xref: /illumos-gate/usr/src/uts/common/crypto/io/dca.c (revision 66582b606a8194f7f3ba5b3a3a6dca5b0d346361)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 
28 /*
29  * Deimos - cryptographic acceleration based upon Broadcom 582x.
30  */
31 
32 #include <sys/types.h>
33 #include <sys/modctl.h>
34 #include <sys/conf.h>
35 #include <sys/devops.h>
36 #include <sys/ddi.h>
37 #include <sys/sunddi.h>
38 #include <sys/cmn_err.h>
39 #include <sys/varargs.h>
40 #include <sys/file.h>
41 #include <sys/stat.h>
42 #include <sys/kmem.h>
43 #include <sys/ioccom.h>
44 #include <sys/open.h>
45 #include <sys/cred.h>
46 #include <sys/kstat.h>
47 #include <sys/strsun.h>
48 #include <sys/note.h>
49 #include <sys/crypto/common.h>
50 #include <sys/crypto/spi.h>
51 #include <sys/ddifm.h>
52 #include <sys/fm/protocol.h>
53 #include <sys/fm/util.h>
54 #include <sys/fm/io/ddi.h>
55 #include <sys/crypto/dca.h>
56 
57 /*
58  * Core Deimos driver.
59  */
60 
61 static void		dca_enlist2(dca_listnode_t *, dca_listnode_t *,
62     kmutex_t *);
63 static void		dca_rmlist2(dca_listnode_t *node, kmutex_t *);
64 static dca_listnode_t	*dca_delist2(dca_listnode_t *q, kmutex_t *);
65 static void		dca_free_context_list(dca_t *dca);
66 static int		dca_free_context_low(crypto_ctx_t *ctx);
67 static int		dca_attach(dev_info_t *, ddi_attach_cmd_t);
68 static int		dca_detach(dev_info_t *, ddi_detach_cmd_t);
69 static int		dca_suspend(dca_t *);
70 static int		dca_resume(dca_t *);
71 static int		dca_init(dca_t *);
72 static int		dca_reset(dca_t *, int);
73 static int		dca_initworklist(dca_t *, dca_worklist_t *);
74 static void		dca_uninit(dca_t *);
75 static void		dca_initq(dca_listnode_t *);
76 static void		dca_enqueue(dca_listnode_t *, dca_listnode_t *);
77 static dca_listnode_t	*dca_dequeue(dca_listnode_t *);
78 static dca_listnode_t	*dca_unqueue(dca_listnode_t *);
79 static dca_request_t	*dca_newreq(dca_t *);
80 static dca_work_t	*dca_getwork(dca_t *, int);
81 static void		dca_freework(dca_work_t *);
82 static dca_work_t	*dca_newwork(dca_t *);
83 static void		dca_destroywork(dca_work_t *);
84 static void		dca_schedule(dca_t *, int);
85 static void		dca_reclaim(dca_t *, int);
86 static uint_t		dca_intr(char *);
87 static void		dca_failure(dca_t *, ddi_fault_location_t,
88 			    dca_fma_eclass_t index, uint64_t, int, char *, ...);
89 static void		dca_jobtimeout(void *);
90 static int		dca_drain(dca_t *);
91 static void		dca_undrain(dca_t *);
92 static void		dca_rejectjobs(dca_t *);
93 
94 #ifdef	SCHEDDELAY
95 static void		dca_schedtimeout(void *);
96 #endif
97 
98 /*
99  * We want these inlined for performance.
100  */
101 #ifndef	DEBUG
102 #pragma inline(dca_freereq, dca_getreq, dca_freework, dca_getwork)
103 #pragma inline(dca_enqueue, dca_dequeue, dca_rmqueue, dca_done)
104 #pragma inline(dca_reverse, dca_length)
105 #endif
106 
107 /*
108  * Device operations.
109  */
110 static struct dev_ops devops = {
111 	DEVO_REV,		/* devo_rev */
112 	0,			/* devo_refcnt */
113 	nodev,			/* devo_getinfo */
114 	nulldev,		/* devo_identify */
115 	nulldev,		/* devo_probe */
116 	dca_attach,		/* devo_attach */
117 	dca_detach,		/* devo_detach */
118 	nodev,			/* devo_reset */
119 	NULL,			/* devo_cb_ops */
120 	NULL,			/* devo_bus_ops */
121 	ddi_power,		/* devo_power */
122 	ddi_quiesce_not_supported,	/* devo_quiesce */
123 };
124 
125 #define	IDENT		"PCI Crypto Accelerator"
126 #define	IDENT_SYM	"Crypto Accel Sym 2.0"
127 #define	IDENT_ASYM	"Crypto Accel Asym 2.0"
128 
129 /* Space-padded, will be filled in dynamically during registration */
130 #define	IDENT3	"PCI Crypto Accelerator Mod 2.0"
131 
132 #define	VENDOR	"Sun Microsystems, Inc."
133 
134 #define	STALETIME	(30 * SECOND)
135 
136 #define	crypto_prov_notify	crypto_provider_notification
137 		/* A 28 char function name doesn't leave much line space */
138 
139 /*
140  * Module linkage.
141  */
142 static struct modldrv modldrv = {
143 	&mod_driverops,		/* drv_modops */
144 	IDENT,			/* drv_linkinfo */
145 	&devops,		/* drv_dev_ops */
146 };
147 
148 extern struct mod_ops mod_cryptoops;
149 
150 static struct modlcrypto modlcrypto = {
151 	&mod_cryptoops,
152 	IDENT3
153 };
154 
155 static struct modlinkage modlinkage = {
156 	MODREV_1,		/* ml_rev */
157 	&modldrv,		/* ml_linkage */
158 	&modlcrypto,
159 	NULL
160 };
161 
162 /*
163  * CSPI information (entry points, provider info, etc.)
164  */
165 
166 /* Mechanisms for the symmetric cipher provider */
167 static crypto_mech_info_t dca_mech_info_tab1[] = {
168 	/* DES-CBC */
169 	{SUN_CKM_DES_CBC, DES_CBC_MECH_INFO_TYPE,
170 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT |
171 	    CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_DECRYPT_ATOMIC,
172 	    DES_KEY_LEN, DES_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
173 	/* 3DES-CBC */
174 	{SUN_CKM_DES3_CBC, DES3_CBC_MECH_INFO_TYPE,
175 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT |
176 	    CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_DECRYPT_ATOMIC,
177 	    DES3_MIN_KEY_LEN, DES3_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES}
178 };
179 
180 /* Mechanisms for the asymmetric cipher provider */
181 static crypto_mech_info_t dca_mech_info_tab2[] = {
182 	/* DSA */
183 	{SUN_CKM_DSA, DSA_MECH_INFO_TYPE,
184 	    CRYPTO_FG_SIGN | CRYPTO_FG_VERIFY |
185 	    CRYPTO_FG_SIGN_ATOMIC | CRYPTO_FG_VERIFY_ATOMIC,
186 	    CRYPTO_BYTES2BITS(DSA_MIN_KEY_LEN),
187 	    CRYPTO_BYTES2BITS(DSA_MAX_KEY_LEN),
188 	    CRYPTO_KEYSIZE_UNIT_IN_BITS},
189 
190 	/* RSA */
191 	{SUN_CKM_RSA_X_509, RSA_X_509_MECH_INFO_TYPE,
192 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | CRYPTO_FG_SIGN |
193 	    CRYPTO_FG_SIGN_RECOVER | CRYPTO_FG_VERIFY |
194 	    CRYPTO_FG_VERIFY_RECOVER |
195 	    CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_DECRYPT_ATOMIC |
196 	    CRYPTO_FG_SIGN_ATOMIC | CRYPTO_FG_SIGN_RECOVER_ATOMIC |
197 	    CRYPTO_FG_VERIFY_ATOMIC | CRYPTO_FG_VERIFY_RECOVER_ATOMIC,
198 	    CRYPTO_BYTES2BITS(RSA_MIN_KEY_LEN),
199 	    CRYPTO_BYTES2BITS(RSA_MAX_KEY_LEN),
200 	    CRYPTO_KEYSIZE_UNIT_IN_BITS},
201 	{SUN_CKM_RSA_PKCS, RSA_PKCS_MECH_INFO_TYPE,
202 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | CRYPTO_FG_SIGN |
203 	    CRYPTO_FG_SIGN_RECOVER | CRYPTO_FG_VERIFY |
204 	    CRYPTO_FG_VERIFY_RECOVER |
205 	    CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_DECRYPT_ATOMIC |
206 	    CRYPTO_FG_SIGN_ATOMIC | CRYPTO_FG_SIGN_RECOVER_ATOMIC |
207 	    CRYPTO_FG_VERIFY_ATOMIC | CRYPTO_FG_VERIFY_RECOVER_ATOMIC,
208 	    CRYPTO_BYTES2BITS(RSA_MIN_KEY_LEN),
209 	    CRYPTO_BYTES2BITS(RSA_MAX_KEY_LEN),
210 	    CRYPTO_KEYSIZE_UNIT_IN_BITS}
211 };
212 
213 static void dca_provider_status(crypto_provider_handle_t, uint_t *);
214 
215 static crypto_control_ops_t dca_control_ops = {
216 	dca_provider_status
217 };
218 
219 static int dca_encrypt_init(crypto_ctx_t *, crypto_mechanism_t *,
220     crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
221 static int dca_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
222     crypto_req_handle_t);
223 static int dca_encrypt_update(crypto_ctx_t *, crypto_data_t *,
224     crypto_data_t *, crypto_req_handle_t);
225 static int dca_encrypt_final(crypto_ctx_t *, crypto_data_t *,
226     crypto_req_handle_t);
227 static int dca_encrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
228     crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
229     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
230 
231 static int dca_decrypt_init(crypto_ctx_t *, crypto_mechanism_t *,
232     crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
233 static int dca_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
234     crypto_req_handle_t);
235 static int dca_decrypt_update(crypto_ctx_t *, crypto_data_t *,
236     crypto_data_t *, crypto_req_handle_t);
237 static int dca_decrypt_final(crypto_ctx_t *, crypto_data_t *,
238     crypto_req_handle_t);
239 static int dca_decrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
240     crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
241     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
242 
243 static crypto_cipher_ops_t dca_cipher_ops = {
244 	dca_encrypt_init,
245 	dca_encrypt,
246 	dca_encrypt_update,
247 	dca_encrypt_final,
248 	dca_encrypt_atomic,
249 	dca_decrypt_init,
250 	dca_decrypt,
251 	dca_decrypt_update,
252 	dca_decrypt_final,
253 	dca_decrypt_atomic
254 };
255 
256 static int dca_sign_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
257     crypto_spi_ctx_template_t, crypto_req_handle_t);
258 static int dca_sign(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
259     crypto_req_handle_t);
260 static int dca_sign_update(crypto_ctx_t *, crypto_data_t *,
261     crypto_req_handle_t);
262 static int dca_sign_final(crypto_ctx_t *, crypto_data_t *,
263     crypto_req_handle_t);
264 static int dca_sign_atomic(crypto_provider_handle_t, crypto_session_id_t,
265     crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
266     crypto_spi_ctx_template_t, crypto_req_handle_t);
267 static int dca_sign_recover_init(crypto_ctx_t *, crypto_mechanism_t *,
268     crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
269 static int dca_sign_recover(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
270     crypto_req_handle_t);
271 static int dca_sign_recover_atomic(crypto_provider_handle_t,
272     crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
273     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
274 
275 static crypto_sign_ops_t dca_sign_ops = {
276 	dca_sign_init,
277 	dca_sign,
278 	dca_sign_update,
279 	dca_sign_final,
280 	dca_sign_atomic,
281 	dca_sign_recover_init,
282 	dca_sign_recover,
283 	dca_sign_recover_atomic
284 };
285 
286 static int dca_verify_init(crypto_ctx_t *, crypto_mechanism_t *,
287     crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
288 static int dca_verify(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
289     crypto_req_handle_t);
290 static int dca_verify_update(crypto_ctx_t *, crypto_data_t *,
291     crypto_req_handle_t);
292 static int dca_verify_final(crypto_ctx_t *, crypto_data_t *,
293     crypto_req_handle_t);
294 static int dca_verify_atomic(crypto_provider_handle_t, crypto_session_id_t,
295     crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
296     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
297 static int dca_verify_recover_init(crypto_ctx_t *, crypto_mechanism_t *,
298     crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
299 static int dca_verify_recover(crypto_ctx_t *, crypto_data_t *,
300     crypto_data_t *, crypto_req_handle_t);
301 static int dca_verify_recover_atomic(crypto_provider_handle_t,
302     crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
303     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
304 
305 static crypto_verify_ops_t dca_verify_ops = {
306 	dca_verify_init,
307 	dca_verify,
308 	dca_verify_update,
309 	dca_verify_final,
310 	dca_verify_atomic,
311 	dca_verify_recover_init,
312 	dca_verify_recover,
313 	dca_verify_recover_atomic
314 };
315 
316 static int dca_generate_random(crypto_provider_handle_t, crypto_session_id_t,
317     uchar_t *, size_t, crypto_req_handle_t);
318 
319 static crypto_random_number_ops_t dca_random_number_ops = {
320 	NULL,
321 	dca_generate_random
322 };
323 
324 static int ext_info_sym(crypto_provider_handle_t prov,
325     crypto_provider_ext_info_t *ext_info, crypto_req_handle_t cfreq);
326 static int ext_info_asym(crypto_provider_handle_t prov,
327     crypto_provider_ext_info_t *ext_info, crypto_req_handle_t cfreq);
328 static int ext_info_base(crypto_provider_handle_t prov,
329     crypto_provider_ext_info_t *ext_info, crypto_req_handle_t cfreq, char *id);
330 
331 static crypto_provider_management_ops_t dca_provmanage_ops_1 = {
332 	ext_info_sym,		/* ext_info */
333 	NULL,			/* init_token */
334 	NULL,			/* init_pin */
335 	NULL			/* set_pin */
336 };
337 
338 static crypto_provider_management_ops_t dca_provmanage_ops_2 = {
339 	ext_info_asym,		/* ext_info */
340 	NULL,			/* init_token */
341 	NULL,			/* init_pin */
342 	NULL			/* set_pin */
343 };
344 
345 int dca_free_context(crypto_ctx_t *);
346 
347 static crypto_ctx_ops_t dca_ctx_ops = {
348 	NULL,
349 	dca_free_context
350 };
351 
352 /* Operations for the symmetric cipher provider */
353 static crypto_ops_t dca_crypto_ops1 = {
354 	&dca_control_ops,
355 	NULL,				/* digest_ops */
356 	&dca_cipher_ops,
357 	NULL,				/* mac_ops */
358 	NULL,				/* sign_ops */
359 	NULL,				/* verify_ops */
360 	NULL,				/* dual_ops */
361 	NULL,				/* cipher_mac_ops */
362 	NULL,				/* random_number_ops */
363 	NULL,				/* session_ops */
364 	NULL,				/* object_ops */
365 	NULL,				/* key_ops */
366 	&dca_provmanage_ops_1,		/* management_ops */
367 	&dca_ctx_ops
368 };
369 
370 /* Operations for the asymmetric cipher provider */
371 static crypto_ops_t dca_crypto_ops2 = {
372 	&dca_control_ops,
373 	NULL,				/* digest_ops */
374 	&dca_cipher_ops,
375 	NULL,				/* mac_ops */
376 	&dca_sign_ops,
377 	&dca_verify_ops,
378 	NULL,				/* dual_ops */
379 	NULL,				/* cipher_mac_ops */
380 	&dca_random_number_ops,
381 	NULL,				/* session_ops */
382 	NULL,				/* object_ops */
383 	NULL,				/* key_ops */
384 	&dca_provmanage_ops_2,		/* management_ops */
385 	&dca_ctx_ops
386 };
387 
388 /* Provider information for the symmetric cipher provider */
389 static crypto_provider_info_t dca_prov_info1 = {
390 	CRYPTO_SPI_VERSION_1,
391 	NULL,				/* pi_provider_description */
392 	CRYPTO_HW_PROVIDER,
393 	NULL,				/* pi_provider_dev */
394 	NULL,				/* pi_provider_handle */
395 	&dca_crypto_ops1,
396 	sizeof (dca_mech_info_tab1)/sizeof (crypto_mech_info_t),
397 	dca_mech_info_tab1,
398 	0,				/* pi_logical_provider_count */
399 	NULL				/* pi_logical_providers */
400 };
401 
402 /* Provider information for the asymmetric cipher provider */
403 static crypto_provider_info_t dca_prov_info2 = {
404 	CRYPTO_SPI_VERSION_1,
405 	NULL,				/* pi_provider_description */
406 	CRYPTO_HW_PROVIDER,
407 	NULL,				/* pi_provider_dev */
408 	NULL,				/* pi_provider_handle */
409 	&dca_crypto_ops2,
410 	sizeof (dca_mech_info_tab2)/sizeof (crypto_mech_info_t),
411 	dca_mech_info_tab2,
412 	0,				/* pi_logical_provider_count */
413 	NULL				/* pi_logical_providers */
414 };
415 
416 /* Convenience macros */
417 #define	DCA_SOFTC_FROM_CTX(ctx)	((dca_t *)(ctx)->cc_provider)
418 #define	DCA_MECH_FROM_CTX(ctx) \
419 	(((dca_request_t *)(ctx)->cc_provider_private)->dr_ctx.ctx_cm_type)
420 
421 static int dca_bindchains_one(dca_request_t *reqp, size_t cnt, int dr_offset,
422     caddr_t kaddr, ddi_dma_handle_t handle, uint_t flags,
423     dca_chain_t *head, int *n_chain);
424 static uint64_t dca_ena(uint64_t ena);
425 static caddr_t dca_bufdaddr_out(crypto_data_t *data);
426 static char *dca_fma_eclass_string(char *model, dca_fma_eclass_t index);
427 static int dca_check_acc_handle(dca_t *dca, ddi_acc_handle_t handle,
428     dca_fma_eclass_t eclass_index);
429 
430 static void dca_fma_init(dca_t *dca);
431 static void dca_fma_fini(dca_t *dca);
432 static int dca_fm_error_cb(dev_info_t *dip, ddi_fm_error_t *err,
433     const void *impl_data);
434 
435 
436 static dca_device_t dca_devices[] = {
437 	/* Broadcom vanilla variants */
438 	{	0x14e4, 0x5820, "Broadcom 5820" },
439 	{	0x14e4, 0x5821, "Broadcom 5821" },
440 	{	0x14e4, 0x5822, "Broadcom 5822" },
441 	{	0x14e4, 0x5825, "Broadcom 5825" },
442 	/* Sun specific OEMd variants */
443 	{	0x108e, 0x5454, "SCA" },
444 	{	0x108e, 0x5455, "SCA 1000" },
445 	{	0x108e, 0x5457, "SCA 500" },
446 	/* subsysid should be 0x5457, but got 0x1 from HW. Assume both here. */
447 	{	0x108e, 0x1, "SCA 500" },
448 };
449 
450 /*
451  * Device attributes.
452  */
453 static struct ddi_device_acc_attr dca_regsattr = {
454 	DDI_DEVICE_ATTR_V1,
455 	DDI_STRUCTURE_LE_ACC,
456 	DDI_STRICTORDER_ACC,
457 	DDI_FLAGERR_ACC
458 };
459 
460 static struct ddi_device_acc_attr dca_devattr = {
461 	DDI_DEVICE_ATTR_V0,
462 	DDI_STRUCTURE_LE_ACC,
463 	DDI_STRICTORDER_ACC
464 };
465 
466 #if !defined(i386) && !defined(__i386)
467 static struct ddi_device_acc_attr dca_bufattr = {
468 	DDI_DEVICE_ATTR_V0,
469 	DDI_NEVERSWAP_ACC,
470 	DDI_STRICTORDER_ACC
471 };
472 #endif
473 
474 static struct ddi_dma_attr dca_dmaattr = {
475 	DMA_ATTR_V0,		/* dma_attr_version */
476 	0x0,			/* dma_attr_addr_lo */
477 	0xffffffffUL,		/* dma_attr_addr_hi */
478 	0x00ffffffUL,		/* dma_attr_count_max */
479 	0x40,			/* dma_attr_align */
480 	0x40,			/* dma_attr_burstsizes */
481 	0x1,			/* dma_attr_minxfer */
482 	0x00ffffffUL,		/* dma_attr_maxxfer */
483 	0xffffffffUL,		/* dma_attr_seg */
484 #if defined(i386) || defined(__i386) || defined(__amd64)
485 	512,			/* dma_attr_sgllen */
486 #else
487 	1,			/* dma_attr_sgllen */
488 #endif
489 	1,			/* dma_attr_granular */
490 	DDI_DMA_FLAGERR		/* dma_attr_flags */
491 };
492 
493 static void	*dca_state = NULL;
494 int	dca_mindma = 2500;
495 
496 /*
497  * FMA eclass string definitions. Note that these string arrays must be
498  * consistent with the dca_fma_eclass_t enum.
499  */
500 static char *dca_fma_eclass_sca1000[] = {
501 	"sca1000.hw.device",
502 	"sca1000.hw.timeout",
503 	"sca1000.none"
504 };
505 
506 static char *dca_fma_eclass_sca500[] = {
507 	"sca500.hw.device",
508 	"sca500.hw.timeout",
509 	"sca500.none"
510 };
511 
512 /*
513  * DDI entry points.
514  */
515 int
516 _init(void)
517 {
518 	int rv;
519 
520 	DBG(NULL, DMOD, "dca: in _init");
521 
522 	if ((rv = ddi_soft_state_init(&dca_state, sizeof (dca_t), 1)) != 0) {
523 		/* this should *never* happen! */
524 		return (rv);
525 	}
526 
527 	if ((rv = mod_install(&modlinkage)) != 0) {
528 		/* cleanup here */
529 		ddi_soft_state_fini(&dca_state);
530 		return (rv);
531 	}
532 
533 	return (0);
534 }
535 
536 int
537 _fini(void)
538 {
539 	int rv;
540 
541 	DBG(NULL, DMOD, "dca: in _fini");
542 
543 	if ((rv = mod_remove(&modlinkage)) == 0) {
544 		/* cleanup here */
545 		ddi_soft_state_fini(&dca_state);
546 	}
547 	return (rv);
548 }
549 
550 int
551 _info(struct modinfo *modinfop)
552 {
553 	DBG(NULL, DMOD, "dca: in _info");
554 
555 	return (mod_info(&modlinkage, modinfop));
556 }
557 
558 int
559 dca_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
560 {
561 	ddi_acc_handle_t	pci;
562 	int			instance;
563 	ddi_iblock_cookie_t	ibc;
564 	int			intr_added = 0;
565 	dca_t			*dca;
566 	ushort_t		venid;
567 	ushort_t		devid;
568 	ushort_t		revid;
569 	ushort_t		subsysid;
570 	ushort_t		subvenid;
571 	int			i;
572 	int			ret;
573 	char			ID[64];
574 	static char		*unknowndev = "Unknown device";
575 
576 #if DEBUG
577 	/* these are only used for debugging */
578 	ushort_t		pcicomm;
579 	ushort_t		pcistat;
580 	uchar_t			cachelinesz;
581 	uchar_t			mingnt;
582 	uchar_t			maxlat;
583 	uchar_t			lattmr;
584 #endif
585 
586 	instance = ddi_get_instance(dip);
587 
588 	DBG(NULL, DMOD, "dca: in dca_attach() for %d", instance);
589 
590 	switch (cmd) {
591 	case DDI_RESUME:
592 		if ((dca = (dca_t *)ddi_get_driver_private(dip)) == NULL) {
593 			dca_diperror(dip, "no soft state in detach");
594 			return (DDI_FAILURE);
595 		}
596 		/* assumption: we won't be DDI_DETACHed until we return */
597 		return (dca_resume(dca));
598 	case DDI_ATTACH:
599 		break;
600 	default:
601 		return (DDI_FAILURE);
602 	}
603 
604 	if (ddi_slaveonly(dip) == DDI_SUCCESS) {
605 		dca_diperror(dip, "slot does not support PCI bus-master");
606 		return (DDI_FAILURE);
607 	}
608 
609 	if (ddi_intr_hilevel(dip, 0) != 0) {
610 		dca_diperror(dip, "hilevel interrupts not supported");
611 		return (DDI_FAILURE);
612 	}
613 
614 	if (pci_config_setup(dip, &pci) != DDI_SUCCESS) {
615 		dca_diperror(dip, "unable to setup PCI config handle");
616 		return (DDI_FAILURE);
617 	}
618 
619 	/* common PCI attributes */
620 	venid = pci_config_get16(pci, PCI_VENID);
621 	devid = pci_config_get16(pci, PCI_DEVID);
622 	revid = pci_config_get8(pci, PCI_REVID);
623 	subvenid = pci_config_get16(pci, PCI_SUBVENID);
624 	subsysid = pci_config_get16(pci, PCI_SUBSYSID);
625 
626 	/*
627 	 * Broadcom-specific timings.
628 	 * We disable these timers/counters since they can cause
629 	 * incorrect false failures when the bus is just a little
630 	 * bit slow, or busy.
