mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-13 10:02:38 +00:00
5bdb8b273a
The context record contains key material precomputed by the driver at session creation time. Rather than storing various components of the context record in each session, go a bit further and store the full context record image so that safexcel_process() can simply copy the image into each request submitted to the hardware. This simplifies the data path and eliminates a bunch of unnecessary conditional logic that was getting executed for each request. MFC after: 1 week Sponsored by: Rubicon Communications, LLC (Netgate)
431 lines
13 KiB
C
431 lines
13 KiB
C
/*-
|
|
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
|
|
*
|
|
* Copyright (c) 2020 Rubicon Communications, LLC (Netgate)
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*
|
|
* $FreeBSD$
|
|
*/
|
|
|
|
#ifndef _SAFEXCEL_VAR_H_
|
|
#define _SAFEXCEL_VAR_H_
|
|
|
|
#include <sys/counter.h>
|
|
|
|
#define SAFEXCEL_MAX_RINGS 4
|
|
#define SAFEXCEL_MAX_BATCH_SIZE 64
|
|
#define SAFEXCEL_MAX_FRAGMENTS 64
|
|
#define SAFEXCEL_MAX_IV_LEN 16
|
|
#define SAFEXCEL_MAX_REQUEST_SIZE 65535
|
|
|
|
#define SAFEXCEL_RING_SIZE 512
|
|
#define SAFEXCEL_MAX_ITOKENS 4
|
|
#define SAFEXCEL_MAX_ATOKENS 16
|
|
#define SAFEXCEL_FETCH_COUNT 1
|
|
#define SAFEXCEL_MAX_KEY_LEN 32
|
|
#define SAFEXCEL_MAX_RING_AIC 14
|
|
|
|
/*
|
|
* Context Record format.
|
|
*
|
|
* In this driver the context control words are always set in the control data.
|
|
* This helps optimize fetching of the context record. This is configured by
|
|
* setting SAFEXCEL_OPTION_CTX_CTRL_IN_CMD.
|
|
*/
|
|
struct safexcel_context_record {
|
|
uint32_t control0; /* Unused. */
|
|
uint32_t control1; /* Unused. */
|
|
uint32_t data[40]; /* Key material. */
|
|
} __packed;
|
|
|
|
/* Processing Engine Control Data format. */
|
|
struct safexcel_control_data {
|
|
uint32_t packet_length : 17;
|
|
uint32_t options : 13;
|
|
uint32_t type : 2;
|
|
|
|
uint16_t application_id;
|
|
uint16_t rsvd;
|
|
|
|
uint32_t context_lo;
|
|
uint32_t context_hi;
|
|
|
|
uint32_t control0;
|
|
uint32_t control1;
|
|
|
|
/* Inline instructions or IV. */
|
|
uint32_t token[SAFEXCEL_MAX_ITOKENS];
|
|
} __packed;
|
|
|
|
/*
|
|
* Basic Command Descriptor.
|
|
*
|
|
* The Processing Engine and driver cooperate to maintain a set of command
|
|
* rings, representing outstanding crypto operation requests. Each descriptor
|
|
* corresponds to an input data segment, and thus a single crypto(9) request may
|
|
* span several contiguous command descriptors.
|
|
*
|
|
* The first command descriptor for a request stores the input token, which
|
|
* encodes data specific to the requested operation, such as the encryption
|
|
* mode. For some operations data is passed outside the descriptor, in a
|
|
* context record (e.g., encryption keys), or in an "additional token data"
|
|
* region (e.g., instructions).
