initial cut at /dev/crypto support. takes original mbuf "try, and discard

if we fail" semantics and extends to two varients of data movement: mbuf,
or an iovec style block.

4 files changed, 143 insertions, 55 deletions

diff --git a/sys/dev/pci/hifn7751.c b/sys/dev/pci/hifn7751.c
index 9ece43a4fbb..cdd87e869f7 100644
--- a/sys/dev/pci/hifn7751.c
+++ b/sys/dev/pci/hifn7751.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: hifn7751.c,v 1.59 2001/05/11 15:01:15 deraadt Exp $	*/
+/*	$OpenBSD: hifn7751.c,v 1.60 2001/05/13 15:39:27 deraadt Exp $	*/
 
 /*
  * Invertex AEON / Hi/fn 7751 driver
@@ -93,7 +93,7 @@ int	hifn_newsession __P((u_int32_t *, struct cryptoini *));
 int	hifn_freesession __P((u_int64_t));
 int	hifn_process __P((struct cryptop *));
 void	hifn_callback __P((struct hifn_softc *, struct hifn_command *, u_int8_t *));
-int	hifn_crypto __P((struct hifn_softc *, hifn_command_t *));
+int	hifn_crypto __P((struct hifn_softc *, hifn_command_t *, struct cryptop *));
 int	hifn_readramaddr __P((struct hifn_softc *, int, u_int8_t *, int));
 int	hifn_writeramaddr __P((struct hifn_softc *, int, u_int8_t *, int));
 
@@ -856,22 +856,32 @@ hifn_write_command(cmd, buf)
 }
 
 int 
-hifn_crypto(sc, cmd)
+hifn_crypto(sc, cmd, crp)
 	struct hifn_softc *sc;
 	struct hifn_command *cmd;
+	struct cryptop *crp;
 {
 	u_int32_t cmdlen;
 	struct	hifn_dma *dma = sc->sc_dma;
 	int	cmdi, srci, dsti, resi, nicealign = 0;
 	int     s, i;
 
-	if (cmd->src_npa == 0 && cmd->src_m)
-		cmd->src_l = mbuf2pages(cmd->src_m, &cmd->src_npa,
-		    cmd->src_packp, cmd->src_packl, MAX_SCATTER, &nicealign);
+	if (cmd->src_npa == 0 && cmd->src_m) {
+		if (crp->crp_flags & CRYPTO_F_IMBUF)
+			cmd->src_l = mbuf2pages(cmd->src_m, &cmd->src_npa,
+			    cmd->src_packp, cmd->src_packl, MAX_SCATTER,
+			    &nicealign);
+		else if (crp->crp_flags & CRYPTO_F_IOV)
+			cmd->src_l = iov2pages(cmd->src_io, &cmd->src_npa,
+			    cmd->src_packp, cmd->src_packl, MAX_SCATTER,
+			    &nicealign);
+	}
 	if (cmd->src_l == 0)
 		return (-1);
 
-	if (nicealign == 0) {
+	if (!nicealign && (crp->crp_flags & CRYPTO_F_IOV)) {
+		return (-1);
+	} else if (!nicealign && (crp->crp_flags & CRYPTO_F_IMBUF)) {
 		int totlen, len;
 		struct mbuf *m, *top, **mp;
 
@@ -916,12 +926,15 @@ hifn_crypto(sc, cmd)
 			mp = &m->m_next;
 		}
 		cmd->dst_m = top;
-	}
-	else
+	} else
 		cmd->dst_m = cmd->src_m;
 
-	cmd->dst_l = mbuf2pages(cmd->dst_m, &cmd->dst_npa,
-	    cmd->dst_packp, cmd->dst_packl, MAX_SCATTER, NULL);
+	if (crp->crp_flags & CRYPTO_F_IMBUF)
+		cmd->dst_l = mbuf2pages(cmd->dst_m, &cmd->dst_npa,
+		    cmd->dst_packp, cmd->dst_packl, MAX_SCATTER, NULL);
+	else if (crp->crp_flags & CRYPTO_F_IOV)
+		cmd->dst_l = iov2pages(cmd->dst_io, &cmd->dst_npa,
+		    cmd->dst_packp, cmd->dst_packl, MAX_SCATTER, NULL);
 	if (cmd->dst_l == 0)
 		return (-1);
 
