module: icp: fold away all key formats except CRYPTO_KEY_RAW

It's the only one actually used

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Closes #12901

module/icp/api/kcf_mac.c

@@ -164,13 +164,12 @@ retry:
  *	See comment in the beginning of the file.
  */
 static int
-crypto_mac_init_prov(crypto_provider_t provider,
+crypto_mac_init_prov(kcf_provider_desc_t *pd,
     crypto_mechanism_t *mech, crypto_key_t *key, crypto_spi_ctx_template_t tmpl,
     crypto_context_t *ctxp, crypto_call_req_t *crq)
 {
 	int rv;
 	crypto_ctx_t *ctx;
-	kcf_provider_desc_t *pd = provider;
 	kcf_provider_desc_t *real_provider = pd;
 
 	ASSERT(KCF_PROV_REFHELD(pd));

module/icp/core/kcf_prov_lib.c

@@ -33,14 +33,12 @@
  */
 
 /*
- * Utility routine to apply the command, 'cmd', to the
+ * Utility routine to apply the command COPY_TO_DATA to the
  * data in the uio structure.
  */
-int
-crypto_uio_data(crypto_data_t *data, uchar_t *buf, int len, cmd_type_t cmd,
-    void *digest_ctx, void (*update)(void))
+static int
+crypto_uio_copy_to_data(crypto_data_t *data, uchar_t *buf, int len)
 {
-	(void) digest_ctx, (void) update;
 	zfs_uio_t *uiop = data->cd_uio;
 	off_t offset = data->cd_offset;
 	size_t length = len;
@@ -72,26 +70,8 @@ crypto_uio_data(crypto_data_t *data, uchar_t *buf, int len, cmd_type_t cmd,
 		    offset, length);
 
 		datap = (uchar_t *)(zfs_uio_iovbase(uiop, vec_idx) + offset);
-		switch (cmd) {
-		case COPY_FROM_DATA:
-			bcopy(datap, buf, cur_len);
-			buf += cur_len;
-			break;
-		case COPY_TO_DATA:
-			bcopy(buf, datap, cur_len);
-			buf += cur_len;
-			break;
-		case COMPARE_TO_DATA:
-			if (bcmp(datap, buf, cur_len))
-				return (CRYPTO_SIGNATURE_INVALID);
-			buf += cur_len;
-			break;
-		case MD5_DIGEST_DATA:
-		case SHA1_DIGEST_DATA:
-		case SHA2_DIGEST_DATA:
-		case GHASH_DATA:
-			return (CRYPTO_ARGUMENTS_BAD);
-		}
+		bcopy(buf, datap, cur_len);
+		buf += cur_len;
 
 		length -= cur_len;
 		vec_idx++;
@@ -100,16 +80,11 @@ crypto_uio_data(crypto_data_t *data, uchar_t *buf, int len, cmd_type_t cmd,
 
 	if (vec_idx == zfs_uio_iovcnt(uiop) && length > 0) {
 		/*
-		 * The end of the specified iovec's was reached but
+		 * The end of the specified iovecs was reached but
 		 * the length requested could not be processed.
 		 */
-		switch (cmd) {
-		case COPY_TO_DATA:
-			data->cd_length = len;
-			return (CRYPTO_BUFFER_TOO_SMALL);
-		default:
-			return (CRYPTO_DATA_LEN_RANGE);
-		}
+		data->cd_length = len;
+		return (CRYPTO_BUFFER_TOO_SMALL);
 	}
 
 	return (CRYPTO_SUCCESS);
@@ -129,8 +104,7 @@ crypto_put_output_data(uchar_t *buf, crypto_data_t *output, int len)
 		break;
 
 	case CRYPTO_DATA_UIO:
-		return (crypto_uio_data(output, buf, len,
-		    COPY_TO_DATA, NULL, NULL));
+		return (crypto_uio_copy_to_data(output, buf, len));
 	default:
 		return (CRYPTO_ARGUMENTS_BAD);
 	}

module/icp/include/sys/crypto/impl.h

@@ -479,8 +479,6 @@ extern kcf_provider_desc_t *kcf_alloc_provider_desc(void);
 extern void kcf_provider_zero_refcnt(kcf_provider_desc_t *);
 extern void kcf_free_provider_desc(kcf_provider_desc_t *);
 extern void undo_register_provider(kcf_provider_desc_t *, boolean_t);
-extern int crypto_uio_data(crypto_data_t *, uchar_t *, int, cmd_type_t,
-    void *, void (*update)(void));
 extern int crypto_put_output_data(uchar_t *, crypto_data_t *, int);
 extern int crypto_update_iov(void *, crypto_data_t *, crypto_data_t *,
     int (*cipher)(void *, caddr_t, size_t, crypto_data_t *),

