icp: remove unused SHA2 HMAC mechanisms

Sponsored-by: Klara, Inc.
Sponsored-by: Wasabi Technology, Inc.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Rob Norris <rob.norris@klarasystems.com>
Closes #16209

include/sys/crypto/common.h

@@ -79,12 +79,7 @@ typedef uint32_t crypto_keysize_unit_t;
 
 
 /* Mechanisms supported out-of-the-box */
-#define	SUN_CKM_SHA256_HMAC		"CKM_SHA256_HMAC"
-#define	SUN_CKM_SHA256_HMAC_GENERAL	"CKM_SHA256_HMAC_GENERAL"
-#define	SUN_CKM_SHA384_HMAC		"CKM_SHA384_HMAC"
-#define	SUN_CKM_SHA384_HMAC_GENERAL	"CKM_SHA384_HMAC_GENERAL"
 #define	SUN_CKM_SHA512_HMAC		"CKM_SHA512_HMAC"
-#define	SUN_CKM_SHA512_HMAC_GENERAL	"CKM_SHA512_HMAC_GENERAL"
 #define	SUN_CKM_AES_CCM			"CKM_AES_CCM"
 #define	SUN_CKM_AES_GCM			"CKM_AES_GCM"
 

include/sys/sha2.h

@@ -86,12 +86,7 @@ typedef struct {
 
 /* SHA2 algorithm types */
 typedef enum sha2_mech_type {
-	SHA256_HMAC_MECH_INFO_TYPE,	/* SUN_CKM_SHA256_HMAC */
-	SHA256_HMAC_GEN_MECH_INFO_TYPE,	/* SUN_CKM_SHA256_HMAC_GENERAL */
-	SHA384_HMAC_MECH_INFO_TYPE,	/* SUN_CKM_SHA384_HMAC */
-	SHA384_HMAC_GEN_MECH_INFO_TYPE,	/* SUN_CKM_SHA384_HMAC_GENERAL */
 	SHA512_HMAC_MECH_INFO_TYPE,	/* SUN_CKM_SHA512_HMAC */
-	SHA512_HMAC_GEN_MECH_INFO_TYPE,	/* SUN_CKM_SHA512_HMAC_GENERAL */
 
 	/* Not true KCF mech types; used by direct callers to SHA2Init */
 	SHA256,

module/icp/algs/sha2/sha2_generic.c

@@ -400,15 +400,13 @@ SHA2Init(int algotype, SHA2_CTX *ctx)
 	sha256_ctx *ctx256 = &ctx->sha256;
 	sha512_ctx *ctx512 = &ctx->sha512;
 
-	ASSERT3S(algotype, >=, SHA256_HMAC_MECH_INFO_TYPE);
+	ASSERT3S(algotype, >=, SHA512_HMAC_MECH_INFO_TYPE);
 	ASSERT3S(algotype, <=, SHA512_256);
 
 	memset(ctx, 0, sizeof (*ctx));
 	ctx->algotype = algotype;
 	switch (ctx->algotype) {
 		case SHA256:
-		case SHA256_HMAC_MECH_INFO_TYPE:
-		case SHA256_HMAC_GEN_MECH_INFO_TYPE:
 			ctx256->state[0] = 0x6a09e667;
 			ctx256->state[1] = 0xbb67ae85;
 			ctx256->state[2] = 0x3c6ef372;
@@ -420,23 +418,8 @@ SHA2Init(int algotype, SHA2_CTX *ctx)
 			ctx256->count[0] = 0;
 			ctx256->ops = sha256_get_ops();
 			break;
-		case SHA384_HMAC_MECH_INFO_TYPE:
-		case SHA384_HMAC_GEN_MECH_INFO_TYPE:
-			ctx512->state[0] = 0xcbbb9d5dc1059ed8ULL;
-			ctx512->state[1] = 0x629a292a367cd507ULL;
-			ctx512->state[2] = 0x9159015a3070dd17ULL;
-			ctx512->state[3] = 0x152fecd8f70e5939ULL;
-			ctx512->state[4] = 0x67332667ffc00b31ULL;
-			ctx512->state[5] = 0x8eb44a8768581511ULL;
-			ctx512->state[6] = 0xdb0c2e0d64f98fa7ULL;
-			ctx512->state[7] = 0x47b5481dbefa4fa4ULL;
-			ctx512->count[0] = 0;
-			ctx512->count[1] = 0;
-			ctx512->ops = sha512_get_ops();
-			break;
 		case SHA512:
 		case SHA512_HMAC_MECH_INFO_TYPE:
-		case SHA512_HMAC_GEN_MECH_INFO_TYPE:
 			ctx512->state[0] = 0x6a09e667f3bcc908ULL;
 			ctx512->state[1] = 0xbb67ae8584caa73bULL;
 			ctx512->state[2] = 0x3c6ef372fe94f82bULL;
@@ -477,17 +460,10 @@ SHA2Update(SHA2_CTX *ctx, const void *data, size_t len)
 
