From: Hauke Mehrtens Date: Sun, 24 Jul 2011 14:17:58 +0000 (+0000) Subject: ocf-linux: version bump to 20110720 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=00dd85d8f61db55d6e08d224ed30f077075e9766;p=openwrt%2Fstaging%2Frmilecki.git ocf-linux: version bump to 20110720 Fixes problem with TFM allocation in cryptosoft.c Signed-off-by: Philip Prindeville Hauke: * remove ubsec_ssb package and take it from ocf-linux * use patches from ocf-linux package * refresh all patches * readd some build fixes for OpenWrt. * readd CRYPTO_MANAGER dependency SVN-Revision: 27753 --- diff --git a/package/kernel/modules/crypto.mk b/package/kernel/modules/crypto.mk index e869851b4ce..495fcc09e2e 100644 --- a/package/kernel/modules/crypto.mk +++ b/package/kernel/modules/crypto.mk @@ -455,3 +455,19 @@ define KernelPackage/crypto-mv-cesa endef $(eval $(call KernelPackage,crypto-mv-cesa)) + + +define KernelPackage/ocf-ubsec-ssb + TITLE:=BCM5365P IPSec Core driver + DEPENDS:=@TARGET_brcm47xx +kmod-crypto-ocf + KCONFIG:=CONFIG_OCF_UBSEC_SSB + FILES:=$(LINUX_DIR)/crypto/ocf/ubsec_ssb/ubsec_ssb.ko + AUTOLOAD:=$(call AutoLoad,10,ubsec_ssb) + $(call AddDepends/crypto) +endef + +define KernelPackage/ocf-ubsec-ssb/description + This package contains the OCF driver for the BCM5365p IPSec Core +endef + +$(eval $(call KernelPackage,ocf-ubsec-ssb)) diff --git a/package/ocf-crypto-headers/Makefile b/package/ocf-crypto-headers/Makefile index de3ecea22cc..fee2a3734f9 100644 --- a/package/ocf-crypto-headers/Makefile +++ b/package/ocf-crypto-headers/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ocf-crypto-headers -PKG_VERSION:=20080917 +PKG_VERSION:=20110720 PKG_RELEASE:=1 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME) diff --git a/package/ocf-crypto-headers/src/cryptodev.h b/package/ocf-crypto-headers/src/cryptodev.h index fa1a57b4f85..cca0ec822de 100644 --- a/package/ocf-crypto-headers/src/cryptodev.h +++ b/package/ocf-crypto-headers/src/cryptodev.h @@ -2,8 +2,8 @@ /* $OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $ */ /*- - * Linux port done by David McCullough - * Copyright (C) 2006-2007 David McCullough + * Linux port done by David McCullough + * Copyright (C) 2006-2010 David McCullough * Copyright (C) 2004-2005 Intel Corporation. * The license and original author are listed below. * @@ -156,7 +156,8 @@ #define CRYPTO_SHA2_384 23 #define CRYPTO_SHA2_512 24 #define CRYPTO_RIPEMD160 25 -#define CRYPTO_ALGORITHM_MAX 25 /* Keep updated - see below */ +#define CRYPTO_LZS_COMP 26 +#define CRYPTO_ALGORITHM_MAX 26 /* Keep updated - see above */ /* Algorithm flags */ #define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */ @@ -336,6 +337,7 @@ struct cryptodesc { #define crd_key CRD_INI.cri_key #define crd_alg CRD_INI.cri_alg #define crd_klen CRD_INI.cri_klen +#define crd_mlen CRD_INI.cri_mlen struct cryptodesc *crd_next; }; diff --git a/package/ubsec_ssb/Makefile b/package/ubsec_ssb/Makefile deleted file mode 100644 index bac2aabcbbf..00000000000 --- a/package/ubsec_ssb/Makefile +++ /dev/null @@ -1,48 +0,0 @@ -# -# Copyright (C) 2008 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk -include $(INCLUDE_DIR)/kernel.mk - -PKG_NAME:=ubsec-ssb -PKG_VERSION:=2009-02-21 -PKG_RELEASE:=1 - -CRYPTO_MENU:=OCF Configuration - -include $(INCLUDE_DIR)/package.mk - -define KernelPackage/ocf-ubsec-ssb - SUBMENU:=$(CRYPTO_MENU) - DEPENDS:=@TARGET_brcm47xx +kmod-crypto-core +kmod-crypto-ocf - TITLE:=BCM5365P IPSec Core driver - FILES:=$(PKG_BUILD_DIR)/src/ubsec_ssb.ko - AUTOLOAD:=$(call AutoLoad,09,ubsec_ssb) -endef - -define KernelPackage/ocf-ubsec-ssb/description - This package contains the OCF driver for the BCM5365p IPSec Core -endef - -define Build/Prepare - mkdir -p $(PKG_BUILD_DIR) - $(CP) -r ./src $(PKG_BUILD_DIR)/ -endef - -LINUX_PATCHLEVEL:=$(shell echo "$(LINUX_VERSION)" | cut -d. -f2) - -define Build/Compile - $(MAKE) -C $(LINUX_DIR) \ - ARCH="$(LINUX_KARCH)" \ - CROSS_COMPILE="$(TARGET_CROSS)" \ - PATCHLEVEL="$(LINUX_PATCHLEVEL)" \ - KERNDIR="$(LINUX_DIR)" \ - SUBDIRS="$(PKG_BUILD_DIR)/src" \ - modules -endef - -$(eval $(call KernelPackage,ocf-ubsec-ssb)) diff --git a/package/ubsec_ssb/src/Makefile b/package/ubsec_ssb/src/Makefile deleted file mode 100644 index 71155c964c9..00000000000 --- a/package/ubsec_ssb/src/Makefile +++ /dev/null @@ -1,19 +0,0 @@ -# -# Makefile for b5365ips driver -# -# Copyright (C) 2007 Daniel Mueller -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version -# 2 of the License, or (at your option) any later version. -# - -obj-m := ubsec_ssb.o - -obj ?= . - -ifeq ($(MAKING_MODULES),1) - --include $(TOPDIR)/Rules.make -endif diff --git a/package/ubsec_ssb/src/bsdqueue.h b/package/ubsec_ssb/src/bsdqueue.h deleted file mode 100644 index 601055267d6..00000000000 --- a/package/ubsec_ssb/src/bsdqueue.h +++ /dev/null @@ -1,527 +0,0 @@ -/* $OpenBSD: queue.h,v 1.32 2007/04/30 18:42:34 pedro Exp $ */ -/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */ - -/* - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)queue.h 8.5 (Berkeley) 8/20/94 - */ - -#ifndef _BSD_SYS_QUEUE_H_ -#define _BSD_SYS_QUEUE_H_ - -/* - * This file defines five types of data structures: singly-linked lists, - * lists, simple queues, tail queues, and circular queues. - * - * - * A singly-linked list is headed by a single forward pointer. The elements - * are singly linked for minimum space and pointer manipulation overhead at - * the expense of O(n) removal for arbitrary elements. New elements can be - * added to the list after an existing element or at the head of the list. - * Elements being removed from the head of the list should use the explicit - * macro for this purpose for optimum efficiency. A singly-linked list may - * only be traversed in the forward direction. Singly-linked lists are ideal - * for applications with large datasets and few or no removals or for - * implementing a LIFO queue. - * - * A list is headed by a single forward pointer (or an array of forward - * pointers for a hash table header). The elements are doubly linked - * so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list before - * or after an existing element or at the head of the list. A list - * may only be traversed in the forward direction. - * - * A simple queue is headed by a pair of pointers, one the head of the - * list and the other to the tail of the list. The elements are singly - * linked to save space, so elements can only be removed from the - * head of the list. New elements can be added to the list before or after - * an existing element, at the head of the list, or at the end of the - * list. A simple queue may only be traversed in the forward direction. - * - * A tail queue is headed by a pair of pointers, one to the head of the - * list and the other to the tail of the list. The elements are doubly - * linked so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list before or - * after an existing element, at the head of the list, or at the end of - * the list. A tail queue may be traversed in either direction. - * - * A circle queue is headed by a pair of pointers, one to the head of the - * list and the other to the tail of the list. The elements are doubly - * linked so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list before or after - * an existing element, at the head of the list, or at the end of the list. - * A circle queue may be traversed in either direction, but has a more - * complex end of list detection. - * - * For details on the use of these macros, see the queue(3) manual page. - */ - -#if defined(QUEUE_MACRO_DEBUG) || (defined(_KERNEL) && defined(DIAGNOSTIC)) -#define _Q_INVALIDATE(a) (a) = ((void *)-1) -#else -#define _Q_INVALIDATE(a) -#endif - -/* - * Singly-linked List definitions. - */ -#define BSD_SLIST_HEAD(name, type) \ -struct name { \ - struct type *slh_first; /* first element */ \ -} - -#define BSD_SLIST_HEAD_INITIALIZER(head) \ - { NULL } - -#define BSD_SLIST_ENTRY(type) \ -struct { \ - struct type *sle_next; /* next element */ \ -} - -/* - * Singly-linked List access methods. - */ -#define BSD_SLIST_FIRST(head) ((head)->slh_first) -#define BSD_SLIST_END(head) NULL -#define BSD_SLIST_EMPTY(head) (BSD_SLIST_FIRST(head) == BSD_SLIST_END(head)) -#define BSD_SLIST_NEXT(elm, field) ((elm)->field.sle_next) - -#define BSD_SLIST_FOREACH(var, head, field) \ - for((var) = BSD_SLIST_FIRST(head); \ - (var) != BSD_SLIST_END(head); \ - (var) = BSD_SLIST_NEXT(var, field)) - -#define BSD_SLIST_FOREACH_PREVPTR(var, varp, head, field) \ - for ((varp) = &BSD_SLIST_FIRST((head)); \ - ((var) = *(varp)) != BSD_SLIST_END(head); \ - (varp) = &BSD_SLIST_NEXT((var), field)) - -/* - * Singly-linked List functions. - */ -#define BSD_SLIST_INIT(head) { \ - BSD_SLIST_FIRST(head) = BSD_SLIST_END(head); \ -} - -#define BSD_SLIST_INSERT_AFTER(slistelm, elm, field) do { \ - (elm)->field.sle_next = (slistelm)->field.sle_next; \ - (slistelm)->field.sle_next = (elm); \ -} while (0) - -#define BSD_SLIST_INSERT_HEAD(head, elm, field) do { \ - (elm)->field.sle_next = (head)->slh_first; \ - (head)->slh_first = (elm); \ -} while (0) - -#define BSD_SLIST_REMOVE_NEXT(head, elm, field) do { \ - (elm)->field.sle_next = (elm)->field.sle_next->field.sle_next; \ -} while (0) - -#define BSD_SLIST_REMOVE_HEAD(head, field) do { \ - (head)->slh_first = (head)->slh_first->field.sle_next; \ -} while (0) - -#define BSD_SLIST_REMOVE(head, elm, type, field) do { \ - if ((head)->slh_first == (elm)) { \ - BSD_SLIST_REMOVE_HEAD((head), field); \ - } else { \ - struct type *curelm = (head)->slh_first; \ - \ - while (curelm->field.sle_next != (elm)) \ - curelm = curelm->field.sle_next; \ - curelm->field.sle_next = \ - curelm->field.sle_next->field.sle_next; \ - _Q_INVALIDATE((elm)->field.sle_next); \ - } \ -} while (0) - -/* - * List definitions. - */ -#define BSD_LIST_HEAD(name, type) \ -struct name { \ - struct type *lh_first; /* first element */ \ -} - -#define BSD_LIST_HEAD_INITIALIZER(head) \ - { NULL } - -#define BSD_LIST_ENTRY(type) \ -struct { \ - struct type *le_next; /* next element */ \ - struct type **le_prev; /* address of previous next element */ \ -} - -/* - * List access methods - */ -#define BSD_LIST_FIRST(head) ((head)->lh_first) -#define BSD_LIST_END(head) NULL -#define BSD_LIST_EMPTY(head) (BSD_LIST_FIRST(head) == BSD_LIST_END(head)) -#define BSD_LIST_NEXT(elm, field) ((elm)->field.le_next) - -#define BSD_LIST_FOREACH(var, head, field) \ - for((var) = BSD_LIST_FIRST(head); \ - (var)!= BSD_LIST_END(head); \ - (var) = BSD_LIST_NEXT(var, field)) - -/* - * List functions. - */ -#define BSD_LIST_INIT(head) do { \ - BSD_LIST_FIRST(head) = BSD_LIST_END(head); \ -} while (0) - -#define BSD_LIST_INSERT_AFTER(listelm, elm, field) do { \ - if (((elm)->field.le_next = (listelm)->field.le_next) != NULL) \ - (listelm)->field.le_next->field.le_prev = \ - &(elm)->field.le_next; \ - (listelm)->field.le_next = (elm); \ - (elm)->field.le_prev = &(listelm)->field.le_next; \ -} while (0) - -#define BSD_LIST_INSERT_BEFORE(listelm, elm, field) do { \ - (elm)->field.le_prev = (listelm)->field.le_prev; \ - (elm)->field.le_next = (listelm); \ - *(listelm)->field.le_prev = (elm); \ - (listelm)->field.le_prev = &(elm)->field.le_next; \ -} while (0) - -#define BSD_LIST_INSERT_HEAD(head, elm, field) do { \ - if (((elm)->field.le_next = (head)->lh_first) != NULL) \ - (head)->lh_first->field.le_prev = &(elm)->field.le_next;\ - (head)->lh_first = (elm); \ - (elm)->field.le_prev = &(head)->lh_first; \ -} while (0) - -#define BSD_LIST_REMOVE(elm, field) do { \ - if ((elm)->field.le_next != NULL) \ - (elm)->field.le_next->field.le_prev = \ - (elm)->field.le_prev; \ - *(elm)->field.le_prev = (elm)->field.le_next; \ - _Q_INVALIDATE((elm)->field.le_prev); \ - _Q_INVALIDATE((elm)->field.le_next); \ -} while (0) - -#define BSD_LIST_REPLACE(elm, elm2, field) do { \ - if (((elm2)->field.le_next = (elm)->field.le_next) != NULL) \ - (elm2)->field.le_next->field.le_prev = \ - &(elm2)->field.le_next; \ - (elm2)->field.le_prev = (elm)->field.le_prev; \ - *(elm2)->field.le_prev = (elm2); \ - _Q_INVALIDATE((elm)->field.le_prev); \ - _Q_INVALIDATE((elm)->field.le_next); \ -} while (0) - -/* - * Simple queue definitions. - */ -#define BSD_SIMPLEQ_HEAD(name, type) \ -struct name { \ - struct type *sqh_first; /* first element */ \ - struct type **sqh_last; /* addr of last next element */ \ -} - -#define BSD_SIMPLEQ_HEAD_INITIALIZER(head) \ - { NULL, &(head).sqh_first } - -#define BSD_SIMPLEQ_ENTRY(type) \ -struct { \ - struct type *sqe_next; /* next element */ \ -} - -/* - * Simple queue access methods. - */ -#define BSD_SIMPLEQ_FIRST(head) ((head)->sqh_first) -#define BSD_SIMPLEQ_END(head) NULL -#define BSD_SIMPLEQ_EMPTY(head) (BSD_SIMPLEQ_FIRST(head) == BSD_SIMPLEQ_END(head)) -#define BSD_SIMPLEQ_NEXT(elm, field) ((elm)->field.sqe_next) - -#define BSD_SIMPLEQ_FOREACH(var, head, field) \ - for((var) = BSD_SIMPLEQ_FIRST(head); \ - (var) != BSD_SIMPLEQ_END(head); \ - (var) = BSD_SIMPLEQ_NEXT(var, field)) - -/* - * Simple queue functions. - */ -#define BSD_SIMPLEQ_INIT(head) do { \ - (head)->sqh_first = NULL; \ - (head)->sqh_last = &(head)->sqh_first; \ -} while (0) - -#define BSD_SIMPLEQ_INSERT_HEAD(head, elm, field) do { \ - if (((elm)->field.sqe_next = (head)->sqh_first) == NULL) \ - (head)->sqh_last = &(elm)->field.sqe_next; \ - (head)->sqh_first = (elm); \ -} while (0) - -#define BSD_SIMPLEQ_INSERT_TAIL(head, elm, field) do { \ - (elm)->field.sqe_next = NULL; \ - *(head)->sqh_last = (elm); \ - (head)->sqh_last = &(elm)->field.sqe_next; \ -} while (0) - -#define BSD_SIMPLEQ_INSERT_AFTER(head, listelm, elm, field) do { \ - if (((elm)->field.sqe_next = (listelm)->field.sqe_next) == NULL)\ - (head)->sqh_last = &(elm)->field.sqe_next; \ - (listelm)->field.sqe_next = (elm); \ -} while (0) - -#define BSD_SIMPLEQ_REMOVE_HEAD(head, field) do { \ - if (((head)->sqh_first = (head)->sqh_first->field.sqe_next) == NULL) \ - (head)->sqh_last = &(head)->sqh_first; \ -} while (0) - -/* - * Tail queue definitions. - */ -#define BSD_TAILQ_HEAD(name, type) \ -struct name { \ - struct type *tqh_first; /* first element */ \ - struct type **tqh_last; /* addr of last next element */ \ -} - -#define BSD_TAILQ_HEAD_INITIALIZER(head) \ - { NULL, &(head).tqh_first } - -#define BSD_TAILQ_ENTRY(type) \ -struct { \ - struct type *tqe_next; /* next element */ \ - struct type **tqe_prev; /* address of previous next element */ \ -} - -/* - * tail queue access methods - */ -#define BSD_TAILQ_FIRST(head) ((head)->tqh_first) -#define BSD_TAILQ_END(head) NULL -#define BSD_TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) -#define BSD_TAILQ_LAST(head, headname) \ - (*(((struct headname *)((head)->tqh_last))->tqh_last)) -/* XXX */ -#define BSD_TAILQ_PREV(elm, headname, field) \ - (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) -#define BSD_TAILQ_EMPTY(head) \ - (BSD_TAILQ_FIRST(head) == BSD_TAILQ_END(head)) - -#define BSD_TAILQ_FOREACH(var, head, field) \ - for((var) = BSD_TAILQ_FIRST(head); \ - (var) != BSD_TAILQ_END(head); \ - (var) = BSD_TAILQ_NEXT(var, field)) - -#define BSD_TAILQ_FOREACH_REVERSE(var, head, headname, field) \ - for((var) = BSD_TAILQ_LAST(head, headname); \ - (var) != BSD_TAILQ_END(head); \ - (var) = BSD_TAILQ_PREV(var, headname, field)) - -/* - * Tail queue functions. - */ -#define BSD_TAILQ_INIT(head) do { \ - (head)->tqh_first = NULL; \ - (head)->tqh_last = &(head)->tqh_first; \ -} while (0) - -#define BSD_TAILQ_INSERT_HEAD(head, elm, field) do { \ - if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \ - (head)->tqh_first->field.tqe_prev = \ - &(elm)->field.tqe_next; \ - else \ - (head)->tqh_last = &(elm)->field.tqe_next; \ - (head)->tqh_first = (elm); \ - (elm)->field.tqe_prev = &(head)->tqh_first; \ -} while (0) - -#define BSD_TAILQ_INSERT_TAIL(head, elm, field) do { \ - (elm)->field.tqe_next = NULL; \ - (elm)->field.tqe_prev = (head)->tqh_last; \ - *(head)->tqh_last = (elm); \ - (head)->tqh_last = &(elm)->field.tqe_next; \ -} while (0) - -#define BSD_TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ - if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\ - (elm)->field.tqe_next->field.tqe_prev = \ - &(elm)->field.tqe_next; \ - else \ - (head)->tqh_last = &(elm)->field.tqe_next; \ - (listelm)->field.tqe_next = (elm); \ - (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \ -} while (0) - -#define BSD_TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ - (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ - (elm)->field.tqe_next = (listelm); \ - *(listelm)->field.tqe_prev = (elm); \ - (listelm)->field.tqe_prev = &(elm)->field.tqe_next; \ -} while (0) - -#define BSD_TAILQ_REMOVE(head, elm, field) do { \ - if (((elm)->field.tqe_next) != NULL) \ - (elm)->field.tqe_next->field.tqe_prev = \ - (elm)->field.tqe_prev; \ - else \ - (head)->tqh_last = (elm)->field.tqe_prev; \ - *(elm)->field.tqe_prev = (elm)->field.tqe_next; \ - _Q_INVALIDATE((elm)->field.tqe_prev); \ - _Q_INVALIDATE((elm)->field.tqe_next); \ -} while (0) - -#define BSD_TAILQ_REPLACE(head, elm, elm2, field) do { \ - if (((elm2)->field.tqe_next = (elm)->field.tqe_next) != NULL) \ - (elm2)->field.tqe_next->field.tqe_prev = \ - &(elm2)->field.tqe_next; \ - else \ - (head)->tqh_last = &(elm2)->field.tqe_next; \ - (elm2)->field.tqe_prev = (elm)->field.tqe_prev; \ - *(elm2)->field.tqe_prev = (elm2); \ - _Q_INVALIDATE((elm)->field.tqe_prev); \ - _Q_INVALIDATE((elm)->field.tqe_next); \ -} while (0) - -/* - * Circular queue definitions. - */ -#define BSD_CIRCLEQ_HEAD(name, type) \ -struct name { \ - struct type *cqh_first; /* first element */ \ - struct type *cqh_last; /* last element */ \ -} - -#define BSD_CIRCLEQ_HEAD_INITIALIZER(head) \ - { BSD_CIRCLEQ_END(&head), BSD_CIRCLEQ_END(&head) } - -#define BSD_CIRCLEQ_ENTRY(type) \ -struct { \ - struct type *cqe_next; /* next element */ \ - struct type *cqe_prev; /* previous element */ \ -} - -/* - * Circular queue access methods - */ -#define BSD_CIRCLEQ_FIRST(head) ((head)->cqh_first) -#define BSD_CIRCLEQ_LAST(head) ((head)->cqh_last) -#define BSD_CIRCLEQ_END(head) ((void *)(head)) -#define BSD_CIRCLEQ_NEXT(elm, field) ((elm)->field.cqe_next) -#define BSD_CIRCLEQ_PREV(elm, field) ((elm)->field.cqe_prev) -#define BSD_CIRCLEQ_EMPTY(head) \ - (BSD_CIRCLEQ_FIRST(head) == BSD_CIRCLEQ_END(head)) - -#define BSD_CIRCLEQ_FOREACH(var, head, field) \ - for((var) = BSD_CIRCLEQ_FIRST(head); \ - (var) != BSD_CIRCLEQ_END(head); \ - (var) = BSD_CIRCLEQ_NEXT(var, field)) - -#define BSD_CIRCLEQ_FOREACH_REVERSE(var, head, field) \ - for((var) = BSD_CIRCLEQ_LAST(head); \ - (var) != BSD_CIRCLEQ_END(head); \ - (var) = BSD_CIRCLEQ_PREV(var, field)) - -/* - * Circular queue functions. - */ -#define BSD_CIRCLEQ_INIT(head) do { \ - (head)->cqh_first = BSD_CIRCLEQ_END(head); \ - (head)->cqh_last = BSD_CIRCLEQ_END(head); \ -} while (0) - -#define BSD_CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do { \ - (elm)->field.cqe_next = (listelm)->field.cqe_next; \ - (elm)->field.cqe_prev = (listelm); \ - if ((listelm)->field.cqe_next == BSD_CIRCLEQ_END(head)) \ - (head)->cqh_last = (elm); \ - else \ - (listelm)->field.cqe_next->field.cqe_prev = (elm); \ - (listelm)->field.cqe_next = (elm); \ -} while (0) - -#define BSD_CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) do { \ - (elm)->field.cqe_next = (listelm); \ - (elm)->field.cqe_prev = (listelm)->field.cqe_prev; \ - if ((listelm)->field.cqe_prev == BSD_CIRCLEQ_END(head)) \ - (head)->cqh_first = (elm); \ - else \ - (listelm)->field.cqe_prev->field.cqe_next = (elm); \ - (listelm)->field.cqe_prev = (elm); \ -} while (0) - -#define BSD_CIRCLEQ_INSERT_HEAD(head, elm, field) do { \ - (elm)->field.cqe_next = (head)->cqh_first; \ - (elm)->field.cqe_prev = BSD_CIRCLEQ_END(head); \ - if ((head)->cqh_last == BSD_CIRCLEQ_END(head)) \ - (head)->cqh_last = (elm); \ - else \ - (head)->cqh_first->field.cqe_prev = (elm); \ - (head)->cqh_first = (elm); \ -} while (0) - -#define BSD_CIRCLEQ_INSERT_TAIL(head, elm, field) do { \ - (elm)->field.cqe_next = BSD_CIRCLEQ_END(head); \ - (elm)->field.cqe_prev = (head)->cqh_last; \ - if ((head)->cqh_first == BSD_CIRCLEQ_END(head)) \ - (head)->cqh_first = (elm); \ - else \ - (head)->cqh_last->field.cqe_next = (elm); \ - (head)->cqh_last = (elm); \ -} while (0) - -#define BSD_CIRCLEQ_REMOVE(head, elm, field) do { \ - if ((elm)->field.cqe_next == BSD_CIRCLEQ_END(head)) \ - (head)->cqh_last = (elm)->field.cqe_prev; \ - else \ - (elm)->field.cqe_next->field.cqe_prev = \ - (elm)->field.cqe_prev; \ - if ((elm)->field.cqe_prev == BSD_CIRCLEQ_END(head)) \ - (head)->cqh_first = (elm)->field.cqe_next; \ - else \ - (elm)->field.cqe_prev->field.cqe_next = \ - (elm)->field.cqe_next; \ - _Q_INVALIDATE((elm)->field.cqe_prev); \ - _Q_INVALIDATE((elm)->field.cqe_next); \ -} while (0) - -#define BSD_CIRCLEQ_REPLACE(head, elm, elm2, field) do { \ - if (((elm2)->field.cqe_next = (elm)->field.cqe_next) == \ - BSD_CIRCLEQ_END(head)) \ - (head).cqh_last = (elm2); \ - else \ - (elm2)->field.cqe_next->field.cqe_prev = (elm2); \ - if (((elm2)->field.cqe_prev = (elm)->field.cqe_prev) == \ - BSD_CIRCLEQ_END(head)) \ - (head).cqh_first = (elm2); \ - else \ - (elm2)->field.cqe_prev->field.cqe_next = (elm2); \ - _Q_INVALIDATE((elm)->field.cqe_prev); \ - _Q_INVALIDATE((elm)->field.cqe_next); \ -} while (0) - -#endif /* !_BSD_SYS_QUEUE_H_ */ diff --git a/package/ubsec_ssb/src/cryptodev.h b/package/ubsec_ssb/src/cryptodev.h deleted file mode 100644 index 4ab5d7eb794..00000000000 --- a/package/ubsec_ssb/src/cryptodev.h +++ /dev/null @@ -1,478 +0,0 @@ -/* $FreeBSD: src/sys/opencrypto/cryptodev.h,v 1.25 2007/05/09 19:37:02 gnn Exp $ */ -/* $OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $ */ - -/*- - * Linux port done by David McCullough - * Copyright (C) 2006-2007 David McCullough - * Copyright (C) 2004-2005 Intel Corporation. - * The license and original author are listed below. - * - * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) - * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting - * - * This code was written by Angelos D. Keromytis in Athens, Greece, in - * February 2000. Network Security Technologies Inc. (NSTI) kindly - * supported the development of this code. - * - * Copyright (c) 2000 Angelos D. Keromytis - * - * Permission to use, copy, and modify this software with or without fee - * is hereby granted, provided that this entire notice is included in - * all source code copies of any software which is or includes a copy or - * modification of this software. - * - * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY - * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE - * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR - * PURPOSE. - * - * Copyright (c) 2001 Theo de Raadt - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * Effort sponsored in part by the Defense Advanced Research Projects - * Agency (DARPA) and Air Force Research Laboratory, Air Force - * Materiel Command, USAF, under agreement number F30602-01-2-0537. - * - */ - -#ifndef _CRYPTO_CRYPTO_H_ -#define _CRYPTO_CRYPTO_H_ - -/* Some initial values */ -#define CRYPTO_DRIVERS_INITIAL 4 -#define CRYPTO_SW_SESSIONS 32 - -/* Hash values */ -#define NULL_HASH_LEN 0 -#define MD5_HASH_LEN 16 -#define SHA1_HASH_LEN 20 -#define RIPEMD160_HASH_LEN 20 -#define SHA2_256_HASH_LEN 32 -#define SHA2_384_HASH_LEN 48 -#define SHA2_512_HASH_LEN 64 -#define MD5_KPDK_HASH_LEN 16 -#define SHA1_KPDK_HASH_LEN 20 -/* Maximum hash algorithm result length */ -#define HASH_MAX_LEN SHA2_512_HASH_LEN /* Keep this updated */ - -/* HMAC values */ -#define NULL_HMAC_BLOCK_LEN 1 -#define MD5_HMAC_BLOCK_LEN 64 -#define SHA1_HMAC_BLOCK_LEN 64 -#define RIPEMD160_HMAC_BLOCK_LEN 64 -#define SHA2_256_HMAC_BLOCK_LEN 64 -#define SHA2_384_HMAC_BLOCK_LEN 128 -#define SHA2_512_HMAC_BLOCK_LEN 128 -/* Maximum HMAC block length */ -#define HMAC_MAX_BLOCK_LEN SHA2_512_HMAC_BLOCK_LEN /* Keep this updated */ -#define HMAC_IPAD_VAL 0x36 -#define HMAC_OPAD_VAL 0x5C - -/* Encryption algorithm block sizes */ -#define NULL_BLOCK_LEN 1 -#define DES_BLOCK_LEN 8 -#define DES3_BLOCK_LEN 8 -#define BLOWFISH_BLOCK_LEN 8 -#define SKIPJACK_BLOCK_LEN 8 -#define CAST128_BLOCK_LEN 8 -#define RIJNDAEL128_BLOCK_LEN 16 -#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN -#define CAMELLIA_BLOCK_LEN 16 -#define ARC4_BLOCK_LEN 1 -#define EALG_MAX_BLOCK_LEN AES_BLOCK_LEN /* Keep this updated */ - -/* Encryption algorithm min and max key sizes */ -#define NULL_MIN_KEY_LEN 0 -#define NULL_MAX_KEY_LEN 0 -#define DES_MIN_KEY_LEN 8 -#define DES_MAX_KEY_LEN 8 -#define DES3_MIN_KEY_LEN 24 -#define DES3_MAX_KEY_LEN 24 -#define BLOWFISH_MIN_KEY_LEN 4 -#define BLOWFISH_MAX_KEY_LEN 56 -#define SKIPJACK_MIN_KEY_LEN 10 -#define SKIPJACK_MAX_KEY_LEN 10 -#define CAST128_MIN_KEY_LEN 5 -#define CAST128_MAX_KEY_LEN 16 -#define RIJNDAEL128_MIN_KEY_LEN 16 -#define RIJNDAEL128_MAX_KEY_LEN 32 -#define AES_MIN_KEY_LEN RIJNDAEL128_MIN_KEY_LEN -#define AES_MAX_KEY_LEN RIJNDAEL128_MAX_KEY_LEN -#define CAMELLIA_MIN_KEY_LEN 16 -#define CAMELLIA_MAX_KEY_LEN 32 -#define ARC4_MIN_KEY_LEN 1 -#define ARC4_MAX_KEY_LEN 256 - -/* Max size of data that can be processed */ -#define CRYPTO_MAX_DATA_LEN 64*1024 - 1 - -#define CRYPTO_ALGORITHM_MIN 1 -#define CRYPTO_DES_CBC 1 -#define CRYPTO_3DES_CBC 2 -#define CRYPTO_BLF_CBC 3 -#define CRYPTO_CAST_CBC 4 -#define CRYPTO_SKIPJACK_CBC 5 -#define CRYPTO_MD5_HMAC 6 -#define CRYPTO_SHA1_HMAC 7 -#define CRYPTO_RIPEMD160_HMAC 8 -#define CRYPTO_MD5_KPDK 9 -#define CRYPTO_SHA1_KPDK 10 -#define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */ -#define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */ -#define CRYPTO_ARC4 12 -#define CRYPTO_MD5 13 -#define CRYPTO_SHA1 14 -#define CRYPTO_NULL_HMAC 15 -#define CRYPTO_NULL_CBC 16 -#define CRYPTO_DEFLATE_COMP 17 /* Deflate compression algorithm */ -#define CRYPTO_SHA2_256_HMAC 18 -#define CRYPTO_SHA2_384_HMAC 19 -#define CRYPTO_SHA2_512_HMAC 20 -#define CRYPTO_CAMELLIA_CBC 21 -#define CRYPTO_SHA2_256 22 -#define CRYPTO_SHA2_384 23 -#define CRYPTO_SHA2_512 24 -#define CRYPTO_RIPEMD160 25 -#define CRYPTO_ALGORITHM_MAX 25 /* Keep updated - see below */ - -/* Algorithm flags */ -#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */ -#define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */ -#define CRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */ - -/* - * Crypto driver/device flags. They can set in the crid - * parameter when creating a session or submitting a key - * op to affect the device/driver assigned. If neither - * of these are specified then the crid is assumed to hold - * the driver id of an existing (and suitable) device that - * must be used to satisfy the request. - */ -#define CRYPTO_FLAG_HARDWARE 0x01000000 /* hardware accelerated */ -#define CRYPTO_FLAG_SOFTWARE 0x02000000 /* software implementation */ - -/* NB: deprecated */ -struct session_op { - u_int32_t cipher; /* ie. CRYPTO_DES_CBC */ - u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */ - - u_int32_t keylen; /* cipher key */ - caddr_t key; - int mackeylen; /* mac key */ - caddr_t mackey; - - u_int32_t ses; /* returns: session # */ -}; - -struct session2_op { - u_int32_t cipher; /* ie. CRYPTO_DES_CBC */ - u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */ - - u_int32_t keylen; /* cipher key */ - caddr_t key; - int mackeylen; /* mac key */ - caddr_t mackey; - - u_int32_t ses; /* returns: session # */ - int crid; /* driver id + flags (rw) */ - int pad[4]; /* for future expansion */ -}; - -struct crypt_op { - u_int32_t ses; - u_int16_t op; /* i.e. COP_ENCRYPT */ -#define COP_NONE 0 -#define COP_ENCRYPT 1 -#define COP_DECRYPT 2 - u_int16_t flags; -#define COP_F_BATCH 0x0008 /* Batch op if possible */ - u_int len; - caddr_t src, dst; /* become iov[] inside kernel */ - caddr_t mac; /* must be big enough for chosen MAC */ - caddr_t iv; -}; - -/* - * Parameters for looking up a crypto driver/device by - * device name or by id. The latter are returned for - * created sessions (crid) and completed key operations. - */ -struct crypt_find_op { - int crid; /* driver id + flags */ - char name[32]; /* device/driver name */ -}; - -/* bignum parameter, in packed bytes, ... */ -struct crparam { - caddr_t crp_p; - u_int crp_nbits; -}; - -#define CRK_MAXPARAM 8 - -struct crypt_kop { - u_int crk_op; /* ie. CRK_MOD_EXP or other */ - u_int crk_status; /* return status */ - u_short crk_iparams; /* # of input parameters */ - u_short crk_oparams; /* # of output parameters */ - u_int crk_crid; /* NB: only used by CIOCKEY2 (rw) */ - struct crparam crk_param[CRK_MAXPARAM]; -}; -#define CRK_ALGORITM_MIN 0 -#define CRK_MOD_EXP 0 -#define CRK_MOD_EXP_CRT 1 -#define CRK_DSA_SIGN 2 -#define CRK_DSA_VERIFY 3 -#define CRK_DH_COMPUTE_KEY 4 -#define CRK_ALGORITHM_MAX 4 /* Keep updated - see below */ - -#define CRF_MOD_EXP (1 << CRK_MOD_EXP) -#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) -#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) -#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) -#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) - -/* - * done against open of /dev/crypto, to get a cloned descriptor. - * Please use F_SETFD against the cloned descriptor. - */ -#define CRIOGET _IOWR('c', 100, u_int32_t) -#define CRIOASYMFEAT CIOCASYMFEAT -#define CRIOFINDDEV CIOCFINDDEV - -/* the following are done against the cloned descriptor */ -#define CIOCGSESSION _IOWR('c', 101, struct session_op) -#define CIOCFSESSION _IOW('c', 102, u_int32_t) -#define CIOCCRYPT _IOWR('c', 103, struct crypt_op) -#define CIOCKEY _IOWR('c', 104, struct crypt_kop) -#define CIOCASYMFEAT _IOR('c', 105, u_int32_t) -#define CIOCGSESSION2 _IOWR('c', 106, struct session2_op) -#define CIOCKEY2 _IOWR('c', 107, struct crypt_kop) -#define CIOCFINDDEV _IOWR('c', 108, struct crypt_find_op) - -struct cryptotstat { - struct timespec acc; /* total accumulated time */ - struct timespec min; /* min time */ - struct timespec max; /* max time */ - u_int32_t count; /* number of observations */ -}; - -struct cryptostats { - u_int32_t cs_ops; /* symmetric crypto ops submitted */ - u_int32_t cs_errs; /* symmetric crypto ops that failed */ - u_int32_t cs_kops; /* asymetric/key ops submitted */ - u_int32_t cs_kerrs; /* asymetric/key ops that failed */ - u_int32_t cs_intrs; /* crypto swi thread activations */ - u_int32_t cs_rets; /* crypto return thread activations */ - u_int32_t cs_blocks; /* symmetric op driver block */ - u_int32_t cs_kblocks; /* symmetric op driver block */ - /* - * When CRYPTO_TIMING is defined at compile time and the - * sysctl debug.crypto is set to 1, the crypto system will - * accumulate statistics about how long it takes to process - * crypto requests at various points during processing. - */ - struct cryptotstat cs_invoke; /* crypto_dipsatch -> crypto_invoke */ - struct cryptotstat cs_done; /* crypto_invoke -> crypto_done */ - struct cryptotstat cs_cb; /* crypto_done -> callback */ - struct cryptotstat cs_finis; /* callback -> callback return */ - - u_int32_t cs_drops; /* crypto ops dropped due to congestion */ -}; - -#ifdef __KERNEL__ - -/* Standard initialization structure beginning */ -struct cryptoini { - int cri_alg; /* Algorithm to use */ - int cri_klen; /* Key length, in bits */ - int cri_mlen; /* Number of bytes we want from the - entire hash. 0 means all. */ - caddr_t cri_key; /* key to use */ - u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */ - struct cryptoini *cri_next; -}; - -/* Describe boundaries of a single crypto operation */ -struct cryptodesc { - int crd_skip; /* How many bytes to ignore from start */ - int crd_len; /* How many bytes to process */ - int crd_inject; /* Where to inject results, if applicable */ - int crd_flags; - -#define CRD_F_ENCRYPT 0x01 /* Set when doing encryption */ -#define CRD_F_IV_PRESENT 0x02 /* When encrypting, IV is already in - place, so don't copy. */ -#define CRD_F_IV_EXPLICIT 0x04 /* IV explicitly provided */ -#define CRD_F_DSA_SHA_NEEDED 0x08 /* Compute SHA-1 of buffer for DSA */ -#define CRD_F_KEY_EXPLICIT 0x10 /* Key explicitly provided */ -#define CRD_F_COMP 0x0f /* Set when doing compression */ - - struct cryptoini CRD_INI; /* Initialization/context data */ -#define crd_iv CRD_INI.cri_iv -#define crd_key CRD_INI.cri_key -#define crd_alg CRD_INI.cri_alg -#define crd_klen CRD_INI.cri_klen - - struct cryptodesc *crd_next; -}; - -/* Structure describing complete operation */ -struct cryptop { - struct list_head crp_next; - wait_queue_head_t crp_waitq; - - u_int64_t crp_sid; /* Session ID */ - int crp_ilen; /* Input data total length */ - int crp_olen; /* Result total length */ - - int crp_etype; /* - * Error type (zero means no error). - * All error codes except EAGAIN - * indicate possible data corruption (as in, - * the data have been touched). On all - * errors, the crp_sid may have changed - * (reset to a new one), so the caller - * should always check and use the new - * value on future requests. - */ - int crp_flags; - -#define CRYPTO_F_SKBUF 0x0001 /* Input/output are skbuf chains */ -#define CRYPTO_F_IOV 0x0002 /* Input/output are uio */ -#define CRYPTO_F_REL 0x0004 /* Must return data in same place */ -#define CRYPTO_F_BATCH 0x0008 /* Batch op if possible */ -#define CRYPTO_F_CBIMM 0x0010 /* Do callback immediately */ -#define CRYPTO_F_DONE 0x0020 /* Operation completed */ -#define CRYPTO_F_CBIFSYNC 0x0040 /* Do CBIMM if op is synchronous */ - - caddr_t crp_buf; /* Data to be processed */ - caddr_t crp_opaque; /* Opaque pointer, passed along */ - struct cryptodesc *crp_desc; /* Linked list of processing descriptors */ - - int (*crp_callback)(struct cryptop *); /* Callback function */ -}; - -#define CRYPTO_BUF_CONTIG 0x0 -#define CRYPTO_BUF_IOV 0x1 -#define CRYPTO_BUF_SKBUF 0x2 - -#define CRYPTO_OP_DECRYPT 0x0 -#define CRYPTO_OP_ENCRYPT 0x1 - -/* - * Hints passed to process methods. - */ -#define CRYPTO_HINT_MORE 0x1 /* more ops coming shortly */ - -struct cryptkop { - struct list_head krp_next; - wait_queue_head_t krp_waitq; - - int krp_flags; -#define CRYPTO_KF_DONE 0x0001 /* Operation completed */ -#define CRYPTO_KF_CBIMM 0x0002 /* Do callback immediately */ - - u_int krp_op; /* ie. CRK_MOD_EXP or other */ - u_int krp_status; /* return status */ - u_short krp_iparams; /* # of input parameters */ - u_short krp_oparams; /* # of output parameters */ - u_int krp_crid; /* desired device, etc. */ - u_int32_t krp_hid; - struct crparam krp_param[CRK_MAXPARAM]; /* kvm */ - int (*krp_callback)(struct cryptkop *); -}; - -#include "ocf-compat.h" - -/* - * Session ids are 64 bits. The lower 32 bits contain a "local id" which - * is a driver-private session identifier. The upper 32 bits contain a - * "hardware id" used by the core crypto code to identify the driver and - * a copy of the driver's capabilities that can be used by client code to - * optimize operation. - */ -#define CRYPTO_SESID2HID(_sid) (((_sid) >> 32) & 0x00ffffff) -#define CRYPTO_SESID2CAPS(_sid) (((_sid) >> 32) & 0xff000000) -#define CRYPTO_SESID2LID(_sid) (((u_int32_t) (_sid)) & 0xffffffff) - -extern int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard); -extern int crypto_freesession(u_int64_t sid); -#define CRYPTOCAP_F_HARDWARE CRYPTO_FLAG_HARDWARE -#define CRYPTOCAP_F_SOFTWARE CRYPTO_FLAG_SOFTWARE -#define CRYPTOCAP_F_SYNC 0x04000000 /* operates synchronously */ -extern int32_t crypto_get_driverid(device_t dev, int flags); -extern int crypto_find_driver(const char *); -extern device_t crypto_find_device_byhid(int hid); -extern int crypto_getcaps(int hid); -extern int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen, - u_int32_t flags); -extern int crypto_kregister(u_int32_t, int, u_int32_t); -extern int crypto_unregister(u_int32_t driverid, int alg); -extern int crypto_unregister_all(u_int32_t driverid); -extern int crypto_dispatch(struct cryptop *crp); -extern int crypto_kdispatch(struct cryptkop *); -#define CRYPTO_SYMQ 0x1 -#define CRYPTO_ASYMQ 0x2 -extern int crypto_unblock(u_int32_t, int); -extern void crypto_done(struct cryptop *crp); -extern void crypto_kdone(struct cryptkop *); -extern int crypto_getfeat(int *); - -extern void crypto_freereq(struct cryptop *crp); -extern struct cryptop *crypto_getreq(int num); - -extern int crypto_usercrypto; /* userland may do crypto requests */ -extern int crypto_userasymcrypto; /* userland may do asym crypto reqs */ -extern int crypto_devallowsoft; /* only use hardware crypto */ - -/* - * random number support, crypto_unregister_all will unregister - */ -extern int crypto_rregister(u_int32_t driverid, - int (*read_random)(void *arg, u_int32_t *buf, int len), void *arg); -extern int crypto_runregister_all(u_int32_t driverid); - -/* - * Crypto-related utility routines used mainly by drivers. - * - * XXX these don't really belong here; but for now they're - * kept apart from the rest of the system. - */ -struct uio; -extern void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp); -extern void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp); -extern struct iovec *cuio_getptr(struct uio *uio, int loc, int *off); - -extern void crypto_copyback(int flags, caddr_t buf, int off, int size, - caddr_t in); -extern void crypto_copydata(int flags, caddr_t buf, int off, int size, - caddr_t out); -extern int crypto_apply(int flags, caddr_t buf, int off, int len, - int (*f)(void *, void *, u_int), void *arg); - -#endif /* __KERNEL__ */ -#endif /* _CRYPTO_CRYPTO_H_ */ diff --git a/package/ubsec_ssb/src/hmachack.h b/package/ubsec_ssb/src/hmachack.h deleted file mode 100644 index f567958aba5..00000000000 --- a/package/ubsec_ssb/src/hmachack.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * until we find a cleaner way, include the BSD md5/sha1 code - * here - */ -#define HMAC_HACK 1 -#ifdef HMAC_HACK -#define LITTLE_ENDIAN 1234 -#define BIG_ENDIAN 4321 -#ifdef __LITTLE_ENDIAN -#define BYTE_ORDER LITTLE_ENDIAN -#endif -#ifdef __BIG_ENDIAN -#define BYTE_ORDER BIG_ENDIAN -#endif - -u_int8_t hmac_ipad_buffer[64] = { - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 -}; - -u_int8_t hmac_opad_buffer[64] = { - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C -}; -#endif /* HMAC_HACK */ - diff --git a/package/ubsec_ssb/src/md5.c b/package/ubsec_ssb/src/md5.c deleted file mode 100644 index 077c42e7876..00000000000 --- a/package/ubsec_ssb/src/md5.c +++ /dev/null @@ -1,308 +0,0 @@ -/* $KAME: md5.c,v 1.5 2000/11/08 06:13:08 itojun Exp $ */ -/* - * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if 0 -#include -__FBSDID("$FreeBSD: src/sys/crypto/md5.c,v 1.9 2004/01/27 19:49:19 des Exp $"); - -#include -#include -#include -#include -#include -#endif - -#define SHIFT(X, s) (((X) << (s)) | ((X) >> (32 - (s)))) - -#define F(X, Y, Z) (((X) & (Y)) | ((~X) & (Z))) -#define G(X, Y, Z) (((X) & (Z)) | ((Y) & (~Z))) -#define H(X, Y, Z) ((X) ^ (Y) ^ (Z)) -#define I(X, Y, Z) ((Y) ^ ((X) | (~Z))) - -#define ROUND1(a, b, c, d, k, s, i) { \ - (a) = (a) + F((b), (c), (d)) + X[(k)] + T[(i)]; \ - (a) = SHIFT((a), (s)); \ - (a) = (b) + (a); \ -} - -#define ROUND2(a, b, c, d, k, s, i) { \ - (a) = (a) + G((b), (c), (d)) + X[(k)] + T[(i)]; \ - (a) = SHIFT((a), (s)); \ - (a) = (b) + (a); \ -} - -#define ROUND3(a, b, c, d, k, s, i) { \ - (a) = (a) + H((b), (c), (d)) + X[(k)] + T[(i)]; \ - (a) = SHIFT((a), (s)); \ - (a) = (b) + (a); \ -} - -#define ROUND4(a, b, c, d, k, s, i) { \ - (a) = (a) + I((b), (c), (d)) + X[(k)] + T[(i)]; \ - (a) = SHIFT((a), (s)); \ - (a) = (b) + (a); \ -} - -#define Sa 7 -#define Sb 12 -#define Sc 17 -#define Sd 22 - -#define Se 5 -#define Sf 9 -#define Sg 14 -#define Sh 20 - -#define Si 4 -#define Sj 11 -#define Sk 16 -#define Sl 23 - -#define Sm 6 -#define Sn 10 -#define So 15 -#define Sp 21 - -#define MD5_A0 0x67452301 -#define MD5_B0 0xefcdab89 -#define MD5_C0 0x98badcfe -#define MD5_D0 0x10325476 - -/* Integer part of 4294967296 times abs(sin(i)), where i is in radians. */ -static const u_int32_t T[65] = { - 0, - 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, - 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501, - 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be, - 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821, - - 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa, - 0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8, - 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed, - 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a, - - 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c, - 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70, - 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05, - 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665, - - 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039, - 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1, - 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1, - 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391, -}; - -static const u_int8_t md5_paddat[MD5_BUFLEN] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, -}; - -static void md5_calc(u_int8_t *, md5_ctxt *); - -void md5_init(ctxt) - md5_ctxt *ctxt; -{ - ctxt->md5_n = 0; - ctxt->md5_i = 0; - ctxt->md5_sta = MD5_A0; - ctxt->md5_stb = MD5_B0; - ctxt->md5_stc = MD5_C0; - ctxt->md5_std = MD5_D0; - bzero(ctxt->md5_buf, sizeof(ctxt->md5_buf)); -} - -void md5_loop(ctxt, input, len) - md5_ctxt *ctxt; - u_int8_t *input; - u_int len; /* number of bytes */ -{ - u_int gap, i; - - ctxt->md5_n += len * 8; /* byte to bit */ - gap = MD5_BUFLEN - ctxt->md5_i; - - if (len >= gap) { - bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i), - gap); - md5_calc(ctxt->md5_buf, ctxt); - - for (i = gap; i + MD5_BUFLEN <= len; i += MD5_BUFLEN) { - md5_calc((u_int8_t *)(input + i), ctxt); - } - - ctxt->md5_i = len - i; - bcopy((void *)(input + i), (void *)ctxt->md5_buf, ctxt->md5_i); - } else { - bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i), - len); - ctxt->md5_i += len; - } -} - -void md5_pad(ctxt) - md5_ctxt *ctxt; -{ - u_int gap; - - /* Don't count up padding. Keep md5_n. */ - gap = MD5_BUFLEN - ctxt->md5_i; - if (gap > 8) { - bcopy(md5_paddat, - (void *)(ctxt->md5_buf + ctxt->md5_i), - gap - sizeof(ctxt->md5_n)); - } else { - /* including gap == 8 */ - bcopy(md5_paddat, (void *)(ctxt->md5_buf + ctxt->md5_i), - gap); - md5_calc(ctxt->md5_buf, ctxt); - bcopy((md5_paddat + gap), - (void *)ctxt->md5_buf, - MD5_BUFLEN - sizeof(ctxt->md5_n)); - } - - /* 8 byte word */ -#if BYTE_ORDER == LITTLE_ENDIAN - bcopy(&ctxt->md5_n8[0], &ctxt->md5_buf[56], 8); -#endif -#if BYTE_ORDER == BIG_ENDIAN - ctxt->md5_buf[56] = ctxt->md5_n8[7]; - ctxt->md5_buf[57] = ctxt->md5_n8[6]; - ctxt->md5_buf[58] = ctxt->md5_n8[5]; - ctxt->md5_buf[59] = ctxt->md5_n8[4]; - ctxt->md5_buf[60] = ctxt->md5_n8[3]; - ctxt->md5_buf[61] = ctxt->md5_n8[2]; - ctxt->md5_buf[62] = ctxt->md5_n8[1]; - ctxt->md5_buf[63] = ctxt->md5_n8[0]; -#endif - - md5_calc(ctxt->md5_buf, ctxt); -} - -void md5_result(digest, ctxt) - u_int8_t *digest; - md5_ctxt *ctxt; -{ - /* 4 byte words */ -#if BYTE_ORDER == LITTLE_ENDIAN - bcopy(&ctxt->md5_st8[0], digest, 16); -#endif -#if BYTE_ORDER == BIG_ENDIAN - digest[ 0] = ctxt->md5_st8[ 3]; digest[ 1] = ctxt->md5_st8[ 2]; - digest[ 2] = ctxt->md5_st8[ 1]; digest[ 3] = ctxt->md5_st8[ 0]; - digest[ 4] = ctxt->md5_st8[ 7]; digest[ 5] = ctxt->md5_st8[ 6]; - digest[ 6] = ctxt->md5_st8[ 5]; digest[ 7] = ctxt->md5_st8[ 4]; - digest[ 8] = ctxt->md5_st8[11]; digest[ 9] = ctxt->md5_st8[10]; - digest[10] = ctxt->md5_st8[ 9]; digest[11] = ctxt->md5_st8[ 8]; - digest[12] = ctxt->md5_st8[15]; digest[13] = ctxt->md5_st8[14]; - digest[14] = ctxt->md5_st8[13]; digest[15] = ctxt->md5_st8[12]; -#endif -} - -static void md5_calc(b64, ctxt) - u_int8_t *b64; - md5_ctxt *ctxt; -{ - u_int32_t A = ctxt->md5_sta; - u_int32_t B = ctxt->md5_stb; - u_int32_t C = ctxt->md5_stc; - u_int32_t D = ctxt->md5_std; -#if BYTE_ORDER == LITTLE_ENDIAN - u_int32_t *X = (u_int32_t *)b64; -#endif -#if BYTE_ORDER == BIG_ENDIAN - /* 4 byte words */ - /* what a brute force but fast! */ - u_int32_t X[16]; - u_int8_t *y = (u_int8_t *)X; - y[ 0] = b64[ 3]; y[ 1] = b64[ 2]; y[ 2] = b64[ 1]; y[ 3] = b64[ 0]; - y[ 4] = b64[ 7]; y[ 5] = b64[ 6]; y[ 6] = b64[ 5]; y[ 7] = b64[ 4]; - y[ 8] = b64[11]; y[ 9] = b64[10]; y[10] = b64[ 9]; y[11] = b64[ 8]; - y[12] = b64[15]; y[13] = b64[14]; y[14] = b64[13]; y[15] = b64[12]; - y[16] = b64[19]; y[17] = b64[18]; y[18] = b64[17]; y[19] = b64[16]; - y[20] = b64[23]; y[21] = b64[22]; y[22] = b64[21]; y[23] = b64[20]; - y[24] = b64[27]; y[25] = b64[26]; y[26] = b64[25]; y[27] = b64[24]; - y[28] = b64[31]; y[29] = b64[30]; y[30] = b64[29]; y[31] = b64[28]; - y[32] = b64[35]; y[33] = b64[34]; y[34] = b64[33]; y[35] = b64[32]; - y[36] = b64[39]; y[37] = b64[38]; y[38] = b64[37]; y[39] = b64[36]; - y[40] = b64[43]; y[41] = b64[42]; y[42] = b64[41]; y[43] = b64[40]; - y[44] = b64[47]; y[45] = b64[46]; y[46] = b64[45]; y[47] = b64[44]; - y[48] = b64[51]; y[49] = b64[50]; y[50] = b64[49]; y[51] = b64[48]; - y[52] = b64[55]; y[53] = b64[54]; y[54] = b64[53]; y[55] = b64[52]; - y[56] = b64[59]; y[57] = b64[58]; y[58] = b64[57]; y[59] = b64[56]; - y[60] = b64[63]; y[61] = b64[62]; y[62] = b64[61]; y[63] = b64[60]; -#endif - - ROUND1(A, B, C, D, 0, Sa, 1); ROUND1(D, A, B, C, 1, Sb, 2); - ROUND1(C, D, A, B, 2, Sc, 3); ROUND1(B, C, D, A, 3, Sd, 4); - ROUND1(A, B, C, D, 4, Sa, 5); ROUND1(D, A, B, C, 5, Sb, 6); - ROUND1(C, D, A, B, 6, Sc, 7); ROUND1(B, C, D, A, 7, Sd, 8); - ROUND1(A, B, C, D, 8, Sa, 9); ROUND1(D, A, B, C, 9, Sb, 10); - ROUND1(C, D, A, B, 10, Sc, 11); ROUND1(B, C, D, A, 11, Sd, 12); - ROUND1(A, B, C, D, 12, Sa, 13); ROUND1(D, A, B, C, 13, Sb, 14); - ROUND1(C, D, A, B, 14, Sc, 15); ROUND1(B, C, D, A, 15, Sd, 16); - - ROUND2(A, B, C, D, 1, Se, 17); ROUND2(D, A, B, C, 6, Sf, 18); - ROUND2(C, D, A, B, 11, Sg, 19); ROUND2(B, C, D, A, 0, Sh, 20); - ROUND2(A, B, C, D, 5, Se, 21); ROUND2(D, A, B, C, 10, Sf, 22); - ROUND2(C, D, A, B, 15, Sg, 23); ROUND2(B, C, D, A, 4, Sh, 24); - ROUND2(A, B, C, D, 9, Se, 25); ROUND2(D, A, B, C, 14, Sf, 26); - ROUND2(C, D, A, B, 3, Sg, 27); ROUND2(B, C, D, A, 8, Sh, 28); - ROUND2(A, B, C, D, 13, Se, 29); ROUND2(D, A, B, C, 2, Sf, 30); - ROUND2(C, D, A, B, 7, Sg, 31); ROUND2(B, C, D, A, 12, Sh, 32); - - ROUND3(A, B, C, D, 5, Si, 33); ROUND3(D, A, B, C, 8, Sj, 34); - ROUND3(C, D, A, B, 11, Sk, 35); ROUND3(B, C, D, A, 14, Sl, 36); - ROUND3(A, B, C, D, 1, Si, 37); ROUND3(D, A, B, C, 4, Sj, 38); - ROUND3(C, D, A, B, 7, Sk, 39); ROUND3(B, C, D, A, 10, Sl, 40); - ROUND3(A, B, C, D, 13, Si, 41); ROUND3(D, A, B, C, 0, Sj, 42); - ROUND3(C, D, A, B, 3, Sk, 43); ROUND3(B, C, D, A, 6, Sl, 44); - ROUND3(A, B, C, D, 9, Si, 45); ROUND3(D, A, B, C, 12, Sj, 46); - ROUND3(C, D, A, B, 15, Sk, 47); ROUND3(B, C, D, A, 2, Sl, 48); - - ROUND4(A, B, C, D, 0, Sm, 49); ROUND4(D, A, B, C, 7, Sn, 50); - ROUND4(C, D, A, B, 14, So, 51); ROUND4(B, C, D, A, 5, Sp, 52); - ROUND4(A, B, C, D, 12, Sm, 53); ROUND4(D, A, B, C, 3, Sn, 54); - ROUND4(C, D, A, B, 10, So, 55); ROUND4(B, C, D, A, 1, Sp, 56); - ROUND4(A, B, C, D, 8, Sm, 57); ROUND4(D, A, B, C, 15, Sn, 58); - ROUND4(C, D, A, B, 6, So, 59); ROUND4(B, C, D, A, 13, Sp, 60); - ROUND4(A, B, C, D, 4, Sm, 61); ROUND4(D, A, B, C, 11, Sn, 62); - ROUND4(C, D, A, B, 2, So, 63); ROUND4(B, C, D, A, 9, Sp, 64); - - ctxt->md5_sta += A; - ctxt->md5_stb += B; - ctxt->md5_stc += C; - ctxt->md5_std += D; -} diff --git a/package/ubsec_ssb/src/md5.h b/package/ubsec_ssb/src/md5.h deleted file mode 100644 index 690f5bfc11f..00000000000 --- a/package/ubsec_ssb/src/md5.h +++ /dev/null @@ -1,76 +0,0 @@ -/* $FreeBSD: src/sys/crypto/md5.h,v 1.4 2002/03/20 05:13:50 alfred Exp $ */ -/* $KAME: md5.h,v 1.4 2000/03/27 04:36:22 sumikawa Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef _NETINET6_MD5_H_ -#define _NETINET6_MD5_H_ - -#define MD5_BUFLEN 64 - -typedef struct { - union { - u_int32_t md5_state32[4]; - u_int8_t md5_state8[16]; - } md5_st; - -#define md5_sta md5_st.md5_state32[0] -#define md5_stb md5_st.md5_state32[1] -#define md5_stc md5_st.md5_state32[2] -#define md5_std md5_st.md5_state32[3] -#define md5_st8 md5_st.md5_state8 - - union { - u_int64_t md5_count64; - u_int8_t md5_count8[8]; - } md5_count; -#define md5_n md5_count.md5_count64 -#define md5_n8 md5_count.md5_count8 - - u_int md5_i; - u_int8_t md5_buf[MD5_BUFLEN]; -} md5_ctxt; - -extern void md5_init(md5_ctxt *); -extern void md5_loop(md5_ctxt *, u_int8_t *, u_int); -extern void md5_pad(md5_ctxt *); -extern void md5_result(u_int8_t *, md5_ctxt *); - -/* compatibility */ -#define MD5_CTX md5_ctxt -#define MD5Init(x) md5_init((x)) -#define MD5Update(x, y, z) md5_loop((x), (y), (z)) -#define MD5Final(x, y) \ -do { \ - md5_pad((y)); \ - md5_result((x), (y)); \ -} while (0) - -#endif /* ! _NETINET6_MD5_H_*/ diff --git a/package/ubsec_ssb/src/ocf-compat.h b/package/ubsec_ssb/src/ocf-compat.h deleted file mode 100644 index fb50b41e9f8..00000000000 --- a/package/ubsec_ssb/src/ocf-compat.h +++ /dev/null @@ -1,270 +0,0 @@ -#ifndef _BSD_COMPAT_H_ -#define _BSD_COMPAT_H_ 1 -/****************************************************************************/ -/* - * Provide compat routines for older linux kernels and BSD kernels - * - * Written by David McCullough - * Copyright (C) 2007 David McCullough - * - * LICENSE TERMS - * - * The free distribution and use of this software in both source and binary - * form is allowed (with or without changes) provided that: - * - * 1. distributions of this source code include the above copyright - * notice, this list of conditions and the following disclaimer; - * - * 2. distributions in binary form include the above copyright - * notice, this list of conditions and the following disclaimer - * in the documentation and/or other associated materials; - * - * 3. the copyright holder's name is not used to endorse products - * built using this software without specific written permission. - * - * ALTERNATIVELY, provided that this notice is retained in full, this file - * may be distributed under the terms of the GNU General Public License (GPL), - * in which case the provisions of the GPL apply INSTEAD OF those given above. - * - * DISCLAIMER - * - * This software is provided 'as is' with no explicit or implied warranties - * in respect of its properties, including, but not limited to, correctness - * and/or fitness for purpose. - */ -/****************************************************************************/ -#ifdef __KERNEL__ -/* - * fake some BSD driver interface stuff specifically for OCF use - */ - -typedef struct ocf_device *device_t; - -typedef struct { - int (*cryptodev_newsession)(device_t dev, u_int32_t *sidp, struct cryptoini *cri); - int (*cryptodev_freesession)(device_t dev, u_int64_t tid); - int (*cryptodev_process)(device_t dev, struct cryptop *crp, int hint); - int (*cryptodev_kprocess)(device_t dev, struct cryptkop *krp, int hint); -} device_method_t; -#define DEVMETHOD(id, func) id: func - -struct ocf_device { - char name[32]; /* the driver name */ - char nameunit[32]; /* the driver name + HW instance */ - int unit; - device_method_t methods; - void *softc; -}; - -#define CRYPTODEV_NEWSESSION(dev, sid, cri) \ - ((*(dev)->methods.cryptodev_newsession)(dev,sid,cri)) -#define CRYPTODEV_FREESESSION(dev, sid) \ - ((*(dev)->methods.cryptodev_freesession)(dev, sid)) -#define CRYPTODEV_PROCESS(dev, crp, hint) \ - ((*(dev)->methods.cryptodev_process)(dev, crp, hint)) -#define CRYPTODEV_KPROCESS(dev, krp, hint) \ - ((*(dev)->methods.cryptodev_kprocess)(dev, krp, hint)) - -#define device_get_name(dev) ((dev)->name) -#define device_get_nameunit(dev) ((dev)->nameunit) -#define device_get_unit(dev) ((dev)->unit) -#define device_get_softc(dev) ((dev)->softc) - -#define softc_device_decl \ - struct ocf_device _device; \ - device_t - -#define softc_device_init(_sc, _name, _unit, _methods) \ - if (1) {\ - strncpy((_sc)->_device.name, _name, sizeof((_sc)->_device.name) - 1); \ - snprintf((_sc)->_device.nameunit, sizeof((_sc)->_device.name), "%s%d", _name, _unit); \ - (_sc)->_device.unit = _unit; \ - (_sc)->_device.methods = _methods; \ - (_sc)->_device.softc = (void *) _sc; \ - *(device_t *)((softc_get_device(_sc))+1) = &(_sc)->_device; \ - } else - -#define softc_get_device(_sc) (&(_sc)->_device) - -/* - * iomem support for 2.4 and 2.6 kernels - */ -#include -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) -#define ocf_iomem_t unsigned long - -/* - * implement simple workqueue like support for older kernels - */ - -#include - -#define work_struct tq_struct - -#define INIT_WORK(wp, fp, ap) \ - do { \ - (wp)->sync = 0; \ - (wp)->routine = (fp); \ - (wp)->data = (ap); \ - } while (0) - -#define schedule_work(wp) \ - do { \ - queue_task((wp), &tq_immediate); \ - mark_bh(IMMEDIATE_BH); \ - } while (0) - -#define flush_scheduled_work() run_task_queue(&tq_immediate) - -#else -#define ocf_iomem_t void __iomem * - -#include - -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,26) -#include -#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,11) -#define files_fdtable(files) (files) -#endif - -#ifdef MODULE_PARM -#undef module_param /* just in case */ -#define module_param(a,b,c) MODULE_PARM(a,"i") -#endif - -#define bzero(s,l) memset(s,0,l) -#define bcopy(s,d,l) memcpy(d,s,l) -#define bcmp(x, y, l) memcmp(x,y,l) - -#define MIN(x,y) ((x) < (y) ? (x) : (y)) - -#define device_printf(dev, a...) ({ \ - printk("%s: ", device_get_nameunit(dev)); printk(a); \ - }) - -#undef printf -#define printf(fmt...) printk(fmt) - -#define KASSERT(c,p) if (!