d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

module: icp: rip out insane crypto_req_handle_t mechanism, inline KM_SLEEP

Browse Source 
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Closes #12901
This commit is contained in:
наб 2021-12-25 04:34:29 +01:00 committed by Brian Behlendorf
parent 15ec086396
commit df7b54f1d9
16 changed files with 187 additions and 339 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
include/sys/crypto/api.h
View File

@ -36,8 +36,6 @@ extern "C" {
typedef void *crypto_context_t;
typedef void *crypto_ctx_template_t;
typedef struct {} crypto_call_req_t;
/*
* Returns the mechanism type corresponding to a mechanism name.
*/
@ -48,17 +46,16 @@ extern crypto_mech_type_t crypto_mech2id(const char *name);
* Create and destroy context templates.
*/
extern int crypto_create_ctx_template(crypto_mechanism_t *mech,
crypto_key_t *key, crypto_ctx_template_t *tmpl, int kmflag);
crypto_key_t *key, crypto_ctx_template_t *tmpl);
extern void crypto_destroy_ctx_template(crypto_ctx_template_t tmpl);
/*
* Single and multi-part MAC operations.
*/
extern int crypto_mac(crypto_mechanism_t *mech, crypto_data_t *data,
crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *mac,
crypto_call_req_t *cr);
crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *mac);
extern int crypto_mac_init(crypto_mechanism_t *mech, crypto_key_t *key,
crypto_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *cr);
crypto_ctx_template_t tmpl, crypto_context_t *ctxp);
extern int crypto_mac_update(crypto_context_t ctx, crypto_data_t *data);
extern int crypto_mac_final(crypto_context_t ctx, crypto_data_t *data);
@ -66,11 +63,9 @@ extern int crypto_mac_final(crypto_context_t ctx, crypto_data_t *data);
* Single-part encryption/decryption operations.
*/
extern int crypto_encrypt(crypto_mechanism_t *mech, crypto_data_t *plaintext,
crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *ciphertext,
crypto_call_req_t *cr);
crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *ciphertext);
extern int crypto_decrypt(crypto_mechanism_t *mech, crypto_data_t *ciphertext,
crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *plaintext,
crypto_call_req_t *cr);
crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *plaintext);
#ifdef __cplusplus
}

14
module/icp/algs/modes/gcm.c
View File

@ -342,7 +342,7 @@ gcm_mode_decrypt_contiguous_blocks(gcm_ctx_t *ctx, char *data, size_t length,
*/
if (length > 0) {
new_len = ctx->gcm_pt_buf_len + length;
new = vmem_alloc(new_len, ctx->gcm_kmflag);
new = vmem_alloc(new_len, KM_SLEEP);
if (new == NULL) {
vmem_free(ctx->gcm_pt_buf, ctx->gcm_pt_buf_len);
ctx->gcm_pt_buf = NULL;
@ -654,7 +654,7 @@ gcm_init_ctx(gcm_ctx_t *gcm_ctx, char *param, size_t block_size,
}
gcm_ctx->gcm_htab_len = htab_len;
gcm_ctx->gcm_Htable =
(uint64_t *)kmem_alloc(htab_len, gcm_ctx->gcm_kmflag);
(uint64_t *)kmem_alloc(htab_len, KM_SLEEP);
if (gcm_ctx->gcm_Htable == NULL) {
return (CRYPTO_HOST_MEMORY);
@ -729,7 +729,7 @@ gmac_init_ctx(gcm_ctx_t *gcm_ctx, char *param, size_t block_size,
}
gcm_ctx->gcm_htab_len = htab_len;
gcm_ctx->gcm_Htable =
(uint64_t *)kmem_alloc(htab_len, gcm_ctx->gcm_kmflag);
(uint64_t *)kmem_alloc(htab_len, KM_SLEEP);
if (gcm_ctx->gcm_Htable == NULL) {
return (CRYPTO_HOST_MEMORY);
@ -780,12 +780,6 @@ gmac_alloc_ctx(int kmflag)
return (gcm_ctx);
}
void
gcm_set_kmflag(gcm_ctx_t *ctx, int kmflag)
{
ctx->gcm_kmflag = kmflag;
}
/* GCM implementation that contains the fastest methods */
static gcm_impl_ops_t gcm_fastest_impl = {
.name = "fastest"
@ -1212,7 +1206,7 @@ gcm_mode_encrypt_contiguous_blocks_avx(gcm_ctx_t *ctx, char *data,
/* Allocate a buffer to encrypt to if there is enough input. */
if (bleft >= GCM_AVX_MIN_ENCRYPT_BYTES) {
ct_buf = vmem_alloc(chunk_size, ctx->gcm_kmflag);
ct_buf = vmem_alloc(chunk_size, KM_SLEEP);
if (ct_buf == NULL) {
return (CRYPTO_HOST_MEMORY);
}

22
module/icp/api/kcf_cipher.c
View File

@ -52,7 +52,6 @@
* tmpl: a crypto_ctx_template_t, opaque template of a context of an
* encryption with the 'mech' using 'key'. 'tmpl' is created by
* a previous call to crypto_create_ctx_template().
* cr: crypto_call_req_t calling conditions and call back info.
*
* Description:
* Asynchronously submits a request for, or synchronously performs a
@ -62,16 +61,12 @@
* message.
* Relies on the KCF scheduler to pick a provider.
*
* Context:
* Process or interrupt, according to the semantics dictated by the 'cr'.
*
* Returns:
* See comment in the beginning of the file.
*/
int
crypto_encrypt(crypto_mechanism_t *mech, crypto_data_t *plaintext,
crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *ciphertext,
crypto_call_req_t *crq)
crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *ciphertext)
{
int error;
kcf_mech_entry_t *me;
@ -95,12 +90,12 @@ crypto_encrypt(crypto_mechanism_t *mech, crypto_data_t *plaintext,
crypto_mechanism_t lmech = *mech;
KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech);
error = KCF_PROV_ENCRYPT_ATOMIC(pd, pd->pd_sid, &lmech, key,
plaintext, ciphertext, spi_ctx_tmpl, KCF_SWFP_RHNDL(crq));
plaintext, ciphertext, spi_ctx_tmpl);
KCF_PROV_INCRSTATS(pd, error);
if (error != CRYPTO_SUCCESS && IS_RECOVERABLE(error)) {
/* Add pd to the linked list of providers tried. */
if (kcf_insert_triedlist(&list, pd, KCF_KMFLAG(crq)) != NULL)
if (kcf_insert_triedlist(&list, pd, KM_SLEEP) != NULL)
goto retry;
}
@ -129,7 +124,6 @@ crypto_encrypt(crypto_mechanism_t *mech, crypto_data_t *plaintext,
* tmpl: a crypto_ctx_template_t, opaque template of a context of an
* encryption with the 'mech' using 'key'. 'tmpl' is created by
* a previous call to crypto_create_ctx_template().
* cr: crypto_call_req_t calling conditions and call back info.
*
* Description:
* Asynchronously submits a request for, or synchronously performs a
@ -139,16 +133,12 @@ crypto_encrypt(crypto_mechanism_t *mech, crypto_data_t *plaintext,
* message.
* Relies on the KCF scheduler to choose a provider.
*
* Context:
* Process or interrupt, according to the semantics dictated by the 'cr'.
*
* Returns:
* See comment in the beginning of the file.
*/
int
crypto_decrypt(crypto_mechanism_t *mech, crypto_data_t *ciphertext,
crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *plaintext,
crypto_call_req_t *crq)
crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *plaintext)
{
int error;
kcf_mech_entry_t *me;
@ -173,12 +163,12 @@ crypto_decrypt(crypto_mechanism_t *mech, crypto_data_t *ciphertext,
KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech);
error = KCF_PROV_DECRYPT_ATOMIC(pd, pd->pd_sid, &lmech, key,
ciphertext, plaintext, spi_ctx_tmpl, KCF_SWFP_RHNDL(crq));
ciphertext, plaintext, spi_ctx_tmpl);
KCF_PROV_INCRSTATS(pd, error);
if (error != CRYPTO_SUCCESS && IS_RECOVERABLE(error)) {
/* Add pd to the linked list of providers tried. */
if (kcf_insert_triedlist(&list, pd, KCF_KMFLAG(crq)) != NULL)
if (kcf_insert_triedlist(&list, pd, KM_SLEEP) != NULL)
goto retry;
}

