module: icp: fold away all key formats except CRYPTO_KEY_RAW

It's the only one actually used

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Closes #12901
This commit is contained in:
наб 2021-12-25 03:23:07 +01:00 committed by Brian Behlendorf
parent 1018e81e30
commit 739afd9475
14 changed files with 28 additions and 264 deletions

View File

@ -42,8 +42,6 @@
#define SUN_CKM_AES_GCM "CKM_AES_GCM" #define SUN_CKM_AES_GCM "CKM_AES_GCM"
#define SUN_CKM_SHA512_HMAC "CKM_SHA512_HMAC" #define SUN_CKM_SHA512_HMAC "CKM_SHA512_HMAC"
#define CRYPTO_KEY_RAW 1
#define CRYPTO_BITS2BYTES(n) ((n) == 0 ? 0 : (((n) - 1) >> 3) + 1) #define CRYPTO_BITS2BYTES(n) ((n) == 0 ? 0 : (((n) - 1) >> 3) + 1)
#define CRYPTO_BYTES2BITS(n) ((n) << 3) #define CRYPTO_BYTES2BITS(n) ((n) << 3)
@ -61,12 +59,11 @@ typedef struct freebsd_crypt_session {
typedef void *crypto_mechanism_t; typedef void *crypto_mechanism_t;
typedef void *crypto_ctx_template_t; typedef void *crypto_ctx_template_t;
/* /*
* Unlike the ICP crypto_key type, this only * Like the ICP crypto_key type, this only
* supports <data, length> (the equivalent of * supports <data, length> (the equivalent of
* CRYPTO_KEY_RAW). * the former CRYPTO_KEY_RAW).
*/ */
typedef struct crypto_key { typedef struct crypto_key {
int ck_format; /* Unused, but minimizes code diff */
void *ck_data; void *ck_data;
size_t ck_length; size_t ck_length;
} crypto_key_t; } crypto_key_t;