631 	 */
632 	pci_config_put8(pci, PCI_TRDYTO, 0);
633 	pci_config_put8(pci, PCI_RETRIES, 0);
634 
635 	/* initialize PCI access settings */
636 	pci_config_put16(pci, PCI_COMM, PCICOMM_SEE |
637 	    PCICOMM_PEE | PCICOMM_BME | PCICOMM_MAE);
638 
639 	/* set up our PCI latency timer */
640 	pci_config_put8(pci, PCI_LATTMR, 0x40);
641 
642 #if DEBUG
643 	/* read registers (for debugging) */
644 	pcicomm = pci_config_get16(pci, PCI_COMM);
645 	pcistat = pci_config_get16(pci, PCI_STATUS);
646 	cachelinesz = pci_config_get8(pci, PCI_CACHELINESZ);
647 	mingnt = pci_config_get8(pci, PCI_MINGNT);
648 	maxlat = pci_config_get8(pci, PCI_MAXLAT);
649 	lattmr = pci_config_get8(pci, PCI_LATTMR);
650 #endif
651 
652 	pci_config_teardown(&pci);
653 
654 	if (ddi_get_iblock_cookie(dip, 0, &ibc) != DDI_SUCCESS) {
655 		dca_diperror(dip, "unable to get iblock cookie");
656 		return (DDI_FAILURE);
657 	}
658 
659 	if (ddi_soft_state_zalloc(dca_state, instance) != DDI_SUCCESS) {
660 		dca_diperror(dip, "unable to allocate soft state");
661 		return (DDI_FAILURE);
662 	}
663 
664 	dca = ddi_get_soft_state(dca_state, instance);
665 	ASSERT(dca != NULL);
666 	dca->dca_dip = dip;
667 	WORKLIST(dca, MCR1)->dwl_prov = 0;
668 	WORKLIST(dca, MCR2)->dwl_prov = 0;
669 	/* figure pagesize */
670 	dca->dca_pagesize = ddi_ptob(dip, 1);
671 
672 	/*
673 	 * Search for the device in our supported devices table.  This
674 	 * is here for two reasons.  First, we want to ensure that
675 	 * only Sun-qualified (and presumably Sun-labeled) devices can
676 	 * be used with this driver.  Second, some devices have
677 	 * specific differences.  E.g. the 5821 has support for a
678 	 * special mode of RC4, deeper queues, power management, and
679 	 * other changes.  Also, the export versions of some of these
680 	 * chips don't support RC4 or 3DES, so we catch that here.
681 	 *
682 	 * Note that we only look at the upper nibble of the device
683 	 * id, which is used to distinguish export vs. domestic
684 	 * versions of the chip.  (The lower nibble is used for
685 	 * stepping information.)
686 	 */
687 	for (i = 0; i < (sizeof (dca_devices) / sizeof (dca_device_t)); i++) {
688 		/*
689 		 * Try to match the subsystem information first.
690 		 */
691 		if (subvenid && (subvenid == dca_devices[i].dd_vendor_id) &&
692 		    subsysid && (subsysid == dca_devices[i].dd_device_id)) {
693 			dca->dca_model = dca_devices[i].dd_model;
694 			dca->dca_devid = dca_devices[i].dd_device_id;
695 			break;
696 		}
697 		/*
698 		 * Failing that, try the generic vendor and device id.
699 		 * Even if we find a match, we keep searching anyway,
700 		 * since we would prefer to find a match based on the
701 		 * subsystem ids.
702 		 */
703 		if ((venid == dca_devices[i].dd_vendor_id) &&
704 		    (devid == dca_devices[i].dd_device_id)) {
705 			dca->dca_model = dca_devices[i].dd_model;
706 			dca->dca_devid = dca_devices[i].dd_device_id;
707 		}
708 	}
709 	/* try and handle an unrecognized device */
710 	if (dca->dca_model == NULL) {
711 		dca->dca_model = unknowndev;
712 		dca_error(dca, "device not recognized, not supported");
713 		DBG(dca, DPCI, "i=%d venid=%x devid=%x rev=%d",
714 		    i, venid, devid, revid);
715 	}
716 
717 	if (ddi_prop_update_string(DDI_DEV_T_NONE, dip, "description",
718 	    dca->dca_model) != DDI_SUCCESS) {
719 		dca_error(dca, "unable to create description property");
720 		return (DDI_FAILURE);
721 	}
722 
723 	DBG(dca, DPCI, "PCI command=0x%x status=%x cachelinesz=%x",
724 	    pcicomm, pcistat, cachelinesz);
725 	DBG(dca, DPCI, "mingnt=0x%x maxlat=0x%x lattmr=0x%x",
726 	    mingnt, maxlat, lattmr);
727 
728 	/*
729 	 * initialize locks, etc.
730 	 */
731 	(void) mutex_init(&dca->dca_intrlock, NULL, MUTEX_DRIVER, ibc);
732 
733 	/* use RNGSHA1 by default */
734 	if (ddi_getprop(DDI_DEV_T_ANY, dip,
735 	    DDI_PROP_CANSLEEP | DDI_PROP_DONTPASS, "rngdirect", 0) == 0) {
736 		dca->dca_flags |= DCA_RNGSHA1;
737 	}
738 
739 	/* initialize FMA */
740 	dca_fma_init(dca);
741 
742 	/* initialize some key data structures */
743 	if (dca_init(dca) != DDI_SUCCESS) {
744 		goto failed;
745 	}
746 
747 	/* initialize kstats */
748 	dca_ksinit(dca);
749 
750 	/* setup access to registers */
751 	if (ddi_regs_map_setup(dip, 1, (caddr_t *)&dca->dca_regs,
752 	    0, 0, &dca_regsattr, &dca->dca_regs_handle) != DDI_SUCCESS) {
753 		dca_error(dca, "unable to map registers");
754 		goto failed;
755 	}
756 
757 	DBG(dca, DCHATTY, "MCR1 = %x", GETCSR(dca, CSR_MCR1));
758 	DBG(dca, DCHATTY, "CONTROL = %x", GETCSR(dca, CSR_DMACTL));
759 	DBG(dca, DCHATTY, "STATUS = %x", GETCSR(dca, CSR_DMASTAT));
760 	DBG(dca, DCHATTY, "DMAEA = %x", GETCSR(dca, CSR_DMAEA));
761 	DBG(dca, DCHATTY, "MCR2 = %x", GETCSR(dca, CSR_MCR2));
762 
763 	/* reset the chip */
764 	if (dca_reset(dca, 0) < 0) {
765 		goto failed;
766 	}
767 
768 	/* initialize the chip */
769 	PUTCSR(dca, CSR_DMACTL, DMACTL_BE32 | DMACTL_BE64);
770 	if (dca_check_acc_handle(dca, dca->dca_regs_handle,
771 	    DCA_FM_ECLASS_NONE) != DDI_SUCCESS) {
772 		goto failed;
773 	}
774 
775 	/* add the interrupt */
776 	if (ddi_add_intr(dip, 0, &dca->dca_icookie, NULL, dca_intr,
777 	    (void *)dca) != DDI_SUCCESS) {
778 		DBG(dca, DWARN, "ddi_add_intr failed");
779 		goto failed;
780 	} else {
781 		intr_added = 1;
782 	}
783 
784 	/* enable interrupts on the device */
785 	/*
786 	 * XXX: Note, 5820A1 errata indicates that this may clobber
787 	 * bits 24 and 23, which affect the speed of the RNG.  Since
788 	 * we always want to run in full-speed mode, this should be
789 	 * harmless.
790 	 */
791 	if (dca->dca_devid == 0x5825) {
792 		/* for 5825 - increase the DMA read size */
793 		SETBIT(dca, CSR_DMACTL,
794 		    DMACTL_MCR1IE | DMACTL_MCR2IE | DMACTL_EIE | DMACTL_RD256);
795 	} else {
796 		SETBIT(dca, CSR_DMACTL,
797 		    DMACTL_MCR1IE | DMACTL_MCR2IE | DMACTL_EIE);
798 	}
799 	if (dca_check_acc_handle(dca, dca->dca_regs_handle,
800 	    DCA_FM_ECLASS_NONE) != DDI_SUCCESS) {
801 		goto failed;
802 	}
803 
804 	/* register MCR1 with the crypto framework */
805 	/* Be careful not to exceed 32 chars */
806 	(void) sprintf(ID, "%s/%d %s",
807 	    ddi_driver_name(dip), ddi_get_instance(dip), IDENT_SYM);
808 	dca_prov_info1.pi_provider_description = ID;
809 	dca_prov_info1.pi_provider_dev.pd_hw = dip;
810 	dca_prov_info1.pi_provider_handle = dca;
811 	if ((ret = crypto_register_provider(&dca_prov_info1,
812 	    &WORKLIST(dca, MCR1)->dwl_prov)) != CRYPTO_SUCCESS) {
813 		cmn_err(CE_WARN,
814 		    "crypto_register_provider() failed (%d) for MCR1", ret);
815 		goto failed;
816 	}
817 
818 	/* register MCR2 with the crypto framework */
819 	/* Be careful not to exceed 32 chars */
820 	(void) sprintf(ID, "%s/%d %s",
821 	    ddi_driver_name(dip), ddi_get_instance(dip), IDENT_ASYM);
822 	dca_prov_info2.pi_provider_description = ID;
823 	dca_prov_info2.pi_provider_dev.pd_hw = dip;
824 	dca_prov_info2.pi_provider_handle = dca;
825 	if ((ret = crypto_register_provider(&dca_prov_info2,
826 	    &WORKLIST(dca, MCR2)->dwl_prov)) != CRYPTO_SUCCESS) {
827 		cmn_err(CE_WARN,
828 		    "crypto_register_provider() failed (%d) for MCR2", ret);
829 		goto failed;
830 	}
831 
832 	crypto_prov_notify(WORKLIST(dca, MCR1)->dwl_prov,
833 	    CRYPTO_PROVIDER_READY);
834 	crypto_prov_notify(WORKLIST(dca, MCR2)->dwl_prov,
835 	    CRYPTO_PROVIDER_READY);
836 
837 	/* Initialize the local random number pool for this instance */
838 	if ((ret = dca_random_init(dca)) != CRYPTO_SUCCESS) {
839 		goto failed;
840 	}
841 
842 	mutex_enter(&dca->dca_intrlock);
843 	dca->dca_jobtid = timeout(dca_jobtimeout, (void *)dca,
844 	    drv_usectohz(SECOND));
845 	mutex_exit(&dca->dca_intrlock);
846 
847 	ddi_set_driver_private(dip, (caddr_t)dca);
848 
849 	ddi_report_dev(dip);
850 
851 	if (ddi_get_devstate(dca->dca_dip) != DDI_DEVSTATE_UP) {
852 		ddi_fm_service_impact(dca->dca_dip, DDI_SERVICE_RESTORED);
853 	}
854 
855 	return (DDI_SUCCESS);
856 
857 failed:
858 	/* unregister from the crypto framework */
859 	if (WORKLIST(dca, MCR1)->dwl_prov != 0) {
860 		(void) crypto_unregister_provider(
861 		    WORKLIST(dca, MCR1)->dwl_prov);
862 	}
863 	if (WORKLIST(dca, MCR2)->dwl_prov != 0) {
864 		(void) crypto_unregister_provider(
865 		    WORKLIST(dca, MCR2)->dwl_prov);
866 	}
867 	if (intr_added) {
868 		CLRBIT(dca, CSR_DMACTL,
869 		    DMACTL_MCR1IE | DMACTL_MCR2IE | DMACTL_EIE);
870 		/* unregister intr handler */
871 		ddi_remove_intr(dip, 0, dca->dca_icookie);
872 	}
873 	if (dca->dca_regs_handle) {
874 		ddi_regs_map_free(&dca->dca_regs_handle);
875 	}
876 	if (dca->dca_intrstats) {
877 		kstat_delete(dca->dca_intrstats);
878 	}
879 	if (dca->dca_ksp) {
880 		kstat_delete(dca->dca_ksp);
881 	}
882 	dca_uninit(dca);
883 
884 	/* finalize FMA */
885 	dca_fma_fini(dca);
886 
887 	mutex_destroy(&dca->dca_intrlock);
888 	ddi_soft_state_free(dca_state, instance);
889 	return (DDI_FAILURE);
890 
891 }
892 
893 int
894 dca_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
895 {
896 	int		instance;
897 	dca_t		*dca;
898 	timeout_id_t	tid;
899 
900 	instance = ddi_get_instance(dip);
901 
902 	DBG(NULL, DMOD, "dca: in dca_detach() for %d", instance);
903 
904 	switch (cmd) {
905 	case DDI_SUSPEND:
906 		if ((dca = (dca_t *)ddi_get_driver_private(dip)) == NULL) {
907 			dca_diperror(dip, "no soft state in detach");
908 			return (DDI_FAILURE);
909 		}
910 		/* assumption: we won't be DDI_DETACHed until we return */
911 		return (dca_suspend(dca));
912 
913 	case DDI_DETACH:
914 		break;
915 	default:
916 		return (DDI_FAILURE);
917 	}
918 
919 	if ((dca = (dca_t *)ddi_get_driver_private(dip)) == NULL) {
920 		dca_diperror(dip, "no soft state in detach");
921 		return (DDI_FAILURE);
922 	}
923 
924 	/*
925 	 * Unregister from kCF.
926 	 * This needs to be done at the beginning of detach.
927 	 */
928 	if (WORKLIST(dca, MCR1)->dwl_prov != 0) {
929 		if (crypto_unregister_provider(
930 		    WORKLIST(dca, MCR1)->dwl_prov) != CRYPTO_SUCCESS) {
931 			dca_error(dca, "unable to unregister MCR1 from kcf");
932 			return (DDI_FAILURE);
933 		}
934 	}
935 
936 	if (WORKLIST(dca, MCR2)->dwl_prov != 0) {
937 		if (crypto_unregister_provider(
938 		    WORKLIST(dca, MCR2)->dwl_prov) != CRYPTO_SUCCESS) {
939 			dca_error(dca, "unable to unregister MCR2 from kcf");
940 			return (DDI_FAILURE);
941 		}
942 	}
943 
944 	/*
945 	 * Cleanup the private context list. Once the
946 	 * crypto_unregister_provider returns, it is safe to do so.
947 	 */
948 	dca_free_context_list(dca);
949 
950 	/* Cleanup the local random number pool */
951 	dca_random_fini(dca);
952 
953 	/* send any jobs in the waitq back to kCF */
954 	dca_rejectjobs(dca);
955 
956 	/* untimeout the timeouts */
957 	mutex_enter(&dca->dca_intrlock);
958 	tid = dca->dca_jobtid;
959 	dca->dca_jobtid = 0;
960 	mutex_exit(&dca->dca_intrlock);
961 	if (tid) {
962 		(void) untimeout(tid);
963 	}
964 
965 	/* disable device interrupts */
966 	CLRBIT(dca, CSR_DMACTL, DMACTL_MCR1IE | DMACTL_MCR2IE | DMACTL_EIE);
967 
968 	/* unregister interrupt handlers */
969 	ddi_remove_intr(dip, 0, dca->dca_icookie);
970 
971 	/* release our regs handle */
972 	ddi_regs_map_free(&dca->dca_regs_handle);
973 
974 	/* toss out kstats */
975 	if (dca->dca_intrstats) {
976 		kstat_delete(dca->dca_intrstats);
977 	}
978 	if (dca->dca_ksp) {
979 		kstat_delete(dca->dca_ksp);
980 	}
981 
982 	mutex_destroy(&dca->dca_intrlock);
983 	dca_uninit(dca);
984 
985 	/* finalize FMA */
986 	dca_fma_fini(dca);
987 
988 	ddi_soft_state_free(dca_state, instance);
989 
990 	return (DDI_SUCCESS);
991 }
992 
993 int
994 dca_resume(dca_t *dca)
995 {
996 	ddi_acc_handle_t	pci;
997 
998 	if (pci_config_setup(dca->dca_dip, &pci) != DDI_SUCCESS) {
999 		dca_error(dca, "unable to setup PCI config handle");
1000 		return (DDI_FAILURE);
1001 	}
1002 
1003 	/*
1004 	 * Reprogram registers in PCI configuration space.
1005 	 */
1006 
1007 	/* Broadcom-specific timers -- we disable them. */
1008 	pci_config_put8(pci, PCI_TRDYTO, 0);
1009 	pci_config_put8(pci, PCI_RETRIES, 0);
1010 
1011 	/* initialize PCI access settings */
1012 	pci_config_put16(pci, PCI_COMM, PCICOMM_SEE |
1013 	    PCICOMM_PEE | PCICOMM_BME | PCICOMM_MAE);
1014 
1015 	/* set up our PCI latency timer */
1016 	pci_config_put8(pci, PCI_LATTMR, 0x40);
1017 
1018 	pci_config_teardown(&pci);
1019 
1020 	if (dca_reset(dca, 0) < 0) {
1021 		dca_error(dca, "unable to reset device during resume");
1022 		return (DDI_FAILURE);
1023 	}
1024 
1025 	/*
1026 	 * Now restore the card-specific CSRs.
1027 	 */
1028 
1029 	/* restore endianness settings */
1030 	PUTCSR(dca, CSR_DMACTL, DMACTL_BE32 | DMACTL_BE64);
1031 	if (dca_check_acc_handle(dca, dca->dca_regs_handle,
1032 	    DCA_FM_ECLASS_NONE) != DDI_SUCCESS)
1033 		return (DDI_FAILURE);
1034 
1035 	/* restore interrupt enables */
1036 	if (dca->dca_devid == 0x5825) {
1037 		/* for 5825 set 256 byte read size to improve performance */
1038 		SETBIT(dca, CSR_DMACTL,
1039 		    DMACTL_MCR1IE | DMACTL_MCR2IE | DMACTL_EIE | DMACTL_RD256);
1040 	} else {
1041 		SETBIT(dca, CSR_DMACTL,
1042 		    DMACTL_MCR1IE | DMACTL_MCR2IE | DMACTL_EIE);
1043 	}
1044 	if (dca_check_acc_handle(dca, dca->dca_regs_handle,
1045 	    DCA_FM_ECLASS_NONE) != DDI_SUCCESS)
1046 		return (DDI_FAILURE);
1047 
1048 	/* resume scheduling jobs on the device */
1049 	dca_undrain(dca);
1050 
1051 	return (DDI_SUCCESS);
1052 }
1053 
1054 int
1055 dca_suspend(dca_t *dca)
1056 {
1057 	if ((dca_drain(dca)) != 0) {
1058 		return (DDI_FAILURE);
1059 	}
1060 	if (dca_reset(dca, 0) < 0) {
1061 		dca_error(dca, "unable to reset device during suspend");
1062 		return (DDI_FAILURE);
1063 	}
1064 	return (DDI_SUCCESS);
1065 }
1066 
1067 /*
1068  * Hardware access stuff.
1069  */
1070 int
1071 dca_reset(dca_t *dca, int failreset)
1072 {
1073 	int i;
1074 
1075 	if (dca->dca_regs_handle == NULL) {
1076 		return (-1);
1077 	}
1078 
1079 	PUTCSR(dca, CSR_DMACTL, DMACTL_RESET);
1080 	if (!failreset) {
1081 		if (dca_check_acc_handle(dca, dca->dca_regs_handle,
1082 		    DCA_FM_ECLASS_NONE) != DDI_SUCCESS)
1083 			return (-1);
1084 	}
1085 
1086 	/* now wait for a reset */
1087 	for (i = 1; i < 100; i++) {
1088 		uint32_t	dmactl;
1089 		drv_usecwait(100);
1090 		dmactl = GETCSR(dca, CSR_DMACTL);
1091 		if (!failreset) {
1092 			if (dca_check_acc_handle(dca, dca->dca_regs_handle,
1093 			    DCA_FM_ECLASS_NONE) != DDI_SUCCESS)
1094 				return (-1);
1095 		}
1096 		if ((dmactl & DMACTL_RESET) == 0) {
1097 			DBG(dca, DCHATTY, "reset in %d usec", i * 100);
1098 			return (0);
1099 		}
1100 	}
1101 	if (!failreset) {
1102 		dca_failure(dca, DDI_DEVICE_FAULT,
1103 		    DCA_FM_ECLASS_NONE, dca_ena(0), CRYPTO_DEVICE_ERROR,
1104 		    "timeout waiting for reset after %d usec", i * 100);
1105 	}
1106 	return (-1);
1107 }
1108 
1109 int
1110 dca_initworklist(dca_t *dca, dca_worklist_t *wlp)
1111 {
1112 	int	i;
1113 	int	reqprealloc = wlp->dwl_hiwater + (MAXWORK * MAXREQSPERMCR);
1114 
1115 	/*
1116 	 * Set up work queue.
1117 	 */
1118 	mutex_init(&wlp->dwl_lock, NULL, MUTEX_DRIVER, dca->dca_icookie);
1119 	mutex_init(&wlp->dwl_freereqslock, NULL, MUTEX_DRIVER,
1120 	    dca->dca_icookie);
1121 	mutex_init(&wlp->dwl_freelock, NULL, MUTEX_DRIVER, dca->dca_icookie);
1122 	cv_init(&wlp->dwl_cv, NULL, CV_DRIVER, NULL);
1123 
1124 	mutex_enter(&wlp->dwl_lock);
1125 
1126 	dca_initq(&wlp->dwl_freereqs);
1127 	dca_initq(&wlp->dwl_waitq);
1128 	dca_initq(&wlp->dwl_freework);
1129 	dca_initq(&wlp->dwl_runq);
1130 
1131 	for (i = 0; i < MAXWORK; i++) {
1132 		dca_work_t		*workp;
1133 
1134 		if ((workp = dca_newwork(dca)) == NULL) {
1135 			dca_error(dca, "unable to allocate work");
1136 			mutex_exit(&wlp->dwl_lock);
1137 			return (DDI_FAILURE);
1138 		}
1139 		workp->dw_wlp = wlp;
1140 		dca_freework(workp);
1141 	}
1142 	mutex_exit(&wlp->dwl_lock);
1143 
1144 	for (i = 0; i < reqprealloc; i++) {
1145 		dca_request_t *reqp;
1146 
1147 		if ((reqp = dca_newreq(dca)) == NULL) {
1148 			dca_error(dca, "unable to allocate request");
1149 			return (DDI_FAILURE);
1150 		}
1151 		reqp->dr_dca = dca;
1152 		reqp->dr_wlp = wlp;
1153 		dca_freereq(reqp);
1154 	}
1155 	return (DDI_SUCCESS);
1156 }
1157 
1158 int
1159 dca_init(dca_t *dca)
1160 {
1161 	dca_worklist_t		*wlp;
1162 
1163 	/* Initialize the private context list and the corresponding lock. */
1164 	mutex_init(&dca->dca_ctx_list_lock, NULL, MUTEX_DRIVER, NULL);
1165 	dca_initq(&dca->dca_ctx_list);
1166 
1167 	/*
1168 	 * MCR1 algorithms.
1169 	 */
1170 	wlp = WORKLIST(dca, MCR1);
1171 	(void) sprintf(wlp->dwl_name, "dca%d:mcr1",
1172 	    ddi_get_instance(dca->dca_dip));
1173 	wlp->dwl_lowater = ddi_getprop(DDI_DEV_T_ANY,
1174 	    dca->dca_dip, DDI_PROP_CANSLEEP | DDI_PROP_DONTPASS,
1175 	    "mcr1_lowater", MCR1LOWATER);
1176 	wlp->dwl_hiwater = ddi_getprop(DDI_DEV_T_ANY,
1177 	    dca->dca_dip, DDI_PROP_CANSLEEP | DDI_PROP_DONTPASS,
1178 	    "mcr1_hiwater", MCR1HIWATER);
1179 	wlp->dwl_reqspermcr = min(ddi_getprop(DDI_DEV_T_ANY,
1180 	    dca->dca_dip, DDI_PROP_CANSLEEP | DDI_PROP_DONTPASS,
1181 	    "mcr1_maxreqs", MCR1MAXREQS), MAXREQSPERMCR);
1182 	wlp->dwl_dca = dca;
1183 	wlp->dwl_mcr = MCR1;
1184 	if (dca_initworklist(dca, wlp) != DDI_SUCCESS) {
1185 		return (DDI_FAILURE);
1186 	}
1187 
1188 	/*
1189 	 * MCR2 algorithms.
1190 	 */
1191 	wlp = WORKLIST(dca, MCR2);
1192 	(void) sprintf(wlp->dwl_name, "dca%d:mcr2",
1193 	    ddi_get_instance(dca->dca_dip));
1194 	wlp->dwl_lowater = ddi_getprop(DDI_DEV_T_ANY,
1195 	    dca->dca_dip, DDI_PROP_CANSLEEP | DDI_PROP_DONTPASS,
1196 	    "mcr2_lowater", MCR2LOWATER);
1197 	wlp->dwl_hiwater = ddi_getprop(DDI_DEV_T_ANY,
1198 	    dca->dca_dip, DDI_PROP_CANSLEEP | DDI_PROP_DONTPASS,
1199 	    "mcr2_hiwater", MCR2HIWATER);
1200 	wlp->dwl_reqspermcr = min(ddi_getprop(DDI_DEV_T_ANY,
1201 	    dca->dca_dip, DDI_PROP_CANSLEEP | DDI_PROP_DONTPASS,
1202 	    "mcr2_maxreqs", MCR2MAXREQS), MAXREQSPERMCR);
1203 	wlp->dwl_dca = dca;
1204 	wlp->dwl_mcr = MCR2;
1205 	if (dca_initworklist(dca, wlp) != DDI_SUCCESS) {
1206 		return (DDI_FAILURE);
1207 	}
1208 	return (DDI_SUCCESS);
1209 }
1210 
1211 /*
1212  * Uninitialize worklists.  This routine should only be called when no
1213  * active jobs (hence DMA mappings) exist.  One way to ensure this is
1214  * to unregister from kCF before calling this routine.  (This is done
1215  * e.g. in detach(9e).)
