endef
$(eval $(call KernelPackage,crypto-mv-cesa))
+
+
+define KernelPackage/ocf-ubsec-ssb
+ TITLE:=BCM5365P IPSec Core driver
+ DEPENDS:=@TARGET_brcm47xx +kmod-crypto-ocf
+ KCONFIG:=CONFIG_OCF_UBSEC_SSB
+ FILES:=$(LINUX_DIR)/crypto/ocf/ubsec_ssb/ubsec_ssb.ko
+ AUTOLOAD:=$(call AutoLoad,10,ubsec_ssb)
+ $(call AddDepends/crypto)
+endef
+
+define KernelPackage/ocf-ubsec-ssb/description
+ This package contains the OCF driver for the BCM5365p IPSec Core
+endef
+
+$(eval $(call KernelPackage,ocf-ubsec-ssb))
include $(TOPDIR)/rules.mk
PKG_NAME:=ocf-crypto-headers
-PKG_VERSION:=20080917
+PKG_VERSION:=20110720
PKG_RELEASE:=1
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
/* $OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $ */
/*-
- * Linux port done by David McCullough <david_mccullough@securecomputing.com>
- * Copyright (C) 2006-2007 David McCullough
+ * Linux port done by David McCullough <david_mccullough@mcafee.com>
+ * Copyright (C) 2006-2010 David McCullough
* Copyright (C) 2004-2005 Intel Corporation.
* The license and original author are listed below.
*
#define CRYPTO_SHA2_384 23
#define CRYPTO_SHA2_512 24
#define CRYPTO_RIPEMD160 25
-#define CRYPTO_ALGORITHM_MAX 25 /* Keep updated - see below */
+#define CRYPTO_LZS_COMP 26
+#define CRYPTO_ALGORITHM_MAX 26 /* Keep updated - see above */
/* Algorithm flags */
#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
#define crd_key CRD_INI.cri_key
#define crd_alg CRD_INI.cri_alg
#define crd_klen CRD_INI.cri_klen
+#define crd_mlen CRD_INI.cri_mlen
struct cryptodesc *crd_next;
};
+++ /dev/null
-#
-# Copyright (C) 2008 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-PKG_NAME:=ubsec-ssb
-PKG_VERSION:=2009-02-21
-PKG_RELEASE:=1
-
-CRYPTO_MENU:=OCF Configuration
-
-include $(INCLUDE_DIR)/package.mk
-
-define KernelPackage/ocf-ubsec-ssb
- SUBMENU:=$(CRYPTO_MENU)
- DEPENDS:=@TARGET_brcm47xx +kmod-crypto-core +kmod-crypto-ocf
- TITLE:=BCM5365P IPSec Core driver
- FILES:=$(PKG_BUILD_DIR)/src/ubsec_ssb.ko
- AUTOLOAD:=$(call AutoLoad,09,ubsec_ssb)
-endef
-
-define KernelPackage/ocf-ubsec-ssb/description
- This package contains the OCF driver for the BCM5365p IPSec Core
-endef
-
-define Build/Prepare
- mkdir -p $(PKG_BUILD_DIR)
- $(CP) -r ./src $(PKG_BUILD_DIR)/
-endef
-
-LINUX_PATCHLEVEL:=$(shell echo "$(LINUX_VERSION)" | cut -d. -f2)
-
-define Build/Compile
- $(MAKE) -C $(LINUX_DIR) \
- ARCH="$(LINUX_KARCH)" \
- CROSS_COMPILE="$(TARGET_CROSS)" \
- PATCHLEVEL="$(LINUX_PATCHLEVEL)" \
- KERNDIR="$(LINUX_DIR)" \
- SUBDIRS="$(PKG_BUILD_DIR)/src" \
- modules
-endef
-
-$(eval $(call KernelPackage,ocf-ubsec-ssb))
+++ /dev/null
-#
-# Makefile for b5365ips driver
-#
-# Copyright (C) 2007 Daniel Mueller <daniel@danm.de>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version
-# 2 of the License, or (at your option) any later version.
-#
-
-obj-m := ubsec_ssb.o
-
-obj ?= .
-
-ifeq ($(MAKING_MODULES),1)
-
--include $(TOPDIR)/Rules.make
-endif
+++ /dev/null
-/* $OpenBSD: queue.h,v 1.32 2007/04/30 18:42:34 pedro Exp $ */
-/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */
-
-/*
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * @(#)queue.h 8.5 (Berkeley) 8/20/94
- */
-
-#ifndef _BSD_SYS_QUEUE_H_
-#define _BSD_SYS_QUEUE_H_
-
-/*
- * This file defines five types of data structures: singly-linked lists,
- * lists, simple queues, tail queues, and circular queues.
- *
- *
- * A singly-linked list is headed by a single forward pointer. The elements
- * are singly linked for minimum space and pointer manipulation overhead at
- * the expense of O(n) removal for arbitrary elements. New elements can be
- * added to the list after an existing element or at the head of the list.
- * Elements being removed from the head of the list should use the explicit
- * macro for this purpose for optimum efficiency. A singly-linked list may
- * only be traversed in the forward direction. Singly-linked lists are ideal
- * for applications with large datasets and few or no removals or for
- * implementing a LIFO queue.
- *
- * A list is headed by a single forward pointer (or an array of forward
- * pointers for a hash table header). The elements are doubly linked
- * so that an arbitrary element can be removed without a need to
- * traverse the list. New elements can be added to the list before
- * or after an existing element or at the head of the list. A list
- * may only be traversed in the forward direction.
- *
- * A simple queue is headed by a pair of pointers, one the head of the
- * list and the other to the tail of the list. The elements are singly
- * linked to save space, so elements can only be removed from the
- * head of the list. New elements can be added to the list before or after
- * an existing element, at the head of the list, or at the end of the
- * list. A simple queue may only be traversed in the forward direction.
- *
- * A tail queue is headed by a pair of pointers, one to the head of the
- * list and the other to the tail of the list. The elements are doubly
- * linked so that an arbitrary element can be removed without a need to
- * traverse the list. New elements can be added to the list before or
- * after an existing element, at the head of the list, or at the end of
- * the list. A tail queue may be traversed in either direction.
- *
- * A circle queue is headed by a pair of pointers, one to the head of the
- * list and the other to the tail of the list. The elements are doubly
- * linked so that an arbitrary element can be removed without a need to
- * traverse the list. New elements can be added to the list before or after
- * an existing element, at the head of the list, or at the end of the list.
- * A circle queue may be traversed in either direction, but has a more
- * complex end of list detection.
- *
- * For details on the use of these macros, see the queue(3) manual page.
- */
-
-#if defined(QUEUE_MACRO_DEBUG) || (defined(_KERNEL) && defined(DIAGNOSTIC))
-#define _Q_INVALIDATE(a) (a) = ((void *)-1)
-#else
-#define _Q_INVALIDATE(a)
-#endif
-
-/*
- * Singly-linked List definitions.
- */
-#define BSD_SLIST_HEAD(name, type) \
-struct name { \
- struct type *slh_first; /* first element */ \
-}
-
-#define BSD_SLIST_HEAD_INITIALIZER(head) \
- { NULL }
-
-#define BSD_SLIST_ENTRY(type) \
-struct { \
- struct type *sle_next; /* next element */ \
-}
-
-/*
- * Singly-linked List access methods.
- */
-#define BSD_SLIST_FIRST(head) ((head)->slh_first)
-#define BSD_SLIST_END(head) NULL
-#define BSD_SLIST_EMPTY(head) (BSD_SLIST_FIRST(head) == BSD_SLIST_END(head))
-#define BSD_SLIST_NEXT(elm, field) ((elm)->field.sle_next)
-
-#define BSD_SLIST_FOREACH(var, head, field) \
- for((var) = BSD_SLIST_FIRST(head); \
- (var) != BSD_SLIST_END(head); \
- (var) = BSD_SLIST_NEXT(var, field))
-
-#define BSD_SLIST_FOREACH_PREVPTR(var, varp, head, field) \
- for ((varp) = &BSD_SLIST_FIRST((head)); \
- ((var) = *(varp)) != BSD_SLIST_END(head); \
- (varp) = &BSD_SLIST_NEXT((var), field))
-
-/*
- * Singly-linked List functions.
- */
-#define BSD_SLIST_INIT(head) { \
- BSD_SLIST_FIRST(head) = BSD_SLIST_END(head); \
-}
-
-#define BSD_SLIST_INSERT_AFTER(slistelm, elm, field) do { \
- (elm)->field.sle_next = (slistelm)->field.sle_next; \
- (slistelm)->field.sle_next = (elm); \
-} while (0)
-
-#define BSD_SLIST_INSERT_HEAD(head, elm, field) do { \
- (elm)->field.sle_next = (head)->slh_first; \
- (head)->slh_first = (elm); \
-} while (0)
-
-#define BSD_SLIST_REMOVE_NEXT(head, elm, field) do { \
- (elm)->field.sle_next = (elm)->field.sle_next->field.sle_next; \
-} while (0)
-
-#define BSD_SLIST_REMOVE_HEAD(head, field) do { \
- (head)->slh_first = (head)->slh_first->field.sle_next; \
-} while (0)
-
-#define BSD_SLIST_REMOVE(head, elm, type, field) do { \
- if ((head)->slh_first == (elm)) { \
- BSD_SLIST_REMOVE_HEAD((head), field); \
- } else { \
- struct type *curelm = (head)->slh_first; \
- \
- while (curelm->field.sle_next != (elm)) \
- curelm = curelm->field.sle_next; \
- curelm->field.sle_next = \
- curelm->field.sle_next->field.sle_next; \
- _Q_INVALIDATE((elm)->field.sle_next); \
- } \
-} while (0)
-
-/*
- * List definitions.
- */
-#define BSD_LIST_HEAD(name, type) \
-struct name { \
- struct type *lh_first; /* first element */ \
-}
-
-#define BSD_LIST_HEAD_INITIALIZER(head) \
- { NULL }
-
-#define BSD_LIST_ENTRY(type) \
-struct { \
- struct type *le_next; /* next element */ \
- struct type **le_prev; /* address of previous next element */ \
-}
-
-/*
- * List access methods
- */
-#define BSD_LIST_FIRST(head) ((head)->lh_first)
-#define BSD_LIST_END(head) NULL
-#define BSD_LIST_EMPTY(head) (BSD_LIST_FIRST(head) == BSD_LIST_END(head))
-#define BSD_LIST_NEXT(elm, field) ((elm)->field.le_next)
-
-#define BSD_LIST_FOREACH(var, head, field) \
- for((var) = BSD_LIST_FIRST(head); \
- (var)!= BSD_LIST_END(head); \
- (var) = BSD_LIST_NEXT(var, field))
-
-/*
- * List functions.
- */
-#define BSD_LIST_INIT(head) do { \
- BSD_LIST_FIRST(head) = BSD_LIST_END(head); \
-} while (0)
-
-#define BSD_LIST_INSERT_AFTER(listelm, elm, field) do { \
- if (((elm)->field.le_next = (listelm)->field.le_next) != NULL) \
- (listelm)->field.le_next->field.le_prev = \
- &(elm)->field.le_next; \
- (listelm)->field.le_next = (elm); \
- (elm)->field.le_prev = &(listelm)->field.le_next; \
-} while (0)
-
-#define BSD_LIST_INSERT_BEFORE(listelm, elm, field) do { \
- (elm)->field.le_prev = (listelm)->field.le_prev; \
- (elm)->field.le_next = (listelm); \
- *(listelm)->field.le_prev = (elm); \
- (listelm)->field.le_prev = &(elm)->field.le_next; \
-} while (0)
-
-#define BSD_LIST_INSERT_HEAD(head, elm, field) do { \
- if (((elm)->field.le_next = (head)->lh_first) != NULL) \
- (head)->lh_first->field.le_prev = &(elm)->field.le_next;\
- (head)->lh_first = (elm); \
- (elm)->field.le_prev = &(head)->lh_first; \
-} while (0)
-
-#define BSD_LIST_REMOVE(elm, field) do { \
- if ((elm)->field.le_next != NULL) \
- (elm)->field.le_next->field.le_prev = \
- (elm)->field.le_prev; \
- *(elm)->field.le_prev = (elm)->field.le_next; \
- _Q_INVALIDATE((elm)->field.le_prev); \
- _Q_INVALIDATE((elm)->field.le_next); \
-} while (0)
-
-#define BSD_LIST_REPLACE(elm, elm2, field) do { \
- if (((elm2)->field.le_next = (elm)->field.le_next) != NULL) \
- (elm2)->field.le_next->field.le_prev = \
- &(elm2)->field.le_next; \
- (elm2)->field.le_prev = (elm)->field.le_prev; \
- *(elm2)->field.le_prev = (elm2); \
- _Q_INVALIDATE((elm)->field.le_prev); \
- _Q_INVALIDATE((elm)->field.le_next); \
-} while (0)
-
-/*
- * Simple queue definitions.
- */
-#define BSD_SIMPLEQ_HEAD(name, type) \
-struct name { \
- struct type *sqh_first; /* first element */ \
- struct type **sqh_last; /* addr of last next element */ \
-}
-
-#define BSD_SIMPLEQ_HEAD_INITIALIZER(head) \
- { NULL, &(head).sqh_first }
-
-#define BSD_SIMPLEQ_ENTRY(type) \
-struct { \
- struct type *sqe_next; /* next element */ \
-}
-
-/*
- * Simple queue access methods.
- */
-#define BSD_SIMPLEQ_FIRST(head) ((head)->sqh_first)
-#define BSD_SIMPLEQ_END(head) NULL
-#define BSD_SIMPLEQ_EMPTY(head) (BSD_SIMPLEQ_FIRST(head) == BSD_SIMPLEQ_END(head))
-#define BSD_SIMPLEQ_NEXT(elm, field) ((elm)->field.sqe_next)
-
-#define BSD_SIMPLEQ_FOREACH(var, head, field) \
- for((var) = BSD_SIMPLEQ_FIRST(head); \
- (var) != BSD_SIMPLEQ_END(head); \
- (var) = BSD_SIMPLEQ_NEXT(var, field))
-
-/*
- * Simple queue functions.
- */
-#define BSD_SIMPLEQ_INIT(head) do { \
- (head)->sqh_first = NULL; \
- (head)->sqh_last = &(head)->sqh_first; \
-} while (0)
-
-#define BSD_SIMPLEQ_INSERT_HEAD(head, elm, field) do { \
- if (((elm)->field.sqe_next = (head)->sqh_first) == NULL) \
- (head)->sqh_last = &(elm)->field.sqe_next; \
- (head)->sqh_first = (elm); \
-} while (0)
-
-#define BSD_SIMPLEQ_INSERT_TAIL(head, elm, field) do { \
- (elm)->field.sqe_next = NULL; \
- *(head)->sqh_last = (elm); \
- (head)->sqh_last = &(elm)->field.sqe_next; \
-} while (0)
-
-#define BSD_SIMPLEQ_INSERT_AFTER(head, listelm, elm, field) do { \
- if (((elm)->field.sqe_next = (listelm)->field.sqe_next) == NULL)\
- (head)->sqh_last = &(elm)->field.sqe_next; \
- (listelm)->field.sqe_next = (elm); \
-} while (0)
-
-#define BSD_SIMPLEQ_REMOVE_HEAD(head, field) do { \
- if (((head)->sqh_first = (head)->sqh_first->field.sqe_next) == NULL) \
- (head)->sqh_last = &(head)->sqh_first; \
-} while (0)
-
-/*
- * Tail queue definitions.
- */
-#define BSD_TAILQ_HEAD(name, type) \
-struct name { \
- struct type *tqh_first; /* first element */ \
- struct type **tqh_last; /* addr of last next element */ \
-}
-
-#define BSD_TAILQ_HEAD_INITIALIZER(head) \
- { NULL, &(head).tqh_first }
-
-#define BSD_TAILQ_ENTRY(type) \
-struct { \
- struct type *tqe_next; /* next element */ \
- struct type **tqe_prev; /* address of previous next element */ \
-}
-
-/*
- * tail queue access methods
- */
-#define BSD_TAILQ_FIRST(head) ((head)->tqh_first)
-#define BSD_TAILQ_END(head) NULL
-#define BSD_TAILQ_NEXT(elm, field) ((elm)->field.tqe_next)
-#define BSD_TAILQ_LAST(head, headname) \
- (*(((struct headname *)((head)->tqh_last))->tqh_last))
-/* XXX */
-#define BSD_TAILQ_PREV(elm, headname, field) \
- (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last))
-#define BSD_TAILQ_EMPTY(head) \
- (BSD_TAILQ_FIRST(head) == BSD_TAILQ_END(head))
-
-#define BSD_TAILQ_FOREACH(var, head, field) \
- for((var) = BSD_TAILQ_FIRST(head); \
- (var) != BSD_TAILQ_END(head); \
- (var) = BSD_TAILQ_NEXT(var, field))
-
-#define BSD_TAILQ_FOREACH_REVERSE(var, head, headname, field) \
- for((var) = BSD_TAILQ_LAST(head, headname); \
- (var) != BSD_TAILQ_END(head); \
- (var) = BSD_TAILQ_PREV(var, headname, field))
-
-/*
- * Tail queue functions.
- */
-#define BSD_TAILQ_INIT(head) do { \
- (head)->tqh_first = NULL; \
- (head)->tqh_last = &(head)->tqh_first; \
-} while (0)
-
-#define BSD_TAILQ_INSERT_HEAD(head, elm, field) do { \
- if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \
- (head)->tqh_first->field.tqe_prev = \
- &(elm)->field.tqe_next; \
- else \
- (head)->tqh_last = &(elm)->field.tqe_next; \
- (head)->tqh_first = (elm); \
- (elm)->field.tqe_prev = &(head)->tqh_first; \
-} while (0)
-
-#define BSD_TAILQ_INSERT_TAIL(head, elm, field) do { \
- (elm)->field.tqe_next = NULL; \
- (elm)->field.tqe_prev = (head)->tqh_last; \
- *(head)->tqh_last = (elm); \
- (head)->tqh_last = &(elm)->field.tqe_next; \
-} while (0)
-
-#define BSD_TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \
- if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\
- (elm)->field.tqe_next->field.tqe_prev = \
- &(elm)->field.tqe_next; \
- else \
- (head)->tqh_last = &(elm)->field.tqe_next; \
- (listelm)->field.tqe_next = (elm); \
- (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \
-} while (0)
-
-#define BSD_TAILQ_INSERT_BEFORE(listelm, elm, field) do { \
- (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \
- (elm)->field.tqe_next = (listelm); \
- *(listelm)->field.tqe_prev = (elm); \
- (listelm)->field.tqe_prev = &(elm)->field.tqe_next; \
-} while (0)
-
-#define BSD_TAILQ_REMOVE(head, elm, field) do { \
- if (((elm)->field.tqe_next) != NULL) \
- (elm)->field.tqe_next->field.tqe_prev = \
- (elm)->field.tqe_prev; \
- else \
- (head)->tqh_last = (elm)->field.tqe_prev; \
- *(elm)->field.tqe_prev = (elm)->field.tqe_next; \
- _Q_INVALIDATE((elm)->field.tqe_prev); \
- _Q_INVALIDATE((elm)->field.tqe_next); \
-} while (0)
-
-#define BSD_TAILQ_REPLACE(head, elm, elm2, field) do { \
- if (((elm2)->field.tqe_next = (elm)->field.tqe_next) != NULL) \
- (elm2)->field.tqe_next->field.tqe_prev = \
- &(elm2)->field.tqe_next; \
- else \
- (head)->tqh_last = &(elm2)->field.tqe_next; \
- (elm2)->field.tqe_prev = (elm)->field.tqe_prev; \
- *(elm2)->field.tqe_prev = (elm2); \
- _Q_INVALIDATE((elm)->field.tqe_prev); \
- _Q_INVALIDATE((elm)->field.tqe_next); \
-} while (0)
-
-/*
- * Circular queue definitions.
- */
-#define BSD_CIRCLEQ_HEAD(name, type) \
-struct name { \
- struct type *cqh_first; /* first element */ \
- struct type *cqh_last; /* last element */ \
-}
-
-#define BSD_CIRCLEQ_HEAD_INITIALIZER(head) \
- { BSD_CIRCLEQ_END(&head), BSD_CIRCLEQ_END(&head) }
-
-#define BSD_CIRCLEQ_ENTRY(type) \
-struct { \
- struct type *cqe_next; /* next element */ \
- struct type *cqe_prev; /* previous element */ \
-}
-
-/*
- * Circular queue access methods
- */
-#define BSD_CIRCLEQ_FIRST(head) ((head)->cqh_first)
-#define BSD_CIRCLEQ_LAST(head) ((head)->cqh_last)
-#define BSD_CIRCLEQ_END(head) ((void *)(head))
-#define BSD_CIRCLEQ_NEXT(elm, field) ((elm)->field.cqe_next)
-#define BSD_CIRCLEQ_PREV(elm, field) ((elm)->field.cqe_prev)
-#define BSD_CIRCLEQ_EMPTY(head) \
- (BSD_CIRCLEQ_FIRST(head) == BSD_CIRCLEQ_END(head))
-
-#define BSD_CIRCLEQ_FOREACH(var, head, field) \
- for((var) = BSD_CIRCLEQ_FIRST(head); \
- (var) != BSD_CIRCLEQ_END(head); \
- (var) = BSD_CIRCLEQ_NEXT(var, field))
-
-#define BSD_CIRCLEQ_FOREACH_REVERSE(var, head, field) \
- for((var) = BSD_CIRCLEQ_LAST(head); \
- (var) != BSD_CIRCLEQ_END(head); \
- (var) = BSD_CIRCLEQ_PREV(var, field))
-
-/*
- * Circular queue functions.
- */
-#define BSD_CIRCLEQ_INIT(head) do { \
- (head)->cqh_first = BSD_CIRCLEQ_END(head); \
- (head)->cqh_last = BSD_CIRCLEQ_END(head); \
-} while (0)
-
-#define BSD_CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do { \
- (elm)->field.cqe_next = (listelm)->field.cqe_next; \
- (elm)->field.cqe_prev = (listelm); \
- if ((listelm)->field.cqe_next == BSD_CIRCLEQ_END(head)) \
- (head)->cqh_last = (elm); \
- else \
- (listelm)->field.cqe_next->field.cqe_prev = (elm); \
- (listelm)->field.cqe_next = (elm); \
-} while (0)
-
-#define BSD_CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) do { \
- (elm)->field.cqe_next = (listelm); \
- (elm)->field.cqe_prev = (listelm)->field.cqe_prev; \
- if ((listelm)->field.cqe_prev == BSD_CIRCLEQ_END(head)) \
- (head)->cqh_first = (elm); \
- else \
- (listelm)->field.cqe_prev->field.cqe_next = (elm); \
- (listelm)->field.cqe_prev = (elm); \
-} while (0)
-
-#define BSD_CIRCLEQ_INSERT_HEAD(head, elm, field) do { \
- (elm)->field.cqe_next = (head)->cqh_first; \
- (elm)->field.cqe_prev = BSD_CIRCLEQ_END(head); \
- if ((head)->cqh_last == BSD_CIRCLEQ_END(head)) \
- (head)->cqh_last = (elm); \
- else \
- (head)->cqh_first->field.cqe_prev = (elm); \
- (head)->cqh_first = (elm); \
-} while (0)
-
-#define BSD_CIRCLEQ_INSERT_TAIL(head, elm, field) do { \
- (elm)->field.cqe_next = BSD_CIRCLEQ_END(head); \
- (elm)->field.cqe_prev = (head)->cqh_last; \
- if ((head)->cqh_first == BSD_CIRCLEQ_END(head)) \
- (head)->cqh_first = (elm); \
- else \
- (head)->cqh_last->field.cqe_next = (elm); \
- (head)->cqh_last = (elm); \
-} while (0)
-
-#define BSD_CIRCLEQ_REMOVE(head, elm, field) do { \
- if ((elm)->field.cqe_next == BSD_CIRCLEQ_END(head)) \
- (head)->cqh_last = (elm)->field.cqe_prev; \
- else \
- (elm)->field.cqe_next->field.cqe_prev = \
- (elm)->field.cqe_prev; \
- if ((elm)->field.cqe_prev == BSD_CIRCLEQ_END(head)) \
- (head)->cqh_first = (elm)->field.cqe_next; \
- else \
- (elm)->field.cqe_prev->field.cqe_next = \
- (elm)->field.cqe_next; \
- _Q_INVALIDATE((elm)->field.cqe_prev); \
- _Q_INVALIDATE((elm)->field.cqe_next); \
-} while (0)
-
-#define BSD_CIRCLEQ_REPLACE(head, elm, elm2, field) do { \
- if (((elm2)->field.cqe_next = (elm)->field.cqe_next) == \
- BSD_CIRCLEQ_END(head)) \
- (head).cqh_last = (elm2); \
- else \
- (elm2)->field.cqe_next->field.cqe_prev = (elm2); \
- if (((elm2)->field.cqe_prev = (elm)->field.cqe_prev) == \
- BSD_CIRCLEQ_END(head)) \
- (head).cqh_first = (elm2); \
- else \
- (elm2)->field.cqe_prev->field.cqe_next = (elm2); \
- _Q_INVALIDATE((elm)->field.cqe_prev); \
- _Q_INVALIDATE((elm)->field.cqe_next); \
-} while (0)
-
-#endif /* !_BSD_SYS_QUEUE_H_ */
+++ /dev/null
-/* $FreeBSD: src/sys/opencrypto/cryptodev.h,v 1.25 2007/05/09 19:37:02 gnn Exp $ */
-/* $OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $ */
-
-/*-
- * Linux port done by David McCullough <david_mccullough@securecomputing.com>
- * Copyright (C) 2006-2007 David McCullough
- * Copyright (C) 2004-2005 Intel Corporation.
- * The license and original author are listed below.
- *
- * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
- * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting
- *
- * This code was written by Angelos D. Keromytis in Athens, Greece, in
- * February 2000. Network Security Technologies Inc. (NSTI) kindly
- * supported the development of this code.
- *
- * Copyright (c) 2000 Angelos D. Keromytis
- *
- * Permission to use, copy, and modify this software with or without fee
- * is hereby granted, provided that this entire notice is included in
- * all source code copies of any software which is or includes a copy or
- * modification of this software.
- *
- * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
- * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
- * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Copyright (c) 2001 Theo de Raadt
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * Effort sponsored in part by the Defense Advanced Research Projects
- * Agency (DARPA) and Air Force Research Laboratory, Air Force
- * Materiel Command, USAF, under agreement number F30602-01-2-0537.
- *
- */
-
-#ifndef _CRYPTO_CRYPTO_H_
-#define _CRYPTO_CRYPTO_H_
-
-/* Some initial values */
-#define CRYPTO_DRIVERS_INITIAL 4
-#define CRYPTO_SW_SESSIONS 32
-
-/* Hash values */
-#define NULL_HASH_LEN 0
-#define MD5_HASH_LEN 16
-#define SHA1_HASH_LEN 20
-#define RIPEMD160_HASH_LEN 20
-#define SHA2_256_HASH_LEN 32
-#define SHA2_384_HASH_LEN 48
-#define SHA2_512_HASH_LEN 64
-#define MD5_KPDK_HASH_LEN 16
-#define SHA1_KPDK_HASH_LEN 20
-/* Maximum hash algorithm result length */
-#define HASH_MAX_LEN SHA2_512_HASH_LEN /* Keep this updated */
-
-/* HMAC values */
-#define NULL_HMAC_BLOCK_LEN 1
-#define MD5_HMAC_BLOCK_LEN 64
-#define SHA1_HMAC_BLOCK_LEN 64
-#define RIPEMD160_HMAC_BLOCK_LEN 64
-#define SHA2_256_HMAC_BLOCK_LEN 64
-#define SHA2_384_HMAC_BLOCK_LEN 128
-#define SHA2_512_HMAC_BLOCK_LEN 128
-/* Maximum HMAC block length */
-#define HMAC_MAX_BLOCK_LEN SHA2_512_HMAC_BLOCK_LEN /* Keep this updated */
-#define HMAC_IPAD_VAL 0x36
-#define HMAC_OPAD_VAL 0x5C
-
-/* Encryption algorithm block sizes */
-#define NULL_BLOCK_LEN 1
-#define DES_BLOCK_LEN 8
-#define DES3_BLOCK_LEN 8
-#define BLOWFISH_BLOCK_LEN 8
-#define SKIPJACK_BLOCK_LEN 8
-#define CAST128_BLOCK_LEN 8
-#define RIJNDAEL128_BLOCK_LEN 16
-#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN
-#define CAMELLIA_BLOCK_LEN 16
-#define ARC4_BLOCK_LEN 1
-#define EALG_MAX_BLOCK_LEN AES_BLOCK_LEN /* Keep this updated */
-
-/* Encryption algorithm min and max key sizes */
-#define NULL_MIN_KEY_LEN 0
-#define NULL_MAX_KEY_LEN 0
-#define DES_MIN_KEY_LEN 8
-#define DES_MAX_KEY_LEN 8
-#define DES3_MIN_KEY_LEN 24
-#define DES3_MAX_KEY_LEN 24
-#define BLOWFISH_MIN_KEY_LEN 4
-#define BLOWFISH_MAX_KEY_LEN 56
-#define SKIPJACK_MIN_KEY_LEN 10
-#define SKIPJACK_MAX_KEY_LEN 10
-#define CAST128_MIN_KEY_LEN 5
-#define CAST128_MAX_KEY_LEN 16
-#define RIJNDAEL128_MIN_KEY_LEN 16
-#define RIJNDAEL128_MAX_KEY_LEN 32
-#define AES_MIN_KEY_LEN RIJNDAEL128_MIN_KEY_LEN
-#define AES_MAX_KEY_LEN RIJNDAEL128_MAX_KEY_LEN
-#define CAMELLIA_MIN_KEY_LEN 16
-#define CAMELLIA_MAX_KEY_LEN 32
-#define ARC4_MIN_KEY_LEN 1
-#define ARC4_MAX_KEY_LEN 256
-
-/* Max size of data that can be processed */
-#define CRYPTO_MAX_DATA_LEN 64*1024 - 1
-
-#define CRYPTO_ALGORITHM_MIN 1
-#define CRYPTO_DES_CBC 1
-#define CRYPTO_3DES_CBC 2
-#define CRYPTO_BLF_CBC 3
-#define CRYPTO_CAST_CBC 4
-#define CRYPTO_SKIPJACK_CBC 5
-#define CRYPTO_MD5_HMAC 6
-#define CRYPTO_SHA1_HMAC 7
-#define CRYPTO_RIPEMD160_HMAC 8
-#define CRYPTO_MD5_KPDK 9
-#define CRYPTO_SHA1_KPDK 10
-#define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */
-#define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */
-#define CRYPTO_ARC4 12
-#define CRYPTO_MD5 13
-#define CRYPTO_SHA1 14
-#define CRYPTO_NULL_HMAC 15
-#define CRYPTO_NULL_CBC 16
-#define CRYPTO_DEFLATE_COMP 17 /* Deflate compression algorithm */
-#define CRYPTO_SHA2_256_HMAC 18
-#define CRYPTO_SHA2_384_HMAC 19
-#define CRYPTO_SHA2_512_HMAC 20
-#define CRYPTO_CAMELLIA_CBC 21
-#define CRYPTO_SHA2_256 22
-#define CRYPTO_SHA2_384 23
-#define CRYPTO_SHA2_512 24
-#define CRYPTO_RIPEMD160 25
-#define CRYPTO_ALGORITHM_MAX 25 /* Keep updated - see below */
-
-/* Algorithm flags */
-#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
-#define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */
-#define CRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */
-
-/*
- * Crypto driver/device flags. They can set in the crid
- * parameter when creating a session or submitting a key
- * op to affect the device/driver assigned. If neither
- * of these are specified then the crid is assumed to hold
- * the driver id of an existing (and suitable) device that
- * must be used to satisfy the request.
- */
-#define CRYPTO_FLAG_HARDWARE 0x01000000 /* hardware accelerated */
-#define CRYPTO_FLAG_SOFTWARE 0x02000000 /* software implementation */
-
-/* NB: deprecated */
-struct session_op {
- u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
- u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
-
- u_int32_t keylen; /* cipher key */
- caddr_t key;
- int mackeylen; /* mac key */
- caddr_t mackey;
-
- u_int32_t ses; /* returns: session # */
-};
-
-struct session2_op {
- u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
- u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
-
- u_int32_t keylen; /* cipher key */
- caddr_t key;
- int mackeylen; /* mac key */
- caddr_t mackey;
-
- u_int32_t ses; /* returns: session # */
- int crid; /* driver id + flags (rw) */
- int pad[4]; /* for future expansion */
-};
-
-struct crypt_op {
- u_int32_t ses;
- u_int16_t op; /* i.e. COP_ENCRYPT */
-#define COP_NONE 0
-#define COP_ENCRYPT 1
-#define COP_DECRYPT 2
- u_int16_t flags;
-#define COP_F_BATCH 0x0008 /* Batch op if possible */
- u_int len;
- caddr_t src, dst; /* become iov[] inside kernel */
- caddr_t mac; /* must be big enough for chosen MAC */
- caddr_t iv;
-};
-
-/*
- * Parameters for looking up a crypto driver/device by
- * device name or by id. The latter are returned for
- * created sessions (crid) and completed key operations.
- */
-struct crypt_find_op {
- int crid; /* driver id + flags */
- char name[32]; /* device/driver name */
-};
-
-/* bignum parameter, in packed bytes, ... */
-struct crparam {
- caddr_t crp_p;
- u_int crp_nbits;
-};
-
-#define CRK_MAXPARAM 8
-
-struct crypt_kop {
- u_int crk_op; /* ie. CRK_MOD_EXP or other */
- u_int crk_status; /* return status */
- u_short crk_iparams; /* # of input parameters */
- u_short crk_oparams; /* # of output parameters */
- u_int crk_crid; /* NB: only used by CIOCKEY2 (rw) */
- struct crparam crk_param[CRK_MAXPARAM];
-};
-#define CRK_ALGORITM_MIN 0
-#define CRK_MOD_EXP 0
-#define CRK_MOD_EXP_CRT 1
-#define CRK_DSA_SIGN 2
-#define CRK_DSA_VERIFY 3
-#define CRK_DH_COMPUTE_KEY 4
-#define CRK_ALGORITHM_MAX 4 /* Keep updated - see below */
-
-#define CRF_MOD_EXP (1 << CRK_MOD_EXP)
-#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT)
-#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
-#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
-#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
-
-/*
- * done against open of /dev/crypto, to get a cloned descriptor.
- * Please use F_SETFD against the cloned descriptor.
- */
-#define CRIOGET _IOWR('c', 100, u_int32_t)
-#define CRIOASYMFEAT CIOCASYMFEAT
-#define CRIOFINDDEV CIOCFINDDEV
-
-/* the following are done against the cloned descriptor */
-#define CIOCGSESSION _IOWR('c', 101, struct session_op)
-#define CIOCFSESSION _IOW('c', 102, u_int32_t)
-#define CIOCCRYPT _IOWR('c', 103, struct crypt_op)
-#define CIOCKEY _IOWR('c', 104, struct crypt_kop)
-#define CIOCASYMFEAT _IOR('c', 105, u_int32_t)
-#define CIOCGSESSION2 _IOWR('c', 106, struct session2_op)
-#define CIOCKEY2 _IOWR('c', 107, struct crypt_kop)
-#define CIOCFINDDEV _IOWR('c', 108, struct crypt_find_op)
-
-struct cryptotstat {
- struct timespec acc; /* total accumulated time */
- struct timespec min; /* min time */
- struct timespec max; /* max time */
- u_int32_t count; /* number of observations */
-};
-
-struct cryptostats {
- u_int32_t cs_ops; /* symmetric crypto ops submitted */
- u_int32_t cs_errs; /* symmetric crypto ops that failed */
- u_int32_t cs_kops; /* asymetric/key ops submitted */
- u_int32_t cs_kerrs; /* asymetric/key ops that failed */
- u_int32_t cs_intrs; /* crypto swi thread activations */
- u_int32_t cs_rets; /* crypto return thread activations */
- u_int32_t cs_blocks; /* symmetric op driver block */
- u_int32_t cs_kblocks; /* symmetric op driver block */
- /*
- * When CRYPTO_TIMING is defined at compile time and the
- * sysctl debug.crypto is set to 1, the crypto system will
- * accumulate statistics about how long it takes to process
- * crypto requests at various points during processing.
- */
- struct cryptotstat cs_invoke; /* crypto_dipsatch -> crypto_invoke */
- struct cryptotstat cs_done; /* crypto_invoke -> crypto_done */
- struct cryptotstat cs_cb; /* crypto_done -> callback */
- struct cryptotstat cs_finis; /* callback -> callback return */
-
- u_int32_t cs_drops; /* crypto ops dropped due to congestion */
-};
-
-#ifdef __KERNEL__
-
-/* Standard initialization structure beginning */
-struct cryptoini {
- int cri_alg; /* Algorithm to use */
- int cri_klen; /* Key length, in bits */
- int cri_mlen; /* Number of bytes we want from the
- entire hash. 0 means all. */
- caddr_t cri_key; /* key to use */
- u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */
- struct cryptoini *cri_next;
-};
-
-/* Describe boundaries of a single crypto operation */
-struct cryptodesc {
- int crd_skip; /* How many bytes to ignore from start */
- int crd_len; /* How many bytes to process */
- int crd_inject; /* Where to inject results, if applicable */
- int crd_flags;
-
-#define CRD_F_ENCRYPT 0x01 /* Set when doing encryption */
-#define CRD_F_IV_PRESENT 0x02 /* When encrypting, IV is already in
- place, so don't copy. */
-#define CRD_F_IV_EXPLICIT 0x04 /* IV explicitly provided */
-#define CRD_F_DSA_SHA_NEEDED 0x08 /* Compute SHA-1 of buffer for DSA */
-#define CRD_F_KEY_EXPLICIT 0x10 /* Key explicitly provided */
-#define CRD_F_COMP 0x0f /* Set when doing compression */
-
- struct cryptoini CRD_INI; /* Initialization/context data */
-#define crd_iv CRD_INI.cri_iv
-#define crd_key CRD_INI.cri_key
-#define crd_alg CRD_INI.cri_alg
-#define crd_klen CRD_INI.cri_klen
-
- struct cryptodesc *crd_next;
-};
-
-/* Structure describing complete operation */
-struct cryptop {
- struct list_head crp_next;
- wait_queue_head_t crp_waitq;
-
- u_int64_t crp_sid; /* Session ID */
- int crp_ilen; /* Input data total length */
- int crp_olen; /* Result total length */
-
- int crp_etype; /*
- * Error type (zero means no error).
- * All error codes except EAGAIN
- * indicate possible data corruption (as in,
- * the data have been touched). On all
- * errors, the crp_sid may have changed
- * (reset to a new one), so the caller
- * should always check and use the new
- * value on future requests.
- */
- int crp_flags;
-
-#define CRYPTO_F_SKBUF 0x0001 /* Input/output are skbuf chains */
-#define CRYPTO_F_IOV 0x0002 /* Input/output are uio */
-#define CRYPTO_F_REL 0x0004 /* Must return data in same place */
-#define CRYPTO_F_BATCH 0x0008 /* Batch op if possible */
-#define CRYPTO_F_CBIMM 0x0010 /* Do callback immediately */
-#define CRYPTO_F_DONE 0x0020 /* Operation completed */
-#define CRYPTO_F_CBIFSYNC 0x0040 /* Do CBIMM if op is synchronous */
-
- caddr_t crp_buf; /* Data to be processed */
- caddr_t crp_opaque; /* Opaque pointer, passed along */
- struct cryptodesc *crp_desc; /* Linked list of processing descriptors */
-
- int (*crp_callback)(struct cryptop *); /* Callback function */
-};
-
-#define CRYPTO_BUF_CONTIG 0x0
-#define CRYPTO_BUF_IOV 0x1
-#define CRYPTO_BUF_SKBUF 0x2
-
-#define CRYPTO_OP_DECRYPT 0x0
-#define CRYPTO_OP_ENCRYPT 0x1
-
-/*
- * Hints passed to process methods.
- */
-#define CRYPTO_HINT_MORE 0x1 /* more ops coming shortly */
-
-struct cryptkop {
- struct list_head krp_next;
- wait_queue_head_t krp_waitq;
-
- int krp_flags;
-#define CRYPTO_KF_DONE 0x0001 /* Operation completed */
-#define CRYPTO_KF_CBIMM 0x0002 /* Do callback immediately */
-
- u_int krp_op; /* ie. CRK_MOD_EXP or other */
- u_int krp_status; /* return status */
- u_short krp_iparams; /* # of input parameters */
- u_short krp_oparams; /* # of output parameters */
- u_int krp_crid; /* desired device, etc. */
- u_int32_t krp_hid;
- struct crparam krp_param[CRK_MAXPARAM]; /* kvm */
- int (*krp_callback)(struct cryptkop *);
-};
-
-#include "ocf-compat.h"
-
-/*
- * Session ids are 64 bits. The lower 32 bits contain a "local id" which
- * is a driver-private session identifier. The upper 32 bits contain a
- * "hardware id" used by the core crypto code to identify the driver and
- * a copy of the driver's capabilities that can be used by client code to
- * optimize operation.
- */
-#define CRYPTO_SESID2HID(_sid) (((_sid) >> 32) & 0x00ffffff)
-#define CRYPTO_SESID2CAPS(_sid) (((_sid) >> 32) & 0xff000000)
-#define CRYPTO_SESID2LID(_sid) (((u_int32_t) (_sid)) & 0xffffffff)
-
-extern int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard);
-extern int crypto_freesession(u_int64_t sid);
-#define CRYPTOCAP_F_HARDWARE CRYPTO_FLAG_HARDWARE
-#define CRYPTOCAP_F_SOFTWARE CRYPTO_FLAG_SOFTWARE
-#define CRYPTOCAP_F_SYNC 0x04000000 /* operates synchronously */
-extern int32_t crypto_get_driverid(device_t dev, int flags);
-extern int crypto_find_driver(const char *);
-extern device_t crypto_find_device_byhid(int hid);
-extern int crypto_getcaps(int hid);
-extern int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen,
- u_int32_t flags);
-extern int crypto_kregister(u_int32_t, int, u_int32_t);
-extern int crypto_unregister(u_int32_t driverid, int alg);
-extern int crypto_unregister_all(u_int32_t driverid);
-extern int crypto_dispatch(struct cryptop *crp);
-extern int crypto_kdispatch(struct cryptkop *);
-#define CRYPTO_SYMQ 0x1
-#define CRYPTO_ASYMQ 0x2
-extern int crypto_unblock(u_int32_t, int);
-extern void crypto_done(struct cryptop *crp);
-extern void crypto_kdone(struct cryptkop *);
-extern int crypto_getfeat(int *);
-
-extern void crypto_freereq(struct cryptop *crp);
-extern struct cryptop *crypto_getreq(int num);
-
-extern int crypto_usercrypto; /* userland may do crypto requests */
-extern int crypto_userasymcrypto; /* userland may do asym crypto reqs */
-extern int crypto_devallowsoft; /* only use hardware crypto */
-
-/*
- * random number support, crypto_unregister_all will unregister
- */
-extern int crypto_rregister(u_int32_t driverid,
- int (*read_random)(void *arg, u_int32_t *buf, int len), void *arg);
-extern int crypto_runregister_all(u_int32_t driverid);
-
-/*
- * Crypto-related utility routines used mainly by drivers.
- *
- * XXX these don't really belong here; but for now they're
- * kept apart from the rest of the system.
- */
-struct uio;
-extern void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp);
-extern void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp);
-extern struct iovec *cuio_getptr(struct uio *uio, int loc, int *off);
-
-extern void crypto_copyback(int flags, caddr_t buf, int off, int size,
- caddr_t in);
-extern void crypto_copydata(int flags, caddr_t buf, int off, int size,
- caddr_t out);
-extern int crypto_apply(int flags, caddr_t buf, int off, int len,
- int (*f)(void *, void *, u_int), void *arg);
-
-#endif /* __KERNEL__ */
-#endif /* _CRYPTO_CRYPTO_H_ */
+++ /dev/null
-/*
- * until we find a cleaner way, include the BSD md5/sha1 code
- * here
- */
-#define HMAC_HACK 1
-#ifdef HMAC_HACK
-#define LITTLE_ENDIAN 1234
-#define BIG_ENDIAN 4321
-#ifdef __LITTLE_ENDIAN
-#define BYTE_ORDER LITTLE_ENDIAN
-#endif
-#ifdef __BIG_ENDIAN
-#define BYTE_ORDER BIG_ENDIAN
-#endif
-
-u_int8_t hmac_ipad_buffer[64] = {
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
-};
-
-u_int8_t hmac_opad_buffer[64] = {
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C
-};
-#endif /* HMAC_HACK */
-
+++ /dev/null
-/* $KAME: md5.c,v 1.5 2000/11/08 06:13:08 itojun Exp $ */
-/*
- * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#if 0
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/crypto/md5.c,v 1.9 2004/01/27 19:49:19 des Exp $");
-
-#include <sys/types.h>
-#include <sys/cdefs.h>
-#include <sys/time.h>
-#include <sys/systm.h>
-#include <crypto/md5.h>
-#endif
-
-#define SHIFT(X, s) (((X) << (s)) | ((X) >> (32 - (s))))
-
-#define F(X, Y, Z) (((X) & (Y)) | ((~X) & (Z)))
-#define G(X, Y, Z) (((X) & (Z)) | ((Y) & (~Z)))
-#define H(X, Y, Z) ((X) ^ (Y) ^ (Z))
-#define I(X, Y, Z) ((Y) ^ ((X) | (~Z)))
-
-#define ROUND1(a, b, c, d, k, s, i) { \
- (a) = (a) + F((b), (c), (d)) + X[(k)] + T[(i)]; \
- (a) = SHIFT((a), (s)); \
- (a) = (b) + (a); \
-}
-
-#define ROUND2(a, b, c, d, k, s, i) { \
- (a) = (a) + G((b), (c), (d)) + X[(k)] + T[(i)]; \
- (a) = SHIFT((a), (s)); \
- (a) = (b) + (a); \
-}
-
-#define ROUND3(a, b, c, d, k, s, i) { \
- (a) = (a) + H((b), (c), (d)) + X[(k)] + T[(i)]; \
- (a) = SHIFT((a), (s)); \
- (a) = (b) + (a); \
-}
-
-#define ROUND4(a, b, c, d, k, s, i) { \
- (a) = (a) + I((b), (c), (d)) + X[(k)] + T[(i)]; \
- (a) = SHIFT((a), (s)); \
- (a) = (b) + (a); \
-}
-
-#define Sa 7
-#define Sb 12
-#define Sc 17
-#define Sd 22
-
-#define Se 5
-#define Sf 9
-#define Sg 14
-#define Sh 20
-
-#define Si 4
-#define Sj 11
-#define Sk 16
-#define Sl 23
-
-#define Sm 6
-#define Sn 10
-#define So 15
-#define Sp 21
-
-#define MD5_A0 0x67452301
-#define MD5_B0 0xefcdab89
-#define MD5_C0 0x98badcfe
-#define MD5_D0 0x10325476
-
-/* Integer part of 4294967296 times abs(sin(i)), where i is in radians. */
-static const u_int32_t T[65] = {
- 0,
- 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
- 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
- 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
- 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
-
- 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
- 0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8,
- 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
- 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
-
- 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
- 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
- 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05,
- 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
-
- 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
- 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
- 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
- 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391,
-};
-
-static const u_int8_t md5_paddat[MD5_BUFLEN] = {
- 0x80, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
-};
-
-static void md5_calc(u_int8_t *, md5_ctxt *);
-
-void md5_init(ctxt)
- md5_ctxt *ctxt;
-{
- ctxt->md5_n = 0;
- ctxt->md5_i = 0;
- ctxt->md5_sta = MD5_A0;
- ctxt->md5_stb = MD5_B0;
- ctxt->md5_stc = MD5_C0;
- ctxt->md5_std = MD5_D0;
- bzero(ctxt->md5_buf, sizeof(ctxt->md5_buf));
-}
-
-void md5_loop(ctxt, input, len)
- md5_ctxt *ctxt;
- u_int8_t *input;
- u_int len; /* number of bytes */
-{
- u_int gap, i;
-
- ctxt->md5_n += len * 8; /* byte to bit */
- gap = MD5_BUFLEN - ctxt->md5_i;
-
- if (len >= gap) {
- bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i),
- gap);
- md5_calc(ctxt->md5_buf, ctxt);
-
- for (i = gap; i + MD5_BUFLEN <= len; i += MD5_BUFLEN) {
- md5_calc((u_int8_t *)(input + i), ctxt);
- }
-
- ctxt->md5_i = len - i;
- bcopy((void *)(input + i), (void *)ctxt->md5_buf, ctxt->md5_i);
- } else {
- bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i),
- len);
- ctxt->md5_i += len;
- }
-}
-
-void md5_pad(ctxt)
- md5_ctxt *ctxt;
-{
- u_int gap;
-
- /* Don't count up padding. Keep md5_n. */
- gap = MD5_BUFLEN - ctxt->md5_i;
- if (gap > 8) {
- bcopy(md5_paddat,
- (void *)(ctxt->md5_buf + ctxt->md5_i),
- gap - sizeof(ctxt->md5_n));
- } else {
- /* including gap == 8 */
- bcopy(md5_paddat, (void *)(ctxt->md5_buf + ctxt->md5_i),
- gap);
- md5_calc(ctxt->md5_buf, ctxt);
- bcopy((md5_paddat + gap),
- (void *)ctxt->md5_buf,
- MD5_BUFLEN - sizeof(ctxt->md5_n));
- }
-
- /* 8 byte word */
-#if BYTE_ORDER == LITTLE_ENDIAN
- bcopy(&ctxt->md5_n8[0], &ctxt->md5_buf[56], 8);
-#endif
-#if BYTE_ORDER == BIG_ENDIAN
- ctxt->md5_buf[56] = ctxt->md5_n8[7];
- ctxt->md5_buf[57] = ctxt->md5_n8[6];
- ctxt->md5_buf[58] = ctxt->md5_n8[5];
- ctxt->md5_buf[59] = ctxt->md5_n8[4];
- ctxt->md5_buf[60] = ctxt->md5_n8[3];
- ctxt->md5_buf[61] = ctxt->md5_n8[2];
- ctxt->md5_buf[62] = ctxt->md5_n8[1];
- ctxt->md5_buf[63] = ctxt->md5_n8[0];
-#endif
-
- md5_calc(ctxt->md5_buf, ctxt);
-}
-
-void md5_result(digest, ctxt)
- u_int8_t *digest;
- md5_ctxt *ctxt;
-{
- /* 4 byte words */
-#if BYTE_ORDER == LITTLE_ENDIAN
- bcopy(&ctxt->md5_st8[0], digest, 16);
-#endif
-#if BYTE_ORDER == BIG_ENDIAN
- digest[ 0] = ctxt->md5_st8[ 3]; digest[ 1] = ctxt->md5_st8[ 2];
- digest[ 2] = ctxt->md5_st8[ 1]; digest[ 3] = ctxt->md5_st8[ 0];
- digest[ 4] = ctxt->md5_st8[ 7]; digest[ 5] = ctxt->md5_st8[ 6];
- digest[ 6] = ctxt->md5_st8[ 5]; digest[ 7] = ctxt->md5_st8[ 4];
- digest[ 8] = ctxt->md5_st8[11]; digest[ 9] = ctxt->md5_st8[10];
- digest[10] = ctxt->md5_st8[ 9]; digest[11] = ctxt->md5_st8[ 8];
- digest[12] = ctxt->md5_st8[15]; digest[13] = ctxt->md5_st8[14];
- digest[14] = ctxt->md5_st8[13]; digest[15] = ctxt->md5_st8[12];
-#endif
-}
-
-static void md5_calc(b64, ctxt)
- u_int8_t *b64;
- md5_ctxt *ctxt;
-{
- u_int32_t A = ctxt->md5_sta;
- u_int32_t B = ctxt->md5_stb;
- u_int32_t C = ctxt->md5_stc;
- u_int32_t D = ctxt->md5_std;
-#if BYTE_ORDER == LITTLE_ENDIAN
- u_int32_t *X = (u_int32_t *)b64;
-#endif
-#if BYTE_ORDER == BIG_ENDIAN
- /* 4 byte words */
- /* what a brute force but fast! */
- u_int32_t X[16];
- u_int8_t *y = (u_int8_t *)X;
- y[ 0] = b64[ 3]; y[ 1] = b64[ 2]; y[ 2] = b64[ 1]; y[ 3] = b64[ 0];
- y[ 4] = b64[ 7]; y[ 5] = b64[ 6]; y[ 6] = b64[ 5]; y[ 7] = b64[ 4];
- y[ 8] = b64[11]; y[ 9] = b64[10]; y[10] = b64[ 9]; y[11] = b64[ 8];
- y[12] = b64[15]; y[13] = b64[14]; y[14] = b64[13]; y[15] = b64[12];
- y[16] = b64[19]; y[17] = b64[18]; y[18] = b64[17]; y[19] = b64[16];
- y[20] = b64[23]; y[21] = b64[22]; y[22] = b64[21]; y[23] = b64[20];
- y[24] = b64[27]; y[25] = b64[26]; y[26] = b64[25]; y[27] = b64[24];
- y[28] = b64[31]; y[29] = b64[30]; y[30] = b64[29]; y[31] = b64[28];
- y[32] = b64[35]; y[33] = b64[34]; y[34] = b64[33]; y[35] = b64[32];
- y[36] = b64[39]; y[37] = b64[38]; y[38] = b64[37]; y[39] = b64[36];
- y[40] = b64[43]; y[41] = b64[42]; y[42] = b64[41]; y[43] = b64[40];
- y[44] = b64[47]; y[45] = b64[46]; y[46] = b64[45]; y[47] = b64[44];
- y[48] = b64[51]; y[49] = b64[50]; y[50] = b64[49]; y[51] = b64[48];
- y[52] = b64[55]; y[53] = b64[54]; y[54] = b64[53]; y[55] = b64[52];
- y[56] = b64[59]; y[57] = b64[58]; y[58] = b64[57]; y[59] = b64[56];
- y[60] = b64[63]; y[61] = b64[62]; y[62] = b64[61]; y[63] = b64[60];
-#endif
-
- ROUND1(A, B, C, D, 0, Sa, 1); ROUND1(D, A, B, C, 1, Sb, 2);
- ROUND1(C, D, A, B, 2, Sc, 3); ROUND1(B, C, D, A, 3, Sd, 4);
- ROUND1(A, B, C, D, 4, Sa, 5); ROUND1(D, A, B, C, 5, Sb, 6);
- ROUND1(C, D, A, B, 6, Sc, 7); ROUND1(B, C, D, A, 7, Sd, 8);
- ROUND1(A, B, C, D, 8, Sa, 9); ROUND1(D, A, B, C, 9, Sb, 10);
- ROUND1(C, D, A, B, 10, Sc, 11); ROUND1(B, C, D, A, 11, Sd, 12);
- ROUND1(A, B, C, D, 12, Sa, 13); ROUND1(D, A, B, C, 13, Sb, 14);
- ROUND1(C, D, A, B, 14, Sc, 15); ROUND1(B, C, D, A, 15, Sd, 16);
-
- ROUND2(A, B, C, D, 1, Se, 17); ROUND2(D, A, B, C, 6, Sf, 18);
- ROUND2(C, D, A, B, 11, Sg, 19); ROUND2(B, C, D, A, 0, Sh, 20);
- ROUND2(A, B, C, D, 5, Se, 21); ROUND2(D, A, B, C, 10, Sf, 22);
- ROUND2(C, D, A, B, 15, Sg, 23); ROUND2(B, C, D, A, 4, Sh, 24);
- ROUND2(A, B, C, D, 9, Se, 25); ROUND2(D, A, B, C, 14, Sf, 26);
- ROUND2(C, D, A, B, 3, Sg, 27); ROUND2(B, C, D, A, 8, Sh, 28);
- ROUND2(A, B, C, D, 13, Se, 29); ROUND2(D, A, B, C, 2, Sf, 30);
- ROUND2(C, D, A, B, 7, Sg, 31); ROUND2(B, C, D, A, 12, Sh, 32);
-
- ROUND3(A, B, C, D, 5, Si, 33); ROUND3(D, A, B, C, 8, Sj, 34);
- ROUND3(C, D, A, B, 11, Sk, 35); ROUND3(B, C, D, A, 14, Sl, 36);
- ROUND3(A, B, C, D, 1, Si, 37); ROUND3(D, A, B, C, 4, Sj, 38);
- ROUND3(C, D, A, B, 7, Sk, 39); ROUND3(B, C, D, A, 10, Sl, 40);
- ROUND3(A, B, C, D, 13, Si, 41); ROUND3(D, A, B, C, 0, Sj, 42);
- ROUND3(C, D, A, B, 3, Sk, 43); ROUND3(B, C, D, A, 6, Sl, 44);
- ROUND3(A, B, C, D, 9, Si, 45); ROUND3(D, A, B, C, 12, Sj, 46);
- ROUND3(C, D, A, B, 15, Sk, 47); ROUND3(B, C, D, A, 2, Sl, 48);
-
- ROUND4(A, B, C, D, 0, Sm, 49); ROUND4(D, A, B, C, 7, Sn, 50);
- ROUND4(C, D, A, B, 14, So, 51); ROUND4(B, C, D, A, 5, Sp, 52);
- ROUND4(A, B, C, D, 12, Sm, 53); ROUND4(D, A, B, C, 3, Sn, 54);
- ROUND4(C, D, A, B, 10, So, 55); ROUND4(B, C, D, A, 1, Sp, 56);
- ROUND4(A, B, C, D, 8, Sm, 57); ROUND4(D, A, B, C, 15, Sn, 58);
- ROUND4(C, D, A, B, 6, So, 59); ROUND4(B, C, D, A, 13, Sp, 60);
- ROUND4(A, B, C, D, 4, Sm, 61); ROUND4(D, A, B, C, 11, Sn, 62);
- ROUND4(C, D, A, B, 2, So, 63); ROUND4(B, C, D, A, 9, Sp, 64);
-
- ctxt->md5_sta += A;
- ctxt->md5_stb += B;
- ctxt->md5_stc += C;
- ctxt->md5_std += D;
-}
+++ /dev/null
-/* $FreeBSD: src/sys/crypto/md5.h,v 1.4 2002/03/20 05:13:50 alfred Exp $ */
-/* $KAME: md5.h,v 1.4 2000/03/27 04:36:22 sumikawa Exp $ */
-
-/*
- * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef _NETINET6_MD5_H_
-#define _NETINET6_MD5_H_
-
-#define MD5_BUFLEN 64
-
-typedef struct {
- union {
- u_int32_t md5_state32[4];
- u_int8_t md5_state8[16];
- } md5_st;
-
-#define md5_sta md5_st.md5_state32[0]
-#define md5_stb md5_st.md5_state32[1]
-#define md5_stc md5_st.md5_state32[2]
-#define md5_std md5_st.md5_state32[3]
-#define md5_st8 md5_st.md5_state8
-
- union {
- u_int64_t md5_count64;
- u_int8_t md5_count8[8];
- } md5_count;
-#define md5_n md5_count.md5_count64
-#define md5_n8 md5_count.md5_count8
-
- u_int md5_i;
- u_int8_t md5_buf[MD5_BUFLEN];
-} md5_ctxt;
-
-extern void md5_init(md5_ctxt *);
-extern void md5_loop(md5_ctxt *, u_int8_t *, u_int);
-extern void md5_pad(md5_ctxt *);
-extern void md5_result(u_int8_t *, md5_ctxt *);
-
-/* compatibility */
-#define MD5_CTX md5_ctxt
-#define MD5Init(x) md5_init((x))
-#define MD5Update(x, y, z) md5_loop((x), (y), (z))
-#define MD5Final(x, y) \
-do { \
- md5_pad((y)); \
- md5_result((x), (y)); \
-} while (0)
-
-#endif /* ! _NETINET6_MD5_H_*/
+++ /dev/null
-#ifndef _BSD_COMPAT_H_
-#define _BSD_COMPAT_H_ 1
-/****************************************************************************/
-/*
- * Provide compat routines for older linux kernels and BSD kernels
- *
- * Written by David McCullough <david_mccullough@securecomputing.com>
- * Copyright (C) 2007 David McCullough <david_mccullough@securecomputing.com>
- *
- * LICENSE TERMS
- *
- * The free distribution and use of this software in both source and binary
- * form is allowed (with or without changes) provided that:
- *
- * 1. distributions of this source code include the above copyright
- * notice, this list of conditions and the following disclaimer;
- *
- * 2. distributions in binary form include the above copyright
- * notice, this list of conditions and the following disclaimer
- * in the documentation and/or other associated materials;
- *
- * 3. the copyright holder's name is not used to endorse products
- * built using this software without specific written permission.
