue(&value, sizeof(value), 32/2, RANDOM_PURE_GLXSB); 481 } 482 483 callout_reset(&sc->sc_rngco, sc->sc_rnghz, glxsb_rnd, sc); 484 } 485 486 static int 487 glxsb_crypto_setup(struct glxsb_softc *sc) 488 { 489 490 sc->sc_cid = crypto_get_driverid(sc->sc_dev, CRYPTOCAP_F_HARDWARE); 491 492 if (sc->sc_cid < 0) { 493 device_printf(sc->sc_dev, "cannot get crypto driver id\n"); 494 return (ENOMEM); 495 } 496 497 TAILQ_INIT(&sc->sc_sessions); 498 sc->sc_sid = 1; 499 rw_init(&sc->sc_sessions_lock, "glxsb_sessions_lock"); 500 mtx_init(&sc->sc_task_mtx, "glxsb_crypto_mtx", NULL, MTX_DEF); 501 502 if (crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0) != 0) 503 goto crypto_fail; 504 if (crypto_register(sc->sc_cid, CRYPTO_NULL_HMAC, 0, 0) != 0) 505 goto crypto_fail; 506 if (crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0) != 0) 507 goto crypto_fail; 508 if (crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0) != 0) 509 goto crypto_fail; 510 if (crypto_register(sc->sc_cid, CRYPTO_RIPEMD160_HMAC, 0, 0) != 0) 511 goto crypto_fail; 512 if (crypto_register(sc->sc_cid, CRYPTO_SHA2_256_HMAC, 0, 0) != 0) 513 goto crypto_fail; 514 if (crypto_register(sc->sc_cid, CRYPTO_SHA2_384_HMAC, 0, 0) != 0) 515 goto crypto_fail; 516 if (crypto_register(sc->sc_cid, CRYPTO_SHA2_512_HMAC, 0, 0) != 0) 517 goto crypto_fail; 518 519 return (0); 520 521 crypto_fail: 522 device_printf(sc->sc_dev, "cannot register crypto\n"); 523 crypto_unregister_all(sc->sc_cid); 524 rw_destroy(&sc->sc_sessions_lock); 525 mtx_destroy(&sc->sc_task_mtx); 526 return (ENOMEM); 527 } 528 529 static int 530 glxsb_crypto_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri) 531 { 532 struct glxsb_softc *sc = device_get_softc(dev); 533 struct glxsb_session *ses = NULL; 534 struct cryptoini *encini, *macini; 535 int error; 536 537 if (sc == NULL || sidp == NULL || cri == NULL) 538 return (EINVAL); 539 540 encini = macini = NULL; 541 for (; cri != NULL; cri = cri->cri_next) { 542 switch(cri->cri_alg) { 543 case CRYPTO_NULL_HMAC: 544 case CRYPTO_MD5_HMAC: 545 case CRYPTO_SHA1_HMAC: 546 case CRYPTO_RIPEMD160_HMAC: 547 case CRYPTO_SHA2_256_HMAC: 548 case CRYPTO_SHA2_384_HMAC: 549 case CRYPTO_SHA2_512_HMAC: 550 if (macini != NULL) 551 return (EINVAL); 552 macini = cri; 553 break; 554 case CRYPTO_AES_CBC: 555 if (encini != NULL) 556 return (EINVAL); 557 encini = cri; 558 break; 559 default: 560 return (EINVAL); 561 } 562 } 563 564 /* 565 * We only support HMAC algorithms to be able to work with 566 * ipsec(4), so if we are asked only for authentication without 567 * encryption, don't pretend we can accellerate it. 568 */ 569 if (encini == NULL) 570 return (EINVAL); 571 572 /* 573 * Look for a free session 574 * 575 * Free sessions goes first, so if first session is used, we need to 576 * allocate one. 577 */ 578 579 rw_wlock(&sc->sc_sessions_lock); 580 ses = TAILQ_FIRST(&sc->sc_sessions); 581 if (ses == NULL || ses->ses_used) { 582 ses = malloc(sizeof(*ses), M_GLXSB, M_NOWAIT | M_ZERO); 583 if (ses == NULL) { 584 rw_wunlock(&sc->sc_sessions_lock); 585 return (ENOMEM); 586 } 587 ses->ses_id = sc->sc_sid++; 588 } else { 589 TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next); 590 } 591 ses->ses_used = 1; 592 TAILQ_INSERT_TAIL(&sc->sc_sessions, ses, ses_next); 593 rw_wunlock(&sc->sc_sessions_lock); 594 595 if (encini->cri_alg == CRYPTO_AES_CBC) { 596 if (encini->cri_klen != 128) { 597 glxsb_crypto_freesession(sc->sc_dev, ses->ses_id); 598 return (EINVAL); 599 } 600 arc4rand(ses->ses_iv, sizeof(ses->ses_iv), 0); 601 ses->ses_klen = encini->cri_klen; 602 603 /* Copy the key (Geode LX wants the primary key only) */ 604 bcopy(encini->cri_key, ses->ses_key, sizeof(ses->ses_key)); 605 } 606 607 if (macini != NULL) { 608 error = glxsb_hash_setup(ses, macini); 609 if (error != 0) { 610 glxsb_crypto_freesession(sc->sc_dev, ses->ses_id); 611 return (error); 612 } 613 } 614 615 *sidp = ses->ses_id; 616 return (0); 617 } 618 619 static int 620 glxsb_crypto_freesession(device_t dev, uint64_t tid) 621 { 622 struct glxsb_softc *sc = device_get_softc(dev); 623 struct glxsb_session *ses = NULL; 624 uint32_t sid = ((uint32_t)tid) & 0xffffffff; 625 626 if (sc == NULL) 627 return (EINVAL); 628 629 rw_wlock(&sc->sc_sessions_lock); 630 TAILQ_FOREACH_REVERSE(ses, &sc->sc_sessions, ses_head, ses_next) { 631 if (ses->ses_id == sid) 632 break; 633 } 634 if (ses == NULL) { 635 rw_wunlock(&sc->sc_sessions_lock); 636 return (EINVAL); 637 } 638 TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next); 639 glxsb_hash_free(ses); 640 bzero(ses, sizeof(*ses)); 641 ses->ses_used = 0; 642 ses->ses_id = sid; 643 TAILQ_INSERT_HEAD(&sc->sc_sessions, ses, ses_next); 644 rw_wunlock(&sc->sc_sessions_lock); 645 646 return (0); 647 } 648 649 static int 650 glxsb_aes(struct glxsb_softc *sc, uint32_t control, uint32_t psrc, 651 uint32_t pdst, void *key, int len, void *iv) 652 { 653 uint32_t status; 654 int i; 655 656 if (len & 0xF) { 657 device_printf(sc->sc_dev, 658 "len must be a multiple of 16 (not %d)\n", len); 659 return (EINVAL); 660 } 661 662 /* Set the source */ 663 bus_write_4(sc->sc_sr, SB_SOURCE_A, psrc); 664 665 /* Set the destination address */ 666 bus_write_4(sc->sc_sr, SB_DEST_A, pdst); 667 668 /* Set the data length */ 669 bus_write_4(sc->sc_sr, SB_LENGTH_A, len); 670 671 /* Set the IV */ 672 if (iv != NULL) { 673 bus_write_region_4(sc->sc_sr, SB_CBC_IV, iv, 4); 674 control |= SB_CTL_CBC; 675 } 676 677 /* Set the key */ 678 bus_write_region_4(sc->sc_sr, SB_WKEY, key, 4); 679 680 /* Ask the security block to do it */ 681 bus_write_4(sc->sc_sr, SB_CTL_A, 682 control | SB_CTL_WK | SB_CTL_DC | SB_CTL_SC | SB_CTL_ST); 683 684 /* 685 * Now wait until it is done. 686 * 687 * We do a busy wait. Obviously the number of iterations of 688 * the loop required to perform the AES operation depends upon 689 * the number of bytes to process. 