View File

@ -255,109 +255,11 @@ typedef struct crypto_data {
/* The keys, and their contents */ /* The keys, and their contents */
typedef enum { typedef struct {
CRYPTO_KEY_RAW = 1, /* ck_data is a cleartext key */ uint_t ck_length; /* # of bits in ck_data */
CRYPTO_KEY_REFERENCE, /* ck_obj_id is an opaque reference */ void *ck_data; /* ptr to key value */
CRYPTO_KEY_ATTR_LIST /* ck_attrs is a list of object attributes */
} crypto_key_format_t;
typedef uint64_t crypto_attr_type_t;
/* Attribute types to use for passing a RSA public key or a private key. */
#define SUN_CKA_MODULUS 0x00000120
#define SUN_CKA_MODULUS_BITS 0x00000121
#define SUN_CKA_PUBLIC_EXPONENT 0x00000122
#define SUN_CKA_PRIVATE_EXPONENT 0x00000123
#define SUN_CKA_PRIME_1 0x00000124
#define SUN_CKA_PRIME_2 0x00000125
#define SUN_CKA_EXPONENT_1 0x00000126
#define SUN_CKA_EXPONENT_2 0x00000127
#define SUN_CKA_COEFFICIENT 0x00000128
#define SUN_CKA_PRIME 0x00000130
#define SUN_CKA_SUBPRIME 0x00000131
#define SUN_CKA_BASE 0x00000132
#define CKK_EC 0x00000003
#define CKK_GENERIC_SECRET 0x00000010
#define CKK_RC4 0x00000012
#define CKK_AES 0x0000001F
#define CKK_DES 0x00000013
#define CKK_DES2 0x00000014
#define CKK_DES3 0x00000015
#define CKO_PUBLIC_KEY 0x00000002
#define CKO_PRIVATE_KEY 0x00000003
#define CKA_CLASS 0x00000000
#define CKA_VALUE 0x00000011
#define CKA_KEY_TYPE 0x00000100
#define CKA_VALUE_LEN 0x00000161
#define CKA_EC_PARAMS 0x00000180
#define CKA_EC_POINT 0x00000181
typedef uint32_t crypto_object_id_t;
typedef struct crypto_object_attribute {
crypto_attr_type_t oa_type; /* attribute type */
caddr_t oa_value; /* attribute value */
ssize_t oa_value_len; /* length of attribute value */
} crypto_object_attribute_t;
typedef struct crypto_key {
crypto_key_format_t ck_format; /* format identifier */
union {
/* for CRYPTO_KEY_RAW ck_format */
struct {
uint_t cku_v_length; /* # of bits in ck_data */
void *cku_v_data; /* ptr to key value */
} cku_key_value;
/* for CRYPTO_KEY_REFERENCE ck_format */
crypto_object_id_t cku_key_id; /* reference to object key */
/* for CRYPTO_KEY_ATTR_LIST ck_format */
struct {
uint_t cku_a_count; /* number of attributes */
crypto_object_attribute_t *cku_a_oattr;
} cku_key_attrs;
} cku_data; /* Crypto Key union */
} crypto_key_t; } crypto_key_t;
#ifdef _SYSCALL32
typedef struct crypto_object_attribute32 {
uint64_t oa_type; /* attribute type */
caddr32_t oa_value; /* attribute value */
ssize32_t oa_value_len; /* length of attribute value */
} crypto_object_attribute32_t;
typedef struct crypto_key32 {
crypto_key_format_t ck_format; /* format identifier */
union {
/* for CRYPTO_KEY_RAW ck_format */
struct {
uint32_t cku_v_length; /* # of bytes in ck_data */
caddr32_t cku_v_data; /* ptr to key value */
} cku_key_value;
/* for CRYPTO_KEY_REFERENCE ck_format */
crypto_object_id_t cku_key_id; /* reference to object key */
/* for CRYPTO_KEY_ATTR_LIST ck_format */
struct {
uint32_t cku_a_count; /* number of attributes */
caddr32_t cku_a_oattr;
} cku_key_attrs;
} cku_data; /* Crypto Key union */
} crypto_key32_t;
#endif /* _SYSCALL32 */
#define ck_data cku_data.cku_key_value.cku_v_data
#define ck_length cku_data.cku_key_value.cku_v_length
#define ck_obj_id cku_data.cku_key_id
#define ck_count cku_data.cku_key_attrs.cku_a_count
#define ck_attrs cku_data.cku_key_attrs.cku_a_oattr
/* /*
* Raw key lengths are expressed in number of bits. * Raw key lengths are expressed in number of bits.
* The following macro returns the minimum number of * The following macro returns the minimum number of
@ -372,64 +274,11 @@ typedef struct crypto_key32 {
typedef uint32_t crypto_provider_id_t; typedef uint32_t crypto_provider_id_t;
#define KCF_PROVID_INVALID ((uint32_t)-1) #define KCF_PROVID_INVALID ((uint32_t)-1)
typedef struct crypto_provider_entry {
crypto_provider_id_t pe_provider_id;
uint_t pe_mechanism_count;
} crypto_provider_entry_t;
typedef struct crypto_dev_list_entry {
char le_dev_name[MAXNAMELEN];
uint_t le_dev_instance;
uint_t le_mechanism_count;
} crypto_dev_list_entry_t;
/* User type for authentication ioctls and SPI entry points */
typedef enum crypto_user_type {
CRYPTO_SO = 0,
CRYPTO_USER
} crypto_user_type_t;
/* Version for provider management ioctls and SPI entry points */
typedef struct crypto_version {
uchar_t cv_major;
uchar_t cv_minor;
} crypto_version_t;
/* session data structure opaque to the consumer */ /* session data structure opaque to the consumer */
typedef void *crypto_session_t; typedef void *crypto_session_t;
/* provider data structure opaque to the consumer */
typedef void *crypto_provider_t;
/* Limits used by both consumers and providers */
#define CRYPTO_EXT_SIZE_LABEL 32
#define CRYPTO_EXT_SIZE_MANUF 32
#define CRYPTO_EXT_SIZE_MODEL 16
#define CRYPTO_EXT_SIZE_SERIAL 16
#define CRYPTO_EXT_SIZE_TIME 16
typedef uint_t crypto_session_id_t; typedef uint_t crypto_session_id_t;
typedef enum cmd_type {
COPY_FROM_DATA,
COPY_TO_DATA,
COMPARE_TO_DATA,
MD5_DIGEST_DATA,
SHA1_DIGEST_DATA,
SHA2_DIGEST_DATA,
GHASH_DATA
} cmd_type_t;
#define CRYPTO_DO_UPDATE 0x01
#define CRYPTO_DO_FINAL 0x02
#define CRYPTO_DO_MD5 0x04
#define CRYPTO_DO_SHA1 0x08
#define CRYPTO_DO_SIGN 0x10
#define CRYPTO_DO_VERIFY 0x20
#define CRYPTO_DO_SHA2 0x40
#define PROVIDER_OWNS_KEY_SCHEDULE 0x00000001 #define PROVIDER_OWNS_KEY_SCHEDULE 0x00000001
/* /*

