icp: remove unused SHA2 HMAC mechanisms

Sponsored-by: Klara, Inc.
Sponsored-by: Wasabi Technology, Inc.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Rob Norris <rob.norris@klarasystems.com>
Closes #16209
This commit is contained in:
Rob Norris 2024-05-19 15:00:44 +10:00 committed by Brian Behlendorf
parent 10de12e9ed
commit f39241aeb3
4 changed files with 13 additions and 188 deletions

View File

@ -79,12 +79,7 @@ typedef uint32_t crypto_keysize_unit_t;
/* Mechanisms supported out-of-the-box */ /* Mechanisms supported out-of-the-box */
#define SUN_CKM_SHA256_HMAC "CKM_SHA256_HMAC"
#define SUN_CKM_SHA256_HMAC_GENERAL "CKM_SHA256_HMAC_GENERAL"
#define SUN_CKM_SHA384_HMAC "CKM_SHA384_HMAC"
#define SUN_CKM_SHA384_HMAC_GENERAL "CKM_SHA384_HMAC_GENERAL"
#define SUN_CKM_SHA512_HMAC "CKM_SHA512_HMAC" #define SUN_CKM_SHA512_HMAC "CKM_SHA512_HMAC"
#define SUN_CKM_SHA512_HMAC_GENERAL "CKM_SHA512_HMAC_GENERAL"
#define SUN_CKM_AES_CCM "CKM_AES_CCM" #define SUN_CKM_AES_CCM "CKM_AES_CCM"
#define SUN_CKM_AES_GCM "CKM_AES_GCM" #define SUN_CKM_AES_GCM "CKM_AES_GCM"

View File

@ -86,12 +86,7 @@ typedef struct {
/* SHA2 algorithm types */ /* SHA2 algorithm types */
typedef enum sha2_mech_type { typedef enum sha2_mech_type {
SHA256_HMAC_MECH_INFO_TYPE, /* SUN_CKM_SHA256_HMAC */
SHA256_HMAC_GEN_MECH_INFO_TYPE, /* SUN_CKM_SHA256_HMAC_GENERAL */
SHA384_HMAC_MECH_INFO_TYPE, /* SUN_CKM_SHA384_HMAC */
SHA384_HMAC_GEN_MECH_INFO_TYPE, /* SUN_CKM_SHA384_HMAC_GENERAL */
SHA512_HMAC_MECH_INFO_TYPE, /* SUN_CKM_SHA512_HMAC */ SHA512_HMAC_MECH_INFO_TYPE, /* SUN_CKM_SHA512_HMAC */
SHA512_HMAC_GEN_MECH_INFO_TYPE, /* SUN_CKM_SHA512_HMAC_GENERAL */
/* Not true KCF mech types; used by direct callers to SHA2Init */ /* Not true KCF mech types; used by direct callers to SHA2Init */
SHA256, SHA256,

View File

@ -400,15 +400,13 @@ SHA2Init(int algotype, SHA2_CTX *ctx)
sha256_ctx *ctx256 = &ctx->sha256; sha256_ctx *ctx256 = &ctx->sha256;
sha512_ctx *ctx512 = &ctx->sha512; sha512_ctx *ctx512 = &ctx->sha512;
ASSERT3S(algotype, >=, SHA256_HMAC_MECH_INFO_TYPE); ASSERT3S(algotype, >=, SHA512_HMAC_MECH_INFO_TYPE);
ASSERT3S(algotype, <=, SHA512_256); ASSERT3S(algotype, <=, SHA512_256);
memset(ctx, 0, sizeof (*ctx)); memset(ctx, 0, sizeof (*ctx));
ctx->algotype = algotype; ctx->algotype = algotype;
switch (ctx->algotype) { switch (ctx->algotype) {
case SHA256: case SHA256:
case SHA256_HMAC_MECH_INFO_TYPE:
case SHA256_HMAC_GEN_MECH_INFO_TYPE:
ctx256->state[0] = 0x6a09e667; ctx256->state[0] = 0x6a09e667;
ctx256->state[1] = 0xbb67ae85; ctx256->state[1] = 0xbb67ae85;
ctx256->state[2] = 0x3c6ef372; ctx256->state[2] = 0x3c6ef372;
