From 739afd9475494ef8443a7f8e251bf2aaff895f35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= Date: Sat, 25 Dec 2021 03:23:07 +0100 Subject: [PATCH] module: icp: fold away all key formats except CRYPTO_KEY_RAW MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It's the only one actually used Reviewed-by: Brian Behlendorf Signed-off-by: Ahelenia ZiemiaƄska Closes #12901 --- include/os/freebsd/zfs/sys/freebsd_crypto.h | 7 +- include/sys/crypto/common.h | 157 +------------------- module/icp/api/kcf_mac.c | 3 +- module/icp/core/kcf_prov_lib.c | 44 ++---- module/icp/include/sys/crypto/impl.h | 2 - module/icp/io/aes.c | 30 +--- module/icp/io/sha2_mod.c | 15 -- module/icp/io/skein_mod.c | 2 - module/os/freebsd/zfs/crypto_os.c | 12 +- module/os/freebsd/zfs/hkdf.c | 2 - module/os/freebsd/zfs/zio_crypt.c | 7 - module/os/linux/zfs/zio_crypt.c | 8 - module/zfs/dsl_crypt.c | 1 - module/zfs/hkdf.c | 2 - 14 files changed, 28 insertions(+), 264 deletions(-) diff --git a/include/os/freebsd/zfs/sys/freebsd_crypto.h b/include/os/freebsd/zfs/sys/freebsd_crypto.h index a3ed418265..a61a6cd88c 100644 --- a/include/os/freebsd/zfs/sys/freebsd_crypto.h +++ b/include/os/freebsd/zfs/sys/freebsd_crypto.h @@ -42,8 +42,6 @@ #define SUN_CKM_AES_GCM "CKM_AES_GCM" #define SUN_CKM_SHA512_HMAC "CKM_SHA512_HMAC" -#define CRYPTO_KEY_RAW 1 - #define CRYPTO_BITS2BYTES(n) ((n) == 0 ? 0 : (((n) - 1) >> 3) + 1) #define CRYPTO_BYTES2BITS(n) ((n) << 3) @@ -61,12 +59,11 @@ typedef struct freebsd_crypt_session { typedef void *crypto_mechanism_t; typedef void *crypto_ctx_template_t; /* - * Unlike the ICP crypto_key type, this only + * Like the ICP crypto_key type, this only * supports (the equivalent of - * CRYPTO_KEY_RAW). + * the former CRYPTO_KEY_RAW). */ typedef struct crypto_key { - int ck_format; /* Unused, but minimizes code diff */ void *ck_data; size_t ck_length; } crypto_key_t; diff --git a/include/sys/crypto/common.h b/include/sys/crypto/common.h index a644a8e9a9..76be229520 100644 --- a/include/sys/crypto/common.h +++ b/include/sys/crypto/common.h @@ -255,109 +255,11 @@ typedef struct crypto_data { /* The keys, and their contents */ -typedef enum { - CRYPTO_KEY_RAW = 1, /* ck_data is a cleartext key */ - CRYPTO_KEY_REFERENCE, /* ck_obj_id is an opaque reference */ - CRYPTO_KEY_ATTR_LIST /* ck_attrs is a list of object attributes */ -} crypto_key_format_t; - -typedef uint64_t crypto_attr_type_t; - -/* Attribute types to use for passing a RSA public key or a private key. */ -#define SUN_CKA_MODULUS 0x00000120 -#define SUN_CKA_MODULUS_BITS 0x00000121 -#define SUN_CKA_PUBLIC_EXPONENT 0x00000122 -#define SUN_CKA_PRIVATE_EXPONENT 0x00000123 -#define SUN_CKA_PRIME_1 0x00000124 -#define SUN_CKA_PRIME_2 0x00000125 -#define SUN_CKA_EXPONENT_1 0x00000126 -#define SUN_CKA_EXPONENT_2 0x00000127 -#define SUN_CKA_COEFFICIENT 0x00000128 -#define SUN_CKA_PRIME 0x00000130 -#define SUN_CKA_SUBPRIME 0x00000131 -#define SUN_CKA_BASE 0x00000132 - -#define CKK_EC 0x00000003 -#define CKK_GENERIC_SECRET 0x00000010 -#define CKK_RC4 0x00000012 -#define CKK_AES 0x0000001F -#define CKK_DES 0x00000013 -#define CKK_DES2 0x00000014 -#define CKK_DES3 0x00000015 - -#define