add new cryptographic accelerator driver 'mvxpsec.'

this driver controls CESA unit as same as mvcesa, but uses DMA engines and
does CBC operations, HMAC operations by hardware. about 2 kbytes of data
are processed at one. supported algorithms are:

 - DES-CBC, 3DES-CBC, AES-CBC
 - HMAC-SHA1, HMAC-MD5

non-CBC algorithm such as AES-GCM is not supported by CESA's acceleration
engine. mvcesa is still useful to implement such algorithms as combination of
accelerated block cipher and software chaining.

sys/arch/arm/marvell/files.marvell

@@ -1,4 +1,4 @@
-#       $NetBSD: files.marvell,v 1.16 2015/06/03 03:55:47 hsuenaga Exp $
+#       $NetBSD: files.marvell,v 1.17 2015/06/03 04:20:02 hsuenaga Exp $
 #
 # Configuration info for Marvell System on Chip support
 #
@@ -70,6 +70,9 @@ attach	ehci at mvsoc with mvusb_mbus
 # Cryptographic Engines and Security Accelerator
 attach	mvcesa at mvsoc with mvcesa_mbus
 
+# ARMADA XP Cryptographic Engines and Security Accelerator
+attach	mvxpsec at mvsoc with mvxpsec_mbus
+
 # TWSI Two-Wire Serial Interface
 attach	gttwsi at mvsoc with gttwsi_mbus
 

sys/arch/arm/marvell/mvsoc.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: mvsoc.c,v 1.22 2015/06/03 03:55:47 hsuenaga Exp $	*/
+/*	$NetBSD: mvsoc.c,v 1.23 2015/06/03 04:20:02 hsuenaga Exp $	*/
 /*
  * Copyright (c) 2007, 2008, 2013, 2014 KIYOHARA Takashi
  * All rights reserved.
@@ -26,12 +26,13 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mvsoc.c,v 1.22 2015/06/03 03:55:47 hsuenaga Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mvsoc.c,v 1.23 2015/06/03 04:20:02 hsuenaga Exp $");
 
 #include "opt_cputypes.h"
 #include "opt_mvsoc.h"
 #ifdef ARMADAXP
 #include "mvxpe.h"
+#include "mvxpsec.h"
 #endif
 
 #include <sys/param.h>
@@ -274,6 +275,10 @@ static struct {
 	  ARMADAXP_ATTR_PEX3_MEM,	ARMADAXP_UNITID_PEX3 },
 	{ ARMADAXP_TAG_PEX3_IO,
 	  ARMADAXP_ATTR_PEX3_IO,	ARMADAXP_UNITID_PEX3 },
+	{ ARMADAXP_TAG_CRYPT0,
+	  ARMADAXP_ATTR_CRYPT0_NOSWAP,	ARMADAXP_UNITID_CRYPT },
+	{ ARMADAXP_TAG_CRYPT1,
+	  ARMADAXP_ATTR_CRYPT1_NOSWAP,	ARMADAXP_UNITID_CRYPT },
 #endif
 };
 
@@ -692,8 +697,13 @@ static const struct mvsoc_periph {
     { ARMADAXP(MV78130), "mvgbec", 1, ARMADAXP_GBE1_BASE,IRQ_DEFAULT },
     { ARMADAXP(MV78130), "mvgbec", 2, ARMADAXP_GBE2_BASE,IRQ_DEFAULT },
 #endif
+#if NMVXPSEC > 0
+    { ARMADAXP(MV78130), "mvxpsec", 0, ARMADAXP_XPSEC0_BASE,ARMADAXP_IRQ_CESA0 },
+    { ARMADAXP(MV78130), "mvxpsec", 1, ARMADAXP_XPSEC1_BASE,ARMADAXP_IRQ_CESA1 },
+#else
     { ARMADAXP(MV78130), "mvcesa", 0, ARMADAXP_CESA0_BASE,ARMADAXP_IRQ_CESA0 },
     { ARMADAXP(MV78130), "mvcesa", 1, ARMADAXP_CESA1_BASE,ARMADAXP_IRQ_CESA1 },
+#endif
 
     { ARMADAXP(MV78160), "mvsoctmr",0,MVSOC_TMR_BASE,	ARMADAXP_IRQ_TIMER0 },
     { ARMADAXP(MV78160), "com",    0, MVSOC_COM0_BASE,	ARMADAXP_IRQ_UART0 },
@@ -728,8 +738,13 @@ static const struct mvsoc_periph {
     { ARMADAXP(MV78160), "mvgbec", 2, ARMADAXP_GBE2_BASE,IRQ_DEFAULT },
     { ARMADAXP(MV78160), "mvgbec", 3, ARMADAXP_GBE3_BASE,IRQ_DEFAULT },
 #endif
+#if NMVXPSEC > 0
+    { ARMADAXP(MV78160), "mvxpsec", 0, ARMADAXP_XPSEC0_BASE,ARMADAXP_IRQ_CESA0 },
+    { ARMADAXP(MV78160), "mvxpsec", 1, ARMADAXP_XPSEC1_BASE,ARMADAXP_IRQ_CESA1 },
+#else
     { ARMADAXP(MV78160), "mvcesa", 0, ARMADAXP_CESA0_BASE,ARMADAXP_IRQ_CESA0 },
     { ARMADAXP(MV78160), "mvcesa", 1, ARMADAXP_CESA1_BASE,ARMADAXP_IRQ_CESA1 },
+#endif
 
     { ARMADAXP(MV78230), "mvsoctmr",0,MVSOC_TMR_BASE,	ARMADAXP_IRQ_TIMER0 },
     { ARMADAXP(MV78230), "com",    0, MVSOC_COM0_BASE,	ARMADAXP_IRQ_UART0 },
@@ -762,8 +777,13 @@ static const struct mvsoc_periph {
     { ARMADAXP(MV78230), "mvgbec", 1, ARMADAXP_GBE1_BASE,IRQ_DEFAULT },
     { ARMADAXP(MV78230), "mvgbec", 2, ARMADAXP_GBE2_BASE,IRQ_DEFAULT },
 #endif
+#if NMVXPSEC > 0
+    { ARMADAXP(MV78230), "mvxpsec", 0, ARMADAXP_XPSEC0_BASE,ARMADAXP_IRQ_CESA0 },
+    { ARMADAXP(MV78230), "mvxpsec", 1, ARMADAXP_XPSEC1_BASE,ARMADAXP_IRQ_CESA1 },
+#else
     { ARMADAXP(MV78230), "mvcesa", 0, ARMADAXP_CESA0_BASE,ARMADAXP_IRQ_CESA0 },
     { ARMADAXP(MV78230), "mvcesa", 1, ARMADAXP_CESA1_BASE,ARMADAXP_IRQ_CESA1 },
+#endif
 
