PERFORCE change 110906 for review
Sam Leffler
sam at FreeBSD.org
Sat Dec 2 17:15:49 PST 2006
http://perforce.freebsd.org/chv.cgi?CH=110906
Change 110906 by sam at sam_ebb on 2006/12/03 01:14:46
checkpoint changes to kobj'ify crypto driver api's and
to support specifying a device or class of devices for use
Affected files ...
.. //depot/projects/crypto/sys/conf/files#2 edit
.. //depot/projects/crypto/sys/conf/kmod.mk#2 edit
.. //depot/projects/crypto/sys/crypto/via/padlock.c#2 edit
.. //depot/projects/crypto/sys/dev/hifn/hifn7751.c#2 edit
.. //depot/projects/crypto/sys/dev/safe/safe.c#2 edit
.. //depot/projects/crypto/sys/dev/ubsec/ubsec.c#2 edit
.. //depot/projects/crypto/sys/geom/eli/g_eli.c#2 edit
.. //depot/projects/crypto/sys/geom/eli/g_eli_crypto.c#2 edit
.. //depot/projects/crypto/sys/modules/crypto/Makefile#2 edit
.. //depot/projects/crypto/sys/modules/cryptodev/Makefile#2 edit
.. //depot/projects/crypto/sys/modules/hifn/Makefile#2 edit
.. //depot/projects/crypto/sys/modules/padlock/Makefile#2 edit
.. //depot/projects/crypto/sys/modules/safe/Makefile#2 edit
.. //depot/projects/crypto/sys/modules/ubsec/Makefile#2 edit
.. //depot/projects/crypto/sys/netipsec/ipsec.c#2 edit
.. //depot/projects/crypto/sys/opencrypto/crypto.c#2 edit
.. //depot/projects/crypto/sys/opencrypto/crypto_if.m#2 delete
.. //depot/projects/crypto/sys/opencrypto/cryptodev.c#2 edit
.. //depot/projects/crypto/sys/opencrypto/cryptodev.h#2 edit
.. //depot/projects/crypto/sys/opencrypto/cryptodev_if.m#1 add
.. //depot/projects/crypto/sys/opencrypto/cryptosoft.c#2 edit
.. //depot/projects/crypto/sys/opencrypto/cryptosoft.h#2 edit
.. //depot/projects/crypto/tools/tools/crypto/cryptokeytest.c#2 edit
.. //depot/projects/crypto/tools/tools/crypto/cryptotest.c#2 edit
Differences ...
==== //depot/projects/crypto/sys/conf/files#2 (text+ko) ====
@@ -1901,6 +1901,7 @@
opencrypto/criov.c optional crypto
opencrypto/crypto.c optional crypto
opencrypto/cryptodev.c optional cryptodev
+opencrypto/cryptodev_if.m optional crypto
opencrypto/cryptosoft.c optional crypto
opencrypto/deflate.c optional crypto
opencrypto/rmd160.c optional crypto | ipsec
==== //depot/projects/crypto/sys/conf/kmod.mk#2 (text+ko) ====
@@ -327,7 +327,7 @@
dev/sound/midi/mpu_if.m dev/sound/midi/mpufoi_if.m \
dev/sound/midi/synth_if.m dev/usb/usb_if.m isa/isa_if.m \
kern/bus_if.m kern/cpufreq_if.m kern/device_if.m kern/serdev_if.m \
- libkern/iconv_converter_if.m opencrypto/crypto_if.m \
+ libkern/iconv_converter_if.m opencrypto/cryptodev_if.m \
pc98/pc98/canbus_if.m pci/agp_if.m
.for _srcsrc in ${MFILES}
==== //depot/projects/crypto/sys/crypto/via/padlock.c#2 (text+ko) ====
@@ -46,6 +46,10 @@
#include <crypto/via/padlock.h>
+#include <sys/kobj.h>
+#include <sys/bus.h>
+#include "cryptodev_if.h"
+
/*
* Technical documentation about the PadLock engine can be found here:
*
@@ -59,26 +63,29 @@
struct mtx sc_sessions_mtx;
};
-static struct padlock_softc *padlock_sc;
+static int padlock_newsession(device_t, uint32_t *sidp, struct cryptoini *cri);
+static int padlock_freesession(device_t, uint64_t tid);
+static int padlock_process(device_t, struct cryptop *crp, int hint __unused);
-static int padlock_newsession(void *arg __unused, uint32_t *sidp,
- struct cryptoini *cri);
-static int padlock_freesession(void *arg __unused, uint64_t tid);
-static int padlock_process(void *arg __unused, struct cryptop *crp,
- int hint __unused);
+MALLOC_DEFINE(M_PADLOCK, "padlock_data", "PadLock Data");
-MALLOC_DEFINE(M_PADLOCK, "padlock_data", "PadLock Data");
+static void
+padlock_identify(device_t *dev, device_t parent)
+{
+ /* NB: order 10 is so we get attached after h/w devices */
+ if (BUS_ADD_CHILD(parent, 10, "padlock", -1) == 0)
+ panic("padlock: could not attach");
+}
static int
-padlock_init(void)
+padlock_probe(device_t dev)
{
- struct padlock_softc *sc;
char capp[256];
#if defined(__i386__) && !defined(PC98)
