module: icp: remove vestigia of crypto sessions

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Closes #12901

include/sys/crypto/common.h

@@ -154,8 +154,6 @@ typedef uint32_t 	crypto_provider_id_t;
 /* session data structure opaque to the consumer */
 typedef void *crypto_session_t;
 
-typedef uint_t		crypto_session_id_t;
-
 #define	PROVIDER_OWNS_KEY_SCHEDULE	0x00000001
 
 /*

module/icp/api/kcf_cipher.c

@@ -89,7 +89,7 @@ retry:
 
 	crypto_mechanism_t lmech = *mech;
 	KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech);
-	error = KCF_PROV_ENCRYPT_ATOMIC(pd, pd->pd_sid, &lmech, key,
+	error = KCF_PROV_ENCRYPT_ATOMIC(pd, &lmech, key,
 	    plaintext, ciphertext, spi_ctx_tmpl);
 	KCF_PROV_INCRSTATS(pd, error);
 
@@ -162,7 +162,7 @@ retry:
 	crypto_mechanism_t lmech = *mech;
 	KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech);
 
-	error = KCF_PROV_DECRYPT_ATOMIC(pd, pd->pd_sid, &lmech, key,
+	error = KCF_PROV_DECRYPT_ATOMIC(pd, &lmech, key,
 	    ciphertext, plaintext, spi_ctx_tmpl);
 	KCF_PROV_INCRSTATS(pd, error);
 

module/icp/api/kcf_mac.c

@@ -105,7 +105,7 @@ retry:
 
 	crypto_mechanism_t lmech = *mech;
 	KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech);
-	error = KCF_PROV_MAC_ATOMIC(pd, pd->pd_sid, &lmech, key, data,
+	error = KCF_PROV_MAC_ATOMIC(pd, &lmech, key, data,
 	    mac, spi_ctx_tmpl);
 	KCF_PROV_INCRSTATS(pd, error);
 

module/icp/include/sys/crypto/impl.h

@@ -140,8 +140,6 @@ typedef enum {
  * provider. It is allocated and initialized at registration time and
  * freed when the provider unregisters.
  *
- * pd_sid:		Session ID of the provider used by kernel clients.
- *			This is valid only for session-oriented providers.
  * pd_refcnt:		Reference counter to this provider descriptor
  * pd_irefcnt:		References held by the framework internal structs
  * pd_lock:		lock protects pd_state
@@ -164,7 +162,6 @@ typedef enum {
  * pd_ks_data:		kstat data
  */
 typedef struct kcf_provider_desc {
-	crypto_session_id_t		pd_sid;
 	uint_t				pd_refcnt;
 	uint_t				pd_irefcnt;
 	kmutex_t			pd_lock;
@@ -312,54 +309,6 @@ extern const kcf_mech_entry_tab_t kcf_mech_tabs_tab[];
 #define	KCF_TO_PROV_MECHNUM(pd, mech_type)			\
 	(KCF_TO_PROV_MECHINFO(pd, mech_type).cm_mech_number)
 
