OpenCrypto: Convert sessions to opaque handles instead of integers

Track session objects in the framework, and pass handles between the
framework (OCF), consumers, and drivers.  Avoid redundancy and complexity in
individual drivers by allocating session memory in the framework and
providing it to drivers in ::newsession().

Session handles are no longer integers with information encoded in various
high bits.  Use of the CRYPTO_SESID2FOO() macros should be replaced with the
appropriate crypto_ses2foo() function on the opaque session handle.

Convert OCF drivers (in particular, cryptosoft, as well as myriad others) to
the opaque handle interface.  Discard existing session tracking as much as
possible (quick pass).  There may be additional code ripe for deletion.

Convert OCF consumers (ipsec, geom_eli, krb5, cryptodev) to handle-style
interface.  The conversion is largely mechnical.

The change is documented in crypto.9.

Inspired by
https://lists.freebsd.org/pipermail/freebsd-arch/2018-January/018835.html .

No objection from:	ae (ipsec portion)
Reported by:	jhb

4 files changed, 26 insertions, 159 deletions

diff --git a/sys/mips/nlm/dev/sec/nlmrsa.c b/sys/mips/nlm/dev/sec/nlmrsa.c
index 2c672675c48d..e0aab68d8f5a 100644
--- a/sys/mips/nlm/dev/sec/nlmrsa.c
+++ b/sys/mips/nlm/dev/sec/nlmrsa.c
@@ -76,8 +76,7 @@ static	void print_krp_params(struct cryptkop *krp);
 #endif
 
 static	int xlp_rsa_init(struct xlp_rsa_softc *sc, int node);
-static	int xlp_rsa_newsession(device_t , uint32_t *, struct cryptoini *);
-static	int xlp_rsa_freesession(device_t , uint64_t);
+static	int xlp_rsa_newsession(device_t , crypto_session_t, struct cryptoini *);
 static	int xlp_rsa_kprocess(device_t , struct cryptkop *, int);
 static	int xlp_get_rsa_opsize(struct xlp_rsa_command *cmd, unsigned int bits);
 static	void xlp_free_cmd_params(struct xlp_rsa_command *cmd);
@@ -100,7 +99,6 @@ static device_method_t xlp_rsa_methods[] = {
 
 	/* crypto device methods */
 	DEVMETHOD(cryptodev_newsession, xlp_rsa_newsession),
-	DEVMETHOD(cryptodev_freesession, xlp_rsa_freesession),
 	DEVMETHOD(cryptodev_kprocess,   xlp_rsa_kprocess),
 
 	DEVMETHOD_END
@@ -282,8 +280,9 @@ xlp_rsa_attach(device_t dev)
 		device_printf(dev, "RSA Freq: %dMHz\n", freq);
 	if (pci_get_device(dev) == PCI_DEVICE_ID_NLM_RSA) {
 		device_set_desc(dev, "XLP RSA/ECC Accelerator");
-		if ((sc->sc_cid = crypto_get_driverid(dev,
-		    CRYPTOCAP_F_HARDWARE)) < 0) {
+		sc->sc_cid = crypto_get_driverid(dev,
+		    sizeof(struct xlp_rsa_session), CRYPTOCAP_F_HARDWARE);
+		if (sc->sc_cid < 0) {
 			printf("xlp_rsaecc-err:couldn't get the driver id\n");
 			goto error_exit;
 		}
@@ -315,79 +314,23 @@ xlp_rsa_detach(device_t dev)
 }
 
 /*
- * Allocate a new 'session' and return an encoded session id.  'sidp'
- * contains our registration id, and should contain an encoded session
- * id on successful allocation.
+ * Allocate a new 'session' (unused).
  */
 static int
-xlp_rsa_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
+xlp_rsa_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
 {
 	struct xlp_rsa_softc *sc = device_get_softc(dev);
-	struct xlp_rsa_session *ses = NULL;
-	int sesn;
 
-	if (sidp == NULL || cri == NULL || sc == NULL)
+	if (cri == NULL || sc == NULL)
 		return (EINVAL);
 
