icp: reorganise SHA2 digest mechanisms

sha2_mech_type_t serves double-duty, as the list of MAC providers and also the algo type for direct callers to SHA2Init. Until we disentangle that, reorganise it to make the separation more clear. While we're there, remove the digest mechs we don't use. Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Rob Norris <rob.norris@klarasystems.com> Closes #16209
2024-05-19 13:18:42 +10:00 · 2024-05-19 13:18:42 +10:00 · 10de12e9ed
parent 1291c46ea4
commit 10de12e9ed
5 changed files with 26 additions and 121 deletions
--- a/include/sys/crypto/common.h
+++ b/include/sys/crypto/common.h
@ -79,17 +79,12 @@ typedef uint32_t crypto_keysize_unit_t;


 /* Mechanisms supported out-of-the-box */
-#define	SUN_CKM_SHA256			"CKM_SHA256"
 #define	SUN_CKM_SHA256_HMAC		"CKM_SHA256_HMAC"
 #define	SUN_CKM_SHA256_HMAC_GENERAL	"CKM_SHA256_HMAC_GENERAL"
-#define	SUN_CKM_SHA384			"CKM_SHA384"
 #define	SUN_CKM_SHA384_HMAC		"CKM_SHA384_HMAC"
 #define	SUN_CKM_SHA384_HMAC_GENERAL	"CKM_SHA384_HMAC_GENERAL"
-#define	SUN_CKM_SHA512			"CKM_SHA512"
 #define	SUN_CKM_SHA512_HMAC		"CKM_SHA512_HMAC"
 #define	SUN_CKM_SHA512_HMAC_GENERAL	"CKM_SHA512_HMAC_GENERAL"
-#define	SUN_CKM_SHA512_224		"CKM_SHA512_224"
-#define	SUN_CKM_SHA512_256		"CKM_SHA512_256"
 #define	SUN_CKM_AES_CCM			"CKM_AES_CCM"
 #define	SUN_CKM_AES_GCM			"CKM_AES_GCM"

--- a/include/sys/sha2.h
+++ b/include/sys/sha2.h
@ -86,30 +86,18 @@ typedef struct {

 /* SHA2 algorithm types */
 typedef enum sha2_mech_type {
-	SHA256_MECH_INFO_TYPE,		/* SUN_CKM_SHA256 */
 	SHA256_HMAC_MECH_INFO_TYPE,	/* SUN_CKM_SHA256_HMAC */
 	SHA256_HMAC_GEN_MECH_INFO_TYPE,	/* SUN_CKM_SHA256_HMAC_GENERAL */
-	SHA384_MECH_INFO_TYPE,		/* SUN_CKM_SHA384 */
 	SHA384_HMAC_MECH_INFO_TYPE,	/* SUN_CKM_SHA384_HMAC */
 	SHA384_HMAC_GEN_MECH_INFO_TYPE,	/* SUN_CKM_SHA384_HMAC_GENERAL */
-	SHA512_MECH_INFO_TYPE,		/* SUN_CKM_SHA512 */
 	SHA512_HMAC_MECH_INFO_TYPE,	/* SUN_CKM_SHA512_HMAC */
 	SHA512_HMAC_GEN_MECH_INFO_TYPE,	/* SUN_CKM_SHA512_HMAC_GENERAL */
-	SHA512_224_MECH_INFO_TYPE,	/* SUN_CKM_SHA512_224 */
-	SHA512_256_MECH_INFO_TYPE	/* SUN_CKM_SHA512_256 */
-} sha2_mech_type_t;

-#define	SHA256			0
-#define	SHA256_HMAC		1
-#define	SHA256_HMAC_GEN		2
-#define	SHA384			3
-#define	SHA384_HMAC		4
-#define	SHA384_HMAC_GEN		5
-#define	SHA512			6
-#define	SHA512_HMAC		7
-#define	SHA512_HMAC_GEN		8
-#define	SHA512_224		9
-#define	SHA512_256		10
+	/* Not true KCF mech types; used by direct callers to SHA2Init */
+	SHA256,
+	SHA512,
+	SHA512_256,
+} sha2_mech_type_t;

 /* SHA2 Init function */
 extern void SHA2Init(int algotype, SHA2_CTX *ctx);
--- a/module/icp/algs/sha2/sha2_generic.c
+++ b/module/icp/algs/sha2/sha2_generic.c
@ -400,13 +400,13 @@ SHA2Init(int algotype, SHA2_CTX *ctx)
 	sha256_ctx *ctx256 = &ctx->sha256;
 	sha512_ctx *ctx512 = &ctx->sha512;

