module: icp: remove vestigia of crypto sessions

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Closes #12901
2024-11-17 10:01:01 +03:00 · 2021-12-27 02:53:32 +01:00 · 2021-12-27 02:53:32 +01:00 · de0ec5e7df
commit de0ec5e7df
parent cf497e18df
8 changed files with 50 additions and 126 deletions
--- a/include/sys/crypto/common.h
+++ b/include/sys/crypto/common.h
@ -154,8 +154,6 @@ typedef uint32_t 	crypto_provider_id_t;
 /* session data structure opaque to the consumer */
 typedef void *crypto_session_t;
 typedef uint_t		crypto_session_id_t;
 #define	PROVIDER_OWNS_KEY_SCHEDULE	0x00000001
 /*
--- a/module/icp/api/kcf_cipher.c
+++ b/module/icp/api/kcf_cipher.c
@ -89,7 +89,7 @@ retry:
 	crypto_mechanism_t lmech = *mech;
 	KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech);
-	error = KCF_PROV_ENCRYPT_ATOMIC(pd, pd->pd_sid, &lmech, key,
+	error = KCF_PROV_ENCRYPT_ATOMIC(pd, &lmech, key,
 	    plaintext, ciphertext, spi_ctx_tmpl);
 	KCF_PROV_INCRSTATS(pd, error);
@ -162,7 +162,7 @@ retry:
 	crypto_mechanism_t lmech = *mech;
 	KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech);
-	error = KCF_PROV_DECRYPT_ATOMIC(pd, pd->pd_sid, &lmech, key,
+	error = KCF_PROV_DECRYPT_ATOMIC(pd, &lmech, key,
 	    ciphertext, plaintext, spi_ctx_tmpl);
 	KCF_PROV_INCRSTATS(pd, error);
--- a/module/icp/api/kcf_mac.c
+++ b/module/icp/api/kcf_mac.c
@ -105,7 +105,7 @@ retry:
 	crypto_mechanism_t lmech = *mech;
 	KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech);
-	error = KCF_PROV_MAC_ATOMIC(pd, pd->pd_sid, &lmech, key, data,
+	error = KCF_PROV_MAC_ATOMIC(pd, &lmech, key, data,
 	    mac, spi_ctx_tmpl);
 	KCF_PROV_INCRSTATS(pd, error);
--- a/module/icp/include/sys/crypto/impl.h
+++ b/module/icp/include/sys/crypto/impl.h
@ -140,8 +140,6 @@ typedef enum {
 * provider. It is allocated and initialized at registration time and
 * freed when the provider unregisters.
 *
 * pd_sid:		Session ID of the provider used by kernel clients.
 *			This is valid only for session-oriented providers.
 * pd_refcnt:		Reference counter to this provider descriptor
 * pd_irefcnt:		References held by the framework internal structs
 * pd_lock:		lock protects pd_state
@ -164,7 +162,6 @@ typedef enum {
 * pd_ks_data:		kstat data
 */
 typedef struct kcf_provider_desc {
 	crypto_session_id_t		pd_sid;
 	uint_t				pd_refcnt;
 	uint_t				pd_irefcnt;
 	kmutex_t			pd_lock;
@ -312,54 +309,6 @@ extern const kcf_mech_entry_tab_t kcf_mech_tabs_tab[];
 #define	KCF_TO_PROV_MECHNUM(pd, mech_type)			\
 	(KCF_TO_PROV_MECHINFO(pd, mech_type).cm_mech_number)
 /* ps_refcnt is protected by cm_lock in the crypto_minor structure */
 typedef struct crypto_provider_session {
 	struct crypto_provider_session *ps_next;
 	crypto_session_id_t		ps_session;
 	kcf_provider_desc_t		*ps_provider;
 	kcf_provider_desc_t		*ps_real_provider;
 	uint_t				ps_refcnt;
 } crypto_provider_session_t;
 typedef struct crypto_session_data {
 	kmutex_t			sd_lock;
 	kcondvar_t			sd_cv;
 	uint32_t			sd_flags;
 	int				sd_pre_approved_amount;
 	crypto_ctx_t			*sd_digest_ctx;
 	crypto_ctx_t			*sd_encr_ctx;
 	crypto_ctx_t			*sd_decr_ctx;
 	crypto_ctx_t			*sd_sign_ctx;
 	crypto_ctx_t			*sd_verify_ctx;
 	crypto_ctx_t			*sd_sign_recover_ctx;
 	crypto_ctx_t			*sd_verify_recover_ctx;
 	kcf_provider_desc_t		*sd_provider;
 	void				*sd_find_init_cookie;
 	crypto_provider_session_t	*sd_provider_session;
 } crypto_session_data_t;
 #define	CRYPTO_SESSION_IN_USE		0x00000001
 #define	CRYPTO_SESSION_IS_BUSY		0x00000002
 #define	CRYPTO_SESSION_IS_CLOSED	0x00000004
 #define	KCF_MAX_PIN_LEN			1024
 /*
 * Per-minor info.