- *
- * ALTERNATIVELY, provided that this notice is retained in full, this file
- * may be distributed under the terms of the GNU General Public License (GPL),
- * in which case the provisions of the GPL apply INSTEAD OF those given above.
- *
- * DISCLAIMER
- *
- * This software is provided 'as is' with no explicit or implied warranties
- * in respect of its properties, including, but not limited to, correctness
- * and/or fitness for purpose.
- */
-/****************************************************************************/
-#ifdef __KERNEL__
-/*
- * fake some BSD driver interface stuff specifically for OCF use
- */
-
-typedef struct ocf_device *device_t;
-
-typedef struct {
- int (*cryptodev_newsession)(device_t dev, u_int32_t *sidp, struct cryptoini *cri);
- int (*cryptodev_freesession)(device_t dev, u_int64_t tid);
- int (*cryptodev_process)(device_t dev, struct cryptop *crp, int hint);
- int (*cryptodev_kprocess)(device_t dev, struct cryptkop *krp, int hint);
-} device_method_t;
-#define DEVMETHOD(id, func) id: func
-
-struct ocf_device {
- char name[32]; /* the driver name */
- char nameunit[32]; /* the driver name + HW instance */
- int unit;
- device_method_t methods;
- void *softc;
-};
-
-#define CRYPTODEV_NEWSESSION(dev, sid, cri) \
- ((*(dev)->methods.cryptodev_newsession)(dev,sid,cri))
-#define CRYPTODEV_FREESESSION(dev, sid) \
- ((*(dev)->methods.cryptodev_freesession)(dev, sid))
-#define CRYPTODEV_PROCESS(dev, crp, hint) \
- ((*(dev)->methods.cryptodev_process)(dev, crp, hint))
-#define CRYPTODEV_KPROCESS(dev, krp, hint) \
- ((*(dev)->methods.cryptodev_kprocess)(dev, krp, hint))
-
-#define device_get_name(dev) ((dev)->name)
-#define device_get_nameunit(dev) ((dev)->nameunit)
-#define device_get_unit(dev) ((dev)->unit)
-#define device_get_softc(dev) ((dev)->softc)
-
-#define softc_device_decl \
- struct ocf_device _device; \
- device_t
-
-#define softc_device_init(_sc, _name, _unit, _methods) \
- if (1) {\
- strncpy((_sc)->_device.name, _name, sizeof((_sc)->_device.name) - 1); \
- snprintf((_sc)->_device.nameunit, sizeof((_sc)->_device.name), "%s%d", _name, _unit); \
- (_sc)->_device.unit = _unit; \
- (_sc)->_device.methods = _methods; \
- (_sc)->_device.softc = (void *) _sc; \
- *(device_t *)((softc_get_device(_sc))+1) = &(_sc)->_device; \
- } else
-
-#define softc_get_device(_sc) (&(_sc)->_device)
-
-/*
- * iomem support for 2.4 and 2.6 kernels
- */
-#include <linux/version.h>
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
-#define ocf_iomem_t unsigned long
-
-/*
- * implement simple workqueue like support for older kernels
- */
-
-#include <linux/tqueue.h>
-
-#define work_struct tq_struct
-
-#define INIT_WORK(wp, fp, ap) \
- do { \
- (wp)->sync = 0; \
- (wp)->routine = (fp); \
- (wp)->data = (ap); \
- } while (0)
-
-#define schedule_work(wp) \
- do { \
- queue_task((wp), &tq_immediate); \
- mark_bh(IMMEDIATE_BH); \
- } while (0)
-
-#define flush_scheduled_work() run_task_queue(&tq_immediate)
-
-#else
-#define ocf_iomem_t void __iomem *
-
-#include <linux/workqueue.h>
-
-#endif
-
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,26)
-#include <linux/fdtable.h>
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,11)
-#define files_fdtable(files) (files)
-#endif
-
-#ifdef MODULE_PARM
-#undef module_param /* just in case */
-#define module_param(a,b,c) MODULE_PARM(a,"i")
-#endif
-
-#define bzero(s,l) memset(s,0,l)
-#define bcopy(s,d,l) memcpy(d,s,l)
-#define bcmp(x, y, l) memcmp(x,y,l)
-
-#define MIN(x,y) ((x) < (y) ? (x) : (y))
-
-#define device_printf(dev, a...) ({ \
- printk("%s: ", device_get_nameunit(dev)); printk(a); \
- })
-
-#undef printf
-#define printf(fmt...) printk(fmt)
-
-#define KASSERT(c,p) if (!(c)) { printk p ; } else
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
-#define ocf_daemonize(str) \
- daemonize(); \
- spin_lock_irq(¤t->sigmask_lock); \
- sigemptyset(¤t->blocked); \
- recalc_sigpending(current); \
- spin_unlock_irq(¤t->sigmask_lock); \
- sprintf(current->comm, str);
-#else
-#define ocf_daemonize(str) daemonize(str);
-#endif
-
-#define TAILQ_INSERT_TAIL(q,d,m) list_add_tail(&(d)->m, (q))
-#define TAILQ_EMPTY(q) list_empty(q)
-#define TAILQ_FOREACH(v, q, m) list_for_each_entry(v, q, m)
-
-#define read_random(p,l) get_random_bytes(p,l)
-
-#define DELAY(x) ((x) > 2000 ? mdelay((x)/1000) : udelay(x))
-#define strtoul simple_strtoul
-
-#define pci_get_vendor(dev) ((dev)->vendor)
-#define pci_get_device(dev) ((dev)->device)
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
-#define pci_set_consistent_dma_mask(dev, mask) (0)
-#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,10)
-#define pci_dma_sync_single_for_cpu pci_dma_sync_single
-#endif
-
-#ifndef DMA_32BIT_MASK
-#define DMA_32BIT_MASK 0x00000000ffffffffULL
-#endif
-
-#define htole32(x) cpu_to_le32(x)
-#define htobe32(x) cpu_to_be32(x)
-#define htole16(x) cpu_to_le16(x)
-#define htobe16(x) cpu_to_be16(x)
-
-/* older kernels don't have these */
-
-#ifndef IRQ_NONE
-#define IRQ_NONE
-#define IRQ_HANDLED
-#define irqreturn_t void
-#endif
-#ifndef IRQF_SHARED
-#define IRQF_SHARED SA_SHIRQ
-#endif
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0)
-# define strlcpy(dest,src,len) \
- ({strncpy(dest,src,(len)-1); ((char *)dest)[(len)-1] = '\0'; })
-#endif
-
-#ifndef MAX_ERRNO
-#define MAX_ERRNO 4095
-#endif
-#ifndef IS_ERR_VALUE
-#define IS_ERR_VALUE(x) ((unsigned long)(x) >= (unsigned long)-MAX_ERRNO)
-#endif
-
-/*
- * common debug for all
- */
-#if 1
-#define dprintk(a...) do { if (debug) printk(a); } while(0)
-#else
-#define dprintk(a...)
-#endif
-
-#ifndef SLAB_ATOMIC
-/* Changed in 2.6.20, must use GFP_ATOMIC now */
-#define SLAB_ATOMIC GFP_ATOMIC
-#endif
-
-/*
- * need some additional support for older kernels */
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,2)
-#define pci_register_driver_compat(driver, rc) \
- do { \
- if ((rc) > 0) { \
- (rc) = 0; \
- } else if (rc == 0) { \
- (rc) = -ENODEV; \
- } else { \
- pci_unregister_driver(driver); \
- } \
- } while (0)
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,10)
-#define pci_register_driver_compat(driver,rc) ((rc) = (rc) < 0 ? (rc) : 0)
-#else
-#define pci_register_driver_compat(driver,rc)
-#endif
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
-
-#include <asm/scatterlist.h>
-
-static inline void sg_set_page(struct scatterlist *sg, struct page *page,
- unsigned int len, unsigned int offset)
-{
- sg->page = page;
- sg->offset = offset;
- sg->length = len;
-}
-
-static inline void *sg_virt(struct scatterlist *sg)
-{
- return page_address(sg->page) + sg->offset;
-}
-
-#endif
-
-#endif /* __KERNEL__ */
-
-/****************************************************************************/
-#endif /* _BSD_COMPAT_H_ */
+++ /dev/null
-/* $KAME: sha1.c,v 1.5 2000/11/08 06:13:08 itojun Exp $ */
-/*
- * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * FIPS pub 180-1: Secure Hash Algorithm (SHA-1)
- * based on: http://csrc.nist.gov/fips/fip180-1.txt
- * implemented by Jun-ichiro itojun Itoh <itojun@itojun.org>
- */
-
-#if 0
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/crypto/sha1.c,v 1.9 2003/06/10 21:36:57 obrien Exp $");
-
-#include <sys/types.h>
-#include <sys/cdefs.h>
-#include <sys/time.h>
-#include <sys/systm.h>
-
-#include <crypto/sha1.h>
-#endif
-
-/* sanity check */
-#if BYTE_ORDER != BIG_ENDIAN
-# if BYTE_ORDER != LITTLE_ENDIAN
-# define unsupported 1
-# endif
-#endif
-
-#ifndef unsupported
-
-/* constant table */
-static u_int32_t _K[] = { 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6 };
-#define K(t) _K[(t) / 20]
-
-#define F0(b, c, d) (((b) & (c)) | ((~(b)) & (d)))
-#define F1(b, c, d) (((b) ^ (c)) ^ (d))
-#define F2(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
-#define F3(b, c, d) (((b) ^ (c)) ^ (d))
-
-#define S(n, x) (((x) << (n)) | ((x) >> (32 - n)))
-
-#undef H
-#define H(n) (ctxt->h.b32[(n)])
-#define COUNT (ctxt->count)
-#define BCOUNT (ctxt->c.b64[0] / 8)
-#define W(n) (ctxt->m.b32[(n)])
-
-#define PUTBYTE(x) { \
- ctxt->m.b8[(COUNT % 64)] = (x); \
- COUNT++; \
- COUNT %= 64; \
- ctxt->c.b64[0] += 8; \
- if (COUNT % 64 == 0) \
- sha1_step(ctxt); \
- }
-
-#define PUTPAD(x) { \
- ctxt->m.b8[(COUNT % 64)] = (x); \
- COUNT++; \
- COUNT %= 64; \
- if (COUNT % 64 == 0) \
- sha1_step(ctxt); \
- }
-
-static void sha1_step(struct sha1_ctxt *);
-
-static void
-sha1_step(ctxt)
- struct sha1_ctxt *ctxt;
-{
- u_int32_t a, b, c, d, e;
- size_t t, s;
- u_int32_t tmp;
-
-#if BYTE_ORDER == LITTLE_ENDIAN
- struct sha1_ctxt tctxt;
- bcopy(&ctxt->m.b8[0], &tctxt.m.b8[0], 64);
- ctxt->m.b8[0] = tctxt.m.b8[3]; ctxt->m.b8[1] = tctxt.m.b8[2];
- ctxt->m.b8[2] = tctxt.m.b8[1]; ctxt->m.b8[3] = tctxt.m.b8[0];
- ctxt->m.b8[4] = tctxt.m.b8[7]; ctxt->m.b8[5] = tctxt.m.b8[6];
- ctxt->m.b8[6] = tctxt.m.b8[5]; ctxt->m.b8[7] = tctxt.m.b8[4];
- ctxt->m.b8[8] = tctxt.m.b8[11]; ctxt->m.b8[9] = tctxt.m.b8[10];
- ctxt->m.b8[10] = tctxt.m.b8[9]; ctxt->m.b8[11] = tctxt.m.b8[8];
- ctxt->m.b8[12] = tctxt.m.b8[15]; ctxt->m.b8[13] = tctxt.m.b8[14];
- ctxt->m.b8[14] = tctxt.m.b8[13]; ctxt->m.b8[15] = tctxt.m.b8[12];
- ctxt->m.b8[16] = tctxt.m.b8[19]; ctxt->m.b8[17] = tctxt.m.b8[18];
- ctxt->m.b8[18] = tctxt.m.b8[17]; ctxt->m.b8[19] = tctxt.m.b8[16];
- ctxt->m.b8[20] = tctxt.m.b8[23]; ctxt->m.b8[21] = tctxt.m.b8[22];
- ctxt->m.b8[22] = tctxt.m.b8[21]; ctxt->m.b8[23] = tctxt.m.b8[20];
- ctxt->m.b8[24] = tctxt.m.b8[27]; ctxt->m.b8[25] = tctxt.m.b8[26];
- ctxt->m.b8[26] = tctxt.m.b8[25]; ctxt->m.b8[27] = tctxt.m.b8[24];
- ctxt->m.b8[28] = tctxt.m.b8[31]; ctxt->m.b8[29] = tctxt.m.b8[30];
- ctxt->m.b8[30] = tctxt.m.b8[29]; ctxt->m.b8[31] = tctxt.m.b8[28];
- ctxt->m.b8[32] = tctxt.m.b8[35]; ctxt->m.b8[33] = tctxt.m.b8[34];
- ctxt->m.b8[34] = tctxt.m.b8[33]; ctxt->m.b8[35] = tctxt.m.b8[32];
- ctxt->m.b8[36] = tctxt.m.b8[39]; ctxt->m.b8[37] = tctxt.m.b8[38];
- ctxt->m.b8[38] = tctxt.m.b8[37]; ctxt->m.b8[39] = tctxt.m.b8[36];
- ctxt->m.b8[40] = tctxt.m.b8[43]; ctxt->m.b8[41] = tctxt.m.b8[42];
- ctxt->m.b8[42] = tctxt.m.b8[41]; ctxt->m.b8[43] = tctxt.m.b8[40];
- ctxt->m.b8[44] = tctxt.m.b8[47]; ctxt->m.b8[45] = tctxt.m.b8[46];
- ctxt->m.b8[46] = tctxt.m.b8[45]; ctxt->m.b8[47] = tctxt.m.b8[44];
- ctxt->m.b8[48] = tctxt.m.b8[51]; ctxt->m.b8[49] = tctxt.m.b8[50];
- ctxt->m.b8[50] = tctxt.m.b8[49]; ctxt->m.b8[51] = tctxt.m.b8[48];
- ctxt->m.b8[52] = tctxt.m.b8[55]; ctxt->m.b8[53] = tctxt.m.b8[54];
- ctxt->m.b8[54] = tctxt.m.b8[53]; ctxt->m.b8[55] = tctxt.m.b8[52];
- ctxt->m.b8[56] = tctxt.m.b8[59]; ctxt->m.b8[57] = tctxt.m.b8[58];
- ctxt->m.b8[58] = tctxt.m.b8[57]; ctxt->m.b8[59] = tctxt.m.b8[56];
- ctxt->m.b8[60] = tctxt.m.b8[63]; ctxt->m.b8[61] = tctxt.m.b8[62];
- ctxt->m.b8[62] = tctxt.m.b8[61]; ctxt->m.b8[63] = tctxt.m.b8[60];
-#endif
-
- a = H(0); b = H(1); c = H(2); d = H(3); e = H(4);
-
- for (t = 0; t < 20; t++) {
- s = t & 0x0f;
- if (t >= 16) {
- W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s));
- }
- tmp = S(5, a) + F0(b, c, d) + e + W(s) + K(t);
- e = d; d = c; c = S(30, b); b = a; a = tmp;
- }
- for (t = 20; t < 40; t++) {
- s = t & 0x0f;
- W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s));
- tmp = S(5, a) + F1(b, c, d) + e + W(s) + K(t);
- e = d; d = c; c = S(30, b); b = a; a = tmp;
- }
- for (t = 40; t < 60; t++) {
- s = t & 0x0f;
- W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s));
- tmp = S(5, a) + F2(b, c, d) + e + W(s) + K(t);
- e = d; d = c; c = S(30, b); b = a; a = tmp;
- }
- for (t = 60; t < 80; t++) {
- s = t & 0x0f;
- W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s));
- tmp = S(5, a) + F3(b, c, d) + e + W(s) + K(t);
- e = d; d = c; c = S(30, b); b = a; a = tmp;
- }
-
- H(0) = H(0) + a;
- H(1) = H(1) + b;
- H(2) = H(2) + c;
- H(3) = H(3) + d;
- H(4) = H(4) + e;
-
- bzero(&ctxt->m.b8[0], 64);
-}
-
-/*------------------------------------------------------------*/
-
-void
-sha1_init(ctxt)
- struct sha1_ctxt *ctxt;
-{
- bzero(ctxt, sizeof(struct sha1_ctxt));
- H(0) = 0x67452301;
- H(1) = 0xefcdab89;
- H(2) = 0x98badcfe;
- H(3) = 0x10325476;
- H(4) = 0xc3d2e1f0;
-}
-
-void
-sha1_pad(ctxt)
- struct sha1_ctxt *ctxt;
-{
- size_t padlen; /*pad length in bytes*/
- size_t padstart;
-
- PUTPAD(0x80);
-
- padstart = COUNT % 64;
- padlen = 64 - padstart;
- if (padlen < 8) {
- bzero(&ctxt->m.b8[padstart], padlen);
- COUNT += padlen;
- COUNT %= 64;
- sha1_step(ctxt);
- padstart = COUNT % 64; /* should be 0 */
- padlen = 64 - padstart; /* should be 64 */
- }
- bzero(&ctxt->m.b8[padstart], padlen - 8);
- COUNT += (padlen - 8);
- COUNT %= 64;
-#if BYTE_ORDER == BIG_ENDIAN
- PUTPAD(ctxt->c.b8[0]); PUTPAD(ctxt->c.b8[1]);
- PUTPAD(ctxt->c.b8[2]); PUTPAD(ctxt->c.b8[3]);
- PUTPAD(ctxt->c.b8[4]); PUTPAD(ctxt->c.b8[5]);
- PUTPAD(ctxt->c.b8[6]); PUTPAD(ctxt->c.b8[7]);
-#else
- PUTPAD(ctxt->c.b8[7]); PUTPAD(ctxt->c.b8[6]);
- PUTPAD(ctxt->c.b8[5]); PUTPAD(ctxt->c.b8[4]);
- PUTPAD(ctxt->c.b8[3]); PUTPAD(ctxt->c.b8[2]);
- PUTPAD(ctxt->c.b8[1]); PUTPAD(ctxt->c.b8[0]);
-#endif
-}
-
-void
-sha1_loop(ctxt, input, len)
- struct sha1_ctxt *ctxt;
- const u_int8_t *input;
- size_t len;
-{
- size_t gaplen;
- size_t gapstart;
- size_t off;
- size_t copysiz;
-
- off = 0;
-
- while (off < len) {
- gapstart = COUNT % 64;
- gaplen = 64 - gapstart;
-
- copysiz = (gaplen < len - off) ? gaplen : len - off;
- bcopy(&input[off], &ctxt->m.b8[gapstart], copysiz);
- COUNT += copysiz;
- COUNT %= 64;
- ctxt->c.b64[0] += copysiz * 8;
- if (COUNT % 64 == 0)
- sha1_step(ctxt);
- off += copysiz;
- }
-}
-
-void
-sha1_result(ctxt, digest0)
- struct sha1_ctxt *ctxt;
- caddr_t digest0;
-{
- u_int8_t *digest;
-
- digest = (u_int8_t *)digest0;
- sha1_pad(ctxt);
-#if BYTE_ORDER == BIG_ENDIAN
- bcopy(&ctxt->h.b8[0], digest, 20);
-#else
- digest[0] = ctxt->h.b8[3]; digest[1] = ctxt->h.b8[2];
- digest[2] = ctxt->h.b8[1]; digest[3] = ctxt->h.b8[0];
- digest[4] = ctxt->h.b8[7]; digest[5] = ctxt->h.b8[6];
- digest[6] = ctxt->h.b8[5]; digest[7] = ctxt->h.b8[4];
- digest[8] = ctxt->h.b8[11]; digest[9] = ctxt->h.b8[10];
- digest[10] = ctxt->h.b8[9]; digest[11] = ctxt->h.b8[8];
- digest[12] = ctxt->h.b8[15]; digest[13] = ctxt->h.b8[14];
- digest[14] = ctxt->h.b8[13]; digest[15] = ctxt->h.b8[12];
- digest[16] = ctxt->h.b8[19]; digest[17] = ctxt->h.b8[18];
- digest[18] = ctxt->h.b8[17]; digest[19] = ctxt->h.b8[16];
-#endif
-}
-
-#endif /*unsupported*/
+++ /dev/null
-/* $FreeBSD: src/sys/crypto/sha1.h,v 1.8 2002/03/20 05:13:50 alfred Exp $ */
-/* $KAME: sha1.h,v 1.5 2000/03/27 04:36:23 sumikawa Exp $ */
-
-/*
- * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-/*
- * FIPS pub 180-1: Secure Hash Algorithm (SHA-1)
- * based on: http://csrc.nist.gov/fips/fip180-1.txt
- * implemented by Jun-ichiro itojun Itoh <itojun@itojun.org>
- */
-
-#ifndef _NETINET6_SHA1_H_
-#define _NETINET6_SHA1_H_
-
-struct sha1_ctxt {
- union {
- u_int8_t b8[20];
- u_int32_t b32[5];
- } h;
- union {
- u_int8_t b8[8];
- u_int64_t b64[1];
- } c;
- union {
- u_int8_t b8[64];
- u_int32_t b32[16];
- } m;
- u_int8_t count;
-};
-
-#ifdef __KERNEL__
-extern void sha1_init(struct sha1_ctxt *);
-extern void sha1_pad(struct sha1_ctxt *);
-extern void sha1_loop(struct sha1_ctxt *, const u_int8_t *, size_t);
-extern void sha1_result(struct sha1_ctxt *, caddr_t);
-
-/* compatibilty with other SHA1 source codes */
-typedef struct sha1_ctxt SHA1_CTX;
-#define SHA1Init(x) sha1_init((x))
-#define SHA1Update(x, y, z) sha1_loop((x), (y), (z))
-#define SHA1Final(x, y) sha1_result((y), (x))
-#endif /* __KERNEL__ */
-
-#define SHA1_RESULTLEN (160/8)
-
-#endif /*_NETINET6_SHA1_H_*/
+++ /dev/null
-
-/*
- * Copyright (c) 2008 Daniel Mueller (daniel@danm.de)
- * Copyright (c) 2007 David McCullough (david_mccullough@securecomputing.com)
- * Copyright (c) 2000 Jason L. Wright (jason@thought.net)
- * Copyright (c) 2000 Theo de Raadt (deraadt@openbsd.org)
- * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com)
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
- * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- *
- * Effort sponsored in part by the Defense Advanced Research Projects
- * Agency (DARPA) and Air Force Research Laboratory, Air Force
- * Materiel Command, USAF, under agreement number F30602-01-2-0537.
- *
- */
-#undef UBSEC_DEBUG
-#undef UBSEC_VERBOSE_DEBUG
-
-#ifdef UBSEC_VERBOSE_DEBUG
-#define UBSEC_DEBUG
-#endif
-
-/*
- * uBsec BCM5365 hardware crypto accelerator
- */
-
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/moduleparam.h>
-#include <linux/proc_fs.h>
-#include <linux/types.h>
-#include <linux/init.h>
-#include <linux/delay.h>
-#include <linux/interrupt.h>
-#include <linux/fs.h>
-#include <linux/random.h>
-#include <linux/skbuff.h>
-#include <linux/stat.h>
-#include <asm/io.h>
-
-#include <linux/ssb/ssb.h>
-
-/*
- * BSD queue
- */
-#include "bsdqueue.h"
-
-/*
- * OCF
- */
-#include "cryptodev.h"
-#include "uio.h"
-
-#define HMAC_HACK 1
-
-#ifdef HMAC_HACK
-#include "hmachack.h"
-#include "md5.h"
-#include "md5.c"
-#include "sha1.h"
-#include "sha1.c"
-#endif
-
-#include "ubsecreg.h"
-#include "ubsecvar.h"
-
-#define DRV_MODULE_NAME "ubsec_ssb"
-#define PFX DRV_MODULE_NAME ": "
-#define DRV_MODULE_VERSION "0.02"
-#define DRV_MODULE_RELDATE "Feb 21, 2009"
-
-#if 1
-#define DPRINTF(a...) \
- if (debug) \
- { \
- printk(DRV_MODULE_NAME ": " a); \
- }
-#else
-#define DPRINTF(a...)
-#endif
-
-/*
- * Prototypes
- */
-static irqreturn_t ubsec_ssb_isr(int, void *, struct pt_regs *);
-static int __devinit ubsec_ssb_probe(struct ssb_device *sdev,
- const struct ssb_device_id *ent);
-static void __devexit ubsec_ssb_remove(struct ssb_device *sdev);
-int ubsec_attach(struct ssb_device *sdev, const struct ssb_device_id *ent,
- struct device *self);
-static void ubsec_setup_mackey(struct ubsec_session *ses, int algo,
- caddr_t key, int klen);
-static int dma_map_skb(struct ubsec_softc *sc,
- struct ubsec_dma_alloc* q_map, struct sk_buff *skb, int *mlen);
-static int dma_map_uio(struct ubsec_softc *sc,
- struct ubsec_dma_alloc *q_map, struct uio *uio, int *mlen);
-static void dma_unmap(struct ubsec_softc *sc,
- struct ubsec_dma_alloc *q_map, int mlen);
-static int ubsec_dmamap_aligned(struct ubsec_softc *sc,
- const struct ubsec_dma_alloc *q_map, int mlen);
-
-#ifdef UBSEC_DEBUG
-static int proc_read(char *buf, char **start, off_t offset,
- int size, int *peof, void *data);
-#endif
-
-void ubsec_reset_board(struct ubsec_softc *);
-void ubsec_init_board(struct ubsec_softc *);
-void ubsec_cleanchip(struct ubsec_softc *);
-void ubsec_totalreset(struct ubsec_softc *);
-int ubsec_free_q(struct ubsec_softc*, struct ubsec_q *);
-
-static int ubsec_newsession(device_t, u_int32_t *, struct cryptoini *);
-static int ubsec_freesession(device_t, u_int64_t);
-static int ubsec_process(device_t, struct cryptop *, int);
-
-void ubsec_callback(struct ubsec_softc *, struct ubsec_q *);
-void ubsec_feed(struct ubsec_softc *);
-void ubsec_mcopy(struct sk_buff *, struct sk_buff *, int, int);
-void ubsec_dma_free(struct ubsec_softc *, struct ubsec_dma_alloc *);
-int ubsec_dma_malloc(struct ubsec_softc *, struct ubsec_dma_alloc *,
- size_t, int);
-
-/* DEBUG crap... */
-void ubsec_dump_pb(struct ubsec_pktbuf *);
-void ubsec_dump_mcr(struct ubsec_mcr *);
-
-#define READ_REG(sc,r) \
- ssb_read32((sc)->sdev, (r));
-#define WRITE_REG(sc,r,val) \
- ssb_write32((sc)->sdev, (r), (val));
-#define READ_REG_SDEV(sdev,r) \
- ssb_read32((sdev), (r));
-#define WRITE_REG_SDEV(sdev,r,val) \
- ssb_write32((sdev), (r), (val));
-
-#define SWAP32(x) (x) = htole32(ntohl((x)))
-#define HTOLE32(x) (x) = htole32(x)
-
-#ifdef __LITTLE_ENDIAN
-#define letoh16(x) (x)
-#define letoh32(x) (x)
-#endif
-
-static int debug;
-module_param(debug, int, 0644);
-MODULE_PARM_DESC(debug, "Enable debug output");
-
-#define UBSEC_SSB_MAX_CHIPS 1
-static struct ubsec_softc *ubsec_chip_idx[UBSEC_SSB_MAX_CHIPS];
-static struct ubsec_stats ubsecstats;
-
-#ifdef UBSEC_DEBUG
-static struct proc_dir_entry *procdebug;
-#endif
-
-static struct ssb_device_id ubsec_ssb_tbl[] = {
- /* Broadcom BCM5365P IPSec Core */
- SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_IPSEC, SSB_ANY_REV),
- SSB_DEVTABLE_END
-};
-
-static struct ssb_driver ubsec_ssb_driver = {
- .name = DRV_MODULE_NAME,
- .id_table = ubsec_ssb_tbl,
- .probe = ubsec_ssb_probe,
- .remove = __devexit_p(ubsec_ssb_remove),
- /*
- .suspend = ubsec_ssb_suspend,
- .resume = ubsec_ssb_resume
- */
-};
-
-static device_method_t ubsec_ssb_methods = {
- /* crypto device methods */
- DEVMETHOD(cryptodev_newsession, ubsec_newsession),
- DEVMETHOD(cryptodev_freesession,ubsec_freesession),
- DEVMETHOD(cryptodev_process, ubsec_process),
-};
-
-#ifdef UBSEC_DEBUG
-static int
-proc_read(char *buf, char **start, off_t offset,
- int size, int *peof, void *data)
-{
- int i = 0, byteswritten = 0, ret;
- unsigned int stat, ctrl;
-#ifdef UBSEC_VERBOSE_DEBUG
- struct ubsec_q *q;
- struct ubsec_dma *dmap;
-#endif
-
- while ((i < UBSEC_SSB_MAX_CHIPS) && (ubsec_chip_idx[i] != NULL))
- {
- struct ubsec_softc *sc = ubsec_chip_idx[i];
-
- stat = READ_REG(sc, BS_STAT);
- ctrl = READ_REG(sc, BS_CTRL);
- ret = snprintf((buf + byteswritten),
- (size - byteswritten) ,
- "DEV %d, DMASTAT %08x, DMACTRL %08x\n", i, stat, ctrl);
-
- byteswritten += ret;
-
-#ifdef UBSEC_VERBOSE_DEBUG
- printf("DEV %d, DMASTAT %08x, DMACTRL %08x\n", i, stat, ctrl);
-
- /* Dump all queues MCRs */
- if (!BSD_SIMPLEQ_EMPTY(&sc->sc_qchip)) {
- BSD_SIMPLEQ_FOREACH(q, &sc->sc_qchip, q_next)
- {
- dmap = q->q_dma;
- ubsec_dump_mcr(&dmap->d_dma->d_mcr);
- }
- }
-#endif
-
- i++;
- }
-
- *peof = 1;
-
- return byteswritten;
-}
-#endif
-
-/*
- * map in a given sk_buff
- */
-static int
-dma_map_skb(struct ubsec_softc *sc, struct ubsec_dma_alloc* q_map, struct sk_buff *skb, int *mlen)
-{
- int i = 0;
- dma_addr_t tmp;
-
-#ifdef UBSEC_DEBUG
- DPRINTF("%s()\n", __FUNCTION__);
-#endif
-
- /*
- * We support only a limited number of fragments.
- */
- if (unlikely((skb_shinfo(skb)->nr_frags + 1) >= UBS_MAX_SCATTER))
- {
- printk(KERN_ERR "Only %d scatter fragments are supported.\n", UBS_MAX_SCATTER);
- return (-ENOMEM);
- }
-
-#ifdef UBSEC_VERBOSE_DEBUG
- DPRINTF("%s - map %d 0x%x %d\n", __FUNCTION__, 0, (unsigned int)skb->data, skb_headlen(skb));
-#endif
-
- /* first data package */
- tmp = dma_map_single(sc->sc_dv,
- skb->data,
- skb_headlen(skb),
- DMA_BIDIRECTIONAL);
-
- q_map[i].dma_paddr = tmp;
- q_map[i].dma_vaddr = skb->data;
- q_map[i].dma_size = skb_headlen(skb);
-
- if (unlikely(tmp == 0))
- {
- printk(KERN_ERR "Could not map memory region for dma.\n");
- return (-EINVAL);
- }
-
-#ifdef UBSEC_VERBOSE_DEBUG
- DPRINTF("%s - map %d done physical addr 0x%x\n", __FUNCTION__, 0, (unsigned int)tmp);
-#endif
-
-
- /* all other data packages */
- for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
-
-#ifdef UBSEC_VERBOSE_DEBUG
- DPRINTF("%s - map %d 0x%x %d\n", __FUNCTION__, i + 1,
- (unsigned int)page_address(skb_shinfo(skb)->frags[i].page) +
- skb_shinfo(skb)->frags[i].page_offset, skb_shinfo(skb)->frags[i].size);
-#endif
-
- tmp = dma_map_single(sc->sc_dv,
- page_address(skb_shinfo(skb)->frags[i].page) +
- skb_shinfo(skb)->frags[i].page_offset,
- skb_shinfo(skb)->frags[i].size,
- DMA_BIDIRECTIONAL);
-
- q_map[i + 1].dma_paddr = tmp;
- q_map[i + 1].dma_vaddr = (void*)(page_address(skb_shinfo(skb)->frags[i].page) +
- skb_shinfo(skb)->frags[i].page_offset);
- q_map[i + 1].dma_size = skb_shinfo(skb)->frags[i].size;
-
- if (unlikely(tmp == 0))
- {
- printk(KERN_ERR "Could not map memory region for dma.\n");
- return (-EINVAL);
- }
-
-#ifdef UBSEC_VERBOSE_DEBUG
- DPRINTF("%s - map %d done physical addr 0x%x\n", __FUNCTION__, i + 1, (unsigned int)tmp);
-#endif
-
- }
- *mlen = i + 1;
-
- return(0);
-}
-
-/*
- * map in a given uio buffer
- */
-
-static int
-dma_map_uio(struct ubsec_softc *sc, struct ubsec_dma_alloc *q_map, struct uio *uio, int *mlen)
-{
- struct iovec *iov = uio->uio_iov;
- int n;
- dma_addr_t tmp;
-
-#ifdef UBSEC_DEBUG
- DPRINTF("%s()\n", __FUNCTION__);
-#endif
-
- /*
- * We support only a limited number of fragments.
- */
- if (unlikely(uio->uio_iovcnt >= UBS_MAX_SCATTER))
- {
- printk(KERN_ERR "Only %d scatter fragments are supported.\n", UBS_MAX_SCATTER);
- return (-ENOMEM);
- }
-
- for (n = 0; n < uio->uio_iovcnt; n++) {
-#ifdef UBSEC_VERBOSE_DEBUG
- DPRINTF("%s - map %d 0x%x %d\n", __FUNCTION__, n, (unsigned int)iov->iov_base, iov->iov_len);
-#endif
- tmp = dma_map_single(sc->sc_dv,
- iov->iov_base,
- iov->iov_len,
- DMA_BIDIRECTIONAL);
-
- q_map[n].dma_paddr = tmp;
- q_map[n].dma_vaddr = iov->iov_base;
- q_map[n].dma_size = iov->iov_len;
-
- if (unlikely(tmp == 0))
- {
- printk(KERN_ERR "Could not map memory region for dma.\n");
- return (-EINVAL);
- }
-
-#ifdef UBSEC_VERBOSE_DEBUG
- DPRINTF("%s - map %d done physical addr 0x%x\n", __FUNCTION__, n, (unsigned int)tmp);
-#endif
-
- iov++;
- }
- *mlen = n;
-
- return(0);
-}
-
-static void
-dma_unmap(struct ubsec_softc *sc, struct ubsec_dma_alloc *q_map, int mlen)
-{
- int i;
-
-#ifdef UBSEC_DEBUG
- DPRINTF("%s()\n", __FUNCTION__);
-#endif
-
- for(i = 0; i < mlen; i++)
- {
-#ifdef UBSEC_VERBOSE_DEBUG
- DPRINTF("%s - unmap %d 0x%x %d\n", __FUNCTION__, i, (unsigned int)q_map[i].dma_paddr, q_map[i].dma_size);
-#endif
- dma_unmap_single(sc->sc_dv,
- q_map[i].dma_paddr,
- q_map[i].dma_size,
- DMA_BIDIRECTIONAL);
- }
- return;
-}
-
-/*
- * Is the operand suitable aligned for direct DMA. Each
- * segment must be aligned on a 32-bit boundary and all
- * but the last segment must be a multiple of 4 bytes.
- */
-static int
-ubsec_dmamap_aligned(struct ubsec_softc *sc, const struct ubsec_dma_alloc *q_map, int mlen)
-{
- int i;
-
-#ifdef UBSEC_DEBUG
- DPRINTF("%s()\n", __FUNCTION__);
-#endif
-
- for (i = 0; i < mlen; i++) {
- if (q_map[i].dma_paddr & 3)
- return (0);
- if (i != (mlen - 1) && (q_map[i].dma_size & 3))
- return (0);
- }
- return (1);
-}
-
-
-#define N(a) (sizeof(a) / sizeof (a[0]))
-static void
-ubsec_setup_mackey(struct ubsec_session *ses, int algo, caddr_t key, int klen)
-{
-#ifdef HMAC_HACK
- MD5_CTX md5ctx;
- SHA1_CTX sha1ctx;
- int i;
-
-#ifdef UBSEC_DEBUG
- DPRINTF("%s()\n", __FUNCTION__);
-#endif
-
- for (i = 0; i < klen; i++)
- key[i] ^= HMAC_IPAD_VAL;
-
- if (algo == CRYPTO_MD5_HMAC) {
- MD5Init(&md5ctx);
- MD5Update(&md5ctx, key, klen);
- MD5Update(&md5ctx, hmac_ipad_buffer, MD5_HMAC_BLOCK_LEN - klen);
- bcopy(md5ctx.md5_st8, ses->ses_hminner, sizeof(md5ctx.md5_st8));
- } else {
- SHA1Init(&sha1ctx);
- SHA1Update(&sha1ctx, key, klen);
- SHA1Update(&sha1ctx, hmac_ipad_buffer,
- SHA1_HMAC_BLOCK_LEN - klen);
- bcopy(sha1ctx.h.b32, ses->ses_hminner, sizeof(sha1ctx.h.b32));
- }
-
- for (i = 0; i < klen; i++)
- key[i] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
-
- if (algo == CRYPTO_MD5_HMAC) {
- MD5Init(&md5ctx);
- MD5Update(&md5ctx, key, klen);
- MD5Update(&md5ctx, hmac_opad_buffer, MD5_HMAC_BLOCK_LEN - klen);
- bcopy(md5ctx.md5_st8, ses->ses_hmouter, sizeof(md5ctx.md5_st8));
- } else {
- SHA1Init(&sha1ctx);
- SHA1Update(&sha1ctx, key, klen);
- SHA1Update(&sha1ctx, hmac_opad_buffer,
- SHA1_HMAC_BLOCK_LEN - klen);
- bcopy(sha1ctx.h.b32, ses->ses_hmouter, sizeof(sha1ctx.h.b32));
- }
-
- for (i = 0; i < klen; i++)
- key[i] ^= HMAC_OPAD_VAL;
-
-#else /* HMAC_HACK */
- DPRINTF("md5/sha not implemented\n");
-#endif /* HMAC_HACK */
-}
-#undef N
-
-static int
-__devinit ubsec_ssb_probe(struct ssb_device *sdev,
- const struct ssb_device_id *ent)
-{
- int err;
-
-#ifdef UBSEC_DEBUG
- DPRINTF("%s()\n", __FUNCTION__);
-#endif
-
- err = ssb_bus_powerup(sdev->bus, 0);
- if (err) {
- dev_err(sdev->dev, "Failed to powerup the bus\n");
- goto err_out;
- }
-
- err = request_irq(sdev->irq, (irq_handler_t)ubsec_ssb_isr,
- IRQF_DISABLED | IRQF_SHARED, DRV_MODULE_NAME, sdev);
- if (err) {
- dev_err(sdev->dev, "Could not request irq\n");
- goto err_out_powerdown;
- }
-
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,34))
- err = dma_set_mask(sdev->dma_dev, DMA_BIT_MASK(32)) ||
- dma_set_coherent_mask(sdev->dma_dev, DMA_BIT_MASK(32));
-#else
- err = ssb_dma_set_mask(sdev, DMA_32BIT_MASK);
-#endif
- if (err) {
- dev_err(sdev->dev,
- "Required 32BIT DMA mask unsupported by the system.\n");
- goto err_out_free_irq;
- }
-
- printk(KERN_INFO "Sentry5(tm) ROBOGateway(tm) IPSec Core at IRQ %u\n",
- sdev->irq);
-
- DPRINTF("Vendor: %x, core id: %x, revision: %x\n",
- sdev->id.vendor, sdev->id.coreid, sdev->id.revision);
-
- ssb_device_enable(sdev, 0);
-
- if (ubsec_attach(sdev, ent, sdev->dev) != 0)
- goto err_out_disable;
-
-#ifdef UBSEC_DEBUG
- procdebug = create_proc_entry(DRV_MODULE_NAME, S_IRUSR, NULL);
- if (procdebug)
- {
- procdebug->read_proc = proc_read;
- procdebug->data = NULL;
- } else
- DPRINTF("Unable to create proc file.\n");
-#endif
-
- return 0;
-
-err_out_disable:
- ssb_device_disable(sdev, 0);
-
-err_out_free_irq:
- free_irq(sdev->irq, sdev);
-
-err_out_powerdown:
- ssb_bus_may_powerdown(sdev->bus);
-
-err_out:
- return err;
-}
-
-static void __devexit ubsec_ssb_remove(struct ssb_device *sdev) {
-
- struct ubsec_softc *sc;
- unsigned int ctrlflgs;
- struct ubsec_dma *dmap;
- u_int32_t i;
-
-#ifdef UBSEC_DEBUG
- DPRINTF("%s()\n", __FUNCTION__);
-#endif
-
- ctrlflgs = READ_REG_SDEV(sdev, BS_CTRL);
- /* disable all IPSec Core interrupts globally */
- ctrlflgs ^= (BS_CTRL_MCR1INT | BS_CTRL_MCR2INT |
- BS_CTRL_DMAERR);
- WRITE_REG_SDEV(sdev, BS_CTRL, ctrlflgs);
-
- free_irq(sdev->irq, sdev);
-
- sc = (struct ubsec_softc *)ssb_get_drvdata(sdev);
-
- /* unregister all crypto algorithms */
- crypto_unregister_all(sc->sc_cid);
-
- /* Free queue / dma memory */
- for (i = 0; i < UBS_MAX_NQUEUE; i++) {
- struct ubsec_q *q;
-
- q = sc->sc_queuea[i];
- if (q != NULL)
- {
- dmap = q->q_dma;
- if (dmap != NULL)
- {
- ubsec_dma_free(sc, &dmap->d_alloc);
- q->q_dma = NULL;
- }
- kfree(q);
- }
- sc->sc_queuea[i] = NULL;
- }
-
- ssb_device_disable(sdev, 0);
- ssb_bus_may_powerdown(sdev->bus);
- ssb_set_drvdata(sdev, NULL);
-
-#ifdef UBSEC_DEBUG
- if (procdebug)
- remove_proc_entry(DRV_MODULE_NAME, NULL);
-#endif
-
-}
-
-
-int
-ubsec_attach(struct ssb_device *sdev, const struct ssb_device_id *ent,
- struct device *self)
-{
- struct ubsec_softc *sc = NULL;
- struct ubsec_dma *dmap;
- u_int32_t i;
- static int num_chips = 0;
-
-#ifdef UBSEC_DEBUG
- DPRINTF("%s()\n", __FUNCTION__);
-#endif
-
- sc = (struct ubsec_softc *) kmalloc(sizeof(*sc), GFP_KERNEL);
- if (!sc)
- return(-ENOMEM);
- memset(sc, 0, sizeof(*sc));
-
- sc->sc_dv = sdev->dev;
- sc->sdev = sdev;
-
- spin_lock_init(&sc->sc_ringmtx);
-
- softc_device_init(sc, "ubsec_ssb", num_chips, ubsec_ssb_methods);
-
- /* Maybe someday there are boards with more than one chip available */
- if (num_chips < UBSEC_SSB_MAX_CHIPS) {
- ubsec_chip_idx[device_get_unit(sc->sc_dev)] = sc;
- num_chips++;
- }
-
- ssb_set_drvdata(sdev, sc);
-
- BSD_SIMPLEQ_INIT(&sc->sc_queue);
- BSD_SIMPLEQ_INIT(&sc->sc_qchip);
- BSD_SIMPLEQ_INIT(&sc->sc_queue2);
- BSD_SIMPLEQ_INIT(&sc->sc_qchip2);
- BSD_SIMPLEQ_INIT(&sc->sc_q2free);
-
- sc->sc_statmask = BS_STAT_MCR1_DONE | BS_STAT_DMAERR;
-
- sc->sc_cid = crypto_get_driverid(softc_get_device(sc), CRYPTOCAP_F_HARDWARE);
- if (sc->sc_cid < 0) {
- device_printf(sc->sc_dev, "could not get crypto driver id\n");
- return -1;
- }
-
- BSD_SIMPLEQ_INIT(&sc->sc_freequeue);
- dmap = sc->sc_dmaa;
- for (i = 0; i < UBS_MAX_NQUEUE; i++, dmap++) {
- struct ubsec_q *q;
-
- q = (struct ubsec_q *)kmalloc(sizeof(struct ubsec_q), GFP_KERNEL);
- if (q == NULL) {
- printf(": can't allocate queue buffers\n");
- break;
- }
-
- if (ubsec_dma_malloc(sc, &dmap->d_alloc, sizeof(struct ubsec_dmachunk),0)) {
- printf(": can't allocate dma buffers\n");
- kfree(q);
- break;
- }
- dmap->d_dma = (struct ubsec_dmachunk *)dmap->d_alloc.dma_vaddr;
-
- q->q_dma = dmap;
- sc->sc_queuea[i] = q;
-
- BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next);
- }
-
- /*
- * Reset Broadcom chip
- */
- ubsec_reset_board(sc);
-
- /*
- * Init Broadcom chip
- */
- ubsec_init_board(sc);
-
- /* supported crypto algorithms */
- crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0);
- crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0);
-
- if (sc->sc_flags & UBS_FLAGS_AES) {
- crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0);
- printf(KERN_INFO DRV_MODULE_NAME ": DES 3DES AES128 AES192 AES256 MD5_HMAC SHA1_HMAC\n");
- }
- else
- printf(KERN_INFO DRV_MODULE_NAME ": DES 3DES MD5_HMAC SHA1_HMAC\n");
-
- crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0);
- crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0);
-
- return 0;
-}
-
-/*
- * UBSEC Interrupt routine
- */
-static irqreturn_t
-ubsec_ssb_isr(int irq, void *arg, struct pt_regs *regs)
-{
- struct ubsec_softc *sc = NULL;
- volatile u_int32_t stat;
- struct ubsec_q *q;
- struct ubsec_dma *dmap;
- int npkts = 0, i;
-
-#ifdef UBSEC_VERBOSE_DEBUG
- DPRINTF("%s()\n", __FUNCTION__);
-#endif
-
- sc = (struct ubsec_softc *)ssb_get_drvdata(arg);
-
- stat = READ_REG(sc, BS_STAT);
-
- stat &= sc->sc_statmask;
- if (stat == 0)
- return IRQ_NONE;
-
- WRITE_REG(sc, BS_STAT, stat); /* IACK */
-
- /*
- * Check to see if we have any packets waiting for us
- */
- if ((stat & BS_STAT_MCR1_DONE)) {
- while (!BSD_SIMPLEQ_EMPTY(&sc->sc_qchip)) {
- q = BSD_SIMPLEQ_FIRST(&sc->sc_qchip);
- dmap = q->q_dma;
-
- if ((dmap->d_dma->d_mcr.mcr_flags & htole16(UBS_MCR_DONE)) == 0)
- {
- DPRINTF("error while processing MCR. Flags = %x\n", dmap->d_dma->d_mcr.mcr_flags);
- break;
- }
-
- BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_qchip, q_next);
-
- npkts = q->q_nstacked_mcrs;
- /*
- * search for further sc_qchip ubsec_q's that share
- * the same MCR, and complete them too, they must be
- * at the top.
- */
- for (i = 0; i < npkts; i++) {
- if(q->q_stacked_mcr[i])
- ubsec_callback(sc, q->q_stacked_mcr[i]);
- else
- break;
- }
- ubsec_callback(sc, q);
- }
-
- /*
- * Don't send any more packet to chip if there has been
- * a DMAERR.
- */
- if (likely(!(stat & BS_STAT_DMAERR)))
- ubsec_feed(sc);
- else
- DPRINTF("DMA error occurred. Stop feeding crypto chip.\n");
- }
-
- /*
- * Check to see if we got any DMA Error
- */
- if (stat & BS_STAT_DMAERR) {
- volatile u_int32_t a = READ_REG(sc, BS_ERR);
-
- printf(KERN_ERR "%s: dmaerr %s@%08x\n", DRV_MODULE_NAME,
- (a & BS_ERR_READ) ? "read" : "write", a & BS_ERR_ADDR);
-
- ubsecstats.hst_dmaerr++;
- ubsec_totalreset(sc);
- ubsec_feed(sc);
- }
-
- return IRQ_HANDLED;
-}
-
-/*
- * ubsec_feed() - aggregate and post requests to chip
- * It is assumed that the caller set splnet()
- */
-void
-ubsec_feed(struct ubsec_softc *sc)
-{
-#ifdef UBSEC_VERBOSE_DEBUG
- static int max;
-#endif
- struct ubsec_q *q, *q2;
- int npkts, i;
- void *v;
- u_int32_t stat;
-
- npkts = sc->sc_nqueue;
- if (npkts > UBS_MAX_AGGR)
- npkts = UBS_MAX_AGGR;
- if (npkts < 2)
- goto feed1;
-
- stat = READ_REG(sc, BS_STAT);
-
- if (stat & (BS_STAT_MCR1_FULL | BS_STAT_DMAERR)) {
- if(stat & BS_STAT_DMAERR) {
- ubsec_totalreset(sc);
- ubsecstats.hst_dmaerr++;
- }
- return;
- }
-
-#ifdef UBSEC_VERBOSE_DEBUG
- DPRINTF("merging %d records\n", npkts);
-
- /* XXX temporary aggregation statistics reporting code */
- if (max < npkts) {
- max = npkts;
- DPRINTF("%s: new max aggregate %d\n", DRV_MODULE_NAME, max);
- }
-#endif /* UBSEC_VERBOSE_DEBUG */
-
- q = BSD_SIMPLEQ_FIRST(&sc->sc_queue);
- BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q_next);
- --sc->sc_nqueue;
-
-#if 0
- /*
- * XXX
- * We use dma_map_single() - no sync required!
- */
-
- bus_dmamap_sync(sc->sc_dmat, q->q_src_map,
- 0, q->q_src_map->dm_mapsize, BUS_DMASYNC_PREWRITE);
- if (q->q_dst_map != NULL)
- bus_dmamap_sync(sc->sc_dmat, q->q_dst_map,
- 0, q->q_dst_map->dm_mapsize, BUS_DMASYNC_PREREAD);
-#endif
-
- q->q_nstacked_mcrs = npkts - 1; /* Number of packets stacked */
-
- for (i = 0; i < q->q_nstacked_mcrs; i++) {
- q2 = BSD_SIMPLEQ_FIRST(&sc->sc_queue);
-
-#if 0
- bus_dmamap_sync(sc->sc_dmat, q2->q_src_map,
- 0, q2->q_src_map->dm_mapsize, BUS_DMASYNC_PREWRITE);
- if (q2->q_dst_map != NULL)
- bus_dmamap_sync(sc->sc_dmat, q2->q_dst_map,
- 0, q2->q_dst_map->dm_mapsize, BUS_DMASYNC_PREREAD);
-#endif
- BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q_next);
- --sc->sc_nqueue;
-
- v = ((char *)&q2->q_dma->d_dma->d_mcr) + sizeof(struct ubsec_mcr) -
- sizeof(struct ubsec_mcr_add);
- bcopy(v, &q->q_dma->d_dma->d_mcradd[i], sizeof(struct ubsec_mcr_add));
- q->q_stacked_mcr[i] = q2;
- }
- q->q_dma->d_dma->d_mcr.mcr_pkts = htole16(npkts);
- BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_qchip, q, q_next);
-#if 0
- bus_dmamap_sync(sc->sc_dmat, q->q_dma->d_alloc.dma_map,
- 0, q->q_dma->d_alloc.dma_map->dm_mapsize,
- BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
-#endif
- WRITE_REG(sc, BS_MCR1, q->q_dma->d_alloc.dma_paddr +
- offsetof(struct ubsec_dmachunk, d_mcr));
-#ifdef UBSEC_VERBOSE_DEBUG
- DPRINTF("feed (1): q->chip %p %08x %08x\n", q,
- (u_int32_t)q->q_dma->d_alloc.dma_paddr,
- (u_int32_t)(q->q_dma->d_alloc.dma_paddr +
- offsetof(struct ubsec_dmachunk, d_mcr)));
-#endif /* UBSEC_DEBUG */
- return;
-
-feed1:
- while (!BSD_SIMPLEQ_EMPTY(&sc->sc_queue)) {
- stat = READ_REG(sc, BS_STAT);
-
- if (stat & (BS_STAT_MCR1_FULL | BS_STAT_DMAERR)) {
- if(stat & BS_STAT_DMAERR) {
- ubsec_totalreset(sc);
- ubsecstats.hst_dmaerr++;
- }
- break;
- }
-
- q = BSD_SIMPLEQ_FIRST(&sc->sc_queue);
-
-#if 0
- bus_dmamap_sync(sc->sc_dmat, q->q_src_map,
- 0, q->q_src_map->dm_mapsize, BUS_DMASYNC_PREWRITE);
- if (q->q_dst_map != NULL)
- bus_dmamap_sync(sc->sc_dmat, q->q_dst_map,
- 0, q->q_dst_map->dm_mapsize, BUS_DMASYNC_PREREAD);
- bus_dmamap_sync(sc->sc_dmat, q->q_dma->d_alloc.dma_map,
- 0, q->q_dma->d_alloc.dma_map->dm_mapsize,
- BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
-#endif
-
- WRITE_REG(sc, BS_MCR1, q->q_dma->d_alloc.dma_paddr +
- offsetof(struct ubsec_dmachunk, d_mcr));
-#ifdef UBSEC_VERBOSE_DEBUG
- DPRINTF("feed (2): q->chip %p %08x %08x\n", q,
- (u_int32_t)q->q_dma->d_alloc.dma_paddr,
- (u_int32_t)(q->q_dma->d_alloc.dma_paddr +
- offsetof(struct ubsec_dmachunk, d_mcr)));
-#endif /* UBSEC_DEBUG */
- BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q_next);
- --sc->sc_nqueue;
- BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_qchip, q, q_next);
- }
-}
-
-/*
- * Allocate a new 'session' and return an encoded session id. 'sidp'
- * contains our registration id, and should contain an encoded session
- * id on successful allocation.
