rmisec.c revision 198627
1198157Srrs/*- 2198157Srrs * Copyright (c) 2003-2009 RMI Corporation 3198157Srrs * All rights reserved. 4198157Srrs * 5198157Srrs * Redistribution and use in source and binary forms, with or without 6198157Srrs * modification, are permitted provided that the following conditions 7198157Srrs * are met: 8198157Srrs * 1. Redistributions of source code must retain the above copyright 9198157Srrs * notice, this list of conditions and the following disclaimer. 10198157Srrs * 2. Redistributions in binary form must reproduce the above copyright 11198157Srrs * notice, this list of conditions and the following disclaimer in the 12198157Srrs * documentation and/or other materials provided with the distribution. 13198157Srrs * 3. Neither the name of RMI Corporation, nor the names of its contributors, 14198157Srrs * may be used to endorse or promote products derived from this software 15198157Srrs * without specific prior written permission. 16198157Srrs * 17198157Srrs * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18198157Srrs * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19198157Srrs * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20198157Srrs * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21198157Srrs * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22198157Srrs * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23198157Srrs * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24198157Srrs * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25198157Srrs * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26198157Srrs * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27198157Srrs * SUCH DAMAGE. 28198157Srrs * 29198157Srrs * RMI_BSD */ 30198157Srrs 31198157Srrs 32198157Srrs#include <sys/param.h> 33198157Srrs#include <sys/systm.h> 34198157Srrs#include <sys/proc.h> 35198157Srrs#include <sys/errno.h> 36198157Srrs#include <sys/malloc.h> 37198157Srrs#include <sys/kernel.h> 38198157Srrs#include <sys/module.h> 39198157Srrs#include <sys/mbuf.h> 40198157Srrs#include <sys/lock.h> 41198157Srrs#include <sys/mutex.h> 42198157Srrs#include <sys/sysctl.h> 43198157Srrs 44198157Srrs#include <vm/vm.h> 45198157Srrs#include <vm/pmap.h> 46198157Srrs 47198157Srrs#include <machine/bus.h> 48198157Srrs#include <machine/resource.h> 49198157Srrs#include <sys/bus.h> 50198157Srrs#include <sys/rman.h> 51198157Srrs 52198157Srrs#include <opencrypto/cryptodev.h> 53198157Srrs#include <sys/random.h> 54198157Srrs 55198157Srrs#include <dev/rmi/sec/rmilib.h> 56198157Srrs 57198157Srrs/*#define RMI_SEC_DEBUG */ 58198157Srrs 59198157Srrs 60198157Srrsvoid xlr_sec_print_data(struct cryptop *crp); 61198157Srrs 62198627Srrsstatic int xlr_sec_newsession(void *arg, uint32_t * sidp, struct cryptoini *cri); 63198157Srrsstatic int xlr_sec_freesession(void *arg, uint64_t tid); 64198157Srrsstatic int xlr_sec_process(void *arg, struct cryptop *crp, int