Subject: Re: Please review design of Security Engine driver for Au1550
To: Shigeyuki Fukushima <shige@NetBSD.org>
From: Garrett D'Amore <garrett_damore@tadpole.com>
List: port-evbmips
Date: 03/09/2006 12:57:24
Hm...
You're jumping ahead of me now -- I was planning on implementing this
myself. :-) A few considerations:
1) This is a SafeNet core. It might be a good idea to see if we can use
a common safenet driver and au1550 specific attachment code.
(safenet_aubus.c and safenet_pci.c?)
2) OpenCrypto is definitely the right way to go.
3) The RNG code should be a part. I was going to write the RNG code
last weekend but got caught up. The "rnd" framework really needs some
enhancements so that we can register a callback routine where the rnd
framework can poll for entropy. This was the topic of a long discussion
off-list last week. :-) I've promised to do this, I just haven't got to
it yet.
-- Garrett
Shigeyuki Fukushima wrote:
> Hi,
>
> Now I'm trying to develop a driver for Au1550's Security Engine.
> There is a Security Engine function *only* on Au1550.
> (c.f. Au1200 has `AES Cryptography Engine'.
> This should be implemented as another cryptographic device ?
>
> # For now, other AuXXX have no security function on chip.
>
> Please review design of its driver.
> I think that we should implement it as an opencrypto device.
> I attached frame of codes in this mail.
>
> The point of argument:
> 1. Device Naming
> 2. Whether apply OpenCrypto Framework or not.
> 3. Whether need an RNG-only device or not.
> 4. (other thing...)
>
> Have you something good idea?
>
>
> ------------------------------------------------------------------------
>
> ? sys/arch/mips/alchemy/dev/aucrypto.c
> ? sys/arch/mips/alchemy/dev/aucryptoreg.h
> Index: sys/arch/mips/alchemy/au1550.c
> ===================================================================
> RCS file: /cvsroot/src/sys/arch/mips/alchemy/au1550.c,v
> retrieving revision 1.7
> diff -u -r1.7 au1550.c
> --- sys/arch/mips/alchemy/au1550.c 24 Feb 2006 14:34:31 -0000 1.7
> +++ sys/arch/mips/alchemy/au1550.c 9 Mar 2006 19:19:28 -0000
> @@ -189,6 +189,7 @@
> { "aupsc", { PSC1_BASE }, { 11, -1 }},
> { "aupsc", { PSC2_BASE }, { 12, -1 }},
> { "aupsc", { PSC3_BASE }, { 13, -1 }},
> + { "aucrypto", { CRYPTO_BASE }, { 4, -1 }},
> #if 0
> { "usbd", { USBD_BASE }, { 24, 25 }},
> { "aucrypto", { CRYPTO_BASE }, { 4, -1 }},
> Index: sys/arch/mips/alchemy/include/aureg.h
> ===================================================================
> RCS file: /cvsroot/src/sys/arch/mips/alchemy/include/aureg.h,v
> retrieving revision 1.15
> diff -u -r1.15 aureg.h
> --- sys/arch/mips/alchemy/include/aureg.h 1 Mar 2006 18:35:28 -0000 1.15
> +++ sys/arch/mips/alchemy/include/aureg.h 9 Mar 2006 19:19:28 -0000
> @@ -132,6 +132,12 @@
> */
>
> /************************************************************************/
> +/******************** Security Engine registers *********************/
> +/************************************************************************/
> +
> +#define CRYPTO_BASE 0x14008000
> +
> +/************************************************************************/
> /************* Programable Serial Controller registers **************/
> /************************************************************************/
>
> Index: sys/arch/mips/conf/files.alchemy
> ===================================================================
> RCS file: /cvsroot/src/sys/arch/mips/conf/files.alchemy,v
> retrieving revision 1.11
> diff -u -r1.11 files.alchemy
> --- sys/arch/mips/conf/files.alchemy 6 Mar 2006 17:16:45 -0000 1.11
> +++ sys/arch/mips/conf/files.alchemy 9 Mar 2006 19:19:28 -0000
> @@ -69,6 +69,11 @@
> attach ausmbus at aupsc
> file arch/mips/alchemy/dev/ausmbus_psc.c ausmbus
>
> +# On-chip Security Engine
> +device aucrypto: opencrypto
> +attach aucrypto at aubus
> +file arch/mips/alchemy/dev/aucrypto.c aucrypto
> +
> # On-chip PCMCIA
> #
> # XXX: NOTE: As of Feb. 22, 2006, the aupcmcia bus is not quite
>
> ------------------------------------------------------------------------
>
> /* $NetBSD$ */
>
> /*-
> * Copyright (c) 2006 Shigeyuki Fukushima.
