mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2024-12-25 18:59:33 +03:00
module: icp: fold away all key formats except CRYPTO_KEY_RAW
It's the only one actually used Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Closes #12901
This commit is contained in:
parent
1018e81e30
commit
739afd9475
@ -42,8 +42,6 @@
|
||||
#define SUN_CKM_AES_GCM "CKM_AES_GCM"
|
||||
#define SUN_CKM_SHA512_HMAC "CKM_SHA512_HMAC"
|
||||
|
||||
#define CRYPTO_KEY_RAW 1
|
||||
|
||||
#define CRYPTO_BITS2BYTES(n) ((n) == 0 ? 0 : (((n) - 1) >> 3) + 1)
|
||||
#define CRYPTO_BYTES2BITS(n) ((n) << 3)
|
||||
|
||||
@ -61,12 +59,11 @@ typedef struct freebsd_crypt_session {
|
||||
typedef void *crypto_mechanism_t;
|
||||
typedef void *crypto_ctx_template_t;
|
||||
/*
|
||||
* Unlike the ICP crypto_key type, this only
|
||||
* Like the ICP crypto_key type, this only
|
||||
* supports <data, length> (the equivalent of
|
||||
* CRYPTO_KEY_RAW).
|
||||
* the former CRYPTO_KEY_RAW).
|
||||
*/
|
||||
typedef struct crypto_key {
|
||||
int ck_format; /* Unused, but minimizes code diff */
|
||||
void *ck_data;
|
||||
size_t ck_length;
|
||||
} crypto_key_t;
|
||||
|
@ -255,109 +255,11 @@ typedef struct crypto_data {
|
||||
|
||||
/* The keys, and their contents */
|
||||
|
||||
typedef enum {
|
||||
CRYPTO_KEY_RAW = 1, /* ck_data is a cleartext key */
|
||||
CRYPTO_KEY_REFERENCE, /* ck_obj_id is an opaque reference */
|
||||
CRYPTO_KEY_ATTR_LIST /* ck_attrs is a list of object attributes */
|
||||
} crypto_key_format_t;
|
||||
|
||||
typedef uint64_t crypto_attr_type_t;
|
||||
|
||||
/* Attribute types to use for passing a RSA public key or a private key. */
|
||||
#define SUN_CKA_MODULUS 0x00000120
|
||||
#define SUN_CKA_MODULUS_BITS 0x00000121
|
||||
#define SUN_CKA_PUBLIC_EXPONENT 0x00000122
|
||||
#define SUN_CKA_PRIVATE_EXPONENT 0x00000123
|
||||
#define SUN_CKA_PRIME_1 0x00000124
|
||||
#define SUN_CKA_PRIME_2 0x00000125
|
||||
#define SUN_CKA_EXPONENT_1 0x00000126
|
||||
#define SUN_CKA_EXPONENT_2 0x00000127
|
||||
#define SUN_CKA_COEFFICIENT 0x00000128
|
||||
#define SUN_CKA_PRIME 0x00000130
|
||||
#define SUN_CKA_SUBPRIME 0x00000131
|
||||
#define SUN_CKA_BASE 0x00000132
|
||||
|
||||
#define CKK_EC 0x00000003
|
||||
#define CKK_GENERIC_SECRET 0x00000010
|
||||
#define CKK_RC4 0x00000012
|
||||
#define CKK_AES 0x0000001F
|
||||
#define CKK_DES 0x00000013
|
||||
#define CKK_DES2 0x00000014
|
||||
#define CKK_DES3 0x00000015
|
||||
|
||||
#define CKO_PUBLIC_KEY 0x00000002
|
||||
#define CKO_PRIVATE_KEY 0x00000003
|
||||
#define CKA_CLASS 0x00000000
|
||||
#define CKA_VALUE 0x00000011
|
||||