(c)) { printk p ; } else - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) -#define ocf_daemonize(str) \ - daemonize(); \ - spin_lock_irq(¤t->sigmask_lock); \ - sigemptyset(¤t->blocked); \ - recalc_sigpending(current); \ - spin_unlock_irq(¤t->sigmask_lock); \ - sprintf(current->comm, str); -#else -#define ocf_daemonize(str) daemonize(str); -#endif - -#define TAILQ_INSERT_TAIL(q,d,m) list_add_tail(&(d)->m, (q)) -#define TAILQ_EMPTY(q) list_empty(q) -#define TAILQ_FOREACH(v, q, m) list_for_each_entry(v, q, m) - -#define read_random(p,l) get_random_bytes(p,l) - -#define DELAY(x) ((x) > 2000 ? mdelay((x)/1000) : udelay(x)) -#define strtoul simple_strtoul - -#define pci_get_vendor(dev) ((dev)->vendor) -#define pci_get_device(dev) ((dev)->device) - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) -#define pci_set_consistent_dma_mask(dev, mask) (0) -#endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,10) -#define pci_dma_sync_single_for_cpu pci_dma_sync_single -#endif - -#ifndef DMA_32BIT_MASK -#define DMA_32BIT_MASK 0x00000000ffffffffULL -#endif - -#define htole32(x) cpu_to_le32(x) -#define htobe32(x) cpu_to_be32(x) -#define htole16(x) cpu_to_le16(x) -#define htobe16(x) cpu_to_be16(x) - -/* older kernels don't have these */ - -#ifndef IRQ_NONE -#define IRQ_NONE -#define IRQ_HANDLED -#define irqreturn_t void -#endif -#ifndef IRQF_SHARED -#define IRQF_SHARED SA_SHIRQ -#endif - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0) -# define strlcpy(dest,src,len) \ - ({strncpy(dest,src,(len)-1); ((char *)dest)[(len)-1] = '\0'; }) -#endif - -#ifndef MAX_ERRNO -#define MAX_ERRNO 4095 -#endif -#ifndef IS_ERR_VALUE -#define IS_ERR_VALUE(x) ((unsigned long)(x) >= (unsigned long)-MAX_ERRNO) -#endif - -/* - * common debug for all - */ -#if 1 -#define dprintk(a...) do { if (debug) printk(a); } while(0) -#else -#define dprintk(a...) -#endif - -#ifndef SLAB_ATOMIC -/* Changed in 2.6.20, must use GFP_ATOMIC now */ -#define SLAB_ATOMIC GFP_ATOMIC -#endif - -/* - * need some additional support for older kernels */ -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,2) -#define pci_register_driver_compat(driver, rc) \ - do { \ - if ((rc) > 0) { \ - (rc) = 0; \ - } else if (rc == 0) { \ - (rc) = -ENODEV; \ - } else { \ - pci_unregister_driver(driver); \ - } \ - } while (0) -#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,10) -#define pci_register_driver_compat(driver,rc) ((rc) = (rc) < 0 ? (rc) : 0) -#else -#define pci_register_driver_compat(driver,rc) -#endif - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24) - -#include - -static inline void sg_set_page(struct scatterlist *sg, struct page *page, - unsigned int len, unsigned int offset) -{ - sg->page = page; - sg->offset = offset; - sg->length = len; -} - -static inline void *sg_virt(struct scatterlist *sg) -{ - return page_address(sg->page) + sg->offset; -} - -#endif - -#endif /* __KERNEL__ */ - -/****************************************************************************/ -#endif /* _BSD_COMPAT_H_ */ diff --git a/package/ubsec_ssb/src/sha1.c b/package/ubsec_ssb/src/sha1.c deleted file mode 100644 index 4e360e20db3..00000000000 --- a/package/ubsec_ssb/src/sha1.c +++ /dev/null @@ -1,279 +0,0 @@ -/* $KAME: sha1.c,v 1.5 2000/11/08 06:13:08 itojun Exp $ */ -/* - * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * FIPS pub 180-1: Secure Hash Algorithm (SHA-1) - * based on: http://csrc.nist.gov/fips/fip180-1.txt - * implemented by Jun-ichiro itojun Itoh - */ - -#if 0 -#include -__FBSDID("$FreeBSD: src/sys/crypto/sha1.c,v 1.9 2003/06/10 21:36:57 obrien Exp $"); - -#include -#include -#include -#include - -#include -#endif - -/* sanity check */ -#if BYTE_ORDER != BIG_ENDIAN -# if BYTE_ORDER != LITTLE_ENDIAN -# define unsupported 1 -# endif -#endif - -#ifndef unsupported - -/* constant table */ -static u_int32_t _K[] = { 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6 }; -#define K(t) _K[(t) / 20] - -#define F0(b, c, d) (((b) & (c)) | ((~(b)) & (d))) -#define F1(b, c, d) (((b) ^ (c)) ^ (d)) -#define F2(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d))) -#define F3(b, c, d) (((b) ^ (c)) ^ (d)) - -#define S(n, x) (((x) << (n)) | ((x) >> (32 - n))) - -#undef H -#define H(n) (ctxt->h.b32[(n)]) -#define COUNT (ctxt->count) -#define BCOUNT (ctxt->c.b64[0] / 8) -#define W(n) (ctxt->m.b32[(n)]) - -#define PUTBYTE(x) { \ - ctxt->m.b8[(COUNT % 64)] = (x); \ - COUNT++; \ - COUNT %= 64; \ - ctxt->c.b64[0] += 8; \ - if (COUNT % 64 == 0) \ - sha1_step(ctxt); \ - } - -#define PUTPAD(x) { \ - ctxt->m.b8[(COUNT % 64)] = (x); \ - COUNT++; \ - COUNT %= 64; \ - if (COUNT % 64 == 0) \ - sha1_step(ctxt); \ - } - -static void sha1_step(struct sha1_ctxt *); - -static void -sha1_step(ctxt) - struct sha1_ctxt *ctxt; -{ - u_int32_t a, b, c, d, e; - size_t t, s; - u_int32_t tmp; - -#if BYTE_ORDER == LITTLE_ENDIAN - struct sha1_ctxt tctxt; - bcopy(&ctxt->m.b8[0], &tctxt.m.b8[0], 64); - ctxt->m.b8[0] = tctxt.m.b8[3]; ctxt->m.b8[1] = tctxt.m.b8[2]; - ctxt->m.b8[2] = tctxt.m.b8[1]; ctxt->m.b8[3] = tctxt.m.b8[0]; - ctxt->m.b8[4] = tctxt.m.b8[7]; ctxt->m.b8[5] = tctxt.m.b8[6]; - ctxt->m.b8[6] = tctxt.m.b8[5]; ctxt->m.b8[7] = tctxt.m.b8[4]; - ctxt->m.b8[8] = tctxt.m.b8[11]; ctxt->m.b8[9] = tctxt.m.b8[10]; - ctxt->m.b8[10] = tctxt.m.b8[9]; ctxt->m.b8[11] = tctxt.m.b8[8]; - ctxt->m.b8[12] = tctxt.m.b8[15]; ctxt->m.b8[13] = tctxt.m.b8[14]; - ctxt->m.b8[14] = tctxt.m.b8[13]; ctxt->m.b8[15] = tctxt.m.b8[12]; - ctxt->m.b8[16] = tctxt.m.b8[19]; ctxt->m.b8[17] = tctxt.m.b8[18]; - ctxt->m.b8[18] = tctxt.m.b8[17]; ctxt->m.b8[19] = tctxt.m.b8[16]; - ctxt->m.b8[20] = tctxt.m.b8[23]; ctxt->m.b8[21] = tctxt.m.b8[22]; - ctxt->m.b8[22] = tctxt.m.b8[21]; ctxt->m.b8[23] = tctxt.m.b8[20]; - ctxt->m.b8[24] = tctxt.m.b8[27]; ctxt->m.b8[25] = tctxt.m.b8[26]; - ctxt->m.b8[26] = tctxt.m.b8[25]; ctxt->m.b8[27] = tctxt.m.b8[24]; - ctxt->m.b8[28] = tctxt.m.b8[31]; ctxt->m.b8[29] = tctxt.m.b8[30]; - ctxt->m.b8[30] = tctxt.m.b8[29]; ctxt->m.b8[31] = tctxt.m.b8[28]; - ctxt->m.b8[32] = tctxt.m.b8[35]; ctxt->m.b8[33] = tctxt.m.b8[34]; - ctxt->m.b8[34] = tctxt.m.b8[33]; ctxt->m.b8[35] = tctxt.m.b8[32]; - ctxt->m.b8[36] = tctxt.m.b8[39]; ctxt->m.b8[37] = tctxt.m.b8[38]; - ctxt->m.b8[38] = tctxt.m.b8[37]; ctxt->m.b8[39] = tctxt.m.b8[36]; - ctxt->m.b8[40] = tctxt.m.b8[43]; ctxt->m.b8[41] = tctxt.m.b8[42]; - ctxt->m.b8[42] = tctxt.m.b8[41]; ctxt->m.b8[43] = tctxt.m.b8[40]; - ctxt->m.b8[44] = tctxt.m.b8[47]; ctxt->m.b8[45] = tctxt.m.b8[46]; - ctxt->m.b8[46] = tctxt.m.b8[45]; ctxt->m.b8[47] = tctxt.m.b8[44]; - ctxt->m.b8[48] = tctxt.m.b8[51]; ctxt->m.b8[49] = tctxt.m.b8[50]; - ctxt->m.b8[50] = tctxt.m.b8[49]; ctxt->m.b8[51] = tctxt.m.b8[48]; - ctxt->m.b8[52] = tctxt.m.b8[55]; ctxt->m.b8[53] = tctxt.m.b8[54]; - ctxt->m.b8[54] = tctxt.m.b8[53]; ctxt->m.b8[55] = tctxt.m.b8[52]; - ctxt->m.b8[56] = tctxt.m.b8[59]; ctxt->m.b8[57] = tctxt.m.b8[58]; - ctxt->m.b8[58] = tctxt.m.b8[57]; ctxt->m.b8[59] = tctxt.m.b8[56]; - ctxt->m.b8[60] = tctxt.m.b8[63]; ctxt->m.b8[61] = tctxt.m.b8[62]; - ctxt->m.b8[62] = tctxt.m.b8[61]; ctxt->m.b8[63] = tctxt.m.b8[60]; -#endif - - a = H(0); b = H(1); c = H(2); d = H(3); e = H(4); - - for (t = 0; t < 20; t++) { - s = t & 0x0f; - if (t >= 16) { - W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s)); - } - tmp = S(5, a) + F0(b, c, d) + e + W(s) + K(t); - e = d; d = c; c = S(30, b); b = a; a = tmp; - } - for (t = 20; t < 40; t++) { - s = t & 0x0f; - W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s)); - tmp = S(5, a) + F1(b, c, d) + e + W(s) + K(t); - e = d; d = c; c = S(30, b); b = a; a = tmp; - } - for (t = 40; t < 60; t++) { - s = t & 0x0f; - W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s)); - tmp = S(5, a) + F2(b, c, d) + e + W(s) + K(t); - e = d; d = c; c = S(30, b); b = a; a = tmp; - } - for (t = 60; t < 80; t++) { - s = t & 0x0f; - W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s)); - tmp = S(5, a) + F3(b, c, d) + e + W(s) + K(t); - e = d; d = c; c = S(30, b); b = a; a = tmp; - } - - H(0) = H(0) + a; - H(1) = H(1) + b; - H(2) = H(2) + c; - H(3) = H(3) + d; - H(4) = H(4) + e; - - bzero(&ctxt->m.b8[0], 64); -} - -/*------------------------------------------------------------*/ - -void -sha1_init(ctxt) - struct sha1_ctxt *ctxt; -{ - bzero(ctxt, sizeof(struct sha1_ctxt)); - H(0) = 0x67452301; - H(1) = 0xefcdab89; - H(2) = 0x98badcfe; - H(3) = 0x10325476; - H(4) = 0xc3d2e1f0; -} - -void -sha1_pad(ctxt) - struct sha1_ctxt *ctxt; -{ - size_t padlen; /*pad length in bytes*/ - size_t padstart; - - PUTPAD(0x80); - - padstart = COUNT % 64; - padlen = 64 - padstart; - if (padlen < 8) { - bzero(&ctxt->m.b8[padstart], padlen); - COUNT += padlen; - COUNT %= 64; - sha1_step(ctxt); - padstart = COUNT % 64; /* should be 0 */ - padlen = 64 - padstart; /* should be 64 */ - } - bzero(&ctxt->m.b8[padstart], padlen - 8); - COUNT += (padlen - 8); - COUNT %= 64; -#if BYTE_ORDER == BIG_ENDIAN - PUTPAD(ctxt->c.b8[0]); PUTPAD(ctxt->c.b8[1]); - PUTPAD(ctxt->c.b8[2]); PUTPAD(ctxt->c.b8[3]); - PUTPAD(ctxt->c.b8[4]); PUTPAD(ctxt->c.b8[5]); - PUTPAD(ctxt->c.b8[6]); PUTPAD(ctxt->c.b8[7]); -#else - PUTPAD(ctxt->c.b8[7]); PUTPAD(ctxt->c.b8[6]); - PUTPAD(ctxt->c.b8[5]); PUTPAD(ctxt->c.b8[4]); - PUTPAD(ctxt->c.b8[3]); PUTPAD(ctxt->c.b8[2]); - PUTPAD(ctxt->c.b8[1]); PUTPAD(ctxt->c.b8[0]); -#endif -} - -void -sha1_loop(ctxt, input, len) - struct sha1_ctxt *ctxt; - const u_int8_t *input; - size_t len; -{ - size_t gaplen; - size_t gapstart; - size_t off; - size_t copysiz; - - off = 0; - - while (off < len) { - gapstart = COUNT % 64; - gaplen = 64 - gapstart; - - copysiz = (gaplen < len - off) ? gaplen : len - off; - bcopy(&input[off], &ctxt->m.b8[gapstart], copysiz); - COUNT += copysiz; - COUNT %= 64; - ctxt->c.b64[0] += copysiz * 8; - if (COUNT % 64 == 0) - sha1_step(ctxt); - off += copysiz; - } -} - -void -sha1_result(ctxt, digest0) - struct sha1_ctxt *ctxt; - caddr_t digest0; -{ - u_int8_t *digest; - - digest = (u_int8_t *)digest0; - sha1_pad(ctxt); -#if BYTE_ORDER == BIG_ENDIAN - bcopy(&ctxt->h.b8[0], digest, 20); -#else - digest[0] = ctxt->h.b8[3]; digest[1] = ctxt->h.b8[2]; - digest[2] = ctxt->h.b8[1]; digest[3] = ctxt->h.b8[0]; - digest[4] = ctxt->h.b8[7]; digest[5] = ctxt->h.b8[6]; - digest[6] = ctxt->h.b8[5]; digest[7] = ctxt->h.b8[4]; - digest[8] = ctxt->h.b8[11]; digest[9] = ctxt->h.b8[10]; - digest[10] = ctxt->h.b8[9]; digest[11] = ctxt->h.b8[8]; - digest[12] = ctxt->h.b8[15]; digest[13] = ctxt->h.b8[14]; - digest[14] = ctxt->h.b8[13]; digest[15] = ctxt->h.b8[12]; - digest[16] = ctxt->h.b8[19]; digest[17] = ctxt->h.b8[18]; - digest[18] = ctxt->h.b8[17]; digest[19] = ctxt->h.b8[16]; -#endif -} - -#endif /*unsupported*/ diff --git a/package/ubsec_ssb/src/sha1.h b/package/ubsec_ssb/src/sha1.h deleted file mode 100644 index 0e19d9071f9..00000000000 --- a/package/ubsec_ssb/src/sha1.h +++ /dev/null @@ -1,72 +0,0 @@ -/* $FreeBSD: src/sys/crypto/sha1.h,v 1.8 2002/03/20 05:13:50 alfred Exp $ */ -/* $KAME: sha1.h,v 1.5 2000/03/27 04:36:23 sumikawa Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* - * FIPS pub 180-1: Secure Hash Algorithm (SHA-1) - * based on: http://csrc.nist.gov/fips/fip180-1.txt - * implemented by Jun-ichiro itojun Itoh - */ - -#ifndef _NETINET6_SHA1_H_ -#define _NETINET6_SHA1_H_ - -struct sha1_ctxt { - union { - u_int8_t b8[20]; - u_int32_t b32[5]; - } h; - union { - u_int8_t b8[8]; - u_int64_t b64[1]; - } c; - union { - u_int8_t b8[64]; - u_int32_t b32[16]; - } m; - u_int8_t count; -}; - -#ifdef __KERNEL__ -extern void sha1_init(struct sha1_ctxt *); -extern void sha1_pad(struct sha1_ctxt *); -extern void sha1_loop(struct sha1_ctxt *, const u_int8_t *, size_t); -extern void sha1_result(struct sha1_ctxt *, caddr_t); - -/* compatibilty with other SHA1 source codes */ -typedef struct sha1_ctxt SHA1_CTX; -#define SHA1Init(x) sha1_init((x)) -#define SHA1Update(x, y, z) sha1_loop((x), (y), (z)) -#define SHA1Final(x, y) sha1_result((y), (x)) -#endif /* __KERNEL__ */ - -#define SHA1_RESULTLEN (160/8) - -#endif /*_NETINET6_SHA1_H_*/ diff --git a/package/ubsec_ssb/src/ubsec_ssb.c b/package/ubsec_ssb/src/ubsec_ssb.c deleted file mode 100644 index d6adf596dd9..00000000000 --- a/package/ubsec_ssb/src/ubsec_ssb.c +++ /dev/null @@ -1,2218 +0,0 @@ - -/* - * Copyright (c) 2008 Daniel Mueller (daniel@danm.de) - * Copyright (c) 2007 David McCullough (david_mccullough@securecomputing.com) - * Copyright (c) 2000 Jason L. Wright (jason@thought.net) - * Copyright (c) 2000 Theo de Raadt (deraadt@openbsd.org) - * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN - * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - * - * Effort sponsored in part by the Defense Advanced Research Projects - * Agency (DARPA) and Air Force Research Laboratory, Air Force - * Materiel Command, USAF, under agreement number F30602-01-2-0537. - * - */ -#undef UBSEC_DEBUG -#undef UBSEC_VERBOSE_DEBUG - -#ifdef UBSEC_VERBOSE_DEBUG -#define UBSEC_DEBUG -#endif - -/* - * uBsec BCM5365 hardware crypto accelerator - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -/* - * BSD queue - */ -#include "bsdqueue.h" - -/* - * OCF - */ -#include "cryptodev.h" -#include "uio.h" - -#define HMAC_HACK 1 - -#ifdef HMAC_HACK -#include "hmachack.h" -#include "md5.h" -#include "md5.c" -#include "sha1.h" -#include "sha1.c" -#endif - -#include "ubsecreg.h" -#include "ubsecvar.h" - -#define DRV_MODULE_NAME "ubsec_ssb" -#define PFX DRV_MODULE_NAME ": " -#define DRV_MODULE_VERSION "0.02" -#define DRV_MODULE_RELDATE "Feb 21, 2009" - -#if 1 -#define DPRINTF(a...) \ - if (debug) \ - { \ - printk(DRV_MODULE_NAME ": " a); \ - } -#else -#define DPRINTF(a...) -#endif - -/* - * Prototypes - */ -static irqreturn_t ubsec_ssb_isr(int, void *, struct pt_regs *); -static int __devinit ubsec_ssb_probe(struct ssb_device *sdev, - const struct ssb_device_id *ent); -static void __devexit ubsec_ssb_remove(struct ssb_device *sdev); -int ubsec_attach(struct ssb_device *sdev, const struct ssb_device_id *ent, - struct device *self); -static void ubsec_setup_mackey(struct ubsec_session *ses, int algo, - caddr_t key, int klen); -static int dma_map_skb(struct ubsec_softc *sc, - struct ubsec_dma_alloc* q_map, struct sk_buff *skb, int *mlen); -static int dma_map_uio(struct ubsec_softc *sc, - struct ubsec_dma_alloc *q_map, struct uio *uio, int *mlen); -static void dma_unmap(struct ubsec_softc *sc, - struct ubsec_dma_alloc *q_map, int mlen); -static int ubsec_dmamap_aligned(struct ubsec_softc *sc, - const struct ubsec_dma_alloc *q_map, int mlen); - -#ifdef UBSEC_DEBUG -static int proc_read(char *buf, char **start, off_t offset, - int size, int *peof, void *data); -#endif - -void ubsec_reset_board(struct ubsec_softc *); -void ubsec_init_board(struct ubsec_softc *); -void ubsec_cleanchip(struct ubsec_softc *); -void ubsec_totalreset(struct ubsec_softc *); -int ubsec_free_q(struct ubsec_softc*, struct ubsec_q *); - -static int ubsec_newsession(device_t, u_int32_t *, struct cryptoini *); -static int ubsec_freesession(device_t, u_int64_t); -static int ubsec_process(device_t, struct cryptop *, int); - -void ubsec_callback(struct ubsec_softc *, struct ubsec_q *); -void ubsec_feed(struct ubsec_softc *); -void ubsec_mcopy(struct sk_buff *, struct sk_buff *, int, int); -void ubsec_dma_free(struct ubsec_softc *, struct ubsec_dma_alloc *); -int ubsec_dma_malloc(struct ubsec_softc *, struct ubsec_dma_alloc *, - size_t, int); - -/* DEBUG crap... */ -void ubsec_dump_pb(struct ubsec_pktbuf *); -void ubsec_dump_mcr(struct ubsec_mcr *); - -#define READ_REG(sc,r) \ - ssb_read32((sc)->sdev, (r)); -#define WRITE_REG(sc,r,val) \ - ssb_write32((sc)->sdev, (r), (val)); -#define READ_REG_SDEV(sdev,r) \ - ssb_read32((sdev), (r)); -#define WRITE_REG_SDEV(sdev,r,val) \ - ssb_write32((sdev), (r), (val)); - -#define SWAP32(x) (x) = htole32(ntohl((x))) -#define HTOLE32(x) (x) = htole32(x) - -#ifdef __LITTLE_ENDIAN -#define letoh16(x) (x) -#define letoh32(x) (x) -#endif - -static int debug; -module_param(debug, int, 0644); -MODULE_PARM_DESC(debug, "Enable debug output"); - -#define UBSEC_SSB_MAX_CHIPS 1 -static struct ubsec_softc *ubsec_chip_idx[UBSEC_SSB_MAX_CHIPS]; -static struct ubsec_stats ubsecstats; - -#ifdef UBSEC_DEBUG -static struct proc_dir_entry *procdebug; -#endif - -static struct ssb_device_id ubsec_ssb_tbl[] = { - /* Broadcom BCM5365P IPSec Core */ - SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_IPSEC, SSB_ANY_REV), - SSB_DEVTABLE_END -}; - -static struct ssb_driver ubsec_ssb_driver = { - .name = DRV_MODULE_NAME, - .id_table = ubsec_ssb_tbl, - .probe = ubsec_ssb_probe, - .remove = __devexit_p(ubsec_ssb_remove), - /* - .suspend = ubsec_ssb_suspend, - .resume = ubsec_ssb_resume - */ -}; - -static device_method_t ubsec_ssb_methods = { - /* crypto device methods */ - DEVMETHOD(cryptodev_newsession, ubsec_newsession), - DEVMETHOD(cryptodev_freesession,ubsec_freesession), - DEVMETHOD(cryptodev_process, ubsec_process), -}; - -#ifdef UBSEC_DEBUG -static int -proc_read(char *buf, char **start, off_t offset, - int size, int *peof, void *data) -{ - int i = 0, byteswritten = 0, ret; - unsigned int stat, ctrl; -#ifdef UBSEC_VERBOSE_DEBUG - struct ubsec_q *q; - struct ubsec_dma *dmap; -#endif - - while ((i < UBSEC_SSB_MAX_CHIPS) && (ubsec_chip_idx[i] != NULL)) - { - struct ubsec_softc *sc = ubsec_chip_idx[i]; - - stat = READ_REG(sc, BS_STAT); - ctrl = READ_REG(sc, BS_CTRL); - ret = snprintf((buf + byteswritten), - (size - byteswritten) , - "DEV %d, DMASTAT %08x, DMACTRL %08x\n", i, stat, ctrl); - - byteswritten += ret; - -#ifdef UBSEC_VERBOSE_DEBUG - printf("DEV %d, DMASTAT %08x, DMACTRL %08x\n", i, stat, ctrl); - - /* Dump all queues MCRs */ - if (!BSD_SIMPLEQ_EMPTY(&sc->sc_qchip)) { - BSD_SIMPLEQ_FOREACH(q, &sc->sc_qchip, q_next) - { - dmap = q->q_dma; - ubsec_dump_mcr(&dmap->d_dma->d_mcr); - } - } -#endif - - i++; - } - - *peof = 1; - - return byteswritten; -} -#endif - -/* - * map in a given sk_buff - */ -static int -dma_map_skb(struct ubsec_softc *sc, struct ubsec_dma_alloc* q_map, struct sk_buff *skb, int *mlen) -{ - int i = 0; - dma_addr_t tmp; - -#ifdef UBSEC_DEBUG - DPRINTF("%s()\n", __FUNCTION__); -#endif - - /* - * We support only a limited number of fragments. - */ - if (unlikely((skb_shinfo(skb)->nr_frags + 1) >= UBS_MAX_SCATTER)) - { - printk(KERN_ERR "Only %d scatter fragments are supported.\n", UBS_MAX_SCATTER); - return (-ENOMEM); - } - -#ifdef UBSEC_VERBOSE_DEBUG - DPRINTF("%s - map %d 0x%x %d\n", __FUNCTION__, 0, (unsigned int)skb->data, skb_headlen(skb)); -#endif - - /* first data package */ - tmp = dma_map_single(sc->sc_dv, - skb->data, - skb_headlen(skb), - DMA_BIDIRECTIONAL); - - q_map[i].dma_paddr = tmp; - q_map[i].dma_vaddr = skb->data; - q_map[i].dma_size = skb_headlen(skb); - - if (unlikely(tmp == 0)) - { - printk(KERN_ERR "Could not map memory region for dma.\n"); - return (-EINVAL); - } - -#ifdef UBSEC_VERBOSE_DEBUG - DPRINTF("%s - map %d done physical addr 0x%x\n", __FUNCTION__, 0, (unsigned int)tmp); -#endif - - - /* all other data packages */ - for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { - -#ifdef UBSEC_VERBOSE_DEBUG - DPRINTF("%s - map %d 0x%x %d\n", __FUNCTION__, i + 1, - (unsigned int)page_address(skb_shinfo(skb)->frags[i].page) + - skb_shinfo(skb)->frags[i].page_offset, skb_shinfo(skb)->frags[i].size); -#endif - - tmp = dma_map_single(sc->sc_dv, - page_address(skb_shinfo(skb)->frags[i].page) + - skb_shinfo(skb)->frags[i].page_offset, - skb_shinfo(skb)->frags[i].size, - DMA_BIDIRECTIONAL); - - q_map[i + 1].dma_paddr = tmp; - q_map[i + 1].dma_vaddr = (void*)(page_address(skb_shinfo(skb)->frags[i].page) + - skb_shinfo(skb)->frags[i].page_offset); - q_map[i + 1].dma_size = skb_shinfo(skb)->frags[i].size; - - if (unlikely(tmp == 0)) - { - printk(KERN_ERR "Could not map memory region for dma.\n"); - return (-EINVAL); - } - -#ifdef UBSEC_VERBOSE_DEBUG - DPRINTF("%s - map %d done physical addr 0x%x\n", __FUNCTION__, i + 1, (unsigned int)tmp); -#endif - - } - *mlen = i + 1; - - return(0); -} - -/* - * map in a given uio buffer - */ - -static int -dma_map_uio(struct ubsec_softc *sc, struct ubsec_dma_alloc *q_map, struct uio *uio, int *mlen) -{ - struct iovec *iov = uio->uio_iov; - int n; - dma_addr_t tmp; - -#ifdef UBSEC_DEBUG - DPRINTF("%s()\n", __FUNCTION__); -#endif - - /* - * We support only a limited number of fragments. - */ - if (unlikely(uio->uio_iovcnt >= UBS_MAX_SCATTER)) - { - printk(KERN_ERR "Only %d scatter fragments are supported.\n", UBS_MAX_SCATTER); - return (-ENOMEM); - } - - for (n = 0; n < uio->uio_iovcnt; n++) { -#ifdef UBSEC_VERBOSE_DEBUG - DPRINTF("%s - map %d 0x%x %d\n", __FUNCTION__, n, (unsigned int)iov->iov_base, iov->iov_len); -#endif - tmp = dma_map_single(sc->sc_dv, - iov->iov_base, - iov->iov_len, - DMA_BIDIRECTIONAL); - - q_map[n].dma_paddr = tmp; - q_map[n].dma_vaddr = iov->iov_base; - q_map[n].dma_size = iov->iov_len; - - if (unlikely(tmp == 0)) - { - printk(KERN_ERR "Could not map memory region for dma.\n"); - return (-EINVAL); - } - -#ifdef UBSEC_VERBOSE_DEBUG - DPRINTF("%s - map %d done physical addr 0x%x\n", __FUNCTION__, n, (unsigned int)tmp); -#endif - - iov++; - } - *mlen = n; - - return(0); -} - -static void -dma_unmap(struct ubsec_softc *sc, struct ubsec_dma_alloc *q_map, int mlen) -{ - int i; - -#ifdef UBSEC_DEBUG - DPRINTF("%s()\n", __FUNCTION__); -#endif - - for(i = 0; i < mlen; i++) - { -#ifdef UBSEC_VERBOSE_DEBUG - DPRINTF("%s - unmap %d 0x%x %d\n", __FUNCTION__, i, (unsigned int)q_map[i].dma_paddr, q_map[i].dma_size); -#endif - dma_unmap_single(sc->sc_dv, - q_map[i].dma_paddr, - q_map[i].dma_size, - DMA_BIDIRECTIONAL); - } - return; -} - -/* - * Is the operand suitable aligned for direct DMA. Each - * segment must be aligned on a 32-bit boundary and all - * but the last segment must be a multiple of 4 bytes. - */ -static int -ubsec_dmamap_aligned(struct ubsec_softc *sc, const struct ubsec_dma_alloc *q_map, int mlen) -{ - int i; - -#ifdef UBSEC_DEBUG - DPRINTF("%s()\n", __FUNCTION__); -#endif - - for (i = 0; i < mlen; i++) { - if (q_map[i].dma_paddr & 3) - return (0); - if (i != (mlen - 1) && (q_map[i].dma_size & 3)) - return (0); - } - return (1); -} - - -#define N(a) (sizeof(a) / sizeof (a[0])) -static void -ubsec_setup_mackey(struct ubsec_session *ses, int algo, caddr_t key, int klen) -{ -#ifdef HMAC_HACK - MD5_CTX md5ctx; - SHA1_CTX sha1ctx; - int i; - -#ifdef UBSEC_DEBUG - DPRINTF("%s()\n", __FUNCTION__); -#endif - - for (i = 0; i < klen; i++) - key[i] ^= HMAC_IPAD_VAL; - - if (algo == CRYPTO_MD5_HMAC) { - MD5Init(&md5ctx); - MD5Update(&md5ctx, key, klen); - MD5Update(&md5ctx, hmac_ipad_buffer, MD5_HMAC_BLOCK_LEN - klen); - bcopy(md5ctx.md5_st8, ses->ses_hminner, sizeof(md5ctx.md5_st8)); - } else { - SHA1Init(&sha1ctx); - SHA1Update(&sha1ctx, key, klen); - SHA1Update(&sha1ctx, hmac_ipad_buffer, - SHA1_HMAC_BLOCK_LEN - klen); - bcopy(sha1ctx.h.b32, ses->ses_hminner, sizeof(sha1ctx.h.b32)); - } - - for (i = 0; i < klen; i++) - key[i] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); - - if (algo == CRYPTO_MD5_HMAC) { - MD5Init(&md5ctx); - MD5Update(&md5ctx, key, klen); - MD5Update(&md5ctx, hmac_opad_buffer, MD5_HMAC_BLOCK_LEN - klen); - bcopy(md5ctx.md5_st8, ses->ses_hmouter, sizeof(md5ctx.md5_st8)); - } else { - SHA1Init(&sha1ctx); - SHA1Update(&sha1ctx, key, klen); - SHA1Update(&sha1ctx, hmac_opad_buffer, - SHA1_HMAC_BLOCK_LEN - klen); - bcopy(sha1ctx.h.b32, ses->ses_hmouter, sizeof(sha1ctx.h.b32)); - } - - for (i = 0; i < klen; i++) - key[i] ^= HMAC_OPAD_VAL; - -#else /* HMAC_HACK */ - DPRINTF("md5/sha not implemented\n"); -#endif /* HMAC_HACK */ -} -#undef N - -static int -__devinit ubsec_ssb_probe(struct ssb_device *sdev, - const struct ssb_device_id *ent) -{ - int err; - -#ifdef UBSEC_DEBUG - DPRINTF("%s()\n", __FUNCTION__); -#endif - - err = ssb_bus_powerup(sdev->bus, 0); - if (err) { - dev_err(sdev->dev, "Failed to powerup the bus\n"); - goto err_out; - } - - err = request_irq(sdev->irq, (irq_handler_t)ubsec_ssb_isr, - IRQF_DISABLED | IRQF_SHARED, DRV_MODULE_NAME, sdev); - if (err) { - dev_err(sdev->dev, "Could not request irq\n"); - goto err_out_powerdown; - } - -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,34)) - err = dma_set_mask(sdev->dma_dev, DMA_BIT_MASK(32)) || - dma_set_coherent_mask(sdev->dma_dev, DMA_BIT_MASK(32)); -#else - err = ssb_dma_set_mask(sdev, DMA_32BIT_MASK); -#endif - if (err) { - dev_err(sdev->dev, - "Required 32BIT DMA mask unsupported by the system.\n"); - goto err_out_free_irq; - } - - printk(KERN_INFO "Sentry5(tm) ROBOGateway(tm) IPSec Core at IRQ %u\n", - sdev->irq); - - DPRINTF("Vendor: %x, core id: %x, revision: %x\n", - sdev->id.vendor, sdev->id.coreid, sdev->id.revision); - - ssb_device_enable(sdev, 0); - - if (ubsec_attach(sdev, ent, sdev->dev) != 0) - goto err_out_disable; - -#ifdef UBSEC_DEBUG - procdebug = create_proc_entry(DRV_MODULE_NAME, S_IRUSR, NULL); - if (procdebug) - { - procdebug->read_proc = proc_read; - procdebug->data = NULL; - } else - DPRINTF("Unable to create proc file.\n"); -#endif - - return 0; - -err_out_disable: - ssb_device_disable(sdev, 0); - -err_out_free_irq: - free_irq(sdev->irq, sdev); - -err_out_powerdown: - ssb_bus_may_powerdown(sdev->bus); - -err_out: - return err; -} - -static void __devexit ubsec_ssb_remove(struct ssb_device *sdev) { - - struct ubsec_softc *sc; - unsigned int ctrlflgs; - struct ubsec_dma *dmap; - u_int32_t i; - -#ifdef UBSEC_DEBUG - DPRINTF("%s()\n", __FUNCTION__); -#endif - - ctrlflgs = READ_REG_SDEV(sdev, BS_CTRL); - /* disable all IPSec Core interrupts globally */ - ctrlflgs ^= (BS_CTRL_MCR1INT | BS_CTRL_MCR2INT | - BS_CTRL_DMAERR); - WRITE_REG_SDEV(sdev, BS_CTRL, ctrlflgs); - - free_irq(sdev->irq, sdev); - - sc = (struct ubsec_softc *)ssb_get_drvdata(sdev); - - /* unregister all crypto algorithms */ - crypto_unregister_all(sc->sc_cid); - - /* Free queue / dma memory */ - for (i = 0; i < UBS_MAX_NQUEUE; i++) { - struct ubsec_q *q; - - q = sc->sc_queuea[i]; - if (q != NULL) - { - dmap = q->q_dma; - if (dmap != NULL) - { - ubsec_dma_free(sc, &dmap->d_alloc); - q->q_dma = NULL; - } - kfree(q); - } - sc->sc_queuea[i] = NULL; - } - - ssb_device_disable(sdev, 0); - ssb_bus_may_powerdown(sdev->bus); - ssb_set_drvdata(sdev, NULL); - -#ifdef UBSEC_DEBUG - if (procdebug) - remove_proc_entry(DRV_MODULE_NAME, NULL); -#endif - -} - - -int -ubsec_attach(struct ssb_device *sdev, const struct ssb_device_id *ent, - struct device *self) -{ - struct ubsec_softc *sc = NULL; - struct ubsec_dma *dmap; - u_int32_t i; - static int num_chips = 0; - -#ifdef UBSEC_DEBUG - DPRINTF("%s()\n", __FUNCTION__); -#endif - - sc = (struct ubsec_softc *) kmalloc(sizeof(*sc), GFP_KERNEL); - if (!sc) - return(-ENOMEM); - memset(sc, 0, sizeof(*sc)); - - sc->sc_dv = sdev->dev; - sc->sdev = sdev; - - spin_lock_init(&sc->sc_ringmtx); - - softc_device_init(sc, "ubsec_ssb", num_chips, ubsec_ssb_methods); - - /* Maybe someday there are boards with more than one chip available */ - if (num_chips < UBSEC_SSB_MAX_CHIPS) { - ubsec_chip_idx[device_get_unit(sc->sc_dev)] = sc; - num_chips++; - } - - ssb_set_drvdata(sdev, sc); - - BSD_SIMPLEQ_INIT(&sc->sc_queue); - BSD_SIMPLEQ_INIT(&sc->sc_qchip); - BSD_SIMPLEQ_INIT(&sc->sc_queue2); - BSD_SIMPLEQ_INIT(&sc->sc_qchip2); - BSD_SIMPLEQ_INIT(&sc->sc_q2free); - - sc->sc_statmask = BS_STAT_MCR1_DONE | BS_STAT_DMAERR; - - sc->sc_cid = crypto_get_driverid(softc_get_device(sc), CRYPTOCAP_F_HARDWARE); - if (sc->sc_cid < 0) { - device_printf(sc->sc_dev, "could not get crypto driver id\n"); - return -1; - } - - BSD_SIMPLEQ_INIT(&sc->sc_freequeue); - dmap = sc->sc_dmaa; - for (i = 0; i < UBS_MAX_NQUEUE; i++, dmap++) { - struct ubsec_q *q; - - q = (struct ubsec_q *)kmalloc(sizeof(struct ubsec_q), GFP_KERNEL); - if (q == NULL) { - printf(": can't allocate queue buffers\n"); - break; - } - - if (ubsec_dma_malloc(sc, &dmap->d_alloc, sizeof(struct ubsec_dmachunk),0)) { - printf(": can't allocate dma buffers\n"); - kfree(q); - break; - } - dmap->d_dma = (struct ubsec_dmachunk *)dmap->d_alloc.dma_vaddr; - - q->q_dma = dmap; - sc->sc_queuea[i] = q; - - BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next); - } - - /* - * Reset Broadcom chip - */ - ubsec_reset_board(sc); - - /* - * Init Broadcom chip - */ - ubsec_init_board(sc); - - /* supported crypto algorithms */ - crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0); - crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0); - - if (sc->sc_flags & UBS_FLAGS_AES) { - crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0); - printf(KERN_INFO DRV_MODULE_NAME ": DES 3DES AES128 AES192 AES256 MD5_HMAC SHA1_HMAC\n"); - } - else - printf(KERN_INFO DRV_MODULE_NAME ": DES 3DES MD5_HMAC SHA1_HMAC\n"); - - crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0); - crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0); - - return 0; -} - -/* - * UBSEC Interrupt routine - */ -static irqreturn_t -ubsec_ssb_isr(int irq, void *arg, struct pt_regs *regs) -{ - struct ubsec_softc *sc = NULL; - volatile u_int32_t stat; - struct ubsec_q *q; - struct ubsec_dma *dmap; - int npkts = 0, i; - -#ifdef UBSEC_VERBOSE_DEBUG - DPRINTF("%s()\n", __FUNCTION__); -#endif - - sc = (struct ubsec_softc *)ssb_get_drvdata(arg); - - stat = READ_REG(sc, BS_STAT); - - stat &= sc->sc_statmask; - if (stat == 0) - return IRQ_NONE; - - WRITE_REG(sc, BS_STAT, stat); /* IACK */ - - /* - * Check to see if we have any packets waiting for us - */ - if ((stat & BS_STAT_MCR1_DONE)) { - while (!BSD_SIMPLEQ_EMPTY(&sc->sc_qchip)) { - q = BSD_SIMPLEQ_FIRST(&sc->sc_qchip); - dmap = q->q_dma; - - if ((dmap->d_dma->d_mcr.mcr_flags & htole16(UBS_MCR_DONE)) == 0) - { - DPRINTF("error while processing MCR. Flags = %x\n", dmap->d_dma->d_mcr.mcr_flags); - break; - } - - BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_qchip, q_next); - - npkts = q->q_nstacked_mcrs; - /* - * search for further sc_qchip ubsec_q's that share - * the same MCR, and complete them too, they must be - * at the top. - */ - for (i = 0; i < npkts; i++) { - if(q->q_stacked_mcr[i]) - ubsec_callback(sc, q->q_stacked_mcr[i]); - else - break; - } - ubsec_callback(sc, q); - } - - /* - * Don't send any more packet to chip if there has been - * a DMAERR. - */ - if (likely(!(stat & BS_STAT_DMAERR))) - ubsec_feed(sc); - else - DPRINTF("DMA error occurred. Stop feeding crypto chip.\n"); - } - - /* - * Check to see if we got any DMA Error - */ - if (stat & BS_STAT_DMAERR) { - volatile u_int32_t a = READ_REG(sc, BS_ERR); - - printf(KERN_ERR "%s: dmaerr %s@%08x\n", DRV_MODULE_NAME, - (a & BS_ERR_READ) ? "read" : "write", a & BS_ERR_ADDR); - - ubsecstats.hst_dmaerr++; - ubsec_totalreset(sc); - ubsec_feed(sc); - } - - return IRQ_HANDLED; -} - -/* - * ubsec_feed() - aggregate and post requests to chip - * It is assumed that the caller set splnet() - */ -void -ubsec_feed(struct ubsec_softc *sc) -{ -#ifdef UBSEC_VERBOSE_DEBUG - static int max; -#endif - struct ubsec_q *q, *q2; - int npkts, i; - void *v; - u_int32_t stat; - - npkts = sc->sc_nqueue; - if (npkts > UBS_MAX_AGGR) - npkts = UBS_MAX_AGGR; - if (npkts < 2) - goto feed1; - - stat = READ_REG(sc, BS_STAT); - - if (stat & (BS_STAT_MCR1_FULL | BS_STAT_DMAERR)) { - if(stat & BS_STAT_DMAERR) { - ubsec_totalreset(sc); - ubsecstats.hst_dmaerr++; - } - return; - } - -#ifdef UBSEC_VERBOSE_DEBUG - DPRINTF("merging %d records\n", npkts); - - /* XXX temporary aggregation statistics reporting code */ - if (max < npkts) { - max = npkts; - DPRINTF("%s: new max aggregate %d\n", DRV_MODULE_NAME, max); - } -#endif /* UBSEC_VERBOSE_DEBUG */ - - q = BSD_SIMPLEQ_FIRST(&sc->sc_queue); - BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q_next); - --sc->sc_nqueue; - -#if 0 - /* - * XXX - * We use dma_map_single() - no sync required! - */ - - bus_dmamap_sync(sc->sc_dmat, q->q_src_map, - 0, q->q_src_map->dm_mapsize, BUS_DMASYNC_PREWRITE); - if (q->q_dst_map != NULL) - bus_dmamap_sync(sc->sc_dmat, q->q_dst_map, - 0, q->q_dst_map->dm_mapsize, BUS_DMASYNC_PREREAD); -#endif - - q->q_nstacked_mcrs = npkts - 1; /* Number of packets stacked */ - - for (i = 0; i < q->q_nstacked_mcrs; i++) { - q2 = BSD_SIMPLEQ_FIRST(&sc->sc_queue); - -#if 0 - bus_dmamap_sync(sc->sc_dmat, q2->q_src_map, - 0, q2->q_src_map->dm_mapsize, BUS_DMASYNC_PREWRITE); - if (q2->q_dst_map != NULL) - bus_dmamap_sync(sc->sc_dmat, q2->q_dst_map, - 0, q2->q_dst_map->dm_mapsize, BUS_DMASYNC_PREREAD); -#endif - BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q_next); - --sc->sc_nqueue; - - v = ((char *)&q2->q_dma->d_dma->d_mcr) + sizeof(struct ubsec_mcr) - - sizeof(struct ubsec_mcr_add); - bcopy(v, &q->q_dma->d_dma->d_mcradd[i], sizeof(struct ubsec_mcr_add)); - q->q_stacked_mcr[i] = q2; - } - q->q_dma->d_dma->d_mcr.mcr_pkts = htole16(npkts); - BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_qchip, q, q_next); -#if 0 - bus_dmamap_sync(sc->sc_dmat, q->q_dma->d_alloc.dma_map, - 0, q->q_dma->d_alloc.dma_map->dm_mapsize, - BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); -#endif - WRITE_REG(sc, BS_MCR1, q->q_dma->d_alloc.dma_paddr + - offsetof(struct ubsec_dmachunk, d_mcr)); -#ifdef UBSEC_VERBOSE_DEBUG - DPRINTF("feed (1): q->chip %p %08x %08x\n", q, - (u_int32_t)q->q_dma->d_alloc.dma_paddr, - (u_int32_t)(q->q_dma->d_alloc.dma_paddr + - offsetof(struct ubsec_dmachunk, d_mcr))); -#endif /* UBSEC_DEBUG */ - return; - -feed1: - while (!BSD_SIMPLEQ_EMPTY(&sc->sc_queue)) { - stat = READ_REG(sc, BS_STAT); - - if (stat & (BS_STAT_MCR1_FULL | BS_STAT_DMAERR)) { - if(stat & BS_STAT_DMAERR) { - ubsec_totalreset(sc); - ubsecstats.hst_dmaerr++; - } - break; - } - - q = BSD_SIMPLEQ_FIRST(&sc->sc_queue); - -#if 0 - bus_dmamap_sync(sc->sc_dmat, q->q_src_map, - 0, q->q_src_map->dm_mapsize, BUS_DMASYNC_PREWRITE); - if (q->q_dst_map != NULL) - bus_dmamap_sync(sc->sc_dmat, q->q_dst_map, - 0, q->q_dst_map->dm_mapsize, BUS_DMASYNC_PREREAD); - bus_dmamap_sync(sc->sc_dmat, q->q_dma->d_alloc.dma_map, - 0, q->q_dma->d_alloc.dma_map->dm_mapsize, - BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); -#endif - - WRITE_REG(sc, BS_MCR1, q->q_dma->d_alloc.dma_paddr + - offsetof(struct ubsec_dmachunk, d_mcr)); -#ifdef UBSEC_VERBOSE_DEBUG - DPRINTF("feed (2): q->chip %p %08x %08x\n", q, - (u_int32_t)q->q_dma->d_alloc.dma_paddr, - (u_int32_t)(q->q_dma->d_alloc.dma_paddr + - offsetof(struct ubsec_dmachunk, d_mcr))); -#endif /* UBSEC_DEBUG */ - BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q_next); - --sc->sc_nqueue; - BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_qchip, q, q_next); - } -} - -/* - * Allocate a new 'session' and return an encoded session id. 'sidp' - * contains our registration id, and should contain an encoded session - * id on successful allocation. - */ -static int -ubsec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri) -{ - struct cryptoini *c, *encini = NULL, *macini = NULL; - struct ubsec_softc *sc = NULL; - struct ubsec_session *ses = NULL; - int sesn, i; - -#ifdef UBSEC_DEBUG - DPRINTF("%s()\n", __FUNCTION__); -#endif - - if (sidp == NULL || cri == NULL) - return (EINVAL); - - sc = device_get_softc(dev); - - if (sc == NULL) - return (EINVAL); - - for (c = cri; c != NULL; c = c->cri_next) { - if (c->cri_alg == CRYPTO_MD5_HMAC || - c->cri_alg == CRYPTO_SHA1_HMAC) { - if (macini) - return (EINVAL); - macini = c; - } else if (c->cri_alg == CRYPTO_DES_CBC || - c->cri_alg == CRYPTO_3DES_CBC || - c->cri_alg == CRYPTO_AES_CBC) { - if (encini) - return (EINVAL); - encini = c; - } else - return (EINVAL); - } - if (encini == NULL && macini == NULL) - return (EINVAL); - - if (sc->sc_sessions == NULL) { - ses = sc->sc_sessions = (struct ubsec_session *)kmalloc( - sizeof(struct ubsec_session), SLAB_ATOMIC); - if (ses == NULL) - return (ENOMEM); - memset(ses, 0, sizeof(struct ubsec_session)); - sesn = 0; - sc->sc_nsessions = 1; - } else { - for (sesn = 0; sesn < sc->sc_nsessions; sesn++) { - if (sc->sc_sessions[sesn].ses_used == 0) { - ses = &sc->sc_sessions[sesn]; - break; - } - } - - if (ses == NULL) { - sesn = sc->sc_nsessions; - ses = (struct ubsec_session *)kmalloc((sesn + 1) * - sizeof(struct ubsec_session), SLAB_ATOMIC); - if (ses == NULL) - return (ENOMEM); - memset(ses, 0, (sesn + 1) * sizeof(struct ubsec_session)); - bcopy(sc->sc_sessions, ses, sesn * - sizeof(struct ubsec_session)); - bzero(sc->sc_sessions, sesn * - sizeof(struct ubsec_session)); - kfree(sc->sc_sessions); - sc->sc_sessions = ses; - ses = &sc->sc_sessions[sesn]; - sc->sc_nsessions++; - } - } - - bzero(ses, sizeof(struct ubsec_session)); - ses->ses_used = 1; - if (encini) { - /* get an IV */ - /* XXX may read fewer than requested */ - read_random(ses->ses_iv, sizeof(ses->ses_iv)); - - /* Go ahead and compute key in ubsec's byte order */ - if (encini->cri_alg == CRYPTO_DES_CBC) { - /* DES uses the same key three times: - * 1st encrypt -> 2nd decrypt -> 3nd encrypt */ - bcopy(encini->cri_key, &ses->ses_key[0], 8); - bcopy(encini->cri_key, &ses->ses_key[2], 8); - bcopy(encini->cri_key, &ses->ses_key[4], 8); - ses->ses_keysize = 192; /* Fake! Actually its only 64bits .. - oh no it is even less: 54bits. */ - } else if(encini->cri_alg == CRYPTO_3DES_CBC) { - bcopy(encini->cri_key, ses->ses_key, 24); - ses->ses_keysize = 192; - } else if(encini->cri_alg == CRYPTO_AES_CBC) { - ses->ses_keysize = encini->cri_klen; - - if (ses->ses_keysize != 128 && - ses->ses_keysize != 192 && - ses->ses_keysize != 256) - { - DPRINTF("unsupported AES key size: %d\n", ses->ses_keysize); - return (EINVAL); - } - bcopy(encini->cri_key, ses->ses_key, (ses->ses_keysize / 8)); - } - - /* Hardware requires the keys in little endian byte order */ - for (i=0; i < (ses->ses_keysize / 32); i++) - SWAP32(ses->ses_key[i]); - } - - if (macini) { - ses->ses_mlen = macini->cri_mlen; - - if (ses->ses_mlen == 0 || - ses->ses_mlen > SHA1_HASH_LEN) { - - if (macini->cri_alg == CRYPTO_MD5_HMAC || - macini->cri_alg == CRYPTO_SHA1_HMAC) - { - ses->ses_mlen = DEFAULT_HMAC_LEN; - } else - { - /* - * Reserved for future usage. MD5/SHA1 calculations have - * different hash sizes. - */ - printk(KERN_ERR DRV_MODULE_NAME ": unsupported hash operation with mac/hash len: %d\n", ses->ses_mlen); - return (EINVAL); - } - - } - - if (macini->cri_key != NULL) { - ubsec_setup_mackey(ses, macini->cri_alg, macini->cri_key, - macini->cri_klen / 8); - } - } - - *sidp = UBSEC_SID(device_get_unit(sc->sc_dev), sesn); - return (0); -} - -/* - * Deallocate a session. - */ -static int -ubsec_freesession(device_t dev, u_int64_t tid) -{ - struct ubsec_softc *sc = device_get_softc(dev); - int session; - u_int32_t sid = ((u_int32_t)tid) & 0xffffffff; - -#ifdef UBSEC_DEBUG - DPRINTF("%s()\n", __FUNCTION__); -#endif - - if (sc == NULL) - return (EINVAL); - - session = UBSEC_SESSION(sid); - if (session < sc->sc_nsessions) { - bzero(&sc->sc_sessions[session], sizeof(sc->sc_sessions[session])); - return (0); - } else - return (EINVAL); -} - -static int -ubsec_process(device_t dev, struct cryptop *crp, int hint) -{ - struct ubsec_q *q = NULL; - int err = 0, i, j, nicealign; - struct ubsec_softc *sc = device_get_softc(dev); - struct cryptodesc *crd1, *crd2, *maccrd, *enccrd; - int encoffset = 0, macoffset = 0, cpskip, cpoffset; - int sskip, dskip, stheend, dtheend, ivsize = 8; - int16_t coffset; - struct ubsec_session *ses; - struct ubsec_generic_ctx ctx; - struct ubsec_dma *dmap = NULL; - unsigned long flags; - -#ifdef UBSEC_DEBUG - DPRINTF("%s()\n", __FUNCTION__); -#endif - - if (unlikely(crp == NULL || crp->crp_callback == NULL)) { - ubsecstats.hst_invalid++; - return (EINVAL); - } - - if (unlikely(sc == NULL)) - return (EINVAL); - -#ifdef UBSEC_VERBOSE_DEBUG - DPRINTF("spin_lock_irqsave\n"); -#endif - spin_lock_irqsave(&sc->sc_ringmtx, flags); - //spin_lock_irq(&sc->sc_ringmtx); - - if (BSD_SIMPLEQ_EMPTY(&sc->sc_freequeue)) { - ubsecstats.hst_queuefull++; -#ifdef UBSEC_VERBOSE_DEBUG - DPRINTF("spin_unlock_irqrestore\n"); -#endif - spin_unlock_irqrestore(&sc->sc_ringmtx, flags); - //spin_unlock_irq(&sc->sc_ringmtx); - err = ENOMEM; - goto errout2; - } - - q = BSD_SIMPLEQ_FIRST(&sc->sc_freequeue); - BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_freequeue, q_next); -#ifdef UBSEC_VERBOSE_DEBUG - DPRINTF("spin_unlock_irqrestore\n"); -#endif - spin_unlock_irqrestore(&sc->sc_ringmtx, flags); - //spin_unlock_irq(&sc->sc_ringmtx); - - dmap = q->q_dma; /* Save dma pointer */ - bzero(q, sizeof(struct ubsec_q)); - bzero(&ctx, sizeof(ctx)); - - q->q_sesn = UBSEC_SESSION(crp->crp_sid); - q->q_dma = dmap; - ses = &sc->sc_sessions[q->q_sesn]; - - if (crp->crp_flags & CRYPTO_F_SKBUF) { - q->q_src_m = (struct sk_buff *)crp->crp_buf; - q->q_dst_m = (struct sk_buff *)crp->crp_buf; - } else if (crp->crp_flags & CRYPTO_F_IOV) { - q->q_src_io = (struct uio *)crp->crp_buf; - q->q_dst_io = (struct uio *)crp->crp_buf; - } else { - err = EINVAL; - goto errout; /* XXX we don't handle contiguous blocks! */ - } - - bzero(&dmap->d_dma->d_mcr, sizeof(struct ubsec_mcr)); - - dmap->d_dma->d_mcr.mcr_pkts = htole16(1); - dmap->d_dma->d_mcr.mcr_flags = 0; - q->q_crp = crp; - - crd1 = crp->crp_desc; - if (crd1 == NULL) { - err = EINVAL; - goto errout; - } - crd2 = crd1->crd_next; - - if (crd2 == NULL) { - if (crd1->crd_alg == CRYPTO_MD5_HMAC || - crd1->crd_alg == CRYPTO_SHA1_HMAC) { - maccrd = crd1; - enccrd = NULL; - } else if (crd1->crd_alg == CRYPTO_DES_CBC || - crd1->crd_alg == CRYPTO_3DES_CBC || - crd1->crd_alg == CRYPTO_AES_CBC) { - maccrd = NULL; - enccrd = crd1; - } else { - err = EINVAL; - goto errout; - } - } else { - if ((crd1->crd_alg == CRYPTO_MD5_HMAC || - crd1->crd_alg == CRYPTO_SHA1_HMAC) && - (crd2->crd_alg == CRYPTO_DES_CBC || - crd2->crd_alg == CRYPTO_3DES_CBC || - crd2->crd_alg == CRYPTO_AES_CBC) && - ((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) { - maccrd = crd1; - enccrd = crd2; - } else if ((crd1->crd_alg == CRYPTO_DES_CBC || - crd1->crd_alg == CRYPTO_3DES_CBC || - crd1->crd_alg == CRYPTO_AES_CBC) && - (crd2->crd_alg == CRYPTO_MD5_HMAC || - crd2->crd_alg == CRYPTO_SHA1_HMAC) && - (crd1->crd_flags & CRD_F_ENCRYPT)) { - enccrd = crd1; - maccrd = crd2; - } else { - /* - * We cannot order the ubsec as requested - */ - printk(KERN_ERR DRV_MODULE_NAME ": got wrong algorithm/signature order.