NetBSD/sys/dev/pci/hifn7751var.h

/*	$NetBSD: hifn7751var.h,v 1.1 2000/10/12 02:59:59 itojun Exp $	*/
/*	$OpenBSD: hifn7751var.h,v 1.18 2000/06/02 22:36:45 deraadt Exp $	*/

/*
 * Invertex AEON / Hi/fn 7751 driver
 * Copyright (c) 1999 Invertex Inc. All rights reserved.
 * Copyright (c) 1999 Theo de Raadt
 * Copyright (c) 2000 Network Security Technologies, Inc.
 *			http://www.netsec.net
 *
 * Please send any comments, feedback, bug-fixes, or feature requests to
 * software@invertex.com.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the author may not be used to endorse or promote products
 *    derived from this software without specific prior written permission.
 *
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

#ifndef __DEV_PCI_HIFN7751VAR_H__
#define __DEV_PCI_HIFN7751VAR_H__

/*
 *  Length values for cryptography
 */
#define HIFN_DES_KEY_LENGTH		8
#define HIFN_3DES_KEY_LENGTH		24
#define HIFN_MAX_CRYPT_KEY_LENGTH	HIFN_3DES_KEY_LENGTH
#define HIFN_IV_LENGTH			8

/*
 *  Length values for authentication
 */
#define HIFN_MAC_KEY_LENGTH		64
#define HIFN_MD5_LENGTH			16
#define HIFN_SHA1_LENGTH		20
#define HIFN_MAC_TRUNC_LENGTH		12

#define MAX_SCATTER 64

/*
 *  hifn_command_t
 *
 *  This is the control structure used to pass commands to hifn_encrypt().
 *
 *  flags
 *  -----
 *  Flags is the bitwise "or" values for command configuration.  A single
 *  encrypt direction needs to be set:
 *
 *	HIFN_ENCODE or HIFN_DECODE
 *
 *  To use cryptography, a single crypto algorithm must be included:
 *
 *	HIFN_CRYPT_3DES or HIFN_CRYPT_DES
 *
 *  To use authentication is used, a single MAC algorithm must be included:
 *
 *	HIFN_MAC_MD5 or HIFN_MAC_SHA1
 *
 *  By default MD5 uses a 16 byte hash and SHA-1 uses a 20 byte hash.
 *  If the value below is set, hash values are truncated or assumed
 *  truncated to 12 bytes:
 *
 *	HIFN_MAC_TRUNC
 *
 *  Keys for encryption and authentication can be sent as part of a command,
 *  or the last key value used with a particular session can be retrieved
 *  and used again if either of these flags are not specified.
 *
 *	HIFN_CRYPT_NEW_KEY, HIFN_MAC_NEW_KEY
 *
 *  result_flags
 *  ------------
 *  result_flags is a bitwise "or" of result values.  The result_flags
 *  values should not be considered valid until:
 *
 *	callback routine NULL:  hifn_crypto() returns
 *	callback routine set:   callback routine called
 *
 *  Right now there is only one result flag:  HIFN_MAC_BAD
 *  It's bit is set on decode operations using authentication when a
 *  hash result does not match the input hash value.
 *  The HIFN_MAC_OK(r) macro can be used to help inspect this flag.
 *
 *  session_num
 *  -----------
 *  A number between 0 and 2048 (for DRAM models) or a number between 
 *  0 and 768 (for SRAM models).  Those who don't want to use session
 *  numbers should leave value at zero and send a new crypt key and/or
 *  new MAC key on every command.  If you use session numbers and
 *  don't send a key with a command, the last key sent for that same
 *  session number will be used.
 *
 *  Warning:  Using session numbers and multiboard at the same time
 *            is currently broken.
 *
 *  mbuf
 *  ----
 *  Either fill in the mbuf pointer and npa=0 or
 *	 fill packp[] and packl[] and set npa to > 0
 * 
 *  mac_header_skip
 *  ---------------
 *  The number of bytes of the source_buf that are skipped over before
 *  authentication begins.  This must be a number between 0 and 2^16-1
 *  and can be used by IPSec implementers to skip over IP headers.
 *  *** Value ignored if authentication not used ***
 *
 *  crypt_header_skip
 *  -----------------
 *  The number of bytes of the source_buf that are skipped over before
 *  the cryptographic operation begins.  This must be a number between 0
 *  and 2^16-1.  For IPSec, this number will always be 8 bytes larger
 *  than the auth_header_skip (to skip over the ESP header).
 *  *** Value ignored if cryptography not used ***
 *
 *  source_length
 *  -------------
 *  Length of input data including all skipped headers.  On decode
 *  operations using authentication, the length must also include the
 *  the appended MAC hash (12, 16, or 20 bytes depending on algorithm
 *  and truncation settings).
 *
 *  If encryption is used, the encryption payload must be a non-zero
 *  multiple of 8.  On encode operations, the encryption payload size
 *  is (source_length - crypt_header_skip - (MAC hash size)).  On
 *  decode operations, the encryption payload is
 *  (source_length - crypt_header_skip).
 *
 *  dest_length
 *  -----------
 *  Length of the dest buffer.  It must be at least as large as the
 *  source buffer when authentication is not used.  When authentication
 *  is used on an encode operation, it must be at least as long as the
 *  source length plus an extra 12, 16, or 20 bytes to hold the MAC
 *  value (length of mac value varies with algorithm used).  When
 *  authentication is used on decode operations, it must be at least
 *  as long as the source buffer minus 12, 16, or 20 bytes for the MAC
 *  value which is not included in the dest data.  Unlike source_length,
 *  the dest_length does not have to be exact, values larger than required
 *  are fine.
 *
 *  private_data
 *  ------------
 *  An unsigned long quantity (i.e. large enough to hold a pointer), that
 *  can be used by the callback routine if desired.
 */
struct hifn_softc;