@ -420,23 +418,8 @@ SHA2Init(int algotype, SHA2_CTX *ctx)
ctx256->count[0] = 0; ctx256->count[0] = 0;
ctx256->ops = sha256_get_ops(); ctx256->ops = sha256_get_ops();
break; break;
case SHA384_HMAC_MECH_INFO_TYPE:
case SHA384_HMAC_GEN_MECH_INFO_TYPE:
ctx512->state[0] = 0xcbbb9d5dc1059ed8ULL;
ctx512->state[1] = 0x629a292a367cd507ULL;
ctx512->state[2] = 0x9159015a3070dd17ULL;
ctx512->state[3] = 0x152fecd8f70e5939ULL;
ctx512->state[4] = 0x67332667ffc00b31ULL;
ctx512->state[5] = 0x8eb44a8768581511ULL;
ctx512->state[6] = 0xdb0c2e0d64f98fa7ULL;
ctx512->state[7] = 0x47b5481dbefa4fa4ULL;
ctx512->count[0] = 0;
ctx512->count[1] = 0;
ctx512->ops = sha512_get_ops();
break;
case SHA512: case SHA512:
case SHA512_HMAC_MECH_INFO_TYPE: case SHA512_HMAC_MECH_INFO_TYPE:
case SHA512_HMAC_GEN_MECH_INFO_TYPE:
ctx512->state[0] = 0x6a09e667f3bcc908ULL; ctx512->state[0] = 0x6a09e667f3bcc908ULL;
ctx512->state[1] = 0xbb67ae8584caa73bULL; ctx512->state[1] = 0xbb67ae8584caa73bULL;
ctx512->state[2] = 0x3c6ef372fe94f82bULL; ctx512->state[2] = 0x3c6ef372fe94f82bULL;
@ -477,17 +460,10 @@ SHA2Update(SHA2_CTX *ctx, const void *data, size_t len)
switch (ctx->algotype) { switch (ctx->algotype) {
case SHA256: case SHA256:
case SHA256_HMAC_MECH_INFO_TYPE:
case SHA256_HMAC_GEN_MECH_INFO_TYPE:
sha256_update(&ctx->sha256, data, len); sha256_update(&ctx->sha256, data, len);
break; break;
case SHA384_HMAC_MECH_INFO_TYPE:
case SHA384_HMAC_GEN_MECH_INFO_TYPE:
sha512_update(&ctx->sha512, data, len);
break;
case SHA512: case SHA512:
case SHA512_HMAC_MECH_INFO_TYPE: case SHA512_HMAC_MECH_INFO_TYPE:
case SHA512_HMAC_GEN_MECH_INFO_TYPE:
sha512_update(&ctx->sha512, data, len); sha512_update(&ctx->sha512, data, len);
break; break;
case SHA512_256: case SHA512_256:
@ -502,17 +478,10 @@ SHA2Final(void *digest, SHA2_CTX *ctx)
{ {
switch (ctx->algotype) { switch (ctx->algotype) {
case SHA256: case SHA256:
case SHA256_HMAC_MECH_INFO_TYPE:
case SHA256_HMAC_GEN_MECH_INFO_TYPE:
sha256_final(&ctx->sha256, digest, 256); sha256_final(&ctx->sha256, digest, 256);
break; break;
case SHA384_HMAC_MECH_INFO_TYPE:
case SHA384_HMAC_GEN_MECH_INFO_TYPE:
sha512_final(&ctx->sha512, digest, 384);
break;
case SHA512: case SHA512:
case SHA512_HMAC_MECH_INFO_TYPE: case SHA512_HMAC_MECH_INFO_TYPE:
case SHA512_HMAC_GEN_MECH_INFO_TYPE:
sha512_final(&ctx->sha512, digest, 512); sha512_final(&ctx->sha512, digest, 512);
break; break;
case SHA512_256: case SHA512_256:

View File

@ -60,24 +60,9 @@
* Mechanism info structure passed to KCF during registration. * Mechanism info structure passed to KCF during registration.
