xref: /freebsd/sys/dev/sec/sec.c (revision 8fc257994d0ce2396196d7a06d50d20c8015f4b7)
1 /*-
2  * Copyright (C) 2008-2009 Semihalf, Piotr Ziecik
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN
17  * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
18  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
19  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
21  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
22  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
23  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25 
26 /*
27  * Freescale integrated Security Engine (SEC) driver. Currently SEC 2.0 and
28  * 3.0 are supported.
29  */
30 
31 #include <sys/cdefs.h>
32 __FBSDID("$FreeBSD$");
33 
34 #include <sys/param.h>
35 #include <sys/systm.h>
36 #include <sys/bus.h>
37 #include <sys/endian.h>
38 #include <sys/kernel.h>
39 #include <sys/lock.h>
40 #include <sys/malloc.h>
41 #include <sys/mbuf.h>
42 #include <sys/module.h>
43 #include <sys/mutex.h>
44 #include <sys/random.h>
45 #include <sys/rman.h>
46 
47 #include <machine/bus.h>
48 #include <machine/resource.h>
49 
50 #include <opencrypto/cryptodev.h>
51 #include "cryptodev_if.h"
52 
53 #include <dev/ofw/ofw_bus_subr.h>
54 #include <dev/sec/sec.h>
55 
56 static int	sec_probe(device_t dev);
57 static int	sec_attach(device_t dev);
58 static int	sec_detach(device_t dev);
59 static int	sec_suspend(device_t dev);
60 static int	sec_resume(device_t dev);
61 static int	sec_shutdown(device_t dev);
62 static void	sec_primary_intr(void *arg);
63 static void	sec_secondary_intr(void *arg);
64 static int	sec_setup_intr(struct sec_softc *sc, struct resource **ires,
65     void **ihand, int *irid, driver_intr_t handler, const char *iname);
66 static void	sec_release_intr(struct sec_softc *sc, struct resource *ires,
67     void *ihand, int irid, const char *iname);
68 static int	sec_controller_reset(struct sec_softc *sc);
69 static int	sec_channel_reset(struct sec_softc *sc, int channel, int full);
70 static int	sec_init(struct sec_softc *sc);
71 static int	sec_alloc_dma_mem(struct sec_softc *sc,
72     struct sec_dma_mem *dma_mem, bus_size_t size);
73 static int	sec_desc_map_dma(struct sec_softc *sc,
74     struct sec_dma_mem *dma_mem, void *mem, bus_size_t size, int type,
75     struct sec_desc_map_info *sdmi);
76 static void	sec_free_dma_mem(struct sec_dma_mem *dma_mem);
77 static void	sec_enqueue(struct sec_softc *sc);
78 static int	sec_enqueue_desc(struct sec_softc *sc, struct sec_desc *desc,
79     int channel);
80 static int	sec_eu_channel(struct sec_softc *sc, int eu);
81 static int	sec_make_pointer(struct sec_softc *sc, struct sec_desc *desc,
82     u_int n, void *data, bus_size_t doffset, bus_size_t dsize, int dtype);
83 static int	sec_make_pointer_direct(struct sec_softc *sc,
84     struct sec_desc *desc, u_int n, bus_addr_t data, bus_size_t dsize);
85 static int	sec_alloc_session(struct sec_softc *sc);
86 static int	sec_newsession(device_t dev, u_int32_t *sidp,
87     struct cryptoini *cri);
88 static int	sec_freesession(device_t dev, uint64_t tid);
89 static int	sec_process(device_t dev, struct cryptop *crp, int hint);
90 static int	sec_split_cri(struct cryptoini *cri, struct cryptoini **enc,
91     struct cryptoini **mac);
92 static int	sec_split_crp(struct cryptop *crp, struct cryptodesc **enc,
93     struct cryptodesc **mac);
94 static int	sec_build_common_ns_desc(struct sec_softc *sc,
95     struct sec_desc *desc, struct sec_session *ses, struct cryptop *crp,
96     struct cryptodesc *enc, int buftype);
97 static int	sec_build_common_s_desc(struct sec_softc *sc,
98     struct sec_desc *desc, struct sec_session *ses, struct cryptop *crp,
99     struct cryptodesc *enc, struct cryptodesc *mac, int buftype);
100 
101 static struct sec_session *sec_get_session(struct sec_softc *sc, u_int sid);
102 static struct sec_desc *sec_find_desc(struct sec_softc *sc, bus_addr_t paddr);
103 
104 /* AESU */
105 static int	sec_aesu_newsession(struct sec_softc *sc,
106     struct sec_session *ses, struct cryptoini *enc, struct cryptoini *mac);
107 static int	sec_aesu_make_desc(struct sec_softc *sc,
108     struct sec_session *ses, struct sec_desc *desc, struct cryptop *crp,
109     int buftype);
110 
111 /* DEU */
112 static int	sec_deu_newsession(struct sec_softc *sc,
113     struct sec_session *ses, struct cryptoini *enc, struct cryptoini *mac);
114 static int	sec_deu_make_desc(struct sec_softc *sc,
115     struct sec_session *ses, struct sec_desc *desc, struct cryptop *crp,
116     int buftype);
117 
118 /* MDEU */
119 static int	sec_mdeu_can_handle(u_int alg);
120 static int	sec_mdeu_config(struct cryptodesc *crd,
121     u_int *eu, u_int *mode, u_int *hashlen);
122 static int	sec_mdeu_newsession(struct sec_softc *sc,
123     struct sec_session *ses, struct cryptoini *enc, struct cryptoini *mac);
124 static int	sec_mdeu_make_desc(struct sec_softc *sc,
125     struct sec_session *ses, struct sec_desc *desc, struct cryptop *crp,
126     int buftype);
127 
128 static device_method_t sec_methods[] = {
129 	/* Device interface */
130 	DEVMETHOD(device_probe,		sec_probe),
131 	DEVMETHOD(device_attach,	sec_attach),
132 	DEVMETHOD(device_detach,	sec_detach),
133 
134 	DEVMETHOD(device_suspend,	sec_suspend),
135 	DEVMETHOD(device_resume,	sec_resume),
136 	DEVMETHOD(device_shutdown,	sec_shutdown),
137 
138 	/* Bus interface */
139 	DEVMETHOD(bus_print_child,	bus_generic_print_child),
140 	DEVMETHOD(bus_driver_added,	bus_generic_driver_added),
141 
142 	/* Crypto methods */
143 	DEVMETHOD(cryptodev_newsession,	sec_newsession),
144 	DEVMETHOD(cryptodev_freesession,sec_freesession),
145 	DEVMETHOD(cryptodev_process,	sec_process),
146 
147 	{ 0, 0 }
148 };
149 static driver_t sec_driver = {
150 	"sec",
151 	sec_methods,
152 	sizeof(struct sec_softc),
153 };
154 
155 static devclass_t sec_devclass;
156 DRIVER_MODULE(sec, simplebus, sec_driver, sec_devclass, 0, 0);
157 MODULE_DEPEND(sec, crypto, 1, 1, 1);
158 
159 static struct sec_eu_methods sec_eus[] = {
160 	{
161 		sec_aesu_newsession,
162 		sec_aesu_make_desc,
163 	},
164 	{
165 		sec_deu_newsession,
166 		sec_deu_make_desc,
167 	},
168 	{
169 		sec_mdeu_newsession,
170 		sec_mdeu_make_desc,
171 	},
172 	{ NULL, NULL }
173 };
174 
175 static inline void
176 sec_sync_dma_mem(struct sec_dma_mem *dma_mem, bus_dmasync_op_t op)
177 {
178 
179 	/* Sync only if dma memory is valid */
180 	if (dma_mem->dma_vaddr != NULL)
181 		bus_dmamap_sync(dma_mem->dma_tag, dma_mem->dma_map, op);
182 }
183 
184 static inline void