View File

@ -164,13 +164,12 @@ retry:
* See comment in the beginning of the file. * See comment in the beginning of the file.
*/ */
static int static int
crypto_mac_init_prov(crypto_provider_t provider, crypto_mac_init_prov(kcf_provider_desc_t *pd,
crypto_mechanism_t *mech, crypto_key_t *key, crypto_spi_ctx_template_t tmpl, crypto_mechanism_t *mech, crypto_key_t *key, crypto_spi_ctx_template_t tmpl,
crypto_context_t *ctxp, crypto_call_req_t *crq) crypto_context_t *ctxp, crypto_call_req_t *crq)
{ {
int rv; int rv;
crypto_ctx_t *ctx; crypto_ctx_t *ctx;
kcf_provider_desc_t *pd = provider;
kcf_provider_desc_t *real_provider = pd; kcf_provider_desc_t *real_provider = pd;
ASSERT(KCF_PROV_REFHELD(pd)); ASSERT(KCF_PROV_REFHELD(pd));

View File

@ -33,14 +33,12 @@
*/ */
/* /*
* Utility routine to apply the command, 'cmd', to the * Utility routine to apply the command COPY_TO_DATA to the
* data in the uio structure. * data in the uio structure.
*/ */
int static int
crypto_uio_data(crypto_data_t *data, uchar_t *buf, int len, cmd_type_t cmd, crypto_uio_copy_to_data(crypto_data_t *data, uchar_t *buf, int len)
void *digest_ctx, void (*update)(void))
{ {
(void) digest_ctx, (void) update;
zfs_uio_t *uiop = data->cd_uio; zfs_uio_t *uiop = data->cd_uio;
off_t offset = data->cd_offset; off_t offset = data->cd_offset;
size_t length = len; size_t length = len;
@ -72,26 +70,8 @@ crypto_uio_data(crypto_data_t *data, uchar_t *buf, int len, cmd_type_t cmd,
offset, length); offset, length);
datap = (uchar_t *)(zfs_uio_iovbase(uiop, vec_idx) + offset); datap = (uchar_t *)(zfs_uio_iovbase(uiop, vec_idx) + offset);
switch (cmd) {
case COPY_FROM_DATA:
bcopy(datap, buf, cur_len);
buf += cur_len;
break;
case COPY_TO_DATA:
bcopy(buf, datap, cur_len); bcopy(buf, datap, cur_len);
buf += cur_len; buf += cur_len;
break;
case COMPARE_TO_DATA:
if (bcmp(datap, buf, cur_len))
return (CRYPTO_SIGNATURE_INVALID);
buf += cur_len;
break;
case MD5_DIGEST_DATA:
case SHA1_DIGEST_DATA:
case SHA2_DIGEST_DATA:
case GHASH_DATA:
return (CRYPTO_ARGUMENTS_BAD);
}
length -= cur_len; length -= cur_len;
vec_idx++; vec_idx++;
@ -100,16 +80,11 @@ crypto_uio_data(crypto_data_t *data, uchar_t *buf, int len, cmd_type_t cmd,
if (vec_idx == zfs_uio_iovcnt(uiop) && length > 0) { if (vec_idx == zfs_uio_iovcnt(uiop) && length > 0) {
/* /*
* The end of the specified iovec's was reached but * The end of the specified iovecs was reached but
* the length requested could not be processed. * the length requested could not be processed.
*/ */
switch (cmd) {
case COPY_TO_DATA:
data->cd_length = len; data->cd_length = len;
return (CRYPTO_BUFFER_TOO_SMALL); return (CRYPTO_BUFFER_TOO_SMALL);
default:
return (CRYPTO_DATA_LEN_RANGE);
}
} }
return (CRYPTO_SUCCESS); return (CRYPTO_SUCCESS);
@ -129,8 +104,7 @@ crypto_put_output_data(uchar_t *buf, crypto_data_t *output, int len)
break; break;
case CRYPTO_DATA_UIO: case CRYPTO_DATA_UIO:
return (crypto_uio_data(output, buf, len, return (crypto_uio_copy_to_data(output, buf, len));
COPY_TO_DATA, NULL, NULL));
default: default:
return (CRYPTO_ARGUMENTS_BAD); return (CRYPTO_ARGUMENTS_BAD);
} }