7
module/icp/api/kcf_ctxops.c
View File

@ -48,7 +48,6 @@
* ptmpl: a storage for the opaque crypto_ctx_template_t, allocated and
* initialized by the software provider this routine is
* dispatched to.
* kmflag: KM_SLEEP/KM_NOSLEEP mem. alloc. flag.
*
* Description:
* Redirects the call to the software provider of the specified
@ -69,7 +68,7 @@
*/
int
crypto_create_ctx_template(crypto_mechanism_t *mech, crypto_key_t *key,
crypto_ctx_template_t *ptmpl, int kmflag)
crypto_ctx_template_t *ptmpl)
{
int error;
kcf_mech_entry_t *me;
@ -90,7 +89,7 @@ crypto_create_ctx_template(crypto_mechanism_t *mech, crypto_key_t *key,
return (error);
if ((ctx_tmpl = (kcf_ctx_template_t *)kmem_alloc(
sizeof (kcf_ctx_template_t), kmflag)) == NULL) {
sizeof (kcf_ctx_template_t), KM_SLEEP)) == NULL) {
KCF_PROV_REFRELE(pd);
return (CRYPTO_HOST_MEMORY);
}
@ -101,7 +100,7 @@ crypto_create_ctx_template(crypto_mechanism_t *mech, crypto_key_t *key,
prov_mech.cm_param_len = mech->cm_param_len;
error = KCF_PROV_CREATE_CTX_TEMPLATE(pd, &prov_mech, key,
&(ctx_tmpl->ct_prov_tmpl), &(ctx_tmpl->ct_size), KCF_RHNDL(kmflag));
&(ctx_tmpl->ct_prov_tmpl), &(ctx_tmpl->ct_size));
if (error == CRYPTO_SUCCESS) {
*ptmpl = ctx_tmpl;

39
module/icp/api/kcf_mac.c
View File

@ -67,7 +67,6 @@
* tmpl: a crypto_ctx_template_t, opaque template of a context of a
* MAC with the 'mech' using 'key'. 'tmpl' is created by
* a previous call to crypto_create_ctx_template().
* cr: crypto_call_req_t calling conditions and call back info.
*
* Description:
* Asynchronously submits a request for, or synchronously performs a
@ -78,16 +77,12 @@
* authentication code.
* Relies on the KCF scheduler to choose a provider.
*
* Context:
* Process or interrupt, according to the semantics dictated by the 'crq'.
*
* Returns:
* See comment in the beginning of the file.
*/
int
crypto_mac(crypto_mechanism_t *mech, crypto_data_t *data,
crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *mac,
crypto_call_req_t *crq)
crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *mac)
{
int error;
kcf_mech_entry_t *me;
@ -111,12 +106,12 @@ crypto_mac(crypto_mechanism_t *mech, crypto_data_t *data,
crypto_mechanism_t lmech = *mech;
KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech);
error = KCF_PROV_MAC_ATOMIC(pd, pd->pd_sid, &lmech, key, data,
mac, spi_ctx_tmpl, KCF_SWFP_RHNDL(crq));
mac, spi_ctx_tmpl);
KCF_PROV_INCRSTATS(pd, error);
if (error != CRYPTO_SUCCESS && IS_RECOVERABLE(error)) {
/* Add pd to the linked list of providers tried. */
if (kcf_insert_triedlist(&list, pd, KCF_KMFLAG(crq)) != NULL)
if (kcf_insert_triedlist(&list, pd, KM_SLEEP) != NULL)
goto retry;
}
@ -143,7 +138,6 @@ crypto_mac(crypto_mechanism_t *mech, crypto_data_t *data,
* MAC with the 'mech' using 'key'. 'tmpl' is created by
* a previous call to crypto_create_ctx_template().
* ctxp: Pointer to a crypto_context_t.
* cr: crypto_call_req_t calling conditions and call back info.
*
* Description:
* Asynchronously submits a request for, or synchronously performs the
@ -156,16 +150,13 @@ crypto_mac(crypto_mechanism_t *mech, crypto_data_t *data,
* The caller should hold a reference on the specified provider
* descriptor before calling this function.
*
* Context:
* Process or interrupt, according to the semantics dictated by the 'cr'.
*
* Returns:
* See comment in the beginning of the file.
*/
static int
crypto_mac_init_prov(kcf_provider_desc_t *pd,
crypto_mechanism_t *mech, crypto_key_t *key, crypto_spi_ctx_template_t tmpl,
crypto_context_t *ctxp, crypto_call_req_t *crq)
crypto_context_t *ctxp)
{
int rv;
crypto_ctx_t *ctx;
@ -174,13 +165,12 @@ crypto_mac_init_prov(kcf_provider_desc_t *pd,
ASSERT(KCF_PROV_REFHELD(pd));
/* Allocate and initialize the canonical context */
if ((ctx = kcf_new_ctx(crq, real_provider)) == NULL)
if ((ctx = kcf_new_ctx(real_provider)) == NULL)
return (CRYPTO_HOST_MEMORY);
crypto_mechanism_t lmech = *mech;
KCF_SET_PROVIDER_MECHNUM(mech->cm_type, real_provider, &lmech);
rv = KCF_PROV_MAC_INIT(real_provider, ctx, &lmech, key, tmpl,
KCF_SWFP_RHNDL(crq));
rv = KCF_PROV_MAC_INIT(real_provider, ctx, &lmech, key, tmpl);
KCF_PROV_INCRSTATS(pd, rv);
if (rv == CRYPTO_SUCCESS)
@ -200,8 +190,7 @@ crypto_mac_init_prov(kcf_provider_desc_t *pd,
*/
int
crypto_mac_init(crypto_mechanism_t *mech, crypto_key_t *key,
crypto_ctx_template_t tmpl, crypto_context_t *ctxp,
crypto_call_req_t *crq)
crypto_ctx_template_t tmpl, crypto_context_t *ctxp)
{
int error;
kcf_mech_entry_t *me;
@ -230,10 +219,10 @@ crypto_mac_init(crypto_mechanism_t *mech, crypto_key_t *key,
spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
error = crypto_mac_init_prov(pd, mech, key,
spi_ctx_tmpl, ctxp, crq);
spi_ctx_tmpl, ctxp);
if (error != CRYPTO_SUCCESS && IS_RECOVERABLE(error)) {
/* Add pd to the linked list of providers tried. */
if (kcf_insert_triedlist(&list, pd, KCF_KMFLAG(crq)) != NULL)
if (kcf_insert_triedlist(&list, pd, KM_SLEEP) != NULL)
goto retry;
}
@ -254,9 +243,6 @@ crypto_mac_init(crypto_mechanism_t *mech, crypto_key_t *key,
* Description:
* Synchronously performs a part of a MAC operation.
*
* Context:
* Process or interrupt, according to the semantics dictated by the 'cr'.
*
* Returns:
* See comment in the beginning of the file.
*/
@ -273,7 +259,7 @@ crypto_mac_update(crypto_context_t context, crypto_data_t *data)
return (CRYPTO_INVALID_CONTEXT);
}
int rv = KCF_PROV_MAC_UPDATE(pd, ctx, data, NULL);
int rv = KCF_PROV_MAC_UPDATE(pd, ctx, data);
KCF_PROV_INCRSTATS(pd, rv);
return (rv);
}
@ -288,9 +274,6 @@ crypto_mac_update(crypto_context_t context, crypto_data_t *data)
* Description:
* Synchronously performs a part of a message authentication operation.
*
* Context:
* Process or interrupt, according to the semantics dictated by the 'cr'.
*
* Returns:
* See comment in the beginning of the file.
*/
@ -307,7 +290,7 @@ crypto_mac_final(crypto_context_t context, crypto_data_t *mac)
return (CRYPTO_INVALID_CONTEXT);
}
int rv = KCF_PROV_MAC_FINAL(pd, ctx, mac, NULL);
int rv = KCF_PROV_MAC_FINAL(pd, ctx, mac);
KCF_PROV_INCRSTATS(pd, rv);
/* Release the hold done in kcf_new_ctx() during init step. */