/* If there is no AES support, we has nothing to do here. */
if (!(via_feature_xcrypt & VIA_HAS_AES)) {
- printf("PadLock: No ACE support.\n");
+ device_printf(dev, "No ACE support.\n");
return (EINVAL);
}
strlcpy(capp, "AES-CBC", sizeof(capp));
@@ -97,63 +104,53 @@
if (via_feature_xcrypt & VIA_HAS_MM)
strlcat(capp, ",RSA", sizeof(capp));
#endif
- printf("PadLock: HW support loaded for %s.\n", capp);
+ device_set_desc(dev, capp);
#else
return (EINVAL);
#endif
+ return (0);
+}
+
+static int
+padlock_attach(device_t dev)
+{
+ struct padlock_softc *sc = device_get_softc(dev);
- padlock_sc = sc = malloc(sizeof(*padlock_sc), M_PADLOCK,
- M_WAITOK | M_ZERO);
TAILQ_INIT(&sc->sc_sessions);
sc->sc_sid = 1;
- sc->sc_cid = crypto_get_driverid(0);
+ sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
if (sc->sc_cid < 0) {
- printf("PadLock: Could not get crypto driver id.\n");
- free(padlock_sc, M_PADLOCK);
- padlock_sc = NULL;
+ device_printf(dev, "Could not get crypto driver id.\n");
return (ENOMEM);
}
mtx_init(&sc->sc_sessions_mtx, "padlock_mtx", NULL, MTX_DEF);
- crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0, padlock_newsession,
- padlock_freesession, padlock_process, NULL);
- crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0, padlock_newsession,
- padlock_freesession, padlock_process, NULL);
- crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0, padlock_newsession,
- padlock_freesession, padlock_process, NULL);
- crypto_register(sc->sc_cid, CRYPTO_RIPEMD160_HMAC, 0, 0,
- padlock_newsession, padlock_freesession, padlock_process, NULL);
- crypto_register(sc->sc_cid, CRYPTO_SHA2_256_HMAC, 0, 0,
- padlock_newsession, padlock_freesession, padlock_process, NULL);
- crypto_register(sc->sc_cid, CRYPTO_SHA2_384_HMAC, 0, 0,
- padlock_newsession, padlock_freesession, padlock_process, NULL);
- crypto_register(sc->sc_cid, CRYPTO_SHA2_512_HMAC, 0, 0,
- padlock_newsession, padlock_freesession, padlock_process, NULL);
+ crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0);
+ crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0);
+ crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0);
+ crypto_register(sc->sc_cid, CRYPTO_RIPEMD160_HMAC, 0, 0);
+ crypto_register(sc->sc_cid, CRYPTO_SHA2_256_HMAC, 0, 0);
+ crypto_register(sc->sc_cid, CRYPTO_SHA2_384_HMAC, 0, 0);
+ crypto_register(sc->sc_cid, CRYPTO_SHA2_512_HMAC, 0, 0);
return (0);
}
static int
-padlock_destroy(void)
+padlock_detach(device_t dev)
{
- struct padlock_softc *sc = padlock_sc;
+ struct padlock_softc *sc = device_get_softc(dev);
struct padlock_session *ses;
- u_int active = 0;
- if (sc == NULL)
- return (0);
mtx_lock(&sc->sc_sessions_mtx);
TAILQ_FOREACH(ses, &sc->sc_sessions, ses_next) {
- if (ses->ses_used)
- active++;
+ if (ses->ses_used) {
+ mtx_unlock(&sc->sc_sessions_mtx);
+ device_printf(dev,
+ "Cannot detach, sessions still active.\n");
+ return (EBUSY);
+ }
}
- if (active > 0) {
- mtx_unlock(&sc->sc_sessions_mtx);
- printf("PadLock: Cannot destroy, %u sessions active.\n",
- active);
- return (EBUSY);
- }
- padlock_sc = NULL;
for (ses = TAILQ_FIRST(&sc->sc_sessions); ses != NULL;
ses = TAILQ_FIRST(&sc->sc_sessions)) {
TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
@@ -161,19 +158,18 @@
}
mtx_destroy(&sc->sc_sessions_mtx);
crypto_unregister_all(sc->sc_cid);
- free(sc, M_PADLOCK);
return (0);
}
static int
-padlock_newsession(void *arg __unused, uint32_t *sidp, struct cryptoini *cri)
+padlock_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
{
- struct padlock_softc *sc = padlock_sc;
+ struct padlock_softc *sc = device_get_softc(dev);
struct padlock_session *ses = NULL;
struct cryptoini *encini, *macini;
int error;
- if (sc == NULL || sidp == NULL || cri == NULL)
+ if (sidp == NULL || cri == NULL)
return (EINVAL);
encini = macini = NULL;
@@ -255,14 +251,12 @@
}
static int
-padlock_freesession(void *arg __unused, uint64_t tid)