#define CKA_KEY_TYPE 0x00000100
|
||||
#define CKA_VALUE_LEN 0x00000161
|
||||
#define CKA_EC_PARAMS 0x00000180
|
||||
#define CKA_EC_POINT 0x00000181
|
||||
|
||||
typedef uint32_t crypto_object_id_t;
|
||||
|
||||
typedef struct crypto_object_attribute {
|
||||
crypto_attr_type_t oa_type; /* attribute type */
|
||||
caddr_t oa_value; /* attribute value */
|
||||
ssize_t oa_value_len; /* length of attribute value */
|
||||
} crypto_object_attribute_t;
|
||||
|
||||
typedef struct crypto_key {
|
||||
crypto_key_format_t ck_format; /* format identifier */
|
||||
union {
|
||||
/* for CRYPTO_KEY_RAW ck_format */
|
||||
struct {
|
||||
uint_t cku_v_length; /* # of bits in ck_data */
|
||||
void *cku_v_data; /* ptr to key value */
|
||||
} cku_key_value;
|
||||
|
||||
/* for CRYPTO_KEY_REFERENCE ck_format */
|
||||
crypto_object_id_t cku_key_id; /* reference to object key */
|
||||
|
||||
/* for CRYPTO_KEY_ATTR_LIST ck_format */
|
||||
struct {
|
||||
uint_t cku_a_count; /* number of attributes */
|
||||
crypto_object_attribute_t *cku_a_oattr;
|
||||
} cku_key_attrs;
|
||||
} cku_data; /* Crypto Key union */
|
||||
typedef struct {
|
||||
uint_t ck_length; /* # of bits in ck_data */
|
||||
void *ck_data; /* ptr to key value */
|
||||
} crypto_key_t;
|
||||
|
||||
#ifdef _SYSCALL32
|
||||
|
||||
typedef struct crypto_object_attribute32 {
|
||||
uint64_t oa_type; /* attribute type */
|
||||
caddr32_t oa_value; /* attribute value */
|
||||
ssize32_t oa_value_len; /* length of attribute value */
|
||||
} crypto_object_attribute32_t;
|
||||
|
||||
typedef struct crypto_key32 {
|
||||
crypto_key_format_t ck_format; /* format identifier */
|
||||
union {
|
||||
/* for CRYPTO_KEY_RAW ck_format */
|
||||
struct {
|
||||
uint32_t cku_v_length; /* # of bytes in ck_data */
|
||||
caddr32_t cku_v_data; /* ptr to key value */
|
||||
} cku_key_value;
|
||||
|
||||
/* for CRYPTO_KEY_REFERENCE ck_format */
|
||||
crypto_object_id_t cku_key_id; /* reference to object key */
|
||||
|
||||
/* for CRYPTO_KEY_ATTR_LIST ck_format */
|
||||
struct {
|
||||
uint32_t cku_a_count; /* number of attributes */
|
||||
caddr32_t cku_a_oattr;
|
||||
} cku_key_attrs;
|
||||
} cku_data; /* Crypto Key union */
|
||||
} crypto_key32_t;
|
||||
|
||||
#endif /* _SYSCALL32 */
|
||||
|
||||
#define ck_data cku_data.cku_key_value.cku_v_data
|
||||
#define ck_length cku_data.cku_key_value.cku_v_length
|
||||
#define ck_obj_id cku_data.cku_key_id
|
||||
#define ck_count cku_data.cku_key_attrs.cku_a_count
|
||||
#define ck_attrs cku_data.cku_key_attrs.cku_a_oattr
|
||||
|
||||
/*
|
||||
* Raw key lengths are expressed in number of bits.