6
module/icp/core/kcf_sched.c
View File

@ -37,19 +37,17 @@
/* kmem caches used by the scheduler */
static kmem_cache_t *kcf_context_cache;
ulong_t kcf_swprov_hndl = 0;
/*
* Create a new context.
*/
crypto_ctx_t *
kcf_new_ctx(crypto_call_req_t *crq, kcf_provider_desc_t *pd)
kcf_new_ctx(kcf_provider_desc_t *pd)
{
crypto_ctx_t *ctx;
kcf_context_t *kcf_ctx;
kcf_ctx = kmem_cache_alloc(kcf_context_cache,
(crq == NULL) ? KM_SLEEP : KM_NOSLEEP);
kcf_ctx = kmem_cache_alloc(kcf_context_cache, KM_SLEEP);
if (kcf_ctx == NULL)
return (NULL);

6
module/icp/include/modes/modes.h
View File

@ -207,10 +207,6 @@ typedef struct ccm_ctx {
*
* gcm_len_a_len_c: 64-bit representations of the bit lengths of
* AAD and ciphertext.
*
* gcm_kmflag: Current value of kmflag. Used for allocating
* the plaintext buffer during decryption and a
* gcm_avx_chunk_size'd buffer for avx enabled encryption.
*/
typedef struct gcm_ctx {
struct common_ctx gcm_common;
@ -231,7 +227,6 @@ typedef struct gcm_ctx {
uint64_t gcm_J0[2];
uint64_t gcm_len_a_len_c[2];
uint8_t *gcm_pt_buf;
int gcm_kmflag;
#ifdef CAN_USE_GCM_ASM
boolean_t gcm_use_avx;
#endif
@ -402,7 +397,6 @@ extern void *ccm_alloc_ctx(int);
extern void *gcm_alloc_ctx(int);
extern void *gmac_alloc_ctx(int);
extern void crypto_free_mode_ctx(void *);
extern void gcm_set_kmflag(gcm_ctx_t *, int);
#ifdef __cplusplus
}

41
module/icp/include/sys/crypto/impl.h
View File

@ -76,7 +76,7 @@ typedef struct kcf_sched_info {
* other purposes, that base value is mostly same across all providers.
* So, it is a good measure of the load on a provider when it is not
* in a busy state. Once a provider notifies it is busy, requests
* backup in the taskq. So, we use tq_nalloc in that case which gives
* back up in the taskq. So, we use tq_nalloc in that case which gives
* the number of task entries in the task queue. Note that we do not
* acquire any locks here as it is not critical to get the exact number
* and the lock contention may be too costly for this code path.
@ -387,76 +387,73 @@ typedef struct crypto_minor {
* Wrappers for crypto_digest_ops(9S) entry points.
*/
#define KCF_PROV_DIGEST_INIT(pd, ctx, mech, req) ( \
#define KCF_PROV_DIGEST_INIT(pd, ctx, mech) ( \
(KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_init) ? \
KCF_PROV_DIGEST_OPS(pd)->digest_init(ctx, mech, req) : \
KCF_PROV_DIGEST_OPS(pd)->digest_init(ctx, mech) : \
CRYPTO_NOT_SUPPORTED)
/*
* Wrappers for crypto_cipher_ops(9S) entry points.
*/
#define KCF_PROV_ENCRYPT_INIT(pd, ctx, mech, key, template, req) ( \
#define KCF_PROV_ENCRYPT_INIT(pd, ctx, mech, key, template) ( \
(KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_init) ? \
KCF_PROV_CIPHER_OPS(pd)->encrypt_init(ctx, mech, key, template, \
req) : \
KCF_PROV_CIPHER_OPS(pd)->encrypt_init(ctx, mech, key, template) : \
CRYPTO_NOT_SUPPORTED)
#define KCF_PROV_ENCRYPT_ATOMIC(pd, session, mech, key, plaintext, ciphertext, \
template, req) ( \
template) ( \
(KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic) ? \
KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic( \
(pd)->pd_prov_handle, session, mech, key, plaintext, ciphertext, \
template, req) : \
template) : \
CRYPTO_NOT_SUPPORTED)
#define KCF_PROV_DECRYPT_ATOMIC(pd, session, mech, key, ciphertext, plaintext, \
template, req) ( \
template) ( \
(KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic) ? \
KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic( \
(pd)->pd_prov_handle, session, mech, key, ciphertext, plaintext, \
template, req) : \
template) : \
CRYPTO_NOT_SUPPORTED)
/*
* Wrappers for crypto_mac_ops(9S) entry points.
*/
#define KCF_PROV_MAC_INIT(pd, ctx, mech, key, template, req) ( \
#define KCF_PROV_MAC_INIT(pd, ctx, mech, key, template) ( \
(KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_init) ? \
KCF_PROV_MAC_OPS(pd)->mac_init(ctx, mech, key, template, req) \
KCF_PROV_MAC_OPS(pd)->mac_init(ctx, mech, key, template) \
: CRYPTO_NOT_SUPPORTED)
/*
* The _ (underscore) in _mac is needed to avoid replacing the
* function mac().
*/
#define KCF_PROV_MAC_UPDATE(pd, ctx, data, req) ( \
#define KCF_PROV_MAC_UPDATE(pd, ctx, data) ( \
(KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_update) ? \
KCF_PROV_MAC_OPS(pd)->mac_update(ctx, data, req) : \
KCF_PROV_MAC_OPS(pd)->mac_update(ctx, data) : \
CRYPTO_NOT_SUPPORTED)
#define KCF_PROV_MAC_FINAL(pd, ctx, mac, req) ( \
#define KCF_PROV_MAC_FINAL(pd, ctx, mac) ( \
(KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_final) ? \
KCF_PROV_MAC_OPS(pd)->mac_final(ctx, mac, req) : \
KCF_PROV_MAC_OPS(pd)->mac_final(ctx, mac) : \
CRYPTO_NOT_SUPPORTED)
#define KCF_PROV_MAC_ATOMIC(pd, session, mech, key, data, mac, template, \
req) ( \
#define KCF_PROV_MAC_ATOMIC(pd, session, mech, key, data, mac, template) ( \
(KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_atomic) ? \
KCF_PROV_MAC_OPS(pd)->mac_atomic( \
(pd)->pd_prov_handle, session, mech, key, data, mac, template, \
req) : \
(pd)->pd_prov_handle, session, mech, key, data, mac, template) : \
CRYPTO_NOT_SUPPORTED)
/*
* Wrappers for crypto_ctx_ops(9S) entry points.
*/
#define KCF_PROV_CREATE_CTX_TEMPLATE(pd, mech, key, template, size, req) ( \
#define KCF_PROV_CREATE_CTX_TEMPLATE(pd, mech, key, template, size) ( \
(KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->create_ctx_template) ? \
KCF_PROV_CTX_OPS(pd)->create_ctx_template( \
(pd)->pd_prov_handle, mech, key, template, size, req) : \
(pd)->pd_prov_handle, mech, key, template, size) : \
CRYPTO_NOT_SUPPORTED)
#define KCF_PROV_FREE_CONTEXT(pd, ctx) ( \

24
module/icp/include/sys/crypto/sched_impl.h
View File

@ -40,28 +40,6 @@ extern "C" {
#include <sys/crypto/impl.h>
#include <sys/crypto/common.h>
#define KCF_KMFLAG(crq) (((crq) == NULL) ? KM_SLEEP : KM_NOSLEEP)
/*
* The framework keeps an internal handle to use in the adaptive
* asynchronous case. This is the case when a client has the
* CRYPTO_ALWAYS_QUEUE bit clear and a provider is used for
* the request. The request is completed in the context of the calling
* thread and kernel memory must be allocated with KM_NOSLEEP.
*
* The framework passes a pointer to the handle in crypto_req_handle_t
* argument when it calls the SPI of the provider. The macros
* KCF_RHNDL() and KCF_SWFP_RHNDL() are used to do this.
*
* When a provider asks the framework for kmflag value via
* crypto_kmflag(9S) we use REQHNDL2_KMFLAG() macro.
*/
extern ulong_t kcf_swprov_hndl;
#define KCF_RHNDL(kmflag) (((kmflag) == KM_SLEEP) ? NULL : &kcf_swprov_hndl)
#define KCF_SWFP_RHNDL(crq) (((crq) == NULL) ? NULL : &kcf_swprov_hndl)
#define REQHNDL2_KMFLAG(rhndl) \
((rhndl == &kcf_swprov_hndl) ? KM_NOSLEEP : KM_SLEEP)
typedef struct kcf_prov_tried {
kcf_provider_desc_t *pt_pd;
struct kcf_prov_tried *pt_next;
@ -144,7 +122,7 @@ extern kcf_prov_tried_t *kcf_insert_triedlist(kcf_prov_tried_t **,
kcf_provider_desc_t *, int);
extern kcf_provider_desc_t *kcf_get_mech_provider(crypto_mech_type_t,
kcf_mech_entry_t **, int *, kcf_prov_tried_t *, crypto_func_group_t);
extern crypto_ctx_t *kcf_new_ctx(crypto_call_req_t *, kcf_provider_desc_t *);
extern crypto_ctx_t *kcf_new_ctx(kcf_provider_desc_t *);
extern void kcf_sched_destroy(void);
extern void kcf_sched_init(void);
extern void kcf_free_context(kcf_context_t *);