View File

@ -479,8 +479,6 @@ extern kcf_provider_desc_t *kcf_alloc_provider_desc(void);
extern void kcf_provider_zero_refcnt(kcf_provider_desc_t *); extern void kcf_provider_zero_refcnt(kcf_provider_desc_t *);
extern void kcf_free_provider_desc(kcf_provider_desc_t *); extern void kcf_free_provider_desc(kcf_provider_desc_t *);
extern void undo_register_provider(kcf_provider_desc_t *, boolean_t); extern void undo_register_provider(kcf_provider_desc_t *, boolean_t);
extern int crypto_uio_data(crypto_data_t *, uchar_t *, int, cmd_type_t,
void *, void (*update)(void));
extern int crypto_put_output_data(uchar_t *, crypto_data_t *, int); extern int crypto_put_output_data(uchar_t *, crypto_data_t *, int);
extern int crypto_update_iov(void *, crypto_data_t *, crypto_data_t *, extern int crypto_update_iov(void *, crypto_data_t *, crypto_data_t *,
int (*cipher)(void *, caddr_t, size_t, crypto_data_t *), int (*cipher)(void *, caddr_t, size_t, crypto_data_t *),

View File

@ -242,11 +242,6 @@ aes_check_mech_param(crypto_mechanism_t *mechanism, aes_ctx_t **ctx, int kmflag)
static int static int
init_keysched(crypto_key_t *key, void *newbie) init_keysched(crypto_key_t *key, void *newbie)
{ {
/*
* Only keys by value are supported by this module.
*/
switch (key->ck_format) {
case CRYPTO_KEY_RAW:
if (key->ck_length < AES_MINBITS || if (key->ck_length < AES_MINBITS ||
key->ck_length > AES_MAXBITS) { key->ck_length > AES_MAXBITS) {
return (CRYPTO_KEY_SIZE_RANGE); return (CRYPTO_KEY_SIZE_RANGE);
@ -255,10 +250,6 @@ init_keysched(crypto_key_t *key, void *newbie)
/* key length must be either 128, 192, or 256 */ /* key length must be either 128, 192, or 256 */
if ((key->ck_length & 63) != 0) if ((key->ck_length & 63) != 0)
return (CRYPTO_KEY_SIZE_RANGE); return (CRYPTO_KEY_SIZE_RANGE);
break;
default:
return (CRYPTO_KEY_TYPE_INCONSISTENT);
}
aes_init_keysched(key->ck_data, key->ck_length, newbie); aes_init_keysched(key->ck_data, key->ck_length, newbie);
return (CRYPTO_SUCCESS); return (CRYPTO_SUCCESS);
@ -294,13 +285,6 @@ aes_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
int rv; int rv;
int kmflag; int kmflag;
/*
* Only keys by value are supported by this module.
*/
if (key->ck_format != CRYPTO_KEY_RAW) {
return (CRYPTO_KEY_TYPE_INCONSISTENT);
}
kmflag = crypto_kmflag(req); kmflag = crypto_kmflag(req);
if ((rv = aes_check_mech_param(mechanism, &aes_ctx, kmflag)) if ((rv = aes_check_mech_param(mechanism, &aes_ctx, kmflag))
!= CRYPTO_SUCCESS) != CRYPTO_SUCCESS)

