icp: rip out everything we don't use

include/sys/crypto/common.h

@@ -51,12 +51,6 @@ typedef struct crypto_mechanism {
 	size_t			cm_param_len;	/* mech. parameter len */
 } crypto_mechanism_t;
 
-/* CK_AES_CTR_PARAMS provides parameters to the CKM_AES_CTR mechanism */
-typedef struct CK_AES_CTR_PARAMS {
-	ulong_t	ulCounterBits;
-	uint8_t cb[16];
-} CK_AES_CTR_PARAMS;
-
 /* CK_AES_CCM_PARAMS provides parameters to the CKM_AES_CCM mechanism */
 typedef struct CK_AES_CCM_PARAMS {
 	ulong_t ulMACSize;
@@ -77,13 +71,6 @@ typedef struct CK_AES_GCM_PARAMS {
 	ulong_t ulTagBits;
 } CK_AES_GCM_PARAMS;
 
-/* CK_AES_GMAC_PARAMS provides parameters to the CKM_AES_GMAC mechanism */
-typedef struct CK_AES_GMAC_PARAMS {
-	uchar_t *pIv;
-	uchar_t *pAAD;
-	ulong_t ulAADLen;
-} CK_AES_GMAC_PARAMS;
-
 /*
  * The measurement unit bit flag for a mechanism's minimum or maximum key size.
  * The unit are mechanism dependent.  It can be in bits or in bytes.
@@ -92,23 +79,9 @@ typedef uint32_t crypto_keysize_unit_t;
 
 
 /* Mechanisms supported out-of-the-box */
-#define	SUN_CKM_SHA256			"CKM_SHA256"
-#define	SUN_CKM_SHA256_HMAC		"CKM_SHA256_HMAC"
-#define	SUN_CKM_SHA256_HMAC_GENERAL	"CKM_SHA256_HMAC_GENERAL"
-#define	SUN_CKM_SHA384			"CKM_SHA384"
-#define	SUN_CKM_SHA384_HMAC		"CKM_SHA384_HMAC"
-#define	SUN_CKM_SHA384_HMAC_GENERAL	"CKM_SHA384_HMAC_GENERAL"
-#define	SUN_CKM_SHA512			"CKM_SHA512"
 #define	SUN_CKM_SHA512_HMAC		"CKM_SHA512_HMAC"
-#define	SUN_CKM_SHA512_HMAC_GENERAL	"CKM_SHA512_HMAC_GENERAL"
-#define	SUN_CKM_SHA512_224		"CKM_SHA512_224"
-#define	SUN_CKM_SHA512_256		"CKM_SHA512_256"
-#define	SUN_CKM_AES_CBC			"CKM_AES_CBC"
-#define	SUN_CKM_AES_ECB			"CKM_AES_ECB"
-#define	SUN_CKM_AES_CTR			"CKM_AES_CTR"
 #define	SUN_CKM_AES_CCM			"CKM_AES_CCM"
 #define	SUN_CKM_AES_GCM			"CKM_AES_GCM"
-#define	SUN_CKM_AES_GMAC		"CKM_AES_GMAC"
 
 /* Data arguments of cryptographic operations */
 

include/sys/crypto/icp.h

@@ -32,9 +32,6 @@ int aes_mod_fini(void);
 int sha2_mod_init(void);
 int sha2_mod_fini(void);
 
-int skein_mod_init(void);
-int skein_mod_fini(void);
-
 int icp_init(void);
 void icp_fini(void);
 