59
module/icp/include/sys/crypto/spi.h
View File

@ -59,12 +59,6 @@ typedef void *crypto_provider_handle_t;
*/
typedef void *crypto_spi_ctx_template_t;
/*
* Request handles are used by the kernel to identify an asynchronous
* request being processed by a provider.
*/
typedef void *crypto_req_handle_t;
/*
* The context structure is passed from the kernel to a provider.
* It contains the information needed to process a multi-part or
@ -88,18 +82,14 @@ typedef struct crypto_ctx {
* kernel using crypto_register_provider(9F).
*/
typedef struct crypto_digest_ops {
int (*digest_init)(crypto_ctx_t *, crypto_mechanism_t *,
crypto_req_handle_t);
int (*digest)(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
crypto_req_handle_t);
int (*digest_update)(crypto_ctx_t *, crypto_data_t *,
crypto_req_handle_t);
int (*digest_key)(crypto_ctx_t *, crypto_key_t *, crypto_req_handle_t);
int (*digest_final)(crypto_ctx_t *, crypto_data_t *,
crypto_req_handle_t);
int (*digest_init)(crypto_ctx_t *, crypto_mechanism_t *);
int (*digest)(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
int (*digest_update)(crypto_ctx_t *, crypto_data_t *);
int (*digest_key)(crypto_ctx_t *, crypto_key_t *);
int (*digest_final)(crypto_ctx_t *, crypto_data_t *);
int (*digest_atomic)(crypto_provider_handle_t, crypto_session_id_t,
crypto_mechanism_t *, crypto_data_t *,
crypto_data_t *, crypto_req_handle_t);
crypto_data_t *);
} __no_const crypto_digest_ops_t;
/*
@ -111,29 +101,29 @@ typedef struct crypto_digest_ops {
typedef struct crypto_cipher_ops {
int (*encrypt_init)(crypto_ctx_t *,
crypto_mechanism_t *, crypto_key_t *,
crypto_spi_ctx_template_t, crypto_req_handle_t);
crypto_spi_ctx_template_t);
int (*encrypt)(crypto_ctx_t *,
crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
crypto_data_t *, crypto_data_t *);
int (*encrypt_update)(crypto_ctx_t *,
crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
crypto_data_t *, crypto_data_t *);
int (*encrypt_final)(crypto_ctx_t *,
crypto_data_t *, crypto_req_handle_t);
crypto_data_t *);
int (*encrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t,
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
crypto_data_t *, crypto_spi_ctx_template_t);
int (*decrypt_init)(crypto_ctx_t *,
crypto_mechanism_t *, crypto_key_t *,
crypto_spi_ctx_template_t, crypto_req_handle_t);
crypto_spi_ctx_template_t);
int (*decrypt)(crypto_ctx_t *,
crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
crypto_data_t *, crypto_data_t *);
int (*decrypt_update)(crypto_ctx_t *,
crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
crypto_data_t *, crypto_data_t *);
int (*decrypt_final)(crypto_ctx_t *,
crypto_data_t *, crypto_req_handle_t);
crypto_data_t *);
int (*decrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t,
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
crypto_data_t *, crypto_spi_ctx_template_t);
} __no_const crypto_cipher_ops_t;
/*
@ -145,21 +135,19 @@ typedef struct crypto_cipher_ops {
typedef struct crypto_mac_ops {
int (*mac_init)(crypto_ctx_t *,
crypto_mechanism_t *, crypto_key_t *,
crypto_spi_ctx_template_t, crypto_req_handle_t);
crypto_spi_ctx_template_t);
int (*mac)(crypto_ctx_t *,
crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
crypto_data_t *, crypto_data_t *);
int (*mac_update)(crypto_ctx_t *,
crypto_data_t *, crypto_req_handle_t);
crypto_data_t *);
int (*mac_final)(crypto_ctx_t *,
crypto_data_t *, crypto_req_handle_t);
crypto_data_t *);
int (*mac_atomic)(crypto_provider_handle_t, crypto_session_id_t,
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
crypto_data_t *, crypto_spi_ctx_template_t,
crypto_req_handle_t);
crypto_data_t *, crypto_spi_ctx_template_t);
int (*mac_verify_atomic)(crypto_provider_handle_t, crypto_session_id_t,
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
crypto_data_t *, crypto_spi_ctx_template_t,
crypto_req_handle_t);
crypto_data_t *, crypto_spi_ctx_template_t);
} __no_const crypto_mac_ops_t;
/*
@ -171,7 +159,7 @@ typedef struct crypto_mac_ops {
typedef struct crypto_ctx_ops {
int (*create_ctx_template)(crypto_provider_handle_t,
crypto_mechanism_t *, crypto_key_t *,
crypto_spi_ctx_template_t *, size_t *, crypto_req_handle_t);
crypto_spi_ctx_template_t *, size_t *);
int (*free_context)(crypto_ctx_t *);
} __no_const crypto_ctx_ops_t;
@ -263,7 +251,6 @@ typedef struct crypto_provider_info {
extern int crypto_register_provider(const crypto_provider_info_t *,
crypto_kcf_provider_handle_t *);
extern int crypto_unregister_provider(crypto_kcf_provider_handle_t);
extern int crypto_kmflag(crypto_req_handle_t);
#ifdef __cplusplus