-/* ps_refcnt is protected by cm_lock in the crypto_minor structure */
-typedef struct crypto_provider_session {
-	struct crypto_provider_session *ps_next;
-	crypto_session_id_t		ps_session;
-	kcf_provider_desc_t		*ps_provider;
-	kcf_provider_desc_t		*ps_real_provider;
-	uint_t				ps_refcnt;
-} crypto_provider_session_t;
-
-typedef struct crypto_session_data {
-	kmutex_t			sd_lock;
-	kcondvar_t			sd_cv;
-	uint32_t			sd_flags;
-	int				sd_pre_approved_amount;
-	crypto_ctx_t			*sd_digest_ctx;
-	crypto_ctx_t			*sd_encr_ctx;
-	crypto_ctx_t			*sd_decr_ctx;
-	crypto_ctx_t			*sd_sign_ctx;
-	crypto_ctx_t			*sd_verify_ctx;
-	crypto_ctx_t			*sd_sign_recover_ctx;
-	crypto_ctx_t			*sd_verify_recover_ctx;
-	kcf_provider_desc_t		*sd_provider;
-	void				*sd_find_init_cookie;
-	crypto_provider_session_t	*sd_provider_session;
-} crypto_session_data_t;
-
-#define	CRYPTO_SESSION_IN_USE		0x00000001
-#define	CRYPTO_SESSION_IS_BUSY		0x00000002
-#define	CRYPTO_SESSION_IS_CLOSED	0x00000004
-
-#define	KCF_MAX_PIN_LEN			1024
-
-/*
- * Per-minor info.
- *
- * cm_lock protects everything in this structure except for cm_refcnt.
- */
-typedef struct crypto_minor {
-	uint_t				cm_refcnt;
-	kmutex_t			cm_lock;
-	kcondvar_t			cm_cv;
-	crypto_session_data_t		**cm_session_table;
-	uint_t				cm_session_table_count;
-	kcf_provider_desc_t		**cm_provider_array;
-	uint_t				cm_provider_count;
-	crypto_provider_session_t	*cm_provider_session;
-} crypto_minor_t;
-
 /*
  * Return codes for internal functions
  */
@@ -399,18 +348,18 @@ typedef struct crypto_minor {
 	KCF_PROV_CIPHER_OPS(pd)->encrypt_init(ctx, mech, key, template) : \
 	CRYPTO_NOT_SUPPORTED)
 
-#define	KCF_PROV_ENCRYPT_ATOMIC(pd, session, mech, key, plaintext, ciphertext, \
+#define	KCF_PROV_ENCRYPT_ATOMIC(pd, mech, key, plaintext, ciphertext, \
 	    template) ( \
 	(KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic) ? \
 	KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic( \
-	    session, mech, key, plaintext, ciphertext, template) : \
+	    mech, key, plaintext, ciphertext, template) : \
 	CRYPTO_NOT_SUPPORTED)
 
-#define	KCF_PROV_DECRYPT_ATOMIC(pd, session, mech, key, ciphertext, plaintext, \
+#define	KCF_PROV_DECRYPT_ATOMIC(pd, mech, key, ciphertext, plaintext, \
 	    template) ( \
 	(KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic) ? \
 	KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic( \
-	    session, mech, key, ciphertext, plaintext, template) : \
+	    mech, key, ciphertext, plaintext, template) : \
 	CRYPTO_NOT_SUPPORTED)
 
 /*
@@ -436,10 +385,10 @@ typedef struct crypto_minor {
 	KCF_PROV_MAC_OPS(pd)->mac_final(ctx, mac) : \
 	CRYPTO_NOT_SUPPORTED)
 
-#define	KCF_PROV_MAC_ATOMIC(pd, session, mech, key, data, mac, template) ( \
+#define	KCF_PROV_MAC_ATOMIC(pd, mech, key, data, mac, template) ( \
 	(KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_atomic) ? \
 	KCF_PROV_MAC_OPS(pd)->mac_atomic( \
-	    session, mech, key, data, mac, template) : \
+	    mech, key, data, mac, template) : \
 	CRYPTO_NOT_SUPPORTED)
 
 /*

module/icp/include/sys/crypto/spi.h

@@ -78,8 +78,7 @@ typedef struct crypto_digest_ops {
 	int (*digest_update)(crypto_ctx_t *, crypto_data_t *);
 	int (*digest_key)(crypto_ctx_t *, crypto_key_t *);
 	int (*digest_final)(crypto_ctx_t *, crypto_data_t *);
-	int (*digest_atomic)(crypto_session_id_t,
-	    crypto_mechanism_t *, crypto_data_t *,
+	int (*digest_atomic)(crypto_mechanism_t *, crypto_data_t *,
 	    crypto_data_t *);
 } __no_const crypto_digest_ops_t;
 