\n"); - err = EINVAL; - goto errout; - } - } - - /* Encryption/Decryption requested */ - if (enccrd) { - encoffset = enccrd->crd_skip; - - if (enccrd->crd_alg == CRYPTO_DES_CBC || - enccrd->crd_alg == CRYPTO_3DES_CBC) - { - ctx.pc_flags |= htole16(UBS_PKTCTX_ENC_3DES); - ctx.pc_type = htole16(UBS_PKTCTX_TYPE_IPSEC_DES); - ivsize = 8; /* [3]DES uses 64bit IVs */ - } else { - ctx.pc_flags |= htole16(UBS_PKTCTX_ENC_AES); - ctx.pc_type = htole16(UBS_PKTCTX_TYPE_IPSEC_AES); - ivsize = 16; /* AES uses 128bit IVs / [3]DES 64bit IVs */ - - switch(ses->ses_keysize) - { - case 128: - ctx.pc_flags |= htole16(UBS_PKTCTX_AES128); - break; - case 192: - ctx.pc_flags |= htole16(UBS_PKTCTX_AES192); - break; - case 256: - ctx.pc_flags |= htole16(UBS_PKTCTX_AES256); - break; - default: - DPRINTF("invalid AES key size: %d\n", ses->ses_keysize); - err = EINVAL; - goto errout; - } - } - - if (enccrd->crd_flags & CRD_F_ENCRYPT) { - /* Direction: Outbound */ - - q->q_flags |= UBSEC_QFLAGS_COPYOUTIV; - - if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) { - bcopy(enccrd->crd_iv, ctx.pc_iv, ivsize); - } else { - for(i=0; i < (ivsize / 4); i++) - ctx.pc_iv[i] = ses->ses_iv[i]; - } - - /* If there is no IV in the buffer -> copy it here */ - if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) { - if (crp->crp_flags & CRYPTO_F_SKBUF) - /* - m_copyback(q->q_src_m, - enccrd->crd_inject, - 8, ctx.pc_iv); - */ - crypto_copyback(crp->crp_flags, (caddr_t)q->q_src_m, - enccrd->crd_inject, ivsize, (caddr_t)ctx.pc_iv); - else if (crp->crp_flags & CRYPTO_F_IOV) - /* - cuio_copyback(q->q_src_io, - enccrd->crd_inject, - 8, ctx.pc_iv); - */ - crypto_copyback(crp->crp_flags, (caddr_t)q->q_src_io, - enccrd->crd_inject, ivsize, (caddr_t)ctx.pc_iv); - } - } else { - /* Direction: Inbound */ - - ctx.pc_flags |= htole16(UBS_PKTCTX_INBOUND); - - if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) - bcopy(enccrd->crd_iv, ctx.pc_iv, ivsize); - else if (crp->crp_flags & CRYPTO_F_SKBUF) - /* - m_copydata(q->q_src_m, enccrd->crd_inject, - 8, (caddr_t)ctx.pc_iv); - */ - crypto_copydata(crp->crp_flags, (caddr_t)q->q_src_m, - enccrd->crd_inject, ivsize, - (caddr_t)ctx.pc_iv); - else if (crp->crp_flags & CRYPTO_F_IOV) - /* - cuio_copydata(q->q_src_io, - enccrd->crd_inject, 8, - (caddr_t)ctx.pc_iv); - */ - crypto_copydata(crp->crp_flags, (caddr_t)q->q_src_io, - enccrd->crd_inject, ivsize, - (caddr_t)ctx.pc_iv); - - } - - /* Even though key & IV sizes differ from cipher to cipher - * copy / swap the full array lengths. Let the compiler unroll - * the loop to increase the cpu pipeline performance... */ - for(i=0; i < 8; i++) - ctx.pc_key[i] = ses->ses_key[i]; - for(i=0; i < 4; i++) - SWAP32(ctx.pc_iv[i]); - } - - /* Authentication requested */ - if (maccrd) { - macoffset = maccrd->crd_skip; - - if (maccrd->crd_alg == CRYPTO_MD5_HMAC) - ctx.pc_flags |= htole16(UBS_PKTCTX_AUTH_MD5); - else - ctx.pc_flags |= htole16(UBS_PKTCTX_AUTH_SHA1); - - for (i = 0; i < 5; i++) { - ctx.pc_hminner[i] = ses->ses_hminner[i]; - ctx.pc_hmouter[i] = ses->ses_hmouter[i]; - - HTOLE32(ctx.pc_hminner[i]); - HTOLE32(ctx.pc_hmouter[i]); - } - } - - if (enccrd && maccrd) { - /* - * ubsec cannot handle packets where the end of encryption - * and authentication are not the same, or where the - * encrypted part begins before the authenticated part. - */ - if (((encoffset + enccrd->crd_len) != - (macoffset + maccrd->crd_len)) || - (enccrd->crd_skip < maccrd->crd_skip)) { - err = EINVAL; - goto errout; - } - sskip = maccrd->crd_skip; - cpskip = dskip = enccrd->crd_skip; - stheend = maccrd->crd_len; - dtheend = enccrd->crd_len; - coffset = enccrd->crd_skip - maccrd->crd_skip; - cpoffset = cpskip + dtheend; -#ifdef UBSEC_DEBUG - DPRINTF("mac: skip %d, len %d, inject %d\n", - maccrd->crd_skip, maccrd->crd_len, maccrd->crd_inject); - DPRINTF("enc: skip %d, len %d, inject %d\n", - enccrd->crd_skip, enccrd->crd_len, enccrd->crd_inject); - DPRINTF("src: skip %d, len %d\n", sskip, stheend); - DPRINTF("dst: skip %d, len %d\n", dskip, dtheend); - DPRINTF("ubs: coffset %d, pktlen %d, cpskip %d, cpoffset %d\n", - coffset, stheend, cpskip, cpoffset); -#endif - } else { - cpskip = dskip = sskip = macoffset + encoffset; - dtheend = stheend = (enccrd)?enccrd->crd_len:maccrd->crd_len; - cpoffset = cpskip + dtheend; - coffset = 0; - } - ctx.pc_offset = htole16(coffset >> 2); - -#if 0 - if (bus_dmamap_create(sc->sc_dmat, 0xfff0, UBS_MAX_SCATTER, - 0xfff0, 0, BUS_DMA_NOWAIT, &q->q_src_map) != 0) { - err = ENOMEM; - goto errout; - } -#endif - - if (crp->crp_flags & CRYPTO_F_SKBUF) { -#if 0 - if (bus_dmamap_load_mbuf(sc->sc_dmat, q->q_src_map, - q->q_src_m, BUS_DMA_NOWAIT) != 0) { - bus_dmamap_destroy(sc->sc_dmat, q->q_src_map); - q->q_src_map = NULL; - err = ENOMEM; - goto errout; - } -#endif - err = dma_map_skb(sc, q->q_src_map, q->q_src_m, &q->q_src_len); - if (unlikely(err != 0)) - goto errout; - - } else if (crp->crp_flags & CRYPTO_F_IOV) { -#if 0 - if (bus_dmamap_load_uio(sc->sc_dmat, q->q_src_map, - q->q_src_io, BUS_DMA_NOWAIT) != 0) { - bus_dmamap_destroy(sc->sc_dmat, q->q_src_map); - q->q_src_map = NULL; - err = ENOMEM; - goto errout; - } -#endif - err = dma_map_uio(sc, q->q_src_map, q->q_src_io, &q->q_src_len); - if (unlikely(err != 0)) - goto errout; - } - - /* - * Check alignment - */ - nicealign = ubsec_dmamap_aligned(sc, q->q_src_map, q->q_src_len); - - dmap->d_dma->d_mcr.mcr_pktlen = htole16(stheend); - -#ifdef UBSEC_DEBUG - DPRINTF("src skip: %d\n", sskip); -#endif - for (i = j = 0; i < q->q_src_len; i++) { - struct ubsec_pktbuf *pb; - size_t packl = q->q_src_map[i].dma_size; - dma_addr_t packp = q->q_src_map[i].dma_paddr; - - if (sskip >= packl) { - sskip -= packl; - continue; - } - - packl -= sskip; - packp += sskip; - sskip = 0; - - /* maximum fragment size is 0xfffc */ - if (packl > 0xfffc) { - DPRINTF("Error: fragment size is bigger than 0xfffc.\n"); - err = EIO; - goto errout; - } - - if (j == 0) - pb = &dmap->d_dma->d_mcr.mcr_ipktbuf; - else - pb = &dmap->d_dma->d_sbuf[j - 1]; - - pb->pb_addr = htole32(packp); - - if (stheend) { - if (packl > stheend) { - pb->pb_len = htole32(stheend); - stheend = 0; - } else { - pb->pb_len = htole32(packl); - stheend -= packl; - } - } else - pb->pb_len = htole32(packl); - - if ((i + 1) == q->q_src_len) - pb->pb_next = 0; - else - pb->pb_next = htole32(dmap->d_alloc.dma_paddr + - offsetof(struct ubsec_dmachunk, d_sbuf[j])); - j++; - } - - if (enccrd == NULL && maccrd != NULL) { - /* Authentication only */ - dmap->d_dma->d_mcr.mcr_opktbuf.pb_addr = 0; - dmap->d_dma->d_mcr.mcr_opktbuf.pb_len = 0; - dmap->d_dma->d_mcr.mcr_opktbuf.pb_next = - htole32(dmap->d_alloc.dma_paddr + - offsetof(struct ubsec_dmachunk, d_macbuf[0])); -#ifdef UBSEC_DEBUG - DPRINTF("opkt: %x %x %x\n", - dmap->d_dma->d_mcr.mcr_opktbuf.pb_addr, - dmap->d_dma->d_mcr.mcr_opktbuf.pb_len, - dmap->d_dma->d_mcr.mcr_opktbuf.pb_next); -#endif - } else { - if (crp->crp_flags & CRYPTO_F_IOV) { - if (!nicealign) { - err = EINVAL; - goto errout; - } -#if 0 - if (bus_dmamap_create(sc->sc_dmat, 0xfff0, - UBS_MAX_SCATTER, 0xfff0, 0, BUS_DMA_NOWAIT, - &q->q_dst_map) != 0) { - err = ENOMEM; - goto errout; - } - if (bus_dmamap_load_uio(sc->sc_dmat, q->q_dst_map, - q->q_dst_io, BUS_DMA_NOWAIT) != 0) { - bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map); - q->q_dst_map = NULL; - goto errout; - } -#endif - - /* HW shall copy the result into the source memory */ - for(i = 0; i < q->q_src_len; i++) - q->q_dst_map[i] = q->q_src_map[i]; - - q->q_dst_len = q->q_src_len; - q->q_has_dst = 0; - - } else if (crp->crp_flags & CRYPTO_F_SKBUF) { - if (nicealign) { - - /* HW shall copy the result into the source memory */ - q->q_dst_m = q->q_src_m; - for(i = 0; i < q->q_src_len; i++) - q->q_dst_map[i] = q->q_src_map[i]; - - q->q_dst_len = q->q_src_len; - q->q_has_dst = 0; - - } else { -#ifdef NOTYET - int totlen, len; - struct sk_buff *m, *top, **mp; - - totlen = q->q_src_map->dm_mapsize; - if (q->q_src_m->m_flags & M_PKTHDR) { - len = MHLEN; - MGETHDR(m, M_DONTWAIT, MT_DATA); - } else { - len = MLEN; - MGET(m, M_DONTWAIT, MT_DATA); - } - if (m == NULL) { - err = ENOMEM; - goto errout; - } - if (len == MHLEN) - M_DUP_PKTHDR(m, q->q_src_m); - if (totlen >= MINCLSIZE) { - MCLGET(m, M_DONTWAIT); - if (m->m_flags & M_EXT) - len = MCLBYTES; - } - m->m_len = len; - top = NULL; - mp = ⊤ - - while (totlen > 0) { - if (top) { - MGET(m, M_DONTWAIT, MT_DATA); - if (m == NULL) { - m_freem(top); - err = ENOMEM; - goto errout; - } - len = MLEN; - } - if (top && totlen >= MINCLSIZE) { - MCLGET(m, M_DONTWAIT); - if (m->m_flags & M_EXT) - len = MCLBYTES; - } - m->m_len = len = min(totlen, len); - totlen -= len; - *mp = m; - mp = &m->m_next; - } - q->q_dst_m = top; - ubsec_mcopy(q->q_src_m, q->q_dst_m, - cpskip, cpoffset); - if (bus_dmamap_create(sc->sc_dmat, 0xfff0, - UBS_MAX_SCATTER, 0xfff0, 0, BUS_DMA_NOWAIT, - &q->q_dst_map) != 0) { - err = ENOMEM; - goto errout; - } - if (bus_dmamap_load_mbuf(sc->sc_dmat, - q->q_dst_map, q->q_dst_m, - BUS_DMA_NOWAIT) != 0) { - bus_dmamap_destroy(sc->sc_dmat, - q->q_dst_map); - q->q_dst_map = NULL; - err = ENOMEM; - goto errout; - } -#else - device_printf(sc->sc_dev, - "%s,%d: CRYPTO_F_SKBUF unaligned not implemented\n", - __FILE__, __LINE__); - err = EINVAL; - goto errout; -#endif - } - } else { - err = EINVAL; - goto errout; - } - -#ifdef UBSEC_DEBUG - DPRINTF("dst skip: %d\n", dskip); -#endif - for (i = j = 0; i < q->q_dst_len; i++) { - struct ubsec_pktbuf *pb; - size_t packl = q->q_dst_map[i].dma_size; - dma_addr_t packp = q->q_dst_map[i].dma_paddr; - - if (dskip >= packl) { - dskip -= packl; - continue; - } - - packl -= dskip; - packp += dskip; - dskip = 0; - - if (packl > 0xfffc) { - DPRINTF("Error: fragment size is bigger than 0xfffc.\n"); - err = EIO; - goto errout; - } - - if (j == 0) - pb = &dmap->d_dma->d_mcr.mcr_opktbuf; - else - pb = &dmap->d_dma->d_dbuf[j - 1]; - - pb->pb_addr = htole32(packp); - - if (dtheend) { - if (packl > dtheend) { - pb->pb_len = htole32(dtheend); - dtheend = 0; - } else { - pb->pb_len = htole32(packl); - dtheend -= packl; - } - } else - pb->pb_len = htole32(packl); - - if ((i + 1) == q->q_dst_len) { - if (maccrd) - /* Authentication: - * The last fragment of the output buffer - * contains the HMAC. */ - pb->pb_next = htole32(dmap->d_alloc.dma_paddr + - offsetof(struct ubsec_dmachunk, d_macbuf[0])); - else - pb->pb_next = 0; - } else - pb->pb_next = htole32(dmap->d_alloc.dma_paddr + - offsetof(struct ubsec_dmachunk, d_dbuf[j])); - j++; - } - } - - dmap->d_dma->d_mcr.mcr_cmdctxp = htole32(dmap->d_alloc.dma_paddr + - offsetof(struct ubsec_dmachunk, d_ctx)); - - if (sc->sc_flags & UBS_FLAGS_LONGCTX) { - /* new Broadcom cards with dynamic long command context structure */ - - if (enccrd != NULL && - enccrd->crd_alg == CRYPTO_AES_CBC) - { - struct ubsec_pktctx_aes128 *ctxaes128; - struct ubsec_pktctx_aes192 *ctxaes192; - struct ubsec_pktctx_aes256 *ctxaes256; - - switch(ses->ses_keysize) - { - /* AES 128bit */ - case 128: - ctxaes128 = (struct ubsec_pktctx_aes128 *) - (dmap->d_alloc.dma_vaddr + - offsetof(struct ubsec_dmachunk, d_ctx)); - - ctxaes128->pc_len = htole16(sizeof(struct ubsec_pktctx_aes128)); - ctxaes128->pc_type = ctx.pc_type; - ctxaes128->pc_flags = ctx.pc_flags; - ctxaes128->pc_offset = ctx.pc_offset; - for (i = 0; i < 4; i++) - ctxaes128->pc_aeskey[i] = ctx.pc_key[i]; - for (i = 0; i < 5; i++) - ctxaes128->pc_hminner[i] = ctx.pc_hminner[i]; - for (i = 0; i < 5; i++) - ctxaes128->pc_hmouter[i] = ctx.pc_hmouter[i]; - for (i = 0; i < 4; i++) - ctxaes128->pc_iv[i] = ctx.pc_iv[i]; - break; - - /* AES 192bit */ - case 192: - ctxaes192 = (struct ubsec_pktctx_aes192 *) - (dmap->d_alloc.dma_vaddr + - offsetof(struct ubsec_dmachunk, d_ctx)); - - ctxaes192->pc_len = htole16(sizeof(struct ubsec_pktctx_aes192)); - ctxaes192->pc_type = ctx.pc_type; - ctxaes192->pc_flags = ctx.pc_flags; - ctxaes192->pc_offset = ctx.pc_offset; - for (i = 0; i < 6; i++) - ctxaes192->pc_aeskey[i] = ctx.pc_key[i]; - for (i = 0; i < 5; i++) - ctxaes192->pc_hminner[i] = ctx.pc_hminner[i]; - for (i = 0; i < 5; i++) - ctxaes192->pc_hmouter[i] = ctx.pc_hmouter[i]; - for (i = 0; i < 4; i++) - ctxaes192->pc_iv[i] = ctx.pc_iv[i]; - break; - - /* AES 256bit */ - case 256: - ctxaes256 = (struct ubsec_pktctx_aes256 *) - (dmap->d_alloc.dma_vaddr + - offsetof(struct ubsec_dmachunk, d_ctx)); - - ctxaes256->pc_len = htole16(sizeof(struct ubsec_pktctx_aes256)); - ctxaes256->pc_type = ctx.pc_type; - ctxaes256->pc_flags = ctx.pc_flags; - ctxaes256->pc_offset = ctx.pc_offset; - for (i = 0; i < 8; i++) - ctxaes256->pc_aeskey[i] = ctx.pc_key[i]; - for (i = 0; i < 5; i++) - ctxaes256->pc_hminner[i] = ctx.pc_hminner[i]; - for (i = 0; i < 5; i++) - ctxaes256->pc_hmouter[i] = ctx.pc_hmouter[i]; - for (i = 0; i < 4; i++) - ctxaes256->pc_iv[i] = ctx.pc_iv[i]; - break; - - } - } else { - /* - * [3]DES / MD5_HMAC / SHA1_HMAC - * - * MD5_HMAC / SHA1_HMAC can use the IPSEC 3DES operation without - * encryption. - */ - struct ubsec_pktctx_des *ctxdes; - - ctxdes = (struct ubsec_pktctx_des *)(dmap->d_alloc.dma_vaddr + - offsetof(struct ubsec_dmachunk, d_ctx)); - - ctxdes->pc_len = htole16(sizeof(struct ubsec_pktctx_des)); - ctxdes->pc_type = ctx.pc_type; - ctxdes->pc_flags = ctx.pc_flags; - ctxdes->pc_offset = ctx.pc_offset; - for (i = 0; i < 6; i++) - ctxdes->pc_deskey[i] = ctx.pc_key[i]; - for (i = 0; i < 5; i++) - ctxdes->pc_hminner[i] = ctx.pc_hminner[i]; - for (i = 0; i < 5; i++) - ctxdes->pc_hmouter[i] = ctx.pc_hmouter[i]; - ctxdes->pc_iv[0] = ctx.pc_iv[0]; - ctxdes->pc_iv[1] = ctx.pc_iv[1]; - } - } else - { - /* old Broadcom card with fixed small command context structure */ - - /* - * [3]DES / MD5_HMAC / SHA1_HMAC - */ - struct ubsec_pktctx *ctxs; - - ctxs = (struct ubsec_pktctx *)(dmap->d_alloc.dma_vaddr + - offsetof(struct ubsec_dmachunk, d_ctx)); - - /* transform generic context into small context */ - for (i = 0; i < 6; i++) - ctxs->pc_deskey[i] = ctx.pc_key[i]; - for (i = 0; i < 5; i++) - ctxs->pc_hminner[i] = ctx.pc_hminner[i]; - for (i = 0; i < 5; i++) - ctxs->pc_hmouter[i] = ctx.pc_hmouter[i]; - ctxs->pc_iv[0] = ctx.pc_iv[0]; - ctxs->pc_iv[1] = ctx.pc_iv[1]; - ctxs->pc_flags = ctx.pc_flags; - ctxs->pc_offset = ctx.pc_offset; - } - -#ifdef UBSEC_VERBOSE_DEBUG - DPRINTF("spin_lock_irqsave\n"); -#endif - spin_lock_irqsave(&sc->sc_ringmtx, flags); - //spin_lock_irq(&sc->sc_ringmtx); - - BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_queue, q, q_next); - sc->sc_nqueue++; - ubsecstats.hst_ipackets++; - ubsecstats.hst_ibytes += stheend; - ubsec_feed(sc); - -#ifdef UBSEC_VERBOSE_DEBUG - DPRINTF("spin_unlock_irqrestore\n"); -#endif - spin_unlock_irqrestore(&sc->sc_ringmtx, flags); - //spin_unlock_irq(&sc->sc_ringmtx); - - return (0); - -errout: - if (q != NULL) { -#ifdef NOTYET - if ((q->q_dst_m != NULL) && (q->q_src_m != q->q_dst_m)) - m_freem(q->q_dst_m); -#endif - - if ((q->q_has_dst == 1) && q->q_dst_len > 0) { -#if 0 - bus_dmamap_unload(sc->sc_dmat, q->q_dst_map); - bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map); -#endif - dma_unmap(sc, q->q_dst_map, q->q_dst_len); - } - if (q->q_src_len > 0) { -#if 0 - bus_dmamap_unload(sc->sc_dmat, q->q_src_map); - bus_dmamap_destroy(sc->sc_dmat, q->q_src_map); -#endif - dma_unmap(sc, q->q_src_map, q->q_src_len); - } - -#ifdef UBSEC_VERBOSE_DEBUG - DPRINTF("spin_lock_irqsave\n"); -#endif - spin_lock_irqsave(&sc->sc_ringmtx, flags); - //spin_lock_irq(&sc->sc_ringmtx); - - BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next); - -#ifdef UBSEC_VERBOSE_DEBUG - DPRINTF("spin_unlock_irqrestore\n"); -#endif - spin_unlock_irqrestore(&sc->sc_ringmtx, flags); - //spin_unlock_irq(&sc->sc_ringmtx); - - } - if (err == EINVAL) - ubsecstats.hst_invalid++; - else - ubsecstats.hst_nomem++; -errout2: - crp->crp_etype = err; - crypto_done(crp); - -#ifdef UBSEC_DEBUG - DPRINTF("%s() err = %x\n", __FUNCTION__, err); -#endif - - return (0); -} - -void -ubsec_callback(struct ubsec_softc *sc, struct ubsec_q *q) -{ - struct cryptop *crp = (struct cryptop *)q->q_crp; - struct cryptodesc *crd; - struct ubsec_dma *dmap = q->q_dma; - int ivsize = 8; - -#ifdef UBSEC_DEBUG - DPRINTF("%s()\n", __FUNCTION__); -#endif - - ubsecstats.hst_opackets++; - ubsecstats.hst_obytes += dmap->d_alloc.dma_size; - -#if 0 - bus_dmamap_sync(sc->sc_dmat, dmap->d_alloc.dma_map, 0, - dmap->d_alloc.dma_map->dm_mapsize, - BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE); - if (q->q_dst_map != NULL && q->q_dst_map != q->q_src_map) { - bus_dmamap_sync(sc->sc_dmat, q->q_dst_map, - 0, q->q_dst_map->dm_mapsize, BUS_DMASYNC_POSTREAD); - bus_dmamap_unload(sc->sc_dmat, q->q_dst_map); - bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map); - } - bus_dmamap_sync(sc->sc_dmat, q->q_src_map, - 0, q->q_src_map->dm_mapsize, BUS_DMASYNC_POSTWRITE); - bus_dmamap_unload(sc->sc_dmat, q->q_src_map); - bus_dmamap_destroy(sc->sc_dmat, q->q_src_map); -#endif - - if ((q->q_has_dst == 1) && q->q_dst_len > 0) - dma_unmap(sc, q->q_dst_map, q->q_dst_len); - - dma_unmap(sc, q->q_src_map, q->q_src_len); - -#ifdef NOTYET - if ((crp->crp_flags & CRYPTO_F_SKBUF) && (q->q_src_m != q->q_dst_m)) { - m_freem(q->q_src_m); - crp->crp_buf = (caddr_t)q->q_dst_m; - } -#endif - - /* copy out IV for future use */ - if (q->q_flags & UBSEC_QFLAGS_COPYOUTIV) { - for (crd = crp->crp_desc; crd; crd = crd->crd_next) { - if (crd->crd_alg != CRYPTO_DES_CBC && - crd->crd_alg != CRYPTO_3DES_CBC && - crd->crd_alg != CRYPTO_AES_CBC) - continue; - - if (crd->crd_alg == CRYPTO_AES_CBC) - ivsize = 16; - else - ivsize = 8; - - if (crp->crp_flags & CRYPTO_F_SKBUF) -#if 0 - m_copydata((struct sk_buff *)crp->crp_buf, - crd->crd_skip + crd->crd_len - 8, 8, - (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv); -#endif - crypto_copydata(crp->crp_flags, (caddr_t)crp->crp_buf, - crd->crd_skip + crd->crd_len - ivsize, ivsize, - (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv); - - else if (crp->crp_flags & CRYPTO_F_IOV) { -#if 0 - cuio_copydata((struct uio *)crp->crp_buf, - crd->crd_skip + crd->crd_len - 8, 8, - (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv); -#endif - crypto_copydata(crp->crp_flags, (caddr_t)crp->crp_buf, - crd->crd_skip + crd->crd_len - ivsize, ivsize, - (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv); - - } - break; - } - } - - for (crd = crp->crp_desc; crd; crd = crd->crd_next) { - if (crd->crd_alg != CRYPTO_MD5_HMAC && - crd->crd_alg != CRYPTO_SHA1_HMAC) - continue; -#if 0 - if (crp->crp_flags & CRYPTO_F_SKBUF) - m_copyback((struct sk_buff *)crp->crp_buf, - crd->crd_inject, 12, - dmap->d_dma->d_macbuf); -#endif -#if 0 - /* BUG? it does not honor the mac len.. */ - crypto_copyback(crp->crp_flags, crp->crp_buf, - crd->crd_inject, 12, - (caddr_t)dmap->d_dma->d_macbuf); -#endif - crypto_copyback(crp->crp_flags, crp->crp_buf, - crd->crd_inject, - sc->sc_sessions[q->q_sesn].ses_mlen, - (caddr_t)dmap->d_dma->d_macbuf); -#if 0 - else if (crp->crp_flags & CRYPTO_F_IOV && crp->crp_mac) - bcopy((caddr_t)dmap->d_dma->d_macbuf, - crp->crp_mac, 12); -#endif - break; - } - BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next); - crypto_done(crp); -} - -void -ubsec_mcopy(struct sk_buff *srcm, struct sk_buff *dstm, int hoffset, int toffset) -{ - int i, j, dlen, slen; - caddr_t dptr, sptr; - - j = 0; - sptr = srcm->data; - slen = srcm->len; - dptr = dstm->data; - dlen = dstm->len; - - while (1) { - for (i = 0; i < min(slen, dlen); i++) { - if (j < hoffset || j >= toffset) - *dptr++ = *sptr++; - slen--; - dlen--; - j++; - } - if (slen == 0) { - srcm = srcm->next; - if (srcm == NULL) - return; - sptr = srcm->data; - slen = srcm->len; - } - if (dlen == 0) { - dstm = dstm->next; - if (dstm == NULL) - return; - dptr = dstm->data; - dlen = dstm->len; - } - } -} - -int -ubsec_dma_malloc(struct ubsec_softc *sc, struct ubsec_dma_alloc *dma, - size_t size, int mapflags) -{ - dma->dma_vaddr = dma_alloc_coherent(sc->sc_dv, - size, &dma->dma_paddr, GFP_KERNEL); - - if (likely(dma->dma_vaddr)) - { - dma->dma_size = size; - return (0); - } - - DPRINTF("could not allocate %d bytes of coherent memory.\n", size); - - return (1); -} - -void -ubsec_dma_free(struct ubsec_softc *sc, struct ubsec_dma_alloc *dma) -{ - dma_free_coherent(sc->sc_dv, dma->dma_size, dma->dma_vaddr, - dma->dma_paddr); -} - -/* - * Resets the board. Values in the regesters are left as is - * from the reset (i.e. initial values are assigned elsewhere). - */ -void -ubsec_reset_board(struct ubsec_softc *sc) -{ - volatile u_int32_t ctrl; - -#ifdef UBSEC_DEBUG - DPRINTF("%s()\n", __FUNCTION__); -#endif - DPRINTF("Send reset signal to chip.\n"); - - ctrl = READ_REG(sc, BS_CTRL); - ctrl |= BS_CTRL_RESET; - WRITE_REG(sc, BS_CTRL, ctrl); - - /* - * Wait aprox. 30 PCI clocks = 900 ns = 0.9 us - */ - DELAY(10); -} - -/* - * Init Broadcom registers - */ -void -ubsec_init_board(struct ubsec_softc *sc) -{ - u_int32_t ctrl; - -#ifdef UBSEC_DEBUG - DPRINTF("%s()\n", __FUNCTION__); -#endif - DPRINTF("Initialize chip.\n"); - - ctrl = READ_REG(sc, BS_CTRL); - ctrl &= ~(BS_CTRL_BE32 | BS_CTRL_BE64); - ctrl |= BS_CTRL_LITTLE_ENDIAN | BS_CTRL_MCR1INT | BS_CTRL_DMAERR; - - WRITE_REG(sc, BS_CTRL, ctrl); - - /* Set chip capabilities (BCM5365P) */ - sc->sc_flags |= UBS_FLAGS_LONGCTX | UBS_FLAGS_AES; -} - -/* - * Clean up after a chip crash. - * It is assumed that the caller has spin_lock_irq(sc_ringmtx). - */ -void -ubsec_cleanchip(struct ubsec_softc *sc) -{ - struct ubsec_q *q; - -#ifdef UBSEC_DEBUG - DPRINTF("%s()\n", __FUNCTION__); -#endif - DPRINTF("Clean up queues after chip crash.\n"); - - while (!BSD_SIMPLEQ_EMPTY(&sc->sc_qchip)) { - q = BSD_SIMPLEQ_FIRST(&sc->sc_qchip); - BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_qchip, q_next); - ubsec_free_q(sc, q); - } -} - -/* - * free a ubsec_q - * It is assumed that the caller has spin_lock_irq(sc_ringmtx). - */ -int -ubsec_free_q(struct ubsec_softc *sc, struct ubsec_q *q) -{ - struct ubsec_q *q2; - struct cryptop *crp; - int npkts; - int i; - -#ifdef UBSEC_DEBUG - DPRINTF("%s()\n", __FUNCTION__); -#endif - - npkts = q->q_nstacked_mcrs; - - for (i = 0; i < npkts; i++) { - if(q->q_stacked_mcr[i]) { - q2 = q->q_stacked_mcr[i]; - - if ((q2->q_dst_m != NULL) && (q2->q_src_m != q2->q_dst_m)) -#ifdef NOTYET - m_freem(q2->q_dst_m); -#else - printk(KERN_ERR "%s,%d: SKB not supported\n", __FILE__, __LINE__); -#endif - - crp = (struct cryptop *)q2->q_crp; - - BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q2, q_next); - - crp->crp_etype = EFAULT; - crypto_done(crp); - } else { - break; - } - } - - /* - * Free header MCR - */ - if ((q->q_dst_m != NULL) && (q->q_src_m != q->q_dst_m)) -#ifdef NOTYET - m_freem(q->q_dst_m); -#else - printk(KERN_ERR "%s,%d: SKB not supported\n", __FILE__, __LINE__); -#endif - - crp = (struct cryptop *)q->q_crp; - - BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next); - - crp->crp_etype = EFAULT; - crypto_done(crp); - return(0); -} - -/* - * Routine to reset the chip and clean up. - * It is assumed that the caller has spin_lock_irq(sc_ringmtx). - */ -void -ubsec_totalreset(struct ubsec_softc *sc) -{ - -#ifdef UBSEC_DEBUG - DPRINTF("%s()\n", __FUNCTION__); -#endif - DPRINTF("initiate total chip reset.. \n"); - ubsec_reset_board(sc); - ubsec_init_board(sc); - ubsec_cleanchip(sc); -} - -void -ubsec_dump_pb(struct ubsec_pktbuf *pb) -{ - printf("addr 0x%x (0x%x) next 0x%x\n", - pb->pb_addr, pb->pb_len, pb->pb_next); -} - -void -ubsec_dump_mcr(struct ubsec_mcr *mcr) -{ - struct ubsec_mcr_add *ma; - int i; - - printf("MCR:\n"); - printf(" pkts: %u, flags 0x%x\n", - letoh16(mcr->mcr_pkts), letoh16(mcr->mcr_flags)); - ma = (struct ubsec_mcr_add *)&mcr->mcr_cmdctxp; - for (i = 0; i < letoh16(mcr->mcr_pkts); i++) { - printf(" %d: ctx 0x%x len 0x%x rsvd 0x%x\n", i, - letoh32(ma->mcr_cmdctxp), letoh16(ma->mcr_pktlen), - letoh16(ma->mcr_reserved)); - printf(" %d: ipkt ", i); - ubsec_dump_pb(&ma->mcr_ipktbuf); - printf(" %d: opkt ", i); - ubsec_dump_pb(&ma->mcr_opktbuf); - ma++; - } - printf("END MCR\n"); -} - -static int __init mod_init(void) { - return ssb_driver_register(&ubsec_ssb_driver); -} - -static void __exit mod_exit(void) { - ssb_driver_unregister(&ubsec_ssb_driver); -} - -module_init(mod_init); -module_exit(mod_exit); - -// Meta information -MODULE_AUTHOR("Daniel Mueller "); -MODULE_LICENSE("BSD"); -MODULE_DESCRIPTION("OCF driver for BCM5365P IPSec Core"); -MODULE_VERSION(DRV_MODULE_VERSION); - diff --git a/package/ubsec_ssb/src/ubsecreg.h b/package/ubsec_ssb/src/ubsecreg.h deleted file mode 100644 index dafac5b4138..00000000000 --- a/package/ubsec_ssb/src/ubsecreg.h +++ /dev/null @@ -1,233 +0,0 @@ - -/* - * Copyright (c) 2008 Daniel Mueller (daniel@danm.de) - * Copyright (c) 2000 Theo de Raadt - * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * Effort sponsored in part by the Defense Advanced Research Projects - * Agency (DARPA) and Air Force Research Laboratory, Air Force - * Materiel Command, USAF, under agreement number F30602-01-2-0537. - * - */ - -/* - * Register definitions for 5601 BlueSteel Networks Ubiquitous Broadband - * Security "uBSec" chip. Definitions from revision 2.8 of the product - * datasheet. - */ - -#define BS_BAR 0x10 /* DMA base address register */ -#define BS_TRDY_TIMEOUT 0x40 /* TRDY timeout */ -#define BS_RETRY_TIMEOUT 0x41 /* DMA retry timeout */ - -#define UBS_PCI_RTY_SHIFT 8 -#define UBS_PCI_RTY_MASK 0xff -#define UBS_PCI_RTY(misc) \ - (((misc) >> UBS_PCI_RTY_SHIFT) & UBS_PCI_RTY_MASK) - -#define UBS_PCI_TOUT_SHIFT 0 -#define UBS_PCI_TOUT_MASK 0xff -#define UBS_PCI_TOUT(misc) \ - (((misc) >> PCI_TOUT_SHIFT) & PCI_TOUT_MASK) - -/* - * DMA Control & Status Registers (offset from BS_BAR) - */ -#define BS_MCR1 0x20 /* DMA Master Command Record 1 */ -#define BS_CTRL 0x24 /* DMA Control */ -#define BS_STAT 0x28 /* DMA Status */ -#define BS_ERR 0x2c /* DMA Error Address */ -#define BS_DEV_ID 0x34 /* IPSec Device ID */ - -/* BS_CTRL - DMA Control */ -#define BS_CTRL_RESET 0x80000000 /* hardware reset, 5805/5820 */ -#define BS_CTRL_MCR2INT 0x40000000 /* enable intr MCR for MCR2 */ -#define BS_CTRL_MCR1INT 0x20000000 /* enable intr MCR for MCR1 */ -#define BS_CTRL_OFM 0x10000000 /* Output fragment mode */ -#define BS_CTRL_BE32 0x08000000 /* big-endian, 32bit bytes */ -#define BS_CTRL_BE64 0x04000000 /* big-endian, 64bit bytes */ -#define BS_CTRL_DMAERR 0x02000000 /* enable intr DMA error */ -#define BS_CTRL_RNG_M 0x01800000 /* RNG mode */ -#define BS_CTRL_RNG_1 0x00000000 /* 1bit rn/one slow clock */ -#define BS_CTRL_RNG_4 0x00800000 /* 1bit rn/four slow clocks */ -#define BS_CTRL_RNG_8 0x01000000 /* 1bit rn/eight slow clocks */ -#define BS_CTRL_RNG_16 0x01800000 /* 1bit rn/16 slow clocks */ -#define BS_CTRL_SWNORM 0x00400000 /* 582[01], sw normalization */ -#define BS_CTRL_FRAG_M 0x0000ffff /* output fragment size mask */ -#define BS_CTRL_LITTLE_ENDIAN (BS_CTRL_BE32 | BS_CTRL_BE64) - -/* BS_STAT - DMA Status */ -#define BS_STAT_MCR1_BUSY 0x80000000 /* MCR1 is busy */ -#define BS_STAT_MCR1_FULL 0x40000000 /* MCR1 is full */ -#define BS_STAT_MCR1_DONE 0x20000000 /* MCR1 is done */ -#define BS_STAT_DMAERR 0x10000000 /* DMA error */ -#define BS_STAT_MCR2_FULL 0x08000000 /* MCR2 is full */ -#define BS_STAT_MCR2_DONE 0x04000000 /* MCR2 is done */ -#define BS_STAT_MCR1_ALLEMPTY 0x02000000 /* 5821, MCR1 is empty */ -#define BS_STAT_MCR2_ALLEMPTY 0x01000000 /* 5821, MCR2 is empty */ - -/* BS_ERR - DMA Error Address */ -#define BS_ERR_ADDR 0xfffffffc /* error address mask */ -#define BS_ERR_READ 0x00000002 /* fault was on read */ - -struct ubsec_pktctx { - u_int32_t pc_deskey[6]; /* 3DES key */ - u_int32_t pc_hminner[5]; /* hmac inner state */ - u_int32_t pc_hmouter[5]; /* hmac outer state */ - u_int32_t pc_iv[2]; /* [3]DES iv */ - u_int16_t pc_flags; /* flags, below */ - u_int16_t pc_offset; /* crypto offset */ -} __attribute__ ((packed)); - -#define UBS_PKTCTX_ENC_3DES 0x8000 /* use 3des */ -#define UBS_PKTCTX_ENC_AES 0x8000 /* use aes */ -#define UBS_PKTCTX_ENC_NONE 0x0000 /* no encryption */ -#define UBS_PKTCTX_INBOUND 0x4000 /* inbound packet */ -#define UBS_PKTCTX_AUTH 0x3000 /* authentication mask */ -#define UBS_PKTCTX_AUTH_NONE 0x0000 /* no authentication */ -#define UBS_PKTCTX_AUTH_MD5 0x1000 /* use hmac-md5 */ -#define UBS_PKTCTX_AUTH_SHA1 0x2000 /* use hmac-sha1 */ -#define UBS_PKTCTX_AES128 0x0 /* AES 128bit keys */ -#define UBS_PKTCTX_AES192 0x100 /* AES 192bit keys */ -#define UBS_PKTCTX_AES256 0x200 /* AES 256bit keys */ - -struct ubsec_pktctx_des { - volatile u_int16_t pc_len; /* length of ctx struct */ - volatile u_int16_t pc_type; /* context type */ - volatile u_int16_t pc_flags; /* flags, same as above */ - volatile u_int16_t pc_offset; /* crypto/auth offset */ - volatile u_int32_t pc_deskey[6]; /* 3DES key */ - volatile u_int32_t pc_iv[2]; /* [3]DES iv */ - volatile u_int32_t pc_hminner[5]; /* hmac inner state */ - volatile u_int32_t pc_hmouter[5]; /* hmac outer state */ -} __attribute__ ((packed)); - -struct ubsec_pktctx_aes128 { - volatile u_int16_t pc_len; /* length of ctx struct */ - volatile u_int16_t pc_type; /* context type */ - volatile u_int16_t pc_flags; /* flags, same as above */ - volatile u_int16_t pc_offset; /* crypto/auth offset */ - volatile u_int32_t pc_aeskey[4]; /* AES 128bit key */ - volatile u_int32_t pc_iv[4]; /* AES iv */ - volatile u_int32_t pc_hminner[5]; /* hmac inner state */ - volatile u_int32_t pc_hmouter[5]; /* hmac outer state */ -} __attribute__ ((packed)); - -struct ubsec_pktctx_aes192 { - volatile u_int16_t pc_len; /* length of ctx struct */ - volatile u_int16_t pc_type; /* context type */ - volatile u_int16_t pc_flags; /* flags, same as above */ - volatile u_int16_t pc_offset; /* crypto/auth offset */ - volatile u_int32_t pc_aeskey[6]; /* AES 192bit key */ - volatile u_int32_t pc_iv[4]; /* AES iv */ - volatile u_int32_t pc_hminner[5]; /* hmac inner state */ - volatile u_int32_t pc_hmouter[5]; /* hmac outer state */ -} __attribute__ ((packed)); - -struct ubsec_pktctx_aes256 { - volatile u_int16_t pc_len; /* length of ctx struct */ - volatile u_int16_t pc_type; /* context type */ - volatile u_int16_t pc_flags; /* flags, same as above */ - volatile u_int16_t pc_offset; /* crypto/auth offset */ - volatile u_int32_t pc_aeskey[8]; /* AES 256bit key */ - volatile u_int32_t pc_iv[4]; /* AES iv */ - volatile u_int32_t pc_hminner[5]; /* hmac inner state */ - volatile u_int32_t pc_hmouter[5]; /* hmac outer state */ -} __attribute__ ((packed)); - -#define UBS_PKTCTX_TYPE_IPSEC_DES 0x0000 -#define UBS_PKTCTX_TYPE_IPSEC_AES 0x0040 - -struct ubsec_pktbuf { - volatile u_int32_t pb_addr; /* address of buffer start */ - volatile u_int32_t pb_next; /* pointer to next pktbuf */ - volatile u_int32_t pb_len; /* packet length */ -} __attribute__ ((packed)); -#define UBS_PKTBUF_LEN 0x0000ffff /* length mask */ - -struct ubsec_mcr { - volatile u_int16_t mcr_pkts; /* #pkts in this mcr */ - volatile u_int16_t mcr_flags; /* mcr flags (below) */ - volatile u_int32_t mcr_cmdctxp; /* command ctx pointer */ - struct ubsec_pktbuf mcr_ipktbuf; /* input chain header */ - volatile u_int16_t mcr_reserved; - volatile u_int16_t mcr_pktlen; - struct ubsec_pktbuf mcr_opktbuf; /* output chain header */ -} __attribute__ ((packed)); - -struct ubsec_mcr_add { - volatile u_int32_t mcr_cmdctxp; /* command ctx pointer */ - struct ubsec_pktbuf mcr_ipktbuf; /* input chain header */ - volatile u_int16_t mcr_reserved; - volatile u_int16_t mcr_pktlen; - struct ubsec_pktbuf mcr_opktbuf; /* output chain header */ -} __attribute__ ((packed)); - -#define UBS_MCR_DONE 0x0001 /* mcr has been processed */ -#define UBS_MCR_ERROR 0x0002 /* error in processing */ -#define UBS_MCR_ERRORCODE 0xff00 /* error type */ - -struct ubsec_ctx_keyop { - volatile u_int16_t ctx_len; /* command length */ - volatile u_int16_t ctx_op; /* operation code */ - volatile u_int8_t ctx_pad[60]; /* padding */ -} __attribute__ ((packed)); -#define UBS_CTXOP_DHPKGEN 0x01 /* dh public key generation */ -#define UBS_CTXOP_DHSSGEN 0x02 /* dh shared secret gen. */ -#define UBS_CTXOP_RSAPUB 0x03 /* rsa public key op */ -#define UBS_CTXOP_RSAPRIV 0x04 /* rsa private key op */ -#define UBS_CTXOP_DSASIGN 0x05 /* dsa signing op */ -#define UBS_CTXOP_DSAVRFY 0x06 /* dsa verification */ -#define UBS_CTXOP_RNGBYPASS 0x41 /* rng direct test mode */ -#define UBS_CTXOP_RNGSHA1 0x42 /* rng sha1 test mode */ -#define UBS_CTXOP_MODADD 0x43 /* modular addition */ -#define UBS_CTXOP_MODSUB 0x44 /* modular subtraction */ -#define UBS_CTXOP_MODMUL 0x45 /* modular multiplication */ -#define UBS_CTXOP_MODRED 0x46 /* modular reduction */ -#define UBS_CTXOP_MODEXP 0x47 /* modular exponentiation */ -#define UBS_CTXOP_MODINV 0x48 /* modular inverse */ - -struct ubsec_ctx_rngbypass { - volatile u_int16_t rbp_len; /* command length, 64 */ - volatile u_int16_t rbp_op; /* rng bypass, 0x41 */ - volatile u_int8_t rbp_pad[60]; /* padding */ -} __attribute__ ((packed)); - -/* modexp: C = (M ^ E) mod N */ -struct ubsec_ctx_modexp { - volatile u_int16_t me_len; /* command length */ - volatile u_int16_t me_op; /* modexp, 0x47 */ - volatile u_int16_t me_E_len; /* E (bits) */ - volatile u_int16_t me_N_len; /* N (bits) */ - u_int8_t me_N[2048/8]; /* N */ -} __attribute__ ((packed)); - -struct ubsec_ctx_rsapriv { - volatile u_int16_t rpr_len; /* command length */ - volatile u_int16_t rpr_op; /* rsaprivate, 0x04 */ - volatile u_int16_t rpr_q_len; /* q (bits) */ - volatile u_int16_t rpr_p_len; /* p (bits) */ - u_int8_t rpr_buf[5 * 1024 / 8]; /* parameters: */ - /* p, q, dp, dq, pinv */ -} __attribute__ ((packed)); diff --git a/package/ubsec_ssb/src/ubsecvar.h b/package/ubsec_ssb/src/ubsecvar.h deleted file mode 100644 index c808f955b44..00000000000 --- a/package/ubsec_ssb/src/ubsecvar.h +++ /dev/null @@ -1,228 +0,0 @@ - -/* - * Copyright (c) 2008 Daniel Mueller (daniel@danm.de) - * Copyright (c) 2000 Theo de Raadt - * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * Effort sponsored in part by the Defense Advanced Research Projects - * Agency (DARPA) and Air Force Research Laboratory, Air Force - * Materiel Command, USAF, under agreement number F30602-01-2-0537. - * - */ - -/* Maximum queue length */ -#ifndef UBS_MAX_NQUEUE -#define UBS_MAX_NQUEUE 60 -#endif - -#define UBS_MAX_SCATTER 64 /* Maximum scatter/gather depth */ - -#ifndef UBS_MAX_AGGR -#define UBS_MAX_AGGR 5 /* Maximum aggregation count */ -#endif - -#define UBSEC_CARD(sid) (((sid) & 0xf0000000) >> 28) -#define UBSEC_SESSION(sid) ( (sid) & 0x0fffffff) -#define UBSEC_SID(crd, sesn) (((crd) << 28) | ((sesn) & 0x0fffffff)) - -#define UBS_DEF_RTY 0xff /* PCI Retry Timeout */ -#define UBS_DEF_TOUT 0xff /* PCI TRDY Timeout */ -#define UBS_DEF_CACHELINE 0x01 /* Cache Line setting */ - -#define DEFAULT_HMAC_LEN 12 - -struct ubsec_dma_alloc { - dma_addr_t dma_paddr; - void *dma_vaddr; - /* - bus_dmamap_t dma_map; - bus_dma_segment_t dma_seg; - */ - size_t dma_size; - /* - int dma_nseg; - */ -}; - -struct ubsec_q2 { - BSD_SIMPLEQ_ENTRY(ubsec_q2) q_next; - struct ubsec_dma_alloc q_mcr; - struct ubsec_dma_alloc q_ctx; - u_int q_type; -}; - -struct ubsec_q2_rng { - struct ubsec_q2 rng_q; - struct ubsec_dma_alloc rng_buf; - int rng_used; -}; - -/* C = (M ^ E) mod N */ -#define UBS_MODEXP_PAR_M 0 -#define UBS_MODEXP_PAR_E 1 -#define UBS_MODEXP_PAR_N 2 -struct ubsec_q2_modexp { - struct ubsec_q2 me_q; - struct cryptkop * me_krp; - struct ubsec_dma_alloc me_M; - struct ubsec_dma_alloc me_E; - struct ubsec_dma_alloc me_C; - struct ubsec_dma_alloc me_epb; - int me_modbits; - int me_shiftbits; - int me_normbits; -}; - -#define UBS_RSAPRIV_PAR_P 0 -#define UBS_RSAPRIV_PAR_Q 1 -#define UBS_RSAPRIV_PAR_DP 2 -#define UBS_RSAPRIV_PAR_DQ 3 -#define UBS_RSAPRIV_PAR_PINV 4 -#define UBS_RSAPRIV_PAR_MSGIN 5 -#define UBS_RSAPRIV_PAR_MSGOUT 6 -struct ubsec_q2_rsapriv { - struct ubsec_q2 rpr_q; - struct cryptkop * rpr_krp; - struct ubsec_dma_alloc rpr_msgin; - struct ubsec_dma_alloc rpr_msgout; -}; - -#define UBSEC_RNG_BUFSIZ 16 /* measured in 32bit words */ - -struct ubsec_dmachunk { - struct ubsec_mcr d_mcr; - struct ubsec_mcr_add d_mcradd[UBS_MAX_AGGR-1]; - struct ubsec_pktbuf d_sbuf[UBS_MAX_SCATTER-1]; - struct ubsec_pktbuf d_dbuf[UBS_MAX_SCATTER-1]; - u_int32_t d_macbuf[5]; - union { - struct ubsec_pktctx_aes256 ctxaes256; - struct ubsec_pktctx_aes192 ctxaes192; - struct ubsec_pktctx_des ctxdes; - struct ubsec_pktctx_aes128 ctxaes128; - struct ubsec_pktctx ctx; - } d_ctx; -}; - -struct ubsec_dma { - BSD_SIMPLEQ_ENTRY(ubsec_dma) d_next; - struct ubsec_dmachunk *d_dma; - struct ubsec_dma_alloc d_alloc; -}; - -#define UBS_FLAGS_KEY 0x01 /* has key accelerator */ -#define UBS_FLAGS_LONGCTX 0x02 /* uses long ipsec ctx */ -#define UBS_FLAGS_BIGKEY 0x04 /* 2048bit keys */ -#define UBS_FLAGS_HWNORM 0x08 /* hardware normalization */ -#define UBS_FLAGS_RNG 0x10 /* hardware rng */ -#define UBS_FLAGS_AES 0x20 /* hardware AES support */ - -struct ubsec_q { - BSD_SIMPLEQ_ENTRY(ubsec_q) q_next; - int q_nstacked_mcrs; - struct ubsec_q *q_stacked_mcr[UBS_MAX_AGGR-1]; - struct cryptop *q_crp; - struct ubsec_dma *q_dma; - - //struct mbuf *q_src_m, *q_dst_m; - struct sk_buff *q_src_m, *q_dst_m; - struct uio *q_src_io, *q_dst_io; - - /* - bus_dmamap_t q_src_map; - bus_dmamap_t q_dst_map; - */ - - /* DMA addresses for In-/Out packages */ - int q_src_len; - int q_dst_len; - struct ubsec_dma_alloc q_src_map[UBS_MAX_SCATTER]; - struct ubsec_dma_alloc q_dst_map[UBS_MAX_SCATTER]; - int q_has_dst; - - int q_sesn; - int q_flags; -}; - -struct ubsec_softc { - softc_device_decl sc_dev; - struct ssb_device *sdev; /* device backpointer */ - - struct device *sc_dv; /* generic device */ - void *sc_ih; /* interrupt handler cookie */ - int sc_flags; /* device specific flags */ - u_int32_t sc_statmask; /* interrupt status mask */ - int32_t sc_cid; /* crypto tag */ - BSD_SIMPLEQ_HEAD(,ubsec_q) sc_queue; /* packet queue, mcr1 */ - int sc_nqueue; /* count enqueued, mcr1 */ - BSD_SIMPLEQ_HEAD(,ubsec_q) sc_qchip; /* on chip, mcr1 */ - BSD_SIMPLEQ_HEAD(,ubsec_q) sc_freequeue; /* list of free queue elements */ - BSD_SIMPLEQ_HEAD(,ubsec_q2) sc_queue2; /* packet queue, mcr2 */ - int sc_nqueue2; /* count enqueued, mcr2 */ - BSD_SIMPLEQ_HEAD(,ubsec_q2) sc_qchip2; /* on chip, mcr2 */ - int sc_nsessions; /* # of sessions */ - struct ubsec_session *sc_sessions; /* sessions */ - int sc_rnghz; /* rng poll time */ - struct ubsec_q2_rng sc_rng; - struct ubsec_dma sc_dmaa[UBS_MAX_NQUEUE]; - struct ubsec_q *sc_queuea[UBS_MAX_NQUEUE]; - BSD_SIMPLEQ_HEAD(,ubsec_q2) sc_q2free; /* free list */ - spinlock_t sc_ringmtx; /* PE ring lock */ -}; - -#define UBSEC_QFLAGS_COPYOUTIV 0x1 - -struct ubsec_session { - u_int32_t ses_used; - u_int32_t ses_key[8]; /* 3DES/AES key */ - u_int32_t ses_hminner[5]; /* hmac inner state */ - u_int32_t ses_hmouter[5]; /* hmac outer state */ - u_int32_t ses_iv[4]; /* [3]DES/AES iv */ - u_int32_t ses_keysize; /* AES key size */ - u_int32_t ses_mlen; /* hmac/hash length */ -}; - -struct ubsec_stats { - u_int64_t hst_ibytes; - u_int64_t hst_obytes; - u_int32_t hst_ipackets; - u_int32_t hst_opackets; - u_int32_t hst_invalid; - u_int32_t hst_nomem; - u_int32_t hst_queuefull; - u_int32_t hst_dmaerr; - u_int32_t hst_mcrerr; - u_int32_t hst_nodmafree; -}; - -struct ubsec_generic_ctx { - u_int32_t pc_key[8]; /* [3]DES/AES key */ - u_int32_t pc_hminner[5]; /* hmac inner state */ - u_int32_t pc_hmouter[5]; /* hmac outer state */ - u_int32_t pc_iv[4]; /* [3]DES/AES iv */ - u_int16_t pc_flags; /* flags, below */ - u_int16_t pc_offset; /* crypto offset */ - u_int16_t pc_type; /* Cryptographic operation */ -}; - diff --git a/package/ubsec_ssb/src/uio.h b/package/ubsec_ssb/src/uio.h deleted file mode 100644 index e82e46cbadb..00000000000 --- a/package/ubsec_ssb/src/uio.h +++ /dev/null @@ -1,54 +0,0 @@ -#ifndef _OCF_UIO_H_ -#define _OCF_UIO_H_ - -#include - -/* - * The linux uio.h doesn't have all we need. To be fully api compatible - * with the BSD cryptodev, we need to keep this around. Perhaps this can - * be moved back into the linux/uio.h - * - * Linux port done by David McCullough - * Copyright (C) 2006-2007 David McCullough - * Copyright (C) 2004-2005 Intel Corporation. - * - * LICENSE TERMS - * - * The free distribution and use of this software in both source and binary - * form is allowed (with or without changes) provided that: - * - * 1. distributions of this source code include the above copyright - * notice, this list of conditions and the following disclaimer; - * - * 2. distributions in binary form include the above copyright - * notice, this list of conditions and the following disclaimer - * in the documentation and/or other associated materials; - * - * 3. the copyright holder's name is not used to endorse products - * built using this software without specific written permission. - * - * ALTERNATIVELY, provided that this notice is retained in full, this product - * may be distributed under the terms of the GNU General Public License (GPL), - * in which case the provisions of the GPL apply INSTEAD OF those given above. - * - * DISCLAIMER - * - * This software is provided 'as is' with no explicit or implied warranties - * in respect of its properties, including, but not limited to, correctness - * and/or fitness for purpose. - * --------------------------------------------------------------------------- - */ - -struct uio { - struct iovec *uio_iov; - int uio_iovcnt; - off_t uio_offset; - int uio_resid; -#if 0 - enum uio_seg uio_segflg; - enum uio_rw uio_rw; - struct thread *uio_td; -#endif -}; - -#endif diff --git a/target/linux/generic/config-2.6.30 b/target/linux/generic/config-2.6.30 index 808086570a2..eec7584d0b0 100644 --- a/target/linux/generic/config-2.6.30 +++ b/target/linux/generic/config-2.6.30 @@ -1555,6 +1555,7 @@ CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_OCF_OCFNULL is not set # CONFIG_OCF_SAFE is not set # CONFIG_OCF_TALITOS is not set +# CONFIG_OCF_UBSEC_SSB is not set # CONFIG_OMFS_FS is not set # CONFIG_OSF_PARTITION is not set # CONFIG_P54_COMMON is not set diff --git a/target/linux/generic/config-2.6.31 b/target/linux/generic/config-2.6.31 index 9240140510f..62429371f84 100644 --- a/target/linux/generic/config-2.6.31 +++ b/target/linux/generic/config-2.6.31 @@ -1553,6 +1553,7 @@ CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_OCF_OCFNULL is not set # CONFIG_OCF_SAFE is not set # CONFIG_OCF_TALITOS is not set +# CONFIG_OCF_UBSEC_SSB is not set # CONFIG_OMFS_FS is not set # CONFIG_OPROFILE is not set # CONFIG_OSF_PARTITION is not set diff --git a/target/linux/generic/config-2.6.32 b/target/linux/generic/config-2.6.32 index f2e1f270fd9..585d1ed236a 100644 --- a/target/linux/generic/config-2.6.32 +++ b/target/linux/generic/config-2.6.32 @@ -1636,6 +1636,7 @@ CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_OCF_OCFNULL is not set # CONFIG_OCF_SAFE is not set # CONFIG_OCF_TALITOS is not set +# CONFIG_OCF_UBSEC_SSB is not set # CONFIG_OMFS_FS is not set # CONFIG_ORION_WATCHDOG is not set # CONFIG_OSF_PARTITION is not set diff --git a/target/linux/generic/config-2.6.36 b/target/linux/generic/config-2.6.36 index a9f1a593dd0..2bc35d65d25 100644 --- a/target/linux/generic/config-2.6.36 +++ b/target/linux/generic/config-2.6.36 @@ -1679,6 +1679,7 @@ CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_OCF_OCFNULL is not set # CONFIG_OCF_SAFE is not set # CONFIG_OCF_TALITOS is not set +# CONFIG_OCF_UBSEC_SSB is not set # CONFIG_OC_ETM is not set # CONFIG_OMFS_FS is not set # CONFIG_ORION_WATCHDOG is not set diff --git a/target/linux/generic/config-2.6.37 b/target/linux/generic/config-2.6.37 index cc107ce00d7..5c2783bcdb6 100644 --- a/target/linux/generic/config-2.6.37 +++ b/target/linux/generic/config-2.6.37 @@ -1718,6 +1718,7 @@ CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_OCF_OCFNULL is not set # CONFIG_OCF_SAFE is not set # CONFIG_OCF_TALITOS is not set +# CONFIG_OCF_UBSEC_SSB is not set # CONFIG_OC_ETM is not set # CONFIG_OMFS_FS is not set # CONFIG_ORION_WATCHDOG is not set diff --git a/target/linux/generic/config-2.6.38 b/target/linux/generic/config-2.6.38 index 33f890c555f..a4d83cf23b0 100644 --- a/target/linux/generic/config-2.6.38 +++ b/target/linux/generic/config-2.6.38 @@ -1750,6 +1750,7 @@ CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_OCF_OCFNULL is not set # CONFIG_OCF_SAFE is not set # CONFIG_OCF_TALITOS is not set +# CONFIG_OCF_UBSEC_SSB is not set # CONFIG_OC_ETM is not set # CONFIG_OMFS_FS is not set # CONFIG_ORION_WATCHDOG is not set diff --git a/target/linux/generic/config-2.6.39 b/target/linux/generic/config-2.6.39 index b98814ab4ba..e04d4971b85 100644 --- a/target/linux/generic/config-2.6.39 +++ b/target/linux/generic/config-2.6.39 @@ -1785,6 +1785,7 @@ CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_OCF_OCFNULL is not set # CONFIG_OCF_SAFE is not set # CONFIG_OCF_TALITOS is not set +# CONFIG_OCF_UBSEC_SSB is not set # CONFIG_OC_ETM is not set # CONFIG_OMFS_FS is not set # CONFIG_ORION_WATCHDOG is not set diff --git a/target/linux/generic/config-3.0 b/target/linux/generic/config-3.0 index 0d1eec1e6cb..4d0a5e43149 100644 --- a/target/linux/generic/config-3.0 +++ b/target/linux/generic/config-3.0 @@ -1797,6 +1797,7 @@ CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_OCF_OCFNULL is not set # CONFIG_OCF_SAFE is not set # CONFIG_OCF_TALITOS is not set +# CONFIG_OCF_UBSEC_SSB is not set # CONFIG_OC_ETM is not set # CONFIG_OMFS_FS is not set # CONFIG_ORION_WATCHDOG is not set diff --git a/target/linux/generic/files/crypto/ocf/Config.in b/target/linux/generic/files/crypto/ocf/Config.in index d722cba2994..652f76e9074 100644 --- a/target/linux/generic/files/crypto/ocf/Config.in +++ b/target/linux/generic/files/crypto/ocf/Config.in @@ -27,6 +27,8 @@ dep_tristate ' ep80579 (HW crypto engine)' \ CONFIG_OCF_EP80579 $CONFIG_OCF_OCF dep_tristate ' Micronas c7108 (HW crypto engine)' \ CONFIG_OCF_C7108 $CONFIG_OCF_OCF +dep_tristate ' uBsec BCM5365 (HW crypto engine)' + CONFIG_OCF_UBSEC_SSB $CONFIG_OCF_OCF dep_tristate ' ocfnull (does no crypto)' \ CONFIG_OCF_OCFNULL $CONFIG_OCF_OCF dep_tristate ' ocf-bench (HW crypto in-kernel benchmark)' \ diff --git a/target/linux/generic/files/crypto/ocf/Kconfig b/target/linux/generic/files/crypto/ocf/Kconfig index e477f065622..0a572886efd 100644 --- a/target/linux/generic/files/crypto/ocf/Kconfig +++ b/target/linux/generic/files/crypto/ocf/Kconfig @@ -103,6 +103,12 @@ config OCF_C7108 help OCF driver for the Microna 7108 Cipher processors. +config OCF_UBSEC_SSB + tristate "uBsec BCM5365 (HW crypto engine)" + depends on OCF_OCF + help + OCF driver for uBsec BCM5365 hardware crypto accelerator. + config OCF_OCFNULL tristate "ocfnull (fake crypto engine)" depends on OCF_OCF diff --git a/target/linux/generic/files/crypto/ocf/Makefile b/target/linux/generic/files/crypto/ocf/Makefile index fa951f401c7..e600f9bab70 100644 --- a/target/linux/generic/files/crypto/ocf/Makefile +++ b/target/linux/generic/files/crypto/ocf/Makefile @@ -47,9 +47,19 @@ $(_obj)-$(CONFIG_OCF_CRYPTOCTEON) += cryptocteon$(_slash) $(_obj)-$(CONFIG_OCF_KIRKWOOD) += kirkwood$(_slash) $(_obj)-$(CONFIG_OCF_OCFNULL) += ocfnull$(_slash) $(_obj)-$(CONFIG_OCF_C7108) += c7108$(_slash) +$(_obj)-$(CONFIG_OCF_UBSEC_SSB) += ubsec_ssb$(_slash) ocf-objs := $(OCF_OBJS) +dummy: + @echo "Please consult the README for how to build OCF." + @echo "If you can't wait then the following should do it:" + @echo "" + @echo " make ocf_modules" + @echo " sudo make ocf_install" + @echo "" + @exit 1 + $(list-multi) dummy1: $(ocf-objs) $(LD) -r -o $@ $(ocf-objs) @@ -57,21 +67,44 @@ $(list-multi) dummy1: $(ocf-objs) clean: rm -f *.o *.ko .*.o.flags .*.ko.cmd .*.o.cmd .*.mod.o.cmd *.mod.c rm -f */*.o */*.ko */.*.o.cmd */.*.ko.cmd */.*.mod.o.cmd */*.mod.c */.