> * All rights reserved.
> *
> * Written by Shigeyuki Fukushima.
> *
> * Redistribution and use in source and binary forms, with or without
> * modification, are permitted provided that the following conditions
> * are met:
> * 1. Redistributions of source code must retain the above copyright
> * notice, this list of conditions and the following disclaimer.
> * 2. Redistributions in binary form must reproduce the above
> * copyright notice, this list of conditions and the following
> * disclaimer in the documentation and/or other materials provided
> * with the distribution.
> * 3. The name of the author may not be used to endorse or promote
> * products derived from this software without specific prior
> * written permission.
> *
> * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
> * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
> * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
> * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
> * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
> * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
> * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
> * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> */
>
> #include <sys/cdefs.h>
> __KERNEL_RCSID(0, "$NetBSD$");
>
> #include "locators.h"
>
> #include <sys/param.h>
> #include <sys/systm.h>
> #include <sys/device.h>
>
> #include <machine/bus.h>
> #include <machine/cpu.h>
>
> #include <opencrypto/cryptodev.h>
>
> #include <mips/alchemy/include/aubusvar.h>
> #include <mips/alchemy/include/aureg.h>
> #include <mips/alchemy/dev/aucryptoreg.h>
>
> struct aucrypto_softc {
> struct device sc_dev;
> bus_space_tag_t sc_bust;
> bus_space_handle_t sc_bush;
>
> int32_t sc_cid; /* crypto tag */
> };
>
> static int aucrypto_match(struct device *, struct cfdata *, void *);
> static void aucrypto_attach(struct device *, struct device *, void *);
>
> CFATTACH_DECL(aucrypto, sizeof(struct aucrypto_softc),
> aucrypto_match, aucrypto_attach, NULL, NULL);
>
> static int aucrypto_newsession(void*, uint32_t*, struct cryptoini*);
> static int aucrypto_process(void*, struct cryptop *, int);
> static int aucrypto_freesession(void*, uint64_t);
>
>
> static int
> aucrypto_match(struct device *parent, struct cfdata *cf, void *aux)
> {
> struct aubus_attach_args *aa = (struct aubus_attach_args *)aux;
>
> if (strcmp(aa->aa_name, cf->cf_name) != 0)
> return 0;
>
> return 1;
> }
>
> static void
> aucrypto_attach(struct device *parent, struct device *self, void *aux)
> {
> struct aucrypto_softc *sc = (struct aucrypto_softc *)self;
> struct aubus_attach_args *aa = aux;
> uint32_t rv;
>
> sc->sc_bust = aa->aa_st;
> if (bus_space_map(sc->sc_bust, aa->aa_addr,
> AUCRYPTO_SIZE, 0, &sc->sc_bush) != 0) {
> aprint_error(": unable to map device registers\n");
> return;
> }
>
> aprint_normal(": Alchemy Security Engine\n");
>
> sc->sc_cid = crypto_get_driverid(0);
> if (sc->sc_cid < 0) {
> aprint_error("%s: couldn't get crypto driver id\n",