*/ */
static const crypto_mech_info_t sha2_mech_info_tab[] = { static const crypto_mech_info_t sha2_mech_info_tab[] = {
/* SHA256-HMAC */
{SUN_CKM_SHA256_HMAC, SHA256_HMAC_MECH_INFO_TYPE,
CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
/* SHA256-HMAC GENERAL */
{SUN_CKM_SHA256_HMAC_GENERAL, SHA256_HMAC_GEN_MECH_INFO_TYPE,
CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
/* SHA384-HMAC */
{SUN_CKM_SHA384_HMAC, SHA384_HMAC_MECH_INFO_TYPE,
CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
/* SHA384-HMAC GENERAL */
{SUN_CKM_SHA384_HMAC_GENERAL, SHA384_HMAC_GEN_MECH_INFO_TYPE,
CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
/* SHA512-HMAC */ /* SHA512-HMAC */
{SUN_CKM_SHA512_HMAC, SHA512_HMAC_MECH_INFO_TYPE, {SUN_CKM_SHA512_HMAC, SHA512_HMAC_MECH_INFO_TYPE,
CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC}, CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
/* SHA512-HMAC GENERAL */
{SUN_CKM_SHA512_HMAC_GENERAL, SHA512_HMAC_GEN_MECH_INFO_TYPE,
CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
}; };
static int sha2_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *, static int sha2_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
@ -251,10 +236,8 @@ sha2_digest_final_uio(SHA2_CTX *sha2_ctx, crypto_data_t *digest,
* The computed SHA2 digest will fit in the current * The computed SHA2 digest will fit in the current
* iovec. * iovec.
*/ */
if (((sha2_ctx->algotype <= SHA256_HMAC_GEN_MECH_INFO_TYPE) && ASSERT3U(sha2_ctx->algotype, ==, SHA512_HMAC_MECH_INFO_TYPE);
(digest_len != SHA256_DIGEST_LENGTH)) || if (digest_len != SHA512_DIGEST_LENGTH) {
((sha2_ctx->algotype > SHA256_HMAC_GEN_MECH_INFO_TYPE) &&
(digest_len != SHA512_DIGEST_LENGTH))) {
/* /*
* The caller requested a short digest. Digest * The caller requested a short digest. Digest
* into a scratch buffer and return to * into a scratch buffer and return to
@ -349,13 +332,9 @@ sha2_mac_init_ctx(sha2_hmac_ctx_t *ctx, void *keyval, uint_t length_in_bytes)
int i, block_size, blocks_per_int64; int i, block_size, blocks_per_int64;
/* Determine the block size */ /* Determine the block size */
if (ctx->hc_mech_type <= SHA256_HMAC_GEN_MECH_INFO_TYPE) { ASSERT3U(ctx->hc_mech_type, ==, SHA512_HMAC_MECH_INFO_TYPE);
block_size = SHA256_HMAC_BLOCK_SIZE;
blocks_per_int64 = SHA256_HMAC_BLOCK_SIZE / sizeof (uint64_t);
} else {
block_size = SHA512_HMAC_BLOCK_SIZE; block_size = SHA512_HMAC_BLOCK_SIZE;
blocks_per_int64 = SHA512_HMAC_BLOCK_SIZE / sizeof (uint64_t); blocks_per_int64 = SHA512_HMAC_BLOCK_SIZE / sizeof (uint64_t);
}
(void) memset(ipad, 0, block_size); (void) memset(ipad, 0, block_size);
(void) memset(opad, 0, block_size); (void) memset(opad, 0, block_size);
@ -397,15 +376,7 @@ sha2_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
* mechanism * mechanism
*/ */
switch (mechanism->cm_type) { switch (mechanism->cm_type) {
case SHA256_HMAC_MECH_INFO_TYPE:
case SHA256_HMAC_GEN_MECH_INFO_TYPE:
sha_digest_len = SHA256_DIGEST_LENGTH;
sha_hmac_block_size = SHA256_HMAC_BLOCK_SIZE;
break;
case SHA384_HMAC_MECH_INFO_TYPE:
case SHA384_HMAC_GEN_MECH_INFO_TYPE:
case SHA512_HMAC_MECH_INFO_TYPE: case SHA512_HMAC_MECH_INFO_TYPE:
case SHA512_HMAC_GEN_MECH_INFO_TYPE:
sha_digest_len = SHA512_DIGEST_LENGTH; sha_digest_len = SHA512_DIGEST_LENGTH;
sha_hmac_block_size = SHA512_HMAC_BLOCK_SIZE; sha_hmac_block_size = SHA512_HMAC_BLOCK_SIZE;
break; break;
@ -445,22 +416,6 @@ sha2_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
} }
} }
/*
* Get the mechanism parameters, if applicable.