 *
 * cm_lock protects everything in this structure except for cm_refcnt.
 */
 typedef struct crypto_minor {
 	uint_t				cm_refcnt;
 	kmutex_t			cm_lock;
 	kcondvar_t			cm_cv;
 	crypto_session_data_t		**cm_session_table;
 	uint_t				cm_session_table_count;
 	kcf_provider_desc_t		**cm_provider_array;
 	uint_t				cm_provider_count;
 	crypto_provider_session_t	*cm_provider_session;
 } crypto_minor_t;
 /*
 * Return codes for internal functions
 */
@ -399,18 +348,18 @@ typedef struct crypto_minor {
 	KCF_PROV_CIPHER_OPS(pd)->encrypt_init(ctx, mech, key, template) : \
 	CRYPTO_NOT_SUPPORTED)
-#define	KCF_PROV_ENCRYPT_ATOMIC(pd, session, mech, key, plaintext, ciphertext, \
+#define	KCF_PROV_ENCRYPT_ATOMIC(pd, mech, key, plaintext, ciphertext, \
 	    template) ( \
 	(KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic) ? \
 	KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic( \
-	    session, mech, key, plaintext, ciphertext, template) : \
+	    mech, key, plaintext, ciphertext, template) : \
 	CRYPTO_NOT_SUPPORTED)
-#define	KCF_PROV_DECRYPT_ATOMIC(pd, session, mech, key, ciphertext, plaintext, \
+#define	KCF_PROV_DECRYPT_ATOMIC(pd, mech, key, ciphertext, plaintext, \
 	    template) ( \
 	(KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic) ? \
 	KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic( \
-	    session, mech, key, ciphertext, plaintext, template) : \
+	    mech, key, ciphertext, plaintext, template) : \
 	CRYPTO_NOT_SUPPORTED)
 /*
@ -436,10 +385,10 @@ typedef struct crypto_minor {
 	KCF_PROV_MAC_OPS(pd)->mac_final(ctx, mac) : \
 	CRYPTO_NOT_SUPPORTED)
-#define	KCF_PROV_MAC_ATOMIC(pd, session, mech, key, data, mac, template) ( \
+#define	KCF_PROV_MAC_ATOMIC(pd, mech, key, data, mac, template) ( \
 	(KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_atomic) ? \
 	KCF_PROV_MAC_OPS(pd)->mac_atomic( \
-	    session, mech, key, data, mac, template) : \
+	    mech, key, data, mac, template) : \
 	CRYPTO_NOT_SUPPORTED)
 /*
--- a/module/icp/include/sys/crypto/spi.h
+++ b/module/icp/include/sys/crypto/spi.h
@ -78,8 +78,7 @@ typedef struct crypto_digest_ops {
 	int (*digest_update)(crypto_ctx_t *, crypto_data_t *);
 	int (*digest_key)(crypto_ctx_t *, crypto_key_t *);
 	int (*digest_final)(crypto_ctx_t *, crypto_data_t *);
-	int (*digest_atomic)(crypto_session_id_t,
+	int (*digest_atomic)(crypto_mechanism_t *, crypto_data_t *,
 	    crypto_mechanism_t *, crypto_data_t *,
 	    crypto_data_t *);
 } __no_const crypto_digest_ops_t;
@ -99,9 +98,8 @@ typedef struct crypto_cipher_ops {
 	    crypto_data_t *, crypto_data_t *);
 	int (*encrypt_final)(crypto_ctx_t *,
 	    crypto_data_t *);
-	int (*encrypt_atomic)(crypto_session_id_t,
+	int (*encrypt_atomic)(crypto_mechanism_t *, crypto_key_t *,
-	    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
+	    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
 	    crypto_data_t *, crypto_spi_ctx_template_t);
 	int (*decrypt_init)(crypto_ctx_t *,
 	    crypto_mechanism_t *, crypto_key_t *,
@ -112,9 +110,8 @@ typedef struct crypto_cipher_ops {
 	    crypto_data_t *, crypto_data_t *);
 	int (*decrypt_final)(crypto_ctx_t *,
 	    crypto_data_t *);
-	int (*decrypt_atomic)(crypto_session_id_t,
+	int (*decrypt_atomic)(crypto_mechanism_t *, crypto_key_t *,