module/icp/io/aes.c

@@ -242,24 +242,15 @@ aes_check_mech_param(crypto_mechanism_t *mechanism, aes_ctx_t **ctx, int kmflag)
 static int
 init_keysched(crypto_key_t *key, void *newbie)
 {
-	/*
-	 * Only keys by value are supported by this module.
-	 */
-	switch (key->ck_format) {
-	case CRYPTO_KEY_RAW:
-		if (key->ck_length < AES_MINBITS ||
-		    key->ck_length > AES_MAXBITS) {
-			return (CRYPTO_KEY_SIZE_RANGE);
-		}
-
-		/* key length must be either 128, 192, or 256 */
-		if ((key->ck_length & 63) != 0)
-			return (CRYPTO_KEY_SIZE_RANGE);
-		break;
-	default:
-		return (CRYPTO_KEY_TYPE_INCONSISTENT);
+	if (key->ck_length < AES_MINBITS ||
+	    key->ck_length > AES_MAXBITS) {
+		return (CRYPTO_KEY_SIZE_RANGE);
 	}
 
+	/* key length must be either 128, 192, or 256 */
+	if ((key->ck_length & 63) != 0)
+		return (CRYPTO_KEY_SIZE_RANGE);
+
 	aes_init_keysched(key->ck_data, key->ck_length, newbie);
 	return (CRYPTO_SUCCESS);
 }
@@ -294,13 +285,6 @@ aes_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
 	int rv;
 	int kmflag;
 
-	/*
-	 * Only keys by value are supported by this module.
-	 */
-	if (key->ck_format != CRYPTO_KEY_RAW) {
-		return (CRYPTO_KEY_TYPE_INCONSISTENT);
-	}
-
 	kmflag = crypto_kmflag(req);
 	if ((rv = aes_check_mech_param(mechanism, &aes_ctx, kmflag))
 	    != CRYPTO_SUCCESS)

module/icp/io/sha2_mod.c

@@ -737,9 +737,6 @@ sha2_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
 		return (CRYPTO_MECHANISM_INVALID);
 	}
 
-	if (key->ck_format != CRYPTO_KEY_RAW)
-		return (CRYPTO_ARGUMENTS_BAD);
-
 	ctx->cc_provider_private = kmem_alloc(sizeof (sha2_hmac_ctx_t),
 	    crypto_kmflag(req));
 	if (ctx->cc_provider_private == NULL)
@@ -971,10 +968,6 @@ sha2_mac_atomic(crypto_provider_handle_t provider,
 		return (CRYPTO_MECHANISM_INVALID);
 	}
 
-	/* Add support for key by attributes (RFE 4706552) */
-	if (key->ck_format != CRYPTO_KEY_RAW)
-		return (CRYPTO_ARGUMENTS_BAD);
-
 	if (ctx_template != NULL) {
 		/* reuse context template */
 		bcopy(ctx_template, &sha2_hmac_ctx, sizeof (sha2_hmac_ctx_t));
@@ -1109,10 +1102,6 @@ sha2_mac_verify_atomic(crypto_provider_handle_t provider,
 		return (CRYPTO_MECHANISM_INVALID);
 	}
 
-	/* Add support for key by attributes (RFE 4706552) */
-	if (key->ck_format != CRYPTO_KEY_RAW)
-		return (CRYPTO_ARGUMENTS_BAD);
-
 	if (ctx_template != NULL) {
 		/* reuse context template */
 		bcopy(ctx_template, &sha2_hmac_ctx, sizeof (sha2_hmac_ctx_t));
@@ -1287,10 +1276,6 @@ sha2_create_ctx_template(crypto_provider_handle_t provider,
 		return (CRYPTO_MECHANISM_INVALID);
 	}
 
-	/* Add support for key by attributes (RFE 4706552) */
-	if (key->ck_format != CRYPTO_KEY_RAW)
-		return (CRYPTO_ARGUMENTS_BAD);
-
 	/*
 	 * Allocate and initialize SHA2 context.
 	 */

module/icp/io/skein_mod.c

@@ -530,8 +530,6 @@ skein_mac_ctx_build(skein_ctx_t *ctx, crypto_mechanism_t *mechanism,
 
 	if (!VALID_SKEIN_MAC_MECH(mechanism->cm_type))
 		return (CRYPTO_MECHANISM_INVALID);
-	if (key->ck_format != CRYPTO_KEY_RAW)
-		return (CRYPTO_ARGUMENTS_BAD);
 	ctx->sc_mech_type = mechanism->cm_type;
 	error = skein_get_digest_bitlen(mechanism, &ctx->sc_digest_bitlen);
 	if (error != CRYPTO_SUCCESS)

module/os/freebsd/zfs/crypto_os.c

@@ -210,12 +210,12 @@ freebsd_crypt_uio_debug_log(boolean_t encrypt,
 	uint8_t *p = NULL;
 	size_t total = 0;
 