*/
if (mechanism->cm_type % 3 == 2) {
if (mechanism->cm_param == NULL ||
mechanism->cm_param_len != sizeof (ulong_t)) {
ret = CRYPTO_MECHANISM_PARAM_INVALID;
} else {
PROV_SHA2_GET_DIGEST_LEN(mechanism,
PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len);
if (PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len >
sha_digest_len)
ret = CRYPTO_MECHANISM_PARAM_INVALID;
}
}
if (ret != CRYPTO_SUCCESS) { if (ret != CRYPTO_SUCCESS) {
memset(ctx->cc_provider_private, 0, sizeof (sha2_hmac_ctx_t)); memset(ctx->cc_provider_private, 0, sizeof (sha2_hmac_ctx_t));
kmem_free(ctx->cc_provider_private, sizeof (sha2_hmac_ctx_t)); kmem_free(ctx->cc_provider_private, sizeof (sha2_hmac_ctx_t));
@ -509,24 +464,9 @@ sha2_mac_final(crypto_ctx_t *ctx, crypto_data_t *mac)
/* Set the digest lengths to values appropriate to the mechanism */ /* Set the digest lengths to values appropriate to the mechanism */
switch (PROV_SHA2_HMAC_CTX(ctx)->hc_mech_type) { switch (PROV_SHA2_HMAC_CTX(ctx)->hc_mech_type) {
case SHA256_HMAC_MECH_INFO_TYPE:
sha_digest_len = digest_len = SHA256_DIGEST_LENGTH;
break;
case SHA384_HMAC_MECH_INFO_TYPE:
sha_digest_len = digest_len = SHA384_DIGEST_LENGTH;
break;
case SHA512_HMAC_MECH_INFO_TYPE: case SHA512_HMAC_MECH_INFO_TYPE:
sha_digest_len = digest_len = SHA512_DIGEST_LENGTH; sha_digest_len = digest_len = SHA512_DIGEST_LENGTH;
break; break;
case SHA256_HMAC_GEN_MECH_INFO_TYPE:
sha_digest_len = SHA256_DIGEST_LENGTH;
digest_len = PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len;
break;
case SHA384_HMAC_GEN_MECH_INFO_TYPE:
case SHA512_HMAC_GEN_MECH_INFO_TYPE:
sha_digest_len = SHA512_DIGEST_LENGTH;
digest_len = PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len;
break;
default: default:
return (CRYPTO_ARGUMENTS_BAD); return (CRYPTO_ARGUMENTS_BAD);
} }
@ -626,15 +566,7 @@ sha2_mac_atomic(crypto_mechanism_t *mechanism,
* mechanism * mechanism
*/ */
switch (mechanism->cm_type) { switch (mechanism->cm_type) {
case SHA256_HMAC_MECH_INFO_TYPE:
case SHA256_HMAC_GEN_MECH_INFO_TYPE:
sha_digest_len = digest_len = SHA256_DIGEST_LENGTH;
sha_hmac_block_size = SHA256_HMAC_BLOCK_SIZE;
break;
case SHA384_HMAC_MECH_INFO_TYPE:
case SHA384_HMAC_GEN_MECH_INFO_TYPE:
case SHA512_HMAC_MECH_INFO_TYPE: case SHA512_HMAC_MECH_INFO_TYPE:
case SHA512_HMAC_GEN_MECH_INFO_TYPE:
sha_digest_len = digest_len = SHA512_DIGEST_LENGTH; sha_digest_len = digest_len = SHA512_DIGEST_LENGTH;
sha_hmac_block_size = SHA512_HMAC_BLOCK_SIZE; sha_hmac_block_size = SHA512_HMAC_BLOCK_SIZE;
break; break;
@ -665,20 +597,6 @@ sha2_mac_atomic(crypto_mechanism_t *mechanism,
} }
} }
/* get the mechanism parameters, if applicable */
if ((mechanism->cm_type % 3) == 2) {
if (mechanism->cm_param == NULL ||
mechanism->cm_param_len != sizeof (ulong_t)) {
