* Copyright (c) 2008 KIYOHARA Takashi

/* $NetBSD: mvcesa.c,v 1.6 2022/05/22 11:39:27 riastradh Exp $ */
/*
* Copyright (c) 2008 KIYOHARA Takashi
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/

#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: mvcesa.c,v 1.6 2022/05/22 11:39:27 riastradh Exp $");

#include <sys/param.h>
#include <sys/bus.h>
#include <sys/cprng.h>
#include <sys/device.h>
#include <sys/endian.h>
#include <sys/errno.h>
#include <sys/mbuf.h>
#include <sys/md5.h>
#include <sys/uio.h>
#include <sys/sha1.h>

#include <opencrypto/cryptodev.h>
#include <opencrypto/xform.h>

#include <dev/marvell/marvellreg.h>
#include <dev/marvell/marvellvar.h>
#include <dev/marvell/mvcesareg.h>

#include "locators.h"

#define MVCESA_SESSION(sid) ((sid) & 0x0fffffff)
#define MVCESA_SID(crd, sesn) (((crd) << 28) | ((sesn) & 0x0fffffff))

struct mvcesa_session {
int ses_used;

int ses_klen;
uint32_t ses_key[8];

uint32_t ses_hminner[5]; /* HMAC inner state */
uint32_t ses_hmouter[5]; /* HMAC outer state */
};

struct mvcesa_softc {
device_t sc_dev;

bus_space_tag_t sc_iot;
bus_space_handle_t sc_ioh;
bus_dma_tag_t sc_dmat;

int sc_cid;
int sc_nsessions;
struct mvcesa_session *sc_sessions;
};

static int mvcesa_match(device_t, cfdata_t, void *);
static void mvcesa_attach(device_t, device_t, void *);

static int mvcesa_intr(void *);

static int mvcesa_newsession(void *, u_int32_t *, struct cryptoini *);
static void mvcesa_freesession(void *, u_int64_t);
static int mvcesa_process(void *, struct cryptop *, int);

static int mvcesa_authentication(struct mvcesa_softc *, struct mvcesa_session *,
uint32_t, uint32_t *, uint32_t *, uint64_t,
int, int, char *, struct mbuf *, struct uio *);
static int mvcesa_des_encdec(struct mvcesa_softc *, struct mvcesa_session *,
uint32_t, uint32_t, uint32_t, uint32_t *, int, int,
char *, struct mbuf *, struct uio *);

CFATTACH_DECL_NEW(mvcesa_gt, sizeof(struct mvcesa_softc),
mvcesa_match, mvcesa_attach, NULL, NULL);
CFATTACH_DECL_NEW(mvcesa_mbus, sizeof(struct mvcesa_softc),
mvcesa_match, mvcesa_attach, NULL, NULL);

/* ARGSUSED */
static int
mvcesa_match(device_t parent, cfdata_t match, void *aux)
{
struct marvell_attach_args *mva = aux;

if (strcmp(mva->mva_name, match->cf_name) != 0)
return 0;
if (mva->mva_offset == MVA_OFFSET_DEFAULT ||
mva->mva_irq == MVA_IRQ_DEFAULT)
return 0;

mva->mva_size = MVCESA_SIZE;
return 1;
}

/* ARGSUSED */
static void
mvcesa_attach(device_t parent, device_t self, void *aux)
{
struct mvcesa_softc *sc = device_private(self);
struct marvell_attach_args *mva = aux;

aprint_normal(
": Marvell Cryptographic Engines and Security Accelerator\n");
aprint_naive("\n");

sc->sc_dev = self;
sc->sc_iot = mva->mva_iot;
/* Map I/O registers */
if (bus_space_subregion(mva->mva_iot, mva->mva_ioh, mva->mva_offset,
mva->mva_size, &sc->sc_ioh)) {
aprint_error_dev(self, "can't map registers\n");
return;
}
sc->sc_dmat = mva->mva_dmat;

sc->sc_nsessions = 0;