 	switch (ctx->algotype) {
 		case SHA256:
-		case SHA256_HMAC_MECH_INFO_TYPE:
-		case SHA256_HMAC_GEN_MECH_INFO_TYPE:
 			sha256_update(&ctx->sha256, data, len);
 			break;
-		case SHA384_HMAC_MECH_INFO_TYPE:
-		case SHA384_HMAC_GEN_MECH_INFO_TYPE:
-			sha512_update(&ctx->sha512, data, len);
-			break;
 		case SHA512:
 		case SHA512_HMAC_MECH_INFO_TYPE:
-		case SHA512_HMAC_GEN_MECH_INFO_TYPE:
 			sha512_update(&ctx->sha512, data, len);
 			break;
 		case SHA512_256:
@@ -502,17 +478,10 @@ SHA2Final(void *digest, SHA2_CTX *ctx)
 {
 	switch (ctx->algotype) {
 		case SHA256:
-		case SHA256_HMAC_MECH_INFO_TYPE:
-		case SHA256_HMAC_GEN_MECH_INFO_TYPE:
 			sha256_final(&ctx->sha256, digest, 256);
 			break;
-		case SHA384_HMAC_MECH_INFO_TYPE:
-		case SHA384_HMAC_GEN_MECH_INFO_TYPE:
-			sha512_final(&ctx->sha512, digest, 384);
-			break;
 		case SHA512:
 		case SHA512_HMAC_MECH_INFO_TYPE:
-		case SHA512_HMAC_GEN_MECH_INFO_TYPE:
 			sha512_final(&ctx->sha512, digest, 512);
 			break;
 		case SHA512_256:

module/icp/io/sha2_mod.c

@@ -60,24 +60,9 @@
  * Mechanism info structure passed to KCF during registration.
  */
 static const crypto_mech_info_t sha2_mech_info_tab[] = {
-	/* SHA256-HMAC */
-	{SUN_CKM_SHA256_HMAC, SHA256_HMAC_MECH_INFO_TYPE,
-	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
-	/* SHA256-HMAC GENERAL */
-	{SUN_CKM_SHA256_HMAC_GENERAL, SHA256_HMAC_GEN_MECH_INFO_TYPE,
-	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
-	/* SHA384-HMAC */
-	{SUN_CKM_SHA384_HMAC, SHA384_HMAC_MECH_INFO_TYPE,
-	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
-	/* SHA384-HMAC GENERAL */
-	{SUN_CKM_SHA384_HMAC_GENERAL, SHA384_HMAC_GEN_MECH_INFO_TYPE,
-	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
 	/* SHA512-HMAC */
 	{SUN_CKM_SHA512_HMAC, SHA512_HMAC_MECH_INFO_TYPE,
 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
-	/* SHA512-HMAC GENERAL */
-	{SUN_CKM_SHA512_HMAC_GENERAL, SHA512_HMAC_GEN_MECH_INFO_TYPE,
-	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
 };
 
 static int sha2_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
@@ -251,10 +236,8 @@ sha2_digest_final_uio(SHA2_CTX *sha2_ctx, crypto_data_t *digest,
 		 * The computed SHA2 digest will fit in the current
 		 * iovec.
 		 */
-		if (((sha2_ctx->algotype <= SHA256_HMAC_GEN_MECH_INFO_TYPE) &&
+		ASSERT3U(sha2_ctx->algotype, ==, SHA512_HMAC_MECH_INFO_TYPE);
-		    (digest_len != SHA256_DIGEST_LENGTH)) ||
+		if (digest_len != SHA512_DIGEST_LENGTH) {
-		    ((sha2_ctx->algotype > SHA256_HMAC_GEN_MECH_INFO_TYPE) &&
-		    (digest_len != SHA512_DIGEST_LENGTH))) {
 			/*
 			 * The caller requested a short digest. Digest
 			 * into a scratch buffer and return to
@@ -349,13 +332,9 @@ sha2_mac_init_ctx(sha2_hmac_ctx_t *ctx, void *keyval, uint_t length_in_bytes)
 	int i, block_size, blocks_per_int64;
 
