1/*
2 *  fuc microcode for g98 sec engine
3 *  Copyright (C) 2010  Marcin Kościelnicki
4 *
5 *  This program is free software; you can redistribute it and/or modify
6 *  it under the terms of the GNU General Public License as published by
7 *  the Free Software Foundation; either version 2 of the License, or
8 *  (at your option) any later version.
9 *
10 *  This program is distributed in the hope that it will be useful,
11 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 *  GNU General Public License for more details.
14 *
15 *  You should have received a copy of the GNU General Public License
16 *  along with this program; if not, write to the Free Software
17 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
18 */
19
20.section #g98_sec_data
21
22ctx_dma:
23ctx_dma_query:		.b32 0
24ctx_dma_src:		.b32 0
25ctx_dma_dst:		.b32 0
26.equ #dma_count 3
27ctx_query_address_high:	.b32 0
28ctx_query_address_low:	.b32 0
29ctx_query_counter:	.b32 0
30ctx_cond_address_high:	.b32 0
31ctx_cond_address_low:	.b32 0
32ctx_cond_off:		.b32 0
33ctx_src_address_high:	.b32 0
34ctx_src_address_low:	.b32 0
35ctx_dst_address_high:	.b32 0
36ctx_dst_address_low:	.b32 0
37ctx_mode:		.b32 0
38.align 16
39ctx_key:		.skip 16
40ctx_iv:			.skip 16
41
42.align 0x80
43swap:
44.skip 32
45
46.align 8
47common_cmd_dtable:
48.b32 #ctx_query_address_high + 0x20000 ~0xff
49.b32 #ctx_query_address_low + 0x20000 ~0xfffffff0
50.b32 #ctx_query_counter + 0x20000 ~0xffffffff
51.b32 #cmd_query_get + 0x00000 ~1
52.b32 #ctx_cond_address_high + 0x20000 ~0xff
53.b32 #ctx_cond_address_low + 0x20000 ~0xfffffff0
54.b32 #cmd_cond_mode + 0x00000 ~7
55.b32 #cmd_wrcache_flush + 0x00000 ~0
56.equ #common_cmd_max 0x88
57
58
59.align 8
60engine_cmd_dtable:
61.b32 #ctx_key + 0x0 + 0x20000 ~0xffffffff
62.b32 #ctx_key + 0x4 + 0x20000 ~0xffffffff
63.b32 #ctx_key + 0x8 + 0x20000 ~0xffffffff
64.b32 #ctx_key + 0xc + 0x20000 ~0xffffffff
65.b32 #ctx_iv + 0x0 + 0x20000 ~0xffffffff
66.b32 #ctx_iv + 0x4 + 0x20000 ~0xffffffff
67.b32 #ctx_iv + 0x8 + 0x20000 ~0xffffffff
68.b32 #ctx_iv + 0xc + 0x20000 ~0xffffffff
69.b32 #ctx_src_address_high + 0x20000 ~0xff
70.b32 #ctx_src_address_low + 0x20000 ~0xfffffff0
71.b32 #ctx_dst_address_high + 0x20000 ~0xff
72.b32 #ctx_dst_address_low + 0x20000 ~0xfffffff0
73.b32 #sec_cmd_mode + 0x00000 ~0xf
74.b32 #sec_cmd_length + 0x10000 ~0x0ffffff0
75.equ #engine_cmd_max 0xce
76
77.align 4
78sec_dtable:
79.b16 #sec_copy_prep #sec_do_inout
80.b16 #sec_store_prep #sec_do_out
81.b16 #sec_ecb_e_prep #sec_do_inout
82.b16 #sec_ecb_d_prep #sec_do_inout
83.b16 #sec_cbc_e_prep #sec_do_inout
84.b16 #sec_cbc_d_prep #sec_do_inout
85.b16 #sec_pcbc_e_prep #sec_do_inout
86.b16 #sec_pcbc_d_prep #sec_do_inout
87.b16 #sec_cfb_e_prep #sec_do_inout
88.b16 #sec_cfb_d_prep #sec_do_inout
89.b16 #sec_ofb_prep #sec_do_inout
90.b16 #sec_ctr_prep #sec_do_inout
91.b16 #sec_cbc_mac_prep #sec_do_in
92.b16 #sec_cmac_finish_complete_prep #sec_do_in
93.b16 #sec_cmac_finish_partial_prep #sec_do_in
94
95.align 0x100
96
97.section #g98_sec_code
98
99	// $r0 is always set to 0 in our code - this allows some space savings.
