module: icp: fold away all key formats except CRYPTO_KEY_RAW

It's the only one actually used

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Closes #12901

include/os/freebsd/zfs/sys/freebsd_crypto.h

@@ -42,8 +42,6 @@
 #define	SUN_CKM_AES_GCM	"CKM_AES_GCM"
 #define	SUN_CKM_SHA512_HMAC	"CKM_SHA512_HMAC"
 
-#define	CRYPTO_KEY_RAW	1
-
 #define	CRYPTO_BITS2BYTES(n) ((n) == 0 ? 0 : (((n) - 1) >> 3) + 1)
 #define	CRYPTO_BYTES2BITS(n) ((n) << 3)
 
@@ -61,12 +59,11 @@ typedef struct freebsd_crypt_session {
 typedef void *crypto_mechanism_t;
 typedef void *crypto_ctx_template_t;
 /*
- * Unlike the ICP crypto_key type, this only
+ * Like the ICP crypto_key type, this only
  * supports <data, length> (the equivalent of
- * CRYPTO_KEY_RAW).
+ * the former CRYPTO_KEY_RAW).
  */
 typedef struct crypto_key {
-	int	ck_format;	/* Unused, but minimizes code diff */
 	void	*ck_data;
 	size_t	ck_length;
 } crypto_key_t;

include/sys/crypto/common.h

@@ -255,109 +255,11 @@ typedef struct crypto_data {
 
 /* The keys, and their contents */
 
-typedef enum {
-	CRYPTO_KEY_RAW = 1,	/* ck_data is a cleartext key */
-	CRYPTO_KEY_REFERENCE,	/* ck_obj_id is an opaque reference */
-	CRYPTO_KEY_ATTR_LIST	/* ck_attrs is a list of object attributes */
-} crypto_key_format_t;
-
-typedef uint64_t crypto_attr_type_t;
-
-/* Attribute types to use for passing a RSA public key or a private key. */
-#define	SUN_CKA_MODULUS			0x00000120
-#define	SUN_CKA_MODULUS_BITS		0x00000121
-#define	SUN_CKA_PUBLIC_EXPONENT		0x00000122
-#define	SUN_CKA_PRIVATE_EXPONENT	0x00000123
-#define	SUN_CKA_PRIME_1			0x00000124
-#define	SUN_CKA_PRIME_2			0x00000125
-#define	SUN_CKA_EXPONENT_1		0x00000126
-#define	SUN_CKA_EXPONENT_2		0x00000127
-#define	SUN_CKA_COEFFICIENT		0x00000128
-#define	SUN_CKA_PRIME			0x00000130
-#define	SUN_CKA_SUBPRIME		0x00000131
-#define	SUN_CKA_BASE			0x00000132
-
-#define	CKK_EC			0x00000003
-#define	CKK_GENERIC_SECRET	0x00000010
-#define	CKK_RC4			0x00000012
-#define	CKK_AES			0x0000001F
-#define	CKK_DES			0x00000013
-#define	CKK_DES2		0x00000014
-#define	CKK_DES3		0x00000015
-
-#define	CKO_PUBLIC_KEY		0x00000002
-#define	CKO_PRIVATE_KEY		0x00000003
-#define	CKA_CLASS		0x00000000
-#define	CKA_VALUE		0x00000011
-#define	CKA_KEY_TYPE		0x00000100
-#define	CKA_VALUE_LEN		0x00000161
-#define	CKA_EC_PARAMS		0x00000180
-#define	CKA_EC_POINT		0x00000181
-
-typedef uint32_t	crypto_object_id_t;
-
-typedef struct crypto_object_attribute {
-	crypto_attr_type_t	oa_type;	/* attribute type */
-	caddr_t			oa_value;	/* attribute value */
-	ssize_t			oa_value_len;	/* length of attribute value */
-} crypto_object_attribute_t;
-
-typedef struct crypto_key {
-	crypto_key_format_t	ck_format;	/* format identifier */
-	union {
-		/* for CRYPTO_KEY_RAW ck_format */
-		struct {
-			uint_t	cku_v_length;	/* # of bits in ck_data   */
-			void	*cku_v_data;	/* ptr to key value */
-		} cku_key_value;
-
-		/* for CRYPTO_KEY_REFERENCE ck_format */
-		crypto_object_id_t cku_key_id;	/* reference to object key */
-
-		/* for CRYPTO_KEY_ATTR_LIST ck_format */
-		struct {
-			uint_t cku_a_count;	/* number of attributes */
-			crypto_object_attribute_t *cku_a_oattr;
-		} cku_key_attrs;
-	} cku_data;				/* Crypto Key union */
+typedef struct {
+	uint_t	ck_length;	/* # of bits in ck_data   */
+	void	*ck_data;	/* ptr to key value */
 } crypto_key_t;
 