View File

@ -737,9 +737,6 @@ sha2_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
return (CRYPTO_MECHANISM_INVALID); return (CRYPTO_MECHANISM_INVALID);
} }
if (key->ck_format != CRYPTO_KEY_RAW)
return (CRYPTO_ARGUMENTS_BAD);
ctx->cc_provider_private = kmem_alloc(sizeof (sha2_hmac_ctx_t), ctx->cc_provider_private = kmem_alloc(sizeof (sha2_hmac_ctx_t),
crypto_kmflag(req)); crypto_kmflag(req));
if (ctx->cc_provider_private == NULL) if (ctx->cc_provider_private == NULL)
@ -971,10 +968,6 @@ sha2_mac_atomic(crypto_provider_handle_t provider,
return (CRYPTO_MECHANISM_INVALID); return (CRYPTO_MECHANISM_INVALID);
} }
/* Add support for key by attributes (RFE 4706552) */
if (key->ck_format != CRYPTO_KEY_RAW)
return (CRYPTO_ARGUMENTS_BAD);
if (ctx_template != NULL) { if (ctx_template != NULL) {
/* reuse context template */ /* reuse context template */
bcopy(ctx_template, &sha2_hmac_ctx, sizeof (sha2_hmac_ctx_t)); bcopy(ctx_template, &sha2_hmac_ctx, sizeof (sha2_hmac_ctx_t));
@ -1109,10 +1102,6 @@ sha2_mac_verify_atomic(crypto_provider_handle_t provider,
return (CRYPTO_MECHANISM_INVALID); return (CRYPTO_MECHANISM_INVALID);
} }
/* Add support for key by attributes (RFE 4706552) */
if (key->ck_format != CRYPTO_KEY_RAW)
return (CRYPTO_ARGUMENTS_BAD);
if (ctx_template != NULL) { if (ctx_template != NULL) {
/* reuse context template */ /* reuse context template */
bcopy(ctx_template, &sha2_hmac_ctx, sizeof (sha2_hmac_ctx_t)); bcopy(ctx_template, &sha2_hmac_ctx, sizeof (sha2_hmac_ctx_t));
@ -1287,10 +1276,6 @@ sha2_create_ctx_template(crypto_provider_handle_t provider,
return (CRYPTO_MECHANISM_INVALID); return (CRYPTO_MECHANISM_INVALID);
} }
/* Add support for key by attributes (RFE 4706552) */
if (key->ck_format != CRYPTO_KEY_RAW)
return (CRYPTO_ARGUMENTS_BAD);
/* /*
* Allocate and initialize SHA2 context. * Allocate and initialize SHA2 context.
*/ */

View File

@ -530,8 +530,6 @@ skein_mac_ctx_build(skein_ctx_t *ctx, crypto_mechanism_t *mechanism,
if (!VALID_SKEIN_MAC_MECH(mechanism->cm_type)) if (!VALID_SKEIN_MAC_MECH(mechanism->cm_type))
return (CRYPTO_MECHANISM_INVALID); return (CRYPTO_MECHANISM_INVALID);
if (key->ck_format != CRYPTO_KEY_RAW)
return (CRYPTO_ARGUMENTS_BAD);
ctx->sc_mech_type = mechanism->cm_type; ctx->sc_mech_type = mechanism->cm_type;
error = skein_get_digest_bitlen(mechanism, &ctx->sc_digest_bitlen); error = skein_get_digest_bitlen(mechanism, &ctx->sc_digest_bitlen);
if (error != CRYPTO_SUCCESS) if (error != CRYPTO_SUCCESS)