1216  */
1217 void
1218 dca_uninit(dca_t *dca)
1219 {
1220 	int	mcr;
1221 
1222 	mutex_destroy(&dca->dca_ctx_list_lock);
1223 
1224 	for (mcr = MCR1; mcr <= MCR2; mcr++) {
1225 		dca_worklist_t	*wlp = WORKLIST(dca, mcr);
1226 		dca_work_t	*workp;
1227 		dca_request_t	*reqp;
1228 
1229 		if (dca->dca_regs_handle == NULL) {
1230 			continue;
1231 		}
1232 
1233 		mutex_enter(&wlp->dwl_lock);
1234 		while ((workp = dca_getwork(dca, mcr)) != NULL) {
1235 			dca_destroywork(workp);
1236 		}
1237 		mutex_exit(&wlp->dwl_lock);
1238 		while ((reqp = dca_getreq(dca, mcr, 0)) != NULL) {
1239 			dca_destroyreq(reqp);
1240 		}
1241 
1242 		mutex_destroy(&wlp->dwl_lock);
1243 		mutex_destroy(&wlp->dwl_freereqslock);
1244 		mutex_destroy(&wlp->dwl_freelock);
1245 		cv_destroy(&wlp->dwl_cv);
1246 		wlp->dwl_prov = 0;
1247 	}
1248 }
1249 
1250 static void
1251 dca_enlist2(dca_listnode_t *q, dca_listnode_t *node, kmutex_t *lock)
1252 {
1253 	if (!q || !node)
1254 		return;
1255 
1256 	mutex_enter(lock);
1257 	node->dl_next2 = q;
1258 	node->dl_prev2 = q->dl_prev2;
1259 	node->dl_next2->dl_prev2 = node;
1260 	node->dl_prev2->dl_next2 = node;
1261 	mutex_exit(lock);
1262 }
1263 
1264 static void
1265 dca_rmlist2(dca_listnode_t *node, kmutex_t *lock)
1266 {
1267 	if (!node)
1268 		return;
1269 
1270 	mutex_enter(lock);
1271 	node->dl_next2->dl_prev2 = node->dl_prev2;
1272 	node->dl_prev2->dl_next2 = node->dl_next2;
1273 	node->dl_next2 = NULL;
1274 	node->dl_prev2 = NULL;
1275 	mutex_exit(lock);
1276 }
1277 
1278 static dca_listnode_t *
1279 dca_delist2(dca_listnode_t *q, kmutex_t *lock)
1280 {
1281 	dca_listnode_t *node;
1282 
1283 	mutex_enter(lock);
1284 	if ((node = q->dl_next2) == q) {
1285 		mutex_exit(lock);
1286 		return (NULL);
1287 	}
1288 
1289 	node->dl_next2->dl_prev2 = node->dl_prev2;
1290 	node->dl_prev2->dl_next2 = node->dl_next2;
1291 	node->dl_next2 = NULL;
1292 	node->dl_prev2 = NULL;
1293 	mutex_exit(lock);
1294 
1295 	return (node);
1296 }
1297 
1298 void
1299 dca_initq(dca_listnode_t *q)
1300 {
1301 	q->dl_next = q;
1302 	q->dl_prev = q;
1303 	q->dl_next2 = q;
1304 	q->dl_prev2 = q;
1305 }
1306 
1307 void
1308 dca_enqueue(dca_listnode_t *q, dca_listnode_t *node)
1309 {
1310 	/*
1311 	 * Enqueue submits at the "tail" of the list, i.e. just
1312 	 * behind the sentinel.
1313 	 */
1314 	node->dl_next = q;
1315 	node->dl_prev = q->dl_prev;
1316 	node->dl_next->dl_prev = node;
1317 	node->dl_prev->dl_next = node;
1318 }
1319 
1320 void
1321 dca_rmqueue(dca_listnode_t *node)
1322 {
1323 	node->dl_next->dl_prev = node->dl_prev;
1324 	node->dl_prev->dl_next = node->dl_next;
1325 	node->dl_next = NULL;
1326 	node->dl_prev = NULL;
1327 }
1328 
1329 dca_listnode_t *
1330 dca_dequeue(dca_listnode_t *q)
1331 {
1332 	dca_listnode_t *node;
1333 	/*
1334 	 * Dequeue takes from the "head" of the list, i.e. just after
1335 	 * the sentinel.
1336 	 */
1337 	if ((node = q->dl_next) == q) {
1338 		/* queue is empty */
1339 		return (NULL);
1340 	}
1341 	dca_rmqueue(node);
1342 	return (node);
1343 }
1344 
1345 /* this is the opposite of dequeue, it takes things off in LIFO order */
1346 dca_listnode_t *
1347 dca_unqueue(dca_listnode_t *q)
1348 {
1349 	dca_listnode_t *node;
1350 	/*
1351 	 * unqueue takes from the "tail" of the list, i.e. just before
1352 	 * the sentinel.
1353 	 */
1354 	if ((node = q->dl_prev) == q) {
1355 		/* queue is empty */
1356 		return (NULL);
1357 	}
1358 	dca_rmqueue(node);
1359 	return (node);
1360 }
1361 
1362 dca_listnode_t *
1363 dca_peekqueue(dca_listnode_t *q)
1364 {
1365 	dca_listnode_t *node;
1366 
1367 	if ((node = q->dl_next) == q) {
1368 		return (NULL);
1369 	} else {
1370 		return (node);
1371 	}
1372 }
1373 
1374 /*
1375  * Interrupt service routine.
1376  */
1377 uint_t
1378 dca_intr(char *arg)
1379 {
1380 	dca_t		*dca = (dca_t *)arg;
1381 	uint32_t	status;
1382 
1383 	mutex_enter(&dca->dca_intrlock);
1384 	status = GETCSR(dca, CSR_DMASTAT);
1385 	PUTCSR(dca, CSR_DMASTAT, status & DMASTAT_INTERRUPTS);
1386 	if (dca_check_acc_handle(dca, dca->dca_regs_handle,
1387 	    DCA_FM_ECLASS_NONE) != DDI_SUCCESS) {
1388 		mutex_exit(&dca->dca_intrlock);
1389 		return ((uint_t)DDI_FAILURE);
1390 	}
1391 
1392 	DBG(dca, DINTR, "interrupted, status = 0x%x!", status);
1393 
1394 	if ((status & DMASTAT_INTERRUPTS) == 0) {
1395 		/* increment spurious interrupt kstat */
1396 		if (dca->dca_intrstats) {
1397 			KIOIP(dca)->intrs[KSTAT_INTR_SPURIOUS]++;
1398 		}
1399 		mutex_exit(&dca->dca_intrlock);
1400 		return (DDI_INTR_UNCLAIMED);
1401 	}
1402 
1403 	if (dca->dca_intrstats) {
1404 		KIOIP(dca)->intrs[KSTAT_INTR_HARD]++;
1405 	}
1406 	if (status & DMASTAT_MCR1INT) {
1407 		DBG(dca, DINTR, "MCR1 interrupted");
1408 		mutex_enter(&(WORKLIST(dca, MCR1)->dwl_lock));
1409 		dca_schedule(dca, MCR1);
1410 		dca_reclaim(dca, MCR1);
1411 		mutex_exit(&(WORKLIST(dca, MCR1)->dwl_lock));
1412 	}
1413 
1414 	if (status & DMASTAT_MCR2INT) {
1415 		DBG(dca, DINTR, "MCR2 interrupted");
1416 		mutex_enter(&(WORKLIST(dca, MCR2)->dwl_lock));
1417 		dca_schedule(dca, MCR2);
1418 		dca_reclaim(dca, MCR2);
1419 		mutex_exit(&(WORKLIST(dca, MCR2)->dwl_lock));
1420 	}
1421 
1422 	if (status & DMASTAT_ERRINT) {
1423 		uint32_t	erraddr;
1424 		erraddr = GETCSR(dca, CSR_DMAEA);
1425 		mutex_exit(&dca->dca_intrlock);
1426 
1427 		/*
1428 		 * bit 1 of the error address indicates failure during
1429 		 * read if set, during write otherwise.
1430 		 */
1431 		dca_failure(dca, DDI_DEVICE_FAULT,
1432 		    DCA_FM_ECLASS_HW_DEVICE, dca_ena(0), CRYPTO_DEVICE_ERROR,
1433 		    "DMA master access error %s address 0x%x",
1434 		    erraddr & 0x1 ? "reading" : "writing", erraddr & ~1);
1435 		return (DDI_INTR_CLAIMED);
1436 	}
1437 
1438 	mutex_exit(&dca->dca_intrlock);
1439 
1440 	return (DDI_INTR_CLAIMED);
1441 }
1442 
1443 /*
1444  * Reverse a string of bytes from s1 into s2.  The reversal happens
1445  * from the tail of s1.  If len1 < len2, then null bytes will be
1446  * padded to the end of s2.  If len2 < len1, then (presumably null)
1447  * bytes will be dropped from the start of s1.
1448  *
1449  * The rationale here is that when s1 (source) is shorter, then we
1450  * are reversing from big-endian ordering, into device ordering, and
1451  * want to add some extra nulls to the tail (MSB) side of the device.
1452  *
1453  * Similarly, when s2 (dest) is shorter, then we are truncating what
1454  * are presumably null MSB bits from the device.
1455  *
1456  * There is an expectation when reversing from the device back into
1457  * big-endian, that the number of bytes to reverse and the target size
1458  * will match, and no truncation or padding occurs.
1459  */
1460 void
1461 dca_reverse(void *s1, void *s2, int len1, int len2)
1462 {
1463 	caddr_t	src, dst;
1464 
1465 	if (len1 == 0) {
1466 		if (len2) {
1467 			bzero(s2, len2);
1468 		}
1469 		return;
1470 	}
1471 	src = (caddr_t)s1 + len1 - 1;
1472 	dst = s2;
1473 	while ((src >= (caddr_t)s1) && (len2)) {
1474 		*dst++ = *src--;
1475 		len2--;
1476 	}
1477 	while (len2 > 0) {
1478 		*dst++ = 0;
1479 		len2--;
1480 	}
1481 }
1482 
1483 uint16_t
1484 dca_padfull(int num)
1485 {
1486 	if (num <= 512) {
1487 		return (BITS2BYTES(512));
1488 	}
1489 	if (num <= 768) {
1490 		return (BITS2BYTES(768));
1491 	}
1492 	if (num <= 1024) {
1493 		return (BITS2BYTES(1024));
1494 	}
1495 	if (num <= 1536) {
1496 		return (BITS2BYTES(1536));
1497 	}
1498 	if (num <= 2048) {
1499 		return (BITS2BYTES(2048));
1500 	}
1501 	return (0);
1502 }
1503 
1504 uint16_t
1505 dca_padhalf(int num)
1506 {
1507 	if (num <= 256) {
1508 		return (BITS2BYTES(256));
1509 	}
1510 	if (num <= 384) {
1511 		return (BITS2BYTES(384));
1512 	}
1513 	if (num <= 512) {
1514 		return (BITS2BYTES(512));
1515 	}
1516 	if (num <= 768) {
1517 		return (BITS2BYTES(768));
1518 	}
1519 	if (num <= 1024) {
1520 		return (BITS2BYTES(1024));
1521 	}
1522 	return (0);
1523 }
1524 
1525 dca_work_t *
1526 dca_newwork(dca_t *dca)
1527 {
1528 	dca_work_t		*workp;
1529 	size_t			size;
1530 	ddi_dma_cookie_t	c;
1531 	unsigned		nc;
1532 	int			rv;
1533 
1534 	workp = kmem_zalloc(sizeof (dca_work_t), KM_SLEEP);
1535 
1536 	rv = ddi_dma_alloc_handle(dca->dca_dip, &dca_dmaattr,
1537 	    DDI_DMA_SLEEP, NULL, &workp->dw_mcr_dmah);
1538 	if (rv != 0) {
1539 		dca_error(dca, "unable to alloc MCR DMA handle");
1540 		dca_destroywork(workp);
1541 		return (NULL);
1542 	}
1543 
1544 	rv = ddi_dma_mem_alloc(workp->dw_mcr_dmah,
1545 	    ROUNDUP(MCR_SIZE, dca->dca_pagesize),
1546 	    &dca_devattr, DDI_DMA_CONSISTENT, DDI_DMA_SLEEP, NULL,
1547 	    &workp->dw_mcr_kaddr, &size, &workp->dw_mcr_acch);
1548 	if (rv != 0) {
1549 		dca_error(dca, "unable to alloc MCR DMA memory");
1550 		dca_destroywork(workp);
1551 		return (NULL);
1552 	}
1553 
1554 	rv = ddi_dma_addr_bind_handle(workp->dw_mcr_dmah, NULL,
1555 	    workp->dw_mcr_kaddr, size, DDI_DMA_CONSISTENT | DDI_DMA_RDWR,
1556 	    DDI_DMA_SLEEP, NULL, &c, &nc);
1557 	if (rv != DDI_DMA_MAPPED) {
1558 		dca_error(dca, "unable to map MCR DMA memory");
1559 		dca_destroywork(workp);
1560 		return (NULL);
1561 	}
1562 
1563 	workp->dw_mcr_paddr = c.dmac_address;
1564 	return (workp);
1565 }
1566 
1567 void
1568 dca_destroywork(dca_work_t *workp)
1569 {
1570 	if (workp->dw_mcr_paddr) {
1571 		(void) ddi_dma_unbind_handle(workp->dw_mcr_dmah);
1572 	}
1573 	if (workp->dw_mcr_acch) {
1574 		ddi_dma_mem_free(&workp->dw_mcr_acch);
1575 	}
1576 	if (workp->dw_mcr_dmah) {
1577 		ddi_dma_free_handle(&workp->dw_mcr_dmah);
1578 	}
1579 	kmem_free(workp, sizeof (dca_work_t));
1580 }
1581 
1582 dca_request_t *
1583 dca_newreq(dca_t *dca)
1584 {
1585 	dca_request_t		*reqp;
1586 	size_t			size;
1587 	ddi_dma_cookie_t	c;
1588 	unsigned		nc;
1589 	int			rv;
1590 	int			n_chain = 0;
1591 
1592 	size = (DESC_SIZE * MAXFRAGS) + CTX_MAXLENGTH;
1593 
1594 	reqp = kmem_zalloc(sizeof (dca_request_t), KM_SLEEP);
1595 
1596 	reqp->dr_dca = dca;
1597 
1598 	/*
1599 	 * Setup the DMA region for the context and descriptors.
1600 	 */
1601 	rv = ddi_dma_alloc_handle(dca->dca_dip, &dca_dmaattr, DDI_DMA_SLEEP,
1602 	    NULL, &reqp->dr_ctx_dmah);
1603 	if (rv != DDI_SUCCESS) {
1604 		dca_error(dca, "failure allocating request DMA handle");
1605 		dca_destroyreq(reqp);
1606 		return (NULL);
1607 	}
1608 
1609 	/* for driver hardening, allocate in whole pages */
1610 	rv = ddi_dma_mem_alloc(reqp->dr_ctx_dmah,
1611 	    ROUNDUP(size, dca->dca_pagesize), &dca_devattr, DDI_DMA_CONSISTENT,
1612 	    DDI_DMA_SLEEP, NULL, &reqp->dr_ctx_kaddr, &size,
1613 	    &reqp->dr_ctx_acch);
1614 	if (rv != DDI_SUCCESS) {
1615 		dca_error(dca, "unable to alloc request DMA memory");
1616 		dca_destroyreq(reqp);
1617 		return (NULL);
1618 	}
1619 
1620 	rv = ddi_dma_addr_bind_handle(reqp->dr_ctx_dmah, NULL,
1621 	    reqp->dr_ctx_kaddr, size, DDI_DMA_CONSISTENT | DDI_DMA_WRITE,
1622 	    DDI_DMA_SLEEP, 0, &c, &nc);
1623 	if (rv != DDI_DMA_MAPPED) {
1624 		dca_error(dca, "failed binding request DMA handle");
1625 		dca_destroyreq(reqp);
1626 		return (NULL);
1627 	}
1628 	reqp->dr_ctx_paddr = c.dmac_address;
1629 
1630 	reqp->dr_dma_size = size;
1631 
1632 	/*
1633 	 * Set up the dma for our scratch/shared buffers.
1634 	 */
1635 	rv = ddi_dma_alloc_handle(dca->dca_dip, &dca_dmaattr,
1636 	    DDI_DMA_SLEEP, NULL, &reqp->dr_ibuf_dmah);
1637 	if (rv != DDI_SUCCESS) {
1638 		dca_error(dca, "failure allocating ibuf DMA handle");
1639 		dca_destroyreq(reqp);
1640 		return (NULL);
1641 	}
1642 	rv = ddi_dma_alloc_handle(dca->dca_dip, &dca_dmaattr,
1643 	    DDI_DMA_SLEEP, NULL, &reqp->dr_obuf_dmah);
1644 	if (rv != DDI_SUCCESS) {
1645 		dca_error(dca, "failure allocating obuf DMA handle");
1646 		dca_destroyreq(reqp);
1647 		return (NULL);
1648 	}
1649 
1650 	rv = ddi_dma_alloc_handle(dca->dca_dip, &dca_dmaattr,
1651 	    DDI_DMA_SLEEP, NULL, &reqp->dr_chain_in_dmah);
1652 	if (rv != DDI_SUCCESS) {
1653 		dca_error(dca, "failure allocating chain_in DMA handle");
1654 		dca_destroyreq(reqp);
1655 		return (NULL);
1656 	}
1657 
1658 	rv = ddi_dma_alloc_handle(dca->dca_dip, &dca_dmaattr,
1659 	    DDI_DMA_SLEEP, NULL, &reqp->dr_chain_out_dmah);
1660 	if (rv != DDI_SUCCESS) {
1661 		dca_error(dca, "failure allocating chain_out DMA handle");
1662 		dca_destroyreq(reqp);
1663 		return (NULL);
1664 	}
1665 
1666 	/*
1667 	 * for driver hardening, allocate in whole pages.
1668 	 */
1669 	size = ROUNDUP(MAXPACKET, dca->dca_pagesize);
1670 #if defined(i386) || defined(__i386)
1671 	/*
1672 	 * Use kmem_alloc instead of ddi_dma_mem_alloc here since the latter
1673 	 * may fail on x86 platform if a physically contiguous memory chunk
1674 	 * cannot be found. From initial testing, we did not see performance
1675 	 * degradation as seen on Sparc.
1676 	 */
1677 	if ((reqp->dr_ibuf_kaddr = kmem_alloc(size, KM_SLEEP)) == NULL) {
1678 		dca_error(dca, "unable to alloc request ibuf memory");
1679 		dca_destroyreq(reqp);
1680 		return (NULL);
1681 	}
1682 	if ((reqp->dr_obuf_kaddr = kmem_alloc(size, KM_SLEEP)) == NULL) {
1683 		dca_error(dca, "unable to alloc request obuf memory");
1684 		dca_destroyreq(reqp);
1685 		return (NULL);
1686 	}
1687 #else
1688 	/*
1689 	 * We could kmem_alloc for Sparc too. However, it gives worse
1690 	 * performance when transferring more than one page data. For example,
1691 	 * using 4 threads and 12032 byte data and 3DES on 900MHZ Sparc system,
1692 	 * kmem_alloc uses 80% CPU and ddi_dma_mem_alloc uses 50% CPU for
1693 	 * the same throughput.
1694 	 */
1695 	rv = ddi_dma_mem_alloc(reqp->dr_ibuf_dmah,
1696 	    size, &dca_bufattr,
1697 	    DDI_DMA_STREAMING, DDI_DMA_SLEEP, NULL, &reqp->dr_ibuf_kaddr,
1698 	    &size, &reqp->dr_ibuf_acch);
1699 	if (rv != DDI_SUCCESS) {
1700 		dca_error(dca, "unable to alloc request DMA memory");
1701 		dca_destroyreq(reqp);
1702 		return (NULL);
1703 	}
1704 
1705 	rv = ddi_dma_mem_alloc(reqp->dr_obuf_dmah,
1706 	    size, &dca_bufattr,
1707 	    DDI_DMA_STREAMING, DDI_DMA_SLEEP, NULL, &reqp->dr_obuf_kaddr,
1708 	    &size, &reqp->dr_obuf_acch);
1709 	if (rv != DDI_SUCCESS) {
1710 		dca_error(dca, "unable to alloc request DMA memory");
1711 		dca_destroyreq(reqp);
1712 		return (NULL);
1713 	}
1714 #endif
1715 
1716 	/* Skip the used portion in the context page */
1717 	reqp->dr_offset = CTX_MAXLENGTH;
1718 	if ((rv = dca_bindchains_one(reqp, size, reqp->dr_offset,
1719 	    reqp->dr_ibuf_kaddr, reqp->dr_ibuf_dmah,
1720 	    DDI_DMA_WRITE | DDI_DMA_STREAMING,
1721 	    &reqp->dr_ibuf_head, &n_chain)) != DDI_SUCCESS) {
1722 		(void) dca_destroyreq(reqp);
1723 		return (NULL);
1724 	}
1725 	reqp->dr_ibuf_paddr = reqp->dr_ibuf_head.dc_buffer_paddr;
1726 	/* Skip the space used by the input buffer */
1727 	reqp->dr_offset += DESC_SIZE * n_chain;
1728 
1729 	if ((rv = dca_bindchains_one(reqp, size, reqp->dr_offset,
1730 	    reqp->dr_obuf_kaddr, reqp->dr_obuf_dmah,
1731 	    DDI_DMA_READ | DDI_DMA_STREAMING,
1732 	    &reqp->dr_obuf_head, &n_chain)) != DDI_SUCCESS) {
1733 		(void) dca_destroyreq(reqp);
1734 		return (NULL);
1735 	}
1736 	reqp->dr_obuf_paddr = reqp->dr_obuf_head.dc_buffer_paddr;
1737 	/* Skip the space used by the output buffer */
1738 	reqp->dr_offset += DESC_SIZE * n_chain;
1739 
1740 	DBG(dca, DCHATTY, "CTX is 0x%p, phys 0x%x, len %d",
1741 	    reqp->dr_ctx_kaddr, reqp->dr_ctx_paddr, CTX_MAXLENGTH);
1742 	return (reqp);
1743 }
1744 
1745 void
1746 dca_destroyreq(dca_request_t *reqp)
1747 {
1748 #if defined(i386) || defined(__i386)
1749 	dca_t		*dca = reqp->dr_dca;
1750 	size_t		size = ROUNDUP(MAXPACKET, dca->dca_pagesize);
1751 #endif
1752 
1753 	/*
1754 	 * Clean up DMA for the context structure.
1755 	 */
1756 	if (reqp->dr_ctx_paddr) {
1757 		(void) ddi_dma_unbind_handle(reqp->dr_ctx_dmah);
1758 	}
1759 
1760 	if (reqp->dr_ctx_acch) {
1761 		ddi_dma_mem_free(&reqp->dr_ctx_acch);
1762 	}
1763 
1764 	if (reqp->dr_ctx_dmah) {
1765 		ddi_dma_free_handle(&reqp->dr_ctx_dmah);
1766 	}
1767 
1768 	/*
1769 	 * Clean up DMA for the scratch buffer.