|
|
*/
|
|
struct safexcel_cmd_descr {
|
|
uint32_t particle_size : 17;
|
|
uint32_t rsvd0 : 5;
|
|
uint32_t last_seg : 1;
|
|
uint32_t first_seg : 1;
|
|
uint32_t additional_cdata_size : 8;
|
|
uint32_t rsvd1;
|
|
|
|
uint32_t data_lo;
|
|
uint32_t data_hi;
|
|
|
|
uint32_t atok_lo;
|
|
uint32_t atok_hi;
|
|
|
|
struct safexcel_control_data control_data;
|
|
} __packed;
|
|
|
|
/* Context control word 0 fields. */
|
|
#define SAFEXCEL_CONTROL0_TYPE_NULL_OUT 0x0
|
|
#define SAFEXCEL_CONTROL0_TYPE_NULL_IN 0x1
|
|
#define SAFEXCEL_CONTROL0_TYPE_HASH_OUT 0x2
|
|
#define SAFEXCEL_CONTROL0_TYPE_HASH_IN 0x3
|
|
#define SAFEXCEL_CONTROL0_TYPE_CRYPTO_OUT 0x4
|
|
#define SAFEXCEL_CONTROL0_TYPE_CRYPTO_IN 0x5
|
|
#define SAFEXCEL_CONTROL0_TYPE_ENCRYPT_HASH_OUT 0x6
|
|
#define SAFEXCEL_CONTROL0_TYPE_DECRYPT_HASH_IN 0x7
|
|
#define SAFEXCEL_CONTROL0_TYPE_HASH_ENCRYPT_OUT 0xe
|
|
#define SAFEXCEL_CONTROL0_TYPE_HASH_DECRYPT_IN 0xf
|
|
#define SAFEXCEL_CONTROL0_RESTART_HASH (1 << 4)
|
|
#define SAFEXCEL_CONTROL0_NO_FINISH_HASH (1 << 5)
|
|
#define SAFEXCEL_CONTROL0_SIZE(n) (((n) & 0xff) << 8)
|
|
#define SAFEXCEL_CONTROL0_KEY_EN (1 << 16)
|
|
#define SAFEXCEL_CONTROL0_CRYPTO_ALG_AES128 (0x5 << 17)
|
|
#define SAFEXCEL_CONTROL0_CRYPTO_ALG_AES192 (0x6 << 17)
|
|
#define SAFEXCEL_CONTROL0_CRYPTO_ALG_AES256 (0x7 << 17)
|
|
#define SAFEXCEL_CONTROL0_DIGEST_PRECOMPUTED (0x1 << 21)
|
|
#define SAFEXCEL_CONTROL0_DIGEST_CCM (0x2 << 21)
|
|
#define SAFEXCEL_CONTROL0_DIGEST_GMAC (0x2 << 21)
|
|
#define SAFEXCEL_CONTROL0_DIGEST_HMAC (0x3 << 21)
|
|
#define SAFEXCEL_CONTROL0_HASH_ALG_SHA1 (0x2 << 23)
|
|
#define SAFEXCEL_CONTROL0_HASH_ALG_SHA224 (0x4 << 23)
|
|
#define SAFEXCEL_CONTROL0_HASH_ALG_SHA256 (0x3 << 23)
|
|
#define SAFEXCEL_CONTROL0_HASH_ALG_SHA384 (0x6 << 23)
|
|
#define SAFEXCEL_CONTROL0_HASH_ALG_SHA512 (0x5 << 23)
|
|
#define SAFEXCEL_CONTROL0_HASH_ALG_XCBC128 (0x1 << 23)
|
|
#define SAFEXCEL_CONTROL0_HASH_ALG_XCBC192 (0x2 << 23)
|
|
#define SAFEXCEL_CONTROL0_HASH_ALG_XCBC256 (0x3 << 23)
|
|
#define SAFEXCEL_CONTROL0_HASH_ALG_GHASH (0x4 << 23)
|
|
#define SAFEXCEL_CONTROL0_INV_FR (0x5 << 24)
|
|
#define SAFEXCEL_CONTROL0_INV_TR (0x6 << 24)
|
|
|
|
/* Context control word 1 fields. */
|
|
#define SAFEXCEL_CONTROL1_CRYPTO_MODE_ECB 0x0
|
|
#define SAFEXCEL_CONTROL1_CRYPTO_MODE_CBC 0x1
|
|
#define SAFEXCEL_CONTROL1_CRYPTO_MODE_ICM 0x3
|
|
#define SAFEXCEL_CONTROL1_CRYPTO_MODE_OFB 0x4
|
|
#define SAFEXCEL_CONTROL1_CRYPTO_MODE_CFB128 0x5
|
|
#define SAFEXCEL_CONTROL1_CRYPTO_MODE_CTR 0x6
|
|
#define SAFEXCEL_CONTROL1_CRYPTO_MODE_XTS 0x7
|
|
#define SAFEXCEL_CONTROL1_CRYPTO_MODE_CCM (0x6 | (1 << 17))
|
|
#define SAFEXCEL_CONTROL1_CRYPTO_MODE_GCM (0x6 | (1 << 17))
|