include/sys/sha2.h

@@ -86,30 +86,13 @@ typedef struct {
 
 /* SHA2 algorithm types */
 typedef enum sha2_mech_type {
-	SHA256_MECH_INFO_TYPE,		/* SUN_CKM_SHA256 */
-	SHA256_HMAC_MECH_INFO_TYPE,	/* SUN_CKM_SHA256_HMAC */
-	SHA256_HMAC_GEN_MECH_INFO_TYPE,	/* SUN_CKM_SHA256_HMAC_GENERAL */
-	SHA384_MECH_INFO_TYPE,		/* SUN_CKM_SHA384 */
-	SHA384_HMAC_MECH_INFO_TYPE,	/* SUN_CKM_SHA384_HMAC */
-	SHA384_HMAC_GEN_MECH_INFO_TYPE,	/* SUN_CKM_SHA384_HMAC_GENERAL */
-	SHA512_MECH_INFO_TYPE,		/* SUN_CKM_SHA512 */
 	SHA512_HMAC_MECH_INFO_TYPE,	/* SUN_CKM_SHA512_HMAC */
-	SHA512_HMAC_GEN_MECH_INFO_TYPE,	/* SUN_CKM_SHA512_HMAC_GENERAL */
-	SHA512_224_MECH_INFO_TYPE,	/* SUN_CKM_SHA512_224 */
-	SHA512_256_MECH_INFO_TYPE	/* SUN_CKM_SHA512_256 */
-} sha2_mech_type_t;
 
-#define	SHA256			0
-#define	SHA256_HMAC		1
-#define	SHA256_HMAC_GEN		2
-#define	SHA384			3
-#define	SHA384_HMAC		4
-#define	SHA384_HMAC_GEN		5
-#define	SHA512			6
-#define	SHA512_HMAC		7
-#define	SHA512_HMAC_GEN		8
-#define	SHA512_224		9
-#define	SHA512_256		10
+	/* Not true KCF mech types; used by direct callers to SHA2Init */
+	SHA256,
+	SHA512,
+	SHA512_256,
+} sha2_mech_type_t;
 
 /* SHA2 Init function */
 extern void SHA2Init(int algotype, SHA2_CTX *ctx);

include/sys/skein.h

@@ -152,25 +152,16 @@ typedef struct skein_param {
 
 /* Module definitions */
 #ifdef	SKEIN_MODULE_IMPL
-#define	CKM_SKEIN_256				"CKM_SKEIN_256"
-#define	CKM_SKEIN_512				"CKM_SKEIN_512"
-#define	CKM_SKEIN1024				"CKM_SKEIN1024"
 #define	CKM_SKEIN_256_MAC			"CKM_SKEIN_256_MAC"
 #define	CKM_SKEIN_512_MAC			"CKM_SKEIN_512_MAC"
 #define	CKM_SKEIN1024_MAC			"CKM_SKEIN1024_MAC"
 
 typedef enum skein_mech_type {
-	SKEIN_256_MECH_INFO_TYPE,
-	SKEIN_512_MECH_INFO_TYPE,
-	SKEIN1024_MECH_INFO_TYPE,
 	SKEIN_256_MAC_MECH_INFO_TYPE,
 	SKEIN_512_MAC_MECH_INFO_TYPE,
 	SKEIN1024_MAC_MECH_INFO_TYPE
 } skein_mech_type_t;
 
-#define	VALID_SKEIN_DIGEST_MECH(__mech)				\
-	((int)(__mech) >= SKEIN_256_MECH_INFO_TYPE &&		\
-	(__mech) <= SKEIN1024_MECH_INFO_TYPE)
 #define	VALID_SKEIN_MAC_MECH(__mech)				\
 	((int)(__mech) >= SKEIN_256_MAC_MECH_INFO_TYPE &&	\
 	(__mech) <= SKEIN1024_MAC_MECH_INFO_TYPE)

lib/libicp/Makefile.am

@@ -18,13 +18,10 @@ nodist_libicp_la_SOURCES = \
 	module/icp/algs/blake3/blake3_impl.c \
 	module/icp/algs/edonr/edonr.c \
 	module/icp/algs/modes/modes.c \
-	module/icp/algs/modes/cbc.c \
 	module/icp/algs/modes/gcm_generic.c \
 	module/icp/algs/modes/gcm_pclmulqdq.c \
 	module/icp/algs/modes/gcm.c \
-	module/icp/algs/modes/ctr.c \
 	module/icp/algs/modes/ccm.c \
-	module/icp/algs/modes/ecb.c \
 	module/icp/algs/sha2/sha2_generic.c \
 	module/icp/algs/sha2/sha256_impl.c \
 	module/icp/algs/sha2/sha512_impl.c \
@@ -34,7 +31,6 @@ nodist_libicp_la_SOURCES = \
 	module/icp/illumos-crypto.c \
 	module/icp/io/aes.c \
 	module/icp/io/sha2_mod.c \
-	module/icp/io/skein_mod.c \
 	module/icp/core/kcf_sched.c \
 	module/icp/core/kcf_prov_lib.c \
 	module/icp/core/kcf_callprov.c \