+padlock_freesession(device_t dev, uint64_t tid)
{
- struct padlock_softc *sc = padlock_sc;
+ struct padlock_softc *sc = device_get_softc(dev);
struct padlock_session *ses;
uint32_t sid = ((uint32_t)tid) & 0xffffffff;
- if (sc == NULL)
- return (EINVAL);
mtx_lock(&sc->sc_sessions_mtx);
TAILQ_FOREACH(ses, &sc->sc_sessions, ses_next) {
if (ses->ses_id == sid)
@@ -282,9 +276,9 @@
}
static int
-padlock_process(void *arg __unused, struct cryptop *crp, int hint __unused)
+padlock_process(device_t dev, struct cryptop *crp, int hint __unused)
{
- struct padlock_softc *sc = padlock_sc;
+ struct padlock_softc *sc = device_get_softc(dev);
struct padlock_session *ses = NULL;
struct cryptodesc *crd, *enccrd, *maccrd;
int error = 0;
@@ -373,28 +367,27 @@
return (error);
}
-static int
-padlock_modevent(module_t mod, int type, void *unused __unused)
-{
- int error;
+static device_method_t padlock_methods[] = {
+ DEVMETHOD(device_identify, padlock_identify),
+ DEVMETHOD(device_probe, padlock_probe),
+ DEVMETHOD(device_attach, padlock_attach),
+ DEVMETHOD(device_detach, padlock_detach),
+
+ DEVMETHOD(cryptodev_newsession, padlock_newsession),
+ DEVMETHOD(cryptodev_freesession,padlock_freesession),
+ DEVMETHOD(cryptodev_process, padlock_process),
- error = EOPNOTSUPP;
- switch (type) {
- case MOD_LOAD:
- error = padlock_init();
- break;
- case MOD_UNLOAD:
- error = padlock_destroy();
- break;
- }
- return (error);
-}
+ {0, 0},
+};
-static moduledata_t padlock_mod = {
+static driver_t padlock_driver = {
"padlock",
- padlock_modevent,
- 0
+ padlock_methods,
+ sizeof(struct padlock_softc),
};
-DECLARE_MODULE(padlock, padlock_mod, SI_SUB_DRIVERS, SI_ORDER_ANY);
+static devclass_t padlock_devclass;
+
+/* XXX where to attach */
+DRIVER_MODULE(padlock, nexus, padlock_driver, padlock_devclass, 0, 0);
MODULE_VERSION(padlock, 1);
MODULE_DEPEND(padlock, crypto, 1, 1, 1);
==== //depot/projects/crypto/sys/dev/hifn/hifn7751.c#2 (text+ko) ====
@@ -70,6 +70,9 @@
#include <opencrypto/cryptodev.h>
#include <sys/random.h>
+#include <sys/kobj.h>
+
+#include "cryptodev_if.h"
#include <dev/pci/pcivar.h>
#include <dev/pci/pcireg.h>
@@ -90,6 +93,10 @@
static int hifn_resume(device_t);
static void hifn_shutdown(device_t);
+static int hifn_newsession(device_t, u_int32_t *, struct cryptoini *);
+static int hifn_freesession(device_t, u_int64_t);
+static int hifn_process(device_t, struct cryptop *, int);
+
static device_method_t hifn_methods[] = {
/* Device interface */
DEVMETHOD(device_probe, hifn_probe),
@@ -103,6 +110,11 @@
DEVMETHOD(bus_print_child, bus_generic_print_child),
DEVMETHOD(bus_driver_added, bus_generic_driver_added),
+ /* crypto device methods */
+ DEVMETHOD(cryptodev_newsession, hifn_newsession),
+ DEVMETHOD(cryptodev_freesession,hifn_freesession),
+ DEVMETHOD(cryptodev_process, hifn_process),
+
{ 0, 0 }
};
static driver_t hifn_driver = {
@@ -132,9 +144,6 @@
static void hifn_intr(void *);
static u_int hifn_write_command(struct hifn_command *, u_int8_t *);
static u_int32_t hifn_next_signature(u_int32_t a, u_int cnt);
-static int hifn_newsession(void *, u_int32_t *, struct cryptoini *);
-static int hifn_freesession(void *, u_int64_t);
-static int hifn_process(void *, struct cryptop *, int);
static void hifn_callback(struct hifn_softc *, struct hifn_command *, u_int8_t *);
static int hifn_crypto(struct hifn_softc *, struct hifn_command *, struct cryptop *, int);
static int hifn_readramaddr(struct hifn_softc *, int, u_int8_t *);
@@ -559,7 +568,7 @@
2 + 2*((sc->sc_pllconfig & HIFN_PLL_ND) >> 11));
printf("\n");
- sc->sc_cid = crypto_get_driverid(0);
+ sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
if (sc->sc_cid < 0) {
device_printf(dev, "could not get crypto driver id\n");
goto fail_intr;
@@ -571,26 +580,17 @@
switch (ena) {
case HIFN_PUSTAT_ENA_2:
- crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0,
- hifn_newsession, hifn_freesession, hifn_process, sc);