-	if (sc->sc_sessions == NULL) {
-		ses = sc->sc_sessions = malloc(sizeof(struct xlp_rsa_session),
-		    M_DEVBUF, M_NOWAIT);
-		if (ses == NULL)
-			return (ENOMEM);
-		sesn = 0;
-		sc->sc_nsessions = 1;
-	} else {
-		for (sesn = 0; sesn < sc->sc_nsessions; sesn++) {
-			if (!sc->sc_sessions[sesn].hs_used) {
-				ses = &sc->sc_sessions[sesn];
-				break;
-			}
-		}
-
-		if (ses == NULL) {
-			sesn = sc->sc_nsessions;
-			ses = malloc((sesn + 1) * sizeof(*ses),
-			    M_DEVBUF, M_NOWAIT);
-			if (ses == NULL)
-				return (ENOMEM);
-			bcopy(sc->sc_sessions, ses, sesn * sizeof(*ses));
-			bzero(sc->sc_sessions, sesn * sizeof(*ses));
-			free(sc->sc_sessions, M_DEVBUF);
-			sc->sc_sessions = ses;
-			ses = &sc->sc_sessions[sesn];
-			sc->sc_nsessions++;
-		}
-	}
-	bzero(ses, sizeof(*ses));
-	ses->sessionid = sesn;
-	ses->hs_used = 1;
-
-	*sidp = XLP_RSA_SID(device_get_unit(sc->sc_dev), sesn);
 	return (0);
 }
 
 /*
- * Deallocate a session.
- * XXX this routine should run a zero'd mac/encrypt key into context ram.
+ * XXX freesession should run a zero'd mac/encrypt key into context ram.
  * XXX to blow away any keys already stored there.
  */
-static int
-xlp_rsa_freesession(device_t dev, u_int64_t tid)
-{
-	struct xlp_rsa_softc *sc = device_get_softc(dev);
-	int session;
-	u_int32_t sid = CRYPTO_SESID2LID(tid);
-
-	if (sc == NULL)
-		return (EINVAL);
-
-	session = XLP_RSA_SESSION(sid);
-	if (session >= sc->sc_nsessions)
-		return (EINVAL);
-
-	sc->sc_sessions[session].hs_used = 0;
-	return (0);
-}
 
 static void
 xlp_free_cmd_params(struct xlp_rsa_command *cmd)
diff --git a/sys/mips/nlm/dev/sec/nlmrsalib.h b/sys/mips/nlm/dev/sec/nlmrsalib.h
index c3e155d4c97c..8166f0f0ded4 100644
--- a/sys/mips/nlm/dev/sec/nlmrsalib.h
+++ b/sys/mips/nlm/dev/sec/nlmrsalib.h
@@ -32,18 +32,12 @@
 #ifndef _NLMRSALIB_H_
 #define _NLMRSALIB_H_
 
-#define	XLP_RSA_SESSION(sid)	((sid) & 0x000007ff)
-#define	XLP_RSA_SID(crd,ses)	(((crd) << 28) | ((ses) & 0x7ff))
-
 #define	RSA_ERROR(msg0)		(((msg0) >> 53) & 0x1f)
 
 struct xlp_rsa_session {
-	uint32_t sessionid;
-	int hs_used;
 };
 
 struct xlp_rsa_command {
-	uint16_t session_num;
 	struct xlp_rsa_session *ses;
 	struct cryptkop *krp;
 	uint8_t *rsasrc;
@@ -59,8 +53,6 @@ struct xlp_rsa_softc {
 	device_t sc_dev;	/* device backpointer */
 	uint64_t rsa_base;
 	int sc_cid;
-	struct xlp_rsa_session *sc_sessions;
-	int sc_nsessions;
 	int rsaecc_vc_start;
 	int rsaecc_vc_end;
 };
diff --git a/sys/mips/nlm/dev/sec/nlmsec.c b/sys/mips/nlm/dev/sec/nlmsec.c
index 43be89c0c04f..4dd1ad3daffa 100644
--- a/sys/mips/nlm/dev/sec/nlmsec.c
+++ b/sys/mips/nlm/dev/sec/nlmsec.c
@@ -74,8 +74,7 @@ unsigned int creditleft;
 void xlp_sec_print_data(struct cryptop *crp);
 
 static	int xlp_sec_init(struct xlp_sec_softc *sc);
-static	int xlp_sec_newsession(device_t , uint32_t *, struct cryptoini *);
-static	int xlp_sec_freesession(device_t , uint64_t);
+static	int xlp_sec_newsession(device_t , crypto_session_t, struct cryptoini *);
 static	int xlp_sec_process(device_t , struct cryptop *, int);
 static  int xlp_copyiv(struct xlp_sec_softc *, struct xlp_sec_command *,
     struct cryptodesc *enccrd);
@@ -99,7 +98,6 @@ static device_method_t xlp_sec_methods[] = {
 
 	/* crypto device methods */
 	DEVMETHOD(cryptodev_newsession, xlp_sec_newsession),
-	DEVMETHOD(cryptodev_freesession,xlp_sec_freesession),
 	DEVMETHOD(cryptodev_process,    xlp_sec_process),
 
 	DEVMETHOD_END
@@ -205,8 +203,8 @@ xlp_sec_print_data(struct cryptop *crp)
 	int i, key_len;
 	struct cryptodesc *crp_desc;
 
