Date: Sun, 3 Dec 2006 01:15:45 GMT From: Sam Leffler <sam@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 110906 for review Message-ID: <200612030115.kB31FjEQ000315@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=110906 Change 110906 by sam@sam_ebb on 2006/12/03 01:14:46 checkpoint changes to kobj'ify crypto driver api's and to support specifying a device or class of devices for use Affected files ... .. //depot/projects/crypto/sys/conf/files#2 edit .. //depot/projects/crypto/sys/conf/kmod.mk#2 edit .. //depot/projects/crypto/sys/crypto/via/padlock.c#2 edit .. //depot/projects/crypto/sys/dev/hifn/hifn7751.c#2 edit .. //depot/projects/crypto/sys/dev/safe/safe.c#2 edit .. //depot/projects/crypto/sys/dev/ubsec/ubsec.c#2 edit .. //depot/projects/crypto/sys/geom/eli/g_eli.c#2 edit .. //depot/projects/crypto/sys/geom/eli/g_eli_crypto.c#2 edit .. //depot/projects/crypto/sys/modules/crypto/Makefile#2 edit .. //depot/projects/crypto/sys/modules/cryptodev/Makefile#2 edit .. //depot/projects/crypto/sys/modules/hifn/Makefile#2 edit .. //depot/projects/crypto/sys/modules/padlock/Makefile#2 edit .. //depot/projects/crypto/sys/modules/safe/Makefile#2 edit .. //depot/projects/crypto/sys/modules/ubsec/Makefile#2 edit .. //depot/projects/crypto/sys/netipsec/ipsec.c#2 edit .. //depot/projects/crypto/sys/opencrypto/crypto.c#2 edit .. //depot/projects/crypto/sys/opencrypto/crypto_if.m#2 delete .. //depot/projects/crypto/sys/opencrypto/cryptodev.c#2 edit .. //depot/projects/crypto/sys/opencrypto/cryptodev.h#2 edit .. //depot/projects/crypto/sys/opencrypto/cryptodev_if.m#1 add .. //depot/projects/crypto/sys/opencrypto/cryptosoft.c#2 edit .. //depot/projects/crypto/sys/opencrypto/cryptosoft.h#2 edit .. //depot/projects/crypto/tools/tools/crypto/cryptokeytest.c#2 edit .. //depot/projects/crypto/tools/tools/crypto/cryptotest.c#2 edit Differences ... ==== //depot/projects/crypto/sys/conf/files#2 (text+ko) ==== @@ -1901,6 +1901,7 @@ opencrypto/criov.c optional crypto opencrypto/crypto.c optional crypto opencrypto/cryptodev.c optional cryptodev +opencrypto/cryptodev_if.m optional crypto opencrypto/cryptosoft.c optional crypto opencrypto/deflate.c optional crypto opencrypto/rmd160.c optional crypto | ipsec ==== //depot/projects/crypto/sys/conf/kmod.mk#2 (text+ko) ==== @@ -327,7 +327,7 @@ dev/sound/midi/mpu_if.m dev/sound/midi/mpufoi_if.m \ dev/sound/midi/synth_if.m dev/usb/usb_if.m isa/isa_if.m \ kern/bus_if.m kern/cpufreq_if.m kern/device_if.m kern/serdev_if.m \ - libkern/iconv_converter_if.m opencrypto/crypto_if.m \ + libkern/iconv_converter_if.m opencrypto/cryptodev_if.m \ pc98/pc98/canbus_if.m pci/agp_if.m .for _srcsrc in ${MFILES} ==== //depot/projects/crypto/sys/crypto/via/padlock.c#2 (text+ko) ==== @@ -46,6 +46,10 @@ #include <crypto/via/padlock.h> +#include <sys/kobj.h> +#include <sys/bus.h> +#include "cryptodev_if.h" + /* * Technical documentation about the PadLock engine can be found here: * @@ -59,26 +63,29 @@ struct mtx sc_sessions_mtx; }; -static struct padlock_softc *padlock_sc; +static int padlock_newsession(device_t, uint32_t *sidp, struct cryptoini *cri); +static int padlock_freesession(device_t, uint64_t tid); +static int padlock_process(device_t, struct cryptop *crp, int hint __unused); -static int padlock_newsession(void *arg __unused, uint32_t *sidp, - struct cryptoini *cri); -static int padlock_freesession(void *arg __unused, uint64_t tid); -static int padlock_process(void *arg __unused, struct cryptop *crp, - int hint __unused); +MALLOC_DEFINE(M_PADLOCK, "padlock_data", "PadLock Data"); -MALLOC_DEFINE(M_PADLOCK, "padlock_data", "PadLock Data"); +static void +padlock_identify(device_t *dev, device_t parent) +{ + /* NB: order 10 is so we get attached after h/w devices */ + if (BUS_ADD_CHILD(parent, 10, "padlock", -1) == 0) + panic("padlock: could not attach"); +} static int -padlock_init(void) +padlock_probe(device_t dev) { - struct padlock_softc *sc; char capp[256]; #if defined(__i386__) && !defined(PC98) /* If there is no AES support, we has nothing to do here. */ if (!