ccp_hardware.c 57 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105
  1. /*-
  2. * SPDX-License-Identifier: BSD-2-Clause
  3. *
  4. * Copyright (c) 2017 Chelsio Communications, Inc.
  5. * Copyright (c) 2017 Conrad Meyer <cem@FreeBSD.org>
  6. * All rights reserved.
  7. * Largely borrowed from ccr(4), Written by: John Baldwin <jhb@FreeBSD.org>
  8. *
  9. * Redistribution and use in source and binary forms, with or without
  10. * modification, are permitted provided that the following conditions
  11. * are met:
  12. * 1. Redistributions of source code must retain the above copyright
  13. * notice, this list of conditions and the following disclaimer.
  14. * 2. Redistributions in binary form must reproduce the above copyright
  15. * notice, this list of conditions and the following disclaimer in the
  16. * documentation and/or other materials provided with the distribution.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  19. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  20. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  21. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  22. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  23. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  24. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  25. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  26. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  27. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  28. * SUCH DAMAGE.
  29. */
  30. #include <sys/cdefs.h>
  31. #include "opt_ddb.h"
  32. #include <sys/param.h>
  33. #include <sys/bus.h>
  34. #include <sys/lock.h>
  35. #include <sys/kernel.h>
  36. #include <sys/malloc.h>
  37. #include <sys/mutex.h>
  38. #include <sys/module.h>
  39. #include <sys/rman.h>
  40. #include <sys/sglist.h>
  41. #include <sys/sysctl.h>
  42. #ifdef DDB
  43. #include <ddb/ddb.h>
  44. #endif
  45. #include <dev/pci/pcireg.h>
  46. #include <dev/pci/pcivar.h>
  47. #include <machine/bus.h>
  48. #include <machine/resource.h>
  49. #include <machine/vmparam.h>
  50. #include <opencrypto/cryptodev.h>
  51. #include <opencrypto/xform.h>
  52. #include <vm/vm.h>
  53. #include <vm/pmap.h>
  54. #include "cryptodev_if.h"
  55. #include "ccp.h"
  56. #include "ccp_hardware.h"
  57. #include "ccp_lsb.h"
  58. CTASSERT(sizeof(struct ccp_desc) == 32);
  59. static struct ccp_xts_unitsize_map_entry {
  60. enum ccp_xts_unitsize cxu_id;
  61. unsigned cxu_size;
  62. } ccp_xts_unitsize_map[] = {
  63. { CCP_XTS_AES_UNIT_SIZE_16, 16 },
  64. { CCP_XTS_AES_UNIT_SIZE_512, 512 },
  65. { CCP_XTS_AES_UNIT_SIZE_1024, 1024 },
  66. { CCP_XTS_AES_UNIT_SIZE_2048, 2048 },
  67. { CCP_XTS_AES_UNIT_SIZE_4096, 4096 },
  68. };
  69. SYSCTL_NODE(_hw, OID_AUTO, ccp, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
  70. "ccp node");
  71. unsigned g_ccp_ring_order = 11;
  72. SYSCTL_UINT(_hw_ccp, OID_AUTO, ring_order, CTLFLAG_RDTUN, &g_ccp_ring_order,
  73. 0, "Set CCP ring order. (1 << this) == ring size. Min: 6, Max: 16");
  74. /*
  75. * Zero buffer, sufficient for padding LSB entries, that does not span a page
  76. * boundary
  77. */
  78. static const char g_zeroes[32] __aligned(32);
  79. static inline uint32_t
  80. ccp_read_4(struct ccp_softc *sc, uint32_t offset)
  81. {
  82. return (bus_space_read_4(sc->pci_bus_tag, sc->pci_bus_handle, offset));
  83. }
  84. static inline void
  85. ccp_write_4(struct ccp_softc *sc, uint32_t offset, uint32_t value)
  86. {
  87. bus_space_write_4(sc->pci_bus_tag, sc->pci_bus_handle, offset, value);
  88. }
  89. static inline uint32_t
  90. ccp_read_queue_4(struct ccp_softc *sc, unsigned queue, uint32_t offset)
  91. {
  92. /*
  93. * Each queue gets its own 4kB register space. Queue 0 is at 0x1000.
  94. */
  95. return (ccp_read_4(sc, (CMD_Q_STATUS_INCR * (1 + queue)) + offset));
  96. }
  97. static inline void
  98. ccp_write_queue_4(struct ccp_softc *sc, unsigned queue, uint32_t offset,
  99. uint32_t value)
  100. {
  101. ccp_write_4(sc, (CMD_Q_STATUS_INCR * (1 + queue)) + offset, value);
  102. }
  103. void
  104. ccp_queue_write_tail(struct ccp_queue *qp)
  105. {
  106. ccp_write_queue_4(qp->cq_softc, qp->cq_qindex, CMD_Q_TAIL_LO_BASE,
  107. ((uint32_t)qp->desc_ring_bus_addr) + (Q_DESC_SIZE * qp->cq_tail));
  108. }
  109. /*
  110. * Given a queue and a reserved LSB entry index, compute the LSB *entry id* of
  111. * that entry for the queue's private LSB region.
  112. */
  113. static inline uint8_t
  114. ccp_queue_lsb_entry(struct ccp_queue *qp, unsigned lsb_entry)
  115. {
  116. return ((qp->private_lsb * LSB_REGION_LENGTH + lsb_entry));
  117. }
  118. /*
  119. * Given a queue and a reserved LSB entry index, compute the LSB *address* of
  120. * that entry for the queue's private LSB region.
  121. */
  122. static inline uint32_t
  123. ccp_queue_lsb_address(struct ccp_queue *qp, unsigned lsb_entry)
  124. {
  125. return (ccp_queue_lsb_entry(qp, lsb_entry) * LSB_ENTRY_SIZE);
  126. }
  127. /*
  128. * Some terminology:
  129. *
  130. * LSB - Local Storage Block
  131. * =========================
  132. *
  133. * 8 segments/regions, each containing 16 entries.
  134. *
  135. * Each entry contains 256 bits (32 bytes).
  136. *
  137. * Segments are virtually addressed in commands, but accesses cannot cross
  138. * segment boundaries. Virtual map uses an identity mapping by default
  139. * (virtual segment N corresponds to physical segment N).
  140. *
  141. * Access to a physical region can be restricted to any subset of all five
  142. * queues.
  143. *
  144. * "Pass-through" mode
  145. * ===================
  146. *
  147. * Pass-through is a generic DMA engine, much like ioat(4). Some nice
  148. * features:
  149. *
  150. * - Supports byte-swapping for endian conversion (32- or 256-bit words)
  151. * - AND, OR, XOR with fixed 256-bit mask
  152. * - CRC32 of data (may be used in tandem with bswap, but not bit operations)
  153. * - Read/write of LSB
  154. * - Memset
  155. *
  156. * If bit manipulation mode is enabled, input must be a multiple of 256 bits
  157. * (32 bytes).
  158. *
  159. * If byte-swapping is enabled, input must be a multiple of the word size.
  160. *
  161. * Zlib mode -- only usable from one queue at a time, single job at a time.
  162. * ========================================================================
  163. *
  164. * Only usable from private host, aka PSP? Not host processor?
  165. *
  166. * RNG.
  167. * ====
  168. *
  169. * Raw bits are conditioned with AES and fed through CTR_DRBG. Output goes in
  170. * a ring buffer readable by software.
  171. *
  172. * NIST SP 800-90B Repetition Count and Adaptive Proportion health checks are
  173. * implemented on the raw input stream and may be enabled to verify min-entropy
  174. * of 0.5 bits per bit.
  175. */
  176. static void
  177. ccp_dmamap_cb(void *arg, bus_dma_segment_t *segs, int nseg, int error)
  178. {
  179. bus_addr_t *baddr;
  180. KASSERT(error == 0, ("%s: error:%d", __func__, error));
  181. baddr = arg;
  182. *baddr = segs->ds_addr;
  183. }
  184. static int
  185. ccp_hw_attach_queue(device_t dev, uint64_t lsbmask, unsigned queue)
  186. {
  187. struct ccp_softc *sc;
  188. struct ccp_queue *qp;
  189. void *desc;
  190. size_t ringsz, num_descriptors;
  191. int error;
  192. desc = NULL;
  193. sc = device_get_softc(dev);
  194. qp = &sc->queues[queue];
  195. /*
  196. * Don't bother allocating a ring for queues the host isn't allowed to
  197. * drive.
  198. */
  199. if ((sc->valid_queues & (1 << queue)) == 0)
  200. return (0);
  201. ccp_queue_decode_lsb_regions(sc, lsbmask, queue);
  202. /* Ignore queues that do not have any LSB access. */
  203. if (qp->lsb_mask == 0) {
  204. device_printf(dev, "Ignoring queue %u with no LSB access\n",
  205. queue);
  206. sc->valid_queues &= ~(1 << queue);
  207. return (0);
  208. }
  209. num_descriptors = 1 << sc->ring_size_order;
  210. ringsz = sizeof(struct ccp_desc) * num_descriptors;
  211. /*
  212. * "Queue_Size" is order - 1.
  213. *
  214. * Queue must be aligned to 5+Queue_Size+1 == 5 + order bits.
  215. */
  216. error = bus_dma_tag_create(bus_get_dma_tag(dev),
  217. 1 << (5 + sc->ring_size_order),
  218. #if defined(__i386__) && !defined(PAE)
  219. 0, BUS_SPACE_MAXADDR,
  220. #else
  221. (bus_addr_t)1 << 32, BUS_SPACE_MAXADDR_48BIT,
  222. #endif
  223. BUS_SPACE_MAXADDR, NULL, NULL, ringsz, 1,
  224. ringsz, 0, NULL, NULL, &qp->ring_desc_tag);
  225. if (error != 0)
  226. goto out;
  227. error = bus_dmamem_alloc(qp->ring_desc_tag, &desc,
  228. BUS_DMA_ZERO | BUS_DMA_WAITOK, &qp->ring_desc_map);
  229. if (error != 0)
  230. goto out;
  231. error = bus_dmamap_load(qp->ring_desc_tag, qp->ring_desc_map, desc,
  232. ringsz, ccp_dmamap_cb, &qp->desc_ring_bus_addr, BUS_DMA_WAITOK);
  233. if (error != 0)
  234. goto out;
  235. qp->desc_ring = desc;
  236. qp->completions_ring = malloc(num_descriptors *
  237. sizeof(*qp->completions_ring), M_CCP, M_ZERO | M_WAITOK);
  238. /* Zero control register; among other things, clears the RUN flag. */
  239. qp->qcontrol = 0;
  240. ccp_write_queue_4(sc, queue, CMD_Q_CONTROL_BASE, qp->qcontrol);
  241. ccp_write_queue_4(sc, queue, CMD_Q_INT_ENABLE_BASE, 0);
  242. /* Clear any leftover interrupt status flags */
  243. ccp_write_queue_4(sc, queue, CMD_Q_INTERRUPT_STATUS_BASE,
  244. ALL_INTERRUPTS);
  245. qp->qcontrol |= (sc->ring_size_order - 1) << CMD_Q_SIZE_SHIFT;
  246. ccp_write_queue_4(sc, queue, CMD_Q_TAIL_LO_BASE,
  247. (uint32_t)qp->desc_ring_bus_addr);
  248. ccp_write_queue_4(sc, queue, CMD_Q_HEAD_LO_BASE,
  249. (uint32_t)qp->desc_ring_bus_addr);
  250. /*
  251. * Enable completion interrupts, as well as error or administrative
  252. * halt interrupts. We don't use administrative halts, but they
  253. * shouldn't trip unless we do, so it ought to be harmless.