|
||||
* The following macro returns the minimum number of
|
||||
@ -372,64 +274,11 @@ typedef struct crypto_key32 {
|
||||
typedef uint32_t crypto_provider_id_t;
|
||||
#define KCF_PROVID_INVALID ((uint32_t)-1)
|
||||
|
||||
typedef struct crypto_provider_entry {
|
||||
crypto_provider_id_t pe_provider_id;
|
||||
uint_t pe_mechanism_count;
|
||||
} crypto_provider_entry_t;
|
||||
|
||||
typedef struct crypto_dev_list_entry {
|
||||
char le_dev_name[MAXNAMELEN];
|
||||
uint_t le_dev_instance;
|
||||
uint_t le_mechanism_count;
|
||||
} crypto_dev_list_entry_t;
|
||||
|
||||
/* User type for authentication ioctls and SPI entry points */
|
||||
|
||||
typedef enum crypto_user_type {
|
||||
CRYPTO_SO = 0,
|
||||
CRYPTO_USER
|
||||
} crypto_user_type_t;
|
||||
|
||||
/* Version for provider management ioctls and SPI entry points */
|
||||
|
||||
typedef struct crypto_version {
|
||||
uchar_t cv_major;
|
||||
uchar_t cv_minor;
|
||||
} crypto_version_t;
|
||||
|
||||
/* session data structure opaque to the consumer */
|
||||
typedef void *crypto_session_t;
|
||||
|
||||
/* provider data structure opaque to the consumer */
|
||||
typedef void *crypto_provider_t;
|
||||
|
||||
/* Limits used by both consumers and providers */
|
||||
#define CRYPTO_EXT_SIZE_LABEL 32
|
||||
#define CRYPTO_EXT_SIZE_MANUF 32
|
||||
#define CRYPTO_EXT_SIZE_MODEL 16
|
||||
#define CRYPTO_EXT_SIZE_SERIAL 16
|
||||
#define CRYPTO_EXT_SIZE_TIME 16
|
||||
|
||||
typedef uint_t crypto_session_id_t;
|
||||
|
||||
typedef enum cmd_type {
|
||||
COPY_FROM_DATA,
|
||||
COPY_TO_DATA,
|
||||
COMPARE_TO_DATA,
|
||||
MD5_DIGEST_DATA,
|
||||
SHA1_DIGEST_DATA,
|
||||
SHA2_DIGEST_DATA,
|
||||
GHASH_DATA
|
||||
} cmd_type_t;
|
||||
|
||||
#define CRYPTO_DO_UPDATE 0x01
|
||||
#define CRYPTO_DO_FINAL 0x02
|
||||
#define CRYPTO_DO_MD5 0x04
|
||||
#define CRYPTO_DO_SHA1 0x08
|
||||
#define CRYPTO_DO_SIGN 0x10
|
||||
#define CRYPTO_DO_VERIFY 0x20
|
||||
#define CRYPTO_DO_SHA2 0x40
|
||||
|
||||
#define PROVIDER_OWNS_KEY_SCHEDULE 0x00000001
|
||||
|
||||
/*
|
||||
|
@ -164,13 +164,12 @@ retry:
|
||||
* See comment in the beginning of the file.
|
||||
*/
|
||||
static int
|
||||
crypto_mac_init_prov(crypto_provider_t provider,
|
||||
crypto_mac_init_prov(kcf_provider_desc_t *pd,
|
||||
crypto_mechanism_t *mech, crypto_key_t *key, crypto_spi_ctx_template_t tmpl,
|
||||
crypto_context_t *ctxp, crypto_call_req_t *crq)
|
||||
{
|
||||
int rv;
|
||||
crypto_ctx_t *ctx;
|
||||
kcf_provider_desc_t *pd = provider;
|
||||
kcf_provider_desc_t *real_provider = pd;
|
||||
|
||||
ASSERT(KCF_PROV_REFHELD(pd));
|
||||
|
@ -33,14 +33,12 @@
|
||||
*/
|
||||
|
||||
/*
|
||||
* Utility routine to apply the command, 'cmd', to the
|
||||
* Utility routine to apply the command COPY_TO_DATA to the
|
||||
* data in the uio structure.