-#ifdef  _SYSCALL32
-
-typedef struct crypto_object_attribute32 {
-	uint64_t	oa_type;	/* attribute type */
-	caddr32_t	oa_value;	/* attribute value */
-	ssize32_t	oa_value_len;	/* length of attribute value */
-} crypto_object_attribute32_t;
-
-typedef struct crypto_key32 {
-	crypto_key_format_t	ck_format;	/* format identifier */
-	union {
-		/* for CRYPTO_KEY_RAW ck_format */
-		struct {
-			uint32_t cku_v_length;	/* # of bytes in ck_data */
-			caddr32_t cku_v_data;	/* ptr to key value */
-		} cku_key_value;
-
-		/* for CRYPTO_KEY_REFERENCE ck_format */
-		crypto_object_id_t cku_key_id; /* reference to object key */
-
-		/* for CRYPTO_KEY_ATTR_LIST ck_format */
-		struct {
-			uint32_t cku_a_count;	/* number of attributes */
-			caddr32_t cku_a_oattr;
-		} cku_key_attrs;
-	} cku_data;				/* Crypto Key union */
-} crypto_key32_t;
-
-#endif  /* _SYSCALL32 */
-
-#define	ck_data		cku_data.cku_key_value.cku_v_data
-#define	ck_length	cku_data.cku_key_value.cku_v_length
-#define	ck_obj_id	cku_data.cku_key_id
-#define	ck_count	cku_data.cku_key_attrs.cku_a_count
-#define	ck_attrs	cku_data.cku_key_attrs.cku_a_oattr
-
 /*
  * Raw key lengths are expressed in number of bits.
  * The following macro returns the minimum number of
@@ -372,64 +274,11 @@ typedef struct crypto_key32 {
 typedef uint32_t 	crypto_provider_id_t;
 #define	KCF_PROVID_INVALID	((uint32_t)-1)
 
-typedef struct crypto_provider_entry {
-	crypto_provider_id_t	pe_provider_id;
-	uint_t			pe_mechanism_count;
-} crypto_provider_entry_t;
-
-typedef struct crypto_dev_list_entry {
-	char			le_dev_name[MAXNAMELEN];
-	uint_t			le_dev_instance;
-	uint_t			le_mechanism_count;
-} crypto_dev_list_entry_t;
-
-/* User type for authentication ioctls and SPI entry points */
-
-typedef enum crypto_user_type {
-	CRYPTO_SO = 0,
-	CRYPTO_USER
-} crypto_user_type_t;
-
-/* Version for provider management ioctls and SPI entry points */
-
-typedef struct crypto_version {
-	uchar_t	cv_major;
-	uchar_t	cv_minor;
-} crypto_version_t;
-
 /* session data structure opaque to the consumer */
 typedef void *crypto_session_t;
 
-/* provider data structure opaque to the consumer */
-typedef void *crypto_provider_t;
-
-/* Limits used by both consumers and providers */
-#define	CRYPTO_EXT_SIZE_LABEL		32
-#define	CRYPTO_EXT_SIZE_MANUF		32
-#define	CRYPTO_EXT_SIZE_MODEL		16
-#define	CRYPTO_EXT_SIZE_SERIAL		16
-#define	CRYPTO_EXT_SIZE_TIME		16
-
 typedef uint_t		crypto_session_id_t;
 