  254. */
  255. ccp_write_queue_4(sc, queue, CMD_Q_INT_ENABLE_BASE,
  256. INT_COMPLETION | INT_ERROR | INT_QUEUE_STOPPED);
  257. qp->qcontrol |= (qp->desc_ring_bus_addr >> 32) << CMD_Q_PTR_HI_SHIFT;
  258. qp->qcontrol |= CMD_Q_RUN;
  259. ccp_write_queue_4(sc, queue, CMD_Q_CONTROL_BASE, qp->qcontrol);
  260. out:
  261. if (error != 0) {
  262. if (qp->desc_ring != NULL)
  263. bus_dmamap_unload(qp->ring_desc_tag,
  264. qp->ring_desc_map);
  265. if (desc != NULL)
  266. bus_dmamem_free(qp->ring_desc_tag, desc,
  267. qp->ring_desc_map);
  268. if (qp->ring_desc_tag != NULL)
  269. bus_dma_tag_destroy(qp->ring_desc_tag);
  270. }
  271. return (error);
  272. }
  273. static void
  274. ccp_hw_detach_queue(device_t dev, unsigned queue)
  275. {
  276. struct ccp_softc *sc;
  277. struct ccp_queue *qp;
  278. sc = device_get_softc(dev);
  279. qp = &sc->queues[queue];
  280. /*
  281. * Don't bother allocating a ring for queues the host isn't allowed to
  282. * drive.
  283. */
  284. if ((sc->valid_queues & (1 << queue)) == 0)
  285. return;
  286. free(qp->completions_ring, M_CCP);
  287. bus_dmamap_unload(qp->ring_desc_tag, qp->ring_desc_map);
  288. bus_dmamem_free(qp->ring_desc_tag, qp->desc_ring, qp->ring_desc_map);
  289. bus_dma_tag_destroy(qp->ring_desc_tag);
  290. }
  291. static int
  292. ccp_map_pci_bar(device_t dev)
  293. {
  294. struct ccp_softc *sc;
  295. sc = device_get_softc(dev);
  296. sc->pci_resource_id = PCIR_BAR(2);
  297. sc->pci_resource = bus_alloc_resource_any(dev, SYS_RES_MEMORY,
  298. &sc->pci_resource_id, RF_ACTIVE);
  299. if (sc->pci_resource == NULL) {
  300. device_printf(dev, "unable to allocate pci resource\n");
  301. return (ENODEV);
  302. }
  303. sc->pci_resource_id_msix = PCIR_BAR(5);
  304. sc->pci_resource_msix = bus_alloc_resource_any(dev, SYS_RES_MEMORY,
  305. &sc->pci_resource_id_msix, RF_ACTIVE);
  306. if (sc->pci_resource_msix == NULL) {
  307. device_printf(dev, "unable to allocate pci resource msix\n");
  308. bus_release_resource(dev, SYS_RES_MEMORY, sc->pci_resource_id,
  309. sc->pci_resource);
  310. return (ENODEV);
  311. }
  312. sc->pci_bus_tag = rman_get_bustag(sc->pci_resource);
  313. sc->pci_bus_handle = rman_get_bushandle(sc->pci_resource);
  314. return (0);
  315. }
  316. static void
  317. ccp_unmap_pci_bar(device_t dev)
  318. {
  319. struct ccp_softc *sc;
  320. sc = device_get_softc(dev);
  321. bus_release_resource(dev, SYS_RES_MEMORY, sc->pci_resource_id_msix,
  322. sc->pci_resource_msix);
  323. bus_release_resource(dev, SYS_RES_MEMORY, sc->pci_resource_id,
  324. sc->pci_resource);
  325. }
  326. const static struct ccp_error_code {
  327. uint8_t ce_code;
  328. const char *ce_name;
  329. int ce_errno;
  330. const char *ce_desc;
  331. } ccp_error_codes[] = {
  332. { 0x01, "ILLEGAL_ENGINE", EIO, "Requested engine was invalid" },
  333. { 0x03, "ILLEGAL_FUNCTION_TYPE", EIO,
  334. "A non-supported function type was specified" },
  335. { 0x04, "ILLEGAL_FUNCTION_MODE", EIO,
  336. "A non-supported function mode was specified" },
  337. { 0x05, "ILLEGAL_FUNCTION_ENCRYPT", EIO,
  338. "A CMAC type was specified when ENCRYPT was not specified" },
  339. { 0x06, "ILLEGAL_FUNCTION_SIZE", EIO,
  340. "A non-supported function size was specified.\n"
  341. "AES-CFB: Size was not 127 or 7;\n"
  342. "3DES-CFB: Size was not 7;\n"
  343. "RSA: See supported size table (7.4.2);\n"
  344. "ECC: Size was greater than 576 bits." },
  345. { 0x07, "Zlib_MISSING_INIT_EOM", EIO,
  346. "Zlib command does not have INIT and EOM set" },
  347. { 0x08, "ILLEGAL_FUNCTION_RSVD", EIO,
  348. "Reserved bits in a function specification were not 0" },
  349. { 0x09, "ILLEGAL_BUFFER_LENGTH", EIO,
  350. "The buffer length specified was not correct for the selected engine"
  351. },
  352. { 0x0A, "VLSB_FAULT", EIO, "Illegal VLSB segment mapping:\n"
  353. "Undefined VLSB segment mapping or\n"
  354. "mapping to unsupported LSB segment id" },
  355. { 0x0B, "ILLEGAL_MEM_ADDR", EFAULT,
  356. "The specified source/destination buffer access was illegal:\n"
  357. "Data buffer located in a LSB location disallowed by the LSB protection masks; or\n"
  358. "Data buffer not completely contained within a single segment; or\n"
  359. "Pointer with Fixed=1 is not 32-bit aligned; or\n"
  360. "Pointer with Fixed=1 attempted to reference non-AXI1 (local) memory."
  361. },
  362. { 0x0C, "ILLEGAL_MEM_SEL", EIO,
  363. "A src_mem, dst_mem, or key_mem field was illegal:\n"
  364. "A field was set to a reserved value; or\n"
  365. "A public command attempted to reference AXI1 (local) or GART memory; or\n"
  366. "A Zlib command attmpted to use the LSB." },
  367. { 0x0D, "ILLEGAL_CONTEXT_ADDR", EIO,
  368. "The specified context location was illegal:\n"
  369. "Context located in a LSB location disallowed by the LSB protection masks; or\n"
  370. "Context not completely contained within a single segment." },
  371. { 0x0E, "ILLEGAL_KEY_ADDR", EIO,
  372. "The specified key location was illegal:\n"
  373. "Key located in a LSB location disallowed by the LSB protection masks; or\n"
  374. "Key not completely contained within a single segment." },
  375. { 0x12, "CMD_TIMEOUT", EIO, "A command timeout violation occurred" },
  376. /* XXX Could fill out these descriptions too */
  377. { 0x13, "IDMA0_AXI_SLVERR", EIO, "" },
  378. { 0x14, "IDMA0_AXI_DECERR", EIO, "" },
  379. { 0x16, "IDMA1_AXI_SLVERR", EIO, "" },
  380. { 0x17, "IDMA1_AXI_DECERR", EIO, "" },
  381. { 0x19, "ZLIBVHB_AXI_SLVERR", EIO, "" },
  382. { 0x1A, "ZLIBVHB_AXI_DECERR", EIO, "" },
  383. { 0x1C, "ZLIB_UNEXPECTED_EOM", EIO, "" },
  384. { 0x1D, "ZLIB_EXTRA_DATA", EIO, "" },
  385. { 0x1E, "ZLIB_BTYPE", EIO, "" },
  386. { 0x20, "ZLIB_UNDEFINED_DISTANCE_SYMBOL", EIO, "" },
  387. { 0x21, "ZLIB_CODE_LENGTH_SYMBOL", EIO, "" },
  388. { 0x22, "ZLIB_VHB_ILLEGAL_FETCH", EIO, "" },
  389. { 0x23, "ZLIB_UNCOMPRESSED_LEN", EIO, "" },
  390. { 0x24, "ZLIB_LIMIT_REACHED", EIO, "" },
  391. { 0x25, "ZLIB_CHECKSUM_MISMATCH", EIO, "" },
  392. { 0x26, "ODMA0_AXI_SLVERR", EIO, "" },
  393. { 0x27, "ODMA0_AXI_DECERR", EIO, "" },
  394. { 0x29, "ODMA1_AXI_SLVERR", EIO, "" },
  395. { 0x2A, "ODMA1_AXI_DECERR", EIO, "" },
  396. { 0x2B, "LSB_PARITY_ERR", EIO,
  397. "A read from the LSB encountered a parity error" },
  398. };
  399. static void
  400. ccp_intr_handle_error(struct ccp_queue *qp, const struct ccp_desc *desc)
  401. {
  402. struct ccp_completion_ctx *cctx;
  403. const struct ccp_error_code *ec;
  404. struct ccp_softc *sc;
  405. uint32_t status, error, esource, faultblock;
  406. unsigned q, idx;
  407. int errno;
  408. sc = qp->cq_softc;
  409. q = qp->cq_qindex;
  410. status = ccp_read_queue_4(sc, q, CMD_Q_STATUS_BASE);
  411. error = status & STATUS_ERROR_MASK;
  412. /* Decode error status */
  413. ec = NULL;
  414. for (idx = 0; idx < nitems(ccp_error_codes); idx++)
  415. if (ccp_error_codes[idx].ce_code == error) {
  416. ec = &ccp_error_codes[idx];
  417. break;
  418. }
  419. esource = (status >> STATUS_ERRORSOURCE_SHIFT) &
  420. STATUS_ERRORSOURCE_MASK;
  421. faultblock = (status >> STATUS_VLSB_FAULTBLOCK_SHIFT) &
  422. STATUS_VLSB_FAULTBLOCK_MASK;
  423. device_printf(sc->dev, "Error: %s (%u) Source: %u Faulting LSB block: %u\n",
  424. (ec != NULL) ? ec->ce_name : "(reserved)", error, esource,
  425. faultblock);
  426. if (ec != NULL)
  427. device_printf(sc->dev, "Error description: %s\n", ec->ce_desc);
  428. /* TODO Could format the desc nicely here */
  429. idx = desc - qp->desc_ring;
  430. DPRINTF(sc->dev, "Bad descriptor index: %u contents: %32D\n", idx,
  431. (const void *)desc, " ");
  432. /*
  433. * TODO Per § 14.4 "Error Handling," DMA_Status, DMA_Read/Write_Status,
  434. * Zlib Decompress status may be interesting.
  435. */
  436. while (true) {
  437. /* Keep unused descriptors zero for next use. */
  438. memset(&qp->desc_ring[idx], 0, sizeof(qp->desc_ring[idx]));
  439. cctx = &qp->completions_ring[idx];
  440. /*
  441. * Restart procedure described in § 14.2.5. Could be used by HoC if we
  442. * used that.
  443. *
  444. * Advance HEAD_LO past bad descriptor + any remaining in
  445. * transaction manually, then restart queue.
