diff options
author | sam <sam@FreeBSD.org> | 2002-10-04 20:32:37 +0000 |
---|---|---|
committer | sam <sam@FreeBSD.org> | 2002-10-04 20:32:37 +0000 |
commit | 7e497f5bab9627d82a1bb4427bc66bbf756d9f64 (patch) | |
tree | 5f15e4f5bf761395499a45c6bc42f4db2d95a11d /sys/dev/hifn/hifn7751var.h | |
parent | 91416784e40204fddb837d3327a21b7fe803599b (diff) | |
download | FreeBSD-src-7e497f5bab9627d82a1bb4427bc66bbf756d9f64.zip FreeBSD-src-7e497f5bab9627d82a1bb4427bc66bbf756d9f64.tar.gz |
Crypto device driver for hifn-based cards. Tested with 7951-, and 7811-based
cards. Claimed to support many others.
Obtained from: openbsd
Diffstat (limited to 'sys/dev/hifn/hifn7751var.h')
-rw-r--r-- | sys/dev/hifn/hifn7751var.h | 356 |
1 files changed, 356 insertions, 0 deletions
diff --git a/sys/dev/hifn/hifn7751var.h b/sys/dev/hifn/hifn7751var.h new file mode 100644 index 0000000..e7ff4a3 --- /dev/null +++ b/sys/dev/hifn/hifn7751var.h @@ -0,0 +1,356 @@ +/* $FreeBSD$ */ +/* $OpenBSD: hifn7751var.h,v 1.42 2002/04/08 17:49:42 jason Exp $ */ + +/* + * Invertex AEON / Hifn 7751 driver + * Copyright (c) 1999 Invertex Inc. All rights reserved. + * Copyright (c) 1999 Theo de Raadt + * Copyright (c) 2000-2001 Network Security Technologies, Inc. + * http://www.netsec.net + * + * Please send any comments, feedback, bug-fixes, or feature requests to + * software@invertex.com. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * + */ + +#ifndef __HIFN7751VAR_H__ +#define __HIFN7751VAR_H__ + +#ifdef _KERNEL + +/* + * Some configurable values for the driver. By default command+result + * descriptor rings are the same size. The src+dst descriptor rings + * are sized at 3.5x the number of potential commands. Slower parts + * (e.g. 7951) tend to run out of src descriptors; faster parts (7811) + * src+cmd/result descriptors. It's not clear that increasing the size + * of the descriptor rings helps performance significantly as other + * factors tend to come into play (e.g. copying misaligned packets). + */ +#define HIFN_D_CMD_RSIZE 24 /* command descriptors */ +#define HIFN_D_SRC_RSIZE ((HIFN_D_CMD_RSIZE * 7) / 2) /* source descriptors */ +#define HIFN_D_RES_RSIZE HIFN_D_CMD_RSIZE /* result descriptors */ +#define HIFN_D_DST_RSIZE HIFN_D_SRC_RSIZE /* destination descriptors */ + +/* + * Length values for cryptography + */ +#define HIFN_DES_KEY_LENGTH 8 +#define HIFN_3DES_KEY_LENGTH 24 +#define HIFN_MAX_CRYPT_KEY_LENGTH HIFN_3DES_KEY_LENGTH +#define HIFN_IV_LENGTH 8 + +/* + * Length values for authentication + */ +#define HIFN_MAC_KEY_LENGTH 64 +#define HIFN_MD5_LENGTH 16 +#define HIFN_SHA1_LENGTH 20 +#define HIFN_MAC_TRUNC_LENGTH 12 + +#define MAX_SCATTER 64 + +/* + * Data structure to hold all 4 rings and any other ring related data. + */ +struct hifn_dma { + /* + * Descriptor rings. We add +1 to the size to accomidate the + * jump descriptor. + */ + struct hifn_desc cmdr[HIFN_D_CMD_RSIZE+1]; + struct hifn_desc srcr[HIFN_D_SRC_RSIZE+1]; + struct hifn_desc dstr[HIFN_D_DST_RSIZE+1]; + struct hifn_desc resr[HIFN_D_RES_RSIZE+1]; + + struct hifn_command *hifn_commands[HIFN_D_RES_RSIZE]; + + u_char command_bufs[HIFN_D_CMD_RSIZE][HIFN_MAX_COMMAND]; + u_char result_bufs[HIFN_D_CMD_RSIZE][HIFN_MAX_RESULT]; + u_int32_t slop[HIFN_D_CMD_RSIZE]; + + u_int64_t test_src, test_dst; + + /* + * Our current positions for insertion and removal from the desriptor + * rings. + */ + int cmdi, srci, dsti, resi; + volatile int cmdu, srcu, dstu, resu; + int cmdk, srck, dstk, resk; +}; + +struct hifn_session { + int hs_state; + int hs_prev_op; /* XXX collapse into hs_flags? */ + u_int8_t hs_iv[HIFN_IV_LENGTH]; +}; + +#define HIFN_RING_SYNC(sc, r, i, f) \ + bus_dmamap_sync((sc)->sc_dmat, (sc)->sc_dmamap, (f)) + +#define HIFN_CMDR_SYNC(sc, i, f) HIFN_RING_SYNC((sc), cmdr, (i), (f)) +#define HIFN_RESR_SYNC(sc, i, f) HIFN_RING_SYNC((sc), resr, (i), (f)) +#define