aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorConrad Meyer <cem@FreeBSD.org>2018-07-18 00:56:25 +0000
committerConrad Meyer <cem@FreeBSD.org>2018-07-18 00:56:25 +0000
commit1b0909d51a8aa8b5ec5a61c2dc1a69642976a732 (patch)
treeb9c915e7d2ca9312b6f83308f05040a78875b6d7
parent38b42191fb8cbdf348508c72b504e0dc3da1b53c (diff)
downloadsrc-1b0909d51a8aa8b5ec5a61c2dc1a69642976a732.tar.gz
src-1b0909d51a8aa8b5ec5a61c2dc1a69642976a732.zip
OpenCrypto: Convert sessions to opaque handles instead of integers
Track session objects in the framework, and pass handles between the framework (OCF), consumers, and drivers. Avoid redundancy and complexity in individual drivers by allocating session memory in the framework and providing it to drivers in ::newsession(). Session handles are no longer integers with information encoded in various high bits. Use of the CRYPTO_SESID2FOO() macros should be replaced with the appropriate crypto_ses2foo() function on the opaque session handle. Convert OCF drivers (in particular, cryptosoft, as well as myriad others) to the opaque handle interface. Discard existing session tracking as much as possible (quick pass). There may be additional code ripe for deletion. Convert OCF consumers (ipsec, geom_eli, krb5, cryptodev) to handle-style interface. The conversion is largely mechnical. The change is documented in crypto.9. Inspired by https://lists.freebsd.org/pipermail/freebsd-arch/2018-January/018835.html . No objection from: ae (ipsec portion) Reported by: jhb
Notes
Notes: svn path=/head/; revision=336439
-rw-r--r--share/man/man9/crypto.978
-rw-r--r--sys/crypto/aesni/aesni.c131
-rw-r--r--sys/crypto/aesni/aesni.h2
-rw-r--r--sys/crypto/armv8/armv8_crypto.c108
-rw-r--r--sys/crypto/armv8/armv8_crypto.h3
-rw-r--r--sys/crypto/blake2/blake2_cryptodev.c112
-rw-r--r--sys/crypto/ccp/ccp.c84
-rw-r--r--sys/crypto/ccp/ccp.h2
-rw-r--r--sys/crypto/via/padlock.c122
-rw-r--r--sys/crypto/via/padlock.h3
-rw-r--r--sys/dev/cesa/cesa.c81
-rw-r--r--sys/dev/cesa/cesa.h6
-rw-r--r--sys/dev/cxgbe/crypto/t4_crypto.c123
-rw-r--r--sys/dev/hifn/hifn7751.c103
-rw-r--r--sys/dev/hifn/hifn7751var.h15
-rw-r--r--sys/dev/safe/safe.c86
-rw-r--r--sys/dev/safe/safevar.h9
-rw-r--r--sys/dev/sec/sec.c107
-rw-r--r--sys/dev/sec/sec.h4
-rw-r--r--sys/dev/ubsec/ubsec.c87
-rw-r--r--sys/dev/ubsec/ubsecvar.h8
-rw-r--r--sys/geom/eli/g_eli.c8
-rw-r--r--sys/geom/eli/g_eli_crypto.c2
-rw-r--r--sys/geom/eli/g_eli_integrity.c2
-rw-r--r--sys/geom/eli/g_eli_privacy.c2
-rw-r--r--sys/kgssapi/krb5/kcrypto_aes.c10
-rw-r--r--sys/kgssapi/krb5/kcrypto_des.c6
-rw-r--r--sys/kgssapi/krb5/kcrypto_des3.c10
-rw-r--r--sys/mips/cavium/cryptocteon/cryptocteon.c200
-rw-r--r--sys/mips/nlm/dev/sec/nlmrsa.c73
-rw-r--r--sys/mips/nlm/dev/sec/nlmrsalib.h8
-rw-r--r--sys/mips/nlm/dev/sec/nlmsec.c96
-rw-r--r--sys/mips/nlm/dev/sec/nlmseclib.h8
-rw-r--r--sys/netipsec/ipsec.c4
-rw-r--r--sys/netipsec/xform_ah.c19
-rw-r--r--sys/netipsec/xform_esp.c12
-rw-r--r--sys/netipsec/xform_ipcomp.c19
-rw-r--r--sys/opencrypto/_cryptodev.h2
-rw-r--r--sys/opencrypto/crypto.c174
-rw-r--r--sys/opencrypto/cryptodev.c32
-rw-r--r--sys/opencrypto/cryptodev.h31
-rw-r--r--sys/opencrypto/cryptodev_if.m26
-rw-r--r--sys/opencrypto/cryptosoft.c166
43 files changed, 549 insertions, 1635 deletions
diff --git a/share/man/man9/crypto.9 b/share/man/man9/crypto.9
index bc5bd32df53e..0cc903989837 100644
--- a/share/man/man9/crypto.9
+++ b/share/man/man9/crypto.9
@@ -17,7 +17,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd November 6, 2017
+.Dd July 17, 2018
.Dt CRYPTO 9
.Os
.Sh NAME
@@ -26,7 +26,7 @@
.Sh SYNOPSIS
.In opencrypto/cryptodev.h
.Ft int32_t
-.Fn crypto_get_driverid device_t int
+.Fn crypto_get_driverid device_t size_t int
.Ft int
.Fn crypto_register uint32_t int uint16_t uint32_t "int \*[lp]*\*[rp]\*[lp]void *, uint32_t *, struct cryptoini *\*[rp]" "int \*[lp]*\*[rp]\*[lp]void *, uint64_t\*[rp]" "int \*[lp]*\*[rp]\*[lp]void *, struct cryptop *\*[rp]" "void *"
.Ft int
@@ -42,9 +42,9 @@
.Ft int
.Fn crypto_find_driver "const char *"
.Ft int
-.Fn crypto_newsession "uint64_t *" "struct cryptoini *" int
+.Fn crypto_newsession "crypto_session_t *" "struct cryptoini *" int
.Ft int
-.Fn crypto_freesession uint64_t
+.Fn crypto_freesession crypto_session_t
.Ft int
.Fn crypto_dispatch "struct cryptop *"
.Ft int
@@ -85,7 +85,7 @@ struct cryptodesc {
struct cryptop {
TAILQ_ENTRY(cryptop) crp_next;
- uint64_t crp_sid;
+ crypto_session_t crp_session;
int crp_ilen;
int crp_olen;
int crp_etype;
@@ -151,12 +151,12 @@ successfully completed or not.
An error indication is provided in the latter case.
A specific error code,
.Er EAGAIN ,
-is used to indicate that a session number has changed and that the
-request may be re-submitted immediately with the new session number.
+is used to indicate that a session handle has changed and that the
+request may be re-submitted immediately with the new session.
Errors are only returned to the invoking function if not
enough information to call the callback is available (meaning, there
was a fatal error in verifying the arguments).
-For session initialization and teardown there is no callback mechanism used.
+For session initialization and teardown no callback mechanism is used.
.Pp
The
.Fn crypto_find_driver
@@ -179,8 +179,8 @@ or
to select software devices.
If both are specified, a hardware device will be returned
before a software device will be.
-On success, the value pointed to by the first argument will be the
-Session IDentifier (SID).
+On success, the value pointed to by the first argument will be the opaque
+session handle.
The various fields in the
.Vt cryptoini
structure are:
@@ -247,14 +247,11 @@ The
.Vt cryptoini
structure and its contents will not be modified by the framework (or
the drivers used).
-Subsequent requests for processing that use the
-SID returned will avoid the cost of re-initializing the hardware (in
-essence, SID acts as an index in the session cache of the driver).
.Pp
.Fn crypto_freesession
-is called with the SID returned by
+is called with the session handle returned by
.Fn crypto_newsession
-to disestablish the session.
+to free the session.
.Pp
.Fn crypto_dispatch
is called to process a request.
@@ -262,8 +259,8 @@ The various fields in the
.Vt cryptop
structure are:
.Bl -tag -width ".Va crp_callback"
-.It Va crp_sid
-Contains the SID.
+.It Va crp_session
+Contains the session handle.
.It Va crp_ilen
Indicates the total length in bytes of the buffer to be processed.
.It Va crp_olen
@@ -288,10 +285,12 @@ Contains the error type, if any errors were encountered, or zero if
the request was successfully processed.
If the
.Er EAGAIN
-error code is returned, the SID has changed (and has been recorded in the
-.Va crp_sid
+error code is returned, the session handle has changed (and has been recorded
+in the
+.Va crp_session
field).
-The consumer should record the new SID and use it in all subsequent requests.
+The consumer should record the new session handle and use it in all subsequent
+requests.
In this case, the request may be re-submitted immediately.
This mechanism is used by the framework to perform
session migration (move a session from one driver to another, because
@@ -516,6 +515,7 @@ Callback called on completion of a keying operation.
.Sh DRIVER-SIDE API
The
.Fn crypto_get_driverid ,
+.Fn crypto_get_driver_session ,
.Fn crypto_register ,
.Fn crypto_kregister ,
.Fn crypto_unregister ,
@@ -540,6 +540,11 @@ The
.Dv CRYPTOCAP_F_SYNC
may also be specified, and should be specified if the driver does all of
it's operations synchronously.
+Drivers must pass the size of their session struct as the second argument.
+An appropriately sized memory will be allocated by the framework, zeroed, and
+passed to the driver's
+.Fn newsession
+method.
.Pp
For each algorithm the driver supports, it must then call
.Fn crypto_register .
@@ -574,15 +579,15 @@ After a call to
there will be no threads in either the newsession or freesession function
of the driver.
.Pp
-The calling convention for the three driver-supplied routines are:
+The calling convention for the driver-supplied routines are:
.Pp
.Bl -item -compact
.It
.Ft int
-.Fn \*[lp]*newsession\*[rp] "device_t" "uint32_t *" "struct cryptoini *" ;
+.Fn \*[lp]*newsession\*[rp] "device_t" "crypto_session_t" "struct cryptoini *" ;
.It
-.Ft int
-.Fn \*[lp]*freesession\*[rp] "device_t" "uint64_t" ;
+.Ft void
+.Fn \*[lp]*freesession\*[rp] "device_t" "crypto_session_t" ;
.It
.Ft int
.Fn \*[lp]*process\*[rp] "device_t" "struct cryptop *" "int" ;
@@ -598,20 +603,28 @@ that was provided to
.Fn crypto_get_driverid .
The second argument to
.Fn newsession
-contains the driver identifier obtained via
-.Fn crypto_get_driverid .
-On successful return, it should contain a driver-specific session
-identifier.
+is the opaque session handle for the new session.
The third argument is identical to that of
.Fn crypto_newsession .
.Pp
+Drivers obtain a pointer to their session memory by invoking
+.Fn crypto_get_driver_session
+on the opaque
+.Vt crypto_session_t
+handle.
+.Pp
The
.Fn freesession
-routine takes as arguments the opaque data value and the SID
-(which is the concatenation of the
-driver identifier and the driver-specific session identifier).
+routine takes as arguments the opaque data value and the session handle.
It should clear any context associated with the session (clear hardware
registers, memory, etc.).
+If no resources need to be released other than the contents of session memory,
+the method is optional.
+The
+.Nm
+framework will zero and release the allocated session memory (after running the
+.Fn freesession
+method, if one exists).
.Pp
The
.Fn process
@@ -717,6 +730,3 @@ Some type of benchmarking is in order here.
.Pp
Multiple instances of the same algorithm in the same session are not
supported.
-Note that 3DES is considered one algorithm (and not three
-instances of DES).
-Thus, 3DES and DES could be mixed in the same request.
diff --git a/sys/crypto/aesni/aesni.c b/sys/crypto/aesni/aesni.c
index 5d259f3c708a..6e574b2b4da5 100644
--- a/sys/crypto/aesni/aesni.c
+++ b/sys/crypto/aesni/aesni.c
@@ -42,7 +42,6 @@ __FBSDID("$FreeBSD$");
#include <sys/lock.h>
#include <sys/module.h>
#include <sys/malloc.h>
-#include <sys/rwlock.h>
#include <sys/bus.h>
#include <sys/uio.h>
#include <sys/mbuf.h>
@@ -69,13 +68,9 @@ static struct mtx_padalign *ctx_mtx;
static struct fpu_kern_ctx **ctx_fpu;
struct aesni_softc {
- int dieing;
int32_t cid;
- uint32_t sid;
bool has_aes;
bool has_sha;
- TAILQ_HEAD(aesni_sessions_head, aesni_session) sessions;
- struct rwlock lock;
};
#define ACQUIRE_CTX(i, ctx) \
@@ -91,10 +86,8 @@ struct aesni_softc {
(ctx) = NULL; \
} while (0)
-static int aesni_newsession(device_t, uint32_t *sidp, struct cryptoini *cri);
-static int aesni_freesession(device_t, uint64_t tid);
-static void aesni_freesession_locked(struct aesni_softc *sc,
- struct aesni_session *ses);
+static int aesni_newsession(device_t, crypto_session_t cses,
+ struct cryptoini *cri);
static int aesni_cipher_setup(struct aesni_session *ses,
struct cryptoini *encini, struct cryptoini *authini);
static int aesni_cipher_process(struct aesni_session *ses,
@@ -172,12 +165,9 @@ aesni_attach(device_t dev)
int i;
sc = device_get_softc(dev);
- sc->dieing = 0;
- TAILQ_INIT(&sc->sessions);
- sc->sid = 1;
- sc->cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE |
- CRYPTOCAP_F_SYNC);
+ sc->cid = crypto_get_driverid(dev, sizeof(struct aesni_session),
+ CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SYNC);
if (sc->cid < 0) {
device_printf(dev, "Could not get crypto driver id.\n");
return (ENOMEM);
@@ -193,8 +183,6 @@ aesni_attach(device_t dev)
mtx_init(&ctx_mtx[i], "anifpumtx", NULL, MTX_DEF|MTX_NEW);
}
- rw_init(&sc->lock, "aesni_lock");
-
detect_cpu_features(&sc->has_aes, &sc->has_sha);
if (sc->has_aes) {
crypto_register(sc->cid, CRYPTO_AES_CBC, 0, 0);
@@ -217,36 +205,18 @@ static int
aesni_detach(device_t dev)
{
struct aesni_softc *sc;
- struct aesni_session *ses;
sc = device_get_softc(dev);
- rw_wlock(&sc->lock);
- TAILQ_FOREACH(ses, &sc->sessions, next) {
- if (ses->used) {
- rw_wunlock(&sc->lock);
- device_printf(dev,
- "Cannot detach, sessions still active.\n");
- return (EBUSY);
- }
- }
- sc->dieing = 1;
- while ((ses = TAILQ_FIRST(&sc->sessions)) != NULL) {
- TAILQ_REMOVE(&sc->sessions, ses, next);
- free(ses, M_AESNI);
- }
- rw_wunlock(&sc->lock);
crypto_unregister_all(sc->cid);
- rw_destroy(&sc->lock);
-
aesni_cleanctx();
return (0);
}
static int
-aesni_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
+aesni_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
{
struct aesni_softc *sc;
struct aesni_session *ses;
@@ -254,16 +224,16 @@ aesni_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
bool gcm_hash, gcm;
int error;
- if (sidp == NULL || cri == NULL) {
- CRYPTDEB("no sidp or cri");
+ KASSERT(cses != NULL, ("EDOOFUS"));
+ if (cri == NULL) {
+ CRYPTDEB("no cri");
return (EINVAL);
}
sc = device_get_softc(dev);
- if (sc->dieing)
- return (EINVAL);
- ses = NULL;
+ ses = crypto_get_driver_session(cses);
+
authini = NULL;
encini = NULL;
gcm = false;
@@ -321,30 +291,6 @@ unhandled:
if (gcm_hash != gcm)
return (EINVAL);
- rw_wlock(&sc->lock);
- if (sc->dieing) {
- rw_wunlock(&sc->lock);
- return (EINVAL);
- }
- /*
- * Free sessions are inserted at the head of the list. So if the first
- * session is used, none are free and we must allocate a new one.
- */
- ses = TAILQ_FIRST(&sc->sessions);
- if (ses == NULL || ses->used) {
- ses = malloc(sizeof(*ses), M_AESNI, M_NOWAIT | M_ZERO);
- if (ses == NULL) {
- rw_wunlock(&sc->lock);
- return (ENOMEM);
- }
- ses->id = sc->sid++;
- } else {
- TAILQ_REMOVE(&sc->sessions, ses, next);
- }
- ses->used = 1;
- TAILQ_INSERT_TAIL(&sc->sessions, ses, next);
- rw_wunlock(&sc->lock);
-
if (encini != NULL)
ses->algo = encini->cri_alg;
if (authini != NULL)
@@ -353,50 +299,9 @@ unhandled:
error = aesni_cipher_setup(ses, encini, authini);
if (error != 0) {
CRYPTDEB("setup failed");
- rw_wlock(&sc->lock);
- aesni_freesession_locked(sc, ses);
- rw_wunlock(&sc->lock);
return (error);
}
- *sidp = ses->id;
- return (0);
-}
-
-static void
-aesni_freesession_locked(struct aesni_softc *sc, struct aesni_session *ses)
-{
- uint32_t sid;
-
- rw_assert(&sc->lock, RA_WLOCKED);
-
- sid = ses->id;
- TAILQ_REMOVE(&sc->sessions, ses, next);
- explicit_bzero(ses, sizeof(*ses));
- ses->id = sid;
- TAILQ_INSERT_HEAD(&sc->sessions, ses, next);
-}
-
-static int
-aesni_freesession(device_t dev, uint64_t tid)
-{
- struct aesni_softc *sc;
- struct aesni_session *ses;
- uint32_t sid;
-
- sc = device_get_softc(dev);
- sid = ((uint32_t)tid) & 0xffffffff;
- rw_wlock(&sc->lock);
- TAILQ_FOREACH_REVERSE(ses, &sc->sessions, aesni_sessions_head, next) {
- if (ses->id == sid)
- break;
- }
- if (ses == NULL) {
- rw_wunlock(&sc->lock);
- return (EINVAL);
- }
- aesni_freesession_locked(sc, ses);
- rw_wunlock(&sc->lock);
return (0);
}
@@ -419,7 +324,8 @@ aesni_process(device_t dev, struct cryptop *crp, int hint __unused)
if (crp == NULL)
return (EINVAL);
- if (crp->crp_callback == NULL || crp->crp_desc == NULL) {
+ if (crp->crp_callback == NULL || crp->crp_desc == NULL ||
+ crp->crp_session == NULL) {
error = EINVAL;
goto out;
}
@@ -472,16 +378,8 @@ aesni_process(device_t dev, struct cryptop *crp, int hint __unused)
goto out;
}
- rw_rlock(&sc->lock);
- TAILQ_FOREACH_REVERSE(ses, &sc->sessions, aesni_sessions_head, next) {
- if (ses->id == (crp->crp_sid & 0xffffffff))
- break;
- }
- rw_runlock(&sc->lock);
- if (ses == NULL) {
- error = EINVAL;
- goto out;
- }
+ ses = crypto_get_driver_session(crp->crp_session);
+ KASSERT(ses != NULL, ("EDOOFUS"));
error = aesni_cipher_process(ses, enccrd, authcrd, crp);
if (error != 0)
@@ -537,7 +435,6 @@ static device_method_t aesni_methods[] = {
DEVMETHOD(device_detach, aesni_detach),
DEVMETHOD(cryptodev_newsession, aesni_newsession),
- DEVMETHOD(cryptodev_freesession, aesni_freesession),
DEVMETHOD(cryptodev_process, aesni_process),
DEVMETHOD_END
diff --git a/sys/crypto/aesni/aesni.h b/sys/crypto/aesni/aesni.h
index c1b95c7d6162..2caa43f7d763 100644
--- a/sys/crypto/aesni/aesni.h
+++ b/sys/crypto/aesni/aesni.h
@@ -66,8 +66,6 @@ struct aesni_session {
int used;
int auth_algo;
int mlen;
- uint32_t id;
- TAILQ_ENTRY(aesni_session) next;
};
/*
diff --git a/sys/crypto/armv8/armv8_crypto.c b/sys/crypto/armv8/armv8_crypto.c
index 4f753dc16012..c11053cc8e17 100644
--- a/sys/crypto/armv8/armv8_crypto.c
+++ b/sys/crypto/armv8/armv8_crypto.c
@@ -63,8 +63,6 @@ __FBSDID("$FreeBSD$");
struct armv8_crypto_softc {
int dieing;
int32_t cid;
- uint32_t sid;
- TAILQ_HEAD(armv8_crypto_sessions_head, armv8_crypto_session) sessions;
struct rwlock lock;
};
@@ -84,8 +82,6 @@ static struct fpu_kern_ctx **ctx_vfp;
(ctx) = NULL; \
} while (0)
-static void armv8_crypto_freesession_locked(struct armv8_crypto_softc *,
- struct armv8_crypto_session *);
static int armv8_crypto_cipher_process(struct armv8_crypto_session *,
struct cryptodesc *, struct cryptop *);
@@ -130,12 +126,10 @@ armv8_crypto_attach(device_t dev)
int i;
sc = device_get_softc(dev);
- TAILQ_INIT(&sc->sessions);
sc->dieing = 0;
- sc->sid = 1;
- sc->cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE |
- CRYPTOCAP_F_SYNC);
+ sc->cid = crypto_get_driverid(dev, sizeof(struct armv8_crypto_session),
+ CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SYNC);
if (sc->cid < 0) {
device_printf(dev, "Could not get crypto driver id.\n");
return (ENOMEM);
@@ -162,25 +156,12 @@ static int
armv8_crypto_detach(device_t dev)
{
struct armv8_crypto_softc *sc;
- struct armv8_crypto_session *ses;
int i;
sc = device_get_softc(dev);
rw_wlock(&sc->lock);
- TAILQ_FOREACH(ses, &sc->sessions, next) {
- if (ses->used) {
- rw_wunlock(&sc->lock);
- device_printf(dev,
- "Cannot detach, sessions still active.\n");
- return (EBUSY);
- }
- }
sc->dieing = 1;
- while ((ses = TAILQ_FIRST(&sc->sessions)) != NULL) {
- TAILQ_REMOVE(&sc->sessions, ses, next);
- free(ses, M_ARMV8_CRYPTO);
- }
rw_wunlock(&sc->lock);
crypto_unregister_all(sc->cid);
@@ -241,15 +222,16 @@ armv8_crypto_cipher_setup(struct armv8_crypto_session *ses,
}
static int
-armv8_crypto_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
+armv8_crypto_newsession(device_t dev, crypto_session_t cses,
+ struct cryptoini *cri)
{
struct armv8_crypto_softc *sc;
struct armv8_crypto_session *ses;
struct cryptoini *encini;
int error;
- if (sidp == NULL || cri == NULL) {
- CRYPTDEB("no sidp or cri");
+ if (cri == NULL) {
+ CRYPTDEB("no cri");
return (EINVAL);
}
@@ -284,83 +266,21 @@ armv8_crypto_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
return (EINVAL);
}
- /*
- * Free sessions goes first, so if first session is used, we need to
- * allocate one.