690 * 691 * On a 500 MHz Geode LX we see 692 * 693 * length (bytes) typical max iterations 694 * 16 12 695 * 64 22 696 * 256 59 697 * 1024 212 698 * 8192 1,537 699 * 700 * Since we have a maximum size of operation defined in 701 * GLXSB_MAX_AES_LEN, we use this constant to decide how long 702 * to wait. Allow an order of magnitude longer than it should 703 * really take, just in case. 704 */ 705 706 for (i = 0; i < GLXSB_MAX_AES_LEN * 10; i++) { 707 status = bus_read_4(sc->sc_sr, SB_CTL_A); 708 if ((status & SB_CTL_ST) == 0) /* Done */ 709 return (0); 710 } 711 712 device_printf(sc->sc_dev, "operation failed to complete\n"); 713 return (EIO); 714 } 715 716 static int 717 glxsb_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd, 718 struct glxsb_session *ses, struct glxsb_softc *sc) 719 { 720 char *op_src, *op_dst; 721 uint32_t op_psrc, op_pdst; 722 uint8_t op_iv[SB_AES_BLOCK_SIZE], *piv; 723 int error; 724 int len, tlen, xlen; 725 int offset; 726 uint32_t control; 727 728 if (crd == NULL || (crd->crd_len % SB_AES_BLOCK_SIZE) != 0) 729 return (EINVAL); 730 731 /* How much of our buffer will we need to use? */ 732 xlen = crd->crd_len > GLXSB_MAX_AES_LEN ? 733 GLXSB_MAX_AES_LEN : crd->crd_len; 734 735 /* 736 * XXX Check if we can have input == output on Geode LX. 737 * XXX In the meantime, use two separate (adjacent) buffers. 738 */ 739 op_src = sc->sc_dma.dma_vaddr; 740 op_dst = (char *)sc->sc_dma.dma_vaddr + xlen; 741 742 op_psrc = sc->sc_dma.dma_paddr; 743 op_pdst = sc->sc_dma.dma_paddr + xlen; 744 745 if (crd->crd_flags & CRD_F_ENCRYPT) { 746 control = SB_CTL_ENC; 747 if (crd->crd_flags & CRD_F_IV_EXPLICIT) 748 bcopy(crd->crd_iv, op_iv, sizeof(op_iv)); 749 else 750 bcopy(ses->ses_iv, op_iv, sizeof(op_iv)); 751 752 if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) { 753 crypto_copyback(crp->crp_flags, crp->crp_buf, 754 crd->crd_inject, sizeof(op_iv), op_iv); 755 } 756 } else { 757 control = SB_CTL_DEC; 758 if (crd->crd_flags & CRD_F_IV_EXPLICIT) 759 bcopy(crd->crd_iv, op_iv, sizeof(op_iv)); 760 else { 761 crypto_copydata(crp->crp_flags, crp->crp_buf, 762 crd->crd_inject, sizeof(op_iv), op_iv); 763 } 764 } 765 766 offset = 0; 767 tlen = crd->crd_len; 768 piv = op_iv; 769 770 /* Process the data in GLXSB_MAX_AES_LEN chunks */ 771 while (tlen > 0) { 772 len = (tlen > GLXSB_MAX_AES_LEN) ? GLXSB_MAX_AES_LEN : tlen; 773 crypto_copydata(crp->crp_flags, crp->crp_buf, 774 crd->crd_skip + offset, len, op_src); 775 776 glxsb_dma_pre_op(sc, &sc->sc_dma); 777 778 error = glxsb_aes(sc, control, op_psrc, op_pdst, ses->ses_key, 779 len, op_iv); 780 781 glxsb_dma_post_op(sc, &sc->sc_dma); 782 if (error != 0) 783 return (error); 784 785 crypto_copyback(crp->crp_flags, crp->crp_buf, 786 crd->crd_skip + offset, len, op_dst); 787 788 offset += len; 789 tlen -= len; 790 791 if (tlen <= 0) { /* Ideally, just == 0 */ 792 /* Finished - put the IV in session IV */ 793 piv = ses->ses_iv; 794 } 795 796 /* 797 * Copy out last block for use as next iteration/session IV. 798 * 799 * piv is set to op_iv[] before the loop starts, but is 800 * set to ses->ses_iv if we're going to exit the loop this 801 * time. 802 */ 803 if (crd->crd_flags & CRD_F_ENCRYPT) 804 bcopy(op_dst + len - sizeof(op_iv), piv, sizeof(op_iv)); 805 else { 806 /* Decryption, only need this if another iteration */ 807 if (tlen > 0) { 808 bcopy(op_src + len - sizeof(op_iv), piv, 809 sizeof(op_iv)); 810 } 811 } 812 } /* while */ 813 814 /* All AES processing has now been