View File

@ -210,12 +210,12 @@ freebsd_crypt_uio_debug_log(boolean_t encrypt,
uint8_t *p = NULL; uint8_t *p = NULL;
size_t total = 0; size_t total = 0;
printf("%s(%s, %p, { %s, %d, %d, %s }, %p, { %d, %p, %u }, " printf("%s(%s, %p, { %s, %d, %d, %s }, %p, { %p, %u }, "
"%p, %u, %u)\n", "%p, %u, %u)\n",
__FUNCTION__, encrypt ? "encrypt" : "decrypt", input_sessionp, __FUNCTION__, encrypt ? "encrypt" : "decrypt", input_sessionp,
c_info->ci_algname, c_info->ci_crypt_type, c_info->ci_algname, c_info->ci_crypt_type,
(unsigned int)c_info->ci_keylen, c_info->ci_name, (unsigned int)c_info->ci_keylen, c_info->ci_name,
data_uio, key->ck_format, key->ck_data, data_uio, key->ck_data,
(unsigned int)key->ck_length, (unsigned int)key->ck_length,
ivbuf, (unsigned int)datalen, (unsigned int)auth_len); ivbuf, (unsigned int)datalen, (unsigned int)auth_len);
printf("\tkey = { "); printf("\tkey = { ");
@ -247,11 +247,11 @@ freebsd_crypt_newsession(freebsd_crypt_session_t *sessp,
int error = 0; int error = 0;
#ifdef FCRYPTO_DEBUG #ifdef FCRYPTO_DEBUG
printf("%s(%p, { %s, %d, %d, %s }, { %d, %p, %u })\n", printf("%s(%p, { %s, %d, %d, %s }, { %p, %u })\n",
__FUNCTION__, sessp, __FUNCTION__, sessp,
c_info->ci_algname, c_info->ci_crypt_type, c_info->ci_algname, c_info->ci_crypt_type,
(unsigned int)c_info->ci_keylen, c_info->ci_name, (unsigned int)c_info->ci_keylen, c_info->ci_name,
key->ck_format, key->ck_data, (unsigned int)key->ck_length); key->ck_data, (unsigned int)key->ck_length);
printf("\tkey = { "); printf("\tkey = { ");
for (int i = 0; i < key->ck_length / 8; i++) { for (int i = 0; i < key->ck_length / 8; i++) {
uint8_t *b = (uint8_t *)key->ck_data; uint8_t *b = (uint8_t *)key->ck_data;
@ -391,11 +391,11 @@ freebsd_crypt_newsession(freebsd_crypt_session_t *sessp,
crypto_session_t sid; crypto_session_t sid;
#ifdef FCRYPTO_DEBUG #ifdef FCRYPTO_DEBUG
printf("%s(%p, { %s, %d, %d, %s }, { %d, %p, %u })\n", printf("%s(%p, { %s, %d, %d, %s }, { %p, %u })\n",
__FUNCTION__, sessp, __FUNCTION__, sessp,
c_info->ci_algname, c_info->ci_crypt_type, c_info->ci_algname, c_info->ci_crypt_type,
(unsigned int)c_info->ci_keylen, c_info->ci_name, (unsigned int)c_info->ci_keylen, c_info->ci_name,
key->ck_format, key->ck_data, (unsigned int)key->ck_length); key->ck_data, (unsigned int)key->ck_length);
printf("\tkey = { "); printf("\tkey = { ");
for (int i = 0; i < key->ck_length / 8; i++) { for (int i = 0; i < key->ck_length / 8; i++) {
uint8_t *b = (uint8_t *)key->ck_data; uint8_t *b = (uint8_t *)key->ck_data;