- crypto_register(sc->sc_cid, CRYPTO_ARC4, 0, 0,
- hifn_newsession, hifn_freesession, hifn_process, sc);
+ crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0);
+ crypto_register(sc->sc_cid, CRYPTO_ARC4, 0, 0);
if (sc->sc_flags & HIFN_HAS_AES)
- crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0,
- hifn_newsession, hifn_freesession,
- hifn_process, sc);
+ crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0);
/*FALLTHROUGH*/
case HIFN_PUSTAT_ENA_1:
- crypto_register(sc->sc_cid, CRYPTO_MD5, 0, 0,
- hifn_newsession, hifn_freesession, hifn_process, sc);
- crypto_register(sc->sc_cid, CRYPTO_SHA1, 0, 0,
- hifn_newsession, hifn_freesession, hifn_process, sc);
- crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0,
- hifn_newsession, hifn_freesession, hifn_process, sc);
- crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0,
- hifn_newsession, hifn_freesession, hifn_process, sc);
- crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0,
- hifn_newsession, hifn_freesession, hifn_process, sc);
+ crypto_register(sc->sc_cid, CRYPTO_MD5, 0, 0);
+ crypto_register(sc->sc_cid, CRYPTO_SHA1, 0, 0);
+ crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0);
+ crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0);
+ crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0);
break;
}
@@ -2292,10 +2292,10 @@
* id on successful allocation.
*/
static int
-hifn_newsession(void *arg, u_int32_t *sidp, struct cryptoini *cri)
+hifn_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
{
+ struct hifn_softc *sc = device_get_softc(dev);
struct cryptoini *c;
- struct hifn_softc *sc = arg;
int mac = 0, cry = 0, sesn;
struct hifn_session *ses = NULL;
@@ -2389,9 +2389,9 @@
* XXX to blow away any keys already stored there.
*/
static int
-hifn_freesession(void *arg, u_int64_t tid)
+hifn_freesession(device_t dev, u_int64_t tid)
{
- struct hifn_softc *sc = arg;
+ struct hifn_softc *sc = device_get_softc(dev);
int session;
u_int32_t sid = CRYPTO_SESID2LID(tid);
@@ -2408,9 +2408,9 @@
}
static int
-hifn_process(void *arg, struct cryptop *crp, int hint)
+hifn_process(device_t dev, struct cryptop *crp, int hint)
{
- struct hifn_softc *sc = arg;
+ struct hifn_softc *sc = device_get_softc(dev);
struct hifn_command *cmd = NULL;
int session, err, ivlen;
struct cryptodesc *crd1, *crd2, *maccrd, *enccrd;
==== //depot/projects/crypto/sys/dev/safe/safe.c#2 (text+ko) ====
@@ -59,6 +59,9 @@
#include <opencrypto/cryptosoft.h>
#include <sys/md5.h>
#include <sys/random.h>
+#include <sys/kobj.h>
+
+#include "cryptodev_if.h"
#include <dev/pci/pcivar.h>
#include <dev/pci/pcireg.h>
@@ -83,6 +86,10 @@
static int safe_resume(device_t);
static void safe_shutdown(device_t);
+static int safe_newsession(device_t, u_int32_t *, struct cryptoini *);
+static int safe_freesession(device_t, u_int64_t);
+static int safe_process(device_t, struct cryptop *, int);
+
static device_method_t safe_methods[] = {
/* Device interface */
DEVMETHOD(device_probe, safe_probe),
@@ -96,6 +103,11 @@
DEVMETHOD(bus_print_child, bus_generic_print_child),
DEVMETHOD(bus_driver_added, bus_generic_driver_added),
+ /* crypto device methods */
+ DEVMETHOD(cryptodev_newsession, safe_newsession),
+ DEVMETHOD(cryptodev_freesession,safe_freesession),
+ DEVMETHOD(cryptodev_process, safe_process),
+
{ 0, 0 }
};
static driver_t safe_driver = {
@@ -112,9 +124,6 @@
#endif
static void safe_intr(void *);
-static int safe_newsession(void *, u_int32_t *, struct cryptoini *);
-static int safe_freesession(void *, u_int64_t);
-static int safe_process(void *, struct cryptop *, int);
static void safe_callback(struct safe_softc *, struct safe_ringentry *);
static void safe_feed(struct safe_softc *, struct safe_ringentry *);
static void safe_mcopy(struct mbuf *, struct mbuf *, u_int);
@@ -270,7 +279,7 @@
goto bad2;
}
- sc->sc_cid = crypto_get_driverid(0);
+ sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
if (sc->sc_cid < 0) {