@@ -99,9 +98,8 @@ typedef struct crypto_cipher_ops {
 	    crypto_data_t *, crypto_data_t *);
 	int (*encrypt_final)(crypto_ctx_t *,
 	    crypto_data_t *);
-	int (*encrypt_atomic)(crypto_session_id_t,
-	    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
-	    crypto_data_t *, crypto_spi_ctx_template_t);
+	int (*encrypt_atomic)(crypto_mechanism_t *, crypto_key_t *,
+	    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
 
 	int (*decrypt_init)(crypto_ctx_t *,
 	    crypto_mechanism_t *, crypto_key_t *,
@@ -112,9 +110,8 @@ typedef struct crypto_cipher_ops {
 	    crypto_data_t *, crypto_data_t *);
 	int (*decrypt_final)(crypto_ctx_t *,
 	    crypto_data_t *);
-	int (*decrypt_atomic)(crypto_session_id_t,
-	    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
-	    crypto_data_t *, crypto_spi_ctx_template_t);
+	int (*decrypt_atomic)(crypto_mechanism_t *, crypto_key_t *,
+	    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
 } __no_const crypto_cipher_ops_t;
 
 /*
@@ -133,12 +130,10 @@ typedef struct crypto_mac_ops {
 	    crypto_data_t *);
 	int (*mac_final)(crypto_ctx_t *,
 	    crypto_data_t *);
-	int (*mac_atomic)(crypto_session_id_t,
-	    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
-	    crypto_data_t *, crypto_spi_ctx_template_t);
-	int (*mac_verify_atomic)(crypto_session_id_t,
-	    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
-	    crypto_data_t *, crypto_spi_ctx_template_t);
+	int (*mac_atomic)(crypto_mechanism_t *, crypto_key_t *,
+	    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
+	int (*mac_verify_atomic)(crypto_mechanism_t *, crypto_key_t *,
+	    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
 } __no_const crypto_mac_ops_t;
 
 /*

module/icp/io/aes.c

@@ -81,16 +81,14 @@ static int aes_decrypt_final(crypto_ctx_t *, crypto_data_t *);
 static int aes_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
 static int aes_encrypt_update(crypto_ctx_t *, crypto_data_t *,
     crypto_data_t *);
-static int aes_encrypt_atomic(crypto_session_id_t,
-    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
-    crypto_data_t *, crypto_spi_ctx_template_t);
+static int aes_encrypt_atomic(crypto_mechanism_t *, crypto_key_t *,
+    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
 
 static int aes_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
 static int aes_decrypt_update(crypto_ctx_t *, crypto_data_t *,
     crypto_data_t *);
-static int aes_decrypt_atomic(crypto_session_id_t,
-    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
-    crypto_data_t *, crypto_spi_ctx_template_t);
+static int aes_decrypt_atomic(crypto_mechanism_t *, crypto_key_t *,
+    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
 
 static const crypto_cipher_ops_t aes_cipher_ops = {
 	.encrypt_init = aes_encrypt_init,
@@ -105,12 +103,10 @@ static const crypto_cipher_ops_t aes_cipher_ops = {
 	.decrypt_atomic = aes_decrypt_atomic
 };
 
-static int aes_mac_atomic(crypto_session_id_t,
-    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
-    crypto_spi_ctx_template_t);
-static int aes_mac_verify_atomic(crypto_session_id_t,
-    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
-    crypto_spi_ctx_template_t);
+static int aes_mac_atomic(crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
+    crypto_data_t *, crypto_spi_ctx_template_t);
+static int aes_mac_verify_atomic(crypto_mechanism_t *, crypto_key_t *,
+    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
 
 static const crypto_mac_ops_t aes_mac_ops = {
 	.mac_init = NULL,
@@ -832,12 +828,10 @@ aes_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *data)
 }
 
 static int
-aes_encrypt_atomic(crypto_session_id_t session_id,
-    crypto_mechanism_t *mechanism,
+aes_encrypt_atomic(crypto_mechanism_t *mechanism,
     crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext,
     crypto_spi_ctx_template_t template)
 {
-	(void) session_id;
 	aes_ctx_t aes_ctx;	/* on the stack */
 	off_t saved_offset;
 	size_t saved_length;
@@ -968,12 +962,10 @@ out:
 }
 