107
module/icp/io/aes.c
View File

@ -74,33 +74,29 @@ static const crypto_mech_info_t aes_mech_info_tab[] = {
};
static int aes_encrypt_init(crypto_ctx_t *, crypto_mechanism_t *,
crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
crypto_key_t *, crypto_spi_ctx_template_t);
static int aes_decrypt_init(crypto_ctx_t *, crypto_mechanism_t *,
crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
crypto_key_t *, crypto_spi_ctx_template_t);
static int aes_common_init(crypto_ctx_t *, crypto_mechanism_t *,
crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t, boolean_t);
crypto_key_t *, crypto_spi_ctx_template_t, boolean_t);
static int aes_common_init_ctx(aes_ctx_t *, crypto_spi_ctx_template_t *,
crypto_mechanism_t *, crypto_key_t *, int, boolean_t);
static int aes_encrypt_final(crypto_ctx_t *, crypto_data_t *,
crypto_req_handle_t);
static int aes_decrypt_final(crypto_ctx_t *, crypto_data_t *,
crypto_req_handle_t);
static int aes_encrypt_final(crypto_ctx_t *, crypto_data_t *);
static int aes_decrypt_final(crypto_ctx_t *, crypto_data_t *);
static int aes_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
crypto_req_handle_t);
static int aes_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
static int aes_encrypt_update(crypto_ctx_t *, crypto_data_t *,
crypto_data_t *, crypto_req_handle_t);
crypto_data_t *);
static int aes_encrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
crypto_data_t *, crypto_spi_ctx_template_t);
static int aes_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
crypto_req_handle_t);
static int aes_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
static int aes_decrypt_update(crypto_ctx_t *, crypto_data_t *,
crypto_data_t *, crypto_req_handle_t);
crypto_data_t *);
static int aes_decrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
crypto_data_t *, crypto_spi_ctx_template_t);
static const crypto_cipher_ops_t aes_cipher_ops = {
.encrypt_init = aes_encrypt_init,
@ -117,10 +113,10 @@ static const crypto_cipher_ops_t aes_cipher_ops = {
static int aes_mac_atomic(crypto_provider_handle_t, crypto_session_id_t,
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
crypto_spi_ctx_template_t, crypto_req_handle_t);
crypto_spi_ctx_template_t);
static int aes_mac_verify_atomic(crypto_provider_handle_t, crypto_session_id_t,
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
crypto_spi_ctx_template_t, crypto_req_handle_t);
crypto_spi_ctx_template_t);
static const crypto_mac_ops_t aes_mac_ops = {
.mac_init = NULL,
@ -133,7 +129,7 @@ static const crypto_mac_ops_t aes_mac_ops = {
static int aes_create_ctx_template(crypto_provider_handle_t,
crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
size_t *, crypto_req_handle_t);
size_t *);
static int aes_free_context(crypto_ctx_t *);
static const crypto_ctx_ops_t aes_ctx_ops = {
@ -188,7 +184,7 @@ aes_mod_fini(void)
}
static int
aes_check_mech_param(crypto_mechanism_t *mechanism, aes_ctx_t **ctx, int kmflag)
aes_check_mech_param(crypto_mechanism_t *mechanism, aes_ctx_t **ctx)
{
void *p = NULL;
boolean_t param_required = B_TRUE;
@ -230,7 +226,7 @@ aes_check_mech_param(crypto_mechanism_t *mechanism, aes_ctx_t **ctx, int kmflag)
rv = CRYPTO_MECHANISM_PARAM_INVALID;
}
if (ctx != NULL) {
p = (alloc_fun)(kmflag);
p = (alloc_fun)(KM_SLEEP);
*ctx = p;
}
return (rv);
@ -257,18 +253,16 @@ init_keysched(crypto_key_t *key, void *newbie)
static int
aes_encrypt_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
crypto_key_t *key, crypto_spi_ctx_template_t template,
crypto_req_handle_t req)
crypto_key_t *key, crypto_spi_ctx_template_t template)
{
return (aes_common_init(ctx, mechanism, key, template, req, B_TRUE));
return (aes_common_init(ctx, mechanism, key, template, B_TRUE));
}
static int
aes_decrypt_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
crypto_key_t *key, crypto_spi_ctx_template_t template,
crypto_req_handle_t req)
crypto_key_t *key, crypto_spi_ctx_template_t template)
{
return (aes_common_init(ctx, mechanism, key, template, req, B_FALSE));
return (aes_common_init(ctx, mechanism, key, template, B_FALSE));
}
@ -279,18 +273,16 @@ aes_decrypt_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
static int
aes_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
crypto_key_t *key, crypto_spi_ctx_template_t template,
crypto_req_handle_t req, boolean_t is_encrypt_init)
boolean_t is_encrypt_init)
{
aes_ctx_t *aes_ctx;
int rv;
int kmflag;
kmflag = crypto_kmflag(req);
if ((rv = aes_check_mech_param(mechanism, &aes_ctx, kmflag))
if ((rv = aes_check_mech_param(mechanism, &aes_ctx))
!= CRYPTO_SUCCESS)
return (rv);
rv = aes_common_init_ctx(aes_ctx, template, mechanism, key, kmflag,
rv = aes_common_init_ctx(aes_ctx, template, mechanism, key, KM_SLEEP,
is_encrypt_init);
if (rv != CRYPTO_SUCCESS) {
crypto_free_mode_ctx(aes_ctx);
@ -320,7 +312,7 @@ aes_copy_block64(uint8_t *in, uint64_t *out)
static int
aes_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
crypto_data_t *ciphertext, crypto_req_handle_t req)
crypto_data_t *ciphertext)
{
int ret = CRYPTO_FAILED;
@ -372,7 +364,7 @@ aes_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
/*
* Do an update on the specified input data.
*/
ret = aes_encrypt_update(ctx, plaintext, ciphertext, req);
ret = aes_encrypt_update(ctx, plaintext, ciphertext);
if (ret != CRYPTO_SUCCESS) {
return (ret);
}
@ -435,7 +427,7 @@ aes_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
static int
aes_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
crypto_data_t *plaintext, crypto_req_handle_t req)
crypto_data_t *plaintext)
{
int ret = CRYPTO_FAILED;
@ -493,7 +485,7 @@ aes_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
/*
* Do an update on the specified input data.
*/
ret = aes_decrypt_update(ctx, ciphertext, plaintext, req);
ret = aes_decrypt_update(ctx, ciphertext, plaintext);
if (ret != CRYPTO_SUCCESS) {
goto cleanup;
}
@ -549,9 +541,8 @@ aes_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
static int
aes_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext,
crypto_data_t *ciphertext, crypto_req_handle_t req)
crypto_data_t *ciphertext)
{
(void) req;
off_t saved_offset;
size_t saved_length, out_len;
int ret = CRYPTO_SUCCESS;
@ -618,7 +609,7 @@ aes_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext,
static int
aes_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
crypto_data_t *plaintext, crypto_req_handle_t req)
crypto_data_t *plaintext)
{
off_t saved_offset;
size_t saved_length, out_len;
@ -650,9 +641,6 @@ aes_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
saved_offset = plaintext->cd_offset;
saved_length = plaintext->cd_length;
if (aes_ctx->ac_flags & (GCM_MODE|GMAC_MODE))
gcm_set_kmflag((gcm_ctx_t *)aes_ctx, crypto_kmflag(req));
/*
* Do the AES update on the specified input data.
*/
@ -696,10 +684,8 @@ aes_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
}
static int
aes_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
crypto_req_handle_t req)
aes_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *data)
{
(void) req;
aes_ctx_t *aes_ctx;
int ret;
@ -753,10 +739,8 @@ aes_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
}
static int
aes_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
crypto_req_handle_t req)
aes_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *data)
{
(void) req;
aes_ctx_t *aes_ctx;
int ret;
off_t saved_offset;
@ -859,7 +843,7 @@ static int
aes_encrypt_atomic(crypto_provider_handle_t provider,
crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext,
crypto_spi_ctx_template_t template, crypto_req_handle_t req)
crypto_spi_ctx_template_t template)
{
(void) provider, (void) session_id;
aes_ctx_t aes_ctx; /* on the stack */
@ -885,13 +869,13 @@ aes_encrypt_atomic(crypto_provider_handle_t provider,
return (CRYPTO_DATA_LEN_RANGE);
}
if ((ret = aes_check_mech_param(mechanism, NULL, 0)) != CRYPTO_SUCCESS)
if ((ret = aes_check_mech_param(mechanism, NULL)) != CRYPTO_SUCCESS)
return (ret);
bzero(&aes_ctx, sizeof (aes_ctx_t));
ret = aes_common_init_ctx(&aes_ctx, template, mechanism, key,
crypto_kmflag(req), B_TRUE);
KM_SLEEP, B_TRUE);
if (ret != CRYPTO_SUCCESS)
return (ret);
@ -995,7 +979,7 @@ static int
aes_decrypt_atomic(crypto_provider_handle_t provider,
crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext,
crypto_spi_ctx_template_t template, crypto_req_handle_t req)
crypto_spi_ctx_template_t template)
{
(void) provider, (void) session_id;
aes_ctx_t aes_ctx; /* on the stack */
@ -1021,13 +1005,13 @@ aes_decrypt_atomic(crypto_provider_handle_t provider,
return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
}
if ((ret = aes_check_mech_param(mechanism, NULL, 0)) != CRYPTO_SUCCESS)
if ((ret = aes_check_mech_param(mechanism, NULL)) != CRYPTO_SUCCESS)
return (ret);
bzero(&aes_ctx, sizeof (aes_ctx_t));
ret = aes_common_init_ctx(&aes_ctx, template, mechanism, key,
crypto_kmflag(req), B_FALSE);
KM_SLEEP, B_FALSE);
if (ret != CRYPTO_SUCCESS)
return (ret);
@ -1057,10 +1041,6 @@ aes_decrypt_atomic(crypto_provider_handle_t provider,
saved_offset = plaintext->cd_offset;
saved_length = plaintext->cd_length;
if (mechanism->cm_type == AES_GCM_MECH_INFO_TYPE ||
mechanism->cm_type == AES_GMAC_MECH_INFO_TYPE)
gcm_set_kmflag((gcm_ctx_t *)&aes_ctx, crypto_kmflag(req));
/*
* Do an update on the specified input data.
*/
@ -1164,7 +1144,7 @@ aes_decrypt_atomic(crypto_provider_handle_t provider,
static int
aes_create_ctx_template(crypto_provider_handle_t provider,
crypto_mechanism_t *mechanism, crypto_key_t *key,
crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size, crypto_req_handle_t req)
crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size)
{
(void) provider;
void *keysched;
@ -1179,8 +1159,7 @@ aes_create_ctx_template(crypto_provider_handle_t provider,
mechanism->cm_type != AES_GMAC_MECH_INFO_TYPE)
return (CRYPTO_MECHANISM_INVALID);
if ((keysched = aes_alloc_keysched(&size,
crypto_kmflag(req))) == NULL) {
if ((keysched = aes_alloc_keysched(&size, KM_SLEEP)) == NULL) {
return (CRYPTO_HOST_MEMORY);
}
@ -1342,7 +1321,7 @@ static int
aes_mac_atomic(crypto_provider_handle_t provider,
crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
crypto_spi_ctx_template_t template, crypto_req_handle_t req)
crypto_spi_ctx_template_t template)
{
CK_AES_GCM_PARAMS gcm_params;
crypto_mechanism_t gcm_mech;
@ -1357,14 +1336,14 @@ aes_mac_atomic(crypto_provider_handle_t provider,
gcm_mech.cm_param = (char *)&gcm_params;
return (aes_encrypt_atomic(provider, session_id, &gcm_mech,
key, &null_crypto_data, mac, template, req));
key, &null_crypto_data, mac, template));
}
static int
aes_mac_verify_atomic(crypto_provider_handle_t provider,
crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
crypto_spi_ctx_template_t template, crypto_req_handle_t req)
crypto_spi_ctx_template_t template)
{
CK_AES_GCM_PARAMS gcm_params;
crypto_mechanism_t gcm_mech;
@ -1379,5 +1358,5 @@ aes_mac_verify_atomic(crypto_provider_handle_t provider,
gcm_mech.cm_param = (char *)&gcm_params;
return (aes_decrypt_atomic(provider, session_id, &gcm_mech,
key, mac, &null_crypto_data, template, req));
key, mac, &null_crypto_data, template));
}