- */
-static int
-ubsec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
-{
- struct cryptoini *c, *encini = NULL, *macini = NULL;
- struct ubsec_softc *sc = NULL;
- struct ubsec_session *ses = NULL;
- int sesn, i;
-
-#ifdef UBSEC_DEBUG
- DPRINTF("%s()\n", __FUNCTION__);
-#endif
-
- if (sidp == NULL || cri == NULL)
- return (EINVAL);
-
- sc = device_get_softc(dev);
-
- if (sc == NULL)
- return (EINVAL);
-
- for (c = cri; c != NULL; c = c->cri_next) {
- if (c->cri_alg == CRYPTO_MD5_HMAC ||
- c->cri_alg == CRYPTO_SHA1_HMAC) {
- if (macini)
- return (EINVAL);
- macini = c;
- } else if (c->cri_alg == CRYPTO_DES_CBC ||
- c->cri_alg == CRYPTO_3DES_CBC ||
- c->cri_alg == CRYPTO_AES_CBC) {
- if (encini)
- return (EINVAL);
- encini = c;
- } else
- return (EINVAL);
- }
- if (encini == NULL && macini == NULL)
- return (EINVAL);
-
- if (sc->sc_sessions == NULL) {
- ses = sc->sc_sessions = (struct ubsec_session *)kmalloc(
- sizeof(struct ubsec_session), SLAB_ATOMIC);
- if (ses == NULL)
- return (ENOMEM);
- memset(ses, 0, sizeof(struct ubsec_session));
- sesn = 0;
- sc->sc_nsessions = 1;
- } else {
- for (sesn = 0; sesn < sc->sc_nsessions; sesn++) {
- if (sc->sc_sessions[sesn].ses_used == 0) {
- ses = &sc->sc_sessions[sesn];
- break;
- }
- }
-
- if (ses == NULL) {
- sesn = sc->sc_nsessions;
- ses = (struct ubsec_session *)kmalloc((sesn + 1) *
- sizeof(struct ubsec_session), SLAB_ATOMIC);
- if (ses == NULL)
- return (ENOMEM);
- memset(ses, 0, (sesn + 1) * sizeof(struct ubsec_session));
- bcopy(sc->sc_sessions, ses, sesn *
- sizeof(struct ubsec_session));
- bzero(sc->sc_sessions, sesn *
- sizeof(struct ubsec_session));
- kfree(sc->sc_sessions);
- sc->sc_sessions = ses;
- ses = &sc->sc_sessions[sesn];
- sc->sc_nsessions++;
- }
- }
-
- bzero(ses, sizeof(struct ubsec_session));
- ses->ses_used = 1;
- if (encini) {
- /* get an IV */
- /* XXX may read fewer than requested */
- read_random(ses->ses_iv, sizeof(ses->ses_iv));
-
- /* Go ahead and compute key in ubsec's byte order */
- if (encini->cri_alg == CRYPTO_DES_CBC) {
- /* DES uses the same key three times:
- * 1st encrypt -> 2nd decrypt -> 3nd encrypt */
- bcopy(encini->cri_key, &ses->ses_key[0], 8);
- bcopy(encini->cri_key, &ses->ses_key[2], 8);
- bcopy(encini->cri_key, &ses->ses_key[4], 8);
- ses->ses_keysize = 192; /* Fake! Actually its only 64bits ..
- oh no it is even less: 54bits. */
- } else if(encini->cri_alg == CRYPTO_3DES_CBC) {
- bcopy(encini->cri_key, ses->ses_key, 24);
- ses->ses_keysize = 192;
- } else if(encini->cri_alg == CRYPTO_AES_CBC) {
- ses->ses_keysize = encini->cri_klen;
-
- if (ses->ses_keysize != 128 &&
- ses->ses_keysize != 192 &&
- ses->ses_keysize != 256)
- {
- DPRINTF("unsupported AES key size: %d\n", ses->ses_keysize);
- return (EINVAL);
- }
- bcopy(encini->cri_key, ses->ses_key, (ses->ses_keysize / 8));
- }
-
- /* Hardware requires the keys in little endian byte order */
- for (i=0; i < (ses->ses_keysize / 32); i++)
- SWAP32(ses->ses_key[i]);
- }
-
- if (macini) {
- ses->ses_mlen = macini->cri_mlen;
-
- if (ses->ses_mlen == 0 ||
- ses->ses_mlen > SHA1_HASH_LEN) {
-
- if (macini->cri_alg == CRYPTO_MD5_HMAC ||
- macini->cri_alg == CRYPTO_SHA1_HMAC)
- {
- ses->ses_mlen = DEFAULT_HMAC_LEN;
- } else
- {
- /*
- * Reserved for future usage. MD5/SHA1 calculations have
- * different hash sizes.
- */
- printk(KERN_ERR DRV_MODULE_NAME ": unsupported hash operation with mac/hash len: %d\n", ses->ses_mlen);
- return (EINVAL);
- }
-
- }
-
- if (macini->cri_key != NULL) {
- ubsec_setup_mackey(ses, macini->cri_alg, macini->cri_key,
- macini->cri_klen / 8);
- }
- }
-
- *sidp = UBSEC_SID(device_get_unit(sc->sc_dev), sesn);
- return (0);
-}
-
-/*
- * Deallocate a session.
- */
-static int
-ubsec_freesession(device_t dev, u_int64_t tid)
-{
- struct ubsec_softc *sc = device_get_softc(dev);
- int session;
- u_int32_t sid = ((u_int32_t)tid) & 0xffffffff;
-
-#ifdef UBSEC_DEBUG
- DPRINTF("%s()\n", __FUNCTION__);
-#endif
-
- if (sc == NULL)
- return (EINVAL);
-
- session = UBSEC_SESSION(sid);
- if (session < sc->sc_nsessions) {
- bzero(&sc->sc_sessions[session], sizeof(sc->sc_sessions[session]));
- return (0);
- } else
- return (EINVAL);
-}
-
-static int
-ubsec_process(device_t dev, struct cryptop *crp, int hint)
-{
- struct ubsec_q *q = NULL;
- int err = 0, i, j, nicealign;
- struct ubsec_softc *sc = device_get_softc(dev);
- struct cryptodesc *crd1, *crd2, *maccrd, *enccrd;
- int encoffset = 0, macoffset = 0, cpskip, cpoffset;
- int sskip, dskip, stheend, dtheend, ivsize = 8;
- int16_t coffset;
- struct ubsec_session *ses;
- struct ubsec_generic_ctx ctx;
- struct ubsec_dma *dmap = NULL;
- unsigned long flags;
-
-#ifdef UBSEC_DEBUG
- DPRINTF("%s()\n", __FUNCTION__);
-#endif
-
- if (unlikely(crp == NULL || crp->crp_callback == NULL)) {
- ubsecstats.hst_invalid++;
- return (EINVAL);
- }
-
- if (unlikely(sc == NULL))
- return (EINVAL);
-
-#ifdef UBSEC_VERBOSE_DEBUG
- DPRINTF("spin_lock_irqsave\n");
-#endif
- spin_lock_irqsave(&sc->sc_ringmtx, flags);
- //spin_lock_irq(&sc->sc_ringmtx);
-
- if (BSD_SIMPLEQ_EMPTY(&sc->sc_freequeue)) {
- ubsecstats.hst_queuefull++;
-#ifdef UBSEC_VERBOSE_DEBUG
- DPRINTF("spin_unlock_irqrestore\n");
-#endif
- spin_unlock_irqrestore(&sc->sc_ringmtx, flags);
- //spin_unlock_irq(&sc->sc_ringmtx);
- err = ENOMEM;
- goto errout2;
- }
-
- q = BSD_SIMPLEQ_FIRST(&sc->sc_freequeue);
- BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_freequeue, q_next);
-#ifdef UBSEC_VERBOSE_DEBUG
- DPRINTF("spin_unlock_irqrestore\n");
-#endif
- spin_unlock_irqrestore(&sc->sc_ringmtx, flags);
- //spin_unlock_irq(&sc->sc_ringmtx);
-
- dmap = q->q_dma; /* Save dma pointer */
- bzero(q, sizeof(struct ubsec_q));
- bzero(&ctx, sizeof(ctx));
-
- q->q_sesn = UBSEC_SESSION(crp->crp_sid);
- q->q_dma = dmap;
- ses = &sc->sc_sessions[q->q_sesn];
-
- if (crp->crp_flags & CRYPTO_F_SKBUF) {
- q->q_src_m = (struct sk_buff *)crp->crp_buf;
- q->q_dst_m = (struct sk_buff *)crp->crp_buf;
- } else if (crp->crp_flags & CRYPTO_F_IOV) {
- q->q_src_io = (struct uio *)crp->crp_buf;
- q->q_dst_io = (struct uio *)crp->crp_buf;
- } else {
- err = EINVAL;
- goto errout; /* XXX we don't handle contiguous blocks! */
- }
-
- bzero(&dmap->d_dma->d_mcr, sizeof(struct ubsec_mcr));
-
- dmap->d_dma->d_mcr.mcr_pkts = htole16(1);
- dmap->d_dma->d_mcr.mcr_flags = 0;
- q->q_crp = crp;
-
- crd1 = crp->crp_desc;
- if (crd1 == NULL) {
- err = EINVAL;
- goto errout;
- }
- crd2 = crd1->crd_next;
-
- if (crd2 == NULL) {
- if (crd1->crd_alg == CRYPTO_MD5_HMAC ||
- crd1->crd_alg == CRYPTO_SHA1_HMAC) {
- maccrd = crd1;
- enccrd = NULL;
- } else if (crd1->crd_alg == CRYPTO_DES_CBC ||
- crd1->crd_alg == CRYPTO_3DES_CBC ||
- crd1->crd_alg == CRYPTO_AES_CBC) {
- maccrd = NULL;
- enccrd = crd1;
- } else {
- err = EINVAL;
- goto errout;
- }
- } else {
- if ((crd1->crd_alg == CRYPTO_MD5_HMAC ||
- crd1->crd_alg == CRYPTO_SHA1_HMAC) &&
- (crd2->crd_alg == CRYPTO_DES_CBC ||
- crd2->crd_alg == CRYPTO_3DES_CBC ||
- crd2->crd_alg == CRYPTO_AES_CBC) &&
- ((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) {
- maccrd = crd1;
- enccrd = crd2;
- } else if ((crd1->crd_alg == CRYPTO_DES_CBC ||
- crd1->crd_alg == CRYPTO_3DES_CBC ||
- crd1->crd_alg == CRYPTO_AES_CBC) &&
- (crd2->crd_alg == CRYPTO_MD5_HMAC ||
- crd2->crd_alg == CRYPTO_SHA1_HMAC) &&
- (crd1->crd_flags & CRD_F_ENCRYPT)) {
- enccrd = crd1;
- maccrd = crd2;
- } else {
- /*
- * We cannot order the ubsec as requested
- */
- printk(KERN_ERR DRV_MODULE_NAME ": got wrong algorithm/signature order.\n");
- err = EINVAL;
- goto errout;
- }
- }
-
- /* Encryption/Decryption requested */
- if (enccrd) {
- encoffset = enccrd->crd_skip;
-
- if (enccrd->crd_alg == CRYPTO_DES_CBC ||
- enccrd->crd_alg == CRYPTO_3DES_CBC)
- {
- ctx.pc_flags |= htole16(UBS_PKTCTX_ENC_3DES);
- ctx.pc_type = htole16(UBS_PKTCTX_TYPE_IPSEC_DES);
- ivsize = 8; /* [3]DES uses 64bit IVs */
- } else {
- ctx.pc_flags |= htole16(UBS_PKTCTX_ENC_AES);
- ctx.pc_type = htole16(UBS_PKTCTX_TYPE_IPSEC_AES);
- ivsize = 16; /* AES uses 128bit IVs / [3]DES 64bit IVs */
-
- switch(ses->ses_keysize)
- {
- case 128:
- ctx.pc_flags |= htole16(UBS_PKTCTX_AES128);
- break;
- case 192:
- ctx.pc_flags |= htole16(UBS_PKTCTX_AES192);
- break;
- case 256:
- ctx.pc_flags |= htole16(UBS_PKTCTX_AES256);
- break;
- default:
- DPRINTF("invalid AES key size: %d\n", ses->ses_keysize);
- err = EINVAL;
- goto errout;
- }
- }
-
- if (enccrd->crd_flags & CRD_F_ENCRYPT) {
- /* Direction: Outbound */
-
- q->q_flags |= UBSEC_QFLAGS_COPYOUTIV;
-
- if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) {
- bcopy(enccrd->crd_iv, ctx.pc_iv, ivsize);
- } else {
- for(i=0; i < (ivsize / 4); i++)
- ctx.pc_iv[i] = ses->ses_iv[i];
- }
-
- /* If there is no IV in the buffer -> copy it here */
- if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) {
- if (crp->crp_flags & CRYPTO_F_SKBUF)
- /*
- m_copyback(q->q_src_m,
- enccrd->crd_inject,
- 8, ctx.pc_iv);
- */
- crypto_copyback(crp->crp_flags, (caddr_t)q->q_src_m,
- enccrd->crd_inject, ivsize, (caddr_t)ctx.pc_iv);
- else if (crp->crp_flags & CRYPTO_F_IOV)
- /*
- cuio_copyback(q->q_src_io,
- enccrd->crd_inject,
- 8, ctx.pc_iv);
- */
- crypto_copyback(crp->crp_flags, (caddr_t)q->q_src_io,
- enccrd->crd_inject, ivsize, (caddr_t)ctx.pc_iv);
- }
- } else {
- /* Direction: Inbound */
-
- ctx.pc_flags |= htole16(UBS_PKTCTX_INBOUND);
-
- if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
- bcopy(enccrd->crd_iv, ctx.pc_iv, ivsize);
- else if (crp->crp_flags & CRYPTO_F_SKBUF)
- /*
- m_copydata(q->q_src_m, enccrd->crd_inject,
- 8, (caddr_t)ctx.pc_iv);
- */
- crypto_copydata(crp->crp_flags, (caddr_t)q->q_src_m,
- enccrd->crd_inject, ivsize,
- (caddr_t)ctx.pc_iv);
- else if (crp->crp_flags & CRYPTO_F_IOV)
- /*
- cuio_copydata(q->q_src_io,
- enccrd->crd_inject, 8,
- (caddr_t)ctx.pc_iv);
- */
- crypto_copydata(crp->crp_flags, (caddr_t)q->q_src_io,
- enccrd->crd_inject, ivsize,
- (caddr_t)ctx.pc_iv);
-
- }
-
- /* Even though key & IV sizes differ from cipher to cipher
- * copy / swap the full array lengths. Let the compiler unroll
- * the loop to increase the cpu pipeline performance... */
- for(i=0; i < 8; i++)
- ctx.pc_key[i] = ses->ses_key[i];
- for(i=0; i < 4; i++)
- SWAP32(ctx.pc_iv[i]);
- }
-
- /* Authentication requested */
- if (maccrd) {
- macoffset = maccrd->crd_skip;
-
- if (maccrd->crd_alg == CRYPTO_MD5_HMAC)
- ctx.pc_flags |= htole16(UBS_PKTCTX_AUTH_MD5);
- else
- ctx.pc_flags |= htole16(UBS_PKTCTX_AUTH_SHA1);
-
- for (i = 0; i < 5; i++) {
- ctx.pc_hminner[i] = ses->ses_hminner[i];
- ctx.pc_hmouter[i] = ses->ses_hmouter[i];
-
- HTOLE32(ctx.pc_hminner[i]);
- HTOLE32(ctx.pc_hmouter[i]);
- }
- }
-
- if (enccrd && maccrd) {
- /*
- * ubsec cannot handle packets where the end of encryption
- * and authentication are not the same, or where the
- * encrypted part begins before the authenticated part.
- */
- if (((encoffset + enccrd->crd_len) !=
- (macoffset + maccrd->crd_len)) ||
- (enccrd->crd_skip < maccrd->crd_skip)) {
- err = EINVAL;
- goto errout;
- }
- sskip = maccrd->crd_skip;
- cpskip = dskip = enccrd->crd_skip;
- stheend = maccrd->crd_len;
- dtheend = enccrd->crd_len;
- coffset = enccrd->crd_skip - maccrd->crd_skip;
- cpoffset = cpskip + dtheend;
-#ifdef UBSEC_DEBUG
- DPRINTF("mac: skip %d, len %d, inject %d\n",
- maccrd->crd_skip, maccrd->crd_len, maccrd->crd_inject);
- DPRINTF("enc: skip %d, len %d, inject %d\n",
- enccrd->crd_skip, enccrd->crd_len, enccrd->crd_inject);
- DPRINTF("src: skip %d, len %d\n", sskip, stheend);
- DPRINTF("dst: skip %d, len %d\n", dskip, dtheend);
- DPRINTF("ubs: coffset %d, pktlen %d, cpskip %d, cpoffset %d\n",
- coffset, stheend, cpskip, cpoffset);
-#endif
- } else {
- cpskip = dskip = sskip = macoffset + encoffset;
- dtheend = stheend = (enccrd)?enccrd->crd_len:maccrd->crd_len;
- cpoffset = cpskip + dtheend;
- coffset = 0;
- }
- ctx.pc_offset = htole16(coffset >> 2);
-
-#if 0
- if (bus_dmamap_create(sc->sc_dmat, 0xfff0, UBS_MAX_SCATTER,
- 0xfff0, 0, BUS_DMA_NOWAIT, &q->q_src_map) != 0) {
- err = ENOMEM;
- goto errout;
- }
-#endif
-
- if (crp->crp_flags & CRYPTO_F_SKBUF) {
-#if 0
- if (bus_dmamap_load_mbuf(sc->sc_dmat, q->q_src_map,
- q->q_src_m, BUS_DMA_NOWAIT) != 0) {
- bus_dmamap_destroy(sc->sc_dmat, q->q_src_map);
- q->q_src_map = NULL;
- err = ENOMEM;
- goto errout;
- }
-#endif
- err = dma_map_skb(sc, q->q_src_map, q->q_src_m, &q->q_src_len);
- if (unlikely(err != 0))
- goto errout;
-
- } else if (crp->crp_flags & CRYPTO_F_IOV) {
-#if 0
- if (bus_dmamap_load_uio(sc->sc_dmat, q->q_src_map,
- q->q_src_io, BUS_DMA_NOWAIT) != 0) {
- bus_dmamap_destroy(sc->sc_dmat, q->q_src_map);
- q->q_src_map = NULL;
- err = ENOMEM;
- goto errout;
- }
-#endif
- err = dma_map_uio(sc, q->q_src_map, q->q_src_io, &q->q_src_len);
- if (unlikely(err != 0))
- goto errout;
- }
-
- /*
- * Check alignment
- */
- nicealign = ubsec_dmamap_aligned(sc, q->q_src_map, q->q_src_len);
-
- dmap->d_dma->d_mcr.mcr_pktlen = htole16(stheend);
-
-#ifdef UBSEC_DEBUG
- DPRINTF("src skip: %d\n", sskip);
-#endif
- for (i = j = 0; i < q->q_src_len; i++) {
- struct ubsec_pktbuf *pb;
- size_t packl = q->q_src_map[i].dma_size;
- dma_addr_t packp = q->q_src_map[i].dma_paddr;
-
- if (sskip >= packl) {
- sskip -= packl;
- continue;
- }
-
- packl -= sskip;
- packp += sskip;
- sskip = 0;
-
- /* maximum fragment size is 0xfffc */
- if (packl > 0xfffc) {
- DPRINTF("Error: fragment size is bigger than 0xfffc.\n");
- err = EIO;
- goto errout;
- }
-
- if (j == 0)
- pb = &dmap->d_dma->d_mcr.mcr_ipktbuf;
- else
- pb = &dmap->d_dma->d_sbuf[j - 1];
-
- pb->pb_addr = htole32(packp);
-
- if (stheend) {
- if (packl > stheend) {
- pb->pb_len = htole32(stheend);
- stheend = 0;
- } else {
- pb->pb_len = htole32(packl);
- stheend -= packl;
- }
- } else
- pb->pb_len = htole32(packl);
-
- if ((i + 1) == q->q_src_len)
- pb->pb_next = 0;
- else
- pb->pb_next = htole32(dmap->d_alloc.dma_paddr +
- offsetof(struct ubsec_dmachunk, d_sbuf[j]));
- j++;
- }
-
- if (enccrd == NULL && maccrd != NULL) {
- /* Authentication only */
- dmap->d_dma->d_mcr.mcr_opktbuf.pb_addr = 0;
- dmap->d_dma->d_mcr.mcr_opktbuf.pb_len = 0;
- dmap->d_dma->d_mcr.mcr_opktbuf.pb_next =
- htole32(dmap->d_alloc.dma_paddr +
- offsetof(struct ubsec_dmachunk, d_macbuf[0]));
-#ifdef UBSEC_DEBUG
- DPRINTF("opkt: %x %x %x\n",
- dmap->d_dma->d_mcr.mcr_opktbuf.pb_addr,
- dmap->d_dma->d_mcr.mcr_opktbuf.pb_len,
- dmap->d_dma->d_mcr.mcr_opktbuf.pb_next);
-#endif
- } else {
- if (crp->crp_flags & CRYPTO_F_IOV) {
- if (!nicealign) {
- err = EINVAL;
- goto errout;
- }
-#if 0
- if (bus_dmamap_create(sc->sc_dmat, 0xfff0,
- UBS_MAX_SCATTER, 0xfff0, 0, BUS_DMA_NOWAIT,
- &q->q_dst_map) != 0) {
- err = ENOMEM;
- goto errout;
- }
- if (bus_dmamap_load_uio(sc->sc_dmat, q->q_dst_map,
- q->q_dst_io, BUS_DMA_NOWAIT) != 0) {
- bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map);
- q->q_dst_map = NULL;
- goto errout;
- }
-#endif
-
- /* HW shall copy the result into the source memory */
- for(i = 0; i < q->q_src_len; i++)
- q->q_dst_map[i] = q->q_src_map[i];
-
- q->q_dst_len = q->q_src_len;
- q->q_has_dst = 0;
-
- } else if (crp->crp_flags & CRYPTO_F_SKBUF) {
- if (nicealign) {
-
- /* HW shall copy the result into the source memory */
- q->q_dst_m = q->q_src_m;
- for(i = 0; i < q->q_src_len; i++)
- q->q_dst_map[i] = q->q_src_map[i];
-
- q->q_dst_len = q->q_src_len;
- q->q_has_dst = 0;
-
- } else {
-#ifdef NOTYET
- int totlen, len;
- struct sk_buff *m, *top, **mp;
-
- totlen = q->q_src_map->dm_mapsize;
- if (q->q_src_m->m_flags & M_PKTHDR) {
- len = MHLEN;
- MGETHDR(m, M_DONTWAIT, MT_DATA);
- } else {
- len = MLEN;
- MGET(m, M_DONTWAIT, MT_DATA);
- }
- if (m == NULL) {
- err = ENOMEM;
- goto errout;
- }
- if (len == MHLEN)
- M_DUP_PKTHDR(m, q->q_src_m);
- if (totlen >= MINCLSIZE) {
- MCLGET(m, M_DONTWAIT);
- if (m->m_flags & M_EXT)
- len = MCLBYTES;
- }
- m->m_len = len;
- top = NULL;
- mp = ⊤
-
- while (totlen > 0) {
- if (top) {
- MGET(m, M_DONTWAIT, MT_DATA);
- if (m == NULL) {
- m_freem(top);
- err = ENOMEM;
- goto errout;
- }
- len = MLEN;
- }
- if (top && totlen >= MINCLSIZE) {
- MCLGET(m, M_DONTWAIT);
- if (m->m_flags & M_EXT)
- len = MCLBYTES;
- }
- m->m_len = len = min(totlen, len);
- totlen -= len;
- *mp = m;
- mp = &m->m_next;
- }
- q->q_dst_m = top;
- ubsec_mcopy(q->q_src_m, q->q_dst_m,
- cpskip, cpoffset);
- if (bus_dmamap_create(sc->sc_dmat, 0xfff0,
- UBS_MAX_SCATTER, 0xfff0, 0, BUS_DMA_NOWAIT,
- &q->q_dst_map) != 0) {
- err = ENOMEM;
- goto errout;
- }
- if (bus_dmamap_load_mbuf(sc->sc_dmat,
- q->q_dst_map, q->q_dst_m,
- BUS_DMA_NOWAIT) != 0) {
- bus_dmamap_destroy(sc->sc_dmat,
- q->q_dst_map);
- q->q_dst_map = NULL;
- err = ENOMEM;
- goto errout;
- }
-#else
- device_printf(sc->sc_dev,
- "%s,%d: CRYPTO_F_SKBUF unaligned not implemented\n",
- __FILE__, __LINE__);
- err = EINVAL;
- goto errout;
-#endif
- }
- } else {
- err = EINVAL;
- goto errout;
- }
-
-#ifdef UBSEC_DEBUG
- DPRINTF("dst skip: %d\n", dskip);
-#endif
- for (i = j = 0; i < q->q_dst_len; i++) {
- struct ubsec_pktbuf *pb;
- size_t packl = q->q_dst_map[i].dma_size;
- dma_addr_t packp = q->q_dst_map[i].dma_paddr;
-
- if (dskip >= packl) {
- dskip -= packl;
- continue;
- }
-
- packl -= dskip;
- packp += dskip;
- dskip = 0;
-
- if (packl > 0xfffc) {
- DPRINTF("Error: fragment size is bigger than 0xfffc.\n");
- err = EIO;
- goto errout;
- }
-
- if (j == 0)
- pb = &dmap->d_dma->d_mcr.mcr_opktbuf;
- else
- pb = &dmap->d_dma->d_dbuf[j - 1];
-
- pb->pb_addr = htole32(packp);
-
- if (dtheend) {
- if (packl > dtheend) {
- pb->pb_len = htole32(dtheend);
- dtheend = 0;
- } else {
- pb->pb_len = htole32(packl);
- dtheend -= packl;
- }
- } else
- pb->pb_len = htole32(packl);
-
- if ((i + 1) == q->q_dst_len) {
- if (maccrd)
- /* Authentication:
- * The last fragment of the output buffer
- * contains the HMAC. */
- pb->pb_next = htole32(dmap->d_alloc.dma_paddr +
- offsetof(struct ubsec_dmachunk, d_macbuf[0]));
- else
- pb->pb_next = 0;
- } else
- pb->pb_next = htole32(dmap->d_alloc.dma_paddr +
- offsetof(struct ubsec_dmachunk, d_dbuf[j]));
- j++;
- }
- }
-
- dmap->d_dma->d_mcr.mcr_cmdctxp = htole32(dmap->d_alloc.dma_paddr +
- offsetof(struct ubsec_dmachunk, d_ctx));
-
- if (sc->sc_flags & UBS_FLAGS_LONGCTX) {
- /* new Broadcom cards with dynamic long command context structure */
-
- if (enccrd != NULL &&
- enccrd->crd_alg == CRYPTO_AES_CBC)
- {
- struct ubsec_pktctx_aes128 *ctxaes128;
- struct ubsec_pktctx_aes192 *ctxaes192;
- struct ubsec_pktctx_aes256 *ctxaes256;
-
- switch(ses->ses_keysize)
- {
- /* AES 128bit */
- case 128:
- ctxaes128 = (struct ubsec_pktctx_aes128 *)
- (dmap->d_alloc.dma_vaddr +
- offsetof(struct ubsec_dmachunk, d_ctx));
-
- ctxaes128->pc_len = htole16(sizeof(struct ubsec_pktctx_aes128));
- ctxaes128->pc_type = ctx.pc_type;
- ctxaes128->pc_flags = ctx.pc_flags;
- ctxaes128->pc_offset = ctx.pc_offset;
- for (i = 0; i < 4; i++)
- ctxaes128->pc_aeskey[i] = ctx.pc_key[i];
- for (i = 0; i < 5; i++)
- ctxaes128->pc_hminner[i] = ctx.pc_hminner[i];
- for (i = 0; i < 5; i++)
- ctxaes128->pc_hmouter[i] = ctx.pc_hmouter[i];
- for (i = 0; i < 4; i++)
- ctxaes128->pc_iv[i] = ctx.pc_iv[i];
- break;
-
- /* AES 192bit */
- case 192:
- ctxaes192 = (struct ubsec_pktctx_aes192 *)
- (dmap->d_alloc.dma_vaddr +
- offsetof(struct ubsec_dmachunk, d_ctx));
-
- ctxaes192->pc_len = htole16(sizeof(struct ubsec_pktctx_aes192));
- ctxaes192->pc_type = ctx.pc_type;
- ctxaes192->pc_flags = ctx.pc_flags;
- ctxaes192->pc_offset = ctx.pc_offset;
- for (i = 0; i < 6; i++)
- ctxaes192->pc_aeskey[i] = ctx.pc_key[i];
- for (i = 0; i < 5; i++)
- ctxaes192->pc_hminner[i] = ctx.pc_hminner[i];
- for (i = 0; i < 5; i++)
- ctxaes192->pc_hmouter[i] = ctx.pc_hmouter[i];
- for (i = 0; i < 4; i++)
- ctxaes192->pc_iv[i] = ctx.pc_iv[i];
- break;
-
- /* AES 256bit */
- case 256:
- ctxaes256 = (struct ubsec_pktctx_aes256 *)
- (dmap->d_alloc.dma_vaddr +
- offsetof(struct ubsec_dmachunk, d_ctx));
-
- ctxaes256->pc_len = htole16(sizeof(struct ubsec_pktctx_aes256));
- ctxaes256->pc_type = ctx.pc_type;
- ctxaes256->pc_flags = ctx.pc_flags;
- ctxaes256->pc_offset = ctx.pc_offset;
- for (i = 0; i < 8; i++)
- ctxaes256->pc_aeskey[i] = ctx.pc_key[i];
- for (i = 0; i < 5; i++)
- ctxaes256->pc_hminner[i] = ctx.pc_hminner[i];
- for (i = 0; i < 5; i++)
- ctxaes256->pc_hmouter[i] = ctx.pc_hmouter[i];
- for (i = 0; i < 4; i++)
- ctxaes256->pc_iv[i] = ctx.pc_iv[i];
- break;
-
- }
- } else {
- /*
- * [3]DES / MD5_HMAC / SHA1_HMAC
- *
- * MD5_HMAC / SHA1_HMAC can use the IPSEC 3DES operation without
- * encryption.
- */
- struct ubsec_pktctx_des *ctxdes;
-
- ctxdes = (struct ubsec_pktctx_des *)(dmap->d_alloc.dma_vaddr +
- offsetof(struct ubsec_dmachunk, d_ctx));
-
- ctxdes->pc_len = htole16(sizeof(struct ubsec_pktctx_des));
- ctxdes->pc_type = ctx.pc_type;
- ctxdes->pc_flags = ctx.pc_flags;
- ctxdes->pc_offset = ctx.pc_offset;
- for (i = 0; i < 6; i++)
- ctxdes->pc_deskey[i] = ctx.pc_key[i];
- for (i = 0; i < 5; i++)
- ctxdes->pc_hminner[i] = ctx.pc_hminner[i];
- for (i = 0; i < 5; i++)
- ctxdes->pc_hmouter[i] = ctx.pc_hmouter[i];
- ctxdes->pc_iv[0] = ctx.pc_iv[0];
- ctxdes->pc_iv[1] = ctx.pc_iv[1];
- }
- } else
- {
- /* old Broadcom card with fixed small command context structure */
-
- /*
- * [3]DES / MD5_HMAC / SHA1_HMAC
- */
- struct ubsec_pktctx *ctxs;
-
- ctxs = (struct ubsec_pktctx *)(dmap->d_alloc.dma_vaddr +
- offsetof(struct ubsec_dmachunk, d_ctx));
-
- /* transform generic context into small context */
- for (i = 0; i < 6; i++)
- ctxs->pc_deskey[i] = ctx.pc_key[i];
- for (i = 0; i < 5; i++)
- ctxs->pc_hminner[i] = ctx.pc_hminner[i];
- for (i = 0; i < 5; i++)
- ctxs->pc_hmouter[i] = ctx.pc_hmouter[i];
- ctxs->pc_iv[0] = ctx.pc_iv[0];
- ctxs->pc_iv[1] = ctx.pc_iv[1];
- ctxs->pc_flags = ctx.pc_flags;
- ctxs->pc_offset = ctx.pc_offset;
- }
-
-#ifdef UBSEC_VERBOSE_DEBUG
- DPRINTF("spin_lock_irqsave\n");
-#endif
- spin_lock_irqsave(&sc->sc_ringmtx, flags);
- //spin_lock_irq(&sc->sc_ringmtx);
-
- BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_queue, q, q_next);
- sc->sc_nqueue++;
- ubsecstats.hst_ipackets++;
- ubsecstats.hst_ibytes += stheend;
- ubsec_feed(sc);
-
-#ifdef UBSEC_VERBOSE_DEBUG
- DPRINTF("spin_unlock_irqrestore\n");
-#endif
- spin_unlock_irqrestore(&sc->sc_ringmtx, flags);
- //spin_unlock_irq(&sc->sc_ringmtx);
-
- return (0);
-
-errout:
- if (q != NULL) {
-#ifdef NOTYET
- if ((q->q_dst_m != NULL) && (q->q_src_m != q->q_dst_m))
- m_freem(q->q_dst_m);
-#endif
-
- if ((q->q_has_dst == 1) && q->q_dst_len > 0) {
-#if 0
- bus_dmamap_unload(sc->sc_dmat, q->q_dst_map);
- bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map);
-#endif
- dma_unmap(sc, q->q_dst_map, q->q_dst_len);
- }
- if (q->q_src_len > 0) {
-#if 0
- bus_dmamap_unload(sc->sc_dmat, q->q_src_map);
- bus_dmamap_destroy(sc->sc_dmat, q->q_src_map);
-#endif
- dma_unmap(sc, q->q_src_map, q->q_src_len);
- }
-
-#ifdef UBSEC_VERBOSE_DEBUG
- DPRINTF("spin_lock_irqsave\n");
-#endif
- spin_lock_irqsave(&sc->sc_ringmtx, flags);
- //spin_lock_irq(&sc->sc_ringmtx);
-
- BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next);
-
-#ifdef UBSEC_VERBOSE_DEBUG
- DPRINTF("spin_unlock_irqrestore\n");
-#endif
- spin_unlock_irqrestore(&sc->sc_ringmtx, flags);
- //spin_unlock_irq(&sc->sc_ringmtx);
-
- }
- if (err == EINVAL)
- ubsecstats.hst_invalid++;
- else
- ubsecstats.hst_nomem++;
-errout2:
- crp->crp_etype = err;
- crypto_done(crp);
-
-#ifdef UBSEC_DEBUG
- DPRINTF("%s() err = %x\n", __FUNCTION__, err);
-#endif
-
- return (0);
-}
-
-void
-ubsec_callback(struct ubsec_softc *sc, struct ubsec_q *q)
-{
- struct cryptop *crp = (struct cryptop *)q->q_crp;
- struct cryptodesc *crd;
- struct ubsec_dma *dmap = q->q_dma;
- int ivsize = 8;
-
-#ifdef UBSEC_DEBUG
- DPRINTF("%s()\n", __FUNCTION__);
-#endif
-
- ubsecstats.hst_opackets++;
- ubsecstats.hst_obytes += dmap->d_alloc.dma_size;
-
-#if 0
- bus_dmamap_sync(sc->sc_dmat, dmap->d_alloc.dma_map, 0,
- dmap->d_alloc.dma_map->dm_mapsize,
- BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE);
- if (q->q_dst_map != NULL && q->q_dst_map != q->q_src_map) {
- bus_dmamap_sync(sc->sc_dmat, q->q_dst_map,
- 0, q->q_dst_map->dm_mapsize, BUS_DMASYNC_POSTREAD);
- bus_dmamap_unload(sc->sc_dmat, q->q_dst_map);
- bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map);
- }
- bus_dmamap_sync(sc->sc_dmat, q->q_src_map,
- 0, q->q_src_map->dm_mapsize, BUS_DMASYNC_POSTWRITE);
- bus_dmamap_unload(sc->sc_dmat, q->q_src_map);
- bus_dmamap_destroy(sc->sc_dmat, q->q_src_map);
-#endif
-
- if ((q->q_has_dst == 1) && q->q_dst_len > 0)
- dma_unmap(sc, q->q_dst_map, q->q_dst_len);
-
- dma_unmap(sc, q->q_src_map, q->q_src_len);
-
-#ifdef NOTYET
- if ((crp->crp_flags & CRYPTO_F_SKBUF) && (q->q_src_m != q->q_dst_m)) {
- m_freem(q->q_src_m);
- crp->crp_buf = (caddr_t)q->q_dst_m;
- }
-#endif
-
- /* copy out IV for future use */
- if (q->q_flags & UBSEC_QFLAGS_COPYOUTIV) {
- for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
- if (crd->crd_alg != CRYPTO_DES_CBC &&
- crd->crd_alg != CRYPTO_3DES_CBC &&
- crd->crd_alg != CRYPTO_AES_CBC)
- continue;
-
- if (crd->crd_alg == CRYPTO_AES_CBC)
- ivsize = 16;
- else
- ivsize = 8;
-
- if (crp->crp_flags & CRYPTO_F_SKBUF)
-#if 0
- m_copydata((struct sk_buff *)crp->crp_buf,
- crd->crd_skip + crd->crd_len - 8, 8,
- (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv);
-#endif
- crypto_copydata(crp->crp_flags, (caddr_t)crp->crp_buf,
- crd->crd_skip + crd->crd_len - ivsize, ivsize,
- (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv);
-
- else if (crp->crp_flags & CRYPTO_F_IOV) {
-#if 0
- cuio_copydata((struct uio *)crp->crp_buf,
- crd->crd_skip + crd->crd_len - 8, 8,
- (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv);
-#endif
- crypto_copydata(crp->crp_flags, (caddr_t)crp->crp_buf,
- crd->crd_skip + crd->crd_len - ivsize, ivsize,
- (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv);
-
- }
- break;
- }
- }
-
- for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
- if (crd->crd_alg != CRYPTO_MD5_HMAC &&
- crd->crd_alg != CRYPTO_SHA1_HMAC)
- continue;
-#if 0
- if (crp->crp_flags & CRYPTO_F_SKBUF)
- m_copyback((struct sk_buff *)crp->crp_buf,
- crd->crd_inject, 12,
- dmap->d_dma->d_macbuf);
-#endif
-#if 0
- /* BUG? it does not honor the mac len.. */
- crypto_copyback(crp->crp_flags, crp->crp_buf,
- crd->crd_inject, 12,
- (caddr_t)dmap->d_dma->d_macbuf);
-#endif
- crypto_copyback(crp->crp_flags, crp->crp_buf,
- crd->crd_inject,
- sc->sc_sessions[q->q_sesn].ses_mlen,
- (caddr_t)dmap->d_dma->d_macbuf);
-#if 0
- else if (crp->crp_flags & CRYPTO_F_IOV && crp->crp_mac)
- bcopy((caddr_t)dmap->d_dma->d_macbuf,
- crp->crp_mac, 12);
-#endif
- break;
- }
- BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next);
- crypto_done(crp);
-}
-
-void
-ubsec_mcopy(struct sk_buff *srcm, struct sk_buff *dstm, int hoffset, int toffset)
-{
- int i, j, dlen, slen;
- caddr_t dptr, sptr;
-
- j = 0;
- sptr = srcm->data;
- slen = srcm->len;
- dptr = dstm->data;
- dlen = dstm->len;
-
- while (1) {
- for (i = 0; i < min(slen, dlen); i++) {
- if (j < hoffset || j >= toffset)
- *dptr++ = *sptr++;
- slen--;
- dlen--;
- j++;
- }
- if (slen == 0) {
- srcm = srcm->next;
- if (srcm == NULL)
- return;
- sptr = srcm->data;
- slen = srcm->len;
- }
- if (dlen == 0) {
- dstm = dstm->next;
- if (dstm == NULL)
- return;
- dptr = dstm->data;
- dlen = dstm->len;
- }
- }
-}
-
-int
-ubsec_dma_malloc(struct ubsec_softc *sc, struct ubsec_dma_alloc *dma,
- size_t size, int mapflags)
-{
- dma->dma_vaddr = dma_alloc_coherent(sc->sc_dv,
- size, &dma->dma_paddr, GFP_KERNEL);
-
- if (likely(dma->dma_vaddr))
- {
- dma->dma_size = size;
- return (0);
- }
-
- DPRINTF("could not allocate %d bytes of coherent memory.\n", size);
-
- return (1);
-}
-
-void
-ubsec_dma_free(struct ubsec_softc *sc, struct ubsec_dma_alloc *dma)
-{
- dma_free_coherent(sc->sc_dv, dma->dma_size, dma->dma_vaddr,
- dma->dma_paddr);
-}
-
-/*
- * Resets the board. Values in the regesters are left as is
- * from the reset (i.e. initial values are assigned elsewhere).
- */
-void
-ubsec_reset_board(struct ubsec_softc *sc)
-{
- volatile u_int32_t ctrl;
-
-#ifdef UBSEC_DEBUG
- DPRINTF("%s()\n", __FUNCTION__);
-#endif
- DPRINTF("Send reset signal to chip.\n");
-
- ctrl = READ_REG(sc, BS_CTRL);
- ctrl |= BS_CTRL_RESET;
- WRITE_REG(sc, BS_CTRL, ctrl);
-
- /*
- * Wait aprox. 30 PCI clocks = 900 ns = 0.9 us
- */
- DELAY(10);
-}
-
-/*
- * Init Broadcom registers
- */
-void
-ubsec_init_board(struct ubsec_softc *sc)
-{
- u_int32_t ctrl;
-
-#ifdef UBSEC_DEBUG
- DPRINTF("%s()\n", __FUNCTION__);
-#endif
- DPRINTF("Initialize chip.\n");
-
- ctrl = READ_REG(sc, BS_CTRL);
- ctrl &= ~(BS_CTRL_BE32 | BS_CTRL_BE64);
- ctrl |= BS_CTRL_LITTLE_ENDIAN | BS_CTRL_MCR1INT | BS_CTRL_DMAERR;
-
- WRITE_REG(sc, BS_CTRL, ctrl);
-
- /* Set chip capabilities (BCM5365P) */
- sc->sc_flags |= UBS_FLAGS_LONGCTX | UBS_FLAGS_AES;
-}
-
-/*
- * Clean up after a chip crash.
- * It is assumed that the caller has spin_lock_irq(sc_ringmtx).
- */
-void
-ubsec_cleanchip(struct ubsec_softc *sc)
-{
- struct ubsec_q *q;
-
-#ifdef UBSEC_DEBUG
- DPRINTF("%s()\n", __FUNCTION__);
-#endif
- DPRINTF("Clean up queues after chip crash.\n");
-
- while (!BSD_SIMPLEQ_EMPTY(&sc->sc_qchip)) {
- q = BSD_SIMPLEQ_FIRST(&sc->sc_qchip);
- BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_qchip, q_next);
- ubsec_free_q(sc, q);
- }
-}
-
-/*
- * free a ubsec_q
- * It is assumed that the caller has spin_lock_irq(sc_ringmtx).
- */
-int
-ubsec_free_q(struct ubsec_softc *sc, struct ubsec_q *q)
-{
- struct ubsec_q *q2;
- struct cryptop *crp;
- int npkts;
- int i;
-
-#ifdef UBSEC_DEBUG
- DPRINTF("%s()\n", __FUNCTION__);
-#endif
-
- npkts = q->q_nstacked_mcrs;
-
- for (i = 0; i < npkts; i++) {
- if(q->q_stacked_mcr[i]) {
- q2 = q->q_stacked_mcr[i];
-
- if ((q2->q_dst_m != NULL) && (q2->q_src_m != q2->q_dst_m))
-#ifdef NOTYET
- m_freem(q2->q_dst_m);
-#else
- printk(KERN_ERR "%s,%d: SKB not supported\n", __FILE__, __LINE__);
-#endif
-
- crp = (struct cryptop *)q2->q_crp;
-
- BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q2, q_next);
-
- crp->crp_etype = EFAULT;
- crypto_done(crp);
- } else {
- break;
- }
- }
-
- /*
- * Free header MCR
- */
- if ((q->q_dst_m != NULL) && (q->q_src_m != q->q_dst_m))
-#ifdef NOTYET
- m_freem(q->q_dst_m);
-#else
- printk(KERN_ERR "%s,%d: SKB not supported\n", __FILE__, __LINE__);
-#endif
-
- crp = (struct cryptop *)q->q_crp;
-
- BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next);
-
- crp->crp_etype = EFAULT;
- crypto_done(crp);
- return(0);
-}
-
-/*
- * Routine to reset the chip and clean up.
- * It is assumed that the caller has spin_lock_irq(sc_ringmtx).
- */
-void
-ubsec_totalreset(struct ubsec_softc *sc)
-{
-
-#ifdef UBSEC_DEBUG
- DPRINTF("%s()\n", __FUNCTION__);
-#endif
- DPRINTF("initiate total chip reset.. \n");
- ubsec_reset_board(sc);
- ubsec_init_board(sc);
- ubsec_cleanchip(sc);
-}
-
-void
-ubsec_dump_pb(struct ubsec_pktbuf *pb)
-{
- printf("addr 0x%x (0x%x) next 0x%x\n",
- pb->pb_addr, pb->pb_len, pb->pb_next);
-}
-
-void
-ubsec_dump_mcr(struct ubsec_mcr *mcr)
-{
- struct ubsec_mcr_add *ma;
- int i;
-
- printf("MCR:\n");
- printf(" pkts: %u, flags 0x%x\n",
- letoh16(mcr->mcr_pkts), letoh16(mcr->mcr_flags));
- ma = (struct ubsec_mcr_add *)&mcr->mcr_cmdctxp;
- for (i = 0; i < letoh16(mcr->mcr_pkts); i++) {
- printf(" %d: ctx 0x%x len 0x%x rsvd 0x%x\n", i,
- letoh32(ma->mcr_cmdctxp), letoh16(ma->mcr_pktlen),
- letoh16(ma->mcr_reserved));
- printf(" %d: ipkt ", i);
- ubsec_dump_pb(&ma->mcr_ipktbuf);
- printf(" %d: opkt ", i);
- ubsec_dump_pb(&ma->mcr_opktbuf);
- ma++;
- }
- printf("END MCR\n");
-}
-
-static int __init mod_init(void) {
- return ssb_driver_register(&ubsec_ssb_driver);
-}
-
-static void __exit mod_exit(void) {
- ssb_driver_unregister(&ubsec_ssb_driver);
-}
-
-module_init(mod_init);
-module_exit(mod_exit);
-
-// Meta information
-MODULE_AUTHOR("Daniel Mueller <daniel@danm.de>");
-MODULE_LICENSE("BSD");
-MODULE_DESCRIPTION("OCF driver for BCM5365P IPSec Core");
-MODULE_VERSION(DRV_MODULE_VERSION);
-
+++ /dev/null
-
-/*
- * Copyright (c) 2008 Daniel Mueller (daniel@danm.de)
- * Copyright (c) 2000 Theo de Raadt
- * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com)
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * Effort sponsored in part by the Defense Advanced Research Projects
- * Agency (DARPA) and Air Force Research Laboratory, Air Force
- * Materiel Command, USAF, under agreement number F30602-01-2-0537.
- *
- */
-
-/*
- * Register definitions for 5601 BlueSteel Networks Ubiquitous Broadband
- * Security "uBSec" chip. Definitions from revision 2.8 of the product
- * datasheet.
- */
-
-#define BS_BAR 0x10 /* DMA base address register */
-#define BS_TRDY_TIMEOUT 0x40 /* TRDY timeout */
-#define BS_RETRY_TIMEOUT 0x41 /* DMA retry timeout */
-
-#define UBS_PCI_RTY_SHIFT 8
-#define UBS_PCI_RTY_MASK 0xff
-#define UBS_PCI_RTY(misc) \
- (((misc) >> UBS_PCI_RTY_SHIFT) & UBS_PCI_RTY_MASK)
-
-#define UBS_PCI_TOUT_SHIFT 0
-#define UBS_PCI_TOUT_MASK 0xff
-#define UBS_PCI_TOUT(misc) \
- (((misc) >> PCI_TOUT_SHIFT) & PCI_TOUT_MASK)
-
-/*
- * DMA Control & Status Registers (offset from BS_BAR)
- */
-#define BS_MCR1 0x20 /* DMA Master Command Record 1 */
-#define BS_CTRL 0x24 /* DMA Control */
-#define BS_STAT 0x28 /* DMA Status */
-#define BS_ERR 0x2c /* DMA Error Address */
-#define BS_DEV_ID 0x34 /* IPSec Device ID */
-
-/* BS_CTRL - DMA Control */
-#define BS_CTRL_RESET 0x80000000 /* hardware reset, 5805/5820 */
-#define BS_CTRL_MCR2INT 0x40000000 /* enable intr MCR for MCR2 */
-#define BS_CTRL_MCR1INT 0x20000000 /* enable intr MCR for MCR1 */
-#define BS_CTRL_OFM 0x10000000 /* Output fragment mode */
-#define BS_CTRL_BE32 0x08000000 /* big-endian, 32bit bytes */
-#define BS_CTRL_BE64 0x04000000 /* big-endian, 64bit bytes */
-#define BS_CTRL_DMAERR 0x02000000 /* enable intr DMA error */
-#define BS_CTRL_RNG_M 0x01800000 /* RNG mode */
-#define BS_CTRL_RNG_1 0x00000000 /* 1bit rn/one slow clock */
-#define BS_CTRL_RNG_4 0x00800000 /* 1bit rn/four slow clocks */
-#define BS_CTRL_RNG_8 0x01000000 /* 1bit rn/eight slow clocks */
-#define BS_CTRL_RNG_16 0x01800000 /* 1bit rn/16 slow clocks */
-#define BS_CTRL_SWNORM 0x00400000 /* 582[01], sw normalization */
-#define BS_CTRL_FRAG_M 0x0000ffff /* output fragment size mask */
-#define BS_CTRL_LITTLE_ENDIAN (BS_CTRL_BE32 | BS_CTRL_BE64)
-
-/* BS_STAT - DMA Status */
-#define BS_STAT_MCR1_BUSY 0x80000000 /* MCR1 is busy */
-#define BS_STAT_MCR1_FULL 0x40000000 /* MCR1 is full */
-#define BS_STAT_MCR1_DONE 0x20000000 /* MCR1 is done */
-#define BS_STAT_DMAERR 0x10000000 /* DMA error */
-#define BS_STAT_MCR2_FULL 0x08000000 /* MCR2 is full */
-#define BS_STAT_MCR2_DONE 0x04000000 /* MCR2 is done */
-#define BS_STAT_MCR1_ALLEMPTY 0x02000000 /* 5821, MCR1 is empty */
-#define BS_STAT_MCR2_ALLEMPTY 0x01000000 /* 5821, MCR2 is empty */
-
-/* BS_ERR - DMA Error Address */
-#define BS_ERR_ADDR 0xfffffffc /* error address mask */
-#define BS_ERR_READ 0x00000002 /* fault was on read */
-
-struct ubsec_pktctx {
- u_int32_t pc_deskey[6]; /* 3DES key */
- u_int32_t pc_hminner[5]; /* hmac inner state */
- u_int32_t pc_hmouter[5]; /* hmac outer state */
- u_int32_t pc_iv[2]; /* [3]DES iv */
- u_int16_t pc_flags; /* flags, below */
- u_int16_t pc_offset; /* crypto offset */
-} __attribute__ ((packed));
-
-#define UBS_PKTCTX_ENC_3DES 0x8000 /* use 3des */
-#define UBS_PKTCTX_ENC_AES 0x8000 /* use aes */
-#define UBS_PKTCTX_ENC_NONE 0x0000 /* no encryption */
-#define UBS_PKTCTX_INBOUND 0x4000 /* inbound packet */
-#define UBS_PKTCTX_AUTH 0x3000 /* authentication mask */
-#define UBS_PKTCTX_AUTH_NONE 0x0000 /* no authentication */
-#define UBS_PKTCTX_AUTH_MD5 0x1000 /* use hmac-md5 */
-#define UBS_PKTCTX_AUTH_SHA1 0x2000 /* use hmac-sha1 */
-#define UBS_PKTCTX_AES128 0x0 /* AES 128bit keys */
-#define UBS_PKTCTX_AES192 0x100 /* AES 192bit keys */
-#define UBS_PKTCTX_AES256 0x200 /* AES 256bit keys */
-
-struct ubsec_pktctx_des {
- volatile u_int16_t pc_len; /* length of ctx struct */
- volatile u_int16_t pc_type; /* context type */
- volatile u_int16_t pc_flags; /* flags, same as above */
- volatile u_int16_t pc_offset; /* crypto/auth offset */
- volatile u_int32_t pc_deskey[6]; /* 3DES key */
- volatile u_int32_t pc_iv[2]; /* [3]DES iv */
- volatile u_int32_t pc_hminner[5]; /* hmac inner state */
- volatile u_int32_t pc_hmouter[5]; /* hmac outer state */
-} __attribute__ ((packed));
-
-struct ubsec_pktctx_aes128 {
- volatile u_int16_t pc_len; /* length of ctx struct */
- volatile u_int16_t pc_type; /* context type */
- volatile u_int16_t pc_flags; /* flags, same as above */
- volatile u_int16_t pc_offset; /* crypto/auth offset */
- volatile u_int32_t pc_aeskey[4]; /* AES 128bit key */
- volatile u_int32_t pc_iv[4]; /* AES iv */
- volatile u_int32_t pc_hminner[5]; /* hmac inner state */
- volatile u_int32_t pc_hmouter[5]; /* hmac outer state */
-} __attribute__ ((packed));
-
-struct ubsec_pktctx_aes192 {
- volatile u_int16_t pc_len; /* length of ctx struct */
- volatile u_int16_t pc_type; /* context type */
- volatile u_int16_t pc_flags; /* flags, same as above */
- volatile u_int16_t pc_offset; /* crypto/auth offset */
- volatile u_int32_t pc_aeskey[6]; /* AES 192bit key */
- volatile u_int32_t pc_iv[4]; /* AES iv */
- volatile u_int32_t pc_hminner[5]; /* hmac inner state */
- volatile u_int32_t pc_hmouter[5]; /* hmac outer state */
-} __attribute__ ((packed));
-
-struct ubsec_pktctx_aes256 {
- volatile u_int16_t pc_len; /* length of ctx struct */
- volatile u_int16_t pc_type; /* context type */
- volatile u_int16_t pc_flags; /* flags, same as above */
- volatile u_int16_t pc_offset; /* crypto/auth offset */
- volatile u_int32_t pc_aeskey[8]; /* AES 256bit key */
- volatile u_int32_t pc_iv[4]; /* AES iv */
- volatile u_int32_t pc_hminner[5]; /* hmac inner state */
- volatile u_int32_t pc_hmouter[5]; /* hmac outer state */
-} __attribute__ ((packed));
-
-#define UBS_PKTCTX_TYPE_IPSEC_DES 0x0000
-#define UBS_PKTCTX_TYPE_IPSEC_AES 0x0040
-
-struct ubsec_pktbuf {
- volatile u_int32_t pb_addr; /* address of buffer start */
- volatile u_int32_t pb_next; /* pointer to next pktbuf */
- volatile u_int32_t pb_len; /* packet length */
-} __attribute__ ((packed));
-#define UBS_PKTBUF_LEN 0x0000ffff /* length mask */
-
-struct ubsec_mcr {
- volatile u_int16_t mcr_pkts; /* #pkts in this mcr */
- volatile u_int16_t mcr_flags; /* mcr flags (below) */
- volatile u_int32_t mcr_cmdctxp; /* command ctx pointer */
- struct ubsec_pktbuf mcr_ipktbuf; /* input chain header */
- volatile u_int16_t mcr_reserved;
- volatile u_int16_t mcr_pktlen;
- struct ubsec_pktbuf mcr_opktbuf; /* output chain header */
-} __attribute__ ((packed));
-
-struct ubsec_mcr_add {
- volatile u_int32_t mcr_cmdctxp; /* command ctx pointer */
- struct ubsec_pktbuf mcr_ipktbuf; /* input chain header */
- volatile u_int16_t mcr_reserved;
- volatile u_int16_t mcr_pktlen;
- struct ubsec_pktbuf mcr_opktbuf; /* output chain header */
-} __attribute__ ((packed));
-
-#define UBS_MCR_DONE 0x0001 /* mcr has been processed */
-#define UBS_MCR_ERROR 0x0002 /* error in processing */
-#define UBS_MCR_ERRORCODE 0xff00 /* error type */
-
-struct ubsec_ctx_keyop {
- volatile u_int16_t ctx_len; /* command length */
- volatile u_int16_t ctx_op; /* operation code */
- volatile u_int8_t ctx_pad[60]; /* padding */
-} __attribute__ ((packed));
-#define UBS_CTXOP_DHPKGEN 0x01 /* dh public key generation */
-#define UBS_CTXOP_DHSSGEN 0x02 /* dh shared secret gen. */
-#define UBS_CTXOP_RSAPUB 0x03 /* rsa public key op */
-#define UBS_CTXOP_RSAPRIV 0x04 /* rsa private key op */
-#define UBS_CTXOP_DSASIGN 0x05 /* dsa signing op */
-#define UBS_CTXOP_DSAVRFY 0x06 /* dsa verification */
-#define UBS_CTXOP_RNGBYPASS 0x41 /* rng direct test mode */
-#define UBS_CTXOP_RNGSHA1 0x42 /* rng sha1 test mode */
-#define UBS_CTXOP_MODADD 0x43 /* modular addition */
-#define UBS_CTXOP_MODSUB 0x44 /* modular subtraction */
-#define UBS_CTXOP_MODMUL 0x45 /* modular multiplication */
-#define UBS_CTXOP_MODRED 0x46 /* modular reduction */
-#define UBS_CTXOP_MODEXP 0x47 /* modular exponentiation */
-#define UBS_CTXOP_MODINV 0x48 /* modular inverse */
-
-struct ubsec_ctx_rngbypass {
- volatile u_int16_t rbp_len; /* command length, 64 */
- volatile u_int16_t rbp_op; /* rng bypass, 0x41 */
- volatile u_int8_t rbp_pad[60]; /* padding */
-} __attribute__ ((packed));
-
-/* modexp: C = (M ^ E) mod N */
-struct ubsec_ctx_modexp {
- volatile u_int16_t me_len; /* command length */
- volatile u_int16_t me_op; /* modexp, 0x47 */
- volatile u_int16_t me_E_len; /* E (bits) */
- volatile u_int16_t me_N_len; /* N (bits) */
- u_int8_t me_N[2048/8]; /* N */
-} __attribute__ ((packed));
-
-struct ubsec_ctx_rsapriv {
- volatile u_int16_t rpr_len; /* command length */
- volatile u_int16_t rpr_op; /* rsaprivate, 0x04 */
- volatile u_int16_t rpr_q_len; /* q (bits) */
- volatile u_int16_t rpr_p_len; /* p (bits) */
- u_int8_t rpr_buf[5 * 1024 / 8]; /* parameters: */
- /* p, q, dp, dq, pinv */
-} __attribute__ ((packed));
+++ /dev/null
-
-/*
- * Copyright (c) 2008 Daniel Mueller (daniel@danm.de)
- * Copyright (c) 2000 Theo de Raadt
- * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com)
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * Effort sponsored in part by the Defense Advanced Research Projects
- * Agency (DARPA) and Air Force Research Laboratory, Air Force
- * Materiel Command, USAF, under agreement number F30602-01-2-0537.