  446. */
  447. idx = (idx + 1) % (1 << sc->ring_size_order);
  448. /* Callback function signals end of transaction */
  449. if (cctx->callback_fn != NULL) {
  450. if (ec == NULL)
  451. errno = EIO;
  452. else
  453. errno = ec->ce_errno;
  454. /* TODO More specific error code */
  455. cctx->callback_fn(qp, cctx->session, cctx->callback_arg, errno);
  456. cctx->callback_fn = NULL;
  457. break;
  458. }
  459. }
  460. qp->cq_head = idx;
  461. qp->cq_waiting = false;
  462. wakeup(&qp->cq_tail);
  463. DPRINTF(sc->dev, "%s: wrote sw head:%u\n", __func__, qp->cq_head);
  464. ccp_write_queue_4(sc, q, CMD_Q_HEAD_LO_BASE,
  465. (uint32_t)qp->desc_ring_bus_addr + (idx * Q_DESC_SIZE));
  466. ccp_write_queue_4(sc, q, CMD_Q_CONTROL_BASE, qp->qcontrol);
  467. DPRINTF(sc->dev, "%s: Restarted queue\n", __func__);
  468. }
  469. static void
  470. ccp_intr_run_completions(struct ccp_queue *qp, uint32_t ints)
  471. {
  472. struct ccp_completion_ctx *cctx;
  473. struct ccp_softc *sc;
  474. const struct ccp_desc *desc;
  475. uint32_t headlo, idx;
  476. unsigned q, completed;
  477. sc = qp->cq_softc;
  478. q = qp->cq_qindex;
  479. mtx_lock(&qp->cq_lock);
  480. /*
  481. * Hardware HEAD_LO points to the first incomplete descriptor. Process
  482. * any submitted and completed descriptors, up to but not including
  483. * HEAD_LO.
  484. */
  485. headlo = ccp_read_queue_4(sc, q, CMD_Q_HEAD_LO_BASE);
  486. idx = (headlo - (uint32_t)qp->desc_ring_bus_addr) / Q_DESC_SIZE;
  487. DPRINTF(sc->dev, "%s: hw head:%u sw head:%u\n", __func__, idx,
  488. qp->cq_head);
  489. completed = 0;
  490. while (qp->cq_head != idx) {
  491. DPRINTF(sc->dev, "%s: completing:%u\n", __func__, qp->cq_head);
  492. cctx = &qp->completions_ring[qp->cq_head];
  493. if (cctx->callback_fn != NULL) {
  494. cctx->callback_fn(qp, cctx->session,
  495. cctx->callback_arg, 0);
  496. cctx->callback_fn = NULL;
  497. }
  498. /* Keep unused descriptors zero for next use. */
  499. memset(&qp->desc_ring[qp->cq_head], 0,
  500. sizeof(qp->desc_ring[qp->cq_head]));
  501. qp->cq_head = (qp->cq_head + 1) % (1 << sc->ring_size_order);
  502. completed++;
  503. }
  504. if (completed > 0) {
  505. qp->cq_waiting = false;
  506. wakeup(&qp->cq_tail);
  507. }
  508. DPRINTF(sc->dev, "%s: wrote sw head:%u\n", __func__, qp->cq_head);
  509. /*
  510. * Desc points to the first incomplete descriptor, at the time we read
  511. * HEAD_LO. If there was an error flagged in interrupt status, the HW
  512. * will not proceed past the erroneous descriptor by itself.
  513. */
  514. desc = &qp->desc_ring[idx];
  515. if ((ints & INT_ERROR) != 0)
  516. ccp_intr_handle_error(qp, desc);
  517. mtx_unlock(&qp->cq_lock);
  518. }
  519. static void
  520. ccp_intr_handler(void *arg)
  521. {
  522. struct ccp_softc *sc = arg;
  523. size_t i;
  524. uint32_t ints;
  525. DPRINTF(sc->dev, "%s: interrupt\n", __func__);
  526. /*
  527. * We get one global interrupt per PCI device, shared over all of
  528. * its queues. Scan each valid queue on interrupt for flags indicating
  529. * activity.
  530. */
  531. for (i = 0; i < nitems(sc->queues); i++) {
  532. if ((sc->valid_queues & (1 << i)) == 0)
  533. continue;
  534. ints = ccp_read_queue_4(sc, i, CMD_Q_INTERRUPT_STATUS_BASE);
  535. if (ints == 0)
  536. continue;
  537. #if 0
  538. DPRINTF(sc->dev, "%s: %x interrupts on queue %zu\n", __func__,
  539. (unsigned)ints, i);
  540. #endif
  541. /* Write back 1s to clear interrupt status bits. */
  542. ccp_write_queue_4(sc, i, CMD_Q_INTERRUPT_STATUS_BASE, ints);
  543. /*
  544. * If there was an error, we still need to run completions on
  545. * any descriptors prior to the error. The completions handler
  546. * invoked below will also handle the error descriptor.
  547. */
  548. if ((ints & (INT_COMPLETION | INT_ERROR)) != 0)
  549. ccp_intr_run_completions(&sc->queues[i], ints);
  550. if ((ints & INT_QUEUE_STOPPED) != 0)
  551. device_printf(sc->dev, "%s: queue %zu stopped\n",
  552. __func__, i);
  553. }
  554. /* Re-enable interrupts after processing */
  555. for (i = 0; i < nitems(sc->queues); i++) {
  556. if ((sc->valid_queues & (1 << i)) == 0)
  557. continue;
  558. ccp_write_queue_4(sc, i, CMD_Q_INT_ENABLE_BASE,
  559. INT_COMPLETION | INT_ERROR | INT_QUEUE_STOPPED);
  560. }
  561. }
  562. static int
  563. ccp_intr_filter(void *arg)
  564. {
  565. struct ccp_softc *sc = arg;
  566. size_t i;
  567. /* TODO: Split individual queues into separate taskqueues? */
  568. for (i = 0; i < nitems(sc->queues); i++) {
  569. if ((sc->valid_queues & (1 << i)) == 0)
  570. continue;
  571. /* Mask interrupt until task completes */
  572. ccp_write_queue_4(sc, i, CMD_Q_INT_ENABLE_BASE, 0);
  573. }
  574. return (FILTER_SCHEDULE_THREAD);
  575. }
  576. static int
  577. ccp_setup_interrupts(struct ccp_softc *sc)
  578. {
  579. uint32_t nvec;
  580. int rid, error, n, ridcopy;
  581. n = pci_msix_count(sc->dev);
  582. if (n < 1) {
  583. device_printf(sc->dev, "%s: msix_count: %d\n", __func__, n);
  584. return (ENXIO);
  585. }
  586. nvec = n;
  587. error = pci_alloc_msix(sc->dev, &nvec);
  588. if (error != 0) {
  589. device_printf(sc->dev, "%s: alloc_msix error: %d\n", __func__,
  590. error);
  591. return (error);
  592. }
  593. if (nvec < 1) {
  594. device_printf(sc->dev, "%s: alloc_msix: 0 vectors\n",
  595. __func__);
  596. return (ENXIO);
  597. }
  598. if (nvec > nitems(sc->intr_res)) {
  599. device_printf(sc->dev, "%s: too many vectors: %u\n", __func__,
  600. nvec);
  601. nvec = nitems(sc->intr_res);
  602. }
  603. for (rid = 1; rid < 1 + nvec; rid++) {
  604. ridcopy = rid;
  605. sc->intr_res[rid - 1] = bus_alloc_resource_any(sc->dev,
  606. SYS_RES_IRQ, &ridcopy, RF_ACTIVE);
  607. if (sc->intr_res[rid - 1] == NULL) {
  608. device_printf(sc->dev, "%s: Failed to alloc IRQ resource\n",
  609. __func__);
  610. return (ENXIO);
  611. }
  612. sc->intr_tag[rid - 1] = NULL;
  613. error = bus_setup_intr(sc->dev, sc->intr_res[rid - 1],
  614. INTR_MPSAFE | INTR_TYPE_MISC, ccp_intr_filter,
  615. ccp_intr_handler, sc, &sc->intr_tag[rid - 1]);
  616. if (error != 0)
  617. device_printf(sc->dev, "%s: setup_intr: %d\n",
  618. __func__, error);
  619. }
  620. sc->intr_count = nvec;
  621. return (error);
  622. }
  623. static void
  624. ccp_release_interrupts(struct ccp_softc *sc)
  625. {
  626. unsigned i;
  627. for (i = 0; i < sc->intr_count; i++) {
  628. if (sc->intr_tag[i] != NULL)
  629. bus_teardown_intr(sc->dev, sc->intr_res[i],
  630. sc->intr_tag[i]);
  631. if (sc->intr_res[i] != NULL)
  632. bus_release_resource(sc->dev, SYS_RES_IRQ,
  633. rman_get_rid(sc->intr_res[i]), sc->intr_res[i]);
  634. }
  635. pci_release_msi(sc->dev);
  636. }
  637. int
  638. ccp_hw_attach(device_t dev)
  639. {
  640. struct ccp_softc *sc;
  641. uint64_t lsbmask;
  642. uint32_t version, lsbmasklo, lsbmaskhi;
  643. unsigned queue_idx, j;
  644. int error;
  645. bool bars_mapped, interrupts_setup;
  646. queue_idx = 0;
  647. bars_mapped = interrupts_setup = false;
  648. sc = device_get_softc(dev);
  649. error = ccp_map_pci_bar(dev);
  650. if (error != 0) {
  651. device_printf(dev, "%s: couldn't map BAR(s)\n", __func__);
  652. goto out;
  653. }
  654. bars_mapped = true;
  655. error = pci_enable_busmaster(dev);
  656. if (error != 0) {
  657. device_printf(dev, "%s: couldn't enable busmaster\n",
  658. __func__);
  659. goto out;
  660. }
  661. sc->ring_size_order = g_ccp_ring_order;
  662. if (sc->ring_size_order < 6 || sc->ring_size_order > 16) {
  663. device_printf(dev, "bogus hw.ccp.ring_order\n");
  664. error = EINVAL;
  665. goto out;
  666. }
  667. sc->valid_queues = ccp_read_4(sc, CMD_QUEUE_MASK_OFFSET);
  668. version = ccp_read_4(sc, VERSION_REG);
  669. if ((version & VERSION_NUM_MASK) < 5) {
  670. device_printf(dev,
  671. "driver supports version 5 and later hardware\n");
  672. error = ENXIO;
  673. goto out;
  674. }
  675. error = ccp_setup_interrupts(sc);
  676. if (error != 0)
  677. goto out;
  678. interrupts_setup = true;
  679. sc->hw_version = version & VERSION_NUM_MASK;
  680. sc->num_queues = (version >> VERSION_NUMVQM_SHIFT) &
  681. VERSION_NUMVQM_MASK;
  682. sc->num_lsb_entries = (version >> VERSION_LSBSIZE_SHIFT) &
  683. VERSION_LSBSIZE_MASK;
  684. sc->hw_features = version & VERSION_CAP_MASK;
  685. /*
  686. * Copy private LSB mask to public registers to enable access to LSB
  687. * from all queues allowed by BIOS.