     { ARMADAXP(MV78260), "mvsoctmr",0,MVSOC_TMR_BASE,	ARMADAXP_IRQ_TIMER0 },
     { ARMADAXP(MV78260), "com",    0, MVSOC_COM0_BASE,	ARMADAXP_IRQ_UART0 },
@@ -798,8 +818,13 @@ static const struct mvsoc_periph {
     { ARMADAXP(MV78260), "mvgbec", 2, ARMADAXP_GBE2_BASE,IRQ_DEFAULT },
     { ARMADAXP(MV78260), "mvgbec", 3, ARMADAXP_GBE3_BASE,IRQ_DEFAULT },
 #endif
+#if NMVXPSEC > 0
+    { ARMADAXP(MV78260), "mvxpsec", 0, ARMADAXP_XPSEC0_BASE,ARMADAXP_IRQ_CESA0 },
+    { ARMADAXP(MV78260), "mvxpsec", 1, ARMADAXP_XPSEC1_BASE,ARMADAXP_IRQ_CESA1 },
+#else
     { ARMADAXP(MV78260), "mvcesa", 0, ARMADAXP_CESA0_BASE,ARMADAXP_IRQ_CESA0 },
     { ARMADAXP(MV78260), "mvcesa", 1, ARMADAXP_CESA1_BASE,ARMADAXP_IRQ_CESA1 },
+#endif
 
     { ARMADAXP(MV78460), "mvsoctmr",0,MVSOC_TMR_BASE,	ARMADAXP_IRQ_TIMER0 },
     { ARMADAXP(MV78460), "com",    0, MVSOC_COM0_BASE,	ARMADAXP_IRQ_UART0 },
@@ -835,8 +860,13 @@ static const struct mvsoc_periph {
     { ARMADAXP(MV78460), "mvgbec", 2, ARMADAXP_GBE2_BASE,IRQ_DEFAULT },
     { ARMADAXP(MV78460), "mvgbec", 3, ARMADAXP_GBE3_BASE,IRQ_DEFAULT },
 #endif
+#if NMVXPSEC > 0
+    { ARMADAXP(MV78460), "mvxpsec", 0, ARMADAXP_XPSEC0_BASE,ARMADAXP_IRQ_CESA0 },
+    { ARMADAXP(MV78460), "mvxpsec", 1, ARMADAXP_XPSEC1_BASE,ARMADAXP_IRQ_CESA1 },
+#else
     { ARMADAXP(MV78460), "mvcesa", 0, ARMADAXP_CESA0_BASE,ARMADAXP_IRQ_CESA0 },
     { ARMADAXP(MV78460), "mvcesa", 1, ARMADAXP_CESA1_BASE,ARMADAXP_IRQ_CESA1 },
+#endif
 
     { ARMADA370(MV6710), "mvsoctmr",0,MVSOC_TMR_BASE,	ARMADAXP_IRQ_TIMER0 },
     { ARMADA370(MV6710), "com",    0, MVSOC_COM0_BASE,	ARMADAXP_IRQ_UART0 },
@@ -861,8 +891,12 @@ static const struct mvsoc_periph {
     { ARMADA370(MV6710), "mvgbec", 0, ARMADAXP_GBE0_BASE,IRQ_DEFAULT },
     { ARMADA370(MV6710), "mvgbec", 1, ARMADAXP_GBE1_BASE,IRQ_DEFAULT },
 #endif
+#if NMVXPSEC > 0
+    { ARMADA370(MV6710), "mvxpsec", 0, ARMADAXP_XPSEC0_BASE,ARMADAXP_IRQ_CESA0 },
+#else
     { ARMADA370(MV6710), "mvcesa", 0, ARMADAXP_CESA0_BASE,ARMADAXP_IRQ_CESA0 },
 #endif
+#endif
 };
 
 

sys/arch/arm/marvell/mvsocvar.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: mvsocvar.h,v 1.9 2015/06/03 03:04:21 hsuenaga Exp $	*/
+/*	$NetBSD: mvsocvar.h,v 1.10 2015/06/03 04:20:02 hsuenaga Exp $	*/
 /*
  * Copyright (c) 2007, 2010 KIYOHARA Takashi
  * All rights reserved.
@@ -119,6 +119,8 @@ enum mvsoc_tags {
 	ARMADAXP_TAG_PEX2_IO,
 	ARMADAXP_TAG_PEX3_MEM,
 	ARMADAXP_TAG_PEX3_IO,
+	ARMADAXP_TAG_CRYPT0,
+	ARMADAXP_TAG_CRYPT1,
 };
 int mvsoc_target(int, uint32_t *, uint32_t *, uint32_t *, uint32_t *);
 int mvsoc_target_dump(struct mvsoc_softc *);

sys/dev/marvell/files.armada

@@ -1,4 +1,4 @@
-#	$NetBSD: files.armada,v 1.2 2015/06/03 03:55:47 hsuenaga Exp $
+#	$NetBSD: files.armada,v 1.3 2015/06/03 04:20:02 hsuenaga Exp $
 # Configuration info for Marvell ARMADA integrated peripherals
 
 # ARMADA XP Buffer Manger
@@ -9,3 +9,8 @@ file	dev/marvell/mvxpbm.c
 define	mvxpe { [port = -1 ], [irq = -1] }
 device	mvxpe: mvxpbm, ether, ifnet, arp, mii
 file	dev/marvell/if_mvxpe.c			mvxpe		needs-flag
+
+# ARMADA XP Cryptographic Engines and Security Accelerator
+define	mvxpsec { [port = -1 ], [irq = -1] }
+device	mvxpsec: opencrypto
+file	dev/marvell/mvxpsec.c			mvxpsec		needs-flag