- *
- */
-
-/* Maximum queue length */
-#ifndef UBS_MAX_NQUEUE
-#define UBS_MAX_NQUEUE 60
-#endif
-
-#define UBS_MAX_SCATTER 64 /* Maximum scatter/gather depth */
-
-#ifndef UBS_MAX_AGGR
-#define UBS_MAX_AGGR 5 /* Maximum aggregation count */
-#endif
-
-#define UBSEC_CARD(sid) (((sid) & 0xf0000000) >> 28)
-#define UBSEC_SESSION(sid) ( (sid) & 0x0fffffff)
-#define UBSEC_SID(crd, sesn) (((crd) << 28) | ((sesn) & 0x0fffffff))
-
-#define UBS_DEF_RTY 0xff /* PCI Retry Timeout */
-#define UBS_DEF_TOUT 0xff /* PCI TRDY Timeout */
-#define UBS_DEF_CACHELINE 0x01 /* Cache Line setting */
-
-#define DEFAULT_HMAC_LEN 12
-
-struct ubsec_dma_alloc {
- dma_addr_t dma_paddr;
- void *dma_vaddr;
- /*
- bus_dmamap_t dma_map;
- bus_dma_segment_t dma_seg;
- */
- size_t dma_size;
- /*
- int dma_nseg;
- */
-};
-
-struct ubsec_q2 {
- BSD_SIMPLEQ_ENTRY(ubsec_q2) q_next;
- struct ubsec_dma_alloc q_mcr;
- struct ubsec_dma_alloc q_ctx;
- u_int q_type;
-};
-
-struct ubsec_q2_rng {
- struct ubsec_q2 rng_q;
- struct ubsec_dma_alloc rng_buf;
- int rng_used;
-};
-
-/* C = (M ^ E) mod N */
-#define UBS_MODEXP_PAR_M 0
-#define UBS_MODEXP_PAR_E 1
-#define UBS_MODEXP_PAR_N 2
-struct ubsec_q2_modexp {
- struct ubsec_q2 me_q;
- struct cryptkop * me_krp;
- struct ubsec_dma_alloc me_M;
- struct ubsec_dma_alloc me_E;
- struct ubsec_dma_alloc me_C;
- struct ubsec_dma_alloc me_epb;
- int me_modbits;
- int me_shiftbits;
- int me_normbits;
-};
-
-#define UBS_RSAPRIV_PAR_P 0
-#define UBS_RSAPRIV_PAR_Q 1
-#define UBS_RSAPRIV_PAR_DP 2
-#define UBS_RSAPRIV_PAR_DQ 3
-#define UBS_RSAPRIV_PAR_PINV 4
-#define UBS_RSAPRIV_PAR_MSGIN 5
-#define UBS_RSAPRIV_PAR_MSGOUT 6
-struct ubsec_q2_rsapriv {
- struct ubsec_q2 rpr_q;
- struct cryptkop * rpr_krp;
- struct ubsec_dma_alloc rpr_msgin;
- struct ubsec_dma_alloc rpr_msgout;
-};
-
-#define UBSEC_RNG_BUFSIZ 16 /* measured in 32bit words */
-
-struct ubsec_dmachunk {
- struct ubsec_mcr d_mcr;
- struct ubsec_mcr_add d_mcradd[UBS_MAX_AGGR-1];
- struct ubsec_pktbuf d_sbuf[UBS_MAX_SCATTER-1];
- struct ubsec_pktbuf d_dbuf[UBS_MAX_SCATTER-1];
- u_int32_t d_macbuf[5];
- union {
- struct ubsec_pktctx_aes256 ctxaes256;
- struct ubsec_pktctx_aes192 ctxaes192;
- struct ubsec_pktctx_des ctxdes;
- struct ubsec_pktctx_aes128 ctxaes128;
- struct ubsec_pktctx ctx;
- } d_ctx;
-};
-
-struct ubsec_dma {
- BSD_SIMPLEQ_ENTRY(ubsec_dma) d_next;
- struct ubsec_dmachunk *d_dma;
- struct ubsec_dma_alloc d_alloc;
-};
-
-#define UBS_FLAGS_KEY 0x01 /* has key accelerator */
-#define UBS_FLAGS_LONGCTX 0x02 /* uses long ipsec ctx */
-#define UBS_FLAGS_BIGKEY 0x04 /* 2048bit keys */
-#define UBS_FLAGS_HWNORM 0x08 /* hardware normalization */
-#define UBS_FLAGS_RNG 0x10 /* hardware rng */
-#define UBS_FLAGS_AES 0x20 /* hardware AES support */
-
-struct ubsec_q {
- BSD_SIMPLEQ_ENTRY(ubsec_q) q_next;
- int q_nstacked_mcrs;
- struct ubsec_q *q_stacked_mcr[UBS_MAX_AGGR-1];
- struct cryptop *q_crp;
- struct ubsec_dma *q_dma;
-
- //struct mbuf *q_src_m, *q_dst_m;
- struct sk_buff *q_src_m, *q_dst_m;
- struct uio *q_src_io, *q_dst_io;
-
- /*
- bus_dmamap_t q_src_map;
- bus_dmamap_t q_dst_map;
- */
-
- /* DMA addresses for In-/Out packages */
- int q_src_len;
- int q_dst_len;
- struct ubsec_dma_alloc q_src_map[UBS_MAX_SCATTER];
- struct ubsec_dma_alloc q_dst_map[UBS_MAX_SCATTER];
- int q_has_dst;
-
- int q_sesn;
- int q_flags;
-};
-
-struct ubsec_softc {
- softc_device_decl sc_dev;
- struct ssb_device *sdev; /* device backpointer */
-
- struct device *sc_dv; /* generic device */
- void *sc_ih; /* interrupt handler cookie */
- int sc_flags; /* device specific flags */
- u_int32_t sc_statmask; /* interrupt status mask */
- int32_t sc_cid; /* crypto tag */
- BSD_SIMPLEQ_HEAD(,ubsec_q) sc_queue; /* packet queue, mcr1 */
- int sc_nqueue; /* count enqueued, mcr1 */
- BSD_SIMPLEQ_HEAD(,ubsec_q) sc_qchip; /* on chip, mcr1 */
- BSD_SIMPLEQ_HEAD(,ubsec_q) sc_freequeue; /* list of free queue elements */
- BSD_SIMPLEQ_HEAD(,ubsec_q2) sc_queue2; /* packet queue, mcr2 */
- int sc_nqueue2; /* count enqueued, mcr2 */
- BSD_SIMPLEQ_HEAD(,ubsec_q2) sc_qchip2; /* on chip, mcr2 */
- int sc_nsessions; /* # of sessions */
- struct ubsec_session *sc_sessions; /* sessions */
- int sc_rnghz; /* rng poll time */
- struct ubsec_q2_rng sc_rng;
- struct ubsec_dma sc_dmaa[UBS_MAX_NQUEUE];
- struct ubsec_q *sc_queuea[UBS_MAX_NQUEUE];
- BSD_SIMPLEQ_HEAD(,ubsec_q2) sc_q2free; /* free list */
- spinlock_t sc_ringmtx; /* PE ring lock */
-};
-
-#define UBSEC_QFLAGS_COPYOUTIV 0x1
-
-struct ubsec_session {
- u_int32_t ses_used;
- u_int32_t ses_key[8]; /* 3DES/AES key */
- u_int32_t ses_hminner[5]; /* hmac inner state */
- u_int32_t ses_hmouter[5]; /* hmac outer state */
- u_int32_t ses_iv[4]; /* [3]DES/AES iv */
- u_int32_t ses_keysize; /* AES key size */
- u_int32_t ses_mlen; /* hmac/hash length */
-};
-
-struct ubsec_stats {
- u_int64_t hst_ibytes;
- u_int64_t hst_obytes;
- u_int32_t hst_ipackets;
- u_int32_t hst_opackets;
- u_int32_t hst_invalid;
- u_int32_t hst_nomem;
- u_int32_t hst_queuefull;
- u_int32_t hst_dmaerr;
- u_int32_t hst_mcrerr;
- u_int32_t hst_nodmafree;
-};
-
-struct ubsec_generic_ctx {
- u_int32_t pc_key[8]; /* [3]DES/AES key */
- u_int32_t pc_hminner[5]; /* hmac inner state */
- u_int32_t pc_hmouter[5]; /* hmac outer state */
- u_int32_t pc_iv[4]; /* [3]DES/AES iv */
- u_int16_t pc_flags; /* flags, below */
- u_int16_t pc_offset; /* crypto offset */
- u_int16_t pc_type; /* Cryptographic operation */
-};
-
+++ /dev/null
-#ifndef _OCF_UIO_H_
-#define _OCF_UIO_H_
-
-#include <linux/uio.h>
-
-/*
- * The linux uio.h doesn't have all we need. To be fully api compatible
- * with the BSD cryptodev, we need to keep this around. Perhaps this can
- * be moved back into the linux/uio.h
- *
- * Linux port done by David McCullough <david_mccullough@securecomputing.com>
- * Copyright (C) 2006-2007 David McCullough
- * Copyright (C) 2004-2005 Intel Corporation.
- *
- * LICENSE TERMS
- *
- * The free distribution and use of this software in both source and binary
- * form is allowed (with or without changes) provided that:
- *
- * 1. distributions of this source code include the above copyright
- * notice, this list of conditions and the following disclaimer;
- *
- * 2. distributions in binary form include the above copyright
- * notice, this list of conditions and the following disclaimer
- * in the documentation and/or other associated materials;
- *
- * 3. the copyright holder's name is not used to endorse products
- * built using this software without specific written permission.
- *
- * ALTERNATIVELY, provided that this notice is retained in full, this product
- * may be distributed under the terms of the GNU General Public License (GPL),
- * in which case the provisions of the GPL apply INSTEAD OF those given above.
- *
- * DISCLAIMER
- *
- * This software is provided 'as is' with no explicit or implied warranties
- * in respect of its properties, including, but not limited to, correctness
- * and/or fitness for purpose.
- * ---------------------------------------------------------------------------
- */
-
-struct uio {
- struct iovec *uio_iov;
- int uio_iovcnt;
- off_t uio_offset;
- int uio_resid;
-#if 0
- enum uio_seg uio_segflg;
- enum uio_rw uio_rw;
- struct thread *uio_td;
-#endif
-};
-
-#endif
# CONFIG_OCF_OCFNULL is not set
# CONFIG_OCF_SAFE is not set
# CONFIG_OCF_TALITOS is not set
+# CONFIG_OCF_UBSEC_SSB is not set
# CONFIG_OMFS_FS is not set
# CONFIG_OSF_PARTITION is not set
# CONFIG_P54_COMMON is not set
# CONFIG_OCF_OCFNULL is not set
# CONFIG_OCF_SAFE is not set
# CONFIG_OCF_TALITOS is not set
+# CONFIG_OCF_UBSEC_SSB is not set
# CONFIG_OMFS_FS is not set
# CONFIG_OPROFILE is not set
# CONFIG_OSF_PARTITION is not set
# CONFIG_OCF_OCFNULL is not set
# CONFIG_OCF_SAFE is not set
# CONFIG_OCF_TALITOS is not set
+# CONFIG_OCF_UBSEC_SSB is not set
# CONFIG_OMFS_FS is not set
# CONFIG_ORION_WATCHDOG is not set
# CONFIG_OSF_PARTITION is not set
# CONFIG_OCF_OCFNULL is not set
# CONFIG_OCF_SAFE is not set
# CONFIG_OCF_TALITOS is not set
+# CONFIG_OCF_UBSEC_SSB is not set
# CONFIG_OC_ETM is not set
# CONFIG_OMFS_FS is not set
# CONFIG_ORION_WATCHDOG is not set
# CONFIG_OCF_OCFNULL is not set
# CONFIG_OCF_SAFE is not set
# CONFIG_OCF_TALITOS is not set
+# CONFIG_OCF_UBSEC_SSB is not set
# CONFIG_OC_ETM is not set
# CONFIG_OMFS_FS is not set
# CONFIG_ORION_WATCHDOG is not set
# CONFIG_OCF_OCFNULL is not set
# CONFIG_OCF_SAFE is not set
# CONFIG_OCF_TALITOS is not set
+# CONFIG_OCF_UBSEC_SSB is not set
# CONFIG_OC_ETM is not set
# CONFIG_OMFS_FS is not set
# CONFIG_ORION_WATCHDOG is not set
# CONFIG_OCF_OCFNULL is not set
# CONFIG_OCF_SAFE is not set
# CONFIG_OCF_TALITOS is not set
+# CONFIG_OCF_UBSEC_SSB is not set
# CONFIG_OC_ETM is not set
# CONFIG_OMFS_FS is not set
# CONFIG_ORION_WATCHDOG is not set
# CONFIG_OCF_OCFNULL is not set
# CONFIG_OCF_SAFE is not set
# CONFIG_OCF_TALITOS is not set
+# CONFIG_OCF_UBSEC_SSB is not set
# CONFIG_OC_ETM is not set
# CONFIG_OMFS_FS is not set
# CONFIG_ORION_WATCHDOG is not set
CONFIG_OCF_EP80579 $CONFIG_OCF_OCF
dep_tristate ' Micronas c7108 (HW crypto engine)' \
CONFIG_OCF_C7108 $CONFIG_OCF_OCF
+dep_tristate ' uBsec BCM5365 (HW crypto engine)'
+ CONFIG_OCF_UBSEC_SSB $CONFIG_OCF_OCF
dep_tristate ' ocfnull (does no crypto)' \
CONFIG_OCF_OCFNULL $CONFIG_OCF_OCF
dep_tristate ' ocf-bench (HW crypto in-kernel benchmark)' \
help
OCF driver for the Microna 7108 Cipher processors.
+config OCF_UBSEC_SSB
+ tristate "uBsec BCM5365 (HW crypto engine)"
+ depends on OCF_OCF
+ help
+ OCF driver for uBsec BCM5365 hardware crypto accelerator.
+
config OCF_OCFNULL
tristate "ocfnull (fake crypto engine)"
depends on OCF_OCF
$(_obj)-$(CONFIG_OCF_KIRKWOOD) += kirkwood$(_slash)
$(_obj)-$(CONFIG_OCF_OCFNULL) += ocfnull$(_slash)
$(_obj)-$(CONFIG_OCF_C7108) += c7108$(_slash)
+$(_obj)-$(CONFIG_OCF_UBSEC_SSB) += ubsec_ssb$(_slash)
ocf-objs := $(OCF_OBJS)
+dummy:
+ @echo "Please consult the README for how to build OCF."
+ @echo "If you can't wait then the following should do it:"
+ @echo ""
+ @echo " make ocf_modules"
+ @echo " sudo make ocf_install"
+ @echo ""
+ @exit 1
+
$(list-multi) dummy1: $(ocf-objs)
$(LD) -r -o $@ $(ocf-objs)
clean:
rm -f *.o *.ko .*.o.flags .*.ko.cmd .*.o.cmd .*.mod.o.cmd *.mod.c
rm -f */*.o */*.ko */.*.o.cmd */.*.ko.cmd */.*.mod.o.cmd */*.mod.c */.*.o.flags
+ rm -f */modules.order */modules.builtin modules.order modules.builtin
ifdef TOPDIR
-include $(TOPDIR)/Rules.make
endif
#
-# release gen targets
+# targets to build easily on the current machine
+#
+
+ocf_make:
+ make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m
+ make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_CRYPTOSOFT=m
+ -make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_BENCH=m
+ -make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_OCFNULL=m
+ -make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_HIFN=m
+
+ocf_modules:
+ $(MAKE) ocf_make OCF_TARGET=modules
+
+ocf_install:
+ $(MAKE) ocf_make OCF_TARGET="modules modules_install"
+ depmod
+ mkdir -p /usr/include/crypto
+ cp cryptodev.h /usr/include/crypto/.
+
+#
+# generate full kernel patches for 2.4 and 2.6 kernels to make patching
+# your kernel easier
#
.PHONY: patch
patch:
- REL=`date +%Y%m%d`; \
- patch=ocf-linux-$$REL.patch; \
- patch24=ocf-linux-24-$$REL.patch; \
- patch26=ocf-linux-26-$$REL.patch; \
+ patchbase=.; \
+ [ -d $$patchbase/patches ] || patchbase=..; \
+ patch=ocf-linux-base.patch; \
+ patch24=ocf-linux-24.patch; \
+ patch26=ocf-linux-26.patch; \
( \
find . -name Makefile; \
find . -name Config.in; \
) | while read t; do \
diff -Nau /dev/null $$t | sed 's?^+++ \./?+++ linux/crypto/ocf/?'; \
done > $$patch; \
- cat patches/linux-2.4.35-ocf.patch $$patch > $$patch24; \
- cat patches/linux-2.6.33-ocf.patch $$patch > $$patch26
+ cat $$patchbase/patches/linux-2.4.35-ocf.patch $$patch > $$patch24; \
+ cat $$patchbase/patches/linux-2.6.38-ocf.patch $$patch > $$patch26; \
+
+#
+# this target probably does nothing for anyone but me - davidm
+#
-.PHONY: tarball
-tarball:
+.PHONY: release
+release:
REL=`date +%Y%m%d`; RELDIR=/tmp/ocf-linux-$$REL; \
CURDIR=`pwd`; \
rm -rf /tmp/ocf-linux-$$REL*; \
- mkdir -p $$RELDIR/tools; \
- cp README* $$RELDIR; \
- cp patches/openss*.patch $$RELDIR; \
- cp patches/crypto-tools.patch $$RELDIR; \
- cp tools/[!C]* $$RELDIR/tools; \
- cd ..; \
- tar cvf $$RELDIR/ocf-linux.tar \
- --exclude=CVS \
- --exclude=.* \
- --exclude=*.o \
- --exclude=*.ko \
- --exclude=*.mod.* \
- --exclude=README* \
- --exclude=ocf-*.patch \
- --exclude=ocf/patches/openss*.patch \
- --exclude=ocf/patches/crypto-tools.patch \
- --exclude=ocf/tools \
- ocf; \
- gzip -9 $$RELDIR/ocf-linux.tar; \
- cd /tmp; \
+ mkdir -p $$RELDIR/ocf; \
+ mkdir -p $$RELDIR/patches; \
+ mkdir -p $$RELDIR/crypto-tools; \
+ cp README* $$RELDIR/.; \
+ cp patches/[!C]* $$RELDIR/patches/.; \
+ cp tools/[!C]* $$RELDIR/crypto-tools/.; \
+ cp -r [!C]* Config.in $$RELDIR/ocf/.; \
+ rm -rf $$RELDIR/ocf/patches $$RELDIR/ocf/tools; \
+ rm -f $$RELDIR/ocf/README*; \
+ cp $$CURDIR/../../user/crypto-tools/[!C]* $$RELDIR/crypto-tools/.; \
+ make -C $$RELDIR/crypto-tools clean; \
+ make -C $$RELDIR/ocf clean; \
+ find $$RELDIR/ocf -name CVS | xargs rm -rf; \
+ cd $$RELDIR/..; \
tar cvf ocf-linux-$$REL.tar ocf-linux-$$REL; \
- gzip -9 ocf-linux-$$REL.tar; \
- cd $$CURDIR/../../user; \
- rm -rf /tmp/crypto-tools-$$REL*; \
- tar cvf /tmp/crypto-tools-$$REL.tar \
- --exclude=CVS \
- --exclude=.* \
- --exclude=*.o \
- --exclude=cryptotest \
- --exclude=cryptokeytest \
- crypto-tools; \
- gzip -9 /tmp/crypto-tools-$$REL.tar
+ gzip -9 ocf-linux-$$REL.tar
-README - ocf-linux-20100325
----------------------------
+###########################
+README - ocf-linux-20100530
+###########################
This README provides instructions for getting ocf-linux compiled and
-operating in a generic linux environment. For other information you
-might like to visit the home page for this project:
+operating in a generic linux environment. Other information on the project
+can be found at the home page:
http://ocf-linux.sourceforge.net/
-Adding OCF to linux
--------------------
+Embedded systems and applications requiring userspace acceleration will need
+to patch the kernel source to get full OCF support. See "Adding OCF to
+linux source" below. Otherwise the "OCF Quickstart" that follows is the
+easiest way to get started.
- Not much in this file for now, just some notes. I usually build
- the ocf support as modules but it can be built into the kernel as
- well. To use it:
+If your goal is to accelerate Openswan on Ubuntu or CentOS, you may find
+that the required binaries are already available on openswan.org:
- * mknod /dev/crypto c 10 70
+ ftp://ftp.openswan.org/ocf/
+ ftp://ftp.openswan.org/openswan/binaries/ubuntu/
- * to add OCF to your kernel source, you have two options. Apply
- the kernel specific patch:
+#####################################################
+OCF Quickstart for Ubuntu/Others (including Openswan)
+#####################################################
- cd linux-2.4*; gunzip < ocf-linux-24-XXXXXXXX.patch.gz | patch -p1
- cd linux-2.6*; gunzip < ocf-linux-26-XXXXXXXX.patch.gz | patch -p1
-
- if you do one of the above, then you can proceed to the next step,
- or you can do the above process by hand with using the patches against
- linux-2.4.35 and 2.6.33 to include the ocf code under crypto/ocf.
- Here's how to add it:
+This section provides instructions on how to quickly add kernel only support
+for OCF to a GNU/Linux system. It is only suitable for in-kernel use such as
+Openswan MAST/KLIPS.
- for 2.4.35 (and later)
+If the target is an embedded system, or, userspace acceleration of
+applications such as OpenVPN and OpenSSL, the section below titled
+"Adding OCF to linux source" is more appropriate.
- cd linux-2.4.35/crypto
- tar xvzf ocf-linux.tar.gz
- cd ..
- patch -p1 < crypto/ocf/patches/linux-2.4.35-ocf.patch
+Before building kernel only support for OCF ensure that the appropriate
+linux-headers package is installed:
- for 2.6.23 (and later), find the kernel patch specific (or nearest)
- to your kernel versions and then:
+ cd ocf
+ make ocf_modules
+ sudo make ocf_install
+ OCF_DIR=`pwd` # remember where OCF sources were built
- cd linux-2.6.NN/crypto
- tar xvzf ocf-linux.tar.gz
- cd ..
- patch -p1 < crypto/ocf/patches/linux-2.6.NN-ocf.patch
+At this point the ocf, cryptosoft, ocfnull, hifn7751 and ocf-bench modules
+should have been built and installed. The OCF installation can be tested
+with the following commands:
- It should be easy to take this patch and apply it to other more
- recent versions of the kernels. The same patches should also work
- relatively easily on kernels as old as 2.6.11 and 2.4.18.
-
- * under 2.4 if you are on a non-x86 platform, you may need to:
+ modprobe ocf
+ modprobe cryptosoft
+ modprobe ocf-bench
+ dmesg | tail -5
- cp linux-2.X.x/include/asm-i386/kmap_types.h linux-2.X.x/include/asm-YYY
+The final modprobe of ocf-bench will fail, this is intentional as ocf-bench
+is a short lived module that tests in-kernel performance of OCF. If
+everything worked correctly the "dmesg | tail -5" should include a line
+like:
- so that you can build the kernel crypto support needed for the cryptosoft
- driver.
+ [ 583.128741] OCF: 45133 requests of 1488 bytes in 251 jiffies (535.122 Mbps)
- * For simplicity you should enable all the crypto support in your kernel
- except for the test driver. Likewise for the OCF options. Do not
- enable OCF crypto drivers for HW that you do not have (for example
- ixp4xx will not compile on non-Xscale systems).
+This shows the in-kernel performance of OCF using the cryptosoft driver.
+For addition driver load options, see "How to load the OCF modules" below.
- * make sure that cryptodev.h (from ocf-linux.tar.gz) is installed as
- crypto/cryptodev.h in an include directory that is used for building
- applications for your platform. For example on a host system that
- might be:
+If the intention is to run an OCF accelerated Openswan (KLIPS/MAST) then use
+these steps to compile openswan downloaded from openswan.org (2.6.34 or later).
- /usr/include/crypto/cryptodev.h
+ tar xf openswan-2.6.34.tar.gz
+ cd openswan-2.6.34
+ make programs
+ make KERNELSRC=/lib/modules/`uname -r`/build \
+ KBUILD_EXTRA_SYMBOLS=$OCF_DIR/Module.symvers \
+ MODULE_DEF_INCLUDE=`pwd`/packaging/ocf/config-all.hmodules \
+ MODULE_DEFCONFIG=`pwd`/packaging/ocf/defconfig \
+ module
+ sudo make KERNELSRC=/lib/modules/`uname -r`/build \
+ KBUILD_EXTRA_SYMBOLS=$OCF_DIR/Module.symvers \
+ MODULE_DEF_INCLUDE=`pwd`/packaging/ocf/config-all.hmodules \
+ MODULE_DEFCONFIG=`pwd`/packaging/ocf/defconfig \
+ install minstall
- * patch your openssl-0.9.8n code with the openssl-0.9.8n.patch.
- (NOTE: there is no longer a need to patch ssh). The patch is against:
- openssl-0_9_8e
+The rest of this document is only required for more complex build
+requirements.
- If you need a patch for an older version of openssl, you should look
- to older OCF releases. This patch is unlikely to work on older
- openssl versions.
+##########################
+Adding OCF to linux source
+##########################
- openssl-0.9.8n.patch
- - enables --with-cryptodev for non BSD systems
- - adds -cpu option to openssl speed for calculating CPU load
- under linux
- - fixes null pointer in openssl speed multi thread output.
- - fixes test keys to work with linux crypto's more stringent
- key checking.
- - adds MD5/SHA acceleration (Ronen Shitrit), only enabled
- with the --with-cryptodev-digests option
- - fixes bug in engine code caching.
+It is recommended that OCF be built as modules as it increases the
+flexibility and ease of debugging the system.
- * build crypto-tools-XXXXXXXX.tar.gz if you want to try some of the BSD
- tools for testing OCF (ie., cryptotest).
+Ensure that the system has /dev/crypto for userspace access to OCF:
-How to load the OCF drivers
----------------------------
+ mknod /dev/crypto c 10 70
- First insert the base modules:
+Generate the kernel patches and apply the appropriate one.
- insmod ocf
- insmod cryptodev
+ cd ocf
+ make patch
- You can then install the software OCF driver with:
+This will provide three files:
- insmod cryptosoft
+ linux-2.4.*-ocf.patch
+ linux-2.6.*-ocf.patch
+ ocf-linux-base.patch
- and one or more of the OCF HW drivers with:
+If either of the first two patches applies to the targets kernel, then one
+of the following as required:
- insmod safe
- insmod hifn7751
- insmod ixp4xx
- ...
+ cd linux-2.X.Y; patch -p1 < linux-2.4.*-ocf.patch
+ cd linux-2.6.Y; patch -p1 < linux-2.6.*-ocf.patch
- all the drivers take a debug option to enable verbose debug so that
- you can see what is going on. For debug you load them as:
+Otherwise, locate the appropriate kernel patch in the patches directory and
+apply that as well as the ocf-linux-base.patch using '-p1'.
- insmod ocf crypto_debug=1
- insmod cryptodev cryptodev_debug=1
- insmod cryptosoft swcr_debug=1
+When using a linux-2.4 system on a non-x86 platform, the following may be
+required to build cryptosoft:
- You may load more than one OCF crypto driver but then there is no guarantee
- as to which will be used.
+ cp linux-2.X.x/include/asm-i386/kmap_types.h linux-2.X.x/include/asm-YYY
- You can also enable debug at run time on 2.6 systems with the following:
+When using cryptosoft, for simplicity, enable all the crypto support in the
+kernel except for the test driver. Likewise for the OCF options. Do not
+enable OCF crypto drivers for HW that is not present (for example the ixp4xx
+driver will not compile on non-Xscale systems).
- echo 1 > /sys/module/ocf/parameters/crypto_debug
- echo 1 > /sys/module/cryptodev/parameters/cryptodev_debug
- echo 1 > /sys/module/cryptosoft/parameters/swcr_debug
- echo 1 > /sys/module/hifn7751/parameters/hifn_debug
- echo 1 > /sys/module/safe/parameters/safe_debug
- echo 1 > /sys/module/ixp4xx/parameters/ixp_debug
- ...
+Make sure that cryptodev.h from the ocf directory is installed as
+crypto/cryptodev.h in an include directory that is used for building
+applications for the target platform. For example on a host system that
+might be:
+ /usr/include/crypto/cryptodev.h
+
+Patch the openssl-0.9.8r code the openssl-0.9.8r.patch from the patches
+directory. There are many older patch versions in the patches directory
+if required.
+
+The openssl patches provide the following functionality:
+
+ * enables --with-cryptodev for non BSD systems
+ * adds -cpu option to openssl speed for calculating CPU load under linux
+ * fixes null pointer in openssl speed multi thread output.
+ * fixes test keys to work with linux crypto's more stringent key checking.
+ * adds MD5/SHA acceleration (Ronen Shitrit), only enabled with the
+ --with-cryptodev-digests option
+ * fixes bug in engine code caching.
+
+Build the crypto-tools directory for the target to obtain a userspace
+testing tool call cryptotest.
+
+###########################
+How to load the OCF modules
+###########################
+
+First insert the base modules (cryptodev is optional, it is only used
+for userspace acceleration):
+
+ modprobe ocf
+ modprobe cryptodev
+
+Load the software OCF driver with:
+
+ modprobe cryptosoft
+
+and zero or more of the OCF HW drivers with:
+
+ modprobe safe
+ modprobe hifn7751
+ modprobe ixp4xx
+ ...
+
+All the drivers take a debug option to enable verbose debug so that
+OCF operation may be observed via "dmesg" or the console. For debug
+load the modules as:
+
+ modprobe ocf crypto_debug=1
+ modprobe cryptodev cryptodev_debug=1
+ modprobe cryptosoft swcr_debug=1
+
+More than one OCF crypto driver may be loaded but then there is no
+guarantee as to which will be used (other than a preference for HW
+drivers over SW drivers by most applications).
+
+It is also possible to enable debug at run time on linux-2.6 systems
+with the following:
+
+ echo 1 > /sys/module/ocf/parameters/crypto_debug
+ echo 1 > /sys/module/cryptodev/parameters/cryptodev_debug
+ echo 1 > /sys/module/cryptosoft/parameters/swcr_debug
+ echo 1 > /sys/module/hifn7751/parameters/hifn_debug
+ echo 1 > /sys/module/safe/parameters/safe_debug
+ echo 1 > /sys/module/ixp4xx/parameters/ixp_debug
+ ...
+
+The ocf-bench driver accepts the following parameters:
+
+ request_q_len - Maximum number of outstanding requests to OCF
+ request_num - run for at least this many requests
+ request_size - size of each request (multiple of 16 bytes recommended)
+ request_batch - enable OCF request batching
+ request_cbimm - enable OCF immediate callback on completion
+
+For example:
+
+ modprobe ocf-bench request_size=1024 request_cbimm=0
+
+#######################
Testing the OCF support
------------------------
+#######################
+
+run "cryptotest", it should do a short test for a couple of
+des packets. If it does everything is working.
- run "cryptotest", it should do a short test for a couple of
- des packets. If it does everything is working.
+If this works, then ssh will use the driver when invoked as:
- If this works, then ssh will use the driver when invoked as:
+ ssh -c 3des username@host
- ssh -c 3des username@host
+to see for sure that it is operating, enable debug as defined above.
- to see for sure that it is operating, enable debug as defined above.
+To get a better idea of performance run:
- To get a better idea of performance run:
+ cryptotest 100 4096
- cryptotest 100 4096
+There are more options to cryptotest, see the help.
- There are more options to cryptotest, see the help.
+It is also possible to use openssl to test the speed of the crypto
+drivers.
- It is also possible to use openssl to test the speed of the crypto
- drivers.
+ openssl speed -evp des -engine cryptodev -elapsed
+ openssl speed -evp des3 -engine cryptodev -elapsed
+ openssl speed -evp aes128 -engine cryptodev -elapsed
- openssl speed -evp des -engine cryptodev -elapsed
- openssl speed -evp des3 -engine cryptodev -elapsed
- openssl speed -evp aes128 -engine cryptodev -elapsed
+and multiple threads (10) with:
- and multiple threads (10) with:
+ openssl speed -evp des -engine cryptodev -elapsed -multi 10
+ openssl speed -evp des3 -engine cryptodev -elapsed -multi 10
+ openssl speed -evp aes128 -engine cryptodev -elapsed -multi 10
- openssl speed -evp des -engine cryptodev -elapsed -multi 10
- openssl speed -evp des3 -engine cryptodev -elapsed -multi 10
- openssl speed -evp aes128 -engine cryptodev -elapsed -multi 10
+for public key testing you can try:
- for public key testing you can try:
+ cryptokeytest
+ openssl speed -engine cryptodev rsa -elapsed
+ openssl speed -engine cryptodev dsa -elapsed
- cryptokeytest
- openssl speed -engine cryptodev rsa -elapsed
- openssl speed -engine cryptodev dsa -elapsed
-David McCullough
-david_mccullough@mcafee.com
+#############################
+#
+# David McCullough
+# david_mccullough@mcafee.com
+#
+#############################
*/
#include <linux/version.h>
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
-#include <generated/autoconf.h>
-#else
-#include <linux/autoconf.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
#include <linux/version.h>
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
-#include <generated/autoconf.h>
-#else
-#include <linux/autoconf.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
#include <linux/wait.h>
#include <linux/sched.h>
#include <linux/spinlock.h>
-#include <linux/version.h>
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,4)
+#include <linux/kthread.h>
+#endif
#include <cryptodev.h>
/*
* have one per-queue but having one simplifies handling of block/unblock
* operations.
*/
-static int crp_sleep = 0;
-static LIST_HEAD(crp_q); /* request queues */
-static LIST_HEAD(crp_kq);
+static LIST_HEAD(crp_q); /* crypto request queue */
+static LIST_HEAD(crp_kq); /* asym request queue */
static spinlock_t crypto_q_lock;
static struct kmem_cache *cryptodesc_zone;
#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27)
-#include <linux/sched.h>
-#define kill_proc(p,s,v) send_sig(s,find_task_by_vpid(p),0)
-#endif
-
#define debug crypto_debug
int crypto_debug = 0;
module_param(crypto_debug, int, 0644);
MODULE_PARM_DESC(crypto_max_loopcount,
"Maximum number of crypto ops to do before yielding to other processes");
-static pid_t cryptoproc = (pid_t) -1;
-static struct completion cryptoproc_exited;
+#ifndef CONFIG_NR_CPUS
+#define CONFIG_NR_CPUS 1
+#endif
+
+static struct task_struct *cryptoproc[CONFIG_NR_CPUS];
+static struct task_struct *cryptoretproc[CONFIG_NR_CPUS];
static DECLARE_WAIT_QUEUE_HEAD(cryptoproc_wait);
-static pid_t cryptoretproc = (pid_t) -1;
-static struct completion cryptoretproc_exited;
static DECLARE_WAIT_QUEUE_HEAD(cryptoretproc_wait);
static int crypto_proc(void *arg);
return 1;
}
+
/*
* Select a driver for a new session that supports the specified
* algorithms and, optionally, is constrained according to the flags.
cap->cc_unkqblocked = 0;
crypto_all_kqblocked = 0;
}
- if (crp_sleep)
- wake_up_interruptible(&cryptoproc_wait);
+ wake_up_interruptible(&cryptoproc_wait);
err = 0;
} else
err = EINVAL;
CRYPTO_Q_LOCK();
if (crypto_q_cnt >= crypto_q_max) {
- CRYPTO_Q_UNLOCK();
cryptostats.cs_drops++;
+ CRYPTO_Q_UNLOCK();
return ENOMEM;
}
crypto_q_cnt++;
TAILQ_INSERT_TAIL(&crp_q, crp, crp_next);
result = 0;
}
- if (crp_sleep)
- wake_up_interruptible(&cryptoproc_wait);
+ wake_up_interruptible(&cryptoproc_wait);
CRYPTO_Q_UNLOCK();
return result;
}
if (error == ERESTART) {
CRYPTO_Q_LOCK();
TAILQ_INSERT_TAIL(&crp_kq, krp, krp_next);
- if (crp_sleep)
- wake_up_interruptible(&cryptoproc_wait);
+ wake_up_interruptible(&cryptoproc_wait);
CRYPTO_Q_UNLOCK();
error = 0;
}
* Normal case; queue the callback for the thread.
*/
CRYPTO_RETQ_LOCK();
- if (CRYPTO_RETQ_EMPTY())
- wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */
+ wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */
TAILQ_INSERT_TAIL(&crp_ret_q, crp, crp_next);
CRYPTO_RETQ_UNLOCK();
}
* Normal case; queue the callback for the thread.
*/
CRYPTO_RETQ_LOCK();
- if (CRYPTO_RETQ_EMPTY())
- wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */
+ wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */
TAILQ_INSERT_TAIL(&crp_ret_kq, krp, krp_next);
CRYPTO_RETQ_UNLOCK();
}
unsigned long q_flags;
int loopcount = 0;
- ocf_daemonize("crypto");
+ set_current_state(TASK_INTERRUPTIBLE);
CRYPTO_Q_LOCK();
for (;;) {
list_empty(&crp_kq), crypto_all_kqblocked);
loopcount = 0;
CRYPTO_Q_UNLOCK();
- crp_sleep = 1;
wait_event_interruptible(cryptoproc_wait,
!(list_empty(&crp_q) || crypto_all_qblocked) ||
!(list_empty(&crp_kq) || crypto_all_kqblocked) ||
- cryptoproc == (pid_t) -1);
- crp_sleep = 0;
+ kthread_should_stop());
if (signal_pending (current)) {
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
spin_lock_irq(¤t->sigmask_lock);
}
CRYPTO_Q_LOCK();
dprintk("%s - awake\n", __FUNCTION__);
- if (cryptoproc == (pid_t) -1)
+ if (kthread_should_stop())
break;
cryptostats.cs_intrs++;
} else if (loopcount > crypto_max_loopcount) {
* been using the CPU exclusively for a while.
*/
loopcount = 0;
+ CRYPTO_Q_UNLOCK();
schedule();
+ CRYPTO_Q_LOCK();
}
loopcount++;
}
CRYPTO_Q_UNLOCK();
- complete_and_exit(&cryptoproc_exited, 0);
+ return 0;
}
/*
struct cryptkop *krpt;
unsigned long r_flags;
- ocf_daemonize("crypto_ret");
+ set_current_state(TASK_INTERRUPTIBLE);
CRYPTO_RETQ_LOCK();
for (;;) {
dprintk("%s - sleeping\n", __FUNCTION__);
CRYPTO_RETQ_UNLOCK();
wait_event_interruptible(cryptoretproc_wait,
- cryptoretproc == (pid_t) -1 ||
!list_empty(&crp_ret_q) ||
- !list_empty(&crp_ret_kq));
+ !list_empty(&crp_ret_kq) ||
+ kthread_should_stop());
if (signal_pending (current)) {
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
spin_lock_irq(¤t->sigmask_lock);
}
CRYPTO_RETQ_LOCK();
dprintk("%s - awake\n", __FUNCTION__);
- if (cryptoretproc == (pid_t) -1) {
+ if (kthread_should_stop()) {
dprintk("%s - EXITING!\n", __FUNCTION__);
break;
}
}
}
CRYPTO_RETQ_UNLOCK();
- complete_and_exit(&cryptoretproc_exited, 0);
+ return 0;
}
crypto_init(void)
{
int error;
+ unsigned long cpu;
dprintk("%s(%p)\n", __FUNCTION__, (void *) crypto_init);
memset(crypto_drivers, 0, crypto_drivers_num * sizeof(struct cryptocap));
- init_completion(&cryptoproc_exited);
- init_completion(&cryptoretproc_exited);
-
- cryptoproc = 0; /* to avoid race condition where proc runs first */
- cryptoproc = kernel_thread(crypto_proc, NULL, CLONE_FS|CLONE_FILES);
- if (cryptoproc < 0) {
- error = cryptoproc;
- printk("crypto: crypto_init cannot start crypto thread; error %d",
- error);
- goto bad;
- }
-
- cryptoretproc = 0; /* to avoid race condition where proc runs first */
- cryptoretproc = kernel_thread(crypto_ret_proc, NULL, CLONE_FS|CLONE_FILES);
- if (cryptoretproc < 0) {
- error = cryptoretproc;
- printk("crypto: crypto_init cannot start cryptoret thread; error %d",
+ ocf_for_each_cpu(cpu) {
+ cryptoproc[cpu] = kthread_create(crypto_proc, (void *) cpu,
+ "ocf_%d", (int) cpu);
+ if (IS_ERR(cryptoproc[cpu])) {
+ error = PTR_ERR(cryptoproc[cpu]);
+ printk("crypto: crypto_init cannot start crypto thread; error %d",
error);
- goto bad;
+ goto bad;
+ }
+ kthread_bind(cryptoproc[cpu], cpu);
+ wake_up_process(cryptoproc[cpu]);
+
+ cryptoretproc[cpu] = kthread_create(crypto_ret_proc, (void *) cpu,
+ "ocf_ret_%d", (int) cpu);
+ if (IS_ERR(cryptoretproc[cpu])) {
+ error = PTR_ERR(cryptoretproc[cpu]);
+ printk("crypto: crypto_init cannot start cryptoret thread; error %d",
+ error);
+ goto bad;
+ }
+ kthread_bind(cryptoretproc[cpu], cpu);
+ wake_up_process(cryptoretproc[cpu]);
}
return 0;
static void
crypto_exit(void)
{
- pid_t p;
- unsigned long d_flags;
+ int cpu;
dprintk("%s()\n", __FUNCTION__);
/*
* Terminate any crypto threads.
*/
-
- CRYPTO_DRIVER_LOCK();
- p = cryptoproc;
- cryptoproc = (pid_t) -1;
- kill_proc(p, SIGTERM, 1);
- wake_up_interruptible(&cryptoproc_wait);
- CRYPTO_DRIVER_UNLOCK();
-
- wait_for_completion(&cryptoproc_exited);
-
- CRYPTO_DRIVER_LOCK();
- p = cryptoretproc;
- cryptoretproc = (pid_t) -1;
- kill_proc(p, SIGTERM, 1);
- wake_up_interruptible(&cryptoretproc_wait);
- CRYPTO_DRIVER_UNLOCK();
-
- wait_for_completion(&cryptoretproc_exited);
-
- /* XXX flush queues??? */
+ ocf_for_each_cpu(cpu) {
+ kthread_stop(cryptoproc[cpu]);
+ kthread_stop(cryptoretproc[cpu]);
+ }
/*
* Reclaim dynamically allocated resources.
*/
#include <linux/version.h>
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
-#include <generated/autoconf.h>
-#else
-#include <linux/autoconf.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
int octo_mlen;
int octo_ivsize;
-#if 0
- int (*octo_decrypt)(struct scatterlist *sg, int sg_len,
- uint8_t *key, int key_len, uint8_t * iv,
- uint64_t *hminner, uint64_t *hmouter);
-
- int (*octo_encrypt)(struct scatterlist *sg, int sg_len,
- uint8_t *key, int key_len, uint8_t * iv,
- uint64_t *hminner, uint64_t *hmouter);
-#else
int (*octo_encrypt)(struct octo_sess *od,
struct scatterlist *sg, int sg_len,
int auth_off, int auth_len,
int auth_off, int auth_len,
int crypt_off, int crypt_len,
int icv_off, uint8_t *ivp);
-#endif
uint64_t octo_hminner[3];
uint64_t octo_hmouter[3];
break;
case CRYPTO_SHA1_HMAC:
(*ocd)->octo_encrypt = octo_des_cbc_sha1_encrypt;
- (*ocd)->octo_decrypt = octo_des_cbc_sha1_encrypt;
+ (*ocd)->octo_decrypt = octo_des_cbc_sha1_decrypt;
octo_calc_hash(1, macini->cri_key, (*ocd)->octo_hminner,
(*ocd)->octo_hmouter);
break;
break;
case CRYPTO_MD5_HMAC:
(*ocd)->octo_encrypt = octo_null_md5_encrypt;
- (*ocd)->octo_decrypt = octo_null_md5_encrypt;
+ (*ocd)->octo_decrypt = octo_null_md5_encrypt; /* encrypt == decrypt */
octo_calc_hash(0, macini->cri_key, (*ocd)->octo_hminner,
(*ocd)->octo_hmouter);
break;
case CRYPTO_SHA1_HMAC:
(*ocd)->octo_encrypt = octo_null_sha1_encrypt;
- (*ocd)->octo_decrypt = octo_null_sha1_encrypt;
+ (*ocd)->octo_decrypt = octo_null_sha1_encrypt; /* encrypt == decrypt */
octo_calc_hash(1, macini->cri_key, (*ocd)->octo_hminner,
(*ocd)->octo_hmouter);
break;
}
if (enccrd) {
- if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) {
- ivp = enccrd->crd_iv;
+ if (enccrd->crd_flags & CRD_F_ENCRYPT) {
+ if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
+ ivp = enccrd->crd_iv;
+ else
+ read_random((ivp = iv_data), od->octo_ivsize);
+ if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0)
+ crypto_copyback(crp->crp_flags, crp->crp_buf,
+ enccrd->crd_inject, od->octo_ivsize, ivp);
} else {
- ivp = iv_data;
- crypto_copydata(crp->crp_flags, crp->crp_buf,
- enccrd->crd_inject, od->octo_ivsize, (caddr_t) ivp);
+ if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) {
+ ivp = enccrd->crd_iv;
+ } else {
+ ivp = iv_data;
+ crypto_copydata(crp->crp_flags, crp->crp_buf,
+ enccrd->crd_inject, od->octo_ivsize, (caddr_t) ivp);
+ }
}
if (maccrd) {
*/
#include <linux/version.h>
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
-#include <generated/autoconf.h>
-#else
-#include <linux/autoconf.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
#endif
#include <linux/types.h>
#include <linux/time.h>
#include <linux/file.h>
#include <linux/mount.h>
#include <linux/miscdevice.h>
-#include <linux/version.h>
#include <asm/uaccess.h>
#include <cryptodev.h>
#define CRYPTO_SHA2_384 23
#define CRYPTO_SHA2_512 24
#define CRYPTO_RIPEMD160 25
-#define CRYPTO_ALGORITHM_MAX 25 /* Keep updated - see below */
+#define CRYPTO_LZS_COMP 26
+#define CRYPTO_ALGORITHM_MAX 26 /* Keep updated - see above */
/* Algorithm flags */
#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
* but is mostly unrecognisable,
*
* Written by David McCullough <david_mccullough@mcafee.com>
- * Copyright (C) 2004-2010 David McCullough
+ * Copyright (C) 2004-2011 David McCullough
* Copyright (C) 2004-2005 Intel Corporation.
*
* LICENSE TERMS
*/
#include <linux/version.h>
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
-#include <generated/autoconf.h>
-#else
-#include <linux/autoconf.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
#include <linux/mm.h>
#include <linux/skbuff.h>
#include <linux/random.h>
-#include <linux/version.h>
+#include <linux/interrupt.h>
+#include <linux/spinlock.h>
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
#include <linux/scatterlist.h>
#endif
#define SW_TYPE_ASYNC 0x8000
+#define SW_TYPE_INUSE 0x10000000
+
/* We change some of the above if we have an async interface */
#define SW_TYPE_ALG_AMASK (SW_TYPE_ALG_MASK | SW_TYPE_ASYNC)
#define SCATTERLIST_MAX 16
struct swcr_data {
+ struct work_struct workq;
int sw_type;
int sw_alg;
struct crypto_tfm *sw_tfm;
+ spinlock_t sw_tfm_lock;
union {
struct {
char *sw_key;
#define crypto_blkcipher_decrypt_iv(W, X, Y, Z) \
crypto_cipher_decrypt_iv((W)->tfm, X, Y, Z, (u8 *)((W)->info))
#define crypto_blkcipher_set_flags(x, y) /* nop */
+ #define crypto_free_blkcipher(x) crypto_free_tfm(x)
+ #define crypto_free_comp crypto_free_tfm
+ #define crypto_free_hash crypto_free_tfm
/* Hash/HMAC/Digest */
struct hash_desc
static void swcr_process_req(struct swcr_req *req);
+/*
+ * somethings just need to be run with user context no matter whether
+ * the kernel compression libs use vmalloc/vfree for example.
+ */
+
+typedef struct {
+ struct work_struct wq;
+ void (*func)(void *arg);
+ void *arg;
+} execute_later_t;
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
+static void
+doing_it_now(struct work_struct *wq)
+{
+ execute_later_t *w = container_of(wq, execute_later_t, wq);
+ (w->func)(w->arg);
+ kfree(w);
+}
+#else
+static void
+doing_it_now(void *arg)
+{
+ execute_later_t *w = (execute_later_t *) arg;
+ (w->func)(w->arg);
+ kfree(w);
+}
+#endif
+
+static void
+execute_later(void (fn)(void *), void *arg)
+{
+ execute_later_t *w;
+
+ w = (execute_later_t *) kmalloc(sizeof(execute_later_t), SLAB_ATOMIC);
+ if (w) {
+ memset(w, '\0', sizeof(w));
+ w->func = fn;
+ w->arg = arg;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
+ INIT_WORK(&w->wq, doing_it_now);
+#else
+ INIT_WORK(&w->wq, doing_it_now, w);
+#endif
+ schedule_work(&w->wq);
+ }
+}
+
/*
* Generate a new software session.
*/
(*swd)->sw_type = crypto_details[cri->cri_alg].sw_type;
(*swd)->sw_alg = cri->cri_alg;
+ spin_lock_init(&(*swd)->sw_tfm_lock);
+
/* Algorithm specific configuration */
switch (cri->cri_alg) {
case CRYPTO_NULL_CBC:
/* try async first */
(*swd)->sw_tfm = swcr_no_ablk ? NULL :
crypto_ablkcipher_tfm(crypto_alloc_ablkcipher(algo, 0, 0));
- if ((*swd)->sw_tfm) {
+ if ((*swd)->sw_tfm && !IS_ERR((*swd)->sw_tfm)) {
dprintk("%s %s cipher is async\n", __FUNCTION__, algo);
(*swd)->sw_type |= SW_TYPE_ASYNC;
} else {
- dprintk("%s %s cipher is sync\n", __FUNCTION__, algo);
(*swd)->sw_tfm = crypto_blkcipher_tfm(
crypto_alloc_blkcipher(algo, 0, CRYPTO_ALG_ASYNC));
+ if ((*swd)->sw_tfm && !IS_ERR((*swd)->sw_tfm))
+ dprintk("%s %s cipher is sync\n", __FUNCTION__, algo);
}
- if (!(*swd)->sw_tfm) {
+ if (!(*swd)->sw_tfm || IS_ERR((*swd)->sw_tfm)) {
+ int err;
dprintk("cryptosoft: crypto_alloc_blkcipher failed(%s, 0x%x)\n",
algo,mode);
+ err = IS_ERR((*swd)->sw_tfm) ? -(PTR_ERR((*swd)->sw_tfm)) : EINVAL;
+ (*swd)->sw_tfm = NULL; /* ensure NULL */
swcr_freesession(NULL, i);
- return EINVAL;
+ return err;
}
if (debug) {
crypto_free_hash(crypto_hash_cast(swd->sw_tfm));
break;
case SW_TYPE_COMP:
- crypto_free_comp(crypto_comp_cast(swd->sw_tfm));
+ if (in_interrupt())
+ execute_later((void (*)(void *))crypto_free_comp, (void *)crypto_comp_cast(swd->sw_tfm));
+ else
+ crypto_free_comp(crypto_comp_cast(swd->sw_tfm));
+ break;
default:
crypto_free_tfm(swd->sw_tfm);
break;
return 0;
}
-#if defined(HAVE_ABLKCIPHER) || defined(HAVE_AHASH)
-/* older kernels had no async interface */
-
-static void swcr_process_callback(struct crypto_async_request *creq, int err)
+static void swcr_process_req_complete(struct swcr_req *req)
{
- struct swcr_req *req = creq->data;
-
dprintk("%s()\n", __FUNCTION__);
- if (err) {
- if (err == -EINPROGRESS)
- return;
- dprintk("%s() fail %d\n", __FUNCTION__, -err);
- req->crp->crp_etype = -err;
- goto done;
+
+ if (req->sw->sw_type & SW_TYPE_INUSE) {
+ unsigned long flags;
+ spin_lock_irqsave(&req->sw->sw_tfm_lock, flags);
+ req->sw->sw_type &= ~SW_TYPE_INUSE;
+ spin_unlock_irqrestore(&req->sw->sw_tfm_lock, flags);
}
+ if (req->crp->crp_etype)
+ goto done;
+
switch (req->sw->sw_type & SW_TYPE_ALG_AMASK) {
+#if defined(HAVE_AHASH)
case SW_TYPE_AHMAC:
case SW_TYPE_AHASH:
crypto_copyback(req->crp->crp_flags, req->crp->crp_buf,
req->crd->crd_inject, req->sw->u.hmac.sw_mlen, req->result);
ahash_request_free(req->crypto_req);
break;
+#endif
+#if defined(HAVE_ABLKCIPHER)
case SW_TYPE_ABLKCIPHER:
ablkcipher_request_free(req->crypto_req);
break;
+#endif
+ case SW_TYPE_CIPHER:
+ case SW_TYPE_HMAC:
+ case SW_TYPE_HASH:
+ case SW_TYPE_COMP:
+ case SW_TYPE_BLKCIPHER:
+ break;
default:
req->crp->crp_etype = EINVAL;
goto done;
crypto_done(req->crp);
kmem_cache_free(swcr_req_cache, req);
}
+
+#if defined(HAVE_ABLKCIPHER) || defined(HAVE_AHASH)
+static void swcr_process_callback(struct crypto_async_request *creq, int err)
+{
+ struct swcr_req *req = creq->data;
+
+ dprintk("%s()\n", __FUNCTION__);
+ if (err) {
+ if (err == -EINPROGRESS)
+ return;
+ dprintk("%s() fail %d\n", __FUNCTION__, -err);
+ req->crp->crp_etype = -err;
+ }
+
+ swcr_process_req_complete(req);
+}
#endif /* defined(HAVE_ABLKCIPHER) || defined(HAVE_AHASH) */
goto done;
}
+ /*
+ * for some types we need to ensure only one user as info is stored in
+ * the tfm during an operation that can get corrupted
+ */
+ switch (sw->sw_type & SW_TYPE_ALG_AMASK) {
+#ifdef HAVE_AHASH
+ case SW_TYPE_AHMAC:
+ case SW_TYPE_AHASH:
+#endif
+ case SW_TYPE_HMAC:
+ case SW_TYPE_HASH: {
+ unsigned long flags;
+ spin_lock_irqsave(&sw->sw_tfm_lock, flags);
+ if (sw->sw_type & SW_TYPE_INUSE) {
+ spin_unlock_irqrestore(&sw->sw_tfm_lock, flags);
+ execute_later((void (*)(void *))swcr_process_req, (void *)req);
+ return;
+ }
+ sw->sw_type |= SW_TYPE_INUSE;
+ spin_unlock_irqrestore(&sw->sw_tfm_lock, flags);
+ } break;
+ }
+
req->sw = sw;
skip = crd->crd_skip;
}
req->crypto_req =
- ahash_request_alloc(__crypto_ahash_cast(sw->sw_tfm),GFP_KERNEL);
+ ahash_request_alloc(__crypto_ahash_cast(sw->sw_tfm),GFP_ATOMIC);
if (!req->crypto_req) {
crp->crp_etype = ENOMEM;
dprintk("%s,%d: ENOMEM ahash_request_alloc", __FILE__, __LINE__);
case 0:
dprintk("hash OP %s %d\n", ret ? "failed" : "success", ret);
crp->crp_etype = ret;
- ahash_request_free(req->crypto_req);
goto done;
}
} break;
}
req->crypto_req = ablkcipher_request_alloc(
- __crypto_ablkcipher_cast(sw->sw_tfm), GFP_KERNEL);
+ __crypto_ablkcipher_cast(sw->sw_tfm), GFP_ATOMIC);
if (!req->crypto_req) {
crp->crp_etype = ENOMEM;
dprintk("%s,%d: ENOMEM ablkcipher_request_alloc",
crd->crd_inject, olen, obuf);
crp->crp_olen = olen;
}
-
-
} break;
default:
}
done:
- crypto_done(crp);
- kmem_cache_free(swcr_req_cache, req);
+ swcr_process_req_complete(req);
}
module_exit(cryptosoft_exit);
MODULE_LICENSE("Dual BSD/GPL");
-MODULE_AUTHOR("David McCullough <david_mccullough@securecomputing.com>");
+MODULE_AUTHOR("David McCullough <david_mccullough@mcafee.com>");
MODULE_DESCRIPTION("Cryptosoft (OCF module for kernel crypto)");
* Driver for various Hifn encryption processors.