-	printf("%s(%s, %p, { %s, %d, %d, %s }, %p, { %d, %p, %u }, "
+	printf("%s(%s, %p, { %s, %d, %d, %s }, %p, { %p, %u }, "
 	    "%p, %u, %u)\n",
 	    __FUNCTION__, encrypt ? "encrypt" : "decrypt", input_sessionp,
 	    c_info->ci_algname, c_info->ci_crypt_type,
 	    (unsigned int)c_info->ci_keylen, c_info->ci_name,
-	    data_uio, key->ck_format, key->ck_data,
+	    data_uio, key->ck_data,
 	    (unsigned int)key->ck_length,
 	    ivbuf, (unsigned int)datalen, (unsigned int)auth_len);
 	printf("\tkey = { ");
@@ -247,11 +247,11 @@ freebsd_crypt_newsession(freebsd_crypt_session_t *sessp,
 	int error = 0;
 
 #ifdef FCRYPTO_DEBUG
-	printf("%s(%p, { %s, %d, %d, %s }, { %d, %p, %u })\n",
+	printf("%s(%p, { %s, %d, %d, %s }, { %p, %u })\n",
 	    __FUNCTION__, sessp,
 	    c_info->ci_algname, c_info->ci_crypt_type,
 	    (unsigned int)c_info->ci_keylen, c_info->ci_name,
-	    key->ck_format, key->ck_data, (unsigned int)key->ck_length);
+	    key->ck_data, (unsigned int)key->ck_length);
 	printf("\tkey = { ");
 	for (int i = 0; i < key->ck_length / 8; i++) {
 		uint8_t *b = (uint8_t *)key->ck_data;
@@ -391,11 +391,11 @@ freebsd_crypt_newsession(freebsd_crypt_session_t *sessp,
 	crypto_session_t sid;
 
 #ifdef FCRYPTO_DEBUG
-	printf("%s(%p, { %s, %d, %d, %s }, { %d, %p, %u })\n",
+	printf("%s(%p, { %s, %d, %d, %s }, { %p, %u })\n",
 	    __FUNCTION__, sessp,
 	    c_info->ci_algname, c_info->ci_crypt_type,
 	    (unsigned int)c_info->ci_keylen, c_info->ci_name,
-	    key->ck_format, key->ck_data, (unsigned int)key->ck_length);
+	    key->ck_data, (unsigned int)key->ck_length);
 	printf("\tkey = { ");
 	for (int i = 0; i < key->ck_length / 8; i++) {
 		uint8_t *b = (uint8_t *)key->ck_data;

module/os/freebsd/zfs/hkdf.c

@@ -29,7 +29,6 @@ hkdf_sha512_extract(uint8_t *salt, uint_t salt_len, uint8_t *key_material,
 	crypto_key_t key;
 
 	/* initialize the salt as a crypto key */
-	key.ck_format = CRYPTO_KEY_RAW;
 	key.ck_length = CRYPTO_BYTES2BITS(salt_len);
 	key.ck_data = salt;
 
@@ -53,7 +52,6 @@ hkdf_sha512_expand(uint8_t *extract_key, uint8_t *info, uint_t info_len,
 		return (SET_ERROR(EINVAL));
 
 	/* initialize the salt as a crypto key */
-	key.ck_format = CRYPTO_KEY_RAW;
 	key.ck_length = CRYPTO_BYTES2BITS(SHA512_DIGEST_LENGTH);
 	key.ck_data = extract_key;
 

module/os/freebsd/zfs/zio_crypt.c

@@ -270,11 +270,9 @@ zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key)
 		goto error;
 
 	/* initialize keys for the ICP */
-	key->zk_current_key.ck_format = CRYPTO_KEY_RAW;
 	key->zk_current_key.ck_data = key->zk_current_keydata;
 	key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len);
 
-	key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW;
 	key->zk_hmac_key.ck_data = &key->zk_hmac_key;
 	key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN);
 
@@ -437,7 +435,6 @@ zio_crypt_key_wrap(crypto_key_t *cwkey, zio_crypt_key_t *key, uint8_t *iv,
 	uint_t enc_len, keydata_len, aad_len;
 
 	ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
-	ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW);
 
 	zfs_uio_init(&cuio, &cuio_s);
 
@@ -518,7 +515,6 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
 	uint_t enc_len, keydata_len, aad_len;
 