- */
- ses = TAILQ_FIRST(&sc->sessions);
- if (ses == NULL || ses->used) {
- ses = malloc(sizeof(*ses), M_ARMV8_CRYPTO, M_NOWAIT | M_ZERO);
- if (ses == NULL) {
- rw_wunlock(&sc->lock);
- return (ENOMEM);
- }
- ses->id = sc->sid++;
- } else {
- TAILQ_REMOVE(&sc->sessions, ses, next);
- }
- ses->used = 1;
- TAILQ_INSERT_TAIL(&sc->sessions, ses, next);
- rw_wunlock(&sc->lock);
+ ses = crypto_get_driver_session(cses);
ses->algo = encini->cri_alg;
error = armv8_crypto_cipher_setup(ses, encini);
if (error != 0) {
CRYPTDEB("setup failed");
- rw_wlock(&sc->lock);
- armv8_crypto_freesession_locked(sc, ses);
- rw_wunlock(&sc->lock);
return (error);
}
- *sidp = ses->id;
- return (0);
-}
-
-static void
-armv8_crypto_freesession_locked(struct armv8_crypto_softc *sc,
- struct armv8_crypto_session *ses)
-{
- uint32_t sid;
-
- rw_assert(&sc->lock, RA_WLOCKED);
-
- sid = ses->id;
- TAILQ_REMOVE(&sc->sessions, ses, next);
- *ses = (struct armv8_crypto_session){};
- ses->id = sid;
- TAILQ_INSERT_HEAD(&sc->sessions, ses, next);
-}
-
-static int
-armv8_crypto_freesession(device_t dev, uint64_t tid)
-{
- struct armv8_crypto_softc *sc;
- struct armv8_crypto_session *ses;
- uint32_t sid;
-
- sc = device_get_softc(dev);
- sid = ((uint32_t)tid) & 0xffffffff;
- rw_wlock(&sc->lock);
- TAILQ_FOREACH_REVERSE(ses, &sc->sessions, armv8_crypto_sessions_head,
- next) {
- if (ses->id == sid)
- break;
- }
- if (ses == NULL) {
- rw_wunlock(&sc->lock);
- return (EINVAL);
- }
- armv8_crypto_freesession_locked(sc, ses);
- rw_wunlock(&sc->lock);
-
return (0);
}
static int
armv8_crypto_process(device_t dev, struct cryptop *crp, int hint __unused)
{
- struct armv8_crypto_softc *sc = device_get_softc(dev);
struct cryptodesc *crd, *enccrd;
struct armv8_crypto_session *ses;
int error;
@@ -403,18 +323,7 @@ armv8_crypto_process(device_t dev, struct cryptop *crp, int hint __unused)
goto out;
}
- rw_rlock(&sc->lock);
- TAILQ_FOREACH_REVERSE(ses, &sc->sessions, armv8_crypto_sessions_head,
- next) {
- if (ses->id == (crp->crp_sid & 0xffffffff))
- break;
- }
- rw_runlock(&sc->lock);
- if (ses == NULL) {
- error = EINVAL;
- goto out;
- }
-
+ ses = crypto_get_driver_session(crp->crp_session);
error = armv8_crypto_cipher_process(ses, enccrd, crp);
out:
@@ -546,7 +455,6 @@ static device_method_t armv8_crypto_methods[] = {
DEVMETHOD(device_detach, armv8_crypto_detach),
DEVMETHOD(cryptodev_newsession, armv8_crypto_newsession),
- DEVMETHOD(cryptodev_freesession, armv8_crypto_freesession),
DEVMETHOD(cryptodev_process, armv8_crypto_process),
DEVMETHOD_END,
diff --git a/sys/crypto/armv8/armv8_crypto.h b/sys/crypto/armv8/armv8_crypto.h
index 32a2b2107185..01d31f7cec78 100644
--- a/sys/crypto/armv8/armv8_crypto.h
+++ b/sys/crypto/armv8/armv8_crypto.h
@@ -42,9 +42,6 @@ struct armv8_crypto_session {
uint32_t dec_schedule[AES_SCHED_LEN/4];
int algo;
int rounds;
- int used;
- uint32_t id;
- TAILQ_ENTRY(armv8_crypto_session) next;
};
void armv8_aes_encrypt_cbc(int, const void *, size_t, const uint8_t *,
diff --git a/sys/crypto/blake2/blake2_cryptodev.c b/sys/crypto/blake2/blake2_cryptodev.c
index 597aa493ef56..f6c0a5657629 100644
--- a/sys/crypto/blake2/blake2_cryptodev.c
+++ b/sys/crypto/blake2/blake2_cryptodev.c
@@ -53,17 +53,12 @@ struct blake2_session {
size_t klen;
size_t mlen;
uint8_t key[BLAKE2B_KEYBYTES];
- bool used;
- uint32_t id;
- TAILQ_ENTRY(blake2_session) next;
};
CTASSERT((size_t)BLAKE2B_KEYBYTES > (size_t)BLAKE2S_KEYBYTES);
struct blake2_softc {
bool dying;
int32_t cid;
- uint32_t sid;
- TAILQ_HEAD(blake2_sessions_head, blake2_session) sessions;
struct rwlock lock;
};
@@ -83,10 +78,8 @@ static struct fpu_kern_ctx **ctx_fpu;
(ctx) = NULL; \
} while (0)
-static int blake2_newsession(device_t, uint32_t *sidp, struct cryptoini *cri);
-static int blake2_freesession(device_t, uint64_t tid);
-static void blake2_freesession_locked(struct blake2_softc *sc,
- struct blake2_session *ses);
+static int blake2_newsession(device_t, crypto_session_t cses,
+ struct cryptoini *cri);
static int blake2_cipher_setup(struct blake2_session *ses,
struct cryptoini *authini);
static int blake2_cipher_process(struct blake2_session *ses,
@@ -138,11 +131,9 @@ blake2_attach(device_t dev)
sc = device_get_softc(dev);
sc->dying = false;
- TAILQ_INIT(&sc->sessions);
- sc->sid = 1;
- sc->cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE |
- CRYPTOCAP_F_SYNC);
+ sc->cid = crypto_get_driverid(dev, sizeof(struct blake2_session),
+ CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SYNC);
if (sc->cid < 0) {
device_printf(dev, "Could not get crypto driver id.\n");
return (ENOMEM);
@@ -169,24 +160,11 @@ static int
blake2_detach(device_t dev)
{
struct blake2_softc *sc;
- struct blake2_session *ses;
sc = device_get_softc(dev);
rw_wlock(&sc->lock);
- TAILQ_FOREACH(ses, &sc->sessions, next) {
- if (ses->used) {
- rw_wunlock(&sc->lock);
- device_printf(dev,
- "Cannot detach, sessions still active.\n");
- return (EBUSY);
- }
- }
sc->dying = true;
- while ((ses = TAILQ_FIRST(&sc->sessions)) != NULL) {
- TAILQ_REMOVE(&sc->sessions, ses, next);
- free(ses, M_BLAKE2);
- }
rw_wunlock(&sc->lock);
crypto_unregister_all(sc->cid);
@@ -198,21 +176,20 @@ blake2_detach(device_t dev)
}
static int
-blake2_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
+blake2_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
{
struct blake2_softc *sc;
struct blake2_session *ses;
struct cryptoini *authini;
int error;
- if (sidp == NULL || cri == NULL) {
- CRYPTDEB("no sidp or cri");
+ if (cri == NULL) {
+ CRYPTDEB("no cri");
return (EINVAL);
}
sc = device_get_softc(dev);
- ses = NULL;
authini = NULL;
for (; cri != NULL; cri = cri->cri_next) {
switch (cri->cri_alg) {
@@ -239,85 +216,27 @@ blake2_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
rw_wunlock(&sc->lock);
return (EINVAL);
}
- /*
- * Free sessions are inserted at the head of the list. So if the first
- * session is used, none are free and we must allocate a new one.
- */
- ses = TAILQ_FIRST(&sc->sessions);
- if (ses == NULL || ses->used) {
- ses = malloc(sizeof(*ses), M_BLAKE2, M_NOWAIT | M_ZERO);
- if (ses == NULL) {
- rw_wunlock(&sc->lock);
- return (ENOMEM);
- }
- ses->id = sc->sid++;
- } else {
- TAILQ_REMOVE(&sc->sessions, ses, next);
- }
- ses->used = true;
- TAILQ_INSERT_TAIL(&sc->sessions, ses, next);
rw_wunlock(&sc->lock);
+ ses = crypto_get_driver_session(cses);
+
ses->algo = authini->cri_alg;
error = blake2_cipher_setup(ses, authini);
if (error != 0) {
CRYPTDEB("setup failed");
- rw_wlock(&sc->lock);
- blake2_freesession_locked(sc, ses);
- rw_wunlock(&sc->lock);
return (error);
}
- *sidp = ses->id;
- return (0);
-}
-
-static void
-blake2_freesession_locked(struct blake2_softc *sc, struct blake2_session *ses)
-{
- uint32_t sid;
-
- rw_assert(&sc->lock, RA_WLOCKED);
-
- sid = ses->id;
- TAILQ_REMOVE(&sc->sessions, ses, next);
- explicit_bzero(ses, sizeof(*ses));
- ses->id = sid;
- TAILQ_INSERT_HEAD(&sc->sessions, ses, next);
-}
-
-static int
-blake2_freesession(device_t dev, uint64_t tid)
-{
- struct blake2_softc *sc;
- struct blake2_session *ses;
- uint32_t sid;
-
- sc = device_get_softc(dev);
- sid = ((uint32_t)tid) & 0xffffffff;
- rw_wlock(&sc->lock);
- TAILQ_FOREACH_REVERSE(ses, &sc->sessions, blake2_sessions_head, next) {
- if (ses->id == sid)
- break;
- }
- if (ses == NULL) {
- rw_wunlock(&sc->lock);
- return (EINVAL);
- }
- blake2_freesession_locked(sc, ses);
- rw_wunlock(&sc->lock);
return (0);
}
static int
blake2_process(device_t dev, struct cryptop *crp, int hint __unused)
{
- struct blake2_softc *sc;
struct blake2_session *ses;
struct cryptodesc *crd, *authcrd;
int error;
- sc = device_get_softc(dev);
ses = NULL;
error = 0;
authcrd = NULL;
@@ -348,17 +267,7 @@ blake2_process(device_t dev, struct cryptop *crp, int hint __unused)
}
}
- rw_rlock(&sc->lock);
- TAILQ_FOREACH_REVERSE(ses, &sc->sessions, blake2_sessions_head, next) {
- if (ses->id == (crp->crp_sid & 0xffffffff))
- break;
- }
- rw_runlock(&sc->lock);
- if (ses == NULL) {
- error = EINVAL;
- goto out;
- }
-
+ ses = crypto_get_driver_session(crp->crp_session);
error = blake2_cipher_process(ses, crp);
if (error != 0)
goto out;
@@ -376,7 +285,6 @@ static device_method_t blake2_methods[] = {
DEVMETHOD(device_detach, blake2_detach),
DEVMETHOD(cryptodev_newsession, blake2_newsession),
- DEVMETHOD(cryptodev_freesession, blake2_freesession),
DEVMETHOD(cryptodev_process, blake2_process),
DEVMETHOD_END
diff --git a/sys/crypto/ccp/ccp.c b/sys/crypto/ccp/ccp.c
index e50407a8f599..f6235bc1610b 100644
--- a/sys/crypto/ccp/ccp.c
+++ b/sys/crypto/ccp/ccp.c
@@ -238,7 +238,8 @@ ccp_attach(device_t dev)
sc = device_get_softc(dev);
sc->dev = dev;
- sc->cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
+ sc->cid = crypto_get_driverid(dev, sizeof(struct ccp_session),
+ CRYPTOCAP_F_HARDWARE);
if (sc->cid < 0) {
device_printf(dev, "could not get crypto driver id\n");
return (ENXIO);
@@ -281,17 +282,10 @@ static int
ccp_detach(device_t dev)
{
struct ccp_softc *sc;
- int i;
sc = device_get_softc(dev);
mtx_lock(&sc->lock);
- for (i = 0; i < sc->nsessions; i++) {
- if (sc->sessions[i].active || sc->sessions[i].pending != 0) {
- mtx_unlock(&sc->lock);
- return (EBUSY);
- }
- }
sc->detaching = true;
mtx_unlock(&sc->lock);
@@ -305,7 +299,6 @@ ccp_detach(device_t dev)
if (g_ccp_softc == sc)
g_ccp_softc = NULL;
- free(sc->sessions, M_CCP);
mtx_destroy(&sc->lock);
return (0);
}
@@ -393,7 +386,7 @@ ccp_aes_setkey(struct ccp_session *s, int alg, const void *key, int klen)
}
static int
-ccp_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
+ccp_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
{
struct ccp_softc *sc;
struct ccp_session *s;
@@ -403,12 +396,14 @@ ccp_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
unsigned auth_mode, iv_len;
unsigned partial_digest_len;
unsigned q;
- int error, i, sess;
+ int error;
bool gcm_hash;
- if (sidp == NULL || cri == NULL)
+ if (cri == NULL)
return (EINVAL);
+ s = crypto_get_driver_session(cses);
+
gcm_hash = false;
cipher = NULL;
hash = NULL;
@@ -510,29 +505,6 @@ ccp_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
mtx_unlock(&sc->lock);
return (ENXIO);
}
- sess = -1;
- for (i = 0; i < sc->nsessions; i++) {
- if (!sc->sessions[i].active && sc->sessions[i].pending == 0) {
- sess = i;
- break;
- }
- }
- if (sess == -1) {
- s = malloc(sizeof(*s) * (sc->nsessions + 1), M_CCP,
- M_NOWAIT | M_ZERO);
- if (s == NULL) {
- mtx_unlock(&sc->lock);
- return (ENOMEM);
- }
- if (sc->sessions != NULL)
- memcpy(s, sc->sessions, sizeof(*s) * sc->nsessions);
- sess = sc->nsessions;
- free(sc->sessions, M_CCP);
- sc->sessions = s;
- sc->nsessions++;
- }
-
- s = &sc->sessions[sess];
/* Just grab the first usable queue for now. */
for (q = 0; q < nitems(sc->queues); q++)
@@ -581,32 +553,21 @@ ccp_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
s->active = true;
mtx_unlock(&sc->lock);
- *sidp = sess;
return (0);
}
-static int
-ccp_freesession(device_t dev, uint64_t tid)
+static void
+ccp_freesession(device_t dev, crypto_session_t cses)
{
- struct ccp_softc *sc;
- uint32_t sid;
- int error;
+ struct ccp_session *s;
- sc = device_get_softc(dev);
- sid = CRYPTO_SESID2LID(tid);
- mtx_lock(&sc->lock);
- if (sid >= sc->nsessions || !sc->sessions[sid].active)
- error = EINVAL;
- else {
- if (sc->sessions[sid].pending != 0)
- device_printf(dev,
- "session %d freed with %d pending requests\n", sid,
- sc->sessions[sid].pending);
- sc->sessions[sid].active = false;
- error = 0;
- }
- mtx_unlock(&sc->lock);
- return (error);
+ s = crypto_get_driver_session(cses);
+
+ if (s->pending != 0)
+ device_printf(dev,
+ "session %p freed with %d pending requests\n", s,
+ s->pending);
+ s->active = false;
}
static int
@@ -616,7 +577,6 @@ ccp_process(device_t dev, struct cryptop *crp, int hint)
struct ccp_queue *qp;
struct ccp_session *s;
struct cryptodesc *crd, *crda, *crde;
- uint32_t sid;
int error;
bool qpheld;
@@ -626,16 +586,9 @@ ccp_process(device_t dev, struct cryptop *crp, int hint)
return (EINVAL);
crd = crp->crp_desc;
- sid = CRYPTO_SESID2LID(crp->crp_sid);
+ s = crypto_get_driver_session(crp->crp_session);
sc = device_get_softc(dev);
mtx_lock(&sc->lock);
- if (sid >= sc->nsessions || !sc->sessions[sid].active) {
- mtx_unlock(&sc->lock);
- error = EINVAL;
- goto out;
- }
-
- s = &sc->sessions[sid];
qp = &sc->queues[s->queue];
mtx_unlock(&sc->lock);
error = ccp_queue_acquire_reserve(qp, 1 /* placeholder */, M_NOWAIT);
@@ -856,7 +809,6 @@ db_show_ccp_sc(struct ccp_softc *sc)
db_printf("ccp softc at %p\n", sc);
db_printf(" cid: %d\n", (int)sc->cid);
- db_printf(" nsessions: %d\n", sc->nsessions);
db_printf(" lock: ");
db_show_lock(&sc->lock);
diff --git a/sys/crypto/ccp/ccp.h b/sys/crypto/ccp/ccp.h
index 57959258132a..e622e475f0a8 100644
--- a/sys/crypto/ccp/ccp.h
+++ b/sys/crypto/ccp/ccp.h
@@ -134,8 +134,6 @@ struct ccp_completion_ctx {
struct ccp_softc {
device_t dev;
int32_t cid;
- struct ccp_session *sessions;
- int nsessions;
struct mtx lock;
bool detaching;
diff --git a/sys/crypto/via/padlock.c b/sys/crypto/via/padlock.c
index e53946b3251a..66ef76bf05bb 100644
--- a/sys/crypto/via/padlock.c
+++ b/sys/crypto/via/padlock.c
@@ -58,15 +58,12 @@ __FBSDID("$FreeBSD$");
struct padlock_softc {
int32_t sc_cid;
- uint32_t sc_sid;
- TAILQ_HEAD(padlock_sessions_head, padlock_session) sc_sessions;
- struct rwlock sc_sessions_lock;
};
-static int padlock_newsession(device_t, uint32_t *sidp, struct cryptoini *cri);
-static int padlock_freesession(device_t, uint64_t tid);
+static int padlock_newsession(device_t, crypto_session_t cses, struct cryptoini *cri);
+static void padlock_freesession(device_t, crypto_session_t cses);
static void padlock_freesession_one(struct padlock_softc *sc,
- struct padlock_session *ses, int locked);
+ struct padlock_session *ses);
static int padlock_process(device_t, struct cryptop *crp, int hint __unused);
MALLOC_DEFINE(M_PADLOCK, "padlock_data", "PadLock Data");
@@ -119,16 +116,13 @@ padlock_attach(device_t dev)
{
struct padlock_softc *sc = device_get_softc(dev);
- TAILQ_INIT(&sc->sc_sessions);
- sc->sc_sid = 1;
-
- sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
+ sc->sc_cid = crypto_get_driverid(dev, sizeof(struct padlock_session),
+ CRYPTOCAP_F_HARDWARE);
if (sc->sc_cid < 0) {
device_printf(dev, "Could not get crypto driver id.\n");
return (ENOMEM);
}
- rw_init(&sc->sc_sessions_lock, "padlock_lock");
crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0);
crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0);
crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0);
@@ -143,29 +137,13 @@ static int
padlock_detach(device_t dev)
{
struct padlock_softc *sc = device_get_softc(dev);
- struct padlock_session *ses;
- rw_wlock(&sc->sc_sessions_lock);
- TAILQ_FOREACH(ses, &sc->sc_sessions, ses_next) {
- if (ses->ses_used) {
- rw_wunlock(&sc->sc_sessions_lock);
- device_printf(dev,
- "Cannot detach, sessions still active.\n");
- return (EBUSY);
- }
- }
- while ((ses = TAILQ_FIRST(&sc->sc_sessions)) != NULL) {
- TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
- fpu_kern_free_ctx(ses->ses_fpu_ctx);
- free(ses, M_PADLOCK);
- }
- rw_destroy(&sc->sc_sessions_lock);
crypto_unregister_all(sc->sc_cid);
return (0);
}
static int
-padlock_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
+padlock_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
{
struct padlock_softc *sc = device_get_softc(dev);
struct padlock_session *ses = NULL;
@@ -173,7 +151,7 @@ padlock_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
struct thread *td;
int error;
- if (sidp == NULL || cri == NULL)
+ if (cri == NULL)
return (EINVAL);
encini = macini = NULL;
@@ -208,39 +186,12 @@ padlock_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
if (encini == NULL)
return (EINVAL);
- /*
- * Let's look for a free session structure.
- */
- rw_wlock(&sc->sc_sessions_lock);
- /*
- * Free sessions goes first, so if first session is used, we need to
- * allocate one.