-	printf("session id = 0x%llx, crp_ilen = %d, crp_olen=%d \n",
-	    crp->crp_sid, crp->crp_ilen, crp->crp_olen);
+	printf("session = %p, crp_ilen = %d, crp_olen=%d \n", crp->crp_session,
+	    crp->crp_ilen, crp->crp_olen);
 
 	printf("crp_flags = 0x%x\n", crp->crp_flags);
 
@@ -325,7 +323,7 @@ nlm_xlpsec_msgring_handler(int vc, int size, int code, int src_id,
 			    XLP_SEC_AES_IV_LENGTH : XLP_SEC_DES_IV_LENGTH);
 			crypto_copydata(cmd->crp->crp_flags, cmd->crp->crp_buf,
 			    crd->crd_skip + crd->crd_len - ivlen, ivlen,
-			    sc->sc_sessions[cmd->session_num].ses_iv);
+			    cmd->ses->ses_iv);
 		}
 	}
 
@@ -387,7 +385,8 @@ xlp_sec_attach(device_t dev)
 		device_printf(dev, "SAE Freq: %dMHz\n", freq);
 	if(pci_get_device(dev) == PCI_DEVICE_ID_NLM_SAE) {
 		device_set_desc(dev, "XLP Security Accelerator");
-		sc->sc_cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
+		sc->sc_cid = crypto_get_driverid(dev,
+		    sizeof(struct xlp_sec_session), CRYPTOCAP_F_HARDWARE);
 		if (sc->sc_cid < 0) {
 			printf("xlp_sec - error : could not get the driver"
 			    " id\n");
@@ -444,56 +443,20 @@ xlp_sec_detach(device_t dev)
 	return (0);
 }
 
-/*
- * Allocate a new 'session' and return an encoded session id.  'sidp'
- * contains our registration id, and should contain an encoded session
- * id on successful allocation.
- */
 static int
-xlp_sec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
+xlp_sec_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
 {
 	struct cryptoini *c;
 	struct xlp_sec_softc *sc = device_get_softc(dev);
-	int mac = 0, cry = 0, sesn;
-	struct xlp_sec_session *ses = NULL;
+	int mac = 0, cry = 0;
+	struct xlp_sec_session *ses;
 	struct xlp_sec_command *cmd = NULL;
 
-	if (sidp == NULL || cri == NULL || sc == NULL)
+	if (cri == NULL || sc == NULL)
 		return (EINVAL);
 
-	if (sc->sc_sessions == NULL) {
-		ses = sc->sc_sessions = malloc(sizeof(struct xlp_sec_session),
-		    M_DEVBUF, M_NOWAIT);
-		if (ses == NULL)
-			return (ENOMEM);
-		sesn = 0;
-		sc->sc_nsessions = 1;
-	} else {
-		for (sesn = 0; sesn < sc->sc_nsessions; sesn++) {
-			if (!sc->sc_sessions[sesn].hs_used) {
-				ses = &sc->sc_sessions[sesn];
-				break;
-			}
-		}
-
-		if (ses == NULL) {
-			sesn = sc->sc_nsessions;
-			ses = malloc((sesn + 1)*sizeof(struct xlp_sec_session),
-			    M_DEVBUF, M_NOWAIT);
-			if (ses == NULL)
-				return (ENOMEM);
-			bcopy(sc->sc_sessions, ses, sesn * sizeof(*ses));
-			bzero(sc->sc_sessions, sesn * sizeof(*ses));
-			free(sc->sc_sessions, M_DEVBUF);
-			sc->sc_sessions = ses;
-			ses = &sc->sc_sessions[sesn];
-			sc->sc_nsessions++;
-		}
-	}
-	bzero(ses, sizeof(*ses));
-	ses->sessionid = sesn;
+	ses = crypto_get_driver_session(cses);
 	cmd = &ses->cmd;
-	ses->hs_used = 1;
 
 	for (c = cri; c != NULL; c = c->cri_next) {
 		switch (c->cri_alg) {
@@ -539,43 +502,22 @@ xlp_sec_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
 		return (EINVAL);
 
 	cmd->hash_dst_len = ses->hs_mlen;
-	*sidp = XLP_SEC_SID(device_get_unit(sc->sc_dev), sesn);
 	return (0);
 }
 