module/Kbuild.in

@@ -101,10 +101,7 @@ ICP_OBJS := \
 	algs/blake3/blake3_generic.o \
 	algs/blake3/blake3_impl.o \
 	algs/edonr/edonr.o \
-	algs/modes/cbc.o \
 	algs/modes/ccm.o \
-	algs/modes/ctr.o \
-	algs/modes/ecb.o \
 	algs/modes/gcm.o \
 	algs/modes/gcm_generic.o \
 	algs/modes/modes.o \
@@ -125,7 +122,6 @@ ICP_OBJS := \
 	illumos-crypto.o \
 	io/aes.o \
 	io/sha2_mod.o \
-	io/skein_mod.o \
 	spi/kcf_spi.o
 
 ICP_OBJS_X86_64 := \

module/icp/algs/aes/aes_modes.c

@@ -75,25 +75,17 @@ aes_encrypt_contiguous_blocks(void *ctx, char *data, size_t length,
 	aes_ctx_t *aes_ctx = ctx;
 	int rv;
 
-	if (aes_ctx->ac_flags & CTR_MODE) {
-		rv = ctr_mode_contiguous_blocks(ctx, data, length, out,
-		    AES_BLOCK_LEN, aes_encrypt_block, aes_xor_block);
-	} else if (aes_ctx->ac_flags & CCM_MODE) {
+	if (aes_ctx->ac_flags & CCM_MODE) {
 		rv = ccm_mode_encrypt_contiguous_blocks(ctx, data, length,
 		    out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
 		    aes_xor_block);
-	} else if (aes_ctx->ac_flags & (GCM_MODE|GMAC_MODE)) {
+	} else if (aes_ctx->ac_flags & GCM_MODE) {
 		rv = gcm_mode_encrypt_contiguous_blocks(ctx, data, length,
 		    out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
 		    aes_xor_block);
-	} else if (aes_ctx->ac_flags & CBC_MODE) {
-		rv = cbc_encrypt_contiguous_blocks(ctx,
-		    data, length, out, AES_BLOCK_LEN, aes_encrypt_block,
-		    aes_copy_block, aes_xor_block);
-	} else {
-		rv = ecb_cipher_contiguous_blocks(ctx, data, length, out,
-		    AES_BLOCK_LEN, aes_encrypt_block);
 	}
+	else
+		__builtin_unreachable();
 	return (rv);
 }
 
@@ -108,28 +100,15 @@ aes_decrypt_contiguous_blocks(void *ctx, char *data, size_t length,
 	aes_ctx_t *aes_ctx = ctx;
 	int rv;
 
-	if (aes_ctx->ac_flags & CTR_MODE) {
-		rv = ctr_mode_contiguous_blocks(ctx, data, length, out,
-		    AES_BLOCK_LEN, aes_encrypt_block, aes_xor_block);
-		if (rv == CRYPTO_DATA_LEN_RANGE)
-			rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE;
-	} else if (aes_ctx->ac_flags & CCM_MODE) {
+	if (aes_ctx->ac_flags & CCM_MODE) {
 		rv = ccm_mode_decrypt_contiguous_blocks(ctx, data, length,
 		    out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
 		    aes_xor_block);
-	} else if (aes_ctx->ac_flags & (GCM_MODE|GMAC_MODE)) {
+	} else if (aes_ctx->ac_flags & GCM_MODE) {
 		rv = gcm_mode_decrypt_contiguous_blocks(ctx, data, length,
 		    out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
 		    aes_xor_block);
-	} else if (aes_ctx->ac_flags & CBC_MODE) {
-		rv = cbc_decrypt_contiguous_blocks(ctx, data, length, out,
-		    AES_BLOCK_LEN, aes_decrypt_block, aes_copy_block,
-		    aes_xor_block);
-	} else {
-		rv = ecb_cipher_contiguous_blocks(ctx, data, length, out,
-		    AES_BLOCK_LEN, aes_decrypt_block);
-		if (rv == CRYPTO_DATA_LEN_RANGE)
-			rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE;
-	}
+	} else
+		__builtin_unreachable();
 	return (rv);
 }