-typedef enum cmd_type {
-	COPY_FROM_DATA,
-	COPY_TO_DATA,
-	COMPARE_TO_DATA,
-	MD5_DIGEST_DATA,
-	SHA1_DIGEST_DATA,
-	SHA2_DIGEST_DATA,
-	GHASH_DATA
-} cmd_type_t;
-
-#define	CRYPTO_DO_UPDATE	0x01
-#define	CRYPTO_DO_FINAL		0x02
-#define	CRYPTO_DO_MD5		0x04
-#define	CRYPTO_DO_SHA1		0x08
-#define	CRYPTO_DO_SIGN		0x10
-#define	CRYPTO_DO_VERIFY	0x20
-#define	CRYPTO_DO_SHA2		0x40
-
 #define	PROVIDER_OWNS_KEY_SCHEDULE	0x00000001
 
 /*

module/icp/api/kcf_mac.c

@@ -164,13 +164,12 @@ retry:
  *	See comment in the beginning of the file.
  */
 static int
-crypto_mac_init_prov(crypto_provider_t provider,
+crypto_mac_init_prov(kcf_provider_desc_t *pd,
     crypto_mechanism_t *mech, crypto_key_t *key, crypto_spi_ctx_template_t tmpl,
     crypto_context_t *ctxp, crypto_call_req_t *crq)
 {
 	int rv;
 	crypto_ctx_t *ctx;
-	kcf_provider_desc_t *pd = provider;
 	kcf_provider_desc_t *real_provider = pd;
 
 	ASSERT(KCF_PROV_REFHELD(pd));

module/icp/core/kcf_prov_lib.c

@@ -33,14 +33,12 @@
  */
 
 /*
- * Utility routine to apply the command, 'cmd', to the
+ * Utility routine to apply the command COPY_TO_DATA to the
  * data in the uio structure.
  */
-int
-crypto_uio_data(crypto_data_t *data, uchar_t *buf, int len, cmd_type_t cmd,
-    void *digest_ctx, void (*update)(void))
+static int
+crypto_uio_copy_to_data(crypto_data_t *data, uchar_t *buf, int len)
 {
-	(void) digest_ctx, (void) update;
 	zfs_uio_t *uiop = data->cd_uio;
 	off_t offset = data->cd_offset;
 	size_t length = len;
@@ -72,26 +70,8 @@ crypto_uio_data(crypto_data_t *data, uchar_t *buf, int len, cmd_type_t cmd,
 		    offset, length);
 
 		datap = (uchar_t *)(zfs_uio_iovbase(uiop, vec_idx) + offset);
-		switch (cmd) {
-		case COPY_FROM_DATA:
-			bcopy(datap, buf, cur_len);
-			buf += cur_len;
-			break;
-		case COPY_TO_DATA:
-			bcopy(buf, datap, cur_len);
-			buf += cur_len;
-			break;
-		case COMPARE_TO_DATA:
-			if (bcmp(datap, buf, cur_len))
-				return (CRYPTO_SIGNATURE_INVALID);
-			buf += cur_len;
-			break;
-		case MD5_DIGEST_DATA:
-		case SHA1_DIGEST_DATA:
-		case SHA2_DIGEST_DATA:
-		case GHASH_DATA:
-			return (CRYPTO_ARGUMENTS_BAD);
-		}
+		bcopy(buf, datap, cur_len);
+		buf += cur_len;
 
 		length -= cur_len;
 		vec_idx++;
@@ -100,16 +80,11 @@ crypto_uio_data(crypto_data_t *data, uchar_t *buf, int len, cmd_type_t cmd,
 
