2 * Linux port done by David McCullough <david_mccullough@mcafee.com>
3 * Copyright (C) 2006-2010 David McCullough
4 * Copyright (C) 2004-2005 Intel Corporation.
5 * The license and original author are listed below.
7 * Redistribution and use in source and binary forms, with or without
8 * Copyright (c) 2002-2006 Sam Leffler. All rights reserved.
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 #include <sys/cdefs.h>
32 __FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.27 2007/03/21 03:42:51 sam Exp $");
36 * Cryptographic Subsystem.
38 * This code is derived from the Openbsd Cryptographic Framework (OCF)
39 * that has the copyright shown below. Very little of the original
43 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
45 * This code was written by Angelos D. Keromytis in Athens, Greece, in
46 * February 2000. Network Security Technologies Inc. (NSTI) kindly
47 * supported the development of this code.
49 * Copyright (c) 2000, 2001 Angelos D. Keromytis
51 * Permission to use, copy, and modify this software with or without fee
52 * is hereby granted, provided that this entire notice is included in
53 * all source code copies of any software which is or includes a copy or
54 * modification of this software.
56 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
57 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
58 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
59 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
62 __FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.16 2005/01/07 02:29:16 imp Exp $");
66 #include <linux/version.h>
67 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
68 #include <generated/autoconf.h>
70 #include <linux/autoconf.h>
72 #include <linux/module.h>
73 #include <linux/init.h>
74 #include <linux/list.h>
75 #include <linux/slab.h>
76 #include <linux/wait.h>
77 #include <linux/sched.h>
78 #include <linux/spinlock.h>
79 #include <linux/version.h>
80 #include <cryptodev.h>
83 * keep track of whether or not we have been initialised, a big
84 * issue if we are linked into the kernel and a driver gets started before
87 static int crypto_initted = 0;
90 * Crypto drivers register themselves by allocating a slot in the
91 * crypto_drivers table with crypto_get_driverid() and then registering
92 * each algorithm they support with crypto_register() and crypto_kregister().
96 * lock on driver table
97 * we track its state as spin_is_locked does not do anything on non-SMP boxes
99 static spinlock_t crypto_drivers_lock;
100 static int crypto_drivers_locked; /* for non-SMP boxes */
102 #define CRYPTO_DRIVER_LOCK() \
104 spin_lock_irqsave(&crypto_drivers_lock, d_flags); \
105 crypto_drivers_locked = 1; \
106 dprintk("%s,%d: DRIVER_LOCK()\n", __FILE__, __LINE__); \
108 #define CRYPTO_DRIVER_UNLOCK() \
110 dprintk("%s,%d: DRIVER_UNLOCK()\n", __FILE__, __LINE__); \
111 crypto_drivers_locked = 0; \
112 spin_unlock_irqrestore(&crypto_drivers_lock, d_flags); \
114 #define CRYPTO_DRIVER_ASSERT() \
116 if (!crypto_drivers_locked) { \
117 dprintk("%s,%d: DRIVER_ASSERT!\n", __FILE__, __LINE__); \
122 * Crypto device/driver capabilities structure.
125 * (d) - protected by CRYPTO_DRIVER_LOCK()
126 * (q) - protected by CRYPTO_Q_LOCK()
127 * Not tagged fields are read-only.
130 device_t cc_dev; /* (d) device/driver */
131 u_int32_t cc_sessions; /* (d) # of sessions */
132 u_int32_t cc_koperations; /* (d) # os asym operations */
134 * Largest possible operator length (in bits) for each type of
135 * encryption algorithm. XXX not used
137 u_int16_t cc_max_op_len[CRYPTO_ALGORITHM_MAX + 1];
138 u_int8_t cc_alg[CRYPTO_ALGORITHM_MAX + 1];
139 u_int8_t cc_kalg[CRK_ALGORITHM_MAX + 1];
141 int cc_flags; /* (d) flags */
142 #define CRYPTOCAP_F_CLEANUP 0x80000000 /* needs resource cleanup */
143 int cc_qblocked; /* (q) symmetric q blocked */
144 int cc_kqblocked; /* (q) asymmetric q blocked */
146 int cc_unqblocked; /* (q) symmetric q blocked */
147 int cc_unkqblocked; /* (q) asymmetric q blocked */
149 static struct cryptocap *crypto_drivers = NULL;
150 static int crypto_drivers_num = 0;
153 * There are two queues for crypto requests; one for symmetric (e.g.
154 * cipher) operations and one for asymmetric (e.g. MOD)operations.
155 * A single mutex is used to lock access to both queues. We could
156 * have one per-queue but having one simplifies handling of block/unblock
159 static int crp_sleep = 0;
160 static LIST_HEAD(crp_q); /* request queues */
161 static LIST_HEAD(crp_kq);
163 static spinlock_t crypto_q_lock;
165 int crypto_all_qblocked = 0; /* protect with Q_LOCK */
166 module_param(crypto_all_qblocked, int, 0444);
167 MODULE_PARM_DESC(crypto_all_qblocked, "Are all crypto queues blocked");
169 int crypto_all_kqblocked = 0; /* protect with Q_LOCK */
170 module_param(crypto_all_kqblocked, int, 0444);
171 MODULE_PARM_DESC(crypto_all_kqblocked, "Are all asym crypto queues blocked");
173 #define CRYPTO_Q_LOCK() \
175 spin_lock_irqsave(&crypto_q_lock, q_flags); \
176 dprintk("%s,%d: Q_LOCK()\n", __FILE__, __LINE__); \
178 #define CRYPTO_Q_UNLOCK() \
180 dprintk("%s,%d: Q_UNLOCK()\n", __FILE__, __LINE__); \
181 spin_unlock_irqrestore(&crypto_q_lock, q_flags); \
185 * There are two queues for processing completed crypto requests; one
186 * for the symmetric and one for the asymmetric ops. We only need one
187 * but have two to avoid type futzing (cryptop vs. cryptkop). A single
188 * mutex is used to lock access to both queues. Note that this lock
189 * must be separate from the lock on request queues to insure driver
190 * callbacks don't generate lock order reversals.