 /*
- * Deallocate a session.
- * XXX this routine should run a zero'd mac/encrypt key into context ram.
- * XXX to blow away any keys already stored there.
+ * XXX freesession routine should run a zero'd mac/encrypt key into context
+ * ram.  to blow away any keys already stored there.
  */
-static int
-xlp_sec_freesession(device_t dev, u_int64_t tid)
-{
-	struct xlp_sec_softc *sc = device_get_softc(dev);
-	int session;
-	u_int32_t sid = CRYPTO_SESID2LID(tid);
-
-	if (sc == NULL)
-		return (EINVAL);
-
-	session = XLP_SEC_SESSION(sid);
-	if (session >= sc->sc_nsessions)
-		return (EINVAL);
-
-	sc->sc_sessions[session].hs_used = 0;
-	return (0);
-}
 
 static int
 xlp_copyiv(struct xlp_sec_softc *sc, struct xlp_sec_command *cmd,
     struct cryptodesc *enccrd)
 {
 	unsigned int ivlen = 0;
-	int session;
 	struct cryptop *crp = NULL;
 
 	crp = cmd->crp;
-	session = cmd->session_num;
 
 	if (enccrd->crd_alg != CRYPTO_ARC4) {
 		ivlen = ((enccrd->crd_alg == CRYPTO_AES_CBC) ?
@@ -584,8 +526,7 @@ xlp_copyiv(struct xlp_sec_softc *sc, struct xlp_sec_command *cmd,
 			if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) {
 				bcopy(enccrd->crd_iv, cmd->iv, ivlen);
 			} else {
-				bcopy(sc->sc_sessions[session].ses_iv, cmd->iv,
-				    ivlen);
+				bcopy(cmd->ses->ses_iv, cmd->iv, ivlen);
 			}
 			if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) {
 				crypto_copyback(crp->crp_flags,
@@ -698,7 +639,7 @@ xlp_sec_process(device_t dev, struct cryptop *crp, int hint)
 {
 	struct xlp_sec_softc *sc = device_get_softc(dev);
 	struct xlp_sec_command *cmd = NULL;
-	int session, err = -1, ret = 0;
+	int err = -1, ret = 0;
 	struct cryptodesc *crd1, *crd2;
 	struct xlp_sec_session *ses;
 	unsigned int nsegs = 0;
@@ -706,12 +647,11 @@ xlp_sec_process(device_t dev, struct cryptop *crp, int hint)
 	if (crp == NULL || crp->crp_callback == NULL) {
 		return (EINVAL);
 	}
-	session = XLP_SEC_SESSION(crp->crp_sid);
-	if (sc == NULL || session >= sc->sc_nsessions) {
+	if (sc == NULL) {
 		err = EINVAL;
 		goto errout;
 	}
-	ses = &sc->sc_sessions[session];
+	ses = crypto_get_driver_session(crp->crp_session);
 
 	if ((cmd = malloc(sizeof(struct xlp_sec_command), M_DEVBUF,
 	    M_NOWAIT | M_ZERO)) == NULL) {
@@ -720,7 +660,7 @@ xlp_sec_process(device_t dev, struct cryptop *crp, int hint)
 	}
 
 	cmd->crp = crp;
-	cmd->session_num = session;
+	cmd->ses = ses;
 	cmd->hash_dst_len = ses->hs_mlen;
 
 	if ((crd1 = crp->crp_desc) == NULL) {
diff --git a/sys/mips/nlm/dev/sec/nlmseclib.h b/sys/mips/nlm/dev/sec/nlmseclib.h
index fdf9b007b5f4..ab7a13370fe7 100644
--- a/sys/mips/nlm/dev/sec/nlmseclib.h
+++ b/sys/mips/nlm/dev/sec/nlmseclib.h
@@ -79,9 +79,6 @@
 #define	XLP_SEC_MAX_AUTH_KEY_LENGTH	XLP_SEC_SHA512_BLOCK_SIZE
 #define	XLP_SEC_MAX_RC4_STATE_SIZE	264	/* char s[256], int i, int j */
 
-#define	XLP_SEC_SESSION(sid)	((sid) & 0x000007ff)
-#define	XLP_SEC_SID(crd,ses)	(((crd) << 28) | ((ses) & 0x7ff))
-
 #define	CRYPTO_ERROR(msg1)	((unsigned int)msg1)
 
 #define	NLM_CRYPTO_LEFT_REQS (CMS_DEFAULT_CREDIT/2)
@@ -93,7 +90,6 @@
 extern unsigned int creditleft;
 
 struct xlp_sec_command {
-	uint16_t session_num;
 	struct cryptop *crp;
 	struct cryptodesc *enccrd, *maccrd;
 	struct xlp_sec_session *ses;
@@ -119,8 +115,6 @@ struct xlp_sec_command {
 };
 
 struct xlp_sec_session {
-	uint32_t sessionid;
-	int hs_used;
 	int hs_mlen;
 	uint8_t ses_iv[EALG_MAX_BLOCK_LEN];
 	struct xlp_sec_command cmd;
@@ -133,8 +127,6 @@ struct xlp_sec_softc {
 	device_t sc_dev;	/* device backpointer */
 	uint64_t sec_base;
 	int32_t sc_cid;
-	struct xlp_sec_session *sc_sessions;
-	int sc_nsessions;
 	int sc_needwakeup;
 	uint32_t sec_vc_start;
 	uint32_t sec_vc_end;