1770 	 */
1771 #if defined(i386) || defined(__i386)
1772 	if (reqp->dr_ibuf_dmah) {
1773 		(void) ddi_dma_unbind_handle(reqp->dr_ibuf_dmah);
1774 		ddi_dma_free_handle(&reqp->dr_ibuf_dmah);
1775 	}
1776 	if (reqp->dr_obuf_dmah) {
1777 		(void) ddi_dma_unbind_handle(reqp->dr_obuf_dmah);
1778 		ddi_dma_free_handle(&reqp->dr_obuf_dmah);
1779 	}
1780 
1781 	kmem_free(reqp->dr_ibuf_kaddr, size);
1782 	kmem_free(reqp->dr_obuf_kaddr, size);
1783 #else
1784 	if (reqp->dr_ibuf_paddr) {
1785 		(void) ddi_dma_unbind_handle(reqp->dr_ibuf_dmah);
1786 	}
1787 	if (reqp->dr_obuf_paddr) {
1788 		(void) ddi_dma_unbind_handle(reqp->dr_obuf_dmah);
1789 	}
1790 
1791 	if (reqp->dr_ibuf_acch) {
1792 		ddi_dma_mem_free(&reqp->dr_ibuf_acch);
1793 	}
1794 	if (reqp->dr_obuf_acch) {
1795 		ddi_dma_mem_free(&reqp->dr_obuf_acch);
1796 	}
1797 
1798 	if (reqp->dr_ibuf_dmah) {
1799 		ddi_dma_free_handle(&reqp->dr_ibuf_dmah);
1800 	}
1801 	if (reqp->dr_obuf_dmah) {
1802 		ddi_dma_free_handle(&reqp->dr_obuf_dmah);
1803 	}
1804 #endif
1805 	/*
1806 	 * These two DMA handles should have been unbinded in
1807 	 * dca_unbindchains() function
1808 	 */
1809 	if (reqp->dr_chain_in_dmah) {
1810 		ddi_dma_free_handle(&reqp->dr_chain_in_dmah);
1811 	}
1812 	if (reqp->dr_chain_out_dmah) {
1813 		ddi_dma_free_handle(&reqp->dr_chain_out_dmah);
1814 	}
1815 
1816 	kmem_free(reqp, sizeof (dca_request_t));
1817 }
1818 
1819 dca_work_t *
1820 dca_getwork(dca_t *dca, int mcr)
1821 {
1822 	dca_worklist_t	*wlp = WORKLIST(dca, mcr);
1823 	dca_work_t	*workp;
1824 
1825 	mutex_enter(&wlp->dwl_freelock);
1826 	workp = (dca_work_t *)dca_dequeue(&wlp->dwl_freework);
1827 	mutex_exit(&wlp->dwl_freelock);
1828 	if (workp) {
1829 		int	nreqs;
1830 		bzero(workp->dw_mcr_kaddr, 8);
1831 
1832 		/* clear out old requests */
1833 		for (nreqs = 0; nreqs < MAXREQSPERMCR; nreqs++) {
1834 			workp->dw_reqs[nreqs] = NULL;
1835 		}
1836 	}
1837 	return (workp);
1838 }
1839 
1840 void
1841 dca_freework(dca_work_t *workp)
1842 {
1843 	mutex_enter(&workp->dw_wlp->dwl_freelock);
1844 	dca_enqueue(&workp->dw_wlp->dwl_freework, (dca_listnode_t *)workp);
1845 	mutex_exit(&workp->dw_wlp->dwl_freelock);
1846 }
1847 
1848 dca_request_t *
1849 dca_getreq(dca_t *dca, int mcr, int tryhard)
1850 {
1851 	dca_worklist_t	*wlp = WORKLIST(dca, mcr);
1852 	dca_request_t	*reqp;
1853 
1854 	mutex_enter(&wlp->dwl_freereqslock);
1855 	reqp = (dca_request_t *)dca_dequeue(&wlp->dwl_freereqs);
1856 	mutex_exit(&wlp->dwl_freereqslock);
1857 	if (reqp) {
1858 		reqp->dr_flags = 0;
1859 		reqp->dr_callback = NULL;
1860 	} else if (tryhard) {
1861 		/*
1862 		 * failed to get a free one, try an allocation, the hard way.
1863 		 * XXX: Kstat desired here.
1864 		 */
1865 		if ((reqp = dca_newreq(dca)) != NULL) {
1866 			reqp->dr_wlp = wlp;
1867 			reqp->dr_dca = dca;
1868 			reqp->dr_flags = 0;
1869 			reqp->dr_callback = NULL;
1870 		}
1871 	}
1872 	return (reqp);
1873 }
1874 
1875 void
1876 dca_freereq(dca_request_t *reqp)
1877 {
1878 	reqp->dr_kcf_req = NULL;
1879 	if (!(reqp->dr_flags & DR_NOCACHE)) {
1880 		mutex_enter(&reqp->dr_wlp->dwl_freereqslock);
1881 		dca_enqueue(&reqp->dr_wlp->dwl_freereqs,
1882 		    (dca_listnode_t *)reqp);
1883 		mutex_exit(&reqp->dr_wlp->dwl_freereqslock);
1884 	}
1885 }
1886 
1887 /*
1888  * Binds user buffers to DMA handles dynamically. On Sparc, a user buffer
1889  * is mapped to a single physical address. On x86, a user buffer is mapped
1890  * to multiple physical addresses. These physical addresses are chained
1891  * using the method specified in Broadcom BCM5820 specification.
1892  */
1893 int
1894 dca_bindchains(dca_request_t *reqp, size_t incnt, size_t outcnt)
1895 {
1896 	int			rv;
1897 	caddr_t			kaddr;
1898 	uint_t			flags;
1899 	int			n_chain = 0;
1900 
1901 	if (reqp->dr_flags & DR_INPLACE) {
1902 		flags = DDI_DMA_RDWR | DDI_DMA_CONSISTENT;
1903 	} else {
1904 		flags = DDI_DMA_WRITE | DDI_DMA_STREAMING;
1905 	}
1906 
1907 	/* first the input */
1908 	if (incnt) {
1909 		if ((kaddr = dca_bufdaddr(reqp->dr_in)) == NULL) {
1910 			DBG(NULL, DWARN, "unrecognised crypto data format");
1911 			return (DDI_FAILURE);
1912 		}
1913 		if ((rv = dca_bindchains_one(reqp, incnt, reqp->dr_offset,
1914 		    kaddr, reqp->dr_chain_in_dmah, flags,
1915 		    &reqp->dr_chain_in_head, &n_chain)) != DDI_SUCCESS) {
1916 			(void) dca_unbindchains(reqp);
1917 			return (rv);
1918 		}
1919 
1920 		/*
1921 		 * The offset and length are altered by the calling routine
1922 		 * reqp->dr_in->cd_offset += incnt;
1923 		 * reqp->dr_in->cd_length -= incnt;
1924 		 */
1925 		/* Save the first one in the chain for MCR */
1926 		reqp->dr_in_paddr = reqp->dr_chain_in_head.dc_buffer_paddr;
1927 		reqp->dr_in_next = reqp->dr_chain_in_head.dc_next_paddr;
1928 		reqp->dr_in_len = reqp->dr_chain_in_head.dc_buffer_length;
1929 	} else {
1930 		reqp->dr_in_paddr = 0;
1931 		reqp->dr_in_next = 0;
1932 		reqp->dr_in_len = 0;
1933 	}
1934 
1935 	if (reqp->dr_flags & DR_INPLACE) {
1936 		reqp->dr_out_paddr = reqp->dr_in_paddr;
1937 		reqp->dr_out_len = reqp->dr_in_len;
1938 		reqp->dr_out_next = reqp->dr_in_next;
1939 		return (DDI_SUCCESS);
1940 	}
1941 
1942 	/* then the output */
1943 	if (outcnt) {
1944 		flags = DDI_DMA_READ | DDI_DMA_STREAMING;
1945 		if ((kaddr = dca_bufdaddr_out(reqp->dr_out)) == NULL) {
1946 			DBG(NULL, DWARN, "unrecognised crypto data format");
1947 			(void) dca_unbindchains(reqp);
1948 			return (DDI_FAILURE);
1949 		}
1950 		rv = dca_bindchains_one(reqp, outcnt, reqp->dr_offset +
1951 		    n_chain * DESC_SIZE, kaddr, reqp->dr_chain_out_dmah,
1952 		    flags, &reqp->dr_chain_out_head, &n_chain);
1953 		if (rv != DDI_SUCCESS) {
1954 			(void) dca_unbindchains(reqp);
1955 			return (DDI_FAILURE);
1956 		}
1957 
1958 		/* Save the first one in the chain for MCR */
1959 		reqp->dr_out_paddr = reqp->dr_chain_out_head.dc_buffer_paddr;
1960 		reqp->dr_out_next = reqp->dr_chain_out_head.dc_next_paddr;
1961 		reqp->dr_out_len = reqp->dr_chain_out_head.dc_buffer_length;
1962 	} else {
1963 		reqp->dr_out_paddr = 0;
1964 		reqp->dr_out_next = 0;
1965 		reqp->dr_out_len = 0;
1966 	}
1967 
1968 	return (DDI_SUCCESS);
1969 }
1970 
1971 /*
1972  * Unbind the user buffers from the DMA handles.
1973  */
1974 int
1975 dca_unbindchains(dca_request_t *reqp)
1976 {
1977 	int rv = DDI_SUCCESS;
1978 	int rv1 = DDI_SUCCESS;
1979 
1980 	/* Clear the input chain */
1981 	if (reqp->dr_chain_in_head.dc_buffer_paddr != 0) {
1982 		(void) ddi_dma_unbind_handle(reqp->dr_chain_in_dmah);
1983 		reqp->dr_chain_in_head.dc_buffer_paddr = 0;
1984 	}
1985 
1986 	if (reqp->dr_flags & DR_INPLACE) {
1987 		return (rv);
1988 	}
1989 
1990 	/* Clear the output chain */
1991 	if (reqp->dr_chain_out_head.dc_buffer_paddr != 0) {
1992 		(void) ddi_dma_unbind_handle(reqp->dr_chain_out_dmah);
1993 		reqp->dr_chain_out_head.dc_buffer_paddr = 0;
1994 	}
1995 
1996 	return ((rv != DDI_SUCCESS)? rv : rv1);
1997 }
1998 
1999 /*
2000  * Build either input chain or output chain. It is single-item chain for Sparc,
2001  * and possible mutiple-item chain for x86.
2002  */
2003 static int
2004 dca_bindchains_one(dca_request_t *reqp, size_t cnt, int dr_offset,
2005     caddr_t kaddr, ddi_dma_handle_t handle, uint_t flags,
2006     dca_chain_t *head, int *n_chain)
2007 {
2008 	ddi_dma_cookie_t	c;
2009 	uint_t			nc;
2010 	int			rv;
2011 	caddr_t			chain_kaddr_pre;
2012 	caddr_t			chain_kaddr;
2013 	uint32_t		chain_paddr;
2014 	int			i;
2015 
2016 	/* Advance past the context structure to the starting address */
2017 	chain_paddr = reqp->dr_ctx_paddr + dr_offset;
2018 	chain_kaddr = reqp->dr_ctx_kaddr + dr_offset;
2019 
2020 	/*
2021 	 * Bind the kernel address to the DMA handle. On x86, the actual
2022 	 * buffer is mapped into multiple physical addresses. On Sparc,
2023 	 * the actual buffer is mapped into a single address.
2024 	 */
2025 	rv = ddi_dma_addr_bind_handle(handle,
2026 	    NULL, kaddr, cnt, flags, DDI_DMA_DONTWAIT, NULL, &c, &nc);
2027 	if (rv != DDI_DMA_MAPPED) {
2028 		return (DDI_FAILURE);
2029 	}
2030 
2031 	(void) ddi_dma_sync(handle, 0, cnt, DDI_DMA_SYNC_FORDEV);
2032 	if ((rv = dca_check_dma_handle(reqp->dr_dca, handle,
2033 	    DCA_FM_ECLASS_NONE)) != DDI_SUCCESS) {
2034 		reqp->destroy = TRUE;
2035 		return (rv);
2036 	}
2037 
2038 	*n_chain = nc;
2039 
2040 	/* Setup the data buffer chain for DMA transfer */
2041 	chain_kaddr_pre = NULL;
2042 	head->dc_buffer_paddr = 0;
2043 	head->dc_next_paddr = 0;
2044 	head->dc_buffer_length = 0;
2045 	for (i = 0; i < nc; i++) {
2046 		/* PIO */
2047 		PUTDESC32(reqp, chain_kaddr, DESC_BUFADDR, c.dmac_address);
2048 		PUTDESC16(reqp, chain_kaddr, DESC_RSVD, 0);
2049 		PUTDESC16(reqp, chain_kaddr, DESC_LENGTH, c.dmac_size);
2050 
2051 		/* Remember the head of the chain */
2052 		if (head->dc_buffer_paddr == 0) {
2053 			head->dc_buffer_paddr = c.dmac_address;
2054 			head->dc_buffer_length = c.dmac_size;
2055 		}
2056 
2057 		/* Link to the previous one if one exists */
2058 		if (chain_kaddr_pre) {
2059 			PUTDESC32(reqp, chain_kaddr_pre, DESC_NEXT,
2060 			    chain_paddr);
2061 			if (head->dc_next_paddr == 0)
2062 				head->dc_next_paddr = chain_paddr;
2063 		}
2064 		chain_kaddr_pre = chain_kaddr;
2065 
2066 		/* Maintain pointers */
2067 		chain_paddr += DESC_SIZE;
2068 		chain_kaddr += DESC_SIZE;
2069 
2070 		/* Retrieve the next cookie if there is one */
2071 		if (i < nc-1)
2072 			ddi_dma_nextcookie(handle, &c);
2073 	}
2074 
2075 	/* Set the next pointer in the last entry to NULL */
2076 	PUTDESC32(reqp, chain_kaddr_pre, DESC_NEXT, 0);
2077 
2078 	return (DDI_SUCCESS);
2079 }
2080 
2081 /*
2082  * Schedule some work.
2083  */
2084 int
2085 dca_start(dca_t *dca, dca_request_t *reqp, int mcr, int dosched)
2086 {
2087 	dca_worklist_t	*wlp = WORKLIST(dca, mcr);
2088 
2089 	mutex_enter(&wlp->dwl_lock);
2090 
2091 	DBG(dca, DCHATTY, "req=%p, in=%p, out=%p, ctx=%p, ibuf=%p, obuf=%p",
2092 	    reqp, reqp->dr_in, reqp->dr_out, reqp->dr_ctx_kaddr,
2093 	    reqp->dr_ibuf_kaddr, reqp->dr_obuf_kaddr);
2094 	DBG(dca, DCHATTY, "ctx paddr = %x, ibuf paddr = %x, obuf paddr = %x",
2095 	    reqp->dr_ctx_paddr, reqp->dr_ibuf_paddr, reqp->dr_obuf_paddr);
2096 	/* sync out the entire context and descriptor chains */
2097 	(void) ddi_dma_sync(reqp->dr_ctx_dmah, 0, 0, DDI_DMA_SYNC_FORDEV);
2098 	if (dca_check_dma_handle(dca, reqp->dr_ctx_dmah,
2099 	    DCA_FM_ECLASS_NONE) != DDI_SUCCESS) {
2100 		reqp->destroy = TRUE;
2101 		mutex_exit(&wlp->dwl_lock);
2102 		return (CRYPTO_DEVICE_ERROR);
2103 	}
2104 
2105 	dca_enqueue(&wlp->dwl_waitq, (dca_listnode_t *)reqp);
2106 	wlp->dwl_count++;
2107 	wlp->dwl_lastsubmit = ddi_get_lbolt();
2108 	reqp->dr_wlp = wlp;
2109 
2110 	if ((wlp->dwl_count == wlp->dwl_hiwater) && (wlp->dwl_busy == 0)) {
2111 		/* we are fully loaded now, let kCF know */
2112 
2113 		wlp->dwl_flowctl++;
2114 		wlp->dwl_busy = 1;
2115 
2116 		crypto_prov_notify(wlp->dwl_prov, CRYPTO_PROVIDER_BUSY);
2117 	}
2118 
2119 	if (dosched) {
2120 #ifdef	SCHEDDELAY
2121 		/* possibly wait for more work to arrive */
2122 		if (wlp->dwl_count >= wlp->dwl_reqspermcr) {
2123 			dca_schedule(dca, mcr);
2124 		} else if (!wlp->dwl_schedtid) {
2125 			/* wait 1 msec for more work before doing it */
2126 			wlp->dwl_schedtid = timeout(dca_schedtimeout,
2127 			    (void *)wlp, drv_usectohz(MSEC));
2128 		}
2129 #else
2130 		dca_schedule(dca, mcr);
2131 #endif
2132 	}
2133 	mutex_exit(&wlp->dwl_lock);
2134 
2135 	return (CRYPTO_QUEUED);
2136 }
2137 
2138 void
2139 dca_schedule(dca_t *dca, int mcr)
2140 {
2141 	dca_worklist_t	*wlp = WORKLIST(dca, mcr);
2142 	int		csr;
2143 	int		full;
2144 	uint32_t	status;
2145 
2146 	ASSERT(mutex_owned(&wlp->dwl_lock));
2147 	/*
2148 	 * If the card is draining or has an outstanding failure,
2149 	 * don't schedule any more work on it right now
2150 	 */
2151 	if (wlp->dwl_drain || (dca->dca_flags & DCA_FAILED)) {
2152 		return;
2153 	}
2154 
2155 	if (mcr == MCR2) {
2156 		csr = CSR_MCR2;
2157 		full = DMASTAT_MCR2FULL;
2158 	} else {
2159 		csr = CSR_MCR1;
2160 		full = DMASTAT_MCR1FULL;
2161 	}
2162 
2163 	for (;;) {
2164 		dca_work_t	*workp;
2165 		uint32_t	offset;
2166 		int		nreqs;
2167 
2168 		status = GETCSR(dca, CSR_DMASTAT);
2169 		if (dca_check_acc_handle(dca, dca->dca_regs_handle,
2170 		    DCA_FM_ECLASS_NONE) != DDI_SUCCESS)
2171 			return;
2172 
2173 		if ((status & full) != 0)
2174 			break;
2175 
2176 #ifdef	SCHEDDELAY
2177 		/* if there isn't enough to do, don't bother now */
2178 		if ((wlp->dwl_count < wlp->dwl_reqspermcr) &&
2179 		    (ddi_get_lbolt() < (wlp->dwl_lastsubmit +
2180 		    drv_usectohz(MSEC)))) {
2181 			/* wait a bit longer... */
2182 			if (wlp->dwl_schedtid == 0) {
2183 				wlp->dwl_schedtid = timeout(dca_schedtimeout,
2184 				    (void *)wlp, drv_usectohz(MSEC));
2185 			}
2186 			return;
2187 		}
2188 #endif
2189 
2190 		/* grab a work structure */
2191 		workp = dca_getwork(dca, mcr);
2192 
2193 		if (workp == NULL) {
2194 			/*
2195 			 * There must be work ready to be reclaimed,
2196 			 * in this case, since the chip can only hold
2197 			 * less work outstanding than there are total.
2198 			 */
2199 			dca_reclaim(dca, mcr);
2200 			continue;
2201 		}
2202 
2203 		nreqs = 0;
2204 		offset = MCR_CTXADDR;
2205 
2206 		while (nreqs < wlp->dwl_reqspermcr) {
2207 			dca_request_t	*reqp;
2208 
2209 			reqp = (dca_request_t *)dca_dequeue(&wlp->dwl_waitq);
2210 			if (reqp == NULL) {
2211 				/* nothing left to process */
2212 				break;
2213 			}
2214 			/*
2215 			 * Update flow control.
2216 			 */
2217 			wlp->dwl_count--;
2218 			if ((wlp->dwl_count == wlp->dwl_lowater) &&
2219 			    (wlp->dwl_busy))  {
2220 				wlp->dwl_busy = 0;
2221 				crypto_prov_notify(wlp->dwl_prov,
2222 				    CRYPTO_PROVIDER_READY);
2223 			}
2224 
2225 			/*
2226 			 * Context address.
2227 			 */
2228 			PUTMCR32(workp, offset, reqp->dr_ctx_paddr);
2229 			offset += 4;
2230 
2231 			/*
2232 			 * Input chain.
2233 			 */
2234 			/* input buffer address */
2235 			PUTMCR32(workp, offset, reqp->dr_in_paddr);
2236 			offset += 4;
2237 			/* next input buffer entry */
2238 			PUTMCR32(workp, offset, reqp->dr_in_next);
2239 			offset += 4;
2240 			/* input buffer length */
2241 			PUTMCR16(workp, offset, reqp->dr_in_len);
2242 			offset += 2;
2243 			/* zero the reserved field */
2244 			PUTMCR16(workp, offset, 0);
2245 			offset += 2;
2246 
2247 			/*
2248 			 * Overall length.
2249 			 */
2250 			/* reserved field */
2251 			PUTMCR16(workp, offset, 0);
2252 			offset += 2;
2253 			/* total packet length */
2254 			PUTMCR16(workp, offset, reqp->dr_pkt_length);
2255 			offset += 2;
2256 
2257 			/*
2258 			 * Output chain.
2259 			 */
2260 			/* output buffer address */
2261 			PUTMCR32(workp, offset, reqp->dr_out_paddr);
2262 			offset += 4;
2263 			/* next output buffer entry */
2264 			PUTMCR32(workp, offset, reqp->dr_out_next);
2265 			offset += 4;
2266 			/* output buffer length */
2267 			PUTMCR16(workp, offset, reqp->dr_out_len);
2268 			offset += 2;
2269 			/* zero the reserved field */
2270 			PUTMCR16(workp, offset, 0);
2271 			offset += 2;
2272 
2273 			/*
2274 			 * Note submission.
2275 			 */
2276 			workp->dw_reqs[nreqs] = reqp;
2277 			nreqs++;
2278 		}
2279 
2280 		if (nreqs == 0) {
2281 			/* nothing in the queue! */
2282 			dca_freework(workp);
2283 			return;
2284 		}
2285 
2286 		wlp->dwl_submit++;
2287 
2288 		PUTMCR16(workp, MCR_FLAGS, 0);
2289 		PUTMCR16(workp, MCR_COUNT, nreqs);
2290 
2291 		DBG(dca, DCHATTY,
2292 		    "posting work (phys %x, virt 0x%p) (%d reqs) to MCR%d",
2293 		    workp->dw_mcr_paddr, workp->dw_mcr_kaddr,
2294 		    nreqs, mcr);
2295 
2296 		workp->dw_lbolt = ddi_get_lbolt();
2297 		/* Make sure MCR is synced out to device. */
2298 		(void) ddi_dma_sync(workp->dw_mcr_dmah, 0, 0,
2299 		    DDI_DMA_SYNC_FORDEV);
2300 		if (dca_check_dma_handle(dca, workp->dw_mcr_dmah,
2301 		    DCA_FM_ECLASS_NONE) != DDI_SUCCESS) {
2302 			dca_destroywork(workp);
2303 			return;
2304 		}
2305 
2306 		PUTCSR(dca, csr, workp->dw_mcr_paddr);
2307 		if (dca_check_acc_handle(dca, dca->dca_regs_handle,
2308 		    DCA_FM_ECLASS_NONE) != DDI_SUCCESS) {
2309 			dca_destroywork(workp);
2310 			return;
2311 		} else {
2312 			dca_enqueue(&wlp->dwl_runq, (dca_listnode_t *)workp);
2313 		}
2314 
2315 		DBG(dca, DCHATTY, "posted");
2316 	}
2317 }
2318 
2319 /*
2320  * Reclaim completed work, called in interrupt context.
2321  */
2322 void
2323 dca_reclaim(dca_t *dca, int mcr)
2324 {
2325 	dca_worklist_t	*wlp = WORKLIST(dca, mcr);
2326 	dca_work_t	*workp;
2327 	ushort_t	flags;
2328 	int		nreclaimed = 0;
2329 	int		i;
2330 
2331 	DBG(dca, DRECLAIM, "worklist = 0x%p (MCR%d)", wlp, mcr);
2332 	ASSERT(mutex_owned(&wlp->dwl_lock));
2333 	/*
2334 	 * For each MCR in the submitted (runq), we check to see if
2335 	 * it has been processed.  If so, then we note each individual
2336 	 * job in the MCR, and and do the completion processing for
2337 	 * each of such job.
2338 	 */
2339 	for (;;) {
2340 
2341 		workp = (dca_work_t *)dca_peekqueue(&wlp->dwl_runq);
2342 		if (workp == NULL) {
2343 			break;
2344 		}
2345 
2346 		/* only sync the MCR flags, since that's all we need */
2347 		(void) ddi_dma_sync(workp->dw_mcr_dmah, 0, 4,
2348 		    DDI_DMA_SYNC_FORKERNEL);
2349 		if (dca_check_dma_handle(dca, workp->dw_mcr_dmah,
2350 		    DCA_FM_ECLASS_NONE) != DDI_SUCCESS) {
2351 			dca_rmqueue((dca_listnode_t *)workp);
2352 			dca_destroywork(workp);
2353 			return;
2354 		}
2355 
2356 		flags = GETMCR16(workp, MCR_FLAGS);
2357 		if ((flags & MCRFLAG_FINISHED) == 0) {
2358 			/* chip is still working on it */
2359 			DBG(dca, DRECLAIM,
2360 			    "chip still working on it (MCR%d)", mcr);
2361 			break;
2362 		}
2363 
2364 		/* its really for us, so remove it from the queue */
2365 		dca_rmqueue((dca_listnode_t *)workp);
2366 
2367 		/* if we were draining, signal on the cv */
2368 		if (wlp->dwl_drain && QEMPTY(&wlp->dwl_runq)) {
2369 			cv_signal(&wlp->dwl_cv);
2370 		}
2371 
2372 		/* update statistics, done under the lock */
2373 		for (i = 0; i < wlp->dwl_reqspermcr; i++) {
2374 			dca_request_t *reqp = workp->dw_reqs[i];
2375 			if (reqp == NULL) {
2376 				continue;
2377 			}
2378 			if (reqp->dr_byte_stat >= 0) {
2379 				dca->dca_stats[reqp->dr_byte_stat] +=
2380 				    reqp->dr_pkt_length;
2381 			}
2382 			if (reqp->dr_job_stat >= 0) {
2383 				dca->dca_stats[reqp->dr_job_stat]++;
2384 			}
2385 		}
2386 		mutex_exit(&wlp->dwl_lock);
2387 
2388 		for (i = 0; i < wlp->dwl_reqspermcr; i++) {
2389 			dca_request_t *reqp = workp->dw_reqs[i];
2390 
2391 			if (reqp == NULL) {
2392 				continue;
2393 			}
2394 
2395 			/* Do the callback. */
2396 			workp->dw_reqs[i] = NULL;
2397 			dca_done(reqp, CRYPTO_SUCCESS);
2398 
2399 			nreclaimed++;
2400 		}
2401 
2402 		/* now we can release the work */
2403 		dca_freework(workp);
2404 
2405 		mutex_enter(&wlp->dwl_lock);
2406 	}
2407 	DBG(dca, DRECLAIM, "reclaimed %d cmds", nreclaimed);
2408 }
2409 
2410 int
2411 dca_length(crypto_data_t *cdata)
2412 {
2413 	return (cdata->cd_length);
2414 }
2415 
2416 /*
2417  * This is the callback function called from the interrupt when a kCF job
2418  * completes.  It does some driver-specific things, and then calls the
2419  * kCF-provided callback.  Finally, it cleans up the state for the work
2420  * request and drops the reference count to allow for DR.