192 static LIST_HEAD(crp_ret_q); /* callback queues */
193 static LIST_HEAD(crp_ret_kq);
195 static spinlock_t crypto_ret_q_lock;
196 #define CRYPTO_RETQ_LOCK() \
198 spin_lock_irqsave(&crypto_ret_q_lock, r_flags); \
199 dprintk("%s,%d: RETQ_LOCK\n", __FILE__, __LINE__); \
201 #define CRYPTO_RETQ_UNLOCK() \
203 dprintk("%s,%d: RETQ_UNLOCK\n", __FILE__, __LINE__); \
204 spin_unlock_irqrestore(&crypto_ret_q_lock, r_flags); \
206 #define CRYPTO_RETQ_EMPTY() (list_empty(&crp_ret_q) && list_empty(&crp_ret_kq))
208 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20)
209 static kmem_cache_t *cryptop_zone;
210 static kmem_cache_t *cryptodesc_zone;
212 static struct kmem_cache *cryptop_zone;
213 static struct kmem_cache *cryptodesc_zone;
216 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27)
217 #include <linux/sched.h>
218 #define kill_proc(p,s,v) send_sig(s,find_task_by_vpid(p),0)
221 #define debug crypto_debug
222 int crypto_debug = 0;
223 module_param(crypto_debug, int, 0644);
224 MODULE_PARM_DESC(crypto_debug, "Enable debug");
225 EXPORT_SYMBOL(crypto_debug);
228 * Maximum number of outstanding crypto requests before we start
229 * failing requests. We need this to prevent DOS when too many
230 * requests are arriving for us to keep up. Otherwise we will
231 * run the system out of memory. Since crypto is slow, we are
232 * usually the bottleneck that needs to say, enough is enough.
234 * We cannot print errors when this condition occurs, we are already too
235 * slow, printing anything will just kill us
238 static int crypto_q_cnt = 0;
239 module_param(crypto_q_cnt, int, 0444);
240 MODULE_PARM_DESC(crypto_q_cnt,
241 "Current number of outstanding crypto requests");
243 static int crypto_q_max = 1000;
244 module_param(crypto_q_max, int, 0644);
245 MODULE_PARM_DESC(crypto_q_max,
246 "Maximum number of outstanding crypto requests");
248 #define bootverbose crypto_verbose
249 static int crypto_verbose = 0;
250 module_param(crypto_verbose, int, 0644);
251 MODULE_PARM_DESC(crypto_verbose,
252 "Enable verbose crypto startup");
254 int crypto_usercrypto = 1; /* userland may do crypto reqs */
255 module_param(crypto_usercrypto, int, 0644);
256 MODULE_PARM_DESC(crypto_usercrypto,
257 "Enable/disable user-mode access to crypto support");
259 int crypto_userasymcrypto = 1; /* userland may do asym crypto reqs */
260 module_param(crypto_userasymcrypto, int, 0644);
261 MODULE_PARM_DESC(crypto_userasymcrypto,
262 "Enable/disable user-mode access to asymmetric crypto support");
264 int crypto_devallowsoft = 0; /* only use hardware crypto */
265 module_param(crypto_devallowsoft, int, 0644);
266 MODULE_PARM_DESC(crypto_devallowsoft,
267 "Enable/disable use of software crypto support");
270 * This parameter controls the maximum number of crypto operations to
271 * do consecutively in the crypto kernel thread before scheduling to allow
272 * other processes to run. Without it, it is possible to get into a
273 * situation where the crypto thread never allows any other processes to run.
274 * Default to 1000 which should be less than one second.
276 static int crypto_max_loopcount = 1000;
277 module_param(crypto_max_loopcount, int, 0644);
278 MODULE_PARM_DESC(crypto_max_loopcount,
279 "Maximum number of crypto ops to do before yielding to other processes");
281 static pid_t cryptoproc = (pid_t) -1;
282 static struct completion cryptoproc_exited;
283 static DECLARE_WAIT_QUEUE_HEAD(cryptoproc_wait);
284 static pid_t cryptoretproc = (pid_t) -1;
285 static struct completion cryptoretproc_exited;
286 static DECLARE_WAIT_QUEUE_HEAD(cryptoretproc_wait);
288 static int crypto_proc(void *arg);
289 static int crypto_ret_proc(void *arg);
290 static int crypto_invoke(struct cryptocap *cap, struct cryptop *crp, int hint);
291 static int crypto_kinvoke(struct cryptkop *krp, int flags);
292 static void crypto_exit(void);
293 static int crypto_init(void);
295 static struct cryptostats cryptostats;
297 static struct cryptocap *
298 crypto_checkdriver(u_int32_t hid)
300 if (crypto_drivers == NULL)
302 return (hid >= crypto_drivers_num ? NULL : &crypto_drivers[hid]);
306 * Compare a driver's list of supported algorithms against another
307 * list; return non-zero if all algorithms are supported.
310 driver_suitable(const struct cryptocap *cap, const struct cryptoini *cri)
312 const struct cryptoini *cr;
314 /* See if all the algorithms are supported. */
315 for (cr = cri; cr; cr = cr->cri_next)
316 if (cap->cc_alg[cr->cri_alg] == 0)
322 * Select a driver for a new session that supports the specified
323 * algorithms and, optionally, is constrained according to the flags.
324 * The algorithm we use here is pretty stupid; just use the
325 * first driver that supports all the algorithms we need. If there
326 * are multiple drivers we choose the driver with the fewest active
327 * sessions. We prefer hardware-backed drivers to software ones.
329 * XXX We need more smarts here (in real life too, but that's
330 * XXX another story altogether).
332 static struct cryptocap *
333 crypto_select_driver(const struct cryptoini *cri, int flags)
335 struct cryptocap *cap, *best;
338 CRYPTO_DRIVER_ASSERT();
341 * Look first for hardware crypto devices if permitted.
343 if (flags & CRYPTOCAP_F_HARDWARE)
344 match = CRYPTOCAP_F_HARDWARE;
346 match = CRYPTOCAP_F_SOFTWARE;
349 for (hid = 0; hid < crypto_drivers_num; hid++) {
350 cap = &crypto_drivers[hid];
352 * If it's not initialized, is in the process of
353 * going away, or is not appropriate (hardware
354 * or software based on match), then skip.
356 if (cap->cc_dev == NULL ||
357 (cap->cc_flags & CRYPTOCAP_F_CLEANUP) ||
358 (cap->cc_flags & match) == 0)
361 /* verify all the algorithms are supported. */
362 if (driver_suitable(cap, cri)) {
364 cap->cc_sessions < best->cc_sessions)
370 if (match == CRYPTOCAP_F_HARDWARE && (flags & CRYPTOCAP_F_SOFTWARE)) {
371 /* sort of an Algol 68-style for loop */
372 match = CRYPTOCAP_F_SOFTWARE;
379 * Create a new session. The crid argument specifies a crypto
380 * driver to use or constraints on a driver to select (hardware
381 * only, software only, either). Whatever driver is selected
382 * must be capable of the requested crypto algorithms.