  688. */
  689. lsbmasklo = ccp_read_4(sc, LSB_PRIVATE_MASK_LO_OFFSET);
  690. lsbmaskhi = ccp_read_4(sc, LSB_PRIVATE_MASK_HI_OFFSET);
  691. ccp_write_4(sc, LSB_PUBLIC_MASK_LO_OFFSET, lsbmasklo);
  692. ccp_write_4(sc, LSB_PUBLIC_MASK_HI_OFFSET, lsbmaskhi);
  693. lsbmask = ((uint64_t)lsbmaskhi << 30) | lsbmasklo;
  694. for (; queue_idx < nitems(sc->queues); queue_idx++) {
  695. error = ccp_hw_attach_queue(dev, lsbmask, queue_idx);
  696. if (error != 0) {
  697. device_printf(dev, "%s: couldn't attach queue %u\n",
  698. __func__, queue_idx);
  699. goto out;
  700. }
  701. }
  702. ccp_assign_lsb_regions(sc, lsbmask);
  703. out:
  704. if (error != 0) {
  705. if (interrupts_setup)
  706. ccp_release_interrupts(sc);
  707. for (j = 0; j < queue_idx; j++)
  708. ccp_hw_detach_queue(dev, j);
  709. if (sc->ring_size_order != 0)
  710. pci_disable_busmaster(dev);
  711. if (bars_mapped)
  712. ccp_unmap_pci_bar(dev);
  713. }
  714. return (error);
  715. }
  716. void
  717. ccp_hw_detach(device_t dev)
  718. {
  719. struct ccp_softc *sc;
  720. unsigned i;
  721. sc = device_get_softc(dev);
  722. for (i = 0; i < nitems(sc->queues); i++)
  723. ccp_hw_detach_queue(dev, i);
  724. ccp_release_interrupts(sc);
  725. pci_disable_busmaster(dev);
  726. ccp_unmap_pci_bar(dev);
  727. }
  728. static int __must_check
  729. ccp_passthrough(struct ccp_queue *qp, bus_addr_t dst,
  730. enum ccp_memtype dst_type, bus_addr_t src, enum ccp_memtype src_type,
  731. bus_size_t len, enum ccp_passthru_byteswap swapmode,
  732. enum ccp_passthru_bitwise bitmode, bool interrupt,
  733. const struct ccp_completion_ctx *cctx)
  734. {
  735. struct ccp_desc *desc;
  736. if (ccp_queue_get_ring_space(qp) == 0)
  737. return (EAGAIN);
  738. desc = &qp->desc_ring[qp->cq_tail];
  739. memset(desc, 0, sizeof(*desc));
  740. desc->engine = CCP_ENGINE_PASSTHRU;
  741. desc->pt.ioc = interrupt;
  742. desc->pt.byteswap = swapmode;
  743. desc->pt.bitwise = bitmode;
  744. desc->length = len;
  745. desc->src_lo = (uint32_t)src;
  746. desc->src_hi = src >> 32;
  747. desc->src_mem = src_type;
  748. desc->dst_lo = (uint32_t)dst;
  749. desc->dst_hi = dst >> 32;
  750. desc->dst_mem = dst_type;
  751. if (bitmode != CCP_PASSTHRU_BITWISE_NOOP)
  752. desc->lsb_ctx_id = ccp_queue_lsb_entry(qp, LSB_ENTRY_KEY);
  753. if (cctx != NULL)
  754. memcpy(&qp->completions_ring[qp->cq_tail], cctx, sizeof(*cctx));
  755. qp->cq_tail = (qp->cq_tail + 1) % (1 << qp->cq_softc->ring_size_order);
  756. return (0);
  757. }
  758. static int __must_check
  759. ccp_passthrough_sgl(struct ccp_queue *qp, bus_addr_t lsb_addr, bool tolsb,
  760. struct sglist *sgl, bus_size_t len, bool interrupt,
  761. const struct ccp_completion_ctx *cctx)
  762. {
  763. struct sglist_seg *seg;
  764. size_t i, remain, nb;
  765. int error;
  766. remain = len;
  767. for (i = 0; i < sgl->sg_nseg && remain != 0; i++) {
  768. seg = &sgl->sg_segs[i];
  769. /* crp lengths are int, so 32-bit min() is ok. */
  770. nb = min(remain, seg->ss_len);
  771. if (tolsb)
  772. error = ccp_passthrough(qp, lsb_addr, CCP_MEMTYPE_SB,
  773. seg->ss_paddr, CCP_MEMTYPE_SYSTEM, nb,
  774. CCP_PASSTHRU_BYTESWAP_NOOP,
  775. CCP_PASSTHRU_BITWISE_NOOP,
  776. (nb == remain) && interrupt, cctx);
  777. else
  778. error = ccp_passthrough(qp, seg->ss_paddr,
  779. CCP_MEMTYPE_SYSTEM, lsb_addr, CCP_MEMTYPE_SB, nb,
  780. CCP_PASSTHRU_BYTESWAP_NOOP,
  781. CCP_PASSTHRU_BITWISE_NOOP,
  782. (nb == remain) && interrupt, cctx);
  783. if (error != 0)
  784. return (error);
  785. remain -= nb;
  786. }
  787. return (0);
  788. }
  789. /*
  790. * Note that these vectors are in reverse of the usual order.
  791. */
  792. const struct SHA_vectors {
  793. uint32_t SHA1[8];
  794. uint32_t SHA224[8];
  795. uint32_t SHA256[8];
  796. uint64_t SHA384[8];
  797. uint64_t SHA512[8];
  798. } SHA_H __aligned(PAGE_SIZE) = {
  799. .SHA1 = {
  800. 0xc3d2e1f0ul,
  801. 0x10325476ul,
  802. 0x98badcfeul,
  803. 0xefcdab89ul,
  804. 0x67452301ul,
  805. 0,
  806. 0,
  807. 0,
  808. },
  809. .SHA224 = {
  810. 0xbefa4fa4ul,
  811. 0x64f98fa7ul,
  812. 0x68581511ul,
  813. 0xffc00b31ul,
  814. 0xf70e5939ul,
  815. 0x3070dd17ul,
  816. 0x367cd507ul,
  817. 0xc1059ed8ul,
  818. },
  819. .SHA256 = {
  820. 0x5be0cd19ul,
  821. 0x1f83d9abul,
  822. 0x9b05688cul,
  823. 0x510e527ful,
  824. 0xa54ff53aul,
  825. 0x3c6ef372ul,
  826. 0xbb67ae85ul,
  827. 0x6a09e667ul,
  828. },
  829. .SHA384 = {
  830. 0x47b5481dbefa4fa4ull,
  831. 0xdb0c2e0d64f98fa7ull,
  832. 0x8eb44a8768581511ull,
  833. 0x67332667ffc00b31ull,
  834. 0x152fecd8f70e5939ull,
  835. 0x9159015a3070dd17ull,
  836. 0x629a292a367cd507ull,
  837. 0xcbbb9d5dc1059ed8ull,
  838. },
  839. .SHA512 = {
  840. 0x5be0cd19137e2179ull,
  841. 0x1f83d9abfb41bd6bull,
  842. 0x9b05688c2b3e6c1full,
  843. 0x510e527fade682d1ull,
  844. 0xa54ff53a5f1d36f1ull,
  845. 0x3c6ef372fe94f82bull,
  846. 0xbb67ae8584caa73bull,
  847. 0x6a09e667f3bcc908ull,
  848. },
  849. };
  850. /*
  851. * Ensure vectors do not cross a page boundary.
  852. *
  853. * Disabled due to a new Clang error: "expression is not an integral constant
  854. * expression." GCC (cross toolchain) seems to handle this assertion with
  855. * _Static_assert just fine.
  856. */
  857. #if 0
  858. CTASSERT(PAGE_SIZE - ((uintptr_t)&SHA_H % PAGE_SIZE) >= sizeof(SHA_H));
  859. #endif
  860. const struct SHA_Defn {
  861. enum sha_version version;
  862. const void *H_vectors;
  863. size_t H_size;
  864. const struct auth_hash *axf;
  865. enum ccp_sha_type engine_type;
  866. } SHA_definitions[] = {
  867. {
  868. .version = SHA1,
  869. .H_vectors = SHA_H.SHA1,
  870. .H_size = sizeof(SHA_H.SHA1),
  871. .axf = &auth_hash_hmac_sha1,
  872. .engine_type = CCP_SHA_TYPE_1,
  873. },
  874. #if 0
  875. {
  876. .version = SHA2_224,
  877. .H_vectors = SHA_H.SHA224,
  878. .H_size = sizeof(SHA_H.SHA224),
  879. .axf = &auth_hash_hmac_sha2_224,
  880. .engine_type = CCP_SHA_TYPE_224,
  881. },
  882. #endif
  883. {
  884. .version = SHA2_256,
  885. .H_vectors = SHA_H.SHA256,
  886. .H_size = sizeof(SHA_H.SHA256),
  887. .axf = &auth_hash_hmac_sha2_256,
  888. .engine_type = CCP_SHA_TYPE_256,
  889. },
  890. {
  891. .version = SHA2_384,
  892. .H_vectors = SHA_H.SHA384,
  893. .H_size = sizeof(SHA_H.SHA384),
  894. .axf = &auth_hash_hmac_sha2_384,
  895. .engine_type = CCP_SHA_TYPE_384,
  896. },
  897. {
  898. .version = SHA2_512,
  899. .H_vectors = SHA_H.SHA512,
  900. .H_size = sizeof(SHA_H.SHA512),
  901. .axf = &auth_hash_hmac_sha2_512,
  902. .engine_type = CCP_SHA_TYPE_512,
  903. },
  904. };
  905. static int __must_check
  906. ccp_sha_single_desc(struct ccp_queue *qp, const struct SHA_Defn *defn,
  907. vm_paddr_t addr, size_t len, bool start, bool end, uint64_t msgbits)
  908. {
  909. struct ccp_desc *desc;
  910. if (ccp_queue_get_ring_space(qp) == 0)
  911. return (EAGAIN);
  912. desc = &qp->desc_ring[qp->cq_tail];
  913. memset(desc, 0, sizeof(*desc));
  914. desc->engine = CCP_ENGINE_SHA;
  915. desc->som = start;
  916. desc->eom = end;
  917. desc->sha.type = defn->engine_type;
  918. desc->length = len;
  919. if (end) {
  920. desc->sha_len_lo = (uint32_t)msgbits;
  921. desc->sha_len_hi = msgbits >> 32;
  922. }
  923. desc->src_lo = (uint32_t)addr;
  924. desc->src_hi = addr >> 32;
  925. desc->src_mem = CCP_MEMTYPE_SYSTEM;
  926. desc->lsb_ctx_id = ccp_queue_lsb_entry(qp, LSB_ENTRY_SHA);
  927. qp->cq_tail = (qp->cq_tail + 1) % (1 << qp->cq_softc->ring_size_order);
  928. return (0);
  929. }
  930. static int __must_check
  931. ccp_sha(struct ccp_queue *qp, enum sha_version version, struct sglist *sgl_src,
  932. struct sglist *sgl_dst, const struct ccp_completion_ctx *cctx)
  933. {
  934. const struct SHA_Defn *defn;
  935. struct sglist_seg *seg;
  936. size_t i, msgsize, remaining, nb;
  937. uint32_t lsbaddr;
  938. int error;
  939. for (i = 0; i < nitems(SHA_definitions); i++)
  940. if (SHA_definitions[i].version == version)
  941. break;
  942. if (i == nitems(SHA_definitions))
  943. return (EINVAL);
  944. defn = &SHA_definitions[i];
  945. /* XXX validate input ??? */
  946. /* Load initial SHA state into LSB */
  947. /* XXX ensure H_vectors don't span page boundaries */
  948. error = ccp_passthrough(qp, ccp_queue_lsb_address(qp, LSB_ENTRY_SHA),
  949. CCP_MEMTYPE_SB, pmap_kextract((vm_offset_t)defn->H_vectors),
  950. CCP_MEMTYPE_SYSTEM, roundup2(defn->H_size, LSB_ENTRY_SIZE),
  951. CCP_PASSTHRU_BYTESWAP_NOOP, CCP_PASSTHRU_BITWISE_NOOP, false,
  952. NULL);
  953. if (error != 0)
  954. return (error);
  955. /* Execute series of SHA updates on correctly sized buffers */
  956. msgsize = 0;
  957. for (i = 0; i < sgl_src->sg_nseg; i++) {
  958. seg = &sgl_src->sg_segs[i];
  959. msgsize += seg->ss_len;
  960. error = ccp_sha_single_desc(qp, defn, seg->ss_paddr,
  961. seg->ss_len, i == 0, i == sgl_src->sg_nseg - 1,
  962. msgsize << 3);
  963. if (error != 0)
  964. return (error);
  965. }
  966. /* Copy result out to sgl_dst */
  967. remaining = roundup2(defn->H_size, LSB_ENTRY_SIZE);
  968. lsbaddr = ccp_queue_lsb_address(qp, LSB_ENTRY_SHA);
  969. for (i = 0; i < sgl_dst->sg_nseg; i++) {
  970. seg = &sgl_dst->sg_segs[i];
  971. /* crp lengths are int, so 32-bit min() is ok. */
  972. nb = min(remaining, seg->ss_len);
  973. error = ccp_passthrough(qp, seg->ss_paddr, CCP_MEMTYPE_SYSTEM,
  974. lsbaddr, CCP_MEMTYPE_SB, nb, CCP_PASSTHRU_BYTESWAP_NOOP,
  975. CCP_PASSTHRU_BITWISE_NOOP,
  976. (cctx != NULL) ? (nb == remaining) : false,
  977. (nb == remaining) ? cctx : NULL);
  978. if (error != 0)
  979. return (error);
  980. remaining -= nb;
  981. lsbaddr += nb;
  982. if (remaining == 0)
  983. break;
  984. }
  985. return (0);
  986. }
  987. static void
  988. byteswap256(uint64_t *buffer)
  989. {
  990. uint64_t t;
  991. t = bswap64(buffer[3]);
  992. buffer[3] = bswap64(buffer[0]);
  993. buffer[0] = t;
  994. t = bswap64(buffer[2]);
  995. buffer[2] = bswap64(buffer[1]);
  996. buffer[1] = t;
  997. }
  998. /*
  999. * Translate CCP internal LSB hash format into a standard hash ouput.