185 sec_free_session(struct sec_softc *sc, struct sec_session *ses)
186 {
187 
188 	SEC_LOCK(sc, sessions);
189 	ses->ss_used = 0;
190 	SEC_UNLOCK(sc, sessions);
191 }
192 
193 static inline void *
194 sec_get_pointer_data(struct sec_desc *desc, u_int n)
195 {
196 
197 	return (desc->sd_ptr_dmem[n].dma_vaddr);
198 }
199 
200 static int
201 sec_probe(device_t dev)
202 {
203 	struct sec_softc *sc;
204 	uint64_t id;
205 
206 	if (!ofw_bus_is_compatible(dev, "fsl,sec2.0"))
207 		return (ENXIO);
208 
209 	sc = device_get_softc(dev);
210 
211 	sc->sc_rrid = 0;
212 	sc->sc_rres = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->sc_rrid,
213 	    RF_ACTIVE);
214 
215 	if (sc->sc_rres == NULL)
216 		return (ENXIO);
217 
218 	sc->sc_bas.bsh = rman_get_bushandle(sc->sc_rres);
219 	sc->sc_bas.bst = rman_get_bustag(sc->sc_rres);
220 
221 	id = SEC_READ(sc, SEC_ID);
222 
223 	bus_release_resource(dev, SYS_RES_MEMORY, sc->sc_rrid, sc->sc_rres);
224 
225 	switch (id) {
226 	case SEC_20_ID:
227 		device_set_desc(dev, "Freescale Security Engine 2.0");
228 		sc->sc_version = 2;
229 		break;
230 	case SEC_30_ID:
231 		device_set_desc(dev, "Freescale Security Engine 3.0");
232 		sc->sc_version = 3;
233 		break;
234 	default:
235 		device_printf(dev, "unknown SEC ID 0x%016llx!\n", id);
236 		return (ENXIO);
237 	}
238 
239 	return (0);
240 }
241 
242 static int
243 sec_attach(device_t dev)
244 {
245 	struct sec_softc *sc;
246 	struct sec_hw_lt *lt;
247 	int error = 0;
248 	int i;
249 
250 	sc = device_get_softc(dev);
251 	sc->sc_dev = dev;
252 	sc->sc_blocked = 0;
253 	sc->sc_shutdown = 0;
254 
255 	sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
256 	if (sc->sc_cid < 0) {
257 		device_printf(dev, "could not get crypto driver ID!\n");
258 		return (ENXIO);
259 	}
260 
261 	/* Init locks */
262 	mtx_init(&sc->sc_controller_lock, device_get_nameunit(dev),
263 	    "SEC Controller lock", MTX_DEF);
264 	mtx_init(&sc->sc_descriptors_lock, device_get_nameunit(dev),
265 	    "SEC Descriptors lock", MTX_DEF);
266 	mtx_init(&sc->sc_sessions_lock, device_get_nameunit(dev),
267 	    "SEC Sessions lock", MTX_DEF);
268 
269 	/* Allocate I/O memory for SEC registers */
270 	sc->sc_rrid = 0;
271 	sc->sc_rres = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->sc_rrid,
272 	    RF_ACTIVE);
273 
274 	if (sc->sc_rres == NULL) {
275 		device_printf(dev, "could not allocate I/O memory!\n");
276 		goto fail1;
277 	}
278 
279 	sc->sc_bas.bsh = rman_get_bushandle(sc->sc_rres);
280 	sc->sc_bas.bst = rman_get_bustag(sc->sc_rres);
281 
282 	/* Setup interrupts */
283 	sc->sc_pri_irid = 0;
284 	error = sec_setup_intr(sc, &sc->sc_pri_ires, &sc->sc_pri_ihand,
285 	    &sc->sc_pri_irid, sec_primary_intr, "primary");
286 
287 	if (error)
288 		goto fail2;
289 
290 
291 	if (sc->sc_version == 3) {
292 		sc->sc_sec_irid = 1;
293 		error = sec_setup_intr(sc, &sc->sc_sec_ires, &sc->sc_sec_ihand,
294 		    &sc->sc_sec_irid, sec_secondary_intr, "secondary");
295 
296 		if (error)
297 			goto fail3;
298 	}
299 
300 	/* Alloc DMA memory for descriptors and link tables */
301 	error = sec_alloc_dma_mem(sc, &(sc->sc_desc_dmem),
302 	    SEC_DESCRIPTORS * sizeof(struct sec_hw_desc));
303 
304 	if (error)
305 		goto fail4;
306 
307 	error = sec_alloc_dma_mem(sc, &(sc->sc_lt_dmem),
308 	    (SEC_LT_ENTRIES + 1) * sizeof(struct sec_hw_lt));
309 
310 	if (error)
311 		goto fail5;
312 
313 	/* Fill in descriptors and link tables */
314 	for (i = 0; i < SEC_DESCRIPTORS; i++) {
315 		sc->sc_desc[i].sd_desc =
316 		    (struct sec_hw_desc*)(sc->sc_desc_dmem.dma_vaddr) + i;
317 		sc->sc_desc[i].sd_desc_paddr = sc->sc_desc_dmem.dma_paddr +
318 		    (i * sizeof(struct sec_hw_desc));
319 	}
320 
321 	for (i = 0; i < SEC_LT_ENTRIES + 1; i++) {
322 		sc->sc_lt[i].sl_lt =
323 		    (struct sec_hw_lt*)(sc->sc_lt_dmem.dma_vaddr) + i;
324 		sc->sc_lt[i].sl_lt_paddr = sc->sc_lt_dmem.dma_paddr +
325 		    (i * sizeof(struct sec_hw_lt));
326 	}
327 
328 	/* Last entry in link table is used to create a circle */
329 	lt = sc->sc_lt[SEC_LT_ENTRIES].sl_lt;
330 	lt->shl_length = 0;
331 	lt->shl_r = 0;
332 	lt->shl_n = 1;
333 	lt->shl_ptr = sc->sc_lt[0].sl_lt_paddr;
334 
335 	/* Init descriptor and link table queues pointers */
336 	SEC_CNT_INIT(sc, sc_free_desc_get_cnt, SEC_DESCRIPTORS);
337 	SEC_CNT_INIT(sc, sc_free_desc_put_cnt, SEC_DESCRIPTORS);
338 	SEC_CNT_INIT(sc, sc_ready_desc_get_cnt, SEC_DESCRIPTORS);
339 	SEC_CNT_INIT(sc, sc_ready_desc_put_cnt, SEC_DESCRIPTORS);
340 	SEC_CNT_INIT(sc, sc_queued_desc_get_cnt, SEC_DESCRIPTORS);
341 	SEC_CNT_INIT(sc, sc_queued_desc_put_cnt, SEC_DESCRIPTORS);
342 	SEC_CNT_INIT(sc, sc_lt_alloc_cnt, SEC_LT_ENTRIES);
343 	SEC_CNT_INIT(sc, sc_lt_free_cnt, SEC_LT_ENTRIES);
344 
345 	/* Create masks for fast checks */
346 	sc->sc_int_error_mask = 0;
347 	for (i = 0; i < SEC_CHANNELS; i++)
348 		sc->sc_int_error_mask |= (~0ULL & SEC_INT_CH_ERR(i));
349 
350 	switch (sc->sc_version) {
351 	case 2:
352 		sc->sc_channel_idle_mask =
353 		    (SEC_CHAN_CSR2_FFLVL_M << SEC_CHAN_CSR2_FFLVL_S) |
354 		    (SEC_CHAN_CSR2_MSTATE_M << SEC_CHAN_CSR2_MSTATE_S) |
355 		    (SEC_CHAN_CSR2_PSTATE_M << SEC_CHAN_CSR2_PSTATE_S) |
356 		    (SEC_CHAN_CSR2_GSTATE_M << SEC_CHAN_CSR2_GSTATE_S);
357 		break;
358 	case 3:
359 		sc->sc_channel_idle_mask =
360 		    (SEC_CHAN_CSR3_FFLVL_M << SEC_CHAN_CSR3_FFLVL_S) |
361 		    (SEC_CHAN_CSR3_MSTATE_M << SEC_CHAN_CSR3_MSTATE_S) |
362 		    (SEC_CHAN_CSR3_PSTATE_M << SEC_CHAN_CSR3_PSTATE_S) |
363 		    (SEC_CHAN_CSR3_GSTATE_M << SEC_CHAN_CSR3_GSTATE_S);
364 		break;
365 	}
366 
367 	/* Init hardware */
368 	error = sec_init(sc);
369 
370 	if (error)
371 		goto fail6;
372 
373 	/* Register in OCF (AESU) */
374 	crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0);
375 
376 	/* Register in OCF (DEU) */
377 	crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0);
378 	crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0);
379 
380 	/* Register in OCF (MDEU) */
381 	crypto_register(sc->sc_cid, CRYPTO_MD5, 0, 0);
382 	crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0);
383 	crypto_register(sc->sc_cid, CRYPTO_SHA1, 0, 0);
384 	crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0);
385 	crypto_register(sc->sc_cid, CRYPTO_SHA2_256_HMAC, 0, 0);
386 	if (sc->sc_version >= 3) {
387 		crypto_register(sc->sc_cid, CRYPTO_SHA2_384_HMAC, 0, 0);
388 		crypto_register(sc->sc_cid, CRYPTO_SHA2_512_HMAC, 0, 0);
389 	}
390 
391 	return (0);
392 
393 fail6:
394 	sec_free_dma_mem(&(sc->sc_lt_dmem));
395 fail5:
396 	sec_free_dma_mem(&(sc->sc_desc_dmem));