385 crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int crid)
387 struct cryptocap *cap;
390 unsigned long d_flags;
392 CRYPTO_DRIVER_LOCK();
393 if ((crid & (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE)) == 0) {
395 * Use specified driver; verify it is capable.
397 cap = crypto_checkdriver(crid);
398 if (cap != NULL && !driver_suitable(cap, cri))
402 * No requested driver; select based on crid flags.
404 cap = crypto_select_driver(cri, crid);
406 * if NULL then can't do everything in one session.
407 * XXX Fix this. We need to inject a "virtual" session
408 * XXX layer right about here.
412 /* Call the driver initialization routine. */
413 hid = cap - crypto_drivers;
414 lid = hid; /* Pass the driver ID. */
416 CRYPTO_DRIVER_UNLOCK();
417 err = CRYPTODEV_NEWSESSION(cap->cc_dev, &lid, cri);
418 CRYPTO_DRIVER_LOCK();
420 (*sid) = (cap->cc_flags & 0xff000000)
421 | (hid & 0x00ffffff);
423 (*sid) |= (lid & 0xffffffff);
428 CRYPTO_DRIVER_UNLOCK();
433 crypto_remove(struct cryptocap *cap)
435 CRYPTO_DRIVER_ASSERT();
436 if (cap->cc_sessions == 0 && cap->cc_koperations == 0)
437 bzero(cap, sizeof(*cap));
441 * Delete an existing session (or a reserved session on an unregistered
445 crypto_freesession(u_int64_t sid)
447 struct cryptocap *cap;
450 unsigned long d_flags;
452 dprintk("%s()\n", __FUNCTION__);
453 CRYPTO_DRIVER_LOCK();
455 if (crypto_drivers == NULL) {
460 /* Determine two IDs. */
461 hid = CRYPTO_SESID2HID(sid);
463 if (hid >= crypto_drivers_num) {
464 dprintk("%s - INVALID DRIVER NUM %d\n", __FUNCTION__, hid);
468 cap = &crypto_drivers[hid];
471 CRYPTO_DRIVER_UNLOCK();
472 /* Call the driver cleanup routine, if available, unlocked. */
473 err = CRYPTODEV_FREESESSION(cap->cc_dev, sid);
474 CRYPTO_DRIVER_LOCK();
477 if (cap->cc_sessions)
480 if (cap->cc_flags & CRYPTOCAP_F_CLEANUP)
484 CRYPTO_DRIVER_UNLOCK();
489 * Return an unused driver id. Used by drivers prior to registering
490 * support for the algorithms they handle.
493 crypto_get_driverid(device_t dev, int flags)
495 struct cryptocap *newdrv;
497 unsigned long d_flags;
499 if ((flags & (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE)) == 0) {
500 printf("%s: no flags specified when registering driver\n",
501 device_get_nameunit(dev));
505 CRYPTO_DRIVER_LOCK();
507 for (i = 0; i < crypto_drivers_num; i++) {
508 if (crypto_drivers[i].cc_dev == NULL &&
509 (crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP) == 0) {
514 /* Out of entries, allocate some more. */
515 if (i == crypto_drivers_num) {
516 /* Be careful about wrap-around. */
517 if (2 * crypto_drivers_num <= crypto_drivers_num) {
518 CRYPTO_DRIVER_UNLOCK();
519 printk("crypto: driver count wraparound!\n");
523 newdrv = kmalloc(2 * crypto_drivers_num * sizeof(struct cryptocap),
525 if (newdrv == NULL) {
526 CRYPTO_DRIVER_UNLOCK();
527 printk("crypto: no space to expand driver table!\n");
531 memcpy(newdrv, crypto_drivers,
532 crypto_drivers_num * sizeof(struct cryptocap));
533 memset(&newdrv[crypto_drivers_num], 0,
534 crypto_drivers_num * sizeof(struct cryptocap));
536 crypto_drivers_num *= 2;
538 kfree(crypto_drivers);
539 crypto_drivers = newdrv;
542 /* NB: state is zero'd on free */
543 crypto_drivers[i].cc_sessions = 1; /* Mark */
544 crypto_drivers[i].cc_dev = dev;
545 crypto_drivers[i].cc_flags = flags;
547 printf("crypto: assign %s driver id %u, flags %u\n",
548 device_get_nameunit(dev), i, flags);
550 CRYPTO_DRIVER_UNLOCK();
556 * Lookup a driver by name. We match against the full device
557 * name and unit, and against just the name. The latter gives
558 * us a simple widlcarding by device name. On success return the
559 * driver/hardware identifier; otherwise return -1.
562 crypto_find_driver(const char *match)
564 int i, len = strlen(match);
565 unsigned long d_flags;
567 CRYPTO_DRIVER_LOCK();
568 for (i = 0; i < crypto_drivers_num; i++) {
569 device_t dev = crypto_drivers[i].cc_dev;
571 (crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP))
573 if (strncmp(match, device_get_nameunit(dev), len) == 0 ||
574 strncmp(match, device_get_name(dev), len) == 0)
577 CRYPTO_DRIVER_UNLOCK();
578 return i < crypto_drivers_num ? i : -1;
582 * Return the device_t for the specified driver or NULL
583 * if the driver identifier is invalid.
586 crypto_find_device_byhid(int hid)
588 struct cryptocap *cap = crypto_checkdriver(hid);
589 return cap != NULL ? cap->cc_dev : NULL;
593 * Return the device/driver capabilities.
596 crypto_getcaps(int hid)
598 struct cryptocap *cap = crypto_checkdriver(hid);
599 return cap != NULL ? cap->cc_flags : 0;
603 * Register support for a key-related algorithm. This routine
604 * is called once for each algorithm supported a driver.
607 crypto_kregister(u_int32_t driverid, int kalg, u_int32_t flags)
609 struct cryptocap *cap;
611 unsigned long d_flags;
613 dprintk("%s()\n", __FUNCTION__);
614 CRYPTO_DRIVER_LOCK();
616 cap = crypto_checkdriver(driverid);
618 (CRK_ALGORITM_MIN <= kalg && kalg <= CRK_ALGORITHM_MAX)) {
620 * XXX Do some performance testing to determine placing.
621 * XXX We probably need an auxiliary data structure that
622 * XXX describes relative performances.
625 cap->cc_kalg[kalg] = flags | CRYPTO_ALG_FLAG_SUPPORTED;
627 printf("crypto: %s registers key alg %u flags %u\n"
628 , device_get_nameunit(cap->cc_dev)
636 CRYPTO_DRIVER_UNLOCK();
641 * Register support for a non-key-related algorithm. This routine
642 * is called once for each such algorithm supported by a driver.