hint); 65198157Srrs 66198157Srrs 67198627Srrsstatic int xlr_sec_probe(device_t); 68198627Srrsstatic int xlr_sec_attach(device_t); 69198627Srrsstatic int xlr_sec_detach(device_t); 70198157Srrs 71198157Srrs 72198157Srrsstatic device_method_t xlr_sec_methods[] = { 73198627Srrs /* device interface */ 74198627Srrs DEVMETHOD(device_probe, xlr_sec_probe), 75198627Srrs DEVMETHOD(device_attach, xlr_sec_attach), 76198627Srrs DEVMETHOD(device_detach, xlr_sec_detach), 77198157Srrs 78198627Srrs /* bus interface */ 79198627Srrs DEVMETHOD(bus_print_child, bus_generic_print_child), 80198627Srrs DEVMETHOD(bus_driver_added, bus_generic_driver_added), 81198157Srrs 82198627Srrs {0, 0} 83198157Srrs}; 84198157Srrs 85198157Srrsstatic driver_t xlr_sec_driver = { 86198627Srrs "rmisec", 87198627Srrs xlr_sec_methods, 88198627Srrs sizeof(struct xlr_sec_softc) 89198157Srrs}; 90198157Srrsstatic devclass_t xlr_sec_devclass; 91198157Srrs 92198157SrrsDRIVER_MODULE(rmisec, iodi, xlr_sec_driver, xlr_sec_devclass, 0, 0); 93198157SrrsMODULE_DEPEND(rmisec, crypto, 1, 1, 1); 94198157Srrs 95198157Srrs 96198157Srrs 97198157Srrsstatic int 98198157Srrsxlr_sec_probe(device_t dev) 99198157Srrs{ 100198627Srrs return (BUS_PROBE_DEFAULT); 101198157Srrs 102198157Srrs} 103198157Srrs 104198157Srrs 105198157Srrs/* 106198157Srrs * Attach an interface that successfully probed. 107198157Srrs */ 108198157Srrsstatic int 109198157Srrsxlr_sec_attach(device_t dev) 110198157Srrs{ 111198157Srrs 112198627Srrs struct xlr_sec_softc *sc = device_get_softc(dev); 113198157Srrs 114198627Srrs bzero(sc, sizeof(*sc)); 115198627Srrs sc->sc_dev = dev; 116198157Srrs 117198157Srrs 118198627Srrs mtx_init(&sc->sc_mtx, device_get_nameunit(dev), "rmi crypto driver", MTX_DEF); 119198157Srrs 120198627Srrs sc->sc_cid = crypto_get_driverid(0); 121198627Srrs if (sc->sc_cid < 0) { 122198627Srrs printf("xlr_sec - error : could not get the driver id\n"); 123198627Srrs goto error_exit; 124198627Srrs } 125198627Srrs if (crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0, 126198627Srrs xlr_sec_newsession, xlr_sec_freesession, xlr_sec_process, sc) != 0) 127198627Srrs printf("register failed for CRYPTO_DES_CBC\n"); 128198157Srrs 129198627Srrs if (crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0, 130198627Srrs xlr_sec_newsession, xlr_sec_freesession, xlr_sec_process, sc) != 0) 131198627Srrs printf("register failed for CRYPTO_3DES_CBC\n"); 132198157Srrs 133198627Srrs if (crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0, 134198627Srrs xlr_sec_newsession, xlr_sec_freesession, 135198627Srrs xlr_sec_process, sc) != 0) 136198627Srrs printf("register failed for CRYPTO_AES_CBC\n"); 137198157Srrs 138198627Srrs if (crypto_register(sc->sc_cid, CRYPTO_ARC4, 0, 0, 139198627Srrs xlr_sec_newsession, xlr_sec_freesession, xlr_sec_process, sc) != 0) 140198627Srrs printf("register failed for CRYPTO_ARC4\n"); 141198157Srrs 142198157Srrs 