-	ASSERT3S(algotype, >=, SHA256_MECH_INFO_TYPE);
-	ASSERT3S(algotype, <=, SHA512_256_MECH_INFO_TYPE);
+	ASSERT3S(algotype, >=, SHA256_HMAC_MECH_INFO_TYPE);
+	ASSERT3S(algotype, <=, SHA512_256);

 	memset(ctx, 0, sizeof (*ctx));
 	ctx->algotype = algotype;
 	switch (ctx->algotype) {
-		case SHA256_MECH_INFO_TYPE:
+		case SHA256:
 		case SHA256_HMAC_MECH_INFO_TYPE:
 		case SHA256_HMAC_GEN_MECH_INFO_TYPE:
 			ctx256->state[0] = 0x6a09e667;
@ -420,7 +420,6 @@ SHA2Init(int algotype, SHA2_CTX *ctx)
 			ctx256->count[0] = 0;
 			ctx256->ops = sha256_get_ops();
 			break;
-		case SHA384_MECH_INFO_TYPE:
 		case SHA384_HMAC_MECH_INFO_TYPE:
 		case SHA384_HMAC_GEN_MECH_INFO_TYPE:
 			ctx512->state[0] = 0xcbbb9d5dc1059ed8ULL;
@ -435,7 +434,7 @@ SHA2Init(int algotype, SHA2_CTX *ctx)
 			ctx512->count[1] = 0;
 			ctx512->ops = sha512_get_ops();
 			break;
-		case SHA512_MECH_INFO_TYPE:
+		case SHA512:
 		case SHA512_HMAC_MECH_INFO_TYPE:
 		case SHA512_HMAC_GEN_MECH_INFO_TYPE:
 			ctx512->state[0] = 0x6a09e667f3bcc908ULL;
@ -450,20 +449,7 @@ SHA2Init(int algotype, SHA2_CTX *ctx)
 			ctx512->count[1] = 0;
 			ctx512->ops = sha512_get_ops();
 			break;
-		case SHA512_224_MECH_INFO_TYPE:
-			ctx512->state[0] = 0x8c3d37c819544da2ULL;
-			ctx512->state[1] = 0x73e1996689dcd4d6ULL;
-			ctx512->state[2] = 0x1dfab7ae32ff9c82ULL;
-			ctx512->state[3] = 0x679dd514582f9fcfULL;
-			ctx512->state[4] = 0x0f6d2b697bd44da8ULL;
-			ctx512->state[5] = 0x77e36f7304c48942ULL;
-			ctx512->state[6] = 0x3f9d85a86a1d36c8ULL;
-			ctx512->state[7] = 0x1112e6ad91d692a1ULL;
-			ctx512->count[0] = 0;
-			ctx512->count[1] = 0;
-			ctx512->ops = sha512_get_ops();
-			break;
-		case SHA512_256_MECH_INFO_TYPE:
+		case SHA512_256:
 			ctx512->state[0] = 0x22312194fc2bf72cULL;
 			ctx512->state[1] = 0x9f555fa3c84c64c2ULL;
 			ctx512->state[2] = 0x2393b86b6f53b151ULL;
@ -490,25 +476,21 @@ SHA2Update(SHA2_CTX *ctx, const void *data, size_t len)
 	ASSERT3P(data, !=, NULL);