/* Setup Opencrypto stuff */
sc->sc_cid = crypto_get_driverid(0);
if (sc->sc_cid < 0) {
aprint_error_dev(self, "couldn't get crypto driver id\n");
return;
}
crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0,
mvcesa_newsession, mvcesa_freesession, mvcesa_process, sc);
crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0,
mvcesa_newsession, mvcesa_freesession, mvcesa_process, sc);
#if __DMA_notyet__
/*
* Don't know how to process to AES CBC in PIO-mode.
* I havn't found IV registers.
*/
crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0,
mvcesa_newsession, mvcesa_freesession, mvcesa_process, sc);
#endif
crypto_register(sc->sc_cid, CRYPTO_SHA1, 0, 0,
mvcesa_newsession, mvcesa_freesession, mvcesa_process, sc);
crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0,
mvcesa_newsession, mvcesa_freesession, mvcesa_process, sc);
crypto_register(sc->sc_cid, CRYPTO_MD5, 0, 0,
mvcesa_newsession, mvcesa_freesession, mvcesa_process, sc);
crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0,
mvcesa_newsession, mvcesa_freesession, mvcesa_process, sc);

/* Clear and establish interrupt */
bus_space_write_4(sc->sc_iot, sc->sc_ioh, MVCESA_IC, 0);
marvell_intr_establish(mva->mva_irq, IPL_NET, mvcesa_intr, sc);

bus_space_write_4(sc->sc_iot, sc->sc_ioh, MVCESA_IM, 0);
}

static int
mvcesa_intr(void *arg)
{
#if 0
struct mvcesa_softc *sc = (struct mvcesa_softc *)arg;
#endif
int handled = 0;

return handled;
}

/*
* Opencrypto functions
*/
/*
* Allocate a new 'session' and return an encoded session id. 'sidp'
* contains our registration id, and should contain an encoded session
* id on successful allocation.
*/
static int
mvcesa_newsession(void *arg, u_int32_t *sidp, struct cryptoini *cri)
{
struct mvcesa_softc *sc = (struct mvcesa_softc *)arg;
struct cryptoini *c;
struct mvcesa_session *ses = NULL;
int sesn, count, enc, mac, i;

KASSERT(sc != NULL /*, ("mvcesa_newsession: null softc")*/);
if (sidp == NULL || cri == NULL || sc == NULL)
return EINVAL;

for (sesn = 0; sesn < sc->sc_nsessions; sesn++)
if (sc->sc_sessions[sesn].ses_used == 0) {
ses = sc->sc_sessions + sesn;
break;
}

if (ses == NULL) {
sesn = sc->sc_nsessions;
ses = malloc((sesn + 1) * sizeof(*ses), M_DEVBUF, M_NOWAIT);
if (ses == NULL)
return ENOMEM;
if (sesn != 0) {
memcpy(ses, sc->sc_sessions, sesn * sizeof(*ses));
memset(sc->sc_sessions, 0, sesn * sizeof(*ses));
free(sc->sc_sessions, M_DEVBUF);
}
sc->sc_sessions = ses;
ses = sc->sc_sessions + sesn;
sc->sc_nsessions++;
}
memset(ses, 0, sizeof(*ses));

count = 0;
enc = mac = 0;
for (c = cri; c != NULL; c = c->cri_next) {
switch (c->cri_alg) {
case CRYPTO_DES_CBC:
case CRYPTO_3DES_CBC:
if (enc)
return EINVAL;
enc = 1;

/* Go ahead and compute key in CESA's byte order */
ses->ses_klen = c->cri_klen;
memcpy(ses->ses_key, c->cri_key, c->cri_klen / 8);
switch (c->cri_alg) {
case CRYPTO_3DES_CBC:
ses->ses_key[5] = htobe32(ses->ses_key[5]);
ses->ses_key[4] = htobe32(ses->ses_key[4]);
ses->ses_key[3] = htobe32(ses->ses_key[3]);
ses->ses_key[2] = htobe32(ses->ses_key[2]);