> sc->sc_dev.dv_xname);
> return;
> }
>
> crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0,
> aucrypto_newsession, aucrypto_freesession,
> aucrypto_process, sc);
> crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0,
> aucrypto_newsession, aucrypto_freesession,
> aucrypto_process, sc);
> crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0,
> aucrypto_newsession, aucrypto_freesession,
> aucrypto_process, sc);
> crypto_register(sc->sc_cid, CRYPTO_ARC4, 0, 0,
> aucrypto_newsession, aucrypto_freesession,
> aucrypto_process, sc);
> crypto_register(sc->sc_cid, CRYPTO_MD5, 0, 0,
> aucrypto_newsession, aucrypto_freesession,
> aucrypto_process, sc);
> crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0,
> aucrypto_newsession, aucrypto_freesession,
> aucrypto_process, sc);
> crypto_register(sc->sc_cid, CRYPTO_SHA1, 0, 0,
> aucrypto_newsession, aucrypto_freesession,
> aucrypto_process, sc);
> crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0,
> aucrypto_newsession, aucrypto_freesession,
> aucrypto_process, sc);
>
> rv = bus_space_read_4(sc->sc_bust, sc->sc_bush, AUCRYPTO_SEC_SYSENABLE);
> bus_space_write_4(sc->sc_bust, sc->sc_bush,
> AUCRYPTO_SEC_SYSENABLE, (rv | AUCRYPTO_SEC_SYSENABLE_CE));
> delay(1);
>
> /* XXX: now implementing (other initialization ops) */
>
> #ifdef AUCRYPTO_DEBUG
> printf("Register sec_sysenable: 0x%08x\n", rv);
> rv = bus_space_read_4(sc->sc_bust, sc->sc_bush, AUCRYPTO_SEC_SYSENABLE);
> printf("Register sec_sysenable: 0x%08x\n", rv);
> #endif
> }
>
> static int
> aucrypto_newsession(void *arg, uint32_t *sidp, struct cryptoini *cri)
> {
> struct aucrypto_softc *sc;
>
> sc = arg;
> KASSERT(sc != NULL);
>
> /* XXX: now implementing */
>
> return 0;
> }
>
> static int
> aucrypto_process(void *arg, struct cryptop *crp, int hint)
> {
> struct aucrypto_softc *sc;
>
> sc = arg;
> KASSERT(sc != NULL);
>
> /* XXX: now implementing */
>
> return 0;
> }
>
> static int
> aucrypto_freesession(void *arg, uint64_t tid)
> {
> struct aucrypto_softc *sc;
>
> sc = arg;
> KASSERT(sc != NULL);
>
> /* XXX: now implementing */
>
> return 0;
> }
>
> ------------------------------------------------------------------------
>
> /* $NetBSD$ */
>
> /*-
> * Copyright (c) 2006 Shigeyuki Fukushima.
> * All rights reserved.
> *
> * Written by Shigeyuki Fukushima.
> *
> * Redistribution and use in source and binary forms, with or without
> * modification, are permitted provided that the following conditions
> * are met:
> * 1. Redistributions of source code must retain the above copyright
> * notice, this list of conditions and the following disclaimer.
> * 2. Redistributions in binary form must reproduce the above
> * copyright notice, this list of conditions and the following
> * disclaimer in the documentation and/or other materials provided
> * with the distribution.
> * 3. The name of the author may not be used to endorse or promote
> * products derived from this software without specific prior
> * written permission.