 	if (vec_idx == zfs_uio_iovcnt(uiop) && length > 0) {
 		/*
-		 * The end of the specified iovec's was reached but
+		 * The end of the specified iovecs was reached but
 		 * the length requested could not be processed.
 		 */
-		switch (cmd) {
-		case COPY_TO_DATA:
-			data->cd_length = len;
-			return (CRYPTO_BUFFER_TOO_SMALL);
-		default:
-			return (CRYPTO_DATA_LEN_RANGE);
-		}
+		data->cd_length = len;
+		return (CRYPTO_BUFFER_TOO_SMALL);
 	}
 
 	return (CRYPTO_SUCCESS);
@@ -129,8 +104,7 @@ crypto_put_output_data(uchar_t *buf, crypto_data_t *output, int len)
 		break;
 
 	case CRYPTO_DATA_UIO:
-		return (crypto_uio_data(output, buf, len,
-		    COPY_TO_DATA, NULL, NULL));
+		return (crypto_uio_copy_to_data(output, buf, len));
 	default:
 		return (CRYPTO_ARGUMENTS_BAD);
 	}

module/icp/include/sys/crypto/impl.h

@@ -479,8 +479,6 @@ extern kcf_provider_desc_t *kcf_alloc_provider_desc(void);
 extern void kcf_provider_zero_refcnt(kcf_provider_desc_t *);
 extern void kcf_free_provider_desc(kcf_provider_desc_t *);
 extern void undo_register_provider(kcf_provider_desc_t *, boolean_t);
-extern int crypto_uio_data(crypto_data_t *, uchar_t *, int, cmd_type_t,
-    void *, void (*update)(void));
 extern int crypto_put_output_data(uchar_t *, crypto_data_t *, int);
 extern int crypto_update_iov(void *, crypto_data_t *, crypto_data_t *,
     int (*cipher)(void *, caddr_t, size_t, crypto_data_t *),

module/icp/io/aes.c

@@ -242,24 +242,15 @@ aes_check_mech_param(crypto_mechanism_t *mechanism, aes_ctx_t **ctx, int kmflag)
 static int
 init_keysched(crypto_key_t *key, void *newbie)
 {
-	/*
-	 * Only keys by value are supported by this module.
-	 */
-	switch (key->ck_format) {
-	case CRYPTO_KEY_RAW:
-		if (key->ck_length < AES_MINBITS ||
-		    key->ck_length > AES_MAXBITS) {
-			return (CRYPTO_KEY_SIZE_RANGE);
-		}
-
-		/* key length must be either 128, 192, or 256 */
-		if ((key->ck_length & 63) != 0)
-			return (CRYPTO_KEY_SIZE_RANGE);
-		break;
-	default:
-		return (CRYPTO_KEY_TYPE_INCONSISTENT);
+	if (key->ck_length < AES_MINBITS ||
+	    key->ck_length > AES_MAXBITS) {
+		return (CRYPTO_KEY_SIZE_RANGE);
 	}
 
+	/* key length must be either 128, 192, or 256 */
+	if ((key->ck_length & 63) != 0)
+		return (CRYPTO_KEY_SIZE_RANGE);
+
 	aes_init_keysched(key->ck_data, key->ck_length, newbie);
 	return (CRYPTO_SUCCESS);
 }
@@ -294,13 +285,6 @@ aes_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
 	int rv;
 	int kmflag;
 
-	/*
-	 * Only keys by value are supported by this module.
-	 */
-	if (key->ck_format != CRYPTO_KEY_RAW) {
-		return (CRYPTO_KEY_TYPE_INCONSISTENT);
-	}
-
 	kmflag = crypto_kmflag(req);
 	if ((rv = aes_check_mech_param(mechanism, &aes_ctx, kmflag))
 	    != CRYPTO_SUCCESS)

module/icp/io/sha2_mod.c

@@ -737,9 +737,6 @@ sha2_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
 		return (CRYPTO_MECHANISM_INVALID);
 	}
 
-	if (key->ck_format != CRYPTO_KEY_RAW)
-		return (CRYPTO_ARGUMENTS_BAD);
-
 	ctx->cc_provider_private = kmem_alloc(sizeof (sha2_hmac_ctx_t),
 	    crypto_kmflag(req));
 	if (ctx->cc_provider_private == NULL)
@@ -971,10 +968,6 @@ sha2_mac_atomic(crypto_provider_handle_t provider,
 		return (CRYPTO_MECHANISM_INVALID);
 	}
 