100	clear b32 $r0
101
102	// set up the interrupt handler
103	mov $r1 #ih
104	mov $iv0 $r1
105
106	// init stack pointer
107	mov $sp $r0
108
109	// set interrupt dispatch - route timer, fifo, ctxswitch to i0, others to host
110	movw $r1 0xfff0
111	sethi $r1 0
112	mov $r2 0x400
113	iowr I[$r2 + 0x300] $r1
114
115	// enable the interrupts
116	or $r1 0xc
117	iowr I[$r2] $r1
118
119	// enable fifo access and context switching
120	mov $r1 3
121	mov $r2 0x1200
122	iowr I[$r2] $r1
123
124	// enable i0 delivery
125	bset $flags ie0
126
127	// sleep forver, waking only for interrupts.
128	bset $flags $p0
129	spin:
130	sleep $p0
131	bra #spin
132
133// i0 handler
134ih:
135	// see which interrupts we got
136	iord $r1 I[$r0 + 0x200]
137
138	and $r2 $r1 0x8
139	cmpu b32 $r2 0
140	bra e #noctx
141
142		// context switch... prepare the regs for xfer
143		mov $r2 0x7700
144		mov $xtargets $r2
145		mov $xdbase $r0
146		// 128-byte context.
147		mov $r2 0
148		sethi $r2 0x50000
149
150		// read current channel
151		mov $r3 0x1400
152		iord $r4 I[$r3]
153		// if bit 30 set, it's active, so we have to unload it first.
154		shl b32 $r5 $r4 1
155		cmps b32 $r5 0
156		bra nc #ctxload
157
158			// unload the current channel - save the context
159			xdst $r0 $r2
160			xdwait
161			// and clear bit 30, then write back
162			bclr $r4 0x1e
163			iowr I[$r3] $r4
164			// tell PFIFO we unloaded
165			mov $r4 1
166			iowr I[$r3 + 0x200] $r4
167
168		bra #noctx
169
170		ctxload:
171			// no channel loaded - perhaps we're requested to load one
172			iord $r4 I[$r3 + 0x100]
173			shl b32 $r15 $r4 1
174			cmps b32 $r15 0
175			// if bit 30 of next channel not set, probably PFIFO is just
176			// killing a context. do a faux load, without the active bit.
177			bra nc #dummyload
178
179				// ok, do a real context load.
180				xdld $r0 $r2
181				xdwait
182				mov $r5 #ctx_dma
183				mov $r6 #dma_count - 1
184				ctxload_dma_loop:
185					ld b32 $r7 D[$r5 + $r6 * 4]
186					add b32 $r8 $r6 0x180
187					shl b32 $r8 8
188					iowr I[$r8] $r7
189					sub b32 $r6 1
190				bra nc #ctxload_dma_loop
191
192			dummyload:
193			// tell PFIFO we're done
194			mov $r5 2
195			iowr I[$r3 + 0x200] $r5
196
197	noctx:
198	and $r2 $r1 0x4
199	cmpu b32 $r2 0
200	bra e #nocmd
201
202		// incoming fifo command.
203		mov $r3 0x1900
204		iord $r2 I[$r3 + 0x100]
205		iord $r3 I[$r3]
206		// extract the method
207		and $r4 $r2 0x7ff
208		// shift the addr to proper position if we need to interrupt later
209		shl b32 $r2 0x10
210
211		// mthd 0 and 0x100 [NAME, NOP]: ignore
212		and $r5 $r4 0x7bf
213		cmpu b32 $r5 0
214		bra e #cmddone
215
216		mov $r5 #engine_cmd_dtable - 0xc0 * 8
217		mov $r6 #engine_cmd_max
218		cmpu b32 $r4 0xc0
219		bra nc #dtable_cmd
220		mov $r5 #common_cmd_dtable - 0x80 * 8
221		mov $r6 #common_cmd_max
222		cmpu b32 $r4 0x80
223		bra nc #dtable_cmd
224		cmpu b32 $r4 0x60
225		bra nc #dma_cmd
226		cmpu b32 $r4 0x50
227		bra ne #illegal_mthd
228
229			// mthd 0x140: PM_TRIGGER
230			mov $r2 0x2200
231			clear b32 $r3
232			sethi $r3 0x20000