|
||||
*/
|
||||
int
|
||||
crypto_uio_data(crypto_data_t *data, uchar_t *buf, int len, cmd_type_t cmd,
|
||||
void *digest_ctx, void (*update)(void))
|
||||
static int
|
||||
crypto_uio_copy_to_data(crypto_data_t *data, uchar_t *buf, int len)
|
||||
{
|
||||
(void) digest_ctx, (void) update;
|
||||
zfs_uio_t *uiop = data->cd_uio;
|
||||
off_t offset = data->cd_offset;
|
||||
size_t length = len;
|
||||
@ -72,26 +70,8 @@ crypto_uio_data(crypto_data_t *data, uchar_t *buf, int len, cmd_type_t cmd,
|
||||
offset, length);
|
||||
|
||||
datap = (uchar_t *)(zfs_uio_iovbase(uiop, vec_idx) + offset);
|
||||
switch (cmd) {
|
||||
case COPY_FROM_DATA:
|
||||
bcopy(datap, buf, cur_len);
|
||||
buf += cur_len;
|
||||
break;
|
||||
case COPY_TO_DATA:
|
||||
bcopy(buf, datap, cur_len);
|
||||
buf += cur_len;
|
||||
break;
|
||||
case COMPARE_TO_DATA:
|
||||
if (bcmp(datap, buf, cur_len))
|
||||
return (CRYPTO_SIGNATURE_INVALID);
|
||||
buf += cur_len;
|
||||
break;
|
||||
case MD5_DIGEST_DATA:
|
||||
case SHA1_DIGEST_DATA:
|
||||
case SHA2_DIGEST_DATA:
|
||||
case GHASH_DATA:
|
||||
return (CRYPTO_ARGUMENTS_BAD);
|
||||
}
|
||||
bcopy(buf, datap, cur_len);
|
||||
buf += cur_len;
|
||||
|
||||
length -= cur_len;
|
||||
vec_idx++;
|
||||
@ -100,16 +80,11 @@ crypto_uio_data(crypto_data_t *data, uchar_t *buf, int len, cmd_type_t cmd,
|
||||
|
||||
if (vec_idx == zfs_uio_iovcnt(uiop) && length > 0) {
|
||||
/*
|
||||
* The end of the specified iovec's was reached but
|
||||
* The end of the specified iovecs was reached but
|
||||
* the length requested could not be processed.
|
||||
*/
|
||||
switch (cmd) {
|
||||
case COPY_TO_DATA:
|
||||
data->cd_length = len;
|
||||
return (CRYPTO_BUFFER_TOO_SMALL);
|
||||
default:
|
||||
return (CRYPTO_DATA_LEN_RANGE);
|
||||
}
|
||||
data->cd_length = len;
|
||||
return (CRYPTO_BUFFER_TOO_SMALL);
|
||||
}
|
||||
|
||||
return (CRYPTO_SUCCESS);
|
||||
@ -129,8 +104,7 @@ crypto_put_output_data(uchar_t *buf, crypto_data_t *output, int len)
|
||||
break;
|
||||
|
||||
case CRYPTO_DATA_UIO:
|
||||
return (crypto_uio_data(output, buf, len,
|
||||
COPY_TO_DATA, NULL, NULL));
|
||||
return (crypto_uio_copy_to_data(output, buf, len));
|
||||
default:
|
||||
return (CRYPTO_ARGUMENTS_BAD);
|
||||
}
|
||||
|
@ -479,8 +479,6 @@ extern kcf_provider_desc_t *kcf_alloc_provider_desc(void);
|
||||
extern void kcf_provider_zero_refcnt(kcf_provider_desc_t *);
|
||||
extern void kcf_free_provider_desc(kcf_provider_desc_t *);
|
||||
extern void undo_register_provider(kcf_provider_desc_t *, boolean_t);
|
||||
extern int crypto_uio_data(crypto_data_t *, uchar_t *, int, cmd_type_t,
|
||||
void *, void (*update)(void));
|
||||
extern int crypto_put_output_data(uchar_t *, crypto_data_t *, int);
|
||||
extern int crypto_update_iov(void *, crypto_data_t *, crypto_data_t *,
|
||||
int (*cipher)(void *, caddr_t, size_t, crypto_data_t *),
|
||||
|
@ -242,24 +242,15 @@ aes_check_mech_param(crypto_mechanism_t *mechanism, aes_ctx_t **ctx, int kmflag)
|
||||
static int
|
||||
init_keysched(crypto_key_t *key, void *newbie)
|
||||
{
|
||||
/*
|
||||
* Only keys by value are supported by this module.