2421  */
2422 void
2423 dca_done(dca_request_t *reqp, int err)
2424 {
2425 	uint64_t	ena = 0;
2426 
2427 	/* unbind any chains we were using */
2428 	if (dca_unbindchains(reqp) != DDI_SUCCESS) {
2429 		/* DMA failure */
2430 		ena = dca_ena(ena);
2431 		dca_failure(reqp->dr_dca, DDI_DATAPATH_FAULT,
2432 		    DCA_FM_ECLASS_NONE, ena, CRYPTO_DEVICE_ERROR,
2433 		    "fault on buffer DMA handle");
2434 		if (err == CRYPTO_SUCCESS) {
2435 			err = CRYPTO_DEVICE_ERROR;
2436 		}
2437 	}
2438 
2439 	if (reqp->dr_callback != NULL) {
2440 		reqp->dr_callback(reqp, err);
2441 	} else {
2442 		dca_freereq(reqp);
2443 	}
2444 }
2445 
2446 /*
2447  * Call this when a failure is detected.  It will reset the chip,
2448  * log a message, alert kCF, and mark jobs in the runq as failed.
2449  */
2450 /* ARGSUSED */
2451 void
2452 dca_failure(dca_t *dca, ddi_fault_location_t loc, dca_fma_eclass_t index,
2453     uint64_t ena, int errno, char *mess, ...)
2454 {
2455 	va_list	ap;
2456 	char	buf[256];
2457 	int	mcr;
2458 	char	*eclass;
2459 	int	have_mutex;
2460 
2461 	va_start(ap, mess);
2462 	(void) vsprintf(buf, mess, ap);
2463 	va_end(ap);
2464 
2465 	eclass = dca_fma_eclass_string(dca->dca_model, index);
2466 
2467 	if (DDI_FM_EREPORT_CAP(dca->fm_capabilities) &&
2468 	    index != DCA_FM_ECLASS_NONE) {
2469 		ddi_fm_ereport_post(dca->dca_dip, eclass, ena,
2470 		    DDI_NOSLEEP, FM_VERSION, DATA_TYPE_UINT8,
2471 		    FM_EREPORT_VERS0, NULL);
2472 
2473 		/* Report the impact of the failure to the DDI. */
2474 		ddi_fm_service_impact(dca->dca_dip, DDI_SERVICE_LOST);
2475 	} else {
2476 		/* Just log the error string to the message log */
2477 		dca_error(dca, buf);
2478 	}
2479 
2480 	/*
2481 	 * Indicate a failure (keeps schedule from running).
2482 	 */
2483 	dca->dca_flags |= DCA_FAILED;
2484 
2485 	/*
2486 	 * Reset the chip.  This should also have as a side effect, the
2487 	 * disabling of all interrupts from the device.
2488 	 */
2489 	(void) dca_reset(dca, 1);
2490 
2491 	/*
2492 	 * Report the failure to kCF.
2493 	 */
2494 	for (mcr = MCR1; mcr <= MCR2; mcr++) {
2495 		if (WORKLIST(dca, mcr)->dwl_prov) {
2496 			crypto_prov_notify(WORKLIST(dca, mcr)->dwl_prov,
2497 			    CRYPTO_PROVIDER_FAILED);
2498 		}
2499 	}
2500 
2501 	/*
2502 	 * Return jobs not sent to hardware back to kCF.
2503 	 */
2504 	dca_rejectjobs(dca);
2505 
2506 	/*
2507 	 * From this point on, no new work should be arriving, and the
2508 	 * chip should not be doing any active DMA.
2509 	 */
2510 
2511 	/*
2512 	 * Now find all the work submitted to the device and fail
2513 	 * them.
2514 	 */
2515 	for (mcr = MCR1; mcr <= MCR2; mcr++) {
2516 		dca_worklist_t	*wlp;
2517 		int		i;
2518 
2519 		wlp = WORKLIST(dca, mcr);
2520 
2521 		if (wlp == NULL || wlp->dwl_waitq.dl_prev == NULL) {
2522 			continue;
2523 		}
2524 		for (;;) {
2525 			dca_work_t	*workp;
2526 
2527 			have_mutex = mutex_tryenter(&wlp->dwl_lock);
2528 			workp = (dca_work_t *)dca_dequeue(&wlp->dwl_runq);
2529 			if (workp == NULL) {
2530 				if (have_mutex)
2531 					mutex_exit(&wlp->dwl_lock);
2532 				break;
2533 			}
2534 			mutex_exit(&wlp->dwl_lock);
2535 
2536 			/*
2537 			 * Free up requests
2538 			 */
2539 			for (i = 0; i < wlp->dwl_reqspermcr; i++) {
2540 				dca_request_t *reqp = workp->dw_reqs[i];
2541 				if (reqp) {
2542 					dca_done(reqp, errno);
2543 					workp->dw_reqs[i] = NULL;
2544 				}
2545 			}
2546 
2547 			mutex_enter(&wlp->dwl_lock);
2548 			/*
2549 			 * If waiting to drain, signal on the waiter.
2550 			 */
2551 			if (wlp->dwl_drain && QEMPTY(&wlp->dwl_runq)) {
2552 				cv_signal(&wlp->dwl_cv);
2553 			}
2554 
2555 			/*
2556 			 * Return the work and request structures to
2557 			 * the free pool.
2558 			 */
2559 			dca_freework(workp);
2560 			if (have_mutex)
2561 				mutex_exit(&wlp->dwl_lock);
2562 		}
2563 	}
2564 
2565 }
2566 
2567 #ifdef	SCHEDDELAY
2568 /*
2569  * Reschedule worklist as needed.
2570  */
2571 void
2572 dca_schedtimeout(void *arg)
2573 {
2574 	dca_worklist_t	*wlp = (dca_worklist_t *)arg;
2575 	mutex_enter(&wlp->dwl_lock);
2576 	wlp->dwl_schedtid = 0;
2577 	dca_schedule(wlp->dwl_dca, wlp->dwl_mcr);
2578 	mutex_exit(&wlp->dwl_lock);
2579 }
2580 #endif
2581 
2582 /*
2583  * Check for stalled jobs.
2584  */
2585 void
2586 dca_jobtimeout(void *arg)
2587 {
2588 	int		mcr;
2589 	dca_t		*dca = (dca_t *)arg;
2590 	int		hung = 0;
2591 
2592 	for (mcr = MCR1; mcr <= MCR2; mcr++) {
2593 		dca_worklist_t	*wlp = WORKLIST(dca, mcr);
2594 		dca_work_t	*workp;
2595 		clock_t		when;
2596 
2597 		mutex_enter(&wlp->dwl_lock);
2598 		when = ddi_get_lbolt();
2599 
2600 		workp = (dca_work_t *)dca_peekqueue(&wlp->dwl_runq);
2601 		if (workp == NULL) {
2602 			/* nothing sitting in the queue */
2603 			mutex_exit(&wlp->dwl_lock);
2604 			continue;
2605 		}
2606 
2607 		if ((when - workp->dw_lbolt) < drv_usectohz(STALETIME)) {
2608 			/* request has been queued for less than STALETIME */
2609 			mutex_exit(&wlp->dwl_lock);
2610 			continue;
2611 		}
2612 
2613 		/* job has been sitting around for over 1 second, badness */
2614 		DBG(dca, DWARN, "stale job (0x%p) found in MCR%d!", workp,
2615 		    mcr);
2616 
2617 		/* put it back in the queue, until we reset the chip */
2618 		hung++;
2619 		mutex_exit(&wlp->dwl_lock);
2620 	}
2621 
2622 	if (hung) {
2623 		dca_failure(dca, DDI_DEVICE_FAULT,
2624 		    DCA_FM_ECLASS_HW_TIMEOUT, dca_ena(0), CRYPTO_DEVICE_ERROR,
2625 		    "timeout processing job.)");
2626 	}
2627 
2628 	/* reschedule ourself */
2629 	mutex_enter(&dca->dca_intrlock);
2630 	if (dca->dca_jobtid == 0) {
2631 		/* timeout has been canceled, prior to DR */
2632 		mutex_exit(&dca->dca_intrlock);
2633 		return;
2634 	}
2635 
2636 	/* check again in 1 second */
2637 	dca->dca_jobtid = timeout(dca_jobtimeout, arg,
2638 	    drv_usectohz(SECOND));
2639 	mutex_exit(&dca->dca_intrlock);
2640 }
2641 
2642 /*
2643  * This returns all jobs back to kCF.  It assumes that processing
2644  * on the worklist has halted.
2645  */
2646 void
2647 dca_rejectjobs(dca_t *dca)
2648 {
2649 	int mcr;
2650 	int have_mutex;
2651 	for (mcr = MCR1; mcr <= MCR2; mcr++) {
2652 		dca_worklist_t	*wlp = WORKLIST(dca, mcr);
2653 		dca_request_t	*reqp;
2654 
2655 		if (wlp == NULL || wlp->dwl_waitq.dl_prev == NULL) {
2656 			continue;
2657 		}
2658 		have_mutex = mutex_tryenter(&wlp->dwl_lock);
2659 		for (;;) {
2660 			reqp = (dca_request_t *)dca_unqueue(&wlp->dwl_waitq);
2661 			if (reqp == NULL) {
2662 				break;
2663 			}
2664 			/* update flow control */
2665 			wlp->dwl_count--;
2666 			if ((wlp->dwl_count == wlp->dwl_lowater) &&
2667 			    (wlp->dwl_busy))  {
2668 				wlp->dwl_busy = 0;
2669 				crypto_prov_notify(wlp->dwl_prov,
2670 				    CRYPTO_PROVIDER_READY);
2671 			}
2672 			mutex_exit(&wlp->dwl_lock);
2673 
2674 			(void) dca_unbindchains(reqp);
2675 			reqp->dr_callback(reqp, EAGAIN);
2676 			mutex_enter(&wlp->dwl_lock);
2677 		}
2678 		if (have_mutex)
2679 			mutex_exit(&wlp->dwl_lock);
2680 	}
2681 }
2682 
2683 int
2684 dca_drain(dca_t *dca)
2685 {
2686 	int mcr;
2687 	for (mcr = MCR1; mcr <= MCR2; mcr++) {
2688 #ifdef	SCHEDDELAY
2689 		timeout_id_t	tid;
2690 #endif
2691 		dca_worklist_t *wlp = WORKLIST(dca, mcr);
2692 
2693 		mutex_enter(&wlp->dwl_lock);
2694 		wlp->dwl_drain = 1;
2695 
2696 		/* give it up to a second to drain from the chip */
2697 		if (!QEMPTY(&wlp->dwl_runq)) {
2698 			(void) cv_reltimedwait(&wlp->dwl_cv, &wlp->dwl_lock,
2699 			    drv_usectohz(STALETIME), TR_CLOCK_TICK);
2700 
2701 			if (!QEMPTY(&wlp->dwl_runq)) {
2702 				dca_error(dca, "unable to drain device");
2703 				mutex_exit(&wlp->dwl_lock);
2704 				dca_undrain(dca);
2705 				return (EBUSY);
2706 			}
2707 		}
2708 
2709 #ifdef	SCHEDDELAY
2710 		tid = wlp->dwl_schedtid;
2711 		mutex_exit(&wlp->dwl_lock);
2712 
2713 		/*
2714 		 * untimeout outside the lock -- this is safe because we
2715 		 * have set the drain flag, so dca_schedule() will not
2716 		 * reschedule another timeout
2717 		 */
2718 		if (tid) {
2719 			untimeout(tid);
2720 		}
2721 #else
2722 		mutex_exit(&wlp->dwl_lock);
2723 #endif
2724 	}
2725 	return (0);
2726 }
2727 
2728 void
2729 dca_undrain(dca_t *dca)
2730 {
2731 	int	mcr;
2732 
2733 	for (mcr = MCR1; mcr <= MCR2; mcr++) {
2734 		dca_worklist_t	*wlp = WORKLIST(dca, mcr);
2735 		mutex_enter(&wlp->dwl_lock);
2736 		wlp->dwl_drain = 0;
2737 		dca_schedule(dca, mcr);
2738 		mutex_exit(&wlp->dwl_lock);
2739 	}
2740 }
2741 
2742 /*
2743  * Duplicate the crypto_data_t structure, but point to the original
2744  * buffers.
2745  */
2746 int
2747 dca_dupcrypto(crypto_data_t *input, crypto_data_t *ninput)
2748 {
2749 	ninput->cd_format = input->cd_format;
2750 	ninput->cd_offset = input->cd_offset;
2751 	ninput->cd_length = input->cd_length;
2752 	ninput->cd_miscdata = input->cd_miscdata;
2753 
2754 	switch (input->cd_format) {
2755 	case CRYPTO_DATA_RAW:
2756 		ninput->cd_raw.iov_base = input->cd_raw.iov_base;
2757 		ninput->cd_raw.iov_len = input->cd_raw.iov_len;
2758 		break;
2759 
2760 	case CRYPTO_DATA_UIO:
2761 		ninput->cd_uio = input->cd_uio;
2762 		break;
2763 
2764 	case CRYPTO_DATA_MBLK:
2765 		ninput->cd_mp = input->cd_mp;
2766 		break;
2767 
2768 	default:
2769 		DBG(NULL, DWARN,
2770 		    "dca_dupcrypto: unrecognised crypto data format");
2771 		return (CRYPTO_FAILED);
2772 	}
2773 
2774 	return (CRYPTO_SUCCESS);
2775 }
2776 
2777 /*
2778  * Performs validation checks on the input and output data structures.
2779  */
2780 int
2781 dca_verifyio(crypto_data_t *input, crypto_data_t *output)
2782 {
2783 	int	rv = CRYPTO_SUCCESS;
2784 
2785 	switch (input->cd_format) {
2786 	case CRYPTO_DATA_RAW:
2787 		break;
2788 
2789 	case CRYPTO_DATA_UIO:
2790 		/* we support only kernel buffer */
2791 		if (input->cd_uio->uio_segflg != UIO_SYSSPACE) {
2792 			DBG(NULL, DWARN, "non kernel input uio buffer");
2793 			rv = CRYPTO_ARGUMENTS_BAD;
2794 		}
2795 		break;
2796 
2797 	case CRYPTO_DATA_MBLK:
2798 		break;
2799 
2800 	default:
2801 		DBG(NULL, DWARN, "unrecognised input crypto data format");
2802 		rv = CRYPTO_ARGUMENTS_BAD;
2803 	}
2804 
2805 	switch (output->cd_format) {
2806 	case CRYPTO_DATA_RAW:
2807 		break;
2808 
2809 	case CRYPTO_DATA_UIO:
2810 		/* we support only kernel buffer */
2811 		if (output->cd_uio->uio_segflg != UIO_SYSSPACE) {
2812 			DBG(NULL, DWARN, "non kernel output uio buffer");
2813 			rv = CRYPTO_ARGUMENTS_BAD;
2814 		}
2815 		break;
2816 
2817 	case CRYPTO_DATA_MBLK:
2818 		break;
2819 
2820 	default:
2821 		DBG(NULL, DWARN, "unrecognised output crypto data format");
2822 		rv = CRYPTO_ARGUMENTS_BAD;
2823 	}
2824 
2825 	return (rv);
2826 }
2827 
2828 /*
2829  * data: source crypto_data_t struct
2830  * off:	offset into the source before commencing copy
2831  * count: the amount of data to copy
2832  * dest: destination buffer
2833  */
2834 int
2835 dca_getbufbytes(crypto_data_t *data, size_t off, int count, uchar_t *dest)
2836 {
2837 	int rv = CRYPTO_SUCCESS;
2838 	uio_t *uiop;
2839 	uint_t vec_idx;
2840 	size_t cur_len;
2841 	mblk_t *mp;
2842 
2843 	if (count == 0) {
2844 		/* We don't want anything so we're done. */
2845 		return (rv);
2846 	}
2847 
2848 	/*
2849 	 * Sanity check that we haven't specified a length greater than the
2850 	 * offset adjusted size of the buffer.
2851 	 */
2852 	if (count > (data->cd_length - off)) {
2853 		return (CRYPTO_DATA_LEN_RANGE);
2854 	}
2855 
2856 	/* Add the internal crypto_data offset to the requested offset. */
2857 	off += data->cd_offset;
2858 
2859 	switch (data->cd_format) {
2860 	case CRYPTO_DATA_RAW:
2861 		bcopy(data->cd_raw.iov_base + off, dest, count);
2862 		break;
2863 
2864 	case CRYPTO_DATA_UIO:
2865 		/*
2866 		 * Jump to the first iovec containing data to be
2867 		 * processed.
2868 		 */
2869 		uiop = data->cd_uio;
2870 		for (vec_idx = 0; vec_idx < uiop->uio_iovcnt &&
2871 		    off >= uiop->uio_iov[vec_idx].iov_len;
2872 		    off -= uiop->uio_iov[vec_idx++].iov_len)
2873 			;
2874 		if (vec_idx == uiop->uio_iovcnt) {
2875 			/*
2876 			 * The caller specified an offset that is larger than
2877 			 * the total size of the buffers it provided.
2878 			 */
2879 			return (CRYPTO_DATA_LEN_RANGE);
2880 		}
2881 
2882 		/*
2883 		 * Now process the iovecs.
2884 		 */
2885 		while (vec_idx < uiop->uio_iovcnt && count > 0) {
2886 			cur_len = min(uiop->uio_iov[vec_idx].iov_len -
2887 			    off, count);
2888 			bcopy(uiop->uio_iov[vec_idx].iov_base + off, dest,
2889 			    cur_len);
2890 			count -= cur_len;
2891 			dest += cur_len;
2892 			vec_idx++;
2893 			off = 0;
2894 		}
2895 
2896 		if (vec_idx == uiop->uio_iovcnt && count > 0) {
2897 			/*
2898 			 * The end of the specified iovec's was reached but
2899 			 * the length requested could not be processed
2900 			 * (requested to digest more data than it provided).
2901 			 */
2902 			return (CRYPTO_DATA_LEN_RANGE);
2903 		}
2904 		break;
2905 
2906 	case CRYPTO_DATA_MBLK:
2907 		/*
2908 		 * Jump to the first mblk_t containing data to be processed.
2909 		 */
2910 		for (mp = data->cd_mp; mp != NULL && off >= MBLKL(mp);
2911 		    off -= MBLKL(mp), mp = mp->b_cont)
2912 			;
2913 		if (mp == NULL) {
2914 			/*
2915 			 * The caller specified an offset that is larger than
2916 			 * the total size of the buffers it provided.
2917 			 */
2918 			return (CRYPTO_DATA_LEN_RANGE);
2919 		}
2920 
2921 		/*
2922 		 * Now do the processing on the mblk chain.
2923 		 */
2924 		while (mp != NULL && count > 0) {
2925 			cur_len = min(MBLKL(mp) - off, count);
2926 			bcopy((char *)(mp->b_rptr + off), dest, cur_len);
2927 			count -= cur_len;
2928 			dest += cur_len;
2929 			mp = mp->b_cont;
2930 			off = 0;
2931 		}
2932 
2933 		if (mp == NULL && count > 0) {
2934 			/*
2935 			 * The end of the mblk was reached but the length
2936 			 * requested could not be processed, (requested to
2937 			 * digest more data than it provided).
2938 			 */
2939 			return (CRYPTO_DATA_LEN_RANGE);
2940 		}
2941 		break;
2942 
2943 	default:
2944 		DBG(NULL, DWARN, "unrecognised crypto data format");
2945 		rv = CRYPTO_ARGUMENTS_BAD;
2946 	}
2947 	return (rv);
2948 }
2949 
2950 
2951 /*
2952  * Performs the input, output or hard scatter/gather checks on the specified
2953  * crypto_data_t struct. Returns true if the data is scatter/gather in nature
2954  * ie fails the test.
2955  */
2956 int
2957 dca_sgcheck(dca_t *dca, crypto_data_t *data, dca_sg_param_t val)
2958 {
2959 	uio_t *uiop;
2960 	mblk_t *mp;
2961 	int rv = FALSE;
2962 
2963 	switch (val) {
2964 	case DCA_SG_CONTIG:
2965 		/*
2966 		 * Check for a contiguous data buffer.
2967 		 */
2968 		switch (data->cd_format) {
2969 		case CRYPTO_DATA_RAW:
2970 			/* Contiguous in nature */
2971 			break;
2972 
2973 		case CRYPTO_DATA_UIO:
2974 			if (data->cd_uio->uio_iovcnt > 1)
2975 				rv = TRUE;
2976 			break;
2977 
2978 		case CRYPTO_DATA_MBLK:
2979 			mp = data->cd_mp;
2980 			if (mp->b_cont != NULL)
2981 				rv = TRUE;
2982 			break;
2983 
2984 		default:
2985 			DBG(NULL, DWARN, "unrecognised crypto data format");
2986 		}
2987 		break;
2988 
2989 	case DCA_SG_WALIGN:
2990 		/*
2991 		 * Check for a contiguous data buffer that is 32-bit word
2992 		 * aligned and is of word multiples in size.
2993 		 */
2994 		switch (data->cd_format) {
2995 		case CRYPTO_DATA_RAW:
2996 			if ((data->cd_raw.iov_len % sizeof (uint32_t)) ||
2997 			    ((uintptr_t)data->cd_raw.iov_base %
2998 			    sizeof (uint32_t))) {
2999 				rv = TRUE;
3000 			}
3001 			break;
3002 
3003 		case CRYPTO_DATA_UIO:
3004 			uiop = data->cd_uio;
3005 			if (uiop->uio_iovcnt > 1) {
3006 				return (TRUE);
3007 			}
3008 			/* So there is only one iovec */
3009 			if ((uiop->uio_iov[0].iov_len % sizeof (uint32_t)) ||
3010 			    ((uintptr_t)uiop->uio_iov[0].iov_base %
3011 			    sizeof (uint32_t))) {
3012 				rv = TRUE;
3013 			}
3014 			break;
3015 
3016 		case CRYPTO_DATA_MBLK:
3017 			mp = data->cd_mp;
3018 			if (mp->b_cont != NULL) {
3019 				return (TRUE);
3020 			}
3021 			/* So there is only one mblk in the chain */
3022 			if ((MBLKL(mp) % sizeof (uint32_t)) ||
3023 			    ((uintptr_t)mp->b_rptr % sizeof (uint32_t))) {
3024 				rv = TRUE;
3025 			}
3026 			break;
3027 
3028 		default:
3029 			DBG(NULL, DWARN, "unrecognised crypto data format");
3030 		}
3031 		break;
3032 
3033 	case DCA_SG_PALIGN:
3034 		/*
3035 		 * Check that the data buffer is page aligned and is of
3036 		 * page multiples in size.
3037 		 */
3038 		switch (data->cd_format) {
3039 		case CRYPTO_DATA_RAW:
3040 			if ((data->cd_length % dca->dca_pagesize) ||
3041 			    ((uintptr_t)data->cd_raw.iov_base %
3042 			    dca->dca_pagesize)) {
3043 				rv = TRUE;
3044 			}
3045 			break;
3046 
3047 		case CRYPTO_DATA_UIO:
3048 			uiop = data->cd_uio;
3049 			if ((uiop->uio_iov[0].iov_len % dca->dca_pagesize) ||
3050 			    ((uintptr_t)uiop->uio_iov[0].iov_base %
3051 			    dca->dca_pagesize)) {
3052 				rv = TRUE;
3053 			}
3054 			break;
3055 
3056 		case CRYPTO_DATA_MBLK:
3057 			mp = data->cd_mp;
3058 			if ((MBLKL(mp) % dca->dca_pagesize) ||
3059 			    ((uintptr_t)mp->b_rptr % dca->dca_pagesize)) {
3060 				rv = TRUE;
3061 			}
3062 			break;
3063 
3064 		default:
3065 			DBG(NULL, DWARN, "unrecognised crypto data format");
3066 		}
3067 		break;
3068 
3069 	default:
3070 		DBG(NULL, DWARN, "unrecognised scatter/gather param type");
3071 	}
3072 
3073 	return (rv);
3074 }
3075 
3076 /*
3077  * Increments the cd_offset and decrements the cd_length as the data is
3078  * gathered from the crypto_data_t struct.
3079  * The data is reverse-copied into the dest buffer if the flag is true.