79
module/icp/io/sha2_mod.c
View File

@ -105,17 +105,12 @@ static const crypto_mech_info_t sha2_mech_info_tab[] = {
CRYPTO_KEYSIZE_UNIT_IN_BYTES}
};
static int sha2_digest_init(crypto_ctx_t *, crypto_mechanism_t *,
crypto_req_handle_t);
static int sha2_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
crypto_req_handle_t);
static int sha2_digest_update(crypto_ctx_t *, crypto_data_t *,
crypto_req_handle_t);
static int sha2_digest_final(crypto_ctx_t *, crypto_data_t *,
crypto_req_handle_t);
static int sha2_digest_init(crypto_ctx_t *, crypto_mechanism_t *);
static int sha2_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
static int sha2_digest_update(crypto_ctx_t *, crypto_data_t *);
static int sha2_digest_final(crypto_ctx_t *, crypto_data_t *);
static int sha2_digest_atomic(crypto_provider_handle_t, crypto_session_id_t,
crypto_mechanism_t *, crypto_data_t *, crypto_data_t *,
crypto_req_handle_t);
crypto_mechanism_t *, crypto_data_t *, crypto_data_t *);
static const crypto_digest_ops_t sha2_digest_ops = {
.digest_init = sha2_digest_init,
@ -126,16 +121,15 @@ static const crypto_digest_ops_t sha2_digest_ops = {
};
static int sha2_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
crypto_spi_ctx_template_t, crypto_req_handle_t);
static int sha2_mac_update(crypto_ctx_t *, crypto_data_t *,
crypto_req_handle_t);
static int sha2_mac_final(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t);
crypto_spi_ctx_template_t);
static int sha2_mac_update(crypto_ctx_t *, crypto_data_t *);
static int sha2_mac_final(crypto_ctx_t *, crypto_data_t *);
static int sha2_mac_atomic(crypto_provider_handle_t, crypto_session_id_t,
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
crypto_spi_ctx_template_t, crypto_req_handle_t);
crypto_spi_ctx_template_t);
static int sha2_mac_verify_atomic(crypto_provider_handle_t, crypto_session_id_t,
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
crypto_spi_ctx_template_t, crypto_req_handle_t);
crypto_spi_ctx_template_t);
static const crypto_mac_ops_t sha2_mac_ops = {
.mac_init = sha2_mac_init,
@ -148,7 +142,7 @@ static const crypto_mac_ops_t sha2_mac_ops = {
static int sha2_create_ctx_template(crypto_provider_handle_t,
crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
size_t *, crypto_req_handle_t);
size_t *);
static int sha2_free_context(crypto_ctx_t *);
static const crypto_ctx_ops_t sha2_ctx_ops = {
@ -215,15 +209,13 @@ sha2_mod_fini(void)
*/
static int
sha2_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
crypto_req_handle_t req)
sha2_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism)
{
/*
* Allocate and initialize SHA2 context.
*/
ctx->cc_provider_private = kmem_alloc(sizeof (sha2_ctx_t),
crypto_kmflag(req));
ctx->cc_provider_private = kmem_alloc(sizeof (sha2_ctx_t), KM_SLEEP);
if (ctx->cc_provider_private == NULL)
return (CRYPTO_HOST_MEMORY);
@ -388,10 +380,8 @@ sha2_digest_final_uio(SHA2_CTX *sha2_ctx, crypto_data_t *digest,
}
static int
sha2_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
crypto_req_handle_t req)
sha2_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest)
{
(void) req;
int ret = CRYPTO_SUCCESS;
uint_t sha_digest_len;
@ -476,10 +466,8 @@ sha2_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
}
static int
sha2_digest_update(crypto_ctx_t *ctx, crypto_data_t *data,
crypto_req_handle_t req)
sha2_digest_update(crypto_ctx_t *ctx, crypto_data_t *data)
{
(void) req;
int ret = CRYPTO_SUCCESS;
ASSERT(ctx->cc_provider_private != NULL);
@ -505,10 +493,8 @@ sha2_digest_update(crypto_ctx_t *ctx, crypto_data_t *data,
}
static int
sha2_digest_final(crypto_ctx_t *ctx, crypto_data_t *digest,
crypto_req_handle_t req)
sha2_digest_final(crypto_ctx_t *ctx, crypto_data_t *digest)
{
(void) req;
int ret = CRYPTO_SUCCESS;
uint_t sha_digest_len;
@ -570,10 +556,9 @@ sha2_digest_final(crypto_ctx_t *ctx, crypto_data_t *digest,
static int
sha2_digest_atomic(crypto_provider_handle_t provider,
crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
crypto_data_t *data, crypto_data_t *digest,
crypto_req_handle_t req)
crypto_data_t *data, crypto_data_t *digest)
{
(void) provider, (void) session_id, (void) req;
(void) provider, (void) session_id;
int ret = CRYPTO_SUCCESS;
SHA2_CTX sha2_ctx;
uint32_t sha_digest_len;
@ -709,8 +694,7 @@ sha2_mac_init_ctx(sha2_hmac_ctx_t *ctx, void *keyval, uint_t length_in_bytes)
*/
static int
sha2_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
crypto_req_handle_t req)
crypto_key_t *key, crypto_spi_ctx_template_t ctx_template)
{
int ret = CRYPTO_SUCCESS;
uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length);
@ -737,8 +721,8 @@ sha2_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
return (CRYPTO_MECHANISM_INVALID);
}
ctx->cc_provider_private = kmem_alloc(sizeof (sha2_hmac_ctx_t),
crypto_kmflag(req));
ctx->cc_provider_private =
kmem_alloc(sizeof (sha2_hmac_ctx_t), KM_SLEEP);
if (ctx->cc_provider_private == NULL)
return (CRYPTO_HOST_MEMORY);
@ -792,10 +776,8 @@ sha2_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
}
static int
sha2_mac_update(crypto_ctx_t *ctx, crypto_data_t *data,
crypto_req_handle_t req)
sha2_mac_update(crypto_ctx_t *ctx, crypto_data_t *data)
{
(void) req;
int ret = CRYPTO_SUCCESS;
ASSERT(ctx->cc_provider_private != NULL);
@ -822,9 +804,8 @@ sha2_mac_update(crypto_ctx_t *ctx, crypto_data_t *data,
}
static int
sha2_mac_final(crypto_ctx_t *ctx, crypto_data_t *mac, crypto_req_handle_t req)
sha2_mac_final(crypto_ctx_t *ctx, crypto_data_t *mac)
{
(void) req;
int ret = CRYPTO_SUCCESS;
uchar_t digest[SHA512_DIGEST_LENGTH];
uint32_t digest_len, sha_digest_len;
@ -938,9 +919,9 @@ static int
sha2_mac_atomic(crypto_provider_handle_t provider,
crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
crypto_spi_ctx_template_t ctx_template)
{
(void) provider, (void) session_id, (void) req;
(void) provider, (void) session_id;
int ret = CRYPTO_SUCCESS;
uchar_t digest[SHA512_DIGEST_LENGTH];
sha2_hmac_ctx_t sha2_hmac_ctx;
@ -1072,9 +1053,9 @@ static int
sha2_mac_verify_atomic(crypto_provider_handle_t provider,
crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
crypto_spi_ctx_template_t ctx_template)
{
(void) provider, (void) session_id, (void) req;
(void) provider, (void) session_id;
int ret = CRYPTO_SUCCESS;
uchar_t digest[SHA512_DIGEST_LENGTH];
sha2_hmac_ctx_t sha2_hmac_ctx;
@ -1247,8 +1228,7 @@ sha2_mac_verify_atomic(crypto_provider_handle_t provider,
static int
sha2_create_ctx_template(crypto_provider_handle_t provider,
crypto_mechanism_t *mechanism, crypto_key_t *key,
crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size,
crypto_req_handle_t req)
crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size)
{
(void) provider;
sha2_hmac_ctx_t *sha2_hmac_ctx_tmpl;
@ -1279,8 +1259,7 @@ sha2_create_ctx_template(crypto_provider_handle_t provider,
/*
* Allocate and initialize SHA2 context.
*/
sha2_hmac_ctx_tmpl = kmem_alloc(sizeof (sha2_hmac_ctx_t),
crypto_kmflag(req));
sha2_hmac_ctx_tmpl = kmem_alloc(sizeof (sha2_hmac_ctx_t), KM_SLEEP);
if (sha2_hmac_ctx_tmpl == NULL)
return (CRYPTO_HOST_MEMORY);