CKO_PUBLIC_KEY 0x00000002 -#define CKO_PRIVATE_KEY 0x00000003 -#define CKA_CLASS 0x00000000 -#define CKA_VALUE 0x00000011 -#define CKA_KEY_TYPE 0x00000100 -#define CKA_VALUE_LEN 0x00000161 -#define CKA_EC_PARAMS 0x00000180 -#define CKA_EC_POINT 0x00000181 - -typedef uint32_t crypto_object_id_t; - -typedef struct crypto_object_attribute { - crypto_attr_type_t oa_type; /* attribute type */ - caddr_t oa_value; /* attribute value */ - ssize_t oa_value_len; /* length of attribute value */ -} crypto_object_attribute_t; - -typedef struct crypto_key { - crypto_key_format_t ck_format; /* format identifier */ - union { - /* for CRYPTO_KEY_RAW ck_format */ - struct { - uint_t cku_v_length; /* # of bits in ck_data */ - void *cku_v_data; /* ptr to key value */ - } cku_key_value; - - /* for CRYPTO_KEY_REFERENCE ck_format */ - crypto_object_id_t cku_key_id; /* reference to object key */ - - /* for CRYPTO_KEY_ATTR_LIST ck_format */ - struct { - uint_t cku_a_count; /* number of attributes */ - crypto_object_attribute_t *cku_a_oattr; - } cku_key_attrs; - } cku_data; /* Crypto Key union */ +typedef struct { + uint_t ck_length; /* # of bits in ck_data */ + void *ck_data; /* ptr to key value */ } crypto_key_t; -#ifdef _SYSCALL32 - -typedef struct crypto_object_attribute32 { - uint64_t oa_type; /* attribute type */ - caddr32_t oa_value; /* attribute value */ - ssize32_t oa_value_len; /* length of attribute value */ -} crypto_object_attribute32_t; - -typedef struct crypto_key32 { - crypto_key_format_t ck_format; /* format identifier */ - union { - /* for CRYPTO_KEY_RAW ck_format */ - struct { - uint32_t cku_v_length; /* # of bytes in ck_data */ - caddr32_t cku_v_data; /* ptr to key value */ - } cku_key_value; - - /* for CRYPTO_KEY_REFERENCE ck_format */ - crypto_object_id_t cku_key_id; /* reference to object key */ - - /* for CRYPTO_KEY_ATTR_LIST ck_format */ - struct { - uint32_t cku_a_count; /* number of attributes */ - caddr32_t cku_a_oattr; - } cku_key_attrs; - } cku_data; /* Crypto Key union */ -} crypto_key32_t; - -#endif /* _SYSCALL32 */ - -#define ck_data cku_data.cku_key_value.cku_v_data -#define ck_length cku_data.cku_key_value.cku_v_length -#define ck_obj_id cku_data.cku_key_id -#define ck_count cku_data.cku_key_attrs.cku_a_count -#define ck_attrs cku_data.cku_key_attrs.cku_a_oattr - /* * Raw key lengths are expressed in number of bits. * The following macro returns the minimum number of @@ -372,64 +274,11 @@ typedef struct crypto_key32 { typedef uint32_t crypto_provider_id_t; #define KCF_PROVID_INVALID ((uint32_t)-1) -typedef struct crypto_provider_entry { - crypto_provider_id_t pe_provider_id; - uint_t pe_mechanism_count; -} crypto_provider_entry_t; - -typedef struct crypto_dev_list_entry { - char le_dev_name[MAXNAMELEN]; - uint_t le_dev_instance; - uint_t le_mechanism_count; -} crypto_dev_list_entry_t; - -/* User type for authentication ioctls and SPI entry points */ - -typedef enum crypto_user_type { - CRYPTO_SO = 0, - CRYPTO_USER -} crypto_user_type_t; - -/* Version for provider management ioctls and SPI entry points */ - -typedef struct crypto_version { - uchar_t cv_major; - uchar_t cv_minor; -} crypto_version_t; - /* session