@@ -1249,6 +1262,9 @@ hifn_process(crp)
 	if (crp->crp_flags & CRYPTO_F_IMBUF) {
 		cmd->src_m = (struct mbuf *)crp->crp_buf;
 		cmd->dst_m = (struct mbuf *)crp->crp_buf;
+	} if (crp->crp_flags & CRYPTO_F_IOV) {
+		cmd->src_io = (struct criov *)crp->crp_buf;
+		cmd->dst_io = (struct criov *)crp->crp_buf;
 	} else {
 		err = EINVAL;
 		goto errout;	/* XXX only handle mbufs right now */
@@ -1312,15 +1328,31 @@ hifn_process(crp)
 				bcopy(sc->sc_sessions[session].hs_iv,
 				    cmd->iv, HIFN_IV_LENGTH);
 
-			if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0)
-				m_copyback(cmd->src_m, enccrd->crd_inject,
-				    HIFN_IV_LENGTH, cmd->iv);
+			if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) {
+				if (crp->crp_flags & CRYPTO_F_IMBUF)
+					m_copyback(cmd->src_m, enccrd->crd_inject,
+					    HIFN_IV_LENGTH, cmd->iv);
+				else if (crp->crp_flags & CRYPTO_F_IOV) {
+					if (crp->crp_iv == NULL) {
+						err = EINVAL;
+						goto errout;
+					}
+					bcopy(crp->crp_iv, cmd->iv, 8);
+				}
+			}
 		} else {
 			if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
 				bcopy(enccrd->crd_iv, cmd->iv, HIFN_IV_LENGTH);
-			else
+			else if (crp->crp_flags & CRYPTO_F_IMBUF)
 				m_copydata(cmd->src_m, enccrd->crd_inject,
 				    HIFN_IV_LENGTH, cmd->iv);
+			else if (crp->crp_flags & CRYPTO_F_IOV) {
+				if (crp->crp_iv == NULL) {
+					err = EINVAL;
+					goto errout;
+				}
+				bcopy(crp->crp_iv, cmd->iv, 8);
+			}
 		}
 
 		if (enccrd->crd_alg == CRYPTO_DES_CBC)
@@ -1365,7 +1397,7 @@ hifn_process(crp)
 	cmd->session_num = session;
 	cmd->softc = sc;
 
-	if (hifn_crypto(sc, cmd) == 0)
+	if (hifn_crypto(sc, cmd, crp) == 0)
 		return (0);
 
 	err = ENOMEM;
@@ -1399,25 +1431,27 @@ hifn_callback(sc, cmd, macbuf)
 		crp->crp_buf = (caddr_t)cmd->dst_m;
 	}
 
-	if ((m = cmd->dst_m) != NULL) {
-		totlen = cmd->src_l;
-		hifnstats.hst_obytes += totlen;
-		while (m) {
-			if (totlen < m->m_len) {
-				m->m_len = totlen;
-				totlen = 0;
-			} else
-				totlen -= m->m_len;
-			m = m->m_next;
+	if (crp->crp_flags & CRYPTO_F_IMBUF) {
+		if ((m = cmd->dst_m) != NULL) {
+			totlen = cmd->src_l;
+			hifnstats.hst_obytes += totlen;
+			while (m) {
+				if (totlen < m->m_len) {
+					m->m_len = totlen;
+					totlen = 0;
+				} else
+					totlen -= m->m_len;
+				m = m->m_next;
+				if (++dma->dstk == HIFN_D_DST_RSIZE)
+					dma->dstk = 0;
+				dma->dstu--;
+			}
+		} else {
+			hifnstats.hst_obytes += dma->dstr[dma->dstk].l & HIFN_D_LENGTH;
 			if (++dma->dstk == HIFN_D_DST_RSIZE)
 				dma->dstk = 0;
 			dma->dstu--;
 		}
-	} else {
-		hifnstats.hst_obytes += dma->dstr[dma->dstk].l & HIFN_D_LENGTH;
-		if (++dma->dstk == HIFN_D_DST_RSIZE)
-			dma->dstk = 0;
-		dma->dstu--;
 	}
 