397 fail4:
398 	sec_release_intr(sc, sc->sc_sec_ires, sc->sc_sec_ihand,
399 	    sc->sc_sec_irid, "secondary");
400 fail3:
401 	sec_release_intr(sc, sc->sc_pri_ires, sc->sc_pri_ihand,
402 	    sc->sc_pri_irid, "primary");
403 fail2:
404 	bus_release_resource(dev, SYS_RES_MEMORY, sc->sc_rrid, sc->sc_rres);
405 fail1:
406 	mtx_destroy(&sc->sc_controller_lock);
407 	mtx_destroy(&sc->sc_descriptors_lock);
408 	mtx_destroy(&sc->sc_sessions_lock);
409 
410 	return (ENXIO);
411 }
412 
413 static int
414 sec_detach(device_t dev)
415 {
416 	struct sec_softc *sc = device_get_softc(dev);
417 	int i, error, timeout = SEC_TIMEOUT;
418 
419 	/* Prepare driver to shutdown */
420 	SEC_LOCK(sc, descriptors);
421 	sc->sc_shutdown = 1;
422 	SEC_UNLOCK(sc, descriptors);
423 
424 	/* Wait until all queued processing finishes */
425 	while (1) {
426 		SEC_LOCK(sc, descriptors);
427 		i = SEC_READY_DESC_CNT(sc) + SEC_QUEUED_DESC_CNT(sc);
428 		SEC_UNLOCK(sc, descriptors);
429 
430 		if (i == 0)
431 			break;
432 
433 		if (timeout < 0) {
434 			device_printf(dev, "queue flush timeout!\n");
435 
436 			/* DMA can be still active - stop it */
437 			for (i = 0; i < SEC_CHANNELS; i++)
438 				sec_channel_reset(sc, i, 1);
439 
440 			break;
441 		}
442 
443 		timeout -= 1000;
444 		DELAY(1000);
445 	}
446 
447 	/* Disable interrupts */
448 	SEC_WRITE(sc, SEC_IER, 0);
449 
450 	/* Unregister from OCF */
451 	crypto_unregister_all(sc->sc_cid);
452 
453 	/* Free DMA memory */
454 	for (i = 0; i < SEC_DESCRIPTORS; i++)
455 		SEC_DESC_FREE_POINTERS(&(sc->sc_desc[i]));
456 
457 	sec_free_dma_mem(&(sc->sc_lt_dmem));
458 	sec_free_dma_mem(&(sc->sc_desc_dmem));
459 
460 	/* Release interrupts */
461 	sec_release_intr(sc, sc->sc_pri_ires, sc->sc_pri_ihand,
462 	    sc->sc_pri_irid, "primary");
463 	sec_release_intr(sc, sc->sc_sec_ires, sc->sc_sec_ihand,
464 	    sc->sc_sec_irid, "secondary");
465 
466 	/* Release memory */
467 	if (sc->sc_rres) {
468 		error = bus_release_resource(dev, SYS_RES_MEMORY, sc->sc_rrid,
469 		    sc->sc_rres);
470 		if (error)
471 			device_printf(dev, "bus_release_resource() failed for"
472 			    " I/O memory, error %d\n", error);
473 
474 		sc->sc_rres = NULL;
475 	}
476 
477 	mtx_destroy(&sc->sc_controller_lock);
478 	mtx_destroy(&sc->sc_descriptors_lock);
479 	mtx_destroy(&sc->sc_sessions_lock);
480 
481 	return (0);
482 }
483 
484 static int
485 sec_suspend(device_t dev)
486 {
487 
488 	return (0);
489 }
490 
491 static int
492 sec_resume(device_t dev)
493 {
494 
495 	return (0);
496 }
497 
498 static int
499 sec_shutdown(device_t dev)
500 {
501 
502 	return (0);
503 }
504 
505 static int
506 sec_setup_intr(struct sec_softc *sc, struct resource **ires, void **ihand,
507     int *irid, driver_intr_t handler, const char *iname)
508 {
509 	int error;
510 
511 	(*ires) = bus_alloc_resource_any(sc->sc_dev, SYS_RES_IRQ, irid,
512 	    RF_ACTIVE);
513 
514 	if ((*ires) == NULL) {
515 		device_printf(sc->sc_dev, "could not allocate %s IRQ\n", iname);
516 		return (ENXIO);
517 	}
518 
519 	error = bus_setup_intr(sc->sc_dev, *ires, INTR_MPSAFE | INTR_TYPE_NET,
520 	    NULL, handler, sc, ihand);
521 
522 	if (error) {
523 		device_printf(sc->sc_dev, "failed to set up %s IRQ\n", iname);
524 		if (bus_release_resource(sc->sc_dev, SYS_RES_IRQ, *irid, *ires))
525 			device_printf(sc->sc_dev, "could not release %s IRQ\n",
526 			    iname);
527 
528 		(*ires) = NULL;
529 		return (error);
530 	}
531 
532 	return (0);
533 }
534 
535 static void
536 sec_release_intr(struct sec_softc *sc, struct resource *ires, void *ihand,
537     int irid, const char *iname)
538 {
539 	int error;
540 
541 	if (ires == NULL)
542 		return;
543 
544 	error = bus_teardown_intr(sc->sc_dev, ires, ihand);
545 	if (error)
546 		device_printf(sc->sc_dev, "bus_teardown_intr() failed for %s"
547 		    " IRQ, error %d\n", iname, error);
548 
549 	error = bus_release_resource(sc->sc_dev, SYS_RES_IRQ, irid, ires);
550 	if (error)
551 		device_printf(sc->sc_dev, "bus_release_resource() failed for %s"
552 		    " IRQ, error %d\n", iname, error);
553 }
554 
555 static void
556 sec_primary_intr(void *arg)
557 {
558 	struct sec_softc *sc = arg;
559 	struct sec_desc *desc;
560 	uint64_t isr;
561 	int i, wakeup = 0;
562 
563 	SEC_LOCK(sc, controller);
564 
565 	/* Check for errors */
566 	isr = SEC_READ(sc, SEC_ISR);
567 	if (isr & sc->sc_int_error_mask) {
568 		/* Check each channel for error */
569 		for (i = 0; i < SEC_CHANNELS; i++) {
570 			if ((isr & SEC_INT_CH_ERR(i)) == 0)
571 				continue;
572 
573 			device_printf(sc->sc_dev,
574 			    "I/O error on channel %i!\n", i);
575 
576 			/* Find and mark problematic descriptor */
577 			desc = sec_find_desc(sc, SEC_READ(sc,
578 			    SEC_CHAN_CDPR(i)));
579 
580 			if (desc != NULL)
581 				desc->sd_error = EIO;
582 
583 			/* Do partial channel reset */
584 			sec_channel_reset(sc, i, 0);
585 		}
586 	}
587 
588 	/* ACK interrupt */
589 	SEC_WRITE(sc, SEC_ICR, 0xFFFFFFFFFFFFFFFFULL);
590 
591 	SEC_UNLOCK(sc, controller);
592 	SEC_LOCK(sc, descriptors);
593 
594 	/* Handle processed descriptors */
595 	SEC_DESC_SYNC(sc, BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
596 
597 	while (SEC_QUEUED_DESC_CNT(sc) > 0) {
598 		desc = SEC_GET_QUEUED_DESC(sc);
599 
600 		if (desc->sd_desc->shd_done != 0xFF && desc->sd_error == 0) {
601 			SEC_PUT_BACK_QUEUED_DESC(sc);
602 			break;
603 		}
604 
605 		SEC_DESC_SYNC_POINTERS(desc, BUS_DMASYNC_PREREAD |
606 		    BUS_DMASYNC_PREWRITE);
607 
608 		desc->sd_crp->crp_etype = desc->sd_error;
609 		crypto_done(desc->sd_crp);
610 
611 		SEC_DESC_FREE_POINTERS(desc);
612 		SEC_DESC_FREE_LT(sc, desc);
613 		SEC_DESC_QUEUED2FREE(sc);
614 	}
615 
616 	SEC_DESC_SYNC(sc, BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
617 
618 	if (!sc->sc_shutdown) {
619 		wakeup = sc->sc_blocked;
620 		sc->sc_blocked = 0;
621 	}
622 
623 	SEC_UNLOCK(sc, descriptors);
624 
625 	/* Enqueue ready descriptors in hardware */
626 	sec_enqueue(sc);
627 
628 	if (wakeup)
629 		crypto_unblock(sc->sc_cid, wakeup);
630 }
631 
632 static void
633 sec_secondary_intr(void *arg)
634 {
635 	struct sec_softc *sc = arg;
636 
637 	device_printf(sc->sc_dev, "spurious secondary interrupt!\n");
638 	sec_primary_intr(arg);
639 }
640 
641 static int
642 sec_controller_reset(struct sec_softc *sc)
643 {
644 	int timeout = SEC_TIMEOUT;
645 
646 	/* Reset Controller */
647 	SEC_WRITE(sc, SEC_MCR, SEC_MCR_SWR);
648 
649 	while (SEC_READ(sc, SEC_MCR) & SEC_MCR_SWR) {
650 		DELAY(1000);
651 		timeout -= 1000;
652 
653 		if (timeout < 0) {