69
module/icp/io/skein_mod.c
View File

@ -51,15 +51,12 @@ static const crypto_mech_info_t skein_mech_info_tab[] = {
CRYPTO_KEYSIZE_UNIT_IN_BYTES}
};
static int skein_digest_init(crypto_ctx_t *, crypto_mechanism_t *,
crypto_req_handle_t);
static int skein_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
crypto_req_handle_t);
static int skein_update(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t);
static int skein_final(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t);
static int skein_digest_init(crypto_ctx_t *, crypto_mechanism_t *);
static int skein_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
static int skein_update(crypto_ctx_t *, crypto_data_t *);
static int skein_final(crypto_ctx_t *, crypto_data_t *);
static int skein_digest_atomic(crypto_provider_handle_t, crypto_session_id_t,
crypto_mechanism_t *, crypto_data_t *, crypto_data_t *,
crypto_req_handle_t);
crypto_mechanism_t *, crypto_data_t *, crypto_data_t *);
static const crypto_digest_ops_t skein_digest_ops = {
.digest_init = skein_digest_init,
@ -70,10 +67,10 @@ static const crypto_digest_ops_t skein_digest_ops = {
};
static int skein_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
crypto_spi_ctx_template_t, crypto_req_handle_t);
crypto_spi_ctx_template_t);
static int skein_mac_atomic(crypto_provider_handle_t, crypto_session_id_t,
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
crypto_spi_ctx_template_t, crypto_req_handle_t);
crypto_spi_ctx_template_t);
static const crypto_mac_ops_t skein_mac_ops = {
.mac_init = skein_mac_init,
@ -86,7 +83,7 @@ static const crypto_mac_ops_t skein_mac_ops = {
static int skein_create_ctx_template(crypto_provider_handle_t,
crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
size_t *, crypto_req_handle_t);
size_t *);
static int skein_free_context(crypto_ctx_t *);
static const crypto_ctx_ops_t skein_ctx_ops = {
@ -264,8 +261,7 @@ skein_digest_update_uio(skein_ctx_t *ctx, const crypto_data_t *data)
* Performs a Final on a context and writes to a uio digest output.
*/
static int
skein_digest_final_uio(skein_ctx_t *ctx, crypto_data_t *digest,
crypto_req_handle_t req)
skein_digest_final_uio(skein_ctx_t *ctx, crypto_data_t *digest)
{
off_t offset = digest->cd_offset;
uint_t vec_idx = 0;
@ -298,7 +294,7 @@ skein_digest_final_uio(skein_ctx_t *ctx, crypto_data_t *digest,
size_t cur_len;
digest_tmp = kmem_alloc(CRYPTO_BITS2BYTES(
ctx->sc_digest_bitlen), crypto_kmflag(req));
ctx->sc_digest_bitlen), KM_SLEEP);
if (digest_tmp == NULL)
return (CRYPTO_HOST_MEMORY);
SKEIN_OP(ctx, Final, digest_tmp);
@ -342,16 +338,14 @@ skein_digest_final_uio(skein_ctx_t *ctx, crypto_data_t *digest,
* for Skein-1024).
*/
static int
skein_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
crypto_req_handle_t req)
skein_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism)
{
int error = CRYPTO_SUCCESS;
if (!VALID_SKEIN_DIGEST_MECH(mechanism->cm_type))
return (CRYPTO_MECHANISM_INVALID);
SKEIN_CTX_LVALUE(ctx) = kmem_alloc(sizeof (*SKEIN_CTX(ctx)),
crypto_kmflag(req));
SKEIN_CTX_LVALUE(ctx) = kmem_alloc(sizeof (*SKEIN_CTX(ctx)), KM_SLEEP);
if (SKEIN_CTX(ctx) == NULL)
return (CRYPTO_HOST_MEMORY);
@ -376,8 +370,7 @@ skein_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
* see what to pass here.
*/
static int
skein_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
crypto_req_handle_t req)
skein_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest)
{
int error = CRYPTO_SUCCESS;
@ -390,7 +383,7 @@ skein_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
return (CRYPTO_BUFFER_TOO_SMALL);
}
error = skein_update(ctx, data, req);
error = skein_update(ctx, data);
if (error != CRYPTO_SUCCESS) {
bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
kmem_free(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
@ -398,7 +391,7 @@ skein_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
digest->cd_length = 0;
return (error);
}
error = skein_final(ctx, digest, req);
error = skein_final(ctx, digest);
return (error);
}
@ -409,9 +402,8 @@ skein_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
* Supported input data formats are raw, uio and mblk.
*/
static int
skein_update(crypto_ctx_t *ctx, crypto_data_t *data, crypto_req_handle_t req)
skein_update(crypto_ctx_t *ctx, crypto_data_t *data)
{
(void) req;
int error = CRYPTO_SUCCESS;
ASSERT(SKEIN_CTX(ctx) != NULL);
@ -438,7 +430,7 @@ skein_update(crypto_ctx_t *ctx, crypto_data_t *data, crypto_req_handle_t req)
* Supported output digest formats are raw, uio and mblk.
*/
static int
skein_final(crypto_ctx_t *ctx, crypto_data_t *digest, crypto_req_handle_t req)
skein_final(crypto_ctx_t *ctx, crypto_data_t *digest)
{
int error = CRYPTO_SUCCESS;
@ -457,7 +449,7 @@ skein_final(crypto_ctx_t *ctx, crypto_data_t *digest, crypto_req_handle_t req)
(uint8_t *)digest->cd_raw.iov_base + digest->cd_offset);
break;
case CRYPTO_DATA_UIO:
error = skein_digest_final_uio(SKEIN_CTX(ctx), digest, req);
error = skein_digest_final_uio(SKEIN_CTX(ctx), digest);
break;
default:
error = CRYPTO_ARGUMENTS_BAD;
@ -485,9 +477,9 @@ skein_final(crypto_ctx_t *ctx, crypto_data_t *digest, crypto_req_handle_t req)
static int
skein_digest_atomic(crypto_provider_handle_t provider,
crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
crypto_data_t *data, crypto_data_t *digest, crypto_req_handle_t req)
crypto_data_t *data, crypto_data_t *digest)
{
(void) provider, (void) session_id, (void) req;
(void) provider, (void) session_id;
int error;
skein_ctx_t skein_ctx;
crypto_ctx_t ctx;
@ -502,9 +494,9 @@ skein_digest_atomic(crypto_provider_handle_t provider,
goto out;
SKEIN_OP(&skein_ctx, Init, skein_ctx.sc_digest_bitlen);
if ((error = skein_update(&ctx, data, digest)) != CRYPTO_SUCCESS)
if ((error = skein_update(&ctx, data)) != CRYPTO_SUCCESS)
goto out;
if ((error = skein_final(&ctx, data, digest)) != CRYPTO_SUCCESS)
if ((error = skein_final(&ctx, data)) != CRYPTO_SUCCESS)
goto out;
out:
@ -553,13 +545,11 @@ skein_mac_ctx_build(skein_ctx_t *ctx, crypto_mechanism_t *mechanism,
*/
static int
skein_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
crypto_req_handle_t req)
crypto_key_t *key, crypto_spi_ctx_template_t ctx_template)
{
int error;
SKEIN_CTX_LVALUE(ctx) = kmem_alloc(sizeof (*SKEIN_CTX(ctx)),
crypto_kmflag(req));
SKEIN_CTX_LVALUE(ctx) = kmem_alloc(sizeof (*SKEIN_CTX(ctx)), KM_SLEEP);
if (SKEIN_CTX(ctx) == NULL)
return (CRYPTO_HOST_MEMORY);
@ -592,7 +582,7 @@ static int
skein_mac_atomic(crypto_provider_handle_t provider,
crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
crypto_spi_ctx_template_t ctx_template)
{
/* faux crypto context just for skein_digest_{update,final} */
(void) provider, (void) session_id;
@ -609,9 +599,9 @@ skein_mac_atomic(crypto_provider_handle_t provider,
goto errout;
}
if ((error = skein_update(&ctx, data, req)) != CRYPTO_SUCCESS)
if ((error = skein_update(&ctx, data)) != CRYPTO_SUCCESS)
goto errout;
if ((error = skein_final(&ctx, mac, req)) != CRYPTO_SUCCESS)
if ((error = skein_final(&ctx, mac)) != CRYPTO_SUCCESS)
goto errout;
return (CRYPTO_SUCCESS);
@ -632,14 +622,13 @@ skein_mac_atomic(crypto_provider_handle_t provider,
static int
skein_create_ctx_template(crypto_provider_handle_t provider,
crypto_mechanism_t *mechanism, crypto_key_t *key,
crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size,
crypto_req_handle_t req)
crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size)
{
(void) provider;
int error;
skein_ctx_t *ctx_tmpl;
ctx_tmpl = kmem_alloc(sizeof (*ctx_tmpl), crypto_kmflag(req));
ctx_tmpl = kmem_alloc(sizeof (*ctx_tmpl), KM_SLEEP);
if (ctx_tmpl == NULL)
return (CRYPTO_HOST_MEMORY);
error = skein_mac_ctx_build(ctx_tmpl, mechanism, key);

