icp: remove digest entry points

For whatever reason, we call digest mechanisms directly, not through the KCF digest provider. So we can remove those entry points entirely. Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Rob Norris <[email protected]> Closes openzfs#16209
openzfsonwindows · Sep 4, 2024 · aadd18a · aadd18a
1 parent 8576e58
commit aadd18a
Show file tree

Hide file tree

Showing 7 changed files with 8 additions and 464 deletions.
diff --git a/include/sys/skein.h b/include/sys/skein.h
@@ -152,25 +152,16 @@ typedef struct skein_param {
 
 /* Module definitions */
 #ifdef	SKEIN_MODULE_IMPL
-#define	CKM_SKEIN_256				"CKM_SKEIN_256"
-#define	CKM_SKEIN_512				"CKM_SKEIN_512"
-#define	CKM_SKEIN1024				"CKM_SKEIN1024"
 #define	CKM_SKEIN_256_MAC			"CKM_SKEIN_256_MAC"
 #define	CKM_SKEIN_512_MAC			"CKM_SKEIN_512_MAC"
 #define	CKM_SKEIN1024_MAC			"CKM_SKEIN1024_MAC"
 
 typedef enum skein_mech_type {
-	SKEIN_256_MECH_INFO_TYPE,
-	SKEIN_512_MECH_INFO_TYPE,
-	SKEIN1024_MECH_INFO_TYPE,
 	SKEIN_256_MAC_MECH_INFO_TYPE,
 	SKEIN_512_MAC_MECH_INFO_TYPE,
 	SKEIN1024_MAC_MECH_INFO_TYPE
 } skein_mech_type_t;
 
-#define	VALID_SKEIN_DIGEST_MECH(__mech)				\
-	((int)(__mech) >= SKEIN_256_MECH_INFO_TYPE &&		\
-	(__mech) <= SKEIN1024_MECH_INFO_TYPE)
 #define	VALID_SKEIN_MAC_MECH(__mech)				\
 	((int)(__mech) >= SKEIN_256_MAC_MECH_INFO_TYPE &&	\
 	(__mech) <= SKEIN1024_MAC_MECH_INFO_TYPE)

diff --git a/module/icp/core/kcf_mech_tabs.c b/module/icp/core/kcf_mech_tabs.c
@@ -41,7 +41,6 @@
  * mech_index  is the index for that mechanism in the table.
  * A mechanism belongs to exactly 1 table.
  * The tables are:
- * . digest_mechs_tab[] for the msg digest mechs.
  * . cipher_mechs_tab[] for encrypt/decrypt and wrap/unwrap mechs.
  * . mac_mechs_tab[] for MAC mechs.
  * . sign_mechs_tab[] for sign & verify mechs.
@@ -75,13 +74,11 @@
 
 /* RFE 4687834 Will deal with the extensibility of these tables later */
 
-static kcf_mech_entry_t kcf_digest_mechs_tab[KCF_MAXDIGEST];
 static kcf_mech_entry_t kcf_cipher_mechs_tab[KCF_MAXCIPHER];
 static kcf_mech_entry_t kcf_mac_mechs_tab[KCF_MAXMAC];
 
 const kcf_mech_entry_tab_t kcf_mech_tabs_tab[KCF_LAST_OPSCLASS + 1] = {
 	{0, NULL},				/* No class zero */
-	{KCF_MAXDIGEST, kcf_digest_mechs_tab},
 	{KCF_MAXCIPHER, kcf_cipher_mechs_tab},
 	{KCF_MAXMAC, kcf_mac_mechs_tab},
 };
@@ -220,9 +217,7 @@ kcf_add_mech_provider(short mech_indx,
 		crypto_func_group_t fg = mech_info->cm_func_group_mask;
 		kcf_ops_class_t class;
 
-		if (fg & CRYPTO_FG_DIGEST || fg & CRYPTO_FG_DIGEST_ATOMIC)
-			class = KCF_DIGEST_CLASS;
-		else if (fg & CRYPTO_FG_ENCRYPT_ATOMIC ||
+		if (fg & CRYPTO_FG_ENCRYPT_ATOMIC ||
 		    fg & CRYPTO_FG_DECRYPT_ATOMIC)
 			class = KCF_CIPHER_CLASS;
 		else if (fg & CRYPTO_FG_MAC || fg & CRYPTO_FG_MAC_ATOMIC)

diff --git a/module/icp/include/sys/crypto/impl.h b/module/icp/include/sys/crypto/impl.h
@@ -55,7 +55,7 @@ extern "C" {
  * When impl.h is broken up (bug# 4703218), this will be done. For now,
  * we hardcode these values.
  */
-#define	KCF_OPS_CLASSSIZE	4
+#define	KCF_OPS_CLASSSIZE	3
 #define	KCF_MAXMECHTAB		32
 