645 crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen,
648 struct cryptocap *cap;
650 unsigned long d_flags;
652 dprintk("%s(id=0x%x, alg=%d, maxoplen=%d, flags=0x%x)\n", __FUNCTION__,
653 driverid, alg, maxoplen, flags);
655 CRYPTO_DRIVER_LOCK();
657 cap = crypto_checkdriver(driverid);
658 /* NB: algorithms are in the range [1..max] */
660 (CRYPTO_ALGORITHM_MIN <= alg && alg <= CRYPTO_ALGORITHM_MAX)) {
662 * XXX Do some performance testing to determine placing.
663 * XXX We probably need an auxiliary data structure that
664 * XXX describes relative performances.
667 cap->cc_alg[alg] = flags | CRYPTO_ALG_FLAG_SUPPORTED;
668 cap->cc_max_op_len[alg] = maxoplen;
670 printf("crypto: %s registers alg %u flags %u maxoplen %u\n"
671 , device_get_nameunit(cap->cc_dev)
676 cap->cc_sessions = 0; /* Unmark */
681 CRYPTO_DRIVER_UNLOCK();
686 driver_finis(struct cryptocap *cap)
690 CRYPTO_DRIVER_ASSERT();
692 ses = cap->cc_sessions;
693 kops = cap->cc_koperations;
694 bzero(cap, sizeof(*cap));
695 if (ses != 0 || kops != 0) {
697 * If there are pending sessions,
698 * just mark as invalid.
700 cap->cc_flags |= CRYPTOCAP_F_CLEANUP;
701 cap->cc_sessions = ses;
702 cap->cc_koperations = kops;
707 * Unregister a crypto driver. If there are pending sessions using it,
708 * leave enough information around so that subsequent calls using those
709 * sessions will correctly detect the driver has been unregistered and
713 crypto_unregister(u_int32_t driverid, int alg)
715 struct cryptocap *cap;
717 unsigned long d_flags;
719 dprintk("%s()\n", __FUNCTION__);
720 CRYPTO_DRIVER_LOCK();
722 cap = crypto_checkdriver(driverid);
724 (CRYPTO_ALGORITHM_MIN <= alg && alg <= CRYPTO_ALGORITHM_MAX) &&
725 cap->cc_alg[alg] != 0) {
726 cap->cc_alg[alg] = 0;
727 cap->cc_max_op_len[alg] = 0;
729 /* Was this the last algorithm ? */
730 for (i = 1; i <= CRYPTO_ALGORITHM_MAX; i++)
731 if (cap->cc_alg[i] != 0)
734 if (i == CRYPTO_ALGORITHM_MAX + 1)
739 CRYPTO_DRIVER_UNLOCK();
744 * Unregister all algorithms associated with a crypto driver.
745 * If there are pending sessions using it, leave enough information
746 * around so that subsequent calls using those sessions will
747 * correctly detect the driver has been unregistered and reroute
751 crypto_unregister_all(u_int32_t driverid)
753 struct cryptocap *cap;
755 unsigned long d_flags;
757 dprintk("%s()\n", __FUNCTION__);
758 CRYPTO_DRIVER_LOCK();
759 cap = crypto_checkdriver(driverid);
765 CRYPTO_DRIVER_UNLOCK();
771 * Clear blockage on a driver. The what parameter indicates whether
772 * the driver is now ready for cryptop's and/or cryptokop's.
775 crypto_unblock(u_int32_t driverid, int what)
777 struct cryptocap *cap;
779 unsigned long q_flags;
782 cap = crypto_checkdriver(driverid);
784 if (what & CRYPTO_SYMQ) {
785 cap->cc_qblocked = 0;
786 cap->cc_unqblocked = 0;
787 crypto_all_qblocked = 0;
789 if (what & CRYPTO_ASYMQ) {
790 cap->cc_kqblocked = 0;
791 cap->cc_unkqblocked = 0;
792 crypto_all_kqblocked = 0;
795 wake_up_interruptible(&cryptoproc_wait);
799 CRYPTO_Q_UNLOCK(); //DAVIDM should this be a driver lock
805 * Add a crypto request to a queue, to be processed by the kernel thread.
808 crypto_dispatch(struct cryptop *crp)
810 struct cryptocap *cap;
812 unsigned long q_flags;
814 dprintk("%s()\n", __FUNCTION__);
816 cryptostats.cs_ops++;
819 if (crypto_q_cnt >= crypto_q_max) {
821 cryptostats.cs_drops++;
826 /* make sure we are starting a fresh run on this crp. */
827 crp->crp_flags &= ~CRYPTO_F_DONE;
831 * Caller marked the request to be processed immediately; dispatch
832 * it directly to the driver unless the driver is currently blocked.
834 if ((crp->crp_flags & CRYPTO_F_BATCH) == 0) {
835 int hid = CRYPTO_SESID2HID(crp->crp_sid);
836 cap = crypto_checkdriver(hid);
837 /* Driver cannot disappear when there is an active session. */
838 KASSERT(cap != NULL, ("%s: Driver disappeared.", __func__));
839 if (!cap->cc_qblocked) {
840 crypto_all_qblocked = 0;
841 crypto_drivers[hid].cc_unqblocked = 1;
843 result = crypto_invoke(cap, crp, 0);
845 if (result == ERESTART)
846 if (crypto_drivers[hid].cc_unqblocked)
847 crypto_drivers[hid].cc_qblocked = 1;
848 crypto_drivers[hid].cc_unqblocked = 0;
851 if (result == ERESTART) {
853 * The driver ran out of resources, mark the
854 * driver ``blocked'' for cryptop's and put
855 * the request back in the queue. It would
856 * best to put the request back where we got
857 * it but that's hard so for now we put it
858 * at the front. This should be ok; putting
859 * it at the end does not work.
861 list_add(&crp->crp_next, &crp_q);
862 cryptostats.cs_blocks++;
864 } else if (result == -1) {
865 TAILQ_INSERT_TAIL(&crp_q, crp, crp_next);
869 wake_up_interruptible(&cryptoproc_wait);
875 * Add an asymetric crypto request to a queue,
876 * to be processed by the kernel thread.
879 crypto_kdispatch(struct cryptkop *krp)
882 unsigned long q_flags;
884 cryptostats.cs_kops++;
886 error = crypto_kinvoke(krp, krp->krp_crid);
887 if (error == ERESTART) {
889 TAILQ_INSERT_TAIL(&crp_kq, krp, krp_next);
891 wake_up_interruptible(&cryptoproc_wait);
899 * Verify a driver is suitable for the specified operation.