data structure opaque to the consumer */ typedef void *crypto_session_t; -/* provider data structure opaque to the consumer */ -typedef void *crypto_provider_t; - -/* Limits used by both consumers and providers */ -#define CRYPTO_EXT_SIZE_LABEL 32 -#define CRYPTO_EXT_SIZE_MANUF 32 -#define CRYPTO_EXT_SIZE_MODEL 16 -#define CRYPTO_EXT_SIZE_SERIAL 16 -#define CRYPTO_EXT_SIZE_TIME 16 - typedef uint_t crypto_session_id_t; -typedef enum cmd_type { - COPY_FROM_DATA, - COPY_TO_DATA, - COMPARE_TO_DATA, - MD5_DIGEST_DATA, - SHA1_DIGEST_DATA, - SHA2_DIGEST_DATA, - GHASH_DATA -} cmd_type_t; - -#define CRYPTO_DO_UPDATE 0x01 -#define CRYPTO_DO_FINAL 0x02 -#define CRYPTO_DO_MD5 0x04 -#define CRYPTO_DO_SHA1 0x08 -#define CRYPTO_DO_SIGN 0x10 -#define CRYPTO_DO_VERIFY 0x20 -#define CRYPTO_DO_SHA2 0x40 - #define PROVIDER_OWNS_KEY_SCHEDULE 0x00000001 /* diff --git a/module/icp/api/kcf_mac.c b/module/icp/api/kcf_mac.c index 11102cdeae..7bf0c499e8 100644 --- a/module/icp/api/kcf_mac.c +++ b/module/icp/api/kcf_mac.c @@ -164,13 +164,12 @@ retry: * See comment in the beginning of the file. */ static int -crypto_mac_init_prov(crypto_provider_t provider, +crypto_mac_init_prov(kcf_provider_desc_t *pd, crypto_mechanism_t *mech, crypto_key_t *key, crypto_spi_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *crq) { int rv; crypto_ctx_t *ctx; - kcf_provider_desc_t *pd = provider; kcf_provider_desc_t *real_provider = pd; ASSERT(KCF_PROV_REFHELD(pd)); diff --git a/module/icp/core/kcf_prov_lib.c b/module/icp/core/kcf_prov_lib.c index 6e8853c56d..c65a9111a2 100644 --- a/module/icp/core/kcf_prov_lib.c +++ b/module/icp/core/kcf_prov_lib.c @@ -33,14 +33,12 @@ */ /* - * Utility routine to apply the command, 'cmd', to the + * Utility routine to apply the command COPY_TO_DATA to the * data in the uio structure. */ -int -crypto_uio_data(crypto_data_t *data, uchar_t *buf, int len, cmd_type_t cmd, - void *digest_ctx, void (*update)(void)) +static int +crypto_uio_copy_to_data(crypto_data_t *data, uchar_t *buf, int len) { - (void) digest_ctx, (void) update; zfs_uio_t *uiop = data->cd_uio; off_t offset = data->cd_offset; size_t length = len; @@ -72,26 +70,8 @@ crypto_uio_data(crypto_data_t *data, uchar_t *buf, int len, cmd_type_t cmd, offset, length); datap = (uchar_t *)(zfs_uio_iovbase(uiop, vec_idx) + offset); - switch (cmd) { - case COPY_FROM_DATA: - bcopy(datap, buf, cur_len); - buf += cur_len; - break; - case COPY_TO_DATA: - bcopy(buf, datap, cur_len); - buf += cur_len; - break; - case COMPARE_TO_DATA: - if (bcmp(datap, buf, cur_len)) - return (CRYPTO_SIGNATURE_INVALID); - buf += cur_len; - break; - case MD5_DIGEST_DATA: - case SHA1_DIGEST_DATA: - case SHA2_DIGEST_DATA: - case GHASH_DATA: - return (CRYPTO_ARGUMENTS_BAD); - } + bcopy(buf, datap, cur_len); + buf += cur_len; length -= cur_len; vec_idx++; @@ -100,16 +80,11 @@ crypto_uio_data(crypto_data_t *data, uchar_t *buf, int len, cmd_type_t cmd, if (vec_idx == zfs_uio_iovcnt(uiop) && length > 0) { /* - * The end of the specified iovec's was reached but + * The end of the specified iovecs was reached but * the length requested could not be processed. */ - switch (cmd) { - case COPY_TO_DATA: - data->cd_length = len; - return (CRYPTO_BUFFER_TOO_SMALL); - default: - return (CRYPTO_DATA_LEN_RANGE); - } + data->cd_length = len; + return (CRYPTO_BUFFER_TOO_SMALL); } return (CRYPTO_SUCCESS); @@ -129,8 +104,7 @@ crypto_put_output_data(uchar_t *buf, crypto_data_t *output, int len) break; case CRYPTO_DATA_UIO: - return (crypto_uio_data(output, buf, len, - COPY_TO_DATA, NULL, NULL)); + return (crypto_uio_copy_to_data(output, buf, len)); default: return (CRYPTO_ARGUMENTS_BAD); } diff --git a/module/icp/include/sys/crypto/impl.h b/module/icp/include/sys/crypto/impl.h index c4b9d7dcad..da00c4001b 100644 --- a/module/icp/include/sys/crypto/impl.h +++ b/module/icp/include/sys/crypto/impl.h @@ -479,8 +479,6 @@ extern kcf_provider_desc_t *kcf_alloc_provider_desc(void); extern void kcf_provider_zero_refcnt(kcf_provider_desc_t *); extern void kcf_free_provider_desc(kcf_provider_desc_t *); extern void undo_register_provider(kcf_provider_desc_t *, boolean_t); -extern int crypto_uio_data(crypto_data_t *, uchar_t *, int, cmd_type_t, - void *, void (*update)(void)); extern int crypto_put_output_data(uchar_t *, crypto_data_t *, int); extern int crypto_update_iov(void *, crypto_data_t *, crypto_data_t *, int (*cipher)(void *, caddr_t, size_t, crypto_data_t *), diff --git a/module/icp/io/aes.c b/module/icp/io/aes.c index 8fd64446a2..be3ced6d9a 100644 --- a/module/icp/io/aes.c +++ b/module/icp/io/aes.c @@ -242,24 +242,15 @@ aes_check_mech_param(crypto_mechanism_t *mechanism, aes_ctx_t **ctx, int kmflag) static int init_keysched(crypto_key_t *key, void *newbie) { - /* - * Only keys by value are supported by this module. - */ - switch (key->ck_format) { - case CRYPTO_KEY_RAW: - if (key->ck_length < AES_MINBITS || - key->ck_length > AES_MAXBITS) { - return (CRYPTO_KEY_SIZE_RANGE); - } - - /* key length must be either 128, 192, or 256 */ - if ((key->ck_length & 63) != 0) - return (CRYPTO_KEY_SIZE_RANGE); - break; - default: - return (CRYPTO_KEY_TYPE_INCONSISTENT); + if (key->ck_length < AES_MINBITS || + key->ck_length > AES_MAXBITS) { + return (CRYPTO_KEY_SIZE_RANGE); } + /* key length must be either 128, 192, or 256 */ + if ((key->ck_length & 63) != 0) + return (CRYPTO_KEY_SIZE_RANGE); + aes_init_keysched(key->ck_data, key->ck_length, newbie); return (CRYPTO_SUCCESS); } @@ -294,13 +285,6 @@ aes_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism, int rv; int kmflag; - /* - * Only keys by value are supported by this module. - */ - if (key->ck_format != CRYPTO_KEY_RAW) { - return (CRYPTO_KEY_TYPE_INCONSISTENT); - } - kmflag = crypto_kmflag(req); if ((rv = aes_check_mech_param(mechanism, &aes_ctx, kmflag)) != CRYPTO_SUCCESS) diff --git a/module/icp/io/sha2_mod.c b/module/icp/io/sha2_mod.c index 2ac57ebe58..d5a8d5bb72 100644 --- a/module/icp/io/sha2_mod.c +++ b/module/icp/io/sha2_mod.c @@ -737,9 +737,6 @@ sha2_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism, return (CRYPTO_MECHANISM_INVALID); } - if (key->ck_format != CRYPTO_KEY_RAW) - return (CRYPTO_ARGUMENTS_BAD); - ctx->cc_provider_private = kmem_alloc(sizeof (sha2_hmac_ctx_t), crypto_kmflag(req)); if (ctx->cc_provider_private == NULL) @@ -971,10 +968,6 @@ sha2_mac_atomic(crypto_provider_handle_t