device_printf(dev, "could not get crypto driver id\n");
goto bad3;
@@ -388,39 +397,30 @@
#if 0
printf(" key");
sc->sc_flags |= SAFE_FLAGS_KEY;
- crypto_kregister(sc->sc_cid, CRK_MOD_EXP, 0,
- safe_kprocess, sc);
- crypto_kregister(sc->sc_cid, CRK_MOD_EXP_CRT, 0,
- safe_kprocess, sc);
+ crypto_kregister(sc->sc_cid, CRK_MOD_EXP, 0);
+ crypto_kregister(sc->sc_cid, CRK_MOD_EXP_CRT, 0);
#endif
}
if (devinfo & SAFE_DEVINFO_DES) {
printf(" des/3des");
- crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0,
- safe_newsession, safe_freesession, safe_process, sc);
- crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0,
- safe_newsession, safe_freesession, safe_process, sc);
+ crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0);
+ crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0);
}
if (devinfo & SAFE_DEVINFO_AES) {
printf(" aes");
- crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0,
- safe_newsession, safe_freesession, safe_process, sc);
+ crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0);
}
if (devinfo & SAFE_DEVINFO_MD5) {
printf(" md5");
- crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0,
- safe_newsession, safe_freesession, safe_process, sc);
+ crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0);
}
if (devinfo & SAFE_DEVINFO_SHA1) {
printf(" sha1");
- crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0,
- safe_newsession, safe_freesession, safe_process, sc);
+ crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0);
}
printf(" null");
- crypto_register(sc->sc_cid, CRYPTO_NULL_CBC, 0, 0,
- safe_newsession, safe_freesession, safe_process, sc);
- crypto_register(sc->sc_cid, CRYPTO_NULL_HMAC, 0, 0,
- safe_newsession, safe_freesession, safe_process, sc);
+ crypto_register(sc->sc_cid, CRYPTO_NULL_CBC, 0, 0);
+ crypto_register(sc->sc_cid, CRYPTO_NULL_HMAC, 0, 0);
/* XXX other supported algorithms */
printf("\n");
@@ -710,10 +710,10 @@
* id on successful allocation.
*/
static int
-safe_newsession(void *arg, u_int32_t *sidp, struct cryptoini *cri)
+safe_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
{
+ struct safe_softc *sc = device_get_softc(dev);
struct cryptoini *c, *encini = NULL, *macini = NULL;
- struct safe_softc *sc = arg;
struct safe_session *ses = NULL;
int sesn;
@@ -826,9 +826,9 @@
* Deallocate a session.
*/
static int
-safe_freesession(void *arg, u_int64_t tid)
+safe_freesession(device_t dev, u_int64_t tid)
{
- struct safe_softc *sc = arg;
+ struct safe_softc *sc = device_get_softc(dev);
int session, ret;
u_int32_t sid = ((u_int32_t) tid) & 0xffffffff;
@@ -859,10 +859,10 @@
}
static int
-safe_process(void *arg, struct cryptop *crp, int hint)
+safe_process(device_t dev, struct cryptop *crp, int hint)
{
+ struct safe_softc *sc = device_get_softc(dev);
int err = 0, i, nicealign, uniform;
- struct safe_softc *sc = arg;
struct cryptodesc *crd1, *crd2, *maccrd, *enccrd;
int bypass, oplen, ivsize;
caddr_t iv;
==== //depot/projects/crypto/sys/dev/ubsec/ubsec.c#2 (text+ko) ====
@@ -73,6 +73,9 @@
#include <opencrypto/cryptosoft.h>
#include <sys/md5.h>
#include <sys/random.h>
+#include <sys/kobj.h>
+
+#include "cryptodev_if.h"
#include <dev/pci/pcivar.h>
#include <dev/pci/pcireg.h>
@@ -106,6 +109,11 @@
static int ubsec_resume(device_t);
static void ubsec_shutdown(device_t);
+static int ubsec_newsession(device_t, u_int32_t *, struct cryptoini *);
+static int ubsec_freesession(device_t, u_int64_t);
+static int ubsec_process(device_t, struct cryptop *, int);
+static int ubsec_kprocess(device_t, struct cryptkop *, int);
+
static device_method_t ubsec_methods[] = {
/* Device interface */
DEVMETHOD(device_probe, ubsec_probe),
@@ -119,6 +127,12 @@
DEVMETHOD(bus_print_child, bus_generic_print_child),
DEVMETHOD(bus_driver_added, bus_generic_driver_added),
+ /* crypto device methods */
+ DEVMETHOD(cryptodev_newsession, ubsec_newsession),
+ DEVMETHOD(cryptodev_freesession,ubsec_freesession),