654 			device_printf(sc->sc_dev, "timeout while waiting for "
655 			    "device reset!\n");
656 			return (ETIMEDOUT);
657 		}
658 	}
659 
660 	return (0);
661 }
662 
663 static int
664 sec_channel_reset(struct sec_softc *sc, int channel, int full)
665 {
666 	int timeout = SEC_TIMEOUT;
667 	uint64_t bit = (full) ? SEC_CHAN_CCR_R : SEC_CHAN_CCR_CON;
668 	uint64_t reg;
669 
670 	/* Reset Channel */
671 	reg = SEC_READ(sc, SEC_CHAN_CCR(channel));
672 	SEC_WRITE(sc, SEC_CHAN_CCR(channel), reg | bit);
673 
674 	while (SEC_READ(sc, SEC_CHAN_CCR(channel)) & bit) {
675 		DELAY(1000);
676 		timeout -= 1000;
677 
678 		if (timeout < 0) {
679 			device_printf(sc->sc_dev, "timeout while waiting for "
680 			    "channel reset!\n");
681 			return (ETIMEDOUT);
682 		}
683 	}
684 
685 	if (full) {
686 		reg = SEC_CHAN_CCR_CDIE | SEC_CHAN_CCR_NT | SEC_CHAN_CCR_BS;
687 
688 		switch(sc->sc_version) {
689 		case 2:
690 			reg |= SEC_CHAN_CCR_CDWE;
691 			break;
692 		case 3:
693 			reg |= SEC_CHAN_CCR_AWSE | SEC_CHAN_CCR_WGN;
694 			break;
695 		}
696 
697 		SEC_WRITE(sc, SEC_CHAN_CCR(channel), reg);
698 	}
699 
700 	return (0);
701 }
702 
703 static int
704 sec_init(struct sec_softc *sc)
705 {
706 	uint64_t reg;
707 	int error, i;
708 
709 	/* Reset controller twice to clear all pending interrupts */
710 	error = sec_controller_reset(sc);
711 	if (error)
712 		return (error);
713 
714 	error = sec_controller_reset(sc);
715 	if (error)
716 		return (error);
717 
718 	/* Reset channels */
719 	for (i = 0; i < SEC_CHANNELS; i++) {
720 		error = sec_channel_reset(sc, i, 1);
721 		if (error)
722 			return (error);
723 	}
724 
725 	/* Enable Interrupts */
726 	reg = SEC_INT_ITO;
727 	for (i = 0; i < SEC_CHANNELS; i++)
728 		reg |= SEC_INT_CH_DN(i) | SEC_INT_CH_ERR(i);
729 
730 	SEC_WRITE(sc, SEC_IER, reg);
731 
732 	return (error);
733 }
734 
735 static void
736 sec_alloc_dma_mem_cb(void *arg, bus_dma_segment_t *segs, int nseg, int error)
737 {
738 	struct sec_dma_mem *dma_mem = arg;
739 
740 	if (error)
741 		return;
742 
743 	KASSERT(nseg == 1, ("Wrong number of segments, should be 1"));
744 	dma_mem->dma_paddr = segs->ds_addr;
745 }
746 
747 static void
748 sec_dma_map_desc_cb(void *arg, bus_dma_segment_t *segs, int nseg,
749     int error)
750 {
751 	struct sec_desc_map_info *sdmi = arg;
752 	struct sec_softc *sc = sdmi->sdmi_sc;
753 	struct sec_lt *lt = NULL;
754 	bus_addr_t addr;
755 	bus_size_t size;
756 	int i;
757 
758 	SEC_LOCK_ASSERT(sc, descriptors);
759 
760 	if (error)
761 		return;
762 
763 	for (i = 0; i < nseg; i++) {
764 		addr = segs[i].ds_addr;
765 		size = segs[i].ds_len;
766 
767 		/* Skip requested offset */
768 		if (sdmi->sdmi_offset >= size) {
769 			sdmi->sdmi_offset -= size;
770 			continue;
771 		}
772 
773 		addr += sdmi->sdmi_offset;
774 		size -= sdmi->sdmi_offset;
775 		sdmi->sdmi_offset = 0;
776 
777 		/* Do not link more than requested */
778 		if (sdmi->sdmi_size < size)
779 			size = sdmi->sdmi_size;
780 
781 		lt = SEC_ALLOC_LT_ENTRY(sc);
782 		lt->sl_lt->shl_length = size;
783 		lt->sl_lt->shl_r = 0;
784 		lt->sl_lt->shl_n = 0;
785 		lt->sl_lt->shl_ptr = addr;
786 
787 		if (sdmi->sdmi_lt_first == NULL)
788 			sdmi->sdmi_lt_first = lt;
789 
790 		sdmi->sdmi_lt_used += 1;
791 
792 		if ((sdmi->sdmi_size -= size) == 0)
793 			break;
794 	}
795 
796 	sdmi->sdmi_lt_last = lt;
797 }
798 
799 static void
800 sec_dma_map_desc_cb2(void *arg, bus_dma_segment_t *segs, int nseg,
801     bus_size_t size, int error)
802 {
803 
804 	sec_dma_map_desc_cb(arg, segs, nseg, error);
805 }
806 
807 static int
808 sec_alloc_dma_mem(struct sec_softc *sc, struct sec_dma_mem *dma_mem,
809     bus_size_t size)
810 {
811 	int error;
812 
813 	if (dma_mem->dma_vaddr != NULL)
814 		return (EBUSY);
815 
816 	error = bus_dma_tag_create(NULL,	/* parent */
817 		SEC_DMA_ALIGNMENT, 0,		/* alignment, boundary */
818 		BUS_SPACE_MAXADDR_32BIT,	/* lowaddr */
819 		BUS_SPACE_MAXADDR,		/* highaddr */
820 		NULL, NULL,			/* filtfunc, filtfuncarg */
821 		size, 1,			/* maxsize, nsegments */
822 		size, 0,			/* maxsegsz, flags */
823 		NULL, NULL,			/* lockfunc, lockfuncarg */
824 		&(dma_mem->dma_tag));		/* dmat */
825 
826 	if (error) {
827 		device_printf(sc->sc_dev, "failed to allocate busdma tag, error"
828 		    " %i!\n", error);
829 		goto err1;
830 	}
831 
832 	error = bus_dmamem_alloc(dma_mem->dma_tag, &(dma_mem->dma_vaddr),
833 	    BUS_DMA_NOWAIT | BUS_DMA_ZERO, &(dma_mem->dma_map));
834 
835 	if (error) {
836 		device_printf(sc->sc_dev, "failed to allocate DMA safe"
837 		    " memory, error %i!\n", error);
838 		goto err2;
839 	}
840 
841 	error = bus_dmamap_load(dma_mem->dma_tag, dma_mem->dma_map,
842 		    dma_mem->dma_vaddr, size, sec_alloc_dma_mem_cb, dma_mem,
843 		    BUS_DMA_NOWAIT);
844 
845 	if (error) {
846 		device_printf(sc->sc_dev, "cannot get address of the DMA"
847 		    " memory, error %i\n", error);
848 		goto err3;
849 	}
850 
851 	dma_mem->dma_is_map = 0;
852 	return (0);
853 
854 err3:
855 	bus_dmamem_free(dma_mem->dma_tag, dma_mem->dma_vaddr, dma_mem->dma_map);
856 err2:
857 	bus_dma_tag_destroy(dma_mem->dma_tag);
858 err1:
859 	dma_mem->dma_vaddr = NULL;
860 	return(error);
861 }
862 
863 static int
864 sec_desc_map_dma(struct sec_softc *sc, struct sec_dma_mem *dma_mem, void *mem,
865     bus_size_t size, int type, struct sec_desc_map_info *sdmi)
866 {
867 	int error;
868 
869 	if (dma_mem->dma_vaddr != NULL)
870 		return (EBUSY);
871 
872 	switch (type) {
873 	case SEC_MEMORY:
874 		break;
875 	case SEC_UIO:
876 		size = SEC_FREE_LT_CNT(sc) * SEC_MAX_DMA_BLOCK_SIZE;
877 		break;
878 	case SEC_MBUF:
879 		size = m_length((struct mbuf*)mem, NULL);
880 		break;
881 	default:
882 		return (EINVAL);
883 	}
884 
885 	error = bus_dma_tag_create(NULL,	/* parent */
886 		SEC_DMA_ALIGNMENT, 0,		/* alignment, boundary */
887 		BUS_SPACE_MAXADDR_32BIT,	/* lowaddr */
888 		BUS_SPACE_MAXADDR,		/* highaddr */
889 		NULL, NULL,			/* filtfunc, filtfuncarg */
890 		size,				/* maxsize */
891 		SEC_FREE_LT_CNT(sc),		/* nsegments */
892 		SEC_MAX_DMA_BLOCK_SIZE, 0,	/* maxsegsz, flags */
893 		NULL, NULL,			/* lockfunc, lockfuncarg */
894 		&(dma_mem->dma_tag));		/* dmat */
895 
896 	if (error) {
897 		device_printf(sc->sc_dev, "failed to allocate busdma tag, error"
898 		    " %i!\n", error);
899 		dma_mem->dma_vaddr = NULL;
900 		return (error);
901 	}
902 
903 	error = bus_dmamap_create(dma_mem->dma_tag, 0, &(dma_mem->dma_map));
904 
905 	if (error) {
906 		device_printf(sc->sc_dev, "failed to create DMA map, error %i!"