(via_feature_xcrypt & VIA_HAS_AES)) { - printf("PadLock: No ACE support.\n"); + device_printf(dev, "No ACE support.\n"); return (EINVAL); } strlcpy(capp, "AES-CBC", sizeof(capp)); @@ -97,63 +104,53 @@ if (via_feature_xcrypt & VIA_HAS_MM) strlcat(capp, ",RSA", sizeof(capp)); #endif - printf("PadLock: HW support loaded for %s.\n", capp); + device_set_desc(dev, capp); #else return (EINVAL); #endif + return (0); +} + +static int +padlock_attach(device_t dev) +{ + struct padlock_softc *sc = device_get_softc(dev); - padlock_sc = sc = malloc(sizeof(*padlock_sc), M_PADLOCK, - M_WAITOK | M_ZERO); TAILQ_INIT(&sc->sc_sessions); sc->sc_sid = 1; - sc->sc_cid = crypto_get_driverid(0); + sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE); if (sc->sc_cid < 0) { - printf("PadLock: Could not get crypto driver id.\n"); - free(padlock_sc, M_PADLOCK); - padlock_sc = NULL; + device_printf(dev, "Could not get crypto driver id.\n"); return (ENOMEM); } mtx_init(&sc->sc_sessions_mtx, "padlock_mtx", NULL, MTX_DEF); - crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0, padlock_newsession, - padlock_freesession, padlock_process, NULL); - crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0, padlock_newsession, - padlock_freesession, padlock_process, NULL); - crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0, padlock_newsession, - padlock_freesession, padlock_process, NULL); - crypto_register(sc->sc_cid, CRYPTO_RIPEMD160_HMAC, 0, 0, - padlock_newsession, padlock_freesession, padlock_process, NULL); - crypto_register(sc->sc_cid, CRYPTO_SHA2_256_HMAC, 0, 0, - padlock_newsession, padlock_freesession, padlock_process, NULL); - crypto_register(sc->sc_cid, CRYPTO_SHA2_384_HMAC, 0, 0, - padlock_newsession, padlock_freesession, padlock_process, NULL); - crypto_register(sc->sc_cid, CRYPTO_SHA2_512_HMAC, 0, 0, - padlock_newsession, padlock_freesession, padlock_process, NULL); + crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_RIPEMD160_HMAC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_SHA2_256_HMAC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_SHA2_384_HMAC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_SHA2_512_HMAC, 0, 0); return (0); } static int -padlock_destroy(void) +padlock_detach(device_t dev) { - struct padlock_softc *sc = padlock_sc; + struct padlock_softc *sc = device_get_softc(dev); struct padlock_session *ses; - u_int active = 0; - if (sc == NULL) - return (0); mtx_lock(&sc->sc_sessions_mtx); TAILQ_FOREACH(ses, &sc->sc_sessions, ses_next) { - if (ses->ses_used) - active++; + if (ses->ses_used) { + mtx_unlock(&sc->sc_sessions_mtx); + device_printf(dev, + "Cannot detach, sessions still active.\n"); + return (EBUSY); + } } - if (active > 0) { - mtx_unlock(&sc->sc_sessions_mtx); - printf("PadLock: Cannot destroy, %u sessions active.\n", - active); - return (EBUSY); - } - padlock_sc = NULL; for (ses = TAILQ_FIRST(&sc->sc_sessions); ses != NULL; ses = TAILQ_FIRST(&sc->sc_sessions)) { TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next); @@ -161,19 +158,18 @@ } mtx_destroy(&sc->sc_sessions_mtx); crypto_unregister_all(sc->sc_cid); - free(sc, M_PADLOCK); return (0); } static int -padlock_newsession(void *arg __unused, uint32_t *sidp, struct cryptoini *cri) +padlock_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri) { - struct padlock_softc *sc = padlock_sc; + struct padlock_softc *sc = device_get_softc(dev); struct padlock_session *ses = NULL; struct cryptoini *encini, *macini; int error; - if (sc == NULL || sidp == NULL || cri == NULL) + if (sidp == NULL || cri == NULL) return (EINVAL); encini = macini = NULL; @@ -255,14 +251,12 @@ } static int -padlock_freesession(void *arg __unused, uint64_t tid) +padlock_freesession(device_t dev, uint64_t tid) { - struct padlock_softc *sc = padlock_sc; + struct padlock_softc *sc = device_get_softc(dev); struct padlock_session *ses; uint32_t sid = ((uint32_t)tid) & 0xffffffff; - if (sc == NULL) - return (EINVAL); mtx_lock(&sc->sc_sessions_mtx); TAILQ_FOREACH(ses, &sc->sc_sessions, ses_next) { if (ses->ses_id == sid) @@ -282,9 +276,9 @@ } static int -padlock_process(void *arg __unused, struct cryptop *crp, int hint __unused) +padlock_process(device_t dev, struct cryptop *crp, int hint __unused) { - struct padlock_softc *sc = padlock_sc; + struct padlock_softc *sc = device_get_softc(dev); struct padlock_session *ses = NULL; struct cryptodesc *crd, *enccrd, *maccrd; int error = 0; @@ -373,28 +367,27 @@ return (error); } -static int -padlock_modevent(module_t mod, int type, void *unused __unused) -{ - int error; +static device_method_t padlock_methods[] = { + DEVMETHOD(device_identify, padlock_identify), + DEVMETHOD(device_probe, padlock_probe), + DEVMETHOD(device_attach, padlock_attach), + DEVMETHOD(device_detach, padlock_detach), + + DEVMETHOD(cryptodev_newsession, padlock_newsession), + DEVMETHOD(cryptodev_freesession,padlock_freesession), + DEVMETHOD(cryptodev_process, padlock_process), - error = EOPNOTSUPP; - switch (type) { - case MOD_LOAD: - error = padlock_init(); - break; - case MOD_UNLOAD: - error = padlock_destroy(); - break; - } - return (error); -} + {0, 0}, +}; -static moduledata_t padlock_mod = { +static driver_t padlock_driver = { "padlock", - padlock_modevent, - 0 + padlock_methods, + sizeof(struct padlock_softc), }; -DECLARE_MODULE(padlock, padlock_mod, SI_SUB_DRIVERS, SI_ORDER_ANY); +static devclass_t padlock_devclass; + +/* XXX where to attach */ +DRIVER_MODULE(padlock, nexus, padlock_driver, padlock_devclass, 0, 0); MODULE_VERSION(padlock, 1); MODULE_DEPEND(padlock, crypto, 1, 1, 1); ==== //depot/projects/crypto/sys/dev/hifn/hifn7751.c#2 (text+ko) ==== @@ -70,6 +70,9 @@ #include <opencrypto/cryptodev.h> #include <sys/random.h> +#include <sys/kobj.h> + +#include "cryptodev_if.h" #include <dev/pci/pcivar.h> #include <dev/pci/pcireg.h> @@ -90,6 +93,10 @@ static int hifn_resume(device_t); static void hifn_shutdown(device_t); +static int hifn_newsession(device_t, u_int32_t *, struct cryptoini *); +static int hifn_freesession(device_t, u_int64_t); +static int hifn_process(device_t, struct cryptop *, int); + static device_method_t hifn_methods[] = { /* Device interface */ DEVMETHOD(device_probe, hifn_probe), @@ -103,6 +110,11 @@ DEVMETHOD(bus_print_child, bus_generic_print_child), DEVMETHOD(bus_driver_added, bus_generic_driver_added), + /* crypto device methods */ + DEVMETHOD(cryptodev_newsession, hifn_newsession), + DEVMETHOD(cryptodev_freesession,hifn_freesession), + DEVMETHOD(cryptodev_process, hifn_process), + { 0, 0 } }; static driver_t hifn_driver = { @@ -132,9 +144,6 @@ static void hifn_intr(void *); static u_int hifn_write_command(struct hifn_command *, u_int8_t *); static u_int32_t hifn_next_signature(u_int32_t a, u_int cnt); -static int hifn_newsession(void *, u_int32_t *, struct cryptoini *); -static int hifn_freesession(void *, u_int64_t); -static int hifn_process(void *, struct cryptop *, int); static void hifn_callback(struct hifn_softc *, struct hifn_command *, u_int8_t *); static int hifn_crypto(struct hifn_softc *, struct hifn_command *, struct cryptop *, int); static int hifn_readramaddr(struct hifn_softc *, int, u_int8_t *); @@ -559,7 +568,7 @@ 2 + 2*((sc->sc_pllconfig & HIFN_PLL_ND) >> 11)); printf("\n"); - sc->sc_cid = crypto_get_driverid(0); + sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE); if (sc->sc_cid < 0) { device_printf(dev, "could not get crypto driver id\n"); goto fail_intr; @@ -571,26 +580,17 @@ switch (ena) { case HIFN_PUSTAT_ENA_2: - crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0, - hifn_newsession, hifn_freesession, hifn_process, sc); - crypto_register(sc->sc_cid, CRYPTO_ARC4, 0, 0, - hifn_newsession, hifn_freesession, hifn_process, sc); + crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_ARC4, 0, 0); if (sc->sc_flags & HIFN_HAS_AES) - crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0, - hifn_newsession, hifn_freesession, - hifn_process, sc); + crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0); /*FALLTHROUGH*/ case HIFN_PUSTAT_ENA_1: - crypto_register(sc->sc_cid, CRYPTO_MD5, 0, 0, - hifn_newsession, hifn_freesession, hifn_process, sc); - crypto_register(sc->sc_cid, CRYPTO_SHA1, 0, 0, - hifn_newsession, hifn_freesession, hifn_process, sc); - crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0, - hifn_newsession, hifn_freesession, hifn_process, sc); - crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0, - hifn_newsession, hifn_freesession, hifn_process, sc); - crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0, - hifn_newsession, hifn_freesession, hifn_process, sc); + crypto_register(sc->sc_cid, CRYPTO_MD5, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_SHA1, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0); break; } @@ -2292,10 +2292,10 @@ * id on successful allocation. */ static int -hifn_newsession(void *arg, u_int32_t *sidp, struct cryptoini *cri) +hifn_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri) { + struct hifn_softc *sc = device_get_softc(dev); struct cryptoini *c; - struct hifn_softc *sc = arg; int mac = 0, cry = 0, sesn; struct hifn_session *ses = NULL; @@ -2389,9 +2389,9 @@ * XXX to blow away any keys already stored there. */ static int -hifn_freesession(void *arg, u_int64_t tid) +hifn_freesession(device_t dev, u_int64_t tid) { - struct hifn_softc *sc = arg; + struct hifn_softc *sc = device_get_softc(dev); int session; u_int32_t sid = CRYPTO_SESID2LID(tid); @@ -2408,9 +2408,9 @@ } static int -hifn_process(void *arg, struct cryptop *crp, int hint) +hifn_process(device_t dev, struct cryptop *crp, int hint) { - struct hifn_softc *sc = arg; + struct hifn_softc *sc = device_get_softc(dev); struct hifn_command *cmd = NULL; int session, err, ivlen; struct cryptodesc *crd1, *crd2, *maccrd, *enccrd; ==== //depot/projects/crypto/sys/dev/safe/safe.c#2 (text+ko) ==== @@ -59,6 +59,9 @@ #include <opencrypto/cryptosoft.h> #include <sys/md5.h> #include <sys/random.h> +#include <sys/kobj.h> + +#include "cryptodev_if.h" #include <dev/pci/pcivar.h> #include <dev/pci/pcireg.h> @@ -83,6 +86,10 @@ static int safe_resume(device_t); static void safe_shutdown(device_t); +static int safe_newsession(device_t, u_int32_t *, struct cryptoini *); +static int safe_freesession(device_t, u_int64_t); +static int safe_process(device_t, struct cryptop *, int); + static device_method_t safe_methods[] = { /* Device interface */ DEVMETHOD(device_probe, safe_probe), @@ -96,6 +103,11 @@ DEVMETHOD(bus_print_child, bus_generic_print_child), DEVMETHOD(bus_driver_added, bus_generic_driver_added), + /* crypto device methods */ + DEVMETHOD(cryptodev_newsession, safe_newsession), + DEVMETHOD(cryptodev_freesession,safe_freesession), + DEVMETHOD(cryptodev_process, safe_process), + { 0, 0 } }; static driver_t safe_driver = { @@ -112,9 +124,6 @@ #endif static void safe_intr(void *); -static int safe_newsession(void *, u_int32_t *, struct cryptoini *); -static int safe_freesession(void *, u_int64_t); -static int safe_process(void *, struct cryptop *, int); static void safe_callback(struct safe_softc *, struct safe_ringentry *); static void safe_feed(struct safe_softc *, struct safe_ringentry *); static void safe_mcopy(struct mbuf *, struct mbuf *, u_int); @@ -270,7 +279,7 @@ goto bad2; } - sc->sc_cid = crypto_get_driverid(0); + sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE); if (sc->sc_cid < 0) { device_printf(dev, "could not get crypto driver id\n"); goto bad3; @@ -388,39 +397,30 @@ #if 0 printf(" key"); sc->sc_flags |= SAFE_FLAGS_KEY; - crypto_kregister(sc->sc_cid, CRK_MOD_EXP, 0, - safe_kprocess, sc); - crypto_kregister(sc->sc_cid, CRK_MOD_EXP_CRT, 0, - safe_kprocess, sc); + crypto_kregister(sc->sc_cid, CRK_MOD_EXP, 0); + crypto_kregister(sc->sc_cid, CRK_MOD_EXP_CRT, 0); #endif } if (devinfo & SAFE_DEVINFO_DES) { printf(" des/3des"); - crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0, - safe_newsession, safe_freesession, safe_process, sc); - crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0, - safe_newsession, safe_freesession, safe_process, sc); + crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0); } if (devinfo & SAFE_DEVINFO_AES) { printf(" aes"); - crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0, - safe_newsession, safe_freesession, safe_process, sc); + crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0); } if (devinfo & SAFE_DEVINFO_MD5) { printf(" md5"); - crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0, - safe_newsession, safe_freesession, safe_process, sc); + crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0); } if (devinfo & SAFE_DEVINFO_SHA1) { printf(" sha1"); - crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0, - safe_newsession, safe_freesession, safe_process, sc); + crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0); } printf(" null"); - crypto_register(sc->sc_cid, CRYPTO_NULL_CBC, 0, 0, - safe_newsession, safe_freesession, safe_process, sc); - crypto_register(sc->sc_cid, CRYPTO_NULL_HMAC, 0, 0, - safe_newsession, safe_freesession, safe_process, sc); + crypto_register(sc->sc_cid, CRYPTO_NULL_CBC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_NULL_HMAC, 0, 0); /* XXX other supported algorithms */ printf("\n"); @@ -710,10 +710,10 @@ * id on successful allocation. */ static int -safe_newsession(void *arg, u_int32_t *sidp, struct cryptoini *cri) +safe_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri) { + struct safe_softc *sc = device_get_softc(dev); struct cryptoini *c, *encini = NULL, *macini = NULL; - struct safe_softc *sc = arg; struct safe_session *ses = NULL; int sesn; @@ -826,9 +826,9 @@ * Deallocate a session. */ static int -safe_freesession(void *arg, u_int64_t tid) +safe_freesession(device_t dev, u_int64_t tid) { - struct safe_softc *sc = arg; + struct safe_softc *sc = device_get_softc(dev); int session, ret; u_int32_t sid = ((u_int32_t) tid) & 0xffffffff; @@ -859,10 +859,10 @@ } static int -safe_process(void *arg, struct cryptop *crp, int hint) +safe_process(device_t dev, struct cryptop *crp, int hint) { + struct safe_softc *sc = device_get_softc(dev); int err = 0, i, nicealign, uniform; - struct safe_softc *sc = arg; struct cryptodesc *crd1, *crd2, *maccrd, *enccrd; int bypass, oplen, ivsize; caddr_t iv; ==== //depot/projects/crypto/sys/dev/ubsec/ubsec.c#2 (text+ko) ==== @@ -73,6 +73,9 @@ #include <opencrypto/cryptosoft.h> #include <sys/md5.h> #include <sys/random.h> +#include <sys/kobj.h> + +#include "cryptodev_if.h" #include <dev/pci/pcivar.h> #include <dev/pci/pcireg.h> @@ -106,6 +109,11 @@ static int ubsec_resume(device_t); static void ubsec_shutdown(device_t); +static int ubsec_newsession(device_t, u_int32_t *, struct cryptoini *); +static int ubsec_freesession(device_t, u_int64_t); +static int ubsec_process(device_t, struct cryptop *, int); +static int ubsec_kprocess(device_t, struct cryptkop *, int); + static device_method_t ubsec_methods[] = { /* Device interface */ DEVMETHOD(device_probe, ubsec_probe), @@ -119,6 +127,12 @@ DEVMETHOD(bus_print_child, bus_generic_print_child), DEVMETHOD(bus_driver_added, bus_generic_driver_added), + /* crypto device methods */ + DEVMETHOD(cryptodev_newsession, ubsec_newsession), + DEVMETHOD(cryptodev_freesession,ubsec_freesession), + DEVMETHOD(cryptodev_process, ubsec_process), + DEVMETHOD(cryptodev_kprocess, ubsec_kprocess), + { 0, 0 } }; static driver_t ubsec_driver = { @@ -135,9 +149,6 @@ #endif static void ubsec_intr(void *); -static int ubsec_newsession(void *, u_int32_t *, struct cryptoini *); -static int ubsec_freesession(void *, u_int64_t); -static int ubsec_process(void *, struct cryptop *, int); static void ubsec_callback(struct ubsec_softc *, struct ubsec_q *); static void ubsec_feed(struct ubsec_softc *); static void ubsec_mcopy(struct mbuf *, struct mbuf *, int, int); @@ -158,7 +169,6 @@ static int ubsec_free_q(struct ubsec_softc *sc, struct ubsec_q *q); -static int ubsec_kprocess(void*, struct cryptkop *, int); static int ubsec_kprocess_modexp_hw(struct ubsec_softc *, struct cryptkop *, int); static int ubsec_kprocess_modexp_sw(struct ubsec_softc *, struct cryptkop *, int); static int ubsec_kprocess_rsapriv(struct ubsec_softc *, struct cryptkop *, int); @@ -350,7 +360,7 @@ goto bad2; } - sc->sc_cid = crypto_get_driverid(0); + sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE); if (sc->sc_cid < 0) { device_printf(dev, "could not get crypto driver id\n"); goto bad3; @@ -405,14 +415,10 @@ device_printf(sc->sc_dev, "%s\n", ubsec_partname(sc)); - crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0, - ubsec_newsession, ubsec_freesession, ubsec_process, sc); - crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0, - ubsec_newsession, ubsec_freesession, ubsec_process, sc); - crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0, - ubsec_newsession, ubsec_freesession, ubsec_process, sc); - crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0, - ubsec_newsession, ubsec_freesession, ubsec_process, sc); + crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0); + crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0); /* * Reset Broadcom chip @@ -475,11 +481,9 @@ if (sc->sc_flags & UBS_FLAGS_KEY) { sc->sc_statmask |= BS_STAT_MCR2_DONE; - crypto_kregister(sc->sc_cid, CRK_MOD_EXP, 0, - ubsec_kprocess, sc); + crypto_kregister(sc->sc_cid, CRK_MOD_EXP, 0); #if 0 - crypto_kregister(sc->sc_cid, CRK_MOD_EXP_CRT, 0, - ubsec_kprocess, sc); + crypto_kregister(sc->sc_cid, CRK_MOD_EXP_CRT, 0); #endif } return (0); @@ -900,10 +904,10 @@ * id on successful allocation. */ static int -ubsec_newsession(void *arg, u_int32_t *sidp, struct cryptoini *cri) +ubsec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri) { + struct ubsec_softc *sc = device_get_softc(dev); struct cryptoini *c, *encini = NULL, *macini = NULL; - struct ubsec_softc *sc = arg; struct ubsec_session *ses = NULL; int sesn; @@ -995,9 +999,9 @@ * Deallocate a session. */ static int -ubsec_freesession(void *arg, u_int64_t tid) +ubsec_freesession(device_t dev, u_int64_t tid) { - struct ubsec_softc *sc = arg; + struct ubsec_softc *sc = device_get_softc(dev); int session, ret; u_int32_t sid = CRYPTO_SESID2LID(tid); @@ -1035,11 +1039,11 @@ } static int -ubsec_process(void *arg, struct cryptop *crp, int hint) +ubsec_process(device_t dev, struct cryptop *crp, int hint) { + struct ubsec_softc *sc = device_get_softc(dev); struct ubsec_q *q = NULL; int err = 0, i, j, nicealign; - struct ubsec_softc *sc = arg; struct cryptodesc *crd1, *crd2, *maccrd, *enccrd; int encoffset = 0, macoffset = 0, cpskip, cpoffset; int sskip, dskip, stheend, dtheend; @@ -2110,9 +2114,9 @@ } static int -ubsec_kprocess(void *arg, struct cryptkop *krp, int hint) +ubsec_kprocess(device_t dev, struct cryptkop *krp, int hint) { - struct ubsec_softc *sc = arg; + struct ubsec_softc *sc = device_get_softc(dev); int r; if (krp == NULL || krp->krp_callback == NULL) ==== //depot/projects/crypto/sys/geom/eli/g_eli.c#2 (text+ko) ==== @@ -654,12 +654,14 @@ * Use software cryptography, if we cannot get it. */ if (LIST_EMPTY(&sc->sc_workers)) { - error = crypto_newsession(&wr->w_sid, &crie, 1); + error = crypto_newsession(&wr->w_sid, &crie, + CRYPTOCAP_F_HARDWARE); if (error == 0) sc->sc_crypto = G_ELI_CRYPTO_HW; } if (sc->sc_crypto == G_ELI_CRYPTO_SW) - error = crypto_newsession(&wr->w_sid, &crie, 0); + error = crypto_newsession(&wr->w_sid, &crie, + CRYPTOCAP_F_SOFTWARE); if (error != 0) { free(wr, M_ELI); if (req != NULL) { ==== //depot/projects/crypto/sys/geom/eli/g_eli_crypto.c#2 (text+ko) ==== @@ -73,7 +73,7 @@ cri.cri_alg = algo; cri.cri_key = __DECONST(void *, key); cri.cri_klen = keysize; - error = crypto_newsession(&sid, &cri, 0); + error = crypto_newsession(&sid, &cri, CRYPTOCAP_F_SOFTWARE); if (error != 0) return (error); p = malloc(sizeof(*crp) + sizeof(*crd) + sizeof(*uio) + sizeof(*iov), ==== //depot/projects/crypto/sys/modules/crypto/Makefile#2 (text+ko) ==== @@ -8,12 +8,12 @@ .PATH: ${.CURDIR}/../../crypto/sha2 KMOD = crypto -SRCS = crypto.c +SRCS = crypto.c cryptodev_if.c SRCS += criov.c cryptosoft.c xform.c SRCS += cast.c deflate.c rmd160.c rijndael-alg-fst.c rijndael-api.c SRCS += skipjack.c bf_enc.c bf_skey.c SRCS += des_ecb.c des_enc.c des_setkey.c SRCS += sha1.c sha2.c -SRCS += opt_param.h +SRCS += opt_param.h cryptodev_if.h bus_if.h device_if.h .include <bsd.kmod.mk> ==== //depot/projects/crypto/sys/modules/cryptodev/Makefile#2 (text+ko) ==== @@ -3,5 +3,6 @@ .PATH: ${.CURDIR}/../../opencrypto KMOD = cryptodev SRCS = cryptodev.c +SRCS += bus_if.h device_if.h .include <bsd.kmod.mk> ==== //depot/projects/crypto/sys/modules/hifn/Makefile#2 (text+ko) ==== @@ -4,7 +4,7 @@ KMOD = hifn SRCS = hifn7751.c opt_hifn.h SRCS += device_if.h bus_if.h pci_if.h -SRCS += opt_bus.h crypto_if.h +SRCS += opt_bus.h cryptodev_if.h .if !defined(KERNBUILDDIR) opt_hifn.h: ==== //depot/projects/crypto/sys/modules/padlock/Makefile#2 (text+ko) ==== @@ -4,5 +4,6 @@ KMOD= padlock SRCS= padlock.c padlock_cipher.c padlock_hash.c +SRCS += device_if.h bus_if.h opt_bus.h cryptodev_if.h .include <bsd.kmod.mk> ==== //depot/projects/crypto/sys/modules/safe/Makefile#2 (text+ko) ==== @@ -30,7 +30,7 @@ KMOD = safe SRCS = safe.c opt_safe.h SRCS += device_if.h bus_if.h pci_if.h -SRCS += opt_bus.h crypto_if.h +SRCS += opt_bus.h cryptodev_if.h .if !defined(KERNBUILDDIR) opt_safe.h: ==== //depot/projects/crypto/sys/modules/ubsec/Makefile#2 (text+ko) ==== @@ -4,7 +4,7 @@ KMOD = ubsec SRCS = ubsec.c opt_ubsec.h SRCS += device_if.h bus_if.h pci_if.h -SRCS += opt_bus.h crypto_if.h +SRCS += opt_bus.h cryptodev_if.h .if !defined(KERNBUILDDIR) opt_ubsec.h: ==== //depot/projects/crypto/sys/netipsec/ipsec.c#2 (text+ko) ==== @@ -117,7 +117,7 @@ * -1 require software support * 0 take anything */ -int crypto_support = 0; +int crypto_support = CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE; SYSCTL_DECL(_net_inet_ipsec); ==== //depot/projects/crypto/sys/opencrypto/crypto.c#2 (text+ko) ==== @@ -1,4 +1,38 @@ -/* $OpenBSD: crypto.c,v 1.38 2002/06/11 11:14:29 beck Exp $ */ +/*- + * Copyright (c) 2002-2006 Sam Leffler. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.26 2006/06/06 15:04:52 pjd Exp $"); + +/* + * Cryptographic Subsystem. + * + * This code is derived from the Openbsd Cryptographic Framework (OCF) + * that has the copyright shown below. Very little of the original + * code remains. + */ + /*- * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -20,9 +54,6 @@ * PURPOSE. */ -#include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.26 2006/06/06 15:04:52 pjd Exp $"); - #define CRYPTO_TIMING /* enable timing support */ #include <sys/param.h> @@ -41,6 +72,10 @@ #include <opencrypto/cryptodev.h> #include <opencrypto/xform.h> /* XXX for M_XDATA */ +#include <sys/kobj.h> +#include <sys/bus.h> +#include "cryptodev_if.h" + /* * Crypto drivers register themselves by allocating a slot in the * crypto_drivers table with crypto_get_driverid() and then registering @@ -49,6 +84,33 @@ static struct mtx crypto_drivers_mtx; /* lock on driver table */ #define CRYPTO_DRIVER_LOCK() mtx_lock(&crypto_drivers_mtx) #define CRYPTO_DRIVER_UNLOCK() mtx_unlock(&crypto_drivers_mtx) +#define CRYPTO_DRIVER_ASSERT() mtx_assert(&crypto_drivers_mtx, MA_OWNED) + +/* + * Crypto device/driver capabilities structure. + * + * Synchronization: + * (d) - protected by CRYPTO_DRIVER_LOCK() + * (q) - protected by CRYPTO_Q_LOCK() + * Not tagged fields are read-only. + */ +struct cryptocap { + device_t cc_dev; /* (d) device/driver */ + u_int32_t cc_sessions; /* (d) # of sessions */ + u_int32_t cc_koperations; /* (d) # os asym operations */ + /* + * Largest possible operator length (in bits) for each type of + * encryption algorithm. XXX not used + */ + u_int16_t cc_max_op_len[CRYPTO_ALGORITHM_MAX + 1]; + u_int8_t cc_alg[CRYPTO_ALGORITHM_MAX + 1]; + u_int8_t cc_kalg[CRK_ALGORITHM_MAX + 1]; + + int cc_flags; /* (d) flags */ +#define CRYPTOCAP_F_CLEANUP 0x80000000 /* needs resource cleanup */ + int cc_qblocked; /* (q) symmetric q blocked */ + int cc_kqblocked; /* (q) asymmetric q blocked */ +}; static struct cryptocap *crypto_drivers = NULL; static int crypto_drivers_num = 0; @@ -101,7 +163,7 @@ static struct proc *cryptoretproc; static void crypto_destroy(void); static int crypto_invoke(struct cryptocap *cap, struct cryptop *crp, int hint); -static int crypto_kinvoke(struct cryptkop *krp); +static int crypto_kinvoke(struct cryptkop *krp, int flags); static struct cryptostats cryptostats; SYSCTL_STRUCT(_kern, OID_AUTO, crypto_stats, CTLFLAG_RW, &cryptostats, @@ -256,112 +318,133 @@ DECLARE_MODULE(crypto, crypto_mod, SI_SUB_DRIVERS, SI_ORDER_FIRST); MODULE_DEPEND(crypto, zlib, 1, 1, 1); +static struct cryptocap * +crypto_checkdriver(u_int32_t hid) +{ + if (crypto_drivers == NULL) + return NULL; + return (hid >= crypto_drivers_num ? NULL : &crypto_drivers[hid]); +} + /* - * Create a new session. + * Compare a driver's list of supported algorithms against another + * list; return non-zero if all algorithms are supported. */ -int -crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard) +static int +driver_suitable(const struct cryptocap *cap, const struct cryptoini *cri) { - struct cryptocap *cap = NULL; - struct cryptoini *cr; - u_int32_t hid = 0, lid; - int err = EINVAL; + const struct cryptoini *cr; - CRYPTO_DRIVER_LOCK(); + /* See if all the algorithms are supported. */ + for (cr = cri; cr; cr = cr->cri_next) + if (cap->cc_alg[cr->cri_alg] == 0) + return 0; + return 1; +} - if (crypto_drivers == NULL) - goto done; +/* + * Select a driver for a new session that supports the specified + * algorithms and, optionally, is constrained according to the flags. + * The algorithm we use here is pretty stupid; just use the + * first driver that supports all the algorithms we need. If there + * are multiple drivers we choose the driver with the fewest active + * sessions. We prefer hardware-backed drivers to software ones. + * + * XXX We need more smarts here (in real life too, but that's + * XXX another story altogether). + */ +static struct cryptocap * +crypto_select_driver(const struct cryptoini *cri, int flags) +{ + struct cryptocap *cap, *best; + int match, hid; - /* - * The algorithm we use here is pretty stupid; just use the - * first driver that supports all the algorithms we need. - * >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612030115.kB31FjEQ000315>