143198627Srrs if (crypto_register(sc->sc_cid, CRYPTO_MD5, 0, 0, 144198627Srrs xlr_sec_newsession, xlr_sec_freesession, xlr_sec_process, sc) != 0) 145198627Srrs printf("register failed for CRYPTO_MD5\n"); 146198157Srrs 147198627Srrs if (crypto_register(sc->sc_cid, CRYPTO_SHA1, 0, 0, 148198627Srrs xlr_sec_newsession, xlr_sec_freesession, xlr_sec_process, sc) != 0) 149198627Srrs printf("register failed for CRYPTO_SHA1\n"); 150198157Srrs 151198627Srrs if (crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0, 152198627Srrs xlr_sec_newsession, xlr_sec_freesession, xlr_sec_process, sc) != 0) 153198627Srrs printf("register failed for CRYPTO_MD5_HMAC\n"); 154198157Srrs 155198627Srrs if (crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0, 156198627Srrs xlr_sec_newsession, xlr_sec_freesession, xlr_sec_process, sc) != 0) 157198627Srrs printf("register failed for CRYPTO_SHA1_HMAC\n"); 158198157Srrs 159198157Srrs 160198627Srrs xlr_sec_init(sc); 161198627Srrs return (0); 162198157Srrs 163198157Srrs 164198157Srrserror_exit: 165198627Srrs return (ENXIO); 166198157Srrs 167198157Srrs} 168198157Srrs 169198157Srrs 170198157Srrs/* 171198157Srrs * Detach an interface that successfully probed. 172198157Srrs */ 173198157Srrsstatic int 174198157Srrsxlr_sec_detach(device_t dev) 175198157Srrs{ 176198627Srrs int sesn; 177198627Srrs struct xlr_sec_softc *sc = device_get_softc(dev); 178198627Srrs struct xlr_sec_session *ses = NULL; 179198627Srrs symkey_desc_pt desc; 180198157Srrs 181198627Srrs for (sesn = 0; sesn < sc->sc_nsessions; sesn++) { 182198627Srrs ses = &sc->sc_sessions[sesn]; 183198627Srrs desc = (symkey_desc_pt) ses->desc_ptr; 184198627Srrs free(desc->user.kern_src, M_DEVBUF); 185198627Srrs free(desc->user.kern_dest, M_DEVBUF); 186198627Srrs free(desc->next_src_buf, M_DEVBUF); 187198627Srrs free(desc->next_dest_buf, M_DEVBUF); 188198627Srrs free(ses->desc_ptr, M_DEVBUF); 189198627Srrs } 190198157Srrs 191198627Srrs return (0); 192198157Srrs} 193198157Srrs 194198157Srrs 195198157Srrs 196198157Srrs 197198157Srrs/* 198198157Srrs * Allocate a new 'session' and return an encoded session id. 'sidp' 199198157Srrs * contains our registration id, and should contain an encoded session 200198157Srrs * id on successful allocation. 201198157Srrs */ 202198157Srrsstatic int 203198627Srrsxlr_sec_newsession(void *arg, u_int32_t * sidp, struct cryptoini *cri) 204198157Srrs{ 205198627Srrs struct cryptoini *c; 206198627Srrs struct xlr_sec_softc *sc = arg; 207198627Srrs int mac = 0, cry = 0, sesn; 208198627Srrs struct xlr_sec_session *ses = NULL; 209198157Srrs 210198157Srrs 211198627Srrs if (sidp == NULL || cri == NULL || sc == NULL) 212198627Srrs return (EINVAL); 213198157Srrs 214198157Srrs 215198627Srrs if (sc->sc_sessions == NULL) { 216198627Srrs ses = sc->sc_sessions = (struct xlr_sec_session *)malloc( 217198627Srrs sizeof(struct xlr_sec_session), M_DEVBUF, M_NOWAIT); 218198627Srrs