- */
- ses = TAILQ_FIRST(&sc->sc_sessions);
- if (ses == NULL || ses->ses_used) {
- ses = malloc(sizeof(*ses), M_PADLOCK, M_NOWAIT | M_ZERO);
- if (ses == NULL) {
- rw_wunlock(&sc->sc_sessions_lock);
- return (ENOMEM);
- }
- ses->ses_fpu_ctx = fpu_kern_alloc_ctx(FPU_KERN_NORMAL |
- FPU_KERN_NOWAIT);
- if (ses->ses_fpu_ctx == NULL) {
- free(ses, M_PADLOCK);
- rw_wunlock(&sc->sc_sessions_lock);
- return (ENOMEM);
- }
- ses->ses_id = sc->sc_sid++;
- } else {
- TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
- }
- ses->ses_used = 1;
- TAILQ_INSERT_TAIL(&sc->sc_sessions, ses, ses_next);
- rw_wunlock(&sc->sc_sessions_lock);
+ ses = crypto_get_driver_session(cses);
+ ses->ses_fpu_ctx = fpu_kern_alloc_ctx(FPU_KERN_NORMAL);
error = padlock_cipher_setup(ses, encini);
if (error != 0) {
- padlock_freesession_one(sc, ses, 0);
+ padlock_freesession_one(sc, ses);
return (error);
}
@@ -251,62 +202,35 @@ padlock_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
error = padlock_hash_setup(ses, macini);
fpu_kern_leave(td, ses->ses_fpu_ctx);
if (error != 0) {
- padlock_freesession_one(sc, ses, 0);
+ padlock_freesession_one(sc, ses);
return (error);
}
}
- *sidp = ses->ses_id;
return (0);
}
static void
-padlock_freesession_one(struct padlock_softc *sc, struct padlock_session *ses,
- int locked)
+padlock_freesession_one(struct padlock_softc *sc, struct padlock_session *ses)
{
- struct fpu_kern_ctx *ctx;
- uint32_t sid = ses->ses_id;
- if (!locked)
- rw_wlock(&sc->sc_sessions_lock);
- TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
padlock_hash_free(ses);
- ctx = ses->ses_fpu_ctx;
- bzero(ses, sizeof(*ses));
- ses->ses_used = 0;
- ses->ses_id = sid;
- ses->ses_fpu_ctx = ctx;
- TAILQ_INSERT_HEAD(&sc->sc_sessions, ses, ses_next);
- if (!locked)
- rw_wunlock(&sc->sc_sessions_lock);
+ fpu_kern_free_ctx(ses->ses_fpu_ctx);
}
-static int
-padlock_freesession(device_t dev, uint64_t tid)
+static void
+padlock_freesession(device_t dev, crypto_session_t cses)
{
struct padlock_softc *sc = device_get_softc(dev);
struct padlock_session *ses;
- uint32_t sid = ((uint32_t)tid) & 0xffffffff;
- rw_wlock(&sc->sc_sessions_lock);
- TAILQ_FOREACH_REVERSE(ses, &sc->sc_sessions, padlock_sessions_head,
- ses_next) {
- if (ses->ses_id == sid)
- break;
- }
- if (ses == NULL) {
- rw_wunlock(&sc->sc_sessions_lock);
- return (EINVAL);
- }
- padlock_freesession_one(sc, ses, 1);
- rw_wunlock(&sc->sc_sessions_lock);
- return (0);
+ ses = crypto_get_driver_session(cses);
+ padlock_freesession_one(sc, ses);
}
static int
padlock_process(device_t dev, struct cryptop *crp, int hint __unused)
{
- struct padlock_softc *sc = device_get_softc(dev);
struct padlock_session *ses = NULL;
struct cryptodesc *crd, *enccrd, *maccrd;
int error = 0;
@@ -353,17 +277,7 @@ padlock_process(device_t dev, struct cryptop *crp, int hint __unused)
goto out;
}
- rw_rlock(&sc->sc_sessions_lock);
- TAILQ_FOREACH_REVERSE(ses, &sc->sc_sessions, padlock_sessions_head,
- ses_next) {
- if (ses->ses_id == (crp->crp_sid & 0xffffffff))
- break;
- }
- rw_runlock(&sc->sc_sessions_lock);
- if (ses == NULL) {
- error = EINVAL;
- goto out;
- }
+ ses = crypto_get_driver_session(crp->crp_session);
/* Perform data authentication if requested before encryption. */
if (maccrd != NULL && maccrd->crd_next == enccrd) {
diff --git a/sys/crypto/via/padlock.h b/sys/crypto/via/padlock.h
index 77a4673d9e59..3b75238b98a3 100644
--- a/sys/crypto/via/padlock.h
+++ b/sys/crypto/via/padlock.h
@@ -73,9 +73,6 @@ struct padlock_session {
uint8_t *ses_ictx;
uint8_t *ses_octx;
int ses_mlen;
- int ses_used;
- uint32_t ses_id;
- TAILQ_ENTRY(padlock_session) ses_next;
struct fpu_kern_ctx *ses_fpu_ctx;
};
diff --git a/sys/dev/cesa/cesa.c b/sys/dev/cesa/cesa.c
index 21508d70c7f7..6cbac049bb42 100644
--- a/sys/dev/cesa/cesa.c
+++ b/sys/dev/cesa/cesa.c
@@ -80,8 +80,7 @@ static int cesa_attach(device_t);
static int cesa_attach_late(device_t);
static int cesa_detach(device_t);
static void cesa_intr(void *);
-static int cesa_newsession(device_t, u_int32_t *, struct cryptoini *);
-static int cesa_freesession(device_t, u_int64_t);
+static int cesa_newsession(device_t, crypto_session_t, struct cryptoini *);
static int cesa_process(device_t, struct cryptop *, int);
static struct resource_spec cesa_res_spec[] = {
@@ -99,7 +98,6 @@ static device_method_t cesa_methods[] = {
/* Crypto device methods */
DEVMETHOD(cryptodev_newsession, cesa_newsession),
- DEVMETHOD(cryptodev_freesession,cesa_freesession),
DEVMETHOD(cryptodev_process, cesa_process),
DEVMETHOD_END
@@ -233,33 +231,6 @@ cesa_sync_desc(struct cesa_softc *sc, bus_dmasync_op_t op)
cesa_sync_dma_mem(&sc->sc_requests_cdm, op);
}
-static struct cesa_session *
-cesa_alloc_session(struct cesa_softc *sc)
-{
- struct cesa_session *cs;
-
- CESA_GENERIC_ALLOC_LOCKED(sc, cs, sessions);
-
- return (cs);
-}
-
-static struct cesa_session *
-cesa_get_session(struct cesa_softc *sc, uint32_t sid)
-{
-
- if (sid >= CESA_SESSIONS)
- return (NULL);
-
- return (&sc->sc_sessions[sid]);
-}
-
-static void
-cesa_free_session(struct cesa_softc *sc, struct cesa_session *cs)
-{
-
- CESA_GENERIC_FREE_LOCKED(sc, cs, sessions);
-}
-
static struct cesa_request *
cesa_alloc_request(struct cesa_softc *sc)
{
@@ -1372,14 +1343,6 @@ cesa_attach_late(device_t dev)
cr_stq);
}
- /* Initialize data structures: Sessions Pool */
- STAILQ_INIT(&sc->sc_free_sessions);
- for (i = 0; i < CESA_SESSIONS; i++) {
- sc->sc_sessions[i].cs_sid = i;
- STAILQ_INSERT_TAIL(&sc->sc_free_sessions, &sc->sc_sessions[i],
- cs_stq);
- }
-
/*
* Initialize TDMA:
* - Burst limit: 128 bytes,
@@ -1415,7 +1378,8 @@ cesa_attach_late(device_t dev)
CESA_TDMA_EMR_DATA_ERROR);
/* Register in OCF */
- sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
+ sc->sc_cid = crypto_get_driverid(dev, sizeof(struct cesa_session),
+ CRYPTOCAP_F_HARDWARE);
if (sc->sc_cid < 0) {
device_printf(dev, "could not get crypto driver id\n");
goto err8;
@@ -1608,7 +1572,7 @@ cesa_intr(void *arg)
}
static int
-cesa_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
+cesa_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
{
struct cesa_session *cs;
struct cesa_softc *sc;
@@ -1645,9 +1609,7 @@ cesa_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
return (E2BIG);
/* Allocate session */
- cs = cesa_alloc_session(sc);
- if (!cs)
- return (ENOMEM);
+ cs = crypto_get_driver_session(cses);
/* Prepare CESA configuration */
cs->cs_config = 0;
@@ -1730,29 +1692,8 @@ cesa_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
error = cesa_set_mkey(cs, mac->cri_alg, mac->cri_key,
mac->cri_klen / 8);
- if (error) {
- cesa_free_session(sc, cs);
- return (EINVAL);
- }
-
- *sidp = cs->cs_sid;
-
- return (0);
-}
-
-static int
-cesa_freesession(device_t dev, uint64_t tid)
-{
- struct cesa_session *cs;
- struct cesa_softc *sc;
-
- sc = device_get_softc(dev);
- cs = cesa_get_session(sc, CRYPTO_SESID2LID(tid));
- if (!cs)
- return (EINVAL);
-
- /* Free session */
- cesa_free_session(sc, cs);
+ if (error)
+ return (error);
return (0);
}
@@ -1774,13 +1715,7 @@ cesa_process(device_t dev, struct cryptop *crp, int hint)
mac = NULL;
error = 0;
- /* Check session ID */
- cs = cesa_get_session(sc, CRYPTO_SESID2LID(crp->crp_sid));
- if (!cs) {
- crp->crp_etype = EINVAL;
- crypto_done(crp);
- return (0);
- }
+ cs = crypto_get_driver_session(crp->crp_session);
/* Check and parse input */
if (crp->crp_ilen > CESA_MAX_REQUEST_SIZE) {
diff --git a/sys/dev/cesa/cesa.h b/sys/dev/cesa/cesa.h
index 15048897a862..9fa35b89b18f 100644
--- a/sys/dev/cesa/cesa.h
+++ b/sys/dev/cesa/cesa.h
@@ -193,7 +193,6 @@ struct cesa_sa_desc {
};
struct cesa_session {
- uint32_t cs_sid;
uint32_t cs_config;
unsigned int cs_klen;
unsigned int cs_ivlen;
@@ -203,8 +202,6 @@ struct cesa_session {
uint8_t cs_aes_dkey[CESA_MAX_KEY_LEN];
uint8_t cs_hiv_in[CESA_MAX_HASH_LEN];
uint8_t cs_hiv_out[CESA_MAX_HASH_LEN];
-
- STAILQ_ENTRY(cesa_session) cs_stq;
};
struct cesa_request {
@@ -264,10 +261,7 @@ struct cesa_softc {
STAILQ_HEAD(, cesa_request) sc_ready_requests;
STAILQ_HEAD(, cesa_request) sc_queued_requests;
- /* Sessions pool */
struct mtx sc_sessions_lock;
- struct cesa_session sc_sessions[CESA_SESSIONS];
- STAILQ_HEAD(, cesa_session) sc_free_sessions;
/* CESA SRAM Address */
bus_addr_t sc_sram_base_pa;
diff --git a/sys/dev/cxgbe/crypto/t4_crypto.c b/sys/dev/cxgbe/crypto/t4_crypto.c
index ffd482e8da16..d617f7f88b02 100644
--- a/sys/dev/cxgbe/crypto/t4_crypto.c
+++ b/sys/dev/cxgbe/crypto/t4_crypto.c
@@ -173,8 +173,6 @@ struct ccr_softc {
device_t dev;
uint32_t cid;
int tx_channel_id;
- struct ccr_session *sessions;
- int nsessions;
struct mtx lock;
bool detaching;
struct sge_wrq *txq;
@@ -379,7 +377,7 @@ ccr_use_imm_data(u_int transhdr_len, u_int input_len)
static void
ccr_populate_wreq(struct ccr_softc *sc, struct chcr_wr *crwr, u_int kctx_len,
- u_int wr_len, uint32_t sid, u_int imm_len, u_int sgl_len, u_int hash_size,
+ u_int wr_len, u_int imm_len, u_int sgl_len, u_int hash_size,
struct cryptop *crp)
{
u_int cctx_size;
@@ -393,7 +391,7 @@ ccr_populate_wreq(struct ccr_softc *sc, struct chcr_wr *crwr, u_int kctx_len,
V_FW_CRYPTO_LOOKASIDE_WR_CCTX_SIZE(cctx_size >> 4));
crwr->wreq.len16_pkd = htobe32(
V_FW_CRYPTO_LOOKASIDE_WR_LEN16(wr_len / 16));
- crwr->wreq.session_id = htobe32(sid);
+ crwr->wreq.session_id = 0;
crwr->wreq.rx_chid_to_rx_q_id = htobe32(
V_FW_CRYPTO_LOOKASIDE_WR_RX_CHID(sc->tx_channel_id) |
V_FW_CRYPTO_LOOKASIDE_WR_LCB(0) |
@@ -422,8 +420,7 @@ ccr_populate_wreq(struct ccr_softc *sc, struct chcr_wr *crwr, u_int kctx_len,
}
static int
-ccr_hmac(struct ccr_softc *sc, uint32_t sid, struct ccr_session *s,
- struct cryptop *crp)
+ccr_hmac(struct ccr_softc *sc, struct ccr_session *s, struct cryptop *crp)
{
struct chcr_wr *crwr;
struct wrqe *wr;
@@ -483,7 +480,7 @@ ccr_hmac(struct ccr_softc *sc, uint32_t sid, struct ccr_session *s,
crwr = wrtod(wr);
memset(crwr, 0, wr_len);
- ccr_populate_wreq(sc, crwr, kctx_len, wr_len, sid, imm_len, sgl_len,
+ ccr_populate_wreq(sc, crwr, kctx_len, wr_len, imm_len, sgl_len,
hash_size_in_response, crp);
/* XXX: Hardcodes SGE loopback channel of 0. */
@@ -555,8 +552,7 @@ ccr_hmac_done(struct ccr_softc *sc, struct ccr_session *s, struct cryptop *crp,
}
static int
-ccr_blkcipher(struct ccr_softc *sc, uint32_t sid, struct ccr_session *s,
- struct cryptop *crp)
+ccr_blkcipher(struct ccr_softc *sc, struct ccr_session *s, struct cryptop *crp)
{
char iv[CHCR_MAX_CRYPTO_IV_LEN];
struct chcr_wr *crwr;
@@ -649,7 +645,7 @@ ccr_blkcipher(struct ccr_softc *sc, uint32_t sid, struct ccr_session *s,
crd->crd_inject, s->blkcipher.iv_len, iv);
}
- ccr_populate_wreq(sc, crwr, kctx_len, wr_len, sid, imm_len, sgl_len, 0,
+ ccr_populate_wreq(sc, crwr, kctx_len, wr_len, imm_len, sgl_len, 0,
crp);
/* XXX: Hardcodes SGE loopback channel of 0. */
@@ -758,8 +754,8 @@ ccr_hmac_ctrl(unsigned int hashsize, unsigned int authsize)
}
static int
-ccr_authenc(struct ccr_softc *sc, uint32_t sid, struct ccr_session *s,
- struct cryptop *crp, struct cryptodesc *crda, struct cryptodesc *crde)
+ccr_authenc(struct ccr_softc *sc, struct ccr_session *s, struct cryptop *crp,
+ struct cryptodesc *crda, struct cryptodesc *crde)
{
char iv[CHCR_MAX_CRYPTO_IV_LEN];
struct chcr_wr *crwr;
@@ -979,7 +975,7 @@ ccr_authenc(struct ccr_softc *sc, uint32_t sid, struct ccr_session *s,
crde->crd_inject, s->blkcipher.iv_len, iv);
}
- ccr_populate_wreq(sc, crwr, kctx_len, wr_len, sid, imm_len, sgl_len,
+ ccr_populate_wreq(sc, crwr, kctx_len, wr_len, imm_len, sgl_len,
op_type == CHCR_DECRYPT_OP ? hash_size_in_response : 0, crp);
/* XXX: Hardcodes SGE loopback channel of 0. */
@@ -1108,8 +1104,8 @@ ccr_authenc_done(struct ccr_softc *sc, struct ccr_session *s,
}
static int
-ccr_gcm(struct ccr_softc *sc, uint32_t sid, struct ccr_session *s,
- struct cryptop *crp, struct cryptodesc *crda, struct cryptodesc *crde)
+ccr_gcm(struct ccr_softc *sc, struct ccr_session *s, struct cryptop *crp,
+ struct cryptodesc *crda, struct cryptodesc *crde)
{
char iv[CHCR_MAX_CRYPTO_IV_LEN];
struct chcr_wr *crwr;
@@ -1312,8 +1308,8 @@ ccr_gcm(struct ccr_softc *sc, uint32_t sid, struct ccr_session *s,
if (s->blkcipher.iv_len == 12)
*(uint32_t *)&iv[12] = htobe32(1);
- ccr_populate_wreq(sc, crwr, kctx_len, wr_len, sid, imm_len, sgl_len,
- 0, crp);
+ ccr_populate_wreq(sc, crwr, kctx_len, wr_len, imm_len, sgl_len, 0,
+ crp);
/* XXX: Hardcodes SGE loopback channel of 0. */
crwr->sec_cpl.op_ivinsrtofst = htobe32(
@@ -1650,7 +1646,8 @@ ccr_attach(device_t dev)
sc->adapter = device_get_softc(device_get_parent(dev));
sc->txq = &sc->adapter->sge.ctrlq[0];
sc->rxq = &sc->adapter->sge.rxq[0];
- cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
+ cid = crypto_get_driverid(dev, sizeof(struct ccr_session),
+ CRYPTOCAP_F_HARDWARE);
if (cid < 0) {
device_printf(dev, "could not get crypto driver id\n");
return (ENXIO);
@@ -1687,22 +1684,15 @@ static int
ccr_detach(device_t dev)
{
struct ccr_softc *sc;
- int i;
sc = device_get_softc(dev);
mtx_lock(&sc->lock);
- for (i = 0; i < sc->nsessions; i++) {
- if (sc->sessions[i].active || sc->sessions[i].pending != 0) {
- mtx_unlock(&sc->lock);
- return (EBUSY);
- }
- }
sc->detaching = true;
mtx_unlock(&sc->lock);
crypto_unregister_all(sc->cid);
- free(sc->sessions, M_CCR);
+
mtx_destroy(&sc->lock);
sglist_free(sc->sg_iv_aad);
free(sc->iv_aad_buf, M_CCR);
@@ -1881,7 +1871,7 @@ ccr_aes_setkey(struct ccr_session *s, int alg, const void *key, int klen)
}
static int
-ccr_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
+ccr_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
{
struct ccr_softc *sc;
struct ccr_session *s;
@@ -1889,10 +1879,10 @@ ccr_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
struct cryptoini *c, *hash, *cipher;
unsigned int auth_mode, cipher_mode, iv_len, mk_size;
unsigned int partial_digest_len;
- int error, i, sess;
+ int error;
bool gcm_hash;
- if (sidp == NULL || cri == NULL)
+ if (cri == NULL)
return (EINVAL);
gcm_hash = false;
@@ -1999,29 +1989,8 @@ ccr_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
mtx_unlock(&sc->lock);
return (ENXIO);
}
- sess = -1;
- for (i = 0; i < sc->nsessions; i++) {
- if (!sc->sessions[i].active && sc->sessions[i].pending == 0) {
- sess = i;
- break;
- }
- }
- if (sess == -1) {
- s = malloc(sizeof(*s) * (sc->nsessions + 1), M_CCR,
- M_NOWAIT | M_ZERO);
- if (s == NULL) {
- mtx_unlock(&sc->lock);
- return (ENOMEM);
- }
- if (sc->sessions != NULL)
- memcpy(s, sc->sessions, sizeof(*s) * sc->nsessions);
- sess = sc->nsessions;
- free(sc->sessions, M_CCR);
- sc->sessions = s;
- sc->nsessions++;
- }
- s = &sc->sessions[sess];
+ s = crypto_get_driver_session(cses);
if (gcm_hash)
s->mode = GCM;
@@ -2061,33 +2030,24 @@ ccr_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
s->active = true;
mtx_unlock(&sc->lock);
-
- *sidp = sess;
return (0);
}
-static int
-ccr_freesession(device_t dev, uint64_t tid)
+static void
+ccr_freesession(device_t dev, crypto_session_t cses)
{
struct ccr_softc *sc;
- uint32_t sid;
- int error;
+ struct ccr_session *s;
sc = device_get_softc(dev);
- sid = CRYPTO_SESID2LID(tid);
+ s = crypto_get_driver_session(cses);
mtx_lock(&sc->lock);
- if (sid >= sc->nsessions || !sc->sessions[sid].active)
- error = EINVAL;
- else {
- if (sc->sessions[sid].pending != 0)
- device_printf(dev,
- "session %d freed with %d pending requests\n", sid,
- sc->sessions[sid].pending);
- sc->sessions[sid].active = false;
- error = 0;
- }
+ if (s->pending != 0)
+ device_printf(dev,
+ "session %p freed with %d pending requests\n", s,
+ s->pending);
+ s->active = false;
mtx_unlock(&sc->lock);
- return (error);
}
static int
@@ -2096,35 +2056,28 @@ ccr_process(device_t dev, struct cryptop *crp, int hint)
struct ccr_softc *sc;
struct ccr_session *s;
struct cryptodesc *crd, *crda, *crde;
- uint32_t sid;
int error;
if (crp == NULL)
return (EINVAL);
crd = crp->crp_desc;
- sid = CRYPTO_SESID2LID(crp->crp_sid);
+ s = crypto_get_driver_session(crp->crp_session);
sc = device_get_softc(dev);
- mtx_lock(&sc->lock);
- if (sid >= sc->nsessions || !sc->sessions[sid].active) {
- sc->stats_bad_session++;
- error = EINVAL;
- goto out;
- }
+ mtx_lock(&sc->lock);
error = ccr_populate_sglist(sc->sg_crp, crp);
if (error) {
sc->stats_sglist_error++;
goto out;
}
- s = &sc->sessions[sid];
switch (s->mode) {
case HMAC:
if (crd->crd_flags & CRD_F_KEY_EXPLICIT)
ccr_init_hmac_digest(s, crd->crd_alg, crd->crd_key,
crd->crd_klen);
- error = ccr_hmac(sc, sid, s, crp);
+ error = ccr_hmac(sc, s, crp);
if (error == 0)
sc->stats_hmac++;
break;
@@ -2137,7 +2090,7 @@ ccr_process(device_t dev, struct cryptop *crp, int hint)
ccr_aes_setkey(s, crd->crd_alg, crd->crd_key,
crd->crd_klen);
}
- error = ccr_blkcipher(sc, sid, s, crp);
+ error = ccr_blkcipher(sc, s, crp);
if (error == 0) {
if (crd->crd_flags & CRD_F_ENCRYPT)
sc->stats_blkcipher_encrypt++;
@@ -2181,7 +2134,7 @@ ccr_process(device_t dev, struct cryptop *crp, int hint)
ccr_aes_setkey(s, crde->crd_alg, crde->crd_key,
crde->crd_klen);
}
- error = ccr_authenc(sc, sid, s, crp, crda, crde);
+ error = ccr_authenc(sc, s, crp, crda, crde);
if (error == 0) {
if (crde->crd_flags & CRD_F_ENCRYPT)
sc->stats_authenc_encrypt++;
@@ -2213,7 +2166,7 @@ ccr_process(device_t dev, struct cryptop *crp, int hint)
ccr_gcm_soft(s, crp, crda, crde);
return (0);
}
- error = ccr_gcm(sc, sid, s, crp, crda, crde);
+ error = ccr_gcm(sc, s, crp, crda, crde);
if (error == EMSGSIZE) {
sc->stats_sw_fallback++;
mtx_unlock(&sc->lock);
@@ -2254,7 +2207,7 @@ do_cpl6_fw_pld(struct sge_iq *iq, const struct rss_header *rss,
struct ccr_session *s;
const struct cpl_fw6_pld *cpl;
struct cryptop *crp;
- uint32_t sid, status;
+ uint32_t status;
int error;
if (m != NULL)
@@ -2263,7 +2216,7 @@ do_cpl6_fw_pld(struct sge_iq *iq, const struct rss_header *rss,
cpl = (const void *)(rss + 1);
crp = (struct cryptop *)(uintptr_t)be64toh(cpl->data[1]);
- sid = CRYPTO_SESID2LID(crp->crp_sid);
+ s = crypto_get_driver_session(crp->crp_session);
status = be64toh(cpl->data[0]);
if (CHK_MAC_ERR_BIT(status) || CHK_PAD_ERR_BIT(status))
error = EBADMSG;
@@ -2271,8 +2224,6 @@ do_cpl6_fw_pld(struct sge_iq *iq, const struct rss_header *rss,
error = 0;
mtx_lock(&sc->lock);
- MPASS(sid < sc->nsessions);
- s = &sc->sessions[sid];
s->pending--;
sc->stats_inflight--;
diff --git a/sys/dev/hifn/hifn7751.c b/sys/dev/hifn/hifn7751.c
index 1ec6c42c1949..e43dd7b12a6b 100644
--- a/sys/dev/hifn/hifn7751.c
+++ b/sys/dev/hifn/hifn7751.c
@@ -102,8 +102,7 @@ static int hifn_suspend(device_t);
static int hifn_resume(device_t);
static int hifn_shutdown(device_t);
-static int hifn_newsession(device_t, u_int32_t *, struct cryptoini *);
-static int hifn_freesession(device_t, u_int64_t);
+static int hifn_newsession(device_t, crypto_session_t, struct cryptoini *);
static int hifn_process(device_t, struct cryptop *, int);
static device_method_t hifn_methods[] = {
@@ -117,7 +116,6 @@ static device_method_t hifn_methods[] = {
/* crypto device methods */
DEVMETHOD(cryptodev_newsession, hifn_newsession),
- DEVMETHOD(cryptodev_freesession,hifn_freesession),
DEVMETHOD(cryptodev_process, hifn_process),
DEVMETHOD_END
@@ -560,7 +558,8 @@ hifn_attach(device_t dev)
2 + 2*((sc->sc_pllconfig & HIFN_PLL_ND) >> 11));
printf("\n");
- sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
+ sc->sc_cid = crypto_get_driverid(dev, sizeof(struct hifn_session),
+ CRYPTOCAP_F_HARDWARE);
if (sc->sc_cid < 0) {
device_printf(dev, "could not get crypto driver id\n");
goto fail_intr;
@@ -2314,55 +2313,18 @@ hifn_intr(void *arg)
* id on successful allocation.