|
#define SAFEXCEL_CONTROL1_IV0 (1u << 5)
|
|
#define SAFEXCEL_CONTROL1_IV1 (1u << 6)
|
|
#define SAFEXCEL_CONTROL1_IV2 (1u << 7)
|
|
#define SAFEXCEL_CONTROL1_IV3 (1u << 8)
|
|
#define SAFEXCEL_CONTROL1_DIGEST_CNT (1u << 9)
|
|
#define SAFEXCEL_CONTROL1_COUNTER_MODE (1u << 10)
|
|
#define SAFEXCEL_CONTROL1_ENCRYPT_HASH_RES (1u << 17)
|
|
#define SAFEXCEL_CONTROL1_HASH_STORE (1u << 19)
|
|
|
|
/* Control options. */
|
|
#define SAFEXCEL_OPTION_IP (1u << 0) /* must be set */
|
|
#define SAFEXCEL_OPTION_CP (1u << 1) /* 64-bit ctx addr */
|
|
#define SAFEXCEL_OPTION_RC_AUTO (2u << 3) /* auto ctx reuse */
|
|
#define SAFEXCEL_OPTION_CTX_CTRL_IN_CMD (1u << 8) /* ctx ctrl */
|
|
#define SAFEXCEL_OPTION_4_TOKEN_IV_CMD 0xe00 /* IV in bypass */
|
|
|
|
struct safexcel_res_data {
|
|
uint32_t packet_length : 17;
|
|
uint32_t error_code : 15;
|
|
|
|
uint32_t bypass_length : 4;
|
|
uint32_t e15 : 1;
|
|
uint32_t rsvd0 : 16;
|
|
uint32_t hash_bytes : 1;
|
|
uint32_t hash_length : 6;
|
|
uint32_t generic_bytes : 1;
|
|
uint32_t checksum : 1;
|
|
uint32_t next_header : 1;
|
|
uint32_t length : 1;
|
|
|
|
uint16_t application_id;
|
|
uint16_t rsvd1;
|
|
|
|
uint32_t rsvd2;
|
|
};
|
|
|
|
/* Basic Result Descriptor format */
|
|
struct safexcel_res_descr {
|
|
uint32_t particle_size : 17;
|
|
uint32_t rsvd0 : 3;
|
|
uint32_t descriptor_overflow : 1;
|
|
uint32_t buffer_overflow : 1;
|
|
uint32_t last_seg : 1;
|
|
uint32_t first_seg : 1;
|
|
uint32_t result_size : 8;
|
|
|
|
uint32_t rsvd1;
|
|
|
|
uint32_t data_lo;
|
|
uint32_t data_hi;
|
|
|
|
struct safexcel_res_data result_data;
|
|
} __packed;
|
|
|
|
/* Result data error codes. */
|
|
#define SAFEXCEL_RESULT_ERR_PACKET_LEN (1u << 0)
|
|
#define SAFEXCEL_RESULT_ERR_TOKEN_ERROR (1u << 1)
|
|
#define SAFEXCEL_RESULT_ERR_BYPASS (1u << 2)
|
|
#define SAFEXCEL_RESULT_ERR_CRYPTO_BLOCK_SIZE (1u << 3)
|
|
#define SAFEXCEL_RESULT_ERR_HASH_BLOCK_SIZE (1u << 4)
|
|
#define SAFEXCEL_RESULT_ERR_INVALID_CMD (1u << 5)
|
|
#define SAFEXCEL_RESULT_ERR_PROHIBITED_ALGO (1u << 6)
|
|
#define SAFEXCEL_RESULT_ERR_HASH_INPUT_OVERFLOW (1u << 7)
|
|
#define SAFEXCEL_RESULT_ERR_TTL_UNDERFLOW (1u << 8)
|
|
#define SAFEXCEL_RESULT_ERR_AUTH_FAILED (1u << 9)
|
|
#define SAFEXCEL_RESULT_ERR_SEQNO_CHECK_FAILED (1u << 10)
|
|
#define SAFEXCEL_RESULT_ERR_SPI_CHECK (1u << 11)
|
|
#define SAFEXCEL_RESULT_ERR_CHECKSUM (1u << 12)
|
|
#define SAFEXCEL_RESULT_ERR_PAD_VERIFICATION (1u << 13)
|
|
#define SAFEXCEL_RESULT_ERR_TIMEOUT (1u << 14)
|
|
#define SAFEXCEL_RESULT_ERR_OUTPUT_DMA (1u << 15)
|
|
|
|
/*
|
|
* The EIP-96 (crypto transform engine) is programmed using a set of
|
|
* data processing instructions with the encodings defined below.
