diff options
| author | Conrad Meyer <cem@FreeBSD.org> | 2018-07-18 00:56:25 +0000 |
|---|---|---|
| committer | Conrad Meyer <cem@FreeBSD.org> | 2018-07-18 00:56:25 +0000 |
| commit | 1b0909d51a8aa8b5ec5a61c2dc1a69642976a732 (patch) | |
| tree | b9c915e7d2ca9312b6f83308f05040a78875b6d7 /sys/opencrypto/cryptodev.c | |
| parent | 38b42191fb8cbdf348508c72b504e0dc3da1b53c (diff) | |
| download | src-1b0909d51a8aa8b5ec5a61c2dc1a69642976a732.tar.gz src-1b0909d51a8aa8b5ec5a61c2dc1a69642976a732.zip | |
OpenCrypto: Convert sessions to opaque handles instead of integers
Track session objects in the framework, and pass handles between the
framework (OCF), consumers, and drivers. Avoid redundancy and complexity in
individual drivers by allocating session memory in the framework and
providing it to drivers in ::newsession().
Session handles are no longer integers with information encoded in various
high bits. Use of the CRYPTO_SESID2FOO() macros should be replaced with the
appropriate crypto_ses2foo() function on the opaque session handle.
Convert OCF drivers (in particular, cryptosoft, as well as myriad others) to
the opaque handle interface. Discard existing session tracking as much as
possible (quick pass). There may be additional code ripe for deletion.
Convert OCF consumers (ipsec, geom_eli, krb5, cryptodev) to handle-style
interface. The conversion is largely mechnical.
The change is documented in crypto.9.
Inspired by
https://lists.freebsd.org/pipermail/freebsd-arch/2018-January/018835.html .
No objection from: ae (ipsec portion)
Reported by: jhb
Notes
Notes:
svn path=/head/; revision=336439
Diffstat (limited to 'sys/opencrypto/cryptodev.c')
| -rw-r--r-- | sys/opencrypto/cryptodev.c | 32 |
1 files changed, 15 insertions, 17 deletions
diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index c1c882a5e41e..fc7c27b82ca2 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -265,7 +265,7 @@ crypt_kop_to_32(const struct crypt_kop *from, struct crypt_kop32 *to) struct csession { TAILQ_ENTRY(csession) next; - crypto_session_t sid; + crypto_session_t cses; u_int32_t ses; struct mtx lock; /* for op submission */ @@ -323,7 +323,7 @@ static struct csession *cseadd(struct fcrypt *, struct csession *); static struct csession *csecreate(struct fcrypt *, crypto_session_t, caddr_t, u_int64_t, caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *, struct auth_hash *); -static int csefree(struct csession *); +static void csefree(struct csession *); static int cryptodev_op(struct csession *, struct crypt_op *, struct ucred *, struct thread *td); @@ -378,7 +378,7 @@ cryptof_ioctl( struct enc_xform *txform = NULL; struct auth_hash *thash = NULL; struct crypt_kop *kop; - crypto_session_t sid; + crypto_session_t cses; u_int32_t ses; int error = 0, crid; #ifdef COMPAT_FREEBSD32 @@ -592,19 +592,19 @@ cryptof_ioctl( } } else crid = CRYPTOCAP_F_HARDWARE; - error = crypto_newsession(&sid, (txform ? &crie : &cria), crid); + error = crypto_newsession(&cses, (txform ? &crie : &cria), crid); if (error) { CRYPTDEB("crypto_newsession"); SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto bail; } - cse = csecreate(fcr, sid, crie.cri_key, crie.cri_klen, + cse = csecreate(fcr, cses, crie.cri_key, crie.cri_klen, cria.cri_key, cria.cri_klen, sop->cipher, sop->mac, txform, thash); if (cse == NULL) { - crypto_freesession(sid); + crypto_freesession(cses); error = EINVAL; SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); CRYPTDEB("csecreate"); @@ -617,7 +617,7 @@ cryptof_ioctl( #endif ) { /* return hardware/driver id */ - SES2(sop)->crid = CRYPTO_SESID2HID(cse->sid); + SES2(sop)->crid = crypto_ses2hid(cse->cses); } bail: if (error) { @@ -644,7 +644,7 @@ bail: return (EINVAL); } csedelete(fcr, cse); - error = csefree(cse); + csefree(cse); break; case CIOCCRYPT: #ifdef COMPAT_FREEBSD32 @@ -856,7 +856,7 @@ cryptodev_op( | (cop->flags & COP_F_BATCH); crp->crp_uio = &cod->uio; crp->crp_callback = cryptodev_cb; - crp->crp_sid = cse->sid; + crp->crp_session = cse->cses; crp->crp_opaque = cod; if (cop->iv) { @@ -1032,7 +1032,7 @@ cryptodev_aead( | (caead->flags & COP_F_BATCH); crp->crp_uio = &cod->uio; crp->crp_callback = cryptodev_cb; - crp->crp_sid = cse->sid; + crp->crp_session = cse->cses; crp->crp_opaque = cod; if (caead->iv) { @@ -1301,7 +1301,7 @@ cryptof_close(struct file *fp, struct thread *td) while ((cse = TAILQ_FIRST(&fcr->csessions))) { TAILQ_REMOVE(&fcr->csessions, cse, next); - (void)csefree(cse); + csefree(cse); } free(fcr, M_XDATA); fp->f_data = NULL; @@ -1350,7 +1350,7 @@ cseadd(struct fcrypt *fcr, struct csession *cse) } struct csession * -csecreate(struct fcrypt *fcr, crypto_session_t sid, caddr_t key, u_int64_t keylen, +csecreate(struct fcrypt *fcr, crypto_session_t cses, caddr_t key, u_int64_t keylen, caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac, struct enc_xform *txform, struct auth_hash *thash) { @@ -1364,7 +1364,7 @@ csecreate(struct fcrypt *fcr, crypto_session_t sid, caddr_t key, u_int64_t keyle cse->keylen = keylen/8; cse->mackey = mackey; cse->mackeylen = mackeylen/8; - cse->sid = sid; + cse->cses = cses; cse->cipher = cipher; cse->mac = mac; cse->txform = txform; @@ -1373,19 +1373,17 @@ csecreate(struct fcrypt *fcr, crypto_session_t sid, caddr_t key, u_int64_t keyle return (cse); } -static int +static void csefree(struct csession *cse) { - int error; - error = crypto_freesession(cse->sid); + crypto_freesession(cse->cses); mtx_destroy(&cse->lock); if (cse->key) free(cse->key, M_XDATA); if (cse->mackey) free(cse->mackey, M_XDATA); free(cse, M_XDATA); - return (error); } static int |