*/
static int
-hifn_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
+hifn_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
{
struct hifn_softc *sc = device_get_softc(dev);
struct cryptoini *c;
- int mac = 0, cry = 0, sesn;
- struct hifn_session *ses = NULL;
+ int mac = 0, cry = 0;
+ struct hifn_session *ses;
KASSERT(sc != NULL, ("hifn_newsession: null softc"));
- if (sidp == NULL || cri == NULL || sc == NULL)
+ if (cri == NULL || sc == NULL)
return (EINVAL);
- HIFN_LOCK(sc);
- if (sc->sc_sessions == NULL) {
- ses = sc->sc_sessions = (struct hifn_session *)malloc(
- sizeof(*ses), M_DEVBUF, M_NOWAIT);
- if (ses == NULL) {
- HIFN_UNLOCK(sc);
- return (ENOMEM);
- }
- sesn = 0;
- sc->sc_nsessions = 1;
- } else {
- for (sesn = 0; sesn < sc->sc_nsessions; sesn++) {
- if (!sc->sc_sessions[sesn].hs_used) {
- ses = &sc->sc_sessions[sesn];
- break;
- }
- }
-
- if (ses == NULL) {
- sesn = sc->sc_nsessions;
- ses = (struct hifn_session *)malloc((sesn + 1) *
- sizeof(*ses), M_DEVBUF, M_NOWAIT);
- if (ses == NULL) {
- HIFN_UNLOCK(sc);
- return (ENOMEM);
- }
- bcopy(sc->sc_sessions, ses, sesn * sizeof(*ses));
- bzero(sc->sc_sessions, sesn * sizeof(*ses));
- free(sc->sc_sessions, M_DEVBUF);
- sc->sc_sessions = ses;
- ses = &sc->sc_sessions[sesn];
- sc->sc_nsessions++;
- }
- }
- HIFN_UNLOCK(sc);
-
- bzero(ses, sizeof(*ses));
- ses->hs_used = 1;
+ ses = crypto_get_driver_session(cses);
for (c = cri; c != NULL; c = c->cri_next) {
switch (c->cri_alg) {
@@ -2406,59 +2368,29 @@ hifn_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
}
if (mac == 0 && cry == 0)
return (EINVAL);
-
- *sidp = HIFN_SID(device_get_unit(sc->sc_dev), sesn);
-
return (0);
}
/*
- * Deallocate a session.
- * XXX this routine should run a zero'd mac/encrypt key into context ram.
- * XXX to blow away any keys already stored there.
+ * XXX freesession routine should run a zero'd mac/encrypt key into context
+ * ram. to blow away any keys already stored there.
*/
-static int
-hifn_freesession(device_t dev, u_int64_t tid)
-{
- struct hifn_softc *sc = device_get_softc(dev);
- int session, error;
- u_int32_t sid = CRYPTO_SESID2LID(tid);
-
- KASSERT(sc != NULL, ("hifn_freesession: null softc"));
- if (sc == NULL)
- return (EINVAL);
-
- HIFN_LOCK(sc);
- session = HIFN_SESSION(sid);
- if (session < sc->sc_nsessions) {
- bzero(&sc->sc_sessions[session], sizeof(struct hifn_session));
- error = 0;
- } else
- error = EINVAL;
- HIFN_UNLOCK(sc);
-
- return (error);
-}
static int
hifn_process(device_t dev, struct cryptop *crp, int hint)
{
struct hifn_softc *sc = device_get_softc(dev);
struct hifn_command *cmd = NULL;
- int session, err, ivlen;
+ int err, ivlen;
struct cryptodesc *crd1, *crd2, *maccrd, *enccrd;
+ struct hifn_session *ses;
if (crp == NULL || crp->crp_callback == NULL) {
hifnstats.hst_invalid++;
return (EINVAL);
}
- session = HIFN_SESSION(crp->crp_sid);
-
- if (sc == NULL || session >= sc->sc_nsessions) {
- err = EINVAL;
- goto errout;
- }
+ ses = crypto_get_driver_session(crp->crp_session);
cmd = malloc(sizeof(struct hifn_command), M_DEVBUF, M_NOWAIT | M_ZERO);
if (cmd == NULL) {
hifnstats.hst_nomem++;
@@ -2569,8 +2501,7 @@ hifn_process(device_t dev, struct cryptop *crp, int hint)
if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
bcopy(enccrd->crd_iv, cmd->iv, ivlen);
else
- bcopy(sc->sc_sessions[session].hs_iv,
- cmd->iv, ivlen);
+ bcopy(ses->hs_iv, cmd->iv, ivlen);
if ((enccrd->crd_flags & CRD_F_IV_PRESENT)
== 0) {
@@ -2654,7 +2585,7 @@ hifn_process(device_t dev, struct cryptop *crp, int hint)
}
cmd->crp = crp;
- cmd->session_num = session;
+ cmd->session = ses;
cmd->softc = sc;
err = hifn_crypto(sc, cmd, crp, hint);
@@ -2829,7 +2760,7 @@ hifn_callback(struct hifn_softc *sc, struct hifn_command *cmd, u_int8_t *macbuf)
HIFN_AES_IV_LENGTH : HIFN_IV_LENGTH);
crypto_copydata(crp->crp_flags, crp->crp_buf,
crd->crd_skip + crd->crd_len - ivlen, ivlen,
- cmd->softc->sc_sessions[cmd->session_num].hs_iv);
+ cmd->session->hs_iv);
break;
}
}
@@ -2844,7 +2775,7 @@ hifn_callback(struct hifn_softc *sc, struct hifn_command *cmd, u_int8_t *macbuf)
crd->crd_alg != CRYPTO_SHA1_HMAC) {
continue;
}
- len = cmd->softc->sc_sessions[cmd->session_num].hs_mlen;
+ len = cmd->session->hs_mlen;
crypto_copyback(crp->crp_flags, crp->crp_buf,
crd->crd_inject, len, macbuf);
break;
diff --git a/sys/dev/hifn/hifn7751var.h b/sys/dev/hifn/hifn7751var.h
index 9ad9973af71e..e7ace8bcc977 100644
--- a/sys/dev/hifn/hifn7751var.h
+++ b/sys/dev/hifn/hifn7751var.h
@@ -105,9 +105,8 @@ struct hifn_dma {
struct hifn_session {
- int hs_used;
- int hs_mlen;
u_int8_t hs_iv[HIFN_MAX_IV_LENGTH];
+ int hs_mlen;
};
#define HIFN_RING_SYNC(sc, r, i, f) \
@@ -162,8 +161,6 @@ struct hifn_softc {
int32_t sc_cid;
int sc_maxses;
- int sc_nsessions;
- struct hifn_session *sc_sessions;
int sc_ramsize;
int sc_flags;
#define HIFN_HAS_RNG 0x1 /* includes random number generator */
@@ -270,7 +267,7 @@ struct hifn_operand {
bus_dma_segment_t segs[MAX_SCATTER];
};
struct hifn_command {
- u_int16_t session_num;
+ struct hifn_session *session;
u_int16_t base_masks, cry_masks, mac_masks;
u_int8_t iv[HIFN_MAX_IV_LENGTH], *ck, mac[HIFN_MAC_KEY_LENGTH];
int cklen;
@@ -329,14 +326,6 @@ struct hifn_command {
* behaviour was requested.
*
*************************************************************************/
-
-/*
- * Convert back and forth from 'sid' to 'card' and 'session'
- */
-#define HIFN_CARD(sid) (((sid) & 0xf0000000) >> 28)
-#define HIFN_SESSION(sid) ((sid) & 0x000007ff)
-#define HIFN_SID(crd,ses) (((crd) << 28) | ((ses) & 0x7ff))
-
#endif /* _KERNEL */
struct hifn_stats {
diff --git a/sys/dev/safe/safe.c b/sys/dev/safe/safe.c
index 83b22d8d89ee..a1673c9cd60f 100644
--- a/sys/dev/safe/safe.c
+++ b/sys/dev/safe/safe.c
@@ -88,8 +88,7 @@ static int safe_suspend(device_t);
static int safe_resume(device_t);
static int safe_shutdown(device_t);
-static int safe_newsession(device_t, u_int32_t *, struct cryptoini *);
-static int safe_freesession(device_t, u_int64_t);
+static int safe_newsession(device_t, crypto_session_t, struct cryptoini *);
static int safe_process(device_t, struct cryptop *, int);
static device_method_t safe_methods[] = {
@@ -103,7 +102,6 @@ static device_method_t safe_methods[] = {
/* crypto device methods */
DEVMETHOD(cryptodev_newsession, safe_newsession),
- DEVMETHOD(cryptodev_freesession,safe_freesession),
DEVMETHOD(cryptodev_process, safe_process),
DEVMETHOD_END
@@ -266,7 +264,8 @@ safe_attach(device_t dev)
goto bad2;
}
- sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
+ sc->sc_cid = crypto_get_driverid(dev, sizeof(struct safe_session),
+ CRYPTOCAP_F_HARDWARE);
if (sc->sc_cid < 0) {
device_printf(dev, "could not get crypto driver id\n");
goto bad3;
@@ -698,14 +697,13 @@ safe_setup_mackey(struct safe_session *ses, int algo, caddr_t key, int klen)
* id on successful allocation.
*/
static int
-safe_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
+safe_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
{
struct safe_softc *sc = device_get_softc(dev);
struct cryptoini *c, *encini = NULL, *macini = NULL;
struct safe_session *ses = NULL;
- int sesn;
- if (sidp == NULL || cri == NULL || sc == NULL)
+ if (cri == NULL || sc == NULL)
return (EINVAL);
for (c = cri; c != NULL; c = c->cri_next) {
@@ -746,41 +744,7 @@ safe_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
}
}
- if (sc->sc_sessions == NULL) {
- ses = sc->sc_sessions = (struct safe_session *)malloc(
- sizeof(struct safe_session), M_DEVBUF, M_NOWAIT);
- if (ses == NULL)
- return (ENOMEM);
- sesn = 0;
- sc->sc_nsessions = 1;
- } else {
- for (sesn = 0; sesn < sc->sc_nsessions; sesn++) {
- if (sc->sc_sessions[sesn].ses_used == 0) {
- ses = &sc->sc_sessions[sesn];
- break;
- }
- }
-
- if (ses == NULL) {
- sesn = sc->sc_nsessions;
- ses = (struct safe_session *)malloc((sesn + 1) *
- sizeof(struct safe_session), M_DEVBUF, M_NOWAIT);
- if (ses == NULL)
- return (ENOMEM);
- bcopy(sc->sc_sessions, ses, sesn *
- sizeof(struct safe_session));
- bzero(sc->sc_sessions, sesn *
- sizeof(struct safe_session));
- free(sc->sc_sessions, M_DEVBUF);
- sc->sc_sessions = ses;
- ses = &sc->sc_sessions[sesn];
- sc->sc_nsessions++;
- }
- }
-
- bzero(ses, sizeof(struct safe_session));
- ses->ses_used = 1;
-
+ ses = crypto_get_driver_session(cses);
if (encini) {
/* get an IV */
/* XXX may read fewer than requested */
@@ -806,32 +770,9 @@ safe_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
}
}
- *sidp = SAFE_SID(device_get_unit(sc->sc_dev), sesn);
return (0);
}
-/*
- * Deallocate a session.
- */
-static int
-safe_freesession(device_t dev, u_int64_t tid)
-{
- struct safe_softc *sc = device_get_softc(dev);
- int session, ret;
- u_int32_t sid = ((u_int32_t) tid) & 0xffffffff;
-
- if (sc == NULL)
- return (EINVAL);
-
- session = SAFE_SESSION(sid);
- if (session < sc->sc_nsessions) {
- bzero(&sc->sc_sessions[session], sizeof(sc->sc_sessions[session]));
- ret = 0;
- } else
- ret = EINVAL;
- return (ret);
-}
-
static void
safe_op_cb(void *arg, bus_dma_segment_t *seg, int nsegs, bus_size_t mapsize, int error)
{
@@ -865,10 +806,6 @@ safe_process(device_t dev, struct cryptop *crp, int hint)
safestats.st_invalid++;
return (EINVAL);
}
- if (SAFE_SESSION(crp->crp_sid) >= sc->sc_nsessions) {
- safestats.st_badsession++;
- return (EINVAL);
- }
mtx_lock(&sc->sc_ringmtx);
if (sc->sc_front == sc->sc_back && sc->sc_nqchip != 0) {
@@ -885,7 +822,6 @@ safe_process(device_t dev, struct cryptop *crp, int hint)
re->re_sa.sa_staterec = staterec; /* restore */
re->re_crp = crp;
- re->re_sesn = SAFE_SESSION(crp->crp_sid);
if (crp->crp_flags & CRYPTO_F_IMBUF) {
re->re_src_m = (struct mbuf *)crp->crp_buf;
@@ -900,7 +836,7 @@ safe_process(device_t dev, struct cryptop *crp, int hint)
}
sa = &re->re_sa;
- ses = &sc->sc_sessions[re->re_sesn];
+ ses = crypto_get_driver_session(crp->crp_session);
crd1 = crp->crp_desc;
if (crd1 == NULL) {
@@ -1501,8 +1437,11 @@ static void
safe_callback(struct safe_softc *sc, struct safe_ringentry *re)
{
struct cryptop *crp = (struct cryptop *)re->re_crp;
+ struct safe_session *ses;
struct cryptodesc *crd;
+ ses = crypto_get_driver_session(crp->crp_session);
+
safestats.st_opackets++;
safestats.st_obytes += re->re_dst.mapsize;
@@ -1548,7 +1487,7 @@ safe_callback(struct safe_softc *sc, struct safe_ringentry *re)
continue;
crypto_copydata(crp->crp_flags, crp->crp_buf,
crd->crd_skip + crd->crd_len - ivsize, ivsize,
- (caddr_t)sc->sc_sessions[re->re_sesn].ses_iv);
+ (caddr_t)ses->ses_iv);
break;
}
}
@@ -1573,8 +1512,7 @@ safe_callback(struct safe_softc *sc, struct safe_ringentry *re)
bswap32(re->re_sastate.sa_saved_indigest[2]);
}
crypto_copyback(crp->crp_flags, crp->crp_buf,
- crd->crd_inject,
- sc->sc_sessions[re->re_sesn].ses_mlen,
+ crd->crd_inject, ses->ses_mlen,
(caddr_t)re->re_sastate.sa_saved_indigest);
break;
}
diff --git a/sys/dev/safe/safevar.h b/sys/dev/safe/safevar.h
index 6386e9b71daf..024d00564562 100644
--- a/sys/dev/safe/safevar.h
+++ b/sys/dev/safe/safevar.h
@@ -47,10 +47,6 @@
#define SAFE_RNG_MAXBUFSIZ 128 /* 32-bit words */
-#define SAFE_CARD(sid) (((sid) & 0xf0000000) >> 28)
-#define SAFE_SESSION(sid) ( (sid) & 0x0fffffff)
-#define SAFE_SID(crd, sesn) (((crd) << 28) | ((sesn) & 0x0fffffff))
-
#define SAFE_DEF_RTY 0xff /* PCI Retry Timeout */
#define SAFE_DEF_TOUT 0xff /* PCI TRDY Timeout */
#define SAFE_DEF_CACHELINE 0x01 /* Cache Line setting */
@@ -114,7 +110,7 @@ struct safe_ringentry {
struct safe_operand re_src; /* source operand */
struct safe_operand re_dst; /* destination operand */
- int re_sesn; /* crypto session ID */
+ int unused;
int re_flags;
#define SAFE_QFLAGS_COPYOUTIV 0x1 /* copy back on completion */
#define SAFE_QFLAGS_COPYOUTICV 0x2 /* copy back on completion */
@@ -137,7 +133,6 @@ struct safe_ringentry {
struct rndstate_test;
struct safe_session {
- u_int32_t ses_used;
u_int32_t ses_klen; /* key length in bits */
u_int32_t ses_key[8]; /* DES/3DES/AES key */
u_int32_t ses_mlen; /* hmac length in bytes */
@@ -177,8 +172,6 @@ struct safe_softc {
struct safe_pdesc *sc_dpringtop; /* dest particle ring top */
struct safe_pdesc *sc_dpfree; /* next free dest particle */
struct safe_dma_alloc sc_dpalloc; /* dst particle ring state */
- int sc_nsessions; /* # of sessions */
- struct safe_session *sc_sessions; /* sessions */
struct callout sc_rngto; /* rng timeout */
struct rndtest_state *sc_rndtest; /* RNG test state */
diff --git a/sys/dev/sec/sec.c b/sys/dev/sec/sec.c
index 3d01bd99e4b7..76f808757845 100644
--- a/sys/dev/sec/sec.c
+++ b/sys/dev/sec/sec.c
@@ -85,10 +85,8 @@ static int sec_make_pointer(struct sec_softc *sc, struct sec_desc *desc,
u_int n, void *data, bus_size_t doffset, bus_size_t dsize, int dtype);
static int sec_make_pointer_direct(struct sec_softc *sc,
struct sec_desc *desc, u_int n, bus_addr_t data, bus_size_t dsize);
-static int sec_alloc_session(struct sec_softc *sc);
-static int sec_newsession(device_t dev, u_int32_t *sidp,
+static int sec_newsession(device_t dev, crypto_session_t cses,
struct cryptoini *cri);
-static int sec_freesession(device_t dev, uint64_t tid);
static int sec_process(device_t dev, struct cryptop *crp, int hint);
static int sec_split_cri(struct cryptoini *cri, struct cryptoini **enc,
struct cryptoini **mac);
@@ -101,7 +99,6 @@ static int sec_build_common_s_desc(struct sec_softc *sc,
struct sec_desc *desc, struct sec_session *ses, struct cryptop *crp,
struct cryptodesc *enc, struct cryptodesc *mac, int buftype);
-static struct sec_session *sec_get_session(struct sec_softc *sc, u_int sid);
static struct sec_desc *sec_find_desc(struct sec_softc *sc, bus_addr_t paddr);
/* AESU */
@@ -140,7 +137,6 @@ static device_method_t sec_methods[] = {
/* Crypto methods */
DEVMETHOD(cryptodev_newsession, sec_newsession),
- DEVMETHOD(cryptodev_freesession,sec_freesession),
DEVMETHOD(cryptodev_process, sec_process),
DEVMETHOD_END
@@ -180,15 +176,6 @@ sec_sync_dma_mem(struct sec_dma_mem *dma_mem, bus_dmasync_op_t op)
bus_dmamap_sync(dma_mem->dma_tag, dma_mem->dma_map, op);
}
-static inline void
-sec_free_session(struct sec_softc *sc, struct sec_session *ses)
-{
-
- SEC_LOCK(sc, sessions);
- ses->ss_used = 0;
- SEC_UNLOCK(sc, sessions);
-}
-
static inline void *
sec_get_pointer_data(struct sec_desc *desc, u_int n)
{
@@ -258,7 +245,8 @@ sec_attach(device_t dev)
sc->sc_blocked = 0;
sc->sc_shutdown = 0;
- sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
+ sc->sc_cid = crypto_get_driverid(dev, sizeof(struct sec_session),
+ CRYPTOCAP_F_HARDWARE);
if (sc->sc_cid < 0) {
device_printf(dev, "could not get crypto driver ID!\n");
return (ENXIO);
@@ -269,8 +257,6 @@ sec_attach(device_t dev)
"SEC Controller lock", MTX_DEF);
mtx_init(&sc->sc_descriptors_lock, device_get_nameunit(dev),
"SEC Descriptors lock", MTX_DEF);
- mtx_init(&sc->sc_sessions_lock, device_get_nameunit(dev),
- "SEC Sessions lock", MTX_DEF);
/* Allocate I/O memory for SEC registers */
sc->sc_rrid = 0;
@@ -411,7 +397,6 @@ fail2:
fail1:
mtx_destroy(&sc->sc_controller_lock);
mtx_destroy(&sc->sc_descriptors_lock);
- mtx_destroy(&sc->sc_sessions_lock);
return (ENXIO);
}
@@ -482,7 +467,6 @@ sec_detach(device_t dev)
mtx_destroy(&sc->sc_controller_lock);
mtx_destroy(&sc->sc_descriptors_lock);
- mtx_destroy(&sc->sc_sessions_lock);
return (0);
}
@@ -1235,53 +1219,7 @@ sec_split_crp(struct cryptop *crp, struct cryptodesc **enc,
}
static int
-sec_alloc_session(struct sec_softc *sc)
-{
- struct sec_session *ses = NULL;
- int sid = -1;
- u_int i;
-
- SEC_LOCK(sc, sessions);
-
- for (i = 0; i < SEC_MAX_SESSIONS; i++) {
- if (sc->sc_sessions[i].ss_used == 0) {
- ses = &(sc->sc_sessions[i]);
- ses->ss_used = 1;
- ses->ss_ivlen = 0;
- ses->ss_klen = 0;
- ses->ss_mklen = 0;
- sid = i;
- break;
- }
- }
-
- SEC_UNLOCK(sc, sessions);
-
- return (sid);
-}
-
-static struct sec_session *
-sec_get_session(struct sec_softc *sc, u_int sid)
-{
- struct sec_session *ses;
-
- if (sid >= SEC_MAX_SESSIONS)
- return (NULL);
-
- SEC_LOCK(sc, sessions);
-
- ses = &(sc->sc_sessions[sid]);
-
- if (ses->ss_used == 0)
- ses = NULL;
-
- SEC_UNLOCK(sc, sessions);
-
- return (ses);
-}
-
-static int
-sec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
+sec_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
{
struct sec_softc *sc = device_get_softc(dev);
struct sec_eu_methods *eu = sec_eus;
@@ -1289,7 +1227,6 @@ sec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
struct cryptoini *mac = NULL;
struct sec_session *ses;
int error = -1;
- int sid;
error = sec_split_cri(cri, &enc, &mac);
if (error)
@@ -1306,11 +1243,7 @@ sec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
if (sc->sc_version < 3 && mac && mac->cri_klen > 256)
return (E2BIG);
- sid = sec_alloc_session(sc);
- if (sid < 0)
- return (ENOMEM);
-
- ses = sec_get_session(sc, sid);
+ ses = crypto_get_driver_session(cses);
/* Find EU for this session */
while (eu->sem_make_desc != NULL) {
@@ -1322,10 +1255,8 @@ sec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
}
/* If not found, return EINVAL */
- if (error < 0) {
- sec_free_session(sc, ses);
+ if (error < 0)
return (EINVAL);
- }
/* Save cipher key */
if (enc && enc->cri_key) {
@@ -1340,28 +1271,10 @@ sec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
}
ses->ss_eu = eu;
- *sidp = sid;
-
return (0);
}
static int
-sec_freesession(device_t dev, uint64_t tid)
-{
- struct sec_softc *sc = device_get_softc(dev);
- struct sec_session *ses;
- int error = 0;
-
- ses = sec_get_session(sc, CRYPTO_SESID2LID(tid));
- if (ses == NULL)
- return (EINVAL);
-
- sec_free_session(sc, ses);
-
- return (error);
-}
-
-static int
sec_process(device_t dev, struct cryptop *crp, int hint)
{
struct sec_softc *sc = device_get_softc(dev);
@@ -1370,13 +1283,7 @@ sec_process(device_t dev, struct cryptop *crp, int hint)
struct sec_session *ses;
int buftype, error = 0;
- /* Check Session ID */
- ses = sec_get_session(sc, CRYPTO_SESID2LID(crp->crp_sid));
- if (ses == NULL) {
- crp->crp_etype = EINVAL;
- crypto_done(crp);
- return (0);
- }
+ ses = crypto_get_driver_session(crp->crp_session);
/* Check for input length */
if (crp->crp_ilen > SEC_MAX_DMA_BLOCK_SIZE) {
diff --git a/sys/dev/sec/sec.h b/sys/dev/sec/sec.h
index 105b49a49e28..05b15039ad64 100644
--- a/sys/dev/sec/sec.h
+++ b/sys/dev/sec/sec.h
@@ -153,7 +153,6 @@ struct sec_eu_methods {
};
struct sec_session {
- u_int ss_used;
struct sec_eu_methods *ss_eu;
uint8_t ss_key[SEC_MAX_KEY_LEN];
uint8_t ss_mkey[SEC_MAX_KEY_LEN];
@@ -181,11 +180,8 @@ struct sec_softc {
uint64_t sc_int_error_mask;
uint64_t sc_channel_idle_mask;
- struct sec_session sc_sessions[SEC_MAX_SESSIONS];
-
struct mtx sc_controller_lock;
struct mtx sc_descriptors_lock;
- struct mtx sc_sessions_lock;
struct sec_desc sc_desc[SEC_DESCRIPTORS];
u_int sc_free_desc_get_cnt;
diff --git a/sys/dev/ubsec/ubsec.c b/sys/dev/ubsec/ubsec.c
index 9078ffd9911e..1c8c7c60e657 100644
--- a/sys/dev/ubsec/ubsec.c
+++ b/sys/dev/ubsec/ubsec.c
@@ -111,8 +111,7 @@ static int ubsec_suspend(device_t);
static int ubsec_resume(device_t);
static int ubsec_shutdown(device_t);
-static int ubsec_newsession(device_t, u_int32_t *, struct cryptoini *);
-static int ubsec_freesession(device_t, u_int64_t);
+static int ubsec_newsession(device_t, crypto_session_t, struct cryptoini *);
static int ubsec_process(device_t, struct cryptop *, int);
static int ubsec_kprocess(device_t, struct cryptkop *, int);
@@ -127,7 +126,6 @@ static device_method_t ubsec_methods[] = {
/* crypto device methods */
DEVMETHOD(cryptodev_newsession, ubsec_newsession),
- DEVMETHOD(cryptodev_freesession,ubsec_freesession),
DEVMETHOD(cryptodev_process, ubsec_process),
DEVMETHOD(cryptodev_kprocess, ubsec_kprocess),
@@ -350,7 +348,8 @@ ubsec_attach(device_t dev)
goto bad2;
}
- sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
+ sc->sc_cid = crypto_get_driverid(dev, sizeof(struct ubsec_session),
+ CRYPTOCAP_F_HARDWARE);
if (sc->sc_cid < 0) {
device_printf(dev, "could not get crypto driver id\n");
goto bad3;
@@ -895,14 +894,13 @@ ubsec_setup_mackey(struct ubsec_session *ses, int algo, caddr_t key, int klen)
* id on successful allocation.