 	/* Determine the block size */
-	if (ctx->hc_mech_type <= SHA256_HMAC_GEN_MECH_INFO_TYPE) {
+	ASSERT3U(ctx->hc_mech_type, ==, SHA512_HMAC_MECH_INFO_TYPE);
-		block_size = SHA256_HMAC_BLOCK_SIZE;
+	block_size = SHA512_HMAC_BLOCK_SIZE;
-		blocks_per_int64 = SHA256_HMAC_BLOCK_SIZE / sizeof (uint64_t);
+	blocks_per_int64 = SHA512_HMAC_BLOCK_SIZE / sizeof (uint64_t);
-	} else {
-		block_size = SHA512_HMAC_BLOCK_SIZE;
-		blocks_per_int64 = SHA512_HMAC_BLOCK_SIZE / sizeof (uint64_t);
-	}
 
 	(void) memset(ipad, 0, block_size);
 	(void) memset(opad, 0, block_size);
@@ -397,15 +376,7 @@ sha2_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
 	 * mechanism
 	 */
 	switch (mechanism->cm_type) {
-	case SHA256_HMAC_MECH_INFO_TYPE:
-	case SHA256_HMAC_GEN_MECH_INFO_TYPE:
-		sha_digest_len = SHA256_DIGEST_LENGTH;
-		sha_hmac_block_size = SHA256_HMAC_BLOCK_SIZE;
-		break;
-	case SHA384_HMAC_MECH_INFO_TYPE:
-	case SHA384_HMAC_GEN_MECH_INFO_TYPE:
 	case SHA512_HMAC_MECH_INFO_TYPE:
-	case SHA512_HMAC_GEN_MECH_INFO_TYPE:
 		sha_digest_len = SHA512_DIGEST_LENGTH;
 		sha_hmac_block_size = SHA512_HMAC_BLOCK_SIZE;
 		break;
@@ -445,22 +416,6 @@ sha2_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
 		}
 	}
 
-	/*
-	 * Get the mechanism parameters, if applicable.
-	 */
-	if (mechanism->cm_type % 3 == 2) {
-		if (mechanism->cm_param == NULL ||
-		    mechanism->cm_param_len != sizeof (ulong_t)) {
-			ret = CRYPTO_MECHANISM_PARAM_INVALID;
-		} else {
-			PROV_SHA2_GET_DIGEST_LEN(mechanism,
-			    PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len);
-			if (PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len >
-			    sha_digest_len)
-				ret = CRYPTO_MECHANISM_PARAM_INVALID;
-		}
-	}
-
 	if (ret != CRYPTO_SUCCESS) {
 		memset(ctx->cc_provider_private, 0, sizeof (sha2_hmac_ctx_t));
 		kmem_free(ctx->cc_provider_private, sizeof (sha2_hmac_ctx_t));
@@ -509,24 +464,9 @@ sha2_mac_final(crypto_ctx_t *ctx, crypto_data_t *mac)
 