902 kdriver_suitable(const struct cryptocap *cap, const struct cryptkop *krp)
904 return (cap->cc_kalg[krp->krp_op] & CRYPTO_ALG_FLAG_SUPPORTED) != 0;
908 * Select a driver for an asym operation. The driver must
909 * support the necessary algorithm. The caller can constrain
910 * which device is selected with the flags parameter. The
911 * algorithm we use here is pretty stupid; just use the first
912 * driver that supports the algorithms we need. If there are
913 * multiple suitable drivers we choose the driver with the
914 * fewest active operations. We prefer hardware-backed
915 * drivers to software ones when either may be used.
917 static struct cryptocap *
918 crypto_select_kdriver(const struct cryptkop *krp, int flags)
920 struct cryptocap *cap, *best, *blocked;
923 CRYPTO_DRIVER_ASSERT();
926 * Look first for hardware crypto devices if permitted.
928 if (flags & CRYPTOCAP_F_HARDWARE)
929 match = CRYPTOCAP_F_HARDWARE;
931 match = CRYPTOCAP_F_SOFTWARE;
935 for (hid = 0; hid < crypto_drivers_num; hid++) {
936 cap = &crypto_drivers[hid];
938 * If it's not initialized, is in the process of
939 * going away, or is not appropriate (hardware
940 * or software based on match), then skip.
942 if (cap->cc_dev == NULL ||
943 (cap->cc_flags & CRYPTOCAP_F_CLEANUP) ||
944 (cap->cc_flags & match) == 0)
947 /* verify all the algorithms are supported. */
948 if (kdriver_suitable(cap, krp)) {
950 cap->cc_koperations < best->cc_koperations)
956 if (match == CRYPTOCAP_F_HARDWARE && (flags & CRYPTOCAP_F_SOFTWARE)) {
957 /* sort of an Algol 68-style for loop */
958 match = CRYPTOCAP_F_SOFTWARE;
965 * Dispatch an assymetric crypto request.
968 crypto_kinvoke(struct cryptkop *krp, int crid)
970 struct cryptocap *cap = NULL;
972 unsigned long d_flags;
974 KASSERT(krp != NULL, ("%s: krp == NULL", __func__));
975 KASSERT(krp->krp_callback != NULL,
976 ("%s: krp->crp_callback == NULL", __func__));
978 CRYPTO_DRIVER_LOCK();
979 if ((crid & (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE)) == 0) {
980 cap = crypto_checkdriver(crid);
983 * Driver present, it must support the necessary
984 * algorithm and, if s/w drivers are excluded,
985 * it must be registered as hardware-backed.
987 if (!kdriver_suitable(cap, krp) ||
988 (!crypto_devallowsoft &&
989 (cap->cc_flags & CRYPTOCAP_F_HARDWARE) == 0))
994 * No requested driver; select based on crid flags.
996 if (!crypto_devallowsoft) /* NB: disallow s/w drivers */
997 crid &= ~CRYPTOCAP_F_SOFTWARE;
998 cap = crypto_select_kdriver(krp, crid);
1000 if (cap != NULL && !cap->cc_kqblocked) {
1001 krp->krp_hid = cap - crypto_drivers;
1002 cap->cc_koperations++;
1003 CRYPTO_DRIVER_UNLOCK();
1004 error = CRYPTODEV_KPROCESS(cap->cc_dev, krp, 0);
1005 CRYPTO_DRIVER_LOCK();
1006 if (error == ERESTART) {
1007 cap->cc_koperations--;
1008 CRYPTO_DRIVER_UNLOCK();
1011 /* return the actual device used */
1012 krp->krp_crid = krp->krp_hid;
1015 * NB: cap is !NULL if device is blocked; in
1016 * that case return ERESTART so the operation
1017 * is resubmitted if possible.
1019 error = (cap == NULL) ? ENODEV : ERESTART;
1021 CRYPTO_DRIVER_UNLOCK();
1024 krp->krp_status = error;
1032 * Dispatch a crypto request to the appropriate crypto devices.
1035 crypto_invoke(struct cryptocap *cap, struct cryptop *crp, int hint)
1037 KASSERT(crp != NULL, ("%s: crp == NULL", __func__));
1038 KASSERT(crp->crp_callback != NULL,
1039 ("%s: crp->crp_callback == NULL", __func__));
1040 KASSERT(crp->crp_desc != NULL, ("%s: crp->crp_desc == NULL", __func__));
1042 dprintk("%s()\n", __FUNCTION__);
1044 #ifdef CRYPTO_TIMING
1046 crypto_tstat(&cryptostats.cs_invoke, &crp->crp_tstamp);
1048 if (cap->cc_flags & CRYPTOCAP_F_CLEANUP) {
1049 struct cryptodesc *crd;
1053 * Driver has unregistered; migrate the session and return
1054 * an error to the caller so they'll resubmit the op.
1056 * XXX: What if there are more already queued requests for this
1059 crypto_freesession(crp->crp_sid);
1061 for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next)
1062 crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI);
1064 /* XXX propagate flags from initial session? */
1065 if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI),
1066 CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE) == 0)
1069 crp->crp_etype = EAGAIN;
1074 * Invoke the driver to process the request.
1076 return CRYPTODEV_PROCESS(cap->cc_dev, crp, hint);
1081 * Release a set of crypto descriptors.
1084 crypto_freereq(struct cryptop *crp)
1086 struct cryptodesc *crd;
1093 struct cryptop *crp2;
1094 unsigned long q_flags;
1097 TAILQ_FOREACH(crp2, &crp_q, crp_next) {
1098 KASSERT(crp2 != crp,
1099 ("Freeing cryptop from the crypto queue (%p).",
1104 TAILQ_FOREACH(crp2, &crp_ret_q, crp_next) {
1105 KASSERT(crp2 != crp,
1106 ("Freeing cryptop from the return queue (%p).",
1109 CRYPTO_RETQ_UNLOCK();
1113 while ((crd = crp->crp_desc) != NULL) {
1114 crp->crp_desc = crd->crd_next;
1115 kmem_cache_free(cryptodesc_zone, crd);
1117 kmem_cache_free(cryptop_zone, crp);
1121 * Acquire a set of crypto descriptors.
1124 crypto_getreq(int num)
1126 struct cryptodesc *crd;
1127 struct cryptop *crp;
1129 crp = kmem_cache_alloc(cryptop_zone, SLAB_ATOMIC);
1131 memset(crp, 0, sizeof(*crp));
1132 INIT_LIST_HEAD(&crp->crp_next);
1133 init_waitqueue_head(&crp->crp_waitq);
1135 crd = kmem_cache_alloc(cryptodesc_zone, SLAB_ATOMIC);
1137 crypto_freereq(crp);
1140 memset(crd, 0, sizeof(*crd));
1141 crd->crd_next = crp->crp_desc;
1142 crp->crp_desc = crd;
1149 * Invoke the callback on behalf of the driver.