if (ses == NULL) 219198627Srrs return (ENOMEM); 220198157Srrs 221198627Srrs ses->desc_ptr = (void *)xlr_sec_allocate_desc((void *)ses); 222198627Srrs if (ses->desc_ptr == NULL) 223198627Srrs return (ENOMEM); 224198157Srrs 225198627Srrs sesn = 0; 226198627Srrs ses->sessionid = sesn; 227198627Srrs sc->sc_nsessions = 1; 228198627Srrs } else { 229198627Srrs for (sesn = 0; sesn < sc->sc_nsessions; sesn++) { 230198627Srrs if (!sc->sc_sessions[sesn].hs_used) { 231198627Srrs ses = &sc->sc_sessions[sesn]; 232198627Srrs break; 233198627Srrs } 234198627Srrs } 235198157Srrs 236198627Srrs if (ses == NULL) { 237198627Srrs sesn = sc->sc_nsessions; 238198627Srrs ses = (struct xlr_sec_session *)malloc((sesn + 1) * 239198627Srrs sizeof(struct xlr_sec_session), M_DEVBUF, M_NOWAIT); 240198627Srrs if (ses == NULL) 241198627Srrs return (ENOMEM); 242198627Srrs bcopy(sc->sc_sessions, ses, sesn * sizeof(struct xlr_sec_session)); 243198627Srrs bzero(sc->sc_sessions, sesn * sizeof(struct xlr_sec_session)); 244198627Srrs free(sc->sc_sessions, M_DEVBUF); 245198627Srrs sc->sc_sessions = ses; 246198627Srrs ses = &sc->sc_sessions[sesn]; 247198627Srrs ses->sessionid = sesn; 248198627Srrs ses->desc_ptr = (void *)xlr_sec_allocate_desc((void *)ses); 249198627Srrs if (ses->desc_ptr == NULL) 250198627Srrs return (ENOMEM); 251198627Srrs sc->sc_nsessions++; 252198627Srrs } 253198627Srrs } 254198627Srrs ses->hs_used = 1; 255198157Srrs 256198157Srrs 257198627Srrs for (c = cri; c != NULL; c = c->cri_next) { 258198157Srrs 259198627Srrs switch (c->cri_alg) { 260198627Srrs case CRYPTO_MD5: 261198627Srrs case CRYPTO_SHA1: 262198627Srrs case CRYPTO_MD5_HMAC: 263198627Srrs case CRYPTO_SHA1_HMAC: 264198627Srrs if (mac) 265198627Srrs return (EINVAL); 266198627Srrs mac = 1; 267198627Srrs ses->hs_mlen = c->cri_mlen; 268198627Srrs if (ses->hs_mlen == 0) { 269198627Srrs switch (c->cri_alg) { 270198627Srrs case CRYPTO_MD5: 271198627Srrs case CRYPTO_MD5_HMAC: 272198627Srrs ses->hs_mlen = 16; 273198627Srrs break; 274198627Srrs case CRYPTO_SHA1: 275198627Srrs case CRYPTO_SHA1_HMAC: 276198627Srrs ses->hs_mlen = 20; 277198627Srrs break; 278198627Srrs } 279198627Srrs } 280198627Srrs break; 281198627Srrs case CRYPTO_DES_CBC: 282198627Srrs case CRYPTO_3DES_CBC: 283198627Srrs case CRYPTO_AES_CBC: 284198627Srrs /* XXX this may read fewer, does it matter? */ 285198627Srrs /* 286198627Srrs * read_random(ses->hs_iv, c->cri_alg == 287198627Srrs * CRYPTO_AES_CBC ? XLR_SEC_AES_IV_LENGTH : 288198627Srrs * XLR_SEC_IV_LENGTH); 289198627Srrs */ 290198627Srrs /* FALLTHROUGH */ 291198627Srrs case CRYPTO_ARC4: 292198627Srrs if (cry) 293198627Srrs return (EINVAL); 294198627Srrs cry = 1; 295198627Srrs break; 296198627Srrs default: 297198627Srrs return (EINVAL); 298198627Srrs } 299198627Srrs } 300198627Srrs if (mac == 0 && cry == 0) 301198627Srrs return (EINVAL); 302198157Srrs 303198627Srrs *sidp = XLR_SEC_SID(device_get_unit(sc->sc_dev), sesn); 304198627Srrs return (0); 305198157Srrs} 306198157Srrs 307198157Srrs/* 308198157Srrs * Deallocate a session. 