provider, return (CRYPTO_MECHANISM_INVALID); } - /* Add support for key by attributes (RFE 4706552) */ - if (key->ck_format != CRYPTO_KEY_RAW) - return (CRYPTO_ARGUMENTS_BAD); - if (ctx_template != NULL) { /* reuse context template */ bcopy(ctx_template, &sha2_hmac_ctx, sizeof (sha2_hmac_ctx_t)); @@ -1109,10 +1102,6 @@ sha2_mac_verify_atomic(crypto_provider_handle_t provider, return (CRYPTO_MECHANISM_INVALID); } - /* Add support for key by attributes (RFE 4706552) */ - if (key->ck_format != CRYPTO_KEY_RAW) - return (CRYPTO_ARGUMENTS_BAD); - if (ctx_template != NULL) { /* reuse context template */ bcopy(ctx_template, &sha2_hmac_ctx, sizeof (sha2_hmac_ctx_t)); @@ -1287,10 +1276,6 @@ sha2_create_ctx_template(crypto_provider_handle_t provider, return (CRYPTO_MECHANISM_INVALID); } - /* Add support for key by attributes (RFE 4706552) */ - if (key->ck_format != CRYPTO_KEY_RAW) - return (CRYPTO_ARGUMENTS_BAD); - /* * Allocate and initialize SHA2 context. */ diff --git a/module/icp/io/skein_mod.c b/module/icp/io/skein_mod.c index ab233e2b4e..48e4358b8d 100644 --- a/module/icp/io/skein_mod.c +++ b/module/icp/io/skein_mod.c @@ -530,8 +530,6 @@ skein_mac_ctx_build(skein_ctx_t *ctx, crypto_mechanism_t *mechanism, if (!VALID_SKEIN_MAC_MECH(mechanism->cm_type)) return (CRYPTO_MECHANISM_INVALID); - if (key->ck_format != CRYPTO_KEY_RAW) - return (CRYPTO_ARGUMENTS_BAD); ctx->sc_mech_type = mechanism->cm_type; error = skein_get_digest_bitlen(mechanism, &ctx->sc_digest_bitlen); if (error != CRYPTO_SUCCESS) diff --git a/module/os/freebsd/zfs/crypto_os.c b/module/os/freebsd/zfs/crypto_os.c index f971b62bd1..73083f59f5 100644 --- a/module/os/freebsd/zfs/crypto_os.c +++ b/module/os/freebsd/zfs/crypto_os.c @@ -210,12 +210,12 @@ freebsd_crypt_uio_debug_log(boolean_t encrypt, uint8_t *p = NULL; size_t total = 0; - printf("%s(%s, %p, { %s, %d, %d, %s }, %p, { %d, %p, %u }, " + printf("%s(%s, %p, { %s, %d, %d, %s }, %p, { %p, %u }, " "%p, %u, %u)\n", __FUNCTION__, encrypt ? "encrypt" : "decrypt", input_sessionp, c_info->ci_algname, c_info->ci_crypt_type, (unsigned int)c_info->ci_keylen, c_info->ci_name, - data_uio, key->ck_format, key->ck_data, + data_uio, key->ck_data, (unsigned int)key->ck_length, ivbuf, (unsigned int)datalen, (unsigned int)auth_len); printf("\tkey = { "); @@ -247,11 +247,11 @@ freebsd_crypt_newsession(freebsd_crypt_session_t *sessp, int error = 0; #ifdef FCRYPTO_DEBUG - printf("%s(%p, { %s, %d, %d, %s }, { %d, %p, %u })\n", + printf("%s(%p, { %s, %d, %d, %s }, { %p, %u })\n", __FUNCTION__, sessp, c_info->ci_algname, c_info->ci_crypt_type, (unsigned int)c_info->ci_keylen, c_info->ci_name, - key->ck_format, key->ck_data, (unsigned int)key->ck_length); + key->ck_data, (unsigned int)key->ck_length); printf("\tkey = { "); for (int i = 0; i < key->ck_length / 8; i++) { uint8_t *b = (uint8_t *)key->ck_data; @@ -391,11 +391,11 @@ freebsd_crypt_newsession(freebsd_crypt_session_t *sessp, crypto_session_t sid; #ifdef FCRYPTO_DEBUG - printf("%s(%p, { %s, %d, %d, %s }, { %d, %p, %u })\n", + printf("%s(%p, { %s, %d, %d, %s }, { %p, %u })\n", __FUNCTION__, sessp, c_info->ci_algname, c_info->ci_crypt_type, (unsigned