3080  */
3081 int
3082 dca_gather(crypto_data_t *in, char *dest, int count, int reverse)
3083 {
3084 	int	rv = CRYPTO_SUCCESS;
3085 	uint_t	vec_idx;
3086 	uio_t	*uiop;
3087 	off_t	off = in->cd_offset;
3088 	size_t	cur_len;
3089 	mblk_t	*mp;
3090 
3091 	switch (in->cd_format) {
3092 	case CRYPTO_DATA_RAW:
3093 		if (count > in->cd_length) {
3094 			/*
3095 			 * The caller specified a length greater than the
3096 			 * size of the buffer.
3097 			 */
3098 			return (CRYPTO_DATA_LEN_RANGE);
3099 		}
3100 		if (reverse)
3101 			dca_reverse(in->cd_raw.iov_base + off, dest, count,
3102 			    count);
3103 		else
3104 			bcopy(in->cd_raw.iov_base + in->cd_offset, dest, count);
3105 		in->cd_offset += count;
3106 		in->cd_length -= count;
3107 		break;
3108 
3109 	case CRYPTO_DATA_UIO:
3110 		/*
3111 		 * Jump to the first iovec containing data to be processed.
3112 		 */
3113 		uiop = in->cd_uio;
3114 		for (vec_idx = 0; vec_idx < uiop->uio_iovcnt &&
3115 		    off >= uiop->uio_iov[vec_idx].iov_len;
3116 		    off -= uiop->uio_iov[vec_idx++].iov_len)
3117 			;
3118 		if (vec_idx == uiop->uio_iovcnt) {
3119 			/*
3120 			 * The caller specified an offset that is larger than
3121 			 * the total size of the buffers it provided.
3122 			 */
3123 			return (CRYPTO_DATA_LEN_RANGE);
3124 		}
3125 
3126 		/*
3127 		 * Now process the iovecs.
3128 		 */
3129 		while (vec_idx < uiop->uio_iovcnt && count > 0) {
3130 			cur_len = min(uiop->uio_iov[vec_idx].iov_len -
3131 			    off, count);
3132 			count -= cur_len;
3133 			if (reverse) {
3134 				/* Fill the dest buffer from the end */
3135 				dca_reverse(uiop->uio_iov[vec_idx].iov_base +
3136 				    off, dest+count, cur_len, cur_len);
3137 			} else {
3138 				bcopy(uiop->uio_iov[vec_idx].iov_base + off,
3139 				    dest, cur_len);
3140 				dest += cur_len;
3141 			}
3142 			in->cd_offset += cur_len;
3143 			in->cd_length -= cur_len;
3144 			vec_idx++;
3145 			off = 0;
3146 		}
3147 
3148 		if (vec_idx == uiop->uio_iovcnt && count > 0) {
3149 			/*
3150 			 * The end of the specified iovec's was reached but
3151 			 * the length requested could not be processed
3152 			 * (requested to digest more data than it provided).
3153 			 */
3154 			return (CRYPTO_DATA_LEN_RANGE);
3155 		}
3156 		break;
3157 
3158 	case CRYPTO_DATA_MBLK:
3159 		/*
3160 		 * Jump to the first mblk_t containing data to be processed.
3161 		 */
3162 		for (mp = in->cd_mp; mp != NULL && off >= MBLKL(mp);
3163 		    off -= MBLKL(mp), mp = mp->b_cont)
3164 			;
3165 		if (mp == NULL) {
3166 			/*
3167 			 * The caller specified an offset that is larger than
3168 			 * the total size of the buffers it provided.
3169 			 */
3170 			return (CRYPTO_DATA_LEN_RANGE);
3171 		}
3172 
3173 		/*
3174 		 * Now do the processing on the mblk chain.
3175 		 */
3176 		while (mp != NULL && count > 0) {
3177 			cur_len = min(MBLKL(mp) - off, count);
3178 			count -= cur_len;
3179 			if (reverse) {
3180 				/* Fill the dest buffer from the end */
3181 				dca_reverse((char *)(mp->b_rptr + off),
3182 				    dest+count, cur_len, cur_len);
3183 			} else {
3184 				bcopy((char *)(mp->b_rptr + off), dest,
3185 				    cur_len);
3186 				dest += cur_len;
3187 			}
3188 			in->cd_offset += cur_len;
3189 			in->cd_length -= cur_len;
3190 			mp = mp->b_cont;
3191 			off = 0;
3192 		}
3193 
3194 		if (mp == NULL && count > 0) {
3195 			/*
3196 			 * The end of the mblk was reached but the length
3197 			 * requested could not be processed, (requested to
3198 			 * digest more data than it provided).
3199 			 */
3200 			return (CRYPTO_DATA_LEN_RANGE);
3201 		}
3202 		break;
3203 
3204 	default:
3205 		DBG(NULL, DWARN, "dca_gather: unrecognised crypto data format");
3206 		rv = CRYPTO_ARGUMENTS_BAD;
3207 	}
3208 	return (rv);
3209 }
3210 
3211 /*
3212  * Increments the cd_offset and decrements the cd_length as the data is
3213  * gathered from the crypto_data_t struct.
3214  */
3215 int
3216 dca_resid_gather(crypto_data_t *in, char *resid, int *residlen, char *dest,
3217     int count)
3218 {
3219 	int	rv = CRYPTO_SUCCESS;
3220 	caddr_t	baddr;
3221 	uint_t	vec_idx;
3222 	uio_t	*uiop;
3223 	off_t	off = in->cd_offset;
3224 	size_t	cur_len;
3225 	mblk_t	*mp;
3226 
3227 	/* Process the residual first */
3228 	if (*residlen > 0) {
3229 		uint_t	num = min(count, *residlen);
3230 		bcopy(resid, dest, num);
3231 		*residlen -= num;
3232 		if (*residlen > 0) {
3233 			/*
3234 			 * Requested amount 'count' is less than what's in
3235 			 * the residual, so shuffle any remaining resid to
3236 			 * the front.
3237 			 */
3238 			baddr = resid + num;
3239 			bcopy(baddr, resid, *residlen);
3240 		}
3241 		dest += num;
3242 		count -= num;
3243 	}
3244 
3245 	/* Now process what's in the crypto_data_t structs */
3246 	switch (in->cd_format) {
3247 	case CRYPTO_DATA_RAW:
3248 		if (count > in->cd_length) {
3249 			/*
3250 			 * The caller specified a length greater than the
3251 			 * size of the buffer.
3252 			 */
3253 			return (CRYPTO_DATA_LEN_RANGE);
3254 		}
3255 		bcopy(in->cd_raw.iov_base + in->cd_offset, dest, count);
3256 		in->cd_offset += count;
3257 		in->cd_length -= count;
3258 		break;
3259 
3260 	case CRYPTO_DATA_UIO:
3261 		/*
3262 		 * Jump to the first iovec containing data to be processed.
3263 		 */
3264 		uiop = in->cd_uio;
3265 		for (vec_idx = 0; vec_idx < uiop->uio_iovcnt &&
3266 		    off >= uiop->uio_iov[vec_idx].iov_len;
3267 		    off -= uiop->uio_iov[vec_idx++].iov_len)
3268 			;
3269 		if (vec_idx == uiop->uio_iovcnt) {
3270 			/*
3271 			 * The caller specified an offset that is larger than
3272 			 * the total size of the buffers it provided.
3273 			 */
3274 			return (CRYPTO_DATA_LEN_RANGE);
3275 		}
3276 
3277 		/*
3278 		 * Now process the iovecs.
3279 		 */
3280 		while (vec_idx < uiop->uio_iovcnt && count > 0) {
3281 			cur_len = min(uiop->uio_iov[vec_idx].iov_len -
3282 			    off, count);
3283 			bcopy(uiop->uio_iov[vec_idx].iov_base + off, dest,
3284 			    cur_len);
3285 			count -= cur_len;
3286 			dest += cur_len;
3287 			in->cd_offset += cur_len;
3288 			in->cd_length -= cur_len;
3289 			vec_idx++;
3290 			off = 0;
3291 		}
3292 
3293 		if (vec_idx == uiop->uio_iovcnt && count > 0) {
3294 			/*
3295 			 * The end of the specified iovec's was reached but
3296 			 * the length requested could not be processed
3297 			 * (requested to digest more data than it provided).
3298 			 */
3299 			return (CRYPTO_DATA_LEN_RANGE);
3300 		}
3301 		break;
3302 
3303 	case CRYPTO_DATA_MBLK:
3304 		/*
3305 		 * Jump to the first mblk_t containing data to be processed.
3306 		 */
3307 		for (mp = in->cd_mp; mp != NULL && off >= MBLKL(mp);
3308 		    off -= MBLKL(mp), mp = mp->b_cont)
3309 			;
3310 		if (mp == NULL) {
3311 			/*
3312 			 * The caller specified an offset that is larger than
3313 			 * the total size of the buffers it provided.
3314 			 */
3315 			return (CRYPTO_DATA_LEN_RANGE);
3316 		}
3317 
3318 		/*
3319 		 * Now do the processing on the mblk chain.
3320 		 */
3321 		while (mp != NULL && count > 0) {
3322 			cur_len = min(MBLKL(mp) - off, count);
3323 			bcopy((char *)(mp->b_rptr + off), dest, cur_len);
3324 			count -= cur_len;
3325 			dest += cur_len;
3326 			in->cd_offset += cur_len;
3327 			in->cd_length -= cur_len;
3328 			mp = mp->b_cont;
3329 			off = 0;
3330 		}
3331 
3332 		if (mp == NULL && count > 0) {
3333 			/*
3334 			 * The end of the mblk was reached but the length
3335 			 * requested could not be processed, (requested to
3336 			 * digest more data than it provided).
3337 			 */
3338 			return (CRYPTO_DATA_LEN_RANGE);
3339 		}
3340 		break;
3341 
3342 	default:
3343 		DBG(NULL, DWARN,
3344 		    "dca_resid_gather: unrecognised crypto data format");
3345 		rv = CRYPTO_ARGUMENTS_BAD;
3346 	}
3347 	return (rv);
3348 }
3349 
3350 /*
3351  * Appends the data to the crypto_data_t struct increasing cd_length.
3352  * cd_offset is left unchanged.
3353  * Data is reverse-copied if the flag is TRUE.
3354  */
3355 int
3356 dca_scatter(const char *src, crypto_data_t *out, int count, int reverse)
3357 {
3358 	int	rv = CRYPTO_SUCCESS;
3359 	off_t	offset = out->cd_offset + out->cd_length;
3360 	uint_t	vec_idx;
3361 	uio_t	*uiop;
3362 	size_t	cur_len;
3363 	mblk_t	*mp;
3364 
3365 	switch (out->cd_format) {
3366 	case CRYPTO_DATA_RAW:
3367 		if (out->cd_raw.iov_len - offset < count) {
3368 			/* Trying to write out more than space available. */
3369 			return (CRYPTO_DATA_LEN_RANGE);
3370 		}
3371 		if (reverse)
3372 			dca_reverse((void*) src, out->cd_raw.iov_base + offset,
3373 			    count, count);
3374 		else
3375 			bcopy(src, out->cd_raw.iov_base + offset, count);
3376 		out->cd_length += count;
3377 		break;
3378 
3379 	case CRYPTO_DATA_UIO:
3380 		/*
3381 		 * Jump to the first iovec that can be written to.
3382 		 */
3383 		uiop = out->cd_uio;
3384 		for (vec_idx = 0; vec_idx < uiop->uio_iovcnt &&
3385 		    offset >= uiop->uio_iov[vec_idx].iov_len;
3386 		    offset -= uiop->uio_iov[vec_idx++].iov_len)
3387 			;
3388 		if (vec_idx == uiop->uio_iovcnt) {
3389 			/*
3390 			 * The caller specified an offset that is larger than
3391 			 * the total size of the buffers it provided.
3392 			 */
3393 			return (CRYPTO_DATA_LEN_RANGE);
3394 		}
3395 
3396 		/*
3397 		 * Now process the iovecs.
3398 		 */
3399 		while (vec_idx < uiop->uio_iovcnt && count > 0) {
3400 			cur_len = min(uiop->uio_iov[vec_idx].iov_len -
3401 			    offset, count);
3402 			count -= cur_len;
3403 			if (reverse) {
3404 				dca_reverse((void*) (src+count),
3405 				    uiop->uio_iov[vec_idx].iov_base +
3406 				    offset, cur_len, cur_len);
3407 			} else {
3408 				bcopy(src, uiop->uio_iov[vec_idx].iov_base +
3409 				    offset, cur_len);
3410 				src += cur_len;
3411 			}
3412 			out->cd_length += cur_len;
3413 			vec_idx++;
3414 			offset = 0;
3415 		}
3416 
3417 		if (vec_idx == uiop->uio_iovcnt && count > 0) {
3418 			/*
3419 			 * The end of the specified iovec's was reached but
3420 			 * the length requested could not be processed
3421 			 * (requested to write more data than space provided).
3422 			 */
3423 			return (CRYPTO_DATA_LEN_RANGE);
3424 		}
3425 		break;
3426 
3427 	case CRYPTO_DATA_MBLK:
3428 		/*
3429 		 * Jump to the first mblk_t that can be written to.
3430 		 */
3431 		for (mp = out->cd_mp; mp != NULL && offset >= MBLKL(mp);
3432 		    offset -= MBLKL(mp), mp = mp->b_cont)
3433 			;
3434 		if (mp == NULL) {
3435 			/*
3436 			 * The caller specified an offset that is larger than
3437 			 * the total size of the buffers it provided.
3438 			 */
3439 			return (CRYPTO_DATA_LEN_RANGE);
3440 		}
3441 
3442 		/*
3443 		 * Now do the processing on the mblk chain.
3444 		 */
3445 		while (mp != NULL && count > 0) {
3446 			cur_len = min(MBLKL(mp) - offset, count);
3447 			count -= cur_len;
3448 			if (reverse) {
3449 				dca_reverse((void*) (src+count),
3450 				    (char *)(mp->b_rptr + offset), cur_len,
3451 				    cur_len);
3452 			} else {
3453 				bcopy(src, (char *)(mp->b_rptr + offset),
3454 				    cur_len);
3455 				src += cur_len;
3456 			}
3457 			out->cd_length += cur_len;
3458 			mp = mp->b_cont;
3459 			offset = 0;
3460 		}
3461 
3462 		if (mp == NULL && count > 0) {
3463 			/*
3464 			 * The end of the mblk was reached but the length
3465 			 * requested could not be processed, (requested to
3466 			 * digest more data than it provided).
3467 			 */
3468 			return (CRYPTO_DATA_LEN_RANGE);
3469 		}
3470 		break;
3471 
3472 	default:
3473 		DBG(NULL, DWARN, "unrecognised crypto data format");
3474 		rv = CRYPTO_ARGUMENTS_BAD;
3475 	}
3476 	return (rv);
3477 }
3478 
3479 /*
3480  * Compare two byte arrays in reverse order.
3481  * Return 0 if they are identical, 1 otherwise.
3482  */
3483 int
3484 dca_bcmp_reverse(const void *s1, const void *s2, size_t n)
3485 {
3486 	int i;
3487 	caddr_t src, dst;
3488 
3489 	if (!n)
3490 		return (0);
3491 
3492 	src = ((caddr_t)s1) + n - 1;
3493 	dst = (caddr_t)s2;
3494 	for (i = 0; i < n; i++) {
3495 		if (*src != *dst)
3496 			return (1);
3497 		src--;
3498 		dst++;
3499 	}
3500 
3501 	return (0);
3502 }
3503 
3504 
3505 /*
3506  * This calculates the size of a bignum in bits, specifically not counting
3507  * leading zero bits.  This size calculation must be done *before* any
3508  * endian reversal takes place (i.e. the numbers are in absolute big-endian
3509  * order.)
3510  */
3511 int
3512 dca_bitlen(unsigned char *bignum, int bytelen)
3513 {
3514 	unsigned char	msbyte;
3515 	int		i, j;
3516 
3517 	for (i = 0; i < bytelen - 1; i++) {
3518 		if (bignum[i] != 0) {
3519 			break;
3520 		}
3521 	}
3522 	msbyte = bignum[i];
3523 	for (j = 8; j > 1; j--) {
3524 		if (msbyte & 0x80) {
3525 			break;
3526 		}
3527 		msbyte <<= 1;
3528 	}
3529 	return ((8 * (bytelen - i - 1)) + j);
3530 }
3531 
3532 /*
3533  * This compares to bignums (in big-endian order).  It ignores leading
3534  * null bytes.  The result semantics follow bcmp, mempcmp, strcmp, etc.
3535  */
3536 int
3537 dca_numcmp(caddr_t n1, int n1len, caddr_t n2, int n2len)
3538 {
3539 	while ((n1len > 1) && (*n1 == 0)) {
3540 		n1len--;
3541 		n1++;
3542 	}
3543 	while ((n2len > 1) && (*n2 == 0)) {
3544 		n2len--;
3545 		n2++;
3546 	}
3547 	if (n1len != n2len) {
3548 		return (n1len - n2len);
3549 	}
3550 	while ((n1len > 1) && (*n1 == *n2)) {
3551 		n1++;
3552 		n2++;
3553 		n1len--;
3554 	}
3555 	return ((int)(*(uchar_t *)n1) - (int)(*(uchar_t *)n2));
3556 }
3557 
3558 /*
3559  * Return array of key attributes.
3560  */
3561 crypto_object_attribute_t *
3562 dca_get_key_attr(crypto_key_t *key)
3563 {
3564 	if ((key->ck_format != CRYPTO_KEY_ATTR_LIST) ||
3565 	    (key->ck_count == 0)) {
3566 		return (NULL);
3567 	}
3568 
3569 	return (key->ck_attrs);
3570 }
3571 
3572 /*
3573  * If attribute type exists valp points to it's 32-bit value.
3574  */
3575 int
3576 dca_attr_lookup_uint32(crypto_object_attribute_t *attrp, uint_t atnum,
3577     uint64_t atype, uint32_t *valp)
3578 {
3579 	crypto_object_attribute_t	*bap;
3580 
3581 	bap = dca_find_attribute(attrp, atnum, atype);
3582 	if (bap == NULL) {
3583 		return (CRYPTO_ATTRIBUTE_TYPE_INVALID);
3584 	}
3585 
3586 	*valp = *bap->oa_value;
3587 
3588 	return (CRYPTO_SUCCESS);
3589 }
3590 
3591 /*
3592  * If attribute type exists data contains the start address of the value,
3593  * and numelems contains it's length.
3594  */
3595 int
3596 dca_attr_lookup_uint8_array(crypto_object_attribute_t *attrp, uint_t atnum,
3597     uint64_t atype, void **data, unsigned int *numelems)
3598 {
3599 	crypto_object_attribute_t	*bap;
3600 
3601 	bap = dca_find_attribute(attrp, atnum, atype);
3602 	if (bap == NULL) {
3603 		return (CRYPTO_ATTRIBUTE_TYPE_INVALID);
3604 	}
3605 
3606 	*data = bap->oa_value;
3607 	*numelems = bap->oa_value_len;
3608 
3609 	return (CRYPTO_SUCCESS);
3610 }
3611 
3612 /*
3613  * Finds entry of specified name. If it is not found dca_find_attribute returns
3614  * NULL.
3615  */
3616 crypto_object_attribute_t *
3617 dca_find_attribute(crypto_object_attribute_t *attrp, uint_t atnum,
3618     uint64_t atype)
3619 {
3620 	while (atnum) {
3621 		if (attrp->oa_type == atype)
3622 			return (attrp);
3623 		atnum--;
3624 		attrp++;
3625 	}
3626 	return (NULL);
3627 }
3628 
3629 /*
3630  * Return the address of the first data buffer. If the data format is
3631  * unrecognised return NULL.
3632  */
3633 caddr_t
3634 dca_bufdaddr(crypto_data_t *data)
3635 {
3636 	switch (data->cd_format) {
3637 	case CRYPTO_DATA_RAW:
3638 		return (data->cd_raw.iov_base + data->cd_offset);
3639 	case CRYPTO_DATA_UIO:
3640 		return (data->cd_uio->uio_iov[0].iov_base + data->cd_offset);
3641 	case CRYPTO_DATA_MBLK:
3642 		return ((char *)data->cd_mp->b_rptr + data->cd_offset);
3643 	default:
3644 		DBG(NULL, DWARN,
3645 		    "dca_bufdaddr: unrecognised crypto data format");
3646 		return (NULL);
3647 	}
3648 }
3649 
3650 static caddr_t
3651 dca_bufdaddr_out(crypto_data_t *data)
3652 {
3653 	size_t offset = data->cd_offset + data->cd_length;
3654 
3655 	switch (data->cd_format) {
3656 	case CRYPTO_DATA_RAW:
3657 		return (data->cd_raw.iov_base + offset);
3658 	case CRYPTO_DATA_UIO:
3659 		return (data->cd_uio->uio_iov[0].iov_base + offset);
3660 	case CRYPTO_DATA_MBLK:
3661 		return ((char *)data->cd_mp->b_rptr + offset);
3662 	default:
3663 		DBG(NULL, DWARN,
3664 		    "dca_bufdaddr_out: unrecognised crypto data format");
3665 		return (NULL);
3666 	}
3667 }
3668 
3669 /*
3670  * Control entry points.
3671  */
3672 
3673 /* ARGSUSED */
3674 static void
3675 dca_provider_status(crypto_provider_handle_t provider, uint_t *status)
3676 {
3677 	*status = CRYPTO_PROVIDER_READY;
3678 }
3679 
3680 /*
3681  * Cipher (encrypt/decrypt) entry points.