-	/* Add support for key by attributes (RFE 4706552) */
-	if (key->ck_format != CRYPTO_KEY_RAW)
-		return (CRYPTO_ARGUMENTS_BAD);
-
 	if (ctx_template != NULL) {
 		/* reuse context template */
 		bcopy(ctx_template, &sha2_hmac_ctx, sizeof (sha2_hmac_ctx_t));
@@ -1109,10 +1102,6 @@ sha2_mac_verify_atomic(crypto_provider_handle_t provider,
 		return (CRYPTO_MECHANISM_INVALID);
 	}
 
-	/* Add support for key by attributes (RFE 4706552) */
-	if (key->ck_format != CRYPTO_KEY_RAW)
-		return (CRYPTO_ARGUMENTS_BAD);
-
 	if (ctx_template != NULL) {
 		/* reuse context template */
 		bcopy(ctx_template, &sha2_hmac_ctx, sizeof (sha2_hmac_ctx_t));
@@ -1287,10 +1276,6 @@ sha2_create_ctx_template(crypto_provider_handle_t provider,
 		return (CRYPTO_MECHANISM_INVALID);
 	}
 
-	/* Add support for key by attributes (RFE 4706552) */
-	if (key->ck_format != CRYPTO_KEY_RAW)
-		return (CRYPTO_ARGUMENTS_BAD);
-
 	/*
 	 * Allocate and initialize SHA2 context.
 	 */

module/icp/io/skein_mod.c

@@ -530,8 +530,6 @@ skein_mac_ctx_build(skein_ctx_t *ctx, crypto_mechanism_t *mechanism,
 
 	if (!VALID_SKEIN_MAC_MECH(mechanism->cm_type))
 		return (CRYPTO_MECHANISM_INVALID);
-	if (key->ck_format != CRYPTO_KEY_RAW)
-		return (CRYPTO_ARGUMENTS_BAD);
 	ctx->sc_mech_type = mechanism->cm_type;
 	error = skein_get_digest_bitlen(mechanism, &ctx->sc_digest_bitlen);
 	if (error != CRYPTO_SUCCESS)

module/os/freebsd/zfs/crypto_os.c

@@ -210,12 +210,12 @@ freebsd_crypt_uio_debug_log(boolean_t encrypt,
 	uint8_t *p = NULL;
 	size_t total = 0;
 
-	printf("%s(%s, %p, { %s, %d, %d, %s }, %p, { %d, %p, %u }, "
+	printf("%s(%s, %p, { %s, %d, %d, %s }, %p, { %p, %u }, "
 	    "%p, %u, %u)\n",
 	    __FUNCTION__, encrypt ? "encrypt" : "decrypt", input_sessionp,
 	    c_info->ci_algname, c_info->ci_crypt_type,
 	    (unsigned int)c_info->ci_keylen, c_info->ci_name,
-	    data_uio, key->ck_format, key->ck_data,
+	    data_uio, key->ck_data,
 	    (unsigned int)key->ck_length,
 	    ivbuf, (unsigned int)datalen, (unsigned int)auth_len);
 	printf("\tkey = { ");
@@ -247,11 +247,11 @@ freebsd_crypt_newsession(freebsd_crypt_session_t *sessp,
 	int error = 0;
 
 #ifdef FCRYPTO_DEBUG
-	printf("%s(%p, { %s, %d, %d, %s }, { %d, %p, %u })\n",
+	printf("%s(%p, { %s, %d, %d, %s }, { %p, %u })\n",
 	    __FUNCTION__, sessp,
 	    c_info->ci_algname, c_info->ci_crypt_type,
 	    (unsigned int)c_info->ci_keylen, c_info->ci_name,
-	    key->ck_format, key->ck_data, (unsigned int)key->ck_length);
+	    key->ck_data, (unsigned int)key->ck_length);
 	printf("\tkey = { ");
 	for (int i = 0; i < key->ck_length / 8; i++) {
 		uint8_t *b = (uint8_t *)key->ck_data;
@@ -391,11 +391,11 @@ freebsd_crypt_newsession(freebsd_crypt_session_t *sessp,
 	crypto_session_t sid;
 