 static int
-aes_decrypt_atomic(crypto_session_id_t session_id,
-    crypto_mechanism_t *mechanism,
+aes_decrypt_atomic(crypto_mechanism_t *mechanism,
     crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext,
     crypto_spi_ctx_template_t template)
 {
-	(void) session_id;
 	aes_ctx_t aes_ctx;	/* on the stack */
 	off_t saved_offset;
 	size_t saved_length;
@@ -1308,7 +1300,7 @@ process_gmac_mech(crypto_mechanism_t *mech, crypto_data_t *data,
 }
 
 static int
-aes_mac_atomic(crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
+aes_mac_atomic(crypto_mechanism_t *mechanism,
     crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
     crypto_spi_ctx_template_t template)
 {
@@ -1324,14 +1316,13 @@ aes_mac_atomic(crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
 	gcm_mech.cm_param_len = sizeof (CK_AES_GCM_PARAMS);
 	gcm_mech.cm_param = (char *)&gcm_params;
 
-	return (aes_encrypt_atomic(session_id, &gcm_mech,
+	return (aes_encrypt_atomic(&gcm_mech,
 	    key, &null_crypto_data, mac, template));
 }
 
 static int
-aes_mac_verify_atomic(crypto_session_id_t session_id,
-    crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_data_t *data,
-    crypto_data_t *mac, crypto_spi_ctx_template_t template)
+aes_mac_verify_atomic(crypto_mechanism_t *mechanism, crypto_key_t *key,
+    crypto_data_t *data, crypto_data_t *mac, crypto_spi_ctx_template_t template)
 {
 	CK_AES_GCM_PARAMS gcm_params;
 	crypto_mechanism_t gcm_mech;
@@ -1345,6 +1336,6 @@ aes_mac_verify_atomic(crypto_session_id_t session_id,
 	gcm_mech.cm_param_len = sizeof (CK_AES_GCM_PARAMS);
 	gcm_mech.cm_param = (char *)&gcm_params;
 
-	return (aes_decrypt_atomic(session_id, &gcm_mech,
+	return (aes_decrypt_atomic(&gcm_mech,
 	    key, mac, &null_crypto_data, template));
 }

module/icp/io/sha2_mod.c

@@ -94,8 +94,8 @@ static int sha2_digest_init(crypto_ctx_t *, crypto_mechanism_t *);
 static int sha2_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
 static int sha2_digest_update(crypto_ctx_t *, crypto_data_t *);
 static int sha2_digest_final(crypto_ctx_t *, crypto_data_t *);
-static int sha2_digest_atomic(crypto_session_id_t,
-    crypto_mechanism_t *, crypto_data_t *, crypto_data_t *);
+static int sha2_digest_atomic(crypto_mechanism_t *, crypto_data_t *,
+    crypto_data_t *);
 
 static const crypto_digest_ops_t sha2_digest_ops = {
 	.digest_init = sha2_digest_init,
@@ -109,12 +109,10 @@ static int sha2_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
     crypto_spi_ctx_template_t);
 static int sha2_mac_update(crypto_ctx_t *, crypto_data_t *);
 static int sha2_mac_final(crypto_ctx_t *, crypto_data_t *);
-static int sha2_mac_atomic(crypto_session_id_t,
-    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
-    crypto_spi_ctx_template_t);
-static int sha2_mac_verify_atomic(crypto_session_id_t,
-    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
-    crypto_spi_ctx_template_t);
+static int sha2_mac_atomic(crypto_mechanism_t *, crypto_key_t *,
+    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
+static int sha2_mac_verify_atomic(crypto_mechanism_t *, crypto_key_t *,
+    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
 
 static const crypto_mac_ops_t sha2_mac_ops = {
 	.mac_init = sha2_mac_init,
@@ -537,10 +535,9 @@ sha2_digest_final(crypto_ctx_t *ctx, crypto_data_t *digest)
 }
 