 	if ((cmd->base_masks & (HIFN_BASE_CMD_CRYPT | HIFN_BASE_CMD_DECODE)) ==
@@ -1426,10 +1460,17 @@ hifn_callback(sc, cmd, macbuf)
 			if (crd->crd_alg != CRYPTO_DES_CBC &&
 			    crd->crd_alg != CRYPTO_3DES_CBC)
 				continue;
-			m_copydata((struct mbuf *)crp->crp_buf,
-			    crd->crd_skip + crd->crd_len - HIFN_IV_LENGTH,
-			    HIFN_IV_LENGTH,
-			    cmd->softc->sc_sessions[cmd->session_num].hs_iv);
+			if (crp->crp_flags & CRYPTO_F_IMBUF)
+				m_copydata((struct mbuf *)crp->crp_buf,
+				    crd->crd_skip + crd->crd_len - HIFN_IV_LENGTH,
+				    HIFN_IV_LENGTH,
+				    cmd->softc->sc_sessions[cmd->session_num].hs_iv);
+			else if (crp->crp_flags & CRYPTO_F_IOV) {
+				criov_copydata((struct criov *)crp->crp_buf,
+				    crd->crd_skip + crd->crd_len - HIFN_IV_LENGTH,
+				    HIFN_IV_LENGTH,
+				    cmd->softc->sc_sessions[cmd->session_num].hs_iv);
+			}
 			break;
 		}
 	}
@@ -1439,8 +1480,11 @@ hifn_callback(sc, cmd, macbuf)
 			if (crd->crd_alg != CRYPTO_MD5_HMAC &&
 			    crd->crd_alg != CRYPTO_SHA1_HMAC)
 				continue;
-			m_copyback((struct mbuf *)crp->crp_buf,
-			    crd->crd_inject, 12, macbuf);
+			if (crp->crp_flags & CRYPTO_F_IMBUF)
+				m_copyback((struct mbuf *)crp->crp_buf,
+				    crd->crd_inject, 12, macbuf);
+			else if ((crp->crp_flags & CRYPTO_F_IOV) && crp->crp_mac)
+				bcopy((caddr_t)macbuf, crp->crp_mac, 12);
 			break;
 		}
 	}
diff --git a/sys/dev/pci/hifn7751var.h b/sys/dev/pci/hifn7751var.h
index 78e7ca3f471..35613244238 100644
--- a/sys/dev/pci/hifn7751var.h
+++ b/sys/dev/pci/hifn7751var.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: hifn7751var.h,v 1.18 2000/06/02 22:36:45 deraadt Exp $	*/
+/*	$OpenBSD: hifn7751var.h,v 1.19 2001/05/13 15:39:27 deraadt Exp $	*/
 
 /*
  * Invertex AEON / Hi/fn 7751 driver
@@ -176,12 +176,14 @@ typedef struct hifn_command {
 	u_char	iv[HIFN_IV_LENGTH], *ck, mac[HIFN_MAC_KEY_LENGTH];
 
 	struct mbuf *src_m;
+	struct criov *src_io;
 	long	src_packp[MAX_SCATTER];
 	int	src_packl[MAX_SCATTER];
 	int	src_npa;
 	int	src_l;
 
 	struct mbuf *dst_m;
+	struct criov *dst_io;
 	long	dst_packp[MAX_SCATTER];
 	int	dst_packl[MAX_SCATTER];
 	int	dst_npa;
@@ -192,6 +194,7 @@ typedef struct hifn_command {
 
 	u_long private_data;
 	struct hifn_softc *softc;
+	struct cryptop *crp;
 } hifn_command_t;
 