  1000. *
  1001. * Manipulates input buffer with byteswap256 operation.
  1002. */
  1003. static void
  1004. ccp_sha_copy_result(char *output, char *buffer, enum sha_version version)
  1005. {
  1006. const struct SHA_Defn *defn;
  1007. size_t i;
  1008. for (i = 0; i < nitems(SHA_definitions); i++)
  1009. if (SHA_definitions[i].version == version)
  1010. break;
  1011. if (i == nitems(SHA_definitions))
  1012. panic("bogus sha version auth_mode %u\n", (unsigned)version);
  1013. defn = &SHA_definitions[i];
  1014. /* Swap 256bit manually -- DMA engine can, but with limitations */
  1015. byteswap256((void *)buffer);
  1016. if (defn->axf->hashsize > LSB_ENTRY_SIZE)
  1017. byteswap256((void *)(buffer + LSB_ENTRY_SIZE));
  1018. switch (defn->version) {
  1019. case SHA1:
  1020. memcpy(output, buffer + 12, defn->axf->hashsize);
  1021. break;
  1022. #if 0
  1023. case SHA2_224:
  1024. memcpy(output, buffer + XXX, defn->axf->hashsize);
  1025. break;
  1026. #endif
  1027. case SHA2_256:
  1028. memcpy(output, buffer, defn->axf->hashsize);
  1029. break;
  1030. case SHA2_384:
  1031. memcpy(output,
  1032. buffer + LSB_ENTRY_SIZE * 3 - defn->axf->hashsize,
  1033. defn->axf->hashsize - LSB_ENTRY_SIZE);
  1034. memcpy(output + defn->axf->hashsize - LSB_ENTRY_SIZE, buffer,
  1035. LSB_ENTRY_SIZE);
  1036. break;
  1037. case SHA2_512:
  1038. memcpy(output, buffer + LSB_ENTRY_SIZE, LSB_ENTRY_SIZE);
  1039. memcpy(output + LSB_ENTRY_SIZE, buffer, LSB_ENTRY_SIZE);
  1040. break;
  1041. }
  1042. }
  1043. static void
  1044. ccp_do_hmac_done(struct ccp_queue *qp, struct ccp_session *s,
  1045. struct cryptop *crp, int error)
  1046. {
  1047. char ihash[SHA2_512_HASH_LEN /* max hash len */];
  1048. union authctx auth_ctx;
  1049. const struct auth_hash *axf;
  1050. axf = s->hmac.auth_hash;
  1051. s->pending--;
  1052. if (error != 0) {
  1053. crp->crp_etype = error;
  1054. goto out;
  1055. }
  1056. /* Do remaining outer hash over small inner hash in software */
  1057. axf->Init(&auth_ctx);
  1058. axf->Update(&auth_ctx, s->hmac.opad, axf->blocksize);
  1059. ccp_sha_copy_result(ihash, s->hmac.res, s->hmac.auth_mode);
  1060. #if 0
  1061. INSECURE_DEBUG(dev, "%s sha intermediate=%64D\n", __func__,
  1062. (u_char *)ihash, " ");
  1063. #endif
  1064. axf->Update(&auth_ctx, ihash, axf->hashsize);
  1065. axf->Final(s->hmac.res, &auth_ctx);
  1066. if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) {
  1067. crypto_copydata(crp, crp->crp_digest_start, s->hmac.hash_len,
  1068. ihash);
  1069. if (timingsafe_bcmp(s->hmac.res, ihash, s->hmac.hash_len) != 0)
  1070. crp->crp_etype = EBADMSG;
  1071. } else
  1072. crypto_copyback(crp, crp->crp_digest_start, s->hmac.hash_len,
  1073. s->hmac.res);
  1074. /* Avoid leaking key material */
  1075. explicit_bzero(&auth_ctx, sizeof(auth_ctx));
  1076. explicit_bzero(s->hmac.res, sizeof(s->hmac.res));
  1077. out:
  1078. crypto_done(crp);
  1079. }
  1080. static void
  1081. ccp_hmac_done(struct ccp_queue *qp, struct ccp_session *s, void *vcrp,
  1082. int error)
  1083. {
  1084. struct cryptop *crp;
  1085. crp = vcrp;
  1086. ccp_do_hmac_done(qp, s, crp, error);
  1087. }
  1088. static int __must_check
  1089. ccp_do_hmac(struct ccp_queue *qp, struct ccp_session *s, struct cryptop *crp,
  1090. const struct ccp_completion_ctx *cctx)
  1091. {
  1092. device_t dev;
  1093. const struct auth_hash *axf;
  1094. int error;
  1095. dev = qp->cq_softc->dev;
  1096. axf = s->hmac.auth_hash;
  1097. /*
  1098. * Populate the SGL describing inside hash contents. We want to hash
  1099. * the ipad (key XOR fixed bit pattern) concatenated with the user
  1100. * data.
  1101. */
  1102. sglist_reset(qp->cq_sg_ulptx);
  1103. error = sglist_append(qp->cq_sg_ulptx, s->hmac.ipad, axf->blocksize);
  1104. if (error != 0)
  1105. return (error);
  1106. if (crp->crp_aad_length != 0) {
  1107. error = sglist_append_sglist(qp->cq_sg_ulptx, qp->cq_sg_crp,
  1108. crp->crp_aad_start, crp->crp_aad_length);
  1109. if (error != 0)
  1110. return (error);
  1111. }
  1112. error = sglist_append_sglist(qp->cq_sg_ulptx, qp->cq_sg_crp,
  1113. crp->crp_payload_start, crp->crp_payload_length);
  1114. if (error != 0) {
  1115. DPRINTF(dev, "%s: sglist too short\n", __func__);
  1116. return (error);
  1117. }
  1118. /* Populate SGL for output -- use hmac.res buffer. */
  1119. sglist_reset(qp->cq_sg_dst);
  1120. error = sglist_append(qp->cq_sg_dst, s->hmac.res,
  1121. roundup2(axf->hashsize, LSB_ENTRY_SIZE));
  1122. if (error != 0)
  1123. return (error);
  1124. error = ccp_sha(qp, s->hmac.auth_mode, qp->cq_sg_ulptx, qp->cq_sg_dst,
  1125. cctx);
  1126. if (error != 0) {
  1127. DPRINTF(dev, "%s: ccp_sha error\n", __func__);
  1128. return (error);
  1129. }
  1130. return (0);
  1131. }
  1132. int __must_check
  1133. ccp_hmac(struct ccp_queue *qp, struct ccp_session *s, struct cryptop *crp)
  1134. {
  1135. struct ccp_completion_ctx ctx;
  1136. ctx.callback_fn = ccp_hmac_done;
  1137. ctx.callback_arg = crp;
  1138. ctx.session = s;
  1139. return (ccp_do_hmac(qp, s, crp, &ctx));
  1140. }
  1141. static void
  1142. ccp_byteswap(char *data, size_t len)
  1143. {
  1144. size_t i;
  1145. char t;
  1146. len--;
  1147. for (i = 0; i < len; i++, len--) {
  1148. t = data[i];
  1149. data[i] = data[len];
  1150. data[len] = t;
  1151. }
  1152. }
  1153. static void
  1154. ccp_blkcipher_done(struct ccp_queue *qp, struct ccp_session *s, void *vcrp,
  1155. int error)
  1156. {
  1157. struct cryptop *crp;
  1158. explicit_bzero(&s->blkcipher.iv, sizeof(s->blkcipher.iv));
  1159. crp = vcrp;
  1160. s->pending--;
  1161. if (error != 0)
  1162. crp->crp_etype = error;
  1163. DPRINTF(qp->cq_softc->dev, "%s: qp=%p crp=%p\n", __func__, qp, crp);
  1164. crypto_done(crp);
  1165. }
  1166. static void
  1167. ccp_collect_iv(struct cryptop *crp, const struct crypto_session_params *csp,
  1168. char *iv)
  1169. {
  1170. crypto_read_iv(crp, iv);
  1171. /*
  1172. * Append an explicit counter of 1 for GCM.
  1173. */
  1174. if (csp->csp_cipher_alg == CRYPTO_AES_NIST_GCM_16)
  1175. *(uint32_t *)&iv[12] = htobe32(1);
  1176. if (csp->csp_cipher_alg == CRYPTO_AES_XTS &&
  1177. csp->csp_ivlen < AES_BLOCK_LEN)
  1178. memset(&iv[csp->csp_ivlen], 0, AES_BLOCK_LEN - csp->csp_ivlen);
  1179. /* Reverse order of IV material for HW */
  1180. INSECURE_DEBUG(NULL, "%s: IV: %16D len: %u\n", __func__, iv, " ",
  1181. csp->csp_ivlen);
  1182. /*
  1183. * For unknown reasons, XTS mode expects the IV in the reverse byte
  1184. * order to every other AES mode.