/* FALLTHROUGH */
case CRYPTO_DES_CBC:
ses->ses_key[1] = htobe32(ses->ses_key[1]);
ses->ses_key[0] = htobe32(ses->ses_key[0]);
}
break;

case CRYPTO_SHA1_HMAC:
case CRYPTO_MD5_HMAC:
{
MD5_CTX md5ctx;
SHA1_CTX sha1ctx;
int klen_bytes = c->cri_klen / 8;

KASSERT(c->cri_klen == 512);

for (i = 0; i < klen_bytes; i++)
c->cri_key[i] ^= HMAC_IPAD_VAL;
if (c->cri_alg == CRYPTO_MD5_HMAC_96) {
MD5Init(&md5ctx);
MD5Update(&md5ctx, c->cri_key, klen_bytes);
MD5Update(&md5ctx, hmac_ipad_buffer,
HMAC_BLOCK_LEN - klen_bytes);
memcpy(ses->ses_hminner, md5ctx.state,
sizeof(md5ctx.state));
} else {
SHA1Init(&sha1ctx);
SHA1Update(&sha1ctx, c->cri_key, klen_bytes);
SHA1Update(&sha1ctx, hmac_ipad_buffer,
HMAC_BLOCK_LEN - klen_bytes);
memcpy(ses->ses_hminner, sha1ctx.state,
sizeof(sha1ctx.state));
}

for (i = 0; i < klen_bytes; i++)
c->cri_key[i] ^=
(HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
if (c->cri_alg == CRYPTO_MD5_HMAC_96) {
MD5Init(&md5ctx);
MD5Update(&md5ctx, c->cri_key, klen_bytes);
MD5Update(&md5ctx, hmac_opad_buffer,
HMAC_BLOCK_LEN - klen_bytes);
memcpy(ses->ses_hmouter, md5ctx.state,
sizeof(md5ctx.state));
} else {
SHA1Init(&sha1ctx);
SHA1Update(&sha1ctx, c->cri_key, klen_bytes);
SHA1Update(&sha1ctx, hmac_opad_buffer,
HMAC_BLOCK_LEN - klen_bytes);
memcpy(ses->ses_hmouter, sha1ctx.state,
sizeof(sha1ctx.state));
}

for (i = 0; i < klen_bytes; i++)
c->cri_key[i] ^= HMAC_OPAD_VAL;
}
/* FALLTHROUGH */

case CRYPTO_SHA1:
case CRYPTO_MD5:
if (mac)
return EINVAL;
mac = 1;
}
count++;
}
if (count > 2) {
mvcesa_freesession(sc, sesn);
return EINVAL;
}

*sidp = MVCESA_SID(device_unit(sc->sc_dev), sesn);
ses->ses_used = 1;

return 0;
}

/*
* Deallocate a session.
*/
static void
mvcesa_freesession(void *arg, u_int64_t tid)
{
struct mvcesa_softc *sc = (struct mvcesa_softc *)arg;
int session;
uint32_t sid = ((uint32_t)tid) & 0xffffffff;

session = MVCESA_SESSION(sid);
KASSERTMSG(session >= 0, "session=%d", session);
KASSERTMSG(session < sc->sc_nsessions, "session=%d nsessions=%d",
session, sc->sc_nsessions);

memset(&sc->sc_sessions[session], 0, sizeof(sc->sc_sessions[session]));
}

static int
mvcesa_process(void *arg, struct cryptop *crp, int hint)
{
struct mvcesa_softc *sc = arg;
struct mvcesa_session *ses;
struct cryptodesc *crd;
struct mbuf *m = NULL;
struct uio *uio = NULL;
int session;
char *buf = NULL;

session = MVCESA_SESSION(crp->crp_sid);
KASSERTMSG(session < sc->sc_nsessions, "session=%d nsessions=%d",
session, sc->sc_nsessions);
ses = &sc->sc_sessions[session];