> *
> * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
> * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
> * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
> * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
> * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
> * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
> * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
> * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> */
>
> #ifndef _MIPS_ALCHEMY_DEV_AUCRYPTOREG_H_
> #define _MIPS_ALCHEMY_DEV_AUCRYPTOREG_H_
>
> /* Memory size for Security Engine registers */
> #define AUCRYPTO_SIZE 0x800
>
> /*
> * Au1550 Security Engine registers
> *
> * Registers Prefix Start End
> * ------------------------- ---------------- ------ ------
> * Command Queue regs AUCRYPTO_SEC_Q 0x0000 0x001F
> * System Bus Interface regs AUCRYPTO_SEC_SYS 0x0020 0x003F
> * Global regs AUCRYPTO_SEC_GLB 0x0040 0x007F
> * Device ID and Control regs AUCRYPTO_SEC_DEV 0x0080 0x009F
> * Interrupt Controller regs AUCRYPTO_SEC_INT 0x00A0 0x00BF
> * DMA Controller regs AUCRYPTO_SEC_DMA 0x00C0 0x00FF
> * RNG regs AUCRYPTO_SEC_RNG 0x0100 0x01FF
> * Reserved --- 0x0200 0x05FF
> * SA Context regs AUCRYPTO_SEC_SA 0x0600 0x069F
> * Input/Output FIFOs AUCRYPTO_SEC_IN 0x06A0 0x06A7
> * AUCRYPTO_SEC_OUT
> * Reserved --- 0x06A8 0x07FF
> */
>
> /* Command Queue Registers */
> #define AUCRYPTO_SEC_QCTRLSTAT 0x0000
> #define AUCRYPTO_SEC_QSRCADDR 0x0004
> #define AUCRYPTO_SEC_QDSTADDR 0x0008
> #define AUCRYPTO_SEC_QSAADDR 0x000c
> #define AUCRYPTO_SEC_QLENCTRL 0x0010
>
> /* System Bus Interface Registers */
> #define AUCRYPTO_SEC_SYSENABLE 0x0020
> #define AUCRYPTO_SEC_SYSENABLE_CE (1u << 0)
> #define AUCRYPTO_SEC_SYSHINT 0x0024
> #define AUCRYPTO_SEC_SYSBUFSTAT 0x0028
> #define AUCRYPTO_SEC_SYSBUSCFG 0x002c
>
> /* Global Registers */
> #define AUCRYPTO_SEC_GLBDMACFG 0x0040
> #define AUCRYPTO_SEC_GLBDMASTAT 0x0044
> #define AUCRYPTO_SEC_GLBPDRBASE 0x0048
> #define AUCRYPTO_SEC_GLBRDRBASE 0x004c
> #define AUCRYPTO_SEC_GLBRSIZE 0x0050
> #define AUCRYPTO_SEC_GLBRPOLL 0x0054
> #define AUCRYPTO_SEC_GLBQSTAT 0x0058
> #define AUCRYPTO_SEC_GLBEXTRSTAT 0x005c
> #define AUCRYPTO_SEC_GLBTHRESH 0x0060
>
> /* Device ID and Control Registers */
> #define AUCRYPTO_SEC_DEVCTRL 0x0080
> #define AUCRYPTO_SEC_DEVID 0x0084
> #define AUCRYPTO_SEC_DEVINFO 0x0088
>
> /* Interrupt Controller Registers */
> #define AUCRYPTO_SEC_INTHUSTAT 0x00a0
> #define AUCRYPTO_SEC_INTHMSTAT 0x00a4
> #define AUCRYPTO_SEC_INTHCLR 0x00a8
> #define AUCRYPTO_SEC_INTHMASK 0x00ac
> #define AUCRYPTO_SEC_INTHCFG 0x00b0
> #define AUCRYPTO_SEC_INTDESCRD 0x00b4
> #define AUCRYPTO_SEC_INTDESCCNT 0x00b8