*/
#include <linux/version.h>
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
-#include <generated/autoconf.h>
-#else
-#include <linux/autoconf.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
#include <linux/interrupt.h>
#include <linux/spinlock.h>
#include <linux/random.h>
-#include <linux/version.h>
#include <linux/skbuff.h>
#include <asm/io.h>
if (pci_enable_device(dev) < 0)
return(-ENODEV);
-#ifdef CONFIG_HAVE_PCI_SET_MWI
+#ifdef HAVE_PCI_SET_MWI
if (pci_set_mwi(dev))
return(-ENODEV);
#endif
DPRINTF("%s()\n", __FUNCTION__);
/* NB: RETRY only responds to 8-bit reads/writes */
pci_write_config_byte(sc->sc_pcidev, HIFN_RETRY_TIMEOUT, 0);
- pci_write_config_dword(sc->sc_pcidev, HIFN_TRDY_TIMEOUT, 0);
+ pci_write_config_byte(sc->sc_pcidev, HIFN_TRDY_TIMEOUT, 0);
/* piggy back the cache line setting here */
pci_write_config_byte(sc->sc_pcidev, PCI_CACHE_LINE_SIZE, hifn_cache_linesize);
}
case CRYPTO_DES_CBC:
case CRYPTO_3DES_CBC:
case CRYPTO_AES_CBC:
- /* XXX this may read fewer, does it matter? */
- read_random(ses->hs_iv,
- c->cri_alg == CRYPTO_AES_CBC ?
- HIFN_AES_IV_LENGTH : HIFN_IV_LENGTH);
- /*FALLTHROUGH*/
case CRYPTO_ARC4:
if (cry) {
DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__);
if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
bcopy(enccrd->crd_iv, cmd->iv, ivlen);
else
- bcopy(sc->sc_sessions[session].hs_iv,
- cmd->iv, ivlen);
+ read_random(cmd->iv, ivlen);
if ((enccrd->crd_flags & CRD_F_IV_PRESENT)
== 0) {
struct hifn_dma *dma = sc->sc_dma;
struct cryptop *crp = cmd->crp;
struct cryptodesc *crd;
- int i, u, ivlen;
+ int i, u;
DPRINTF("%s()\n", __FUNCTION__);
hifnstats.hst_obytes += cmd->dst_mapsize;
- if ((cmd->base_masks & (HIFN_BASE_CMD_CRYPT | HIFN_BASE_CMD_DECODE)) ==
- HIFN_BASE_CMD_CRYPT) {
- for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
- if (crd->crd_alg != CRYPTO_DES_CBC &&
- crd->crd_alg != CRYPTO_3DES_CBC &&
- crd->crd_alg != CRYPTO_AES_CBC)
- continue;
- ivlen = ((crd->crd_alg == CRYPTO_AES_CBC) ?
- HIFN_AES_IV_LENGTH : HIFN_IV_LENGTH);
- crypto_copydata(crp->crp_flags, crp->crp_buf,
- crd->crd_skip + crd->crd_len - ivlen, ivlen,
- cmd->softc->sc_sessions[cmd->session_num].hs_iv);
- break;
- }
- }
-
if (macbuf != NULL) {
for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
int len;
struct hifn_session {
int hs_used;
int hs_mlen;
- u_int8_t hs_iv[HIFN_MAX_IV_LENGTH];
};
#define HIFN_RING_SYNC(sc, r, i, f) \
* Driver for various Hifn encryption processors.
*/
#include <linux/version.h>
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
-#include <generated/autoconf.h>
-#else
-#include <linux/autoconf.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
#include <linux/interrupt.h>
#include <linux/spinlock.h>
#include <linux/random.h>
-#include <linux/version.h>
#include <linux/skbuff.h>
#include <linux/uio.h>
#include <linux/sysfs.h>
if (pci_enable_device(dev) < 0)
return(-ENODEV);
-#ifdef CONFIG_HAVE_PCI_SET_MWI
+#ifdef HAVE_PCI_SET_MWI
if (pci_set_mwi(dev))
return(-ENODEV);
#endif
* from Intel in order to operate (or compile).
*
* Written by David McCullough <david_mccullough@mcafee.com>
- * Copyright (C) 2006-2010 David McCullough
+ * Copyright (C) 2006-2011 David McCullough
* Copyright (C) 2004-2005 Intel Corporation.
*
* LICENSE TERMS
*/
#include <linux/version.h>
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
-#include <generated/autoconf.h>
-#else
-#include <linux/autoconf.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
dprintk("%s(%p)\n", __FUNCTION__, q);
if (q->ixp_q_ccrd) {
- if (q->ixp_q_ccrd->crd_flags & CRD_F_IV_EXPLICIT) {
- q->ixp_q_iv = q->ixp_q_ccrd->crd_iv;
+ if (q->ixp_q_ccrd->crd_flags & CRD_F_ENCRYPT) {
+ if (q->ixp_q_ccrd->crd_flags & CRD_F_IV_EXPLICIT) {
+ q->ixp_q_iv = q->ixp_q_ccrd->crd_iv;
+ } else {
+ q->ixp_q_iv = q->ixp_q_iv_data;
+ read_random(q->ixp_q_iv, ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen);
+ }
+ if ((q->ixp_q_ccrd->crd_flags & CRD_F_IV_PRESENT) == 0)
+ crypto_copyback(q->ixp_q_crp->crp_flags, q->ixp_q_crp->crp_buf,
+ q->ixp_q_ccrd->crd_inject,
+ ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen,
+ (caddr_t) q->ixp_q_iv);
} else {
- q->ixp_q_iv = q->ixp_q_iv_data;
- crypto_copydata(q->ixp_q_crp->crp_flags, q->ixp_q_crp->crp_buf,
- q->ixp_q_ccrd->crd_inject,
- ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen,
- (caddr_t) q->ixp_q_iv);
+ if (q->ixp_q_ccrd->crd_flags & CRD_F_IV_EXPLICIT)
+ q->ixp_q_iv = q->ixp_q_ccrd->crd_iv;
+ else {
+ q->ixp_q_iv = q->ixp_q_iv_data;
+ crypto_copydata(q->ixp_q_crp->crp_flags, q->ixp_q_crp->crp_buf,
+ q->ixp_q_ccrd->crd_inject,
+ ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen,
+ (caddr_t) q->ixp_q_iv);
+ }
}
if (q->ixp_q_acrd) {
--- /dev/null
+static MV_U8 mask[256] = {
+0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static MV_U8 Logtable[256] = {
+ 0, 0, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3,
+100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28, 193,
+125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201, 9, 120,
+101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53, 147, 218, 142,
+150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241, 64, 70, 131, 56,
+102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226, 152, 34, 136, 145, 16,
+126, 110, 72, 195, 163, 182, 30, 66, 58, 107, 40, 84, 250, 133, 61, 186,
+ 43, 121, 10, 21, 155, 159, 94, 202, 78, 212, 172, 229, 243, 115, 167, 87,
+175, 88, 168, 80, 244, 234, 214, 116, 79, 174, 233, 213, 231, 230, 173, 232,
+ 44, 215, 117, 122, 235, 22, 11, 245, 89, 203, 95, 176, 156, 169, 81, 160,
+127, 12, 246, 111, 23, 196, 73, 236, 216, 67, 31, 45, 164, 118, 123, 183,
+204, 187, 62, 90, 251, 96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157,
+151, 178, 135, 144, 97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209,
+ 83, 57, 132, 60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171,
+ 68, 17, 146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165,
+103, 74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7,
+};
+
+static MV_U8 Alogtable[512] = {
+ 1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53,
+ 95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170,
+229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49,
+ 83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205,
+ 76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136,
+131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154,
+181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163,
+254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160,
+251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65,
+195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117,
+159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128,
+155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84,
+252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202,
+ 69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14,
+ 18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23,
+ 57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1,
+
+ 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53,
+ 95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170,
+229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49,
+ 83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205,
+ 76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136,
+131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154,
+181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163,
+254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160,
+251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65,
+195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117,
+159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128,
+155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84,
+252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202,
+ 69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14,
+ 18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23,
+ 57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1,
+
+};
+
+static MV_U8 S[256] = {
+ 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118,
+202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192,
+183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21,
+ 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117,
+ 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132,
+ 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207,
+208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168,
+ 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210,
+205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115,
+ 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219,
+224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121,
+231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8,
+186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138,
+112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158,
+225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
+140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22,
+};
+
+static MV_U8 Si[256] = {
+ 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251,
+124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203,
+ 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78,
+ 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37,
+114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146,
+108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132,
+144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6,
+208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107,
+ 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115,
+150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110,
+ 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27,
+252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244,
+ 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95,
+ 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239,
+160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97,
+ 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125,
+};
+
+/*
+static MV_U8 iG[4][4] = {
+{0x0e, 0x09, 0x0d, 0x0b},
+{0x0b, 0x0e, 0x09, 0x0d},
+{0x0d, 0x0b, 0x0e, 0x09},
+{0x09, 0x0d, 0x0b, 0x0e},
+};
+*/
+static MV_U32 rcon[30] = {
+ 0x01,0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, };
*******************************************************************************/
#include <linux/version.h>
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
-#include <generated/autoconf.h>
-#else
-#include <linux/autoconf.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) {
dprintk("%s,%d: copy the IV back to the buffer\n", __FILE__, __LINE__);
cesa_cmd->ivOffset = crd->crd_inject;
- crypto_copy_bits_back(crp->crp_buf, crd->crd_inject, ivp, cesa_ocf_cur_ses->ivlen);
+ crypto_copyback(crp->crp_flags, crp->crp_buf, crd->crd_inject, cesa_ocf_cur_ses->ivlen, ivp);
}
else {
dprintk("%s,%d: don't copy the IV back to the buffer \n", __FILE__, __LINE__);
#include <linux/version.h>
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
-#include <generated/autoconf.h>
-#else
-#include <linux/autoconf.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
#include <linux/wait.h>
#include <linux/sched.h>
#include <linux/spinlock.h>
-#include <linux/version.h>
#include <linux/interrupt.h>
#include <cryptodev.h>
/*
* the number of simultaneously active requests
*/
-static int request_q_len = 20;
+static int request_q_len = 40;
module_param(request_q_len, int, 0);
MODULE_PARM_DESC(request_q_len, "Number of outstanding requests");
+
/*
* how many requests we want to have processed
*/
static int request_num = 1024;
module_param(request_num, int, 0);
MODULE_PARM_DESC(request_num, "run for at least this many requests");
+
/*
* the size of each request
*/
-static int request_size = 1500;
+static int request_size = 1488;
module_param(request_size, int, 0);
MODULE_PARM_DESC(request_size, "size of each request");
+/*
+ * OCF batching of requests
+ */
+static int request_batch = 1;
+module_param(request_batch, int, 0);
+MODULE_PARM_DESC(request_batch, "enable OCF request batching");
+
+/*
+ * OCF immediate callback on completion
+ */
+static int request_cbimm = 1;
+module_param(request_cbimm, int, 0);
+MODULE_PARM_DESC(request_cbimm, "enable OCF immediate callback on completion");
+
/*
* a structure for each request
*/
static request_t *requests;
+static spinlock_t ocfbench_counter_lock;
static int outstanding;
static int total;
*/
static uint64_t ocf_cryptoid;
+static unsigned long jstart, jstop;
+
static int ocf_init(void);
static int ocf_cb(struct cryptop *crp);
static void ocf_request(void *arg);
cria.cri_klen = 20 * 8;
cria.cri_key = "0123456789abcdefghij";
- crie.cri_alg = CRYPTO_3DES_CBC;
+ //crie.cri_alg = CRYPTO_3DES_CBC;
+ crie.cri_alg = CRYPTO_AES_CBC;
crie.cri_klen = 24 * 8;
crie.cri_key = "0123456789abcdefghijklmn";
crie.cri_next = &cria;
- error = crypto_newsession(&ocf_cryptoid, &crie, 0);
+ error = crypto_newsession(&ocf_cryptoid, &crie,
+ CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE);
if (error) {
printk("crypto_newsession failed %d\n", error);
return -1;
ocf_cb(struct cryptop *crp)
{
request_t *r = (request_t *) crp->crp_opaque;
+ unsigned long flags;
if (crp->crp_etype)
printk("Error in OCF processing: %d\n", crp->crp_etype);
- total++;
crypto_freereq(crp);
crp = NULL;
- if (total > request_num) {
+ /* do all requests but take at least 1 second */
+ spin_lock_irqsave(&ocfbench_counter_lock, flags);
+ total++;
+ if (total > request_num && jstart + HZ < jiffies) {
outstanding--;
+ spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
return 0;
}
+ spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
- INIT_WORK(&r->work, ocf_request_wq);
-#else
- INIT_WORK(&r->work, ocf_request, r);
-#endif
schedule_work(&r->work);
return 0;
}
request_t *r = arg;
struct cryptop *crp = crypto_getreq(2);
struct cryptodesc *crde, *crda;
+ unsigned long flags;
if (!crp) {
+ spin_lock_irqsave(&ocfbench_counter_lock, flags);
outstanding--;
+ spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
return;
}
crde->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_ENCRYPT;
crde->crd_len = request_size;
crde->crd_inject = request_size;
- crde->crd_alg = CRYPTO_3DES_CBC;
+ //crde->crd_alg = CRYPTO_3DES_CBC;
+ crde->crd_alg = CRYPTO_AES_CBC;
crde->crd_key = "0123456789abcdefghijklmn";
crde->crd_klen = 24 * 8;
crp->crp_ilen = request_size + 64;
- crp->crp_flags = CRYPTO_F_CBIMM;
+ crp->crp_flags = 0;
+ if (request_batch)
+ crp->crp_flags |= CRYPTO_F_BATCH;
+ if (request_cbimm)
+ crp->crp_flags |= CRYPTO_F_CBIMM;
crp->crp_buf = (caddr_t) r->buffer;
crp->crp_callback = ocf_cb;
crp->crp_sid = ocf_cryptoid;
}
#endif
+static void
+ocf_done(void)
+{
+ crypto_freesession(ocf_cryptoid);
+}
+
/*************************************************************************/
#ifdef BENCH_IXP_ACCESS_LIB
/*************************************************************************/
IxCryptoAccStatus status)
{
request_t *r = NULL;
+ unsigned long flags;
+ /* do all requests but take at least 1 second */
+ spin_lock_irqsave(&ocfbench_counter_lock, flags);
total++;
- if (total > request_num) {
+ if (total > request_num && jstart + HZ < jiffies) {
outstanding--;
+ spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
return;
}
if (!sbufp || !(r = IX_MBUF_PRIV(sbufp))) {
printk("crappo %p %p\n", sbufp, r);
outstanding--;
+ spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
return;
}
+ spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
- INIT_WORK(&r->work, ixp_request_wq);
-#else
- INIT_WORK(&r->work, ixp_request, r);
-#endif
schedule_work(&r->work);
}
{
request_t *r = arg;
IxCryptoAccStatus status;
+ unsigned long flags;
memset(&r->mbuf, 0, sizeof(r->mbuf));
IX_MBUF_MLEN(&r->mbuf) = IX_MBUF_PKT_LEN(&r->mbuf) = request_size + 64;
0, request_size, 0, request_size, request_size, r->buffer);
if (IX_CRYPTO_ACC_STATUS_SUCCESS != status) {
printk("status1 = %d\n", status);
+ spin_lock_irqsave(&ocfbench_counter_lock, flags);
outstanding--;
+ spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
return;
}
return;
}
#endif
+static void
+ixp_done(void)
+{
+ /* we should free the session here but I am lazy :-) */
+}
+
/*************************************************************************/
#endif /* BENCH_IXP_ACCESS_LIB */
/*************************************************************************/
int
ocfbench_init(void)
{
- int i, jstart, jstop;
+ int i;
+ unsigned long mbps;
+ unsigned long flags;
printk("Crypto Speed tests\n");
for (i = 0; i < request_q_len; i++) {
/* +64 for return data */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
+ INIT_WORK(&requests[i].work, ocf_request_wq);
+#else
+ INIT_WORK(&requests[i].work, ocf_request, &requests[i]);
+#endif
requests[i].buffer = kmalloc(request_size + 128, GFP_DMA);
if (!requests[i].buffer) {
printk("malloc failed\n");
* OCF benchmark
*/
printk("OCF: testing ...\n");
- ocf_init();
+ if (ocf_init() == -1)
+ return -EINVAL;
+
+ spin_lock_init(&ocfbench_counter_lock);
total = outstanding = 0;
jstart = jiffies;
for (i = 0; i < request_q_len; i++) {
+ spin_lock_irqsave(&ocfbench_counter_lock, flags);
outstanding++;
+ spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
ocf_request(&requests[i]);
}
while (outstanding > 0)
schedule();
jstop = jiffies;
- printk("OCF: %d requests of %d bytes in %d jiffies\n", total, request_size,
- jstop - jstart);
+ mbps = 0;
+ if (jstop > jstart) {
+ mbps = (unsigned long) total * (unsigned long) request_size * 8;
+ mbps /= ((jstop - jstart) * 1000) / HZ;
+ }
+ printk("OCF: %d requests of %d bytes in %d jiffies (%d.%03d Mbps)\n",
+ total, request_size, (int)(jstop - jstart),
+ ((int)mbps) / 1000, ((int)mbps) % 1000);
+ ocf_done();
#ifdef BENCH_IXP_ACCESS_LIB
/*
total = outstanding = 0;
jstart = jiffies;
for (i = 0; i < request_q_len; i++) {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
+ INIT_WORK(&requests[i].work, ixp_request_wq);
+#else
+ INIT_WORK(&requests[i].work, ixp_request, &requests[i]);
+#endif
+ spin_lock_irqsave(&ocfbench_counter_lock, flags);
outstanding++;
+ spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
ixp_request(&requests[i]);
}
while (outstanding > 0)
schedule();
jstop = jiffies;
- printk("IXP: %d requests of %d bytes in %d jiffies\n", total, request_size,
- jstop - jstart);
+ mbps = 0;
+ if (jstop > jstart) {
+ mbps = (unsigned long) total * (unsigned long) request_size * 8;
+ mbps /= ((jstop - jstart) * 1000) / HZ;
+ }
+ printk("IXP: %d requests of %d bytes in %d jiffies (%d.%03d Mbps)\n",
+ total, request_size, jstop - jstart,
+ ((int)mbps) / 1000, ((int)mbps) % 1000);
+ ixp_done();
#endif /* BENCH_IXP_ACCESS_LIB */
for (i = 0; i < request_q_len; i++)
*/
/****************************************************************************/
#ifdef __KERNEL__
+#include <linux/version.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
+#endif
+
/*
* fake some BSD driver interface stuff specifically for OCF use
*/
#define late_initcall(init) module_init(init)
#endif
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,4) || !defined(CONFIG_SMP)
+#define ocf_for_each_cpu(cpu) for ((cpu) = 0; (cpu) == 0; (cpu)++)
+#else
+#define ocf_for_each_cpu(cpu) for_each_present_cpu(cpu)
+#endif
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27)
+#include <linux/sched.h>
+#define kill_proc(p,s,v) send_sig(s,find_task_by_vpid(p),0)
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,4)
+
+struct ocf_thread {
+ struct task_struct *task;
+ int (*func)(void *arg);
+ void *arg;
+};
+
+/* thread startup helper func */
+static inline int ocf_run_thread(void *arg)
+{
+ struct ocf_thread *t = (struct ocf_thread *) arg;
+ if (!t)
+ return -1; /* very bad */
+ t->task = current;
+ daemonize();
+ spin_lock_irq(¤t->sigmask_lock);
+ sigemptyset(¤t->blocked);
+ recalc_sigpending(current);
+ spin_unlock_irq(¤t->sigmask_lock);
+ return (*t->func)(t->arg);
+}
+
+#define kthread_create(f,a,fmt...) \
+ ({ \
+ struct ocf_thread t; \
+ pid_t p; \
+ t.task = NULL; \
+ t.func = (f); \
+ t.arg = (a); \
+ p = kernel_thread(ocf_run_thread, &t, CLONE_FS|CLONE_FILES); \
+ while (p != (pid_t) -1 && t.task == NULL) \
+ schedule(); \
+ if (t.task) \
+ snprintf(t.task->comm, sizeof(t.task->comm), fmt); \
+ (t.task); \
+ })
+
+#define kthread_bind(t,cpu) /**/
+
+#define kthread_should_stop() (strcmp(current->comm, "stopping") == 0)
+
+#define kthread_stop(t) \
+ ({ \
+ strcpy((t)->comm, "stopping"); \
+ kill_proc((t)->pid, SIGTERM, 1); \
+ do { \
+ schedule(); \
+ } while (kill_proc((t)->pid, SIGTERM, 1) == 0); \
+ })
+
+#else
+#include <linux/kthread.h>
+#endif
+
#endif /* __KERNEL__ */
/****************************************************************************/
*/
#include <linux/version.h>
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
-#include <generated/autoconf.h>
-#else
-#include <linux/autoconf.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
*/
#include <linux/version.h>
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
-#include <generated/autoconf.h>
-#else
-#include <linux/autoconf.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
if (encini) {
ses->ccmd = ccmd;
-
- /* get an IV */
- /* XXX may read fewer than requested */
- get_random_bytes(ses->civ, sizeof(ses->civ));
-
ses->keysz = (encini->cri_klen - 63) / 64;
memcpy(ses->key, encini->cri_key, (ses->keysz + 1) * 8);
if (enccrd->crd_flags & CRD_F_ENCRYPT) {
if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
memcpy(ivp, enccrd->crd_iv, ivsize);
+ else
+ read_random(ivp, ivsize);
/* If IV is not present in the buffer already, it has to be copied there */
if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0)
crypto_copyback(crp->crp_flags, crp->crp_buf,
*/
#include <linux/version.h>
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
-#include <generated/autoconf.h>
-#else
-#include <linux/autoconf.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
#include <linux/wait.h>
#include <linux/sched.h>
#include <linux/spinlock.h>
-#include <linux/version.h>
#include <linux/unistd.h>
#include <linux/poll.h>
#include <linux/random.h>
#error "Please do not enable OCF_RANDOMHARVEST unless you have applied patches"
#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27)
-#include <linux/sched.h>
-#define kill_proc(p,s,v) send_sig(s,find_task_by_vpid(p),0)
-#endif
-
/*
* a hack to access the debug levels from the crypto driver
*/
*/
#include <linux/version.h>
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
-#include <generated/autoconf.h>
-#else
-#include <linux/autoconf.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/list.h>
#include <linux/wait.h>
#include <linux/time.h>
-#include <linux/version.h>
#include <linux/unistd.h>
#include <linux/kernel.h>
#include <linux/string.h>
--- /dev/null
+/*
+ * until we find a cleaner way, include the BSD md5/sha1 code
+ * here
+ */
+#ifdef HMAC_HACK
+#define LITTLE_ENDIAN 1234
+#define BIG_ENDIAN 4321
+#ifdef __LITTLE_ENDIAN
+#define BYTE_ORDER LITTLE_ENDIAN
+#endif
+#ifdef __BIG_ENDIAN
+#define BYTE_ORDER BIG_ENDIAN
+#endif
+
+u_int8_t hmac_ipad_buffer[64] = {
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
+};
+
+u_int8_t hmac_opad_buffer[64] = {
+ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C
+};
+#endif /* HMAC_HACK */
+
*/
#include <linux/version.h>
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
-#include <generated/autoconf.h>
-#else
-#include <linux/autoconf.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/interrupt.h>
#include <linux/spinlock.h>
#include <linux/random.h>
-#include <linux/version.h>
#include <linux/skbuff.h>
#include <asm/io.h>
*/
#define HMAC_HACK 1
#ifdef HMAC_HACK
-#define LITTLE_ENDIAN 1234
-#define BIG_ENDIAN 4321
-#ifdef __LITTLE_ENDIAN
-#define BYTE_ORDER LITTLE_ENDIAN
-#endif
-#ifdef __BIG_ENDIAN
-#define BYTE_ORDER BIG_ENDIAN
-#endif
+#include <safe/hmachack.h>
#include <safe/md5.h>
#include <safe/md5.c>
#include <safe/sha1.h>
#include <safe/sha1.c>
-
-u_int8_t hmac_ipad_buffer[64] = {
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
-};
-
-u_int8_t hmac_opad_buffer[64] = {
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C
-};
#endif /* HMAC_HACK */
/* add proc entry for this */
ses->ses_used = 1;
if (encini) {
- /* get an IV */
- /* XXX may read fewer than requested */
- read_random(ses->ses_iv, sizeof(ses->ses_iv));
-
ses->ses_klen = encini->cri_klen;
if (encini->cri_key != NULL)
safe_setup_enckey(ses, encini->cri_key);
struct safe_ringentry *re;
struct safe_sarec *sa;
struct safe_pdesc *pd;
- u_int32_t cmd0, cmd1, staterec;
+ u_int32_t cmd0, cmd1, staterec, rand_iv[4];
unsigned long flags;
DPRINTF(("%s()\n", __FUNCTION__));
if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
iv = enccrd->crd_iv;
else
- iv = (caddr_t) ses->ses_iv;
+ read_random((iv = (caddr_t) &rand_iv[0]), sizeof(rand_iv));
if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) {
crypto_copyback(crp->crp_flags, crp->crp_buf,
enccrd->crd_inject, ivsize, iv);
return;
}
- if (re->re_flags & SAFE_QFLAGS_COPYOUTIV) {
- /* copy out IV for future use */
- for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
- int i;
- int ivsize;
-
- if (crd->crd_alg == CRYPTO_DES_CBC ||
- crd->crd_alg == CRYPTO_3DES_CBC) {
- ivsize = 2*sizeof(u_int32_t);
- } else if (crd->crd_alg == CRYPTO_AES_CBC) {
- ivsize = 4*sizeof(u_int32_t);
- } else
- continue;
- crypto_copydata(crp->crp_flags, crp->crp_buf,
- crd->crd_skip + crd->crd_len - ivsize, ivsize,
- (caddr_t)sc->sc_sessions[re->re_sesn].ses_iv);
- for (i = 0;
- i < ivsize/sizeof(sc->sc_sessions[re->re_sesn].ses_iv[0]);
- i++)
- sc->sc_sessions[re->re_sesn].ses_iv[i] =
- cpu_to_le32(sc->sc_sessions[re->re_sesn].ses_iv[i]);
- break;
- }
- }
-
if (re->re_flags & SAFE_QFLAGS_COPYOUTICV) {
/* copy out ICV result */
for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
return(-ENODEV);
}
+#ifdef HAVE_PCI_SET_MWI
if (pci_set_mwi(dev)) {
printk("safe: pci_set_mwi failed!");
return(-ENODEV);
}
+#endif
sc = (struct safe_softc *) kmalloc(sizeof(*sc), GFP_KERNEL);
if (!sc)
u_int32_t ses_mlen; /* hmac length in bytes */
u_int32_t ses_hminner[5]; /* hmac inner state */
u_int32_t ses_hmouter[5]; /* hmac outer state */
- u_int32_t ses_iv[4]; /* DES/3DES/AES iv */
};
struct safe_pkq {
*/
#include <linux/version.h>
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
-#include <generated/autoconf.h>
-#else
-#include <linux/autoconf.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
#include <linux/dma-mapping.h> /* dma_map_single() */
#include <linux/moduleparam.h>
-#include <linux/version.h>
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,15)
#include <linux/platform_device.h>
#endif
ses->ses_used = 1;
if (encini) {
- /* get an IV */
- /* XXX may read fewer than requested */
- read_random(ses->ses_iv, sizeof(ses->ses_iv));
-
ses->ses_klen = (encini->cri_klen + 7) / 8;
memcpy(ses->ses_key, encini->cri_key, ses->ses_klen);
if (macini) {
int hmac_key, hmac_data, cipher_iv, cipher_key,
in_fifo, out_fifo, cipher_iv_out;
static int chsel = -1;
+ u_int32_t rand_iv[4];
DPRINTF("%s()\n", __FUNCTION__);
if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
iv = enccrd->crd_iv;
else
- iv = (caddr_t) ses->ses_iv;
+ read_random((iv = (caddr_t) rand_iv), sizeof(rand_iv));
if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) {
crypto_copyback(crp->crp_flags, crp->crp_buf,
enccrd->crd_inject, ivsize, iv);
td->hdr |= TALITOS_DIR_INBOUND;
if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) {
iv = enccrd->crd_iv;
- bcopy(enccrd->crd_iv, iv, ivsize);
} else {
- iv = (caddr_t) ses->ses_iv;
+ iv = (caddr_t) rand_iv;
crypto_copydata(crp->crp_flags, crp->crp_buf,
enccrd->crd_inject, ivsize, iv);
}
u_int32_t ses_key[8]; /* DES/3DES/AES key */
u_int32_t ses_hmac[5]; /* hmac inner state */
u_int32_t ses_hmac_len; /* hmac length */
- u_int32_t ses_iv[4]; /* DES/3DES/AES iv */
u_int32_t ses_mlen; /* desired hash result len (12=ipsec or 16) */
};
--- /dev/null
+# for SGlinux builds
+-include $(ROOTDIR)/modules/.config
+
+obj-$(CONFIG_OCF_UBSEC_SSB) += ubsec_ssb.o
+
+obj ?= .
+EXTRA_CFLAGS += -I$(obj)/.. -I$(obj)/
+
+ifdef TOPDIR
+-include $(TOPDIR)/Rules.make
+endif
+
--- /dev/null
+/* $OpenBSD: queue.h,v 1.32 2007/04/30 18:42:34 pedro Exp $ */
+/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */
+
+/*
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)queue.h 8.5 (Berkeley) 8/20/94
+ */
+
+#ifndef _BSD_SYS_QUEUE_H_
+#define _BSD_SYS_QUEUE_H_
+
+/*
+ * This file defines five types of data structures: singly-linked lists,
+ * lists, simple queues, tail queues, and circular queues.
+ *
+ *
+ * A singly-linked list is headed by a single forward pointer. The elements
+ * are singly linked for minimum space and pointer manipulation overhead at
+ * the expense of O(n) removal for arbitrary elements. New elements can be
+ * added to the list after an existing element or at the head of the list.
+ * Elements being removed from the head of the list should use the explicit
+ * macro for this purpose for optimum efficiency. A singly-linked list may
+ * only be traversed in the forward direction. Singly-linked lists are ideal
+ * for applications with large datasets and few or no removals or for
+ * implementing a LIFO queue.
+ *
+ * A list is headed by a single forward pointer (or an array of forward
+ * pointers for a hash table header). The elements are doubly linked
+ * so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list before
+ * or after an existing element or at the head of the list. A list
+ * may only be traversed in the forward direction.
+ *
+ * A simple queue is headed by a pair of pointers, one the head of the
+ * list and the other to the tail of the list. The elements are singly
+ * linked to save space, so elements can only be removed from the
+ * head of the list. New elements can be added to the list before or after
+ * an existing element, at the head of the list, or at the end of the
+ * list. A simple queue may only be traversed in the forward direction.
+ *
+ * A tail queue is headed by a pair of pointers, one to the head of the
+ * list and the other to the tail of the list. The elements are doubly
+ * linked so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list before or
+ * after an existing element, at the head of the list, or at the end of
+ * the list. A tail queue may be traversed in either direction.
+ *
+ * A circle queue is headed by a pair of pointers, one to the head of the
+ * list and the other to the tail of the list. The elements are doubly
+ * linked so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list before or after
+ * an existing element, at the head of the list, or at the end of the list.
+ * A circle queue may be traversed in either direction, but has a more
+ * complex end of list detection.
+ *
+ * For details on the use of these macros, see the queue(3) manual page.
+ */
+
+#if defined(QUEUE_MACRO_DEBUG) || (defined(_KERNEL) && defined(DIAGNOSTIC))
+#define _Q_INVALIDATE(a) (a) = ((void *)-1)
+#else
+#define _Q_INVALIDATE(a)
+#endif
+
+/*
+ * Singly-linked List definitions.
+ */
+#define BSD_SLIST_HEAD(name, type) \
+struct name { \
+ struct type *slh_first; /* first element */ \
+}
+
+#define BSD_SLIST_HEAD_INITIALIZER(head) \
+ { NULL }
+
+#define BSD_SLIST_ENTRY(type) \
+struct { \
+ struct type *sle_next; /* next element */ \
+}
+
+/*
+ * Singly-linked List access methods.
+ */
+#define BSD_SLIST_FIRST(head) ((head)->slh_first)
+#define BSD_SLIST_END(head) NULL
+#define BSD_SLIST_EMPTY(head) (BSD_SLIST_FIRST(head) == BSD_SLIST_END(head))
+#define BSD_SLIST_NEXT(elm, field) ((elm)->field.sle_next)
+
+#define BSD_SLIST_FOREACH(var, head, field) \
+ for((var) = BSD_SLIST_FIRST(head); \
+ (var) != BSD_SLIST_END(head); \
+ (var) = BSD_SLIST_NEXT(var, field))
+
+#define BSD_SLIST_FOREACH_PREVPTR(var, varp, head, field) \
+ for ((varp) = &BSD_SLIST_FIRST((head)); \
+ ((var) = *(varp)) != BSD_SLIST_END(head); \
+ (varp) = &BSD_SLIST_NEXT((var), field))
+
+/*
+ * Singly-linked List functions.
+ */
+#define BSD_SLIST_INIT(head) { \
+ BSD_SLIST_FIRST(head) = BSD_SLIST_END(head); \
+}
+
+#define BSD_SLIST_INSERT_AFTER(slistelm, elm, field) do { \
+ (elm)->field.sle_next = (slistelm)->field.sle_next; \
+ (slistelm)->field.sle_next = (elm); \
+} while (0)
+
+#define BSD_SLIST_INSERT_HEAD(head, elm, field) do { \
+ (elm)->field.sle_next = (head)->slh_first; \
+ (head)->slh_first = (elm); \
+} while (0)
+
+#define BSD_SLIST_REMOVE_NEXT(head, elm, field) do { \
+ (elm)->field.sle_next = (elm)->field.sle_next->field.sle_next; \
+} while (0)
+
+#define BSD_SLIST_REMOVE_HEAD(head, field) do { \
+ (head)->slh_first = (head)->slh_first->field.sle_next; \
+} while (0)
+
+#define BSD_SLIST_REMOVE(head, elm, type, field) do { \
+ if ((head)->slh_first == (elm)) { \
+ BSD_SLIST_REMOVE_HEAD((head), field); \
+ } else { \
+ struct type *curelm = (head)->slh_first; \
+ \
+ while (curelm->field.sle_next != (elm)) \
+ curelm = curelm->field.sle_next; \
+ curelm->field.sle_next = \
+ curelm->field.sle_next->field.sle_next; \
+ _Q_INVALIDATE((elm)->field.sle_next); \
+ } \
+} while (0)
+
+/*
+ * List definitions.
+ */
+#define BSD_LIST_HEAD(name, type) \
+struct name { \
+ struct type *lh_first; /* first element */ \
+}
+
+#define BSD_LIST_HEAD_INITIALIZER(head) \
+ { NULL }
+
+#define BSD_LIST_ENTRY(type) \
+struct { \
+ struct type *le_next; /* next element */ \
+ struct type **le_prev; /* address of previous next element */ \
+}
+
+/*
+ * List access methods
+ */
+#define BSD_LIST_FIRST(head) ((head)->lh_first)
+#define BSD_LIST_END(head) NULL
+#define BSD_LIST_EMPTY(head) (BSD_LIST_FIRST(head) == BSD_LIST_END(head))
+#define BSD_LIST_NEXT(elm, field) ((elm)->field.le_next)
+
+#define BSD_LIST_FOREACH(var, head, field) \
+ for((var) = BSD_LIST_FIRST(head); \
+ (var)!= BSD_LIST_END(head); \
+ (var) = BSD_LIST_NEXT(var, field))
+
+/*
+ * List functions.
+ */
+#define BSD_LIST_INIT(head) do { \
+ BSD_LIST_FIRST(head) = BSD_LIST_END(head); \
+} while (0)
+
+#define BSD_LIST_INSERT_AFTER(listelm, elm, field) do { \
+ if (((elm)->field.le_next = (listelm)->field.le_next) != NULL) \
+ (listelm)->field.le_next->field.le_prev = \
+ &(elm)->field.le_next; \
+ (listelm)->field.le_next = (elm); \
+ (elm)->field.le_prev = &(listelm)->field.le_next; \
+} while (0)
+
+#define BSD_LIST_INSERT_BEFORE(listelm, elm, field) do { \
+ (elm)->field.le_prev = (listelm)->field.le_prev; \
+ (elm)->field.le_next = (listelm); \
+ *(listelm)->field.le_prev = (elm); \
+ (listelm)->field.le_prev = &(elm)->field.le_next; \
+} while (0)
+
+#define BSD_LIST_INSERT_HEAD(head, elm, field) do { \
+ if (((elm)->field.le_next = (head)->lh_first) != NULL) \
+ (head)->lh_first->field.le_prev = &(elm)->field.le_next;\
+ (head)->lh_first = (elm); \
+ (elm)->field.le_prev = &(head)->lh_first; \
+} while (0)
+
+#define BSD_LIST_REMOVE(elm, field) do { \
+ if ((elm)->field.le_next != NULL) \
+ (elm)->field.le_next->field.le_prev = \
+ (elm)->field.le_prev; \
+ *(elm)->field.le_prev = (elm)->field.le_next; \
+ _Q_INVALIDATE((elm)->field.le_prev); \
+ _Q_INVALIDATE((elm)->field.le_next); \
+} while (0)
+
+#define BSD_LIST_REPLACE(elm, elm2, field) do { \
+ if (((elm2)->field.le_next = (elm)->field.le_next) != NULL) \
+ (elm2)->field.le_next->field.le_prev = \
+ &(elm2)->field.le_next; \
+ (elm2)->field.le_prev = (elm)->field.le_prev; \
+ *(elm2)->field.le_prev = (elm2); \
+ _Q_INVALIDATE((elm)->field.le_prev); \
+ _Q_INVALIDATE((elm)->field.le_next); \
+} while (0)
+
+/*
+ * Simple queue definitions.
+ */
+#define BSD_SIMPLEQ_HEAD(name, type) \
+struct name { \
+ struct type *sqh_first; /* first element */ \
+ struct type **sqh_last; /* addr of last next element */ \
+}
+
+#define BSD_SIMPLEQ_HEAD_INITIALIZER(head) \
+ { NULL, &(head).sqh_first }
+
+#define BSD_SIMPLEQ_ENTRY(type) \
+struct { \
+ struct type *sqe_next; /* next element */ \
+}
+
+/*
+ * Simple queue access methods.
+ */
+#define BSD_SIMPLEQ_FIRST(head) ((head)->sqh_first)
+#define BSD_SIMPLEQ_END(head) NULL
+#define BSD_SIMPLEQ_EMPTY(head) (BSD_SIMPLEQ_FIRST(head) == BSD_SIMPLEQ_END(head))
+#define BSD_SIMPLEQ_NEXT(elm, field) ((elm)->field.sqe_next)
+
+#define BSD_SIMPLEQ_FOREACH(var, head, field) \
+ for((var) = BSD_SIMPLEQ_FIRST(head); \
+ (var) != BSD_SIMPLEQ_END(head); \
+ (var) = BSD_SIMPLEQ_NEXT(var, field))
+
+/*
+ * Simple queue functions.
+ */
+#define BSD_SIMPLEQ_INIT(head) do { \
+ (head)->sqh_first = NULL; \
+ (head)->sqh_last = &(head)->sqh_first; \
+} while (0)
+
+#define BSD_SIMPLEQ_INSERT_HEAD(head, elm, field) do { \
+ if (((elm)->field.sqe_next = (head)->sqh_first) == NULL) \
+ (head)->sqh_last = &(elm)->field.sqe_next; \
+ (head)->sqh_first = (elm); \
+} while (0)
+
+#define BSD_SIMPLEQ_INSERT_TAIL(head, elm, field) do { \
+ (elm)->field.sqe_next = NULL; \
+ *(head)->sqh_last = (elm); \
+ (head)->sqh_last = &(elm)->field.sqe_next; \
+} while (0)
+
+#define BSD_SIMPLEQ_INSERT_AFTER(head, listelm, elm, field) do { \
+ if (((elm)->field.sqe_next = (listelm)->field.sqe_next) == NULL)\
+ (head)->sqh_last = &(elm)->field.sqe_next; \
+ (listelm)->field.sqe_next = (elm); \
+} while (0)
+
+#define BSD_SIMPLEQ_REMOVE_HEAD(head, field) do { \
+ if (((head)->sqh_first = (head)->sqh_first->field.sqe_next) == NULL) \
+ (head)->sqh_last = &(head)->sqh_first; \
+} while (0)
+
+/*
+ * Tail queue definitions.
+ */
+#define BSD_TAILQ_HEAD(name, type) \
+struct name { \
+ struct type *tqh_first; /* first element */ \
+ struct type **tqh_last; /* addr of last next element */ \
+}
+
+#define BSD_TAILQ_HEAD_INITIALIZER(head) \
+ { NULL, &(head).tqh_first }
+
+#define BSD_TAILQ_ENTRY(type) \
+struct { \
+ struct type *tqe_next; /* next element */ \
+ struct type **tqe_prev; /* address of previous next element */ \
+}
+
+/*
+ * tail queue access methods
+ */
+#define BSD_TAILQ_FIRST(head) ((head)->tqh_first)
+#define BSD_TAILQ_END(head) NULL
+#define BSD_TAILQ_NEXT(elm, field) ((elm)->field.tqe_next)
+#define BSD_TAILQ_LAST(head, headname) \
+ (*(((struct headname *)((head)->tqh_last))->tqh_last))
+/* XXX */
+#define BSD_TAILQ_PREV(elm, headname, field) \
+ (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last))
+#define BSD_TAILQ_EMPTY(head) \
+ (BSD_TAILQ_FIRST(head) == BSD_TAILQ_END(head))
+
+#define BSD_TAILQ_FOREACH(var, head, field) \
+ for((var) = BSD_TAILQ_FIRST(head); \
+ (var) != BSD_TAILQ_END(head); \
+ (var) = BSD_TAILQ_NEXT(var, field))
+
+#define BSD_TAILQ_FOREACH_REVERSE(var, head, headname, field) \
+ for((var) = BSD_TAILQ_LAST(head, headname); \
+ (var) != BSD_TAILQ_END(head); \
+ (var) = BSD_TAILQ_PREV(var, headname, field))
+
+/*
+ * Tail queue functions.
+ */
+#define BSD_TAILQ_INIT(head) do { \
+ (head)->tqh_first = NULL; \
+ (head)->tqh_last = &(head)->tqh_first; \
+} while (0)
+
+#define BSD_TAILQ_INSERT_HEAD(head, elm, field) do { \
+ if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \
+ (head)->tqh_first->field.tqe_prev = \
+ &(elm)->field.tqe_next; \
+ else \
+ (head)->tqh_last = &(elm)->field.tqe_next; \
+ (head)->tqh_first = (elm); \
+ (elm)->field.tqe_prev = &(head)->tqh_first; \
+} while (0)
+
+#define BSD_TAILQ_INSERT_TAIL(head, elm, field) do { \
+ (elm)->field.tqe_next = NULL; \
+ (elm)->field.tqe_prev = (head)->tqh_last; \
+ *(head)->tqh_last = (elm); \
+ (head)->tqh_last = &(elm)->field.tqe_next; \
+} while (0)
+
+#define BSD_TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \
+ if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\
+ (elm)->field.tqe_next->field.tqe_prev = \
+ &(elm)->field.tqe_next; \
+ else \
+ (head)->tqh_last = &(elm)->field.tqe_next; \
+ (listelm)->field.tqe_next = (elm); \
+ (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \
+} while (0)
+
+#define BSD_TAILQ_INSERT_BEFORE(listelm, elm, field) do { \
+ (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \
+ (elm)->field.tqe_next = (listelm); \
+ *(listelm)->field.tqe_prev = (elm); \
+ (listelm)->field.tqe_prev = &(elm)->field.tqe_next; \
+} while (0)
+
+#define BSD_TAILQ_REMOVE(head, elm, field) do { \
+ if (((elm)->field.tqe_next) != NULL) \
+ (elm)->field.tqe_next->field.tqe_prev = \
+ (elm)->field.tqe_prev; \
+ else \
+ (head)->tqh_last = (elm)->field.tqe_prev; \
+ *(elm)->field.tqe_prev = (elm)->field.tqe_next; \
+ _Q_INVALIDATE((elm)->field.tqe_prev); \
+ _Q_INVALIDATE((elm)->field.tqe_next); \
+} while (0)
+
+#define BSD_TAILQ_REPLACE(head, elm, elm2, field) do { \
+ if (((elm2)->field.tqe_next = (elm)->field.tqe_next) != NULL) \
+ (elm2)->field.tqe_next->field.tqe_prev = \
+ &(elm2)->field.tqe_next; \
+ else \
+ (head)->tqh_last = &(elm2)->field.tqe_next; \
+ (elm2)->field.tqe_prev = (elm)->field.tqe_prev; \
+ *(elm2)->field.tqe_prev = (elm2); \
+ _Q_INVALIDATE((elm)->field.tqe_prev); \
+ _Q_INVALIDATE((elm)->field.tqe_next); \
+} while (0)
+
+/*
+ * Circular queue definitions.
+ */
+#define BSD_CIRCLEQ_HEAD(name, type) \
+struct name { \
+ struct type *cqh_first; /* first element */ \
+ struct type *cqh_last; /* last element */ \
+}
+
+#define BSD_CIRCLEQ_HEAD_INITIALIZER(head) \
+ { BSD_CIRCLEQ_END(&head), BSD_CIRCLEQ_END(&head) }
+
+#define BSD_CIRCLEQ_ENTRY(type) \
+struct { \
+ struct type *cqe_next; /* next element */ \
+ struct type *cqe_prev; /* previous element */ \
+}
+
+/*
+ * Circular queue access methods
+ */
+#define BSD_CIRCLEQ_FIRST(head) ((head)->cqh_first)
+#define BSD_CIRCLEQ_LAST(head) ((head)->cqh_last)
+#define BSD_CIRCLEQ_END(head) ((void *)(head))
+#define BSD_CIRCLEQ_NEXT(elm, field) ((elm)->field.cqe_next)
+#define BSD_CIRCLEQ_PREV(elm, field) ((elm)->field.cqe_prev)
+#define BSD_CIRCLEQ_EMPTY(head) \
+ (BSD_CIRCLEQ_FIRST(head) == BSD_CIRCLEQ_END(head))
+
+#define BSD_CIRCLEQ_FOREACH(var, head, field) \
+ for((var) = BSD_CIRCLEQ_FIRST(head); \
+ (var) != BSD_CIRCLEQ_END(head); \
+ (var) = BSD_CIRCLEQ_NEXT(var, field))
+
+#define BSD_CIRCLEQ_FOREACH_REVERSE(var, head, field) \
+ for((var) = BSD_CIRCLEQ_LAST(head); \
+ (var) != BSD_CIRCLEQ_END(head); \
+ (var) = BSD_CIRCLEQ_PREV(var, field))
+
+/*
+ * Circular queue functions.
+ */
+#define BSD_CIRCLEQ_INIT(head) do { \
+ (head)->cqh_first = BSD_CIRCLEQ_END(head); \
+ (head)->cqh_last = BSD_CIRCLEQ_END(head); \
+} while (0)
+
+#define BSD_CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do { \
+ (elm)->field.cqe_next = (listelm)->field.cqe_next; \
+ (elm)->field.cqe_prev = (listelm); \
+ if ((listelm)->field.cqe_next == BSD_CIRCLEQ_END(head)) \
+ (head)->cqh_last = (elm); \
+ else \
+ (listelm)->field.cqe_next->field.cqe_prev = (elm); \
+ (listelm)->field.cqe_next = (elm); \
+} while (0)
+
+#define BSD_CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) do { \
+ (elm)->field.cqe_next = (listelm); \
+ (elm)->field.cqe_prev = (listelm)->field.cqe_prev; \
+ if ((listelm)->field.cqe_prev == BSD_CIRCLEQ_END(head)) \
+ (head)->cqh_first = (elm); \
+ else \
+ (listelm)->field.cqe_prev->field.cqe_next = (elm); \
+ (listelm)->field.cqe_prev = (elm); \
+} while (0)
+
+#define BSD_CIRCLEQ_INSERT_HEAD(head, elm, field) do { \
+ (elm)->field.cqe_next = (head)->cqh_first; \
+ (elm)->field.cqe_prev = BSD_CIRCLEQ_END(head); \
+ if ((head)->cqh_last == BSD_CIRCLEQ_END(head)) \
+ (head)->cqh_last = (elm); \
+ else \
+ (head)->cqh_first->field.cqe_prev = (elm); \
+ (head)->cqh_first = (elm); \
+} while (0)
+
+#define BSD_CIRCLEQ_INSERT_TAIL(head, elm, field) do { \
+ (elm)->field.cqe_next = BSD_CIRCLEQ_END(head); \
+ (elm)->field.cqe_prev = (head)->cqh_last; \
+ if ((head)->cqh_first == BSD_CIRCLEQ_END(head)) \
+ (head)->cqh_first = (elm); \
+ else \
+ (head)->cqh_last->field.cqe_next = (elm); \
+ (head)->cqh_last = (elm); \
+} while (0)
+
+#define BSD_CIRCLEQ_REMOVE(head, elm, field) do { \
+ if ((elm)->field.cqe_next == BSD_CIRCLEQ_END(head)) \
+ (head)->cqh_last = (elm)->field.cqe_prev; \
+ else \
+ (elm)->field.cqe_next->field.cqe_prev = \
+ (elm)->field.cqe_prev; \
+ if ((elm)->field.cqe_prev == BSD_CIRCLEQ_END(head)) \
+ (head)->cqh_first = (elm)->field.cqe_next; \
+ else \
+ (elm)->field.cqe_prev->field.cqe_next = \
+ (elm)->field.cqe_next; \
+ _Q_INVALIDATE((elm)->field.cqe_prev); \
+ _Q_INVALIDATE((elm)->field.cqe_next); \
+} while (0)
+
+#define BSD_CIRCLEQ_REPLACE(head, elm, elm2, field) do { \
+ if (((elm2)->field.cqe_next = (elm)->field.cqe_next) == \
+ BSD_CIRCLEQ_END(head)) \
+ (head).cqh_last = (elm2); \
+ else \
+ (elm2)->field.cqe_next->field.cqe_prev = (elm2); \
+ if (((elm2)->field.cqe_prev = (elm)->field.cqe_prev) == \
+ BSD_CIRCLEQ_END(head)) \
+ (head).cqh_first = (elm2); \
+ else \
+ (elm2)->field.cqe_prev->field.cqe_next = (elm2); \
+ _Q_INVALIDATE((elm)->field.cqe_prev); \
+ _Q_INVALIDATE((elm)->field.cqe_next); \
+} while (0)
+
+#endif /* !_BSD_SYS_QUEUE_H_ */
--- /dev/null
+
+/*
+ * Copyright (c) 2008 Daniel Mueller (daniel@danm.de)
+ * Copyright (c) 2007 David McCullough (david_mccullough@securecomputing.com)
+ * Copyright (c) 2000 Jason L. Wright (jason@thought.net)
+ * Copyright (c) 2000 Theo de Raadt (deraadt@openbsd.org)
+ * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Effort sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F30602-01-2-0537.
+ *
+ */
+#undef UBSEC_DEBUG
+#undef UBSEC_VERBOSE_DEBUG
+
+#ifdef UBSEC_VERBOSE_DEBUG
+#define UBSEC_DEBUG
+#endif
+
+/*
+ * uBsec BCM5365 hardware crypto accelerator
+ */
+
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/moduleparam.h>
+#include <linux/proc_fs.h>
+#include <linux/types.h>
+#include <linux/init.h>
+#include <linux/delay.h>
+#include <linux/interrupt.h>
+#include <linux/fs.h>
+#include <linux/random.h>
+#include <linux/skbuff.h>
+#include <linux/stat.h>
+#include <asm/io.h>
+
+#include <linux/ssb/ssb.h>
+
+/*
+ * BSD queue
+ */
+//#include "bsdqueue.h"
+
+/*
+ * OCF
+ */
+#include <cryptodev.h>
+#include <uio.h>
+
+#define HMAC_HACK 1
+
+#define HMAC_HACK 1
+#ifdef HMAC_HACK
+#include <safe/hmachack.h>
+#include <safe/md5.h>
+#include <safe/md5.c>
+#include <safe/sha1.h>
+#include <safe/sha1.c>
+#endif
+
+#include "bsdqueue.h"
+#include "ubsecreg.h"
+#include "ubsecvar.h"
+
+#define DRV_MODULE_NAME "ubsec_ssb"
+#define PFX DRV_MODULE_NAME ": "
+#define DRV_MODULE_VERSION "0.02"
+#define DRV_MODULE_RELDATE "Feb 21, 2009"
+
+#if 1
+#define DPRINTF(a...) \
+ if (debug) \
+ { \
+ printk(DRV_MODULE_NAME ": " a); \
+ }
+#else
+#define DPRINTF(a...)
+#endif
+
+/*
+ * Prototypes
+ */
+static irqreturn_t ubsec_ssb_isr(int, void *, struct pt_regs *);
+static int __devinit ubsec_ssb_probe(struct ssb_device *sdev,
+ const struct ssb_device_id *ent);
+static void __devexit ubsec_ssb_remove(struct ssb_device *sdev);
+int ubsec_attach(struct ssb_device *sdev, const struct ssb_device_id *ent,
+ struct device *self);
+static void ubsec_setup_mackey(struct ubsec_session *ses, int algo,
+ caddr_t key, int klen);
+static int dma_map_skb(struct ubsec_softc *sc,
+ struct ubsec_dma_alloc* q_map, struct sk_buff *skb, int *mlen);
+static int dma_map_uio(struct ubsec_softc *sc,
+ struct ubsec_dma_alloc *q_map, struct uio *uio, int *mlen);
+static void dma_unmap(struct ubsec_softc *sc,
+ struct ubsec_dma_alloc *q_map, int mlen);
+static int ubsec_dmamap_aligned(struct ubsec_softc *sc,
+ const struct ubsec_dma_alloc *q_map, int mlen);
+
+#ifdef UBSEC_DEBUG
+static int proc_read(char *buf, char **start, off_t offset,
+ int size, int *peof, void *data);
+#endif
+
+void ubsec_reset_board(struct ubsec_softc *);
+void ubsec_init_board(struct ubsec_softc *);
+void ubsec_cleanchip(struct ubsec_softc *);
+void ubsec_totalreset(struct ubsec_softc *);
+int ubsec_free_q(struct ubsec_softc*, struct ubsec_q *);
+
+static int ubsec_newsession(device_t, u_int32_t *, struct cryptoini *);
+static int ubsec_freesession(device_t, u_int64_t);
+static int ubsec_process(device_t, struct cryptop *, int);
+
+void ubsec_callback(struct ubsec_softc *, struct ubsec_q *);
+void ubsec_feed(struct ubsec_softc *);
+void ubsec_mcopy(struct sk_buff *, struct sk_buff *, int, int);
+void ubsec_dma_free(struct ubsec_softc *, struct ubsec_dma_alloc *);
+int ubsec_dma_malloc(struct ubsec_softc *, struct ubsec_dma_alloc *,
+ size_t, int);
+
+/* DEBUG crap... */
+void ubsec_dump_pb(struct ubsec_pktbuf *);
+void ubsec_dump_mcr(struct ubsec_mcr *);
+
+#define READ_REG(sc,r) \
+ ssb_read32((sc)->sdev, (r));
+#define WRITE_REG(sc,r,val) \
+ ssb_write32((sc)->sdev, (r), (val));
+#define READ_REG_SDEV(sdev,r) \
+ ssb_read32((sdev), (r));
+#define WRITE_REG_SDEV(sdev,r,val) \
+ ssb_write32((sdev), (r), (val));
+
+#define SWAP32(x) (x) = htole32(ntohl((x)))
+#define HTOLE32(x) (x) = htole32(x)
+
+#ifdef __LITTLE_ENDIAN
+#define letoh16(x) (x)
+#define letoh32(x) (x)
+#endif
+
+static int debug;
+module_param(debug, int, 0644);
+MODULE_PARM_DESC(debug, "Enable debug output");
+
+#define UBSEC_SSB_MAX_CHIPS 1
+static struct ubsec_softc *ubsec_chip_idx[UBSEC_SSB_MAX_CHIPS];
+static struct ubsec_stats ubsecstats;
+
+#ifdef UBSEC_DEBUG
+static struct proc_dir_entry *procdebug;
+#endif
+
+static struct ssb_device_id ubsec_ssb_tbl[] = {
+ /* Broadcom BCM5365P IPSec Core */
+ SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_IPSEC, SSB_ANY_REV),
+ SSB_DEVTABLE_END
+};
+
+static struct ssb_driver ubsec_ssb_driver = {
+ .name = DRV_MODULE_NAME,
+ .id_table = ubsec_ssb_tbl,
+ .probe = ubsec_ssb_probe,
+ .remove = __devexit_p(ubsec_ssb_remove),
+ /*
+ .suspend = ubsec_ssb_suspend,
+ .resume = ubsec_ssb_resume
+ */
+};
+
+static device_method_t ubsec_ssb_methods = {
+ /* crypto device methods */
+ DEVMETHOD(cryptodev_newsession, ubsec_newsession),
+ DEVMETHOD(cryptodev_freesession,ubsec_freesession),
+ DEVMETHOD(cryptodev_process, ubsec_process),
+};
+
+#ifdef UBSEC_DEBUG
+static int
+proc_read(char *buf, char **start, off_t offset,
+ int size, int *peof, void *data)
+{
+ int i = 0, byteswritten = 0, ret;
+ unsigned int stat, ctrl;
+#ifdef UBSEC_VERBOSE_DEBUG
+ struct ubsec_q *q;
+ struct ubsec_dma *dmap;
+#endif
+
+ while ((i < UBSEC_SSB_MAX_CHIPS) && (ubsec_chip_idx[i] != NULL))
+ {
+ struct ubsec_softc *sc = ubsec_chip_idx[i];
+
+ stat = READ_REG(sc, BS_STAT);
+ ctrl = READ_REG(sc, BS_CTRL);
+ ret = snprintf((buf + byteswritten),
+ (size - byteswritten) ,
+ "DEV %d, DMASTAT %08x, DMACTRL %08x\n", i, stat, ctrl);
+
+ byteswritten += ret;
+
+#ifdef UBSEC_VERBOSE_DEBUG
+ printf("DEV %d, DMASTAT %08x, DMACTRL %08x\n", i, stat, ctrl);
+
+ /* Dump all queues MCRs */
+ if (!BSD_SIMPLEQ_EMPTY(&sc->sc_qchip)) {
+ BSD_SIMPLEQ_FOREACH(q, &sc->sc_qchip, q_next)
+ {
+ dmap = q->q_dma;
+ ubsec_dump_mcr(&dmap->d_dma->d_mcr);
+ }
+ }
+#endif
+
+ i++;
+ }
+
+ *peof = 1;
+
+ return byteswritten;
+}
+#endif
+
+/*
+ * map in a given sk_buff
+ */
+static int
+dma_map_skb(struct ubsec_softc *sc, struct ubsec_dma_alloc* q_map, struct sk_buff *skb, int *mlen)
+{
+ int i = 0;
+ dma_addr_t tmp;
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("%s()\n", __FUNCTION__);
+#endif
+
+ /*
+ * We support only a limited number of fragments.