233			iowr I[$r2] $r3
234			bra #cmddone
235
236		dma_cmd:
237			// mthd 0x180...: DMA_*
238			cmpu b32 $r4 0x60+#dma_count
239			bra nc #illegal_mthd
240			shl b32 $r5 $r4 2
241			add b32 $r5 ((#ctx_dma - 0x60 * 4) & 0xffff)
242			bset $r3 0x1e
243			st b32 D[$r5] $r3
244			add b32 $r4 0x180 - 0x60
245			shl b32 $r4 8
246			iowr I[$r4] $r3
247			bra #cmddone
248
249		dtable_cmd:
250			cmpu b32 $r4 $r6
251			bra nc #illegal_mthd
252			shl b32 $r4 3
253			add b32 $r4 $r5
254			ld b32 $r5 D[$r4 + 4]
255			and $r5 $r3
256			cmpu b32 $r5 0
257			bra ne #invalid_bitfield
258			ld b16 $r5 D[$r4]
259			ld b16 $r6 D[$r4 + 2]
260			cmpu b32 $r6 2
261			bra e #cmd_setctx
262			ld b32 $r7 D[$r0 + #ctx_cond_off]
263			and $r6 $r7
264			cmpu b32 $r6 1
265			bra e #cmddone
266			call $r5
267			bra $p1 #dispatch_error
268			bra #cmddone
269
270		cmd_setctx:
271			st b32 D[$r5] $r3
272			bra #cmddone
273
274
275		invalid_bitfield:
276			or $r2 1
277		dispatch_error:
278		illegal_mthd:
279			mov $r4 0x1000
280			iowr I[$r4] $r2
281			iowr I[$r4 + 0x100] $r3
282			mov $r4 0x40
283			iowr I[$r0] $r4
284
285			im_loop:
286				iord $r4 I[$r0 + 0x200]
287				and $r4 0x40
288				cmpu b32 $r4 0
289			bra ne #im_loop
290
291		cmddone:
292		// remove the command from FIFO
293		mov $r3 0x1d00
294		mov $r4 1
295		iowr I[$r3] $r4
296
297	nocmd:
298	// ack the processed interrupts
299	and $r1 $r1 0xc
300	iowr I[$r0 + 0x100] $r1
301iret
302
303cmd_query_get:
304	// if bit 0 of param set, trigger interrupt afterwards.
305	setp $p1 $r3
306	or $r2 3
307
308	// read PTIMER, beware of races...
309	mov $r4 0xb00
310	ptimer_retry:
311		iord $r6 I[$r4 + 0x100]
312		iord $r5 I[$r4]
313		iord $r7 I[$r4 + 0x100]
314		cmpu b32 $r6 $r7
315	bra ne #ptimer_retry
316
317	// prepare the query structure
318	ld b32 $r4 D[$r0 + #ctx_query_counter]
319	st b32 D[$r0 + #swap + 0x0] $r4
320	st b32 D[$r0 + #swap + 0x4] $r0
321	st b32 D[$r0 + #swap + 0x8] $r5
322	st b32 D[$r0 + #swap + 0xc] $r6
323
324	// will use target 0, DMA_QUERY.
325	mov $xtargets $r0
326
327	ld b32 $r4 D[$r0 + #ctx_query_address_high]
328	shl b32 $r4 0x18
329	mov $xdbase $r4
330
331	ld b32 $r4 D[$r0 + #ctx_query_address_low]
332	mov $r5 #swap
333	sethi $r5 0x20000
334	xdst $r4 $r5
335	xdwait
336
337	ret
338
339cmd_cond_mode:
340	// if >= 5, INVALID_ENUM
341	bset $flags $p1
342	or $r2 2
343	cmpu b32 $r3 5
344	bra nc #return
345
346	// otherwise, no error.
347	bclr $flags $p1
348
349	// if < 2, no QUERY object is involved
350	cmpu b32 $r3 2
351	bra nc #cmd_cond_mode_queryful
352
353		xor $r3 1
354		st b32 D[$r0 + #ctx_cond_off] $r3
355	return:
356		ret
357
358	cmd_cond_mode_queryful:
359	// ok, will need to pull a QUERY object, prepare offsets
360	ld b32 $r4 D[$r0 + #ctx_cond_address_high]
361	ld b32 $r5 D[$r0 + #ctx_cond_address_low]
362	and $r6 $r5 0xff
363	shr b32 $r5 8
364	shl b32 $r4 0x18
365	or $r4 $r5
366	mov $xdbase $r4
367	mov $xtargets $r0
368
369	// pull the first one
370	mov $r5 #swap
371	sethi $r5 0x20000
372	xdld $r6 $r5
373
374	// if == 2, only a single QUERY is involved...