309198157Srrs * XXX this routine should run a zero'd mac/encrypt key into context ram. 310198157Srrs * XXX to blow away any keys already stored there. 311198157Srrs */ 312198157Srrsstatic int 313198157Srrsxlr_sec_freesession(void *arg, u_int64_t tid) 314198157Srrs{ 315198627Srrs struct xlr_sec_softc *sc = arg; 316198627Srrs int session; 317198627Srrs u_int32_t sid = CRYPTO_SESID2LID(tid); 318198157Srrs 319198627Srrs if (sc == NULL) 320198627Srrs return (EINVAL); 321198157Srrs 322198627Srrs session = XLR_SEC_SESSION(sid); 323198627Srrs if (session >= sc->sc_nsessions) 324198627Srrs return (EINVAL); 325198157Srrs 326198627Srrs sc->sc_sessions[session].hs_used = 0; 327198157Srrs 328198627Srrs return (0); 329198157Srrs} 330198157Srrs 331198157Srrs#ifdef RMI_SEC_DEBUG 332198157Srrs 333198627Srrsvoid 334198627Srrsxlr_sec_print_data(struct cryptop *crp) 335198157Srrs{ 336198627Srrs int i, key_len; 337198627Srrs struct cryptodesc *crp_desc; 338198157Srrs 339198627Srrs printf("session id = 0x%llx, crp_ilen = %d, crp_olen=%d \n", 340198627Srrs crp->crp_sid, crp->crp_ilen, crp->crp_olen); 341198157Srrs 342198627Srrs printf("crp_flags = 0x%x\n", crp->crp_flags); 343198157Srrs 344198157Srrs 345198627Srrs printf("crp buf:\n"); 346198627Srrs for (i = 0; i < crp->crp_ilen; i++) { 347198627Srrs printf("%c ", crp->crp_buf[i]); 348198627Srrs if (i % 10 == 0) 349198627Srrs printf("\n"); 350198627Srrs } 351198157Srrs 352198627Srrs printf("\n"); 353198627Srrs printf("****************** desc ****************\n"); 354198627Srrs crp_desc = crp->crp_desc; 355198627Srrs printf("crd_skip=%d, crd_len=%d, crd_flags=0x%x, crd_alg=%d\n", 356198627Srrs crp_desc->crd_skip, crp_desc->crd_len, crp_desc->crd_flags, crp_desc->crd_alg); 357198157Srrs 358198627Srrs key_len = crp_desc->crd_klen / 8; 359198627Srrs printf("key(%d) :\n", key_len); 360198627Srrs for (i = 0; i < key_len; i++) 361198627Srrs printf("%d", crp_desc->crd_key[i]); 362198627Srrs printf("\n"); 363198157Srrs 364198627Srrs printf(" IV : \n"); 365198627Srrs for (i = 0; i < EALG_MAX_BLOCK_LEN; i++) 366198627Srrs printf("%d", crp_desc->crd_iv[i]); 367198627Srrs printf("\n"); 368198157Srrs 369198627Srrs printf("crd_next=%p\n", crp_desc->crd_next); 370198627Srrs return; 371198157Srrs} 372198157Srrs 373198157Srrs#endif 374198157Srrs 375198157Srrs 376198157Srrsstatic int 377198157Srrsxlr_sec_process(void *arg, struct cryptop *crp, int hint) 378198157Srrs{ 379198627Srrs struct xlr_sec_softc *sc = arg; 380198627Srrs struct xlr_sec_command *cmd = NULL; 381198627Srrs int session, err; 382198627Srrs struct cryptodesc *crd1, *crd2, *maccrd, *enccrd; 383198627Srrs struct xlr_sec_session *ses; 384198157Srrs 385198627Srrs if (crp == NULL || crp->crp_callback == NULL) { 386198627Srrs return (EINVAL); 387198627Srrs } 