+ */
+ if (unlikely((skb_shinfo(skb)->nr_frags + 1) >= UBS_MAX_SCATTER))
+ {
+ printk(KERN_ERR "Only %d scatter fragments are supported.\n", UBS_MAX_SCATTER);
+ return (-ENOMEM);
+ }
+
+#ifdef UBSEC_VERBOSE_DEBUG
+ DPRINTF("%s - map %d 0x%x %d\n", __FUNCTION__, 0, (unsigned int)skb->data, skb_headlen(skb));
+#endif
+
+ /* first data package */
+ tmp = dma_map_single(sc->sc_dv,
+ skb->data,
+ skb_headlen(skb),
+ DMA_BIDIRECTIONAL);
+
+ q_map[i].dma_paddr = tmp;
+ q_map[i].dma_vaddr = skb->data;
+ q_map[i].dma_size = skb_headlen(skb);
+
+ if (unlikely(tmp == 0))
+ {
+ printk(KERN_ERR "Could not map memory region for dma.\n");
+ return (-EINVAL);
+ }
+
+#ifdef UBSEC_VERBOSE_DEBUG
+ DPRINTF("%s - map %d done physical addr 0x%x\n", __FUNCTION__, 0, (unsigned int)tmp);
+#endif
+
+
+ /* all other data packages */
+ for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
+
+#ifdef UBSEC_VERBOSE_DEBUG
+ DPRINTF("%s - map %d 0x%x %d\n", __FUNCTION__, i + 1,
+ (unsigned int)page_address(skb_shinfo(skb)->frags[i].page) +
+ skb_shinfo(skb)->frags[i].page_offset, skb_shinfo(skb)->frags[i].size);
+#endif
+
+ tmp = dma_map_single(sc->sc_dv,
+ page_address(skb_shinfo(skb)->frags[i].page) +
+ skb_shinfo(skb)->frags[i].page_offset,
+ skb_shinfo(skb)->frags[i].size,
+ DMA_BIDIRECTIONAL);
+
+ q_map[i + 1].dma_paddr = tmp;
+ q_map[i + 1].dma_vaddr = (void*)(page_address(skb_shinfo(skb)->frags[i].page) +
+ skb_shinfo(skb)->frags[i].page_offset);
+ q_map[i + 1].dma_size = skb_shinfo(skb)->frags[i].size;
+
+ if (unlikely(tmp == 0))
+ {
+ printk(KERN_ERR "Could not map memory region for dma.\n");
+ return (-EINVAL);
+ }
+
+#ifdef UBSEC_VERBOSE_DEBUG
+ DPRINTF("%s - map %d done physical addr 0x%x\n", __FUNCTION__, i + 1, (unsigned int)tmp);
+#endif
+
+ }
+ *mlen = i + 1;
+
+ return(0);
+}
+
+/*
+ * map in a given uio buffer
+ */
+
+static int
+dma_map_uio(struct ubsec_softc *sc, struct ubsec_dma_alloc *q_map, struct uio *uio, int *mlen)
+{
+ struct iovec *iov = uio->uio_iov;
+ int n;
+ dma_addr_t tmp;
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("%s()\n", __FUNCTION__);
+#endif
+
+ /*
+ * We support only a limited number of fragments.
+ */
+ if (unlikely(uio->uio_iovcnt >= UBS_MAX_SCATTER))
+ {
+ printk(KERN_ERR "Only %d scatter fragments are supported.\n", UBS_MAX_SCATTER);
+ return (-ENOMEM);
+ }
+
+ for (n = 0; n < uio->uio_iovcnt; n++) {
+#ifdef UBSEC_VERBOSE_DEBUG
+ DPRINTF("%s - map %d 0x%x %d\n", __FUNCTION__, n, (unsigned int)iov->iov_base, iov->iov_len);
+#endif
+ tmp = dma_map_single(sc->sc_dv,
+ iov->iov_base,
+ iov->iov_len,
+ DMA_BIDIRECTIONAL);
+
+ q_map[n].dma_paddr = tmp;
+ q_map[n].dma_vaddr = iov->iov_base;
+ q_map[n].dma_size = iov->iov_len;
+
+ if (unlikely(tmp == 0))
+ {
+ printk(KERN_ERR "Could not map memory region for dma.\n");
+ return (-EINVAL);
+ }
+
+#ifdef UBSEC_VERBOSE_DEBUG
+ DPRINTF("%s - map %d done physical addr 0x%x\n", __FUNCTION__, n, (unsigned int)tmp);
+#endif
+
+ iov++;
+ }
+ *mlen = n;
+
+ return(0);
+}
+
+static void
+dma_unmap(struct ubsec_softc *sc, struct ubsec_dma_alloc *q_map, int mlen)
+{
+ int i;
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("%s()\n", __FUNCTION__);
+#endif
+
+ for(i = 0; i < mlen; i++)
+ {
+#ifdef UBSEC_VERBOSE_DEBUG
+ DPRINTF("%s - unmap %d 0x%x %d\n", __FUNCTION__, i, (unsigned int)q_map[i].dma_paddr, q_map[i].dma_size);
+#endif
+ dma_unmap_single(sc->sc_dv,
+ q_map[i].dma_paddr,
+ q_map[i].dma_size,
+ DMA_BIDIRECTIONAL);
+ }
+ return;
+}
+
+/*
+ * Is the operand suitable aligned for direct DMA. Each
+ * segment must be aligned on a 32-bit boundary and all
+ * but the last segment must be a multiple of 4 bytes.
+ */
+static int
+ubsec_dmamap_aligned(struct ubsec_softc *sc, const struct ubsec_dma_alloc *q_map, int mlen)
+{
+ int i;
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("%s()\n", __FUNCTION__);
+#endif
+
+ for (i = 0; i < mlen; i++) {
+ if (q_map[i].dma_paddr & 3)
+ return (0);
+ if (i != (mlen - 1) && (q_map[i].dma_size & 3))
+ return (0);
+ }
+ return (1);
+}
+
+
+#define N(a) (sizeof(a) / sizeof (a[0]))
+static void
+ubsec_setup_mackey(struct ubsec_session *ses, int algo, caddr_t key, int klen)
+{
+#ifdef HMAC_HACK
+ MD5_CTX md5ctx;
+ SHA1_CTX sha1ctx;
+ int i;
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("%s()\n", __FUNCTION__);
+#endif
+
+ for (i = 0; i < klen; i++)
+ key[i] ^= HMAC_IPAD_VAL;
+
+ if (algo == CRYPTO_MD5_HMAC) {
+ MD5Init(&md5ctx);
+ MD5Update(&md5ctx, key, klen);
+ MD5Update(&md5ctx, hmac_ipad_buffer, MD5_HMAC_BLOCK_LEN - klen);
+ bcopy(md5ctx.md5_st8, ses->ses_hminner, sizeof(md5ctx.md5_st8));
+ } else {
+ SHA1Init(&sha1ctx);
+ SHA1Update(&sha1ctx, key, klen);
+ SHA1Update(&sha1ctx, hmac_ipad_buffer,
+ SHA1_HMAC_BLOCK_LEN - klen);
+ bcopy(sha1ctx.h.b32, ses->ses_hminner, sizeof(sha1ctx.h.b32));
+ }
+
+ for (i = 0; i < klen; i++)
+ key[i] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
+
+ if (algo == CRYPTO_MD5_HMAC) {
+ MD5Init(&md5ctx);
+ MD5Update(&md5ctx, key, klen);
+ MD5Update(&md5ctx, hmac_opad_buffer, MD5_HMAC_BLOCK_LEN - klen);
+ bcopy(md5ctx.md5_st8, ses->ses_hmouter, sizeof(md5ctx.md5_st8));
+ } else {
+ SHA1Init(&sha1ctx);
+ SHA1Update(&sha1ctx, key, klen);
+ SHA1Update(&sha1ctx, hmac_opad_buffer,
+ SHA1_HMAC_BLOCK_LEN - klen);
+ bcopy(sha1ctx.h.b32, ses->ses_hmouter, sizeof(sha1ctx.h.b32));
+ }
+
+ for (i = 0; i < klen; i++)
+ key[i] ^= HMAC_OPAD_VAL;
+
+#else /* HMAC_HACK */
+ DPRINTF("md5/sha not implemented\n");
+#endif /* HMAC_HACK */
+}
+#undef N
+
+static int
+__devinit ubsec_ssb_probe(struct ssb_device *sdev,
+ const struct ssb_device_id *ent)
+{
+ int err;
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("%s()\n", __FUNCTION__);
+#endif
+
+ err = ssb_bus_powerup(sdev->bus, 0);
+ if (err) {
+ dev_err(sdev->dev, "Failed to powerup the bus\n");
+ goto err_out;
+ }
+
+ err = request_irq(sdev->irq, (irq_handler_t)ubsec_ssb_isr,
+ IRQF_DISABLED | IRQF_SHARED, DRV_MODULE_NAME, sdev);
+ if (err) {
+ dev_err(sdev->dev, "Could not request irq\n");
+ goto err_out_powerdown;
+ }
+
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,36))
+ err = dma_set_mask(sdev->dma_dev, DMA_BIT_MASK(32)) ||
+ dma_set_coherent_mask(sdev->dma_dev, DMA_BIT_MASK(32));
+#else
+ err = ssb_dma_set_mask(sdev, DMA_32BIT_MASK);
+#endif
+ if (err) {
+ dev_err(sdev->dev,
+ "Required 32BIT DMA mask unsupported by the system.\n");
+ goto err_out_free_irq;
+ }
+
+ printk(KERN_INFO "Sentry5(tm) ROBOGateway(tm) IPSec Core at IRQ %u\n",
+ sdev->irq);
+
+ DPRINTF("Vendor: %x, core id: %x, revision: %x\n",
+ sdev->id.vendor, sdev->id.coreid, sdev->id.revision);
+
+ ssb_device_enable(sdev, 0);
+
+ if (ubsec_attach(sdev, ent, sdev->dev) != 0)
+ goto err_out_disable;
+
+#ifdef UBSEC_DEBUG
+ procdebug = create_proc_entry(DRV_MODULE_NAME, S_IRUSR, NULL);
+ if (procdebug)
+ {
+ procdebug->read_proc = proc_read;
+ procdebug->data = NULL;
+ } else
+ DPRINTF("Unable to create proc file.\n");
+#endif
+
+ return 0;
+
+err_out_disable:
+ ssb_device_disable(sdev, 0);
+
+err_out_free_irq:
+ free_irq(sdev->irq, sdev);
+
+err_out_powerdown:
+ ssb_bus_may_powerdown(sdev->bus);
+
+err_out:
+ return err;
+}
+
+static void __devexit ubsec_ssb_remove(struct ssb_device *sdev) {
+
+ struct ubsec_softc *sc;
+ unsigned int ctrlflgs;
+ struct ubsec_dma *dmap;
+ u_int32_t i;
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("%s()\n", __FUNCTION__);
+#endif
+
+ ctrlflgs = READ_REG_SDEV(sdev, BS_CTRL);
+ /* disable all IPSec Core interrupts globally */
+ ctrlflgs ^= (BS_CTRL_MCR1INT | BS_CTRL_MCR2INT |
+ BS_CTRL_DMAERR);
+ WRITE_REG_SDEV(sdev, BS_CTRL, ctrlflgs);
+
+ free_irq(sdev->irq, sdev);
+
+ sc = (struct ubsec_softc *)ssb_get_drvdata(sdev);
+
+ /* unregister all crypto algorithms */
+ crypto_unregister_all(sc->sc_cid);
+
+ /* Free queue / dma memory */
+ for (i = 0; i < UBS_MAX_NQUEUE; i++) {
+ struct ubsec_q *q;
+
+ q = sc->sc_queuea[i];
+ if (q != NULL)
+ {
+ dmap = q->q_dma;
+ if (dmap != NULL)
+ {
+ ubsec_dma_free(sc, &dmap->d_alloc);
+ q->q_dma = NULL;
+ }
+ kfree(q);
+ }
+ sc->sc_queuea[i] = NULL;
+ }
+
+ ssb_device_disable(sdev, 0);
+ ssb_bus_may_powerdown(sdev->bus);
+ ssb_set_drvdata(sdev, NULL);
+
+#ifdef UBSEC_DEBUG
+ if (procdebug)
+ remove_proc_entry(DRV_MODULE_NAME, NULL);
+#endif
+
+}
+
+
+int
+ubsec_attach(struct ssb_device *sdev, const struct ssb_device_id *ent,
+ struct device *self)
+{
+ struct ubsec_softc *sc = NULL;
+ struct ubsec_dma *dmap;
+ u_int32_t i;
+ static int num_chips = 0;
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("%s()\n", __FUNCTION__);
+#endif
+
+ sc = (struct ubsec_softc *) kmalloc(sizeof(*sc), GFP_KERNEL);
+ if (!sc)
+ return(-ENOMEM);
+ memset(sc, 0, sizeof(*sc));
+
+ sc->sc_dv = sdev->dev;
+ sc->sdev = sdev;
+
+ spin_lock_init(&sc->sc_ringmtx);
+
+ softc_device_init(sc, "ubsec_ssb", num_chips, ubsec_ssb_methods);
+
+ /* Maybe someday there are boards with more than one chip available */
+ if (num_chips < UBSEC_SSB_MAX_CHIPS) {
+ ubsec_chip_idx[device_get_unit(sc->sc_dev)] = sc;
+ num_chips++;
+ }
+
+ ssb_set_drvdata(sdev, sc);
+
+ BSD_SIMPLEQ_INIT(&sc->sc_queue);
+ BSD_SIMPLEQ_INIT(&sc->sc_qchip);
+ BSD_SIMPLEQ_INIT(&sc->sc_queue2);
+ BSD_SIMPLEQ_INIT(&sc->sc_qchip2);
+ BSD_SIMPLEQ_INIT(&sc->sc_q2free);
+
+ sc->sc_statmask = BS_STAT_MCR1_DONE | BS_STAT_DMAERR;
+
+ sc->sc_cid = crypto_get_driverid(softc_get_device(sc), CRYPTOCAP_F_HARDWARE);
+ if (sc->sc_cid < 0) {
+ device_printf(sc->sc_dev, "could not get crypto driver id\n");
+ return -1;
+ }
+
+ BSD_SIMPLEQ_INIT(&sc->sc_freequeue);
+ dmap = sc->sc_dmaa;
+ for (i = 0; i < UBS_MAX_NQUEUE; i++, dmap++) {
+ struct ubsec_q *q;
+
+ q = (struct ubsec_q *)kmalloc(sizeof(struct ubsec_q), GFP_KERNEL);
+ if (q == NULL) {
+ printf(": can't allocate queue buffers\n");
+ break;
+ }
+
+ if (ubsec_dma_malloc(sc, &dmap->d_alloc, sizeof(struct ubsec_dmachunk),0)) {
+ printf(": can't allocate dma buffers\n");
+ kfree(q);
+ break;
+ }
+ dmap->d_dma = (struct ubsec_dmachunk *)dmap->d_alloc.dma_vaddr;
+
+ q->q_dma = dmap;
+ sc->sc_queuea[i] = q;
+
+ BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next);
+ }
+
+ /*
+ * Reset Broadcom chip
+ */
+ ubsec_reset_board(sc);
+
+ /*
+ * Init Broadcom chip
+ */
+ ubsec_init_board(sc);
+
+ /* supported crypto algorithms */
+ crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0);
+ crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0);
+
+ if (sc->sc_flags & UBS_FLAGS_AES) {
+ crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0);
+ printf(KERN_INFO DRV_MODULE_NAME ": DES 3DES AES128 AES192 AES256 MD5_HMAC SHA1_HMAC\n");
+ }
+ else
+ printf(KERN_INFO DRV_MODULE_NAME ": DES 3DES MD5_HMAC SHA1_HMAC\n");
+
+ crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0);
+ crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0);
+
+ return 0;
+}
+
+/*
+ * UBSEC Interrupt routine
+ */
+static irqreturn_t
+ubsec_ssb_isr(int irq, void *arg, struct pt_regs *regs)
+{
+ struct ubsec_softc *sc = NULL;
+ volatile u_int32_t stat;
+ struct ubsec_q *q;
+ struct ubsec_dma *dmap;
+ int npkts = 0, i;
+
+#ifdef UBSEC_VERBOSE_DEBUG
+ DPRINTF("%s()\n", __FUNCTION__);
+#endif
+
+ sc = (struct ubsec_softc *)ssb_get_drvdata(arg);
+
+ stat = READ_REG(sc, BS_STAT);
+
+ stat &= sc->sc_statmask;
+ if (stat == 0)
+ return IRQ_NONE;
+
+ WRITE_REG(sc, BS_STAT, stat); /* IACK */
+
+ /*
+ * Check to see if we have any packets waiting for us
+ */
+ if ((stat & BS_STAT_MCR1_DONE)) {
+ while (!BSD_SIMPLEQ_EMPTY(&sc->sc_qchip)) {
+ q = BSD_SIMPLEQ_FIRST(&sc->sc_qchip);
+ dmap = q->q_dma;
+
+ if ((dmap->d_dma->d_mcr.mcr_flags & htole16(UBS_MCR_DONE)) == 0)
+ {
+ DPRINTF("error while processing MCR. Flags = %x\n", dmap->d_dma->d_mcr.mcr_flags);
+ break;
+ }
+
+ BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_qchip, q_next);
+
+ npkts = q->q_nstacked_mcrs;
+ /*
+ * search for further sc_qchip ubsec_q's that share
+ * the same MCR, and complete them too, they must be
+ * at the top.
+ */
+ for (i = 0; i < npkts; i++) {
+ if(q->q_stacked_mcr[i])
+ ubsec_callback(sc, q->q_stacked_mcr[i]);
+ else
+ break;
+ }
+ ubsec_callback(sc, q);
+ }
+
+ /*
+ * Don't send any more packet to chip if there has been
+ * a DMAERR.
+ */
+ if (likely(!(stat & BS_STAT_DMAERR)))
+ ubsec_feed(sc);
+ else
+ DPRINTF("DMA error occurred. Stop feeding crypto chip.\n");
+ }
+
+ /*
+ * Check to see if we got any DMA Error
+ */
+ if (stat & BS_STAT_DMAERR) {
+ volatile u_int32_t a = READ_REG(sc, BS_ERR);
+
+ printf(KERN_ERR "%s: dmaerr %s@%08x\n", DRV_MODULE_NAME,
+ (a & BS_ERR_READ) ? "read" : "write", a & BS_ERR_ADDR);
+
+ ubsecstats.hst_dmaerr++;
+ ubsec_totalreset(sc);
+ ubsec_feed(sc);
+ }
+
+ return IRQ_HANDLED;
+}
+
+/*
+ * ubsec_feed() - aggregate and post requests to chip
+ * It is assumed that the caller set splnet()
+ */
+void
+ubsec_feed(struct ubsec_softc *sc)
+{
+#ifdef UBSEC_VERBOSE_DEBUG
+ static int max;
+#endif
+ struct ubsec_q *q, *q2;
+ int npkts, i;
+ void *v;
+ u_int32_t stat;
+
+ npkts = sc->sc_nqueue;
+ if (npkts > UBS_MAX_AGGR)
+ npkts = UBS_MAX_AGGR;
+ if (npkts < 2)
+ goto feed1;
+
+ stat = READ_REG(sc, BS_STAT);
+
+ if (stat & (BS_STAT_MCR1_FULL | BS_STAT_DMAERR)) {
+ if(stat & BS_STAT_DMAERR) {
+ ubsec_totalreset(sc);
+ ubsecstats.hst_dmaerr++;
+ }
+ return;
+ }
+
+#ifdef UBSEC_VERBOSE_DEBUG
+ DPRINTF("merging %d records\n", npkts);
+
+ /* XXX temporary aggregation statistics reporting code */
+ if (max < npkts) {
+ max = npkts;
+ DPRINTF("%s: new max aggregate %d\n", DRV_MODULE_NAME, max);
+ }
+#endif /* UBSEC_VERBOSE_DEBUG */
+
+ q = BSD_SIMPLEQ_FIRST(&sc->sc_queue);
+ BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q_next);
+ --sc->sc_nqueue;
+
+#if 0
+ /*
+ * XXX
+ * We use dma_map_single() - no sync required!
+ */
+
+ bus_dmamap_sync(sc->sc_dmat, q->q_src_map,
+ 0, q->q_src_map->dm_mapsize, BUS_DMASYNC_PREWRITE);
+ if (q->q_dst_map != NULL)
+ bus_dmamap_sync(sc->sc_dmat, q->q_dst_map,
+ 0, q->q_dst_map->dm_mapsize, BUS_DMASYNC_PREREAD);
+#endif
+
+ q->q_nstacked_mcrs = npkts - 1; /* Number of packets stacked */
+
+ for (i = 0; i < q->q_nstacked_mcrs; i++) {
+ q2 = BSD_SIMPLEQ_FIRST(&sc->sc_queue);
+
+#if 0
+ bus_dmamap_sync(sc->sc_dmat, q2->q_src_map,
+ 0, q2->q_src_map->dm_mapsize, BUS_DMASYNC_PREWRITE);
+ if (q2->q_dst_map != NULL)
+ bus_dmamap_sync(sc->sc_dmat, q2->q_dst_map,
+ 0, q2->q_dst_map->dm_mapsize, BUS_DMASYNC_PREREAD);
+#endif
+ BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q_next);
+ --sc->sc_nqueue;
+
+ v = ((char *)&q2->q_dma->d_dma->d_mcr) + sizeof(struct ubsec_mcr) -
+ sizeof(struct ubsec_mcr_add);
+ bcopy(v, &q->q_dma->d_dma->d_mcradd[i], sizeof(struct ubsec_mcr_add));
+ q->q_stacked_mcr[i] = q2;
+ }
+ q->q_dma->d_dma->d_mcr.mcr_pkts = htole16(npkts);
+ BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_qchip, q, q_next);
+#if 0
+ bus_dmamap_sync(sc->sc_dmat, q->q_dma->d_alloc.dma_map,
+ 0, q->q_dma->d_alloc.dma_map->dm_mapsize,
+ BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
+#endif
+ WRITE_REG(sc, BS_MCR1, q->q_dma->d_alloc.dma_paddr +
+ offsetof(struct ubsec_dmachunk, d_mcr));
+#ifdef UBSEC_VERBOSE_DEBUG
+ DPRINTF("feed (1): q->chip %p %08x %08x\n", q,
+ (u_int32_t)q->q_dma->d_alloc.dma_paddr,
+ (u_int32_t)(q->q_dma->d_alloc.dma_paddr +
+ offsetof(struct ubsec_dmachunk, d_mcr)));
+#endif /* UBSEC_DEBUG */
+ return;
+
+feed1:
+ while (!BSD_SIMPLEQ_EMPTY(&sc->sc_queue)) {
+ stat = READ_REG(sc, BS_STAT);
+
+ if (stat & (BS_STAT_MCR1_FULL | BS_STAT_DMAERR)) {
+ if(stat & BS_STAT_DMAERR) {
+ ubsec_totalreset(sc);
+ ubsecstats.hst_dmaerr++;
+ }
+ break;
+ }
+
+ q = BSD_SIMPLEQ_FIRST(&sc->sc_queue);
+
+#if 0
+ bus_dmamap_sync(sc->sc_dmat, q->q_src_map,
+ 0, q->q_src_map->dm_mapsize, BUS_DMASYNC_PREWRITE);
+ if (q->q_dst_map != NULL)
+ bus_dmamap_sync(sc->sc_dmat, q->q_dst_map,
+ 0, q->q_dst_map->dm_mapsize, BUS_DMASYNC_PREREAD);
+ bus_dmamap_sync(sc->sc_dmat, q->q_dma->d_alloc.dma_map,
+ 0, q->q_dma->d_alloc.dma_map->dm_mapsize,
+ BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
+#endif
+
+ WRITE_REG(sc, BS_MCR1, q->q_dma->d_alloc.dma_paddr +
+ offsetof(struct ubsec_dmachunk, d_mcr));
+#ifdef UBSEC_VERBOSE_DEBUG
+ DPRINTF("feed (2): q->chip %p %08x %08x\n", q,
+ (u_int32_t)q->q_dma->d_alloc.dma_paddr,
+ (u_int32_t)(q->q_dma->d_alloc.dma_paddr +
+ offsetof(struct ubsec_dmachunk, d_mcr)));
+#endif /* UBSEC_DEBUG */
+ BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q_next);
+ --sc->sc_nqueue;
+ BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_qchip, q, q_next);
+ }
+}
+
+/*
+ * Allocate a new 'session' and return an encoded session id. 'sidp'
+ * contains our registration id, and should contain an encoded session
+ * id on successful allocation.
+ */
+static int
+ubsec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
+{
+ struct cryptoini *c, *encini = NULL, *macini = NULL;
+ struct ubsec_softc *sc = NULL;
+ struct ubsec_session *ses = NULL;
+ int sesn, i;
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("%s()\n", __FUNCTION__);
+#endif
+
+ if (sidp == NULL || cri == NULL)
+ return (EINVAL);
+
+ sc = device_get_softc(dev);
+
+ if (sc == NULL)
+ return (EINVAL);
+
+ for (c = cri; c != NULL; c = c->cri_next) {
+ if (c->cri_alg == CRYPTO_MD5_HMAC ||
+ c->cri_alg == CRYPTO_SHA1_HMAC) {
+ if (macini)
+ return (EINVAL);
+ macini = c;
+ } else if (c->cri_alg == CRYPTO_DES_CBC ||
+ c->cri_alg == CRYPTO_3DES_CBC ||
+ c->cri_alg == CRYPTO_AES_CBC) {
+ if (encini)
+ return (EINVAL);
+ encini = c;
+ } else
+ return (EINVAL);
+ }
+ if (encini == NULL && macini == NULL)
+ return (EINVAL);
+
+ if (sc->sc_sessions == NULL) {
+ ses = sc->sc_sessions = (struct ubsec_session *)kmalloc(
+ sizeof(struct ubsec_session), SLAB_ATOMIC);
+ if (ses == NULL)
+ return (ENOMEM);
+ memset(ses, 0, sizeof(struct ubsec_session));
+ sesn = 0;
+ sc->sc_nsessions = 1;
+ } else {
+ for (sesn = 0; sesn < sc->sc_nsessions; sesn++) {
+ if (sc->sc_sessions[sesn].ses_used == 0) {
+ ses = &sc->sc_sessions[sesn];
+ break;
+ }
+ }
+
+ if (ses == NULL) {
+ sesn = sc->sc_nsessions;
+ ses = (struct ubsec_session *)kmalloc((sesn + 1) *
+ sizeof(struct ubsec_session), SLAB_ATOMIC);
+ if (ses == NULL)
+ return (ENOMEM);
+ memset(ses, 0, (sesn + 1) * sizeof(struct ubsec_session));
+ bcopy(sc->sc_sessions, ses, sesn *
+ sizeof(struct ubsec_session));
+ bzero(sc->sc_sessions, sesn *
+ sizeof(struct ubsec_session));
+ kfree(sc->sc_sessions);
+ sc->sc_sessions = ses;
+ ses = &sc->sc_sessions[sesn];
+ sc->sc_nsessions++;
+ }
+ }
+
+ bzero(ses, sizeof(struct ubsec_session));
+ ses->ses_used = 1;
+ if (encini) {
+ /* get an IV */
+ /* XXX may read fewer than requested */
+ read_random(ses->ses_iv, sizeof(ses->ses_iv));
+
+ /* Go ahead and compute key in ubsec's byte order */
+ if (encini->cri_alg == CRYPTO_DES_CBC) {
+ /* DES uses the same key three times:
+ * 1st encrypt -> 2nd decrypt -> 3nd encrypt */
+ bcopy(encini->cri_key, &ses->ses_key[0], 8);
+ bcopy(encini->cri_key, &ses->ses_key[2], 8);
+ bcopy(encini->cri_key, &ses->ses_key[4], 8);
+ ses->ses_keysize = 192; /* Fake! Actually its only 64bits ..
+ oh no it is even less: 54bits. */
+ } else if(encini->cri_alg == CRYPTO_3DES_CBC) {
+ bcopy(encini->cri_key, ses->ses_key, 24);
+ ses->ses_keysize = 192;
+ } else if(encini->cri_alg == CRYPTO_AES_CBC) {
+ ses->ses_keysize = encini->cri_klen;
+
+ if (ses->ses_keysize != 128 &&
+ ses->ses_keysize != 192 &&
+ ses->ses_keysize != 256)
+ {
+ DPRINTF("unsupported AES key size: %d\n", ses->ses_keysize);
+ return (EINVAL);
+ }
+ bcopy(encini->cri_key, ses->ses_key, (ses->ses_keysize / 8));
+ }
+
+ /* Hardware requires the keys in little endian byte order */
+ for (i=0; i < (ses->ses_keysize / 32); i++)
+ SWAP32(ses->ses_key[i]);
+ }
+
+ if (macini) {
+ ses->ses_mlen = macini->cri_mlen;
+
+ if (ses->ses_mlen == 0 ||
+ ses->ses_mlen > SHA1_HASH_LEN) {
+
+ if (macini->cri_alg == CRYPTO_MD5_HMAC ||
+ macini->cri_alg == CRYPTO_SHA1_HMAC)
+ {
+ ses->ses_mlen = DEFAULT_HMAC_LEN;
+ } else
+ {
+ /*
+ * Reserved for future usage. MD5/SHA1 calculations have
+ * different hash sizes.
+ */
+ printk(KERN_ERR DRV_MODULE_NAME ": unsupported hash operation with mac/hash len: %d\n", ses->ses_mlen);
+ return (EINVAL);
+ }
+
+ }
+
+ if (macini->cri_key != NULL) {
+ ubsec_setup_mackey(ses, macini->cri_alg, macini->cri_key,
+ macini->cri_klen / 8);
+ }
+ }
+
+ *sidp = UBSEC_SID(device_get_unit(sc->sc_dev), sesn);
+ return (0);
+}
+
+/*
+ * Deallocate a session.
+ */
+static int
+ubsec_freesession(device_t dev, u_int64_t tid)
+{
+ struct ubsec_softc *sc = device_get_softc(dev);
+ int session;
+ u_int32_t sid = ((u_int32_t)tid) & 0xffffffff;
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("%s()\n", __FUNCTION__);
+#endif
+
+ if (sc == NULL)
+ return (EINVAL);
+
+ session = UBSEC_SESSION(sid);
+ if (session < sc->sc_nsessions) {
+ bzero(&sc->sc_sessions[session], sizeof(sc->sc_sessions[session]));
+ return (0);
+ } else
+ return (EINVAL);
+}
+
+static int
+ubsec_process(device_t dev, struct cryptop *crp, int hint)
+{
+ struct ubsec_q *q = NULL;
+ int err = 0, i, j, nicealign;
+ struct ubsec_softc *sc = device_get_softc(dev);
+ struct cryptodesc *crd1, *crd2, *maccrd, *enccrd;
+ int encoffset = 0, macoffset = 0, cpskip, cpoffset;
+ int sskip, dskip, stheend, dtheend, ivsize = 8;
+ int16_t coffset;
+ struct ubsec_session *ses;
+ struct ubsec_generic_ctx ctx;
+ struct ubsec_dma *dmap = NULL;
+ unsigned long flags;
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("%s()\n", __FUNCTION__);
+#endif
+
+ if (unlikely(crp == NULL || crp->crp_callback == NULL)) {
+ ubsecstats.hst_invalid++;
+ return (EINVAL);
+ }
+
+ if (unlikely(sc == NULL))
+ return (EINVAL);
+
+#ifdef UBSEC_VERBOSE_DEBUG
+ DPRINTF("spin_lock_irqsave\n");
+#endif
+ spin_lock_irqsave(&sc->sc_ringmtx, flags);
+ //spin_lock_irq(&sc->sc_ringmtx);
+
+ if (BSD_SIMPLEQ_EMPTY(&sc->sc_freequeue)) {
+ ubsecstats.hst_queuefull++;
+#ifdef UBSEC_VERBOSE_DEBUG
+ DPRINTF("spin_unlock_irqrestore\n");
+#endif
+ spin_unlock_irqrestore(&sc->sc_ringmtx, flags);
+ //spin_unlock_irq(&sc->sc_ringmtx);
+ err = ENOMEM;
+ goto errout2;
+ }
+
+ q = BSD_SIMPLEQ_FIRST(&sc->sc_freequeue);
+ BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_freequeue, q_next);
+#ifdef UBSEC_VERBOSE_DEBUG
+ DPRINTF("spin_unlock_irqrestore\n");
+#endif
+ spin_unlock_irqrestore(&sc->sc_ringmtx, flags);
+ //spin_unlock_irq(&sc->sc_ringmtx);
+
+ dmap = q->q_dma; /* Save dma pointer */
+ bzero(q, sizeof(struct ubsec_q));
+ bzero(&ctx, sizeof(ctx));
+
+ q->q_sesn = UBSEC_SESSION(crp->crp_sid);
+ q->q_dma = dmap;
+ ses = &sc->sc_sessions[q->q_sesn];
+
+ if (crp->crp_flags & CRYPTO_F_SKBUF) {
+ q->q_src_m = (struct sk_buff *)crp->crp_buf;
+ q->q_dst_m = (struct sk_buff *)crp->crp_buf;
+ } else if (crp->crp_flags & CRYPTO_F_IOV) {
+ q->q_src_io = (struct uio *)crp->crp_buf;
+ q->q_dst_io = (struct uio *)crp->crp_buf;
+ } else {
+ err = EINVAL;
+ goto errout; /* XXX we don't handle contiguous blocks! */
+ }
+
+ bzero(&dmap->d_dma->d_mcr, sizeof(struct ubsec_mcr));
+
+ dmap->d_dma->d_mcr.mcr_pkts = htole16(1);
+ dmap->d_dma->d_mcr.mcr_flags = 0;
+ q->q_crp = crp;
+
+ crd1 = crp->crp_desc;
+ if (crd1 == NULL) {
+ err = EINVAL;
+ goto errout;
+ }
+ crd2 = crd1->crd_next;
+
+ if (crd2 == NULL) {
+ if (crd1->crd_alg == CRYPTO_MD5_HMAC ||
+ crd1->crd_alg == CRYPTO_SHA1_HMAC) {
+ maccrd = crd1;
+ enccrd = NULL;
+ } else if (crd1->crd_alg == CRYPTO_DES_CBC ||
+ crd1->crd_alg == CRYPTO_3DES_CBC ||
+ crd1->crd_alg == CRYPTO_AES_CBC) {
+ maccrd = NULL;
+ enccrd = crd1;
+ } else {
+ err = EINVAL;
+ goto errout;
+ }
+ } else {
+ if ((crd1->crd_alg == CRYPTO_MD5_HMAC ||
+ crd1->crd_alg == CRYPTO_SHA1_HMAC) &&
+ (crd2->crd_alg == CRYPTO_DES_CBC ||
+ crd2->crd_alg == CRYPTO_3DES_CBC ||
+ crd2->crd_alg == CRYPTO_AES_CBC) &&
+ ((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) {
+ maccrd = crd1;
+ enccrd = crd2;
+ } else if ((crd1->crd_alg == CRYPTO_DES_CBC ||
+ crd1->crd_alg == CRYPTO_3DES_CBC ||
+ crd1->crd_alg == CRYPTO_AES_CBC) &&
+ (crd2->crd_alg == CRYPTO_MD5_HMAC ||
+ crd2->crd_alg == CRYPTO_SHA1_HMAC) &&
+ (crd1->crd_flags & CRD_F_ENCRYPT)) {
+ enccrd = crd1;
+ maccrd = crd2;
+ } else {
+ /*
+ * We cannot order the ubsec as requested
+ */
+ printk(KERN_ERR DRV_MODULE_NAME ": got wrong algorithm/signature order.\n");
+ err = EINVAL;
+ goto errout;
+ }
+ }
+
+ /* Encryption/Decryption requested */
+ if (enccrd) {
+ encoffset = enccrd->crd_skip;
+
+ if (enccrd->crd_alg == CRYPTO_DES_CBC ||
+ enccrd->crd_alg == CRYPTO_3DES_CBC)
+ {
+ ctx.pc_flags |= htole16(UBS_PKTCTX_ENC_3DES);
+ ctx.pc_type = htole16(UBS_PKTCTX_TYPE_IPSEC_DES);
+ ivsize = 8; /* [3]DES uses 64bit IVs */
+ } else {
+ ctx.pc_flags |= htole16(UBS_PKTCTX_ENC_AES);
+ ctx.pc_type = htole16(UBS_PKTCTX_TYPE_IPSEC_AES);
+ ivsize = 16; /* AES uses 128bit IVs / [3]DES 64bit IVs */
+
+ switch(ses->ses_keysize)
+ {
+ case 128:
+ ctx.pc_flags |= htole16(UBS_PKTCTX_AES128);
+ break;
+ case 192:
+ ctx.pc_flags |= htole16(UBS_PKTCTX_AES192);
+ break;
+ case 256:
+ ctx.pc_flags |= htole16(UBS_PKTCTX_AES256);
+ break;
+ default:
+ DPRINTF("invalid AES key size: %d\n", ses->ses_keysize);
+ err = EINVAL;
+ goto errout;
+ }
+ }
+
+ if (enccrd->crd_flags & CRD_F_ENCRYPT) {
+ /* Direction: Outbound */
+
+ q->q_flags |= UBSEC_QFLAGS_COPYOUTIV;
+
+ if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) {
+ bcopy(enccrd->crd_iv, ctx.pc_iv, ivsize);
+ } else {
+ for(i=0; i < (ivsize / 4); i++)
+ ctx.pc_iv[i] = ses->ses_iv[i];
+ }
+
+ /* If there is no IV in the buffer -> copy it here */
+ if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) {
+ if (crp->crp_flags & CRYPTO_F_SKBUF)
+ /*
+ m_copyback(q->q_src_m,
+ enccrd->crd_inject,
+ 8, ctx.pc_iv);
+ */
+ crypto_copyback(crp->crp_flags, (caddr_t)q->q_src_m,
+ enccrd->crd_inject, ivsize, (caddr_t)ctx.pc_iv);
+ else if (crp->crp_flags & CRYPTO_F_IOV)
+ /*
+ cuio_copyback(q->q_src_io,
+ enccrd->crd_inject,
+ 8, ctx.pc_iv);
+ */
+ crypto_copyback(crp->crp_flags, (caddr_t)q->q_src_io,
+ enccrd->crd_inject, ivsize, (caddr_t)ctx.pc_iv);
+ }
+ } else {
+ /* Direction: Inbound */
+
+ ctx.pc_flags |= htole16(UBS_PKTCTX_INBOUND);
+
+ if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
+ bcopy(enccrd->crd_iv, ctx.pc_iv, ivsize);
+ else if (crp->crp_flags & CRYPTO_F_SKBUF)
+ /*
+ m_copydata(q->q_src_m, enccrd->crd_inject,
+ 8, (caddr_t)ctx.pc_iv);
+ */
+ crypto_copydata(crp->crp_flags, (caddr_t)q->q_src_m,
+ enccrd->crd_inject, ivsize,
+ (caddr_t)ctx.pc_iv);
+ else if (crp->crp_flags & CRYPTO_F_IOV)
+ /*
+ cuio_copydata(q->q_src_io,
+ enccrd->crd_inject, 8,
+ (caddr_t)ctx.pc_iv);
+ */
+ crypto_copydata(crp->crp_flags, (caddr_t)q->q_src_io,
+ enccrd->crd_inject, ivsize,
+ (caddr_t)ctx.pc_iv);
+
+ }
+
+ /* Even though key & IV sizes differ from cipher to cipher
+ * copy / swap the full array lengths. Let the compiler unroll
+ * the loop to increase the cpu pipeline performance... */
+ for(i=0; i < 8; i++)
+ ctx.pc_key[i] = ses->ses_key[i];
+ for(i=0; i < 4; i++)
+ SWAP32(ctx.pc_iv[i]);
+ }
+
+ /* Authentication requested */
+ if (maccrd) {
+ macoffset = maccrd->crd_skip;
+
+ if (maccrd->crd_alg == CRYPTO_MD5_HMAC)
+ ctx.pc_flags |= htole16(UBS_PKTCTX_AUTH_MD5);
+ else
+ ctx.pc_flags |= htole16(UBS_PKTCTX_AUTH_SHA1);
+
+ for (i = 0; i < 5; i++) {
+ ctx.pc_hminner[i] = ses->ses_hminner[i];
+ ctx.pc_hmouter[i] = ses->ses_hmouter[i];
+
+ HTOLE32(ctx.pc_hminner[i]);
+ HTOLE32(ctx.pc_hmouter[i]);
+ }
+ }
+
+ if (enccrd && maccrd) {
+ /*
+ * ubsec cannot handle packets where the end of encryption
+ * and authentication are not the same, or where the
+ * encrypted part begins before the authenticated part.
+ */
+ if (((encoffset + enccrd->crd_len) !=
+ (macoffset + maccrd->crd_len)) ||
+ (enccrd->crd_skip < maccrd->crd_skip)) {
+ err = EINVAL;
+ goto errout;
+ }
+ sskip = maccrd->crd_skip;
+ cpskip = dskip = enccrd->crd_skip;
+ stheend = maccrd->crd_len;
+ dtheend = enccrd->crd_len;
+ coffset = enccrd->crd_skip - maccrd->crd_skip;
+ cpoffset = cpskip + dtheend;
+#ifdef UBSEC_DEBUG
+ DPRINTF("mac: skip %d, len %d, inject %d\n",
+ maccrd->crd_skip, maccrd->crd_len, maccrd->crd_inject);
+ DPRINTF("enc: skip %d, len %d, inject %d\n",
+ enccrd->crd_skip, enccrd->crd_len, enccrd->crd_inject);
+ DPRINTF("src: skip %d, len %d\n", sskip, stheend);
+ DPRINTF("dst: skip %d, len %d\n", dskip, dtheend);
+ DPRINTF("ubs: coffset %d, pktlen %d, cpskip %d, cpoffset %d\n",
+ coffset, stheend, cpskip, cpoffset);
+#endif
+ } else {
+ cpskip = dskip = sskip = macoffset + encoffset;
+ dtheend = stheend = (enccrd)?enccrd->crd_len:maccrd->crd_len;
+ cpoffset = cpskip + dtheend;
+ coffset = 0;
+ }
+ ctx.pc_offset = htole16(coffset >> 2);
+
+#if 0
+ if (bus_dmamap_create(sc->sc_dmat, 0xfff0, UBS_MAX_SCATTER,
+ 0xfff0, 0, BUS_DMA_NOWAIT, &q->q_src_map) != 0) {
+ err = ENOMEM;
+ goto errout;
+ }
+#endif
+
+ if (crp->crp_flags & CRYPTO_F_SKBUF) {
+#if 0
+ if (bus_dmamap_load_mbuf(sc->sc_dmat, q->q_src_map,
+ q->q_src_m, BUS_DMA_NOWAIT) != 0) {
+ bus_dmamap_destroy(sc->sc_dmat, q->q_src_map);
+ q->q_src_map = NULL;
+ err = ENOMEM;
+ goto errout;
+ }
+#endif
+ err = dma_map_skb(sc, q->q_src_map, q->q_src_m, &q->q_src_len);
+ if (unlikely(err != 0))
+ goto errout;
+
+ } else if (crp->crp_flags & CRYPTO_F_IOV) {
+#if 0
+ if (bus_dmamap_load_uio(sc->sc_dmat, q->q_src_map,
+ q->q_src_io, BUS_DMA_NOWAIT) != 0) {
+ bus_dmamap_destroy(sc->sc_dmat, q->q_src_map);
+ q->q_src_map = NULL;
+ err = ENOMEM;
+ goto errout;
+ }
+#endif
+ err = dma_map_uio(sc, q->q_src_map, q->q_src_io, &q->q_src_len);
+ if (unlikely(err != 0))
+ goto errout;
+ }
+
+ /*
+ * Check alignment
+ */
+ nicealign = ubsec_dmamap_aligned(sc, q->q_src_map, q->q_src_len);
+
+ dmap->d_dma->d_mcr.mcr_pktlen = htole16(stheend);
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("src skip: %d\n", sskip);
+#endif
+ for (i = j = 0; i < q->q_src_len; i++) {
+ struct ubsec_pktbuf *pb;
+ size_t packl = q->q_src_map[i].dma_size;
+ dma_addr_t packp = q->q_src_map[i].dma_paddr;
+
+ if (sskip >= packl) {
+ sskip -= packl;
+ continue;
+ }
+
+ packl -= sskip;
+ packp += sskip;
+ sskip = 0;
+
+ /* maximum fragment size is 0xfffc */
+ if (packl > 0xfffc) {
+ DPRINTF("Error: fragment size is bigger than 0xfffc.\n");
+ err = EIO;
+ goto errout;
+ }
+
+ if (j == 0)
+ pb = &dmap->d_dma->d_mcr.mcr_ipktbuf;
+ else
+ pb = &dmap->d_dma->d_sbuf[j - 1];
+
+ pb->pb_addr = htole32(packp);
+
+ if (stheend) {
+ if (packl > stheend) {
+ pb->pb_len = htole32(stheend);
+ stheend = 0;
+ } else {
+ pb->pb_len = htole32(packl);
+ stheend -= packl;
+ }
+ } else
+ pb->pb_len = htole32(packl);
+
+ if ((i + 1) == q->q_src_len)
+ pb->pb_next = 0;
+ else
+ pb->pb_next = htole32(dmap->d_alloc.dma_paddr +
+ offsetof(struct ubsec_dmachunk, d_sbuf[j]));
+ j++;
+ }
+
+ if (enccrd == NULL && maccrd != NULL) {
+ /* Authentication only */
+ dmap->d_dma->d_mcr.mcr_opktbuf.pb_addr = 0;
+ dmap->d_dma->d_mcr.mcr_opktbuf.pb_len = 0;
+ dmap->d_dma->d_mcr.mcr_opktbuf.pb_next =
+ htole32(dmap->d_alloc.dma_paddr +
+ offsetof(struct ubsec_dmachunk, d_macbuf[0]));
+#ifdef UBSEC_DEBUG
+ DPRINTF("opkt: %x %x %x\n",
+ dmap->d_dma->d_mcr.mcr_opktbuf.pb_addr,
+ dmap->d_dma->d_mcr.mcr_opktbuf.pb_len,
+ dmap->d_dma->d_mcr.mcr_opktbuf.pb_next);
+#endif
+ } else {
+ if (crp->crp_flags & CRYPTO_F_IOV) {
+ if (!nicealign) {
+ err = EINVAL;
+ goto errout;
+ }
+#if 0
+ if (bus_dmamap_create(sc->sc_dmat, 0xfff0,
+ UBS_MAX_SCATTER, 0xfff0, 0, BUS_DMA_NOWAIT,
+ &q->q_dst_map) != 0) {
+ err = ENOMEM;
+ goto errout;
+ }
+ if (bus_dmamap_load_uio(sc->sc_dmat, q->q_dst_map,
+ q->q_dst_io, BUS_DMA_NOWAIT) != 0) {
+ bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map);
+ q->q_dst_map = NULL;
+ goto errout;
+ }
+#endif
+
+ /* HW shall copy the result into the source memory */
+ for(i = 0; i < q->q_src_len; i++)
+ q->q_dst_map[i] = q->q_src_map[i];
+
+ q->q_dst_len = q->q_src_len;
+ q->q_has_dst = 0;
+
+ } else if (crp->crp_flags & CRYPTO_F_SKBUF) {
+ if (nicealign) {
+
+ /* HW shall copy the result into the source memory */
+ q->q_dst_m = q->q_src_m;
+ for(i = 0; i < q->q_src_len; i++)
+ q->q_dst_map[i] = q->q_src_map[i];
+
+ q->q_dst_len = q->q_src_len;
+ q->q_has_dst = 0;
+
+ } else {
+#ifdef NOTYET
+ int totlen, len;
+ struct sk_buff *m, *top, **mp;
+
+ totlen = q->q_src_map->dm_mapsize;
+ if (q->q_src_m->m_flags & M_PKTHDR) {
+ len = MHLEN;
+ MGETHDR(m, M_DONTWAIT, MT_DATA);
+ } else {
+ len = MLEN;
+ MGET(m, M_DONTWAIT, MT_DATA);
+ }
+ if (m == NULL) {
+ err = ENOMEM;
+ goto errout;
+ }
+ if (len == MHLEN)
+ M_DUP_PKTHDR(m, q->q_src_m);
+ if (totlen >= MINCLSIZE) {
+ MCLGET(m, M_DONTWAIT);
+ if (m->m_flags & M_EXT)
+ len = MCLBYTES;
+ }
+ m->m_len = len;
+ top = NULL;
+ mp = ⊤
+
+ while (totlen > 0) {
+ if (top) {
+ MGET(m, M_DONTWAIT, MT_DATA);
+ if (m == NULL) {
+ m_freem(top);
+ err = ENOMEM;
+ goto errout;
+ }
+ len = MLEN;
+ }
+ if (top && totlen >= MINCLSIZE) {
+ MCLGET(m, M_DONTWAIT);
+ if (m->m_flags & M_EXT)
+ len = MCLBYTES;
+ }
+ m->m_len = len = min(totlen, len);
+ totlen -= len;
+ *mp = m;
+ mp = &m->m_next;
+ }
+ q->q_dst_m = top;
+ ubsec_mcopy(q->q_src_m, q->q_dst_m,
+ cpskip, cpoffset);
+ if (bus_dmamap_create(sc->sc_dmat, 0xfff0,
+ UBS_MAX_SCATTER, 0xfff0, 0, BUS_DMA_NOWAIT,
+ &q->q_dst_map) != 0) {
+ err = ENOMEM;
+ goto errout;
+ }
+ if (bus_dmamap_load_mbuf(sc->sc_dmat,
+ q->q_dst_map, q->q_dst_m,
+ BUS_DMA_NOWAIT) != 0) {
+ bus_dmamap_destroy(sc->sc_dmat,
+ q->q_dst_map);
+ q->q_dst_map = NULL;
+ err = ENOMEM;
+ goto errout;
+ }
+#else
+ device_printf(sc->sc_dev,
+ "%s,%d: CRYPTO_F_SKBUF unaligned not implemented\n",
+ __FILE__, __LINE__);
+ err = EINVAL;
+ goto errout;
+#endif
+ }
+ } else {
+ err = EINVAL;
+ goto errout;
+ }
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("dst skip: %d\n", dskip);
+#endif
+ for (i = j = 0; i < q->q_dst_len; i++) {
+ struct ubsec_pktbuf *pb;
+ size_t packl = q->q_dst_map[i].dma_size;
+ dma_addr_t packp = q->q_dst_map[i].dma_paddr;
+
+ if (dskip >= packl) {
+ dskip -= packl;
+ continue;
+ }
+
+ packl -= dskip;
+ packp += dskip;
+ dskip = 0;
+
+ if (packl > 0xfffc) {
+ DPRINTF("Error: fragment size is bigger than 0xfffc.\n");
+ err = EIO;
+ goto errout;
+ }
+
+ if (j == 0)
+ pb = &dmap->d_dma->d_mcr.mcr_opktbuf;
+ else
+ pb = &dmap->d_dma->d_dbuf[j - 1];
+
+ pb->pb_addr = htole32(packp);
+
+ if (dtheend) {
+ if (packl > dtheend) {
+ pb->pb_len = htole32(dtheend);
+ dtheend = 0;
+ } else {
+ pb->pb_len = htole32(packl);
+ dtheend -= packl;
+ }
+ } else
+ pb->pb_len = htole32(packl);
+
+ if ((i + 1) == q->q_dst_len) {
+ if (maccrd)
+ /* Authentication:
+ * The last fragment of the output buffer
+ * contains the HMAC. */
+ pb->pb_next = htole32(dmap->d_alloc.dma_paddr +
+ offsetof(struct ubsec_dmachunk, d_macbuf[0]));
+ else
+ pb->pb_next = 0;
+ } else
+ pb->pb_next = htole32(dmap->d_alloc.dma_paddr +
+ offsetof(struct ubsec_dmachunk, d_dbuf[j]));
+ j++;
+ }
+ }
+
+ dmap->d_dma->d_mcr.mcr_cmdctxp = htole32(dmap->d_alloc.dma_paddr +
+ offsetof(struct ubsec_dmachunk, d_ctx));
+
+ if (sc->sc_flags & UBS_FLAGS_LONGCTX) {
+ /* new Broadcom cards with dynamic long command context structure */
+
+ if (enccrd != NULL &&
+ enccrd->crd_alg == CRYPTO_AES_CBC)
+ {
+ struct ubsec_pktctx_aes128 *ctxaes128;
+ struct ubsec_pktctx_aes192 *ctxaes192;
+ struct ubsec_pktctx_aes256 *ctxaes256;
+
+ switch(ses->ses_keysize)
+ {
+ /* AES 128bit */
+ case 128:
+ ctxaes128 = (struct ubsec_pktctx_aes128 *)
+ (dmap->d_alloc.dma_vaddr +
+ offsetof(struct ubsec_dmachunk, d_ctx));
+
+ ctxaes128->pc_len = htole16(sizeof(struct ubsec_pktctx_aes128));
+ ctxaes128->pc_type = ctx.pc_type;
+ ctxaes128->pc_flags = ctx.pc_flags;
+ ctxaes128->pc_offset = ctx.pc_offset;
+ for (i = 0; i < 4; i++)
+ ctxaes128->pc_aeskey[i] = ctx.pc_key[i];
+ for (i = 0; i < 5; i++)
+ ctxaes128->pc_hminner[i] = ctx.pc_hminner[i];
+ for (i = 0; i < 5; i++)
+ ctxaes128->pc_hmouter[i] = ctx.pc_hmouter[i];
+ for (i = 0; i < 4; i++)
+ ctxaes128->pc_iv[i] = ctx.pc_iv[i];
+ break;
+
+ /* AES 192bit */
+ case 192:
+ ctxaes192 = (struct ubsec_pktctx_aes192 *)
+ (dmap->d_alloc.dma_vaddr +
+ offsetof(struct ubsec_dmachunk, d_ctx));
+
+ ctxaes192->pc_len = htole16(sizeof(struct ubsec_pktctx_aes192));
+ ctxaes192->pc_type = ctx.pc_type;
+ ctxaes192->pc_flags = ctx.pc_flags;
+ ctxaes192->pc_offset = ctx.pc_offset;
+ for (i = 0; i < 6; i++)
+ ctxaes192->pc_aeskey[i] = ctx.pc_key[i];
+ for (i = 0; i < 5; i++)
+ ctxaes192->pc_hminner[i] = ctx.pc_hminner[i];
+ for (i = 0; i < 5; i++)
+ ctxaes192->pc_hmouter[i] = ctx.pc_hmouter[i];
+ for (i = 0; i < 4; i++)
+ ctxaes192->pc_iv[i] = ctx.pc_iv[i];
+ break;
+
+ /* AES 256bit */
+ case 256:
+ ctxaes256 = (struct ubsec_pktctx_aes256 *)
+ (dmap->d_alloc.dma_vaddr +
+ offsetof(struct ubsec_dmachunk, d_ctx));
+
+ ctxaes256->pc_len = htole16(sizeof(struct ubsec_pktctx_aes256));
+ ctxaes256->pc_type = ctx.pc_type;
+ ctxaes256->pc_flags = ctx.pc_flags;
+ ctxaes256->pc_offset = ctx.pc_offset;
+ for (i = 0; i < 8; i++)
+ ctxaes256->pc_aeskey[i] = ctx.pc_key[i];
+ for (i = 0; i < 5; i++)
+ ctxaes256->pc_hminner[i] = ctx.pc_hminner[i];
+ for (i = 0; i < 5; i++)
+ ctxaes256->pc_hmouter[i] = ctx.pc_hmouter[i];
+ for (i = 0; i < 4; i++)
+ ctxaes256->pc_iv[i] = ctx.pc_iv[i];
+ break;
+
+ }
+ } else {
+ /*
+ * [3]DES / MD5_HMAC / SHA1_HMAC
+ *
+ * MD5_HMAC / SHA1_HMAC can use the IPSEC 3DES operation without
+ * encryption.