|
||||
*/
|
||||
switch (key->ck_format) {
|
||||
case CRYPTO_KEY_RAW:
|
||||
if (key->ck_length < AES_MINBITS ||
|
||||
key->ck_length > AES_MAXBITS) {
|
||||
return (CRYPTO_KEY_SIZE_RANGE);
|
||||
}
|
||||
|
||||
/* key length must be either 128, 192, or 256 */
|
||||
if ((key->ck_length & 63) != 0)
|
||||
return (CRYPTO_KEY_SIZE_RANGE);
|
||||
break;
|
||||
default:
|
||||
return (CRYPTO_KEY_TYPE_INCONSISTENT);
|
||||
if (key->ck_length < AES_MINBITS ||
|
||||
key->ck_length > AES_MAXBITS) {
|
||||
return (CRYPTO_KEY_SIZE_RANGE);
|
||||
}
|
||||
|
||||
/* key length must be either 128, 192, or 256 */
|
||||
if ((key->ck_length & 63) != 0)
|
||||
return (CRYPTO_KEY_SIZE_RANGE);
|
||||
|
||||
aes_init_keysched(key->ck_data, key->ck_length, newbie);
|
||||
return (CRYPTO_SUCCESS);
|
||||
}
|
||||
@ -294,13 +285,6 @@ aes_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
|
||||
int rv;
|
||||
int kmflag;
|
||||
|
||||
/*
|
||||
* Only keys by value are supported by this module.
|
||||
*/
|
||||
if (key->ck_format != CRYPTO_KEY_RAW) {
|
||||
return (CRYPTO_KEY_TYPE_INCONSISTENT);
|
||||
}
|
||||
|
||||
kmflag = crypto_kmflag(req);
|
||||
if ((rv = aes_check_mech_param(mechanism, &aes_ctx, kmflag))
|
||||
!= CRYPTO_SUCCESS)
|
||||
|
@ -737,9 +737,6 @@ sha2_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
|
||||
return (CRYPTO_MECHANISM_INVALID);
|
||||
}
|
||||
|
||||
if (key->ck_format != CRYPTO_KEY_RAW)
|
||||
return (CRYPTO_ARGUMENTS_BAD);
|
||||
|
||||
ctx->cc_provider_private = kmem_alloc(sizeof (sha2_hmac_ctx_t),
|
||||
crypto_kmflag(req));
|
||||
if (ctx->cc_provider_private == NULL)
|
||||
@ -971,10 +968,6 @@ sha2_mac_atomic(crypto_provider_handle_t provider,
|
||||
return (CRYPTO_MECHANISM_INVALID);
|
||||
}
|
||||
|
||||
/* Add support for key by attributes (RFE 4706552) */
|
||||
if (key->ck_format != CRYPTO_KEY_RAW)
|
||||
return (CRYPTO_ARGUMENTS_BAD);
|
||||
|
||||
if (ctx_template != NULL) {
|
||||
/* reuse context template */
|
||||
bcopy(ctx_template, &sha2_hmac_ctx, sizeof (sha2_hmac_ctx_t));
|
||||
@ -1109,10 +1102,6 @@ sha2_mac_verify_atomic(crypto_provider_handle_t provider,
|
||||
return (CRYPTO_MECHANISM_INVALID);
|
||||
}
|
||||
|
||||
/* Add support for key by attributes (RFE 4706552) */
|
||||
if (key->ck_format != CRYPTO_KEY_RAW)
|
||||
return (CRYPTO_ARGUMENTS_BAD);
|
||||
|
||||
if (ctx_template != NULL) {
|
||||
/* reuse context template */
|
||||
bcopy(ctx_template, &sha2_hmac_ctx, sizeof (sha2_hmac_ctx_t));
|
||||
@ -1287,10 +1276,6 @@ sha2_create_ctx_template(crypto_provider_handle_t provider,
|
||||
return (CRYPTO_MECHANISM_INVALID);
|
||||
}
|
||||
|
||||
/* Add support for key by attributes (RFE 4706552) */
|
||||
if (key->ck_format != CRYPTO_KEY_RAW)
|
||||
return (CRYPTO_ARGUMENTS_BAD);
|
||||
|
||||
/*
|
||||
* Allocate and initialize SHA2 context.