 	ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
-	ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW);
 
 	keydata_len = zio_crypt_table[crypt].ci_keylen;
 	rw_init(&key->zk_salt_lock, NULL, RW_DEFAULT, NULL);
@@ -586,11 +582,9 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
 		goto error;
 
 	/* initialize keys for ICP */
-	key->zk_current_key.ck_format = CRYPTO_KEY_RAW;
 	key->zk_current_key.ck_data = key->zk_current_keydata;
 	key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len);
 
-	key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW;
 	key->zk_hmac_key.ck_data = key->zk_hmac_keydata;
 	key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN);
 
@@ -1727,7 +1721,6 @@ zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key,
 		    salt, ZIO_DATA_SALT_LEN, enc_keydata, keydata_len);
 		if (ret != 0)
 			goto error;
-		tmp_ckey.ck_format = CRYPTO_KEY_RAW;
 		tmp_ckey.ck_data = enc_keydata;
 		tmp_ckey.ck_length = CRYPTO_BYTES2BITS(keydata_len);
 

module/os/linux/zfs/zio_crypt.c

@@ -257,11 +257,9 @@ zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key)
 		goto error;
 
 	/* initialize keys for the ICP */
-	key->zk_current_key.ck_format = CRYPTO_KEY_RAW;
 	key->zk_current_key.ck_data = key->zk_current_keydata;
 	key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len);
 
-	key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW;
 	key->zk_hmac_key.ck_data = &key->zk_hmac_key;
 	key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN);
 
@@ -387,7 +385,6 @@ zio_do_crypt_uio(boolean_t encrypt, uint64_t crypt, crypto_key_t *key,
 	uint_t plain_full_len, maclen;
 
 	ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
-	ASSERT3U(key->ck_format, ==, CRYPTO_KEY_RAW);
 
 	/* lookup the encryption info */
 	crypt_info = zio_crypt_table[crypt];
@@ -486,7 +483,6 @@ zio_crypt_key_wrap(crypto_key_t *cwkey, zio_crypt_key_t *key, uint8_t *iv,
 	uint_t enc_len, keydata_len, aad_len;
 
 	ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
-	ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW);
 
 	keydata_len = zio_crypt_table[crypt].ci_keylen;
 
@@ -557,7 +553,6 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
 	int ret;
 
 	ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
-	ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW);
 
 	rw_init(&key->zk_salt_lock, NULL, RW_DEFAULT, NULL);
 
@@ -614,11 +609,9 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
 		goto error;
 
 	/* initialize keys for ICP */
-	key->zk_current_key.ck_format = CRYPTO_KEY_RAW;
 	key->zk_current_key.ck_data = key->zk_current_keydata;
 	key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len);
 
-	key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW;
 	key->zk_hmac_key.ck_data = key->zk_hmac_keydata;
 	key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN);
 
@@ -1921,7 +1914,6 @@ zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key,
 		if (ret != 0)
 			goto error;
 
-		tmp_ckey.ck_format = CRYPTO_KEY_RAW;
 		tmp_ckey.ck_data = enc_keydata;
 		tmp_ckey.ck_length = CRYPTO_BYTES2BITS(keydata_len);
 

module/zfs/dsl_crypt.c

@@ -119,7 +119,6 @@ dsl_wrapping_key_create(uint8_t *wkeydata, zfs_keyformat_t keyformat,
 	/* allocate and initialize the underlying crypto key */
 	wkey->wk_key.ck_data = kmem_alloc(WRAPPING_KEY_LEN, KM_SLEEP);
 
-	wkey->wk_key.ck_format = CRYPTO_KEY_RAW;
 	wkey->wk_key.ck_length = CRYPTO_BYTES2BITS(WRAPPING_KEY_LEN);
 	bcopy(wkeydata, wkey->wk_key.ck_data, WRAPPING_KEY_LEN);
 

module/zfs/hkdf.c

@@ -36,7 +36,6 @@ hkdf_sha512_extract(uint8_t *salt, uint_t salt_len, uint8_t *key_material,
 	mech.cm_param_len = 0;
 
 	/* initialize the salt as a crypto key */
-	key.ck_format = CRYPTO_KEY_RAW;
 	key.ck_length = CRYPTO_BYTES2BITS(salt_len);
 	key.ck_data = salt;
 
@@ -83,7 +82,6 @@ hkdf_sha512_expand(uint8_t *extract_key, uint8_t *info, uint_t info_len,
 	mech.cm_param_len = 0;
 
 	/* initialize the salt as a crypto key */
-	key.ck_format = CRYPTO_KEY_RAW;
 	key.ck_length = CRYPTO_BYTES2BITS(SHA512_DIGEST_LENGTH);
 	key.ck_data = extract_key;