 #ifdef FCRYPTO_DEBUG
-	printf("%s(%p, { %s, %d, %d, %s }, { %d, %p, %u })\n",
+	printf("%s(%p, { %s, %d, %d, %s }, { %p, %u })\n",
 	    __FUNCTION__, sessp,
 	    c_info->ci_algname, c_info->ci_crypt_type,
 	    (unsigned int)c_info->ci_keylen, c_info->ci_name,
-	    key->ck_format, key->ck_data, (unsigned int)key->ck_length);
+	    key->ck_data, (unsigned int)key->ck_length);
 	printf("\tkey = { ");
 	for (int i = 0; i < key->ck_length / 8; i++) {
 		uint8_t *b = (uint8_t *)key->ck_data;

module/os/freebsd/zfs/hkdf.c

@@ -29,7 +29,6 @@ hkdf_sha512_extract(uint8_t *salt, uint_t salt_len, uint8_t *key_material,
 	crypto_key_t key;
 
 	/* initialize the salt as a crypto key */
-	key.ck_format = CRYPTO_KEY_RAW;
 	key.ck_length = CRYPTO_BYTES2BITS(salt_len);
 	key.ck_data = salt;
 
@@ -53,7 +52,6 @@ hkdf_sha512_expand(uint8_t *extract_key, uint8_t *info, uint_t info_len,
 		return (SET_ERROR(EINVAL));
 
 	/* initialize the salt as a crypto key */
-	key.ck_format = CRYPTO_KEY_RAW;
 	key.ck_length = CRYPTO_BYTES2BITS(SHA512_DIGEST_LENGTH);
 	key.ck_data = extract_key;
 

module/os/freebsd/zfs/zio_crypt.c

@@ -270,11 +270,9 @@ zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key)
 		goto error;
 
 	/* initialize keys for the ICP */
-	key->zk_current_key.ck_format = CRYPTO_KEY_RAW;
 	key->zk_current_key.ck_data = key->zk_current_keydata;
 	key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len);
 
-	key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW;
 	key->zk_hmac_key.ck_data = &key->zk_hmac_key;
 	key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN);
 
@@ -437,7 +435,6 @@ zio_crypt_key_wrap(crypto_key_t *cwkey, zio_crypt_key_t *key, uint8_t *iv,
 	uint_t enc_len, keydata_len, aad_len;
 
 	ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
-	ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW);
 
 	zfs_uio_init(&cuio, &cuio_s);
 
@@ -518,7 +515,6 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
 	uint_t enc_len, keydata_len, aad_len;
 
 	ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
-	ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW);
 
 	keydata_len = zio_crypt_table[crypt].ci_keylen;
 	rw_init(&key->zk_salt_lock, NULL, RW_DEFAULT, NULL);
@@ -586,11 +582,9 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
 		goto error;
 
 	/* initialize keys for ICP */
-	key->zk_current_key.ck_format = CRYPTO_KEY_RAW;
 	key->zk_current_key.ck_data = key->zk_current_keydata;
 	key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len);
 
-	key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW;
 	key->zk_hmac_key.ck_data = key->zk_hmac_keydata;
 	key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN);
 
@@ -1727,7 +1721,6 @@ zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key,
 		    salt, ZIO_DATA_SALT_LEN, enc_keydata, keydata_len);
 		if (ret != 0)
 			goto error;
-		tmp_ckey.ck_format = CRYPTO_KEY_RAW;
 		tmp_ckey.ck_data = enc_keydata;
 		tmp_ckey.ck_length = CRYPTO_BYTES2BITS(keydata_len);
 

module/os/linux/zfs/zio_crypt.c

@@ -257,11 +257,9 @@ zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key)
 		goto error;
 