1152 crypto_done(struct cryptop *crp)
1154 unsigned long q_flags;
1156 dprintk("%s()\n", __FUNCTION__);
1157 if ((crp->crp_flags & CRYPTO_F_DONE) == 0) {
1158 crp->crp_flags |= CRYPTO_F_DONE;
1163 printk("crypto: crypto_done op already done, flags 0x%x",
1165 if (crp->crp_etype != 0)
1166 cryptostats.cs_errs++;
1168 * CBIMM means unconditionally do the callback immediately;
1169 * CBIFSYNC means do the callback immediately only if the
1170 * operation was done synchronously. Both are used to avoid
1171 * doing extraneous context switches; the latter is mostly
1172 * used with the software crypto driver.
1174 if ((crp->crp_flags & CRYPTO_F_CBIMM) ||
1175 ((crp->crp_flags & CRYPTO_F_CBIFSYNC) &&
1176 (CRYPTO_SESID2CAPS(crp->crp_sid) & CRYPTOCAP_F_SYNC))) {
1178 * Do the callback directly. This is ok when the
1179 * callback routine does very little (e.g. the
1180 * /dev/crypto callback method just does a wakeup).
1182 crp->crp_callback(crp);
1184 unsigned long r_flags;
1186 * Normal case; queue the callback for the thread.
1189 if (CRYPTO_RETQ_EMPTY())
1190 wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */
1191 TAILQ_INSERT_TAIL(&crp_ret_q, crp, crp_next);
1192 CRYPTO_RETQ_UNLOCK();
1197 * Invoke the callback on behalf of the driver.
1200 crypto_kdone(struct cryptkop *krp)
1202 struct cryptocap *cap;
1203 unsigned long d_flags;
1205 if ((krp->krp_flags & CRYPTO_KF_DONE) != 0)
1206 printk("crypto: crypto_kdone op already done, flags 0x%x",
1208 krp->krp_flags |= CRYPTO_KF_DONE;
1209 if (krp->krp_status != 0)
1210 cryptostats.cs_kerrs++;
1212 CRYPTO_DRIVER_LOCK();
1213 /* XXX: What if driver is loaded in the meantime? */
1214 if (krp->krp_hid < crypto_drivers_num) {
1215 cap = &crypto_drivers[krp->krp_hid];
1216 cap->cc_koperations--;
1217 KASSERT(cap->cc_koperations >= 0, ("cc_koperations < 0"));
1218 if (cap->cc_flags & CRYPTOCAP_F_CLEANUP)
1221 CRYPTO_DRIVER_UNLOCK();
1224 * CBIMM means unconditionally do the callback immediately;
1225 * This is used to avoid doing extraneous context switches
1227 if ((krp->krp_flags & CRYPTO_KF_CBIMM)) {
1229 * Do the callback directly. This is ok when the
1230 * callback routine does very little (e.g. the
1231 * /dev/crypto callback method just does a wakeup).
1233 krp->krp_callback(krp);
1235 unsigned long r_flags;
1237 * Normal case; queue the callback for the thread.
1240 if (CRYPTO_RETQ_EMPTY())
1241 wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */
1242 TAILQ_INSERT_TAIL(&crp_ret_kq, krp, krp_next);
1243 CRYPTO_RETQ_UNLOCK();
1248 crypto_getfeat(int *featp)
1250 int hid, kalg, feat = 0;
1251 unsigned long d_flags;
1253 CRYPTO_DRIVER_LOCK();
1254 for (hid = 0; hid < crypto_drivers_num; hid++) {
1255 const struct cryptocap *cap = &crypto_drivers[hid];
1257 if ((cap->cc_flags & CRYPTOCAP_F_SOFTWARE) &&
1258 !crypto_devallowsoft) {
1261 for (kalg = 0; kalg < CRK_ALGORITHM_MAX; kalg++)
1262 if (cap->cc_kalg[kalg] & CRYPTO_ALG_FLAG_SUPPORTED)
1265 CRYPTO_DRIVER_UNLOCK();
1271 * Crypto thread, dispatches crypto requests.
1274 crypto_proc(void *arg)
1276 struct cryptop *crp, *submit;
1277 struct cryptkop *krp, *krpp;
1278 struct cryptocap *cap;
1281 unsigned long q_flags;
1284 ocf_daemonize("crypto");
1289 * we need to make sure we don't get into a busy loop with nothing
1290 * to do, the two crypto_all_*blocked vars help us find out when
1291 * we are all full and can do nothing on any driver or Q. If so we
1292 * wait for an unblock.
1294 crypto_all_qblocked = !list_empty(&crp_q);
1297 * Find the first element in the queue that can be
1298 * processed and look-ahead to see if multiple ops
1299 * are ready for the same driver.
1303 list_for_each_entry(crp, &crp_q, crp_next) {
1304 hid = CRYPTO_SESID2HID(crp->crp_sid);
1305 cap = crypto_checkdriver(hid);
1307 * Driver cannot disappear when there is an active
1310 KASSERT(cap != NULL, ("%s:%u Driver disappeared.",
1311 __func__, __LINE__));
1312 if (cap == NULL || cap->cc_dev == NULL) {
1313 /* Op needs to be migrated, process it. */
1318 if (!cap->cc_qblocked) {
1319 if (submit != NULL) {
1321 * We stop on finding another op,
1322 * regardless whether its for the same
1323 * driver or not. We could keep
1324 * searching the queue but it might be
1325 * better to just use a per-driver
1328 if (CRYPTO_SESID2HID(submit->crp_sid) == hid)
1329 hint = CRYPTO_HINT_MORE;
1333 if ((submit->crp_flags & CRYPTO_F_BATCH) == 0)
1335 /* keep scanning for more are q'd */
1339 if (submit != NULL) {
1340 hid = CRYPTO_SESID2HID(submit->crp_sid);
1341 crypto_all_qblocked = 0;
1342 list_del(&submit->crp_next);
1343 crypto_drivers[hid].cc_unqblocked = 1;
1344 cap = crypto_checkdriver(hid);
1346 KASSERT(cap != NULL, ("%s:%u Driver disappeared.",
1347 __func__, __LINE__));
1348 result = crypto_invoke(cap, submit, hint);
1350 if (result == ERESTART) {
1352 * The driver ran out of resources, mark the
1353 * driver ``blocked'' for cryptop's and put
1354 * the request back in the queue. It would
1355 * best to put the request back where we got
1356 * it but that's hard so for now we put it
1357 * at the front. This should be ok; putting
1358 * it at the end does not work.