*.o.flags + rm -f */modules.order */modules.builtin modules.order modules.builtin ifdef TOPDIR -include $(TOPDIR)/Rules.make endif # -# release gen targets +# targets to build easily on the current machine +# + +ocf_make: + make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m + make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_CRYPTOSOFT=m + -make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_BENCH=m + -make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_OCFNULL=m + -make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_HIFN=m + +ocf_modules: + $(MAKE) ocf_make OCF_TARGET=modules + +ocf_install: + $(MAKE) ocf_make OCF_TARGET="modules modules_install" + depmod + mkdir -p /usr/include/crypto + cp cryptodev.h /usr/include/crypto/. + +# +# generate full kernel patches for 2.4 and 2.6 kernels to make patching +# your kernel easier # .PHONY: patch patch: - REL=`date +%Y%m%d`; \ - patch=ocf-linux-$$REL.patch; \ - patch24=ocf-linux-24-$$REL.patch; \ - patch26=ocf-linux-26-$$REL.patch; \ + patchbase=.; \ + [ -d $$patchbase/patches ] || patchbase=..; \ + patch=ocf-linux-base.patch; \ + patch24=ocf-linux-24.patch; \ + patch26=ocf-linux-26.patch; \ ( \ find . -name Makefile; \ find . -name Config.in; \ @@ -81,44 +114,32 @@ patch: ) | while read t; do \ diff -Nau /dev/null $$t | sed 's?^+++ \./?+++ linux/crypto/ocf/?'; \ done > $$patch; \ - cat patches/linux-2.4.35-ocf.patch $$patch > $$patch24; \ - cat patches/linux-2.6.33-ocf.patch $$patch > $$patch26 + cat $$patchbase/patches/linux-2.4.35-ocf.patch $$patch > $$patch24; \ + cat $$patchbase/patches/linux-2.6.38-ocf.patch $$patch > $$patch26; \ + +# +# this target probably does nothing for anyone but me - davidm +# -.PHONY: tarball -tarball: +.PHONY: release +release: REL=`date +%Y%m%d`; RELDIR=/tmp/ocf-linux-$$REL; \ CURDIR=`pwd`; \ rm -rf /tmp/ocf-linux-$$REL*; \ - mkdir -p $$RELDIR/tools; \ - cp README* $$RELDIR; \ - cp patches/openss*.patch $$RELDIR; \ - cp patches/crypto-tools.patch $$RELDIR; \ - cp tools/[!C]* $$RELDIR/tools; \ - cd ..; \ - tar cvf $$RELDIR/ocf-linux.tar \ - --exclude=CVS \ - --exclude=.* \ - --exclude=*.o \ - --exclude=*.ko \ - --exclude=*.mod.* \ - --exclude=README* \ - --exclude=ocf-*.patch \ - --exclude=ocf/patches/openss*.patch \ - --exclude=ocf/patches/crypto-tools.patch \ - --exclude=ocf/tools \ - ocf; \ - gzip -9 $$RELDIR/ocf-linux.tar; \ - cd /tmp; \ + mkdir -p $$RELDIR/ocf; \ + mkdir -p $$RELDIR/patches; \ + mkdir -p $$RELDIR/crypto-tools; \ + cp README* $$RELDIR/.; \ + cp patches/[!C]* $$RELDIR/patches/.; \ + cp tools/[!C]* $$RELDIR/crypto-tools/.; \ + cp -r [!C]* Config.in $$RELDIR/ocf/.; \ + rm -rf $$RELDIR/ocf/patches $$RELDIR/ocf/tools; \ + rm -f $$RELDIR/ocf/README*; \ + cp $$CURDIR/../../user/crypto-tools/[!C]* $$RELDIR/crypto-tools/.; \ + make -C $$RELDIR/crypto-tools clean; \ + make -C $$RELDIR/ocf clean; \ + find $$RELDIR/ocf -name CVS | xargs rm -rf; \ + cd $$RELDIR/..; \ tar cvf ocf-linux-$$REL.tar ocf-linux-$$REL; \ - gzip -9 ocf-linux-$$REL.tar; \ - cd $$CURDIR/../../user; \ - rm -rf /tmp/crypto-tools-$$REL*; \ - tar cvf /tmp/crypto-tools-$$REL.tar \ - --exclude=CVS \ - --exclude=.* \ - --exclude=*.o \ - --exclude=cryptotest \ - --exclude=cryptokeytest \ - crypto-tools; \ - gzip -9 /tmp/crypto-tools-$$REL.tar + gzip -9 ocf-linux-$$REL.tar diff --git a/target/linux/generic/files/crypto/ocf/README b/target/linux/generic/files/crypto/ocf/README index 5ac39f7304f..88849ddc488 100644 --- a/target/linux/generic/files/crypto/ocf/README +++ b/target/linux/generic/files/crypto/ocf/README @@ -1,167 +1,246 @@ -README - ocf-linux-20100325 ---------------------------- +########################### +README - ocf-linux-20100530 +########################### This README provides instructions for getting ocf-linux compiled and -operating in a generic linux environment. For other information you -might like to visit the home page for this project: +operating in a generic linux environment. Other information on the project +can be found at the home page: http://ocf-linux.sourceforge.net/ -Adding OCF to linux -------------------- +Embedded systems and applications requiring userspace acceleration will need +to patch the kernel source to get full OCF support. See "Adding OCF to +linux source" below. Otherwise the "OCF Quickstart" that follows is the +easiest way to get started. - Not much in this file for now, just some notes. I usually build - the ocf support as modules but it can be built into the kernel as - well. To use it: +If your goal is to accelerate Openswan on Ubuntu or CentOS, you may find +that the required binaries are already available on openswan.org: - * mknod /dev/crypto c 10 70 + ftp://ftp.openswan.org/ocf/ + ftp://ftp.openswan.org/openswan/binaries/ubuntu/ - * to add OCF to your kernel source, you have two options. Apply - the kernel specific patch: +##################################################### +OCF Quickstart for Ubuntu/Others (including Openswan) +##################################################### - cd linux-2.4*; gunzip < ocf-linux-24-XXXXXXXX.patch.gz | patch -p1 - cd linux-2.6*; gunzip < ocf-linux-26-XXXXXXXX.patch.gz | patch -p1 - - if you do one of the above, then you can proceed to the next step, - or you can do the above process by hand with using the patches against - linux-2.4.35 and 2.6.33 to include the ocf code under crypto/ocf. - Here's how to add it: +This section provides instructions on how to quickly add kernel only support +for OCF to a GNU/Linux system. It is only suitable for in-kernel use such as +Openswan MAST/KLIPS. - for 2.4.35 (and later) +If the target is an embedded system, or, userspace acceleration of +applications such as OpenVPN and OpenSSL, the section below titled +"Adding OCF to linux source" is more appropriate. - cd linux-2.4.35/crypto - tar xvzf ocf-linux.tar.gz - cd .. - patch -p1 < crypto/ocf/patches/linux-2.4.35-ocf.patch +Before building kernel only support for OCF ensure that the appropriate +linux-headers package is installed: - for 2.6.23 (and later), find the kernel patch specific (or nearest) - to your kernel versions and then: + cd ocf + make ocf_modules + sudo make ocf_install + OCF_DIR=`pwd` # remember where OCF sources were built - cd linux-2.6.NN/crypto - tar xvzf ocf-linux.tar.gz - cd .. - patch -p1 < crypto/ocf/patches/linux-2.6.NN-ocf.patch +At this point the ocf, cryptosoft, ocfnull, hifn7751 and ocf-bench modules +should have been built and installed. The OCF installation can be tested +with the following commands: - It should be easy to take this patch and apply it to other more - recent versions of the kernels. The same patches should also work - relatively easily on kernels as old as 2.6.11 and 2.4.18. - - * under 2.4 if you are on a non-x86 platform, you may need to: + modprobe ocf + modprobe cryptosoft + modprobe ocf-bench + dmesg | tail -5 - cp linux-2.X.x/include/asm-i386/kmap_types.h linux-2.X.x/include/asm-YYY +The final modprobe of ocf-bench will fail, this is intentional as ocf-bench +is a short lived module that tests in-kernel performance of OCF. If +everything worked correctly the "dmesg | tail -5" should include a line +like: - so that you can build the kernel crypto support needed for the cryptosoft - driver. + [ 583.128741] OCF: 45133 requests of 1488 bytes in 251 jiffies (535.122 Mbps) - * For simplicity you should enable all the crypto support in your kernel - except for the test driver. Likewise for the OCF options. Do not - enable OCF crypto drivers for HW that you do not have (for example - ixp4xx will not compile on non-Xscale systems). +This shows the in-kernel performance of OCF using the cryptosoft driver. +For addition driver load options, see "How to load the OCF modules" below. - * make sure that cryptodev.h (from ocf-linux.tar.gz) is installed as - crypto/cryptodev.h in an include directory that is used for building - applications for your platform. For example on a host system that - might be: +If the intention is to run an OCF accelerated Openswan (KLIPS/MAST) then use +these steps to compile openswan downloaded from openswan.org (2.6.34 or later). - /usr/include/crypto/cryptodev.h + tar xf openswan-2.6.34.tar.gz + cd openswan-2.6.34 + make programs + make KERNELSRC=/lib/modules/`uname -r`/build \ + KBUILD_EXTRA_SYMBOLS=$OCF_DIR/Module.symvers \ + MODULE_DEF_INCLUDE=`pwd`/packaging/ocf/config-all.hmodules \ + MODULE_DEFCONFIG=`pwd`/packaging/ocf/defconfig \ + module + sudo make KERNELSRC=/lib/modules/`uname -r`/build \ + KBUILD_EXTRA_SYMBOLS=$OCF_DIR/Module.symvers \ + MODULE_DEF_INCLUDE=`pwd`/packaging/ocf/config-all.hmodules \ + MODULE_DEFCONFIG=`pwd`/packaging/ocf/defconfig \ + install minstall - * patch your openssl-0.9.8n code with the openssl-0.9.8n.patch. - (NOTE: there is no longer a need to patch ssh). The patch is against: - openssl-0_9_8e +The rest of this document is only required for more complex build +requirements. - If you need a patch for an older version of openssl, you should look - to older OCF releases. This patch is unlikely to work on older - openssl versions. +########################## +Adding OCF to linux source +########################## - openssl-0.9.8n.patch - - enables --with-cryptodev for non BSD systems - - adds -cpu option to openssl speed for calculating CPU load - under linux - - fixes null pointer in openssl speed multi thread output. - - fixes test keys to work with linux crypto's more stringent - key checking. - - adds MD5/SHA acceleration (Ronen Shitrit), only enabled - with the --with-cryptodev-digests option - - fixes bug in engine code caching. +It is recommended that OCF be built as modules as it increases the +flexibility and ease of debugging the system. - * build crypto-tools-XXXXXXXX.tar.gz if you want to try some of the BSD - tools for testing OCF (ie., cryptotest). +Ensure that the system has /dev/crypto for userspace access to OCF: -How to load the OCF drivers ---------------------------- + mknod /dev/crypto c 10 70 - First insert the base modules: +Generate the kernel patches and apply the appropriate one. - insmod ocf - insmod cryptodev + cd ocf + make patch - You can then install the software OCF driver with: +This will provide three files: - insmod cryptosoft + linux-2.4.*-ocf.patch + linux-2.6.*-ocf.patch + ocf-linux-base.patch - and one or more of the OCF HW drivers with: +If either of the first two patches applies to the targets kernel, then one +of the following as required: - insmod safe - insmod hifn7751 - insmod ixp4xx - ... + cd linux-2.X.Y; patch -p1 < linux-2.4.*-ocf.patch + cd linux-2.6.Y; patch -p1 < linux-2.6.*-ocf.patch - all the drivers take a debug option to enable verbose debug so that - you can see what is going on. For debug you load them as: +Otherwise, locate the appropriate kernel patch in the patches directory and +apply that as well as the ocf-linux-base.patch using '-p1'. - insmod ocf crypto_debug=1 - insmod cryptodev cryptodev_debug=1 - insmod cryptosoft swcr_debug=1 +When using a linux-2.4 system on a non-x86 platform, the following may be +required to build cryptosoft: - You may load more than one OCF crypto driver but then there is no guarantee - as to which will be used. + cp linux-2.X.x/include/asm-i386/kmap_types.h linux-2.X.x/include/asm-YYY - You can also enable debug at run time on 2.6 systems with the following: +When using cryptosoft, for simplicity, enable all the crypto support in the +kernel except for the test driver. Likewise for the OCF options. Do not +enable OCF crypto drivers for HW that is not present (for example the ixp4xx +driver will not compile on non-Xscale systems). - echo 1 > /sys/module/ocf/parameters/crypto_debug - echo 1 > /sys/module/cryptodev/parameters/cryptodev_debug - echo 1 > /sys/module/cryptosoft/parameters/swcr_debug - echo 1 > /sys/module/hifn7751/parameters/hifn_debug - echo 1 > /sys/module/safe/parameters/safe_debug - echo 1 > /sys/module/ixp4xx/parameters/ixp_debug - ... +Make sure that cryptodev.h from the ocf directory is installed as +crypto/cryptodev.h in an include directory that is used for building +applications for the target platform. For example on a host system that +might be: + /usr/include/crypto/cryptodev.h + +Patch the openssl-0.9.8r code the openssl-0.9.8r.patch from the patches +directory. There are many older patch versions in the patches directory +if required. + +The openssl patches provide the following functionality: + + * enables --with-cryptodev for non BSD systems + * adds -cpu option to openssl speed for calculating CPU load under linux + * fixes null pointer in openssl speed multi thread output. + * fixes test keys to work with linux crypto's more stringent key checking. + * adds MD5/SHA acceleration (Ronen Shitrit), only enabled with the + --with-cryptodev-digests option + * fixes bug in engine code caching. + +Build the crypto-tools directory for the target to obtain a userspace +testing tool call cryptotest. + +########################### +How to load the OCF modules +########################### + +First insert the base modules (cryptodev is optional, it is only used +for userspace acceleration): + + modprobe ocf + modprobe cryptodev + +Load the software OCF driver with: + + modprobe cryptosoft + +and zero or more of the OCF HW drivers with: + + modprobe safe + modprobe hifn7751 + modprobe ixp4xx + ... + +All the drivers take a debug option to enable verbose debug so that +OCF operation may be observed via "dmesg" or the console. For debug +load the modules as: + + modprobe ocf crypto_debug=1 + modprobe cryptodev cryptodev_debug=1 + modprobe cryptosoft swcr_debug=1 + +More than one OCF crypto driver may be loaded but then there is no +guarantee as to which will be used (other than a preference for HW +drivers over SW drivers by most applications). + +It is also possible to enable debug at run time on linux-2.6 systems +with the following: + + echo 1 > /sys/module/ocf/parameters/crypto_debug + echo 1 > /sys/module/cryptodev/parameters/cryptodev_debug + echo 1 > /sys/module/cryptosoft/parameters/swcr_debug + echo 1 > /sys/module/hifn7751/parameters/hifn_debug + echo 1 > /sys/module/safe/parameters/safe_debug + echo 1 > /sys/module/ixp4xx/parameters/ixp_debug + ... + +The ocf-bench driver accepts the following parameters: + + request_q_len - Maximum number of outstanding requests to OCF + request_num - run for at least this many requests + request_size - size of each request (multiple of 16 bytes recommended) + request_batch - enable OCF request batching + request_cbimm - enable OCF immediate callback on completion + +For example: + + modprobe ocf-bench request_size=1024 request_cbimm=0 + +####################### Testing the OCF support ------------------------ +####################### + +run "cryptotest", it should do a short test for a couple of +des packets. If it does everything is working. - run "cryptotest", it should do a short test for a couple of - des packets. If it does everything is working. +If this works, then ssh will use the driver when invoked as: - If this works, then ssh will use the driver when invoked as: + ssh -c 3des username@host - ssh -c 3des username@host +to see for sure that it is operating, enable debug as defined above. - to see for sure that it is operating, enable debug as defined above. +To get a better idea of performance run: - To get a better idea of performance run: + cryptotest 100 4096 - cryptotest 100 4096 +There are more options to cryptotest, see the help. - There are more options to cryptotest, see the help. +It is also possible to use openssl to test the speed of the crypto +drivers. - It is also possible to use openssl to test the speed of the crypto - drivers. + openssl speed -evp des -engine cryptodev -elapsed + openssl speed -evp des3 -engine cryptodev -elapsed + openssl speed -evp aes128 -engine cryptodev -elapsed - openssl speed -evp des -engine cryptodev -elapsed - openssl speed -evp des3 -engine cryptodev -elapsed - openssl speed -evp aes128 -engine cryptodev -elapsed +and multiple threads (10) with: - and multiple threads (10) with: + openssl speed -evp des -engine cryptodev -elapsed -multi 10 + openssl speed -evp des3 -engine cryptodev -elapsed -multi 10 + openssl speed -evp aes128 -engine cryptodev -elapsed -multi 10 - openssl speed -evp des -engine cryptodev -elapsed -multi 10 - openssl speed -evp des3 -engine cryptodev -elapsed -multi 10 - openssl speed -evp aes128 -engine cryptodev -elapsed -multi 10 +for public key testing you can try: - for public key testing you can try: + cryptokeytest + openssl speed -engine cryptodev rsa -elapsed + openssl speed -engine cryptodev dsa -elapsed - cryptokeytest - openssl speed -engine cryptodev rsa -elapsed - openssl speed -engine cryptodev dsa -elapsed -David McCullough -david_mccullough@mcafee.com +############################# +# +# David McCullough +# david_mccullough@mcafee.com +# +############################# diff --git a/target/linux/generic/files/crypto/ocf/criov.c b/target/linux/generic/files/crypto/ocf/criov.c index e1b159fb4ec..d3d8cfd8f77 100644 --- a/target/linux/generic/files/crypto/ocf/criov.c +++ b/target/linux/generic/files/crypto/ocf/criov.c @@ -35,10 +35,8 @@ __FBSDID("$FreeBSD: src/sys/opencrypto/criov.c,v 1.5 2006/06/04 22:15:13 pjd Exp */ #include -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -#include -#else -#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include #endif #include #include diff --git a/target/linux/generic/files/crypto/ocf/crypto.c b/target/linux/generic/files/crypto/ocf/crypto.c index ccd5a4bfab3..f48210d0621 100644 --- a/target/linux/generic/files/crypto/ocf/crypto.c +++ b/target/linux/generic/files/crypto/ocf/crypto.c @@ -64,10 +64,8 @@ __FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.16 2005/01/07 02:29:16 imp E #include -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -#include -#else -#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include #endif #include #include @@ -76,7 +74,9 @@ __FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.16 2005/01/07 02:29:16 imp E #include #include #include -#include +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,4) +#include +#endif #include /* @@ -156,9 +156,8 @@ static int crypto_drivers_num = 0; * have one per-queue but having one simplifies handling of block/unblock * operations. */ -static int crp_sleep = 0; -static LIST_HEAD(crp_q); /* request queues */ -static LIST_HEAD(crp_kq); +static LIST_HEAD(crp_q); /* crypto request queue */ +static LIST_HEAD(crp_kq); /* asym request queue */ static spinlock_t crypto_q_lock; @@ -213,11 +212,6 @@ static struct kmem_cache *cryptop_zone; static struct kmem_cache *cryptodesc_zone; #endif -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27) -#include -#define kill_proc(p,s,v) send_sig(s,find_task_by_vpid(p),0) -#endif - #define debug crypto_debug int crypto_debug = 0; module_param(crypto_debug, int, 0644); @@ -278,11 +272,13 @@ module_param(crypto_max_loopcount, int, 0644); MODULE_PARM_DESC(crypto_max_loopcount, "Maximum number of crypto ops to do before yielding to other processes"); -static pid_t cryptoproc = (pid_t) -1; -static struct completion cryptoproc_exited; +#ifndef CONFIG_NR_CPUS +#define CONFIG_NR_CPUS 1 +#endif + +static struct task_struct *cryptoproc[CONFIG_NR_CPUS]; +static struct task_struct *cryptoretproc[CONFIG_NR_CPUS]; static DECLARE_WAIT_QUEUE_HEAD(cryptoproc_wait); -static pid_t cryptoretproc = (pid_t) -1; -static struct completion cryptoretproc_exited; static DECLARE_WAIT_QUEUE_HEAD(cryptoretproc_wait); static int crypto_proc(void *arg); @@ -318,6 +314,7 @@ driver_suitable(const struct cryptocap *cap, const struct cryptoini *cri) return 1; } + /* * Select a driver for a new session that supports the specified * algorithms and, optionally, is constrained according to the flags. @@ -791,8 +788,7 @@ crypto_unblock(u_int32_t driverid, int what) cap->cc_unkqblocked = 0; crypto_all_kqblocked = 0; } - if (crp_sleep) - wake_up_interruptible(&cryptoproc_wait); + wake_up_interruptible(&cryptoproc_wait); err = 0; } else err = EINVAL; @@ -817,8 +813,8 @@ crypto_dispatch(struct cryptop *crp) CRYPTO_Q_LOCK(); if (crypto_q_cnt >= crypto_q_max) { - CRYPTO_Q_UNLOCK(); cryptostats.cs_drops++; + CRYPTO_Q_UNLOCK(); return ENOMEM; } crypto_q_cnt++; @@ -865,8 +861,7 @@ crypto_dispatch(struct cryptop *crp) TAILQ_INSERT_TAIL(&crp_q, crp, crp_next); result = 0; } - if (crp_sleep) - wake_up_interruptible(&cryptoproc_wait); + wake_up_interruptible(&cryptoproc_wait); CRYPTO_Q_UNLOCK(); return result; } @@ -887,8 +882,7 @@ crypto_kdispatch(struct cryptkop *krp) if (error == ERESTART) { CRYPTO_Q_LOCK(); TAILQ_INSERT_TAIL(&crp_kq, krp, krp_next); - if (crp_sleep) - wake_up_interruptible(&cryptoproc_wait); + wake_up_interruptible(&cryptoproc_wait); CRYPTO_Q_UNLOCK(); error = 0; } @@ -1186,8 +1180,7 @@ crypto_done(struct cryptop *crp) * Normal case; queue the callback for the thread. */ CRYPTO_RETQ_LOCK(); - if (CRYPTO_RETQ_EMPTY()) - wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */ + wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */ TAILQ_INSERT_TAIL(&crp_ret_q, crp, crp_next); CRYPTO_RETQ_UNLOCK(); } @@ -1237,8 +1230,7 @@ crypto_kdone(struct cryptkop *krp) * Normal case; queue the callback for the thread. */ CRYPTO_RETQ_LOCK(); - if (CRYPTO_RETQ_EMPTY()) - wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */ + wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */ TAILQ_INSERT_TAIL(&crp_ret_kq, krp, krp_next); CRYPTO_RETQ_UNLOCK(); } @@ -1281,7 +1273,7 @@ crypto_proc(void *arg) unsigned long q_flags; int loopcount = 0; - ocf_daemonize("crypto"); + set_current_state(TASK_INTERRUPTIBLE); CRYPTO_Q_LOCK(); for (;;) { @@ -1435,12 +1427,10 @@ crypto_proc(void *arg) list_empty(&crp_kq), crypto_all_kqblocked); loopcount = 0; CRYPTO_Q_UNLOCK(); - crp_sleep = 1; wait_event_interruptible(cryptoproc_wait, !(list_empty(&crp_q) || crypto_all_qblocked) || !(list_empty(&crp_kq) || crypto_all_kqblocked) || - cryptoproc == (pid_t) -1); - crp_sleep = 0; + kthread_should_stop()); if (signal_pending (current)) { #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) spin_lock_irq(¤t->sigmask_lock); @@ -1452,7 +1442,7 @@ crypto_proc(void *arg) } CRYPTO_Q_LOCK(); dprintk("%s - awake\n", __FUNCTION__); - if (cryptoproc == (pid_t) -1) + if (kthread_should_stop()) break; cryptostats.cs_intrs++; } else if (loopcount > crypto_max_loopcount) { @@ -1461,12 +1451,14 @@ crypto_proc(void *arg) * been using the CPU exclusively for a while. */ loopcount = 0; + CRYPTO_Q_UNLOCK(); schedule(); + CRYPTO_Q_LOCK(); } loopcount++; } CRYPTO_Q_UNLOCK(); - complete_and_exit(&cryptoproc_exited, 0); + return 0; } /* @@ -1481,7 +1473,7 @@ crypto_ret_proc(void *arg) struct cryptkop *krpt; unsigned long r_flags; - ocf_daemonize("crypto_ret"); + set_current_state(TASK_INTERRUPTIBLE); CRYPTO_RETQ_LOCK(); for (;;) { @@ -1516,9 +1508,9 @@ crypto_ret_proc(void *arg) dprintk("%s - sleeping\n", __FUNCTION__); CRYPTO_RETQ_UNLOCK(); wait_event_interruptible(cryptoretproc_wait, - cryptoretproc == (pid_t) -1 || !list_empty(&crp_ret_q) || - !list_empty(&crp_ret_kq)); + !list_empty(&crp_ret_kq) || + kthread_should_stop()); if (signal_pending (current)) { #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) spin_lock_irq(¤t->sigmask_lock); @@ -1530,7 +1522,7 @@ crypto_ret_proc(void *arg) } CRYPTO_RETQ_LOCK(); dprintk("%s - awake\n", __FUNCTION__); - if (cryptoretproc == (pid_t) -1) { + if (kthread_should_stop()) { dprintk("%s - EXITING!\n", __FUNCTION__); break; } @@ -1538,7 +1530,7 @@ crypto_ret_proc(void *arg) } } CRYPTO_RETQ_UNLOCK(); - complete_and_exit(&cryptoretproc_exited, 0); + return 0; } @@ -1644,6 +1636,7 @@ static int crypto_init(void) { int error; + unsigned long cpu; dprintk("%s(%p)\n", __FUNCTION__, (void *) crypto_init); @@ -1686,25 +1679,28 @@ crypto_init(void) memset(crypto_drivers, 0, crypto_drivers_num * sizeof(struct cryptocap)); - init_completion(&cryptoproc_exited); - init_completion(&cryptoretproc_exited); - - cryptoproc = 0; /* to avoid race condition where proc runs first */ - cryptoproc = kernel_thread(crypto_proc, NULL, CLONE_FS|CLONE_FILES); - if (cryptoproc < 0) { - error = cryptoproc; - printk("crypto: crypto_init cannot start crypto thread; error %d", - error); - goto bad; - } - - cryptoretproc = 0; /* to avoid race condition where proc runs first */ - cryptoretproc = kernel_thread(crypto_ret_proc, NULL, CLONE_FS|CLONE_FILES); - if (cryptoretproc < 0) { - error = cryptoretproc; - printk("crypto: crypto_init cannot start cryptoret thread; error %d", + ocf_for_each_cpu(cpu) { + cryptoproc[cpu] = kthread_create(crypto_proc, (void *) cpu, + "ocf_%d", (int) cpu); + if (IS_ERR(cryptoproc[cpu])) { + error = PTR_ERR(cryptoproc[cpu]); + printk("crypto: crypto_init cannot start crypto thread; error %d", error); - goto bad; + goto bad; + } + kthread_bind(cryptoproc[cpu], cpu); + wake_up_process(cryptoproc[cpu]); + + cryptoretproc[cpu] = kthread_create(crypto_ret_proc, (void *) cpu, + "ocf_ret_%d", (int) cpu); + if (IS_ERR(cryptoretproc[cpu])) { + error = PTR_ERR(cryptoretproc[cpu]); + printk("crypto: crypto_init cannot start cryptoret thread; error %d", + error); + goto bad; + } + kthread_bind(cryptoretproc[cpu], cpu); + wake_up_process(cryptoretproc[cpu]); } return 0; @@ -1717,34 +1713,17 @@ bad: static void crypto_exit(void) { - pid_t p; - unsigned long d_flags; + int cpu; dprintk("%s()\n", __FUNCTION__); /* * Terminate any crypto threads. */ - - CRYPTO_DRIVER_LOCK(); - p = cryptoproc; - cryptoproc = (pid_t) -1; - kill_proc(p, SIGTERM, 1); - wake_up_interruptible(&cryptoproc_wait); - CRYPTO_DRIVER_UNLOCK(); - - wait_for_completion(&cryptoproc_exited); - - CRYPTO_DRIVER_LOCK(); - p = cryptoretproc; - cryptoretproc = (pid_t) -1; - kill_proc(p, SIGTERM, 1); - wake_up_interruptible(&cryptoretproc_wait); - CRYPTO_DRIVER_UNLOCK(); - - wait_for_completion(&cryptoretproc_exited); - - /* XXX flush queues??? */ + ocf_for_each_cpu(cpu) { + kthread_stop(cryptoproc[cpu]); + kthread_stop(cryptoretproc[cpu]); + } /* * Reclaim dynamically allocated resources. diff --git a/target/linux/generic/files/crypto/ocf/cryptocteon/cryptocteon.c b/target/linux/generic/files/crypto/ocf/cryptocteon/cryptocteon.c index fa377e5eeed..741e4fa31d5 100644 --- a/target/linux/generic/files/crypto/ocf/cryptocteon/cryptocteon.c +++ b/target/linux/generic/files/crypto/ocf/cryptocteon/cryptocteon.c @@ -28,10 +28,8 @@ */ #include -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -#include -#else -#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include #endif #include #include @@ -69,15 +67,6 @@ struct octo_sess { int octo_mlen; int octo_ivsize; -#if 0 - int (*octo_decrypt)(struct scatterlist *sg, int sg_len, - uint8_t *key, int key_len, uint8_t * iv, - uint64_t *hminner, uint64_t *hmouter); - - int (*octo_encrypt)(struct scatterlist *sg, int sg_len, - uint8_t *key, int key_len, uint8_t * iv, - uint64_t *hminner, uint64_t *hmouter); -#else int (*octo_encrypt)(struct octo_sess *od, struct scatterlist *sg, int sg_len, int auth_off, int auth_len, @@ -88,7 +77,6 @@ struct octo_sess { int auth_off, int auth_len, int crypt_off, int crypt_len, int icv_off, uint8_t *ivp); -#endif uint64_t octo_hminner[3]; uint64_t octo_hmouter[3]; @@ -264,7 +252,7 @@ octo_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri) break; case CRYPTO_SHA1_HMAC: (*ocd)->octo_encrypt = octo_des_cbc_sha1_encrypt; - (*ocd)->octo_decrypt = octo_des_cbc_sha1_encrypt; + (*ocd)->octo_decrypt = octo_des_cbc_sha1_decrypt; octo_calc_hash(1, macini->cri_key, (*ocd)->octo_hminner, (*ocd)->octo_hmouter); break; @@ -305,13 +293,13 @@ octo_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri) break; case CRYPTO_MD5_HMAC: (*ocd)->octo_encrypt = octo_null_md5_encrypt; - (*ocd)->octo_decrypt = octo_null_md5_encrypt; + (*ocd)->octo_decrypt = octo_null_md5_encrypt; /* encrypt == decrypt */ octo_calc_hash(0, macini->cri_key, (*ocd)->octo_hminner, (*ocd)->octo_hmouter); break; case CRYPTO_SHA1_HMAC: (*ocd)->octo_encrypt = octo_null_sha1_encrypt; - (*ocd)->octo_decrypt = octo_null_sha1_encrypt; + (*ocd)->octo_decrypt = octo_null_sha1_encrypt; /* encrypt == decrypt */ octo_calc_hash(1, macini->cri_key, (*ocd)->octo_hminner, (*ocd)->octo_hmouter); break; @@ -433,12 +421,22 @@ octo_process(device_t dev, struct cryptop *crp, int hint) } if (enccrd) { - if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) { - ivp = enccrd->crd_iv; + if (enccrd->crd_flags & CRD_F_ENCRYPT) { + if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) + ivp = enccrd->crd_iv; + else + read_random((ivp = iv_data), od->octo_ivsize); + if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) + crypto_copyback(crp->crp_flags, crp->crp_buf, + enccrd->crd_inject, od->octo_ivsize, ivp); } else { - ivp = iv_data; - crypto_copydata(crp->crp_flags, crp->crp_buf, - enccrd->crd_inject, od->octo_ivsize, (caddr_t) ivp); + if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) { + ivp = enccrd->crd_iv; + } else { + ivp = iv_data; + crypto_copydata(crp->crp_flags, crp->crp_buf, + enccrd->crd_inject, od->octo_ivsize, (caddr_t) ivp); + } } if (maccrd) { diff --git a/target/linux/generic/files/crypto/ocf/cryptodev.c b/target/linux/generic/files/crypto/ocf/cryptodev.c index 8f0257cce10..2ee3618cd79 100644 --- a/target/linux/generic/files/crypto/ocf/cryptodev.c +++ b/target/linux/generic/files/crypto/ocf/cryptodev.c @@ -40,10 +40,8 @@ __FBSDID("$FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.34 2007/05/09 19:37:02 gn */ #include -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -#include -#else -#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include #endif #include #include @@ -60,7 +58,6 @@ __FBSDID("$FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.34 2007/05/09 19:37:02 gn #include #include #include -#include #include #include diff --git a/target/linux/generic/files/crypto/ocf/cryptodev.h b/target/linux/generic/files/crypto/ocf/cryptodev.h index 60323175f25..cca0ec822de 100644 --- a/target/linux/generic/files/crypto/ocf/cryptodev.h +++ b/target/linux/generic/files/crypto/ocf/cryptodev.h @@ -156,7 +156,8 @@ #define CRYPTO_SHA2_384 23 #define CRYPTO_SHA2_512 24 #define CRYPTO_RIPEMD160 25 -#define CRYPTO_ALGORITHM_MAX 25 /* Keep updated - see below */ +#define CRYPTO_LZS_COMP 26 +#define CRYPTO_ALGORITHM_MAX 26 /* Keep updated - see above */ /* Algorithm flags */ #define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */ diff --git a/target/linux/generic/files/crypto/ocf/cryptosoft.c b/target/linux/generic/files/crypto/ocf/cryptosoft.c index ff1315df567..79aac923600 100644 --- a/target/linux/generic/files/crypto/ocf/cryptosoft.c +++ b/target/linux/generic/files/crypto/ocf/cryptosoft.c @@ -4,7 +4,7 @@ * but is mostly unrecognisable, * * Written by David McCullough - * Copyright (C) 2004-2010 David McCullough + * Copyright (C) 2004-2011 David McCullough * Copyright (C) 2004-2005 Intel Corporation. * * LICENSE TERMS @@ -35,10 +35,8 @@ */ #include -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -#include -#else -#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include #endif #include #include @@ -50,7 +48,8 @@ #include #include #include -#include +#include +#include #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10) #include #endif @@ -76,6 +75,8 @@ struct { #define SW_TYPE_ASYNC 0x8000 +#define SW_TYPE_INUSE 0x10000000 + /* We change some of the above if we have an async interface */ #define SW_TYPE_ALG_AMASK (SW_TYPE_ALG_MASK | SW_TYPE_ASYNC) @@ -87,9 +88,11 @@ struct { #define SCATTERLIST_MAX 16 struct swcr_data { + struct work_struct workq; int sw_type; int sw_alg; struct crypto_tfm *sw_tfm; + spinlock_t sw_tfm_lock; union { struct { char *sw_key; @@ -153,6 +156,9 @@ static struct kmem_cache *swcr_req_cache; #define crypto_blkcipher_decrypt_iv(W, X, Y, Z) \ crypto_cipher_decrypt_iv((W)->tfm, X, Y, Z, (u8 *)((W)->info)) #define crypto_blkcipher_set_flags(x, y) /* nop */ + #define crypto_free_blkcipher(x) crypto_free_tfm(x) + #define crypto_free_comp crypto_free_tfm + #define crypto_free_hash crypto_free_tfm /* Hash/HMAC/Digest */ struct hash_desc @@ -278,6 +284,54 @@ MODULE_PARM_DESC(swcr_debug, "Enable debug"); static void swcr_process_req(struct swcr_req *req); +/* + * somethings just need to be run with user context no matter whether + * the kernel compression libs use vmalloc/vfree for example. + */ + +typedef struct { + struct work_struct wq; + void (*func)(void *arg); + void *arg; +} execute_later_t; + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) +static void +doing_it_now(struct work_struct *wq) +{ + execute_later_t *w = container_of(wq, execute_later_t, wq); + (w->func)(w->arg); + kfree(w); +} +#else +static void +doing_it_now(void *arg) +{ + execute_later_t *w = (execute_later_t *) arg; + (w->func)(w->arg); + kfree(w); +} +#endif + +static void +execute_later(void (fn)(void *), void *arg) +{ + execute_later_t *w; + + w = (execute_later_t *) kmalloc(sizeof(execute_later_t), SLAB_ATOMIC); + if (w) { + memset(w, '\0', sizeof(w)); + w->func = fn; + w->arg = arg; +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) + INIT_WORK(&w->wq, doing_it_now); +#else + INIT_WORK(&w->wq, doing_it_now, w); +#endif + schedule_work(&w->wq); + } +} + /* * Generate a new software session. */ @@ -363,6 +417,8 @@ swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri) (*swd)->sw_type = crypto_details[cri->cri_alg].sw_type; (*swd)->sw_alg = cri->cri_alg; + spin_lock_init(&(*swd)->sw_tfm_lock); + /* Algorithm specific configuration */ switch (cri->cri_alg) { case CRYPTO_NULL_CBC: @@ -379,19 +435,23 @@ swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri) /* try async first */ (*swd)->sw_tfm = swcr_no_ablk ? NULL : crypto_ablkcipher_tfm(crypto_alloc_ablkcipher(algo, 0, 0)); - if ((*swd)->sw_tfm) { + if ((*swd)->sw_tfm && !IS_ERR((*swd)->sw_tfm)) { dprintk("%s %s cipher is async\n", __FUNCTION__, algo); (*swd)->sw_type |= SW_TYPE_ASYNC; } else { - dprintk("%s %s cipher is sync\n", __FUNCTION__, algo); (*swd)->sw_tfm = crypto_blkcipher_tfm( crypto_alloc_blkcipher(algo, 0, CRYPTO_ALG_ASYNC)); + if ((*swd)->sw_tfm && !IS_ERR((*swd)->sw_tfm)) + dprintk("%s %s cipher is sync\n", __FUNCTION__, algo); } - if (!(*swd)->sw_tfm) { + if (!(*swd)->sw_tfm || IS_ERR((*swd)->sw_tfm)) { + int err; dprintk("cryptosoft: crypto_alloc_blkcipher failed(%s, 0x%x)\n", algo,mode); + err = IS_ERR((*swd)->sw_tfm) ? -(PTR_ERR((*swd)->sw_tfm)) : EINVAL; + (*swd)->sw_tfm = NULL; /* ensure NULL */ swcr_freesession(NULL, i); - return EINVAL; + return err; } if (debug) { @@ -536,7 +596,11 @@ swcr_freesession(device_t dev, u_int64_t tid) crypto_free_hash(crypto_hash_cast(swd->sw_tfm)); break; case SW_TYPE_COMP: - crypto_free_comp(crypto_comp_cast(swd->sw_tfm)); + if (in_interrupt()) + execute_later((void (*)(void *))crypto_free_comp, (void *)crypto_comp_cast(swd->sw_tfm)); + else + crypto_free_comp(crypto_comp_cast(swd->sw_tfm)); + break; default: crypto_free_tfm(swd->sw_tfm); break; @@ -555,32 +619,40 @@ swcr_freesession(device_t dev, u_int64_t tid) return 0; } -#if defined(HAVE_ABLKCIPHER) || defined(HAVE_AHASH) -/* older kernels had no async interface */ - -static void swcr_process_callback(struct crypto_async_request *creq, int err) +static void swcr_process_req_complete(struct swcr_req *req) { - struct swcr_req *req = creq->data; - dprintk("%s()\n", __FUNCTION__); - if (err) { - if (err == -EINPROGRESS) - return; - dprintk("%s() fail %d\n", __FUNCTION__, -err); - req->crp->crp_etype = -err; - goto done; + + if (req->sw->sw_type & SW_TYPE_INUSE) { + unsigned long flags; + spin_lock_irqsave(&req->sw->sw_tfm_lock, flags); + req->sw->sw_type &= ~SW_TYPE_INUSE; + spin_unlock_irqrestore(&req->sw->sw_tfm_lock, flags); } + if (req->crp->crp_etype) + goto done; + switch (req->sw->sw_type & SW_TYPE_ALG_AMASK) { +#if defined(HAVE_AHASH) case SW_TYPE_AHMAC: case SW_TYPE_AHASH: crypto_copyback(req->crp->crp_flags, req->crp->crp_buf, req->crd->crd_inject, req->sw->u.hmac.sw_mlen, req->result); ahash_request_free(req->crypto_req); break; +#endif +#if defined(HAVE_ABLKCIPHER) case SW_TYPE_ABLKCIPHER: ablkcipher_request_free(req->crypto_req); break; +#endif + case SW_TYPE_CIPHER: + case SW_TYPE_HMAC: + case SW_TYPE_HASH: + case SW_TYPE_COMP: + case SW_TYPE_BLKCIPHER: + break; default: req->crp->crp_etype = EINVAL; goto done; @@ -597,6 +669,22 @@ done: crypto_done(req->crp); kmem_cache_free(swcr_req_cache, req); } + +#if defined(HAVE_ABLKCIPHER) || defined(HAVE_AHASH) +static void swcr_process_callback(struct crypto_async_request *creq, int err) +{ + struct swcr_req *req = creq->data; + + dprintk("%s()\n", __FUNCTION__); + if (err) { + if (err == -EINPROGRESS) + return; + dprintk("%s() fail %d\n", __FUNCTION__, -err); + req->crp->crp_etype = -err; + } + + swcr_process_req_complete(req); +} #endif /* defined(HAVE_ABLKCIPHER) || defined(HAVE_AHASH) */ @@ -631,6 +719,29 @@ static void swcr_process_req(struct swcr_req *req) goto done; } + /* + * for some types we need to ensure only one user as info is stored in + * the tfm during an operation that can get corrupted + */ + switch (sw->sw_type & SW_TYPE_ALG_AMASK) { +#ifdef HAVE_AHASH + case SW_TYPE_AHMAC: + case SW_TYPE_AHASH: +#endif + case SW_TYPE_HMAC: + case SW_TYPE_HASH: { + unsigned long flags; + spin_lock_irqsave(&sw->sw_tfm_lock, flags); + if (sw->sw_type & SW_TYPE_INUSE) { + spin_unlock_irqrestore(&sw->sw_tfm_lock, flags); + execute_later((void (*)(void *))swcr_process_req, (void *)req); + return; + } + sw->sw_type |= SW_TYPE_INUSE; + spin_unlock_irqrestore(&sw->sw_tfm_lock, flags); + } break; + } + req->sw = sw; skip = crd->crd_skip; @@ -722,7 +833,7 @@ static void swcr_process_req(struct swcr_req *req) } req->crypto_req = - ahash_request_alloc(__crypto_ahash_cast(sw->sw_tfm),GFP_KERNEL); + ahash_request_alloc(__crypto_ahash_cast(sw->sw_tfm),GFP_ATOMIC); if (!req->crypto_req) { crp->crp_etype = ENOMEM; dprintk("%s,%d: ENOMEM ahash_request_alloc", __FILE__, __LINE__); @@ -747,7 +858,6 @@ static void swcr_process_req(struct swcr_req *req) case 0: dprintk("hash OP %s %d\n", ret ? "failed" : "success", ret); crp->crp_etype = ret; - ahash_request_free(req->crypto_req); goto done; } } break; @@ -776,7 +886,7 @@ static void swcr_process_req(struct swcr_req *req) } req->crypto_req = ablkcipher_request_alloc( - __crypto_ablkcipher_cast(sw->sw_tfm), GFP_KERNEL); + __crypto_ablkcipher_cast(sw->sw_tfm), GFP_ATOMIC); if (!req->crypto_req) { crp->crp_etype = ENOMEM; dprintk("%s,%d: ENOMEM ablkcipher_request_alloc", @@ -1028,8 +1138,6 @@ static void swcr_process_req(struct swcr_req *req) crd->crd_inject, olen, obuf); crp->crp_olen = olen; } - - } break; default: @@ -1040,8 +1148,7 @@ static void swcr_process_req(struct swcr_req *req) } done: - crypto_done(crp); - kmem_cache_free(swcr_req_cache, req); + swcr_process_req_complete(req); } @@ -1209,5 +1316,5 @@ late_initcall(cryptosoft_init); module_exit(cryptosoft_exit); MODULE_LICENSE("Dual BSD/GPL"); -MODULE_AUTHOR("David McCullough "); +MODULE_AUTHOR("David McCullough "); MODULE_DESCRIPTION("Cryptosoft (OCF module for kernel crypto)"); diff --git a/target/linux/generic/files/crypto/ocf/hifn/hifn7751.c b/target/linux/generic/files/crypto/ocf/hifn/hifn7751.c index ad704c7fabd..4803a83a5a3 100644 --- a/target/linux/generic/files/crypto/ocf/hifn/hifn7751.c +++ b/target/linux/generic/files/crypto/ocf/hifn/hifn7751.c @@ -47,10 +47,8 @@ __FBSDID("$FreeBSD: src/sys/dev/hifn/hifn7751.c,v 1.40 2007/03/21 03:42:49 sam E * Driver for various Hifn encryption processors. */ #include -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -#include -#else -#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include #endif #include #include @@ -63,7 +61,6 @@ __FBSDID("$FreeBSD: src/sys/dev/hifn/hifn7751.c,v 1.40 2007/03/21 03:42:49 sam E #include #include #include -#include #include #include @@ -437,7 +434,7 @@ hifn_probe(struct pci_dev *dev, const struct pci_device_id *ent) if (pci_enable_device(dev) < 0) return(-ENODEV); -#ifdef CONFIG_HAVE_PCI_SET_MWI +#ifdef HAVE_PCI_SET_MWI if (pci_set_mwi(dev)) return(-ENODEV); #endif @@ -873,7 +870,7 @@ hifn_set_retry(struct hifn_softc *sc) DPRINTF("%s()\n", __FUNCTION__); /* NB: RETRY only responds to 8-bit reads/writes */ pci_write_config_byte(sc->sc_pcidev, HIFN_RETRY_TIMEOUT, 0); - pci_write_config_dword(sc->sc_pcidev, HIFN_TRDY_TIMEOUT, 0); + pci_write_config_byte(sc->sc_pcidev, HIFN_TRDY_TIMEOUT, 0); /* piggy back the cache line setting here */ pci_write_config_byte(sc->sc_pcidev, PCI_CACHE_LINE_SIZE, hifn_cache_linesize); } @@ -2380,11 +2377,6 @@ hifn_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri) case CRYPTO_DES_CBC: case CRYPTO_3DES_CBC: case CRYPTO_AES_CBC: - /* XXX this may read fewer, does it matter? */ - read_random(ses->hs_iv, - c->cri_alg == CRYPTO_AES_CBC ? - HIFN_AES_IV_LENGTH : HIFN_IV_LENGTH); - /*FALLTHROUGH*/ case CRYPTO_ARC4: if (cry) { DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); @@ -2580,8 +2572,7 @@ hifn_process(device_t dev, struct cryptop *crp, int hint) if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) bcopy(enccrd->crd_iv, cmd->iv, ivlen); else - bcopy(sc->sc_sessions[session].hs_iv, - cmd->iv, ivlen); + read_random(cmd->iv, ivlen); if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) { @@ -2786,7 +2777,7 @@ hifn_callback(struct hifn_softc *sc, struct hifn_command *cmd, u_int8_t *macbuf) struct hifn_dma *dma = sc->sc_dma; struct cryptop *crp = cmd->crp; struct cryptodesc *crd; - int i, u, ivlen; + int i, u; DPRINTF("%s()\n", __FUNCTION__); @@ -2851,22 +2842,6 @@ hifn_callback(struct hifn_softc *sc, struct hifn_command *cmd, u_int8_t *macbuf) hifnstats.hst_obytes += cmd->dst_mapsize; - if ((cmd->base_masks & (HIFN_BASE_CMD_CRYPT | HIFN_BASE_CMD_DECODE)) == - HIFN_BASE_CMD_CRYPT) { - for (crd = crp->crp_desc; crd; crd = crd->crd_next) { - if (crd->crd_alg != CRYPTO_DES_CBC && - crd->crd_alg != CRYPTO_3DES_CBC && - crd->crd_alg != CRYPTO_AES_CBC) - continue; - ivlen = ((crd->crd_alg == CRYPTO_AES_CBC) ? - HIFN_AES_IV_LENGTH : HIFN_IV_LENGTH); - crypto_copydata(crp->crp_flags, crp->crp_buf, - crd->crd_skip + crd->crd_len - ivlen, ivlen, - cmd->softc->sc_sessions[cmd->session_num].hs_iv); - break; - } - } - if (macbuf != NULL) { for (crd = crp->crp_desc; crd; crd = crd->crd_next) { int len; diff --git a/target/linux/generic/files/crypto/ocf/hifn/hifn7751var.h b/target/linux/generic/files/crypto/ocf/hifn/hifn7751var.h index 9a5f2319dbc..c5d30f962a7 100644 --- a/target/linux/generic/files/crypto/ocf/hifn/hifn7751var.h +++ b/target/linux/generic/files/crypto/ocf/hifn/hifn7751var.h @@ -113,7 +113,6 @@ struct hifn_dma { struct hifn_session { int hs_used; int hs_mlen; - u_int8_t hs_iv[HIFN_MAX_IV_LENGTH]; }; #define HIFN_RING_SYNC(sc, r, i, f) \ diff --git a/target/linux/generic/files/crypto/ocf/hifn/hifnHIPP.c b/target/linux/generic/files/crypto/ocf/hifn/hifnHIPP.c index cdc23e926f8..5bb56025673 100644 --- a/target/linux/generic/files/crypto/ocf/hifn/hifnHIPP.c +++ b/target/linux/generic/files/crypto/ocf/hifn/hifnHIPP.c @@ -33,10 +33,8 @@ * Driver for various Hifn encryption processors. */ #include -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -#include -#else -#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include #endif #include #include @@ -49,7 +47,6 @@ #include #include #include -#include #include #include #include @@ -211,7 +208,7 @@ hipp_probe(struct pci_dev *dev, const struct pci_device_id *ent) if (pci_enable_device(dev) < 0) return(-ENODEV); -#ifdef CONFIG_HAVE_PCI_SET_MWI +#ifdef HAVE_PCI_SET_MWI if (pci_set_mwi(dev)) return(-ENODEV); #endif diff --git a/target/linux/generic/files/crypto/ocf/ixp4xx/ixp4xx.c b/target/linux/generic/files/crypto/ocf/ixp4xx/ixp4xx.c index a9eabf0bdc8..ede598fa541 100644 --- a/target/linux/generic/files/crypto/ocf/ixp4xx/ixp4xx.c +++ b/target/linux/generic/files/crypto/ocf/ixp4xx/ixp4xx.c @@ -4,7 +4,7 @@ * from Intel in order to operate (or compile). * * Written by David McCullough - * Copyright (C) 2006-2010 David McCullough + * Copyright (C) 2006-2011 David McCullough * Copyright (C) 2004-2005 Intel Corporation. * * LICENSE TERMS @@ -34,10 +34,8 @@ */ #include -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -#include -#else -#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include #endif #include #include @@ -448,14 +446,28 @@ ixp_q_process(struct ixp_q *q) dprintk("%s(%p)\n", __FUNCTION__, q); if (q->ixp_q_ccrd) { - if (q->ixp_q_ccrd->crd_flags & CRD_F_IV_EXPLICIT) { - q->ixp_q_iv = q->ixp_q_ccrd->crd_iv; + if (q->ixp_q_ccrd->crd_flags & CRD_F_ENCRYPT) { + if (q->ixp_q_ccrd->crd_flags & CRD_F_IV_EXPLICIT) { + q->ixp_q_iv = q->ixp_q_ccrd->crd_iv; + } else { + q->ixp_q_iv = q->ixp_q_iv_data; + read_random(q->ixp_q_iv, ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen); + } + if ((q->ixp_q_ccrd->crd_flags & CRD_F_IV_PRESENT) == 0) + crypto_copyback(q->ixp_q_crp->crp_flags, q->ixp_q_crp->crp_buf, + q->ixp_q_ccrd->crd_inject, + ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen, + (caddr_t) q->ixp_q_iv); } else { - q->ixp_q_iv = q->ixp_q_iv_data; - crypto_copydata(q->ixp_q_crp->crp_flags, q->ixp_q_crp->crp_buf, - q->ixp_q_ccrd->crd_inject, - ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen, - (caddr_t) q->ixp_q_iv); + if (q->ixp_q_ccrd->crd_flags & CRD_F_IV_EXPLICIT) + q->ixp_q_iv = q->ixp_q_ccrd->crd_iv; + else { + q->ixp_q_iv = q->ixp_q_iv_data; + crypto_copydata(q->ixp_q_crp->crp_flags, q->ixp_q_crp->crp_buf, + q->ixp_q_ccrd->crd_inject, + ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen, + (caddr_t) q->ixp_q_iv); + } } if (q->ixp_q_acrd) { diff --git a/target/linux/generic/files/crypto/ocf/kirkwood/cesa/AES/mvAesBoxes.dat b/target/linux/generic/files/crypto/ocf/kirkwood/cesa/AES/mvAesBoxes.dat new file mode 100644 index 00000000000..4011b187b43 --- /dev/null +++ b/target/linux/generic/files/crypto/ocf/kirkwood/cesa/AES/mvAesBoxes.dat @@ -0,0 +1,123 @@ +static MV_U8 mask[256] = { +0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +}; + +static MV_U8 Logtable[256] = { + 0, 0, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3, +100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28, 193, +125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201, 9, 120, +101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53, 147, 218, 142, +150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241, 64, 70, 131, 56, +102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226, 152, 34, 136, 145, 16, +126, 110, 72, 195, 163, 182, 30, 66, 58, 107, 40, 84, 250, 133, 61, 186, + 43, 121, 10, 21, 155, 159, 94, 202, 78, 212, 172, 229, 243, 115, 167, 87, +175, 88, 168, 80, 244, 234, 214, 116, 79, 174, 233, 213, 231, 230, 173, 232, + 44, 215, 117, 122, 235, 22, 11, 245, 89, 203, 95, 176, 156, 169, 81, 160, +127, 12, 246, 111, 23, 196, 73, 236, 216, 67, 31, 45, 164, 118, 123, 183, +204, 187, 62, 90, 251, 96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157, +151, 178, 135, 144, 97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209, + 83, 57, 132, 60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171, + 68, 17, 146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165, +103, 74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7, +}; + +static MV_U8 Alogtable[512] = { + 1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53, + 95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170, +229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49, + 83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205, + 76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136, +131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154, +181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163, +254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160, +251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65, +195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117, +159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128, +155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84, +252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202, + 69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14, + 18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23, + 57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1, + + 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53, + 95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170, +229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49, + 83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205, + 