typedef struct hifn_command {
	volatile u_int result_flags;

	u_short	session_num;
	u_int16_t base_masks, cry_masks, mac_masks;

	u_char	iv[HIFN_IV_LENGTH], *ck, mac[HIFN_MAC_KEY_LENGTH];

	struct mbuf *src_m;
	long	src_packp[MAX_SCATTER];
	int	src_packl[MAX_SCATTER];
	int	src_npa;
	int	src_l;

	struct mbuf *dst_m;
	long	dst_packp[MAX_SCATTER];
	int	dst_packl[MAX_SCATTER];
	int	dst_npa;
	int	dst_l;

	u_short mac_header_skip, mac_process_len;
	u_short crypt_header_skip, crypt_process_len;

	u_long private_data;
	struct hifn_softc *softc;
} hifn_command_t;

/*
 *  Return values for hifn_crypto()
 */
#define HIFN_CRYPTO_SUCCESS	0
#define HIFN_CRYPTO_BAD_INPUT	(-1)
#define HIFN_CRYPTO_RINGS_FULL	(-2)

/*
 *  Defines for the "result_flags" parameter of hifn_command_t.
 */
#define HIFN_MAC_BAD		1
#define HIFN_MAC_OK(r)		(!((r) & HIFN_MAC_BAD))

#ifdef _KERNEL

/**************************************************************************
 *
 *  Function:  hifn_crypto
 *
 *  Purpose:   Called by external drivers to begin an encryption on the
 *             HIFN board.
 *
 *  Blocking/Non-blocking Issues
 *  ============================
 *  The driver cannot block in hifn_crypto (no calls to tsleep) currently.
 *  hifn_crypto() returns HIFN_CRYPTO_RINGS_FULL if there is not enough
 *  room in any of the rings for the request to proceed.
 *
 *  Return Values
 *  =============
 *  0 for success, negative values on error
 *
 *  Defines for negative error codes are:
 *  
 *    HIFN_CRYPTO_BAD_INPUT  :  The passed in command had invalid settings.
 *    HIFN_CRYPTO_RINGS_FULL :  All DMA rings were full and non-blocking
 *                              behaviour was requested.
 *
 *************************************************************************/

/*
 * Convert back and forth from 'sid' to 'card' and 'session'
 */
#define HIFN_CARD(sid)		(((sid) & 0xf0000000) >> 28)
#define HIFN_SESSION(sid)	((sid) & 0x000007ff)
#define HIFN_SID(crd,ses)	(((crd) << 28) | ((ses) & 0x7ff))

#endif /* _KERNEL */

#endif /* __DEV_PCI_HIFN7751VAR_H__ */
hifn7751 crypto card driver. from openbsd. does nothing useful at this moment - initailize the chip, that's all. TODO: crypto logic framework in kernel (see openbsd sys/crypto) TODO: ipsec frontend (need major rework in ipsec tree - should start with busywait) TODO: character device frontend 2000-10-12 06:59:59 +04:00			`/* $NetBSD: hifn7751var.h,v 1.1 2000/10/12 02:59:59 itojun Exp $ */`
			`/* $OpenBSD: hifn7751var.h,v 1.18 2000/06/02 22:36:45 deraadt Exp $ */`