HIFN_SRCR_SYNC(sc, i, f) HIFN_RING_SYNC((sc), srcr, (i), (f)) +#define HIFN_DSTR_SYNC(sc, i, f) HIFN_RING_SYNC((sc), dstr, (i), (f)) + +#define HIFN_CMD_SYNC(sc, i, f) \ + bus_dmamap_sync((sc)->sc_dmat, (sc)->sc_dmamap, (f)) + +#define HIFN_RES_SYNC(sc, i, f) \ + bus_dmamap_sync((sc)->sc_dmat, (sc)->sc_dmamap, (f)) + +/* We use a state machine to on sessions */ +#define HS_STATE_FREE 0 /* unused session entry */ +#define HS_STATE_USED 1 /* allocated, but key not on card */ +#define HS_STATE_KEY 2 /* allocated and key is on card */ + +/* + * Holds data specific to a single HIFN board. + */ +struct hifn_softc { + device_t sc_dev; /* device backpointer */ + struct mtx sc_mtx; /* per-instance lock */ + bus_dma_tag_t sc_dmat; /* parent DMA tag decriptor */ + struct resource *sc_bar0res; + bus_space_handle_t sc_sh0; /* bar0 bus space handle */ + bus_space_tag_t sc_st0; /* bar0 bus space tag */ + bus_size_t sc_bar0_lastreg;/* bar0 last reg written */ + struct resource *sc_bar1res; + bus_space_handle_t sc_sh1; /* bar1 bus space handle */ + bus_space_tag_t sc_st1; /* bar1 bus space tag */ + bus_size_t sc_bar1_lastreg;/* bar1 last reg written */ + struct resource *sc_irq; + void *sc_intrhand; /* interrupt handle */ + + u_int32_t sc_dmaier; + u_int32_t sc_drammodel; /* 1=dram, 0=sram */ + + + struct hifn_dma *sc_dma; + bus_dmamap_t sc_dmamap; + bus_dma_segment_t sc_dmasegs[1]; + bus_addr_t sc_dma_physaddr;/* physical address of sc_dma */ + int sc_dmansegs; + int32_t sc_cid; + int sc_maxses; + int sc_ramsize; + int sc_flags; +#define HIFN_HAS_RNG 0x1 /* includes random number generator */ +#define HIFN_HAS_PUBLIC 0x2 /* includes public key support */ +#define HIFN_IS_7811 0x4 /* Hifn 7811 part */ + struct callout sc_rngto; /* for polling RNG */ + struct callout sc_tickto; /* for managing DMA */ + int sc_rngfirst; + int sc_rnghz; /* RNG polling frequency */ + int sc_c_busy; /* command ring busy */ + int sc_s_busy; /* source data ring busy */ + int sc_d_busy; /* destination data ring busy */ + int sc_r_busy; /* result ring busy */ + int sc_active; /* for initial countdown */ + int sc_needwakeup; /* ops q'd wating on resources */ + int sc_curbatch; /* # ops submitted w/o int */ + int sc_suspended; + struct hifn_session sc_sessions[2048]; +}; + +#define HIFN_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx) +#define HIFN_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx) + +/* + * hifn_command_t + * + * This is the control structure used to pass commands to hifn_encrypt(). + * + * flags + * ----- + * Flags is the bitwise "or" values for command configuration. A single + * encrypt direction needs to be set: + * + * HIFN_ENCODE or HIFN_DECODE + * + * To use cryptography, a single crypto algorithm must be included: + * + * HIFN_CRYPT_3DES or HIFN_CRYPT_DES + * + * To use authentication is used, a single MAC algorithm must be included: + * + * HIFN_MAC_MD5 or HIFN_MAC_SHA1 + * + * By default MD5 uses a 16 byte hash and SHA-1 uses a 20 byte hash. + * If the value below is set, hash values are truncated or assumed + * truncated to 12 bytes: + * + * HIFN_MAC_TRUNC + * + * Keys for encryption and authentication can be sent as part of a command, + * or the last key value used with a particular session can be retrieved + * and used again if either of these flags are not specified. + * + * HIFN_CRYPT_NEW_KEY, HIFN_MAC_NEW_KEY + * + * session_num + * ----------- + * A number between 0 and 2048 (for DRAM models) or a number between + * 0 and 768 (for SRAM models). Those who don't want to use session + * numbers should leave value at zero and send a new crypt key and/or + * new MAC key on every command. If you use session numbers and + * don't send a key with a command, the last key sent for that same + * session number will be used. + * + * Warning: Using session numbers and multiboard at the