388198627Srrs session = XLR_SEC_SESSION(crp->crp_sid); 389198627Srrs if (sc == NULL || session >= sc->sc_nsessions) { 390198627Srrs err = EINVAL; 391198627Srrs goto errout; 392198627Srrs } 393198627Srrs ses = &sc->sc_sessions[session]; 394198157Srrs 395198627Srrs cmd = &ses->cmd; 396198627Srrs if (cmd == NULL) { 397198627Srrs err = ENOMEM; 398198627Srrs goto errout; 399198627Srrs } 400198627Srrs crd1 = crp->crp_desc; 401198627Srrs if (crd1 == NULL) { 402198627Srrs err = EINVAL; 403198627Srrs goto errout; 404198627Srrs } 405198627Srrs crd2 = crd1->crd_next; 406198157Srrs 407198627Srrs if (crd2 == NULL) { 408198627Srrs if (crd1->crd_alg == CRYPTO_MD5_HMAC || 409198627Srrs crd1->crd_alg == CRYPTO_SHA1_HMAC || 410198627Srrs crd1->crd_alg == CRYPTO_SHA1 || 411198627Srrs crd1->crd_alg == CRYPTO_MD5) { 412198627Srrs maccrd = crd1; 413198627Srrs enccrd = NULL; 414198627Srrs } else if (crd1->crd_alg == CRYPTO_DES_CBC || 415198627Srrs crd1->crd_alg == CRYPTO_3DES_CBC || 416198627Srrs crd1->crd_alg == CRYPTO_AES_CBC || 417198627Srrs crd1->crd_alg == CRYPTO_ARC4) { 418198627Srrs maccrd = NULL; 419198627Srrs enccrd = crd1; 420198627Srrs } else { 421198627Srrs err = EINVAL; 422198627Srrs goto errout; 423198627Srrs } 424198627Srrs } else { 425198627Srrs if ((crd1->crd_alg == CRYPTO_MD5_HMAC || 426198627Srrs crd1->crd_alg == CRYPTO_SHA1_HMAC || 427198627Srrs crd1->crd_alg == CRYPTO_MD5 || 428198627Srrs crd1->crd_alg == CRYPTO_SHA1) && 429198627Srrs (crd2->crd_alg == CRYPTO_DES_CBC || 430198627Srrs crd2->crd_alg == CRYPTO_3DES_CBC || 431198627Srrs crd2->crd_alg == CRYPTO_AES_CBC || 432198627Srrs crd2->crd_alg == CRYPTO_ARC4)) { 433198627Srrs maccrd = crd1; 434198627Srrs enccrd = crd2; 435198627Srrs } else if ((crd1->crd_alg == CRYPTO_DES_CBC || 436198627Srrs crd1->crd_alg == CRYPTO_ARC4 || 437198627Srrs crd1->crd_alg == CRYPTO_3DES_CBC || 438198627Srrs crd1->crd_alg == CRYPTO_AES_CBC) && 439198627Srrs (crd2->crd_alg == CRYPTO_MD5_HMAC || 440198627Srrs crd2->crd_alg == CRYPTO_SHA1_HMAC || 441198627Srrs crd2->crd_alg == CRYPTO_MD5 || 442198627Srrs crd2->crd_alg == CRYPTO_SHA1) && 443198627Srrs (crd1->crd_flags & CRD_F_ENCRYPT)) { 444198627Srrs enccrd = crd1; 445198627Srrs maccrd = crd2; 446198627Srrs } else { 447198627Srrs err = EINVAL; 448198627Srrs goto errout; 449198627Srrs } 450198627Srrs } 451198157Srrs 452198627Srrs bzero(&cmd->op, sizeof(xlr_sec_io_t)); 453198157Srrs 454198627Srrs cmd->op.source_buf = (uint64_t) (unsigned long)crp->crp_buf; 455198627Srrs cmd->op.source_buf_size = crp->crp_ilen; 456198627Srrs if (crp->crp_flags & CRYPTO_F_REL) { 457198627Srrs cmd->op.dest_buf = (uint64_t) (unsigned long)crp->crp_buf; 458198627Srrs cmd->op.dest_buf_size = crp->crp_ilen; 459198627Srrs } else { 460198627Srrs cmd->op.dest_buf = (uint64_t) (unsigned long)crp->crp_buf; 461198627Srrs cmd->op.dest_buf_size = crp->crp_ilen; 462198627Srrs } 463198627Srrs cmd->op.num_packets = 1; 