1360 /* XXX validate sid again? */
1361 list_add(&submit->crp_next, &crp_q);
1362 cryptostats.cs_blocks++;
1363 if (crypto_drivers[hid].cc_unqblocked)
1364 crypto_drivers[hid].cc_qblocked=0;
1365 crypto_drivers[hid].cc_unqblocked=0;
1367 crypto_drivers[hid].cc_unqblocked = 0;
1370 crypto_all_kqblocked = !list_empty(&crp_kq);
1372 /* As above, but for key ops */
1374 list_for_each_entry(krpp, &crp_kq, krp_next) {
1375 cap = crypto_checkdriver(krpp->krp_hid);
1376 if (cap == NULL || cap->cc_dev == NULL) {
1378 * Operation needs to be migrated, invalidate
1379 * the assigned device so it will reselect a
1380 * new one below. Propagate the original
1381 * crid selection flags if supplied.
1383 krp->krp_hid = krp->krp_crid &
1384 (CRYPTOCAP_F_SOFTWARE|CRYPTOCAP_F_HARDWARE);
1385 if (krp->krp_hid == 0)
1387 CRYPTOCAP_F_SOFTWARE|CRYPTOCAP_F_HARDWARE;
1390 if (!cap->cc_kqblocked) {
1396 crypto_all_kqblocked = 0;
1397 list_del(&krp->krp_next);
1398 crypto_drivers[krp->krp_hid].cc_kqblocked = 1;
1400 result = crypto_kinvoke(krp, krp->krp_hid);
1402 if (result == ERESTART) {
1404 * The driver ran out of resources, mark the
1405 * driver ``blocked'' for cryptkop's and put
1406 * the request back in the queue. It would
1407 * best to put the request back where we got
1408 * it but that's hard so for now we put it
1409 * at the front. This should be ok; putting
1410 * it at the end does not work.
1412 /* XXX validate sid again? */
1413 list_add(&krp->krp_next, &crp_kq);
1414 cryptostats.cs_kblocks++;
1416 crypto_drivers[krp->krp_hid].cc_kqblocked = 0;
1419 if (submit == NULL && krp == NULL) {
1421 * Nothing more to be processed. Sleep until we're
1422 * woken because there are more ops to process.
1423 * This happens either by submission or by a driver
1424 * becoming unblocked and notifying us through
1425 * crypto_unblock. Note that when we wakeup we
1426 * start processing each queue again from the
1427 * front. It's not clear that it's important to
1428 * preserve this ordering since ops may finish
1429 * out of order if dispatched to different devices
1430 * and some become blocked while others do not.
1432 dprintk("%s - sleeping (qe=%d qb=%d kqe=%d kqb=%d)\n",
1434 list_empty(&crp_q), crypto_all_qblocked,
1435 list_empty(&crp_kq), crypto_all_kqblocked);
1439 wait_event_interruptible(cryptoproc_wait,
1440 !(list_empty(&crp_q) || crypto_all_qblocked) ||
1441 !(list_empty(&crp_kq) || crypto_all_kqblocked) ||
1442 cryptoproc == (pid_t) -1);
1444 if (signal_pending (current)) {
1445 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
1446 spin_lock_irq(¤t->sigmask_lock);
1448 flush_signals(current);
1449 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
1450 spin_unlock_irq(¤t->sigmask_lock);
1454 dprintk("%s - awake\n", __FUNCTION__);
1455 if (cryptoproc == (pid_t) -1)
1457 cryptostats.cs_intrs++;
1458 } else if (loopcount > crypto_max_loopcount) {
1460 * Give other processes a chance to run if we've
1461 * been using the CPU exclusively for a while.
1469 complete_and_exit(&cryptoproc_exited, 0);
1473 * Crypto returns thread, does callbacks for processed crypto requests.
1474 * Callbacks are done here, rather than in the crypto drivers, because
1475 * callbacks typically are expensive and would slow interrupt handling.
1478 crypto_ret_proc(void *arg)
1480 struct cryptop *crpt;
1481 struct cryptkop *krpt;
1482 unsigned long r_flags;
1484 ocf_daemonize("crypto_ret");
1488 /* Harvest return q's for completed ops */
1490 if (!list_empty(&crp_ret_q))
1491 crpt = list_entry(crp_ret_q.next, typeof(*crpt), crp_next);
1493 list_del(&crpt->crp_next);
1496 if (!list_empty(&crp_ret_kq))
1497 krpt = list_entry(crp_ret_kq.next, typeof(*krpt), krp_next);
1499 list_del(&krpt->krp_next);
1501 if (crpt != NULL || krpt != NULL) {
1502 CRYPTO_RETQ_UNLOCK();
1504 * Run callbacks unlocked.
1507 crpt->crp_callback(crpt);
1509 krpt->krp_callback(krpt);
1513 * Nothing more to be processed. Sleep until we're
1514 * woken because there are more returns to process.