 	switch (ctx->algotype) {
-		case SHA256_MECH_INFO_TYPE:
+		case SHA256:
 		case SHA256_HMAC_MECH_INFO_TYPE:
 		case SHA256_HMAC_GEN_MECH_INFO_TYPE:
 			sha256_update(&ctx->sha256, data, len);
 			break;
-		case SHA384_MECH_INFO_TYPE:
 		case SHA384_HMAC_MECH_INFO_TYPE:
 		case SHA384_HMAC_GEN_MECH_INFO_TYPE:
 			sha512_update(&ctx->sha512, data, len);
 			break;
-		case SHA512_MECH_INFO_TYPE:
+		case SHA512:
 		case SHA512_HMAC_MECH_INFO_TYPE:
 		case SHA512_HMAC_GEN_MECH_INFO_TYPE:
 			sha512_update(&ctx->sha512, data, len);
 			break;
-		case SHA512_224_MECH_INFO_TYPE:
-			sha512_update(&ctx->sha512, data, len);
-			break;
-		case SHA512_256_MECH_INFO_TYPE:
+		case SHA512_256:
 			sha512_update(&ctx->sha512, data, len);
 			break;
 	}
@ -519,25 +501,21 @@ void
 SHA2Final(void *digest, SHA2_CTX *ctx)
 {
 	switch (ctx->algotype) {
-		case SHA256_MECH_INFO_TYPE:
+		case SHA256:
 		case SHA256_HMAC_MECH_INFO_TYPE:
 		case SHA256_HMAC_GEN_MECH_INFO_TYPE:
 			sha256_final(&ctx->sha256, digest, 256);
 			break;
-		case SHA384_MECH_INFO_TYPE:
 		case SHA384_HMAC_MECH_INFO_TYPE:
 		case SHA384_HMAC_GEN_MECH_INFO_TYPE:
 			sha512_final(&ctx->sha512, digest, 384);
 			break;
-		case SHA512_MECH_INFO_TYPE:
+		case SHA512:
 		case SHA512_HMAC_MECH_INFO_TYPE:
 		case SHA512_HMAC_GEN_MECH_INFO_TYPE:
 			sha512_final(&ctx->sha512, digest, 512);
 			break;
-		case SHA512_224_MECH_INFO_TYPE:
-			sha512_final(&ctx->sha512, digest, 224);
-			break;
-		case SHA512_256_MECH_INFO_TYPE:
+		case SHA512_256:
 			sha512_final(&ctx->sha512, digest, 256);
 			break;
 	}
--- a/module/icp/io/sha2_mod.c
+++ b/module/icp/io/sha2_mod.c
@ -60,24 +60,18 @@
 * Mechanism info structure passed to KCF during registration.
 */
 static const crypto_mech_info_t sha2_mech_info_tab[] = {
-	/* SHA256 */
-	{SUN_CKM_SHA256, SHA256_MECH_INFO_TYPE, 0},
 	/* SHA256-HMAC */
 	{SUN_CKM_SHA256_HMAC, SHA256_HMAC_MECH_INFO_TYPE,
 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
 	/* SHA256-HMAC GENERAL */
 	{SUN_CKM_SHA256_HMAC_GENERAL, SHA256_HMAC_GEN_MECH_INFO_TYPE,
 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
-	/* SHA384 */
-	{SUN_CKM_SHA384, SHA384_MECH_INFO_TYPE, 0},
 	/* SHA384-HMAC */
 	{SUN_CKM_SHA384_HMAC, SHA384_HMAC_MECH_INFO_TYPE,
 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
 	/* SHA384-HMAC GENERAL */
 	{SUN_CKM_SHA384_HMAC_GENERAL, SHA384_HMAC_GEN_MECH_INFO_TYPE,
 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
-	/* SHA512 */
-	{SUN_CKM_SHA512, SHA512_MECH_INFO_TYPE, 0},
 	/* SHA512-HMAC */
 	{SUN_CKM_SHA512_HMAC, SHA512_HMAC_MECH_INFO_TYPE,
 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
--- a/tests/zfs-tests/cmd/checksum/sha2_test.c
+++ b/tests/zfs-tests/cmd/checksum/sha2_test.c
@ -72,31 +72,6 @@ static const uint8_t	sha256_test_digests[][32] = {
 	/* no test vector for test_msg2 */
 };

-static const uint8_t	sha384_test_digests[][48] = {
-	{
-		/* for test_msg0 */
-		0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
-		0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
-		0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
-		0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
-		0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
-		0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7
-	},
-	{
-		/* no test vector for test_msg1 */
-		0
-	},
-	{
-		/* for test_msg2 */
-		0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8,
-		0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47,
-		0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2,
-		0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12,
-		0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9,
-		0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39
-	}
-};
-
 static const uint8_t	sha512_test_digests[][64] = {
 	{
 		/* for test_msg0 */
@ -126,27 +101,6 @@ static const uint8_t	sha512_test_digests[][64] = {
 	}
 };