if (crp->crp_flags & CRYPTO_F_IMBUF)
m = (struct mbuf *)crp->crp_buf;
else if (crp->crp_flags & CRYPTO_F_IOV)
uio = (struct uio *)crp->crp_buf;
else
buf = (char *)crp->crp_buf;

if (0 /* DMA support */) {
/* not yet... */

goto done;
}

/* PIO operation */

for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
switch (crd->crd_alg) {
case CRYPTO_DES_CBC:
case CRYPTO_3DES_CBC:
{
uint32_t alg, mode, dir, *iv, ivbuf[2];

mode = MVCESA_DESE_C_DESMODE_CBC;
if (crd->crd_alg == CRYPTO_DES_CBC)
alg = MVCESA_DESE_C_ALGORITHM_DES;
else { /* CRYPTO_3DES_CBC */
alg = MVCESA_DESE_C_ALGORITHM_3DES;
mode |= MVCESA_DESE_C_3DESMODE_EDE;
}
if (crd->crd_flags & CRD_F_ENCRYPT) {
dir = MVCESA_DESE_C_DIRECTION_ENC;
if (crd->crd_flags & CRD_F_IV_EXPLICIT)
iv = (uint32_t *)crd->crd_iv;
else {
cprng_fast(ivbuf, sizeof(ivbuf));
iv = ivbuf;
}
if (!(crd->crd_flags & CRD_F_IV_PRESENT)) {
if (m != NULL)
m_copyback(m, crd->crd_inject,
8, iv);
else if (uio != NULL)
cuio_copyback(uio,
crd->crd_inject, 8, iv);
}
} else {
dir = MVCESA_DESE_C_DIRECTION_DEC;
if (crd->crd_flags & CRD_F_IV_EXPLICIT)
iv = (uint32_t *)crd->crd_iv;
else {
if (m != NULL)
m_copydata(m, crd->crd_inject,
8, ivbuf);
else if (uio != NULL)
cuio_copydata(uio,
crd->crd_inject, 8, ivbuf);
iv = ivbuf;
}
}

crp->crp_etype = mvcesa_des_encdec(sc, ses,
alg, mode, dir, iv, crd->crd_skip, crd->crd_len,
buf, m, uio);
break;
}

case CRYPTO_SHA1:
case CRYPTO_SHA1_HMAC:
case CRYPTO_MD5:
case CRYPTO_MD5_HMAC:
{
uint64_t bits;
uint32_t alg, *iv = NULL, digest[512 / 8 / 4], dlen;

if (crd->crd_alg == CRYPTO_SHA1 ||
crd->crd_alg == CRYPTO_SHA1_HMAC) {
alg = MVCESA_SHA1MD5I_AC_ALGORITHM_SHA1;
dlen = 160;
} else { /* CRYPTO_MD5 || CRYPTO_MD5_HMAC */
alg = MVCESA_SHA1MD5I_AC_ALGORITHM_MD5;
dlen = 128;
}
bits = crd->crd_len << 3;
if (crd->crd_alg == CRYPTO_SHA1_HMAC ||
crd->crd_alg == CRYPTO_MD5_HMAC) {
iv = ses->ses_hminner;
bits += 512;
}

crp->crp_etype = mvcesa_authentication(sc, ses,
alg, iv, digest, bits, crd->crd_skip, crd->crd_len,
buf, m, uio);
if (crp->crp_etype != 0)
break;

if (crd->crd_alg == CRYPTO_SHA1_HMAC ||
crd->crd_alg == CRYPTO_MD5_HMAC)
crp->crp_etype = mvcesa_authentication(sc,
ses, alg, ses->ses_hmouter, digest,
512 + dlen, 0, dlen, (char *)digest, NULL,
NULL);
if (crp->crp_etype != 0)
break;