+ */
+ struct ubsec_pktctx_des *ctxdes;
+
+ ctxdes = (struct ubsec_pktctx_des *)(dmap->d_alloc.dma_vaddr +
+ offsetof(struct ubsec_dmachunk, d_ctx));
+
+ ctxdes->pc_len = htole16(sizeof(struct ubsec_pktctx_des));
+ ctxdes->pc_type = ctx.pc_type;
+ ctxdes->pc_flags = ctx.pc_flags;
+ ctxdes->pc_offset = ctx.pc_offset;
+ for (i = 0; i < 6; i++)
+ ctxdes->pc_deskey[i] = ctx.pc_key[i];
+ for (i = 0; i < 5; i++)
+ ctxdes->pc_hminner[i] = ctx.pc_hminner[i];
+ for (i = 0; i < 5; i++)
+ ctxdes->pc_hmouter[i] = ctx.pc_hmouter[i];
+ ctxdes->pc_iv[0] = ctx.pc_iv[0];
+ ctxdes->pc_iv[1] = ctx.pc_iv[1];
+ }
+ } else
+ {
+ /* old Broadcom card with fixed small command context structure */
+
+ /*
+ * [3]DES / MD5_HMAC / SHA1_HMAC
+ */
+ struct ubsec_pktctx *ctxs;
+
+ ctxs = (struct ubsec_pktctx *)(dmap->d_alloc.dma_vaddr +
+ offsetof(struct ubsec_dmachunk, d_ctx));
+
+ /* transform generic context into small context */
+ for (i = 0; i < 6; i++)
+ ctxs->pc_deskey[i] = ctx.pc_key[i];
+ for (i = 0; i < 5; i++)
+ ctxs->pc_hminner[i] = ctx.pc_hminner[i];
+ for (i = 0; i < 5; i++)
+ ctxs->pc_hmouter[i] = ctx.pc_hmouter[i];
+ ctxs->pc_iv[0] = ctx.pc_iv[0];
+ ctxs->pc_iv[1] = ctx.pc_iv[1];
+ ctxs->pc_flags = ctx.pc_flags;
+ ctxs->pc_offset = ctx.pc_offset;
+ }
+
+#ifdef UBSEC_VERBOSE_DEBUG
+ DPRINTF("spin_lock_irqsave\n");
+#endif
+ spin_lock_irqsave(&sc->sc_ringmtx, flags);
+ //spin_lock_irq(&sc->sc_ringmtx);
+
+ BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_queue, q, q_next);
+ sc->sc_nqueue++;
+ ubsecstats.hst_ipackets++;
+ ubsecstats.hst_ibytes += stheend;
+ ubsec_feed(sc);
+
+#ifdef UBSEC_VERBOSE_DEBUG
+ DPRINTF("spin_unlock_irqrestore\n");
+#endif
+ spin_unlock_irqrestore(&sc->sc_ringmtx, flags);
+ //spin_unlock_irq(&sc->sc_ringmtx);
+
+ return (0);
+
+errout:
+ if (q != NULL) {
+#ifdef NOTYET
+ if ((q->q_dst_m != NULL) && (q->q_src_m != q->q_dst_m))
+ m_freem(q->q_dst_m);
+#endif
+
+ if ((q->q_has_dst == 1) && q->q_dst_len > 0) {
+#if 0
+ bus_dmamap_unload(sc->sc_dmat, q->q_dst_map);
+ bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map);
+#endif
+ dma_unmap(sc, q->q_dst_map, q->q_dst_len);
+ }
+ if (q->q_src_len > 0) {
+#if 0
+ bus_dmamap_unload(sc->sc_dmat, q->q_src_map);
+ bus_dmamap_destroy(sc->sc_dmat, q->q_src_map);
+#endif
+ dma_unmap(sc, q->q_src_map, q->q_src_len);
+ }
+
+#ifdef UBSEC_VERBOSE_DEBUG
+ DPRINTF("spin_lock_irqsave\n");
+#endif
+ spin_lock_irqsave(&sc->sc_ringmtx, flags);
+ //spin_lock_irq(&sc->sc_ringmtx);
+
+ BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next);
+
+#ifdef UBSEC_VERBOSE_DEBUG
+ DPRINTF("spin_unlock_irqrestore\n");
+#endif
+ spin_unlock_irqrestore(&sc->sc_ringmtx, flags);
+ //spin_unlock_irq(&sc->sc_ringmtx);
+
+ }
+ if (err == EINVAL)
+ ubsecstats.hst_invalid++;
+ else
+ ubsecstats.hst_nomem++;
+errout2:
+ crp->crp_etype = err;
+ crypto_done(crp);
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("%s() err = %x\n", __FUNCTION__, err);
+#endif
+
+ return (0);
+}
+
+void
+ubsec_callback(struct ubsec_softc *sc, struct ubsec_q *q)
+{
+ struct cryptop *crp = (struct cryptop *)q->q_crp;
+ struct cryptodesc *crd;
+ struct ubsec_dma *dmap = q->q_dma;
+ int ivsize = 8;
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("%s()\n", __FUNCTION__);
+#endif
+
+ ubsecstats.hst_opackets++;
+ ubsecstats.hst_obytes += dmap->d_alloc.dma_size;
+
+#if 0
+ bus_dmamap_sync(sc->sc_dmat, dmap->d_alloc.dma_map, 0,
+ dmap->d_alloc.dma_map->dm_mapsize,
+ BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE);
+ if (q->q_dst_map != NULL && q->q_dst_map != q->q_src_map) {
+ bus_dmamap_sync(sc->sc_dmat, q->q_dst_map,
+ 0, q->q_dst_map->dm_mapsize, BUS_DMASYNC_POSTREAD);
+ bus_dmamap_unload(sc->sc_dmat, q->q_dst_map);
+ bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map);
+ }
+ bus_dmamap_sync(sc->sc_dmat, q->q_src_map,
+ 0, q->q_src_map->dm_mapsize, BUS_DMASYNC_POSTWRITE);
+ bus_dmamap_unload(sc->sc_dmat, q->q_src_map);
+ bus_dmamap_destroy(sc->sc_dmat, q->q_src_map);
+#endif
+
+ if ((q->q_has_dst == 1) && q->q_dst_len > 0)
+ dma_unmap(sc, q->q_dst_map, q->q_dst_len);
+
+ dma_unmap(sc, q->q_src_map, q->q_src_len);
+
+#ifdef NOTYET
+ if ((crp->crp_flags & CRYPTO_F_SKBUF) && (q->q_src_m != q->q_dst_m)) {
+ m_freem(q->q_src_m);
+ crp->crp_buf = (caddr_t)q->q_dst_m;
+ }
+#endif
+
+ /* copy out IV for future use */
+ if (q->q_flags & UBSEC_QFLAGS_COPYOUTIV) {
+ for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
+ if (crd->crd_alg != CRYPTO_DES_CBC &&
+ crd->crd_alg != CRYPTO_3DES_CBC &&
+ crd->crd_alg != CRYPTO_AES_CBC)
+ continue;
+
+ if (crd->crd_alg == CRYPTO_AES_CBC)
+ ivsize = 16;
+ else
+ ivsize = 8;
+
+ if (crp->crp_flags & CRYPTO_F_SKBUF)
+#if 0
+ m_copydata((struct sk_buff *)crp->crp_buf,
+ crd->crd_skip + crd->crd_len - 8, 8,
+ (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv);
+#endif
+ crypto_copydata(crp->crp_flags, (caddr_t)crp->crp_buf,
+ crd->crd_skip + crd->crd_len - ivsize, ivsize,
+ (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv);
+
+ else if (crp->crp_flags & CRYPTO_F_IOV) {
+#if 0
+ cuio_copydata((struct uio *)crp->crp_buf,
+ crd->crd_skip + crd->crd_len - 8, 8,
+ (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv);
+#endif
+ crypto_copydata(crp->crp_flags, (caddr_t)crp->crp_buf,
+ crd->crd_skip + crd->crd_len - ivsize, ivsize,
+ (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv);
+
+ }
+ break;
+ }
+ }
+
+ for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
+ if (crd->crd_alg != CRYPTO_MD5_HMAC &&
+ crd->crd_alg != CRYPTO_SHA1_HMAC)
+ continue;
+#if 0
+ if (crp->crp_flags & CRYPTO_F_SKBUF)
+ m_copyback((struct sk_buff *)crp->crp_buf,
+ crd->crd_inject, 12,
+ dmap->d_dma->d_macbuf);
+#endif
+#if 0
+ /* BUG? it does not honor the mac len.. */
+ crypto_copyback(crp->crp_flags, crp->crp_buf,
+ crd->crd_inject, 12,
+ (caddr_t)dmap->d_dma->d_macbuf);
+#endif
+ crypto_copyback(crp->crp_flags, crp->crp_buf,
+ crd->crd_inject,
+ sc->sc_sessions[q->q_sesn].ses_mlen,
+ (caddr_t)dmap->d_dma->d_macbuf);
+#if 0
+ else if (crp->crp_flags & CRYPTO_F_IOV && crp->crp_mac)
+ bcopy((caddr_t)dmap->d_dma->d_macbuf,
+ crp->crp_mac, 12);
+#endif
+ break;
+ }
+ BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next);
+ crypto_done(crp);
+}
+
+void
+ubsec_mcopy(struct sk_buff *srcm, struct sk_buff *dstm, int hoffset, int toffset)
+{
+ int i, j, dlen, slen;
+ caddr_t dptr, sptr;
+
+ j = 0;
+ sptr = srcm->data;
+ slen = srcm->len;
+ dptr = dstm->data;
+ dlen = dstm->len;
+
+ while (1) {
+ for (i = 0; i < min(slen, dlen); i++) {
+ if (j < hoffset || j >= toffset)
+ *dptr++ = *sptr++;
+ slen--;
+ dlen--;
+ j++;
+ }
+ if (slen == 0) {
+ srcm = srcm->next;
+ if (srcm == NULL)
+ return;
+ sptr = srcm->data;
+ slen = srcm->len;
+ }
+ if (dlen == 0) {
+ dstm = dstm->next;
+ if (dstm == NULL)
+ return;
+ dptr = dstm->data;
+ dlen = dstm->len;
+ }
+ }
+}
+
+int
+ubsec_dma_malloc(struct ubsec_softc *sc, struct ubsec_dma_alloc *dma,
+ size_t size, int mapflags)
+{
+ dma->dma_vaddr = dma_alloc_coherent(sc->sc_dv,
+ size, &dma->dma_paddr, GFP_KERNEL);
+
+ if (likely(dma->dma_vaddr))
+ {
+ dma->dma_size = size;
+ return (0);
+ }
+
+ DPRINTF("could not allocate %d bytes of coherent memory.\n", size);
+
+ return (1);
+}
+
+void
+ubsec_dma_free(struct ubsec_softc *sc, struct ubsec_dma_alloc *dma)
+{
+ dma_free_coherent(sc->sc_dv, dma->dma_size, dma->dma_vaddr,
+ dma->dma_paddr);
+}
+
+/*
+ * Resets the board. Values in the regesters are left as is
+ * from the reset (i.e. initial values are assigned elsewhere).
+ */
+void
+ubsec_reset_board(struct ubsec_softc *sc)
+{
+ volatile u_int32_t ctrl;
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("%s()\n", __FUNCTION__);
+#endif
+ DPRINTF("Send reset signal to chip.\n");
+
+ ctrl = READ_REG(sc, BS_CTRL);
+ ctrl |= BS_CTRL_RESET;
+ WRITE_REG(sc, BS_CTRL, ctrl);
+
+ /*
+ * Wait aprox. 30 PCI clocks = 900 ns = 0.9 us
+ */
+ DELAY(10);
+}
+
+/*
+ * Init Broadcom registers
+ */
+void
+ubsec_init_board(struct ubsec_softc *sc)
+{
+ u_int32_t ctrl;
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("%s()\n", __FUNCTION__);
+#endif
+ DPRINTF("Initialize chip.\n");
+
+ ctrl = READ_REG(sc, BS_CTRL);
+ ctrl &= ~(BS_CTRL_BE32 | BS_CTRL_BE64);
+ ctrl |= BS_CTRL_LITTLE_ENDIAN | BS_CTRL_MCR1INT | BS_CTRL_DMAERR;
+
+ WRITE_REG(sc, BS_CTRL, ctrl);
+
+ /* Set chip capabilities (BCM5365P) */
+ sc->sc_flags |= UBS_FLAGS_LONGCTX | UBS_FLAGS_AES;
+}
+
+/*
+ * Clean up after a chip crash.
+ * It is assumed that the caller has spin_lock_irq(sc_ringmtx).
+ */
+void
+ubsec_cleanchip(struct ubsec_softc *sc)
+{
+ struct ubsec_q *q;
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("%s()\n", __FUNCTION__);
+#endif
+ DPRINTF("Clean up queues after chip crash.\n");
+
+ while (!BSD_SIMPLEQ_EMPTY(&sc->sc_qchip)) {
+ q = BSD_SIMPLEQ_FIRST(&sc->sc_qchip);
+ BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_qchip, q_next);
+ ubsec_free_q(sc, q);
+ }
+}
+
+/*
+ * free a ubsec_q
+ * It is assumed that the caller has spin_lock_irq(sc_ringmtx).
+ */
+int
+ubsec_free_q(struct ubsec_softc *sc, struct ubsec_q *q)
+{
+ struct ubsec_q *q2;
+ struct cryptop *crp;
+ int npkts;
+ int i;
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("%s()\n", __FUNCTION__);
+#endif
+
+ npkts = q->q_nstacked_mcrs;
+
+ for (i = 0; i < npkts; i++) {
+ if(q->q_stacked_mcr[i]) {
+ q2 = q->q_stacked_mcr[i];
+
+ if ((q2->q_dst_m != NULL) && (q2->q_src_m != q2->q_dst_m))
+#ifdef NOTYET
+ m_freem(q2->q_dst_m);
+#else
+ printk(KERN_ERR "%s,%d: SKB not supported\n", __FILE__, __LINE__);
+#endif
+
+ crp = (struct cryptop *)q2->q_crp;
+
+ BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q2, q_next);
+
+ crp->crp_etype = EFAULT;
+ crypto_done(crp);
+ } else {
+ break;
+ }
+ }
+
+ /*
+ * Free header MCR
+ */
+ if ((q->q_dst_m != NULL) && (q->q_src_m != q->q_dst_m))
+#ifdef NOTYET
+ m_freem(q->q_dst_m);
+#else
+ printk(KERN_ERR "%s,%d: SKB not supported\n", __FILE__, __LINE__);
+#endif
+
+ crp = (struct cryptop *)q->q_crp;
+
+ BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next);
+
+ crp->crp_etype = EFAULT;
+ crypto_done(crp);
+ return(0);
+}
+
+/*
+ * Routine to reset the chip and clean up.
+ * It is assumed that the caller has spin_lock_irq(sc_ringmtx).
+ */
+void
+ubsec_totalreset(struct ubsec_softc *sc)
+{
+
+#ifdef UBSEC_DEBUG
+ DPRINTF("%s()\n", __FUNCTION__);
+#endif
+ DPRINTF("initiate total chip reset.. \n");
+ ubsec_reset_board(sc);
+ ubsec_init_board(sc);
+ ubsec_cleanchip(sc);
+}
+
+void
+ubsec_dump_pb(struct ubsec_pktbuf *pb)
+{
+ printf("addr 0x%x (0x%x) next 0x%x\n",
+ pb->pb_addr, pb->pb_len, pb->pb_next);
+}
+
+void
+ubsec_dump_mcr(struct ubsec_mcr *mcr)
+{
+ struct ubsec_mcr_add *ma;
+ int i;
+
+ printf("MCR:\n");
+ printf(" pkts: %u, flags 0x%x\n",
+ letoh16(mcr->mcr_pkts), letoh16(mcr->mcr_flags));
+ ma = (struct ubsec_mcr_add *)&mcr->mcr_cmdctxp;
+ for (i = 0; i < letoh16(mcr->mcr_pkts); i++) {
+ printf(" %d: ctx 0x%x len 0x%x rsvd 0x%x\n", i,
+ letoh32(ma->mcr_cmdctxp), letoh16(ma->mcr_pktlen),
+ letoh16(ma->mcr_reserved));
+ printf(" %d: ipkt ", i);
+ ubsec_dump_pb(&ma->mcr_ipktbuf);
+ printf(" %d: opkt ", i);
+ ubsec_dump_pb(&ma->mcr_opktbuf);
+ ma++;
+ }
+ printf("END MCR\n");
+}
+
+static int __init mod_init(void) {
+ return ssb_driver_register(&ubsec_ssb_driver);
+}
+
+static void __exit mod_exit(void) {
+ ssb_driver_unregister(&ubsec_ssb_driver);
+}
+
+module_init(mod_init);
+module_exit(mod_exit);
+
+// Meta information
+MODULE_AUTHOR("Daniel Mueller <daniel@danm.de>");
+MODULE_LICENSE("BSD");
+MODULE_DESCRIPTION("OCF driver for BCM5365P IPSec Core");
+MODULE_VERSION(DRV_MODULE_VERSION);
+
--- /dev/null
+
+/*
+ * Copyright (c) 2008 Daniel Mueller (daniel@danm.de)
+ * Copyright (c) 2000 Theo de Raadt
+ * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Effort sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F30602-01-2-0537.
+ *
+ */
+
+/*
+ * Register definitions for 5601 BlueSteel Networks Ubiquitous Broadband
+ * Security "uBSec" chip. Definitions from revision 2.8 of the product
+ * datasheet.
+ */
+
+#define BS_BAR 0x10 /* DMA base address register */
+#define BS_TRDY_TIMEOUT 0x40 /* TRDY timeout */
+#define BS_RETRY_TIMEOUT 0x41 /* DMA retry timeout */
+
+#define UBS_PCI_RTY_SHIFT 8
+#define UBS_PCI_RTY_MASK 0xff
+#define UBS_PCI_RTY(misc) \
+ (((misc) >> UBS_PCI_RTY_SHIFT) & UBS_PCI_RTY_MASK)
+
+#define UBS_PCI_TOUT_SHIFT 0
+#define UBS_PCI_TOUT_MASK 0xff
+#define UBS_PCI_TOUT(misc) \
+ (((misc) >> PCI_TOUT_SHIFT) & PCI_TOUT_MASK)
+
+/*
+ * DMA Control & Status Registers (offset from BS_BAR)
+ */
+#define BS_MCR1 0x20 /* DMA Master Command Record 1 */
+#define BS_CTRL 0x24 /* DMA Control */
+#define BS_STAT 0x28 /* DMA Status */
+#define BS_ERR 0x2c /* DMA Error Address */
+#define BS_DEV_ID 0x34 /* IPSec Device ID */
+
+/* BS_CTRL - DMA Control */
+#define BS_CTRL_RESET 0x80000000 /* hardware reset, 5805/5820 */
+#define BS_CTRL_MCR2INT 0x40000000 /* enable intr MCR for MCR2 */
+#define BS_CTRL_MCR1INT 0x20000000 /* enable intr MCR for MCR1 */
+#define BS_CTRL_OFM 0x10000000 /* Output fragment mode */
+#define BS_CTRL_BE32 0x08000000 /* big-endian, 32bit bytes */
+#define BS_CTRL_BE64 0x04000000 /* big-endian, 64bit bytes */
+#define BS_CTRL_DMAERR 0x02000000 /* enable intr DMA error */
+#define BS_CTRL_RNG_M 0x01800000 /* RNG mode */
+#define BS_CTRL_RNG_1 0x00000000 /* 1bit rn/one slow clock */
+#define BS_CTRL_RNG_4 0x00800000 /* 1bit rn/four slow clocks */
+#define BS_CTRL_RNG_8 0x01000000 /* 1bit rn/eight slow clocks */
+#define BS_CTRL_RNG_16 0x01800000 /* 1bit rn/16 slow clocks */
+#define BS_CTRL_SWNORM 0x00400000 /* 582[01], sw normalization */
+#define BS_CTRL_FRAG_M 0x0000ffff /* output fragment size mask */
+#define BS_CTRL_LITTLE_ENDIAN (BS_CTRL_BE32 | BS_CTRL_BE64)
+
+/* BS_STAT - DMA Status */
+#define BS_STAT_MCR1_BUSY 0x80000000 /* MCR1 is busy */
+#define BS_STAT_MCR1_FULL 0x40000000 /* MCR1 is full */
+#define BS_STAT_MCR1_DONE 0x20000000 /* MCR1 is done */
+#define BS_STAT_DMAERR 0x10000000 /* DMA error */
+#define BS_STAT_MCR2_FULL 0x08000000 /* MCR2 is full */
+#define BS_STAT_MCR2_DONE 0x04000000 /* MCR2 is done */
+#define BS_STAT_MCR1_ALLEMPTY 0x02000000 /* 5821, MCR1 is empty */
+#define BS_STAT_MCR2_ALLEMPTY 0x01000000 /* 5821, MCR2 is empty */
+
+/* BS_ERR - DMA Error Address */
+#define BS_ERR_ADDR 0xfffffffc /* error address mask */
+#define BS_ERR_READ 0x00000002 /* fault was on read */
+
+struct ubsec_pktctx {
+ u_int32_t pc_deskey[6]; /* 3DES key */
+ u_int32_t pc_hminner[5]; /* hmac inner state */
+ u_int32_t pc_hmouter[5]; /* hmac outer state */
+ u_int32_t pc_iv[2]; /* [3]DES iv */
+ u_int16_t pc_flags; /* flags, below */
+ u_int16_t pc_offset; /* crypto offset */
+} __attribute__ ((packed));
+
+#define UBS_PKTCTX_ENC_3DES 0x8000 /* use 3des */
+#define UBS_PKTCTX_ENC_AES 0x8000 /* use aes */
+#define UBS_PKTCTX_ENC_NONE 0x0000 /* no encryption */
+#define UBS_PKTCTX_INBOUND 0x4000 /* inbound packet */
+#define UBS_PKTCTX_AUTH 0x3000 /* authentication mask */
+#define UBS_PKTCTX_AUTH_NONE 0x0000 /* no authentication */
+#define UBS_PKTCTX_AUTH_MD5 0x1000 /* use hmac-md5 */
+#define UBS_PKTCTX_AUTH_SHA1 0x2000 /* use hmac-sha1 */
+#define UBS_PKTCTX_AES128 0x0 /* AES 128bit keys */
+#define UBS_PKTCTX_AES192 0x100 /* AES 192bit keys */
+#define UBS_PKTCTX_AES256 0x200 /* AES 256bit keys */
+
+struct ubsec_pktctx_des {
+ volatile u_int16_t pc_len; /* length of ctx struct */
+ volatile u_int16_t pc_type; /* context type */
+ volatile u_int16_t pc_flags; /* flags, same as above */
+ volatile u_int16_t pc_offset; /* crypto/auth offset */
+ volatile u_int32_t pc_deskey[6]; /* 3DES key */
+ volatile u_int32_t pc_iv[2]; /* [3]DES iv */
+ volatile u_int32_t pc_hminner[5]; /* hmac inner state */
+ volatile u_int32_t pc_hmouter[5]; /* hmac outer state */
+} __attribute__ ((packed));
+
+struct ubsec_pktctx_aes128 {
+ volatile u_int16_t pc_len; /* length of ctx struct */
+ volatile u_int16_t pc_type; /* context type */
+ volatile u_int16_t pc_flags; /* flags, same as above */
+ volatile u_int16_t pc_offset; /* crypto/auth offset */
+ volatile u_int32_t pc_aeskey[4]; /* AES 128bit key */
+ volatile u_int32_t pc_iv[4]; /* AES iv */
+ volatile u_int32_t pc_hminner[5]; /* hmac inner state */
+ volatile u_int32_t pc_hmouter[5]; /* hmac outer state */
+} __attribute__ ((packed));
+
+struct ubsec_pktctx_aes192 {
+ volatile u_int16_t pc_len; /* length of ctx struct */
+ volatile u_int16_t pc_type; /* context type */
+ volatile u_int16_t pc_flags; /* flags, same as above */
+ volatile u_int16_t pc_offset; /* crypto/auth offset */
+ volatile u_int32_t pc_aeskey[6]; /* AES 192bit key */
+ volatile u_int32_t pc_iv[4]; /* AES iv */
+ volatile u_int32_t pc_hminner[5]; /* hmac inner state */
+ volatile u_int32_t pc_hmouter[5]; /* hmac outer state */
+} __attribute__ ((packed));
+
+struct ubsec_pktctx_aes256 {
+ volatile u_int16_t pc_len; /* length of ctx struct */
+ volatile u_int16_t pc_type; /* context type */
+ volatile u_int16_t pc_flags; /* flags, same as above */
+ volatile u_int16_t pc_offset; /* crypto/auth offset */
+ volatile u_int32_t pc_aeskey[8]; /* AES 256bit key */
+ volatile u_int32_t pc_iv[4]; /* AES iv */
+ volatile u_int32_t pc_hminner[5]; /* hmac inner state */
+ volatile u_int32_t pc_hmouter[5]; /* hmac outer state */
+} __attribute__ ((packed));
+
+#define UBS_PKTCTX_TYPE_IPSEC_DES 0x0000
+#define UBS_PKTCTX_TYPE_IPSEC_AES 0x0040
+
+struct ubsec_pktbuf {
+ volatile u_int32_t pb_addr; /* address of buffer start */
+ volatile u_int32_t pb_next; /* pointer to next pktbuf */
+ volatile u_int32_t pb_len; /* packet length */
+} __attribute__ ((packed));
+#define UBS_PKTBUF_LEN 0x0000ffff /* length mask */
+
+struct ubsec_mcr {
+ volatile u_int16_t mcr_pkts; /* #pkts in this mcr */
+ volatile u_int16_t mcr_flags; /* mcr flags (below) */
+ volatile u_int32_t mcr_cmdctxp; /* command ctx pointer */
+ struct ubsec_pktbuf mcr_ipktbuf; /* input chain header */
+ volatile u_int16_t mcr_reserved;
+ volatile u_int16_t mcr_pktlen;
+ struct ubsec_pktbuf mcr_opktbuf; /* output chain header */
+} __attribute__ ((packed));
+
+struct ubsec_mcr_add {
+ volatile u_int32_t mcr_cmdctxp; /* command ctx pointer */
+ struct ubsec_pktbuf mcr_ipktbuf; /* input chain header */
+ volatile u_int16_t mcr_reserved;
+ volatile u_int16_t mcr_pktlen;
+ struct ubsec_pktbuf mcr_opktbuf; /* output chain header */
+} __attribute__ ((packed));
+
+#define UBS_MCR_DONE 0x0001 /* mcr has been processed */
+#define UBS_MCR_ERROR 0x0002 /* error in processing */
+#define UBS_MCR_ERRORCODE 0xff00 /* error type */
+
+struct ubsec_ctx_keyop {
+ volatile u_int16_t ctx_len; /* command length */
+ volatile u_int16_t ctx_op; /* operation code */
+ volatile u_int8_t ctx_pad[60]; /* padding */
+} __attribute__ ((packed));
+#define UBS_CTXOP_DHPKGEN 0x01 /* dh public key generation */
+#define UBS_CTXOP_DHSSGEN 0x02 /* dh shared secret gen. */
+#define UBS_CTXOP_RSAPUB 0x03 /* rsa public key op */
+#define UBS_CTXOP_RSAPRIV 0x04 /* rsa private key op */
+#define UBS_CTXOP_DSASIGN 0x05 /* dsa signing op */
+#define UBS_CTXOP_DSAVRFY 0x06 /* dsa verification */
+#define UBS_CTXOP_RNGBYPASS 0x41 /* rng direct test mode */
+#define UBS_CTXOP_RNGSHA1 0x42 /* rng sha1 test mode */
+#define UBS_CTXOP_MODADD 0x43 /* modular addition */
+#define UBS_CTXOP_MODSUB 0x44 /* modular subtraction */
+#define UBS_CTXOP_MODMUL 0x45 /* modular multiplication */
+#define UBS_CTXOP_MODRED 0x46 /* modular reduction */
+#define UBS_CTXOP_MODEXP 0x47 /* modular exponentiation */
+#define UBS_CTXOP_MODINV 0x48 /* modular inverse */
+
+struct ubsec_ctx_rngbypass {
+ volatile u_int16_t rbp_len; /* command length, 64 */
+ volatile u_int16_t rbp_op; /* rng bypass, 0x41 */
+ volatile u_int8_t rbp_pad[60]; /* padding */
+} __attribute__ ((packed));
+
+/* modexp: C = (M ^ E) mod N */
+struct ubsec_ctx_modexp {
+ volatile u_int16_t me_len; /* command length */
+ volatile u_int16_t me_op; /* modexp, 0x47 */
+ volatile u_int16_t me_E_len; /* E (bits) */
+ volatile u_int16_t me_N_len; /* N (bits) */
+ u_int8_t me_N[2048/8]; /* N */
+} __attribute__ ((packed));
+
+struct ubsec_ctx_rsapriv {
+ volatile u_int16_t rpr_len; /* command length */
+ volatile u_int16_t rpr_op; /* rsaprivate, 0x04 */
+ volatile u_int16_t rpr_q_len; /* q (bits) */
+ volatile u_int16_t rpr_p_len; /* p (bits) */
+ u_int8_t rpr_buf[5 * 1024 / 8]; /* parameters: */
+ /* p, q, dp, dq, pinv */
+} __attribute__ ((packed));
--- /dev/null
+
+/*
+ * Copyright (c) 2008 Daniel Mueller (daniel@danm.de)
+ * Copyright (c) 2000 Theo de Raadt
+ * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Effort sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F30602-01-2-0537.
+ *
+ */
+
+/* Maximum queue length */
+#ifndef UBS_MAX_NQUEUE
+#define UBS_MAX_NQUEUE 60
+#endif
+
+#define UBS_MAX_SCATTER 64 /* Maximum scatter/gather depth */
+
+#ifndef UBS_MAX_AGGR
+#define UBS_MAX_AGGR 5 /* Maximum aggregation count */
+#endif
+
+#define UBSEC_CARD(sid) (((sid) & 0xf0000000) >> 28)
+#define UBSEC_SESSION(sid) ( (sid) & 0x0fffffff)
+#define UBSEC_SID(crd, sesn) (((crd) << 28) | ((sesn) & 0x0fffffff))
+
+#define UBS_DEF_RTY 0xff /* PCI Retry Timeout */
+#define UBS_DEF_TOUT 0xff /* PCI TRDY Timeout */
+#define UBS_DEF_CACHELINE 0x01 /* Cache Line setting */
+
+#define DEFAULT_HMAC_LEN 12
+
+struct ubsec_dma_alloc {
+ dma_addr_t dma_paddr;
+ void *dma_vaddr;
+ /*
+ bus_dmamap_t dma_map;
+ bus_dma_segment_t dma_seg;
+ */
+ size_t dma_size;
+ /*
+ int dma_nseg;
+ */
+};
+
+struct ubsec_q2 {
+ BSD_SIMPLEQ_ENTRY(ubsec_q2) q_next;
+ struct ubsec_dma_alloc q_mcr;
+ struct ubsec_dma_alloc q_ctx;
+ u_int q_type;
+};
+
+struct ubsec_q2_rng {
+ struct ubsec_q2 rng_q;
+ struct ubsec_dma_alloc rng_buf;
+ int rng_used;
+};
+
+/* C = (M ^ E) mod N */
+#define UBS_MODEXP_PAR_M 0
+#define UBS_MODEXP_PAR_E 1
+#define UBS_MODEXP_PAR_N 2
+struct ubsec_q2_modexp {
+ struct ubsec_q2 me_q;
+ struct cryptkop * me_krp;
+ struct ubsec_dma_alloc me_M;
+ struct ubsec_dma_alloc me_E;
+ struct ubsec_dma_alloc me_C;
+ struct ubsec_dma_alloc me_epb;
+ int me_modbits;
+ int me_shiftbits;
+ int me_normbits;
+};
+
+#define UBS_RSAPRIV_PAR_P 0
+#define UBS_RSAPRIV_PAR_Q 1
+#define UBS_RSAPRIV_PAR_DP 2
+#define UBS_RSAPRIV_PAR_DQ 3
+#define UBS_RSAPRIV_PAR_PINV 4
+#define UBS_RSAPRIV_PAR_MSGIN 5
+#define UBS_RSAPRIV_PAR_MSGOUT 6
+struct ubsec_q2_rsapriv {
+ struct ubsec_q2 rpr_q;
+ struct cryptkop * rpr_krp;
+ struct ubsec_dma_alloc rpr_msgin;
+ struct ubsec_dma_alloc rpr_msgout;
+};
+
+#define UBSEC_RNG_BUFSIZ 16 /* measured in 32bit words */
+
+struct ubsec_dmachunk {
+ struct ubsec_mcr d_mcr;
+ struct ubsec_mcr_add d_mcradd[UBS_MAX_AGGR-1];
+ struct ubsec_pktbuf d_sbuf[UBS_MAX_SCATTER-1];
+ struct ubsec_pktbuf d_dbuf[UBS_MAX_SCATTER-1];
+ u_int32_t d_macbuf[5];
+ union {
+ struct ubsec_pktctx_aes256 ctxaes256;
+ struct ubsec_pktctx_aes192 ctxaes192;
+ struct ubsec_pktctx_des ctxdes;
+ struct ubsec_pktctx_aes128 ctxaes128;
+ struct ubsec_pktctx ctx;
+ } d_ctx;
+};
+
+struct ubsec_dma {
+ BSD_SIMPLEQ_ENTRY(ubsec_dma) d_next;
+ struct ubsec_dmachunk *d_dma;
+ struct ubsec_dma_alloc d_alloc;
+};
+
+#define UBS_FLAGS_KEY 0x01 /* has key accelerator */
+#define UBS_FLAGS_LONGCTX 0x02 /* uses long ipsec ctx */
+#define UBS_FLAGS_BIGKEY 0x04 /* 2048bit keys */
+#define UBS_FLAGS_HWNORM 0x08 /* hardware normalization */
+#define UBS_FLAGS_RNG 0x10 /* hardware rng */
+#define UBS_FLAGS_AES 0x20 /* hardware AES support */
+
+struct ubsec_q {
+ BSD_SIMPLEQ_ENTRY(ubsec_q) q_next;
+ int q_nstacked_mcrs;
+ struct ubsec_q *q_stacked_mcr[UBS_MAX_AGGR-1];
+ struct cryptop *q_crp;
+ struct ubsec_dma *q_dma;
+
+ //struct mbuf *q_src_m, *q_dst_m;
+ struct sk_buff *q_src_m, *q_dst_m;
+ struct uio *q_src_io, *q_dst_io;
+
+ /*
+ bus_dmamap_t q_src_map;
+ bus_dmamap_t q_dst_map;
+ */
+
+ /* DMA addresses for In-/Out packages */
+ int q_src_len;
+ int q_dst_len;
+ struct ubsec_dma_alloc q_src_map[UBS_MAX_SCATTER];
+ struct ubsec_dma_alloc q_dst_map[UBS_MAX_SCATTER];
+ int q_has_dst;
+
+ int q_sesn;
+ int q_flags;
+};
+
+struct ubsec_softc {
+ softc_device_decl sc_dev;
+ struct ssb_device *sdev; /* device backpointer */
+
+ struct device *sc_dv; /* generic device */
+ void *sc_ih; /* interrupt handler cookie */
+ int sc_flags; /* device specific flags */
+ u_int32_t sc_statmask; /* interrupt status mask */
+ int32_t sc_cid; /* crypto tag */
+ BSD_SIMPLEQ_HEAD(,ubsec_q) sc_queue; /* packet queue, mcr1 */
+ int sc_nqueue; /* count enqueued, mcr1 */
+ BSD_SIMPLEQ_HEAD(,ubsec_q) sc_qchip; /* on chip, mcr1 */
+ BSD_SIMPLEQ_HEAD(,ubsec_q) sc_freequeue; /* list of free queue elements */
+ BSD_SIMPLEQ_HEAD(,ubsec_q2) sc_queue2; /* packet queue, mcr2 */
+ int sc_nqueue2; /* count enqueued, mcr2 */
+ BSD_SIMPLEQ_HEAD(,ubsec_q2) sc_qchip2; /* on chip, mcr2 */
+ int sc_nsessions; /* # of sessions */
+ struct ubsec_session *sc_sessions; /* sessions */
+ int sc_rnghz; /* rng poll time */
+ struct ubsec_q2_rng sc_rng;
+ struct ubsec_dma sc_dmaa[UBS_MAX_NQUEUE];
+ struct ubsec_q *sc_queuea[UBS_MAX_NQUEUE];
+ BSD_SIMPLEQ_HEAD(,ubsec_q2) sc_q2free; /* free list */
+ spinlock_t sc_ringmtx; /* PE ring lock */
+};
+
+#define UBSEC_QFLAGS_COPYOUTIV 0x1
+
+struct ubsec_session {
+ u_int32_t ses_used;
+ u_int32_t ses_key[8]; /* 3DES/AES key */
+ u_int32_t ses_hminner[5]; /* hmac inner state */
+ u_int32_t ses_hmouter[5]; /* hmac outer state */
+ u_int32_t ses_iv[4]; /* [3]DES/AES iv */
+ u_int32_t ses_keysize; /* AES key size */
+ u_int32_t ses_mlen; /* hmac/hash length */
+};
+
+struct ubsec_stats {
+ u_int64_t hst_ibytes;
+ u_int64_t hst_obytes;
+ u_int32_t hst_ipackets;
+ u_int32_t hst_opackets;
+ u_int32_t hst_invalid;
+ u_int32_t hst_nomem;
+ u_int32_t hst_queuefull;
+ u_int32_t hst_dmaerr;
+ u_int32_t hst_mcrerr;
+ u_int32_t hst_nodmafree;
+};
+
+struct ubsec_generic_ctx {
+ u_int32_t pc_key[8]; /* [3]DES/AES key */
+ u_int32_t pc_hminner[5]; /* hmac inner state */
+ u_int32_t pc_hmouter[5]; /* hmac outer state */
+ u_int32_t pc_iv[4]; /* [3]DES/AES iv */
+ u_int16_t pc_flags; /* flags, below */
+ u_int16_t pc_offset; /* crypto offset */
+ u_int16_t pc_type; /* Cryptographic operation */
+};
+
+++ /dev/null
---- a/drivers/char/random.c
-+++ b/drivers/char/random.c
-@@ -129,6 +129,9 @@
- * unsigned int value);
- * void add_interrupt_randomness(int irq);
- *
-+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
-+ * int random_input_wait(void);
-+ *
- * add_input_randomness() uses the input layer interrupt timing, as well as
- * the event type information from the hardware.
- *
-@@ -140,6 +143,13 @@
- * a better measure, since the timing of the disk interrupts are more
- * unpredictable.
- *
-+ * random_input_words() just provides a raw block of entropy to the input
-+ * pool, such as from a hardware entropy generator.
-+ *
-+ * random_input_wait() suspends the caller until such time as the
-+ * entropy pool falls below the write threshold, and returns a count of how
-+ * much entropy (in bits) is needed to sustain the pool.
-+ *
- * All of these routines try to estimate how many bits of randomness a
- * particular randomness source. They do this by keeping track of the
- * first and second order deltas of the event timings.
-@@ -712,6 +722,61 @@ void add_disk_randomness(struct gendisk
- }
- #endif
-
-+/*
-+ * random_input_words - add bulk entropy to pool
-+ *
-+ * @buf: buffer to add
-+ * @wordcount: number of __u32 words to add
-+ * @ent_count: total amount of entropy (in bits) to credit
-+ *
-+ * this provides bulk input of entropy to the input pool
-+ *
-+ */
-+void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
-+{
-+ mix_pool_bytes(&input_pool, buf, wordcount*4);
-+
-+ credit_entropy_bits(&input_pool, ent_count);
-+
-+ DEBUG_ENT("crediting %d bits => %d\n",
-+ ent_count, input_pool.entropy_count);
-+ /*
-+ * Wake up waiting processes if we have enough
-+ * entropy.
-+ */
-+ if (input_pool.entropy_count >= random_read_wakeup_thresh)
-+ wake_up_interruptible(&random_read_wait);
-+}
-+EXPORT_SYMBOL(random_input_words);
-+
-+/*
-+ * random_input_wait - wait until random needs entropy
-+ *
-+ * this function sleeps until the /dev/random subsystem actually
-+ * needs more entropy, and then return the amount of entropy
-+ * that it would be nice to have added to the system.
-+ */
-+int random_input_wait(void)
-+{
-+ int count;
-+
-+ wait_event_interruptible(random_write_wait,
-+ input_pool.entropy_count < random_write_wakeup_thresh);
-+
-+ count = random_write_wakeup_thresh - input_pool.entropy_count;
-+
-+ /* likely we got woken up due to a signal */
-+ if (count <= 0) count = random_read_wakeup_thresh;
-+
-+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
-+ count,
-+ input_pool.entropy_count, random_write_wakeup_thresh);
-+
-+ return count;
-+}
-+EXPORT_SYMBOL(random_input_wait);
-+
-+
- #define EXTRACT_SIZE 10
-
- /*********************************************************************
---- a/fs/fcntl.c
-+++ b/fs/fcntl.c
-@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
- }
- return ret;
- }
-+EXPORT_SYMBOL(sys_dup);
-
- #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
-
---- a/include/linux/miscdevice.h
-+++ b/include/linux/miscdevice.h
-@@ -12,6 +12,7 @@
- #define APOLLO_MOUSE_MINOR 7
- #define PC110PAD_MINOR 9
- /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
-+#define CRYPTODEV_MINOR 70 /* /dev/crypto */
- #define WATCHDOG_MINOR 130 /* Watchdog timer */
- #define TEMP_MINOR 131 /* Temperature Sensor */
- #define RTC_MINOR 135
---- a/include/linux/random.h
-+++ b/include/linux/random.h
-@@ -9,6 +9,7 @@
-
- #include <linux/types.h>
- #include <linux/ioctl.h>
-+#include <linux/types.h> /* for __u32 in user space */
- #include <linux/irqnr.h>
-
- /* ioctl()'s for the random number generator */
-@@ -34,6 +35,30 @@
- /* Clear the entropy pool and associated counters. (Superuser only.) */
- #define RNDCLEARPOOL _IO( 'R', 0x06 )
-
-+#ifdef CONFIG_FIPS_RNG
-+
-+/* Size of seed value - equal to AES blocksize */
-+#define AES_BLOCK_SIZE_BYTES 16
-+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES
-+/* Size of AES key */
-+#define KEY_SIZE_BYTES 16
-+
-+/* ioctl() structure used by FIPS 140-2 Tests */
-+struct rand_fips_test {
-+ unsigned char key[KEY_SIZE_BYTES]; /* Input */
-+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */
-+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */
-+ unsigned char result[SEED_SIZE_BYTES]; /* Output */
-+};
-+
-+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */
-+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test)
-+
-+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */
-+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test)
-+
-+#endif /* #ifdef CONFIG_FIPS_RNG */
-+
- struct rand_pool_info {
- int entropy_count;
- int buf_size;
-@@ -50,6 +75,10 @@ extern void add_input_randomness(unsigne
- unsigned int value);
- extern void add_interrupt_randomness(int irq);
-
-+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
-+extern int random_input_wait(void);
-+#define HAS_RANDOM_INPUT_WAIT 1
-+
- extern void get_random_bytes(void *buf, int nbytes);
- void generate_random_uuid(unsigned char uuid_out[16]);
-
--- /dev/null
+
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -129,6 +129,9 @@
+ * unsigned int value);
+ * void add_interrupt_randomness(int irq);
+ *
++ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
++ * int random_input_wait(void);
++ *
+ * add_input_randomness() uses the input layer interrupt timing, as well as
+ * the event type information from the hardware.
+ *
+@@ -140,6 +143,13 @@
+ * a better measure, since the timing of the disk interrupts are more
+ * unpredictable.
+ *
++ * random_input_words() just provides a raw block of entropy to the input
++ * pool, such as from a hardware entropy generator.
++ *
++ * random_input_wait() suspends the caller until such time as the
++ * entropy pool falls below the write threshold, and returns a count of how
++ * much entropy (in bits) is needed to sustain the pool.
++ *
+ * All of these routines try to estimate how many bits of randomness a
+ * particular randomness source. They do this by keeping track of the
+ * first and second order deltas of the event timings.
+@@ -712,6 +722,61 @@ void add_disk_randomness(struct gendisk
+ }
+ #endif
+
++/*
++ * random_input_words - add bulk entropy to pool
++ *
++ * @buf: buffer to add
++ * @wordcount: number of __u32 words to add
++ * @ent_count: total amount of entropy (in bits) to credit
++ *
++ * this provides bulk input of entropy to the input pool
++ *
++ */
++void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
++{
++ mix_pool_bytes(&input_pool, buf, wordcount*4);
++
++ credit_entropy_bits(&input_pool, ent_count);
++
++ DEBUG_ENT("crediting %d bits => %d\n",
++ ent_count, input_pool.entropy_count);
++ /*
++ * Wake up waiting processes if we have enough
++ * entropy.
++ */
++ if (input_pool.entropy_count >= random_read_wakeup_thresh)
++ wake_up_interruptible(&random_read_wait);
++}
++EXPORT_SYMBOL(random_input_words);
++
++/*
++ * random_input_wait - wait until random needs entropy
++ *
++ * this function sleeps until the /dev/random subsystem actually
++ * needs more entropy, and then return the amount of entropy
++ * that it would be nice to have added to the system.
++ */
++int random_input_wait(void)
++{
++ int count;
++
++ wait_event_interruptible(random_write_wait,
++ input_pool.entropy_count < random_write_wakeup_thresh);
++
++ count = random_write_wakeup_thresh - input_pool.entropy_count;
++
++ /* likely we got woken up due to a signal */
++ if (count <= 0) count = random_read_wakeup_thresh;
++
++ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
++ count,
++ input_pool.entropy_count, random_write_wakeup_thresh);
++
++ return count;
++}
++EXPORT_SYMBOL(random_input_wait);
++
++
+ #define EXTRACT_SIZE 10
+
+ /*********************************************************************
+--- a/fs/fcntl.c
++++ b/fs/fcntl.c
+@@ -196,6 +196,7 @@ static int setfl(int fd, struct file * f
+ out:
+ return error;
+ }
++EXPORT_SYMBOL(sys_dup);
+
+ static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
+ uid_t uid, uid_t euid, int force)
+--- a/include/linux/miscdevice.h
++++ b/include/linux/miscdevice.h
+@@ -12,6 +12,7 @@
+ #define APOLLO_MOUSE_MINOR 7
+ #define PC110PAD_MINOR 9
+ /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
++#define CRYPTODEV_MINOR 70 /* /dev/crypto */
+ #define WATCHDOG_MINOR 130 /* Watchdog timer */
+ #define TEMP_MINOR 131 /* Temperature Sensor */
+ #define RTC_MINOR 135
+--- a/include/linux/random.h
++++ b/include/linux/random.h
+@@ -50,6 +50,10 @@ extern void add_input_randomness(unsigne
+ unsigned int value);
+ extern void add_interrupt_randomness(int irq);
+
++extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
++extern int random_input_wait(void);
++#define HAS_RANDOM_INPUT_WAIT 1
++
+ extern void get_random_bytes(void *buf, int nbytes);
+ void generate_random_uuid(unsigned char uuid_out[16]);
+
+--- a/kernel/pid.c
++++ b/kernel/pid.c
+@@ -383,6 +383,7 @@ struct task_struct *find_task_by_pid_typ
+ {
+ return pid_task(find_pid_ns(nr, ns), type);
+ }
++EXPORT_SYMBOL(find_task_by_vpid);
+
+ EXPORT_SYMBOL(find_task_by_pid_type_ns);
+
+++ /dev/null
---- a/drivers/char/random.c
-+++ b/drivers/char/random.c
-@@ -129,6 +129,9 @@
- * unsigned int value);
- * void add_interrupt_randomness(int irq);
- *
-+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
-+ * int random_input_wait(void);
-+ *
- * add_input_randomness() uses the input layer interrupt timing, as well as
- * the event type information from the hardware.
- *
-@@ -140,6 +143,13 @@
- * a better measure, since the timing of the disk interrupts are more
- * unpredictable.
- *
-+ * random_input_words() just provides a raw block of entropy to the input
-+ * pool, such as from a hardware entropy generator.
-+ *
-+ * random_input_wait() suspends the caller until such time as the
-+ * entropy pool falls below the write threshold, and returns a count of how
-+ * much entropy (in bits) is needed to sustain the pool.
-+ *
- * All of these routines try to estimate how many bits of randomness a
- * particular randomness source. They do this by keeping track of the
- * first and second order deltas of the event timings.
-@@ -712,6 +722,61 @@ void add_disk_randomness(struct gendisk
- }
- #endif
-
-+/*
-+ * random_input_words - add bulk entropy to pool
-+ *
-+ * @buf: buffer to add
-+ * @wordcount: number of __u32 words to add
-+ * @ent_count: total amount of entropy (in bits) to credit
-+ *
-+ * this provides bulk input of entropy to the input pool
-+ *
-+ */
-+void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
-+{
-+ mix_pool_bytes(&input_pool, buf, wordcount*4);
-+
-+ credit_entropy_bits(&input_pool, ent_count);
-+
-+ DEBUG_ENT("crediting %d bits => %d\n",
-+ ent_count, input_pool.entropy_count);
-+ /*
-+ * Wake up waiting processes if we have enough
-+ * entropy.
-+ */
-+ if (input_pool.entropy_count >= random_read_wakeup_thresh)
-+ wake_up_interruptible(&random_read_wait);
-+}
-+EXPORT_SYMBOL(random_input_words);
-+
-+/*
-+ * random_input_wait - wait until random needs entropy
-+ *
-+ * this function sleeps until the /dev/random subsystem actually
-+ * needs more entropy, and then return the amount of entropy
-+ * that it would be nice to have added to the system.
-+ */
-+int random_input_wait(void)
-+{
-+ int count;
-+
-+ wait_event_interruptible(random_write_wait,
-+ input_pool.entropy_count < random_write_wakeup_thresh);
-+
-+ count = random_write_wakeup_thresh - input_pool.entropy_count;
-+
-+ /* likely we got woken up due to a signal */
-+ if (count <= 0) count = random_read_wakeup_thresh;
-+
-+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
-+ count,
-+ input_pool.entropy_count, random_write_wakeup_thresh);
-+
-+ return count;
-+}
-+EXPORT_SYMBOL(random_input_wait);
-+
-+
- #define EXTRACT_SIZE 10
-
- /*********************************************************************
---- a/fs/fcntl.c
-+++ b/fs/fcntl.c
-@@ -141,6 +141,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
- }
- return ret;
- }
-+EXPORT_SYMBOL(sys_dup);
-
- #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
-
---- a/include/linux/miscdevice.h
-+++ b/include/linux/miscdevice.h
-@@ -12,6 +12,7 @@
- #define APOLLO_MOUSE_MINOR 7
- #define PC110PAD_MINOR 9
- /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
-+#define CRYPTODEV_MINOR 70 /* /dev/crypto */
- #define WATCHDOG_MINOR 130 /* Watchdog timer */
- #define TEMP_MINOR 131 /* Temperature Sensor */
- #define RTC_MINOR 135
---- a/include/linux/random.h
-+++ b/include/linux/random.h
-@@ -9,6 +9,7 @@
-
- #include <linux/types.h>
- #include <linux/ioctl.h>
-+#include <linux/types.h> /* for __u32 in user space */
- #include <linux/irqnr.h>
-
- /* ioctl()'s for the random number generator */
-@@ -34,6 +35,30 @@
- /* Clear the entropy pool and associated counters. (Superuser only.) */
- #define RNDCLEARPOOL _IO( 'R', 0x06 )
-
-+#ifdef CONFIG_FIPS_RNG
-+
-+/* Size of seed value - equal to AES blocksize */
-+#define AES_BLOCK_SIZE_BYTES 16
-+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES
-+/* Size of AES key */
-+#define KEY_SIZE_BYTES 16
-+
-+/* ioctl() structure used by FIPS 140-2 Tests */
-+struct rand_fips_test {
-+ unsigned char key[KEY_SIZE_BYTES]; /* Input */
-+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */
-+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */
-+ unsigned char result[SEED_SIZE_BYTES]; /* Output */
-+};
-+
-+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */
-+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test)
-+
-+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */
-+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test)
-+
-+#endif /* #ifdef CONFIG_FIPS_RNG */
-+
- struct rand_pool_info {
- int entropy_count;
- int buf_size;
-@@ -50,6 +75,10 @@ extern void add_input_randomness(unsigne
- unsigned int value);
- extern void add_interrupt_randomness(int irq);
-
-+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
-+extern int random_input_wait(void);
-+#define HAS_RANDOM_INPUT_WAIT 1
-+
- extern void get_random_bytes(void *buf, int nbytes);
- void generate_random_uuid(unsigned char uuid_out[16]);
-
---- a/kernel/pid.c
-+++ b/kernel/pid.c
-@@ -387,6 +387,7 @@ struct task_struct *find_task_by_vpid(pi
- {
- return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
- }
-+EXPORT_SYMBOL(find_task_by_vpid);
-
- struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
- {
--- /dev/null
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -129,6 +129,9 @@
+ * unsigned int value);
+ * void add_interrupt_randomness(int irq);
+ *
++ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
++ * int random_input_wait(void);
++ *
+ * add_input_randomness() uses the input layer interrupt timing, as well as
+ * the event type information from the hardware.
+ *
+@@ -140,6 +143,13 @@
+ * a better measure, since the timing of the disk interrupts are more
+ * unpredictable.
+ *
++ * random_input_words() just provides a raw block of entropy to the input
++ * pool, such as from a hardware entropy generator.
++ *
++ * random_input_wait() suspends the caller until such time as the
++ * entropy pool falls below the write threshold, and returns a count of how
++ * much entropy (in bits) is needed to sustain the pool.
++ *
+ * All of these routines try to estimate how many bits of randomness a
+ * particular randomness source. They do this by keeping track of the
+ * first and second order deltas of the event timings.
+@@ -712,6 +722,61 @@ void add_disk_randomness(struct gendisk
+ }
+ #endif
+
++/*
++ * random_input_words - add bulk entropy to pool
++ *
++ * @buf: buffer to add
++ * @wordcount: number of __u32 words to add
++ * @ent_count: total amount of entropy (in bits) to credit
++ *
++ * this provides bulk input of entropy to the input pool
++ *
++ */
++void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
++{
++ mix_pool_bytes(&input_pool, buf, wordcount*4);
++
++ credit_entropy_bits(&input_pool, ent_count);
++
++ DEBUG_ENT("crediting %d bits => %d\n",
++ ent_count, input_pool.entropy_count);
++ /*
++ * Wake up waiting processes if we have enough
++ * entropy.
++ */
++ if (input_pool.entropy_count >= random_read_wakeup_thresh)
++ wake_up_interruptible(&random_read_wait);
++}
++EXPORT_SYMBOL(random_input_words);
++
++/*
++ * random_input_wait - wait until random needs entropy
++ *
++ * this function sleeps until the /dev/random subsystem actually
++ * needs more entropy, and then return the amount of entropy
++ * that it would be nice to have added to the system.
++ */
++int random_input_wait(void)
++{
++ int count;
++
++ wait_event_interruptible(random_write_wait,
++ input_pool.entropy_count < random_write_wakeup_thresh);
++
++ count = random_write_wakeup_thresh - input_pool.entropy_count;
++
++ /* likely we got woken up due to a signal */
++ if (count <= 0) count = random_read_wakeup_thresh;
++
++ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
++ count,
++ input_pool.entropy_count, random_write_wakeup_thresh);
++
++ return count;
++}
++EXPORT_SYMBOL(random_input_wait);
++
++
+ #define EXTRACT_SIZE 10
+
+ /*********************************************************************
+--- a/fs/fcntl.c
++++ b/fs/fcntl.c
+@@ -195,6 +195,7 @@ static int setfl(int fd, struct file * f
+ out:
+ return error;
+ }
++EXPORT_SYMBOL(sys_dup);
+
+ static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
+ int force)
+--- a/include/linux/miscdevice.h
++++ b/include/linux/miscdevice.h
+@@ -12,6 +12,7 @@
+ #define APOLLO_MOUSE_MINOR 7
+ #define PC110PAD_MINOR 9
+ /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
++#define CRYPTODEV_MINOR 70 /* /dev/crypto */
+ #define WATCHDOG_MINOR 130 /* Watchdog timer */
+ #define TEMP_MINOR 131 /* Temperature Sensor */
+ #define RTC_MINOR 135
+--- a/include/linux/random.h
++++ b/include/linux/random.h
+@@ -50,6 +50,10 @@ extern void add_input_randomness(unsigne
+ unsigned int value);
+ extern void add_interrupt_randomness(int irq);
+
++extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
++extern int random_input_wait(void);
++#define HAS_RANDOM_INPUT_WAIT 1
++
+ extern void get_random_bytes(void *buf, int nbytes);
+ void generate_random_uuid(unsigned char uuid_out[16]);
+
+--- a/kernel/pid.c
++++ b/kernel/pid.c
+@@ -387,6 +387,7 @@ struct task_struct *find_task_by_vpid(pi
+ {
+ return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
+ }
++EXPORT_SYMBOL(find_task_by_vpid);
+
+ struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
+ {
+++ /dev/null
---- a/drivers/char/random.c
-+++ b/drivers/char/random.c
-@@ -129,6 +129,9 @@
- * unsigned int value);
- * void add_interrupt_randomness(int irq);
- *
-+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
-+ * int random_input_wait(void);
-+ *
- * add_input_randomness() uses the input layer interrupt timing, as well as
- * the event type information from the hardware.