sys/dev/marvell/mvxpsecreg.h

@@ -0,0 +1,270 @@
+/*	$NetBSD: mvxpsecreg.h,v 1.1 2015/06/03 04:20:02 hsuenaga Exp $	*/
+/*
+ * Copyright (c) 2015 Internet Initiative Japan Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * Cryptographic Engine and Security Accelerator(CESA)
+ */
+
+#ifndef __MVXPSECREG_H__
+#define __MVXPSECREG_H__
+
+/* Security Accelerator */
+#define MV_ACC_COMMAND			0xDE00
+#define MV_ACC_COMMAND_ACT		(0x01 << 0)
+#define MV_ACC_COMMAND_STOP		(0x01 << 2)
+
+#define MV_ACC_DESC			0xDE04
+#define MV_ACC_DESC_MASK		0x0000ffff
+
+#define MV_ACC_CONFIG			0xDE08
+#define MV_ACC_CONFIG_STOP_ON_ERR	(0x01 << 0)
+#define MV_ACC_CONFIG_WAIT_TDMA		(0x01 << 7)
+#define MV_ACC_CONFIG_ACT_TDMA		(0x01 << 9)
+#define MV_ACC_CONFIG_MULT_PKT		(0x01 << 11)
+
+#define MV_ACC_STATUS			0xDE0C
+#define MV_ACC_STATUS_ACC_ACT		(0x01 << 1)
+#define MV_ACC_STATUS_MAC_ERR		(0x01 << 8)
+#define MV_ACC_STATUS_ACT_STATUS_MASK	0x0007ffff
+#define MV_ACC_STATUS_ACT_STATUS_SHIFT	13
+
+/* Security Accelerator Algorithms */
+/* XXX: simplify shift operation.... */
+#define MV_ACC_CRYPTO_OP_MASK		0x03
+#define MV_ACC_CRYPTO_OP_SHIFT		0
+#define MV_ACC_CRYPTO_OP_MAC		(0x00 << MV_ACC_CRYPTO_OP_SHIFT)
+#define MV_ACC_CRYPTO_OP_ENC		(0x01 << MV_ACC_CRYPTO_OP_SHIFT)
+#define MV_ACC_CRYPTO_OP_MACENC		(0x02 << MV_ACC_CRYPTO_OP_SHIFT)
+#define MV_ACC_CRYPTO_OP_ENCMAC		(0x03 << MV_ACC_CRYPTO_OP_SHIFT)
+#define MV_ACC_CRYPTO_OP(x) \
+    (((x) & (MV_ACC_CRYPTO_OP_MASK << MV_ACC_CRYPTO_OP_SHIFT)) \
+     >> MV_ACC_CRYPTO_OP_SHIFT)
+
+#define MV_ACC_CRYPTO_MAC_MASK		0x07
+#define MV_ACC_CRYPTO_MAC_SHIFT		4
+#define MV_ACC_CRYPTO_MAC_NONE		0
+#define MV_ACC_CRYPTO_MAC_SHA2		(0x01 << MV_ACC_CRYPTO_MAC_SHIFT)
+#define MV_ACC_CRYPTO_MAC_HMAC_SHA2	(0x03 << MV_ACC_CRYPTO_MAC_SHIFT)
+#define MV_ACC_CRYPTO_MAC_MD5		(0x04 << MV_ACC_CRYPTO_MAC_SHIFT)
+#define MV_ACC_CRYPTO_MAC_SHA1		(0x05 << MV_ACC_CRYPTO_MAC_SHIFT)
+#define MV_ACC_CRYPTO_MAC_HMAC_MD5	(0x06 << MV_ACC_CRYPTO_MAC_SHIFT)
+#define MV_ACC_CRYPTO_MAC_HMAC_SHA1	(0x07 << MV_ACC_CRYPTO_MAC_SHIFT)
+#define MV_ACC_CRYPTO_MAC(x) \
+    (((x) & (MV_ACC_CRYPTO_MAC_MASK << MV_ACC_CRYPTO_MAC_SHIFT)) \
+     >> MV_ACC_CRYPTO_MAC_SHIFT)
+#define MV_ACC_CRYPTO_MAC_SET(dst, x) \
+    do { \
+	    (dst) &= ~(MV_ACC_CRYPTO_MAC_MASK << MV_ACC_CRYPTO_MAC_SHIFT);\
+	    (dst) |= \
+	     ((x) & (MV_ACC_CRYPTO_MAC_MASK << MV_ACC_CRYPTO_MAC_SHIFT)); \
+    } while(0);
+
+#define MV_ACC_CRYPTO_ENC_MASK		0x03
+#define MV_ACC_CRYPTO_ENC_SHIFT		8
+#define MV_ACC_CRYPTO_ENC_NOP		(0x00 << MV_ACC_CRYPTO_ENC_SHIFT)
+#define MV_ACC_CRYPTO_ENC_DES		(0x01 << MV_ACC_CRYPTO_ENC_SHIFT)
+#define MV_ACC_CRYPTO_ENC_3DES		(0x02 << MV_ACC_CRYPTO_ENC_SHIFT)
+#define MV_ACC_CRYPTO_ENC_AES		(0x03 << MV_ACC_CRYPTO_ENC_SHIFT)
+#define MV_ACC_CRYPTO_ENC(x) \
+    (((x) & (MV_ACC_CRYPTO_ENC_MASK << MV_ACC_CRYPTO_ENC_SHIFT)) \
+     >> MV_ACC_CRYPTO_ENC_SHIFT)
+#define MV_ACC_CRYPTO_ENC_SET(dst, x) \
+    do { \
+	    (dst) &= ~(MV_ACC_CRYPTO_ENC_MASK << MV_ACC_CRYPTO_ENC_SHIFT);\
+	    (dst) |= \
+	      ((x) & (MV_ACC_CRYPTO_ENC_MASK << MV_ACC_CRYPTO_ENC_SHIFT));\
+    } while(0);
+