int)c_info->ci_keylen, c_info->ci_name, - key->ck_format, key->ck_data, (unsigned int)key->ck_length); + key->ck_data, (unsigned int)key->ck_length); printf("\tkey = { "); for (int i = 0; i < key->ck_length / 8; i++) { uint8_t *b = (uint8_t *)key->ck_data; diff --git a/module/os/freebsd/zfs/hkdf.c b/module/os/freebsd/zfs/hkdf.c index 8324ff2319..ad5d67541a 100644 --- a/module/os/freebsd/zfs/hkdf.c +++ b/module/os/freebsd/zfs/hkdf.c @@ -29,7 +29,6 @@ hkdf_sha512_extract(uint8_t *salt, uint_t salt_len, uint8_t *key_material, crypto_key_t key; /* initialize the salt as a crypto key */ - key.ck_format = CRYPTO_KEY_RAW; key.ck_length = CRYPTO_BYTES2BITS(salt_len); key.ck_data = salt; @@ -53,7 +52,6 @@ hkdf_sha512_expand(uint8_t *extract_key, uint8_t *info, uint_t info_len, return (SET_ERROR(EINVAL)); /* initialize the salt as a crypto key */ - key.ck_format = CRYPTO_KEY_RAW; key.ck_length = CRYPTO_BYTES2BITS(SHA512_DIGEST_LENGTH); key.ck_data = extract_key; diff --git a/module/os/freebsd/zfs/zio_crypt.c b/module/os/freebsd/zfs/zio_crypt.c index fbde8063a2..a50b8058a9 100644 --- a/module/os/freebsd/zfs/zio_crypt.c +++ b/module/os/freebsd/zfs/zio_crypt.c @@ -270,11 +270,9 @@ zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key) goto error; /* initialize keys for the ICP */ - key->zk_current_key.ck_format = CRYPTO_KEY_RAW; key->zk_current_key.ck_data = key->zk_current_keydata; key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len); - key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW; key->zk_hmac_key.ck_data = &key->zk_hmac_key; key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN); @@ -437,7 +435,6 @@ zio_crypt_key_wrap(crypto_key_t *cwkey, zio_crypt_key_t *key, uint8_t *iv, uint_t enc_len, keydata_len, aad_len; ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS); - ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW); zfs_uio_init(&cuio, &cuio_s); @@ -518,7 +515,6 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version, uint_t enc_len, keydata_len, aad_len; ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS); - ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW); keydata_len = zio_crypt_table[crypt].ci_keylen; rw_init(&key->zk_salt_lock, NULL, RW_DEFAULT, NULL); @@ -586,11 +582,9 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version, goto error; /* initialize keys for ICP */ - key->zk_current_key.ck_format = CRYPTO_KEY_RAW; key->zk_current_key.ck_data = key->zk_current_keydata; key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len); - key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW; key->zk_hmac_key.ck_data = key->zk_hmac_keydata; key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN); @@ -1727,7 +1721,6 @@ zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key, salt, ZIO_DATA_SALT_LEN, enc_keydata, keydata_len); if (ret != 0) goto error; - tmp_ckey.ck_format = CRYPTO_KEY_RAW; tmp_ckey.ck_data = enc_keydata; tmp_ckey.ck_length = CRYPTO_BYTES2BITS(keydata_len); diff --git a/module/os/linux/zfs/zio_crypt.c b/module/os/linux/zfs/zio_crypt.c index 224fb84bad..909246f203 100644 --- a/module/os/linux/zfs/zio_crypt.c +++ b/module/os/linux/zfs/zio_crypt.c @@ -257,11 +257,9 @@ zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key) goto error; /* initialize keys for the ICP */ - key->zk_current_key.ck_format = CRYPTO_KEY_RAW; key->zk_current_key.ck_data = key->zk_current_keydata; key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len); - key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW; key->zk_hmac_key.ck_data = &key->zk_hmac_key; key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN); @@ -387,7 +385,6 @@ zio_do_crypt_uio(boolean_t encrypt, uint64_t crypt, crypto_key_t *key, uint_t plain_full_len, maclen; ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS); - ASSERT3U(key->ck_format, ==, CRYPTO_KEY_RAW); /* lookup the encryption info */ crypt_info = zio_crypt_table[crypt]; @@ -486,7 +483,6 @@ zio_crypt_key_wrap(crypto_key_t *cwkey, zio_crypt_key_t *key, uint8_t *iv, uint_t enc_len, keydata_len, aad_len; ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS); - ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW); keydata_len = zio_crypt_table[crypt].ci_keylen; @@ -557,7 +553,6 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version, int ret; ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS); - ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW); rw_init(&key->zk_salt_lock, NULL, RW_DEFAULT, NULL); @@ -614,11 +609,9 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version, goto error; /* initialize keys for ICP */ - key->zk_current_key.ck_format = CRYPTO_KEY_RAW; key->zk_current_key.ck_data = key->zk_current_keydata; key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len); - key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW; key->zk_hmac_key.ck_data = key->zk_hmac_keydata; key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN); @@ -1921,7 +1914,6 @@ zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key, if (ret != 0) goto error; - tmp_ckey.ck_format = CRYPTO_KEY_RAW; tmp_ckey.ck_data = enc_keydata; tmp_ckey.ck_length = CRYPTO_BYTES2BITS(keydata_len); diff --git a/module/zfs/dsl_crypt.c b/module/zfs/dsl_crypt.c index 1ea184de33..6330a44b4c 100644 --- a/module/zfs/dsl_crypt.c +++ b/module/zfs/dsl_crypt.c @@ -119,7 +119,6 @@ dsl_wrapping_key_create(uint8_t *wkeydata, zfs_keyformat_t keyformat, /* allocate and initialize the underlying crypto key */ wkey->wk_key.ck_data = kmem_alloc(WRAPPING_KEY_LEN, KM_SLEEP); - wkey->wk_key.ck_format = CRYPTO_KEY_RAW; wkey->wk_key.ck_length = CRYPTO_BYTES2BITS(WRAPPING_KEY_LEN); bcopy(wkeydata, wkey->wk_key.ck_data, WRAPPING_KEY_LEN); diff --git a/module/zfs/hkdf.c b/module/zfs/hkdf.c index 49ad0a9fbe..9017727689 100644 --- a/module/zfs/hkdf.c +++ b/module/zfs/hkdf.c @@ -36,7 +36,6 @@ hkdf_sha512_extract(uint8_t *salt, uint_t salt_len, uint8_t *key_material, mech.cm_param_len = 0; /* initialize the salt as a crypto key */ - key.ck_format = CRYPTO_KEY_RAW; key.ck_length = CRYPTO_BYTES2BITS(salt_len); key.ck_data = salt; @@ -83,7 +82,6 @@ hkdf_sha512_expand(uint8_t *extract_key, uint8_t *info, uint_t info_len, mech.cm_param_len = 0; /* initialize the salt as a crypto key */ - key.ck_format = CRYPTO_KEY_RAW; key.ck_length = CRYPTO_BYTES2BITS(SHA512_DIGEST_LENGTH); key.ck_data = extract_key;