View File

@ -29,7 +29,6 @@ hkdf_sha512_extract(uint8_t *salt, uint_t salt_len, uint8_t *key_material,
crypto_key_t key; crypto_key_t key;
/* initialize the salt as a crypto key */ /* initialize the salt as a crypto key */
key.ck_format = CRYPTO_KEY_RAW;
key.ck_length = CRYPTO_BYTES2BITS(salt_len); key.ck_length = CRYPTO_BYTES2BITS(salt_len);
key.ck_data = salt; key.ck_data = salt;
@ -53,7 +52,6 @@ hkdf_sha512_expand(uint8_t *extract_key, uint8_t *info, uint_t info_len,
return (SET_ERROR(EINVAL)); return (SET_ERROR(EINVAL));
/* initialize the salt as a crypto key */ /* initialize the salt as a crypto key */
key.ck_format = CRYPTO_KEY_RAW;
key.ck_length = CRYPTO_BYTES2BITS(SHA512_DIGEST_LENGTH); key.ck_length = CRYPTO_BYTES2BITS(SHA512_DIGEST_LENGTH);
key.ck_data = extract_key; key.ck_data = extract_key;

View File

@ -270,11 +270,9 @@ zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key)
goto error; goto error;
/* initialize keys for the ICP */ /* initialize keys for the ICP */
key->zk_current_key.ck_format = CRYPTO_KEY_RAW;
key->zk_current_key.ck_data = key->zk_current_keydata; key->zk_current_key.ck_data = key->zk_current_keydata;
key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len); key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len);
key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW;
key->zk_hmac_key.ck_data = &key->zk_hmac_key; key->zk_hmac_key.ck_data = &key->zk_hmac_key;
key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN); key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN);
@ -437,7 +435,6 @@ zio_crypt_key_wrap(crypto_key_t *cwkey, zio_crypt_key_t *key, uint8_t *iv,
uint_t enc_len, keydata_len, aad_len; uint_t enc_len, keydata_len, aad_len;
ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS); ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW);
zfs_uio_init(&cuio, &cuio_s); zfs_uio_init(&cuio, &cuio_s);
@ -518,7 +515,6 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
uint_t enc_len, keydata_len, aad_len; uint_t enc_len, keydata_len, aad_len;
ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS); ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW);
keydata_len = zio_crypt_table[crypt].ci_keylen; keydata_len = zio_crypt_table[crypt].ci_keylen;
rw_init(&key->zk_salt_lock, NULL, RW_DEFAULT, NULL); rw_init(&key->zk_salt_lock, NULL, RW_DEFAULT, NULL);
@ -586,11 +582,9 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
goto error; goto error;
/* initialize keys for ICP */ /* initialize keys for ICP */
key->zk_current_key.ck_format = CRYPTO_KEY_RAW;
key->zk_current_key.ck_data = key->zk_current_keydata; key->zk_current_key.ck_data = key->zk_current_keydata;
key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len); key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len);
key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW;
key->zk_hmac_key.ck_data = key->zk_hmac_keydata; key->zk_hmac_key.ck_data = key->zk_hmac_keydata;
key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN); key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN);
@ -1727,7 +1721,6 @@ zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key,
salt, ZIO_DATA_SALT_LEN, enc_keydata, keydata_len); salt, ZIO_DATA_SALT_LEN, enc_keydata, keydata_len);
if (ret != 0) if (ret != 0)
goto error; goto error;
tmp_ckey.ck_format = CRYPTO_KEY_RAW;
tmp_ckey.ck_data = enc_keydata; tmp_ckey.ck_data = enc_keydata;
tmp_ckey.ck_length = CRYPTO_BYTES2BITS(keydata_len); tmp_ckey.ck_length = CRYPTO_BYTES2BITS(keydata_len);