+ DEVMETHOD(cryptodev_process, ubsec_process),
+ DEVMETHOD(cryptodev_kprocess, ubsec_kprocess),
+
{ 0, 0 }
};
static driver_t ubsec_driver = {
@@ -135,9 +149,6 @@
#endif
static void ubsec_intr(void *);
-static int ubsec_newsession(void *, u_int32_t *, struct cryptoini *);
-static int ubsec_freesession(void *, u_int64_t);
-static int ubsec_process(void *, struct cryptop *, int);
static void ubsec_callback(struct ubsec_softc *, struct ubsec_q *);
static void ubsec_feed(struct ubsec_softc *);
static void ubsec_mcopy(struct mbuf *, struct mbuf *, int, int);
@@ -158,7 +169,6 @@
static int ubsec_free_q(struct ubsec_softc *sc, struct ubsec_q *q);
-static int ubsec_kprocess(void*, struct cryptkop *, int);
static int ubsec_kprocess_modexp_hw(struct ubsec_softc *, struct cryptkop *, int);
static int ubsec_kprocess_modexp_sw(struct ubsec_softc *, struct cryptkop *, int);
static int ubsec_kprocess_rsapriv(struct ubsec_softc *, struct cryptkop *, int);
@@ -350,7 +360,7 @@
goto bad2;
}
- sc->sc_cid = crypto_get_driverid(0);
+ sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
if (sc->sc_cid < 0) {
device_printf(dev, "could not get crypto driver id\n");
goto bad3;
@@ -405,14 +415,10 @@
device_printf(sc->sc_dev, "%s\n", ubsec_partname(sc));
- crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0,
- ubsec_newsession, ubsec_freesession, ubsec_process, sc);
- crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0,
- ubsec_newsession, ubsec_freesession, ubsec_process, sc);
- crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0,
- ubsec_newsession, ubsec_freesession, ubsec_process, sc);
- crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0,
- ubsec_newsession, ubsec_freesession, ubsec_process, sc);
+ crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0);
+ crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0);
+ crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0);
+ crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0);
/*
* Reset Broadcom chip
@@ -475,11 +481,9 @@
if (sc->sc_flags & UBS_FLAGS_KEY) {
sc->sc_statmask |= BS_STAT_MCR2_DONE;
- crypto_kregister(sc->sc_cid, CRK_MOD_EXP, 0,
- ubsec_kprocess, sc);
+ crypto_kregister(sc->sc_cid, CRK_MOD_EXP, 0);
#if 0
- crypto_kregister(sc->sc_cid, CRK_MOD_EXP_CRT, 0,
- ubsec_kprocess, sc);
+ crypto_kregister(sc->sc_cid, CRK_MOD_EXP_CRT, 0);
#endif
}
return (0);
@@ -900,10 +904,10 @@
* id on successful allocation.
*/
static int
-ubsec_newsession(void *arg, u_int32_t *sidp, struct cryptoini *cri)
+ubsec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
{
+ struct ubsec_softc *sc = device_get_softc(dev);
struct cryptoini *c, *encini = NULL, *macini = NULL;
- struct ubsec_softc *sc = arg;
struct ubsec_session *ses = NULL;
int sesn;
@@ -995,9 +999,9 @@
* Deallocate a session.
*/
static int
-ubsec_freesession(void *arg, u_int64_t tid)
+ubsec_freesession(device_t dev, u_int64_t tid)
{
- struct ubsec_softc *sc = arg;
+ struct ubsec_softc *sc = device_get_softc(dev);
int session, ret;
u_int32_t sid = CRYPTO_SESID2LID(tid);
@@ -1035,11 +1039,11 @@
}
static int
-ubsec_process(void *arg, struct cryptop *crp, int hint)
+ubsec_process(device_t dev, struct cryptop *crp, int hint)
{
+ struct ubsec_softc *sc = device_get_softc(dev);
struct ubsec_q *q = NULL;
int err = 0, i, j, nicealign;
- struct ubsec_softc *sc = arg;
struct cryptodesc *crd1, *crd2, *maccrd, *enccrd;
int encoffset = 0, macoffset = 0, cpskip, cpoffset;
int sskip, dskip, stheend, dtheend;
@@ -2110,9 +2114,9 @@
}
static int
-ubsec_kprocess(void *arg, struct cryptkop *krp, int hint)
+ubsec_kprocess(device_t dev, struct cryptkop *krp, int hint)
{
- struct ubsec_softc *sc = arg;
+ struct ubsec_softc *sc = device_get_softc(dev);
int r;
if (krp == NULL || krp->krp_callback == NULL)
==== //depot/projects/crypto/sys/geom/eli/g_eli.c#2 (text+ko) ====
@@ -654,12 +654,14 @@
* Use software cryptography, if we cannot get it.