+/* this is not described in the document.... FUUUUUUUUUUUUCK! */
+#define MV_ACC_CRYPTO_AES_KLEN_MASK	0x03
+#define MV_ACC_CRYPTO_AES_KLEN_SHIFT	24
+#define MV_ACC_CRYPTO_AES_KLEN_128 \
+    (0x00 << MV_ACC_CRYPTO_AES_KLEN_SHIFT)
+#define MV_ACC_CRYPTO_AES_KLEN_192 \
+    (0x01 << MV_ACC_CRYPTO_AES_KLEN_SHIFT)
+#define MV_ACC_CRYPTO_AES_KLEN_256 \
+    (0x02 << MV_ACC_CRYPTO_AES_KLEN_SHIFT)
+#define MV_ACC_CRYPTO_AES_KLEN(x) \
+    (((x) & (MV_ACC_CRYPTO_AES_KLEN_MASK << MV_ACC_CRYPTO_AES_KLEN_SHIFT)) \
+     >> MV_ACC_CRYPTO_AES_KLEN_SHIFT)
+#define MV_ACC_CRYPTO_AES_KLEN_SET(dst, x) \
+    do { \
+	(dst) &= \
+	  ~(MV_ACC_CRYPTO_AES_KLEN_MASK << MV_ACC_CRYPTO_AES_KLEN_SHIFT); \
+	(dst) |= \
+	  ((x) & \
+	  (MV_ACC_CRYPTO_AES_KLEN_MASK << MV_ACC_CRYPTO_AES_KLEN_SHIFT)); \
+    } while(0);
+
+#define MV_ACC_CRYPTO_MAC_96		__BIT(7)
+#define MV_ACC_CRYPTO_DECRYPT		__BIT(12)
+#define MV_ACC_CRYPTO_CBC		__BIT(16)
+#define MV_ACC_CRYPTO_3DES_EDE		__BIT(20)
+
+/* Security Accelerator Descriptors */
+/* Algorithm names are defined in mviicesa.h */
+#define MV_ACC_CRYPTO_FRAG_MASK		0x03
+#define MV_ACC_CRYPTO_FRAG_SHIFT	30
+#define MV_ACC_CRYPTO_NOFRAG		(0x00 << MV_ACC_CRYPTO_FRAG_SHIFT)
+#define MV_ACC_CRYPTO_FRAG_FIRST	(0x01 << MV_ACC_CRYPTO_FRAG_SHIFT)
+#define MV_ACC_CRYPTO_FRAG_LAST		(0x02 << MV_ACC_CRYPTO_FRAG_SHIFT)
+#define MV_ACC_CRYPTO_FRAG_MID		(0x03 << MV_ACC_CRYPTO_FRAG_SHIFT)
+#define MV_ACC_CRYPTO_FRAG(x) \
+    (((x) & (MV_ACC_CRYPTO_FRAG_MASK << MV_ACC_CRYPTO_FRAG_SHIFT)) \
+     >> MV_ACC_CRYPTO_FRAG_SHIFT)
+
+#define MV_ACC_DESC_VAL_1(x)		((x) & 0x7ff)
+#define MV_ACC_DESC_VAL_2(x)		(((x) & 0x7ff) << 16)
+#define MV_ACC_DESC_VAL_3(x)		(((x) & 0xffff) << 16)
+#define MV_ACC_DESC_GET_VAL_1(x)	((x) & 0x7ff)
+#define MV_ACC_DESC_GET_VAL_2(x)	(((x) & (0x7ff << 16)) >> 16)
+#define MV_ACC_DESC_GET_VAL_3(x)	(((x) & (0xffff << 16)) >> 16)
+
+#define MV_ACC_DESC_ENC_DATA(src, dst) \
+	(MV_ACC_DESC_VAL_1(src) | MV_ACC_DESC_VAL_2(dst))
+#define MV_ACC_DESC_ENC_LEN(len) \
+	(MV_ACC_DESC_VAL_1(len))
+#define MV_ACC_DESC_ENC_KEY(key) \
+	(MV_ACC_DESC_VAL_1(key))
+#define MV_ACC_DESC_ENC_IV(iv_e, iv_d) \
+	(MV_ACC_DESC_VAL_1(iv_e) | MV_ACC_DESC_VAL_2(iv_d))
+
+#define MV_ACC_DESC_MAC_SRC(src, len) \
+	(MV_ACC_DESC_VAL_1(src) | MV_ACC_DESC_VAL_3(len))
+#define MV_ACC_DESC_MAC_DST(dst, len) \
+	(MV_ACC_DESC_VAL_1(dst) | MV_ACC_DESC_VAL_2(len))
+#define MV_ACC_DESC_MAC_IV(iv_in, iv_out) \
+	(MV_ACC_DESC_VAL_1(iv_in) | MV_ACC_DESC_VAL_2(iv_out))
+
+#define MV_ACC_SRAM_SIZE 2048
+
+/* Interrupt Cause */
+#define MVXPSEC_INT_CAUSE		0xDE20
+#define MVXPSEC_INT_MASK		0xDE24
+
+/* ENGINE interrupts */
+#define MVXPSEC_INT_AUTH		__BIT(0)
+#define MVXPSEC_INT_DES			__BIT(1)
+#define MVXPSEC_INT_AES_ENC		__BIT(2)
+#define MVXPSEC_INT_AES_DEC		__BIT(3)
+#define MVXPSEC_INT_ENC			__BIT(4)
+#define MVXPSEC_INT_ENGINE \
+    (MVXPSEC_INT_AUTH | MVXPSEC_INT_ENC | \
+     MVXPSEC_INT_DES | MVXPSEC_INT_AES_ENC | MVXPSEC_INT_AES_DEC)
+
+/* Security Accelerator interrupts */
+#define MVXPSEC_INT_SA			__BIT(5)
+#define MVXPSEC_INT_ACCTDMA		__BIT(7)
+#define MVXPSEC_INT_ACCTDMA_CONT	__BIT(11)