907 		    "\n", error);
908 		bus_dma_tag_destroy(dma_mem->dma_tag);
909 		return (error);
910 	}
911 
912 	switch (type) {
913 	case SEC_MEMORY:
914 		error = bus_dmamap_load(dma_mem->dma_tag, dma_mem->dma_map,
915 		    mem, size, sec_dma_map_desc_cb, sdmi, BUS_DMA_NOWAIT);
916 		break;
917 	case SEC_UIO:
918 		error = bus_dmamap_load_uio(dma_mem->dma_tag, dma_mem->dma_map,
919 		    mem, sec_dma_map_desc_cb2, sdmi, BUS_DMA_NOWAIT);
920 		break;
921 	case SEC_MBUF:
922 		error = bus_dmamap_load_mbuf(dma_mem->dma_tag, dma_mem->dma_map,
923 		    mem, sec_dma_map_desc_cb2, sdmi, BUS_DMA_NOWAIT);
924 		break;
925 	}
926 
927 	if (error) {
928 		device_printf(sc->sc_dev, "cannot get address of the DMA"
929 		    " memory, error %i!\n", error);
930 		bus_dmamap_destroy(dma_mem->dma_tag, dma_mem->dma_map);
931 		bus_dma_tag_destroy(dma_mem->dma_tag);
932 		return (error);
933 	}
934 
935 	dma_mem->dma_is_map = 1;
936 	dma_mem->dma_vaddr = mem;
937 
938 	return (0);
939 }
940 
941 static void
942 sec_free_dma_mem(struct sec_dma_mem *dma_mem)
943 {
944 
945 	/* Check for double free */
946 	if (dma_mem->dma_vaddr == NULL)
947 		return;
948 
949 	bus_dmamap_unload(dma_mem->dma_tag, dma_mem->dma_map);
950 
951 	if (dma_mem->dma_is_map)
952 		bus_dmamap_destroy(dma_mem->dma_tag, dma_mem->dma_map);
953 	else
954 		bus_dmamem_free(dma_mem->dma_tag, dma_mem->dma_vaddr,
955 		    dma_mem->dma_map);
956 
957 	bus_dma_tag_destroy(dma_mem->dma_tag);
958 	dma_mem->dma_vaddr = NULL;
959 }
960 
961 static int
962 sec_eu_channel(struct sec_softc *sc, int eu)
963 {
964 	uint64_t reg;
965 	int channel = 0;
966 
967 	SEC_LOCK_ASSERT(sc, controller);
968 
969 	reg = SEC_READ(sc, SEC_EUASR);
970 
971 	switch (eu) {
972 	case SEC_EU_AFEU:
973 		channel = SEC_EUASR_AFEU(reg);
974 		break;
975 	case SEC_EU_DEU:
976 		channel = SEC_EUASR_DEU(reg);
977 		break;
978 	case SEC_EU_MDEU_A:
979 	case SEC_EU_MDEU_B:
980 		channel = SEC_EUASR_MDEU(reg);
981 		break;
982 	case SEC_EU_RNGU:
983 		channel = SEC_EUASR_RNGU(reg);
984 		break;
985 	case SEC_EU_PKEU:
986 		channel = SEC_EUASR_PKEU(reg);
987 		break;
988 	case SEC_EU_AESU:
989 		channel = SEC_EUASR_AESU(reg);
990 		break;
991 	case SEC_EU_KEU:
992 		channel = SEC_EUASR_KEU(reg);
993 		break;
994 	case SEC_EU_CRCU:
995 		channel = SEC_EUASR_CRCU(reg);
996 		break;
997 	}
998 
999 	return (channel - 1);
1000 }
1001 
1002 static int
1003 sec_enqueue_desc(struct sec_softc *sc, struct sec_desc *desc, int channel)
1004 {
1005 	u_int fflvl = SEC_MAX_FIFO_LEVEL;
1006 	uint64_t reg;
1007 	int i;
1008 
1009 	SEC_LOCK_ASSERT(sc, controller);
1010 
1011 	/* Find free channel if have not got one */
1012 	if (channel < 0) {
1013 		for (i = 0; i < SEC_CHANNELS; i++) {
1014 			reg = SEC_READ(sc, SEC_CHAN_CSR(channel));
1015 
1016 			if ((reg & sc->sc_channel_idle_mask) == 0) {
1017 				channel = i;
1018 				break;
1019 			}
1020 		}
1021 	}
1022 
1023 	/* There is no free channel */
1024 	if (channel < 0)
1025 		return (-1);
1026 
1027 	/* Check FIFO level on selected channel */
1028 	reg = SEC_READ(sc, SEC_CHAN_CSR(channel));
1029 
1030 	switch(sc->sc_version) {
1031 	case 2:
1032 		fflvl = (reg >> SEC_CHAN_CSR2_FFLVL_S) & SEC_CHAN_CSR2_FFLVL_M;
1033 		break;
1034 	case 3:
1035 		fflvl = (reg >> SEC_CHAN_CSR3_FFLVL_S) & SEC_CHAN_CSR3_FFLVL_M;
1036 		break;
1037 	}
1038 
1039 	if (fflvl >= SEC_MAX_FIFO_LEVEL)
1040 		return (-1);
1041 
1042 	/* Enqueue descriptor in channel */
1043 	SEC_WRITE(sc, SEC_CHAN_FF(channel), desc->sd_desc_paddr);
1044 
1045 	return (channel);
1046 }
1047 
1048 static void
1049 sec_enqueue(struct sec_softc *sc)
1050 {
1051 	struct sec_desc *desc;
1052 	int ch0, ch1;
1053 
1054 	SEC_LOCK(sc, descriptors);
1055 	SEC_LOCK(sc, controller);
1056 
1057 	while (SEC_READY_DESC_CNT(sc) > 0) {
1058 		desc = SEC_GET_READY_DESC(sc);
1059 
1060 		ch0 = sec_eu_channel(sc, desc->sd_desc->shd_eu_sel0);
1061 		ch1 = sec_eu_channel(sc, desc->sd_desc->shd_eu_sel1);
1062 
1063 		/*
1064 		 * Both EU are used by the same channel.
1065 		 * Enqueue descriptor in channel used by busy EUs.
1066 		 */
1067 		if (ch0 >= 0 && ch0 == ch1) {
1068 			if (sec_enqueue_desc(sc, desc, ch0) >= 0) {
1069 				SEC_DESC_READY2QUEUED(sc);
1070 				continue;
1071 			}
1072 		}
1073 
1074 		/*
1075 		 * Only one EU is free.
1076 		 * Enqueue descriptor in channel used by busy EU.
1077 		 */
1078 		if ((ch0 >= 0 && ch1 < 0) || (ch1 >= 0 && ch0 < 0)) {
1079 			if (sec_enqueue_desc(sc, desc, (ch0 >= 0) ? ch0 : ch1)
1080 			    >= 0) {
1081 				SEC_DESC_READY2QUEUED(sc);
1082 				continue;
1083 			}
1084 		}
1085 
1086 		/*
1087 		 * Both EU are free.
1088 		 * Enqueue descriptor in first free channel.
1089 		 */
1090 		if (ch0 < 0 && ch1 < 0) {
1091 			if (sec_enqueue_desc(sc, desc, -1) >= 0) {
1092 				SEC_DESC_READY2QUEUED(sc);
1093 				continue;
1094 			}
1095 		}
1096 
1097 		/* Current descriptor can not be queued at the moment */
1098 		SEC_PUT_BACK_READY_DESC(sc);
1099 		break;
1100 	}
1101 
1102 	SEC_UNLOCK(sc, controller);
1103 	SEC_UNLOCK(sc, descriptors);
1104 }
1105 
1106 static struct sec_desc *
1107 sec_find_desc(struct sec_softc *sc, bus_addr_t paddr)
1108 {
1109 	struct sec_desc *desc = NULL;
1110 	int i;
1111 
1112 	SEC_LOCK_ASSERT(sc, descriptors);
1113 
1114 	for (i = 0; i < SEC_CHANNELS; i++) {
1115 		if (sc->sc_desc[i].sd_desc_paddr == paddr) {
1116 			desc = &(sc->sc_desc[i]);
1117 			break;
1118 		}
1119 	}
1120 
1121 	return (desc);
1122 }
1123 
1124 static int
1125 sec_make_pointer_direct(struct sec_softc *sc, struct sec_desc *desc, u_int n,
1126     bus_addr_t data, bus_size_t dsize)
1127 {
1128 	struct sec_hw_desc_ptr *ptr;
1129 
1130 	SEC_LOCK_ASSERT(sc, descriptors);
1131 
1132 	ptr = &(desc->sd_desc->shd_pointer[n]);
1133 	ptr->shdp_length = dsize;
1134 	ptr->shdp_extent = 0;
1135 	ptr->shdp_j = 0;
1136 	ptr->shdp_ptr = data;
1137 
1138 	return (0);
1139 }
1140 
1141 static int
1142 sec_make_pointer(struct sec_softc *sc, struct sec_desc *desc,
1143     u_int n, void *data, bus_size_t doffset, bus_size_t dsize, int dtype)
1144 {
1145 	struct sec_desc_map_info sdmi = { sc, dsize, doffset, NULL, NULL, 0 };
1146 	struct sec_hw_desc_ptr *ptr;
1147 	int error;
1148 
1149 	SEC_LOCK_ASSERT(sc, descriptors);
1150 
1151 	/* For flat memory map only requested region */
1152 	if (dtype == SEC_MEMORY) {
1153 		 data = (uint8_t*)(data) + doffset;
1154 		 sdmi.sdmi_offset = 0;
1155 	}
1156 
1157 	error = sec_desc_map_dma(sc, &(desc->sd_ptr_dmem[n]), data, dsize,
1158 	    dtype, &sdmi);
1159 
1160 	if (error)
1161 		return (error);
1162 
1163 	sdmi.sdmi_lt_last->sl_lt->shl_r = 1;
1164 	desc->sd_lt_used += sdmi.sdmi_lt_used;
1165 
1166 	ptr = &(desc->sd_desc->shd_pointer[n]);
1167 	ptr->shdp_length = dsize;
1168 	ptr->shdp_extent = 0;
1169 	ptr->shdp_j = 1;
1170 	ptr->shdp_ptr = sdmi.sdmi_lt_first->sl_lt_paddr;
1171 
1172 	return (0);
1173 }
1174 
1175 static int
1176 sec_split_cri(struct cryptoini *cri, struct cryptoini **enc,
1177     struct cryptoini **mac)
1178 {
1179 	struct cryptoini *e, *m;
1180 
1181 	e = cri;
1182 	m = cri->cri_next;
1183 
1184 	/* We can haldle only two operations */
1185 	if (m && m->cri_next)
1186 		return (EINVAL);
1187 
1188 	if (sec_mdeu_can_handle(e->cri_alg)) {
1189 		cri = m;
1190 		m = e;