375	cmpu b32 $r3 2
376	bra ne #cmd_cond_mode_double
377
378		xdwait
379		ld b32 $r4 D[$r0 + #swap + 4]
380		cmpu b32 $r4 0
381		xbit $r4 $flags z
382		st b32 D[$r0 + #ctx_cond_off] $r4
383		ret
384
385	// ok, we'll need to pull second one too
386	cmd_cond_mode_double:
387	add b32 $r6 0x10
388	add b32 $r5 0x10
389	xdld $r6 $r5
390	xdwait
391
392	// compare COUNTERs
393	ld b32 $r5 D[$r0 + #swap + 0x00]
394	ld b32 $r6 D[$r0 + #swap + 0x10]
395	cmpu b32 $r5 $r6
396	xbit $r4 $flags z
397
398	// compare RESen
399	ld b32 $r5 D[$r0 + #swap + 0x04]
400	ld b32 $r6 D[$r0 + #swap + 0x14]
401	cmpu b32 $r5 $r6
402	xbit $r5 $flags z
403	and $r4 $r5
404
405	// and negate or not, depending on mode
406	cmpu b32 $r3 3
407	xbit $r5 $flags z
408	xor $r4 $r5
409	st b32 D[$r0 + #ctx_cond_off] $r4
410	ret
411
412cmd_wrcache_flush:
413	bclr $flags $p1
414	mov $r2 0x2200
415	clear b32 $r3
416	sethi $r3 0x10000
417	iowr I[$r2] $r3
418	ret
419
420sec_cmd_mode:
421	// if >= 0xf, INVALID_ENUM
422	bset $flags $p1
423	or $r2 2
424	cmpu b32 $r3 0xf
425	bra nc #sec_cmd_mode_return
426
427		bclr $flags $p1
428		st b32 D[$r0 + #ctx_mode] $r3
429
430	sec_cmd_mode_return:
431	ret
432
433sec_cmd_length:
434	// nop if length == 0
435	cmpu b32 $r3 0
436	bra e #sec_cmd_mode_return
437
438	// init key, IV
439	cxset 3
440	mov $r4 #ctx_key
441	sethi $r4 0x70000
442	xdst $r0 $r4
443	mov $r4 #ctx_iv
444	sethi $r4 0x60000
445	xdst $r0 $r4
446	xdwait
447	ckeyreg $c7
448
449	// prepare the targets
450	mov $r4 0x2100
451	mov $xtargets $r4
452
453	// prepare src address
454	ld b32 $r4 D[$r0 + #ctx_src_address_high]
455	ld b32 $r5 D[$r0 + #ctx_src_address_low]
456	shr b32 $r8 $r5 8
457	shl b32 $r4 0x18
458	or $r4 $r8
459	and $r5 $r5 0xff
460
461	// prepare dst address
462	ld b32 $r6 D[$r0 + #ctx_dst_address_high]
463	ld b32 $r7 D[$r0 + #ctx_dst_address_low]
464	shr b32 $r8 $r7 8
465	shl b32 $r6 0x18
466	or $r6 $r8
467	and $r7 $r7 0xff
468
469	// find the proper prep & do functions
470	ld b32 $r8 D[$r0 + #ctx_mode]
471	shl b32 $r8 2
472
473	// run prep
474	ld b16 $r9 D[$r8 + #sec_dtable]
475	call $r9
476
477	// do it
478	ld b16 $r9 D[$r8 + #sec_dtable + 2]
479	call $r9
480	cxset 1
481	xdwait
482	cxset 0x61
483	xdwait
484	xdwait
485
486	// update src address
487	shr b32 $r8 $r4 0x18
488	shl b32 $r9 $r4 8
489	add b32 $r9 $r5
490	adc b32 $r8 0
491	st b32 D[$r0 + #ctx_src_address_high] $r8
492	st b32 D[$r0 + #ctx_src_address_low] $r9
493
494	// update dst address
495	shr b32 $r8 $r6 0x18
496	shl b32 $r9 $r6 8
497	add b32 $r9 $r7
498	adc b32 $r8 0
499	st b32 D[$r0 + #ctx_dst_address_high] $r8
500	st b32 D[$r0 + #ctx_dst_address_low] $r9
501
502	// pull updated IV
503	cxset 2
504	mov $r4 #ctx_iv
505	sethi $r4 0x60000
506	xdld $r0 $r4
507	xdwait
508
509	ret
510
511
512sec_copy_prep:
513	cs0begin 2
514		cxsin $c0
515		cxsout $c0