|
|
*/
|
|
struct safexcel_instr {
|
|
uint32_t length : 17; /* bytes to be processed */
|
|
uint32_t status : 2; /* stream status */
|
|
uint32_t instructions : 9;
|
|
uint32_t opcode : 4;
|
|
} __packed;
|
|
|
|
/* Type 1, operational data instructions. */
|
|
#define SAFEXCEL_INSTR_OPCODE_DIRECTION 0x0
|
|
#define SAFEXCEL_INSTR_OPCODE_PRE_CHECKSUM 0x1
|
|
#define SAFEXCEL_INSTR_OPCODE_INSERT 0x2
|
|
#define SAFEXCEL_INSTR_OPCODE_INSERT_CTX 0x9
|
|
#define SAFEXCEL_INSTR_OPCODE_REPLACE 0x3
|
|
#define SAFEXCEL_INSTR_OPCODE_RETRIEVE 0x4
|
|
#define SAFEXCEL_INSTR_OPCODE_MUTE 0x5
|
|
/* Type 2, IP header instructions. */
|
|
#define SAFEXCEL_INSTR_OPCODE_IPV4 0x7
|
|
#define SAFEXCEL_INSTR_OPCODE_IPV4_CHECKSUM 0x6
|
|
#define SAFEXCEL_INSTR_OPCODE_IPV6 0x8
|
|
/* Type 3, postprocessing instructions. */
|
|
#define SAFEXCEL_INSTR_OPCODE_INSERT_REMOVE_RESULT 0xa
|
|
#define SAFEXCEL_INSTR_OPCODE_REPLACE_BYTE 0xb
|
|
/* Type 4, result instructions. */
|
|
#define SAFEXCEL_INSTR_OPCODE_VERIFY_FIELDS 0xd
|
|
/* Type 5, context control instructions. */
|
|
#define SAFEXCEL_INSTR_OPCODE_CONTEXT_ACCESS 0xe
|
|
/* Type 6, context control instructions. */
|
|
#define SAFEXCEL_INSTR_OPCODE_BYPASS_TOKEN_DATA 0xf
|
|
|
|
/* Status bits for type 1 and 2 instructions. */
|
|
#define SAFEXCEL_INSTR_STATUS_LAST_HASH (1u << 0)
|
|
#define SAFEXCEL_INSTR_STATUS_LAST_PACKET (1u << 1)
|
|
/* Status bits for type 3 instructions. */
|
|
#define SAFEXCEL_INSTR_STATUS_NO_CKSUM_MOD (1u << 0)
|
|
|
|
/* Instruction-dependent flags. */
|
|
#define SAFEXCEL_INSTR_INSERT_HASH_DIGEST 0x1c
|
|
#define SAFEXCEL_INSTR_INSERT_IMMEDIATE 0x1b
|
|
#define SAFEXCEL_INSTR_DEST_OUTPUT (1u << 5)
|
|
#define SAFEXCEL_INSTR_DEST_HASH (1u << 6)
|
|
#define SAFEXCEL_INSTR_DEST_CRYPTO (1u << 7)
|
|
#define SAFEXCEL_INSTR_INS_LAST (1u << 8)
|
|
|
|
#define SAFEXCEL_INSTR_VERIFY_HASH (1u << 16)
|
|
#define SAFEXCEL_INSTR_VERIFY_PADDING (1u << 5)
|
|
|
|
#define SAFEXCEL_TOKEN_TYPE_BYPASS 0x0
|
|
#define SAFEXCEL_TOKEN_TYPE_AUTONOMOUS 0x3
|
|
|
|
#define SAFEXCEL_CONTEXT_SMALL 0x2
|
|
#define SAFEXCEL_CONTEXT_LARGE 0x3
|
|
|
|
struct safexcel_reg_offsets {
|
|
uint32_t hia_aic;
|
|
uint32_t hia_aic_g;
|
|
uint32_t hia_aic_r;
|
|
uint32_t hia_aic_xdr;
|
|
uint32_t hia_dfe;
|
|
uint32_t hia_dfe_thr;
|
|
uint32_t hia_dse;
|
|
uint32_t hia_dse_thr;
|
|
uint32_t hia_gen_cfg;
|
|
uint32_t pe;
|
|
};
|
|
|
|
struct safexcel_config {
|
|
uint32_t hdw; /* Host interface Data Width. */
|
|
uint32_t aic_rings; /* Number of AIC rings. */
|
|
uint32_t pes; /* Number of PEs. */
|
|
uint32_t rings; /* Number of rings. */
|
|
|
|
uint32_t cd_size; /* CDR descriptor size. */
|
|
uint32_t cd_offset; /* CDR offset (size + alignment). */
|
|
|
|
uint32_t rd_size; /* RDR descriptor size. */
|
|
uint32_t rd_offset; /* RDR offset. */
|
|
|
|
uint32_t atok_offset; /* Additional token offset. */
|
|
|
|
uint32_t caps; /* Device capabilities. */
|
|
};
|
|
|
|
#define SAFEXCEL_DPRINTF(sc, lvl, ...) do { \
|
|
if ((sc)->sc_debug >= (lvl)) \
|
|