 /*
@@ -200,12 +200,11 @@ _Static_assert(KCF_MAXCIPHER == KCF_MAXMECHTAB,
 	"KCF_MAXCIPHER != KCF_MAXMECHTAB");	/* See KCF_MAXMECHTAB comment */
 
 typedef	enum {
-	KCF_DIGEST_CLASS = 1,
-	KCF_CIPHER_CLASS,
+	KCF_CIPHER_CLASS = 1,
 	KCF_MAC_CLASS,
 } kcf_ops_class_t;
 
-#define	KCF_FIRST_OPSCLASS	KCF_DIGEST_CLASS
+#define	KCF_FIRST_OPSCLASS	KCF_CIPHER_CLASS
 #define	KCF_LAST_OPSCLASS	KCF_MAC_CLASS
 _Static_assert(
     KCF_OPS_CLASSSIZE == (KCF_LAST_OPSCLASS - KCF_FIRST_OPSCLASS + 2),

diff --git a/module/icp/include/sys/crypto/spi.h b/module/icp/include/sys/crypto/spi.h
@@ -66,22 +66,6 @@ typedef struct crypto_ctx {
 	void			*cc_framework_private;	/* owned by framework */
 } crypto_ctx_t;
 
-/*
- * The crypto_digest_ops structure contains pointers to digest
- * operations for cryptographic providers.  It is passed through
- * the crypto_ops(9S) structure when providers register with the
- * kernel using crypto_register_provider(9F).
- */
-typedef struct crypto_digest_ops {
-	int (*digest_init)(crypto_ctx_t *, crypto_mechanism_t *);
-	int (*digest)(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
-	int (*digest_update)(crypto_ctx_t *, crypto_data_t *);
-	int (*digest_key)(crypto_ctx_t *, crypto_key_t *);
-	int (*digest_final)(crypto_ctx_t *, crypto_data_t *);
-	int (*digest_atomic)(crypto_mechanism_t *, crypto_data_t *,
-	    crypto_data_t *);
-} __no_const crypto_digest_ops_t;
-
 /*
  * The crypto_cipher_ops structure contains pointers to encryption
  * and decryption operations for cryptographic providers.  It is
@@ -137,7 +121,6 @@ typedef struct crypto_ctx_ops {
  * by calling crypto_register_provider(9F).
  */
 typedef struct crypto_ops {
-	const crypto_digest_ops_t			*co_digest_ops;
 	const crypto_cipher_ops_t			*co_cipher_ops;
 	const crypto_mac_ops_t			*co_mac_ops;
 	const crypto_ctx_ops_t			*co_ctx_ops;
@@ -153,12 +136,10 @@ typedef struct crypto_ops {
 typedef uint32_t crypto_func_group_t;
 
 
-#define	CRYPTO_FG_DIGEST		0x00000004 /* digest_init() */
 #define	CRYPTO_FG_MAC			0x00001000 /* mac_init() */
 #define	CRYPTO_FG_ENCRYPT_ATOMIC	0x00008000 /* encrypt_atomic() */
 #define	CRYPTO_FG_DECRYPT_ATOMIC	0x00010000 /* decrypt_atomic() */
 #define	CRYPTO_FG_MAC_ATOMIC		0x00020000 /* mac_atomic() */
-#define	CRYPTO_FG_DIGEST_ATOMIC		0x00040000 /* digest_atomic() */
 
 /*
  * Maximum length of the pi_provider_description field of the

diff --git a/module/icp/io/aes.c b/module/icp/io/aes.c
@@ -72,7 +72,6 @@ static const crypto_ctx_ops_t aes_ctx_ops = {
 };
 
 static const crypto_ops_t aes_crypto_ops = {
-	NULL,
 	&aes_cipher_ops,
 	NULL,
 	&aes_ctx_ops,