76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136, +131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154, +181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163, +254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160, +251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65, +195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117, +159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128, +155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84, +252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202, + 69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14, + 18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23, + 57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1, + +}; + +static MV_U8 S[256] = { + 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, +202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, +183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, + 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, + 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132, + 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, +208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, + 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, +205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, + 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, +224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, +231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, +186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, +112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, +225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, +140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22, +}; + +static MV_U8 Si[256] = { + 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251, +124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203, + 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78, + 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37, +114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146, +108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132, +144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6, +208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107, + 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115, +150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110, + 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27, +252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244, + 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95, + 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239, +160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97, + 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125, +}; + +/* +static MV_U8 iG[4][4] = { +{0x0e, 0x09, 0x0d, 0x0b}, +{0x0b, 0x0e, 0x09, 0x0d}, +{0x0d, 0x0b, 0x0e, 0x09}, +{0x09, 0x0d, 0x0b, 0x0e}, +}; +*/ +static MV_U32 rcon[30] = { + 0x01,0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, }; diff --git a/target/linux/generic/files/crypto/ocf/kirkwood/cesa_ocf_drv.c b/target/linux/generic/files/crypto/ocf/kirkwood/cesa_ocf_drv.c index fb51947a1a2..1d889ff148b 100644 --- a/target/linux/generic/files/crypto/ocf/kirkwood/cesa_ocf_drv.c +++ b/target/linux/generic/files/crypto/ocf/kirkwood/cesa_ocf_drv.c @@ -27,10 +27,8 @@ disclaimer. *******************************************************************************/ #include -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -#include -#else -#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include #endif #include #include @@ -501,7 +499,7 @@ cesa_ocf_process(device_t dev, struct cryptop *crp, int hint) if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) { dprintk("%s,%d: copy the IV back to the buffer\n", __FILE__, __LINE__); cesa_cmd->ivOffset = crd->crd_inject; - crypto_copy_bits_back(crp->crp_buf, crd->crd_inject, ivp, cesa_ocf_cur_ses->ivlen); + crypto_copyback(crp->crp_flags, crp->crp_buf, crd->crd_inject, cesa_ocf_cur_ses->ivlen, ivp); } else { dprintk("%s,%d: don't copy the IV back to the buffer \n", __FILE__, __LINE__); diff --git a/target/linux/generic/files/crypto/ocf/ocf-bench.c b/target/linux/generic/files/crypto/ocf/ocf-bench.c index 8a3c40e8d0f..f3fe9d0e9af 100644 --- a/target/linux/generic/files/crypto/ocf/ocf-bench.c +++ b/target/linux/generic/files/crypto/ocf/ocf-bench.c @@ -31,10 +31,8 @@ #include -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -#include -#else -#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include #endif #include #include @@ -43,7 +41,6 @@ #include #include #include -#include #include #include @@ -70,22 +67,38 @@ /* * the number of simultaneously active requests */ -static int request_q_len = 20; +static int request_q_len = 40; module_param(request_q_len, int, 0); MODULE_PARM_DESC(request_q_len, "Number of outstanding requests"); + /* * how many requests we want to have processed */ static int request_num = 1024; module_param(request_num, int, 0); MODULE_PARM_DESC(request_num, "run for at least this many requests"); + /* * the size of each request */ -static int request_size = 1500; +static int request_size = 1488; module_param(request_size, int, 0); MODULE_PARM_DESC(request_size, "size of each request"); +/* + * OCF batching of requests + */ +static int request_batch = 1; +module_param(request_batch, int, 0); +MODULE_PARM_DESC(request_batch, "enable OCF request batching"); + +/* + * OCF immediate callback on completion + */ +static int request_cbimm = 1; +module_param(request_cbimm, int, 0); +MODULE_PARM_DESC(request_cbimm, "enable OCF immediate callback on completion"); + /* * a structure for each request */ @@ -99,6 +112,7 @@ typedef struct { static request_t *requests; +static spinlock_t ocfbench_counter_lock; static int outstanding; static int total; @@ -108,6 +122,8 @@ static int total; */ static uint64_t ocf_cryptoid; +static unsigned long jstart, jstop; + static int ocf_init(void); static int ocf_cb(struct cryptop *crp); static void ocf_request(void *arg); @@ -131,13 +147,15 @@ ocf_init(void) cria.cri_klen = 20 * 8; cria.cri_key = "0123456789abcdefghij"; - crie.cri_alg = CRYPTO_3DES_CBC; + //crie.cri_alg = CRYPTO_3DES_CBC; + crie.cri_alg = CRYPTO_AES_CBC; crie.cri_klen = 24 * 8; crie.cri_key = "0123456789abcdefghijklmn"; crie.cri_next = &cria; - error = crypto_newsession(&ocf_cryptoid, &crie, 0); + error = crypto_newsession(&ocf_cryptoid, &crie, + CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE); if (error) { printk("crypto_newsession failed %d\n", error); return -1; @@ -149,23 +167,23 @@ static int ocf_cb(struct cryptop *crp) { request_t *r = (request_t *) crp->crp_opaque; + unsigned long flags; if (crp->crp_etype) printk("Error in OCF processing: %d\n", crp->crp_etype); - total++; crypto_freereq(crp); crp = NULL; - if (total > request_num) { + /* do all requests but take at least 1 second */ + spin_lock_irqsave(&ocfbench_counter_lock, flags); + total++; + if (total > request_num && jstart + HZ < jiffies) { outstanding--; + spin_unlock_irqrestore(&ocfbench_counter_lock, flags); return 0; } + spin_unlock_irqrestore(&ocfbench_counter_lock, flags); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) - INIT_WORK(&r->work, ocf_request_wq); -#else - INIT_WORK(&r->work, ocf_request, r); -#endif schedule_work(&r->work); return 0; } @@ -177,9 +195,12 @@ ocf_request(void *arg) request_t *r = arg; struct cryptop *crp = crypto_getreq(2); struct cryptodesc *crde, *crda; + unsigned long flags; if (!crp) { + spin_lock_irqsave(&ocfbench_counter_lock, flags); outstanding--; + spin_unlock_irqrestore(&ocfbench_counter_lock, flags); return; } @@ -198,12 +219,17 @@ ocf_request(void *arg) crde->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_ENCRYPT; crde->crd_len = request_size; crde->crd_inject = request_size; - crde->crd_alg = CRYPTO_3DES_CBC; + //crde->crd_alg = CRYPTO_3DES_CBC; + crde->crd_alg = CRYPTO_AES_CBC; crde->crd_key = "0123456789abcdefghijklmn"; crde->crd_klen = 24 * 8; crp->crp_ilen = request_size + 64; - crp->crp_flags = CRYPTO_F_CBIMM; + crp->crp_flags = 0; + if (request_batch) + crp->crp_flags |= CRYPTO_F_BATCH; + if (request_cbimm) + crp->crp_flags |= CRYPTO_F_CBIMM; crp->crp_buf = (caddr_t) r->buffer; crp->crp_callback = ocf_cb; crp->crp_sid = ocf_cryptoid; @@ -220,6 +246,12 @@ ocf_request_wq(struct work_struct *work) } #endif +static void +ocf_done(void) +{ + crypto_freesession(ocf_cryptoid); +} + /*************************************************************************/ #ifdef BENCH_IXP_ACCESS_LIB /*************************************************************************/ @@ -306,24 +338,25 @@ ixp_perform_cb( IxCryptoAccStatus status) { request_t *r = NULL; + unsigned long flags; + /* do all requests but take at least 1 second */ + spin_lock_irqsave(&ocfbench_counter_lock, flags); total++; - if (total > request_num) { + if (total > request_num && jstart + HZ < jiffies) { outstanding--; + spin_unlock_irqrestore(&ocfbench_counter_lock, flags); return; } if (!sbufp || !(r = IX_MBUF_PRIV(sbufp))) { printk("crappo %p %p\n", sbufp, r); outstanding--; + spin_unlock_irqrestore(&ocfbench_counter_lock, flags); return; } + spin_unlock_irqrestore(&ocfbench_counter_lock, flags); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) - INIT_WORK(&r->work, ixp_request_wq); -#else - INIT_WORK(&r->work, ixp_request, r); -#endif schedule_work(&r->work); } @@ -332,6 +365,7 @@ ixp_request(void *arg) { request_t *r = arg; IxCryptoAccStatus status; + unsigned long flags; memset(&r->mbuf, 0, sizeof(r->mbuf)); IX_MBUF_MLEN(&r->mbuf) = IX_MBUF_PKT_LEN(&r->mbuf) = request_size + 64; @@ -341,7 +375,9 @@ ixp_request(void *arg) 0, request_size, 0, request_size, request_size, r->buffer); if (IX_CRYPTO_ACC_STATUS_SUCCESS != status) { printk("status1 = %d\n", status); + spin_lock_irqsave(&ocfbench_counter_lock, flags); outstanding--; + spin_unlock_irqrestore(&ocfbench_counter_lock, flags); return; } return; @@ -356,6 +392,12 @@ ixp_request_wq(struct work_struct *work) } #endif +static void +ixp_done(void) +{ + /* we should free the session here but I am lazy :-) */ +} + /*************************************************************************/ #endif /* BENCH_IXP_ACCESS_LIB */ /*************************************************************************/ @@ -363,7 +405,9 @@ ixp_request_wq(struct work_struct *work) int ocfbench_init(void) { - int i, jstart, jstop; + int i; + unsigned long mbps; + unsigned long flags; printk("Crypto Speed tests\n"); @@ -375,6 +419,11 @@ ocfbench_init(void) for (i = 0; i < request_q_len; i++) { /* +64 for return data */ +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) + INIT_WORK(&requests[i].work, ocf_request_wq); +#else + INIT_WORK(&requests[i].work, ocf_request, &requests[i]); +#endif requests[i].buffer = kmalloc(request_size + 128, GFP_DMA); if (!requests[i].buffer) { printk("malloc failed\n"); @@ -387,19 +436,31 @@ ocfbench_init(void) * OCF benchmark */ printk("OCF: testing ...\n"); - ocf_init(); + if (ocf_init() == -1) + return -EINVAL; + + spin_lock_init(&ocfbench_counter_lock); total = outstanding = 0; jstart = jiffies; for (i = 0; i < request_q_len; i++) { + spin_lock_irqsave(&ocfbench_counter_lock, flags); outstanding++; + spin_unlock_irqrestore(&ocfbench_counter_lock, flags); ocf_request(&requests[i]); } while (outstanding > 0) schedule(); jstop = jiffies; - printk("OCF: %d requests of %d bytes in %d jiffies\n", total, request_size, - jstop - jstart); + mbps = 0; + if (jstop > jstart) { + mbps = (unsigned long) total * (unsigned long) request_size * 8; + mbps /= ((jstop - jstart) * 1000) / HZ; + } + printk("OCF: %d requests of %d bytes in %d jiffies (%d.%03d Mbps)\n", + total, request_size, (int)(jstop - jstart), + ((int)mbps) / 1000, ((int)mbps) % 1000); + ocf_done(); #ifdef BENCH_IXP_ACCESS_LIB /* @@ -410,15 +471,29 @@ ocfbench_init(void) total = outstanding = 0; jstart = jiffies; for (i = 0; i < request_q_len; i++) { +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) + INIT_WORK(&requests[i].work, ixp_request_wq); +#else + INIT_WORK(&requests[i].work, ixp_request, &requests[i]); +#endif + spin_lock_irqsave(&ocfbench_counter_lock, flags); outstanding++; + spin_unlock_irqrestore(&ocfbench_counter_lock, flags); ixp_request(&requests[i]); } while (outstanding > 0) schedule(); jstop = jiffies; - printk("IXP: %d requests of %d bytes in %d jiffies\n", total, request_size, - jstop - jstart); + mbps = 0; + if (jstop > jstart) { + mbps = (unsigned long) total * (unsigned long) request_size * 8; + mbps /= ((jstop - jstart) * 1000) / HZ; + } + printk("IXP: %d requests of %d bytes in %d jiffies (%d.%03d Mbps)\n", + total, request_size, jstop - jstart, + ((int)mbps) / 1000, ((int)mbps) % 1000); + ixp_done(); #endif /* BENCH_IXP_ACCESS_LIB */ for (i = 0; i < request_q_len; i++) diff --git a/target/linux/generic/files/crypto/ocf/ocf-compat.h b/target/linux/generic/files/crypto/ocf/ocf-compat.h index 212f971239d..2d985360f27 100644 --- a/target/linux/generic/files/crypto/ocf/ocf-compat.h +++ b/target/linux/generic/files/crypto/ocf/ocf-compat.h @@ -34,6 +34,11 @@ */ /****************************************************************************/ #ifdef __KERNEL__ +#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include +#endif + /* * fake some BSD driver interface stuff specifically for OCF use */ @@ -288,6 +293,72 @@ static inline void *sg_virt(struct scatterlist *sg) #define late_initcall(init) module_init(init) #endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,4) || !defined(CONFIG_SMP) +#define ocf_for_each_cpu(cpu) for ((cpu) = 0; (cpu) == 0; (cpu)++) +#else +#define ocf_for_each_cpu(cpu) for_each_present_cpu(cpu) +#endif + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27) +#include +#define kill_proc(p,s,v) send_sig(s,find_task_by_vpid(p),0) +#endif + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,4) + +struct ocf_thread { + struct task_struct *task; + int (*func)(void *arg); + void *arg; +}; + +/* thread startup helper func */ +static inline int ocf_run_thread(void *arg) +{ + struct ocf_thread *t = (struct ocf_thread *) arg; + if (!t) + return -1; /* very bad */ + t->task = current; + daemonize(); + spin_lock_irq(¤t->sigmask_lock); + sigemptyset(¤t->blocked); + recalc_sigpending(current); + spin_unlock_irq(¤t->sigmask_lock); + return (*t->func)(t->arg); +} + +#define kthread_create(f,a,fmt...) \ + ({ \ + struct ocf_thread t; \ + pid_t p; \ + t.task = NULL; \ + t.func = (f); \ + t.arg = (a); \ + p = kernel_thread(ocf_run_thread, &t, CLONE_FS|CLONE_FILES); \ + while (p != (pid_t) -1 && t.task == NULL) \ + schedule(); \ + if (t.task) \ + snprintf(t.task->comm, sizeof(t.task->comm), fmt); \ + (t.task); \ + }) + +#define kthread_bind(t,cpu) /**/ + +#define kthread_should_stop() (strcmp(current->comm, "stopping") == 0) + +#define kthread_stop(t) \ + ({ \ + strcpy((t)->comm, "stopping"); \ + kill_proc((t)->pid, SIGTERM, 1); \ + do { \ + schedule(); \ + } while (kill_proc((t)->pid, SIGTERM, 1) == 0); \ + }) + +#else +#include +#endif + #endif /* __KERNEL__ */ /****************************************************************************/ diff --git a/target/linux/generic/files/crypto/ocf/ocfnull/ocfnull.c b/target/linux/generic/files/crypto/ocf/ocfnull/ocfnull.c index 0c271cdc742..9cf3f6e029c 100644 --- a/target/linux/generic/files/crypto/ocf/ocfnull/ocfnull.c +++ b/target/linux/generic/files/crypto/ocf/ocfnull/ocfnull.c @@ -34,10 +34,8 @@ */ #include -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -#include -#else -#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include #endif #include #include diff --git a/target/linux/generic/files/crypto/ocf/pasemi/pasemi.c b/target/linux/generic/files/crypto/ocf/pasemi/pasemi.c index e259dd390af..1b4333cddee 100644 --- a/target/linux/generic/files/crypto/ocf/pasemi/pasemi.c +++ b/target/linux/generic/files/crypto/ocf/pasemi/pasemi.c @@ -18,10 +18,8 @@ */ #include -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -#include -#else -#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include #endif #include #include @@ -240,11 +238,6 @@ pasemi_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri) if (encini) { ses->ccmd = ccmd; - - /* get an IV */ - /* XXX may read fewer than requested */ - get_random_bytes(ses->civ, sizeof(ses->civ)); - ses->keysz = (encini->cri_klen - 63) / 64; memcpy(ses->key, encini->cri_key, (ses->keysz + 1) * 8); @@ -451,6 +444,8 @@ pasemi_process(device_t dev, struct cryptop *crp, int hint) if (enccrd->crd_flags & CRD_F_ENCRYPT) { if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) memcpy(ivp, enccrd->crd_iv, ivsize); + else + read_random(ivp, ivsize); /* If IV is not present in the buffer already, it has to be copied there */ if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) crypto_copyback(crp->crp_flags, crp->crp_buf, diff --git a/target/linux/generic/files/crypto/ocf/random.c b/target/linux/generic/files/crypto/ocf/random.c index d004fde6c7e..4bb773ffb95 100644 --- a/target/linux/generic/files/crypto/ocf/random.c +++ b/target/linux/generic/files/crypto/ocf/random.c @@ -36,10 +36,8 @@ */ #include -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -#include -#else -#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include #endif #include #include @@ -48,7 +46,6 @@ #include #include #include -#include #include #include #include @@ -62,11 +59,6 @@ #error "Please do not enable OCF_RANDOMHARVEST unless you have applied patches" #endif -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27) -#include -#define kill_proc(p,s,v) send_sig(s,find_task_by_vpid(p),0) -#endif - /* * a hack to access the debug levels from the crypto driver */ diff --git a/target/linux/generic/files/crypto/ocf/rndtest.c b/target/linux/generic/files/crypto/ocf/rndtest.c index 78d490a080b..7bed6a19317 100644 --- a/target/linux/generic/files/crypto/ocf/rndtest.c +++ b/target/linux/generic/files/crypto/ocf/rndtest.c @@ -37,16 +37,13 @@ */ #include -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -#include -#else -#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include #endif #include #include #include #include -#include #include #include #include diff --git a/target/linux/generic/files/crypto/ocf/safe/hmachack.h b/target/linux/generic/files/crypto/ocf/safe/hmachack.h new file mode 100644 index 00000000000..598c958560c --- /dev/null +++ b/target/linux/generic/files/crypto/ocf/safe/hmachack.h @@ -0,0 +1,37 @@ +/* + * until we find a cleaner way, include the BSD md5/sha1 code + * here + */ +#ifdef HMAC_HACK +#define LITTLE_ENDIAN 1234 +#define BIG_ENDIAN 4321 +#ifdef __LITTLE_ENDIAN +#define BYTE_ORDER LITTLE_ENDIAN +#endif +#ifdef __BIG_ENDIAN +#define BYTE_ORDER BIG_ENDIAN +#endif + +u_int8_t hmac_ipad_buffer[64] = { + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 +}; + +u_int8_t hmac_opad_buffer[64] = { + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C +}; +#endif /* HMAC_HACK */ + diff --git a/target/linux/generic/files/crypto/ocf/safe/safe.c b/target/linux/generic/files/crypto/ocf/safe/safe.c index de7743154f9..189b95f6097 100644 --- a/target/linux/generic/files/crypto/ocf/safe/safe.c +++ b/target/linux/generic/files/crypto/ocf/safe/safe.c @@ -32,10 +32,8 @@ __FBSDID("$FreeBSD: src/sys/dev/safe/safe.c,v 1.18 2007/03/21 03:42:50 sam Exp $ */ #include -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -#include -#else -#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include #endif #include #include @@ -49,7 +47,6 @@ __FBSDID("$FreeBSD: src/sys/dev/safe/safe.c,v 1.18 2007/03/21 03:42:50 sam Exp $ #include #include #include -#include #include #include @@ -80,40 +77,11 @@ __FBSDID("$FreeBSD: src/sys/dev/safe/safe.c,v 1.18 2007/03/21 03:42:50 sam Exp $ */ #define HMAC_HACK 1 #ifdef HMAC_HACK -#define LITTLE_ENDIAN 1234 -#define BIG_ENDIAN 4321 -#ifdef __LITTLE_ENDIAN -#define BYTE_ORDER LITTLE_ENDIAN -#endif -#ifdef __BIG_ENDIAN -#define BYTE_ORDER BIG_ENDIAN -#endif +#include #include #include #include #include - -u_int8_t hmac_ipad_buffer[64] = { - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 -}; - -u_int8_t hmac_opad_buffer[64] = { - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C -}; #endif /* HMAC_HACK */ /* add proc entry for this */ @@ -564,10 +532,6 @@ safe_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri) ses->ses_used = 1; if (encini) { - /* get an IV */ - /* XXX may read fewer than requested */ - read_random(ses->ses_iv, sizeof(ses->ses_iv)); - ses->ses_klen = encini->cri_klen; if (encini->cri_key != NULL) safe_setup_enckey(ses, encini->cri_key); @@ -630,7 +594,7 @@ safe_process(device_t dev, struct cryptop *crp, int hint) struct safe_ringentry *re; struct safe_sarec *sa; struct safe_pdesc *pd; - u_int32_t cmd0, cmd1, staterec; + u_int32_t cmd0, cmd1, staterec, rand_iv[4]; unsigned long flags; DPRINTF(("%s()\n", __FUNCTION__)); @@ -779,7 +743,7 @@ safe_process(device_t dev, struct cryptop *crp, int hint) if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) iv = enccrd->crd_iv; else - iv = (caddr_t) ses->ses_iv; + read_random((iv = (caddr_t) &rand_iv[0]), sizeof(rand_iv)); if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) { crypto_copyback(crp->crp_flags, crp->crp_buf, enccrd->crd_inject, ivsize, iv); @@ -1129,31 +1093,6 @@ safe_callback(struct safe_softc *sc, struct safe_ringentry *re) return; } - if (re->re_flags & SAFE_QFLAGS_COPYOUTIV) { - /* copy out IV for future use */ - for (crd = crp->crp_desc; crd; crd = crd->crd_next) { - int i; - int ivsize; - - if (crd->crd_alg == CRYPTO_DES_CBC || - crd->crd_alg == CRYPTO_3DES_CBC) { - ivsize = 2*sizeof(u_int32_t); - } else if (crd->crd_alg == CRYPTO_AES_CBC) { - ivsize = 4*sizeof(u_int32_t); - } else - continue; - crypto_copydata(crp->crp_flags, crp->crp_buf, - crd->crd_skip + crd->crd_len - ivsize, ivsize, - (caddr_t)sc->sc_sessions[re->re_sesn].ses_iv); - for (i = 0; - i < ivsize/sizeof(sc->sc_sessions[re->re_sesn].ses_iv[0]); - i++) - sc->sc_sessions[re->re_sesn].ses_iv[i] = - cpu_to_le32(sc->sc_sessions[re->re_sesn].ses_iv[i]); - break; - } - } - if (re->re_flags & SAFE_QFLAGS_COPYOUTICV) { /* copy out ICV result */ for (crd = crp->crp_desc; crd; crd = crd->crd_next) { @@ -2005,10 +1944,12 @@ static int safe_probe(struct pci_dev *dev, const struct pci_device_id *ent) return(-ENODEV); } +#ifdef HAVE_PCI_SET_MWI if (pci_set_mwi(dev)) { printk("safe: pci_set_mwi failed!"); return(-ENODEV); } +#endif sc = (struct safe_softc *) kmalloc(sizeof(*sc), GFP_KERNEL); if (!sc) diff --git a/target/linux/generic/files/crypto/ocf/safe/safevar.h b/target/linux/generic/files/crypto/ocf/safe/safevar.h index 9039a5d31be..11d8304aace 100644 --- a/target/linux/generic/files/crypto/ocf/safe/safevar.h +++ b/target/linux/generic/files/crypto/ocf/safe/safevar.h @@ -145,7 +145,6 @@ struct safe_session { u_int32_t ses_mlen; /* hmac length in bytes */ u_int32_t ses_hminner[5]; /* hmac inner state */ u_int32_t ses_hmouter[5]; /* hmac outer state */ - u_int32_t ses_iv[4]; /* DES/3DES/AES iv */ }; struct safe_pkq { diff --git a/target/linux/generic/files/crypto/ocf/talitos/talitos.c b/target/linux/generic/files/crypto/ocf/talitos/talitos.c index 322f2ea8b7f..c4bc8c0fdb4 100644 --- a/target/linux/generic/files/crypto/ocf/talitos/talitos.c +++ b/target/linux/generic/files/crypto/ocf/talitos/talitos.c @@ -108,10 +108,8 @@ */ #include -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)) -#include -#else -#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED) +#include #endif #include #include @@ -123,7 +121,6 @@ #include /* dma_map_single() */ #include -#include #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,15) #include #endif @@ -421,10 +418,6 @@ talitos_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri) ses->ses_used = 1; if (encini) { - /* get an IV */ - /* XXX may read fewer than requested */ - read_random(ses->ses_iv, sizeof(ses->ses_iv)); - ses->ses_klen = (encini->cri_klen + 7) / 8; memcpy(ses->ses_key, encini->cri_key, ses->ses_klen); if (macini) { @@ -514,6 +507,7 @@ talitos_process(device_t dev, struct cryptop *crp, int hint) int hmac_key, hmac_data, cipher_iv, cipher_key, in_fifo, out_fifo, cipher_iv_out; static int chsel = -1; + u_int32_t rand_iv[4]; DPRINTF("%s()\n", __FUNCTION__); @@ -755,7 +749,7 @@ talitos_process(device_t dev, struct cryptop *crp, int hint) if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) iv = enccrd->crd_iv; else - iv = (caddr_t) ses->ses_iv; + read_random((iv = (caddr_t) rand_iv), sizeof(rand_iv)); if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) { crypto_copyback(crp->crp_flags, crp->crp_buf, enccrd->crd_inject, ivsize, iv); @@ -764,9 +758,8 @@ talitos_process(device_t dev, struct cryptop *crp, int hint) td->hdr |= TALITOS_DIR_INBOUND; if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) { iv = enccrd->crd_iv; - bcopy(enccrd->crd_iv, iv, ivsize); } else { - iv = (caddr_t) ses->ses_iv; + iv = (caddr_t) rand_iv; crypto_copydata(crp->crp_flags, crp->crp_buf, enccrd->crd_inject, ivsize, iv); } diff --git a/target/linux/generic/files/crypto/ocf/talitos/talitos_soft.h b/target/linux/generic/files/crypto/ocf/talitos/talitos_soft.h index 79efdbd314d..eda9c2efe10 100644 --- a/target/linux/generic/files/crypto/ocf/talitos/talitos_soft.h +++ b/target/linux/generic/files/crypto/ocf/talitos/talitos_soft.h @@ -69,7 +69,6 @@ struct talitos_session { u_int32_t ses_key[8]; /* DES/3DES/AES key */ u_int32_t ses_hmac[5]; /* hmac inner state */ u_int32_t ses_hmac_len; /* hmac length */ - u_int32_t ses_iv[4]; /* DES/3DES/AES iv */ u_int32_t ses_mlen; /* desired hash result len (12=ipsec or 16) */ }; diff --git a/target/linux/generic/files/crypto/ocf/ubsec_ssb/Makefile b/target/linux/generic/files/crypto/ocf/ubsec_ssb/Makefile new file mode 100644 index 00000000000..f973efd7b0c --- /dev/null +++ b/target/linux/generic/files/crypto/ocf/ubsec_ssb/Makefile @@ -0,0 +1,12 @@ +# for SGlinux builds +-include $(ROOTDIR)/modules/.config + +obj-$(CONFIG_OCF_UBSEC_SSB) += ubsec_ssb.o + +obj ?= . +EXTRA_CFLAGS += -I$(obj)/.. -I$(obj)/ + +ifdef TOPDIR +-include $(TOPDIR)/Rules.make +endif + diff --git a/target/linux/generic/files/crypto/ocf/ubsec_ssb/bsdqueue.h b/target/linux/generic/files/crypto/ocf/ubsec_ssb/bsdqueue.h new file mode 100644 index 00000000000..601055267d6 --- /dev/null +++ b/target/linux/generic/files/crypto/ocf/ubsec_ssb/bsdqueue.h @@ -0,0 +1,527 @@ +/* $OpenBSD: queue.h,v 1.32 2007/04/30 18:42:34 pedro Exp $ */ +/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */ + +/* + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)queue.h 8.5 (Berkeley) 8/20/94 + */ + +#ifndef _BSD_SYS_QUEUE_H_ +#define _BSD_SYS_QUEUE_H_ + +/* + * This file defines five types of data structures: singly-linked lists, + * lists, simple queues, tail queues, and circular queues. + * + * + * A singly-linked list is headed by a single forward pointer. The elements + * are singly linked for minimum space and pointer manipulation overhead at + * the expense of O(n) removal for arbitrary elements. New elements can be + * added to the list after an existing element or at the head of the list. + * Elements being removed from the head of the list should use the explicit + * macro for this purpose for optimum efficiency. A singly-linked list may + * only be traversed in the forward direction. Singly-linked lists are ideal + * for applications with large datasets and few or no removals or for + * implementing a LIFO queue. + * + * A list is headed by a single forward pointer (or an array of forward + * pointers for a hash table header). The elements are doubly linked + * so that an arbitrary element can be removed without a need to + * traverse the list. New elements can be added to the list before + * or after an existing element or at the head of the list. A list + * may only be traversed in the forward direction. + * + * A simple queue is headed by a pair of pointers, one the head of the + * list and the other to the tail of the list. The elements are singly + * linked to save space, so elements can only be removed from the + * head of the list. New elements can be added to the list before or after + * an existing element, at the head of the list, or at the end of the + * list. A simple queue may only be traversed in the forward direction. + * + * A tail queue is headed by a pair of pointers, one to the head of the + * list and the other to the tail of the list. The elements are doubly + * linked so that an arbitrary element can be removed without a need to + * traverse the list. New elements can be added to the list before or + * after an existing element, at the head of the list, or at the end of + * the list. A tail queue may be traversed in either direction. + * + * A circle queue is headed by a pair of pointers, one to the head of the + * list and the other to the tail of the list. The elements are doubly + * linked so that an arbitrary element can be removed without a need to + * traverse the list. New elements can be added to the list before or after + * an existing element, at the head of the list, or at the end of the list. + * A circle queue may be traversed in either direction, but has a more + * complex end of list detection. + * + * For details on the use of these macros, see the queue(3) manual page. + */ + +#if defined(QUEUE_MACRO_DEBUG) || (defined(_KERNEL) && defined(DIAGNOSTIC)) +#define _Q_INVALIDATE(a) (a) = ((void *)-1) +#else +#define _Q_INVALIDATE(a) +#endif + +/* + * Singly-linked List definitions. + */ +#define BSD_SLIST_HEAD(name, type) \ +struct name { \ + struct type *slh_first; /* first element */ \ +} + +#define BSD_SLIST_HEAD_INITIALIZER(head) \ + { NULL } + +#define BSD_SLIST_ENTRY(type) \ +struct { \ + struct type *sle_next; /* next element */ \ +} + +/* + * Singly-linked List access methods. + */ +#define BSD_SLIST_FIRST(head) ((head)->slh_first) +#define BSD_SLIST_END(head) NULL +#define BSD_SLIST_EMPTY(head) (BSD_SLIST_FIRST(head) == BSD_SLIST_END(head)) +#define BSD_SLIST_NEXT(elm, field) ((elm)->field.sle_next) + +#define BSD_SLIST_FOREACH(var, head, field) \ + for((var) = BSD_SLIST_FIRST(head); \ + (var) != BSD_SLIST_END(head); \ + (var) = BSD_SLIST_NEXT(var, field)) + +#define BSD_SLIST_FOREACH_PREVPTR(var, varp, head, field) \ + for ((varp) = &BSD_SLIST_FIRST((head)); \ + ((var) = *(varp)) != BSD_SLIST_END(head); \ + (varp) = &BSD_SLIST_NEXT((var), field)) + +/* + * Singly-linked List functions. + */ +#define BSD_SLIST_INIT(head) { \ + BSD_SLIST_FIRST(head) = BSD_SLIST_END(head); \ +} + +#define BSD_SLIST_INSERT_AFTER(slistelm, elm, field) do { \ + (elm)->field.sle_next = (slistelm)->field.sle_next; \ + (slistelm)->field.sle_next = (elm); \ +} while (0) + +#define BSD_SLIST_INSERT_HEAD(head, elm, field) do { \ + (elm)->field.sle_next = (head)->slh_first; \ + (head)->slh_first = (elm); \ +} while (0) + +#define BSD_SLIST_REMOVE_NEXT(head, elm, field) do { \ + (elm)->field.sle_next = (elm)->field.sle_next->field.sle_next; \ +} while (0) + +#define BSD_SLIST_REMOVE_HEAD(head, field) do { \ + (head)->slh_first = (head)->slh_first->field.sle_next; \ +} while (0) + +#define BSD_SLIST_REMOVE(head, elm, type, field) do { \ + if ((head)->slh_first == (elm)) { \ + BSD_SLIST_REMOVE_HEAD((head), field); \ + } else { \ + struct type *curelm = (head)->slh_first; \ + \ + while (curelm->field.sle_next != (elm)) \ + curelm = curelm->field.sle_next; \ + curelm->field.sle_next = \ + curelm->field.sle_next->field.sle_next; \ + _Q_INVALIDATE((elm)->field.sle_next); \ + } \ +} while (0) + +/* + * List definitions. + */ +#define BSD_LIST_HEAD(name, type) \ +struct name { \ + struct type *lh_first; /* first element */ \ +} + +#define BSD_LIST_HEAD_INITIALIZER(head) \ + { NULL } + +#define BSD_LIST_ENTRY(type) \ +struct { \ + struct type *le_next; /* next element */ \ + struct type **le_prev; /* address of previous next element */ \ +} + +/* + * List access methods + */ +#define BSD_LIST_FIRST(head) ((head)->lh_first) +#define BSD_LIST_END(head) NULL +#define BSD_LIST_EMPTY(head) (BSD_LIST_FIRST(head) == BSD_LIST_END(head)) +#define BSD_LIST_NEXT(elm, field) ((elm)->field.le_next) + +#define BSD_LIST_FOREACH(var, head, field) \ + for((var) = BSD_LIST_FIRST(head); \ + (var)!= BSD_LIST_END(head); \ + (var) = BSD_LIST_NEXT(var, field)) + +/* + * List functions. + */ +#define BSD_LIST_INIT(head) do { \ + BSD_LIST_FIRST(head) = BSD_LIST_END(head); \ +} while (0) + +#define BSD_LIST_INSERT_AFTER(listelm, elm, field) do { \ + if (((elm)->field.le_next = (listelm)->field.le_next) != NULL) \ + (listelm)->field.le_next->field.le_prev = \ + &(elm)->field.le_next; \ + (listelm)->field.le_next = (elm); \ + (elm)->field.le_prev = &(listelm)->field.le_next; \ +} while (0) + +#define BSD_LIST_INSERT_BEFORE(listelm, elm, field) do { \ + (elm)->field.le_prev = (listelm)->field.le_prev; \ + (elm)->field.le_next = (listelm); \ + *(listelm)->field.le_prev = (elm); \ + (listelm)->field.le_prev = &(elm)->field.le_next; \ +} while (0) + +#define BSD_LIST_INSERT_HEAD(head, elm, field) do { \ + if (((elm)->field.le_next = (head)->lh_first) != NULL) \ + (head)->lh_first->field.le_prev = &(elm)->field.le_next;\ + (head)->lh_first = (elm); \ + (elm)->field.le_prev = &(head)->lh_first; \ +} while (0) + +#define BSD_LIST_REMOVE(elm, field) do { \ + if ((elm)->field.le_next != NULL) \ + (elm)->field.le_next->field.le_prev = \ + (elm)->field.le_prev; \ + *(elm)->field.le_prev = (elm)->field.le_next; \ + _Q_INVALIDATE((elm)->field.le_prev); \ + _Q_INVALIDATE((elm)->field.le_next); \ +} while (0) + +#define BSD_LIST_REPLACE(elm, elm2, field) do { \ + if (((elm2)->field.le_next = (elm)->field.le_next) != NULL) \ + (elm2)->field.le_next->field.le_prev = \ + &(elm2)->field.le_next; \ + (elm2)->field.le_prev = (elm)->field.le_prev; \ + *(elm2)->field.le_prev = (elm2); \ + _Q_INVALIDATE((elm)->field.le_prev); \ + _Q_INVALIDATE((elm)->field.le_next); \ +} while (0) + +/* + * Simple queue definitions. + */ +#define BSD_SIMPLEQ_HEAD(name, type) \ +struct name { \ + struct type *sqh_first; /* first element */ \ + struct type **sqh_last; /* addr of last next element */ \ +} + +#define BSD_SIMPLEQ_HEAD_INITIALIZER(head) \ + { NULL, &(head).sqh_first } + +#define BSD_SIMPLEQ_ENTRY(type) \ +struct { \ + struct type *sqe_next; /* next element */ \ +} + +/* + * Simple queue access methods. + */ +#define BSD_SIMPLEQ_FIRST(head) ((head)->sqh_first) +#define BSD_SIMPLEQ_END(head) NULL +#define BSD_SIMPLEQ_EMPTY(head) (BSD_SIMPLEQ_FIRST(head) == BSD_SIMPLEQ_END(head)) +#define BSD_SIMPLEQ_NEXT(elm, field) ((elm)->field.sqe_next) + +#define BSD_SIMPLEQ_FOREACH(var, head, field) \ + for((var) = BSD_SIMPLEQ_FIRST(head); \ + (var) != BSD_SIMPLEQ_END(head); \ + (var) = BSD_SIMPLEQ_NEXT(var, field)) + +/* + * Simple queue functions. + */ +#define BSD_SIMPLEQ_INIT(head) do { \ + (head)->sqh_first = NULL; \ + (head)->sqh_last = &(head)->sqh_first; \ +} while (0) + +#define BSD_SIMPLEQ_INSERT_HEAD(head, elm, field) do { \ + if (((elm)->field.sqe_next = (head)->sqh_first) == NULL) \ + (head)->sqh_last = &(elm)->field.sqe_next; \ + (head)->sqh_first = (elm); \ +} while (0) + +#define BSD_SIMPLEQ_INSERT_TAIL(head, elm, field) do { \ + (elm)->field.sqe_next = NULL; \ + *(head)->sqh_last = (elm); \ + (head)->sqh_last = &(elm)->field.sqe_next; \ +} while (0) + +#define BSD_SIMPLEQ_INSERT_AFTER(head, listelm, elm, field) do { \ + if (((elm)->field.sqe_next = (listelm)->field.sqe_next) == NULL)\ + (head)->sqh_last = &(elm)->field.sqe_next; \ + (listelm)->field.sqe_next = (elm); \ +} while (0) + +#define BSD_SIMPLEQ_REMOVE_HEAD(head, field) do { \ + if (((head)->sqh_first = (head)->sqh_first->field.sqe_next) == NULL) \ + (head)->sqh_last = &(head)->sqh_first; \ +} while (0) + +/* + * Tail queue definitions. + */ +#define BSD_TAILQ_HEAD(name, type) \ +struct name { \ + struct type *tqh_first; /* first element */ \ + struct type **tqh_last; /* addr of last next element */ \ +} + +#define BSD_TAILQ_HEAD_INITIALIZER(head) \ + { NULL, &(head).tqh_first } + +#define BSD_TAILQ_ENTRY(type) \ +struct { \ + struct type *tqe_next; /* next element */ \ + struct type **tqe_prev; /* address of previous next element */ \ +} + +/* + * tail queue access methods + */ +#define BSD_TAILQ_FIRST(head) ((head)->tqh_first) +#define BSD_TAILQ_END(head) NULL +#define BSD_TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) +#define BSD_TAILQ_LAST(head, headname) \ + (*(((struct headname *)((head)->tqh_last))->tqh_last)) +/* XXX */ +#define BSD_TAILQ_PREV(elm, headname, field) \ + (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) +#define BSD_TAILQ_EMPTY(head) \ + (BSD_TAILQ_FIRST(head) == BSD_TAILQ_END(head)) + +#define BSD_TAILQ_FOREACH(var, head, field) \ + for((var) = BSD_TAILQ_FIRST(head); \ + (var) != BSD_TAILQ_END(head); \ + (var) = BSD_TAILQ_NEXT(var, field)) + +#define BSD_TAILQ_FOREACH_REVERSE(var, head, headname, field) \ + for((var) = BSD_TAILQ_LAST(head, headname); \ + (var) != BSD_TAILQ_END(head); \ + (var) = BSD_TAILQ_PREV(var, headname, field)) + +/* + * Tail queue functions. + */ +#define BSD_TAILQ_INIT(head) do { \ + (head)->tqh_first = NULL; \ + (head)->tqh_last = &(head)->tqh_first; \ +} while (0) + +#define BSD_TAILQ_INSERT_HEAD(head, elm, field) do { \ + if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \ + (head)->tqh_first->field.tqe_prev = \ + &(elm)->field.tqe_next; \ + else \ + (head)->tqh_last = &(elm)->field.tqe_next; \ + (head)->tqh_first = (elm); \ + (elm)->field.tqe_prev = &(head)->tqh_first; \ +} while (0) + +#define BSD_TAILQ_INSERT_TAIL(head, elm, field) do { \ + (elm)->field.tqe_next = NULL; \ + (elm)->field.tqe_prev = (head)->tqh_last; \ + *(head)->tqh_last = (elm); \ + (head)->tqh_last = &(elm)->field.tqe_next; \ +} while (0) + +#define BSD_TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ + if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\ + (elm)->field.tqe_next->field.tqe_prev = \ + &(elm)->field.tqe_next; \ + else \ + (head)->tqh_last = &(elm)->field.tqe_next; \ + (listelm)->field.tqe_next = (elm); \ + (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \ +} while (0) + +#define BSD_TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ + (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ + (elm)->field.tqe_next = (listelm); \ + *(listelm)->field.tqe_prev = (elm); \ + (listelm)->field.tqe_prev = &(elm)->field.tqe_next; \ +} while (0) + +#define BSD_TAILQ_REMOVE(head, elm, field) do { \ + if (((elm)->field.tqe_next) != NULL) \ + (elm)->field.tqe_next->field.tqe_prev = \ + (elm)->field.tqe_prev; \ + else \ + (head)->tqh_last = (elm)->field.tqe_prev; \ + *(elm)->field.tqe_prev = (elm)->field.tqe_next; \ + _Q_INVALIDATE((elm)->field.tqe_prev); \ + _Q_INVALIDATE((elm)->field.tqe_next); \ +} while (0) + +#define BSD_TAILQ_REPLACE(head, elm, elm2, field) do { \ + if (((elm2)->field.tqe_next = (elm)->field.tqe_next) != NULL) \ + (elm2)->field.tqe_next->field.tqe_prev = \ + &(elm2)->field.tqe_next; \ + else \ + (head)->tqh_last = &(elm2)->field.tqe_next; \ + (elm2)->field.tqe_prev = (elm)->field.tqe_prev; \ + *(elm2)->field.tqe_prev = (elm2); \ + _Q_INVALIDATE((elm)->field.tqe_prev); \ + _Q_INVALIDATE((elm)->field.tqe_next); \ +} while (0) + +/* + * Circular queue definitions. + */ +#define BSD_CIRCLEQ_HEAD(name, type) \ +struct name { \ + struct type *cqh_first; /* first element */ \ + struct type *cqh_last; /* last element */ \ +} + +#define BSD_CIRCLEQ_HEAD_INITIALIZER(head) \ + { BSD_CIRCLEQ_END(&head), BSD_CIRCLEQ_END(&head) } + +#define BSD_CIRCLEQ_ENTRY(type) \ +struct { \ + struct type *cqe_next; /* next element */ \ + struct type *cqe_prev; /* previous element */ \ +} + +/* + * Circular queue access methods + */ +#define BSD_CIRCLEQ_FIRST(head) ((head)->cqh_first) +#define BSD_CIRCLEQ_LAST(head) ((head)->cqh_last) +#define BSD_CIRCLEQ_END(head) ((void *)(head)) +#define BSD_CIRCLEQ_NEXT(elm, field) ((elm)->field.cqe_next) +#define BSD_CIRCLEQ_PREV(elm, field) ((elm)->field.cqe_prev) +#define BSD_CIRCLEQ_EMPTY(head) \ + (BSD_CIRCLEQ_FIRST(head) == BSD_CIRCLEQ_END(head)) + +#define BSD_CIRCLEQ_FOREACH(var, head, field) \ + for((var) = BSD_CIRCLEQ_FIRST(head); \ + (var) != BSD_CIRCLEQ_END(head); \ + (var) = BSD_CIRCLEQ_NEXT(var, field)) + +#define BSD_CIRCLEQ_FOREACH_REVERSE(var, head, field) \ + for((var) = BSD_CIRCLEQ_LAST(head); \ + (var) != BSD_CIRCLEQ_END(head); \ + (var) = BSD_CIRCLEQ_PREV(var, field)) + +/* + * Circular queue functions. + */ +#define BSD_CIRCLEQ_INIT(head) do { \ + (head)->cqh_first = BSD_CIRCLEQ_END(head); \ + (head)->cqh_last = BSD_CIRCLEQ_END(head); \ +} while (0) + +#define BSD_CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do { \ + (elm)->field.cqe_next = (listelm)->field.cqe_next; \ + (elm)->field.cqe_prev = (listelm); \ + if ((listelm)->field.cqe_next == BSD_CIRCLEQ_END(head)) \ + (head)->cqh_last = (elm); \ + else \ + (listelm)->field.cqe_next->field.cqe_prev = (elm); \ + (listelm)->field.cqe_next = (elm); \ +} while (0) + +#define BSD_CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) do { \ + (elm)->field.cqe_next = (listelm); \ + (elm)->field.cqe_prev = (listelm)->field.cqe_prev; \ + if ((listelm)->field.cqe_prev == BSD_CIRCLEQ_END(head)) \ + (head)->cqh_first = (elm); \ + else \ + (listelm)->field.cqe_prev->field.cqe_next = (elm); \ + (listelm)->field.cqe_prev = (elm); \ +} while (0) + +#define BSD_CIRCLEQ_INSERT_HEAD(head, elm, field) do { \ + (elm)->field.cqe_next = (head)->cqh_first; \ + (elm)->field.cqe_prev = BSD_CIRCLEQ_END(head); \ + if ((head)->cqh_last == BSD_CIRCLEQ_END(head)) \ + (head)->cqh_last = (elm); \ + else \ + (head)->cqh_first->field.cqe_prev = (elm); \ + (head)->cqh_first = (elm); \ +} while (0) + +#define BSD_CIRCLEQ_INSERT_TAIL(head, elm, field) do { \ + (elm)->field.cqe_next = BSD_CIRCLEQ_END(head); \ + (elm)->field.cqe_prev = (head)->cqh_last; \ + if ((head)->cqh_first == BSD_CIRCLEQ_END(head)) \ + (head)->cqh_first = (elm); \ + else \ + (head)->cqh_last->field.cqe_next = (elm); \ + (head)->cqh_last = (elm); \ +} while (0) + +#define BSD_CIRCLEQ_REMOVE(head, elm, field) do { \ + if ((elm)->field.cqe_next == BSD_CIRCLEQ_END(head)) \ + (head)->cqh_last = (elm)->field.cqe_prev; \ + else \ + (elm)->field.cqe_next->field.cqe_prev = \ + (elm)->field.cqe_prev; \ + if ((elm)->field.cqe_prev == BSD_CIRCLEQ_END(head)) \ + (head)->cqh_first = (elm)->field.cqe_next; \ + else \ + (elm)->field.cqe_prev->field.cqe_next = \ + (elm)->field.cqe_next; \ + _Q_INVALIDATE((elm)->field.cqe_prev); \ + _Q_INVALIDATE((elm)->field.cqe_next); \ +} while (0) + +#define BSD_CIRCLEQ_REPLACE(head, elm, elm2, field) do { \ + if (((elm2)->field.cqe_next = (elm)->field.cqe_next) == \ + BSD_CIRCLEQ_END(head)) \ + (head).cqh_last = (elm2); \ + else \ + (elm2)->field.cqe_next->field.cqe_prev = (elm2); \ + if (((elm2)->field.cqe_prev = (elm)->field.cqe_prev) == \ + BSD_CIRCLEQ_END(head)) \ + (head).cqh_first = (elm2); \ + else \ + (elm2)->field.cqe_prev->field.cqe_next = (elm2); \ + _Q_INVALIDATE((elm)->field.cqe_prev); \ + _Q_INVALIDATE((elm)->field.cqe_next); \ +} while (0) + +#endif /* !_BSD_SYS_QUEUE_H_ */ diff --git a/target/linux/generic/files/crypto/ocf/ubsec_ssb/ubsec_ssb.c b/target/linux/generic/files/crypto/ocf/ubsec_ssb/ubsec_ssb.c new file mode 100644 index 00000000000..aa0733f08b9 --- /dev/null +++ b/target/linux/generic/files/crypto/ocf/ubsec_ssb/ubsec_ssb.c @@ -0,0 +1,2220 @@ + +/* + * Copyright (c) 2008 Daniel Mueller (daniel@danm.de) + * Copyright (c) 2007 David McCullough (david_mccullough@securecomputing.com) + * Copyright (c) 2000 Jason L. Wright (jason@thought.net) + * Copyright (c) 2000 Theo de Raadt (deraadt@openbsd.org) + * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com) + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * + */ +#undef UBSEC_DEBUG +#undef UBSEC_VERBOSE_DEBUG + +#ifdef UBSEC_VERBOSE_DEBUG +#define UBSEC_DEBUG +#endif + +/* + * uBsec BCM5365 hardware crypto accelerator + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +/* + * BSD queue + */ +//#include "bsdqueue.h" + +/* + * OCF + */ +#include +#include + +#define HMAC_HACK 1 + +#define HMAC_HACK 1 +#ifdef HMAC_HACK +#include +#include +#include +#include +#include +#endif + +#include "bsdqueue.h" +#include "ubsecreg.h" +#include "ubsecvar.h" + +#define DRV_MODULE_NAME "ubsec_ssb" +#define PFX DRV_MODULE_NAME ": " +#define DRV_MODULE_VERSION "0.02" +#define DRV_MODULE_RELDATE "Feb 21, 2009" + +#if 1 +#define DPRINTF(a...) \ + if (debug) \ + { \ + printk(DRV_MODULE_NAME ": " a); \ + } +#else +#define DPRINTF(a...) +#endif + +/* + * Prototypes + */ +static irqreturn_t ubsec_ssb_isr(int, void *, struct pt_regs *); +static int __devinit ubsec_ssb_probe(struct ssb_device *sdev, + const struct ssb_device_id *ent); +static void __devexit ubsec_ssb_remove(struct ssb_device *sdev); +int ubsec_attach(struct ssb_device *sdev, const struct ssb_device_id *ent, + struct device *self); +static void ubsec_setup_mackey(struct ubsec_session *ses, int algo, + caddr_t key, int klen); +static int dma_map_skb(struct ubsec_softc *sc, + struct ubsec_dma_alloc* q_map, struct sk_buff *skb, int *mlen); +static int dma_map_uio(struct ubsec_softc *sc, + struct ubsec_dma_alloc *q_map, struct uio *uio, int *mlen); +static void dma_unmap(struct ubsec_softc *sc, + struct ubsec_dma_alloc *q_map, int mlen); +static int ubsec_dmamap_aligned(struct ubsec_softc *sc, + const struct ubsec_dma_alloc *q_map, int mlen); + +#ifdef UBSEC_DEBUG +static int proc_read(char *buf, char **start, off_t offset, + int size, int *peof, void *data); +#endif + +void ubsec_reset_board(struct ubsec_softc *); +void ubsec_init_board(struct ubsec_softc *); +void ubsec_cleanchip(struct ubsec_softc *); +void ubsec_totalreset(struct ubsec_softc *); +int ubsec_free_q(struct ubsec_softc*, struct ubsec_q *); + +static int ubsec_newsession(device_t, u_int32_t *, struct cryptoini *); +static int ubsec_freesession(device_t, u_int64_t); +static int ubsec_process(device_t, struct cryptop *, int); + +void ubsec_callback(struct ubsec_softc *, struct ubsec_q *); +void ubsec_feed(struct ubsec_softc *); +void ubsec_mcopy(struct sk_buff *, struct sk_buff *, int, int); +void ubsec_dma_free(struct ubsec_softc *, struct ubsec_dma_alloc *); +int ubsec_dma_malloc(struct ubsec_softc *, struct ubsec_dma_alloc *, + size_t, int); + +/* DEBUG crap... */ +void ubsec_dump_pb(struct ubsec_pktbuf *); +void ubsec_dump_mcr(struct ubsec_mcr *); + +#define READ_REG(sc,r) \ + ssb_read32((sc)->sdev, (r)); +#define WRITE_REG(sc,r,val) \ + ssb_write32((sc)->sdev, (r), (val)); +#define READ_REG_SDEV(sdev,r) \ + ssb_read32((sdev), (r)); +#define WRITE_REG_SDEV(sdev,r,val) \ + ssb_write32((sdev), (r), (val)); + +#define SWAP32(x) (x) = htole32(ntohl((x))) +#define HTOLE32(x) (x) = htole32(x) + +#ifdef __LITTLE_ENDIAN +#define letoh16(x) (x) +#define letoh32(x) (x) +#endif + +static int debug; +module_param(debug, int, 0644); +MODULE_PARM_DESC(debug, "Enable debug output"); + +#define UBSEC_SSB_MAX_CHIPS 1 +static struct ubsec_softc *ubsec_chip_idx[UBSEC_SSB_MAX_CHIPS]; +static struct ubsec_stats ubsecstats; + +#ifdef UBSEC_DEBUG +static struct proc_dir_entry *procdebug; +#endif + +static struct ssb_device_id ubsec_ssb_tbl[] = { + /* Broadcom BCM5365P IPSec Core */ + SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_IPSEC, SSB_ANY_REV), + SSB_DEVTABLE_END +}; + +static struct ssb_driver ubsec_ssb_driver = { + .name = DRV_MODULE_NAME, + .id_table = ubsec_ssb_tbl, + .probe = ubsec_ssb_probe, + .remove = __devexit_p(ubsec_ssb_remove), + /* + .suspend = ubsec_ssb_suspend, + .resume = ubsec_ssb_resume + */ +}; + +static device_method_t ubsec_ssb_methods = { + /* crypto device methods */ + DEVMETHOD(cryptodev_newsession, ubsec_newsession), + DEVMETHOD(cryptodev_freesession,ubsec_freesession), + DEVMETHOD(cryptodev_process, ubsec_process), +}; + +#ifdef UBSEC_DEBUG +static int +proc_read(char *buf, char **start, off_t offset, + int size, int *peof, void *data) +{ + int i = 0, byteswritten = 0, ret; + unsigned int stat, ctrl; +#ifdef UBSEC_VERBOSE_DEBUG + struct ubsec_q *q; + struct ubsec_dma *dmap; +#endif + + while ((i < UBSEC_SSB_MAX_CHIPS) && (ubsec_chip_idx[i] != NULL)) + { + struct ubsec_softc *sc = ubsec_chip_idx[i]; + + stat = READ_REG(sc, BS_STAT); + ctrl = READ_REG(sc, BS_CTRL); + ret = snprintf((buf + byteswritten), + (size - byteswritten) , + "DEV %d, DMASTAT %08x, DMACTRL %08x\n", i, stat, ctrl); + + byteswritten += ret; + +#ifdef UBSEC_VERBOSE_DEBUG + printf("DEV %d, DMASTAT %08x, DMACTRL %08x\n", i, stat, ctrl); + + /* Dump all queues MCRs */ + if (!BSD_SIMPLEQ_EMPTY(&sc->sc_qchip)) { + BSD_SIMPLEQ_FOREACH(q, &sc->sc_qchip, q_next) + { + dmap = q->q_dma; + ubsec_dump_mcr(&dmap->d_dma->d_mcr); + } + } +#endif + + i++; + } + + *peof = 1; + + return byteswritten; +} +#endif + +/* + * map in a given sk_buff + */ +static int +dma_map_skb(struct ubsec_softc *sc, struct ubsec_dma_alloc* q_map, struct sk_buff *skb, int *mlen) +{ + int i = 0; + dma_addr_t tmp; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + /* + * We support only a limited number of fragments. + */ + if (unlikely((skb_shinfo(skb)->nr_frags + 1) >= UBS_MAX_SCATTER)) + { + printk(KERN_ERR "Only %d scatter fragments are supported.