/* Inject the authentication data */
if (buf != NULL)
memcpy(buf + crd->crd_inject, digest, dlen / 8);
else if (m != NULL)
m_copyback(m, crd->crd_inject, dlen / 8,
digest);
else if (uio != NULL)
memcpy(crp->crp_mac, digest, dlen / 8);
}
}
if (crp->crp_etype != 0)
break;
}

done:
DPRINTF(("request %08x done\n", (uint32_t)crp));
crypto_done(crp);
return 0;
}

static int
mvcesa_authentication(struct mvcesa_softc *sc, struct mvcesa_session *ses,
uint32_t alg, uint32_t *iv, uint32_t *digest,
uint64_t bits, int skip, int len, char *buf,
struct mbuf *m, struct uio *uio)
{
uint32_t cmd, bswp, data = 0;
int dlen, off, i, s;

/*
* SHA/MD5 algorithms work in 512-bit chunks, equal to 16 words.
*/

KASSERT(!(len & (512 - 1)) || bits != 0);
KASSERT(buf != NULL || m != NULL || uio != NULL);

cmd = bus_space_read_4(sc->sc_iot, sc->sc_ioh, MVCESA_SHA1MD5I_AC);
if (!(cmd & MVCESA_SHA1MD5I_AC_TERMINATION))
return ERESTART;

bswp = 0;
if (alg == MVCESA_SHA1MD5I_AC_ALGORITHM_SHA1) {
dlen = 160;
bits = htobe64(bits);
#if BYTE_ORDER == LITTLE_ENDIAN
bswp = MVCESA_SHA1MD5I_AC_DATABYTESWAP |
MVCESA_SHA1MD5I_AC_IVBYTESWAP;
#endif
} else { /* MVCESA_SHA1MD5I_AC_ALGORITHM_MD5 */
dlen = 128;
bits = htole64(bits);
#if BYTE_ORDER == BIG_ENDIAN
bswp = MVCESA_SHA1MD5I_AC_DATABYTESWAP |
MVCESA_SHA1MD5I_AC_IVBYTESWAP;
#endif
}
bus_space_write_4(sc->sc_iot, sc->sc_ioh, MVCESA_SHA1MD5I_AC,
alg | bswp | MVCESA_SHA1MD5I_AC_MODE_USEIV);

if (iv != NULL)
bus_space_write_region_4(sc->sc_iot, sc->sc_ioh,
MVCESA_SHA1MD5I_IVDA, iv, dlen / 4);

off = i = 0;
while (1 /* CONSTCOND */) {
data = 0;
if (buf != NULL)
for (i = 0; i < 512 / 8 && off + i < len; i += s) {
s = uimin(sizeof(data), len - off - i);
memcpy(&data, buf + skip + off + i, s);
if (s == sizeof(data))
bus_space_write_4(sc->sc_iot,
sc->sc_ioh, MVCESA_SHA1MD5I_DI,
data);
}
else if (m != NULL)
for (i = 0; i < 512 / 8 && off + i < len; i += s) {
s = uimin(sizeof(data), len - off - i);
m_copydata(m, skip + off + i, s, &data);
if (s == sizeof(data))
bus_space_write_4(sc->sc_iot,
sc->sc_ioh, MVCESA_SHA1MD5I_DI,
data);
}
else if (uio != NULL)
for (i = 0; i < 512 / 8 && off + i < len; i += s) {
s = uimin(sizeof(data), len - off - i);
cuio_copydata(uio, skip + off + i, s, &data);
if (s == sizeof(data))
bus_space_write_4(sc->sc_iot,
sc->sc_ioh, MVCESA_SHA1MD5I_DI,
data);
}

off += i;
if (i < 512 / 8)
break;

do {
cmd = bus_space_read_4(sc->sc_iot, sc->sc_ioh,
MVCESA_SHA1MD5I_AC);
} while (!(cmd & MVCESA_SHA1MD5I_AC_TERMINATION));

bus_space_write_4(sc->sc_iot, sc->sc_ioh, MVCESA_SHA1MD5I_AC,
alg | bswp | MVCESA_SHA1MD5I_AC_MODE_CONTINUE);
}

if (i < 512 / 8) {
*((char *)&data + (i % 4)) = 0x80;
bus_space_write_4(sc->sc_iot, sc->sc_ioh, MVCESA_SHA1MD5I_DI,
data);
i = (i & ~3) + 4;