done. */ 815 bzero(sc->sc_dma.dma_vaddr, xlen * 2); 816 817 return (0); 818 } 819 820 static void 821 glxsb_crypto_task(void *arg, int pending) 822 { 823 struct glxsb_softc *sc = arg; 824 struct glxsb_session *ses; 825 struct cryptop *crp; 826 struct cryptodesc *enccrd, *maccrd; 827 int error; 828 829 maccrd = sc->sc_to.to_maccrd; 830 enccrd = sc->sc_to.to_enccrd; 831 crp = sc->sc_to.to_crp; 832 ses = sc->sc_to.to_ses; 833 834 /* Perform data authentication if requested before encryption */ 835 if (maccrd != NULL && maccrd->crd_next == enccrd) { 836 error = glxsb_hash_process(ses, maccrd, crp); 837 if (error != 0) 838 goto out; 839 } 840 841 error = glxsb_crypto_encdec(crp, enccrd, ses, sc); 842 if (error != 0) 843 goto out; 844 845 /* Perform data authentication if requested after encryption */ 846 if (maccrd != NULL && enccrd->crd_next == maccrd) { 847 error = glxsb_hash_process(ses, maccrd, crp); 848 if (error != 0) 849 goto out; 850 } 851 out: 852 mtx_lock(&sc->sc_task_mtx); 853 sc->sc_task_count--; 854 mtx_unlock(&sc->sc_task_mtx); 855 856 crp->crp_etype = error; 857 crypto_unblock(sc->sc_cid, CRYPTO_SYMQ); 858 crypto_done(crp); 859 } 860 861 static int 862 glxsb_crypto_process(device_t dev, struct cryptop *crp, int hint) 863 { 864 struct glxsb_softc *sc = device_get_softc(dev); 865 struct glxsb_session *ses; 866 struct cryptodesc *crd, *enccrd, *maccrd; 867 uint32_t sid; 868 int error = 0; 869 870 enccrd = maccrd = NULL; 871 872 /* Sanity check. */ 873 if (crp == NULL) 874 return (EINVAL); 875 876 if (crp->crp_callback == NULL || crp->crp_desc == NULL) { 877 error = EINVAL; 878 goto fail; 879 } 880 881 for (crd = crp->crp_desc; crd != NULL; crd = crd->crd_next) { 882 switch (crd->crd_alg) { 883 case CRYPTO_NULL_HMAC: 884 case CRYPTO_MD5_HMAC: 885 case CRYPTO_SHA1_HMAC: 886 case CRYPTO_RIPEMD160_HMAC: 887 case CRYPTO_SHA2_256_HMAC: 888 case CRYPTO_SHA2_384_HMAC: 889 case CRYPTO_SHA2_512_HMAC: 890 if (maccrd != NULL) { 891 error = EINVAL; 892 goto fail; 893 } 894 maccrd = crd; 895 break; 896 case CRYPTO_AES_CBC: 897 if (enccrd != NULL) { 898 error = EINVAL; 899 goto fail; 900 } 901 enccrd = crd; 902 break; 903 default: 904 error = EINVAL; 905 goto fail; 906 } 907 } 908 909 if (enccrd == NULL || enccrd->crd_len % AES_BLOCK_LEN != 0) { 910 error = EINVAL; 911 goto fail; 912 } 913 914 sid = crp->crp_sid & 0xffffffff; 915 rw_rlock(&sc->sc_sessions_lock); 916 TAILQ_FOREACH_REVERSE(ses, &sc->sc_sessions, ses_head, ses_next) { 917 if (ses->ses_id == sid) 918 break; 919 } 920 rw_runlock(&sc->sc_sessions_lock); 921 if (ses == NULL || !ses->ses_used) { 922 error = EINVAL; 923 goto fail; 924 } 925 926 mtx_lock(&sc->sc_task_mtx); 927 if (sc->sc_task_count != 0) { 928 mtx_unlock(&sc->sc_task_mtx); 929 return (ERESTART); 930 } 931 sc->sc_task_count++; 932 933 sc->sc_to.to_maccrd = maccrd; 934 sc->sc_to.to_enccrd = enccrd; 935 sc->sc_to.to_crp = crp; 936 sc->sc_to.to_ses = ses; 937 mtx_unlock(&sc->sc_task_mtx); 938 939 taskqueue_enqueue(sc->sc_tq, &sc->sc_cryptotask); 940 return(0); 941 942 fail: 943 crp->crp_etype = error; 944 crypto_done(crp); 945 return (error); 946 } 947