*/
if (LIST_EMPTY(&sc->sc_workers)) {
- error = crypto_newsession(&wr->w_sid, &crie, 1);
+ error = crypto_newsession(&wr->w_sid, &crie,
+ CRYPTOCAP_F_HARDWARE);
if (error == 0)
sc->sc_crypto = G_ELI_CRYPTO_HW;
}
if (sc->sc_crypto == G_ELI_CRYPTO_SW)
- error = crypto_newsession(&wr->w_sid, &crie, 0);
+ error = crypto_newsession(&wr->w_sid, &crie,
+ CRYPTOCAP_F_SOFTWARE);
if (error != 0) {
free(wr, M_ELI);
if (req != NULL) {
==== //depot/projects/crypto/sys/geom/eli/g_eli_crypto.c#2 (text+ko) ====
@@ -73,7 +73,7 @@
cri.cri_alg = algo;
cri.cri_key = __DECONST(void *, key);
cri.cri_klen = keysize;
- error = crypto_newsession(&sid, &cri, 0);
+ error = crypto_newsession(&sid, &cri, CRYPTOCAP_F_SOFTWARE);
if (error != 0)
return (error);
p = malloc(sizeof(*crp) + sizeof(*crd) + sizeof(*uio) + sizeof(*iov),
==== //depot/projects/crypto/sys/modules/crypto/Makefile#2 (text+ko) ====
@@ -8,12 +8,12 @@
.PATH: ${.CURDIR}/../../crypto/sha2
KMOD = crypto
-SRCS = crypto.c
+SRCS = crypto.c cryptodev_if.c
SRCS += criov.c cryptosoft.c xform.c
SRCS += cast.c deflate.c rmd160.c rijndael-alg-fst.c rijndael-api.c
SRCS += skipjack.c bf_enc.c bf_skey.c
SRCS += des_ecb.c des_enc.c des_setkey.c
SRCS += sha1.c sha2.c
-SRCS += opt_param.h
+SRCS += opt_param.h cryptodev_if.h bus_if.h device_if.h
.include <bsd.kmod.mk>
==== //depot/projects/crypto/sys/modules/cryptodev/Makefile#2 (text+ko) ====
@@ -3,5 +3,6 @@
.PATH: ${.CURDIR}/../../opencrypto
KMOD = cryptodev
SRCS = cryptodev.c
+SRCS += bus_if.h device_if.h
.include <bsd.kmod.mk>
==== //depot/projects/crypto/sys/modules/hifn/Makefile#2 (text+ko) ====
@@ -4,7 +4,7 @@
KMOD = hifn
SRCS = hifn7751.c opt_hifn.h
SRCS += device_if.h bus_if.h pci_if.h
-SRCS += opt_bus.h crypto_if.h
+SRCS += opt_bus.h cryptodev_if.h
.if !defined(KERNBUILDDIR)
opt_hifn.h:
==== //depot/projects/crypto/sys/modules/padlock/Makefile#2 (text+ko) ====
@@ -4,5 +4,6 @@
KMOD= padlock
SRCS= padlock.c padlock_cipher.c padlock_hash.c
+SRCS += device_if.h bus_if.h opt_bus.h cryptodev_if.h
.include <bsd.kmod.mk>
==== //depot/projects/crypto/sys/modules/safe/Makefile#2 (text+ko) ====
@@ -30,7 +30,7 @@
KMOD = safe
SRCS = safe.c opt_safe.h
SRCS += device_if.h bus_if.h pci_if.h
-SRCS += opt_bus.h crypto_if.h
+SRCS += opt_bus.h cryptodev_if.h
.if !defined(KERNBUILDDIR)
opt_safe.h:
==== //depot/projects/crypto/sys/modules/ubsec/Makefile#2 (text+ko) ====
@@ -4,7 +4,7 @@
KMOD = ubsec
SRCS = ubsec.c opt_ubsec.h
SRCS += device_if.h bus_if.h pci_if.h
-SRCS += opt_bus.h crypto_if.h
+SRCS += opt_bus.h cryptodev_if.h
.if !defined(KERNBUILDDIR)
opt_ubsec.h:
==== //depot/projects/crypto/sys/netipsec/ipsec.c#2 (text+ko) ====
@@ -117,7 +117,7 @@
* -1 require software support
* 0 take anything
*/
-int crypto_support = 0;
+int crypto_support = CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE;
SYSCTL_DECL(_net_inet_ipsec);
==== //depot/projects/crypto/sys/opencrypto/crypto.c#2 (text+ko) ====
@@ -1,4 +1,38 @@
-/* $OpenBSD: crypto.c,v 1.38 2002/06/11 11:14:29 beck Exp $ */
+/*-
+ * Copyright (c) 2002-2006 Sam Leffler. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.26 2006/06/06 15:04:52 pjd Exp $");
+
+/*
+ * Cryptographic Subsystem.
+ *
+ * This code is derived from the Openbsd Cryptographic Framework (OCF)
+ * that has the copyright shown below. Very little of the original
+ * code remains.
+ */
+
/*-
* The author of this code is Angelos D. Keromytis (angelos at cis.upenn.edu)
*
@@ -20,9 +54,6 @@
* PURPOSE.