*/
static int
-ubsec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
+ubsec_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
{
struct ubsec_softc *sc = device_get_softc(dev);
struct cryptoini *c, *encini = NULL, *macini = NULL;
struct ubsec_session *ses = NULL;
- int sesn;
- if (sidp == NULL || cri == NULL || sc == NULL)
+ if (cri == NULL || sc == NULL)
return (EINVAL);
for (c = cri; c != NULL; c = c->cri_next) {
@@ -922,40 +920,7 @@ ubsec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
if (encini == NULL && macini == NULL)
return (EINVAL);
- if (sc->sc_sessions == NULL) {
- ses = sc->sc_sessions = (struct ubsec_session *)malloc(
- sizeof(struct ubsec_session), M_DEVBUF, M_NOWAIT);
- if (ses == NULL)
- return (ENOMEM);
- sesn = 0;
- sc->sc_nsessions = 1;
- } else {
- for (sesn = 0; sesn < sc->sc_nsessions; sesn++) {
- if (sc->sc_sessions[sesn].ses_used == 0) {
- ses = &sc->sc_sessions[sesn];
- break;
- }
- }
-
- if (ses == NULL) {
- sesn = sc->sc_nsessions;
- ses = (struct ubsec_session *)malloc((sesn + 1) *
- sizeof(struct ubsec_session), M_DEVBUF, M_NOWAIT);
- if (ses == NULL)
- return (ENOMEM);
- bcopy(sc->sc_sessions, ses, sesn *
- sizeof(struct ubsec_session));
- bzero(sc->sc_sessions, sesn *
- sizeof(struct ubsec_session));
- free(sc->sc_sessions, M_DEVBUF);
- sc->sc_sessions = ses;
- ses = &sc->sc_sessions[sesn];
- sc->sc_nsessions++;
- }
- }
- bzero(ses, sizeof(struct ubsec_session));
- ses->ses_used = 1;
-
+ ses = crypto_get_driver_session(cses);
if (encini) {
/* get an IV, network byte order */
/* XXX may read fewer than requested */
@@ -982,34 +947,9 @@ ubsec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
}
}
- *sidp = UBSEC_SID(device_get_unit(sc->sc_dev), sesn);
return (0);
}
-/*
- * Deallocate a session.
- */
-static int
-ubsec_freesession(device_t dev, u_int64_t tid)
-{
- struct ubsec_softc *sc = device_get_softc(dev);
- int session, ret;
- u_int32_t sid = CRYPTO_SESID2LID(tid);
-
- if (sc == NULL)
- return (EINVAL);
-
- session = UBSEC_SESSION(sid);
- if (session < sc->sc_nsessions) {
- bzero(&sc->sc_sessions[session],
- sizeof(sc->sc_sessions[session]));
- ret = 0;
- } else
- ret = EINVAL;
-
- return (ret);
-}
-
static void
ubsec_op_cb(void *arg, bus_dma_segment_t *seg, int nsegs, bus_size_t mapsize, int error)
{
@@ -1047,10 +987,6 @@ ubsec_process(device_t dev, struct cryptop *crp, int hint)
ubsecstats.hst_invalid++;
return (EINVAL);
}
- if (UBSEC_SESSION(crp->crp_sid) >= sc->sc_nsessions) {
- ubsecstats.hst_badsession++;
- return (EINVAL);
- }
mtx_lock(&sc->sc_freeqlock);
if (SIMPLEQ_EMPTY(&sc->sc_freequeue)) {
@@ -1067,9 +1003,8 @@ ubsec_process(device_t dev, struct cryptop *crp, int hint)
bzero(q, sizeof(struct ubsec_q));
bzero(&ctx, sizeof(ctx));
- q->q_sesn = UBSEC_SESSION(crp->crp_sid);
q->q_dma = dmap;
- ses = &sc->sc_sessions[q->q_sesn];
+ ses = crypto_get_driver_session(crp->crp_session);
if (crp->crp_flags & CRYPTO_F_IMBUF) {
q->q_src_m = (struct mbuf *)crp->crp_buf;
@@ -1561,9 +1496,12 @@ static void
ubsec_callback(struct ubsec_softc *sc, struct ubsec_q *q)
{
struct cryptop *crp = (struct cryptop *)q->q_crp;
+ struct ubsec_session *ses;
struct cryptodesc *crd;
struct ubsec_dma *dmap = q->q_dma;
+ ses = crypto_get_driver_session(crp->crp_session);
+
ubsecstats.hst_opackets++;
ubsecstats.hst_obytes += dmap->d_alloc.dma_size;
@@ -1592,7 +1530,7 @@ ubsec_callback(struct ubsec_softc *sc, struct ubsec_q *q)
continue;
crypto_copydata(crp->crp_flags, crp->crp_buf,
crd->crd_skip + crd->crd_len - 8, 8,
- (caddr_t)sc->sc_sessions[q->q_sesn].ses_iv);
+ (caddr_t)ses->ses_iv);
break;
}
}
@@ -1602,8 +1540,7 @@ ubsec_callback(struct ubsec_softc *sc, struct ubsec_q *q)
crd->crd_alg != CRYPTO_SHA1_HMAC)
continue;
crypto_copyback(crp->crp_flags, crp->crp_buf, crd->crd_inject,
- sc->sc_sessions[q->q_sesn].ses_mlen,
- (caddr_t)dmap->d_dma->d_macbuf);
+ ses->ses_mlen, (caddr_t)dmap->d_dma->d_macbuf);
break;
}
mtx_lock(&sc->sc_freeqlock);
diff --git a/sys/dev/ubsec/ubsecvar.h b/sys/dev/ubsec/ubsecvar.h
index acbf32a29736..ae6d5e2cb6bc 100644
--- a/sys/dev/ubsec/ubsecvar.h
+++ b/sys/dev/ubsec/ubsecvar.h
@@ -47,10 +47,6 @@
#define UBS_MAX_AGGR 5 /* Maximum aggregation count */
#endif
-#define UBSEC_CARD(sid) (((sid) & 0xf0000000) >> 28)
-#define UBSEC_SESSION(sid) ( (sid) & 0x0fffffff)
-#define UBSEC_SID(crd, sesn) (((crd) << 28) | ((sesn) & 0x0fffffff))
-
#define UBS_DEF_RTY 0xff /* PCI Retry Timeout */
#define UBS_DEF_TOUT 0xff /* PCI TRDY Timeout */
#define UBS_DEF_CACHELINE 0x01 /* Cache Line setting */
@@ -158,7 +154,6 @@ struct ubsec_q {
struct ubsec_operand q_src;
struct ubsec_operand q_dst;
- int q_sesn;
int q_flags;
};
@@ -202,8 +197,6 @@ struct ubsec_softc {
SIMPLEQ_HEAD(,ubsec_q2) sc_queue2; /* packet queue, mcr2 */
int sc_nqueue2; /* count enqueued, mcr2 */
SIMPLEQ_HEAD(,ubsec_q2) sc_qchip2; /* on chip, mcr2 */
- int sc_nsessions; /* # of sessions */
- struct ubsec_session *sc_sessions; /* sessions */
struct callout sc_rngto; /* rng timeout */
int sc_rnghz; /* rng poll time */
struct ubsec_q2_rng sc_rng;
@@ -218,7 +211,6 @@ struct ubsec_softc {
#define UBSEC_QFLAGS_COPYOUTIV 0x1
struct ubsec_session {
- u_int32_t ses_used;
u_int32_t ses_deskey[6]; /* 3DES key */
u_int32_t ses_mlen; /* hmac length */
u_int32_t ses_hminner[5]; /* hmac inner state */
diff --git a/sys/geom/eli/g_eli.c b/sys/geom/eli/g_eli.c
index 45e385f5d362..6df1fdc2d24c 100644
--- a/sys/geom/eli/g_eli.c
+++ b/sys/geom/eli/g_eli.c
@@ -199,10 +199,10 @@ g_eli_crypto_rerun(struct cryptop *crp)
break;
}
KASSERT(wr != NULL, ("Invalid worker (%u).", bp->bio_pflags));
- G_ELI_DEBUG(1, "Rerunning crypto %s request (sid: %ju -> %ju).",
- bp->bio_cmd == BIO_READ ? "READ" : "WRITE", (uintmax_t)wr->w_sid,
- (uintmax_t)crp->crp_sid);
- wr->w_sid = crp->crp_sid;
+ G_ELI_DEBUG(1, "Rerunning crypto %s request (sid: %p -> %p).",
+ bp->bio_cmd == BIO_READ ? "READ" : "WRITE", wr->w_sid,
+ crp->crp_session);
+ wr->w_sid = crp->crp_session;
crp->crp_etype = 0;
error = crypto_dispatch(crp);
if (error == 0)
diff --git a/sys/geom/eli/g_eli_crypto.c b/sys/geom/eli/g_eli_crypto.c
index 348b13c0d92d..adea8f336976 100644
--- a/sys/geom/eli/g_eli_crypto.c
+++ b/sys/geom/eli/g_eli_crypto.c
@@ -97,7 +97,7 @@ g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize,
bzero(crd->crd_iv, sizeof(crd->crd_iv));
crd->crd_next = NULL;
- crp->crp_sid = sid;
+ crp->crp_session = sid;
crp->crp_ilen = datasize;
crp->crp_olen = datasize;
crp->crp_opaque = NULL;
diff --git a/sys/geom/eli/g_eli_integrity.c b/sys/geom/eli/g_eli_integrity.c
index eedc98bc7b34..f95cb6f14a79 100644
--- a/sys/geom/eli/g_eli_integrity.c
+++ b/sys/geom/eli/g_eli_integrity.c
@@ -487,7 +487,7 @@ g_eli_auth_run(struct g_eli_worker *wr, struct bio *bp)
plaindata += data_secsize;
}
- crp->crp_sid = wr->w_sid;
+ crp->crp_session = wr->w_sid;
crp->crp_ilen = sc->sc_alen + data_secsize;
crp->crp_olen = data_secsize;
crp->crp_opaque = (void *)bp;
diff --git a/sys/geom/eli/g_eli_privacy.c b/sys/geom/eli/g_eli_privacy.c
index 7f6d3829ea6c..6dbda7f0ef03 100644
--- a/sys/geom/eli/g_eli_privacy.c
+++ b/sys/geom/eli/g_eli_privacy.c
@@ -279,7 +279,7 @@ g_eli_crypto_run(struct g_eli_worker *wr, struct bio *bp)
crp = (struct cryptop *)p; p += sizeof(*crp);
crd = (struct cryptodesc *)p; p += sizeof(*crd);
- crp->crp_sid = wr->w_sid;
+ crp->crp_session = wr->w_sid;
crp->crp_ilen = secsize;
crp->crp_olen = secsize;
crp->crp_opaque = (void *)bp;
diff --git a/sys/kgssapi/krb5/kcrypto_aes.c b/sys/kgssapi/krb5/kcrypto_aes.c
index 55d6f6e1c4eb..9d0f98c06ea1 100644
--- a/sys/kgssapi/krb5/kcrypto_aes.c
+++ b/sys/kgssapi/krb5/kcrypto_aes.c
@@ -122,7 +122,7 @@ aes_crypto_cb(struct cryptop *crp)
int error;
struct aes_state *as = (struct aes_state *) crp->crp_opaque;
- if (CRYPTO_SESID2CAPS(crp->crp_sid) & CRYPTOCAP_F_SYNC)
+ if (crypto_ses2caps(crp->crp_session) & CRYPTOCAP_F_SYNC)
return (0);
error = crp->crp_etype;
@@ -159,7 +159,7 @@ aes_encrypt_1(const struct krb5_key_state *ks, int buftype, void *buf,
crd->crd_next = NULL;
crd->crd_alg = CRYPTO_AES_CBC;
- crp->crp_sid = as->as_session_aes;
+ crp->crp_session = as->as_session_aes;
crp->crp_flags = buftype | CRYPTO_F_CBIFSYNC;
crp->crp_buf = buf;
crp->crp_opaque = (void *) as;
@@ -167,7 +167,7 @@ aes_encrypt_1(const struct krb5_key_state *ks, int buftype, void *buf,
error = crypto_dispatch(crp);
- if ((CRYPTO_SESID2CAPS(as->as_session_aes) & CRYPTOCAP_F_SYNC) == 0) {
+ if ((crypto_ses2caps(as->as_session_aes) & CRYPTOCAP_F_SYNC) == 0) {
mtx_lock(&as->as_lock);
if (!error && !(crp->crp_flags & CRYPTO_F_DONE))
error = msleep(crp, &as->as_lock, 0, "gssaes", 0);
@@ -334,7 +334,7 @@ aes_checksum(const struct krb5_key_state *ks, int usage,
crd->crd_next = NULL;
crd->crd_alg = CRYPTO_SHA1_HMAC;
- crp->crp_sid = as->as_session_sha1;
+ crp->crp_session = as->as_session_sha1;
crp->crp_ilen = inlen;
crp->crp_olen = 12;
crp->crp_etype = 0;
@@ -345,7 +345,7 @@ aes_checksum(const struct krb5_key_state *ks, int usage,
error = crypto_dispatch(crp);
- if ((CRYPTO_SESID2CAPS(as->as_session_sha1) & CRYPTOCAP_F_SYNC) == 0) {
+ if ((crypto_ses2caps(as->as_session_sha1) & CRYPTOCAP_F_SYNC) == 0) {
mtx_lock(&as->as_lock);
if (!error && !(crp->crp_flags & CRYPTO_F_DONE))
error = msleep(crp, &as->as_lock, 0, "gssaes", 0);
diff --git a/sys/kgssapi/krb5/kcrypto_des.c b/sys/kgssapi/krb5/kcrypto_des.c
index 041b142edae1..7f99ce69fcbd 100644
--- a/sys/kgssapi/krb5/kcrypto_des.c
+++ b/sys/kgssapi/krb5/kcrypto_des.c
@@ -145,7 +145,7 @@ des1_crypto_cb(struct cryptop *crp)
int error;
struct des1_state *ds = (struct des1_state *) crp->crp_opaque;
- if (CRYPTO_SESID2CAPS(ds->ds_session) & CRYPTOCAP_F_SYNC)
+ if (crypto_ses2caps(ds->ds_session) & CRYPTOCAP_F_SYNC)
return (0);
error = crp->crp_etype;
@@ -182,7 +182,7 @@ des1_encrypt_1(const struct krb5_key_state *ks, int buftype, void *buf,
crd->crd_next = NULL;
crd->crd_alg = CRYPTO_DES_CBC;
- crp->crp_sid = ds->ds_session;
+ crp->crp_session = ds->ds_session;
crp->crp_flags = buftype | CRYPTO_F_CBIFSYNC;
crp->crp_buf = buf;
crp->crp_opaque = (void *) ds;
@@ -190,7 +190,7 @@ des1_encrypt_1(const struct krb5_key_state *ks, int buftype, void *buf,
error = crypto_dispatch(crp);
- if ((CRYPTO_SESID2CAPS(ds->ds_session) & CRYPTOCAP_F_SYNC) == 0) {
+ if ((crypto_ses2caps(ds->ds_session) & CRYPTOCAP_F_SYNC) == 0) {
mtx_lock(&ds->ds_lock);
if (!error && !(crp->crp_flags & CRYPTO_F_DONE))
error = msleep(crp, &ds->ds_lock, 0, "gssdes", 0);
diff --git a/sys/kgssapi/krb5/kcrypto_des3.c b/sys/kgssapi/krb5/kcrypto_des3.c
index b8dcdfd0fdc6..d4e9c351c765 100644
--- a/sys/kgssapi/krb5/kcrypto_des3.c
+++ b/sys/kgssapi/krb5/kcrypto_des3.c
@@ -155,7 +155,7 @@ des3_crypto_cb(struct cryptop *crp)
int error;
struct des3_state *ds = (struct des3_state *) crp->crp_opaque;
- if (CRYPTO_SESID2CAPS(ds->ds_session) & CRYPTOCAP_F_SYNC)
+ if (crypto_ses2caps(ds->ds_session) & CRYPTOCAP_F_SYNC)
return (0);
error = crp->crp_etype;
@@ -192,7 +192,7 @@ des3_encrypt_1(const struct krb5_key_state *ks, struct mbuf *inout,
crd->crd_next = NULL;
crd->crd_alg = CRYPTO_3DES_CBC;
- crp->crp_sid = ds->ds_session;
+ crp->crp_session = ds->ds_session;
crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_CBIFSYNC;
crp->crp_buf = (void *) inout;
crp->crp_opaque = (void *) ds;
@@ -200,7 +200,7 @@ des3_encrypt_1(const struct krb5_key_state *ks, struct mbuf *inout,
error = crypto_dispatch(crp);
- if ((CRYPTO_SESID2CAPS(ds->ds_session) & CRYPTOCAP_F_SYNC) == 0) {
+ if ((crypto_ses2caps(ds->ds_session) & CRYPTOCAP_F_SYNC) == 0) {
mtx_lock(&ds->ds_lock);
if (!error && !(crp->crp_flags & CRYPTO_F_DONE))
error = msleep(crp, &ds->ds_lock, 0, "gssdes3", 0);
@@ -245,7 +245,7 @@ des3_checksum(const struct krb5_key_state *ks, int usage,
crd->crd_next = NULL;
crd->crd_alg = CRYPTO_SHA1_HMAC;
- crp->crp_sid = ds->ds_session;
+ crp->crp_session = ds->ds_session;
crp->crp_ilen = inlen;
crp->crp_olen = 20;
crp->crp_etype = 0;
@@ -256,7 +256,7 @@ des3_checksum(const struct krb5_key_state *ks, int usage,
error = crypto_dispatch(crp);
- if ((CRYPTO_SESID2CAPS(ds->ds_session) & CRYPTOCAP_F_SYNC) == 0) {
+ if ((crypto_ses2caps(ds->ds_session) & CRYPTOCAP_F_SYNC) == 0) {
mtx_lock(&ds->ds_lock);
if (!error && !(crp->crp_flags & CRYPTO_F_DONE))
error = msleep(crp, &ds->ds_lock, 0, "gssdes3", 0);
diff --git a/sys/mips/cavium/cryptocteon/cryptocteon.c b/sys/mips/cavium/cryptocteon/cryptocteon.c
index 16a0bb161d3d..d79394054a92 100644
--- a/sys/mips/cavium/cryptocteon/cryptocteon.c
+++ b/sys/mips/cavium/cryptocteon/cryptocteon.c
@@ -49,8 +49,6 @@ __FBSDID("$FreeBSD$");
struct cryptocteon_softc {
int32_t sc_cid; /* opencrypto id */
- struct octo_sess **sc_sessions;
- uint32_t sc_sesnum;
};
int cryptocteon_debug = 0;
@@ -61,8 +59,7 @@ static int cryptocteon_probe(device_t);
static int cryptocteon_attach(device_t);
static int cryptocteon_process(device_t, struct cryptop *, int);
-static int cryptocteon_newsession(device_t, u_int32_t *, struct cryptoini *);
-static int cryptocteon_freesession(device_t, u_int64_t);
+static int cryptocteon_newsession(device_t, crypto_session_t, struct cryptoini *);
static void
cryptocteon_identify(driver_t *drv, device_t parent)
@@ -85,7 +82,8 @@ cryptocteon_attach(device_t dev)
sc = device_get_softc(dev);
- sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SYNC);
+ sc->sc_cid = crypto_get_driverid(dev, sizeof(struct octo_sess),
+ CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SYNC);
if (sc->sc_cid < 0) {
device_printf(dev, "crypto_get_driverid ret %d\n", sc->sc_cid);
return (ENXIO);
@@ -106,16 +104,17 @@ cryptocteon_attach(device_t dev)
* do not expect more than this anyway.