|
||||
*/
|
||||
|
@ -530,8 +530,6 @@ skein_mac_ctx_build(skein_ctx_t *ctx, crypto_mechanism_t *mechanism,
|
||||
|
||||
if (!VALID_SKEIN_MAC_MECH(mechanism->cm_type))
|
||||
return (CRYPTO_MECHANISM_INVALID);
|
||||
if (key->ck_format != CRYPTO_KEY_RAW)
|
||||
return (CRYPTO_ARGUMENTS_BAD);
|
||||
ctx->sc_mech_type = mechanism->cm_type;
|
||||
error = skein_get_digest_bitlen(mechanism, &ctx->sc_digest_bitlen);
|
||||
if (error != CRYPTO_SUCCESS)
|
||||
|
@ -210,12 +210,12 @@ freebsd_crypt_uio_debug_log(boolean_t encrypt,
|
||||
uint8_t *p = NULL;
|
||||
size_t total = 0;
|
||||
|
||||
printf("%s(%s, %p, { %s, %d, %d, %s }, %p, { %d, %p, %u }, "
|
||||
printf("%s(%s, %p, { %s, %d, %d, %s }, %p, { %p, %u }, "
|
||||
"%p, %u, %u)\n",
|
||||
__FUNCTION__, encrypt ? "encrypt" : "decrypt", input_sessionp,
|
||||
c_info->ci_algname, c_info->ci_crypt_type,
|
||||
(unsigned int)c_info->ci_keylen, c_info->ci_name,
|
||||
data_uio, key->ck_format, key->ck_data,
|
||||
data_uio, key->ck_data,
|
||||
(unsigned int)key->ck_length,
|
||||
ivbuf, (unsigned int)datalen, (unsigned int)auth_len);
|
||||
printf("\tkey = { ");
|
||||
@ -247,11 +247,11 @@ freebsd_crypt_newsession(freebsd_crypt_session_t *sessp,
|
||||
int error = 0;
|
||||
|
||||
#ifdef FCRYPTO_DEBUG
|
||||
printf("%s(%p, { %s, %d, %d, %s }, { %d, %p, %u })\n",
|
||||
printf("%s(%p, { %s, %d, %d, %s }, { %p, %u })\n",
|
||||
__FUNCTION__, sessp,
|
||||
c_info->ci_algname, c_info->ci_crypt_type,
|
||||
(unsigned int)c_info->ci_keylen, c_info->ci_name,
|
||||
key->ck_format, key->ck_data, (unsigned int)key->ck_length);
|
||||
key->ck_data, (unsigned int)key->ck_length);
|
||||
printf("\tkey = { ");
|
||||
for (int i = 0; i < key->ck_length / 8; i++) {
|
||||
uint8_t *b = (uint8_t *)key->ck_data;
|
||||
@ -391,11 +391,11 @@ freebsd_crypt_newsession(freebsd_crypt_session_t *sessp,
|
||||
crypto_session_t sid;
|
||||
|
||||
#ifdef FCRYPTO_DEBUG
|
||||
printf("%s(%p, { %s, %d, %d, %s }, { %d, %p, %u })\n",
|
||||
printf("%s(%p, { %s, %d, %d, %s }, { %p, %u })\n",
|
||||
__FUNCTION__, sessp,
|
||||
c_info->ci_algname, c_info->ci_crypt_type,
|
||||
(unsigned int)c_info->ci_keylen, c_info->ci_name,
|
||||
key->ck_format, key->ck_data, (unsigned int)key->ck_length);
|
||||
key->ck_data, (unsigned int)key->ck_length);
|
||||
printf("\tkey = { ");
|
||||
for (int i = 0; i < key->ck_length / 8; i++) {
|
||||
uint8_t *b = (uint8_t *)key->ck_data;
|
||||
|
@ -29,7 +29,6 @@ hkdf_sha512_extract(uint8_t *salt, uint_t salt_len, uint8_t *key_material,
|
||||
crypto_key_t key;
|
||||
|
||||
/* initialize the salt as a crypto key */
|
||||
key.ck_format = CRYPTO_KEY_RAW;
|
||||
key.ck_length = CRYPTO_BYTES2BITS(salt_len);
|
||||
key.ck_data = salt;
|
||||
|
||||
@ -53,7 +52,6 @@ hkdf_sha512_expand(uint8_t *extract_key, uint8_t *info, uint_t info_len,
|
||||
return (SET_ERROR(EINVAL));
|
||||
|
||||