 	/* initialize keys for the ICP */
-	key->zk_current_key.ck_format = CRYPTO_KEY_RAW;
 	key->zk_current_key.ck_data = key->zk_current_keydata;
 	key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len);
 
-	key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW;
 	key->zk_hmac_key.ck_data = &key->zk_hmac_key;
 	key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN);
 
@@ -387,7 +385,6 @@ zio_do_crypt_uio(boolean_t encrypt, uint64_t crypt, crypto_key_t *key,
 	uint_t plain_full_len, maclen;
 
 	ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
-	ASSERT3U(key->ck_format, ==, CRYPTO_KEY_RAW);
 
 	/* lookup the encryption info */
 	crypt_info = zio_crypt_table[crypt];
@@ -486,7 +483,6 @@ zio_crypt_key_wrap(crypto_key_t *cwkey, zio_crypt_key_t *key, uint8_t *iv,
 	uint_t enc_len, keydata_len, aad_len;
 
 	ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
-	ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW);
 
 	keydata_len = zio_crypt_table[crypt].ci_keylen;
 
@@ -557,7 +553,6 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
 	int ret;
 
 	ASSERT3U(crypt, <, ZIO_CRYPT_FUNCTIONS);
-	ASSERT3U(cwkey->ck_format, ==, CRYPTO_KEY_RAW);
 
 	rw_init(&key->zk_salt_lock, NULL, RW_DEFAULT, NULL);
 
@@ -614,11 +609,9 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
 		goto error;
 
 	/* initialize keys for ICP */
-	key->zk_current_key.ck_format = CRYPTO_KEY_RAW;
 	key->zk_current_key.ck_data = key->zk_current_keydata;
 	key->zk_current_key.ck_length = CRYPTO_BYTES2BITS(keydata_len);
 
-	key->zk_hmac_key.ck_format = CRYPTO_KEY_RAW;
 	key->zk_hmac_key.ck_data = key->zk_hmac_keydata;
 	key->zk_hmac_key.ck_length = CRYPTO_BYTES2BITS(SHA512_HMAC_KEYLEN);
 
@@ -1921,7 +1914,6 @@ zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key,
 		if (ret != 0)
 			goto error;
 
-		tmp_ckey.ck_format = CRYPTO_KEY_RAW;
 		tmp_ckey.ck_data = enc_keydata;
 		tmp_ckey.ck_length = CRYPTO_BYTES2BITS(keydata_len);
 

module/zfs/dsl_crypt.c

@@ -119,7 +119,6 @@ dsl_wrapping_key_create(uint8_t *wkeydata, zfs_keyformat_t keyformat,
 	/* allocate and initialize the underlying crypto key */
 	wkey->wk_key.ck_data = kmem_alloc(WRAPPING_KEY_LEN, KM_SLEEP);
 
-	wkey->wk_key.ck_format = CRYPTO_KEY_RAW;
 	wkey->wk_key.ck_length = CRYPTO_BYTES2BITS(WRAPPING_KEY_LEN);
 	bcopy(wkeydata, wkey->wk_key.ck_data, WRAPPING_KEY_LEN);
 

module/zfs/hkdf.c

@@ -36,7 +36,6 @@ hkdf_sha512_extract(uint8_t *salt, uint_t salt_len, uint8_t *key_material,
 	mech.cm_param_len = 0;
 
 	/* initialize the salt as a crypto key */
-	key.ck_format = CRYPTO_KEY_RAW;
 	key.ck_length = CRYPTO_BYTES2BITS(salt_len);
 	key.ck_data = salt;
 
@@ -83,7 +82,6 @@ hkdf_sha512_expand(uint8_t *extract_key, uint8_t *info, uint_t info_len,
 	mech.cm_param_len = 0;
 
 	/* initialize the salt as a crypto key */
-	key.ck_format = CRYPTO_KEY_RAW;
 	key.ck_length = CRYPTO_BYTES2BITS(SHA512_DIGEST_LENGTH);
 	key.ck_data = extract_key;