  1185. */
  1186. if (csp->csp_cipher_alg != CRYPTO_AES_XTS)
  1187. ccp_byteswap(iv, AES_BLOCK_LEN);
  1188. }
  1189. static int __must_check
  1190. ccp_do_pst_to_lsb(struct ccp_queue *qp, uint32_t lsbaddr, const void *src,
  1191. size_t len)
  1192. {
  1193. int error;
  1194. sglist_reset(qp->cq_sg_ulptx);
  1195. error = sglist_append(qp->cq_sg_ulptx, __DECONST(void *, src), len);
  1196. if (error != 0)
  1197. return (error);
  1198. error = ccp_passthrough_sgl(qp, lsbaddr, true, qp->cq_sg_ulptx, len,
  1199. false, NULL);
  1200. return (error);
  1201. }
  1202. static int __must_check
  1203. ccp_do_xts(struct ccp_queue *qp, struct ccp_session *s, struct cryptop *crp,
  1204. enum ccp_cipher_dir dir, const struct ccp_completion_ctx *cctx)
  1205. {
  1206. struct ccp_desc *desc;
  1207. device_t dev;
  1208. unsigned i;
  1209. enum ccp_xts_unitsize usize;
  1210. /* IV and Key data are already loaded */
  1211. dev = qp->cq_softc->dev;
  1212. for (i = 0; i < nitems(ccp_xts_unitsize_map); i++)
  1213. if (ccp_xts_unitsize_map[i].cxu_size ==
  1214. crp->crp_payload_length) {
  1215. usize = ccp_xts_unitsize_map[i].cxu_id;
  1216. break;
  1217. }
  1218. if (i >= nitems(ccp_xts_unitsize_map))
  1219. return (EINVAL);
  1220. for (i = 0; i < qp->cq_sg_ulptx->sg_nseg; i++) {
  1221. struct sglist_seg *seg;
  1222. seg = &qp->cq_sg_ulptx->sg_segs[i];
  1223. desc = &qp->desc_ring[qp->cq_tail];
  1224. desc->engine = CCP_ENGINE_XTS_AES;
  1225. desc->som = (i == 0);
  1226. desc->eom = (i == qp->cq_sg_ulptx->sg_nseg - 1);
  1227. desc->ioc = (desc->eom && cctx != NULL);
  1228. DPRINTF(dev, "%s: XTS %u: som:%d eom:%d ioc:%d dir:%d\n",
  1229. __func__, qp->cq_tail, (int)desc->som, (int)desc->eom,
  1230. (int)desc->ioc, (int)dir);
  1231. if (desc->ioc)
  1232. memcpy(&qp->completions_ring[qp->cq_tail], cctx,
  1233. sizeof(*cctx));
  1234. desc->aes_xts.encrypt = dir;
  1235. desc->aes_xts.type = s->blkcipher.cipher_type;
  1236. desc->aes_xts.size = usize;
  1237. DPRINTF(dev, "XXX %s: XTS %u: type:%u size:%u\n", __func__,
  1238. qp->cq_tail, (unsigned)desc->aes_xts.type,
  1239. (unsigned)desc->aes_xts.size);
  1240. desc->length = seg->ss_len;
  1241. desc->src_lo = (uint32_t)seg->ss_paddr;
  1242. desc->src_hi = (seg->ss_paddr >> 32);
  1243. desc->src_mem = CCP_MEMTYPE_SYSTEM;
  1244. /* Crypt in-place */
  1245. desc->dst_lo = desc->src_lo;
  1246. desc->dst_hi = desc->src_hi;
  1247. desc->dst_mem = desc->src_mem;
  1248. desc->key_lo = ccp_queue_lsb_address(qp, LSB_ENTRY_KEY);
  1249. desc->key_hi = 0;
  1250. desc->key_mem = CCP_MEMTYPE_SB;
  1251. desc->lsb_ctx_id = ccp_queue_lsb_entry(qp, LSB_ENTRY_IV);
  1252. qp->cq_tail = (qp->cq_tail + 1) %
  1253. (1 << qp->cq_softc->ring_size_order);
  1254. }
  1255. return (0);
  1256. }
  1257. static int __must_check
  1258. ccp_do_blkcipher(struct ccp_queue *qp, struct ccp_session *s,
  1259. struct cryptop *crp, const struct ccp_completion_ctx *cctx)
  1260. {
  1261. const struct crypto_session_params *csp;
  1262. struct ccp_desc *desc;
  1263. char *keydata;
  1264. device_t dev;
  1265. enum ccp_cipher_dir dir;
  1266. int error, iv_len;
  1267. size_t keydata_len;
  1268. unsigned i, j;
  1269. dev = qp->cq_softc->dev;
  1270. if (s->blkcipher.key_len == 0 || crp->crp_payload_length == 0) {
  1271. DPRINTF(dev, "%s: empty\n", __func__);
  1272. return (EINVAL);
  1273. }
  1274. if ((crp->crp_payload_length % AES_BLOCK_LEN) != 0) {
  1275. DPRINTF(dev, "%s: len modulo: %d\n", __func__,
  1276. crp->crp_payload_length);
  1277. return (EINVAL);
  1278. }
  1279. /*
  1280. * Individual segments must be multiples of AES block size for the HW
  1281. * to process it. Non-compliant inputs aren't bogus, just not doable
  1282. * on this hardware.
  1283. */
  1284. for (i = 0; i < qp->cq_sg_crp->sg_nseg; i++)
  1285. if ((qp->cq_sg_crp->sg_segs[i].ss_len % AES_BLOCK_LEN) != 0) {
  1286. DPRINTF(dev, "%s: seg modulo: %zu\n", __func__,
  1287. qp->cq_sg_crp->sg_segs[i].ss_len);
  1288. return (EINVAL);
  1289. }
  1290. /* Gather IV/nonce data */
  1291. csp = crypto_get_params(crp->crp_session);
  1292. ccp_collect_iv(crp, csp, s->blkcipher.iv);
  1293. iv_len = csp->csp_ivlen;
  1294. if (csp->csp_cipher_alg == CRYPTO_AES_XTS)
  1295. iv_len = AES_BLOCK_LEN;
  1296. if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op))
  1297. dir = CCP_CIPHER_DIR_ENCRYPT;
  1298. else
  1299. dir = CCP_CIPHER_DIR_DECRYPT;
  1300. /* Set up passthrough op(s) to copy IV into LSB */
  1301. error = ccp_do_pst_to_lsb(qp, ccp_queue_lsb_address(qp, LSB_ENTRY_IV),
  1302. s->blkcipher.iv, iv_len);
  1303. if (error != 0)
  1304. return (error);
  1305. /*
  1306. * Initialize keydata and keydata_len for GCC. The default case of the
  1307. * following switch is impossible to reach, but GCC doesn't know that.
  1308. */
  1309. keydata_len = 0;
  1310. keydata = NULL;
  1311. switch (csp->csp_cipher_alg) {
  1312. case CRYPTO_AES_XTS:
  1313. for (j = 0; j < nitems(ccp_xts_unitsize_map); j++)
  1314. if (ccp_xts_unitsize_map[j].cxu_size ==
  1315. crp->crp_payload_length)
  1316. break;
  1317. /* Input buffer must be a supported UnitSize */
  1318. if (j >= nitems(ccp_xts_unitsize_map)) {
  1319. device_printf(dev, "%s: rejected block size: %u\n",
  1320. __func__, crp->crp_payload_length);
  1321. return (EOPNOTSUPP);
  1322. }
  1323. /* FALLTHROUGH */
  1324. case CRYPTO_AES_CBC:
  1325. case CRYPTO_AES_ICM:
  1326. keydata = s->blkcipher.enckey;
  1327. keydata_len = s->blkcipher.key_len;
  1328. break;
  1329. }
  1330. INSECURE_DEBUG(dev, "%s: KEY(%zu): %16D\n", __func__, keydata_len,
  1331. keydata, " ");
  1332. if (csp->csp_cipher_alg == CRYPTO_AES_XTS)
  1333. INSECURE_DEBUG(dev, "%s: KEY(XTS): %64D\n", __func__, keydata, " ");
  1334. /* Reverse order of key material for HW */
  1335. ccp_byteswap(keydata, keydata_len);
  1336. /* Store key material into LSB to avoid page boundaries */
  1337. if (csp->csp_cipher_alg == CRYPTO_AES_XTS) {
  1338. /*
  1339. * XTS mode uses 2 256-bit vectors for the primary key and the
  1340. * tweak key. For 128-bit keys, the vectors are zero-padded.
  1341. *
  1342. * After byteswapping the combined OCF-provided K1:K2 vector
  1343. * above, we need to reverse the order again so the hardware
  1344. * gets the swapped keys in the order K1':K2'.
  1345. */
  1346. error = ccp_do_pst_to_lsb(qp,
  1347. ccp_queue_lsb_address(qp, LSB_ENTRY_KEY + 1), keydata,
  1348. keydata_len / 2);
  1349. if (error != 0)
  1350. return (error);
  1351. error = ccp_do_pst_to_lsb(qp,
  1352. ccp_queue_lsb_address(qp, LSB_ENTRY_KEY),
  1353. keydata + (keydata_len / 2), keydata_len / 2);
  1354. /* Zero-pad 128 bit keys */
  1355. if (keydata_len == 32) {
  1356. if (error != 0)
  1357. return (error);
  1358. error = ccp_do_pst_to_lsb(qp,
  1359. ccp_queue_lsb_address(qp, LSB_ENTRY_KEY) +
  1360. keydata_len / 2, g_zeroes, keydata_len / 2);
  1361. if (error != 0)
  1362. return (error);
  1363. error = ccp_do_pst_to_lsb(qp,
  1364. ccp_queue_lsb_address(qp, LSB_ENTRY_KEY + 1) +
  1365. keydata_len / 2, g_zeroes, keydata_len / 2);
  1366. }
  1367. } else
  1368. error = ccp_do_pst_to_lsb(qp,
  1369. ccp_queue_lsb_address(qp, LSB_ENTRY_KEY), keydata,
  1370. keydata_len);
  1371. if (error != 0)
  1372. return (error);
  1373. /*
  1374. * Point SGLs at the subset of cryptop buffer contents representing the
  1375. * data.