1516 dprintk("%s - sleeping\n", __FUNCTION__);
1517 CRYPTO_RETQ_UNLOCK();
1518 wait_event_interruptible(cryptoretproc_wait,
1519 cryptoretproc == (pid_t) -1 ||
1520 !list_empty(&crp_ret_q) ||
1521 !list_empty(&crp_ret_kq));
1522 if (signal_pending (current)) {
1523 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
1524 spin_lock_irq(¤t->sigmask_lock);
1526 flush_signals(current);
1527 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
1528 spin_unlock_irq(¤t->sigmask_lock);
1532 dprintk("%s - awake\n", __FUNCTION__);
1533 if (cryptoretproc == (pid_t) -1) {
1534 dprintk("%s - EXITING!\n", __FUNCTION__);
1537 cryptostats.cs_rets++;
1540 CRYPTO_RETQ_UNLOCK();
1541 complete_and_exit(&cryptoretproc_exited, 0);
1545 #if 0 /* should put this into /proc or something */
1547 db_show_drivers(void)
1551 db_printf("%12s %4s %4s %8s %2s %2s\n"
1559 for (hid = 0; hid < crypto_drivers_num; hid++) {
1560 const struct cryptocap *cap = &crypto_drivers[hid];
1561 if (cap->cc_dev == NULL)
1563 db_printf("%-12s %4u %4u %08x %2u %2u\n"
1564 , device_get_nameunit(cap->cc_dev)
1566 , cap->cc_koperations
1574 DB_SHOW_COMMAND(crypto, db_show_crypto)
1576 struct cryptop *crp;
1581 db_printf("%4s %8s %4s %4s %4s %4s %8s %8s\n",
1582 "HID", "Caps", "Ilen", "Olen", "Etype", "Flags",
1583 "Desc", "Callback");
1584 TAILQ_FOREACH(crp, &crp_q, crp_next) {
1585 db_printf("%4u %08x %4u %4u %4u %04x %8p %8p\n"
1586 , (int) CRYPTO_SESID2HID(crp->crp_sid)
1587 , (int) CRYPTO_SESID2CAPS(crp->crp_sid)
1588 , crp->crp_ilen, crp->crp_olen
1595 if (!TAILQ_EMPTY(&crp_ret_q)) {
1596 db_printf("\n%4s %4s %4s %8s\n",
1597 "HID", "Etype", "Flags", "Callback");
1598 TAILQ_FOREACH(crp, &crp_ret_q, crp_next) {
1599 db_printf("%4u %4u %04x %8p\n"
1600 , (int) CRYPTO_SESID2HID(crp->crp_sid)
1609 DB_SHOW_COMMAND(kcrypto, db_show_kcrypto)
1611 struct cryptkop *krp;
1616 db_printf("%4s %5s %4s %4s %8s %4s %8s\n",
1617 "Op", "Status", "#IP", "#OP", "CRID", "HID", "Callback");
1618 TAILQ_FOREACH(krp, &crp_kq, krp_next) {
1619 db_printf("%4u %5u %4u %4u %08x %4u %8p\n"
1622 , krp->krp_iparams, krp->krp_oparams
1623 , krp->krp_crid, krp->krp_hid
1627 if (!TAILQ_EMPTY(&crp_ret_q)) {
1628 db_printf("%4s %5s %8s %4s %8s\n",
1629 "Op", "Status", "CRID", "HID", "Callback");
1630 TAILQ_FOREACH(krp, &crp_ret_kq, krp_next) {
1631 db_printf("%4u %5u %08x %4u %8p\n"
1634 , krp->krp_crid, krp->krp_hid
1648 dprintk("%s(%p)\n", __FUNCTION__, (void *) crypto_init);
1654 spin_lock_init(&crypto_drivers_lock);
1655 spin_lock_init(&crypto_q_lock);
1656 spin_lock_init(&crypto_ret_q_lock);
1658 cryptop_zone = kmem_cache_create("cryptop", sizeof(struct cryptop),
1659 0, SLAB_HWCACHE_ALIGN, NULL
1660 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
1665 cryptodesc_zone = kmem_cache_create("cryptodesc", sizeof(struct cryptodesc),
1666 0, SLAB_HWCACHE_ALIGN, NULL
1667 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
1672 if (cryptodesc_zone == NULL || cryptop_zone == NULL) {
1673 printk("crypto: crypto_init cannot setup crypto zones\n");
1678 crypto_drivers_num = CRYPTO_DRIVERS_INITIAL;
1679 crypto_drivers = kmalloc(crypto_drivers_num * sizeof(struct cryptocap),
1681 if (crypto_drivers == NULL) {
1682 printk("crypto: crypto_init cannot setup crypto drivers\n");
1687 memset(crypto_drivers, 0, crypto_drivers_num * sizeof(struct cryptocap));
1689 init_completion(&cryptoproc_exited);
1690 init_completion(&cryptoretproc_exited);
1692 cryptoproc = 0; /* to avoid race condition where proc runs first */
1693 cryptoproc = kernel_thread(crypto_proc, NULL, CLONE_FS|CLONE_FILES);
1694 if (cryptoproc < 0) {
1696 printk("crypto: crypto_init cannot start crypto thread; error %d",
1701 cryptoretproc = 0; /* to avoid race condition where proc runs first */
1702 cryptoretproc = kernel_thread(crypto_ret_proc, NULL, CLONE_FS|CLONE_FILES);
1703 if (cryptoretproc < 0) {
1704 error = cryptoretproc;
1705 printk("crypto: crypto_init cannot start cryptoret thread; error %d",
1721 unsigned long d_flags;
1723 dprintk("%s()\n", __FUNCTION__);
1726 * Terminate any crypto threads.
1729 CRYPTO_DRIVER_LOCK();
1731 cryptoproc = (pid_t) -1;
1732 kill_proc(p, SIGTERM, 1);
1733 wake_up_interruptible(&cryptoproc_wait);
1734 CRYPTO_DRIVER_UNLOCK();
1736 wait_for_completion(&cryptoproc_exited);
1738 CRYPTO_DRIVER_LOCK();
1740 cryptoretproc = (pid_t) -1;
1741 kill_proc(p, SIGTERM, 1);
1742 wake_up_interruptible(&cryptoretproc_wait);
1743 CRYPTO_DRIVER_UNLOCK();
1745 wait_for_completion(&cryptoretproc_exited);
1747 /* XXX flush queues??? */
1750 * Reclaim dynamically allocated resources.
1752 if (crypto_drivers != NULL)
1753 kfree(crypto_drivers);
1755 if (cryptodesc_zone != NULL)
1756 kmem_cache_destroy(cryptodesc_zone);
1757 if (cryptop_zone != NULL)
1758 kmem_cache_destroy(cryptop_zone);
1762 EXPORT_SYMBOL(crypto_newsession);
1763 EXPORT_SYMBOL(crypto_freesession);
1764 EXPORT_SYMBOL(crypto_get_driverid);
1765 EXPORT_SYMBOL(crypto_kregister);
1766 EXPORT_SYMBOL(crypto_register);
1767 EXPORT_SYMBOL(crypto_unregister);
1768 EXPORT_SYMBOL(crypto_unregister_all);
1769 EXPORT_SYMBOL(crypto_unblock);
1770 EXPORT_SYMBOL(crypto_dispatch);
1771 EXPORT_SYMBOL(crypto_kdispatch);
1772 EXPORT_SYMBOL(crypto_freereq);
1773 EXPORT_SYMBOL(crypto_getreq);
1774 EXPORT_SYMBOL(crypto_done);
1775 EXPORT_SYMBOL(crypto_kdone);
1776 EXPORT_SYMBOL(crypto_getfeat);
1777 EXPORT_SYMBOL(crypto_userasymcrypto);
1778 EXPORT_SYMBOL(crypto_getcaps);
1779 EXPORT_SYMBOL(crypto_find_driver);
1780 EXPORT_SYMBOL(crypto_find_device_byhid);
1782 module_init(crypto_init);
1783 module_exit(crypto_exit);
1785 MODULE_LICENSE("BSD");
1786 MODULE_AUTHOR("David McCullough <david_mccullough@mcafee.com>");
1787 MODULE_DESCRIPTION("OCF (OpenBSD Cryptographic Framework)");