>
> /* DMA Controller Registers */
> #define AUCRYPTO_SEC_DMASADDR 0x00c4
> #define AUCRYPTO_SEC_DMADADDR 0x00c8
> #define AUCRYPTO_SEC_DMASTAT 0x00cc
> #define AUCRYPTO_SEC_DMABURST 0x00d4
> #define AUCRYPTO_SEC_DMAENDIAN 0x00e4
>
> /* RNG (Rnadom Number Generator) Registers */
> #define AUCRYPTO_SEC_RNGOUT 0x0100
> #define AUCRYPTO_SEC_RNGSTAT 0x0104
> #define AUCRYPTO_SEC_RNGCTRL 0x0108
> #define AUCRYPTO_SEC_RNGA 0x010c
> #define AUCRYPTO_SEC_RNGB 0x0110
> #define AUCRYPTO_SEC_RNGSEED0 0x0114
> #define AUCRYPTO_SEC_RNGSEED1 0x0118
> #define AUCRYPTO_SEC_RNGSEED2 0x011c
> #define AUCRYPTO_SEC_RNGCNT 0x0120
> #define AUCRYPTO_SEC_RNGALARM 0x0124
> #define AUCRYPTO_SEC_RNGCFG 0x0128
> #define AUCRYPTO_SEC_RNGLFSR1A 0x012c
> #define AUCRYPTO_SEC_RNGLFSR1B 0x0130
> #define AUCRYPTO_SEC_RNGLFSR2A 0x0134
> #define AUCRYPTO_SEC_RNGLFSR2B 0x0138
>
> /* SA Context Registers */
> #define AUCRYPTO_SEC_SACMD0 0x0600
> #define AUCRYPTO_SEC_SACMD1 0x0604
> #define AUCRYPTO_SEC_SAKEY1A 0x0610
> #define AUCRYPTO_SEC_SAKEY1B 0x0614
> #define AUCRYPTO_SEC_SAKEY2A 0x0618
> #define AUCRYPTO_SEC_SAKEY2B 0x061c
> #define AUCRYPTO_SEC_SAKEY3A 0x0620
> #define AUCRYPTO_SEC_SAKEY3B 0x0624
> #define AUCRYPTO_SEC_SAKEY4A 0x0628
> #define AUCRYPTO_SEC_SAKEY4B 0x062c
> #define AUCRYPTO_SEC_SAINHASH0 0x0630
> #define AUCRYPTO_SEC_SAINHASH1 0x0634
> #define AUCRYPTO_SEC_SAINHASH2 0x0638
> #define AUCRYPTO_SEC_SAINHASH3 0x063c
> #define AUCRYPTO_SEC_SAINHASH4 0x0640
> #define AUCRYPTO_SEC_SAOUTHASH0 0x0644
> #define AUCRYPTO_SEC_SAOUTHASH1 0x0648
> #define AUCRYPTO_SEC_SAOUTHASH2 0x065c
> #define AUCRYPTO_SEC_SAOUTHASH3 0x0650
> #define AUCRYPTO_SEC_SAOUTHASH4 0x0654
> #define AUCRYPTO_SEC_SASPI 0x0658
> #define AUCRYPTO_SEC_SASEQ 0x065c
> #define AUCRYPTO_SEC_SASEQMASK0 0x0660
> #define AUCRYPTO_SEC_SASEQMASK1 0x0664
> #define AUCRYPTO_SEC_SAIV0 0x066c
> #define AUCRYPTO_SEC_SAIV1 0x0670
> #define AUCRYPTO_SEC_SAIV2 0x0674
> #define AUCRYPTO_SEC_SAIV3 0x0678
> #define AUCRYPTO_SEC_SAHASHCNT 0x067c
> #define AUCRYPTO_SEC_SAINHASH0SHD 0x0680
> #define AUCRYPTO_SEC_SAINHASH1SHD 0x0684
> #define AUCRYPTO_SEC_SAINHASH2SHD 0x0688
> #define AUCRYPTO_SEC_SAINHASH3SHD 0x068c
> #define AUCRYPTO_SEC_SAINHASH4SHD 0x0690
> #define AUCRYPTO_SEC_SAICV0 0x0694
> #define AUCRYPTO_SEC_SAICV1 0x0698
> #define AUCRYPTO_SEC_SAICV2 0x069c
>
> /* Input/Output FIFOs */
> #define AUCRYPTO_SEC_INDATA 0x06a0
> #define AUCRYPTO_SEC_OUTDATA 0x06a4
>
> #endif /* _MIPS_ALCHEMY_DEV_AUCRYPTOREG_H_ */
>
--
Garrett D'Amore, Principal Software Engineer
Tadpole Computer / Computing Technologies Division,
General Dynamics C4 Systems
http://www.tadpolecomputer.com/
Phone: 951 325-2134 Fax: 951 325-2191