+#define MVXPSEC_INT_COAL		__BIT(14)
+
+/* TDMA interrupts */
+#define MVXPSEC_INT_TDMA_COMP		__BIT(9)
+#define MVXPSEC_INT_TDMA_OWN		__BIT(10)
+
+#define MVXPSEC_INT_ACC \
+    (MVXPSEC_INT_SA | MVXPSEC_INT_ACCTDMA | MVXPSEC_INT_ACCTDMA_CONT)
+
+#define MVXPSEC_INT_TDMA \
+    (MVXPSEC_INT_TDMA_COMP | MVXPSEC_INT_TDMA_OWN)
+
+#define MVXPSEC_INT_ALL \
+    (MVXPSEC_INT_ENGINE | MVXPSEC_INT_ACC | MVXPSEC_INT_TDMA)
+
+/*
+ * TDMA Controllers
+ */
+/* TDMA Address */
+#define MV_TDMA_NWINDOW			4
+#define MV_TDMA_BAR(window)		(0x0A00 + (window) * 8)
+#define MV_TDMA_BAR_BASE_MASK		__BITS(31,16)
+#define MV_TDMA_BAR_BASE(base)		((base) & MV_TDMA_BAR_BASE_MASK)
+#define MV_TDMA_ATTR(window)		(0x0A04 + (window) * 8)
+#define MV_TDMA_ATTR_SIZE_MASK		__BITS(31,16)
+#define MV_TDMA_ATTR_ATTR_MASK		__BITS(31,16)
+#define MV_TDMA_ATTR_ENABLE		__BIT(0)
+#define MV_TDMA_ATTR_SIZE(size)		((((size - 1) >> 16) & 0xffff) << 16)
+#define MV_TDMA_ATTR_ATTR(attr)		(((attr) & 0xff) << 8)
+#define MV_TDMA_ATTR_TARGET(target)	(((target) & 0xf) << 4)
+#define MV_TDMA_ATTR_GET_SIZE(reg)	(((reg) >> 16) & 0xffff)
+#define MV_TDMA_ATTR_GET_ATTR(reg)	(((reg) >> 8) & 0xff)
+#define MV_TDMA_ATTR_GET_TARGET(reg)	(((reg) >> 4) & 0xf)
+
+/* TDMA Control */
+#define MV_TDMA_CONTROL			0x0840
+
+#define MV_TDMA_CONTROL_DST_BURST_MASK	__BITS(2,0)
+#define MV_TDMA_CONTROL_DST_BURST_32	0x3
+#define MV_TDMA_CONTROL_DST_BURST_128	0x4
+#define MV_TDMA_CONTROL_GET_DST_BURST(reg) \
+    ((uint32_t)(((reg) & MV_TDMA_CONTROL_DST_BURST_MASK) >> 0))
+#define MV_TDMA_CONTROL_OUTS_EN		__BIT(4)
+#define MV_TDMA_CONTROL_SRC_BURST_MASK	__BITS(8,6)
+#define MV_TDMA_CONTROL_SRC_BURST_32	(0x3 << 6)
+#define MV_TDMA_CONTROL_SRC_BURST_128	(0x4 << 6)
+#define MV_TDMA_CONTROL_GET_SRC_BURST(reg) \
+    ((uint32_t)(((reg) & MV_TDMA_CONTROL_SRC_BURST_MASK) >> 6))
+#define MV_TDMA_CONTROL_CHAIN_DIS	__BIT(9)
+#define MV_TDMA_CONTROL_BSWAP_DIS	__BIT(11)
+#define MV_TDMA_CONTROL_ENABLE		__BIT(12)
+#define MV_TDMA_CONTROL_FETCH		__BIT(13)
+#define MV_TDMA_CONTROL_ACT		__BIT(14)
+#define MV_TDMA_CONTROL_OUTS_MODE_MASK	__BITS(17,16)
+#define MV_TDMA_CONTROL_OUTS_MODE_4OUTS	(3 << 16)
+
+/* TDMA Descriptor Registers */
+#define MV_TDMA_CNT			0x0800
+#define MV_TDMA_SRC			0x0810
+#define MV_TDMA_DST			0x0820
+#define MV_TDMA_NXT			0x0830
+#define MV_TDMA_CUR			0x0870
+
+#define MV_TDMA_CNT_OWN			(1 << 31)
+
+/* TDMA Interrupt */
+#define MV_TDMA_ERR_CAUSE		0x08C8
+#define MV_TDMA_ERR_MASK		0x08CC
+
+#define MV_TDMA_ERRC_MISS		0x01
+#define	MV_TDMA_ERRC_DHIT		0x02
+#define MV_TDMA_ERRC_BHIT		0x04
+#define MV_TDMA_ERRC_DERR		0x08
+#define MV_TDMA_ERRC_ALL \
+    (MV_TDMA_ERRC_MISS | MV_TDMA_ERRC_DHIT | MV_TDMA_ERRC_BHIT | \
+    MV_TDMA_ERRC_DERR)
+
+/* Crypto Engine Registers (just for debug) */
+#define MV_CE_DES_KEY0L			0xdd48
+#define MV_CE_DES_KEY0H			0xdd4c
+#define MV_CE_DES_KEY1L			0xdd50
+#define MV_CE_DES_KEY1H			0xdd54
+#define MV_CE_DES_KEY2L			0xdd60
+#define MV_CE_DES_KEY2H			0xdd64
+
+#define MV_CE_AES_EKEY(n)		(0xdd80 + (4 * (7 - (n))))
+#define MV_CE_AES_DKEY(n)		(0xddc0 + (4 * (7 - (n))))
+
+#endif /* __MVXPSECREG_H__ */