-	    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
+	    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
 	    crypto_data_t *, crypto_spi_ctx_template_t);
 } __no_const crypto_cipher_ops_t;
 /*
@ -133,12 +130,10 @@ typedef struct crypto_mac_ops {
 	    crypto_data_t *);
 	int (*mac_final)(crypto_ctx_t *,
 	    crypto_data_t *);
-	int (*mac_atomic)(crypto_session_id_t,
+	int (*mac_atomic)(crypto_mechanism_t *, crypto_key_t *,
-	    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
+	    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
-	    crypto_data_t *, crypto_spi_ctx_template_t);
+	int (*mac_verify_atomic)(crypto_mechanism_t *, crypto_key_t *,
-	int (*mac_verify_atomic)(crypto_session_id_t,
+	    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
 	    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
 	    crypto_data_t *, crypto_spi_ctx_template_t);
 } __no_const crypto_mac_ops_t;
 /*
--- a/module/icp/io/aes.c
+++ b/module/icp/io/aes.c
@ -81,16 +81,14 @@ static int aes_decrypt_final(crypto_ctx_t *, crypto_data_t *);
 static int aes_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
 static int aes_encrypt_update(crypto_ctx_t *, crypto_data_t *,
    crypto_data_t *);
-static int aes_encrypt_atomic(crypto_session_id_t,
+static int aes_encrypt_atomic(crypto_mechanism_t *, crypto_key_t *,
-    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
+    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
    crypto_data_t *, crypto_spi_ctx_template_t);
 static int aes_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
 static int aes_decrypt_update(crypto_ctx_t *, crypto_data_t *,
    crypto_data_t *);
-static int aes_decrypt_atomic(crypto_session_id_t,
+static int aes_decrypt_atomic(crypto_mechanism_t *, crypto_key_t *,
-    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
+    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
    crypto_data_t *, crypto_spi_ctx_template_t);
 static const crypto_cipher_ops_t aes_cipher_ops = {
 	.encrypt_init = aes_encrypt_init,
@ -105,12 +103,10 @@ static const crypto_cipher_ops_t aes_cipher_ops = {
 	.decrypt_atomic = aes_decrypt_atomic
 };
-static int aes_mac_atomic(crypto_session_id_t,
+static int aes_mac_atomic(crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
-    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
+    crypto_data_t *, crypto_spi_ctx_template_t);
-    crypto_spi_ctx_template_t);
+static int aes_mac_verify_atomic(crypto_mechanism_t *, crypto_key_t *,
-static int aes_mac_verify_atomic(crypto_session_id_t,
+    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
    crypto_spi_ctx_template_t);
 static const crypto_mac_ops_t aes_mac_ops = {
 	.mac_init = NULL,
@ -832,12 +828,10 @@ aes_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *data)
 }
 static int
-aes_encrypt_atomic(crypto_session_id_t session_id,
+aes_encrypt_atomic(crypto_mechanism_t *mechanism,
    crypto_mechanism_t *mechanism,
    crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext,
    crypto_spi_ctx_template_t template)
 {
 	(void) session_id;
 	aes_ctx_t aes_ctx;	/* on the stack */
 	off_t saved_offset;
 	size_t saved_length;
@ -968,12 +962,10 @@ out:
 }
 static int
-aes_decrypt_atomic(crypto_session_id_t session_id,