  1376. */
  1377. sglist_reset(qp->cq_sg_ulptx);
  1378. error = sglist_append_sglist(qp->cq_sg_ulptx, qp->cq_sg_crp,
  1379. crp->crp_payload_start, crp->crp_payload_length);
  1380. if (error != 0)
  1381. return (error);
  1382. INSECURE_DEBUG(dev, "%s: Contents: %16D\n", __func__,
  1383. (void *)PHYS_TO_DMAP(qp->cq_sg_ulptx->sg_segs[0].ss_paddr), " ");
  1384. DPRINTF(dev, "%s: starting AES ops @ %u\n", __func__, qp->cq_tail);
  1385. if (ccp_queue_get_ring_space(qp) < qp->cq_sg_ulptx->sg_nseg)
  1386. return (EAGAIN);
  1387. if (csp->csp_cipher_alg == CRYPTO_AES_XTS)
  1388. return (ccp_do_xts(qp, s, crp, dir, cctx));
  1389. for (i = 0; i < qp->cq_sg_ulptx->sg_nseg; i++) {
  1390. struct sglist_seg *seg;
  1391. seg = &qp->cq_sg_ulptx->sg_segs[i];
  1392. desc = &qp->desc_ring[qp->cq_tail];
  1393. desc->engine = CCP_ENGINE_AES;
  1394. desc->som = (i == 0);
  1395. desc->eom = (i == qp->cq_sg_ulptx->sg_nseg - 1);
  1396. desc->ioc = (desc->eom && cctx != NULL);
  1397. DPRINTF(dev, "%s: AES %u: som:%d eom:%d ioc:%d dir:%d\n",
  1398. __func__, qp->cq_tail, (int)desc->som, (int)desc->eom,
  1399. (int)desc->ioc, (int)dir);
  1400. if (desc->ioc)
  1401. memcpy(&qp->completions_ring[qp->cq_tail], cctx,
  1402. sizeof(*cctx));
  1403. desc->aes.encrypt = dir;
  1404. desc->aes.mode = s->blkcipher.cipher_mode;
  1405. desc->aes.type = s->blkcipher.cipher_type;
  1406. if (csp->csp_cipher_alg == CRYPTO_AES_ICM)
  1407. /*
  1408. * Size of CTR value in bits, - 1. ICM mode uses all
  1409. * 128 bits as counter.
  1410. */
  1411. desc->aes.size = 127;
  1412. DPRINTF(dev, "%s: AES %u: mode:%u type:%u size:%u\n", __func__,
  1413. qp->cq_tail, (unsigned)desc->aes.mode,
  1414. (unsigned)desc->aes.type, (unsigned)desc->aes.size);
  1415. desc->length = seg->ss_len;
  1416. desc->src_lo = (uint32_t)seg->ss_paddr;
  1417. desc->src_hi = (seg->ss_paddr >> 32);
  1418. desc->src_mem = CCP_MEMTYPE_SYSTEM;
  1419. /* Crypt in-place */
  1420. desc->dst_lo = desc->src_lo;
  1421. desc->dst_hi = desc->src_hi;
  1422. desc->dst_mem = desc->src_mem;
  1423. desc->key_lo = ccp_queue_lsb_address(qp, LSB_ENTRY_KEY);
  1424. desc->key_hi = 0;
  1425. desc->key_mem = CCP_MEMTYPE_SB;
  1426. desc->lsb_ctx_id = ccp_queue_lsb_entry(qp, LSB_ENTRY_IV);
  1427. qp->cq_tail = (qp->cq_tail + 1) %
  1428. (1 << qp->cq_softc->ring_size_order);
  1429. }
  1430. return (0);
  1431. }
  1432. int __must_check
  1433. ccp_blkcipher(struct ccp_queue *qp, struct ccp_session *s, struct cryptop *crp)
  1434. {
  1435. struct ccp_completion_ctx ctx;
  1436. ctx.callback_fn = ccp_blkcipher_done;
  1437. ctx.session = s;
  1438. ctx.callback_arg = crp;
  1439. return (ccp_do_blkcipher(qp, s, crp, &ctx));
  1440. }
  1441. static void
  1442. ccp_authenc_done(struct ccp_queue *qp, struct ccp_session *s, void *vcrp,
  1443. int error)
  1444. {
  1445. struct cryptop *crp;
  1446. explicit_bzero(&s->blkcipher.iv, sizeof(s->blkcipher.iv));
  1447. crp = vcrp;
  1448. ccp_do_hmac_done(qp, s, crp, error);
  1449. }
  1450. int __must_check
  1451. ccp_authenc(struct ccp_queue *qp, struct ccp_session *s, struct cryptop *crp)
  1452. {
  1453. struct ccp_completion_ctx ctx;
  1454. int error;
  1455. ctx.callback_fn = ccp_authenc_done;
  1456. ctx.session = s;
  1457. ctx.callback_arg = crp;
  1458. /* Perform first operation */
  1459. if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op))
  1460. error = ccp_do_blkcipher(qp, s, crp, NULL);
  1461. else
  1462. error = ccp_do_hmac(qp, s, crp, NULL);
  1463. if (error != 0)
  1464. return (error);
  1465. /* Perform second operation */
  1466. if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op))
  1467. error = ccp_do_hmac(qp, s, crp, &ctx);
  1468. else
  1469. error = ccp_do_blkcipher(qp, s, crp, &ctx);
  1470. return (error);
  1471. }
  1472. static int __must_check
  1473. ccp_do_ghash_aad(struct ccp_queue *qp, struct ccp_session *s)
  1474. {
  1475. struct ccp_desc *desc;
  1476. struct sglist_seg *seg;
  1477. unsigned i;
  1478. if (ccp_queue_get_ring_space(qp) < qp->cq_sg_ulptx->sg_nseg)
  1479. return (EAGAIN);
  1480. for (i = 0; i < qp->cq_sg_ulptx->sg_nseg; i++) {
  1481. seg = &qp->cq_sg_ulptx->sg_segs[i];
  1482. desc = &qp->desc_ring[qp->cq_tail];
  1483. desc->engine = CCP_ENGINE_AES;
  1484. desc->aes.mode = CCP_AES_MODE_GHASH;
  1485. desc->aes.type = s->blkcipher.cipher_type;
  1486. desc->aes.encrypt = CCP_AES_MODE_GHASH_AAD;
  1487. desc->som = (i == 0);
  1488. desc->length = seg->ss_len;
  1489. desc->src_lo = (uint32_t)seg->ss_paddr;
  1490. desc->src_hi = (seg->ss_paddr >> 32);
  1491. desc->src_mem = CCP_MEMTYPE_SYSTEM;
  1492. desc->lsb_ctx_id = ccp_queue_lsb_entry(qp, LSB_ENTRY_IV);
  1493. desc->key_lo = ccp_queue_lsb_address(qp, LSB_ENTRY_KEY);
  1494. desc->key_mem = CCP_MEMTYPE_SB;
  1495. qp->cq_tail = (qp->cq_tail + 1) %
  1496. (1 << qp->cq_softc->ring_size_order);
  1497. }
  1498. return (0);
  1499. }
  1500. static int __must_check
  1501. ccp_do_gctr(struct ccp_queue *qp, struct ccp_session *s,
  1502. enum ccp_cipher_dir dir, struct sglist_seg *seg, bool som, bool eom)
  1503. {
  1504. struct ccp_desc *desc;
  1505. if (ccp_queue_get_ring_space(qp) == 0)
  1506. return (EAGAIN);
  1507. desc = &qp->desc_ring[qp->cq_tail];
  1508. desc->engine = CCP_ENGINE_AES;
  1509. desc->aes.mode = CCP_AES_MODE_GCTR;
  1510. desc->aes.type = s->blkcipher.cipher_type;
  1511. desc->aes.encrypt = dir;
  1512. desc->aes.size = 8 * (seg->ss_len % GMAC_BLOCK_LEN) - 1;
  1513. desc->som = som;
  1514. desc->eom = eom;
  1515. /* Trailing bytes will be masked off by aes.size above. */
  1516. desc->length = roundup2(seg->ss_len, GMAC_BLOCK_LEN);
  1517. desc->dst_lo = desc->src_lo = (uint32_t)seg->ss_paddr;
  1518. desc->dst_hi = desc->src_hi = seg->ss_paddr >> 32;
  1519. desc->dst_mem = desc->src_mem = CCP_MEMTYPE_SYSTEM;
  1520. desc->lsb_ctx_id = ccp_queue_lsb_entry(qp, LSB_ENTRY_IV);
  1521. desc->key_lo = ccp_queue_lsb_address(qp, LSB_ENTRY_KEY);
  1522. desc->key_mem = CCP_MEMTYPE_SB;
  1523. qp->cq_tail = (qp->cq_tail + 1) %
  1524. (1 << qp->cq_softc->ring_size_order);
  1525. return (0);
  1526. }
  1527. static int __must_check
  1528. ccp_do_ghash_final(struct ccp_queue *qp, struct ccp_session *s)
  1529. {
  1530. struct ccp_desc *desc;
  1531. if (ccp_queue_get_ring_space(qp) == 0)
  1532. return (EAGAIN);
  1533. desc = &qp->desc_ring[qp->cq_tail];
  1534. desc->engine = CCP_ENGINE_AES;
  1535. desc->aes.mode = CCP_AES_MODE_GHASH;
  1536. desc->aes.type = s->blkcipher.cipher_type;
  1537. desc->aes.encrypt = CCP_AES_MODE_GHASH_FINAL;
  1538. desc->length = GMAC_BLOCK_LEN;
  1539. desc->src_lo = ccp_queue_lsb_address(qp, LSB_ENTRY_GHASH_IN);
  1540. desc->src_mem = CCP_MEMTYPE_SB;
  1541. desc->lsb_ctx_id = ccp_queue_lsb_entry(qp, LSB_ENTRY_IV);
  1542. desc->key_lo = ccp_queue_lsb_address(qp, LSB_ENTRY_KEY);
  1543. desc->key_mem = CCP_MEMTYPE_SB;
  1544. desc->dst_lo = ccp_queue_lsb_address(qp, LSB_ENTRY_GHASH);
  1545. desc->dst_mem = CCP_MEMTYPE_SB;
  1546. qp->cq_tail = (qp->cq_tail + 1) %
  1547. (1 << qp->cq_softc->ring_size_order);
  1548. return (0);
  1549. }
  1550. static void
  1551. ccp_gcm_done(struct ccp_queue *qp, struct ccp_session *s, void *vcrp,
  1552. int error)
  1553. {
  1554. char tag[GMAC_DIGEST_LEN];
  1555. struct cryptop *crp;
  1556. crp = vcrp;
  1557. s->pending--;
  1558. if (error != 0) {
  1559. crp->crp_etype = error;
  1560. goto out;
  1561. }
  1562. /* Encrypt is done. Decrypt needs to verify tag. */
  1563. if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op))
  1564. goto out;
  1565. /* Copy in message tag. */
  1566. crypto_copydata(crp, crp->crp_digest_start, s->gmac.hash_len, tag);
  1567. /* Verify tag against computed GMAC */
  1568. if (timingsafe_bcmp(tag, s->gmac.final_block, s->gmac.hash_len) != 0)
  1569. crp->crp_etype = EBADMSG;
  1570. out:
  1571. explicit_bzero(&s->blkcipher.iv, sizeof(s->blkcipher.iv));
  1572. explicit_bzero(&s->gmac.final_block, sizeof(s->gmac.final_block));
  1573. crypto_done(crp);
  1574. }
  1575. int __must_check
  1576. ccp_gcm(struct ccp_queue *qp, struct ccp_session *s, struct cryptop *crp)
  1577. {
  1578. const struct crypto_session_params *csp;
  1579. struct ccp_completion_ctx ctx;
  1580. enum ccp_cipher_dir dir;
  1581. device_t dev;
  1582. unsigned i;
  1583. int error;
  1584. if (s->blkcipher.key_len == 0)
  1585. return (EINVAL);
  1586. dev = qp->cq_softc->dev;
  1587. if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op))
  1588. dir = CCP_CIPHER_DIR_ENCRYPT;
  1589. else
  1590. dir = CCP_CIPHER_DIR_DECRYPT;
  1591. /* Zero initial GHASH portion of context */
  1592. memset(s->blkcipher.iv, 0, sizeof(s->blkcipher.iv));
  1593. /* Gather IV data */
  1594. csp = crypto_get_params(crp->crp_session);
  1595. ccp_collect_iv(crp, csp, s->blkcipher.iv);
  1596. /* Reverse order of key material for HW */
  1597. ccp_byteswap(s->blkcipher.enckey, s->blkcipher.key_len);
  1598. /* Prepare input buffer of concatenated lengths for final GHASH */
  1599. be64enc(s->gmac.final_block, (uint64_t)crp->crp_aad_length * 8);
  1600. be64enc(&s->gmac.final_block[8], (uint64_t)crp->crp_payload_length * 8);
  1601. /* Send IV + initial zero GHASH, key data, and lengths buffer to LSB */
  1602. error = ccp_do_pst_to_lsb(qp, ccp_queue_lsb_address(qp, LSB_ENTRY_IV),
  1603. s->blkcipher.iv, 32);
  1604. if (error != 0)
  1605. return (error);
  1606. error = ccp_do_pst_to_lsb(qp, ccp_queue_lsb_address(qp, LSB_ENTRY_KEY),
  1607. s->blkcipher.enckey, s->blkcipher.key_len);
  1608. if (error != 0)
  1609. return (error);
  1610. error = ccp_do_pst_to_lsb(qp,
  1611. ccp_queue_lsb_address(qp, LSB_ENTRY_GHASH_IN), s->gmac.final_block,
  1612. GMAC_BLOCK_LEN);
  1613. if (error != 0)
  1614. return (error);
  1615. /* First step - compute GHASH over AAD */
  1616. if (crp->crp_aad_length != 0) {
  1617. sglist_reset(qp->cq_sg_ulptx);
  1618. error = sglist_append_sglist(qp->cq_sg_ulptx, qp->cq_sg_crp,
  1619. crp->crp_aad_start, crp->crp_aad_length);
  1620. if (error != 0)
  1621. return (error);
  1622. /* This engine cannot process non-block multiple AAD data. */
  1623. for (i = 0; i < qp->cq_sg_ulptx->sg_nseg; i++)
  1624. if ((qp->cq_sg_ulptx->sg_segs[i].ss_len %
  1625. GMAC_BLOCK_LEN) != 0) {
  1626. DPRINTF(dev, "%s: AD seg modulo: %zu\n",
  1627. __func__,
  1628. qp->cq_sg_ulptx->sg_segs[i].ss_len);
  1629. return (EINVAL);
  1630. }
  1631. error = ccp_do_ghash_aad(qp, s);
  1632. if (error != 0)
  1633. return (error);
  1634. }
  1635. /* Feed data piece by piece into GCTR */
  1636. sglist_reset(qp->cq_sg_ulptx);
  1637. error = sglist_append_sglist(qp->cq_sg_ulptx, qp->cq_sg_crp,
  1638. crp->crp_payload_start, crp->crp_payload_length);
  1639. if (error != 0)
  1640. return (error);
  1641. /*
  1642. * All segments except the last must be even multiples of AES block
  1643. * size for the HW to process it. Non-compliant inputs aren't bogus,
  1644. * just not doable on this hardware.