			`/*`
			`* Invertex AEON / Hi/fn 7751 driver`
			`* Copyright (c) 1999 Invertex Inc. All rights reserved.`
			`* Copyright (c) 1999 Theo de Raadt`
			`* Copyright (c) 2000 Network Security Technologies, Inc.`
			`* http://www.netsec.net`
			`*`
			`* Please send any comments, feedback, bug-fixes, or feature requests to`
			`* software@invertex.com.`
			`*`
			`* Redistribution and use in source and binary forms, with or without`
			`* modification, are permitted provided that the following conditions`
			`* are met:`
			`*`
			`* 1. Redistributions of source code must retain the above copyright`
			`* notice, this list of conditions and the following disclaimer.`
			`* 2. Redistributions in binary form must reproduce the above copyright`
			`* notice, this list of conditions and the following disclaimer in the`
			`* documentation and/or other materials provided with the distribution.`
			`* 3. The name of the author may not be used to endorse or promote products`
			`* derived from this software without specific prior written permission.`
			`*`
			`*`
			* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
			`* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES`
			`* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.`
			`* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,`
			`* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT`
			`* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,`
			`* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY`
			`* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT`
			`* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF`
			`* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.`
			`*`
			`*/`

			`#ifndef __DEV_PCI_HIFN7751VAR_H__`
			`#define __DEV_PCI_HIFN7751VAR_H__`

			`/*`
			`* Length values for cryptography`
			`*/`
			`#define HIFN_DES_KEY_LENGTH 8`
			`#define HIFN_3DES_KEY_LENGTH 24`
			`#define HIFN_MAX_CRYPT_KEY_LENGTH HIFN_3DES_KEY_LENGTH`
			`#define HIFN_IV_LENGTH 8`

			`/*`
			`* Length values for authentication`
			`*/`
			`#define HIFN_MAC_KEY_LENGTH 64`
			`#define HIFN_MD5_LENGTH 16`
			`#define HIFN_SHA1_LENGTH 20`
			`#define HIFN_MAC_TRUNC_LENGTH 12`

			`#define MAX_SCATTER 64`

			`/*`
			`* hifn_command_t`
			`*`
			`* This is the control structure used to pass commands to hifn_encrypt().`
			`*`
			`* flags`
			`* -----`
			`* Flags is the bitwise "or" values for command configuration. A single`
			`* encrypt direction needs to be set:`
			`*`
			`* HIFN_ENCODE or HIFN_DECODE`
			`*`
			`* To use cryptography, a single crypto algorithm must be included:`
			`*`
			`* HIFN_CRYPT_3DES or HIFN_CRYPT_DES`
			`*`
			`* To use authentication is used, a single MAC algorithm must be included:`
			`*`
			`* HIFN_MAC_MD5 or HIFN_MAC_SHA1`
			`*`
			`* By default MD5 uses a 16 byte hash and SHA-1 uses a 20 byte hash.`
			`* If the value below is set, hash values are truncated or assumed`
			`* truncated to 12 bytes:`
			`*`
			`* HIFN_MAC_TRUNC`
			`*`
			`* Keys for encryption and authentication can be sent as part of a command,`
			`* or the last key value used with a particular session can be retrieved`
			`* and used again if either of these flags are not specified.`
			`*`
			`* HIFN_CRYPT_NEW_KEY, HIFN_MAC_NEW_KEY`
			`*`
			`* result_flags`
			`* ------------`
			`* result_flags is a bitwise "or" of result values. The result_flags`
			`* values should not be considered valid until:`
			`*`
			`* callback routine NULL: hifn_crypto() returns`
			`* callback routine set: callback routine called`
			`*`
			`* Right now there is only one result flag: HIFN_MAC_BAD`
			`* It's bit is set on decode operations using authentication when a`
			`* hash result does not match the input hash value.`
			`* The HIFN_MAC_OK(r) macro can be used to help inspect this flag.`
			`*`
			`* session_num`
			`* -----------`
			`* A number between 0 and 2048 (for DRAM models) or a number between`
			`* 0 and 768 (for SRAM models). Those who don't want to use session`
			`* numbers should leave value at zero and send a new crypt key and/or`
			`* new MAC key on every command. If you use session numbers and`
			`* don't send a key with a command, the last key sent for that same`
			`* session number will be used.`
			`*`
			`* Warning: Using session numbers and multiboard at the same time`
			`* is currently broken.`
			`*`
			`* mbuf`
			`* ----`
			`* Either fill in the mbuf pointer and npa=0 or`
			`* fill packp[] and packl[] and set npa to > 0`
			`*`
			`* mac_header_skip`
			`* ---------------`
			`* The number of bytes of the source_buf that are skipped over before`
			`* authentication begins. This must be a number between 0 and 2^16-1`
			`* and can be used by IPSec implementers to skip over IP headers.`
			`* * Value ignored if authentication not used *`
			`*`
			`* crypt_header_skip`
			`* -----------------`
			`* The number of bytes of the source_buf that are skipped over before`
			`* the cryptographic operation begins. This must be a number between 0`
			`* and 2^16-1. For IPSec, this number will always be 8 bytes larger`
			`* than the auth_header_skip (to skip over the ESP header).`
			`* * Value ignored if cryptography not used *`
			`*`
			`* source_length`
			`* -------------`
			`* Length of input data including all skipped headers. On decode`
			`* operations using authentication, the length must also include the`
			`* the appended MAC hash (12, 16, or 20 bytes depending on algorithm`
			`* and truncation settings).`
			`*`
			`* If encryption is used, the encryption payload must be a non-zero`
			`* multiple of 8. On encode operations, the encryption payload size`
			`* is (source_length - crypt_header_skip - (MAC hash size)). On`
			`* decode operations, the encryption payload is`
			`* (source_length - crypt_header_skip).`
			`*`
			`* dest_length`
			`* -----------`
			`* Length of the dest buffer. It must be at least as large as the`
			`* source buffer when authentication is not used. When authentication`
			`* is used on an encode operation, it must be at least as long as the`
			`* source length plus an extra 12, 16, or 20 bytes to hold the MAC`
			`* value (length of mac value varies with algorithm used). When`
			`* authentication is used on decode operations, it must be at least`
			`* as long as the source buffer minus 12, 16, or 20 bytes for the MAC`
			`* value which is not included in the dest data. Unlike source_length,`
			`* the dest_length does not have to be exact, values larger than required`
			`* are fine.`
			`*`
			`* private_data`
			`* ------------`
			`* An unsigned long quantity (i.e. large enough to hold a pointer), that`
			`* can be used by the callback routine if desired.`
			`*/`
			`struct hifn_softc;`