*/
static int
-cryptocteon_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
+cryptocteon_newsession(device_t dev, crypto_session_t cses,
+ struct cryptoini *cri)
{
struct cryptoini *c, *encini = NULL, *macini = NULL;
struct cryptocteon_softc *sc;
- struct octo_sess **ocd;
+ struct octo_sess *ocd;
int i;
sc = device_get_softc(dev);
- if (sid == NULL || cri == NULL || sc == NULL)
+ if (cri == NULL || sc == NULL)
return (EINVAL);
/*
@@ -158,70 +157,25 @@ cryptocteon_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
/*
* So we have something we can do, lets setup the session
*/
-
- if (sc->sc_sessions) {
- for (i = 1; i < sc->sc_sesnum; i++)
- if (sc->sc_sessions[i] == NULL)
- break;
- } else
- i = 1; /* NB: to silence compiler warning */
-
- if (sc->sc_sessions == NULL || i == sc->sc_sesnum) {
- if (sc->sc_sessions == NULL) {
- i = 1; /* We leave sc->sc_sessions[0] empty */
- sc->sc_sesnum = CRYPTO_SW_SESSIONS;
- } else
- sc->sc_sesnum *= 2;
-
- ocd = malloc(sc->sc_sesnum * sizeof(struct octo_sess *),
- M_DEVBUF, M_NOWAIT | M_ZERO);
- if (ocd == NULL) {
- /* Reset session number */
- if (sc->sc_sesnum == CRYPTO_SW_SESSIONS)
- sc->sc_sesnum = 0;
- else
- sc->sc_sesnum /= 2;
- dprintf("%s,%d: ENOBUFS\n", __FILE__, __LINE__);
- return ENOBUFS;
- }
-
- /* Copy existing sessions */
- if (sc->sc_sessions) {
- memcpy(ocd, sc->sc_sessions,
- (sc->sc_sesnum / 2) * sizeof(struct octo_sess *));
- free(sc->sc_sessions, M_DEVBUF);
- }
-
- sc->sc_sessions = ocd;
- }
-
- ocd = &sc->sc_sessions[i];
- *sid = i;
-
- *ocd = malloc(sizeof(struct octo_sess), M_DEVBUF, M_NOWAIT | M_ZERO);
- if (*ocd == NULL) {
- cryptocteon_freesession(NULL, i);
- dprintf("%s,%d: ENOBUFS\n", __FILE__, __LINE__);
- return ENOBUFS;
- }
+ ocd = crypto_get_driver_session(cses);
if (encini && encini->cri_key) {
- (*ocd)->octo_encklen = (encini->cri_klen + 7) / 8;
- memcpy((*ocd)->octo_enckey, encini->cri_key, (*ocd)->octo_encklen);
+ ocd->octo_encklen = (encini->cri_klen + 7) / 8;
+ memcpy(ocd->octo_enckey, encini->cri_key, ocd->octo_encklen);
}
if (macini && macini->cri_key) {
- (*ocd)->octo_macklen = (macini->cri_klen + 7) / 8;
- memcpy((*ocd)->octo_mackey, macini->cri_key, (*ocd)->octo_macklen);
+ ocd->octo_macklen = (macini->cri_klen + 7) / 8;
+ memcpy(ocd->octo_mackey, macini->cri_key, ocd->octo_macklen);
}
- (*ocd)->octo_mlen = 0;
+ ocd->octo_mlen = 0;
if (encini && encini->cri_mlen)
- (*ocd)->octo_mlen = encini->cri_mlen;
+ ocd->octo_mlen = encini->cri_mlen;
else if (macini && macini->cri_mlen)
- (*ocd)->octo_mlen = macini->cri_mlen;
+ ocd->octo_mlen = macini->cri_mlen;
else
- (*ocd)->octo_mlen = 12;
+ ocd->octo_mlen = 12;
/*
* point c at the enc if it exists, otherwise the mac
@@ -231,105 +185,74 @@ cryptocteon_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
switch (c->cri_alg) {
case CRYPTO_DES_CBC:
case CRYPTO_3DES_CBC:
- (*ocd)->octo_ivsize = 8;
+ ocd->octo_ivsize = 8;
switch (macini ? macini->cri_alg : -1) {
case CRYPTO_MD5_HMAC:
- (*ocd)->octo_encrypt = octo_des_cbc_md5_encrypt;
- (*ocd)->octo_decrypt = octo_des_cbc_md5_decrypt;
- octo_calc_hash(0, macini->cri_key, (*ocd)->octo_hminner,
- (*ocd)->octo_hmouter);
+ ocd->octo_encrypt = octo_des_cbc_md5_encrypt;
+ ocd->octo_decrypt = octo_des_cbc_md5_decrypt;
+ octo_calc_hash(0, macini->cri_key, ocd->octo_hminner,
+ ocd->octo_hmouter);
break;
case CRYPTO_SHA1_HMAC:
- (*ocd)->octo_encrypt = octo_des_cbc_sha1_encrypt;
- (*ocd)->octo_decrypt = octo_des_cbc_sha1_encrypt;
- octo_calc_hash(1, macini->cri_key, (*ocd)->octo_hminner,
- (*ocd)->octo_hmouter);
+ ocd->octo_encrypt = octo_des_cbc_sha1_encrypt;
+ ocd->octo_decrypt = octo_des_cbc_sha1_encrypt;
+ octo_calc_hash(1, macini->cri_key, ocd->octo_hminner,
+ ocd->octo_hmouter);
break;
case -1:
- (*ocd)->octo_encrypt = octo_des_cbc_encrypt;
- (*ocd)->octo_decrypt = octo_des_cbc_decrypt;
+ ocd->octo_encrypt = octo_des_cbc_encrypt;
+ ocd->octo_decrypt = octo_des_cbc_decrypt;
break;
default:
- cryptocteon_freesession(NULL, i);
dprintf("%s,%d: EINVALn", __FILE__, __LINE__);
return EINVAL;
}
break;
case CRYPTO_AES_CBC:
- (*ocd)->octo_ivsize = 16;
+ ocd->octo_ivsize = 16;
switch (macini ? macini->cri_alg : -1) {
case CRYPTO_MD5_HMAC:
- (*ocd)->octo_encrypt = octo_aes_cbc_md5_encrypt;
- (*ocd)->octo_decrypt = octo_aes_cbc_md5_decrypt;
- octo_calc_hash(0, macini->cri_key, (*ocd)->octo_hminner,
- (*ocd)->octo_hmouter);
+ ocd->octo_encrypt = octo_aes_cbc_md5_encrypt;
+ ocd->octo_decrypt = octo_aes_cbc_md5_decrypt;
+ octo_calc_hash(0, macini->cri_key, ocd->octo_hminner,
+ ocd->octo_hmouter);
break;
case CRYPTO_SHA1_HMAC:
- (*ocd)->octo_encrypt = octo_aes_cbc_sha1_encrypt;
- (*ocd)->octo_decrypt = octo_aes_cbc_sha1_decrypt;
- octo_calc_hash(1, macini->cri_key, (*ocd)->octo_hminner,
- (*ocd)->octo_hmouter);
+ ocd->octo_encrypt = octo_aes_cbc_sha1_encrypt;
+ ocd->octo_decrypt = octo_aes_cbc_sha1_decrypt;
+ octo_calc_hash(1, macini->cri_key, ocd->octo_hminner,
+ ocd->octo_hmouter);
break;
case -1:
- (*ocd)->octo_encrypt = octo_aes_cbc_encrypt;
- (*ocd)->octo_decrypt = octo_aes_cbc_decrypt;
+ ocd->octo_encrypt = octo_aes_cbc_encrypt;
+ ocd->octo_decrypt = octo_aes_cbc_decrypt;
break;
default:
- cryptocteon_freesession(NULL, i);
dprintf("%s,%d: EINVALn", __FILE__, __LINE__);
return EINVAL;
}
break;
case CRYPTO_MD5_HMAC:
- (*ocd)->octo_encrypt = octo_null_md5_encrypt;
- (*ocd)->octo_decrypt = octo_null_md5_encrypt;
- octo_calc_hash(0, macini->cri_key, (*ocd)->octo_hminner,
- (*ocd)->octo_hmouter);
+ ocd->octo_encrypt = octo_null_md5_encrypt;
+ ocd->octo_decrypt = octo_null_md5_encrypt;
+ octo_calc_hash(0, macini->cri_key, ocd->octo_hminner,
+ ocd->octo_hmouter);
break;
case CRYPTO_SHA1_HMAC:
- (*ocd)->octo_encrypt = octo_null_sha1_encrypt;
- (*ocd)->octo_decrypt = octo_null_sha1_encrypt;
- octo_calc_hash(1, macini->cri_key, (*ocd)->octo_hminner,
- (*ocd)->octo_hmouter);
+ ocd->octo_encrypt = octo_null_sha1_encrypt;
+ ocd->octo_decrypt = octo_null_sha1_encrypt;
+ octo_calc_hash(1, macini->cri_key, ocd->octo_hminner,
+ ocd->octo_hmouter);
break;
default:
- cryptocteon_freesession(NULL, i);
dprintf("%s,%d: EINVALn", __FILE__, __LINE__);
return EINVAL;
}
- (*ocd)->octo_encalg = encini ? encini->cri_alg : -1;
- (*ocd)->octo_macalg = macini ? macini->cri_alg : -1;
-
- return 0;
-}
+ ocd->octo_encalg = encini ? encini->cri_alg : -1;
+ ocd->octo_macalg = macini ? macini->cri_alg : -1;
-/*
- * Free a session.
- */
-static int
-cryptocteon_freesession(device_t dev, u_int64_t tid)
-{
- struct cryptocteon_softc *sc;
- u_int32_t sid = CRYPTO_SESID2LID(tid);
-
- sc = device_get_softc(dev);
-
- if (sc == NULL)
- return (EINVAL);
-
- if (sid > sc->sc_sesnum || sc->sc_sessions == NULL ||
- sc->sc_sessions[sid] == NULL)
- return (EINVAL);
-
- /* Silently accept and return */
- if (sid == 0)
- return(0);
-
- if (sc->sc_sessions[sid])
- free(sc->sc_sessions[sid], M_DEVBUF);
- sc->sc_sessions[sid] = NULL;
- return 0;
+ return (0);
}
/*
@@ -340,7 +263,6 @@ cryptocteon_process(device_t dev, struct cryptop *crp, int hint)
{
struct cryptodesc *crd;
struct octo_sess *od;
- u_int32_t lid;
size_t iovcnt, iovlen;
struct mbuf *m = NULL;
struct uio *uiop = NULL;
@@ -363,14 +285,7 @@ cryptocteon_process(device_t dev, struct cryptop *crp, int hint)
goto done;
}
- lid = crp->crp_sid & 0xffffffff;
- if (lid >= sc->sc_sesnum || lid == 0 || sc->sc_sessions == NULL ||
- sc->sc_sessions[lid] == NULL) {
- crp->crp_etype = ENOENT;
- dprintf("%s,%d: ENOENT\n", __FILE__, __LINE__);
- goto done;
- }
- od = sc->sc_sessions[lid];
+ od = crypto_get_driver_session(crp->crp_session);
/*
* do some error checking outside of the loop for m and IOV processing
@@ -400,12 +315,16 @@ cryptocteon_process(device_t dev, struct cryptop *crp, int hint)
/* point our enccrd and maccrd appropriately */
crd = crp->crp_desc;
- if (crd->crd_alg == od->octo_encalg) enccrd = crd;
- if (crd->crd_alg == od->octo_macalg) maccrd = crd;
+ if (crd->crd_alg == od->octo_encalg)
+ enccrd = crd;
+ if (crd->crd_alg == od->octo_macalg)
+ maccrd = crd;
crd = crd->crd_next;
if (crd) {
- if (crd->crd_alg == od->octo_encalg) enccrd = crd;
- if (crd->crd_alg == od->octo_macalg) maccrd = crd;
+ if (crd->crd_alg == od->octo_encalg)
+ enccrd = crd;
+ if (crd->crd_alg == od->octo_macalg)
+ maccrd = crd;
crd = crd->crd_next;
}
if (crd) {
@@ -500,7 +419,7 @@ cryptocteon_process(device_t dev, struct cryptop *crp, int hint)
done:
crypto_done(crp);
- return 0;
+ return (0);
}
static device_method_t cryptocteon_methods[] = {
@@ -511,7 +430,6 @@ static device_method_t cryptocteon_methods[] = {
/* crypto device methods */
DEVMETHOD(cryptodev_newsession, cryptocteon_newsession),
- DEVMETHOD(cryptodev_freesession,cryptocteon_freesession),
DEVMETHOD(cryptodev_process, cryptocteon_process),
{ 0, 0 }
diff --git a/sys/mips/nlm/dev/sec/nlmrsa.c b/sys/mips/nlm/dev/sec/nlmrsa.c
index 2c672675c48d..e0aab68d8f5a 100644
--- a/sys/mips/nlm/dev/sec/nlmrsa.c
+++ b/sys/mips/nlm/dev/sec/nlmrsa.c
@@ -76,8 +76,7 @@ static void print_krp_params(struct cryptkop *krp);
#endif
static int xlp_rsa_init(struct xlp_rsa_softc *sc, int node);
-static int xlp_rsa_newsession(device_t , uint32_t *, struct cryptoini *);
-static int xlp_rsa_freesession(device_t , uint64_t);
+static int xlp_rsa_newsession(device_t , crypto_session_t, struct cryptoini *);
static int xlp_rsa_kprocess(device_t , struct cryptkop *, int);
static int xlp_get_rsa_opsize(struct xlp_rsa_command *cmd, unsigned int bits);
static void xlp_free_cmd_params(struct xlp_rsa_command *cmd);
@@ -100,7 +99,6 @@ static device_method_t xlp_rsa_methods[] = {
/* crypto device methods */
DEVMETHOD(cryptodev_newsession, xlp_rsa_newsession),
- DEVMETHOD(cryptodev_freesession, xlp_rsa_freesession),
DEVMETHOD(cryptodev_kprocess, xlp_rsa_kprocess),
DEVMETHOD_END
@@ -282,8 +280,9 @@ xlp_rsa_attach(device_t dev)
device_printf(dev, "RSA Freq: %dMHz\n", freq);
if (pci_get_device(dev) == PCI_DEVICE_ID_NLM_RSA) {
device_set_desc(dev, "XLP RSA/ECC Accelerator");
- if ((sc->sc_cid = crypto_get_driverid(dev,
- CRYPTOCAP_F_HARDWARE)) < 0) {
+ sc->sc_cid = crypto_get_driverid(dev,
+ sizeof(struct xlp_rsa_session), CRYPTOCAP_F_HARDWARE);
+ if (sc->sc_cid < 0) {
printf("xlp_rsaecc-err:couldn't get the driver id\n");
goto error_exit;
}
@@ -315,79 +314,23 @@ xlp_rsa_detach(device_t dev)
}
/*
- * Allocate a new 'session' and return an encoded session id. 'sidp'
- * contains our registration id, and should contain an encoded session
- * id on successful allocation.
+ * Allocate a new 'session' (unused).
*/
static int
-xlp_rsa_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
+xlp_rsa_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
{
struct xlp_rsa_softc *sc = device_get_softc(dev);
- struct xlp_rsa_session *ses = NULL;
- int sesn;
- if (sidp == NULL || cri == NULL || sc == NULL)
+ if (cri == NULL || sc == NULL)
return (EINVAL);
- if (sc->sc_sessions == NULL) {
- ses = sc->sc_sessions = malloc(sizeof(struct xlp_rsa_session),
- M_DEVBUF, M_NOWAIT);
- if (ses == NULL)
- return (ENOMEM);
- sesn = 0;
- sc->sc_nsessions = 1;
- } else {
- for (sesn = 0; sesn < sc->sc_nsessions; sesn++) {
- if (!sc->sc_sessions[sesn].hs_used) {
- ses = &sc->sc_sessions[sesn];
- break;
- }
- }
-
- if (ses == NULL) {
- sesn = sc->sc_nsessions;
- ses = malloc((sesn + 1) * sizeof(*ses),
- M_DEVBUF, M_NOWAIT);
- if (ses == NULL)
- return (ENOMEM);
- bcopy(sc->sc_sessions, ses, sesn * sizeof(*ses));
- bzero(sc->sc_sessions, sesn * sizeof(*ses));
- free(sc->sc_sessions, M_DEVBUF);
- sc->sc_sessions = ses;
- ses = &sc->sc_sessions[sesn];
- sc->sc_nsessions++;
- }
- }
- bzero(ses, sizeof(*ses));
- ses->sessionid = sesn;
- ses->hs_used = 1;
-
- *sidp = XLP_RSA_SID(device_get_unit(sc->sc_dev), sesn);
return (0);
}
/*
- * Deallocate a session.
- * XXX this routine should run a zero'd mac/encrypt key into context ram.
+ * XXX freesession should run a zero'd mac/encrypt key into context ram.
* XXX to blow away any keys already stored there.
*/
-static int
-xlp_rsa_freesession(device_t dev, u_int64_t tid)
-{
- struct xlp_rsa_softc *sc = device_get_softc(dev);
- int session;
- u_int32_t sid = CRYPTO_SESID2LID(tid);
-
- if (sc == NULL)
- return (EINVAL);
-
- session = XLP_RSA_SESSION(sid);
- if (session >= sc->sc_nsessions)
- return (EINVAL);
-
- sc->sc_sessions[session].hs_used = 0;
- return (0);
-}
static void
xlp_free_cmd_params(struct xlp_rsa_command *cmd)
diff --git a/sys/mips/nlm/dev/sec/nlmrsalib.h b/sys/mips/nlm/dev/sec/nlmrsalib.h
index c3e155d4c97c..8166f0f0ded4 100644
--- a/sys/mips/nlm/dev/sec/nlmrsalib.h
+++ b/sys/mips/nlm/dev/sec/nlmrsalib.h
@@ -32,18 +32,12 @@
#ifndef _NLMRSALIB_H_
#define _NLMRSALIB_H_
-#define XLP_RSA_SESSION(sid) ((sid) & 0x000007ff)
-#define XLP_RSA_SID(crd,ses) (((crd) << 28) | ((ses) & 0x7ff))
-
#define RSA_ERROR(msg0) (((msg0) >> 53) & 0x1f)
struct xlp_rsa_session {
- uint32_t sessionid;
- int hs_used;
};
struct xlp_rsa_command {
- uint16_t session_num;
struct xlp_rsa_session *ses;
struct cryptkop *krp;
uint8_t *rsasrc;
@@ -59,8 +53,6 @@ struct xlp_rsa_softc {
device_t sc_dev; /* device backpointer */
uint64_t rsa_base;
int sc_cid;
- struct xlp_rsa_session *sc_sessions;
- int sc_nsessions;
int rsaecc_vc_start;
int rsaecc_vc_end;
};
diff --git a/sys/mips/nlm/dev/sec/nlmsec.c b/sys/mips/nlm/dev/sec/nlmsec.c
index 43be89c0c04f..4dd1ad3daffa 100644
--- a/sys/mips/nlm/dev/sec/nlmsec.c
+++ b/sys/mips/nlm/dev/sec/nlmsec.c
@@ -74,8 +74,7 @@ unsigned int creditleft;
void xlp_sec_print_data(struct cryptop *crp);
static int xlp_sec_init(struct xlp_sec_softc *sc);
-static int xlp_sec_newsession(device_t , uint32_t *, struct cryptoini *);
-static int xlp_sec_freesession(device_t , uint64_t);
+static int xlp_sec_newsession(device_t , crypto_session_t, struct cryptoini *);
static int xlp_sec_process(device_t , struct cryptop *, int);
static int xlp_copyiv(struct xlp_sec_softc *, struct xlp_sec_command *,
struct cryptodesc *enccrd);
@@ -99,7 +98,6 @@ static device_method_t xlp_sec_methods[] = {
/* crypto device methods */
DEVMETHOD(cryptodev_newsession, xlp_sec_newsession),
- DEVMETHOD(cryptodev_freesession,xlp_sec_freesession),
DEVMETHOD(cryptodev_process, xlp_sec_process),
DEVMETHOD_END
@@ -205,8 +203,8 @@ xlp_sec_print_data(struct cryptop *crp)
int i, key_len;
struct cryptodesc *crp_desc;
- printf("session id = 0x%llx, crp_ilen = %d, crp_olen=%d \n",
- crp->crp_sid, crp->crp_ilen, crp->crp_olen);
+ printf("session = %p, crp_ilen = %d, crp_olen=%d \n", crp->crp_session,
+ crp->crp_ilen, crp->crp_olen);
printf("crp_flags = 0x%x\n", crp->crp_flags);
@@ -325,7 +323,7 @@ nlm_xlpsec_msgring_handler(int vc, int size, int code, int src_id,
XLP_SEC_AES_IV_LENGTH : XLP_SEC_DES_IV_LENGTH);
crypto_copydata(cmd->crp->crp_flags, cmd->crp->crp_buf,
crd->crd_skip + crd->crd_len - ivlen, ivlen,
- sc->sc_sessions[cmd->session_num].ses_iv);
+ cmd->ses->ses_iv);
}
}
@@ -387,7 +385,8 @@ xlp_sec_attach(device_t dev)
device_printf(dev, "SAE Freq: %dMHz\n", freq);
if(pci_get_device(dev) == PCI_DEVICE_ID_NLM_SAE) {
device_set_desc(dev, "XLP Security Accelerator");
- sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
+ sc->sc_cid = crypto_get_driverid(dev,
+ sizeof(struct xlp_sec_session), CRYPTOCAP_F_HARDWARE);
if (sc->sc_cid < 0) {
printf("xlp_sec - error : could not get the driver"
" id\n");
@@ -444,56 +443,20 @@ xlp_sec_detach(device_t dev)
return (0);
}
-/*
- * Allocate a new 'session' and return an encoded session id. 'sidp'
- * contains our registration id, and should contain an encoded session
- * id on successful allocation.
- */
static int
-xlp_sec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
+xlp_sec_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
{
struct cryptoini *c;
struct xlp_sec_softc *sc = device_get_softc(dev);
- int mac = 0, cry = 0, sesn;
- struct xlp_sec_session *ses = NULL;
+ int mac = 0, cry = 0;
+ struct xlp_sec_session *ses;
struct xlp_sec_command *cmd = NULL;
- if (sidp == NULL || cri == NULL || sc == NULL)
+ if (cri == NULL || sc == NULL)
return (EINVAL);
- if (sc->sc_sessions == NULL) {
- ses = sc->sc_sessions = malloc(sizeof(struct xlp_sec_session),
- M_DEVBUF, M_NOWAIT);
- if (ses == NULL)
- return (ENOMEM);
- sesn = 0;
- sc->sc_nsessions = 1;
- } else {
- for (sesn = 0; sesn < sc->sc_nsessions; sesn++) {
- if (!sc->sc_sessions[sesn].hs_used) {
- ses = &sc->sc_sessions[sesn];
- break;
- }
- }
-
- if (ses == NULL) {
- sesn = sc->sc_nsessions;
- ses = malloc((sesn + 1)*sizeof(struct xlp_sec_session),
- M_DEVBUF, M_NOWAIT);
- if (ses == NULL)
- return (ENOMEM);
- bcopy(sc->sc_sessions, ses, sesn * sizeof(*ses));
- bzero(sc->sc_sessions, sesn * sizeof(*ses));
- free(sc->sc_sessions, M_DEVBUF);
- sc->sc_sessions = ses;
- ses = &sc->sc_sessions[sesn];
- sc->sc_nsessions++;
- }
- }
- bzero(ses, sizeof(*ses));
- ses->sessionid = sesn;
+ ses = crypto_get_driver_session(cses);
cmd = &ses->cmd;
- ses->hs_used = 1;
for (c = cri; c != NULL; c = c->cri_next) {
switch (c->cri_alg) {
@@ -539,43 +502,22 @@ xlp_sec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
return (EINVAL);
cmd->hash_dst_len = ses->hs_mlen;
- *sidp = XLP_SEC_SID(device_get_unit(sc->sc_dev), sesn);
return (0);
}
/*
- * Deallocate a session.
- * XXX this routine should run a zero'd mac/encrypt key into context ram.
- * XXX to blow away any keys already stored there.
+ * XXX freesession routine should run a zero'd mac/encrypt key into context
+ * ram. to blow away any keys already stored there.
*/
-static int
-xlp_sec_freesession(device_t dev, u_int64_t tid)
-{
- struct xlp_sec_softc *sc = device_get_softc(dev);
- int session;
- u_int32_t sid = CRYPTO_SESID2LID(tid);
-
- if (sc == NULL)
- return (EINVAL);
-
- session = XLP_SEC_SESSION(sid);
- if (session >= sc->sc_nsessions)
- return (EINVAL);
-
- sc->sc_sessions[session].hs_used = 0;
- return (0);
-}
static int
xlp_copyiv(struct xlp_sec_softc *sc, struct xlp_sec_command *cmd,
struct cryptodesc *enccrd)
{
unsigned int ivlen = 0;
- int session;
struct cryptop *crp = NULL;
crp = cmd->crp;
- session = cmd->session_num;
if (enccrd->crd_alg != CRYPTO_ARC4) {
ivlen = ((enccrd->crd_alg == CRYPTO_AES_CBC) ?