 static int
-sha2_digest_atomic(crypto_session_id_t session_id,
-    crypto_mechanism_t *mechanism, crypto_data_t *data, crypto_data_t *digest)
+sha2_digest_atomic(crypto_mechanism_t *mechanism, crypto_data_t *data,
+    crypto_data_t *digest)
 {
-	(void) session_id;
 	int ret = CRYPTO_SUCCESS;
 	SHA2_CTX sha2_ctx;
 	uint32_t sha_digest_len;
@@ -898,11 +895,10 @@ sha2_mac_final(crypto_ctx_t *ctx, crypto_data_t *mac)
 }
 
 static int
-sha2_mac_atomic(crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
+sha2_mac_atomic(crypto_mechanism_t *mechanism,
     crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
     crypto_spi_ctx_template_t ctx_template)
 {
-	(void) session_id;
 	int ret = CRYPTO_SUCCESS;
 	uchar_t digest[SHA512_DIGEST_LENGTH];
 	sha2_hmac_ctx_t sha2_hmac_ctx;
@@ -1031,12 +1027,10 @@ bail:
 }
 
 static int
-sha2_mac_verify_atomic(crypto_session_id_t session_id,
-    crypto_mechanism_t *mechanism,
+sha2_mac_verify_atomic(crypto_mechanism_t *mechanism,
     crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
     crypto_spi_ctx_template_t ctx_template)
 {
-	(void) session_id;
 	int ret = CRYPTO_SUCCESS;
 	uchar_t digest[SHA512_DIGEST_LENGTH];
 	sha2_hmac_ctx_t sha2_hmac_ctx;

module/icp/io/skein_mod.c

@@ -49,8 +49,8 @@ static int skein_digest_init(crypto_ctx_t *, crypto_mechanism_t *);
 static int skein_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
 static int skein_update(crypto_ctx_t *, crypto_data_t *);
 static int skein_final(crypto_ctx_t *, crypto_data_t *);
-static int skein_digest_atomic(crypto_session_id_t,
-    crypto_mechanism_t *, crypto_data_t *, crypto_data_t *);
+static int skein_digest_atomic(crypto_mechanism_t *, crypto_data_t *,
+    crypto_data_t *);
 
 static const crypto_digest_ops_t skein_digest_ops = {
 	.digest_init = skein_digest_init,
@@ -62,9 +62,8 @@ static const crypto_digest_ops_t skein_digest_ops = {
 
 static int skein_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
     crypto_spi_ctx_template_t);
-static int skein_mac_atomic(crypto_session_id_t,
-    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
-    crypto_spi_ctx_template_t);
+static int skein_mac_atomic(crypto_mechanism_t *, crypto_key_t *,
+    crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t);
 
 static const crypto_mac_ops_t skein_mac_ops = {
 	.mac_init = skein_mac_init,
@@ -467,10 +466,9 @@ skein_final(crypto_ctx_t *ctx, crypto_data_t *digest)
  * Supported input/output formats are raw, uio and mblk.
  */
 static int
-skein_digest_atomic(crypto_session_id_t session_id,
-    crypto_mechanism_t *mechanism, crypto_data_t *data, crypto_data_t *digest)
+skein_digest_atomic(crypto_mechanism_t *mechanism, crypto_data_t *data,
+    crypto_data_t *digest)
 {
-	(void) session_id;
 	int	 error;
 	skein_ctx_t skein_ctx;
 	crypto_ctx_t ctx;
@@ -570,12 +568,11 @@ errout:
  * function as to those of the partial operations above.
  */
 static int
-skein_mac_atomic(crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
+skein_mac_atomic(crypto_mechanism_t *mechanism,
     crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
     crypto_spi_ctx_template_t ctx_template)
 {
 	/* faux crypto context just for skein_digest_{update,final} */
-	(void) session_id;
 	int	 error;
 	crypto_ctx_t ctx;
 	skein_ctx_t skein_ctx;