- *
-@@ -140,6 +143,13 @@
- * a better measure, since the timing of the disk interrupts are more
- * unpredictable.
- *
-+ * random_input_words() just provides a raw block of entropy to the input
-+ * pool, such as from a hardware entropy generator.
-+ *
-+ * random_input_wait() suspends the caller until such time as the
-+ * entropy pool falls below the write threshold, and returns a count of how
-+ * much entropy (in bits) is needed to sustain the pool.
-+ *
- * All of these routines try to estimate how many bits of randomness a
- * particular randomness source. They do this by keeping track of the
- * first and second order deltas of the event timings.
-@@ -714,6 +724,61 @@ void add_disk_randomness(struct gendisk
- }
- #endif
-
-+/*
-+ * random_input_words - add bulk entropy to pool
-+ *
-+ * @buf: buffer to add
-+ * @wordcount: number of __u32 words to add
-+ * @ent_count: total amount of entropy (in bits) to credit
-+ *
-+ * this provides bulk input of entropy to the input pool
-+ *
-+ */
-+void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
-+{
-+ mix_pool_bytes(&input_pool, buf, wordcount*4);
-+
-+ credit_entropy_bits(&input_pool, ent_count);
-+
-+ DEBUG_ENT("crediting %d bits => %d\n",
-+ ent_count, input_pool.entropy_count);
-+ /*
-+ * Wake up waiting processes if we have enough
-+ * entropy.
-+ */
-+ if (input_pool.entropy_count >= random_read_wakeup_thresh)
-+ wake_up_interruptible(&random_read_wait);
-+}
-+EXPORT_SYMBOL(random_input_words);
-+
-+/*
-+ * random_input_wait - wait until random needs entropy
-+ *
-+ * this function sleeps until the /dev/random subsystem actually
-+ * needs more entropy, and then return the amount of entropy
-+ * that it would be nice to have added to the system.
-+ */
-+int random_input_wait(void)
-+{
-+ int count;
-+
-+ wait_event_interruptible(random_write_wait,
-+ input_pool.entropy_count < random_write_wakeup_thresh);
-+
-+ count = random_write_wakeup_thresh - input_pool.entropy_count;
-+
-+ /* likely we got woken up due to a signal */
-+ if (count <= 0) count = random_read_wakeup_thresh;
-+
-+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
-+ count,
-+ input_pool.entropy_count, random_write_wakeup_thresh);
-+
-+ return count;
-+}
-+EXPORT_SYMBOL(random_input_wait);
-+
-+
- #define EXTRACT_SIZE 10
-
- /*********************************************************************
---- a/fs/fcntl.c
-+++ b/fs/fcntl.c
-@@ -141,6 +141,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
- }
- return ret;
- }
-+EXPORT_SYMBOL(sys_dup);
-
- #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
-
---- a/include/linux/miscdevice.h
-+++ b/include/linux/miscdevice.h
-@@ -12,6 +12,7 @@
- #define APOLLO_MOUSE_MINOR 7
- #define PC110PAD_MINOR 9
- /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
-+#define CRYPTODEV_MINOR 70 /* /dev/crypto */
- #define WATCHDOG_MINOR 130 /* Watchdog timer */
- #define TEMP_MINOR 131 /* Temperature Sensor */
- #define RTC_MINOR 135
---- a/include/linux/random.h
-+++ b/include/linux/random.h
-@@ -9,6 +9,7 @@
-
- #include <linux/types.h>
- #include <linux/ioctl.h>
-+#include <linux/types.h> /* for __u32 in user space */
- #include <linux/irqnr.h>
-
- /* ioctl()'s for the random number generator */
-@@ -34,6 +35,30 @@
- /* Clear the entropy pool and associated counters. (Superuser only.) */
- #define RNDCLEARPOOL _IO( 'R', 0x06 )
-
-+#ifdef CONFIG_FIPS_RNG
-+
-+/* Size of seed value - equal to AES blocksize */
-+#define AES_BLOCK_SIZE_BYTES 16
-+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES
-+/* Size of AES key */
-+#define KEY_SIZE_BYTES 16
-+
-+/* ioctl() structure used by FIPS 140-2 Tests */
-+struct rand_fips_test {
-+ unsigned char key[KEY_SIZE_BYTES]; /* Input */
-+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */
-+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */
-+ unsigned char result[SEED_SIZE_BYTES]; /* Output */
-+};
-+
-+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */
-+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test)
-+
-+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */
-+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test)
-+
-+#endif /* #ifdef CONFIG_FIPS_RNG */
-+
- struct rand_pool_info {
- int entropy_count;
- int buf_size;
-@@ -50,6 +75,10 @@ extern void add_input_randomness(unsigne
- unsigned int value);
- extern void add_interrupt_randomness(int irq);
-
-+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
-+extern int random_input_wait(void);
-+#define HAS_RANDOM_INPUT_WAIT 1
-+
- extern void get_random_bytes(void *buf, int nbytes);
- void generate_random_uuid(unsigned char uuid_out[16]);
-
---- a/kernel/pid.c
-+++ b/kernel/pid.c
-@@ -387,6 +387,7 @@ struct task_struct *find_task_by_vpid(pi
- {
- return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
- }
-+EXPORT_SYMBOL(find_task_by_vpid);
-
- struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
- {
--- /dev/null
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -129,6 +129,9 @@
+ * unsigned int value);
+ * void add_interrupt_randomness(int irq);
+ *
++ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
++ * int random_input_wait(void);
++ *
+ * add_input_randomness() uses the input layer interrupt timing, as well as
+ * the event type information from the hardware.
+ *
+@@ -140,6 +143,13 @@
+ * a better measure, since the timing of the disk interrupts are more
+ * unpredictable.
+ *
++ * random_input_words() just provides a raw block of entropy to the input
++ * pool, such as from a hardware entropy generator.
++ *
++ * random_input_wait() suspends the caller until such time as the
++ * entropy pool falls below the write threshold, and returns a count of how
++ * much entropy (in bits) is needed to sustain the pool.
++ *
+ * All of these routines try to estimate how many bits of randomness a
+ * particular randomness source. They do this by keeping track of the
+ * first and second order deltas of the event timings.
+@@ -714,6 +724,61 @@ void add_disk_randomness(struct gendisk
+ }
+ #endif
+
++/*
++ * random_input_words - add bulk entropy to pool
++ *
++ * @buf: buffer to add
++ * @wordcount: number of __u32 words to add
++ * @ent_count: total amount of entropy (in bits) to credit
++ *
++ * this provides bulk input of entropy to the input pool
++ *
++ */
++void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
++{
++ mix_pool_bytes(&input_pool, buf, wordcount*4);
++
++ credit_entropy_bits(&input_pool, ent_count);
++
++ DEBUG_ENT("crediting %d bits => %d\n",
++ ent_count, input_pool.entropy_count);
++ /*
++ * Wake up waiting processes if we have enough
++ * entropy.
++ */
++ if (input_pool.entropy_count >= random_read_wakeup_thresh)
++ wake_up_interruptible(&random_read_wait);
++}
++EXPORT_SYMBOL(random_input_words);
++
++/*
++ * random_input_wait - wait until random needs entropy
++ *
++ * this function sleeps until the /dev/random subsystem actually
++ * needs more entropy, and then return the amount of entropy
++ * that it would be nice to have added to the system.
++ */
++int random_input_wait(void)
++{
++ int count;
++
++ wait_event_interruptible(random_write_wait,
++ input_pool.entropy_count < random_write_wakeup_thresh);
++
++ count = random_write_wakeup_thresh - input_pool.entropy_count;
++
++ /* likely we got woken up due to a signal */
++ if (count <= 0) count = random_read_wakeup_thresh;
++
++ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
++ count,
++ input_pool.entropy_count, random_write_wakeup_thresh);
++
++ return count;
++}
++EXPORT_SYMBOL(random_input_wait);
++
++
+ #define EXTRACT_SIZE 10
+
+ /*********************************************************************
+--- a/fs/fcntl.c
++++ b/fs/fcntl.c
+@@ -195,6 +195,7 @@ static int setfl(int fd, struct file * f
+ out:
+ return error;
+ }
++EXPORT_SYMBOL(sys_dup);
+
+ static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
+ int force)
+--- a/include/linux/miscdevice.h
++++ b/include/linux/miscdevice.h
+@@ -12,6 +12,7 @@
+ #define APOLLO_MOUSE_MINOR 7
+ #define PC110PAD_MINOR 9
+ /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
++#define CRYPTODEV_MINOR 70 /* /dev/crypto */
+ #define WATCHDOG_MINOR 130 /* Watchdog timer */
+ #define TEMP_MINOR 131 /* Temperature Sensor */
+ #define RTC_MINOR 135
+--- a/include/linux/random.h
++++ b/include/linux/random.h
+@@ -50,6 +50,10 @@ extern void add_input_randomness(unsigne
+ unsigned int value);
+ extern void add_interrupt_randomness(int irq);
+
++extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
++extern int random_input_wait(void);
++#define HAS_RANDOM_INPUT_WAIT 1
++
+ extern void get_random_bytes(void *buf, int nbytes);
+ void generate_random_uuid(unsigned char uuid_out[16]);
+
+--- a/kernel/pid.c
++++ b/kernel/pid.c
+@@ -387,6 +387,7 @@ struct task_struct *find_task_by_vpid(pi
+ {
+ return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
+ }
++EXPORT_SYMBOL(find_task_by_vpid);
+
+ struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
+ {
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
-@@ -849,3 +849,6 @@ config CRYPTO_ANSI_CPRNG
+@@ -845,3 +845,6 @@ config CRYPTO_ANSI_CPRNG
source "drivers/crypto/Kconfig"
endif # if CRYPTO
+++ /dev/null
---- a/drivers/char/random.c
-+++ b/drivers/char/random.c
-@@ -129,6 +129,9 @@
- * unsigned int value);
- * void add_interrupt_randomness(int irq);
- *
-+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
-+ * int random_input_wait(void);
-+ *
- * add_input_randomness() uses the input layer interrupt timing, as well as
- * the event type information from the hardware.
- *
-@@ -140,6 +143,13 @@
- * a better measure, since the timing of the disk interrupts are more
- * unpredictable.
- *
-+ * random_input_words() just provides a raw block of entropy to the input
-+ * pool, such as from a hardware entropy generator.
-+ *
-+ * random_input_wait() suspends the caller until such time as the
-+ * entropy pool falls below the write threshold, and returns a count of how
-+ * much entropy (in bits) is needed to sustain the pool.
-+ *
- * All of these routines try to estimate how many bits of randomness a
- * particular randomness source. They do this by keeping track of the
- * first and second order deltas of the event timings.
-@@ -715,6 +725,61 @@ void add_disk_randomness(struct gendisk
- }
- #endif
-
-+/*
-+ * random_input_words - add bulk entropy to pool
-+ *
-+ * @buf: buffer to add
-+ * @wordcount: number of __u32 words to add
-+ * @ent_count: total amount of entropy (in bits) to credit
-+ *
-+ * this provides bulk input of entropy to the input pool
-+ *
-+ */
-+void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
-+{
-+ mix_pool_bytes(&input_pool, buf, wordcount*4);
-+
-+ credit_entropy_bits(&input_pool, ent_count);
-+
-+ DEBUG_ENT("crediting %d bits => %d\n",
-+ ent_count, input_pool.entropy_count);
-+ /*
-+ * Wake up waiting processes if we have enough
-+ * entropy.
-+ */
-+ if (input_pool.entropy_count >= random_read_wakeup_thresh)
-+ wake_up_interruptible(&random_read_wait);
-+}
-+EXPORT_SYMBOL(random_input_words);
-+
-+/*
-+ * random_input_wait - wait until random needs entropy
-+ *
-+ * this function sleeps until the /dev/random subsystem actually
-+ * needs more entropy, and then return the amount of entropy
-+ * that it would be nice to have added to the system.
-+ */
-+int random_input_wait(void)
-+{
-+ int count;
-+
-+ wait_event_interruptible(random_write_wait,
-+ input_pool.entropy_count < random_write_wakeup_thresh);
-+
-+ count = random_write_wakeup_thresh - input_pool.entropy_count;
-+
-+ /* likely we got woken up due to a signal */
-+ if (count <= 0) count = random_read_wakeup_thresh;
-+
-+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
-+ count,
-+ input_pool.entropy_count, random_write_wakeup_thresh);
-+
-+ return count;
-+}
-+EXPORT_SYMBOL(random_input_wait);
-+
-+
- /*********************************************************************
- *
- * Entropy extraction routines
---- a/fs/fcntl.c
-+++ b/fs/fcntl.c
-@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
- }
- return ret;
- }
-+EXPORT_SYMBOL(sys_dup);
-
- #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
-
---- a/include/linux/miscdevice.h
-+++ b/include/linux/miscdevice.h
-@@ -18,6 +18,7 @@
- #define APOLLO_MOUSE_MINOR 7
- #define PC110PAD_MINOR 9
- /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
-+#define CRYPTODEV_MINOR 70 /* /dev/crypto */
- #define WATCHDOG_MINOR 130 /* Watchdog timer */
- #define TEMP_MINOR 131 /* Temperature Sensor */
- #define RTC_MINOR 135
---- a/include/linux/random.h
-+++ b/include/linux/random.h
-@@ -9,6 +9,7 @@
-
- #include <linux/types.h>
- #include <linux/ioctl.h>
-+#include <linux/types.h> /* for __u32 in user space */
- #include <linux/irqnr.h>
-
- /* ioctl()'s for the random number generator */
-@@ -34,6 +35,30 @@
- /* Clear the entropy pool and associated counters. (Superuser only.) */
- #define RNDCLEARPOOL _IO( 'R', 0x06 )
-
-+#ifdef CONFIG_FIPS_RNG
-+
-+/* Size of seed value - equal to AES blocksize */
-+#define AES_BLOCK_SIZE_BYTES 16
-+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES
-+/* Size of AES key */
-+#define KEY_SIZE_BYTES 16
-+
-+/* ioctl() structure used by FIPS 140-2 Tests */
-+struct rand_fips_test {
-+ unsigned char key[KEY_SIZE_BYTES]; /* Input */
-+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */
-+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */
-+ unsigned char result[SEED_SIZE_BYTES]; /* Output */
-+};
-+
-+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */
-+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test)
-+
-+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */
-+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test)
-+
-+#endif /* #ifdef CONFIG_FIPS_RNG */
-+
- struct rand_pool_info {
- int entropy_count;
- int buf_size;
-@@ -54,6 +79,10 @@ extern void add_input_randomness(unsigne
- unsigned int value);
- extern void add_interrupt_randomness(int irq);
-
-+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
-+extern int random_input_wait(void);
-+#define HAS_RANDOM_INPUT_WAIT 1
-+
- extern void get_random_bytes(void *buf, int nbytes);
- void generate_random_uuid(unsigned char uuid_out[16]);
-
---- a/kernel/pid.c
-+++ b/kernel/pid.c
-@@ -423,6 +423,7 @@ struct task_struct *find_task_by_vpid(pi
- {
- return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
- }
-+EXPORT_SYMBOL(find_task_by_vpid);
-
- struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
- {
--- /dev/null
+--- a/kernel/pid.c
++++ b/kernel/pid.c
+@@ -423,6 +423,7 @@ struct task_struct *find_task_by_vpid(pi
+ {
+ return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
+ }
++EXPORT_SYMBOL(find_task_by_vpid);
+
+ struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
+ {
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -129,6 +129,9 @@
+ * unsigned int value);
+ * void add_interrupt_randomness(int irq);
+ *
++ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
++ * int random_input_wait(void);
++ *
+ * add_input_randomness() uses the input layer interrupt timing, as well as
+ * the event type information from the hardware.
+ *
+@@ -140,6 +143,13 @@
+ * a better measure, since the timing of the disk interrupts are more
+ * unpredictable.
+ *
++ * random_input_words() just provides a raw block of entropy to the input
++ * pool, such as from a hardware entropy generator.
++ *
++ * random_input_wait() suspends the caller until such time as the
++ * entropy pool falls below the write threshold, and returns a count of how
++ * much entropy (in bits) is needed to sustain the pool.
++ *
+ * All of these routines try to estimate how many bits of randomness a
+ * particular randomness source. They do this by keeping track of the
+ * first and second order deltas of the event timings.
+@@ -715,6 +725,63 @@ void add_disk_randomness(struct gendisk
+ }
+ #endif
+
++/*
++ * random_input_words - add bulk entropy to pool
++ *
++ * @buf: buffer to add
++ * @wordcount: number of __u32 words to add
++ * @ent_count: total amount of entropy (in bits) to credit
++ *
++ * this provides bulk input of entropy to the input pool
++ *
++ */
++void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
++{
++ mix_pool_bytes(&input_pool, buf, wordcount*4);
++
++ credit_entropy_bits(&input_pool, ent_count);
++
++ DEBUG_ENT("crediting %d bits => %d\n",
++ ent_count, input_pool.entropy_count);
++ /*
++ * Wake up waiting processes if we have enough
++ * entropy.
++ */
++ if (input_pool.entropy_count >= random_read_wakeup_thresh)
++ wake_up_interruptible(&random_read_wait);
++}
++EXPORT_SYMBOL(random_input_words);
++
++/*
++ * random_input_wait - wait until random needs entropy
++ *
++ * this function sleeps until the /dev/random subsystem actually
++ * needs more entropy, and then return the amount of entropy
++ * that it would be nice to have added to the system.
++ */
++int random_input_wait(void)
++{
++ int count;
++
++ wait_event_interruptible(random_write_wait,
++ input_pool.entropy_count < random_write_wakeup_thresh);
++
++ count = random_write_wakeup_thresh - input_pool.entropy_count;
++
++ /* likely we got woken up due to a signal */
++ if (count <= 0) count = random_read_wakeup_thresh;
++
++ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
++ count,
++ input_pool.entropy_count, random_write_wakeup_thresh);
++
++ return count;
++}
++EXPORT_SYMBOL(random_input_wait);
++
++
++#define EXTRACT_SIZE 10
++
+ /*********************************************************************
+ *
+ * Entropy extraction routines
+--- a/fs/fcntl.c
++++ b/fs/fcntl.c
+@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
+ }
+ return ret;
+ }
++EXPORT_SYMBOL(sys_dup);
+
+ #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
+
+--- a/include/linux/miscdevice.h
++++ b/include/linux/miscdevice.h
+@@ -18,6 +18,7 @@
+ #define APOLLO_MOUSE_MINOR 7
+ #define PC110PAD_MINOR 9
+ /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
++#define CRYPTODEV_MINOR 70 /* /dev/crypto */
+ #define WATCHDOG_MINOR 130 /* Watchdog timer */
+ #define TEMP_MINOR 131 /* Temperature Sensor */
+ #define RTC_MINOR 135
+--- a/include/linux/random.h
++++ b/include/linux/random.h
+@@ -54,6 +54,10 @@ extern void add_input_randomness(unsigne
+ unsigned int value);
+ extern void add_interrupt_randomness(int irq);
+
++extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
++extern int random_input_wait(void);
++#define HAS_RANDOM_INPUT_WAIT 1
++
+ extern void get_random_bytes(void *buf, int nbytes);
+ void generate_random_uuid(unsigned char uuid_out[16]);
+
+++ /dev/null
---- a/drivers/char/random.c
-+++ b/drivers/char/random.c
-@@ -129,6 +129,9 @@
- * unsigned int value);
- * void add_interrupt_randomness(int irq);
- *
-+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
-+ * int random_input_wait(void);
-+ *
- * add_input_randomness() uses the input layer interrupt timing, as well as
- * the event type information from the hardware.
- *
-@@ -140,6 +143,13 @@
- * a better measure, since the timing of the disk interrupts are more
- * unpredictable.
- *
-+ * random_input_words() just provides a raw block of entropy to the input
-+ * pool, such as from a hardware entropy generator.
-+ *
-+ * random_input_wait() suspends the caller until such time as the
-+ * entropy pool falls below the write threshold, and returns a count of how
-+ * much entropy (in bits) is needed to sustain the pool.
-+ *
- * All of these routines try to estimate how many bits of randomness a
- * particular randomness source. They do this by keeping track of the
- * first and second order deltas of the event timings.
-@@ -715,6 +725,61 @@ void add_disk_randomness(struct gendisk
- }
- #endif
-
-+/*
-+ * random_input_words - add bulk entropy to pool
-+ *
-+ * @buf: buffer to add
-+ * @wordcount: number of __u32 words to add
-+ * @ent_count: total amount of entropy (in bits) to credit
-+ *
-+ * this provides bulk input of entropy to the input pool
-+ *
-+ */
-+void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
-+{
-+ mix_pool_bytes(&input_pool, buf, wordcount*4);
-+
-+ credit_entropy_bits(&input_pool, ent_count);
-+
-+ DEBUG_ENT("crediting %d bits => %d\n",
-+ ent_count, input_pool.entropy_count);
-+ /*
-+ * Wake up waiting processes if we have enough
-+ * entropy.
-+ */
-+ if (input_pool.entropy_count >= random_read_wakeup_thresh)
-+ wake_up_interruptible(&random_read_wait);
-+}
-+EXPORT_SYMBOL(random_input_words);
-+
-+/*
-+ * random_input_wait - wait until random needs entropy
-+ *
-+ * this function sleeps until the /dev/random subsystem actually
-+ * needs more entropy, and then return the amount of entropy
-+ * that it would be nice to have added to the system.
-+ */
-+int random_input_wait(void)
-+{
-+ int count;
-+
-+ wait_event_interruptible(random_write_wait,
-+ input_pool.entropy_count < random_write_wakeup_thresh);
-+
-+ count = random_write_wakeup_thresh - input_pool.entropy_count;
-+
-+ /* likely we got woken up due to a signal */
-+ if (count <= 0) count = random_read_wakeup_thresh;
-+
-+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
-+ count,
-+ input_pool.entropy_count, random_write_wakeup_thresh);
-+
-+ return count;
-+}
-+EXPORT_SYMBOL(random_input_wait);
-+
-+
- /*********************************************************************
- *
- * Entropy extraction routines
---- a/fs/fcntl.c
-+++ b/fs/fcntl.c
-@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
- }
- return ret;
- }
-+EXPORT_SYMBOL(sys_dup);
-
- #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
-
---- a/include/linux/miscdevice.h
-+++ b/include/linux/miscdevice.h
-@@ -18,6 +18,7 @@
- #define APOLLO_MOUSE_MINOR 7
- #define PC110PAD_MINOR 9
- /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
-+#define CRYPTODEV_MINOR 70 /* /dev/crypto */
- #define WATCHDOG_MINOR 130 /* Watchdog timer */
- #define TEMP_MINOR 131 /* Temperature Sensor */
- #define RTC_MINOR 135
---- a/include/linux/random.h
-+++ b/include/linux/random.h
-@@ -9,6 +9,7 @@
-
- #include <linux/types.h>
- #include <linux/ioctl.h>
-+#include <linux/types.h> /* for __u32 in user space */
- #include <linux/irqnr.h>
-
- /* ioctl()'s for the random number generator */
-@@ -34,6 +35,30 @@
- /* Clear the entropy pool and associated counters. (Superuser only.) */
- #define RNDCLEARPOOL _IO( 'R', 0x06 )
-
-+#ifdef CONFIG_FIPS_RNG
-+
-+/* Size of seed value - equal to AES blocksize */
-+#define AES_BLOCK_SIZE_BYTES 16
-+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES
-+/* Size of AES key */
-+#define KEY_SIZE_BYTES 16
-+
-+/* ioctl() structure used by FIPS 140-2 Tests */
-+struct rand_fips_test {
-+ unsigned char key[KEY_SIZE_BYTES]; /* Input */
-+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */
-+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */
-+ unsigned char result[SEED_SIZE_BYTES]; /* Output */
-+};
-+
-+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */
-+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test)
-+
-+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */
-+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test)
-+
-+#endif /* #ifdef CONFIG_FIPS_RNG */
-+
- struct rand_pool_info {
- int entropy_count;
- int buf_size;
-@@ -54,6 +79,10 @@ extern void add_input_randomness(unsigne
- unsigned int value);
- extern void add_interrupt_randomness(int irq);
-
-+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
-+extern int random_input_wait(void);
-+#define HAS_RANDOM_INPUT_WAIT 1
-+
- extern void get_random_bytes(void *buf, int nbytes);
- void generate_random_uuid(unsigned char uuid_out[16]);
-
---- a/kernel/pid.c
-+++ b/kernel/pid.c
-@@ -424,6 +424,7 @@ struct task_struct *find_task_by_vpid(pi
- {
- return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
- }
-+EXPORT_SYMBOL(find_task_by_vpid);
-
- struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
- {
--- /dev/null
+--- a/kernel/pid.c
++++ b/kernel/pid.c
+@@ -424,6 +424,7 @@ struct task_struct *find_task_by_vpid(pi
+ {
+ return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
+ }
++EXPORT_SYMBOL(find_task_by_vpid);
+
+ struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
+ {
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -129,6 +129,9 @@
+ * unsigned int value);
+ * void add_interrupt_randomness(int irq);
+ *
++ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
++ * int random_input_wait(void);
++ *
+ * add_input_randomness() uses the input layer interrupt timing, as well as
+ * the event type information from the hardware.
+ *
+@@ -140,6 +143,13 @@
+ * a better measure, since the timing of the disk interrupts are more
+ * unpredictable.
+ *
++ * random_input_words() just provides a raw block of entropy to the input
++ * pool, such as from a hardware entropy generator.
++ *
++ * random_input_wait() suspends the caller until such time as the
++ * entropy pool falls below the write threshold, and returns a count of how
++ * much entropy (in bits) is needed to sustain the pool.
++ *
+ * All of these routines try to estimate how many bits of randomness a
+ * particular randomness source. They do this by keeping track of the
+ * first and second order deltas of the event timings.
+@@ -715,6 +725,63 @@ void add_disk_randomness(struct gendisk
+ }
+ #endif
+
++/*
++ * random_input_words - add bulk entropy to pool
++ *
++ * @buf: buffer to add
++ * @wordcount: number of __u32 words to add
++ * @ent_count: total amount of entropy (in bits) to credit
++ *
++ * this provides bulk input of entropy to the input pool
++ *
++ */
++void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
++{
++ mix_pool_bytes(&input_pool, buf, wordcount*4);
++
++ credit_entropy_bits(&input_pool, ent_count);
++
++ DEBUG_ENT("crediting %d bits => %d\n",
++ ent_count, input_pool.entropy_count);
++ /*
++ * Wake up waiting processes if we have enough
++ * entropy.
++ */
++ if (input_pool.entropy_count >= random_read_wakeup_thresh)
++ wake_up_interruptible(&random_read_wait);
++}
++EXPORT_SYMBOL(random_input_words);
++
++/*
++ * random_input_wait - wait until random needs entropy
++ *
++ * this function sleeps until the /dev/random subsystem actually
++ * needs more entropy, and then return the amount of entropy
++ * that it would be nice to have added to the system.
++ */
++int random_input_wait(void)
++{
++ int count;
++
++ wait_event_interruptible(random_write_wait,
++ input_pool.entropy_count < random_write_wakeup_thresh);
++
++ count = random_write_wakeup_thresh - input_pool.entropy_count;
++
++ /* likely we got woken up due to a signal */
++ if (count <= 0) count = random_read_wakeup_thresh;
++
++ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
++ count,
++ input_pool.entropy_count, random_write_wakeup_thresh);
++
++ return count;
++}
++EXPORT_SYMBOL(random_input_wait);
++
++
++#define EXTRACT_SIZE 10
++
+ /*********************************************************************
+ *
+ * Entropy extraction routines
+--- a/fs/fcntl.c
++++ b/fs/fcntl.c
+@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
+ }
+ return ret;
+ }
++EXPORT_SYMBOL(sys_dup);
+
+ #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
+
+--- a/include/linux/miscdevice.h
++++ b/include/linux/miscdevice.h
+@@ -18,6 +18,7 @@
+ #define APOLLO_MOUSE_MINOR 7
+ #define PC110PAD_MINOR 9
+ /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
++#define CRYPTODEV_MINOR 70 /* /dev/crypto */
+ #define WATCHDOG_MINOR 130 /* Watchdog timer */
+ #define TEMP_MINOR 131 /* Temperature Sensor */
+ #define RTC_MINOR 135
+--- a/include/linux/random.h
++++ b/include/linux/random.h
+@@ -54,6 +54,10 @@ extern void add_input_randomness(unsigne
+ unsigned int value);
+ extern void add_interrupt_randomness(int irq);
+
++extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
++extern int random_input_wait(void);
++#define HAS_RANDOM_INPUT_WAIT 1
++
+ extern void get_random_bytes(void *buf, int nbytes);
+ void generate_random_uuid(unsigned char uuid_out[16]);
+
+++ /dev/null
---- a/drivers/char/random.c
-+++ b/drivers/char/random.c
-@@ -129,6 +129,9 @@
- * unsigned int value);
- * void add_interrupt_randomness(int irq);
- *
-+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
-+ * int random_input_wait(void);
-+ *
- * add_input_randomness() uses the input layer interrupt timing, as well as
- * the event type information from the hardware.
- *
-@@ -140,6 +143,13 @@
- * a better measure, since the timing of the disk interrupts are more
- * unpredictable.
- *
-+ * random_input_words() just provides a raw block of entropy to the input
-+ * pool, such as from a hardware entropy generator.
-+ *
-+ * random_input_wait() suspends the caller until such time as the
-+ * entropy pool falls below the write threshold, and returns a count of how
-+ * much entropy (in bits) is needed to sustain the pool.
-+ *
- * All of these routines try to estimate how many bits of randomness a
- * particular randomness source. They do this by keeping track of the
- * first and second order deltas of the event timings.
-@@ -715,6 +725,61 @@ void add_disk_randomness(struct gendisk
- }
- #endif
-
-+/*
-+ * random_input_words - add bulk entropy to pool
-+ *
-+ * @buf: buffer to add
-+ * @wordcount: number of __u32 words to add
-+ * @ent_count: total amount of entropy (in bits) to credit
-+ *
-+ * this provides bulk input of entropy to the input pool
-+ *
-+ */
-+void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
-+{
-+ mix_pool_bytes(&input_pool, buf, wordcount*4);
-+
-+ credit_entropy_bits(&input_pool, ent_count);
-+
-+ DEBUG_ENT("crediting %d bits => %d\n",
-+ ent_count, input_pool.entropy_count);
-+ /*
-+ * Wake up waiting processes if we have enough
-+ * entropy.
-+ */
-+ if (input_pool.entropy_count >= random_read_wakeup_thresh)
-+ wake_up_interruptible(&random_read_wait);
-+}
-+EXPORT_SYMBOL(random_input_words);
-+
-+/*
-+ * random_input_wait - wait until random needs entropy
-+ *
-+ * this function sleeps until the /dev/random subsystem actually
-+ * needs more entropy, and then return the amount of entropy
-+ * that it would be nice to have added to the system.
-+ */
-+int random_input_wait(void)
-+{
-+ int count;
-+
-+ wait_event_interruptible(random_write_wait,
-+ input_pool.entropy_count < random_write_wakeup_thresh);
-+
-+ count = random_write_wakeup_thresh - input_pool.entropy_count;
-+
-+ /* likely we got woken up due to a signal */
-+ if (count <= 0) count = random_read_wakeup_thresh;
-+
-+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
-+ count,
-+ input_pool.entropy_count, random_write_wakeup_thresh);
-+
-+ return count;
-+}
-+EXPORT_SYMBOL(random_input_wait);
-+
-+
- /*********************************************************************
- *
- * Entropy extraction routines
---- a/fs/fcntl.c
-+++ b/fs/fcntl.c
-@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
- }
- return ret;
- }
-+EXPORT_SYMBOL(sys_dup);
-
- #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
-
---- a/include/linux/miscdevice.h
-+++ b/include/linux/miscdevice.h
-@@ -18,6 +18,7 @@
- #define APOLLO_MOUSE_MINOR 7
- #define PC110PAD_MINOR 9
- /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
-+#define CRYPTODEV_MINOR 70 /* /dev/crypto */
- #define WATCHDOG_MINOR 130 /* Watchdog timer */
- #define TEMP_MINOR 131 /* Temperature Sensor */
- #define RTC_MINOR 135
---- a/include/linux/random.h
-+++ b/include/linux/random.h
-@@ -9,6 +9,7 @@
-
- #include <linux/types.h>
- #include <linux/ioctl.h>
-+#include <linux/types.h> /* for __u32 in user space */
- #include <linux/irqnr.h>
-
- /* ioctl()'s for the random number generator */
-@@ -34,6 +35,30 @@
- /* Clear the entropy pool and associated counters. (Superuser only.) */
- #define RNDCLEARPOOL _IO( 'R', 0x06 )
-
-+#ifdef CONFIG_FIPS_RNG
-+
-+/* Size of seed value - equal to AES blocksize */
-+#define AES_BLOCK_SIZE_BYTES 16
-+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES
-+/* Size of AES key */
-+#define KEY_SIZE_BYTES 16
-+
-+/* ioctl() structure used by FIPS 140-2 Tests */
-+struct rand_fips_test {
-+ unsigned char key[KEY_SIZE_BYTES]; /* Input */
-+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */
-+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */
-+ unsigned char result[SEED_SIZE_BYTES]; /* Output */
-+};
-+
-+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */
-+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test)
-+
-+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */
-+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test)
-+
-+#endif /* #ifdef CONFIG_FIPS_RNG */
-+
- struct rand_pool_info {
- int entropy_count;
- int buf_size;
-@@ -54,6 +79,10 @@ extern void add_input_randomness(unsigne
- unsigned int value);
- extern void add_interrupt_randomness(int irq);
-
-+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
-+extern int random_input_wait(void);
-+#define HAS_RANDOM_INPUT_WAIT 1
-+
- extern void get_random_bytes(void *buf, int nbytes);
- void generate_random_uuid(unsigned char uuid_out[16]);
-
---- a/kernel/pid.c
-+++ b/kernel/pid.c
-@@ -427,6 +427,7 @@ struct task_struct *find_task_by_vpid(pi
- {
- return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
- }
-+EXPORT_SYMBOL(find_task_by_vpid);
-
- struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
- {
--- /dev/null
+--- a/kernel/pid.c
++++ b/kernel/pid.c
+@@ -427,6 +427,7 @@ struct task_struct *find_task_by_vpid(pi
+ {
+ return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
+ }
++EXPORT_SYMBOL(find_task_by_vpid);
+
+ struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
+ {
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -129,6 +129,9 @@
+ * unsigned int value);
+ * void add_interrupt_randomness(int irq);
+ *
++ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
++ * int random_input_wait(void);
++ *
+ * add_input_randomness() uses the input layer interrupt timing, as well as
+ * the event type information from the hardware.
+ *
+@@ -140,6 +143,13 @@
+ * a better measure, since the timing of the disk interrupts are more
+ * unpredictable.
+ *
++ * random_input_words() just provides a raw block of entropy to the input
++ * pool, such as from a hardware entropy generator.
++ *
++ * random_input_wait() suspends the caller until such time as the
++ * entropy pool falls below the write threshold, and returns a count of how
++ * much entropy (in bits) is needed to sustain the pool.
++ *
+ * All of these routines try to estimate how many bits of randomness a
+ * particular randomness source. They do this by keeping track of the
+ * first and second order deltas of the event timings.
+@@ -715,6 +725,63 @@ void add_disk_randomness(struct gendisk
+ }
+ #endif
+
++/*
++ * random_input_words - add bulk entropy to pool
++ *
++ * @buf: buffer to add
++ * @wordcount: number of __u32 words to add
++ * @ent_count: total amount of entropy (in bits) to credit
++ *
++ * this provides bulk input of entropy to the input pool
++ *
++ */
++void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
++{
++ mix_pool_bytes(&input_pool, buf, wordcount*4);
++
++ credit_entropy_bits(&input_pool, ent_count);
++
++ DEBUG_ENT("crediting %d bits => %d\n",
++ ent_count, input_pool.entropy_count);
++ /*
++ * Wake up waiting processes if we have enough
++ * entropy.
++ */
++ if (input_pool.entropy_count >= random_read_wakeup_thresh)
++ wake_up_interruptible(&random_read_wait);
++}
++EXPORT_SYMBOL(random_input_words);
++
++/*
++ * random_input_wait - wait until random needs entropy
++ *
++ * this function sleeps until the /dev/random subsystem actually
++ * needs more entropy, and then return the amount of entropy
++ * that it would be nice to have added to the system.
++ */
++int random_input_wait(void)
++{
++ int count;
++
++ wait_event_interruptible(random_write_wait,
++ input_pool.entropy_count < random_write_wakeup_thresh);
++
++ count = random_write_wakeup_thresh - input_pool.entropy_count;
++
++ /* likely we got woken up due to a signal */
++ if (count <= 0) count = random_read_wakeup_thresh;
++
++ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
++ count,
++ input_pool.entropy_count, random_write_wakeup_thresh);
++
++ return count;
++}
++EXPORT_SYMBOL(random_input_wait);
++
++
++#define EXTRACT_SIZE 10
++
+ /*********************************************************************
+ *
+ * Entropy extraction routines
+--- a/fs/fcntl.c
++++ b/fs/fcntl.c
+@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
+ }
+ return ret;
+ }
++EXPORT_SYMBOL(sys_dup);
+
+ #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
+
+--- a/include/linux/miscdevice.h
++++ b/include/linux/miscdevice.h
+@@ -18,6 +18,7 @@
+ #define APOLLO_MOUSE_MINOR 7
+ #define PC110PAD_MINOR 9
+ /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
++#define CRYPTODEV_MINOR 70 /* /dev/crypto */
+ #define WATCHDOG_MINOR 130 /* Watchdog timer */
+ #define TEMP_MINOR 131 /* Temperature Sensor */
+ #define RTC_MINOR 135
+--- a/include/linux/random.h
++++ b/include/linux/random.h
+@@ -54,6 +54,10 @@ extern void add_input_randomness(unsigne
+ unsigned int value);
+ extern void add_interrupt_randomness(int irq);
+
++extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
++extern int random_input_wait(void);
++#define HAS_RANDOM_INPUT_WAIT 1
++
+ extern void get_random_bytes(void *buf, int nbytes);
+ void generate_random_uuid(unsigned char uuid_out[16]);
+
+++ /dev/null
---- a/drivers/char/random.c
-+++ b/drivers/char/random.c
-@@ -130,6 +130,9 @@
- * void add_interrupt_randomness(int irq);
- * void add_disk_randomness(struct gendisk *disk);
- *
-+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
-+ * int random_input_wait(void);
-+ *
- * add_input_randomness() uses the input layer interrupt timing, as well as
- * the event type information from the hardware.
- *
-@@ -147,6 +150,13 @@
- * seek times do not make for good sources of entropy, as their seek
- * times are usually fairly consistent.
- *
-+ * random_input_words() just provides a raw block of entropy to the input
-+ * pool, such as from a hardware entropy generator.
-+ *
-+ * random_input_wait() suspends the caller until such time as the
-+ * entropy pool falls below the write threshold, and returns a count of how
-+ * much entropy (in bits) is needed to sustain the pool.
-+ *
- * All of these routines try to estimate how many bits of randomness a
- * particular randomness source. They do this by keeping track of the
- * first and second order deltas of the event timings.
-@@ -722,6 +732,61 @@ void add_disk_randomness(struct gendisk
- }
- #endif
-
-+/*
-+ * random_input_words - add bulk entropy to pool
-+ *
-+ * @buf: buffer to add
-+ * @wordcount: number of __u32 words to add
-+ * @ent_count: total amount of entropy (in bits) to credit
-+ *
-+ * this provides bulk input of entropy to the input pool
-+ *
-+ */
-+void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
-+{
-+ mix_pool_bytes(&input_pool, buf, wordcount*4);
-+
-+ credit_entropy_bits(&input_pool, ent_count);
-+
-+ DEBUG_ENT("crediting %d bits => %d\n",
-+ ent_count, input_pool.entropy_count);
-+ /*
-+ * Wake up waiting processes if we have enough
-+ * entropy.
-+ */
-+ if (input_pool.entropy_count >= random_read_wakeup_thresh)
-+ wake_up_interruptible(&random_read_wait);
-+}
-+EXPORT_SYMBOL(random_input_words);
-+
-+/*
-+ * random_input_wait - wait until random needs entropy
-+ *
-+ * this function sleeps until the /dev/random subsystem actually
-+ * needs more entropy, and then return the amount of entropy
-+ * that it would be nice to have added to the system.
-+ */
-+int random_input_wait(void)
-+{
-+ int count;
-+
-+ wait_event_interruptible(random_write_wait,
-+ input_pool.entropy_count < random_write_wakeup_thresh);
-+
-+ count = random_write_wakeup_thresh - input_pool.entropy_count;
-+
-+ /* likely we got woken up due to a signal */
-+ if (count <= 0) count = random_read_wakeup_thresh;
-+
-+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
-+ count,
-+ input_pool.entropy_count, random_write_wakeup_thresh);
-+
-+ return count;
-+}
-+EXPORT_SYMBOL(random_input_wait);
-+
-+
- /*********************************************************************
- *
- * Entropy extraction routines
---- a/fs/fcntl.c
-+++ b/fs/fcntl.c
-@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
- }
- return ret;
- }
-+EXPORT_SYMBOL(sys_dup);
-
- #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
-
---- a/include/linux/miscdevice.h
-+++ b/include/linux/miscdevice.h
-@@ -18,6 +18,7 @@
- #define APOLLO_MOUSE_MINOR 7
- #define PC110PAD_MINOR 9
- /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
-+#define CRYPTODEV_MINOR 70 /* /dev/crypto */
- #define WATCHDOG_MINOR 130 /* Watchdog timer */
- #define TEMP_MINOR 131 /* Temperature Sensor */
- #define RTC_MINOR 135
---- a/include/linux/random.h
-+++ b/include/linux/random.h
-@@ -9,6 +9,7 @@
-
- #include <linux/types.h>
- #include <linux/ioctl.h>
-+#include <linux/types.h> /* for __u32 in user space */
- #include <linux/irqnr.h>
-
- /* ioctl()'s for the random number generator */
-@@ -34,6 +35,30 @@
- /* Clear the entropy pool and associated counters. (Superuser only.) */
- #define RNDCLEARPOOL _IO( 'R', 0x06 )
-
-+#ifdef CONFIG_FIPS_RNG
-+
-+/* Size of seed value - equal to AES blocksize */
-+#define AES_BLOCK_SIZE_BYTES 16
-+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES
-+/* Size of AES key */
-+#define KEY_SIZE_BYTES 16
-+
-+/* ioctl() structure used by FIPS 140-2 Tests */
-+struct rand_fips_test {
-+ unsigned char key[KEY_SIZE_BYTES]; /* Input */
-+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */
-+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */
-+ unsigned char result[SEED_SIZE_BYTES]; /* Output */
-+};
-+
-+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */
-+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test)
-+
-+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */
-+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test)
-+
-+#endif /* #ifdef CONFIG_FIPS_RNG */
-+
- struct rand_pool_info {
- int entropy_count;
- int buf_size;
-@@ -54,6 +79,10 @@ extern void add_input_randomness(unsigne
- unsigned int value);
- extern void add_interrupt_randomness(int irq);
-
-+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
-+extern int random_input_wait(void);
-+#define HAS_RANDOM_INPUT_WAIT 1
-+
- extern void get_random_bytes(void *buf, int nbytes);
- void generate_random_uuid(unsigned char uuid_out[16]);
-
---- a/kernel/pid.c
-+++ b/kernel/pid.c
-@@ -427,6 +427,7 @@ struct task_struct *find_task_by_vpid(pi
- {
- return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
- }
-+EXPORT_SYMBOL(find_task_by_vpid);
-
- struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
- {
--- /dev/null
+--- a/kernel/pid.c
++++ b/kernel/pid.c
+@@ -427,6 +427,7 @@ struct task_struct *find_task_by_vpid(pi
+ {
+ return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
+ }
++EXPORT_SYMBOL(find_task_by_vpid);
+
+ struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
+ {
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -130,6 +130,9 @@
+ * void add_interrupt_randomness(int irq);
+ * void add_disk_randomness(struct gendisk *disk);
+ *
++ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
++ * int random_input_wait(void);
++ *
+ * add_input_randomness() uses the input layer interrupt timing, as well as
+ * the event type information from the hardware.
+ *
+@@ -147,6 +150,13 @@
+ * seek times do not make for good sources of entropy, as their seek
+ * times are usually fairly consistent.
+ *
++ * random_input_words() just provides a raw block of entropy to the input
++ * pool, such as from a hardware entropy generator.
++ *
++ * random_input_wait() suspends the caller until such time as the
++ * entropy pool falls below the write threshold, and returns a count of how
++ * much entropy (in bits) is needed to sustain the pool.
++ *
+ * All of these routines try to estimate how many bits of randomness a
+ * particular randomness source. They do this by keeping track of the
+ * first and second order deltas of the event timings.
+@@ -722,6 +732,63 @@ void add_disk_randomness(struct gendisk
+ }
+ #endif
+
++/*
++ * random_input_words - add bulk entropy to pool
++ *
++ * @buf: buffer to add
++ * @wordcount: number of __u32 words to add
++ * @ent_count: total amount of entropy (in bits) to credit
++ *
++ * this provides bulk input of entropy to the input pool
++ *
++ */
++void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
++{
++ mix_pool_bytes(&input_pool, buf, wordcount*4);
++
++ credit_entropy_bits(&input_pool, ent_count);
++
++ DEBUG_ENT("crediting %d bits => %d\n",
++ ent_count, input_pool.entropy_count);
++ /*
++ * Wake up waiting processes if we have enough
++ * entropy.
++ */
++ if (input_pool.entropy_count >= random_read_wakeup_thresh)
++ wake_up_interruptible(&random_read_wait);
++}
++EXPORT_SYMBOL(random_input_words);
++
++/*
++ * random_input_wait - wait until random needs entropy
++ *
++ * this function sleeps until the /dev/random subsystem actually
++ * needs more entropy, and then return the amount of entropy
++ * that it would be nice to have added to the system.
++ */
++int random_input_wait(void)
++{
++ int count;
++
++ wait_event_interruptible(random_write_wait,
++ input_pool.entropy_count < random_write_wakeup_thresh);
++
++ count = random_write_wakeup_thresh - input_pool.entropy_count;
++
++ /* likely we got woken up due to a signal */
++ if (count <= 0) count = random_read_wakeup_thresh;
++
++ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
++ count,
++ input_pool.entropy_count, random_write_wakeup_thresh);
++
++ return count;
++}
++EXPORT_SYMBOL(random_input_wait);
++
++
++#define EXTRACT_SIZE 10
++
+ /*********************************************************************
+ *
+ * Entropy extraction routines
+--- a/fs/fcntl.c
++++ b/fs/fcntl.c
+@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
+ }
+ return ret;
+ }
++EXPORT_SYMBOL(sys_dup);
+
+ #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
+
+--- a/include/linux/miscdevice.h
++++ b/include/linux/miscdevice.h
+@@ -18,6 +18,7 @@
+ #define APOLLO_MOUSE_MINOR 7
+ #define PC110PAD_MINOR 9
+ /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
++#define CRYPTODEV_MINOR 70 /* /dev/crypto */
+ #define WATCHDOG_MINOR 130 /* Watchdog timer */
+ #define TEMP_MINOR 131 /* Temperature Sensor */
+ #define RTC_MINOR 135
+--- a/include/linux/random.h
++++ b/include/linux/random.h
+@@ -54,6 +54,10 @@ extern void add_input_randomness(unsigne
+ unsigned int value);
+ extern void add_interrupt_randomness(int irq);
+
++extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
++extern int random_input_wait(void);
++#define HAS_RANDOM_INPUT_WAIT 1
++
+ extern void get_random_bytes(void *buf, int nbytes);
+ void generate_random_uuid(unsigned char uuid_out[16]);
+
+++ /dev/null
---- a/drivers/char/random.c
-+++ b/drivers/char/random.c
-@@ -130,6 +130,9 @@
- * void add_interrupt_randomness(int irq);
- * void add_disk_randomness(struct gendisk *disk);
- *
-+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
-+ * int random_input_wait(void);
-+ *
- * add_input_randomness() uses the input layer interrupt timing, as well as
- * the event type information from the hardware.
- *
-@@ -147,6 +150,13 @@
- * seek times do not make for good sources of entropy, as their seek
- * times are usually fairly consistent.
- *
-+ * random_input_words() just provides a raw block of entropy to the input
-+ * pool, such as from a hardware entropy generator.
-+ *
-+ * random_input_wait() suspends the caller until such time as the
-+ * entropy pool falls below the write threshold, and returns a count of how
-+ * much entropy (in bits) is needed to sustain the pool.
-+ *
- * All of these routines try to estimate how many bits of randomness a
- * particular randomness source. They do this by keeping track of the
- * first and second order deltas of the event timings.
-@@ -722,6 +732,61 @@ void add_disk_randomness(struct gendisk
- }
- #endif
-
-+/*
-+ * random_input_words - add bulk entropy to pool
-+ *
-+ * @buf: buffer to add
-+ * @wordcount: number of __u32 words to add
-+ * @ent_count: total amount of entropy (in bits) to credit
-+ *
-+ * this provides bulk input of entropy to the input pool
-+ *
-+ */
-+void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
-+{
-+ mix_pool_bytes(&input_pool, buf, wordcount*4);
-+
-+ credit_entropy_bits(&input_pool, ent_count);
-+
-+ DEBUG_ENT("crediting %d bits => %d\n",
-+ ent_count, input_pool.entropy_count);
-+ /*
-+ * Wake up waiting processes if we have enough
-+ * entropy.
-+ */
-+ if (input_pool.entropy_count >= random_read_wakeup_thresh)
-+ wake_up_interruptible(&random_read_wait);
-+}
-+EXPORT_SYMBOL(random_input_words);
-+
-+/*
-+ * random_input_wait - wait until random needs entropy
-+ *
-+ * this function sleeps until the /dev/random subsystem actually
-+ * needs more entropy, and then return the amount of entropy
-+ * that it would be nice to have added to the system.
-+ */
-+int random_input_wait(void)
-+{
-+ int count;
-+
-+ wait_event_interruptible(random_write_wait,
-+ input_pool.entropy_count < random_write_wakeup_thresh);
-+
-+ count = random_write_wakeup_thresh - input_pool.entropy_count;
-+
-+ /* likely we got woken up due to a signal */
-+ if (count <= 0) count = random_read_wakeup_thresh;
-+
-+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
-+ count,
-+ input_pool.entropy_count, random_write_wakeup_thresh);
-+
-+ return count;
-+}
-+EXPORT_SYMBOL(random_input_wait);
-+
-+
- /*********************************************************************
- *
- * Entropy extraction routines
---- a/fs/fcntl.c
-+++ b/fs/fcntl.c
-@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
- }
- return ret;
- }
-+EXPORT_SYMBOL(sys_dup);
-
- #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
-
---- a/include/linux/miscdevice.h
-+++ b/include/linux/miscdevice.h
-@@ -18,6 +18,7 @@
- #define APOLLO_MOUSE_MINOR 7
- #define PC110PAD_MINOR 9
- /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
-+#define CRYPTODEV_MINOR 70 /* /dev/crypto */
- #define WATCHDOG_MINOR 130 /* Watchdog timer */
- #define TEMP_MINOR 131 /* Temperature Sensor */
- #define RTC_MINOR 135
---- a/include/linux/random.h
-+++ b/include/linux/random.h
-@@ -9,6 +9,7 @@
-
- #include <linux/types.h>
- #include <linux/ioctl.h>
-+#include <linux/types.h> /* for __u32 in user space */
- #include <linux/irqnr.h>
-
- /* ioctl()'s for the random number generator */
-@@ -34,6 +35,30 @@
- /* Clear the entropy pool and associated counters. (Superuser only.) */
- #define RNDCLEARPOOL _IO( 'R', 0x06 )
-
-+#ifdef CONFIG_FIPS_RNG
-+
-+/* Size of seed value - equal to AES blocksize */
-+#define AES_BLOCK_SIZE_BYTES 16
-+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES
-+/* Size of AES key */
-+#define KEY_SIZE_BYTES 16
-+
-+/* ioctl() structure used by FIPS 140-2 Tests */
-+struct rand_fips_test {
-+ unsigned char key[KEY_SIZE_BYTES]; /* Input */
-+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */
-+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */
-+ unsigned char result[SEED_SIZE_BYTES]; /* Output */
-+};
-+
-+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */
-+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test)
-+
-+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */
-+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test)
-+
-+#endif /* #ifdef CONFIG_FIPS_RNG */
-+
- struct rand_pool_info {
- int entropy_count;
- int buf_size;
-@@ -54,6 +79,10 @@ extern void add_input_randomness(unsigne
- unsigned int value);
- extern void add_interrupt_randomness(int irq);
-
-+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
-+extern int random_input_wait(void);
-+#define HAS_RANDOM_INPUT_WAIT 1
-+
- extern void get_random_bytes(void *buf, int nbytes);
- void generate_random_uuid(unsigned char uuid_out[16]);
-
---- a/kernel/pid.c
-+++ b/kernel/pid.c
-@@ -427,6 +427,7 @@ struct task_struct *find_task_by_vpid(pi
- {
- return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
- }
-+EXPORT_SYMBOL(find_task_by_vpid);
-
- struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
- {
--- /dev/null
+--- a/kernel/pid.c
++++ b/kernel/pid.c
+@@ -427,6 +427,7 @@ struct task_struct *find_task_by_vpid(pi
+ {
+ return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
+ }
++EXPORT_SYMBOL(find_task_by_vpid);
+
+ struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
+ {
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -130,6 +130,9 @@
+ * void add_interrupt_randomness(int irq);
+ * void add_disk_randomness(struct gendisk *disk);
+ *
++ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
++ * int random_input_wait(void);
++ *
+ * add_input_randomness() uses the input layer interrupt timing, as well as
+ * the event type information from the hardware.
+ *
+@@ -147,6 +150,13 @@
+ * seek times do not make for good sources of entropy, as their seek
+ * times are usually fairly consistent.
+ *
++ * random_input_words() just provides a raw block of entropy to the input
++ * pool, such as from a hardware entropy generator.
++ *
++ * random_input_wait() suspends the caller until such time as the
++ * entropy pool falls below the write threshold, and returns a count of how
++ * much entropy (in bits) is needed to sustain the pool.
++ *
+ * All of these routines try to estimate how many bits of randomness a
+ * particular randomness source. They do this by keeping track of the
+ * first and second order deltas of the event timings.
+@@ -722,6 +732,63 @@ void add_disk_randomness(struct gendisk
+ }
+ #endif
+
++/*
++ * random_input_words - add bulk entropy to pool
++ *
++ * @buf: buffer to add
++ * @wordcount: number of __u32 words to add
++ * @ent_count: total amount of entropy (in bits) to credit
++ *
++ * this provides bulk input of entropy to the input pool
++ *
++ */
++void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
++{
++ mix_pool_bytes(&input_pool, buf, wordcount*4);
++
++ credit_entropy_bits(&input_pool, ent_count);
++
++ DEBUG_ENT("crediting %d bits => %d\n",
++ ent_count, input_pool.entropy_count);
++ /*
++ * Wake up waiting processes if we have enough
++ * entropy.
++ */
++ if (input_pool.entropy_count >= random_read_wakeup_thresh)
++ wake_up_interruptible(&random_read_wait);
++}
++EXPORT_SYMBOL(random_input_words);
++
++/*
++ * random_input_wait - wait until random needs entropy
++ *
++ * this function sleeps until the /dev/random subsystem actually
++ * needs more entropy, and then return the amount of entropy
++ * that it would be nice to have added to the system.
++ */
++int random_input_wait(void)
++{
++ int count;
++
++ wait_event_interruptible(random_write_wait,
++ input_pool.entropy_count < random_write_wakeup_thresh);
++
++ count = random_write_wakeup_thresh - input_pool.entropy_count;
++
++ /* likely we got woken up due to a signal */
++ if (count <= 0) count = random_read_wakeup_thresh;
++
++ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
++ count,
++ input_pool.entropy_count, random_write_wakeup_thresh);
++
++ return count;
++}
++EXPORT_SYMBOL(random_input_wait);
++
++
++#define EXTRACT_SIZE 10
++
+ /*********************************************************************
+ *
+ * Entropy extraction routines
+--- a/fs/fcntl.c
++++ b/fs/fcntl.c
+@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
+ }
+ return ret;
+ }
++EXPORT_SYMBOL(sys_dup);
+
+ #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
+
+--- a/include/linux/miscdevice.h
++++ b/include/linux/miscdevice.h
+@@ -18,6 +18,7 @@
+ #define APOLLO_MOUSE_MINOR 7
+ #define PC110PAD_MINOR 9
+ /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
++#define CRYPTODEV_MINOR 70 /* /dev/crypto */
+ #define WATCHDOG_MINOR 130 /* Watchdog timer */
+ #define TEMP_MINOR 131 /* Temperature Sensor */
+ #define RTC_MINOR 135
+--- a/include/linux/random.h
++++ b/include/linux/random.h
+@@ -54,6 +54,10 @@ extern void add_input_randomness(unsigne
+ unsigned int value);
+ extern void add_interrupt_randomness(int irq);
+
++extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
++extern int random_input_wait(void);
++#define HAS_RANDOM_INPUT_WAIT 1
++
+ extern void get_random_bytes(void *buf, int nbytes);
+ void generate_random_uuid(unsigned char uuid_out[16]);
+
projects / openwrt / staging / rmilecki.git / commitdiff