@@ -584,8 +526,7 @@ xlp_copyiv(struct xlp_sec_softc *sc, struct xlp_sec_command *cmd,
if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) {
bcopy(enccrd->crd_iv, cmd->iv, ivlen);
} else {
- bcopy(sc->sc_sessions[session].ses_iv, cmd->iv,
- ivlen);
+ bcopy(cmd->ses->ses_iv, cmd->iv, ivlen);
}
if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) {
crypto_copyback(crp->crp_flags,
@@ -698,7 +639,7 @@ xlp_sec_process(device_t dev, struct cryptop *crp, int hint)
{
struct xlp_sec_softc *sc = device_get_softc(dev);
struct xlp_sec_command *cmd = NULL;
- int session, err = -1, ret = 0;
+ int err = -1, ret = 0;
struct cryptodesc *crd1, *crd2;
struct xlp_sec_session *ses;
unsigned int nsegs = 0;
@@ -706,12 +647,11 @@ xlp_sec_process(device_t dev, struct cryptop *crp, int hint)
if (crp == NULL || crp->crp_callback == NULL) {
return (EINVAL);
}
- session = XLP_SEC_SESSION(crp->crp_sid);
- if (sc == NULL || session >= sc->sc_nsessions) {
+ if (sc == NULL) {
err = EINVAL;
goto errout;
}
- ses = &sc->sc_sessions[session];
+ ses = crypto_get_driver_session(crp->crp_session);
if ((cmd = malloc(sizeof(struct xlp_sec_command), M_DEVBUF,
M_NOWAIT | M_ZERO)) == NULL) {
@@ -720,7 +660,7 @@ xlp_sec_process(device_t dev, struct cryptop *crp, int hint)
}
cmd->crp = crp;
- cmd->session_num = session;
+ cmd->ses = ses;
cmd->hash_dst_len = ses->hs_mlen;
if ((crd1 = crp->crp_desc) == NULL) {
diff --git a/sys/mips/nlm/dev/sec/nlmseclib.h b/sys/mips/nlm/dev/sec/nlmseclib.h
index fdf9b007b5f4..ab7a13370fe7 100644
--- a/sys/mips/nlm/dev/sec/nlmseclib.h
+++ b/sys/mips/nlm/dev/sec/nlmseclib.h
@@ -79,9 +79,6 @@
#define XLP_SEC_MAX_AUTH_KEY_LENGTH XLP_SEC_SHA512_BLOCK_SIZE
#define XLP_SEC_MAX_RC4_STATE_SIZE 264 /* char s[256], int i, int j */
-#define XLP_SEC_SESSION(sid) ((sid) & 0x000007ff)
-#define XLP_SEC_SID(crd,ses) (((crd) << 28) | ((ses) & 0x7ff))
-
#define CRYPTO_ERROR(msg1) ((unsigned int)msg1)
#define NLM_CRYPTO_LEFT_REQS (CMS_DEFAULT_CREDIT/2)
@@ -93,7 +90,6 @@
extern unsigned int creditleft;
struct xlp_sec_command {
- uint16_t session_num;
struct cryptop *crp;
struct cryptodesc *enccrd, *maccrd;
struct xlp_sec_session *ses;
@@ -119,8 +115,6 @@ struct xlp_sec_command {
};
struct xlp_sec_session {
- uint32_t sessionid;
- int hs_used;
int hs_mlen;
uint8_t ses_iv[EALG_MAX_BLOCK_LEN];
struct xlp_sec_command cmd;
@@ -133,8 +127,6 @@ struct xlp_sec_softc {
device_t sc_dev; /* device backpointer */
uint64_t sec_base;
int32_t sc_cid;
- struct xlp_sec_session *sc_sessions;
- int sc_nsessions;
int sc_needwakeup;
uint32_t sec_vc_start;
uint32_t sec_vc_end;
diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c
index 70485894c521..6267a23c6648 100644
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@@ -1351,8 +1351,8 @@ ipsec_updateid(struct secasvar *sav, crypto_session_t *new,
* XXXAE: check this more carefully.
*/
KEYDBG(IPSEC_STAMP,
- printf("%s: SA(%p) moves cryptoid %jd -> %jd\n",
- __func__, sav, (uintmax_t)(*old), (uintmax_t)(*new)));
+ printf("%s: SA(%p) moves cryptoid %p -> %p\n",
+ __func__, sav, *old, *new));
KEYDBG(IPSEC_DATA, kdebug_secasv(sav));
SECASVAR_LOCK(sav);
if (sav->tdb_cryptoid != *old) {
diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c
index 2e7ce26c5b05..a6cc773b0e0c 100644
--- a/sys/netipsec/xform_ah.c
+++ b/sys/netipsec/xform_ah.c
@@ -245,16 +245,15 @@ ah_init(struct secasvar *sav, struct xformsw *xsp)
int
ah_zeroize(struct secasvar *sav)
{
- int err;
if (sav->key_auth)
bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth));
- err = crypto_freesession(sav->tdb_cryptoid);
- sav->tdb_cryptoid = 0;
+ crypto_freesession(sav->tdb_cryptoid);
+ sav->tdb_cryptoid = NULL;
sav->tdb_authalgxform = NULL;
sav->tdb_xform = NULL;
- return err;
+ return 0;
}
/*
@@ -669,7 +668,7 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER;
crp->crp_buf = (caddr_t) m;
crp->crp_callback = ah_input_cb;
- crp->crp_sid = cryptoid;
+ crp->crp_session = cryptoid;
crp->crp_opaque = (caddr_t) xd;
/* These are passed as-is to the callback. */
@@ -720,9 +719,9 @@ ah_input_cb(struct cryptop *crp)
if (crp->crp_etype) {
if (crp->crp_etype == EAGAIN) {
/* Reset the session ID */
- if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0)
+ if (ipsec_updateid(sav, &crp->crp_session, &cryptoid) != 0)
crypto_freesession(cryptoid);
- xd->cryptoid = crp->crp_sid;
+ xd->cryptoid = crp->crp_session;
CURVNET_RESTORE();
return (crypto_dispatch(crp));
}
@@ -1052,7 +1051,7 @@ ah_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER;
crp->crp_buf = (caddr_t) m;
crp->crp_callback = ah_output_cb;
- crp->crp_sid = cryptoid;
+ crp->crp_session = cryptoid;
crp->crp_opaque = (caddr_t) xd;
/* These are passed as-is to the callback. */
@@ -1101,9 +1100,9 @@ ah_output_cb(struct cryptop *crp)
if (crp->crp_etype) {
if (crp->crp_etype == EAGAIN) {
/* Reset the session ID */
- if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0)
+ if (ipsec_updateid(sav, &crp->crp_session, &cryptoid) != 0)
crypto_freesession(cryptoid);
- xd->cryptoid = crp->crp_sid;
+ xd->cryptoid = crp->crp_session;
CURVNET_RESTORE();
return (crypto_dispatch(crp));
}
diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c
index 9e48311ddc0d..68fbf3fc3851 100644
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@@ -389,7 +389,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER;
crp->crp_buf = (caddr_t) m;
crp->crp_callback = esp_input_cb;
- crp->crp_sid = cryptoid;
+ crp->crp_session = cryptoid;
crp->crp_opaque = (caddr_t) xd;
/* These are passed as-is to the callback */
@@ -468,9 +468,9 @@ esp_input_cb(struct cryptop *crp)
if (crp->crp_etype) {
if (crp->crp_etype == EAGAIN) {
/* Reset the session ID */
- if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0)
+ if (ipsec_updateid(sav, &crp->crp_session, &cryptoid) != 0)
crypto_freesession(cryptoid);
- xd->cryptoid = crp->crp_sid;
+ xd->cryptoid = crp->crp_session;
CURVNET_RESTORE();
return (crypto_dispatch(crp));
}
@@ -853,7 +853,7 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
crp->crp_buf = (caddr_t) m;
crp->crp_callback = esp_output_cb;
crp->crp_opaque = (caddr_t) xd;
- crp->crp_sid = cryptoid;
+ crp->crp_session = cryptoid;
if (esph) {
/* Authentication descriptor. */
@@ -900,9 +900,9 @@ esp_output_cb(struct cryptop *crp)
if (crp->crp_etype) {
if (crp->crp_etype == EAGAIN) {
/* Reset the session ID */
- if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0)
+ if (ipsec_updateid(sav, &crp->crp_session, &cryptoid) != 0)
crypto_freesession(cryptoid);
- xd->cryptoid = crp->crp_sid;
+ xd->cryptoid = crp->crp_session;
CURVNET_RESTORE();
return (crypto_dispatch(crp));
}
diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c
index 2b02091e9d81..df09eb36cfa3 100644
--- a/sys/netipsec/xform_ipcomp.c
+++ b/sys/netipsec/xform_ipcomp.c
@@ -178,11 +178,10 @@ ipcomp_init(struct secasvar *sav, struct xformsw *xsp)
static int
ipcomp_zeroize(struct secasvar *sav)
{
- int err;
- err = crypto_freesession(sav->tdb_cryptoid);
- sav->tdb_cryptoid = 0;
- return err;
+ crypto_freesession(sav->tdb_cryptoid);
+ sav->tdb_cryptoid = NULL;
+ return 0;
}
/*
@@ -258,7 +257,7 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
xd->vnet = curvnet;
SECASVAR_LOCK(sav);
- crp->crp_sid = xd->cryptoid = sav->tdb_cryptoid;
+ crp->crp_session = xd->cryptoid = sav->tdb_cryptoid;
SECASVAR_UNLOCK(sav);
return crypto_dispatch(crp);
@@ -301,9 +300,9 @@ ipcomp_input_cb(struct cryptop *crp)
if (crp->crp_etype) {
if (crp->crp_etype == EAGAIN) {
/* Reset the session ID */
- if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0)
+ if (ipsec_updateid(sav, &crp->crp_session, &cryptoid) != 0)
crypto_freesession(cryptoid);
- xd->cryptoid = crp->crp_sid;
+ xd->cryptoid = crp->crp_session;
CURVNET_RESTORE();
return (crypto_dispatch(crp));
}
@@ -508,7 +507,7 @@ ipcomp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
crp->crp_opaque = (caddr_t) xd;
SECASVAR_LOCK(sav);
- crp->crp_sid = xd->cryptoid = sav->tdb_cryptoid;
+ crp->crp_session = xd->cryptoid = sav->tdb_cryptoid;
SECASVAR_UNLOCK(sav);
return crypto_dispatch(crp);
@@ -549,9 +548,9 @@ ipcomp_output_cb(struct cryptop *crp)
if (crp->crp_etype) {
if (crp->crp_etype == EAGAIN) {
/* Reset the session ID */
- if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0)
+ if (ipsec_updateid(sav, &crp->crp_session, &cryptoid) != 0)
crypto_freesession(cryptoid);
- xd->cryptoid = crp->crp_sid;
+ xd->cryptoid = crp->crp_session;
CURVNET_RESTORE();
return (crypto_dispatch(crp));
}
diff --git a/sys/opencrypto/_cryptodev.h b/sys/opencrypto/_cryptodev.h
index 4db897eab3e7..d13b41da4be2 100644
--- a/sys/opencrypto/_cryptodev.h
+++ b/sys/opencrypto/_cryptodev.h
@@ -5,4 +5,4 @@
*/
#pragma once
-typedef __uint64_t crypto_session_t;
+typedef struct crypto_session *crypto_session_t;
diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c
index fd4060194786..a6c5920eb857 100644
--- a/sys/opencrypto/crypto.c
+++ b/sys/opencrypto/crypto.c
@@ -89,6 +89,13 @@ __FBSDID("$FreeBSD$");
#include <machine/pcb.h>
#endif
+struct crypto_session {
+ device_t parent;
+ void *softc;
+ uint32_t hid;
+ uint32_t capabilities;
+};
+
SDT_PROVIDER_DEFINE(opencrypto);
/*
@@ -125,6 +132,7 @@ struct cryptocap {
#define CRYPTOCAP_F_CLEANUP 0x80000000 /* needs resource cleanup */
int cc_qblocked; /* (q) symmetric q blocked */
int cc_kqblocked; /* (q) asymmetric q blocked */
+ size_t cc_session_size;
};
static struct cryptocap *crypto_drivers = NULL;
static int crypto_drivers_num = 0;
@@ -185,6 +193,7 @@ SYSCTL_INT(_kern, OID_AUTO, crypto_workers_num, CTLFLAG_RDTUN,
static uma_zone_t cryptop_zone;
static uma_zone_t cryptodesc_zone;
+static uma_zone_t cryptoses_zone;
int crypto_userasymcrypto = 1; /* userland may do asym crypto reqs */
SYSCTL_INT(_kern, OID_AUTO, userasymcrypto, CTLFLAG_RW,
@@ -203,6 +212,7 @@ static void crypto_ret_proc(struct crypto_ret_worker *ret_worker);
static void crypto_destroy(void);
static int crypto_invoke(struct cryptocap *cap, struct cryptop *crp, int hint);
static int crypto_kinvoke(struct cryptkop *krp, int flags);
+static void crypto_remove(struct cryptocap *cap);
static void crypto_task_invoke(void *ctx, int pending);
static void crypto_batch_enqueue(struct cryptop *crp);
@@ -266,7 +276,12 @@ crypto_init(void)
cryptodesc_zone = uma_zcreate("cryptodesc", sizeof (struct cryptodesc),
0, 0, 0, 0,
UMA_ALIGN_PTR, UMA_ZONE_ZINIT);
- if (cryptodesc_zone == NULL || cryptop_zone == NULL) {
+ cryptoses_zone = uma_zcreate("crypto_session",
+ sizeof(struct crypto_session), NULL, NULL, NULL, NULL,
+ UMA_ALIGN_PTR, UMA_ZONE_ZINIT);
+
+ if (cryptodesc_zone == NULL || cryptop_zone == NULL ||
+ cryptoses_zone == NULL) {
printf("crypto_init: cannot setup crypto zones\n");
error = ENOMEM;
goto bad;
@@ -388,6 +403,8 @@ crypto_destroy(void)
if (crypto_drivers != NULL)
free(crypto_drivers, M_CRYPTO_DATA);
+ if (cryptoses_zone != NULL)
+ uma_zdestroy(cryptoses_zone);
if (cryptodesc_zone != NULL)
uma_zdestroy(cryptodesc_zone);
if (cryptop_zone != NULL)
@@ -401,6 +418,24 @@ crypto_destroy(void)
mtx_destroy(&crypto_drivers_mtx);
}
+uint32_t
+crypto_ses2hid(crypto_session_t crypto_session)
+{
+ return (crypto_session->hid);
+}
+
+uint32_t
+crypto_ses2caps(crypto_session_t crypto_session)
+{
+ return (crypto_session->capabilities);
+}
+
+void *
+crypto_get_driver_session(crypto_session_t crypto_session)
+{
+ return (crypto_session->softc);
+}
+
static struct cryptocap *
crypto_checkdriver(u_int32_t hid)
{
@@ -488,12 +523,19 @@ again:
* must be capable of the requested crypto algorithms.
*/
int
-crypto_newsession(crypto_session_t *sid, struct cryptoini *cri, int crid)
+crypto_newsession(crypto_session_t *cses, struct cryptoini *cri, int crid)
{
+ crypto_session_t res;
+ void *softc_mem;
struct cryptocap *cap;
- u_int32_t hid, lid;
+ u_int32_t hid;
+ size_t softc_size;
int err;
+restart:
+ res = NULL;
+ softc_mem = NULL;
+
CRYPTO_DRIVER_LOCK();
if ((crid & (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE)) == 0) {
/*
@@ -513,24 +555,53 @@ crypto_newsession(crypto_session_t *sid, struct cryptoini *cri, int crid)
* XXX layer right about here.
*/
}
- if (cap != NULL) {
- /* Call the driver initialization routine. */
- hid = cap - crypto_drivers;
- lid = hid; /* Pass the driver ID. */
- err = CRYPTODEV_NEWSESSION(cap->cc_dev, &lid, cri);
- if (err == 0) {
- (*sid) = (cap->cc_flags & 0xff000000)
- | (hid & 0x00ffffff);
- (*sid) <<= 32;
- (*sid) |= (lid & 0xffffffff);
- cap->cc_sessions++;
- } else
- CRYPTDEB("dev newsession failed: %d", err);
- } else {
+ if (cap == NULL) {
CRYPTDEB("no driver");
err = EOPNOTSUPP;
+ goto out;
+ }
+ cap->cc_sessions++;
+ softc_size = cap->cc_session_size;
+ hid = cap - crypto_drivers;
+ cap = NULL;
+ CRYPTO_DRIVER_UNLOCK();
+
+ softc_mem = malloc(softc_size, M_CRYPTO_DATA, M_WAITOK | M_ZERO);
+ res = uma_zalloc(cryptoses_zone, M_WAITOK | M_ZERO);
+ res->softc = softc_mem;
+
+ CRYPTO_DRIVER_LOCK();
+ cap = crypto_checkdriver(hid);
+ if (cap != NULL && (cap->cc_flags & CRYPTOCAP_F_CLEANUP) != 0) {
+ cap->cc_sessions--;
+ crypto_remove(cap);
+ cap = NULL;
+ }
+ if (cap == NULL) {
+ free(softc_mem, M_CRYPTO_DATA);
+ uma_zfree(cryptoses_zone, res);
+ CRYPTO_DRIVER_UNLOCK();
+ goto restart;
+ }
+
+ /* Call the driver initialization routine. */
+ err = CRYPTODEV_NEWSESSION(cap->cc_dev, res, cri);
+ if (err != 0) {
+ CRYPTDEB("dev newsession failed: %d", err);
+ goto out;
}
+
+ res->capabilities = cap->cc_flags & 0xff000000;
+ res->hid = hid;
+ *cses = res;
+
+out:
CRYPTO_DRIVER_UNLOCK();
+ if (err != 0) {
+ free(softc_mem, M_CRYPTO_DATA);
+ if (res != NULL)
+ uma_zfree(cryptoses_zone, res);
+ }
return err;
}
@@ -547,41 +618,41 @@ crypto_remove(struct cryptocap *cap)
* Delete an existing session (or a reserved session on an unregistered
* driver).
*/
-int
-crypto_freesession(crypto_session_t sid)
+void
+crypto_freesession(crypto_session_t cses)
{
struct cryptocap *cap;
+ void *ses;
+ size_t ses_size;
u_int32_t hid;
- int err;
- CRYPTO_DRIVER_LOCK();
-
- if (crypto_drivers == NULL) {
- err = EINVAL;
- goto done;
- }
+ if (cses == NULL)
+ return;
- /* Determine two IDs. */
- hid = CRYPTO_SESID2HID(sid);
+ CRYPTO_DRIVER_LOCK();
- if (hid >= crypto_drivers_num) {
- err = ENOENT;
- goto done;
- }
+ hid = crypto_ses2hid(cses);
+ KASSERT(hid < crypto_drivers_num,
+ ("bogus crypto_session %p hid %u", cses, hid));
cap = &crypto_drivers[hid];
+ ses = cses->softc;
+ ses_size = cap->cc_session_size;
+
if (cap->cc_sessions)
cap->cc_sessions--;
/* Call the driver cleanup routine, if available. */
- err = CRYPTODEV_FREESESSION(cap->cc_dev, sid);
+ CRYPTODEV_FREESESSION(cap->cc_dev, cses);
+
+ explicit_bzero(ses, ses_size);
+ free(ses, M_CRYPTO_DATA);
+ uma_zfree(cryptoses_zone, cses);
if (cap->cc_flags & CRYPTOCAP_F_CLEANUP)
crypto_remove(cap);
-done:
CRYPTO_DRIVER_UNLOCK();
- return err;
}
/*
@@ -589,7 +660,7 @@ done:
* support for the algorithms they handle.
*/
int32_t
-crypto_get_driverid(device_t dev, int flags)
+crypto_get_driverid(device_t dev, size_t sessionsize, int flags)
{
struct cryptocap *newdrv;
int i;
@@ -639,6 +710,7 @@ crypto_get_driverid(device_t dev, int flags)
crypto_drivers[i].cc_sessions = 1; /* Mark */
crypto_drivers[i].cc_dev = dev;
crypto_drivers[i].cc_flags = flags;
+ crypto_drivers[i].cc_session_size = sessionsize;
if (bootverbose)
printf("crypto: assign %s driver id %u, flags 0x%x\n",
device_get_nameunit(dev), i, flags);
@@ -896,7 +968,7 @@ crypto_dispatch(struct cryptop *crp)
binuptime(&crp->crp_tstamp);
#endif
- crp->crp_retw_id = crp->crp_sid % crypto_workers_num;
+ crp->crp_retw_id = ((uintptr_t)crp->crp_session) % crypto_workers_num;
if (CRYPTOP_ASYNC(crp)) {
if (crp->crp_flags & CRYPTO_F_ASYNC_KEEPORDER) {
@@ -915,7 +987,7 @@ crypto_dispatch(struct cryptop *crp)
}
if ((crp->crp_flags & CRYPTO_F_BATCH) == 0) {
- hid = CRYPTO_SESID2HID(crp->crp_sid);
+ hid = crypto_ses2hid(crp->crp_session);
/*
* Caller marked the request to be processed
@@ -1136,7 +1208,7 @@ crypto_task_invoke(void *ctx, int pending)
crp = (struct cryptop *)ctx;
- hid = CRYPTO_SESID2HID(crp->crp_sid);
+ hid = crypto_ses2hid(crp->crp_session);
cap = crypto_checkdriver(hid);
result = crypto_invoke(cap, crp, 0);
@@ -1162,7 +1234,7 @@ crypto_invoke(struct cryptocap *cap, struct cryptop *crp, int hint)
#endif
if (cap->cc_flags & CRYPTOCAP_F_CLEANUP) {
struct cryptodesc *crd;
- crypto_session_t nid;
+ crypto_session_t nses;
/*
* Driver has unregistered; migrate the session and return
@@ -1171,15 +1243,15 @@ crypto_invoke(struct cryptocap *cap, struct cryptop *crp, int hint)
* XXX: What if there are more already queued requests for this
* session?
*/
- crypto_freesession(crp->crp_sid);
+ crypto_freesession(crp->crp_session);
for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next)
crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI);
/* XXX propagate flags from initial session? */
- if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI),
+ if (crypto_newsession(&nses, &(crp->crp_desc->CRD_INI),
CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE) == 0)
- crp->crp_sid = nid;
+ crp->crp_session = nses;
crp->crp_etype = EAGAIN;
crypto_done(crp);
@@ -1285,7 +1357,7 @@ crypto_done(struct cryptop *crp)
if (!CRYPTOP_ASYNC_KEEPORDER(crp) &&
((crp->crp_flags & CRYPTO_F_CBIMM) ||
((crp->crp_flags & CRYPTO_F_CBIFSYNC) &&
- (CRYPTO_SESID2CAPS(crp->crp_sid) & CRYPTOCAP_F_SYNC)))) {
+ (crypto_ses2caps(crp->crp_session) & CRYPTOCAP_F_SYNC)))) {
/*
* Do the callback directly. This is ok when the
* callback routine does very little (e.g. the
@@ -1445,7 +1517,7 @@ crypto_proc(void)
submit = NULL;
hint = 0;
TAILQ_FOREACH(crp, &crp_q, crp_next) {
- hid = CRYPTO_SESID2HID(crp->crp_sid);
+ hid = crypto_ses2hid(crp->crp_session);
cap = crypto_checkdriver(hid);
/*
* Driver cannot disappeared when there is an active
@@ -1469,7 +1541,7 @@ crypto_proc(void)
* better to just use a per-driver
* queue instead.