*/
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.26 2006/06/06 15:04:52 pjd Exp $");
-
#define CRYPTO_TIMING /* enable timing support */
#include <sys/param.h>
@@ -41,6 +72,10 @@
#include <opencrypto/cryptodev.h>
#include <opencrypto/xform.h> /* XXX for M_XDATA */
+#include <sys/kobj.h>
+#include <sys/bus.h>
+#include "cryptodev_if.h"
+
/*
* Crypto drivers register themselves by allocating a slot in the
* crypto_drivers table with crypto_get_driverid() and then registering
@@ -49,6 +84,33 @@
static struct mtx crypto_drivers_mtx; /* lock on driver table */
#define CRYPTO_DRIVER_LOCK() mtx_lock(&crypto_drivers_mtx)
#define CRYPTO_DRIVER_UNLOCK() mtx_unlock(&crypto_drivers_mtx)
+#define CRYPTO_DRIVER_ASSERT() mtx_assert(&crypto_drivers_mtx, MA_OWNED)
+
+/*
+ * Crypto device/driver capabilities structure.
+ *
+ * Synchronization:
+ * (d) - protected by CRYPTO_DRIVER_LOCK()
+ * (q) - protected by CRYPTO_Q_LOCK()
+ * Not tagged fields are read-only.
+ */
+struct cryptocap {
+ device_t cc_dev; /* (d) device/driver */
+ u_int32_t cc_sessions; /* (d) # of sessions */
+ u_int32_t cc_koperations; /* (d) # os asym operations */
+ /*
+ * Largest possible operator length (in bits) for each type of
+ * encryption algorithm. XXX not used
+ */
+ u_int16_t cc_max_op_len[CRYPTO_ALGORITHM_MAX + 1];
+ u_int8_t cc_alg[CRYPTO_ALGORITHM_MAX + 1];
+ u_int8_t cc_kalg[CRK_ALGORITHM_MAX + 1];
+
+ int cc_flags; /* (d) flags */
+#define CRYPTOCAP_F_CLEANUP 0x80000000 /* needs resource cleanup */
+ int cc_qblocked; /* (q) symmetric q blocked */
+ int cc_kqblocked; /* (q) asymmetric q blocked */
+};
static struct cryptocap *crypto_drivers = NULL;
static int crypto_drivers_num = 0;
@@ -101,7 +163,7 @@
static struct proc *cryptoretproc;
static void crypto_destroy(void);
static int crypto_invoke(struct cryptocap *cap, struct cryptop *crp, int hint);
-static int crypto_kinvoke(struct cryptkop *krp);
+static int crypto_kinvoke(struct cryptkop *krp, int flags);
static struct cryptostats cryptostats;
SYSCTL_STRUCT(_kern, OID_AUTO, crypto_stats, CTLFLAG_RW, &cryptostats,
@@ -256,112 +318,133 @@
DECLARE_MODULE(crypto, crypto_mod, SI_SUB_DRIVERS, SI_ORDER_FIRST);
MODULE_DEPEND(crypto, zlib, 1, 1, 1);
+static struct cryptocap *
+crypto_checkdriver(u_int32_t hid)
+{
+ if (crypto_drivers == NULL)
+ return NULL;
+ return (hid >= crypto_drivers_num ? NULL : &crypto_drivers[hid]);
+}
+
/*
- * Create a new session.
+ * Compare a driver's list of supported algorithms against another
+ * list; return non-zero if all algorithms are supported.
*/
-int
-crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard)
+static int
+driver_suitable(const struct cryptocap *cap, const struct cryptoini *cri)
{
- struct cryptocap *cap = NULL;
- struct cryptoini *cr;
- u_int32_t hid = 0, lid;
- int err = EINVAL;
+ const struct cryptoini *cr;
- CRYPTO_DRIVER_LOCK();
+ /* See if all the algorithms are supported. */
+ for (cr = cri; cr; cr = cr->cri_next)
+ if (cap->cc_alg[cr->cri_alg] == 0)
+ return 0;
+ return 1;
+}
- if (crypto_drivers == NULL)
- goto done;
+/*
+ * Select a driver for a new session that supports the specified
+ * algorithms and, optionally, is constrained according to the flags.
+ * The algorithm we use here is pretty stupid; just use the
+ * first driver that supports all the algorithms we need. If there
+ * are multiple drivers we choose the driver with the fewest active
+ * sessions. We prefer hardware-backed drivers to software ones.
+ *
+ * XXX We need more smarts here (in real life too, but that's
+ * XXX another story altogether).
+ */
+static struct cryptocap *
+crypto_select_driver(const struct cryptoini *cri, int flags)
+{
+ struct cryptocap *cap, *best;
+ int match, hid;
- /*
- * The algorithm we use here is pretty stupid; just use the
- * first driver that supports all the algorithms we need.
- *
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list