516	ret
517
518sec_store_prep:
519	cs0begin 1
520		cxsout $c6
521	ret
522
523sec_ecb_e_prep:
524	cs0begin 3
525		cxsin $c0
526		cenc $c0 $c0
527		cxsout $c0
528	ret
529
530sec_ecb_d_prep:
531	ckexp $c7 $c7
532	cs0begin 3
533		cxsin $c0
534		cdec $c0 $c0
535		cxsout $c0
536	ret
537
538sec_cbc_e_prep:
539	cs0begin 4
540		cxsin $c0
541		cxor $c6 $c0
542		cenc $c6 $c6
543		cxsout $c6
544	ret
545
546sec_cbc_d_prep:
547	ckexp $c7 $c7
548	cs0begin 5
549		cmov $c2 $c6
550		cxsin $c6
551		cdec $c0 $c6
552		cxor $c0 $c2
553		cxsout $c0
554	ret
555
556sec_pcbc_e_prep:
557	cs0begin 5
558		cxsin $c0
559		cxor $c6 $c0
560		cenc $c6 $c6
561		cxsout $c6
562		cxor $c6 $c0
563	ret
564
565sec_pcbc_d_prep:
566	ckexp $c7 $c7
567	cs0begin 5
568		cxsin $c0
569		cdec $c1 $c0
570		cxor $c6 $c1
571		cxsout $c6
572		cxor $c6 $c0
573	ret
574
575sec_cfb_e_prep:
576	cs0begin 4
577		cenc $c6 $c6
578		cxsin $c0
579		cxor $c6 $c0
580		cxsout $c6
581	ret
582
583sec_cfb_d_prep:
584	cs0begin 4
585		cenc $c0 $c6
586		cxsin $c6
587		cxor $c0 $c6
588		cxsout $c0
589	ret
590
591sec_ofb_prep:
592	cs0begin 4
593		cenc $c6 $c6
594		cxsin $c0
595		cxor $c0 $c6
596		cxsout $c0
597	ret
598
599sec_ctr_prep:
600	cs0begin 5
601		cenc $c1 $c6
602		cadd $c6 1
603		cxsin $c0
604		cxor $c0 $c1
605		cxsout $c0
606	ret
607
608sec_cbc_mac_prep:
609	cs0begin 3
610		cxsin $c0
611		cxor $c6 $c0
612		cenc $c6 $c6
613	ret
614
615sec_cmac_finish_complete_prep:
616	cs0begin 7
617		cxsin $c0
618		cxor $c6 $c0
619		cxor $c0 $c0
620		cenc $c0 $c0
621		cprecmac $c0 $c0
622		cxor $c6 $c0
623		cenc $c6 $c6
624	ret
625
626sec_cmac_finish_partial_prep:
627	cs0begin 8
628		cxsin $c0
629		cxor $c6 $c0
630		cxor $c0 $c0
631		cenc $c0 $c0
632		cprecmac $c0 $c0
633		cprecmac $c0 $c0
634		cxor $c6 $c0
635		cenc $c6 $c6
636	ret
637
638// TODO
639sec_do_in:
640	add b32 $r3 $r5
641	mov $xdbase $r4
642	mov $r9 #swap
643	sethi $r9 0x20000
644	sec_do_in_loop:
645		xdld $r5 $r9
646		xdwait
647		cxset 0x22
648		xdst $r0 $r9
649		cs0exec 1
650		xdwait
651		add b32 $r5 0x10
652		cmpu b32 $r5 $r3
653	bra ne #sec_do_in_loop
654	cxset 1
655	xdwait
656	ret
657
658sec_do_out:
659	add b32 $r3 $r7
660	mov $xdbase $r6
661	mov $r9 #swap
662	sethi $r9 0x20000
663	sec_do_out_loop:
664		cs0exec 1
665		cxset 0x61
666		xdld $r7 $r9
667		xdst $r7 $r9
668		cxset 1
669		xdwait
670		add b32 $r7 0x10
671		cmpu b32 $r7 $r3
672	bra ne #sec_do_out_loop
673	ret
674
675sec_do_inout:
676	add b32 $r3 $r5
677	mov $r9 #swap
678	sethi $r9 0x20000
679	sec_do_inout_loop:
680		mov $xdbase $r4
681		xdld $r5 $r9
682		xdwait
683		cxset 0x21
684		xdst $r0 $r9
685		cs0exec 1
686		cxset 0x61
687		mov $xdbase $r6
688		xdld $r7 $r9
689		xdst $r7 $r9
690		cxset 1
691		xdwait
692		add b32 $r5 0x10
693		add b32 $r7 0x10
694		cmpu b32 $r5 $r3
695	bra ne #sec_do_inout_loop
696	ret
697
698.align 0x100
699