1191 		e = cri;
1192 	}
1193 
1194 	if (m && !sec_mdeu_can_handle(m->cri_alg))
1195 		return (EINVAL);
1196 
1197 	*enc = e;
1198 	*mac = m;
1199 
1200 	return (0);
1201 }
1202 
1203 static int
1204 sec_split_crp(struct cryptop *crp, struct cryptodesc **enc,
1205     struct cryptodesc **mac)
1206 {
1207 	struct cryptodesc *e, *m, *t;
1208 
1209 	e = crp->crp_desc;
1210 	m = e->crd_next;
1211 
1212 	/* We can haldle only two operations */
1213 	if (m && m->crd_next)
1214 		return (EINVAL);
1215 
1216 	if (sec_mdeu_can_handle(e->crd_alg)) {
1217 		t = m;
1218 		m = e;
1219 		e = t;
1220 	}
1221 
1222 	if (m && !sec_mdeu_can_handle(m->crd_alg))
1223 		return (EINVAL);
1224 
1225 	*enc = e;
1226 	*mac = m;
1227 
1228 	return (0);
1229 }
1230 
1231 static int
1232 sec_alloc_session(struct sec_softc *sc)
1233 {
1234 	struct sec_session *ses = NULL;
1235 	int sid = -1;
1236 	u_int i;
1237 
1238 	SEC_LOCK(sc, sessions);
1239 
1240 	for (i = 0; i < SEC_MAX_SESSIONS; i++) {
1241 		if (sc->sc_sessions[i].ss_used == 0) {
1242 			ses = &(sc->sc_sessions[i]);
1243 			ses->ss_used = 1;
1244 			ses->ss_ivlen = 0;
1245 			ses->ss_klen = 0;
1246 			ses->ss_mklen = 0;
1247 			sid = i;
1248 			break;
1249 		}
1250 	}
1251 
1252 	SEC_UNLOCK(sc, sessions);
1253 
1254 	return (sid);
1255 }
1256 
1257 static struct sec_session *
1258 sec_get_session(struct sec_softc *sc, u_int sid)
1259 {
1260 	struct sec_session *ses;
1261 
1262 	if (sid >= SEC_MAX_SESSIONS)
1263 		return (NULL);
1264 
1265 	SEC_LOCK(sc, sessions);
1266 
1267 	ses = &(sc->sc_sessions[sid]);
1268 
1269 	if (ses->ss_used == 0)
1270 		ses = NULL;
1271 
1272 	SEC_UNLOCK(sc, sessions);
1273 
1274 	return (ses);
1275 }
1276 
1277 static int
1278 sec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
1279 {
1280 	struct sec_softc *sc = device_get_softc(dev);
1281 	struct sec_eu_methods *eu = sec_eus;
1282 	struct cryptoini *enc = NULL;
1283 	struct cryptoini *mac = NULL;
1284 	struct sec_session *ses;
1285 	int error = -1;
1286 	int sid;
1287 
1288 	error = sec_split_cri(cri, &enc, &mac);
1289 	if (error)
1290 		return (error);
1291 
1292 	/* Check key lengths */
1293 	if (enc && enc->cri_key && (enc->cri_klen / 8) > SEC_MAX_KEY_LEN)
1294 		return (E2BIG);
1295 
1296 	if (mac && mac->cri_key && (mac->cri_klen / 8) > SEC_MAX_KEY_LEN)
1297 		return (E2BIG);
1298 
1299 	/* Only SEC 3.0 supports digests larger than 256 bits */
1300 	if (sc->sc_version < 3 && mac && mac->cri_klen > 256)
1301 		return (E2BIG);
1302 
1303 	sid = sec_alloc_session(sc);
1304 	if (sid < 0)
1305 		return (ENOMEM);
1306 
1307 	ses = sec_get_session(sc, sid);
1308 
1309 	/* Find EU for this session */
1310 	while (eu->sem_make_desc != NULL) {
1311 		error = eu->sem_newsession(sc, ses, enc, mac);
1312 		if (error >= 0)
1313 			break;
1314 
1315 		eu++;
1316 	}
1317 
1318 	/* If not found, return EINVAL */
1319 	if (error < 0) {
1320 		sec_free_session(sc, ses);
1321 		return (EINVAL);
1322 	}
1323 
1324 	/* Save cipher key */
1325 	if (enc && enc->cri_key) {
1326 		ses->ss_klen = enc->cri_klen / 8;
1327 		memcpy(ses->ss_key, enc->cri_key, ses->ss_klen);
1328 	}
1329 
1330 	/* Save digest key */
1331 	if (mac && mac->cri_key) {
1332 		ses->ss_mklen = mac->cri_klen / 8;
1333 		memcpy(ses->ss_mkey, mac->cri_key, ses->ss_mklen);
1334 	}
1335 
1336 	ses->ss_eu = eu;
1337 	*sidp = sid;
1338 
1339 	return (0);
1340 }
1341 
1342 static int
1343 sec_freesession(device_t dev, uint64_t tid)
1344 {
1345 	struct sec_softc *sc = device_get_softc(dev);
1346 	struct sec_session *ses;
1347 	int error = 0;
1348 
1349 	ses = sec_get_session(sc, CRYPTO_SESID2LID(tid));
1350 	if (ses == NULL)
1351 		return (EINVAL);
1352 
1353 	sec_free_session(sc, ses);
1354 
1355 	return (error);
1356 }
1357 
1358 static int
1359 sec_process(device_t dev, struct cryptop *crp, int hint)
1360 {
1361 	struct sec_softc *sc = device_get_softc(dev);
1362 	struct sec_desc *desc = NULL;
1363 	struct cryptodesc *mac, *enc;
1364 	struct sec_session *ses;
1365 	int buftype, error = 0;
1366 
1367 	/* Check Session ID */
1368 	ses = sec_get_session(sc, CRYPTO_SESID2LID(crp->crp_sid));
1369 	if (ses == NULL) {
1370 		crp->crp_etype = EINVAL;
1371 		crypto_done(crp);
1372 		return (0);
1373 	}
1374 
1375 	/* Check for input length */
1376 	if (crp->crp_ilen > SEC_MAX_DMA_BLOCK_SIZE) {
1377 		crp->crp_etype = E2BIG;
1378 		crypto_done(crp);
1379 		return (0);
1380 	}
1381 
1382 	/* Get descriptors */
1383 	if (sec_split_crp(crp, &enc, &mac)) {
1384 		crp->crp_etype = EINVAL;
1385 		crypto_done(crp);
1386 		return (0);
1387 	}
1388 
1389 	SEC_LOCK(sc, descriptors);
1390 	SEC_DESC_SYNC(sc, BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
1391 
1392 	/* Block driver if there is no free descriptors or we are going down */
1393 	if (SEC_FREE_DESC_CNT(sc) == 0 || sc->sc_shutdown) {
1394 		sc->sc_blocked |= CRYPTO_SYMQ;
1395 		SEC_UNLOCK(sc, descriptors);
1396 		return (ERESTART);
1397 	}
1398 
1399 	/* Prepare descriptor */
1400 	desc = SEC_GET_FREE_DESC(sc);
1401 	desc->sd_lt_used = 0;
1402 	desc->sd_error = 0;
1403 	desc->sd_crp = crp;
1404 
1405 	if (crp->crp_flags & CRYPTO_F_IOV)
1406 		buftype = SEC_UIO;
1407 	else if (crp->crp_flags & CRYPTO_F_IMBUF)
1408 		buftype = SEC_MBUF;
1409 	else
1410 		buftype = SEC_MEMORY;
1411 
1412 	if (enc && enc->crd_flags & CRD_F_ENCRYPT) {
1413 		if (enc->crd_flags & CRD_F_IV_EXPLICIT)
1414 			memcpy(desc->sd_desc->shd_iv, enc->crd_iv,
1415 			    ses->ss_ivlen);
1416 		else
1417 			arc4rand(desc->sd_desc->shd_iv, ses->ss_ivlen, 0);
1418 
1419 		if ((enc->crd_flags & CRD_F_IV_PRESENT) == 0)
1420 			crypto_copyback(crp->crp_flags, crp->crp_buf,
1421 			    enc->crd_inject, ses->ss_ivlen,
1422 			    desc->sd_desc->shd_iv);
1423 	} else if (enc) {
1424 		if (enc->crd_flags & CRD_F_IV_EXPLICIT)
1425 			memcpy(desc->sd_desc->shd_iv, enc->crd_iv,
1426 			    ses->ss_ivlen);
1427 		else
1428 			crypto_copydata(crp->crp_flags, crp->crp_buf,
1429 			    enc->crd_inject, ses->ss_ivlen,
1430 			    desc->sd_desc->shd_iv);
1431 	}
1432 
1433 	if (enc && enc->crd_flags & CRD_F_KEY_EXPLICIT) {
1434 		if ((enc->crd_klen / 8) <= SEC_MAX_KEY_LEN) {
1435 			ses->ss_klen = enc->crd_klen / 8;
1436 			memcpy(ses->ss_key, enc->crd_key, ses->ss_klen);
1437 		} else
1438 			error = E2BIG;
1439 	}
1440 
1441 	if (!error && mac && mac->crd_flags & CRD_F_KEY_EXPLICIT) {
1442 		if ((mac->crd_klen / 8) <= SEC_MAX_KEY_LEN) {
1443 			ses->ss_mklen = mac->crd_klen / 8;
1444 			memcpy(ses->ss_mkey, mac->crd_key, ses->ss_mklen);
1445 		} else
1446 			error = E2BIG;
1447 	}
1448 
1449 	if (!error) {
1450 		memcpy(desc->sd_desc->shd_key, ses->ss_key, ses->ss_klen);
1451 		memcpy(desc->sd_desc->shd_mkey, ses->ss_mkey, ses->ss_mklen);
1452 
1453 		error = ses->ss_eu->sem_make_desc(sc, ses, desc, crp, buftype);
1454 	}
1455 
1456 	if (error) {
1457 		SEC_DESC_FREE_POINTERS(desc);
1458 		SEC_DESC_PUT_BACK_LT(sc, desc);
1459 		SEC_PUT_BACK_FREE_DESC(sc);
1460 		SEC_UNLOCK(sc, descriptors);
1461 		crp->crp_etype = error;
1462 		crypto_done(crp);
1463 		return (0);
1464 	}
1465 
1466 	/*
1467 	 * Skip DONE interrupt if this is not last request in burst, but only
1468 	 * if we are running on SEC 3.X. On SEC 2.X we have to enable DONE
1469 	 * signaling on each descriptor.