12
module/icp/spi/kcf_spi.c
View File

@ -220,18 +220,6 @@ crypto_unregister_provider(crypto_kcf_provider_handle_t handle)
return (CRYPTO_SUCCESS);
}
/*
* This routine is used by providers to determine
* whether to use KM_SLEEP or KM_NOSLEEP during memory allocation.
*
* This routine can be called from user or interrupt context.
*/
int
crypto_kmflag(crypto_req_handle_t handle)
{
return (REQHNDL2_KMFLAG(handle));
}
/*
* Process the mechanism info structures specified by the provider
* during registration. A NULL crypto_provider_info_t indicates

22
module/os/linux/zfs/zio_crypt.c
View File

@ -269,13 +269,13 @@ zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key)
*/
mech.cm_type = crypto_mech2id(zio_crypt_table[crypt].ci_mechname);
ret = crypto_create_ctx_template(&mech, &key->zk_current_key,
&key->zk_current_tmpl, KM_SLEEP);
&key->zk_current_tmpl);
if (ret != CRYPTO_SUCCESS)
key->zk_current_tmpl = NULL;
mech.cm_type = crypto_mech2id(SUN_CKM_SHA512_HMAC);
ret = crypto_create_ctx_template(&mech, &key->zk_hmac_key,
&key->zk_hmac_tmpl, KM_SLEEP);
&key->zk_hmac_tmpl);
if (ret != CRYPTO_SUCCESS)
key->zk_hmac_tmpl = NULL;
@ -323,7 +323,7 @@ zio_crypt_key_change_salt(zio_crypt_key_t *key)
/* destroy the old context template and create the new one */
crypto_destroy_ctx_template(key->zk_current_tmpl);
ret = crypto_create_ctx_template(&mech, &key->zk_current_key,
&key->zk_current_tmpl, KM_SLEEP);
&key->zk_current_tmpl);
if (ret != CRYPTO_SUCCESS)
key->zk_current_tmpl = NULL;
@ -447,15 +447,13 @@ zio_do_crypt_uio(boolean_t encrypt, uint64_t crypt, crypto_key_t *key,
/* perform the actual encryption */
if (encrypt) {
ret = crypto_encrypt(&mech, &plaindata, key, tmpl, &cipherdata,
NULL);
ret = crypto_encrypt(&mech, &plaindata, key, tmpl, &cipherdata);
if (ret != CRYPTO_SUCCESS) {
ret = SET_ERROR(EIO);
goto error;
}
} else {
ret = crypto_decrypt(&mech, &cipherdata, key, tmpl, &plaindata,
NULL);
ret = crypto_decrypt(&mech, &cipherdata, key, tmpl, &plaindata);
if (ret != CRYPTO_SUCCESS) {
ASSERT3U(ret, ==, CRYPTO_INVALID_MAC);
ret = SET_ERROR(ECKSUM);
@ -619,13 +617,13 @@ zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
*/
mech.cm_type = crypto_mech2id(zio_crypt_table[crypt].ci_mechname);
ret = crypto_create_ctx_template(&mech, &key->zk_current_key,
&key->zk_current_tmpl, KM_SLEEP);
&key->zk_current_tmpl);
if (ret != CRYPTO_SUCCESS)
key->zk_current_tmpl = NULL;
mech.cm_type = crypto_mech2id(SUN_CKM_SHA512_HMAC);
ret = crypto_create_ctx_template(&mech, &key->zk_hmac_key,
&key->zk_hmac_tmpl, KM_SLEEP);
&key->zk_hmac_tmpl);
if (ret != CRYPTO_SUCCESS)
key->zk_hmac_tmpl = NULL;
@ -689,7 +687,7 @@ zio_crypt_do_hmac(zio_crypt_key_t *key, uint8_t *data, uint_t datalen,
/* generate the hmac */
ret = crypto_mac(&mech, &in_data, &key->zk_hmac_key, key->zk_hmac_tmpl,
&digest_data, NULL);
&digest_data);
if (ret != CRYPTO_SUCCESS) {
ret = SET_ERROR(EIO);
goto error;
@ -1139,7 +1137,7 @@ zio_crypt_do_objset_hmacs(zio_crypt_key_t *key, void *data, uint_t datalen,
cd.cd_offset = 0;
/* calculate the portable MAC from the portable fields and metadnode */
ret = crypto_mac_init(&mech, &key->zk_hmac_key, NULL, &ctx, NULL);
ret = crypto_mac_init(&mech, &key->zk_hmac_key, NULL, &ctx);
if (ret != CRYPTO_SUCCESS) {
ret = SET_ERROR(EIO);
goto error;
@ -1226,7 +1224,7 @@ zio_crypt_do_objset_hmacs(zio_crypt_key_t *key, void *data, uint_t datalen,
}
/* calculate the local MAC from the userused and groupused dnodes */
ret = crypto_mac_init(&mech, &key->zk_hmac_key, NULL, &ctx, NULL);
ret = crypto_mac_init(&mech, &key->zk_hmac_key, NULL, &ctx);
if (ret != CRYPTO_SUCCESS) {
ret = SET_ERROR(EIO);
goto error;

4
module/zfs/hkdf.c
View File

@ -52,7 +52,7 @@ hkdf_sha512_extract(uint8_t *salt, uint_t salt_len, uint8_t *key_material,
output_cd.cd_raw.iov_base = (char *)out_buf;
output_cd.cd_raw.iov_len = output_cd.cd_length;
ret = crypto_mac(&mech, &input_cd, &key, NULL, &output_cd, NULL);
ret = crypto_mac(&mech, &input_cd, &key, NULL, &output_cd);
if (ret != CRYPTO_SUCCESS)
return (SET_ERROR(EIO));
@ -108,7 +108,7 @@ hkdf_sha512_expand(uint8_t *extract_key, uint8_t *info, uint_t info_len,
T_cd.cd_length = T_len;
T_cd.cd_raw.iov_len = T_cd.cd_length;
ret = crypto_mac_init(&mech, &key, NULL, &ctx, NULL);
ret = crypto_mac_init(&mech, &key, NULL, &ctx);
if (ret != CRYPTO_SUCCESS)
return (SET_ERROR(EIO));