3682  */
3683 
3684 /* ARGSUSED */
3685 static int
3686 dca_encrypt_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
3687     crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
3688     crypto_req_handle_t req)
3689 {
3690 	int error = CRYPTO_FAILED;
3691 	dca_t *softc;
3692 
3693 	softc = DCA_SOFTC_FROM_CTX(ctx);
3694 	DBG(softc, DENTRY, "dca_encrypt_init: started");
3695 
3696 	/* check mechanism */
3697 	switch (mechanism->cm_type) {
3698 	case DES_CBC_MECH_INFO_TYPE:
3699 		error = dca_3desctxinit(ctx, mechanism, key, KM_SLEEP,
3700 		    DR_ENCRYPT);
3701 		break;
3702 	case DES3_CBC_MECH_INFO_TYPE:
3703 		error = dca_3desctxinit(ctx, mechanism, key, KM_SLEEP,
3704 		    DR_ENCRYPT | DR_TRIPLE);
3705 		break;
3706 	case RSA_PKCS_MECH_INFO_TYPE:
3707 	case RSA_X_509_MECH_INFO_TYPE:
3708 		error = dca_rsainit(ctx, mechanism, key, KM_SLEEP);
3709 		break;
3710 	default:
3711 		cmn_err(CE_WARN, "dca_encrypt_init: unexpected mech type "
3712 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
3713 		error = CRYPTO_MECHANISM_INVALID;
3714 	}
3715 
3716 	DBG(softc, DENTRY, "dca_encrypt_init: done, err = 0x%x", error);
3717 
3718 	if (error == CRYPTO_SUCCESS)
3719 		dca_enlist2(&softc->dca_ctx_list, ctx->cc_provider_private,
3720 		    &softc->dca_ctx_list_lock);
3721 
3722 	return (error);
3723 }
3724 
3725 /* ARGSUSED */
3726 static int
3727 dca_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
3728     crypto_data_t *ciphertext, crypto_req_handle_t req)
3729 {
3730 	int error = CRYPTO_FAILED;
3731 	dca_t *softc;
3732 
3733 	if (!ctx || !ctx->cc_provider || !ctx->cc_provider_private)
3734 		return (CRYPTO_OPERATION_NOT_INITIALIZED);
3735 
3736 	softc = DCA_SOFTC_FROM_CTX(ctx);
3737 	DBG(softc, DENTRY, "dca_encrypt: started");
3738 
3739 	/* handle inplace ops */
3740 	if (!ciphertext) {
3741 		dca_request_t *reqp = ctx->cc_provider_private;
3742 		reqp->dr_flags |= DR_INPLACE;
3743 		ciphertext = plaintext;
3744 	}
3745 
3746 	/* check mechanism */
3747 	switch (DCA_MECH_FROM_CTX(ctx)) {
3748 	case DES_CBC_MECH_INFO_TYPE:
3749 		error = dca_3des(ctx, plaintext, ciphertext, req, DR_ENCRYPT);
3750 		break;
3751 	case DES3_CBC_MECH_INFO_TYPE:
3752 		error = dca_3des(ctx, plaintext, ciphertext, req,
3753 		    DR_ENCRYPT | DR_TRIPLE);
3754 		break;
3755 	case RSA_PKCS_MECH_INFO_TYPE:
3756 	case RSA_X_509_MECH_INFO_TYPE:
3757 		error = dca_rsastart(ctx, plaintext, ciphertext, req,
3758 		    DCA_RSA_ENC);
3759 		break;
3760 	default:
3761 		/* Should never reach here */
3762 		cmn_err(CE_WARN, "dca_encrypt: unexpected mech type "
3763 		    "0x%llx\n", (unsigned long long)DCA_MECH_FROM_CTX(ctx));
3764 		error = CRYPTO_MECHANISM_INVALID;
3765 	}
3766 
3767 	if ((error != CRYPTO_QUEUED) && (error != CRYPTO_SUCCESS) &&
3768 	    (error != CRYPTO_BUFFER_TOO_SMALL)) {
3769 		ciphertext->cd_length = 0;
3770 	}
3771 
3772 	DBG(softc, DENTRY, "dca_encrypt: done, err = 0x%x", error);
3773 
3774 	return (error);
3775 }
3776 
3777 /* ARGSUSED */
3778 static int
3779 dca_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext,
3780     crypto_data_t *ciphertext, crypto_req_handle_t req)
3781 {
3782 	int error = CRYPTO_FAILED;
3783 	dca_t *softc;
3784 
3785 	if (!ctx || !ctx->cc_provider || !ctx->cc_provider_private)
3786 		return (CRYPTO_OPERATION_NOT_INITIALIZED);
3787 
3788 	softc = DCA_SOFTC_FROM_CTX(ctx);
3789 	DBG(softc, DENTRY, "dca_encrypt_update: started");
3790 
3791 	/* handle inplace ops */
3792 	if (!ciphertext) {
3793 		dca_request_t *reqp = ctx->cc_provider_private;
3794 		reqp->dr_flags |= DR_INPLACE;
3795 		ciphertext = plaintext;
3796 	}
3797 
3798 	/* check mechanism */
3799 	switch (DCA_MECH_FROM_CTX(ctx)) {
3800 	case DES_CBC_MECH_INFO_TYPE:
3801 		error = dca_3desupdate(ctx, plaintext, ciphertext, req,
3802 		    DR_ENCRYPT);
3803 		break;
3804 	case DES3_CBC_MECH_INFO_TYPE:
3805 		error = dca_3desupdate(ctx, plaintext, ciphertext, req,
3806 		    DR_ENCRYPT | DR_TRIPLE);
3807 		break;
3808 	default:
3809 		/* Should never reach here */
3810 		cmn_err(CE_WARN, "dca_encrypt_update: unexpected mech type "
3811 		    "0x%llx\n", (unsigned long long)DCA_MECH_FROM_CTX(ctx));
3812 		error = CRYPTO_MECHANISM_INVALID;
3813 	}
3814 
3815 	DBG(softc, DENTRY, "dca_encrypt_update: done, err = 0x%x", error);
3816 
3817 	return (error);
3818 }
3819 
3820 /* ARGSUSED */
3821 static int
3822 dca_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
3823     crypto_req_handle_t req)
3824 {
3825 	int error = CRYPTO_FAILED;
3826 	dca_t *softc;
3827 
3828 	if (!ctx || !ctx->cc_provider || !ctx->cc_provider_private)
3829 		return (CRYPTO_OPERATION_NOT_INITIALIZED);
3830 
3831 	softc = DCA_SOFTC_FROM_CTX(ctx);
3832 	DBG(softc, DENTRY, "dca_encrypt_final: started");
3833 
3834 	/* check mechanism */
3835 	switch (DCA_MECH_FROM_CTX(ctx)) {
3836 	case DES_CBC_MECH_INFO_TYPE:
3837 		error = dca_3desfinal(ctx, ciphertext, DR_ENCRYPT);
3838 		break;
3839 	case DES3_CBC_MECH_INFO_TYPE:
3840 		error = dca_3desfinal(ctx, ciphertext, DR_ENCRYPT | DR_TRIPLE);
3841 		break;
3842 	default:
3843 		/* Should never reach here */
3844 		cmn_err(CE_WARN, "dca_encrypt_final: unexpected mech type "
3845 		    "0x%llx\n", (unsigned long long)DCA_MECH_FROM_CTX(ctx));
3846 		error = CRYPTO_MECHANISM_INVALID;
3847 	}
3848 
3849 	DBG(softc, DENTRY, "dca_encrypt_final: done, err = 0x%x", error);
3850 
3851 	return (error);
3852 }
3853 
3854 /* ARGSUSED */
3855 static int
3856 dca_encrypt_atomic(crypto_provider_handle_t provider,
3857     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
3858     crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext,
3859     crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
3860 {
3861 	int error = CRYPTO_FAILED;
3862 	dca_t *softc = (dca_t *)provider;
3863 
3864 	DBG(softc, DENTRY, "dca_encrypt_atomic: started");
3865 
3866 	if (ctx_template != NULL)
3867 		return (CRYPTO_ARGUMENTS_BAD);
3868 
3869 	/* handle inplace ops */
3870 	if (!ciphertext) {
3871 		ciphertext = plaintext;
3872 	}
3873 
3874 	/* check mechanism */
3875 	switch (mechanism->cm_type) {
3876 	case DES_CBC_MECH_INFO_TYPE:
3877 		error = dca_3desatomic(provider, session_id, mechanism, key,
3878 		    plaintext, ciphertext, KM_SLEEP, req,
3879 		    DR_ENCRYPT | DR_ATOMIC);
3880 		break;
3881 	case DES3_CBC_MECH_INFO_TYPE:
3882 		error = dca_3desatomic(provider, session_id, mechanism, key,
3883 		    plaintext, ciphertext, KM_SLEEP, req,
3884 		    DR_ENCRYPT | DR_TRIPLE | DR_ATOMIC);
3885 		break;
3886 	case RSA_PKCS_MECH_INFO_TYPE:
3887 	case RSA_X_509_MECH_INFO_TYPE:
3888 		error = dca_rsaatomic(provider, session_id, mechanism, key,
3889 		    plaintext, ciphertext, KM_SLEEP, req, DCA_RSA_ENC);
3890 		break;
3891 	default:
3892 		cmn_err(CE_WARN, "dca_encrypt_atomic: unexpected mech type "
3893 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
3894 		error = CRYPTO_MECHANISM_INVALID;
3895 	}
3896 
3897 	if ((error != CRYPTO_QUEUED) && (error != CRYPTO_SUCCESS)) {
3898 		ciphertext->cd_length = 0;
3899 	}
3900 
3901 	DBG(softc, DENTRY, "dca_encrypt_atomic: done, err = 0x%x", error);
3902 
3903 	return (error);
3904 }
3905 
3906 /* ARGSUSED */
3907 static int
3908 dca_decrypt_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
3909     crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
3910     crypto_req_handle_t req)
3911 {
3912 	int error = CRYPTO_FAILED;
3913 	dca_t *softc;
3914 
3915 	softc = DCA_SOFTC_FROM_CTX(ctx);
3916 	DBG(softc, DENTRY, "dca_decrypt_init: started");
3917 
3918 	/* check mechanism */
3919 	switch (mechanism->cm_type) {
3920 	case DES_CBC_MECH_INFO_TYPE:
3921 		error = dca_3desctxinit(ctx, mechanism, key, KM_SLEEP,
3922 		    DR_DECRYPT);
3923 		break;
3924 	case DES3_CBC_MECH_INFO_TYPE:
3925 		error = dca_3desctxinit(ctx, mechanism, key, KM_SLEEP,
3926 		    DR_DECRYPT | DR_TRIPLE);
3927 		break;
3928 	case RSA_PKCS_MECH_INFO_TYPE:
3929 	case RSA_X_509_MECH_INFO_TYPE:
3930 		error = dca_rsainit(ctx, mechanism, key, KM_SLEEP);
3931 		break;
3932 	default:
3933 		cmn_err(CE_WARN, "dca_decrypt_init: unexpected mech type "
3934 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
3935 		error = CRYPTO_MECHANISM_INVALID;
3936 	}
3937 
3938 	DBG(softc, DENTRY, "dca_decrypt_init: done, err = 0x%x", error);
3939 
3940 	if (error == CRYPTO_SUCCESS)
3941 		dca_enlist2(&softc->dca_ctx_list, ctx->cc_provider_private,
3942 		    &softc->dca_ctx_list_lock);
3943 
3944 	return (error);
3945 }
3946 
3947 /* ARGSUSED */
3948 static int
3949 dca_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
3950     crypto_data_t *plaintext, crypto_req_handle_t req)
3951 {
3952 	int error = CRYPTO_FAILED;
3953 	dca_t *softc;
3954 
3955 	if (!ctx || !ctx->cc_provider || !ctx->cc_provider_private)
3956 		return (CRYPTO_OPERATION_NOT_INITIALIZED);
3957 
3958 	softc = DCA_SOFTC_FROM_CTX(ctx);
3959 	DBG(softc, DENTRY, "dca_decrypt: started");
3960 
3961 	/* handle inplace ops */
3962 	if (!plaintext) {
3963 		dca_request_t *reqp = ctx->cc_provider_private;
3964 		reqp->dr_flags |= DR_INPLACE;
3965 		plaintext = ciphertext;
3966 	}
3967 
3968 	/* check mechanism */
3969 	switch (DCA_MECH_FROM_CTX(ctx)) {
3970 	case DES_CBC_MECH_INFO_TYPE:
3971 		error = dca_3des(ctx, ciphertext, plaintext, req, DR_DECRYPT);
3972 		break;
3973 	case DES3_CBC_MECH_INFO_TYPE:
3974 		error = dca_3des(ctx, ciphertext, plaintext, req,
3975 		    DR_DECRYPT | DR_TRIPLE);
3976 		break;
3977 	case RSA_PKCS_MECH_INFO_TYPE:
3978 	case RSA_X_509_MECH_INFO_TYPE:
3979 		error = dca_rsastart(ctx, ciphertext, plaintext, req,
3980 		    DCA_RSA_DEC);
3981 		break;
3982 	default:
3983 		/* Should never reach here */
3984 		cmn_err(CE_WARN, "dca_decrypt: unexpected mech type "
3985 		    "0x%llx\n", (unsigned long long)DCA_MECH_FROM_CTX(ctx));
3986 		error = CRYPTO_MECHANISM_INVALID;
3987 	}
3988 
3989 	if ((error != CRYPTO_QUEUED) && (error != CRYPTO_SUCCESS) &&
3990 	    (error != CRYPTO_BUFFER_TOO_SMALL)) {
3991 		if (plaintext)
3992 			plaintext->cd_length = 0;
3993 	}
3994 
3995 	DBG(softc, DENTRY, "dca_decrypt: done, err = 0x%x", error);
3996 
3997 	return (error);
3998 }
3999 
4000 /* ARGSUSED */
4001 static int
4002 dca_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
4003     crypto_data_t *plaintext, crypto_req_handle_t req)
4004 {
4005 	int error = CRYPTO_FAILED;
4006 	dca_t *softc;
4007 
4008 	if (!ctx || !ctx->cc_provider || !ctx->cc_provider_private)
4009 		return (CRYPTO_OPERATION_NOT_INITIALIZED);
4010 
4011 	softc = DCA_SOFTC_FROM_CTX(ctx);
4012 	DBG(softc, DENTRY, "dca_decrypt_update: started");
4013 
4014 	/* handle inplace ops */
4015 	if (!plaintext) {
4016 		dca_request_t *reqp = ctx->cc_provider_private;
4017 		reqp->dr_flags |= DR_INPLACE;
4018 		plaintext = ciphertext;
4019 	}
4020 
4021 	/* check mechanism */
4022 	switch (DCA_MECH_FROM_CTX(ctx)) {
4023 	case DES_CBC_MECH_INFO_TYPE:
4024 		error = dca_3desupdate(ctx, ciphertext, plaintext, req,
4025 		    DR_DECRYPT);
4026 		break;
4027 	case DES3_CBC_MECH_INFO_TYPE:
4028 		error = dca_3desupdate(ctx, ciphertext, plaintext, req,
4029 		    DR_DECRYPT | DR_TRIPLE);
4030 		break;
4031 	default:
4032 		/* Should never reach here */
4033 		cmn_err(CE_WARN, "dca_decrypt_update: unexpected mech type "
4034 		    "0x%llx\n", (unsigned long long)DCA_MECH_FROM_CTX(ctx));
4035 		error = CRYPTO_MECHANISM_INVALID;
4036 	}
4037 
4038 	DBG(softc, DENTRY, "dca_decrypt_update: done, err = 0x%x", error);
4039 
4040 	return (error);
4041 }
4042 
4043 /* ARGSUSED */
4044 static int
4045 dca_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *plaintext,
4046     crypto_req_handle_t req)
4047 {
4048 	int error = CRYPTO_FAILED;
4049 	dca_t *softc;
4050 
4051 	if (!ctx || !ctx->cc_provider || !ctx->cc_provider_private)
4052 		return (CRYPTO_OPERATION_NOT_INITIALIZED);
4053 
4054 	softc = DCA_SOFTC_FROM_CTX(ctx);
4055 	DBG(softc, DENTRY, "dca_decrypt_final: started");
4056 
4057 	/* check mechanism */
4058 	switch (DCA_MECH_FROM_CTX(ctx)) {
4059 	case DES_CBC_MECH_INFO_TYPE:
4060 		error = dca_3desfinal(ctx, plaintext, DR_DECRYPT);
4061 		break;
4062 	case DES3_CBC_MECH_INFO_TYPE:
4063 		error = dca_3desfinal(ctx, plaintext, DR_DECRYPT | DR_TRIPLE);
4064 		break;
4065 	default:
4066 		/* Should never reach here */
4067 		cmn_err(CE_WARN, "dca_decrypt_final: unexpected mech type "
4068 		    "0x%llx\n", (unsigned long long)DCA_MECH_FROM_CTX(ctx));
4069 		error = CRYPTO_MECHANISM_INVALID;
4070 	}
4071 
4072 	DBG(softc, DENTRY, "dca_decrypt_final: done, err = 0x%x", error);
4073 
4074 	return (error);
4075 }
4076 
4077 /* ARGSUSED */
4078 static int
4079 dca_decrypt_atomic(crypto_provider_handle_t provider,
4080     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
4081     crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext,
4082     crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
4083 {
4084 	int error = CRYPTO_FAILED;
4085 	dca_t *softc = (dca_t *)provider;
4086 
4087 	DBG(softc, DENTRY, "dca_decrypt_atomic: started");
4088 
4089 	if (ctx_template != NULL)
4090 		return (CRYPTO_ARGUMENTS_BAD);
4091 
4092 	/* handle inplace ops */
4093 	if (!plaintext) {
4094 		plaintext = ciphertext;
4095 	}
4096 
4097 	/* check mechanism */
4098 	switch (mechanism->cm_type) {
4099 	case DES_CBC_MECH_INFO_TYPE:
4100 		error = dca_3desatomic(provider, session_id, mechanism, key,
4101 		    ciphertext, plaintext, KM_SLEEP, req,
4102 		    DR_DECRYPT | DR_ATOMIC);
4103 		break;
4104 	case DES3_CBC_MECH_INFO_TYPE:
4105 		error = dca_3desatomic(provider, session_id, mechanism, key,
4106 		    ciphertext, plaintext, KM_SLEEP, req,
4107 		    DR_DECRYPT | DR_TRIPLE | DR_ATOMIC);
4108 		break;
4109 	case RSA_PKCS_MECH_INFO_TYPE:
4110 	case RSA_X_509_MECH_INFO_TYPE:
4111 		error = dca_rsaatomic(provider, session_id, mechanism, key,
4112 		    ciphertext, plaintext, KM_SLEEP, req, DCA_RSA_DEC);
4113 		break;
4114 	default:
4115 		cmn_err(CE_WARN, "dca_decrypt_atomic: unexpected mech type "
4116 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
4117 		error = CRYPTO_MECHANISM_INVALID;
4118 	}
4119 
4120 	if ((error != CRYPTO_QUEUED) && (error != CRYPTO_SUCCESS)) {
4121 		plaintext->cd_length = 0;
4122 	}
4123 
4124 	DBG(softc, DENTRY, "dca_decrypt_atomic: done, err = 0x%x", error);
4125 
4126 	return (error);
4127 }
4128 
4129 /*
4130  * Sign entry points.
4131  */
4132 
4133 /* ARGSUSED */
4134 static int
4135 dca_sign_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
4136     crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
4137     crypto_req_handle_t req)
4138 {
4139 	int error = CRYPTO_FAILED;
4140 	dca_t *softc;
4141 
4142 	softc = DCA_SOFTC_FROM_CTX(ctx);
4143 	DBG(softc, DENTRY, "dca_sign_init: started\n");
4144 
4145 	if (ctx_template != NULL)
4146 		return (CRYPTO_ARGUMENTS_BAD);
4147 
4148 	/* check mechanism */
4149 	switch (mechanism->cm_type) {
4150 	case RSA_PKCS_MECH_INFO_TYPE:
4151 	case RSA_X_509_MECH_INFO_TYPE:
4152 		error = dca_rsainit(ctx, mechanism, key, KM_SLEEP);
4153 		break;
4154 	case DSA_MECH_INFO_TYPE:
4155 		error = dca_dsainit(ctx, mechanism, key, KM_SLEEP,
4156 		    DCA_DSA_SIGN);
4157 		break;
4158 	default:
4159 		cmn_err(CE_WARN, "dca_sign_init: unexpected mech type "
4160 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
4161 		error = CRYPTO_MECHANISM_INVALID;
4162 	}
4163 
4164 	DBG(softc, DENTRY, "dca_sign_init: done, err = 0x%x", error);
4165 
4166 	if (error == CRYPTO_SUCCESS)
4167 		dca_enlist2(&softc->dca_ctx_list, ctx->cc_provider_private,
4168 		    &softc->dca_ctx_list_lock);
4169 
4170 	return (error);
4171 }
4172 
4173 static int
4174 dca_sign(crypto_ctx_t *ctx, crypto_data_t *data,
4175     crypto_data_t *signature, crypto_req_handle_t req)
4176 {
4177 	int error = CRYPTO_FAILED;
4178 	dca_t *softc;
4179 
4180 	if (!ctx || !ctx->cc_provider || !ctx->cc_provider_private)
4181 		return (CRYPTO_OPERATION_NOT_INITIALIZED);
4182 
4183 	softc = DCA_SOFTC_FROM_CTX(ctx);
4184 	DBG(softc, DENTRY, "dca_sign: started\n");
4185 
4186 	/* check mechanism */
4187 	switch (DCA_MECH_FROM_CTX(ctx)) {
4188 	case RSA_PKCS_MECH_INFO_TYPE:
4189 	case RSA_X_509_MECH_INFO_TYPE:
4190 		error = dca_rsastart(ctx, data, signature, req, DCA_RSA_SIGN);
4191 		break;
4192 	case DSA_MECH_INFO_TYPE:
4193 		error = dca_dsa_sign(ctx, data, signature, req);
4194 		break;
4195 	default:
4196 		cmn_err(CE_WARN, "dca_sign: unexpected mech type "
4197 		    "0x%llx\n", (unsigned long long)DCA_MECH_FROM_CTX(ctx));
4198 		error = CRYPTO_MECHANISM_INVALID;
4199 	}
4200 
4201 	DBG(softc, DENTRY, "dca_sign: done, err = 0x%x", error);
4202 
4203 	return (error);
4204 }
4205 
4206 /* ARGSUSED */
4207 static int
4208 dca_sign_update(crypto_ctx_t *ctx, crypto_data_t *data,
4209     crypto_req_handle_t req)
4210 {
4211 	int error = CRYPTO_MECHANISM_INVALID;
4212 	dca_t *softc;
4213 
4214 	if (!ctx || !ctx->cc_provider || !ctx->cc_provider_private)
4215 		return (CRYPTO_OPERATION_NOT_INITIALIZED);
4216 
4217 	softc = DCA_SOFTC_FROM_CTX(ctx);
4218 	DBG(softc, DENTRY, "dca_sign_update: started\n");
4219 
4220 	cmn_err(CE_WARN, "dca_sign_update: unexpected mech type "
4221 	    "0x%llx\n", (unsigned long long)DCA_MECH_FROM_CTX(ctx));
4222 
4223 	DBG(softc, DENTRY, "dca_sign_update: done, err = 0x%x", error);
4224 
4225 	return (error);
4226 }
4227 
4228 /* ARGSUSED */
4229 static int
4230 dca_sign_final(crypto_ctx_t *ctx, crypto_data_t *signature,
4231     crypto_req_handle_t req)
4232 {
4233 	int error = CRYPTO_MECHANISM_INVALID;
4234 	dca_t *softc;
4235 
4236 	if (!ctx || !ctx->cc_provider || !ctx->cc_provider_private)
4237 		return (CRYPTO_OPERATION_NOT_INITIALIZED);
4238 
4239 	softc = DCA_SOFTC_FROM_CTX(ctx);
4240 	DBG(softc, DENTRY, "dca_sign_final: started\n");
4241 
4242 	cmn_err(CE_WARN, "dca_sign_final: unexpected mech type "
4243 	    "0x%llx\n", (unsigned long long)DCA_MECH_FROM_CTX(ctx));
4244 
4245 	DBG(softc, DENTRY, "dca_sign_final: done, err = 0x%x", error);
4246 
4247 	return (error);
4248 }
4249 
4250 static int
4251 dca_sign_atomic(crypto_provider_handle_t provider,
4252     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
4253     crypto_key_t *key, crypto_data_t *data, crypto_data_t *signature,
4254     crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
4255 {
4256 	int error = CRYPTO_FAILED;
4257 	dca_t *softc = (dca_t *)provider;
4258 
4259 	DBG(softc, DENTRY, "dca_sign_atomic: started\n");
4260 
4261 	if (ctx_template != NULL)
4262 		return (CRYPTO_ARGUMENTS_BAD);
4263 
4264 	/* check mechanism */
4265 	switch (mechanism->cm_type) {
4266 	case RSA_PKCS_MECH_INFO_TYPE:
4267 	case RSA_X_509_MECH_INFO_TYPE:
4268 		error = dca_rsaatomic(provider, session_id, mechanism, key,
4269 		    data, signature, KM_SLEEP, req, DCA_RSA_SIGN);
4270 		break;
4271 	case DSA_MECH_INFO_TYPE:
4272 		error = dca_dsaatomic(provider, session_id, mechanism, key,
4273 		    data, signature, KM_SLEEP, req, DCA_DSA_SIGN);
4274 		break;
4275 	default:
4276 		cmn_err(CE_WARN, "dca_sign_atomic: unexpected mech type "
4277 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
4278 		error = CRYPTO_MECHANISM_INVALID;
4279 	}
4280 
4281 	DBG(softc, DENTRY, "dca_sign_atomic: done, err = 0x%x", error);
4282 
4283 	return (error);
4284 }
4285 
4286 /* ARGSUSED */
4287 static int
4288 dca_sign_recover_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
4289     crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
4290     crypto_req_handle_t req)
4291 {
4292 	int error = CRYPTO_FAILED;
4293 	dca_t *softc;
4294 
4295 	softc = DCA_SOFTC_FROM_CTX(ctx);
4296 	DBG(softc, DENTRY, "dca_sign_recover_init: started\n");
4297 
4298 	if (ctx_template != NULL)
4299 		return (CRYPTO_ARGUMENTS_BAD);
4300 
4301 	/* check mechanism */
4302 	switch (mechanism->cm_type) {
4303 	case RSA_PKCS_MECH_INFO_TYPE:
4304 	case RSA_X_509_MECH_INFO_TYPE:
4305 		error = dca_rsainit(ctx, mechanism, key, KM_SLEEP);
4306 		break;
4307 	default:
4308 		cmn_err(CE_WARN, "dca_sign_recover_init: unexpected mech type "
4309 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
4310 		error = CRYPTO_MECHANISM_INVALID;
4311 	}
4312 
4313 	DBG(softc, DENTRY, "dca_sign_recover_init: done, err = 0x%x", error);
4314 
4315 	if (error == CRYPTO_SUCCESS)
4316 		dca_enlist2(&softc->dca_ctx_list, ctx->cc_provider_private,
4317 		    &softc->dca_ctx_list_lock);
4318 
4319 	return (error);
4320 }
4321 
4322 static int
4323 dca_sign_recover(crypto_ctx_t *ctx, crypto_data_t *data,
4324     crypto_data_t *signature, crypto_req_handle_t req)
4325 {
4326 	int error = CRYPTO_FAILED;
4327 	dca_t *softc;
4328 
4329 	if (!ctx || !ctx->cc_provider || !ctx->cc_provider_private)
4330 		return (CRYPTO_OPERATION_NOT_INITIALIZED);
4331 
4332 	softc = DCA_SOFTC_FROM_CTX(ctx);
4333 	DBG(softc, DENTRY, "dca_sign_recover: started\n");
4334 
4335 	/* check mechanism */
4336 	switch (DCA_MECH_FROM_CTX(ctx)) {
4337 	case RSA_PKCS_MECH_INFO_TYPE:
4338 	case RSA_X_509_MECH_INFO_TYPE:
4339 		error = dca_rsastart(ctx, data, signature, req, DCA_RSA_SIGNR);
4340 		break;
4341 	default:
4342 		cmn_err(CE_WARN, "dca_sign_recover: unexpected mech type "
4343 		    "0x%llx\n", (unsigned long long)DCA_MECH_FROM_CTX(ctx));
4344 		error = CRYPTO_MECHANISM_INVALID;
4345 	}
4346 
4347 	DBG(softc, DENTRY, "dca_sign_recover: done, err = 0x%x", error);
4348 
4349 	return (error);
4350 }
4351 
4352 static int
4353 dca_sign_recover_atomic(crypto_provider_handle_t provider,
4354     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
4355     crypto_key_t *key, crypto_data_t *data, crypto_data_t *signature,
4356     crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
4357 {
4358 	int error = CRYPTO_FAILED;
4359 	dca_t *softc = (dca_t *)provider;
4360 
4361 	DBG(softc, DENTRY, "dca_sign_recover_atomic: started\n");
4362 
4363 	if (ctx_template != NULL)
4364 		return (CRYPTO_ARGUMENTS_BAD);
4365 
4366 	/* check mechanism */
4367 	switch (mechanism->cm_type) {
4368 	case RSA_PKCS_MECH_INFO_TYPE:
4369 	case RSA_X_509_MECH_INFO_TYPE:
4370 		error = dca_rsaatomic(provider, session_id, mechanism, key,
4371 		    data, signature, KM_SLEEP, req, DCA_RSA_SIGNR);
4372 		break;
4373 	default:
4374 		cmn_err(CE_WARN, "dca_sign_recover_atomic: unexpected mech type"
4375 		    " 0x%llx\n", (unsigned long long)mechanism->cm_type);
4376 		error = CRYPTO_MECHANISM_INVALID;
4377 	}
4378 
4379 	DBG(softc, DENTRY, "dca_sign_recover_atomic: done, err = 0x%x", error);
4380 
4381 	return (error);
4382 }
4383 
4384 /*
4385  * Verify entry points.