sys/dev/marvell/mvxpsecvar.h

@@ -0,0 +1,511 @@
+/*	$NetBSD: mvxpsecvar.h,v 1.1 2015/06/03 04:20:02 hsuenaga Exp $	*/
+/*
+ * Copyright (c) 2015 Internet Initiative Japan Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Cryptographic Engine and Security Accelerator(CESA)
+ */
+#ifndef __MVXPSECVAR_H__
+#define __MVXPSECVAR_H__
+#include <sys/device.h>
+#include <dev/marvell/mvxpsecreg.h>
+
+/*
+ * Compile time options
+ */
+/* use multi-packet chained mode */
+#define MVXPSEC_MULTI_PACKET
+#define MVXPSEC_EVENT_COUNTERS
+
+/*
+ * Memory management
+ */
+struct mvxpsec_devmem {
+	bus_dmamap_t map;
+	void *kva;
+	int size;
+};
+#define dm_paddr dm_segs[0].ds_addr
+#define devmem_va(x) ((x)->kva)
+#define devmem_nseg(x) ((x)->map->dm_nsegs)
+#define devmem_pa(x, s) ((x)->map->dm_segs[(s)].ds_addr)
+#define devmem_palen(x, s) ((x)->map->dm_segs[(s)].ds_len)
+#define devmem_size(x) ((x)->size)
+#define devmem_map(x) ((x)->map)
+
+/*
+ * DMA Descriptors
+ */
+struct mvxpsec_descriptor {
+	uint32_t tdma_word0;
+	uint32_t tdma_src;
+	uint32_t tdma_dst;
+	uint32_t tdma_nxt;
+} __attribute__((__packed__));
+
+struct mvxpsec_descriptor_handle {
+	bus_dmamap_t map;
+	paddr_t phys_addr;
+	int off;
+
+	void *_desc;
+
+	SIMPLEQ_ENTRY(mvxpsec_descriptor_handle) chain;
+};
+SIMPLEQ_HEAD(mvxpsec_descriptor_list, mvxpsec_descriptor_handle);
+
+struct mvxpsec_descriptor_ring {
+	struct mvxpsec_descriptor_handle *dma_head;
+	struct mvxpsec_descriptor_handle *dma_last;
+	int				dma_size;
+};
+
+#define MVXPSEC_SYNC_DESC(sc, x, f) \
+    do { \
+	bus_dmamap_sync((sc)->sc_dmat, (x)->map, \
+            (x)->off, sizeof(struct mvxpsec_descriptor), (f)); \
+    } while (0);
+
+typedef struct mvxpsec_descriptor_ring mvxpsec_dma_ring;
+
+#define MV_TDMA_DEFAULT_CONTROL \
+	( MV_TDMA_CONTROL_DST_BURST_32 | \
+	  MV_TDMA_CONTROL_SRC_BURST_32 | \
+	  MV_TDMA_CONTROL_OUTS_EN | \
+	  MV_TDMA_CONTROL_OUTS_MODE_4OUTS | \
+	  MV_TDMA_CONTROL_BSWAP_DIS )
+
+/*
+ * Security Accelerator Descriptors
+ */
+struct mvxpsec_acc_descriptor {
+	uint32_t acc_config;
+	uint32_t acc_encdata;
+	uint32_t acc_enclen;
+	uint32_t acc_enckey;
+	uint32_t acc_enciv;
+	uint32_t acc_macsrc;
+	uint32_t acc_macdst;
+	uint32_t acc_maciv;
+#define acc_desc_dword0 acc_config
+#define acc_desc_dword1 acc_encdata
+#define acc_desc_dword2 acc_enclen
+#define acc_desc_dword3 acc_enckey
+#define acc_desc_dword4 acc_enciv
+#define acc_desc_dword5 acc_macsrc
+#define acc_desc_dword6 acc_macdst
+#define acc_desc_dword7 acc_maciv
+} __attribute__((aligned(4)));
+
+struct mvxpsec_crp_key {
+	uint32_t crp_key32[8];
+} __attribute__((aligned(4)));
+
+struct mvxpsec_crp_iv {
+	uint32_t crp_iv32[4];
+} __attribute__((aligned(4)));
+
+struct mvxpsec_mac_iv {
+	uint32_t mac_iv32[5];
+	uint32_t mac_ivpad[1]; /* bit[2:0] = 0 */
+} __attribute__((aligned(8)));
+
+/* many pointer in the desc has a limitation of bit[2:0] = 0. */
+struct mvxpsec_packet_header {
+	struct mvxpsec_acc_descriptor	desc;		/* 32 oct. */
+	struct mvxpsec_crp_iv		crp_iv_work;	/* 16 oct. */
+	struct mvxpsec_crp_iv		crp_iv_ext;	/* 16 oct. */
+} __attribute__((aligned(4))); /* 64 oct. */
+
+struct mvxpsec_session_header {
+	struct mvxpsec_crp_key		crp_key;	/* 32 oct. */
+	struct mvxpsec_crp_key		crp_key_d;	/* 32 oct. */
+	struct mvxpsec_mac_iv		miv_in;		/* 24 oct. */
+	struct mvxpsec_mac_iv		miv_out;	/* 24 oct. */
+	uint8_t				pad[16];	/* 16 oct. */
+} __attribute__((aligned(4))); /* 128 oct. */
+
+/*
+ * Usage of CESA internal SRAM
+ *
+ * +---------------+ MVXPSEC_SRAM_PKT_HDR_OFF(0)
+ * |Packet Header  |   contains per packet information (IV, ACC descriptor)
+ * |               |
+ * |               |
+ * +---------------+ MVXPSEC_SRAM_SESS_HDR_OFF
+ * |Session Header |   contains per session information (Key, HMAC-iPad/oPad)  
+ * |               |   may not DMA transfered if session is not changed.
+ * |               |
+ * +---------------+ MVXPSEC_SRAM_PAYLOAD_OFF
+ * |Payload        | 
+ * |               |
+ * .               .
+ * .               .
+ * .               .
+ * |               |
+ * +---------------+ MV_ACC_SRAM_SIZE(2048)
+ * 
+ * The input data is transfered to SRAM from system DRAM using TDMA,
+ * and ACC is working on the SRAM. When ACC finished the work,
+ * TDMA returns the payload of SRAM to system DRAM.
+ *
+ * CPU can also access the SRAM via Mbus interface directly. This driver
+ * access the SRAM only for debugging.
+ *
+ */
+#define SRAM_PAYLOAD_SIZE \
+    (MV_ACC_SRAM_SIZE \
+     - sizeof(struct mvxpsec_packet_header) \
+     - sizeof(struct mvxpsec_session_header))
+struct mvxpsec_crypt_sram {
+	struct mvxpsec_packet_header	packet_header;	/* 64 oct. */