1470 	 */
1471 	if ((hint & CRYPTO_HINT_MORE) && sc->sc_version == 3)
1472 		desc->sd_desc->shd_dn = 0;
1473 	else
1474 		desc->sd_desc->shd_dn = 1;
1475 
1476 	SEC_DESC_SYNC(sc, BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
1477 	SEC_DESC_SYNC_POINTERS(desc, BUS_DMASYNC_POSTREAD |
1478 	    BUS_DMASYNC_POSTWRITE);
1479 	SEC_DESC_FREE2READY(sc);
1480 	SEC_UNLOCK(sc, descriptors);
1481 
1482 	/* Enqueue ready descriptors in hardware */
1483 	sec_enqueue(sc);
1484 
1485 	return (0);
1486 }
1487 
1488 static int
1489 sec_build_common_ns_desc(struct sec_softc *sc, struct sec_desc *desc,
1490     struct sec_session *ses, struct cryptop *crp, struct cryptodesc *enc,
1491     int buftype)
1492 {
1493 	struct sec_hw_desc *hd = desc->sd_desc;
1494 	int error;
1495 
1496 	hd->shd_desc_type = SEC_DT_COMMON_NONSNOOP;
1497 	hd->shd_eu_sel1 = SEC_EU_NONE;
1498 	hd->shd_mode1 = 0;
1499 
1500 	/* Pointer 0: NULL */
1501 	error = sec_make_pointer_direct(sc, desc, 0, 0, 0);
1502 	if (error)
1503 		return (error);
1504 
1505 	/* Pointer 1: IV IN */
1506 	error = sec_make_pointer_direct(sc, desc, 1, desc->sd_desc_paddr +
1507 	    offsetof(struct sec_hw_desc, shd_iv), ses->ss_ivlen);
1508 	if (error)
1509 		return (error);
1510 
1511 	/* Pointer 2: Cipher Key */
1512 	error = sec_make_pointer_direct(sc, desc, 2, desc->sd_desc_paddr +
1513 	    offsetof(struct sec_hw_desc, shd_key), ses->ss_klen);
1514  	if (error)
1515 		return (error);
1516 
1517 	/* Pointer 3: Data IN */
1518 	error = sec_make_pointer(sc, desc, 3, crp->crp_buf, enc->crd_skip,
1519 	    enc->crd_len, buftype);
1520 	if (error)
1521 		return (error);
1522 
1523 	/* Pointer 4: Data OUT */
1524 	error = sec_make_pointer(sc, desc, 4, crp->crp_buf, enc->crd_skip,
1525 	    enc->crd_len, buftype);
1526 	if (error)
1527 		return (error);
1528 
1529 	/* Pointer 5: IV OUT (Not used: NULL) */
1530 	error = sec_make_pointer_direct(sc, desc, 5, 0, 0);
1531 	if (error)
1532 		return (error);
1533 
1534 	/* Pointer 6: NULL */
1535 	error = sec_make_pointer_direct(sc, desc, 6, 0, 0);
1536 
1537 	return (error);
1538 }
1539 
1540 static int
1541 sec_build_common_s_desc(struct sec_softc *sc, struct sec_desc *desc,
1542     struct sec_session *ses, struct cryptop *crp, struct cryptodesc *enc,
1543     struct cryptodesc *mac, int buftype)
1544 {
1545 	struct sec_hw_desc *hd = desc->sd_desc;
1546 	u_int eu, mode, hashlen;
1547 	int error;
1548 
1549 	if (mac->crd_len < enc->crd_len)
1550 		return (EINVAL);
1551 
1552 	if (mac->crd_skip + mac->crd_len != enc->crd_skip + enc->crd_len)
1553 		return (EINVAL);
1554 
1555 	error = sec_mdeu_config(mac, &eu, &mode, &hashlen);
1556 	if (error)
1557 		return (error);
1558 
1559 	hd->shd_desc_type = SEC_DT_HMAC_SNOOP;
1560 	hd->shd_eu_sel1 = eu;
1561 	hd->shd_mode1 = mode;
1562 
1563 	/* Pointer 0: HMAC Key */
1564 	error = sec_make_pointer_direct(sc, desc, 0, desc->sd_desc_paddr +
1565 	    offsetof(struct sec_hw_desc, shd_mkey), ses->ss_mklen);
1566 	if (error)
1567 		return (error);
1568 
1569 	/* Pointer 1: HMAC-Only Data IN */
1570 	error = sec_make_pointer(sc, desc, 1, crp->crp_buf, mac->crd_skip,
1571 	    mac->crd_len - enc->crd_len, buftype);
1572 	if (error)
1573 		return (error);
1574 
1575 	/* Pointer 2: Cipher Key */
1576 	error = sec_make_pointer_direct(sc, desc, 2, desc->sd_desc_paddr +
1577 	    offsetof(struct sec_hw_desc, shd_key), ses->ss_klen);
1578  	if (error)
1579 		return (error);
1580 
1581 	/* Pointer 3: IV IN */
1582 	error = sec_make_pointer_direct(sc, desc, 3, desc->sd_desc_paddr +
1583 	    offsetof(struct sec_hw_desc, shd_iv), ses->ss_ivlen);
1584 	if (error)
1585 		return (error);
1586 
1587 	/* Pointer 4: Data IN */
1588 	error = sec_make_pointer(sc, desc, 4, crp->crp_buf, enc->crd_skip,
1589 	    enc->crd_len, buftype);
1590 	if (error)
1591 		return (error);
1592 
1593 	/* Pointer 5: Data OUT */
1594 	error = sec_make_pointer(sc, desc, 5, crp->crp_buf, enc->crd_skip,
1595 	    enc->crd_len, buftype);
1596 	if (error)
1597 		return (error);
1598 
1599 	/* Pointer 6: HMAC OUT */
1600 	error = sec_make_pointer(sc, desc, 6, crp->crp_buf, mac->crd_inject,
1601 	    hashlen, buftype);
1602 
1603 	return (error);
1604 }
1605 
1606 /* AESU */
1607 
1608 static int
1609 sec_aesu_newsession(struct sec_softc *sc, struct sec_session *ses,
1610     struct cryptoini *enc, struct cryptoini *mac)
1611 {
1612 
1613 	if (enc == NULL)
1614 		return (-1);
1615 
1616 	if (enc->cri_alg != CRYPTO_AES_CBC)
1617 		return (-1);
1618 
1619 	ses->ss_ivlen = AES_BLOCK_LEN;
1620 
1621 	return (0);
1622 }
1623 
1624 static int
1625 sec_aesu_make_desc(struct sec_softc *sc, struct sec_session *ses,
1626     struct sec_desc *desc, struct cryptop *crp, int buftype)
1627 {
1628 	struct sec_hw_desc *hd = desc->sd_desc;
1629 	struct cryptodesc *enc, *mac;
1630 	int error;
1631 
1632 	error = sec_split_crp(crp, &enc, &mac);
1633 	if (error)
1634 		return (error);
1635 
1636 	if (!enc)
1637 		return (EINVAL);
1638 
1639 	hd->shd_eu_sel0 = SEC_EU_AESU;
1640 	hd->shd_mode0 = SEC_AESU_MODE_CBC;
1641 
1642 	if (enc->crd_alg != CRYPTO_AES_CBC)
1643 		return (EINVAL);
1644 
1645 	if (enc->crd_flags & CRD_F_ENCRYPT) {
1646 		hd->shd_mode0 |= SEC_AESU_MODE_ED;
1647 		hd->shd_dir = 0;
1648 	} else
1649 		hd->shd_dir = 1;
1650 
1651 	if (mac)
1652 		error = sec_build_common_s_desc(sc, desc, ses, crp, enc, mac,
1653 		    buftype);
1654 	else
1655 		error = sec_build_common_ns_desc(sc, desc, ses, crp, enc,