View File

@ -257,11 +257,9 @@ zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key)
goto error; goto error;
/* initialize keys for the ICP */ /* initialize keys for the ICP */
key->zk_current_key.ck_format = CRYPTO_KEY_RAW;
key->zk_current_key.ck_data = key->zk_current_keydata; key->zk_current_key.ck_data = key->zk_current_keydata;
key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len); key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len);
key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW;
key->zk_hmac_key.ck_data = &key->zk_hmac_key; key->zk_hmac_key.ck_data = &key->zk_hmac_key;
key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN); key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN);
@ -387,7 +385,6 @@ zio_do_crypt_uio(boolean_t encrypt, uint64_t crypt, crypto_key_t *key,
uint_t plain_full_len, maclen; uint_t plain_full_len, maclen;
ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS); ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
ASSERT3U(key->ck_format, ==, CRYPTO_KEY_RAW);
/* lookup the encryption info */ /* lookup the encryption info */
crypt_info = zio_crypt_table[crypt]; crypt_info = zio_crypt_table[crypt];
@ -486,7 +483,6 @@ zio_crypt_key_wrap(crypto_key_t *cwkey, zio_crypt_key_t *key, uint8_t *iv,
uint_t enc_len, keydata_len, aad_len; uint_t enc_len, keydata_len, aad_len;
ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS); ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW);
keydata_len = zio_crypt_table[crypt].ci_keylen; keydata_len = zio_crypt_table[crypt].ci_keylen;
@ -557,7 +553,6 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
int ret; int ret;
ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS); ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW);
rw_init(&key->zk_salt_lock, NULL, RW_DEFAULT, NULL); rw_init(&key->zk_salt_lock, NULL, RW_DEFAULT, NULL);
@ -614,11 +609,9 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
goto error; goto error;
/* initialize keys for ICP */ /* initialize keys for ICP */
key->zk_current_key.ck_format = CRYPTO_KEY_RAW;
key->zk_current_key.ck_data = key->zk_current_keydata; key->zk_current_key.ck_data = key->zk_current_keydata;
key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len); key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len);
key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW;
key->zk_hmac_key.ck_data = key->zk_hmac_keydata; key->zk_hmac_key.ck_data = key->zk_hmac_keydata;
key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN); key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN);
@ -1921,7 +1914,6 @@ zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key,
if (ret != 0) if (ret != 0)
goto error; goto error;
tmp_ckey.ck_format = CRYPTO_KEY_RAW;
tmp_ckey.ck_data = enc_keydata; tmp_ckey.ck_data = enc_keydata;
tmp_ckey.ck_length = CRYPTO_BYTES2BITS(keydata_len); tmp_ckey.ck_length = CRYPTO_BYTES2BITS(keydata_len);

View File

@ -119,7 +119,6 @@ dsl_wrapping_key_create(uint8_t *wkeydata, zfs_keyformat_t keyformat,
/* allocate and initialize the underlying crypto key */ /* allocate and initialize the underlying crypto key */
wkey->wk_key.ck_data = kmem_alloc(WRAPPING_KEY_LEN, KM_SLEEP); wkey->wk_key.ck_data = kmem_alloc(WRAPPING_KEY_LEN, KM_SLEEP);
wkey->wk_key.ck_format = CRYPTO_KEY_RAW;
wkey->wk_key.ck_length = CRYPTO_BYTES2BITS(WRAPPING_KEY_LEN); wkey->wk_key.ck_length = CRYPTO_BYTES2BITS(WRAPPING_KEY_LEN);
bcopy(wkeydata, wkey->wk_key.ck_data, WRAPPING_KEY_LEN); bcopy(wkeydata, wkey->wk_key.ck_data, WRAPPING_KEY_LEN);

View File

@ -36,7 +36,6 @@ hkdf_sha512_extract(uint8_t *salt, uint_t salt_len, uint8_t *key_material,
mech.cm_param_len = 0; mech.cm_param_len = 0;
/* initialize the salt as a crypto key */ /* initialize the salt as a crypto key */
key.ck_format = CRYPTO_KEY_RAW;
key.ck_length = CRYPTO_BYTES2BITS(salt_len); key.ck_length = CRYPTO_BYTES2BITS(salt_len);
key.ck_data = salt; key.ck_data = salt;
@ -83,7 +82,6 @@ hkdf_sha512_expand(uint8_t *extract_key, uint8_t *info, uint_t info_len,
mech.cm_param_len = 0; mech.cm_param_len = 0;
/* initialize the salt as a crypto key */ /* initialize the salt as a crypto key */
key.ck_format = CRYPTO_KEY_RAW;
key.ck_length = CRYPTO_BYTES2BITS(SHA512_DIGEST_LENGTH); key.ck_length = CRYPTO_BYTES2BITS(SHA512_DIGEST_LENGTH);
key.ck_data = extract_key; key.ck_data = extract_key;