/* Do pad to 512 bits, if chunk size is more than 448 bits. */
if (i > 448 / 8) {
for (; i < 512 / 8; i += 4)
bus_space_write_4(sc->sc_iot, sc->sc_ioh,
MVCESA_SHA1MD5I_DI, 0);
do {
cmd = bus_space_read_4(sc->sc_iot, sc->sc_ioh,
MVCESA_SHA1MD5I_AC);
} while (!(cmd & MVCESA_SHA1MD5I_AC_TERMINATION));
i = 0;
}
for (; i < 448 / 8; i += 4)
bus_space_write_4(sc->sc_iot, sc->sc_ioh,
MVCESA_SHA1MD5I_DI, 0);

/* Set total bits */
bus_space_write_4(sc->sc_iot, sc->sc_ioh, MVCESA_SHA1MD5I_BCL,
bits & 0xffffffff);
bus_space_write_4(sc->sc_iot, sc->sc_ioh, MVCESA_SHA1MD5I_BCH,
bits >> 32);
do {
cmd = bus_space_read_4(sc->sc_iot, sc->sc_ioh,
MVCESA_SHA1MD5I_AC);
} while (!(cmd & MVCESA_SHA1MD5I_AC_TERMINATION));
}

if (digest != NULL) {
/* Read digest */
bus_space_read_region_4(sc->sc_iot, sc->sc_ioh,
MVCESA_SHA1MD5I_IVDA, digest, dlen / 8 / 4);
#if BYTE_ORDER == LITTLE_ENDIAN
if (alg == MVCESA_SHA1MD5I_AC_ALGORITHM_SHA1)
for (i = 0; i < dlen / 8 / 4; i++)
digest[i] = be32toh(digest[i]);
#else
if (alg == MVCESA_SHA1MD5I_AC_ALGORITHM_MD5)
for (i = 0; i < dlen / 8 / 4; i++)
digest[i] = le32toh(digest[i]);
#endif
}
return 0;
}

static int
mvcesa_des_encdec(struct mvcesa_softc *sc, struct mvcesa_session *ses,
uint32_t alg, uint32_t mode, uint32_t dir, uint32_t *iv,
int skip, int len, char *buf, struct mbuf *m, struct uio *uio)
{
uint64_t iblk, oblk;
uint32_t cmd, bswp = 0;
int i, o, s;

KASSERT(buf != NULL || m != NULL || uio != NULL);

cmd = bus_space_read_4(sc->sc_iot, sc->sc_ioh, MVCESA_DESE_C);
if (!(cmd & MVCESA_DESE_C_TERMINATION))
return ERESTART;

#if BYTE_ORDER == LITTLE_ENDIAN
bswp = MVCESA_DESE_C_DATABYTESWAP | MVCESA_DESE_C_IVBYTESWAP |
MVCESA_DESE_C_OUTBYTESWAP;
#endif
bus_space_write_4(sc->sc_iot, sc->sc_ioh, MVCESA_DESE_C,
dir | alg | mode | bswp | MVCESA_DESE_C_ALLTERMINATION);