464198627Srrs cmd->op.num_fragments = 1; 465198157Srrs 466198157Srrs 467198627Srrs if (cmd->op.source_buf_size > SEC_MAX_FRAG_LEN) { 468198627Srrs ses->multi_frag_flag = 1; 469198627Srrs } else { 470198627Srrs ses->multi_frag_flag = 0; 471198627Srrs } 472198157Srrs 473198627Srrs if (maccrd) { 474198627Srrs cmd->maccrd = maccrd; 475198627Srrs cmd->op.cipher_op = XLR_SEC_CIPHER_MODE_PASS; 476198627Srrs cmd->op.cipher_mode = XLR_SEC_CIPHER_MODE_NONE; 477198627Srrs cmd->op.cipher_type = XLR_SEC_CIPHER_TYPE_NONE; 478198627Srrs cmd->op.cipher_init = 0; 479198627Srrs cmd->op.cipher_offset = 0; 480198157Srrs 481198627Srrs switch (maccrd->crd_alg) { 482198627Srrs case CRYPTO_MD5: 483198627Srrs cmd->op.digest_type = XLR_SEC_DIGEST_TYPE_MD5; 484198627Srrs cmd->op.digest_init = XLR_SEC_DIGEST_INIT_NEWKEY; 485198627Srrs cmd->op.digest_src = XLR_SEC_DIGEST_SRC_DMA; 486198627Srrs cmd->op.digest_offset = 0; 487198157Srrs 488198627Srrs cmd->op.cksum_type = XLR_SEC_CKSUM_TYPE_NOP; 489198627Srrs cmd->op.cksum_src = XLR_SEC_CKSUM_SRC_CIPHER; 490198627Srrs cmd->op.cksum_offset = 0; 491198157Srrs 492198627Srrs cmd->op.pkt_hmac = XLR_SEC_LOADHMACKEY_MODE_OLD; 493198627Srrs cmd->op.pkt_hash = XLR_SEC_PADHASH_PAD; 494198627Srrs cmd->op.pkt_hashbytes = XLR_SEC_HASHBYTES_ALL8; 495198627Srrs cmd->op.pkt_next = XLR_SEC_NEXT_FINISH; 496198627Srrs cmd->op.pkt_iv = XLR_SEC_PKT_IV_OLD; 497198627Srrs cmd->op.pkt_lastword = XLR_SEC_LASTWORD_128; 498198157Srrs 499198157Srrs 500198627Srrs default: 501198627Srrs printf("currently not handled\n"); 502198627Srrs } 503198627Srrs } 504198627Srrs if (enccrd) { 505198627Srrs cmd->enccrd = enccrd; 506198157Srrs 507198157Srrs#ifdef RMI_SEC_DEBUG 508198627Srrs xlr_sec_print_data(crp); 509198157Srrs#endif 510198157Srrs 511198627Srrs if (enccrd->crd_flags & CRD_F_ENCRYPT) { 512198627Srrs cmd->op.cipher_op = XLR_SEC_CIPHER_OP_ENCRYPT; 513198627Srrs } else 514198627Srrs cmd->op.cipher_op = XLR_SEC_CIPHER_OP_DECRYPT; 515198157Srrs 516198627Srrs switch (enccrd->crd_alg) { 517198627Srrs case CRYPTO_DES_CBC: 518198627Srrs case CRYPTO_3DES_CBC: 519198627Srrs if (enccrd->crd_alg == CRYPTO_DES_CBC) { 520198627Srrs cmd->op.cipher_type = XLR_SEC_CIPHER_TYPE_DES; 521198627Srrs memcpy(&cmd->op.crypt_key[0], enccrd->crd_key, XLR_SEC_DES_KEY_LENGTH); 522198627Srrs } else { 523198627Srrs cmd->op.cipher_type = XLR_SEC_CIPHER_TYPE_3DES; 524198627Srrs //if (enccrd->crd_flags & CRD_F_KEY_EXPLICIT) { 525198627Srrs memcpy(&cmd->op.crypt_key[0], enccrd->crd_key, XLR_SEC_3DES_KEY_LENGTH); 526198627Srrs } 527198627Srrs } 528198157Srrs 529198627Srrs cmd->op.cipher_mode = XLR_SEC_CIPHER_MODE_CBC; 530198627Srrs cmd->op.cipher_init = XLR_SEC_CIPHER_INIT_NK; 531198627Srrs cmd->op.cipher_offset = XLR_SEC_DES_IV_LENGTH; 532198157Srrs 533198627Srrs cmd->op.digest_type = XLR_SEC_DIGEST_TYPE_NONE; 534198627Srrs cmd->op.digest_init = XLR_SEC_DIGEST_INIT_OLDKEY; 535198627Srrs