/* initialize the salt as a crypto key */
|
||||
key.ck_format = CRYPTO_KEY_RAW;
|
||||
key.ck_length = CRYPTO_BYTES2BITS(SHA512_DIGEST_LENGTH);
|
||||
key.ck_data = extract_key;
|
||||
|
||||
|
@ -270,11 +270,9 @@ zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key)
|
||||
goto error;
|
||||
|
||||
/* initialize keys for the ICP */
|
||||
key->zk_current_key.ck_format = CRYPTO_KEY_RAW;
|
||||
key->zk_current_key.ck_data = key->zk_current_keydata;
|
||||
key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len);
|
||||
|
||||
key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW;
|
||||
key->zk_hmac_key.ck_data = &key->zk_hmac_key;
|
||||
key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN);
|
||||
|
||||
@ -437,7 +435,6 @@ zio_crypt_key_wrap(crypto_key_t *cwkey, zio_crypt_key_t *key, uint8_t *iv,
|
||||
uint_t enc_len, keydata_len, aad_len;
|
||||
|
||||
ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
|
||||
ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW);
|
||||
|
||||
zfs_uio_init(&cuio, &cuio_s);
|
||||
|
||||
@ -518,7 +515,6 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
|
||||
uint_t enc_len, keydata_len, aad_len;
|
||||
|
||||
ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
|
||||
ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW);
|
||||
|
||||
keydata_len = zio_crypt_table[crypt].ci_keylen;
|
||||
rw_init(&key->zk_salt_lock, NULL, RW_DEFAULT, NULL);
|
||||
@ -586,11 +582,9 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
|
||||
goto error;
|
||||
|
||||
/* initialize keys for ICP */
|
||||
key->zk_current_key.ck_format = CRYPTO_KEY_RAW;
|
||||
key->zk_current_key.ck_data = key->zk_current_keydata;
|
||||
key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len);
|
||||
|
||||
key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW;
|
||||
key->zk_hmac_key.ck_data = key->zk_hmac_keydata;
|
||||
key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN);
|
||||
|
||||
@ -1727,7 +1721,6 @@ zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key,
|
||||
salt, ZIO_DATA_SALT_LEN, enc_keydata, keydata_len);
|
||||
if (ret != 0)
|
||||
goto error;
|
||||
tmp_ckey.ck_format = CRYPTO_KEY_RAW;
|
||||
tmp_ckey.ck_data = enc_keydata;
|
||||
tmp_ckey.ck_length = CRYPTO_BYTES2BITS(keydata_len);
|
||||
|
||||
|
@ -257,11 +257,9 @@ zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key)
|
||||
goto error;
|
||||
|
||||
/* initialize keys for the ICP */
|
||||
key->zk_current_key.ck_format = CRYPTO_KEY_RAW;
|
||||
key->zk_current_key.ck_data = key->zk_current_keydata;
|
||||
key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len);
|
||||
|
||||
key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW;
|
||||
key->zk_hmac_key.ck_data = &key->zk_hmac_key;
|
||||
key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN);
|
||||
|
||||