+	struct mvxpsec_session_header	session_header; /* 128 oct. */
+	uint8_t				payload[SRAM_PAYLOAD_SIZE];
+} __attribute__((aligned(8))); /* Max. 2048 oct. */
+#define MVXPSEC_SRAM_PKT_HDR_OFF \
+    (offsetof(struct mvxpsec_crypt_sram, packet_header))
+#define MVXPSEC_SRAM_DESC_OFF (MVXPSEC_SRAM_PKT_HDR_OFF + \
+    offsetof(struct mvxpsec_packet_header, desc))
+#define MVXPSEC_SRAM_IV_WORK_OFF (MVXPSEC_SRAM_PKT_HDR_OFF + \
+    offsetof(struct mvxpsec_packet_header, crp_iv_work))
+#define MVXPSEC_SRAM_IV_EXT_OFF (MVXPSEC_SRAM_PKT_HDR_OFF + \
+    offsetof(struct mvxpsec_packet_header, crp_iv_ext))
+
+#define MVXPSEC_SRAM_SESS_HDR_OFF \
+    (offsetof(struct mvxpsec_crypt_sram, session_header))
+#define MVXPSEC_SRAM_KEY_OFF (MVXPSEC_SRAM_SESS_HDR_OFF + \
+    offsetof(struct mvxpsec_session_header, crp_key))
+#define MVXPSEC_SRAM_KEY_D_OFF (MVXPSEC_SRAM_SESS_HDR_OFF + \
+    offsetof(struct mvxpsec_session_header, crp_key_d))
+#define MVXPSEC_SRAM_MIV_IN_OFF (MVXPSEC_SRAM_SESS_HDR_OFF + \
+    offsetof(struct mvxpsec_session_header, miv_in))
+#define MVXPSEC_SRAM_MIV_OUT_OFF (MVXPSEC_SRAM_SESS_HDR_OFF + \
+    offsetof(struct mvxpsec_session_header, miv_out))
+
+#define MVXPSEC_SRAM_PAYLOAD_OFF \
+    (offsetof(struct mvxpsec_crypt_sram, payload))
+
+/* CESA device address (CESA internal SRAM address space) */
+#define MVXPSEC_SRAM_DESC_DA		MVXPSEC_SRAM_DESC_OFF
+#define MVXPSEC_SRAM_IV_WORK_DA		MVXPSEC_SRAM_IV_WORK_OFF
+#define MVXPSEC_SRAM_IV_EXT_DA		MVXPSEC_SRAM_IV_EXT_OFF
+#define MVXPSEC_SRAM_KEY_DA		MVXPSEC_SRAM_KEY_OFF
+#define MVXPSEC_SRAM_KEY_D_DA		MVXPSEC_SRAM_KEY_D_OFF
+#define MVXPSEC_SRAM_MIV_IN_DA		MVXPSEC_SRAM_MIV_IN_OFF
+#define MVXPSEC_SRAM_MIV_OUT_DA		MVXPSEC_SRAM_MIV_OUT_OFF
+#define MVXPSEC_SRAM_PAYLOAD_DA(offset) \
+    (MVXPSEC_SRAM_PAYLOAD_OFF + (offset))
+
+/*
+ * Session management
+ */
+enum mvxpsec_data_type {
+	MVXPSEC_DATA_NONE,
+	MVXPSEC_DATA_RAW,
+	MVXPSEC_DATA_MBUF,
+	MVXPSEC_DATA_UIO,
+	MVXPSEC_DATA_LAST,
+};
+
+/* session flags */
+#define RDY_DATA	(1 << 0)
+#define RDY_CRP_KEY	(1 << 1)
+#define RDY_CRP_IV	(1 << 2)
+#define RDY_MAC_KEY	(1 << 3)
+#define RDY_MAC_IV	(1 << 4)
+#define CRP_EXT_IV	(1 << 5)
+
+#define SETUP_DONE	(1 << 10)
+#define DELETED		(1 << 11)
+#define DIR_ENCRYPT	(1 << 12)
+#define DIR_DECRYPT	(1 << 13)
+
+#define HW_RUNNING	(1 << 16)
+
+/* 64 peer * 2 way(in/out) * 2 family(inet/inet6) * 2 state(mature/dying) */
+#define MVXPSEC_MAX_SESSIONS	512
+
+struct mvxpsec_session {
+	struct mvxpsec_softc		*sc;
+	uint32_t			sid;
+
+	uint32_t			sflags;
+	uint32_t			refs;
+
+	/*
+	 * Header of Security Accelerator
+	 *   - include key entity for ciphers
+	 *   - include iv for HMAC
+	 */ 
+	bus_dmamap_t			session_header_map; 
+	struct mvxpsec_session_header	session_header;
+
+	/* Key length for variable key length algorithm [bits] */
+	int enc_klen;
+	int mac_klen;
+
+	/* IV Store */
+	struct mvxpsec_crp_iv		session_iv;
+
+	/* debug */
+	int cipher_alg;		
+	int hmac_alg;
+};
+
+struct mvxpsec_packet {
+	struct mvxpsec_session		*mv_s;
+	struct cryptop			*crp;
+	int				flags;
+
+	mvxpsec_dma_ring		dma_ring;
+
+	bus_dmamap_t			pkt_header_map;
+	struct mvxpsec_packet_header	pkt_header;
+
+	bus_dmamap_t			data_map; 
+	enum mvxpsec_data_type		data_type;
+	uint32_t			data_len;
+	union {
+		/* payload buffer come from opencrypto API */
+		void			*ptr;
+		void			*raw;
+		struct mbuf		*mbuf;
+		struct uio		*uio;
+	} data;
+
+	/* IV place holder for EXPLICIT IV */
+	void				*ext_iv;
+	int				ext_ivlen;
+
+	uint32_t			enc_off;
+	uint32_t			enc_len;
+	uint32_t			enc_ivoff;
+	uint32_t			mac_off;
+	uint32_t			mac_len;
+	uint32_t			mac_dst;
+#define data_ptr data.ptr
+#define data_raw data.raw
+#define data_mbuf data.mbuf
+#define data_uio data.uio
+
+	/* list */
+	SIMPLEQ_ENTRY(mvxpsec_packet)	queue;
+	SLIST_ENTRY(mvxpsec_packet)	free_list;
+};
+typedef SIMPLEQ_HEAD(mvxpsec_packet_queue, mvxpsec_packet) mvxpsec_queue_t;
+typedef SLIST_HEAD(mvxpsec_packet_list, mvxpsec_packet) mvxpsec_list_t;
+
+/*
+ * DMA Configuration
+ */
+#define MVXPSEC_DMA_DESC_PAGES	16
+#define MVXPSEC_DMA_MAX_SEGS	30
+#define MVXPSEC_DMA_MAX_SIZE	2048 /* = SRAM size */
+
+/*
+ * Interrupt Configuration
+ */
+#define MVXPSEC_ALL_INT (0xffffffff)
+#define MVXPSEC_ALL_ERR (0xffffffff)
+#define MVXPSEC_DEFAULT_INT (MVXPSEC_INT_ACCTDMA)
+#define MVXPSEC_DEFAULT_ERR (MVXPSEC_ALL_ERR)
+
+/*
+ * QUEUE Configuration
+ */
+#define MVXPSEC_MAX_QLEN		512
+#define MVXPSEC_QLEN_HIWAT	256
+#define MVXPSEC_QLEN_DEF_LOWAT	16
+#define MVXPSEC_DEF_PENDING	0
+
+/*
+ * Event counters
+ */
+struct mvxpsec_evcnt {
+	/* interuprts */
+	struct evcnt intr_all;
+	struct evcnt intr_auth;
+	struct evcnt intr_des;
+	struct evcnt intr_aes_enc;