*/
- if (CRYPTO_SESID2HID(submit->crp_sid) == hid)
+ if (crypto_ses2hid(submit->crp_session) == hid)
hint = CRYPTO_HINT_MORE;
break;
} else {
@@ -1482,7 +1554,7 @@ crypto_proc(void)
}
if (submit != NULL) {
TAILQ_REMOVE(&crp_q, submit, crp_next);
- hid = CRYPTO_SESID2HID(submit->crp_sid);
+ hid = crypto_ses2hid(submit->crp_session);
cap = crypto_checkdriver(hid);
KASSERT(cap != NULL, ("%s:%u Driver disappeared.",
__func__, __LINE__));
@@ -1498,7 +1570,7 @@ crypto_proc(void)
* it at the end does not work.
*/
/* XXX validate sid again? */
- crypto_drivers[CRYPTO_SESID2HID(submit->crp_sid)].cc_qblocked = 1;
+ crypto_drivers[crypto_ses2hid(submit->crp_session)].cc_qblocked = 1;
TAILQ_INSERT_HEAD(&crp_q, submit, crp_next);
cryptostats.cs_blocks++;
}
@@ -1687,8 +1759,8 @@ DB_SHOW_COMMAND(crypto, db_show_crypto)
"Desc", "Callback");
TAILQ_FOREACH(crp, &crp_q, crp_next) {
db_printf("%4u %08x %4u %4u %4u %04x %8p %8p\n"
- , (int) CRYPTO_SESID2HID(crp->crp_sid)
- , (int) CRYPTO_SESID2CAPS(crp->crp_sid)
+ , (int) crypto_ses2hid(crp->crp_session)
+ , (int) crypto_ses2caps(crp->crp_session)
, crp->crp_ilen, crp->crp_olen
, crp->crp_etype
, crp->crp_flags
@@ -1703,7 +1775,7 @@ DB_SHOW_COMMAND(crypto, db_show_crypto)
TAILQ_FOREACH(crp, &ret_worker->crp_ret_q, crp_next) {
db_printf("%8td %4u %4u %04x %8p\n"
, CRYPTO_RETW_ID(ret_worker)
- , (int) CRYPTO_SESID2HID(crp->crp_sid)
+ , (int) crypto_ses2hid(crp->crp_session)
, crp->crp_etype
, crp->crp_flags
, crp->crp_callback
diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c
index c1c882a5e41e..fc7c27b82ca2 100644
--- a/sys/opencrypto/cryptodev.c
+++ b/sys/opencrypto/cryptodev.c
@@ -265,7 +265,7 @@ crypt_kop_to_32(const struct crypt_kop *from, struct crypt_kop32 *to)
struct csession {
TAILQ_ENTRY(csession) next;
- crypto_session_t sid;
+ crypto_session_t cses;
u_int32_t ses;
struct mtx lock; /* for op submission */
@@ -323,7 +323,7 @@ static struct csession *cseadd(struct fcrypt *, struct csession *);
static struct csession *csecreate(struct fcrypt *, crypto_session_t, caddr_t,
u_int64_t, caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *,
struct auth_hash *);
-static int csefree(struct csession *);
+static void csefree(struct csession *);
static int cryptodev_op(struct csession *, struct crypt_op *,
struct ucred *, struct thread *td);
@@ -378,7 +378,7 @@ cryptof_ioctl(
struct enc_xform *txform = NULL;
struct auth_hash *thash = NULL;
struct crypt_kop *kop;
- crypto_session_t sid;
+ crypto_session_t cses;
u_int32_t ses;
int error = 0, crid;
#ifdef COMPAT_FREEBSD32
@@ -592,19 +592,19 @@ cryptof_ioctl(
}
} else
crid = CRYPTOCAP_F_HARDWARE;
- error = crypto_newsession(&sid, (txform ? &crie : &cria), crid);
+ error = crypto_newsession(&cses, (txform ? &crie : &cria), crid);
if (error) {
CRYPTDEB("crypto_newsession");
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
}
- cse = csecreate(fcr, sid, crie.cri_key, crie.cri_klen,
+ cse = csecreate(fcr, cses, crie.cri_key, crie.cri_klen,
cria.cri_key, cria.cri_klen, sop->cipher, sop->mac, txform,
thash);
if (cse == NULL) {
- crypto_freesession(sid);
+ crypto_freesession(cses);
error = EINVAL;
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
CRYPTDEB("csecreate");
@@ -617,7 +617,7 @@ cryptof_ioctl(
#endif
) {
/* return hardware/driver id */
- SES2(sop)->crid = CRYPTO_SESID2HID(cse->sid);
+ SES2(sop)->crid = crypto_ses2hid(cse->cses);
}
bail:
if (error) {
@@ -644,7 +644,7 @@ bail:
return (EINVAL);
}
csedelete(fcr, cse);
- error = csefree(cse);
+ csefree(cse);
break;
case CIOCCRYPT:
#ifdef COMPAT_FREEBSD32
@@ -856,7 +856,7 @@ cryptodev_op(
| (cop->flags & COP_F_BATCH);
crp->crp_uio = &cod->uio;
crp->crp_callback = cryptodev_cb;
- crp->crp_sid = cse->sid;
+ crp->crp_session = cse->cses;
crp->crp_opaque = cod;
if (cop->iv) {
@@ -1032,7 +1032,7 @@ cryptodev_aead(
| (caead->flags & COP_F_BATCH);
crp->crp_uio = &cod->uio;
crp->crp_callback = cryptodev_cb;
- crp->crp_sid = cse->sid;
+ crp->crp_session = cse->cses;
crp->crp_opaque = cod;
if (caead->iv) {
@@ -1301,7 +1301,7 @@ cryptof_close(struct file *fp, struct thread *td)
while ((cse = TAILQ_FIRST(&fcr->csessions))) {
TAILQ_REMOVE(&fcr->csessions, cse, next);
- (void)csefree(cse);
+ csefree(cse);
}
free(fcr, M_XDATA);
fp->f_data = NULL;
@@ -1350,7 +1350,7 @@ cseadd(struct fcrypt *fcr, struct csession *cse)
}
struct csession *
-csecreate(struct fcrypt *fcr, crypto_session_t sid, caddr_t key, u_int64_t keylen,
+csecreate(struct fcrypt *fcr, crypto_session_t cses, caddr_t key, u_int64_t keylen,
caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac,
struct enc_xform *txform, struct auth_hash *thash)
{
@@ -1364,7 +1364,7 @@ csecreate(struct fcrypt *fcr, crypto_session_t sid, caddr_t key, u_int64_t keyle
cse->keylen = keylen/8;
cse->mackey = mackey;
cse->mackeylen = mackeylen/8;
- cse->sid = sid;
+ cse->cses = cses;
cse->cipher = cipher;
cse->mac = mac;
cse->txform = txform;
@@ -1373,19 +1373,17 @@ csecreate(struct fcrypt *fcr, crypto_session_t sid, caddr_t key, u_int64_t keyle
return (cse);
}
-static int
+static void
csefree(struct csession *cse)
{
- int error;
- error = crypto_freesession(cse->sid);
+ crypto_freesession(cse->cses);
mtx_destroy(&cse->lock);
if (cse->key)
free(cse->key, M_XDATA);
if (cse->mackey)
free(cse->mackey, M_XDATA);
free(cse, M_XDATA);
- return (error);
}
static int
diff --git a/sys/opencrypto/cryptodev.h b/sys/opencrypto/cryptodev.h
index e488f82de01f..8ad1868a13da 100644
--- a/sys/opencrypto/cryptodev.h
+++ b/sys/opencrypto/cryptodev.h
@@ -229,6 +229,11 @@ struct session_op {
u_int32_t ses; /* returns: session # */
};
+/*
+ * session and crypt _op structs are used by userspace programs to interact
+ * with /dev/crypto. Confusingly, the internal kernel interface is named
+ * "cryptop" (no underscore).
+ */
struct session2_op {
u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
@@ -412,7 +417,7 @@ struct cryptop {
struct task crp_task;
- crypto_session_t crp_sid; /* Session ID */
+ crypto_session_t crp_session; /* Session */
int crp_ilen; /* Input data total length */
int crp_olen; /* Result total length */
@@ -421,7 +426,7 @@ struct cryptop {
* All error codes except EAGAIN
* indicate possible data corruption (as in,
* the data have been touched). On all
- * errors, the crp_sid may have changed
+ * errors, the crp_session may have changed
* (reset to a new one), so the caller
* should always check and use the new
* value on future requests.
@@ -463,7 +468,7 @@ struct cryptop {
#define CRYPTOP_ASYNC(crp) \
(((crp)->crp_flags & CRYPTO_F_ASYNC) && \
- CRYPTO_SESID2CAPS((crp)->crp_sid) & CRYPTOCAP_F_SYNC)
+ crypto_ses2caps((crp)->crp_session) & CRYPTOCAP_F_SYNC)
#define CRYPTOP_ASYNC_KEEPORDER(crp) \
(CRYPTOP_ASYNC(crp) && \
(crp)->crp_flags & CRYPTO_F_ASYNC_KEEPORDER)
@@ -493,25 +498,19 @@ struct cryptkop {
int (*krp_callback)(struct cryptkop *);
};
-/*
- * Session ids are 64 bits. The lower 32 bits contain a "local id" which
- * is a driver-private session identifier. The upper 32 bits contain a
- * "hardware id" used by the core crypto code to identify the driver and
- * a copy of the driver's capabilities that can be used by client code to
- * optimize operation.
- */
-#define CRYPTO_SESID2HID(_sid) (((_sid) >> 32) & 0x00ffffff)
-#define CRYPTO_SESID2CAPS(_sid) (((_sid) >> 32) & 0xff000000)
-#define CRYPTO_SESID2LID(_sid) (((u_int32_t) (_sid)) & 0xffffffff)
+uint32_t crypto_ses2hid(crypto_session_t crypto_session);
+uint32_t crypto_ses2caps(crypto_session_t crypto_session);
+void *crypto_get_driver_session(crypto_session_t crypto_session);
MALLOC_DECLARE(M_CRYPTO_DATA);
-extern int crypto_newsession(crypto_session_t *sid, struct cryptoini *cri, int hard);
-extern int crypto_freesession(crypto_session_t sid);
+extern int crypto_newsession(crypto_session_t *cses, struct cryptoini *cri, int hard);
+extern void crypto_freesession(crypto_session_t cses);
#define CRYPTOCAP_F_HARDWARE CRYPTO_FLAG_HARDWARE
#define CRYPTOCAP_F_SOFTWARE CRYPTO_FLAG_SOFTWARE
#define CRYPTOCAP_F_SYNC 0x04000000 /* operates synchronously */
-extern int32_t crypto_get_driverid(device_t dev, int flags);
+extern int32_t crypto_get_driverid(device_t dev, size_t session_size,
+ int flags);
extern int crypto_find_driver(const char *);
extern device_t crypto_find_device_byhid(int hid);
extern int crypto_getcaps(int hid);
diff --git a/sys/opencrypto/cryptodev_if.m b/sys/opencrypto/cryptodev_if.m
index b22dcfb40915..49caa5536c06 100644
--- a/sys/opencrypto/cryptodev_if.m
+++ b/sys/opencrypto/cryptodev_if.m
@@ -31,16 +31,34 @@
INTERFACE cryptodev;
+CODE {
+ static int null_freesession(device_t dev,
+ crypto_session_t crypto_session)
+ {
+ return 0;
+ }
+};
+
+/**
+ * Crypto driver method to initialize a new session object with the given
+ * initialization parameters (cryptoini). The driver's session memory object
+ * is already allocated and zeroed, like driver softcs. It is accessed with
+ * crypto_get_driver_session().
+ */
METHOD int newsession {
device_t dev;
- uint32_t *sid;
+ crypto_session_t crypto_session;
struct cryptoini *cri;
};
-METHOD int freesession {
+/**
+ * Optional crypto driver method to release any additional allocations. OCF
+ * owns session memory itself; it is zeroed before release.
+ */
+METHOD void freesession {
device_t dev;
- crypto_session_t sid;
-};
+ crypto_session_t crypto_session;
+} DEFAULT null_freesession;
METHOD int process {
device_t dev;
diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c
index fd83eba9f3fe..58ecb50ef9bc 100644
--- a/sys/opencrypto/cryptosoft.c
+++ b/sys/opencrypto/cryptosoft.c
@@ -62,10 +62,6 @@ __FBSDID("$FreeBSD$");
#include "cryptodev_if.h"
static int32_t swcr_id;
-static struct swcr_data **swcr_sessions = NULL;
-static u_int32_t swcr_sesnum;
-/* Protects swcr_sessions pointer, not data. */
-static struct rwlock swcr_sessions_lock;
u_int8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN];
u_int8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN];
@@ -74,8 +70,7 @@ static int swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
static int swcr_authcompute(struct cryptodesc *, struct swcr_data *, caddr_t, int);
static int swcr_authenc(struct cryptop *crp);
static int swcr_compdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
-static int swcr_freesession(device_t dev, u_int64_t tid);
-static int swcr_freesession_locked(device_t dev, u_int64_t tid);
+static void swcr_freesession(device_t dev, crypto_session_t cses);
/*
* Apply a symmetric encryption/decryption algorithm.
@@ -501,7 +496,7 @@ swcr_authenc(struct cryptop *crp)
ivlen = blksz = iskip = oskip = 0;
for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
- for (sw = swcr_sessions[crp->crp_sid & 0xffffffff];
+ for (sw = crypto_get_driver_session(crp->crp_session);
sw && sw->sw_alg != crd->crd_alg;
sw = sw->sw_next)
;
@@ -740,66 +735,27 @@ swcr_compdec(struct cryptodesc *crd, struct swcr_data *sw,
* Generate a new software session.
*/
static int
-swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
+swcr_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
{
- struct swcr_data **swd;
+ struct swcr_data **swd, *ses;
struct auth_hash *axf;
struct enc_xform *txf;
struct comp_algo *cxf;
- u_int32_t i;
int len;
int error;
- if (sid == NULL || cri == NULL)
+ if (cses == NULL || cri == NULL)
return EINVAL;
- rw_wlock(&swcr_sessions_lock);
- if (swcr_sessions) {
- for (i = 1; i < swcr_sesnum; i++)
- if (swcr_sessions[i] == NULL)
- break;
- } else
- i = 1; /* NB: to silence compiler warning */
-
- if (swcr_sessions == NULL || i == swcr_sesnum) {
- if (swcr_sessions == NULL) {
- i = 1; /* We leave swcr_sessions[0] empty */
- swcr_sesnum = CRYPTO_SW_SESSIONS;
- } else
- swcr_sesnum *= 2;
-
- swd = malloc(swcr_sesnum * sizeof(struct swcr_data *),
- M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
- if (swd == NULL) {
- /* Reset session number */
- if (swcr_sesnum == CRYPTO_SW_SESSIONS)
- swcr_sesnum = 0;
- else
- swcr_sesnum /= 2;
- rw_wunlock(&swcr_sessions_lock);
- return ENOBUFS;
- }
-
- /* Copy existing sessions */
- if (swcr_sessions != NULL) {
- bcopy(swcr_sessions, swd,
- (swcr_sesnum / 2) * sizeof(struct swcr_data *));
- free(swcr_sessions, M_CRYPTO_DATA);
- }
-
- swcr_sessions = swd;
- }
-
- rw_downgrade(&swcr_sessions_lock);
- swd = &swcr_sessions[i];
- *sid = i;
+ ses = crypto_get_driver_session(cses);
+ swd = &ses;
while (cri) {
- *swd = malloc(sizeof(struct swcr_data),
- M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
+ if (*swd == NULL)
+ *swd = malloc(sizeof(struct swcr_data),
+ M_CRYPTO_DATA, M_WAITOK | M_ZERO);
if (*swd == NULL) {
- swcr_freesession_locked(dev, i);
- rw_runlock(&swcr_sessions_lock);
+ swcr_freesession(dev, cses);
return ENOBUFS;
}
@@ -849,8 +805,7 @@ swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
error = txf->setkey(&((*swd)->sw_kschedule),
cri->cri_key, cri->cri_klen / 8);
if (error) {
- swcr_freesession_locked(dev, i);
- rw_runlock(&swcr_sessions_lock);
+ swcr_freesession(dev, cses);
return error;
}
}
@@ -884,16 +839,14 @@ swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
M_NOWAIT);
if ((*swd)->sw_ictx == NULL) {
- swcr_freesession_locked(dev, i);
- rw_runlock(&swcr_sessions_lock);
+ swcr_freesession(dev, cses);
return ENOBUFS;
}
(*swd)->sw_octx = malloc(axf->ctxsize, M_CRYPTO_DATA,
M_NOWAIT);
if ((*swd)->sw_octx == NULL) {
- swcr_freesession_locked(dev, i);
- rw_runlock(&swcr_sessions_lock);
+ swcr_freesession(dev, cses);
return ENOBUFS;
}
@@ -916,16 +869,14 @@ swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
M_NOWAIT);
if ((*swd)->sw_ictx == NULL) {
- swcr_freesession_locked(dev, i);
- rw_runlock(&swcr_sessions_lock);
+ swcr_freesession(dev, cses);
return ENOBUFS;
}
(*swd)->sw_octx = malloc(cri->cri_klen / 8,
M_CRYPTO_DATA, M_NOWAIT);
if ((*swd)->sw_octx == NULL) {
- swcr_freesession_locked(dev, i);
- rw_runlock(&swcr_sessions_lock);
+ swcr_freesession(dev, cses);
return ENOBUFS;
}
@@ -963,8 +914,7 @@ swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
M_NOWAIT);
if ((*swd)->sw_ictx == NULL) {
- swcr_freesession_locked(dev, i);
- rw_runlock(&swcr_sessions_lock);
+ swcr_freesession(dev, cses);
return ENOBUFS;
}
@@ -986,16 +936,14 @@ swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
auth4common:
len = cri->cri_klen / 8;
if (len != 16 && len != 24 && len != 32) {
- swcr_freesession_locked(dev, i);
- rw_runlock(&swcr_sessions_lock);
+ swcr_freesession(dev, cses);
return EINVAL;
}
(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
M_NOWAIT);
if ((*swd)->sw_ictx == NULL) {
- swcr_freesession_locked(dev, i);
- rw_runlock(&swcr_sessions_lock);
+ swcr_freesession(dev, cses);
return ENOBUFS;
}
axf->Init((*swd)->sw_ictx);
@@ -1012,8 +960,7 @@ swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
M_NOWAIT);
if ((*swd)->sw_ictx == NULL) {
- swcr_freesession_locked(dev, i);
- rw_runlock(&swcr_sessions_lock);
+ swcr_freesession(dev, cses);
return ENOBUFS;
}
axf->Setkey((*swd)->sw_ictx, cri->cri_key,
@@ -1027,8 +974,7 @@ swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
(*swd)->sw_cxf = cxf;
break;
default:
- swcr_freesession_locked(dev, i);
- rw_runlock(&swcr_sessions_lock);
+ swcr_freesession(dev, cses);
return EINVAL;
}
@@ -1036,42 +982,20 @@ swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
cri = cri->cri_next;
swd = &((*swd)->sw_next);
}
- rw_runlock(&swcr_sessions_lock);
return 0;
}
-static int
-swcr_freesession(device_t dev, u_int64_t tid)
-{
- int error;
-
- rw_rlock(&swcr_sessions_lock);
- error = swcr_freesession_locked(dev, tid);
- rw_runlock(&swcr_sessions_lock);
- return error;
-}
-
-/*
- * Free a session.
- */
-static int
-swcr_freesession_locked(device_t dev, u_int64_t tid)
+static void
+swcr_freesession(device_t dev, crypto_session_t cses)
{
- struct swcr_data *swd;
+ struct swcr_data *ses, *swd, *next;
struct enc_xform *txf;
struct auth_hash *axf;
- u_int32_t sid = CRYPTO_SESID2LID(tid);
- if (sid > swcr_sesnum || swcr_sessions == NULL ||
- swcr_sessions[sid] == NULL)
- return EINVAL;
-
- /* Silently accept and return */
- if (sid == 0)
- return 0;
+ ses = crypto_get_driver_session(cses);
- while ((swd = swcr_sessions[sid]) != NULL) {
- swcr_sessions[sid] = swd->sw_next;
+ for (swd = ses; swd != NULL; swd = next) {
+ next = swd->sw_next;
switch (swd->sw_alg) {
case CRYPTO_DES_CBC:
@@ -1148,9 +1072,10 @@ swcr_freesession_locked(device_t dev, u_int64_t tid)
break;
}
- free(swd, M_CRYPTO_DATA);
+ /* OCF owns and frees the primary session object */
+ if (swd != ses)
+ free(swd, M_CRYPTO_DATA);
}
- return 0;
}
/*
@@ -1160,8 +1085,7 @@ static int
swcr_process(device_t dev, struct cryptop *crp, int hint)
{
struct cryptodesc *crd;
- struct swcr_data *sw;
- u_int32_t lid;
+ struct swcr_data *sw, *ses;
/* Sanity check */
if (crp == NULL)
@@ -1172,15 +1096,7 @@ swcr_process(device_t dev, struct cryptop *crp, int hint)
goto done;
}
- lid = CRYPTO_SESID2LID(crp->crp_sid);
- rw_rlock(&swcr_sessions_lock);
- if (swcr_sessions == NULL || lid >= swcr_sesnum || lid == 0 ||
- swcr_sessions[lid] == NULL) {
- rw_runlock(&swcr_sessions_lock);
- crp->crp_etype = ENOENT;
- goto done;
- }
- rw_runlock(&swcr_sessions_lock);
+ ses = crypto_get_driver_session(crp->crp_session);
/* Go through crypto descriptors, processing as we go */
for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
@@ -1194,17 +1110,9 @@ swcr_process(device_t dev, struct cryptop *crp, int hint)
* XXX between the various instances of an algorithm (so we can
* XXX locate the correct crypto context).
*/
- rw_rlock(&swcr_sessions_lock);
- if (swcr_sessions == NULL) {
- rw_runlock(&swcr_sessions_lock);
- crp->crp_etype = ENOENT;
- goto done;
- }
- for (sw = swcr_sessions[lid];
- sw && sw->sw_alg != crd->crd_alg;
+ for (sw = ses; sw && sw->sw_alg != crd->crd_alg;
sw = sw->sw_next)
;
- rw_runlock(&swcr_sessions_lock);
/* No such context ? */
if (sw == NULL) {
@@ -1299,11 +1207,10 @@ swcr_probe(device_t dev)
static int
swcr_attach(device_t dev)
{
- rw_init(&swcr_sessions_lock, "swcr_sessions_lock");
memset(hmac_ipad_buffer, HMAC_IPAD_VAL, HMAC_MAX_BLOCK_LEN);
memset(hmac_opad_buffer, HMAC_OPAD_VAL, HMAC_MAX_BLOCK_LEN);
- swcr_id = crypto_get_driverid(dev,
+ swcr_id = crypto_get_driverid(dev, sizeof(struct swcr_data),
CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_SYNC);
if (swcr_id < 0) {
device_printf(dev, "cannot initialize!");
@@ -1355,11 +1262,6 @@ static int
swcr_detach(device_t dev)
{
crypto_unregister_all(swcr_id);
- rw_wlock(&swcr_sessions_lock);
- free(swcr_sessions, M_CRYPTO_DATA);
- swcr_sessions = NULL;
- rw_wunlock(&swcr_sessions_lock);
- rw_destroy(&swcr_sessions_lock);
return 0;
}