@ -387,7 +385,6 @@ zio_do_crypt_uio(boolean_t encrypt, uint64_t crypt, crypto_key_t *key,
|
||||
uint_t plain_full_len, maclen;
|
||||
|
||||
ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
|
||||
ASSERT3U(key->ck_format, ==, CRYPTO_KEY_RAW);
|
||||
|
||||
/* lookup the encryption info */
|
||||
crypt_info = zio_crypt_table[crypt];
|
||||
@ -486,7 +483,6 @@ zio_crypt_key_wrap(crypto_key_t *cwkey, zio_crypt_key_t *key, uint8_t *iv,
|
||||
uint_t enc_len, keydata_len, aad_len;
|
||||
|
||||
ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
|
||||
ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW);
|
||||
|
||||
keydata_len = zio_crypt_table[crypt].ci_keylen;
|
||||
|
||||
@ -557,7 +553,6 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
|
||||
int ret;
|
||||
|
||||
ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
|
||||
ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW);
|
||||
|
||||
rw_init(&key->zk_salt_lock, NULL, RW_DEFAULT, NULL);
|
||||
|
||||
@ -614,11 +609,9 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
|
||||
goto error;
|
||||
|
||||
/* initialize keys for ICP */
|
||||
key->zk_current_key.ck_format = CRYPTO_KEY_RAW;
|
||||
key->zk_current_key.ck_data = key->zk_current_keydata;
|
||||
key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len);
|
||||
|
||||
key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW;
|
||||
key->zk_hmac_key.ck_data = key->zk_hmac_keydata;
|
||||
key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN);
|
||||
|
||||
@ -1921,7 +1914,6 @@ zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key,
|
||||
if (ret != 0)
|
||||
goto error;
|
||||
|
||||
tmp_ckey.ck_format = CRYPTO_KEY_RAW;
|
||||
tmp_ckey.ck_data = enc_keydata;
|
||||
tmp_ckey.ck_length = CRYPTO_BYTES2BITS(keydata_len);
|
||||
|
||||
|
@ -119,7 +119,6 @@ dsl_wrapping_key_create(uint8_t *wkeydata, zfs_keyformat_t keyformat,
|
||||
/* allocate and initialize the underlying crypto key */
|
||||
wkey->wk_key.ck_data = kmem_alloc(WRAPPING_KEY_LEN, KM_SLEEP);
|
||||
|
||||
wkey->wk_key.ck_format = CRYPTO_KEY_RAW;
|
||||
wkey->wk_key.ck_length = CRYPTO_BYTES2BITS(WRAPPING_KEY_LEN);
|
||||
bcopy(wkeydata, wkey->wk_key.ck_data, WRAPPING_KEY_LEN);
|
||||
|
||||
|
@ -36,7 +36,6 @@ hkdf_sha512_extract(uint8_t *salt, uint_t salt_len, uint8_t *key_material,
|
||||
mech.cm_param_len = 0;
|
||||
|
||||
/* initialize the salt as a crypto key */
|
||||
key.ck_format = CRYPTO_KEY_RAW;
|
||||
key.ck_length = CRYPTO_BYTES2BITS(salt_len);
|
||||
key.ck_data = salt;
|
||||
|
||||
@ -83,7 +82,6 @@ hkdf_sha512_expand(uint8_t *extract_key, uint8_t *info, uint_t info_len,
|
||||
mech.cm_param_len = 0;
|
||||
|
||||
/* initialize the salt as a crypto key */
|
||||
key.ck_format = CRYPTO_KEY_RAW;
|
||||
key.ck_length = CRYPTO_BYTES2BITS(SHA512_DIGEST_LENGTH);
|
||||
key.ck_data = extract_key;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user