+	struct evcnt intr_aes_dec;
+	struct evcnt intr_enc;
+	struct evcnt intr_sa;
+	struct evcnt intr_acctdma;
+	struct evcnt intr_comp;
+	struct evcnt intr_own;
+	struct evcnt intr_acctdma_cont;
+
+	/* session counter */
+	struct evcnt session_new;
+	struct evcnt session_free;
+
+	/* packet counter */
+	struct evcnt packet_ok;
+	struct evcnt packet_err;
+
+	/* queue */
+	struct evcnt dispatch_packets;
+	struct evcnt dispatch_queue;
+	struct evcnt queue_full;
+	struct evcnt max_dispatch;
+	struct evcnt max_done;
+};
+#ifdef MVXPSEC_EVENT_COUNTERS
+#define MVXPSEC_EVCNT_INCR(sc, name) do { \
+	(sc)->sc_ev.name.ev_count++; \
+} while (/*CONSTCOND*/0)
+#define MVXPSEC_EVCNT_ADD(sc, name, val) do { \
+	(sc)->sc_ev.name.ev_count += (val); \
+} while (/*CONSTCOND*/0)
+#define MVXPSEC_EVCNT_MAX(sc, name, val) do { \
+	if ((val) > (sc)->sc_ev.name.ev_count) \
+		(sc)->sc_ev.name.ev_count = (val); \
+} while (/*CONSTCOND*/0)
+#else
+#define MVXPSEC_EVCNT_INCR(sc, name)		/* nothing */
+#define MVXPSEC_EVCNT_ADD(sc, name, val)	/* nothing */
+#define MVXPSEC_EVCNT_MAX(sc, name, val)	/* nothing */
+#endif
+
+struct mvxpsec_softc {
+	device_t		sc_dev;
+	uint32_t		sc_cid;
+	bus_space_tag_t		sc_iot;
+	bus_space_handle_t	sc_ioh;
+	bus_dma_tag_t		sc_dmat;
+
+	/* Memory Pools */
+	struct mvxpsec_devmem	*sc_devmem_desc;
+	struct mvxpsec_devmem	*sc_devmem_mmap;
+	pool_cache_t		sc_session_pool;
+	pool_cache_t		sc_packet_pool;
+
+	/* Event Counters */
+#ifdef MVXPSEC_EVENT_COUNTERS
+	struct mvxpsec_evcnt	sc_ev;
+#endif
+
+	/* SRAM mappings */
+	paddr_t			sc_sram_pa;
+	void *			sc_sram_va;
+
+	/* Interrupts and Timers */
+	callout_t		sc_timeout;
+	void *			sc_done_ih;
+	void *			sc_error_ih;
+
+	/* DMA Descriptors */
+	kmutex_t		sc_dma_mtx;
+	struct mvxpsec_descriptor_handle *sc_desc_ring;
+	int			sc_desc_ring_size;
+	int			sc_desc_ring_prod;
+	int			sc_desc_ring_cons;
+
+	/* Session */
+	kmutex_t		sc_session_mtx;
+	struct mvxpsec_session	*sc_sessions[MVXPSEC_MAX_SESSIONS];
+	int			sc_nsessions;
+	struct mvxpsec_session	*sc_last_session;
+
+	/* Packet queue */
+	kmutex_t		sc_queue_mtx;
+	mvxpsec_queue_t		sc_wait_queue;
+	int			sc_wait_qlen;
+	int			sc_wait_qlimit;
+	mvxpsec_queue_t		sc_run_queue;
+	mvxpsec_list_t		sc_free_list;
+	int			sc_free_qlen;
+	uint32_t		sc_flags;
+
+	/* Debug */
+	int			sc_craft_conf;
+	int			sc_craft_p0;
+};
+/* SRAM parameters accessor */
+#define MVXPSEC_SRAM_BASE(sc) ((sc)->sc_sram_pa)
+#define MVXPSEC_SRAM_SIZE(sc) (sizeof(struct mvxpsec_crypt_sram))
+#define MVXPSEC_SRAM_PA(sc, offset)	\
+    (MVXPSEC_SRAM_BASE(sc) + (offset))
+#define MVXPSEC_SRAM_LIMIT(sc) \
+    (MVXPSEC_SRAM_BASE(sc) + MVXPSEC_SRAM_SIZE(sc))
+#define MVXPSEC_SRAM_PKT_HDR_PA(sc) \
+    MVXPSEC_SRAM_PA((sc), MVXPSEC_SRAM_PKT_HDR_OFF)
+#define MVXPSEC_SRAM_DESC_PA(sc) \
+    MVXPSEC_SRAM_PA((sc), MVXPSEC_SRAM_DESC_OFF)
+#define MVXPSEC_SRAM_IV_WORK_PA(sc) \
+    MVXPSEC_SRAM_PA((sc), MVXPSEC_SRAM_IV_WORK_OFF)
+#define MVXPSEC_SRAM_SESS_HDR_PA(sc) \
+    MVXPSEC_SRAM_PA((sc), MVXPSEC_SRAM_SESS_HDR_OFF)
+#define MVXPSEC_SRAM_KEY_PA(sc) \
+    MVXPSEC_SRAM_PA((sc), MVXPSEC_SRAM_KEY_OFF)
+#define MVXPSEC_SRAM_KEY_D_PA(sc) \
+    MVXPSEC_SRAM_PA((sc), MVXPSEC_SRAM_KEY_D_OFF)
+#define MVXPSEC_SRAM_MIV_IN_PA(sc) \
+    MVXPSEC_SRAM_PA((sc), MVXPSEC_SRAM_MIV_IN_OFF)
+#define MVXPSEC_SRAM_MIV_OUT_PA(sc) \
+    MVXPSEC_SRAM_PA((sc), MVXPSEC_SRAM_MIV_OUT_OFF)
+#define MVXPSEC_SRAM_PAYLOAD_PA(sc, offset) \
+    MVXPSEC_SRAM_PA((sc), MVXPSEC_SRAM_PAYLOAD_OFF + (offset))
+
+/*
+ * OpenCrypto API
+ */
+extern int mvxpsec_register(struct mvxpsec_softc *);
+extern int mvxpsec_newsession(void *, uint32_t *, struct cryptoini *);
+extern int mvxpsec_freesession(void *, uint64_t);
+extern int mvxpsec_dispatch(void *, struct cryptop *, int);
+extern void mvxpsec_done(void *);
+
+/* debug flags */
+#define MVXPSEC_DEBUG_DMA		__BIT(0)
+#define MVXPSEC_DEBUG_IOCTL		__BIT(1)
+#define MVXPSEC_DEBUG_INTR		__BIT(2)
+#define MVXPSEC_DEBUG_SRAM		__BIT(3)
+#define MVXPSEC_DEBUG_OPENCRYPTO	__BIT(4)
+#define MVXPSEC_DEBUG_PAYLOAD		__BIT(5)
+#define MVXPSEC_DEBUG_HASH_IV		__BIT(6)
+#define MVXPSEC_DEBUG_HASH_VAL		__BIT(7)
+#define MVXPSEC_DEBUG_DESC		__BIT(8) /* descriptors and registers */
+#define MVXPSEC_DEBUG_INPUT		__BIT(9)
+#define MVXPSEC_DEBUG_ENC_IV		__BIT(10)
+#define MVXPSEC_DEBUG_QUEUE		__BIT(11)
+
+#define MVXPSEC_DEBUG_ALL		__BITS(11,0)
+
+#ifdef MVXPSEC_DEBUG
+#define MVXPSEC_PRINTF(level, fmt, ...) \
+	do { \
+		if (mvxpsec_debug & level) { \
+			printf("%s: ", __func__); \
+			printf((fmt), ##__VA_ARGS__); \
+		} \
+	} while (/*CONSTCOND*/0)
+#else
+#define MVXPSEC_PRINTF(level, fmt, ...) /* nothing */
+#endif
+
+
+#endif /* __MVXPSECVAR_H__ */