1656 		    buftype);
1657 
1658 	return (error);
1659 }
1660 
1661 /* DEU */
1662 
1663 static int
1664 sec_deu_newsession(struct sec_softc *sc, struct sec_session *ses,
1665     struct cryptoini *enc, struct cryptoini *mac)
1666 {
1667 
1668 	if (enc == NULL)
1669 		return (-1);
1670 
1671 	switch (enc->cri_alg) {
1672 	case CRYPTO_DES_CBC:
1673 	case CRYPTO_3DES_CBC:
1674 		break;
1675 	default:
1676 		return (-1);
1677 	}
1678 
1679 	ses->ss_ivlen = DES_BLOCK_LEN;
1680 
1681 	return (0);
1682 }
1683 
1684 static int
1685 sec_deu_make_desc(struct sec_softc *sc, struct sec_session *ses,
1686     struct sec_desc *desc, struct cryptop *crp, int buftype)
1687 {
1688 	struct sec_hw_desc *hd = desc->sd_desc;
1689 	struct cryptodesc *enc, *mac;
1690 	int error;
1691 
1692 	error = sec_split_crp(crp, &enc, &mac);
1693 	if (error)
1694 		return (error);
1695 
1696 	if (!enc)
1697 		return (EINVAL);
1698 
1699 	hd->shd_eu_sel0 = SEC_EU_DEU;
1700 	hd->shd_mode0 = SEC_DEU_MODE_CBC;
1701 
1702 	switch (enc->crd_alg) {
1703 	case CRYPTO_3DES_CBC:
1704 		hd->shd_mode0 |= SEC_DEU_MODE_TS;
1705 		break;
1706 	case CRYPTO_DES_CBC:
1707 		break;
1708 	default:
1709 		return (EINVAL);
1710 	}
1711 
1712 	if (enc->crd_flags & CRD_F_ENCRYPT) {
1713 		hd->shd_mode0 |= SEC_DEU_MODE_ED;
1714 		hd->shd_dir = 0;
1715 	} else
1716 		hd->shd_dir = 1;
1717 
1718 	if (mac)
1719 		error = sec_build_common_s_desc(sc, desc, ses, crp, enc, mac,
1720 		    buftype);
1721 	else
1722 		error = sec_build_common_ns_desc(sc, desc, ses, crp, enc,
1723 		    buftype);
1724 
1725 	return (error);
1726 }
1727 
1728 /* MDEU */
1729 
1730 static int
1731 sec_mdeu_can_handle(u_int alg)
1732 {
1733 	switch (alg) {
1734 	case CRYPTO_MD5:
1735 	case CRYPTO_SHA1:
1736 	case CRYPTO_MD5_HMAC:
1737 	case CRYPTO_SHA1_HMAC:
1738 	case CRYPTO_SHA2_256_HMAC:
1739 	case CRYPTO_SHA2_384_HMAC:
1740 	case CRYPTO_SHA2_512_HMAC:
1741 		return (1);
1742 	default:
1743 		return (0);
1744 	}
1745 }
1746 
1747 static int
1748 sec_mdeu_config(struct cryptodesc *crd, u_int *eu, u_int *mode, u_int *hashlen)
1749 {
1750 
1751 	*mode = SEC_MDEU_MODE_PD | SEC_MDEU_MODE_INIT;
1752 	*eu = SEC_EU_NONE;
1753 
1754 	switch (crd->crd_alg) {
1755 	case CRYPTO_MD5_HMAC:
1756 		*mode |= SEC_MDEU_MODE_HMAC;
1757 		/* FALLTHROUGH */
1758 	case CRYPTO_MD5:
1759 		*eu = SEC_EU_MDEU_A;
1760 		*mode |= SEC_MDEU_MODE_MD5;
1761 		*hashlen = MD5_HASH_LEN;
1762 		break;
1763 	case CRYPTO_SHA1_HMAC:
1764 		*mode |= SEC_MDEU_MODE_HMAC;
1765 		/* FALLTHROUGH */
1766 	case CRYPTO_SHA1:
1767 		*eu = SEC_EU_MDEU_A;
1768 		*mode |= SEC_MDEU_MODE_SHA1;
1769 		*hashlen = SHA1_HASH_LEN;
1770 		break;
1771 	case CRYPTO_SHA2_256_HMAC:
1772 		*mode |= SEC_MDEU_MODE_HMAC | SEC_MDEU_MODE_SHA256;
1773 		*eu = SEC_EU_MDEU_A;
1774 		break;
1775 	case CRYPTO_SHA2_384_HMAC:
1776 		*mode |= SEC_MDEU_MODE_HMAC | SEC_MDEU_MODE_SHA384;
1777 		*eu = SEC_EU_MDEU_B;
1778 		break;
1779 	case CRYPTO_SHA2_512_HMAC:
1780 		*mode |= SEC_MDEU_MODE_HMAC | SEC_MDEU_MODE_SHA512;
1781 		*eu = SEC_EU_MDEU_B;
1782 		break;
1783 	default:
1784 		return (EINVAL);
1785 	}
1786 
1787 	if (*mode & SEC_MDEU_MODE_HMAC)
1788 		*hashlen = SEC_HMAC_HASH_LEN;
1789 
1790 	return (0);
1791 }
1792 
1793 static int
1794 sec_mdeu_newsession(struct sec_softc *sc, struct sec_session *ses,
1795     struct cryptoini *enc, struct cryptoini *mac)
1796 {
1797 
1798 	if (mac && sec_mdeu_can_handle(mac->cri_alg))
1799 		return (0);
1800 
1801 	return (-1);
1802 }
1803 
1804 static int
1805 sec_mdeu_make_desc(struct sec_softc *sc, struct sec_session *ses,
1806     struct sec_desc *desc, struct cryptop *crp, int buftype)
1807 {
1808 	struct cryptodesc *enc, *mac;
1809 	struct sec_hw_desc *hd = desc->sd_desc;
1810 	u_int eu, mode, hashlen;
1811 	int error;
1812 
1813 	error = sec_split_crp(crp, &enc, &mac);
1814 	if (error)
1815 		return (error);
1816 
1817 	if (enc)
1818 		return (EINVAL);
1819 
1820 	error = sec_mdeu_config(mac, &eu, &mode, &hashlen);
1821 	if (error)
1822 		return (error);
1823 
1824 	hd->shd_desc_type = SEC_DT_COMMON_NONSNOOP;
1825 	hd->shd_eu_sel0 = eu;
1826 	hd->shd_mode0 = mode;
1827 	hd->shd_eu_sel1 = SEC_EU_NONE;
1828 	hd->shd_mode1 = 0;
1829 
1830 	/* Pointer 0: NULL */
1831 	error = sec_make_pointer_direct(sc, desc, 0, 0, 0);
1832 	if (error)
1833 		return (error);
1834 
1835 	/* Pointer 1: Context In (Not used: NULL) */
1836 	error = sec_make_pointer_direct(sc, desc, 1, 0, 0);
1837 	if (error)
1838 		return (error);
1839 
1840 	/* Pointer 2: HMAC Key (or NULL, depending on digest type) */
1841 	if (hd->shd_mode0 & SEC_MDEU_MODE_HMAC)
1842 		error = sec_make_pointer_direct(sc, desc, 2,
1843 		    desc->sd_desc_paddr + offsetof(struct sec_hw_desc,
1844 		    shd_mkey), ses->ss_mklen);
1845 	else
1846 		error = sec_make_pointer_direct(sc, desc, 2, 0, 0);
1847 
1848 	if (error)
1849 		return (error);
1850 
1851 	/* Pointer 3: Input Data */
1852 	error = sec_make_pointer(sc, desc, 3, crp->crp_buf, mac->crd_skip,
1853 	    mac->crd_len, buftype);
1854 	if (error)
1855 		return (error);
1856 
1857 	/* Pointer 4: NULL */
1858 	error = sec_make_pointer_direct(sc, desc, 4, 0, 0);
1859 	if (error)
1860 		return (error);
1861 
1862 	/* Pointer 5: Hash out */
1863 	error = sec_make_pointer(sc, desc, 5, crp->crp_buf,
1864 	    mac->crd_inject, hashlen, buftype);
1865 	if (error)
1866 		return (error);
1867 
1868 	/* Pointer 6: NULL */
1869 	error = sec_make_pointer_direct(sc, desc, 6, 0, 0);
1870 
1871 	return (0);
1872 }
1873