-static const uint8_t	sha512_224_test_digests[][28] = {
-	{
-		/* for test_msg0 */
-		0x46, 0x34, 0x27, 0x0F, 0x70, 0x7B, 0x6A, 0x54,
-		0xDA, 0xAE, 0x75, 0x30, 0x46, 0x08, 0x42, 0xE2,
-		0x0E, 0x37, 0xED, 0x26, 0x5C, 0xEE, 0xE9, 0xA4,
-		0x3E, 0x89, 0x24, 0xAA
-	},
-	{
-		/* no test vector for test_msg1 */
-		0
-	},
-	{
-		/* for test_msg2 */
-		0x23, 0xFE, 0xC5, 0xBB, 0x94, 0xD6, 0x0B, 0x23,
-		0x30, 0x81, 0x92, 0x64, 0x0B, 0x0C, 0x45, 0x33,
-		0x35, 0xD6, 0x64, 0x73, 0x4F, 0xE4, 0x0E, 0x72,
-		0x68, 0x67, 0x4A, 0xF9
-	}
-};
-
 static const uint8_t	sha512_256_test_digests[][32] = {
 	{
 		/* for test_msg0 */
@ -191,7 +145,7 @@ main(int argc, char *argv[])
 	do {								\
 		SHA2_CTX		ctx;				\
 		uint8_t			digest[diglen / 8];		\
-		SHA2Init(SHA ## mode ## _MECH_INFO_TYPE, &ctx);		\
+		SHA2Init(mode, &ctx);					\
 		SHA2Update(&ctx, _m, strlen(_m));			\
 		SHA2Final(digest, &ctx);				\
 		(void) printf("SHA%-9sMessage: " #_m			\
@ -215,7 +169,7 @@ main(int argc, char *argv[])
 		struct timeval	start, end;				\
 		memset(block, 0, sizeof (block));			\
 		(void) gettimeofday(&start, NULL);			\
-		SHA2Init(SHA ## mode ## _MECH_INFO_TYPE, &ctx);		\
+		SHA2Init(mode, &ctx);					\
 		for (i = 0; i < 8192; i++)				\
 			SHA2Update(&ctx, block, sizeof (block));	\
 		SHA2Final(digest, &ctx);				\
@ -231,16 +185,12 @@ main(int argc, char *argv[])
 	} while (0)

 	(void) printf("Running algorithm correctness tests:\n");
-	SHA2_ALGO_TEST(test_msg0, 256, 256, sha256_test_digests[0]);
-	SHA2_ALGO_TEST(test_msg1, 256, 256, sha256_test_digests[1]);
-	SHA2_ALGO_TEST(test_msg0, 384, 384, sha384_test_digests[0]);
-	SHA2_ALGO_TEST(test_msg2, 384, 384, sha384_test_digests[2]);
-	SHA2_ALGO_TEST(test_msg0, 512, 512, sha512_test_digests[0]);
-	SHA2_ALGO_TEST(test_msg2, 512, 512, sha512_test_digests[2]);
-	SHA2_ALGO_TEST(test_msg0, 512_224, 224, sha512_224_test_digests[0]);
-	SHA2_ALGO_TEST(test_msg2, 512_224, 224, sha512_224_test_digests[2]);
-	SHA2_ALGO_TEST(test_msg0, 512_256, 256, sha512_256_test_digests[0]);
-	SHA2_ALGO_TEST(test_msg2, 512_256, 256, sha512_256_test_digests[2]);
+	SHA2_ALGO_TEST(test_msg0, SHA256, 256, sha256_test_digests[0]);
+	SHA2_ALGO_TEST(test_msg1, SHA256, 256, sha256_test_digests[1]);
+	SHA2_ALGO_TEST(test_msg0, SHA512, 512, sha512_test_digests[0]);
+	SHA2_ALGO_TEST(test_msg2, SHA512, 512, sha512_test_digests[2]);
+	SHA2_ALGO_TEST(test_msg0, SHA512_256, 256, sha512_256_test_digests[0]);
+	SHA2_ALGO_TEST(test_msg2, SHA512_256, 256, sha512_256_test_digests[2]);

 	if (failed)
 		return (1);
@ -251,13 +201,13 @@ main(int argc, char *argv[])
 	for (id = 0; id < sha256->getcnt(); id++) {
 		sha256->setid(id);
 		const char *name = sha256->getname();
-		SHA2_PERF_TEST(256, 256, name);
+		SHA2_PERF_TEST(SHA256, 256, name);
 	}

 	for (id = 0; id < sha512->getcnt(); id++) {
 		sha512->setid(id);
 		const char *name = sha512->getname();
-		SHA2_PERF_TEST(512, 512, name);
+		SHA2_PERF_TEST(SHA512, 512, name);
 	}

 	return (0);