device_printf((sc)->sc_dev, __VA_ARGS__); \
|
|
} while (0)
|
|
|
|
struct safexcel_dma_mem {
|
|
caddr_t vaddr;
|
|
bus_addr_t paddr;
|
|
bus_dma_tag_t tag;
|
|
bus_dmamap_t map;
|
|
};
|
|
|
|
struct safexcel_cmd_descr_ring {
|
|
struct safexcel_dma_mem dma;
|
|
struct safexcel_cmd_descr *desc;
|
|
int write;
|
|
int read;
|
|
};
|
|
|
|
struct safexcel_res_descr_ring {
|
|
struct safexcel_dma_mem dma;
|
|
struct safexcel_res_descr *desc;
|
|
int write;
|
|
int read;
|
|
};
|
|
|
|
struct safexcel_context_template {
|
|
struct safexcel_context_record ctx;
|
|
int len;
|
|
};
|
|
|
|
struct safexcel_session {
|
|
crypto_session_t cses;
|
|
uint32_t alg; /* cipher algorithm */
|
|
uint32_t digest; /* digest type */
|
|
uint32_t hash; /* hash algorithm */
|
|
uint32_t mode; /* cipher mode of operation */
|
|
unsigned int digestlen; /* digest length */
|
|
unsigned int statelen; /* HMAC hash state length */
|
|
|
|
struct safexcel_context_template encctx, decctx;
|
|
};
|
|
|
|
struct safexcel_softc;
|
|
|
|
struct safexcel_request {
|
|
STAILQ_ENTRY(safexcel_request) link;
|
|
bool dmap_loaded;
|
|
int ringidx;
|
|
bus_dmamap_t dmap;
|
|
int error;
|
|
int cdescs, rdescs;
|
|
uint8_t iv[SAFEXCEL_MAX_IV_LEN];
|
|
struct safexcel_cmd_descr *cdesc;
|
|
struct safexcel_dma_mem ctx;
|
|
struct safexcel_session *sess;
|
|
struct cryptop *crp;
|
|
struct safexcel_softc *sc;
|
|
};
|
|
|
|
struct safexcel_ring {
|
|
struct mtx mtx;
|
|
struct sglist *cmd_data;
|
|
struct safexcel_cmd_descr_ring cdr;
|
|
struct sglist *res_data;
|
|
struct safexcel_res_descr_ring rdr;
|
|
|
|
/* Shadows the command descriptor ring. */
|
|
struct safexcel_request requests[SAFEXCEL_RING_SIZE];
|
|
|
|
/* Count of requests pending submission. */
|
|
int pending;
|
|
int pending_cdesc, pending_rdesc;
|
|
|
|
/* Count of outstanding requests. */
|
|
int queued;
|
|
|
|
/* Requests were deferred due to a resource shortage. */
|
|
int blocked;
|
|
|
|
struct safexcel_dma_mem dma_atok;
|
|
bus_dma_tag_t data_dtag;
|
|
|
|
char lockname[32];
|
|
};
|
|
|
|
struct safexcel_intr_handle {
|
|
struct safexcel_softc *sc;
|
|
void *handle;
|
|
int ring;
|
|
};
|
|
|
|
struct safexcel_softc {
|
|
device_t sc_dev;
|
|
uint32_t sc_type; /* EIP-97 or 197 */
|
|
int sc_debug;
|
|
|
|
struct resource *sc_res;
|
|
struct resource *sc_intr[SAFEXCEL_MAX_RINGS];
|
|
struct safexcel_intr_handle sc_ih[SAFEXCEL_MAX_RINGS];
|
|
|
|
counter_u64_t sc_req_alloc_failures;
|
|
counter_u64_t sc_cdesc_alloc_failures;
|
|
counter_u64_t sc_rdesc_alloc_failures;
|
|
|
|
struct safexcel_ring sc_ring[SAFEXCEL_MAX_RINGS];
|
|
|
|
int32_t sc_cid;
|
|
struct safexcel_reg_offsets sc_offsets;
|
|
struct safexcel_config sc_config;
|
|
};
|
|
|
|
#define SAFEXCEL_WRITE(sc, off, val) bus_write_4((sc)->sc_res, (off), (val))
|
|
#define SAFEXCEL_READ(sc, off) bus_read_4((sc)->sc_res, (off))
|
|
|
|
#define SAFEXCEL_ADDR_LO(addr) ((uint64_t)(addr) & 0xffffffffu)
|
|
#define SAFEXCEL_ADDR_HI(addr) (((uint64_t)(addr) >> 32) & 0xffffffffu)
|
|
|
|
#endif /* _SAFEXCEL_VAR_H_ */
|