4386  */
4387 
4388 /* ARGSUSED */
4389 static int
4390 dca_verify_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
4391     crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
4392     crypto_req_handle_t req)
4393 {
4394 	int error = CRYPTO_FAILED;
4395 	dca_t *softc;
4396 
4397 	softc = DCA_SOFTC_FROM_CTX(ctx);
4398 	DBG(softc, DENTRY, "dca_verify_init: started\n");
4399 
4400 	if (ctx_template != NULL)
4401 		return (CRYPTO_ARGUMENTS_BAD);
4402 
4403 	/* check mechanism */
4404 	switch (mechanism->cm_type) {
4405 	case RSA_PKCS_MECH_INFO_TYPE:
4406 	case RSA_X_509_MECH_INFO_TYPE:
4407 		error = dca_rsainit(ctx, mechanism, key, KM_SLEEP);
4408 		break;
4409 	case DSA_MECH_INFO_TYPE:
4410 		error = dca_dsainit(ctx, mechanism, key, KM_SLEEP,
4411 		    DCA_DSA_VRFY);
4412 		break;
4413 	default:
4414 		cmn_err(CE_WARN, "dca_verify_init: unexpected mech type "
4415 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
4416 		error = CRYPTO_MECHANISM_INVALID;
4417 	}
4418 
4419 	DBG(softc, DENTRY, "dca_verify_init: done, err = 0x%x", error);
4420 
4421 	if (error == CRYPTO_SUCCESS)
4422 		dca_enlist2(&softc->dca_ctx_list, ctx->cc_provider_private,
4423 		    &softc->dca_ctx_list_lock);
4424 
4425 	return (error);
4426 }
4427 
4428 static int
4429 dca_verify(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *signature,
4430     crypto_req_handle_t req)
4431 {
4432 	int error = CRYPTO_FAILED;
4433 	dca_t *softc;
4434 
4435 	if (!ctx || !ctx->cc_provider || !ctx->cc_provider_private)
4436 		return (CRYPTO_OPERATION_NOT_INITIALIZED);
4437 
4438 	softc = DCA_SOFTC_FROM_CTX(ctx);
4439 	DBG(softc, DENTRY, "dca_verify: started\n");
4440 
4441 	/* check mechanism */
4442 	switch (DCA_MECH_FROM_CTX(ctx)) {
4443 	case RSA_PKCS_MECH_INFO_TYPE:
4444 	case RSA_X_509_MECH_INFO_TYPE:
4445 		error = dca_rsastart(ctx, signature, data, req, DCA_RSA_VRFY);
4446 		break;
4447 	case DSA_MECH_INFO_TYPE:
4448 		error = dca_dsa_verify(ctx, data, signature, req);
4449 		break;
4450 	default:
4451 		cmn_err(CE_WARN, "dca_verify: unexpected mech type "
4452 		    "0x%llx\n", (unsigned long long)DCA_MECH_FROM_CTX(ctx));
4453 		error = CRYPTO_MECHANISM_INVALID;
4454 	}
4455 
4456 	DBG(softc, DENTRY, "dca_verify: done, err = 0x%x", error);
4457 
4458 	return (error);
4459 }
4460 
4461 /* ARGSUSED */
4462 static int
4463 dca_verify_update(crypto_ctx_t *ctx, crypto_data_t *data,
4464     crypto_req_handle_t req)
4465 {
4466 	int error = CRYPTO_MECHANISM_INVALID;
4467 	dca_t *softc;
4468 
4469 	if (!ctx || !ctx->cc_provider || !ctx->cc_provider_private)
4470 		return (CRYPTO_OPERATION_NOT_INITIALIZED);
4471 
4472 	softc = DCA_SOFTC_FROM_CTX(ctx);
4473 	DBG(softc, DENTRY, "dca_verify_update: started\n");
4474 
4475 	cmn_err(CE_WARN, "dca_verify_update: unexpected mech type "
4476 	    "0x%llx\n", (unsigned long long)DCA_MECH_FROM_CTX(ctx));
4477 
4478 	DBG(softc, DENTRY, "dca_verify_update: done, err = 0x%x", error);
4479 
4480 	return (error);
4481 }
4482 
4483 /* ARGSUSED */
4484 static int
4485 dca_verify_final(crypto_ctx_t *ctx, crypto_data_t *signature,
4486     crypto_req_handle_t req)
4487 {
4488 	int error = CRYPTO_MECHANISM_INVALID;
4489 	dca_t *softc;
4490 
4491 	if (!ctx || !ctx->cc_provider || !ctx->cc_provider_private)
4492 		return (CRYPTO_OPERATION_NOT_INITIALIZED);
4493 
4494 	softc = DCA_SOFTC_FROM_CTX(ctx);
4495 	DBG(softc, DENTRY, "dca_verify_final: started\n");
4496 
4497 	cmn_err(CE_WARN, "dca_verify_final: unexpected mech type "
4498 	    "0x%llx\n", (unsigned long long)DCA_MECH_FROM_CTX(ctx));
4499 
4500 	DBG(softc, DENTRY, "dca_verify_final: done, err = 0x%x", error);
4501 
4502 	return (error);
4503 }
4504 
4505 static int
4506 dca_verify_atomic(crypto_provider_handle_t provider,
4507     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
4508     crypto_key_t *key, crypto_data_t *data, crypto_data_t *signature,
4509     crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
4510 {
4511 	int error = CRYPTO_FAILED;
4512 	dca_t *softc = (dca_t *)provider;
4513 
4514 	DBG(softc, DENTRY, "dca_verify_atomic: started\n");
4515 
4516 	if (ctx_template != NULL)
4517 		return (CRYPTO_ARGUMENTS_BAD);
4518 
4519 	/* check mechanism */
4520 	switch (mechanism->cm_type) {
4521 	case RSA_PKCS_MECH_INFO_TYPE:
4522 	case RSA_X_509_MECH_INFO_TYPE:
4523 		error = dca_rsaatomic(provider, session_id, mechanism, key,
4524 		    signature, data, KM_SLEEP, req, DCA_RSA_VRFY);
4525 		break;
4526 	case DSA_MECH_INFO_TYPE:
4527 		error = dca_dsaatomic(provider, session_id, mechanism, key,
4528 		    data, signature, KM_SLEEP, req, DCA_DSA_VRFY);
4529 		break;
4530 	default:
4531 		cmn_err(CE_WARN, "dca_verify_atomic: unexpected mech type "
4532 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
4533 		error = CRYPTO_MECHANISM_INVALID;
4534 	}
4535 
4536 	DBG(softc, DENTRY, "dca_verify_atomic: done, err = 0x%x", error);
4537 
4538 	return (error);
4539 }
4540 
4541 /* ARGSUSED */
4542 static int
4543 dca_verify_recover_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
4544     crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
4545     crypto_req_handle_t req)
4546 {
4547 	int error = CRYPTO_MECHANISM_INVALID;
4548 	dca_t *softc;
4549 
4550 	softc = DCA_SOFTC_FROM_CTX(ctx);
4551 	DBG(softc, DENTRY, "dca_verify_recover_init: started\n");
4552 
4553 	if (ctx_template != NULL)
4554 		return (CRYPTO_ARGUMENTS_BAD);
4555 
4556 	/* check mechanism */
4557 	switch (mechanism->cm_type) {
4558 	case RSA_PKCS_MECH_INFO_TYPE:
4559 	case RSA_X_509_MECH_INFO_TYPE:
4560 		error = dca_rsainit(ctx, mechanism, key, KM_SLEEP);
4561 		break;
4562 	default:
4563 		cmn_err(CE_WARN, "dca_verify_recover_init: unexpected mech type"
4564 		    " 0x%llx\n", (unsigned long long)mechanism->cm_type);
4565 	}
4566 
4567 	DBG(softc, DENTRY, "dca_verify_recover_init: done, err = 0x%x", error);
4568 
4569 	if (error == CRYPTO_SUCCESS)
4570 		dca_enlist2(&softc->dca_ctx_list, ctx->cc_provider_private,
4571 		    &softc->dca_ctx_list_lock);
4572 
4573 	return (error);
4574 }
4575 
4576 static int
4577 dca_verify_recover(crypto_ctx_t *ctx, crypto_data_t *signature,
4578     crypto_data_t *data, crypto_req_handle_t req)
4579 {
4580 	int error = CRYPTO_MECHANISM_INVALID;
4581 	dca_t *softc;
4582 
4583 	if (!ctx || !ctx->cc_provider || !ctx->cc_provider_private)
4584 		return (CRYPTO_OPERATION_NOT_INITIALIZED);
4585 
4586 	softc = DCA_SOFTC_FROM_CTX(ctx);
4587 	DBG(softc, DENTRY, "dca_verify_recover: started\n");
4588 
4589 	/* check mechanism */
4590 	switch (DCA_MECH_FROM_CTX(ctx)) {
4591 	case RSA_PKCS_MECH_INFO_TYPE:
4592 	case RSA_X_509_MECH_INFO_TYPE:
4593 		error = dca_rsastart(ctx, signature, data, req, DCA_RSA_VRFYR);
4594 		break;
4595 	default:
4596 		cmn_err(CE_WARN, "dca_verify_recover: unexpected mech type "
4597 		    "0x%llx\n", (unsigned long long)DCA_MECH_FROM_CTX(ctx));
4598 	}
4599 
4600 	DBG(softc, DENTRY, "dca_verify_recover: done, err = 0x%x", error);
4601 
4602 	return (error);
4603 }
4604 
4605 static int
4606 dca_verify_recover_atomic(crypto_provider_handle_t provider,
4607     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
4608     crypto_key_t *key, crypto_data_t *data, crypto_data_t *signature,
4609     crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
4610 {
4611 	int error = CRYPTO_MECHANISM_INVALID;
4612 	dca_t *softc = (dca_t *)provider;
4613 
4614 	DBG(softc, DENTRY, "dca_verify_recover_atomic: started\n");
4615 
4616 	if (ctx_template != NULL)
4617 		return (CRYPTO_ARGUMENTS_BAD);
4618 
4619 	/* check mechanism */
4620 	switch (mechanism->cm_type) {
4621 	case RSA_PKCS_MECH_INFO_TYPE:
4622 	case RSA_X_509_MECH_INFO_TYPE:
4623 		error = dca_rsaatomic(provider, session_id, mechanism, key,
4624 		    signature, data, KM_SLEEP, req, DCA_RSA_VRFYR);
4625 		break;
4626 	default:
4627 		cmn_err(CE_WARN, "dca_verify_recover_atomic: unexpected mech "
4628 		    "type 0x%llx\n", (unsigned long long)mechanism->cm_type);
4629 		error = CRYPTO_MECHANISM_INVALID;
4630 	}
4631 
4632 	DBG(softc, DENTRY,
4633 	    "dca_verify_recover_atomic: done, err = 0x%x", error);
4634 
4635 	return (error);
4636 }
4637 
4638 /*
4639  * Random number entry points.
4640  */
4641 
4642 /* ARGSUSED */
4643 static int
4644 dca_generate_random(crypto_provider_handle_t provider,
4645     crypto_session_id_t session_id,
4646     uchar_t *buf, size_t len, crypto_req_handle_t req)
4647 {
4648 	int error = CRYPTO_FAILED;
4649 	dca_t *softc = (dca_t *)provider;
4650 
4651 	DBG(softc, DENTRY, "dca_generate_random: started");
4652 
4653 	error = dca_rng(softc, buf, len, req);
4654 
4655 	DBG(softc, DENTRY, "dca_generate_random: done, err = 0x%x", error);
4656 
4657 	return (error);
4658 }
4659 
4660 /*
4661  * Context management entry points.
4662  */
4663 
4664 int
4665 dca_free_context(crypto_ctx_t *ctx)
4666 {
4667 	int error = CRYPTO_SUCCESS;
4668 	dca_t *softc;
4669 
4670 	softc = DCA_SOFTC_FROM_CTX(ctx);
4671 	DBG(softc, DENTRY, "dca_free_context: entered");
4672 
4673 	if (ctx->cc_provider_private == NULL)
4674 		return (error);
4675 
4676 	dca_rmlist2(ctx->cc_provider_private, &softc->dca_ctx_list_lock);
4677 
4678 	error = dca_free_context_low(ctx);
4679 
4680 	DBG(softc, DENTRY, "dca_free_context: done, err = 0x%x", error);
4681 
4682 	return (error);
4683 }
4684 
4685 static int
4686 dca_free_context_low(crypto_ctx_t *ctx)
4687 {
4688 	int error = CRYPTO_SUCCESS;
4689 
4690 	/* check mechanism */
4691 	switch (DCA_MECH_FROM_CTX(ctx)) {
4692 	case DES_CBC_MECH_INFO_TYPE:
4693 	case DES3_CBC_MECH_INFO_TYPE:
4694 		dca_3desctxfree(ctx);
4695 		break;
4696 	case RSA_PKCS_MECH_INFO_TYPE:
4697 	case RSA_X_509_MECH_INFO_TYPE:
4698 		dca_rsactxfree(ctx);
4699 		break;
4700 	case DSA_MECH_INFO_TYPE:
4701 		dca_dsactxfree(ctx);
4702 		break;
4703 	default:
4704 		/* Should never reach here */
4705 		cmn_err(CE_WARN, "dca_free_context_low: unexpected mech type "
4706 		    "0x%llx\n", (unsigned long long)DCA_MECH_FROM_CTX(ctx));
4707 		error = CRYPTO_MECHANISM_INVALID;
4708 	}
4709 
4710 	return (error);
4711 }
4712 
4713 
4714 /* Free any unfreed private context. It is called in detach. */
4715 static void
4716 dca_free_context_list(dca_t *dca)
4717 {
4718 	dca_listnode_t	*node;
4719 	crypto_ctx_t	ctx;
4720 
4721 	(void) memset(&ctx, 0, sizeof (ctx));
4722 	ctx.cc_provider = dca;
4723 
4724 	while ((node = dca_delist2(&dca->dca_ctx_list,
4725 	    &dca->dca_ctx_list_lock)) != NULL) {
4726 		ctx.cc_provider_private = node;
4727 		(void) dca_free_context_low(&ctx);
4728 	}
4729 }
4730 
4731 static int
4732 ext_info_sym(crypto_provider_handle_t prov,
4733     crypto_provider_ext_info_t *ext_info, crypto_req_handle_t cfreq)
4734 {
4735 	return (ext_info_base(prov, ext_info, cfreq, IDENT_SYM));
4736 }
4737 
4738 static int
4739 ext_info_asym(crypto_provider_handle_t prov,
4740     crypto_provider_ext_info_t *ext_info, crypto_req_handle_t cfreq)
4741 {
4742 	int rv;
4743 
4744 	rv = ext_info_base(prov, ext_info, cfreq, IDENT_ASYM);
4745 	/* The asymmetric cipher slot supports random */
4746 	ext_info->ei_flags |= CRYPTO_EXTF_RNG;
4747 
4748 	return (rv);
4749 }
4750 
4751 /* ARGSUSED */
4752 static int
4753 ext_info_base(crypto_provider_handle_t prov,
4754     crypto_provider_ext_info_t *ext_info, crypto_req_handle_t cfreq, char *id)
4755 {
4756 	dca_t   *dca = (dca_t *)prov;
4757 	int len;
4758 
4759 	/* Label */
4760 	(void) sprintf((char *)ext_info->ei_label, "%s/%d %s",
4761 	    ddi_driver_name(dca->dca_dip), ddi_get_instance(dca->dca_dip), id);
4762 	len = strlen((char *)ext_info->ei_label);
4763 	(void) memset(ext_info->ei_label + len, ' ',
4764 	    CRYPTO_EXT_SIZE_LABEL - len);
4765 
4766 	/* Manufacturer ID */
4767 	(void) sprintf((char *)ext_info->ei_manufacturerID, "%s",
4768 	    DCA_MANUFACTURER_ID);
4769 	len = strlen((char *)ext_info->ei_manufacturerID);
4770 	(void) memset(ext_info->ei_manufacturerID + len, ' ',
4771 	    CRYPTO_EXT_SIZE_MANUF - len);
4772 
4773 	/* Model */
4774 	(void) sprintf((char *)ext_info->ei_model, dca->dca_model);
4775 
4776 	DBG(dca, DWARN, "kCF MODEL: %s", (char *)ext_info->ei_model);
4777 
4778 	len = strlen((char *)ext_info->ei_model);
4779 	(void) memset(ext_info->ei_model + len, ' ',
4780 	    CRYPTO_EXT_SIZE_MODEL - len);
4781 
4782 	/* Serial Number. Blank for Deimos */
4783 	(void) memset(ext_info->ei_serial_number, ' ', CRYPTO_EXT_SIZE_SERIAL);
4784 
4785 	ext_info->ei_flags = CRYPTO_EXTF_WRITE_PROTECTED;
4786 
4787 	ext_info->ei_max_session_count = CRYPTO_UNAVAILABLE_INFO;
4788 	ext_info->ei_max_pin_len = CRYPTO_UNAVAILABLE_INFO;
4789 	ext_info->ei_min_pin_len = CRYPTO_UNAVAILABLE_INFO;
4790 	ext_info->ei_total_public_memory = CRYPTO_UNAVAILABLE_INFO;
4791 	ext_info->ei_free_public_memory = CRYPTO_UNAVAILABLE_INFO;
4792 	ext_info->ei_total_private_memory = CRYPTO_UNAVAILABLE_INFO;
4793 	ext_info->ei_free_private_memory = CRYPTO_UNAVAILABLE_INFO;
4794 	ext_info->ei_hardware_version.cv_major = 0;
4795 	ext_info->ei_hardware_version.cv_minor = 0;
4796 	ext_info->ei_firmware_version.cv_major = 0;
4797 	ext_info->ei_firmware_version.cv_minor = 0;
4798 
4799 	/* Time. No need to be supplied for token without a clock */
4800 	ext_info->ei_time[0] = '\000';
4801 
4802 	return (CRYPTO_SUCCESS);
4803 }
4804 
4805 static void
4806 dca_fma_init(dca_t *dca)
4807 {
4808 	ddi_iblock_cookie_t fm_ibc;
4809 	int fm_capabilities = DDI_FM_EREPORT_CAPABLE |
4810 	    DDI_FM_ACCCHK_CAPABLE | DDI_FM_DMACHK_CAPABLE |
4811 	    DDI_FM_ERRCB_CAPABLE;
4812 
4813 	/* Read FMA capabilities from dca.conf file (if present) */
4814 	dca->fm_capabilities = ddi_getprop(DDI_DEV_T_ANY, dca->dca_dip,
4815 	    DDI_PROP_CANSLEEP | DDI_PROP_DONTPASS, "fm-capable",
4816 	    fm_capabilities);
4817 
4818 	DBG(dca, DWARN, "dca->fm_capabilities = 0x%x", dca->fm_capabilities);
4819 
4820 	/* Only register with IO Fault Services if we have some capability */
4821 	if (dca->fm_capabilities) {
4822 		dca_regsattr.devacc_attr_access = DDI_FLAGERR_ACC;
4823 		dca_dmaattr.dma_attr_flags = DDI_DMA_FLAGERR;
4824 
4825 		/* Register capabilities with IO Fault Services */
4826 		ddi_fm_init(dca->dca_dip, &dca->fm_capabilities, &fm_ibc);
4827 		DBG(dca, DWARN, "fm_capable() =  0x%x",
4828 		    ddi_fm_capable(dca->dca_dip));
4829 
4830 		/*
4831 		 * Initialize pci ereport capabilities if ereport capable
4832 		 */
4833 		if (DDI_FM_EREPORT_CAP(dca->fm_capabilities) ||
4834 		    DDI_FM_ERRCB_CAP(dca->fm_capabilities))
4835 			pci_ereport_setup(dca->dca_dip);
4836 
4837 		/*
4838 		 * Initialize callback mutex and register error callback if
4839 		 * error callback capable.
4840 		 */
4841 		if (DDI_FM_ERRCB_CAP(dca->fm_capabilities)) {
4842 			ddi_fm_handler_register(dca->dca_dip, dca_fm_error_cb,
4843 			    (void *)dca);
4844 		}
4845 	} else {
4846 		/*
4847 		 * These fields have to be cleared of FMA if there are no
4848 		 * FMA capabilities at runtime.
4849 		 */
4850 		dca_regsattr.devacc_attr_access = DDI_DEFAULT_ACC;
4851 		dca_dmaattr.dma_attr_flags = 0;
4852 	}
4853 }
4854 
4855 
4856 static void
4857 dca_fma_fini(dca_t *dca)
4858 {
4859 	/* Only unregister FMA capabilities if we registered some */
4860 	if (dca->fm_capabilities) {
4861 
4862 		/*
4863 		 * Release any resources allocated by pci_ereport_setup()
4864 		 */
4865 		if (DDI_FM_EREPORT_CAP(dca->fm_capabilities) ||
4866 		    DDI_FM_ERRCB_CAP(dca->fm_capabilities)) {
4867 			pci_ereport_teardown(dca->dca_dip);
4868 		}
4869 
4870 		/*
4871 		 * Free callback mutex and un-register error callback if
4872 		 * error callback capable.
4873 		 */
4874 		if (DDI_FM_ERRCB_CAP(dca->fm_capabilities)) {
4875 			ddi_fm_handler_unregister(dca->dca_dip);
4876 		}
4877 
4878 		/* Unregister from IO Fault Services */
4879 		ddi_fm_fini(dca->dca_dip);
4880 		DBG(dca, DWARN, "fm_capable() = 0x%x",
4881 		    ddi_fm_capable(dca->dca_dip));
4882 	}
4883 }
4884 
4885 
4886 /*
4887  * The IO fault service error handling callback function
4888  */
4889 /*ARGSUSED*/
4890 static int
4891 dca_fm_error_cb(dev_info_t *dip, ddi_fm_error_t *err, const void *impl_data)
4892 {
4893 	dca_t		*dca = (dca_t *)impl_data;
4894 
4895 	pci_ereport_post(dip, err, NULL);
4896 	if (err->fme_status == DDI_FM_FATAL) {
4897 		dca_failure(dca, DDI_DATAPATH_FAULT,
4898 		    DCA_FM_ECLASS_NONE, dca_ena(0), CRYPTO_DEVICE_ERROR,
4899 		    "fault PCI in FMA callback.");
4900 	}
4901 	return (err->fme_status);
4902 }
4903 
4904 
4905 static int
4906 dca_check_acc_handle(dca_t *dca, ddi_acc_handle_t handle,
4907     dca_fma_eclass_t eclass_index)
4908 {
4909 	ddi_fm_error_t	de;
4910 	int		version = 0;
4911 
4912 	ddi_fm_acc_err_get(handle, &de, version);
4913 	if (de.fme_status != DDI_FM_OK) {
4914 		dca_failure(dca, DDI_DATAPATH_FAULT,
4915 		    eclass_index, fm_ena_increment(de.fme_ena),
4916 		    CRYPTO_DEVICE_ERROR, "");
4917 		return (DDI_FAILURE);
4918 	}
4919 
4920 	return (DDI_SUCCESS);
4921 }
4922 
4923 int
4924 dca_check_dma_handle(dca_t *dca, ddi_dma_handle_t handle,
4925     dca_fma_eclass_t eclass_index)
4926 {
4927 	ddi_fm_error_t	de;
4928 	int		version = 0;
4929 
4930 	ddi_fm_dma_err_get(handle, &de, version);
4931 	if (de.fme_status != DDI_FM_OK) {
4932 		dca_failure(dca, DDI_DATAPATH_FAULT,
4933 		    eclass_index, fm_ena_increment(de.fme_ena),
4934 		    CRYPTO_DEVICE_ERROR, "");
4935 		return (DDI_FAILURE);
4936 	}
4937 	return (DDI_SUCCESS);
4938 }
4939 
4940 static uint64_t
4941 dca_ena(uint64_t ena)
4942 {
4943 	if (ena == 0)
4944 		ena = fm_ena_generate(0, FM_ENA_FMT1);
4945 	else
4946 		ena = fm_ena_increment(ena);
4947 	return (ena);
4948 }
4949 
4950 static char *
4951 dca_fma_eclass_string(char *model, dca_fma_eclass_t index)
4952 {
4953 	if (strstr(model, "500"))
4954 		return (dca_fma_eclass_sca500[index]);
4955 	else
4956 		return (dca_fma_eclass_sca1000[index]);
4957 }
4958