+aes_decrypt_atomic(crypto_mechanism_t *mechanism,
    crypto_mechanism_t *mechanism,
    crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext,
    crypto_spi_ctx_template_t template)
 {
 	(void) session_id;
 	aes_ctx_t aes_ctx;	/* on the stack */
 	off_t saved_offset;
 	size_t saved_length;
@ -1308,7 +1300,7 @@ process_gmac_mech(crypto_mechanism_t *mech, crypto_data_t *data,
 }
 static int
-aes_mac_atomic(crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
+aes_mac_atomic(crypto_mechanism_t *mechanism,
    crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
    crypto_spi_ctx_template_t template)
 {
@ -1324,14 +1316,13 @@ aes_mac_atomic(crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
 	gcm_mech.cm_param_len = sizeof (CK_AES_GCM_PARAMS);
 	gcm_mech.cm_param = (char *)&gcm_params;
-	return (aes_encrypt_atomic(session_id, &gcm_mech,
+	return (aes_encrypt_atomic(&gcm_mech,
 	    key, &null_crypto_data, mac, template));
 }
 static int
-aes_mac_verify_atomic(crypto_session_id_t session_id,
+aes_mac_verify_atomic(crypto_mechanism_t *mechanism, crypto_key_t *key,
-    crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_data_t *data,
+    crypto_data_t *data, crypto_data_t *mac, crypto_spi_ctx_template_t template)
    crypto_data_t *mac, crypto_spi_ctx_template_t template)
 {
 	CK_AES_GCM_PARAMS gcm_params;
 	crypto_mechanism_t gcm_mech;
@ -1345,6 +1336,6 @@ aes_mac_verify_atomic(crypto_session_id_t session_id,
 	gcm_mech.cm_param_len = sizeof (CK_AES_GCM_PARAMS);
 	gcm_mech.cm_param = (char *)&gcm_params;
-	return (aes_decrypt_atomic(session_id, &gcm_mech,
+	return (aes_decrypt_atomic(&gcm_mech,
 	    key, mac, &null_crypto_data, template));
 }
--- a/module/icp/io/sha2_mod.c
+++ b/module/icp/io/sha2_mod.c
@ -94,8 +94,8 @@ static int sha2_digest_init(crypto_ctx_t *, crypto_mechanism_t *);
 static int sha2_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
 static int sha2_digest_update(crypto_ctx_t *, crypto_data_t *);
 static int sha2_digest_final(crypto_ctx_t *, crypto_data_t *);
-static int sha2_digest_atomic(crypto_session_id_t,
+static int sha2_digest_atomic(crypto_mechanism_t *, crypto_data_t *,
-    crypto_mechanism_t *, crypto_data_t *, crypto_data_t *);
+    crypto_data_t *);
 static const crypto_digest_ops_t sha2_digest_ops = {
 	.digest_init = sha2_digest_init,
@ -109,12 +109,10 @@ static int sha2_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
    crypto_spi_ctx_template_t);
 static int sha2_mac_update(crypto_ctx_t *, crypto_data_t *);
 static int sha2_mac_final(crypto_ctx_t *, crypto_data_t *);
-static int sha2_mac_atomic(crypto_session_id_t,
+static int sha2_mac_atomic(crypto_mechanism_t *, crypto_key_t *,
-    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
+    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
-    crypto_spi_ctx_template_t);
+static int sha2_mac_verify_atomic(crypto_mechanism_t *, crypto_key_t *,
-static int sha2_mac_verify_atomic(crypto_session_id_t,
+    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
    crypto_spi_ctx_template_t);
 static const crypto_mac_ops_t sha2_mac_ops = {
 	.mac_init = sha2_mac_init,
@ -537,10 +535,9 @@ sha2_digest_final(crypto_ctx_t *ctx, crypto_data_t *digest)
 }
 static int