 	/* Set the digest lengths to values appropriate to the mechanism */
 	switch (PROV_SHA2_HMAC_CTX(ctx)->hc_mech_type) {
-	case SHA256_HMAC_MECH_INFO_TYPE:
-		sha_digest_len = digest_len = SHA256_DIGEST_LENGTH;
-		break;
-	case SHA384_HMAC_MECH_INFO_TYPE:
-		sha_digest_len = digest_len = SHA384_DIGEST_LENGTH;
-		break;
 	case SHA512_HMAC_MECH_INFO_TYPE:
 		sha_digest_len = digest_len = SHA512_DIGEST_LENGTH;
 		break;
-	case SHA256_HMAC_GEN_MECH_INFO_TYPE:
-		sha_digest_len = SHA256_DIGEST_LENGTH;
-		digest_len = PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len;
-		break;
-	case SHA384_HMAC_GEN_MECH_INFO_TYPE:
-	case SHA512_HMAC_GEN_MECH_INFO_TYPE:
-		sha_digest_len = SHA512_DIGEST_LENGTH;
-		digest_len = PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len;
-		break;
 	default:
 		return (CRYPTO_ARGUMENTS_BAD);
 	}
@@ -626,15 +566,7 @@ sha2_mac_atomic(crypto_mechanism_t *mechanism,
 	 * mechanism
 	 */
 	switch (mechanism->cm_type) {
-	case SHA256_HMAC_MECH_INFO_TYPE:
-	case SHA256_HMAC_GEN_MECH_INFO_TYPE:
-		sha_digest_len = digest_len = SHA256_DIGEST_LENGTH;
-		sha_hmac_block_size = SHA256_HMAC_BLOCK_SIZE;
-		break;
-	case SHA384_HMAC_MECH_INFO_TYPE:
-	case SHA384_HMAC_GEN_MECH_INFO_TYPE:
 	case SHA512_HMAC_MECH_INFO_TYPE:
-	case SHA512_HMAC_GEN_MECH_INFO_TYPE:
 		sha_digest_len = digest_len = SHA512_DIGEST_LENGTH;
 		sha_hmac_block_size = SHA512_HMAC_BLOCK_SIZE;
 		break;
@@ -665,20 +597,6 @@ sha2_mac_atomic(crypto_mechanism_t *mechanism,
 		}
 	}
 
-	/* get the mechanism parameters, if applicable */
-	if ((mechanism->cm_type % 3) == 2) {
-		if (mechanism->cm_param == NULL ||
-		    mechanism->cm_param_len != sizeof (ulong_t)) {
-			ret = CRYPTO_MECHANISM_PARAM_INVALID;
-			goto bail;
-		}
-		PROV_SHA2_GET_DIGEST_LEN(mechanism, digest_len);
-		if (digest_len > sha_digest_len) {
-			ret = CRYPTO_MECHANISM_PARAM_INVALID;
-			goto bail;
-		}
-	}
-
 	/* do a SHA2 update of the inner context using the specified data */
 	SHA2_MAC_UPDATE(data, sha2_hmac_ctx, ret);
 	if (ret != CRYPTO_SUCCESS)
@@ -693,16 +611,9 @@ sha2_mac_atomic(crypto_mechanism_t *mechanism,
 	/*
 	 * Do an SHA2 update on the outer context, feeding the inner
 	 * digest as data.
-	 *
-	 * HMAC-SHA384 needs special handling as the outer hash needs only 48
-	 * bytes of the inner hash value.
 	 */
-	if (mechanism->cm_type == SHA384_HMAC_MECH_INFO_TYPE ||
+	ASSERT3U(mechanism->cm_type, ==, SHA512_HMAC_MECH_INFO_TYPE);
-	    mechanism->cm_type == SHA384_HMAC_GEN_MECH_INFO_TYPE)
+	SHA2Update(&sha2_hmac_ctx.hc_ocontext, digest, sha_digest_len);
-		SHA2Update(&sha2_hmac_ctx.hc_ocontext, digest,
-		    SHA384_DIGEST_LENGTH);
-	else
-		SHA2Update(&sha2_hmac_ctx.hc_ocontext, digest, sha_digest_len);
 
 	/*
 	 * Do a SHA2 final on the outer context, storing the computed
@@ -758,15 +669,7 @@ sha2_mac_verify_atomic(crypto_mechanism_t *mechanism,
 	 * mechanism
 	 */
 	switch (mechanism->cm_type) {
-	case SHA256_HMAC_MECH_INFO_TYPE:
-	case SHA256_HMAC_GEN_MECH_INFO_TYPE:
-		sha_digest_len = digest_len = SHA256_DIGEST_LENGTH;
-		sha_hmac_block_size = SHA256_HMAC_BLOCK_SIZE;
-		break;
-	case SHA384_HMAC_MECH_INFO_TYPE:
-	case SHA384_HMAC_GEN_MECH_INFO_TYPE:
 	case SHA512_HMAC_MECH_INFO_TYPE:
-	case SHA512_HMAC_GEN_MECH_INFO_TYPE:
 		sha_digest_len = digest_len = SHA512_DIGEST_LENGTH;
 		sha_hmac_block_size = SHA512_HMAC_BLOCK_SIZE;
 		break;
@@ -797,20 +700,6 @@ sha2_mac_verify_atomic(crypto_mechanism_t *mechanism,
 		}
 	}
 