 /*
diff --git a/sys/dev/pci/ubsec.c b/sys/dev/pci/ubsec.c
index 9a84e700264..458a11bbfe3 100644
--- a/sys/dev/pci/ubsec.c
+++ b/sys/dev/pci/ubsec.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ubsec.c,v 1.45 2001/05/13 01:20:02 jason Exp $	*/
+/*	$OpenBSD: ubsec.c,v 1.46 2001/05/13 15:39:27 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2000 Jason L. Wright (jason@thought.net)
@@ -598,6 +598,9 @@ ubsec_process(crp)
 	if (crp->crp_flags & CRYPTO_F_IMBUF) {
 		q->q_src_m = (struct mbuf *)crp->crp_buf;
 		q->q_dst_m = (struct mbuf *)crp->crp_buf;
+	} else if (crp->crp_flags & CRYPTO_F_IOV) {
+		q->q_src = (struct criov *)crp->crp_buf;
+		q->q_dst = (struct criov *)crp->crp_buf;
 	} else {
 		err = EINVAL;
 		goto errout;	/* XXX only handle mbufs right now */
@@ -672,17 +675,34 @@ ubsec_process(crp)
 				q->q_ctx.pc_iv[1] = ses->ses_iv[1];
 			}
 
-			if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0)
-				m_copyback(q->q_src_m, enccrd->crd_inject,
-				    8, (caddr_t)q->q_ctx.pc_iv);
+			if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) {
+				if (crp->crp_flags & CRYPTO_F_IMBUF)
+					m_copyback(q->q_src_m, enccrd->crd_inject,
+					    8, (caddr_t)q->q_ctx.pc_iv);
+				else if (crp->crp_flags & CRYPTO_F_IOV) {
+					if (crp->crp_iv == NULL) {
+						err = EINVAL;
+						goto errout;
+					}
+					bcopy(crp->crp_iv,
+					    (caddr_t)q->q_ctx.pc_iv, 8);
+				}
+			}
 		} else {
 			q->q_ctx.pc_flags |= UBS_PKTCTX_INBOUND;
 
 			if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
 				bcopy(enccrd->crd_iv, q->q_ctx.pc_iv, 8);
-			else
+			else if (crp->crp_flags & CRYPTO_F_IMBUF)
 				m_copydata(q->q_src_m, enccrd->crd_inject,
 				    8, (caddr_t)q->q_ctx.pc_iv);
+			else if (crp->crp_flags & CRYPTO_F_IOV) {
+				if (crp->crp_iv == NULL) {
+					err = EINVAL;
+					goto errout;
+				}
+				bcopy(crp->crp_iv, (caddr_t)q->q_ctx.pc_iv, 8);
+			}
 		}
 
 		q->q_ctx.pc_deskey[0] = ses->ses_deskey[0];
@@ -745,8 +765,12 @@ ubsec_process(crp)
 	}
 	q->q_ctx.pc_offset = coffset >> 2;
 
-	q->q_src_l = mbuf2pages(q->q_src_m, &q->q_src_npa, q->q_src_packp,
-	    q->q_src_packl, MAX_SCATTER, &nicealign);
+	if (crp->crp_flags & CRYPTO_F_IMBUF)
+		q->q_src_l = mbuf2pages(q->q_src_m, &q->q_src_npa, q->q_src_packp,
+		    q->q_src_packl, MAX_SCATTER, &nicealign);
+	else if (crp->crp_flags & CRYPTO_F_IOV)
+		q->q_src_l = iov2pages(q->q_src, &q->q_src_npa, q->q_src_packp,
+		    q->q_src_packl, MAX_SCATTER, &nicealign);
 	if (q->q_src_l == 0) {
 		err = ENOMEM;
 		goto errout;
@@ -824,7 +848,10 @@ ubsec_process(crp)
 		    q->q_mcr->mcr_opktbuf.pb_next);
 #endif
 	} else {
-		if (!nicealign) {
+		if (!nicealign && (crp->crp_flags & CRYPTO_F_IOV)) {
+			err = EINVAL;
+			goto errout;
+		} else if (!nicealign && (crp->crp_flags & CRYPTO_F_IMBUF)) {
 			int totlen, len;
 			struct mbuf *m, *top, **mp;
 