  1645. *
  1646. * XXX: Well, the hardware will produce a valid tag for shorter final
  1647. * segment inputs, but it will still write out a block-sized plaintext
  1648. * or ciphertext chunk. For a typical CRP this tramples trailing data,
  1649. * including the provided message tag. So, reject such inputs for now.
  1650. */
  1651. for (i = 0; i < qp->cq_sg_ulptx->sg_nseg; i++)
  1652. if ((qp->cq_sg_ulptx->sg_segs[i].ss_len % AES_BLOCK_LEN) != 0) {
  1653. DPRINTF(dev, "%s: seg modulo: %zu\n", __func__,
  1654. qp->cq_sg_ulptx->sg_segs[i].ss_len);
  1655. return (EINVAL);
  1656. }
  1657. for (i = 0; i < qp->cq_sg_ulptx->sg_nseg; i++) {
  1658. struct sglist_seg *seg;
  1659. seg = &qp->cq_sg_ulptx->sg_segs[i];
  1660. error = ccp_do_gctr(qp, s, dir, seg,
  1661. (i == 0 && crp->crp_aad_length == 0),
  1662. i == (qp->cq_sg_ulptx->sg_nseg - 1));
  1663. if (error != 0)
  1664. return (error);
  1665. }
  1666. /* Send just initial IV (not GHASH!) to LSB again */
  1667. error = ccp_do_pst_to_lsb(qp, ccp_queue_lsb_address(qp, LSB_ENTRY_IV),
  1668. s->blkcipher.iv, AES_BLOCK_LEN);
  1669. if (error != 0)
  1670. return (error);
  1671. ctx.callback_fn = ccp_gcm_done;
  1672. ctx.session = s;
  1673. ctx.callback_arg = crp;
  1674. /* Compute final hash and copy result back */
  1675. error = ccp_do_ghash_final(qp, s);
  1676. if (error != 0)
  1677. return (error);
  1678. /* When encrypting, copy computed tag out to caller buffer. */
  1679. sglist_reset(qp->cq_sg_ulptx);
  1680. if (dir == CCP_CIPHER_DIR_ENCRYPT)
  1681. error = sglist_append_sglist(qp->cq_sg_ulptx, qp->cq_sg_crp,
  1682. crp->crp_digest_start, s->gmac.hash_len);
  1683. else
  1684. /*
  1685. * For decrypting, copy the computed tag out to our session
  1686. * buffer to verify in our callback.
  1687. */
  1688. error = sglist_append(qp->cq_sg_ulptx, s->gmac.final_block,
  1689. s->gmac.hash_len);
  1690. if (error != 0)
  1691. return (error);
  1692. error = ccp_passthrough_sgl(qp,
  1693. ccp_queue_lsb_address(qp, LSB_ENTRY_GHASH), false, qp->cq_sg_ulptx,
  1694. s->gmac.hash_len, true, &ctx);
  1695. return (error);
  1696. }
  1697. #define MAX_TRNG_RETRIES 10
  1698. u_int
  1699. random_ccp_read(void *v, u_int c)
  1700. {
  1701. uint32_t *buf;
  1702. u_int i, j;
  1703. KASSERT(c % sizeof(*buf) == 0, ("%u not multiple of u_long", c));
  1704. buf = v;
  1705. for (i = c; i > 0; i -= sizeof(*buf)) {
  1706. for (j = 0; j < MAX_TRNG_RETRIES; j++) {
  1707. *buf = ccp_read_4(g_ccp_softc, TRNG_OUT_OFFSET);
  1708. if (*buf != 0)
  1709. break;
  1710. }
  1711. if (j == MAX_TRNG_RETRIES)
  1712. return (0);
  1713. buf++;
  1714. }
  1715. return (c);
  1716. }
  1717. #ifdef DDB
  1718. void
  1719. db_ccp_show_hw(struct ccp_softc *sc)
  1720. {
  1721. db_printf(" queue mask: 0x%x\n",
  1722. ccp_read_4(sc, CMD_QUEUE_MASK_OFFSET));
  1723. db_printf(" queue prio: 0x%x\n",
  1724. ccp_read_4(sc, CMD_QUEUE_PRIO_OFFSET));
  1725. db_printf(" reqid: 0x%x\n", ccp_read_4(sc, CMD_REQID_CONFIG_OFFSET));
  1726. db_printf(" trng output: 0x%x\n", ccp_read_4(sc, TRNG_OUT_OFFSET));
  1727. db_printf(" cmd timeout: 0x%x\n",
  1728. ccp_read_4(sc, CMD_CMD_TIMEOUT_OFFSET));
  1729. db_printf(" lsb public mask lo: 0x%x\n",
  1730. ccp_read_4(sc, LSB_PUBLIC_MASK_LO_OFFSET));
  1731. db_printf(" lsb public mask hi: 0x%x\n",
  1732. ccp_read_4(sc, LSB_PUBLIC_MASK_HI_OFFSET));
  1733. db_printf(" lsb private mask lo: 0x%x\n",
  1734. ccp_read_4(sc, LSB_PRIVATE_MASK_LO_OFFSET));
  1735. db_printf(" lsb private mask hi: 0x%x\n",
  1736. ccp_read_4(sc, LSB_PRIVATE_MASK_HI_OFFSET));
  1737. db_printf(" version: 0x%x\n", ccp_read_4(sc, VERSION_REG));
  1738. }
  1739. void
  1740. db_ccp_show_queue_hw(struct ccp_queue *qp)
  1741. {
  1742. const struct ccp_error_code *ec;
  1743. struct ccp_softc *sc;
  1744. uint32_t status, error, esource, faultblock, headlo, qcontrol;
  1745. unsigned q, i;
  1746. sc = qp->cq_softc;
  1747. q = qp->cq_qindex;
  1748. qcontrol = ccp_read_queue_4(sc, q, CMD_Q_CONTROL_BASE);
  1749. db_printf(" qcontrol: 0x%x%s%s\n", qcontrol,
  1750. (qcontrol & CMD_Q_RUN) ? " RUN" : "",
  1751. (qcontrol & CMD_Q_HALTED) ? " HALTED" : "");
  1752. db_printf(" tail_lo: 0x%x\n",
  1753. ccp_read_queue_4(sc, q, CMD_Q_TAIL_LO_BASE));
  1754. headlo = ccp_read_queue_4(sc, q, CMD_Q_HEAD_LO_BASE);
  1755. db_printf(" head_lo: 0x%x\n", headlo);
  1756. db_printf(" int enable: 0x%x\n",
  1757. ccp_read_queue_4(sc, q, CMD_Q_INT_ENABLE_BASE));
  1758. db_printf(" interrupt status: 0x%x\n",
  1759. ccp_read_queue_4(sc, q, CMD_Q_INTERRUPT_STATUS_BASE));
  1760. status = ccp_read_queue_4(sc, q, CMD_Q_STATUS_BASE);
  1761. db_printf(" status: 0x%x\n", status);
  1762. db_printf(" int stats: 0x%x\n",
  1763. ccp_read_queue_4(sc, q, CMD_Q_INT_STATUS_BASE));
  1764. error = status & STATUS_ERROR_MASK;
  1765. if (error == 0)
  1766. return;
  1767. esource = (status >> STATUS_ERRORSOURCE_SHIFT) &
  1768. STATUS_ERRORSOURCE_MASK;
  1769. faultblock = (status >> STATUS_VLSB_FAULTBLOCK_SHIFT) &
  1770. STATUS_VLSB_FAULTBLOCK_MASK;
  1771. ec = NULL;
  1772. for (i = 0; i < nitems(ccp_error_codes); i++)
  1773. if (ccp_error_codes[i].ce_code == error)
  1774. break;
  1775. if (i < nitems(ccp_error_codes))
  1776. ec = &ccp_error_codes[i];
  1777. db_printf(" Error: %s (%u) Source: %u Faulting LSB block: %u\n",
  1778. (ec != NULL) ? ec->ce_name : "(reserved)", error, esource,
  1779. faultblock);
  1780. if (ec != NULL)
  1781. db_printf(" Error description: %s\n", ec->ce_desc);
  1782. i = (headlo - (uint32_t)qp->desc_ring_bus_addr) / Q_DESC_SIZE;
  1783. db_printf(" Bad descriptor idx: %u contents:\n %32D\n", i,
  1784. (void *)&qp->desc_ring[i], " ");
  1785. }
  1786. #endif