ret = CRYPTO_MECHANISM_PARAM_INVALID;
goto bail;
}
PROV_SHA2_GET_DIGEST_LEN(mechanism, digest_len);
if (digest_len > sha_digest_len) {
ret = CRYPTO_MECHANISM_PARAM_INVALID;
goto bail;
}
}
/* do a SHA2 update of the inner context using the specified data */ /* do a SHA2 update of the inner context using the specified data */
SHA2_MAC_UPDATE(data, sha2_hmac_ctx, ret); SHA2_MAC_UPDATE(data, sha2_hmac_ctx, ret);
if (ret != CRYPTO_SUCCESS) if (ret != CRYPTO_SUCCESS)
@ -693,15 +611,8 @@ sha2_mac_atomic(crypto_mechanism_t *mechanism,
/* /*
* Do an SHA2 update on the outer context, feeding the inner * Do an SHA2 update on the outer context, feeding the inner
* digest as data. * digest as data.
*
* HMAC-SHA384 needs special handling as the outer hash needs only 48
* bytes of the inner hash value.
*/ */
if (mechanism->cm_type == SHA384_HMAC_MECH_INFO_TYPE || ASSERT3U(mechanism->cm_type, ==, SHA512_HMAC_MECH_INFO_TYPE);
mechanism->cm_type == SHA384_HMAC_GEN_MECH_INFO_TYPE)
SHA2Update(&sha2_hmac_ctx.hc_ocontext, digest,
SHA384_DIGEST_LENGTH);
else
SHA2Update(&sha2_hmac_ctx.hc_ocontext, digest, sha_digest_len); SHA2Update(&sha2_hmac_ctx.hc_ocontext, digest, sha_digest_len);
/* /*
@ -758,15 +669,7 @@ sha2_mac_verify_atomic(crypto_mechanism_t *mechanism,
* mechanism * mechanism
*/ */
switch (mechanism->cm_type) { switch (mechanism->cm_type) {
case SHA256_HMAC_MECH_INFO_TYPE:
case SHA256_HMAC_GEN_MECH_INFO_TYPE:
sha_digest_len = digest_len = SHA256_DIGEST_LENGTH;
sha_hmac_block_size = SHA256_HMAC_BLOCK_SIZE;
break;
case SHA384_HMAC_MECH_INFO_TYPE:
case SHA384_HMAC_GEN_MECH_INFO_TYPE:
case SHA512_HMAC_MECH_INFO_TYPE: case SHA512_HMAC_MECH_INFO_TYPE:
case SHA512_HMAC_GEN_MECH_INFO_TYPE:
sha_digest_len = digest_len = SHA512_DIGEST_LENGTH; sha_digest_len = digest_len = SHA512_DIGEST_LENGTH;
sha_hmac_block_size = SHA512_HMAC_BLOCK_SIZE; sha_hmac_block_size = SHA512_HMAC_BLOCK_SIZE;
break; break;
@ -797,20 +700,6 @@ sha2_mac_verify_atomic(crypto_mechanism_t *mechanism,
} }
} }
/* get the mechanism parameters, if applicable */
if (mechanism->cm_type % 3 == 2) {
if (mechanism->cm_param == NULL ||
mechanism->cm_param_len != sizeof (ulong_t)) {
ret = CRYPTO_MECHANISM_PARAM_INVALID;
goto bail;
}
PROV_SHA2_GET_DIGEST_LEN(mechanism, digest_len);
if (digest_len > sha_digest_len) {
ret = CRYPTO_MECHANISM_PARAM_INVALID;
goto bail;
}
}
if (mac->cd_length != digest_len) { if (mac->cd_length != digest_len) {
ret = CRYPTO_INVALID_MAC; ret = CRYPTO_INVALID_MAC;
goto bail; goto bail;
@ -828,15 +717,8 @@ sha2_mac_verify_atomic(crypto_mechanism_t *mechanism,
/* /*
* Do an SHA2 update on the outer context, feeding the inner * Do an SHA2 update on the outer context, feeding the inner
* digest as data. * digest as data.