\n", UBS_MAX_SCATTER); + return (-ENOMEM); + } + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("%s - map %d 0x%x %d\n", __FUNCTION__, 0, (unsigned int)skb->data, skb_headlen(skb)); +#endif + + /* first data package */ + tmp = dma_map_single(sc->sc_dv, + skb->data, + skb_headlen(skb), + DMA_BIDIRECTIONAL); + + q_map[i].dma_paddr = tmp; + q_map[i].dma_vaddr = skb->data; + q_map[i].dma_size = skb_headlen(skb); + + if (unlikely(tmp == 0)) + { + printk(KERN_ERR "Could not map memory region for dma.\n"); + return (-EINVAL); + } + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("%s - map %d done physical addr 0x%x\n", __FUNCTION__, 0, (unsigned int)tmp); +#endif + + + /* all other data packages */ + for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("%s - map %d 0x%x %d\n", __FUNCTION__, i + 1, + (unsigned int)page_address(skb_shinfo(skb)->frags[i].page) + + skb_shinfo(skb)->frags[i].page_offset, skb_shinfo(skb)->frags[i].size); +#endif + + tmp = dma_map_single(sc->sc_dv, + page_address(skb_shinfo(skb)->frags[i].page) + + skb_shinfo(skb)->frags[i].page_offset, + skb_shinfo(skb)->frags[i].size, + DMA_BIDIRECTIONAL); + + q_map[i + 1].dma_paddr = tmp; + q_map[i + 1].dma_vaddr = (void*)(page_address(skb_shinfo(skb)->frags[i].page) + + skb_shinfo(skb)->frags[i].page_offset); + q_map[i + 1].dma_size = skb_shinfo(skb)->frags[i].size; + + if (unlikely(tmp == 0)) + { + printk(KERN_ERR "Could not map memory region for dma.\n"); + return (-EINVAL); + } + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("%s - map %d done physical addr 0x%x\n", __FUNCTION__, i + 1, (unsigned int)tmp); +#endif + + } + *mlen = i + 1; + + return(0); +} + +/* + * map in a given uio buffer + */ + +static int +dma_map_uio(struct ubsec_softc *sc, struct ubsec_dma_alloc *q_map, struct uio *uio, int *mlen) +{ + struct iovec *iov = uio->uio_iov; + int n; + dma_addr_t tmp; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + /* + * We support only a limited number of fragments. + */ + if (unlikely(uio->uio_iovcnt >= UBS_MAX_SCATTER)) + { + printk(KERN_ERR "Only %d scatter fragments are supported.\n", UBS_MAX_SCATTER); + return (-ENOMEM); + } + + for (n = 0; n < uio->uio_iovcnt; n++) { +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("%s - map %d 0x%x %d\n", __FUNCTION__, n, (unsigned int)iov->iov_base, iov->iov_len); +#endif + tmp = dma_map_single(sc->sc_dv, + iov->iov_base, + iov->iov_len, + DMA_BIDIRECTIONAL); + + q_map[n].dma_paddr = tmp; + q_map[n].dma_vaddr = iov->iov_base; + q_map[n].dma_size = iov->iov_len; + + if (unlikely(tmp == 0)) + { + printk(KERN_ERR "Could not map memory region for dma.\n"); + return (-EINVAL); + } + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("%s - map %d done physical addr 0x%x\n", __FUNCTION__, n, (unsigned int)tmp); +#endif + + iov++; + } + *mlen = n; + + return(0); +} + +static void +dma_unmap(struct ubsec_softc *sc, struct ubsec_dma_alloc *q_map, int mlen) +{ + int i; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + for(i = 0; i < mlen; i++) + { +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("%s - unmap %d 0x%x %d\n", __FUNCTION__, i, (unsigned int)q_map[i].dma_paddr, q_map[i].dma_size); +#endif + dma_unmap_single(sc->sc_dv, + q_map[i].dma_paddr, + q_map[i].dma_size, + DMA_BIDIRECTIONAL); + } + return; +} + +/* + * Is the operand suitable aligned for direct DMA. Each + * segment must be aligned on a 32-bit boundary and all + * but the last segment must be a multiple of 4 bytes. + */ +static int +ubsec_dmamap_aligned(struct ubsec_softc *sc, const struct ubsec_dma_alloc *q_map, int mlen) +{ + int i; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + for (i = 0; i < mlen; i++) { + if (q_map[i].dma_paddr & 3) + return (0); + if (i != (mlen - 1) && (q_map[i].dma_size & 3)) + return (0); + } + return (1); +} + + +#define N(a) (sizeof(a) / sizeof (a[0])) +static void +ubsec_setup_mackey(struct ubsec_session *ses, int algo, caddr_t key, int klen) +{ +#ifdef HMAC_HACK + MD5_CTX md5ctx; + SHA1_CTX sha1ctx; + int i; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + for (i = 0; i < klen; i++) + key[i] ^= HMAC_IPAD_VAL; + + if (algo == CRYPTO_MD5_HMAC) { + MD5Init(&md5ctx); + MD5Update(&md5ctx, key, klen); + MD5Update(&md5ctx, hmac_ipad_buffer, MD5_HMAC_BLOCK_LEN - klen); + bcopy(md5ctx.md5_st8, ses->ses_hminner, sizeof(md5ctx.md5_st8)); + } else { + SHA1Init(&sha1ctx); + SHA1Update(&sha1ctx, key, klen); + SHA1Update(&sha1ctx, hmac_ipad_buffer, + SHA1_HMAC_BLOCK_LEN - klen); + bcopy(sha1ctx.h.b32, ses->ses_hminner, sizeof(sha1ctx.h.b32)); + } + + for (i = 0; i < klen; i++) + key[i] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); + + if (algo == CRYPTO_MD5_HMAC) { + MD5Init(&md5ctx); + MD5Update(&md5ctx, key, klen); + MD5Update(&md5ctx, hmac_opad_buffer, MD5_HMAC_BLOCK_LEN - klen); + bcopy(md5ctx.md5_st8, ses->ses_hmouter, sizeof(md5ctx.md5_st8)); + } else { + SHA1Init(&sha1ctx); + SHA1Update(&sha1ctx, key, klen); + SHA1Update(&sha1ctx, hmac_opad_buffer, + SHA1_HMAC_BLOCK_LEN - klen); + bcopy(sha1ctx.h.b32, ses->ses_hmouter, sizeof(sha1ctx.h.b32)); + } + + for (i = 0; i < klen; i++) + key[i] ^= HMAC_OPAD_VAL; + +#else /* HMAC_HACK */ + DPRINTF("md5/sha not implemented\n"); +#endif /* HMAC_HACK */ +} +#undef N + +static int +__devinit ubsec_ssb_probe(struct ssb_device *sdev, + const struct ssb_device_id *ent) +{ + int err; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + err = ssb_bus_powerup(sdev->bus, 0); + if (err) { + dev_err(sdev->dev, "Failed to powerup the bus\n"); + goto err_out; + } + + err = request_irq(sdev->irq, (irq_handler_t)ubsec_ssb_isr, + IRQF_DISABLED | IRQF_SHARED, DRV_MODULE_NAME, sdev); + if (err) { + dev_err(sdev->dev, "Could not request irq\n"); + goto err_out_powerdown; + } + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,36)) + err = dma_set_mask(sdev->dma_dev, DMA_BIT_MASK(32)) || + dma_set_coherent_mask(sdev->dma_dev, DMA_BIT_MASK(32)); +#else + err = ssb_dma_set_mask(sdev, DMA_32BIT_MASK); +#endif + if (err) { + dev_err(sdev->dev, + "Required 32BIT DMA mask unsupported by the system.\n"); + goto err_out_free_irq; + } + + printk(KERN_INFO "Sentry5(tm) ROBOGateway(tm) IPSec Core at IRQ %u\n", + sdev->irq); + + DPRINTF("Vendor: %x, core id: %x, revision: %x\n", + sdev->id.vendor, sdev->id.coreid, sdev->id.revision); + + ssb_device_enable(sdev, 0); + + if (ubsec_attach(sdev, ent, sdev->dev) != 0) + goto err_out_disable; + +#ifdef UBSEC_DEBUG + procdebug = create_proc_entry(DRV_MODULE_NAME, S_IRUSR, NULL); + if (procdebug) + { + procdebug->read_proc = proc_read; + procdebug->data = NULL; + } else + DPRINTF("Unable to create proc file.\n"); +#endif + + return 0; + +err_out_disable: + ssb_device_disable(sdev, 0); + +err_out_free_irq: + free_irq(sdev->irq, sdev); + +err_out_powerdown: + ssb_bus_may_powerdown(sdev->bus); + +err_out: + return err; +} + +static void __devexit ubsec_ssb_remove(struct ssb_device *sdev) { + + struct ubsec_softc *sc; + unsigned int ctrlflgs; + struct ubsec_dma *dmap; + u_int32_t i; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + ctrlflgs = READ_REG_SDEV(sdev, BS_CTRL); + /* disable all IPSec Core interrupts globally */ + ctrlflgs ^= (BS_CTRL_MCR1INT | BS_CTRL_MCR2INT | + BS_CTRL_DMAERR); + WRITE_REG_SDEV(sdev, BS_CTRL, ctrlflgs); + + free_irq(sdev->irq, sdev); + + sc = (struct ubsec_softc *)ssb_get_drvdata(sdev); + + /* unregister all crypto algorithms */ + crypto_unregister_all(sc->sc_cid); + + /* Free queue / dma memory */ + for (i = 0; i < UBS_MAX_NQUEUE; i++) { + struct ubsec_q *q; + + q = sc->sc_queuea[i]; + if (q != NULL) + { + dmap = q->q_dma; + if (dmap != NULL) + { + ubsec_dma_free(sc, &dmap->d_alloc); + q->q_dma = NULL; + } + kfree(q); + } + sc->sc_queuea[i] = NULL; + } + + ssb_device_disable(sdev, 0); + ssb_bus_may_powerdown(sdev->bus); + ssb_set_drvdata(sdev, NULL); + +#ifdef UBSEC_DEBUG + if (procdebug) + remove_proc_entry(DRV_MODULE_NAME, NULL); +#endif + +} + + +int +ubsec_attach(struct ssb_device *sdev, const struct ssb_device_id *ent, + struct device *self) +{ + struct ubsec_softc *sc = NULL; + struct ubsec_dma *dmap; + u_int32_t i; + static int num_chips = 0; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + sc = (struct ubsec_softc *) kmalloc(sizeof(*sc), GFP_KERNEL); + if (!sc) + return(-ENOMEM); + memset(sc, 0, sizeof(*sc)); + + sc->sc_dv = sdev->dev; + sc->sdev = sdev; + + spin_lock_init(&sc->sc_ringmtx); + + softc_device_init(sc, "ubsec_ssb", num_chips, ubsec_ssb_methods); + + /* Maybe someday there are boards with more than one chip available */ + if (num_chips < UBSEC_SSB_MAX_CHIPS) { + ubsec_chip_idx[device_get_unit(sc->sc_dev)] = sc; + num_chips++; + } + + ssb_set_drvdata(sdev, sc); + + BSD_SIMPLEQ_INIT(&sc->sc_queue); + BSD_SIMPLEQ_INIT(&sc->sc_qchip); + BSD_SIMPLEQ_INIT(&sc->sc_queue2); + BSD_SIMPLEQ_INIT(&sc->sc_qchip2); + BSD_SIMPLEQ_INIT(&sc->sc_q2free); + + sc->sc_statmask = BS_STAT_MCR1_DONE | BS_STAT_DMAERR; + + sc->sc_cid = crypto_get_driverid(softc_get_device(sc), CRYPTOCAP_F_HARDWARE); + if (sc->sc_cid < 0) { + device_printf(sc->sc_dev, "could not get crypto driver id\n"); + return -1; + } + + BSD_SIMPLEQ_INIT(&sc->sc_freequeue); + dmap = sc->sc_dmaa; + for (i = 0; i < UBS_MAX_NQUEUE; i++, dmap++) { + struct ubsec_q *q; + + q = (struct ubsec_q *)kmalloc(sizeof(struct ubsec_q), GFP_KERNEL); + if (q == NULL) { + printf(": can't allocate queue buffers\n"); + break; + } + + if (ubsec_dma_malloc(sc, &dmap->d_alloc, sizeof(struct ubsec_dmachunk),0)) { + printf(": can't allocate dma buffers\n"); + kfree(q); + break; + } + dmap->d_dma = (struct ubsec_dmachunk *)dmap->d_alloc.dma_vaddr; + + q->q_dma = dmap; + sc->sc_queuea[i] = q; + + BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next); + } + + /* + * Reset Broadcom chip + */ + ubsec_reset_board(sc); + + /* + * Init Broadcom chip + */ + ubsec_init_board(sc); + + /* supported crypto algorithms */ + crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0); + + if (sc->sc_flags & UBS_FLAGS_AES) { + crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0); + printf(KERN_INFO DRV_MODULE_NAME ": DES 3DES AES128 AES192 AES256 MD5_HMAC SHA1_HMAC\n"); + } + else + printf(KERN_INFO DRV_MODULE_NAME ": DES 3DES MD5_HMAC SHA1_HMAC\n"); + + crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0); + + return 0; +} + +/* + * UBSEC Interrupt routine + */ +static irqreturn_t +ubsec_ssb_isr(int irq, void *arg, struct pt_regs *regs) +{ + struct ubsec_softc *sc = NULL; + volatile u_int32_t stat; + struct ubsec_q *q; + struct ubsec_dma *dmap; + int npkts = 0, i; + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + sc = (struct ubsec_softc *)ssb_get_drvdata(arg); + + stat = READ_REG(sc, BS_STAT); + + stat &= sc->sc_statmask; + if (stat == 0) + return IRQ_NONE; + + WRITE_REG(sc, BS_STAT, stat); /* IACK */ + + /* + * Check to see if we have any packets waiting for us + */ + if ((stat & BS_STAT_MCR1_DONE)) { + while (!BSD_SIMPLEQ_EMPTY(&sc->sc_qchip)) { + q = BSD_SIMPLEQ_FIRST(&sc->sc_qchip); + dmap = q->q_dma; + + if ((dmap->d_dma->d_mcr.mcr_flags & htole16(UBS_MCR_DONE)) == 0) + { + DPRINTF("error while processing MCR. Flags = %x\n", dmap->d_dma->d_mcr.mcr_flags); + break; + } + + BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_qchip, q_next); + + npkts = q->q_nstacked_mcrs; + /* + * search for further sc_qchip ubsec_q's that share + * the same MCR, and complete them too, they must be + * at the top. + */ + for (i = 0; i < npkts; i++) { + if(q->q_stacked_mcr[i]) + ubsec_callback(sc, q->q_stacked_mcr[i]); + else + break; + } + ubsec_callback(sc, q); + } + + /* + * Don't send any more packet to chip if there has been + * a DMAERR. + */ + if (likely(!(stat & BS_STAT_DMAERR))) + ubsec_feed(sc); + else + DPRINTF("DMA error occurred. Stop feeding crypto chip.\n"); + } + + /* + * Check to see if we got any DMA Error + */ + if (stat & BS_STAT_DMAERR) { + volatile u_int32_t a = READ_REG(sc, BS_ERR); + + printf(KERN_ERR "%s: dmaerr %s@%08x\n", DRV_MODULE_NAME, + (a & BS_ERR_READ) ? "read" : "write", a & BS_ERR_ADDR); + + ubsecstats.hst_dmaerr++; + ubsec_totalreset(sc); + ubsec_feed(sc); + } + + return IRQ_HANDLED; +} + +/* + * ubsec_feed() - aggregate and post requests to chip + * It is assumed that the caller set splnet() + */ +void +ubsec_feed(struct ubsec_softc *sc) +{ +#ifdef UBSEC_VERBOSE_DEBUG + static int max; +#endif + struct ubsec_q *q, *q2; + int npkts, i; + void *v; + u_int32_t stat; + + npkts = sc->sc_nqueue; + if (npkts > UBS_MAX_AGGR) + npkts = UBS_MAX_AGGR; + if (npkts < 2) + goto feed1; + + stat = READ_REG(sc, BS_STAT); + + if (stat & (BS_STAT_MCR1_FULL | BS_STAT_DMAERR)) { + if(stat & BS_STAT_DMAERR) { + ubsec_totalreset(sc); + ubsecstats.hst_dmaerr++; + } + return; + } + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("merging %d records\n", npkts); + + /* XXX temporary aggregation statistics reporting code */ + if (max < npkts) { + max = npkts; + DPRINTF("%s: new max aggregate %d\n", DRV_MODULE_NAME, max); + } +#endif /* UBSEC_VERBOSE_DEBUG */ + + q = BSD_SIMPLEQ_FIRST(&sc->sc_queue); + BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q_next); + --sc->sc_nqueue; + +#if 0 + /* + * XXX + * We use dma_map_single() - no sync required! + */ + + bus_dmamap_sync(sc->sc_dmat, q->q_src_map, + 0, q->q_src_map->dm_mapsize, BUS_DMASYNC_PREWRITE); + if (q->q_dst_map != NULL) + bus_dmamap_sync(sc->sc_dmat, q->q_dst_map, + 0, q->q_dst_map->dm_mapsize, BUS_DMASYNC_PREREAD); +#endif + + q->q_nstacked_mcrs = npkts - 1; /* Number of packets stacked */ + + for (i = 0; i < q->q_nstacked_mcrs; i++) { + q2 = BSD_SIMPLEQ_FIRST(&sc->sc_queue); + +#if 0 + bus_dmamap_sync(sc->sc_dmat, q2->q_src_map, + 0, q2->q_src_map->dm_mapsize, BUS_DMASYNC_PREWRITE); + if (q2->q_dst_map != NULL) + bus_dmamap_sync(sc->sc_dmat, q2->q_dst_map, + 0, q2->q_dst_map->dm_mapsize, BUS_DMASYNC_PREREAD); +#endif + BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q_next); + --sc->sc_nqueue; + + v = ((char *)&q2->q_dma->d_dma->d_mcr) + sizeof(struct ubsec_mcr) - + sizeof(struct ubsec_mcr_add); + bcopy(v, &q->q_dma->d_dma->d_mcradd[i], sizeof(struct ubsec_mcr_add)); + q->q_stacked_mcr[i] = q2; + } + q->q_dma->d_dma->d_mcr.mcr_pkts = htole16(npkts); + BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_qchip, q, q_next); +#if 0 + bus_dmamap_sync(sc->sc_dmat, q->q_dma->d_alloc.dma_map, + 0, q->q_dma->d_alloc.dma_map->dm_mapsize, + BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); +#endif + WRITE_REG(sc, BS_MCR1, q->q_dma->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_mcr)); +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("feed (1): q->chip %p %08x %08x\n", q, + (u_int32_t)q->q_dma->d_alloc.dma_paddr, + (u_int32_t)(q->q_dma->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_mcr))); +#endif /* UBSEC_DEBUG */ + return; + +feed1: + while (!BSD_SIMPLEQ_EMPTY(&sc->sc_queue)) { + stat = READ_REG(sc, BS_STAT); + + if (stat & (BS_STAT_MCR1_FULL | BS_STAT_DMAERR)) { + if(stat & BS_STAT_DMAERR) { + ubsec_totalreset(sc); + ubsecstats.hst_dmaerr++; + } + break; + } + + q = BSD_SIMPLEQ_FIRST(&sc->sc_queue); + +#if 0 + bus_dmamap_sync(sc->sc_dmat, q->q_src_map, + 0, q->q_src_map->dm_mapsize, BUS_DMASYNC_PREWRITE); + if (q->q_dst_map != NULL) + bus_dmamap_sync(sc->sc_dmat, q->q_dst_map, + 0, q->q_dst_map->dm_mapsize, BUS_DMASYNC_PREREAD); + bus_dmamap_sync(sc->sc_dmat, q->q_dma->d_alloc.dma_map, + 0, q->q_dma->d_alloc.dma_map->dm_mapsize, + BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); +#endif + + WRITE_REG(sc, BS_MCR1, q->q_dma->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_mcr)); +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("feed (2): q->chip %p %08x %08x\n", q, + (u_int32_t)q->q_dma->d_alloc.dma_paddr, + (u_int32_t)(q->q_dma->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_mcr))); +#endif /* UBSEC_DEBUG */ + BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_queue, q_next); + --sc->sc_nqueue; + BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_qchip, q, q_next); + } +} + +/* + * Allocate a new 'session' and return an encoded session id. 'sidp' + * contains our registration id, and should contain an encoded session + * id on successful allocation. + */ +static int +ubsec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri) +{ + struct cryptoini *c, *encini = NULL, *macini = NULL; + struct ubsec_softc *sc = NULL; + struct ubsec_session *ses = NULL; + int sesn, i; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + if (sidp == NULL || cri == NULL) + return (EINVAL); + + sc = device_get_softc(dev); + + if (sc == NULL) + return (EINVAL); + + for (c = cri; c != NULL; c = c->cri_next) { + if (c->cri_alg == CRYPTO_MD5_HMAC || + c->cri_alg == CRYPTO_SHA1_HMAC) { + if (macini) + return (EINVAL); + macini = c; + } else if (c->cri_alg == CRYPTO_DES_CBC || + c->cri_alg == CRYPTO_3DES_CBC || + c->cri_alg == CRYPTO_AES_CBC) { + if (encini) + return (EINVAL); + encini = c; + } else + return (EINVAL); + } + if (encini == NULL && macini == NULL) + return (EINVAL); + + if (sc->sc_sessions == NULL) { + ses = sc->sc_sessions = (struct ubsec_session *)kmalloc( + sizeof(struct ubsec_session), SLAB_ATOMIC); + if (ses == NULL) + return (ENOMEM); + memset(ses, 0, sizeof(struct ubsec_session)); + sesn = 0; + sc->sc_nsessions = 1; + } else { + for (sesn = 0; sesn < sc->sc_nsessions; sesn++) { + if (sc->sc_sessions[sesn].ses_used == 0) { + ses = &sc->sc_sessions[sesn]; + break; + } + } + + if (ses == NULL) { + sesn = sc->sc_nsessions; + ses = (struct ubsec_session *)kmalloc((sesn + 1) * + sizeof(struct ubsec_session), SLAB_ATOMIC); + if (ses == NULL) + return (ENOMEM); + memset(ses, 0, (sesn + 1) * sizeof(struct ubsec_session)); + bcopy(sc->sc_sessions, ses, sesn * + sizeof(struct ubsec_session)); + bzero(sc->sc_sessions, sesn * + sizeof(struct ubsec_session)); + kfree(sc->sc_sessions); + sc->sc_sessions = ses; + ses = &sc->sc_sessions[sesn]; + sc->sc_nsessions++; + } + } + + bzero(ses, sizeof(struct ubsec_session)); + ses->ses_used = 1; + if (encini) { + /* get an IV */ + /* XXX may read fewer than requested */ + read_random(ses->ses_iv, sizeof(ses->ses_iv)); + + /* Go ahead and compute key in ubsec's byte order */ + if (encini->cri_alg == CRYPTO_DES_CBC) { + /* DES uses the same key three times: + * 1st encrypt -> 2nd decrypt -> 3nd encrypt */ + bcopy(encini->cri_key, &ses->ses_key[0], 8); + bcopy(encini->cri_key, &ses->ses_key[2], 8); + bcopy(encini->cri_key, &ses->ses_key[4], 8); + ses->ses_keysize = 192; /* Fake! Actually its only 64bits .. + oh no it is even less: 54bits. */ + } else if(encini->cri_alg == CRYPTO_3DES_CBC) { + bcopy(encini->cri_key, ses->ses_key, 24); + ses->ses_keysize = 192; + } else if(encini->cri_alg == CRYPTO_AES_CBC) { + ses->ses_keysize = encini->cri_klen; + + if (ses->ses_keysize != 128 && + ses->ses_keysize != 192 && + ses->ses_keysize != 256) + { + DPRINTF("unsupported AES key size: %d\n", ses->ses_keysize); + return (EINVAL); + } + bcopy(encini->cri_key, ses->ses_key, (ses->ses_keysize / 8)); + } + + /* Hardware requires the keys in little endian byte order */ + for (i=0; i < (ses->ses_keysize / 32); i++) + SWAP32(ses->ses_key[i]); + } + + if (macini) { + ses->ses_mlen = macini->cri_mlen; + + if (ses->ses_mlen == 0 || + ses->ses_mlen > SHA1_HASH_LEN) { + + if (macini->cri_alg == CRYPTO_MD5_HMAC || + macini->cri_alg == CRYPTO_SHA1_HMAC) + { + ses->ses_mlen = DEFAULT_HMAC_LEN; + } else + { + /* + * Reserved for future usage. MD5/SHA1 calculations have + * different hash sizes. + */ + printk(KERN_ERR DRV_MODULE_NAME ": unsupported hash operation with mac/hash len: %d\n", ses->ses_mlen); + return (EINVAL); + } + + } + + if (macini->cri_key != NULL) { + ubsec_setup_mackey(ses, macini->cri_alg, macini->cri_key, + macini->cri_klen / 8); + } + } + + *sidp = UBSEC_SID(device_get_unit(sc->sc_dev), sesn); + return (0); +} + +/* + * Deallocate a session. + */ +static int +ubsec_freesession(device_t dev, u_int64_t tid) +{ + struct ubsec_softc *sc = device_get_softc(dev); + int session; + u_int32_t sid = ((u_int32_t)tid) & 0xffffffff; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + if (sc == NULL) + return (EINVAL); + + session = UBSEC_SESSION(sid); + if (session < sc->sc_nsessions) { + bzero(&sc->sc_sessions[session], sizeof(sc->sc_sessions[session])); + return (0); + } else + return (EINVAL); +} + +static int +ubsec_process(device_t dev, struct cryptop *crp, int hint) +{ + struct ubsec_q *q = NULL; + int err = 0, i, j, nicealign; + struct ubsec_softc *sc = device_get_softc(dev); + struct cryptodesc *crd1, *crd2, *maccrd, *enccrd; + int encoffset = 0, macoffset = 0, cpskip, cpoffset; + int sskip, dskip, stheend, dtheend, ivsize = 8; + int16_t coffset; + struct ubsec_session *ses; + struct ubsec_generic_ctx ctx; + struct ubsec_dma *dmap = NULL; + unsigned long flags; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + if (unlikely(crp == NULL || crp->crp_callback == NULL)) { + ubsecstats.hst_invalid++; + return (EINVAL); + } + + if (unlikely(sc == NULL)) + return (EINVAL); + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("spin_lock_irqsave\n"); +#endif + spin_lock_irqsave(&sc->sc_ringmtx, flags); + //spin_lock_irq(&sc->sc_ringmtx); + + if (BSD_SIMPLEQ_EMPTY(&sc->sc_freequeue)) { + ubsecstats.hst_queuefull++; +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("spin_unlock_irqrestore\n"); +#endif + spin_unlock_irqrestore(&sc->sc_ringmtx, flags); + //spin_unlock_irq(&sc->sc_ringmtx); + err = ENOMEM; + goto errout2; + } + + q = BSD_SIMPLEQ_FIRST(&sc->sc_freequeue); + BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_freequeue, q_next); +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("spin_unlock_irqrestore\n"); +#endif + spin_unlock_irqrestore(&sc->sc_ringmtx, flags); + //spin_unlock_irq(&sc->sc_ringmtx); + + dmap = q->q_dma; /* Save dma pointer */ + bzero(q, sizeof(struct ubsec_q)); + bzero(&ctx, sizeof(ctx)); + + q->q_sesn = UBSEC_SESSION(crp->crp_sid); + q->q_dma = dmap; + ses = &sc->sc_sessions[q->q_sesn]; + + if (crp->crp_flags & CRYPTO_F_SKBUF) { + q->q_src_m = (struct sk_buff *)crp->crp_buf; + q->q_dst_m = (struct sk_buff *)crp->crp_buf; + } else if (crp->crp_flags & CRYPTO_F_IOV) { + q->q_src_io = (struct uio *)crp->crp_buf; + q->q_dst_io = (struct uio *)crp->crp_buf; + } else { + err = EINVAL; + goto errout; /* XXX we don't handle contiguous blocks! */ + } + + bzero(&dmap->d_dma->d_mcr, sizeof(struct ubsec_mcr)); + + dmap->d_dma->d_mcr.mcr_pkts = htole16(1); + dmap->d_dma->d_mcr.mcr_flags = 0; + q->q_crp = crp; + + crd1 = crp->crp_desc; + if (crd1 == NULL) { + err = EINVAL; + goto errout; + } + crd2 = crd1->crd_next; + + if (crd2 == NULL) { + if (crd1->crd_alg == CRYPTO_MD5_HMAC || + crd1->crd_alg == CRYPTO_SHA1_HMAC) { + maccrd = crd1; + enccrd = NULL; + } else if (crd1->crd_alg == CRYPTO_DES_CBC || + crd1->crd_alg == CRYPTO_3DES_CBC || + crd1->crd_alg == CRYPTO_AES_CBC) { + maccrd = NULL; + enccrd = crd1; + } else { + err = EINVAL; + goto errout; + } + } else { + if ((crd1->crd_alg == CRYPTO_MD5_HMAC || + crd1->crd_alg == CRYPTO_SHA1_HMAC) && + (crd2->crd_alg == CRYPTO_DES_CBC || + crd2->crd_alg == CRYPTO_3DES_CBC || + crd2->crd_alg == CRYPTO_AES_CBC) && + ((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) { + maccrd = crd1; + enccrd = crd2; + } else if ((crd1->crd_alg == CRYPTO_DES_CBC || + crd1->crd_alg == CRYPTO_3DES_CBC || + crd1->crd_alg == CRYPTO_AES_CBC) && + (crd2->crd_alg == CRYPTO_MD5_HMAC || + crd2->crd_alg == CRYPTO_SHA1_HMAC) && + (crd1->crd_flags & CRD_F_ENCRYPT)) { + enccrd = crd1; + maccrd = crd2; + } else { + /* + * We cannot order the ubsec as requested + */ + printk(KERN_ERR DRV_MODULE_NAME ": got wrong algorithm/signature order.\n"); + err = EINVAL; + goto errout; + } + } + + /* Encryption/Decryption requested */ + if (enccrd) { + encoffset = enccrd->crd_skip; + + if (enccrd->crd_alg == CRYPTO_DES_CBC || + enccrd->crd_alg == CRYPTO_3DES_CBC) + { + ctx.pc_flags |= htole16(UBS_PKTCTX_ENC_3DES); + ctx.pc_type = htole16(UBS_PKTCTX_TYPE_IPSEC_DES); + ivsize = 8; /* [3]DES uses 64bit IVs */ + } else { + ctx.pc_flags |= htole16(UBS_PKTCTX_ENC_AES); + ctx.pc_type = htole16(UBS_PKTCTX_TYPE_IPSEC_AES); + ivsize = 16; /* AES uses 128bit IVs / [3]DES 64bit IVs */ + + switch(ses->ses_keysize) + { + case 128: + ctx.pc_flags |= htole16(UBS_PKTCTX_AES128); + break; + case 192: + ctx.pc_flags |= htole16(UBS_PKTCTX_AES192); + break; + case 256: + ctx.pc_flags |= htole16(UBS_PKTCTX_AES256); + break; + default: + DPRINTF("invalid AES key size: %d\n", ses->ses_keysize); + err = EINVAL; + goto errout; + } + } + + if (enccrd->crd_flags & CRD_F_ENCRYPT) { + /* Direction: Outbound */ + + q->q_flags |= UBSEC_QFLAGS_COPYOUTIV; + + if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) { + bcopy(enccrd->crd_iv, ctx.pc_iv, ivsize); + } else { + for(i=0; i < (ivsize / 4); i++) + ctx.pc_iv[i] = ses->ses_iv[i]; + } + + /* If there is no IV in the buffer -> copy it here */ + if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) { + if (crp->crp_flags & CRYPTO_F_SKBUF) + /* + m_copyback(q->q_src_m, + enccrd->crd_inject, + 8, ctx.pc_iv); + */ + crypto_copyback(crp->crp_flags, (caddr_t)q->q_src_m, + enccrd->crd_inject, ivsize, (caddr_t)ctx.pc_iv); + else if (crp->crp_flags & CRYPTO_F_IOV) + /* + cuio_copyback(q->q_src_io, + enccrd->crd_inject, + 8, ctx.pc_iv); + */ + crypto_copyback(crp->crp_flags, (caddr_t)q->q_src_io, + enccrd->crd_inject, ivsize, (caddr_t)ctx.pc_iv); + } + } else { + /* Direction: Inbound */ + + ctx.pc_flags |= htole16(UBS_PKTCTX_INBOUND); + + if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) + bcopy(enccrd->crd_iv, ctx.pc_iv, ivsize); + else if (crp->crp_flags & CRYPTO_F_SKBUF) + /* + m_copydata(q->q_src_m, enccrd->crd_inject, + 8, (caddr_t)ctx.pc_iv); + */ + crypto_copydata(crp->crp_flags, (caddr_t)q->q_src_m, + enccrd->crd_inject, ivsize, + (caddr_t)ctx.pc_iv); + else if (crp->crp_flags & CRYPTO_F_IOV) + /* + cuio_copydata(q->q_src_io, + enccrd->crd_inject, 8, + (caddr_t)ctx.pc_iv); + */ + crypto_copydata(crp->crp_flags, (caddr_t)q->q_src_io, + enccrd->crd_inject, ivsize, + (caddr_t)ctx.pc_iv); + + } + + /* Even though key & IV sizes differ from cipher to cipher + * copy / swap the full array lengths. Let the compiler unroll + * the loop to increase the cpu pipeline performance... */ + for(i=0; i < 8; i++) + ctx.pc_key[i] = ses->ses_key[i]; + for(i=0; i < 4; i++) + SWAP32(ctx.pc_iv[i]); + } + + /* Authentication requested */ + if (maccrd) { + macoffset = maccrd->crd_skip; + + if (maccrd->crd_alg == CRYPTO_MD5_HMAC) + ctx.pc_flags |= htole16(UBS_PKTCTX_AUTH_MD5); + else + ctx.pc_flags |= htole16(UBS_PKTCTX_AUTH_SHA1); + + for (i = 0; i < 5; i++) { + ctx.pc_hminner[i] = ses->ses_hminner[i]; + ctx.pc_hmouter[i] = ses->ses_hmouter[i]; + + HTOLE32(ctx.pc_hminner[i]); + HTOLE32(ctx.pc_hmouter[i]); + } + } + + if (enccrd && maccrd) { + /* + * ubsec cannot handle packets where the end of encryption + * and authentication are not the same, or where the + * encrypted part begins before the authenticated part. + */ + if (((encoffset + enccrd->crd_len) != + (macoffset + maccrd->crd_len)) || + (enccrd->crd_skip < maccrd->crd_skip)) { + err = EINVAL; + goto errout; + } + sskip = maccrd->crd_skip; + cpskip = dskip = enccrd->crd_skip; + stheend = maccrd->crd_len; + dtheend = enccrd->crd_len; + coffset = enccrd->crd_skip - maccrd->crd_skip; + cpoffset = cpskip + dtheend; +#ifdef UBSEC_DEBUG + DPRINTF("mac: skip %d, len %d, inject %d\n", + maccrd->crd_skip, maccrd->crd_len, maccrd->crd_inject); + DPRINTF("enc: skip %d, len %d, inject %d\n", + enccrd->crd_skip, enccrd->crd_len, enccrd->crd_inject); + DPRINTF("src: skip %d, len %d\n", sskip, stheend); + DPRINTF("dst: skip %d, len %d\n", dskip, dtheend); + DPRINTF("ubs: coffset %d, pktlen %d, cpskip %d, cpoffset %d\n", + coffset, stheend, cpskip, cpoffset); +#endif + } else { + cpskip = dskip = sskip = macoffset + encoffset; + dtheend = stheend = (enccrd)?enccrd->crd_len:maccrd->crd_len; + cpoffset = cpskip + dtheend; + coffset = 0; + } + ctx.pc_offset = htole16(coffset >> 2); + +#if 0 + if (bus_dmamap_create(sc->sc_dmat, 0xfff0, UBS_MAX_SCATTER, + 0xfff0, 0, BUS_DMA_NOWAIT, &q->q_src_map) != 0) { + err = ENOMEM; + goto errout; + } +#endif + + if (crp->crp_flags & CRYPTO_F_SKBUF) { +#if 0 + if (bus_dmamap_load_mbuf(sc->sc_dmat, q->q_src_map, + q->q_src_m, BUS_DMA_NOWAIT) != 0) { + bus_dmamap_destroy(sc->sc_dmat, q->q_src_map); + q->q_src_map = NULL; + err = ENOMEM; + goto errout; + } +#endif + err = dma_map_skb(sc, q->q_src_map, q->q_src_m, &q->q_src_len); + if (unlikely(err != 0)) + goto errout; + + } else if (crp->crp_flags & CRYPTO_F_IOV) { +#if 0 + if (bus_dmamap_load_uio(sc->sc_dmat, q->q_src_map, + q->q_src_io, BUS_DMA_NOWAIT) != 0) { + bus_dmamap_destroy(sc->sc_dmat, q->q_src_map); + q->q_src_map = NULL; + err = ENOMEM; + goto errout; + } +#endif + err = dma_map_uio(sc, q->q_src_map, q->q_src_io, &q->q_src_len); + if (unlikely(err != 0)) + goto errout; + } + + /* + * Check alignment + */ + nicealign = ubsec_dmamap_aligned(sc, q->q_src_map, q->q_src_len); + + dmap->d_dma->d_mcr.mcr_pktlen = htole16(stheend); + +#ifdef UBSEC_DEBUG + DPRINTF("src skip: %d\n", sskip); +#endif + for (i = j = 0; i < q->q_src_len; i++) { + struct ubsec_pktbuf *pb; + size_t packl = q->q_src_map[i].dma_size; + dma_addr_t packp = q->q_src_map[i].dma_paddr; + + if (sskip >= packl) { + sskip -= packl; + continue; + } + + packl -= sskip; + packp += sskip; + sskip = 0; + + /* maximum fragment size is 0xfffc */ + if (packl > 0xfffc) { + DPRINTF("Error: fragment size is bigger than 0xfffc.\n"); + err = EIO; + goto errout; + } + + if (j == 0) + pb = &dmap->d_dma->d_mcr.mcr_ipktbuf; + else + pb = &dmap->d_dma->d_sbuf[j - 1]; + + pb->pb_addr = htole32(packp); + + if (stheend) { + if (packl > stheend) { + pb->pb_len = htole32(stheend); + stheend = 0; + } else { + pb->pb_len = htole32(packl); + stheend -= packl; + } + } else + pb->pb_len = htole32(packl); + + if ((i + 1) == q->q_src_len) + pb->pb_next = 0; + else + pb->pb_next = htole32(dmap->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_sbuf[j])); + j++; + } + + if (enccrd == NULL && maccrd != NULL) { + /* Authentication only */ + dmap->d_dma->d_mcr.mcr_opktbuf.pb_addr = 0; + dmap->d_dma->d_mcr.mcr_opktbuf.pb_len = 0; + dmap->d_dma->d_mcr.mcr_opktbuf.pb_next = + htole32(dmap->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_macbuf[0])); +#ifdef UBSEC_DEBUG + DPRINTF("opkt: %x %x %x\n", + dmap->d_dma->d_mcr.mcr_opktbuf.pb_addr, + dmap->d_dma->d_mcr.mcr_opktbuf.pb_len, + dmap->d_dma->d_mcr.mcr_opktbuf.pb_next); +#endif + } else { + if (crp->crp_flags & CRYPTO_F_IOV) { + if (!nicealign) { + err = EINVAL; + goto errout; + } +#if 0 + if (bus_dmamap_create(sc->sc_dmat, 0xfff0, + UBS_MAX_SCATTER, 0xfff0, 0, BUS_DMA_NOWAIT, + &q->q_dst_map) != 0) { + err = ENOMEM; + goto errout; + } + if (bus_dmamap_load_uio(sc->sc_dmat, q->q_dst_map, + q->q_dst_io, BUS_DMA_NOWAIT) != 0) { + bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map); + q->q_dst_map = NULL; + goto errout; + } +#endif + + /* HW shall copy the result into the source memory */ + for(i = 0; i < q->q_src_len; i++) + q->q_dst_map[i] = q->q_src_map[i]; + + q->q_dst_len = q->q_src_len; + q->q_has_dst = 0; + + } else if (crp->crp_flags & CRYPTO_F_SKBUF) { + if (nicealign) { + + /* HW shall copy the result into the source memory */ + q->q_dst_m = q->q_src_m; + for(i = 0; i < q->q_src_len; i++) + q->q_dst_map[i] = q->q_src_map[i]; + + q->q_dst_len = q->q_src_len; + q->q_has_dst = 0; + + } else { +#ifdef NOTYET + int totlen, len; + struct sk_buff *m, *top, **mp; + + totlen = q->q_src_map->dm_mapsize; + if (q->q_src_m->m_flags & M_PKTHDR) { + len = MHLEN; + MGETHDR(m, M_DONTWAIT, MT_DATA); + } else { + len = MLEN; + MGET(m, M_DONTWAIT, MT_DATA); + } + if (m == NULL) { + err = ENOMEM; + goto errout; + } + if (len == MHLEN) + M_DUP_PKTHDR(m, q->q_src_m); + if (totlen >= MINCLSIZE) { + MCLGET(m, M_DONTWAIT); + if (m->m_flags & M_EXT) + len = MCLBYTES; + } + m->m_len = len; + top = NULL; + mp = ⊤ + + while (totlen > 0) { + if (top) { + MGET(m, M_DONTWAIT, MT_DATA); + if (m == NULL) { + m_freem(top); + err = ENOMEM; + goto errout; + } + len = MLEN; + } + if (top && totlen >= MINCLSIZE) { + MCLGET(m, M_DONTWAIT); + if (m->m_flags & M_EXT) + len = MCLBYTES; + } + m->m_len = len = min(totlen, len); + totlen -= len; + *mp = m; + mp = &m->m_next; + } + q->q_dst_m = top; + ubsec_mcopy(q->q_src_m, q->q_dst_m, + cpskip, cpoffset); + if (bus_dmamap_create(sc->sc_dmat, 0xfff0, + UBS_MAX_SCATTER, 0xfff0, 0, BUS_DMA_NOWAIT, + &q->q_dst_map) != 0) { + err = ENOMEM; + goto errout; + } + if (bus_dmamap_load_mbuf(sc->sc_dmat, + q->q_dst_map, q->q_dst_m, + BUS_DMA_NOWAIT) != 0) { + bus_dmamap_destroy(sc->sc_dmat, + q->q_dst_map); + q->q_dst_map = NULL; + err = ENOMEM; + goto errout; + } +#else + device_printf(sc->sc_dev, + "%s,%d: CRYPTO_F_SKBUF unaligned not implemented\n", + __FILE__, __LINE__); + err = EINVAL; + goto errout; +#endif + } + } else { + err = EINVAL; + goto errout; + } + +#ifdef UBSEC_DEBUG + DPRINTF("dst skip: %d\n", dskip); +#endif + for (i = j = 0; i < q->q_dst_len; i++) { + struct ubsec_pktbuf *pb; + size_t packl = q->q_dst_map[i].dma_size; + dma_addr_t packp = q->q_dst_map[i].dma_paddr; + + if (dskip >= packl) { + dskip -= packl; + continue; + } + + packl -= dskip; + packp += dskip; + dskip = 0; + + if (packl > 0xfffc) { + DPRINTF("Error: fragment size is bigger than 0xfffc.\n"); + err = EIO; + goto errout; + } + + if (j == 0) + pb = &dmap->d_dma->d_mcr.mcr_opktbuf; + else + pb = &dmap->d_dma->d_dbuf[j - 1]; + + pb->pb_addr = htole32(packp); + + if (dtheend) { + if (packl > dtheend) { + pb->pb_len = htole32(dtheend); + dtheend = 0; + } else { + pb->pb_len = htole32(packl); + dtheend -= packl; + } + } else + pb->pb_len = htole32(packl); + + if ((i + 1) == q->q_dst_len) { + if (maccrd) + /* Authentication: + * The last fragment of the output buffer + * contains the HMAC. */ + pb->pb_next = htole32(dmap->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_macbuf[0])); + else + pb->pb_next = 0; + } else + pb->pb_next = htole32(dmap->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_dbuf[j])); + j++; + } + } + + dmap->d_dma->d_mcr.mcr_cmdctxp = htole32(dmap->d_alloc.dma_paddr + + offsetof(struct ubsec_dmachunk, d_ctx)); + + if (sc->sc_flags & UBS_FLAGS_LONGCTX) { + /* new Broadcom cards with dynamic long command context structure */ + + if (enccrd != NULL && + enccrd->crd_alg == CRYPTO_AES_CBC) + { + struct ubsec_pktctx_aes128 *ctxaes128; + struct ubsec_pktctx_aes192 *ctxaes192; + struct ubsec_pktctx_aes256 *ctxaes256; + + switch(ses->ses_keysize) + { + /* AES 128bit */ + case 128: + ctxaes128 = (struct ubsec_pktctx_aes128 *) + (dmap->d_alloc.dma_vaddr + + offsetof(struct ubsec_dmachunk, d_ctx)); + + ctxaes128->pc_len = htole16(sizeof(struct ubsec_pktctx_aes128)); + ctxaes128->pc_type = ctx.pc_type; + ctxaes128->pc_flags = ctx.pc_flags; + ctxaes128->pc_offset = ctx.pc_offset; + for (i = 0; i < 4; i++) + ctxaes128->pc_aeskey[i] = ctx.pc_key[i]; + for (i = 0; i < 5; i++) + ctxaes128->pc_hminner[i] = ctx.pc_hminner[i]; + for (i = 0; i < 5; i++) + ctxaes128->pc_hmouter[i] = ctx.pc_hmouter[i]; + for (i = 0; i < 4; i++) + ctxaes128->pc_iv[i] = ctx.pc_iv[i]; + break; + + /* AES 192bit */ + case 192: + ctxaes192 = (struct ubsec_pktctx_aes192 *) + (dmap->d_alloc.dma_vaddr + + offsetof(struct ubsec_dmachunk, d_ctx)); + + ctxaes192->pc_len = htole16(sizeof(struct ubsec_pktctx_aes192)); + ctxaes192->pc_type = ctx.pc_type; + ctxaes192->pc_flags = ctx.pc_flags; + ctxaes192->pc_offset = ctx.pc_offset; + for (i = 0; i < 6; i++) + ctxaes192->pc_aeskey[i] = ctx.pc_key[i]; + for (i = 0; i < 5; i++) + ctxaes192->pc_hminner[i] = ctx.pc_hminner[i]; + for (i = 0; i < 5; i++) + ctxaes192->pc_hmouter[i] = ctx.pc_hmouter[i]; + for (i = 0; i < 4; i++) + ctxaes192->pc_iv[i] = ctx.pc_iv[i]; + break; + + /* AES 256bit */ + case 256: + ctxaes256 = (struct ubsec_pktctx_aes256 *) + (dmap->d_alloc.dma_vaddr + + offsetof(struct ubsec_dmachunk, d_ctx)); + + ctxaes256->pc_len = htole16(sizeof(struct ubsec_pktctx_aes256)); + ctxaes256->pc_type = ctx.pc_type; + ctxaes256->pc_flags = ctx.pc_flags; + ctxaes256->pc_offset = ctx.pc_offset; + for (i = 0; i < 8; i++) + ctxaes256->pc_aeskey[i] = ctx.pc_key[i]; + for (i = 0; i < 5; i++) + ctxaes256->pc_hminner[i] = ctx.pc_hminner[i]; + for (i = 0; i < 5; i++) + ctxaes256->pc_hmouter[i] = ctx.pc_hmouter[i]; + for (i = 0; i < 4; i++) + ctxaes256->pc_iv[i] = ctx.pc_iv[i]; + break; + + } + } else { + /* + * [3]DES / MD5_HMAC / SHA1_HMAC + * + * MD5_HMAC / SHA1_HMAC can use the IPSEC 3DES operation without + * encryption. + */ + struct ubsec_pktctx_des *ctxdes; + + ctxdes = (struct ubsec_pktctx_des *)(dmap->d_alloc.dma_vaddr + + offsetof(struct ubsec_dmachunk, d_ctx)); + + ctxdes->pc_len = htole16(sizeof(struct ubsec_pktctx_des)); + ctxdes->pc_type = ctx.pc_type; + ctxdes->pc_flags = ctx.pc_flags; + ctxdes->pc_offset = ctx.pc_offset; + for (i = 0; i < 6; i++) + ctxdes->pc_deskey[i] = ctx.pc_key[i]; + for (i = 0; i < 5; i++) + ctxdes->pc_hminner[i] = ctx.pc_hminner[i]; + for (i = 0; i < 5; i++) + ctxdes->pc_hmouter[i] = ctx.pc_hmouter[i]; + ctxdes->pc_iv[0] = ctx.pc_iv[0]; + ctxdes->pc_iv[1] = ctx.pc_iv[1]; + } + } else + { + /* old Broadcom card with fixed small command context structure */ + + /* + * [3]DES / MD5_HMAC / SHA1_HMAC + */ + struct ubsec_pktctx *ctxs; + + ctxs = (struct ubsec_pktctx *)(dmap->d_alloc.dma_vaddr + + offsetof(struct ubsec_dmachunk, d_ctx)); + + /* transform generic context into small context */ + for (i = 0; i < 6; i++) + ctxs->pc_deskey[i] = ctx.pc_key[i]; + for (i = 0; i < 5; i++) + ctxs->pc_hminner[i] = ctx.pc_hminner[i]; + for (i = 0; i < 5; i++) + ctxs->pc_hmouter[i] = ctx.pc_hmouter[i]; + ctxs->pc_iv[0] = ctx.pc_iv[0]; + ctxs->pc_iv[1] = ctx.pc_iv[1]; + ctxs->pc_flags = ctx.pc_flags; + ctxs->pc_offset = ctx.pc_offset; + } + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("spin_lock_irqsave\n"); +#endif + spin_lock_irqsave(&sc->sc_ringmtx, flags); + //spin_lock_irq(&sc->sc_ringmtx); + + BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_queue, q, q_next); + sc->sc_nqueue++; + ubsecstats.hst_ipackets++; + ubsecstats.hst_ibytes += stheend; + ubsec_feed(sc); + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("spin_unlock_irqrestore\n"); +#endif + spin_unlock_irqrestore(&sc->sc_ringmtx, flags); + //spin_unlock_irq(&sc->sc_ringmtx); + + return (0); + +errout: + if (q != NULL) { +#ifdef NOTYET + if ((q->q_dst_m != NULL) && (q->q_src_m != q->q_dst_m)) + m_freem(q->q_dst_m); +#endif + + if ((q->q_has_dst == 1) && q->q_dst_len > 0) { +#if 0 + bus_dmamap_unload(sc->sc_dmat, q->q_dst_map); + bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map); +#endif + dma_unmap(sc, q->q_dst_map, q->q_dst_len); + } + if (q->q_src_len > 0) { +#if 0 + bus_dmamap_unload(sc->sc_dmat, q->q_src_map); + bus_dmamap_destroy(sc->sc_dmat, q->q_src_map); +#endif + dma_unmap(sc, q->q_src_map, q->q_src_len); + } + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("spin_lock_irqsave\n"); +#endif + spin_lock_irqsave(&sc->sc_ringmtx, flags); + //spin_lock_irq(&sc->sc_ringmtx); + + BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next); + +#ifdef UBSEC_VERBOSE_DEBUG + DPRINTF("spin_unlock_irqrestore\n"); +#endif + spin_unlock_irqrestore(&sc->sc_ringmtx, flags); + //spin_unlock_irq(&sc->sc_ringmtx); + + } + if (err == EINVAL) + ubsecstats.hst_invalid++; + else + ubsecstats.hst_nomem++; +errout2: + crp->crp_etype = err; + crypto_done(crp); + +#ifdef UBSEC_DEBUG + DPRINTF("%s() err = %x\n", __FUNCTION__, err); +#endif + + return (0); +} + +void +ubsec_callback(struct ubsec_softc *sc, struct ubsec_q *q) +{ + struct cryptop *crp = (struct cryptop *)q->q_crp; + struct cryptodesc *crd; + struct ubsec_dma *dmap = q->q_dma; + int ivsize = 8; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + ubsecstats.hst_opackets++; + ubsecstats.hst_obytes += dmap->d_alloc.dma_size; + +#if 0 + bus_dmamap_sync(sc->sc_dmat, dmap->d_alloc.dma_map, 0, + dmap->d_alloc.dma_map->dm_mapsize, + BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE); + if (q->q_dst_map != NULL && q->q_dst_map != q->q_src_map) { + bus_dmamap_sync(sc->sc_dmat, q->q_dst_map, + 0, q->q_dst_map->dm_mapsize, BUS_DMASYNC_POSTREAD); + bus_dmamap_unload(sc->sc_dmat, q->q_dst_map); + bus_dmamap_destroy(sc->sc_dmat, q->q_dst_map); + } + bus_dmamap_sync(sc->sc_dmat, q->q_src_map, + 0, q->q_src_map->dm_mapsize, BUS_DMASYNC_POSTWRITE); + bus_dmamap_unload(sc->sc_dmat, q->q_src_map); + bus_dmamap_destroy(sc->sc_dmat, q->q_src_map); +#endif + + if ((q->q_has_dst == 1) && q->q_dst_len > 0) + dma_unmap(sc, q->q_dst_map, q->q_dst_len); + + dma_unmap(sc, q->q_src_map, q->q_src_len); + +#ifdef NOTYET + if ((crp->crp_flags & CRYPTO_F_SKBUF) && (q->q_src_m != q->q_dst_m)) { + m_freem(q->q_src_m); + crp->crp_buf = (caddr_t)q->q_dst_m; + } +#endif + + /* copy out IV for future use */ + if (q->q_flags & UBSEC_QFLAGS_COPYOUTIV) { + for (crd = crp->crp_desc; crd; crd = crd->crd_next) { + if (crd->crd_alg != CRYPTO_DES_CBC && + crd->crd_alg != CRYPTO_3DES_CBC && + crd->crd_alg != CRYPTO_AES_CBC) + continue; + + if (crd->crd_alg == CRYPTO_AES_CBC) + ivsize = 16; + else + ivsize = 8; + + if (crp->crp_flags & CRYPTO_F_SKBUF) +#if 0 + m_copydata((struct sk_buff *)crp->crp_buf, + crd->crd_skip + crd->crd_len - 8, 8, + (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv); +#endif + crypto_copydata(crp->crp_flags, (caddr_t)crp->crp_buf, + crd->crd_skip + crd->crd_len - ivsize, ivsize, + (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv); + + else if (crp->crp_flags & CRYPTO_F_IOV) { +#if 0 + cuio_copydata((struct uio *)crp->crp_buf, + crd->crd_skip + crd->crd_len - 8, 8, + (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv); +#endif + crypto_copydata(crp->crp_flags, (caddr_t)crp->crp_buf, + crd->crd_skip + crd->crd_len - ivsize, ivsize, + (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv); + + } + break; + } + } + + for (crd = crp->crp_desc; crd; crd = crd->crd_next) { + if (crd->crd_alg != CRYPTO_MD5_HMAC && + crd->crd_alg != CRYPTO_SHA1_HMAC) + continue; +#if 0 + if (crp->crp_flags & CRYPTO_F_SKBUF) + m_copyback((struct sk_buff *)crp->crp_buf, + crd->crd_inject, 12, + dmap->d_dma->d_macbuf); +#endif +#if 0 + /* BUG? it does not honor the mac len.. */ + crypto_copyback(crp->crp_flags, crp->crp_buf, + crd->crd_inject, 12, + (caddr_t)dmap->d_dma->d_macbuf); +#endif + crypto_copyback(crp->crp_flags, crp->crp_buf, + crd->crd_inject, + sc->sc_sessions[q->q_sesn].ses_mlen, + (caddr_t)dmap->d_dma->d_macbuf); +#if 0 + else if (crp->crp_flags & CRYPTO_F_IOV && crp->crp_mac) + bcopy((caddr_t)dmap->d_dma->d_macbuf, + crp->crp_mac, 12); +#endif + break; + } + BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next); + crypto_done(crp); +} + +void +ubsec_mcopy(struct sk_buff *srcm, struct sk_buff *dstm, int hoffset, int toffset) +{ + int i, j, dlen, slen; + caddr_t dptr, sptr; + + j = 0; + sptr = srcm->data; + slen = srcm->len; + dptr = dstm->data; + dlen = dstm->len; + + while (1) { + for (i = 0; i < min(slen, dlen); i++) { + if (j < hoffset || j >= toffset) + *dptr++ = *sptr++; + slen--; + dlen--; + j++; + } + if (slen == 0) { + srcm = srcm->next; + if (srcm == NULL) + return; + sptr = srcm->data; + slen = srcm->len; + } + if (dlen == 0) { + dstm = dstm->next; + if (dstm == NULL) + return; + dptr = dstm->data; + dlen = dstm->len; + } + } +} + +int +ubsec_dma_malloc(struct ubsec_softc *sc, struct ubsec_dma_alloc *dma, + size_t size, int mapflags) +{ + dma->dma_vaddr = dma_alloc_coherent(sc->sc_dv, + size, &dma->dma_paddr, GFP_KERNEL); + + if (likely(dma->dma_vaddr)) + { + dma->dma_size = size; + return (0); + } + + DPRINTF("could not allocate %d bytes of coherent memory.\n", size); + + return (1); +} + +void +ubsec_dma_free(struct ubsec_softc *sc, struct ubsec_dma_alloc *dma) +{ + dma_free_coherent(sc->sc_dv, dma->dma_size, dma->dma_vaddr, + dma->dma_paddr); +} + +/* + * Resets the board. Values in the regesters are left as is + * from the reset (i.e. initial values are assigned elsewhere). + */ +void +ubsec_reset_board(struct ubsec_softc *sc) +{ + volatile u_int32_t ctrl; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + DPRINTF("Send reset signal to chip.\n"); + + ctrl = READ_REG(sc, BS_CTRL); + ctrl |= BS_CTRL_RESET; + WRITE_REG(sc, BS_CTRL, ctrl); + + /* + * Wait aprox. 30 PCI clocks = 900 ns = 0.9 us + */ + DELAY(10); +} + +/* + * Init Broadcom registers + */ +void +ubsec_init_board(struct ubsec_softc *sc) +{ + u_int32_t ctrl; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + DPRINTF("Initialize chip.\n"); + + ctrl = READ_REG(sc, BS_CTRL); + ctrl &= ~(BS_CTRL_BE32 | BS_CTRL_BE64); + ctrl |= BS_CTRL_LITTLE_ENDIAN | BS_CTRL_MCR1INT | BS_CTRL_DMAERR; + + WRITE_REG(sc, BS_CTRL, ctrl); + + /* Set chip capabilities (BCM5365P) */ + sc->sc_flags |= UBS_FLAGS_LONGCTX | UBS_FLAGS_AES; +} + +/* + * Clean up after a chip crash. + * It is assumed that the caller has spin_lock_irq(sc_ringmtx). + */ +void +ubsec_cleanchip(struct ubsec_softc *sc) +{ + struct ubsec_q *q; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + DPRINTF("Clean up queues after chip crash.