@@ -876,8 +903,12 @@ ubsec_process(crp)
 		} else
 			q->q_dst_m = q->q_src_m;
 
-		q->q_dst_l = mbuf2pages(q->q_dst_m, &q->q_dst_npa,
-		    q->q_dst_packp, q->q_dst_packl, MAX_SCATTER, NULL);
+		if (crp->crp_flags & CRYPTO_F_IMBUF)
+			q->q_dst_l = mbuf2pages(q->q_dst_m, &q->q_dst_npa,
+			    q->q_dst_packp, q->q_dst_packl, MAX_SCATTER, NULL);
+		else if (crp->crp_flags & CRYPTO_F_IOV)
+			q->q_dst_l = iov2pages(q->q_dst, &q->q_dst_npa,
+			    q->q_dst_packp, q->q_dst_packl, MAX_SCATTER, NULL);
 
 #ifdef UBSEC_DEBUG
 		printf("dst skip: %d\n", dskip);
@@ -974,7 +1005,7 @@ errout:
 	if (q != NULL) {
 		if (q->q_mcr)
 			free(q->q_mcr, M_DEVBUF);
-		if (q->q_src_m != q->q_dst_m)
+		if (q->q_dst_m && q->q_src_m != q->q_dst_m)
 			m_freem(q->q_dst_m);
 		free(q, M_DEVBUF);
 	}
@@ -1002,9 +1033,15 @@ ubsec_callback(q)
 			if (crd->crd_alg != CRYPTO_DES_CBC &&
 			    crd->crd_alg != CRYPTO_3DES_CBC)
 				continue;
-			m_copydata((struct mbuf *)crp->crp_buf,
-			    crd->crd_skip + crd->crd_len - 8, 8,
-			    (caddr_t)q->q_sc->sc_sessions[q->q_sesn].ses_iv);
+			if (crp->crp_flags & CRYPTO_F_IMBUF)
+				m_copydata((struct mbuf *)crp->crp_buf,
+				    crd->crd_skip + crd->crd_len - 8, 8,
+				    (caddr_t)q->q_sc->sc_sessions[q->q_sesn].ses_iv);
+			else if (crp->crp_flags & CRYPTO_F_IOV) {
+				/* XXX need last 8 bytes of encrypted data, and shove
+				 * it into ses_iv */
+				/* MISSING bcopy */
+			}
 			break;
 		}
 	}
@@ -1013,8 +1050,11 @@ ubsec_callback(q)
 		if (crd->crd_alg != CRYPTO_MD5_HMAC &&
 		    crd->crd_alg != CRYPTO_SHA1_HMAC)
 			continue;
-		m_copyback((struct mbuf *)crp->crp_buf,
-		    crd->crd_inject, 12, (caddr_t)q->q_macbuf);
+		if (crp->crp_flags & CRYPTO_F_IMBUF)
+			m_copyback((struct mbuf *)crp->crp_buf,
+			    crd->crd_inject, 12, (caddr_t)q->q_macbuf);
+		else if (crp->crp_flags & CRYPTO_F_IOV && crp->crp_mac)
+			bcopy((caddr_t)q->q_macbuf, crp->crp_mac, 12);
 		break;
 	}
 
diff --git a/sys/dev/pci/ubsecvar.h b/sys/dev/pci/ubsecvar.h
index 7fc851e065b..a75a7662acf 100644
--- a/sys/dev/pci/ubsecvar.h
+++ b/sys/dev/pci/ubsecvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ubsecvar.h,v 1.13 2001/05/13 01:20:02 jason Exp $	*/
+/*	$OpenBSD: ubsecvar.h,v 1.14 2001/05/13 15:39:27 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2000 Theo de Raadt
@@ -61,6 +61,7 @@ struct ubsec_q {
 
 	struct ubsec_softc		*q_sc;
 	struct mbuf 		      	*q_src_m, *q_dst_m;
+	struct criov			*q_src, *q_dst;
 
 	long				q_src_packp[MAX_SCATTER];
 	int				q_src_packl[MAX_SCATTER];