same time + * is currently broken. + * + * mbuf + * ---- + * Either fill in the mbuf pointer and npa=0 or + * fill packp[] and packl[] and set npa to > 0 + * + * mac_header_skip + * --------------- + * The number of bytes of the source_buf that are skipped over before + * authentication begins. This must be a number between 0 and 2^16-1 + * and can be used by IPsec implementers to skip over IP headers. + * *** Value ignored if authentication not used *** + * + * crypt_header_skip + * ----------------- + * The number of bytes of the source_buf that are skipped over before + * the cryptographic operation begins. This must be a number between 0 + * and 2^16-1. For IPsec, this number will always be 8 bytes larger + * than the auth_header_skip (to skip over the ESP header). + * *** Value ignored if cryptography not used *** + * + */ +struct hifn_operand { + union { + struct mbuf *m; + struct uio *io; + } u; + bus_dmamap_t map; + bus_size_t mapsize; + int nsegs; + bus_dma_segment_t segs[MAX_SCATTER]; +}; +struct hifn_command { + u_int16_t session_num; + u_int16_t base_masks, cry_masks, mac_masks; + u_int8_t iv[HIFN_IV_LENGTH], *ck, mac[HIFN_MAC_KEY_LENGTH]; + int cklen; + int sloplen, slopidx; + + struct hifn_operand src; + struct hifn_operand dst; + + struct hifn_softc *softc; + struct cryptop *crp; + struct cryptodesc *enccrd, *maccrd; +}; + +#define src_m src.u.m +#define src_io src.u.io +#define src_map src.map +#define src_mapsize src.mapsize +#define src_segs src.segs +#define src_nsegs src.nsegs + +#define dst_m dst.u.m +#define dst_io dst.u.io +#define dst_map dst.map +#define dst_mapsize dst.mapsize +#define dst_segs dst.segs +#define dst_nsegs dst.nsegs + +/* + * Return values for hifn_crypto() + */ +#define HIFN_CRYPTO_SUCCESS 0 +#define HIFN_CRYPTO_BAD_INPUT (-1) +#define HIFN_CRYPTO_RINGS_FULL (-2) + +/************************************************************************** + * + * Function: hifn_crypto + * + * Purpose: Called by external drivers to begin an encryption on the + * HIFN board. + * + * Blocking/Non-blocking Issues + * ============================ + * The driver cannot block in hifn_crypto (no calls to tsleep) currently. + * hifn_crypto() returns HIFN_CRYPTO_RINGS_FULL if there is not enough + * room in any of the rings for the request to proceed. + * + * Return Values + * ============= + * 0 for success, negative values on error + * + * Defines for negative error codes are: + * + * HIFN_CRYPTO_BAD_INPUT : The passed in command had invalid settings. + * HIFN_CRYPTO_RINGS_FULL : All DMA rings were full and non-blocking + * behaviour was requested. + * + *************************************************************************/ + +/* + * Convert back and forth from 'sid' to 'card' and 'session' + */ +#define HIFN_CARD(sid) (((sid) & 0xf0000000) >> 28) +#define HIFN_SESSION(sid) ((sid) & 0x000007ff) +#define HIFN_SID(crd,ses) (((crd) << 28) | ((ses) & 0x7ff)) + +#endif /* _KERNEL */ + +struct hifn_stats { + u_int64_t hst_ibytes; + u_int64_t hst_obytes; + u_int32_t hst_ipackets; + u_int32_t hst_opackets; + u_int32_t hst_invalid; + u_int32_t hst_nomem; /* malloc or one of hst_nomem_* */ + u_int32_t hst_abort; + u_int32_t hst_noirq; /* IRQ for no reason */ + u_int32_t hst_totbatch; /* ops submitted w/o interrupt */ + u_int32_t hst_maxbatch; /* max ops submitted together */ + u_int32_t hst_unaligned; /* unaligned src caused copy */ + /* + * The following divides hst_nomem into more specific buckets. + */ + u_int32_t hst_nomem_map; /* bus_dmamap_create failed */ + u_int32_t hst_nomem_load; /* bus_dmamap_load_* failed */ + u_int32_t hst_nomem_mbuf; /* MGET* failed */ + u_int32_t hst_nomem_mcl; /* MCLGET* failed */ + u_int32_t hst_nomem_cr; /* out of command/result descriptor */ + u_int32_t hst_nomem_sd; /* out of src/dst descriptors */ +}; + +#endif /* __HIFN7751VAR_H__ */ |