-sha2_digest_atomic(crypto_session_id_t session_id,
+sha2_digest_atomic(crypto_mechanism_t *mechanism, crypto_data_t *data,
-    crypto_mechanism_t *mechanism, crypto_data_t *data, crypto_data_t *digest)
+    crypto_data_t *digest)
 {
 	(void) session_id;
 	int ret = CRYPTO_SUCCESS;
 	SHA2_CTX sha2_ctx;
 	uint32_t sha_digest_len;
@ -898,11 +895,10 @@ sha2_mac_final(crypto_ctx_t *ctx, crypto_data_t *mac)
 }
 static int
-sha2_mac_atomic(crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
+sha2_mac_atomic(crypto_mechanism_t *mechanism,
    crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
    crypto_spi_ctx_template_t ctx_template)
 {
 	(void) session_id;
 	int ret = CRYPTO_SUCCESS;
 	uchar_t digest[SHA512_DIGEST_LENGTH];
 	sha2_hmac_ctx_t sha2_hmac_ctx;
@ -1031,12 +1027,10 @@ bail:
 }
 static int
-sha2_mac_verify_atomic(crypto_session_id_t session_id,
+sha2_mac_verify_atomic(crypto_mechanism_t *mechanism,
    crypto_mechanism_t *mechanism,
    crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
    crypto_spi_ctx_template_t ctx_template)
 {
 	(void) session_id;
 	int ret = CRYPTO_SUCCESS;
 	uchar_t digest[SHA512_DIGEST_LENGTH];
 	sha2_hmac_ctx_t sha2_hmac_ctx;
--- a/module/icp/io/skein_mod.c
+++ b/module/icp/io/skein_mod.c
@ -49,8 +49,8 @@ static int skein_digest_init(crypto_ctx_t *, crypto_mechanism_t *);
 static int skein_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
 static int skein_update(crypto_ctx_t *, crypto_data_t *);
 static int skein_final(crypto_ctx_t *, crypto_data_t *);
-static int skein_digest_atomic(crypto_session_id_t,
+static int skein_digest_atomic(crypto_mechanism_t *, crypto_data_t *,
-    crypto_mechanism_t *, crypto_data_t *, crypto_data_t *);
+    crypto_data_t *);
 static const crypto_digest_ops_t skein_digest_ops = {
 	.digest_init = skein_digest_init,
@ -62,9 +62,8 @@ static const crypto_digest_ops_t skein_digest_ops = {
 static int skein_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
    crypto_spi_ctx_template_t);
-static int skein_mac_atomic(crypto_session_id_t,
+static int skein_mac_atomic(crypto_mechanism_t *, crypto_key_t *,
-    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
+    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
    crypto_spi_ctx_template_t);
 static const crypto_mac_ops_t skein_mac_ops = {
 	.mac_init = skein_mac_init,
@ -467,10 +466,9 @@ skein_final(crypto_ctx_t *ctx, crypto_data_t *digest)
 * Supported input/output formats are raw, uio and mblk.
 */
 static int
-skein_digest_atomic(crypto_session_id_t session_id,
+skein_digest_atomic(crypto_mechanism_t *mechanism, crypto_data_t *data,
-    crypto_mechanism_t *mechanism, crypto_data_t *data, crypto_data_t *digest)
+    crypto_data_t *digest)
 {
 	(void) session_id;
 	int	 error;
 	skein_ctx_t skein_ctx;
 	crypto_ctx_t ctx;
@ -570,12 +568,11 @@ errout:
 * function as to those of the partial operations above.
 */
 static int
-skein_mac_atomic(crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
+skein_mac_atomic(crypto_mechanism_t *mechanism,
    crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
    crypto_spi_ctx_template_t ctx_template)
 {
 	/* faux crypto context just for skein_digest_{update,final} */
 	(void) session_id;
 	int	 error;
 	crypto_ctx_t ctx;
 	skein_ctx_t skein_ctx;