bus_space_write_4(sc->sc_iot, sc->sc_ioh, MVCESA_DESE_K0L,
ses->ses_key[1]);
bus_space_write_4(sc->sc_iot, sc->sc_ioh, MVCESA_DESE_K0H,
ses->ses_key[0]);
if (alg == MVCESA_DESE_C_ALGORITHM_3DES) {
bus_space_write_4(sc->sc_iot, sc->sc_ioh, MVCESA_DESE_K1L,
ses->ses_key[3]);
bus_space_write_4(sc->sc_iot, sc->sc_ioh, MVCESA_DESE_K1H,
ses->ses_key[2]);
bus_space_write_4(sc->sc_iot, sc->sc_ioh, MVCESA_DESE_K2L,
ses->ses_key[5]);
bus_space_write_4(sc->sc_iot, sc->sc_ioh, MVCESA_DESE_K2H,
ses->ses_key[4]);
}

bus_space_write_4(sc->sc_iot, sc->sc_ioh, MVCESA_DESE_IVL, iv[1]);
bus_space_write_4(sc->sc_iot, sc->sc_ioh, MVCESA_DESE_IVH, iv[0]);

i = o = 0;
while (i < len) {
s = uimin(sizeof(iblk), len - i);
iblk = 0;

if (buf != NULL)
memcpy(&iblk, buf + skip + i, s);
else if (m != NULL)
m_copydata(m, skip + i, s, &iblk);
else if (uio != NULL)
cuio_copydata(uio, skip + i, s, &iblk);

/*
* We have the pipeline that two data enters.
*/

while (1 /* CONSTCOND */) {
cmd = bus_space_read_4(sc->sc_iot, sc->sc_ioh,
MVCESA_DESE_C);
if (cmd & MVCESA_DESE_C_ALLTERMINATION)
/* Engine is ready. Can write two data. */
break;
if (cmd & MVCESA_DESE_C_READALLOW) {
oblk = bus_space_read_4(sc->sc_iot, sc->sc_ioh,
MVCESA_DESE_DOH);
/* XXXX: needs barrier? */
oblk |= (uint64_t)bus_space_read_4(sc->sc_iot,
sc->sc_ioh, MVCESA_DESE_DOL) << 32;

if (buf != NULL)
memcpy(buf + skip + o, &oblk,
sizeof(oblk));
else if (m != NULL)
m_copydata(m, skip + o, sizeof(oblk),
&oblk);
else if (uio != NULL)
cuio_copyback(uio, skip + o,
sizeof(oblk), &oblk);
o += sizeof(oblk);

/* Can write one data */
break;
}
}

/*
* Encryption/Decryption calculation time is 9 cycles in DES
* mode and 25 cycles in 3DES mode.
*/
bus_space_write_4(sc->sc_iot, sc->sc_ioh, MVCESA_DESE_DBL,
iblk >> 32);
/* XXXX: needs barrier? */
bus_space_write_4(sc->sc_iot, sc->sc_ioh, MVCESA_DESE_DBH,
iblk & 0xffffffff);
i += s;
}

while (1 /* CONSTCOND */) {
cmd = bus_space_read_4(sc->sc_iot, sc->sc_ioh,
MVCESA_DESE_C);
if (cmd & (MVCESA_DESE_C_READALLOW |
MVCESA_DESE_C_ALLTERMINATION)) {
oblk = bus_space_read_4(sc->sc_iot, sc->sc_ioh,
MVCESA_DESE_DOH);
/* XXXX: needs barrier? */
oblk |= (uint64_t)bus_space_read_4(sc->sc_iot,
sc->sc_ioh, MVCESA_DESE_DOL) << 32;

if (cmd & MVCESA_DESE_C_ALLTERMINATION) {
/* We can read IV from Data Out Registers. */
if (dir == MVCESA_DESE_C_DIRECTION_ENC)
o -= sizeof(oblk);
else
break;
}
if (buf != NULL)
memcpy(buf + skip + o, &oblk, sizeof(oblk));
else if (m != NULL)
m_copydata(m, skip + o, sizeof(oblk), &oblk);
else if (uio != NULL)
cuio_copyback(uio, skip + o, sizeof(oblk),
&oblk);
o += sizeof(oblk);
if (cmd & MVCESA_DESE_C_ALLTERMINATION)
break;
}
}

return 0;
}