*
* HMAC-SHA384 needs special handling as the outer hash needs only 48
* bytes of the inner hash value.
*/ */
if (mechanism->cm_type == SHA384_HMAC_MECH_INFO_TYPE || ASSERT3U(mechanism->cm_type, ==, SHA512_HMAC_MECH_INFO_TYPE);
mechanism->cm_type == SHA384_HMAC_GEN_MECH_INFO_TYPE)
SHA2Update(&sha2_hmac_ctx.hc_ocontext, digest,
SHA384_DIGEST_LENGTH);
else
SHA2Update(&sha2_hmac_ctx.hc_ocontext, digest, sha_digest_len); SHA2Update(&sha2_hmac_ctx.hc_ocontext, digest, sha_digest_len);
/* /*
@ -929,15 +811,7 @@ sha2_create_ctx_template(crypto_mechanism_t *mechanism, crypto_key_t *key,
* mechanism * mechanism
*/ */
switch (mechanism->cm_type) { switch (mechanism->cm_type) {
case SHA256_HMAC_MECH_INFO_TYPE:
case SHA256_HMAC_GEN_MECH_INFO_TYPE:
sha_digest_len = SHA256_DIGEST_LENGTH;
sha_hmac_block_size = SHA256_HMAC_BLOCK_SIZE;
break;
case SHA384_HMAC_MECH_INFO_TYPE:
case SHA384_HMAC_GEN_MECH_INFO_TYPE:
case SHA512_HMAC_MECH_INFO_TYPE: case SHA512_HMAC_MECH_INFO_TYPE:
case SHA512_HMAC_GEN_MECH_INFO_TYPE:
sha_digest_len = SHA512_DIGEST_LENGTH; sha_digest_len = SHA512_DIGEST_LENGTH;
sha_hmac_block_size = SHA512_HMAC_BLOCK_SIZE; sha_hmac_block_size = SHA512_HMAC_BLOCK_SIZE;
break; break;
@ -986,16 +860,8 @@ sha2_free_context(crypto_ctx_t *ctx)
if (ctx->cc_provider_private == NULL) if (ctx->cc_provider_private == NULL)
return (CRYPTO_SUCCESS); return (CRYPTO_SUCCESS);
/* ASSERT3U(PROV_SHA2_CTX(ctx)->sc_mech_type, ==,
* We have to free either SHA2 or SHA2-HMAC contexts, which SHA512_HMAC_MECH_INFO_TYPE);
* have different lengths.
*
* Note: Below is dependent on the mechanism ordering.
*/
if (PROV_SHA2_CTX(ctx)->sc_mech_type % 3 == 0)
ctx_len = sizeof (sha2_ctx_t);
else
ctx_len = sizeof (sha2_hmac_ctx_t); ctx_len = sizeof (sha2_hmac_ctx_t);
memset(ctx->cc_provider_private, 0, ctx_len); memset(ctx->cc_provider_private, 0, ctx_len);