			`typedef struct hifn_command {`
			`volatile u_int result_flags;`

			`u_short session_num;`
			`u_int16_t base_masks, cry_masks, mac_masks;`

			`u_char iv[HIFN_IV_LENGTH], *ck, mac[HIFN_MAC_KEY_LENGTH];`

			`struct mbuf *src_m;`
			`long src_packp[MAX_SCATTER];`
			`int src_packl[MAX_SCATTER];`
			`int src_npa;`
			`int src_l;`

			`struct mbuf *dst_m;`
			`long dst_packp[MAX_SCATTER];`
			`int dst_packl[MAX_SCATTER];`
			`int dst_npa;`
			`int dst_l;`

			`u_short mac_header_skip, mac_process_len;`
			`u_short crypt_header_skip, crypt_process_len;`

			`u_long private_data;`
			`struct hifn_softc *softc;`
			`} hifn_command_t;`

			`/*`
			`* Return values for hifn_crypto()`
			`*/`
			`#define HIFN_CRYPTO_SUCCESS 0`
			`#define HIFN_CRYPTO_BAD_INPUT (-1)`
			`#define HIFN_CRYPTO_RINGS_FULL (-2)`

			`/*`
			`* Defines for the "result_flags" parameter of hifn_command_t.`
			`*/`
			`#define HIFN_MAC_BAD 1`
			`#define HIFN_MAC_OK(r) (!((r) & HIFN_MAC_BAD))`

			`#ifdef _KERNEL`

			`/**************************************************************************`
			`*`
			`* Function: hifn_crypto`
			`*`
			`* Purpose: Called by external drivers to begin an encryption on the`
			`* HIFN board.`
			`*`
			`* Blocking/Non-blocking Issues`
			`* ============================`
			`* The driver cannot block in hifn_crypto (no calls to tsleep) currently.`
			`* hifn_crypto() returns HIFN_CRYPTO_RINGS_FULL if there is not enough`
			`* room in any of the rings for the request to proceed.`
			`*`
			`* Return Values`
			`* =============`
			`* 0 for success, negative values on error`
			`*`
			`* Defines for negative error codes are:`
			`*`
			`* HIFN_CRYPTO_BAD_INPUT : The passed in command had invalid settings.`
			`* HIFN_CRYPTO_RINGS_FULL : All DMA rings were full and non-blocking`
			`* behaviour was requested.`
			`*`
			`*************************************************************************/`

			`/*`
			`* Convert back and forth from 'sid' to 'card' and 'session'`
			`*/`
			`#define HIFN_CARD(sid) (((sid) & 0xf0000000) >> 28)`
			`#define HIFN_SESSION(sid) ((sid) & 0x000007ff)`
			`#define HIFN_SID(crd,ses) (((crd) << 28) \| ((ses) & 0x7ff))`

			`#endif /* _KERNEL */`

			`#endif /* __DEV_PCI_HIFN7751VAR_H__ */`