\n"); + + while (!BSD_SIMPLEQ_EMPTY(&sc->sc_qchip)) { + q = BSD_SIMPLEQ_FIRST(&sc->sc_qchip); + BSD_SIMPLEQ_REMOVE_HEAD(&sc->sc_qchip, q_next); + ubsec_free_q(sc, q); + } +} + +/* + * free a ubsec_q + * It is assumed that the caller has spin_lock_irq(sc_ringmtx). + */ +int +ubsec_free_q(struct ubsec_softc *sc, struct ubsec_q *q) +{ + struct ubsec_q *q2; + struct cryptop *crp; + int npkts; + int i; + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + + npkts = q->q_nstacked_mcrs; + + for (i = 0; i < npkts; i++) { + if(q->q_stacked_mcr[i]) { + q2 = q->q_stacked_mcr[i]; + + if ((q2->q_dst_m != NULL) && (q2->q_src_m != q2->q_dst_m)) +#ifdef NOTYET + m_freem(q2->q_dst_m); +#else + printk(KERN_ERR "%s,%d: SKB not supported\n", __FILE__, __LINE__); +#endif + + crp = (struct cryptop *)q2->q_crp; + + BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q2, q_next); + + crp->crp_etype = EFAULT; + crypto_done(crp); + } else { + break; + } + } + + /* + * Free header MCR + */ + if ((q->q_dst_m != NULL) && (q->q_src_m != q->q_dst_m)) +#ifdef NOTYET + m_freem(q->q_dst_m); +#else + printk(KERN_ERR "%s,%d: SKB not supported\n", __FILE__, __LINE__); +#endif + + crp = (struct cryptop *)q->q_crp; + + BSD_SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next); + + crp->crp_etype = EFAULT; + crypto_done(crp); + return(0); +} + +/* + * Routine to reset the chip and clean up. + * It is assumed that the caller has spin_lock_irq(sc_ringmtx). + */ +void +ubsec_totalreset(struct ubsec_softc *sc) +{ + +#ifdef UBSEC_DEBUG + DPRINTF("%s()\n", __FUNCTION__); +#endif + DPRINTF("initiate total chip reset.. \n"); + ubsec_reset_board(sc); + ubsec_init_board(sc); + ubsec_cleanchip(sc); +} + +void +ubsec_dump_pb(struct ubsec_pktbuf *pb) +{ + printf("addr 0x%x (0x%x) next 0x%x\n", + pb->pb_addr, pb->pb_len, pb->pb_next); +} + +void +ubsec_dump_mcr(struct ubsec_mcr *mcr) +{ + struct ubsec_mcr_add *ma; + int i; + + printf("MCR:\n"); + printf(" pkts: %u, flags 0x%x\n", + letoh16(mcr->mcr_pkts), letoh16(mcr->mcr_flags)); + ma = (struct ubsec_mcr_add *)&mcr->mcr_cmdctxp; + for (i = 0; i < letoh16(mcr->mcr_pkts); i++) { + printf(" %d: ctx 0x%x len 0x%x rsvd 0x%x\n", i, + letoh32(ma->mcr_cmdctxp), letoh16(ma->mcr_pktlen), + letoh16(ma->mcr_reserved)); + printf(" %d: ipkt ", i); + ubsec_dump_pb(&ma->mcr_ipktbuf); + printf(" %d: opkt ", i); + ubsec_dump_pb(&ma->mcr_opktbuf); + ma++; + } + printf("END MCR\n"); +} + +static int __init mod_init(void) { + return ssb_driver_register(&ubsec_ssb_driver); +} + +static void __exit mod_exit(void) { + ssb_driver_unregister(&ubsec_ssb_driver); +} + +module_init(mod_init); +module_exit(mod_exit); + +// Meta information +MODULE_AUTHOR("Daniel Mueller "); +MODULE_LICENSE("BSD"); +MODULE_DESCRIPTION("OCF driver for BCM5365P IPSec Core"); +MODULE_VERSION(DRV_MODULE_VERSION); + diff --git a/target/linux/generic/files/crypto/ocf/ubsec_ssb/ubsecreg.h b/target/linux/generic/files/crypto/ocf/ubsec_ssb/ubsecreg.h new file mode 100644 index 00000000000..dafac5b4138 --- /dev/null +++ b/target/linux/generic/files/crypto/ocf/ubsec_ssb/ubsecreg.h @@ -0,0 +1,233 @@ + +/* + * Copyright (c) 2008 Daniel Mueller (daniel@danm.de) + * Copyright (c) 2000 Theo de Raadt + * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com) + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * + */ + +/* + * Register definitions for 5601 BlueSteel Networks Ubiquitous Broadband + * Security "uBSec" chip. Definitions from revision 2.8 of the product + * datasheet. + */ + +#define BS_BAR 0x10 /* DMA base address register */ +#define BS_TRDY_TIMEOUT 0x40 /* TRDY timeout */ +#define BS_RETRY_TIMEOUT 0x41 /* DMA retry timeout */ + +#define UBS_PCI_RTY_SHIFT 8 +#define UBS_PCI_RTY_MASK 0xff +#define UBS_PCI_RTY(misc) \ + (((misc) >> UBS_PCI_RTY_SHIFT) & UBS_PCI_RTY_MASK) + +#define UBS_PCI_TOUT_SHIFT 0 +#define UBS_PCI_TOUT_MASK 0xff +#define UBS_PCI_TOUT(misc) \ + (((misc) >> PCI_TOUT_SHIFT) & PCI_TOUT_MASK) + +/* + * DMA Control & Status Registers (offset from BS_BAR) + */ +#define BS_MCR1 0x20 /* DMA Master Command Record 1 */ +#define BS_CTRL 0x24 /* DMA Control */ +#define BS_STAT 0x28 /* DMA Status */ +#define BS_ERR 0x2c /* DMA Error Address */ +#define BS_DEV_ID 0x34 /* IPSec Device ID */ + +/* BS_CTRL - DMA Control */ +#define BS_CTRL_RESET 0x80000000 /* hardware reset, 5805/5820 */ +#define BS_CTRL_MCR2INT 0x40000000 /* enable intr MCR for MCR2 */ +#define BS_CTRL_MCR1INT 0x20000000 /* enable intr MCR for MCR1 */ +#define BS_CTRL_OFM 0x10000000 /* Output fragment mode */ +#define BS_CTRL_BE32 0x08000000 /* big-endian, 32bit bytes */ +#define BS_CTRL_BE64 0x04000000 /* big-endian, 64bit bytes */ +#define BS_CTRL_DMAERR 0x02000000 /* enable intr DMA error */ +#define BS_CTRL_RNG_M 0x01800000 /* RNG mode */ +#define BS_CTRL_RNG_1 0x00000000 /* 1bit rn/one slow clock */ +#define BS_CTRL_RNG_4 0x00800000 /* 1bit rn/four slow clocks */ +#define BS_CTRL_RNG_8 0x01000000 /* 1bit rn/eight slow clocks */ +#define BS_CTRL_RNG_16 0x01800000 /* 1bit rn/16 slow clocks */ +#define BS_CTRL_SWNORM 0x00400000 /* 582[01], sw normalization */ +#define BS_CTRL_FRAG_M 0x0000ffff /* output fragment size mask */ +#define BS_CTRL_LITTLE_ENDIAN (BS_CTRL_BE32 | BS_CTRL_BE64) + +/* BS_STAT - DMA Status */ +#define BS_STAT_MCR1_BUSY 0x80000000 /* MCR1 is busy */ +#define BS_STAT_MCR1_FULL 0x40000000 /* MCR1 is full */ +#define BS_STAT_MCR1_DONE 0x20000000 /* MCR1 is done */ +#define BS_STAT_DMAERR 0x10000000 /* DMA error */ +#define BS_STAT_MCR2_FULL 0x08000000 /* MCR2 is full */ +#define BS_STAT_MCR2_DONE 0x04000000 /* MCR2 is done */ +#define BS_STAT_MCR1_ALLEMPTY 0x02000000 /* 5821, MCR1 is empty */ +#define BS_STAT_MCR2_ALLEMPTY 0x01000000 /* 5821, MCR2 is empty */ + +/* BS_ERR - DMA Error Address */ +#define BS_ERR_ADDR 0xfffffffc /* error address mask */ +#define BS_ERR_READ 0x00000002 /* fault was on read */ + +struct ubsec_pktctx { + u_int32_t pc_deskey[6]; /* 3DES key */ + u_int32_t pc_hminner[5]; /* hmac inner state */ + u_int32_t pc_hmouter[5]; /* hmac outer state */ + u_int32_t pc_iv[2]; /* [3]DES iv */ + u_int16_t pc_flags; /* flags, below */ + u_int16_t pc_offset; /* crypto offset */ +} __attribute__ ((packed)); + +#define UBS_PKTCTX_ENC_3DES 0x8000 /* use 3des */ +#define UBS_PKTCTX_ENC_AES 0x8000 /* use aes */ +#define UBS_PKTCTX_ENC_NONE 0x0000 /* no encryption */ +#define UBS_PKTCTX_INBOUND 0x4000 /* inbound packet */ +#define UBS_PKTCTX_AUTH 0x3000 /* authentication mask */ +#define UBS_PKTCTX_AUTH_NONE 0x0000 /* no authentication */ +#define UBS_PKTCTX_AUTH_MD5 0x1000 /* use hmac-md5 */ +#define UBS_PKTCTX_AUTH_SHA1 0x2000 /* use hmac-sha1 */ +#define UBS_PKTCTX_AES128 0x0 /* AES 128bit keys */ +#define UBS_PKTCTX_AES192 0x100 /* AES 192bit keys */ +#define UBS_PKTCTX_AES256 0x200 /* AES 256bit keys */ + +struct ubsec_pktctx_des { + volatile u_int16_t pc_len; /* length of ctx struct */ + volatile u_int16_t pc_type; /* context type */ + volatile u_int16_t pc_flags; /* flags, same as above */ + volatile u_int16_t pc_offset; /* crypto/auth offset */ + volatile u_int32_t pc_deskey[6]; /* 3DES key */ + volatile u_int32_t pc_iv[2]; /* [3]DES iv */ + volatile u_int32_t pc_hminner[5]; /* hmac inner state */ + volatile u_int32_t pc_hmouter[5]; /* hmac outer state */ +} __attribute__ ((packed)); + +struct ubsec_pktctx_aes128 { + volatile u_int16_t pc_len; /* length of ctx struct */ + volatile u_int16_t pc_type; /* context type */ + volatile u_int16_t pc_flags; /* flags, same as above */ + volatile u_int16_t pc_offset; /* crypto/auth offset */ + volatile u_int32_t pc_aeskey[4]; /* AES 128bit key */ + volatile u_int32_t pc_iv[4]; /* AES iv */ + volatile u_int32_t pc_hminner[5]; /* hmac inner state */ + volatile u_int32_t pc_hmouter[5]; /* hmac outer state */ +} __attribute__ ((packed)); + +struct ubsec_pktctx_aes192 { + volatile u_int16_t pc_len; /* length of ctx struct */ + volatile u_int16_t pc_type; /* context type */ + volatile u_int16_t pc_flags; /* flags, same as above */ + volatile u_int16_t pc_offset; /* crypto/auth offset */ + volatile u_int32_t pc_aeskey[6]; /* AES 192bit key */ + volatile u_int32_t pc_iv[4]; /* AES iv */ + volatile u_int32_t pc_hminner[5]; /* hmac inner state */ + volatile u_int32_t pc_hmouter[5]; /* hmac outer state */ +} __attribute__ ((packed)); + +struct ubsec_pktctx_aes256 { + volatile u_int16_t pc_len; /* length of ctx struct */ + volatile u_int16_t pc_type; /* context type */ + volatile u_int16_t pc_flags; /* flags, same as above */ + volatile u_int16_t pc_offset; /* crypto/auth offset */ + volatile u_int32_t pc_aeskey[8]; /* AES 256bit key */ + volatile u_int32_t pc_iv[4]; /* AES iv */ + volatile u_int32_t pc_hminner[5]; /* hmac inner state */ + volatile u_int32_t pc_hmouter[5]; /* hmac outer state */ +} __attribute__ ((packed)); + +#define UBS_PKTCTX_TYPE_IPSEC_DES 0x0000 +#define UBS_PKTCTX_TYPE_IPSEC_AES 0x0040 + +struct ubsec_pktbuf { + volatile u_int32_t pb_addr; /* address of buffer start */ + volatile u_int32_t pb_next; /* pointer to next pktbuf */ + volatile u_int32_t pb_len; /* packet length */ +} __attribute__ ((packed)); +#define UBS_PKTBUF_LEN 0x0000ffff /* length mask */ + +struct ubsec_mcr { + volatile u_int16_t mcr_pkts; /* #pkts in this mcr */ + volatile u_int16_t mcr_flags; /* mcr flags (below) */ + volatile u_int32_t mcr_cmdctxp; /* command ctx pointer */ + struct ubsec_pktbuf mcr_ipktbuf; /* input chain header */ + volatile u_int16_t mcr_reserved; + volatile u_int16_t mcr_pktlen; + struct ubsec_pktbuf mcr_opktbuf; /* output chain header */ +} __attribute__ ((packed)); + +struct ubsec_mcr_add { + volatile u_int32_t mcr_cmdctxp; /* command ctx pointer */ + struct ubsec_pktbuf mcr_ipktbuf; /* input chain header */ + volatile u_int16_t mcr_reserved; + volatile u_int16_t mcr_pktlen; + struct ubsec_pktbuf mcr_opktbuf; /* output chain header */ +} __attribute__ ((packed)); + +#define UBS_MCR_DONE 0x0001 /* mcr has been processed */ +#define UBS_MCR_ERROR 0x0002 /* error in processing */ +#define UBS_MCR_ERRORCODE 0xff00 /* error type */ + +struct ubsec_ctx_keyop { + volatile u_int16_t ctx_len; /* command length */ + volatile u_int16_t ctx_op; /* operation code */ + volatile u_int8_t ctx_pad[60]; /* padding */ +} __attribute__ ((packed)); +#define UBS_CTXOP_DHPKGEN 0x01 /* dh public key generation */ +#define UBS_CTXOP_DHSSGEN 0x02 /* dh shared secret gen. */ +#define UBS_CTXOP_RSAPUB 0x03 /* rsa public key op */ +#define UBS_CTXOP_RSAPRIV 0x04 /* rsa private key op */ +#define UBS_CTXOP_DSASIGN 0x05 /* dsa signing op */ +#define UBS_CTXOP_DSAVRFY 0x06 /* dsa verification */ +#define UBS_CTXOP_RNGBYPASS 0x41 /* rng direct test mode */ +#define UBS_CTXOP_RNGSHA1 0x42 /* rng sha1 test mode */ +#define UBS_CTXOP_MODADD 0x43 /* modular addition */ +#define UBS_CTXOP_MODSUB 0x44 /* modular subtraction */ +#define UBS_CTXOP_MODMUL 0x45 /* modular multiplication */ +#define UBS_CTXOP_MODRED 0x46 /* modular reduction */ +#define UBS_CTXOP_MODEXP 0x47 /* modular exponentiation */ +#define UBS_CTXOP_MODINV 0x48 /* modular inverse */ + +struct ubsec_ctx_rngbypass { + volatile u_int16_t rbp_len; /* command length, 64 */ + volatile u_int16_t rbp_op; /* rng bypass, 0x41 */ + volatile u_int8_t rbp_pad[60]; /* padding */ +} __attribute__ ((packed)); + +/* modexp: C = (M ^ E) mod N */ +struct ubsec_ctx_modexp { + volatile u_int16_t me_len; /* command length */ + volatile u_int16_t me_op; /* modexp, 0x47 */ + volatile u_int16_t me_E_len; /* E (bits) */ + volatile u_int16_t me_N_len; /* N (bits) */ + u_int8_t me_N[2048/8]; /* N */ +} __attribute__ ((packed)); + +struct ubsec_ctx_rsapriv { + volatile u_int16_t rpr_len; /* command length */ + volatile u_int16_t rpr_op; /* rsaprivate, 0x04 */ + volatile u_int16_t rpr_q_len; /* q (bits) */ + volatile u_int16_t rpr_p_len; /* p (bits) */ + u_int8_t rpr_buf[5 * 1024 / 8]; /* parameters: */ + /* p, q, dp, dq, pinv */ +} __attribute__ ((packed)); diff --git a/target/linux/generic/files/crypto/ocf/ubsec_ssb/ubsecvar.h b/target/linux/generic/files/crypto/ocf/ubsec_ssb/ubsecvar.h new file mode 100644 index 00000000000..c808f955b44 --- /dev/null +++ b/target/linux/generic/files/crypto/ocf/ubsec_ssb/ubsecvar.h @@ -0,0 +1,228 @@ + +/* + * Copyright (c) 2008 Daniel Mueller (daniel@danm.de) + * Copyright (c) 2000 Theo de Raadt + * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com) + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * + */ + +/* Maximum queue length */ +#ifndef UBS_MAX_NQUEUE +#define UBS_MAX_NQUEUE 60 +#endif + +#define UBS_MAX_SCATTER 64 /* Maximum scatter/gather depth */ + +#ifndef UBS_MAX_AGGR +#define UBS_MAX_AGGR 5 /* Maximum aggregation count */ +#endif + +#define UBSEC_CARD(sid) (((sid) & 0xf0000000) >> 28) +#define UBSEC_SESSION(sid) ( (sid) & 0x0fffffff) +#define UBSEC_SID(crd, sesn) (((crd) << 28) | ((sesn) & 0x0fffffff)) + +#define UBS_DEF_RTY 0xff /* PCI Retry Timeout */ +#define UBS_DEF_TOUT 0xff /* PCI TRDY Timeout */ +#define UBS_DEF_CACHELINE 0x01 /* Cache Line setting */ + +#define DEFAULT_HMAC_LEN 12 + +struct ubsec_dma_alloc { + dma_addr_t dma_paddr; + void *dma_vaddr; + /* + bus_dmamap_t dma_map; + bus_dma_segment_t dma_seg; + */ + size_t dma_size; + /* + int dma_nseg; + */ +}; + +struct ubsec_q2 { + BSD_SIMPLEQ_ENTRY(ubsec_q2) q_next; + struct ubsec_dma_alloc q_mcr; + struct ubsec_dma_alloc q_ctx; + u_int q_type; +}; + +struct ubsec_q2_rng { + struct ubsec_q2 rng_q; + struct ubsec_dma_alloc rng_buf; + int rng_used; +}; + +/* C = (M ^ E) mod N */ +#define UBS_MODEXP_PAR_M 0 +#define UBS_MODEXP_PAR_E 1 +#define UBS_MODEXP_PAR_N 2 +struct ubsec_q2_modexp { + struct ubsec_q2 me_q; + struct cryptkop * me_krp; + struct ubsec_dma_alloc me_M; + struct ubsec_dma_alloc me_E; + struct ubsec_dma_alloc me_C; + struct ubsec_dma_alloc me_epb; + int me_modbits; + int me_shiftbits; + int me_normbits; +}; + +#define UBS_RSAPRIV_PAR_P 0 +#define UBS_RSAPRIV_PAR_Q 1 +#define UBS_RSAPRIV_PAR_DP 2 +#define UBS_RSAPRIV_PAR_DQ 3 +#define UBS_RSAPRIV_PAR_PINV 4 +#define UBS_RSAPRIV_PAR_MSGIN 5 +#define UBS_RSAPRIV_PAR_MSGOUT 6 +struct ubsec_q2_rsapriv { + struct ubsec_q2 rpr_q; + struct cryptkop * rpr_krp; + struct ubsec_dma_alloc rpr_msgin; + struct ubsec_dma_alloc rpr_msgout; +}; + +#define UBSEC_RNG_BUFSIZ 16 /* measured in 32bit words */ + +struct ubsec_dmachunk { + struct ubsec_mcr d_mcr; + struct ubsec_mcr_add d_mcradd[UBS_MAX_AGGR-1]; + struct ubsec_pktbuf d_sbuf[UBS_MAX_SCATTER-1]; + struct ubsec_pktbuf d_dbuf[UBS_MAX_SCATTER-1]; + u_int32_t d_macbuf[5]; + union { + struct ubsec_pktctx_aes256 ctxaes256; + struct ubsec_pktctx_aes192 ctxaes192; + struct ubsec_pktctx_des ctxdes; + struct ubsec_pktctx_aes128 ctxaes128; + struct ubsec_pktctx ctx; + } d_ctx; +}; + +struct ubsec_dma { + BSD_SIMPLEQ_ENTRY(ubsec_dma) d_next; + struct ubsec_dmachunk *d_dma; + struct ubsec_dma_alloc d_alloc; +}; + +#define UBS_FLAGS_KEY 0x01 /* has key accelerator */ +#define UBS_FLAGS_LONGCTX 0x02 /* uses long ipsec ctx */ +#define UBS_FLAGS_BIGKEY 0x04 /* 2048bit keys */ +#define UBS_FLAGS_HWNORM 0x08 /* hardware normalization */ +#define UBS_FLAGS_RNG 0x10 /* hardware rng */ +#define UBS_FLAGS_AES 0x20 /* hardware AES support */ + +struct ubsec_q { + BSD_SIMPLEQ_ENTRY(ubsec_q) q_next; + int q_nstacked_mcrs; + struct ubsec_q *q_stacked_mcr[UBS_MAX_AGGR-1]; + struct cryptop *q_crp; + struct ubsec_dma *q_dma; + + //struct mbuf *q_src_m, *q_dst_m; + struct sk_buff *q_src_m, *q_dst_m; + struct uio *q_src_io, *q_dst_io; + + /* + bus_dmamap_t q_src_map; + bus_dmamap_t q_dst_map; + */ + + /* DMA addresses for In-/Out packages */ + int q_src_len; + int q_dst_len; + struct ubsec_dma_alloc q_src_map[UBS_MAX_SCATTER]; + struct ubsec_dma_alloc q_dst_map[UBS_MAX_SCATTER]; + int q_has_dst; + + int q_sesn; + int q_flags; +}; + +struct ubsec_softc { + softc_device_decl sc_dev; + struct ssb_device *sdev; /* device backpointer */ + + struct device *sc_dv; /* generic device */ + void *sc_ih; /* interrupt handler cookie */ + int sc_flags; /* device specific flags */ + u_int32_t sc_statmask; /* interrupt status mask */ + int32_t sc_cid; /* crypto tag */ + BSD_SIMPLEQ_HEAD(,ubsec_q) sc_queue; /* packet queue, mcr1 */ + int sc_nqueue; /* count enqueued, mcr1 */ + BSD_SIMPLEQ_HEAD(,ubsec_q) sc_qchip; /* on chip, mcr1 */ + BSD_SIMPLEQ_HEAD(,ubsec_q) sc_freequeue; /* list of free queue elements */ + BSD_SIMPLEQ_HEAD(,ubsec_q2) sc_queue2; /* packet queue, mcr2 */ + int sc_nqueue2; /* count enqueued, mcr2 */ + BSD_SIMPLEQ_HEAD(,ubsec_q2) sc_qchip2; /* on chip, mcr2 */ + int sc_nsessions; /* # of sessions */ + struct ubsec_session *sc_sessions; /* sessions */ + int sc_rnghz; /* rng poll time */ + struct ubsec_q2_rng sc_rng; + struct ubsec_dma sc_dmaa[UBS_MAX_NQUEUE]; + struct ubsec_q *sc_queuea[UBS_MAX_NQUEUE]; + BSD_SIMPLEQ_HEAD(,ubsec_q2) sc_q2free; /* free list */ + spinlock_t sc_ringmtx; /* PE ring lock */ +}; + +#define UBSEC_QFLAGS_COPYOUTIV 0x1 + +struct ubsec_session { + u_int32_t ses_used; + u_int32_t ses_key[8]; /* 3DES/AES key */ + u_int32_t ses_hminner[5]; /* hmac inner state */ + u_int32_t ses_hmouter[5]; /* hmac outer state */ + u_int32_t ses_iv[4]; /* [3]DES/AES iv */ + u_int32_t ses_keysize; /* AES key size */ + u_int32_t ses_mlen; /* hmac/hash length */ +}; + +struct ubsec_stats { + u_int64_t hst_ibytes; + u_int64_t hst_obytes; + u_int32_t hst_ipackets; + u_int32_t hst_opackets; + u_int32_t hst_invalid; + u_int32_t hst_nomem; + u_int32_t hst_queuefull; + u_int32_t hst_dmaerr; + u_int32_t hst_mcrerr; + u_int32_t hst_nodmafree; +}; + +struct ubsec_generic_ctx { + u_int32_t pc_key[8]; /* [3]DES/AES key */ + u_int32_t pc_hminner[5]; /* hmac inner state */ + u_int32_t pc_hmouter[5]; /* hmac outer state */ + u_int32_t pc_iv[4]; /* [3]DES/AES iv */ + u_int16_t pc_flags; /* flags, below */ + u_int16_t pc_offset; /* crypto offset */ + u_int16_t pc_type; /* Cryptographic operation */ +}; + diff --git a/target/linux/generic/patches-2.6.30/971-ocf_20100325.patch b/target/linux/generic/patches-2.6.30/971-ocf_20100325.patch deleted file mode 100644 index c1bc4495684..00000000000 --- a/target/linux/generic/patches-2.6.30/971-ocf_20100325.patch +++ /dev/null @@ -1,160 +0,0 @@ ---- a/drivers/char/random.c -+++ b/drivers/char/random.c -@@ -129,6 +129,9 @@ - * unsigned int value); - * void add_interrupt_randomness(int irq); - * -+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) -+ * int random_input_wait(void); -+ * - * add_input_randomness() uses the input layer interrupt timing, as well as - * the event type information from the hardware. - * -@@ -140,6 +143,13 @@ - * a better measure, since the timing of the disk interrupts are more - * unpredictable. - * -+ * random_input_words() just provides a raw block of entropy to the input -+ * pool, such as from a hardware entropy generator. -+ * -+ * random_input_wait() suspends the caller until such time as the -+ * entropy pool falls below the write threshold, and returns a count of how -+ * much entropy (in bits) is needed to sustain the pool. -+ * - * All of these routines try to estimate how many bits of randomness a - * particular randomness source. They do this by keeping track of the - * first and second order deltas of the event timings. -@@ -712,6 +722,61 @@ void add_disk_randomness(struct gendisk - } - #endif - -+/* -+ * random_input_words - add bulk entropy to pool -+ * -+ * @buf: buffer to add -+ * @wordcount: number of __u32 words to add -+ * @ent_count: total amount of entropy (in bits) to credit -+ * -+ * this provides bulk input of entropy to the input pool -+ * -+ */ -+void random_input_words(__u32 *buf, size_t wordcount, int ent_count) -+{ -+ mix_pool_bytes(&input_pool, buf, wordcount*4); -+ -+ credit_entropy_bits(&input_pool, ent_count); -+ -+ DEBUG_ENT("crediting %d bits => %d\n", -+ ent_count, input_pool.entropy_count); -+ /* -+ * Wake up waiting processes if we have enough -+ * entropy. -+ */ -+ if (input_pool.entropy_count >= random_read_wakeup_thresh) -+ wake_up_interruptible(&random_read_wait); -+} -+EXPORT_SYMBOL(random_input_words); -+ -+/* -+ * random_input_wait - wait until random needs entropy -+ * -+ * this function sleeps until the /dev/random subsystem actually -+ * needs more entropy, and then return the amount of entropy -+ * that it would be nice to have added to the system. -+ */ -+int random_input_wait(void) -+{ -+ int count; -+ -+ wait_event_interruptible(random_write_wait, -+ input_pool.entropy_count < random_write_wakeup_thresh); -+ -+ count = random_write_wakeup_thresh - input_pool.entropy_count; -+ -+ /* likely we got woken up due to a signal */ -+ if (count <= 0) count = random_read_wakeup_thresh; -+ -+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n", -+ count, -+ input_pool.entropy_count, random_write_wakeup_thresh); -+ -+ return count; -+} -+EXPORT_SYMBOL(random_input_wait); -+ -+ - #define EXTRACT_SIZE 10 - - /********************************************************************* ---- a/fs/fcntl.c -+++ b/fs/fcntl.c -@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde - } - return ret; - } -+EXPORT_SYMBOL(sys_dup); - - #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME) - ---- a/include/linux/miscdevice.h -+++ b/include/linux/miscdevice.h -@@ -12,6 +12,7 @@ - #define APOLLO_MOUSE_MINOR 7 - #define PC110PAD_MINOR 9 - /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */ -+#define CRYPTODEV_MINOR 70 /* /dev/crypto */ - #define WATCHDOG_MINOR 130 /* Watchdog timer */ - #define TEMP_MINOR 131 /* Temperature Sensor */ - #define RTC_MINOR 135 ---- a/include/linux/random.h -+++ b/include/linux/random.h -@@ -9,6 +9,7 @@ - - #include - #include -+#include /* for __u32 in user space */ - #include - - /* ioctl()'s for the random number generator */ -@@ -34,6 +35,30 @@ - /* Clear the entropy pool and associated counters. (Superuser only.) */ - #define RNDCLEARPOOL _IO( 'R', 0x06 ) - -+#ifdef CONFIG_FIPS_RNG -+ -+/* Size of seed value - equal to AES blocksize */ -+#define AES_BLOCK_SIZE_BYTES 16 -+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES -+/* Size of AES key */ -+#define KEY_SIZE_BYTES 16 -+ -+/* ioctl() structure used by FIPS 140-2 Tests */ -+struct rand_fips_test { -+ unsigned char key[KEY_SIZE_BYTES]; /* Input */ -+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */ -+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */ -+ unsigned char result[SEED_SIZE_BYTES]; /* Output */ -+}; -+ -+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */ -+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test) -+ -+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */ -+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test) -+ -+#endif /* #ifdef CONFIG_FIPS_RNG */ -+ - struct rand_pool_info { - int entropy_count; - int buf_size; -@@ -50,6 +75,10 @@ extern void add_input_randomness(unsigne - unsigned int value); - extern void add_interrupt_randomness(int irq); - -+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count); -+extern int random_input_wait(void); -+#define HAS_RANDOM_INPUT_WAIT 1 -+ - extern void get_random_bytes(void *buf, int nbytes); - void generate_random_uuid(unsigned char uuid_out[16]); - diff --git a/target/linux/generic/patches-2.6.30/971-ocf_20110720.patch b/target/linux/generic/patches-2.6.30/971-ocf_20110720.patch new file mode 100644 index 00000000000..73210a010a1 --- /dev/null +++ b/target/linux/generic/patches-2.6.30/971-ocf_20110720.patch @@ -0,0 +1,132 @@ + +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -129,6 +129,9 @@ + * unsigned int value); + * void add_interrupt_randomness(int irq); + * ++ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) ++ * int random_input_wait(void); ++ * + * add_input_randomness() uses the input layer interrupt timing, as well as + * the event type information from the hardware. + * +@@ -140,6 +143,13 @@ + * a better measure, since the timing of the disk interrupts are more + * unpredictable. + * ++ * random_input_words() just provides a raw block of entropy to the input ++ * pool, such as from a hardware entropy generator. ++ * ++ * random_input_wait() suspends the caller until such time as the ++ * entropy pool falls below the write threshold, and returns a count of how ++ * much entropy (in bits) is needed to sustain the pool. ++ * + * All of these routines try to estimate how many bits of randomness a + * particular randomness source. They do this by keeping track of the + * first and second order deltas of the event timings. +@@ -712,6 +722,61 @@ void add_disk_randomness(struct gendisk + } + #endif + ++/* ++ * random_input_words - add bulk entropy to pool ++ * ++ * @buf: buffer to add ++ * @wordcount: number of __u32 words to add ++ * @ent_count: total amount of entropy (in bits) to credit ++ * ++ * this provides bulk input of entropy to the input pool ++ * ++ */ ++void random_input_words(__u32 *buf, size_t wordcount, int ent_count) ++{ ++ mix_pool_bytes(&input_pool, buf, wordcount*4); ++ ++ credit_entropy_bits(&input_pool, ent_count); ++ ++ DEBUG_ENT("crediting %d bits => %d\n", ++ ent_count, input_pool.entropy_count); ++ /* ++ * Wake up waiting processes if we have enough ++ * entropy. ++ */ ++ if (input_pool.entropy_count >= random_read_wakeup_thresh) ++ wake_up_interruptible(&random_read_wait); ++} ++EXPORT_SYMBOL(random_input_words); ++ ++/* ++ * random_input_wait - wait until random needs entropy ++ * ++ * this function sleeps until the /dev/random subsystem actually ++ * needs more entropy, and then return the amount of entropy ++ * that it would be nice to have added to the system. ++ */ ++int random_input_wait(void) ++{ ++ int count; ++ ++ wait_event_interruptible(random_write_wait, ++ input_pool.entropy_count < random_write_wakeup_thresh); ++ ++ count = random_write_wakeup_thresh - input_pool.entropy_count; ++ ++ /* likely we got woken up due to a signal */ ++ if (count <= 0) count = random_read_wakeup_thresh; ++ ++ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n", ++ count, ++ input_pool.entropy_count, random_write_wakeup_thresh); ++ ++ return count; ++} ++EXPORT_SYMBOL(random_input_wait); ++ ++ + #define EXTRACT_SIZE 10 + + /********************************************************************* +--- a/fs/fcntl.c ++++ b/fs/fcntl.c +@@ -196,6 +196,7 @@ static int setfl(int fd, struct file * f + out: + return error; + } ++EXPORT_SYMBOL(sys_dup); + + static void f_modown(struct file *filp, struct pid *pid, enum pid_type type, + uid_t uid, uid_t euid, int force) +--- a/include/linux/miscdevice.h ++++ b/include/linux/miscdevice.h +@@ -12,6 +12,7 @@ + #define APOLLO_MOUSE_MINOR 7 + #define PC110PAD_MINOR 9 + /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */ ++#define CRYPTODEV_MINOR 70 /* /dev/crypto */ + #define WATCHDOG_MINOR 130 /* Watchdog timer */ + #define TEMP_MINOR 131 /* Temperature Sensor */ + #define RTC_MINOR 135 +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -50,6 +50,10 @@ extern void add_input_randomness(unsigne + unsigned int value); + extern void add_interrupt_randomness(int irq); + ++extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count); ++extern int random_input_wait(void); ++#define HAS_RANDOM_INPUT_WAIT 1 ++ + extern void get_random_bytes(void *buf, int nbytes); + void generate_random_uuid(unsigned char uuid_out[16]); + +--- a/kernel/pid.c ++++ b/kernel/pid.c +@@ -383,6 +383,7 @@ struct task_struct *find_task_by_pid_typ + { + return pid_task(find_pid_ns(nr, ns), type); + } ++EXPORT_SYMBOL(find_task_by_vpid); + + EXPORT_SYMBOL(find_task_by_pid_type_ns); + diff --git a/target/linux/generic/patches-2.6.31/971-ocf_20100325.patch b/target/linux/generic/patches-2.6.31/971-ocf_20100325.patch deleted file mode 100644 index 46dd71fe9ee..00000000000 --- a/target/linux/generic/patches-2.6.31/971-ocf_20100325.patch +++ /dev/null @@ -1,170 +0,0 @@ ---- a/drivers/char/random.c -+++ b/drivers/char/random.c -@@ -129,6 +129,9 @@ - * unsigned int value); - * void add_interrupt_randomness(int irq); - * -+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) -+ * int random_input_wait(void); -+ * - * add_input_randomness() uses the input layer interrupt timing, as well as - * the event type information from the hardware. - * -@@ -140,6 +143,13 @@ - * a better measure, since the timing of the disk interrupts are more - * unpredictable. - * -+ * random_input_words() just provides a raw block of entropy to the input -+ * pool, such as from a hardware entropy generator. -+ * -+ * random_input_wait() suspends the caller until such time as the -+ * entropy pool falls below the write threshold, and returns a count of how -+ * much entropy (in bits) is needed to sustain the pool. -+ * - * All of these routines try to estimate how many bits of randomness a - * particular randomness source. They do this by keeping track of the - * first and second order deltas of the event timings. -@@ -712,6 +722,61 @@ void add_disk_randomness(struct gendisk - } - #endif - -+/* -+ * random_input_words - add bulk entropy to pool -+ * -+ * @buf: buffer to add -+ * @wordcount: number of __u32 words to add -+ * @ent_count: total amount of entropy (in bits) to credit -+ * -+ * this provides bulk input of entropy to the input pool -+ * -+ */ -+void random_input_words(__u32 *buf, size_t wordcount, int ent_count) -+{ -+ mix_pool_bytes(&input_pool, buf, wordcount*4); -+ -+ credit_entropy_bits(&input_pool, ent_count); -+ -+ DEBUG_ENT("crediting %d bits => %d\n", -+ ent_count, input_pool.entropy_count); -+ /* -+ * Wake up waiting processes if we have enough -+ * entropy. -+ */ -+ if (input_pool.entropy_count >= random_read_wakeup_thresh) -+ wake_up_interruptible(&random_read_wait); -+} -+EXPORT_SYMBOL(random_input_words); -+ -+/* -+ * random_input_wait - wait until random needs entropy -+ * -+ * this function sleeps until the /dev/random subsystem actually -+ * needs more entropy, and then return the amount of entropy -+ * that it would be nice to have added to the system. -+ */ -+int random_input_wait(void) -+{ -+ int count; -+ -+ wait_event_interruptible(random_write_wait, -+ input_pool.entropy_count < random_write_wakeup_thresh); -+ -+ count = random_write_wakeup_thresh - input_pool.entropy_count; -+ -+ /* likely we got woken up due to a signal */ -+ if (count <= 0) count = random_read_wakeup_thresh; -+ -+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n", -+ count, -+ input_pool.entropy_count, random_write_wakeup_thresh); -+ -+ return count; -+} -+EXPORT_SYMBOL(random_input_wait); -+ -+ - #define EXTRACT_SIZE 10 - - /********************************************************************* ---- a/fs/fcntl.c -+++ b/fs/fcntl.c -@@ -141,6 +141,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde - } - return ret; - } -+EXPORT_SYMBOL(sys_dup); - - #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME) - ---- a/include/linux/miscdevice.h -+++ b/include/linux/miscdevice.h -@@ -12,6 +12,7 @@ - #define APOLLO_MOUSE_MINOR 7 - #define PC110PAD_MINOR 9 - /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */ -+#define CRYPTODEV_MINOR 70 /* /dev/crypto */ - #define WATCHDOG_MINOR 130 /* Watchdog timer */ - #define TEMP_MINOR 131 /* Temperature Sensor */ - #define RTC_MINOR 135 ---- a/include/linux/random.h -+++ b/include/linux/random.h -@@ -9,6 +9,7 @@ - - #include - #include -+#include /* for __u32 in user space */ - #include - - /* ioctl()'s for the random number generator */ -@@ -34,6 +35,30 @@ - /* Clear the entropy pool and associated counters. (Superuser only.) */ - #define RNDCLEARPOOL _IO( 'R', 0x06 ) - -+#ifdef CONFIG_FIPS_RNG -+ -+/* Size of seed value - equal to AES blocksize */ -+#define AES_BLOCK_SIZE_BYTES 16 -+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES -+/* Size of AES key */ -+#define KEY_SIZE_BYTES 16 -+ -+/* ioctl() structure used by FIPS 140-2 Tests */ -+struct rand_fips_test { -+ unsigned char key[KEY_SIZE_BYTES]; /* Input */ -+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */ -+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */ -+ unsigned char result[SEED_SIZE_BYTES]; /* Output */ -+}; -+ -+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */ -+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test) -+ -+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */ -+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test) -+ -+#endif /* #ifdef CONFIG_FIPS_RNG */ -+ - struct rand_pool_info { - int entropy_count; - int buf_size; -@@ -50,6 +75,10 @@ extern void add_input_randomness(unsigne - unsigned int value); - extern void add_interrupt_randomness(int irq); - -+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count); -+extern int random_input_wait(void); -+#define HAS_RANDOM_INPUT_WAIT 1 -+ - extern void get_random_bytes(void *buf, int nbytes); - void generate_random_uuid(unsigned char uuid_out[16]); - ---- a/kernel/pid.c -+++ b/kernel/pid.c -@@ -387,6 +387,7 @@ struct task_struct *find_task_by_vpid(pi - { - return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); - } -+EXPORT_SYMBOL(find_task_by_vpid); - - struct pid *get_task_pid(struct task_struct *task, enum pid_type type) - { diff --git a/target/linux/generic/patches-2.6.31/971-ocf_20110720.patch b/target/linux/generic/patches-2.6.31/971-ocf_20110720.patch new file mode 100644 index 00000000000..ce3e3ad0c45 --- /dev/null +++ b/target/linux/generic/patches-2.6.31/971-ocf_20110720.patch @@ -0,0 +1,131 @@ +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -129,6 +129,9 @@ + * unsigned int value); + * void add_interrupt_randomness(int irq); + * ++ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) ++ * int random_input_wait(void); ++ * + * add_input_randomness() uses the input layer interrupt timing, as well as + * the event type information from the hardware. + * +@@ -140,6 +143,13 @@ + * a better measure, since the timing of the disk interrupts are more + * unpredictable. + * ++ * random_input_words() just provides a raw block of entropy to the input ++ * pool, such as from a hardware entropy generator. ++ * ++ * random_input_wait() suspends the caller until such time as the ++ * entropy pool falls below the write threshold, and returns a count of how ++ * much entropy (in bits) is needed to sustain the pool. ++ * + * All of these routines try to estimate how many bits of randomness a + * particular randomness source. They do this by keeping track of the + * first and second order deltas of the event timings. +@@ -712,6 +722,61 @@ void add_disk_randomness(struct gendisk + } + #endif + ++/* ++ * random_input_words - add bulk entropy to pool ++ * ++ * @buf: buffer to add ++ * @wordcount: number of __u32 words to add ++ * @ent_count: total amount of entropy (in bits) to credit ++ * ++ * this provides bulk input of entropy to the input pool ++ * ++ */ ++void random_input_words(__u32 *buf, size_t wordcount, int ent_count) ++{ ++ mix_pool_bytes(&input_pool, buf, wordcount*4); ++ ++ credit_entropy_bits(&input_pool, ent_count); ++ ++ DEBUG_ENT("crediting %d bits => %d\n", ++ ent_count, input_pool.entropy_count); ++ /* ++ * Wake up waiting processes if we have enough ++ * entropy. ++ */ ++ if (input_pool.entropy_count >= random_read_wakeup_thresh) ++ wake_up_interruptible(&random_read_wait); ++} ++EXPORT_SYMBOL(random_input_words); ++ ++/* ++ * random_input_wait - wait until random needs entropy ++ * ++ * this function sleeps until the /dev/random subsystem actually ++ * needs more entropy, and then return the amount of entropy ++ * that it would be nice to have added to the system. ++ */ ++int random_input_wait(void) ++{ ++ int count; ++ ++ wait_event_interruptible(random_write_wait, ++ input_pool.entropy_count < random_write_wakeup_thresh); ++ ++ count = random_write_wakeup_thresh - input_pool.entropy_count; ++ ++ /* likely we got woken up due to a signal */ ++ if (count <= 0) count = random_read_wakeup_thresh; ++ ++ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n", ++ count, ++ input_pool.entropy_count, random_write_wakeup_thresh); ++ ++ return count; ++} ++EXPORT_SYMBOL(random_input_wait); ++ ++ + #define EXTRACT_SIZE 10 + + /********************************************************************* +--- a/fs/fcntl.c ++++ b/fs/fcntl.c +@@ -195,6 +195,7 @@ static int setfl(int fd, struct file * f + out: + return error; + } ++EXPORT_SYMBOL(sys_dup); + + static void f_modown(struct file *filp, struct pid *pid, enum pid_type type, + int force) +--- a/include/linux/miscdevice.h ++++ b/include/linux/miscdevice.h +@@ -12,6 +12,7 @@ + #define APOLLO_MOUSE_MINOR 7 + #define PC110PAD_MINOR 9 + /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */ ++#define CRYPTODEV_MINOR 70 /* /dev/crypto */ + #define WATCHDOG_MINOR 130 /* Watchdog timer */ + #define TEMP_MINOR 131 /* Temperature Sensor */ + #define RTC_MINOR 135 +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -50,6 +50,10 @@ extern void add_input_randomness(unsigne + unsigned int value); + extern void add_interrupt_randomness(int irq); + ++extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count); ++extern int random_input_wait(void); ++#define HAS_RANDOM_INPUT_WAIT 1 ++ + extern void get_random_bytes(void *buf, int nbytes); + void generate_random_uuid(unsigned char uuid_out[16]); + +--- a/kernel/pid.c ++++ b/kernel/pid.c +@@ -387,6 +387,7 @@ struct task_struct *find_task_by_vpid(pi + { + return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); + } ++EXPORT_SYMBOL(find_task_by_vpid); + + struct pid *get_task_pid(struct task_struct *task, enum pid_type type) + { diff --git a/target/linux/generic/patches-2.6.32/971-ocf_20100325.patch b/target/linux/generic/patches-2.6.32/971-ocf_20100325.patch deleted file mode 100644 index 8eff02fa6c9..00000000000 --- a/target/linux/generic/patches-2.6.32/971-ocf_20100325.patch +++ /dev/null @@ -1,170 +0,0 @@ ---- a/drivers/char/random.c -+++ b/drivers/char/random.c -@@ -129,6 +129,9 @@ - * unsigned int value); - * void add_interrupt_randomness(int irq); - * -+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) -+ * int random_input_wait(void); -+ * - * add_input_randomness() uses the input layer interrupt timing, as well as - * the event type information from the hardware. - * -@@ -140,6 +143,13 @@ - * a better measure, since the timing of the disk interrupts are more - * unpredictable. - * -+ * random_input_words() just provides a raw block of entropy to the input -+ * pool, such as from a hardware entropy generator. -+ * -+ * random_input_wait() suspends the caller until such time as the -+ * entropy pool falls below the write threshold, and returns a count of how -+ * much entropy (in bits) is needed to sustain the pool. -+ * - * All of these routines try to estimate how many bits of randomness a - * particular randomness source. They do this by keeping track of the - * first and second order deltas of the event timings. -@@ -714,6 +724,61 @@ void add_disk_randomness(struct gendisk - } - #endif - -+/* -+ * random_input_words - add bulk entropy to pool -+ * -+ * @buf: buffer to add -+ * @wordcount: number of __u32 words to add -+ * @ent_count: total amount of entropy (in bits) to credit -+ * -+ * this provides bulk input of entropy to the input pool -+ * -+ */ -+void random_input_words(__u32 *buf, size_t wordcount, int ent_count) -+{ -+ mix_pool_bytes(&input_pool, buf, wordcount*4); -+ -+ credit_entropy_bits(&input_pool, ent_count); -+ -+ DEBUG_ENT("crediting %d bits => %d\n", -+ ent_count, input_pool.entropy_count); -+ /* -+ * Wake up waiting processes if we have enough -+ * entropy. -+ */ -+ if (input_pool.entropy_count >= random_read_wakeup_thresh) -+ wake_up_interruptible(&random_read_wait); -+} -+EXPORT_SYMBOL(random_input_words); -+ -+/* -+ * random_input_wait - wait until random needs entropy -+ * -+ * this function sleeps until the /dev/random subsystem actually -+ * needs more entropy, and then return the amount of entropy -+ * that it would be nice to have added to the system. -+ */ -+int random_input_wait(void) -+{ -+ int count; -+ -+ wait_event_interruptible(random_write_wait, -+ input_pool.entropy_count < random_write_wakeup_thresh); -+ -+ count = random_write_wakeup_thresh - input_pool.entropy_count; -+ -+ /* likely we got woken up due to a signal */ -+ if (count <= 0) count = random_read_wakeup_thresh; -+ -+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n", -+ count, -+ input_pool.entropy_count, random_write_wakeup_thresh); -+ -+ return count; -+} -+EXPORT_SYMBOL(random_input_wait); -+ -+ - #define EXTRACT_SIZE 10 - - /********************************************************************* ---- a/fs/fcntl.c -+++ b/fs/fcntl.c -@@ -141,6 +141,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde - } - return ret; - } -+EXPORT_SYMBOL(sys_dup); - - #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME) - ---- a/include/linux/miscdevice.h -+++ b/include/linux/miscdevice.h -@@ -12,6 +12,7 @@ - #define APOLLO_MOUSE_MINOR 7 - #define PC110PAD_MINOR 9 - /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */ -+#define CRYPTODEV_MINOR 70 /* /dev/crypto */ - #define WATCHDOG_MINOR 130 /* Watchdog timer */ - #define TEMP_MINOR 131 /* Temperature Sensor */ - #define RTC_MINOR 135 ---- a/include/linux/random.h -+++ b/include/linux/random.h -@@ -9,6 +9,7 @@ - - #include - #include -+#include /* for __u32 in user space */ - #include - - /* ioctl()'s for the random number generator */ -@@ -34,6 +35,30 @@ - /* Clear the entropy pool and associated counters. (Superuser only.) */ - #define RNDCLEARPOOL _IO( 'R', 0x06 ) - -+#ifdef CONFIG_FIPS_RNG -+ -+/* Size of seed value - equal to AES blocksize */ -+#define AES_BLOCK_SIZE_BYTES 16 -+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES -+/* Size of AES key */ -+#define KEY_SIZE_BYTES 16 -+ -+/* ioctl() structure used by FIPS 140-2 Tests */ -+struct rand_fips_test { -+ unsigned char key[KEY_SIZE_BYTES]; /* Input */ -+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */ -+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */ -+ unsigned char result[SEED_SIZE_BYTES]; /* Output */ -+}; -+ -+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */ -+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test) -+ -+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */ -+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test) -+ -+#endif /* #ifdef CONFIG_FIPS_RNG */ -+ - struct rand_pool_info { - int entropy_count; - int buf_size; -@@ -50,6 +75,10 @@ extern void add_input_randomness(unsigne - unsigned int value); - extern void add_interrupt_randomness(int irq); - -+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count); -+extern int random_input_wait(void); -+#define HAS_RANDOM_INPUT_WAIT 1 -+ - extern void get_random_bytes(void *buf, int nbytes); - void generate_random_uuid(unsigned char uuid_out[16]); - ---- a/kernel/pid.c -+++ b/kernel/pid.c -@@ -387,6 +387,7 @@ struct task_struct *find_task_by_vpid(pi - { - return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); - } -+EXPORT_SYMBOL(find_task_by_vpid); - - struct pid *get_task_pid(struct task_struct *task, enum pid_type type) - { diff --git a/target/linux/generic/patches-2.6.32/971-ocf_20110720.patch b/target/linux/generic/patches-2.6.32/971-ocf_20110720.patch new file mode 100644 index 00000000000..bfc5bda94f4 --- /dev/null +++ b/target/linux/generic/patches-2.6.32/971-ocf_20110720.patch @@ -0,0 +1,131 @@ +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -129,6 +129,9 @@ + * unsigned int value); + * void add_interrupt_randomness(int irq); + * ++ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) ++ * int random_input_wait(void); ++ * + * add_input_randomness() uses the input layer interrupt timing, as well as + * the event type information from the hardware. + * +@@ -140,6 +143,13 @@ + * a better measure, since the timing of the disk interrupts are more + * unpredictable. + * ++ * random_input_words() just provides a raw block of entropy to the input ++ * pool, such as from a hardware entropy generator. ++ * ++ * random_input_wait() suspends the caller until such time as the ++ * entropy pool falls below the write threshold, and returns a count of how ++ * much entropy (in bits) is needed to sustain the pool. ++ * + * All of these routines try to estimate how many bits of randomness a + * particular randomness source. They do this by keeping track of the + * first and second order deltas of the event timings. +@@ -714,6 +724,61 @@ void add_disk_randomness(struct gendisk + } + #endif + ++/* ++ * random_input_words - add bulk entropy to pool ++ * ++ * @buf: buffer to add ++ * @wordcount: number of __u32 words to add ++ * @ent_count: total amount of entropy (in bits) to credit ++ * ++ * this provides bulk input of entropy to the input pool ++ * ++ */ ++void random_input_words(__u32 *buf, size_t wordcount, int ent_count) ++{ ++ mix_pool_bytes(&input_pool, buf, wordcount*4); ++ ++ credit_entropy_bits(&input_pool, ent_count); ++ ++ DEBUG_ENT("crediting %d bits => %d\n", ++ ent_count, input_pool.entropy_count); ++ /* ++ * Wake up waiting processes if we have enough ++ * entropy. ++ */ ++ if (input_pool.entropy_count >= random_read_wakeup_thresh) ++ wake_up_interruptible(&random_read_wait); ++} ++EXPORT_SYMBOL(random_input_words); ++ ++/* ++ * random_input_wait - wait until random needs entropy ++ * ++ * this function sleeps until the /dev/random subsystem actually ++ * needs more entropy, and then return the amount of entropy ++ * that it would be nice to have added to the system. ++ */ ++int random_input_wait(void) ++{ ++ int count; ++ ++ wait_event_interruptible(random_write_wait, ++ input_pool.entropy_count < random_write_wakeup_thresh); ++ ++ count = random_write_wakeup_thresh - input_pool.entropy_count; ++ ++ /* likely we got woken up due to a signal */ ++ if (count <= 0) count = random_read_wakeup_thresh; ++ ++ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n", ++ count, ++ input_pool.entropy_count, random_write_wakeup_thresh); ++ ++ return count; ++} ++EXPORT_SYMBOL(random_input_wait); ++ ++ + #define EXTRACT_SIZE 10 + + /********************************************************************* +--- a/fs/fcntl.c ++++ b/fs/fcntl.c +@@ -195,6 +195,7 @@ static int setfl(int fd, struct file * f + out: + return error; + } ++EXPORT_SYMBOL(sys_dup); + + static void f_modown(struct file *filp, struct pid *pid, enum pid_type type, + int force) +--- a/include/linux/miscdevice.h ++++ b/include/linux/miscdevice.h +@@ -12,6 +12,7 @@ + #define APOLLO_MOUSE_MINOR 7 + #define PC110PAD_MINOR 9 + /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */ ++#define CRYPTODEV_MINOR 70 /* /dev/crypto */ + #define WATCHDOG_MINOR 130 /* Watchdog timer */ + #define TEMP_MINOR 131 /* Temperature Sensor */ + #define RTC_MINOR 135 +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -50,6 +50,10 @@ extern void add_input_randomness(unsigne + unsigned int value); + extern void add_interrupt_randomness(int irq); + ++extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count); ++extern int random_input_wait(void); ++#define HAS_RANDOM_INPUT_WAIT 1 ++ + extern void get_random_bytes(void *buf, int nbytes); + void generate_random_uuid(unsigned char uuid_out[16]); + +--- a/kernel/pid.c ++++ b/kernel/pid.c +@@ -387,6 +387,7 @@ struct task_struct *find_task_by_vpid(pi + { + return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); + } ++EXPORT_SYMBOL(find_task_by_vpid); + + struct pid *get_task_pid(struct task_struct *task, enum pid_type type) + { diff --git a/target/linux/generic/patches-2.6.36/970-ocf_kbuild_integration.patch b/target/linux/generic/patches-2.6.36/970-ocf_kbuild_integration.patch index f0ac7cb887a..fb6ee52fd68 100644 --- a/target/linux/generic/patches-2.6.36/970-ocf_kbuild_integration.patch +++ b/target/linux/generic/patches-2.6.36/970-ocf_kbuild_integration.patch @@ -1,6 +1,6 @@ --- a/crypto/Kconfig +++ b/crypto/Kconfig -@@ -849,3 +849,6 @@ config CRYPTO_ANSI_CPRNG +@@ -845,3 +845,6 @@ config CRYPTO_ANSI_CPRNG source "drivers/crypto/Kconfig" endif # if CRYPTO diff --git a/target/linux/generic/patches-2.6.36/971-ocf_20100325.patch b/target/linux/generic/patches-2.6.36/971-ocf_20100325.patch deleted file mode 100644 index ed03aa94397..00000000000 --- a/target/linux/generic/patches-2.6.36/971-ocf_20100325.patch +++ /dev/null @@ -1,170 +0,0 @@ ---- a/drivers/char/random.c -+++ b/drivers/char/random.c -@@ -129,6 +129,9 @@ - * unsigned int value); - * void add_interrupt_randomness(int irq); - * -+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) -+ * int random_input_wait(void); -+ * - * add_input_randomness() uses the input layer interrupt timing, as well as - * the event type information from the hardware. - * -@@ -140,6 +143,13 @@ - * a better measure, since the timing of the disk interrupts are more - * unpredictable. - * -+ * random_input_words() just provides a raw block of entropy to the input -+ * pool, such as from a hardware entropy generator. -+ * -+ * random_input_wait() suspends the caller until such time as the -+ * entropy pool falls below the write threshold, and returns a count of how -+ * much entropy (in bits) is needed to sustain the pool. -+ * - * All of these routines try to estimate how many bits of randomness a - * particular randomness source. They do this by keeping track of the - * first and second order deltas of the event timings. -@@ -715,6 +725,61 @@ void add_disk_randomness(struct gendisk - } - #endif - -+/* -+ * random_input_words - add bulk entropy to pool -+ * -+ * @buf: buffer to add -+ * @wordcount: number of __u32 words to add -+ * @ent_count: total amount of entropy (in bits) to credit -+ * -+ * this provides bulk input of entropy to the input pool -+ * -+ */ -+void random_input_words(__u32 *buf, size_t wordcount, int ent_count) -+{ -+ mix_pool_bytes(&input_pool, buf, wordcount*4); -+ -+ credit_entropy_bits(&input_pool, ent_count); -+ -+ DEBUG_ENT("crediting %d bits => %d\n", -+ ent_count, input_pool.entropy_count); -+ /* -+ * Wake up waiting processes if we have enough -+ * entropy. -+ */ -+ if (input_pool.entropy_count >= random_read_wakeup_thresh) -+ wake_up_interruptible(&random_read_wait); -+} -+EXPORT_SYMBOL(random_input_words); -+ -+/* -+ * random_input_wait - wait until random needs entropy -+ * -+ * this function sleeps until the /dev/random subsystem actually -+ * needs more entropy, and then return the amount of entropy -+ * that it would be nice to have added to the system. -+ */ -+int random_input_wait(void) -+{ -+ int count; -+ -+ wait_event_interruptible(random_write_wait, -+ input_pool.entropy_count < random_write_wakeup_thresh); -+ -+ count = random_write_wakeup_thresh - input_pool.entropy_count; -+ -+ /* likely we got woken up due to a signal */ -+ if (count <= 0) count = random_read_wakeup_thresh; -+ -+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n", -+ count, -+ input_pool.entropy_count, random_write_wakeup_thresh); -+ -+ return count; -+} -+EXPORT_SYMBOL(random_input_wait); -+ -+ - /********************************************************************* - * - * Entropy extraction routines ---- a/fs/fcntl.c -+++ b/fs/fcntl.c -@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde - } - return ret; - } -+EXPORT_SYMBOL(sys_dup); - - #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME) - ---- a/include/linux/miscdevice.h -+++ b/include/linux/miscdevice.h -@@ -18,6 +18,7 @@ - #define APOLLO_MOUSE_MINOR 7 - #define PC110PAD_MINOR 9 - /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */ -+#define CRYPTODEV_MINOR 70 /* /dev/crypto */ - #define WATCHDOG_MINOR 130 /* Watchdog timer */ - #define TEMP_MINOR 131 /* Temperature Sensor */ - #define RTC_MINOR 135 ---- a/include/linux/random.h -+++ b/include/linux/random.h -@@ -9,6 +9,7 @@ - - #include - #include -+#include /* for __u32 in user space */ - #include - - /* ioctl()'s for the random number generator */ -@@ -34,6 +35,30 @@ - /* Clear the entropy pool and associated counters. (Superuser only.) */ - #define RNDCLEARPOOL _IO( 'R', 0x06 ) - -+#ifdef CONFIG_FIPS_RNG -+ -+/* Size of seed value - equal to AES blocksize */ -+#define AES_BLOCK_SIZE_BYTES 16 -+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES -+/* Size of AES key */ -+#define KEY_SIZE_BYTES 16 -+ -+/* ioctl() structure used by FIPS 140-2 Tests */ -+struct rand_fips_test { -+ unsigned char key[KEY_SIZE_BYTES]; /* Input */ -+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */ -+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */ -+ unsigned char result[SEED_SIZE_BYTES]; /* Output */ -+}; -+ -+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */ -+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test) -+ -+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */ -+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test) -+ -+#endif /* #ifdef CONFIG_FIPS_RNG */ -+ - struct rand_pool_info { - int entropy_count; - int buf_size; -@@ -54,6 +79,10 @@ extern void add_input_randomness(unsigne - unsigned int value); - extern void add_interrupt_randomness(int irq); - -+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count); -+extern int random_input_wait(void); -+#define HAS_RANDOM_INPUT_WAIT 1 -+ - extern void get_random_bytes(void *buf, int nbytes); - void generate_random_uuid(unsigned char uuid_out[16]); - ---- a/kernel/pid.c -+++ b/kernel/pid.c -@@ -423,6 +423,7 @@ struct task_struct *find_task_by_vpid(pi - { - return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); - } -+EXPORT_SYMBOL(find_task_by_vpid); - - struct pid *get_task_pid(struct task_struct *task, enum pid_type type) - { diff --git a/target/linux/generic/patches-2.6.36/971-ocf_20110720.patch b/target/linux/generic/patches-2.6.36/971-ocf_20110720.patch new file mode 100644 index 00000000000..45ba1e66b5f --- /dev/null +++ b/target/linux/generic/patches-2.6.36/971-ocf_20110720.patch @@ -0,0 +1,133 @@ +--- a/kernel/pid.c ++++ b/kernel/pid.c +@@ -423,6 +423,7 @@ struct task_struct *find_task_by_vpid(pi + { + return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); + } ++EXPORT_SYMBOL(find_task_by_vpid); + + struct pid *get_task_pid(struct task_struct *task, enum pid_type type) + { +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -129,6 +129,9 @@ + * unsigned int value); + * void add_interrupt_randomness(int irq); + * ++ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) ++ * int random_input_wait(void); ++ * + * add_input_randomness() uses the input layer interrupt timing, as well as + * the event type information from the hardware. + * +@@ -140,6 +143,13 @@ + * a better measure, since the timing of the disk interrupts are more + * unpredictable. + * ++ * random_input_words() just provides a raw block of entropy to the input ++ * pool, such as from a hardware entropy generator. ++ * ++ * random_input_wait() suspends the caller until such time as the ++ * entropy pool falls below the write threshold, and returns a count of how ++ * much entropy (in bits) is needed to sustain the pool. ++ * + * All of these routines try to estimate how many bits of randomness a + * particular randomness source. They do this by keeping track of the + * first and second order deltas of the event timings. +@@ -715,6 +725,63 @@ void add_disk_randomness(struct gendisk + } + #endif + ++/* ++ * random_input_words - add bulk entropy to pool ++ * ++ * @buf: buffer to add ++ * @wordcount: number of __u32 words to add ++ * @ent_count: total amount of entropy (in bits) to credit ++ * ++ * this provides bulk input of entropy to the input pool ++ * ++ */ ++void random_input_words(__u32 *buf, size_t wordcount, int ent_count) ++{ ++ mix_pool_bytes(&input_pool, buf, wordcount*4); ++ ++ credit_entropy_bits(&input_pool, ent_count); ++ ++ DEBUG_ENT("crediting %d bits => %d\n", ++ ent_count, input_pool.entropy_count); ++ /* ++ * Wake up waiting processes if we have enough ++ * entropy. ++ */ ++ if (input_pool.entropy_count >= random_read_wakeup_thresh) ++ wake_up_interruptible(&random_read_wait); ++} ++EXPORT_SYMBOL(random_input_words); ++ ++/* ++ * random_input_wait - wait until random needs entropy ++ * ++ * this function sleeps until the /dev/random subsystem actually ++ * needs more entropy, and then return the amount of entropy ++ * that it would be nice to have added to the system. ++ */ ++int random_input_wait(void) ++{ ++ int count; ++ ++ wait_event_interruptible(random_write_wait, ++ input_pool.entropy_count < random_write_wakeup_thresh); ++ ++ count = random_write_wakeup_thresh - input_pool.entropy_count; ++ ++ /* likely we got woken up due to a signal */ ++ if (count <= 0) count = random_read_wakeup_thresh; ++ ++ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n", ++ count, ++ input_pool.entropy_count, random_write_wakeup_thresh); ++ ++ return count; ++} ++EXPORT_SYMBOL(random_input_wait); ++ ++ ++#define EXTRACT_SIZE 10 ++ + /********************************************************************* + * + * Entropy extraction routines +--- a/fs/fcntl.c ++++ b/fs/fcntl.c +@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde + } + return ret; + } ++EXPORT_SYMBOL(sys_dup); + + #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME) + +--- a/include/linux/miscdevice.h ++++ b/include/linux/miscdevice.h +@@ -18,6 +18,7 @@ + #define APOLLO_MOUSE_MINOR 7 + #define PC110PAD_MINOR 9 + /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */ ++#define CRYPTODEV_MINOR 70 /* /dev/crypto */ + #define WATCHDOG_MINOR 130 /* Watchdog timer */ + #define TEMP_MINOR 131 /* Temperature Sensor */ + #define RTC_MINOR 135 +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -54,6 +54,10 @@ extern void add_input_randomness(unsigne + unsigned int value); + extern void add_interrupt_randomness(int irq); + ++extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count); ++extern int random_input_wait(void); ++#define HAS_RANDOM_INPUT_WAIT 1 ++ + extern void get_random_bytes(void *buf, int nbytes); + void generate_random_uuid(unsigned char uuid_out[16]); + diff --git a/target/linux/generic/patches-2.6.37/941-ocf_20100325.patch b/target/linux/generic/patches-2.6.37/941-ocf_20100325.patch deleted file mode 100644 index 410384c28f0..00000000000 --- a/target/linux/generic/patches-2.6.37/941-ocf_20100325.patch +++ /dev/null @@ -1,170 +0,0 @@ ---- a/drivers/char/random.c -+++ b/drivers/char/random.c -@@ -129,6 +129,9 @@ - * unsigned int value); - * void add_interrupt_randomness(int irq); - * -+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) -+ * int random_input_wait(void); -+ * - * add_input_randomness() uses the input layer interrupt timing, as well as - * the event type information from the hardware. - * -@@ -140,6 +143,13 @@ - * a better measure, since the timing of the disk interrupts are more - * unpredictable. - * -+ * random_input_words() just provides a raw block of entropy to the input -+ * pool, such as from a hardware entropy generator. -+ * -+ * random_input_wait() suspends the caller until such time as the -+ * entropy pool falls below the write threshold, and returns a count of how -+ * much entropy (in bits) is needed to sustain the pool. -+ * - * All of these routines try to estimate how many bits of randomness a - * particular randomness source. They do this by keeping track of the - * first and second order deltas of the event timings. -@@ -715,6 +725,61 @@ void add_disk_randomness(struct gendisk - } - #endif - -+/* -+ * random_input_words - add bulk entropy to pool -+ * -+ * @buf: buffer to add -+ * @wordcount: number of __u32 words to add -+ * @ent_count: total amount of entropy (in bits) to credit -+ * -+ * this provides bulk input of entropy to the input pool -+ * -+ */ -+void random_input_words(__u32 *buf, size_t wordcount, int ent_count) -+{ -+ mix_pool_bytes(&input_pool, buf, wordcount*4); -+ -+ credit_entropy_bits(&input_pool, ent_count); -+ -+ DEBUG_ENT("crediting %d bits => %d\n", -+ ent_count, input_pool.entropy_count); -+ /* -+ * Wake up waiting processes if we have enough -+ * entropy. -+ */ -+ if (input_pool.entropy_count >= random_read_wakeup_thresh) -+ wake_up_interruptible(&random_read_wait); -+} -+EXPORT_SYMBOL(random_input_words); -+ -+/* -+ * random_input_wait - wait until random needs entropy -+ * -+ * this function sleeps until the /dev/random subsystem actually -+ * needs more entropy, and then return the amount of entropy -+ * that it would be nice to have added to the system. -+ */ -+int random_input_wait(void) -+{ -+ int count; -+ -+ wait_event_interruptible(random_write_wait, -+ input_pool.entropy_count < random_write_wakeup_thresh); -+ -+ count = random_write_wakeup_thresh - input_pool.entropy_count; -+ -+ /* likely we got woken up due to a signal */ -+ if (count <= 0) count = random_read_wakeup_thresh; -+ -+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n", -+ count, -+ input_pool.entropy_count, random_write_wakeup_thresh); -+ -+ return count; -+} -+EXPORT_SYMBOL(random_input_wait); -+ -+ - /********************************************************************* - * - * Entropy extraction routines ---- a/fs/fcntl.c -+++ b/fs/fcntl.c -@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde - } - return ret; - } -+EXPORT_SYMBOL(sys_dup); - - #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME) - ---- a/include/linux/miscdevice.h -+++ b/include/linux/miscdevice.h -@@ -18,6 +18,7 @@ - #define APOLLO_MOUSE_MINOR 7 - #define PC110PAD_MINOR 9 - /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */ -+#define CRYPTODEV_MINOR 70 /* /dev/crypto */ - #define WATCHDOG_MINOR 130 /* Watchdog timer */ - #define TEMP_MINOR 131 /* Temperature Sensor */ - #define RTC_MINOR 135 ---- a/include/linux/random.h -+++ b/include/linux/random.h -@@ -9,6 +9,7 @@ - - #include - #include -+#include /* for __u32 in user space */ - #include - - /* ioctl()'s for the random number generator */ -@@ -34,6 +35,30 @@ - /* Clear the entropy pool and associated counters. (Superuser only.) */ - #define RNDCLEARPOOL _IO( 'R', 0x06 ) - -+#ifdef CONFIG_FIPS_RNG -+ -+/* Size of seed value - equal to AES blocksize */ -+#define AES_BLOCK_SIZE_BYTES 16 -+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES -+/* Size of AES key */ -+#define KEY_SIZE_BYTES 16 -+ -+/* ioctl() structure used by FIPS 140-2 Tests */ -+struct rand_fips_test { -+ unsigned char key[KEY_SIZE_BYTES]; /* Input */ -+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */ -+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */ -+ unsigned char result[SEED_SIZE_BYTES]; /* Output */ -+}; -+ -+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */ -+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test) -+ -+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */ -+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test) -+ -+#endif /* #ifdef CONFIG_FIPS_RNG */ -+ - struct rand_pool_info { - int entropy_count; - int buf_size; -@@ -54,6 +79,10 @@ extern void add_input_randomness(unsigne - unsigned int value); - extern void add_interrupt_randomness(int irq); - -+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count); -+extern int random_input_wait(void); -+#define HAS_RANDOM_INPUT_WAIT 1 -+ - extern void get_random_bytes(void *buf, int nbytes); - void generate_random_uuid(unsigned char uuid_out[16]); - ---- a/kernel/pid.c -+++ b/kernel/pid.c -@@ -424,6 +424,7 @@ struct task_struct *find_task_by_vpid(pi - { - return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); - } -+EXPORT_SYMBOL(find_task_by_vpid); - - struct pid *get_task_pid(struct task_struct *task, enum pid_type type) - { diff --git a/target/linux/generic/patches-2.6.37/941-ocf_20110720.patch b/target/linux/generic/patches-2.6.37/941-ocf_20110720.patch new file mode 100644 index 00000000000..53aa81cf620 --- /dev/null +++ b/target/linux/generic/patches-2.6.37/941-ocf_20110720.patch @@ -0,0 +1,133 @@ +--- a/kernel/pid.c ++++ b/kernel/pid.c +@@ -424,6 +424,7 @@ struct task_struct *find_task_by_vpid(pi + { + return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); + } ++EXPORT_SYMBOL(find_task_by_vpid); + + struct pid *get_task_pid(struct task_struct *task, enum pid_type type) + { +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -129,6 +129,9 @@ + * unsigned int value); + * void add_interrupt_randomness(int irq); + * ++ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) ++ * int random_input_wait(void); ++ * + * add_input_randomness() uses the input layer interrupt timing, as well as + * the event type information from the hardware. + * +@@ -140,6 +143,13 @@ + * a better measure, since the timing of the disk interrupts are more + * unpredictable. + * ++ * random_input_words() just provides a raw block of entropy to the input ++ * pool, such as from a hardware entropy generator. ++ * ++ * random_input_wait() suspends the caller until such time as the ++ * entropy pool falls below the write threshold, and returns a count of how ++ * much entropy (in bits) is needed to sustain the pool. ++ * + * All of these routines try to estimate how many bits of randomness a + * particular randomness source. They do this by keeping track of the + * first and second order deltas of the event timings. +@@ -715,6 +725,63 @@ void add_disk_randomness(struct gendisk + } + #endif + ++/* ++ * random_input_words - add bulk entropy to pool ++ * ++ * @buf: buffer to add ++ * @wordcount: number of __u32 words to add ++ * @ent_count: total amount of entropy (in bits) to credit ++ * ++ * this provides bulk input of entropy to the input pool ++ * ++ */ ++void random_input_words(__u32 *buf, size_t wordcount, int ent_count) ++{ ++ mix_pool_bytes(&input_pool, buf, wordcount*4); ++ ++ credit_entropy_bits(&input_pool, ent_count); ++ ++ DEBUG_ENT("crediting %d bits => %d\n", ++ ent_count, input_pool.entropy_count); ++ /* ++ * Wake up waiting processes if we have enough ++ * entropy. ++ */ ++ if (input_pool.entropy_count >= random_read_wakeup_thresh) ++ wake_up_interruptible(&random_read_wait); ++} ++EXPORT_SYMBOL(random_input_words); ++ ++/* ++ * random_input_wait - wait until random needs entropy ++ * ++ * this function sleeps until the /dev/random subsystem actually ++ * needs more entropy, and then return the amount of entropy ++ * that it would be nice to have added to the system. ++ */ ++int random_input_wait(void) ++{ ++ int count; ++ ++ wait_event_interruptible(random_write_wait, ++ input_pool.entropy_count < random_write_wakeup_thresh); ++ ++ count = random_write_wakeup_thresh - input_pool.entropy_count; ++ ++ /* likely we got woken up due to a signal */ ++ if (count <= 0) count = random_read_wakeup_thresh; ++ ++ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n", ++ count, ++ input_pool.entropy_count, random_write_wakeup_thresh); ++ ++ return count; ++} ++EXPORT_SYMBOL(random_input_wait); ++ ++ ++#define EXTRACT_SIZE 10 ++ + /********************************************************************* + * + * Entropy extraction routines +--- a/fs/fcntl.c ++++ b/fs/fcntl.c +@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde + } + return ret; + } ++EXPORT_SYMBOL(sys_dup); + + #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME) + +--- a/include/linux/miscdevice.h ++++ b/include/linux/miscdevice.h +@@ -18,6 +18,7 @@ + #define APOLLO_MOUSE_MINOR 7 + #define PC110PAD_MINOR 9 + /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */ ++#define CRYPTODEV_MINOR 70 /* /dev/crypto */ + #define WATCHDOG_MINOR 130 /* Watchdog timer */ + #define TEMP_MINOR 131 /* Temperature Sensor */ + #define RTC_MINOR 135 +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -54,6 +54,10 @@ extern void add_input_randomness(unsigne + unsigned int value); + extern void add_interrupt_randomness(int irq); + ++extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count); ++extern int random_input_wait(void); ++#define HAS_RANDOM_INPUT_WAIT 1 ++ + extern void get_random_bytes(void *buf, int nbytes); + void generate_random_uuid(unsigned char uuid_out[16]); + diff --git a/target/linux/generic/patches-2.6.38/941-ocf_20100325.patch b/target/linux/generic/patches-2.6.38/941-ocf_20100325.patch deleted file mode 100644 index deab36bc317..00000000000 --- a/target/linux/generic/patches-2.6.38/941-ocf_20100325.patch +++ /dev/null @@ -1,170 +0,0 @@ ---- a/drivers/char/random.c -+++ b/drivers/char/random.c -@@ -129,6 +129,9 @@ - * unsigned int value); - * void add_interrupt_randomness(int irq); - * -+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) -+ * int random_input_wait(void); -+ * - * add_input_randomness() uses the input layer interrupt timing, as well as - * the event type information from the hardware. - * -@@ -140,6 +143,13 @@ - * a better measure, since the timing of the disk interrupts are more - * unpredictable. - * -+ * random_input_words() just provides a raw block of entropy to the input -+ * pool, such as from a hardware entropy generator. -+ * -+ * random_input_wait() suspends the caller until such time as the -+ * entropy pool falls below the write threshold, and returns a count of how -+ * much entropy (in bits) is needed to sustain the pool. -+ * - * All of these routines try to estimate how many bits of randomness a - * particular randomness source. They do this by keeping track of the - * first and second order deltas of the event timings. -@@ -715,6 +725,61 @@ void add_disk_randomness(struct gendisk - } - #endif - -+/* -+ * random_input_words - add bulk entropy to pool -+ * -+ * @buf: buffer to add -+ * @wordcount: number of __u32 words to add -+ * @ent_count: total amount of entropy (in bits) to credit -+ * -+ * this provides bulk input of entropy to the input pool -+ * -+ */ -+void random_input_words(__u32 *buf, size_t wordcount, int ent_count) -+{ -+ mix_pool_bytes(&input_pool, buf, wordcount*4); -+ -+ credit_entropy_bits(&input_pool, ent_count); -+ -+ DEBUG_ENT("crediting %d bits => %d\n", -+ ent_count, input_pool.entropy_count); -+ /* -+ * Wake up waiting processes if we have enough -+ * entropy. -+ */ -+ if (input_pool.entropy_count >= random_read_wakeup_thresh) -+ wake_up_interruptible(&random_read_wait); -+} -+EXPORT_SYMBOL(random_input_words); -+ -+/* -+ * random_input_wait - wait until random needs entropy -+ * -+ * this function sleeps until the /dev/random subsystem actually -+ * needs more entropy, and then return the amount of entropy -+ * that it would be nice to have added to the system. -+ */ -+int random_input_wait(void) -+{ -+ int count; -+ -+ wait_event_interruptible(random_write_wait, -+ input_pool.entropy_count < random_write_wakeup_thresh); -+ -+ count = random_write_wakeup_thresh - input_pool.entropy_count; -+ -+ /* likely we got woken up due to a signal */ -+ if (count <= 0) count = random_read_wakeup_thresh; -+ -+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n", -+ count, -+ input_pool.entropy_count, random_write_wakeup_thresh); -+ -+ return count; -+} -+EXPORT_SYMBOL(random_input_wait); -+ -+ - /********************************************************************* - * - * Entropy extraction routines ---- a/fs/fcntl.c -+++ b/fs/fcntl.c -@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde - } - return ret; - } -+EXPORT_SYMBOL(sys_dup); - - #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME) - ---- a/include/linux/miscdevice.h -+++ b/include/linux/miscdevice.h -@@ -18,6 +18,7 @@ - #define APOLLO_MOUSE_MINOR 7 - #define PC110PAD_MINOR 9 - /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */ -+#define CRYPTODEV_MINOR 70 /* /dev/crypto */ - #define WATCHDOG_MINOR 130 /* Watchdog timer */ - #define TEMP_MINOR 131 /* Temperature Sensor */ - #define RTC_MINOR 135 ---- a/include/linux/random.h -+++ b/include/linux/random.h -@@ -9,6 +9,7 @@ - - #include - #include -+#include /* for __u32 in user space */ - #include - - /* ioctl()'s for the random number generator */ -@@ -34,6 +35,30 @@ - /* Clear the entropy pool and associated counters. (Superuser only.) */ - #define RNDCLEARPOOL _IO( 'R', 0x06 ) - -+#ifdef CONFIG_FIPS_RNG -+ -+/* Size of seed value - equal to AES blocksize */ -+#define AES_BLOCK_SIZE_BYTES 16 -+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES -+/* Size of AES key */ -+#define KEY_SIZE_BYTES 16 -+ -+/* ioctl() structure used by FIPS 140-2 Tests */ -+struct rand_fips_test { -+ unsigned char key[KEY_SIZE_BYTES]; /* Input */ -+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */ -+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */ -+ unsigned char result[SEED_SIZE_BYTES]; /* Output */ -+}; -+ -+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */ -+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test) -+ -+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */ -+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test) -+ -+#endif /* #ifdef CONFIG_FIPS_RNG */ -+ - struct rand_pool_info { - int entropy_count; - int buf_size; -@@ -54,6 +79,10 @@ extern void add_input_randomness(unsigne - unsigned int value); - extern void add_interrupt_randomness(int irq); - -+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count); -+extern int random_input_wait(void); -+#define HAS_RANDOM_INPUT_WAIT 1 -+ - extern void get_random_bytes(void *buf, int nbytes); - void generate_random_uuid(unsigned char uuid_out[16]); - ---- a/kernel/pid.c -+++ b/kernel/pid.c -@@ -427,6 +427,7 @@ struct task_struct *find_task_by_vpid(pi - { - return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); - } -+EXPORT_SYMBOL(find_task_by_vpid); - - struct pid *get_task_pid(struct task_struct *task, enum pid_type type) - { diff --git a/target/linux/generic/patches-2.6.38/941-ocf_20110720.patch b/target/linux/generic/patches-2.6.38/941-ocf_20110720.patch new file mode 100644 index 00000000000..d52cc9882e4 --- /dev/null +++ b/target/linux/generic/patches-2.6.38/941-ocf_20110720.patch @@ -0,0 +1,133 @@ +--- a/kernel/pid.c ++++ b/kernel/pid.c +@@ -427,6 +427,7 @@ struct task_struct *find_task_by_vpid(pi + { + return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); + } ++EXPORT_SYMBOL(find_task_by_vpid); + + struct pid *get_task_pid(struct task_struct *task, enum pid_type type) + { +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -129,6 +129,9 @@ + * unsigned int value); + * void add_interrupt_randomness(int irq); + * ++ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) ++ * int random_input_wait(void); ++ * + * add_input_randomness() uses the input layer interrupt timing, as well as + * the event type information from the hardware. + * +@@ -140,6 +143,13 @@ + * a better measure, since the timing of the disk interrupts are more + * unpredictable. + * ++ * random_input_words() just provides a raw block of entropy to the input ++ * pool, such as from a hardware entropy generator. ++ * ++ * random_input_wait() suspends the caller until such time as the ++ * entropy pool falls below the write threshold, and returns a count of how ++ * much entropy (in bits) is needed to sustain the pool. ++ * + * All of these routines try to estimate how many bits of randomness a + * particular randomness source. They do this by keeping track of the + * first and second order deltas of the event timings. +@@ -715,6 +725,63 @@ void add_disk_randomness(struct gendisk + } + #endif + ++/* ++ * random_input_words - add bulk entropy to pool ++ * ++ * @buf: buffer to add ++ * @wordcount: number of __u32 words to add ++ * @ent_count: total amount of entropy (in bits) to credit ++ * ++ * this provides bulk input of entropy to the input pool ++ * ++ */ ++void random_input_words(__u32 *buf, size_t wordcount, int ent_count) ++{ ++ mix_pool_bytes(&input_pool, buf, wordcount*4); ++ ++ credit_entropy_bits(&input_pool, ent_count); ++ ++ DEBUG_ENT("crediting %d bits => %d\n", ++ ent_count, input_pool.entropy_count); ++ /* ++ * Wake up waiting processes if we have enough ++ * entropy. ++ */ ++ if (input_pool.entropy_count >= random_read_wakeup_thresh) ++ wake_up_interruptible(&random_read_wait); ++} ++EXPORT_SYMBOL(random_input_words); ++ ++/* ++ * random_input_wait - wait until random needs entropy ++ * ++ * this function sleeps until the /dev/random subsystem actually ++ * needs more entropy, and then return the amount of entropy ++ * that it would be nice to have added to the system. ++ */ ++int random_input_wait(void) ++{ ++ int count; ++ ++ wait_event_interruptible(random_write_wait, ++ input_pool.entropy_count < random_write_wakeup_thresh); ++ ++ count = random_write_wakeup_thresh - input_pool.entropy_count; ++ ++ /* likely we got woken up due to a signal */ ++ if (count <= 0) count = random_read_wakeup_thresh; ++ ++ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n", ++ count, ++ input_pool.entropy_count, random_write_wakeup_thresh); ++ ++ return count; ++} ++EXPORT_SYMBOL(random_input_wait); ++ ++ ++#define EXTRACT_SIZE 10 ++ + /********************************************************************* + * + * Entropy extraction routines +--- a/fs/fcntl.c ++++ b/fs/fcntl.c +@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde + } + return ret; + } ++EXPORT_SYMBOL(sys_dup); + + #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME) + +--- a/include/linux/miscdevice.h ++++ b/include/linux/miscdevice.h +@@ -18,6 +18,7 @@ + #define APOLLO_MOUSE_MINOR 7 + #define PC110PAD_MINOR 9 + /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */ ++#define CRYPTODEV_MINOR 70 /* /dev/crypto */ + #define WATCHDOG_MINOR 130 /* Watchdog timer */ + #define TEMP_MINOR 131 /* Temperature Sensor */ + #define RTC_MINOR 135 +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -54,6 +54,10 @@ extern void add_input_randomness(unsigne + unsigned int value); + extern void add_interrupt_randomness(int irq); + ++extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count); ++extern int random_input_wait(void); ++#define HAS_RANDOM_INPUT_WAIT 1 ++ + extern void get_random_bytes(void *buf, int nbytes); + void generate_random_uuid(unsigned char uuid_out[16]); + diff --git a/target/linux/generic/patches-2.6.39/941-ocf_20100325.patch b/target/linux/generic/patches-2.6.39/941-ocf_20100325.patch deleted file mode 100644 index e640bc1c556..00000000000 --- a/target/linux/generic/patches-2.6.39/941-ocf_20100325.patch +++ /dev/null @@ -1,170 +0,0 @@ ---- a/drivers/char/random.c -+++ b/drivers/char/random.c -@@ -130,6 +130,9 @@ - * void add_interrupt_randomness(int irq); - * void add_disk_randomness(struct gendisk *disk); - * -+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) -+ * int random_input_wait(void); -+ * - * add_input_randomness() uses the input layer interrupt timing, as well as - * the event type information from the hardware. - * -@@ -147,6 +150,13 @@ - * seek times do not make for good sources of entropy, as their seek - * times are usually fairly consistent. - * -+ * random_input_words() just provides a raw block of entropy to the input -+ * pool, such as from a hardware entropy generator. -+ * -+ * random_input_wait() suspends the caller until such time as the -+ * entropy pool falls below the write threshold, and returns a count of how -+ * much entropy (in bits) is needed to sustain the pool. -+ * - * All of these routines try to estimate how many bits of randomness a - * particular randomness source. They do this by keeping track of the - * first and second order deltas of the event timings. -@@ -722,6 +732,61 @@ void add_disk_randomness(struct gendisk - } - #endif - -+/* -+ * random_input_words - add bulk entropy to pool -+ * -+ * @buf: buffer to add -+ * @wordcount: number of __u32 words to add -+ * @ent_count: total amount of entropy (in bits) to credit -+ * -+ * this provides bulk input of entropy to the input pool -+ * -+ */ -+void random_input_words(__u32 *buf, size_t wordcount, int ent_count) -+{ -+ mix_pool_bytes(&input_pool, buf, wordcount*4); -+ -+ credit_entropy_bits(&input_pool, ent_count); -+ -+ DEBUG_ENT("crediting %d bits => %d\n", -+ ent_count, input_pool.entropy_count); -+ /* -+ * Wake up waiting processes if we have enough -+ * entropy. -+ */ -+ if (input_pool.entropy_count >= random_read_wakeup_thresh) -+ wake_up_interruptible(&random_read_wait); -+} -+EXPORT_SYMBOL(random_input_words); -+ -+/* -+ * random_input_wait - wait until random needs entropy -+ * -+ * this function sleeps until the /dev/random subsystem actually -+ * needs more entropy, and then return the amount of entropy -+ * that it would be nice to have added to the system. -+ */ -+int random_input_wait(void) -+{ -+ int count; -+ -+ wait_event_interruptible(random_write_wait, -+ input_pool.entropy_count < random_write_wakeup_thresh); -+ -+ count = random_write_wakeup_thresh - input_pool.entropy_count; -+ -+ /* likely we got woken up due to a signal */ -+ if (count <= 0) count = random_read_wakeup_thresh; -+ -+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n", -+ count, -+ input_pool.entropy_count, random_write_wakeup_thresh); -+ -+ return count; -+} -+EXPORT_SYMBOL(random_input_wait); -+ -+ - /********************************************************************* - * - * Entropy extraction routines ---- a/fs/fcntl.c -+++ b/fs/fcntl.c -@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde - } - return ret; - } -+EXPORT_SYMBOL(sys_dup); - - #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME) - ---- a/include/linux/miscdevice.h -+++ b/include/linux/miscdevice.h -@@ -18,6 +18,7 @@ - #define APOLLO_MOUSE_MINOR 7 - #define PC110PAD_MINOR 9 - /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */ -+#define CRYPTODEV_MINOR 70 /* /dev/crypto */ - #define WATCHDOG_MINOR 130 /* Watchdog timer */ - #define TEMP_MINOR 131 /* Temperature Sensor */ - #define RTC_MINOR 135 ---- a/include/linux/random.h -+++ b/include/linux/random.h -@@ -9,6 +9,7 @@ - - #include - #include -+#include /* for __u32 in user space */ - #include - - /* ioctl()'s for the random number generator */ -@@ -34,6 +35,30 @@ - /* Clear the entropy pool and associated counters. (Superuser only.) */ - #define RNDCLEARPOOL _IO( 'R', 0x06 ) - -+#ifdef CONFIG_FIPS_RNG -+ -+/* Size of seed value - equal to AES blocksize */ -+#define AES_BLOCK_SIZE_BYTES 16 -+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES -+/* Size of AES key */ -+#define KEY_SIZE_BYTES 16 -+ -+/* ioctl() structure used by FIPS 140-2 Tests */ -+struct rand_fips_test { -+ unsigned char key[KEY_SIZE_BYTES]; /* Input */ -+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */ -+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */ -+ unsigned char result[SEED_SIZE_BYTES]; /* Output */ -+}; -+ -+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */ -+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test) -+ -+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */ -+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test) -+ -+#endif /* #ifdef CONFIG_FIPS_RNG */ -+ - struct rand_pool_info { - int entropy_count; - int buf_size; -@@ -54,6 +79,10 @@ extern void add_input_randomness(unsigne - unsigned int value); - extern void add_interrupt_randomness(int irq); - -+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count); -+extern int random_input_wait(void); -+#define HAS_RANDOM_INPUT_WAIT 1 -+ - extern void get_random_bytes(void *buf, int nbytes); - void generate_random_uuid(unsigned char uuid_out[16]); - ---- a/kernel/pid.c -+++ b/kernel/pid.c -@@ -427,6 +427,7 @@ struct task_struct *find_task_by_vpid(pi - { - return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); - } -+EXPORT_SYMBOL(find_task_by_vpid); - - struct pid *get_task_pid(struct task_struct *task, enum pid_type type) - { diff --git a/target/linux/generic/patches-2.6.39/941-ocf_20110720.patch b/target/linux/generic/patches-2.6.39/941-ocf_20110720.patch new file mode 100644 index 00000000000..a2045ab0590 --- /dev/null +++ b/target/linux/generic/patches-2.6.39/941-ocf_20110720.patch @@ -0,0 +1,133 @@ +--- a/kernel/pid.c ++++ b/kernel/pid.c +@@ -427,6 +427,7 @@ struct task_struct *find_task_by_vpid(pi + { + return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); + } ++EXPORT_SYMBOL(find_task_by_vpid); + + struct pid *get_task_pid(struct task_struct *task, enum pid_type type) + { +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -130,6 +130,9 @@ + * void add_interrupt_randomness(int irq); + * void add_disk_randomness(struct gendisk *disk); + * ++ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) ++ * int random_input_wait(void); ++ * + * add_input_randomness() uses the input layer interrupt timing, as well as + * the event type information from the hardware. + * +@@ -147,6 +150,13 @@ + * seek times do not make for good sources of entropy, as their seek + * times are usually fairly consistent. + * ++ * random_input_words() just provides a raw block of entropy to the input ++ * pool, such as from a hardware entropy generator. ++ * ++ * random_input_wait() suspends the caller until such time as the ++ * entropy pool falls below the write threshold, and returns a count of how ++ * much entropy (in bits) is needed to sustain the pool. ++ * + * All of these routines try to estimate how many bits of randomness a + * particular randomness source. They do this by keeping track of the + * first and second order deltas of the event timings. +@@ -722,6 +732,63 @@ void add_disk_randomness(struct gendisk + } + #endif + ++/* ++ * random_input_words - add bulk entropy to pool ++ * ++ * @buf: buffer to add ++ * @wordcount: number of __u32 words to add ++ * @ent_count: total amount of entropy (in bits) to credit ++ * ++ * this provides bulk input of entropy to the input pool ++ * ++ */ ++void random_input_words(__u32 *buf, size_t wordcount, int ent_count) ++{ ++ mix_pool_bytes(&input_pool, buf, wordcount*4); ++ ++ credit_entropy_bits(&input_pool, ent_count); ++ ++ DEBUG_ENT("crediting %d bits => %d\n", ++ ent_count, input_pool.entropy_count); ++ /* ++ * Wake up waiting processes if we have enough ++ * entropy. ++ */ ++ if (input_pool.entropy_count >= random_read_wakeup_thresh) ++ wake_up_interruptible(&random_read_wait); ++} ++EXPORT_SYMBOL(random_input_words); ++ ++/* ++ * random_input_wait - wait until random needs entropy ++ * ++ * this function sleeps until the /dev/random subsystem actually ++ * needs more entropy, and then return the amount of entropy ++ * that it would be nice to have added to the system. ++ */ ++int random_input_wait(void) ++{ ++ int count; ++ ++ wait_event_interruptible(random_write_wait, ++ input_pool.entropy_count < random_write_wakeup_thresh); ++ ++ count = random_write_wakeup_thresh - input_pool.entropy_count; ++ ++ /* likely we got woken up due to a signal */ ++ if (count <= 0) count = random_read_wakeup_thresh; ++ ++ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n", ++ count, ++ input_pool.entropy_count, random_write_wakeup_thresh); ++ ++ return count; ++} ++EXPORT_SYMBOL(random_input_wait); ++ ++ ++#define EXTRACT_SIZE 10 ++ + /********************************************************************* + * + * Entropy extraction routines +--- a/fs/fcntl.c ++++ b/fs/fcntl.c +@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde + } + return ret; + } ++EXPORT_SYMBOL(sys_dup); + + #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME) + +--- a/include/linux/miscdevice.h ++++ b/include/linux/miscdevice.h +@@ -18,6 +18,7 @@ + #define APOLLO_MOUSE_MINOR 7 + #define PC110PAD_MINOR 9 + /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */ ++#define CRYPTODEV_MINOR 70 /* /dev/crypto */ + #define WATCHDOG_MINOR 130 /* Watchdog timer */ + #define TEMP_MINOR 131 /* Temperature Sensor */ + #define RTC_MINOR 135 +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -54,6 +54,10 @@ extern void add_input_randomness(unsigne + unsigned int value); + extern void add_interrupt_randomness(int irq); + ++extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count); ++extern int random_input_wait(void); ++#define HAS_RANDOM_INPUT_WAIT 1 ++ + extern void get_random_bytes(void *buf, int nbytes); + void generate_random_uuid(unsigned char uuid_out[16]); + diff --git a/target/linux/generic/patches-3.0/941-ocf_20100325.patch b/target/linux/generic/patches-3.0/941-ocf_20100325.patch deleted file mode 100644 index e640bc1c556..00000000000 --- a/target/linux/generic/patches-3.0/941-ocf_20100325.patch +++ /dev/null @@ -1,170 +0,0 @@ ---- a/drivers/char/random.c -+++ b/drivers/char/random.c -@@ -130,6 +130,9 @@ - * void add_interrupt_randomness(int irq); - * void add_disk_randomness(struct gendisk *disk); - * -+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) -+ * int random_input_wait(void); -+ * - * add_input_randomness() uses the input layer interrupt timing, as well as - * the event type information from the hardware. - * -@@ -147,6 +150,13 @@ - * seek times do not make for good sources of entropy, as their seek - * times are usually fairly consistent. - * -+ * random_input_words() just provides a raw block of entropy to the input -+ * pool, such as from a hardware entropy generator. -+ * -+ * random_input_wait() suspends the caller until such time as the -+ * entropy pool falls below the write threshold, and returns a count of how -+ * much entropy (in bits) is needed to sustain the pool. -+ * - * All of these routines try to estimate how many bits of randomness a - * particular randomness source. They do this by keeping track of the - * first and second order deltas of the event timings. -@@ -722,6 +732,61 @@ void add_disk_randomness(struct gendisk - } - #endif - -+/* -+ * random_input_words - add bulk entropy to pool -+ * -+ * @buf: buffer to add -+ * @wordcount: number of __u32 words to add -+ * @ent_count: total amount of entropy (in bits) to credit -+ * -+ * this provides bulk input of entropy to the input pool -+ * -+ */ -+void random_input_words(__u32 *buf, size_t wordcount, int ent_count) -+{ -+ mix_pool_bytes(&input_pool, buf, wordcount*4); -+ -+ credit_entropy_bits(&input_pool, ent_count); -+ -+ DEBUG_ENT("crediting %d bits => %d\n", -+ ent_count, input_pool.entropy_count); -+ /* -+ * Wake up waiting processes if we have enough -+ * entropy. -+ */ -+ if (input_pool.entropy_count >= random_read_wakeup_thresh) -+ wake_up_interruptible(&random_read_wait); -+} -+EXPORT_SYMBOL(random_input_words); -+ -+/* -+ * random_input_wait - wait until random needs entropy -+ * -+ * this function sleeps until the /dev/random subsystem actually -+ * needs more entropy, and then return the amount of entropy -+ * that it would be nice to have added to the system. -+ */ -+int random_input_wait(void) -+{ -+ int count; -+ -+ wait_event_interruptible(random_write_wait, -+ input_pool.entropy_count < random_write_wakeup_thresh); -+ -+ count = random_write_wakeup_thresh - input_pool.entropy_count; -+ -+ /* likely we got woken up due to a signal */ -+ if (count <= 0) count = random_read_wakeup_thresh; -+ -+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n", -+ count, -+ input_pool.entropy_count, random_write_wakeup_thresh); -+ -+ return count; -+} -+EXPORT_SYMBOL(random_input_wait); -+ -+ - /********************************************************************* - * - * Entropy extraction routines ---- a/fs/fcntl.c -+++ b/fs/fcntl.c -@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde - } - return ret; - } -+EXPORT_SYMBOL(sys_dup); - - #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME) - ---- a/include/linux/miscdevice.h -+++ b/include/linux/miscdevice.h -@@ -18,6 +18,7 @@ - #define APOLLO_MOUSE_MINOR 7 - #define PC110PAD_MINOR 9 - /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */ -+#define CRYPTODEV_MINOR 70 /* /dev/crypto */ - #define WATCHDOG_MINOR 130 /* Watchdog timer */ - #define TEMP_MINOR 131 /* Temperature Sensor */ - #define RTC_MINOR 135 ---- a/include/linux/random.h -+++ b/include/linux/random.h -@@ -9,6 +9,7 @@ - - #include - #include -+#include /* for __u32 in user space */ - #include - - /* ioctl()'s for the random number generator */ -@@ -34,6 +35,30 @@ - /* Clear the entropy pool and associated counters. (Superuser only.) */ - #define RNDCLEARPOOL _IO( 'R', 0x06 ) - -+#ifdef CONFIG_FIPS_RNG -+ -+/* Size of seed value - equal to AES blocksize */ -+#define AES_BLOCK_SIZE_BYTES 16 -+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES -+/* Size of AES key */ -+#define KEY_SIZE_BYTES 16 -+ -+/* ioctl() structure used by FIPS 140-2 Tests */ -+struct rand_fips_test { -+ unsigned char key[KEY_SIZE_BYTES]; /* Input */ -+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */ -+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */ -+ unsigned char result[SEED_SIZE_BYTES]; /* Output */ -+}; -+ -+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */ -+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test) -+ -+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */ -+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test) -+ -+#endif /* #ifdef CONFIG_FIPS_RNG */ -+ - struct rand_pool_info { - int entropy_count; - int buf_size; -@@ -54,6 +79,10 @@ extern void add_input_randomness(unsigne - unsigned int value); - extern void add_interrupt_randomness(int irq); - -+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count); -+extern int random_input_wait(void); -+#define HAS_RANDOM_INPUT_WAIT 1 -+ - extern void get_random_bytes(void *buf, int nbytes); - void generate_random_uuid(unsigned char uuid_out[16]); - ---- a/kernel/pid.c -+++ b/kernel/pid.c -@@ -427,6 +427,7 @@ struct task_struct *find_task_by_vpid(pi - { - return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); - } -+EXPORT_SYMBOL(find_task_by_vpid); - - struct pid *get_task_pid(struct task_struct *task, enum pid_type type) - { diff --git a/target/linux/generic/patches-3.0/941-ocf_20110720.patch b/target/linux/generic/patches-3.0/941-ocf_20110720.patch new file mode 100644 index 00000000000..a2045ab0590 --- /dev/null +++ b/target/linux/generic/patches-3.0/941-ocf_20110720.patch @@ -0,0 +1,133 @@ +--- a/kernel/pid.c ++++ b/kernel/pid.c +@@ -427,6 +427,7 @@ struct task_struct *find_task_by_vpid(pi + { + return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); + } ++EXPORT_SYMBOL(find_task_by_vpid); + + struct pid *get_task_pid(struct task_struct *task, enum pid_type type) + { +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -130,6 +130,9 @@ + * void add_interrupt_randomness(int irq); + * void add_disk_randomness(struct gendisk *disk); + * ++ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) ++ * int random_input_wait(void); ++ * + * add_input_randomness() uses the input layer interrupt timing, as well as + * the event type information from the hardware. + * +@@ -147,6 +150,13 @@ + * seek times do not make for good sources of entropy, as their seek + * times are usually fairly consistent. + * ++ * random_input_words() just provides a raw block of entropy to the input ++ * pool, such as from a hardware entropy generator. ++ * ++ * random_input_wait() suspends the caller until such time as the ++ * entropy pool falls below the write threshold, and returns a count of how ++ * much entropy (in bits) is needed to sustain the pool. ++ * + * All of these routines try to estimate how many bits of randomness a + * particular randomness source. They do this by keeping track of the + * first and second order deltas of the event timings. +@@ -722,6 +732,63 @@ void add_disk_randomness(struct gendisk + } + #endif + ++/* ++ * random_input_words - add bulk entropy to pool ++ * ++ * @buf: buffer to add ++ * @wordcount: number of __u32 words to add ++ * @ent_count: total amount of entropy (in bits) to credit ++ * ++ * this provides bulk input of entropy to the input pool ++ * ++ */ ++void random_input_words(__u32 *buf, size_t wordcount, int ent_count) ++{ ++ mix_pool_bytes(&input_pool, buf, wordcount*4); ++ ++ credit_entropy_bits(&input_pool, ent_count); ++ ++ DEBUG_ENT("crediting %d bits => %d\n", ++ ent_count, input_pool.entropy_count); ++ /* ++ * Wake up waiting processes if we have enough ++ * entropy. ++ */ ++ if (input_pool.entropy_count >= random_read_wakeup_thresh) ++ wake_up_interruptible(&random_read_wait); ++} ++EXPORT_SYMBOL(random_input_words); ++ ++/* ++ * random_input_wait - wait until random needs entropy ++ * ++ * this function sleeps until the /dev/random subsystem actually ++ * needs more entropy, and then return the amount of entropy ++ * that it would be nice to have added to the system. ++ */ ++int random_input_wait(void) ++{ ++ int count; ++ ++ wait_event_interruptible(random_write_wait, ++ input_pool.entropy_count < random_write_wakeup_thresh); ++ ++ count = random_write_wakeup_thresh - input_pool.entropy_count; ++ ++ /* likely we got woken up due to a signal */ ++ if (count <= 0) count = random_read_wakeup_thresh; ++ ++ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n", ++ count, ++ input_pool.entropy_count, random_write_wakeup_thresh); ++ ++ return count; ++} ++EXPORT_SYMBOL(random_input_wait); ++ ++ ++#define EXTRACT_SIZE 10 ++ + /********************************************************************* + * + * Entropy extraction routines +--- a/fs/fcntl.c ++++ b/fs/fcntl.c +@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde + } + return ret; + } ++EXPORT_SYMBOL(sys_dup); + + #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME) + +--- a/include/linux/miscdevice.h ++++ b/include/linux/miscdevice.h +@@ -18,6 +18,7 @@ + #define APOLLO_MOUSE_MINOR 7 + #define PC110PAD_MINOR 9 + /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */ ++#define CRYPTODEV_MINOR 70 /* /dev/crypto */ + #define WATCHDOG_MINOR 130 /* Watchdog timer */ + #define TEMP_MINOR 131 /* Temperature Sensor */ + #define RTC_MINOR 135 +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -54,6 +54,10 @@ extern void add_input_randomness(unsigne + unsigned int value); + extern void add_interrupt_randomness(int irq); + ++extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count); ++extern int random_input_wait(void); ++#define HAS_RANDOM_INPUT_WAIT 1 ++ + extern void get_random_bytes(void *buf, int nbytes); + void generate_random_uuid(unsigned char uuid_out[16]); +