cmd->op.digest_src = XLR_SEC_DIGEST_SRC_DMA; 536198627Srrs cmd->op.digest_offset = 0; 537198157Srrs 538198627Srrs cmd->op.cksum_type = XLR_SEC_CKSUM_TYPE_NOP; 539198627Srrs cmd->op.cksum_src = XLR_SEC_CKSUM_SRC_CIPHER; 540198627Srrs cmd->op.cksum_offset = 0; 541198157Srrs 542198627Srrs cmd->op.pkt_hmac = XLR_SEC_LOADHMACKEY_MODE_OLD; 543198627Srrs cmd->op.pkt_hash = XLR_SEC_PADHASH_PAD; 544198627Srrs cmd->op.pkt_hashbytes = XLR_SEC_HASHBYTES_ALL8; 545198627Srrs cmd->op.pkt_next = XLR_SEC_NEXT_FINISH; 546198627Srrs cmd->op.pkt_iv = XLR_SEC_PKT_IV_NEW; 547198627Srrs cmd->op.pkt_lastword = XLR_SEC_LASTWORD_128; 548198157Srrs 549198627Srrs //if ((!(enccrd->crd_flags & CRD_F_IV_PRESENT)) && 550198627Srrs if ((enccrd->crd_flags & CRD_F_IV_EXPLICIT)) { 551198627Srrs memcpy(&cmd->op.initial_vector[0], enccrd->crd_iv, XLR_SEC_DES_IV_LENGTH); 552198627Srrs } 553198627Srrs break; 554198157Srrs 555198627Srrs case CRYPTO_AES_CBC: 556198627Srrs if (enccrd->crd_alg == CRYPTO_AES_CBC) { 557198627Srrs cmd->op.cipher_type = XLR_SEC_CIPHER_TYPE_AES128; 558198627Srrs //if (enccrd->crd_flags & CRD_F_KEY_EXPLICIT) { 559198627Srrs memcpy(&cmd->op.crypt_key[0], enccrd->crd_key, XLR_SEC_AES128_KEY_LENGTH); 560198627Srrs } 561198627Srrs } 562198627Srrs cmd->op.cipher_mode = XLR_SEC_CIPHER_MODE_CBC; 563198627Srrs cmd->op.cipher_init = XLR_SEC_CIPHER_INIT_NK; 564198627Srrs cmd->op.cipher_offset = XLR_SEC_AES_BLOCK_SIZE; 565198157Srrs 566198627Srrs cmd->op.digest_type = XLR_SEC_DIGEST_TYPE_NONE; 567198627Srrs cmd->op.digest_init = XLR_SEC_DIGEST_INIT_OLDKEY; 568198627Srrs cmd->op.digest_src = XLR_SEC_DIGEST_SRC_DMA; 569198627Srrs cmd->op.digest_offset = 0; 570198157Srrs 571198627Srrs cmd->op.cksum_type = XLR_SEC_CKSUM_TYPE_NOP; 572198627Srrs cmd->op.cksum_src = XLR_SEC_CKSUM_SRC_CIPHER; 573198627Srrs cmd->op.cksum_offset = 0; 574198157Srrs 575198627Srrs cmd->op.pkt_hmac = XLR_SEC_LOADHMACKEY_MODE_OLD; 576198627Srrs cmd->op.pkt_hash = XLR_SEC_PADHASH_PAD; 577198627Srrs cmd->op.pkt_hashbytes = XLR_SEC_HASHBYTES_ALL8; 578198627Srrs cmd->op.pkt_next = XLR_SEC_NEXT_FINISH; 579198627Srrs cmd->op.pkt_iv = XLR_SEC_PKT_IV_NEW; 580198627Srrs cmd->op.pkt_lastword = XLR_SEC_LASTWORD_128; 581198157Srrs 582198627Srrs //if (!(enccrd->crd_flags & CRD_F_IV_PRESENT)) { 583198627Srrs if ((enccrd->crd_flags & CRD_F_IV_EXPLICIT)) { 584198627Srrs memcpy(&cmd->op.initial_vector[0], enccrd->crd_iv, XLR_SEC_AES_BLOCK_SIZE); 585198627Srrs } 586198627Srrs // 587198627Srrs } 588198627Srrs break; 589198627Srrs } 590198627Srrs } 591198627Srrs cmd->crp = crp; 592198627Srrs cmd->session_num = session; 593198627Srrs xlr_sec_setup(ses, cmd, (symkey_desc_pt) ses->desc_ptr); 594198157Srrs 595198627Srrs return (0); 596198157Srrs 597198157Srrserrout: 598198627Srrs if (cmd != NULL) 599198627Srrs free(cmd, M_DEVBUF); 600198627Srrs crp->crp_etype = err; 601198627Srrs crypto_done(crp); 602198627Srrs return (err); 603198157Srrs} 604