-	/* get the mechanism parameters, if applicable */
-	if (mechanism->cm_type % 3 == 2) {
-		if (mechanism->cm_param == NULL ||
-		    mechanism->cm_param_len != sizeof (ulong_t)) {
-			ret = CRYPTO_MECHANISM_PARAM_INVALID;
-			goto bail;
-		}
-		PROV_SHA2_GET_DIGEST_LEN(mechanism, digest_len);
-		if (digest_len > sha_digest_len) {
-			ret = CRYPTO_MECHANISM_PARAM_INVALID;
-			goto bail;
-		}
-	}
-
 	if (mac->cd_length != digest_len) {
 		ret = CRYPTO_INVALID_MAC;
 		goto bail;
@@ -828,16 +717,9 @@ sha2_mac_verify_atomic(crypto_mechanism_t *mechanism,
 	/*
 	 * Do an SHA2 update on the outer context, feeding the inner
 	 * digest as data.
-	 *
-	 * HMAC-SHA384 needs special handling as the outer hash needs only 48
-	 * bytes of the inner hash value.
 	 */
-	if (mechanism->cm_type == SHA384_HMAC_MECH_INFO_TYPE ||
+	ASSERT3U(mechanism->cm_type, ==, SHA512_HMAC_MECH_INFO_TYPE);
-	    mechanism->cm_type == SHA384_HMAC_GEN_MECH_INFO_TYPE)
+	SHA2Update(&sha2_hmac_ctx.hc_ocontext, digest, sha_digest_len);
-		SHA2Update(&sha2_hmac_ctx.hc_ocontext, digest,
-		    SHA384_DIGEST_LENGTH);
-	else
-		SHA2Update(&sha2_hmac_ctx.hc_ocontext, digest, sha_digest_len);
 
 	/*
 	 * Do a SHA2 final on the outer context, storing the computed
@@ -929,15 +811,7 @@ sha2_create_ctx_template(crypto_mechanism_t *mechanism, crypto_key_t *key,
 	 * mechanism
 	 */
 	switch (mechanism->cm_type) {
-	case SHA256_HMAC_MECH_INFO_TYPE:
-	case SHA256_HMAC_GEN_MECH_INFO_TYPE:
-		sha_digest_len = SHA256_DIGEST_LENGTH;
-		sha_hmac_block_size = SHA256_HMAC_BLOCK_SIZE;
-		break;
-	case SHA384_HMAC_MECH_INFO_TYPE:
-	case SHA384_HMAC_GEN_MECH_INFO_TYPE:
 	case SHA512_HMAC_MECH_INFO_TYPE:
-	case SHA512_HMAC_GEN_MECH_INFO_TYPE:
 		sha_digest_len = SHA512_DIGEST_LENGTH;
 		sha_hmac_block_size = SHA512_HMAC_BLOCK_SIZE;
 		break;
@@ -986,17 +860,9 @@ sha2_free_context(crypto_ctx_t *ctx)
 	if (ctx->cc_provider_private == NULL)
 		return (CRYPTO_SUCCESS);
 
-	/*
+	ASSERT3U(PROV_SHA2_CTX(ctx)->sc_mech_type, ==,
-	 * We have to free either SHA2 or SHA2-HMAC contexts, which
+	    SHA512_HMAC_MECH_INFO_TYPE);
-	 * have different lengths.
+	ctx_len = sizeof (sha2_hmac_ctx_t);
-	 *
-	 * Note: Below is dependent on the mechanism ordering.
-	 */
-
-	if (PROV_SHA2_CTX(ctx)->sc_mech_type % 3 == 0)
-		ctx_len = sizeof (sha2_ctx_t);
-	else
-		ctx_len = sizeof (sha2_hmac_ctx_t);
 
 	memset(ctx->cc_provider_private, 0, ctx_len);
 	kmem_free(ctx->cc_provider_private, ctx_len);